diff options
| author | Yann Herklotz <git@yannherklotz.com> | 2021-04-16 20:53:57 +0100 |
|---|---|---|
| committer | Yann Herklotz <git@yannherklotz.com> | 2021-04-16 20:53:57 +0100 |
| commit | 1479bb42c2877c29376549d768a97676e1b96841 (patch) | |
| tree | 42dedad20c175e8c9340316a6abde823c213b44b /proof.tex | |
| parent | 7d8150af139d30058a6be3b962f252505fd45d9b (diff) | |
| download | oopsla21_fvhls-1479bb42c2877c29376549d768a97676e1b96841.tar.gz oopsla21_fvhls-1479bb42c2877c29376549d768a97676e1b96841.zip | |
AddFix more things
Diffstat (limited to 'proof.tex')
| -rw-r--r-- | proof.tex | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -13,7 +13,8 @@ The main correctness theorem is analogous to that stated in \compcert{}~\cite{le \end{equation*} \end{theorem} -The theorem is a `backwards simulation' result (from target to source). The theorem does not demand the `if' direction too, because compilers are permitted to resolve any non-determinism present in their source programs. +The theorem is a `backwards simulation' result (from target to source), following the terminology used in the \compcert{} literature. The theorem does not demand the `if' direction too, because compilers are permitted to resolve any non-determinism present in their source programs. + In practice, Clight programs are all deterministic, as are the Verilog programs in the fragment we consider. This means that we can prove the correctness theorem above by first inverting it to become a forwards simulation result, following standard \compcert{} practice. The second observation that needs to be made is that to prove this forward simulation, it suffices to prove forward simulations between each intermediate language, as these results can be composed to prove the correctness of the whole HLS tool. @@ -146,6 +147,9 @@ Another simulation proof is performed to prove that the insertion of the RAM is The other invariants and assumptions for defining two matching states in HTL are quite similar to the simulation performed in Lemma~\ref{lemma:simulation_diagram}, such as ensuring that the states have the same value, and that the values in the registers are less-defined. In particular, the less-defined relation matches up all the registers, except for the new registers introduced by the RAM. +\begin{lemma}\label{lemma:simulation_diagram_ram} + + \subsection{Forward simulation from HTL to Verilog}\label{sec:proof:htl_verilog} The HTL-to-Verilog simulation is conceptually simple, as the only transformation is from the map representation of the code to the case-statement representation. The proof is more involved, as the semantics of a map structure are quite different to the semantics of the case-statement they are converted to. |