Value analysis: keep track of pointer values that leak through small integers with Uns or Sgn abstract values.

This is a follow-up to commit 2932b53. It adds provenance tracking to the Uns and Sgn abstract values.
author: Xavier Leroy <xavier.leroy@inria.fr> 2015-07-19 12:11:37 +0200
committer: Xavier Leroy <xavier.leroy@inria.fr> 2015-07-19 12:11:37 +0200
commit: 78f1b6a57c95ecc68c104d4764fc8d5851d7dd54 (patch)
tree: 0c39dadd44f196baa0835ba525e7fb4246ebee3d /ia32
parent: 2932b531ceff2cd4573714aeaeb9b4e537d36af8 (diff)
download: compcert-78f1b6a57c95ecc68c104d4764fc8d5851d7dd54.tar.gz
compcert-78f1b6a57c95ecc68c104d4764fc8d5851d7dd54.zip
2 files changed, 29 insertions, 29 deletions
diff --git a/ia32/ConstpropOp.vp b/ia32/ConstpropOp.vp
index 8c7f01fa..a3de748c 100644
--- a/ia32/ConstpropOp.vp
+++ b/ia32/ConstpropOp.vp
@@ -50,12 +50,12 @@ Definition make_cmp_base (c: condition) (args: list reg) (vl: list aval) :=
 Nondetfunction make_cmp (c: condition) (args: list reg) (vl: list aval) :=
   match c, args, vl with
   | Ccompimm Ceq n, r1 :: nil, v1 :: nil =>
-      if Int.eq_dec n Int.one && vincl v1 (Uns 1) then (Omove, r1 :: nil)
-      else if Int.eq_dec n Int.zero && vincl v1 (Uns 1) then (Oxorimm Int.one, r1 :: nil)
+      if Int.eq_dec n Int.one && vincl v1 (Uns Ptop 1) then (Omove, r1 :: nil)
+      else if Int.eq_dec n Int.zero && vincl v1 (Uns Ptop 1) then (Oxorimm Int.one, r1 :: nil)
       else make_cmp_base c args vl
   | Ccompimm Cne n, r1 :: nil, v1 :: nil =>
-      if Int.eq_dec n Int.zero && vincl v1 (Uns 1) then (Omove, r1 :: nil)
-      else if Int.eq_dec n Int.one && vincl v1 (Uns 1) then (Oxorimm Int.one, r1 :: nil)
+      if Int.eq_dec n Int.zero && vincl v1 (Uns Ptop 1) then (Omove, r1 :: nil)
+      else if Int.eq_dec n Int.one && vincl v1 (Uns Ptop 1) then (Oxorimm Int.one, r1 :: nil)
       else make_cmp_base c args vl
   | _, _, _ =>
       make_cmp_base c args vl
@@ -138,7 +138,7 @@ Definition make_mulimm (n: int) (r: reg) :=
 Definition make_andimm (n: int) (r: reg) (a: aval) :=
   if Int.eq n Int.zero then (Ointconst Int.zero, nil)
   else if Int.eq n Int.mone then (Omove, r :: nil)
-  else if match a with Uns m => Int.eq (Int.zero_ext m (Int.not n)) Int.zero
+  else if match a with Uns _ m => Int.eq (Int.zero_ext m (Int.not n)) Int.zero
                      | _ => false end
   then (Omove, r :: nil)
   else (Oandimm n, r :: nil).
@@ -184,13 +184,13 @@ Definition make_mulfsimm (n: float32) (r r1 r2: reg) :=
   else (Omulfs, r1 :: r2 :: nil).
 
 Definition make_cast8signed (r: reg) (a: aval) :=
-  if vincl a (Sgn 8) then (Omove, r :: nil) else (Ocast8signed, r :: nil).
+  if vincl a (Sgn Ptop 8) then (Omove, r :: nil) else (Ocast8signed, r :: nil).
 Definition make_cast8unsigned (r: reg) (a: aval) :=
-  if vincl a (Uns 8) then (Omove, r :: nil) else (Ocast8unsigned, r :: nil).
+  if vincl a (Uns Ptop 8) then (Omove, r :: nil) else (Ocast8unsigned, r :: nil).
 Definition make_cast16signed (r: reg) (a: aval) :=
-  if vincl a (Sgn 16) then (Omove, r :: nil) else (Ocast16signed, r :: nil).
+  if vincl a (Sgn Ptop 16) then (Omove, r :: nil) else (Ocast16signed, r :: nil).
 Definition make_cast16unsigned (r: reg) (a: aval) :=
-  if vincl a (Uns 16) then (Omove, r :: nil) else (Ocast16unsigned, r :: nil).
+  if vincl a (Uns Ptop 16) then (Omove, r :: nil) else (Ocast16unsigned, r :: nil).
 
 Nondetfunction op_strength_reduction 
               (op: operation) (args: list reg) (vl: list aval) :=
diff --git a/ia32/ConstpropOpproof.v b/ia32/ConstpropOpproof.v
index 6adb26fe..47a6c536 100644
--- a/ia32/ConstpropOpproof.v
+++ b/ia32/ConstpropOpproof.v
@@ -178,24 +178,24 @@ Lemma make_cmp_correct:
          /\ Val.lessdef (Val.of_optbool (eval_condition c e##args m)) v.
 Proof.
   intros c args vl.
-  assert (Y: forall r, vincl (AE.get r ae) (Uns 1) = true ->
+  assert (Y: forall r, vincl (AE.get r ae) (Uns Ptop 1) = true ->
              e#r = Vundef \/ e#r = Vint Int.zero \/ e#r = Vint Int.one).
-  { intros. apply vmatch_Uns_1 with bc. eapply vmatch_ge. eapply vincl_ge; eauto. apply MATCH. }
+  { intros. apply vmatch_Uns_1 with bc Ptop. eapply vmatch_ge. eapply vincl_ge; eauto. apply MATCH. }
   unfold make_cmp. case (make_cmp_match c args vl); intros.
-- destruct (Int.eq_dec n Int.one && vincl v1 (Uns 1)) eqn:E1.
+- destruct (Int.eq_dec n Int.one && vincl v1 (Uns Ptop 1)) eqn:E1.
   simpl in H; inv H. InvBooleans. subst n. 
   exists (e#r1); split; auto. simpl.
   exploit Y; eauto. intros [A | [A | A]]; rewrite A; simpl; auto.
-  destruct (Int.eq_dec n Int.zero && vincl v1 (Uns 1)) eqn:E0.
+  destruct (Int.eq_dec n Int.zero && vincl v1 (Uns Ptop 1)) eqn:E0.
   simpl in H; inv H. InvBooleans. subst n. 
   exists (Val.xor e#r1 (Vint Int.one)); split; auto. simpl.
   exploit Y; eauto. intros [A | [A | A]]; rewrite A; simpl; auto.
   apply make_cmp_base_correct; auto.
-- destruct (Int.eq_dec n Int.zero && vincl v1 (Uns 1)) eqn:E0.
+- destruct (Int.eq_dec n Int.zero && vincl v1 (Uns Ptop 1)) eqn:E0.
   simpl in H; inv H. InvBooleans. subst n. 
   exists (e#r1); split; auto. simpl.
   exploit Y; eauto. intros [A | [A | A]]; rewrite A; simpl; auto.
-  destruct (Int.eq_dec n Int.one && vincl v1 (Uns 1)) eqn:E1.
+  destruct (Int.eq_dec n Int.one && vincl v1 (Uns Ptop 1)) eqn:E1.
   simpl in H; inv H. InvBooleans. subst n. 
   exists (Val.xor e#r1 (Vint Int.one)); split; auto. simpl.
   exploit Y; eauto. intros [A | [A | A]]; rewrite A; simpl; auto.
@@ -324,7 +324,7 @@ Proof.
   subst n. exists (Vint Int.zero); split; auto. destruct (e#r); simpl; auto. rewrite Int.and_zero; auto.
   predSpec Int.eq Int.eq_spec n Int.mone; intros.
   subst n. exists (e#r); split; auto. destruct (e#r); simpl; auto. rewrite Int.and_mone; auto.
-  destruct (match x with Uns k => Int.eq (Int.zero_ext k (Int.not n)) Int.zero
+  destruct (match x with Uns _ k => Int.eq (Int.zero_ext k (Int.not n)) Int.zero
                        | _ => false end) eqn:UNS.
   destruct x; try congruence. 
   exists (e#r); split; auto.
@@ -335,7 +335,7 @@ Proof.
   rewrite Int.bits_zero. simpl. rewrite andb_true_r. auto. 
   rewrite <- EQ. rewrite Int.bits_zero_ext by omega. rewrite zlt_true by auto. 
   rewrite Int.bits_not by auto. apply negb_involutive. 
-  rewrite H5 by auto. auto. 
+  rewrite H6 by auto. auto. 
   econstructor; split; eauto. auto. 
 Qed.
 
@@ -425,11 +425,11 @@ Lemma make_cast8signed_correct:
   let (op, args) := make_cast8signed r x in
   exists v, eval_operation ge (Vptr sp Int.zero) op e##args m = Some v /\ Val.lessdef (Val.sign_ext 8 e#r) v.
 Proof.
-  intros; unfold make_cast8signed. destruct (vincl x (Sgn 8)) eqn:INCL. 
+  intros; unfold make_cast8signed. destruct (vincl x (Sgn Ptop 8)) eqn:INCL. 
   exists e#r; split; auto. 
-  assert (V: vmatch bc e#r (Sgn 8)).
+  assert (V: vmatch bc e#r (Sgn Ptop 8)).
   { eapply vmatch_ge; eauto. apply vincl_ge; auto. }
-  inv V; simpl; auto. rewrite is_sgn_sign_ext in H3 by auto. rewrite H3; auto.
+  inv V; simpl; auto. rewrite is_sgn_sign_ext in H4 by auto. rewrite H4; auto.
   econstructor; split; simpl; eauto.
 Qed.
 
@@ -439,11 +439,11 @@ Lemma make_cast8unsigned_correct:
   let (op, args) := make_cast8unsigned r x in
   exists v, eval_operation ge (Vptr sp Int.zero) op e##args m = Some v /\ Val.lessdef (Val.zero_ext 8 e#r) v.
 Proof.
-  intros; unfold make_cast8unsigned. destruct (vincl x (Uns 8)) eqn:INCL. 
+  intros; unfold make_cast8unsigned. destruct (vincl x (Uns Ptop 8)) eqn:INCL. 
   exists e#r; split; auto. 
-  assert (V: vmatch bc e#r (Uns 8)).
+  assert (V: vmatch bc e#r (Uns Ptop 8)).
   { eapply vmatch_ge; eauto. apply vincl_ge; auto. }
-  inv V; simpl; auto. rewrite is_uns_zero_ext in H3 by auto. rewrite H3; auto.
+  inv V; simpl; auto. rewrite is_uns_zero_ext in H4 by auto. rewrite H4; auto.
   econstructor; split; simpl; eauto.
 Qed.
 
@@ -453,11 +453,11 @@ Lemma make_cast16signed_correct:
   let (op, args) := make_cast16signed r x in
   exists v, eval_operation ge (Vptr sp Int.zero) op e##args m = Some v /\ Val.lessdef (Val.sign_ext 16 e#r) v.
 Proof.
-  intros; unfold make_cast16signed. destruct (vincl x (Sgn 16)) eqn:INCL. 
+  intros; unfold make_cast16signed. destruct (vincl x (Sgn Ptop 16)) eqn:INCL. 
   exists e#r; split; auto. 
-  assert (V: vmatch bc e#r (Sgn 16)).
+  assert (V: vmatch bc e#r (Sgn Ptop 16)).
   { eapply vmatch_ge; eauto. apply vincl_ge; auto. }
-  inv V; simpl; auto. rewrite is_sgn_sign_ext in H3 by auto. rewrite H3; auto.
+  inv V; simpl; auto. rewrite is_sgn_sign_ext in H4 by auto. rewrite H4; auto.
   econstructor; split; simpl; eauto.
 Qed.
 
@@ -467,11 +467,11 @@ Lemma make_cast16unsigned_correct:
   let (op, args) := make_cast16unsigned r x in
   exists v, eval_operation ge (Vptr sp Int.zero) op e##args m = Some v /\ Val.lessdef (Val.zero_ext 16 e#r) v.
 Proof.
-  intros; unfold make_cast16unsigned. destruct (vincl x (Uns 16)) eqn:INCL. 
+  intros; unfold make_cast16unsigned. destruct (vincl x (Uns Ptop 16)) eqn:INCL. 
   exists e#r; split; auto. 
-  assert (V: vmatch bc e#r (Uns 16)).
+  assert (V: vmatch bc e#r (Uns Ptop 16)).
   { eapply vmatch_ge; eauto. apply vincl_ge; auto. }
-  inv V; simpl; auto. rewrite is_uns_zero_ext in H3 by auto. rewrite H3; auto.
+  inv V; simpl; auto. rewrite is_uns_zero_ext in H4 by auto. rewrite H4; auto.
   econstructor; split; simpl; eauto.
 Qed.
author	Xavier Leroy <xavier.leroy@inria.fr>	2015-07-19 12:11:37 +0200
committer	Xavier Leroy <xavier.leroy@inria.fr>	2015-07-19 12:11:37 +0200
commit	78f1b6a57c95ecc68c104d4764fc8d5851d7dd54 (patch)
tree	0c39dadd44f196baa0835ba525e7fb4246ebee3d /ia32
parent	2932b531ceff2cd4573714aeaeb9b4e537d36af8 (diff)
download	compcert-78f1b6a57c95ecc68c104d4764fc8d5851d7dd54.tar.gz compcert-78f1b6a57c95ecc68c104d4764fc8d5851d7dd54.zip