0

Is it possible to detect memory leaks or double free with Frama-c? I have tried to test that example But 

#include <string.h>
#include <stdlib.h>

#define FRAMA_C_MALLOC_STACK
#include "/usr/share/frama-c/libc/fc_runtime.c"

int main()
{
  int *x  = malloc(sizeof(int));
  free(x);
  free(x);
  return 0;
}

I get :

enter image description here

Now I am using Version: Neon-20140301 and libc copied from Fluorine-20130601 ( btw why fc_runtime.c and other *.c files are deleted from Neon release ? )

command:

frama-c-gui -cpp-command "gcc -C -E -I/usrhare/frama-c/libc/ -nostdinc" -slevel 1000 -val  -val-warn-copy-indeterminate @all main.

Using other defines (FRAMA_C_MALLOC_XXXX) works but is not detecting any bugs.

update: Other example

#include <string.h>
    #include <stdlib.h>

    #define FRAMA_C_MALLOC_STACK
    #include "/usr/share/frama-c/libc/fc_runtime.c"

    int main()
    {
      int *x  = malloc(sizeof(int));
      x[2] = 5;
      return 0;
    }
bataliero1234
  • 145
  • 10
  • There are Value analysis built-ins for `malloc` and `free` that detect wrong uses of these functions (including doing anything with a freed pointer: http://blog.frama-c.com/index.php?post/2012/01/05/Double-free ), but they are not distributed in the Open-Source package because they do not work to analyze all programs and anyone who wants to use them will need assistance with them anyway. You could obtain these built-ins and the matching assistance from CEA or from a company, TrustInSoft, that was created to provide precisely this kind of commercial support. – Pascal Cuoq Aug 26 '14 at 15:02
  • But apart from this example with double freeing, is it possible to test for example that code: int *x = malloc(sizeof(int)); x[2] = 2; ? – bataliero1234 Aug 26 '14 at 19:12
  • Yes. The only reason the malloc and free built-ins are not distributed is that the results can be difficult to interpret if the target program builds and then frees doubly linked lists. Your examples are within the scope of what can be analyzed without additional work and the errors in them are detected. – Pascal Cuoq Aug 26 '14 at 19:17

0 Answers0