“sub-expression cannot be evaluated” message when masking pointer representations

TrustInSoft / tis-interpreter

An interpreter for finding subtle bugs in programs written in standard C

565 stars 28 forks source link

“sub-expression cannot be evaluated” message when masking pointer representations #128

Open albertnetymk opened 7 years ago

albertnetymk commented 7 years ago

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
int main()
{
  void *p = malloc(1);
  // void *p = NULL;
  uintptr_t p_i = (uintptr_t) p;
  (void) (p_i & 1ULL);
  return 0;
}

Using NULL as shown in the comment works fine, but using malloc is not. Not sure why; error message is:

The following sub-expression cannot be evaluated:
                 (unsigned long long)p_i & 1ULL

pascal-cuoq commented 7 years ago

See the discussion here (end of Step 3 with solution at the beginning of Step 4). Summary: you can get past this hurdle using option -address-alignment 4. This option is currently too rough to be properly documented, for instance the C standard guarantees that the result of malloc is as well-aligned as any type, and for the implementation-defined parameters used by tis-interpreter, this means that no extra user indication should be necessary. Sorry.

albertnetymk commented 7 years ago

Since I am using tis on 64 bit machine, using -address-alignment 8 does fix the problem. However, it still complains the same problem, if I use (void) (p_i & 8ULL);.

pascal-cuoq commented 7 years ago

Of course it does. The option -address-alignment 8 tells the interpreter to assume that p_i is a multiple of 8, which provides no useful information about the result of p_i & 8ULL.

albertnetymk commented 7 years ago

OK, I see. So, currently, tis can't handle arbitrary masking?