Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
F
frama-c
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Container Registry
Model registry
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
pub
frama-c
Commits
48f052b2
Commit
48f052b2
authored
3 years ago
by
Andre Maroneze
Browse files
Options
Downloads
Patches
Plain Diff
[Libc] improve spec of read
parent
9260e22e
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
share/libc/unistd.h
+14
-2
14 additions, 2 deletions
share/libc/unistd.h
tests/libc/unistd_h.c
+13
-3
13 additions, 3 deletions
tests/libc/unistd_h.c
with
27 additions
and
5 deletions
share/libc/unistd.h
+
14
−
2
View file @
48f052b2
...
...
@@ -1009,8 +1009,20 @@ extern ssize_t pwrite(int, const void *, size_t, off_t);
assigns __fc_fds[fd] \from __fc_fds[fd];
assigns \result, *((char *)buf+(0..count-1))
\from indirect:__fc_fds[fd], indirect:count;
ensures result_error_or_read_length: 0 <= \result <= count || \result == -1;
ensures initialization:buf: \initialized(((char*)buf)+(0..\result-1));
behavior full_read:
assumes nondet_small_count: Frama_C_entropy_source && count <= SSIZE_MAX;
ensures res_full: \result == count;
ensures res_init:initialization: \initialized(((char*)buf)+(0..count-1));
behavior large_read_implementation_defined:
assumes nondet_large_count: Frama_C_entropy_source && count > SSIZE_MAX;
ensures res_init:initialization: \initialized(((char*)buf)+(0..count-1));
behavior partial_or_error:
assumes nondet: !Frama_C_entropy_source;
ensures result_error_or_read_length: -1 <= \result < count;
ensures initialization:buf: \initialized(((char*)buf)+(0..\result-1));
//note: for \result == -1, the above range is empty, as intended
disjoint behaviors;
complete behaviors;
*/
extern
ssize_t
read
(
int
fd
,
void
*
buf
,
size_t
count
);
...
...
This diff is collapsed.
Click to expand it.
tests/libc/unistd_h.c
+
13
−
3
View file @
48f052b2
/*run.config
STDOPT: #"-eva-slevel 12" #"-eva-split-return auto"
STDOPT: #"-variadic-no-translation" #"-eva-slevel 12" #"-eva-split-return auto"
STDOPT: #"
-machdep x86_32
-eva-slevel 12" #"-eva-split-return auto"
STDOPT: #"
-machdep x86_32
-variadic-no-translation" #"-eva-slevel 12" #"-eva-split-return auto"
*/
#define _GNU_SOURCE
#define _XOPEN_SOURCE 600
#include
<unistd.h>
#include
<stdint.h>
volatile
int
nondet
;
int
main
()
{
...
...
@@ -107,5 +107,15 @@ int main() {
int
unslept
=
sleep
(
42
);
//@ assert 0 <= unslept <= 42;
char
buf
[
SIZE_MAX
];
ssize_t
rread
=
read
(
fd
,
buf
,
32
);
if
(
rread
==
32
)
{
//@ assert \initialized(buf+(0..31));
}
if
(
rread
==
-
1
)
// In x86-32, SSIZE_MAX < SIZE_MAX, so we check for issues
rread
=
read
(
fd
,
buf
,
SSIZE_MAX
);
rread
=
read
(
fd
,
buf
,
SIZE_MAX
);
return
0
;
}
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
