Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] question about axiomatic and type invariant
- Subject: [Frama-c-discuss] question about axiomatic and type invariant
- From: wfordlon at dso.org.sg (Wong Ford Long)
- Date: Fri, 30 Jan 2015 08:58:38 +0000
Dear All, I analyzed the C source code from the ACSL-Tutorial document (http://frama-c.com/download/acsl-tutorial.pdf), namely parts of chapters 8 and 9. Let's call the source code below function2.c The Neon version of Frama-C is used, with the command > frama-c-gui -wp -wp-rte function2.c _________________________________________________________________ typedef struct _list { int element; struct _list* next; } list; /*@ inductive reachable{L} (list* root, list* node) { case root_reachable{L}: \forall list* root; reachable(root,root); case next_reachable{L}: \forall list* root, *node; \valid(root) ==> reachable(root->next, node) ==> reachable(root,node); } */ /*@ predicate finite{L}(list* root) = reachable(root,\null); */ /*@ type invariant finite_list(list* root) = finite(root); */ /*@ axiomatic Length { logic integer length{L}(list* l); axiom length_nil{L}: length(\null) == 0; axiom length_cons{L}: \forall list* l, integer n; finite(l) && \valid(l) ==> length(l) == length(l->next) + 1; } */ /*@ requires \valid(root); assigns \nothing; ensures \forall list* l; \valid(l) && reachable(root,l) ==> \result >= l->element; ensures \exists list* l; \valid(l) && reachable(root,l) && \result == l->element; */ int max_list(list* root) { int max = root->element; while(root->next) { root = root-> next; if (root->element > max) max = root->element; } return max; } ________________________________________________________________ The console output is as follows: [kernel] preprocessing with "gcc -C -E -I. function2.c" [kernel] warning: ignoring status of type invariant `finite_list' [wp] Running WP plugin... [wp] Collecting axiomatic usage function2.c:17:[wp] warning: Type invariant not handled yet ('finite_list' ignored) [rte] annotating function max_list [wp] warning: No definition for 'length' interpreted as reads nothing function2.c:43:[wp] warning: Missing assigns clause (assigns 'everything' instead) [wp] 9 goals scheduled [wp] [Alt-Ergo] Goal typed_max_list_assert_rte_mem_access : Valid (25ms) (12) [wp] [Alt-Ergo] Goal typed_max_list_assert_rte_mem_access_2 : Unknown [wp] [Alt-Ergo] Goal typed_max_list_post_2 : Unknown (Qed:1ms) [wp] [Qed] Goal typed_max_list_assert_rte_mem_access_3 : Valid [wp] [Qed] Goal typed_max_list_assert_rte_mem_access_5 : Valid (1ms) [wp] [Qed] Goal typed_max_list_assign_part1 : Valid [wp] [Alt-Ergo] Goal typed_max_list_post : Unknown (1s) [wp] [Alt-Ergo] Goal typed_max_list_assert_rte_mem_access_4 : Unknown (1s) [wp] [Alt-Ergo] Goal typed_max_list_assign_part2 : Unknown [wp] Proved goals: 4 / 9 Qed: 3 (0ms-1ms) Alt-Ergo: 1 (25ms-25ms) (12) (unknown: 5) ________________________________________________________________ Regarding [wp] warning: No definition for 'length' interpreted as reads nothing How should this message be understood? Has something above been written wrongly, causing 'length' to be undefined? How to correct this, so that 'length' can be used in the annotation of some function that manipulates the struct 'list'? Regarding function2.c:17:[wp] warning: Type invariant not handled yet ('finite_list' ignored) Does the Neon version (ver 20140301) of Frama-C handle such type invariant? Or would future versions do so? Thanks and best regards, Ford -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.gforge.inria.fr/pipermail/frama-c-discuss/attachments/20150130/70e81e8e/attachment-0001.html>
- Follow-Ups:
- [Frama-c-discuss] question about axiomatic and type invariant
- From: virgile.prevosto at m4x.org (Virgile Prevosto)
- [Frama-c-discuss] question about axiomatic and type invariant
- Prev by Date: [Frama-c-discuss] question about partition.c
- Next by Date: [Frama-c-discuss] question about partition.c
- Previous by thread: [Frama-c-discuss] Private Release of Alt-Ergo 1.00
- Next by thread: [Frama-c-discuss] question about axiomatic and type invariant
- Index(es):