Frama-C ... or at least the C codebase available on there, anyway? Don't be fooled by the positive examples presented here and there. Verifying arbitrary programs is still arbitrarily difficult. There is some cherry-picking going on in the results we, and others, present. In the case of Frama-C's value analysis, dynamic...
Read MoreIf you have seen the basic presentation of the value analysis, you may remember the following function. void abs(int y) { if (y >= 0) { r = y; return; } else { r = -y; return; } } \Why the two ugly return; statements in a function that needs...
Read MoreA previous post in the value analysis thread in this blog contained this digression: Actually, we can also prevent function Update to keep trace of a previous input buffer, thanks to secondary analyses derived from the value analysis. One of them computes the set of locations written to by a...
Read MoreSo it may seem that I have a pretty good job for having nothing more important to worry about —that may or may not be accurate— but I worry about the state of the Frama-C documentation in general and of the value analysis in particular. I hate noticing that it's...
Read MoreContext This post is a sequel and conclusion to this remark. Example of derived analysis: slicing When writing a Frama-C plug-in to assist in reverse-engineering source code it does not really make sense to expect the user to check the alarms that are emitted by the value analysis. Consider for...
Read More