1. 12 Apr, 2015 1 commit
  2. 11 Apr, 2015 2 commits
    • Andrei Paskevich's avatar
      examples/vstte10_queens: strong updates · 340ffc11
      Andrei Paskevich authored
      1. Strong region updates can only work with direct assignments, e.g.
           r.contents <- something_completely_different
         but not with functions such as (:=) : ref 'a -> 'a -> unit
         Why3 requires 'a to be instantiated with one concrete type,
         not with a bunch of types that differ in their regions.
      
      2. Strong region updates will restrict the updated regions to their
         covers. However, in the current implementation, Why3 does not know
         if the region corresponding to the field "contents" is the only
         cover for 'a in the type [ref 'a] or if there is a way to retrieve
         'a from [ref 'a] without going through "contents". Therefore, to
         ensure soundness, a strong update of r.contents will forbid to
         use r itself. A solution consists in writing an adhoc "reference"
         type, where the mutable contents (O.t in this case) is explicitly
         given in the type definition. Then the strong update of the field
         containing O.t will preserve the covering "reference".
      
         This problem is fixed in the "new system", where mutable types
         carry information about the access paths of the type variables.
         There, "r.contents <- something_different" preserves r.
      340ffc11
    • Jean-Christophe Filliâtre's avatar
  3. 10 Apr, 2015 2 commits
  4. 09 Apr, 2015 1 commit
  5. 08 Apr, 2015 6 commits
  6. 07 Apr, 2015 2 commits
  7. 05 Apr, 2015 2 commits
  8. 03 Apr, 2015 2 commits
  9. 02 Apr, 2015 6 commits
  10. 01 Apr, 2015 1 commit
  11. 31 Mar, 2015 1 commit
  12. 28 Mar, 2015 2 commits
  13. 27 Mar, 2015 1 commit
    • Guillaume Melquiond's avatar
      Improve why3-cpulimit so that it forcibly kills processes after a while. · 21198e50
      Guillaume Melquiond authored
      A child process (e.g. CVC4) might catch SIGXCPU. If it gets stuck then, it
      won't consume any additional cpu time, so the system won't forcibly kill
      it. So why3-cpulimit has to kill it.
      
      Note that, if the system is overloaded, why3-cpulimit might kill the child
      process before it has even reached its cpu time limit. Hopefully, the 60'
      additional time will suffice in practice.
      21198e50
  14. 26 Mar, 2015 1 commit
  15. 25 Mar, 2015 7 commits
  16. 24 Mar, 2015 3 commits