| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|\
| |
| | |
Added the _Noreturn keyword.
|
| |
| |
| |
| |
| |
| |
| |
| | |
CompCert now recognizes the C11 _Noreturn function specifier and
emits a simple warning for functions declared _Noreturn containing
a return statement. Also the stdnoreturn header and additionally
the stdalign header are added.
Bug 18541
|
|/ |
|
|\
| |
| | |
Fix a bug in the pre-parser.
|
|/ |
|
| |
|
|\ |
|
| |
| |
| |
| | |
The test was failing as a consequence of the split casm -> casm / casm_options.
|
|/
|
|
|
| |
Valex expects Fun Section Literals and not Fun Section Literal.
Bug 18394
|
|\
| |
| | |
This PR activates more OCaml warnings and turns all warnings into errors. Also some unused functions, variables and types are removed.
|
| |\ |
|
| | |
| | |
| | |
| | | |
This reverts commit 771d8576fbae8bd48f6bc80c74722ce1c7cc5259.
|
| | |
| | |
| | |
| | |
| | |
| | | |
The default of the diab compiler is to interpret the alignment
as power of two.
Bug 18490.
|
| | |
| | |
| | |
| | |
| | |
| | | |
The interface hides the implementation details, like the huge
number of Hashtbls from the rest of the implementatio.
Bug 18394
|
| | |
| | |
| | |
| | |
| | |
| | | |
Hide the reference used internally behind the interface and added
some functions to access the needed values.
Bug 18394
|
| | |
| | |
| | |
| | |
| | |
| | | |
The printer for atom constants should also use the printer
for singleton objects.
Bug 18394
|
| | |
| | |
| | |
| | |
| | |
| | | |
Removed unused code, factored out common functions and added an
interface file.
Bug 18394
|
| | |
| | |
| | |
| | |
| | |
| | | |
The functions for naming string and wstring literals no longer need
an env.
Bug 18394
|
| | |
| | |
| | |
| | |
| | |
| | | |
The code was mostly there for documentation effort. So warning
27 is deactivated again.
Bug 18349
|
| | |
| | |
| | |
| | |
| | |
| | | |
Since the invariant checks are not currently used and they are not
exported they are renamed to include a _ to avoid warning.
Bug 18394
|
| | |
| | |
| | |
| | | |
This reverts commit bac2a0854ea51217690bc6f225da62053ed7ac06.
|
| | |
| | |
| | |
| | |
| | |
| | | |
The ofs parameter is no longer used. Adopted the proofs and ml
code using it.
Bug 18394
|
| | |
| | |
| | |
| | |
| | | |
Removed unused code and code generating warnings.
Bug 18394
|
| | |
| | |
| | |
| | |
| | | |
Removed some unused functions and opens.
Bug 18394
|
| | |
| | |
| | |
| | |
| | | |
Removed unused functions and avoid warnings.
Bug 18394.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since the menhir version we use requires ocaml>4.02 we can also
upgrade the required ocaml version to >4.02 and remove the
deprecate String functions.
Also we now activate all warnings except for 4,9 und 27 for regular
code plus a bunch of warnings for the generated code. 4 and 9 are
not really usefull and 27 is deactivated since until the usage
string is printed in a way that requires no newline.
Bug 18394.
|
| | |
| | |
| | |
| | |
| | |
| | | |
Removed some unused variables, functions etc. and resolved some
problems which occur if all warnings except 3,4,9 and 29 are active.
Bug 18394.
|
| |/
|/|
| |
| |
| |
| | |
Windows style line endings can end up in the Tokenize pass. This
can lead to some problems for example in pragma processing.
Bug 18316
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This pull request implements "approach A" to separate compilation in CompCert from the paper
Lightweight verification of separate compilation
by Jeehoon Kang, Yoonseung Kim, Chung-Kil Hur, Derek Dreyer, Viktor Vafeiadis,
POPL 2016, pages 178-190
In a nutshell, semantic preservation is still stated and proved in terms of a whole C program and a whole assembly program. However, the whole C program can be the result of syntactic linking of several C compilation units, each unit being separated compiled by CompCert to produce assembly unit, and these assembly units being linked together to produce the whole assembly program.
This way, the statement of semantic preservation and its proof now take into account the fact that each compilation unit is compiled separately, knowing only a fragment of the whole program (i.e. the current compilation unit) rather than the whole program.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
compilation and linking
Define a "match_prog" relation corresponding to the composition of CompCert's passes. Use it to show semantic preservation (backward/forward simulations) not just for the compilation of whole programs, but also for the separate compilation of multiple units followed by linking.
|
| | | |
|
| | |
| | |
| | |
| | | |
Also: factor out the type "program" between Csyntax and Clight, putting it in Ctypes.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The original presentation of forward_simulation and backward_simulation diagrams was using records containing types, relations, and properties over these. These records had to live in Type because in Prop the projections could not be defined.
This was causing problems with proofs of statements such as
(exists x, P x) -> forward_simulation sem1 sem2
because the exists could not be eliminated in a Type context.
This commit re-expresses the simulation diagrams as a record of properties (in Prop) and an inductive (in Prop too) that packs the record with the types and relations. The external interface of module Smallstep is unchanged, it's only the proofs in Smallstep and Behaviors that take a slightly different shape.
|
| | |
| | |
| | |
| | | |
Also: in Events, use Senv.equiv to state invariance wrt changes of global envs.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The commutation lemmas between program transformations and Genv operations now take separate compilation into account. For example:
Theorem find_funct_ptr_match:
forall b f,
find_funct_ptr (globalenv p) b = Some f ->
exists cunit tf,
find_funct_ptr (globalenv tp) b = Some tf
/\ match_fundef cunit f tf
/\ linkorder cunit ctx.
Note how "f" and "tf" are related wrt a compilation unit "cunit" which is not necessarily "ctx" (the context for the whole program), but can be a sub-unit of the this whole program.
The other changes in Globalenvs are a long-overdue refactoring and cleanup:
- Introduce Senv.equiv (extensional equivalence between two Senv.t) to collect (in one place) the invariance properties relevant to external functions (preservation of names, of public names, and of volatile blocks).
- Revise internal representation of Genv.t: one map ident -> globdef F V instead of two maps ident -> F and ident -> globvar V.
- More precise characterization of initial memory states: "Genv.init_mem_characterization" uniquely characterizes every byte (memval) of the representation of an initialized global variable.
- Necessary and sufficient conditions for the initial memory state to exist.
- Revised proofs about init_mem, especially init_mem_inject.
- Removed some Genv lemmas that were unused.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Add "prog_defmap" to compute the ptree name -> global definition corresponding to a program.
- Move "match_program" to Linking.
- Clean up and simplify a bit the transf_* functions for program transformations.
- Add a new kind of external functions, "EF_runtime". Unlike "EF_external", an "EF_runtime" external function cannot be implemented by an internal function definition in another compilation unit. (Linking returns an error in this case.) We will use "EF_runtime" for the "_i64_*" helper functions, which must not be defined by the program, and instead must remain external.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This framework follows "approach A" from the paper "Lightweight Verification of Separate Compilation" by Kang, Kim, Hur, Dreyer and Vafeiadis, POPL 2016.
Syntactic linking (of compilation units and their syntactic elements) is modeled by a type class with two components:
- a partial binary operation "link" that returns the syntactic element corresponding to the act of linking together its two arguments. It may fail if the two arguments cannot be linked, e.g. are incompatible definitions of the same name.
- a partial order "linkorder x y" that holds if "x" is a sub-unit of a whole program or bigger unit "y", or in other words, if "y" can be obtained by linking "x" with other units.
Instances of this type class are provided for the type AST.program and its syntactic elements (globvar, globdef, etc).
The "match_program" predicate that provides a relational characterization of compiler passes / program transformations is extended to account for context-dependent transformations and separate compilation: the transformation of a function definition can depend on the compilation unit it occurs in (this is the context), and this compilation unit "ctx" is characterized as any unit that is in the "linkorder ctx prog" relation with the whole source program "prog".
Under mild hypotheses, we show that "match_program" commutes with linking: if a1 matches b1, a2 matches b2, and a1 and a2 link together producing a, then b1 and b2 link together, producing a b that matches a.
Finally, we extend binary linking to linking of a nonempty list of compilation units; commutation with "match_program" still holds.
|
| | |
| | |
| | |
| | |
| | | |
- Make Mem.unchanged_on transitive.
- Add Mem.drop_perm_unchanged_on.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Coqlib: option_rel to lift a relation to option type.
- Coqlib: more lemmas about list_forall2.
- Coqlib: introduce type nlist (nonempty lists) and some operations.
- Maps: a variant of PTree.elements_extensional that uses option_rel.
|
| | |
| | |
| | |
| | |
| | |
| | | |
The diab compiler seems to interpret the alignment as power of two
instead of the value.
Bug 18490
|
| | |
| | |
| | |
| | |
| | |
| | | |
As suggested in GPR#84, use '%.15F' to force the printing of more significant digits. (The '%F' format previously used prints only 6.) This is enough to represent the FP number exactly most of the time (but not always).
Once OCaml 4.03 is out and CompCert switches to this version of OCaml, we'll be able to use hexadecimal floats for printing.
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Make casts of pointers to _Bool semantically well defined
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In compCert 2.5 the semantics of pointer comparisons against the NULL pointer was made more accurate by making it undefined if the pointer is invalid (outside bounds). Technical difficulties prevented this change from being propagated to the semantics of casts from pointer types to the _Bool type, which involves an implicit pointer comparison against NULL. Hence, this kind of casts was temporarily given undefined semantics.
This commit makes pointer-to-_Bool casts semantically defined (again), provided the pointer is valid. This reinstates the equivalence between casts to _Bool and comparisons != 0. The technical difficulties mentioned above came from the translation of assignments in a value context in the SimplExpr pass. The pass was lightly modified to work around the issue.
|
|\ \ \ \
| |_|_|/
|/| | | |
|