Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] \at in ACSL assertions
- Subject: [Frama-c-discuss] \at in ACSL assertions
- From: guillaume.melquiond at inria.fr (Guillaume Melquiond)
- Date: Mon, 15 Nov 2010 16:51:59 +0100
- In-reply-to: <2038674242.558849.1289835496349.JavaMail.root@zmbs3.inria.fr>
- References: <AANLkTimyk_961c8Xk6_U33TAxabBGSeoaRB+EtM-OiBR@mail.gmail.com> <20101115145125.5bad24be@is010235> <4CE13E87.5030807@adacore.com> <2035721159.552419.1289831625935.JavaMail.root@zmbs3.inria.fr> <1289832872.1984.60.camel@guillaume-laptop> <2038674242.558849.1289835496349.JavaMail.root@zmbs3.inria.fr>
Le lundi 15 novembre 2010 ? 16:38 +0100, Virgile Prevosto a ?crit : > > That said, characterizing a label in an inner loop does not seem that > > obvious to me. Virgile explained it should be the last one encountered, > > but why couldn't it be all the labels at once? In other words, the > > logical property would become an invariant of the loop. > > > > But at the point where \at is written, we don't know that the label is > inside a loop or not: in the 'g' example, there is no loop at all, and > as already said, the fact that it is in an inner block is irrelevant as > soon as you have gotos. In addition, \at(i,b) is a term that can be > part of an arbitrary complicated statement (containing others \at as > subterm). What kind of invariant would you infer from that? The invariant part was just an example for clarifying what I meant by "all the labels at once" in the case of the original "assert \at(i,b)==2" inside a loop. I completely agree that whether the label is in a loop is irrelevant. So I will state my point again and refrain from giving an example. It is not obvious to me that \at(v,l) is the value of variable v the last time the program reached label l. It could also be any value of v any time the program reached l. Best regards, Guillaume
- Follow-Ups:
- [Frama-c-discuss] \at in ACSL assertions
- From: anne.pacalet at inria.fr (Anne Pacalet)
- [Frama-c-discuss] \at in ACSL assertions
- References:
- [Frama-c-discuss] \at in ACSL assertions
- From: pascal.cuoq at gmail.com (Pascal Cuoq)
- [Frama-c-discuss] \at in ACSL assertions
- From: virgile.prevosto at cea.fr (Virgile Prevosto)
- [Frama-c-discuss] \at in ACSL assertions
- From: yannick.moy at adacore.com (Yannick Moy)
- [Frama-c-discuss] \at in ACSL assertions
- From: guillaume.melquiond at inria.fr (Guillaume Melquiond)
- [Frama-c-discuss] \at in ACSL assertions
- Prev by Date: [Frama-c-discuss] \at in ACSL assertions
- Next by Date: [Frama-c-discuss] \at in ACSL assertions
- Previous by thread: [Frama-c-discuss] \at in ACSL assertions
- Next by thread: [Frama-c-discuss] \at in ACSL assertions
- Index(es):