Frama-C Bug Tracking System - Frama-C
View Issue Details
0001621Frama-CPlug-in > wppublic2014-01-20 09:572014-01-24 17:10
Anne 
correnson 
normalminorhave not tried
acknowledgedopen 
Frama-C Fluorine-20130601 
 
0001621: loop invariant as hypothesis
Not sure if this is a bug or the intended behavior, but I am surprised that on the example below, I get: [wp] [Alt-Ergo] Goal typed_f_loop_inv_l_nbits_established : Unknown It seems that the loop invariant l_wsize is not used as an hypothesis ?
void f (unsigned int wsize) { unsigned int nbits = 0; /*@ loop invariant l_wsize: wsize == 4 || wsize == 5 || wsize == 6; @ loop invariant l_nbits: 0 <= nbits < wsize; */ for(int i = 0; i < 10; i++) { } }
No tags attached.
Issue History
2014-01-20 09:57AnneNew Issue
2014-01-20 09:57AnneStatusnew => assigned
2014-01-20 09:57AnneAssigned To => correnson
2014-01-24 16:11corrensonNote Added: 0004445
2014-01-24 16:11corrensonNote Added: 0004446
2014-01-24 16:11corrensonStatusassigned => acknowledged

Notes
(0004445)
correnson   
2014-01-24 16:11   
Ha ha ! It is both a bug and a feature ;-) Using model Dump, you can see the following: 1. I_nbits is used for an hypothesis on establishment for I_wsize 2. preservation of I_nbits and I_wsize are proved separately For 1, it is a bug : the list of invariants comes in reverse direction. For 2, it is a (kind of) feature. Actually, it is sound to prove preservation of an invariant by assuming the previous ones. But we deactivate it since a false invariant makes everything apparently proved (but the false one). Obviously, we can improve these behaviors.
(0004446)
correnson   
2014-01-24 16:11   
Feature wish