Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] Specification Examples
- Subject: [Frama-c-discuss] Specification Examples
- From: Claude.Marche at inria.fr (Claude Marché)
- Date: Mon Oct 13 13:51:12 2008
- In-reply-to: <8F56F47622DB4469B4EBD734D7C08712@AHARDPLACE>
- References: <4FA912B7D4D8468FBACF5B5DDE198385@AHARDPLACE><48EE12A8.8020908@inria.fr><14791e30810090725i702ded18gf548d53abb9beeee@mail.gmail.com><C88F4E451E884829944B1A79F874868C@AHARDPLACE><20081010124942.4f8a52db@is005115><1B3FA18004D74D5787DB01AD1EB95900@AHARDPLACE><14791e30810100413p41eb2e81i89e9f8da63b3040d@mail.gmail.com><C5F22AF6BA75453CA2EDEADB270E33F3@AHARDPLACE> <14791e30810100505i22345288s5a519d7eab160828@mail.gmail.com> <8F56F47622DB4469B4EBD734D7C08712@AHARDPLACE>
Christoph Weber wrote:
> Hi and a thank you for the help,
> 
> but I like to continue questioning where I stopped.
> 
> You remember the array_cpy:
> /*@
>  requires 0 < n;
>  requires \valid_range(a, 0, n-1) && \valid_range(b, 0, n-1)&& disjoint_arrays(a, b, n);
>  ensures  \forall int k; 0 <= k < n ==> a[k] == b[k];
> */
> void array_cpy(int* a, int n, int* b)
> {
>     /*@
>      loop invariant 0 <= i <= n && \forall int m; 0 <= m < i  ==> a[m] == b[m];
>     */
>     for (int i = 0;i < n;i++)
>     {
>         a[i] = b[i];
>     }
> }
> 
> This works fine with the Hydrogen-version on Win 32 and the Z3 prover. On the Helium edition on OSX it terminates successfully with CVC3 (Z3 not aviable). Now I'd like to know:
> - what has to be done or added to let ergo v0.8 or simplify verify it as well.
You have to improve ergo and simplify :-)
One advice is to use "integer" instead of ints in your annotations:
ensures  \forall integer k; 0 <= k < n ==> a[k] == b[k];
and so on.
> - array_cpy is only partial specified on my opinion the ensures clause has to be altered to
>     ensures  \forall int k; 0 <= k < n ==> a[k] == \old(b[k]);
> using this I receive an error due to preservation of loop invariant. I think  the comparison in the loop invariant has to be altered to 
>      a[m] == \at(b[m],Old);
> but FramaC will return
>     File array_test.c, line 28, characters 80-93:
>     Error during analysis of annotation: logic label `Old' not found
>     array_test.c:29: Warning: ignoring logic loop annotation
> I tried a bit but I where unable to cheat my way around.
Old does not mean anything in loop invariants. You have to use Pre:
a[m] == \at(b[m],Pre)
 - Follow-Ups: - [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
 
- [Frama-c-discuss] Specification Examples 
- References: - [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: Claude.Marche at inria.fr (Claude Marché)
 
- [Frama-c-discuss] Specification Examples - From: yannick.moy at gmail.com (Yannick Moy)
 
- [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: virgile.prevosto at cea.fr (Virgile Prevosto)
 
- [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: yannick.moy at gmail.com (Yannick Moy)
 
- [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: yannick.moy at gmail.com (Yannick Moy)
 
- [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
 
- [Frama-c-discuss] Specification Examples 
- Prev by Date: [Frama-c-discuss] Specification Examples
- Next by Date: [Frama-c-discuss] Specification Examples
- Previous by thread: [Frama-c-discuss] Specification Examples
- Next by thread: [Frama-c-discuss] Specification Examples
- Index(es):
