debian-dafny - Debian packaging for Dafny

	Commit message (Collapse)	Author	Age
*	Change the induction heuristic for lemmas to also look in precondition for ↵	leino	2015-08-12
\| \| \| \| \| \|	clues about which parameters to include. As a result, improved many test cases (see, e.g., dafny4/NipkowKlein-chapter7.dfy!) and beautified some others.
*	Renamed "ghost method" to "lemma" whenever appropriate (which is most of the ↵	Rustan Leino	2015-07-28
\| \| \| \| \| \|	time) in the test suite. Removed some assertions that have been rendered unnecessary because of the computations that Dafny instructs the SMT solver to do.
*	Stop pretty-print from emitting deprecated semi-colons.	qunyanm	2015-03-05
\|
*	Language change: All functions and methods declared lexically outside any ↵	leino	2014-12-12
\| \| \| \| \| \| \| \| \| \|	class are now automatically static, and fields are no longer allowed to be declared there. Stated differently, all heap state must now be declared inside an explicitly declared class, and functions and methods declared outside any class can be viewed as belonging to the module. The motivating benefit of this change is to no longer need the 'static' keyword when declaring a module of functions and methods.
*	Change behavior of 'decreases *', which can be applied to loops and methods. ↵	Rustan Leino	2014-08-19
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Now, loops that may possibly do an infinite number of iterations (that is, loops marked with 'decreases ') and calls to methods marked with 'decreases ' are allowed only in methods that themselves are marked with 'decreases '. As before, ghost loops and ghost methods are not allowed to be marked with 'decreases '. Previously, 'decreases ' was allowed on a method only if the method was tail recursive; this is no longer so. Note, however, that if the method is not tail recursive and engages in infinite recursion, then it will eventually run out of stack space. Previously, a 'decreases ' was not inherited in a refining module; this is no longer so. That is, 'decreases ' is now inherited. To refine a possibly non-terminating method or loop, the refining version simply provides a decreases clause that does not mention ''. Note that if the refined method is not recursive, it still needs to have _some_ decreases clause in order not to inherit the 'decreases ' from the refined method, but the expression stated in the decreases clause can be arbitrary (for example, one can write 'decreases true' or 'decreases 7' or 'decreases x' for some 'x' in scope). Note, in the new design, a method needs to be declared with 'decreases ' if it may recurse forever _or_ if it contains a possibly infinite loop. Note that the absence of 'decreases ' on a loop does not mean the loop will terminate, but it does mean that the loop will iterate a finite number of times (the subtle distinction here is that a loop without a 'decreases ' is allowed to contain a nested loop that has a 'decreases ' -- provided the enclosing method is also declared with 'decreases ', as previously mentioned).
*	Merge	Rustan Leino	2014-07-08
\|\
* \|	Cleaned up a test program	Rustan Leino	2014-07-08
\| \|
\| *	Merge	Dan Rosén	2014-07-07
\| \|\ \| \|/ \|/\|
\| *	New logical encoding of types with Is and IsAlloc	Dan Rosén	2014-07-07
\| \|
* \|	Removed the old test infrastructure.	wuestholz	2014-07-01
\| \|
* \|	Invert LHS sub-expressions in forall assignment statements, which gives the ↵	Rustan Leino	2014-06-24
\|/ \| \| \|	opportunity to designate a good trigger.
*	Set up the same test infrastructure as in Boogie.	wuestholz	2014-05-29
\|
*	Removed unused declaration	Rustan Leino	2014-01-03
\|
*	Changed BreadthFirstSearch example to no longer use "inductive naturals", ↵	Rustan Leino	2014-01-03
\| \| \| \| \| \|	sequences, or roll-it-yourself maps. Instead, use "nat", List, and "map". Use VC splitting to combat performance issues.
*	Add support for the /verifySeparately flag in Boogie and change most tests ↵	wuestholz	2013-12-18
\| \| \| \|	to use it.
*	Added an assert to help the theorem prover out in the RingBuffer.Enqueue method.	Rustan Leino	2013-07-29
\|
*	Changed ranking function for Seq, so that it's compatible with data types.	Unknown	2013-06-26
\|
*	Beefed up axioms about cardinality and the empty (multi)set, which fixes ↵	Rustan Leino	2013-06-20
\| \| \| \| \| \|	Issue 17 on dafny.codeplex.com. Added information that allows multiset members to be unboxed as needed (mimicking what was already done for sets).
*	Made Test/vstte2012/RingBuffer.dfy and Test/dafny1/ExtensibleArray.dfy more ↵	Rustan Leino	2013-04-22
\| \| \| \| \| \| \|	similar to RingBufferAuto.dfy and ExtensibleArrayAuto.dfy, respectively, so that the effect of {:autocontracts} is more easily seen.
*	The "choose" statement, hacky and specialized as it was, is now gone. Use ↵	Rustan Leino	2013-03-27
\| \| \| \|	the assign-such-that statement instead. For example: x :\| x in S;
*	Adjustments in the /vcsMaxKeepGoingSplits flag in the test suite	Rustan Leino	2013-03-09
\|
*	Renamed "parallel" statement to "forall" statement, and made the parentheses ↵	Rustan Leino	2013-03-06
\| \| \| \|	around the bound variables optional.
*	Reverted some accidental changes to a test case	Rustan Leino	2013-02-11
\|
*	Renamed a variable in some test cases	Rustan Leino	2013-02-02
\|
*	Fixed some goof-ups in the test script edits	Rustan Leino	2012-10-04
\| \| \| \|	Changed the test output to make it easier to spot (in the console output) that everything passed with success or if there were any failures
*	Added Test/dafny3 and another test file for iterators (hey, you can even run ↵	Rustan Leino	2012-10-04
\| \| \| \| \| \|	Iter.dfy!) Fixed migration issues
*	Dafny: reinstated autocontracts	Jason Koenig	2012-07-02
\|
*	Dafny: fixed up test suite (temporarily removed autocontract tests)	Jason Koenig	2012-06-28
\|
*	Undo bad merge.	afd	2012-06-27
\|
*	Merge	Unknown	2012-06-25
\|\
\| *	Dafny: Since it's no longer true that all types support equality at run-time ↵	Unknown	2012-06-21
\| \| \| \| \| \| \| \|	(in particular, codatatypes), Dafny needs to check this. In these changes, Dafny supports the "(==)" suffix to type parameters, infers that suffix in some cases, and enforces equality support in many places. Refinement and datatypes still need more attention in the Dafny implementation.
* \|	Merged with default.	chmaria	2012-06-18
\|\\|
\| *	Dafny: cleaned up test scripts a little	Unknown	2012-06-14
\| \|
* \|	Dafny: Added tests.	chmaria	2012-06-12
\|/
*	Dafny: removed a now-inferred type-parameter instantiation in a test file	Unknown	2012-03-07
\|
*	Dafny: added ghost modules (the meaning is simply that such a module will ↵	Rustan Leino	2012-03-07
\| \| \| \| \| \| \|	not be compiled) Dafny: improved :autocontracts heuristic for detecting "simple query method" Dafny: fixed some bugs
*	Dafny: added experimental feature {:autocontracts} to de-clutter idiomatic ↵	Unknown	2012-03-05
\| \| \| \|	specifications
*	Dafny: call C# compiler directly from inside Dafny, and optionally produce a ↵	Rustan Leino	2011-11-22
\| \| \| \|	.cs file with the new /spillTargetCode switch
*	Added Dafny solutions to the VSTTE 2012 program verification competition	Rustan Leino	2011-11-15