Frama-C API - Make
Builds an analysis engine for the given abstractions.
Parameters
module Abstract : Abstractions.SSignature
include Engine_sig.S with type Ctx.t = Abstract.Ctx.t with type Val.t = Abstract.Val.t with type Loc.location = Abstract.Loc.location with type Dom.state = Abstract.Dom.state
The four abstractions: values, locations, states and evaluation context, plus the evaluation engine for these abstractions.
include Engine_abstractions_sig.S with type Ctx.t = Abstract.Ctx.t with type Val.t = Abstract.Val.t with type Loc.location = Abstract.Loc.location with type Dom.state = Abstract.Dom.state
module Ctx : Engine_abstractions_sig.Context with type t = Abstract.Ctx.tmodule Val : Engine_abstractions_sig.Value with type context = Ctx.t with type t = Abstract.Val.tmodule Loc : Engine_abstractions_sig.Location with type value = Val.t with type location = Abstract.Loc.locationmodule Dom : Engine_abstractions_sig.Domain with type value = Val.t and type location = Loc.location and type context = Ctx.t with type state = Abstract.Dom.statemodule Eval : Evaluation_sig.S with type state = Dom.t and type context = Ctx.t and type value = Val.t and type loc = Loc.location and type origin = Dom.originmodule Transfer_inout : Engine_sig.Transfer_inout with type location = Loc.location and type value = Val.t and type valuation = Eval.Valuation.tmodule Transfer_stmt : Engine_sig.Transfer_stmt with type state = Dom.tmodule Transfer_logic : Engine_sig.Transfer_logic with type state = Dom.tmodule Transfer_specification : Engine_sig.Transfer_specification with type state = Dom.t and type value = Val.t and type location = Loc.locationmodule Initialization : Engine_sig.Initialization with type state = Dom.tmodule Iterator : Engine_sig.Iterator with type state = Dom.tmodule Compute : Engine_sig.Compute with type state = Dom.t and type value = Val.t and type loc = Loc.locationmodule Interferences : Engine_sig.Interferences with type state = Dom.tinclude Engine_sig.Results with type state := Dom.state and type value := Val.t and type location := Loc.location
Access to abstract states inferred by the analysis
val get_global_state : unit -> Dom.state Eval.or_top_bottomReturn the abstract state computed at the start of the analysis, as entry point of the main function, after the initialization of global variables and main arguments.
val get_stmt_state : after:bool -> Frama_c_kernel.Cil_types.stmt -> Dom.state Eval.or_top_bottomReturn the abstract state inferred before or after a given statement. This is the join of the states inferred for each callstack.
val get_stmt_state_by_callstack : ?selection:Callstack.t list -> after:bool -> Frama_c_kernel.Cil_types.stmt -> Dom.state Callstack.Hashtbl.t Eval.or_top_bottomReturn the abstract state inferred before or after a given statement, for each callstack in which the analysis has reached the statement. The optional argument selection allows selecting only some callstacks: it is more efficient to select fewer callstacks, if not all are needed.
val get_initial_state : Frama_c_kernel.Cil_types.kernel_function -> Dom.state Eval.or_top_bottomReturn the abstract state inferred at start of a given function. This is the join of states inferred for each callstack.
val get_initial_state_by_callstack : ?selection:Callstack.t list -> Frama_c_kernel.Cil_types.kernel_function -> Dom.state Callstack.Hashtbl.t Eval.or_top_bottomReturn the abstract state inferred as entry point of the given function, for each callstack in which the function has been analyzed. The optional argument selection allows selecting only some callstacks: it is more efficient to select fewer callstacks, if not all are needed.
Shortcuts for the evaluation in an abstract state
val eval_expr : Dom.state -> Eval.exp -> Val.t Eval.evaluatedEvaluates the value of an expression in the given state.
val copy_lvalue : Dom.state -> Eval.lval -> Val.t Eval.flagged_value Eval.evaluatedEvaluates the value of an lvalue in the given state, with possible indeterminateness: non-initialization or escaping addresses.
val eval_lval_to_loc : Dom.state -> Eval.lval -> Loc.location Eval.evaluatedEvaluates the location of an lvalue in the given state, for a read access (invalid location for a read access are ignored).
val eval_function : Dom.state -> ?args:Eval.exp list -> Eval.lhost -> Frama_c_kernel.Cil_types.kernel_function list Eval.or_top_bottom * Alarmset.tEvaluates the function argument of a Call constructor.
val assume_cond : pos:Position.t -> Dom.state -> Eval.exp -> bool -> Dom.state Eval.or_bottomassume_cond ~pos state expr b reduces the given abstract state by assuming exp evaluates to:
- a non-zero value if
bis true; - zero if
bis false.