This adds translation rules for bitwise operators, along with suitable
guards. Note that the guard for signed `shiftl` follows the C standard,
rather than the incorrect c-parser guard (see VER-509).
There was no standard instance of `nat :: bit_operations` for unsigned
abstraction, so we also add one. It should be merged with the
(incomplete) HaskellLib instance later.
Closes Jira VER-1122.
Session-qualified imports will be required for Isabelle2018 and help clarify
the structure of sessions in the build tree.
This commit mainly adds a new set of sessions for lib/, including a Lib
session that includes most theories in lib/ and a few separate sessions for
parts that have dependencies beyond CParser or are separate AFP sessions.
The group "lib" collects all lib/ sessions.
As a consequence, other theories should use lib/ theories by session name,
not by path, which in turns means spec and proof sessions should also refer
to each other by session name, not path, to avoid duplicate theory errors in
theory merges later.
These combinator rules do something like what wp_pre does now.
They were helpful in the ancient past, but now that wp_pre exists it is
much better to just use automation.
* Consistently use the c-parser 'addr' type alias for pointer values.
* Include word abstraction and polish for 64-bit integral types.
* Include all current c-parser platforms in release packaging scripts.
More work is required to properly abstract AutoCorres tests across
architectures. The tests currently pass for both ARM and X64. However,
in a number of tests, we exploit the coincidences that 'int' is the same
size on both platforms (32 bits), and that 'long' is the same as the
pointer size on each platform (32 bits and 64 bits, respectively).
The things that usually go wrong:
- wp fall through: add +, e.g.
apply (wp select_wp) -> apply (wp select_wp)+
- precondition: you can remove most hoare_pre, but wpc still needs it, and
sometimes the wp instance relies on being able to fit a rule to the
current non-schematic precondition. In that case, use "including no_pre"
to switch off the automatic hoare_pre application.
- very rarely there is a schematic postcondition that interferes with the
new trivial cleanup rules, because the rest of the script assumes some
specific state afterwards (shouldn't happen in a reasonable proof, but
not all proofs are reasonable..). In that case, (wp_once ...)+ should
emulate the old behaviour precisely.
Some lemmas that were specific instances of more general lemmas have
been removed from the library. In most cases, broken references could
simply be replaced with the more general fact.
The topology of recursive function groups can change due to dead code
elimination. This used to be handled (buggily, after define stages) by
the old code. This commit attempts to handle it properly (between convert
and define stages), using a new variant of the Seq data structure.
(Still not done for TS, though.)
Also (literally) fixes many free variables that used to be unhygienic.
Also makes the L2,HL,WA dataflow more uniform (but not yet refactored).
Heap lifting is annoying because we need to join all intermediate L2 results
before defining the lifted heap and proving heap lemmas.
This has been refactored into a new prepare_heap_lift stage that runs between
L2 conversion and HL proper.
With this we move away from a global mutable fn_info; instead we will
use a table of persistent (lazy) entries for each phase.
Function call metadata is also now either stored locally or recomputed
on-demand for each stage (with a few TODOs).
Corey Lewis
Japheth Lim
Gerwin Klein
Thomas Sewell
Matthew Brecknell
Pang Luo
Alejandro Gomez-Londono
Gerwin Klein
Japheth Lim