From d84a003dc41c1ce572e86f399f5a610a78eda15f Mon Sep 17 00:00:00 2001
From: David Monniaux <david.monniaux@univ-grenoble-alpes.fr>
Date: Sat, 7 Sep 2019 13:48:11 +0200
Subject: PowerPC compiles

---
 powerpc/Asmexpand.ml   | 31 +++++++++++++++----------------
 powerpc/Asmgen.v       | 14 ++++++++++----
 powerpc/Asmgenproof.v  |  8 ++++++++
 powerpc/Asmgenproof1.v |  5 +++--
 powerpc/Op.v           | 42 ++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 78 insertions(+), 22 deletions(-)

(limited to 'powerpc')

diff --git a/powerpc/Asmexpand.ml b/powerpc/Asmexpand.ml
index 5ca4c611..0ef0a21e 100644
--- a/powerpc/Asmexpand.ml
+++ b/powerpc/Asmexpand.ml
@@ -14,7 +14,6 @@
    of the PPC assembly code. *)
 
 open Camlcoq
-open Integers
 open AST
 open Asm
 open Asmexpandaux
@@ -89,7 +88,7 @@ let expand_annot_val kind txt targ args res =
    Note that lfd and stfd cannot trap on ill-formed floats. *)
 
 let offset_in_range ofs =
-  Int.eq (Asmgen.high_s ofs) _0
+  Integers.Int.eq (Asmgen.high_s ofs) _0
 
 let memcpy_small_arg sz arg tmp =
   match arg with
@@ -97,7 +96,7 @@ let memcpy_small_arg sz arg tmp =
       (r, _0)
   | BA_addrstack ofs ->
       if offset_in_range ofs
-      && offset_in_range (Int.add ofs (Int.repr (Z.of_uint sz)))
+      && offset_in_range (Integers.Int.add ofs (Integers.Int.repr (Z.of_uint sz)))
       then (GPR1, ofs)
       else begin emit_addimm tmp GPR1 ofs; (tmp, _0) end
   | _ ->
@@ -112,19 +111,19 @@ let expand_builtin_memcpy_small sz al src dst =
     if sz >= 8 && al >= 4 && !Clflags.option_ffpu then begin
       emit (Plfd(FPR13, Cint osrc, rsrc));
       emit (Pstfd(FPR13, Cint odst, rdst));
-      copy (Int.add osrc _8) (Int.add odst _8) (sz - 8)
+      copy (Integers.Int.add osrc _8) (Integers.Int.add odst _8) (sz - 8)
     end else if sz >= 4 then begin
       emit (Plwz(GPR0, Cint osrc, rsrc));
       emit (Pstw(GPR0, Cint odst, rdst));
-      copy (Int.add osrc _4) (Int.add odst _4) (sz - 4)
+      copy (Integers.Int.add osrc _4) (Integers.Int.add odst _4) (sz - 4)
     end else if sz >= 2 then begin
       emit (Plhz(GPR0, Cint osrc, rsrc));
       emit (Psth(GPR0, Cint odst, rdst));
-      copy (Int.add osrc _2) (Int.add odst _2) (sz - 2)
+      copy (Integers.Int.add osrc _2) (Integers.Int.add odst _2) (sz - 2)
     end else if sz >= 1 then begin
       emit (Plbz(GPR0, Cint osrc, rsrc));
       emit (Pstb(GPR0, Cint odst, rdst));
-      copy (Int.add osrc _1) (Int.add odst _1) (sz - 1)
+      copy (Integers.Int.add osrc _1) (Integers.Int.add odst _1) (sz - 1)
     end in
   copy osrc odst sz
 
@@ -134,7 +133,7 @@ let memcpy_big_arg arg tmp =
   | BA (IR r) ->
       emit (Paddi(tmp, r, Cint _m4))
   | BA_addrstack ofs ->
-      emit_addimm tmp GPR1 (Int.add ofs _m4)
+      emit_addimm tmp GPR1 (Integers.Int.add ofs _m4)
   | _ ->
       assert false
 
@@ -227,10 +226,10 @@ let expand_volatile_access
 let offset_constant cst delta =
   match cst with
   | Cint n ->
-      let n' = Int.add n delta in
+      let n' = Integers.Int.add n delta in
       if offset_in_range n' then Some (Cint n') else None
   | Csymbol_sda(id, ofs) ->
-      Some (Csymbol_sda(id, Int.add ofs delta))
+      Some (Csymbol_sda(id, Integers.Int.add ofs delta))
   | _ -> None
 
 let expand_load_int64 hi lo base ofs_hi ofs_lo =
@@ -438,7 +437,7 @@ let expand_integer_cond_move a1 a2 a3 res =
   if a2 = a3 then
     emit (Pmr (res, a2))
   else if eref then begin
-    emit (Pcmpwi (a1,Cint (Int.zero)));
+    emit (Pcmpwi (a1,Cint (Integers.Int.zero)));
     emit (Pisel (res,a3,a2,CRbit_2))
   end else begin
     (* a1 has type _Bool, hence it is 0 or 1 *)
@@ -683,23 +682,23 @@ let expand_builtin_inline name args res =
   | "__builtin_icbi", [BA(IR a1)],_ ->
       emit (Picbi(GPR0,a1))
   | "__builtin_dcbtls", [BA (IR a1); BA_int loc],_ ->
-      if not ((Int.eq loc _0) || (Int.eq loc _2)) then
+      if not ((Integers.Int.eq loc _0) || (Integers.Int.eq loc _2)) then
         raise (Error "the second argument of __builtin_dcbtls must be 0 or 2");
       emit (Pdcbtls (loc,GPR0,a1))
   | "__builtin_dcbtls",_,_ ->
       raise (Error "the second argument of __builtin_dcbtls must be a constant")
   | "__builtin_icbtls", [BA (IR a1); BA_int loc],_ ->
-    if not ((Int.eq loc _0) || (Int.eq loc _2)) then
+    if not ((Integers.Int.eq loc _0) || (Integers.Int.eq loc _2)) then
         raise (Error "the second argument of __builtin_icbtls must be 0 or 2");
       emit (Picbtls (loc,GPR0,a1))
   | "__builtin_icbtls",_,_ ->
       raise (Error "the second argument of __builtin_icbtls must be a constant")
   | "__builtin_prefetch" , [BA (IR a1) ;BA_int rw; BA_int loc],_ ->
-      if not (Int.ltu loc _4) then
+      if not (Integers.Int.ltu loc _4) then
         raise (Error "the last argument of __builtin_prefetch must be 0, 1 or 2");
-      if Int.eq rw _0 then begin
+      if Integers.Int.eq rw _0 then begin
         emit (Pdcbt (loc,GPR0,a1));
-      end else if Int.eq rw _1 then begin
+      end else if Integers.Int.eq rw _1 then begin
         emit (Pdcbtst (loc,GPR0,a1));
       end else
         raise (Error "the second argument of __builtin_prefetch must be 0 or 1")
diff --git a/powerpc/Asmgen.v b/powerpc/Asmgen.v
index a686414a..29e2c028 100644
--- a/powerpc/Asmgen.v
+++ b/powerpc/Asmgen.v
@@ -783,8 +783,13 @@ Definition transl_memory_access
       Error(msg "Asmgen.transl_memory_access")
   end.
 
-Definition transl_load (chunk: memory_chunk) (addr: addressing)
-                       (args: list mreg) (dst: mreg) (k: code) :=
+Definition transl_load
+           (trap : trapping_mode)
+           (chunk: memory_chunk) (addr: addressing)
+           (args: list mreg) (dst: mreg) (k: code) :=
+  match trap with
+  | NOTRAP => Error (msg "Asmgen.transl_load non-trapping loads unsupported on PPC")
+  | TRAP =>
   match chunk with
   | Mint8signed =>
       do r <- ireg_of dst;
@@ -812,6 +817,7 @@ Definition transl_load (chunk: memory_chunk) (addr: addressing)
       transl_memory_access (Plfd r) (Plfdx r) addr args GPR12 k
   | _ =>
       Error (msg "Asmgen.transl_load")
+  end
   end.
 
 Definition transl_store (chunk: memory_chunk) (addr: addressing)
@@ -869,8 +875,8 @@ Definition transl_instr (f: Mach.function) (i: Mach.instruction)
          loadind GPR1 f.(fn_link_ofs) Tint R11 k1)
   | Mop op args res =>
       transl_op op args res k
-  | Mload chunk addr args dst =>
-      transl_load chunk addr args dst k
+  | Mload trap chunk addr args dst =>
+      transl_load trap chunk addr args dst k
   | Mstore chunk addr args src =>
       transl_store chunk addr args src k
   | Mcall sig (inl r) =>
diff --git a/powerpc/Asmgenproof.v b/powerpc/Asmgenproof.v
index d653633c..21d5ce48 100644
--- a/powerpc/Asmgenproof.v
+++ b/powerpc/Asmgenproof.v
@@ -328,6 +328,7 @@ Proof.
   eapply loadind_label; eauto.
   eapply tail_nolabel_trans; eapply loadind_label; eauto.
   eapply transl_op_label; eauto.
+  destruct t; try discriminate.
   destruct m; monadInv H; (eapply tail_nolabel_trans; [eapply transl_memory_access_label; TailNoLabel|TailNoLabel]).
   destruct m; monadInv H; eapply transl_memory_access_label; TailNoLabel.
   destruct s0; monadInv H; TailNoLabel.
@@ -657,6 +658,13 @@ Opaque loadind.
   split. simpl; congruence.
   apply R; auto with asmgen.
 
+
+- (* Mload notrap *) (* isn't there a nicer way? *)
+  inv AT. simpl in *. unfold bind in *. destruct (transl_code _ _ _) in *; discriminate.
+
+- (* Mload notrap *)
+  inv AT. simpl in *. unfold bind in *. destruct (transl_code _ _ _) in *; discriminate.
+
 - (* Mstore *)
   assert (eval_addressing tge sp addr rs##args = Some a).
     rewrite <- H. apply eval_addressing_preserved. exact symbols_preserved.
diff --git a/powerpc/Asmgenproof1.v b/powerpc/Asmgenproof1.v
index 884d5366..6ceb7f85 100644
--- a/powerpc/Asmgenproof1.v
+++ b/powerpc/Asmgenproof1.v
@@ -1677,8 +1677,8 @@ Qed.
 (** Translation of loads *)
 
 Lemma transl_load_correct:
-  forall chunk addr args dst k c (rs: regset) m a v,
-  transl_load chunk addr args dst k = OK c ->
+  forall trap chunk addr args dst k c (rs: regset) m a v,
+  transl_load trap chunk addr args dst k = OK c ->
   eval_addressing ge (rs#GPR1) addr (map rs (map preg_of args)) = Some a ->
   Mem.loadv chunk m a = Some v ->
   exists rs',
@@ -1687,6 +1687,7 @@ Lemma transl_load_correct:
   /\ forall r, r <> PC -> r <> GPR12 -> r <> GPR0 -> r <> preg_of dst -> rs' r = rs r.
 Proof.
   intros.
+  destruct trap; try discriminate.
   assert (LD: forall v, Val.lessdef a v -> v = a).
   { intros. inv H2; auto. discriminate H1. }
   assert (BASE: forall mk1 mk2 k' chunk' v',
diff --git a/powerpc/Op.v b/powerpc/Op.v
index 0f082c1f..cbd0291b 100644
--- a/powerpc/Op.v
+++ b/powerpc/Op.v
@@ -1032,6 +1032,21 @@ Proof.
   apply Val.add_inject; auto. apply H; simpl; auto.
 Qed.
 
+
+Lemma eval_addressing_inj_none:
+  forall addr sp1 vl1 sp2 vl2,
+  (forall id ofs,
+      In id (globals_addressing addr) ->
+      Val.inject f (Genv.symbol_address ge1 id ofs) (Genv.symbol_address ge2 id ofs)) ->
+  Val.inject f sp1 sp2 ->
+  Val.inject_list f vl1 vl2 ->
+  eval_addressing ge1 sp1 addr vl1 = None ->
+  eval_addressing ge2 sp2 addr vl2 = None.
+Proof.
+  intros until vl2. intros Hglobal Hinjsp Hinjvl.
+  destruct addr; simpl in *;
+  inv Hinjvl; trivial; try discriminate; inv H0; trivial; try discriminate; inv H2; trivial; try discriminate.
+Qed.
 End EVAL_COMPAT.
 
 (** Compatibility of the evaluation functions with the ``is less defined'' relation over values. *)
@@ -1098,6 +1113,20 @@ Proof.
   rewrite <- val_inject_list_lessdef. eauto. auto.
 Qed.
 
+
+Lemma eval_addressing_lessdef_none:
+  forall sp addr vl1 vl2,
+  Val.lessdef_list vl1 vl2 ->
+  eval_addressing genv sp addr vl1 = None ->
+  eval_addressing genv sp addr vl2 = None.
+Proof.
+  intros until vl2. intros Hlessdef Heval1.
+  destruct addr; simpl in *;
+  inv Hlessdef; trivial; try discriminate;
+  inv H0; trivial; try discriminate;
+  inv H2; trivial; try discriminate.
+Qed.
+
 Lemma eval_operation_lessdef:
   forall sp op vl1 vl2 v1 m1 m2,
   Val.lessdef_list vl1 vl2 ->
@@ -1189,6 +1218,19 @@ Proof.
   econstructor; eauto. rewrite Ptrofs.add_zero_l; auto.
 Qed.
 
+Lemma eval_addressing_inject_none:
+  forall addr vl1 vl2,
+  Val.inject_list f vl1 vl2 ->
+  eval_addressing genv (Vptr sp1 Ptrofs.zero) addr vl1 = None ->
+  eval_addressing genv (Vptr sp2 Ptrofs.zero) (shift_stack_addressing delta addr) vl2 = None.
+Proof.
+  intros.
+  rewrite eval_shift_stack_addressing.
+  eapply eval_addressing_inj_none with (sp1 := Vptr sp1 Ptrofs.zero); eauto.
+  intros. apply symbol_address_inject.
+  econstructor; eauto. rewrite Ptrofs.add_zero_l; auto. 
+Qed.
+
 Lemma eval_operation_inject:
   forall op vl1 vl2 v1 m1 m2,
   Val.inject_list f vl1 vl2 ->
-- 
cgit 


From d315994f2d3dbec0bf66a430284eab00dd1d4a18 Mon Sep 17 00:00:00 2001
From: David Monniaux <david.monniaux@univ-grenoble-alpes.fr>
Date: Tue, 24 Sep 2019 16:51:11 +0200
Subject: trapping ops

---
 powerpc/Op.v | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'powerpc')

diff --git a/powerpc/Op.v b/powerpc/Op.v
index cbd0291b..b73cb14b 100644
--- a/powerpc/Op.v
+++ b/powerpc/Op.v
@@ -581,6 +581,30 @@ Proof with (try exact I; try reflexivity).
   unfold Val.select. destruct (eval_condition c vl m). apply Val.normalize_type. exact I.
 Qed.
 
+Definition is_trapping_op (op : operation) :=
+  match op with
+  | Odiv | Odivl | Odivu | Odivlu
+  | Oshrximm _ | Oshrxlimm _
+  | Ointoffloat | Ointuoffloat
+  | Ofloatofint | Ofloatofintu
+  | Olongoffloat
+  | Ofloatoflong => true
+  | _ => false
+  end.
+
+Lemma is_trapping_op_sound:
+  forall op vl sp m,
+    op <> Omove ->
+    is_trapping_op op = false ->
+    (List.length vl) = (List.length (fst (type_of_operation op))) ->
+    eval_operation genv sp op vl m <> None.
+Proof.
+  destruct op; intros; simpl in *; try congruence.
+  all: try (destruct vl as [ | vh1 vl1]; try discriminate).
+  all: try (destruct vl1 as [ | vh2 vl2]; try discriminate).
+  all: try (destruct vl2 as [ | vh3 vl3]; try discriminate).
+  all: try (destruct vl3 as [ | vh4 vl4]; try discriminate).
+Qed.
 End SOUNDNESS.
 
 (** * Manipulating and transforming operations *)
-- 
cgit