Frama-C-discuss mailing list archives

This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] an example involving floats


  • Subject: [Frama-c-discuss] an example involving floats
  • From: david.delmas at airbus.com (David DELMAS)
  • Date: Thu, 05 Mar 2009 19:44:06 +0100

Hello,

here is an apparently simple example :

/*@
assigns \nothing;
ensures E < A ==> \result == B;
*/
float F(float E, float A, float B)
{
    if (E < A) return B;
    else return 0.;
}

The postcondition is proved by Z3, Yices and CVC3, but neither by Alt-
Ergo, nor by Simplify.
(of course it is proved by all if I change the float type to int)

I would appreciate some intuition on the reason why it is so.

Thanks in advance,
David

The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other then the addressee. Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, please notify Airbus immediately and delete this e-mail.
Airbus cannot accept any responsibility for the accuracy or completeness of this e-mail as it has been sent over public networks. If you have any concerns over the content of this message or its Accuracy or Integrity, please contact Airbus immediately.
All outgoing e-mails from Airbus are checked using regularly updated virus scanning software but you should take whatever measures you deem to be appropriate to ensure that this message and any attachments are virus free.