Closed Novak756 closed 5 months ago
Thanks for the report. We will have a closer look at this within the next days. The division by zero might be a problem. The settings that we use at the SV-COMP are optimized for programs that do not have undefined behavior.
Also note that the program does include some undefined behaviour (e.g. possible division by zero)
The problem seems to be indeed the division by zero. I manually added a check that are variables occuring as divisor in your program are non-zero. Then your program should be still incorrect (Automizer finds an error using the bitvector translation) and we say unknown due to overapproximation using the integer translation (which is fine).
While we have implemented some approximation for bitwise operations in the integer translation, if you have a program that mainly consists of bitwise operations, you should consider the bitvector translation first (that is always precise).
but I would expect the Bitvector and Default config to treat it the same way.
This is not the case. We rely the semantics for division of SMT-LIB. In the theory of bitvectors division by zero yields the bitvector [1...1]
, while in the theory of integers division by zero can yield any integer.
Ok, thank you very much for the quick response and clarification!
Basic Info
Description
Given the following program
running
./Ultimate -tc ./config/AutomizerReach.xml -s ./config/svcomp-Reach-64bit-Automizer_Default.epf -i bug.c
returns TRUE. The expected result would be FALSE, which is also what the Bitvector config (svcomp-Reach-64bit-Automizer_Bitvector.epf
) yields. The same bug is present in GemCutter, while Kojak and Taipan yield unknown.Also note that the program does include some undefined behaviour (e.g. possible division by zero), but I would expect the Bitvector and Default config to treat it the same way.