vericert.hls.RTLPargenproof
#[local] Open Scope positive.
#[local] Open Scope forest.
#[local] Open Scope pred_op.
Definition check_dest i r' :=
match i with
| RBop p op rl r => (r =? r')%positive
| RBload p chunk addr rl r => (r =? r')%positive
| _ => false
end.
Lemma check_dest_dec i r : {check_dest i r = true} + {check_dest i r = false}.
Fixpoint check_dest_l l r :=
match l with
| nil => false
| a :: b => check_dest a r || check_dest_l b r
end.
Lemma check_dest_l_forall :
forall l r,
check_dest_l l r = false ->
Forall (fun x => check_dest x r = false) l.
Lemma check_dest_l_dec i r : {check_dest_l i r = true} + {check_dest_l i r = false}.
Lemma check_dest_update :
forall f i r,
check_dest i r = false ->
(update f i) # (Reg r) = f # (Reg r).
Lemma check_dest_l_forall2 :
forall l r,
Forall (fun x => check_dest x r = false) l ->
check_dest_l l r = false.
Lemma check_dest_l_ex2 :
forall l r,
(exists a, In a l /\ check_dest a r = true) ->
check_dest_l l r = true.
Lemma check_list_l_false :
forall l x r,
check_dest_l (l ++ x :: nil) r = false ->
check_dest_l l r = false /\ check_dest x r = false.
Lemma check_dest_l_ex :
forall l r,
check_dest_l l r = true ->
exists a, In a l /\ check_dest a r = true.
Lemma check_list_l_true :
forall l x r,
check_dest_l (l ++ x :: nil) r = true ->
check_dest_l l r = true \/ check_dest x r = true.
Lemma check_dest_l_dec2 l r :
{Forall (fun x => check_dest x r = false) l}
+ {exists a, In a l /\ check_dest a r = true}.
Lemma abstr_comp :
forall l i f x x0,
abstract_sequence f (l ++ i :: nil) = x ->
abstract_sequence f l = x0 ->
x = update x0 i.
Lemma match_states_list :
forall A (rs: Regmap.t A) rs',
(forall r, rs !! r = rs' !! r) ->
forall l, rs ## l = rs' ## l.
Lemma PTree_matches :
forall A (v: A) res rs rs',
(forall r, rs !! r = rs' !! r) ->
forall x, (Regmap.set res v rs) !! x = (Regmap.set res v rs') !! x.
Lemma abstract_interp_empty3 :
forall A ctx st',
@sem A ctx empty st' -> match_states (ctx_is ctx) st'.
Lemma step_instr_matches :
forall A a ge sp st st',
@step_instr A ge sp st a st' ->
forall tst,
match_states st tst ->
exists tst', step_instr ge sp tst a tst'
/\ match_states st' tst'.
Lemma step_instr_list_matches :
forall a ge sp st st',
step_instr_list ge sp st a st' ->
forall tst, match_states st tst ->
exists tst', step_instr_list ge sp tst a tst'
/\ match_states st' tst'.
Lemma step_instr_seq_matches :
forall a ge sp st st',
step_instr_seq ge sp st a st' ->
forall tst, match_states st tst ->
exists tst', step_instr_seq ge sp tst a tst'
/\ match_states st' tst'.
Lemma step_instr_block_matches :
forall bb ge sp st st',
step_instr_block ge sp st bb st' ->
forall tst, match_states st tst ->
exists tst', step_instr_block ge sp tst bb tst'
/\ match_states st' tst'.
Lemma rtlblock_trans_correct' :
forall bb ge sp st x st'',
RTLBlock.step_instr_list ge sp st (bb ++ x :: nil) st'' ->
exists st', RTLBlock.step_instr_list ge sp st bb st'
/\ step_instr ge sp st' x st''.
Lemma abstract_interp_empty A st : @sem A st empty (ctx_is st).
Lemma abstract_seq :
forall l f i,
abstract_sequence f (l ++ i :: nil) = update (abstract_sequence f l) i.
Lemma abstract_sequence_update :
forall l r f,
check_dest_l l r = false ->
(abstract_sequence f l) # (Reg r) = f # (Reg r).
Lemma sem_update_RBnop :
forall A ctx f st',
@sem A ctx f st' -> sem ctx (update f RBnop) st'.
Lemma sem_update_Op :
forall A ge sp ist f st' r l o0 o m rs v ps,
@sem A (mk_ctx ist sp ge) f st' ->
eval_predf ps o = true ->
Op.eval_operation ge sp o0 (rs ## l) m = Some v ->
match_states st' (mk_instr_state rs ps m) ->
exists tst,
sem (mk_ctx ist sp ge) (update f (RBop (Some o) o0 l r)) tst
/\ match_states (mk_instr_state (Regmap.set r v rs) ps m) tst.
Lemma sem_update :
forall A ge sp st x st' st'' st''' f,
sem (mk_ctx st sp ge) f st' ->
match_states st' st''' ->
@step_instr A ge sp st''' x st'' ->
exists tst, sem (mk_ctx st sp ge) (update f x) tst /\ match_states st'' tst.
Lemma rtlblock_trans_correct :
forall bb ge sp st st',
RTLBlock.step_instr_list ge sp st bb st' ->
forall tst,
match_states st tst ->
exists tst', sem (mk_ctx tst sp ge) (abstract_sequence empty bb) tst'
/\ match_states st' tst'.
Lemma abstract_execution_correct:
forall bb bb' cfi cfi' ge tge sp st st' tst,
RTLBlock.step_instr_list ge sp st bb st' ->
ge_preserved ge tge ->
schedule_oracle (mk_bblock bb cfi) (mk_bblock bb' cfi') = true ->
match_states st tst ->
exists tst', RTLPar.step_instr_block tge sp tst bb' tst'
/\ match_states st' tst'.
Definition match_prog (prog : RTLBlock.program) (tprog : RTLPar.program) :=
match_program (fun cu f tf => transl_fundef f = Errors.OK tf) eq prog tprog.
Inductive match_stackframes: RTLBlock.stackframe -> RTLPar.stackframe -> Prop :=
| match_stackframe:
forall f tf res sp pc rs rs' ps ps',
transl_function f = OK tf ->
(forall x, rs !! x = rs' !! x) ->
(forall x, ps !! x = ps' !! x) ->
match_stackframes (Stackframe res f sp pc rs ps)
(Stackframe res tf sp pc rs' ps').
Inductive match_states: RTLBlock.state -> RTLPar.state -> Prop :=
| match_state:
forall sf f sp pc rs rs' m sf' tf ps ps'
(TRANSL: transl_function f = OK tf)
(STACKS: list_forall2 match_stackframes sf sf')
(REG: forall x, rs !! x = rs' !! x)
(REG: forall x, ps !! x = ps' !! x),
match_states (State sf f sp pc rs ps m)
(State sf' tf sp pc rs' ps' m)
| match_returnstate:
forall stack stack' v m
(STACKS: list_forall2 match_stackframes stack stack'),
match_states (Returnstate stack v m)
(Returnstate stack' v m)
| match_callstate:
forall stack stack' f tf args m
(TRANSL: transl_fundef f = OK tf)
(STACKS: list_forall2 match_stackframes stack stack'),
match_states (Callstate stack f args m)
(Callstate stack' tf args m).
Section CORRECTNESS.
Context (prog: RTLBlock.program) (tprog : RTLPar.program).
Context (TRANSL: match_prog prog tprog).
Let ge : RTLBlock.genv := Globalenvs.Genv.globalenv prog.
Let tge : RTLPar.genv := Globalenvs.Genv.globalenv tprog.
Lemma symbols_preserved:
forall (s: AST.ident), Genv.find_symbol tge s = Genv.find_symbol ge s.
Lemma function_ptr_translated:
forall (b: Values.block) (f: RTLBlock.fundef),
Genv.find_funct_ptr ge b = Some f ->
exists tf,
Genv.find_funct_ptr tge b = Some tf /\ transl_fundef f = Errors.OK tf.
Lemma functions_translated:
forall (v: Values.val) (f: RTLBlock.fundef),
Genv.find_funct ge v = Some f ->
exists tf,
Genv.find_funct tge v = Some tf /\ transl_fundef f = Errors.OK tf.
Lemma senv_preserved:
Senv.equiv (Genv.to_senv ge) (Genv.to_senv tge).
Lemma sig_transl_function:
forall (f: RTLBlock.fundef) (tf: RTLPar.fundef),
transl_fundef f = OK tf ->
funsig tf = funsig f.
Lemma find_function_translated:
forall ros rs rs' f,
(forall x, rs !! x = rs' !! x) ->
find_function ge ros rs = Some f ->
exists tf, find_function tge ros rs' = Some tf
/\ transl_fundef f = OK tf.
Lemma schedule_oracle_nil:
forall bb cfi,
schedule_oracle {| bb_body := nil; bb_exit := cfi |} bb = true ->
bb_body bb = nil /\ bb_exit bb = cfi.
Lemma schedule_oracle_nil2:
forall cfi,
schedule_oracle {| bb_body := nil; bb_exit := cfi |}
{| bb_body := nil; bb_exit := cfi |} = true.
Lemma eval_op_eq:
forall (sp0 : Values.val) (op : Op.operation) (vl : list Values.val) m,
Op.eval_operation ge sp0 op vl m = Op.eval_operation tge sp0 op vl m.
Lemma eval_addressing_eq:
forall sp addr vl,
Op.eval_addressing ge sp addr vl = Op.eval_addressing tge sp addr vl.
Lemma ge_preserved_lem:
ge_preserved ge tge.
Lemma lessdef_regmap_optget:
forall or rs rs',
regs_lessdef rs rs' ->
Val.lessdef (regmap_optget or Vundef rs) (regmap_optget or Vundef rs').
Lemma regmap_equiv_lessdef:
forall rs rs',
(forall x, rs !! x = rs' !! x) ->
regs_lessdef rs rs'.
Lemma int_lessdef:
forall rs rs',
regs_lessdef rs rs' ->
(forall arg v,
rs !! arg = Vint v ->
rs' !! arg = Vint v).
Lemma eval_builtin_arg_eq:
forall A ge a v1 m1 e1 e2 sp,
(forall x, e1 x = e2 x) ->
@Events.eval_builtin_arg A ge e1 sp m1 a v1 ->
Events.eval_builtin_arg ge e2 sp m1 a v1.
Lemma eval_builtin_args_eq:
forall A ge e1 sp m1 e2 al vl1,
(forall x, e1 x = e2 x) ->
@Events.eval_builtin_args A ge e1 sp m1 al vl1 ->
Events.eval_builtin_args ge e2 sp m1 al vl1.
Lemma step_cf_instr_correct:
forall cfi t s s',
step_cf_instr ge s cfi t s' ->
forall r,
match_states s r ->
exists r', step_cf_instr tge r cfi t r' /\ match_states s' r'.
Theorem transl_step_correct :
forall (S1 : RTLBlock.state) t S2,
RTLBlock.step ge S1 t S2 ->
forall (R1 : RTLPar.state),
match_states S1 R1 ->
exists R2, Smallstep.plus RTLPar.step tge R1 t R2 /\ match_states S2 R2.
Lemma transl_initial_states:
forall S,
RTLBlock.initial_state prog S ->
exists R, RTLPar.initial_state tprog R /\ match_states S R.
Lemma transl_final_states:
forall S R r,
match_states S R -> RTLBlock.final_state S r -> RTLPar.final_state R r.
Theorem transf_program_correct:
Smallstep.forward_simulation (RTLBlock.semantics prog) (RTLPar.semantics tprog).
End CORRECTNESS.