How to use it: why3 realize D drivers/coqrealize.drv T real.Real o . produces Real.v in the current directory why3 realize D drivers/coqrealize.drv T real.Real produces real/Real.v in the loadpath near real.why (the directory "real" must exist) If a realization file is already there, it is passed to the printer in order to preserve the proofs. Instead of D <driver_file>, you can use P <prover>, if that prover uses a corresponding driver. However, the prover itself is not used. You can only realize theories from the loadpath. At the moment, coqrealize.drv is the only driver capable to realize theories in some sensible way. For any other driver, the results may be funny. Realization of WhyML modules is not possible so far. Realization may break if you directories and filenames contain nonalphanumeric symbols. The whole thing is in very preliminary stage. Use with caution.

but not use it by default, because of bad caching of smt_encoding transformations. Because of this, new function symbols appear again and again, and since we don't forget function symbols in transbased printers, we obtain names like at234.

or unknown can be seen as valid...

In addition,  scan below conjunctions in case there are equalities there too,  ignore predicate variables and "true" axioms,  output hypotheses in the proper order,  explicitly remove NonTrivialRing since it now survives the filtering.

This is getting tedious. There should be a way to drop the content of a whole theory.

meta "instantiate : auto" on as many terms as possible. The transformation is rather naive, since it doesn't look for term candidates under quantifiers, ifthenelse, letin, and so on. So it can only appear late in the transformation pipe. It is only enabled for Gappa and its target axioms are the ones that state that any floatingpoint value is bounded. It was the last transformation from Why2 still missing in Why3. Thanks to this transformation, Gappa is now able to prove all the safety obligations from the following code, including the ones about division and downcast, which is definitely frightening. /*@ assigns \nothing; @ ensures \result == \abs(x); @*/ extern double fabs(double x); /*@ requires \valid(AB_Ptr) && \valid(CD_Ptr); @ assigns *AB_Ptr, *CD_Ptr; @ ensures \abs(*AB_Ptr) <= 6.111111e2; @ ensures \abs(*CD_Ptr) <= 6.111111e2; @ */ void limitValue(float *AB_Ptr, float *CD_Ptr) { double Fabs_AB, Fabs_CD; double max; Fabs_AB = fabs (*AB_Ptr); Fabs_CD = fabs (*CD_Ptr); max = Fabs_AB; if (Fabs_CD > Fabs_AB) max = Fabs_CD; if ( max > 6.111111e2) { *AB_Ptr = (float) (((*AB_Ptr) * 6.111111e2) / max); *CD_Ptr = (float) (((*CD_Ptr) * 6.111111e2) / max); } }

Note that CVC3 doesn't care about syntax errors and it will still answer valid at the end. Currently, CVC3 chokes on the following kind of declarations (Div_mult, Abs_real_pos, and so on). ASSERT (FORALL (x : INT, y : INT, z : INT):PATTERN (div(((x * y) + z), x)): (((0 < x) AND ((0 <= y) AND (0 <= z))) => (div(((x * y) + z), x) = (y + div(z, x)))));

introduced new transformation eliminate_non_struct_recursion for that purpose uses Decl.check_termination tomake the check and the prettyprint (could probably be improved to avoid 3 calls to check_termination)

Fix the warning in 8e207729 Add a check for yices on real in nightlybuild

Warning since 7efae3f8 yices doesn't work with real since in assoc_mul_div a variable is the denominator. Yices refuse that.

thus we gain more goals than we lose

What was its purpose in the first place? Integers are protected in Simplify anyway and then we can simply forget the difference between the infinite sorts (as we do in encoding_tptp).

until we understand why keeping them makes nightlies regress

another birthday gift for François

15eb1b44

z3_smtv2* .drv : factorized
