Displaying 1 result from an estimated 1 matches for "valid_read".
Did you mean:
invalid_read
2020 Oct 17
0
[PATCH nbdkit] common/include/tvdiff.h: Add formal specification.
...+ assumes !(INT64_MIN <= a * b <= INT64_MAX);
+ ensures \result == \true;
+ */
+extern bool __builtin_mul_overflow (int64_t a, int64_t b, int64_t *r);
+
+#endif /* FRAMA_C */
+
+/* Return the number of µs (microseconds) *r = *y - *x.
+ * On overflow, returns -1.
+ */
+/*@
+ requires \valid_read (x) && \valid_read (y);
+ requires valid_timeval (*x) && valid_timeval (*y);
+ requires \valid (r);
+ assigns *r;
+ behavior success:
+ assumes INT64_MIN <= tv_to_microseconds (*y) - tv_to_microseconds (*x)
+ <= INT64_MAX;
+ ensures \result == 0;...