1. 11 Mar, 2017 1 commit
2. 09 Mar, 2017 1 commit
3. 22 Feb, 2017 1 commit
4. 31 Jan, 2017 3 commits
5. 16 Nov, 2016 1 commit
6. 07 Nov, 2016 1 commit
7. 04 Oct, 2016 2 commits
8. 20 Sep, 2016 1 commit
9. 09 Sep, 2016 2 commits
10. 22 Aug, 2016 1 commit
11. 04 Aug, 2016 2 commits
12. 03 Jul, 2016 2 commits
13. 26 Feb, 2016 1 commit
14. 20 Feb, 2016 1 commit
15. 17 Feb, 2016 2 commits
• Rename simplify_equality like tactics. · 20690605
Robbert Krebbers authored
```simplify_equality        => simplify_eq
simplify_equality'       => simplify_eq/=
simplify_map_equality    => simplify_map_eq
simplify_map_equality'   => simplify_map_eq/=
simplify_option_equality => simplify_option_eq
simplify_list_equality   => simplify_list_eq
f_equal'                 => f_equal/=

The /= suffixes (meaning: do simpl) are inspired by ssreflect.```
• Use scheme - then + then * for bullets. · 9774ce9c
Robbert Krebbers authored
16. 13 Feb, 2016 1 commit
17. 11 Feb, 2016 3 commits
• Shorter names for common math notions. · 44b18f4d
Robbert Krebbers authored
`Also do some minor clean up.`
• Revert "prelude: add notation for > and >= for all kinds of numbers" · 7ebc1859
Robbert Krebbers authored
```This reverts commit 24fa20e5f8a2042caa19f1f6505102c5434cce54.

Although these symmetric variants sometimes look "better", they
are really annoying and should IMHO never be used:

1.) For lemmas there is now a choice between >= and <=. Since there is
no longer a canonical choice, it is very easy to introduce a lot of
inconsistencies in statements of lemmas.

2.) For automation the situation becomes annoying, you have to built in
stuff for both >= and <=. That is very error-prone.

3.) For N and Z the notions x <= y and y >= x are not even convertible!
That means that done/by does not solve x <= y if you have y >= x and if
avoids you applying certain lemmas.```
18. 12 Jan, 2016 1 commit
19. 11 Dec, 2015 1 commit
20. 08 Dec, 2015 1 commit
21. 16 Nov, 2015 1 commit
22. 01 Feb, 2017 2 commits
• Port to Coq 8.5 beta 2. · 02f213ce
Robbert Krebbers authored
```The port makes the following notable changes:

* The carrier types of separation algebras and integer environments are no
longer in Set. Now they have a type at a fixed type level above Set. This
both works better in 8.5 and makes the formalization more general.
I have tried putting them at polymorphic type levels, but that increased the
compilation time by an order of magnitude.
* I am using a custom f_equal tactic written in Ltac to circumvent bug #4069.
That bug has been fixed, so this custom tactic can be removed when the next
beta of 8.5 is out.```
• Misc prelude omissions. · 462ea92a
Robbert Krebbers authored
23. 08 Feb, 2015 1 commit
24. 31 Jan, 2015 1 commit
• Support alignment. · 8b7ea9be
Robbert Krebbers authored
```Type environments now describe alignment, this allows to:
* Prove properties about alignment, for example that bit offsets
* Support align_of expressions in the frontend.```
25. 15 Nov, 2014 1 commit
• More accurate formalization of integer ranks. · da7a14bb
Robbert Krebbers authored
```Integers with the same size, are no longer supposed to have the same rank. As a
result, the C integer types (char, short, int, long, long long) are different
(and thus cannot alias) even if they have the same size. We now have to use a
more involved definition of integer promotions and usual arithmetic conversions.
However, this new definition follows the C standard literally.```
26. 25 Aug, 2014 1 commit
27. 25 Jun, 2014 1 commit
• Fix bugs in pointer operations · baaee9e0
Robbert Krebbers authored
```* Equality comparison of NULL and non NULL pointers should be defined
* Pointer comparisons, casts, and truth should only be defined for pointers
that are alive
* Treat dead pointers as indeterminate values in refinements. The proofs that
all operations preserve refinement indicate that dead pointers can be indeed
by replaced by anything without affecting the program's behavior.```
28. 16 Jun, 2014 1 commit
• Changes in preparation of the C type system and C front-end language · 3503a91f
Robbert Krebbers authored
```Major changes:
* Make void a base type, and include a proper void base value. This is necessary
because expressions (free, functions without return value) can yield a void.
We now also allow void casts conforming to the C standard.
* Various missing lemmas about typing, weakening, decidability, ...
* The operations "free" and "alloc" now operate on l-values instead of r-values.
This removes some duplication.
* Improve notations of expressions and statements. Change the presence of the
operators conforming to the C standard.

Small changes:
* Use the classes "Typed" and "TypeCheck" for validity of indexes in memory.
This gives more uniform notations.
* New tactic "typed_inversion" performs inversion on an inductive predicate
of type "Typed" and folds the premises.
* Remove a horrible hack in the definitions of the classes "FMap", "MBind",
"OMap", "Alter" that was used to let "simpl" behave better. Instead, we have
defined a tactic "csimpl" that folds the results after performing an
ordinary "simpl".
* Fast operation to remove duplicates from lists using hashsets.
* Make various type constructors (mainly finite map implementations) universe
polymorphic by packing them into an inductive. This way, the whole C syntax
can live in type, avoiding the need for (slow) universe checks.```
29. 02 May, 2014 2 commits