Frama-C wp simple loop invariant

Question

I have a problem with a very simple loop invariant while trying to prove the following program with the wp plugin:

void f() {
  unsigned int i = 0;
  /*@
   loop assigns i;
   loop invariant 0 <= i <= 2;
   loop variant 2 - i;
  */
  for (;i < 2;++i);
}

The output is:

[kernel] preprocessing with "gcc -C -E -I.  t.c"
[wp] Running WP plugin...
[wp] Collecting axiomatic usage
[wp] warning: Missing RTE guards
[wp] 5 goals scheduled
[wp] [Qed] Goal typed_f_loop_inv_established : Valid
[wp] [Qed] Goal typed_f_loop_assign : Valid
[wp] [Qed] Goal typed_f_loop_term_decrease : Valid (4ms)
[wp] [Qed] Goal typed_f_loop_term_positive : Valid
[wp] [Alt-Ergo] Goal typed_f_loop_inv_preserved : Failed
     Error: Alt-Ergo exits with status [127]

When frama-c is executed with the key -wp-print, it prints the following information relating to the failing goal:

Goal Preservation of Invariant (file t.c, line 5):
Assume {
  (* Domain *)
  Type: (is_uint32 i_1) /\ (is_uint32 (1+i_1)).
  (* Invariant (file t.c, line 5) *)
  (* t.c:8: Invariant: *)
  Have: (0<=i_1) /\ (i_1<=2).
  (* t.c:8: Then *)
  Have: i_1<=1.
}
Prove: -1<=i_1.
Prover Alt-Ergo returns Failed
Error: Alt-Ergo exits with status [127]

Answer 1

In your configuration, Alt-Ergo is probably mis-configured or missing (return code 127).

Your code works on my machine without any issue:

[wp] [Qed] Goal typed_f_loop_inv_established : Valid
[wp] [Qed] Goal typed_f_loop_assign : Valid
[wp] [Qed] Goal typed_f_loop_term_decrease : Valid
[wp] [Qed] Goal typed_f_loop_term_positive : Valid
[wp] [Alt-Ergo] Goal typed_f_loop_inv_preserved : Valid (40ms) (7)
[wp] Proved goals:    5 / 5
     Qed:             4 
     Alt-Ergo:        1  (40ms-40ms) (7)

What gives alt-ergo -version ?

Best regards, david