Commit 11598d2b authored by Andrei Paskevich's avatar Andrei Paskevich

simplify copyright headers

+ create AUTHORS file
+ fix the linking exception in LICENSE
+ update the "About" in IDE
+ remove the trailing whitespace
+ inflate my scores at Ohloh
parent ecc1e64d
The Why3 Verification Platform is developed by
François Bobot
Jean-Christophe Filliâtre
Claude Marché
Guillaume Melquiond
Andrei Paskevich
with contributions of
Sylvie Boldo
Simon Cruanes
Leon Gondelman
Johannes Kanig
David Mentré
Benjamin Monate
Thi-Minh-Tuyen Nguyen
Simão Melo de Sousa
Asma Tafat-Bouzid
The Library is distributed under the terms of the GNU Library General
Public License version 2.1 (included below).
The Library is distributed under the terms of the GNU Lesser General
Public License version 2.1 (included below).
As a special exception to the GNU Library General Public License, you
As a special exception to the GNU Lesser General Public License, you
may link, statically or dynamically, a "work that uses the Library"
with a publicly distributed version of the Library to produce an
executable file containing portions of the Library, and distribute
that executable file under terms of your choice, without any of the
additional requirements listed in clause 6 of the GNU Library General
Public License. By "a publicly distributed version of the Library", we
mean either the unmodified Library as distributed, or a
modified version of the Library that is distributed under the
conditions defined in clause 3 of the GNU Library General Public
License. This exception does not however invalidate any other reasons
why the executable file might be covered by the GNU Library General
Public License.
executable file containing portions of the Library, and distribute that
executable file under terms of your choice, without any of the additional
requirements listed in clause 6 of the GNU Lesser General Public License.
By "a publicly distributed version of the Library", we mean either the
unmodified Library as distributed by the authors, or a modified version
of the Library that is distributed under the conditions defined in clause
3 of the GNU Lesser General Public License. This exception does not
however invalidate any other reasons why the executable file might be
covered by the GNU Lesser General Public License.
======================================================================
......
##########################################################################
# #
# Copyright (C) 2010-2012 #
# François Bobot #
# Jean-Christophe Filliâtre #
# Claude Marché #
# Guillaume Melquiond #
# Andrei Paskevich #
# #
# This software is free software; you can redistribute it and/or #
# modify it under the terms of the GNU Library General Public #
# License version 2.1, with the special exception on linking #
# described in file LICENSE. #
# #
# This software is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. #
# #
##########################################################################
####################################################################
# #
# The Why3 Verification Platform / The Why3 Development Team #
# Copyright 2010-2012 -- INRIA - CNRS - Paris-Sud University #
# #
# This software is distributed under the terms of the GNU Lesser #
# General Public License version 2.1, with the special exception #
# on linking described in file LICENSE. #
# #
####################################################################
include Version
......@@ -1525,20 +1516,6 @@ headers:
headache -c misc/headache_config.txt -h misc/header.txt \
Makefile.in configure.in src/*.ml* src/*/*.ml* \
plugins/*/*.ml* src/tools/cpulimit.c
headache -c misc/headache_config.txt -h misc/header_gm.txt \
src/transform/abstraction.ml* \
src/transform/instantiate_predicate.ml* \
src/transform/simplify_formula.ml* \
src/printer/print_number.ml* \
src/printer/gappa.ml*
headache -c misc/headache_config.txt -h misc/header_jk.txt \
src/transform/close_epsilon.ml* \
src/transform/lift_epsilon.ml*
headache -c misc/headache_config.txt -h misc/header_sc.txt \
plugins/transform/hypothesis_selection.ml*
sed -i -f misc/fixnames.sed -- \
Makefile.in configure.in src/*.ml* src/*/*.ml* \
plugins/*/*.ml* src/tools/cpulimit.c
#########
# myself
......
##########################################################################
# #
# Copyright (C) 2010-2012 #
# François Bobot #
# Jean-Christophe Filliâtre #
# Claude Marché #
# Guillaume Melquiond #
# Andrei Paskevich #
# #
# This software is free software; you can redistribute it and/or #
# modify it under the terms of the GNU Library General Public #
# License version 2.1, with the special exception on linking #
# described in file LICENSE. #
# #
# This software is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. #
# #
##########################################################################
####################################################################
# #
# The Why3 Verification Platform / The Why3 Development Team #
# Copyright 2010-2012 -- INRIA - CNRS - Paris-Sud University #
# #
# This software is distributed under the terms of the GNU Lesser #
# General Public License version 2.1, with the special exception #
# on linking described in file LICENSE. #
# #
####################################################################
#
# autoconf input for Objective Caml programs
......
......@@ -114,24 +114,24 @@ theory DoubleOfInt
lemma jpxorx_pos: forall x:int. x>=0 -> BV32.nth (BV32.bw_xor j' (BV32.from_int2c x)) 31 = True
lemma from_int2c_to_nat_sub_pos:
forall i:int. 0 <= i <= 31 ->
forall x:int. 0 <= x < Pow2int.pow2 i ->
forall i:int. 0 <= i <= 31 ->
forall x:int. 0 <= x < Pow2int.pow2 i ->
BV32.to_nat_sub (BV32.from_int2c x) (i-1) 0 = x
lemma lemma1_pos : forall x:int. is_int32 x /\ x >= 0 ->
lemma lemma1_pos : forall x:int. is_int32 x /\ x >= 0 ->
BV32.to_nat_sub (jpxor x) 31 0 = Pow2int.pow2 31 + x
(* case x < 0 *)
lemma jpxorx_neg: forall x:int. x<0 ->
lemma jpxorx_neg: forall x:int. x<0 ->
BV32.nth (BV32.bw_xor j' (BV32.from_int2c x)) 31 = False
lemma from_int2c_to_nat_sub_neg:
forall i:int. 0 <= i <= 31 ->
forall x:int. -Pow2int.pow2 i <= x < 0 ->
forall i:int. 0 <= i <= 31 ->
forall x:int. -Pow2int.pow2 i <= x < 0 ->
BV32.to_nat_sub (BV32.from_int2c x) (i-1) 0 = Pow2int.pow2 i + x
lemma lemma1_neg : forall x:int. is_int32 x /\ x < 0 ->
lemma lemma1_neg : forall x:int. is_int32 x /\ x < 0 ->
BV32.to_nat_sub (jpxor x) 31 0 = Pow2int.pow2 31 + x
(**** old
......@@ -146,8 +146,8 @@ theory DoubleOfInt
*)
lemma from_int2c_to_nat_sub_gen:
forall i:int. 0 <= i <= 30 ->
forall x:int. 0 <= x < Pow2int.pow2 i ->
forall i:int. 0 <= i <= 30 ->
forall x:int. 0 <= x < Pow2int.pow2 i ->
BV32.to_nat_sub (BV32.from_int2c x) (i-1) 0 = x
lemma from_int2c_to_nat_sub:
......@@ -181,14 +181,14 @@ theory DoubleOfInt
BV64.nth (var x) i = BV32.nth (jpxor x) i
lemma to_nat_bv32_bv64_aux: forall b1:BV32.bv. forall b2:BV32.bv. forall j:int. 0<=j<32-> BV64.to_nat_sub (BV32_64.concat b1 b2) j 0 = BV32.to_nat_sub b2 j 0
lemma to_nat_bv32_bv64: forall b1:BV32.bv. forall b2:BV32.bv. BV64.to_nat_sub (BV32_64.concat b1 b2) 31 0 = BV32.to_nat_sub b2 31 0
lemma to_nat_var_0_31: forall x:int. is_int32(x) ->
BV64.to_nat_sub (var x) 31 0 = BV32.to_nat_sub (jpxor x) 31 0
lemma nth_var32to63:
forall x k:int. 32 <= k <= 63 -> BV64.nth (var x) k = BV32.nth j (k - 32)
lemma nth_var3: forall x:int. forall i:int. 32 <= i <= 51 -> BV64.nth (var x) i = False
lemma lemma2 : forall x:int. is_int32 x -> mantissa(var(x)) = Pow2int.pow2 31 + x
(*********************************************************************)
......
theory Stmt "some_statement"
use import real.Real
use import floating_point.Rounding
use import floating_point.Single
......
theory T
type t 'a = A 'a | B
function f () : ()
function f () : ()
goal g : () = f ()
......
......@@ -14,7 +14,7 @@ theory Th2
goal foo : false
end
end
theory Th3
......
......@@ -23,7 +23,7 @@ theory Einstein "Einstein's problem"
type drink = Beer | Coffee | Milk | Tea | Water
type cigar = Blend | BlueMaster | Dunhill | PallMall | Prince
type pet = Birds | Cats | Dogs | Fish | Horse
(* Each house is associated bijectively to a color and a person *)
clone Bijection as Color with type t = house, type u = color
clone Bijection as Owner with type t = house, type u = person
......@@ -36,9 +36,9 @@ theory Einstein "Einstein's problem"
(* Relative positions of the houses *)
predicate leftof (h1 h2 : house) =
match h1, h2 with
| H1, H2
| H2, H3
| H3, H4
| H1, H2
| H2, H3
| H3, H4
| H4, H5 -> true
| _ -> false
end
......@@ -79,7 +79,7 @@ theory EinsteinClues "Clues"
axiom Clue9: Owner.of H1 = Norwegian
(* The man who smokes Blends lives next to the one who has cats *)
axiom Clue10: neighbour
axiom Clue10: neighbour
(Owner.to_ (Cigar.to_ Blend)) (Owner.to_ (Pet.to_ Cats))
(* The man who owns a horse lives next to the one who smokes Dunhills *)
......@@ -123,13 +123,13 @@ theory Goals "Goals about Einstein's problem"
lemma Yellow_H1 : Color.of H1 = Yellow
*)
goal G1: Pet.to_ Fish = German
goal Wrong: Pet.to_ Cats = Swede
goal Wrong: Pet.to_ Cats = Swede
goal G2: Pet.to_ Cats = Norwegian
end
(*
Local Variables:
Local Variables:
compile-command: "make -C .. examples/einstein.gui"
End:
End:
*)
......@@ -4,7 +4,7 @@ theory Genealogy
type person
type gender = Male | Female
function gender person : gender
function father person : person
......@@ -20,7 +20,7 @@ theory Genealogy
predicate child (c : person) (p : person) = parent p c
goal Child_is_son_or_daughter:
goal Child_is_son_or_daughter:
forall c p : person. child c p <-> son c p \/ daughter c p
predicate sibling (p1 : person) (p2 : person) =
......@@ -45,14 +45,14 @@ theory Genealogy
goal Grandparent_is_grandfather_or_grandmother:
forall g p : person. grandparent g p <-> grandfather g p \/ grandmother g p
goal Grandfather_male:
goal Grandfather_male:
forall g p : person. grandfather g p -> gender g = Male
goal Grandmother_female:
goal Grandmother_female:
forall g p : person. grandmother g p -> gender g = Female
goal Only_two_grandfathers:
forall g1 g2 g3 p : person.
grandfather g1 p ->
grandfather g1 p ->
grandfather g2 p ->
grandfather g3 p ->
(g1 = g2 \/ g2 = g3 \/ g1 = g3)
......
......@@ -18,9 +18,9 @@ type value = Vvoid | Vint int | Vbool bool
type operator = Oplus | Ominus | Omult | Ole
(** ident for imutable variable*)
type ident
type ident
constant result : ident
constant result : ident
type term =
| Tvalue value
......@@ -86,13 +86,13 @@ predicate eval_fmla (sigma:env) (pi:stack) (f:fmla) =
| Fand f1 f2 -> eval_fmla sigma pi f1 /\ eval_fmla sigma pi f2
| Fnot f -> not (eval_fmla sigma pi f)
| Fimplies f1 f2 -> eval_fmla sigma pi f1 -> eval_fmla sigma pi f2
| Flet x t f ->
| Flet x t f ->
eval_fmla sigma (Cons (x,eval_term sigma pi t) pi) f
| Fforall x TYint f ->
| Fforall x TYint f ->
forall n:int. eval_fmla sigma (Cons (x,Vint n) pi) f
| Fforall x TYbool f ->
forall b:bool. eval_fmla sigma (Cons (x,Vbool b) pi) f
| Fforall x TYunit f -> eval_fmla sigma (Cons (x,Vvoid) pi) f
| Fforall x TYunit f -> eval_fmla sigma (Cons (x,Vvoid) pi) f
end
(** substitution of a reference [r] by a logic variable [v]
......
......@@ -171,7 +171,7 @@ inductive type_expr type_env type_stack expr datatype =
type_expr sigma pi e1 TYbool ->
type_expr sigma pi e2 ty ->
type_expr sigma pi e3 ty ->
type_expr sigma pi (Eif e1 e2 e3) ty
type_expr sigma pi (Eif e1 e2 e3) ty
| Type_eassert :
forall sigma: type_env, pi:type_stack, p:fmla.
type_fmla sigma pi p ->
......@@ -372,7 +372,7 @@ lemma let_implies :
forall id:ident, t:term, p q:fmla.
valid_fmla (Fimplies p q) ->
valid_fmla (Fimplies (Flet id t p) (Flet id t q))
predicate fresh_in_expr (id:ident) (e:expr) =
match e with
| Evalue _ -> true
......@@ -652,12 +652,12 @@ end
theory Simpl_tautology
predicate p
predicate p
predicate q
lemma simpl_tautology :
lemma simpl_tautology :
(p -> q) <-> (p /\ q <-> p)
end
(** {2 WP calculus} *)
......@@ -792,17 +792,17 @@ predicate expr_writes (e:expr) (w:Set.set mident) =
forall e:expr. not (is_value e) \/ exists v:value. e = Evalue v
lemma bool_value:
forall v:value, sigmat: type_env, pit:type_stack.
forall v:value, sigmat: type_env, pit:type_stack.
type_expr sigmat pit (Evalue v) TYbool ->
(v = Vbool False) \/ (v = Vbool True)
lemma unit_value:
forall v:value, sigmat: type_env, pit:type_stack.
type_expr sigmat pit (Evalue v) TYunit -> v = Vvoid
forall v:value, sigmat: type_env, pit:type_stack.
type_expr sigmat pit (Evalue v) TYunit -> v = Vvoid
lemma progress:
forall e:expr, sigma:env, pi:stack, sigmat: type_env, pit: type_stack, ty: datatype, q:fmla.
type_expr sigmat pit e ty ->
type_expr sigmat pit e ty ->
type_fmla sigmat (Cons(result, ty) pit) q ->
eval_fmla sigma pi (wp e q) -> not is_value e ->
exists sigma':env, pi':stack, e':expr.
......
......@@ -806,7 +806,7 @@ predicate stmt_writes (s:stmt) (w:Set.set mident) =
sigma,pi |= (wp s p) -> (wp s q)
meme contre-exemple: sigma(x) = 42 alors true -> x=42
mais
mais
wp (x := 7) true = true
wp (x := 7) x=42 = 7=42
*)
......
......@@ -30,7 +30,7 @@ axiom mident_decide :
(** ident for immutable variables *)
type ident = { ident_index : int }
constant result : ident
axiom ident_decide :
......@@ -134,7 +134,7 @@ function get_vartype (i:ident) (pi:type_stack) : datatype =
| Cons (x,ty) r -> if x=i then ty else get_vartype i r
end
type type_env = IdMap.map mident datatype (* map global mutable variables to their type *)
function get_reftype (i:mident) (e:type_env) : datatype = IdMap.get e i
......@@ -335,7 +335,7 @@ function msubst_term (t:term) (r:mident) (v:ident) : term =
| Tvalue _ | Tvar _ -> t
| Tderef x -> if r = x then mk_tvar v else t
| Tbin t1 op t2 ->
mk_tbin (msubst_term t1 r v) op (msubst_term t2 r v)
mk_tbin (msubst_term t1 r v) op (msubst_term t2 r v)
end
function subst_term (t:term) (r:ident) (v:ident) : term =
......@@ -359,7 +359,7 @@ lemma fresh_in_binop:
forall t t':term, op:operator, v:ident.
fresh_in_term v (mk_tbin t op t') ->
fresh_in_term v t /\ fresh_in_term v t'
(* lemma eval_subst_term: *)
(* forall sigma:env, pi:stack, e:term, x:ident, v:ident. *)
(* fresh_in_term v e -> *)
......@@ -506,10 +506,10 @@ predicate fresh_in_expr (id:ident) (e:expr) =
match e with
| Evalue _ -> true
| Ebin e1 op e2 -> fresh_in_expr id e1 /\ fresh_in_expr id e2
| Evar v -> id <> v
| Evar v -> id <> v
| Ederef _ -> true
| Eassign x e -> fresh_in_expr id e
| Eseq e1 e2 -> fresh_in_expr id e1 /\ fresh_in_expr id e2
| Eseq e1 e2 -> fresh_in_expr id e1 /\ fresh_in_expr id e2
| Elet v e1 e2 -> id <> v /\ fresh_in_expr id e1 /\ fresh_in_expr id e2
| Eif e1 e2 e3 -> fresh_in_expr id e1 /\ fresh_in_expr id e2 /\ fresh_in_expr id e3
| Eassert f -> fresh_in_fmla id f
......@@ -889,7 +889,7 @@ predicate expr_writes (s:expr) (w:Set.set mident) =
forall s:expr, sigma:env, pi:stack, p q:fmla.
(eval_fmla sigma pi (wp s p)) /\
(eval_fmla sigma pi (wp s q)) ->
eval_fmla sigma pi (wp s (Fand p q))
eval_fmla sigma pi (wp s (Fand p q))
lemma wp_reduction:
forall sigma sigma':env, pi pi':stack, s s':expr.
......@@ -908,20 +908,20 @@ predicate expr_writes (s:expr) (w:Set.set mident) =
forall e:expr. not (is_value e) \/ exists v:value. e = Evalue v
lemma bool_value:
forall v:value, sigmat: type_env, pit:type_stack.
forall v:value, sigmat: type_env, pit:type_stack.
type_expr sigmat pit (Evalue v) TYbool ->
(v = Vbool False) \/ (v = Vbool True)
lemma unit_value:
forall v:value, sigmat: type_env, pit:type_stack.
type_expr sigmat pit (Evalue v) TYunit -> v = Vvoid
forall v:value, sigmat: type_env, pit:type_stack.
type_expr sigmat pit (Evalue v) TYunit -> v = Vvoid
lemma progress:
forall e:expr, sigma:env, pi:stack, sigmat: type_env, pit: type_stack, ty: datatype, q:fmla.
type_expr sigmat pit e ty ->
type_expr sigmat pit e ty ->
type_fmla sigmat (Cons(result, ty) pit) q ->
not is_value e ->
eval_fmla sigma pi (wp e q) ->
eval_fmla sigma pi (wp e q) ->
exists sigma':env, pi':stack, e':expr.
one_step sigma pi e sigma' pi' e'
......
......@@ -181,7 +181,7 @@ inductive one_step env stack stmt env stack stmt =
(** many steps of execution *)
inductive many_steps env stack stmt env stack stmt int =
| many_steps_refl: forall sigma:env, pi:stack, s:stmt.
| many_steps_refl: forall sigma:env, pi:stack, s:stmt.
many_steps sigma pi s sigma pi s 0
| many_steps_trans: forall sigma1 sigma2 sigma3:env, pi1 pi2 pi3:stack, s1 s2 s3:stmt, n:int.
one_step sigma1 pi1 s1 sigma2 pi2 s2 ->
......
......@@ -173,7 +173,7 @@ predicate eval_fmla (s:state) (f:fmla) =
| Fnot f -> not (eval_fmla s f)
end
(* substitution *)
(* substitution *)
function subst_expr (e:expr) (x:ident) (t:expr) : expr =
match e with
......
......@@ -174,7 +174,7 @@ predicate eval_fmla (s:state) (f:fmla) =
| Fimplies f1 f2 -> eval_fmla s f1 -> eval_fmla s f2
end
(* substitution *)
(* substitution *)
function subst_expr (e:expr) (x:ident) (t:expr) : expr =
match e with
......
......@@ -443,7 +443,7 @@ predicate stmt_writes (i:stmt) (w:Set.set ident) =
(abstract_effects i
(Fand
(Fimplies (Fand (Fterm e) inv) (wp i inv))
(Fimplies (Fand (Fnot (Fterm e)) inv) q)))
(Fimplies (Fand (Fnot (Fterm e)) inv) q)))
end
......
......@@ -221,7 +221,7 @@ inductive one_step env env expr env env expr =
| one_step_while:
forall sigma pi:env, e:expr, inv:fmla, e':expr.
one_step sigma pi (Ewhile e inv e') sigma pi
one_step sigma pi (Ewhile e inv e') sigma pi
(Eif e (Eseq e' (Ewhile e inv e')) void)
(***
......@@ -500,7 +500,7 @@ predicate expr_writes (i:expr) (w:Set.set ident) =
(abstract_effects i
(Fand
(Fimplies (Fand (Fterm e) inv) (wp i inv))
(Fimplies (Fand (Fnot (Fterm e)) inv) q)))
(Fimplies (Fand (Fnot (Fterm e)) inv) q)))
end
{ valid_triple result i q }
......
......@@ -72,7 +72,7 @@ lemma get_stack_eq:
lemma get_stack_neq:
forall x i:ident, v:value, r:stack.
x <> i -> get_stack i (Cons (x,v) r) = get_stack i r
x <> i -> get_stack i (Cons (x,v) r) = get_stack i r
function eval_term (sigma:env) (pi:stack) (t:term) : value =
match t with
......@@ -407,7 +407,7 @@ lemma consequence_rule:
valid_triple p' e q'
lemma value_rule:
forall q:fmla, v:value.
forall q:fmla, v:value.
valid_triple (vsubst q result (Tvalue v)) (Evalue v) q
lemma assign_rule:
......
......@@ -360,7 +360,7 @@ module WP
Fand inv
((*Fforall*) (Fand
(Fimplies (Fand (Fterm e) inv) (wp i inv))
(Fimplies (Fand (Fnot (Fterm e)) inv) q)))
(Fimplies (Fand (Fnot (Fterm e)) inv) q)))
end
......
......@@ -4,7 +4,7 @@ theory LagrangeInequality
(*
sum_squares a \times sum_squares b = (scalar product a.b)^2 +
sum_squares a \times sum_squares b = (scalar product a.b)^2 +
sum {1 <= i <j <=n} (a_i b_j - a_j b_i)^2
*)
......
......@@ -14,10 +14,10 @@ theory Bidule
goal Inter : forall s1 s2 : s. forall x : a.
mem x (inter s1 s2) -> (mem x s1 /\ mem x s2)
goal Union_inter : forall s1 s2 s3 : s.
goal Union_inter : forall s1 s2 s3 : s.
equal (inter (union s1 s2) s3) (union (inter s1 s3) (inter s2 s3))
lemma Union_assoc : forall s1 s2 s3 : s.
lemma Union_assoc : forall s1 s2 s3 : s.
equal (union (union s1 s2) s3) (union s1 (union s2 s3))
clone algebra.Assoc with type t = s, function op = union, goal Assoc
......
......@@ -30,13 +30,13 @@ theory SortedList
forall x y : t, l : list t.
x <= y -> sorted (Cons y l) -> sorted (Cons x (Cons y l))
lemma sorted_inf:
forall x y: t, l: list t. x <= y -> sorted (Cons y l) ->
sorted (Cons x l)
lemma sorted_inf:
forall x y: t, l: list t. x <= y -> sorted (Cons y l) ->
sorted (Cons x l)
lemma sorted_mem:
forall x: t, l: list t. sorted (Cons x l) ->
lemma sorted_mem:
forall x: t, l: list t. sorted (Cons x l) ->
forall y: t. mem y l -> x <= y
(* by induction on l *)
......
......@@ -5,10 +5,10 @@ theory T
goal g_no_lab : forall x:int. x >= 42 -> x + 3 <= 50
goal g_lab0 : forall x "model:0":int. ("model:cond" x >= 42) ->
goal g_lab0 : forall x "model:0":int. ("model:cond" x >= 42) ->
("model:concl" x + 3 <= 50)
goal g_lab1 : forall x "model:1":int. ("model:cond" x >= 42) ->
goal g_lab1 : forall x "model:1":int. ("model:cond" x >= 42) ->
("model:concl" x + 3 <= 50)
constant g : int
......@@ -46,11 +46,11 @@ goal test_overflow_int16:
goal test_overflow_int16_alt:
forall x "model:0" y "model:0" : int.
-65536 <= x <= 65535 /\ -65536 <= y <= 65535 -> -65536 <= x+y <= 65535
-65536 <= x <= 65535 /\ -65536 <= y <= 65535 -> -65536 <= x+y <= 65535
goal test_overflow_int16_bis:
forall x "model:0" y "model:0" : int.
is_int16 x /\ is_int16 y /\
is_int16 x /\ is_int16 y /\
("model:cond1" 0 <= x) /\ (x <= y) -> is_int16 (x + y)
predicate is_int32 (x:int) = -2147483648 <= x <= 2147483647
......@@ -83,7 +83,7 @@ theory ModelArray
use import map.Map
goal t1 : forall t "model:0" :map int int, i "model:0" : int.
goal t1 : forall t "model:0" :map int int, i "model:0" : int.
get (set t 0 42) i = get t i
end
......