Andre Maroneze · ec4e6415
--- a/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+++ b/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+[Eva user manual](https://www.frama-c.com/download/frama-c-eva-manual.pdf).
+This annex, titled *ACSL Quick Guide for Eva*, is targeted towards a slightly
+different audience, including complete ACSL beginners. In this blog post,
+we present the annex, its motivation, and summarize its most interesting
+contents.
+
+## Yet Another ACSL Tutorial?
+
+[ACSL, the ANSI/ISO C Language](https://frama-c.com/html/acsl.html), the
+*lingua franca* of Frama-C, is important for most, if not all, Frama-C users.
+Fortunately, most users will _never_ (or rarely) need to read the
+[ACSL reference manual](https://frama-c.com/download/acsl.pdf), just like most
+Java programmers will never have to read the
+[Java Language Specification](https://docs.oracle.com/javase/specs/jls/se18/html/index.html),
+and most C programmers... well, most C programmers _should_ have
+to read the C standard, just to realize how deep the madness goes<sup>1</sup>.
-and most C programmers... well, most C programmers _should_ have
-to read the C standard, just to realize how deep the madness goes<sup>1</sup>.
+and most C programmers... well, most C programmers _should_
+read the C standard, just to realize how deep the madness goes<sup>1</sup>.
--- a/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+++ b/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+
+## Yet Another ACSL Tutorial?
+
+[ACSL, the ANSI/ISO C Language](https://frama-c.com/html/acsl.html), the
+*lingua franca* of Frama-C, is important for most, if not all, Frama-C users.
+Fortunately, most users will _never_ (or rarely) need to read the
+[ACSL reference manual](https://frama-c.com/download/acsl.pdf), just like most
+Java programmers will never have to read the
+[Java Language Specification](https://docs.oracle.com/javase/specs/jls/se18/html/index.html),
+and most C programmers... well, most C programmers _should_ have
+to read the C standard, just to realize how deep the madness goes<sup>1</sup>.
+But I digress.
+
+<sup>1</sup> At least for critical applications, a test on C semantics
+should be a prerequisite for those deciding its application; that would
+motivate them to consider implementing the application in a better
--- a/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+++ b/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+[Java Language Specification](https://docs.oracle.com/javase/specs/jls/se18/html/index.html),
+and most C programmers... well, most C programmers _should_ have
+to read the C standard, just to realize how deep the madness goes<sup>1</sup>.
+But I digress.
+
+<sup>1</sup> At least for critical applications, a test on C semantics
+should be a prerequisite for those deciding its application; that would
+motivate them to consider implementing the application in a better
+(and safer) language.
+
+ACSL has currently at least 2 excellent guides:
+[Blanchard's WP tutorial](https://allan-blanchard.fr/frama-c-wp-tutorial.html),
+available in English *and* French, and
+[ACSL by Example](https://github.com/fraunhoferfokus/acsl-by-example), by
+Gerlach et al., from Fraunhofer FOKUS. However, their target audience are
+mainly [WP](https://frama-c.com/fc-plugins/wp.html) users, who eat (froot) loop
--- a/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+++ b/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+and most C programmers... well, most C programmers _should_ have
+to read the C standard, just to realize how deep the madness goes<sup>1</sup>.
+But I digress.
+
+<sup>1</sup> At least for critical applications, a test on C semantics
+should be a prerequisite for those deciding its application; that would
+motivate them to consider implementing the application in a better
+(and safer) language.
+
+ACSL has currently at least 2 excellent guides:
+[Blanchard's WP tutorial](https://allan-blanchard.fr/frama-c-wp-tutorial.html),
+available in English *and* French, and
+[ACSL by Example](https://github.com/fraunhoferfokus/acsl-by-example), by
+Gerlach et al., from Fraunhofer FOKUS. However, their target audience are
+mainly [WP](https://frama-c.com/fc-plugins/wp.html) users, who eat (froot) loop
+invariants for breakfast. These guides *must* be as thorough as possible,
--- a/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+++ b/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+to read the C standard, just to realize how deep the madness goes<sup>1</sup>.
+But I digress.
+
+<sup>1</sup> At least for critical applications, a test on C semantics
+should be a prerequisite for those deciding its application; that would
+motivate them to consider implementing the application in a better
+(and safer) language.
+
+ACSL has currently at least 2 excellent guides:
+[Blanchard's WP tutorial](https://allan-blanchard.fr/frama-c-wp-tutorial.html),
+available in English *and* French, and
+[ACSL by Example](https://github.com/fraunhoferfokus/acsl-by-example), by
+Gerlach et al., from Fraunhofer FOKUS. However, their target audience are
+mainly [WP](https://frama-c.com/fc-plugins/wp.html) users, who eat (froot) loop
+invariants for breakfast. These guides *must* be as thorough as possible,
+since their users will need to not only _read_ but also _write_ lots of ACSL.
--- a/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+++ b/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+zero-ACSL-required tutorial.
+
+## ACSL ∩ Eva in 10 pages
+
+Writing a quick ACSL guide for Eva allows us to simplify the presentation
+and avoid content that is irrelevant for Eva, either because currently
+unsupported (such as some higher-level logic features), or because it never
+appears in the specifications used by Eva. We also designed a few sections
+as optional material, with predicates which are _sometimes_ seen in libc
+specifications (and thus potentially relevant for Eva), but not essential
+for first-time users. We also included sections on behaviors (not for the
+faint-hearted, but essential for precision and thus present in several libc
+specifications), dynamic memory allocation, and some unintuitive features
+that might confuse users. Finally, in the end, we added a
+*FAQ/Troubleshooting/Common errors* section, whose purpose is to, ideally,
+allow users to Ctrl+V unexpected error messages and hopefully get a direct
--- a/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+++ b/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+as optional material, with predicates which are _sometimes_ seen in libc
+specifications (and thus potentially relevant for Eva), but not essential
+for first-time users. We also included sections on behaviors (not for the
+faint-hearted, but essential for precision and thus present in several libc
+specifications), dynamic memory allocation, and some unintuitive features
+that might confuse users. Finally, in the end, we added a
+*FAQ/Troubleshooting/Common errors* section, whose purpose is to, ideally,
+allow users to Ctrl+V unexpected error messages and hopefully get a direct
+explanation about them. This section can definitely benefit from user
+feedback; if you find an error message that seems too cryptic or that took
+you longer than necessary to understand, please consider
+[filing an issue](https://git.frama-c.com/pub/frama-c/-/issues/new)
+with the code and the message, and we'll consider incorporating it in the
+guide. If you are really motivated, you can even create a merge request
+in our Gitlab! The Eva user manual is part of the source code of Frama-C,
+in directory `doc/value`, so everyone can contribute. That is also one
--- a/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+++ b/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+with the code and the message, and we'll consider incorporating it in the
+guide. If you are really motivated, you can even create a merge request
+in our Gitlab! The Eva user manual is part of the source code of Frama-C,
+in directory `doc/value`, so everyone can contribute. That is also one
+of the benefits of integrating the guide into the user manual, and not in a
+blog post.
+
+## Conclusion
+
+We expect this guide to be especially useful for new Frama-C/Eva users, who
+have never seen ACSL before and would like to start using Eva as quickly as
+possible, without having to invest too much time into learning. Of course,
+code relying heavily on C standard library files, or requiring stubs for
+complex reasoning, will always require some effort; but lowering that effort
+is one of the objectives of Frama-C: showing that formal methods can be
+efficiently applied at industrial scale, to help cope with this *aweful*
--- a/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+++ b/_posts/2022-04-xx-eva-acsl-quick-guide.md 0 → 100644
+and just keep on verifying their code as automatically as they can
+(with Frama-C as inconspicuous as possible), such guides are more than they
+need.
+
+This is one of the motivations of the original blog post series mentioned
+in the beginning of this post. However, industrial users over the years have
+shown us that those posts *still* require some knowledge of ACSL (it is
+written in the first post: *Prerequisites: ... Basic knowledge of ACSL*). But
+then, where do they get such *basic knowledge*? From reading the ACSL
+language specification (oh, the horror!)? From reading one of these WP guides?
+But then, where do they start, and where do they stop? Should users just
+learn by themselves by reading Frama-C's standard library specifications?
+None of these solutions is satisfying. Hence the need for a new,
+zero-ACSL-required tutorial.
+
+## ACSL ∩ Eva in 10 pages