Frama-C API - Eva

Internal and External signature of abstractions used in the Eva engine.

An abstract context can be used to transfer information from the state of an abstract domain, in which an expression or lvalue is evaluated, to a value abstraction, which interprets operations during this evaluation. The context is built by the function build_context of abstract domains, and passed as argument of most transfer functions from Abstract_value.

Abstract domains of the analysis.

Abstract memory locations of the analysis.

Abstract numeric values of the analysis.

Map from alarms to status. Returned by the abstract semantics to report the possible undefined behaviors.

Datastructures and common operations for the results of the From plugin.

Requests registered to the Frama-C server; nothing is exported.

Heuristic for automatic loop unrolling.

Functions related to the backward propagation of the value of formals at the end of a call. When possible, this value is propagated to the actual parameter.

Eva analysis builtins for the cvalue domain, more efficient than their equivalent in C.

Builtins for standard floating-point functions.

Dynamic allocation related builtins. Most functionality is exported as builtins.

Nothing is exported, all the builtins are registered through Builtins.register_builtin

Builtins for normalization and dumping of values or state. Builtins are registered directly, and are not exported here.

Value analysis of entire functions, using Eva engine.

Cartesian product of two context abstractions.

Abstract reductions on Cvalue.V.t

Register actions to performed during the Eva analysis, with access to the states of the cvalue domain. This API is for internal use only, and may be modified or removed in a future version. Please contact us if you need to register callbacks to be executed during an Eva analysis.

Main domain of the Value Analysis.

Forward operations on Cvalue.V.t

Auxiliary functions on cvalue offsetmaps, used by the cvalue domain.

Transfer functions for the main domain of the Value analysis.

Automatic builders to complete abstract domains from different simplified interfaces.

This module defines the mode to restrict an abstract domain on specific functions.

Signature of abstractions used in the Eva engine.

Equalities between syntactic lvalues and expressions.

Register special annotations to locally guide the Eva analysis:

Eva Syntax Tree.

Dependencies of expressions and lvalues.

Types definition of the Eva AST for lvalues and expressions. Should also include ACSL terms and predicates in the future. Most types are similar to Cil_types.

Utilitary functions on the Eva AST of lvalues and expressions.

Rewriting visitor

Eva automata are Interpreted_automata where transitions have been translated to the Eva AST and where useless transitions have been replaced by Skip. As such, it essentially differs by its simpler vertex, edge and transitions types.

Access to other plugins API via Dynamic.get.

Numeric evaluation. Factored with evaluation in the logic.

Evaluation of terms and predicates

Functions related to type conversions

Generic evaluation and reduction of expressions and left values.

Gauges domain ("Arnaud Venet: The Gauge Domain: Scalable Analysis of Linear Inequality Invariants. CAV 2012")

Hash-consed expressions and lvalues.

The goal of this module is to provide a way to build a sound overapproximation of the semantics of IEEE-754 correctly rounded operations for floating-point formats supported by the C language.

This module provides the type definitions and module signatures used by the IEEE754 module to build an abstract semantics of floating-point computations as defined by the IEEE-754 standard. See this module for more information.

Creation of the initial state of abstract domain.

Read and written memory zones at some given Position.t point.

Computation of inputs of outputs.

Auxiliary functions to mark invalid (more precisely 'escaping') the references to a variable whose scope ends.

Functions used by the Inout and From plugins to interpret predicate and assigns clauses. This API may change according to these plugins development.

Main memory locations of Eva that can be used by abstract domains.

Main numeric values of Eva that can be used by abstract domains.

A partition is a collection of states, each identified by a unique key. The keys define the states partition: states with identical keys are joined together, while states with different keys are maintained separate. A key contains the reason for which a state must be kept separate from others, or joined with similar states.

A partitioning index is a collection of states optimized to determine if a new state is included in one of the states it contains — in a more efficient way than to test the inclusion with all stored states. Such an index is used to keep track of all the states already propagated through a control point, and to rule out new incoming states included in previous ones.

Fine-tuning for slevel, according to //@ slevel directives.

Description of the current position of the analysis.

For internal use only: optional domains (numerors and apron) are compiled separately from the Eva core. This is used to give them access to the internal modules of Eva they need.

Handling of recursion cycles in the callgraph

This modules stores the alarms and properties for which a red status has been emitted.

Eva's result API is a new interface to access the results of an analysis, once it is completed. It may slightly change in the future.

Abstraction of the sign of integer variables.

Sign domain: abstraction of integer numerical values by their signs.

Simple memory abstraction for scalar non-volatile variables, built upon a value abstraction. Basically a map from variable to values.

Simplified interfaces for abstract domains. Complete abstract domains can be built from these interfaces through the functors in Domain_builder. More documentation can be found on the complete interface of abstract domains, in Abstract_domain.

This module is used to merge together the final states of a function according to a given strategy. Default is to merge all states together

Requests registered to the Frama-C server; nothing is exported.

Gadt describing the structure of a tree of different data types, and providing fast accessors of its nodes. The leaves must provide a key from a Key module, see key.mli for details.

Subdivision of the evaluation on non-linear expressions: for expressions in which some l-values appear multiple times, proceed by disjunction on their abstract value, in order to gain precision.

Domain that store information on non-precise l-values such as t[i] or *p when i or p is not exact.

Domain for a taint analysis.

Helper module to register read and written memory zones to Inout_access in Transfer_stmt and Transfer_specification

Interpretation of function specification.

Currently tested by this module:

Cartesian product of two value abstractions.

Requests registered to the Frama-C server; nothing is exported.

Per-function computation of widening hints.

Syntax extension for widening hints, used by Value.