 30 Sep, 2011 2 commits


Andrei Paskevich authored
How to use it: why3 realize D drivers/coqrealize.drv T real.Real o . produces Real.v in the current directory why3 realize D drivers/coqrealize.drv T real.Real produces real/Real.v in the loadpath near real.why (the directory "real" must exist) If a realization file is already there, it is passed to the printer in order to preserve the proofs. Instead of D <driver_file>, you can use P <prover>, if that prover uses a corresponding driver. However, the prover itself is not used. You can only realize theories from the loadpath. At the moment, coqrealize.drv is the only driver capable to realize theories in some sensible way. For any other driver, the results may be funny. Realization of WhyML modules is not possible so far. Realization may break if you directories and filenames contain nonalphanumeric symbols. The whole thing is in very preliminary stage. Use with caution.

MARCHE Claude authored

 29 Sep, 2011 2 commits


MARCHE Claude authored

Andrei Paskevich authored

 28 Sep, 2011 1 commit


MARCHE Claude authored

 26 Sep, 2011 1 commit


MARCHE Claude authored

 18 Sep, 2011 2 commits


Andrei Paskevich authored

Andrei Paskevich authored
but not use it by default, because of bad caching of smt_encoding transformations. Because of this, new function symbols appear again and again, and since we don't forget function symbols in transbased printers, we obtain names like at234.

 16 Sep, 2011 2 commits


François Bobot authored
or unknown can be seen as valid...

François Bobot authored

 13 Sep, 2011 1 commit


Guillaume Melquiond authored
In addition,  scan below conjunctions in case there are equalities there too,  ignore predicate variables and "true" axioms,  output hypotheses in the proper order,  explicitly remove NonTrivialRing since it now survives the filtering.

 02 Sep, 2011 1 commit


Andrei Paskevich authored

 31 Aug, 2011 1 commit


Guillaume Melquiond authored
This is getting tedious. There should be a way to drop the content of a whole theory.

 23 Aug, 2011 2 commits


Guillaume Melquiond authored

Guillaume Melquiond authored
meta "instantiate : auto" on as many terms as possible. The transformation is rather naive, since it doesn't look for term candidates under quantifiers, ifthenelse, letin, and so on. So it can only appear late in the transformation pipe. It is only enabled for Gappa and its target axioms are the ones that state that any floatingpoint value is bounded. It was the last transformation from Why2 still missing in Why3. Thanks to this transformation, Gappa is now able to prove all the safety obligations from the following code, including the ones about division and downcast, which is definitely frightening. /*@ assigns \nothing; @ ensures \result == \abs(x); @*/ extern double fabs(double x); /*@ requires \valid(AB_Ptr) && \valid(CD_Ptr); @ assigns *AB_Ptr, *CD_Ptr; @ ensures \abs(*AB_Ptr) <= 6.111111e2; @ ensures \abs(*CD_Ptr) <= 6.111111e2; @ */ void limitValue(float *AB_Ptr, float *CD_Ptr) { double Fabs_AB, Fabs_CD; double max; Fabs_AB = fabs (*AB_Ptr); Fabs_CD = fabs (*CD_Ptr); max = Fabs_AB; if (Fabs_CD > Fabs_AB) max = Fabs_CD; if ( max > 6.111111e2) { *AB_Ptr = (float) (((*AB_Ptr) * 6.111111e2) / max); *CD_Ptr = (float) (((*CD_Ptr) * 6.111111e2) / max); } }

 22 Aug, 2011 1 commit


Guillaume Melquiond authored
Note that CVC3 doesn't care about syntax errors and it will still answer valid at the end. Currently, CVC3 chokes on the following kind of declarations (Div_mult, Abs_real_pos, and so on). ASSERT (FORALL (x : INT, y : INT, z : INT):PATTERN (div(((x * y) + z), x)): (((0 < x) AND ((0 <= y) AND (0 <= z))) => (div(((x * y) + z), x) = (y + div(z, x)))));

 26 Jul, 2011 1 commit


JeanChristophe Filliatre authored
introduced new transformation eliminate_non_struct_recursion for that purpose uses Decl.check_termination tomake the check and the prettyprint (could probably be improved to avoid 3 calls to check_termination)

 06 Jul, 2011 1 commit


JeanChristophe Filliatre authored

 05 Jul, 2011 3 commits


François Bobot authored
Fix the warning in 8e207729 Add a check for yices on real in nightlybuild

François Bobot authored

François Bobot authored
Warning since 7efae3f8 yices doesn't work with real since in assoc_mul_div a variable is the denominator. Yices refuse that.

 29 Jun, 2011 1 commit


Andrei Paskevich authored

 07 Jun, 2011 1 commit


Andrei Paskevich authored
thus we gain more goals than we lose

 05 Jun, 2011 2 commits


Andrei Paskevich authored
What was its purpose in the first place? Integers are protected in Simplify anyway and then we can simply forget the difference between the infinite sorts (as we do in encoding_tptp).

Andrei Paskevich authored
until we understand why keeping them makes nightlies regress

 04 Jun, 2011 2 commits


Andrei Paskevich authored

Andrei Paskevich authored

 03 Jun, 2011 1 commit


Andrei Paskevich authored

 30 May, 2011 1 commit


Andrei Paskevich authored
another birthday gift for François

 27 May, 2011 1 commit


JeanChristophe Filliatre authored

 22 May, 2011 2 commits


Andrei Paskevich authored

Andrei Paskevich authored

 20 May, 2011 1 commit


JeanChristophe Filliatre authored

 11 May, 2011 1 commit


JeanChristophe Filliatre authored

 03 May, 2011 2 commits


François Bobot authored

Andrei Paskevich authored

 02 May, 2011 1 commit


François Bobot authored
15eb1b44

 29 Apr, 2011 1 commit


François Bobot authored

 28 Apr, 2011 1 commit


MARCHE Claude authored

 21 Apr, 2011 1 commit


François Bobot authored
z3_smtv2* .drv : factorized
