GitLab

Split session in two :
Session : an API for managing session without running provers
Session_scheduler : an API for running provers asynchronously

All the global states have been removed.

A session must be first read, which give a session without task.
Afterward it must be updated to the current state of the files with
some environnement and configuration.

printer and iterator are provided for session.

Session_tools : some useful functions on session.

Smoke detector : not anymore integrated to session. Just add the
      transformation "smoke_detector_top" or "smoke_detector_deep" to
      all the valid proof attempt.

prover_id are not yet removed but all is in place in session for that.

Moreover,
- Coq realizations are disabled for Coq < 8.3 due to coqdep bugs,
- Whyconf.magicnumber is incremented to ensure coqc and coqide are called
  with -R,
- realizations for FP arithmetic are disabled if Flocq is missing.

Fix il/li tag

The smoke detector try to detect when a goal is proved
because the context is self contradicting.

The way it is configured in session is not very pretty.

(standalone executable why3realize)

also, introduce in Printer the p-printing transformations

meta "instantiate : auto" on as many terms as possible.

The transformation is rather naive, since it doesn't look for term
candidates under quantifiers, if-then-else, let-in, and so on. So it can
only appear late in the transformation pipe.

It is only enabled for Gappa and its target axioms are the ones that state
that any floating-point value is bounded. It was the last transformation
from Why2 still missing in Why3.

Thanks to this transformation, Gappa is now able to prove all the safety
obligations from the following code, including the ones about division and
downcast, which is definitely frightening.

/*@ assigns \nothing;
  @ ensures \result == \abs(x);
  @*/
extern double fabs(double x);

/*@ requires \valid(AB_Ptr) && \valid(CD_Ptr);
  @ assigns *AB_Ptr, *CD_Ptr;
  @ ensures \abs(*AB_Ptr) <= 6.111111e-2;
  @ ensures \abs(*CD_Ptr) <= 6.111111e-2;
  @ */
void limitValue(float *AB_Ptr, float *CD_Ptr)
{
   double Fabs_AB, Fabs_CD;
   double max;

   Fabs_AB = fabs (*AB_Ptr);
   Fabs_CD = fabs (*CD_Ptr);

   max = Fabs_AB;
   if (Fabs_CD > Fabs_AB)  max = Fabs_CD;

   if ( max > 6.111111e-2)
   {
      *AB_Ptr = (float) (((*AB_Ptr) * 6.111111e-2) / max);
      *CD_Ptr = (float) (((*CD_Ptr) * 6.111111e-2) / max);
   }
}

Prover capabilities are now represented by a record enumerating each case and which syntax to use then.
This fixes output of nondecimal integers to provers (bug #12981).

TODO: check whether some provers support more than just decimal representations.