Support for moving project directories (also
This topic describes the
It is theoretically possible to undermine soundness by using this capability inappropriately (see below for some discussion of appropriate usage). For the utmost security, perform a fresh certification of your entire collection of books without using this capability. See certificate, specifically the discussion there about placing a ``burden'' on the user.
To see the
We start below by introducing the
The
The way to establish the
:K "<dir>"
Such a line associates the project name
The projects file is read when ACL2 starts up. ACL2 creates the
If the keyword
The values of the environment variables mentioned above,
The
There are the following two effects of the association of a keyword
(1)
Consider first the default case, where there is a single association in the
project-dir-alist ::SYSTEM is associated with the community-books directory. Suppose that the community books and their certificates are moved to a new directory,"<dir>" . Then if you run ACL2 in an environment where theproject-dir-alist associates:SYSTEM with"<dir>" , the relocated community books will still be treated as certified.The case of
:SYSTEM described above generalizes naturally, as follows. LetS be a set of books certified with a givenproject-dir-alist , each of which includes only other books inS . (For example,S contains just the community books directory in the special case above.) Also assume that the absolute pathname of every book inS has a prefix among the directories in thatproject-dir-alist . Then all books inS , along with their certificate files, can be moved and those books will still be considered to be certified in any ACL2 session with a suitableproject-dir-alist , as follows. For every keyword:K mapped to directory"<dir>" in the originalproject-dir-alist (the one at certification time), the newproject-dir-alist should map:K to the directory"<dir2>" to which"<dir>" was moved.
(2)
The optional
:dir keyword argument of include-book and ld can have value:K , in which case the pathname argument is interpreted with respect to"<dir>" . This behavior is the same as when:K is bound to"<dir>" using add-include-book-dir or add-include-book-dir!.
Prefixes. Suppose
:K1 and:K2 are keywords bound in theproject-dir-alist to"<dir1>" and"<dir2>" , respectively, where"<dir1>" is a prefix of"<dir2>" (hence is stricly shorter, since duplicates are disallowed, as noted above). Then it may be simplest to maintain that property — that the value of:K1 is a prefix of the value of:K2 — when creating a newACL2_PROJECTS directory to reflect relocation of these directories of books. The actual requirement is that directories under the old value of:K2 need to be moved to the same relative locations under the new value of:K2 , and all other directories under the old value of:K1 need to be moved to the same relative locations under the new value of:K1 .Save-exec. By default, an executable created with save-exec will have an unchanged
project-dir-alist . However, a newproject-dir-alist will be created as described above if environment variableACL2_PROJECTS is set; also, if environment variableACL2_SYSTEM_BOOKS is set, then the existingproject-dir-alist will be modified to map:SYSTEM to the value ofACL2_SYSTEM_BOOKS .
(Already noted above) No duplicates. There must be no duplicate keys or duplicate directory names in the
project-dir-alist .No overlap. No keyword may be bound with add-include-book-dir or add-include-book-dir! that is also bound in the
project-dir-alist .Avoid using absolute pathnames in books. Consider a form that contains an absolute pathname, such as
(defconst *c* "/u/home/jones/bk") . If that form is in a bookB that is moved, then of course it remain inB after the move. That is certainly fine, unless one expects this pathname to change asB is moved. That said, an absolute pathname that extends a project directory is OK in an include-book form among the portcullis commands for a book, in the following sense: it is replaced in that book's certificate by referencing the project's keyword name to avoid using an absolute pathname.