Change label syntax from "foo" to [@foo].

The feature is not yet fully implemented (e.g. escape characters).

examples/WP_revisited/blocking_semantics5.mlw

@@ -376,7 +376,7 @@ predicate compatible_env (sigma:env) (sigmat:type_env) (pi:stack) (pit: type_sta
   (forall id: mident. type_value (get_env id sigma) = get_reftype id sigmat) /\
   (forall id: ident. type_value (get_stack id pi) = get_vartype id pit)
 
-lemma type_inversion : forall v "induction":value.
+lemma type_inversion : forall v [@induction]:value.
    match (type_value v) with
     | TYbool -> exists b: bool. v = Vbool b
     | TYint -> exists n: int. v = Vint n
@@ -393,7 +393,7 @@ lemma type_preservation :
          sigmat:type_env, pit:type_stack.
      type_stmt sigmat pit s1 ->
      compatible_env sigma1 sigmat pi1 pit ->
-     ("induction" one_step sigma1 pi1 s1 sigma2 pi2 s2) ->
+     ([@induction] one_step sigma1 pi1 s1 sigma2 pi2 s2) ->
      type_stmt sigmat pit s2 /\
      compatible_env sigma2 sigmat pi2 pit
 
@@ -460,25 +460,25 @@ predicate fresh_in_fmla (id:ident) (f:fmla) =
 
 (* Needed for monotonicity and wp_reduction *)
 lemma eval_msubst_term:
-  forall e "induction":term, sigma:env, pi:stack, x:mident, v:ident.
+  forall e [@induction]:term, sigma:env, pi:stack, x:mident, v:ident.
     fresh_in_term v e ->
     eval_term sigma pi (msubst_term e x v) =
     eval_term (IdMap.set sigma x (get_stack v pi)) pi e
 
 lemma eval_msubst:
-  forall f "induction":fmla, sigma:env, pi:stack, x:mident, v:ident.
+  forall f [@induction]:fmla, sigma:env, pi:stack, x:mident, v:ident.
     fresh_in_fmla v f ->
     (eval_fmla sigma pi (msubst f x v) <->
      eval_fmla (IdMap.set sigma x (get_stack v pi)) pi f)
 
 lemma eval_swap_term:
-  forall t "induction":term, sigma:env, pi l:stack, id1 id2:ident, v1 v2:value.
+  forall t [@induction]:term, sigma:env, pi l:stack, id1 id2:ident, v1 v2:value.
   id1 <> id2 ->
   (eval_term sigma (l++(Cons (id1,v1) (Cons (id2,v2) pi))) t =
    eval_term sigma (l++(Cons (id2,v2) (Cons (id1,v1) pi))) t)
 
 lemma eval_swap_gen:
-  forall f "induction":fmla, sigma:env, pi l:stack, id1 id2:ident, v1 v2:value.
+  forall f [@induction]:fmla, sigma:env, pi l:stack, id1 id2:ident, v1 v2:value.
     id1 <> id2 ->
     (eval_fmla sigma (l++(Cons (id1,v1) (Cons (id2,v2) pi))) f <->
     eval_fmla sigma (l++(Cons (id2,v2) (Cons (id1,v1) pi))) f)
@@ -490,13 +490,13 @@ lemma eval_swap:
     eval_fmla sigma (Cons (id2,v2) (Cons (id1,v1) pi)) f)
 
 lemma eval_term_change_free :
-  forall t "induction":term, sigma:env, pi:stack, id:ident, v:value.
+  forall t [@induction]:term, sigma:env, pi:stack, id:ident, v:value.
     fresh_in_term id t ->
     eval_term sigma (Cons (id,v) pi) t = eval_term sigma pi t
 
  (* Need it for monotonicity*)
 lemma eval_change_free :
-  forall f "induction":fmla, sigma:env, pi:stack, id:ident, v:value.
+  forall f [@induction]:fmla, sigma:env, pi:stack, id:ident, v:value.
     fresh_in_fmla id f ->
     (eval_fmla sigma (Cons (id,v) pi) f <-> eval_fmla sigma pi f)
 
@@ -688,7 +688,7 @@ function wp (s:stmt) (q:fmla) : fmla =
        eval_fmla sigma pi f -> eval_fmla sigma pi (wp body f)
 
   lemma monotonicity:
-    forall s "induction":stmt, p q:fmla.
+    forall s [@induction]:stmt, p q:fmla.
       valid_fmla (Fimplies p q)
      -> valid_fmla (Fimplies (wp s p) (wp s q) )
 
@@ -704,7 +704,7 @@ function wp (s:stmt) (q:fmla) : fmla =
   *)
 
   lemma distrib_conj:
-    forall s "induction":stmt, sigma:env, pi:stack, p q:fmla.
+    forall s [@induction]:stmt, sigma:env, pi:stack, p q:fmla.
      (eval_fmla sigma pi (wp s p)) /\
      (eval_fmla sigma pi (wp s q)) ->
      eval_fmla sigma pi (wp s (Fand p q))
@@ -717,7 +717,7 @@ function wp (s:stmt) (q:fmla) : fmla =
       eval_fmla sigma' pi' (wp s' q)
 
   lemma progress:
-    forall s "induction":stmt, sigma:env, pi:stack,
+    forall s [@induction]:stmt, sigma:env, pi:stack,
            sigmat: type_env, pit: type_stack, q:fmla.
       compatible_env sigma sigmat pi pit ->
       type_stmt sigmat pit s ->

examples/WP_revisited/imp_n.why

@@ -186,7 +186,7 @@ function subst_expr (e:expr) (x:ident) (t:expr) : expr =
   end
 
 lemma eval_subst_expr:
-  forall s:state, e "induction":expr, x:ident, t:expr.
+  forall s:state, e [@induction]:expr, x:ident, t:expr.
     eval_expr s (subst_expr e x t) =
       eval_expr (IdMap.set s x (eval_expr s t)) e
 

examples/add_list_vc_sp.mlw

@@ -32,7 +32,7 @@ use import SumList
 let rec sum (l: list or_integer_float) : (int, real) =
     variant { l }
     returns { si, sf -> si = add_int l /\ sf = add_real l }
-  "vc:sp"
+  [@vc:sp]
   match l with
   | Nil -> 0, 0.0
   | Cons h t ->
@@ -44,7 +44,7 @@ let rec sum (l: list or_integer_float) : (int, real) =
   end
 
 let main () =
-  "vc:sp"
+  [@vc:sp]
   let l =
     Cons (Integer 5) (Cons (Real 3.3) (Cons (Integer 8)
       (Cons (Real 1.4) (Cons (Integer 9) Nil))))
@@ -63,7 +63,7 @@ use import ref.Ref
 
 let sum (l: list or_integer_float) : (int, real) =
     returns { si, sf -> si = add_int l /\ sf = add_real l }
-  "vc:sp"
+  [@vc:sp]
   let si = ref 0 in
   let sf = ref 0.0 in
   let ll = ref l in
@@ -83,7 +83,7 @@ let sum (l: list or_integer_float) : (int, real) =
 
 
 let main () =
-  "vc:sp"
+  [@vc:sp]
   let l =
     Cons (Integer 5) (Cons (Real 3.3) (Cons (Integer 8)
       (Cons (Real 1.4) (Cons (Integer 9) Nil))))

examples/binary_search_vc_sp.mlw

@@ -17,7 +17,7 @@ module BinarySearch
     requires { forall i1 i2 : int. 0 <= i1 <= i2 < length a -> a[i1] <= a[i2] }
     ensures  { 0 <= result < length a /\ a[result] = v }
     raises   { Not_found -> forall i:int. 0 <= i < length a -> a[i] <> v }
-  = "vc:sp"
+  = [@vc:sp]
     let l = ref 0 in
     let u = ref (length a - 1) in
     while !l <= !u do
@@ -56,7 +56,7 @@ module BinarySearchAnyMidPoint
     requires { forall i1 i2 : int. 0 <= i1 <= i2 < length a -> a[i1] <= a[i2] }
     ensures  { 0 <= result < length a /\ a[result] = v }
     raises   { Not_found -> forall i:int. 0 <= i < length a -> a[i] <> v }
-  = "vc:sp"
+  = [@vc:sp]
     let l = ref 0 in
     let u = ref (length a - 1) in
     while !l <= !u do
@@ -95,7 +95,7 @@ module BinarySearchInt32
     ensures  { 0 <= result < a.length /\ a[result] = v }
     raises   { Not_found ->
                  forall i:int. 0 <= i < a.length -> a[i] <> v }
-  = "vc:sp"
+  = [@vc:sp]
     let l = ref 0 in
     let u = ref (length a - 1) in
     while !l <= !u do
@@ -133,7 +133,7 @@ module BinarySearchBoolean
     ensures  { 0 <= result < a.length }
     ensures  { a[result] = 1 }
     ensures  { forall i. 0 <= i < result -> a[i] = 0 }
- = "vc:sp"
+  = [@vc:sp]
     let lo = ref 0 in
     let hi = ref (length a - 1) in
     while !lo < !hi do

examples/binomial_heap.mlw

@@ -67,7 +67,7 @@ module BinomialHeap
     end
 
   lemma heaps_append:
-    forall h1 "induction" h2. heaps h1 -> heaps h2 -> heaps (h1 ++ h2)
+    forall h1 [@induction] h2. heaps h1 -> heaps h2 -> heaps (h1 ++ h2)
   lemma heaps_reverse:
     forall h. heaps h -> heaps (reverse h)
 
@@ -89,7 +89,7 @@ module BinomialHeap
     end
 
   lemma occ_append:
-    forall l1 "induction" l2 x. occ x (l1 ++ l2) = occ x l1 + occ x l2
+    forall l1 [@induction] l2 x. occ x (l1 ++ l2) = occ x l1 + occ x l2
 
   lemma occ_reverse:
     forall x l. occ x l = occ x (reverse l)

examples/bts/12475.why

-theory Stmt "some_statement"
+theory Stmt
 
   use import real.Real
   use import floating_point.Rounding

examples/bts/19_apply_with.mlw

@@ -2,7 +2,7 @@ module I19_simplint
 
   use import int.Int
 
-  axiom H "W:non_conservative_extension:N" : forall x y z. x < y -> y < z -> x < z
+  axiom H [@W:non_conservative_extension:N] : forall x y z. x < y -> y < z -> x < z
 
   goal g: 0 < 2
 

examples/double_wp/imp.why

@@ -78,7 +78,7 @@ theory Imp
 
   (* Determinstic semantics *)
   lemma ceval_deterministic_aux : forall c mi mf1. ceval mi c mf1 ->
-      forall mf2. ("inversion" ceval mi c mf2) -> mf1 = mf2
+      forall mf2. ([@inversion] ceval mi c mf2) -> mf1 = mf2
 
   lemma ceval_deterministic : forall c mi mf1 mf2.
       ceval mi c mf1 ->  ceval mi c mf2 -> mf1 = mf2

examples/double_wp/logic.mlw

@@ -16,7 +16,7 @@ module Compiler_logic
   function snd (p: ('a,'b)) : 'b = let (_,y) = p in y
   meta rewrite_def function snd
 
-  predicate (-->) (x y:'a) = "rewrite" x = y
+  predicate (-->) (x y:'a) = [@rewrite] x = y
   meta rewrite_def predicate (-->)
 
   (* Unary predicates over machine states *)

examples/fact_vc_sp.mlw

@@ -10,7 +10,7 @@ module FactRecursive
     requires { x >= 0 }
     variant  { x }
     ensures  { result = fact x }
-  = "vc:sp"
+  = [@vc:sp]
     if x = 0 then 1 else x * fact_rec (x-1)
 
   let test0 () = fact_rec 0
@@ -29,7 +29,7 @@ module FactImperative
   let fact_imp (x:int) : int
     requires { x >= 0 }
     ensures { result = fact x }
-  = "vc:sp"
+  = [@vc:sp]
     let y = ref 0 in
     let r = ref 1 in
     while !y < x do

examples/finger_trees.mlw

@@ -30,7 +30,7 @@ module FingerTrees
 
   let lemma node_cons_app (nd:node 'a) (p q:list 'a)
     ensures { node_cons nd (p++q) = node_cons nd p ++ q }
-  = match nd with Node2 _ _ -> "keep_on_simp" () | _ -> () end
+  = match nd with Node2 _ _ -> [@keep_on_simp] () | _ -> () end
 
   function flatten (l:list (node 'a)) : list 'a = match l with
     | Nil -> Nil

examples/gcd_bezout_vc_sp.mlw

@@ -12,7 +12,7 @@ module GcdBezout
     requires { x >= 0 /\ y >= 0 }
     ensures  { result = gcd x y }
     ensures  { exists a b:int. a*x+b*y = result }
-  = "vc:sp"
+  = [@vc:sp]
     let x = ref x in let y = ref y in
     label Pre in
     let ghost a = ref 1 in let ghost b = ref 0 in

examples/gcd_vc_sp.mlw

 
-(* Greatest common divisor, using the Euclidean algorithm *)
+(** Greatest common divisor, using the Euclidean algorithm *)
 
 module EuclideanAlgorithm
 
@@ -10,7 +10,7 @@ module EuclideanAlgorithm
     variant  { v }
     requires { u >= 0 /\ v >= 0 }
     ensures  { result = gcd u v }
-  = "vc:sp"
+  = [@vc:sp]
     if v = 0 then
       u
     else
@@ -27,7 +27,7 @@ module EuclideanAlgorithmIterative
   let euclid (u0 v0: int) : int
     requires { u0 >= 0 /\ v0 >= 0 }
     ensures  { result = gcd u0 v0 }
-  = "vc:sp"
+  = [@vc:sp]
     let u = ref u0 in
     let v = ref v0 in
     while !v <> 0 do
@@ -77,7 +77,7 @@ module BinaryGcd
     variant  { (v, u) with lex }
     requires { u >= 0 /\ v >= 0 }
     ensures  { result = gcd u v }
-  = "vc:sp"
+  = [@vc:sp]
     if v > u then binary_gcd v u else
     if v = 0 then u else
     if mod u 2 = 0 then
@@ -121,7 +121,7 @@ module EuclideanAlgorithm63
     variant  { to_int v }
     requires { u >= 0 /\ v >= 0 }
     ensures  { result = gcd u v }
-  = "vc:sp"
+  = [@vc:sp]
     if v = 0 then
       u
     else

examples/in_progress/exp.mlw

@@ -9,13 +9,13 @@ module Exp
   val ( +. ) (x y : t) : t
     requires {t'isFinite x}
     requires {t'isFinite y}
-    requires {"expl:no_overflow" t'isFinite (x .+ y)}
+    requires {[@expl:no_overflow] t'isFinite (x .+ y)}
     ensures  {result = x .+ y}
 
   val ( *. ) (x y : t) : t
     requires {t'isFinite x}
     requires {t'isFinite y}
-    requires {"expl:no_overflow" t'isFinite (x .* y)}
+    requires {[@expl:no_overflow] t'isFinite (x .* y)}
     ensures  {result = x .* y}
 
   let my_exp (x: t) : t

examples/in_progress/koda_ruskey.mlw

@@ -87,7 +87,7 @@ module Lemmas
     | Cons f tl -> mem_forest n f || mem_stack n tl
     end
 
-  lemma mem_app: forall n st1 "induction" st2.
+  lemma mem_app: forall n st1 [@induction] st2.
     mem_stack n (st1 ++ st2) -> mem_stack n st1 || mem_stack n st2
 
   function size_stack (st: stack) : int = match st with

examples/in_progress/mp2.mlw

@@ -224,7 +224,7 @@ module N
     ensures  {
       value_sub x n (m+1) =
         value_sub x n m + l2i (Map.get x m) * power radix (m-n) }
-  = "vc:sp" if n < m then value_sub_tail x (n+1) m else ()(*assert { 1+2=3 }*)
+  = [@vc:sp] if n < m then value_sub_tail x (n+1) m else ()(*assert { 1+2=3 }*)
 
   let rec lemma value_sub_concat (x:map int limb) (n m l:int)
     requires { n <= m <= l}

examples/in_progress/my_cosine.mlw

@@ -13,17 +13,17 @@ module M
     ensures { value result = x }
 
   val add (x y: single) : single
-    requires { "expl:floating-point overflow"
+    requires { [@expl:floating-point overflow]
                no_overflow NearestTiesToEven ((value x) +. (value y)) }
     ensures  { value result = round NearestTiesToEven ((value x) +. (value y))}
 
   val sub (x y: single) : single
-    requires { "expl:floating-point overflow"
+    requires { [@expl:floating-point overflow]
                no_overflow NearestTiesToEven ((value x) -. (value y)) }
     ensures  { value result = round NearestTiesToEven ((value x) -. (value y))}
 
   val mul (x y: single) : single
-    requires { "expl:floating-point overflow"
+    requires { [@expl:floating-point overflow]
                no_overflow NearestTiesToEven ((value x) *. (value y)) }
     ensures  { value result = round NearestTiesToEven ((value x) *. (value y))}
 
@@ -47,15 +47,15 @@ module IEEEfloat
   use import ieee_float.Float32
 
   val add (x y: t) : t
-    requires { "expl:floating-point overflow" t'isFinite (x .+ y) }
+    requires { [@expl:floating-point overflow] t'isFinite (x .+ y) }
     ensures  { result = x .+ y }
 
   val sub (x y: t) : t
-    requires { "expl:floating-point overflow" t'isFinite (x .- y)}
+    requires { [@expl:floating-point overflow] t'isFinite (x .- y)}
     ensures  { result = x .- y }
 
   val mul (x y: t) : t
-    requires { "expl:floating-point overflow" t'isFinite (x .* y)}
+    requires { [@expl:floating-point overflow] t'isFinite (x .* y)}
     ensures  { result = x .* y }
 
   let my_cosine (x:t) : t

examples/in_progress/my_exp.mlw

@@ -13,13 +13,13 @@ module Exp
   val ( +. ) (x y : t) : t
     requires {t'isFinite x}
     requires {t'isFinite y}
-    requires {"expl:no_overflow" t'isFinite (x .+ y)}
+    requires {[@expl:no_overflow] t'isFinite (x .+ y)}
     ensures  {result = x .+ y}
 
   val ( *. ) (x y : t) : t
     requires {t'isFinite x}
     requires {t'isFinite y}
-    requires {"expl:no_overflow" t'isFinite (x .* y)}
+    requires {[@expl:no_overflow] t'isFinite (x .* y)}
     ensures  {result = x .* y}
 
   let my_exp (x: t) : t

examples/knuth_prime_numbers.mlw

@@ -55,7 +55,7 @@ module PrimeNumbers
 
   (** Bertrand's postulate, admitted as an axiom
    (the label is there to suppress the warning issued by Why3) *)
-  axiom Bertrand_postulate "W:non_conservative_extension:N" :
+  axiom Bertrand_postulate [@W:non_conservative_extension:N] :
     forall p: int. prime p -> not (no_prime_in p (2*p))
 
   use import array.Array

examples/koda_ruskey.mlw

@@ -103,7 +103,7 @@ module Lemmas
     | Cons f tl -> mem_forest n f || mem_stack n tl
     end
 
-  lemma mem_app: forall n st1 "induction" st2.
+  lemma mem_app: forall n st1 [@induction] st2.
     mem_stack n (st1 ++ st2) -> mem_stack n st1 || mem_stack n st2
 
   function size_stack (st: stack) : int = match st with