I'm new in frama-c plugin development.
I would like to ask if there is a way to get array size value and array elements type from Frama-C, either a static or dynamic created array.
For example
float *A = (float*)malloc(ni * nk * sizeof(float));
int tab[100];
I want to perform some pointer aliasing analysis in order to know when and where it is possible to insert restrict keyword.
I don't know if it is possible to modify formals parameters of a function. Take for example this function:
void test(int a, int b, int *tmp) {//}
If at the end of alias analysis in the body of this function, I'm sure that pointer tmp has not any aliasing situation, then I can insert restrict keyword in tmp declaration by
void test(int a, int b, int *__restrict__ tmp) {//}
So for that I need to know: pointer base address, if the pointer pointed into an array (constant or dynamic) then get array size and number of array elements. For now, that's how I formalized the part about getting the array size, the base address and the number of elements:
start
launch value analysis
launch pdg analysis
for kf do
Get all locals variables (eg: let locals = Kernel_function.get_locals kf;)
for each local var do
if Cil.isPointerType vi.vtype then
begin
find local var declaration (eg: with vi.vdecl);
print vi.vdecl in output file;
Know if local var is initialized during the declaration;
if local var is not initialized during the declaration then
locate local var initialization or first utilisation;
print this localisation in output file;
if this initialization is "an variable assignement" then
match initialization with
| ptr = a (where ptr (the local var concerned) and a are pointer type) -> get_base_addr a; get_array_size a; get_num_of_elm a;
print previous get_* results in output file; add ptr to some list
| ptr = &val -> match val with
| Const ->
| Lval ->
| ArrayType -> get_base_addr val; get_array_size val; get_num_of_elm val;
print previous get_* results in output file; add ptr to some list
| _ ->
| _ ->
else if this initialization is a dynamic allocation (eg: with malloc, ...) then
get_base_addr ptr; get_array_size ptr; get_num_of_elm ptr;
print previous get_* results in output file; add ptr to some list
else if local var is initialized during the declaration then
(*----*)
end
else if Cil.isArrayType vi.vtype then
get_base_addr ptr; get_array_size ptr; get_num_of_elm ptr;
print previous get_* results in output file; add ptr to some list
else
(*local var is not a pointer and not an array*)
end of for
Get list of all called functions;
Know if previous pointers or arrays analysed are passed as parameters to some functions in this list and print the name of these functions;
(*-----------*)
end of for ; end
I looked at the file Cil_types.mli and db.mli (in order to use some Db.Value.* functions) and found some types like (TPtr and TArray ) and many useful functions (mk*) but for the moment but for now I have not really understood how to use them.
Thanks in advance.
