Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CN] specs on declarations have a different syntax from specs on definitions #371

Open
peterohanley opened this issue Jul 9, 2024 · 4 comments
Open

[CN] specs on declarations have a different syntax from specs on definitions #371

peterohanley opened this issue Jul 9, 2024 · 4 comments
Labels
blocking cn language Related to design of the CN language

Comments

@peterohanley
Copy link

In particular accesses does not work but trusted also does not.

int x;

void f(void)
/*@ accesses x; @*/
{

}

void g(void);
/*@ spec g();
    accesses x;
@*/

% cn accesses_spec.c
accesses_spec.c:10:5: error: unexpected token after ';' and before 'accesses'
parsing "cn_fun_spec": seen "CN_SPEC LNAME VARIABLE LPAREN cn_args RPAREN SEMICOLON", expecting "CN_REQUIRES nonempty_list(condition) CN_ENSURES nonempty_list(condition)"
    accesses x;
    ^~~~~~~~

Looking at the grammar in the documentation, it looks like a declaration spec should refer to function_spec rather than hardcode only requires and ensures.
@dc-mak dc-mak added the cn label Jul 11, 2024
@yav yav assigned yav and unassigned yav Aug 2, 2024
@septract septract mentioned this issue Aug 6, 2024
Closed
@septract
Copy link
Collaborator

septract commented Aug 6, 2024

I think the ideal way to resolve this would be to eliminate the distinction between spec and trusted - see #467

@cp526
Copy link
Collaborator

cp526 commented Aug 7, 2024

Agreed, we should fix the CN frontend so the syntax for spec includes all the features that specifications on defined functions support.

As commented on #467, trusted and spec have a different purpose, so we should keep both.

@peterohanley
Copy link
Author

The accesses part of this is now impeding TA2 work, I would appreciate a fix even for just this part.

@dc-mak dc-mak added language Related to design of the CN language blocking labels Nov 4, 2024
@septract
Copy link
Collaborator

Bumping this issue as it's now also blocking work on the TA2 Mission Key Management example.

Here's a distilled example of the problem (derived from policy_add in mission_key_management/policy.c, here). Suppose we have three files: libfile.c, libfile.h, clientfile.c.

libfile.c:

#include "libfile.h"

int foo(int i) 
/*@
accesses myval; 
requires myval == 1i32; 
         i == 1i32; 
ensures  return == 0i32; 
@*/
{
  if (i == myval) return 0; 
  else return 1; 
}

clientfile.c:

#include "libfile.h" 

int bar() 
/*@ 
accesses myval; 
@*/
{ 
  myval = 0; 
  int i = foo(0); 
}

libfile.h

int myval = 0; 

int foo(int i); 
// Should be able to write spec here

We can't verify clientfile.c because foo() doesn't have a specification in scope. But if we try to add a specification to libfile.h, we can't because it would require an accesses annotation.

@cp526 @dc-mak and others in the CN team - this is a blocker on TA2 work for both @peterohanley and myself. Could you look at this and make an assessment about how difficult it would be to fix?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocking cn language Related to design of the CN language
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@yav @septract @peterohanley @cp526 @dc-mak