| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
context and less in an assert.
|
| |
|
|
|
| |
one exported view, but no exported view is marked as default, then it is an
error.
|
| |
|
|
| |
declared outside the enclosing match.
|
| | |
|
| |
|
|
| |
a class is referenced.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For the following situation
module LibA {
// ...things declared here...
}
module LibB {
// ...things declared here...
}
module R {
import opened LibA
// ...things declared here...
}
module S refines R {
import opened LibB
// ...declared here...
}
1. If module R declares a TopLevelDecl “G”, then we should report an error if S
attempts to declare an incompatible TopLevelDecl “G”. Dafny does this already.
2. If LibA declares a TopLevelDecl “G” but R does not directly declare any
TopLevelDecl G”, then we should also issue an error for any TopLevelDecl “G”
in S. This behavior is missing in Dafny.
3. If each of LibA and LibB declares some TopLevelDecl “G”, but neither R nor S
directly declares any TopLevelDecl “G”, then no error should be issued, and
any use of “G” in S should resolve to the “G” in LibA. This behavior is missing
in Dafny.
|
| |
|
|
|
|
|
|
| |
instantiate all it arguments, don't stop as soon as one instantiable constructor
is found. Instead, figure out all instantiable constructors and then pick the
best among these. A simple and reasonable "best" is an instantiable constructor
that requires a minimal number of already constructed type arguments, and to
break ties among these, pick the first one listed.
|
| |
|
|
| |
module.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'extern' declaration modifier provides a more convenient
way of interfacing Dafny code with C# source files and
.Net DLLs.
We support an 'extern' keyword on a module, class, function method,
or method (cannot extern ghost). We check the CompileNames of
all modules to make sure there are no duplicate names.
Every Dafny-generated C# class is marked partial, so it can
potentially be extended.
The extern keyword could be accompanied by an optional string naming
the corresponding C# method/class to connect to. If not given
the name of the method/class is used.
An 'extern' keyword implies an {:axiom} attribute for functions
and methods, so their ensures clauses are assumed to be true
without proof.
In addition to the .dfy files, the user may supply
C# files (.cs) and dynamic linked libraries (.dll) on
command line. These will be passed onto the C# compiler,
the .cs files as sources, and the .dll files as references.
As part of this change the grammar was refactored some.
New productions are
- TopDecls - a list of top-level declarations.
- TopDecl - a single top-level declaration
- DeclModifiers - a list of declaration modifiers which are
either 'abstract', 'ghost', 'static', 'protected', or 'extern'.
They can be in any order and we diagnose duplicates.
In addition, since they are not all allowed in all contexts,
we check and give diagnostics if an DeclModifier appears
where it is not allowed.
|
| |
|
|
| |
that they don't show up in the VS IDE
|
| |
|
|
| |
bound as undetermined so that iteration will continue.
|
| |
|
|
| |
in MakeAbstractSignature.
|
| |
|
|
| |
trying to substitute the nested CasePattern with the BoundVar.
|
| |
|
|
| |
the auto-triggers can be computed for ForallStmt.
|
| | |
|
| |
|
|
| |
it does not depend on the order they appeared.
|
| |
|
|
|
| |
The old syntax, D[f := E], is still supported for a short while, but generates a warning about that syntax being deprecated.
The new syntax also supports multiple updates: D.(f := E0, g := E1, h := E2)
|
| | |
|
| |
|
|
|
|
| |
itself,
as well as the signature and body of other functions.
|
| |
|
|
|
|
|
| |
existential if guards.
Fixed bugs in ghost checks involving comprehensions and attributes.
Added SubstituteBoundedPool method.
|
| |
|
|
| |
of "if" statements.
|
| |
|
|
|
|
|
| |
predicates/lemmas (this fixes an item from the wishlist).
Include in hover text the extreme predicates for which an extreme lemmas has been rewritten (but don't include ==# in this list--or should it perhaps be included?).
Under a (temporary) switch /rewriteFocalPredicates, each use of a focal predicate P in a prefix lemma is rewritten into P#[_k-1].
|
| | |
|
| |\ |
|
| | |
| |
| |
| | |
Moved all bounds discovery to resolution pass 1.
|
| | |
| |
| |
| |
| | |
'break' statements out of ghost structures. This is now done in pass 2 by
looking at the .IsGhost field of the target statement.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
pass 0.
Fixed resolution of specification components of alternative loops.
|
| | |
| |
| |
| |
| |
| |
| | |
Other clean-up in resolution passes, like:
Include everything of type "char" into bounds that are discovered, and likewise for reference types.
Allow more set comprehensions, determining if they are finite based on their argument type.
Changed CalcExpr.SubExpressions to not include computed expressions.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
ENABLE_IRONDAFNY is defined but this isn't critical and will be addressed shortly.
|
| | | |
|
| |/
|
|
| |
for way to build up and later solve type constraints.
|
| |\ |
|
| | | |
|
| |/
|
|
| |
reference equality
|
| | |
|
| |\ |
|
| | | |
|
| | |\
| |/
|/|
| |
| | |
Changes that were needed included preventing the InductionRewriter from
iterating on a SplitQuantifier and using the new error reporting engine.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This requires rewriting the parts of the AST that contain these quantifiers. We
unfortunately don't have facilities to do such rewrites at the moment (and there
are loops in the AST, so it would be hard to write such a facility). As a
workaround, this commit introduces a field in quantifier expressions,
SplitQuantifiers. Code that manipulate triggers is expected to look for this
field, and ignore the other fields if that one is found.
|
| | | |
|
| | |
| |
| |
| |
| | |
The new error reporting system has a simpler interface, isn't tied to the
resolver, and contains error source information.
|
| | | |
|
| |/
|
|
|
| |
Generate warnings for malformed :induction arguments.
Removed the functionality that allowed induction on 'this'.
|
| | |
|
qunyanm
Richard L. Ford
Bryan Parno
Michael Lowell Roberts
Clément Pit--Claudel