--- layout: fc_discuss_archives title: Message 16 from Frama-C-discuss on May 2014 ---
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] Puzzled about apparent proof of false contract



Better than what I could expect.
Hence, in the initial example, value complains about the violation of the ensures clause, since for very large value of n, it can never holds (unsigned long is tighter than the expected mathematical value).
L.
________________________________________
De : Frama-c-discuss [frama-c-discuss-bounces at lists.gforge.inria.fr] de la part de Virgile Prevosto [virgile.prevosto at m4x.org]
Envoy? : mardi 20 mai 2014 16:08
? : Frama-C public discussion
Objet : Re: [Frama-c-discuss] Puzzled about apparent proof of false contract

2014-05-20 15:48 GMT+02:00 CORRENSON Loic 218851 <loic.correnson at cea.fr>:
>
> However, it is surprising that value-analysis plugin does not complain for this potential overflow.

There's nothing surprising here. All computations in this example are
done on unsigned integers, whose overflow semantics is perfectly
defined (for once) by the standard. Hence no warning is output by
default, and the modulo is taken. Alarms will be generated if
-warn-unsigned-overflow is set. More information about overflows and
integer downcasts warnings can be found with frama-c -kernel-help.

Best regards,
--
E tutto per oggi, a la prossima volta
Virgile
_______________________________________________
Frama-c-discuss mailing list
Frama-c-discuss at lists.gforge.inria.fr
http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/frama-c-discuss