Closed viper-admin closed 4 years ago
@alexanderjsummers on 2015-10-02 10:05:
- edited the description
@mschwerhoff commented on 2015-11-18 09:24
Since Silicon represents permissions as heap chunks, it is difficult for Silicon to avoid reporting insufficient permissions when checking the postcondition:
this.x
this.x
; consequently, no heap chunk for this.x
is producedthis.x
are not availableIf Carbon reported insufficient permissions, it can simply continue the verification under the additional assumption that sufficient permissions were available, i.e. H[this, x] > none
. For Silicon, this is in general not (so easily) possible (without causing spurious errors afterwards) because it would have to add a heap chunk, sum up all potential permissions in the heap (which requires accounting for aliasing and permissions inside predicates), and assume that the sum is non-none.
@mschwerhoff commented on 2015-11-18 09:24
Duplicate of https://github.com/viperproject/silicon/issues/34.
@mschwerhoff on 2015-11-18 09:24:
- changed
state
fromnew
toduplicate
@mschwerhoff commented on 2015-11-18 12:31
https://github.com/viperproject/silicon/issues/144 was marked as a duplicate of this issue.
@mschwerhoff commented on 2015-11-18 12:48
https://github.com/viperproject/silicon/issues/152 was marked as a duplicate of this issue.
In the following Silver example, Silicon checks if postcondition is established without checking that tje contract is well formed and reports a different error than Carbon.