Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] verifying overflow in x++
- Subject: [Frama-c-discuss] verifying overflow in x++
- From: dak at adelard.com (Damien Karkinsky)
- Date: Fri, 26 Apr 2013 16:20:57 +0100
Hello,
I had a simple function with the following contract:
#include<stdint.h>
uint16_t x;
/*@
assigns x;
behavior A:
assumes x < 65535;
ensures x == \old(x) + 1;
behavior B:
assumes x == 65535;
ensures x == 0;
*/
void f();
void f(){
++x;
}
void main(){
f();
}
I cannot verify the post condition for behaviour B. WP states
Goal store_f_B_post_2:
forall x_0:int.
is_uint16(x_0) ->
(x_0 = 65535) ->
(let x_1 = as_uint16(65536) in
(x_1 = 0))
I suppose as_uint16(65536) = 0 is not derived to be the case.
Would any one care to comment? Is that a bug?
Thank you and all the best
Damien
--
------------------------------------------------------------------------
Dr. Damien Karkinsky
Safety-Critical Systems Consultant
Adelard LLP. (www.adelard.com)
Exmouth House, 3-11 Pine Street, London, EC1R 0JH
tel: +44(0)20-7832-5854 mob: +44(0)779-568-1233
------------------------------------------------------------------------
- Follow-Ups:
- [Frama-c-discuss] verifying overflow in x++
- From: loic.correnson at cea.fr (Loïc Correnson)
- [Frama-c-discuss] verifying overflow in x++
- Prev by Date: [Frama-c-discuss] Annotation pre-processing
- Next by Date: [Frama-c-discuss] verifying overflow in x++
- Previous by thread: [Frama-c-discuss] Annotation pre-processing
- Next by thread: [Frama-c-discuss] verifying overflow in x++
- Index(es):