1. 05 Jun, 2017 1 commit
    • Andrei Paskevich's avatar
      Mlw: local exceptions in the surface language · b3a73a61
      Andrei Paskevich authored
      current syntax is
      
          exception Return (int, ghost bool) in
          ...
          try
            ...
            raise Return (5, false)
            ...
          with
            Return (i, b) -> ...
          ...
      
      These exceptions can carry mutable and non-monomorphic values.
      They can be raised from local functions defined in the scope
      of the exception declaration.
      b3a73a61
  2. 04 Jun, 2017 1 commit
  3. 27 May, 2017 1 commit
    • Andrei Paskevich's avatar
      Mlw: support Epure in the surface language (with type inference) · 72714897
      Andrei Paskevich authored
      The current syntax is "{| <term> |}", which is shorter than
      "pure { <term> }", and does not require a keyword. Better
      alternatives are welcome.
      
      As for type inference, we infer the type pf the term under Epure
      without binding destructible type variables in the program.
      In particular,
        let ghost fn x = {| x + 1 |}
      will not typecheck. Indeed, even if we detect that the result
      is [int], the type of the formal parameter [x[ is not inferred
      in the process, and thus stays at ['xi].
      
      Another problem is related to the fact that variable and function
      namespaces are not yet separated when we perform type inference.
      Thus both fuctions
        let ghost fn (x: int) = let x a = a in {| x + 5 |}
      and
        let ghost fn (x: int) = let x a = a in {| x 5 |}
      will not typecheck, since the type of [x] is ['a -> 'a] when
      we infer the type for the Epure term, but it becomes [int],
      when we construct the final program expression. Probably,
      the only reasonable solution is to keep variables and
      functions in the same namespace, so that [x] simply can
      not be used in annotations after being redefined as a
      program function.
      72714897
  4. 01 May, 2017 1 commit
  5. 28 Apr, 2017 1 commit
  6. 12 Apr, 2017 1 commit
  7. 28 Feb, 2017 1 commit
    • Clément Fumex's avatar
      Add the ability to · f0547868
      Clément Fumex authored
      * declare range types and float types,
      * use integer (resp. real) literals for those types through casting,
      * specify how to print them in drivers.
      
      Change in syntax
      * use
      
        type t = < range 1 2 >   (* integers from 1 to 2 *)
        type t' = < float 4 12 > (* float with 4 bits in exponent and 12 in mantissa *)
      
        the two projections :
        t'int
        t''real
      
        and the predicate :
        t''isFinite
      
      * Restrict the use of "'" in whyml:
        Users are not allowed to introduce names where a quote symbol
        is followed by a letter. Thus, the following identifiers are
        valid:
      
        t'
        toto'0''
        toto'_phi
      
        whereas toto'phi is not.
      
      Note: we do not yet support negative numbers in range declaration
      and casting of a literal.
      f0547868
  8. 15 Feb, 2017 1 commit
  9. 14 Apr, 2016 1 commit
  10. 01 Apr, 2016 1 commit
  11. 24 Mar, 2016 1 commit
  12. 19 Mar, 2016 1 commit
  13. 17 Mar, 2016 1 commit
  14. 15 Mar, 2016 3 commits
  15. 11 Feb, 2016 1 commit
  16. 11 Jan, 2016 1 commit
  17. 10 Jan, 2016 1 commit
    • Andrei Paskevich's avatar
      Mlw: allow non-ghost expressions to return (partially) ghost values · 4c79348a
      Andrei Paskevich authored
      this is still work in progress and no testing was done so far.
      
      Highlights of this commit:
      
      - "(ghost 42, 15)" is now a non-ghost expression that can be returned
        from a function and/or matched against a "(ghost x, y)" pattern.
        Only the tuple constructor and direct pattern matching are magical:
        "let z = (ghost 42, 15) in ..." still makes z ghost, and therefore
        "snd (ghost 42, 15)" is ghost, too.
      
      - "if c then e1 else ghost e2" and "let z = e1 in ghost e2" are now
        non-ghost expressions with a ghost result. This means that e1 may
        have visible effects. Of course, if e2 raises exceptions, the whole
        expression is ghostified. Contamination is still done when possible,
        that is, when the contaminated expression has no visible effects.
      
      - "let ghost x = e1 in e2" no longer ghostifies e1.
      
      - "let f (ghost x) = ... in f e1" no longer ghostifies e1.
      
      - new syntax: variables in program patterns may be marked ghost.
        In particular: "let x, ghost y = ...".
      
      - new syntax: the function result type may be written as a partially
        ghost tuple: "val f ... : ghost int" or "any (int, ghost bool)".
        The ghostness annotation is required for top-level and recursive
        functions.
      
      - exceptions can carry partially ghost tuples (API only, WIP)
      4c79348a
  18. 25 Nov, 2015 1 commit
  19. 15 Nov, 2015 1 commit
    • Andrei Paskevich's avatar
      Mlw: admit fields with mutable types in private records · f522e56e
      Andrei Paskevich authored
      this should not be problematic as long as these fields do not occur
      in the invariants (actual or refined). In other words, a value of
      a private type exists no matter what is stored in the field.
      
      Also, admit non-private mutable types without actual mutable fields.
      It is actually impossible to create a write effect for such types,
      and the only consequence of being mutable is that they are assigned
      a region, and so every value of such type can be tracked individually.
      One use case for this is a non-private record with an invariant,
      which either has fields with mutable types or has type parameters
      that we wish to instantiate with mutable types. If we modify these
      mutable components, this may break the record's invariant. Now, if
      the record itself is immutable (and thus has no associated region),
      then we must reestablish the invariant immediately, otherwise we
      lose track of the value. Even if this extra flexibility does not
      prove useful in the end, it seems to be harmless.
      
      Also, admit type definitions of the form
        type t 'a = (private|abstract)? mutable? {} invariant*
      which define private empty records (even if not declared private).
      
      Also, "type t 'a" is now equivalent to "type t 'a = private {}".
      f522e56e
  20. 13 Oct, 2015 1 commit
  21. 06 Oct, 2015 1 commit
  22. 21 Aug, 2015 3 commits
  23. 19 Aug, 2015 1 commit
    • Andrei Paskevich's avatar
      Parser: admit anonymous binders · eaed0078
      Andrei Paskevich authored
      In programs, we do not really care about unnamed typed variables,
      and it is convenient to write ((fun s _ -> s) : int -> bool -> int)
      in logical terms.
      eaed0078
  24. 11 Aug, 2015 1 commit
  25. 06 Aug, 2015 2 commits
  26. 30 Jul, 2015 1 commit
  27. 28 Jul, 2015 1 commit
  28. 16 Jul, 2015 3 commits
    • Andrei Paskevich's avatar
      Parser: refactoring · 78683f61
      Andrei Paskevich authored
      78683f61
    • Andrei Paskevich's avatar
      Parser: chained equivalence · 3912a062
      Andrei Paskevich authored
      Translate a chain of equivalences A <-> B <-> C into a conjunction
      (A <-> B) /\ (B <-> C). Implication is weaker than equivalence when
      it occurs to the left of it, and is forbidden at the right hand side.
      In other words, A -> B <-> C <-> D is allowed and translated into
      A -> ((B <-> C) /\ (C <-> D)), and A <-> B -> C is not allowed,
      and requires explicit parentheses.
      3912a062
    • David Hauzar's avatar
      Adding information about the line that corresponds to the VC check · 68b3134d
      David Hauzar authored
      to the counter-example model.
      
      This line must be marked with the label "model_vc".
      If VC line is postcondition, it can be marked with the label
      "model_func" or "model_func:func_name". Terms corresponding to
      old values of arguments will be marked with @old, term corresponding
      to the function result will be marked with @result or
      func_name@result if func_name was given.
      
      Pretty printing of model element names in counter-example.
      Possibility to print differently model elements corresponding to
      function result, old values of function arguments and other model
      elements.
      68b3134d
  29. 15 Jul, 2015 1 commit
    • Andrei Paskevich's avatar
      Parser: relation chaining is guided by the operator group · c67b99bd
      Andrei Paskevich authored
      All infix operations in the weakest priority group (those containing
      at least one of the characters '=', '<', '>', or '~') are considered
      non-associative and the chains (t1 OP t2 OP t3) are translated into
      conjunctions (t1 OP t2 /\ t2 OP t3).
      
      This does not concern implication '->' and equivalence '<->'
      which are right-associative. like the rest of propositional
      connectives.
      c67b99bd
  30. 02 Jul, 2015 2 commits
  31. 27 Jun, 2015 2 commits