Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bit-field initialization via interpreter still has problems #499

Open
Geoffrey1014 opened this issue Jul 25, 2023 · 1 comment
Open

Bit-field initialization via interpreter still has problems #499

Geoffrey1014 opened this issue Jul 25, 2023 · 1 comment

Comments

@Geoffrey1014
Copy link

When I use ccomp -interp , i encounter a UB problem about bitfield. I also notice #22, it should be fixed, but not.

// test.c
typedef struct S1 {
    signed f0:32;
} t;

t g_1 = {0};
int main(){
    g_1.f0 = 1;

    t l_1 = {0};
    l_1.f0 = 1;
    int a = 2;
    return 1;
}
$ccomp --version
The CompCert C verified compiler, version 3.11
$ccomp  -interp -fall -trace test.c
Time 0: calling main()
--[step_internal_function]-->
Time 1: in function main, statement
  g_1.f0 = 1; l_1.f0 = 0; l_1.f0 = 1; a = 2; return 1; return 0;
--[step_seq]-->
Time 2: in function main, statement
  g_1.f0 = 1; l_1.f0 = 0; l_1.f0 = 1; a = 2; return 1;
--[step_seq]-->
Time 3: in function main, statement g_1.f0 = 1;
--[step_do_1]-->
Time 4: in function main, expression g_1.f0 = 1
--[red_var_global]-->
Time 5: in function main, expression <loc g_1>.f0 = 1
--[red_rvalof]-->
Time 6: in function main, expression <ptr g_1>.f0 = 1
--[red_field_struct]-->
Time 7: in function main, expression <loc g_1> = 1
--[red_assign]-->
Time 8: in function main, expression 1
--[step_do_2]-->
Time 9: in function main, statement /*skip*/;
--[step_skip_seq]-->
Time 10: in function main, statement l_1.f0 = 0; l_1.f0 = 1; a = 2; return 1;
--[step_seq]-->
Time 11: in function main, statement l_1.f0 = 0;
--[step_do_1]-->
Time 12: in function main, expression l_1.f0 = 0
--[red_var_local]-->
Time 13: in function main, expression <loc l_1>.f0 = 0
--[red_rvalof]-->
Time 14: in function main, expression <ptr l_1>.f0 = 0
--[red_field_struct]-->
Time 15: in function main, expression <loc l_1> = 0
Stuck state: in function main, expression <loc l_1> = 0
Stuck subexpression: <loc l_1> = 0
ERROR: Undefined behavior
@xavierleroy
Copy link
Contributor

You're right, there has been a regression since #22.

Recently, a formal semantics was added for bit fields, and most of the compilation of bit field accesses was moved from the unverified part of CompCert (written in OCaml) to the formally-verified part (written and proved in Coq). That's a good thing, as it improves confidence in the compilation of bit fields, and also enables full conformance with the bit field layout specified in the ELF ABIs.

However, in the formally-verified part of CompCert, there are no initializers like t l_1 = {0};, just declarations followed by assignments. So we're back to the problem described in #22 of assigning to a bit field inside a freshly-allocated struct containing "undef" values. I don't have a solution to offer right now, but I keep this issue in mind.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xavierleroy @Geoffrey1014