Frama-C-discuss mailing list archives

This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] Problems with ensures

  • Subject: [Frama-c-discuss] Problems with ensures
  • From: alle.iot at gmail.com (Alessio Iotti)
  • Date: Fri, 1 Nov 2013 16:11:05 +0100
  • In-reply-to: <CABNEXcbFTnx7v2OtrQwcKRrrih5SmOD+wp8B0j7DAZGCJgHRtQ@mail.gmail.com>
  • References: <CABNEXcbFTnx7v2OtrQwcKRrrih5SmOD+wp8B0j7DAZGCJgHRtQ@mail.gmail.com>
Excuse me, but I'm not sure I understand. When you say:


> I suspect that you wanted to write
> IsGCD(a,b,z) ==> IsGCD(\at(a,Pre),\at(b,Pre),z).
> However, I'm not completely sure that existing ATP will have much luck
> in proving IsGCD(a-b,b,z) ==> IsGCD(a,b,z).
>

What you means is that, even if the correct loop invariant is:
  IsGCD(a,b,z) ==> IsGCD(\at(a,Pre),\at(b,Pre),z)
the theorem prover is not able to prove it?
If this is the case, there is something I can change in the IsGCD
predicate, apart
from the positivity conditions, to help the ATP in his proof or is it
better to change
the invariant?
Thank you in advance for your reply.
I have attached the modified file.
Kind regards,

   Alessio Iotti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gforge.inria.fr/pipermail/frama-c-discuss/attachments/20131101/d4f2b328/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gcd.c
Type: text/x-csrc
Size: 650 bytes
Desc: not available
URL: <http://lists.gforge.inria.fr/pipermail/frama-c-discuss/attachments/20131101/d4f2b328/attachment.c>