ID0002168: **This issue was created automatically from Mantis Issue 2168. Further discussion may take place here.** --- | **Id** | **Project** | **Category** | **View** | **Due Date** | **Updated** | | --- | --- | --- | --- | --- | --- | | ID0002168 | Frama-C | Plug-in > wp | public | 2015-09-21 | 2015-09-21 | | | | | | | | | --- | --- | --- | --- | --- | --- | | **Reporter** | Jochen | **Assigned To** | correnson | **Resolution** | open | | **Priority** | normal | **Severity** | feature | **Reproducibility** | always | | **Platform** | Sodium-20150201 | **OS** | - | **OS Version** | xubuntu14.04 | | **Product Version** | Frama-C Sodium | **Target Version** | - | **Fixed in Version** | - | ### Description : Running "frama-c -wp 482b.c" on the attached file, the assertion "zzz" can't be proven by Alt-Ergo, although it should be an immediate consequence of assertion "yyy" and axiom "xxx". Looking at the file "bar_assert_zzz_Alt-Ergo.mlw" shows that some sophisticated expression transformations have been applied to the goal, but not to the axiom: 763 axiom Q_xxx: 764 forall lg_0,pos_0 : int. 765 (forall i : int. (pos_0 <= i) -> (i < (lg_0 + pos_0)) -> P_Tst(i)) -> 766 P_Prp(1 - lg_0) 772 goal bar_assert_zzz: 787 (forall i_1 : int. (i_1 < i) -> (x <= i_1) -> P_Tst(i_1)) -> 788 P_Prp(1 + x - i) It is not a problem of Frama-C/Wp, but a problem of Alt-Ergo: it just should apply the lemma "xxx" with instantiation { pos_0:=x, lg_0 := i-x } to obtain line 788 from line 787. However, when trying to prove the "zzz" assertion manually using Coq, Wp's transformation causes additional confusion. It would be desirable if the was a command-line switch to generate proof obligations as close to the source code as possible, i.e. to avoid the transformation. As a side note, if the "assert" in line 20 is replaced by the statement-contract "ensures" in line 18, the transformation disappears, the goal is fairly good readable, and Alt-Ergo find the proof. ## Attachments - [482b.c](/uploads/2c17baa4edc565f1b208267d133e0f42/482b.c)