Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] fopen and null pointers
- Subject: [Frama-c-discuss] fopen and null pointers
- From: boris at yakobowski.org (Boris Yakobowski)
- Date: Wed, 26 Aug 2015 18:18:04 +0200
- In-reply-to: <55D2EB31.90608@linux-france.org>
- References: <CAGSRWbj5P39h_RvyD_c44VUJX4oOgT21+N37Y72o+tT_q6R6LA@mail.gmail.com> <55D2EB31.90608@linux-france.org>
Hi,
Garbled mix are automatically generated when Value uses assigns/from
clauses to simulate a call to a function without a body. When
encountering assigns
x \from y, if the abstract value for y may contain the addresses &a1+o1,
... &an+on, x will be inferred as containing garbled mix of { &a1 ...
&an }.This
abstract value is the most general one that can be generated from the
contents of y. Section 7.2 of Value's manual contains more details about
how assigns clauses are evaluated.
Notice that those garbled mix can almost always be removed by writing
appropriate ensures clauses, to constrain to "clean" Values. This is
exactly what Frama-C's standard library does for fopen :
ensures \result==\null || (\subset(\result,&__fc_fopen[0 ..
__FC_FOPEN_MAX-1])) ;
(This is extracted from the development version, and has slightly changed
since Sodium.)
HTH,
On Tue, Aug 18, 2015 at 10:22 AM, David MENTRE <dmentre at linux-france.org>
wrote:
> Hello,
>
> Le 18/08/2015 06:11, Tim Newsham a écrit :
>
>> fp = fopen("./seq","r");
>> /*@ assert Value: ptr_comparison: \pointer_comparable(fp, (void *)0);
>> */
>>
>> Is there a way I can annotate this call or the fopen function
>> to specify that NULL is a valid return value?
>>
>
>
> Use the standard headers (see attached example).
>
> But in your example (at least in mine), the warning is coming from garbled
> mix in "fp" (comparison with a variable containing garbled mix). I don't
> know *why* this garbled mix occurs though.
>
> frama-c -val tim-fopen.c
> [...]
> [value] Values at end of function main:
> fp ∈
> {{ garbled mix of &{__fc_fopen; alloced_return_fopen}
> (origin: Arithmetic {tim-fopen.c:8}) }}
>
>
> Best regards,
> david
>
>
> _______________________________________________
> Frama-c-discuss mailing list
> Frama-c-discuss at lists.gforge.inria.fr
> http://lists.gforge.inria.fr/mailman/listinfo/frama-c-discuss
>
--
Boris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gforge.inria.fr/pipermail/frama-c-discuss/attachments/20150826/4af12029/attachment.html>
- References:
- [Frama-c-discuss] fopen and null pointers
- From: tim.newsham at gmail.com (Tim Newsham)
- [Frama-c-discuss] fopen and null pointers
- From: dmentre at linux-france.org (David MENTRE)
- [Frama-c-discuss] fopen and null pointers
- Prev by Date: [Frama-c-discuss] static arrays
- Next by Date: [Frama-c-discuss] memcpy / memset question
- Previous by thread: [Frama-c-discuss] fopen and null pointers
- Next by thread: [Frama-c-discuss] memcpy / memset question
- Index(es):