0

I am trying to prove a simplified version of an example from the WP manual but I keep getting an error for one of the ensures clauses.

Here is my code:

/*@ requires \valid(a) && \valid(b);
@ ensures A: *a == \old(*b) ;
@ ensures B: *b == \old(*a) ;
@ assigns *a,*b ;
@*/
void swap(int *a,int *b)
{
    int tmp = *a;
    *a = *b;
    *b = tmp;
}

When I run frama-c -wp -wp-rte swap.c, I am getting the following error:

[kernel] Parsing main_wp.c (with preprocessing)
[rte] annotating function swap
Collecting axiomatic usagewarning: [Warning] cannot load an editor: missing field 'options'

warning: [Warning] cannot load an editor: missing field 'options'

warning: [Warning] cannot load an editor: missing field 'options'

warning: [Warning] cannot load an editor: missing field 'options'

warning: [Warning] cannot load an editor: missing field 'options'

[wp] 8 goals scheduled
[wp] [Alt-Ergo 2.0.0] Goal typed_swap_ensures_A : Failed
[wp] [Cache] found:3
[wp] Proved goals:    7 / 8
  Qed:               5  (1ms-2ms-4ms)
  Alt-Ergo 2.0.0:    2  (12ms-15ms) (22) (cached: 3) (failed: 1)

I was wondering if I am doing something wrong, or if this is an issue with the provers, as I have been facing similar errors with Alt-Ergo when testing files from larger codebases.

I am using Frama-C 24.0 and Alt-Ergo 2.0.0

sgjl
  • 27
  • 5
  • Which version of Frama-C are you using? With Frama-C 25.0 and Alt-Ergo 2.2.0, everything gets discharged. – Virgile Sep 01 '22 at 06:41
  • I am using Frama-C 24.0 and Alt-Ergo 2.0.0 – sgjl Sep 01 '22 at 15:53
  • Thanks for the information. Could you edit your question to add it there as well? It could help future readers. That said, I've just tried to reproduce the issue with this setting (Frama-C 24.0 and Alt-Ergo 2.0.0), and everything gets proved. That said, WP is mentioning the cache in its output, which is not the default behavior. Do you happen to have `FRAMAC_WP_CACHE` set? – Virgile Sep 02 '22 at 06:46

0 Answers0