Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
178 views11 pages

Program Reasoning Lab Manual Part1

Frama-C is a framework for analyzing C programs. It contains various plug-ins for static analysis like program slicing and impact analysis. One plug-in is WP for weakest preconditions. Frama-C can interface with theorem provers like Alt-Ergo, QED, Coq, and Why3 to enhance automated verification. The preferred installation method is using OPAM to install dependencies like OCaml and a C compiler, then install Frama-C and optional packages. Sample programs demonstrate using Frama-C with annotations to prove goals for functions like maximum, increment, swap, factorial, and GCD.

Uploaded by

Shubham Garg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
178 views11 pages

Program Reasoning Lab Manual Part1

Frama-C is a framework for analyzing C programs. It contains various plug-ins for static analysis like program slicing and impact analysis. One plug-in is WP for weakest preconditions. Frama-C can interface with theorem provers like Alt-Ergo, QED, Coq, and Why3 to enhance automated verification. The preferred installation method is using OPAM to install dependencies like OCaml and a C compiler, then install Frama-C and optional packages. Sample programs demonstrate using Frama-C with annotations to prove goals for functions like maximum, increment, swap, factorial, and GCD.

Uploaded by

Shubham Garg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

19CSE205 Program Reasoning Lab

FRAMA-C
Frama-C = Framework for Modular Analysis of C Programs
• Frama-C is a platform dedicated to the analysis of
C programs
It is a collection of plug-ins that perform a variety of
static program analysis, e.g., program slicing, impact
analysis and so on.
One such plug-in is WP, for weakest preconditions.
In order to enhance automated verification, Frama-C
can make use of a variety of theorem provers:
Alt-Ergo, QED, Coq, Why3 …
Frama-C Installation
The preferred method of installation for Frama-C is using
OPAM (v1.2 or newer).
First you need to install OPAM, then you may install Frama-C using
OPAM:
opam install frama-c

Note: make sure your OPAM version is >= 1.2.

Frama-C Requirements

• OCaml 4.xx (incompatible with versions 4.02.2, 4.02.0 and


4.00.0)
• A C compiler (gcc, clang, CompCert, etc.)
• GNU Make

Installing OPAM

Several Linux distributions already include an opam package.


A Windows OPAM is currently being developed, but it is not yet
stable.
If your system does not have an OPAM package, you can compile it
from source, or use the provided OPAM binaries available at:
http://opam.ocaml.org/doc/Install.html

Installing Frama-C from OPAM

There are two Frama-C packages in OPAM:

• frama-c-base: minimal Frama-C installation, without GUI;


few dependencies
• frama-c: includes all GUI-related dependencies, plus other
recommended packages.
The frama-c package recommends the installation of optional
packages, e.g.
external provers for WP, such as why3 and coq.
To install frama-c, you may need to install Gtk, GtkSourceView
and GnomeCanvas separately.

These are C libraries with OCaml bindings used by the GUI.

To get the exact list of packages that are needed, use:


opam install depext
opam depext frama-c
and install the packages listed as missing.

Once everything is ready.


1) Use an editor (vi or gedit) to type the program and save the file with .c
extension.
2) Use either gui mode or command prompt mode to run your program
using Frama-c

Commands:
frama-c -wp filename.c
frama-c-gui -wp filename.c
frama-c -wp -rte filename.c

wp - weakest precondition, rte – runtime environment

3) Results
Proved Goal

Sample programs:
1) Maximum function with postcondition
//max.c
/*@ ensures \result == a && \result > b
|| \result ==b && \result > a
|| \result == a && \result == b;
*/

int max(int a, int b)


{
return a > b ? a : b ;
}

2) Maximum function with precondition and


postcondition
//max.c
/*@ requires a != b;
ensures \result == a && \result > b
|| \result ==b && \result > a;
*/
int max(int a, int b)
{
return a > b ? a : b ;
}

3) Increment function with precondition and


postcondition.
/*@ requires a > 0;
ensures \result > 1;

*/
int incr(int a)
{
return ++a;
}

4) Increment function with precondition and


postcondition.
/*@ requires a > 0 && a < 100000;
ensures \result > 1;
*/
int incr(int a)
{
return ++a;
}

5) Swap function with postcondition


/*@
ensures a == \old(b) && b == \old(a);
*/
void swap(int a, int b)
{
int temp = a;
a = b;
b = temp;
}

Result: will not prove the goal as a and b are


local.

6) Swap function using references with


postcondition
/*@
ensures *a == \old(*b) && *b == \old(*a);
*/
void swap(int *a, int *b)
{
int temp = *a;
*a = *b;
*b = temp;
}

Results: will prove the goal


Runtime goals will not be satisfied

7) To compute the absolute value without arithmetic overflow.


Include precondition and postcondition.
8) Absolute value with different input

10) Absolute value with postcondition

11) Sum of first n numbers using while loop with


precondition and postcondition
#include <stdio.h>

/*@
requires n >= 1;
ensures \result == n*(n+1)/2;
assigns \nothing ;

*/

int sum(int n) {
int s = 0;
int i = 1;
/*@
loop invariant s == i*(i-1)/2 &&
1 <= i <= n+1;
loop assigns i, s;
*/
while (i<=n) {
s = s + i;
i = i + 1;
}
return s;
}

12) Compute the factorial

#include <stdio.h>

/*@
axiomatic Factorial {
logic integer fact(integer n);

axiom case_n:
\forall integer n;
n >= 1 ==> fact(n) == n*fact(n-1);
axiom case_0:
fact(0) == 1;
}
*/

/*@
requires n >= 0;
ensures \result == fact(n);
assigns \nothing ;
*/

int factorial(int n) {

int i = 1;
int f = 1;

/*@
loop invariant f == fact(i-1);
loop invariant 0 < i;
loop invariant i <= n+1;
loop assigns i, f; // other variables are
invariant
*/
while (i <= n) {
f = f * i;
i = i + 1;
}
return f;
}

13) To compute the GCD of two numbers

#include <stdio.h>
/*@
axiomatic GCD {
logic integer Gcd(integer p, integer q);

axiom Gcd1:
\forall integer m, n;
m > n ==> Gcd(m,n) == Gcd(m-n, n);
axiom Gcd2:
\forall integer m, n;
n > m ==> Gcd(m,n) == Gcd(m, n-m);
axiom Gcd3:
\forall integer m, n;
m == n ==> Gcd(m,n) == m;
}
*/
/*@
requires p >= 1;
requires p >= 1;
ensures \result == Gcd(\old(p), \old(q));
assigns \nothing;
*/

int gcd(int p, int q) {

/*@ loop invariant Gcd(p,q) ==


Gcd(\at(p,Pre), \at(q,Pre));
loop assigns p, q;
*/

while (p != q) {
if (p > q)
p = p - q;
if (q > p)
q = q - p;
}

return p;
}

You might also like