From 452c307284e1511e5c2d10b9615f4c9c15f010e2 Mon Sep 17 00:00:00 2001 From: Mikael Mayer Date: Fri, 20 Dec 2024 15:06:58 -0600 Subject: [PATCH] Release Dafny 4.9.1 --- RELEASE_NOTES.md | 90 +++++++++++++++++++++++++++++++++++++++++ docs/dev/news/5730.fix | 1 - docs/dev/news/5781.fix | 2 - docs/dev/news/5832.feat | 1 - docs/dev/news/5835.feat | 50 ----------------------- docs/dev/news/5875.fix | 1 - docs/dev/news/5876.fix | 1 - docs/dev/news/5877.fix | 1 - docs/dev/news/5882.fix | 1 - docs/dev/news/5891.feat | 1 - docs/dev/news/5894.feat | 1 - docs/dev/news/5917.feat | 1 - docs/dev/news/5927.fix | 1 - docs/dev/news/5939.fix | 1 - docs/dev/news/5967.fix | 1 - docs/dev/news/5972.fix | 1 - docs/dev/news/5986.fix | 1 - 17 files changed, 90 insertions(+), 66 deletions(-) delete mode 100644 docs/dev/news/5730.fix delete mode 100644 docs/dev/news/5781.fix delete mode 100644 docs/dev/news/5832.feat delete mode 100644 docs/dev/news/5835.feat delete mode 100644 docs/dev/news/5875.fix delete mode 100644 docs/dev/news/5876.fix delete mode 100644 docs/dev/news/5877.fix delete mode 100644 docs/dev/news/5882.fix delete mode 100644 docs/dev/news/5891.feat delete mode 100644 docs/dev/news/5894.feat delete mode 100644 docs/dev/news/5917.feat delete mode 100644 docs/dev/news/5927.fix delete mode 100644 docs/dev/news/5939.fix delete mode 100644 docs/dev/news/5967.fix delete mode 100644 docs/dev/news/5972.fix delete mode 100644 docs/dev/news/5986.fix diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 7cc9aad383..120b43fdc6 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -2,6 +2,96 @@ See [docs/dev/news/](docs/dev/news/). +# 4.9.1 + +## New features + +- Introduce the attributes {:isolate} and {:isolate "paths} that simplify the verification of an assertion by introducing additional verification jobs. {:isolate} can be applied to `assert`, `return` and `continue` statements. When using `{:isolate_assertions}` or `--isolate-assertions`, each return statement now creates a separate verification job for each ensures clause. Previously all ensures clauses where verified in a single job, for all return statements. (https://github.com/dafny-lang/dafny/pull/5832) + +- Fill in matching patterns for the quantifiers introduced by automatic induction to represent the induction hypothesis. Suppress the generation of the induction hypothesis if no such matching patterns are found. Enhance tooltips accordingly. This feature is added to stabilize verification, but by sometimes not generating induction hypotheses, some automatic proofs may no longer go through. For backward compatibility, use an explicit `{:induction ...}` where `...` is the list of variables to use for the induction-hypothesis quantifier. Additionally, use a `{:nowarn}` attribute to suppress any warning about lack of matching patterns. + + Improve the selection of induction variables. + + Allow codatatype equality in matching patterns and as a focal predicate for extreme predicates. + + More specifically: + + * If a lemma bears `{:induction x, y, z}`, where `x, y, z` is a subset of the lemma's parameters (in the same order + that the lemma gives them), then an induction hypothesis (IH) is generated. The IH quantifies over the + given variables. + + For an instance-member lemma, the variables may include the implicit `this` parameter. + + For an extreme lemma, the IH generated is the for corresponding prefix lemma, and the given variables may + include the implicit parameter `_k`. + + If good matching patterns are found for the quantifier, then these are indicated in tooltips. + If no patterns are found, then a warning is generated; except, if the lemma bears `{:nowarn}`, then only + an informational message is given. + + * If a lemma bears `{:induction}` or `{:induction true}`, then a list of induction variables is determined heuristically. + + If the list is empty, then a warning message is generated and no IH is generated. If the list is nonempty, + an IH is generated and the list of variables is indicated in a tooltip. + + If good matching patterns are found for the quantifier, then these are indicated in tooltips. + If no patterns are found, then a warning is generated; except, if the lemma bears {:nowarn}, then only + an informational message is given. + + * If a lemma bears `{:induction false}`, then no IH is generated. + + * If a lemma bears an `:induction` attribute other than those listed above, then an error is generated. + + * If a lemma bears no `:induction` attribute, and the `--manual-lemma-induction` flag is present, then no IH is generated. + + * Otherwise, a list of induction variables is determined heuristically. + + If this list is empty, then no IH is generated and no warning/info is given. + + If the list is nonempty, then the machinery looks for matching patterns for the IH quantifier. If none are + found, then no IH is generated. An informational message is generated, saying which candidate variables were + used and saying that no matching patterns were found. + + If patterns are found, then an IH is generated, the list of variables and the patterns are indicated in tooltips, + and the patterns are used with the IH quantifier. + + The pattern search can be overriden by providing patterns explicitly using the `{:inductionTrigger}` attribute. + This attribute has the same syntax as the `{:trigger}` attribute. Using an empty list of triggers restores + Dafny's legacy behavior (no triggers for lemma induction hypotheses). + (https://github.com/dafny-lang/dafny/pull/5835) + +- Accept `decreases to` and `nonincreases to` expressions with 0 LHSs and/or 0 RHSs, and allow parentheses to be omitted when there is 1 LHS and 1 RHS. (https://github.com/dafny-lang/dafny/pull/5891) + +- Allow forall statements in statement expressions (https://github.com/dafny-lang/dafny/pull/5894) + +- When using `--isolate-assertions` or `{:isolate_assertions}`, a separate assertion batch will be generated per pair of return statement and ensures clause. (https://github.com/dafny-lang/dafny/pull/5917) + +## Bug fixes + +- `{:only}` on members only affects verification on the current file. (https://github.com/dafny-lang/dafny/pull/5730) + +- Fixed a bug that caused "hide *" and "reveal *" not to work when used in statement expressions, + after a variable assignment occurred in the same expression. + (https://github.com/dafny-lang/dafny/pull/5781) + +- Fix malformed Boogie in function override checks (https://github.com/dafny-lang/dafny/pull/5875) + +- Fix soundness issue where the verifier had assumed properties of `this` already during the first phase of a constructor (https://github.com/dafny-lang/dafny/pull/5876) + +- Don't assume type information before binding variables (for let expressions and named function results) (https://github.com/dafny-lang/dafny/pull/5877) + +- Enable using reveal statement expression inside witness expressions (https://github.com/dafny-lang/dafny/pull/5882) + +- Fix formatting of var by statements (https://github.com/dafny-lang/dafny/pull/5927) + +- Fix bugs that occur when using `{:extern}` to export members (https://github.com/dafny-lang/dafny/pull/5939) + +- Fixed a bug that would cause the symbol verification tasks to be done multiple times when using module refinement (https://github.com/dafny-lang/dafny/pull/5967) + +- Map range requires equality for enclosing type to support equality (https://github.com/dafny-lang/dafny/pull/5972) + +- Improved code navigation for datatype update expressions (https://github.com/dafny-lang/dafny/pull/5986) + # 4.9.0 ## New features diff --git a/docs/dev/news/5730.fix b/docs/dev/news/5730.fix deleted file mode 100644 index 5fc9e9540e..0000000000 --- a/docs/dev/news/5730.fix +++ /dev/null @@ -1 +0,0 @@ -`{:only}` on members only affects verification on the current file. \ No newline at end of file diff --git a/docs/dev/news/5781.fix b/docs/dev/news/5781.fix deleted file mode 100644 index 9dc4f8ed7d..0000000000 --- a/docs/dev/news/5781.fix +++ /dev/null @@ -1,2 +0,0 @@ -Fixed a bug that caused "hide *" and "reveal *" not to work when used in statement expressions, -after a variable assignment occurred in the same expression. \ No newline at end of file diff --git a/docs/dev/news/5832.feat b/docs/dev/news/5832.feat deleted file mode 100644 index bb16a055ec..0000000000 --- a/docs/dev/news/5832.feat +++ /dev/null @@ -1 +0,0 @@ -Introduce the attributes {:isolate} and {:isolate "paths} that simplify the verification of an assertion by introducing additional verification jobs. {:isolate} can be applied to `assert`, `return` and `continue` statements. When using `{:isolate_assertions}` or `--isolate-assertions`, each return statement now creates a separate verification job for each ensures clause. Previously all ensures clauses where verified in a single job, for all return statements. \ No newline at end of file diff --git a/docs/dev/news/5835.feat b/docs/dev/news/5835.feat deleted file mode 100644 index daa626ee53..0000000000 --- a/docs/dev/news/5835.feat +++ /dev/null @@ -1,50 +0,0 @@ -Fill in matching patterns for the quantifiers introduced by automatic induction to represent the induction hypothesis. Suppress the generation of the induction hypothesis if no such matching patterns are found. Enhance tooltips accordingly. This feature is added to stabilize verification, but by sometimes not generating induction hypotheses, some automatic proofs may no longer go through. For backward compatibility, use an explicit `{:induction ...}` where `...` is the list of variables to use for the induction-hypothesis quantifier. Additionally, use a `{:nowarn}` attribute to suppress any warning about lack of matching patterns. - -Improve the selection of induction variables. - -Allow codatatype equality in matching patterns and as a focal predicate for extreme predicates. - -More specifically: - -* If a lemma bears `{:induction x, y, z}`, where `x, y, z` is a subset of the lemma's parameters (in the same order - that the lemma gives them), then an induction hypothesis (IH) is generated. The IH quantifies over the - given variables. - - For an instance-member lemma, the variables may include the implicit `this` parameter. - - For an extreme lemma, the IH generated is the for corresponding prefix lemma, and the given variables may - include the implicit parameter `_k`. - - If good matching patterns are found for the quantifier, then these are indicated in tooltips. - If no patterns are found, then a warning is generated; except, if the lemma bears `{:nowarn}`, then only - an informational message is given. - -* If a lemma bears `{:induction}` or `{:induction true}`, then a list of induction variables is determined heuristically. - - If the list is empty, then a warning message is generated and no IH is generated. If the list is nonempty, - an IH is generated and the list of variables is indicated in a tooltip. - - If good matching patterns are found for the quantifier, then these are indicated in tooltips. - If no patterns are found, then a warning is generated; except, if the lemma bears {:nowarn}, then only - an informational message is given. - -* If a lemma bears `{:induction false}`, then no IH is generated. - -* If a lemma bears an `:induction` attribute other than those listed above, then an error is generated. - -* If a lemma bears no `:induction` attribute, and the `--manual-lemma-induction` flag is present, then no IH is generated. - -* Otherwise, a list of induction variables is determined heuristically. - - If this list is empty, then no IH is generated and no warning/info is given. - - If the list is nonempty, then the machinery looks for matching patterns for the IH quantifier. If none are - found, then no IH is generated. An informational message is generated, saying which candidate variables were - used and saying that no matching patterns were found. - - If patterns are found, then an IH is generated, the list of variables and the patterns are indicated in tooltips, - and the patterns are used with the IH quantifier. - - The pattern search can be overriden by providing patterns explicitly using the `{:inductionTrigger}` attribute. - This attribute has the same syntax as the `{:trigger}` attribute. Using an empty list of triggers restores - Dafny's legacy behavior (no triggers for lemma induction hypotheses). diff --git a/docs/dev/news/5875.fix b/docs/dev/news/5875.fix deleted file mode 100644 index b9e9a9cc27..0000000000 --- a/docs/dev/news/5875.fix +++ /dev/null @@ -1 +0,0 @@ -Fix malformed Boogie in function override checks diff --git a/docs/dev/news/5876.fix b/docs/dev/news/5876.fix deleted file mode 100644 index e8dfa94713..0000000000 --- a/docs/dev/news/5876.fix +++ /dev/null @@ -1 +0,0 @@ -Fix soundness issue where the verifier had assumed properties of `this` already during the first phase of a constructor diff --git a/docs/dev/news/5877.fix b/docs/dev/news/5877.fix deleted file mode 100644 index e5744b9787..0000000000 --- a/docs/dev/news/5877.fix +++ /dev/null @@ -1 +0,0 @@ -Don't assume type information before binding variables (for let expressions and named function results) diff --git a/docs/dev/news/5882.fix b/docs/dev/news/5882.fix deleted file mode 100644 index 8764df4160..0000000000 --- a/docs/dev/news/5882.fix +++ /dev/null @@ -1 +0,0 @@ -Enable using reveal statement expression inside witness expressions \ No newline at end of file diff --git a/docs/dev/news/5891.feat b/docs/dev/news/5891.feat deleted file mode 100644 index 1339802520..0000000000 --- a/docs/dev/news/5891.feat +++ /dev/null @@ -1 +0,0 @@ -Accept `decreases to` and `nonincreases to` expressions with 0 LHSs and/or 0 RHSs, and allow parentheses to be omitted when there is 1 LHS and 1 RHS. diff --git a/docs/dev/news/5894.feat b/docs/dev/news/5894.feat deleted file mode 100644 index 9fe2145a7d..0000000000 --- a/docs/dev/news/5894.feat +++ /dev/null @@ -1 +0,0 @@ -Allow forall statements in statement expressions diff --git a/docs/dev/news/5917.feat b/docs/dev/news/5917.feat deleted file mode 100644 index 0303609187..0000000000 --- a/docs/dev/news/5917.feat +++ /dev/null @@ -1 +0,0 @@ -When using `--isolate-assertions` or `{:isolate_assertions}`, a separate assertion batch will be generated per pair of return statement and ensures clause. \ No newline at end of file diff --git a/docs/dev/news/5927.fix b/docs/dev/news/5927.fix deleted file mode 100644 index b1347e2992..0000000000 --- a/docs/dev/news/5927.fix +++ /dev/null @@ -1 +0,0 @@ -Fix formatting of var by statements \ No newline at end of file diff --git a/docs/dev/news/5939.fix b/docs/dev/news/5939.fix deleted file mode 100644 index 0454cd9b67..0000000000 --- a/docs/dev/news/5939.fix +++ /dev/null @@ -1 +0,0 @@ -Fix bugs that occur when using `{:extern}` to export members \ No newline at end of file diff --git a/docs/dev/news/5967.fix b/docs/dev/news/5967.fix deleted file mode 100644 index 6526d521ef..0000000000 --- a/docs/dev/news/5967.fix +++ /dev/null @@ -1 +0,0 @@ -Fixed a bug that would cause the symbol verification tasks to be done multiple times when using module refinement \ No newline at end of file diff --git a/docs/dev/news/5972.fix b/docs/dev/news/5972.fix deleted file mode 100644 index e2b8bb4f84..0000000000 --- a/docs/dev/news/5972.fix +++ /dev/null @@ -1 +0,0 @@ -Map range requires equality for enclosing type to support equality \ No newline at end of file diff --git a/docs/dev/news/5986.fix b/docs/dev/news/5986.fix deleted file mode 100644 index 9c5119efc9..0000000000 --- a/docs/dev/news/5986.fix +++ /dev/null @@ -1 +0,0 @@ -Improved code navigation for datatype update expressions \ No newline at end of file