Stack Overflow
Stack Overflow

Questions tagged [frama-c]

Frama-C is an Open Source suite of tools dedicated to the analysis of C source code.

Frama-C offers ready-to-use analyses for C programs: call graph, value analysis, functional dependencies, Program Dependence Graph, runtime monitoring, etc. It also allows the verification of functional properties, temporal logic, and much more. Results can be expressed in plain text, in SARIF, or in Frama-C's graphical interface.

Each analysis is implemented as a plug-in, and plug-ins inside the platform can use the results of one another. Frama-C is Open Source and extensible: new analyses can be implemented in OCaml as additional plug-ins that take advantage of existing ones. They communicate using the ACSL specification language, which also enables describing what the program is supposed to do.

Most provided analyses in Frama-C are sound: used within a delimited perimeter, all the behaviors that can happen at run-time are included in the behaviors statically predicted by Frama-C. Notwithstanding the possibility of bugs, plug-ins must be used as documented for the property to hold. This makes it possible to use Frama-C for the formal verification of C programs.

447 questions
4
votes
1 answer

Frama-C disabling wp qed

When using Frama-C WP with the option -wp-out, for example(using swap.c example): swap.c // File swap.c: /*@ requires \valid(a) && \valid(b); @ ensures A: *a == \old(*b) ; @ ensures B: *b == \old(*a) ; @ assigns *a,*b ; @*/ void swap(int…
user2291590
  • 218
  • 1
  • 2
  • 9
4
votes
1 answer

Frama-C unbound module Z build error

Using Ubuntu 14.04, I downloaded the Neon Frama-C distribution, and installed the required tools: labgtk, sourceview, etc. I configured Frama-C no problem, but on building got: File "external/unz.ml", line 39, characters 10-19: Error: Unbound…
Jonathan Gallagher
  • 2,115
  • 2
  • 17
  • 31
4
votes
2 answers

Named constants in ACSL specifications

How can I make use of named constants in ACSL specifications? These constants are either Macros (#define MY_CONST ...) or constant declarations (const int MY_CONST ...). The former does not work since the macros are not expanded by the preprocessor…
dordow
  • 115
  • 6
4
votes
3 answers

install Frama-C on Mac OS X

How do I install a current Frama-C release and its prerequisites on Macs? I have a laptop running Mac OS X 10.6.8 and a desktop running Mac OS X 10.7.5 which I can install software on. I also have access to a lab of machines running Mac OS X 10.8…
raok
  • 191
  • 3
4
votes
1 answer

Get the array index variable and its value in value analysis (Frama-C)

I want to query the value analysis plugin in Frama-C for instructions to get their value. For each array, it returns the value range of the whole array. For example, if the instruction is array[i] = 1;, I got result = {1} for array[i] from value…
user2544482
  • 157
  • 4
4
votes
2 answers

Get result into a string variable in OCaml

I have this function working which prints out the value in an offsetmap: let pretty_offsetmap_original lv fmt offsetmap = begin match offsetmap with | None -> Format.fprintf fmt "" | Some off -> let typ = Some (typeOfLval lv) …
user2544482
  • 157
  • 4
4
votes
1 answer

Unable to prove assign clause - Frama-C

I'm new to Frama-c and I'd like to understand what is the problem with this simple example : /*@ requires \valid(array+(0..length-1)) @ ensures \forall integer k; 0 <= k < length ==> array[k] == 0; @ assigns array[0..length-1]; */ void fill(int…
roo
  • 149
  • 9
4
votes
2 answers

How to make Frama-C understand bitwise AND in tests?

I am trying to use Frama-C value analysis to study a large generated C code where the bound checks are done using a bitwise AND (&) instead of a logical AND (&&). For instance: int t[3]; ... if ((0 <= x) & (x < 3)) t[x] = 0; Frama-C value…
Anne
  • 1,270
  • 6
  • 15
4
votes
1 answer

How to prove an assertion containing pointer operations

I am trying to prove a simple assertion using the WP plugin of frama-c. The C code was generated from a Targetlink lookup table. My aim is to provide enough annotations to the function that I can use the resulting contract to prove properties of a…
user1786344
  • 83
  • 2
3
votes
1 answer

How to know which parts of an ACSL predicate are failing?

I have an ACSL predicate that is ~37 lines long (the predicate returns whether the passed struct is in a valid state). It is a series of conditions &&'d together. When I assert the predicate: //@ assert MyPredicate(myArg); and the verification…
Costava
  • 175
  • 9
3
votes
1 answer

Is it possible to write the result of code transformations back to the original source files?

I would like to perform code transformations on multiple files and write the changes that result from these transformations back, ideally the original files. For example, I would like to add an if-Statement to a function funcA that originates from…
jobnz
  • 398
  • 3
  • 10
3
votes
1 answer

Frama-c WP and preconditions

I have two questions regarding preconditions and Frama-c wp : How does Frama-c prove preconditions ? When does Frama-c try to prove preconditions ? I'm asking these questions because sometimes frama-c wp doesn't even attempt the proof, sometimes…
GeePi
  • 89
  • 5
3
votes
2 answers

What does "Default behavior: tried with Frama-C kernel." mean?

I'm trying to verify a simple program from Frama-C + WP. #include /*@ requires valid_read_string(s); assigns \result \from indirect:s[0..]; ensures \result == strlen(s); */ size_t get_len(const char *s) { …
Qix - MONICA WAS MISTREATED
  • 14,451
  • 16
  • 82
  • 145
3
votes
2 answers

How do you tell Frama-C and Eva that an entry point's parameters are assumed valid?

Take the following C code example. struct foo_t { int bar; }; int my_entry_point(const struct foo_t *foo) { return foo->bar; } In our case, my_entry_point will be called from assembly, and *foo here must be assumed to always be…
Qix - MONICA WAS MISTREATED
  • 14,451
  • 16
  • 82
  • 145
3
votes
1 answer

How do i analyse a complex project like open62541?

I am a student and currently trying to analyse the reference implementation for the OPC Ua protocol in C with cppcheck and frama-c. My goal is not to do very dedicated testing but more some general/basic tests to see if there are some obvious issues…
Lukas
  • 45
  • 5
1 2
3
29 30