我需要获取一个函数的所有输出的列表。当我在以下代码
上使用From - 插件时
void add(int *sum, int a, int b)
{
*sum = a + b;
}
int main()
{
int result;
add(&result, 1, 2);
}
它告诉我result是add函数的输出。这当然是正确的,但我希望插件在某个地方提到sum。我知道sum是一个指针,并没有在函数中修改,因此它不是输出,但*sum 被修改,我想知道。有没有简单(或任何)方法来实现这一目标?
答案 0 :(得分:2)
If you set add as your main entry point, you might be able to retrieve the information you want:
$ frama-c -main add -deps file.c
[...]
[from] ====== DEPENDENCIES COMPUTED ======
These dependencies hold at termination for the executions that terminate:
[from] Function add:
S_sum[0] FROM sum; a; b
Basically, S_sum[0] is *sum: Value (on which From relies) generates an initial state in which pointers are either NULL or pointing to a block with a name similar to the one of the pointer and having, by default, two elements. There are command line options to tweak the default behavior (see Value Analysis manual for more information on that), but you might find out that for more complex examples you need to write (or generate) a wrapper function that will set up a more complex initial state before calling the function. In that case, you'll have to keep track of which pointer points to where in order to reconstruct the information.
The bulk of the issue is that in the abstract state of Value, sum is mapped to a set L of possible locations (here reduced to a singleton), but *sum is not an object in itself. A write access will simply update all values mapped to elements of L. Thus from the point of view of From everything looks like a modification of result (or S_sum[0] if you change the entry point).