From ef0559731c95a17858fb5f0a25d8cc3230f141fd Mon Sep 17 00:00:00 2001 From: Yoonseung Kim Date: Sun, 19 Feb 2023 16:34:03 -0500 Subject: [PATCH 1/2] Bump CompCert version to 3.11 --- Makefile | 13 ++ backend/AllocproofC.v | 4 +- backend/CSEproofC.v | 4 +- backend/CleanupLabelsproofC.v | 4 +- backend/CminorC.v | 2 +- backend/CminorSelC.v | 2 +- backend/ConstpropproofC.v | 4 +- backend/DeadcodeproofC.v | 4 +- backend/DebugvarproofC.v | 4 +- backend/LinearizeproofC.v | 4 +- backend/LocationsC.v | 2 +- backend/MachExtra.v | 24 +-- backend/RTLC.v | 4 +- backend/RTLgenproofC.v | 4 +- backend/RenumberproofC.v | 4 +- backend/SelectionproofC.v | 4 +- backend/StackingproofC.v | 76 +++++---- backend/TailcallproofC.v | 4 +- backend/TunnelingproofC.v | 4 +- backend/ValueAnalysisC.v | 4 +- bound/LinkingC2.v | 8 +- bound/LowerBound.v | 15 +- bound/LowerBoundExtra.v | 8 +- bound/UpperBound_A.v | 45 ++++-- bound/UpperBound_AExtra.v | 68 +++++--- bound/UpperBound_B.v | 36 +++-- cfrontend/ClightC.v | 12 +- cfrontend/CsharpminorC.v | 2 +- cfrontend/CshmgenproofC.v | 4 +- cfrontend/CstrategyC.v | 24 +-- cfrontend/CtypesC.v | 21 +++ cfrontend/SimplExprproofC.v | 11 +- common/ASTC.v | 1 - common/MemoryC.v | 15 +- common/ValuesC.v | 8 +- compose/Skeleton.v | 5 +- demo/mutrec/IdSimAsmIdInv.v | 8 +- demo/mutrec/IdSimClightIdInv.v | 10 +- demo/mutrec/IdSimMutrecAB.v | 50 +++--- demo/mutrec/IdSimMutrecAIdInv.v | 10 +- demo/mutrec/IdSimMutrecBIdInv.v | 12 +- demo/mutrec/MutrecABproof.v | 225 +++++++++++++++------------ demo/mutrec/MutrecAproof.v | 36 +++-- demo/mutrec/MutrecAspec.v | 4 +- demo/mutrec/MutrecBproof.v | 96 ++++++------ demo/mutrec/MutrecBspec.v | 4 +- demo/mutrec/SimMemInjInvC.v | 94 +++++------ demo/unreadglob/IdSimAsmDropInv.v | 8 +- demo/unreadglob/IdSimClightDropInv.v | 10 +- demo/unreadglob/IdSimInvExtra.v | 22 +-- demo/unreadglob/SimSymbDropInv.v | 215 +++++++++++++------------ demo/unreadglob/UnreadglobproofC.v | 16 +- demo/utod/DemoSpecProof.v | 2 +- demo/utod/IdSimDemoSpec.v | 46 +++--- lib/CoqlibC.v | 12 +- lib/MapsC.v | 74 ++++++++- proof/AdequacyLocal.v | 68 ++++---- proof/AdequacySound.v | 10 +- proof/Preservation.v | 78 +++++----- proof/SemProps.v | 51 +++--- proof/SimMem.v | 32 ++-- proof/SimMemInjC.v | 156 +++++++++---------- proof/SimMemLift.v | 8 +- proof/SimMod.v | 14 +- proof/SimModSemLift.v | 2 +- proof/SimModSemSR.v | 14 +- proof/SimProg.v | 10 +- proof/SimSymb.v | 50 +++--- proof/SimSymbDrop.v | 224 +++++++++++++------------- proof/SimSymbId.v | 26 ++-- proof/Simulation.v | 6 +- proof/Sound.v | 34 ++-- proof/StoreArgumentsProps.v | 2 +- proof/UnreachC.v | 16 +- selfsim/AsmStepExt.v | 2 + selfsim/AsmStepInj.v | 4 +- selfsim/ClightStepExt.v | 49 +++--- selfsim/ClightStepInj.v | 74 +++++---- selfsim/IdSimAsm.v | 42 ++--- selfsim/IdSimAsmExtra.v | 30 ++-- selfsim/IdSimClight.v | 26 ++-- selfsim/IdSimExtra.v | 16 +- x86/AsmgenproofC.v | 4 +- 83 files changed, 1324 insertions(+), 1136 deletions(-) diff --git a/Makefile b/Makefile index b7118bac..bf18773e 100644 --- a/Makefile +++ b/Makefile @@ -34,6 +34,19 @@ Makefile.coq: Makefile $(COQTHEORIES) echo "-R proof $(COQMODULE)"; \ echo "-R demo $(COQMODULE)"; \ echo "-R selfsim $(COQMODULE)"; \ + \ + echo "-R ../lib compcertr.lib"; \ + echo "-R ../common compcertr.common"; \ + echo "-R ../x86 compcertr.x86"; \ + echo "-R ../x86_64 compcertr.x86_64"; \ + echo "-R ../backend compcertr.backend"; \ + echo "-R ../cfrontend compcertr.cfrontend"; \ + echo "-R ../driver compcertr.driver"; \ + echo "-R ../export compcertr.export"; \ + echo "-R ../cparser compcertr.cparser"; \ + echo "-R ../demo compcertr.demo"; \ + echo "-R ../flocq Flocq"; \ + \ echo $(COQTHEORIES)) > _CoqProject coq_makefile -f _CoqProject -o Makefile.coq diff --git a/backend/AllocproofC.v b/backend/AllocproofC.v index 04f5d901..dc86dff8 100644 --- a/backend/AllocproofC.v +++ b/backend/AllocproofC.v @@ -86,8 +86,8 @@ Inductive match_states (idx: nat) (st_src0: RTL.state) (st_tgt0: LTL.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: Allocproof.match_states skenv_link tge st_src0 st_tgt0) - (MCOMPATSRC: (RTL.get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (LTLC.get_mem st_tgt0) = sm0.(SimMem.tgt)) + (MCOMPATSRC: (RTL.get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (LTLC.get_mem st_tgt0) = (SimMem.tgt sm0)) (DUMMYTGT: strong_wf_tgt st_tgt0). Theorem make_match_genvs : diff --git a/backend/CSEproofC.v b/backend/CSEproofC.v index 8bc6aba8..15cb4329 100644 --- a/backend/CSEproofC.v +++ b/backend/CSEproofC.v @@ -40,8 +40,8 @@ Inductive match_states (idx: unit) (st_src0: RTL.state) (st_tgt0: RTL.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: CSEproof.match_states prog ge st_src0 st_tgt0) - (MCOMPATSRC: (get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (get_mem st_tgt0) = sm0.(SimMem.tgt)). + (MCOMPATSRC: (get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (get_mem st_tgt0) = (SimMem.tgt sm0)). Theorem make_match_genvs : SimSymbId.sim_skenv (SkEnv.project skenv_link (Mod.sk md_src)) diff --git a/backend/CleanupLabelsproofC.v b/backend/CleanupLabelsproofC.v index 5d30b9b0..8cf47594 100644 --- a/backend/CleanupLabelsproofC.v +++ b/backend/CleanupLabelsproofC.v @@ -42,8 +42,8 @@ Inductive match_states (idx: nat) (st_src0 st_tgt0: Linear.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: CleanupLabelsproof.match_states st_src0 st_tgt0) - (MCOMPATSRC: (LinearC.get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (LinearC.get_mem st_tgt0) = sm0.(SimMem.tgt)) + (MCOMPATSRC: (LinearC.get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (LinearC.get_mem st_tgt0) = (SimMem.tgt sm0)) (DUMMYTGT: strong_wf_tgt st_tgt0) (MEASURE: measure st_src0 = idx). diff --git a/backend/CminorC.v b/backend/CminorC.v index 19e78203..a2b88622 100644 --- a/backend/CminorC.v +++ b/backend/CminorC.v @@ -48,7 +48,7 @@ Section MODSEM. (CSTYLE: Args.is_cstyle args /\ fd.(fn_sig).(sig_cstyle) = true) (FINDF: Genv.find_funct ge (Args.fptr args) = Some (Internal fd)) (TYP: typecheck (Args.vs args) fd.(fn_sig) tvs) - (LEN: (Args.vs args).(length) = fd.(fn_sig).(sig_args).(length)): + (LEN: (length (Args.vs args)) = (length fd.(fn_sig).(sig_args))): initial_frame args (Callstate (Args.fptr args) fd.(fn_sig) tvs Kstop (Args.m args)). Inductive final_frame: state -> Retv.t -> Prop := diff --git a/backend/CminorSelC.v b/backend/CminorSelC.v index 4987d421..dd9606f9 100644 --- a/backend/CminorSelC.v +++ b/backend/CminorSelC.v @@ -48,7 +48,7 @@ Section MODSEM. (CSTYLE: Args.is_cstyle args /\ fd.(fn_sig).(sig_cstyle) = true) (FINDF: Genv.find_funct ge (Args.fptr args) = Some (Internal fd)) (TYP: typecheck (Args.vs args) fd.(fn_sig) tvs) - (LEN: (Args.vs args).(length) = fd.(fn_sig).(sig_args).(length)): + (LEN: (length (Args.vs args)) = (length fd.(fn_sig).(sig_args))): initial_frame args (Callstate (Args.fptr args) fd.(fn_sig) tvs Kstop (Args.m args)). Inductive final_frame: state -> Retv.t -> Prop := diff --git a/backend/ConstpropproofC.v b/backend/ConstpropproofC.v index 92ecb957..201c58b3 100644 --- a/backend/ConstpropproofC.v +++ b/backend/ConstpropproofC.v @@ -38,8 +38,8 @@ Inductive match_states (idx: nat) (st_src0: RTL.state) (st_tgt0: RTL.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: Constpropproof.match_states prog idx st_src0 st_tgt0) - (MCOMPATSRC: (get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (get_mem st_tgt0) = sm0.(SimMem.tgt)). + (MCOMPATSRC: (get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (get_mem st_tgt0) = (SimMem.tgt sm0)). Theorem make_match_genvs : SimSymbId.sim_skenv (SkEnv.project skenv_link (Mod.sk md_src)) diff --git a/backend/DeadcodeproofC.v b/backend/DeadcodeproofC.v index 2c490740..9bc2906c 100644 --- a/backend/DeadcodeproofC.v +++ b/backend/DeadcodeproofC.v @@ -40,8 +40,8 @@ Inductive match_states (idx: unit) (st_src0: RTL.state) (st_tgt0: RTL.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: Deadcodeproof.match_states prog ge st_src0 st_tgt0) - (MCOMPATSRC: (get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (get_mem st_tgt0) = sm0.(SimMem.tgt)). + (MCOMPATSRC: (get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (get_mem st_tgt0) = (SimMem.tgt sm0)). Theorem make_match_genvs : SimSymbId.sim_skenv (SkEnv.project skenv_link (Mod.sk md_src)) diff --git a/backend/DebugvarproofC.v b/backend/DebugvarproofC.v index 14bba9ab..5bb04251 100644 --- a/backend/DebugvarproofC.v +++ b/backend/DebugvarproofC.v @@ -41,8 +41,8 @@ Inductive match_states (idx: nat) (st_src0: Linear.state) (st_tgt0: Linear.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: Debugvarproof.match_states st_src0 st_tgt0) - (MCOMPATSRC: (get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (get_mem st_tgt0) = sm0.(SimMem.tgt)) + (MCOMPATSRC: (get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (get_mem st_tgt0) = (SimMem.tgt sm0)) (DUMMYTGT: strong_wf_tgt st_tgt0). Theorem make_match_genvs : diff --git a/backend/LinearizeproofC.v b/backend/LinearizeproofC.v index 2adc880a..b334b31f 100644 --- a/backend/LinearizeproofC.v +++ b/backend/LinearizeproofC.v @@ -44,8 +44,8 @@ Inductive match_states (idx: nat) (st_src0: LTL.state) (st_tgt0: Linear.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: Linearizeproof.match_states st_src0 st_tgt0) - (MCOMPATSRC: (LTLC.get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (LinearC.get_mem st_tgt0) = sm0.(SimMem.tgt)) + (MCOMPATSRC: (LTLC.get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (LinearC.get_mem st_tgt0) = (SimMem.tgt sm0)) (DUMMYTGT: strong_wf_tgt st_tgt0) (MEASURE: measure st_src0 = idx). diff --git a/backend/LocationsC.v b/backend/LocationsC.v index 9be9a3f8..1ce1da24 100644 --- a/backend/LocationsC.v +++ b/backend/LocationsC.v @@ -347,7 +347,7 @@ Lemma arguments_loc sg sl delta ty Proof. generalize (loc_arguments_acceptable_2 _ _ IN). i. ss. des_ifs. set (loc_arguments_bounded _ _ _ IN). - splits; eauto; [omega|]. unfold typesize in *. des_ifs; ss; lia. + splits; eauto; [lia|]. unfold typesize in *. des_ifs; ss; lia. Qed. Lemma regs_of_rpair_In A (l: list (rpair A)): diff --git a/backend/MachExtra.v b/backend/MachExtra.v index 02d1829c..a2712381 100644 --- a/backend/MachExtra.v +++ b/backend/MachExtra.v @@ -21,17 +21,17 @@ Hint Unfold valid_blocks src_private tgt_private range. Lemma mach_store_arguments_simmem sm0 rs vs sg m_tgt0 (MWF: SimMem.wf sm0) - (STORE: StoreArguments.store_arguments sm0.(SimMem.tgt) rs vs sg m_tgt0): + (STORE: StoreArguments.store_arguments (SimMem.tgt sm0) rs vs sg m_tgt0): (*** TODO: don't use unchanged_on, it is needlessly complex for our use. just define my own. *) exists sm1, - <> /\ + <> /\ <> /\ <> /\ <>. + (tgt_private sm1) (SimMem.tgt sm0).(Mem.nextblock) ofs>>. Proof. i. subst_locals. inv STORE. exploit Mem.alloc_right_inject; try apply MWF; eauto. i; des. @@ -41,21 +41,21 @@ Proof. - econs; ss; try apply MWF; eauto. + eapply Mem.inject_extends_compose; eauto. econs; eauto. { econs. - - ii. inv H0. replace (ofs + 0) with ofs by omega. + - ii. inv H0. replace (ofs + 0) with ofs by lia. destruct (eq_block b2 (Mem.nextblock (tgt sm0))); destruct (zle 0 ofs); destruct (zlt ofs (4 * size_arguments sg)); - try (eapply Mem.perm_unchanged_on; eauto; ss; des_ifs; omega). - subst b2. exploit (PERM ofs). omega. i. eapply Mem.perm_cur. eapply Mem.perm_implies; eauto. econs. + try (eapply Mem.perm_unchanged_on; eauto; ss; des_ifs; lia). + subst b2. exploit (PERM ofs). lia. i. eapply Mem.perm_cur. eapply Mem.perm_implies; eauto. econs. - ii. inv H0. eapply Z.divide_0_r. - - ii. inv H0. replace (ofs + 0) with ofs by omega. + - ii. inv H0. replace (ofs + 0) with ofs by lia. destruct (eq_block b2 (Mem.nextblock (tgt sm0))); destruct (zle 0 ofs); destruct (zlt ofs (4 * size_arguments sg)); - try (exploit Mem.unchanged_on_contents; eauto; ss; des_ifs; try omega; i; rewrite H0; eapply memval_inject_Reflexive). + try (exploit Mem.unchanged_on_contents; eauto; ss; des_ifs; try lia; i; rewrite H0; eapply memval_inject_Reflexive). Transparent Mem.alloc. unfold Mem.alloc in ALC. inv ALC. ss. rewrite PMap.gss. rewrite ZMap.gi. eapply memval_inject_undef. } { i. left. assert(Mem.valid_block m1 b). { r. rewrite NB. eapply Mem.perm_valid_block; eauto. } destruct (eq_block b (Mem.nextblock (tgt sm0))) eqn:BEQ; destruct (zle 0 ofs); destruct (zlt ofs (4 * size_arguments sg)); - try by (eapply Mem.perm_unchanged_on_2; eauto; ss; rewrite BEQ; eauto; try omega). + try by (eapply Mem.perm_unchanged_on_2; eauto; ss; rewrite BEQ; eauto; try lia). subst b. eapply Mem.perm_cur. eapply Mem.perm_implies. eapply Mem.perm_alloc_2; eauto. econs. } + etransitivity; try apply MWF; eauto. unfold tgt_private. ss. u. ii; des. esplits; eauto with congruence. diff --git a/backend/RTLC.v b/backend/RTLC.v index ca203a9c..37d6c693 100644 --- a/backend/RTLC.v +++ b/backend/RTLC.v @@ -39,7 +39,7 @@ Section MODSEM. (CSTYLE: Args.is_cstyle args /\ fd.(fn_sig).(sig_cstyle) = true) (FINDF: Genv.find_funct ge (Args.fptr args) = Some (Internal fd)) (TYP: typecheck (Args.vs args) fd.(fn_sig) tvs) - (LEN: (Args.vs args).(length) = fd.(fn_sig).(sig_args).(length)): + (LEN: (length (Args.vs args)) = (length fd.(fn_sig).(sig_args))): initial_frame args (Callstate [] (Args.fptr args) fd.(fn_sig) tvs (Args.m args)). Inductive initial_frame2 (args: Args.t): state -> Prop := @@ -48,7 +48,7 @@ Section MODSEM. (CSTYLE: Args.is_cstyle args /\ fd.(fn_sig).(sig_cstyle) = true) (FINDF: Genv.find_funct ge (Args.fptr args) = Some (Internal fd)) (TYP: typecheck (Args.vs args) fd.(fn_sig) tvs) - (LEN: (Args.vs args).(length) = fd.(fn_sig).(sig_args).(length)) + (LEN: length (Args.vs args) = length fd.(fn_sig).(sig_args)) (JUNK: assign_junk_blocks (Args.m args) n = m0): initial_frame2 args (Callstate [] (Args.fptr args) fd.(fn_sig) tvs m0). diff --git a/backend/RTLgenproofC.v b/backend/RTLgenproofC.v index 2d73d88c..745283e7 100644 --- a/backend/RTLgenproofC.v +++ b/backend/RTLgenproofC.v @@ -38,8 +38,8 @@ Inductive match_states (idx: nat * nat) (st_src0: CminorSel.state) (st_tgt0: RTL.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: RTLgenproof.match_states st_src0 st_tgt0) - (MCOMPATSRC: (CminorSelC.get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (get_mem st_tgt0) = sm0.(SimMem.tgt)) + (MCOMPATSRC: (CminorSelC.get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (get_mem st_tgt0) = (SimMem.tgt sm0)) (MEASRUE: idx = measure_state st_src0). Theorem make_match_genvs : diff --git a/backend/RenumberproofC.v b/backend/RenumberproofC.v index 246c9ea4..cdfe8eb0 100644 --- a/backend/RenumberproofC.v +++ b/backend/RenumberproofC.v @@ -35,8 +35,8 @@ Inductive match_states (idx: nat) (st_src0: RTL.state) (st_tgt0: RTL.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: Renumberproof.match_states st_src0 st_tgt0) - (MCOMPATSRC: (get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (get_mem st_tgt0) = sm0.(SimMem.tgt)). + (MCOMPATSRC: (get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (get_mem st_tgt0) = (SimMem.tgt sm0)). Theorem make_match_genvs : SimSymbId.sim_skenv (SkEnv.project skenv_link (Mod.sk md_src)) diff --git a/backend/SelectionproofC.v b/backend/SelectionproofC.v index 74ddccf8..c4bea350 100644 --- a/backend/SelectionproofC.v +++ b/backend/SelectionproofC.v @@ -39,8 +39,8 @@ Inductive match_states (idx: nat) (st_src0: Cminor.state) (st_tgt0: CminorSel.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: Selectionproof.match_states prog ge st_src0 st_tgt0) - (MCOMPATSRC: (CminorC.get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (CminorSelC.get_mem st_tgt0) = sm0.(SimMem.tgt)) + (MCOMPATSRC: (CminorC.get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (CminorSelC.get_mem st_tgt0) = (SimMem.tgt sm0)) (MEASURE: idx = measure st_src0). Theorem make_match_genvs : diff --git a/backend/StackingproofC.v b/backend/StackingproofC.v index dca6d08c..91cbf5ba 100644 --- a/backend/StackingproofC.v +++ b/backend/StackingproofC.v @@ -67,9 +67,9 @@ Lemma match_stacks_sp_valid se tse ge j cs cs' sg sm0 sp' (STKS: match_stacks se tse ge j cs cs' sg sm0) (SP: parent_sp cs' = Vptr sp' Ptrofs.zero): - <>. + <>. Proof. inv STKS; des_safe; ss; clarify; inv MAINARGS; esplits; eauto. Qed. Lemma match_stacks_sp_ofs: @@ -386,17 +386,17 @@ Proof. generalize size_arguments_above; intro SZARG. inv STACKS; ss. { ss. u. split; i; des; clarify; esplits; et; psimpl; zsimpl; try extlia. - { exploit tailcall_size; eauto. i. omega. } - { specialize (SZARG sg). omega. } + { exploit tailcall_size; eauto. i. lia. } + { specialize (SZARG sg). lia. } } Local Opaque frame_contents frame_contents_at_external. inv STK; ss. { psimpl. zsimpl. rewrite <- frame_contents_at_external_m_footprint; ss; try extlia. - - split; try extlia. specialize (SZARG sg). omega. + - split; try extlia. specialize (SZARG sg). lia. - eapply bound_outgoing_stack_data; et. } { rewrite <- frame_contents_at_external_m_footprint ;ss. - - split; try extlia. specialize (SZARG sg). omega. + - split; try extlia. specialize (SZARG sg). lia. - eapply bound_outgoing_stack_data; et. } Qed. @@ -507,7 +507,7 @@ Proof. destruct b; ss. des_ifs. unfold size_callee_save_area. ss. clear_tac. assert(4 | 8). - { econs. instantiate (1:=2). omega. } + { econs. instantiate (1:=2). lia. } assert(0 < align (4 * bound_outgoing) 8 + 8 /\ (4 | align (4 * bound_outgoing) 8 + 8)). { hexploit (align_le (4 * bound_outgoing) 8); try lia. i. split; try lia. eapply Z.divide_add_r; try lia; ss. @@ -533,8 +533,8 @@ Proof. rewrite Z.mul_add_distr_l. replace (4 * 2) with 8; ss. rewrite ! align_dist; ss. f_equal. rewrite align_idempotence; ss. } - (* - des. eapply Z.add_pos_pos; eauto. eapply Z.lt_le_trans. eapply H0. eapply align_le. omega. *) - (* - des. eapply Z.divide_add_r; eauto. eapply Z.divide_trans. eapply H1. eapply align_divides. omega. *) + (* - des. eapply Z.add_pos_pos; eauto. eapply Z.lt_le_trans. eapply H0. eapply align_le. lia. *) + (* - des. eapply Z.divide_add_r; eauto. eapply Z.divide_trans. eapply H1. eapply align_divides. lia. *) (* } *) { inv used_callee_save_norepet. ss. } { ss. i; des. split; eauto. @@ -584,7 +584,7 @@ Lemma functions_translated_inject (SIMSKE: SimSymb.sim_skenv sm0 (ModSemPair.ss msp) (ModSem.skenv (ModSemPair.src msp)) (ModSem.skenv (ModSemPair.tgt msp))) (FUNCSRC: Genv.find_funct tge fptr_tgt = Some fd_tgt) - (INJ: Val.inject sm0.(SimMemInj.inj) fptr_src fptr_tgt): + (INJ: Val.inject (SimMemInj.inj sm0) fptr_src fptr_tgt): <> \/ exists fd_src, <> @@ -609,29 +609,29 @@ Lemma init_match_frame_contents sm_arg sg m_tgt0 rs vs_src vs_tgt ls sm_init sm_junkinj n (SIMSKE: SimSymb.sim_skenv sm_arg (ModSemPair.ss msp) (ModSem.skenv (ModSemPair.src msp)) (ModSem.skenv (ModSemPair.tgt msp))) - (STORE: StoreArguments.store_arguments sm_arg.(SimMemInj.tgt) rs (typify_list vs_tgt sg.(sig_args)) sg m_tgt0) + (STORE: StoreArguments.store_arguments (SimMemInj.tgt sm_arg) rs (typify_list vs_tgt sg.(sig_args)) sg m_tgt0) (SG: 4 * size_arguments sg <= Ptrofs.modulus) (LS: LocationsC.fill_arguments - (locset_copy (sm_arg.(SimMemInj.src).(Mem.nextblock).(Zpos) - m_tgt0.(Mem.nextblock).(Zpos)) rs) + (locset_copy ((SimMemInj.src sm_arg).(Mem.nextblock).(Zpos) - m_tgt0.(Mem.nextblock).(Zpos)) rs) (typify_list vs_src sg.(sig_args)) (loc_arguments sg) = Some ls) (SIMVS: Val.inject_list (SimMemInj.inj sm_arg) vs_src vs_tgt) - (SM0: sm_init = (SimMemInjC.update sm_arg) sm_arg.(SimMemInj.src) m_tgt0 sm_arg.(SimMemInj.inj)) + (SM0: sm_init = (SimMemInjC.update sm_arg) (SimMemInj.src sm_arg) m_tgt0 (SimMemInj.inj sm_arg)) (PRIV: forall ofs (BDD: 0 <= ofs < 4 * size_arguments sg), - SimMemInj.tgt_private sm_init (Mem.nextblock sm_arg.(SimMemInj.tgt)) ofs) + SimMemInj.tgt_private sm_init (Mem.nextblock (SimMemInj.tgt sm_arg)) ofs) (MLE0: SimMem.le sm_arg sm_init) (MWF0: SimMem.wf sm_init) - (SM1: sm_junkinj = (SimMemInjC.update sm_init) (assign_junk_blocks sm_init.(SimMemInj.src) n) + (SM1: sm_junkinj = (SimMemInjC.update sm_init) (assign_junk_blocks (SimMemInj.src sm_init) n) (assign_junk_blocks m_tgt0 n) (SimMemInjC.inject_junk_blocks - sm_init.(SimMemInj.src) m_tgt0 n - sm_arg.(SimMemInj.inj))) + (SimMemInj.src sm_init) m_tgt0 n + (SimMemInj.inj sm_arg))) (MLE1: SimMem.le sm_init sm_junkinj) (MWF1: SimMem.wf sm_junkinj) (NB: Ple (Genv.genv_next (SkEnv.project skenv_link (Mod.sk md_src))) (Mem.nextblock m_tgt0)): assign_junk_blocks m_tgt0 n - |= dummy_frame_contents sm_arg.(SimMemInj.inj) ls sg (Mem.nextblock sm_arg.(SimMemInj.tgt)) 0 - ** minjection sm_junkinj.(SimMemInj.inj) sm_junkinj.(SimMemInj.src) - ** globalenv_inject ge sm_junkinj.(SimMemInj.inj). + |= dummy_frame_contents (SimMemInj.inj sm_arg) ls sg (Mem.nextblock (SimMemInj.tgt sm_arg)) 0 + ** minjection (SimMemInj.inj sm_junkinj) (SimMemInj.src sm_junkinj) + ** globalenv_inject ge (SimMemInj.inj sm_junkinj). Proof. sep_split. { ss. zsimpl. esplits; eauto with lia. @@ -894,7 +894,7 @@ Inductive match_states <> /\ < st_tgt0.(init_rs) mr = Vundef>>) - /\ (<>)>> /\ (* <> *) (* /\ <> *) @@ -904,8 +904,8 @@ Inductive match_states Inductive match_states_at (st_src0: Linear.state) (st_tgt0: MachC.state) (sm_at sm_arg: SimMem.t): Prop := | match_states_at_intro - (INJ: sm_at.(SimMemInj.inj) = sm_arg.(SimMemInj.inj)) - (INJ: sm_at.(SimMem.src) = sm_arg.(SimMem.src)) + (INJ: (SimMemInj.inj sm_at) = (SimMemInj.inj sm_arg)) + (INJ: (SimMem.src sm_at) = (SimMem.src sm_arg)) init_rs init_sg cs' tfptr rs sp skd fptr cs ls sig (SIGEQ: Sk.get_csig skd = Some sig) (SRCST: st_src0 = Linear.Callstate cs fptr sig ls (SimMemInj.src sm_arg)) @@ -914,7 +914,7 @@ Inductive match_states_at (PRIV: brange sp 0 (4 * size_arguments sig) <2= (SimMemInj.tgt_private sm_arg)) (SIG: Genv.find_funct skenv_link fptr = Some skd) (VALID: Mem.valid_block (SimMemInj.tgt sm_arg) sp) - (NB: sm_at.(SimMem.tgt).(Mem.nextblock) = sm_arg.(SimMem.tgt).(Mem.nextblock)) + (NB: (SimMem.tgt sm_at).(Mem.nextblock) = (SimMem.tgt sm_arg).(Mem.nextblock)) (SEP: SimMemInj.tgt sm_arg |= stack_contents_at_external (SimMemInj.inj sm_arg) cs cs' sig ** minjection (SimMemInj.inj sm_arg) (SimMemInj.src sm_arg) ** globalenv_inject ge (SimMemInj.inj sm_arg)). @@ -936,7 +936,7 @@ Inductive has_footprint (st_src0: Linear.state): MachC.state -> SimMem.t -> Prop sm0 (FOOT: SimMemInjC.has_footprint bot2 (brange blk (Ptrofs.unsigned (ofs)) (Ptrofs.unsigned (ofs) + 4 * (size_arguments sg))) sm0) - (* (MTGT: m0 = sm0.(SimMem.tgt)) *): + (* (MTGT: m0 = (SimMem.tgt sm0)) *): has_footprint st_src0 (mkstate init_rs init_sg (Callstate stack fptr rs m0)) sm0. Inductive mle_excl (st_src0: Linear.state): MachC.state -> SimMem.t -> SimMem.t -> Prop := @@ -950,7 +950,7 @@ Inductive mle_excl (st_src0: Linear.state): MachC.state -> SimMem.t -> SimMem.t sm0 sm1 (MLEEXCL: SimMemInjC.le_excl bot2 (brange blk (Ptrofs.unsigned (ofs)) (Ptrofs.unsigned (ofs) + 4 * (size_arguments sg))) sm0 sm1) - (* (MTGT: m0 = sm0.(SimMem.tgt)) *): + (* (MTGT: m0 = (SimMem.tgt sm0)) *): mle_excl st_src0 (mkstate init_rs init_sg (Callstate stack fptr ls0 m0)) sm0 sm1. Let SEGESRC: senv_genv_compat skenv_link ge. Proof. eapply SkEnv.senv_genv_compat; et. Qed. @@ -1094,9 +1094,7 @@ Proof. (* { unfold block. do 2 f_equal. bsimpl; des; des_sumbool; try lia. *) rewrite COND0 in *. assert(COND1: plt (Z.to_pos (Z.pos_sub b y) + m_src) (m_src + Pos.of_nat n)). - { bsimpl. des_sumbool. ii. unfold Plt in *. rewrite ! Z.pos_sub_spec. des_ifs; Pos_compare_tac. - destruct n; ss; try lia. - } + { bsimpl. des_sumbool. ii. unfold Plt in *. rewrite ! Z.pos_sub_spec. des_ifs; Pos_compare_tac. } rewrite COND1 in *. ss. } rename targs into targs_tgt. rename TYP into TYPTGT. @@ -1123,7 +1121,7 @@ Proof. { apply SIMSKENV. } { inv TYPTGT. econs; eauto. } { exploit SkEnv.revive_incl_skenv; try eapply INCLTGT; eauto. i. des. inv WF. - eapply WFPARAM in H; ss. unfold Ptrofs.max_unsigned in H. red in H. omega. } + eapply WFPARAM in H; ss. unfold Ptrofs.max_unsigned in H. red in H. lia. } { rewrite <- SG. ss. eauto. } { rewrite DEF, SM. s. f_equal; eauto. } { inv SIMSKENV. ss. inv SIMSKE. ss. @@ -1166,7 +1164,7 @@ Proof. inv CALLSRC. inv MATCH; ss. clarify. inv MATCHST; ss. destruct st_tgt0; ss. clarify. ss. clarify. des. exploit SOUND; ss; eauto. intro Q; des. exploit wt_callstate_agree; eauto. intros [AGCS AGARGS]. - assert(MCOMPAT0: sm0.(SimMemInj.inj) = j). { inv MCOMPAT. ss. } clarify. + assert(MCOMPAT0: (SimMemInj.inj sm0) = j). { inv MCOMPAT. ss. } clarify. hexpl match_stacks_sp_ofs RSP. hexploit arguments_perm; eauto. { eapply sep_drop_tail3 in SEP. eauto. } i; des. psimpl. @@ -1215,7 +1213,7 @@ Proof. { rp; [eapply H0; eauto|..]; eauto. } { unfold Mem.valid_block in *. eauto with congruence. } * rewrite <- sep_assoc. rewrite sep_comm. - eapply globalenv_inject_incr with (j:= sm0.(SimMemInj.inj)); eauto. + eapply globalenv_inject_incr with (j:= (SimMemInj.inj sm0)); eauto. { rewrite <- MINJ. eapply inject_incr_refl. } { eapply SimMemInj.inject_separated_frozen. rewrite <- MINJ. eapply SimMemInj.frozen_refl. } rewrite <- sep_assoc in SEP. rewrite sep_comm in SEP. bar. move SEP at bottom. @@ -1238,13 +1236,13 @@ Proof. - (* after fsim *) des. inv AFTERSRC. inv MATCH; ss. clarify. inv MATCHST; ss. destruct st_tgt0; ss. clarify. ss. clarify. - assert(MCOMPAT0: sm0.(SimMemInj.inj) = j). { inv MCOMPAT; ss. } clarify. + assert(MCOMPAT0: (SimMemInj.inj sm0) = j). { inv MCOMPAT; ss. } clarify. hexpl match_stacks_sp_ofs RSP. inv SIMRET; ss. assert(VALID: Mem.valid_block (SimMemInj.tgt sm0) sp). { inv HISTORY. inv MATCHARG. ss. clarify. eauto with congruence. } - assert(exists m_tgt0, <>). { eapply Mem_unfree_suceeds; eauto. unfold Mem.valid_block in *. eapply Plt_Ple_trans; eauto. etransitivity; try eapply MLE. eapply MLEAFTR. @@ -1356,7 +1354,7 @@ Proof. } { bar. inv STACKS; econs; et. inv AGL. econs; et. } } - eapply match_states_return with (j:= sm_ret.(SimMemInj.inj)); eauto. + eapply match_states_return with (j:= (SimMemInj.inj sm_ret)); eauto. * econs; ss; eauto. * eapply agree_regs_set_pair; cycle 1. { unfold rettypify. des_ifs. } @@ -1377,7 +1375,7 @@ Proof. rewrite <- sep_assoc. rewrite sep_comm. rewrite <- sep_assoc in SEP0. rewrite sep_comm in SEP0. destruct SEP0 as (A & B & C). sep_split. - { eapply globalenv_inject_incr_strong with (j:= sm_arg.(SimMemInj.inj)); eauto. + { eapply globalenv_inject_incr_strong with (j:= (SimMemInj.inj sm_arg)); eauto. - inv MLE0. ss. - eapply SimMemInj.inject_separated_frozen. inv MLE0. ss. inv MWF2. @@ -1418,11 +1416,11 @@ Proof. hexploit (loc_result_one init_sg); eauto. i; des_safe. Local Transparent stack_contents_args dummy_frame_contents. ss. unfold dummy_frame_contents in *. psimpl. clarify. - hexploit (Mem.range_perm_free sm0.(SimMemInj.tgt) sp 0 (4 * (size_arguments init_sg))); eauto. + hexploit (Mem.range_perm_free (SimMemInj.tgt sm0) sp 0 (4 * (size_arguments init_sg))); eauto. { inv MCOMPAT. clear - SEP. apply sep_pick1 in SEP. rr in SEP. des. zsimpl. eauto with extlia. } intros (sm_tgt1 & FREETGT). - assert(j = sm0.(SimMemInj.inj)). + assert(j = (SimMemInj.inj sm0)). { inv MCOMPAT; ss. } clarify. diff --git a/backend/TailcallproofC.v b/backend/TailcallproofC.v index 7b79774e..05c72bfe 100644 --- a/backend/TailcallproofC.v +++ b/backend/TailcallproofC.v @@ -36,8 +36,8 @@ Inductive match_states (idx: nat) (st_src0: RTL.state) (st_tgt0: RTL.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: Tailcallproof.match_states st_src0 st_tgt0) - (MCOMPATSRC: (get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (get_mem st_tgt0) = sm0.(SimMem.tgt)) + (MCOMPATSRC: (get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (get_mem st_tgt0) = (SimMem.tgt sm0)) (MCOMPATIDX: idx = Tailcallproof.measure st_src0). Theorem make_match_genvs : diff --git a/backend/TunnelingproofC.v b/backend/TunnelingproofC.v index 60067955..9c72353b 100644 --- a/backend/TunnelingproofC.v +++ b/backend/TunnelingproofC.v @@ -41,8 +41,8 @@ Inductive match_states (idx: nat) (st_src0: LTL.state) (st_tgt0: LTL.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: Tunnelingproof.match_states st_src0 st_tgt0) - (MCOMPATSRC: (get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (get_mem st_tgt0) = sm0.(SimMem.tgt)) + (MCOMPATSRC: (get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (get_mem st_tgt0) = (SimMem.tgt sm0)) (DUMMYTGT: strong_wf_tgt st_tgt0) (MEASURE: measure st_src0 = idx). diff --git a/backend/ValueAnalysisC.v b/backend/ValueAnalysisC.v index f9192806..c7ee982d 100644 --- a/backend/ValueAnalysisC.v +++ b/backend/ValueAnalysisC.v @@ -177,7 +177,7 @@ Section PRSV. } econs; s; eauto. * rewrite IMG. ii. des_ifs; ss. - * rewrite IMG. ii. des_ifs; ss. rewrite PTree.gempty in *. ss. + * rewrite IMG. ii. des_ifs; ss. * intros ? A. rewrite IMG in A. inv SKENV. ss. des_ifs; try extlia. bsimpl. des. des_sumbool. extlia. + r. rewrite IMG. i. des_ifs. + rr. ss. inv MEM. inv SKENV. ss. rewrite NB0. esplits; eauto. @@ -213,7 +213,7 @@ Section PRSV. ii. r in RETV. des. esplits; eauto; cycle 1. { inv AT; inv AFTER; ss. rewrite Retv.get_m_m; ss. refl. } + econs; eauto. intros cunit LO. specialize (H cunit LO). inv AFTER; ss. inv H; ss. - assert(BCARGS: (bc2su bc (Genv.genv_next skenv_link) m_arg.(Mem.nextblock)).(Sound.args) args). + assert(BCARGS: Sound.args (bc2su bc (Genv.genv_next skenv_link) m_arg.(Mem.nextblock)) args). { ss. inv AT; ss. s. des. rpapply sound_state_sound_args; eauto. } assert(BCLE0: le' su0 (bc2su bc (Genv.genv_next skenv_link) m_arg.(Mem.nextblock))). { eapply UnreachC.hle_lift; eauto. } diff --git a/bound/LinkingC2.v b/bound/LinkingC2.v index b4e2435d..85503854 100644 --- a/bound/LinkingC2.v +++ b/bound/LinkingC2.v @@ -220,12 +220,12 @@ Definition link_program (p1 p2: program): option (program) := | Some p => match lift_option (link p1.(prog_types) p2.(prog_types)) with | inright _ => None - | inleft (exist typs EQ) => + | inleft (exist _ typs EQ) => match link_build_composite_env p1.(prog_types) p2.(prog_types) typs p1.(prog_comp_env) p2.(prog_comp_env) p1.(prog_comp_env_eq) p2.(prog_comp_env_eq) EQ with - | exist env (conj P Q) => + | exist _ env (conj P Q) => Some {| prog_defs := p.(AST.prog_defs); prog_public := p.(AST.prog_public); prog_main := p.(AST.prog_main); @@ -245,14 +245,14 @@ Program Instance Linker_program: Linker (program) := { linkorder := linkorder_program }. Next Obligation. -- intros; split. apply linkorder_refl. auto. +- intros; split. apply linkorder_refl. auto. Defined. Next Obligation. - intros. destruct H, H0. split. eapply linkorder_trans; eauto. intros; auto. Defined. Next Obligation. -- intros until z. unfold link_program. +- intros until z. unfold link_program. destruct (link (program_of_program x) (program_of_program y)) as [p|] eqn:LP; try discriminate. destruct (lift_option (link (prog_types x) (prog_types y))) as [[typs EQ]|EQ]; try discriminate. destruct (link_build_composite_env (prog_types x) (prog_types y) typs diff --git a/bound/LowerBound.v b/bound/LowerBound.v index 412afae2..911a1a06 100644 --- a/bound/LowerBound.v +++ b/bound/LowerBound.v @@ -55,7 +55,6 @@ Proof. - econs; eauto. instantiate (1:=mkprogram nil nil p0.(prog_main)). econs; splits; eauto; ss. - i. eapply in_prog_defmap in H6. ss. - econs; eauto. inv H8. ss. Qed. @@ -2046,10 +2045,10 @@ Section PRESERVATION. replace (at_external skenv_link p) with (at_external skenv_link p0) in *. - inv ATEXTERNAL. + apply asm_frame_inj in FRAME. clarify. - unfold external_state. des_ifs; try omega. + unfold external_state. des_ifs; try lia. unfold local_genv, fundef in *. ss. des. des_ifs. + apply asm_frame_inj in FRAME. clarify. - unfold external_state. des_ifs; try omega. + unfold external_state. des_ifs; try lia. unfold local_genv, fundef in *. ss. des. des_ifs. - apply f_equal with (f := Frame.ms) in FRAME. ss. inv FRAME. apply Eqdep.EqdepTheory.inj_pair2 in H0. auto. @@ -2225,8 +2224,8 @@ Section PRESERVATION. - eapply Mem.mi_mappedblocks; eauto. - intros PERM. eapply PERM. exploit Mem.perm_inject; eauto. - + eapply freed_from_perm; eauto. instantiate (1:=ofs-delta). omega. - + i. replace ofs with (ofs - delta + delta); [auto|omega]. } + + eapply freed_from_perm; eauto. instantiate (1:=ofs-delta). lia. + + i. replace ofs with (ofs - delta + delta); [auto|lia]. } { intros delta' BOUND. eapply separated_out_of_reach; cycle 2; eauto. - eapply Mem.mi_mappedblocks; eauto. - eapply freed_from_out_of_reach; eauto. @@ -2291,7 +2290,7 @@ Section PRESERVATION. - eapply RANGE. right. rewrite SIG1 in SIG2. inv SIG2. rewrite SIG3 in SIG4. inv SIG4. et. } * ss. - + ss. des_ifs; omega. + + ss. des_ifs; lia. Qed. Lemma match_states_call_ord_1 args frs st_tgt n @@ -2310,10 +2309,10 @@ Section PRESERVATION. eapply modsem_receptive. - econs; i. + set (STEP := H). inv STEP. inv H0. eexists. eauto. - + ii. inv H. ss. omega. + + ii. inv H. ss. lia. - econs; i. + set (STEP := H). inv STEP. inv H0. eexists. eauto. - + ii. inv H. ss. omega. + + ii. inv H. ss. lia. Qed. Lemma match_state_xsim: diff --git a/bound/LowerBoundExtra.v b/bound/LowerBoundExtra.v index 48ff9825..78f4757c 100644 --- a/bound/LowerBoundExtra.v +++ b/bound/LowerBoundExtra.v @@ -162,14 +162,14 @@ Lemma freed_from_out_of_reach j m_src0 m_src1 m_tgt blk lo hi blk' delta ofs loc_out_of_reach j m_src1 blk' ofs. Proof. ii. destruct (eq_block b0 blk). - - clarify. eapply freed_from_noperm; eauto. omega. + - clarify. eapply freed_from_noperm; eauto. lia. - exploit Mem.inject_no_overlap; eauto. + eapply freed_from_perm_le; eauto. + eapply Mem.perm_cur. eapply Mem.perm_implies. eapply freed_from_perm; eauto. - instantiate (1 := ofs - delta). omega. econs. - + i. des; eauto. omega. + instantiate (1 := ofs - delta). lia. econs. + + i. des; eauto. lia. Qed. Lemma freed_from_perm_greater m0 m1 blk lo hi @@ -204,7 +204,7 @@ Qed. Lemma init_mem_freed_from m_init: freed_from m_init m_init 1%positive 0 0. Proof. - econs; ii; auto; try omega. + econs; ii; auto; try lia. econs; eauto. refl. Qed. diff --git a/bound/UpperBound_A.v b/bound/UpperBound_A.v index 2ad7a896..07bdef3e 100644 --- a/bound/UpperBound_A.v +++ b/bound/UpperBound_A.v @@ -777,15 +777,30 @@ Section PRESERVATION. exploit IHl. eapply H6. eapply H9. i. des. subst. split; eauto. Qed. - Lemma assign_loc_dtm: - forall senv genv ty m3 b ofs v1 tr m1, - assign_loc senv genv ty m3 b ofs v1 tr m1 -> - forall m0, assign_loc senv genv ty m3 b ofs v1 tr m0 -> m1 = m0. + + Lemma store_bitfield_dtm + ty sz sg pos w m addr i m1 v1 m1' v1' + (STORE1: store_bitfield ty sz sg pos w m addr i m1 v1) + (STORE2: store_bitfield ty sz sg pos w m addr i m1' v1') + : m1 = m1' /\ v1 = v1'. + Proof. inv STORE1. inv STORE2. clarify. Qed. + + Lemma assign_loc_dtm + senv g ty m b + ofs bf v tr m1 m1' v1 v1' + (ASSIGN1: assign_loc senv g ty m b ofs bf v tr m1 v1) + (ASSIGN2: assign_loc senv g ty m b ofs bf v tr m1' v1'): + m1 = m1' /\ v1 = v1'. Proof. - induction 1; intros m0 EV; inv EV; f_equal; Eq; clarify. - clear -H1 H4. - revert H4. revert m0. - induction H1; intros m0 EV; inv EV; f_equal; Eq; clarify. + generalize dependent g. + generalize dependent m1'. + generalize dependent v1'. + induction 1; i. + - inv ASSIGN2; split; Eq; auto. + - inv ASSIGN2; split; Eq; auto. + inv H1; inv H4. inv H5; inv H15; try congruence. Eq. auto. + - inv ASSIGN2; split; Eq; auto. + - inv ASSIGN2. eapply store_bitfield_dtm; eauto. Qed. Lemma bind_param_dtm @@ -799,7 +814,7 @@ Section PRESERVATION. induction l. i. inv BPARAM1. inv BPARAM2. auto. i. inv BPARAM1. inv BPARAM2. auto. Eq. - exploit assign_loc_dtm. eapply H3. eapply H10. i. subst. + exploit assign_loc_dtm. eapply H3. eapply H10. intros [? ?]. subst. exploit IHl. eapply H6. eapply H11. i. eauto. Qed. Lemma match_xsim @@ -842,7 +857,7 @@ Section PRESERVATION. (* receptiveness *) { econs. ii. inv H1; ModSem.tac. inv H2. eexists. eapply step_call. instantiate (1:=args). eauto. - ii. inv H1; ModSem.tac. ss. omega. } + ii. inv H1; ModSem.tac. ss. lia. } eapply plus_one. econs; et. (* determ *) { econs. @@ -856,7 +871,7 @@ Section PRESERVATION. + exfalso; eapply ModSem.call_return_disjoint. split. eauto. eauto. - i. ss. inv FINAL. eapply ModSem.call_return_disjoint. split. eapply H. eauto. - - ii. inv H1; ss; try omega. + - ii. inv H1; ss; try lia. exfalso; eapply ModSem.call_step_disjoint. split. eapply H. eauto. } econs; eauto. instantiate (1:= args). @@ -1014,7 +1029,7 @@ Section PRESERVATION. { inv H1. eexists. econs 2. econs; eauto. } { exfalso. ss. des_ifs. rewrite Genv.find_funct_ptr_iff in *. rewrite Heq in FPTR. clarify. } - - ii. inv H; inv H1; ss; try omega. + - ii. inv H; inv H1; ss; try lia. eapply external_call_trace_length; eauto. } eapply plus_left with (t1 := E0) (t2 := E0); ss. { econs; et. @@ -1027,7 +1042,7 @@ Section PRESERVATION. exploit external_call_match_traces. eapply H12. eapply H11. i. split; auto. i. subst. exploit external_call_deterministic. eapply H12. eapply H11. i. des; subst. auto. auto. - i. ss. - - ii. inv H; inv H1; ss; try omega. + - ii. inv H; inv H1; ss; try lia. exploit external_call_trace_length; eauto. } econs 1; ss; et. econs; ss; et. @@ -1043,7 +1058,7 @@ Section PRESERVATION. exploit find_fptr_owner_determ. eapply MSFIND. eauto. i. subst ms. subst ms0. ss. inv INIT; inv INIT0. ss. des_ifs. - i. ss. des_ifs. inv FINAL. - - ii. inv H. ss. omega. + - ii. inv H. ss. lia. } econs 2; ss; et. { des_ifs. folder. eauto. } @@ -1128,7 +1143,7 @@ Section PRESERVATION. exploit external_call_match_traces. eapply H13. eapply H14. i. split; auto. i. subst. exploit external_call_deterministic. eapply H13. eapply H14. i. des; subst. auto. auto. + i. inv FINAL. - + ii. inv H2; inv H3. ss; omega. + + ii. inv H2; inv H3. ss; lia. eapply external_call_trace_length; eauto. } rewrite LINKTGT in *. rpapply step_internal; ss; et. rr. right. econs; ss; et. diff --git a/bound/UpperBound_AExtra.v b/bound/UpperBound_AExtra.v index a64b6838..167250b4 100644 --- a/bound/UpperBound_AExtra.v +++ b/bound/UpperBound_AExtra.v @@ -468,21 +468,25 @@ Section SIM. revert cp delta f0 n. induction (co_members co) as [| mhd mtl]; try (by ss); i. ss. destruct mhd. - assert (ALIGN: (align n (alignof (prog_comp_env cp) t)) = (align n (alignof (prog_comp_env cp_link) t))). - { clear -COMPLETE EXTENDS. - revert t n cp cp_link COMPLETE EXTENDS. - induction t; ss; i; unfold align_attr; des_ifs; auto. - - exploit EXTENDS; eauto. i. Eq. auto. - - exploit EXTENDS; eauto. i. Eq. - - exploit EXTENDS; eauto. i. Eq. auto. - - exploit EXTENDS; eauto. i. Eq. } - des_ifs. - - rewrite ALIGN. auto. - - rewrite ALIGN in *. - eapply andb_prop in COMPLETE. des; auto. - exploit IHmtl; eauto. - intros. erewrite H. - erewrite <- sizeof_stable; eauto. + { assert (ALIGN: (align n (alignof (prog_comp_env cp) t * 8)) = (align n (alignof (prog_comp_env cp_link) t * 8))). + { clear -COMPLETE EXTENDS. + revert t n cp cp_link COMPLETE EXTENDS. + induction t; ss; i; unfold align_attr; des_ifs; auto. + - exploit EXTENDS; eauto. i. Eq. auto. + - exploit EXTENDS; eauto. i. Eq. + - exploit EXTENDS; eauto. i. Eq. auto. + - exploit EXTENDS; eauto. i. Eq. } + assert (BALIGN: (align n (bitalignof (prog_comp_env cp) t)) = (align n (bitalignof (prog_comp_env cp_link) t))). + { unfold bitalignof. apply ALIGN. } + des_ifs. + - cbn. rewrite BALIGN. auto. + - cbn. rewrite BALIGN in *. + eapply andb_prop in COMPLETE. des; auto. + exploit IHmtl; eauto. + intros. erewrite H. + unfold bitsizeof. + erewrite <- sizeof_stable; eauto. } + { des_ifs. eauto. } Qed. Lemma sem_add_ptr_int_same1 @@ -889,6 +893,7 @@ Section SIM. Hypothesis WFSRC: forall md : Mod.t, In md prog_src -> Sk.wf md. Hypothesis WFTGT: forall md : Mod.t, In md prog_tgt -> Sk.wf md. + Lemma lred_progress cp f C a k3 k0 e m a' m' (FOC: is_focus cp) @@ -921,8 +926,14 @@ Section SIM. exploit co_consistent_complete; et. - exploit types_of_context1; eauto. intros [tys [A B]]. inv WTTGT. ss. exploit (WTYE (Tunion id a0)). - eapply B. ss. auto. i. inv H0. des_ifs. - do 2 eexists. econs 5; eauto. + eapply B. ss. auto. i. inv H1. des_ifs. + do 2 eexists. econs 5; et. + + cbn. eapply EXTENDS in Heq as EXTENDS'. clarify. + erewrite <- union_field_offset_stable; et. + apply co_consistent_complete. + eapply build_composite_env_consistent; eauto. + apply prog_comp_env_eq. Qed. Lemma match_focus_state_bsim @@ -965,6 +976,12 @@ Section SIM. exploit build_composite_env_consistent; et. intro Y. exploit co_consistent_complete; et. intro Z. erewrite <- field_offset_same; eauto. + * econs; et. cbn in *. + apply EXTENDS in H1 as EXTENDS'. + erewrite union_field_offset_stable; et. + apply co_consistent_complete. + eapply build_composite_env_consistent; eauto. + apply prog_comp_env_eq. (* rred *) + left. econs; eauto. rename C into CC. @@ -1021,7 +1038,9 @@ Section SIM. + erewrite wt_type_sizeof_stable; eauto. exploit (WTYE ty1); eauto. eapply B. ss. auto. + erewrite wt_type_sizeof_stable; eauto. - exploit (WTYE ty1); eauto. eapply B. ss. auto. } + exploit (WTYE ty1); eauto. eapply B. ss. auto. + - econs; eauto. + } * econs 5; eauto. - right. inv STEP; inv ST; try (by econs; eauto). @@ -1122,7 +1141,7 @@ Section SIM. * econs 2; eauto. * inv H2. { econs 3; eauto. - instantiate (1:= m'). instantiate (1:=(Eloc b Ptrofs.zero ty)). econs; eauto. } + instantiate (1:= m'). instantiate (1:=(Eloc b Ptrofs.zero Full ty)). econs; eauto. } { ss. econs 3; eauto. econs 2; eauto. ss. instantiate (1 := b). unfold Genv.find_symbol in *. ss. @@ -1151,7 +1170,13 @@ Section SIM. exploit types_of_context1; eauto. intros [tys [A B]]. inv WTTGT. ss. exploit (WTYE (Tunion id a)). eapply B. ss. auto. i. inv H4. des_ifs. - econs 3; eauto. ss. econs 5; eauto. } + econs 3; eauto. ss. econs 5; eauto. + des_ifs. + apply EXTENDS in Heq as EXTENDS'. + erewrite union_field_offset_stable; et. + apply co_consistent_complete. + eapply build_composite_env_consistent; eauto. + apply prog_comp_env_eq. } * inv H2; try (by (econs 4; eauto; econs; eauto)). { econs 4; eauto. econs 4; eauto. ss. unfold sem_binary_operation in *. des_ifs; eauto. - exploit context_compose. eapply H. eapply H3. i. @@ -1171,7 +1196,8 @@ Section SIM. + erewrite <- wt_type_sizeof_stable; eauto. exploit (WTYE ty1); eauto. eapply B. ss. auto. + erewrite <- wt_type_sizeof_stable; eauto. - exploit (WTYE ty1); eauto. eapply B. ss. auto. } + exploit (WTYE ty1); eauto. eapply B. ss. auto. + - econs; eauto. } * econs 5; eauto. - ss. inversion STEP; subst; inv ST; ss; try (by eexists; right; econs; eauto); (try by (destruct k3; destruct k0; ss; clarify; try (by eexists; right; econs; eauto); diff --git a/bound/UpperBound_B.v b/bound/UpperBound_B.v index 2e2f666b..59561563 100644 --- a/bound/UpperBound_B.v +++ b/bound/UpperBound_B.v @@ -288,17 +288,29 @@ Section PRESERVATION. Notation "'rred'" := (rred skenv_link) (only parsing). Notation "'estep'" := (estep skenv_link) (only parsing). + Lemma store_bitfield_determ + ty sz sg pos w m addr i m1 v1 m1' v1' + (STORE1: store_bitfield ty sz sg pos w m addr i m1 v1) + (STORE2: store_bitfield ty sz sg pos w m addr i m1' v1') + : m1 = m1' /\ v1 = v1'. + Proof. inv STORE1. inv STORE2. clarify. Qed. + Lemma assign_loc_determ g ty m b - ofs v tr m1 m1' - (ASSIGN1: assign_loc g ty m b ofs v tr m1) - (ASSIGN2: assign_loc g ty m b ofs v tr m1'): - m1 = m1'. + ofs bf v tr m1 m1' v1 v1' + (ASSIGN1: assign_loc g ty m b ofs bf v tr m1 v1) + (ASSIGN2: assign_loc g ty m b ofs bf v tr m1' v1'): + m1 = m1' /\ v1 = v1'. Proof. generalize dependent g. generalize dependent m1'. - induction 1; i; inv ASSIGN2; f_equal; Eq; auto. - inv H1; inv H4. inv H5; inv H15; try congruence. Eq. auto. + generalize dependent v1'. + induction 1; i. + - inv ASSIGN2; split; Eq; auto. + - inv ASSIGN2; split; Eq; auto. + inv H1; inv H4. inv H5; inv H15; try congruence. Eq. auto. + - inv ASSIGN2; split; Eq; auto. + - inv ASSIGN2. eapply store_bitfield_determ; eauto. Qed. Lemma bind_parameters_determ @@ -530,9 +542,9 @@ Section PRESERVATION. exploit volatile_load_preserved; eauto. eapply Senv_equiv2. eapply Senv_equiv1. Qed. - Lemma deref_loc_same ty m' b ofs tr v: - deref_loc {| genv_genv := (local_genv prog); genv_cenv := prog_comp_env prog |} ty m' b ofs tr v - <-> deref_loc (globalenv prog) ty m' b ofs tr v. + Lemma deref_loc_same ty m' b ofs bf tr v: + deref_loc {| genv_genv := (local_genv prog); genv_cenv := prog_comp_env prog |} ty m' b ofs bf tr v + <-> deref_loc (globalenv prog) ty m' b ofs bf tr v. Proof. destruct match_ge_skenv_link. split; intro DEREF; @@ -552,11 +564,11 @@ Section PRESERVATION. exploit volatile_store_preserved; eauto. eapply Senv_equiv2. eapply Senv_equiv1. Qed. - Lemma assign_loc_same ty m b ofs v tr m': + Lemma assign_loc_same ty m b ofs bf v tr m' v': assign_loc {| genv_genv := (local_genv prog); - genv_cenv := prog_comp_env prog |} ty m b ofs v tr m' - <-> assign_loc (globalenv prog) ty m b ofs v tr m'. + genv_cenv := prog_comp_env prog |} ty m b ofs bf v tr m' v' + <-> assign_loc (globalenv prog) ty m b ofs bf v tr m' v'. Proof. destruct match_ge_skenv_link. split; intro ASSIGN; diff --git a/cfrontend/ClightC.v b/cfrontend/ClightC.v index eaaa91a7..7d183ea6 100644 --- a/cfrontend/ClightC.v +++ b/cfrontend/ClightC.v @@ -122,15 +122,17 @@ Section MODSEM. Lemma eval_expr_determ: forall e le m a v, eval_expr ge e le m a v -> forall v', eval_expr ge e le m a v' -> v = v' with eval_lvalue_determ: - forall e le m a loc ofs, eval_lvalue ge e le m a loc ofs -> forall loc' ofs', eval_lvalue ge e le m a loc' ofs' -> loc = loc' /\ ofs = ofs'. + forall e le m a loc ofs bf, eval_lvalue ge e le m a loc ofs bf -> forall loc' ofs' bf', eval_lvalue ge e le m a loc' ofs' bf' -> loc = loc' /\ ofs = ofs' /\ bf = bf'. Proof. - induction 1; intros v' EV; inv EV; try (by determ_tac eval_expr_determ); try (by determ_tac eval_lvalue_determ); try congruence; try by inv H; try by inv H0; try by inv H1; try by inv H2. + determ_tac eval_expr_determ. clear H. determ_tac eval_expr_determ. + determ_tac eval_lvalue_determ. inv H0; inv H2; try congruence. - - induction 1; intros loc' ofs' EV; inv EV; des_ifs; try (by determ_tac eval_expr_determ); try congruence. - + determ_tac eval_expr_determ. rewrite H0 in H7. des_ifs. rewrite H2 in H11. des_ifs. + inv H3; inv H8. congruence. + - induction 1; intros loc' ofs' bf' EV; inv EV; des_ifs; try (by determ_tac eval_expr_determ); try congruence. + + determ_tac eval_expr_determ. rewrite H0 in H7. des_ifs. rewrite H2 in H12. des_ifs. + + determ_tac eval_expr_determ. rewrite H0 in H7. des_ifs. rewrite H2 in H12. des_ifs. Qed. Let eval_exprlist_determ: @@ -168,7 +170,7 @@ Section MODSEM. try (determ_tac eval_lvalue_determ; check_safe); try (determ_tac eval_exprlist_determ; check_safe); try (determ_tac eval_builtin_args_determ; check_safe); try (determ_tac external_call_determ; check_safe); esplits; eauto; try (econs; eauto); ii; eq_closure_tac; clarify_meq. - + inv H4; inv H16; congruence. + + inv H4; inv H16; try congruence. inv H; inv H8. congruence. + determ_tac eval_exprlist_determ. + inv H1. inv H8. hexploit (alloc_variables_determ H0 H3). i; des; clarify. determ_tac bind_parameters_determ. - ii. inv H; try (exploit external_call_trace_length; eauto; check_safe; intro T; des); ss; try extlia. @@ -190,7 +192,7 @@ Section MODSEM. try (determ_tac eval_lvalue_determ; check_safe); try (determ_tac eval_exprlist_determ; check_safe); try (determ_tac eval_builtin_args_determ; check_safe); try (determ_tac external_call_determ; check_safe); esplits; eauto; try (econs; eauto); ii; eq_closure_tac; clarify_meq. - + inv H4; inv H16; congruence. + + inv H4; inv H16; try congruence. inv H; inv H8. congruence. + determ_tac eval_exprlist_determ. + inv H1. inv H8. hexploit (alloc_variables_determ H3 H7). i; des; clarify. - ii. inv H; try (exploit external_call_trace_length; eauto; check_safe; intro T; des); ss; try extlia. diff --git a/cfrontend/CsharpminorC.v b/cfrontend/CsharpminorC.v index a4f8f5d6..38144d3a 100644 --- a/cfrontend/CsharpminorC.v +++ b/cfrontend/CsharpminorC.v @@ -48,7 +48,7 @@ Section MODSEM. (CSTYLE: Args.is_cstyle args /\ fd.(fn_sig).(sig_cstyle) = true) (FINDF: Genv.find_funct ge (Args.fptr args) = Some (Internal fd)) (TYP: typecheck (Args.vs args) fd.(fn_sig) tvs) - (LEN: (Args.vs args).(length) = fd.(fn_sig).(sig_args).(length)) + (LEN: (length (Args.vs args)) = (length fd.(fn_sig).(sig_args))) : initial_frame args (Callstate (Args.fptr args) fd.(fn_sig) tvs Kstop (Args.m args)). diff --git a/cfrontend/CshmgenproofC.v b/cfrontend/CshmgenproofC.v index dc023859..1ea3aa19 100644 --- a/cfrontend/CshmgenproofC.v +++ b/cfrontend/CshmgenproofC.v @@ -52,8 +52,8 @@ Inductive match_states (idx: nat) (st_src0: Clight.state) (st_tgt0: Csharpminor.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: Cshmgenproof.match_states prog ge tge st_src0 st_tgt0) - (MCOMPATSRC: (ClightC.get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (CsharpminorC.get_mem st_tgt0) = sm0.(SimMem.tgt)). + (MCOMPATSRC: (ClightC.get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (CsharpminorC.get_mem st_tgt0) = (SimMem.tgt sm0)). Theorem make_match_genvs : SimSymbId.sim_skenv (SkEnv.project skenv_link (Mod.sk md_src)) (SkEnv.project skenv_link (Mod.sk md_tgt)) -> diff --git a/cfrontend/CstrategyC.v b/cfrontend/CstrategyC.v index 0f6951b1..d5ce2388 100644 --- a/cfrontend/CstrategyC.v +++ b/cfrontend/CstrategyC.v @@ -108,11 +108,11 @@ Section MODSEM. inv H10. exploit deref_loc_receptive; eauto. intros [EQ [v1' A]]. subst t0. destruct (sem_binary_operation ge op v1' (typeof l) v2 (typeof r) m) as [v3'|] eqn:?. destruct (sem_cast v3' tyres (typeof l) m) as [v4'|] eqn:?. - destruct (classic (exists t2', exists m'', assign_loc skenv_link ge (typeof l) m b ofs v4' t2' m'')). - destruct H1 as [t2' [m'' P]]. + destruct (classic (exists t2', exists m'', exists v'', assign_loc skenv_link ge (typeof l) m b ofs bf v4' t2' m'' v'')). + destruct H1 as [t2' [m'' [v'' P]]]. econstructor; econstructor. left; eapply step_assignop with (v1 := v1'); eauto. simpl; reflexivity. econstructor; econstructor. left; eapply step_assignop_stuck with (v1 := v1'); eauto. - rewrite Heqo; rewrite Heqo0. intros; red; intros; elim H1. exists t0; exists m'0; auto. + rewrite Heqo; rewrite Heqo0. intros; red; intros; elim H1. exists t0; exists m'0; exists v'0; auto. econstructor; econstructor. left; eapply step_assignop_stuck with (v1 := v1'); eauto. rewrite Heqo; rewrite Heqo0; auto. econstructor; econstructor. left; eapply step_assignop_stuck with (v1 := v1'); eauto. @@ -121,11 +121,11 @@ Section MODSEM. exploit deref_loc_receptive; eauto. intros [EQ [v1' A]]. subst t1. destruct (sem_binary_operation ge op v1' (typeof l) v2 (typeof r) m) as [v3'|] eqn:?. destruct (sem_cast v3' tyres (typeof l) m) as [v4'|] eqn:?. - destruct (classic (exists t2', exists m'', assign_loc skenv_link ge (typeof l) m b ofs v4' t2' m'')). - destruct H1 as [t2' [m'' P]]. + destruct (classic (exists t2', exists m'', exists v'', assign_loc skenv_link ge (typeof l) m b ofs bf v4' t2' m'' v'')). + destruct H1 as [t2' [m'' [ v'' P]]]. econstructor; econstructor. left; eapply step_assignop with (v1 := v1'); eauto. simpl; reflexivity. econstructor; econstructor. left; eapply step_assignop_stuck with (v1 := v1'); eauto. - rewrite Heqo; rewrite Heqo0. intros; red; intros; elim H1. exists t2; exists m'; auto. + rewrite Heqo; rewrite Heqo0. intros; red; intros; elim H1. exists t2; exists m'; eexists; eauto. econstructor; econstructor. left; eapply step_assignop_stuck with (v1 := v1'); eauto. rewrite Heqo; rewrite Heqo0; auto. econstructor; econstructor. left; eapply step_assignop_stuck with (v1 := v1'); eauto. @@ -137,11 +137,11 @@ Section MODSEM. inv H9. exploit deref_loc_receptive; eauto. intros [EQ [v1' A]]. subst t0. destruct (sem_incrdecr ge id v1' (typeof l) m) as [v2'|] eqn:?. destruct (sem_cast v2' (incrdecr_type (typeof l)) (typeof l) m) as [v3'|] eqn:?. - destruct (classic (exists t2', exists m'', assign_loc skenv_link ge (typeof l) m b ofs v3' t2' m'')). - destruct H1 as [t2' [m'' P]]. + destruct (classic (exists t2', exists m'', exists v'', assign_loc skenv_link ge (typeof l) m b ofs bf v3' t2' m'' v'')). + destruct H1 as [t2' [m'' [v'' P]]]. econstructor; econstructor. left; eapply step_postincr with (v1 := v1'); eauto. simpl; reflexivity. econstructor; econstructor. left; eapply step_postincr_stuck with (v1 := v1'); eauto. - rewrite Heqo; rewrite Heqo0. intros; red; intros; elim H1. exists t0; exists m'0; auto. + rewrite Heqo; rewrite Heqo0. intros; red; intros; elim H1. exists t0; exists m'0; eauto. econstructor; econstructor. left; eapply step_postincr_stuck with (v1 := v1'); eauto. rewrite Heqo; rewrite Heqo0; auto. econstructor; econstructor. left; eapply step_postincr_stuck with (v1 := v1'); eauto. @@ -150,11 +150,11 @@ Section MODSEM. exploit deref_loc_receptive; eauto. intros [EQ [v1' A]]. subst t1. destruct (sem_incrdecr ge id v1' (typeof l) m) as [v2'|] eqn:?. destruct (sem_cast v2' (incrdecr_type (typeof l)) (typeof l) m) as [v3'|] eqn:?. - destruct (classic (exists t2', exists m'', assign_loc skenv_link ge (typeof l) m b ofs v3' t2' m'')). - destruct H1 as [t2' [m'' P]]. + destruct (classic (exists t2', exists m'', exists v'', assign_loc skenv_link ge (typeof l) m b ofs bf v3' t2' m'' v'')). + destruct H1 as [t2' [m'' [v'' P]]]. econstructor; econstructor. left; eapply step_postincr with (v1 := v1'); eauto. simpl; reflexivity. econstructor; econstructor. left; eapply step_postincr_stuck with (v1 := v1'); eauto. - rewrite Heqo; rewrite Heqo0. intros; red; intros; elim H1. exists t2; exists m'; auto. + rewrite Heqo; rewrite Heqo0. intros; red; intros; elim H1. exists t2; exists m'; eauto. econstructor; econstructor. left; eapply step_postincr_stuck with (v1 := v1'); eauto. rewrite Heqo; rewrite Heqo0; auto. econstructor; econstructor. left; eapply step_postincr_stuck with (v1 := v1'); eauto. diff --git a/cfrontend/CtypesC.v b/cfrontend/CtypesC.v index 0948c45a..0e6c4258 100644 --- a/cfrontend/CtypesC.v +++ b/cfrontend/CtypesC.v @@ -90,6 +90,27 @@ Module CSk. - inv H0. ss. Qed. + Lemma match_program_gen_eq + F1 F2 (match_fundef: Ctypes.program _ -> Ctypes.fundef _ -> Ctypes.fundef _ -> Prop) + match_varinfo fn_sig1 fn_sig2 + (p1: Ctypes.program F1) + (p2: Ctypes.program F2) + (MATCH: match_program_gen match_fundef match_varinfo p1 p1 p2) + (WF: wf_match_fundef match_fundef fn_sig1 fn_sig2): + <>. + Proof. + rr in MATCH. des. + unfold of_program. r. f_equal; ss. + revert MATCH. generalize p1 at 1 as CTX. i. + destruct p1, p2; ss. clear - MATCH WF. + ginduction prog_defs; ii; ss; inv MATCH; ss. + erewrite IHprog_defs; eauto. f_equal; eauto. + inv H1. destruct a, b1; ss. clarify. inv H0; ss. + - unfold update_snd. exploit WF; eauto. i; des; clarify; ss. + + repeat f_equal. exploit WF; et. + - inv H. ss. + Qed. + Lemma of_program_prog_defmap: forall F (p: Ctypes.program F) (get_sg: F -> signature), < - Genv.match_genvs (match_globdef (fun (ctx : AST.program Csyntax.fundef type) f tf => tr_fundef f tf) eq prog) ge tge /\ prog_comp_env prog = prog_comp_env tprog. + Genv.match_genvs (match_globdef tr_fundef eq prog) ge tge /\ prog_comp_env prog = prog_comp_env tprog. Proof. subst_locals. ss. rr in TRANSL. destruct TRANSL. r in H. esplits. - eapply SimSymbId.sim_skenv_revive; eauto. @@ -102,12 +102,15 @@ Proof. inv MATCH; ss. inv MATCHST; ss. esplits; eauto; econs; ss; eauto. clarify. econs; eauto. - (* final fsim *) - inv MATCH. inv FINALSRC; inv MATCHST; ss. inv H3. destruct sm0; ss. clarify. + inv MATCH. inv FINALSRC; inv MATCHST; ss. (* inv H3. *) + specialize (MK (prog_comp_env prog)). inv MK. + destruct sm0; ss. clarify. eexists (SimMemId.mk _ _). esplits; ss; eauto. econs; ss; eauto. - left; i. esplits; eauto. { apply modsem_strongly_receptive; et. } inv MATCH. ii. hexploit (@simulation prog skenv_link skenv_link); eauto. { inv SIMSKENV. ss. } + { i. cbn. auto. } { exploit make_match_genvs; eauto. { eapply SIMSKENV. } intro T; des. esplits; eauto. } i. des_safe. esplits; eauto. + des. @@ -135,7 +138,7 @@ Definition mp: ModPair.t := SimSymbId.mk_mp (Mod.Atomic.trans (CstrategyC.module Theorem sim_mod: ModPair.sim mp. Proof. econs; ss. - - r. inv TRANSL. eapply CSk.match_program_eq; et. + - r. inv TRANSL. eapply CSk.match_program_gen_eq; et. ii. destruct f1; ss. + clarify. right. inv MATCH. esplits; eauto. inv H2. unfold CsemC.signature_of_function, signature_of_function. f_equal; congruence. diff --git a/common/ASTC.v b/common/ASTC.v index f7ed3748..d8dcaed9 100644 --- a/common/ASTC.v +++ b/common/ASTC.v @@ -43,7 +43,6 @@ Proof. rewrite <- ! fold_left_rev_right in *. rewrite <- map_rev. unfold PTree.elt. abstr (rev defs) xs. clear_tac. generalize id. induction xs; ii; try rewrite PTree.gempty in *; ss. - { unfold option_map. rewrite PTree.gempty in *; ss. } destruct a; ss. rewrite PTree.gsspec. des_ifs. { unfold option_map. rewrite PTree.gsspec. des_ifs. } diff --git a/common/MemoryC.v b/common/MemoryC.v index 5472e4cc..eeadb0c2 100644 --- a/common/MemoryC.v +++ b/common/MemoryC.v @@ -76,7 +76,7 @@ Lemma unchanged_ro_trans : <> . -Proof. +Proof. ii. econs. - eapply Ple_trans; et; eapply unchanged_ro_nextblock; et. - i. eapply unchanged_ro_perm; et. @@ -275,7 +275,7 @@ Proof. unfold f'; intros. destruct (eq_block b0 b1); eauto. inversion H8. subst b0 b3 delta0. elim (fresh_block_alloc _ _ _ _ _ H0). - eapply perm_valid_block with (ofs := ofs). apply H9. generalize (size_chunk_pos chunk); omega. + eapply perm_valid_block with (ofs := ofs). apply H9. generalize (size_chunk_pos chunk); lia. unfold f'; intros. destruct (eq_block b0 b1). inversion H8. subst b0 b3 delta0. elim (fresh_block_alloc _ _ _ _ _ H0). eauto with mem. @@ -295,27 +295,27 @@ Proof. destruct (eq_block b0 b1); destruct (eq_block b3 b1); eauto; try congruence. inversion H10; subst b0 b1' delta1. destruct (eq_block b2 b2'); auto. subst b2'. right; red; intros. - eapply H6; eauto. omega. + eapply H6; eauto. lia. inversion H11; subst b3 b2' delta2. destruct (eq_block b1' b2); auto. subst b1'. right; red; intros. - eapply H6; eauto. omega. + eapply H6; eauto. lia. (* representable *) unfold f'; intros. destruct (eq_block b b1). subst. injection H9; intros; subst b' delta0. destruct H10. exploit perm_alloc_inv; eauto; rewrite dec_eq_true; intro. { generalize (Ptrofs.unsigned_range_2 ofs). i. exploit H3. apply H4 with (k := Max) (p := Nonempty); eauto. i. - omega. } + lia. } exploit perm_alloc_inv; eauto; rewrite dec_eq_true; intro. { generalize (Ptrofs.unsigned_range_2 ofs). i. exploit H3. apply H4 with (k := Max) (p := Nonempty); eauto. i. - omega. } + lia. } eapply mi_representable0; try eassumption. destruct H10; eauto using perm_alloc_4. (* perm inv *) intros. unfold f' in H9; destruct (eq_block b0 b1). inversion H9; clear H9; subst b0 b3 delta0. - assert (EITHER: lo <= ofs < hi \/ ~(lo <= ofs < hi)) by omega. + assert (EITHER: lo <= ofs < hi \/ ~(lo <= ofs < hi)) by lia. destruct EITHER. left. apply perm_implies with Freeable; auto with mem. eapply perm_alloc_2; eauto. right; intros A. eapply perm_alloc_inv in A; eauto. rewrite dec_eq_true in A. tauto. @@ -689,4 +689,3 @@ Proof. + right. esplits; et. extlia. - ii. des; clarify; esplits; et; extlia. Qed. - diff --git a/common/ValuesC.v b/common/ValuesC.v index c1591229..b531789c 100644 --- a/common/ValuesC.v +++ b/common/ValuesC.v @@ -58,7 +58,7 @@ Section TYPIFY. zip typify vs tys. (* Definition typify_list (vs: list val) (tys: list typ): option (list val) := *) - (* if Nat.eqb vs.(length) tys.(length) *) + (* if Nat.eqb (length vs) (length tys) *) (* then Some (zip typify vs tys) *) (* else None *) (* . *) @@ -97,7 +97,7 @@ Section RETTYPIFY. zip rettypify vs tys. (* Definition typify_list (vs: list val) (tys: list typ): option (list val) := *) - (* if Nat.eqb vs.(length) tys.(length) *) + (* if Nat.eqb (length vs) (length tys) *) (* then Some (zip typify vs tys) *) (* else None *) (* . *) @@ -182,7 +182,7 @@ Qed. Lemma lessdef_list_length xs ys (LD: Val.lessdef_list xs ys): - <>. + <>. Proof. ginduction LD; ii; ss. des. red. extlia. Qed. Lemma inject_list_typify_list @@ -200,7 +200,7 @@ Qed. Lemma inject_list_length j xs ys (INJ: Val.inject_list j xs ys): - <>. + <>. Proof. ginduction INJ; ii; ss. des. red. extlia. Qed. Lemma typify_has_type_list diff --git a/compose/Skeleton.v b/compose/Skeleton.v index 84d7ee1f..70180eba 100644 --- a/compose/Skeleton.v +++ b/compose/Skeleton.v @@ -235,7 +235,6 @@ Module SkEnv. { subst id0. rewrite PTree.gss in SYMB. inv SYMB. exists g. eapply PTree.gss. } { rewrite PTree.gso in SYMB; eauto. exploit H; eauto. i. inv H1. exists x. rewrite PTree.gso; eauto. exploit Genv.genv_symb_range; eauto. i. extlia. } - + rewrite PTree.gempty in SYMB. inv SYMB. - intros blk skd. set (P := fun ge => Genv.find_def ge blk = Some skd -> exists id, Genv.find_symbol ge id = Some blk). assert(REC: forall l ge, P ge -> NoDup (map fst l) -> @@ -254,9 +253,9 @@ Module SkEnv. + ii. subst. inv H0; eauto. } eapply REC. - { unfold P, Genv.find_def. i. ss. rewrite PTree.gempty in H. inv H. } + { unfold P, Genv.find_def. i. ss. } { inv WF. eauto. } - { i. unfold Genv.find_symbol. ss. eapply PTree.gempty. } + { i. unfold Genv.find_symbol. ss. } - inv WF. i. eapply Genv.find_def_inversion in DEF. des. eapply WFPARAM in DEF. eauto. Qed. diff --git a/demo/mutrec/IdSimAsmIdInv.v b/demo/mutrec/IdSimAsmIdInv.v index 6d252ba3..87cc573a 100644 --- a/demo/mutrec/IdSimAsmIdInv.v +++ b/demo/mutrec/IdSimAsmIdInv.v @@ -51,8 +51,8 @@ Lemma asm_inj_inv_id : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. @@ -356,7 +356,7 @@ Proof. - left. ss. clear - SIG. unfold Genv.find_funct_ptr in *. des_ifs. eapply Genv.genv_defs_range; eauto. - i. des. eauto. } clarify. psimpl. ss. - exists (Args.Asmstyle rs_tgt (SimMemInj.tgt sm0.(SimMemInjInv.minj))). esplits; eauto. + exists (Args.Asmstyle rs_tgt (SimMemInj.tgt (SimMemInjInv.minj sm0))). esplits; eauto. - econs 2; eauto. + exploit SimSymbIdInv_find_None; try eassumption. { ii. rewrite H in *. ss. } @@ -493,7 +493,7 @@ Proof. inv MLE. eauto. + econs; ss; eauto. } - { exists sm0. exists (Retv.Asmstyle rs_tgt sm0.(SimMemInjInv.minj).(SimMemInj.tgt)). + { exists sm0. exists (Retv.Asmstyle rs_tgt (SimMemInjInv.minj sm0).(SimMemInj.tgt)). esplits; ss; eauto. + econs 2; ss; ii; eauto. * des. esplits; eauto. diff --git a/demo/mutrec/IdSimClightIdInv.v b/demo/mutrec/IdSimClightIdInv.v index 1a10dc97..396d558c 100644 --- a/demo/mutrec/IdSimClightIdInv.v +++ b/demo/mutrec/IdSimClightIdInv.v @@ -48,9 +48,9 @@ Inductive match_states_clight_inv : unit -> Clight.state -> Clight.state -> SimMem.t -> Prop := | match_states_clight_intro st_src st_tgt j m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMem.src)) - (MWFTGT: m_tgt = sm0.(SimMem.tgt)) - (MWFINJ: j = sm0.(SimMemInjInv.minj).(SimMemInj.inj)) + (MWFSRC: m_src = (SimMem.src sm0)) + (MWFTGT: m_tgt = (SimMem.tgt sm0)) + (MWFINJ: j = (SimMemInjInv.minj sm0).(SimMemInj.inj)) (MATCHST: match_states_clight_internal st_src st_tgt j m_src m_tgt) (MWF: SimMem.wf sm0) : @@ -64,8 +64,8 @@ Lemma clight_inj_inv_id : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. instantiate (3:= (SimMemInjInvC.mk bot1 _ _)). diff --git a/demo/mutrec/IdSimMutrecAB.v b/demo/mutrec/IdSimMutrecAB.v index e34f34b4..acc8b4cb 100644 --- a/demo/mutrec/IdSimMutrecAB.v +++ b/demo/mutrec/IdSimMutrecAB.v @@ -33,8 +33,8 @@ Inductive match_states_ext_ab : unit -> state -> state -> SimMemExt.t' -> Prop := | match_ext_Callstate i m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMemExt.src)) - (MWFTGT: m_tgt = sm0.(SimMemExt.tgt)) + (MWFSRC: m_src = (SimMemExt.src sm0)) + (MWFTGT: m_tgt = (SimMemExt.tgt sm0)) (MWF: Mem.extends m_src m_tgt) : match_states_ext_ab @@ -44,8 +44,8 @@ Inductive match_states_ext_ab sm0 | match_return_Callstate i m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMemExt.src)) - (MWFTGT: m_tgt = sm0.(SimMemExt.tgt)) + (MWFSRC: m_src = (SimMemExt.src sm0)) + (MWFTGT: m_tgt = (SimMemExt.tgt sm0)) (MWF: Mem.extends m_src m_tgt) : match_states_ext_ab @@ -131,9 +131,9 @@ Inductive match_states_ab : unit -> state -> state -> SimMemInj.t' -> Prop := | match_states_ab_intro st_src st_tgt j m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMemInj.src)) - (MWFTGT: m_tgt = sm0.(SimMemInj.tgt)) - (MWFINJ: j = sm0.(SimMemInj.inj)) + (MWFSRC: m_src = (SimMemInj.src sm0)) + (MWFTGT: m_tgt = (SimMemInj.tgt sm0)) + (MWFINJ: j = (SimMemInj.inj sm0)) (MATCHST: match_states_ab_internal st_src st_tgt j m_src m_tgt) (MWF: SimMemInj.wf' sm0) : @@ -146,8 +146,8 @@ Lemma a_id : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eapply any_id; auto. @@ -158,8 +158,8 @@ Lemma a_ext_unreach : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. @@ -208,8 +208,8 @@ Lemma a_ext_top : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. @@ -257,9 +257,9 @@ Lemma ab_inj_drop_bot : exists mp, (<>) - /\ (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. @@ -313,8 +313,8 @@ Lemma ab_inj_drop : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. exploit ab_inj_drop_bot; eauto. i. des. eauto. @@ -325,8 +325,8 @@ Lemma ab_inj_id : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eapply sim_inj_drop_bot_id. apply ab_inj_drop_bot; auto. @@ -345,9 +345,9 @@ Inductive match_states_ab_inv : unit -> state -> state -> SimMem.t -> Prop := | match_states_ab_inv_intro st_src st_tgt j m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMem.src)) - (MWFTGT: m_tgt = sm0.(SimMem.tgt)) - (MWFINJ: j = sm0.(SimMemInjInv.minj).(SimMemInj.inj)) + (MWFSRC: m_src = (SimMem.src sm0)) + (MWFTGT: m_tgt = (SimMem.tgt sm0)) + (MWFINJ: j = (SimMemInjInv.minj sm0).(SimMemInj.inj)) (MATCHST: match_states_ab_internal st_src st_tgt j m_src m_tgt) (MWF: SimMem.wf sm0) : @@ -360,8 +360,8 @@ Lemma ab_inj_inv_id : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. diff --git a/demo/mutrec/IdSimMutrecAIdInv.v b/demo/mutrec/IdSimMutrecAIdInv.v index 165d7776..569414ed 100644 --- a/demo/mutrec/IdSimMutrecAIdInv.v +++ b/demo/mutrec/IdSimMutrecAIdInv.v @@ -77,9 +77,9 @@ Inductive match_states_a_inv : unit -> state -> state -> SimMem.t -> Prop := | match_states_a_intro st_src st_tgt j m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMem.src)) - (MWFTGT: m_tgt = sm0.(SimMem.tgt)) - (MWFINJ: j = sm0.(SimMemInjInv.minj).(SimMemInj.inj)) + (MWFSRC: m_src = (SimMem.src sm0)) + (MWFTGT: m_tgt = (SimMem.tgt sm0)) + (MWFINJ: j = (SimMemInjInv.minj sm0).(SimMemInj.inj)) (MATCHST: match_states_a_internal st_src st_tgt j m_src m_tgt) (MWF: SimMem.wf sm0) : @@ -92,8 +92,8 @@ Lemma a_inj_inv_id : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. diff --git a/demo/mutrec/IdSimMutrecBIdInv.v b/demo/mutrec/IdSimMutrecBIdInv.v index 5c0fef6d..66d3ae3e 100644 --- a/demo/mutrec/IdSimMutrecBIdInv.v +++ b/demo/mutrec/IdSimMutrecBIdInv.v @@ -33,7 +33,7 @@ Require Import Conventions1C. Require Import IdSimExtra IdSimInvExtra. Require Import mktac. -Require Import MutrecBspec. +Require Import MutrecBspec. Set Implicit Arguments. @@ -77,9 +77,9 @@ Inductive match_states_b_inv : unit -> state -> state -> SimMem.t -> Prop := | match_states_a_intro st_src st_tgt j m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMem.src)) - (MWFTGT: m_tgt = sm0.(SimMem.tgt)) - (MWFINJ: j = sm0.(SimMemInjInv.minj).(SimMemInj.inj)) + (MWFSRC: m_src = (SimMem.src sm0)) + (MWFTGT: m_tgt = (SimMem.tgt sm0)) + (MWFINJ: j = SimMemInj.inj (SimMemInjInv.minj sm0)) (MATCHST: match_states_b_internal st_src st_tgt j m_src m_tgt) (MWF: SimMem.wf sm0) : @@ -92,8 +92,8 @@ Lemma b_inj_inv_id : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. diff --git a/demo/mutrec/MutrecABproof.v b/demo/mutrec/MutrecABproof.v index b330ca48..bd7e3a9f 100644 --- a/demo/mutrec/MutrecABproof.v +++ b/demo/mutrec/MutrecABproof.v @@ -25,6 +25,16 @@ Require Import Simulation Sem SemProps LinkingC. Set Implicit Arguments. + +Ltac simpl_ptree_get H := + match type of H with + | context[(PTree.set ?id ?v ?t') ! ?id] => rewrite PTree.gss in H + | context[(PTree.set ?id ?v _) ! _] => rewrite PTree.gso in H by (clear; ss) + | _ => idtac + end. +Ltac simpl_defmap_get H := cbn in H; repeat simpl_ptree_get H. + + Lemma link_sk_same_aux1 A B C (NOEMPTY: A <> [] /\ B <> []) @@ -73,11 +83,16 @@ Proof. rewrite H1 in H7. simpl in H7. esplits; eauto. { simpl. des; eauto. } destruct (classic (id = f_id)). - { subst. clear H7. rewrite H1 in H6. rewrite prog_defmap_elements, PTree.gcombine in H6; cycle 1. + { subst. clear H7. rewrite H1 in H6. + cbn in H4. do 2 rewrite PTree.gso in H4 by (clear; ss). rewrite PTree.gss in H4. clarify. + rewrite prog_defmap_elements, PTree.gcombine in H6; cycle 1. auto. ii. simpl in H6, H4. clarify. des_ifs. simpl in H9. des_ifs. } destruct (classic (id = g_id)). - { subst. clear H7. rewrite H1 in H6. rewrite prog_defmap_elements, PTree.gcombine in H6; cycle 1. - auto. ii. simpl in H6, H4. clarify. des_ifs. } + { subst. clear H7. rewrite H1 in H6. + cbn in H4. cbn in H4. rewrite PTree.gss in H4. clarify. + rewrite prog_defmap_elements, PTree.gcombine in H6; cycle 1. + auto. ii. simpl in H6, H4. clarify. + clear - H6 H4 H9. des_ifs. cbn in H9. des_ifs. } clear -H7 H10 H11. des; clarify. } i. rewrite H4 in *. clarify. + hexploit (link_prog_inv _ _ _ Heq0). i. des. @@ -89,7 +104,7 @@ Proof. exploit (link_prog_succeeds _ _ EQ). { ii. assert (exists gd, (prog_defmap sk_link) ! id = Some gd). { rewrite H1. rewrite prog_defmap_elements. - rewrite PTree.gcombine; cycle 1. ss. + rewrite PTree.gcombine; cycle 1. clear; ss. exploit prog_defmap_image. eapply H8. i. rr in H10. simpl in H10. des; subst; clarify; simpl; des_ifs; eauto. } des. simpl. rewrite H7 in H9. rewrite H7. @@ -101,17 +116,23 @@ Proof. unfold link_prog_merge in H10. des_ifs. ii. destruct (classic (id = f_id)). { subst. simpl. esplits; eauto. + cbn in Heq8. rewrite PTree.gss in Heq8. + cbn in Heq9. do 2 rewrite PTree.gso in Heq9 by (clear; ss). rewrite PTree.gss in Heq9. simpl in H8, H10, H11, H14. simpl in Heq8, Heq9. clarify. unfold link_def in H10, H11, H14. des_ifs. simpl in Heq9, Heq8. destruct f0; des_ifs. } destruct (classic (id = g_id)). { subst. simpl. esplits; eauto. + cbn in Heq8. do 2 rewrite PTree.gso in Heq8 by (clear; ss). rewrite PTree.gss in Heq8. + cbn in Heq9. rewrite PTree.gss in Heq9. simpl in H8, H10, H11, H14. simpl in Heq8, Heq9. clarify. unfold link_def in H10, H11, H14. des_ifs. simpl in Heq9, Heq8. destruct f0; des_ifs. } exploit prog_defmap_image. eapply Heq8. ii. rr in H16. simpl in H16. des; clarify. - exploit H0; eauto. i. des. esplits; eauto. { simpl in H4, H7. des; eauto. clarify. } - ii. exploit prog_defmap_image. eapply H8. ii. rr in H12. simpl in H12. des; clarify. - simpl in Heq5, H8. clarify. simpl in Heq5, H8. clarify. + ii. exploit prog_defmap_image. eapply H8. ii. rr in H12. simpl in H12. + des; clarify. + 2: { simpl_defmap_get H8. simpl_defmap_get Heq5. clarify. } + simpl_defmap_get H8. simpl_defmap_get Heq5. clarify. - ii. exploit prog_defmap_image. eapply H8. ii. rr in H4. simpl in H4. des; clarify. exploit H3; eauto. i. des. rewrite H1 in H4. simpl in H4. des; clarify. } ii. rewrite H8 in *. clarify. @@ -127,10 +148,13 @@ Proof. unfold link_prog_merge in H8. des_ifs. - exploit H3; eauto. i. des. simpl in H4, H7. des; clarify. + esplits. rewrite H1. simpl. auto. simpl. auto. + simpl_defmap_get Heq6. simpl_defmap_get Heq5. ii. simpl in Heq5, Heq6. clarify. simpl in H8. des_ifs. simpl in H10, H4. des_ifs. - exploit H6; eauto. instantiate (2:=f_id). simpl. eauto. + exploit H6; eauto. + { instantiate (2:=f_id). cbn. rewrite PTree.gss. auto. } rewrite prog_defmap_elements, PTree.gcombine. rewrite H9. simpl. des_ifs. auto. ii. des. simpl in H11. clarify. + esplits. rewrite H1. simpl. auto. simpl. auto. + simpl_defmap_get Heq6. simpl_defmap_get Heq5. ii. simpl in Heq5, Heq6. clarify. simpl in H8. des_ifs. - exploit prog_defmap_image. eapply Heq5. ii. rr in H4. simpl in H4. des; clarify. exploit H6. eauto. @@ -144,17 +168,20 @@ Proof. hexploit (link_prog_inv _ _ _ Heq3). i. des. rewrite H1 in *. rewrite H4 in *. rewrite H7 in *. rewrite H10 in *. f_equal. f_equal. eapply PTree.elements_extensional. ii. + repeat rewrite PTree.gcombine by (clear; ss). repeat rewrite prog_defmap_elements. - repeat rewrite PTree.gcombine; (try by ss). - repeat rewrite prog_defmap_elements. - repeat rewrite PTree.gcombine; (try by ss). + repeat rewrite PTree.gcombine by (clear; ss). + (* repeat rewrite prog_defmap_elements. *) + (* repeat rewrite PTree.gcombine; (try by (clear; ss)). *) + (* repeat rewrite prog_defmap_elements. *) + (* repeat rewrite PTree.gcombine; (try by ss). *) destruct ((prog_defmap (CSk.of_program signature_of_function MutrecA.prog)) ! i) eqn:DMAPA; cycle 1. { destruct ((prog_defmap (Sk.of_program Asm.fn_sig MutrecB.prog)) ! i) eqn: DMAPB; cycle 1. - { destruct ((prog_defmap t) ! i) eqn: DMAPC; ss. } - { destruct ((prog_defmap t) ! i) eqn: DMAPC; ss. } + { destruct ((prog_defmap t) ! i) eqn: DMAPC; (clear; ss). } + { destruct ((prog_defmap t) ! i) eqn: DMAPC; (clear; ss). } } destruct ((prog_defmap (Sk.of_program Asm.fn_sig MutrecB.prog)) ! i) eqn: DMAPB; cycle 1. - { destruct ((prog_defmap t) ! i) eqn: DMAPC; ss. } + { destruct ((prog_defmap t) ! i) eqn: DMAPC; (clear; ss). } { destruct ((prog_defmap t) ! i) eqn: DMAPC. - unfold link_prog_merge. des_ifs. + simpl in Heq1, Heq4. unfold link_def in *. des_ifs. @@ -221,6 +248,8 @@ Qed. Definition is_focus (x: Mod.t) := x = MutrecAspec.module \/ x = MutrecBspec.module. Section LXSIM. + Arguments PTree_Properties.of_list: simpl never. + Arguments PTree.combine: simpl never. Variable ctx1: Syntax.program. Variable ctx2: Syntax.program. @@ -273,37 +302,54 @@ Section LXSIM. unfold link_program in *. des_ifs. Local Transparent Linker_prog. ss. - exploit Genv.invert_find_symbol; eauto. i. - unfold Genv.find_symbol, skenv_link, Sk.load_skenv in H. + exploit Genv.invert_find_symbol; eauto. intro FSYMB_LINK. + unfold Genv.find_symbol, skenv_link, Sk.load_skenv in FSYMB_LINK. + + hexploit (link_prog_inv _ _ _ Heq1). intros [_ [DEFMAPS EQ_PROG]]. + rewrite EQ_PROG in Hdefmap. unfold prog_defmap in Hdefmap. cbn in Hdefmap. + rewrite PTree_Properties.of_list_elements in Hdefmap. + rewrite PTree.gcombine in Hdefmap by (clear; ss). + unfold PTree_Properties.of_list, update_snd in Hdefmap. cbn in Hdefmap. - hexploit (link_prog_inv _ _ _ Heq1). i. des. - subst p. dup Heq0. + destruct (classic (i = f_id)) as [? | NOT_F]. + { subst i. + repeat simpl_ptree_get Hdefmap. cbn in Hdefmap. + des_ifs. + exists (MutrecAspec.module). split. + - unfold is_focus. auto. + - ss. r. rewrite Genv.find_funct_ptr_iff. + exploit SkEnv.project_impl_spec. 1: eapply INCLA. inversion 1. ss. + exploit DEFKEEP; et. i. des. + simpl_defmap_get PROG. unfold CSk.of_program in PROG. cbn in PROG. + unfold prog_defmap in PROG. unfold update_snd in PROG. + unfold PTree_Properties.of_list in PROG. cbn in PROG. + simpl_ptree_get PROG. clarify. } + + destruct (classic (i = g_id)) as [? | NOT_G]. + { subst i. + repeat simpl_ptree_get Hdefmap. cbn in Hdefmap. + des_ifs. + exists (MutrecBspec.module). split. + - unfold is_focus. auto. + - ss. r. rewrite Genv.find_funct_ptr_iff. + exploit SkEnv.project_impl_spec. 1: eapply INCLB. inversion 1. ss. + exploit DEFKEEP; et. i. des. + simpl_defmap_get PROG. unfold CSk.of_program in PROG. cbn in PROG. + unfold prog_defmap in PROG. unfold update_snd in PROG. + unfold PTree_Properties.of_list in PROG. cbn in PROG. + simpl_ptree_get PROG. clarify. } + + destruct (classic (i = MutrecA._memoized)) as [? | NOT_AM]. + { subst i. + repeat simpl_ptree_get Hdefmap. cbn in Hdefmap. + rewrite PTree.gempty in Hdefmap. clarify. } + destruct (classic (i = MutrecB._memoized)) as [? | NOT_BM]. + { subst i. + repeat simpl_ptree_get Hdefmap. cbn in Hdefmap. + rewrite PTree.gempty in Hdefmap. clarify. } + repeat rewrite PTree.gso in Hdefmap by auto. + rewrite PTree.gempty in Hdefmap. clear - Hdefmap. ss. - unfold prog_defmap in Hdefmap. simpl in Hdefmap. - rewrite PTree_Properties.of_list_elements in *. des_ifs. - simpl in Hdefmap. exploit PTree.elements_correct. eapply Hdefmap. i. - unfold PTree.elements, PTree.xelements in H2. simpl in H2. des_ifs. - destruct (classic (i = f_id)). - { subst. ss. - clarify. des; clarify. - red. exists (MutrecAspec.module). split. - - unfold is_focus. ss. auto. - - ss. red. rewrite Genv.find_funct_ptr_iff. - des_ifs; clarify. des; clarify. inv H2. - exploit SkEnv.project_impl_spec. eapply INCLA. i. inv H. ss. - exploit DEFKEEP. eauto. eauto. eauto. i. des. ss. clarify. } - destruct (classic (i = g_id)). - { subst. ss. - clarify. des; clarify. - red. exists (MutrecBspec.module). split. - - unfold is_focus. ss. auto. - - ss. red. rewrite Genv.find_funct_ptr_iff. - des_ifs; clarify. des; clarify. inv H2. - exploit SkEnv.project_impl_spec. eapply INCLB. i. inv H. ss. - exploit DEFKEEP. eauto. eauto. eauto. i. des. ss. clarify. } - clarify. ss. des; clarify. - inv H2; clarify. inv H5; clarify. - inv H2; clarify. inv H5; clarify. - rr in H. des. unfold Genv.find_funct in *. ss. des_ifs. rr. rewrite Genv.find_funct_ptr_iff in *. unfold Genv.find_def in *. ss. @@ -434,32 +480,18 @@ Section LXSIM. /\ (<>) /\ (<>). Proof. - inv INCLA. ss. - inv SKEWF. ss. - unfold prog_defmap in DEFS. ss. - specialize (DEFS f_id). ss. - exploit DEFS; eauto. i. des. - esplits; eauto. - - unfold Genv.find_symbol in *. ss. des_ifs. - exploit MapsC.PTree_filter_key_spec. - instantiate (6:=(fun id : ident => defs (CSk.of_program signature_of_function MutrecA.prog) id)). - instantiate (2:=(PTree.Node - (PTree.Node t12 o8 - (PTree.Node - (PTree.Node t13 o10 - (PTree.Node t7 o11 (PTree.Node (PTree.Node (PTree.Node t15 (Some blk) t19) o13 t18) o12 t17))) o9 t14)) o7 - t11)). - instantiate (1:=f_id). rewrite Heq. ss. - - unfold Genv.find_symbol in *. ss. des_ifs. - exploit MapsC.PTree_filter_key_spec. - instantiate (6:=(fun id : ident => defs (Sk.of_program Asm.fn_sig MutrecB.prog) id)). - instantiate (2:=(PTree.Node - (PTree.Node t12 o8 - (PTree.Node - (PTree.Node t13 o10 - (PTree.Node t7 o11 (PTree.Node (PTree.Node (PTree.Node t15 (Some blk) t19) o13 t18) o12 t17))) o9 t14)) o7 - t11)). - instantiate (1:=f_id). rewrite Heq. ss. + exploit SkEnv.project_impl_spec. 1: apply INCLA. intros PROJ_A. + exploit SkEnv.project_impl_spec. 1: apply INCLB. intros PROJ_B. + inv INCLA. ss. + inv SKEWF. ss. + unfold prog_defmap in DEFS. ss. + specialize (DEFS f_id). ss. + exploit DEFS; eauto; ss. + i. des. + + esplits; eauto. + - inv PROJ_A. rewrite SYMBKEEP; auto. + - inv PROJ_B. rewrite SYMBKEEP; auto. Qed. Lemma find_g_id : @@ -468,29 +500,18 @@ Section LXSIM. /\ (<>) . Proof. - inv INCLB. ss. inv SKEWF. ss. + exploit SkEnv.project_impl_spec. 1: apply INCLA. intros PROJ_A. + exploit SkEnv.project_impl_spec. 1: apply INCLB. intros PROJ_B. + inv INCLB. ss. + inv SKEWF. ss. unfold prog_defmap in DEFS. ss. specialize (DEFS g_id). ss. - exploit DEFS; eauto. i. des. + exploit DEFS; eauto; ss. + i. des. + esplits; eauto. - - unfold Genv.find_symbol in *. ss. des_ifs. - exploit MapsC.PTree_filter_key_spec. - instantiate (6:=(fun id : ident => defs (CSk.of_program signature_of_function MutrecA.prog) id)). - instantiate (2:=(PTree.Node - (PTree.Node - (PTree.Node - (PTree.Node (PTree.Node t7 o11 (PTree.Node t12 o12 (PTree.Node (PTree.Node t17 (Some blk) t19) o13 t18))) o10 - t15) o9 t14) o8 t13) o7 t11)). - instantiate (1:=g_id). rewrite Heq. ss. - - unfold Genv.find_symbol in *. ss. des_ifs. - exploit MapsC.PTree_filter_key_spec. - instantiate (6:=(fun id : ident => defs (Sk.of_program Asm.fn_sig MutrecB.prog) id)). - instantiate (2:=(PTree.Node - (PTree.Node - (PTree.Node - (PTree.Node (PTree.Node t7 o11 (PTree.Node t12 o12 (PTree.Node (PTree.Node t17 (Some blk) t19) o13 t18))) o10 - t15) o9 t14) o8 t13) o7 t11)). - instantiate (1:=g_id). rewrite Heq. ss. + - inv PROJ_A. rewrite SYMBKEEP; auto. + - inv PROJ_B. rewrite SYMBKEEP; auto. Qed. Inductive match_focus: mem -> int -> int -> list Frame.t -> Prop := @@ -521,7 +542,7 @@ Section LXSIM. rewrite Int.Z_mod_modulus_eq. unfold Int.Z_mod_modulus. des_ifs. rewrite <- Int.unsigned_repr_eq. - rewrite Int.unsigned_repr. auto. split; omega. + rewrite Int.unsigned_repr. auto. split; lia. Qed. Lemma match_focus_over_nil @@ -535,13 +556,13 @@ Section LXSIM. - exfalso. assert (Int.intval (Int.add max Int.one) = (Int.intval max) + 1); destruct max. { rewrite add_one_same; ss. - unfold MAX, Int.max_unsigned in *; ss. split; omega. } - ss. rewrite H in LE. omega. + unfold MAX, Int.max_unsigned in *; ss. split; lia. } + ss. rewrite H in LE. lia. - exfalso. assert (Int.intval (Int.add max Int.one) = (Int.intval max) + 1); destruct max. { rewrite add_one_same; ss. - unfold MAX, Int.max_unsigned in *; ss. split; omega. } - ss. rewrite H in LE. omega. + unfold MAX, Int.max_unsigned in *; ss. split; lia. } + ss. rewrite H in LE. lia. Qed. Inductive match_stacks (fromcall: bool) (idx: Z): list Frame.t -> list Frame.t -> Prop := @@ -672,7 +693,7 @@ Section LXSIM. { unfold __GUARD__. eauto. } { econs; eauto. rewrite add_one_same. nia. - unfold MAX, Int.max_unsigned in *; ss. omega. } + unfold MAX, Int.max_unsigned in *; ss. lia. } { des; ss. } } { inv INIT. ss. esplits; eauto. - left. apply plus_one. econs. @@ -688,7 +709,7 @@ Section LXSIM. { unfold __GUARD__. eauto. } { econs; eauto. rewrite add_one_same. nia. - unfold MAX, Int.max_unsigned in *; ss. omega. } + unfold MAX, Int.max_unsigned in *; ss. lia. } { des; ss. } } { esplits; eauto. - left. apply plus_one. econs; eauto. econs; eauto. ss. right. @@ -743,7 +764,7 @@ Section LXSIM. * right. esplits; eauto. { apply star_refl. } { instantiate (1:= 2 * (Int.intval cur) - 1). rr. esplits; eauto; try lia. - destruct cur. ss. omega. } + destruct cur. ss. lia. } * left. pfold. left. right. econs; eauto. hexploit find_g_id; eauto. i; des. hexploit (MutrecBspec.find_symbol_find_funct_ptr); eauto. instantiate (1:= blk). i; des. @@ -797,7 +818,7 @@ Section LXSIM. { right. unfold load_modsems. rewrite in_map_iff. esplits; et. rewrite in_app_iff. right. right. ss. eauto. } des_ifs; eauto. ** econs; ss; eauto. - { destruct cur, max. ss. esplits; try omega. + { destruct cur, max. ss. esplits; try lia. exploit Int.Z_mod_modulus_range. instantiate (1:=intval - 1). i. des; auto. assert (intval - 1 < MAX) by nia. rewrite Int.Z_mod_modulus_eq. @@ -810,7 +831,7 @@ Section LXSIM. { f_equal. } { f_equal. rewrite cons_app. rewrite app_assoc. f_equal. } { unfold __GUARD__. eauto. } - { destruct cur, max. ss. esplits; try omega. + { destruct cur, max. ss. esplits; try lia. assert (intval - 1 < MAX) by nia. rewrite Int.Z_mod_modulus_eq. rewrite <- Int.unsigned_repr_eq. @@ -832,7 +853,7 @@ Section LXSIM. * right. esplits; eauto. { apply star_refl. } { instantiate (1:= 2 * (Int.intval cur) - 1). rr. esplits; eauto; try lia. - destruct cur. ss. omega. } + destruct cur. ss. lia. } * left. pfold. left. right. econs; eauto. hexploit find_f_id; eauto. i; des. hexploit (MutrecAspec.find_symbol_find_funct_ptr); eauto. instantiate (1:= blk). i; des. @@ -840,7 +861,7 @@ Section LXSIM. econs 2; eauto; esplits. -- eapply plus_two with (t1 := []) (t2 := []); ss. ++ econs; eauto. - { + { eapply lift_determinate_at; ss; des_ifs; eauto. econs; eauto. - ii; ss. inv H; inv H0; ss. @@ -888,7 +909,7 @@ Section LXSIM. { right. unfold load_modsems. rewrite in_map_iff. esplits; et. rewrite in_app_iff. right. left. ss. } des_ifs; eauto. ** econs; ss; eauto. - { destruct cur, max. ss. esplits; try omega. + { destruct cur, max. ss. esplits; try lia. exploit Int.Z_mod_modulus_range. instantiate (1:=intval - 1). i. des; auto. assert (intval - 1 < MAX) by nia. rewrite Int.Z_mod_modulus_eq. @@ -901,7 +922,7 @@ Section LXSIM. { f_equal. } { f_equal. rewrite cons_app. rewrite app_assoc. f_equal. } { unfold __GUARD__. eauto. } - { destruct cur, max. ss. esplits; try omega. + { destruct cur, max. ss. esplits; try lia. assert (intval - 1 < MAX) by nia. rewrite Int.Z_mod_modulus_eq. rewrite <- Int.unsigned_repr_eq. diff --git a/demo/mutrec/MutrecAproof.v b/demo/mutrec/MutrecAproof.v index 0cad066a..c0cb08d6 100644 --- a/demo/mutrec/MutrecAproof.v +++ b/demo/mutrec/MutrecAproof.v @@ -48,18 +48,18 @@ Definition symbol_memoized: ident -> Prop := eq _memoized. Lemma memoized_inv_store_le i ind blk ofs m_tgt (sm0 sm1: SimMemInjInv.t') (MWF: SimMem.wf sm0) - (INVAR: sm0.(SimMemInjInv.mem_inv_tgt) blk) + (INVAR: (SimMemInjInv.mem_inv_tgt sm0) blk) (SUM: i = sum (Int.repr ind)) (OFS: ofs = size_chunk Mint32 * ind) - (STR: Mem.store Mint32 sm0.(SimMemInjInv.minj).(SimMemInj.tgt) blk ofs (Vint i) = Some m_tgt) + (STR: Mem.store Mint32 (SimMemInjInv.minj sm0).(SimMemInj.tgt) blk ofs (Vint i) = Some m_tgt) (MREL: sm1 = SimMemInjInv.mk (SimMemInjC.update - (sm0.(SimMemInjInv.minj)) - (sm0.(SimMemInjInv.minj).(SimMemInj.src)) + ((SimMemInjInv.minj sm0)) + ((SimMemInjInv.minj sm0).(SimMemInj.src)) m_tgt - (sm0.(SimMemInjInv.minj).(SimMemInj.inj))) - sm0.(SimMemInjInv.mem_inv_src) - sm0.(SimMemInjInv.mem_inv_tgt)) + ((SimMemInjInv.minj sm0).(SimMemInj.inj))) + (SimMemInjInv.mem_inv_src sm0) + (SimMemInjInv.mem_inv_tgt sm0)) : (<>) /\ (<>). @@ -94,7 +94,7 @@ Proof. - clarify. exists (sum (Int.repr ind0)). esplits; eauto. erewrite Mem.load_store_same; eauto. ss. - exists i. erewrite Mem.load_store_other; eauto. - right. clear - n. ss. omega. } + right. clear - n. ss. lia. } { exists i. erewrite Mem.load_store_other; eauto. } Qed. @@ -134,8 +134,8 @@ Inductive match_states (idx: nat) (st_src0: MutrecAspec.state) (st_tgt0: Clight.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: match_states_internal idx st_src0 st_tgt0) - (MCOMPATSRC: (get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (ClightC.get_mem st_tgt0) = sm0.(SimMem.tgt)) + (MCOMPATSRC: (get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (ClightC.get_mem st_tgt0) = (SimMem.tgt sm0)) (MWF: SimMem.wf sm0) . @@ -185,7 +185,8 @@ Proof. clarify. inv MATCH. esplits; eauto. - unfold Genv.find_funct_ptr. rewrite DEF0. et. - - ss. des_ifs. clear - H1. inv H1; ss. + - ss. des_ifs. apply proj_sumbool_true in H2. subst. + clear - H1. inv H1; ss. } Qed. @@ -372,7 +373,7 @@ Proof. { lia. } repeat rewrite Ptrofs.unsigned_repr. auto. all : unfold Ptrofs.max_unsigned; rewrite Ptrofs.modulus_power; - unfold Ptrofs.zwordsize, Ptrofs.wordsize, Wordsize_Ptrofs.wordsize; des_ifs; ss; omega. } eauto. } + unfold Ptrofs.zwordsize, Ptrofs.wordsize, Wordsize_Ptrofs.wordsize; des_ifs; ss; lia. } eauto. } eapply star_left with (t1 := E0) (t2 := E0); ss. { econs; eauto. @@ -451,7 +452,7 @@ Proof. i. inv AFTERSRC. inv SIMRETV; ss; clarify. hexploit Mem.valid_access_store. - { instantiate (4:=sm_ret.(SimMemInjInv.minj).(SimMemInj.tgt)). + { instantiate (4:=(SimMemInjInv.minj sm_ret).(SimMemInj.tgt)). inv MWF. inv WF. exploit SATTGT0; eauto. - inv MLE. erewrite <- MINVEQTGT. eauto. - i. inv H0. hexploit PERMISSIONS0; eauto. ss. @@ -521,7 +522,7 @@ Proof. { lia. } repeat rewrite Ptrofs.unsigned_repr. auto. all : unfold Ptrofs.max_unsigned; rewrite Ptrofs.modulus_power; - unfold Ptrofs.zwordsize, Ptrofs.wordsize, Wordsize_Ptrofs.wordsize; des_ifs; ss; omega. + unfold Ptrofs.zwordsize, Ptrofs.wordsize, Wordsize_Ptrofs.wordsize; des_ifs; ss; lia. + f_equal. rewrite Int.repr_unsigned. rewrite sum_recurse with (i := i). des_ifs. @@ -650,7 +651,7 @@ Proof. { lia. } repeat rewrite Ptrofs.unsigned_repr. auto. all : unfold Ptrofs.max_unsigned; rewrite Ptrofs.modulus_power; - unfold Ptrofs.zwordsize, Ptrofs.wordsize, Wordsize_Ptrofs.wordsize; des_ifs; ss; omega. } eauto. } + unfold Ptrofs.zwordsize, Ptrofs.wordsize, Wordsize_Ptrofs.wordsize; des_ifs; ss; lia. } eauto. } eapply star_left with (t1 := E0) (t2 := E0); ss. { econs; eauto. @@ -749,7 +750,8 @@ Proof. unfold o_bind in FINDF. ss. exploit Genv.find_invert_symbol. eauto. i. rewrite H in *. clarify. - destruct ((prog_defmap prog) ! f_id) eqn:DMAP; ss. clarify. } clarify. + destruct ((prog_defmap prog) ! f_id) eqn:DMAP; ss. + cbn in DMAP. rewrite PTree.gss in DMAP. clarify. } clarify. inv SIMARGS; ss. rewrite VS in *. inv VALS. inv H3. inv H1. @@ -758,7 +760,7 @@ Proof. eapply match_states_lxsim; ss. * inv SIMSKENV; eauto. * econs; eauto. - { econs; eauto. omega. } + { econs; eauto. lia. } - (* init progress *) i. diff --git a/demo/mutrec/MutrecAspec.v b/demo/mutrec/MutrecAspec.v index 093124ee..f9fe0c2c 100644 --- a/demo/mutrec/MutrecAspec.v +++ b/demo/mutrec/MutrecAspec.v @@ -124,7 +124,9 @@ Proof. clarify. hexploit (SkEnv.project_impl_spec INCL); eauto. intro PROJ. exploit SkEnv.project_spec_preserves_wf; eauto. intro WFSMALL. - inv INCL. specialize (DEFS f_id). ss. exploit DEFS; eauto. i; des. + inv INCL. specialize (DEFS f_id). ss. exploit DEFS; eauto. + { cbn. rewrite PTree.gss. eauto. } + i; des. inv MATCH. inv H0. inv PROJ. exploit (SYMBKEEP f_id); eauto. intro T; des. rewrite T in *. exploit DEFKEEP; eauto. diff --git a/demo/mutrec/MutrecBproof.v b/demo/mutrec/MutrecBproof.v index 01e4e27c..00cc8be4 100644 --- a/demo/mutrec/MutrecBproof.v +++ b/demo/mutrec/MutrecBproof.v @@ -38,21 +38,21 @@ Definition symbol_memoized: ident -> Prop := eq _memoized. Lemma memoized_inv_store_le i v_ind v_sum blk ofs0 ofs1 m_tgt0 m_tgt1 (sm0 sm1: SimMemInjInv.t') (MWF: SimMem.wf sm0) - (INVAR: sm0.(SimMemInjInv.mem_inv_tgt) blk) + (INVAR: (SimMemInjInv.mem_inv_tgt sm0) blk) (OFSI: ofs0 = 0) (OFSV: ofs1 = size_chunk Mint32) (INDEX: v_ind = Vint i) (SUM: v_sum = Vint (sum i)) - (STR0: Mem.store Mint32 sm0.(SimMemInjInv.minj).(SimMemInj.tgt) blk ofs0 v_ind = Some m_tgt0) + (STR0: Mem.store Mint32 (SimMemInjInv.minj sm0).(SimMemInj.tgt) blk ofs0 v_ind = Some m_tgt0) (STR1: Mem.store Mint32 m_tgt0 blk ofs1 v_sum = Some m_tgt1) (MREL: sm1 = SimMemInjInv.mk (SimMemInjC.update - (sm0.(SimMemInjInv.minj)) - (sm0.(SimMemInjInv.minj).(SimMemInj.src)) + ((SimMemInjInv.minj sm0)) + ((SimMemInjInv.minj sm0).(SimMemInj.src)) m_tgt1 - (sm0.(SimMemInjInv.minj).(SimMemInj.inj))) - sm0.(SimMemInjInv.mem_inv_src) - sm0.(SimMemInjInv.mem_inv_tgt)) + ((SimMemInjInv.minj sm0).(SimMemInj.inj))) + (SimMemInjInv.mem_inv_src sm0) + (SimMemInjInv.mem_inv_tgt sm0)) : (<>) /\ (<>). @@ -187,18 +187,18 @@ Inductive match_states | match_states_initial idx m_src sm0 i stk initstk init_rs rs m_tgt - (MCOMPATSRC: m_src = sm0.(SimMem.src)) - (MCOMPATTGT: m_tgt = sm0.(SimMem.tgt)) + (MCOMPATSRC: m_src = (SimMem.src sm0)) + (MCOMPATTGT: m_tgt = (SimMem.tgt sm0)) (MWF: SimMem.wf sm0) (SAVED: well_saved initstk stk init_rs rs m_tgt) (PRIV: forall blk_src blk_tgt delta - (DETLA: sm0.(SimMemInjInv.minj).(SimMemInj.inj) blk_src = Some (blk_tgt, delta)), + (DETLA: (SimMemInjInv.minj sm0).(SimMemInj.inj) blk_src = Some (blk_tgt, delta)), blk_tgt <> stk) (NOTEXT: forall ofs, - ~ sm0.(SimMemInjInv.minj).(SimMemInj.tgt_external) stk ofs) - (NINV: ~ sm0.(SimMemInjInv.mem_inv_tgt) stk) + ~ (SimMemInjInv.minj sm0).(SimMemInj.tgt_external) stk ofs) + (NINV: ~ (SimMemInjInv.mem_inv_tgt sm0) stk) (CURRPC: curr_pc (rs PC) (Ptrofs.repr 2)) (ARG: rs RDI = Vint i) (RANGE: 0 <= i.(Int.intval) < MAX) @@ -210,18 +210,18 @@ Inductive match_states | match_states_at_external idx m_src sm0 i stk initstk init_rs rs m_tgt - (MCOMPATSRC: m_src = sm0.(SimMem.src)) - (MCOMPATTGT: m_tgt = sm0.(SimMem.tgt)) + (MCOMPATSRC: m_src = (SimMem.src sm0)) + (MCOMPATTGT: m_tgt = (SimMem.tgt sm0)) (MWF: SimMem.wf sm0) (SAVED: well_saved initstk stk init_rs rs m_tgt) (PRIV: forall blk_src blk_tgt delta - (DETLA: sm0.(SimMemInjInv.minj).(SimMemInj.inj) blk_src = Some (blk_tgt, delta)), + (DETLA: (SimMemInjInv.minj sm0).(SimMemInj.inj) blk_src = Some (blk_tgt, delta)), blk_tgt <> stk) (NOTEXT: forall ofs, - ~ sm0.(SimMemInjInv.minj).(SimMemInj.tgt_external) stk ofs) - (NINV: ~ sm0.(SimMemInjInv.mem_inv_tgt) stk) + ~ (SimMemInjInv.minj sm0).(SimMemInj.tgt_external) stk ofs) + (NINV: ~ (SimMemInjInv.mem_inv_tgt sm0) stk) (CURRPC: curr_pc (rs PC) (Ptrofs.repr 12)) (ARG: rs RBX = Vint i) (FARG: rs RDI = Vint (Int.sub i (Int.repr 1))) @@ -234,18 +234,18 @@ Inductive match_states | match_states_after_external idx m_src sm0 i stk initstk init_rs rs m_tgt - (MCOMPATSRC: m_src = sm0.(SimMem.src)) - (MCOMPATTGT: m_tgt = sm0.(SimMem.tgt)) + (MCOMPATSRC: m_src = (SimMem.src sm0)) + (MCOMPATTGT: m_tgt = (SimMem.tgt sm0)) (MWF: SimMem.wf sm0) (SAVED: well_saved initstk stk init_rs rs m_tgt) (PRIV: forall blk_src blk_tgt delta - (DETLA: sm0.(SimMemInjInv.minj).(SimMemInj.inj) blk_src = Some (blk_tgt, delta)), + (DETLA: (SimMemInjInv.minj sm0).(SimMemInj.inj) blk_src = Some (blk_tgt, delta)), blk_tgt <> stk) (NOTEXT: forall ofs, - ~ sm0.(SimMemInjInv.minj).(SimMemInj.tgt_external) stk ofs) - (NINV: ~ sm0.(SimMemInjInv.mem_inv_tgt) stk) + ~ (SimMemInjInv.minj sm0).(SimMemInj.tgt_external) stk ofs) + (NINV: ~ (SimMemInjInv.mem_inv_tgt sm0) stk) (CURRPC: curr_pc (rs PC) (Ptrofs.repr 13)) (ARG: rs RBX = Vint i) (SUM: rs RAX = Vint (sum (Int.sub i Int.one))) @@ -258,18 +258,18 @@ Inductive match_states | match_states_final idx m_src sm0 i stk initstk init_rs rs m_tgt - (MCOMPATSRC: m_src = sm0.(SimMem.src)) - (MCOMPATTGT: m_tgt = sm0.(SimMem.tgt)) + (MCOMPATSRC: m_src = (SimMem.src sm0)) + (MCOMPATTGT: m_tgt = (SimMem.tgt sm0)) (MWF: SimMem.wf sm0) (SAVED: well_saved initstk stk init_rs rs m_tgt) (PRIV: forall blk_src blk_tgt delta - (DETLA: sm0.(SimMemInjInv.minj).(SimMemInj.inj) blk_src = Some (blk_tgt, delta)), + (DETLA: (SimMemInjInv.minj sm0).(SimMemInj.inj) blk_src = Some (blk_tgt, delta)), blk_tgt <> stk) (NOTEXT: forall ofs, - ~ sm0.(SimMemInjInv.minj).(SimMemInj.tgt_external) stk ofs) - (NINV: ~ sm0.(SimMemInjInv.mem_inv_tgt) stk) + ~ (SimMemInjInv.minj sm0).(SimMemInj.tgt_external) stk ofs) + (NINV: ~ (SimMemInjInv.mem_inv_tgt sm0) stk) (CURRPC: curr_pc (rs PC) (Ptrofs.repr 20)) (ARG: rs RAX = Vint i) (IDX: (idx >= 2)%nat) @@ -325,8 +325,8 @@ Proof. clarify. inv MATCH. esplits; eauto. - unfold Genv.find_funct_ptr. rewrite DEF0. et. - - ss. des_ifs. clear - H. inv H; ss. - - ss. + - ss. des_ifs. apply proj_sumbool_true in H2. subst. + clear - H1. inv H1; ss. } Qed. @@ -376,7 +376,7 @@ Proof. assert (CMP: compare_ints (Val.and (rs RDI) (rs RDI)) Vzero (rs # RBX <- (rs RDI)) # PC <- (Vptr blk (Ptrofs.add (Ptrofs.repr 2) Ptrofs.one)) - (SimMemInj.tgt sm0.(SimMemInjInv.minj)) ZF = if (Int.eq_dec i Int.zero) then Vtrue else Vfalse). + (SimMemInj.tgt (SimMemInjInv.minj sm0)) ZF = if (Int.eq_dec i Int.zero) then Vtrue else Vfalse). { unfold compare_ints, nextinstr, Val.cmpu. repeat (rewrite Pregmap.gso; [| clarify; fail]). repeat rewrite Pregmap.gss. @@ -487,24 +487,24 @@ Proof. (((compare_ints (Val.and (rs RDI) (rs RDI)) Vzero (rs # RBX <- (rs RDI)) # PC <- (Vptr blk (Ptrofs.add (Ptrofs.repr 2) Ptrofs.one)) - (SimMemInj.tgt sm0.(SimMemInjInv.minj))) # PC <- + (SimMemInj.tgt (SimMemInjInv.minj sm0))) # PC <- (Vptr blk (Ptrofs.add (Ptrofs.add (Ptrofs.repr 2) Ptrofs.one) Ptrofs.one))) # PC <- (Vptr blk (Ptrofs.repr 8))) # RAX <- (Vint x) RBX) (nextinstr_nf (((compare_ints (Val.and (rs RDI) (rs RDI)) Vzero (rs # RBX <- (rs RDI)) # PC <- (Vptr blk (Ptrofs.add (Ptrofs.repr 2) Ptrofs.one)) - (SimMemInj.tgt sm0.(SimMemInjInv.minj))) # PC <- + (SimMemInj.tgt (SimMemInjInv.minj sm0))) # PC <- (Vptr blk (Ptrofs.add (Ptrofs.add (Ptrofs.repr 2) Ptrofs.one) Ptrofs.one))) # PC <- (Vptr blk (Ptrofs.repr 8))) # RAX <- (Vint x) RAX) (nextinstr_nf (((compare_ints (Val.and (rs RDI) (rs RDI)) Vzero (rs # RBX <- (rs RDI)) # PC <- (Vptr blk (Ptrofs.add (Ptrofs.repr 2) Ptrofs.one)) - (SimMemInj.tgt sm0.(SimMemInjInv.minj))) # PC <- + (SimMemInj.tgt (SimMemInjInv.minj sm0))) # PC <- (Vptr blk (Ptrofs.add (Ptrofs.add (Ptrofs.repr 2) Ptrofs.one) Ptrofs.one))) # PC <- (Vptr blk (Ptrofs.repr 8))) # RAX <- (Vint x)) - (SimMemInj.tgt sm0.(SimMemInjInv.minj))) ZF = + (SimMemInj.tgt (SimMemInjInv.minj sm0))) ZF = if (Int.eq_dec x i) then Vtrue else Vfalse). { unfold compare_ints at 1. unfold nextinstr_nf, undef_regs, nextinstr. @@ -642,7 +642,7 @@ Proof. - refl. } { unfold nextinstr_nf, nextinstr. repeat rewrite Pregmap.gss. ss. econs; eauto. } - { omega. } + { lia. } } (* not memoized *) @@ -770,7 +770,7 @@ Proof. { exploit Int.eq_false. eapply H. i. unfold Int.eq in H0. rewrite Int.unsigned_zero in H0. - des_ifs. split; eauto. destruct i. ss. omega. } + des_ifs. split; eauto. destruct i. ss. lia. } } - intros _. inv CURRPC. @@ -799,18 +799,18 @@ Proof. cinv MWF. hexploit (@SimMemInjInvC.unchanged_on_mle SimMemInjInv.top_inv memoized_inv sm0 - sm0.(SimMemInjInv.minj).(SimMemInj.src) m_tgt sm0.(SimMemInjInv.minj).(SimMemInj.inj)); ss; eauto. + (SimMemInjInv.minj sm0).(SimMemInj.src) m_tgt (SimMemInjInv.minj sm0).(SimMemInj.inj)); ss; eauto. { eapply private_unchanged_inject; eauto. - cinv WF0. eauto. - instantiate (1:=~2 loc_out_of_reach (SimMemInj.inj (SimMemInjInv.minj sm0)) (SimMemInj.src (SimMemInjInv.minj sm0))). eapply Mem.free_unchanged_on; eauto. - ii. omega. + ii. lia. - ss. } { ii. clarify. } { refl. } - { eapply Mem.free_unchanged_on; eauto. ii. omega. } + { eapply Mem.free_unchanged_on; eauto. ii. lia. } { ii. eapply Mem.perm_free_3; eauto. } i. des. @@ -857,6 +857,7 @@ Proof. exploit DEFS; eauto. i. des. exploit SYMBKEEP; eauto. i. rr in H. rewrite H in *. rewrite FINDG in *. ss. clarify. + cbn in DMAP. do 2 rewrite PTree.gso in DMAP by ss. rewrite PTree.gss in DMAP. clarify. inv MATCH. ss. inv H1; des_ifs; esplits; try rewrite Genv.find_funct_ptr_iff; eauto; ss. } { split; ss. - repeat (rewrite Pregmap.gso; [| clarify; fail]). @@ -876,7 +877,7 @@ Proof. * i. inv AFTERSRC. ss. inv SIMRETV; ss. exploit Mem_unfree_suceeds. { instantiate (1:=stk). - instantiate (1:=SimMemInj.tgt sm_ret.(SimMemInjInv.minj)). + instantiate (1:=SimMemInj.tgt (SimMemInjInv.minj sm_ret)). inv MLE0. inv MLE1. ss. unfold Mem.valid_block. eapply Plt_Ple_trans; eauto. - eapply Mem.perm_valid_block; eauto. @@ -899,7 +900,7 @@ Proof. eexists. eexists (SimMemInjInv.mk (SimMemInj.mk - (SimMemInj.src sm_ret.(SimMemInjInv.minj)) + (SimMemInj.src (SimMemInjInv.minj sm_ret)) m1 _ _ _ _ _ _ _) _ _). esplits; ss. { econs; ss; eauto. @@ -1023,7 +1024,7 @@ Proof. with (Vint (sum i)); cycle 1. { rewrite sum_recurse with (i := i). des_ifs; cycle 1. - unfold Val.add. rewrite Int.add_zero. auto. - - rewrite Z.eqb_eq in Heq0. omega. } + - rewrite Z.eqb_eq in Heq0. lia. } rewrite STR1. ss. } econs 2; eauto. @@ -1078,7 +1079,7 @@ Proof. instantiate (1:=0). instantiate (1:=initstk). instantiate (1:=m2). - ii. omega. } intros [m4 FREE2]. + ii. lia. } intros [m4 FREE2]. cinv MWF. destruct sm0 as [sm0 minv_src minv_tgt]. exploit SimMemInj.free_right; eauto. @@ -1204,7 +1205,8 @@ Proof. unfold o_bind in FINDF. ss. exploit Genv.find_invert_symbol. eauto. i. rewrite H in *. clarify. - destruct ((prog_defmap prog) ! g_id) eqn:DMAP; ss. clarify. } clarify. + destruct ((prog_defmap prog) ! g_id) eqn:DMAP; ss. + cbn in DMAP. rewrite PTree.gss in DMAP. clarify. } clarify. unfold Genv.find_funct in FINDF. des_ifs. @@ -1248,7 +1250,7 @@ Proof. { eapply store_arguments_unchanged_on; eauto. } { eapply JunkBlock.assign_junk_blocks_unchanged_on; eauto. } } - assert (STKOUTSIDE0: ~ Mem.valid_block sm_arg.(SimMemInj.tgt) stk). + assert (STKOUTSIDE0: ~ Mem.valid_block (SimMemInj.tgt sm_arg) stk). { ii. eapply Mem.fresh_block_alloc in ALLOC. eapply ALLOC. eapply Mem.valid_block_unchanged_on; eauto. } @@ -1263,7 +1265,7 @@ Proof. { eapply Mem.store_unchanged_on; eauto. } refl. } assert (STKOUTSIDE1: forall blk_src blk_tgt ofs_src, - sm_arg.(SimMemInj.inj) blk_src = Some (blk_tgt, ofs_src) + (SimMemInj.inj sm_arg) blk_src = Some (blk_tgt, ofs_src) -> blk_tgt <> stk). { inv MWF. inv WF0. ss. ii. clarify. exploit Mem.valid_block_inject_2; eauto. } @@ -1368,7 +1370,7 @@ Proof. ss. des_ifs; ss. inv VALS0. unfold loc_arguments in *. des_ifs. inv H5. inv H3; ss. inv H; ss. clarify. - - omega. } + - lia. } - (* init progress *) i. diff --git a/demo/mutrec/MutrecBspec.v b/demo/mutrec/MutrecBspec.v index df71503d..8cf8dec3 100644 --- a/demo/mutrec/MutrecBspec.v +++ b/demo/mutrec/MutrecBspec.v @@ -106,7 +106,9 @@ Proof. clarify. hexploit (SkEnv.project_impl_spec INCL); eauto. intro PROJ. exploit SkEnv.project_spec_preserves_wf; eauto. intro WFSMALL. - inv INCL. specialize (DEFS g_id). ss. exploit DEFS; eauto. i; des. + inv INCL. specialize (DEFS g_id). ss. exploit DEFS; eauto. + { cbn. rewrite PTree.gss. auto. } + i; des. inv MATCH. inv H0. inv PROJ. exploit (SYMBKEEP g_id); eauto. intro T; des. rewrite T in *. exploit DEFKEEP; eauto. diff --git a/demo/mutrec/SimMemInjInvC.v b/demo/mutrec/SimMemInjInvC.v index a9d4be5e..0fdb8fcb 100644 --- a/demo/mutrec/SimMemInjInvC.v +++ b/demo/mutrec/SimMemInjInvC.v @@ -26,12 +26,12 @@ Section MEMINJINV. Inductive lepriv (sm0 sm1: t'): Prop := | lepriv_intro - (INCR: inject_incr sm0.(SimMemInj.inj) sm1.(SimMemInj.inj)) - (SRCGENB: sm0.(SimMemInj.src_ge_nb) = sm1.(SimMemInj.src_ge_nb)) - (TGTGENB: sm0.(SimMemInj.tgt_ge_nb) = sm1.(SimMemInj.tgt_ge_nb)) - (FROZEN: SimMemInj.frozen sm0.(SimMemInj.inj) sm1.(SimMemInj.inj) (sm0.(SimMemInj.src_ge_nb)) (sm0.(SimMemInj.tgt_ge_nb))) - (INVSRC: sm0.(mem_inv_src) = sm1.(mem_inv_src)) - (INVTGT: sm0.(mem_inv_tgt) = sm1.(mem_inv_tgt)) + (INCR: inject_incr (SimMemInj.inj sm0) (SimMemInj.inj sm1)) + (SRCGENB: (SimMemInj.src_ge_nb sm0) = (SimMemInj.src_ge_nb sm1)) + (TGTGENB: (SimMemInj.tgt_ge_nb sm0) = (SimMemInj.tgt_ge_nb sm1)) + (FROZEN: SimMemInj.frozen (SimMemInj.inj sm0) (SimMemInj.inj sm1) ((SimMemInj.src_ge_nb sm0)) ((SimMemInj.tgt_ge_nb sm0))) + (INVSRC: (mem_inv_src sm0) = (mem_inv_src sm1)) + (INVTGT: (mem_inv_tgt sm0) = (mem_inv_tgt sm1)) . Global Program Instance lepriv_PreOrder: RelationClasses.PreOrder lepriv. @@ -85,24 +85,24 @@ Section MEMINJINV. Lemma unchanged_on_mle (sm0: t') m_src1 m_tgt1 j1 (WF: SimMemInjInv.wf' P_src P_tgt sm0) (INJECT: Mem.inject j1 m_src1 m_tgt1) - (INCR: inject_incr sm0.(SimMemInj.inj) j1) - (SEP: inject_separated sm0.(SimMemInj.inj) j1 sm0.(SimMemInj.src) sm0.(SimMemInj.tgt)) + (INCR: inject_incr (SimMemInj.inj sm0) j1) + (SEP: inject_separated (SimMemInj.inj sm0) j1 (SimMemInj.src sm0) (SimMemInj.tgt sm0)) (UNCHSRC: Mem.unchanged_on - (loc_unmapped sm0.(SimMemInj.inj)) - sm0.(SimMemInj.src) m_src1) + (loc_unmapped (SimMemInj.inj sm0)) + (SimMemInj.src sm0) m_src1) (UNCHTGT: Mem.unchanged_on - (loc_out_of_reach sm0.(SimMemInj.inj) sm0.(SimMemInj.src)) - sm0.(SimMemInj.tgt) m_tgt1) + (loc_out_of_reach (SimMemInj.inj sm0) (SimMemInj.src sm0)) + (SimMemInj.tgt sm0) m_tgt1) (MAXSRC: forall b ofs - (VALID: Mem.valid_block sm0.(SimMemInj.src) b) + (VALID: Mem.valid_block (SimMemInj.src sm0) b) , - <>) + <>) (MAXTGT: forall b ofs - (VALID: Mem.valid_block sm0.(SimMemInj.tgt) b) + (VALID: Mem.valid_block (SimMemInj.tgt sm0) b) , - <>) + <>) : (<>) /\ + (SimMemInj.tgt_ge_nb sm0)) (mem_inv_src sm0) (mem_inv_tgt sm0))>>) /\ (<>). + (SimMemInj.tgt_ge_nb sm0)) (mem_inv_src sm0) (mem_inv_tgt sm0))>>). Proof. split. - assert(FROZEN: SimMemInj.frozen (SimMemInj.inj sm0) j1 (SimMemInj.src_parent_nb sm0) (SimMemInj.tgt_parent_nb sm0)). @@ -318,9 +318,9 @@ Section SIMSYMBINV. id (IN: (ss1 -1 ss0) id) , - <> /\ <>) - (SKLESRC: linkorder ss0.(src) ss1.(src)) - (SKLETGT: linkorder ss0.(tgt) ss1.(tgt)) + <> /\ <>) + (SKLESRC: linkorder (src ss0) (src ss1)) + (SKLETGT: linkorder (tgt ss0) (tgt ss1)) . Global Program Instance le_PreOrder: PreOrder le. @@ -361,16 +361,16 @@ Section SIMSYMBINV. Inductive wf (ss: t'): Prop := | sim_sk_intro - (SKSAME: ss.(src) = ss.(tgt)) + (SKSAME: (src ss) = (tgt ss)) (CLOSED: forall id (SS: ss id), exists g, - (<>) /\ + (<>) /\ (<>) /\ - (<>)) - (NOMAIN: ~ ss ss.(src).(prog_main)) + (<>)) + (NOMAIN: ~ ss (src ss).(prog_main)) (NOREF: forall id gv - (PROG: (prog_defmap ss.(tgt)) ! id = Some (Gvar gv)) + (PROG: (prog_defmap (tgt ss)) ! id = Some (Gvar gv)) , <>) . @@ -392,18 +392,18 @@ Section SIMSYMBINV. Inductive sim_skenv_inj (sm: SimMemInjInv.t') (ss: t') (skenv_src skenv_tgt: SkEnv.t): Prop := | sim_skenv_inj_intro (INVCOMPAT: forall id blk (FIND: (Genv.find_symbol skenv_tgt) id = Some blk), - ss id <-> sm.(mem_inv_tgt) blk) + ss id <-> (mem_inv_tgt sm) blk) (PUBKEPT: (fun id => In id skenv_src.(Genv.genv_public)) <1= ~1 ss) - (INJECT: skenv_inject skenv_src sm.(SimMemInj.inj) sm.(mem_inv_tgt)) + (INJECT: skenv_inject skenv_src (SimMemInj.inj sm) (mem_inv_tgt sm)) (SIMSKENV: SimSymbId.sim_skenv skenv_src skenv_tgt) - (NBSRC: skenv_src.(Genv.genv_next) = sm.(SimMemInj.src_ge_nb)) - (NBTGT: skenv_tgt.(Genv.genv_next) = sm.(SimMemInj.tgt_ge_nb)) + (NBSRC: skenv_src.(Genv.genv_next) = (SimMemInj.src_ge_nb sm)) + (NBTGT: skenv_tgt.(Genv.genv_next) = (SimMemInj.tgt_ge_nb sm)) . Lemma skenv_inject_symbols_inject sm ss skenv_src skenv_tgt (SKENVINJ: sim_skenv_inj sm ss skenv_src skenv_tgt) : - symbols_inject sm.(SimMemInj.inj) skenv_src skenv_tgt. + symbols_inject (SimMemInj.inj sm) skenv_src skenv_tgt. Proof. inv SKENVINJ. inv SIMSKENV. inv INJECT. econs; ss. splits. - i. exploit IMAGE; eauto. @@ -450,17 +450,17 @@ Section SIMSYMBINV. - simpl in H1. lia. - inv H. rewrite Nat2Z.inj_succ in H1. destruct (zeq i p). + congruence. - + apply IHn with (p + 1); auto. omega. omega. + + apply IHn with (p + 1); auto. lia. lia. Qed. Lemma init_mem_inject ss j m (SIMSK: wf ss) - (LOADMEM: Genv.init_mem ss.(src) = Some m) + (LOADMEM: Genv.init_mem (src ss) = Some m) (SS: forall id, {ss id} + {~ ss id}) (J: j = fun blk : positive => if plt blk (Mem.nextblock m) then - match Genv.invert_symbol (Genv.globalenv ss.(src)) blk with + match Genv.invert_symbol (Genv.globalenv (src ss)) blk with | Some id => if SS id then None else Some (blk, 0) | None => None end @@ -498,7 +498,7 @@ Section SIMSYMBINV. (fun blk : positive => if plt blk (Mem.nextblock m) then - match Genv.invert_symbol (Genv.globalenv ss.(src)) blk with + match Genv.invert_symbol (Genv.globalenv (src ss)) blk with | Some id => if SS id then None else Some (blk, 0) | None => None end @@ -581,18 +581,18 @@ Section SIMSYMBINV. Next Obligation. inv SIMSK. inv SIMSK0. eexists (mk (ss0 \1/ ss1) _ _). rewrite <- SKSAME in *. rewrite <- SKSAME0 in *. - exploit (link_linkorder ss0.(src)); eauto. intro LO; des. ss. - hexploit (link_prog_inv ss0.(src) ss1.(src)); eauto. i. des. clarify. + exploit (link_linkorder (src ss0)); eauto. intro LO; des. ss. + hexploit (link_prog_inv (src ss0) (src ss1)); eauto. i. des. clarify. esplits; ss; eauto. - econs; ss; eauto with congruence. i. des; clarify. exploit CLOSED0; eauto. i. des. - rewrite SKSAME. assert (~ defs ss0.(tgt) id); eauto. + rewrite SKSAME. assert (~ defs (tgt ss0) id); eauto. unfold defs, proj_sumbool. des_ifs. eapply prog_defmap_dom in i. des. exploit H0; eauto. { rewrite SKSAME; et. } i. des. clarify. - econs; ss; eauto with congruence. i. des; clarify. exploit CLOSED; eauto. i. des. - rewrite SKSAME0. assert (~ defs ss1.(tgt) id); eauto. + rewrite SKSAME0. assert (~ defs (tgt ss1) id); eauto. unfold defs, proj_sumbool. des_ifs. eapply prog_defmap_dom in i. des. exploit H0; eauto. { rewrite SKSAME0; et. } i. des. clarify. @@ -600,7 +600,7 @@ Section SIMSYMBINV. econs; ss; eauto. + i. des. * exploit CLOSED; eauto. i. des. - destruct ((prog_defmap ss1.(tgt)) ! id) eqn:NONE. + destruct ((prog_defmap (tgt ss1)) ! id) eqn:NONE. { exploit H0; eauto. i. des. clarify. } esplits; ss; eauto. { erewrite prog_defmap_elements. @@ -610,7 +610,7 @@ Section SIMSYMBINV. inv WFSRC1. eapply PUBINCL in H1. eapply prog_defmap_spec in H1. des. clarify. } * exploit CLOSED0; eauto. i. des. - destruct ((prog_defmap ss0.(tgt)) ! id) eqn:NONE. + destruct ((prog_defmap (tgt ss0)) ! id) eqn:NONE. { exploit H0; eauto. i. des. clarify. } esplits; ss; eauto. { erewrite prog_defmap_elements. @@ -622,8 +622,8 @@ Section SIMSYMBINV. + ii. rewrite H in *. des; clarify. + ii. - assert(T: (In (id, Gvar gv) (prog_defs ss0.(tgt))) - \/ (In (id, Gvar gv) (prog_defs ss1.(tgt)))). + assert(T: (In (id, Gvar gv) (prog_defs (tgt ss0))) + \/ (In (id, Gvar gv) (prog_defs (tgt ss1)))). { unfold prog_defmap in PROG. ss. rewrite PTree_Properties.of_list_elements in *. rewrite PTree.gcombine in *; ss. @@ -661,7 +661,7 @@ Section SIMSYMBINV. - i. destruct (classic (ss x)); eauto. - i. des. esplits; eauto. } destruct H as [SS]. set (j := fun blk => if (plt blk (Mem.nextblock m_src)) - then match Genv.invert_symbol (Sk.load_skenv ss.(src)) blk with + then match Genv.invert_symbol (Sk.load_skenv (src ss)) blk with | Some id => if (SS id) then None else Some (blk, 0) | None => None @@ -669,7 +669,7 @@ Section SIMSYMBINV. else None). eexists (SimMemInjInv.mk (SimMemInj.mk _ _ j bot2 bot2 (Mem.nextblock m_src) (Mem.nextblock m_src) _ _) _ _). ss. instantiate (1:=fun blk => exists id, - (<>) /\ + (<>) /\ (<>)). unfold Sk.load_mem, Sk.load_skenv in *. dup LOADMEMSRC. apply Genv.init_mem_genv_next in LOADMEMSRC. @@ -741,11 +741,11 @@ Section SIMSYMBINV. i. inv H. econs; ss; eauto. + i. eapply DOMAIN; eauto. instantiate (1:=i). - destruct (classic (defs ss.(src) i)). + destruct (classic (defs (src ss) i)). * rewrite <- SYMBKEEP; eauto. * rewrite SYMBDROP in SYMB; eauto. clarify. + i. eapply NDOMAIN; eauto. instantiate (1:=i). - destruct (classic (defs ss.(src) i)). + destruct (classic (defs (src ss) i)). * rewrite <- SYMBKEEP; eauto. * rewrite SYMBDROP in SYMB; eauto. clarify. - inv SIMSKENV0. inv SIMSK. r. congruence. diff --git a/demo/unreadglob/IdSimAsmDropInv.v b/demo/unreadglob/IdSimAsmDropInv.v index 7fbd5b0c..52d5240b 100644 --- a/demo/unreadglob/IdSimAsmDropInv.v +++ b/demo/unreadglob/IdSimAsmDropInv.v @@ -51,8 +51,8 @@ Lemma asm_inj_inv_drop : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. @@ -338,7 +338,7 @@ Proof. { clear EXTERNAL. rewrite <- H0 in *. ss. unfold Genv.find_funct_ptr in *. des_ifs. inv SIMSKELINK. exploit SIMDEF; eauto. i. des. eauto. } clarify. psimpl. ss. - exists (Args.Asmstyle rs_tgt (SimMemInj.tgt sm0.(SimMemInjInv.minj))). esplits; eauto. + exists (Args.Asmstyle rs_tgt (SimMemInj.tgt (SimMemInjInv.minj sm0))). esplits; eauto. - econs 2; eauto. + exploit SimSymbDropInv_find_None; try eassumption. { ii. rewrite H in *. ss. } @@ -478,7 +478,7 @@ Proof. inv MLE. eauto. + econs; ss; eauto. } - { exists sm0. exists (Retv.Asmstyle rs_tgt sm0.(SimMemInjInv.minj).(SimMemInj.tgt)). + { exists sm0. exists (Retv.Asmstyle rs_tgt (SimMemInjInv.minj sm0).(SimMemInj.tgt)). esplits; ss; eauto. + econs 2; ss; ii; eauto. * des. esplits; eauto. diff --git a/demo/unreadglob/IdSimClightDropInv.v b/demo/unreadglob/IdSimClightDropInv.v index e7b70fae..8fea4fd2 100644 --- a/demo/unreadglob/IdSimClightDropInv.v +++ b/demo/unreadglob/IdSimClightDropInv.v @@ -48,9 +48,9 @@ Inductive match_states_clight_inv : unit -> Clight.state -> Clight.state -> SimMem.t -> Prop := | match_states_clight_inv_intro st_src st_tgt j m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMem.src)) - (MWFTGT: m_tgt = sm0.(SimMem.tgt)) - (MWFINJ: j = sm0.(SimMemInjInv.minj).(SimMemInj.inj)) + (MWFSRC: m_src = (SimMem.src sm0)) + (MWFTGT: m_tgt = (SimMem.tgt sm0)) + (MWFINJ: j = (SimMemInjInv.minj sm0).(SimMemInj.inj)) (MATCHST: match_states_clight_internal st_src st_tgt j m_src m_tgt) (MWF: SimMem.wf sm0) : @@ -64,8 +64,8 @@ Lemma clight_inj_inv_drop : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. diff --git a/demo/unreadglob/IdSimInvExtra.v b/demo/unreadglob/IdSimInvExtra.v index d4c7ca5f..a5cb74e2 100644 --- a/demo/unreadglob/IdSimInvExtra.v +++ b/demo/unreadglob/IdSimInvExtra.v @@ -28,7 +28,7 @@ Lemma SimSymbDropInv_match_globals F `{HasExternal F} V sm0 sk_src sk_tgt skenv_ eq (SkEnv.revive skenv_src p) (SkEnv.revive skenv_tgt p) - (SimMemInj.inj sm0.(SimMemInjInv.minj)). + (SimMemInj.inj (SimMemInjInv.minj sm0)). Proof. inv SIMSKE. econs. - i. unfold SkEnv.revive in *. exists d_src. @@ -53,7 +53,7 @@ Lemma SimSymbDropInv_find_None F `{HasExternal F} V (p: AST.program F V) sm0 sk_src sk_tgt skenv_src skenv_tgt fptr_src fptr_tgt (FINDSRC: Genv.find_funct (SkEnv.revive skenv_src p) fptr_src = None) (SIMSKE: SimSymbDropInv.sim_skenv sm0 (SimSymbDropInv.mk bot1 sk_src sk_tgt) skenv_src skenv_tgt) - (FPTR: Val.inject (SimMemInj.inj sm0.(SimMemInjInv.minj)) fptr_src fptr_tgt) + (FPTR: Val.inject (SimMemInj.inj (SimMemInjInv.minj sm0)) fptr_src fptr_tgt) (FPTRDEF: fptr_src <> Vundef) : Genv.find_funct (SkEnv.revive skenv_tgt p) fptr_tgt = None. @@ -91,7 +91,7 @@ Lemma SimSymbIdInv_match_globals F `{HasExternal F} V sm0 sk_src sk_tgt skenv_sr eq (SkEnv.revive skenv_src p) (SkEnv.revive skenv_tgt p) - (SimMemInj.inj sm0.(SimMemInjInv.minj)). + (SimMemInj.inj (SimMemInjInv.minj sm0)). Proof. inv SIMSKE. inv INJECT. inv SIMSKENV. econs; ss; eauto. - ii. exploit IMAGE; eauto. @@ -106,7 +106,7 @@ Lemma SimSymbIdInv_find_None F `{HasExternal F} V (p: AST.program F V) sm0 sk_src sk_tgt skenv_src skenv_tgt fptr_src fptr_tgt (FINDSRC: Genv.find_funct (SkEnv.revive skenv_src p) fptr_src = None) (SIMSKE: SimMemInjInvC.sim_skenv_inj sm0 (SimMemInjInvC.mk bot1 sk_src sk_tgt) skenv_src skenv_tgt) - (FPTR: Val.inject (SimMemInj.inj sm0.(SimMemInjInv.minj)) fptr_src fptr_tgt) + (FPTR: Val.inject (SimMemInj.inj (SimMemInjInv.minj sm0)) fptr_src fptr_tgt) (FPTRDEF: fptr_src <> Vundef) : Genv.find_funct (SkEnv.revive skenv_tgt p) fptr_tgt = None. @@ -137,7 +137,7 @@ Local Instance SimMemInvP : SimMem.class := SimMemInjInvC.SimMemInjInv SimMemInj Lemma Mem_unfree_parallel (sm0 sm_arg sm_ret: SimMem.t) blk_src ofs_src ofs_tgt sz blk_tgt delta m_src1 - (DELTA: sm0.(SimMemInjInv.minj).(SimMemInj.inj) blk_src = Some (blk_tgt, delta)) + (DELTA: (SimMemInjInv.minj sm0).(SimMemInj.inj) blk_src = Some (blk_tgt, delta)) (VAL: ofs_tgt = Ptrofs.add ofs_src (Ptrofs.repr delta)) (MLE0: SimMemInjInv.le' sm0 sm_arg) (FREESRC: Mem.free @@ -158,12 +158,12 @@ Lemma Mem_unfree_parallel Some m_src1) : exists sm1, - (<>) - /\ (<>) + (<>) + /\ (<>) /\ (<>) + = Some (SimMem.tgt sm1)>>) /\ (<>) /\ (<>) /\ (<>). @@ -329,9 +329,9 @@ Inductive match_states P0 P1 (sm0 : SimMemInjInv.t') (AGREE: AsmStepInj.agree j rs_src rs_tgt) (AGREEINIT: AsmStepInj.agree j init_rs_src init_rs_tgt) - (MCOMPATSRC: m_src = sm0.(SimMemInjInv.minj).(SimMemInj.src)) - (MCOMPATTGT: m_tgt = sm0.(SimMemInjInv.minj).(SimMemInj.tgt)) - (MCOMPATINJ: j = sm0.(SimMemInjInv.minj).(SimMemInj.inj)) + (MCOMPATSRC: m_src = (SimMemInjInv.minj sm0).(SimMemInj.src)) + (MCOMPATTGT: m_tgt = (SimMemInjInv.minj sm0).(SimMemInj.tgt)) + (MCOMPATINJ: j = (SimMemInjInv.minj sm0).(SimMemInj.inj)) (MWF: @SimMemInjInv.wf' P0 P1 sm0) fd (FINDF: Genv.find_funct ge_src (init_rs_src PC) = Some (Internal fd)) diff --git a/demo/unreadglob/SimSymbDropInv.v b/demo/unreadglob/SimSymbDropInv.v index f720762d..ba0f1e3e 100644 --- a/demo/unreadglob/SimSymbDropInv.v +++ b/demo/unreadglob/SimSymbDropInv.v @@ -42,24 +42,24 @@ Inductive wf (ss: t'): Prop := | sim_sk_intro (KEPT: forall id (KEPT: ~ ss id), - (prog_defmap ss.(tgt)) ! id = (prog_defmap ss.(src)) ! id) + (prog_defmap (tgt ss)) ! id = (prog_defmap (src ss)) ! id) (DROP: forall id (DROP: ss id), - (prog_defmap ss.(tgt)) ! id = None) - (CLOSED: ss <1= (privs ss.(src))) - (PUB: ss.(src).(prog_public) = ss.(tgt).(prog_public)) - (MAIN: ss.(src).(prog_main) = ss.(tgt).(prog_main)) + (prog_defmap (tgt ss)) ! id = None) + (CLOSED: ss <1= (privs (src ss))) + (PUB: (src ss).(prog_public) = (tgt ss).(prog_public)) + (MAIN: (src ss).(prog_main) = (tgt ss).(prog_main)) (NOREF: forall id gv - (PROG: (prog_defmap ss.(tgt)) ! id = Some (Gvar gv)), + (PROG: (prog_defmap (tgt ss)) ! id = Some (Gvar gv)), <>) - (NODUP: NoDup (prog_defs_names ss.(tgt))) - (NOMAIN: ~ ss ss.(src).(prog_main)). + (NODUP: NoDup (prog_defs_names (tgt ss))) + (NOMAIN: ~ ss (src ss).(prog_main)). Inductive sim_skenv (sm0: SimMem.t) (ss: t') (skenv_src skenv_tgt: SkEnv.t): Prop := | sim_skenv_intro (SIMSYMB1: forall id blk_src blk_tgt delta - (SIMVAL: sm0.(SimMemInj.inj) blk_src = Some (blk_tgt, delta)) + (SIMVAL: (SimMemInj.inj sm0) blk_src = Some (blk_tgt, delta)) (BLKSRC: (Genv.find_symbol skenv_src) id = Some blk_src) , (<>) /\ @@ -74,24 +74,24 @@ Inductive sim_skenv (sm0: SimMem.t) (ss: t') (skenv_src skenv_tgt: SkEnv.t): Pro , exists blk_tgt, (<>) /\ - (<>)) + (<>)) (SIMSYMB3: forall id blk_tgt (BLKTGT: (Genv.find_symbol skenv_tgt) id = Some blk_tgt) , exists blk_src, (<>) /\ - (<>) + (<>) ) (SSINV: forall id blk_src (KEPT: ss id) (BLKSRC: (Genv.find_symbol skenv_src) id = Some blk_src) , - sm0.(SimMemInjInv.mem_inv_src) blk_src) + (SimMemInjInv.mem_inv_src sm0) blk_src) (SIMDEF: forall blk_src blk_tgt delta def_src - (SIMVAL: sm0.(SimMemInj.inj) blk_src = Some (blk_tgt, delta)) + (SIMVAL: (SimMemInj.inj sm0) blk_src = Some (blk_tgt, delta)) (DEFSRC: (Genv.find_def skenv_src) blk_src = Some def_src) , exists def_tgt, (<>) /\ @@ -100,13 +100,13 @@ Inductive sim_skenv (sm0: SimMem.t) (ss: t') (skenv_src skenv_tgt: SkEnv.t): Pro (DISJ: forall id blk_src0 blk_src1 blk_tgt (SYMBSRC: Genv.find_symbol skenv_src id = Some blk_src0) - (SIMVAL0: sm0.(SimMemInj.inj) blk_src0 = Some (blk_tgt, 0)) - (SIMVAL1: sm0.(SimMemInj.inj) blk_src1 = Some (blk_tgt, 0)) + (SIMVAL0: (SimMemInj.inj sm0) blk_src0 = Some (blk_tgt, 0)) + (SIMVAL1: (SimMemInj.inj sm0) blk_src1 = Some (blk_tgt, 0)) , blk_src0 = blk_src1) (SIMDEFINV: forall blk_src blk_tgt delta def_tgt - (SIMVAL: sm0.(SimMemInj.inj) blk_src = Some (blk_tgt, delta)) + (SIMVAL: (SimMemInj.inj sm0) blk_src = Some (blk_tgt, delta)) (DEFTGT: (Genv.find_def skenv_tgt) blk_tgt = Some def_tgt) , exists def_src, (<>) /\ @@ -114,15 +114,15 @@ Inductive sim_skenv (sm0: SimMem.t) (ss: t') (skenv_src skenv_tgt: SkEnv.t): Pro (<>)) (PUBKEPT: (fun id => In id skenv_src.(Genv.genv_public)) <1= ~1 ss) (PUB: skenv_src.(Genv.genv_public) = skenv_tgt.(Genv.genv_public)) - (NBSRC: skenv_src.(Genv.genv_next) = sm0.(SimMemInj.src_ge_nb)) - (NBTGT: skenv_tgt.(Genv.genv_next) = sm0.(SimMemInj.tgt_ge_nb)) + (NBSRC: skenv_src.(Genv.genv_next) = (SimMemInj.src_ge_nb sm0)) + (NBTGT: skenv_tgt.(Genv.genv_next) = (SimMemInj.tgt_ge_nb sm0)) . Theorem sim_skenv_symbols_inject sm0 ss0 skenv_src skenv_tgt (SIMSKENV: sim_skenv sm0 ss0 skenv_src skenv_tgt) : - <> + <> . Proof. { clear - SIMSKENV. @@ -159,7 +159,7 @@ Qed. Definition sim_skenv_splittable (sm0: SimMem.t) (ss: t') (skenv_src skenv_tgt: SkEnv.t): Prop := (<>) /\ @@ -175,7 +175,7 @@ Definition sim_skenv_splittable (sm0: SimMem.t) (ss: t') (skenv_src skenv_tgt: S , exists blk_tgt, (<>) /\ - (<>)>>) + (<>)>>) /\ (<>) /\ - (<>) + (<>) >>) /\ (<>) + (SimMemInjInv.mem_inv_src sm0) blk_src>>) /\ (<>) /\ @@ -205,14 +205,14 @@ Definition sim_skenv_splittable (sm0: SimMem.t) (ss: t') (skenv_src skenv_tgt: S (<>) /\ (<>) /\ @@ -222,8 +222,8 @@ Definition sim_skenv_splittable (sm0: SimMem.t) (ss: t') (skenv_src skenv_tgt: S (< In id skenv_src.(Genv.genv_public)) <1= ~1 ss>>) /\ (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Theorem sim_skenv_splittable_spec @@ -242,9 +242,9 @@ Inductive le (ss0: t') (ss1: t'): Prop := id (IN: (ss1 -1 ss0) id) , - <> /\ <>) - (SKLESRC: linkorder ss0.(src) ss1.(src)) - (SKLETGT: linkorder ss0.(tgt) ss1.(tgt)) + <> /\ <>) + (SKLESRC: linkorder (src ss0) (src ss1)) + (SKLETGT: linkorder (tgt ss0) (tgt ss1)) . Lemma linkorder_defs @@ -277,7 +277,6 @@ Proof. - generalize dependent H. eapply PTree_Properties.fold_rec; ii; ss; clarify. + eapply H0; eauto. erewrite H; eauto. - + erewrite PTree.gempty in H0. ss. + des_ifs. rewrite PTree.gsspec in *. des_ifs. eapply H1; eauto. @@ -306,14 +305,14 @@ Let init_meminj (sk_src sk_tgt:Sk.t) : meminj := Remark init_meminj_invert ss b b' delta - (INJ: (init_meminj ss.(src) ss.(tgt)) b = Some(b', delta)) + (INJ: (init_meminj (src ss) (tgt ss)) b = Some(b', delta)) (SIMSK : wf ss) : - delta = 0 /\ exists id, Genv.find_symbol (Sk.load_skenv ss.(src)) id = Some b /\ Genv.find_symbol (Sk.load_skenv ss.(tgt)) id = Some b' /\ ~ ss id. + delta = 0 /\ exists id, Genv.find_symbol (Sk.load_skenv (src ss)) id = Some b /\ Genv.find_symbol (Sk.load_skenv (tgt ss)) id = Some b' /\ ~ ss id. Proof. unfold init_meminj in *; intros. - destruct (Genv.invert_symbol (Sk.load_skenv ss.(src)) b) as [id|] eqn:S; try discriminate. - destruct (Genv.find_symbol (Sk.load_skenv ss.(tgt)) id) as [b''|] eqn:F; inv INJ. + destruct (Genv.invert_symbol (Sk.load_skenv (src ss)) b) as [id|] eqn:S; try discriminate. + destruct (Genv.find_symbol (Sk.load_skenv (tgt ss)) id) as [b''|] eqn:F; inv INJ. split. auto. exists id. split. apply Genv.invert_find_symbol; auto. split. auto. ii. unfold Sk.load_skenv in *. apply Genv.find_symbol_inversion in F. apply prog_defmap_dom in F. des. inv SIMSK. apply DROP in H. congruence. @@ -334,14 +333,14 @@ Qed. Lemma init_mem_exists ss m_src (SIMSK: wf ss) - (LOADMEMSRC: Sk.load_mem ss.(src) = Some m_src) + (LOADMEMSRC: Sk.load_mem (src ss) = Some m_src) : - exists m_tgt, Sk.load_mem ss.(tgt) = Some m_tgt. + exists m_tgt, Sk.load_mem (tgt ss) = Some m_tgt. Proof. inv SIMSK. unfold Sk.load_mem in *. apply Genv.init_mem_exists. i. - assert (P: (prog_defmap ss.(tgt))!id = Some (Gvar v)). + assert (P: (prog_defmap (tgt ss))!id = Some (Gvar v)). { eapply prog_defmap_norepet; eauto. apply NoDup_norepet. ss. } - assert (Q: (prog_defmap ss.(src)) ! id = Some (Gvar v)). + assert (Q: (prog_defmap (src ss)) ! id = Some (Gvar v)). { rewrite <- KEPT; ss. ii. rewrite DROP in P; ss. } exploit Genv.init_mem_inversion; eauto. apply in_prog_defmap; eauto. intros [AL FV]. split. auto. @@ -353,25 +352,25 @@ Qed. Lemma init_meminj_simskenv ss m_src m_tgt - (LOADMEMSRC: Sk.load_mem ss.(src) = Some m_src) - (LOADMEMTGT: Sk.load_mem ss.(tgt) = Some m_tgt) + (LOADMEMSRC: Sk.load_mem (src ss) = Some m_src) + (LOADMEMTGT: Sk.load_mem (tgt ss) = Some m_tgt) (SIMSK: wf ss) : sim_skenv - (SimMemInjInv.mk (SimMemInj.mk m_src m_tgt (init_meminj ss.(src) ss.(tgt)) bot2 bot2 (Mem.nextblock m_src) (Mem.nextblock m_tgt) (Mem.nextblock m_src) (Mem.nextblock m_tgt)) - (fun blk => forall ofs, loc_unmapped (init_meminj ss.(src) ss.(tgt)) blk ofs /\ Mem.valid_block m_src blk) bot1) - ss (Sk.load_skenv ss.(src)) (Sk.load_skenv ss.(tgt)). + (SimMemInjInv.mk (SimMemInj.mk m_src m_tgt (init_meminj (src ss) (tgt ss)) bot2 bot2 (Mem.nextblock m_src) (Mem.nextblock m_tgt) (Mem.nextblock m_src) (Mem.nextblock m_tgt)) + (fun blk => forall ofs, loc_unmapped (init_meminj (src ss) (tgt ss)) blk ofs /\ Mem.valid_block m_src blk) bot1) + ss (Sk.load_skenv (src ss)) (Sk.load_skenv (tgt ss)). Proof. econs; ss; i. - exploit init_meminj_invert; eauto. intros (A & id1 & B & C & D). - assert (id1 = id) by (eapply (Genv.genv_vars_inj (Sk.load_skenv ss.(src))); eauto). subst id1. + assert (id1 = id) by (eapply (Genv.genv_vars_inj (Sk.load_skenv (src ss))); eauto). subst id1. esplits; auto. - - assert(exists blk_tgt : block, Genv.find_symbol (Sk.load_skenv ss.(tgt)) id = Some blk_tgt). + - assert(exists blk_tgt : block, Genv.find_symbol (Sk.load_skenv (tgt ss)) id = Some blk_tgt). { apply Genv.find_symbol_inversion in BLKSRC. apply prog_defmap_dom in BLKSRC. destruct BLKSRC as (g & P). apply Genv.find_symbol_exists with g. apply in_prog_defmap. inv SIMSK. rewrite KEPT0; ss. } des. exists blk_tgt; split; auto. eapply init_meminj_eq; eauto. - - assert(exists blk_src : block, Genv.find_symbol (Sk.load_skenv ss.(src)) id = Some blk_src). + - assert(exists blk_src : block, Genv.find_symbol (Sk.load_skenv (src ss)) id = Some blk_src). { apply Genv.find_symbol_inversion in BLKTGT. apply prog_defmap_dom in BLKTGT. destruct BLKTGT as (g & P). apply Genv.find_symbol_exists with g. apply in_prog_defmap. inv SIMSK. rewrite <- KEPT; ss. ii. rewrite DROP in P; ss. @@ -388,16 +387,16 @@ Proof. eapply Genv.init_mem_genv_next in LOADMEMSRC. rewrite LOADMEMSRC in BLKSRC. auto. - exploit init_meminj_invert; eauto. intros (A & id & B & C & D). - assert ((prog_defmap ss.(src))!id = Some def_src). + assert ((prog_defmap (src ss))!id = Some def_src). { rewrite Genv.find_def_symbol. exists blk_src; auto. } - assert ((prog_defmap ss.(tgt))!id = Some def_src). + assert ((prog_defmap (tgt ss))!id = Some def_src). { inv SIMSK. rewrite KEPT; ss. } rewrite Genv.find_def_symbol in H0. destruct H0 as (b & P & Q). unfold Sk.load_skenv in *. replace b with blk_tgt in * by congruence. exists def_src. split; auto. - unfold init_meminj in *. des_ifs. apply_all_once Genv.find_invert_symbol. rewrite Heq2 in Heq0. inv Heq0. apply_all_once Genv.invert_find_symbol. congruence. - exploit init_meminj_invert; eauto. intros (A & id & B & C & D). - assert ((prog_defmap ss.(tgt))!id = Some def_tgt). + assert ((prog_defmap (tgt ss))!id = Some def_tgt). { rewrite Genv.find_def_symbol. exists blk_tgt; auto. } inv SIMSK. rewrite KEPT in H; ss. rewrite Genv.find_def_symbol in H. destruct H as (b & P & Q). @@ -411,21 +410,21 @@ Qed. Lemma init_meminj_invert_strong ss b b' delta - (INJ: (init_meminj ss.(src) ss.(tgt)) b = Some(b', delta)) + (INJ: (init_meminj (src ss) (tgt ss)) b = Some(b', delta)) (SIMSK : wf ss) : delta = 0 /\ exists id gd, - Genv.find_symbol (Sk.load_skenv ss.(src)) id = Some b - /\ Genv.find_symbol (Sk.load_skenv ss.(tgt)) id = Some b' - /\ Genv.find_def (Sk.load_skenv ss.(src)) b = Some gd - /\ Genv.find_def (Sk.load_skenv ss.(tgt)) b' = Some gd. + Genv.find_symbol (Sk.load_skenv (src ss)) id = Some b + /\ Genv.find_symbol (Sk.load_skenv (tgt ss)) id = Some b' + /\ Genv.find_def (Sk.load_skenv (src ss)) b = Some gd + /\ Genv.find_def (Sk.load_skenv (tgt ss)) b' = Some gd. Proof. intros. exploit init_meminj_invert; eauto. intros (A & id & B & C & D). unfold Sk.load_skenv in *. - assert (exists gd, (prog_defmap ss.(src))!id = Some gd). + assert (exists gd, (prog_defmap (src ss))!id = Some gd). { apply prog_defmap_dom. eapply Genv.find_symbol_inversion; eauto. } destruct H as [gd DM]. - assert ((prog_defmap ss.(tgt))!id = Some gd). + assert ((prog_defmap (tgt ss))!id = Some gd). { inv SIMSK. rewrite KEPT; ss. } rewrite Genv.find_def_symbol in DM. destruct DM as (b'' & P & Q). rewrite P in B; inv B. rewrite Genv.find_def_symbol in H. destruct H as (b'' & R & S). rewrite R in C; inv C. @@ -435,10 +434,10 @@ Qed. Lemma bytes_of_init_inject ss m_src il (SIMSK: wf ss) - (LOADMEMSRC: Sk.load_mem ss.(src) = Some m_src) + (LOADMEMSRC: Sk.load_mem (src ss) = Some m_src) (REF: forall id, ref_init il id -> ~ ss id) : - list_forall2 (memval_inject (init_meminj ss.(src) ss.(tgt))) (Genv.bytes_of_init_data_list (Sk.load_skenv ss.(src)) il) (Genv.bytes_of_init_data_list (Sk.load_skenv ss.(tgt)) il). + list_forall2 (memval_inject (init_meminj (src ss) (tgt ss))) (Genv.bytes_of_init_data_list (Sk.load_skenv (src ss)) il) (Genv.bytes_of_init_data_list (Sk.load_skenv (tgt ss)) il). Proof. exploit init_mem_exists; et. intros LOADMEMTGT; des. induction il as [ | i1 il]; simpl; intros. @@ -447,11 +446,11 @@ Proof. + exploit init_meminj_simskenv; try eapply SIMSK; et. i. inv H; ss. destruct i1; simpl; try (apply inj_bytes_inject). { induction (Z.to_nat z); simpl; constructor. constructor. auto. } - destruct (Genv.find_symbol (Sk.load_skenv ss.(src)) i) as [b|] eqn:FS. + destruct (Genv.find_symbol (Sk.load_skenv (src ss)) i) as [b|] eqn:FS. * assert (~ ss i). { apply REF. red. exists i0; auto with coqlib. } exploit SIMSYMB2; et. intros (b' & A & B). rewrite A. apply inj_value_inject. econstructor; eauto. symmetry; apply Ptrofs.add_zero. - * destruct (Genv.find_symbol (Sk.load_skenv ss.(tgt)) i) as [b'|] eqn:FS'. + * destruct (Genv.find_symbol (Sk.load_skenv (tgt ss)) i) as [b'|] eqn:FS'. exploit SIMSYMB3; et. intros (b & A & B). congruence. apply repeat_Undef_inject_self. @@ -468,7 +467,7 @@ Proof. - simpl in H1. lia. - inv H. rewrite Nat2Z.inj_succ in H1. destruct (zeq i p). + congruence. -+ apply IHn with (p + 1); auto. omega. omega. ++ apply IHn with (p + 1); auto. lia. lia. Qed. Lemma SimSymbDropInv_func_bisim sm ss skenv_src skenv_tgt @@ -543,23 +542,23 @@ Next Obligation. Qed. Next Obligation. inv SIMSK. inv SIMSK0. - exploit (link_prog_inv ss0.(src) ss1.(src)); eauto. i; des. - assert(AUX1: forall id, ss1 id -> ~ ss0 id -> (prog_defmap ss0.(src)) ! id = None). - { i. destruct ((prog_defmap ss0.(src)) ! id) eqn:T; ss. + exploit (link_prog_inv (src ss0) (src ss1)); eauto. i; des. + assert(AUX1: forall id, ss1 id -> ~ ss0 id -> (prog_defmap (src ss0)) ! id = None). + { i. destruct ((prog_defmap (src ss0)) ! id) eqn:T; ss. apply CLOSED0 in H2. unfold privs, defs, NW in *. bsimpl. des. des_sumbool. exploit prog_defmap_dom; eauto. i; des. exploit H0; eauto. i; des. clarify. } - assert(AUX2: forall id, ss0 id -> ~ ss1 id -> (prog_defmap ss1.(src)) ! id = None). - { i. destruct ((prog_defmap ss1.(src)) ! id) eqn:T; ss. + assert(AUX2: forall id, ss0 id -> ~ ss1 id -> (prog_defmap (src ss1)) ! id = None). + { i. destruct ((prog_defmap (src ss1)) ! id) eqn:T; ss. apply CLOSED in H2. unfold privs, defs, NW in *. bsimpl. des. des_sumbool. exploit prog_defmap_dom; eauto. i; des. exploit H0; eauto. i; des. clarify. } - assert(LINKTGT: link ss0.(tgt) ss1.(tgt) = Some (mkprogram - (PTree.elements (PTree.combine link_prog_merge (prog_defmap ss0.(tgt)) - (prog_defmap ss1.(tgt)))) - (prog_public ss0.(tgt) ++ prog_public ss1.(tgt)) - (prog_main ss0.(tgt)))). - { eapply (link_prog_succeeds ss0.(tgt) ss1.(tgt)); eauto; try congruence. i. exploit H0. + assert(LINKTGT: link (tgt ss0) (tgt ss1) = Some (mkprogram + (PTree.elements (PTree.combine link_prog_merge (prog_defmap (tgt ss0)) + (prog_defmap (tgt ss1)))) + (prog_public (tgt ss0) ++ prog_public (tgt ss1)) + (prog_main (tgt ss0)))). + { eapply (link_prog_succeeds (tgt ss0) (tgt ss1)); eauto; try congruence. i. exploit H0. { erewrite <- KEPT; et. ii. eapply DROP in H4. congruence. } { erewrite <- KEPT0; et. ii. eapply DROP0 in H4. congruence. } i; des. esplits; congruence. @@ -586,15 +585,15 @@ Next Obligation. + rr. unfold privs. ss. bsimpl. split. { - assert(T: exists x1, link_prog_merge (prog_defmap ss0.(src)) ! x0 (prog_defmap ss1.(src)) ! x0 = Some x1). + assert(T: exists x1, link_prog_merge (prog_defmap (src ss0)) ! x0 (prog_defmap (src ss1)) ! x0 = Some x1). { des. - exploit CLOSED; et. intro T. unfold privs in T. unfold NW in *. bsimpl. des_safe. des_sumbool. - apply defs_prog_defmap in T. des. rewrite T. destruct ((prog_defmap ss1.(src)) ! x0) eqn:EQN. + apply defs_prog_defmap in T. des. rewrite T. destruct ((prog_defmap (src ss1)) ! x0) eqn:EQN. + exploit H0; et. i; des. ss. + eexists. ss. - exploit CLOSED0; et. intro T. unfold privs in T. unfold NW in *. bsimpl. des_safe. des_sumbool. - apply defs_prog_defmap in T. des. rewrite T. destruct ((prog_defmap ss0.(src)) ! x0) eqn:EQN. + apply defs_prog_defmap in T. des. rewrite T. destruct ((prog_defmap (src ss0)) ! x0) eqn:EQN. + exploit H0; et. i; des. ss. + eexists. ss. } @@ -610,8 +609,8 @@ Next Obligation. * exploit CLOSED0; eauto. intro TT. unfold privs, NW in TT. bsimpl. des_safe. des_sumbool. des; ss. apply defs_prog_defmap in TT. inv WFSRC0. apply PUBINCL in T. apply prog_defmap_dom in T. des. exploit H0; et. i; des. ss. - + assert(T: (In (id, Gvar gv) (prog_defs ss0.(tgt))) - \/ (In (id, Gvar gv) (prog_defs ss1.(tgt)))). + + assert(T: (In (id, Gvar gv) (prog_defs (tgt ss0))) + \/ (In (id, Gvar gv) (prog_defs (tgt ss1)))). { unfold prog_defmap in PROG. ss. rewrite PTree_Properties.of_list_elements in *. rewrite PTree.gcombine in *; ss. @@ -622,7 +621,7 @@ Next Obligation. - apply PTree_Properties.in_of_list in Heq. eauto. - apply PTree_Properties.in_of_list in PROG. eauto. } - assert(U: ~ In id_drop (prog_defs_names ss0.(tgt)) /\ ~ In id_drop (prog_defs_names ss1.(tgt))). + assert(U: ~ In id_drop (prog_defs_names (tgt ss0)) /\ ~ In id_drop (prog_defs_names (tgt ss1))). { split. - destruct (classic (ss0 id_drop)). @@ -652,16 +651,16 @@ Next Obligation. exploit init_mem_exists; et. intros LOADMEMTGT; des. exploit init_meminj_simskenv; try eapply SIMSK; et. intros SIMSKENV. eexists m_tgt. - exists (SimMemInjInv.mk (SimMemInj.mk m_src m_tgt (init_meminj ss.(src) ss.(tgt)) bot2 bot2 (Mem.nextblock m_src) (Mem.nextblock m_tgt) (Mem.nextblock m_src) (Mem.nextblock m_tgt)) - (fun blk => forall ofs, loc_unmapped (init_meminj ss.(src) ss.(tgt)) blk ofs /\ Mem.valid_block m_src blk) bot1). + exists (SimMemInjInv.mk (SimMemInj.mk m_src m_tgt (init_meminj (src ss) (tgt ss)) bot2 bot2 (Mem.nextblock m_src) (Mem.nextblock m_tgt) (Mem.nextblock m_src) (Mem.nextblock m_tgt)) + (fun blk => forall ofs, loc_unmapped (init_meminj (src ss) (tgt ss)) blk ofs /\ Mem.valid_block m_src blk) bot1). esplits; et. eauto. { econs; ss; cycle 1. { i. exploit INV; eauto. i. des. split; eauto. } econs; ss; try extlia. constructor; intros. { intros; constructor; intros. - exploit init_meminj_invert_strong; eauto. intros (A & id & gd & B & C & D & E). - exploit (Genv.init_mem_characterization_gen ss.(src)); eauto. - exploit (Genv.init_mem_characterization_gen ss.(tgt)); eauto. + exploit (Genv.init_mem_characterization_gen (src ss)); eauto. + exploit (Genv.init_mem_characterization_gen (tgt ss)); eauto. destruct gd as [f|v]. + intros (P2 & Q2) (P1 & Q1). apply Q1 in H0. destruct H0. subst. @@ -669,12 +668,12 @@ Next Obligation. + intros (P2 & Q2 & R2 & S2) (P1 & Q1 & R1 & S1). apply Q1 in H0. destruct H0. subst. apply Mem.perm_cur. eapply Mem.perm_implies; eauto. - apply P2. omega. + apply P2. lia. - exploit init_meminj_invert; eauto. intros (A & id & B & C). subst delta. apply Z.divide_0_r. - exploit init_meminj_invert_strong; eauto. intros (A & id & gd & B & C & D & E). - exploit (Genv.init_mem_characterization_gen ss.(src)); eauto. - exploit (Genv.init_mem_characterization_gen ss.(tgt)); eauto. + exploit (Genv.init_mem_characterization_gen (src ss)); eauto. + exploit (Genv.init_mem_characterization_gen (tgt ss)); eauto. destruct gd as [f|v]. + intros (P2 & Q2) (P1 & Q1). apply Q1 in H0. destruct H0; discriminate. @@ -689,10 +688,10 @@ Next Obligation. apply Mem_getN_forall2 with (p := 0) (n := Z.to_nat (init_data_list_size (gvar_init v))). rewrite H3, H4. eapply bytes_of_init_inject; et. { ii. inv SIMSK. eapply NOREF; et. eapply Genv.find_def_symbol. eexists. split; et. } - omega. + lia. rewrite Z2Nat.id; try extlia. } - - destruct ((init_meminj ss.(src) ss.(tgt)) b) as [[b' delta]|] eqn:INJ; auto. + - destruct ((init_meminj (src ss) (tgt ss)) b) as [[b' delta]|] eqn:INJ; auto. elim H. exploit init_meminj_invert; eauto. intros (A & id & B & C & D). unfold Sk.load_skenv, Sk.load_mem in *. eapply Genv.find_symbol_not_fresh; eauto. - exploit init_meminj_invert; eauto. intros (A & id & B & C & D). @@ -702,18 +701,18 @@ Next Obligation. exploit init_meminj_invert; try eapply H1; et. intros (A2 & id2 & B2 & C2 & D2). destruct (ident_eq id1 id2). congruence. left; eapply Genv.global_addresses_distinct; eauto. - exploit init_meminj_invert; eauto. intros (A & id & B & C & D). subst delta. - split. omega. generalize (Ptrofs.unsigned_range_2 ofs). omega. + split. lia. generalize (Ptrofs.unsigned_range_2 ofs). lia. - exploit init_meminj_invert_strong; eauto. intros (A & id & gd & B & C & D & E). - exploit (Genv.init_mem_characterization_gen ss.(src)); eauto. - exploit (Genv.init_mem_characterization_gen ss.(tgt)); eauto. + exploit (Genv.init_mem_characterization_gen (src ss)); eauto. + exploit (Genv.init_mem_characterization_gen (tgt ss)); eauto. destruct gd as [f|v]. + intros (P2 & Q2) (P1 & Q1). - apply Q2 in H0. destruct H0. subst. replace ofs with 0 by omega. + apply Q2 in H0. destruct H0. subst. replace ofs with 0 by lia. left; apply Mem.perm_cur; auto. + intros (P2 & Q2 & R2 & S2) (P1 & Q1 & R1 & S1). apply Q2 in H0. destruct H0. subst. left. apply Mem.perm_cur. eapply Mem.perm_implies; eauto. - apply P1. omega. + apply P1. lia. } { ss. inv SIMSK. rewrite <- MAIN. unfold init_meminj. @@ -755,9 +754,9 @@ Next Obligation. exploit Genv.genv_defs_range; eauto. i. unfold Mem.valid_block in *. rewrite <- NBTGT in *. extlia. Qed. Next Obligation. - set (SkEnv.project skenv_link_src ss.(src)) as skenv_src. + set (SkEnv.project skenv_link_src (src ss)) as skenv_src. generalize (SkEnv.project_impl_spec INCLSRC); intro LESRC. - set (SkEnv.project skenv_link_tgt ss.(tgt)) as skenv_tgt. + set (SkEnv.project skenv_link_tgt (tgt ss)) as skenv_tgt. generalize (SkEnv.project_impl_spec INCLTGT); intro LETGT. exploit SkEnv.project_spec_preserves_wf; try apply LESRC; eauto. intro WFSMALLSRC. exploit SkEnv.project_spec_preserves_wf; try apply LETGT; eauto. intro WFSMALLTGT. @@ -768,14 +767,14 @@ Next Obligation. dsplits; eauto; ii; ss. - (* SIMSYMB1 *) inv LESRC. - destruct (classic (defs ss.(src) id)); cycle 1. + destruct (classic (defs (src ss) id)); cycle 1. { exfalso. exploit SYMBDROP; eauto. i; des. clarify. } exploit SYMBKEEP; eauto. intro KEEP; des. exploit SIMSYMB1; eauto. { rewrite <- KEEP. ss. } i; des. inv LETGT. - destruct (classic (defs ss.(tgt) id)); cycle 1. + destruct (classic (defs (tgt ss) id)); cycle 1. { erewrite SYMBDROP0; ss. exfalso. clear - LE KEPT H H0 SIMSK. @@ -799,7 +798,7 @@ Next Obligation. - (* SIMSYMB2 *) inv LESRC. - destruct (classic (defs ss.(src) id)); cycle 1. + destruct (classic (defs (src ss) id)); cycle 1. { exfalso. exploit SYMBDROP; eauto. i; des. clarify. } exploit SYMBKEEP; eauto. intro KEEP; des. @@ -813,7 +812,7 @@ Next Obligation. inv LETGT. erewrite SYMBKEEP0; ss. - destruct (classic (defs ss.(tgt) id)); ss. + destruct (classic (defs (tgt ss) id)); ss. { exfalso. clear - LE KEPT H H0 SIMSK. apply H0. clear H0. @@ -827,7 +826,7 @@ Next Obligation. - (* SIMSYMB3 *) inv LETGT. - destruct (classic (defs ss.(tgt) id)); cycle 1. + destruct (classic (defs (tgt ss) id)); cycle 1. { exploit SYMBDROP; eauto. i; des. clarify. } erewrite SYMBKEEP in *; ss. @@ -854,7 +853,7 @@ Next Obligation. inv LESRC. inv WFSMALLSRC. exploit DEFSYMB; eauto. intro SYMBSMALL; des. rename SYMB into SYMBSMALL. - destruct (classic (defs ss.(src) id)); cycle 1. + destruct (classic (defs (src ss) id)); cycle 1. { exploit SYMBDROP; eauto. i; des. clarify. } exploit SYMBKEEP; eauto. intro SYMBBIG; des. rewrite SYMBSMALL in *. symmetry in SYMBBIG. inv WFSRC. @@ -895,7 +894,7 @@ Next Obligation. i; des. clarify. - inv LESRC. - destruct (classic (defs ss.(src) id)); cycle 1. + destruct (classic (defs (src ss) id)); cycle 1. { exploit SYMBDROP; et. i; des. clarify. } eapply DISJ; et. erewrite <- SYMBKEEP; et. @@ -924,12 +923,12 @@ Next Obligation. inv LESRC. inv WFSRC. exploit DEFSYMB; eauto. i; des. assert(id = id0). { eapply Genv.genv_vars_inj. apply SYMBSMALLTGT. eauto. } clarify. - assert(DSRC: defs ss.(src) id0). + assert(DSRC: defs (src ss) id0). { apply NNPP. ii. erewrite SYMBDROP in *; eauto. ss. } exploit SYMBKEEP; eauto. i; des. rewrite BLKSRC in *. symmetry in H. - assert(DTGT: defs ss.(tgt) id0). + assert(DTGT: defs (tgt ss) id0). { apply NNPP. ii. inv LETGT. erewrite SYMBDROP0 in *; eauto. ss. } - assert(ITGT: internals ss.(tgt) id0). + assert(ITGT: internals (tgt ss) id0). { dup DTGT. unfold defs in DTGT. des_sumbool. apply prog_defmap_spec in DTGT. des. @@ -944,7 +943,7 @@ Next Obligation. i; des. ss. } - assert(ISRC: internals ss.(src) id0). + assert(ISRC: internals (src ss) id0). { inv SIMSK. unfold internals in *. des_ifs_safe. diff --git a/demo/unreadglob/UnreadglobproofC.v b/demo/unreadglob/UnreadglobproofC.v index 2db50c15..b0a5a1f6 100644 --- a/demo/unreadglob/UnreadglobproofC.v +++ b/demo/unreadglob/UnreadglobproofC.v @@ -51,8 +51,8 @@ Inductive match_states (idx: nat) (st_src0: RTL.state) (st_tgt0: RTL.state) (sm0: SimMem.t): Prop := | match_states_intro (MATCHST: Unreadglobproof.match_states prog tprog (used_set tprog) skenv_link_src skenv_link_tgt ge tge st_src0 st_tgt0 sm0) - (MCOMPATSRC: (RTL.get_mem st_src0) = sm0.(SimMem.src)) - (MCOMPATTGT: (RTL.get_mem st_tgt0) = sm0.(SimMem.tgt)) + (MCOMPATSRC: (RTL.get_mem st_src0) = (SimMem.src sm0)) + (MCOMPATTGT: (RTL.get_mem st_tgt0) = (SimMem.tgt sm0)) . Lemma find_funct_inject @@ -77,7 +77,7 @@ Theorem sim_skenv_meminj_preserves_globals sm_arg (SimSymbDropInv.mk (defs (prog) -1 (defs tprog) -1 (Pos.eq_dec tprog.(prog_main))) md_src md_tgt) (SkEnv.project skenv_link_src (Mod.sk md_src)) (SkEnv.project skenv_link_tgt (Mod.sk md_tgt))) : - <> + <> . Proof. exploit SkEnv.project_revive_precise; et. @@ -185,7 +185,7 @@ Proof. - (* init bsim *) inv INITTGT. des. inv SAFESRC. destruct args_src, args_tgt; ss. inv SIMARGS; ss. clarify. - assert(SIMGE: meminj_preserves_globals prog tprog (used_set tprog) ge tge (SimMemInjInv.mem_inv_src sm_arg) (SimMemInj.inj sm_arg.(SimMemInjInv.minj))). + assert(SIMGE: meminj_preserves_globals prog tprog (used_set tprog) ge tge (SimMemInjInv.mem_inv_src sm_arg) (SimMemInj.inj (SimMemInjInv.minj sm_arg))). { eapply sim_skenv_meminj_preserves_globals; et. apply SIMSKENV. } des. esplits; eauto; try refl; econs; eauto. @@ -201,7 +201,7 @@ Proof. { eapply MWF. } - des. inv SAFESRC. inv SIMARGS; ss. - assert(SIMGE: meminj_preserves_globals prog tprog (used_set tprog) ge tge (SimMemInjInv.mem_inv_src sm_arg) (SimMemInj.inj sm_arg.(SimMemInjInv.minj))). + assert(SIMGE: meminj_preserves_globals prog tprog (used_set tprog) ge tge (SimMemInjInv.mem_inv_src sm_arg) (SimMemInj.inj (SimMemInjInv.minj sm_arg))). { eapply sim_skenv_meminj_preserves_globals; et. apply SIMSKENV. } exploit find_funct_inject; et. i; des. clarify. inv TYP. @@ -213,7 +213,7 @@ Proof. inv MATCH; ss. inv MATCHST; ss. - (* call fsim *) des. clear_tac. - assert(SIMGE: meminj_preserves_globals prog tprog (used_set tprog) ge tge (SimMemInjInv.mem_inv_src sm0) (SimMemInj.inj sm0.(SimMemInjInv.minj))). + assert(SIMGE: meminj_preserves_globals prog tprog (used_set tprog) ge tge (SimMemInjInv.mem_inv_src sm0) (SimMemInj.inj (SimMemInjInv.minj sm0))). { eapply sim_skenv_meminj_preserves_globals; et. apply SIMSKENV. } inv MATCH; ss. inv CALLSRC. inv MATCHST; ss. clarify. @@ -233,7 +233,7 @@ Proof. + econs; ss; et. - (* after fsim *) des. clear_tac. - assert(SIMGE: meminj_preserves_globals prog tprog (used_set tprog) ge tge (SimMemInjInv.mem_inv_src sm0) (SimMemInj.inj sm0.(SimMemInjInv.minj))). + assert(SIMGE: meminj_preserves_globals prog tprog (used_set tprog) ge tge (SimMemInjInv.mem_inv_src sm0) (SimMemInj.inj (SimMemInjInv.minj sm0))). { eapply sim_skenv_meminj_preserves_globals; et. apply SIMSKENV. } inv AFTERSRC. inv SIMRET; ss. exists (SimMemInjInvC.unlift' sm_arg sm_ret). @@ -260,7 +260,7 @@ Proof. eexists sm0. esplits; ss; eauto; try refl. econs; ss; eauto. - (* step *) left; i. - assert(SIMGE: meminj_preserves_globals prog tprog (used_set tprog) ge tge (SimMemInjInv.mem_inv_src sm0) (SimMemInj.inj sm0.(SimMemInjInv.minj))). + assert(SIMGE: meminj_preserves_globals prog tprog (used_set tprog) ge tge (SimMemInjInv.mem_inv_src sm0) (SimMemInj.inj (SimMemInjInv.minj sm0))). { eapply sim_skenv_meminj_preserves_globals; et. apply SIMSKENV. } esplits; eauto. diff --git a/demo/utod/DemoSpecProof.v b/demo/utod/DemoSpecProof.v index b9d058b7..e8fbfc8f 100644 --- a/demo/utod/DemoSpecProof.v +++ b/demo/utod/DemoSpecProof.v @@ -269,7 +269,7 @@ Proof. - eapply store_arguments_unchanged_on; eauto. - etrans. + eapply JunkBlock.assign_junk_blocks_unchanged_on. - + eapply Mem.free_unchanged_on; eauto. ii. omega. } + + eapply Mem.free_unchanged_on; eauto. ii. lia. } dup UNCH0. eapply Mem.unchanged_on_nextblock in UNCH0. exists (SimMemInjC.update sm_arg (SimMemInj.src sm_arg) m (SimMemInj.inj sm_arg)). diff --git a/demo/utod/IdSimDemoSpec.v b/demo/utod/IdSimDemoSpec.v index cf57ad30..863f2d75 100644 --- a/demo/utod/IdSimDemoSpec.v +++ b/demo/utod/IdSimDemoSpec.v @@ -34,8 +34,8 @@ Inductive match_states_ext_demo : unit -> state -> state -> SimMemExt.t' -> Prop := | match_ext i m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMemExt.src)) - (MWFTGT: m_tgt = sm0.(SimMemExt.tgt)) + (MWFSRC: m_src = (SimMemExt.src sm0)) + (MWFTGT: m_tgt = (SimMemExt.tgt sm0)) (MWF: Mem.extends m_src m_tgt) : match_states_ext_demo @@ -104,9 +104,9 @@ Inductive match_states_demo : unit -> state -> state -> SimMemInj.t' -> Prop := | match_states_demo_intro st_src st_tgt j m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMemInj.src)) - (MWFTGT: m_tgt = sm0.(SimMemInj.tgt)) - (MWFINJ: j = sm0.(SimMemInj.inj)) + (MWFSRC: m_src = (SimMemInj.src sm0)) + (MWFTGT: m_tgt = (SimMemInj.tgt sm0)) + (MWFINJ: j = (SimMemInj.inj sm0)) (MATCHST: match_states_demo_internal st_src st_tgt j m_src m_tgt) (MWF: SimMemInj.wf' sm0) : @@ -119,8 +119,8 @@ Lemma demo_id : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eapply any_id; eauto. @@ -131,8 +131,8 @@ Lemma demo_ext_unreach : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. @@ -177,8 +177,8 @@ Lemma demo_ext_top : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. @@ -222,9 +222,9 @@ Lemma demo_inj_drop_bot : exists mp, (<>) - /\ (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. @@ -271,8 +271,8 @@ Lemma demo_inj_drop : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. exploit demo_inj_drop_bot; eauto. i. des. eauto. @@ -283,8 +283,8 @@ Lemma demo_inj_id : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eapply sim_inj_drop_bot_id. apply demo_inj_drop_bot; auto. @@ -303,9 +303,9 @@ Inductive match_states_demo_inv : unit -> state -> state -> SimMem.t -> Prop := | match_states_demo_inv_intro st_src st_tgt j m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMem.src)) - (MWFTGT: m_tgt = sm0.(SimMem.tgt)) - (MWFINJ: j = sm0.(SimMemInjInv.minj).(SimMemInj.inj)) + (MWFSRC: m_src = (SimMem.src sm0)) + (MWFTGT: m_tgt = (SimMem.tgt sm0)) + (MWFINJ: j = (SimMemInjInv.minj sm0).(SimMemInj.inj)) (MATCHST: match_states_demo_internal st_src st_tgt j m_src m_tgt) (MWF: SimMem.wf sm0) : @@ -318,8 +318,8 @@ Lemma demo_inj_inv : exists mp, (<>) - /\ (<>) - /\ (<>) + /\ (<>) + /\ (<>) . Proof. eexists (ModPair.mk _ _ _); s. diff --git a/lib/CoqlibC.v b/lib/CoqlibC.v index 536fffd1..10f14e16 100644 --- a/lib/CoqlibC.v +++ b/lib/CoqlibC.v @@ -824,7 +824,7 @@ Fixpoint zip X Y Z (f: X -> Y -> Z) (xs: list X) (ys: list Y): list Z := Lemma zip_length X Y Z (f: X -> Y -> Z) xs ys: - length (zip f xs ys) = min xs.(length) ys.(length). + length (zip f xs ys) = min (length xs) (length ys). Proof. ginduction xs; ii; ss. des_ifs. ss. rewrite IHxs. extlia. Qed. Lemma in_zip_iff @@ -1037,7 +1037,7 @@ Global Program Instance top2_PreOrder X: PreOrder (top2: X -> X -> Prop). Lemma app_eq_inv A (x0 x1 y0 y1: list A) (EQ: x0 ++ x1 = y0 ++ y1) - (LEN: x0.(length) = y0.(length)): + (LEN: (length x0) = (length y0)): x0 = y0 /\ x1 = y1. Proof. ginduction x0; ii; ss. @@ -1128,11 +1128,11 @@ Lemma firstn_S (le (Datatypes.length l) n /\ firstn (n + 1) l = firstn n l) \/ (lt n (Datatypes.length l) /\ exists x, firstn (n + 1) l = (firstn n l) ++ [x]). Proof. - ginduction l; i; try by (left; do 2 rewrite firstn_nil; split; ss; omega). destruct n. - { right. ss. split; try omega. eauto. } + ginduction l; i; try by (left; do 2 rewrite firstn_nil; split; ss; lia). destruct n. + { right. ss. split; try lia. eauto. } specialize (IHl n). ss. des. - - left. split; try omega. rewrite IHl0. ss. - - right. split; try omega. rewrite IHl0. eauto. + - left. split; try lia. rewrite IHl0. ss. + - right. split; try lia. rewrite IHl0. eauto. Qed. Lemma map_firstn diff --git a/lib/MapsC.v b/lib/MapsC.v index d6c8e7d9..8df69360 100644 --- a/lib/MapsC.v +++ b/lib/MapsC.v @@ -10,19 +10,73 @@ Set Implicit Arguments. Local Open Scope o_monad_scope. -Fixpoint xfilter_map (A B : Type) (f : positive -> A -> option B) (m : PTree.t A) (i : positive) - {struct m} : PTree.t B := +Definition compose_ptree' (A: Type) (l: option (PTree.tree' A)) (o: option A) (r: option (PTree.tree' A)) : option (PTree.tree' A) := + match l, o, r with + | None, None, None => None + | None, None, Some r' => Some (PTree.Node001 r') + | None, Some o', None => Some (PTree.Node010 o') + | None, Some o', Some r' => Some (PTree.Node011 o' r') + | Some l', None, None => Some (PTree.Node100 l') + | Some l', None, Some r' => Some (PTree.Node101 l' r') + | Some l', Some o', None => Some (PTree.Node110 l' o') + | Some l', Some o', Some r' => Some (PTree.Node111 l' o' r') + end. + +Fixpoint xfilter_map' (A B : Type) (f : positive -> A -> option B) (m : PTree.tree' A) (i : positive) + {struct m} : option (PTree.tree' B) := match m with - | PTree.Leaf => PTree.Leaf - | PTree.Node l o r => PTree.Node (xfilter_map f l (xO i)) - (match o with None => None | Some x => (f (PTree.prev i) x) end) - (xfilter_map f r (xI i)) + | PTree.Node001 r => compose_ptree' None None (xfilter_map' f r (xI i)) + | PTree.Node010 o => compose_ptree' None (f (PTree.prev i) o) None + | PTree.Node011 o r => compose_ptree' None (f (PTree.prev i) o) (xfilter_map' f r (xI i)) + | PTree.Node100 l => compose_ptree' (xfilter_map' f l (xO i)) None None + | PTree.Node101 l r => compose_ptree' (xfilter_map' f l (xO i)) None (xfilter_map' f r (xI i)) + | PTree.Node110 l o => compose_ptree' (xfilter_map' f l (xO i)) (f (PTree.prev i) o) None + | PTree.Node111 l o r => compose_ptree' (xfilter_map' f l (xO i)) (f (PTree.prev i) o) (xfilter_map' f r (xI i)) + end. + +Definition xfilter_map (A B : Type) (f : positive -> A -> option B) (m : PTree.tree A) (i : positive) : PTree.tree B := + match m with + | PTree.Empty => PTree.Empty + | PTree.Nodes t => + match xfilter_map' f t i with + | Some t' => PTree.Nodes t' + | None => PTree.Empty + end end. Lemma xfilter_map_get: forall (A B: Type) (f: positive -> A -> option B) (i j : positive) (m: PTree.t A), PTree.get i (xfilter_map f m j) = o_bind (PTree.get i m) (f (PTree.prev (PTree.prev_append i j))). -Proof. induction i; intros; destruct m; simpl; auto. des_ifs. Qed. +Proof. + intros. destruct m as [| m]; auto. cbn. revert m j. + induction i; intros. + - simpl. + destruct m; simpl. + + specialize (IHi m (xI j)). desf. + + desf. + + specialize (IHi m (xI j)). desf. + + specialize (IHi m (xO j)). desf. simpl in Heq. inv Heq. auto. + + generalize (IHi m1 (xO j)). generalize (IHi m2 (xI j)). desf. + + specialize (IHi m (xO j)). desf; simpl in Heq; desf. + + generalize (IHi m1 (xO j)). generalize (IHi m2 (xI j)). + desf; simpl in *; desf. + - simpl. + destruct m; simpl. + + specialize (IHi m (xI j)). desf. + + desf. + + specialize (IHi m (xI j)). desf. + + specialize (IHi m (xO j)). desf. simpl in Heq. inv Heq. auto. + + generalize (IHi m1 (xO j)). generalize (IHi m2 (xI j)). desf. + + specialize (IHi m (xO j)). desf; simpl in Heq; desf. + + generalize (IHi m1 (xO j)). generalize (IHi m2 (xI j)). + desf; simpl in *; desf. + - simpl. destruct m; simpl; try (desf; fail). + + destruct (xfilter_map' f m (xO j)); auto. + + destruct (xfilter_map' f m1 (xO j)); destruct (xfilter_map' f m2 (xI j)); auto. + + destruct (f (PTree.prev j) a) eqn: O; destruct (xfilter_map' f m (xO j)); auto. + + destruct (f (PTree.prev j) a) eqn: O; + destruct (xfilter_map' f m1 (xO j)); destruct (xfilter_map' f m2 (xI j)); auto. +Qed. (* partial mapping *) Definition PTree_filter_map A B (f: positive -> A -> option B) (m: PTree.t A): PTree.t B := xfilter_map f m 1. @@ -54,5 +108,9 @@ Proof. unfold PTree.elements. unfold PTree.map. generalize 1%positive. assert(LIST: [] = map (update_snd f) ([]: list (prod positive X))) by ss. revert LIST. generalize ([]: list (prod positive X)) as lx. generalize ([]: list (prod positive Y)) as ly. - induction xm; ii; ss. cbn in *. destruct o; ss; erewrite IHxm1; ss; erewrite IHxm2; ss. + destruct xm; ii; ss. revert ly lx LIST p. + induction t; + ii; simpl; try rewrite LIST; try erewrite IHt; eauto. + - erewrite IHt1; eauto. erewrite IHt2; eauto. + - erewrite IHt1; eauto. cbn. erewrite IHt2; eauto. Qed. diff --git a/proof/AdequacyLocal.v b/proof/AdequacyLocal.v index 90ae66fa..1903564f 100644 --- a/proof/AdequacyLocal.v +++ b/proof/AdequacyLocal.v @@ -108,8 +108,8 @@ Section SIMGE. sm_init mp skenv_src skenv_tgt ss_link (WFSRC: SkEnv.wf skenv_src) (WFTGT: SkEnv.wf skenv_tgt) - (INCLSRC: SkEnv.includes skenv_src (Mod.sk mp.(ModPair.src))) - (INCLTGT: SkEnv.includes skenv_tgt (Mod.sk mp.(ModPair.tgt))) + (INCLSRC: SkEnv.includes skenv_src (Mod.sk (ModPair.src mp))) + (INCLTGT: SkEnv.includes skenv_tgt (Mod.sk (ModPair.tgt mp))) (SIMMP: ModPair.sim mp) (LESS: SimSymb.le (ModPair.ss mp) ss_link) (SIMSKENV: SimSymb.sim_skenv sm_init ss_link skenv_src skenv_tgt): @@ -129,30 +129,30 @@ Section SIMGE. (PTGT: p_tgt = (ProgPair.tgt pp)) (SSLE: Forall (fun mp => SimSymb.le (ModPair.ss mp) ss_link) pp) (SIMSK: SimSymb.wf ss_link) - (SKSRC: link_sk p_src = Some ss_link.(SimSymb.src)) - (SKTGT: link_sk p_tgt = Some ss_link.(SimSymb.tgt)) - (SKENVSRC: Sk.load_skenv ss_link.(SimSymb.src) = skenv_link_src) - (SKENVTGT: Sk.load_skenv ss_link.(SimSymb.tgt) = skenv_link_tgt) + (SKSRC: link_sk p_src = Some (SimSymb.src ss_link)) + (SKTGT: link_sk p_tgt = Some (SimSymb.tgt ss_link)) + (SKENVSRC: Sk.load_skenv (SimSymb.src ss_link) = skenv_link_src) + (SKENVTGT: Sk.load_skenv (SimSymb.tgt ss_link) = skenv_link_tgt) (WFSKSRC: forall mp (IN: In mp pp), Sk.wf (ModPair.src mp)) (WFSKTGT: forall mp (IN: In mp pp), Sk.wf (ModPair.tgt mp)) - (LOADSRC: Sk.load_mem ss_link.(SimSymb.src) = Some m_src): + (LOADSRC: Sk.load_mem (SimSymb.src ss_link) = Some m_src): exists sm_init, <> + (load_genv p_src (Sk.load_skenv (SimSymb.src ss_link))) + (load_genv p_tgt (Sk.load_skenv (SimSymb.tgt ss_link)))>> /\ <> - /\ <> - /\ <> + /\ <> + /\ <> /\ (<>) - /\ (<>) - /\ (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>) + /\ (<>) + /\ (<>). Proof. - assert(INCLSRC: forall mp (IN: In mp pp), SkEnv.includes skenv_link_src (Mod.sk mp.(ModPair.src))). + assert(INCLSRC: forall mp (IN: In mp pp), SkEnv.includes skenv_link_src (Mod.sk (ModPair.src mp))). { ii. clarify. eapply link_includes; eauto. unfold ProgPair.src. rewrite in_map_iff. esplits; et. } - assert(INCLTGT: forall mp (IN: In mp pp), SkEnv.includes skenv_link_tgt (Mod.sk mp.(ModPair.tgt))). + assert(INCLTGT: forall mp (IN: In mp pp), SkEnv.includes skenv_link_tgt (Mod.sk (ModPair.tgt mp))). { ii. clarify. eapply link_includes; eauto. unfold ProgPair.tgt. rewrite in_map_iff. esplits; et. } clarify. exploit SimSymb.wf_load_sim_skenv; eauto. i; des. rename sm into sm_init. clarify. @@ -160,8 +160,8 @@ Section SIMGE. { rewrite Forall_forall in *. eauto. } unfold load_genv in *. ss. bar. assert(exists msp_sys, - (<>) - /\ (<>) + (<>) + /\ (<>) /\ <> /\ <> /\ (<>)). { exploit SimSymb.system_sim_skenv; eauto. i; des. @@ -190,8 +190,8 @@ Section SIMGE. { ss. } { ss. } i; des. - assert(SIMGE: SimSymb.sim_skenv sm_arg ss_link (System.globalenv (Sk.load_skenv ss_link.(SimSymb.src))) - (System.globalenv (Sk.load_skenv ss_link.(SimSymb.tgt)))). + assert(SIMGE: SimSymb.sim_skenv sm_arg ss_link (System.globalenv (Sk.load_skenv (SimSymb.src ss_link))) + (System.globalenv (Sk.load_skenv (SimSymb.tgt ss_link)))). { eapply SimSymb.mfuture_preserves_sim_skenv; eauto. } hexpl SimSymb.sim_skenv_func_bisim SIMGE0. inv SIMGE0. exploit FUNCFSIM; eauto. i; des. clarify. @@ -414,8 +414,8 @@ Section ADQINIT. exists idx st_init_tgt sm_init, <> /\ (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Proof. ss. inv INITSRC; ss. clarify. rename INITSK into INITSKSRC. rename INITMEM into INITMEMSRC. @@ -433,9 +433,9 @@ Section ADQINIT. i; des. clarify. ss. des_ifs. set(Args.mk (Genv.symbol_address (Sk.load_skenv (SimSymb.src ss_link)) (prog_main (SimSymb.src ss_link)) Ptrofs.zero) - [] sm_init.(SimMem.src)) as args_src in *. + [] (SimMem.src sm_init)) as args_src in *. set(Args.mk (Genv.symbol_address (Sk.load_skenv (SimSymb.tgt ss_link)) (prog_main (SimSymb.tgt ss_link)) Ptrofs.zero) - [] sm_init.(SimMem.tgt)) as args_tgt in *. + [] (SimMem.tgt sm_init)) as args_tgt in *. assert(SIMARGS: SimMem.sim_args args_src args_tgt sm_init). { econs; ss; eauto. - rewrite <- SimMem.sim_val_list_spec. econs; eauto. } @@ -483,9 +483,9 @@ Section ADQSTEP. Variable ss_link: SimSymb.t. Hypothesis (SIMSKENV: exists sm, SimSymb.sim_skenv sm ss_link skenv_link_src skenv_link_tgt). - Hypothesis (INCLSRC: forall mp (IN: In mp pp), SkEnv.includes skenv_link_src (Mod.sk mp.(ModPair.src))). - Hypothesis (INCLTGT: forall mp (IN: In mp pp), SkEnv.includes skenv_link_tgt (Mod.sk mp.(ModPair.tgt))). - Hypothesis (SSLE: forall mp (IN: In mp pp), SimSymb.le mp.(ModPair.ss) ss_link). + Hypothesis (INCLSRC: forall mp (IN: In mp pp), SkEnv.includes skenv_link_src (Mod.sk (ModPair.src mp))). + Hypothesis (INCLTGT: forall mp (IN: In mp pp), SkEnv.includes skenv_link_tgt (Mod.sk (ModPair.tgt mp))). + Hypothesis (SSLE: forall mp (IN: In mp pp), SimSymb.le (ModPair.ss mp) ss_link). Hypothesis (WFKSSRC: forall md (IN: In md (ProgPair.src pp)), <>). Hypothesis (WFKSTGT: forall md (IN: In md (ProgPair.tgt pp)), <>). @@ -701,9 +701,9 @@ Section ADQ. Variable ss_link: SimSymb.t. Hypothesis (SIMSKENV: exists sm, SimSymb.sim_skenv sm ss_link skenv_link_src skenv_link_tgt). - Hypothesis (INCLSRC: forall mp (IN: In mp pp), SkEnv.includes skenv_link_src (Mod.sk mp.(ModPair.src))). - Hypothesis (INCLTGT: forall mp (IN: In mp pp), SkEnv.includes skenv_link_tgt (Mod.sk mp.(ModPair.tgt))). - Hypothesis (SSLE: forall mp (IN: In mp pp), SimSymb.le mp.(ModPair.ss) ss_link). + Hypothesis (INCLSRC: forall mp (IN: In mp pp), SkEnv.includes skenv_link_src (Mod.sk (ModPair.src mp))). + Hypothesis (INCLTGT: forall mp (IN: In mp pp), SkEnv.includes skenv_link_tgt (Mod.sk (ModPair.tgt mp))). + Hypothesis (SSLE: forall mp (IN: In mp pp), SimSymb.le (ModPair.ss mp) ss_link). Hypothesis (WFSKSRC: forall md (IN: In md (ProgPair.src pp)), <>). Hypothesis (WFSKTGT: forall md (IN: In md (ProgPair.tgt pp)), <>). @@ -794,8 +794,8 @@ Definition relate_single (MR: SimMem.class) (SR: SimSymb.class MR) (MP: Sound.cl forall (WF: Sk.wf p_src), exists mp, (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Arguments relate_single : clear implicits. Lemma relate_single_program MR SR MP p_src p_tgt diff --git a/proof/AdequacySound.v b/proof/AdequacySound.v index 60718f99..c737a4c5 100644 --- a/proof/AdequacySound.v +++ b/proof/AdequacySound.v @@ -45,9 +45,9 @@ Section ADQSOUND. Variable ss_link: SimSymb.t. Hypothesis (SIMSKENV: exists sm, SimSymb.sim_skenv sm ss_link skenv_link_src skenv_link_tgt). - Hypothesis INCLSRC: forall mp (IN: In mp pp), SkEnv.includes skenv_link_src (Mod.sk mp.(ModPair.src)). - Hypothesis INCLTGT: forall mp (IN: In mp pp), SkEnv.includes skenv_link_tgt (Mod.sk mp.(ModPair.tgt)). - Hypothesis SSLE: forall mp (IN: In mp pp), SimSymb.le mp.(ModPair.ss) ss_link. + Hypothesis INCLSRC: forall mp (IN: In mp pp), SkEnv.includes skenv_link_src (Mod.sk (ModPair.src mp)). + Hypothesis INCLTGT: forall mp (IN: In mp pp), SkEnv.includes skenv_link_tgt (Mod.sk (ModPair.tgt mp)). + Hypothesis SSLE: forall mp (IN: In mp pp), SimSymb.le (ModPair.ss mp) ss_link. Let WFSKLINKSRC: Sk.wf sk_link_src. eapply link_list_preserves_wf_sk; et. Qed. Let WFSKLINKTGT: Sk.wf sk_link_tgt. eapply link_list_preserves_wf_sk; et. Qed. @@ -56,7 +56,7 @@ Section ADQSOUND. Inductive sound_ge (su0: Sound.t) (m0: mem): Prop := | sound_ge_intro - (GE: Forall (fun ms => su0.(Sound.skenv) m0 ms.(ModSem.skenv) /\ su0.(Sound.skenv) m0 ms.(ModSem.skenv_link)) + (GE: Forall (fun ms => (Sound.skenv su0) m0 ms.(ModSem.skenv) /\ (Sound.skenv su0) m0 ms.(ModSem.skenv_link)) (fst sem_src.(Smallstep.globalenv))) . @@ -211,7 +211,7 @@ Section ADQSOUND. + inv MSFIND. ss. rr in SIMPROG. rewrite Forall_forall in *. des; clarify. { eapply system_local_preservation. } u in MODSEM. rewrite in_map_iff in MODSEM. des; clarify. rename x into md_src. - assert(exists mp, In mp pp /\ mp.(ModPair.src) = md_src). + assert(exists mp, In mp pp /\ (ModPair.src mp) = md_src). { clear - MODSEM0. rr in pp. rr in p_src. subst p_src. rewrite in_map_iff in *. des. eauto. } des. exploit SIMPROG; eauto. intros MPSIM. inv MPSIM. destruct SIMSKENV. exploit SIMMS. diff --git a/proof/Preservation.v b/proof/Preservation.v index c992fa73..ae73e418 100644 --- a/proof/Preservation.v +++ b/proof/Preservation.v @@ -51,7 +51,7 @@ Inductive local_preservation (sound_state: Sound.t -> mem -> ms.(state) -> Prop) (<>) /\ (< mem -> ms.(state) -> Prop) (SUST: sound_state su0 m_arg st0) (FINAL: ms.(ModSem.final_frame) st0 retv), exists su_ret, <> /\ - <> /\ <>) + <> /\ <>) . (* It does not need to show "mle". *) @@ -87,7 +87,7 @@ Inductive local_preservation_noguarantee (sound_state: Sound.t -> mem -> ms.(sta (<>) /\ (< ms.(state) -> Pro , exists su_init, (<>) /\ (<>) - /\ (<>)) + /\ (<>)) (STEP: forall su0 st0 tr st1 (SUST: sound_state su0 st0) (SAFE: ~ ms.(ModSem.is_call) st0 /\ ~ ms.(ModSem.is_return) st0) (STEP: Step ms st0 tr st1), - exists su1, <> /\ <> /\ <>) + exists su1, <> /\ <> /\ <>) (CALL: forall su0 st0 args (SUST: sound_state su0 st0) (AT: ms.(ModSem.at_external) st0 args) @@ -130,26 +130,26 @@ Inductive local_preservation_standard (sound_state: Sound.t -> ms.(state) -> Pro (<>) /\ (<> /\ - (<> /\ <>)>>)) + (<> /\ <>)>>)) (RET: forall su0 st0 retv (SUST: sound_state su0 st0) (FINAL: ms.(ModSem.final_frame) st0 retv), exists su_ret, <> /\ - <> /\ <>) + <> /\ <>) . Theorem local_preservation_standard_spec sound_state (PRSV: local_preservation_standard sound_state): < - <> /\ + <> /\ <> /\ exists su_h, <> /\ sound_state su_h st)>>. Proof. @@ -178,14 +178,14 @@ Inductive local_preservation_strong (sound_state: Sound.t -> ms.(state) -> Prop) (SKENV: Sound.skenv su_init (Args.get_m args) ms.(ModSem.skenv)) (INIT: ms.(ModSem.initial_frame) args st_init) , - <> /\ <>) + <> /\ <>) (STEP: forall su0 st0 tr st1 (SKENV: Sound.skenv su0 st0.(get_mem) ms.(ModSem.skenv)) (SUST: sound_state su0 st0) (SAFE: ~ ms.(ModSem.is_call) st0 /\ ~ ms.(ModSem.is_return) st0) (STEP: Step ms st0 tr st1), - <> /\ <>) + <> /\ <>) (CALL: forall su0 st0 args (SKENV: Sound.skenv su0 st0.(get_mem) ms.(ModSem.skenv)) (SUST: sound_state su0 st0) @@ -198,28 +198,28 @@ Inductive local_preservation_strong (sound_state: Sound.t -> ms.(state) -> Prop) (<>) /\ (<> /\ <>)>>)) + sound_state su0 st1>> /\ <>)>>)) (RET: forall su0 st0 retv (SKENV: Sound.skenv su0 st0.(get_mem) ms.(ModSem.skenv)) (SUST: sound_state su0 st0) (FINAL: ms.(ModSem.final_frame) st0 retv), exists su_ret, <> /\ - <> /\ <>). + <> /\ <>). Theorem local_preservation_strong_spec sound_state (PRSV: local_preservation_strong sound_state): < sound_state su st - /\ su.(Sound.skenv) st.(get_mem) ms.(ModSem.skenv) - /\ su.(Sound.mle) m_init st.(get_mem))>>. + /\ (Sound.skenv su) st.(get_mem) ms.(ModSem.skenv) + /\ (Sound.mle su) m_init st.(get_mem))>>. Proof. inv PRSV. econs; eauto. - i. exploit INIT; et. i; des. esplits; et. eapply Sound.skenv_mle; et. @@ -248,13 +248,13 @@ Inductive local_preservation_strong_horizontal (sound_state: Sound.t -> ms.(stat , exists su_init, (<>) /\ (<>) - /\ (<>)) + /\ (<>)) (STEP: forall su0 st0 tr st1 (SUST: sound_state su0 st0) (SAFE: ~ ms.(ModSem.is_call) st0 /\ ~ ms.(ModSem.is_return) st0) (STEP: Step ms st0 tr st1), - exists su1, <> /\ <> /\ <>) + exists su1, <> /\ <> /\ <>) (CALL: forall su0 st0 args (SUST: sound_state su0 st0) (AT: ms.(ModSem.at_external) st0 args), @@ -264,24 +264,24 @@ Inductive local_preservation_strong_horizontal (sound_state: Sound.t -> ms.(stat (<>) /\ (<> /\ - (<> /\ <>)>>)) + (<> /\ <>)>>)) (RET: forall su0 st0 retv (SUST: sound_state su0 st0) (FINAL: ms.(ModSem.final_frame) st0 retv), exists su_ret, <> /\ - <> /\ <>). + <> /\ <>). Theorem local_preservation_strong_horizontal_spec sound_state (PRSV: local_preservation_strong_horizontal sound_state): < - <> /\ + <> /\ <> /\ exists su_h, <> /\ sound_state su_h st)>>. @@ -310,7 +310,7 @@ Inductive local_preservation_strong_excl (sound_state: Sound.t -> ms.(state) -> (FOOTEXCL: forall su0 st_at m0 m1 m2 (FOOT: has_footprint st_at su0 m0) (MLEEXCL: (mle_excl st_at) su0 m1 m2) - (MLE: su0.(Sound.mle) m0 m1), + (MLE: (Sound.mle su0) m0 m1), <>) (INIT: forall su_init args st_init (SUARG: Sound.args su_init args) @@ -318,13 +318,13 @@ Inductive local_preservation_strong_excl (sound_state: Sound.t -> ms.(state) -> (SKENV: Sound.skenv su_init (Args.get_m args) ms.(ModSem.skenv)) (INIT: ms.(ModSem.initial_frame) args st_init) , - <> /\ <>) + <> /\ <>) (STEP: forall su0 st0 tr st1 (SUST: sound_state su0 st0) (SAFE: ~ ms.(ModSem.is_call) st0 /\ ~ ms.(ModSem.is_return) st0) (STEP: Step ms st0 tr st1), - <> /\ <>) + <> /\ <>) (CALL: forall su0 st0 args (SUST: sound_state su0 st0) (AT: ms.(ModSem.at_external) st0 args), @@ -336,7 +336,7 @@ Inductive local_preservation_strong_excl (sound_state: Sound.t -> ms.(state) -> (<>) /\ (<> /\ <>)>>)) @@ -345,12 +345,12 @@ Inductive local_preservation_strong_excl (sound_state: Sound.t -> ms.(state) -> (SUST: sound_state su0 st0) (FINAL: ms.(ModSem.final_frame) st0 retv), exists su_ret, <> /\ - <> /\ <>). + <> /\ <>). Theorem local_preservation_strong_excl_spec sound_state (PRSV: local_preservation_strong_excl sound_state): - < sound_state su st /\ su.(Sound.mle) m_init st.(get_mem))>>. + < sound_state su st /\ (Sound.mle su) m_init st.(get_mem))>>. Proof. inv PRSV. econs; eauto. - ii. des. exploit STEP; eauto. i; des. esplits; eauto. etrans; eauto. @@ -369,7 +369,7 @@ Inductive local_preservation_strong_horizontal_excl (sound_state: Sound.t -> ms. (FOOTEXCL: forall su0 st_at m0 m1 m2 (FOOT: has_footprint st_at su0 m0) (MLEEXCL: (mle_excl st_at) su0 m1 m2) - (MLE: su0.(Sound.mle) m0 m1), + (MLE: (Sound.mle su0) m0 m1), <>) (INIT: forall su_arg args st_init (SUARG: Sound.args su_arg args) @@ -378,13 +378,13 @@ Inductive local_preservation_strong_horizontal_excl (sound_state: Sound.t -> ms. (INIT: ms.(ModSem.initial_frame) args st_init), exists su_init, (<>) /\ (<>) - /\ (<>)) + /\ (<>)) (STEP: forall su0 st0 tr st1 (SUST: sound_state su0 st0) (SAFE: ~ ms.(ModSem.is_call) st0 /\ ~ ms.(ModSem.is_return) st0) (STEP: Step ms st0 tr st1), - exists su1, <> /\ <> /\ <>) + exists su1, <> /\ <> /\ <>) (CALL: forall su0 st0 args (SUST: sound_state su0 st0) (AT: ms.(ModSem.at_external) st0 args), @@ -395,7 +395,7 @@ Inductive local_preservation_strong_horizontal_excl (sound_state: Sound.t -> ms. (<>) /\ (< ms. (SUST: sound_state su0 st0) (FINAL: ms.(ModSem.final_frame) st0 retv), exists su_ret, <> /\ - <> /\ <>). + <> /\ <>). Theorem local_preservation_strong_horizontal_excl_spec sound_state (PRSV: local_preservation_strong_horizontal_excl sound_state): < - <> /\ + <> /\ <> /\ exists su_h, <> /\ sound_state su_h st)>>. Proof. @@ -440,11 +440,11 @@ End PRSV. Definition system_sound_state `{SU: Sound.class} (ms: ModSem.t): Sound.t -> mem -> System.state -> Prop := fun su m_arg st => match st with - | System.Callstate fptr vs m => su.(Sound.args) (Args.Cstyle fptr vs m) /\ su.(Sound.mle) m_arg m - /\ su.(Sound.skenv) m_arg ms.(ModSem.skenv_link) + | System.Callstate fptr vs m => (Sound.args su) (Args.Cstyle fptr vs m) /\ (Sound.mle su) m_arg m + /\ (Sound.skenv su) m_arg ms.(ModSem.skenv_link) | System.Returnstate v m => - exists su_ret, Sound.hle su su_ret /\ su_ret.(Sound.retv) (Retv.Cstyle v m) /\ su.(Sound.mle) m_arg m - /\ su.(Sound.skenv) m ms.(ModSem.skenv_link) + exists su_ret, Sound.hle su su_ret /\ (Sound.retv su_ret) (Retv.Cstyle v m) /\ (Sound.mle su) m_arg m + /\ (Sound.skenv su) m ms.(ModSem.skenv_link) end. Lemma system_local_preservation diff --git a/proof/SemProps.v b/proof/SemProps.v index 603e86f9..a523d5d9 100644 --- a/proof/SemProps.v +++ b/proof/SemProps.v @@ -481,7 +481,7 @@ Proof. { eapply match_traces_preserved; try apply H0. i. s. congruence. } i; des. esplits; eauto. econs; eauto. + inv H0. esplits; eauto. econs 4; eauto. - - inv H; s; try omega. exploit sr_traces_at; eauto. + - inv H; s; try lia. exploit sr_traces_at; eauto. Qed. Lemma lift_determinate_at @@ -503,7 +503,7 @@ Proof. { econs; et. } i. repeat f_equal. determ_tac ModSem.final_frame_dtm. eapply ModSem.after_external_dtm; et. - ss. inv FINAL. ss. inv STEP; ss; ModSem.tac. - - inv H; s; try omega. exploit sd_traces_at; eauto. + - inv H; s; try lia. exploit sd_traces_at; eauto. Qed. (* Lemma callstate_receptive_at *) @@ -517,7 +517,7 @@ Qed. (* - ii. ss. des_ifs. *) (* + inv H. inv H0. esplits; eauto. econs; eauto. *) (* + inv H. inv MSFIND. ss. *) -(* - ii. inv H. ss. omega. *) +(* - ii. inv H. ss. lia. *) (* Qed. *) (* Lemma callstate_determinate_at *) @@ -541,7 +541,7 @@ Qed. (* - ii. ss. des_ifs. *) (* + inv FINAL. *) (* + inv FINAL. *) -(* - ii. inv H. ss. omega. *) +(* - ii. inv H. ss. lia. *) (* Qed. *) Require Import MemoryC. @@ -591,13 +591,13 @@ Proof. assert(VALID: Mem.valid_block m0 blk_fr). { assert(NEQ: blk_fr <> b). { ii. clarify. clear - LOAD LOADM Heq. eapply Mem_alloc_fresh_perm in Heq. des. - eapply Mem.loadbytes_range_perm in LOAD. unfold Mem.range_perm in LOAD. exploit (LOAD _ofs_fr). omega. i. + eapply Mem.loadbytes_range_perm in LOAD. unfold Mem.range_perm in LOAD. exploit (LOAD _ofs_fr). lia. i. destruct (zeq _ofs_fr 0). - - subst. exploit Mem.perm_drop_2. eauto. instantiate (1 := 0). omega. eauto. i. inv H0. - - eapply NOPERM0. instantiate (1 := _ofs_fr). omega. eapply Mem.perm_drop_4; eauto. + - subst. exploit Mem.perm_drop_2. eauto. instantiate (1 := 0). lia. eauto. i. inv H0. + - eapply NOPERM0. instantiate (1 := _ofs_fr). lia. eapply Mem.perm_drop_4; eauto. } assert(VAL: Mem.valid_block m1 blk_fr). - { clear - LOAD. exploit (Mem.loadbytes_range_perm); eauto. split. eapply Z.le_refl. omega. eapply Mem.perm_valid_block. } + { clear - LOAD. exploit (Mem.loadbytes_range_perm); eauto. split. eapply Z.le_refl. lia. eapply Mem.perm_valid_block. } clear - Heq LOADM NEQ VAL. exploit Mem.drop_perm_valid_block_2; eauto. i. exploit Mem.valid_block_alloc_inv; eauto. i; des; des_ifs. } @@ -615,12 +615,12 @@ Proof. assert(VAL: Mem.valid_block m0 blk_fr). { assert(NEQ: blk_fr <> b). { ii. clarify. clear - LOAD LOADM Heq. eapply Mem_alloc_fresh_perm in Heq. des. - eapply Mem.loadbytes_range_perm in LOAD. unfold Mem.range_perm in LOAD. exploit (LOAD _ofs_fr). omega. i. + eapply Mem.loadbytes_range_perm in LOAD. unfold Mem.range_perm in LOAD. exploit (LOAD _ofs_fr). lia. i. destruct (zeq _ofs_fr 0). - - subst. exploit Mem.perm_drop_2. eauto. instantiate (1 := 0). omega. eauto. i. inv H0. - - eapply NOPERM0. instantiate (1 := _ofs_fr). omega. eapply Mem.perm_drop_4; eauto. } + - subst. exploit Mem.perm_drop_2. eauto. instantiate (1 := 0). lia. eauto. i. inv H0. + - eapply NOPERM0. instantiate (1 := _ofs_fr). lia. eapply Mem.perm_drop_4; eauto. } assert(VAL: Mem.valid_block m1 blk_fr). - { clear - LOAD. exploit (Mem.loadbytes_range_perm); eauto. split. eapply Z.le_refl. omega. eapply Mem.perm_valid_block. } + { clear - LOAD. exploit (Mem.loadbytes_range_perm); eauto. split. eapply Z.le_refl. lia. eapply Mem.perm_valid_block. } clear - Heq LOADM NEQ VAL. exploit Mem.drop_perm_valid_block_2; eauto. i. exploit Mem.valid_block_alloc_inv; eauto. i; des; des_ifs. } @@ -637,7 +637,7 @@ Proof. inv WFM. exploit WFPTR; et. assert(VAL: Mem.valid_block m0 blk_fr). { clear - Heq WFMB FREETHM0 H LOAD. rewrite WFMB in FREETHM0. exploit Mem.alloc_result; eauto. i. subst blk. - eapply Mem.loadbytes_range_perm in LOAD. exploit Mem.perm_valid_block. eapply LOAD. instantiate (1 := _ofs_fr). omega. i. + eapply Mem.loadbytes_range_perm in LOAD. exploit Mem.perm_valid_block. eapply LOAD. instantiate (1 := _ofs_fr). lia. i. unfold Mem.valid_block in *. rewrite <- FREETHM0 in H0. exploit Plt_succ_inv; eauto. i. des; des_ifs. } assert(NVAL: ~ Mem.valid_block m0 blk). { clear - Heq. eauto with mem. } @@ -705,12 +705,12 @@ Proof. des. Ltac break_Z := - try replace 2 with (1 + 1) in * by omega; - try replace 3 with (1 + 1 + 1) in * by omega; - try replace 4 with (1 + 1 + 1 + 1) in * by omega; - try replace 5 with (1 + 1 + 1 + 1 + 1) in * by omega; - try replace 6 with (1 + 1 + 1 + 1 + 1 + 1) in * by omega; - try replace 7 with (1 + 1 + 1 + 1 + 1 + 1 + 1) in * by omega. + try replace 2 with (1 + 1) in * by lia; + try replace 3 with (1 + 1 + 1) in * by lia; + try replace 4 with (1 + 1 + 1 + 1) in * by lia; + try replace 5 with (1 + 1 + 1 + 1 + 1) in * by lia; + try replace 6 with (1 + 1 + 1 + 1 + 1 + 1) in * by lia; + try replace 7 with (1 + 1 + 1 + 1 + 1 + 1 + 1) in * by lia. destruct (classic ((ofs + init_data_size a) <= _ofs_fr)). - exploit IHdts; et; try extlia. @@ -719,13 +719,13 @@ Proof. - clear IHdts LOADB LOADA. rename a into aa. clear RANGE0. Local Opaque Z.add. Local Transparent Mem.loadbytes. rename ofs into ofs_bound. rename _ofs_fr into ofs_mid. - assert(T: ofs_mid < ofs_bound + init_data_size aa) by omega. clear H. + assert(T: ofs_mid < ofs_bound + init_data_size aa) by lia. clear H. destruct aa; ss; try (by exfalso; unfold Mem.loadbytes in *; des_ifs; assert(ofs_mid = ofs_bound \/ ofs_mid = ofs_bound + 1 \/ ofs_mid = ofs_bound + 2 \/ ofs_mid = ofs_bound + 3 \/ ofs_mid = ofs_bound + 4 \/ ofs_mid = ofs_bound + 5 - \/ ofs_mid = ofs_bound + 6 \/ ofs_mid = ofs_bound + 7) by omega; + \/ ofs_mid = ofs_bound + 6 \/ ofs_mid = ofs_bound + 7) by lia; des; subst; try extlia; break_Z; try rewrite ! Z.add_assoc in *; try rewrite H0 in *; ss). + exfalso. unfold Mem.loadbytes in *. des_ifs. rename H0 into P. rename H1 into Q. clear - P Q T RANGE POS. @@ -739,13 +739,13 @@ Proof. { exfalso. unfold Mem.loadbytes in *. des_ifs. assert(ofs_mid = ofs_bound \/ ofs_mid = ofs_bound + 1 \/ ofs_mid = ofs_bound + 2 \/ ofs_mid = ofs_bound + 3 \/ ofs_mid = ofs_bound + 4 \/ ofs_mid = ofs_bound + 5 - \/ ofs_mid = ofs_bound + 6 \/ ofs_mid = ofs_bound + 7) by omega. + \/ ofs_mid = ofs_bound + 6 \/ ofs_mid = ofs_bound + 7) by lia. des; subst; try extlia; break_Z; try rewrite ! Z.add_assoc in *; try rewrite H8 in *; ss. } esplits; et. unfold inj_value in *. ss. unfold Mem.loadbytes in *. des_ifs. assert(ofs_mid = ofs_bound \/ ofs_mid = ofs_bound + 1 \/ ofs_mid = ofs_bound + 2 \/ ofs_mid = ofs_bound + 3 \/ ofs_mid = ofs_bound + 4 \/ ofs_mid = ofs_bound + 5 - \/ ofs_mid = ofs_bound + 6 \/ ofs_mid = ofs_bound + 7) by omega. + \/ ofs_mid = ofs_bound + 6 \/ ofs_mid = ofs_bound + 7) by lia. des; subst; break_Z; try rewrite ! Z.add_assoc in *; try rewrite H8 in *; congruence. Local Opaque Mem.loadbytes. } @@ -816,10 +816,7 @@ Proof. { eapply link_load_skenv_wf_sem_mult; et; try eapply WF; try refl. - { i. uge. ss. rewrite PTree.gempty. ss. } - { econs; et. i. exfalso. clear - LOAD0. eapply Mem.loadbytes_range_perm in LOAD0. - exploit (LOAD0 _ofs_fr0). omega. eapply Mem.perm_empty. - } + { i. uge. ss. } { rr. ii. exfalso. clear - H. unfold Genv.find_def in H. rewrite PTree.gempty in H. des_ifs. } } Qed. diff --git a/proof/SimMem.v b/proof/SimMem.v index cb3abee1..40a77745 100644 --- a/proof/SimMem.v +++ b/proof/SimMem.v @@ -39,60 +39,60 @@ Module SimMem. sim_val: t -> val -> val -> Prop; sim_val_list: t -> list val -> list val -> Prop; le_sim_val: forall mrel0 mrel1 (MLE: le mrel0 mrel1), sim_val mrel0 <2= sim_val mrel1; - sim_val_list_spec: forall sm0, (List.Forall2 sm0.(sim_val) = sm0.(sim_val_list)); + sim_val_list_spec: forall sm0, (List.Forall2 (sim_val sm0) = (sim_val_list sm0)); sim_val_int: forall sm0 v_src v_tgt, sim_val sm0 v_src v_tgt -> forall i, v_src = Vint i -> v_tgt = Vint i; }. Lemma sim_val_list_length `{SM: class} (sm0: t) vs_src vs_tgt - (SIMVS: sm0.(sim_val_list) vs_src vs_tgt): + (SIMVS: (sim_val_list sm0) vs_src vs_tgt): length vs_src = length vs_tgt. Proof. rewrite <- sim_val_list_spec in SIMVS. ginduction SIMVS; ii; ss. congruence. Qed. Definition sim_block `{SM: class} (sm0: t) (blk_src blk_tgt: block): Prop := - sm0.(sim_val) (Vptr blk_src Ptrofs.zero) (Vptr blk_tgt Ptrofs.zero). + (sim_val sm0) (Vptr blk_src Ptrofs.zero) (Vptr blk_tgt Ptrofs.zero). Definition future `{SM: class}: t -> t -> Prop := rtc (lepriv \2/ le). - Definition sim_regset `{SM: class} (sm0: SimMem.t) (rs_src rs_tgt: Asm.regset): Prop := forall pr, sm0.(sim_val) (rs_src pr) (rs_tgt pr). + Definition sim_regset `{SM: class} (sm0: SimMem.t) (rs_src rs_tgt: Asm.regset): Prop := forall pr, (sim_val sm0) (rs_src pr) (rs_tgt pr). Inductive sim_args `{SM: class} (args_src args_tgt: Args.t) (sm0: SimMem.t): Prop := | sim_args_Cstyle fptr_src vs_src m_src fptr_tgt vs_tgt m_tgt (CSRC: args_src = Args.Cstyle fptr_src vs_src m_src) (CTGT: args_tgt = Args.Cstyle fptr_tgt vs_tgt m_tgt) - (FPTR: sm0.(SimMem.sim_val) fptr_src fptr_tgt) - (VALS: sm0.(SimMem.sim_val_list) vs_src vs_tgt) - (MEMSRC: m_src = sm0.(SimMem.src)) - (MEMTGT: m_tgt = sm0.(SimMem.tgt)) + (FPTR: (SimMem.sim_val sm0) fptr_src fptr_tgt) + (VALS: (SimMem.sim_val_list sm0) vs_src vs_tgt) + (MEMSRC: m_src = (SimMem.src sm0)) + (MEMTGT: m_tgt = (SimMem.tgt sm0)) | sim_args_Asmstyle rs_src m_src rs_tgt m_tgt (ASMSRC: args_src = Args.Asmstyle rs_src m_src) (ASMTGT: args_tgt = Args.Asmstyle rs_tgt m_tgt) (RS: (sim_regset sm0) rs_src rs_tgt) - (MEMSRC: m_src = sm0.(SimMem.src)) - (MEMTGT: m_tgt = sm0.(SimMem.tgt)). + (MEMSRC: m_src = (SimMem.src sm0)) + (MEMTGT: m_tgt = (SimMem.tgt sm0)). Inductive sim_retv `{SM: class} (retv_src retv_tgt: Retv.t) (sm0: SimMem.t): Prop := | sim_retv_Cstyle v_src m_src v_tgt m_tgt (CSRC: retv_src = Retv.Cstyle v_src m_src) (CTGT: retv_tgt = Retv.Cstyle v_tgt m_tgt) - (RETV: sm0.(SimMem.sim_val) v_src v_tgt) - (MEMSRC: m_src = sm0.(SimMem.src)) - (MEMTGT: m_tgt = sm0.(SimMem.tgt)) + (RETV: (SimMem.sim_val sm0) v_src v_tgt) + (MEMSRC: m_src = (SimMem.src sm0)) + (MEMTGT: m_tgt = (SimMem.tgt sm0)) | sim_retv_Asmstyle rs_src m_src rs_tgt m_tgt (ASMSRC: retv_src = Retv.Asmstyle rs_src m_src) (ASMTGT: retv_tgt = Retv.Asmstyle rs_tgt m_tgt) (RS: (sim_regset sm0) rs_src rs_tgt) - (MEMSRC: m_src = sm0.(SimMem.src)) - (MEMTGT: m_tgt = sm0.(SimMem.tgt)). + (MEMSRC: m_src = (SimMem.src sm0)) + (MEMTGT: m_tgt = (SimMem.tgt sm0)). Lemma sim_args_sim_fptr `{SM: class}: forall sm0 args_src args_tgt (ARGS: sim_args args_src args_tgt sm0), - sm0.(sim_val) (Args.get_fptr args_src) (Args.get_fptr args_tgt). + (sim_val sm0) (Args.get_fptr args_src) (Args.get_fptr args_tgt). Proof. i. inv ARGS; ss. Qed. Lemma sim_val_list_le diff --git a/proof/SimMemInjC.v b/proof/SimMemInjC.v index 7833a7e4..57ca3da5 100644 --- a/proof/SimMemInjC.v +++ b/proof/SimMemInjC.v @@ -21,20 +21,20 @@ Set Implicit Arguments. Section MEMINJ. Definition update (sm0: t') (src tgt: mem) (inj: meminj): t' := - mk src tgt inj sm0.(src_external) sm0.(tgt_external) sm0.(src_parent_nb) sm0.(tgt_parent_nb) - sm0.(src_ge_nb) sm0.(tgt_ge_nb). + mk src tgt inj (src_external sm0) (tgt_external sm0) (src_parent_nb sm0) (tgt_parent_nb sm0) + (src_ge_nb sm0) (tgt_ge_nb sm0). Hint Unfold update. -(* Notation "sm0 '.(update_tgt)' tgt" := (sm0.(update) sm0.(src) tgt sm0.(inj)) (at level 50). *) -(* Definition update_tgt (sm0: t') (tgt: mem) := (sm0.(update) sm0.(src) tgt sm0.(inj)). *) -(* Definition update_src (sm0: t') (src: mem) := (sm0.(update) src sm0.(tgt) sm0.(inj)). *) +(* Notation "sm0 '.(update_tgt)' tgt" := ((update sm0) (src sm0) tgt (inj sm0)) (at level 50). *) +(* Definition update_tgt (sm0: t') (tgt: mem) := ((update sm0) (src sm0) tgt (inj sm0)). *) +(* Definition update_src (sm0: t') (src: mem) := ((update sm0) src (tgt sm0) (inj sm0)). *) (* Hint Unfold update_src update_tgt. *) Hint Unfold src_private tgt_private valid_blocks. Lemma update_src_private sm0 sm1 - (INJ: sm0.(inj) = sm1.(inj)) - (SRC: sm0.(src).(Mem.nextblock) = sm1.(src).(Mem.nextblock)): + (INJ: (inj sm0) = (inj sm1)) + (SRC: (src sm0).(Mem.nextblock) = (src sm1).(Mem.nextblock)): (src_private sm0) = (src_private (sm1)). Proof. repeat (apply Axioms.functional_extensionality; i). apply prop_ext1. @@ -43,9 +43,9 @@ Qed. Lemma update_tgt_private sm0 sm1 - (SRC: sm0.(src) = sm1.(src)) - (TGT: sm0.(tgt).(Mem.nextblock) = sm1.(tgt).(Mem.nextblock)) - (INJ: sm0.(inj) = sm1.(inj)): + (SRC: (src sm0) = (src sm1)) + (TGT: (tgt sm0).(Mem.nextblock) = (tgt sm1).(Mem.nextblock)) + (INJ: (inj sm0) = (inj sm1)): (tgt_private sm0) = (tgt_private sm1). Proof. repeat (apply Axioms.functional_extensionality; i). apply prop_ext1. @@ -56,9 +56,9 @@ Qed. (* Lemma update_src_private *) (* sm0 m_src *) -(* (NB: sm0.(src).(Mem.nextblock) = m_src.(Mem.nextblock)) *) +(* (NB: (src sm0).(Mem.nextblock) = m_src.(Mem.nextblock)) *) (* : *) -(* sm0.(src_private) = (sm0.(update_src) m_src).(src_private) *) +(* (src_private sm0) = ((update_src sm0) m_src).(src_private) *) (* . *) (* Proof. *) (* repeat (apply Axioms.functional_extensionality; i). apply prop_ext. *) @@ -67,9 +67,9 @@ Qed. (* Lemma update_tgt_private *) (* sm0 m_tgt *) -(* (NB: sm0.(tgt).(Mem.nextblock) = m_tgt.(Mem.nextblock)) *) +(* (NB: (tgt sm0).(Mem.nextblock) = m_tgt.(Mem.nextblock)) *) (* : *) -(* sm0.(tgt_private) = (sm0.(update_tgt) m_tgt).(tgt_private) *) +(* (tgt_private sm0) = ((update_tgt sm0) m_tgt).(tgt_private) *) (* . *) (* Proof. *) (* repeat (apply Axioms.functional_extensionality; i). apply prop_ext. *) @@ -83,20 +83,20 @@ Qed. Inductive lepriv (sm0 sm1: SimMemInj.t'): Prop := | lepriv_intro - (INCR: inject_incr sm0.(inj) sm1.(inj)) - (* (SRCUNCHANGED: Mem.unchanged_on sm0.(src_external) sm0.(src) sm1.(src)) *) - (* (TGTUNCHANGED: Mem.unchanged_on sm0.(tgt_external) sm0.(tgt) sm1.(tgt)) *) - (* (SRCPARENTEQ: sm0.(src_external) = sm1.(src_external)) *) - (* (TGTPARENTEQ: sm0.(tgt_external) = sm1.(tgt_external)) *) - (* (SRCPARENTEQNB: (sm0.(src_parent_nb) <= sm1.(src_parent_nb))%positive) *) - (* (TGTPARENTEQNB: (sm0.(tgt_parent_nb) <= sm1.(tgt_parent_nb))%positive) *) + (INCR: inject_incr (inj sm0) (inj sm1)) + (* (SRCUNCHANGED: Mem.unchanged_on (src_external sm0) (src sm0) (src sm1)) *) + (* (TGTUNCHANGED: Mem.unchanged_on (tgt_external sm0) (tgt sm0) (tgt sm1)) *) + (* (SRCPARENTEQ: (src_external sm0) = (src_external sm1)) *) + (* (TGTPARENTEQ: (tgt_external sm0) = (tgt_external sm1)) *) + (* (SRCPARENTEQNB: ((src_parent_nb sm0) <= (src_parent_nb sm1))%positive) *) + (* (TGTPARENTEQNB: ((tgt_parent_nb sm0) <= (tgt_parent_nb sm1))%positive) *) - (* (SRCPARENTNB: (sm0.(src_ge_nb) <= sm1.(src_parent_nb))%positive) *) - (* (TGTPARENTNB: (sm0.(tgt_ge_nb) <= sm1.(tgt_parent_nb))%positive) *) - (SRCGENB: sm0.(src_ge_nb) = sm1.(src_ge_nb)) - (TGTGENB: sm0.(tgt_ge_nb) = sm1.(tgt_ge_nb)) - (FROZEN: frozen sm0.(inj) sm1.(inj) (sm0.(src_ge_nb)) (sm0.(tgt_ge_nb))). + (* (SRCPARENTNB: ((src_ge_nb sm0) <= (src_parent_nb sm1))%positive) *) + (* (TGTPARENTNB: ((tgt_ge_nb sm0) <= (tgt_parent_nb sm1))%positive) *) + (SRCGENB: (src_ge_nb sm0) = (src_ge_nb sm1)) + (TGTGENB: (tgt_ge_nb sm0) = (tgt_ge_nb sm1)) + (FROZEN: frozen (inj sm0) (inj sm1) ((src_ge_nb sm0)) ((tgt_ge_nb sm0))). Global Program Instance lepriv_PreOrder: RelationClasses.PreOrder lepriv. Next Obligation. @@ -188,26 +188,26 @@ Inductive has_footprint (excl_src excl_tgt: block -> Z -> Prop) (sm0: t'): Prop | has_footprint_intro (FOOTSRC: forall blk ofs (EXCL: excl_src blk ofs), - <>) + <>) (FOOTTGT: forall blk ofs (EXCL: excl_tgt blk ofs), - <>). + <>). Lemma unfree_right sm0 lo hi blk m_tgt0 (MWF: wf' sm0) - (NOPERM: Mem_range_noperm sm0.(tgt) blk lo hi) - (UNFR: Mem_unfree sm0.(tgt) blk lo hi = Some m_tgt0) - (RANGE: brange blk lo hi <2= ~2 sm0.(tgt_external)): + (NOPERM: Mem_range_noperm (tgt sm0) blk lo hi) + (UNFR: Mem_unfree (tgt sm0) blk lo hi = Some m_tgt0) + (RANGE: brange blk lo hi <2= ~2 (tgt_external sm0)): exists sm1, - (* (<>) *) - (<>) - /\ (<>) - /\ (<>) + (* (<>) *) + (<>) + /\ (<>) + /\ (<>) /\ (<>) /\ (<>). Proof. - exists (update (sm0) sm0.(src) m_tgt0 sm0.(inj)). + exists (update (sm0) (src sm0) m_tgt0 (inj sm0)). exploit Mem_unfree_unchanged_on; et. intro UNCH. esplits; u; ss; eauto. - econs; ss; eauto; try (by inv MWF; ss). + inv MWF. eapply Mem_unfree_right_inject; eauto. @@ -250,20 +250,20 @@ End ORIGINALS. Lemma parallel_gen sm0 m_src1 m_tgt1 j1 (WF: wf' sm0) (INJECT: Mem.inject j1 m_src1 m_tgt1) - (INCR: inject_incr sm0.(inj) j1) - (SEP: inject_separated sm0.(inj) j1 sm0.(src) sm0.(tgt)) + (INCR: inject_incr (inj sm0) j1) + (SEP: inject_separated (inj sm0) j1 (src sm0) (tgt sm0)) (UNCHSRC: Mem.unchanged_on - (loc_unmapped sm0.(inj)) - sm0.(src) m_src1) + (loc_unmapped (inj sm0)) + (src sm0) m_src1) (UNCHTGT: Mem.unchanged_on - (loc_out_of_reach sm0.(inj) sm0.(src)) - sm0.(tgt) m_tgt1) + (loc_out_of_reach (inj sm0) (src sm0)) + (tgt sm0) m_tgt1) (MAXSRC: forall b ofs - (VALID: Mem.valid_block sm0.(src) b), - <>) + (VALID: Mem.valid_block (src sm0) b), + <>) (MAXTGT: forall b ofs - (VALID: Mem.valid_block sm0.(tgt) b), - <>): + (VALID: Mem.valid_block (tgt sm0) b), + <>): (< if eq_block blk blk_src then Some (blk_tgt, 0) else sm0.(inj) blk) - sm0.(src_external) sm0.(tgt_external) - sm0.(src_parent_nb) sm0.(tgt_parent_nb) - sm0.(src_ge_nb) sm0.(tgt_ge_nb) + (VALID: Mem.valid_block (tgt sm0) blk_tgt) + (PARENT: ((tgt_parent_nb sm0) <= blk_tgt)%positive): + let sm1 := (mk m_src1 (tgt sm0) + (fun blk => if eq_block blk blk_src then Some (blk_tgt, 0) else (inj sm0) blk) + (src_external sm0) (tgt_external sm0) + (src_parent_nb sm0) (tgt_parent_nb sm0) + (src_ge_nb sm0) (tgt_ge_nb sm0) ) in <> /\ <>. @@ -373,13 +373,13 @@ Qed. Inductive sim_skenv_inj (sm: SimMem.t) (__noname__: SimSymbId.t') (skenv_src skenv_tgt: SkEnv.t): Prop := | sim_skenv_inj_intro - (INJECT: skenv_inject skenv_src sm.(inj)) + (INJECT: skenv_inject skenv_src (inj sm)) (* NOW BELOW IS DERIVABLE FROM WF *) - (* (BOUNDSRC: Ple skenv_src.(Genv.genv_next) sm.(src_parent_nb)) *) - (* (BOUNDTGT: Ple skenv_src.(Genv.genv_next) sm.(tgt_parent_nb)) *) + (* (BOUNDSRC: Ple skenv_src.(Genv.genv_next) (src_parent_nb sm)) *) + (* (BOUNDTGT: Ple skenv_src.(Genv.genv_next) (tgt_parent_nb sm)) *) (SIMSKENV: SimSymbId.sim_skenv skenv_src skenv_tgt) - (NBSRC: skenv_src.(Genv.genv_next) = sm.(src_ge_nb)) - (NBTGT: skenv_tgt.(Genv.genv_next) = sm.(tgt_ge_nb)). + (NBSRC: skenv_src.(Genv.genv_next) = (src_ge_nb sm)) + (NBTGT: skenv_tgt.(Genv.genv_next) = (tgt_ge_nb sm)). Section REVIVE. @@ -442,9 +442,9 @@ Qed. (* - etransitivity; try apply TGTLE; eauto. *) (* Qed. *) Next Obligation. - set (SkEnv.project skenv_link_src ss.(SimSymbId.src)) as skenv_proj_src. + set (SkEnv.project skenv_link_src (SimSymbId.src ss)) as skenv_proj_src. generalize (SkEnv.project_impl_spec INCLSRC); intro LESRC. - set (SkEnv.project skenv_link_tgt ss.(SimSymbId.tgt)) as skenv_proj_tgt. + set (SkEnv.project skenv_link_tgt (SimSymbId.tgt ss)) as skenv_proj_tgt. generalize (SkEnv.project_impl_spec INCLTGT); intro LETGT. exploit SimSymbId.sim_skenv_monotone; try apply SIMSKENV; eauto. i; des. inv SIMSKENV. inv LESRC. inv LETGT. econs; eauto. inv INJECT. econs; ii; eauto. @@ -506,7 +506,7 @@ Local Existing Instance SimSymbId. Lemma sim_skenv_symbols_inject sm0 ss0 skenv_src skenv_tgt (SIMSKE: SimSymb.sim_skenv sm0 ss0 skenv_src skenv_tgt): - symbols_inject sm0.(SimMemInj.inj) skenv_src skenv_tgt. + symbols_inject (SimMemInj.inj sm0) skenv_src skenv_tgt. Proof. inv SIMSKE. inv SIMSKENV. inv INJECT. rr. esplits; ss. + i. exploit Genv.genv_symb_range; eauto. intro NB. exploit DOMAIN; eauto. i ;des. clarify. @@ -532,9 +532,9 @@ Section JUNK. Lemma inject_junk_blocks_tgt sm0 n m_tgt0 (MWF: SimMem.wf sm0) - (JUNKTGT: assign_junk_blocks sm0.(SimMem.tgt) n = m_tgt0): + (JUNKTGT: assign_junk_blocks (SimMem.tgt sm0) n = m_tgt0): exists sm1, - (<>) /\ + (<>) /\ (<>) /\ (<>) /\ (<>) /\ @@ -567,10 +567,10 @@ Definition inject_junk_blocks (m_src0 m_tgt0: mem) (n: nat) (j: meminj): meminj Lemma inject_junk_blocks_parallel sm0 n m_tgt0 (MWF: SimMem.wf sm0) - (JUNKTGT: assign_junk_blocks sm0.(SimMem.tgt) n = m_tgt0): + (JUNKTGT: assign_junk_blocks (SimMem.tgt sm0) n = m_tgt0): exists sm1, - (<>) /\ + (<>) /\ (<>) /\ (<>) /\ (<>) /\ @@ -653,12 +653,12 @@ End JUNK. Lemma Mem_free_parallel' sm0 blk_src blk_tgt ofs_src ofs_tgt sz m_src0 (MWF: wf' sm0) - (VAL: Val.inject sm0.(inj) (Vptr blk_src ofs_src) (Vptr blk_tgt ofs_tgt)) - (FREESRC: Mem.free sm0.(src) blk_src (Ptrofs.unsigned ofs_src) (Ptrofs.unsigned (ofs_src) + sz) = Some m_src0): + (VAL: Val.inject (inj sm0) (Vptr blk_src ofs_src) (Vptr blk_tgt ofs_tgt)) + (FREESRC: Mem.free (src sm0) blk_src (Ptrofs.unsigned ofs_src) (Ptrofs.unsigned (ofs_src) + sz) = Some m_src0): exists sm1, - (<>) - /\ (<>) - /\ (<>) + (<>) + /\ (<>) + /\ (<>) /\ (<>) /\ (<>). Proof. @@ -740,8 +740,8 @@ Qed. Lemma external_call_parallel_rule_simmem (F V: Type) (ge0: Genv.t F V) sm_at sm_after P - (SEP: sm_at.(SimMem.tgt) |= (minjection sm_at.(SimMemInj.inj) sm_at.(SimMem.src)) - ** globalenv_inject ge0 sm_at.(SimMemInj.inj) ** P) + (SEP: (SimMem.tgt sm_at) |= (minjection (SimMemInj.inj sm_at) (SimMem.src sm_at)) + ** globalenv_inject ge0 (SimMemInj.inj sm_at) ** P) sm_arg sm_ret (MWF: SimMem.wf sm_at) (MWF0: SimMem.wf sm_arg) @@ -756,8 +756,8 @@ Lemma external_call_parallel_rule_simmem (PRIV1: (SimMemInj.tgt_private sm_ret) = (SimMemInj.tgt_private sm_after)) (UNCH0: Mem.unchanged_on (SimMemInj.tgt_private sm_arg) (SimMemInj.tgt sm_at) (SimMemInj.tgt sm_arg)) (UNCH1: Mem.unchanged_on (SimMemInj.tgt_private sm_arg) (SimMemInj.tgt sm_ret) (SimMemInj.tgt sm_after)): - <>. + <>. Proof. (* See external_call_parallel_rule *) destruct SEP as (A & B & C). simpl in A. diff --git a/proof/SimMemLift.v b/proof/SimMemLift.v index 8100da92..97ac5f01 100644 --- a/proof/SimMemLift.v +++ b/proof/SimMemLift.v @@ -32,10 +32,10 @@ Module SimMemLift. unlift: SimMem.t -> SimMem.t -> SimMem.t; lift_wf: forall mrel, SimMem.wf mrel -> SimMem.wf (lift mrel); - lift_src: forall mrel, (lift mrel).(SimMem.src) = mrel.(SimMem.src); - lift_tgt: forall mrel, (lift mrel).(SimMem.tgt) = mrel.(SimMem.tgt); - unlift_src: forall mrel0 mrel1, (unlift mrel0 mrel1).(SimMem.src) = mrel1.(SimMem.src); - unlift_tgt: forall mrel0 mrel1, (unlift mrel0 mrel1).(SimMem.tgt) = mrel1.(SimMem.tgt); + lift_src: forall mrel, (SimMem.src (lift mrel)) = (SimMem.src mrel); + lift_tgt: forall mrel, (SimMem.tgt (lift mrel)) = (SimMem.tgt mrel); + unlift_src: forall mrel0 mrel1, (SimMem.src (unlift mrel0 mrel1)) = (SimMem.src mrel1); + unlift_tgt: forall mrel0 mrel1, (SimMem.tgt (unlift mrel0 mrel1)) = (SimMem.tgt mrel1); lift_spec: forall mrel0 mrel1, SimMem.le (lift mrel0) mrel1 -> SimMem.wf mrel0 -> SimMem.le mrel0 (unlift mrel0 mrel1); unlift_wf: forall mrel0 mrel1, SimMem.wf mrel0 -> SimMem.wf mrel1 -> SimMem.le (lift mrel0) mrel1 -> SimMem.wf (unlift mrel0 mrel1); diff --git a/proof/SimMod.v b/proof/SimMod.v index ef1eac95..c9ed8121 100644 --- a/proof/SimMod.v +++ b/proof/SimMod.v @@ -37,21 +37,21 @@ Context `{SM: SimMem.class} {SS: SimSymb.class SM} {SU: Sound.class}. }. Definition to_msp (skenv_link_src skenv_link_tgt: SkEnv.t) (sm: SimMem.t) (mp: t): ModSemPair.t := - ModSemPair.mk (Mod.modsem (mp.(src)) skenv_link_src) (Mod.modsem (mp.(tgt)) skenv_link_tgt) mp.(ss) sm. + ModSemPair.mk (Mod.modsem ((src mp)) skenv_link_src) (Mod.modsem ((tgt mp)) skenv_link_tgt) (ss mp) sm. (* TODO: Actually, ModPair can have idx/ord and transfer it to ModSemPair. *) (* Advantage: We can unify ord at Mod state. *) Inductive sim (mp: t): Prop := | sim_intro - (SIMSK: SimSymb.wf mp.(ss)) - (SKSRC: mp.(ss).(SimSymb.src) = (Mod.sk mp.(src))) - (SKTGT: mp.(ss).(SimSymb.tgt) = (Mod.sk mp.(tgt))) + (SIMSK: SimSymb.wf (ss mp)) + (SKSRC: (SimSymb.src mp.(ss)) = (Mod.sk (src mp))) + (SKTGT: (SimSymb.tgt mp.(ss)) = (Mod.sk (tgt mp))) (SIMMS: forall skenv_link_src skenv_link_tgt ss_link sm_init_link - (INCLSRC: SkEnv.includes skenv_link_src (Mod.sk mp.(src))) - (INCLTGT: SkEnv.includes skenv_link_tgt (Mod.sk mp.(tgt))) + (INCLSRC: SkEnv.includes skenv_link_src (Mod.sk (src mp))) + (INCLTGT: SkEnv.includes skenv_link_tgt (Mod.sk (tgt mp))) (WFSRC: SkEnv.wf skenv_link_src) (WFTGT: SkEnv.wf skenv_link_tgt) - (SSLE: SimSymb.le mp.(ss) ss_link) + (SSLE: SimSymb.le (ss mp) ss_link) (SIMSKENVLINK: SimSymb.sim_skenv sm_init_link ss_link skenv_link_src skenv_link_tgt), <>). diff --git a/proof/SimModSemLift.v b/proof/SimModSemLift.v index 7bf3db1a..0678610f 100644 --- a/proof/SimModSemLift.v +++ b/proof/SimModSemLift.v @@ -130,7 +130,7 @@ Section SIMMODSEM. (* (FINALTGT: ms_tgt.(final_frame) rs_init_tgt st_tgt0 rs_ret_tgt m_ret_tgt) *) (* , *) (* exists rs_ret_src m_ret_src, *) - (* (<>) *) + (* (<>) *) (* /\ (<>)) *) (FINALSRC: ms_src.(final_frame) st_src0 retv_src) (FINALTGT: ms_tgt.(final_frame) st_tgt0 retv_tgt) diff --git a/proof/SimModSemSR.v b/proof/SimModSemSR.v index 1d701bbe..c560106c 100644 --- a/proof/SimModSemSR.v +++ b/proof/SimModSemSR.v @@ -30,8 +30,8 @@ Section SIMMODSEM. Variable sound_states: ms_src.(state) -> Prop. (* Record mem_compat (st_src0: ms_src.(state)) (st_tgt0: ms_tgt.(state)) (sm0: SimMem.t): Prop := { *) - (* mcompat_src: <>; *) - (* mcompat_tgt: <>; *) + (* mcompat_src: <>; *) + (* mcompat_tgt: <>; *) (* } *) (* . *) @@ -101,19 +101,19 @@ Section SIMMODSEM. (* m_arg_src m_arg_tgt *) (* (ATSRC: ms_src.(at_external) st_src0 rs_arg_src m_arg_src) *) (* (ATTGT: ms_tgt.(at_external) st_tgt0 rs_arg_tgt m_arg_tgt) *) - (* (RSREL: sm0.(SimMem.sim_regset) rs_arg_src rs_arg_tgt) *) + (* (RSREL: (SimMem.sim_regset sm0) rs_arg_src rs_arg_tgt) *) (* (VALID: SimMem.wf sm0) *) (* (AFTER: forall *) (* sm1 rs_ret_src rs_ret_tgt *) (* (MLE: SimMem.le (SimMem.lift sm0) sm1) *) (* (VALID: SimMem.wf sm1) *) - (* (RETVREL: sm1.(SimMem.sim_regset) rs_ret_src rs_ret_tgt) *) + (* (RETVREL: (SimMem.sim_regset sm1) rs_ret_src rs_ret_tgt) *) (* st_tgt1 *) - (* (AFTERTGT: ms_tgt.(after_external) st_tgt0 rs_arg_tgt rs_ret_tgt sm1.(SimMem.tgt) *) + (* (AFTERTGT: ms_tgt.(after_external) st_tgt0 rs_arg_tgt rs_ret_tgt (SimMem.tgt sm1) *) (* st_tgt1) *) (* , *) (* exists i1 st_src1, *) - (* (<>) *) (* /\ *) (* (<>)) *) @@ -159,7 +159,7 @@ Section SIMMODSEM. (* (FINALTGT: ms_tgt.(final_frame) rs_init_tgt st_tgt0 rs_ret_tgt m_ret_tgt) *) (* , *) (* exists rs_ret_src m_ret_src, *) - (* (<>) *) + (* (<>) *) (* /\ (<>)) *) (FINALSRC: ms_src.(final_frame) st_src0 retv_src) (FINALTGT: ms_tgt.(final_frame) st_tgt0 retv_tgt) diff --git a/proof/SimProg.v b/proof/SimProg.v index 79a2bcb9..fe71b83c 100644 --- a/proof/SimProg.v +++ b/proof/SimProg.v @@ -37,8 +37,8 @@ Context `{SM: SimMem.class} {SS: SimSymb.class SM} {SU: Sound.class}. (* Definition ss_link (pp: t): option SimSymb.t := link_list (List.map ModPair.ss pp). *) (* ############ TODO: *) - (* ModPair.wf mp0 /\ ModPair.wf mp1 /\ link mp0.(src) mp1.(src) = Some /\ link mp1.(tgt) mp1.(tgt) = Some *) - (* =================> link mp0.(ss) mp1.(ss) suceeds. *) + (* ModPair.wf mp0 /\ ModPair.wf mp1 /\ link (src mp0) (src mp1) = Some /\ link (tgt mp1) (tgt mp1) = Some *) + (* =================> link (ss mp0) (ss mp1) suceeds. *) (* Move ModPair.wf into SimSymb and obligate its proof? *) End PROGPAIR. @@ -69,9 +69,9 @@ Context `{SM: SimMem.class} {SS: SimSymb.class SM} {SU: Sound.class}. exists ss_link sk_link_tgt, <> /\ <> - /\ <> - /\ <> - /\ < (SimSymb.le mp.(ModPair.ss) ss_link)) pp>>. + /\ <> + /\ <> + /\ < (SimSymb.le (ModPair.ss mp) ss_link)) pp>>. Proof. u. subst_locals. ginduction pp; ii; ss. destruct a; ss. unfold ProgPair.src in *. unfold link_sk in *. ss. destruct (classic (t = [])). diff --git a/proof/SimSymb.v b/proof/SimSymb.v index c956590e..631d0265 100644 --- a/proof/SimSymb.v +++ b/proof/SimSymb.v @@ -39,21 +39,21 @@ Module SimSymb. wf: t -> Prop; wf_preserves_wf: forall ss0 (SIMSK: wf ss0) - (WFSRC: Sk.wf ss0.(src)), - <>; + (WFSRC: Sk.wf (src ss0)), + <>; wf_link: forall ss0 ss1 sk_src (SIMSK: wf ss0) (SIMSK: wf ss1) - (LINKSRC: link ss0.(src) ss1.(src) = Some sk_src) - (WFSRC0: Sk.wf ss0.(src)) - (WFSRC1: Sk.wf ss1.(src)) - (WFTGT0: Sk.wf ss0.(tgt)) - (WFTGT1: Sk.wf ss1.(tgt)), + (LINKSRC: link (src ss0) (src ss1) = Some sk_src) + (WFSRC0: Sk.wf (src ss0)) + (WFSRC1: Sk.wf (src ss1)) + (WFTGT0: Sk.wf (tgt ss0)) + (WFTGT1: Sk.wf (tgt ss1)), exists ss sk_tgt, - <> /\ - <> /\ - <> /\ + <> /\ + <> /\ + <> /\ <> /\ <> /\ <>; @@ -66,17 +66,17 @@ Module SimSymb. wf_load_sim_skenv: forall ss skenv_src skenv_tgt m_src (SIMSK: wf ss) - (LOADSRC: (Sk.load_skenv ss.(src)) = skenv_src) - (LOADTGT: (Sk.load_skenv ss.(tgt)) = skenv_tgt) - (LOADMEMSRC: (Sk.load_mem ss.(src)) = Some m_src), + (LOADSRC: (Sk.load_skenv (src ss)) = skenv_src) + (LOADTGT: (Sk.load_skenv (tgt ss)) = skenv_tgt) + (LOADMEMSRC: (Sk.load_mem (src ss)) = Some m_src), exists m_tgt sm, - (<>) /\ + (<>) /\ (<>) /\ - (<>) /\ - (<>) /\ - (<>) /\ - (<>); + (<>) /\ + (<>) /\ + (<>) /\ + (<>); mlepriv_preserves_sim_skenv: forall sm0 sm1 ss skenv_src skenv_tgt (MLE: SimMem.lepriv sm0 sm1) @@ -91,15 +91,15 @@ Module SimSymb. (SIMSKENV: sim_skenv sm ss_link skenv_link_src skenv_link_tgt) (SIMSK: wf ss) (LE: le ss ss_link) - (INCLSRC: SkEnv.includes skenv_link_src ss.(src)) - (INCLTGT: SkEnv.includes skenv_link_tgt ss.(tgt)) - (LESRC: SkEnv.project skenv_link_src ss.(src) = skenv_src) - (LETGT: SkEnv.project skenv_link_tgt ss.(tgt) = skenv_tgt), + (INCLSRC: SkEnv.includes skenv_link_src (src ss)) + (INCLTGT: SkEnv.includes skenv_link_tgt (tgt ss)) + (LESRC: SkEnv.project skenv_link_src (src ss) = skenv_src) + (LETGT: SkEnv.project skenv_link_tgt (tgt ss) = skenv_tgt), <>; sim_skenv_func_bisim: forall sm ss skenv_src skenv_tgt (SIMSKENV: sim_skenv sm ss skenv_src skenv_tgt), - <>; + <>; system_sim_skenv: forall sm ss skenv_src skenv_tgt (SIMSKENV: sim_skenv sm ss skenv_src skenv_tgt), @@ -148,7 +148,7 @@ Module SimSymb. `{SM: SimMem.class} `{SS: @class SM} ss0 sm0 skd v_src v_tgt skenv_link_src skenv_link_tgt (SIMSKENV: sim_skenv sm0 ss0 skenv_link_src skenv_link_tgt) - (SIMV: sm0.(SimMem.sim_val) v_src v_tgt) + (SIMV: (SimMem.sim_val sm0) v_src v_tgt) (FIND: Genv.find_funct skenv_link_src v_src = Some skd): Genv.find_funct skenv_link_tgt v_tgt = Some skd. Proof. exploit SimSymb.sim_skenv_func_bisim; eauto. i; des. inv H. exploit FUNCFSIM; eauto. i; des. clarify. Qed. diff --git a/proof/SimSymbDrop.v b/proof/SimSymbDrop.v index 651adf9f..8aa95b4a 100644 --- a/proof/SimSymbDrop.v +++ b/proof/SimSymbDrop.v @@ -40,27 +40,27 @@ Inductive wf (ss: t'): Prop := | sim_sk_intro (KEPT: forall id (KEPT: ~ ss id), - (prog_defmap ss.(tgt)) ! id = (prog_defmap ss.(src)) ! id) + (prog_defmap (tgt ss)) ! id = (prog_defmap (src ss)) ! id) (DROP: forall id (DROP: ss id), - (prog_defmap ss.(tgt)) ! id = None) + (prog_defmap (tgt ss)) ! id = None) (* (SIMSK: forall *) (* id *) (* , *) (* sk_tgt.(prog_defmap) ! id = if ss id then None else sk_src.(prog_defmap) ! id) *) - (CLOSED: ss <1= (privs ss.(src))) - (PUB: ss.(src).(prog_public) = ss.(tgt).(prog_public)) - (MAIN: ss.(src).(prog_main) = ss.(tgt).(prog_main)) + (CLOSED: ss <1= (privs (src ss))) + (PUB: (src ss).(prog_public) = (tgt ss).(prog_public)) + (MAIN: (src ss).(prog_main) = (tgt ss).(prog_main)) (NOREF: forall id gv - (PROG: (prog_defmap ss.(tgt)) ! id = Some (Gvar gv)), + (PROG: (prog_defmap (tgt ss)) ! id = Some (Gvar gv)), <>) - (NODUP: NoDup (prog_defs_names ss.(tgt))) - (NOMAIN: ~ ss ss.(src).(prog_main)). + (NODUP: NoDup (prog_defs_names (tgt ss))) + (NOMAIN: ~ ss (src ss).(prog_main)). Inductive sim_skenv (sm0: SimMem.t) (ss: t') (skenv_src skenv_tgt: SkEnv.t): Prop := | sim_skenv_intro (SIMSYMB1: forall id blk_src blk_tgt delta - (SIMVAL: sm0.(SimMemInj.inj) blk_src = Some (blk_tgt, delta)) + (SIMVAL: (SimMemInj.inj sm0) blk_src = Some (blk_tgt, delta)) (BLKSRC: (Genv.find_symbol skenv_src) id = Some blk_src), (<>) /\ (<>) /\ @@ -70,26 +70,26 @@ Inductive sim_skenv (sm0: SimMem.t) (ss: t') (skenv_src skenv_tgt: SkEnv.t): Pro (BLKSRC: (Genv.find_symbol skenv_src) id = Some blk_src), exists blk_tgt, (<>) /\ - (<>)) + (<>)) (SIMSYMB3: forall id blk_tgt (BLKTGT: (Genv.find_symbol skenv_tgt) id = Some blk_tgt), exists blk_src, (<>) /\ - (<>)) - (* /\ <> <---------- This can be obtained via SIMSYMB1. *) + (<>)) + (* /\ <> <---------- This can be obtained via SIMSYMB1. *) (SIMDEF: forall blk_src blk_tgt delta def_src - (SIMVAL: sm0.(SimMemInj.inj) blk_src = Some (blk_tgt, delta)) + (SIMVAL: (SimMemInj.inj sm0) blk_src = Some (blk_tgt, delta)) (DEFSRC: (Genv.find_def skenv_src) blk_src = Some def_src), exists def_tgt, (<>) /\ (<>) /\ (<>)) (DISJ: forall id blk_src0 blk_src1 blk_tgt (SYMBSRC: Genv.find_symbol skenv_src id = Some blk_src0) - (SIMVAL0: sm0.(SimMemInj.inj) blk_src0 = Some (blk_tgt, 0)) - (SIMVAL1: sm0.(SimMemInj.inj) blk_src1 = Some (blk_tgt, 0)), + (SIMVAL0: (SimMemInj.inj sm0) blk_src0 = Some (blk_tgt, 0)) + (SIMVAL1: (SimMemInj.inj sm0) blk_src1 = Some (blk_tgt, 0)), blk_src0 = blk_src1) (SIMDEFINV: forall blk_src blk_tgt delta def_tgt - (SIMVAL: sm0.(SimMemInj.inj) blk_src = Some (blk_tgt, delta)) + (SIMVAL: (SimMemInj.inj sm0) blk_src = Some (blk_tgt, delta)) (DEFTGT: (Genv.find_def skenv_tgt) blk_tgt = Some def_tgt), exists def_src, (<>) /\ (<>) /\ @@ -97,15 +97,15 @@ Inductive sim_skenv (sm0: SimMem.t) (ss: t') (skenv_src skenv_tgt: SkEnv.t): Pro (PUBKEPT: (fun id => In id skenv_src.(Genv.genv_public)) <1= ~1 ss) (PUB: skenv_src.(Genv.genv_public) = skenv_tgt.(Genv.genv_public)) (* NOW BELOW IS DERIVABLE FROM WF *) - (* (BOUNDSRC: Ple skenv_src.(Genv.genv_next) sm0.(src_parent_nb)) *) - (* (BOUNDTGT: Ple skenv_tgt.(Genv.genv_next) sm0.(tgt_parent_nb)) *) - (NBSRC: skenv_src.(Genv.genv_next) = sm0.(src_ge_nb)) - (NBTGT: skenv_tgt.(Genv.genv_next) = sm0.(tgt_ge_nb)). + (* (BOUNDSRC: Ple skenv_src.(Genv.genv_next) (src_parent_nb sm0)) *) + (* (BOUNDTGT: Ple skenv_tgt.(Genv.genv_next) (tgt_parent_nb sm0)) *) + (NBSRC: skenv_src.(Genv.genv_next) = (src_ge_nb sm0)) + (NBTGT: skenv_tgt.(Genv.genv_next) = (tgt_ge_nb sm0)). Theorem sim_skenv_symbols_inject sm0 ss0 skenv_src skenv_tgt (SIMSKENV: sim_skenv sm0 ss0 skenv_src skenv_tgt): - <>. + <>. Proof. { clear - SIMSKENV. inv SIMSKENV; ss. rr. esplits; ii; ss. - unfold Genv.public_symbol. rewrite <- PUB. @@ -128,7 +128,7 @@ Qed. Definition sim_skenv_splittable (sm0: SimMem.t) (ss: t') (skenv_src skenv_tgt: SkEnv.t): Prop := (<>) /\ (<>) /\ @@ -138,36 +138,36 @@ Definition sim_skenv_splittable (sm0: SimMem.t) (ss: t') (skenv_src skenv_tgt: S (BLKSRC: (Genv.find_symbol skenv_src) id = Some blk_src), exists blk_tgt, (<>) /\ - (<>)>>) /\ + (<>)>>) /\ (<>) /\ - (<>)>>) /\ - (* /\ <> <---------- This can be obtained via SIMSYMB1. *) + (<>)>>) /\ + (* /\ <> <---------- This can be obtained via SIMSYMB1. *) (<>) /\ (<>) /\ (<>)>>) /\ (<>) /\ (<>) /\ (<>) /\ (<>)>>) /\ (< In id skenv_src.(Genv.genv_public)) <1= ~1 ss>>) /\ (<>) /\ - (* /\ (<>) *) - (* /\ (<>) *) - (<>) /\ - (<>). + (* /\ (<>) *) + (* /\ (<>) *) + (<>) /\ + (<>). Theorem sim_skenv_splittable_spec: (sim_skenv_splittable <4= sim_skenv) /\ (sim_skenv <4= sim_skenv_splittable). @@ -180,9 +180,9 @@ Inductive le (ss0: t') (ss1: t'): Prop := (LE: ss0 <1= ss1) (OUTSIDE: forall id (IN: (ss1 -1 ss0) id), - <> /\ <>) - (SKLESRC: linkorder ss0.(src) ss1.(src)) - (SKLETGT: linkorder ss0.(tgt) ss1.(tgt)) + <> /\ <>) + (SKLESRC: linkorder (src ss0) (src ss1)) + (SKLETGT: linkorder (tgt ss0) (tgt ss1)) . Lemma linkorder_defs @@ -209,7 +209,6 @@ Proof. - generalize dependent H. eapply PTree_Properties.fold_rec; ii; ss; clarify. + eapply H0; eauto. erewrite H; eauto. - + erewrite PTree.gempty in H0. ss. + des_ifs. rewrite PTree.gsspec in *. des_ifs. eapply H1; eauto. - eapply PTree_Properties.fold_rec; ii; ss; clarify. des_ifs. contradict H. ii. eapply H; eauto. @@ -233,13 +232,13 @@ Let init_meminj (sk_src sk_tgt:Sk.t) : meminj := Remark init_meminj_invert ss b b' delta - (INJ: (init_meminj ss.(src) ss.(tgt)) b = Some(b', delta)) + (INJ: (init_meminj (src ss) (tgt ss)) b = Some(b', delta)) (SIMSK: wf ss): - delta = 0 /\ exists id, Genv.find_symbol (Sk.load_skenv ss.(src)) id = Some b /\ Genv.find_symbol (Sk.load_skenv ss.(tgt)) id = Some b' /\ ~ ss id. + delta = 0 /\ exists id, Genv.find_symbol (Sk.load_skenv (src ss)) id = Some b /\ Genv.find_symbol (Sk.load_skenv (tgt ss)) id = Some b' /\ ~ ss id. Proof. unfold init_meminj in *; intros. - destruct (Genv.invert_symbol (Sk.load_skenv ss.(src)) b) as [id|] eqn:S; try discriminate. - destruct (Genv.find_symbol (Sk.load_skenv ss.(tgt)) id) as [b''|] eqn:F; inv INJ. + destruct (Genv.invert_symbol (Sk.load_skenv (src ss)) b) as [id|] eqn:S; try discriminate. + destruct (Genv.find_symbol (Sk.load_skenv (tgt ss)) id) as [b''|] eqn:F; inv INJ. split. auto. exists id. split. apply Genv.invert_find_symbol; auto. split. auto. ii. unfold Sk.load_skenv in *. apply Genv.find_symbol_inversion in F. apply prog_defmap_dom in F. des. inv SIMSK. apply DROP in H. congruence. @@ -247,10 +246,10 @@ Qed. Remark init_meminj_eq ss id b b' - (SYMBOL: Genv.find_symbol (Sk.load_skenv ss.(src)) id = Some b) - (SYMBOL2: Genv.find_symbol (Sk.load_skenv ss.(tgt)) id = Some b') + (SYMBOL: Genv.find_symbol (Sk.load_skenv (src ss)) id = Some b) + (SYMBOL2: Genv.find_symbol (Sk.load_skenv (tgt ss)) id = Some b') (SIMSK: wf ss): - (init_meminj ss.(src) ss.(tgt)) b = Some(b', 0). + (init_meminj (src ss) (tgt ss)) b = Some(b', 0). Proof. intros. unfold init_meminj. erewrite Genv.find_invert_symbol by eauto. rewrite SYMBOL2. auto. Qed. @@ -258,13 +257,13 @@ Qed. Lemma init_mem_exists ss m_src (SIMSK: wf ss) - (LOADMEMSRC: Sk.load_mem ss.(src) = Some m_src): - exists m_tgt, Sk.load_mem ss.(tgt) = Some m_tgt. + (LOADMEMSRC: Sk.load_mem (src ss) = Some m_src): + exists m_tgt, Sk.load_mem (tgt ss) = Some m_tgt. Proof. inv SIMSK. unfold Sk.load_mem in *. apply Genv.init_mem_exists. i. - assert (P: (prog_defmap ss.(tgt))!id = Some (Gvar v)). + assert (P: (prog_defmap (tgt ss))!id = Some (Gvar v)). { eapply prog_defmap_norepet; eauto. apply NoDup_norepet. ss. } - assert (Q: (prog_defmap ss.(src)) ! id = Some (Gvar v)). + assert (Q: (prog_defmap (src ss)) ! id = Some (Gvar v)). { rewrite <- KEPT; ss. ii. rewrite DROP in P; ss. } exploit Genv.init_mem_inversion; eauto. apply in_prog_defmap; eauto. intros [AL FV]. split; auto. intros. exploit FV; eauto. intros (b & FS). @@ -275,38 +274,38 @@ Qed. Lemma init_meminj_simskenv ss m_src m_tgt - (LOADMEMSRC: Sk.load_mem ss.(src) = Some m_src) - (LOADMEMTGT: Sk.load_mem ss.(tgt) = Some m_tgt) + (LOADMEMSRC: Sk.load_mem (src ss) = Some m_src) + (LOADMEMTGT: Sk.load_mem (tgt ss) = Some m_tgt) (SIMSK: wf ss) - : sim_skenv (SimMemInj.mk m_src m_tgt (init_meminj ss.(src) ss.(tgt)) bot2 bot2 (Mem.nextblock m_src) (Mem.nextblock m_tgt) + : sim_skenv (SimMemInj.mk m_src m_tgt (init_meminj (src ss) (tgt ss)) bot2 bot2 (Mem.nextblock m_src) (Mem.nextblock m_tgt) (Mem.nextblock m_src) (Mem.nextblock m_tgt)) - ss (Sk.load_skenv ss.(src)) (Sk.load_skenv ss.(tgt)). + ss (Sk.load_skenv (src ss)) (Sk.load_skenv (tgt ss)). Proof. econs; ss; i; try (by inv SIMSK; erewrite Genv.init_mem_genv_next; eauto). - exploit init_meminj_invert; eauto. intros (A & id1 & B & C & D). - assert (id1 = id) by (eapply (Genv.genv_vars_inj (Sk.load_skenv ss.(src))); eauto). subst id1. esplits; auto. - - assert(exists blk_tgt : block, Genv.find_symbol (Sk.load_skenv ss.(tgt)) id = Some blk_tgt). + assert (id1 = id) by (eapply (Genv.genv_vars_inj (Sk.load_skenv (src ss))); eauto). subst id1. esplits; auto. + - assert(exists blk_tgt : block, Genv.find_symbol (Sk.load_skenv (tgt ss)) id = Some blk_tgt). { apply Genv.find_symbol_inversion in BLKSRC. apply prog_defmap_dom in BLKSRC. destruct BLKSRC as (g & P). apply Genv.find_symbol_exists with g. apply in_prog_defmap. inv SIMSK. rewrite KEPT0; ss. } des. exists blk_tgt; split; auto. eapply init_meminj_eq; eauto. - - assert(exists blk_src : block, Genv.find_symbol (Sk.load_skenv ss.(src)) id = Some blk_src). + - assert(exists blk_src : block, Genv.find_symbol (Sk.load_skenv (src ss)) id = Some blk_src). { apply Genv.find_symbol_inversion in BLKTGT. apply prog_defmap_dom in BLKTGT. destruct BLKTGT as (g & P). apply Genv.find_symbol_exists with g. apply in_prog_defmap. inv SIMSK. rewrite <- KEPT; ss. ii. rewrite DROP in P; ss. } des. exists blk_src; split; auto. eapply init_meminj_eq; eauto. - exploit init_meminj_invert; eauto. intros (A & id & B & C & D). - assert ((prog_defmap ss.(src))!id = Some def_src). + assert ((prog_defmap (src ss))!id = Some def_src). { rewrite Genv.find_def_symbol. exists blk_src; auto. } - assert ((prog_defmap ss.(tgt))!id = Some def_src). + assert ((prog_defmap (tgt ss))!id = Some def_src). { inv SIMSK. rewrite KEPT; ss. } rewrite Genv.find_def_symbol in H0. destruct H0 as (b & P & Q). unfold Sk.load_skenv in *. replace b with blk_tgt in * by congruence. exists def_src. split; auto. - unfold init_meminj in *. des_ifs. apply_all_once Genv.find_invert_symbol. rewrite Heq2 in Heq0. inv Heq0. apply_all_once Genv.invert_find_symbol. congruence. - exploit init_meminj_invert; eauto. intros (A & id & B & C & D). - assert ((prog_defmap ss.(tgt))!id = Some def_tgt). + assert ((prog_defmap (tgt ss))!id = Some def_tgt). { rewrite Genv.find_def_symbol. exists blk_tgt; auto. } inv SIMSK. rewrite KEPT in H; ss. rewrite Genv.find_def_symbol in H. destruct H as (b & P & Q). unfold Sk.load_skenv in *. replace b with blk_src in * by congruence. exists def_tgt. split; auto. @@ -319,20 +318,20 @@ Qed. Lemma init_meminj_invert_strong ss b b' delta - (INJ: (init_meminj ss.(src) ss.(tgt)) b = Some(b', delta)) + (INJ: (init_meminj (src ss) (tgt ss)) b = Some(b', delta)) (SIMSK : wf ss): delta = 0 /\ exists id gd, - Genv.find_symbol (Sk.load_skenv ss.(src)) id = Some b - /\ Genv.find_symbol (Sk.load_skenv ss.(tgt)) id = Some b' - /\ Genv.find_def (Sk.load_skenv ss.(src)) b = Some gd - /\ Genv.find_def (Sk.load_skenv ss.(tgt)) b' = Some gd. + Genv.find_symbol (Sk.load_skenv (src ss)) id = Some b + /\ Genv.find_symbol (Sk.load_skenv (tgt ss)) id = Some b' + /\ Genv.find_def (Sk.load_skenv (src ss)) b = Some gd + /\ Genv.find_def (Sk.load_skenv (tgt ss)) b' = Some gd. Proof. intros. exploit init_meminj_invert; eauto. intros (A & id & B & C & D). unfold Sk.load_skenv in *. - assert (exists gd, (prog_defmap ss.(src))!id = Some gd). + assert (exists gd, (prog_defmap (src ss))!id = Some gd). { apply prog_defmap_dom. eapply Genv.find_symbol_inversion; eauto. } destruct H as [gd DM]. - assert ((prog_defmap ss.(tgt))!id = Some gd). + assert ((prog_defmap (tgt ss))!id = Some gd). { inv SIMSK. rewrite KEPT; ss. } rewrite Genv.find_def_symbol in DM. destruct DM as (b'' & P & Q). rewrite P in B; inv B. rewrite Genv.find_def_symbol in H. destruct H as (b'' & R & S). rewrite R in C; inv C. esplits; et. @@ -341,9 +340,9 @@ Qed. Lemma bytes_of_init_inject ss m_src il (SIMSK: wf ss) - (LOADMEMSRC: Sk.load_mem ss.(src) = Some m_src) + (LOADMEMSRC: Sk.load_mem (src ss) = Some m_src) (REF: forall id, ref_init il id -> ~ ss id): - list_forall2 (memval_inject (init_meminj ss.(src) ss.(tgt))) (Genv.bytes_of_init_data_list (Sk.load_skenv ss.(src)) il) (Genv.bytes_of_init_data_list (Sk.load_skenv ss.(tgt)) il). + list_forall2 (memval_inject (init_meminj (src ss) (tgt ss))) (Genv.bytes_of_init_data_list (Sk.load_skenv (src ss)) il) (Genv.bytes_of_init_data_list (Sk.load_skenv (tgt ss)) il). Proof. exploit init_mem_exists; et. intros LOADMEMTGT; des. induction il as [ | i1 il]; simpl; intros; try constructor. @@ -351,11 +350,11 @@ Proof. + exploit init_meminj_simskenv; try eapply SIMSK; et. i. inv H; ss. destruct i1; simpl; try (apply inj_bytes_inject). { induction (Z.to_nat z); simpl; constructor. constructor. auto. } - destruct (Genv.find_symbol (Sk.load_skenv ss.(src)) i) as [b|] eqn:FS. + destruct (Genv.find_symbol (Sk.load_skenv (src ss)) i) as [b|] eqn:FS. * assert (~ ss i). { apply REF. red. exists i0; auto with coqlib. } exploit SIMSYMB2; et. intros (b' & A & B). rewrite A. apply inj_value_inject. econstructor; eauto. symmetry; apply Ptrofs.add_zero. - * destruct (Genv.find_symbol (Sk.load_skenv ss.(tgt)) i) as [b'|] eqn:FS'. + * destruct (Genv.find_symbol (Sk.load_skenv (tgt ss)) i) as [b'|] eqn:FS'. exploit SIMSYMB3; et. intros (b & A & B). congruence. apply repeat_Undef_inject_self. + apply IHil. intros id [ofs IN]. apply REF. exists ofs; auto with coqlib. Qed. @@ -369,7 +368,7 @@ Proof. induction n; simpl Mem.getN; intros. - simpl in H1. lia. - inv H. rewrite Nat2Z.inj_succ in H1. destruct (zeq i p); try congruence. -+ apply IHn with (p + 1); auto. omega. omega. ++ apply IHn with (p + 1); auto. lia. lia. Qed. Global Program Instance le_PreOrder: PreOrder le. @@ -440,23 +439,23 @@ Next Obligation. Qed. Next Obligation. inv SIMSK. inv SIMSK0. - exploit (link_prog_inv ss0.(src) ss1.(src)); eauto. i; des. - assert(AUX1: forall id, ss1 id -> ~ ss0 id -> (prog_defmap ss0.(src)) ! id = None). - { i. destruct ((prog_defmap ss0.(src)) ! id) eqn:T; ss. + exploit (link_prog_inv (src ss0) (src ss1)); eauto. i; des. + assert(AUX1: forall id, ss1 id -> ~ ss0 id -> (prog_defmap (src ss0)) ! id = None). + { i. destruct ((prog_defmap (src ss0)) ! id) eqn:T; ss. apply CLOSED0 in H2. unfold privs, defs, NW in *. bsimpl. des. des_sumbool. exploit prog_defmap_dom; eauto. i; des. exploit H0; eauto. i; des. clarify. } - assert(AUX2: forall id, ss0 id -> ~ ss1 id -> (prog_defmap ss1.(src)) ! id = None). - { i. destruct ((prog_defmap ss1.(src)) ! id) eqn:T; ss. + assert(AUX2: forall id, ss0 id -> ~ ss1 id -> (prog_defmap (src ss1)) ! id = None). + { i. destruct ((prog_defmap (src ss1)) ! id) eqn:T; ss. apply CLOSED in H2. unfold privs, defs, NW in *. bsimpl. des. des_sumbool. exploit prog_defmap_dom; eauto. i; des. exploit H0; eauto. i; des. clarify. } - assert(LINKTGT: link ss0.(tgt) ss1.(tgt) = Some (mkprogram - (PTree.elements (PTree.combine link_prog_merge (prog_defmap ss0.(tgt)) - (prog_defmap ss1.(tgt)))) - (prog_public ss0.(tgt) ++ prog_public ss1.(tgt)) - (prog_main ss0.(tgt)))). - { eapply (link_prog_succeeds ss0.(tgt) ss1.(tgt)); eauto; try congruence. i. exploit H0. + assert(LINKTGT: link (tgt ss0) (tgt ss1) = Some (mkprogram + (PTree.elements (PTree.combine link_prog_merge (prog_defmap (tgt ss0)) + (prog_defmap (tgt ss1)))) + (prog_public (tgt ss0) ++ prog_public (tgt ss1)) + (prog_main (tgt ss0)))). + { eapply (link_prog_succeeds (tgt ss0) (tgt ss1)); eauto; try congruence. i. exploit H0. { erewrite <- KEPT; et. ii. eapply DROP in H4. congruence. } { erewrite <- KEPT0; et. ii. eapply DROP0 in H4. congruence. } i; des. esplits; congruence. @@ -480,14 +479,14 @@ Next Obligation. * rewrite DROP; ss. rewrite KEPT0; ss. apply AUX2; ss. * rewrite DROP0; ss. rewrite KEPT; ss. rewrite AUX1; ss. + rr. unfold privs. ss. bsimpl. split. - { assert(T: exists x1, link_prog_merge (prog_defmap ss0.(src)) ! x0 (prog_defmap ss1.(src)) ! x0 = Some x1). + { assert(T: exists x1, link_prog_merge (prog_defmap (src ss0)) ! x0 (prog_defmap (src ss1)) ! x0 = Some x1). { des. - exploit CLOSED; et. intro T. unfold privs in T. unfold NW in *. bsimpl. des_safe. des_sumbool. - apply defs_prog_defmap in T. des. rewrite T. destruct ((prog_defmap ss1.(src)) ! x0) eqn:EQN. + apply defs_prog_defmap in T. des. rewrite T. destruct ((prog_defmap (src ss1)) ! x0) eqn:EQN. + exploit H0; et. i; des. ss. + eexists. ss. - exploit CLOSED0; et. intro T. unfold privs in T. unfold NW in *. bsimpl. des_safe. des_sumbool. - apply defs_prog_defmap in T. des. rewrite T. destruct ((prog_defmap ss0.(src)) ! x0) eqn:EQN. + apply defs_prog_defmap in T. des. rewrite T. destruct ((prog_defmap (src ss0)) ! x0) eqn:EQN. + exploit H0; et. i; des. ss. + eexists. ss. } @@ -502,7 +501,7 @@ Next Obligation. * exploit CLOSED0; eauto. intro TT. unfold privs, NW in TT. bsimpl. des_safe. des_sumbool. des; ss. apply defs_prog_defmap in TT. inv WFSRC0. apply PUBINCL in T. apply prog_defmap_dom in T. des. exploit H0; et. i; des. ss. - + assert(T: (In (id, Gvar gv) (prog_defs ss0.(tgt))) \/ (In (id, Gvar gv) (prog_defs ss1.(tgt)))). + + assert(T: (In (id, Gvar gv) (prog_defs (tgt ss0))) \/ (In (id, Gvar gv) (prog_defs (tgt ss1)))). { unfold prog_defmap in PROG. ss. rewrite PTree_Properties.of_list_elements in *. rewrite PTree.gcombine in *; ss. unfold link_prog_merge in PROG. clear - PROG. des_ifs. - apply PTree_Properties.in_of_list in Heq. apply PTree_Properties.in_of_list in Heq0. @@ -510,7 +509,7 @@ Next Obligation. - apply PTree_Properties.in_of_list in Heq. eauto. - apply PTree_Properties.in_of_list in PROG. eauto. } - assert(U: ~ In id_drop (prog_defs_names ss0.(tgt)) /\ ~ In id_drop (prog_defs_names ss1.(tgt))). + assert(U: ~ In id_drop (prog_defs_names (tgt ss0)) /\ ~ In id_drop (prog_defs_names (tgt ss1))). { split. - destruct (classic (ss0 id_drop)). + exploit DROP; eauto. intro V. intro W. exploit prog_defmap_dom; et. i; des; clarify. @@ -536,21 +535,21 @@ Qed. Next Obligation. exploit init_mem_exists; et. intros LOADMEMTGT; des. exploit init_meminj_simskenv; try eapply SIMSK; et. intros SIMSKENV. - eexists m_tgt. exists (SimMemInj.mk m_src m_tgt (init_meminj ss.(src) ss.(tgt)) bot2 bot2 (Mem.nextblock m_src) (Mem.nextblock m_tgt) (Mem.nextblock m_src) (Mem.nextblock m_tgt)). + eexists m_tgt. exists (SimMemInj.mk m_src m_tgt (init_meminj (src ss) (tgt ss)) bot2 bot2 (Mem.nextblock m_src) (Mem.nextblock m_tgt) (Mem.nextblock m_src) (Mem.nextblock m_tgt)). esplits; et. { econs; ss; try extlia. constructor; intros. { intros; constructor; intros. - exploit init_meminj_invert_strong; eauto. intros (A & id & gd & B & C & D & E). - exploit (Genv.init_mem_characterization_gen ss.(src)); eauto. - exploit (Genv.init_mem_characterization_gen ss.(tgt)); eauto. + exploit (Genv.init_mem_characterization_gen (src ss)); eauto. + exploit (Genv.init_mem_characterization_gen (tgt ss)); eauto. destruct gd as [f|v]. + intros (P2 & Q2) (P1 & Q1). apply Q1 in H0. destruct H0. subst. apply Mem.perm_cur. auto. + intros (P2 & Q2 & R2 & S2) (P1 & Q1 & R1 & S1). apply Q1 in H0. destruct H0. subst. - apply Mem.perm_cur. eapply Mem.perm_implies; eauto. apply P2. omega. + apply Mem.perm_cur. eapply Mem.perm_implies; eauto. apply P2. lia. - exploit init_meminj_invert; eauto. intros (A & id & B & C). subst delta. apply Z.divide_0_r. - exploit init_meminj_invert_strong; eauto. intros (A & id & gd & B & C & D & E). - exploit (Genv.init_mem_characterization_gen ss.(src)); eauto. - exploit (Genv.init_mem_characterization_gen ss.(tgt)); eauto. + exploit (Genv.init_mem_characterization_gen (src ss)); eauto. + exploit (Genv.init_mem_characterization_gen (tgt ss)); eauto. destruct gd as [f|v]. + intros (P2 & Q2) (P1 & Q1). apply Q1 in H0. destruct H0; discriminate. + intros (P2 & Q2 & R2 & S2) (P1 & Q1 & R1 & S1). apply Q1 in H0. destruct H0. @@ -559,12 +558,11 @@ Next Obligation. Local Transparent Mem.loadbytes. generalize (S1 NO). unfold Mem.loadbytes. destruct Mem.range_perm_dec; intros E1; inv E1. generalize (S2 NO). unfold Mem.loadbytes. destruct Mem.range_perm_dec; intros E2; inv E2. - rewrite Z.add_0_r. apply Mem_getN_forall2 with (p := 0) (n := Z.to_nat (init_data_list_size (gvar_init v))); try omega. + rewrite Z.add_0_r. apply Mem_getN_forall2 with (p := 0) (n := Z.to_nat (init_data_list_size (gvar_init v))); try lia. rewrite H3, H4. eapply bytes_of_init_inject; et. { ii. inv SIMSK. eapply NOREF; et. eapply Genv.find_def_symbol. eexists. split; et. } - rewrite Z2Nat.id; try extlia. } - - destruct ((init_meminj ss.(src) ss.(tgt)) b) as [[b' delta]|] eqn:INJ; auto. + - destruct ((init_meminj (src ss) (tgt ss)) b) as [[b' delta]|] eqn:INJ; auto. elim H. exploit init_meminj_invert; eauto. intros (A & id & B & C & D). unfold Sk.load_skenv, Sk.load_mem in *. eapply Genv.find_symbol_not_fresh; eauto. - exploit init_meminj_invert; eauto. intros (A & id & B & C & D). @@ -574,15 +572,15 @@ Next Obligation. exploit init_meminj_invert; try eapply H1; et. intros (A2 & id2 & B2 & C2 & D2). destruct (ident_eq id1 id2). congruence. left; eapply Genv.global_addresses_distinct; eauto. - exploit init_meminj_invert; eauto. intros (A & id & B & C & D). subst delta. - split. omega. generalize (Ptrofs.unsigned_range_2 ofs). omega. + split. lia. generalize (Ptrofs.unsigned_range_2 ofs). lia. - exploit init_meminj_invert_strong; eauto. intros (A & id & gd & B & C & D & E). - exploit (Genv.init_mem_characterization_gen ss.(src)); eauto. - exploit (Genv.init_mem_characterization_gen ss.(tgt)); eauto. + exploit (Genv.init_mem_characterization_gen (src ss)); eauto. + exploit (Genv.init_mem_characterization_gen (tgt ss)); eauto. destruct gd as [f|v]. - + intros (P2 & Q2) (P1 & Q1). apply Q2 in H0. destruct H0. subst. replace ofs with 0 by omega. + + intros (P2 & Q2) (P1 & Q1). apply Q2 in H0. destruct H0. subst. replace ofs with 0 by lia. left; apply Mem.perm_cur; auto. + intros (P2 & Q2 & R2 & S2) (P1 & Q1 & R1 & S1). apply Q2 in H0. destruct H0. subst. - left. apply Mem.perm_cur. eapply Mem.perm_implies; eauto. apply P1. omega. + left. apply Mem.perm_cur. eapply Mem.perm_implies; eauto. apply P1. lia. } { ss. inv SIMSK. rewrite <- MAIN. unfold init_meminj. inv SIMSKENV. ss. unfold Genv.symbol_address. des_ifs; cycle 1. @@ -615,9 +613,9 @@ Next Obligation. exploit Genv.genv_defs_range; eauto. i. rewrite NBTGT in *. extlia. Qed. Next Obligation. - set (SkEnv.project skenv_link_src ss.(src)) as skenv_src. + set (SkEnv.project skenv_link_src (src ss)) as skenv_src. generalize (SkEnv.project_impl_spec INCLSRC); intro LESRC. - set (SkEnv.project skenv_link_tgt ss.(tgt)) as skenv_tgt. + set (SkEnv.project skenv_link_tgt (tgt ss)) as skenv_tgt. generalize (SkEnv.project_impl_spec INCLTGT); intro LETGT. exploit SkEnv.project_spec_preserves_wf; try apply LESRC; eauto. intro WFSMALLSRC. exploit SkEnv.project_spec_preserves_wf; try apply LETGT; eauto. intro WFSMALLTGT. @@ -625,13 +623,13 @@ Next Obligation. inv SIMSKENV. ss. apply sim_skenv_splittable_spec. folder. dsplits; eauto; ii; ss. - (* SIMSYMB1 *) - inv LESRC. destruct (classic (defs ss.(src) id)); cycle 1. + inv LESRC. destruct (classic (defs (src ss) id)); cycle 1. { exfalso. exploit SYMBDROP; eauto. i; des. clarify. } exploit SYMBKEEP; eauto. intro KEEP; des. exploit SIMSYMB1; eauto. { rewrite <- KEEP. ss. } i; des. - inv LETGT. destruct (classic (defs ss.(tgt) id)); cycle 1. + inv LETGT. destruct (classic (defs (tgt ss) id)); cycle 1. { erewrite SYMBDROP0; ss. exfalso. clear - LE KEPT H H0 SIMSK. apply H0. clear H0. inv SIMSK. u in *. simpl_bool. des_sumbool. rewrite prog_defmap_spec in *. des. destruct (classic (ss id)); cycle 1. @@ -645,7 +643,7 @@ Next Obligation. - (* SIMSYMB2 *) - inv LESRC. destruct (classic (defs ss.(src) id)); cycle 1. + inv LESRC. destruct (classic (defs (src ss) id)); cycle 1. { exfalso. exploit SYMBDROP; eauto. i; des. clarify. } exploit SYMBKEEP; eauto. intro KEEP; des. @@ -655,7 +653,7 @@ Next Obligation. exploit OUTSIDE; eauto. i; des. ss. } i; des. esplits; eauto. inv LETGT. erewrite SYMBKEEP0; ss. - destruct (classic (defs ss.(tgt) id)); ss. + destruct (classic (defs (tgt ss) id)); ss. { exfalso. clear - LE KEPT H H0 SIMSK. apply H0. clear H0. inv SIMSK. u in *. simpl_bool. des_sumbool. rewrite prog_defmap_spec in *. destruct (classic (ss id)); cycle 1. @@ -664,7 +662,7 @@ Next Obligation. } - (* SIMSYMB3 *) - inv LETGT. destruct (classic (defs ss.(tgt) id)); cycle 1. + inv LETGT. destruct (classic (defs (tgt ss) id)); cycle 1. { exploit SYMBDROP; eauto. i; des. clarify. } erewrite SYMBKEEP in *; ss. exploit SIMSYMB3; eauto. i; des. esplits; eauto. @@ -681,7 +679,7 @@ Next Obligation. - (* SIMDEF *) inv LESRC. inv WFSMALLSRC. exploit DEFSYMB; eauto. intro SYMBSMALL; des. rename SYMB into SYMBSMALL. - destruct (classic (defs ss.(src) id)); cycle 1. + destruct (classic (defs (src ss) id)); cycle 1. { exploit SYMBDROP; eauto. i; des. clarify. } exploit SYMBKEEP; eauto. intro SYMBBIG; des. rewrite SYMBSMALL in *. symmetry in SYMBBIG. inv WFSRC. exploit SYMBDEF; eauto. i; des. @@ -714,7 +712,7 @@ Next Obligation. } i; des. clarify. - - inv LESRC. destruct (classic (defs ss.(src) id)); cycle 1. + - inv LESRC. destruct (classic (defs (src ss) id)); cycle 1. { exploit SYMBDROP; et. i; des. clarify. } eapply DISJ; et. erewrite <- SYMBKEEP; et. @@ -735,12 +733,12 @@ Next Obligation. { symmetry. eapply SPLITHINT3; et. } clarify. inv LESRC. inv WFSRC. exploit DEFSYMB; eauto. i; des. assert(id = id0). { eapply Genv.genv_vars_inj. apply SYMBSMALLTGT. eauto. } clarify. - assert(DSRC: defs ss.(src) id0). + assert(DSRC: defs (src ss) id0). { apply NNPP. ii. erewrite SYMBDROP in *; eauto. ss. } exploit SYMBKEEP; eauto. i; des. rewrite BLKSRC in *. symmetry in H. - assert(DTGT: defs ss.(tgt) id0). + assert(DTGT: defs (tgt ss) id0). { apply NNPP. ii. inv LETGT. erewrite SYMBDROP0 in *; eauto. ss. } - assert(ITGT: internals ss.(tgt) id0). + assert(ITGT: internals (tgt ss) id0). { dup DTGT. unfold defs in DTGT. des_sumbool. apply prog_defmap_spec in DTGT. des. inv INCLTGT. exploit DEFS; et. i; des. @@ -750,7 +748,7 @@ Next Obligation. { apply Genv.find_invert_symbol; eauto. } i; des. ss. } - assert(ISRC: internals ss.(src) id0). + assert(ISRC: internals (src ss) id0). { inv SIMSK. unfold internals in *. des_ifs_safe. exploit SPLITHINT; et. i; des. clear_tac. hexploit (KEPT id0); et. intro T. rewrite Heq in *. des_ifs. diff --git a/proof/SimSymbId.v b/proof/SimSymbId.v index 8ab2de74..00b5e7ff 100644 --- a/proof/SimSymbId.v +++ b/proof/SimSymbId.v @@ -39,7 +39,7 @@ Record t' := mk { tgt: Sk.t; }. -Definition wf (ss: t'): Prop := ss.(src) = ss.(tgt). +Definition wf (ss: t'): Prop := (src ss) = (tgt ss). Definition le: t' -> t' -> Prop := top2. @@ -48,11 +48,11 @@ Global Program Instance le_PreOrder: PreOrder le. Lemma wf_link: forall ss0 ss1 sk_src (SIMSK: wf ss0) (SIMSK: wf ss1) - (LINKSRC: link ss0.(src) ss1.(src) = Some sk_src), + (LINKSRC: link (src ss0) (src ss1) = Some sk_src), exists ss sk_tgt, - <> /\ - <> /\ - <> /\ + <> /\ + <> /\ + <> /\ <> /\ <> /\ <>. @@ -64,13 +64,13 @@ Qed. Lemma wf_load_sim_skenv: forall ss skenv_src skenv_tgt m_src (SIMSK: wf ss) - (LOADSRC: (Sk.load_skenv ss.(src)) = skenv_src) - (LOADTGT: (Sk.load_skenv ss.(tgt)) = skenv_tgt) - (LOADMEMSRC: (Sk.load_mem ss.(src)) = Some m_src), - (<>) /\ + (LOADSRC: (Sk.load_skenv (src ss)) = skenv_src) + (LOADTGT: (Sk.load_skenv (tgt ss)) = skenv_tgt) + (LOADMEMSRC: (Sk.load_mem (src ss)) = Some m_src), + (<>) /\ (<>) /\ - (<>). + (<>). Proof. i. u in *. inv SIMSK. esplits; eauto with congruence. Qed. Lemma sim_skenv_monotone: forall ss_link skenv_link_src skenv_link_tgt ss skenv_src skenv_tgt @@ -79,8 +79,8 @@ Lemma sim_skenv_monotone: forall ss_link skenv_link_src skenv_link_tgt ss skenv_ (SIMSKENV: sim_skenv skenv_link_src skenv_link_tgt) (SIMSK: wf ss) (LE: le ss ss_link) - (LESRC: SkEnv.project skenv_link_src ss.(src) = skenv_src) - (LETGT: SkEnv.project skenv_link_tgt ss.(tgt) = skenv_tgt), + (LESRC: SkEnv.project skenv_link_src (src ss) = skenv_src) + (LETGT: SkEnv.project skenv_link_tgt (tgt ss) = skenv_tgt), <>. Proof. i. clarify. rr. inv SIMSK. inv SIMSKENV. ss. Qed. diff --git a/proof/Simulation.v b/proof/Simulation.v index 811bb02e..e9714365 100644 --- a/proof/Simulation.v +++ b/proof/Simulation.v @@ -960,7 +960,7 @@ Proof. intros [[EQ1 [EQ2 EQ3]] | [NOT1 [NOT2 MT]]]. + (* 2.1 L2 makes a silent transition: remain in "before" state *) subst. simpl in *. exists (X2BI_before n0); exists st_src0; split. - right; split. apply star_refl. constructor. omega. right. eapply CIH; et. + right; split. apply star_refl. constructor. lia. right. eapply CIH; et. { ii. eapply SSTGT; eauto. eapply star_left; eauto. } econstructor; eauto. eapply star_right; eauto. + (* 2.2 L2 make a non-silent transition *) @@ -993,7 +993,7 @@ Proof. i. inv H. exploit Eapp_E0_inv; eauto. intros [EQ1 EQ2]; subst. destruct H2. exploit ssd_determ_at. eapply H. eexact H1. eexact STEPTGT. i; des. clarify. exists (X2BI_after n i); exists st_src0; split. - right; split. apply star_refl. constructor. constructor; omega. right. eapply CIH; et. + right; split. apply star_refl. constructor. constructor; lia. right. eapply CIH; et. { ii. eapply SSTGT; eauto. eapply star_left; eauto. } eapply x2b_match_after'; eauto. } @@ -1018,7 +1018,7 @@ Lemma mixed_to_backward_simulation: forall L1 L2, mixed_simulation L1 L2 -> backward_simulation L1 L2. Proof. intros L1 L2 XSIM. inversion XSIM. - apply Backward_simulation with (order0 := x2b_order order). constructor. + apply Backward_simulation with (order := x2b_order order). constructor. - eapply wf_x2b_order. apply props. - inv props. inv xsim_initial_states_sim0; eauto. i. exploit INITSIM; eauto. i; des. inv INITTGT. eauto. diff --git a/proof/Sound.v b/proof/Sound.v index 1f2a1984..b7393dfe 100644 --- a/proof/Sound.v +++ b/proof/Sound.v @@ -50,10 +50,10 @@ Module Sound. <>; val: t -> Values.val -> Prop; - vals: t -> list Values.val -> Prop := fun su vs => Forall su.(val) vs; + vals: t -> list Values.val -> Prop := fun su vs => Forall (val su) vs; mem: t -> mem -> Prop; - regset: t -> Asm.regset -> Prop := fun su rs => forall pr, su.(val) (rs pr); + regset: t -> Asm.regset -> Prop := fun su rs => forall pr, (val su) (rs pr); args: t -> Args.t -> Prop := fun su args => match args with @@ -93,39 +93,39 @@ Module Sound. (MEM: Sk.load_mem sk_link = Some m_init) (SKE: Sk.load_skenv sk_link = skenv_link), exists su_init, - (<>) /\ - (<>); + (<>) /\ + (<>); skenv_lepriv: forall m0 su0 su1 ske - (SKE: su0.(skenv) m0 ske) + (SKE: (skenv su0) m0 ske) (LE: lepriv su0 su1), - <>; + <>; skenv_mle: forall m0 m1 su0 ske - (SKE: su0.(skenv) m0 ske) - (MLE: su0.(mle) m0 m1), - <>; + (SKE: (skenv su0) m0 ske) + (MLE: (mle su0) m0 m1), + <>; skenv_project: forall su m0 skenv_link sk skenv0 (WF: SkEnv.wf skenv_link) (WFM: SkEnv.wf_mem skenv_link sk m0) - (SKE: su.(skenv) m0 skenv_link) + (SKE: (skenv su) m0 skenv_link) (LE: SkEnv.project_spec skenv_link sk skenv0) (INCL: SkEnv.includes skenv_link sk), - <>; + <>; system_skenv: forall su m0 skenv_link - (SKELINK: su.(skenv) m0 skenv_link), - <>; + (SKELINK: (skenv su) m0 skenv_link), + <>; system_axiom: forall ef skenv0 su0 args0 tr v_ret m_ret (CSTYLE: Args.is_cstyle args0) - (ARGS: su0.(args) args0) + (ARGS: (args su0) args0) (SKE: skenv su0 (Args.m args0) skenv0) (EXT: (external_call ef) skenv0 (Args.vs args0) (Args.m args0) tr v_ret m_ret), - exists su1, <> /\ <> /\ <>; + exists su1, <> /\ <> /\ <>; }. Section SOUND. @@ -133,9 +133,9 @@ Module Sound. Lemma skenv_hle: forall m0 su0 su1 ske (WF: Sound.wf su0) - (SKE: su0.(skenv) m0 ske) + (SKE: (skenv su0) m0 ske) (MLE: hle su0 su1), - <>. + <>. Proof. i. eapply skenv_lepriv; eauto. eapply hle_lepriv; eauto. Qed. diff --git a/proof/StoreArgumentsProps.v b/proof/StoreArgumentsProps.v index 8f845986..b12202cd 100644 --- a/proof/StoreArgumentsProps.v +++ b/proof/StoreArgumentsProps.v @@ -329,7 +329,7 @@ Module _FillArgsParallel. + exploit H5; eauto. i. rewrite H8. eauto. + rewrite LEQ at 2. symmetry. eapply Mem.getN_setN_same. + rewrite Mem.getN_length. - exploit size_chunk_nat_pos. intros SZ. des. rewrite SZ. compute. omega. } + exploit size_chunk_nat_pos. intros SZ. des. rewrite SZ. compute. lia. } * specialize (ONLY ofs). des. { left. erewrite Mem.setN_other; eauto. unfold copy_list_memval. erewrite map_length. erewrite Mem.getN_length. ii. clarify. } diff --git a/proof/UnreachC.v b/proof/UnreachC.v index 74a804a6..f799d3b2 100644 --- a/proof/UnreachC.v +++ b/proof/UnreachC.v @@ -42,7 +42,7 @@ Local Open Scope nat. Definition val' (su: Unreach.t) (v: val): Prop := - forall blk ofs (PTR: v = Vptr blk ofs), ~su blk /\ (blk < su.(nb))%positive. + forall blk ofs (PTR: v = Vptr blk ofs), ~su blk /\ (blk < (nb su))%positive. Definition memval' (su: Unreach.t) (mv: memval): Prop := forall v q n (PTR: mv = Fragment v q n), (val' su) v. @@ -54,10 +54,10 @@ Inductive mem': Unreach.t -> Memory.mem -> Prop := (PUB: ~ su blk) (PERM: Mem.perm m0 blk ofs Cur Readable), (* <------------ Cur? *) (memval' su) (ZMap.get ofs (Mem.mem_contents m0) !! blk)) - (BOUND: su.(Unreach.unreach) <1= (Mem.valid_block m0)) - (* (BOUND: Ple su.(Unreach.nb) m0.(Mem.nextblock)) *) + (BOUND: (Unreach.unreach su) <1= (Mem.valid_block m0)) + (* (BOUND: Ple (Unreach.nb su) m0.(Mem.nextblock)) *) (GENB: Ple su.(Unreach.ge_nb) m0.(Mem.nextblock)) - (NB: su.(Unreach.nb) = m0.(Mem.nextblock)): + (NB: (Unreach.nb su) = m0.(Mem.nextblock)): mem' su m0. Hint Unfold val' memval'. @@ -79,13 +79,13 @@ Definition args' (su: Unreach.t) (args0: Args.t) := /\ (<>) /\ (<>) (* /\ (<>) *) - (* /\ (<>) *) + (* /\ (<>) *) /\ (<>). Definition retv' (su: Unreach.t) (retv0: Retv.t) := (<>) /\ (<>) - /\ (<>). + /\ (<>). Lemma finite_map X (P: X -> Prop) Y @@ -634,7 +634,7 @@ Next Obligation. u in MEM. exploit Genv.initmem_inject; eauto. i. inv H. exploit Mem.mi_memval; et. { exploit Mem.perm_valid_block; et. unfold Mem.valid_block, Mem.flat_inj. des_ifs. } - i. replace (ofs + 0)%Z with ofs in H by omega. rewrite PTR in H. inv H. inv H1. eapply mi_mappedblocks; et. + i. replace (ofs + 0)%Z with ofs in H by lia. rewrite PTR in H. inv H. inv H1. eapply mi_mappedblocks; et. + ii; ss. + ss. u in *. erewrite <- Genv.init_mem_genv_next; eauto. folder. refl. - econs; eauto; ss. @@ -816,7 +816,7 @@ Qed. Lemma greatest_ex: forall su0 args0 (CSTYLE: Args.is_cstyle args0) - (INHAB: exists (inhab: Sound.t), <> /\ <>) + (INHAB: exists (inhab: Sound.t), <> /\ <>) , exists su_gr, <>. Proof. diff --git a/selfsim/AsmStepExt.v b/selfsim/AsmStepExt.v index 05097b89..c97f47a3 100644 --- a/selfsim/AsmStepExt.v +++ b/selfsim/AsmStepExt.v @@ -592,6 +592,8 @@ Section ASMSTEP. esplits; eauto. * econs; eauto; ss. rewrite <- H4. ss. rewrite H1. rewrite H8. rewrite H. ss. * eapply nextinstr_agree. repeat eapply agree_step; eauto. + + tac_cal AGREE. + + tac_cal AGREE. - exploit eval_builtin_args_extends; eauto. i. des. exploit ec_mem_extends; eauto. diff --git a/selfsim/AsmStepInj.v b/selfsim/AsmStepInj.v index 9f3cd015..cf92fee6 100644 --- a/selfsim/AsmStepInj.v +++ b/selfsim/AsmStepInj.v @@ -216,7 +216,7 @@ Section ASMSTEP. * econs. Qed. - + Lemma exec_load_inject j ge_src ge_tgt chunk m_src0 m_tgt0 m_src1 a rd rs_src0 rs_tgt0 rs_src1 (SYMBLE: forall i b_src @@ -1120,6 +1120,8 @@ tac_cal AGREE. rewrite FREE. ss. * eapply nextinstr_agree. repeat eapply agree_step; eauto. * eapply inject_separated_refl. + + tac_cal AGREE. + + tac_cal AGREE. - exploit eval_builtin_args_inject; eauto. i. des. exploit ec_mem_inject_weak; eauto. { apply external_call_spec. } diff --git a/selfsim/ClightStepExt.v b/selfsim/ClightStepExt.v index ecde972a..1d38ba64 100644 --- a/selfsim/ClightStepExt.v +++ b/selfsim/ClightStepExt.v @@ -33,8 +33,8 @@ Inductive match_states_ext_clight : unit -> state -> state -> SimMemExt.t' -> Prop := | match_ext_State fn stmt K_src K_tgt env_src env_tgt tenv_src tenv_tgt m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMemExt.src)) - (MWFTGT: m_tgt = sm0.(SimMemExt.tgt)) + (MWFSRC: m_src = (SimMemExt.src sm0)) + (MWFTGT: m_tgt = (SimMemExt.tgt sm0)) (MWF: Mem.extends m_src m_tgt) (ENV: match_env inject_id env_src env_tgt) (TENV: match_temp_env inject_id tenv_src tenv_tgt) @@ -46,8 +46,8 @@ Inductive match_states_ext_clight sm0 | match_ext_Callstate fptr_src fptr_tgt ty args_src args_tgt K_src K_tgt m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMemExt.src)) - (MWFTGT: m_tgt = sm0.(SimMemExt.tgt)) + (MWFSRC: m_src = (SimMemExt.src sm0)) + (MWFTGT: m_tgt = (SimMemExt.tgt sm0)) (MWF: Mem.extends m_src m_tgt) (INJ: Val.lessdef fptr_src fptr_tgt) (VALS: Val.lessdef_list args_src args_tgt) @@ -59,8 +59,8 @@ Inductive match_states_ext_clight sm0 | match_ext_Returnstate retv_src retv_tgt K_src K_tgt m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMemExt.src)) - (MWFTGT: m_tgt = sm0.(SimMemExt.tgt)) + (MWFSRC: m_src = (SimMemExt.src sm0)) + (MWFTGT: m_tgt = (SimMemExt.tgt sm0)) (MWF: Mem.extends m_src m_tgt) (INJ: Val.lessdef retv_src retv_tgt) (CONT: match_cont inject_id K_src K_tgt): @@ -108,12 +108,12 @@ Section CLIGHTEXT. esplits; eauto. econs; eauto. Qed. - Lemma assign_loc_extends ce ty m_src0 m_tgt0 v_src v_tgt m_src1 blk ofs - (ASSIGN: assign_loc ce ty m_src0 blk ofs v_src m_src1) + Lemma assign_loc_extends ce ty m_src0 m_tgt0 v_src v_tgt m_src1 blk ofs bf + (ASSIGN: assign_loc ce ty m_src0 blk ofs bf v_src m_src1) (VAL: Val.lessdef v_src v_tgt) (MWF: Mem.extends m_src0 m_tgt0): exists m_tgt1, - (<>) /\ + (<>) /\ (<>). Proof. inv ASSIGN. @@ -122,6 +122,12 @@ Section CLIGHTEXT. exploit Mem.loadbytes_extends; eauto. i. des_safe. exploit Mem.storebytes_within_extends; eauto. i. des_safe. esplits; eauto. econs 2; eauto. + - inv H. inv VAL. + exploit Mem.storev_extends; eauto. i. des. esplits; eauto. econs 3; eauto. + econs; et. + exploit Mem.loadv_extends. 2: eauto. 1: eauto. + { econs. } + intros (? & ? & LD). inv LD. auto. Qed. Lemma match_env_inject_id en: @@ -232,17 +238,18 @@ Section CLIGHTEXT. - i. des. esplits; eauto. eapply val_inject_id; eauto. Qed. - Lemma deref_loc_extends ty m_src m_tgt blk ofs v_src - (DEREF: deref_loc ty m_src blk ofs v_src) + Lemma deref_loc_extends ty m_src m_tgt blk ofs bf v_src + (DEREF: deref_loc ty m_src blk ofs bf v_src) (EXT: Mem.extends m_src m_tgt): exists v_tgt, - (<>) /\ + (<>) /\ (<>). Proof. inv DEREF. - exploit Mem.loadv_extends; eauto. i. des. esplits; eauto. econs 1; eauto. - esplits; eauto. econs 2; eauto. - esplits; eauto. econs 3; eauto. + - inv H. exploit Mem.loadv_extends; eauto. intros (? & ? & LD). inv LD. esplits; eauto. econs 4; eauto. econs; et. Qed. Lemma eval_expr_lvalue_extends en_src en_tgt tenv_src tenv_tgt m_src m_tgt @@ -254,9 +261,9 @@ Section CLIGHTEXT. exists v_tgt, (<>) /\ (<>)) /\ - (forall exp blk ofs - (EVAL: eval_lvalue ge en_src tenv_src m_src exp blk ofs), - eval_lvalue ge en_tgt tenv_tgt m_tgt exp blk ofs). + (forall exp blk ofs bf + (EVAL: eval_lvalue ge en_src tenv_src m_src exp blk ofs bf), + eval_lvalue ge en_tgt tenv_tgt m_tgt exp blk ofs bf). Proof. apply eval_expr_lvalue_ind; i; try by (esplits; eauto; econs; eauto). - cinv (TENV id); rewrite H in *; clarify. @@ -269,7 +276,7 @@ Section CLIGHTEXT. - cinv (ENV id); des; clarify. econs 2; eauto. - des. cinv LESS. econs; eauto. - des. cinv LESS. econs; eauto. - - des. cinv LESS. econs; eauto. + - des. cinv LESS. econs 5; eauto. Qed. Lemma eval_expr_extends en_src en_tgt tenv_src tenv_tgt m_src m_tgt @@ -307,9 +314,9 @@ Section CLIGHTEXT. (ENV: match_env inject_id en_src en_tgt) (TENV: match_temp_env inject_id tenv_src tenv_tgt) (EXT: Mem.extends m_src m_tgt) - exp blk ofs - (EVAL: eval_lvalue ge en_src tenv_src m_src exp blk ofs): - eval_lvalue ge en_tgt tenv_tgt m_tgt exp blk ofs. + exp blk ofs bf + (EVAL: eval_lvalue ge en_src tenv_src m_src exp blk ofs bf): + eval_lvalue ge en_tgt tenv_tgt m_tgt exp blk ofs bf. Proof. eapply eval_expr_lvalue_extends; eauto. Qed. @@ -484,9 +491,9 @@ Section CLIGHTSOUNDSTATE. st j m (WF: Sound.wf su) (MEM: UnreachC.mem' su m) - (INJ: j = UnreachC.to_inj su su.(Unreach.nb)) + (INJ: j = UnreachC.to_inj su (Unreach.nb su)) (SKE: su.(Unreach.ge_nb) = skenv_link.(Genv.genv_next)) - (SKLE: Ple skenv_link.(Genv.genv_next) su.(Unreach.nb)) + (SKLE: Ple skenv_link.(Genv.genv_next) (Unreach.nb su)) (MATCHST: match_states_clight_internal st st j m m): sound_state_clight st. diff --git a/selfsim/ClightStepInj.v b/selfsim/ClightStepInj.v index ff781c63..67b748ef 100644 --- a/selfsim/ClightStepInj.v +++ b/selfsim/ClightStepInj.v @@ -35,7 +35,10 @@ Proof. + unfold Mem.storev in *. eapply mem_store_readonly; eauto. + eapply Mem.storebytes_unchanged_on; eauto. ii. unfold loc_not_writable in *. eapply H9. eapply Mem.perm_cur. eapply Mem.storebytes_range_perm; eauto. - - eapply unchanged_unchanged_ro. eapply alloc_variables_unchanged_on. inv H. et. + + match goal with H: store_bitfield _ _ _ _ _ _ _ _ _ _ |- _ => inv H end. + unfold Mem.storev in *. eapply mem_store_readonly; eauto. + - eapply unchanged_unchanged_ro. inv H. + eapply alloc_variables_unchanged_on; et. Qed. Definition match_env (j: meminj) (env_src env_tgt: env) := @@ -111,9 +114,9 @@ Inductive match_states_clight : unit -> state -> state -> SimMemInj.t' -> Prop := | match_states_clight_intro st_src st_tgt j m_src m_tgt sm0 - (MWFSRC: m_src = sm0.(SimMemInj.src)) - (MWFTGT: m_tgt = sm0.(SimMemInj.tgt)) - (MWFINJ: j = sm0.(SimMemInj.inj)) + (MWFSRC: m_src = (SimMemInj.src sm0)) + (MWFTGT: m_tgt = (SimMemInj.tgt sm0)) + (MWFINJ: j = (SimMemInj.inj sm0)) (MATCHST: match_states_clight_internal st_src st_tgt j m_src m_tgt) (MWF: SimMemInj.wf' sm0): match_states_clight tt st_src st_tgt sm0. @@ -128,15 +131,15 @@ Section CLIGHTINJ. (function_entry: genv -> function -> list val -> mem -> env -> temp_env -> mem -> Prop) := forall fn vs_src vs_tgt sm0 env_src tenv_src m_src1 (MWF: SimMemInj.wf' sm0) - (VALS: Val.inject_list sm0.(SimMemInj.inj) vs_src vs_tgt) - (ENTRY: function_entry ge_src fn vs_src sm0.(SimMemInj.src) env_src tenv_src m_src1), + (VALS: Val.inject_list (SimMemInj.inj sm0) vs_src vs_tgt) + (ENTRY: function_entry ge_src fn vs_src (SimMemInj.src sm0) env_src tenv_src m_src1), exists env_tgt tenv_tgt sm1, (<>) /\ (<>) /\ - (<>) /\ - (<>) /\ + (<>) /\ + (<>) /\ (<>) /\ - (<>). + (<>). Lemma alloc_variables_inject sm0 idl e_src0 e_tgt0 e_src1 m_src1 (ALLOC: alloc_variables ge_src e_src0 (SimMemInj.src sm0) idl e_src1 m_src1) @@ -163,13 +166,13 @@ Section CLIGHTINJ. i. des. clarify. esplits; eauto; try etrans; eauto. econs; eauto. rewrite <- CENV. auto. Qed. - Lemma assign_loc_inject ce ty sm0 blk_src blk_tgt ofs_src ofs_tgt v_src v_tgt m_src1 - (ASSIGN: assign_loc ce ty sm0.(SimMemInj.src) blk_src ofs_src v_src m_src1) - (INJ: Val.inject sm0.(SimMemInj.inj) (Vptr blk_src ofs_src) (Vptr blk_tgt ofs_tgt)) - (VAL: Val.inject sm0.(SimMemInj.inj) v_src v_tgt) + Lemma assign_loc_inject ce ty sm0 blk_src blk_tgt ofs_src ofs_tgt bf v_src v_tgt m_src1 + (ASSIGN: assign_loc ce ty (SimMemInj.src sm0) blk_src ofs_src bf v_src m_src1) + (INJ: Val.inject (SimMemInj.inj sm0) (Vptr blk_src ofs_src) (Vptr blk_tgt ofs_tgt)) + (VAL: Val.inject (SimMemInj.inj sm0) v_src v_tgt) (MWF: SimMemInj.wf' sm0): exists sm1, - (<>) /\ + (<>) /\ (<>) /\ (<>) /\ (<>). @@ -180,15 +183,15 @@ Section CLIGHTINJ. + cinv VAL. cinv INJ. assert (bytes = nil). { exploit (Mem.loadbytes_empty (SimMemInj.src sm0) b' (Ptrofs.unsigned ofs') (sizeof ce ty)). - omega. congruence. } subst. + lia. congruence. } subst. destruct (Mem.range_perm_storebytes (SimMemInj.tgt sm0) blk_tgt (Ptrofs.unsigned (Ptrofs.add ofs_src (Ptrofs.repr delta0))) nil) as [tm' SB]. { simpl. red; intros; lia. } eexists (SimMemInj.mk _ tm' _ _ _ _ _ _ _); ss. esplits; cycle 3; eauto. - * econs; ss; eauto; try (eapply Mem.storebytes_unchanged_on; eauto; i; ss; omega); + * econs; ss; eauto; try (eapply Mem.storebytes_unchanged_on; eauto; i; ss; lia); try (ii; eapply Mem.perm_storebytes_2; eauto); try (econs; i; des; clarify). * econs 2; eauto; i; try lia. - { apply Mem.loadbytes_empty. omega. } + { apply Mem.loadbytes_empty. lia. } * inv MWF. econs; ss; eauto; try (erewrite Mem.nextblock_storebytes; eauto). { eapply Mem.storebytes_empty_inject; eauto. } { unfold SimMemInj.src_private, SimMemInj.valid_blocks, Mem.valid_block. ss. @@ -199,7 +202,7 @@ Section CLIGHTINJ. des_safe. split; eauto. ii. eapply H5; eauto. eapply Mem.perm_storebytes_2; eauto. } + assert (SZPOS: sizeof ce ty > 0). - { generalize (sizeof_pos ce ty); omega. } + { generalize (sizeof_pos ce ty); lia. } cinv VAL. cinv INJ. assert (RPSRC: Mem.range_perm (SimMemInj.src sm0) b' (Ptrofs.unsigned ofs') (Ptrofs.unsigned ofs' + sizeof ce ty) Cur Nonempty). { eapply Mem.range_perm_implies; try eapply perm_any_N. eapply Mem.loadbytes_range_perm; eauto. } @@ -207,9 +210,9 @@ Section CLIGHTINJ. { replace (sizeof ce ty) with (Z.of_nat (List.length bytes)). - eapply Mem.range_perm_implies; try eapply perm_any_N. eapply Mem.storebytes_range_perm; eauto. - exploit Mem.loadbytes_length; try apply H3; eauto. intros LEN. - rewrite LEN. rewrite Z2Nat.id; try omega. } - assert (PSRC: Mem.perm (SimMemInj.src sm0) b' (Ptrofs.unsigned ofs') Cur Nonempty) by (apply RPSRC; omega). - assert (PDST: Mem.perm (SimMemInj.src sm0) blk_src (Ptrofs.unsigned ofs_src) Cur Nonempty) by (apply RPDST; omega). + rewrite LEN. rewrite Z2Nat.id; try lia. } + assert (PSRC: Mem.perm (SimMemInj.src sm0) b' (Ptrofs.unsigned ofs') Cur Nonempty) by (apply RPSRC; lia). + assert (PDST: Mem.perm (SimMemInj.src sm0) blk_src (Ptrofs.unsigned ofs_src) Cur Nonempty) by (apply RPDST; lia). exploit Mem.address_inject; try apply PSRC; eauto. intros EQ1. exploit Mem.address_inject; try apply PDST; eauto. intros EQ2. exploit Mem.loadbytes_inject; eauto. intros [bytes2 [A B]]. @@ -222,6 +225,9 @@ Section CLIGHTINJ. { apply alignof_blockcopy_1248. } { apply sizeof_alignof_blockcopy_compat. } * eapply Mem.disjoint_or_equal_inject with (m := SimMemInj.src sm0); eauto; apply Mem.range_perm_max with Cur; auto. + - inv H. exploit SimMemInj.storev_mapped; eauto. i. des. clarify. esplits; eauto. + inv VAL. exploit Mem.loadv_inject; eauto. i. des. inv H6. + econs 3; eauto. econs; eauto. Qed. Lemma call_cont_match j K_src K_tgt @@ -336,16 +342,18 @@ Section CLIGHTINJ. Variable function_entry: genv -> function -> list val -> mem -> env -> temp_env -> mem -> Prop. Hypothesis FUNCTIONENTRY: function_entry_inject function_entry. - Lemma deref_loc_inject j ty m_src m_tgt blk_src blk_tgt ofs_src ofs_tgt v_src - (DEREF: deref_loc ty m_src blk_src ofs_src v_src) + Lemma deref_loc_inject j ty m_src m_tgt blk_src blk_tgt ofs_src ofs_tgt bf v_src + (DEREF: deref_loc ty m_src blk_src ofs_src bf v_src) (INJECT: Mem.inject j m_src m_tgt) (VAL: Val.inject j (Vptr blk_src ofs_src) (Vptr blk_tgt ofs_tgt)): exists v_tgt, - (<>) /\ + (<>) /\ (<>). Proof. inv DEREF; try (by esplits; eauto; econs; eauto). - exploit Mem.loadv_inject; eauto. i. des. esplits; eauto. econs 1; eauto. + - exploit Mem.loadv_inject; eauto. i. des. esplits; eauto. econs 1; eauto. + - inv H. exploit Mem.loadv_inject; eauto. i. des. esplits; eauto. econs 4; eauto. + econs; eauto. inv H3. auto. Qed. Lemma eval_expr_lvalue_inject j env_src env_tgt tenv_src tenv_tgt m_src m_tgt @@ -358,13 +366,13 @@ Section CLIGHTINJ. exists v_tgt, (<>) /\ (<>)) /\ - (forall exp blk_src ofs_src - (EVAL: eval_lvalue ge_src env_src tenv_src m_src exp blk_src ofs_src), + (forall exp blk_src ofs_src bf + (EVAL: eval_lvalue ge_src env_src tenv_src m_src exp blk_src ofs_src bf), forall (ENV: match_env j env_src env_tgt) (TENV: match_temp_env j tenv_src tenv_tgt) (INJECT: Mem.inject j m_src m_tgt), exists blk_tgt ofs_tgt, - (<>) /\ + (<>) /\ (<>)). Proof. apply eval_expr_lvalue_ind; i; try (by esplits; eauto; econs; eauto). @@ -388,7 +396,9 @@ Section CLIGHTINJ. - exploit H0; eauto. i. des. cinv INJ. rewrite CENV in *. esplits. + econs 4; eauto. + econs; eauto. repeat rewrite Ptrofs.add_assoc. f_equal. apply Ptrofs.add_commut. - - exploit H0; eauto. i. des. cinv INJ. rewrite CENV in *. esplits; eauto. econs 5; eauto. + - exploit H0; eauto. i. des. cinv INJ. rewrite CENV in *. esplits; eauto. + rewrite Ptrofs.add_assoc. rewrite Ptrofs.add_commut. rewrite Ptrofs.add_assoc. rewrite Ptrofs.add_commut. + econs 5; et. rewrite Ptrofs.add_commut. auto. Qed. Lemma eval_expr_inject j env_src env_tgt tenv_src tenv_tgt m_src m_tgt exp v_src @@ -423,14 +433,14 @@ Section CLIGHTINJ. exists (tv :: vs_tgt). esplits; eauto. econs; eauto. Qed. - Lemma eval_lvalue_inject j env_src env_tgt tenv_src tenv_tgt m_src m_tgt exp blk_src ofs_src - (EVAL: eval_lvalue ge_src env_src tenv_src m_src exp blk_src ofs_src) + Lemma eval_lvalue_inject j env_src env_tgt tenv_src tenv_tgt m_src m_tgt exp blk_src ofs_src bf + (EVAL: eval_lvalue ge_src env_src tenv_src m_src exp blk_src ofs_src bf) (GENV: meminj_match_globals eq ge_src ge_tgt j) (ENV: match_env j env_src env_tgt) (TENV: match_temp_env j tenv_src tenv_tgt) (INJECT: Mem.inject j m_src m_tgt): exists blk_tgt ofs_tgt, - (<>) /\ + (<>) /\ (<>). Proof. exploit eval_expr_lvalue_inject; eauto. i. des. eauto. diff --git a/selfsim/IdSimAsm.v b/selfsim/IdSimAsm.v index e8d7b3c5..d383fa8d 100644 --- a/selfsim/IdSimAsm.v +++ b/selfsim/IdSimAsm.v @@ -45,8 +45,8 @@ Lemma asm_id (WF: Sk.wf (module asm)): exists mp, (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Proof. eapply any_id; eauto. Qed. @@ -76,7 +76,7 @@ Section LOCALPRIV. (Ptrofs.unsigned (ofs) + 4 * (size_arguments sg)) Cur Freeable) (VALID: Mem.valid_block m1 blk1) - (PUB: ~ su0.(Unreach.unreach) blk1): + (PUB: ~ (Unreach.unreach su0) blk1): has_footprint (mkstate init_rs (State rs0 m_unused)) su0 m1 | has_footprint_asmstyle su0 init_rs (rs0: regset) m_unused m1 @@ -344,7 +344,7 @@ Section LOCALPRIV. * eapply Mem.unchanged_on_implies; eauto. ss. } { set (su_new := Unreach.mk - su_arg.(Unreach.unreach) su_arg.(Unreach.ge_nb) (Mem.nextblock (JunkBlock.assign_junk_blocks m_arg n))). + (Unreach.unreach su_arg) su_arg.(Unreach.ge_nb) (Mem.nextblock (JunkBlock.assign_junk_blocks m_arg n))). set (UNCH := JunkBlock.assign_junk_blocks_unchanged_on m_arg n). assert (HLE: Unreach.hle su_arg su_new). { unfold su_new. ss. unfold Unreach.hle. esplits; ss; eauto. @@ -516,8 +516,8 @@ Section LOCALPRIV. { eapply Unreach.hle_hle_old; et. rr in GRARGS. des. ss. } set (su1 := Unreach.mk (fun blk => if plt blk (Mem.nextblock m0) - then su0.(Unreach.unreach) blk - else su_ret.(Unreach.unreach) blk + then (Unreach.unreach su0) blk + else (Unreach.unreach su_ret) blk ) su0.(Unreach.ge_nb) m2.(Mem.nextblock)). exists su1. @@ -660,8 +660,8 @@ Lemma asm_ext_unreach (WF: Sk.wf (module asm)): exists mp, (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Proof. eexists (ModPair.mk _ _ _); s. assert(PROGSKEL: match_program (fun _ => eq) eq (Sk.of_program fn_sig asm) (Sk.of_program fn_sig asm)). @@ -950,8 +950,8 @@ Lemma asm_ext_top (WF: Sk.wf (module asm)): exists mp, (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Proof. eexists (ModPair.mk _ _ _); s. assert(PROGSKEL: match_program (fun _ => eq) eq (Sk.of_program fn_sig asm) (Sk.of_program fn_sig asm)). @@ -1253,9 +1253,9 @@ Inductive match_states (sm0 : @SimMem.t SimMemInjC.SimMemInj) (AGREE: AsmStepInj.agree j rs_src rs_tgt) (AGREEINIT: AsmStepInj.agree j init_rs_src init_rs_tgt) - (MCOMPATSRC: m_src = sm0.(SimMem.src)) - (MCOMPATTGT: m_tgt = sm0.(SimMem.tgt)) - (MCOMPATINJ: j = sm0.(SimMemInj.inj)) + (MCOMPATSRC: m_src = (SimMem.src sm0)) + (MCOMPATTGT: m_tgt = (SimMem.tgt sm0)) + (MCOMPATINJ: j = (SimMemInj.inj sm0)) (MWF: SimMem.wf sm0) fd (FINDF: Genv.find_funct ge_src (init_rs_src PC) = Some (Internal fd)) @@ -1276,9 +1276,9 @@ Lemma asm_inj_drop_bot (WF: Sk.wf (module asm)): exists mp, (<>) - /\ (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>) + /\ (<>). Proof. eexists (ModPair.mk _ _ _); s. esplits; eauto. econs; ss; i. { econs; ss; i; clarify. inv WF. auto. } @@ -1676,7 +1676,7 @@ Proof. + econs; ss. eapply val_inject_incr; cycle 1; eauto. inv MLE. eauto. } - { exists sm0. exists (Retv.Asmstyle rs_tgt sm0.(SimMemInj.tgt)). + { exists sm0. exists (Retv.Asmstyle rs_tgt (SimMemInj.tgt sm0)). esplits; ss; eauto. + econs 2; ss; ii; eauto. * des. esplits; eauto. @@ -1750,8 +1750,8 @@ Lemma asm_inj_drop (WF: Sk.wf (module asm)): exists mp, (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Proof. exploit asm_inj_drop_bot; eauto. i. des. eauto. Qed. @@ -1761,8 +1761,8 @@ Lemma asm_inj_id (WF: Sk.wf (module asm)): exists mp, (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Proof. eapply sim_inj_drop_bot_id; eauto. apply asm_inj_drop_bot; auto. Qed. diff --git a/selfsim/IdSimAsmExtra.v b/selfsim/IdSimAsmExtra.v index cf78ea76..591fb4df 100644 --- a/selfsim/IdSimAsmExtra.v +++ b/selfsim/IdSimAsmExtra.v @@ -204,7 +204,7 @@ Section MEMORYLEMMA. Lemma Mem_unfree_parallel sm0 sm_arg sm_ret blk_src ofs_src ofs_tgt sz blk_tgt delta m_src1 - (DELTA: sm0.(SimMemInj.inj) blk_src = Some (blk_tgt, delta)) + (DELTA: (SimMemInj.inj sm0) blk_src = Some (blk_tgt, delta)) (VAL: ofs_tgt = Ptrofs.add ofs_src (Ptrofs.repr delta)) (MLE0: SimMemInj.le' sm0 sm_arg) (FREESRC: Mem.free @@ -224,12 +224,12 @@ Section MEMORYLEMMA. (Ptrofs.unsigned ofs_src) (Ptrofs.unsigned ofs_src + sz) = Some m_src1): exists sm1, - (<>) - /\ (<>) + (<>) + /\ (<>) /\ (<>) + = Some (SimMemInj.tgt sm1)>>) /\ (<>) /\ (<>) /\ (<>). @@ -423,9 +423,9 @@ Qed. Lemma assign_junk_blocks_parallel n sm0 (MWF: SimMemInj.wf' sm0): exists sm1, - (<>) - /\ (<>) - /\ (<>) + (<>) + /\ (<>) + /\ (<>) /\ (<>) /\ (<>) . @@ -465,19 +465,19 @@ Qed. Lemma store_arguments_parallel sm0 m_tgt1 rs_tgt vs vs' sg - (ARGSRC: store_arguments sm0.(SimMemInj.tgt) rs_tgt vs' sg m_tgt1) + (ARGSRC: store_arguments (SimMemInj.tgt sm0) rs_tgt vs' sg m_tgt1) (TYP: Val.has_type_list vs' sg.(sig_args)) (SZ: 4 * size_arguments sg <= Ptrofs.max_unsigned) - (VALINJ: Val.inject_list sm0.(SimMemInj.inj) vs vs') + (VALINJ: Val.inject_list (SimMemInj.inj sm0) vs vs') (MWF: SimMemInj.wf' sm0): exists sm1 rs_src, - (<>) /\ - (<>) /\ + (<>) /\ + (<>) /\ (<>) /\ (<>) /\ - (<>) /\ + (<>) /\ (<>). Proof. @@ -543,8 +543,8 @@ Inductive match_states_ext (AGREE: AsmStepExt.agree rs_src rs_tgt) (AGREEINIT: AsmStepExt.agree init_rs_src init_rs_tgt) (* (INJ: Mem.extends m_src m_tgt) *) - (MCOMPATSRC: m_src = sm0.(SimMem.src)) - (MCOMPATTGT: m_tgt = sm0.(SimMem.tgt)) + (MCOMPATSRC: m_src = (SimMem.src sm0)) + (MCOMPATTGT: m_tgt = (SimMem.tgt sm0)) (MWF: SimMem.wf sm0) fd (FINDF: Genv.find_funct ge_src (init_rs_src PC) = Some (Internal fd)) diff --git a/selfsim/IdSimClight.v b/selfsim/IdSimClight.v index f1972c4a..bd88f77d 100644 --- a/selfsim/IdSimClight.v +++ b/selfsim/IdSimClight.v @@ -32,8 +32,8 @@ Lemma clight_id (WF: Sk.wf (module2 clight)): exists mp, (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Proof. eapply any_id; eauto. Qed. @@ -43,8 +43,8 @@ Lemma clight_ext_unreach (WF: Sk.wf (module2 clight)): exists mp, (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Proof. eexists (ModPair.mk _ _ _); s. esplits; eauto. instantiate (1:=(SimSymbId.mk _ _)). econs; ss; i. destruct SIMSKENVLINK. @@ -95,8 +95,8 @@ Lemma clight_ext_top (WF: Sk.wf (module2 clight)): exists mp, (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Proof. eexists (ModPair.mk _ _ _); s. esplits; eauto. instantiate (1:=(SimSymbId.mk _ _)). econs; ss; i. destruct SIMSKENVLINK. @@ -149,9 +149,9 @@ Lemma clight_inj_drop_bot (WF: Sk.wf (module2 clight)): exists mp, (<>) - /\ (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>) + /\ (<>). Proof. eexists (ModPair.mk _ _ _); s. esplits; eauto. econs; ss; i. { econs; ss; i; clarify. inv WF. auto. } @@ -210,8 +210,8 @@ Lemma clight_inj_drop (WF: Sk.wf (module2 clight)): exists mp, (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Proof. exploit clight_inj_drop_bot; eauto. i. des. eauto. Qed. @@ -221,8 +221,8 @@ Lemma clight_inj_id (WF: Sk.wf (module2 clight)): exists mp, (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Proof. eapply sim_inj_drop_bot_id. apply clight_inj_drop_bot; auto. Qed. diff --git a/selfsim/IdSimExtra.v b/selfsim/IdSimExtra.v index 75336b4b..18c9add5 100644 --- a/selfsim/IdSimExtra.v +++ b/selfsim/IdSimExtra.v @@ -105,13 +105,13 @@ Lemma sim_inj_drop_bot_id sk_src sk_tgt src (DROP: exists mp, (<>) - /\ (<>) - /\ (<>) - /\ (<>)): + /\ (<>) + /\ (<>) + /\ (<>)): exists mp, (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Proof. des. clarify. destruct mp eqn: EQ. ss. clarify. inv SIM. ss. unfold ModPair.to_msp in *. ss. @@ -244,8 +244,8 @@ Lemma any_id (WF: Sk.wf md): exists mp, (<>) - /\ (<>) - /\ (<>). + /\ (<>) + /\ (<>). Proof. eexists (ModPair.mk _ _ _); s. esplits; eauto. instantiate (1:=(SimSymbId.mk md md)). econs; ss; i. @@ -255,7 +255,7 @@ Proof. - eapply SoundTop.sound_state_local_preservation. - instantiate (1:= fun _ st_src st_tgt sm0 => (<>) /\ - (<>)). + (<>)). ss. i. inv SIMARGS; ss; esplits; eauto; try congruence; ss. assert(rs_tgt = rs_src) by (eapply functional_extensionality; r in RS; ss). congruence. - ii. destruct args_src, args_tgt, sm_arg; inv SIMARGS; ss; clarify. diff --git a/x86/AsmgenproofC.v b/x86/AsmgenproofC.v index dc4fbf5b..1e675e94 100644 --- a/x86/AsmgenproofC.v +++ b/x86/AsmgenproofC.v @@ -110,8 +110,8 @@ Inductive match_states init_sp init_ra st_src0.(MachC.init_rs) st_src0.(init_sg) st_tgt0.(init_rs)) (MATCHST: Asmgenproof.match_states ge st_src0.(MachC.st) st_tgt0) (* (SPPTR: ValuesC.is_real_ptr (st_tgt0.(init_rs) RSP)) *) - (MCOMPATSRC: (MachC.get_mem st_src0.(MachC.st)) = sm0.(SimMem.src)) - (MCOMPATTGT: (get_mem st_tgt0) = sm0.(SimMem.tgt)) + (MCOMPATSRC: (MachC.get_mem st_src0.(MachC.st)) = (SimMem.src sm0)) + (MCOMPATTGT: (get_mem st_tgt0) = (SimMem.tgt sm0)) (IDX: measure st_src0.(MachC.st) = idx). Lemma asm_step_dstep init_rs st0 st1 tr From 3a3d98a8ff90d809c8ef709c06ac0ed62992ed92 Mon Sep 17 00:00:00 2001 From: Yoonseung Kim Date: Sat, 25 Feb 2023 15:04:37 -0500 Subject: [PATCH 2/2] Minor fix --- Makefile | 4 ++-- make_graph.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index bf18773e..1b3aacf6 100644 --- a/Makefile +++ b/Makefile @@ -76,8 +76,8 @@ Makefile.coq: Makefile $(COQTHEORIES) # echo "-R ../../backend compcert.backend"; \ # echo "-R ../../cfrontend compcert.cfrontend"; \ # echo "-R ../../driver compcert.driver"; \ -# echo "-R ../../flocq compcert.flocq"; \ -# echo "-R ../../exportclight compcert.exportclight"; \ +# echo "-R ../../flocq Flocq"; \ +# echo "-R ../../export compcert.export"; \ # echo "-R ../../cparser compcert.cparser"; \ # echo $(COQTHEORIES)) > _CoqProject # coq_makefile -f _CoqProject -o Makefile.coq-rsync diff --git a/make_graph.sh b/make_graph.sh index 90951fdc..c7e613a4 100755 --- a/make_graph.sh +++ b/make_graph.sh @@ -3,7 +3,7 @@ coqdep -dumpgraph graph.dot \ -R ../lib compcert.lib -R ../common compcert.common -R ../x86 compcert.x86 -R ../x86_64 compcert.x86_64 \ -R ../backend compcert.backend -R ../cfrontend compcert.cfrontend -R ../driver compcert.driver \ - -R ../flocq compcert.flocq -R ../exportclight compcert.exportclight -R ../cparser compcert.cparser \ + -R ../flocq Flocq -R ../export compcert.export -R ../cparser compcert.cparser \ -R lib compcomp -R common compcomp -R x86 compcomp -R x86_64 compcomp -R backend compcomp \ -R cfrontend compcomp -R compose compcomp -R proof compcomp -R bound compcomp -R demo compcomp \ **