search

TrustInSoft / tis-interpreter

An interpreter for finding subtle bugs in programs written in standard C
565 stars 28 forks source link

false warning of "sub-expression cannot be evaluated" #133

Open zhendongsu opened 7 years ago

zhendongsu commented 7 years ago 
$ tis-interpreter.sh test1.c
[value] Analyzing a complete application starting at main
[value] Computing initial state
[value] Initial state computed
test1.c:5:[value] warning: The following sub-expression cannot be evaluated:
                 a

                 All sub-expressions with their values:

                 Stopping
                 stack: main
[value] user error: Degeneration occurred:
                    results are not correct for lines of code that can be reached from the degeneration point.
$ 
$ tis-interpreter.sh test2.c
[value] Analyzing a complete application starting at main
[value] Computing initial state
[value] Initial state computed
[value] done for function main
$ 
$ cat test1.c
static volatile int a;

int main ()
{
  return a && 1; 
}
$ 
$ cat test2.c
static volatile int a;

int main ()
{
  return a;
}
$
pascal-cuoq commented 7 years ago

Neither example should be considered as a bug:

If you are using volatile only as a way to trigger compiler bugs and not to indicate extra inputs to the program, please use --cc -Dvolatile= in order to make tis-interpreter ignore it:

$ tis-interpreter.sh --cc -Dvolatile= test1.c
[value] Analyzing a complete application starting at main
[value] Computing initial state
[value] Initial state computed
[value] done for function main
zhendongsu commented 7 years ago

Thank you for the explanation, Pascal. I'll turn on --cc -Dvolatile=.

regehr commented 7 years ago

Defining away volatile is what I usually do when using tis-interpreter to detect UB.