GitLab

ignore labels

- put abstract types and aliases in Dtype of tysymbol
- put (recursive) algebraic types in Ddata of (ts,constr list) list
- put abstract function/predicate symbols in Dparam of lsymbol
- put defined logic symbols in Dlogic of (ls,ls_definition) list

also, produce less noise on plugin detection
also, use -linkall to compile our binaries

- change takes function as the first argument
- add_new takes exception as the first argument
- find_default is renamed to find_def and takes the default value
  as the first argument
- find_option is renamed to find_opt (to align with find_exn and find_def)
- default_option is renamed def_option

this is a tentative patch to make && and || more robust
wrt propositional simplification.

Thanks to Johannes Kanig for this useful suggestion.

The smoke detector try to detect when a goal is proved
because the context is self contradicting.

The way it is configured in session is not very pretty.

t_fold already iters on the subterms of a term, so calling t_fold on a
subterm actually iters over grandchildren of the term, which may well be
under a quantifier. So t_fold should be called on the term itself.

This explains why the transformation was trying to create declarations with
unbounded variables.

kudos to François for spotting the problem

meta "instantiate : auto" on as many terms as possible.

The transformation is rather naive, since it doesn't look for term
candidates under quantifiers, if-then-else, let-in, and so on. So it can
only appear late in the transformation pipe.

It is only enabled for Gappa and its target axioms are the ones that state
that any floating-point value is bounded. It was the last transformation
from Why2 still missing in Why3.

Thanks to this transformation, Gappa is now able to prove all the safety
obligations from the following code, including the ones about division and
downcast, which is definitely frightening.

/*@ assigns \nothing;
  @ ensures \result == \abs(x);
  @*/
extern double fabs(double x);

/*@ requires \valid(AB_Ptr) && \valid(CD_Ptr);
  @ assigns *AB_Ptr, *CD_Ptr;
  @ ensures \abs(*AB_Ptr) <= 6.111111e-2;
  @ ensures \abs(*CD_Ptr) <= 6.111111e-2;
  @ */
void limitValue(float *AB_Ptr, float *CD_Ptr)
{
   double Fabs_AB, Fabs_CD;
   double max;

   Fabs_AB = fabs (*AB_Ptr);
   Fabs_CD = fabs (*CD_Ptr);

   max = Fabs_AB;
   if (Fabs_CD > Fabs_AB)  max = Fabs_CD;

   if ( max > 6.111111e-2)
   {
      *AB_Ptr = (float) (((*AB_Ptr) * 6.111111e-2) / max);
      *CD_Ptr = (float) (((*CD_Ptr) * 6.111111e-2) / max);
   }
}

introduced new transformation eliminate_non_struct_recursion for that purpose
uses Decl.check_termination tomake the check and the pretty-print
(could probably be improved to avoid 3 calls to check_termination)

Prover capabilities are now represented by a record enumerating each case and which syntax to use then.
This fixes output of nondecimal integers to provers (bug #12981).

TODO: check whether some provers support more than just decimal representations.