1. 08 Sep, 2017 1 commit
  2. 15 Mar, 2017 1 commit
  3. 11 Mar, 2017 1 commit
  4. 09 Mar, 2017 1 commit
  5. 22 Feb, 2017 1 commit
  6. 31 Jan, 2017 3 commits
  7. 16 Nov, 2016 1 commit
  8. 07 Nov, 2016 1 commit
  9. 04 Oct, 2016 2 commits
  10. 20 Sep, 2016 1 commit
  11. 09 Sep, 2016 2 commits
  12. 22 Aug, 2016 1 commit
  13. 04 Aug, 2016 2 commits
  14. 03 Jul, 2016 2 commits
  15. 26 Feb, 2016 1 commit
  16. 20 Feb, 2016 1 commit
  17. 17 Feb, 2016 2 commits
  18. 13 Feb, 2016 1 commit
  19. 11 Feb, 2016 3 commits
    • Robbert Krebbers's avatar
      Shorter names for common math notions. · 44b18f4d
      Robbert Krebbers authored
      Also do some minor clean up.
      44b18f4d
    • Robbert Krebbers's avatar
      Revert "prelude: add notation for > and >= for all kinds of numbers" · 7ebc1859
      Robbert Krebbers authored
      This reverts commit 24fa20e5f8a2042caa19f1f6505102c5434cce54.
      
      Although these symmetric variants sometimes look "better", they
      are really annoying and should IMHO never be used:
      
      1.) For lemmas there is now a choice between >= and <=. Since there is
      no longer a canonical choice, it is very easy to introduce a lot of
      inconsistencies in statements of lemmas.
      
      2.) For automation the situation becomes annoying, you have to built in
      stuff for both >= and <=. That is very error-prone.
      
      3.) For N and Z the notions x <= y and y >= x are not even convertible!
      That means that done/by does not solve x <= y if you have y >= x and if
      avoids you applying certain lemmas.
      7ebc1859
    • Ralf Jung's avatar
      f4192019
  20. 12 Jan, 2016 1 commit
  21. 11 Dec, 2015 1 commit
  22. 08 Dec, 2015 1 commit
  23. 16 Nov, 2015 1 commit
  24. 01 Feb, 2017 2 commits
    • Robbert Krebbers's avatar
      Port to Coq 8.5 beta 2. · 02f213ce
      Robbert Krebbers authored
      The port makes the following notable changes:
      
      * The carrier types of separation algebras and integer environments are no
        longer in Set. Now they have a type at a fixed type level above Set. This
        both works better in 8.5 and makes the formalization more general.
        I have tried putting them at polymorphic type levels, but that increased the
        compilation time by an order of magnitude.
      * I am using a custom f_equal tactic written in Ltac to circumvent bug #4069.
        That bug has been fixed, so this custom tactic can be removed when the next
        beta of 8.5 is out.
      02f213ce
    • Robbert Krebbers's avatar
      Misc prelude omissions. · 462ea92a
      Robbert Krebbers authored
      462ea92a
  25. 08 Feb, 2015 1 commit
  26. 31 Jan, 2015 1 commit
    • Robbert Krebbers's avatar
      Support alignment. · 8b7ea9be
      Robbert Krebbers authored
      Type environments now describe alignment, this allows to:
      * Prove properties about alignment, for example that bit offsets
        of addresses are always aligned.
      * Support align_of expressions in the frontend.
      8b7ea9be
  27. 15 Nov, 2014 1 commit
    • Robbert Krebbers's avatar
      More accurate formalization of integer ranks. · da7a14bb
      Robbert Krebbers authored
      Integers with the same size, are no longer supposed to have the same rank. As a
      result, the C integer types (char, short, int, long, long long) are different
      (and thus cannot alias) even if they have the same size. We now have to use a
      more involved definition of integer promotions and usual arithmetic conversions.
      However, this new definition follows the C standard literally.
      da7a14bb
  28. 25 Aug, 2014 1 commit
  29. 25 Jun, 2014 1 commit
    • Robbert Krebbers's avatar
      Fix bugs in pointer operations · baaee9e0
      Robbert Krebbers authored
      * Equality comparison of NULL and non NULL pointers should be defined
      * Pointer comparisons, casts, and truth should only be defined for pointers
        that are alive
      * Treat dead pointers as indeterminate values in refinements. The proofs that
        all operations preserve refinement indicate that dead pointers can be indeed
        by replaced by anything without affecting the program's behavior.
      baaee9e0
  30. 16 Jun, 2014 1 commit
    • Robbert Krebbers's avatar
      Changes in preparation of the C type system and C front-end language · 3503a91f
      Robbert Krebbers authored
      Major changes:
      * Make void a base type, and include a proper void base value. This is necessary
        because expressions (free, functions without return value) can yield a void.
        We now also allow void casts conforming to the C standard.
      * Various missing lemmas about typing, weakening, decidability, ...
      * The operations "free" and "alloc" now operate on l-values instead of r-values.
        This removes some duplication.
      * Improve notations of expressions and statements. Change the presence of the
        operators conforming to the C standard.
      
      Small changes:
      * Use the classes "Typed" and "TypeCheck" for validity of indexes in memory.
        This gives more uniform notations.
      * New tactic "typed_inversion" performs inversion on an inductive predicate
        of type "Typed" and folds the premises.
      * Remove a horrible hack in the definitions of the classes "FMap", "MBind",
        "OMap", "Alter" that was used to let "simpl" behave better. Instead, we have
        defined a tactic "csimpl" that folds the results after performing an
        ordinary "simpl".
      * Fast operation to remove duplicates from lists using hashsets.
      * Make various type constructors (mainly finite map implementations) universe
        polymorphic by packing them into an inductive. This way, the whole C syntax
        can live in type, avoiding the need for (slow) universe checks.
      3503a91f