Treat Outgoing stack slots as caller-save in LTL/Linear semantics (#237)

* Outgoing stack slots are set to Vundef on return from a function call,
modeling the fact that the callee could write into those stack slots.
(CompCert-generated code does not do this, but code generated by other
compilers sometimes does.)

* Adapt Stackingproof to this new semantics.  This requires tighter
reasoning on how Linear's locsets are related at call points and
at return points.

* Most of this reasoning was moved from Stackingproof to Lineartyping,
because it can be expressed purely in terms of the Linear semantics,
and tracked through the wt_state predicate.

* Factor out and into Conventions.v: the notion of callee-save
locations, the "agree_callee_save" predicate, and useful lemmas on
Locmap.setpair.  Now the same "agree_callee_save" predicate is used
in Allocproof and in Stackingproof.

1 files changed, 4 insertions, 2 deletions

diff --git a/backend/Tunnelingproof.v b/backend/Tunnelingproof.v
index fd97ce33..4f95ac9b 100644
--- a/backend/Tunnelingproof.v
+++ b/backend/Tunnelingproof.v
@@ -339,7 +339,9 @@ Lemma locmap_undef_caller_save_regs_lessdef:
   locmap_lessdef ls1 ls2 -> locmap_lessdef (undef_caller_save_regs ls1) (undef_caller_save_regs ls2).
 Proof.
   intros; red; intros. unfold undef_caller_save_regs. 
-  destruct l; auto. destruct (Conventions1.is_callee_save r); auto.
+  destruct l.
+- destruct (Conventions1.is_callee_save r); auto.
+- destruct sl; auto.
 Qed.
 
 Lemma find_function_translated:
@@ -371,7 +373,7 @@ Lemma return_regs_lessdef:
 Proof.
   intros; red; intros. destruct l; simpl.
 - destruct (Conventions1.is_callee_save r); auto.
-- auto.
+- destruct sl; auto.
 Qed. 
 
 (** To preserve non-terminating behaviours, we show that the transformed