框架断言
[英]Frama-c Assertion
问题描述
Recently I have been working with frama-c and I have faced a problem which is a bit confusing.
最近我一直在使用frama-c ,我遇到了一个有点令人困惑的问题。
I have written a very simple program in frama-c which is this:我用frama-c编写了一个非常简单的程序,它是这样的:
void main(void)
{
int a = 3;
int b = 4;
/*@ assert a == b;*/
}
I expect frama-c to say the assertion is not valid which in GUI this is shown by red bullet, but instead frama-c says the assertion is not valid according to value (under hypothesis), which is shown by orange-red bullet.我希望frama-c说断言无效,这在GUI中用红色子弹显示,但frama-c说断言根据值无效(在假设下),用橙红色子弹显示。
My question is why would frama-c say the assertion is not valid under hypothesis?我的问题是为什么frama-c说断言在假设下无效?
What are the possible hypotheses?可能的假设是什么?
I am asking this because my program is very simple and I can't find any hypothesis or dependency in my program which is related to the assertion and I guess frama-c should just say the assertion is not valid.我问这个是因为我的程序非常简单,我在我的程序中找不到任何与断言相关的假设或依赖关系,我猜frama-c应该只是说断言无效。
2 个解决方案
解决方案1
2 2018-06-18 06:47:41
If you have graphviz configured with your Frama-C installation (ie it was available when Frama-C was configured, either manually or via opam ), you can double-click the property in the Properties panel, and a window should open with the following dependency graph for the property:如果您使用 Frama-C 安装配置了graphviz (即在手动或通过opam配置 Frama-C 时可用),您可以双击“属性”面板中的属性,然后会打开一个窗口,其中包含以下内容属性的依赖图:
In it, we can see all the hypotheses used by a property, and so we see that the "under hypotheses" mentioned is that of the reachability of the assertion.在其中,我们可以看到一个属性使用的所有假设,因此我们看到提到的“下假设”是断言可达性的假设。 Eva ( value plug-in) computes an over-approximation of reachable states, so it cannot prove that a given state is reachable, only that it is unreachable . Eva( value插件)计算可达状态的过度近似,因此它不能证明给定状态是可达的,只能证明它是不可达的。
Currently, the only plug-in which can definitely prove reachability statuses is PathCrawler .目前,唯一可以确定可达性状态的插件是PathCrawler 。 However, in practice this is rarely an issue.然而,在实践中,这很少成为问题。
解决方案2
0 已采纳 2018-06-18 12:45:11
An alternative way to see the dependencies of a property proven under hypotheses is to use the Report plugin, on the command-line:查看假设下证明的属性的依赖关系的另一种方法是在命令行上使用Report插件:
$ frama-c -val cc -then -report
[report] Computing properties status...
--------------------------------------------------------------------------------
--- Properties of Function 'main'
--------------------------------------------------------------------------------
[ Alarm ] Assertion (file c.c, line 5)
By Value, with pending:
- Unreachable program point (file c.c, line 5)
--------------------------------------------------------------------------------
--- Status Report Summary
--------------------------------------------------------------------------------
1 Alarm emitted
1 Total
--------------------------------------------------------------------------------
The pending information lists all the properties required to finish the proof.待定信息列出了完成证明所需的所有属性。 For statutes emitted by the Value/Eva plugin, the only dependences emitted will always be reachability ones.对于 Value/Eva 插件发出的法规,发出的唯一依赖将始终是可达性的。
(This is actually misleading: the status of the n th property actually depends on the statuses for the properties k with k < n . This would generate a dependency graph too big, so those dependencies are not tracked.) (这实际上是一种误导:第n个属性的状态实际上取决于k < n的属性k的状态。这会生成一个太大的依赖关系图,因此不会跟踪这些依赖关系。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.