Frama-C-discuss mailing list archives
This page gathers the archives of the old Frama-C-discuss archives, that was hosted by Inria's gforge before its demise at the end of 2020. To search for mails newer than September 2020, please visit the page of the new mailing list on Renater.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Frama-c-discuss] WP plugin report incorrect
- Subject: [Frama-c-discuss] WP plugin report incorrect
- From: Claude.Marche at inria.fr (Claude Marche)
- Date: Mon, 5 Oct 2015 17:51:23 +0200
- In-reply-to: <D82B01FA-6460-454C-B887-03944A9C8DB9@cea.fr>
- References: <38272817-D681-4152-8464-3EE0DFCF151B@fau.de> <3B6C70AF-1455-4ED4-9969-93C95C830A41@cea.fr> <06B92218-9DD5-43DF-9F07-538F2A049223@fau.de> <D82B01FA-6460-454C-B887-03944A9C8DB9@cea.fr>
Well, the post-condition would follow from the loop invariant, if the other loop invariant start <= i < end was given. In any case, the loop invariant is not preserved, its preservation should not be reported to hold by WP. I checked with Jessie, the loop invariant is not proved to be preserved. By the way, Christoph, are you sure your file contains nothing else than what you sent in your first mail? Because if there is something inconsistent in the context, then everything will be reported as valid by the provers. - Claude Le 05/10/2015 17:32, Loïc Correnson a écrit : > Your function *is* doing something, and the post-condition is exactly your loop invariant with (i == end), hence it finally holds. > L. > > >> Le 5 oct. 2015 à 17:19, Christoph Rauch <christoph.rauch at fau.de> a écrit : >> >> >>> On 05 Oct 2015, at 16:54, Loïc Correnson <loic.correnson at cea.fr> wrote: >>> >>> Yes ! Indeed, there is nothing about the preservation of the elements in the array across the function. >>> Something like : >>> /*@ … >>> ensures >>> \forall integer i ; start <= i < end ==> >>> \exists integer j ; start <= j < end ==> a[i] == \old( a[j] ) ; >>> */ >>> (and the other way). >> >> Of course, that is a post-condition that should *also* hold in the final algorithm, and indeed I have formulated this using the Permut predicate from the Jessie tutorial. I only left it out here, because it didn’t change the result and it shouldn’t be a necessary condition. After all, the contract I gave would be fulfilled by a function that sets a[end-1] to INT_MAX. But doing nothing is not such a function and WP shouldn’t be able to prove that the post-condition holds. >> >> -- >> Christoph >> _______________________________________________ >> Frama-c-discuss mailing list >> Frama-c-discuss at lists.gforge.inria.fr >> http://lists.gforge.inria.fr/mailman/listinfo/frama-c-discuss > > _______________________________________________ > Frama-c-discuss mailing list > Frama-c-discuss at lists.gforge.inria.fr > http://lists.gforge.inria.fr/mailman/listinfo/frama-c-discuss > -- Claude Marché | tel: +33 1 69 15 66 08 INRIA Saclay - Île-de-France | Université Paris-sud, Bat. 650 | http://www.lri.fr/~marche/ F-91405 ORSAY Cedex |
- Follow-Ups:
- [Frama-c-discuss] WP plugin report incorrect
- From: christoph.rauch at fau.de (Christoph Rauch)
- [Frama-c-discuss] WP plugin report incorrect
- References:
- [Frama-c-discuss] WP plugin report incorrect
- From: christoph.rauch at fau.de (Christoph Rauch)
- [Frama-c-discuss] WP plugin report incorrect
- From: loic.correnson at cea.fr (Loïc Correnson)
- [Frama-c-discuss] WP plugin report incorrect
- From: christoph.rauch at fau.de (Christoph Rauch)
- [Frama-c-discuss] WP plugin report incorrect
- From: loic.correnson at cea.fr (Loïc Correnson)
- [Frama-c-discuss] WP plugin report incorrect
- Prev by Date: [Frama-c-discuss] WP plugin report incorrect
- Next by Date: [Frama-c-discuss] WP plugin report incorrect
- Previous by thread: [Frama-c-discuss] WP plugin report incorrect
- Next by thread: [Frama-c-discuss] WP plugin report incorrect
- Index(es):