Clarifies measures and termination

acsl-language / acsl

Sources for the ANSI/ISO C Specification Language manual

Other

47 stars 8 forks source link

Clarifies measures and termination #84

Closed AllanBlanchard closed 2 years ago

AllanBlanchard commented 2 years ago

Use these commits directly to review the diff:

There is a commit that trims spaces.

There was a misunderstanding in https://github.com/acsl-language/acsl/issues/79, this is also fixed.

AllanBlanchard commented 2 years ago

FYI @pbaudin @vprevosto @zilbuz

vprevosto commented 2 years ago

What if a function has a loop that might not terminate and another (before the first one, obviously) that ought to always terminate, as in

/*@ terminates \false; */
void f(void) {
  /*@ terminates \true; */
  {
     /*@ loop invariant  0 <= i <= 3;
            loop assigns i;
            loop variant 3 - i;
     */
     for (int i = 0; i < 3; i++) ;
  }
  while(1) ;
}

vprevosto commented 2 years ago

In other words, I'd suggest that the variant is conditioned by the terminates clause of the innermost contract enclosing it. In addition, it might also be worth it to state explicitly that , if a statement contract with terminates clause T1 is enclosed into another contract with terminates clause T2, we must have T2 ==> T1

AllanBlanchard commented 2 years ago

Oh yes, I forgot this case.

pbaudin commented 2 years ago

I have nothing more to say.

AllanBlanchard commented 2 years ago

Hum. What about the behavior of:

// decreases p for some_relation ;
void f(int *p){ 
  if(condition) f(p); 
}

The fact that some_relation must be well-founded is clear. If I correctly understand:

some_relation cannot have labels,
it must be evaluated @here.

This is somewhat what is explained in the section but I think that we could emphasize on this behavior.

AllanBlanchard commented 2 years ago

In fact, giving the details mentioned in the previous comment is probably more suitable for a course :thinking: , so let's forget about that.

pbaudin commented 2 years ago

@AllanBlanchard, in the branch clarifies-measures-termination of the Github project acsl-language/acsl I added a commit (the last one) that you could cherry-pick part of it to this pull request. By the way, these modifications can still be discussed here.

AllanBlanchard commented 2 years ago

I have included the commit made by @pbaudin and added a few details + fixed some typos. I think it is ready.

pbaudin commented 2 years ago

It is fine for me.

@vprevosto, are you ready to merge this pull request ?