The results of Eva can be exploited directly in two ways:
The plug-in can be used both with the graphical user interface and in batch mode (recommended). In batch mode, the command line may look like:
frama-c -eva file1.c file2.c
A list of alarms (corresponding to possible run-time errors as computed by the analysis) is produced on the standard output.
The results of Eva are used by many other plug-ins. In this case, the analysis is initiated automatically by the exploiting plug-in, but it is still possible to configure it for the case at hand (e.g. through the same command-line options that would be used in conjunction with ‑eva
.
Consider the following function, in file test.c
:
int abs(int x) {
if (x < 0) return -x;
else return x;
}
In this code, Eva reports the possible integer overflow when x
is the smallest negative integer by emitting an alarm at line 2. The alarm is the ACSL assertion assert -x ≤ 2147483647;
that protects against an overflow.
Eva also displays the possible values of the variables at the end of the function. Here, we can see that the result is always positive.
$ frama-c -eva test.c -main abs
[…]
mytests/test.c:2:[eva] warning: signed overflow. assert -x ≤ 2147483647;
[eva] done for function abs
[eva] ====== VALUES COMPUTED ======
[eva:final-states] Values at end of function abs:
__retres ∈ [0..2147483647]
One can also inspect in the graphical interface of Frama-C the alarms emitted by Eva, as well as the possible values inferred at each program point.
The options to configure the analysis as well as the syntax of the results are described in the Eva user manual.