INForum 2024

Installation & Configuration

To install both Cameleer and Gospel, one should use a specific branch of a fork. Start by cloning Cameleer and Gospel, and checkout to the origin/iteration branch on both forks.

I recommend making a new opam switch (naming it inforum, for example) with the 4.14.0 base compiler:

opam switch inforum 4.14.0
eval $(opam env --switch=inforum)

Then, one should first install Gospel and Cameleer (on the origin/iteration branches), with the following command in both directories:

opam pin add . kind=path
eval $(opam env)

If everything was successful, one should now be able to run cameleer.

Code and Specification

A zip with the full list of examples can be found here. One strategy that can be used, in Why3, is to select a Verification Condition or Module and press R, this will re-run the saved session.

Statistics (Per Module)

Seq
ObligationsAlt-Ergo 2.5.2Z3 4.12.4
List.S.Fold.permitted_empty0.05---
List.S.Iter.permitted_empty0.05---
VC for sum_of_seq------
split_vc
loop invariant init0.09---
precondition0.09---
precondition0.07---
loop variant decrease0.09---
loop invariant preservation8.30---
postcondition---0.30
VC for queue_of_seq0.50---
VC for noccs_of_seq---0.45
VC for max_of_seq---0.15
VC for stack_of_seq2.26---
Oper
ObligationsAlt-Ergo 2.5.2CVC4 1.7
equal_hashes_COMPARABLE0.07---
VC for gt------
exists (empty1: fset t)
gt'vc.0------
exists ( fun(_: t) -> empty1: fset t)
gt'vc.0.00.06---
Oper.G.Fold_vertex.permitted_empty0.08---
Oper.G.Fold_succ.permitted_empty0.07---
Oper.G.Fold_succ_e.permitted_empty0.09---
Oper.G.Fold_edges.permitted_empty0.08---
VC for copy_vertices------
split_vc
loop invariant init0.09---
precondition0.08---
precondition0.07---
loop variant decrease0.11---
loop invariant preservation0.27---
postcondition0.10---
postcondition0.07---
VC for intersect------
split_vc
loop invariant init0.12---
precondition0.09---
precondition0.07---
loop invariant init0.84---
precondition0.11---
precondition0.08---
loop variant decrease0.17---
loop invariant preservation------
split_vc
loop invariant preservation1.05---
loop invariant preservation0.98---
loop variant decrease0.19---
loop invariant preservation0.19---
loop variant decrease0.15---
loop invariant preservation0.51---
postcondition0.24---
postcondition0.12---
VC for mirror------
split_vc
loop invariant init0.15---
precondition0.10---
precondition0.10---
loop variant decrease0.10---
loop invariant preservation---1.32
postcondition0.16---
postcondition0.11---
VC for complement------
split_vc
loop invariant init0.40---
precondition0.08---
precondition0.08---
loop invariant init1.47---
precondition0.09---
precondition0.09---
loop variant decrease0.16---
loop invariant preservation------
split_vc
loop invariant preservation1.12---
loop invariant preservation4.26---
loop variant decrease0.20---
loop invariant preservation0.47---
postcondition0.13---
postcondition0.09---
postcondition0.11---
VC for union------
split_vc
loop invariant init0.24---
precondition0.08---
precondition0.08---
loop invariant init1.65---
precondition0.09---
precondition0.08---
loop variant decrease0.18---
loop invariant preservation------
split_vc
loop invariant preservation---2.41
loop variant decrease0.24---
loop invariant preservation0.37---
postcondition0.09---
postcondition---0.62
Path
ObligationsAlt-Ergo 2.5.2CVC4 1.7
seq_cons0.04---
equal_hashes_HASHABLE0.04---
equal_hashes_COMPARABLE0.04---
VC for gt------
exists (empty1: fset t)
gt'vc.0------
exists (fun(_:t) -> empty1: fset t)
gt'vc.0.00.06---
Check.G.Iter_succ.permitted_empty0.04---
Check.path_suc------
split_vc
path_suc.0------
unfold has_path
path_suc.0.0------
unfold has_path in H1
path_suc.0.0.0------
introduce_exists
path_suc.0.0.0.0------
exists (snoc p v3)
path_suc.0.0.0.0.00.11---
Check.edge_path0.06---
Check.self_path0.10---
VC for intermediate_value_func2.67---
Check.intermediate_value------
split_vc
intermediate_value.0------
instantiate intermediate_value_func'spec p,u,v
intermediate_value.0.0------
instantiate Hinst (to_list s)
intermediate_value.0.0.0------
instantiate Hinst g
intermediate_value.0.0.0.0------
destruct_rec Hinst
destruct premise0.04---
destruct premise0.05---
destruct premise0.25---
intermediate_value.0.0.0.0.30.44---
VC for check_path------
split_vc
postcondition0.08---
postcondition0.08---
postcondition0.08---
postcondition0.05---
postcondition0.05---
postcondition0.06---
postcondition0.08---
postcondition0.06---
postcondition0.07---
postcondition0.09---
postcondition0.08---
postcondition0.06---
postcondition0.14---
postcondition0.37---
postcondition1.91---
postcondition0.09---
postcondition0.08---
postcondition0.11---
postcondition0.08---
postcondition------
unfold disjoint
VC for check_path2.20---
postcondition0.10---
postcondition0.14---
postcondition0.52---
postcondition0.09---
precondition0.35---
loop invariant init------
split_vc
loop invariant init------
inline_goal
loop invariant init------
split_all_full
VC for check_path0.11---
VC for check_path0.54---
VC for check_path0.11---
VC for check_path1.32---
split_vc
VC for check_path1.32---
VC for check_path0.10---
VC for check_path0.13---
VC for check_path------
unfold disjoint
VC for check_path------
split_vc
VC for check_path0.86---
VC for check_path0.93---
VC for check_path0.12---
VC for check_path0.78---
VC for check_path0.09---
VC for check_path0.09---
VC for check_path0.09---
VC for check_path------
inline_goal
VC for check_path0.11---
precondition0.11---
precondition0.10---
loop variant decrease0.42---
loop invariant preservation------
split_vc
loop invariant preservation------
inline_goal
loop invariant preservation------
split_all_full
VC for check_path0.08---
VC for check_path1.01---
VC for check_path------
split_vc
VC for check_path------
inline_goal
VC for check_path---12.84
VC for check_path0.50---
VC for check_path4.52---
VC for check_path0.45---
VC for check_path5.02---
VC for check_path0.17---
VC for check_path0.46---
VC for check_path0.08---
VC for check_path0.11---
VC for check_path0.18---
VC for check_path0.82---
loop variant decrease0.47---
loop invariant preservation1.28---
variant decrease0.37---
precondition------
case (mem3 v1 q.view2)
true case (precondition)0.09---
false case (precondition)------
case (mem3 v2 q.view2)
false case (true case. precondition)0.34---
false case (precondition)------
assert (not mem1 v2 visited.dom)
asserted formula0.06---
false case (precondition)------
assert (mem1 v1 visited.dom)
asserted formula0.08---
false case (precondition)------
instantiate intermediate_value (fun x -> mem1 x visited.dom)
false case (precondition)------
instantiate Hinst v1,v2
false case (precondition)------
unfold has_path in H
false case (precondition)------
introduce_exists
false case (precondition)------
instantiate Hinst p,graph
false case (precondition)------
destruct Hinst
destruct premise0.07---
false case (precondition)------
destruct Hinst
destruct premise0.07---
false case (precondition)------
destruct Hinst
destruct premise0.06---
false case (precondition)------
introduce_exists
false case (precondition)------
exists v'
check_path'vc.33.1.1.1.1.0.0.0.0.0.1.1.1.0.01.70---
precondition0.10---
precondition0.19---
precondition0.36---
precondition------
assert (forall vt. mem4 vt sucs -> mem1 vt graph.dom1)
asserted formula0.10---
precondition0.09---
precondition0.10---
precondition0.11---
precondition0.11---
precondition0.17---
precondition------
split_vc
precondition0.40---
precondition0.16---
precondition0.17---
precondition0.08---
postcondition0.10---
postcondition0.10---
postcondition0.10---
postcondition0.08---
postcondition0.09---
postcondition0.12---
postcondition0.10---
postcondition0.09---
postcondition0.11---
postcondition0.29---
postcondition0.12---
postcondition0.10---
exceptional postcondition0.09---
precondition0.11---
precondition0.11---
precondition0.11---
precondition0.18---
precondition0.19---
precondition0.20---
precondition0.23---
precondition0.41---
precondition0.11---
precondition0.23---
precondition0.12---
precondition0.16---
precondition0.09---
postcondition0.08---
Tree
ObligationsAlt-Ergo 2.5.2
Tree.T.Fold.permitted_empty0.06
Tree.T.Fold_level.permitted_empty0.07
Tree.T.Iter.permitted_empty0.05
VC for sum_tree---
split_vc
loop invariant init0.06
precondition0.08
precondition0.05
loop variant decrease0.08
loop invariant preservation15.34
VC for tree_height0.08

Platform used

The benchmarks were conducted on a machine with a processor i5-2520M 2 cores @ 3.2GHz; 12Gb RAM; 64-bit linux kernel 6.9.5.