GitLab

+ add predicate "exact_int"
+ add three axioms on of_int +/-/*
+ add some other axioms
+ guard the theory realization with a dependency to flocq in make file

+ simplify some others
+ add a realization of real.Truncate
+ add a, almost complete, realization (missing fma related axioms + some non-axiomatized definitions)

Constructors of enumerations are converted to consecutive integers. Formula
simplifications are performed when two constructors are compared. Constant
propagation is applied to constructors early.

This commit also puts back the last hypothesis as a negated goal so as to
improve readability.

The _rev lemmas cannot mention anything about the to_real values. Indeed,
with a directed rounding, in case of overflow, the result might still be
finite, yet be unrelated to the infinitely-precise value.

Note that the lemmas were true for rounding to nearest though (since the
result is necessarily infinite in case of overflow then), so it might be
worth adding back some specialized versions for rounding to nearest.

Note also that lemmas for neg, abs, and sqrt, do not need fixing, since
these operations cannot overflow.

This commit also fixes some issues about to_int_monotonic_int. Indeed,
large integers are not always representable, so we get to_int RNU x = x >
i for x = of_int RNU i.

When proving a program that does not allow for exceptional behaviors, the
context is littered with finiteness facts (due to operator preconditions),
so these lemmas help some provers by reducing the amount of instantiations
needed to produce the problem on real numbers.

This patch also adds an axiom so that is_finite, is_infinite, and is_nan
are actually disjoint. It also modifies the axiom about sqrt so that its
precondition is expressed on real numbers directly.

This is mandatory for handling the is_finite predicates from the FP
formalization. Propositions are sent as disjunctions (p in [0,0] \/
p in [1,1]) with hints indicating to split p at 0.5.

The goal might have several labels on it coming from the WP or the source,
which makes it trivially different from previously abstracted terms.

- some cleanup
- add the axiom "abs_universal"

Alt-Ergo was actually able to derive an inconsistency from these axioms,
which is kind of incredible.

- to_real x = 0 does not imply is_zero x, unless x is finite.
- Add missing triggers.
- Move any property related to signed zeros from "_finite" to "_special".
- Fix incorrect signed zeros for addition, subtraction, and FMA.
- Remove inconsistent signs of NaN for negation, multiplication, and division.
- Add specification for special values of abs.
- Fix useless specification for sqrt(+oo).

This commit also underspecifies the sign of product and quotient in case
of NaN result, so as to be consistent with the single NaN of smtlib.

We changed t_map_simp, track_values and the eval_match transformation
in order to prevent them from removing terms whose head has label
 keep_on_simp. Note that simplification inside those terms is
still possible.

* src/core/term.ml
(t_map_simp): Adding the case when f has label keep_on_simp.

* src/transform/eval_match.ml
(eval_match): Adding keep_on_simp as a stop label.

* src/whyml/mlw_wp.ml
(track_values): Stopping on keep_on_simp label.