Stack Overflow
Stack Overflow

Questions tagged [frama-c]

Frama-C is an Open Source suite of tools dedicated to the analysis of C source code.

Frama-C offers ready-to-use analyses for C programs: call graph, value analysis, functional dependencies, Program Dependence Graph, runtime monitoring, etc. It also allows the verification of functional properties, temporal logic, and much more. Results can be expressed in plain text, in SARIF, or in Frama-C's graphical interface.

Each analysis is implemented as a plug-in, and plug-ins inside the platform can use the results of one another. Frama-C is Open Source and extensible: new analyses can be implemented in OCaml as additional plug-ins that take advantage of existing ones. They communicate using the ACSL specification language, which also enables describing what the program is supposed to do.

Most provided analyses in Frama-C are sound: used within a delimited perimeter, all the behaviors that can happen at run-time are included in the behaviors statically predicted by Frama-C. Notwithstanding the possibility of bugs, plug-ins must be used as documented for the property to hold. This makes it possible to use Frama-C for the formal verification of C programs.

447 questions
2
votes
1 answer

How to run Frama-c WP plug-in with Coq interactive theorem prover?

Here is the swap example form WP plug-in tutorial; /*@ requires \valid(a) && \valid(b); @ ensures A: *a == \old(*b) ; @ ensures B: *b == \old(*a) ; @ assigns *a,*b ; @*/ void swap(int *a, int *b) { int tmp; tmp = *a; *a = *b; *b = tmp; …
Ugur Koc
  • 53
  • 7
2
votes
0 answers

How can I make Frama-c work with Coq-8.5?

I am trying to run the swap.c example from frama-c WP plug-in tutorial with coq, but I am getting the following compilation error for BuiltIn.v file; $frama-c -wp -wp-rte -wp-proof coq swap.c [kernel] Parsing…
Ugur Koc
  • 53
  • 7
2
votes
1 answer

Value analysis for high loop bounds

I am analysing a control program with the following structure: unsigned int cnt=0; unsigned int inc=3; ... void main(){ int i; int lim; for(i=0;i<100000;i++) { f1(); .... lim = f2(); if(cnt < lim) cnt += inc; .... } } My aim is to…
Harald
  • 21
  • 1
2
votes
2 answers

Calculate the range of an input which results in satisfying a predicate

Lets say we have the following C code: int my_main(int x){ if (x > 5){ x++; if (x > 8){ x++; if (x < 15){ //@(x >= 9 && x <= 14); } } } return 0; } I'd like…
Maor Veitsman
  • 1,544
  • 9
  • 21
2
votes
1 answer

Frama-C is proving invalid assertions

I am able to prove the following program using Frama-C, which is surprising because 1) there is an assert false, and 2) the loop invariant does not hold (array a holds 1's not 2's). Am I missing something here? /*@ requires \valid(a+ (0..9)) &&…
rsinha
  • 2,167
  • 3
  • 18
  • 17
2
votes
0 answers

Calculating function summary using Frama-C's value analysis

Let's say we have the following code sample: int a(int x){ if (x < 0){ return -50; } if (x >= 0 && x <= 3600){ return x - 100; } return x + 100; } int main(){ int q = Frama_C_interval(50, 5000); return…
Maor Veitsman
  • 1,544
  • 9
  • 21
2
votes
1 answer

Frama-C wp simple loop invariant

I have a problem with a very simple loop invariant while trying to prove the following program with the wp plugin: void f() { unsigned int i = 0; /*@ loop assigns i; loop invariant 0 <= i <= 2; loop variant 2 - i; */ for (;i <…
Photon
  • 23
  • 2
2
votes
1 answer

Save data persistently for every instance of Frama-C

I'm developing an extension to Frama-C, and I intend to create a configuration interface on it. Is it possible to save states in Frama-C independently of Project or Session, i. e., save a configuration that will be loaded with every instance of…
Vitor
  • 367
  • 3
  • 12
2
votes
2 answers

Frama-C anagram function behavior verification

I wrote a C function that checks if two given strings (C-style) are anagrams or not. I try to verify it with Frama-C but it cannot validate the final behaviors of the function (other specifications are valid). The first one goes to timeout (even…
Bortoliño
  • 33
  • 6
2
votes
1 answer

Frama-C \strlen function

I installed Frama-C Sodium (20150201) + the Jessie plugin, and I'm trying to reproduce the examples provided in the ACSL reference manual. But I can't use Jessie library functions (like \strlen) because every time I use one of them, I get errors…
Alex
  • 119
  • 12
2
votes
1 answer

SMT prover yields 'unknown' despite strong proven assertions

Suppose we have the following C annotated code: #define L 3 int a[L] = {0}; /*@ requires \valid(a+(0..(L - 1))); ensures \forall int j; 0 <= j < L ==> (a[j] == j); */ int main() { int i = 0; /*@ loop assigns i, a[0..(i-1)]; …
Evgeniy
  • 383
  • 2
  • 8
2
votes
1 answer

What does [ <- ] mean in why3?

I'm using Frama-C, Alt-Ergo and Why3 for system verifications. One proof obligation generated in Frama-C and sent to Why3 is shown below (this is the Why3 version): (p_StableRemove t_1[a_5 <- x] a_1 x_1 a i_2) I'd like to know what t_1[a_5 <- x]…
Vitor
  • 367
  • 3
  • 12
2
votes
1 answer

The exact mechanism of mapping WhyML into SMT logic

Good day, auto deduction and verification hackers! In order to gain a deeper understanding of how exactly WhyML provides proofs for ACSL-annotated C programs I am trying to manually "reproduce" the job Why3 does with WhyML program while translating…
Evgeniy
  • 383
  • 2
  • 8
2
votes
2 answers

Frama-C syntax error?

I have an entry point that I want to run pdg-dot on, however after I moved the header files to be in the right place I get this syntax error. gtkwin.c:77:[kernel] user error: syntax error In the source code that line is just a GdkPixmap…
Adam
  • 33
  • 7
2
votes
1 answer

Frama-c syntax error on macro expansion

I am getting the following syntax error: ../stat-time.h:58:[kernel] user error: Cannot find field st_atim This is in the gnu stat-time.h by Paul Eggert. Here's the snippet causing the error: #define STAT_TIMESPEC(st, st_xtim)…
MEE
  • 2,114
  • 17
  • 21
1 2 3
29 30