frama-c : how to assume malloc succeeds?

Question

I would like to analyze my program assuming malloc successfully returns an allocated buffer.

When I run the value plugin with the command

/Users/philippeantoine/.opam/4.02.3/bin/frama-c -val testalloc.c

on this simple program :

#include <stdlib.h>
int main (){
    char * test = malloc(10);
    test[0] = 'a';
}

I get the following output :

[value] computing for function malloc <- main.
    Called from testalloc.c:4.
[value] using specification for function malloc
[value] Done for function malloc
testalloc.c:5:[kernel] warning: out of bounds write. assert \valid(test+0);
[value] Recording results for main
[value] done for function main

I would like not to get the "out of bounds write" How can I do that ?

PS : I tried to change the malloc specification in stdlib.h, without success

I think you have to use the provided `malloc` functions. See `stdlib.c` in the `share` directory, and maybe the `-val-builtin` option. — Anne, Apr 21 '16 at 10:16
I do not find any `stdlib.c` file, in the frama-c-Magnesium-20151002 archive. Running with `-val-builtin malloc:Frama_C_alloc_size`I get the error `undeclared builtin 'Frama_C_alloc_size'` — Philippe Antoine, Apr 22 '16 at 06:37
Sorry, they are not distributed in the Open-Source package. See comments in: http://stackoverflow.com/questions/25466686/frama-c-malloc-neon-20140301-fatal-error — Anne, Apr 25 '16 at 06:35

score 2 · Answer 1 · answered May 08 '16 at 20:37

2

Unfortunately, there is no satisfying implementation of malloc in the current open-source version of Frama-C (in the Value plugin). The previously available versions, in stdlib.c, all had drawbacks. They have been removed partly for this reason.

We have implemented a new, sound (correct) and intelligible enough modelization. However, it will only be available with Frama-C Silicium, to be released in october or november 2016.

answered May 08 '16 at 20:37

byako

3,372
2
21
36

1

Thanks for this answer. I will be waiting for this new version of Frama-C. From my point of view, the power of Frama-C could benefit programs using dynamic allocations (like the ones I am working on). – Philippe Antoine May 11 '16 at 14:57

frama-c : how to assume malloc succeeds?

1 Answers1