Comments (2)
maroneze
commented on June 12, 2024
On a related note, it might be worth clarifying what is meant in Section 1.2, about Statement annotations. It says that, for statement contracts, "Semantic conditions must be checked (no goto going inside, no goto going outside)." From that phrase, it would seem that gotos forfeit the meaning of statement contracts, but in section 2.4.4 it is only said that ensures are not checked when leaving via a goto. So, for symmetry, it might be meaningful to say that requires are not checked when entering via a goto.
Also, here's another example with gotos, where we enter 2 blocks at a time. It's possibly just an extension of the previous example, but it may lead to some more complex cases that it would be better not to forget about.
void f() {
int x = 0;
x = 1;
goto L2;
/*@ requires x == 1;
ensures x == 3;
*/
{
x = 2;
L1 :
/*@ requires x == 0 || x == 2;
ensures x == 3;
*/
{
x = 3;
goto L3;
L2:
x = 0;
goto L1;
L3: ;
}
}
}
from acsl.
pbaudin
commented on June 12, 2024
Assigns clauses have also to be considered.
Notice that they are not considered as the ensures : [section 2.4.4] the locations having their value
modified during the path execution, starting at the beginning of the annotated statement
and leading to a goto jumping out of it, should be part of its assigns clause
The next similar question is what about abrupt loop entry.
from acsl.
Related Issues (20)
- axiomatic blocks as namepaces HOT 3
- Nested axiomatic blocks HOT 3
- Floating point comparison HOT 6
- Release of ACSL 1.12 HOT 3
- Taking the address of a formal in a function contract HOT 7
- Paragraph in the right margin HOT 2
- ACSL++ virtual logic functions
- scope of ghost local variables
- Structures, Unions and Arrays in logic HOT 2
- Considering a valid pointer and an invalid pointer, should they be `\separated()`? HOT 4
- Exact program state of Pre and Post states HOT 16
- Clarification on meaning of \valid HOT 10
- type-expr is defined twice HOT 2
- Notation for non-finite floating-point values HOT 2
- Clarification on order of arguments for termination measure HOT 1
- Support of 'L' suffix for floating-point literals of type long double, and `D` for literals of type double HOT 2
- Links between `\initialized{L}(p)` and `\valid_read{L}(p)`. HOT 2
- Proposal for meaning of `\valid`, `\valid_read` w.r.t. `\initialized` HOT 8
- Clarification about label Pre
- Unbound logic variable warning when using .. to specify array length, i.e. \valid(buckets+(0..{x})), when {x} is a global variable HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acsl.