Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] Checking for side-effects
- Subject: [Frama-c-discuss] Checking for side-effects
- From: dganesan at fc-md.umd.edu (Dharmalingam Ganesan)
- Date: Thu, 6 Feb 2014 14:49:57 -0500
- In-reply-to: <B517F47C2F6D914AA8121201F9EBEE6701C7660449B5@Mail1.FCMD.local>
- References: <B517F47C2F6D914AA8121201F9EBEE6701C7660449B5@Mail1.FCMD.local>
Hi, Is there a way to specify "negative" behaviors, for example, no variable should be updated except the given variable. For example, for this little code, WP is able to prove all behaviours. That's great. But, I do not want any change in the state of the system except the "global" value. In this code, the dummy variable's state can also change, which is an undesirable side-effect (let's assume for this example). For large and complex code, it appears specifying what is not allowed would also help to make sure implementation <=> specification. I looked into -deps option to Frama-c, it appears to list the dependencies for each variable, which is helpful, but it does not quite check for undesired state changes. Any comments? Dharma int global = 0; int dummy = 0; /*@ requires global == dummy; behavior GLOBAL_BELOW_5: assumes global < 5; ensures global == \old(global) + 1; behavior GLOBAL_ABOVE_5: assumes global > 5; ensures global == \old(global) - 1; behavior GLOBAL_EQUAL_5: assumes global == 5; assigns \nothing; complete behaviors; disjoint behaviors; */ void update() { if(global < 5) { global++; dummy++; } if(global > 5) { global--; dummy--; } } _______________________________________________ Frama-c-discuss mailing list Frama-c-discuss at lists.gforge.inria.fr http://cp.mcafee.com/d/5fHCN8e4wUSyOqekhObBPhOOrKrjKYyYMM-yCrjKYyYMM-UOrjKYyYMM-yMrjKYCVtxdVcSwhS7QS0atInlgVJl3LgrdKSbGEsSGxTEdCO3HDIKFLZvAQTC4nKLsKyqembYOqehNEVKVORQr8EGTKzOEuvkzaT0QSyrhdTV5xdVYsyMCqejtPo0c-l9QUyW01_Fgzbutzw25O4Eo9GX33VkDa3JstzGKBX5Q9kITixJSeGWnIngBiPta5O5mUm-wafBite8Kw0vWk8OTDoCTQQS3pFr5UWHFuNt2lbdQEqnjh094_IlB0yq87qNd4598unZRTXjEropdSR3J3LQO
- References:
- [Frama-c-discuss] Checking for side-effects
- From: dganesan at fc-md.umd.edu (Dharmalingam Ganesan)
- [Frama-c-discuss] Checking for side-effects
- Prev by Date: [Frama-c-discuss] Checking for side-effects
- Next by Date: [Frama-c-discuss] Checking for side-effects
- Previous by thread: [Frama-c-discuss] Checking for side-effects
- Next by thread: [Frama-c-discuss] Checking for side-effects
- Index(es):