--- layout: fc_discuss_archives title: Message 20 from Frama-C-discuss on July 2020 ---
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] strlen axioms and memory space



Hi Denis,

Your link actually leads to even more "interesting" thoughts. My axiom
stated that any strlen should be less or equal than UINTPTR_MAX. But
assuming that strings s1 and s2 are not overlapping, the sum of their
lengths is seemingly less or equal than UINTPTR_MAX.


On Thu, Jul 30, 2020 at 2:44 PM Denis Efremov <efremov at ispras.ru> wrote:

> Hi,
>
> On 7/30/20 11:36 PM, Yurii Rashkovskii wrote:
> >
> > I have a question / thought to bounce off. I've been recently trying to
> prove a few properties on some trivial functions in a small project of mine
> (https://github.com/yrashk/clam).
> >
> > I ran into an interesting aspect where I needed to do extensive checks
> on certain counters not hitting UINTPTR_MAX. I have managed to simplify
> that with a rather trivial axiom:
> >
> >
> https://github.com/yrashk/clam/commit/e84af3bf8d72ebdcec392589e189952d560ba28a
> >
> > (obviously, I would have preferred an actual prove, but I am but a
> novice)
> >
> > I am wondering if any thought has been previously given on such cases
> where, for example `strlen` axioms are bound by \forall ℤ which is
> admittedly wider than pointers would allow?
> >
> > Is my approach anywhere close to reasonable? Should Frama-C axiomatics
> include more consideration for the [limited] pointer integer universe?
>
> I faced it while proving strcat
>
> https://github.com/evdenis/verker/blob/master/src/strcat.h#L14
>
> Regards,
>
> Denis
>
>

-- 
Y.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gforge.inria.fr/pipermail/frama-c-discuss/attachments/20200730/bb2996f8/attachment-0001.html>