Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] Frama-C: Detecting unreachable code?
- Subject: [Frama-c-discuss] Frama-C: Detecting unreachable code?
- From: virgile.prevosto at m4x.org (Virgile Prevosto)
- Date: Sat, 25 Jan 2014 19:00:09 +0100
- In-reply-to: <B517F47C2F6D914AA8121201F9EBEE6701C7660449A9@Mail1.FCMD.local>
- References: <B517F47C2F6D914AA8121201F9EBEE6701C7660449A7@Mail1.FCMD.local> <52E0C26F.2000605@linux-france.org> <20140123082550.GA7256@opentech.at> <CAOH62JhyfqOmKmw5iKjx1CSifK2X6ajxZBxd--h4_nK-3OxmrA@mail.gmail.com> <52E0D85C.3060504@cea.fr> <CAOH62Jj=TOozP8yxRV7-ECSUknpVhe6_eeMwPuQGOJTYJD+5fg@mail.gmail.com> <B517F47C2F6D914AA8121201F9EBEE6701C7660449A8@Mail1.FCMD.local> <0B8A5A42-5BB3-4C9C-99A6-A07AC39A84AB@cea.fr> <B517F47C2F6D914AA8121201F9EBEE6701C7660449A9@Mail1.FCMD.local>
Hello, Le ven. 24 janv. 2014 14:05:14 CET, Dharmalingam Ganesan <dganesan at fc-md.umd.edu> a ?crit : > I'm not sure how unsigned types are handled by Frama-c. Bit confused > why the following code worked for the "neg" behavior, > > I was hoping that the tool will report an invalid comparison between > unsigned int with < 0, or something like that, but the "neg" contract > worked. > typedef unsigned short int uint16; > > /*@ > behavior neg: > assumes i < 0; > ensures \result == -1; ... > */ > int sign(uint16 i) WP indeed will happily prove the behavior valid. In fact, it is meant to prove that if the function is called in a state that satisfies the assumes then the state at the end of execution will be satisfy the ensures. Thus, if the assumes clause is always false, the proof is trivial: ex falso, quod libet... In order to detect such erroneous assumes, you might replace the ensures clause by ensures \false: if WP is still able to prove it, something fishy is going on, either in the spec or in the code. Best regards, -- E tutto per oggi, a la prossima volta. Virgile
- Follow-Ups:
- [Frama-c-discuss] Frama-C: Detecting unreachable code?
- From: dganesan at fc-md.umd.edu (Dharmalingam Ganesan)
- [Frama-c-discuss] Frama-C: Detecting unreachable code?
- From: dganesan at fc-md.umd.edu (Dharmalingam Ganesan)
- [Frama-c-discuss] Frama-C: Detecting unreachable code?
- References:
- [Frama-c-discuss] Frama-C: Detecting unreachable code?
- From: dganesan at fc-md.umd.edu (Dharmalingam Ganesan)
- [Frama-c-discuss] Frama-C: Detecting unreachable code?
- From: dmentre at linux-france.org (David MENTRE)
- [Frama-c-discuss] Frama-C: Detecting unreachable code?
- From: der.herr at hofr.at (Nicholas Mc Guire)
- [Frama-c-discuss] Frama-C: Detecting unreachable code?
- From: pascal.cuoq at gmail.com (Pascal Cuoq)
- [Frama-c-discuss] Frama-C: Detecting unreachable code?
- From: nicky.williams at cea.fr (Nicky Williams)
- [Frama-c-discuss] Frama-C: Detecting unreachable code?
- From: pascal.cuoq at gmail.com (Pascal Cuoq)
- [Frama-c-discuss] Frama-C: Detecting unreachable code?
- From: dganesan at fc-md.umd.edu (Dharmalingam Ganesan)
- [Frama-c-discuss] Frama-C: Detecting unreachable code?
- From: loic.correnson at cea.fr (Loïc Correnson)
- [Frama-c-discuss] Frama-C: Detecting unreachable code?
- From: dganesan at fc-md.umd.edu (Dharmalingam Ganesan)
- [Frama-c-discuss] Frama-C: Detecting unreachable code?
- Prev by Date: [Frama-c-discuss] Frama-C: Detecting unreachable code?
- Next by Date: [Frama-c-discuss] Frama-C: Detecting unreachable code?
- Previous by thread: [Frama-c-discuss] Frama-C: Detecting unreachable code?
- Next by thread: [Frama-c-discuss] Frama-C: Detecting unreachable code?
- Index(es):