如果指针是\freeable,我怎么能证明它是一个先决条件?
#include <stdlib.h>
/*@ requires \freeable(i);
@ frees i;
*/
void fint (int* i) {
//@ assert(\freeable(i));
free(i);
}
结果是WP尚未完全支持分配吗?
$ frama-c -wp -wp-rte lll.c
[jessie3] Loading Why3 configuration...
[jessie3] Why3 environment loaded.
[jessie3] Loading Why3 theories...
[jessie3] Loading Why3 modules...
[kernel] Parsing FRAMAC_SHARE/libc/__fc_builtin_for_normalization.i (no preprocessing)
[kernel] Parsing lll.c (with preprocessing)
[wp] Running WP plugin...
[wp] Collecting axiomatic usage
[rte] annotating function fint
lll.c:8:[wp] warning: Cast with incompatible pointers types (source: sint32*) (target: sint8*)
FRAMAC_SHARE/libc/stdlib.h:175:[wp] warning: Allocation, initialization and danglingness not yet im
plemented
(freeable: \freeable(p))
FRAMAC_SHARE/libc/stdlib.h:177:[wp] warning: Allocation, initialization and danglingness not yet im
plemented
(\allocable(\at(p,Pre)))
lll.c:7:[wp] warning: Allocation, initialization and danglingness not yet implemented
(\freeable(i))
lll.c:3:[wp] warning: Allocation, initialization and danglingness not yet implemented
(\freeable(\at(i,Pre)))
[wp] 2 goals scheduled
[wp] [Alt-Ergo] Goal typed_fint_call_free_deallocation_pre_freeable : Unknown (52ms) (Degenerated,
4 warnings)
[wp] [Alt-Ergo] Goal typed_fint_assert : Unknown (53ms) (Degenerated, 2 warnings)
[wp] Proved goals: 0 / 2
Alt-Ergo: 0 (unknown: 2)
如果不支持,为什么WP会生成typed_fint_call_free_deallocation_pre_freeable条件,我该如何丢弃它?
P.S。我使用钠frama-c。
答案 0 :(得分:2)
结果是WP尚未完全支持分配吗?
正。实际上,WP试图用这些消息来警告你
FRAMAC_SHARE/libc/stdlib.h:175:[wp] warning: Allocation, initialization and danglingness not yet implemented
(freeable: \freeable(p))
当WP遇到一个不知道如何翻译的构造时,它
如果注释位于某个死代码路径中(因此始终有效),则将其替换为\false。据我所知,这种行为无法停用。
如果您为注释命名,则可以使用-wp-prop="-name"有选择地取消选择其中一些注释。对于free,如果您不想编辑Frama-C的标准标题,则事情会更棘手。可能的做法是禁用所有需要检查(-wp-prop="-@requires"),并有选择地启用其他要求(-wp-prop="r1,r2,r3,...,rn",如果您已为所有要求提供了名称。