I searched a little bit in the list of issues but did not find any that is relative to my problem.
The problem is that, in some cases "expl" attributes on invariants terms are lost when seeing the associated verifications conditions in the IDE, or when getting them back from the API via `Termcode.goal_expl_task`.
For example, in the following code:
```whyml
module Pb_invariant_attribute
use export ref.Ref
use export bool.Bool
val a : ref bool
val b : ref bool
val c : ref bool
let test ()
diverges
=
while (true)
do
invariant { [@expl:foo] (!a) }
invariant { [@expl:bar] (not (!b)) }
invariant { [@expl:bla] (not (not (!c))) }
done
end
```
After a split, VCs concerning `a` are labelled "Loop invariant init" and "Loop invariant preservation", while the ones concerning `b` and `c` are respectively labelled "bar" and "bla".
![bug_label](/uploads/6aa13685211a32590f46903741d45d3a/bug_label.PNG)
```
use int.Int
type t = { x : int }
with u = { y : t -> int; }
```
On the following example, Why3 complains about a non strictly positive occurrence of `t`, but I don't understand why it is problematic.

```
use int.Int
type t = { x : int }
with u = { y : t -> int; }
```

Obviously, in this simplified example, the recursive type definition is not needed, so there is an easy workaround. But in my general usecase (translating C programs to WhyML, including forward struct declarations and structs containing pointers to other structs), I will need recursive type definitions and this workaround will not apply. I don't understand the positivity criterion well enough to understand if what I'm doing is actually problematic or if the checker is being overzealous. @paskevyc maybe you can enlighten me?
```
use int.Int
type t = { x : int }
with u = { y : t -> int; }
```
Obviously, in this simplified example, the recursive type definition is not needed, so there is an easy workaround. But in my general usecase (translating C programs to WhyML, including forward struct declarations and structs containing pointers to other structs), I will need recursive type definitions and this workaround will not apply. I don't understand the positivity criterion well enough to understand if what I'm doing is actually problematic or if the checker is being overzealous. @paskevyc maybe you can enlighten me?https://gitlab.inria.fr/why3/why3/-/issues/557Build a glossary of error messages2021-02-23T08:52:54ZMARCHE ClaudeBuild a glossary of error messagesThere are quite a lot of possible error messages from Why3, in particular from typing. It would help beginners, and indeed all users, if all these messages where explained in the manual, hopefully with examples.
There are quite a lot of possible error messages from Why3, in particular from typing. It would help beginners, and indeed all users, if all these messages where explained in the manual, hopefully with examples.

Note: there should be at least one example exhibiting each error message anyway, in `bench/typing/bad'
Unused variable

On this small program
```ocaml
module Global_logic_declarations
use mach.int.Int32
use ref.Ref
type s = {
a_from_struct_S : Int32.int32
}
let rec f () : Int32.int32
ensures { result = 12 }
=
let x = (Ref.ref (any s) : Ref.ref s) in
Ref.(:=) x { (Ref.(!) x) with a_from_struct_S = 12 };
(Ref.(!) x).a_from_struct_S
end
```
Why3 tells me
```
warning: unused variable q
Ref.(:=) x { (Ref.(!) x) with a_from_struct_S = 12 };
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
```
Support for string and printing function in `why3 execute` could provide simple debugging features.

See also #554
See also #5541.5.0https://gitlab.inria.fr/why3/why3/-/issues/554Document the modulo `io`, document printing capabilities2021-02-19T16:25:10ZMARCHE ClaudeDocument the modulo `io`, document printing capabilitiesDocument, and export it to [Stdlib online doc](http://why3.lri.fr/stdlib/)
Document, and export it to [Stdlib online doc](http://why3.lri.fr/stdlib/)

Also, document how to print in the manual
Also, document how to print in the manual1.5.0https://gitlab.inria.fr/why3/why3/-/issues/553Broken uninstalled prover window2021-02-19T12:06:29ZRaphaël Rieu-HelftBroken uninstalled prover windowOn the most recent master (b6ed3c1b), I opened the IDE, made the goals obsolete with `o`, and attempted to replay the proof where one of the provers was uninstalled (examples/multiprecision/sqrt.mlw without Alt-Ergo 2.2.0). The uninstalled prover window was broken (screenshot below), and all choices except "remove these proofs from session" triggered a fatal assertion (line 1402 of `gconfig.ml`).
On the most recent master (b6ed3c1b), I opened the IDE, made the goals obsolete with `o`, and attempted to replay the proof where one of the provers was uninstalled (examples/multiprecision/sqrt.mlw without Alt-Ergo 2.2.0). The uninstalled prover window was broken (screenshot below), and all choices except "remove these proofs from session" triggered a fatal assertion (line 1402 of `gconfig.ml`).

![uninstalled_prover](/uploads/8f66ee7c4877a715c2c02521ddd3c0dd/uninstalled_prover.png)
![uninstalled_prover](/uploads/8f66ee7c4877a715c2c02521ddd3c0dd/uninstalled_prover.png)https://gitlab.inria.fr/why3/why3/-/issues/552RFC: binders for tuple components in function prototype2021-02-11T09:43:19ZJean-Christophe FilliâtreRFC: binders for tuple components in function prototypeIt would be useful if we could name tuple components in function prototypes e.g.
```
val f (x: int, y: int) : (r: int)
requires { x < 0 && y > 0 }
ensures { r = x + y }
```
Currently, we have to bind the tuple and then decompose it in every clause of the contract:
```
val f (p: (int, int)) : (r: int)
requires { let x, y = p in x < 0 && y > 0 }
ensures { let x, y = p in r = x + y }
Add support for Z3 4.8.7 to 4.8.10 :
https://github.com/Z3Prover/z3/releases
Add support for Z3 4.8.7 to 4.8.10 :
https://github.com/Z3Prover/z3/releases
why3 config --detect --full-config
....
```
use ieee_float.Float64
let rec f (a : Float64.t): Float64.t
ensures { result = (-1. : Float64.t) }
= a
```
The literal `(-1. : Float64.t)` is represented by `(fp #b1 #b00000000000 #b1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)` in the file generated for CVC4 and Z3.
```
lemma a: forall xs. hs -> p [variant { v }] [do t done] [with …]
```
This automatically generates:
```
let [rec] lemma a'apply xs requires { hs } ensures { p } [variant {v}] = begin t end
[with …]
Consider an inductive predicate `P` as follows:
```
inductive p xs = A: forall ys. hs -> p es | ...
```
The idea is to automatically generate the following items:
- `type p'witness = A ys | ...` witnessing the universally quantified variables obtained to build a proof of `p` with each constructor
- `val ghost function p'proof xs : p'witness` returns, under precondition `p xs`, a witness of its (minimal) proof.
- `val ghost function p'induction xs : int` returns a (decreasing) variant over the proof of `p xs`.
The post condition of `p'proof xs` introduces, for each witness constructor `A ys` the hypotheses `hs` and the associated unifications of `es` and `xs`, together with strictly decreasing variants of `p'induction` for any sub-proofs of `p` in `hs`.
A complete example of how this can be used in practice is provided here:
- [ind.mlw](/uploads/a336611a3844c6a68dcbc8debfa44960/ind.mlw): full example of use of the generated symbols
(including also why3/why3#547 although it is not necessary…).
- [ind_gen.mlw](/uploads/d42763ecbdab345676b472d7d8fecdb6/ind_gen.mlw): the full exemple together with the (axiomatized) generated symbols, that makes the lemma proof automatically discharged easily.
- [ind.v](/uploads/042c16623daa356c4ef5ef0b792d3e06/ind.v): a Coq realization of the generated symbols of the example using destruction of the inductive predicate in `Type` (we can not realize modules... yet, although it shall look like this).
> why3 execute foo.mlw --use mach.int.Int31 "10000000 * 100000000"
result: int31 = 1000000000000000
globals:
```
use int.Int
use int.ComputerDivision
goal g : div 1 0 = 0
```
the transformation `compute_in_goal` solves the goal, which is incorrect.
> why3 execute foo.mlw --use mach.int.UInt64 "0 - 1"
anomaly: Not_found
``````console
> why3 execute empty.mlw --use int.ComputerDivision "div 1 0"
result: int = 0
globals:
``````console
