GitLab

ID0000029: This issue was created automatically from Mantis Issue 29. Further discussion may take place here.

---

Id	Project	Category	View	Due Date	Updated
ID0000029	Frama-C	Plug-in > jessie	public	2009-04-07	2009-06-23

Reporter	virgile	Assigned To	cmarche	Resolution	fixed
Priority	normal	Severity	minor	Reproducibility	always
Platform	-	OS	-	OS Version	-
Product Version	Frama-C Lithium-20081201	Target Version	-	Fixed in Version	Frama-C Beryllium-20090601-beta1

Description :

[bug 7117 from old bts, reported by Christoph Weber] Hello, unfortunatly I dont have time to track the bug down, so I will post the message I posted in the discussion list:

Hello again in the new year,

today I am trying to modify an implementation and still concurr with the function contract.

Therefore following code first: /*@ requires 0 <= length; requires \valid_range (a, 0, length-1); requires \valid_range (b, 0, length-1);

assigns \nothing;

behavior equal:
    ensures \result == 1 <==> (\forall integer i; 0 <= i < length ==> a[i] == b[i]);
behavior not_equal:
    ensures \result == 0 <==> (\exists integer i; 0 <= i < length && a[i] != b[i]);

/ int equal_array (int a, int length, int* b ) { int index_a = 0; int index_b = 0; /*@ loop invariant 0 <= index_a <= length; loop invariant 0 <= index_b <= length; loop invariant index_a == index_b;

    loop invariant \forall integer k; 0 <= k < index_a ==> a[k] == b[k];

*/
while ( index_a != length )
{
    if (a[index_a] != b[index_b])
        return 0;
    ++index_a;
   ++index_b;
 }
return 1;

}

Since I am using "assigns \nothing;" I expect the term \old() in comparison to be obsolete.

But as I recall, assigns \nothing allows temorary modification, as long as the content of the elements mentioned in the parameter list of the function is restored before termination.

So I modified the algorithm, to alter the memory and restore it, allowing the algorithm to return allways "true":

/*@ requires 0 <= length; requires \valid_range (a, 0, length-1); requires \valid_range (b, 0, length-1);

assigns \nothing;

behavior equal:
    ensures \result == 1 <==> (\forall integer i; 0 <= i < length ==> a[i] == b[i]);
behavior not_equal:
    ensures \result == 0 <==> (\exists integer i; 0 <= i < length && a[i] != b[i]);

/ int equal_array (int a, int length, int* b ) {

int save_array_a[length];
int save_array_b[length];

/*@ 
    loop invariant 0 <= i <= length;
    loop invariant \forall integer k; 0 <= k < i ==> a[k] == b[k] == 0;
    loop invariant \forall integer k; 0 <= k < i ==> a[k] == save_array_a[k];
    loop invariant \forall integer k; 0 <= k < i ==> b[k] == save_array_b[k];
*/
for(int i = 0; i < length; i++)
{
    save_array_a[i] = a[i];
    save_array_b[i] = b[i];
    a[i] = 0;
    b[i] = 0; 
}

int index_a = 0;
int index_b = 0;
/*@
    loop invariant 0 <= index_a <= length;
    loop invariant 0 <= index_b <= length;
    loop invariant index_a == index_b;
    loop invariant \forall integer k; 0 <= k < index_a ==> a[k] == b[k];
*/
while ( index_a != length )
{
    if (a[index_a] != b[index_b])
        return 0;
    ++index_a;
    ++index_b;

}

/*@
    loop invariant 0 <= i <= length;
    loop invariant \forall integer k; 0 <= k < i ==> a[k] == save_array_a[k];
    loop invariant \forall integer k; 0 <= k < i ==> b[k] == save_array_b[k];
*/
for(int i = 0; i < length; i++)
{
    a[i] = save_array_a[i];
    b[i] = save_array_b[i]; 
}
return 1;

}

My problem:

I cannot invoke the Jessie gui, it stops with the message:

equal_array.c:6: Warning: Variable-sized local variable save_array_a equal_array.c:7: Warning: Variable-sized local variable save_array_b Cleaning unused parts Symbolic link Starting semantical analysis Starting Jessie translation No code for function __builtin_alloca, default assigns generated Producing Jessie files in subdir equal_array.jessie File equal_array.jessie/equal_array.jc written. File equal_array.jessie/equal_array.cloc written. Calling Jessie tool in subdir equal_array.jessie Generating Why function equal_array File "jc/jc_interp.ml", line 861, characters 11-11: Uncaught exception: File "jc/jc_interp.ml", line 861, characters 11-17: Assertion failed Jessie subprocess failed: jessie -why-opt -split-user-conj -v -locs e qual_array.cloc equal_array.jc