Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] Assigns clause
- Subject: [Frama-c-discuss] Assigns clause
- From: Dillon.Pariente at dassault-aviation.com (Pariente Dillon)
- Date: Wed, 25 Sep 2013 14:07:13 +0000
- In-reply-to: <CAEtoXR3bPivOkwEpC802EW7NFNu70PG2VPmJ3MTwfhnbJWB8zA@mail.gmail.com>
- References: <CAEtoXR1s3CaUoBjWjQkxjcz8PT4kLO7MOpKFpUEsf=13Zchh2g@mail.gmail.com> <1A32855E5FA08141A8C56E7CF24D442C0EFFF184@SCTEX101.st-cloud.dassault-avion.fr> <CAEtoXR3bPivOkwEpC802EW7NFNu70PG2VPmJ3MTwfhnbJWB8zA@mail.gmail.com>
It works perfectly with WP plugin: the fun spec is discharged thanks to Alt-Ergo . But I have not tried with Jessie. D. De : frama-c-discuss-bounces at lists.gforge.inria.fr [mailto:frama-c-discuss-bounces at lists.gforge.inria.fr] De la part de Rovedy Aparecida Busquim e Silva Envoy? : mercredi 25 septembre 2013 15:58 ? : Frama-C public discussion Cc : Nanci; Luciana Akemi Objet : Re: [Frama-c-discuss] Assigns clause Thank you for your reply. We have tried to run the specification suggested, but it did not work, the GWhy GUI did not open. It showed the following message [kernel] user error: syntax error while parsing annotation After some attempts we figured out that the problem seems to be the requires clauses, because without them it runs. We have searched some examples in the Jessie Tutorial (http://krakatoa.lri.fr/jessie.html) with requires clauses inside behaviors, but we have not found. We found an example in the reference manual of ACSL Version 1.4 and we tried to run it, but it did not work too. We are using the Jessie plugin. Why requires clause inside behavior is not working? Is it possible to include requires clauses inside behavior in the Jessie plugin? Best regards, Nanci, Rovedy, Luciana */ // ###################################################### // Example of the reference manual of ACSL Version 1.4 /*@ behavior p_changed: assumes n > 0; requires \valid (p); assigns *p; ensures *p == n; behavior q_changed: assumes n <= 0; requires \valid (q); assigns *q; ensures *q == n; @ */ void f (int n, int *p, int *q) { if (n > 0) *p = n; else *q = n; } 2013/9/25 Pariente Dillon <Dillon.Pariente at dassault-aviation.com<mailto:Dillon.Pariente at dassault-aviation.com>> Hi, You may give a look to the ACSL reference manual, to the notions of behaviors/assumes. The following is an example of what the Interp_Tab_1s spec could look like. /*@ requires \valid (Ptr+(0 .. 1)); requires Itab == 0 || Itab == 1; behavior Itab_false: assumes Itab != 1; requires \forall integer j; 0 <= j < 3 ==> \valid (Ptr[0]+ j); requires \valid (Interp+(0 .. 2)); assigns Interp[0..2]; ensures \forall integer j; 0 <= j < 3 ==> \abs ((Interp[j]) - (*(Ptr[0]+ j))) < BOUND; behavior Itab_true: assumes Itab == 1; requires \forall integer j; 0 <= j < 2 ==> \valid (Ptr[1]+ j); requires \valid (Interp+(0 .. 1)); assigns Interp[0..1]; ensures \forall integer j; 0 <= j < 2 ==> \abs ((Interp[j]) - (*(Ptr[1]+ j))) < BOUND; complete behaviors Itab_false,Itab_true; disjoint behaviors Itab_false,Itab_true; */ HTH, D. De : frama-c-discuss-bounces at lists.gforge.inria.fr<mailto:frama-c-discuss-bounces at lists.gforge.inria.fr> [mailto:frama-c-discuss-bounces at lists.gforge.inria.fr<mailto:frama-c-discuss-bounces at lists.gforge.inria.fr>] De la part de Rovedy Aparecida Busquim e Silva Envoy? : mardi 24 septembre 2013 21:54 ? : Frama-C public discussion Cc : Nanci; Luciana Akemi Objet : [Frama-c-discuss] Assigns clause Hi, We have a doubt related to assigns clause. All VCs of the attached function were proved. We wrote an assigns clause to the Interp array taking in account three elements: assigns Interp[0..2]; However, we would like to write a more precise assigns clause for the Interp array that has two or three elements according to Itab value. In the requires and ensures clauses the Itab value was considered, for example: requires Itab != 1 ==> \valid_range (Interp,0,2); requires Itab == 1 ==> \valid_range (Interp,0,1); How to write the assigns clause for the Interp array taking in account the Itab value? Best regards, Nanci, Rovedy e Luciana _______________________________________________ Frama-c-discuss mailing list Frama-c-discuss at lists.gforge.inria.fr<mailto:Frama-c-discuss at lists.gforge.inria.fr> http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/frama-c-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.gforge.inria.fr/pipermail/frama-c-discuss/attachments/20130925/9adef76e/attachment-0001.html>
- References:
- [Frama-c-discuss] Assigns clause
- From: rovedy at ig.com.br (Rovedy Aparecida Busquim e Silva)
- [Frama-c-discuss] Assigns clause
- From: Dillon.Pariente at dassault-aviation.com (Pariente Dillon)
- [Frama-c-discuss] Assigns clause
- From: rovedy at ig.com.br (Rovedy Aparecida Busquim e Silva)
- [Frama-c-discuss] Assigns clause
- Prev by Date: [Frama-c-discuss] Assigns clause
- Next by Date: [Frama-c-discuss] Assigns clause
- Previous by thread: [Frama-c-discuss] Assigns clause
- Next by thread: [Frama-c-discuss] Assigns clause
- Index(es):