From aba0e740f25ffa5c338dfa76cab71144802cebc2 Mon Sep 17 00:00:00 2001
From: Xavier Leroy <xavier.leroy@college-de-france.fr>
Date: Sun, 21 Jun 2020 18:22:00 +0200
Subject: Replace `omega` tactic with `lia`

Since Coq 8.12, `omega` is flagged as deprecated and scheduled for removal.

Also replace CompCert's homemade tactics `omegaContradiction`, `xomega`,
and `xomegaContradiction` with `lia` and `extlia`.

Turn back on the deprecation warning for uses of `omega`.

Make the proof of `Ctypes.sizeof_pos` more robust to variations in `lia`.
---
 arm/Conventions1.v | 60 +++++++++++++++++++++++++++---------------------------
 1 file changed, 30 insertions(+), 30 deletions(-)

(limited to 'arm/Conventions1.v')

diff --git a/arm/Conventions1.v b/arm/Conventions1.v
index fe49a781..3bd2b553 100644
--- a/arm/Conventions1.v
+++ b/arm/Conventions1.v
@@ -309,7 +309,7 @@ Remark loc_arguments_hf_charact:
   In p (loc_arguments_hf tyl ir fr ofs) -> forall_rpair (loc_argument_charact ofs) p.
 Proof.
   assert (X: forall ofs1 ofs2 l, loc_argument_charact ofs2 l -> ofs1 <= ofs2 -> loc_argument_charact ofs1 l).
-  { destruct l; simpl; intros; auto. destruct sl; auto. intuition omega. }
+  { destruct l; simpl; intros; auto. destruct sl; auto. intuition lia. }
   assert (Y: forall ofs1 ofs2 p, forall_rpair (loc_argument_charact ofs2) p -> ofs1 <= ofs2 -> forall_rpair (loc_argument_charact ofs1) p).
   { destruct p; simpl; intuition eauto. }
   induction tyl; simpl loc_arguments_hf; intros.
@@ -319,40 +319,40 @@ Proof.
   destruct (zlt ir 4); destruct H.
   subst. apply ireg_param_caller_save.
   eapply IHtyl; eauto.
-  subst. split; [omega | auto].
-  eapply Y; eauto. omega.
+  subst. split; [lia | auto].
+  eapply Y; eauto. lia.
 - (* float *)
   destruct (zlt fr 8); destruct H.
   subst. apply freg_param_caller_save.
   eapply IHtyl; eauto.
-  subst. split. apply Z.le_ge. apply align_le. omega. auto.
-  eapply Y; eauto. apply Z.le_trans with (align ofs 2). apply align_le; omega. omega.
+  subst. split. apply Z.le_ge. apply align_le. lia. auto.
+  eapply Y; eauto. apply Z.le_trans with (align ofs 2). apply align_le; lia. lia.
 - (* long *)
   set (ir' := align ir 2) in *.
-  assert (ofs <= align ofs 2) by (apply align_le; omega).
+  assert (ofs <= align ofs 2) by (apply align_le; lia).
   destruct (zlt ir' 4).
   destruct H. subst p. split; apply ireg_param_caller_save.
   eapply IHtyl; eauto.
-  destruct H. subst p. split; destruct Archi.big_endian; (split; [ omega | auto ]).
-  eapply Y. eapply IHtyl; eauto. omega.
+  destruct H. subst p. split; destruct Archi.big_endian; (split; [ lia | auto ]).
+  eapply Y. eapply IHtyl; eauto. lia.
 - (* single *)
   destruct (zlt fr 8); destruct H.
   subst. apply freg_param_caller_save.
   eapply IHtyl; eauto.
-  subst. split; [omega|auto].
-  eapply Y; eauto. omega.
+  subst. split; [lia|auto].
+  eapply Y; eauto. lia.
 - (* any32 *)
   destruct (zlt ir 4); destruct H.
   subst. apply ireg_param_caller_save.
   eapply IHtyl; eauto.
-  subst. split; [omega | auto].
-  eapply Y; eauto. omega.
+  subst. split; [lia | auto].
+  eapply Y; eauto. lia.
 - (* any64 *)
   destruct (zlt fr 8); destruct H.
   subst. apply freg_param_caller_save.
   eapply IHtyl; eauto.
-  subst. split. apply Z.le_ge. apply align_le. omega. auto.
-  eapply Y; eauto. apply Z.le_trans with (align ofs 2). apply align_le; omega. omega.
+  subst. split. apply Z.le_ge. apply align_le. lia. auto.
+  eapply Y; eauto. apply Z.le_trans with (align ofs 2). apply align_le; lia. lia.
 Qed.
 
 Remark loc_arguments_sf_charact:
@@ -360,7 +360,7 @@ Remark loc_arguments_sf_charact:
   In p (loc_arguments_sf tyl ofs) -> forall_rpair (loc_argument_charact (Z.max 0 ofs)) p.
 Proof.
   assert (X: forall ofs1 ofs2 l, loc_argument_charact (Z.max 0 ofs2) l -> ofs1 <= ofs2 -> loc_argument_charact (Z.max 0 ofs1) l).
-  { destruct l; simpl; intros; auto. destruct sl; auto. intuition xomega. }
+  { destruct l; simpl; intros; auto. destruct sl; auto. intuition extlia. }
   assert (Y: forall ofs1 ofs2 p, forall_rpair (loc_argument_charact (Z.max 0 ofs2)) p -> ofs1 <= ofs2 -> forall_rpair (loc_argument_charact (Z.max 0 ofs1)) p).
   { destruct p; simpl; intuition eauto. }
   induction tyl; simpl loc_arguments_sf; intros.
@@ -370,44 +370,44 @@ Proof.
   destruct H.
   destruct (zlt ofs 0); subst p.
   apply ireg_param_caller_save.
-  split; [xomega|auto].
-  eapply Y; eauto. omega.
+  split; [extlia|auto].
+  eapply Y; eauto. lia.
 - (* float *)
   set (ofs' := align ofs 2) in *.
-  assert (ofs <= ofs') by (apply align_le; omega).
+  assert (ofs <= ofs') by (apply align_le; lia).
   destruct H.
   destruct (zlt ofs' 0); subst p.
   apply freg_param_caller_save.
-  split; [xomega|auto].
-  eapply Y. eapply IHtyl; eauto. omega.
+  split; [extlia|auto].
+  eapply Y. eapply IHtyl; eauto. lia.
 - (* long *)
   set (ofs' := align ofs 2) in *.
-  assert (ofs <= ofs') by (apply align_le; omega).
+  assert (ofs <= ofs') by (apply align_le; lia).
   destruct H.
   destruct (zlt ofs' 0); subst p.
   split; apply ireg_param_caller_save.
-  split; destruct Archi.big_endian; (split; [xomega|auto]).
-  eapply Y. eapply IHtyl; eauto. omega.
+  split; destruct Archi.big_endian; (split; [extlia|auto]).
+  eapply Y. eapply IHtyl; eauto. lia.
 - (* single *)
   destruct H.
   destruct (zlt ofs 0); subst p.
   apply freg_param_caller_save.
-  split; [xomega|auto].
-  eapply Y; eauto. omega.
+  split; [extlia|auto].
+  eapply Y; eauto. lia.
 - (* any32 *)
   destruct H.
   destruct (zlt ofs 0); subst p.
   apply ireg_param_caller_save.
-  split; [xomega|auto].
-  eapply Y; eauto. omega.
+  split; [extlia|auto].
+  eapply Y; eauto. lia.
 - (* any64 *)
   set (ofs' := align ofs 2) in *.
-  assert (ofs <= ofs') by (apply align_le; omega).
+  assert (ofs <= ofs') by (apply align_le; lia).
   destruct H.
   destruct (zlt ofs' 0); subst p.
   apply freg_param_caller_save.
-  split; [xomega|auto].
-  eapply Y. eapply IHtyl; eauto. omega.
+  split; [extlia|auto].
+  eapply Y. eapply IHtyl; eauto. lia.
 Qed.
 
 Lemma loc_arguments_acceptable:
-- 
cgit 


From 478ece46d8323ea182ded96a531309becf7445bb Mon Sep 17 00:00:00 2001
From: Xavier Leroy <xavier.leroy@college-de-france.fr>
Date: Sat, 16 Jan 2021 15:27:02 +0100
Subject: Support re-normalization of function parameters at function entry

This is complementary to 28f235806

Some ABIs leave more flexibility concerning function parameters than
CompCert expects.

For instance, the AArch64/ELF ABI allow the caller of a function to
leave unspecified the "padding bits" of function parameters.  As an
example, a parameter of type "unsigned char" may not have zeros in
bits 8 to 63, but may have any bits there.

When the caller is compiled by CompCert, it normalizes argument values
to the parameter types before the call, so padding bits are always
correct w.r.t. the type of the argument.  This is no longer guaranteed
in interoperability scenarios, when the caller is not compiled by CompCert.

This commit adds a general mechanism to insert "re-normalization"
conversions on the parameters of a function, at function entry.
This is controlled by the platform-dependent function
Convention1.return_value_needs_normalization.

The semantic preservation proof is still conducted against the
CompCert model, where the argument values of functions are already
normalized.  What the proof shows is that the extra conversions have
no effect in this case.  In future work we could relax the CompCert
model, allowing functions to pass arguments that are not normalized.
---
 arm/Conventions1.v | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'arm/Conventions1.v')

diff --git a/arm/Conventions1.v b/arm/Conventions1.v
index 3bd2b553..b94ce9ef 100644
--- a/arm/Conventions1.v
+++ b/arm/Conventions1.v
@@ -436,8 +436,9 @@ Proof.
   destruct Archi.abi; reflexivity.
 Qed.
 
-(** ** Normalization of function results *)
+(** ** Normalization of function results and parameters *)
 
 (** No normalization needed. *)
 
 Definition return_value_needs_normalization (t: rettype) := false.
+Definition parameter_needs_normalization (t: rettype) := false.
-- 
cgit 


From fc82b6c80fd3feeb4ef9478e6faa16b5b1104593 Mon Sep 17 00:00:00 2001
From: Xavier Leroy <xavier.leroy@college-de-france.fr>
Date: Thu, 21 Jan 2021 15:44:09 +0100
Subject: Qualify `Hint` as `Global Hint` where appropriate

This avoids a new warning of Coq 8.13.

Eventually these `Global Hint` should become `#[export] Hint`,
with a cleaner but different meaning than `Global Hint`.
---
 arm/Conventions1.v | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'arm/Conventions1.v')

diff --git a/arm/Conventions1.v b/arm/Conventions1.v
index b94ce9ef..0ddd882f 100644
--- a/arm/Conventions1.v
+++ b/arm/Conventions1.v
@@ -427,7 +427,7 @@ Proof.
   destruct Archi.abi; [ | destruct (cc_vararg (sig_cc s)) ]; auto.
 Qed.
 
-Hint Resolve loc_arguments_acceptable: locs.
+Global Hint Resolve loc_arguments_acceptable: locs.
 
 Lemma loc_arguments_main:
   loc_arguments signature_main = nil.
-- 
cgit