prove that Mem.valid is preserved by symbolic execution of RTLpath

author: Sylvain Boulmé <sylvain.boulme@univ-grenoble-alpes.fr> 2020-08-27 09:37:51 +0200
committer: Sylvain Boulmé <sylvain.boulme@univ-grenoble-alpes.fr> 2020-08-27 09:37:51 +0200
commit: 9531682c1c68e3e65855a2dcf676c5c1de9a184b (patch)
tree: ce299ca9ec47706854a271f5f3cfee872310a8d9 /kvx/lib
parent: 5888db3a5975913ed5525ec00e12d7ceebbe8607 (diff)
download: compcert-kvx-9531682c1c68e3e65855a2dcf676c5c1de9a184b.tar.gz
compcert-kvx-9531682c1c68e3e65855a2dcf676c5c1de9a184b.zip
1 files changed, 22 insertions, 12 deletions
diff --git a/kvx/lib/RTLpathSE_impl.v b/kvx/lib/RTLpathSE_impl.v
index 4e159b15..96da94e9 100644
--- a/kvx/lib/RTLpathSE_impl.v
+++ b/kvx/lib/RTLpathSE_impl.v
@@ -70,7 +70,9 @@ Definition hsok_local ge sp rs0 m0 (hst: hsistate_local) : Prop :=
 Definition hsilocal_refines ge sp rs0 m0 (hst: hsistate_local) (st: sistate_local) :=
       (sok_local ge sp rs0 m0 st <-> hsok_local ge sp rs0 m0 hst) 
   /\  (hsok_local ge sp rs0 m0 hst -> seval_smem ge sp hst.(hsi_smem) rs0 m0 = seval_smem ge sp st.(si_smem) rs0 m0)
-  /\  (hsok_local ge sp rs0 m0 hst -> forall r, hsi_sreg_eval ge sp hst r rs0 m0 = seval_sval ge sp (si_sreg st r) rs0 m0).
+  /\  (hsok_local ge sp rs0 m0 hst -> forall r, hsi_sreg_eval ge sp hst r rs0 m0 = seval_sval ge sp (si_sreg st r) rs0 m0)
+  /\  (forall m b ofs, seval_smem ge sp st.(si_smem) rs0 m0 = Some m -> Mem.valid_pointer m b ofs = Mem.valid_pointer m0 b ofs)
+  .
 
 Lemma ssem_local_refines_hok ge sp rs0 m0 hst st rs m:
   ssem_local ge sp st rs0 m0 rs m -> hsilocal_refines ge sp rs0 m0 hst st -> hsok_local ge sp rs0 m0 hst.
@@ -156,7 +158,7 @@ Proof.
   destruct of as [alive |].
   - constructor.
     + constructor; [assumption | constructor; [assumption|]].
-      destruct HREF2 as (B & _ & A).
+      destruct HREF2 as (B & _ & A & _).
       (** B is used for the auto below. *)
       assert (forall r : positive, hsi_sreg_eval ge2 sp hst2 r rs0 m0 = seval_sval ge2 sp (si_sreg st2 r) rs0 m0) by auto.
       intro r. rewrite <- H. clear H. 
@@ -167,7 +169,7 @@ Proof.
       unfold seval_sval_partial. generalize HOK2; rewrite <- B; intros (_ & _ & C) D.
       assert (seval_sval ge2 sp s rs0 m0 <> None) by congruence.
       destruct (seval_sval ge2 sp s rs0 m0); [reflexivity | contradiction].
-    + intros r ALIVE. destruct HREF2 as (_ & _ & A). destruct HREF1 as (_ & _ & B).
+    + intros r ALIVE. destruct HREF2 as (_ & _ & A & _). destruct HREF1 as (_ & _ & B & _).
       destruct CORE as (_ & C & _). rewrite seval_partial_regset_get.
       assert (OPT: forall (x y: val), Some x = Some y -> x = y) by congruence.
       destruct (hst2 ! r) eqn:HST2; apply OPT; clear OPT.
@@ -187,7 +189,7 @@ Proof.
       rewrite <- MEMEQ2; auto. rewrite <- MEMEQ3.
       erewrite smem_eval_preserved; [| eapply GFS].
       rewrite MEMEQ1; auto.
-    + intro r. destruct HREF2 as (_ & _ & A). destruct HREF1 as (_ & _ & B).
+    + intro r. destruct HREF2 as (_ & _ & A & _). destruct HREF1 as (_ & _ & B & _).
       destruct CORE as (_ & C & _). rewrite <- A; auto. rewrite hsi_sreg_eval_correct.
       rewrite C; [|auto]. erewrite seval_preserved; [| eapply GFS]. rewrite <- hsi_sreg_eval_correct.
       rewrite B; auto.
@@ -891,12 +893,13 @@ Qed.
 
 Lemma hslocal_set_mem_correct ge sp rs0 m0 hst st hsm sm:
   (seval_smem ge sp (hsi_smem hst) rs0 m0 = None -> seval_smem ge sp hsm rs0 m0 = None) ->
+  (forall m b ofs, seval_smem ge sp sm rs0 m0 = Some m -> Mem.valid_pointer m b ofs = Mem.valid_pointer m0 b ofs) ->
   hsilocal_refines ge sp rs0 m0 hst st ->
   (hsok_local ge sp rs0 m0 hst -> seval_smem ge sp hsm rs0 m0 = seval_smem ge sp sm rs0 m0) ->
   hsilocal_refines ge sp rs0 m0 (hslocal_set_smem hst hsm) (slocal_set_smem st sm).
 Proof.
-  intros PRESERV (OKEQ & SMEMEQ' & REGEQ) SMEMEQ.
-  split; rewrite! hsok_local_set_mem; eauto; try tauto.
+  intros PRESERV SMVALID (OKEQ & SMEMEQ' & REGEQ & MVALID) SMEMEQ.
+  split; rewrite! hsok_local_set_mem; simpl; eauto; try tauto.
   rewrite sok_local_set_mem.
   intuition congruence.
 Qed.
@@ -1077,11 +1080,12 @@ Lemma hslocal_set_sreg_correct ge sp rs0 m0 hst st r (rsv:root_sval) lsv sv':
   (hsok_local ge sp rs0 m0 hst -> seval_sval ge sp sv' rs0 m0 = seval_sval ge sp (rsv lsv (hsi_smem hst)) rs0 m0) ->
   hsilocal_refines ge sp rs0 m0 (hslocal_set_sreg hst r rsv lsv) (slocal_set_sreg st r sv').
 Proof.
-  intros (ROK & RMEM & RVAL) OKA RSV.
+  intros (ROK & RMEM & RVAL & MVALID) OKA RSV.
   unfold hsilocal_refines; simpl. rewrite! hsok_local_set_sreg; eauto. split.
   + rewrite <- ROK in RSV; rewrite sok_local_set_sreg; eauto.
     intuition congruence.
-  + split; try tauto.
+  + split. { try tauto. }
+    split. 2: { try tauto. }
     intros (HOKL & RSV2) r0.
     rewrite red_PTree_set_correct.
     rewrite hsi_sreg_eval_correct. unfold hsi_sreg_get.
@@ -1130,7 +1134,7 @@ Lemma seval_sval_refines ge sp rs0 m0 hst st p:
   hsilocal_refines ge sp rs0 m0 hst st ->
   seval_sval ge sp (hsi_sreg_get hst p) rs0 m0 = seval_sval ge sp (si_sreg st p) rs0 m0.
 Proof.
-  intros OKL HREF. destruct HREF as (_ & _ & RSEQ).
+  intros OKL HREF. destruct HREF as (_ & _ & RSEQ & _).
   rewrite <- hsi_sreg_eval_correct; eauto.
 Qed.
 
@@ -1140,7 +1144,7 @@ Lemma seval_list_sval_refines ge sp rs0 m0 hst st l:
   seval_list_sval ge sp (list_sval_inj (map (hsi_sreg_get hst) l)) rs0 m0 =
   seval_list_sval ge sp (list_sval_inj (map (si_sreg st) l)) rs0 m0.
 Proof.
-  intros OKL HLREF. destruct HLREF as (_ & _ & RSEQ).
+  intros OKL HLREF. destruct HLREF as (_ & _ & RSEQ & _).
   induction l; simpl; auto.
   erewrite <- RSEQ; auto.
   rewrite IHl. 
@@ -1163,7 +1167,7 @@ Lemma seval_condition_refines hst st ge sp cond args rs m:
   seval_condition ge sp cond args (hsi_smem hst) rs m
   = seval_condition ge sp cond args (si_smem st) rs m.
  Proof.
-  intros HOK (OKEQ & MEMEQ & RSEQ). unfold seval_condition.
+  intros HOK (_ & MEMEQ & _). unfold seval_condition.
   rewrite <- MEMEQ; auto.
 Qed.
 
@@ -1221,6 +1225,11 @@ Proof.
     eapply hsist_set_local_correct_dyn; eauto.
     eapply hslocal_set_mem_correct; eauto.
     + simpl. simplify_SOME x.
+    + simpl. intros m1; simplify_SOME x.
+      intros.
+      erewrite <- Mem.storev_preserv_valid; [| eauto].
+      destruct REF as (_ & _ & _ & _ & MVALID).
+      eauto.
     + intros. simpl.
       erewrite seval_list_sval_refines; eauto.
       erewrite seval_smem_refines; eauto.
@@ -1331,7 +1340,8 @@ Proof.
   - intro. destruct H as (SVAL & SMEM). constructor; [simpl; auto|].
     constructor; simpl; discriminate.
   - intros; simpl; reflexivity.
-  - intros. unfold hsi_sreg_eval. rewrite PTree.gempty. reflexivity.
+  - split. { intros; unfold hsi_sreg_eval; rewrite PTree.gempty; reflexivity. }
+    congruence.
 Qed.
 
 Definition init_hsistate pc := {| hsi_pc := pc; hsi_exits := nil; hsi_local := init_hsistate_local |}.
author	Sylvain Boulmé <sylvain.boulme@univ-grenoble-alpes.fr>	2020-08-27 09:37:51 +0200
committer	Sylvain Boulmé <sylvain.boulme@univ-grenoble-alpes.fr>	2020-08-27 09:37:51 +0200
commit	9531682c1c68e3e65855a2dcf676c5c1de9a184b (patch)
tree	ce299ca9ec47706854a271f5f3cfee872310a8d9 /kvx/lib
parent	5888db3a5975913ed5525ec00e12d7ceebbe8607 (diff)
download	compcert-kvx-9531682c1c68e3e65855a2dcf676c5c1de9a184b.tar.gz compcert-kvx-9531682c1c68e3e65855a2dcf676c5c1de9a184b.zip