1. 15 Mar, 2015 1 commit
  2. 02 Mar, 2015 1 commit
  3. 25 Feb, 2015 1 commit
  4. 24 Feb, 2015 1 commit
  5. 16 Feb, 2015 3 commits
  6. 13 Feb, 2015 1 commit
  7. 08 Feb, 2015 4 commits
    • Robbert Krebbers's avatar
      Improve case_option_guard to destruct on decide P in case of mguard P. · 6f504682
      Robbert Krebbers authored
      First it would destruct on the decider, which sometimes would result
      in unfolded hypotheses.
      6f504682
    • Robbert Krebbers's avatar
      Improve name generation in the injection' tactic. · 330702cc
      Robbert Krebbers authored
      The tactic "injection' H" now uses the name "H" for the first hypothesis it
      generates. Fresh names will still be used for the remaining hypotheses.
      330702cc
    • Robbert Krebbers's avatar
      Update copyright headers. · 5a73c4ed
      Robbert Krebbers authored
      5a73c4ed
    • Robbert Krebbers's avatar
      Support function pointers and use a state monad in the frontend. · b2109c25
      Robbert Krebbers authored
      Important changes in the core semantics:
      * Types extended with function types. Since function types are a special kind
        of pointer types, types now have an additional mutual part called "ptr_type".
      * Pointers extended with function pointers. Theses are just names that refer
        to an actual function in the function environment.
      * Typing environments extended to assign argument and return types to function
        names. Before we used a separate environment for these, but since the
        argument and return types are already needed to type function pointers, this
        environment would appear in pretty much every typing judgment.
      
      As a side-effect, the frontend has been rewritten entirely. The important
      changes are:
      
      * Type checking of expressions is more involved: there is a special kind of
        expression type corresponding to a function designator.
      * To handle things like block scoped extern function, more state-fullness was
        needed. To prepare for future extensions, the entire frontend now uses a
        state monad.
      b2109c25
  8. 31 Jan, 2015 1 commit
    • Robbert Krebbers's avatar
      Support alignment. · 8b7ea9be
      Robbert Krebbers authored
      Type environments now describe alignment, this allows to:
      * Prove properties about alignment, for example that bit offsets
        of addresses are always aligned.
      * Support align_of expressions in the frontend.
      8b7ea9be
  9. 29 Jan, 2015 2 commits
  10. 27 Jan, 2015 1 commit
    • Robbert Krebbers's avatar
      Let the malloc expression non-deterministically yield NULL. · fdcc90dd
      Robbert Krebbers authored
      * This behavior is "implementation defined" and can be turned on and off
        using the Boolean field "alloc_can_fail" of the class "Env".
      * The expression "EAlloc" is now an r-value of pointer type instead of an
        l-value.
      * The executable semantics for expressions is now non-deterministic. Hence,
        some proofs had to be revised.
      fdcc90dd
  11. 25 Jan, 2015 2 commits
  12. 23 Dec, 2014 1 commit
    • Robbert Krebbers's avatar
      More lenient pointer equality. · 914f32ee
      Robbert Krebbers authored
      Pointer equality is now defined using absolute object offsets. The treatment
      is similar to CompCert:
      
      * Equality of pointers in the same object is defined provided the object has
        not been deallocated.
      * Equality of pointers in different objects is defined provided both pointers
        have not been deallocated and both are strict (i.e. not end-of-array).
      
      Thus, pointer equality is defined for all pointers that are not-end-of-array
      and have not been deallocated. The following examples have defined behavior:
      
        int x, y;
        printf("%d\n", &x == &y);
        int *p = malloc(sizeof(int)), *q = malloc(sizeof(int));
        printf("%d\n", p == q);
        struct S { int a; int b; } s, *r = &s;
        printf("%d\n", &s.a + 1 == &(r->b));
      
      The following not:
      
        int x, y;
        printf("%d\n", &x + 1 == &y);
      914f32ee
  13. 17 Dec, 2014 1 commit
  14. 16 Dec, 2014 1 commit
    • Robbert Krebbers's avatar
      Allow frozen pointer annotations to be refined. · 26917d00
      Robbert Krebbers authored
      The refinement relation on addresses allows union references to be refined:
      
        (β2 → β1) → RUnion i s β1 ⊆ RUnion i s β2
      
      The result is that frozen values are below their unfrozen variant, which made
      it possible to prove that constant propagation (see constant_propagation.v) can
      be performed on the level of the memory model.
      26917d00
  15. 23 Nov, 2014 1 commit
  16. 15 Nov, 2014 1 commit
    • Robbert Krebbers's avatar
      More accurate formalization of integer ranks. · da7a14bb
      Robbert Krebbers authored
      Integers with the same size, are no longer supposed to have the same rank. As a
      result, the C integer types (char, short, int, long, long long) are different
      (and thus cannot alias) even if they have the same size. We now have to use a
      more involved definition of integer promotions and usual arithmetic conversions.
      However, this new definition follows the C standard literally.
      da7a14bb
  17. 06 Nov, 2014 1 commit
  18. 10 Oct, 2014 1 commit
  19. 08 Oct, 2014 1 commit
    • Robbert Krebbers's avatar
      Allow memory refinements to behave like simple renaming. · c5c0d373
      Robbert Krebbers authored
      Memory refinements now carry a boolean parameter that has the following
      meaning:
      
      [false] : Behave like a simple renaming of memories that merely allows to
                permute object identifiers. It does not allow to refine memories
                into a more defined version.
      [true]  : Behave like before. Objects can be injected, and memory contents can
                be refined into a more defined variant.
      
      We make refinements parametric in these two variant to avoid code duplication,
      and because the [false] variant is a special case of the [true] variant.
      
      For completeness of the executable semantics, we now use the [false] variant.
      c5c0d373
  20. 07 Oct, 2014 1 commit
  21. 03 Oct, 2014 1 commit
  22. 30 Sep, 2014 2 commits
  23. 24 Sep, 2014 1 commit
  24. 16 Sep, 2014 1 commit
  25. 13 Sep, 2014 1 commit
  26. 12 Sep, 2014 2 commits
  27. 06 Sep, 2014 4 commits
  28. 03 Sep, 2014 1 commit