Frama-C-discuss mailing list archives

This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] Why does a string literal not satisfy valid_read_string?

  • Subject: [Frama-c-discuss] Why does a string literal not satisfy valid_read_string?
  • From: rod at proteancode.com (Roderick Chapman)
  • Date: Thu, 18 Jul 2019 09:00:11 +0100
  • In-reply-to: <ddaabc8a-e9b9-3d2d-c73c-7bc89ef672e2@proteancode.com>
  • References: <ddaabc8a-e9b9-3d2d-c73c-7bc89ef672e2@proteancode.com>
Hello again,

  I possibly silly question. The the code below - I get an unproved VC 
for the precondition of the call to "d2".  So.. why is a string literal 
not considered to satisfy "valid_read_string"?? I am using Frama-C 19...

Thanks,

  Rod


#include <string.h>

/*@ requires valid_read_string(s);
   @ assigns \nothing;
   @*/
int d2(const char *s);

int main(void)
{
   return d2 ("Hello rod");
}

The undischarged VC shows up as:

Goal Instance of 'Pre-condition'
  (call 'd2'):
Assume { (* Heap *) Have: linked(µ:Malloc at L1) /\ sconst(µ:Mchar at L1). }
Prove: P_valid_read_string(µ:Malloc at L1, µ:Mchar at L1, « global(Str_1) + 0 »).

--------------------------------------------------------------------------------
Prover Alt-Ergo: Unknown (103ms).


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gforge.inria.fr/pipermail/frama-c-discuss/attachments/20190718/3e3daecf/attachment.html>