| Summary: | Engine crash because of missing range check | ||
|---|---|---|---|
| Product: | UPPAAL | Reporter: | Ulrik Nyman <ulrik> |
| Component: | Engine | Assignee: | Gerd Behrmann <behrmann> |
| Status: | CLOSED FIXED | ||
| Severity: | major | ||
| Priority: | P1 | ||
| Version: | 3.4.2 | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://www.cs.auc.dk/~ulrikl/uppaal/invalidchanrange.xml | ||
| Architecture: | |||
|
Description
Ulrik Nyman
2003-12-04 09:16:18 CET
Problem confirmed. I could not reproduce the crash on Linux, but the parser should create an error message in this case (which it doesn't at the moment). Turns out that the problem is not caused by the use of the array arguments on template channel parameters. The problem is that Transition::getSync() is used without catching the CannotEvaluateExpression exception which might be thrown as a consequence of evaluating the synchronisation expression. This will happen in the situation described in the bug report, but can be trigered in a number of different ways (e.g. doing something like c[i >> j] for j==-1 directly on the edge would also crash the engine). I will work on a fix for this problem. Unfortunately, we cannot give an error message in the editor for this problem. This requires static range checking in the parser, which we cannot do at the moment. The command line tool will print warnings for these problems during verification. A fix has been checked into CVS. As mentioned above, we cannot at the moment produce a range check error during syntax checking. For the example linked to in the URL field, the 'failing' edge (the one which causes the out-of-bounds error) is simply disabled. This is consistent with how similar problems with guards and assignments are handled. The command line tools will issue a warning. |