-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
saw-core-coq
: Rudimentary lia
support for bitvectors
#1776
Conversation
Lemma bvToInt_inj w a b : | ||
bvToInt w a = bvToInt w b -> | ||
a = b. | ||
Proof. holds_for_bits_up_to_3. Qed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This adds a handful of bitvector-related proofs that are proved via holds_for_bits_up_to_3
. I'm not sure if this is the best home for them, or if they would be better placed alongside the existing holds_for_bits_up_to_3
proofs in SAWCoreBitvectors.v
.
ceb03e3
to
8985af1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Excellent! Looks like this removes a bunch of annoying Coq compilation warnings as well!
We were previously defining the following in the Coq support library: ```coq Definition true := Datatypes.true. Definition false := Datatypes.false. ``` This is rather silly, as we could just as well use `Datatypes.true` and `Datatypes.false` directly. What's more, redefining `true` causes issues in a subsequent commit that adds `lia` support for `bitvector`s, so it is especially important to remove `true` for that reason. This removes the redefined versions of `true` and `false`, and it also tweaks `SpecialTreatment.hs` to translate SAWCore's `True`/`False` into `Datatypes.true`/`Datatypes.false`. Although this is technically a breaking change, it is a change that is very unlikely to break existing proofs (unless your proofs directly mention `SAWCoreScaffolding.true` or `SAWCoreScaffolding.false`). Co-authored-by: Eddy Westbrook <[email protected]>
For historical reasons, the Coq support library has several wrapper functions like the following: ```coq Definition Bool := bool. ``` These are extremely silly, however, given that `bool` is already widely used in the Coq world, and providing our own version of `bool` with different capitalization causes a proliferation of names that refer to the same thing. It would be nice to rip out these wrapper functions, but unfortunately, doing so would induce a fair bit of breakage in downstream code. For now, we simply record the fact that these functions are deprecated, and we will revisit whether we want to remove them at a later date.
This adds `SAWCoreBitvectorsZifyU64.v`, a file containing all of the necessary `Zify`-related instances for `bitvector 64` values needed to allow solving a large class of `bitvector`-related theorems using Coq's `lia` tactic. This also includes a small set of examples to ensure that `lia` works as expected. Although this is far from complete (see the documentation near the top of the file for a list of limitations), it should be enough to handle the common use case of `bitvector 64`, which is better than nothing.
Changed the Coq translator to directly translate a number of constructs to their corresponding Coq constructs, rather than having additional named definitions in SAWCoreScaffolding.v for those constructs; these included the Bool, Eq, String, and Nat types, along with their constructors, the Boolean operations and, or, xor, and not, the fst and snd operators, and the id function. Co-authored-by: Eddy Westbrook <[email protected]>
8985af1
to
44e0a4f
Compare
These cause issues with the automation due to confusion with the standard Coq functions of the same name. Trying to make both versions of each function coexist is a maintenance nightmare, so let's just remove SAWCoreScaffolding's versions.
This adds
SAWCoreBitvectorsZifyU64.v
, a file containing all of the necessaryZify
-related instances forbitvector 64
values needed to allow solving a large class ofbitvector
-related theorems using Coq'slia
tactic. This also includes a small set of examples to ensure thatlia
works as expected. Although this is far from complete (see the documentation near the top of the file for a list of limitations), it should be enough to handle the common use case ofbitvector 64
, which is better than nothing.