我是Frama-c的新手,并且有一个非常短的程序,导致frama-c声称'越界写'。断言\有效(IPTR):
f4.c:33:[kernel] 警告:越界写入。断言\有效(iptr); f4.c:34:[value]为__retres分配不精确的值。
我没有看到它。救命? 我不明白下一行是什么意思......
代码:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
/*
* f4.c example of a 'valid' clause:
* foo
* and abort.
*
* cmd line: frama-c -val f4.c
*/
int fill( int * iptr, int length );
const int BUF_SIZE = 100;
int main( int argc, char ** argv )
{
int * ptr = malloc( BUF_SIZE * sizeof( int ));
memset( ptr, 0x00, BUF_SIZE * sizeof( int ));
int rv = fill( ptr, BUF_SIZE );
printf("rv = %d\n", rv);
return 0;
}
/*
* @requires \valid(iptr+(0..length+1));
* @requires length >= 1;
* @assigns *iptr;
*/
int fill( int * iptr, int length )
{
*iptr = 3;
return( *iptr );
}
输出: ... ... framac [0]&gt; frama -c -val -wp f4.c
[kernel] preprocessing with "gcc -C -E -I. f4.c"
/usr/include/i386-linux-gnu/bits/byteswap.h:47:[kernel] warning: Calling undeclared function __builtin_bswap32. Old style K&R code?
/usr/include/i386-linux-gnu/bits/byteswap.h:111:[kernel] warning: Calling undeclared function __builtin_bswap64. Old style K&R code?
[value] Analyzing a complete application starting at main
[value] Computing initial state
[value] Initial state computed
[value] Values of globals at initialization
BUF_SIZE ∈ {100}
[value] computing for function malloc <- main.
Called from f4.c:17.
[kernel] warning: Neither code nor specification for function malloc, generating default assigns from the prototype
[value] using specification for function malloc
[value] Done for function malloc
[value] computing for function memset <- main.
Called from f4.c:18.
[kernel] warning: Neither code nor specification for function memset, generating default assigns from the prototype
[value] using specification for function memset
[value] Done for function memset
[value] computing for function fill <- main.
Called from f4.c:19.
**f4.c:33:[kernel] **warning: out of bounds write. assert \valid(iptr);**
f4.c:34:[value] Assigning imprecise value to __retres.**
The imprecision originates from Library function {f4.c:17}
[value] Recording results for fill
[value] Done for function fill
f4.c:20:[value] Reading left-value rv.
It contains a garbled mix of {alloced_return_malloc} because of
Library function {f4.c:17}.
[value] computing for function printf <- main.
Called from f4.c:20.
[kernel] warning: Neither code nor specification for function printf, generating default assigns from the prototype
[value] using specification for function printf
[value] Done for function printf
[value] Recording results for main
[value] done for function main
[value] ====== VALUES COMPUTED ======
[value] Values at end of function fill:
__retres ∈
{{ garbled mix of &{alloced_return_malloc}
(origin: Library function {f4.c:17}) }}
alloced_return_malloc[...] ∈
{{ garbled mix of &{alloced_return_malloc}
(origin: Library function {f4.c:17}) }}
[value] Values at end of function main:
ptr ∈ {{ NULL + [--..--] ; &alloced_return_malloc + [0..2147483647] }}
rv ∈
{{ garbled mix of &{alloced_return_malloc}
(origin: Library function {f4.c:17}) }}
__retres ∈ {0}
alloced_return_malloc[...] ∈
{{ garbled mix of &{alloced_return_malloc}
(origin: Library function {f4.c:17}) }}
答案 0 :(得分:2)
您的大部分问题在于以下警告:
DateTime LDOM = StringExtensions.LastDayOfMonth('1/12/2016');
基本上,[value] computing for function malloc <- main.
Called from f4.c:17.
[kernel] warning: Neither code nor specification for function malloc, generating default assigns from the prototype
[value] using specification for function malloc
函数没有实现,也没有ACSL规范,因此Value Analysis不知道如何处理它,并返回一个非常不精确的结果(即malloc)。从那里开始,可能会出现误报。
如果您打算为{{ garbled mix of &{alloced_return_malloc} (origin: Library function {f4.c:17}) }}函数提供合适的初始上下文,则应使用静态数组。 Frama-C的公开发行版没有为fill提供内置函数,并且在纯C中模拟它们可能不会让你走得太远。
此外,请注意malloc功能之前的注释不是 ACSL规范。这些是由fill引入的,而不是/*@后面的/*引入的。