

@2399

7 years 
campbell 
Fill in some details about the statement of correctness.



@2398

7 years 
boender 
 committed start of stacksize



@2395

7 years 
campbell 
Proper handling of comparison of pointers offtheend of an object.
We …



@2393

7 years 
campbell 
A pointer comparison test case that illustrates a bug.



@2392

7 years 
campbell 
Labelling translations of && and  need a lot of cost labelling to …



@2391

7 years 
campbell 
Revert "Put the postloop cost label into the Clight while statement …



@2390

7 years 
campbell 
Tidy up a corner case when generating RTLabs so that we generate
less …



@2389

7 years 
campbell 
Fix dowhile statements, and carefully arrange the translation so that …



@2388

7 years 
campbell 
Example of each type of control flow statement, plus minor fix to …



@2387

7 years 
garnier 
Revamped memory extensions, proved stuff on freeing blocks and on …



@2386

7 years 
garnier 
Implementation of constructive finite sets based on lists. Various …



@2385

7 years 
campbell 
Minor housekeeping.



@2384

7 years 
campbell 
Move Matita pretty printers into place.



@2353

7 years 
campbell 
Put the postloop cost label into the Clight while statement to get …



@2338

7 years 
campbell 
Use much nicer definition for making several steps in the labelling …



@2335

7 years 
campbell 
Deal with goto labels in RTLabs to Cminor by fixing up goto statements …



@2332

7 years 
garnier 
Some progress on switch removal. Small fix in the definition of free, …



@2328

7 years 
campbell 
Cut down the notion of a Clight labelled state to those where we pick …



@2327

7 years 
mulligan 
Fixed typos in paper highlighted by referees. More substantial …



@2326

7 years 
campbell 
More accurate notion of labelled states in Clight.



@2325

7 years 
campbell 
Fill out some Clight bits and pieces in correctness.ma.



@2324

7 years 
tranquil 
semantics of blocks: function to produce trace from execution of …



@2323

7 years 
campbell 
Some correctness proof comments.



@2322

7 years 
campbell 
Today's correctness groupthink.



@2320

7 years 
campbell 
Update compiler and correctness with labelling changes.



@2319

7 years 
campbell 
Generate perprogram cost labels rather than perfunction ones, and …



@2318

7 years 
boender 
 now it compiles



@2317

7 years 
boender 
 small changes to make things compile



@2316

7 years 
boender 
 committed temporary version: true version has to wait until I …



@2315

7 years 
campbell 
Add some more commentary.



@2314

7 years 
campbell 
Move generic definitions from recent commit to appropriate places.



@2313

7 years 
campbell 
RTLabs cost checker correct.



@2312

7 years 
garnier 
Memory injections, to be revised



@2311

7 years 
garnier 
Some more cleaning of switchRemoval …



@2310

7 years 
garnier 
Moved a lemma from switchRemoval to positive.



@2309

7 years 
garnier 
Removed the superfluous xorb definition and move some basic properties …



@2308

7 years 
campbell 
More proof (and corrections) on cost checking.



@2307

7 years 
campbell 
Half the proofs for sound cost labelling check.



@2306

7 years 
campbell 
An insertion sort for testing purposes.



@2305

7 years 
campbell 
RTLabs cost spec checking function implemented (lacks proof, or much …



@2304

7 years 
garnier 
Strengthened proof of associativity of bitvector addition. Some more …



@2303

7 years 
campbell 
Some preliminary checking of cost labelling properties in RTLabs.



@2302

7 years 
garnier 
Finally proved associativity of addition on bitvectors. Rejoice.



@2301

7 years 
mulligan 
Trying to get the big proof working again



@2300

7 years 
campbell 
Cut out some dead ends and add some comments to the last commit.



@2299

7 years 
campbell 
Soundly labelled RTLabs structured traces are "unrepeating".



@2298

7 years 
garnier 
WIP: converting switch removal from Z to bitvectors. Does not compile, …



@2297

7 years 
campbell 
Nicer form of steps until cost label bound in RTLabs.



@2296

7 years 
campbell 
Tidy up some illplaced definitions.



@2295

7 years 
campbell 
Start on showing unrepeating property of RTLabs structured traces: …



@2294

7 years 
campbell 
Make RTLabs cost spec deterministic.



@2293

7 years 
campbell 
Add instruction pointer for call states in RTLabs.



@2292

7 years 
campbell 
More RTLabs invariants.



@2291

7 years 
campbell 
Disable switch removal in compiler.ma for now.



@2290

7 years 
campbell 
Remove jump tables from RTLabs > RTL.



@2289

7 years 
campbell 
Update alias



@2288

7 years 
campbell 
Remove jumptables from RTLabs. :(



@2287

7 years 
campbell 
RTLabs typing for loads and stores.



@2286

7 years 
tranquil 
Big update!
* merge of all _paolo variants
* reorganised some depends …



@2285

7 years 
sacerdot 
1. duplicated code erased
2. POP case finished up to lemmas on …



@2284

7 years 
sacerdot 
PUSH finished



@2283

7 years 
mulligan 
Work from today.



@2282

7 years 
sacerdot 
PUSH case almost finished



@2281

7 years 
sacerdot 
…



@2280

7 years 
sacerdot 
Proof repaired.



@2279

7 years 
sacerdot 
1. Bug fixed in the semantics of PUSH (no indirection performed)
2. …



@2278

7 years 
mulligan 
Half of JC case complete



@2277

7 years 
tranquil 
* replaced incorrect use of subvector_with



@2276

7 years 
sacerdot 
…



@2275

7 years 
tranquil 
* moved around some code (I8051.ma does not depend on ByteValues?.ma …



@2274

7 years 
sacerdot 
Dead code commented out and code out of place moved to Test.ma.



@2273

7 years 
sacerdot 
1. lemmas moved from all files to Test.ma
2. most of the lemmas in …



@2272

7 years 
mulligan 
Changed proof strategy for main lemma after noticed that the current …



@2271

7 years 
garnier 
Proof of correction for the semantics of expressions under memory …



@2270

7 years 
mulligan 
Bug spotted and fixed in write_at_stack_pointer



@2269

7 years 
sacerdot 
Proof completely repaired up to …



@2268

7 years 
mulligan 
Bug spotted in instruction_size (lookup_datalabels cannot just be a …



@2267

7 years 
sacerdot 
Call is now proved using the new strategy.



@2266

7 years 
sacerdot 
All daemons closed in Jmp case.



@2265

7 years 
sacerdot 
Commented out code removed.



@2264

7 years 
sacerdot 
1) Major change: we now always use the efficient way of resolving …



@2263

7 years 
garnier 
Finished proving semantics preservation under memory injections for …



@2262

7 years 
mulligan 
Changes from today.



@2261

7 years 
mulligan 
Resolved conflict



@2260

7 years 
sacerdot 
Now we use the efficient lookup_address.



@2259

7 years 
mulligan 
For Claudio



@2258

7 years 
sacerdot 
1. lemma generalized
2. automation replaced with expansion to make …



@2257

7 years 
mulligan 
Daemon in SETB case closed.



@2256

7 years 
mulligan 
MOV and MOVX cases complete



@2255

7 years 
garnier 
Had to modify the definition of memory injections to prove that …



@2254

7 years 
campbell 
Fix up invariants in Cminor semantics.



@2253

7 years 
campbell 
Cminor to RTLabs is now a total function.



@2252

7 years 
campbell 
Use the return statement invariant. Restructure the invariants for …



@2251

7 years 
campbell 
Add new invariant to Cminor that return typs should be respected.



@2250

7 years 
campbell 
Tidy up Clight to Cminor pass a bit.



@2249

7 years 
campbell 
Tweak Cminor invariant to be slightly more readable/extendable.



@2248

7 years 
sacerdot 
Final changes. All daemons removed, but the real one (open goal).



@2247

7 years 
mulligan 
Work on the MOV instruction from today and bug fixes in set_arg_1.



@2246

7 years 
sacerdot 
Final technical lemma streamlined. Maybe it can be streamlined even more.



@2245

7 years 
sacerdot 
Temporary commit to have a backtracking point. Yes, I know this breaks …


