1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
/**************************************************************************/
/* */
/* The Why platform for program certification */
/* Copyright (C) 2002-2008 */
/* Romain BARDOU */
/* Jean-Franois COUCHOT */
/* Mehdi DOGGUY */
/* Jean-Christophe FILLITRE */
/* Thierry HUBERT */
/* Claude MARCH */
/* Yannick MOY */
/* Christine PAULIN */
/* Yann RGIS-GIANAS */
/* Nicolas ROUSSET */
/* Xavier URBAIN */
/* */
/* This software is free software; you can redistribute it and/or */
/* modify it under the terms of the GNU General Public */
/* License version 2, as published by the Free Software Foundation. */
/* */
/* This software is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */
/* */
/* See the GNU General Public License version 2 for more details */
/* (enclosed in the file GPL). */
/* */
/**************************************************************************/
/*@ requires
@ n >= 1
@ ensures
@ \valid_range(\result,0,n-1) &&
@ \forall int i; 0<=i<n => \valid(\result[i]) */
int** test(int n) {
int** t = (int**)malloc(n * sizeof(int*));
int i;
/*@ invariant
@ 0 <= i <= n && \forall int k; 0<=k<i => \valid(t[k]) */
for (i = 0; i < n; i++)
t[i] = (int*)malloc(sizeof(int));
return t;
}
//@ ensures \result == 0
int main() {
int** t = test(10);
t[3][0] = 0;
// t[4][0] = 1;
return t[3][0];
}
|
