Stack Overflow
Stack Overflow

Questions tagged [frama-c]

Frama-C is an Open Source suite of tools dedicated to the analysis of C source code.

Frama-C offers ready-to-use analyses for C programs: call graph, value analysis, functional dependencies, Program Dependence Graph, runtime monitoring, etc. It also allows the verification of functional properties, temporal logic, and much more. Results can be expressed in plain text, in SARIF, or in Frama-C's graphical interface.

Each analysis is implemented as a plug-in, and plug-ins inside the platform can use the results of one another. Frama-C is Open Source and extensible: new analyses can be implemented in OCaml as additional plug-ins that take advantage of existing ones. They communicate using the ACSL specification language, which also enables describing what the program is supposed to do.

Most provided analyses in Frama-C are sound: used within a delimited perimeter, all the behaviors that can happen at run-time are included in the behaviors statically predicted by Frama-C. Notwithstanding the possibility of bugs, plug-ins must be used as documented for the property to hold. This makes it possible to use Frama-C for the formal verification of C programs.

447 questions
2
votes
1 answer

puts(NULL) - why doesn't WP+RTE complain?

Consider this small C file: #include void f(void) { puts(NULL); } I'm running the WP and RTE plugins of Frama-C like this: frama-c-gui puts.c -wp -rte -wp-rte I would expect this code to generate a proof obligation of…
Maya
  • 1,490
  • 12
  • 24
2
votes
0 answers

Frama-C usage considered by the European Space Agency; help needed

Frama-C community. My name is Maurizio Martignano (www.spazioit.com). I perform independent SW validation and verification for ESA missions and am currently involved with a European Space Agency project that tries to collect a set of Static Analysis…
Maurizio Martignano
  • 21
  • 1
2
votes
1 answer

Testing intermediate variables in a large file using Frama-c

I am trying to use Frama-c to check some properties of a C function that I have. The function is quite large and there are some intermediate variables that I need to check. (I am following this and this manual) My program has the following…
Kirk Sanders
  • 23
  • 3
2
votes
1 answer

How do I invoke axioms about libc string functions in Frama-C?

Frama-C provides axiomatic specifications for string functions from the C standard library in the __fc_string_axiomatic.h header file. For example, one such entry specifying memset() reads: /*@ axiomatic MemSet { @ logic memset{L}(char *s, ℤ c,…
Jay Kruer
  • 33
  • 5
2
votes
1 answer

Why is Frama-C warning about 'accessing uninitialized left-value' in basic example?

Frama-C considers the code below correct (no warning, no error) : #include #include int *p; int main() { p = malloc(sizeof(int)); if (p!=NULL) { *p = 9; printf("*p = %d\n",(int)…
Pierre G.
  • 4,346
  • 1
  • 12
  • 25
2
votes
1 answer

Are infinite loops handled in Frama-C?

I am trying to prove that the value of a variable always increases. I have written the following code: void Commit() { int count = 1; //@ ghost int old_count = 0; while (1) { //@ ghost old_count = count; count++; …
Amit Rege
  • 37
  • 4
2
votes
2 answers

Frama-c : Trouble understanding WP memory models

I'm looking for WP options/model that could allow me to prove basic C memory manipulations like : memcpy : I've tried to prove this simple code : struct header_src{ char t1; char t2; char t3; char t4; }; struct header_dest{ short t1; …
Eliott.CH
  • 25
  • 3
2
votes
2 answers

Cannot prove euclidean division in frama-c

I'd like to prove this loop implementation of Euclidean division in Frama-C : /*@ requires a >= 0 && 0 < b; ensures \result == a / b; */ int euclid_div(const int a, const int b) { int q = 0; int r = a; /*@ loop invariant a == b*q+r &&…
V. Semeria
  • 3,128
  • 1
  • 10
  • 25
2
votes
2 answers

Frama-c Assertion

Recently I have been working with frama-c and I have faced a problem which is a bit confusing. I have written a very simple program in frama-c which is this: void main(void) { int a = 3; int b = 4; /*@ assert a == b;*/ } I expect…
Mahdi Talebi
  • 23
  • 3
2
votes
0 answers

How do I use the Frama-C WP plugin to calculate weakest precondition formulae?

I'm implementing a static anaylsis as a plugin for Frama-C and as a part of this analysis I need to generate weakest precondition formulae. I have found this related question, How do I use the results of WP in another plug-in? , however the answer…
wup
  • 21
  • 4
2
votes
2 answers

Frama-C: how to get only line number

I'm developping a plugin in frama-c and I want to get line number in source code. In this little script for example: open Cil_types open Cil_types open Cil_datatype let print_loc kf = let locals = Kernel_function.get_locals kf in …
R. Fomba
  • 79
  • 8
2
votes
1 answer

Prove while-loop in Frama-C

I'm trying to prove a while-loop with a pointer assign in frama-c. Unfortunately, I encounter problems. I've managed to prove it if rewriting the code under test with a for-loop and with array notation. Does anyone have any ideas on how to prove…
Quissy
  • 23
  • 4
2
votes
1 answer

How to prove why3 generated script in coq?

I use frama-C WP and want to debug my ACSL annotations (to understand why provers say me "don't know"). I have some green or orange results. I open why3 IDE and see the generated scripts. Then I select a theory/goal from the list and able to start…
SeregASM
  • 75
  • 12
2
votes
0 answers

Shall we write "assert" after each function call when a sequence of functions are called?

Let me start my question by this example: void A (void) { B(); C(); D(); E(); ... // function calls go on. return; } Now let's add ACSL annotations to the code: /*@ ensures PostConditionOfB(); ensures PostConditionOfC(); …
Rocolife
  • 43
  • 4
2
votes
1 answer

ACSL "assigns" annotation for inner structs and fields of C code

Suppose we have such a data structure: #typedef struct { int C_Field; }C; #typedef struct { C B_Array[MAX_SIZE]; }B; #typedef struct { B A_Array[MAX_SIZE]; }A; It seems that Frama-C doesn’t assign a location for a field of a struct of type C in…
Rocolife
  • 43
  • 4
1 2 3
29 30