Commit 4822694f authored by Guillaume Melquiond's avatar Guillaume Melquiond

Merge branch 'master' into new_system

parents a7c1eea4 7129b259
......@@ -152,7 +152,6 @@ why3.conf
/src/coq-tactic/.why3-vo-*
# Coq
/lib/coq/bv/BV_Gen.v
# PVS
.pvscontext
......@@ -200,6 +199,8 @@ pvsbin/
/src/util/config.ml
/src/util/lexlib.ml
/src/util/rc.ml
/src/util/json_parser.mli
/src/util/json_parser.ml
# /src/session
/src/session/xml.ml
......@@ -216,6 +217,13 @@ pvsbin/
/plugins/tptp/tptp_parser.conflicts
/plugins/parser/dimacs.ml
# /plugins/python/
/plugins/python/py_lexer.ml
/plugins/python/py_parser.ml
/plugins/python/py_parser.mli
/plugins/python/test/
/plugins/python/py_parser.conflicts
# /drivers
/drivers/coq-realizations.aux
/drivers/pvs-realizations.aux
......@@ -228,6 +236,8 @@ pvsbin/
/tests/test-and/
/tests/test-extraction/*
!/tests/test-extraction/main.ml
/tests/python/*/why3session.xml
/tests/python/*/why3shapes.gz
# /examples/
/examples/in_progress/course/
......@@ -288,6 +298,7 @@ pvsbin/
/modules/pqueue/
/modules/mach/array/
/modules/mach/int/
/modules/python/
# Try Why3
/src/trywhy3/trywhy3.byte
......@@ -304,9 +315,13 @@ pvsbin/
/src/trywhy3/index.html
/src/trywhy3/ace-builds/
/src/trywhy3/*.png
/src/trywhy3/alt-ergo-1.00-private-2015-01-29
/src/trywhy3/alt-ergo*
/src/trywhy3/fontawesome/
# IDE
/src/ide/fontawesome
/src/ide/ace-builds
# jessie3
/src/jessie/config.log
/src/jessie/Makefile
......
......@@ -13,10 +13,12 @@ S src/coq-tactic
S src/why3session
S src/why3doc
S src/jessie
S src/trywhy3
S plugins/parser
S plugins/printer
S plugins/transform
S plugins/tptp
S plugins/python
B src/util
B src/core
......@@ -33,10 +35,12 @@ B src/coq-tactic
B src/why3session
B src/why3doc
B src/jessie
B src/trywhy3
B plugins/parser
B plugins/printer
B plugins/transform
B plugins/tptp
B plugins/python
B lib/why3
PKG str unix num dynlink @ZIPLIB@ @LABLGTK2PKG@ @META_OCAMLGRAPH@
......@@ -12,9 +12,13 @@ with contributions of
Sylvie Boldo
Martin Clochard
Simon Cruanes
Sylvain Dailler
Clément Fumex
Leon Gondelman
David Hauzar
Daisuke Ishii
Johannes Kanig
Mikhail Mandrykin
David Mentré
Benjamin Monate
Thi-Minh-Tuyen Nguyen
......
* marks an incompatible change
Tools
o why3 config now generates default proof strategies using the
installed provers. These are available under name "Auto level 1"
and "Auto level 2" in why3 ide.
Version 0.87.3, January ??, 2017
=================================
Version 0.87.3, January 12, 2017
================================
bug fixes
o
o fixed OCaml extraction with respect to ghost parameters
o assorted bug fixes
Provers
o support for Alt-Ergo 1.30 (released ??, 2016)
o support for Coq 8.6 (released ?, 2016)
o support for Gappa 1.3 (released ?, 2016)
provers
o support for Alt-Ergo 1.30 (released Nov 21, 2016)
o support for Coq 8.6 (released Dec 8, 2016)
o support for Gappa 1.3 (released Jul 20, 2016)
* discarded support for Isabelle 2015
o support for Isabelle 2016-1 (released Dec 2016)
o support for Z3 4.5.0 (released ? 2016)
o support for Z3 4.5.0 (released Nov 8, 2016)
Version 0.87.2, September 1, 2016
=================================
......
This diff is collapsed.
####################################################################
# #
# The Why3 Verification Platform / The Why3 Development Team #
# Copyright 2010-2016 -- INRIA - CNRS - Paris-Sud University #
# Copyright 2010-2017 -- INRIA - CNRS - Paris-Sud University #
# #
# This software is distributed under the terms of the GNU Lesser #
# General Public License version 2.1, with the special exception #
......@@ -176,8 +176,8 @@ OCAMLVERSION=`$OCAMLC -v | sed -n -e 's|.*version* *\(.*\)$|\1|p' `
echo "ocaml version is $OCAMLVERSION"
case "$OCAMLVERSION" in
0.*|1.*|2.*|3.*|4.00.*)
AC_MSG_ERROR(You need Objective Caml 4.01.0 or higher);;
0.*|1.*|2.*|3.*|4.00.*|4.01.*|4.02.[[0-2]])
AC_MSG_ERROR(You need Objective Caml 4.02.3 or higher);;
esac
# Ocaml library path
......
......@@ -5,8 +5,9 @@ This chapter is a tutorial for the users who want to link their own
OCaml code with the \why library. We progressively introduce the way
one can use the library to build terms, formulas, theories, proof
tasks, call external provers on tasks, and apply transformations on
tasks. The complete documentation for API calls is given
at URL~\url{http://why3.lri.fr/api-\whyversion/}.
tasks. The complete documentation for API calls is given\begin{latexonly}
at URL~\urlapi{}.\end{latexonly}
%HEVEA at this \ahref{\urlapi}{URL}.
We assume the reader has a fair knowledge of the OCaml
language. Notice that the \why library must be installed, see
......@@ -291,9 +292,9 @@ access the internal identifier for addition: it must be retrieved from
the standard theory \texttt{Int} of the file \texttt{int.why} (see
Chap~\ref{sec:library}).
\begin{ocamlcode}
let two : Term.term =
let two : Term.term =
Term.t_const (Number.ConstInt (Number.int_const_dec "2"))
let four : Term.term =
let four : Term.term =
Term.t_const (Number.ConstInt (Number.int_const_dec "4"))
let int_theory : Theory.theory =
Env.read_theory env ["int"] "Int"
......@@ -327,7 +328,7 @@ To illustrate how to build quantified formulas, let us consider
the formula $\forall x:int. x*x \geq 0$. The first step is to
obtain the symbols from \texttt{Int}.
\begin{ocamlcode}
let zero : Term.term =
let zero : Term.term =
Term.t_const (Number.ConstInt (Number.int_const_dec "0"))
let mult_symbol : Term.lsymbol =
Theory.ns_find_ls int_theory.Theory.th_export ["infix *"]
......@@ -362,14 +363,14 @@ be done by a sequence of calls:
Creation of a theory named \verb|My_theory| is done by
\begin{ocamlcode}
let my_theory : Theory.theory_uc =
let my_theory : Theory.theory_uc =
Theory.create_theory (Ident.id_fresh "My_theory")
\end{ocamlcode}
First let us add formula 1 above as a goal:
\begin{ocamlcode}
let decl_goal1 : Decl.decl =
Decl.create_prop_decl Decl.Pgoal goal_id1 fmla1
Decl.create_prop_decl Decl.Pgoal goal_id1 fmla1
let my_theory : Theory.theory_uc =
Theory.add_decl my_theory decl_goal1
\end{ocamlcode}
......@@ -379,12 +380,12 @@ already defined to create task 1 above.
Adding formula 2 needs to add the declarations of predicate variables A
and B first:
\begin{ocamlcode}
let my_theory : Theory.theory_uc =
Theory.add_param_decl my_theory prop_var_A
let my_theory : Theory.theory_uc =
Theory.add_param_decl my_theory prop_var_B
let my_theory : Theory.theory_uc =
Theory.add_param_decl my_theory prop_var_A
let my_theory : Theory.theory_uc =
Theory.add_param_decl my_theory prop_var_B
let decl_goal2 : Decl.decl =
Decl.create_prop_decl Decl.Pgoal goal_id2 fmla2
Decl.create_prop_decl Decl.Pgoal goal_id2 fmla2
let my_theory : Theory.theory_uc = Theory.add_decl my_theory decl_goal2
\end{ocamlcode}
......@@ -395,33 +396,33 @@ combination of an ``export'' and the creation of a namespace. We
provide a helper function for that:
\begin{ocamlcode}
(* [use th1 th2] insert the equivalent of a "use import th2" in
theory th1 under construction *)
let use th1 th2 =
let name = th2.Theory.th_name in
theory th1 under construction *)
let use th1 th2 =
let name = th2.Theory.th_name in
Theory.close_scope
(Theory.use_export
(Theory.use_export
(Theory.open_scope th1 name.Ident.id_string) th2) true
\end{ocamlcode}
Addition of formula 3 is then
\begin{ocamlcode}
let my_theory : Theory.theory_uc = use my_theory int_theory
let decl_goal3 : Decl.decl =
let decl_goal3 : Decl.decl =
Decl.create_prop_decl Decl.Pgoal goal_id3 fmla3
let my_theory : Theory.theory_uc =
Theory.add_decl my_theory decl_goal3
let my_theory : Theory.theory_uc =
Theory.add_decl my_theory decl_goal3
\end{ocamlcode}
Addition of goal 4 is nothing more complex:
\begin{ocamlcode}
let decl_goal4 : Decl.decl =
let decl_goal4 : Decl.decl =
Decl.create_prop_decl Decl.Pgoal goal_id4 fmla4
let my_theory :
Theory.theory_uc = Theory.add_decl my_theory decl_goal4
let my_theory :
Theory.theory_uc = Theory.add_decl my_theory decl_goal4
\end{ocamlcode}
Finally, we close our theory under construction as follows.
\begin{ocamlcode}
let my_theory : Theory.theory = Theory.close_theory my_theory
let my_theory : Theory.theory = Theory.close_theory my_theory
\end{ocamlcode}
We can inspect what we did by printing that theory:
......@@ -433,19 +434,19 @@ which outputs
theory is:
theory My_theory
(* use BuiltIn *)
goal goal1 : true \/ false
predicate A
predicate B
goal goal2 : A /\ B -> A
(* use int.Int *)
goal goal3 : (2 + 2) = 4
goal goal4 : forall x:int. (x * x) >= 0
end
\end{verbatim}
......@@ -453,7 +454,7 @@ end
From a theory, one can compute at once all the proof tasks it contains
as follows:
\begin{ocamlcode}
let my_tasks : Task.task list =
let my_tasks : Task.task list =
List.rev (Task.split_theory my_theory None None)
\end{ocamlcode}
Note that the tasks are returned in reverse order, so we reverse the
......@@ -461,7 +462,7 @@ list above.
We can check our generated tasks by printing them:
\begin{ocamlcode}
let () =
let () =
printf "Tasks are:@.";
let _ =
List.fold_left
......
......@@ -216,7 +216,7 @@ The provers can give the following output:
\label{sec:proveoptions}
\begin{description}
\item[\texttt{-{}-get-ce}] activates the generation of a potential
\item[\texttt{-{}-get-ce}] activates the generation of a potential
counter-example when a proof does not succeed (experimental).
\item[\texttt{-{}-extra-expl-prefix \textsl{<s>}}] specifies
\textsl{s} as an additional prefix for labels that denotes VC
......@@ -473,25 +473,25 @@ are grouped together under several tabs.
\subsection{Displaying Counterexamples}
When the selected prover finds (counterexample) model, it is possible to
When the selected prover finds (counterexample) model, it is possible to
display parts of this model in the terms of the original Why3 input.
Currently, this is supported for CVC4 prover version 1.5 and newer.
To display the counterexample in Why3 IDE, the counterexample model generation
must be enabled in File -/> Preferences -/> get
To display the counterexample in Why3 IDE, the counterexample model generation
must be enabled in File -/> Preferences -/> get
counter-example.
After running the prover and clicking on the prover result in, the
counterexample can be displayed in the tab
After running the prover and clicking on the prover result in, the
counterexample can be displayed in the tab
Counter-example.
The counterexample is displayed with the original Why3 code in comments.
Counterexample values for Why3 source code elements at given line are
The counterexample is displayed with the original Why3 code in comments.
Counterexample values for Why3 source code elements at given line are
displayed in a comment at the line below.
An alternative way how to display a counterexample is to use the option
An alternative way how to display a counterexample is to use the option
\texttt{-{}-get-ce} of the \texttt{prove} command.
Why3 source code elemets that should be a part of counterexample must be
explicitly marked with \texttt{"model"} label. The following example shows a
Why3 theory with some terms annotated with the \texttt{model} label and the
Why3 source code elemets that should be a part of counterexample must be
explicitly marked with \texttt{"model"} label. The following example shows a
Why3 theory with some terms annotated with the \texttt{model} label and the
generated counterexample in comments:
\begin{whycode}
......@@ -504,7 +504,7 @@ theory T
goal g_lab_ex : forall x "model":int. ("model" x >= 42) ->
("model" "model_trace:x+3<=50" x + 3 <= 50)
goal computation_ex : forall x1 "model" x2 "model" x3 "model" .
goal computation_ex : forall x1 "model" x2 "model" x3 "model" .
(* x1 = 1; x2 = 1; x3 = 1 *)
("model" "model_trace: x1 + 1 = 2" x1 + 1 = 2) ->
(* x1 + 1 = 2 = true *)
......@@ -516,9 +516,9 @@ theory T
(* (= (+ (+ x1 x2) x3) 5) = false *)
\end{whycode}
To display counterexample values in assertions the term being asserted must be
labeled with the label \texttt{"model\_vc"}. To display counterexample values
in postconditions, the term in the postcondition must be labeled with the
To display counterexample values in assertions the term being asserted must be
labeled with the label \texttt{"model\_vc"}. To display counterexample values
in postconditions, the term in the postcondition must be labeled with the
label \texttt{"model\_vc\_post"}.
The following example shows a counterexample of a function with postcondition:
......@@ -535,9 +535,9 @@ The following example shows a counterexample of a function with postcondition:
(* x = 0 *)
\end{whycode}
It is also possible to rename counterexample elements using the lable
\texttt{"model\_trace:"}. The following example shows the use of renaming a
counterexample element in order to print the counterexample in infix notation
It is also possible to rename counterexample elements using the lable
\texttt{"model\_trace:"}. The following example shows the use of renaming a
counterexample element in order to print the counterexample in infix notation
instead of default prefix notation:
\begin{whycode}
......@@ -547,31 +547,31 @@ instead of default prefix notation:
(* x+3<=50 = false *)
\end{whycode}
Renaming counterexample elements is in particular useful when Why3 is used as
intermediate language and to show names of counterexample elements in the
Renaming counterexample elements is in particular useful when Why3 is used as
intermediate language and to show names of counterexample elements in the
source language instead of showing names of Why3 elements.
Note that if the counterexample element is of a record type, it is also
possible to rename names of the record fields by putting the label
Note that if the counterexample element is of a record type, it is also
possible to rename names of the record fields by putting the label
\texttt{model\_trace:} to definitions of record fields. For example:
\begin{whycode}
type r = {f "model_trace:.F" :int; g "model_trace:G" :bool}
\end{whycode}
When a prover is queried for a counterexample value of a term of an abstract
type=, an internal representation of the value is get. To get the concrete
representation, the term must be marked with the label
\texttt{"model\_projected"} and a projection function from the abstract type
to a concrete type must be defined, marked as a projection using the meta
\texttt{"model\_projection"}, and inlining of this function must be disabled
using the meta \texttt{"inline : no"}. The following example shows a
When a prover is queried for a counterexample value of a term of an abstract
type=, an internal representation of the value is get. To get the concrete
representation, the term must be marked with the label
\texttt{"model\_projected"} and a projection function from the abstract type
to a concrete type must be defined, marked as a projection using the meta
\texttt{"model\_projection"}, and inlining of this function must be disabled
using the meta \texttt{"inline : no"}. The following example shows a
counterexample of an abstract value:
\begin{whycode}
theory A
use import int.Int
type byte
function to_rep byte : int
predicate in_range (x : int) = -128 <= x <= 127
......@@ -579,16 +579,16 @@ counterexample of an abstract value:
in_range (to_rep x)
meta "model_projection" function to_rep
meta "inline : no" function to_rep
goal abstr : forall x "model_projected" :byte. to_rep x >= 42 -> to_rep x
goal abstr : forall x "model_projected" :byte. to_rep x >= 42 -> to_rep x
+ 3 <= 50
(* x = 48 *)
\end{whycode}
More examples of using counterexample feature of Why3 can be found in the file
More examples of using counterexample feature of Why3 can be found in the file
examples/tests/cvc4-models.mlw and examples/tests/cvc4-models.mlw.
More information how counterexamples in Why3 works can be found
in~\cite{sefm16}.
More information how counterexamples in Why3 works can be found
in~\cite{hauzar16sefm}.
%
% how to use counterexamples - explain labels, projections, the option --get-ce of why3prove and the setting in why3ide
......
......@@ -198,7 +198,7 @@ Claude March\'e and Andrei Paskevich},
month = {August},
url = {http://proval.lri.fr/submissions/boogie11.pdf},
abstract = {Why3 is the next generation of the
Why software verification platform.
Why software verification platform.
Why3 clearly separates the purely logical
specification part from generation of verification conditions for programs.
This article focuses on the former part.
......@@ -232,21 +232,36 @@ Claude March\'e and Andrei Paskevich},
year = {2007}
}
@inproceedings{sefm16,
author = {Guillaume Melquiond},
title = {Floating-point arithmetic in the {C}oq system},
booktitle = {Proceedings of the 8th Conference on Real Numbers and
Computers},
address = {Santiago de Compostela, Spain},
year = {2008},
pages = {93--102},
x-equipes = {demons PROVAL},
x-type = {article},
x-support = {actes},
x-cle-support = {RNC},
@InProceedings{hauzar16sefm,
topics = {team},
x-editorial-board = {yes},
x-international-audience = {yes},
x-proceedings = {yes},
x-pdf = {http://www.lri.fr/~melquion/doc/08-rnc8-article.pdf}
}
\ No newline at end of file
author = {Hauzar, David and March\'e, Claude and Moy, Yannick},
title = {Counterexamples from Proof Failures in {SPARK}},
booktitle = {Software Engineering and Formal Methods},
year = 2016,
pages = {215--233},
hal = {https://hal.inria.fr/hal-01314885}
}
@techreport{ieee754-2008,
abstract = {This standard specifies interchange and arithmetic
formats and methods for binary and decimal
floating-point arithmetic in computer programming