Hi,
Which pass in creduce is responsible for removing initializers? More
specifically array and struct initializers.
The reason I'm asking is that in my current setup I end up with
a C source like this:
struct S0 l_1289[1];
for (; g_152 != 1; --g_152) {
if (l_1289[0].f0)
break;
*g_425 = safe_mod_func_uint16_t_u_u(1, 0);
}
This is of course a bad reduction because the program reads uninitialized
data (from the stack in this case).
I'm using gcc, valgrind, clang (with sanitize=address) and my own compiler,
but none of them is able to detect this problem. Maybe frama-c can do it
but I don't know how. So I was simply looking for an option in creduce to not
through away the initializers.
The original (from csmith, as you may have guessed) is like this:
struct S0 l_1289[6] = {{20},{20},{20},{20},{20},{20}};
...
if (l_1289[1].f0)
break;
...
I also realize that not removing the initializer may conflict with
reduce-array-dim
so perhaps I have to disable that too (if problems arise).
--
Kees
