I am trying to use the example of an inductive predicate taken from the webpage https://frama-c.com/acsl_tutorial_index.html:
#include <stddef.h>
#include <stdlib.h>
typedef struct _list { int element; struct _list* next; } list;
/*@ inductive reachable{L} (list* root, list* node) {
case root_reachable{L}:
\forall list* root; reachable(root,root);
case next_reachable{L}:
\forall list* root, *node;
\valid(root) ==>
reachable(root−>next, node) ==>
reachable(root,node);
}
*/
However, I get a compilation error:
$ frama-c -wp -wp-rte -wp-split list.c
[kernel] Parsing list.c (with preprocessing)
[kernel:annot-error] list.c:12: Warning: unexpected token '>'
[kernel] User Error: warning annot-error treated as fatal error.
[kernel] User Error: stopping on file "list.c" that has errors. Add '-kernel-msg-key pp'
for preprocessing command.
[kernel] Frama-C aborted: invalid user input.
The error I get seems to be for root->next.
If I try the following it works:
/*@ inductive reachable{L} (list* root, list* node) {
case empty{L}: \forall struct List* l; reachable(l, l);
case non_empty{L}: \forall list *l1,*l2;
\valid(l1) && reachable(l1->next, l2) ==> reachable(l1, l2);
}
*/
Perhaps I've done something wrong? Although all I have tried to do is to copy and paste the tutorial code. Any help appreciated.
It is indeed hard to spot, but the − just before the incriminated > is not a standard ASCII dash - but one of its countless unicode variant. This is what gets Frama-C confused. Of course this does not happen in handwritten code where you have a normal -.