Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] Why does a string literal not satisfy valid_read_string?
- Subject: [Frama-c-discuss] Why does a string literal not satisfy valid_read_string?
- From: rod at proteancode.com (Roderick Chapman)
- Date: Mon, 22 Jul 2019 16:02:57 +0100
- In-reply-to: <CA+yPOVizPf9XKf-2+37rpgCd6D5nqBd5Nr3S+t04vqXO+8mFLQ@mail.gmail.com>
- References: <ddaabc8a-e9b9-3d2d-c73c-7bc89ef672e2@proteancode.com> <7b1af00b-e12a-d3f0-4479-1af11273f0a8@proteancode.com> <8af05f42-279f-d08b-dc08-9d35c44f7bb4@proteancode.com> <fe2fc0e1-b1cc-97c5-2746-df698686ccf3@proteancode.com> <CA+yPOVizPf9XKf-2+37rpgCd6D5nqBd5Nr3S+t04vqXO+8mFLQ@mail.gmail.com>
On 22/07/2019 15:31, Virgile Prevosto wrote:
> while adding /*@ assert content3: foo[3] == 0; */ just before assert
> foo results in both proof obligations discharged in no time.
Hmm... most of my string literals are used exactly once as an actual
parameter in a function call, so I really don't want to have to declare
them all separately as named constants...
> This suggests that the file given to Alt-Ergo in the original case
> doesn't give enough hints to the prover that it would be a good idea
> to check the content of the array when dealing with valid_read_string.
> Finding the appropriate set of such hints is largely empirical and not
> trivial.
That's odd.. I would think that such a common use case (i.e. "pass a
string literal to (const char *)Â formal parameter") would be very
trivial indeed. I note that valid_read_string(s) requires
 strlen(s) >= 0
but I would hope that a something like
 strlen("hello") >= 0
would be blown away without any user-supplied hints.
 - Rod
- References:
- [Frama-c-discuss] Why does a string literal not satisfy valid_read_string?
- From: rod at proteancode.com (Roderick Chapman)
- [Frama-c-discuss] Why does a string literal not satisfy valid_read_string?
- From: rod at proteancode.com (Roderick Chapman)
- [Frama-c-discuss] Why does a string literal not satisfy valid_read_string?
- From: rod at proteancode.com (Roderick Chapman)
- [Frama-c-discuss] Why does a string literal not satisfy valid_read_string?
- From: virgile.prevosto at m4x.org (Virgile Prevosto)
- [Frama-c-discuss] Why does a string literal not satisfy valid_read_string?
- Prev by Date: [Frama-c-discuss] Why does a string literal not satisfy valid_read_string?
- Next by Date: [Frama-c-discuss] problem with frama-c to Coq inductive type definition
- Previous by thread: [Frama-c-discuss] Why does a string literal not satisfy valid_read_string?
- Next by thread: [Frama-c-discuss] Warnings for call to memcpy()... why?
- Index(es):