NOTE-2-9-3

ACL2 Version 2.9.3 (August, 2005) Notes
Major Section:  RELEASE-NOTES

Also see note-2-9-1 and see note-2-9-2 for other changes since the last non-incremental release (Version_2.9).

We fixed a soundness bug that exploited the ability to define :program mode functions that are improperly guarded, and then to use those functions in defconst forms. The fix is to evaluate defconst forms using the same ``safe-mode'' that is used in macroexpansion (see guards-and-evaluation). Here is a proof of nil that succeeded in Allegro Common Lisp (but not, for example, GCL). See also a long comment in source function defconst-fn for an example that does not require the use of :set-guard-checking.

:set-guard-checking nil ; execute before certifying the book below

(in-package "ACL2")

(encapsulate
 ()
 (local (defun f1 ()
          (declare (xargs :mode :program))
          (char-upcase (code-char 224))))
 (local (defconst *b* (f1)))
 (defun f1 ()
   (char-upcase (code-char 224)))
 (defconst *b* (f1))
 (defthm bad
   (not (equal *b* (code-char 224)))
   :rule-classes nil))

(defthm ouch
  nil
  :hints (("Goal" :use bad))
  :rule-classes nil)

We fixed a soundness hole due to the fact that the "LISP" package does not exist in OpenMCL. We now explicitly disallow this package name as an argument to defpkg. Thanks to Bob Boyer and Warren Hunt for bringing an issue to our attention that led to this fix.

ACL2 now requires all package names to consist of standard characters (see standard-char-p, none of which is lower case. The reason is that we have seen at least one lisp implementation that does not handle lower case package names correctly. Consider for example the following raw lisp log (some newlines omitted).

>(make-package "foo")
#<"foo" package>
>(package-name (symbol-package 'FOO::A))
"foo"
>(package-name (symbol-package '|FOO|::A))
"foo"
>
Distributed book books/textbook/chap10/compiler, as well as workshop books in directory books/workshops/2004/cowles-gamboa/support/, were modified to accommodate the above change.

Added newline, add-to-set-eql, the-fixnum, and the-fixnum! to *acl2-exports*. Thanks to Jared Davis for bringing these to our attention.

Added a line to acl2.lisp to support CMUCL running on Mac OSX, thanks to a suggestion from Fabricio Chalub Barbosa do Rosario.

The executable scripts for saved ACL2 images now include $*, so that command-line arguments will be passed along.

(For GCL profiling only) Fixed a colon (:) that should have been a semicolon (;) in file save-gprof.lsp. Thanks to David Hardin for pointing out this bug.

The documentation for :elim rules has been expanded and improved, thanks to useful feedback from Hanbing Liu.

Fixed a bug in the guard for function include-book-dir.

For those who want to experiment with an alternate implementation of mv and mv-let, there is now support for under-the-hood implementation of these in terms of raw Lisp functions values and multiple-value-bind, respectively. The regression suite has seen about a 10% speed-up in Allegro CL and about an 8% slowdown in GCL for builds with this change. See the makefile (GNUmakefile) for examples of how to build ACL2 by including the feature, :acl2-mv-as-values. Source file init.lsp has been renamed to init.lisp in support of this change (technical detail: otherwise GCL loads the init file too soon, before its -eval argument is evaluated). Thanks to David Rager for inspiring this change, by pointing out the problematic use of globals by the existing mv implementation from the standpoint of supporting parallel evaluation. This capability is experimental: there is likely to be some remaining work to be done on it.

A change related to the one just above is that we now limit the maximum number of arguments to any call of mv to 32. Thanks to Bob Boyer for raising a question that lead to this change.

Eliminated some compiler warnings in OpenMCL.

In the rtl library (books/rtl/rel4/), functions bits and setbits have had their guards improved (as they had been too restrictive, especially for setbits).

A new function time$ permits timing of forms, by using (under the hood) the host Common Lisp's time utility.

We fixed an infinite loop that could occur during destructor elimination (see elim). Thanks to Sol Swords to bringing this to our attention and sending a nice example, and to Doug Harper for sending a second example that we also found useful.

The method of speeding up GCL-based builds (see note-2-9-2) has changed slightly from Version_2.9.2. Now, in the `make' command:

  LISP='gcl -eval "(defparameter user::*fast-acl2-gcl-build* t)"

We improved the pretty-printer's handling of keywords. For example, before this change one might see the following printed by ACL2.

(MODIFY TH S :KEY1 VAL1 :KEY2
        (IF (IF X Y Z) AAAAAAAAAA BBBBBBB))
Now, the above might print as follows. Notice that we have avoided breaking after a keyword (see keywordp) that is preceded by other forms on the same line.
(MODIFY TH S
        :KEY1 VAL1
        :KEY2 (IF (IF X Y Z) AAAAAAAAAA BBBBBBB))
See note-2-9-3-ppr-change for a detailed discussion of this change.

(GCL ONLY) Evaluation in a break is no longer inhibited by ACL2 when built on top of GCL, so GCL now matches other Common Lisps in this respect.

For ACL2 built on most host Common Lisps, you will see the string [RAW LISP] in the prompt, at least at a break, to emphasize that one is inside a break and hence should probably quit from the break. See breaks.

Jared Davis suggested improvements to lemmas len-update-nth (in source file axioms.lisp) and append-true-listp-type-prescription (in books/meta/term-defuns.lisp), which have been incorporated. The former required a change in books/workshops book 2004/ruiz-et-al/support/q-dag-unification.cert, which has been made.

The proof-checker command rewrite allows further binding of free variables in hypotheses, with new optional argument instantiate-free. Proof-checker command show-rewrites (sr) gives corresponding additional information. Documentation for these commands has been improved; see proof-checker-commands. Thanks to John Matthews and Bill Young for suggestions and feedback leading to these improvements.

Fixed downcase printing so that the package name of a symbol is also downcased. For example, after execution of (defpkg "FOO" nil) and (set-acl2-print-case :downcase), 'foo::ab will print back as the same, rather than as 'FOO::ab.

It is now possible to control the output so that numbers are printed in binary, octal, or hex, though the default is still radix 10. See set-print-base. Note that in support of this change, built-in functions explode-nonnegative-integer and explode-atom now take an extra print-base argument. Different support for radix conversion may be found in a book newly contributed by Jun Sawada, books/misc/radix.lisp.

Built-in axiom car-cdr-elim is now only an :elim rule. It was formerly both an :elim rule and a :rewrite rule. A new rule, cons-car-cdr, takes the place of the old :rewrite rule, but is instead a hypothesis-free rule that can cause a case split (see source file axioms.lisp). Thanks to Jared Davis for suggesting this change.

Lemmas about alphorder (alphorder-reflexive, alphorder-transitive, alphorder-anti-symmetric, and alphorder-total) are now available. (They had been local in source file axioms.lisp.) Thanks to Serita Nelesen for bringing this issue to our attention.

ACL2 has, for some time, printed a space in the event summary after the open parenthesis for a defthm event, in order to ease backward searching for the original form, for example (defthm bar ...):

Form:  ( DEFTHM BAR ...)
The intention was that this extra space should be printed for every event form; but it was missing in some cases, for example, for verify-guards. This has been fixed.

In analogy to include-book, now ld takes the (optional) keyword argument :dir. Thanks to Jared Davis for providing an implementation of this feature and to Eric Smith and Jeff Marshall for requesting this feature.

We fixed a bug in include-book that could cause an error when redefinition is on, for example:

(set-ld-redefinition-action '(:warn! . :overwrite) state)
(include-book "/u/acl2/books/arithmetic/top")

The behavior of include-book now matches the documentation: handling of compiled files for uncertified books will follow the same rules as for certified books. In particular, if you create an object file in raw Lisp for some book, then including that book will load that object file. Thanks to Jared Davis for bringing this issue to our attention.

New documentation explains the interaction of redefinition and redundancy. See redundant-events -- the ``Note About Unfortunate Redundancies'' is new. Thanks to Grant Passmore for providing examples that led us to write this additional documentation.

Solutions to exercises in ``How To Prove Theorems Formally'' (http://www.cs.utexas.edu/users/moore/publications/how-to-prove-thms) are now available in distributed book books/misc/how-to-prove-thms.lisp. Also in that directory may be found a new book hanoi.lisp that contains a solution to the Towers of Hanoi problem.

Some Related Topics