Next: Add some constant, Previous: Copy a list (2), Up: Changing data
| C code | Spl encoding
|
|---|---|
#include "intlist.h"
/* acyclic(x) and l[x]==_l and data(x) and
* acyclic(y) and l[y]+1<=_l and data(y) and
* disjoint(x,y) */
void listCopy(intlist x, intlist y) {
intlist xi = x;
intlist yi = y;
while (xi != NULL /* error */) {
yi->data = xi->data;
xi = xi->next;
yi = yi->next;
}
}
|
var _data:real, _free:real, _len:real,
_new:real, _next:real, _null:real,
x:real, xi:real, y:real, yi:real, z:real,
_l:int, _k:int, S: int;
begin
assume (x == 3);
xi = _null; yi = _null; z = _null;
xi = x; yi = y;
while xi != _null do
yi = (xi* _data) / _data;
z = xi*_next;
xi = _null;
xi = z;
z = _null;
z = yi*_next;
yi = _null;
yi = z;
z = _null;
done;
end
|
At the execution of CINV a dereference of a NULL pointer is reported. The invariant generated at the end of the loop is bottom.
| Domain | Param. | Log file | Interesting constraint
|
|---|---|---|---|
| LSUM-PRD | Anon=(0,1) | log/intlist-copy-neq-err-lsum-prd-01 | null pointer dereference at line z = yi*_next
|
| LSUM-REL | Anon=(0,1) | log/intlist-copy-neq-err-lsum-rel-01 | null pointer dereference at line z = yi*_next
|