diff options
author | James Pollard <james@pollard.dev> | 2020-06-24 17:15:22 +0100 |
---|---|---|
committer | James Pollard <james@pollard.dev> | 2020-06-24 17:15:22 +0100 |
commit | a67fb83021f3e5d7ade972ff329ab6c3c4b23620 (patch) | |
tree | 6efc9107332897e10e1c2fbffcc6d5bfb78789b4 /src/translation | |
parent | ec0fa1ac249a8eeb0df9700c50a3e6c4f1b540f2 (diff) | |
download | vericert-kvx-a67fb83021f3e5d7ade972ff329ab6c3c4b23620.tar.gz vericert-kvx-a67fb83021f3e5d7ade972ff329ab6c3c4b23620.zip |
Finish ILoad proof with some assumptions:
* EXPR_OK: Yann to work on this.
* READ_BOUNDS: To axiomise (or find a better solution).
* 32-bit range of register values.
Diffstat (limited to 'src/translation')
-rw-r--r-- | src/translation/HTLgen.v | 6 | ||||
-rw-r--r-- | src/translation/HTLgenproof.v | 36 |
2 files changed, 34 insertions, 8 deletions
diff --git a/src/translation/HTLgen.v b/src/translation/HTLgen.v index 92e40f5..357d487 100644 --- a/src/translation/HTLgen.v +++ b/src/translation/HTLgen.v @@ -260,6 +260,10 @@ Definition translate_eff_addressing (a: Op.addressing) (args: list reg) : mon ex if (check_address_parameter scale) && (check_address_parameter offset) then ret (Vbinop Vadd (boplitz Vmul r1 scale) (Vlit (ZToValue 32 offset))) else error (Errors.msg "Veriloggen: translate_eff_addressing address misaligned") + | Op.Aindexed2 offset, r1::r2::nil => + if (check_address_parameter offset) + then ret (Vbinop Vadd (Vvar r1) (boplitz Vadd r2 offset)) + else error (Errors.msg "Veriloggen: translate_eff_addressing address misaligned") | Op.Aindexed2scaled scale offset, r1::r2::nil => (* Typical for dynamic array addressing *) if (check_address_parameter scale) && (check_address_parameter offset) then ret (Vbinop Vadd (boplitz Vadd r1 offset) (boplitz Vmul r2 scale)) @@ -363,7 +367,7 @@ Definition translate_arr_access (mem : AST.memory_chunk) (addr : Op.addressing) (ZToValue 32 4))) else error (Errors.msg "Veriloggen: translate_arr_access address misaligned") | Mint32, Op.Ainstack a, nil => (* We need to be sure that the base address is aligned *) - let a := Integers.Ptrofs.unsigned a in + let a := Integers.Ptrofs.signed a in if (check_address_parameter a) then ret (Vvari stack (Vlit (ZToValue 32 (a / 4)))) else error (Errors.msg "Veriloggen: eff_addressing misaligned stack offset") diff --git a/src/translation/HTLgenproof.v b/src/translation/HTLgenproof.v index 8e97c58..a502453 100644 --- a/src/translation/HTLgenproof.v +++ b/src/translation/HTLgenproof.v @@ -525,8 +525,16 @@ Section CORRECTNESS. assert (0 <= Integers.Ptrofs.signed OFFSET) as READ_BOUND_LOW by admit. assert (Integers.Ptrofs.signed OFFSET < f.(RTL.fn_stacksize)) as READ_BOUND_HIGH by admit. - (** Modular Preservation proof *) - assert (Integers.Ptrofs.signed OFFSET mod 4 = 0) as MOD_PRESERVE by admit. + (** Modular preservation proof *) + assert (Integers.Ptrofs.signed OFFSET mod 4 = 0) as MOD_PRESERVE. + { rewrite HeqOFFSET. + apply PtrofsExtra.add_mod; simplify; try lia. + exists 1073741824. reflexivity. (* FIXME: This is sadness inducing. *) + rewrite Integers.Ptrofs.signed_repr; try assumption. + admit. (* FIXME: Register bounds. *) + apply PtrofsExtra.of_int_mod. + rewrite Integers.Int.signed_repr; simplify; try split; try assumption. + } (** Normalisation proof *) assert (Integers.Ptrofs.repr @@ -734,8 +742,22 @@ Section CORRECTNESS. assert (0 <= Integers.Ptrofs.signed OFFSET) as READ_BOUND_LOW by admit. assert (Integers.Ptrofs.signed OFFSET < f.(RTL.fn_stacksize)) as READ_BOUND_HIGH by admit. - (** Modular Preservation proof *) - assert (Integers.Ptrofs.signed OFFSET mod 4 = 0) as MOD_PRESERVE by admit. + (** Modular preservation proof *) + assert (Integers.Ptrofs.signed OFFSET mod 4 = 0) as MOD_PRESERVE. + { rewrite HeqOFFSET. + apply PtrofsExtra.add_mod; simplify; try lia. + exists 1073741824. reflexivity. (* FIXME: This is sadness inducing. *) + rewrite Integers.Ptrofs.signed_repr; try assumption. + admit. (* FIXME: Register bounds. *) + apply PtrofsExtra.of_int_mod. + apply IntExtra.add_mod; simplify; try lia. + exists 1073741824. reflexivity. (* FIXME: This is sadness inducing. *) + apply IntExtra.mul_mod; simplify; try lia. + exists 1073741824. reflexivity. (* FIXME: This is sadness inducing. *) + admit. (* FIXME: Register bounds. *) + rewrite Integers.Int.signed_repr; simplify; try split; try assumption. + rewrite Integers.Int.signed_repr; simplify; try split; try assumption. + } (** Normalisation proof *) assert (Integers.Ptrofs.repr @@ -918,8 +940,8 @@ Section CORRECTNESS. assert (0 <= Integers.Ptrofs.signed OFFSET) as READ_BOUND_LOW by admit. assert (Integers.Ptrofs.signed OFFSET < f.(RTL.fn_stacksize)) as READ_BOUND_HIGH by admit. - (** Modular Preservation proof *) - assert (Integers.Ptrofs.signed OFFSET mod 4 = 0) as MOD_PRESERVE by admit. + (** Modular preservation proof *) + rename H8 into MOD_PRESERVE. (** Normalisation proof *) assert (Integers.Ptrofs.repr @@ -1006,7 +1028,7 @@ Section CORRECTNESS. OFFSET (Integers.Ptrofs.repr 4))) = - valueToNat (ZToValue 32 (Integers.Ptrofs.unsigned OFFSET / 4))) + valueToNat (ZToValue 32 (Integers.Ptrofs.signed OFFSET / 4))) as EXPR_OK by admit. rewrite <- EXPR_OK. rewrite NORMALISE in I. |