1. 20 Aug, 2019 1 commit
    • DAILLER Sylvain's avatar
      Generalization of check_unused_vars to logic and program decl · f91bb58b
      DAILLER Sylvain authored
      Description:
      - Choice was made to not add unused variables when there is no contract
        and no body (no pre/(x)post, and no body).
      - For postcondition variable result, we only check variables that are not
        of unit type. And, we report a warning only if the variable is not present
        in all the ensures.
      - For result variable, with several imbricated raise, it seems possible to
        have false positive with no location. Removing the no location case which
        seems unhelpful anyway
      f91bb58b
  2. 15 May, 2019 1 commit
  3. 11 Feb, 2019 1 commit
  4. 24 Oct, 2018 1 commit
  5. 23 Oct, 2018 1 commit
  6. 21 Oct, 2018 1 commit
    • Andrei Paskevich's avatar
      WhyML: reference variables · 79f564bd
      Andrei Paskevich authored
      caveat: pass-as-reference does not work in chain relations.
              That is, 0 < r += 12 will not typecheck even
              if x is autodereferencing and (+=) has the
              first parameter with the reference marker.
      
      todo: forbid reference markers in logic, in type definitions,
            over logical symbols, etc.
      
      todo: update extraction drivers.
            why3.Ref.Ref defines
              - type "ref",
              - constructor "mk ref" (never used in Typing)
              - projection "contents" (both val and function)
              - program function "ref" (alias for "mk ref")
            ref.Ref defines
              - let-function (!)
              - program function (:=)
      
            It is important to attribute the symbols to their
            respective modules, since a program with reference
            variables may never use ref.Ref and why3.Ref.Ref
            is imported automatically.
      79f564bd
  7. 17 Oct, 2018 2 commits
    • Andrei Paskevich's avatar
      Dexpr: forbid mutable let-constants · 96933489
      Andrei Paskevich authored
      "let constant x = ref 0" is okay internally (each mention
      of x is a separate application and thus separate allocation),
      but this becomes just too confusing in the surface language.
      96933489
    • Andrei Paskevich's avatar
      Dexpr: forbid mutable let-constants · e55f2b35
      Andrei Paskevich authored
      "let constant x = ref 0" is okay internally (each mention
      of x is a separate application and thus separate allocation),
      but this becomes just too confusing in the surface language.
      e55f2b35
  8. 11 Oct, 2018 2 commits
  9. 04 Oct, 2018 1 commit
  10. 28 Sep, 2018 1 commit
    • Raphael Rieu-Helft's avatar
      Add support for partial functions · 17ed1270
      Raphael Rieu-Helft authored
      Program functions can be declared as partial with "let/val partial".
      Similarly to "diverges", partial code cannot be ghost, however it does not need to be
      explicitly specified as partial.
      
      Fixes #184.
      17ed1270
  11. 27 Sep, 2018 1 commit
  12. 24 Aug, 2018 1 commit
  13. 17 Jun, 2018 1 commit
    • Andrei Paskevich's avatar
      Vc: handle missing "diverges" in Vc, not in Dexpr · 3e802ac9
      Andrei Paskevich authored
      On a missing "diverges", Vc emits a warning and adds
      a "false" sub-goal at the location of the non-terminating
      loop or function call. The explanation on this sub-goal is
      "termination", but should probably be "termination (failure)".
      
      The "diverges" clase propagates downwards: if it is put on
      the top-level function, there is no need to repeat it on local
      functions or abstract blocks.
      3e802ac9
  14. 07 Jun, 2018 1 commit
    • Andrei Paskevich's avatar
      WhyML: allow return types with names: f (a:int) : (x: int, ghost y: int) · 0ffeb3d4
      Andrei Paskevich authored
      These names are only visible under "ensures" but not under "returns".
      If the result is named, the special variable "result" is not used.
      In a tuple, either each component should be named, or none at all.
      Underscores are allowed. Parentheses around the return type are required.
      Each name must be given its own type: "f () : (x y: int)" is rejected.
      Identifiers without cast are treated as types, not as names.
      To name the result without giving its type, use "returns".
      0ffeb3d4
  15. 01 Jun, 2018 1 commit
  16. 31 May, 2018 1 commit
  17. 17 May, 2018 1 commit
  18. 15 May, 2018 1 commit
  19. 21 Mar, 2018 1 commit
    • Guillaume Melquiond's avatar
      Homogenize constructor names. · 6ef0273e
      Guillaume Melquiond authored
      The pattern-matching construct in the logic is now systematically named
      "Tcase" in constructors (Ptree.Tmatch -> Tcase). The one in the
      programs (supporting exceptions) is now systematically named "Ematch"
      (Expr.Ecase -> Ematch, Dexpr.DEcase -> DEmatch). They are now homogeneous
      with the other constructors: Term.Tcase, Dterm.DTcase, Ptree.Ematch,
      Mltree.Ematch. Smart constructor Expr.e_case was renamed accordingly.
      6ef0273e
  20. 20 Mar, 2018 2 commits
  21. 15 Mar, 2018 1 commit
  22. 11 Jan, 2018 1 commit
  23. 13 Dec, 2017 1 commit
  24. 01 Dec, 2017 1 commit
  25. 24 Nov, 2017 1 commit
  26. 20 Nov, 2017 1 commit
  27. 27 Jun, 2017 1 commit
  28. 22 Jun, 2017 1 commit
  29. 16 Jun, 2017 2 commits
    • Andrei Paskevich's avatar
      alias specification: reviewed · f23ed837
      Andrei Paskevich authored
      f23ed837
    • Andrei Paskevich's avatar
      WhymL: break and continue · df239061
      Andrei Paskevich authored
      Without an argument, break and continue refer to the innermost loop.
      A label put over an expression sequence starting with a loop, can be
      used as an optional argument for break and continue:
      
        label L in
        [ghost] ["tag"] [M.begin]
          while true do
            ...
            break L
            ...
          done;
          [...]
        [end] [: unit]
      
      In the square brackets are listed the constructions allowed between
      the label declaration and the loop expression.
      df239061
  30. 13 Jun, 2017 1 commit
  31. 11 Jun, 2017 1 commit
  32. 10 Jun, 2017 5 commits
    • Andrei Paskevich's avatar
      37384819
    • Andrei Paskevich's avatar
      minor fixes · 16f8a21a
      Andrei Paskevich authored
      16f8a21a
    • Andrei Paskevich's avatar
      Dexpr: warn if a logical symbol is used outside ghost context · 2f6f9ac4
      Andrei Paskevich authored
      This may produce false positives in cases like
      
        let x, ghost y = true, 3 + 42 (* (+) is logical here *)
      
      The use of curly braces will suppress the warning (TODO).
      Otherwise, this behaves reasonably well: there were only
      two warnings inside examples/, both valid.
      2f6f9ac4
    • Andrei Paskevich's avatar
      9dd49b36
    • Andrei Paskevich's avatar
      Mlw: slightly generalize the rules for overloading · 084211c1
      Andrei Paskevich authored
      A symbol is now considered overloadable if it satisfies
      the following conditions:
        - it has at least one parameter
        - it is non-ghost and has fully visible result
        - all of its parameters are non-ghost and have the same type
        - its result is either of the same type as its parameters
          or it is a monomorphic immutable type.
      
      An overloadable symbol can be combined with other symbols of the
      same arity and overloading kind. Otherwise, the new symbol shadows
      the previously defined ones.
      
      This generalisation allows us to overload symbols such as "size"
      or "length", and also symbols of arbitraty non-zero arity.
      
      I am reluctant to generalize this any further, because then we
      won't have reasonable destructible signatures for type inference.
      084211c1