Frama-C-discuss mailing list archives

This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] Integer-arithmetics, rational postconditions

> /*@ requires x > 0;
> ? ensures (\result / 2 > x);
> */
> int function1(int x) {
> ?return (2*x + 1);
> }

> What I'd like to do is cast \result and x to rationals and do a rational
> division, so that the ensures-part as above is correct. Is this possible?

ACSL uses promotion rules similar to that of C, but with integer and
real at the far end. And of course rationals are only real numbers
that happen to be the result of some division of integers.

For some reason the syntax ((real)\result) is rejected. The error
message is "cannot cast to logic type" which is true but seems like a
bad excuse. Anyway, if you don't mind a slightly convoluted
expression, the following takes advantage of the implicit promotion
from integer to real to express what you mean:

ensures (\result + 0.0) / 2 >  x;

I think? The Why file contains the corresponding goal:

gt_real(div_real(add_real(real_of_int(integer_of_int32(result)), 0.0),
            2.0),
    real_of_int(integer_of_int32(x))))

Regards,

Pascal