 30 May, 2016 1 commit


Robbert Krebbers authored

 27 May, 2016 1 commit


Robbert Krebbers authored

 21 Mar, 2016 1 commit


Robbert Krebbers authored

 21 Feb, 2016 1 commit


Ralf Jung authored

 20 Feb, 2016 1 commit


Ralf Jung authored

 19 Feb, 2016 1 commit


Robbert Krebbers authored

 17 Feb, 2016 3 commits


Robbert Krebbers authored
simplify_equality => simplify_eq simplify_equality' => simplify_eq/= simplify_map_equality => simplify_map_eq simplify_map_equality' => simplify_map_eq/= simplify_option_equality => simplify_option_eq simplify_list_equality => simplify_list_eq f_equal' => f_equal/= The /= suffixes (meaning: do simpl) are inspired by ssreflect.

Robbert Krebbers authored

Robbert Krebbers authored

 16 Feb, 2016 1 commit


Robbert Krebbers authored
The singleton maps notation is now also more consistent with the insert <[_ := _]> _ notation for maps.

 14 Feb, 2016 2 commits


Robbert Krebbers authored

Robbert Krebbers authored

 13 Feb, 2016 2 commits


Robbert Krebbers authored

Robbert Krebbers authored
Also, make our redefinition of done more robust under different orders of Importing modules.

 11 Feb, 2016 1 commit


Robbert Krebbers authored
Also do some minor clean up.

 16 Jan, 2016 1 commit


Robbert Krebbers authored

 14 Jan, 2016 1 commit


Robbert Krebbers authored

 12 Jan, 2016 1 commit


Robbert Krebbers authored

 21 Dec, 2015 1 commit


Robbert Krebbers authored

 15 Dec, 2015 2 commits


Robbert Krebbers authored

Robbert Krebbers authored

 18 Nov, 2015 1 commit


Robbert Krebbers authored

 16 Nov, 2015 1 commit


Robbert Krebbers authored

 11 Nov, 2015 1 commit


Robbert Krebbers authored

 03 Feb, 2017 1 commit


Robbert Krebbers authored

 01 Feb, 2017 1 commit


Robbert Krebbers authored

 04 Jun, 2015 1 commit


Robbert Krebbers authored

 22 Apr, 2015 1 commit


Robbert Krebbers authored

 25 Feb, 2015 1 commit


Robbert Krebbers authored

 08 Feb, 2015 2 commits


Robbert Krebbers authored

Robbert Krebbers authored
Important changes in the core semantics: * Types extended with function types. Since function types are a special kind of pointer types, types now have an additional mutual part called "ptr_type". * Pointers extended with function pointers. Theses are just names that refer to an actual function in the function environment. * Typing environments extended to assign argument and return types to function names. Before we used a separate environment for these, but since the argument and return types are already needed to type function pointers, this environment would appear in pretty much every typing judgment. As a sideeffect, the frontend has been rewritten entirely. The important changes are: * Type checking of expressions is more involved: there is a special kind of expression type corresponding to a function designator. * To handle things like block scoped extern function, more statefullness was needed. To prepare for future extensions, the entire frontend now uses a state monad.

 25 Jan, 2015 1 commit


Robbert Krebbers authored

 15 Nov, 2014 1 commit


Robbert Krebbers authored
Integers with the same size, are no longer supposed to have the same rank. As a result, the C integer types (char, short, int, long, long long) are different (and thus cannot alias) even if they have the same size. We now have to use a more involved definition of integer promotions and usual arithmetic conversions. However, this new definition follows the C standard literally.

 10 Oct, 2014 1 commit


Robbert Krebbers authored
The proof now uses the stronger notion of memory permutation instead of a more general memory refinement. We have also proven that memory permutations are symmetric.

 30 Sep, 2014 1 commit


Robbert Krebbers authored
Now it only performs injection on hypotheses of the shape f .. = f ..

 06 Sep, 2014 1 commit


Robbert Krebbers authored

 22 Aug, 2014 1 commit


Robbert Krebbers authored
memory instead of the whole memory itself. This has the following advantages: * Avoid parametrization in {addresses,pointers,pointer_bits,bits}.v * Make {base_values,values}.v independent of the memory, this makes better parallelized compilation possible. * Allow small memories (e.g. singletons as used in separation logic) with addresses to objects in another part to be typed. * Some proofs become easier, because the memory environments are preserved under many operations (insert, force, lock, unlock). It also as the following disadvantages: * At all kinds of places we now have explicit casts from memories to memory environments. This is kind of ugly. Note, we cannot declare memenv_of as a Coercion because it is nonuniform. * It is a bit inefficient with respect to the interpreter, because memory environments are finite functions instead of proper functions, so calling memenv_of often (which we do) is not too good.

 10 Jul, 2014 1 commit


Robbert Krebbers authored

 16 Jun, 2014 1 commit


Robbert Krebbers authored
Major changes: * Make void a base type, and include a proper void base value. This is necessary because expressions (free, functions without return value) can yield a void. We now also allow void casts conforming to the C standard. * Various missing lemmas about typing, weakening, decidability, ... * The operations "free" and "alloc" now operate on lvalues instead of rvalues. This removes some duplication. * Improve notations of expressions and statements. Change the presence of the operators conforming to the C standard. Small changes: * Use the classes "Typed" and "TypeCheck" for validity of indexes in memory. This gives more uniform notations. * New tactic "typed_inversion" performs inversion on an inductive predicate of type "Typed" and folds the premises. * Remove a horrible hack in the definitions of the classes "FMap", "MBind", "OMap", "Alter" that was used to let "simpl" behave better. Instead, we have defined a tactic "csimpl" that folds the results after performing an ordinary "simpl". * Fast operation to remove duplicates from lists using hashsets. * Make various type constructors (mainly finite map implementations) universe polymorphic by packing them into an inductive. This way, the whole C syntax can live in type, avoiding the need for (slow) universe checks.

 05 Jun, 2014 1 commit


Robbert Krebbers authored
Major changes: * A data structure to collect locked addresses in memory. * Operations to lock and unlock addresses. * Remove [ctree_Forall] and express it using [Forall] and [ctree_flatten]. This saves a lot of lines of code. * Add a [void] value. This value cannot be typed, but will be used as a dummy return value for functions with return type [void]. Minor changes: * Various deciders in preparation of the executable semantics. * Improve naming and notations. * Remove obsolete stuff.
