From 04b2489d7c2a9b0d203b3d431517367a07bd6b30 Mon Sep 17 00:00:00 2001
From: David Monniaux <david.monniaux@univ-grenoble-alpes.fr>
Date: Wed, 16 Jun 2021 11:39:25 +0200
Subject: fix modeling issue (Vundef for load outside of bounds)

---
 kvx/Asmvliw.v | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'kvx/Asmvliw.v')

diff --git a/kvx/Asmvliw.v b/kvx/Asmvliw.v
index aa2e0885..304e45a8 100644
--- a/kvx/Asmvliw.v
+++ b/kvx/Asmvliw.v
@@ -313,7 +313,12 @@ Inductive cf_instruction : Type :=
 .
 
 (** *** Loads *)
-Definition concrete_default_notrap_load_value (chunk : memory_chunk) :=
+Definition concrete_default_notrap_load_value (chunk : memory_chunk) := Vundef.
+
+(* What follows was the original spec, but is subtly incorrect.
+   Our definition of the assembly-level memory model is already an abstraction of the real world.
+   In particular, we consider that a load is incorrect when it points outside of CompCert's visible memory, whereas this memory could be correct at the assembly level.
+   This means that CompCert would believe an incorrect load would yield 0 whereas it would yield another value.
   match chunk with
   | Mint8signed | Mint8unsigned | Mint16signed | Mint16unsigned
   | Mint32 => Vint Int.zero
@@ -321,7 +326,7 @@ Definition concrete_default_notrap_load_value (chunk : memory_chunk) :=
   | Many32 | Many64 => Vundef
   | Mfloat32 => Vsingle Float32.zero
   | Mfloat64 => Vfloat Float.zero
-  end.
+  end. *)
 
 Inductive load_name : Type :=
   | Plb                                             (**r load byte *)
-- 
cgit