Frama-C-discuss mailing list archives

This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] introducing hypothesis with ACSL on sets of array elements witk Frama-C/Value

Hello Boris,

Thank you for these precisions that are very relevant for me.
Before your message, writing '0 <= tab2[2..3] <= 10' was not so disturbing for me. And I was not aware of the beginning of evaluating quantifiers in Frama-C/Value,



-----Message d'origine-----
De : frama-c-discuss-bounces at [mailto:frama-c-discuss-bounces at] De la part de Boris Yakobowski
Envoy? : jeudi 18 juillet 2013 00:03
? : Frama-C public discussion
Objet : Re: [Frama-c-discuss] introducing hypothesis with ACSL on sets of array elements witk Frama-C/Value

Hi St?phane,

On Wed, Jul 17, 2013 at 10:14 PM, DUPRAT Stephane <stephane.duprat at> wrote:
> It still remains the solution of introducing these hypothesis by a C function calling f1 and performing some initialization in the context. But it is not an ACSL solution.

Sure !  But Matthieu was aiming at an ACSL-only solution.

The amount of development needed in Value to reduce by preconditions/assertions of the form 'tab2[2..3]==23' is non-trivial, but also not completely unreasonable. (Say, of similar complexity to previous medium-sized developments that were done to improve the evaluation of the logic in Value.)

Notice however that 'tab2[2..3]==23' is in fact translated to '{ tab2[2..3] } == {23}', which really means '{ tab2[2] ; tab2[3] } == {23}'. That is, your equality is actually an equality on sets. Thus you cannot write '0 <= tab2[2..3] <= 10', which is meaningless on sets
-- or at least not lifted point-wise on the elements of the set. In this case, you should use universal quantification, for which a very preliminary form of evaluation has appeared in the development version of Value. Unfortunately, no reduction is currently performed either, only evaluation. Reducing by \forall-quantified predicates would be more interesting and more general than reducing by sets equality, and we could in fact easily translate the latter into the former.
Unfortunately, it is highly non-trivial if we want to handle predicates more generic than a few hard-coded common cases...


Frama-c-discuss mailing list
Frama-c-discuss at

Ce message et les pi?ces jointes sont confidentiels et r?serv?s ? l'usage exclusif de ses destinataires. Il peut ?galement ?tre prot?g? par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir imm?diatement l'exp?diteur et de le d?truire. L'int?grit? du message ne pouvant ?tre assur?e sur Internet, la responsabilit? du groupe Atos ne pourra ?tre engag?e quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'exp?diteur ne donne aucune garantie ? cet ?gard et sa responsabilit? ne saurait ?tre engag?e pour tout dommage r?sultant d'un virus transmis.

This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.