Changes between Version 32 and Version 33 of Language

Timestamp:

05/20/23 11:11:30 (3 years ago)

Author:

siegel

Comment:

--

Language

@@ -3 +3 @@
 [[PageOutline(2-3)]]
 
-== Types
-
-=== The Boolean type
+== Types #sec:types
+
+=== The Boolean type #boolean-type
 
 The boolean type is denoted `_Bool`, as in C. Its values are 0 and 1, which are also denoted by `$false` and `$true`, respectively.
@@ -11 +11 @@
 `bool` to be an alias for `_Bool`.
 
-=== The integer type
+=== The integer type #int-types
 
 There is one integer type, corresponding to the mathematical integers.
@@ -17 +17 @@
 [This is expected to change.]
 
-=== The real type
+=== The real type #real-types
 
 There is one real type, corresponding to the mathematical real numbers. Currently, all of the C real types `double`, `float`, etc., are mapped to the CIVL real type. [This is expected to change.]
 
-=== The process type `$proc`
+=== The process type `$proc` #proc-type
 
 This is a primitive object type and functions like any other primitive C type (e.g., `int`). An object of this type refers to a process. It can be thought of as a process ID, but it is not an integer and cannot be cast to one.  Certain expressions take an argument of `$proc` type and some return something of `$proc` type. The operators `==` and `!=` may be used with two arguments of type `$proc` to determine whether the two arguments refer to the same process.  The constant `$self` has `$proc` type and refers to the process evaluating this expression;  constant `$proc_null` has `$proc` type and refers to no process.
 
-=== The scope type `$scope`
+=== The scope type `$scope` #scope-type
 
 An object of this type is a reference to a dynamic scope.
@@ -34 +34 @@
 Two different variables of type `$scope` may be aliased, i.e., they may refer to the same dynamic scope.
 
-=== Domain types: `$domain` and `$domain(n)`
+=== Domain types: `$domain` and `$domain(n)` #domain-type
 
 A domain type is used to represent a set of tuples of integer values.
@@ -45 +45 @@
 Certain statements use domains, such as the “CIVL-for” loop `$for`.
 
-=== The range type `$range`
+=== The range type `$range` #range-type
 
 An object of this type represents an ordered set of integers.
@@ -51 +51 @@
 They can also be used in quantified expressions to specify the domain of a bound variable (see `$forall` and `$exists`).
 
-== Type qualifiers
-
-=== Declaring input and output variables: `$input` and  `$output`
+== Type qualifiers #qualifiers
+
+=== Declaring input and output variables: `$input` and  `$output` #input-output
 
 The declaration of a variable in the root scope may include the type qualifier `$input`, e.g.,
@@ -87 +87 @@
 end up with the same values at termination).
 
-===  Abstract (uninterpreted) functions: `$abstract`
+===  Abstract (uninterpreted) functions: `$abstract` #abstract
 
 An abstract function declares a function without a body.  An abstract function is declared using a standard function prototype with the function qualifier `$abstract`, e.g.,
@@ -95 +95 @@
 An abstract function must have a non-void return type and take at least one parameter.   An invocation of an abstract function is an expression and can be used anywhere an expression is allowed.  The interpretation is an "uninterpreted function".    A unique symbolic constant of function type will be created, corresponding to the abstract function, and invocations are represented as applications of the uninterpreted function to the arguments.  
 
-=== Atomic functions: `$atomic_f`
+=== Atomic functions: `$atomic_f` #atomic_f
 
 A function is declared atomic using the function qualifier `$atomic_f`, e.g.,
@@ -107 +107 @@
 An atomic function must have a definition; in particular, neither a system function nor an abstract function may be declared using `$atomic_f`.
 
-=== System functions: `$system`
+=== System functions: `$system` #system
 
 A system function is one in which the definition of the function is not provided in CIVL-C code, but is implemented instead in a certain Java class.  A system function is declared by adding the function qualifier `$system` to a function prototype.  Invocation of a system function always takes place in a single atomic step.
@@ -113 +113 @@
 A system function may have a guard, which is specified in the function contract using a `$executes_when` clause.  Unless constrained by its contract or other qualifiers, a system function may modify the stay in an arbitrary way.
 
-=== Pure functions: `$pure`
+=== Pure functions: `$pure` #pure
 
 A system or atomic function may be declared to be `$pure`, e.g.,
@@ -124 +124 @@
 This means that the function is a mathematical function of its arguments only.    I.e., an invocation of the function has no side-effects and the return value depends on the arguments only (if called twice with the same arguments, it will return the same value, regardless of any differences in the state).   The user is responsible for ensuring that a function declared pure actually is pure.    If this is not the case, the model checker may produce incorrect results.
 
-== Expressions
-
-=== Boolean expressions, `=>`, `$forall`, `$exists`
+== Expressions #expressions
+
+=== Boolean expressions, `=>`, `$forall`, `$exists` #boolean-expressions
 
 CIVL-C provides the boolean constants`$true` and `$false`, which are simply defined as 1 and 0, respectively.
@@ -170 +170 @@
 }}}
 
-=== Domain literals
+=== Domain literals #domain-literals
 
 An expression of the form
@@ -187 +187 @@
 }}}
 
-=== This scope: the `$here` scope expression
+=== This scope: the `$here` scope expression #here
 Expression of type `$scope`, evaluating to the dynamic scope in which the evaluation takes place.
 
-=== The null process reference: `$proc_null`
+=== The null process reference: `$proc_null` #proc_null
 The null process constant.  Similar to the NULL pointer, this gives an object of `$proc` type a defined value, and can be used in `==` and `!=` expressions.
 It cannot be used as the argument to `$wait` or `$waitall`.
 
-=== The root scope constant: `$root`
+=== The root scope constant: `$root` #root
 Constant of type `$scope`, the root dynamic scope.
 
-=== Range literals: `lo .. hi`
+=== Range literals: `lo .. hi` #range-literals
 
 An expression of the form `lo .. hi` where `lo` and `hi` are integer expressions, represents the range consisting of the integers `lo`, `lo` + 1, ..., `hi` (in that order).
@@ -206 +206 @@
 Precisely, the infinite sequence is intersected with the set of integers greater than or equal to `lo`.
 
-=== The scope of an expression: `$scopeof`
+=== The scope of an expression: `$scopeof` #scopeof
 
 Given any left-hand-side expression ''expr'', the expression `$scopeof(`''expr''`)` evaluates to the dynamic scope containing the object specified by ''expr''.
@@ -230 +230 @@
 }}}
 
-=== Scope relational expressions
+=== Scope relational expressions #scope-expressions
 
 Let `s1` and `s2` be expressions of type `$scope`. The following are all CIVL-C expressions of boolean type:
@@ -243 +243 @@
 Each of these expressions is erroneous if `s1` or `s2` is undefined.  This error is reported by the model checker.
 
-=== This process: `$self`
+=== This process: `$self` #self
 
 This expression of `$proc` type returns a reference to the process which is evaluating this expression.
 It provides a way for code to obtain the identity of the process executing the code.
 
-=== Spawning a new process: `$spawn`
+=== Spawning a new process: `$spawn` #spawn
 
 A spawn expression is an expression with side-effects.
@@ -262 +262 @@
 If the function `f` returns a value, that value is simply ignored.
 
-== Statements
-
-=== Atomic blocks: `$atomic`
+== Statements #statements
+
+=== Atomic blocks: `$atomic` #atomic
 
 An ''atomic block'' is a statement of the form
@@ -303 +303 @@
 so that when the lock is re-obtained, the original multiplicity is still in place.
 
-=== Nondeterministic selection statement `$choose`
+=== Nondeterministic selection statement `$choose` #choose
 
 A `$choose` statement has the form
@@ -341 +341 @@
 }}}
 
-=== Domain iteration statement: `$for`
+=== Domain iteration statement: `$for` #for
 
 A domain statement has the form
@@ -364 +364 @@
 There is a also a parallel version of this construct, `$parfor`.
 
-=== Parallel for loop: `$parfor`
+=== Parallel for loop: `$parfor` #parfor
 
 A parallel for loop statement has the form
@@ -379 +379 @@
 In particular, there is an effective barrier at the end of the loop, and all the spawned processes disappear after this point.
 
-=== Guarded commands: `$when`
+=== Guarded commands: `$when` #when
 
 A guarded command is encoded in CIVL-C using a `$when` statement:
@@ -438 +438 @@
 
 
-== Functions
-
-=== Assertions: `$assert`
+== Functions #functions
+
+=== Assertions: `$assert` #assert
 
 The system function `$assert` has the signature
@@ -458 +458 @@
 If x=3 and B=2, the assertion is violated and CIVL prints the error message “x-coordinate 3 exceeds bound 2”.
 
-=== Assumptions: `$assume`
+=== Assumptions: `$assume` #assume
 
 The system function `$assume` has signature
@@ -472 +472 @@
 declares `N` and `B` to be integer inputs and restricts consideration to inputs satisfying 1 ≤ `N` ≤ `B`.
 
-=== Temporary assumptions: `$assume_push` and `$assume_pop`
+=== Temporary assumptions: `$assume_push` and `$assume_pop` #temp-assumptions
 
 These functions have signatures:
@@ -491 +491 @@
 This mechanism serves as a "widening operator" (in the sense of abstract interpretation), which enables symbolic execution to converge.
 
-=== Nondeterministic choice of integer: `$choose_int`
+=== Nondeterministic choice of integer: `$choose_int` #choose_int
 
 This function has signature
@@ -499 +499 @@
 and returns an arbitrary integer in [0.''n''-1].  In verification mode, all possible choices are enumerated and explored.
 
-=== Initialization by default value: `$default_value`
+=== Initialization by default value: `$default_value` #default_value
 
 Assigns an object the default value of its type.  Signature:
@@ -510 +510 @@
 For example, 0 is the default value for a numeric type.
 
-=== Explicit elaboration of a domain: `$elaborate_domain`
+=== Explicit elaboration of a domain: `$elaborate_domain` #elaborate_domain
 
 Forces explicit enumeration of the elements of a finite domain.  Signature
@@ -518 +518 @@
 In the concrete semantics, this is a no-op.
 
-=== Process exit: `$exit`
+=== Process exit: `$exit` #exit
 
 Terminates the calling process.  Signature:
@@ -525 +525 @@
 }}}
 
-=== Assignment of arbitrary value: `$havoc`
+=== Assignment of arbitrary value: `$havoc` #havoc
 
 Assigns an arbitrary value of the object's type to an object.  Signature:
@@ -535 +535 @@
 In the symbolic semantics, this function assigns a fresh symbolic constant of the appropriate type to the object pointed to by `ptr`.
 
-===  Hiding pointers: `$hide`, `$reveal`, and `$hidden`
+===  Hiding pointers: `$hide`, `$reveal`, and `$hidden` #hide-reveal-hidden
 
 The partial order reduction algorithm used by the CIVL Model Checker computes the set of memory locations that a process ''p'' can reach.
@@ -556 +556 @@
 The function `$hidden` tells whether its argument is a value returned by `$hide`.
 
-=== Checking pointer safety: `$is_derefable`
+=== Checking pointer safety: `$is_derefable` #is_derefable
 
 This function has signature
@@ -565 +565 @@
 This means `ptr` points to a memory location that is capable of and is currently holding a value of type T, where T is the type of `*ptr`.
 
-=== Checking process termination: `$is_terminated`
+=== Checking process termination: `$is_terminated` #is_terminated
 
 Signature:
@@ -574 +574 @@
 If `p` is undefined or `$proc_null`, returns 0.
 
-=== Specifying local regions: `$local_start` and `$local_end`
+=== Specifying local regions: `$local_start` and `$local_end` #local
 
 {{{
@@ -655 +655 @@
 }}}
 
-==== Use of `$yield` within a local region
+==== Use of `$yield` within a local region #local-yield
 
 Local blocks can also be broken up at specified points using function `$yield`.
@@ -665 +665 @@
 Only `$local_start` grants a thread a special priority.
 
-=== Heap memory allocation: `$malloc` and `$free`
+=== Heap memory allocation: `$malloc` and `$free` #malloc-free
 
 Allocate and deallocate heap memory.  Signatures:
@@ -681 +681 @@
 An error is generated if the pointer is not one that was returned by $malloc, or if it was already freed.
 
-=== Print the path condition: `$pathCondition`
+=== Print the path condition: `$pathCondition` #print-path-condition
 
 Prints the current effective path condition.
@@ -688 +688 @@
 }}}
 
-=== Power function: `$pow` 
+=== Power function: `$pow`  #pow
 
 Computes ''x^y^''.
@@ -695 +695 @@
 }}}
 
-=== Waiting for process termination: `$wait` and `$waitall`
+=== Waiting for process termination: `$wait` and `$waitall` #wait
 
 {{{
@@ -707 +707 @@
 It is OK if a process argument refers to a process that has already terminated.
 
-=== Yielding atomicity: `$yield`
+=== Yielding atomicity: `$yield` #yield
 
 {{{
@@ -723 +723 @@
 In particular, if the lock is available and there is a process at a `$local_start()` call (and the first statement following the call is enabled), one such a process is guaranteed to obtain the lock.
 
-== Macros
-
-=== Elaboration of integer value: `$elaborate`
-
-== Contract Annotations
+== Macros #macros
+
+=== Elaboration of integer value: `$elaborate` #elaborate
+
+== Contract Annotations #contracts
 
 clauses
 
-=== The `depends_on` clause
+=== The `depends_on` clause #depends_on
 
 `\nothing`
 
-=== The `executes_when` clause
+=== The `executes_when` clause #executes_when