这个 C 程序对应的自动机 YA 文件是什么?
[英]What would be the automaton YA file corresponding to this C program?
问题描述
In the context of verifying this program using Aorai plugin for frama-c, what would be the corresponding automaton in.ya file format?
在使用 Frama-c 的 Aorai 插件验证该程序的上下文中,对应的自动机 in.ya 文件格式是什么?
void f() {
;
}
void g(){
;
}
int main(){
f();
g();
return 0;
}
My guess is this我的猜测是这个
%init: S0;
%accept: S4;
S0 : { CALL(main) } -> S1
;
S1 : { CALL(f) } -> S2
;
S2 : { CALL(g) } -> S3
;
S3 : {RETURN(main) } -> S4
;
S4 : -> S4
;
But I get this error using Aorai plugin但是我使用 Aorai 插件得到了这个错误
[aorai] Warning: Call to main does not follow automaton's specification. This path is assumed to be dead
[aorai] Threestateaut.c:12: Warning:
Call to main not conforming to automaton (pre-cond). Assuming it is on a dead path
1 个解决方案
解决方案1
1 已采纳 2021-02-25 18:56:16
Don't forget that at each event a transition must be taken from the current state of the automaton.不要忘记,在每个事件中,都必须从自动机的当前 state 中进行转换。 Here, when you are in S2 after the CALL to f , the next event that happens is the RETURN from f to main , but the only transition from S2 is guarded by CALL(g) (the beginning of the automaton describes thus a program where f itself calls g ).在这里,当您在CALL到f之后在S2中时,发生的下一个事件是从f到main的RETURN ,但是从S2的唯一转换由CALL(g)保护(自动机的开头因此描述了一个程序,其中f本身调用g )。
To fix this, you can either take the RETURN into account, as in要解决此问题,您可以将RETURN考虑在内,如
...
S2: { RETURN(f) } -> S3;
S3: { CALL(g) } -> S4;
...
or use YA extensions (as described in section 3.1.3 of the manual , which in particular allow indicating that you have a CALL(f) directly followed by a RETURN(f) with:或使用 YA 扩展(如手册第 3.1.3 节所述,特别是允许指示您有一个CALL(f)直接后跟一个RETURN(f) :
...
S2: { f() } -> S3;
...
Actually, with these extensions, the complete execution flow can be specified in a more compact way, since you can nest call sequences:实际上,通过这些扩展,可以以更紧凑的方式指定完整的执行流程,因为您可以嵌套调用序列:
%init: S0;
%accept: S1;
S0 : { main([f();g()]) } -> S1;
S1: -> S1;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.