package frama-c

  1. Overview
  2. Docs
Platform dedicated to the analysis of source code written in C

Install 

dune-project
 Dependency

frama-c.com Readme Edit opam file Versions (25)

Authors

  1. M
    Michele Alberti
  2. T
    Thibaud Antignac
  3. G
    Gergö Barany
  4. P
    Patrick Baudin
  5. T
    Thibaut Benjamin
  6. A
    Allan Blanchard
  7. L
    Lionel Blatter
  8. F
    François Bobot
  9. R
    Richard Bonichon
  10. Q
    Quentin Bouillaguet
  11. D
    David Bühler
  12. Z
    Zakaria Chihani
  13. L
    Loïc Correnson
  14. J
    Julien Crétin
  15. P
    Pascal Cuoq
  16. Z
    Zaynah Dargaye
  17. B
    Basile Desloges
  18. J
    Jean-Christophe Filliâtre
  19. P
    Philippe Herrmann
  20. M
    Maxime Jacquemin
  21. F
    Florent Kirchner
  22. A
    Alexander Kogtenkov
  23. T
    Tristan Le Gall
  24. J
    Jean-Christophe Léchenet
  25. M
    Matthieu Lemerre
  26. D
    Dara Ly
  27. D
    David Maison
  28. C
    Claude Marché
  29. A
    André Maroneze
  30. T
    Thibault Martin
  31. F
    Fonenantsoa Maurica
  32. M
    Melody Méaulle
  33. B
    Benjamin Monate
  34. Y
    Yannick Moy
  35. A
    Anne Pacalet
  36. V
    Valentin Perrelle
  37. G
    Guillaume Petiot
  38. D
    Dario Pinto
  39. V
    Virgile Prevosto
  40. A
    Armand Puccetti
  41. F
    Félix Ridoux
  42. V
    Virgile Robles
  43. M
    Muriel Roger
  44. J
    Julien Signoles
  45. N
    Nicolas Stouls
  46. K
    Kostyantyn Vorobyov
  47. B
    Boris Yakobowski

Maintainers

  1. F
    frama-ci-bot@frama-c.com

Sources

frama-c-27.0-beta-Cobalt.tar.gz
sha256=9c1b14a689ac8ccda9e827c2eede13bb8d781fb8e4e33c1b5360408e312127d2

doc/frama-c-wp.core/Wp/Conditions/index.html

Module Wp.ConditionsSource

Proof Task and Simplifiers

Predicate Introduction

Sourceval forall_intro : Lang.F.pred -> Lang.F.pred list * Lang.F.pred

Introduce universally quantified formulae: head forall quantifiers are instanciated to fresh variables in current pool and left-implies are extracted, recursively.

Sourceval exist_intro : Lang.F.pred -> Lang.F.pred

Introduce existential quantified formulae: head exist quantifiers are instanciated to fresh variables, recursively.

Sequent

Sourcetype step = private {
  1. mutable id : int;
    (*

    See index

    *)
  2. size : int;
  3. vars : Lang.F.Vars.t;
  4. stmt : Frama_c_kernel.Cil_types.stmt option;
  5. descr : string option;
  6. deps : Frama_c_kernel.Property.t list;
  7. warn : Warning.Set.t;
  8. condition : condition;
}
Sourceand condition =
  1. | Type of Lang.F.pred
    (*

    Type section, not constraining for filtering

    *)
  2. | Have of Lang.F.pred
    (*

    Normal assumptions section

    *)
  3. | When of Lang.F.pred
    (*

    Assumptions introduced after simplifications

    *)
  4. | Core of Lang.F.pred
    (*

    Common hypotheses gather from parallel branches

    *)
  5. | Init of Lang.F.pred
    (*

    Initializers assumptions

    *)
  6. | Branch of Lang.F.pred * sequence * sequence
    (*

    If-Then-Else

    *)
  7. | Either of sequence list
    (*

    Disjunction

    *)
  8. | State of Mstate.state
    (*

    Memory Model snapshot

    *)
Sourceand sequence

List of steps

Sourcetype sequent = sequence * Lang.F.pred
Sourceval pretty : (Format.formatter -> sequent -> unit) ref
Sourceval step : ?descr:string -> ?stmt:Frama_c_kernel.Cil_types.stmt -> ?deps:Frama_c_kernel.Property.t list -> ?warn:Warning.Set.t -> condition -> step

Creates a single step

Sourceval update_cond : ?descr:string -> ?deps:Frama_c_kernel.Property.t list -> ?warn:Warning.Set.t -> step -> condition -> step

Updates the condition of a step and merges descr, deps and warn

Sourceval is_true : sequence -> bool

Contains only true or empty steps

Sourceval is_empty : sequence -> bool

No step at all

Sourceval vars_hyp : sequence -> Lang.F.Vars.t

Pre-computed and available in constant time.

Sourceval vars_seq : sequent -> Lang.F.Vars.t

At the cost of the union of hypotheses and goal.

Sourceval empty : sequence

empty sequence, equivalent to true assumption

Sourceval trivial : sequent

empty implies true

Sourceval sequence : step list -> sequence

Creates an If-Then-Else branch located at the provided stmt, if any.

Sourceval append : sequence -> sequence -> sequence

Conjunction

Sourceval concat : sequence list -> sequence

List conjunction

Sourceval iter : (step -> unit) -> sequence -> unit

Iterate only over the head steps of the sequence. Does not go deeper inside branches and disjunctions.

Sourceval list : sequence -> step list

Same domain than iter.

Sourceval size : sequence -> int

Compute the total number of steps in the sequence, including nested sequences from branches and disjunctions. Pre-computed and available in constant time.

Sourceval steps : sequence -> int

Attributes unique indices to every step.id in the sequence, starting from zero. Recursively Returns the number of steps in the sequence.

Sourceval index : sequent -> unit

Compute steps' id of sequent left hand-side. Same as ignore (steps (fst s)).

Sourceval step_at : sequence -> int -> step

Retrieve a step by id in the sequence. The index function must have been called on the sequence before retrieving the index properly.

  • raises Not_found

    if the index is out of bounds.

Sourceval is_trivial : sequent -> bool

Goal is true or hypotheses contains false.

Transformations

Sourceval map_condition : (Lang.F.pred -> Lang.F.pred) -> condition -> condition

Rewrite all root predicates in condition

Sourceval map_step : (Lang.F.pred -> Lang.F.pred) -> step -> step

Rewrite all root predicates in step

Sourceval map_sequence : (Lang.F.pred -> Lang.F.pred) -> sequence -> sequence

Rewrite all root predicates in sequence

Sourceval map_sequent : (Lang.F.pred -> Lang.F.pred) -> sequent -> sequent

Rewrite all root predicates in hypotheses and goal

Sourceval insert : ?at:int -> step -> sequent -> sequent

Insert a step in the sequent immediately at the specified position. Parameter at can be size to insert at the end of the sequent (default).

Sourceval replace : at:int -> step -> sequent -> sequent

replace a step in the sequent, the one at the specified position.

Sourceval replace_by_step_list : at:int -> step list -> sequent -> sequent

replace a step in the sequent, the one at the specified position.

Apply the atomic substitution recursively using Lang.F.p_subst f. Function f should only transform the head of the predicate, and can assume its sub-terms have been already substituted. The atomic substitution is also applied to predicates. f should raise Not_found on terms that must not be replaced

Sourceval introduction : sequent -> sequent option

Performs existential, universal and hypotheses introductions

Sourceval introduction_eq : sequent -> sequent

Same as introduction but returns the same sequent is None

Sourceval lemma : Lang.F.pred -> sequent

Performs existential, universal and hypotheses introductions

Sourceval head : step -> Lang.F.pred

Predicate for Have and such, Condition for Branch, True for Either

Sourceval have : step -> Lang.F.pred

Predicate for Have and such, True for any other

Sourceval pred_cond : condition -> Lang.F.pred
Sourceval condition : sequence -> Lang.F.pred

With free variables kept.

Sourceval close : sequent -> Lang.F.pred

With free variables quantified.

Sourceval at_closure : (sequent -> sequent) -> unit

register a transformation applied just before close

Bundles

Bundles are mergeable pre-sequences. This the key structure for merging hypotheses with linear complexity during backward weakest pre-condition calculus.

Bundle are constructed in backward order with respect to program control-flow, as driven by the wp calculus.

Sourcetype bundle
Sourcetype 'a attributed = ?descr:string -> ?stmt:Frama_c_kernel.Cil_types.stmt -> ?deps:Frama_c_kernel.Property.t list -> ?warn:Warning.Set.t -> 'a
Sourceval nil : bundle

Same as empty

Sourceval occurs : Lang.F.var -> bundle -> bool
Sourceval intersect : Lang.F.pred -> bundle -> bool

Variables of predicate and the bundle intersects

Sourceval merge : bundle list -> bundle

Performs a diff-based disjunction, introducing If-Then-Else or Either branches when possible. Linear complexity is achieved by assuming bundle ordering is consistent over the list.

Sourceval domain : Lang.F.pred list -> bundle -> bundle

Assumes a list of predicates in a Type section on top of the bundle.

Sourceval intros : Lang.F.pred list -> bundle -> bundle

Assumes a list of predicates in a Have section on top of the bundle.

Sourceval state : ?descr:string -> ?stmt:Frama_c_kernel.Cil_types.stmt -> Mstate.state -> bundle -> bundle

Stack a memory model state on top of the bundle.

Sourceval assume : (?init:bool -> ?domain:bool -> Lang.F.pred -> bundle -> bundle) attributed

Assumes a predicate in the specified section, with the specified decorations. On ~init:true, the predicate is placed in an Init section. On ~domain:true, the predicate is placed in a Type section. Otherwized, it is placed in a standard Have section.

Construct a branch bundle, with merging of all common parts.

Sourceval either : (bundle list -> bundle) attributed

Construct a disjunction bundle, with merging of all common parts.

Sourceval extract : bundle -> Lang.F.pred list

Computes a formulae equivalent to the bundle. For debugging purpose only.

Sourceval bundle : bundle -> sequence

Closes the bundle and promote it into a well-formed sequence.

Simplifiers

Sourceval clean : sequent -> sequent
Sourceval filter : sequent -> sequent
Sourceval parasite : sequent -> sequent
Sourceval init_filter : sequent -> sequent
Sourceval simplify : ?solvers:Lang.simplifier list -> ?intros:int -> sequent -> sequent
Sourceval pruning : ?solvers:Lang.simplifier list -> sequent -> sequent