Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] Jessie regions
- Subject: [Frama-c-discuss] Jessie regions
- From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
- Date: Tue, 10 Mar 2009 08:37:22 +0100
- In-reply-to: <5EFD4D7AC6265F4D9D3A849CEA9219191AB14F@LAXA.intra.cea.fr>
- References: <7CD088A8-35C2-4166-AACB-C36086BBF58F@first.fraunhofer.de><EFEEF25A-DE4E-488A-B35F-064F5C4B614E@cea.fr><7B29121BFC06467FA716CC00626745C6@AHARDPLACE> <5EFD4D7AC6265F4D9D3A849CEA9219191AB14F@LAXA.intra.cea.fr>
Thank you very much Christoph ----- Original Message ----- From: "CUOQ Pascal" <Pascal.CUOQ at cea.fr> To: "Frama-C public discussion" <frama-c-discuss at lists.gforge.inria.fr>; "Frama-C public discussion" <frama-c-discuss at lists.gforge.inria.fr> Sent: Monday, March 09, 2009 10:51 PM Subject: Re: [Frama-c-discuss] Jessie regions >> referring the discussion regarding disjoint memory regions: > > I was hoping someone else would take up the gantlet, > but since no-one did, here I go. > >> I want to know, whether the built-in assumption that all >> memory regions are disjoint is a mere assumption or a precondition, > > In my previous answer, I divided the separation hypotheses > in two categories. > > 1/ The separation hypothesis that p is separated from &p is an > assumption. Jessie does not handle > such casts and although it is fundamentally a compositional > tool able to analyze a function outside of its context, it > still needs to assume that the context does not contain such > pointer casts that would break its memory model. One of these days > we are going to provide you with a methodology for insulating the > dangerous casts so that you can safely apply Jessie to some functions > even though dangerous casts are used in others. This is definitely > on our to-do list. Until then, the safest way is to restrict your use of > Jessie to applications that do not use unsafe casts *as a whole* -- > i.e. even outside the functions you are analyzing. > > 2/ The hypothesis that two distinct pointer arguments of a function > point to separate memory regions should be a precondition. It has been > a while since I last launched Jessie and I am not sure what it does now, > but if Jessie assumes the arguments pointers are separated, it certainly > should express the assumption it is making as a precondition. > > To sum up the answer to your question, it depends on the > category of the separation hypothesis. For category 1/, it's an > assumption. For category 2/, it should be a precondition. I am pretty > sure it is. It can not not be, can it? How could it? Yeah, it has to be > a precondition. > > Pascal > > _______________________________________________ > Frama-c-discuss mailing list > Frama-c-discuss at lists.gforge.inria.fr > http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/frama-c-discuss >
- References:
- [Frama-c-discuss] Jessie regions
- From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
- [Frama-c-discuss] Jessie regions
- From: Pascal.CUOQ at cea.fr (CUOQ Pascal)
- [Frama-c-discuss] Jessie regions
- Prev by Date: [Frama-c-discuss] Jessie regions
- Next by Date: [Frama-c-discuss] Frama-c fails to open a C file
- Previous by thread: [Frama-c-discuss] Jessie regions
- Next by thread: [Frama-c-discuss] Saving state of gWhy and reloading it later?
- Index(es):