Frama-C-discuss mailing list archives

This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] WP + assign clause

  • Subject: [Frama-c-discuss] WP + assign clause
  • From: arnaud.dieumegard at enseeiht.fr (Arnaud Dieumegard)
  • Date: Mon, 2 May 2011 18:24:24 +0200
  • In-reply-to: <BANLkTikng4_KNMhMNadM=S5i+krAO0Dj+A@mail.gmail.com>
  • References: <BANLkTikng4_KNMhMNadM=S5i+krAO0Dj+A@mail.gmail.com>
Hi everyone,

I'm working on some simple examples but I can't prove the following:

double v1[2];
double v2[2];

int index;

/*@	requires \valid_range(v1, 0, 1) && \valid_range(v2, 0, 1);
	assigns v1[0..1];
 	ensures \forall integer n; 0 <= n < 2 ==> 
 		v1[n] == v2[n];
*/
void fun(void){

	//Link invariant from output to Inv
	/*@	loop invariant 0 <= index <= 2;	
		loop assigns v1[0..index-1];
 		loop invariant \forall integer n; 0 <= n < index ==> 
			v1[n] == v2[n];
		loop variant 2-index;
	*/
	for(index=0; index <2; ++index){
		v1[index] = v2[index];
	}
}

Here is the result of the analysis:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-1.tiff
Type: image/tiff
Size: 83208 bytes
Desc: not available
URL: <http://lists.gforge.inria.fr/pipermail/frama-c-discuss/attachments/20110502/b25b706d/attachment-0001.tiff>
-------------- next part --------------


Does anyone knows why the assign clause is not good ?
Everything works fine without the assign clauses.

Arnaud