它可能无法扩展到您真正感兴趣的大型程序,但您可以使用Frama-C找到此错误:
$ frama-c -cpp-command "gcc -C -E -I`frama-c -print-share-path`/libc/ -nostdinc" mem.c `frama-c -print-share-path`/libc/fc_runtime.c -val
...
[value] computing for function memcpy <- main.
Called from mem.c:13.
.../libc/string.h:54:[value] Function memcpy: precondition got status invalid.
此消息意味着您正在memcpy()
使用不满足其合同的参数进行调用。在这种情况下,失败的先决条件是列表中的第一个,关于写入目的地的有效性:
/*@ requires \valid(((char*)dest)+(0..n - 1));
@ requires \valid_read(((char*)src)+(0..n - 1));
@ requires \separated(((char *)dest)+(0..n-1),((char *)src)+(0..n-1));
@ assigns ((char*)dest)[0..n - 1] \from ((char*)src)[0..n-1];
@ assigns \result \from dest;
@ ensures memcmp((char*)dest,(char*)src,n) == 0;
@ ensures \result == dest;
@*/
extern void *memcpy(void *restrict dest,
const void *restrict src, size_t n);