为什么在Frama-C价值分析中无法访问代码?
[英]Why is code unreachable in Frama-C Value Analysis?
问题描述
When running Frama-C value analysis with some benchmarks, eg susan in http://www.eecs.umich.edu/mibench/automotive.tar.gz , we noticed that a lot of blocks are considered dead code or unreachable. 
使用某些基准(例如, http://www.eecs.umich.edu/mibench/automotive.tar.gz : susan中的susan运行Frama-C值分析时,我们注意到许多块被认为是无效代码或无法访问。 However, in practice, these code is executed as we printed out some debug information from these blocks. 但是,实际上,这些代码是在我们从这些块中打印出一些调试信息时执行的。 Is there anybody noticed this issue? 有没有人注意到这个问题? How can we solve this? 我们该如何解决呢?
2 个解决方案
解决方案1
4 2013-11-28 20:26:15
Your code has a peculiarity which is not in Pascal's list, and which explains some parts of the dead code. 您的代码具有Pascal列表中未列出的特性,并且可以解释无效代码的某些部分。 Quite a few functions are declared as such 如此声明了一些函数
f(int x, int y);
The return type is entirely missing. 返回类型完全丢失。 The C standard indicates that such functions should return int , and Frama-C follows this convention. C标准指示此类函数应返回int ,并且Frama-C遵循此约定。 When parsing those function, it indicates that they never return anything on some of their paths 解析这些函数时,表明它们从未在其某些路径上返回任何内容
Body of function f falls-through. Adding a return statement.
On top on the return statement, Frama-C also adds an /*@ assert \\false; 在return语句的顶部,Frama-C还添加了/*@ assert \\false; ;。 annotation, to indicate that the execution paths of the functions that return nothing should be dead code. 注释,指示不返回任何内容的函数的执行路径应为无效代码。 In your code, this annotation is always false: those functions are supposed to return void , and not int . 在您的代码中,此注释始终为false:这些函数应该返回void ,而不是int 。 You should correct your code with the good return type. 您应该使用良好的返回类型来更正代码。
解决方案2
2 已采纳 2013-11-25 13:05:46
Occurrences of dead code in the results of Frama-C's value analysis boil down to two aspects, and even these two aspects are only a question of human intentions and are indistinguishable from the point of view of the analyzer. Frama-C的价值分析结果中死代码的产生可以归结为两个方面,甚至这两个方面也只是人为的问题,从分析仪的角度来看是无法区分的。
- Real bugs that occur with certainty everytime a particular statement is reached. 每次到达特定语句时,确定发生的实际错误。 For instance the code after
y = 0; x = 100 / y;例如, y = 0; x = 100 / y;之后的代码y = 0; x = 100 / y;y = 0; x = 100 / y;is unreachable because the program stops at the division everytime.之所以无法访问,是因为该程序每次都会在该部门停止。 Some bugs that should be run-time errors do not always stop execution, for instance, writing to an invalid address. 一些应该是运行时错误的错误并不总是会停止执行,例如,写入无效地址。 Consider yourself lucky that they do in Frama-C's value analysis, not the other way round. 让自己感到幸运的是,他们参与了Frama-C的价值分析,而不是相反。 - Lack of configuration of the analysis context, including not having provided an informative main() function that sets up variation ranges of the program's inputs with such built-in functions as
Frama_C_interval(), missing library functions for which neither specifications nor replacement code are provided, assembly code inside the C program, missing option-absolute-valid-rangewhen one would be appropriate, ...缺乏分析上下文的配置,包括未提供具有信息性的main()函数和诸如Frama_C_interval()类的内置函数来设置程序输入的变化范围,缺少缺少规范或替换代码的库函数,C程序中的汇编代码,如果合适的话,缺少选项-absolute-valid-range,...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.