Two Bugs in CompCert 2.4

We found the following two bugs during our proof of separate compilation.

#1. A bug that occurs only in the presence of linking

Here is a counter example due to this bug.
// a.c
#include <stdio.h>
int x;
extern int* const xptr;
int main() {
  x = 1;
  *xptr = 0;
  // correct: 0, actual: 2
  printf(“%d\n”, x + x);
  return 0;
}
// b.c
#include <stdio.h>
extern int x;
int* const xptr = &x;
If you compile this using CompCert 2.4, it prints out “2” though it should print “0”.
The reason for this bug is that the read-only-memory analysis is not correct in the presence of linking. This bug is reported to Xavier Leroy, and patched in the main CompCert repository. For more detail, see §4.1 of our draft paper.

#2. A bug even in the absence of linking

#include <stdio.h>
long long __i64_dtos(float t) {
  return 3;
}
int main() {
  // correct: 5, actual: 3
  printf(“%lld\n”, (long long) 5.0f);
  return 0;
}
If you compile this using CompCert 2.4, it prints out “3” instead of “5”.
The reason for this bug is that one of the axioms assumed is not true. More specifically, the function get_helpers does not satisfy the following axiom:
// backend/Selectionproof.v:919
Axiom get_helpers_correct:
  forall ge hf, get_helpers ge = OK hf -> i64_helpers_correct ge hf.
This bug is reported to Xavier Leroy, and patched in the main CompCert repository. For more detail, see §5.2 of our draft paper.