Frama-C-discuss mailing list archives

This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.

---

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] [Value Analysis] Interval Division

---

• Subject: [Frama-c-discuss] [Value Analysis] Interval Division
• From: rovedy at ig.com.br (Rovedy Aparecida Busquim e Silva)
• Date: Tue, 21 May 2013 15:47:16 -0300
• In-reply-to: <CA+yPOVhExQPmUeODRFLqaNRSB6_880X3DXBhLMGPxNr11GLMEw@mail.gmail.com>
• References: <CAEtoXR0w=gbNW5eYiEfEyXNmFPSq1vP_jDf_sDYYuix8pSQgDA@mail.gmail.com> <7fip2k8lb5.fsf@cea.fr> <CAEtoXR14QF+GRDPk-bgC4njNw-3NSjKkJaOxo7fPYEGtwyJ_Rg@mail.gmail.com> <CA+yPOVhExQPmUeODRFLqaNRSB6_880X3DXBhLMGPxNr11GLMEw@mail.gmail.com>

---

We would like to thank you for your answer.

Sorry, we forgot to include the value of the BETA_SAT that is a #DEFINE,
i.e., it is a constant value.
Then, we think that it does not make sense to split BETA_SAT, does it?

We have tested some examples splitting the numerator (AB and CD) and
denominator (max) in smaller ranges.
It was verified that the results were more precise. However, the problem is
that the variables AB, CD and max are calculated at each iteration of the
program, i. e., are not constant intervals. Is that possible to include a
kind of "dynamic assertion" in the program, since that the intervals are
unknown before the execution?

Now, we are sending the complete program. In order to test the program, we
have simplified the code and assigned a constant interval to the variables
AB and CD.,

Best regards,
Nanci, Rovedy, Luciana


//-------------------------------------------------------------------------------

#define BETA_SAT     2.0

void Limit (float * AB, float * CD)
{
 double max,Fabs_AB, Fabs_CD;

   Fabs_AB = fabs2 (*AB);
   Fabs_CD = fabs2 (*CD);

   max = Fabs_AB;
   if (Fabs_CD > Fabs_AB)
      max = Fabs_CD;

   if (max > BETA_SAT)
   {
      *AB = (float) (((*AB) * BETA_SAT) / max);
      *CD = (float) (((*CD) * BETA_SAT) / max);
   }

    Frama_C_dump_each();
}

//-------------------------------------------------------------------------
double fabs2(double x){
  if (x==0.0)   return 0.0;
  if (x>0.0)    return x;
  return -x;
}

//-------------------------------------------------------------------------
void main ()
{
  float test1, test2;

   test1= Frama_C_float_interval(1.0, 4.0);
   test2= Frama_C_float_interval(1.0, 8.0);

   Limit (&test1, &test2);
}



2013/5/17 Virgile Prevosto <virgile.prevosto at m4x.org>

> Hello,
>
> 2013/5/16 Rovedy Aparecida Busquim e Silva <rovedy at ig.com.br>:
> > We would like to ask you a suggestion about an algorithm in our case
> study.
> > Our case study is complex and it is composed of several functions.
> > Almost all of them were correctly verified by Frama-c Value Analysis
> plugin
> > and gave the expected results, except one.
> >
> > To exemplify the situation, we simplified the program to send to you.
> > We calculate some variables (test1 and test2) that must be between a
> range
> > (-BETA_SAT and BETA_SAT).
> > The function Limit() checks the bounds and verify which variable has the
> > larger absolute value (test2 in our example),
> > this variable receives the limit value (BETA_SAT) with the correct
> signal.
> > The other variable (test1 in our example) receives the proportional
> > correction.
> >
>
> BETA_SAT is not defined in your code. I guess that it is also an
> interval? If this is the case and you have
> BETA_SAT=Frama_C_interval(0.,15.) for instance, you indeed have an
> issue, because of the lack of relation between max and BETA_SAT.
> Somehow, you have to force value to recognize the fact that when
> BETA_SAT's magnitude is very small, then so is max, so that the
> division is safe. This can be done by splitting the interval for
> BETA_SAT, using a disjunction of the form /*@ assert 0<= BETA_SAT <
> 0x1p-1074 || 0x1p-1074 <= BETA_SAT < 0x1p-1073 || ... || 0.5 <=
> BETA_SAT <1. || 1<= BETA_SAT; */ and an appropriate slevel. Of course,
> said disjunction would be generated by a script rather than written by
> hand. The number of subdivisions may probably be adapted depending on
> precision needs and  run time of the analysis.
>
> Best regards,
> --
> E tutto per oggi, a la prossima volta
> Virgile
>
> _______________________________________________
> Frama-c-discuss mailing list
> Frama-c-discuss at lists.gforge.inria.fr
> http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/frama-c-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gforge.inria.fr/pipermail/frama-c-discuss/attachments/20130521/a2e3837a/attachment.html>

---

• Follow-Ups:
  • [Frama-c-discuss] [Value Analysis] Interval Division
    • From: bagnara at cs.unipr.it (Roberto Bagnara)

• References:
  • [Frama-c-discuss] [Value Analysis] Interval Division
    • From: rovedy at ig.com.br (Rovedy Aparecida Busquim e Silva)
  • [Frama-c-discuss] [Value Analysis] Interval Division
    • From: matthieu.lemerre at cea.fr (Matthieu Lemerre)
  • [Frama-c-discuss] [Value Analysis] Interval Division
    • From: rovedy at ig.com.br (Rovedy Aparecida Busquim e Silva)
  • [Frama-c-discuss] [Value Analysis] Interval Division
    • From: virgile.prevosto at m4x.org (Virgile Prevosto)

• Prev by Date: [Frama-c-discuss] Frama-C api problem
• Next by Date: [Frama-c-discuss] [Value Analysis] Interval Division
• Previous by thread: [Frama-c-discuss] [Value Analysis] Interval Division
• Next by thread: [Frama-c-discuss] [Value Analysis] Interval Division
• Index(es):
  • Date
  • Thread