###############################################################################
# Preliminary notes: #
# ------------------ #
# Mark "-": change with an impact for users (and possibly developers). #
# Mark "o": change with an impact for developers only. #
# Mark "+": change for Frama-C-commits audience (not in html version). #
# Mark "*": bug fixed. #
# Mark "!": change that can break compatibility with existing development. #
# '#nnn' : BTS entry #nnn #
# '#!nnn' : BTS private entry #nnn #
# '#@nnn' : Gitlab frama-c/frama-c issue #
# For compatibility with old change log formats: #
# '#?nnn' : OLD-BTS entry #nnn #
###############################################################################
##################################
Open Source Release <next-release>
##################################
###################################
Open Source Release 21.0 (Scandium)
###################################
-* Doc [2020-05-07] Fixes internal refs in generated pdfs (fixes #2505)
-* Kernel [2020-05-04] Accept UCN-encoded unicode char in ACSL (fixes #@849)
o Kernel [2020-04-27] Plug-ins specific dirs now use Filepath instead of
o Kernel [2020-04-27] Plug-ins specific dirs now use Filepath instead of
mere strings.
- Eva [2020-04-10] Fixes the Memexec cache on functions with logical
annotations about variables unused in the C body of the function.
- Eva [2020-04-06] New option -eva-domains-function to enable domains
only on given functions. Argument <d:f> enables the domain [d]
on function [f], while <d:f+> also enables it on all functions
called from [f]. <d:f-> disables [d] from function [f].
- Eva [2020-04-03] New experimental builtins for dynamic allocation
Frama_C_*alloc_imprecise: faster convergence, but very imprecise.
- Kernel [2020-04-01] Report user errors when keys are not bound to a
value for command-line options that require pairs of key:value
as arguments. Such keys were silently ignored.
*! Kernel [2020-03-30] Reject labels at end of blocks.
- RTE [2020-03-30] Emits alarm on invalid pointers when option is on
- Eva [2020-03-30] Emits alarm on invalid pointers when option is on
- Kernel [2020-03-30] New option -warn-invalid-pointer (disabled by
default) to warn on invalid pointer arithmetics resulting in a
pointer that does not point to an object or one past an object.
- RTE [2020-03-27] Emits alarm on pointer downcast when option is on
- Eva [2020-03-27] Emits alarm on pointer downcast when option is on
- Kernel [2020-03-27] New option -warn-pointer-downcast (activated by
default), to warn when a conversion between pointer and integer
might provoke a loss of precision.
- Kernel [2020-03-20] Add option -cpp-extra-args-per-file
-* Kernel [2020-03-18] Fixes #@823 (-load-module/-load-script now accept
spaces in filename)
-* Kernel [2020-03-18] Fixes #@818 (term generated for downcast alarms)
- Eva [2020-03-17] Supports the ACSL extended quantifiers \min and \max.
- Eva [2020-03-17] deprecate options -eva-*-domain in favor of
-eva-domains
- ACSL [2020-03-04] Make conversion from C ptr to logic array explicit
- Eva [2020-03-03] Evaluates the logic predicate memchr_off, used in
Frama-C libc specifications.
- Eva [2020-03-03] Slightly better heuristics for the subdivision of
evaluations (option -eva-subdivide-non-linear).
- Instantiate [2020-03-02] New plug-in Instantiate, to create function
specializations for specific plug-ins and functions (e.g. malloc,
memcpy, memset), to overcome limitations due to their
specifications.
- Kernel [2020-02-25] support for ghost else blocks
- Kernel [2020-02-18] checks that ghost code does not modify the normal
control flow of the non-ghost program
-* Kernel [2020-02-17] fixes issue that could prevent loading plug-ins on
Windows installation
- Kernel [2020-02-14] -constfold now takes into account value
of const globals
o ACSL [2020-02-13] Add possibility for ACSL extensions to alter the
sequence of untyped terms they receive from the parser. Make also
possible to customize the short pretty printer of extensions.
o Kernel [2020-02-13] Deprecated:
- Logic_typing.register_*_extension
- Cil_printer.register_*_extension
- Cil.register_behavior_extension
Use Acsl_extension.register_* instead
- Eva [2020-02-12] New option "-eva-domains <d1>,<d2>,..." to enable
several domains at once. The list of available domains is given
in the help message of the option.
o! Eva [2020-02-12] Simplifies abstract domain signature by removing the
Transfer functor.
-* Eva [2020-02-12] Fixes the evaluation of logic predicates involving
empty sets.
- Eva [2020-02-07] Supports the logic evaluation of quantifiers
introducing mathematical variables (integer or real).
o! Kernel [2020-02-04] Removed FCBuffer, FCMap and FCSet. Use directly
OCaml stdlib modules Buffer, Map and Set instead.
- Eva [2020-02-04] Renamed option -eva-malloc-functions into
-eva-alloc-functions. Also contains calloc and realloc by default.
-* GUI [2020-01-24] Fix order of globals in the source panel.
- Eva [2020-01-23] Adds consistency checks on return and parameters
types between a builtin and the replaced C function.
- Eva [2020-01-23] Subdivisions can now be enabled locally:
- through the new option -eva-subdivide-non-linear-function that
overrides the global option for the given functions;
- via /*@ subdivide N; */ annotations on specific statements.
##################################
Open Source Release 20.0 (Calcium)
##################################
- Eva [2019-11-25] In the summary, fixes the number of alarms by
category when the RTE plugin is used, and do not count logical
properties in dead code as proven.
-! Kernel [2019-10-31] More stringent verifications on the use of ghost
variable in non ghost-code. Fixes #2421
- MdR [2019-10-31] New plug-in Markdown-Report (MdR) for markdown and
SARIF outputs
- Eva [2019-10-23] In the summary, fixes the total number of functions
(and thus the computed analysis coverage).
- Eva [2019-10-23] New option -eva-auto-loop-unroll N to unroll all
loops whose number of iterations can be easily bounded by <N>.
- Eva [2019-10-21] New octagon domain inferring relations of the form
l ≤ ±X±Y ≤ e between pairs of integer variables X and Y. Enabled
with option -eva-octagon-domain. Only infers relations between
pairs of scalar variables occuring in a same instruction.
Intra-procedural by default; octagons can be propagated through
function calls with option -eva-octagon-through-calls.
- ACSL [2019-10-04] Support for ghost parameters
- Eva [2019-10-04] Evaluates ACSL predicates \is_plus_infinity and
\is_minus_infinity.
- Kernel [2019-10-04] Supports macro INFINITY and NAN.
o Config [2019-09-27] ocp-indent 1.7.0 is now used for indentation
o Eva [2019-09-16] Dynamic registration of abstract values and domains:
developers of new domains no longer need to modify Eva's engine.
-* Kernel [2019-09-13] Fixes Hptmap on keys with id greater than 2^28.
-* Makefile [2019-09-12] Fixes #2378 - bytecode only compilation (patch
contributed by madroach) and use -thread where needed.
-* Eva [2019-08-21] Fixes the reduction by the negation of \initialized
and \dangling predicates on imprecise lvalues.
-* Kernel [2019-08-20] Fixes a rare but critical bug which occured when
Frama-C internally switched the current project in presence of >2
projects and destroyed the old current project at about the same
time: the Frama-C internal state became inconsistent and lead to
unsound computations and crashes. It may be revealed to the
end-user when using a long sequence of -then-replace (at least 3
of them).
-* Kernel [2019-08-20] Fixed sequence of -removed-projects and -then
options.
o Ptests [2019-08-05] Add new MODULE directive for compiling and loading
an auxiliary OCaml module for a test
- Kernel [2019-08-05] Add -keep-unused-types normalization option
- Libc [2019-08-05] Remove obsolete (and forcing cpp error) builtins.h
o! Kernel [2019-08-02] Functions over visitor's behaviors have been moved
from Cil into a new module Visitor_behavior. Apply the migration
script potassium2calcium.sh to update your plug-ins automatically.
o! Sparecode [2019-07-26] Removed from Db. Use proper Sparecode API instead.
-! Kernel [2019-07-24] OCaml version greater than or equal to 4.05.0 required.
- Kernel [2019-07-24] Improve placeholders handling in -cpp-command
o! Kernel [2019-07-23] Types in Properties are now records and not tuples
- Eva [2019-07-09] Supports ACSL floating-point comparison operators
eq_float, le_float, eq_double, le_double, etc.
o! Kernel [2019-06-28] removes AST constructors TCoerce, TCoerceE,
PLCoercion, PLCoercionE, Psubtype and PLsubtype
-* Kernel [2019-06-20] fixes dangling ref when removing unused static local
####################################
Open Source Release 19.0 (Potassium)
####################################
-* RTE [2019-05-24] fixes a crash when visiting variable declarations
- Eva [2019-04-19] The new annotation /*@ split exp; */ enumerates the
possible values of an expression and continues the analysis
for each of these value separately, until a /*@ merge exp; */
is encountered. It is also possible to maintain this partitioning
at all times with the option -eva-partition-value exp.
- Eva [2019-04-19] New option -eva-partition-history N to delay the join
of abstract states for up to N merging points, thus keeping these
states separate longer. Useful when a reasoning depends on the
path taken to reach a control point, but can increase the analysis
time exponentially in N.
- Eva [2019-04-19] Loop unroll annotations now accept non-constant but
bounded expressions as the maximum number of unrollings to perform.
-* Kernel [2019-04-09] Avoid crashing on one-letter attributes. Fixes #2432
-* Obfuscator [2019-04-09] Also obfuscate formals in function pointer types.
Fixes #2433.
- Eva [2019-04-05] Prints an analysis summary at the end, outlining the
analysis coverage and the number of errors, warnings and emitted
alarms. It can be disabled with the option -eva-msg-key=-summary
- Eva [2019-04-03] New option -eva-precision to globally configure the
analysis from 0 (fast but imprecise) to 11 (accurate but slow).
A precision of 5 is often a reasonable trade-off. This meta-option
automatically sets up other options that can also be overriden.
- Inout [2019-04-01] Fix performance issue when initializing large arrays.
- ACSL [2019-03-08] Add check annotation, similar to assert except that
it does not introduce additional hypotheses on the program state
-* Makefile [2019-03-07] Do not attempt to install .cmx on bytecode-only
architectures. Patch by M. Dogguy backported from Debian package
- Libc [2019-03-05] Better specs and removal of half-implemented ifdef
that tried to take various POSIX versions into account
-* Kernel [2019-03-05] Better detection of invalid goto in presence of VLA
(fixes #@499)
- GUI [2019-03-04] Compatibility with lablgtk3 and improved handling of
some widgets
- ACSL [2019-03-01] Clarifies which C variables are in scope under a
\at(·,L) (#@575)
- Libc [2019-02-26] Ask clang not to warn about unknown FRAMA_C_MODEL
attribute when pre-processing frama-c's libc
-* Obfuscator [2019-02-26] Obfuscate logic types and logic constructors.
-* Inout [2019-02-21] Fixes operational input on const local initialization
o RTE [2019-02-21] RTE has a static API
o Kernel [2019-02-18] When registering extended ACSL annotations, one
must now indicate whether they should have a status.
o Kernel [2019-02-05] Integer API moving closer to Zarith
- Eva [2019-01-19] New warning category for detecting loops without
'unroll' directive
- Eva [2019-01-31] Ignore annotations with "no_eva" tag
-* ACSL [2019-01-19] Accept C identifiers that happen to be ACSL keywords
in volatile and reads clauses
- Eva [2019-01-10] Improved precision on nested loops (by postponing
the widening on inner loops according to -eva-widening-period).
-* Aorai [2019-01-04] Fixes #@586: avoid removing the initial state
of the automaton
- Kernel [2019-01-03] Add attributes for loop statements to allow
distinguishing between for, while and dowhile loops.
-! Kernel [2019-01-03] Add statement attributes (sattr) to the AST. They
are not printed by default, use -kernel-msg-key printer:attrs
-! Kernel [2019-01-03] Improved precision of integer abstract bitwise
operators.
-* Eva [2018-12-17] Fixes -eva-split-return on uninitialized or escaping
function returns when -eva-warn-copy-indeterminate is disabled.
o Kernel [2018-12-11] New functions for retrieving major and minor version
-* Kernel [2018-12-04] Fixes AST integrity check wrt volatile accesses
-* Kernel [2018-11-21] Fixes #@553 - pretty-printing of basic asm template
################################
Open Source Release 18.0 (Argon)
################################
-! Kernel [2018-10-24] Log.error and Log.failure will eventually make
Frama-C exit with a non-zero status. Fixes #@552
- Kernel [2018-10-24] More ergonomic command-line options for governing
warning categories statuses.
- Eva [2018-10-24] Enable the memexec cache by default. It can be
disabled by option -eva-no-memexec.
- Eva [2018-10-22] Improved performances when the symbolic locations
domain and the memexec cache are enabled.
- Eva [2018-10-22] The memexec cache is now fully compatible with all
abstract domains provided by Eva. However, the binding to the
Apron domains disable memexec.
- Eva [2018-10-18] New experimental domain "numerors" inferring absolute
and relative errors of floating-point computations. Enabled by the
option -eva-numerors-domain. Does not handle loops for now.
-* Kernel [2018-10-18] Fixes parsing of compound initializers with anonymous
fields. Fixes #2384
-* Kernel [2018-10-16] Consider that asm can change content of pointers
used as inputs when generating assigns clauses. Fixes #@458
- Eva [2018-10-12] Remove option -obviously-terminates.
- Kernel [2018-10-05] New option -warn-invalid-bool, to warn when reading
trap representations of type _Bool.
- Eva [2018-10-04] ACSL predicates with a "no_eva" tag are now ignored.
- Eva [2018-10-03] Warn about currently unsupported specifications
of some libc functions.
- Eva [2018-10-02] Fix the gauges domain on weak bases.
- Eva [2018-10-02] Some fixes and improvements of the equality domain.
-* Kernel [2018-10-02] Rejects sizeof of an incomplete type. Fixes #@560.
-* Kernel [2018-09-26] Add attribute to allow writing into const lvals in
specific (aka C++ constructors and mutable fields) circumstances.
Fixes #2395.
- Kernel [2018-09-14] New warning (disabled by default) when multiple side
effects are unsequenced (CERT-EXP10-C recommandation).
Fixes #@492
- Eva [2018-09-13] Remove option -val-warn-left-shift-negative, and
comply with kernel option -warn-[left|right]-shift-negative.
- Kernel [2018-09-13] New options -warn-left-shift-negative (enabled by
default) and -warn-right-shift-negative (disabled by default),
to control the emission of alarms on shifts on negative integers.
o! Constant Propagation [2018-09-12] Removing Db API for Constant Propagation
plug-in. Calls to !Db.Constant_Propagation should be replaced by
calls to Constant_Propagation.Api.
- Eva [2018-09-12] Reduction of values leading to division by zero
alarms, when possible.
- Eva [2018-09-11] Better reduction of floating-point values cast into
integer types when an alarm is emitted.
- Metrics [2018-09-06] Add option -metrics-used-files, to help identify
unnecessary files given in the command line
- RTE [2018-09-05] Remove option -rte-precond.
- Eva [2018-08-31] Supports the ACSL functions \min and \max.
- Eva [2018-08-30] Fixes the alarms on subtractions and comparisons of
pointers on weak bases (created by allocations in loops).
-! ACSL [2018-08-28] Introduce extensions to global annotations and
better characterization of each extension kind.
See development guide for more information
- Eva [2018-08-28] All options of Eva start with -eva. Aliases to
previous option names preserve backward compatibility.
-! Eva [2018-08-28] Rename plug-in shortname from 'value' to 'eva'. Eva
is now properly named Eva in all logs, in the GUI, and as the
emitter of the alarms.
-! Kernel [2018-08-23] Introduce Filepath dataype for more consistent
normalization of filenames
-* Kernel [2018-08-23] Do not allow compound assignments to const variables
Fixes #@384
-! Kernel [2018-08-23] Remove option -const-writable: const globals are
unconditionally constants
-* Eva [2018-08-02] Deprecate option -val-warn-builtin-override in favor
of warning category builtins:override.
- Kernel [2018-07-26] Fix compilation on OpenBSD
patch contributed by madroach. Fixes #2379
- Kernel [2018-07-26] New option -remove-inlined to remove function(s)
after -inline-calls, add category @inline to refer to all
functions with inline attribute (for both options).
- Eva [2018-07-23] The debug category "garbled-mix" becomes a warning
category. Better track of garbled mix created by specification.
-* ACSL [2018-07-23] Avoid removing cast of void ptr used as
argument of function expecting a ptr with known size. Fixes #@432
o! Kernel [2018-07-23] Remove completely outdated module Dataflow.
Deprecated since 3+ years. Use Dataflow2 instead.
-* RTE [2018-07-23] Stop generating spurious \initialized alarms.
Fixes #@429
-* Kernel [2018-07-06] Respect relative order of labels and ACSL annots.
Fixes #@524
o* Ptests [2018-07-02] Do not keep oracles for empty stderr. Fixes #@402
-*! ACSL [2018-07-02] introduce ACSL operators \le_double, \ge_double, ...
in addition to \le_float, \ge_float, ... Remove overloading of
\le_float that made it accept double as arguments. Fixes #@502
- Eva [2018-06-28] New option -eva-report-red-statuses listing in
a csv file the properties invalid for some states of the analysis
(as in the "Red Alarms" panel of the GUI).
- Eva [2018-06-25] Release all builtins, including memset and memcpy,
as open-source.
- Eva [2018-06-15] When a cvalue builtin is used, other domains use the
frama-c libc specification to interpret the call without losing
too much information.
- Eva [2018-06-14] The variables from the frama-c libc are no longer
shown in the initial state print.
- Eva [2018-06-11] Improved precision of string builtins for strlen,
strchr and memchr.
- Eva [2018-04-25] Renamed option -wlevel into -eva-widening-delay. New
option -eva-widening-period to control the number of iterations
between two widenings.
- Eva [2018-04-25] New propagation strategy that allows unrolling loops
even when the slevel has been exceeded. Unroll the N first loop
iterations via the global option -eva-min-loop-unrolling N or via
specific code annotations /*@ loop unroll N; */. The new strategy
may affect analyses even without loop unrolling.
############################################
Open Source Release 17.1 (Chlorine-20180502)
############################################
- Libc [2018-07-05] Fix C++ compatibility for Frama-Clang plug-in
############################################
Open Source Release 17.0 (Chlorine-20180501)
############################################
- Eva [2018-04-25] Added scripts and templates to help automate case
studies (in $FRAMAC_SHARE/analysis-scripts)
-* Typing [2018-04-23] Stronger checks w.r.t. implicit conversions in
function pointers (must have compatible types) and assignments
(modifiable lvalues). Fixes #@479
- Kernel [2018-04-23] Added option -inline-calls for syntactic inlining
-* Kernel [2018-04-19] Avoid crash when re-declaring a function with
formals after it has been called without any. Fixes #@454
- Kernel [2018-04-13] Deprecate option -warn-decimal-float in favor of
warning category parser:decimal-float
- Kernel [2018-04-13] More possible statuses for warning categories.
Fixes #@486
o Kernel [2018-04-13] Change Cil.typeHasAttributeDeep into
Cil.typeHasAttributeMemoryBlock. Fixes #@489
o* Logic [2018-04-11] properly reset logic environment in case of typing
errors. Fixes #@326
- Eva [2018-04-10] Interpret the logic constants \pi and \e.
- Eva [2018-04-06] Initialization of volatile pointers now keeps the
base addresses of the pointer (with arbitrary offsets).
- Eva [2018-04-06] Fix the initialization of local volatile variables,
which can always have any value.
- Eva [2018-04-06] In the logic, interpret the ACSL function \sign and
the constructors \Positive and \Negative.
- Metrics [2018-04-05] When the value coverage is computed, also shows the
total number of statements by function in the filetree of the Gui.
- Gui [2018-04-04] Added Preferences menu (shortcut: Ctrl+P) to set
themes for property bullets and external source editor
o Lib [2018-03-30] New Rich_text module to create message with tags
o! Kernel [2018-03-30] Never or rarely used Log functions have been
removed or deprecated
- Eva [2018-03-15] Avoid enumeration on values with too many bases —
fixes a performance issue.
- Gui [2018-03-07] The preconditions of a function call can now be
displayed before the call statement itself (click on status
bullets with '+' or '-' to unfold/fold them)
- Typing [2018-03-02] Support for CERT EXP46-C
- Eva [2018-03-01] Fix a soundness bug in the equality domain: do not
infer incorrect equalities between incomparable pointers,
or between -0. and +0.
- Eva [2018-02-26] deprecate option -val-warn-on-alarms in favor of
warning category alarm
- Kernel [2018-02-26] deprecate option -continue-annot-error in favor of
warning category annot-error
-! Kernel [2018-02-26] introduce warning categories, with various
possible behaviors. Refactor management of debug categories
-* RTE [2018-02-23] Do not emit spurious 'idx < 0' assert
on gcc-style FAM. Fixes #@393
-* Kernel [2018-02-23] Handle anonymous struct/union init. Fixes #@376
- Eva [2018-02-22] Equalities can be propagated through function calls.
New options -eva-equality-through-calls[-function] to decide
(globally or by function) which ones are kept from the caller.
- Eva [2018-02-21] When an lvalue lv is assigned or leaves the scope,
the equality domain tries to replace lv by an equal term (if any)
in the expressions depending on lv (instead of removing them).
o! Occurrence [2018-02-20] Removing Db API for Occurrence plug-in. Calls to
!Db.Occurrence should be replaced by calls to Occurrence.Register.
o! Impact [2018-02-20] Removing Db API for Impact plug-in. Calls to
!Db.Impact should be replaced by calls to Impact.Register.
o! Users [2018-02-20] Removing Db API for Users plug-in. Calls to
!Db.Users should be replaced by calls to Users.Users_register.
- Eva [2018-02-13] Removed *_alloced_return base created for functions
without body that return pointers. Such bases were imprecise
and could be unsound in corner cases.
- Eva [2018-02-08] Shifts of addresses now create garbled mixes (as any
other arithmetic operation).
- Logic [2018-02-07] Ghost code now supports /@ ... @/ annotations
- Eva [2018-02-06] By default, do not emit pointer_comparable alarms for
non pointer operations. Always compute {0;1} for non pointer
comparisons involving incomparable addresses.
- Eva [2018-02-01] Warn about unsupported allocates clauses.
- Eva [2018-01-30] The subdivision of evaluations (through the option
-val-subdivide-non-linear) can subdivide the values of several
lvalues simultaneously (on expressions such as x*x - 2*x*y + y*y).
- Kernel [2018-01-24] Better renaming of variables in case of name
collision.
o! Kernel [2018-01-24] Keep information about syntactic scope of local
static variables. Accessed through
Globals.Syntactic_search.find_in_scope.
-! Eva [2018-01-24] Renamed option -val-malloc-returns-null to
-val-alloc-returns-null, which also applies to realloc builtins.
- Kernel [2018-01-16] Added option -json-compilation-database to help with
preprocessing. Requires yojson during Frama-C compilation.
- Eva [2018-01-15] New function post_analysis in abstract domains,
called at the end of the analysis.
- Eva [2018-01-11] The Simple_memory functor lets builtins interpret C
functions from the value of arguments to the result value.
- Eva [2018-01-11] Evaluate the preconditions of the functions for which
a builtin is used; builtins do not emit alarms anymore.
-! Kernel [2018-01-11] Alarms Logic_memory_access and Valid_string, that
were only emitted by Eva builtins, are removed.
-* ACSL [2017-12-14] Reinforce rejection of void* pointer types in the
arguments of ACSL built-in constructs related to memory blocks
and pointer dereferencing.
-* ACSL [2017-12-14] Reinforce rejection of implicit casts from array
types to pointer types in the arguments of ACSL built-in
constructs related to memory blocks and pointer dereferencing.
-* Kernel [2017-12-13] Clean up typechecking environment when dropping
side-effects (in sizeof et al.). Fixes #@430
o! Kernel [2017-12-13] Old Cil.isCharType renamed as Cil.isAnyCharType.
New Cil.isCharType is now only true for plain char, neither signed
nor unsigned. Derived functions (isCharPtr et al.) also updated
- Eva [2017-12-12] Fix a crash when using -val-stop-at-nth-alarm.
- Eva [2017-12-07] Eva complies with option -warn-special-float, and
propagates or warns on NaN and infinite values accordingly.
-! Kernel [2017-12-07] Option -warn-not-finite-float renamed into
-warn-special-float and extended (accepts non-finite/nan/none).
- Kernel [2017-12-07] Make some typechecking warnings controllable with
-kernel-msg-key keys.
- Eva [2017-12-07] New option -val-skip-stdlib-specs, set by default.
When analyzing the body of a function from Frama-C's standard
library, specifications will be skipped.
- Eva [2017-11-28] New builtins for the single-precision mathematical
functions fmodf, cosf, sinf and atan2f.
-! Eva [2017-11-16] In the log, messages on preconditions are now
reported with the location of the call site.
o! Eva [2017-11-09] The Fval module now supports NaN and infinite values.
Major API changes in Fval, Ival and Cvalue.V (regarding casts,
mostly)
-o Eva [2017-11-09] Option -all-rounding-modes has been removed
-* Eva [2017-11-09] Fix bugs in builtins for cos and sin. The results
may be less precise than previously
- Eva [2017-11-09] Various improvements in the handling of
floating-point variables: evaluation of \is_finite, computation
of the bits of a floating-point range, etc
- Eva [2017-11-09] New panel "Red alarms" in the GUI that shows all red
statuses emitted for some states during the analysis. They are not
completely invalid, but should often be investigated first.
-* Eva [2017-10-27] Fix bug in the handling of non-explicitly volatile
fields inside volatile structs or unions
##########################################
Open Source Release 16.0 (Sulfur-20171101)
##########################################
-* Eva [2017-10-27] Fix bugs when evaluating \ìnitialized, \dangling
and \separated on addresses of bitfields
-* Eva [2017-10-27] Fix bug in the handling of non-explicitly volatile
fields inside volatile structs or unions
- RTE [2017-10-27] add option -rte-initialized to generate assertions
over read accesses to potentially uninitialized locations.
-* RTE [2017-10-16] Fix bounds of alarms emitted when downcasting to
bitfields (issue #?2314)
o Makefile [2017-10-13] add gui-byte target to only build bytecode GUI
o Kernel [2017-10-11] sizeof() and alignof() applied to a function can now
be rejected when the compiler does not support this construct,
depending on the fields sizeof_fun and alignof_fun of the machdep
-* Kernel [2017-10-11] More thorough checks on l-values with function type.
Non-sensical expressions are now rejected at parsing type.
- Eva [2017-10-10] Uses assigns clauses to over-approximate the effects
of assembly statements. Warns if no assigns clause is provided.
-* Eva [2017-10-10] Fixes a performance issue in offsetmaps, that occured
when reading or copying values smaller than cells in large arrays.
- Eva [2017-10-10] The backward propagation tries to reduce integer
values by considering separately the bounds of their intervals.
-* Eva [2017-10-10] Fixes an optimization issue where the reduction by a
loop invariant just after widenings could impede the convergence.
-* Eva [2017-10-10] Fixes a soundness bug where a loop invariant could be
wrongly proved correct in some marginal cases.
+ Slicing [2017-10-05] File slicing_types/*.ml moved into slicing subdir.
- Gui [2017-09-13] In the filetree, the filter menu appears on a right
click on the header, while a left click sorts the tree.
- Metrics [2017-09-13] In the Gui, shows the percentage and the number of
dead statements (when computed) for each function of the filetree.
-! Callgraph [2017-09-01] Option -cg-init-roots replaced by -cg-service-roots
(almost equivalent); new options -cg-function-pointers (ignore
function pointers; unsound) and -cg-roots (compute subgraphs).
o! Eva [2017-09-01] In abstract domains, compute_using_specification is
replaced by logic_assign, that interprets one \assigns clause.
Complete specification are now interpreted through successive
calls to evaluate_predicate, reduce_by_predicate and logic_assign.
- Eva [2017-09-01] Various precision improvements in the interpretation
of the behaviors of a specification.
-* Kernel [2017-08-31] Fixes configure script on bytecode only architecture.
Initial version of the patch by Debian. Fixes #2325
-* Kernel [2017-08-31] Fix various typos in source code and user messages.
Patch by Debian. Fixes #2323
-! Sparecode [2017-08-31] Rename option -rm-unused-globals to
-sparecode-rm-unused-globals.
o! ACSL [2017-08-24] Refactor handling of logic labels in AST
-! Eva [2017-08-03] Fix soundness (resp. precision) bug on big-endian
(resp. little-endian) architectures. This bug triggered on
low-level code, typically when using bitfields
-* Kernel [2017-08-03] Strip bitfield attribute when performing integral
promotions on bitfields of size short or char. Fixes incorrect
attributes on the resulting expression.
-! ACSL [2017-08-03] Explicitely disallow /* and */ in ACSL annotations.
Allows to re-use logic parser for parsing annotations in external
files that can use /* ... */ as comments. As a consequence,
expressions like y/*p are thus rejected, but this was already the
case when -pp-annot is activated (default for .c files) and can
be fixed easily in y / *p (as it is pretty-printed)
-* Kernel [2017-07-29] Fix unmarshalling of save files that contain more
than 4Gb of uncompressed data. Patch from TIS-interpreter.
-* Eva [2017-07-27] Fix performance issue with the equality domain.
-! Kernel [2017-08-28] Fix invalid eids on code generated through loop
unrolling
-! Slicing [2017-08-28] Fix invalid eids on code generated through option
-slicing-level >= 2
-! Eva [2017-07-28] Fixed memory leak with option
-val-subdivide-non-linear
o! Slicing [2017-08-01] Removing Db API for Slicing plug-in. Calls to
!Db.Slicing should be replaced by calls to Slicing.Api.
-o! Slicing [2017-07-27] Removing deprecated '-slice-option' and related
!Db.Slicing.Projet.print_exported_project. Minor changes into
!Db.Slicing.Projet.extract.
o! Scope [2017-07-27] Removing Db API for Scope plug-in. Calls to
!Db.Scope should be replaced by calls to Scope.
o! Report [2017-07-24] Removing Db API for Report plug-in. Calls to
!Db.Report.print should be replaced by calls to
Report.Register.print.
- RTE [2017-07-17] Emits overflow alarms on unsigned left shift when
-warn-unsigned-overflow is enabled.
- Eva [2017-07-17] Emits overflow alarms on unsigned left shift when
-warn-unsigned-overflow is enabled.
- Kernel [2017-07-10] Composite types are now required to have equal tags
as per the C standard; no more support for isomorphic structs.
- Eva [2017-07-01] In the GUI, the "Values" panel displays the values
computed by using the properties inferred by all enabled domains.
-! Eva [2017-06-30] Better handling of function alloca(), via builtin
Frama_C_alloca.
-* Eva [2017-06-28] The cvalue states saved after each statement are now
properly deleted when an Eva parameter is changed in the GUI.
o Eva [2017-06-26] New functor in domains/simple_memory.ml to build a
complete domain from a value abstraction. The abstract states link
each scalar variable of a program to an abstract value.
- Eva [2017-06-26] New sign domain for demonstration purposes only.
-* Kernel [2017-06-09] Parser now handle mixed concatenation of
string and wstring. Fixes #@1467
- Eva [2017-06-07] The subdivision of the evaluation of non-linear
expressions (through the -val-subdivide-non-linear option) also
applies to the new evaluations requested by the equality domain.
-* Eva [2017-06-14] Fix a crash when downcasting pointer values with
the option -val-warn-signed-converted-downcast enabled.
-* Eva [2017-06-14] Fix missing alarms when downcasting pointer values.
-o Eva [2017-05-24] The argument ~with_alarms for functions of Db.Value
is now optional, and will be removed in a later version.
* Eva [2017-05-24] Fix soundness bug in string builtins where some
invalid offsets did not generate alarms.
- Eva [2017-05-22] Removes all effects of the special functions
Frama_C_[dump|show]_each on the analyses: no alarms are emitted
and the states are never reduced on these calls.
- Eva [2017-05-22] Frama_C_dump_each prints the state of each available
domain whose log category is enabled.
- Eva [2017-05-22] New directive Frama_C_domain_show_each prints the
internal properties about the arguments inferred by each available
domain whose log category is enabled.
o! Eva [2017-05-22] Abstract domains have to provide a log category and
a function show_expr that prints the internal properties inferred
about an expression.
- Kernel [2017-05-18] Added option -print-return to inline gotos to return
- RTE [2017-05-12] add -warn-not-finite-float for checking
that infinite and NaN floats are not produced.
-! Kernel [2017-05-17] qualifiers are dropped from the return type of
functions, as they make no real sense
-* Kernel [2017-04-27] stop removing const attribute on local variables.
Fixes #@301
o! Kernel [2017-04-27] Remove needless repetition of declared logic labels
in Tapp and Papp nodes. Fixes #@274
o! Kernel [2017-04-27] Completely separate types between Cil_types and
Logic_ptree, removing needless polymorphism
- Eva [2017-04-06] More precise evaluation of \initialized and
\dangling predicates.
##############################################
Open Source Release 15.0 (Phosphorus-20170501)
##############################################
-* Eva [2017-05-08] Fix widening in the gauges domain, in particular with
nested loops and pointers that change base address through
iterations
-* Eva [2017-04-25] Perform widening in the symbolic locations domain.
-* Eva [2017-04-24] Fixes a crash when backward-propagating an imprecise
value on a 32-bits floating point addition. A non-single precision
value was erroneously returned.
-* Eva [2017-04-05] Fixes a crash with the -val-subdivide-non-linear
option, on subdivisions of evaluations involving pointer values.
-! Eva [2017-03-31] Renamed dynamic allocation builtins for
improved consistency. In particular, Frama_C_alloc_size
becomes Frama_C_malloc_fresh.
- Eva [2017-03-31] New option -val-builtins-list
-* Scope [2017-03-31] Fix bug in the functions of Db.Scope in presence of
alarms refering to volatile memory locations, or to variables
that leave scope. Also impacts Eva option -remove-redundant-alarms
- Eva [2017-03-31] Activate option -remove-redundant-alarms by default.
- Inout [2017-03-28] Option -inout-callwise is now always active, and will
be removed in a later version
-* Inout [2017-03-28] Prevent formal variables of functions with only a
specification from leaking into results
- Kernel [2017-03-28] Dynlink is now mandatory, no degraded static mode.
o! Eva [2017-03-17] Incompatible API changes in module Cvalue.Model.
Functions named 'unspecified' have been renamed into
'indeterminate', and some arguments have been removed.
o! Gui [2017-03-10] Signature change for constructor
Pretty_source.PVDecl
-! Kernel [2017-03-10] Explicit AST nodes to mark local variables
initialization.
-! Kernel [2017-03-10] Better handling of VLA (use explicit function calls
to mark deallocation of VLA at appropriate program points)
-* Callgraph [2017-03-10] Fixes inverted callers/callee in indirect calls
-! Eva [2017-03-09] Option -val-show-progress is now unset by default
-* Eva [2017-03-08] Fix bug #2277. The initial state of the analysis
now depends on all relevant options, including kernel options
-warn-...
-! Variadic [2017-03-08] Change of command line argument names for the
plugin Variadic. The new names are more expressive and avoid
confusions with the plugin Value. Use -variadic-translation or
-variadic-no-translation instead of -va or -no-va.
-! Value [2017-03-07] Support for the legacy value analysis has been
abandoned, Eva is now always active. Option -no-eva has been
removed.
-* Eva [2017-03-07] Unsound support for recursion, through option
-val-ignore-recursive-calls. The support of recursion through
the use of 'assigns' clauses, previously available in Value,
was unsound and has been removed
-! Kernel [2017-03-01] Zarith library is now required
-* Kernel [2017-02-24] Fix crash when loading a saved file without a plug-in
which has previously emitted a status with a tuning parameter.
- Eva [2017-02-06] New (internal) mechanism to handle C functions'
return values. Messages now mention \result<foo> for the
value returned by 'foo'.
- Variadic [2017-02-08] The plugin is now enabled by default. Use the
option -variadic-no-translation to keep the original behaviour.
The specification generated for the fprintf function family is
now more accurate.
- Kernel [2017-01-26] New option -print-libc, to expand include directives
for files in the Frama-C stdlib (no longer expanded by default).
-* Obfuscator [2017-01-19] Fix typo in help message (bts #2269).
- Kernel [2017-01-09] Bash completion for Frama-C options. See #@154.
-* Kernel [2016-12-09] Fixes oneret normalization in presence of
statement contract and absence of return. See #@255 and #2235.
- Kernel [2016-12-06] New option -print-machdep (help group).
- Rte [2016-11-25] Remove option -rte-all.
-* Cil [2016-11-20] Pointer subtractions with arguments of incompatible
types are now refused. The resulting expression is typed as
ptrdiff_t instead of int.
- Value [2016-11-18] Widen hints directives @widen_hints now accept
arbitrary l-values (evaluated at analysis time) in place of
variables.
-* Kernel [2016-11-17] Fixed some issues with #pragma pack() behavior,
in both GCC and MSVC machdeps. Also fixed some related issues
with __aligned__ and __packed__ attributes (including bts #2249).
-o Kernel [2016-11-17] Utility API for checking volatile attribute in Cil.
- Metrics [2016-11-17] Programmatic API for some functions via Metrics.mli.
- Kernel [2016-11-07] New option -no-autoload-plugins (equivalent to old
-no-dynlink); mostly for internal use.
-! Kernel [2016-10-19] Stricter verification for extern, static and inline
specifiers (support for CERT DCL-36-C coding rule)
o* Eva [2016-10-22] Functions Db.Value.fun_set_args and
Db.Value.globals_set_initial_state are now compatible with Eva.
###########################################
Open Source Release 14.0 (Silicon-20161101)
###########################################
-*! Eva [2016-10-29] Fix soundness bug on statements with RTE or
programmatically-added user assertions (bts #2258). This
leads to minor changes in the way states are propagated when
all slevel has been consumed. Also, consolidated states now
return the abstraction before any reduction by assertions or
alarms.
-* Eva [2016-10-20] Fix bug in the bitwise domain, on some applications
of the & and | operators
- Value [2016-10-20] New (experimental) option -val-builtins-auto, to
automatically replace known C functions by builtins. Will
be set by default in Phosphorus.
-* Value [2016-10-19] Frama_C_cos and Frama_C_sin builtins are now
precise by default. The former Frama_C_cos / Frama_Csin_precise
have been removed
-* Kernel [2016-10-18] Fix bug when pretty printing an ACSL term
"divisor / *p" (bts #2250).
- Eva [2016-10-18] New experimental Gauges domain, that relates
integer variable to loop counters.
-! Kernel [2016-10-15] Fix major bug in the backward dataflow of module
Dataflows
-! Scope [2016-10-15] Fix bug that might lead to unsoundness and / or
looping in 'Datascope' functionality (#!235)
-* Eva [2016-10-11] Prevent incorrect reductions on memory locations
with volatile qualifier
-! Value [2016-10-11] Option -val-warn-copy-indeterminate is now set by
default. See command-line help if you want to deactivate it.
- Kernel [2016-10-07] Fix bug that may occur when modifying several times
command line-options taking functions as argument (issue #@109)
-! Libc [2016-10-07] Functions in share/libc.c have been inlined into
the proper .c files under share/libc
- Eva [2016-10-07] More systematic backward-propagation between
actual parameters and formals
- Nonterm [2016-10-05] overall increase in precision, especially on
compound statements (if, switch, loops...). Verbosity has been
decreased
- Nonterm [2016-10-05] New options -nonterm-ignore f1,..,fn (to
ignore calls to functions f1,..,fn) and -nonterm-dead-code
(to warn about syntactically dead code)
- Value [2016-09-23] Extended support for syntactic widening hints
(@widen_hints - see the Value user manual for more details)
- Value [2016-09-20] New builtins for string-related functions:
Frama_C_strlen, Frama_C_strchr, Frama_C_strnlen,
Frama_C_memchr and Frama_C_rawmemchr
- Value [2016-09-20] valid_string and valid_read_string predicates
are now evaluated by Value
-* Eva [2016-09-18] Fix bug in equality domain, after assignements
lv = e where the modified locations intersect those involved in
computing lv
-* Eva [2016-09-18] fix performance bug in the equality domain,
especially visible on programs with many local variables.
o! Kernel [2016-09-16] Rename some types of the logic AST for more coherence
- Kernel [2016-09-13] Support for C11 redefinition of typedefs
- Kernel [2016-09-06] Deprecated Pretty_utils.sfprintf,
use Format.asprintf instead.
-! Logic [2016-08-31] Refactoring of ACSL extensions + allow extensions
in loop annotations
-! Libc [2016-08-29] New file share/libc/string.c, with simple
implementations for C99 functions defined in string.h.
Duplicate implementations were removed from share/libc.c.
-* Kernel [2016-08-12] Fix bug #2239 about unsoundness of callgraph's
services computation (bug introduced in Frama-C Magnesium).
o! Kernel [2016-07-26] Suppress return_stmt field of kernel_function type.
Use Kernel_function.find_return instead.
-* Kernel [2016-07-31] Scripts that use Gtk can again be loaded using
option -load-script (bug report:
http://stackoverflow.com/questions/38677256/)
-! From [2016-07-28] Removed options -experimental-path-deps and
-experimental-mem-deps.
-! Value [2016-06-26] Do not compute the sizeof of a function when
evaluating a function call through a pointer. This avoids some
warnings in MSVC mode.
-! Value [2016-06-26] Option -val-show-time has been removed. Options
-val-show-perf or -val-flamegraph offer more information
- Value [2016-06-26] New option -val-flamegraph, to dump information about
analysis times as a Flamegraph
-* Value [2016-06-26] Option -val-show-perf now properly takes into
account the time taken by the main function itself (without its
callees)
-! Kernel [2016-06-14] OCamlGraph is no longer packaged within Frama-C,
and must be installed to build Frama-C from source
o! Kernel [2016-06-14] Remove class Filecheck.check from API.
Use Filecheck.check_ast that provides the correct encapsulation.
- Eva [2016-06-11] Various improvements to experimental Apron domain
- Value [2016-06-11] Pointers to functions with an incompatible type are
now handled in a more stringent manner. Previously, arguments
with incompatibles types but equal size were reported with an
orange status. Now, any mismatch (e.g. int/float or
signed/unsigned) causes a red alarm.
-* Eva [2016-06-06] Setting option -val-warn-copy-indeterminate now
forces lvalue copies to perform a full evaluation. This includes
converting the copied value to the proper type, and emitting
alarms if it is indeterminate. This option should not be set
for memcpy-like functions, or for functions that copy bits
of pointers
-! Value [2016-06-05] API changes in modules Lmap and Cvalue.Model. All
occurrences of `Map in returned value should be replaced by
`Value
-! Value [2016-06-03] Several warnings emitted by Value are now properly
prefixed by [value] instead of [kernel]
- Value [2016-05-31] New message key 'garbled-mix', to track garbled mix
generated during the analysis
-* Value [2016-05-30] Garbled mix created when analyzing assigns / from
clauses are now tagged as having "Library function" origin
- Value [2016-05-30] New option -val-warn-on-alarms, which governs
whether alarms are printed as warnings or text.
-* Kernel [2016-05-23] Side-effect free instructions such as 'e;' are now
translated as 'tmp = e;' instead of 'if (e) {}' (which was
incorrect when e did not have a scalar type)
- Eva [2016-05-27] Improvements to option -val-subdivide-non-linear for
high number of subdivisions
-* Value [2016-05-23] Option -val-show-initial-state has been removed.
Instead, -value-msg-key=-initial-state can be used
- Value [2016-05-23] New message key final-states, that can be used
to deactivate the printing of the abstract states at the end of
each function
o* Kernel [2016-05-18] Fixes merging of contract when using
Annotations.add_code_annot
- Rte [2016-05-15] New option -rte-pointer-call, to generate
annotations for calls through function pointers
-* Value [2016-05-15] Fix crash when extracting bits of a long double
value. (Issue 92 on TIS-interpreter, reported by ch3root.).
- Value [2016-05-14] Builtins are now available for malloc:
Frama_C_alloc_size (one new base each time, may diverge) and
Frama_C_alloc_by_stack (one base by stack, may end up performing
weak updates).
-! Cil [2016-05-12] Conversions between a bit-field lvalue and the
(integral) type of the bitfield are now always made explicit
through casts; the attribute FRAMA_C_BITFIELD_SIZE is present on
the type of the cast if needed.
- Libc [2016-05-03] Implementations of some functions of the standard
library are now available in share/libc/*.c
-* Makefile [2016-04-27] Fix compilation of plug-ins which depends on
another plug-ins when compiled outside Frama-C.
- Gui [2016-04-24] Different filters for user assertions and RTEs
are now available.
- Eva [2016-04-05] Improvements to option -val-subdivide-non-linear on
expressions such as x*x+y*y, or t[i*i].
- Eva [2016-04-01] Support for options -warn-signed-downcast and
-warn-unsigned-downcast.
-! Kernel [2016-03-31] OCaml version greater than or equal to 4.02.3 required.
o Makefile [2016-03-31] Warnings and warn-error are activated only if a file
.for_devel is present along side the Makefile (also for plugins)
o! Kernel [2016-03-29] Functions Integer.pgcd and Integer.ppcm are now
guaranteed to return a positive result.
#############################################
Open Source Release 13.0 (Aluminium-20160502)
#############################################
- Value [2016-04-19] Support for evaluation of predicate
\valid_read_string on constant strings.
-* Sparecode [2016-04-11] Fix crash when an entire function becomes spare.
(issue #@157).
- Eva [2016-03-30] New experimental domain that improves precision on
bitwise operations, for example on pointers. Activated by option
-eva-bitwise-domain.
o! Value [2016-03-30] API change in functor Lmap.Make.
- LoopAnalysis [2016-03-29] New plug-in 'LoopAnalysis' which estimates loop
bounds and -slevel-function parameters. Invoked using option
-loop.
-* ACSL [2016-03-30] Fixes precedence uncompliance within ACSL Manual of
some bitwise operators and more aggressive checks of consistent
relation chains.
-* Metrics [2016-03-24] Fix list of undefined functions; functions that
are never called were not reported.
-* Metrics [2016-03-24] Fix option -metrics-value-cover when option
-metrics-libc is not set.
-! Metrics [2016-03-24] Global variables defined in Frama-C standard library
are no longer counted when option -metrics-libc is not set.
- Variadic [2016-03-17] New plug-in 'Variadic' which translates variadic
functions, calls and macros to allow analyses to handle them more
easily. Invoked using the -va option.
- Nonterm [2016-03-09] New plug-in 'nonterm' for detection of definite
non-termination based on Value.
!o Kernel [2016-02-29] Do not raise Invalid_arg and Failure exn but use
custom exceptions instead. Prevents warning 52 in OCaml 4.03.0
Functions raising new exceptions are:
- Db.From.find_deps_term_no_transitivity_state
- Db.Interp.*
- Kernel [2016-02-24] New option -<plugin>-log to copy the output of
plug-ins into one or several text files
(described in the User Manual).
-* ACSL [2016-02-23] Fixes implicit logic label generation on recursive
definitions. Fixes bug #2158.
- Eva [2016-02-22] Experimental domain dedicated to storing and
learning information from syntactic equalities
(option -eva-equality-domain).
- Eva [2016-02-22] Improvements to backward propagation, on memory
accsses and bitwise operations.
-* Value [2016-02-17] Fix handling of functions without a body that
return a pointer. The pointer was aligned on an incorrect
frontier.
-* Value [2016-02-17] Fix crashes when analysing a function (without a
body) that returns an empty struct, or a pointer to an empty
struct. Bugs reported by TrustInSoft.
- Kernel [2016-02-10] Registering twice the same machdep is now accepted.
- Cil [2016-02-10] Add proper support for empty aggregate initializers
in GCC mode.
- Cil [2016-02-08] Operator ! applied to constant expression is no
longer simplified when not required.
- Value [2016-02-05] Informative messages about inactive behaviors are
now emitted only at verbosity level 2.
- Value [2016-02-05] Messages on ACSL predicates with Unknown/Invalid
status are now emitted with a 'warning' severity, consistently
with the emission of alarms. 'True' statuses are hidden if option
-val-show-progress is unset.
- From [2016-02-03] Option -from-verify-assigns takes into account
direct and indirect dependencies.
- Value [2016-02-03] Distinguish direct and indirect dependencies in
'from' clauses to compute the effecst of an 'assigns/from' clause.
See section 7.2 of the manual.
-* Libc [2016-02-02] Fix specifications of memchr and strncpy.
-* ACSL [2016-01-27] Fixes example of logic label use. Fixes bug #2203.
-* Logic [2016-01-17] Meaningless assigns clauses are now rejected more
aggressively. Fixes bug #1790.
o Kernel [2016-01-08] Several incompatible changes in module Property.
- Kernel [2016-01-08] Automatic generation of assigns from GCC's extended
asm.
-* Value [2016-01-06] Evaluation of ACSL ranges takes into account option
-safe-arrays. In particular t[..] remains within the bounds
of t. Fixes bug #!1639.
-* Value [2016-01-05] Take into account 'volatile' qualifiers on struct
typedefs, which were previously ignored. Fixes issue #@102.
- Value [2016-01-03] Support for \valid_function predicate during
evaluation.
- ACSL [2016-01-03] New predicate \valid_function, requiring the
compatibility between the type of the pointer and the function
being pointed.
-* Eva [2016-01-01] Fixed some bugs related to 0. vs. -0. in conditions.
- Eva [2016-01-01] More aggressive reductions in complex conditions
such as if(a+3 < 10).
-*! Value [2016-01-01] Reimplementation of all the upper layers of the
plugin. Compatibility with the legacy version is almost complete,
save for some text messages and a few functions of the API.
Use option -no-eva to switch back to the legacy version.
Changelog entries labelled 'Eva' refer to this new version.
Entries labelled 'Value' apply to both versions.
o! Value [2015-12-02] Base.base_max_offset has been removed. Part of its
functionality is still available via Base.valid_range, whose
return type is now more expressive.
-* RTE [2015-12-09] Fix unsoundness for overflows on binary operations
when one or two operands were constant.
-* RTE [2015-12-09] Fix unsoundness on unary minus expressions when
option -rte-trivial-annotations is active.
-! Cil [2015-12-02] Changes in the handling of incomplete structs and
zero-length arrays. Initialization of incomplete (completely
undefined) structs is now duly rejected. Several compiler
extensions to the C99 standard (empty initializers,
zero-length arrays, etc.) now require a GCC or MSVC machdep
(e.g. -machdep gcc_x86_32).
-! Cil [2015-12-02] Better handling of C99 flexible array members (FAMs).
Static initialization of FAMs (a GCC extension) is no longer
supported.
o! Gui [2015-12-01] Refactor GUI Helpers.
(Toolbox and (partially) Gtk_helper moved
to Wutil,Widget, Wform, Wtext and Wtable).
-! Value [2015-11-26] Widening hints now includes signed and unsigned
limits for the bitsize of the value being widened, but does not
include arbitrary limits anymore. The convergence is generally
faster but results may be more or less precises depending on
the case.
-! Value [2015-11-26] Better propagation strategy for nested loops.
Results are usually much more predictable (and often more
precise) when the loops are not fully unrolled by slevel.
-! Makefile [2015-11-26] Target 'make rebuild' has been renamed into
'make clean-rebuild'.
-* Value [2015-11-24] The preconditions of functions overridden by builtins
no longer receive an 'Unreachable status for calls within dead
code: the specification is ignored everywhere. Fixes bug #!1956.
-! Cil [2015-11-23] Incorrect return statements (return void on non-void
functions and vice-versa) now generate errors instead of warnings.
- Value [2015-11-23] New option -val-warn-undefined-pointer-comparison.
- ACSL [2015-11-23] Add built-in operators for lists.
- ACSL [2015-11-23] Add notation '{ x, y, z }' for defining sets.
o Makefile [2015-11-19] New option PLUGIN_EXTRA_DIRS for multi-dir plugins.
-* Kernel [2015-11-18] do not crash when loading statuses depending from
non existing parameter. Fixes issue #!2181.
o! Makefile [2015-11-12] Get rid of FRAMAC_MAKE variable. Use FRAMAC_INTERNAL
instead for distinguishing internal and external mode.
- Kernel [2015-10-28] Option -collect-messages is obsolete and will be
removed in a future version; messages are now always collected.
o! Kernel [2015-10-19] Removed function State_selection.list_state_union.
Use State_selection.of_list or State_selection.list_union instead.
-* Kernel [2015-10-15] Avoid comment duplications on generated code.
-* Kernel [2015-10-15] Comments are preserved even when loops are unrolled.
Fixes issue #!2176.
-! Kernel [2015-10-15] Option -warn-undeclared-callee changed to
-implicit-function-declaration, which receives an argument
(ignore, warn or error) specifying what to do when an undeclared
function is called.
-! GUI [2015-10-15] Signature change for function
Design.register_source_highlighter; the first argument of the
callback has now type Design.reactive_buffer, which can be coerced
back to a GSourceView2.source_buffer using method buffer.
- Value [2015-10-13] During the evaluation of ACSL 'assert', intermediate
statuses (e.g. True, then Unknown, then True) are now reported
in the console.
o! Kernel [2015-12-09] API change for function Alarms.register. See .mli
for details.
- Cil [2015-10-09] Add support for parsing digraphs.
o! Cil [2015-10-09] Buggy record Cil.miscState has been removed.
Customization must be done directly in Cil_printer.state.
- Value [2015-09-30] Better precision for calls through function pointers
when multiple functions are possible. The abstract state now
contains the information of which function was called.
o! Value [2015-09-20] Functions filter_le_ge_lt_gt_* have been renamed
into backward_comp_*. Evaluation and reduction functions
for comparisons now use and return dedicated types, in
Abstract_interp.Comp.
- Cil [2015-09-20] Double pointer casts on the NULL pointer are now
simplified.
-! Cil [2015-09-20] Typing within comparisons is now more strict,
or made more explicit through casts.
- Kernel [2015-09-20] The untyped AST is no longer removed by basic program
transformations such as loop unrolling.
o Ptests [2015-07-29] New EXEC: directive.
- Kernel [2015-07-01] New options -then-last and -then-replace.
- Kernel [2015-07-01] New option -remove-projects.
- Kernel [2015-06-30] New option -set-project-as-default.
#############################################
Open Source Release 12.0 (Magnesium-20151002)
#############################################
o! Kernel [2016-01-03] Modules Dataflow is deprecated, and will be removed
in Aluminium. Module Dataflow2 offers a very similar but simpler
API.
- Doc [2015-11-16] Fixed typo in the manual (Thx Mihaela Sighireanu).
-* Kernel [2015-10-12] Fix clearing of old statuses and hypotheses when a
new status is emitted or an annotation is removed.
-* Libc [2015-09-29] Removed obsolete file machine.h (along with other
similar files) from the Frama-C share folder. Fixes bug #2171
-! Kernel [2015-09-07] Removed support for OCaml 3.12.1
- Value [2015-09-03] Assertions containing \at(P, L), where L is a C
label, can now be evaluated. Evaluation is done once Value has
run; thus, it ignores option -slevel.
-* Value [2015-09-03] pointer_comparable alarms are now emitted with
arguments properly cast to void* or void (*)().
- Value [2015-08-10] The alarms raised when evaluating a global
initializer that leads to an undefined behavior are now marked
with an "Invalid" status.
- Report [2015-08-10] Reports in csv format now honor option
-report-specialized (previously, preconditions at a
callsite were always skipped).
-* Libc [2015-08-26] Fix bug in the specifications of readir, opendir,
closedir and fopen functions, that would cause incorrect analysis
in -lib-entry-mode.
- Gui [2015-08-14] When a call statement is selected, the statuses of
the preconditions of the called functions are displayed in the
'information' panel.
o! Gui [2015-08-14] Minor API changes regarding Design.reactive_buffer.
Some values that used to have an option type are now guaranteed
to be present.
- Gui [2015-08-12] Internal ids (for statements, code annotations, etc.)
are now hidden by default. Start the GUI in debug mode if you want
to see them.
-* Gui [2015-08-10] Filenames in the GUI file tree (top-left panel)
are now sorted correctly. Fixes bug #2173.
-! Value [2015-08-03] WIDEN_HINTS directive are now cumulative with
automatically inferred bounds. Fixes bug #876.
-* Cil [2015-08-03] Fix bug #1553, related to nested initialisations
of structures containing pointers.
-! Value [2015-08-03] All plugins that depend on Value, plus Value itself
are now dynamic. Custom plugins must specify in their Makefile the
plugins they depend on (e.g. PLUGIN_DEPENDENCIES:=Inout Value).
-* Cil [2015-07-29] Cil transformation can introduce assertion to ensure
that size expressions in an array declarations evaluated at
program execution time are positive and do not overflow.
o Ptests [2015-07-29] New LOG: directive.
- Value [2015-07-19] Garbled mix origins now include at most one source
location.
- Report [2015-07-19] New option -report-proven to control the display
of proven properties.
- Report [2015-07-19] New export format (.csv), through option -report-csv.
o! Callgraph [2015-07-16] Remove Cil.Callgraph, Db.Syntactic_callgraph and
Db.Semantic_callgraph which are all replaced by the single
plug-in Callgraph. See Changelog_detailled.md for further detail
about this change.
-! Callgraph [2015-07-16] New plug-in callgraph which merges the old
Syntactic_callgraph and Semantic_callgraph plug-ins (now
removed). Either this plug-in uses Value if already computed, or
computes the syntactic callgraph otherwise. This new plug-in
unifies the behavior of its two ancestors. In particular,
the edges of callgraph computed with the help of Value are
now directed in the same way as the syntactic callgraph (was
reversed before) and so the computed services are now
equivalent. Also, the uncalled functions are now displayed
by default. For plug-in developers, the callgraph is easily
accessible via an API (bts #755).
-! Value [2015-07-14] Float operations that are guaranteed to lead
to +/-infty (e.g. x = FLT_MAX*10.) now stop propagation.
Previous behavior was to continue with an imprecise value for x.
- Kernel [2015-07-09] New option -custom-char-annot for changing the
character introducing ACSL annotations (instead of '@').
- Value [2015-07-09] Do not emit pointer_comparable alarms on valid
pointer comparisons involving objects of size 0.
- Value [2015-07-07] The semantics of copying a lvalue has been changed
when a type mismatch occurs between the destination and the copied
value. A bitwise reinterpretation of the value to the destination
type is now performed during the copy.
o! Kernel [2015-07-01] Ival.Float_abstract renamed to Fval.
Fval.inject_r now may raise Fval.Non_finite instead of the old
Float_abstract.Bottom.
- Value [2015-06-29] Option -val-split-return-auto now always split
between NULL/non-NULL pointers.
-* Value [2015-06-26] Check the validity of the operands of the ACSL
operators /, %, << and >> when evaluating a predicate.
o! Value [2015-06-25] Remove duplicate values Ival.singleton_zero and
Ival.singleton_one. Use script sodium2magnesium.sh for automatic
migration.
-* Parsing [2015-06-22] Black-list gcc's builtin macros for logic
pre-processing to avoid warnings for duplication. Fixes bug #2161.
-* Logic [2015-06-15] Fix typing bug when converting into a term an
expression containing a pointer subtraction.
-* Value [2015-06-09] Pointer comparisons using relational operators (<,
>=, etc) between a pointer and NULL is now flagged as undefined.
o! Kernel [2015-06-09] Remove support of plug-ins without .mli.
Fixes bug #!1825.
-* Cil [2015-05-29] Better typing of '?' operator. Fixes bug #2117.
o! Kernel [2015-05-29] Remove long-obsoleted functions Cfg.computeCFGInfo
Cfg.printCfgFilename, and Cfg.printCfgChannel.
- Value [2015-05-28] Functions call using a function pointer are now
treated more leniently when too many arguments are supplied. An
alarm is emitted, but execution continues with the right number
of arguments.
- Value [2015-05-12] Improved reduction by predicate \initialized when
the left argument is a range of locations.
- Impact [2015-05-12] Removed function Db.Impact.slice, that was actually
unrelated to Impact. You can use the functions contained in
Db.Slicing.Select, in particular Db.Slicing.Select.select_stmt,
to obtain the same result.
- Makefile [2015-05-06] Dynamic plug-ins are now declared as Findlib
packages. Use variables PLUGIN_REQUIRES and PLUGIN_DEPENDENCIES.
Loading a plug-in automatically loads all necessary dependencies.
Plugin "MyPlugin" is register under "frama-c-myplugin" package.
-! Kernel [2015-05-06] Dynamic now rely on Findlib. Small changes in API.
Option -load-module can now load any Findlib package and its
dependencies as well.
- Kernel [2015-05-06] Reformulated help messages.
Option -help is more concise.
Option -version only prints version number.
Options -print-xxx uniformized.
New options -plugins, -print-config.
- Value [2015-05-29] Added built-ins for mathematical functions: atan2,
fmod, pow, expf, logf, log10f, powf, sqrtf, floor, floorf,
ceil, ceilf, round, roundf, trunc, truncf.
-* Value [2015-05-03] In -lib-entry mode, allow the generation of initial
states with 0-sized bitfields.
-* Metrics [2015-05-05] Fix computation of global cyclomatic complexity.
Fixes bug #!2089.
-* Libc [2015-04-29] Added ACSL specifications to some standard library
functions, including read, write and realloc. Fixes bug #1939.
- Scope [2015-04-22] Assertions previously removed by
-remove-redundant-alarms are now marked as proven, but remain in
the AST.
- Value [2015-04-22] New GUI panel 'Values', that displays nearly all the
information previously available under the 'Information' panel.
-* Logic [2015-04-14] Correct handling of string and char constant in
logic pre-processing. Fixes bug #2101.
-* Logic [2015-04-14] Better overloading resolution.
Fixes bug #2098.
o! Logic [2015-04-08] Functions Db.Properties.Interp.lval and
Db.Properties.Interp.expr have been renamed (into term_lval
and term, respectively), and have a new signature.
-* Cil [2015-04-19] Fix parsing of packing directives of the form
'#pragma pack(push, N)'.
-! Value [2015-04-13] In -lib-entry mode, functions pointers no longer
force the generation of dummy functions. Instead, they are
initialized to NULL. Fixes bug #!2104.
- Kernel [2015-04-01] New API for backward dataflow propagation in file
Dataflows.
- Metrics [2015-03-25] New category 'Extern global variables', that can
be used to check whether some files are missing.
- Metrics [2015-03-24] Functions from Frama-C standard library are now
hidden by default.
-* Cil [2015-03-26] Switch statements in which some cases are not
constant expressions are now completely disallowed, as per the
C standard.
-* Cil [2015-03-21] Disallow all incomplete types for struct fields
Fixes bug #!1672.
-! Cil [2015-03-21] Parsing no longer accepts structures containing
incomplete types. Fixes bug #!2091.
- Kernel [2015-03-24] Special functions CEA_ have been removed.
-! Libc [2015-03-19] Most .c and .h files under /share have been merged
into /share/libc. Inclusions of builtin.h should be replaced by
__fc_builtin.h.
- Kernel [2015-03-18] New ACSL predicate \valid_read_string in
share/libc/__fc_string_axiomatic.h.
-! Value [2015-03-12] Terms involving l-values that are bit-fields are now
correctly handled.
- Cil [2015-03-19] Fix incorrect simplifications of '!E' to 0 when
E is either an enum with value 0 (bug #2090), or an expression
whose value wraps.
-! Kernel [2015-03-17] Removed option -no-dynlink.
- Kernel [2015-03-10] macro __FRAMAC__ is defined when pre-processing
C files in Frama-C.
o! Kernel [2015-03-10] AST change: split GVarDecl into GVarDecl and GFunDecl
o! GUI [2015-04-04] Constructor Pretty_source.PTermLval now has an
additional argument, the property in which the term appears.
- Defs [2015-04-04] L-values for which defs are queried are now evaluated
only for the callstacks that are currently active, resulting
in possibly less locations.
-! Value [2015-03-08] Fix bug in -memexec-all option in presence of
instructions where evaluation was guaranteed to fail.
-! Inout [2015-03-08] The inputs of an instruction whose evaluation always
fail include the sub-expressions for which evaluation succeeds.
- Kernel [2015-02-26] Added -no-tty option to disable terminal capabilities
- Value [2015-02-23] Faster treatment of imprecise struct copying and
left shifts in the logic.
o! Kernel [2015-02-22] Function Integer.two_power now raises an exception
for overly big arguments.
- Kernel [2015-02-20] Add new suffix '.ci' for pre-processed files
containing ACSL annotations to be pre-processed.
-! Value [2015-02-18] In synthetic results, for local variables that are
not those of the current function, the approximated values
encompass only the callstacks for which the variables were
in scope in one of the callers.
- Value [2015-02-18] Local variables that are in scope but not yet
initialized are now present in the environment.
-! Value [2015-02-15] Option -subdivide-float-var has been renamed into
-val-subdivide-non-linear, and has now an effect on non-linear
integer expressions.
o! Value [2015-02-15] Removed function Cvalue.V.min_and_max_float. Use
Cvalue.V.project_ival and Ival.min_and_max_float.
- Cil [2015-02-11] Function Printer.change_printer now allows composing
printers, and is called Printer.update_printer.
- GUI [2015-02-11] Variables are now left- and right- clickable in
the 'information' panel.
- Value [2015-01-31] Improved reduction by assertions of the form
\initialized(&t[0..N]) when N is above -plevel.
o! Kernel [2015-30-01] Fixed bug #!2012 about combining
Ast.is_last_decl and Kernel_function.get_global.
- Value [2015-01-26] New option -val-initialization-padding-globals to
specify how padding bits should be initialized. Option
-initialized-padding-globals is deprecated.
-* Value [2015-01-26] Fix initial state in which some volatile qualifiers
for nested types were ignored.
-* Value [2015-01-26] Fix incorrect initialization of padding bits.
Option -initialized-padding was ignored in some cases.
-* Cil [2014-01-26] Fix iterators on C99 designated initializers.
- Value [2015-01-26] Improvements to option -subdivide-float-var, when
subdividing may avoid the emission of an alarm.
- Value [2015-01-21] Support for \subset predicate.
##########################################
Open Source Release 11.0 (Sodium-20150201)
##########################################
- Kernel [2015-02-01] Tests are added to the distrib (make tests).
-* Logic [2015-02-09] The ACSL parser accepts qualifiers in logic C types.
- Value [2015-01-07] Special functions CEA_ are deprecated. Use
Frama_C_show_each or Frama_C_dump_each instead.
- Kernel [2014-12-28] Improve pretty-printing of some loops.
-* Kernel [2014-12-16] -load-module M now works fine if M uses the API
of another plug-in (bts #!1824).
-! Cil [2014-12-09] Default preprocessing command now includes Frama-C's
standard library, and when possible sets option '-nostdinc'.
See options -frama-c-stdlib and -cpp-gnu-like.
*! Cil [2014-12-09] Variables __FC_MACHDEP_FOO_BAR are now automatically
positioned when setting a non-standard machdep and using Frama-C's
standard library.
- Cil [2014-12-09] Option -pp-annot should be much faster when parsing
files with many ACSL annotations.
- Logic [2014-11-28] The ACSL parser now ignores /*@{ and /*@} comments,
to avoid conflicting with Doxygen.
- Value [2014-11-10] Accesses to locations that contain garbled mix now
cause the garbled mix to be reduced to the set of valid locations.
- Value [2014-11-07] Accesses to '*(foo *)p' may now reduce p according
to the validity of the access, when useful.
- Value [2014-11-07] Removed message "assigning non-deterministic
value from the first time".
- Value [2014-10-28] Option -slevel-merge-after-loop renamed to
-val-slevel-merge-after-loop. Now takes a set of kernel functions
as an argument.
- Value [2014-10-24] Per-callstack results are now always computed.
Option -val-callstack-results is deprecated.
- From [2014-10-24] New option -from-verify-assigns to give assigns/from
clauses of function with bodies a validity status.
-! Value [2014-10-24] Logic ranges are now evaluated using a dedicated
lattice. Results are almost always more precise, and the analysis
faster.
-* Kernel [2014-10-23] allow dynamically loaded module to start with a
lower-case letter. Fixes #1276.
-* Value [2014-10-15] Improved precision for variables that are reduced
(but not written) during a call memorized by option -memexec-all
- Value [2014-10-15] Indeterminate bits copied when option
-val-warn-copy-indeterminate is active now cause a reduction in
the source location.
- Value [2014-10-15] Arguments of functions that give rise to an alarm
are now reduced when possible.
- Value [2014-09-26] Reduce arguments of a function according to the
possible values of the formal at the end of the call.
- Value [2014-09-26] Better precision when a scalar value is written
through a garbled mix.
o! Value [2014-09-26] Remove experimental support for periodic bases.
-* Value [2014-09-25] Fix bug when writing precise values at too many
locations in packed arrays.
-* Value [2014-09-19] When for missing '\from' clause for '\result' when
result is used in a postcondition. Fixes bug #1908.
o! Value [2014-08-29] Garbled mix (constructor Top in modules
Location_Bits/Bytes) now explicitly mention the NULL base.
- Kernel [2014-08-15] New option '-then-last', which behaves like
'-then-on' on the last project created by a program transformer.
-* Value [2014-07-27] Text-only alarms that used the '\defined' predicate
(to warn about dereferencing pointers to out-of-scope variables)
are now emitted with the '\dangling_contents predicate.
- Logic [2014-07-27] The ACSL predicate '\specified', which has been
renamed to '!\dangling_contents' is now supported.
o! Value [2014-07-22] Value 'empty' is no longer exported in module
Offsetmap. The API should prevent any accidental creation.
- Inout [2014-07-22] Remove undocumented option -access-path
o! Value [2014-07-22] Most iterators of module Lmap and Cvalue.Model
now accept only the non-bottom and non-top cases.
o! Value [2014-07-22] API of module Cvalue.V_Or_Uninitialized is now
type-safe. Replace all occurrences of 'get_flags v' by 'v'.
o! Value [2014-07-22] Improve and clarify the return conventions of modules
Offsetmap, Lmap, Cvalue.V_Offsetmap and Cvalue.Model, by returning
three cases: `Bottom, `Top and `Map. The latter case indicates
the operation succeeded precisely'.
o! Value [2014-07-22] Functions find_base and find_base_or_default in
modules Lmap and Cvalue.Model now return an optional type, to
account for invalid bases (that may not be present in the map).
o! Value [2014-07-22] Some functions of modules Offsetmap, Lmap,
Cvalue.V_Offsetmap and Cvalue.Model now require a separate
Locations.Location_Bits.t and (integer) size, instead of a
Locations.location. This avoids errors when the case was
Int_Base.Top.
o Value [2014-07-22] Argument ~conflate_bottom to Cvalue.Model.find is now
optional. The documentation has been updated to better explain its
meaning.
- Value [2014-07-22] Message 'extracting bits of a pointer' is no longer
emitted, as it was redundant with the warnings about garbled mix.
-* Value [2014-07-22] Fix evaluation of '/' in the logic, that silently
ignored the presence of the value 0 in the divisor.
- Value [2014-07-22] The arguments of an invalid shift operation are now
reduced so that they belong to the proper range.
o! Value [2014-07-22] Multiple low-level functions have been removed from
modules Cvalue.V and Cvalue.Model, and are no longer available.
o! Value [2014-07-22] Function Cvalue.Model.find does *not* signal its
result is indeterminate anymore. Use function
Cvalue.Model.find_unspecified instead.
o! Value [2014-07-22] Major API change in directories src/ai and
src/memory_state. Functions no longer take ~with_alarms arguments.
Instead, they return booleans, that indicate an alarm occurred.
- Value [2014-07-22] More systematic emission of message 'operation [...]
incurs a loss of precision', signaling an arithmetic operation
on a pointer address. This message is now emitted by Value itself.
-! Kernel [2014-07-09] New way to handle command line options which
accepts sets of values. Values may be prefixed by '+' or
'-' to add/remove them and categories of values prefixed by
'@' are available as well (for instance @all).
o! Kernel [2014-07-09] A new bunch of functors are available to
define command line collections.
o! Cil [2014-07-03] Field 'vgenerated' of type Cil_types.varinfo has
been replaced by the field 'vtemp' to emphasize the fact that
it should only be set to true for temp variables generated
during elaboration.
o Cil [2014-06-27] Variables are created with a field 'vgenerated' set
to 'false' by default. Only Cil should position this field to
'true'.
o! Cil [2014-06-27] The field 'vlogic' of type Cil_types.varinfo has
been replaced by the field 'vsource', to avoid confusion with
logic variables. The value of the new field is the negation of
the previous one.
-! Cil [2014-06-17] Frama-C's x86 default machdeps no longer assume that
the compiler is GCC. Some typing extensions and builtin are thus
deactivated. If you want a GCC-centric analysis, use the
gcc-prefixed machdeps.
o! Cil [2014-06-17] Modifications in some fields of type Cil_types.mach.
Function File.new_machdep has a simpler type.
- Value [2014-06-17] Option -val-split-return can now be used to split
between NULL / non-NULL pointers
- Kernel [2014-06-16] New option -const-readonly (set by default), that
asserts that 'const' variables must never be written.
- Logic [2014-06-16] New logic label "Init", that refers to the state
just after the initialization of globals.
- Cil [2014-06-16] Values extracted from initializers of const variables
are now accepted as arguments of directives pragma loop UNROLL.
- Logic [2014-06-16] New builtin functions \min and \max of type
Set(Integer) -> Int
- Semantic Constant Folding [2014-06-12] Reducing the number of introduced
casts; feature #!1787.
- Value [2014-06-07] Improve conversion of float values that have been
written as integers (through low-level memory accesses)
- Value [2014-06-06] Improved pretty-printing of variables containing
pointers.
-* Makefile [2014-06-05] Do not install ZArith with Frama-C anymore.
o* Makefile [2014-06-05] Fixed compilation bug for plug-ins with both a
GUI and a non-empty API (bug #!1798).
- Value [2014-06-01] Improved widening on variables that are used to
access an array
- Value [2014-05-27] The GUI now showns the value of logic l-values
inside function specifications. They are evaluated in the
pre-state of the function, before the evaluation of preconditions.
o Gui [2014-05-27] Logic l-values inside function specifications can
now be selected
* Slicing [2014-05-23] Fix issues about slicing calls to the main function
and journalization (bug #!1684).
- Kernel [2014-05-22] Nicer error message in case of code
incompatibility when loading a plug-in.
-* Kernel [2014-05-15] Fix bug #1765 (spelling errors).
-* Slicing [2014-05-14] Fix crashes about multiple slicing pragma inside a
function (bug #1768).
- Report [2014-04-07] New option -report-callsite-preconditions.
- Report [2014-04-07] More consistent behavior when option -report-untried
is not set.
- Report [2014-04-07] Better reporting of reachability statuses; do not
coalesce unproven reachability assertions with other alarms.
- Value [2014-04-05] When option -val-callstack-results is set, the GUI
now displays a callstacks-wide consolidation of the possibles
values for expressions and terms. Previously, the potentially
less precise summary state was used.
- From [2014-04-05] Major performance improvements on big analyses.
-! Value [2014-04-05] Complete rewrite of the modules Int_Intervals and
Offsetmap_bitwise; both are now implemented with the same
datastructure as Offsetmap. Many performance improvements.
Many changes in the API of module Offsetmap_bitwise. Few changes
in Int_Intervals, but the englobing module Lattice_Interval_Set
has been removed.
- Gui [2014-03-27] New option -gui-project to run the GUI in a
given project.
- Semantic Constant Folding [2014-03-25] Reducing the number of introduced
casts; feature issue #!1697.
- Semantic Constant Folding [2014-03-25] New option -scf-project-name.
o! Cil [2014-03-24] The ikind for Cil.kinteger64 is now optional.
- Value [2014-03-20] File-scope and formal const variables are read-only.
Any possibility of writing there is treated as alarm.
-! Gui [2014-03-14] C expressions can now be selected through the source
panel.
-* Cil [2014-03-13] Fix erroneous integral promotion of type 'char' on
architectures where 'char' is unsigned.
- Semantic Constant Folding [2014-03-13] Generate nicer constants for integers
and pointers
- Semantic Constant Folding [2014-03-13] Floating-point constants can now
be propagated.
-* Semantic Constant Folding [2014-03-13] Fix crashes and/or multiple declations
when a global was referenced in the constant-folded project
earlier than in the original one.
- Value [2014-03-12] Improve precision of &.
o Logic [2014-03-04] Annotations.{iter,fold}_all_code_annot are now
by default sorted. Use ~sorted:false in case of efficiency issues.
-* Value [2014-03-02] Dividing an integer value by a memory address
requires the address to be comparable to NULL.
- Value [2014-03-02] Alarms are now re-evaluated at the end of the
analysis. If their truth value is 'Valid' or 'Invalid', this more
precise status is used, instead of the previous 'Unknown' one.
- Value [2014-03-01] Preconditions of functions that are never called are
now also marked as dead at each call-site.
- Rte [2014-03-01] Very big floating-point constants that are converted
to an integer are now reported as overflowing in only one
direction
- Value [2014-03-01] Alarms when converting integers to floating-point
are now reported only for the range that overflows
- Value [2014-03-01] Instructions whose execution is guaranteed to fail
are now displayed in the GUI
- Value [2014-03-01] Option -val-after-results is now always active by
default, and can no longer be unset
-! Kernel [2014-05-12] require ocamlgraph version 1.8.5
- Kernel [2014-08-07] add instructions for downloading the manuals
-* Configure [2014-03-17] use the gcc from the configure for compiling c files
-* Configure [2014-03-10] fix for autoconf < 2.67 when checking ability
of default pre-processor to keep comments
########################################
Open Source Release 10.0 (Neon-20140301)
########################################
-* Value [2014-03-04] Fix bug when writing imprecisely in a struct
containing a 1-bit wide bitfield (bug #!1671)
-* Kernel [2014-02-18] Fix -machdep help in presence of other actions
(bts #1643).
+* Logic [2014-02-05] Better handling of sets. Use Tlogic_coerce to
explicitly mark conversion from singleton to set.
- Kernel [2014-02-04] Assigns clauses generated by the kernel for functions
with neither a specification nor a body receive an 'Unknown'
status.
- Value [2014-02-05] For functions for which only the specification is
available, non-invalid statuses are no longer reported when
evaluating a postcondition. Invalid statuses are reported, and
usually indicate a specification error.
-* Kernel [2014-02-05] Fix typing of variadic arguments.
- Configure [2014-02-05] New option --disable-local-ocamlgraph to
disable the use of the OcamlGraph version provided by
Frama-C.
-* Value [2014-02-04] Fix potential unsoundness in the operation testing
the inclusion of two memory states (never observed in practice)
o! Kernel [2014-02-03] The module Parameter_state now contains the
functions to select group of parameters (was in module Plugin).
o! Kernel [2014-02-03] The module Parameter_customize now contains the
functions to customize command line options (was in module
Plugin).
o! Kernel [2014-02-03] Parameter is now called Typed_parameter.
o! Kernel [2014-02-03] The module Parameter_sig now contains the
signatures of command line options (was in module Plugin).
- Kernel [2014-02-03] FRAMAC_PLUGIN may now specify a list of
comma-separated directories instead of a single one.
o* Logic [2014-01-30] Better specification and more checks on
Annotations.{add,remove}_* functions (fixes bug #!1635).
o! Kernel [2014-01-29] Changes to the signatures in lattice_type: top and
bottom are now optional, a join_and_is_included function is
required, and Upper_Semi_Lattice was renamed to Join_Semi_Lattice.
-* Value [2014-01-25] Remove support for ACSL \inter operator, which could
lead to unsoundness with predicates involving the empty set
(fixes bug #!1624)
- Value [2014-01-25] Fix spurious messages about integer overflow when an
arithmetic operation is guaranteed to result in an undefined
behavior.
o! Kernel [2014-01-21] Removed Db.Dominators. Use the Dominators kernel
module instead.
-* Value [2014-01-18] Fixed spurious warning about floating-point values
containing addresses.
-* Kernel [2014-01-18] Fixed parsing bug with decimal single-precision
floating-point literals representing numbers above MAX_FLOAT.
-! Value [2014-01-16] Replace mostly-inoperant option -memory-footprint
by an environment variable FRAMA_C_MEMORY_FOOTPRINT
o Ptests [2014-01-16] Use ptests.opt whenever possible.
o! Kernel [2014-01-14] For building a datatype, you now need to use
smart constructors provided in Structural_descr.
-* From [2014-01-11] Fix incorrect dependencies with code of the form
'f(); x = 1; f();' when f assigns a value with a right-hand side
that depends on x.
-* Value [2014-01-11] Fix missing read/written zones and dependencies when
accessing a completely imprecise pointer (garbled mix) and using
option -absolute-valid-range. Impacts the results of plugins
Inout, From, Pdg, Impact and Slicing.
o! Value [2014-01-08] Harmonisation and simplifications of functions
related to memory states in Cvalue.Model. Different functions
are now available for updating, refining and creating a state
-* Value [2014-01-07] Fix crash on analyses involving very imprecise
pointers and a partially valid absolute memory range
-* Cil [2014-01-06] Fixes issue #1589 (do not drop access to volatile
lvals in pure expressions).
- From [2014-01-01] Fix possibly invalid dependencies for functions
that return partially-written structs.
o Kernel [2013-12-23] Plug-ins may now have a non-empty .mli interface.
It deprecates the old way to register them through module Db
or Dynamic (this last one may remain useful for mutually
recursive plug-ins).
-* Value [2013-12-23] Fix possible unsoundness in presence of &.
(unsoundness never observed in practice)
- Value [2013-12-23] Improve precision of treatment of x = e1 & e2;
- Value [2013-12-23] Improve precision of treatment of:
if ((int)floatvar == intexpr)
- Value [2013-12-13] Ensure convergence in presence of some non-natural
loops
-* Cil [2013-12-12] Do not pretty-print while(1) into while(c) when
the 'break' branch is not reduced to a single break, or contains
an annotation
-! Syntactic_callgraph [2013-12-10] Remove option -cg-services-only which
was unused since a while.
-* Value [2013-12-09] Fix rare crash during widening operation in
C union intensive code
-* Value [2013-12-03] Fix potentially invalid source line number in origin
of Merge garbled mix values.
- Value [2013-12-03] Display information about temporaries when emitting
an alarm
- Kernel [2013-12-03] "-machdep help" now specifies the default
machdep (bts #!1558).
- Obfuscator [2013-12-03] New option -obfuscator-string-dictionary to generate
the dictionary of literal strings into a separated file.
- Obfuscator [2013-12-03] New option -obfuscator-dictionary to generate
the dictionary into a file.
-* Kernel [2013-12-03] Fix bug which may occur when pretty printing
range of terms.
- Obfuscator [2013-12-03] Warn about unobfuscated symbols.
- Obfuscator [2013-12-03] Handle literal strings in a separate dictionary
(bts #!1564).
-* Obfuscator [2013-12-03] Now properly handle option -ocode.
- Obfuscator [2013-12-02] Obfuscate (most of) logical constructs (bts #1563).
- Obfuscator [2013-12-02] Obfuscate labels (bts #1562).
- Obfuscator [2013-12-02] Print the category which each symbol belongs to
(bts #!1566).
-! Value [2013-12-01] Volatile pointers are now modeled as the base
addresses that are stored into the pointer, shifted by an
unspecified offset.
o! Value [2013-11-28] Functions previously required by some functors in
directories src/ai and src/memory_state are no longer needed.
Use script bin/fluorine2neon.sh for partially automatic migration.
- Scope [2013-11-27] Option -inout-callwise can be used to improve
the precision of computations, including the effects of option
-remove-redundant-alarms. Option -calldeps is no longer necessary
- Value [2013-11-27] Experimental option -slevel-merge-after-loop
- Value [2013-11-25] Improve precision of bitwise conversion from
floating-point value to integers
-* Value [2013-11-22] Ensures that sqrt(-0.) is -0., even with buggy
MSVC runtime. Fixes bug #!1396
- Kernel [2013-11-20] Support for binary literal constants in C and
in logic denoted by '0[bB][01]+' (common ISO/C extension).
- Value [2013-11-14] Copies of non-struct left-values that contain
indeterminate bits can now be reported using option
-val-warn-copy-indeterminate.
-! Value [2013-11-14] Passing a struct containing uninitialized fields
or padding bits to a function without a body no longer raises
an alarm.
- Value [2013-11-14] The option -val-left-shift-negative-alarms has been
renamed into -val-warn-left-shift-negative
-! Value [2013-11-14] Pointer subtraction now requires that the pointers
refer to the same allocated block, and returns the pointwise
difference between the corresponding offsets. Use
-no-val-warn-pointer-subtraction to obtain the previous behavior.
-! Value [2013-11-13] No alarms are emitted for overflowing unsigned
left shift operations.
-* Rte [2013-11-13] No assertions are generated for unsigned left-shift
that may overflow, regardless of whether -warn-unsigned-overflow
is set. Fixes issue #!1555.
-* Value [2013-11-13] Prevent GUI crashes when options -no-results or
-obviously-terminates are set and some functions have
ACSL preconditions
-* Value [2013-11-12] Fixed bug involving the conversion to
float of a double expression e s.t. 0 < fabs(e) <= 0x1.0p-150.
-* Kernel [2013-11-12] The parsed value could be wrong and the warning
for inexact decimal floating-point constants be wrongly omitted
for constants smaller than the smallest subnormal.
-* Logic [2013-11-08] Support for _Bool in ACSL formulas
-! From [2013-11-08] Separately compute data dependencies and indirect
(address, control) dependencies with option -show-indirect-deps
o Kernel [2013-11-08] parameters can be preserved across project creation
through copy visitor (do_not_reset_on_copy function). fixes
do_not_projectify and do_not_reset_on_copy status of
Kernel's options.
-* Logic [2013-11-06] do not cast an enum value toward its associated
integral type when comparing to an enum constant. Fixes #!1546
-* Kernel [2013-11-06] Fixes loop unrolling having in their body 'switch'
with 'continue' stmts.
- Report [2013-11-05] New option -report-untried
-*! Logic [2013-10-29] -check checks that C and associated logic variable
agree on their type. transfer completion of type up to
associated logic var and term when needed. Fixes #1538
-* Logic [2013-10-29] Do not remove labels out of scope of annotations
too quickly. Fixes #1536
-* Kernel [2013-10-29] Do not fail on nested ternary operators whose
value is dropped, as in #1503
-* Logic [2013-10-29] Accept struct with same name as typedef in specs.
Fixes #1518
-* Kernel [2013-10-29] Do not consider array variable as read lval in
unspecified sequence. It can't be written anyway. Fixes #!1519
o* Value [2013-10-27] Type Base.string_id is now concrete. No more need
for function Base.cstring_of_string_id
-* RTE [2013-10-28] Better normalization when using -rte-precond.
- Kernel [2013-10-27] Generate more aggressive assigns clauses for
unspecified library functions that arguments with type pointer
to void or char
-* Kernel [2013-10-26] Do not generate invalid assigns clauses when some
formals are pointers to arrays
- Kernel [2013-10-22] Support for static evaluation of the
__builtin_compatible_p GCC specific function.
- Kernel [2013-10-22] Add -aggressive-merging option to merge two
inline functions if they are equal modulo alpha conversion.
-* Kernel [2013-10-17] Correctly distinguish typenames and declared
identifiers in declarations. Fixes #1500
-* Kernel [2013-10-17] Statements with a label attached to them are
never erased during elaboration. Fixes #1502.
-* Slicing [2013-10-17] Slicing is now compatible with option -val-use-spec
- From [2013-10-15] Better precision when querying information about
a zone that has the same dependencies as its neighbors.
o! Value [2013-10-15] Function Map_Lattice.Make requires a new argument
- Value [2013-10-14] Evaluation of left-values such as t[i][j] or
p->arr[i] is now more precise when the total number of locations
to read or write is less than the value of -plevel option
- Value [2013-10-13] Syntactic loops (ie. 'for', 'while' and
'do ... while') are now always used to perform widening,
regardless of whether they are reducible
-! Impact [2013-10-11] More generic dynamic function impact_statement_gui.
The set of nodes impacted can now be filtered by a memory zone.
-! Journal [2013-10-09] By default, the journal is now generated into
the Frama-C session directory.
o*! Makefile [2013-10-03] Split Makefile.common in two parts in order to
include generic rules (new Makefile.generic file) at the end
of main Makefile, so specialized patterns will be considered
first in make < v3.82
-*! Logic [2013-10-02] Disallow cyclic logic type definitions
-! Gui [2013-10-01] the configuration file .frama-c-gui.config is
now put in the GUI config directory and named frama-c-gui.config.
o Kernel [2013-10-01] Plug-ins may now have their own configuration
directory in which they can generate configuration files
during a Frama-C session.
o Kernel [2013-09-30] Plug-ins may now have their own session
directory in which they can generate project-dependent files
during a Frama-C session.
o* Doc [2013-09-27] Fix ugly display of documentation of dynamic
plug-ins API (bts #!1394).
-* Value [2013-09-26] Fix crash when evaluating \valid(p->off) when
p is NULL or a valid pointer, and p->off is itself only partially
valid (bug #1486).
-* Kernel [2013-09-26] Reject identifiers in the same namespace and same
scope, according to C standard's rules. fixes bug #1330.
o! Kernel [2013-09-26] Alpha.{new,register}AlphaName: transform labelled
argument 'undolist' with option type into optional argument.
-* Kernel [2013-09-26] Fixes issue #1451 about -unicode which was not
taken into account by -load-script.
-* Kernel [2013-09-24] Fixes binding of formals when linking static
prototypes. Fixes issue #1475
o* Scope [2013-09-21] Functions registered in Db now return Stmt.Hptset
values instead of Stmt.Set
o* Value [2013-09-21] Minor signature change for widening functions
- Metrics [2013-09-19] More precise information about coverage
-o Value [2013-09-18] Fix bug in which two distinct memory states could be
erroneously made equal
-* Slicing [2013-09-12] Slicing on a composite statement containing dead
code now works properly
o* PDG [2013-09-12] Function Db.Pdg.find_stmt_and_blocks_nodes
returns a correct result on partially dead composite statements
- Slicing [2013-09-12] -slice-calls main only selects the calls to the
main function, nothing more.
o* Kernel [2013-09-11] Fixed buggy function Property.location.
- Logic [2013-09-10] Improve localisation of error messages during
logic typing.
- Value [2013-09-07] Degeneration points are now shown in the GUI
- Value [2013-09-07] Value analysis can now be aborted while keeping
intermediate results, by sending SIGUSR1 to Frama-C
- Value [2013-09-06] More aggressive evaluation of \initialized(p)
when p points to a memory zone containing both bottom and
non-bottom values
o! Value [2013-09-06] Function Cvalue.Model.find_unspecified now requires
one additional argument ~conflate_bottom
- Value [2013-09-06] Warn for missing '\from' or 'assigns \result \from'
clauses. Fixes wish #1448
-* Logic [2013-09-02] Conversion from C array to pointers do not lose
cast on pointed types. Fixes issue #1469
o* Cil [2013-08-30] Terms containing ACSL keywords are now properly
parsed by function Logic_lexer.lexpr
o* Cil [2013-08-26] Statements containing calls to va_start can now be
printed outside of a function
-* Pdg [2013-08-26] Fix possible non-termination during the computation
of the control dependencies (bug #1436)
- Metrics [2013-07-29] ACSL statistics
-! Value [2013-07-24] Fewer and better widening bounds for pointer
addresses: try the frontier of the block
-! Value [2013-07-24] Better widening bound for signed 32 bits integers
-* Kernel [2013-07-18] More clever merge of function contracts.
Fixes issue #1455
o Lib [2013-07-18] Filepath.normalize can replace paths by a symbolic
name.
o Ptests [2013-07-16] add the possibility to define macros in
configurations. See developer documentation.
-* Kernel [2013-07-11] designated initializers are correctly pretty-printed.
Fixes issue #1457
-* Semantic Constant Folding [2013-07-10] Fixes error when folding fct pointer
resulting in two distinct kf for the same function.
o* Kernel [2013-07-08] Cil.mkEmptyStmt gets a valid_sid argument in
order to generate valid statements.
-* Kernel [2013-07-05] Tmp vars created during typecheck all have a
description. Fixes bug #!1387
-* Kernel [2013-07-04] more informative error message. Fixes bug #1352
-* Kernel [2013-07-04] implicit annotation status is not lost through
code transformations anymore. Fixes bug #!1442
o Kernel [2013-07-04] Added hooks when registering/removing a property
o Kernel [2013-07-03] Added StringList.append_{before,after} for
manipulating options (both static and dynamic API)
- Kernel [2013-06-27] An 'unknown' local status is set on assigns generated
from the C prototype of leaf functions
o Kernel [2013-06-25] Add hooks to register transformation to be performed
on a freshly computed AST. See src/kernel/file.mli
o Kernel [2013-06-25] Add hook builders for hooks that can have
dependencies. See src/lib/hook.mli
o Kernel [2013-06-21] adding a category do not set debugging level to 1.
Conversely debug ~dkey "..." (without ~level) will output "..."
if dkey is requested by the user, even if debugging level is 0.
-* From [2013-06-21] Position the 'and SELF' flag when an assigns clause
z1 and z2 overlap in an assigns clause z1 \from z2 .
- Value [2013-06-21] Better documentation of module Hptmap. Some
incompatible API changes.
- From [2013-06-20] Slowndowns in the analyses can be mitigated using
higher values for option -memory-footprint
- Value [2013-06-20] Option -memory-footprint now accepts much bigger
arguments. The size allocated to each cache is multiplied
by 2 between each increment.
-! Kernel [2013-06-20] Renamed argument ~cache of functions cached_fold
into ~cache_name. The previous integer is no longer used.
-* Kernel [2013-06-20] Fix consolidation algorithm of property statuses
which possibly occurs on cycles involving an unproved property
(bts #1443).
-* Kernel [2013-06-20] Fix incorrect dot output of consolidation graph
of property statuses.
-* Kernel [2013-06-19] Fix pretty-printing of comments in ghost code
(bts #1378 and #1404).
- RTE [2013-06-18] Remove limitation about alarms which do not fit
into 64 bits (bts #1391).
- Kernel [2013-06-18] Better strategy when -save is set and Frama-C
crashes (bts #1388).
-* Project [2013-06-17] Fix messages about projects.
-* Slicing [2013-06-17] Fix crash in presence of assertions involving
sizeof(t), where t is an array. Fixes similar bug with option
-remove-redudant-alarms
-! Inout [2013-06-13] Inputs of an instruction whose evaluation fails
now include the sub-expressions for which evaluation succeeds
-* Value [2013-06-12] Fix crash when the creation of the initial state
encounters a completely invalid compound initializer.
- Value [2013-06-11] The name of an evaluated property is now displayed
in the log message. Fixes wish #1415.
- Value [2013-06-11] Assertions on dead code now get a "true because
unreachable" status.
- Kernel [2013-06-23] The annotation 'loop pragma UNROLL "done", n;'
disables the unrolling of the annoted loop. Option -ulevel-force
has to to used for enabling the transformation of such a loop.
This pragma is introduced by the unrolling process in order to
prevent unrolling on source code obtained by a previous frama-C
run.
- Value [2013-06-05] Preliminary support on \forall and \exists
quantification when the introduced variables have a C type.
o! Value [2013-06-05] API change in module Base. Use script
bin/fluorine2neon.sh for automatic migration.
- Value [2013-05-26] Evaluation of \base_addr, \offset and \block_length
logic predicates.
o! Cil [2013-05-26] Rename function sizeOf_int into bytesSizeOf.
- Value [2013-05-26] Basic support for \inter logical predicate (treated
as an union).
- Value [2013-05-25] Distinguish unreachable state and invalid location
when printing the value of a l-value in the GUI
- Value [2013-05-25] Frama_C_show_foo functions now display struct
arguments in extenso.
-* Value [2013-05-24] Failure during a memory zone copy is now properly
notified. Alarms were emitted, but a non-bottom result was
simultaneously returned.
- Slicing [2013-05-24] Better slicing of complex logical assertions
(bug #690).
o! Value [2013-05-23] Do not crash when printing arrays or structs
containing abstract structs (bug #1416).
-! Kernel [2013-05-20] Support parsing and printing "asm goto" from gcc 4.6.
Added a component to Cil_types.Asm constructor.
- Pdg [2013-05-03] Shorter output when outputting results
o! Pdg [2013-05-03] Results of Pdg cannot be intercepted by
Log.add_listener anymore. Use Db.Pdg.get and Db.Pdg.pretty
instead.
o! From [2013-05-03] Results of From cannot be intercepted by
Log.add_listener anymore. Use Db.From.{pretty,display} to print
them.
o! Value [2013-05-03] Results of Value cannot be intercepted by
Log.add_listener anymore. Use Db.Value.display to print them
o! Value [2013-05-03] Remove functions Cvalue.Model.pretty_without_null and
Db.Value.display_globals. Function Db.Value.display is now a
reference to the real function. Removed last argument of
Cvalue.Model.pretty_filter.
###########################################
Open Source Release 9.2 (Fluorine-20130601)
###########################################
-* Value [2013-06-11] Add missing C library files.
###########################################
Open Source Release 9.1 (Fluorine-20130501)
###########################################
- Value [2013-05-22] Better precision for ^ (bitwise xor) operator
when applied on intervals of positive integers
-* RTE [2013-05-22] Fix off-by-one error in alarms on overflowing
unsigned unary minuses.
-* Value [2013-05-21] Catch evaluation errors when selecting a logic
l-value in the GUI.
o* Kernel [2013-05-06] Fixed Type.pp_ml_name for polymorphic types
with 3 and 4 type variables (bug #1127).
-* Makefile [2013-05-06] Fixed installation directory of the doc in
plug-in's Makefile (bug #1278).
###########################################
Open Source Release 9.0 (Fluorine-20130401)
###########################################
o! Cil [2013-04-11] Remove Cil pretty-printer. Use module Printer
instead. The script bin/oxygen2fluorine.sh may be used to
automatically convert your code.
- Cil [2013-04-09] Handles interpretation of linemarker ending by //
and cleanup file paths.
- Value [2013-03-26] Highlight non-terminating calls.
- Value [2013-03-26] The location in which the result of a call is stored
is now evaluated before the call. A warning is emitted if this
location has changed after the call.
- Logic [2013-03-26] Improved merge strategy for assigns, and report
the presence of different assigns clauses between two files.
- Value [2013-03-23] Better precision for postconditions in functions
with multiple return analyzed without slevel.
-* Value [2013-03-20] Fix incorrect interpretation of \valid{L}(P) when
L is not Here label.
-! Value [2013-03-20] The first element of a -lib-entry allocated array,
or of an array passed as an argument to main, is now valid
regardless of option -valid-context-pointers.
-* Slicing [2013-03-18] Fix incorrectness in presence of assertions involving
\initialized predicate. User predicates are no longer treated.
-* Value [2013-03-15] Fix incorrectness of option -remove-redundant-alarms
in presence of '\initialized(...)' alarms.
- Value [2013-03-15] Optionally warn against unsigned overflows according
to option -warn-unsigned-overflow.
- Cil [2013-03-14] The type of fields that are bit-fields now carry an
informative attribute FRAMA_C_BITFIELD_SIZE.
-* Value [2013-03-09] Fixed misleading "after statement" state on
statements followed by an assertion.
-* Value [2013-03-09] Option -memexec is now correct in presence of RTE
alarms.
-! Value [2013-03-09] Consolidated states are now stored before 'assert'
clauses are evaluatued.
-* Slicing [2013-03-03] Fix options -slice-assert and -slice-threat
(-threat did nothing, -assert selected all alarms).
-! Sparecode [2013-03-03] Alarms are now ignored during the analysis.
-* Value [2013-03-03] Fix incorrect reduction in integers containing
pointers address when option -warn-signed-overflow is set.
-! Value [2013-03-03] Signed overflows now cause an alarm. Option
-no-warn-signed-overflow can be used to get 2's complement.
-! Kernel [2013-03-03] Signed overflow alarms are now emitted by default.
-! Kernel [2013-03-03] Signed downcast alarms are no longer emitted by
default. Use option -warn-signed-downcast to activate them.
- Kernel [2013-03-02] Print signed downcast alarms as 'signed_downcast'
-! Value [2013-03-02] Removed option -val-signed-overflow-alarms.
Use -warn-signed-overflow instead.
-! Rte [2013-03-02] Removed options -rte-signed, rte-unsigned-ov,
-rte-downcast and -rte-unsigned-downcast. They are replaced
by -warn-signed-overflow, -warn-unsigned-overflow,
-warn-signed-downcast and -warn-unsigned-downcast respectively.
-* Rte [2013-03-02] Added missing alarm for casts from overly large
floating-point numbers to integer. Fixes #!1318.
-* Value [2013-02-28] Initial state of Value does not depend on -main
option, but depends on -context-<...>.
- Value [2013-02-27] Emit proper alarms for completely imprecise
floating-point values, and for casts from float to int.
-* Impact [2013-02-23] Prevent crash when a caller or callee function has
been imprecisely analyzed.
- Pdg [2013-02-23] Ignore inline asm statements (previous behavior was
to generate Top Pdgs).
-* Value [2013-02-23] In -lib-entry mode, void* fields or pointers now
point to something potentially valid.
- Value [2013-02-22] Option -val-ignore-recursive-calls now uses the
assigns clauses of the recursive function to treat the call.
- Value [2013-02-17] Improved support for va_arg variadic macro.
-! Value [2013-02-17] Renamed options -initialized-padding-globals
and -no-no-results into -uninitialized-padding-globals and
-val-store-results respectively.
-* Value [2013-02-17] Improved again support for abstract structs.
o! Value [2013-02-15] Generic types of Value are now in Value_types
(previously Value_aux). Implies a signature change for
Db.Value.register_builtin. Value_aux.accept_base is now in
Db.Semantic_Callgraph.
- Value [2013-02-13] Offsets in misaligned values that repeat themselves
are now always printed relatively to the beginning of the binding.
- Value [2013-02-12] Suppress superfluous warning when passing as
argument a struct that contains pointers.
-* Metrics [2013-02-12] Global variables both declared and defined were
counted twice.
-* Metrics [2013-02-11] Option -value-metrics now report a correct location
for function referenced by an initializer. Fixes #!1361.
o! Value [2013-02-08] Renamed Locations.valid_enumerate_bits into
Locations.enumerate_valid_bits.
o*! Kernel [2013-02-08] Must register keywords introducing new clauses of
ACSL contracts. Fixes issue #!1358.
o! Kernel [2013-02-08] redesign of message categories.
See detailed changelog for more information.
o! Cil [2013-02-07] Clean up registering of new machdeps. Some machdep
options have been integrated into Cil_types.mach, or removed from
Cil.theMachine (as they were already in Cil_types.mach).
- Value [2013-02-06] Improve reduction by conditions that involve '&'
and '|' operators.
-* Value [2013-02-06] Fix validities of degenerate variables, which were
too big considering the size of the memory.
-* Impact [2013-02-06] Prevent crash when considering a function with an
unreachable first statement.
o! Logic [2013-02-04] Change Property_status.Consolidation_graph.dump
now takes a formatter instead of a file name.
- Value [2013-02-02] Improved support for abstract structs.
o! Value [2013-02-02] Removed Base.All validity. Use big validities
with unknown flag instead. Improved signature of Base.Unknown.
o! Cil [2013-02-02] Renamed function Cil.alignOf_int into bytesAlignOf.
o! Cil [2013-02-02] Remove unused 'alignof_char_array' machdep field.
-* Value [2013-02-01] Fix erroneous casting operating when interpreting
logic casts.
-* Kernel [2013-02-01] Ghost status is appropriately propagated in
statements (instead of only instructions) and pretty-printed
accordingly. Fixes issue #1328.
- Value [2013-02-01] Value more aggressive evaluation of construct
'//@ for b: assert p' when b is guaranteed to be active.
Harmonize behaviors-related messages.
- Kernel [2013-01-29] The level of verbose is at least the level of debug.
-* Value [2013-01-28] Ignore 'const' qualifier on extern globals in
lib-entry mode. Previously, those globals were initialized to 0.
- Obfuscator [2013-01-28] Hide variables that do not appear in the output
from the dictionary.
-* From [2013-01-28] Fix rare bug in presence of involved control-flow
graphs and non-terminating calls.
o! Slicing [2013-01-21] Remove no longer used ~ai argument.
-!*Value [2013-01-21] Various changes in the way undefined functions
returning pointers are handled.
- Value [2013-01-20] Alarms emitted by Value are no longer evaluated
during analysis (unlike user assertions).
- Value [2013-01-20] More aggressive reduction in presence of write
through partially invalid pointers. Warn if the pointer is
completely invalid.
-* Value [2013-01-20] Option -absolute-valid-range can now be changed
between two executions of Value.
-! Slicing [2013-01-19] Alarms are now removed in the generated project
(regardless of option -slicing-keep-annotations).
-! Sparecode [2013-01-19] RTE or Value-generated alarms are now removed
in the generated project.
o! Value [2013-01-17] Builtins must now warn if their results should not
be cached (signature change in Db.Value.builtin_result).
o* Kernel [2013-01-16] Visitor no longer crashes when a non-function global
is replaced by a list containing at least one function or
prototype (fixes bug #!1349).
!* Kernel [2013-01-10] Add lv_kind field to trace origin of logic variables.
Cil_const.make_logic_var is deprecated in favor of specialized.
-* Kernel [2013-01-10] Fixed bug #!1347 about accessing to a consolidated
status of a property which depends on removed hypotheses.
o! Kernel [2013-01-10] Remove method is_annot_before from visitors
(it return only 'true').
-* Makefile [2013-01-08] Compile OcamlGraph less often: fixes issue #1343.
- Value [2013-01-08] More agressive analysis of statements with improperly
sequenced accesses when option -unspecified-access is used.
o Kernel [2013-01-04] New methods videntified_term and
videntified_predicate for the visitor.
-* Kernel [2013-01-04] Fixed discrepancy between compare_type and hash_type.
Added new datatype TypNoUnroll.
o Kernel [2013-01-03] Added pp_field and pp_model_field in Printer_api.
o Kernel [2013-01-03] Added type modules
Cil_datatype.Wide_string and Datatype.List_with_collections.
-* Logic [2013-01-03] Fixes various type-checking issues in presence of
polymorphism and implicit conversions (including #1146).
o! Kernel [2012-12-21] Module Cilutil has been removed. Previously used
list functions can now be found in Extlib (use script
oxygen2fluorine.sh for migration). Functions related to
configuration files are now Cilconfig.
o! Impact [2012-12-21] Function Db.Impact.compute_pragmas now returns
a list of statements.
-* From [2012-12-21] Fix absence of effect of option -calldeps after
a save/load cycle.
-* Inout [2012-12-21] Fix absence of effect option -inout-callwise after
a save/load cycle.
o! Kernel [2012-12-13] Reorganize AST's pretty-printers. You must now use
module Printer. Use the script oxygen2fluorine.sh to upgrade
your plug-in.
o! Kernel [2012-12-13] Remove Cilutil's pretty printing helpers. Use
Pretty_utils' ones instead.
- Inout [2012-12-12] Indirect reads (for example 'p' for '*p') are now
automatically added to inputs when evaluating assigns.
- Value [2012-12-12] Evaluation of assigns now include indirect reads
(ie 'assigns *p' depends on p) automatically.
- Value [2012-12-07] Improve handling of conditionals when option
-val-ilevel is used.
- Pdg [2012-11-28] InCtrl nodes are no longer displayed in Dot graphs.
o! Kernel [2012-11-24] Various types whose names started by t_ in
PDG/slicing related modules are now unprefixed.
o Rte [2012-11-23] Export function "exp_annotations" to get RTEs of a C
expression as annotations.
o*!Kernel [2012-11-23] Added TLogic_coerce constructor to mark
explicitly a conversion from a C type to a logical one
(in particular floating point -> real and integral -> integer).
Fixes issue #1309.
o! Kernel [2012-11-22] Remove unintuitive ?prj argument from Cil visitors,
and first argument of Visitor.generic_frama_c_visitor. Information
is now stored inside the type Cil.visitor_behavior.
-* Value [2012-11-20] Fix evaluation of logic constant characters
above 127.
-* Value [2012-11-20] Fix soundness bugs for comparisons with logic
constants that are not representable as 64 bits double.
o! Kernel [2012-11-20] Signature change for constructor LReal.
- Rte [2012-11-16] Generate Value-compatible alarms and annotations.
- Kernel [2012-11-16] Syntactic constant folding is done once by AST
(fixed bug #!1306).
- Value [2012-11-13] More precise line numbers for statuses of assertions
and loop invariants.
- Value [2012-11-09] New option -val-callstack-results to record and
display in GUI the results split by callstacks.
o Kernel [2012-11-08] New function Annotations.model_fields.
-! Rte [2012-11-06] Remove option -rte-print. Use -print instead.
-* Kernel [2012-11-06] Do not print help of negative options when the
positive one is invisible (fixed #1295).
o! Kernel [2012-11-05] Get rid of useless rooted_code_annotation datatype.
-* Aorai [2012-10-31] Adds locations modified by Aorai to existing
loop assigns (fixes issue #1290).
o Kernel [2012-10-31] Renamed Kernel_function.self to
Kernel_function.auxiliary_kf_stmt_state to avoid confusion.
o Kernel [2012-10-31] New function 'get' for projectified counters.
- Kernel [2012-10-29] Better frama-c.top (fixed issue #1287).
-* Kernel [2012-10-26] Do not attempt to merge unrelated anonymous enum
that have been given the same name by Cil (fixes #1283).
- Logic [2012-10-26] Extended syntax for naming terms and predicates
("string":pred and "string":term are now allowed).
o! Kernel [2012-10-18] New API for module Alarms.
- Kernel [2012-10-18] When printing the AST, display the emitter name
of generated annotations and also the origin of
annotations corresponding to an alarm.
o* Kernel [2012-10-18] Fixes incorrect visitor behavior with JustCopy
(issue #1282).
- Value [2012-10-16] Reduce more aggressively on accesses *p where p is
imprecise but contains only one valid value.
-* Value [2012-10-16] Correct potentially incorrect reduction on l-values
of the form *(p+off) or *(p-off).
-* Kernel [2012-10-16] Fixed bug with Type.pp_ml_name for pairs,
triples and quadruples which can lead to incorrect journal
generation (new occurrence of bts #1127).
o Kernel [2012-10-12] Optional argument 'reorder' to File.* functions
creating an AST in a new project from a visitor.
-* Value [2012-10-12] A bug causing the number of superposed states to be
slightly underestimated has been fixed. As a result, it may be
necessary to up the -slevel argument a little bit for existing
proof scripts.
- Kernel [2012-10-11] Option -enums for choosing representation of enums.
-* Scope [2012-10-10] Prevent crash in defs computation when a lvalue is
a formal.
o* Makefile [2012-10-01] Fix installation directory of API documentation
(fixed bts #1278).
- Kernel [2012-10-01] Assumptions and axioms now get consolidated status
"Considered valid" instead of "Valid".
-* Value [2012-10-01] Fix "Semantic level unrolling superposing up to"
messages. The number displayed was sometimes lower than
the actual number of superposed states.
-* Gui [2012-10-01] In some cases, after a crash of an analyzer,
the GUI was not fully restored, became inconsistent and could
crash.
o! Value [2012-09-30] Remove various instances of Top_Param, which were
all equal to Base.SetLattice.
o Pdg [2012-09-30] Fix display for control dependencies in PDG graphs.
o Kernel [2012-09-20] Provide Datatype.triple and Datatype.quadruple
(bts wish #1277).
o* Kernel [2012-09-20] Fixed consistency check of descriptor when
building polymorphic datatypes (fixed bts #1277).
#########################################
Open Source Release 8.0 (Oxygen-20120901)
#########################################
-! Kernel [2012-09-17] Remove useless negative options -no-help,
-no-version, -no-print-share-path, -no-print-lib-path and
-no-print-plugin-path.
- Kernel [2012-09-13] All globals with attribute FC_BUILTIN are preserved
even if unused.
- Value [2012-09-13] Print misaligned values in a simpler way. Fixes
wish #!1271.
o!* Cil [2012-09-12] Split constants of logic and C (fixes bts #745).
o! Cil [2012-09-12] Remove type Cil_type.typeSig. Use the functions in
Cil_datatype.Typ and Cil_datatype.Logic_typ to compare types.
-* Kernel [2012-09-07] Identical messages emitted in two different projects
will now be visible in both projects. Fix bug #1104.
o Kernel [2012-09-07] Improve signature of State_builder.Set_ref.
o* Kernel [2012-09-07] Correct hash function for Sets created by
Datatype.Make_with_collections or Datatype.With_collections.
o* Kernel [2012-09-06] Datatype with structural comparison
for exp and lval fixes bts #1263.
-* Kernel [2012-09-06] Fine tuning AST dependencies. See developer guide.
-* Kernel [2012-09-05] Fixed missing undefined behavior
for multiple write accesses (fixes bts #1059).
-* Metrics [2012-09-05] Fixes count of pointer accesses.
- Value [2012-09-05] Clarified message about completely indeterminate
memory.
-* Kernel [2012-09-03] Do not accept spurious '}'. Fixes bts #1273.
o! Kernel [2012-09-03] Remove obsolete constructors Cabs.TRANSFORMER and
Cabs.EXPRTRANSFORMER and related parsing rules.
- Value [2012-09-02] Warn when 'assigns *p' points to a completely
invalid location.
- Value [2012-09-01] Assertions such as \valid(p) now evaluate to Invalid
when p is not initialized or an escaping address.
-* Value [2012-08-30] Fix crash when evaluating *((int*)0+x)=v when the
NULL base is invalid.
-* Kernel [2012-08-29] Fixed #!1267 (adds explicit casts for default
argument promotions).
o! Value [2012-08-29] Signature change for function
Db.Value.register_builtin: builtins can now return multiple
states.
o! Value [2012-08-20] Rename Db.Value.assigns_to_zone_inputs_state to
Db.Value.assigns_inputs_to_zone. Add new functions
Db.Value.assigns_outputs_to_zone and
Db.Value.assigns_inputs_to_locations.
-* Kernel [2012-08-21] Fixed bug with save/load: loading a file <f>, then
quitting Frama-C can no longer modify <f> (bts #!1269).
+* Logic [2012-08-08] Fixed bts #!1262 about logic preprocessing
and string escapes.
- Value [2012-08-02] Statutes 'Invalid' are now positioned on 'for behav:'
assertions even when 'behav' is not the only active behavior.
o* Cil [2012-08-02] Fixed bts #1254: incorrect documentation of
Cil.d_plaininit.
-* Logic [2012-08-01] Fixed bts #!1253: IndexPI and PlusPI are equivalent.
o* Kernel [2012-08-01] Fixed bts #!1250: setting formals of visited
function is not delayed until fill_global_tables anymore.
+* Slicing [2012-07-31] Fixed bts #!1248 about empty slicing request.
-* Journal [2012-07-31] Fixed bts #932 about journalization of dynamic
plug-ins in some corner cases.
o!* Kernel [2012-07-31] Operations that silently mutate AST should now call
Ast.mark_as_changed to clear states depending on it
(fixes #!1244).
o Kernel [2012-07-30] API of dynamic plug-ins is now documented as
well as static plug-ins (fixed bts #!171).
- Slicing [2012-07-30] No more blank between -slicing-project-name and
-slicing-exported-project-postfix (from #!1249 entry).
- Gui [2012-07-27] Fixed bugs when the consolidation graph cannot
be displayed (fixed bts #1122).
- Kernel [2012-07-24] The annotation 'loop pragma UNROLL "completly", n;'
unroll 'n' times the annoted loop and then add it a clause
'loop invariant \false;'. The remaining loop should be death code.
o Kernel [2012-07-24] Changes in interface of StringHashtbl options.
-! Inout [2012-07-22] Option -inout-callwise restarts Value when it is
newly set
- Impact [2012-07-19] Complete rewrite. Improved precision and computation
time. Fixes wishes #!5 and #!6.
-* Logic [2012-07-18] Fixes sizeof("string_literal") in logic.
- Logic [2012-07-18] Better error messages when parsing logic.
- Kernel [2012-07-16] C constant expressions are now allowed as UNROLL
level into loop pragmas.
o! Cil [2012-07-16] Ast changed: Unrool_level renamed into Unroll_specs
and its argument becomes a list for next evolutions.
o! Kernel [2012-07-16] Add function [stmt_can_reach] to the arguments
of Dataflow.Backwards, which is used to speed up the analysis.
See dataflow.mli for good possible values.
- Kernel [2012-07-16] linker checks that the ghost status of two merged
declaration is the same, and raises an error otherwise.
o* Kernel [2012-07-16] -check verifies if vdefined flag is coherent with
status of variable in Globals tables and AST. Fixes one of the
issues of #!1241.
-! Rte [2012-07-16] Rename option -rte-const into
-rte-no-trivial-annotations (set by default).
-* Value [2012-07-15] Fix crash when an undeclared function returned
a pointer to a function that was later called.
-* Rte [2012-07-14] Prevent generation of incorrect alarms on statements
whose order of execution is not completely specified.
- Rte [2012-07-14] Generate simpler assertions for accesses to arrays,
and discard trivial ones; improve ordering of assertions.
Honor option -unsafe-arrays.
o Makefile [2012-07-13] Added variables PTESTS_OPTS and PLUGIN_PTESTS_OPTS
to pass options to ptests through make tests. See dev manual.
-! Value [2012-07-12] More thorough checks for calls through a function
pointer: warn when the function type and the pointer are
not compatible, and stop when they cannot be reconciled.
-! Kernel [2012-07-12] A negative value given to -ulevel option hides all
UNROLL_LOOP pragmas.
- Report [2012-07-10] Display unreachable properties in a special way;
identify unreachable statement more clearly.
- Gui [2012-07-10] Display all properties in 'Properties' panel,
including generated ones without location.
+! Kernel [2012-07-10] Change semantics of 'reachable' properties
for functions. Use intrinsic notion instead of accessibility
of first statement.
o Kernel [2012-07-04] Hook for handling for loop components in Cabs.
o Makefile [2012-07-04] plugin is distributed iff PLUGIN_DISTRIBUTED and
PLUGIN_ENABLE are not 'no' (instead of PLUGIN_DISTRIBUTED == yes).
-* Kernel [2012-07-03] Fixes bug #840 (inaccurate position in presence of
-pp-annot).
o+ Kernel [2012-06-29] New functions Annotations.remove_* and .fold_* for
each component of a contract and other small API changes.
Better compatibility between Visitor and Annotations.
- Kernel [2012-06-26] New option -keep-unused-specified-functions.
o! Kernel [2012-06-25] Correct (albeit slow) hash function for terms
and term lvalues.
-* Cil [2012-06-25] Better propagatation of volatile, const and restrict
type qualifiers through typedefs on arrays
-* Cil [2012-06-25] Preserve typedefs on global variables with an
initializer
-! Kernel [2012-06-22] improve 'reachable' properties.
o! Kernel [2012-06-19] Remove module Inthash. Use Datatype.Int.Hashtbl
instead, or directly carbon2nitrogen.sh migration script.
o! Value [2012-06-18] Made type Ival.tt private.
- Kernel [2012-06-16] Consolidation from call-site preconditions to
original precondition now handle calls through function pointers
- Value [2012-06-16] Position call-site statuses for function
preconditions, instead of the previous global status.
- Cil [2012-06-13] New option -warn-undeclared-callee for calls to
functions that have not been previously declared.
- From [2012-06-12] Better precision for code of the form
'if (c) stop(); else y = x+1;', where stop does not terminate
- Pdg [2012-06-12] Improve precision in presence of provably dead
code branches. Fixes issue #1194.
o Makefile [2012-06-12] Use ocamldoc.opt whenever possible.
- Rte [2012-06-11] Reuse behaviors names when -rte-precond is used
on fonctions with multiple behaviors.
o! Kernel [2012-06-11] New API for Annotations which merges old
Annotations, Globals.Annotations and operations of Kernel_function
over function contracts.
- Scope [2012-06-08] Improved computation of defs. Statements are
categorized between direct and indirect accesses.
-! Pdg [2012-06-08] Rename option -dot-pdg into -pdg-dot
- Logic [2012-06-07] Cleaner generated assertions in presence of multiple
pointer casts.
o! Kernel [2012-05-30] Kernel.Functions.get does not silently create
a kernel function if it does not already exist. This behavior
is kept for Cil builtins.
-* Kernel [2012-05-29] Fix graph of consolidation statuses when
several properties get the same name.
-* Value [2012-05-19] Calls (*p)() where p resolves to both valid functions
and invalid addresses are now properly handled.
- Value [2012-05-19] Add bzero builtin. A precise destination and size
are required (wish #915).
-* Value [2012-05-19] In lib-entry mode, honor 'const' attributes that
appear deep inside the type (bts #759).
-* Value [2012-05-19] Better time and space complexity for initialization
of big arrays in -lib-entry mode (bts #1026).
o* Kernel [2012-05-16] Fix implementation of Datatype.Triple and
Datatype.Quadruple (bts #!1133).
-* Value [2012-05-15] Re-emit alarms when Value options are changed and
an analysis is restarted.
- Value [2012-04-29] New option -val-ilevel, to change the frontier
between sets of integers and intervals.
- Kernel [2012-04-27] when printing help, display the name of the
opposite boolean option (bts #1085).
-* Kernel [2012-04-26] Fixed bug with Type.pp_ml_name for generic sets
which can lead to incorrect journal generation (bts #1127).
o! Kernel [2012-04-26] Plugin.set_optional_help is now deprecated.
-* Value [2012-04-26] Fix possible typing bugs when evaluating logic
expressions with non-integral types (bts #!1175).
- Kernel [2012-04-24] Use Zarith whenever possible (bts #!983).
- Value [2012-04-16] Allow comparison of invalid pointers in the logic.
- Value [2012-04-15] Old "Evaluate expression" menu in the GUI replaced
by "Evaluate ACSL term"; value of term lval is now displayed.
Evaluations that may fail are flagged.
- Value [2012-04-15] Errors during evaluation in the logic are now
reported.
*! Kernel [2012-04-14] Introduce more temporaries for a call [lv = f()] if
the return type of f and the type of lv do not match. Fix
issue #1024.
-* Value [2012-04-14] Fix incorrect initialization of volatile fields
or globals in presence of initializers (bts #!1112).
o* Makefile [2012-04-12] Fix bug #1145 about PLUGIN_LINK_GUI_OFLAGS.
-* Kernel [2012-04-12] Strict checking of type compatibility when merging
an already called prototype without arg list and a full prototype
(fixes issue #728, #!109).
- Kernel [2012-04-12] New option -<plugin>-share for plug-ins to
customize their specific share directories.
- Rte [2012-04-06] Emit \valid_read alarms instead of \valid for
read accesses.
- Inout [2012-04-05] Better precision for 'if' in which only a side
is reachable.
- Kernel [2012-04-05] Keep all prototypes with a spec,
even if not referenced.
- Inout [2012-04-04] Operational inputs are now more precise for
function with only an ACSL prototype.
-* Kernel [2012-04-04] Fixes issue in loop unrolling and annotations.
-* Kernel [2012-04-02] Fixed bug #1135 and bug #1139 about loop unrolling.
- Logic [2012-03-29] LoopEntry and LoopCurrent built-in labels.
- Value [2012-03-26] Support for \valid_read predicate; evaluation of
\at(p,Pre) and \initialized{Pre}(...).
o! Kernel [2012-03-26] Kernel.CppExtraArgs now gets type
Plugin.String_list and not Plugin.String_set (fixed bts #!1132).
- Value [2012-03-24] Improved handling of conditions involving the
conversion to int of a floating-point variable.
- Journal [2012-03-21] Better journalisation of command line options
setting a list of arguments (e.g. -slevel-function): avoid
quadratic complexity in the generated code (fixed bts #!1123).
- Gui [2012-03-20] Removing 'add assert before' from contextual menu.
Uses ACSL_Importer plugin for such a feature.
-* Value [2012-03-18] Handle 'assigns *p' where p has a typedef type
- Kernel [2012-03-18] Support for model fields
-* Kernel [2012-03-12] Initialization of locals is correct for all sizes;
uses bzero to 0 + contract (directly validated by Kernel)
-* Value [2012-03-12] Fixed bug where user assertions accessing
uninitialized variables got the wrong status.
- Value [2012-03-12] Improved handling of *(p+i) (or equivalently p[i])
when p is a known pointer and i is unknown.
-! Kernel [2012-02-29] Adding some more supports for built-in related to
memory blocks.
-! Cil [2012-02-24] Functions returning a value cannot let control flow
falling through the closing '}' Fixes #685.
- Inout [2012-02-24] Option -inout-callwise to compute callsite-wise
operational inputs. Improves precision of -inout, of the
"Modifies" clause in the gui, and of the slicing.
-! Kernel [2012-02-23] Sets generated assigns clauses into the default
behavior.
- Value [2012-02-22] New message for functions with only a specification.
Changed old message for functions with neither code nor
specification to "No code nor specification for function ...".
- Value [2012-02-21] Evaluation of \separated predicate
-* Value [2012-02-21] Fix bug in evaluation of pointers to start of array.
-* Cil [2012-02-20] Improve label positions in presence of loop
unrolling (bug #1100).
-* Value [2012-02-18] Fix crashes and/or missing alarms when evaluating
*p=(cast)f() with p invalid (bug #!1097).
-* Cil [2012-02-13] Correct sharing bug on widening pragmas.
Fixes #!1090.
o* Cil [2012-02-11] Fixed off-by-one error in
foldLeftCompound ~implicit:true.
o* Makefile [2012-02-09] 'make doc' did not work when GUI disabled
(bts #1014).
-! Kernel [2012-02-08] Adding supports for clause allocates and frees
and their version for loops.
- Slicing [2012-02-07] More precise slicing when -calldeps is used
(fixes wish #107).
-* Kernel [2012-02-07] Fixed bug about property statuses and setting
parameters after -load (statuses were not cleared when required).
-* Value [2012-02-07] Allocate a finite space for malloc builtins; fixes
some bugs when a pointer refers to a non-yet allocated space.
-* Journal [2012-02-07] Fixed bug #!1080: better generated journal
in case of missing internal data preventing it of being runable.
o* Makefile [2012-02-07] Fixed bug #1082 about wrong link in
generated code documentation.
- Scope [2012-02-04] Improve precision of Defs computation (wish #1079).
- Value [2012-02-02] Assertions of the form \valid(p+i) and \valid(&p->f)
are now used to reduce p whenever possible.
- Value [2012-01-30] Improve precision for code with pointer casts
(fixes bug #1074).
-* Syntactic_callgraph [2012-01-27] Fix bug #989 about difference of
display between GUI and dot output.
-* Syntactic_callgraph [2012-01-27] Fix tricky bug while computing
services when a cycle depends on another cycle (most part
of the fix is actually in OcamlGraph itself).
-* Value [2012-01-27] Evaluate ACSL && and || when they appear as terms
(fixes bug #1072).
- From [2012-01-25] More sharing between identical values when
printing results.
- Pdg [2012-01-25] Improve performance, typically on arrays of structs.
- Logic [2012-01-23] Better label inference in axiomatics (see bts #1068).
- Cil [2012-01-20] In debug mode, pretty-print numerical constants
instead of displaying the source file strings.
- GUI [2012-01-19] Add filters for properties' consolidated statuses.
- Value [2012-01-19] Aesthetic fix: do not display {{ &NULL }} and
{{ &"foo" + {2} }} but rather {{ NULL }} and {{ "foo" + {2} }}.
- Occurrence [2012-01-10] Results can be filtered to display only occurrences
in read or write positions.
- Value [2012-01-09] FRAMA_C_MALLOC_INDIVIDUAL modelization now
properly treats allocated blocks as uninitialized.
- Value [2012-01-07] Reduce more aggressively invalid pointers:
{ p->f1 = v1; p->f2 = v2 } will usually raise at most one alarm.
- Value [2012-01-03] During evaluation, reduce indexes that are detected
as out-of_bounds.
- Value [2012-01-03] In index out-of-bounds alarms, do not generate
'assert 0 <= i' part when 'i' is always greater than 0.
o Kernel [2011-12-19] Added Property.location function.
o* Value [2011-12-05] Fix option -absolute-valid-range being reset by
project copies.
-* Value [2011-12-05] Fix wrong hash function, which could cause
memory overuse and worse.
o Value [2011-12-02] Lmap.paste_offsetmap now handles imprecise
destinations.
o! Value [2011-12-02] Moved contents of memory_state/Abstract_value
into ai/Lattice_Interval_Set. Use bin/nitrogen2oxygen for
automatic migration.
- Project [2011-11-28] Accept to load inconsistent project by setting
to default the inconsistent states and their dependencies.
- Value [2011-11-26] Minor improvements related to single-precision
floating-point handling.
-* Pdg [2011-11-24] Option -pdg did nothing if -pdg-print was not set.
- Value [2011-11-22] After emitted an alarm \initialized(lv), the
value analysis tries to remember that lv is initialized.
This suppresses redundant alarms that were emitted further on.
-* Value [2011-11-22] Fixed soundness bugs involving lval = lval;
assignments targeting literal strings and automatically
created S_... memory zones.
- Value [2011-11-22] Suppressed confusing message "all target addresses
were invalid. This path is assumed to be dead.".
-* Value [2011-11-21] Prevent potentially incorrect assertions from being
emitted when the result a call must be cast. Fixes #997 and #1024.
o Kernel [2011-11-21] New File.init_from_project function.
- Value [2011-11-20] New builtin Frama_C_assert. Take advantage of
existing assertions with "#define assert Frama_C_assert".
-* Occurrence [2011-11-19] Fix bug where some occurrences were silently
ignored in big asts; improve performance.
-* Cil [2011-11-18] Go to new line more often when printing sequence
of statements. Fixes issues #1021.
- Value [2011-11-17] Better evaluation of \initialized predicate when
only some parts of the location are initialized.
- Value [2011-11-17] New option -no-val-left-shift-negative-alarms to
treat left shift of negative integers as defined.
-* Cil [2011-11-14] Fail when encountering a lvalue of type void (#1013).
- Value [2011-11-10] Evaluate more precisely statements of the form
if (*p == 1) {...} when *p is reused within the if block. This
also improves the handling of switches.
-* Kernel [2011-11-09] keep track of local variables even in presence of
annotation + do not silently lose statement contract.
Fixes issue #1009.
-*! Kernel [2011-11-07] empty list in complete/disjoint is expanded by
logic type-checker to the list of behavior name of current
contract. Fixes issue #1006. See bts comments for the
differences that can appear in the treatment of specs.
- Aorai [2011-11-07] Aorai gets a real Dataflow analysis for contract
generation + various logic simplifications.
- Gui [2011-11-04] Display global annotations in the filetree.
o! Cil [2011-11-04] Add method pFile in printers. Signature change for
Cil.d_file (but you should use !Ast_printer.d_file).
- Inout [2011-11-03] Major precision improvements when evaluating library
functions whose assigns contains ranges.
- From [2011-11-03] Major precision improvements when evaluating library
functions whose assigns contains ranges.
-* Logic [2011-10-30] Fixes issue #1005 (earlier detection of duplicated
axiom name avoids Kernel.fatal).
o Kernel [2011-10-27] Plugin.Register defines a new option
-plugin-debug-category that allows to enable debugging for
sub-categories of messages (See Log.set_debug_keys for more info).
-* Value [2011-10-27] Fixed #1001: do not warn for unsigned shifts,
do not end propagation on signed left shift of an address.
o Value [2011-10-27] shift_left and shift_right functions now take
an optional signedness boolean in addition to the optional size.
-* Value [2011-10-26] Generate correct assertions when using memcpy
builtin. Fix #1000.
- Value [2011-10-25] Improve interpretation of ACSL annotations in
presence of typedefs.
-* Value [2011-10-24] Improve warnings and evaluation in presence of
possibly infinite floats (fixes #997).
-* From [2011-10-21] The interpretation of explicit assigns clauses for
library function "assigns *p \from x;" was wrong: every possible
location was assumed to have been overwritten.
-* Kernel [2011-10-20] Link error aborts Frama-C (fixes #990).
-* Kernel [2011-10-20] Better linking behavior (fixes #672).
o! Kernel [2011-10-18] Logic_preprocess.file takes an additional parameter,
as gcc pre-processor treats differently .c and .cxx files,
and this must be reflected in annotation pre-processing.
- Value [2011-10-18] Improve evaluation of logic when option
-val-signed-overflow-alarms is active.
-* Value [2011-10-17] Fixed crash when a library function is called in
a state where the function's precondition cannot be true.
-* Value [2011-10-10] Fixed spurious alarm \valid(p) in *p = e; when e is
completely invalid. Soundness was not affected (the
alarm for whatever made e invalid was present).
###########################################
Open Source Release 7.0 (Nitrogen-20111001)
###########################################
- Rte [2011-10-07] No longer position 'Don't know' statuses
- Value [2011-10-07] New alarm for left shift of negative values.
Minor other changes related to shift operation alarms.
o*! Rte [2011-10-06] Correct plug-in name for dynamically registered
RTE functions.
-* Kernel [2011-10-06] Warn when the plug-in specified by -load-module
or -load-script is not found (used to remain silent)
-!* Kernel [2011-10-06] Do not normalize Pre in Old, especially where Old
is not allowed.
- Value [2011-10-01] Do not continue evaluating successive 'requires'
or 'ensures' clauses if one of them is false.
- Kernel [2011-10-01] New kind of command-line parameter, for commands
that do heavy output. Used for Value, Pdg and Metrics.
-* Cil [2011-09-30] Correctly handle casts in switch. Fixes #961.
-! Rte [2011-09-30] Option -rte-precond is not entailed by -rte-all
anymore (precontion annotations must now be required explicitly).
-* Aorai [2011-09-30] Generation of loop invariant for intermediate
counter + fixes various issues
-! Slicing [2011-09-30] Option -slice-print is now deprecated: use instead
<normal slicing command> -then-on 'Slicing export' -print
- From [2011-09-29] Display results function by function, instead of
as one big block (may lower memory consumption considerably).
- Value [2011-09-27] New option -remove-redundant-alarms for removing
redundant alarms. This was previously done by default. Use this
option if you are going to inspect alarms emitted by Value.
-* Kernel [2011-09-26] Treat long bitfields the same way as gcc and clang.
Fixes #!959.
-* Kernel [2011-09-26] New exception for Ast.UntypedFiles.get when no
untyped AST is available. Fixes #954.
- Value [2011-09-23] New alarm, for programs that do not respect
C99 6.5.16.1:3 (overlapping assignment from lvalue to lvalue).
Partially supported (not emitted in some cases).
-* Kernel [2011-09-23] Fixes various performance issues when parsing very
large functions. Fixes #!965.
- Value [2011-09-23] Improved precision of if (x!=c) when the value set
of x is an interval of 9 elements.
-* Slicing [2011-09-23] Use correct function during generation of
sliced project. Fixes #!950.
o* Kernel [2011-09-22] Copy visitor creates new kf before visiting a
function, allowing to use it for creating Property.t items in
the new project during visit (fixes #!942).
-* Value [2011-09-22] Much more clever when interpreting logic terms,
including those containing \old (eg. formals in postconditions)
- Value [2011-09-21] Raised cut-off limit between sets and intervals
from 7 to 8 elements.
- Value [2011-09-21] New informative message when not using.
-val-signed-overflow-alarms "2's complement assumed for overflow"
o! Value [2011-09-18] Changed the representation of Ival.t. If an
external plug-in matches "Ival.Set s", a simple fix is
to add "let s = Ival.set_of_array s in" as first line of
that case.
- Value [2011-09-16] Improved precision of &.
- Value [2011-09-16] Improved precision when using -all-rounding-modes.
o Kernel [2011-09-09] Map_common_interface to have a merge function for
Ocaml < 3.12.
o Kernel [2011-09-09] Quadruple datatype.
- Value [2011-09-09] Better message when interpretation stops
for a function argument.
- Pdg [2011-09-06] Pdg can now be saved on disk.
-* Logic [2011-04-20] Fix bug #!501: volatile clauses relative to
partially volatile lvalues are handled by the kernel.
- Pdg [2011-09-03] Improved time and space complexity on big functions.
- Cil [2011-09-02] Add support for GCC specific cast from field of
union to union
-* Cil [2011-09-02] Fix merging bug (#!948).
-* Slicing [2011-09-02] Fix incorrect simplification of single-statement
block in presence of label.
- Value [2011-09-02] Wide strings more supported.
- Kernel [2011-09-02] Improve space complexity of function stmt_can_reach.
- Semantic Constant Folding [2011-09-02] All options are prefixed by "scf".
Use -scf-help for the details. Fixed #!946.
Compatibility is preserved thanks to option aliases.
- Value [2011-08-30] Remove non-relevant variables from the 'Modifies'
clauses of the GUI.
o! Kernel [2011-08-30] Add parameter ~with_locals to Db.accept_base
(prior this, ~with_locals was implicitly false)
o! Value [2011-08-30] Signature change in CilE: plugins that want to
emit Value analysis alarms must define their own emitters.
o! Value [2011-08-30] Add some missing ~with_alarms arguments, notably
to offsetmaps copy and paste.
o! Kernel [2011-08-29] Export datatype Varinfo.Hptset. Signature change
in functor Abstract_interp.Make_Hashconsed_Lattice_Set.
- Metrics [2011-08-26] New command-line options to compute the functions
potentially called from a given function, and the percentage
of functions analyzed by the value analysis.
- Value [2011-08-25] Improve handling of assigns in library functions.
- Occurrence [2011-08-25] Better pretty-printing: do not display
internal ids anymore.
-! Value [2011-08-24] Improve behavior in presence of errors during
the computation of the initial state. Allow non ISO global
initializers using the value of constant globals defined earlier.
o! Kernel [2011-08-23] Getters of Dynamic.Parameter now get an extra
argument of type unit. May improve efficiency a lot.
-* Kernel [2011-08-23] Fixes visitor bug + properly refresh ids of
properties in code transformation (in particular loop unrolling).
-* Kernel [2011-08-15] Add parameter ~declarations to
Globals.FileIndex.get_functions. Prevent duplication bug
in properties navigator of the GUI.
- Inout [2011-08-12] Operational inputs and outputs are now more precise
for library functions: assigns clause are evaluated at each call.
o! Inout [2011-08-12] Interface change. Non_contextual renamed to
Cumulative_analysis.
-* Cil [2011-08-10] Fix conversion bug for f(i++) or f(++i) when i has
size less than int, and f expects an int (bug #911).
- Value [2011-08-10] Loop invariants are now used to improve analysis.
- Value [2011-08-09] Uses "complete behaviors" information.
- Scope [2011-08-09] "Show Defs" is now an interprocedural analysis.
o! Value [2011-08-09] Module Cvalue_type renamed to Cvalue.
Module Relations_type removed. Use Cvalue instead.
- Value [2011-08-04] Postconditions containing \old are now handled.
- Kernel [2011-08-04] Current pragmas no longer give rise to code
annotations (as they do not contain anything that can be proven).
-! Gui [2011-08-04] Improve labels under the icons of the toolbar. Smart
constructors in Menu_manager now require a label and a tooltip.
o Kernel [2011-08-04] Add Kernel.Unicode.without_unicode, which applies
a function without upsetting the Unicode option in the gui.
-* Impact [2011-08-04] Correct a journalisation bug in gui mode.
- Value [2011-08-01] More precise when an alarm is emitted in a loop.
o! Kernel [2011-08-01] Signature of Plugin renamed for consistency.
Use carbon2nitrogen for automatic translation.
o! Kernel [2011-08-01] Annotations.replace and
Globals.Annotations.replace_all are removed.
o! Kernel [2011-08-01] Add IPLemma, IPNotacsl and IPConjunction as new
constructors of Property.t; remove IPBehavior.
- Kernel [2011-08-01] Better pretty printing of lists of any elements
o! Kernel [2011-08-01] Properties_status is now called
Property_status. Fully new interface.
o! Cil [2011-08-01] Removing types about validity status from the AST.
Use module Property_status instead.
o Kernel [2011-07-25] Adding option ~dkey to Log.debug functions.
See Log.Messages for details.
o! Kernel [2011-07-22] Modification of Log.print_on_console. No more
based on Format.kfprintf to avoid deadlock when
error are raised by plugin pretty printers.
-* Logic [2011-07-22] Fixes bug #885 (wrong insertion of cast).
-* Logic [2011-07-21] Fixes bug #!887 (merging logic constants).
o* Kernel [2011-07-20] Ensures that a unique kf is generated per function
in each project, avoid using kf for project A in project B.
-! Kernel [2011-07-18] Better handling of comments with -keep-comments
and new API. See Cabshelper.Comments and Globals.get_comments_*
o! Aorai [2011-07-12] Redefinition of internal structures before
enabling Ya extensions for sequences
o! Value [2011-07-11] Add argument "exact" to Lmap.paste_offsetmap (which
was preciously supposed to be always true).
-* Cil [2011-07-06] Correct obscure Cil bug linked to the removal of
trivial unspecified sequences or blocks. Fixes bug #882.
- Value [2011-07-05] Option -val-builtin: experimental support for
builtins that can fail (by calling a fallback C function).
- Value [2011-07-04] New builtin Frama_C_dump_each_file, which dumps
the entire memory state into successive files.
o* Logic [2011-06-29] Fixes bug #751 (Cil.lconstant now returns terms of
type integer and not int).
- Metrics [2011-06-27] Improves efficiency of metrics computation.
o! Cil [2011-06-24] Improve performances of Cil_datatype.Typ.{compare,
equal, hash}.
- Cil [2011-06-22] Cache results of offsets computations.
-* Logic [2011-06-22] Fixed issue #!866 (merging specs included twice)
o Kernel [2011-06-16] Exporting Property_status.self state
o! Kernel [2011-06-16] Dynamic.load_module searches in plugin path as
advertised in its documentation
o*! Cil [2011-06-14] Support for large constants in programs. My_bigint
is now used instead of Int64.t in the AST. Fixes #!858.
o* Kernel [2011-06-10] Fix dynamic access to function [is_default] of
parameters.
o! Kernel [2011-06-10] New way for handling abstract type in the type
library.
-* Value [2011-06-09] Remove some uneeded warnings when comparing function
pointers with NULL. Fixes bug #!855.
-* Kernel [2011-06-09] Correct syntactic loop unrolling in presence of
switch. Fixes bug #861.
o! Kernel [2011-06-09] Remove function CilE.update_gotos.
o! Kernel [2011-06-09] new function Kernel_function.set_spec which
must be called whenever the spec of a kf is modified.
o! Kernel [2011-06-08] Remove Kernel_datatype (merge with Cil_datatatype).
o! Kernel [2011-06-07] Most types of module Property are now private.
Use smart constructors instead.
o Kernel [2011-06-07] New function Dynamic.is_plugin_present.
-* Cil [2011-06-07] Fixes bug #857 (problem with some C enum value and
Ocaml 32 bits 3.11.0).
-* Logic [2011-06-06] Normalization of assigns clause: \result and
\exit_status only appear if a \from is specified.
Fixes #!557, #!845
o! Kernel [2011-06-06] Structural_descr.pack is now a private type.
Use smart constructors instead.
- Value [2011-06-04] Emit \pointer_comparable alarm for unspecified.
equality test between literal strings such as "foo" == "foo".
- GUI [2011-06-03] Double-clicking on a warning now displays the
pretty-printed source location
o! Value [2011-06-03] Functions valid_* now take an argument ~for_writing
Pass true when the lvalue being considered is used for
writing in the program. Pass false when unsure.
- Value [2011-06-03] Literal strings are now read-only.
- Value [2011-06-03] More aggressive state reduction when emitting
pointer_comparable assertions. Use option
-undefined-pointer-comparison-propagate-all if you liked
the old behavior better.
o GUI [2011-06-02] Menu_manager now support check menus and toggle
buttons
- Value [2011-06-02] New option -no-val-show-progress
- Cil [2011-06-02] Pretty-printing lval and term_lval the same way
- Cil [2011-06-01] Normalization of lval: T+1 ==> &T[1] when T is in
fact an array (implies *(T+1) ==> T[1])
-* Logic [2011-05-31] can have a local binding for a predicate (even
a constant one) without spurious warnings from typechecker.
(fixes #!848)
+ Ptests [2011-05-31] Add -xunit option to support JUnit like output.
o Kernel [2011-05-31] Cil_datatype.LogicLabel implemented
o Kernel [2011-05-31] New function File.new_machdep in order to
register a new machdep dynamically.
- Dominators,Postdominators [2011-05-31] No feedback by default. Use
-dominators-verbose 2 or -postdominators-verbose 2 if you need it.
-* Project [2011-05-31] Fix sharing bug when copying project.
- Value [2011-05-31] Alarms may pretty print the abstract value culprit
for the potential violation. This is particularly informative for
certain alarms.
- Cil [2011-05-30] Support for &"constant_string" in parser.
-* Kernel [2011-05-29] Fixed macros in limit.h.
- GUI [2011-05-28] Support to display the state of the absolute memory.
o! Kernel [2011-05-26] Module Parameters is dead. Each module
corresponding to a parameters is moved to Kernel. Module
Parameters.Dynamic is now Dynamic.Parameter while
Parameters.get_selection_context is now
Plugin.get_selection_context. You can use the script
bin/carbon2nitrogen to perform the translation (almost)
automatically.
- Value [2011-05-24] Option -val-after-results to control the recording
of post-statement states. Active by default in the GUI.
-* Cil [2011-05-24] Fixes bug #832 (spurious warning for read/write
accesses in undefined order)
o! Logic [2011-05-24] Add possibility to cast integer to C integral
type when type-checking (Changes parameter of Logic_typing.Make)
o! Kernel [2011-05-24] Kernel_function.find_return may now raise
exception Kernel_function.No_Statement.
-* Cil [2011-05-17] Fixes bug #771 (spurious warning for read/write
accesses in undefined order).
-* Kernel [2011-05-13] Support GCC like typing of enums.
- GUI [2011-05-13] Add history for navigating source code.
o! GUI [2011-05-13] Signature change for Filetree#add_select_function,
Filetree#select_global and Menu_manager.entry. Deprecate
Design.apply_on_selected.
-* Kernel [2011-05-12] Fixed typing of bitfields whose size is equal to the
size of int (bugs #823, #817).
-* Value [2011-05-11] Fixed undocumented builtin is_base_aligned.
-* Value [2011-05-11] Fixed bug when bitfield receives the result of
a function call (bug #819).
- GUI [2011-05-10] Menu to configure what is displayed in the filetree.
-* Logic [2011-05-08] Fixed overloading resolution (fixes bug #655).
-* Logic [2011-05-06] Fixed issue with -pp-annot (fix bug #691 and #812).
o Kernel [2011-05-05] Kernel now accepts declarations as main entry point.
- Aorai [2011-05-04] Automaton is handled by contract of leaf functions.
o Cil [2011-05-04] Various smart constructors and ast helper functions.
-* Cil [2011-05-04] Fixes wrong precedence of not in predicate when
pretty-printing.
- GUI [2011-05-04] Automatically show the main function at launch.
- GUI [2011-05-04] Hide empty plugins columns in the filetree. Add
support for hiding globals entirely.
o! GUI [2011-05-04] Signature change for Filetree#append_pixbuf_column.
o! Kernel [2011-05-03] Remove Db_types module. All types are now in
Cil_types. Moved type Alarms.t to Cil_types.alarm.
-* Kernel [2011-05-02] Support for GCC packed and aligned attributes and
for GCC pack pragmas. Fixes #719.
-* Configure [2011-05-02] Fix bug #!262: --disable-plugin works for external
plugins compiled from within Frama-C kernel.
- Dataflow [2011-04-29] Improve precision of backwards dataflow algorithm
and of postdominators on 'if' with a missing branch
-* Pdg [2011-04-28] Better precision in the dependencies.
Fix bug #787, #789 and #802 : infinite loops creation in slicing.
o Value [2011-04-28] Changed representation of bases for literal strings
in preparation of related checks.
o Postdominators [2011-04-27] Add Db.PostdominatorsValue: postdominators
taking into account value analysis results
-* Value [2011-04-24] Fixed crash for high values of -subdivide-float-var
- Value [2011-04-24] Improved results for operation % by zero.
Removed message about binary operators raising exceptions.
o Value [2011-04-24] Defunctorized Lattice_Interval_Set.
-* Logic [2011-04-20] Fix bug #761: adding \old in ensures clause for
parameters does not capture terms in associated offset.
-* Logic [2011-04-20] Fix bug #!501: volatile clauses are
handled by the kernel.
-* Slicing [2011-04-20] Fix bug #799: missing label in sliced program.
-* Value [2011-04-17] Fix bug #798: calls to functions that
return a value with latent conversion.
-* Cil [2011-04-15] Fix bug #785: promotion between long long and an
unsigned same-sized type.
-* Cil [2011-04-14] Fix bugs #780 and #791: use ids unique
between projects for varinfos, statements and expressions.
o*! Cil [2011-04-14] Remove incorrect Cil_const.Build_Counter; use
State_builder.SharedCounter instead.
-! Value [2011-04-14] Use hash-consed sets of statements, making
many analyses faster and leaner for large functions or idioms
that make functions large at normalization
(e.g. large initialized local arrays).
-* Kernel [2011-04-14] Fix 'make clean' of plug-ins.
-* Kernel [2011-04-13] Fix bug #769: merging issue for declared struct.
o* Kernel [2011-04-13] Fix bug #790: AST integrity checker issue.
-* Pdg [2011-04-13] Fix bug #787 but leads to less precise dependencies.
-* Slicing [2011-04-02] Fix bug #786: missing label in sliced program.
-* Value [2011-04-12] Correctly emit \pointer_comparable(...) alarms.
-* From [2011-04-11] Fix #781: handling of function calls with an
implicit cast for the assignment of the result.
o Makefile [2011-04-08] Add target to launch the tests of a specific
dynamic internal plugin from Frama-C's main Makefile.
-* Aorai [2011-04-08] Existing assigns are augmented with the locations
corresponding to the instrumentation of the automaton.
- Value [2011-04-05] Each precondition can get a specific validity status.
-* Kernel [2011-04-01] Fixed bug #770 and #769, part 1. Fixed typo in
anonFieldName (was annonFieldName).
-* Kernel [2011-04-1] Fixed bug #775. Large octal and hexadecimal constants
are now correctly typed.
-* Occurrence [2011-04-01] Fixed bug when journalising.
-* Slicing [2011-04-01] Fixed bug #774: journalisation works again.
o Kernel [2011-03-30] Removed type Log.source. From now on all locations
have type Lexing.position.
- Kernel [2011-03-30] Some messages may be printed several time for
the same line if they refer to different columns.
-* Value [2011-03-30] Fixed bug #689. Each postcondition can get a
specific validity status.
-* Impact [2011-03-30] Bug fixed when plug-in `Security_slicing'
cannot be loaded or is incompatible with Impact.
-* Impact [2011-03-30] Bug fixed with '-impact-pragma f' on an unknown
function f.
-* Security_slicing [2011-03-30] Fixed bug #768 about exception raised when
analysing variadic functions. A warning is now emitted:
the function is ignored by the analyzer, thus the result is
potentially incorrect.
o! Kernel [2011-03-29] Alternative signature for dataflow initial state.
A few IntHash replaced by Stmt.Hashtbl.
- Users [2011-03-28] Calls to this plug-in are now written in the journal.
-* Value [2011-03-26] Some floating-point alarms could be printed several
times. Fixed.
o! Kernel [2011-03-25] get rid of bin/sed_inplace (use ISED from
share/Makefile.common where needed, which was the recommended
way from the beginning).
o* Kernel [2011-03-25] Makefile.plugin and .dynamic more robust wrt
external plugins (can make doc clean depend more easily;
fixes bug #754, improves bug #742).
-* Logic [2011-03-24] \at(t,L) when t is a C array is now a logic array
whose content is the one of t at L, not the address of the first
element of t (which stays the same between L and Here anyway).
partial fix of bug #761.
- Kernel [2011-03-24] \at(p,Old) is pretty-printed as \old(p).
o! Cil [2011-03-24] AST changed: removing Told and Pold constructs.
o! Kernel [2011-03-11] Following items are now deprecated:
function Kernel_function.pretty_name: use Kernel_function.pretty
module UseUnicode: use module Unicode.
o! Kernel [2011-03-11] Remove several kernel functions:
Ast_info.pretty_vname: use Cil_datatype.Varinfo.pretty_vname
Cil.print_utf8: use module Parameters.UseUnicode-
Clexer.keep_comment: use module Parameters.PrintComments
Cabshelper.continue_annot_error_set:
Cabshelper.continue_annot_error_set: use
Parameters.ContinueOnAnnotError.off
all Cil, Cilmsg and CilE functions for pretty printing: use Kernel
ones instead.
- From [2011-03-11] Display name of called function when displaying
results of option -calldeps.
o!* Logic [2011-03-11] Implementation of statement contracts for function
behaviors.
-* Value [2011-03-11] Fixed crash with ACSL assertions involving
floating-point variables (bug #752).
-* Logic [2011-03-10] Fixed bug #744 (comparison between arithmetic types
is done in the smallest possible type).
-* Kernel [2011-03-10] Bug fixed in File.create_project_from_visitor
potentially impacted programs transformation.
-* Kernel [2011-03-10] Bug fixed in pretty printer.
(incorrect precedences leading to missing parenthesis).
- Kernel [2011-03-09] Big integers can now be displayed using hexadecimal
notation.
- Value [2011-03-06] Improved option -subdivide-float-var when used
without -all-rounding-modes. Improvement marginal for
double computations and significant for float ones.
o! Cil [2011-03-04] AST changed: 'a before_after type is deleted. All
annotations are now attached before.
-* Value [2011-03-04] Fixed correctness bug when bitfield initializer
exceeds range (bug #721) (jrrt).
o! Value [2011-03-02] Minor interface changes in Value. Replace
some meaningless kinstr by stmt, and make the callbacks lazy.
o! From [2011-03-02] Minor interface changes in From. Replace
some meaningless kinstr by stmt, and make the callbacks lazy.
-! Cil [2011-03-02] Fixed #720 (incorrect simplification of switch).
- Kernel [2011-03-02] Better error message when plug-in crashes on
loading (bts #737).
o Kernel [2011-03-02] New function File.create_rebuilt_project_from_visitor
- Cil [2011-02-24] Implement precise dataflow on switch
constructs. As side effect, improve precision of value analysis.
o* Kernel [2011-02-24] Fixed bug #727 (visiting a GFun spec in frama-c
visitor was not done in the appropriate context).
o* Ptests [2011-02-24] Ptests adds filename of current test before the
options given to frama-c (see #736).
- Aorai [2011-02-24] Deterministic automata.
-* Aorai [2011-02-24] Fix issue in translation of guards + better error
messages.
o! Inout [2011-02-23] Db.InOutContext becomes Db.Operational_inputs.
- Inout [2011-02-23] Correctness in presence of recursive calls.
See issue #733.
- Value [2011-02-23] Improved informative messages about addresses
of locals escaping their scope.
o! Kernel [2011-02-22] Change semantics of ChangeDoChildrenPost for
vstmt_aux. See developer's manual for more precision.
- Value [2011-02-22] Take Flush-To-Zero possibility into account
for single-precision floats.
- Kernel [2011-02-22] Exit status on unknown error is now 125. 127 and
126 are reserved for the shell by POSIX.
o!* Kernel [2011-02-21] Extlib.temp_file_cleanup_at_exit and
Extlib.temp_dir_cleanup_at_exit may now raise exception
Temp_file_error. They may raise an unspecified exception before.
-* Value [2011-02-20] Fixed bug #732: Synthetic results were partial
when -slevel was set not high enough to unroll loops
completely.
- Inout [2011-02-20] Improved messages in presence of recursive calls
o! Kernel [2011-02-18] Bts #729: calling function Plugin.is_visible
(resp. Plugin.is_invisible) forces to display
(resp. prevents from displaying) the corresponding
parameters in an help message.
o! Kernel [2011-02-18] module Service_graph: function entry_point in
input and output of functor Make now returns an option type.
- Syntactic Callgraph [2011-02-18] Fixed issue #723: syntactic callgraph
does not require an entry point anymore. If no entry point,
services are less precise yet.
-* Cil [2011-02-17] Fixed bug #725 (type-checking && operator).
- Inout [2011-02-17] Improved precision of the computation of
operational inputs in presence of function calls.
-* Logic [2011-02-17] Fixed bug #714 about lexing ACSL characters and
strings.
o Cil/Logic [2011-02-16] New functions Clexer.is_c_keyword and
Logic_lexer.is_acsl_keyword.
-! Cil [2011-02-16] Enumerated constants are kept in the AST.
-* Aorai [2011-02-16] State names used as enum constant are checked to be
admissible fresh C identifiers.
-* Value [2011-02-15] Fixed bug when passing struct as argument to
function with a big-endian target architecture.
- Value [2011-02-15] Uniformized message displayed when no information
is available for a function.
- Logic [2011-02-14] Added support for bitwise operators --> and <--> into
ACSL formula.
-* Slicing [2011-04-02] Fixed bug #709: missing statements in sliced program.
-* Value [2011-02-14] Fixed bug when passing bitfield
as argument to function. (jrrt)
-* Value [2011-02-12] Fixed forgotten warning when passing completely
undefined lvalue as argument to function. (jrrt)
-* Value [2011-02-12] Fixed correctness bug involving nested structs
(jrrt).
-* Value [2011-02-12] Fixed crash when passing invalid argument to
function, found by John Regehr using random testing (jrrt).
-* Value [2011-02-09] Fixed representation of unknown single-precision
floats in initial context (it used to be the same as for
an unknown double).
-* Value [2011-02-09] Changes related to 0., +0., -0., sort of thing.
Unwarranted loss of precision fixed.
#########################################
Open Source Release 6.2 (Carbon-20110201)
#########################################
- WP [2011-02-07] Plug-in WP removed from kernel-releases (now an
independent plug-in).
- Logic [2011-02-04] Mentioning a formal on the left-hand side of an
assigns clause is now an
error when type-checking logic annotations.
o! Logic [2011-02-04] Refactoring of assigns and from AST representation
and of Property.identified_property.
- Value [2011-02-04] Changes in Frama_C_memcpy built-in. Still not
perfect.
- Value [2011-02-04] Is is now possible to call Frama_C_show_each
without ..._x.
- Value [2011-02-04] Generate independent assertions for signed
overflow and signed underflow. In many cases only one is
generated (win!).
o! Value [2011-02-02] Renamed copy to copy_offsmap in Offsetmaps.
The name "copy" clashed with Datatypes.
o Kernel [2011-02-01] New syntactic context for memory accesses with
user-supplied validity range.
+ WP [2011-01-31] Option -wp-warnings to display additional
informations for 'Stronger' and 'Degenerated' goals.
+ WP [2011-01-24] Option -wp-split-dim <n> to limit spliting
up to 2**n sub-goals (see -wp-split option).
-! Kernel [2011-01-27] Handle errors better when they occur when exiting
Frama-C. Slight semantic changes for exit code:
- old code 5 is now 127;
- code 5 is now: error raised when exiting Frama-C normally;
- code 6: error raised when exiting Frama-C abnormally.
- Kernel [2011-01-27] Improve performance on platform with dynami.c
loading. Mainly impact value analysis
(for developers: improve efficiency of Dynamic.get).
- Value [2011-01-25] Change in initial states generated by -lib-entry
Much smaller. Perhaps more representative.
+ WP [2011-01-24] When -rte-precond is not used,
wp generates a separate proof obligation for each call site.
-! Configure [2011-01-24] Frama-C does not require Apron anymore (Why
does for Jessie). Thus fix bug #647.
- Value [2011-01-22] More aggressive handling of if(x>e) where x has
type double.
o* Kernel [2011-01-20] Fix bug #677. As a side-effect, function
Plugin.add_alias is now deprecated and replaced by
Plugin.add_aliases.
o Kernel [2011-01-21] New function in API:
Kernel_function.find_syntactic_callsites.
+ WP [2011-01-20] Options -wp-status-xxx to refine goal selection.
o Report [2011-01-20] Option -report no longer survive after -then.
+ WP [2011-01-19] Clarification of -save/-then effect on WP.
* Slicing [2011-01-19] Fixed bug #673.
- Value [2011-01-19] Various minor speed improvements.
-* Value [2011-01-19] Fixed correctness bug involving pointers to signed
integer pointing to memory locations containing unsigned
integers or vice versa.
-* Kernel [2011-01-19] Fixed bug if an empty string is given on the
command line while an option name is expected. There is now a
proper error message.
- Logic [2011-01-16] Fix priority bug in parser.
- Slicing [2011-01-14] New options added for fixing bug #668.
o Sparecode [2011-01-14] API modified for fixing #668.
o GUI [2011-01-13] Added support for icons in Gtk_helper.Icon.
-* GUI [2011-01-12] Fixed bug #666. Do not display misleading
"After statement".
- Value [2011-01-12] Improve performance of callbacks.
- GUI [2011-01-11] Display more precise state after statement
(http://blog.frama-c.com/index.php?post/2011/01/11/Seven-errors-game).
-o Value [2011-01-11] New callback for recording the state after a
statement.
+* WP [2011-01-10] Fixed incorrect status refresh problem in the GUI.
-* Kernel [2011-01-10] Fixed #!313. Entry point with a specification
is no longer wiped out.
-* GUI [2011-01-10] Fixed 100% cpu load while external command
are launched.
- Value [2011-01-09] Disabled incorrect interpretation of
ACSL statement contracts.
- Value [2011-01-07] Interpretation of ==> in ACSL annotations.
-* Value [2011-01-07] Fixed obscure crash that could happen during
very imprecise analyses.
-* Makefile [2011-01-06] Fixed bug #!660 related to a default
Frama-C-compatible ocamlgraph installation under Cygwin
(i.e. in a Win32 path containing the ':' character).
- Value [2011-01-06] Improved precision of & operator.
- Value [2011-01-05] Added check that denormals work correctly on
host computer (correction would be affected otherwise).
o! Kernel [2011-01-05] Remove Messages.disable_echo (can be done using
Log module) and Messages.depend (can be done using Messages.self).
- Value [2011-01-05] New alarm for float -> int cast overflows.
- Value [2011-01-04] Improved precision of | operator.
+* WP [2011-01-04] Fixed bug #702 on Coq output with large integers.
-* Inout [2010-12-22] Return statement dependencies were forgotten in
operational input computations. Fixed.
o! Kernel [2010-12-21] Remove API function Messages.enable_collect:
please let the kernel do the job.
- GUI [2010-12-21] Implement feature #635: display messages in the
messages panel while loading a batch session in the GUI. The
batch session must have been previously executed with the
new option -collect-messages.
-* Makefile [2010-12-21] Fixed bug #637: "make install -n" did wrongly
create directories.
-! GUI [2010-12-21] Gui options start by -gui and not -GUI
- Makefile [2010-12-21] Fixed bug #!638. By default, warnings are no more
errors when compiling a public Frama-C distribution and plug-ins.
SVN versions of Frama-C are still compiled with "-warn-error A".
o* Cil [2010-12-20] Fixed bug #645. Ast_info.constant_expr,
Cil.[zero,one,new_exp,makeZeroInit,mone,kinteger64_repr,
kinteger64,kinteger,integer,constFoldBinOp,mkAddrOf,
mkAddrOrStartOf,mkString,parseInt,sizeOf] no longer use
an optional argument ?loc. It is now a non optional labeled
argument. Previous default value of loc was
~loc:Cil_datatype.Location.unknown which is most of the time
not accurate.
#########################################
Open Source Release 6.1 (Carbon-20101202)
#########################################
-* WP [2010-12-16] Fixed bug #639: no more Coq compilation to shared
directory.
- WP [2010-12-16] Accessibility of all provers from gui.
#########################################
Open Source Release 6.0 (Carbon-20101201)
#########################################
-! Kernel [2010-12-13] Fixed bug #548: limit.h now syntactically correct.
Architectures other than x86_32 still unsupported.
- Value [2010-12-12] New option -float-normal (undocumented)
- Value [2010-12-12] Removed undocumented option -float-digits
- Value [2010-12-10] New option
named -undefined-pointer-comparison-propagate-all
-* Configure [2010-12-10] Always configure OcamlGraph local version (if
used) when configuring Frama-C.
-* Value [2010-12-09] Fixed bug that could happen in programs casting
address of floating-point type to address of integer type
o! Kernel [2010-12-07] Remove function Globals.has_entry_point. Use
Globals.entry_point instead.
-* Syntactic callgraph [2010-12-07] Fixed bug #!587: proper error message
when the entry point is invalid.
-* Value [2010-12-06] Do not evaluate annotations right after
propagation is stopped.
- Inout [2010-12-03] Improve printing of -out -input -deps
- Value [2010-12-03] Preliminary support for interpreting C type float
as IEEE 754 single-precision.
-* Value [2010-12-02] Emit proper ACSL alarm for overflowing
floating-point binary and unary operators. Fixed #259.
-* Value [2010-12-02] Emit alarm for overflowing floating-point constants
instead of crashing.
- Value [2010-12-02] Emit alarm for uninitialized arguments to library
functions.
- Value [2010-12-01] Improved speed of options -slevel* for arguments
in the thousands. Synthetizing results remains slow, so consider
options -no-results* if you take advantage of them.
- Value [2010-11-24] Do not emit alarm for uninitialized arguments to
non-library functions. Necessary for structs.
Relevant messages changed a little.
-! Cil [2010-11-16] Cil normalization takes care of abrupt clauses
o Kernel [2010-11-15] New Task module: a monadic library for calling
asynchronous commands from the toplevel and the gui.
o! Kernel [2010-11-05] File.check_file takes a new argument, allowing to
describe which AST fails integrity check in case of trouble.
-!* Kernel [2010-11-05] Fixed #620 (default assigns generation).
o! Cil [2010-11-04] Changed type of doGuard in forward dataflow
-* Value [2010-10-29] Disappearance of non termination messages from the
log. The messages were inconsistent.
-! Cil [2010-10-15] Clean up local variables handling and pretty-printing
modified pBlock method interface (unified pBlock and pInnerBlock)
o! Cil [2010-10-13] Extending logic label for plugin purpose.
-! GUI [2010-10-08] New graph viewer, requires ocamlgraph > 1.5
-* Logic [2010-09-30] Priority is used for pretty printing predicates.
o!* Kernel [2010-09-30] Major changes in the kernel. Mainly merge the old
modules Datatype and Type into a single most powerful
library called Type. The API of these libraries changes.
Consequently, some other API changes. By side effect, a lot
of functions of module Cilutil has been removed and replaced
by their counterpart in module Cil_datatype.
The script bin/boron2carbon.sh fixes most changes
automatically. Feel free to use it to upgrade your plug-in.
In the process, some minor bugs found and fixed in the
Frama-C kernel.
o! Cil [2010-09-20] Changed ignored pure exp hook + hook for conditional
evaluation of side-effects
-* Value [2010-09-18] Fixed memory leak.
o! Cil [2010-09-14] Cil and Cabs expression have now a location.
o Ptests [2010-09-01] Slightly changed semantics of CMD and STDOPT.
See developer manual for more info
-* Logic [2010-08-31] Fixed #570 (implicit conversion to void*)
and fixes issue in overloading resolution
-* Value [2010-08-27] Fixed performance bug that could lead to "stack
overflow" error during large analyses.
-* Logic [2010-08-27] Fixed #549 (Arrays in the logic)
-* Cil [2010-08-27] Fixed #542 (now raises parse error when
C function call dot not provide correct number of arguments)
- Value [2010-08-26] "assert(TODO)", used when a property to check in the
analyzed code cannot be expressed as ACSL and the user should
read the English explanation (e.g. "accessing uninitialized
left-value") instead, could look unprofessional to the superficial
onlooker. "assert(Ook)" will now be used instead.
- Value [2010-08-23] Lowered memory consumption slightly.
o! Value [2010-08-22] Renamed Int.eq into Int.equal. Removed Int.neq
-* Configure [2010-08-18] get rid of known_plugins.ac (fix #462)
-* Logic [2010-08-18] Better error messages for logic parser and
other fix (fix #512, #538, #!553, #!560)
-* Kernel [2010-08-17] CL options for cabs2cil flags (fix #506)
-* Occurrence [2010-08-17] Fix bug #550: crash when selecting an
occurrence if the entry point set by "-main" is incorrect.
-* Logic [2010-08-16] ACSL identifiers starting with a \ are not replaced
by pre-processing when a macro of the same name exists (fix #541)
- Value [2010-07-28] Clean local variables passed by address to callees
from results of -val.
- Inout [2010-07-28] Clean local variables passed by address to callees
from results of -input, -out, -deps
-! Value [2010-07-28] Abort analysis when recursion is encountered.
-! Value [2010-07-23] Structures passed as function arguments now
precisely handled.
o! Value [2010-07-21] Function Cvalue_type.V.is_top rebaptized is_imprecise
o! Value [2010-07-21] There was one too many function called "find_ival".
One was renamed to "project_ival".
- Value [2010-07-19] Improved precision of analysis for program short s[]=
{0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1};main(){return((int*)s)[u()];}
-* Value [2010-07-14] Fixed bug involving typedefs when using
option -val-signed-overflow-alarms.
-* Kernel [2010-07-12] Tried to fix all permissions on *.{c,h} files
-* Makefile [2010-07-05] Fix bug #528 when building a dynamic plug-in in a
sandbox.
- Configure [2010-07-05] Better detection of native dynlink support.
-* GUI [2010-06-30] Fixed parsing of floats in frama-c-gui.config
- Cil [2010-06-30] Be less aggressive during inline function merge.
Alpha equivalent function are now kept separate.
- GUI [2010-06-29] One tooltip by parameter in the launcher
o! Cil [2010-06-23] Removed function varinfo_from_vid. You can use
maps or hashtables indexed by varinfos directly instead.
o! Kernel [2010-06-21] New implementation of module Properties_status
o! Cil [2010-06-15] global_annotation has location information
o Cil [2010-06-11] Cil.makeLocalVar now inserts the variable into one
of the function's local blocks.
-* Value [2010-06-11] Some "Misaligned" imprecision origins were
wrongly classified as "Arithmetic". Fixed.
-* Logic [2010-06-11] Fix bug #!498 (behaviors within same scope
must now have unique names)
o* Logic [2010-06-10] Fix bug #505 (Associate default label for
predicates with a single label parameter and no argument)
o!* Project [2010-06-08] Reimplementation of the project library (the
contents of directory src/project). New API.
o! Cil [2010-06-04] Preliminary support for function calls in
UnspecifiedSequence
o Cil [2010-06-04] Support for custom extension in grammar of behaviors.
See Logic_typing.register_behavior_extension.
-* Value [2010-06-03] Do not emit an alarm for the comparison of
function addresses to NULL.
-* Cil [2010-06-02] Fixed bug #440 (remove spurious block generation
at parsing time that clashed with label scoping rule in ACSL)
-* Value [2010-06-01] Fixed correctness bug involving the comparison
of a variable of type float or double.
- Inout [2010-06-01] Improved precision for option -inout-with-formals
* Cil [2010-05-31] Fixed bugs #451 (break outside of loop/switch)
and #452 (spurious 'body of f call falls through' warnings)
-* Cil [2010-05-31] Extended grammar of pragma lines.
o* Cil [2010-05-28] Fix bug #489: constant literal present in original
source are preserved in the AST. NB: this implies that they might
be explicitly cast when an integer conversion occur.
-* Kernel [2010-05-28] Fixed bug in handling of -cpp-command
o! Cil [2010-05-21] Remove deprecated annotation_status of AAssert
in the AST
o! Kernel [2010-05-20] Added field b_extended in behaviors to
support grammar extensions
-* Logic [2010-05-19] Checking for loop variant position
- Kernel [2010-05-19] Feature #484 about requires into named behaviors
-* Inout [2010-05-12] Fixed bug in -inout where operational inputs of
called library function were improperly inferred from assigns
-* Value [2010-05-12] Fixed bug with extern variables of incomplete type
-* Logic [2010-05-11] Fixed wrong precedence of <==>
- Value [2010-05-11] Improved Frama_C_memcpy built-in.
- From [2010-05-11] Improved interpretation of assigns clauses
- Inout [2010-05-05] Improve option -inout-with-formals: cleanup local
variables that come from out of call tree functions.
- GUI [2010-05-07] In expressions 't[v]', allow to select 't' (when
it is a variable). To select the entire expression 't[v]', click
on the ']' on the right.
o Kernel [2010-05-07] Deprecate Globals.Functions.find_englobing_kf.
Use Kernel_function.find_englobing_kf which has a much better
complexity instead.
- Value [2010-05-06] More consistent naming scheme for generating shorter
names when using -lib-entry. "star_" becomes "S_".
- Value [2010-05-05] Tweak in -slevel* options. A little slower for some
programs, much faster for others.
- Inout [2010-05-04] New option -inout-with-formals similar to -inout but
without locals and with formals
- Inout [2010-05-04] Improved precision of -inout with possibly invalid
pointers.
- Value [2010-05-03] Variables now uninitialized by default. Improves
-deps, -input, -output when addresses of local variables
are passed as arguments of called functions.
o! Logic [2010-04-30] Parameterize search of field in logic typing functor
in a similar way to search of other C symbols
o!* Kernel [2010-04-30] Fix bug #!441 (keep track of original names in AST)
-* Makefile [2010-04-24] Fix bug #461 when installing the GUI on a
bytecode-only architecture
-* Makefile [2010-04-24] Fix bug #460 when using a non-local ocamlgraph
- GUI [2010-04-27] First support for persistent GUI configuration.
GtkPaned ratios, main and launcher window dimensions are
saved to file frama-c-gui.config in the user's home directory.
- Value [2010-04-26] Yet more small improvements in value analysis
of large programs.
-* GUI [2010-04-26] Fix bug with toolbar button 'duplicate project'
- Value [2010-04-26] More optimization of library functions
-* Logic [2010-04-23] fix bug #!454 (multiple labels in same statement)
- Security_slicing [2010-04-23] Only use the GUI; does not require it anymore
o! Kernel [2010-04-22] Ptmap (resp. Ptset) is renamed into Hptmap (Hptset)
-! Obfuscator [2010-04-22] Option -obfuscate is now part of a new dynamic
plug-in `Obfuscator' (fixed issue #!265).
The behaviour of this option is now journalized and may be
run by other plug-ins.
-* Makefile [2010-04-20] Fixed potential generation of corrupted .o
- GUI [2010-04-19] Better graph display. Require ocamlgraph > 1.4
- Value [2010-04-19] Optimization in the handling of library functions
-* Slicing [2010-04-16] Fixed bug #!448 about -keep-annotations option
-* Configure [2010-04-14] Fixed bug in configuration of external plug-ins
+ Logic [2010-04-13] #!346 Formals have an \old label when used in post
conditions
########################################
Open Source Release 5.0 (Boron-20100401)
########################################
- Kernel [2010-04-12] Preliminary standard C library in $FRAMAC_SHARE/libc
o* Cil [2010-04-12] New hook after Cabs elaboration (fix bug #!446)
o! Kernel [2010-04-12] Slight modification of Hook API
o* Configure [2010-04-09] Improved dependencies handling (fix #!054)
- Value [2010-04-08] Experimental new option -val-signed-overflow-alarms
- Value [2010-04-04] Experimental new option -subdivide-float-var
- Logic [2010-04-02] Adding "\pi" as built-in symbol
-! Configure [2010-03-24] Compiling the GUI now requires LablGnomeCanvas.
-* Makefile [2010-03-24] Fix bug for generating .o files through recursive
calls to Make in quiet mode (VERBOSEMAKE unset)
o! Kernel [2010-03-23] Dynamic.register and Dynamic.get are more
robust, but take an extra parameter
- Value [2010-03-23] New options -no-results and -no-results-function,
improved replacements for undocumented option -klr
-+ Kernel [2010-03-23] New saving/loading algorithms. Option -load is
faster, and rid of its previous allocation peak
-! Logic [2010-03-22] Support for "reads \nothing"
-! Logic [2010-03-19] Support for type abbreviation in logic
- Value [2010-03-11] Suppressed undocumented option -klr
- Value [2010-03-10] New option -slevel-function f:n for fine-tuning
semantic unrolling.
- Kernel [2010-03-05] New option "-plugin-h" as an alias for option
"-plugin-help"
- Logic [2010-02-23] If a C typedef integer, real or boolean exists, it
takes precedence over corresponding logic type. The logic type
remains accessible through its utf-8 denomination.
- Value [2010-02-22] Interpreting post-conditions about \result
in contracts for functions that have implementations.
o! Kernel [2010-02-22] Type changes in Db.Properties.Interp. Use
~result:None to get your plug-in to compile again.
o! Kernel [2010-02-22] Kernel_function.Set now implemented with Patricia.
o! Value [2010-02-21] Changed type of functions
Db.Value.*_to_kernel_function. These functions now return a
Kernel_function.Set.t. Use Kernel_function.Set.elements to
transform this set into a list.
o! Project [2010-02-19] Project.register_todo_on_clear is deprecated
and replaced by Project.register_todo_before_clear
- Value [2010-02-19] Improved precision when loop index has type
char or short. Fixes bug #325
o! Kernel [2010-02-17] Log.protect is replaced by Cmdline.protect
-!* Logic [2010-02-17] Arrays and pointers are distinct in the logic, as
per ACSL reference. Fixes bug #396
-* Makefile [2010-02-16] Fixed 'make clean' in plug-in directory (bug #!407)
o! Kernel [2010-02-15] Major changes in API of module Annotations: add
possible dependencies from/to a single annotation of a statement
-+ Value [2010-02-14] New options -no-results and -no-results-all,
improved replacements for undocumented option -klr
-! Value [2010-02-14] Clarified progress messages
-* Cil [2010-02-10] Fix crash in parser when double definition of
variable in two different files, in some order (fixed bug #213)
- Slicing [2010-02-04] Assigns clauses was missing from the sliced program
(fixed bug #393)
-!* Logic [2010-02-03] Full support for \let (fixed bug #!344)
- Kernel [2010-02-03] Backtrace when Frama-C is crashing (only if
Frama-C is compiled with caml >= 3.11.0)
- Security_slicing [2010-02-01] New experimental and quite undocumented
plug-in. Sub-part of the old plug-in security. Only usable
through the GUI.
-! Security [2010-02-01] No more distributed.
-* Cil [2010-02-01] Bug fixed with incompatible declarations of C
functions
-* Logic [2010-01-29] complete/disjoint behaviors do not accept
undefined behaviors anymore (fixed bug #364)
-* Logic [2010-01-27] Default label is "Old" inside \old(...)
- Value [2010-01-25] New display option -float-relative
-* Value [2010-01-25] Fixed uncaught exception that could happen
in analysis of programs with floating-point operations.
- Value [2010-01-22] Preliminary support of post-conditions for
library functions.
- Value [2010-01-21] Take into account all known flush-to-zero
floating-point variants. No option seems necessary for now.
- Value [2010-01-20] Improved precision of floating-point operations
+-* Logic [2010-01-18] \let is supported (except \let id = pred; pred)
- GUI [2010-01-18] Add a menu entry for setting C source files of
the current project
-* GUI [2010-01-18] Fixed bug while choosing 'New project' if
-cpp-command is set (fixed bug #374)
- GUI [2010-01-18] New menu entries for loading ocaml scripts and
ocaml object files (fixed issue #!318)
-! Inout [2010-01-17] -out and -out-external now obey -inout-verbose option
Generated logs re-ordered a little.
- GUI [2010-01-15] Plug-in panels can be detached with drag and drop.
o! Kernel [2010-01-15] Type.register is more robust but gets a
modified interface (fixed issue #!276)
-* Kernel [2010-01-15] -load-script did not clean up compiled files
after exiting (fixed bug #!371)
- Impact [2010-01-15] In the GUI filetree, for each function, a
bullet shows if some statements are highlighted
- GUI [2010-01-15] Now possible to save/load a single project
(fixed issue #!9)
o! Kernel [2010-01-14] New implementation of save/load with small
changes in the project API. Loading is now rid of its
previous allocation peak and faster.
- GUI [2010-01-14] View property status in GUI. Fixed a bug on reset
with strange reactive zones in default buffer.
-* Logic [2010-01-14] More utf-8 identifier accepted (fixes bug #366)
-* Value [2010-01-13] Fixed bug #372
- Value [2010-01-08] New option -all-rounding-modes (floating-point)
New dependency on C99 functions to control the FPU.
o! GUI [2009-12-17] New implementation for the menubar and the
toolbar. API fully changed for adding an item in these bars.
-! GUI [2009-12-04] Drop gtksourceview 1.x dependency and replace it
with gtksourceview 2.x.
-* Makefile [2009-12-03] Some GUI library files was not installed
o Kernel [2009-11-30] Support for dynamic uses of StringSet parameters
-* Kernel [2009-11-30] -kernel-debug and -kernel-verbose did not work
as expected (bts #!343).
- Configure [2009-11-27] Dynamic plug-ins are now statically linked by
default whenever native dynlink is not usable (bts #!301).
o! Kernel [2009-11-24] Use of global logic constants is now a
TLval (TVar _,TNoOffset) instead of TApp(_,[])
- Value [2009-11-24] Handling of behavior-specific assertions now
correct (albeit imprecise).
-! Kernel [2009-11-19] The journal is generated only if the GUI is
crashing, or if the option -journal-enable is explicitly
set (fixed issue #!330).
+- Value [2009-11-19] New option -slevel-exclude f for fine-tuning
semantic unrolling.
- Logic [2009-11-13] ordering of clauses in contracts
-* Logic [2009-11-10] Fixed bug #228, #327 (syntax garbage at end of
contracts)
- GUI [2009-11-09] Now possible to delete the current project.
- GUI [2009-11-09] New shortcut buttons.
- GUI [2009-11-04] Options *-verbose, *-debug and -quiet are now
settable via the launcher dialog box (bts #!317).
-* Logic [2009-11-04] Fixed bug #272 (complete behaviors wo name)
- Logic [2009-11-03] Better error message when using = in annotations
-* Makefile [2009-11-02] Fixed bug #310: improve robustness against new
ocaml warnings.
- Kernel [2009-11-02] New option -no-dynlink in order to prevent
loading of dynamic plug-ins.
-* Makefile [2009-10-28] Fixed bug #305: make did not terminate when all
plug-ins were disabled.
-* Configure [2009-10-28] Fixed bug with -help.
- Kernel [2009-10-28] Better -*-help.
- Kernel [2009-10-28] Better error messages when a dynamic plug-in
cannot be loaded.
- Kernel [2009-10-21] Clarification of the multiple accesses warning.
Becomes "undefined multiple accesses in expression".
-* Value [2009-10-21] Some "loss of precision" messages were
duplicated and failed to be localized. Fixed.
o Kernel [2009-10-18] Extlib now contains various functions to replace
Sys.command but with portability and efficiency in mind.
-*! Logic [2009-10-16] Support for abrupt clauses; Modifies AST
- Syntactic_callgraph [2009-10-15] Big speedup for showing the callgraph in
the GUI. Require ocamlgraph >= 1.4.
o! Kernel [2009-10-13] Module Db.Properties.Status replaced by module
Properties_status.
o! Kernel [2009-10-13] Function Db.Properties.predicate_on_stmt and
Db.Properties.get_user_assert does not exist anymore.
-* Value [2009-10-12] Synthetic validity status for assertions.
-* Syntactic_callgraph [2009-10-12] Fixed bug in services computation.
-* GUI [2009-10-09] Instantaneous actions are no longer cancelable but
are as fast as possible now.
o! GUI [2009-10-09] Methods protect and full_protect of
main_window_extension_points now have an additional arguments.
o Kernel [2009-10-08] Add unique id for elements in Db.Properties.Status
tables.
- Kernel [2009-10-08] Add status for all clauses
- Cil [2009-10-08] Extend logic pretty printer to handle all specific
clauses
-! GUI [2009-10-08] Extend type Pretty_source.localizable
o! Cil [2009-09-28] pAssigns now prints directly a whole list of assigns
- GUI [2009-09-28] Assigns clauses are now localizable in GUI
- Value [2009-09-25] Improved treatment of "assigns p[..]" clauses
in -input
############################################
Open Source Release 4.2 (Beryllium-20090902)
############################################
-* Obfuscator [2009-09-23] obfuscator does not lose links between logic
and C variables anymore (bts #250).
Obfuscator now gives a specific name to formal parameters.
- Journal [2009-09-23] Better handling of exceptions.
-! Value [2009-09-21] Computed values not displayed on -load. Use
-val-load to force display of computed values.
Use -val -quiet to compute without printing results.
o Cil [2009-09-21] New pIdentifiedPredicate method in pretty-printer
-* GUI [2009-09-21] Elimination of repeated messages (bts #237).
-! Syntactic callgraph [2009-09-18] Improvement of the GUI of syntactic
callgraph. Require ocamlgraph > 1.2.
- Kernel [2009-09-18] Slightly less false alarms with
-warn-unspecified-order
o Cil [2009-09-18] Deprecated Cil.get_status.
Use Db.Properties.Status.* instead.
o* Makefile [2009-09-18] Fixed bugs with the use of PLUGIN_EXTRA_BYTE
and PLUGIN_EXTRA_OPT by plug-ins.
- Value [2009-09-15] Stopped displaying temporary variables introduced
by normalization of source code, and block-local variables.
-!* Makefile [2009-09-14] Fixed bug #236. Require ocamlgraph version > 1.2.
- Configure [2009-09-13] Detection of dot if required.
- Syntactic_callgraph [2009-09-11] Better implementation for
computing the service graph: faster + correctly handle
cycles.
-! Syntactic_callgraph [2009-09-11] -cg-services-only is not
relevant anymore.
- Makefile [2009-09-09] Now possible to build custom binaries for
plug-ins. Roughly these binaries are frama-c[.byte] + the
plug-in statically-linked. The goal is called "static" in the
plug-in's makefile.
-* Value [2009-09-08] Fixed display bug when logging the call stack
introduced in Beryllium.
- Value [2009-09-08] Improved treatment of "assigns p[..]" clauses
in value analysis. Other plug-ins (outputs,...) have not
had the same improvement yet.
-* Makefile [2009-09-08] Frama-C compiles even if ocamlopt is not available.
-* Project [2009-09-08] Fixed bug involving loading and options
previously set while saving.
-* GUI [2009-09-08] Release the terminal when the splash window is
deleted.
- Jessie [2009-09-08] Is no longer built within Frama-C. It becomes
part of Why.
- Makefile [2009-09-08] Why is no longer a compilation dependency.
It is required only at runtime for the experimental WP plugin.
-* Makefile [2009-09-07] Fixed compilation error occurring on a platform
which does not support native dynlink and with ocaml >= 3.11
(bts #224).
############################################
Open Source Release 4.1 (Beryllium-20090901)
############################################
-! Syntactic_callgraph [2009-08-27] New design of the callgraph in the GUI.
Frama-C now requires ocamlgraph 1.2.
- Logic [2009-08-25]"reads" clauses on logic functions and predicates,
which disappeared with the introduction of axiomatic blocks,
have been ressurrected. Beware that the semantics is slightly
different from before: see ACSL document for details. It is used
to automatically generate footprint axioms.
- GUI [2009-08-18] Improved display of summary information when
selecting a file.
- Kernel [2009-08-05] New options -kernel-help, -kernel-verbose and
-kernel-debug (bts #!205).
- Syntactic_callgraph [2009-08-04] New option -cg-services-only to
only computes the graph of services
- Value [2009-07-29] Improved treatment of conditions involving
char or short variables.
- GUI [2009-07-28] Possible to stop the GUI while computing analysis
o! Project [2009-07-26] Preliminary support for direct unmarshalling.
Datatypes must define value descr. Using Unmarshal.Direct is
okay for now.
-* Makefile [2009-07-24] Fixed bug with static linking of plug-ins using
external libraries (bts #200)
- Value [2009-07-22] Improved integer division. Now returns best effort
results when 0 is among the possible values for the divisor.
-* Project [2009-07] Fixed bug causing delays with -load (bts #180)
- GUI [2009-07-08] New message panel
-* Journal [2009-07-07] Fix generation of invalid variable name in journal
-* Semantic Constant Folding [2009-07-07] Fix bad journalisation
- GUI [2009-07-03] Redesign the dialog box for running analysis
o! Cil [2009-06-24] Added 2 components to Cil_types.typ to optimize
bitsSizeOf. The proper way to get a default value is
Cil.empty_size_cache. The added value must not be shared by types.
No one should need to read this value directly.
- GUI [2009-06-24] Graphical customization now uses Gtk rc files.
A default file is loaded from FRAMAC_SHARE/frama-c.rc.
The end user can provide its custom
FRAMAC_SHARE/frama-c-user.rc to override defaults.
-* Project [2009-06-24] Fixed bug with save/load in multi-project
contexts (bts #!161)
-* Kernel [2009-06-24] Restore compatibility with ocaml 3.10.2
-* Configure [2009-06-24] Fixed bug with --disable-gui in configure.in
############################################
Open Source Release 4.0 (Beryllium-20090601)
############################################
o Value [2009-06-23] New constructor Signed_overflow_alarm for type
Alarms.t
-! Jessie [2009-06-23] Option for launching jessie is now -jessie, not
-jessie-analysis
-* Jessie [2009-06-23] Fixed contract for strchr() and strrchr() in
string.h
-* Jessie [2009-06-23] Support for label Post in assigns clauses.
Fixes bug #160
-! Jessie [2009-06-18] GUI mode is now the default, options -jessie-gui and
-jessie-goals do not exists anymore
-* Jessie [2009-06-18] Full support for loop assigns, including those
implicitly generated from function's assigns, fixes bug #41
- GUI [2009-06-18] Change the warning to panel to preserve decent
performance. This imposes lablgtk 2.12 at least.
- Semantic_callgraph [2009-06-15] small change in the computation of services:
the roots are now the same as the syntactic callgraph (while
there is no function pointer).
-! Semantic_callgraph [2009-06-15] new options -scg-dump and -scg-init-func
consistent with the options -cg-dump and -cg-init-func of
the syntactic callgraph.
o Users [2009-06-15] Users are now computed on need while calling
!Db.Users.get
- Journal [2009-06-15] Journal disabled by default in batch mode
-! Kernel [2009-06-10] FRAMAC_DYN_PATH is now called FRAMAC_PLUGIN
-* GUI [2009-06-10] Changes having to do with dependencies between
computations. Hopefully less problems exist now than before.
-* Jessie [2009-06-09] Support for loop assigns, partially fixes bug #41
see tests/jessie/bts0041-bis.c for details
o! Kernel [2009-06-09] Db.Main.extend is now of type unit -> unit
- Kernel [2009-06-08] By default, Frama-C stops on annotation errors.
Option -continue-annotation-error
o GUI [2009-06-05] The plug-in GUI is now packed with the core plug-in
-* Jessie [2009-06-05] Fix bug #!8, compilation of jessie with Apron
-* Configure [2009-06-05] Fixed issues in configure and makefile if
lablgtk2 is not enabled.
o! Kernel [2009-06-03] Moved lightweight annotation support from
Jessie to Kernel. They are now available for all plugins.
Support for lightweight global invariants on globals has
been dropped.
-* Project [2009-06-03] Fixed bug #!113: loading a session containing
a project p referring to another project generated a new
incorrect project p.
o! Project [2009-06-03] Remove functions Project.save and Project.load:
cannot ensure their correctness.
- Kernel [2009-05-29] New options -no-type and -no-obj
- Kernel [2009-05-29] New environment variable FRAMAC_LIB
- Kernel [2009-05-29] When loading a module via -load-module, the
dynamically registered options are now recognized on the
command line.
- Kernel [2009-05-29] New option -load-script to dynamically compile and
load an ocaml script.
-! Journal [2009-05-29] Option -journal-loader-run does not exist anymore.
Use -load-module instead.
o! Logic [2009-05-29] Tresult has a type attached to it
-* Jessie [2009-05-22] fixed bugs #!63 and #71 (labels and \at)
- Slicing [2009-05-20] New option "-slicing-keep-annotations"
o Pdg [2009-05-20] The functions that return nodes from an annotations
now also return a list of the variables declarations nodes.
- Kernel [2009-05-18] Each boolean option now has an opposite.
- Kernel [2009-05-15] New alias "-h" and "--help" for "-help" (bug #61).
o Kernel [2009-05-15] Possibility to define alias for options.
- Kernel [2009-05-14] Better message for errors on the command line.
- Kernel [2009-05-14] Syntax "-option-name=value" is now valid on the
command line. In such a case, [value] may begin by '-',
which is forbidden for the usual syntax "-option-name value".
-* Value [2009-05-11] Fixed bug with the interpretation of "==>".
- Value [2009-05-04] Improved reduction for (ptr-ptr) expressions.
- Value [2009-04-28] Trivially redundant alarms are now
automatically discharged.
- Value [2009-04-28] Improved results for
char ones[] = "11111111";
col_ones = 1 + * (int*) ones;
o Configure [2009-04-21] Explicitly require >= OCaml 3.10.0
-! Inout [2009-04-17] -input_with_formals is now called -input-with-formals
-! Kernel [2009-04-15] New implementation of command line parsing
-* Kernel [2009-04-08] Frama-C has now a very early initialisation step.
That's fixed minor issues with -journal-disable
(bts #!14 and #!16).
o! Kernel [2009-04-07] Cil_state is now called Ast and Cil_state.file
is now called Ast.get.
-* Sparecode [2009-04-07] Selected an annotation attached to a function call
made a wrong propagation in the visibility of the call (bts #!3).
-* Sparecode [2009-04-07] The generated project lost some useful
parameters like the entry point (bts #!10).
o Makefile [2009-04-03] Independent Makefile for dynamic plug-ins.
- Configure [2009-04-01] Auto-detection of lablgtk2's custom tree model.
-* Configure [2009-04-01] Fixed bug with --disable-* options (except when
'*' was a plug-in name).
- Logic [2009-03-27] Overloaded logic symbols.
-* Jessie [2009-03-27] proper message when \lambda is encountered
(bts #?7528).
- Configure [2009-03-27] better message when a plug-in isn't enable by
default.
-* Syntactic_callgraph [2009-03-26] Fixed bug when the callgraph is
computed twice
-* Logic [2009-03-24] Fixed bugs in type unification.
-* Value [2009-03-23] Fixed bug that could appear with assignments
like t[5] = t[4]; where t[4] is not a singleton.
o* Makefile [2009-03-20] Fixed "dist" and "bdist" targets that had been
broken on 02/27.
-* Value [2009-03-20] Fixed performance bug.
- GUI [2009-03-20] Environment variables FRAMAC_MONOSPACEFONT and
FRAMAC_GENERALFONT.
o! Cil [2009-03-19] C expressions now have a unique ID.
See frama-c-commits for details.
-* From [2009-03-17] Improved dependencies + bug fixes
-* GUI [2009-03-17] Fixed bug with some utf8 strings.
-* Value [2009-03-13] Fixed correctness bug that had a tiny chance to
manifest itself when analyzing code that dereferences casted
pointers.
-* Logic [2009-03-11] Fixed predicate typing of \pointer_comparable.
-* Logic [2009-03-11] Changed \result_finite_float into \is_finite_float.
Alarm generation is still untyped.
-* Logic [2009-03-11] Allow \ as first letter of identifier.
o Makefile [2009-02-27] New implementation of (un)verbose mode (bts #?442).
-* Value [2009-02-24] Miscellaneous fixes and tuning.
-* Cil [2009-02-23] Keep track of variables that have block scope
(bts #?218) uninitialize them at the exit of corresponding
block.
- InOut [2009-02-18] Add -out-external option.
-* Cil [2009-02-18] Fixed some localization problems with frontc visitor.
o! Logic [2009-02-13] Merge terms and tsets in the AST.
- Value [2009-02-09] Adjustments in the appearance of some alarms
-* Cil [2009-02-03] Fixed parsing of global initializers like "(3>0)?0:1"
when Cil.lowerConstants is false.
o GUI [2009-01-29] Add function
Design.main_window_extension_points#help_message.
o! Kernel [2009-01-28] Dynamic plug-ins have to take care about
journalisation.
o! Kernel [2009-01-26] Type of Db.register changed in order to be able
to say that a function call must never be written in the journal.
- Journal [2009-01-23] Operations on projects (bts #?436) and code
outputs are journalised.
o! Kernel [2009-01-23] File.pretty does not take anymore a formatter
as argument.
The default output is the one specified by option -ocode.
- Journal [2009-01-23] Journalisation of functions with labels is now
possible (bts #?427).
- Journal [2009-01-21] Journalisation of plug-ins slicing, sparecode,
impact and security done.
- Value [2009-01-20] Minor changes in floating-point handling.
-* Journal [2009-01-19] Fixed bug with -disable-journal and type with
no pretty-printer.
- Configure [2009-01-19] New option -with-all-static in order to
statically link all plug-ins, except those explicitly
specified as dynamic (bts #?430).
-* Journal [2009-01-19] Fixed bug in journalisation of non-functional values.
-* Makefile [2009-01-19] Fixed bug whenever all plug-ins should be static.
-* Makefile [2009-01-19] Fixed bug in compilation of dynamic plug-ins
with a GUI.
-* Logic [2009-01-09] Fixed bug in type-checking of polymorphic functions.
- Logic [2009-01-09] Support for concrete type definition.
- Aorai [2009-01-08] Aorai is now a dynamic plug-in.
- Jessie [2009-01-08] Jessie is now a dynamic plug-in (bts #?419).
- Configure [2009-01-08] For each dynamic plug-in P, a new option
--with-P-static is added to configure.in for linking P
statically with Frama-C.
o Configure [2009-01-08] No longer require to modify the end of
configure.in when you add a new plug-in.
o Kernel [2009-01-06] Dynamic plug-ins can now register their own
types (abstract from the outside) and operations on such
types (bts #?413).
o! Kernel [2009-01-05] Some changes in API of module Type
(bts #?410). In particular:
1) module FunTbl no longer exist. Replaced by Type.Tbl
2) Merge of pretty printer registration with type
registration. No more in module Journal. Only in module Type.
-* GUI [2008-12-22] Reentrancy fix with left panels.
-* Impact [2008-12-22] In the GUI, fixed bug while the analysis raised
an exception. It is now properly caught and displayed on stderr.
- Impact [2008-12-22] In the GUI, highlight the selected statement in cyan.
-! Impact [2008-12-22] Do not select anymore the selected statements
except if they are effectively impacted themselves (bts #?411).
-! GUI [2008-12-21] Code annotation and all globals are now
reactive to selections (bts #?359 and #?387).
-* Jessie [2008-12-20] Support constant sizeof and alignof in logic
terms (bts #?396).
-* GUI [2008-12-20] Fix a bug with broken UTF-8 output on stdout
(bts #?420).
- GUI [2008-12-20] Add 2 separate pages for stdout and stderr
redirections .
- Syntactic_callgraph [2008-12-20] Separate services are now created for
callees of the entry point.
- Impact [2008-12-19] Slicing after impact is now possible (bts #?301).
-* Impact [2008-12-19] Bug fixed in the GUI (on project switching).
- Value [2008-12-18] Improved support for state reduction on a
memory read.
##########################################
Open Source Release 3.1 (Lithium-20081201)
##########################################
-! GUI [2008-12-09] Improved consistency of some information messages.
- Value [2008-12-09] Abstract structs are now supported in
conjunction with option -lib-entry, and invalid to access.
-! Value [2008-12-09] Removed outdated warning about uninitialized
const variables.
o! Cil [2008-12-09] Modified typeForInsertedCast hook to take as
arguments the expression and its original type in addition
to the destination type.
o* Makefile [2008-12-02] Fixed various bugs in Makefile.template.
- Logic [2008-11-24] Added support for (wide) string constants in
ACSL formula.
-! Kernel [2008-11-21] Changed the definition of non-determinist
functions in builtin.c. These functions no longer rely on a
volatile variable. Analysis logs may change slightly as a result.
- Value [2008-11-21] Introduced preliminary support for state
reductions on a memory read access. This should eliminate
some redundant alarms.
- Sparecode [2008-11-20] New option -rm-unused-globals to remove unused
global variables and types.
-! Slicing [2008-11-20] Unused global variables and types are now
removed in sparecode analysis and slicing results.
o Cil [2008-11-17] New methods current_function and current_kf
methods (bts #?406).
o! Cil [2008-11-17] enum items now have their own type and are
shared between declaration and use.
o Cil [2008-11-17] New methods for visiting compinfo, enuminfo,
fieldinfo and enumitem (prevents potential misuse of copy
visitor for these types).
-* Jessie [2008-11-14] Fixed bug with multiple labels in axiomatic
definitions.
- Jessie [2008-11-14] Added example tests/jessie/minimum_sort.c in
Jessie tutorial.
-* Jessie [2008-11-10] Fixed problem with array in logical annotations.
-* Jessie [2008-11-05] Fixed problem with memory model preventing the
proof of some pointer programs. The solution is to require
pointers that are compared to belong to the same allocated
memory block, which can be expressed in logical annotations
using equality of \base_addr constructs.
- Impact [2008-11-04] In the GUI, new panel to manage impact analysis
actions.
o Makefile [2008-11-03] Support for native compilation in Makefile.template
(require ocaml >= 3.11).
##########################################
Open Source Release 3.0 (Lithium-20081002)
##########################################
-! Value [2008-10-23] Changed behavior of option
-context-valid-pointers to make it more like the
documentation says it is.
-* Value [2008-10-23] Fixed a bug introduced with the "value
concatenation" feature where an imprecise value obtained by
reading misaligned data would have the origin "Arithmetic"
instead of "Misaligned".
-* Value [2008-10-14] Fixed huge bug in the computation of the
dependencies of an expression. Differences are most visible
in the results of options -input and -deps, and of course
all she slicing options that make use of these.
o! Value [2008-10-14] Removed argument ~skip_base_deps from all
functions in Db.Value that had one. This argument did not
make sense.
- Slicing [2008-10-07] In the GUI, slicing request related to values
returned by functions is available from the contextual submenu.
- Slicing [2008-10-07] In the GUI, new panel to manage slicing actions.
- Semantic_callgraph [2008-09-24] New option -scg-dump to dump a semantic
callgraph to stdout.
- Logic [2008-09-23] Support for address-of operator (&) in tsets.
- Logic [2008-09-18] Basic support for sets as first-class value.
- Kernel [2008-09-15] Added option -warn-unspecified-order to display
a warning for each unspecified sequence containing writes.
o Ptests [2008-09-11] Added config option STDOPT (see developer's
manual for details).
o! Kernel [2008-09-11] Refined UnspecifiedSequence information.
-! Value [2008-09-11] Raise alarm for undefined behavior caused by
side-effects in UnspecifiedSequence (except for function calls).
- Value [2008-09-11] Added option -no-unspecified-access to disable
alarm above.
- Logic [2008-09-04] Support for \separated.
- Inout [2008-09-04] New option -input_with_formals.
- Journal [2008-08-28] New options available -load-journal, -journal-name,
-journal-disable for user management of journals.
- Journal [2008-08-22] Journalization available (only Cmdline and
Occurrence are done yet).
-* Logic [2008-08-21] Fixed typing error of pointer lval hidden by typdefs.
- Deps [2008-08-01] In the GUI, the "Dependencies" contextual menu
provides the old "Scope" and "Show Def" features in addition
to the new "Zones" feature. These three actions can be
launch together with the "All" button.
- Slicing [2008-07-22] In the GUI, implemented feature request related to
highlighting when the source function is called, for CAT/AF
evaluation.
- Project [2008-07-21] Projectification of machdep (bts #?101).
-* Logic [2008-07-21] Fixed bug "0 can be seen as pointer to any
type" (bts #?338).
-* Pdg [2008-07-21] Fixed bugs for CAT/AF evaluation.
- GUI [2008-07-18] Lower the bound on maximum number of displayed
globals to 20 (bts #?342).
- Slicing [2008-07-18] In the GUI, request related to read/write
accesses to lvalues is available from the contextual submenu.
-* Slicing [2008-07-18] In the GUI, fixed bugs related to enabling/disabling
conditions of the slicing submenu.
- Kernel [2008-07-17] Dynamic linking of plugin available (experimental).
o! Cil [2008-07-17] AST changes for unspecified sequences (experimental).
-* Jessie [2008-07-16] Fixed path problems with binary distributions.
#########################################
Open Source Release 2.0 (Helium-20080701)
#########################################
- Occurrence [2008-07-11] Occurrences of a variable can be computed from
any occurrence of the program (not only from its declaration).
- Project [2008-07-11] Loading works even if the configuration while
saving is not exactly equal to the one while loading.
- Pdg [2008-07-09] Improvement of the precision of interprocedural
analysis (bts #?179).
-* Impact [2008-07-02] Fixed bug when a function is undefined (bts #?322).
- Logic [2008-07-02] Typing of recursive logic functions.
- Logic [2008-07-02] Enforce correct return type of logic functions.
- Sparecode [2008-07-01] New option -sparecode-no-annot
(bts #?331 and #?334).
-* Pdg [2008-06-26] Fixed bug in interprocedural analysis (bts #?324).
- Slicing [2008-06-24] In the GUI, slicing contextual submenu available.
-! Logic [2008-06-24] Merge predicates and logic functions when
linking multiple c files.
o! Logic [2008-06-24] AST changes for invariants.
-! GUI [2008-06-23] Enforce lablgtksourceview dependency and
suppressed camlp4 need.
- GUI [2008-06-23] First rehighlight support.
- Slicing [2008-06-19] Some slicing requests are available from the GUI.
- Configure [2008-06-19] ./configure will not emit so many warning when
gui is not available (bts #?296).
- GUI [2008-06-18] Invalidate display cache on project switching.
-! Value [2008-06-18] Do not emit imprecision tracing warning when a
lval=lval is optimized.
- Value [2008-06-18] New option -context-width for auto-allocated
context pointer width. Defaults to 2.
- Makefile [2008-06-17] Prefix install directories by the value of DESTDIR
(patch contributed by Igor Galic).
-! Logic [2008-06-17] \valid* predicates rejects void pointers.
-! Value [2008-06-16] Removed last top from merging leaf functions returns.
- Value [2008-06-13] Some partial builtin_va_start support
- Value [2008-06-13] New implicit context generation with a fixed
width of 6 (an option will be available later).
-! Value [2008-06-12] Remove remaining TOP in value analysis: WELL at
amx-valid-depth and for leaf functions.
- GUI [2008-06-10] Improve speed of configuration menu.
-! Kernel [2008-06-10] Change -lib-entry option into a
boolean. "-lib-entry foo" becomes "-lib-entry -main foo"
- Metrics [2008-06-10] Number of syntactic calls by functions and
potential entry points.
- Metrics [2008-06-10] New option -metrics-dump.
-! Constfold [2008-06-09] Semantic constant folding does not introduce
casts by default.
- Constfold [2008-06-09] New option -cast-from-constant has been added
to allows cast introductions.
-! Kernel [2008-06-06] Do not remove unused static functions.
-! Logic [2008-06-05] Quantification over arrays are interpreted as
quantification over pointers to be consistent with
predicates and C function calls.
- Logic [2008-06-05] Pretty printing of pointer accesses in terms
and tsets are now much nicer. For example *(T+(0+i..j))
becomes T[0+i..j].
-! Value [2008-06-05] Separate warnings for uninitialized and
addresses escaping their scopes (these used to be grouped
together as "unspecified" alarms)
-* Makefile [2008-06-04] Fixed bug in "make distclean" (bts #?308).
-* Logic [2008-06-03] Correct typing for predicates: no more
dangerous promotions.
- Logic [2008-06-03] Typing of terms: implement ACSL semantics for
integral/real promotions.
- Logic [2008-06-03] Better error messages for logic typing errors.
-! Logic [2008-06-03] Support for constant predicates and functions
(breaks 0-argument old syntax).
-* Kernel [2008-06-03] Correct promotion rules from bitfields to integers.
-* Kernel [2008-06-02] -machdep was ignored (bts #?309).
###########################################
Open Source Release 1.2 (Hydrogen-20080502)
###########################################
o* Makefile [2008-05-21] Fixed bug in "make clean-doc" (and "make distclean").
- GUI [2008-05-19] All internal options are available in the GUI
preferences pannel.
###########################################
Open Source Release 1.1 (Hydrogen-20080501)
###########################################
-! Value [2008-04-24] Display a warning whenever an uninitialized value
causes the death of a branch.
- GUI [2008-04-18] Project names are pairwise different in the GUI.
-* GUI [2008-04-17] Win32 default fonts fixed.
- Value [2008-04-14] In the GUI, function level information displayed in
Information panel.
- GUI [2008-04-14] Progress added in existing plugins.
- GUI [2008-04-10] Buffer memoization for speedup.
- GUI [2008-04-10] Persistent position.
- GUI [2008-04-10] No file selection on startup.
- Scope [2008-04-09] First release of the plug-in (bts #?191).
- Impact [2008-04-08] Available from toplevel through -impact-pragma
and -impact-print.
o Project [2008-04-08] Warnings are project compliant.
- GUI [2008-04-07] Large improvements in reactivity
-* GUI [2008-04-07] Prefs/Execute bugs fixed.
o GUI [2008-04-07] Project management redesigned for older Gtk and
for the best.
-* Project [2008-04-07] Fixed bug in save/load with duplicated computations.
-* Project [2008-04-07] Inconsistent data with multiple projects and
while removing projects.
-* Kernel [2008-04-01] Various Win32 path fixes.
- Kernel [2008-04-01] Option -no-unicode : do not print Unicode chars.
######################################
Binary Release 1.0 (Hydrogen-20080302)
######################################
- Occurrence [2008-03-17] New option -occurrence.
- Occurrence [2008-03-17] First release of the plug-in.
-* GUI [2008-03-16] GUI no longer frozen during computations.
- GUI [2008-03-16] 'New' menu entry.
-* Makefile [2008-03-14] Fixed bug with GUI compilation.
-* Project [2008-03-14] Fixed bug with checksum computation during save/load.
-* Slicing [2008-02-25] Fixed bug in interprocedural slicing (bts #?201).
###########################################
Open Source Release 1.0 (Hydrogen-20080301)
###########################################
- Kernel [2008-03-01] First release.
###################
# Local Variables:
# mode: text
# End:
###################