frama-c

问题 I am a newbie user of Frama-C and have a few questions regarding assertions over pointers. Consider the C fragment below involving: two related data structures Data and Handle, s.t. Handle has a pointer to Data; a 'state' field in Data indicating whether some hypothetical operation has completed three functions: init(), start_operation() and wait(); a main() function using the above, and containing 6 assertions (A1-A6) Now, why is it that A5 and A6 cannot be asserted with the WP verifier (

问题 I am working on writing a Frama-C plug-in and I would like to know if it is possible to get the weakest precondition of something using WP from within my plug-in, and if so, how exactly? In the past I've used Db.Value, for example, to use the results of the EVA plug-in in my own plug-in. Is there something similar to Db.Value for WP? 回答1: The WP plugin exposes its API in the WP.mli file, that is generated by collecting the interfaces of the higher-level modules composing Wp . you can find it

问题 I'm looking for WP options/model that could allow me to prove basic C memory manipulations like : memcpy : I've tried to prove this simple code : struct header_src{ char t1; char t2; char t3; char t4; }; struct header_dest{ short t1; short t2; }; /*@ requires 0<=n<=UINT_MAX; @ requires \valid(dest); @ requires \valid_read(src); @ assigns (dest)[0..n-1] \from (src)[0..n-1]; @ assigns \result \from dest; @ ensures dest[0..n] == src[0..n]; @ ensures \result == dest; */ void* Frama_C_memcpy(char

问题 I am trying to create a frama-c plugin. This plugin depends upon Frama-c Value plugin. I want to obtain and print value set of all the lvalue(s) in a C source code. In order to do that I want to use functions available in Value.Eval_exprs, Value.Eval_op etc. like Eval_exprs.lval_to_precise_loc . Unfortunately I am unable to figure out a way to use these function in my plugin. I tried to follow steps mentioned in section 4.10.1 (Registration through a .mli file) of Frama-c Plugin Development

问题 I use frama-c tool to analyse the code below. int main (int argc, char *argv[]) { int i,a; for (i = 0; i < 100; i += 1) { a=0; if (a==0) { continue; } else { break; } } return 0; } the cmd is frama-c -pdg -dot-pdg graph main.c My question is about the control dependence. what's the circle node means? I try to explain the "while" node, maybe it stand for one time loop , because a loop start from "i<100",so there a control dependence ("i<100" ------o "while" ). Is what I guess right ? but what

问题 Good day, auto deduction and verification hackers! In order to gain a deeper understanding of how exactly WhyML provides proofs for ACSL-annotated C programs I am trying to manually "reproduce" the job Why3 does with WhyML program while translating it into SMT logic and feeding it into Z3 prover. Lets say we have the following C fragment: const int L = 3; int a[L] = {0}; int i = 0; while (i < L) { a[i] = i; i++; } assert (a[1] == 1); I am trying to encode it into SMT logic like this: (set

问题 I am new to Frama-C. I would like to run it under Windows enviroments. My compiler is gcc,mingw. I have tryied to run same examples from Value Analysis tutorial by I have a problem with library header files. I've found that it's not possible to run frama-c because restrict keyword. It shows error in string.h file void * __cdecl memcpy(void * __restrict__ _Dst,const void * __restrict__ _Src,size_t _Size) __MINGW_ATTRIB_DEPRECATED_SEC_WARN; When I manually add #define restrict to all *.c files

问题 I want to develop a Frama-C-Plugin, where I get the values of the current statement. With the help of this post Frama-C Plugin development: Getting result of value-analysis I was able to print the values of the statements, but Pointers were not shown the way I need it. With the help of the comments, I was able to print the whole state (not only the variables of the statement). Can I combine these two: Get the variables of the statement, but also with pointers dereferenced (the value)? For

问题 Is it possible to detect memory leaks or double free with Frama-c? I have tried to test that example But #include <string.h> #include <stdlib.h> #define FRAMA_C_MALLOC_STACK #include "/usr/share/frama-c/libc/fc_runtime.c" int main() { int *x = malloc(sizeof(int)); free(x); free(x); return 0; } I get : Now I am using Version: Neon-20140301 and libc copied from Fluorine-20130601 ( btw why fc_runtime.c and other *.c files are deleted from Neon release ? ) command: frama-c-gui -cpp-command "gcc

问题 Forgive my ignorance. I need to do calculate backward slices for a project. After some searching, I came across frama-c. I downloaded the package on my ubuntu system which got me Frama-c Version: Fluorine-20130601. I am trying to use it for the first time. When finding out the undefined functions in my project almost all library functions are undefined, even printf, scanf etc(Neither code nor specification for function printf). According to the tutorial, I have to add stubs for all the