Questions tagged [frama-c]

Frama-C is an Open Source suite of tools dedicated to the analysis of C source code.

Frama-C offers ready-to-use analyses for C programs: call graph, value analysis, functional dependencies, Program Dependence Graph, runtime monitoring, etc. It also allows the verification of functional properties, temporal logic, and much more. Results can be expressed in plain text, in SARIF, or in Frama-C's graphical interface.

Each analysis is implemented as a plug-in, and plug-ins inside the platform can use the results of one another. Frama-C is Open Source and extensible: new analyses can be implemented in OCaml as additional plug-ins that take advantage of existing ones. They communicate using the ACSL specification language, which also enables describing what the program is supposed to do.

Most provided analyses in Frama-C are sound: used within a delimited perimeter, all the behaviors that can happen at run-time are included in the behaviors statically predicted by Frama-C. Notwithstanding the possibility of bugs, plug-ins must be used as documented for the property to hold. This makes it possible to use Frama-C for the formal verification of C programs.

447 questions

votes

1 answer

How to install Impact Analysis Plug-in for Frama-c on Ubuntu 14.04?

I installed Frama-c on Ubuntu 14.04, using the following commands: sudo apt-get install frama-c However, when I open the GUI of frama-c using the following command: frama-c-gui I cannot find the "Impact Analysis" plug-in on the left-hand side…

c ubuntu frama-c program-slicing

asked Sep 26 '17 at 23:01

shashibici

votes

1 answer

How do I debug ACSL in frama-c?

I'm trying to learn ACSL but am stumbling with trying to write a complete specification. My code #include #include #define NUM_ELEMS (8) /*@ requires expected != test; @ requires \let n = NUM_ELEMS; @ …

frama-c acsl

asked Jul 19 '17 at 23:20

Yifan

4,867
5
25
24

votes

1 answer

How to copy results of a plugin to another project?

In Frama-C, I would like to copy the results of a plugin like Value from one project to another. How exactly do I do this? I'm guessing I have to use Project.copy with the proper State_selection, but what would that be for Value? More generally, how…

ocaml frama-c

asked Apr 29 '17 at 14:33

gsp

votes

1 answer

Error installing Frama-C with opam (Ubuntu 14.04 LTS)

Trying to install Frama-C with the recommended opam method gives the following error: ### stdout ### # Cleaning Installation directory # Installing WP shared files ### stderr ### # /bin/sh: 1: src/plugins/wp/share/instwp: not found # make: ***…

frama-c opam

asked Apr 19 '17 at 23:27

Spearman

votes

1 answer

Unsound behavior with -rte option in Magnesium

I am facing an incoherent behavior with the -rte option in Magnesium version (installed directly from ubuntu). I am wondering if someone is aware of that problem or if I am doing something wrong. I have a program with an incorrect acces outside an…

frama-c

asked Nov 23 '16 at 11:43

Julien C.

votes

1 answer

Invalid assertion for overflow check Frama-C

While checking the overflow for short and char data type for add operation, the assertions inserted by Frama-C are seems to be incorrect: For char and short data the maximum positive and negative values are of integer data type. What could be the…

static-analysis frama-c

asked Oct 05 '16 at 07:59

karan

votes

2 answers

Frama-C Plugin development: Getting result of value-analysis

I am working on a Plugin for Frama-C, using the Value-analysis. I simply want to print the state of the variables (values) after each statement (I think the solution is quiet easy, but I couldn't figure it out). I got the current state with…

ocaml frama-c value-analysis

asked Mar 21 '16 at 13:48

Thomas Böhm

1,456
1
15
27

votes

1 answer

Frama-C: Get slice for C assert statement

Is there a way to use Frama-C's slicing plugin to compute slices for a specific C assert statement? For example, given the following code: int main() { double a=3; double b=4; double c=123; assert(b>=0); double d=a/b; …

frama-c program-slicing

asked Mar 14 '16 at 14:52

Paddre

votes

2 answers

How to use Why3 proofs in Frama-C GUI?

This feels like a silly question, but I'm stumped. I'm trying to use Frama-C Sodium and Why3 0.86.1 (both installed via OPAM) to prove some simple properties. Consider this program (toy.c): int main(void) { char *hello = "hello world!"; /*@…

frama-c why3

asked Sep 17 '15 at 08:57

Isabelle Newbie

9,258
1
20
32

votes

1 answer

frama-c wp plugin fails to validate the swap function from the manual

How to make frama-c -wp verify the example from the wp manual - a trivial swap function (swap.c): /* @ requires \valid(a) && \valid(b); @ ensures A: *a == \old(*b); @ ensures B: *b == \old(*a); @ assigns *a,*b; @*/ void swap(int * a, int…

frama-c alt-ergo

asked Sep 04 '15 at 14:14

Necto

2,594
1
20
45

votes

1 answer

frama-c metrics output to file for metrics-by-function

I am trying to output the metrics results to a file. I know that I can call -metrics-output, and output the global metrics analysis to a file, but I am also trying to get the results of each function. Calling: frama-c -metrics -metrics-output…

frama-c

asked Jun 12 '15 at 20:38

Quantico

2,398
7
35
59

votes

1 answer

How to prove remove_copy from ACSL by example

I tried to prove the algorithm remove copy (the first version) from "ACSL by Example" version 11.1.0. I used Alt-Ergo (0.99.1), CVC3 (2.4.1), Z3 (4.3.2), CVC4 (1.4) and Why3 (0.85) The time limit in why3 was 50 sec and to start frama-c, I used the…

coq frama-c

asked May 29 '15 at 17:31

Vitor

votes

1 answer

How to handle printf(" ", ) and scanf(" ") with frama-c command?

I am using this code to generate the control flow graph of a C program. It is working fine for all the function except built-in function like printf and scanf. What can I change in this code to output the built in function as it is? open Cil open…

linux graph frama-c

asked Feb 13 '15 at 16:56

kbiplav

votes

1 answer

Suppress [value] messages in the log of Frama-C's Value Analysis

I want to use the result from the analysis of Value plugin in Frama-C (batch mode) for further evaluation of variables in functions. However, the output seems to be large with lots of [value] tags, what I need is only the part from [value] ======…

frama-c

asked Feb 13 '15 at 16:15

Trúc Nguyễn Lâm

votes

2 answers

Model non-deterministic value integer in Frama-C

Could anyone please tell me is this the right model for non-deterministic values of integer and unsigned integer in Frama-C? /* Suppose Frama-C is installed in /usr/local -default prefix */ #include "/usr/local/share/frama-c/builtin.h" #include…

frama-c

asked Feb 11 '15 at 18:11

Trúc Nguyễn Lâm

Prev 1 2 3

…

29 30 Next