Frama-C:
Plug-ins:
Libraries:

Frama-C API - Region

Interface for the Region plug-in

Each function is assigned a region map. Areas in the map represents l-values or, more generally, class of nodes. Regions are classes equivalences of nodes that represents a collection of addresses (at some program point).

Regions can be subdivided into sub-regions. Hence, given two regions, either one is included into the other, or they are separated. Hence, given two l-values, if their associated regions are separated, then they can not be aliased.

Nodes are elementary elements of a region map. Variables maps to nodes, and one can move to one node to another by struct or union field or array element. Two disting nodes might belong to the same region. However, it is possible to normalize nodes and obtain a unique identifier for all nodes in a region.

Memory Maps and Nodes

type map
type node
val id : node -> int

Unique id of normalized node. This can be considered the unique identifier of the region equivalence class.

val of_id : map -> int -> node
val pretty : Stdlib.Format.formatter -> node -> unit

Region Properties

All functions in this section provide normalized nodes and shall never raise exception.

val points_to : node -> node option
val pointed_by : node -> node list
val size : node -> int
val parents : node -> node list
val labels : node -> string list
val writes : node -> Frama_c_kernel.Cil_types.typ list
val shifts : node -> Frama_c_kernel.Cil_types.typ list
val typed : node -> Frama_c_kernel.Cil_types.typ option

Full-sized cells with unique type access

val iter : map -> (node -> unit) -> unit

Alias Analysis

val equal : node -> node -> bool

equal a b checks if nodes a and b are in the same region.

val compare : node -> node -> int

compare a b compares regions a and b by their unique id.

val included : node -> node -> bool

include a b checks if region a is a sub-region of b in map m.

val separated : node -> node -> bool

separated a b checks if region a and region b are disjoint. Disjoints regions a and b have the following properties:

  • a is not a sub-region of b;
  • b is not a sub-region of a;
  • two l-values respectively localized in a and b can never be aliased.
val singleton : node -> bool

singleton a returns true when node a is guaranteed to have only one single address in its equivalence class.

lval m lv is region where the address of l lives in. The returned region is normalized.

  • raises Not_found

    if the l-value is not localized in the map

val exp : map -> Frama_c_kernel.Cil_types.exp -> node option

exp m e is the domain of values that can computed by expression e. The domain is Some r is e has a pointer type and any pointer computed by e lives in region r. The domain is None if e has a non-pointer scalar or compound type.

  • raises Not_found

    if the l-value is not localized in the map

Low-level Navigation through Memory Maps

For optimized access, all the functions in this section return unnormalized nodes and may raise Not_found for not localized routes.

Unormalized.

  • raises Not_found

Unormalized.

  • raises Not_found

Unormalized.

  • raises Not_found
val footprint : node -> node list

Normalized list of leaf nodes.