Questions tagged [frama-c]

Frama-C is an Open Source suite of tools dedicated to the analysis of C source code.

Frama-C offers ready-to-use analyses for C programs: call graph, value analysis, functional dependencies, Program Dependence Graph, runtime monitoring, etc. It also allows the verification of functional properties, temporal logic, and much more. Results can be expressed in plain text, in SARIF, or in Frama-C's graphical interface.

Each analysis is implemented as a plug-in, and plug-ins inside the platform can use the results of one another. Frama-C is Open Source and extensible: new analyses can be implemented in OCaml as additional plug-ins that take advantage of existing ones. They communicate using the ACSL specification language, which also enables describing what the program is supposed to do.

Most provided analyses in Frama-C are sound: used within a delimited perimeter, all the behaviors that can happen at run-time are included in the behaviors statically predicted by Frama-C. Notwithstanding the possibility of bugs, plug-ins must be used as documented for the property to hold. This makes it possible to use Frama-C for the formal verification of C programs.

447 questions

votes

1 answer

What loop invariants to use for an integer logarithm?

As I am having my first steps in C formal verification with Frama-C, I am trying to formally verify an integer binary logarithm function written as follows: //@ logic integer pow2(integer n) = (n == 0)? 1 : 2 * pow2(n - 1); /*@ requires n > 0; …

asked Feb 11 '20 at 02:30

Pierre Colin

votes

1 answer

ACSL Logic Struct Declarations Not Working as in Reference Manual

I would like to have a way to describe logic/spec level structs that include abstract lists. Example 2.2.7 on page 27 of the ACSL Reference Manual suggests that there is a way to do this and it is as follows: //@ type point = struct { real x;…

frama-c acsl

asked Dec 23 '19 at 14:16

Andrew Ferraiuolo

votes

1 answer

Proving the average value of an array

Hello I want to prove the computation of the average of all the values contained in a 1d array, so far I have the following program : #include typedef unsigned int size_t; typedef struct Average avg; struct Average { bool success; …

c arrays average frama-c

asked Dec 16 '19 at 14:48

Shinbly

votes

1 answer

Formal proof of a recursive Quicksort using frama-c

As homework, I've decided to try verify an implementation of quicksort (taken and adapted from here) using frama-c with wp and rte plugins. Note that at first leftmost is 0 and rightmost is equal to size-1. Here my proof. /*@ requires…

sorting quicksort frama-c formal-verification proof-of-correctness

asked Dec 16 '19 at 12:48

Nanoboss

votes

1 answer

ACSL proof of a function that checks if an array is sorted in increasing or decreasing order

I'm trying to prove the correctness of an function that checks if an array is sorted in increasing/decreasing order or not sorted. The behaviour is to return -1 if sorted in decreasing order, 1 if sorted in increasing order, of size 1, or containing…

c sorting frama-c formal-verification acsl

asked Dec 06 '19 at 10:23

Nanoboss

votes

1 answer

Checking C code for invalid memory access with Frama-C

I am given this C code (the details of the code, including possible bugs, are not very relevant): int read_leb128(char **ptr, char *end) { int r = 0; int s = 0; char b; do { if ((intptr_t)*ptr >= (intptr_t)end) (exit(1)); b =…

c static-analysis frama-c memory-access

asked Jul 19 '19 at 14:19

Joachim Breitner

25,395
6
78
139

votes

1 answer

Coq file generated by WP does not compile

I have installed frama-c (18.0) and coqide (8.9) through opam (plus other needed dependencies of course, but that may not be the matter here). Well the point is I simply installed it through opam, not done anything else strange (and I didn't see any…

coq frama-c

asked Mar 08 '19 at 15:32

Vincent Penelle

votes

1 answer

Why Eva plugin of Frama-c return unkown when it acctually found a counter example of an assertion

I am trying to insert an assertion inside a function. Here is what I did: void foo(int a) { //@ assert a == 1; } void main() { foo(1); foo(2); } I expect to get an invalid result, but Frama-C returns an unknown result while it can…

frama-c

asked Feb 14 '19 at 14:56

Thuy Nguyen

votes

1 answer

Satisfying Proof Obligations for memcpy? [Frama-C]

We've been using Frama-C for 'experimental' static analysis on a commercial project (integrated into our CI, with a few selective blocking checks, on a small section of the overall codebase). One of the snags that comes up relates to satisfying the…

frama-c

asked Dec 12 '18 at 05:59

jjmilburn

votes

1 answer

How to validate code that read/write to hardware memory mapped registers (mmio) with frama-c Eva plugin or WP-RTE?

The closest answer I found maybe related to -absolute-valid-range for the Eva plugin but is that it? Do I have to come up with read/write ACSL predicates to do dummy read/write? Sample code: #include #define BASE_ADDR 0x0e000000 #define…

frama-c

asked Oct 08 '18 at 18:23

ratt

votes

1 answer

Frama-C: Display callstacks in the command line output

When using the value analysis plug-in, one can use the GUI to display the values of a variable at a given program location (using the 'Values' tab). The values shown in this tab include the call stack corresponding to a particular value. E.g.: fn1…

frama-c

asked Sep 28 '18 at 16:04

Sergio Feo

votes

2 answers

Frama-C multiline macro definition syntax error

I am new to Frama-C and I am trying to formally verify a code base that contains a significant number of multiline macro definitions which look like this: #define vector_setElement(w,x,i) \ _Generic …

frama-c

asked Jun 20 '18 at 22:27

Jenna Wise

votes

3 answers

Frama-C aborted Invalid user input

I am very new to Frama-c and I got an issue when I am trying to open a C source file. The error shows as "fatal error: event.h: No such file or directory. Compilation terminated". [kernel] Parsing FRAMAC_SHARE/libc/__fc_builtin_for_normalization.i…

frama-c

asked Apr 24 '18 at 20:02

Raven

votes

1 answer

Unable to verify assign clause - Frama-C

In my example below, frama-c isn't able to prove my assign clause in the function contract and I am not sure why. I would really appreciate any help. /*@ @ requires n>0; @ requires \valid(a+(0..n-1)); @ ensures \forall int i; (n>i>=0 ==>…

loops automated-tests proof frama-c

asked Apr 14 '18 at 18:26

the_martian

votes

1 answer

Dataflow analysis of execution path

Is it possible to use Frama-C to verify whether or not the execution flow or memory accesses depend on a particular variable? Background: There were once options -experimental-path-deps and -experimental-mem-deps, but these were removed in the…

frama-c

asked Jan 23 '18 at 14:30

Lll

Prev 1 2 3

…

29 30 Next