This is a verification condition generator for annotated Qhasm programs.
An annotation of a Qhasm program specifies assumptions and properties of the
program. Details of the annotation language can be found in the directory
"doc". The outputted verification conditions can be verified by Boolector
(or other SMT solvers that support bit-vector and array theories).

COMPILATION
===========

Objective-Caml (OCaml) is required before compilation. The compilation is
done by

  make

A binary "qv.native" will be created after compilation.

BASIC USAGE
===========

Given an annotated Qhasm program QProg, its verification conditions can be
generated by

  ./qv.native QProg

By default, verification conditions in Boolector are generated. The generated
verification conditions with file names QProg-vc-?.btor (where ? is the ID of
a verification condition) will be placed under the directory "vc".

A verification condition QProg-vc-i.btor in Boolector can be verified by

  boolector -minisat QProg-vc-i.btor

If Boolector returns unsat for all verification conditions, it means that
Boolector cannot find any counterexample and thus the annotation is valid.

Verbose messages and counterexamples can be viewed by

  boolector -v -m -minisat QProg-vc-i.btor

ARGUMENTS
=========

-help

  Show all arguments of this tool.

-a

  Over-approximate verification conditions. This is done by discarding some
  assumptions considered useless (but may be useful in fact). As verification
  conditions are over-approximated with this argument, a counterexample may
  be spurious. Those verification conditions with counterexamples need to
  be verified again without this argument.

-c

  Specify a file containing predefined constants. See the file "consts" for
  examples.

-o

  Specify the output format.

-p

  Parse the input file only.

-s

  Split conjunctive assertions. For example, with this argument, an assertion
  "P && Q" in an annotated Qhasm program will result in two verification
  conditions, of which one corresponds to the validity of P while the other
  corresponds to the validity of Q.

RELATED LINKS
=============

Objective-Caml: http://caml.inria.fr/
Boolector: http://fmv.jku.at/boolector/
Z3: http://z3.codeplex.com/
STP Constraint Solver: https://sites.google.com/site/stpfastprover/
CVC4: http://cvc4.cs.nyu.edu/web/
