src/file_dovecot.c: more frama-c annotations

1 files changed, 4 insertions, 0 deletions

diff --git a/src/file_dovecot.c b/src/file_dovecot.c
index 70011b66..273d7bcd 100644
--- a/src/file_dovecot.c
+++ b/src/file_dovecot.c
@@ -46,6 +46,7 @@ const file_hint_t file_hint_dovecot= {
 /*@
   @ requires file_recovery->data_check==&data_check_dovecot2;
   @ requires valid_data_check_param(buffer, buffer_size, file_recovery);
+  @ terminates \true;
   @ ensures  valid_data_check_result(\result, file_recovery);
   @ ensures \result == DC_CONTINUE || \result == DC_ERROR;
   @ assigns file_recovery->data_check;
@@ -70,6 +71,7 @@ static data_check_t data_check_dovecot2(const unsigned char *buffer, const unsig
 /*@
   @ requires file_recovery->data_check==&data_check_dovecot;
   @ requires valid_data_check_param(buffer, buffer_size, file_recovery);
+  @ terminates \true;
   @ ensures  valid_data_check_result(\result, file_recovery);
   @ ensures \result == DC_CONTINUE || \result == DC_ERROR;
   @ assigns file_recovery->calculated_file_size, file_recovery->data_check;
@@ -79,6 +81,7 @@ static data_check_t data_check_dovecot(const unsigned char *buffer, const unsign
   unsigned int i;
   /*@
     @ loop assigns i;
+    @ loop variant buffer_size - i;
     @*/
   for(i=buffer_size/2;
       i<buffer_size && file_recovery->calculated_file_size+i <= 0x14000;
@@ -99,6 +102,7 @@ static data_check_t data_check_dovecot(const unsigned char *buffer, const unsign
 
 /*@
   @ requires valid_header_check_param(buffer, buffer_size, safe_header_only, file_recovery, file_recovery_new);
+  @ terminates \true;
   @ ensures  valid_header_check_result(\result, file_recovery_new);
   @*/
 static int header_check_dovecot(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)