0001251Frama-CPlug-in > jessiepublic2012-07-31 10:532013-03-27 09:44
Frama-C Nitrogen-20111001 
Frama-C Oxygen-20120901 
0001251: Binary search doesn't verify anymore after upgrade
After upgarding to why 2.31 and why3 0.73, my binary search program doesn't verify with Alt-Ergo, Z3, and CVC3 and a timeout of 10s. In particular, the loop invariant \forall integer i; 0 <= i < low ==> a[i] < val; doesn't verify. The code did verify with the previous version of Jessie and it verifies with wp. The same is true for another program, mismatch.c. This is a show stopper as the binary search is frequently used to demonstrate formal verification.
The attached file is mismatch.c and does not contain a binary search function. Please provide the proper example so that I can figure out the problem.
Sorry, this is the binary search file.
I can't reproduce the problem, for me the program is proved. I attach the results I obtained with several versions of those provers, see bts1251.html. Please give more info on what is not proved on your side.
2012-08-21 13:35   
By the way, you could send your own results by sending the .xml file that is located in binary-search.jessie/binary-search/why3session.xml note that the html file can be generated using why3session html binary-search.jessie/binary-search resulting in a file binary-search.jessie/binary-search/binary-search.html
2012-08-21 15:05   
2012-08-21 15:58   
2012-08-21 18:18   
2012-08-22 12:41   
2012-08-22 13:47   
2012-08-22 14:35   
2012-08-22 16:31   
I'm surprised that the error "field name is missing" does not show up. What happens if you do why3ide --debug-all --extra-config /usr/local/lib/why/why3/why3.conf binary-search.jessie/binary-search.mlw and then if you retry frama-c -jessie binary-search.c ?
~/progs/c/frama-c/binary-search$ why3ide --debug-all --extra-config /usr/local/lib/why/why3/why3.conf binary-search.jessie/binary-search.mlw field 'name' is missing ~/progs/c/frama-c/binary-search$ frama-c -jessie binary-search.c [kernel] preprocessing with "gcc -C -E -I. -dD binary-search.c" [jessie] Starting Jessie translation [jessie] Producing Jessie files in subdir binary-search.jessie [jessie] File binary-search.jessie/binary-search.jc written. [jessie] File binary-search.jessie/binary-search.cloc written. [jessie] Calling Jessie tool in subdir binary-search.jessie Generating Why function bsearch Generating Why function main [jessie] Calling VCs generator. why3ml [...] binary-search.mlw field 'name' is missing make: *** [why3ml] Error 1 [jessie] user error: Jessie subprocess failed: make -f binary-search.makefile why3ml
Then this shows that the problem is related to /usr/local/lib/why/why3/why3.conf Great! But still I don't see why... could you edit the file /usr/local/lib/why/why3/why3.conf and remove the section headed by [prover coq], and try again please ? Indeed you can remove everything except the first two lines [main] loadpath = " ..."
Even better: I've now been able to reproduce the bug ! The [prover coq] section appearing in /usr/local/lib/why/why3/why3.conf causes problem if Coq is not installed, which is your case. OK, thanks for your time, I'm now able to fix the problem. In the meantime, removing the [prover coq] section should work for you
Alright, I can use why3 now. While the binary search itself now verifies, the call in main doesn't. I split all unproven goals until no further split was possible. Yet, "Function main, Safety" runs in a time-out (see attachment).
The problem with main unproved is related to the weaknesses of Jessie regarding allocation. I guess you mean it was proved with Why2 before ?
Yes, all VCs in binary-search.c were proved with the previous version of Why2/Jessie and Alt-Ergo.
Indeed you found another bug ! it was introduced by the migration of the Jessie memory model from Why2 to Why3. You can fixed yourselves, by modifying the file /usr/local/lib/why/why3/jessi3.mlw look for this --------------- val free_parameter (a:ref (alloc_table 't)) (p:pointer 't) : { p = null (* allowed, see man 3 free *) /\ --------------- and change the last /\ by \/ This is fixed in the devt version. I think we are going to make a bug-fix release of Why 2 soon, Thanks again for testing and finding thoses bugs !
Fixed in Frama-C Oxygen + Why 2.32.