Frama-C

Last updated December 21, 2024 • 2 min readFrom Wikipedia, The Free Encyclopedia

Frama-C

Developer(s)	Commissariat à l'Énergie Atomique (CEA-List) and Inria
Repository	git.frama-c.com/pub/frama-c
Written in	OCaml
Operating system	Microsoft Windows, FreeBSD, OpenBSD, Linux, Mac OS X
Available in	English
Type	Formal verification, Static code analysis
License	mostly LGPL, some parts under BSD licenses
Website	frama-c.com

Frama-C^[1] stands for Framework for Modular Analysis of C programs . Frama-C is a set of interoperable program analyzers for C programs. Frama-C has been developed by the French Commissariat à l'Énergie Atomique et aux Énergies Alternatives (CEA-List)^[2] and Inria. It has also received funding from the Core Infrastructure Initiative. Frama-C, as a static analyzer, inspects programs without executing them. Despite its name, the software is not related to the French project Framasoft.

Architecture
Features
See also
References
External links

Architecture

This section is missing information about use of Clang for C++ input at least since 2014. Please expand the section to include this information. Further details may exist on the talk page.(September 2021)

Frama-C has a modular plugin architecture^[3] comparable to that of Eclipse (software) or GIMP.

Frama-C relies on CIL (C Intermediate Language) to generate an abstract syntax tree. The abstract syntax tree supports annotations written in ANSI/ISO C Specification Language (ACSL).

Several modules can manipulate the abstract syntax tree to add ANSI/ISO C Specification Language (ACSL) annotations. Among frequently used^{[ vague ]} plugins are:

Value analysis – computes a value or a set of possible values for each variable in a program. This plugin uses abstract interpretation techniques and many other plugins make use of its results.
Jessie – verifies properties in a deductive manner. Jessie relies on the Why^[4] or Why3 back-end to enable proof obligations to be sent to automatic theorem provers like Z3, Simplify, Alt-Ergo or interactive theorem provers like Coq or Why. Using Jessie, an implementation of bubble-sort or a toy e-voting system can be proved to satisfy their respective specifications. It uses a separation memory model inspired by separation logic.
WP (Weakest Precondition) – similar to Jessie, verifies properties in a deductive manner. Unlike Jessie, it focuses on parameterization with regards to the memory model. WP is designed to cooperate with other Frama-C plugins such as the value analysis plug-in, unlike Jessie that compiles the C program directly into the Why language. WP can optionally use the Why3 platform to invoke many other automated and interactive provers.
E-ACSL – (for Executable ACSL) instruments a program to perform runtime verification of properties, possibly in complement with other plugins such as value analysis and WP (e.g. by checking assertions at runtime for the properties that could not be statically verified with the other plugins).
Impact analysis – highlights the impacts of a modification in the C source code.
Slicing – enables slicing of a program. It enables generation of a smaller new C program that preserves some given properties.^[5]
Spare code – removes useless code from a C program.

Other plugins are:

Dominators – computes dominators and postdominators of statements.
From analysis – computes functional dependencies.

Features

Frama-C can be used for the following purposes:

To understand C code which you have not written. In particular, Frama-C enables one to observe a set of values, slice the program into shorter programs, and navigate in the program.
To prove formal properties on the code. Using specifications written in ANSI/ISO C Specification Language enables it to ensure properties of the code for any possible behavior. Frama-C handles floating point numbers.^[6]
To enforce coding standards or code conventions on C source code, by means of custom plugin(s)^[7]
To instrument C code against some security flaws^[8]

Related Research Articles

In computability theory, Rice's theorem states that all non-trivial semantic properties of programs are undecidable. A semantic property is one about the program's behavior, unlike a syntactic property. A non-trivial property is one which is neither true for every program, nor false for every program.

In computer science, static program analysis is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution in the integrated environment.

In software engineering and computer science, abstraction is the process of generalizing concrete details, such as attributes, away from the study of objects and systems to focus attention on details of greater importance. Abstraction is a fundamental concept in computer science and software engineering, especially within the object-oriented programming paradigm. Examples of this include:

An abstract syntax tree (AST) is a data structure used in computer science to represent the structure of a program or code snippet. It is a tree representation of the abstract syntactic structure of text written in a formal language. Each node of the tree denotes a construct occurring in the text. It is sometimes called just a syntax tree.

In computer science, formal methods are mathematically rigorous techniques for the specification, development, analysis, and verification of software and hardware systems. The use of formal methods for software and hardware design is motivated by the expectation that, as in other engineering disciplines, performing appropriate mathematical analysis can contribute to the reliability and robustness of a design.

In computer programming, a type system is a logical system comprising a set of rules that assigns a property called a type to every term. Usually the terms are various language constructs of a computer program, such as variables, expressions, functions, or modules. A type system dictates the operations that can be performed on a term. For variables, the type system determines the allowed values of that term.

In the context of hardware and software systems, formal verification is the act of proving or disproving the correctness of a system with respect to a certain formal specification or property, using formal methods of mathematics. Formal verification is a key incentive for formal specification of systems, and is at the core of formal methods. It represents an important dimension of analysis and verification in electronic design automation and is one approach to software verification. The use of formal verification enables the highest Evaluation Assurance Level (EAL7) in the framework of common criteria for computer security certification.

SPARK is a formally defined computer programming language based on the Ada programming language, intended for the development of high integrity software used in systems where predictable and highly reliable operation is essential. It facilitates the development of applications that demand safety, security, or business integrity.

This is an alphabetical list of articles pertaining specifically to software engineering.

Dynamic program analysis is the act of analyzing software that involves executing a program – as opposed to static program analysis, which does not execute it.

The DMS Software Reengineering Toolkit is a proprietary set of program transformation tools available for automating custom source program analysis, modification, translation or generation of software systems for arbitrary mixtures of source languages for large scale software systems. DMS was originally motivated by a theory for maintaining designs of software called Design Maintenance Systems. DMS and "Design Maintenance System" are registered trademarks of Semantic Designs.

The ANSI/ISO C Specification Language (ACSL) is a specification language for C programs, using Hoare style pre- and postconditions and invariants, that follows the design by contract paradigm. Specifications are written as C annotation comments to the C program, which hence can be compiled with any C compiler.

CADP is a toolbox for the design of communication protocols and distributed systems. CADP is developed by the CONVECS team at INRIA Rhone-Alpes and connected to various complementary tools. CADP is maintained, regularly improved, and used in many industrial projects.

George Ciprian Necula is a Romanian computer scientist, engineer at Google, and former professor at the University of California, Berkeley who does research in the area of programming languages and software engineering, with a particular focus on software verification and formal methods. He is best known for his Ph.D. thesis work first describing proof-carrying code, a work that received the 2007 SIGPLAN Most Influential POPL Paper Award.

<span class="mw-page-title-main">Device driver synthesis and verification</span>

Device drivers are programs which allow software or higher-level computer programs to interact with a hardware device. These software components act as a link between the devices and the operating systems, communicating with each of these systems and executing commands. They provide an abstraction layer for the software above and also mediate the communication between the operating system kernel and the devices below.

The following outline is provided as an overview of and topical guide to C++:

AbsInt is a software-development tools vendor based in Saarbrücken, Germany. The company was founded in 1998 as a technology spin-off from the Department of Programming Languages and Compiler Construction of Prof. Reinhard Wilhelm at Saarland University. AbsInt specializes in software-verification tools based on abstract interpretation. Its tools are used worldwide by Fortune 500 companies, educational institutions, government agencies and startups.

<span class="mw-page-title-main">Alt-Ergo</span> SMT solver for software verification

Alt-Ergo, an automatic solver for mathematical formulas, is mainly used in formal program verification. It operates on the principle of satisfiability modulo theories (SMT). Development was undertaken by researchers at the Paris-Sud University, Laboratoire de Recherche en Informatique, Inria Saclay Ile-de-France, and CNRS. Since 2013, project management and oversight has been conducted by OCamlPro company. It is released under the free and open-source software CeCILL-C license.

Whiley is an experimental programming language that combines features from the functional and imperative paradigms, and supports formal specification through function preconditions, postconditions and loop invariants. The language uses flow-sensitive typing also known as "flow typing."

References

↑ "Frama-C". frama-c.com. Retrieved 2016-11-05.
↑ CEA LIST. "CEA LIST, Smart digital systems" . Retrieved 2016-11-05.
↑ Pascal Cuoq; et al. (August 2009). "Experience report: OCaml for an industrial-strength static analysis framework". ACM SIGPLAN Notices. 44 (9): 281–286. doi:10.1145/1631687.1596591.
↑ "Why homepage".
↑ Benjamin Monate; Julien Signoles (2008). "Slicing for Security of Code". Trusted Computing - Challenges and Applications. Lecture Notes in Computer Science. Vol. 4968/2008. pp. 133–142. doi:10.1007/978-3-540-68979-9_10. ISBN 978-3-540-68978-2.
↑ Sylvie Boldo; Thi Minh Tuyen Nguyen (2010). "Hardware-independent proofs of numerical programs" (PDF). Proceedings of NFM 2010.
↑ David Delmas; Stéphane Duprat; Victoria Moya Lamiel; Julien Signoles. "Taster, a Frama-C plug-in to enforce Coding Standards" (PDF). Embedded Real Time Software and Systems 2010, Toulouse, France.
↑ Jonathan-Christofer Demay; Éric Totel; Frédéric Tronel (2009). "Automatic Software Instrumentation for the Detection of Non-control-data Attacks". Recent Advances in Intrusion Detection. Lecture Notes in Computer Science. Vol. 5758/2009. pp. 348–349. doi:10.1007/978-3-642-04342-0_19. ISBN 978-3-642-04341-3.
↑ "Lessons Learned from Verifying Actual C Code with Frama-C". YouTube . 11 July 2021.
↑ https://cea.hal.science/cea-04477151/file/2021_cacm.pdf

External links

Official website
Frama-C discussion list Archived 2008-12-30 at the Wayback Machine
Frama-C Bug Tracking System

ML programming

Software

Implementations,
dialects

Caml	OCaml° Eff F*° F#° JoCaml° Reason°
Standard ML	Alice ° Concurrent ML Extended ML MLton° Standard ML of New Jersey° (SML/NJ)
Dependent ML	ATS°

Programming tools

Theorem provers,
proof assistants

GeneWeb°

Community

Designers	Lennart Augustsson (Lazy ML) Damien Doligez (OCaml) Gérard Huet (Caml) Xavier Leroy (Caml, OCaml) Robin Milner (ML) Don Sannella (Extended ML) Don Syme (F#)

Italics= discontinued
° = Open-source software
Book Category:Family:ML Category:Family:OCaml Category:Software:OCaml

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.