Frama-C-discuss mailing list archives

This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] \at in ACSL assertions

Le lundi 15 novembre 2010 ? 15:33 +0100, Pascal Cuoq a ?crit :
> On Mon, Nov 15, 2010 at 3:07 PM, Yannick Moy <yannick.moy at adacore.com> wrote:
> 
> > Interesting possibility, to designate the last value at some label
> 
> I initially thought this would allow to talk imprecisely about
> execution paths in ACSL, but now that I think about it, I am not sure
> it is limited to imprecise characterizations of execution paths. Viz:
> 
>   for (i=0; i<=5; i++)
>     {
>     a:
>       j=i;
>     b:
>       j=i;
>     }
>   /*@ assert \at( \at( \at( \at( \at( \at(i, b), a), b), a), b), a) == 2; */

Unless I'm mistaken, this is equivalent to

/*@ assert \at(i, b) == 2; */

since all the other \at operators apply to constant values and are
therefore ignored.

That said, characterizing a label in an inner loop does not seem that
obvious to me. Virgile explained it should be the last one encountered,
but why couldn't it be all the labels at once? In other words, the
logical property would become an invariant of the loop.

Best regards,

Guillaume