| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
In the "small" case, there was an error in the choice of temporary
registers to use when one argument is a stack location and the other
is a register. The chosen temporary could conflict with the argument
that resides in a register.
Fixes: #412
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Stack offsets must be multiple of 8 when using ldp/stp instructions
and multiple of the transferred size when using other load/store
instructions with offsets greater than 256.
For simplicity, always require that the offset is multiple of 8.
Fixes: #410
|
| | |
| |
| |
| | |
The return type is Tint8unsigned (i.e. _Bool), not Tint.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Instead, add `Set Asymmetric Patterns` to the files that need it,
or use `Arguments` to make inductive types work better with symmetric patterns.
Closes: #403
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the Clight AST, padding bit fields (such as `int : 6;`) in composite
declarations are given an ident that corresponds to the empty string.
Previously, clightgen would give name `_` to this ident, but this is
not valid Coq.
This commit gives name `empty_ident` to the empty ident. This name
does not start with an underscore, so it cannot conflict with the
names for regular idents, which all start with `_`.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Warning 69 "mutable record field is never mutated":
3 occurrences in backend/IRC.ml
removed the "mutable" qualifier on these fields
Warning 70 "cannot find interface file"
many .ml files have no .mli
no strong motivation to add the .mli files
turned off the warning in Makefile.extr
|
| | |
| |
| |
| |
| |
| | |
Instead of duplicating the memory access code in `Asmexpand.ml` we move
the code for each of the different addressings in `Asmgen.v` into
separate functions that then can be reused in `Asmexpand.ml`.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
leaq's offsets can overflow (not fit in 32 bits) in other cases than
those fixed in 4daebb7a0, e.g. in the expansion of __builtin_memcpy_aligned.
This commit implements full normalization of the `leaq` instructions
produced in Asmexpand, following the same method used in Asmgen.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If N does not fit in signed 32 bits, `leaq` cannot be used and
`mov; addq` must be used instead.
This was already the case for `leaq` instructions produced by the Asmgen
pass, but not for some `leaq` instructions produced by Asmexpand.
Normally, assemblers should fail if the `leaq` offset is not representable,
but this is not always the case (see issue #406).
Fixes: #406
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This big PR adds support for bit fields in structs and unions to
the verified part of CompCert, namely the CompCert C and Clight
languages.
The compilation of bit field accesses to normal integer accesses +
shifts and masks is done and proved correct as part of the Cshmgen
pass.
The layout of bit fields in memory is done by the functions in module
Ctypes. It follows the ELF ABI layout algorithm. As a bonus, basic
soundness properties of the layout are shown, such as "two different
bit fields do not overlap" or "a bit field and a regular field do not
overlap".
All this replaces the previous emulation of bit fields by
source-to-source rewriting in the unverified front-end of CompCert
(module cparse/Bitfield.ml). This emulation was prone to errors (see
nonstandard layout instead.
The core idea for the PR is that expressions in l-value position
denote not just a block, a byte offset and a type, but also a bitfield
designator saying whether all the bits of the type are accessed
(designator Full) or only some of its bits (designator
Bits). Designators of the Bits kind appear when the l-value is a bit
field access; the bit width and bit offset in Bits are computed by the
functions in Ctypes that implement the layout algorithm.
Consequently, both in the semantics of CompCert C and Clight and in
the SimplExpr, SimplLocals and Cshmgen compilation passes, pairs of a
type and a bitfield designator are used in a number of places where a
single type was used before.
The introduction of bit fields has a big impact on static
initialization (module cfrontend/Initializers.v), which had to be
rewritten in large part, along with its soundness proof
(cfrontend/Initializersproof.v).
Both static initialization and run-time manipulation of bit fields are
tested in test/abi using differential testing against GCC and
randomly-generated structs.
This work exposed subtle interactions between bit fields and the
volatile modifier. Currently, the volatile modifier is ignored when
accessing a bit field (and a warning is printed at compile-time), just
like it is ignored when accessing a struct or union as a r-value.
Currently, the natural alignment of bit fields and their storage units
cannot be modified with the aligned attribute. _Alignas on bit fields
is rejected as per C11, and the packed modifier cannot be applied to a
struct containing bit fields.
|
| | | |
| | |
| | |
| | |
| | | |
A more general version of the link_match_program linking theorem.
It supports match_fundef relations parameterized by the source compilation unit.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Works also for sign_ext 32.
ARM, RISC-V: adapt Asmgenproof1 accordingly
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Don't put them in the C environment used for elaboration.
Instead, add them directly to the generated CompCert C at the end of
the C2C translation.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | |
| | | | |
into csmith
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| |/ / / |
|
| | | | |
|
| |\ \ \
| | | |
| | | |
| | | | |
into csmith
|
| | |\ \ \
| | | | |
| | | | |
| | | | | |
into csmith
|
| | | | | | |
|
| | | |\ \ \
| | | | | |
| | | | | |
| | | | | | |
into csmith
|
| | | |\ \ \ \ |
|
| | | |_|/ / /
| |/| | | | |
|
| | | | | | | |
|
| | |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | | |
into csmith
|
| | | | | | | | |
|
| | |/ / / / /
|/| | | | | |
|
| |/ / / / / |
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
into csmith
Z
|
| | |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | | |
into csmith
|
| | | |\ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | | |
into csmith
|
| | | | | | | | | |
|
| | | |/ / / / /
| |/| | | | | |
|
| | |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | | |
into csmith
|
| | | |/ / / / / |
|
| | | | | | | | |
|
| | | | | | | | |
|
