-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enforce that bitvectors have non-negative indices always #723
Conversation
Should not be merged before riscv/sail-riscv#559, as this change makes undefined have stricter constraints for bitvectors. |
This is merged already. 👍 |
I checked and everything is fine for sail-arm (at least the 9.4 model) and sail-riscv, but sail-cheri-riscv is pinned to an older commit of sail-riscv which doesn't typecheck with this change. I need to figure out the best way to proceed there. I could make this a flag, either opt-in or opt-out, or we could submit a PR to that repository either with a quick patch fix to the version it's using or by doing a full update. |
@Alasdair, I am happy with either of these choices. Do you favour one in particular? |
This requires some refactoring to the typing context, so now we always check that unexpanded types are well-formed.
c8fb564
to
834ae04
Compare
I've added a flag for now, if the CI is happy I should be good to merge it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice.
This commit changes the type system so that in order for
bitvector('n)
to be well-formed, it must be the case that'n >= 0
. To avoid making this change extremely painful, it adds a new kindNat
, which can be used in types like:The trick is then to update kind inference so
now infers
Nat
rather thanInt
for'n
. Other than taking part this extra kind-inferenceNat
is desugared intoInt
and>= 0
constraint, so there is no significant difference in how the type system works.This means that the vast majority of Sail code should work as is, including the Sail RISC-V spec with only very minor changes. It is still a breaking change as previously we allowed
which is now forbidden. It worked previously as
bits
with a negative index was treated as an uninhabited type, so while it couldn't be constructed, it could still appear in type signatures like above.Adding this extra rule requires some refactoring of the typing context, so now we always check that unexpanded types are wellformed, rather than only checking wellformedness of expanded types.