Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] predicate problem in Carbon
- Subject: [Frama-c-discuss] predicate problem in Carbon
- From: marsishandsome at gmail.com (mars Gu)
- Date: Fri, 18 Feb 2011 11:29:04 +0100
Hello,
i have a problem about the predicate in Carbon.
I run the following program with the command: frama-c-gui -wp -wp-rte
-wp-proof alt-ergo -wp-no-arrays example.c
The assertion in Line 27 can be proved, but the loop invariant in Line 19,
which is the same as the assertion in Line 27, cannot be proved.
Regards,
Liangliang Gu
typedef int size_type;
/*@
predicate
PreExample{L}(int* a, int i) =
\forall integer k; 0 <= k < i ==> a[k] == 1024;
*/
/*@
requires n >= 0;
requires \valid_range(a, 0, n-1);
assigns a[0..n-1];
ensures \forall integer i; 0 <= i < n ==> a[i] == 1024;
*/
void example(int* a, int n)
{
size_type i = 0;
/*@
loop invariant 0 <= i <= n;
loop invariant \forall integer k; 0 <= k < i ==> a[k] == 1024;
loop invariant PreExample(a, i);
loop assigns a[0..i-1], i;
loop variant n-i;
*/
while (i < n) {
a[i] = 1024;
i++;
//@ assert PreExample{Here}(a, i);
}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gforge.inria.fr/pipermail/frama-c-discuss/attachments/20110218/6bb12ab1/attachment.htm>
- Prev by Date: [Frama-c-discuss] Problem with predicate and location labels
- Next by Date: [Frama-c-discuss] Type of ghost variables
- Previous by thread: [Frama-c-discuss] Inout analysis question
- Next by thread: [Frama-c-discuss] Type of ghost variables
- Index(es):