[英]Automatic widening in frama-c value analysis
I am looking for a method to perform widening on loops with no user hints. 我正在寻找一种在没有用户提示的情况下对循环执行扩展的方法。 I'll explain using an example:
我将使用一个示例进行说明:
int z;
void main(void) {
int r = Frama_C_interval(0, MAX_INT);
z = 0;
for (int y=0; y<r; y++)
z++;
}
When running frama-c value analysis on this code, the global variable z receives the interval [--,--]. 在此代码上运行frama-c值分析时,全局变量z接收间隔[-,-]。 Because z was set to zero and the loop consists of an incremental operator, an automatic widening method should be able to deduct that the more accurate interval is [0, --].
因为z设置为零,并且循环由增量运算符组成,所以自动加宽方法应该能够推断出更准确的间隔为[0,-]。 Is it possible to do this in Frama-C?
在Frama-C中可以这样做吗?
When running frama-c value analysis on this code, the global variable z receives the interval [--,--].
在此代码上运行frama-c值分析时,全局变量z接收间隔[-,-]。
No it doesn't: 不,它不是:
~ $ frama-c -version ; echo
Magnesium-20151001+dev
~ $ cat t.c
#define MAX_INT 0x7fffffff
int z;
void main(void) {
int r = Frama_C_interval(0, MAX_INT);
z = 0;
for (int y=0; y<r; y++)
z++;
}
~ $ frama-c -val t.c
…
t.c:8:[kernel] warning: signed overflow. assert z+1 ≤ 2147483647;
…
[value] Values at end of function main:
z ∈ [0..2147483647]
…
This is a development version, but the same should apply to any version since signed overflow started to be treated as a serious error with ACSL alarm. 这是开发版本,但由于签名溢出开始被视为带有ACSL警报的严重错误,因此该版本也适用于任何版本。 If you are using a version from when signed overflow was assumed to harmlessly produce 2's complement results, 1) you should upgrade, it has been years and 2)
z
can hardly be argued to be trivially positive then (although it is positive because of a relational invariant linking the values of z
and y
while the loop is executing, relational invariant that the value analysis cannot represent). 如果您使用的版本假定签名溢出会无害地产生2的补码结果,则1)您应该进行升级,已经有几年了; 2)那么很难说
z
是平凡的正数(尽管由于a在循环执行时将z
和y
的值关联起来的关系不变式,值分析无法表示的关系不变式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.