suggest command-line option to avoid sophisticated expression transformations, in particular for Coq obligations
ID0002168: This issue was created automatically from Mantis Issue 2168. Further discussion may take place here.
| Id | Project | Category | View | Due Date | Updated |
|---|---|---|---|---|---|
| ID0002168 | Frama-C | Plug-in > wp | public | 2015-09-21 | 2015-09-21 |
| Reporter | Jochen | Assigned To | correnson | Resolution | open |
| Priority | normal | Severity | feature | Reproducibility | always |
| Platform | Sodium-20150201 | OS | - | OS Version | xubuntu14.04 |
| Product Version | Frama-C Sodium | Target Version | - | Fixed in Version | - |
Description :
Running "frama-c -wp 482b.c" on the attached file, the assertion "zzz" can't be proven by Alt-Ergo, although it should be an immediate consequence of assertion "yyy" and axiom "xxx". Looking at the file "bar_assert_zzz_Alt-Ergo.mlw" shows that some sophisticated expression transformations have been applied to the goal, but not to the axiom:
763 axiom Q_xxx: 764 forall lg_0,pos_0 : int. 765 (forall i : int. (pos_0 <= i) -> (i < (lg_0 + pos_0)) -> P_Tst(i)) -> 766 P_Prp(1 - lg_0)
772 goal bar_assert_zzz:
787 (forall i_1 : int. (i_1 < i) -> (x <= i_1) -> P_Tst(i_1)) -> 788 P_Prp(1 + x - i)
It is not a problem of Frama-C/Wp, but a problem of Alt-Ergo: it just should apply the lemma "xxx" with instantiation { pos_0:=x, lg_0 := i-x } to obtain line 788 from line 787. However, when trying to prove the "zzz" assertion manually using Coq, Wp's transformation causes additional confusion. It would be desirable if the was a command-line switch to generate proof obligations as close to the source code as possible, i.e. to avoid the transformation.
As a side note, if the "assert" in line 20 is replaced by the statement-contract "ensures" in line 18, the transformation disappears, the goal is fairly good readable, and Alt-Ergo find the proof.