Frama-C-discuss mailing list archives

This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] trouble debugging assertions

  • Subject: [Frama-c-discuss] trouble debugging assertions
  • From: tim.newsham at (Tim Newsham)
  • Date: Mon, 17 Aug 2015 20:44:54 -1000

I'm getting close on my first small verification attempt (!),
but running across a problem i can't figure out.

I have code with the following specification that is being
validated by frama-c (all showing up with a green dot
in the gui):

/*@ requires \initialized(buf+(0 .. len-1));
    ensures \result ≡ 0 ∨ \initialized(*\old(retp)+(0 .. *\old(lenp)-1));
    assigns *retp, *lenp;
    assigns *retp \from *buf, len;
    assigns *lenp \from *buf, len;
int auth(unsigned char *buf, unsigned int len, unsigned char **retp,
         unsigned int *lenp)

I even threw in an extra assert before returning to confirm this:

  /*@ assert \valid(*retp+(0 .. *lenp-1)); */ ;
  __retres = 1;
  return_label: return __retres;

now back at the call site I have:

  ok = auth(buf,sz,& pay,& paysz);
  /*@ assert ok ≡ 0 ∨ \initialized(pay+(0 .. paysz-1)); */ ;
  if (ok) {
    /*@ assert \initialized(pay+(0 .. paysz-1)); */ ;

there's a green dot saying the analysis is good at the auth()
call. But I have yellow dots next to the two assertions.
What is confusing me is that the assertion right after the
call site is the same (seems to me!) as the "ensures" clause
of the implementation!  So why is the analyzer not drawing
the connection?  Is there something I can do to help it out?

PS: none of this code is 'secret', so I can provide a full
example if it is helpful.

Tim Newsham | | @newshtwit |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>