Frama-C-discuss mailing list archives

This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.

---

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] [EXTERNAL] Re: Annotating Ghost Contracts

---

• Subject: [Frama-c-discuss] [EXTERNAL] Re: Annotating Ghost Contracts
• From: virgile.prevosto at m4x.org (Virgile Prevosto)
• Date: Mon, 14 Jan 2019 09:03:52 +0100
• In-reply-to: <FFC9B74B-BAFC-421F-9B64-CEDEDF919101@sandia.gov>
• References: <55BBCDBC-0D0A-4F2D-BC93-1262048C7003@contoso.com> <FFDBF717-6ECD-4215-B1A8-A7A4C8DAFB7D@cea.fr> <FFC9B74B-BAFC-421F-9B64-CEDEDF919101@sandia.gov>

---

Hello,


Le sam. 12 janv. 2019 à 04:06, Aytac, Jon M <jmaytac at sandia.gov> a écrit :

> Hi Loic,
>     Thanks for your speedy reply! I failed to be clear. The required ACSL
> statements were clear to us, our question was where to put them- thus far,
> our guesses have all provoked syntax errors.  We've tried:
>
> [...]


> These all provoke responses like:
> [kernel] stm.c:15:
>   syntax error:
>   Location: between lines 15 and 17
>   13    volatile uint8_t *fgetC = (uint8_t *)INPUT_ADDRESS;
>   14    //@ ghost uint8_t injectorfgetCBuffer[256];
>
>   15     //@ ghost uint8_t injectorfgetCBufferCount;
>   16    //@ assigns injectorfgetCBufferCount;
>   17    //@ assigns injectorfgetCBuffer;
>
>   18     /*@ ghost //@ requires fgetCArg == fgetC;
>   19      @ uint8_t readfgetC(volatile uint8_t *fgetCArg) {
> [kernel] Frama-C aborted: invalid user input.
>
>
>
The main issue is that //@ is a one-line annotation meaning that Frama-C
will see the two assigns and the requires as three separate contracts, two
of them missing a function to be attached to. Since Frama-C 17 Chlorine, it
is possible to write multi-line annotations within ghost code, through /@
... @/, as described in the ACSL manual. Your function contract could thus
be written as such:

 /*@ ghost /@ requires fgetCArg == fgetC;
                assigns injectorfgetCBufferCount;
                assigns injectorfgetCBuffer[0 .. 255];
            @/
        uint8_t writefgetC(volatile uint8_t *fgetCArg, uint8_t v) {
  ....
 } */

Best regards,
-- 
E tutto per oggi, a la prossima volta
Virgile
-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: <http://lists.gforge.inria.fr/pipermail/frama-c-discuss/attachments/20190114/9ef1be22/attachment.html>

---

• References:
  • [Frama-c-discuss] Annotating Ghost Contracts
    • From: jmaytac at sandia.gov (Aytac, Jon M)
  • [Frama-c-discuss] Annotating Ghost Contracts
    • From: loic.correnson at cea.fr (Loïc Correnson)
  • [Frama-c-discuss] [EXTERNAL] Re: Annotating Ghost Contracts
    • From: jmaytac at sandia.gov (Aytac, Jon M)

• Prev by Date: [Frama-c-discuss] [EXTERNAL] Re: Annotating Ghost Contracts
• Next by Date: [Frama-c-discuss] Extra args in clang plugin
• Previous by thread: [Frama-c-discuss] [EXTERNAL] Re: Annotating Ghost Contracts
• Next by thread: [Frama-c-discuss] why3 1.1.0 support in frama-c/wp
• Index(es):
  • Date
  • Thread