Frama-C-discuss mailing list archives

This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] Problems with Nitrogen/Fluorine

Subject: [Frama-c-discuss] Problems with Nitrogen/Fluorine
From: guillaume.melquiond at inria.fr (Guillaume Melquiond)
Date: Thu, 17 Oct 2013 10:50:52 +0200
In-reply-to: <CABNEXcZYcax2Be8+QxEkwVe2yfHZPxdWPYyBJ-QSodJNdpVccg@mail.gmail.com>
References: <CABNEXcZYcax2Be8+QxEkwVe2yfHZPxdWPYyBJ-QSodJNdpVccg@mail.gmail.com>

On 17/10/2013 10:13, Alessio Iotti wrote:
> Dear All, i am moving the first steps with Frama-C, following the
> excellent tutorial "ACSL By Example".
> I have encountered a problem trying to replicate the count algorithm
> experiment. The attached file,
> taken literally from "ACSL By Example", illustrates the problem in
> comments beginning with "/***".

That is somehow fortunate that Fluorine fails at proving it, and that is 
kind of scary that Nitrogen (even partly) succeeded, because what you 
are trying to prove is plain wrong!

Axiom count2 should have been written

\forall int *a, v, integer i ;
   (a[i] != v ==> Count(a, v, i, i+1) == 0) &&
   (a[i] == v ==> Count(a, v, i, i+1) == 1);

Once changed, all the proof obligations are verified.

Best regards,

Guillaume

Follow-Ups:
- [Frama-c-discuss] Problems with Nitrogen/Fluorine
  - From: alle.iot at gmail.com (Alessio Iotti)

References:
- [Frama-c-discuss] Problems with Nitrogen/Fluorine
  - From: alle.iot at gmail.com (Alessio Iotti)

Prev by Date: [Frama-c-discuss] Problems with Nitrogen/Fluorine
Next by Date: [Frama-c-discuss] examples
Previous by thread: [Frama-c-discuss] Problems with Nitrogen/Fluorine
Next by thread: [Frama-c-discuss] Problems with Nitrogen/Fluorine
Index(es):
- Date
- Thread