2

I use frama-C WP and want to debug my ACSL annotations (to understand why provers say me "don't know"). I have some green or orange results. I open why3 IDE and see the generated scripts. Then I select a theory/goal from the list and able to start Alt-Ergo or Coq IDEs. I want to play with generated code in Coq IDE. I see some axioms then Theorem WP and then, for example: 

intros a a_1 i_3 i_2 i_1 i t_2 t_1 t t_8 t_7 t_6 t_5 t_4 t_3 a_4 a_3 a_2 x
x_1 x_2 x_3 h1 h2 h3 h4 h5 h6 h7 h8 h9 h10 h11 h12 h13 h14 h15 h16 h17 h18
h19 h20 h21 h22 h23 h24 h25. 
Qed.

When I "go to the end" in Coq, I see an error "Attempt to save an incomplete proof". How can I get the result "Proved" or "Unknown" in Coq IDE which I see in frama-c or why3 result windows? And what the better way to understand why I got the message from the prover "I don't know", and decide whether I have a program with a bug or piece of bad ACSL specification?

SeregASM
  • 75
  • 12

1 Answers1

3

"Attempt to save an incomplete proof" in Coq is translated by "Unknown" in Frama-C/WP. In fact, Frama-C is waiting for you to interactively complete the proof between intros ... and Qed. If you succeed in making Coq happy, saving the script will allow you to have a green (or yellow green) bullet ("Proved").

Regarding your second question, trying to perform the proof interactively is indeeed a good way to understand where the issue is lying. Apart from Coq, you can use the interactive provers known to Why3 (Isabelle and PVS if I recall correctly), and the new interactive prover built directly in WP, TIP (see section 2.3 of the WP manual).

Virgile
  • 9,724
  • 18
  • 42