我有以下变量:
int** send_count;
message_struct*** send_queue;
我有一个函数我想申报
的合同message_record_struct postSend(int destination, double* buf);
如何声明一份允许分配send_count和send_queue元素的合约?
我担心以下方法只允许在指向数组的指针地址处分配元素:
@ assigns send_count
以下方法在代码的前一部分给出axiomatic theory { logic integer NP; }时会抛出错误:
@ assigns *(send_count+(0..NP-1));
@ assigns \forall integer i; 0<=i<NP ==>
*(send_count[i]+(0..NP-1));
$ frama-c -wp -wp-prover "why3ide" assign_example.c
[kernel] Parsing FRAMAC_SHARE/libc/__fc_builtin_for_normalization.i (no preprocessing)
[kernel] Parsing assign_example.c (with preprocessing)
assign_example.c:62:[kernel] user error: syntax error (expression expected but predicate found) in annotation.
[kernel] user error: stopping on file "assign_example.c" that has errors. Add '-kernel-msg-key pp' for preprocessing command.
[kernel] Frama-C aborted: invalid user input.
答案 0 :(得分:3)
您正在寻找的语法可能是
/*@ assigns *(send_count+(0..NP-1));
assigns *(send_count[0..NP-1]+(0..NP-1));
引入了ACSL范围[a..b]以保持指定子句无量词,并且应该尽可能多地使用。