Incorrect result with X modulo 1
ID0002141: This issue was created automatically from Mantis Issue 2141. Further discussion may take place here.
| Id | Project | Category | View | Due Date | Updated |
|---|---|---|---|---|---|
| ID0002141 | Frama-C | Plug-in > wp | public | 2015-07-01 | 2016-01-26 |
| Reporter | Ian | Assigned To | correnson | Resolution | fixed |
| Priority | normal | Severity | minor | Reproducibility | always |
| Platform | - | OS | Ubuntu | OS Version | - |
| Product Version | Frama-C Sodium | Target Version | - | Fixed in Version | Frama-C Magnesium |
Description :
WP concludes that “n % 1 == n”, instead of “n % 1 == 0” where n are integers. This is only a problem with modulo 1, the correct answer is obtained for other integers, or if n is 0 (0 % 1 == 0). This can be shown with the following lemmas. /*@ lemma mod_one_error: \forall integer i; (i % 1) == i; */
frama-c mod.c -wp -wp-prop=@lemma [kernel] preprocessing with "gcc -C -E -I. mod.c" [wp] Running WP plugin... [wp] Collecting axiomatic usage [wp] warning: Missing RTE guards [wp] 1 goal scheduled [wp] [Qed] Goal typed_lemma_mod_one_error : Valid [wp] Proved goals: 1 / 1 Qed: 1
/*@ lemma mod_one: \forall integer i; (i % 1) == 0; */
frama-c mod.c -wp -wp-prop=@lemma [kernel] preprocessing with "gcc -C -E -I. mod.c" [wp] Running WP plugin... [wp] Collecting axiomatic usage [wp] warning: Missing RTE guards [wp] 1 goal scheduled [wp] [Alt-Ergo] Goal typed_lemma_mod_one : Unknown [wp] Proved goals: 0 / 1 Alt-Ergo: 0 (unknown: 1)
I would have expected ‘mod_one_error’ not to validate, and ‘mod_one’ to validate.
The goal generated for mod_one also illustrates the issue. lemma_mod_one.ergo: (* ---------------------------------------------------------- ) ( --- Lemma 'mod_one' --- ) ( ---------------------------------------------------------- *)
(* --- Global Definitions --- *)
goal lemma_mod_one: forall i : int. 0 = i
This leads to vacuous truths when assuming the correct result. In the example below, wp believes ‘i' is 1, and our assumption leads to the contradictions 1 == 0. void f1() { int i = 1 % 1; //@ assert i == 0; //@ assert vacuous: \false; }
frama-c mod.c -wp [kernel] preprocessing with "gcc -C -E -I. mod.c" [wp] Running WP plugin... [wp] Collecting axiomatic usage [wp] warning: Missing RTE guards [wp] 2 goals scheduled [wp] [Qed] Goal typed_f1_assert_vacuous : Valid [wp] [Alt-Ergo] Goal typed_f1_assert : Unknown [wp] Proved goals: 1 / 2 Qed: 1 Alt-Ergo: 0 (unknown: 1)
This behavior was observed in both Neon and Sodium.