When isa_type_to_typ is called from a theory other than the one the type was
declared in, it would pick the wrong fully qualified name. Now the function
should be robust against a) yet undeclared types (for record decls), b)
existing types in same theory (normal case), and c) existing struct types
from other theories (e.g. from autocorres).
The observable state has been strengthened significantly years ago and
this theory has fallen into disrepair. The toplevel refinement statement
here was nicely concise for a paper, but the practical value is in the
much stronger corres statement, so instead of attempting proof
acrobatics with a new observable state, I'm retiring this theory.
The tactic used to establish that a large struct is a umm type doesn't
cope with large number of fields (>= 108 in this case). The translation
used to create a struct containing fields corresponding to all of the
program's addressed globals, but this is actually unnecessary now that
the translation handles these via the locale parameter "symbol_table".
So, the fix is to simply not generate that struct and so not to attempt
to prove the umm-type property of it. Grepping for adglobs in the
verification proof reveals that it isn't used anywhere (as one would
hope), so I'm reasonably confident that this shouldn't cause any wider
regressions. (Fingers crossed.)
Even if the value given to the constant inside the enum was "just"
2147483647, the loop that processed enumeration declarations would then
add 1 to that number, and in mlton, this would cause an Overflow
exception. By using IntInf in this position, mlton does the right
thing, and Poly/ML's behaviour is completely unchanged.
This brings the architectural model in line with the current implementation by
making the following adjustments:
- Remove "trait" terminology and replace with "procedure." This was already
done in the datatypes, but had not been updated in the accompanying text.
- Remove both fixed size and NULL-terminated arrays and replace with the more
recent arbitrary sized arrays. Neither of the former are supported, but can
now be emulated if necessary.
- Remove references to `RPCEvent` and `DirectCall` connectors. `RPCEvent` no
longer exists and `DirectCall`, while still present, introduces complexities
that are not adequately explained in the context of this document.
- Remove legacy comments.
- Various typo fixes.
Gerwin Klein
Japheth Lim
Matthew Fernandez
Michael Norrish