Menu
Here is my example:
int in;
int sum(int n){
int log_input = n;
int log_global = in;
return 0;
}
int main(){
int n = Frama_C_interval(-10, 10);
in = n;
if (n > 0){
sum(n + 4);
}
return 0;
}
What I'd like to do is to find the range of the input variable n when initialized in main that results in reaching the function sum. The correct range in this example is [1, 10].
In the sample, I'd like to "save" the original input in a global value in and reintroduce it in the function sum by assigning it into the variable log_global and thus discovering the original input that resulted in reaching the function. When running frama-c on this sample, we get that the range of log_input is [5, 14] and the range of log_global is [-10, 10]. I understand why this happens - the value of in is set at the start of main and is not affected by further manipulations on n.
I was wondering whether there is a simple way to change this in frama-c? Perhaps a simple modification in frama-c's code?
One unrelated idea I had was to manipulate the if statement in main:
if (in > 0){
sum(in + 4);
}
I used the global variable instead of n. This indeed results in the right range but this solution doesn't scale well to more complicated function and deeper call stacks.
665
Here is a possible solution. Use the builtin Frama_C_interval_split and an appropriate -slevel N (here, at least N=21). The function sum will be examined N times, one for each possible value of N, and the result will be precise
int n = Frama_C_interval_split(-10, 10);
The results:
[value] Values at end of function sum:
log_input ∈ [5..14]
log_global ∈ [1..10]
__retres ∈ {0}
(Basically, this amounts to performing manual model-checking, so the performances won't be good for large values of N.)
106
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
