I have a problem specifiying the access to internal state variables, i.e. those local to a module that are accessed by getters and setters only. I have tried to use the getter function in the specification of the function contract of the setter function, but frama-c returns an error:
> frama-c -wp -wp-rte -verbose 0 intstate.c intstate.h
...
intstate.h:4:[kernel] user error: unexpected token ')'
[kernel] user error: skipping file "intstate.c" that has errors.
[kernel] Frama-C aborted: invalid user input.
Here is the header:
int get_state(void);
/*@
@ ensures val == get_state();
@*/
void set_state(int val);
and here the source:
#include "intstate.h"
static int the_state = 0;
int get_state(void) {
return the_state;
}
void set_state(int val) {
the_state = val;
}
I think it is a common problem. How is it done in ACSL? Does anyone have an example of a similar problem?
I use Frama-C Fluorine-20130601.
Thanks in advance
Frank
Edit: Re-reading the ACSL spec more closely revealed to me that C-functions are not possible in specifications, only logic functions. I tried to wrap the C-function in a logic function but that wasn't accepted too, same error message. I finally modelled the interanl state variable by a ghost variable, but I am not sure if this is the decent approach.
