coq - The formal proof system

Age	Commit message (Collapse)	Author
2019-10-31	Merge PR #10983: QArith, Lia: depend on ZArith_base rather than on ZArith	Pierre-Marie Pédrot
	Ack-by: fajb Reviewed-by: ppedrot
2019-10-31	lia: depend only on ZArith_base	Vincent Laporte

2019-10-30	Numbers.Cyclic: use “lia” rather than “omega”	Vincent Laporte

2019-07-29	Add a non-overflow precondition to diveucl_21 to align it on standard ↵	thery
	implementations.
2019-07-25	[Int63] Remove redundant misnamed lemma lsr_add_distr	Vincent Laporte
	This lemma is lsl_add_distr (about “<<” rather than “>>”). See lemmas bit_add_or and lor_lsr for related properties.
2019-06-17	Update headers of files that were stuck on older headers.	Théo Zimmermann
	Most of these files were introduced after #6543 but used older headers copied from somewhere else.
2019-06-17	Update ml-style headers to new year.	Théo Zimmermann

2019-05-03	[primitive integers] Make div21 implems consistent with its specification	Pierre Roux
	There are three implementations of this primitive: * one in OCaml on 63 bits integer in kernel/uint63_amd64.ml * one in OCaml on Int64 in kernel/uint63_x86.ml * one in C on unsigned 64 bit integers in kernel/byterun/coq_uint63_native.h Its specification is the axiom `diveucl_21_spec` in theories/Numbers/Cyclic/Int63/Int63.v * comment the implementations with loop invariants to enable an easy pen&paper proof of correctness (note to reviewers: the one in uint63_amd64.ml might be the easiest to read) * make sure the three implementations are equivalent * fix the specification in Int63.v (only the lowest part of the result is actually returned) * make a little optimisation in div21 enabled by the proof of correctness (cmp is computed at the end of the first loop rather than at the beginning, potentially saving one loop iteration while remaining correct) * update the proofs in Int63.v and Cyclic63.v to take into account the new specifiation of div21 * add a test
2019-02-04	Primitive integers	Maxime Dénès
	This work makes it possible to take advantage of a compact representation for integers in the entire system, as opposed to only in some reduction machines. It is useful for heavily computational applications, where even constructing terms is not possible without such a representation. Concretely, it replaces part of the retroknowledge machinery with a primitive construction for integers in terms, and introduces a kind of FFI which maps constants to operators (on integers). Properties of these operators are expressed as explicit axioms, whereas they were hidden in the retroknowledge-based approach. This has been presented at the Coq workshop and some Coq Working Groups, and has been used by various groups for STM trace checking, computational analysis, etc. Contributions by Guillaume Bertholon and Pierre Roux <Pierre.Roux@onera.fr> Co-authored-by: Benjamin Grégoire <Benjamin.Gregoire@inria.fr> Co-authored-by: Vincent Laporte <Vincent.Laporte@fondation-inria.fr>