Frama-C API - E_ACSL

General module for E-ACSL analyses

Datatypes for analyses types

Types used by E-ACSL analyses

Module with the context to hold the data contributing to an assertion and general functions to create assertion statements.

A bijective hash map implementation based on a pair of hash tables

E-ACSL built-in database.

Translate a given ACSL contract (function or statement) into the corresponding C statement for runtime assertion checking.

Handling errors.

E-ACSL tracks a local variable by injecting:

Observation of global variables.

Calls to the GMP's API.

GMP Values.

This module transforms inductive predicate definitions into "direct" predicate definitions (introduced by LBpred), a form that can then be translated into Cil. It is in general not clear how inductive definitions can be translated into an executable form. However for a restricted set of inductive definitions this can be achieved. This subset is constituted of generalized Horn clauses, described in the reference manual under the subsection Inductive predicates.

The E-ACSL main instrumentation step.

The compilation of E-ACSL to Cil is implemented as a two-stage process, where E-ACSL is first translated into an intermediate language Interlang and only then into Cil. This module defines the E-ACSL intermediate language type, along with pretty printing functions.

Smart constructors for building expressions of the intermediate language.

The compilation of E-ACSL to Cil is implemented as a two-stage process, where E-ACSL is first translated into an intermediate language Interlang and only then into Cil. This module defines a monad M for specifying computations that generate Interlang expressions, and is thus used for the first stage.

The compilation of E-ACSL to Cil currently has two different compilation schemes, the original direct-to-Cil compilation scheme, and the new compilation scheme, in which E-ACSL is first translated into an intermediate language Interlang and only then into Cil. The implementation of the new compilation scheme is not yet complete and will fail on many E-ACSL expressions. Therefore we supply in this module a function that tries first the new compilation schemes and only in case of failure applies the older one.

Interval inference for terms.

Pre-analysis for Labeled terms and predicates.

Code generation for libc functions

Associate literal strings to fresh varinfo.

Utilities function for aggregate types.

Generate C implementations of user-defined logic functions. A logic function can have multiple C implementations depending on the types computed for its arguments. Eg: Consider the following definition: integer g(integer x) = x with the following calls: g(5) and g(10*INT_MAX) They will respectively generate the C prototypes int g_1(int) and long g_2(long)

This module is dedicated to some preprocessing on the predicates:

Loop specific actions.

Register the plugin in the Frama-C kernel. Nothing is exported.

Extend the environment with statements which allocate/deallocate memory blocks.

Compute a sound over-approximation of what left-values must be tracked by the memory model library

Utilities for E-ACSL.

This is an implementation the RWS monad. It is a monad to model computations with side-effects and environments in a purely functional and a safe manner. RWS stands for Reader, Writer, State.

Prepare AST for E-ACSL generation.

Convert quantifiers.

Accessing the RTE plug-in easily.

This module links the E-ACSL's RTL to the user source code.

Transformations to detect temporal memory errors (e.g., dereference of stale pointers).

Functions that translate a given ACSL annotation into the corresponding C statements (if any) for runtime assertion checking. These C statements are part of the resulting environment.

Generate C implementations of E-ACSL \at() terms and predicates.

Generate C implementations of E-ACSL predicates.

Generate and translate RTE annotations.

Generate C implementations of E-ACSL terms.

Utility functions for generating C implementations.

Manipulate the type of numbers.

Type system which computes the smallest C type that may contain all the possible values of a given integer term or predicate. Also compute the required casts. It is based on interval inference of module Interval.