package frama-c

  1. Overview
  2. Docs
Platform dedicated to the analysis of source code written in C

Install 

dune-project
 Dependency

frama-c.com Readme Edit opam file Versions (25)

Authors

  1. M
    Michele Alberti
  2. T
    Thibaud Antignac
  3. G
    Gergö Barany
  4. P
    Patrick Baudin
  5. T
    Thibaut Benjamin
  6. A
    Allan Blanchard
  7. L
    Lionel Blatter
  8. F
    François Bobot
  9. R
    Richard Bonichon
  10. Q
    Quentin Bouillaguet
  11. D
    David Bühler
  12. Z
    Zakaria Chihani
  13. L
    Loïc Correnson
  14. J
    Julien Crétin
  15. P
    Pascal Cuoq
  16. Z
    Zaynah Dargaye
  17. B
    Basile Desloges
  18. J
    Jean-Christophe Filliâtre
  19. P
    Philippe Herrmann
  20. M
    Maxime Jacquemin
  21. F
    Florent Kirchner
  22. A
    Alexander Kogtenkov
  23. T
    Tristan Le Gall
  24. J
    Jean-Christophe Léchenet
  25. M
    Matthieu Lemerre
  26. D
    Dara Ly
  27. D
    David Maison
  28. C
    Claude Marché
  29. A
    André Maroneze
  30. T
    Thibault Martin
  31. F
    Fonenantsoa Maurica
  32. M
    Melody Méaulle
  33. B
    Benjamin Monate
  34. Y
    Yannick Moy
  35. P
    Pierre Nigron
  36. A
    Anne Pacalet
  37. V
    Valentin Perrelle
  38. G
    Guillaume Petiot
  39. D
    Dario Pinto
  40. V
    Virgile Prevosto
  41. A
    Armand Puccetti
  42. F
    Félix Ridoux
  43. V
    Virgile Robles
  44. J
    Jan Rochel
  45. M
    Muriel Roger
  46. J
    Julien Signoles
  47. N
    Nicolas Stouls
  48. K
    Kostyantyn Vorobyov
  49. B
    Boris Yakobowski

Maintainers

  1. F
    frama-ci-bot@frama-c.com

Sources

frama-c-28.0-Nickel.tar.gz
sha256=29612882330ecb6eddd0b4ca3afc0492b70d0feb3379a1b8e893194c6e173983

doc/frama-c-eva.gui/Eva_gui/Gui_eval/Make/argument-1-X/Eval/index.html

Module X.Eval

type state = Dom.t

State of abstract domain.

type value = Val.t

Numeric values to which the expressions are evaluated.

type origin = Dom.origin

Origin of values.

type loc = Loc.location

Location of an lvalue.

module Valuation : Eva.Eval.Valuation with type value = value and type origin = origin and type loc = loc

Results of an evaluation: the results of all intermediate calculation (the value of each expression and the location of each lvalue) are cached here. See Eval for more details.

val to_domain_valuation : Valuation.t -> (value, loc, origin) Eva__.Abstract_domain.valuation

Evaluation functions store the results of an evaluation into Valuation.t maps. Abstract domains read these results from Abstract_domain.valuation records. This function converts the former into the latter.

val evaluate : ?valuation:Valuation.t -> ?reduction:bool -> ?subdivnb:int -> state -> Frama_c_kernel.Cil_types.exp -> (Valuation.t * value) Eva.Eval.evaluated

evaluate ~valuation state expr evaluates the expression expr in the state state, and returns the pair result, alarms, where:

  • alarms are the set of alarms ensuring the soundness of the evaluation;
  • result is either `Bottom if the evaluation leads to an error, or `Value (valuation, value), where value is the numeric value computed for the expression expr, and valuation contains all the intermediate results of the evaluation.

Optional arguments are:

  • valuation is a cache of already computed expressions; empty by default.
  • reduction allows the deactivation of the backward reduction performed after the forward evaluation; true by default.
  • subdivnb is the maximum number of subdivisions performed on non-linear sub-expressions of expr. If a lvalue occurs several times in expr, its value can be split up to subdivnb times to gain more precision. Set to the value of the option -eva-subdivide-non-linear by default.

Computes the value of a lvalue, with possible indeterminateness: the returned value may be uninitialized, or contain escaping addresses. Also returns the alarms resulting of the evaluation of the lvalue location, and a valuation containing all the intermediate results of the evaluation. The valuation argument is a cache of already computed expressions. It is empty by default. subdivnb is the maximum number of subdivisions performed on non-linear expressions.

val lvaluate : ?valuation:Valuation.t -> ?subdivnb:int -> for_writing:bool -> state -> Frama_c_kernel.Cil_types.lval -> (Valuation.t * loc * Frama_c_kernel.Cil_types.typ) Eva.Eval.evaluated

lvaluate ~valuation ~for_writing state lval evaluates the left value lval in the state state. Same general behavior as evaluate above but evaluates the lvalue into a location and its type. The boolean for_writing indicates whether the lvalue is evaluated to be read or written. It is useful for the emission of the alarms, and for the reduction of the location. subdivnb is the maximum number of subdivisions performed on non-linear expressions (including the possible pointer and offset of the lvalue).

reduce ~valuation state expr positive evaluates the expression expr in the state state, and then reduces the valuation such that the expression expr evaluates to a zero or a non-zero value, according to positive. By default, the empty valuation is used.

assume ~valuation state expr value assumes in the valuation that the expression expr has the value value in the state state, and backward propagates this information to the subterm of expr. If expr has not been already evaluated in the valuation, its forward evaluation takes place first, but the alarms are dismissed. By default, the empty valuation is used. The function returns the updated valuation, or bottom if it discovers a contradiction.

Evaluation of the function argument of a Call constructor

val interpret_truth : alarm:(unit -> Frama_c_kernel.Alarms.t) -> 'a -> [ `False | `Unknown of 'a | `True | `TrueReduced of 'a | `Unreachable ] -> 'a Eva.Eval.evaluated