Frama-C-discuss mailing list archives

This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] Assigns broken for arrays?

Hi,

I'm pretty sure I already said that, so it would be in the FAQ... if 
there was one.

an incompleteness bug in the jessie tool makes impossible to prove 
"assigns" clause for functions containing loops.
in principle, this should be proved even without adding a "loop assigns" 
on those loops: the "assigns" clause should be implicitly copied to 
inner loops.

Hopefully this will work in next release (I mean both explicit loop 
assigns clauses, and implicit copy of the main assigns to loops)

sorry for the inconvenience, and please for the moment please ignore the 
proof failures on assigns clauses.

- Claude

Virgile Prevosto wrote:
> Hello Boris,
>
> Le jeu 02 avr 2009 09:47:17 CEST,
> "Hollas Boris (CR/AEY1)" <Boris.Hollas at de.bosch.com> a ?crit :
>
>   
>> Hello Virgile,
>>
>> Now I've added a loop assigns clause but I'm still unable to verify the code. Jessie can't prove the assigns postcondition - neither with Alt-Ergo, nor with Simplify or Z3.
>>
>>     
>
> Although loop assigns is accepted by the ACSL parser, it is not
> supported by the jessie plugin yet (you should have a warning about
> that on stderr), so that it doesn't help to prove the assigns.
> When loop assigns will be supported by the jessie plugin (maybe in the
> Next Version, but don't take that as a formal statement), the current
> version of your specification should be proved without much trouble.
>
> Sorry if this situation wasn't clear from my previous e-mail.
>
> Best regards,
>