 22 Apr, 2015 3 commits


MARCHE Claude authored

MARCHE Claude authored
characters '. ", <, > and &

MARCHE Claude authored

 21 Apr, 2015 2 commits


JeanChristophe Filliâtre authored

MARCHE Claude authored

 18 Apr, 2015 8 commits


MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

 16 Apr, 2015 1 commit


JeanChristophe Filliâtre authored
this is of course unsafe, yet useful if you have proved absence of overflows independently or if you are happy with a partial correctness proof (that is, if there is no overflow then the postcondition holds) this is work in progress; nothing plugged in yet

 15 Apr, 2015 1 commit


David Hauzar authored

 14 Apr, 2015 1 commit


David Hauzar authored

 13 Apr, 2015 1 commit


David Hauzar authored
p labeled with label "model_projected" for that it exists a projection function f creates declaration of new constant c and axiom stating that c = f p Projection functions are functions tagged with meta "model_projection". Function f is projection function for abstract function and predicate p if f is tagged with meta "model_projection" and has a single argument of the same type as is the type of p. This transformation is needed in situations when we want to display not value of a variable, but value of a projection function applied to a variable. Note that since Why3 supports namespaces (different projection functions can have the same name) and input languages of solvers typically not, Why3 renames projection functions to avoid name clashes. This is why it is not possible to just store the name of the projection function in a label and than query the solver directly for the value of the projection. Also, it means that this transformation should thus be executed before this renaming.

 10 Apr, 2015 1 commit


MARCHE Claude authored

 08 Apr, 2015 3 commits



Stefan Berghofer authored

Stefan Berghofer authored

 07 Apr, 2015 1 commit


MARCHE Claude authored

 05 Apr, 2015 2 commits


Andrei Paskevich authored

MARCHE Claude authored

 03 Apr, 2015 2 commits


MARCHE Claude authored

MARCHE Claude authored

 02 Apr, 2015 4 commits


MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

 01 Apr, 2015 1 commit


MARCHE Claude authored

 28 Mar, 2015 1 commit


MARCHE Claude authored

 27 Mar, 2015 1 commit


Guillaume Melquiond authored
A child process (e.g. CVC4) might catch SIGXCPU. If it gets stuck then, it won't consume any additional cpu time, so the system won't forcibly kill it. So why3cpulimit has to kill it. Note that, if the system is overloaded, why3cpulimit might kill the child process before it has even reached its cpu time limit. Hopefully, the 60' additional time will suffice in practice.

 23 Mar, 2015 2 commits


MARCHE Claude authored
+ fixed wrong step limit in one session

Andrei Paskevich authored

 21 Mar, 2015 5 commits


MARCHE Claude authored

MARCHE Claude authored

JeanChristophe Filliâtre authored
this is a first draft (with no Coq realization for the moment) see the comment at the end of the file for discussion

MARCHE Claude authored

David Hauzar authored
