Stack Overflow
Stack Overflow

Questions tagged [why3]

Why3 is a platform for deductive program verification. It provides rich language for specification and programming called WhyML. WhyML is also used as an intermediate language for the verification of C, Java or Ada programs

Why3 is a platform for deductive program verification. It provides a rich language for specification and programming, called WhyML, and relies on external theorem provers, both automated and interactive, to discharge verification conditions. Why3 comes with a standard library of logical theories (integer and real arithmetic, Boolean operations, sets and maps, etc.) and basic programming data structures (arrays, queues, hash tables, etc.). A user can write WhyML programs directly and get correct-by-construction OCaml programs through an automated extraction mechanism. WhyML is also used as an intermediate language for the verification of C, Java, or Ada programs.

31 questions
1
vote
1 answer

z3 4.3.2 fails to find a model for Why3-generated (satisfiable) goals

I'm trying to use Why3's Z3 back-end in order to retrieve models that can then be used to derive test cases exhibiting bugs in programs. However, Z3 version 4.3.2 seems unable to answer sat for any Why3 goal. It looks like some of the axiomatic…
Virgile
  • 9,724
  • 18
  • 42
1
vote
1 answer

Launching Frama-c neon with jessie

I have installed frama-c and why3 but when i try to launch frama-c I get an error with jessie3. frama-c -verbose 2 [kernel] warning: cannot load plug-in `Jessie3' (incompatible with Neon-20140301). The exact failure is: error loading shared…
Eric128
  • 11
  • 3
1
vote
1 answer

Learning how to prove Frama-C pre-condition goals

I have the following sample code: typedef struct { BYTE fs_type; /* FAT sub-type (0:Not mounted) */ BYTE drv; /* Physical drive number */ } FATFS_temp; FATFS_temp *FatFs_temp[1]; /* Pointer to the file system…
adrianX
  • 619
  • 7
  • 21
0
votes
1 answer

How to solve mismatch fragment

I intend to write permission in Fragment Kotlin. I have found a simple code for activity and decided to convert into my fragment but I have a error "mismatch". Can you assist me to solve this issue?textenter image description here I have thought to…
emad
  • 1
0
votes
0 answers

Install why3-coq on MacBook Pro

When I try to install why3-coq on my MacBook Pro, I got the following error message userde-MacBook-Pro:~ user$ opam install why3-coq [WARNING] Opam package conf-python-3.1.0.0 depends on the following system package that can no longer be…
Yu-Fang Chen
  • 37
  • 6
0
votes
1 answer

why do this defition in textbook return 2 values?

In this post I will do 3 things in order: A introduce the question B display the answer in the textbook to this question C show my doubt A introduce the question The question goes like this: (1) Make a list or tuple containing a series of 10…
littlebeauty
  • 9
  • 3
0
votes
1 answer

Synthesize a loop program that preserves the loop invariant and variant

I want to create a program which has the following prerequisites: invariant: y = x ∗ x ∧ z = y ∗ x ∧ x ≤ n variant: n − x Program structure is as follows: while How the program should looks like…
yontu
  • 37
  • 5
0
votes
1 answer

How to verify Why3 output of Proof Obligations

I believe I can generate proofs using why3 with different provers, frama-c -wp -wp-prover cvc4 -wp-rte -wp-out proof swap.c frama-c -wp -wp-prover z3-ce -wp-rte -wp-out proof swap.c frama-c -wp -wp-prover alt-ergo -wp-rte -wp-out proof swap.c This…
artless noise
  • 21,212
  • 6
  • 68
  • 105
0
votes
0 answers

frama-c wp plugin syntax error when using CVC4 prover

With a sample find.c file, I can prove it with no problem using default alt-ergo. But when change to cvc4 then getting warning messages and syntax error. Here the code: /*@ requires 0 <= n && \valid(a+(0..n-1)); assigns \nothing; ensures …
ratt
  • 115
  • 5
0
votes
1 answer

Calling my own function in a predicate in Why3

With the latest version of Why3 (1.0.0), when I attempt to do something like the following: let add_one (n: int) : int = n+1 predicate is_successor_of (n: int) (m: int) = m = add_one n I get an error of the form: File "../something.why", line x,…
Jay Kruer
  • 33
  • 5
0
votes
1 answer

Why I am unable to use Why3 API in my OCaml code?

I downloaded the Why3 tarball and installed using make and make install-lib as given in the documentation for Why3 API. But still when I do open Why3, ocamlc and utop complain unbound module Why3. Can someone please help me how to use Whye API from…
Abhishek Kumar
  • 729
  • 6
  • 20
0
votes
0 answers

Compilation of FromInt.v failing on MacOS (trying to use wp plugin with Coq)

If I try: frama-c -val -wp -wp-rte -wp-prover coq acsl-case-study.c then I get the following error: File "/var/folders/m5/pq77jvw12md76t51_6t51vfwhptwwy/T/wp7149b4.dir/coqwp/real/FromInt.v", line 22, characters 15-32: Error: The reference…
Dominic Mulligan
  • 456
  • 2
  • 10
0
votes
1 answer

Boolean pattern matching in Why3ML

In other ML-variants (such as SML) it is possible to do something like this: case l of (true, _) => false | (false,true) => false | (false,false) => true However, doing a similar thing using the Why3ML match declaration raises a syntax…
Derek Brown
  • 4,232
  • 4
  • 27
  • 44
0
votes
1 answer

How to call why3, from the command line, to access a prover with alternatives?

My configuration file includes alternative entries for different provers. When I execute why3 prove with that prover, then the output of why3 is a message informing that I have more than one prover in my configuration file with the given name, the…
dde
  • 150
  • 6
0
votes
1 answer

Is the mach.int library a default part of why3?

I'm trying to use 32-bit integers in a Why3 specification of a Simulink model, and I've found the mach.int library, that is, at least in one place, described as being part of the standard library. However, when I try to use it with the following…
Ben Hocking
  • 7,790
  • 5
  • 37
  • 52
1
2
3