Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

saw-core-coq: Rudimentary lia support for bitvectors #1776

Merged
merged 5 commits into from
Dec 9, 2022

Conversation

RyanGlScott
Copy link
Contributor

This adds SAWCoreBitvectorsZifyU64.v, a file containing all of the necessary Zify-related instances for bitvector 64 values needed to allow solving a large class of bitvector-related theorems using Coq's lia tactic. This also includes a small set of examples to ensure that lia works as expected. Although this is far from complete (see the documentation near the top of the file for a list of limitations), it should be enough to handle the common use case of bitvector 64, which is better than nothing.

@RyanGlScott RyanGlScott added the subsystem: saw-core-coq Issues related to converting saw-core to Gallina for use with the Coq/Rocq theorem prover label Dec 7, 2022
Comment on lines +69 to +72
Lemma bvToInt_inj w a b :
bvToInt w a = bvToInt w b ->
a = b.
Proof. holds_for_bits_up_to_3. Qed.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This adds a handful of bitvector-related proofs that are proved via holds_for_bits_up_to_3. I'm not sure if this is the best home for them, or if they would be better placed alongside the existing holds_for_bits_up_to_3 proofs in SAWCoreBitvectors.v.

@RyanGlScott RyanGlScott force-pushed the saw-core-coq/lia-support-take-two branch 2 times, most recently from ceb03e3 to 8985af1 Compare December 8, 2022 15:00
Copy link
Contributor

@eddywestbrook eddywestbrook left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent! Looks like this removes a bunch of annoying Coq compilation warnings as well!

@RyanGlScott RyanGlScott added the PR: ready to merge Magic flag for pull requests to ask Mergify to merge given an approval and a successful CI run label Dec 8, 2022
RyanGlScott and others added 4 commits December 8, 2022 12:59
We were previously defining the following in the Coq support library:

```coq
Definition true := Datatypes.true.
Definition false := Datatypes.false.
```

This is rather silly, as we could just as well use `Datatypes.true` and
`Datatypes.false` directly. What's more, redefining `true` causes issues in a
subsequent commit that adds `lia` support for `bitvector`s, so it is especially
important to remove `true` for that reason.

This removes the redefined versions of `true` and `false`, and it also tweaks
`SpecialTreatment.hs` to translate SAWCore's `True`/`False` into
`Datatypes.true`/`Datatypes.false`. Although this is technically a breaking
change, it is a change that is very unlikely to break existing proofs (unless
your proofs directly mention `SAWCoreScaffolding.true` or
`SAWCoreScaffolding.false`).

Co-authored-by: Eddy Westbrook <[email protected]>
For historical reasons, the Coq support library has several wrapper functions
like the following:

```coq
Definition Bool := bool.
```

These are extremely silly, however, given that `bool` is already widely used in
the Coq world, and providing our own version of `bool` with different
capitalization causes a proliferation of names that refer to the same thing.
It would be nice to rip out these wrapper functions, but unfortunately, doing
so would induce a fair bit of breakage in downstream code. For now, we simply
record the fact that these functions are deprecated, and we will revisit
whether we want to remove them at a later date.
This adds `SAWCoreBitvectorsZifyU64.v`, a file containing all of the necessary
`Zify`-related instances for `bitvector 64` values needed to allow solving a
large class of `bitvector`-related theorems using Coq's `lia` tactic. This also
includes a small set of examples to ensure that `lia` works as expected.
Although this is far from complete (see the documentation near the top of the
file for a list of limitations), it should be enough to handle the common use
case of `bitvector 64`, which is better than nothing.
Changed the Coq translator to directly translate a number of constructs to
their corresponding Coq constructs, rather than having additional named
definitions in SAWCoreScaffolding.v for those constructs; these included the
Bool, Eq, String, and Nat types, along with their constructors, the Boolean
operations and, or, xor, and not, the fst and snd operators, and the id
function.

Co-authored-by: Eddy Westbrook <[email protected]>
@RyanGlScott RyanGlScott force-pushed the saw-core-coq/lia-support-take-two branch from 8985af1 to 44e0a4f Compare December 8, 2022 18:00
These cause issues with the automation due to confusion with the standard Coq
functions of the same name. Trying to make both versions of each function
coexist is a maintenance nightmare, so let's just remove SAWCoreScaffolding's
versions.
@mergify mergify bot merged commit 06e4ee7 into master Dec 9, 2022
@mergify mergify bot deleted the saw-core-coq/lia-support-take-two branch December 9, 2022 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
PR: ready to merge Magic flag for pull requests to ask Mergify to merge given an approval and a successful CI run subsystem: saw-core-coq Issues related to converting saw-core to Gallina for use with the Coq/Rocq theorem prover
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants