Frama-C-discuss mailing list archives

This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] [Jessie] Assert clause not proved

  • Subject: [Frama-c-discuss] [Jessie] Assert clause not proved
  • From: guillaume.melquiond at inria.fr (Guillaume Melquiond)
  • Date: Tue, 08 Oct 2013 07:40:35 +0200
  • In-reply-to: <CAEtoXR0kvDu5+NMAqEmCQkpQJRuGcagAZnURjAth_m=wxyQK+g@mail.gmail.com>
  • References: <CAEtoXR0kvDu5+NMAqEmCQkpQJRuGcagAZnURjAth_m=wxyQK+g@mail.gmail.com>
On 04/10/2013 15:50, Rovedy Aparecida Busquim e Silva wrote:

> The attached source code is a simplified version of the program we are
> trying to prove.
> Basically, M and L are struct type variables.
>
> L.M1 is equal to 0.0 and we tried to state this in the requires clause
> with the BOUND define. Is it correct?

I don't see anything wrong with the specification. In fact, if you 
replace field M.x1 by some float variable Mx1, it will go through.

> We want to prove that M.x1 and result variable are equal to 0.0 too,
> but the assert clauses are not proved. What is wrong?

Gappa can prove the arithmetic properties, but it does not support field 
accesses. SMT solvers support them, but they cannot cope with the 
arithmetic. Thus you are stuck, since none of the tools is powerful enough.

Best regards,

Guillaume