1. 13 Jun, 2017 1 commit
    • Andrei Paskevich's avatar
      WhyML: white-box blocks · 516cfd3a
      Andrei Paskevich authored
      Just as abstract blocks, "white-box blocks" are program expressions
      with an additional contract attached to their execution place.
      Contrary to abstract blocks, whiteboxes do not hide their contents
      from the outer computation. In most cases, you would not need
      whiteboxes at all, as the same effect can be achieved by adding
      assertions. Their utility comes from their syntax: the added
      contract clauses bind to the expression and do not require
      additional semicolons, begin-end's, let-in's or try-with's.
      
      Compare:
      
          let x = <expr> in assert { P x }; x
      to  <expr> ensures { P result }
      or  <expr> returns { x -> P x }
      
          if ... then begin let x = <expr> in assert { P x }; x end; ...
      to  if ... then <expr> ensures { P result }; ...
      
          try <expr> with E x -> assert { P x }; raise E x; end
      to  <expr> raises { E x -> P x }
      
      Internally, whiteboxes are just abstract blocks (zero-argument
      anonymous functions executed in-place) with the label "vc:white_box"
      on top. The user never needs to write this label explicitly though.
      516cfd3a
  2. 11 Jun, 2017 1 commit
  3. 08 Jun, 2017 1 commit
    • Andrei Paskevich's avatar
      Mlw: for-loops over range types · 2f7b69b5
      Andrei Paskevich authored
      In the surface language, the loop index is always int in
      the loop invariant and all annotations and pure terms inside
      the loop. If you want to access the original range-typed index,
      use "let copy_i = i in" in the program code before your assertion.
      Of course, you cannot do that for the loop invariant, which is
      what we want.
      2f7b69b5
  4. 05 Jun, 2017 1 commit
  5. 25 May, 2017 1 commit
  6. 23 May, 2017 2 commits
  7. 22 May, 2017 2 commits
  8. 11 May, 2017 1 commit
    • Andrei Paskevich's avatar
      Pdecl: split type declarations in chunks · b6e2a7b6
      Andrei Paskevich authored
      Refinement code requires private types to reside in
      separate program declarations. So we split type decls
      into chunks where all non-free types are declared
      separately and only constructible (Ddata) types are
      kept together. The code preserves the original order
      wherever possible.
      
      Also, export ls_of_rs and fd_of_rs from Expr: these are
      used everywhere in src/mlw anyway.
      
      Also, remove some range/float-related "assert false".
      b6e2a7b6
  9. 02 May, 2017 3 commits
  10. 01 May, 2017 4 commits
  11. 29 Apr, 2017 1 commit
  12. 28 Apr, 2017 1 commit
  13. 15 Feb, 2017 1 commit
  14. 29 Jan, 2017 1 commit
  15. 19 Jan, 2017 1 commit
  16. 09 Jan, 2017 1 commit
    • Andrei Paskevich's avatar
      Vc: drop the unused branches of the context on VCgen switch · d39596d4
      Andrei Paskevich authored
      otherwise, WP->SP adds impossible try-with clauses, and sp_expr
      fails when it encounter an unreachable catching clause. Rather
      than harden up sp_expr, we prefer to avoid adding dead code,
      and so we filter out the context before switching the VCgen.
      
      We also forbid to switch from SP to WP when the code under
      the tag has non-empty outcome set. Merely providing an empty
      postcondition is wrong, since we do not perform an appropriate
      havoc.
      d39596d4
  17. 06 Jan, 2017 2 commits
  18. 05 Jan, 2017 1 commit
  19. 02 Jan, 2017 1 commit
  20. 01 Jan, 2017 7 commits
  21. 19 Apr, 2016 1 commit
  22. 14 Apr, 2016 1 commit
  23. 29 Mar, 2016 2 commits
  24. 23 Mar, 2016 1 commit
  25. 18 Mar, 2016 1 commit