 05 Feb, 2016 3 commits


Andrei Paskevich authored
split the ppat_ghost field in program patterns into two distinct conditions:  ppat_ghost, indicating that the pattern starts as ghost, meaning that all variables in it are ghost, too;  ppat_fail, meaning that the pattern contains a refutable ghost subpattern, which makes the match in the extracted code impossible, which makes the whole match expression ghost. Until now, the two conditions were disjunctively combined, making admissible the invalid pattern matching in bench/p/bd/ghost4.mlw.

Guillaume Melquiond authored

Guillaume Melquiond authored

 13 Oct, 2015 9 commits


Andrei Paskevich authored

Guillaume Melquiond authored
This fixes (2) mod 2 being evaluated as nonzero.

Guillaume Melquiond authored

Guillaume Melquiond authored

MARCHE Claude authored

Martin Clochard authored
ECase(ghost e1,[branch]) and constructor application with ghost parameters were handled incorrectly.

Andrei Paskevich authored

Martin Clochard authored
The following could be proved correct: type t = A  B function f (x:'a) : 'a = x predicate top = A = f A lemma bad : forall x:t. match x with A > x = B  B > x = B > top end lemma fail : false

MARCHE Claude authored

 21 May, 2015 2 commits


MARCHE Claude authored

MARCHE Claude authored

 11 May, 2015 2 commits


MARCHE Claude authored

MARCHE Claude authored

 05 May, 2015 1 commit


Andrei Paskevich authored
The first one is the main file, the rest only supply rules for individual theories and modules.

 01 May, 2015 1 commit


MARCHE Claude authored

 29 Apr, 2015 1 commit


Andrei Paskevich authored
Expr: separate firstorder "expr" and higherorder "cexp" Dexpr: add an "absurd" branch for nonexhaustive matches in programs

 28 Apr, 2015 2 commits


François Bobot authored
introduced in cc774eb2

François Bobot authored

 27 Apr, 2015 1 commit


JeanChristophe Filliatre authored

 23 Apr, 2015 1 commit


Johannes Kanig authored
Sessions may contain the status "stepslimitexceeded", but this was not actually parsed by the session parser. Now fixed.

 22 Apr, 2015 3 commits


MARCHE Claude authored

MARCHE Claude authored
characters '. ", <, > and &

MARCHE Claude authored

 21 Apr, 2015 2 commits


JeanChristophe Filliatre authored

MARCHE Claude authored

 18 Apr, 2015 8 commits


MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

MARCHE Claude authored

 16 Apr, 2015 1 commit


JeanChristophe Filliatre authored
this is of course unsafe, yet useful if you have proved absence of overflows independently or if you are happy with a partial correctness proof (that is, if there is no overflow then the postcondition holds) this is work in progress; nothing plugged in yet

 15 Apr, 2015 1 commit


David Hauzar authored

 14 Apr, 2015 1 commit


David Hauzar authored

 13 Apr, 2015 1 commit


David Hauzar authored
p labeled with label "model_projected" for that it exists a projection function f creates declaration of new constant c and axiom stating that c = f p Projection functions are functions tagged with meta "model_projection". Function f is projection function for abstract function and predicate p if f is tagged with meta "model_projection" and has a single argument of the same type as is the type of p. This transformation is needed in situations when we want to display not value of a variable, but value of a projection function applied to a variable. Note that since Why3 supports namespaces (different projection functions can have the same name) and input languages of solvers typically not, Why3 renames projection functions to avoid name clashes. This is why it is not possible to just store the name of the projection function in a label and than query the solver directly for the value of the projection. Also, it means that this transformation should thus be executed before this renaming.
