About requirements of array in frama-c

Question

When writing ACSL of function in frama-c, I want the array of global variables to satisfy a requirement, for example:

int a[5];

/*@requires \forall int i; 0 <= i <= 4 ==> a[i] > 0;
*/
void f()
{
    do something with a...;
}

I want all the elements of a larger than 0, so is that right? I try that, that doesn't work, can anyone tell me how to write it?

Thanks very much.

Your question should contain a commandline, a Frama-C version and an exact copy of the message you obtained that makes you think that it “doesn't work”. — Pascal Cuoq, May 07 '14 at 07:12
Actually, your question should contain a C program that can be passed to Frama-C. Your example would be rejected because `do something with a...;` is not valid C syntax. — Pascal Cuoq, May 07 '14 at 07:51
sorry, maybe I didn't express my question well, "that doesn't work" means "requires \forall int i; 0 <= i <= 4 ==> a[i] > 0;" doesn't work, in function f, the value range of a's element is [--,--], not [1, INT_MAX]. and what I expect is [1, INT_MAX] — user3568607, May 08 '14 at 02:25
@user3568607 you should edit your question with what you have put in the comment, and say explicitely that your are using the `Value` plugin of Frama-C. — Virgile, May 19 '14 at 13:46

score 2 · Answer 1 · answered May 19 '14 at 13:57

As explained in its manual, the Value Analysis plug-in understands only a subset of ACSL formulas.

In particular, it does not handle quantifiers, thus your pre-condition has no effect on the resulting state. The usual trick is to write a wrapper function that will call f in an appropriate environment. For that, you can in particular use the Frama_C_interval function. For instance, your wrapper could be (don't forget to #include <limits.h> in your file because of INT_MAX)

void wrap() {
  for(int i=0; i<=4; i++) a[i] = Frama_C_interval(1,INT_MAX);
  f();
}

and you would call Frama-C this way:

frama-c -val -main wrap -lib-entry file.c

About requirements of array in frama-c

1 Answers1