Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] Specification Examples
- Subject: [Frama-c-discuss] Specification Examples
- From: jens.gerlach at first.fraunhofer.de (Jens Gerlach)
- Date: Tue Oct 14 11:28:05 2008
- In-reply-to: <14791e30810140214r29c903b5w3287a3c33afde56f@mail.gmail.com>
- References: <4FA912B7D4D8468FBACF5B5DDE198385@AHARDPLACE> <C88F4E451E884829944B1A79F874868C@AHARDPLACE> <20081010124942.4f8a52db@is005115> <1B3FA18004D74D5787DB01AD1EB95900@AHARDPLACE> <14791e30810100413p41eb2e81i89e9f8da63b3040d@mail.gmail.com> <C5F22AF6BA75453CA2EDEADB270E33F3@AHARDPLACE> <14791e30810100505i22345288s5a519d7eab160828@mail.gmail.com> <8F56F47622DB4469B4EBD734D7C08712@AHARDPLACE> <48F33637.5080109@inria.fr> <756435F7D0F44C23B2C7F91E053F77B9@AHARDPLACE> <14791e30810140214r29c903b5w3287a3c33afde56f@mail.gmail.com>
Hello Yannik,
I do not quite understand your remarks automatic division of the heap.
>
> as I told you, the normal way of treating separation in Jessie is to  
> divide heap into regions automatically, which will become the  
> default in the next release. With only one region for memory, your  
> example is proved with any of Z3, Alt-Ergo and Simplify (not Yices  
> though).
Does this mean that in a future release of Frama-C it is assumed that  
the two pointers a and b
in a declaration like
	void array_cpy(int* a, int n, int* b)
point to disjoint memory regions?
I'd rather prefer the explicit declaration with the disjoint_arrays  
predicate provided by you.
Best regards
Jens Gerlach
Fraunhofer FIRST
>
>
> To prove instead that the value of [a] after copying is the same as  
> the value of [b] before, you need to strengthen the loop invariant  
> like follows, to assess that all of [b] does not change during the  
> loop.
>
> /*@ requires 0 < n;
>   @ requires \valid_range(a, 0, n-1) && \valid_range(b, 0, n-1);
>   @ requires disjoint_arrays(a, b, n);
>   @ ensures  \forall int k; 0 <= k < n ==> a[k] == \at(b[k],Pre);
>   @*/
> void array_cpy(int* a, int n, int* b)
> {
>    /*@ loop invariant 0 <= i <= n;
>      @ loop invariant \forall int m; 0 <= m < n  ==> b[m] ==  
> \at(b[m],Pre);
>      @ loop invariant \forall int m; 0 <= m < i  ==> a[m] == b[m];
>      @*/
>    for (int i = 0; i < n; i++)
>      a[i] = b[i];
> }
>
> With these annotations, Z3, ALt-Ergo and Simplify still prove your  
> function (not Yices).
>
>
> Currently I'm stuck with an other Problem. Within some annotated  
> string.h examples I found a dereferenced \result.
>
> Attempts to apply it to my example will result in the following error.
>
> Fatal error: exception Assert_failure("src/jessie/interp.ml", 336, 14)
>
> do I get it due to my Hydrogen version ?
>
> Most probably, yes. There was such a problem with derefencing  
> \result and it was solved. The best way to track this kind of  
> problem is to fill in a bug report on the Frama-C public BTS, so  
> that you get a precise answer when the bug gets fixed.
>
> HTH.
>
> -- 
> Yannick
> _______________________________________________
> Frama-c-discuss mailing list
> Frama-c-discuss@lists.gforge.inria.fr
> http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/frama-c-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.gforge.inria.fr/pipermail/frama-c-discuss/attachments/20081014/21f1d34a/attachment.html
 - Follow-Ups: - [Frama-c-discuss] Specification Examples - From: yannick.moy at gmail.com (Yannick Moy)
 
 
- [Frama-c-discuss] Specification Examples 
- References: - [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: virgile.prevosto at cea.fr (Virgile Prevosto)
 
- [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: yannick.moy at gmail.com (Yannick Moy)
 
- [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: yannick.moy at gmail.com (Yannick Moy)
 
- [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: Claude.Marche at inria.fr (Claude Marché)
 
- [Frama-c-discuss] Specification Examples - From: Christoph.Weber at first.fraunhofer.de (Christoph Weber)
 
- [Frama-c-discuss] Specification Examples - From: yannick.moy at gmail.com (Yannick Moy)
 
 
- [Frama-c-discuss] Specification Examples 
- Prev by Date: [Frama-c-discuss] Specification Examples
- Next by Date: [Frama-c-discuss] Specification Examples
- Previous by thread: [Frama-c-discuss] Specification Examples
- Next by thread: [Frama-c-discuss] Specification Examples
- Index(es):
