--- layout: fc_discuss_archives title: Message 16 from Frama-C-discuss on May 2014 ---
Better than what I could expect. Hence, in the initial example, value complains about the violation of the ensures clause, since for very large value of n, it can never holds (unsigned long is tighter than the expected mathematical value). L. ________________________________________ De : Frama-c-discuss [frama-c-discuss-bounces at lists.gforge.inria.fr] de la part de Virgile Prevosto [virgile.prevosto at m4x.org] Envoy? : mardi 20 mai 2014 16:08 ? : Frama-C public discussion Objet : Re: [Frama-c-discuss] Puzzled about apparent proof of false contract 2014-05-20 15:48 GMT+02:00 CORRENSON Loic 218851 <loic.correnson at cea.fr>: > > However, it is surprising that value-analysis plugin does not complain for this potential overflow. There's nothing surprising here. All computations in this example are done on unsigned integers, whose overflow semantics is perfectly defined (for once) by the standard. Hence no warning is output by default, and the modulo is taken. Alarms will be generated if -warn-unsigned-overflow is set. More information about overflows and integer downcasts warnings can be found with frama-c -kernel-help. Best regards, -- E tutto per oggi, a la prossima volta Virgile _______________________________________________ Frama-c-discuss mailing list Frama-c-discuss at lists.gforge.inria.fr http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/frama-c-discuss