Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] Specification Examples
- Subject: [Frama-c-discuss] Specification Examples
- From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
- Date: Mon Oct 13 14:49:10 2008
- In-reply-to: <48F33637.5080109@inria.fr>
- References: <4FA912B7D4D8468FBACF5B5DDE198385@AHARDPLACE><48EE12A8.8020908@inria.fr><14791e30810090725i702ded18gf548d53abb9beeee@mail.gmail.com><C88F4E451E884829944B1A79F874868C@AHARDPLACE><20081010124942.4f8a52db@is005115><1B3FA18004D74D5787DB01AD1EB95900@AHARDPLACE><14791e30810100413p41eb2e81i89e9f8da63b3040d@mail.gmail.com><C5F22AF6BA75453CA2EDEADB270E33F3@AHARDPLACE> <14791e30810100505i22345288s5a519d7eab160828@mail.gmail.com><8F56F47622DB4469B4EBD734D7C08712@AHARDPLACE> <48F33637.5080109@inria.fr>
Thanks for the advice with the integer.
But if I am using the Pre Label I don't meet the ensures requirements, or at 
least I don't get a green bullet.
Currently I'm stuck with an other Problem. Within some annotated string.h 
examples I found a dereferenced \result.
/*@
 requires last > first;
 requires \valid_range(first, 0, last-first-1);
 ensures *\result == value;
*/
int* find_int_array (int* first, int* last, int value );
Attempts to apply it to my example will result in the following error.
Fatal error: exception Assert_failure("src/jessie/interp.ml", 336, 14)
do I get it due to my Hydrogen version ?
Christoph
----- Original Message ----- 
From: "Claude March?" <Claude.Marche@inria.fr>
To: "Christoph Weber" <Christoph.Weber@first.fraunhofer.de>
Cc: <frama-c-discuss@lists.gforge.inria.fr>
Sent: Monday, October 13, 2008 1:51 PM
Subject: Re: [Frama-c-discuss] Specification Examples
>
>
> Christoph Weber wrote:
>> Hi and a thank you for the help,
>>
>> but I like to continue questioning where I stopped.
>>
>> You remember the array_cpy:
>> /*@
>>  requires 0 < n;
>>  requires \valid_range(a, 0, n-1) && \valid_range(b, 0, n-1)&& 
>> disjoint_arrays(a, b, n);
>>  ensures  \forall int k; 0 <= k < n ==> a[k] == b[k];
>> */
>> void array_cpy(int* a, int n, int* b)
>> {
>>     /*@
>>      loop invariant 0 <= i <= n && \forall int m; 0 <= m < i  ==> a[m] == 
>> b[m];
>>     */
>>     for (int i = 0;i < n;i++)
>>     {
>>         a[i] = b[i];
>>     }
>> }
>>
>> This works fine with the Hydrogen-version on Win 32 and the Z3 prover. On 
>> the Helium edition on OSX it terminates successfully with CVC3 (Z3 not 
>> aviable). Now I'd like to know:
>> - what has to be done or added to let ergo v0.8 or simplify verify it as 
>> well.
>
> You have to improve ergo and simplify :-)
>
> One advice is to use "integer" instead of ints in your annotations:
>
> ensures  \forall integer k; 0 <= k < n ==> a[k] == b[k];
>
> and so on.
>
>> - array_cpy is only partial specified on my opinion the ensures clause 
>> has to be altered to
>>     ensures  \forall int k; 0 <= k < n ==> a[k] == \old(b[k]);
>> using this I receive an error due to preservation of loop invariant. I 
>> think  the comparison in the loop invariant has to be altered to a[m] == 
>> \at(b[m],Old);
>> but FramaC will return
>>     File array_test.c, line 28, characters 80-93:
>>     Error during analysis of annotation: logic label `Old' not found
>>     array_test.c:29: Warning: ignoring logic loop annotation
>> I tried a bit but I where unable to cheat my way around.
>
> Old does not mean anything in loop invariants. You have to use Pre:
> a[m] == \at(b[m],Pre)
>
>
>
>
>
> _______________________________________________
> Frama-c-discuss mailing list
> Frama-c-discuss@lists.gforge.inria.fr
> http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/frama-c-discuss
> 
 - Follow-Ups: - [Frama-c-discuss] Specification Examples - From: yannick.moy at gmail.com (Yannick Moy)
 
 
- [Frama-c-discuss] Specification Examples 
- References: - [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: Claude.Marche at inria.fr (Claude Marché)
 
- [Frama-c-discuss] Specification Examples - From: yannick.moy at gmail.com (Yannick Moy)
 
- [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: virgile.prevosto at cea.fr (Virgile Prevosto)
 
- [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: yannick.moy at gmail.com (Yannick Moy)
 
- [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: yannick.moy at gmail.com (Yannick Moy)
 
- [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: Claude.Marche at inria.fr (Claude Marché)
 
 
- [Frama-c-discuss] Specification Examples 
- Prev by Date: [Frama-c-discuss] Specification Examples
- Next by Date: [Frama-c-discuss] Frama-C sans GUI
- Previous by thread: [Frama-c-discuss] Specification Examples
- Next by thread: [Frama-c-discuss] Specification Examples
- Index(es):
