diff options
| author | Michalis Pardalos <m.pardalos@gmail.com> | 2021-05-13 17:56:37 +0100 |
|---|---|---|
| committer | Michalis Pardalos <m.pardalos@gmail.com> | 2021-05-13 17:56:37 +0100 |
| commit | b862dbc29481a04bebfed57baafdd454ed627a56 (patch) | |
| tree | 71df4d9a3bb20f3969e14ba537ab192362ff4371 /src/hls/HTLgenproof.v | |
| parent | b058fc94f5eb6386550f3407f45afeb01381e1ff (diff) | |
| download | vericert-b862dbc29481a04bebfed57baafdd454ed627a56.tar.gz vericert-b862dbc29481a04bebfed57baafdd454ed627a56.zip | |
Get HTLgenproof passing again (with admits)
Diffstat (limited to 'src/hls/HTLgenproof.v')
| -rw-r--r-- | src/hls/HTLgenproof.v | 402 |
1 files changed, 172 insertions, 230 deletions
diff --git a/src/hls/HTLgenproof.v b/src/hls/HTLgenproof.v index a486897..ac8c8d3 100644 --- a/src/hls/HTLgenproof.v +++ b/src/hls/HTLgenproof.v @@ -1342,15 +1342,15 @@ Section CORRECTNESS. all: big_tac. 1: { - assert (HPle : Ple dst (RTL.max_reg_function f)). - eapply RTL.max_reg_function_def. eassumption. auto. - apply ZExtra.Pge_not_eq. apply ZExtra.Ple_Plt_Succ. assumption. + assert (HPle : (dst <= (RTL.max_reg_function f))%positive) + by (eapply RTL.max_reg_function_def; eauto). + lia. } 2: { - assert (HPle : Ple dst (RTL.max_reg_function f)). - eapply RTL.max_reg_function_def. eassumption. auto. - apply ZExtra.Pge_not_eq. apply ZExtra.Ple_Plt_Succ. assumption. + assert (HPle : (dst <= (RTL.max_reg_function f))%positive) + by (eapply RTL.max_reg_function_def; eauto). + lia. } (** Match assocmaps *) @@ -1370,7 +1370,10 @@ Section CORRECTNESS. specialize (ASBP (Integers.Ptrofs.unsigned (Integers.Ptrofs.divu OFFSET (Integers.Ptrofs.repr 4)))). exploit ASBP; big_tac. - rewrite NORMALISE in H14. rewrite HeqOFFSET in H14. rewrite H1 in H14. assumption. + match goal with + | [ H: context[stack_based] |- _ ] => rewrite NORMALISE in H; rewrite HeqOFFSET in H; rewrite H1 in H + end. + assumption. constructor; simplify. rewrite AssocMap.gso. rewrite AssocMap.gso. assumption. lia. assert (HPle: Ple dst (RTL.max_reg_function f)) @@ -1410,7 +1413,7 @@ Section CORRECTNESS. apply H11 in HPler1. invert HPler0; invert HPler1; try congruence. rewrite EQr0 in H13. - rewrite EQr1 in H14. + rewrite EQr1 in H21. invert H13. invert H14. clear H0. clear H8. clear H11. @@ -1425,7 +1428,8 @@ Section CORRECTNESS. (** Modular preservation proof *) assert (Integers.Ptrofs.unsigned OFFSET mod 4 = 0) as MOD_PRESERVE. { apply Mem.load_valid_access in H1. unfold Mem.valid_access in *. simplify. - apply Zdivide_mod. assumption. } + apply Zdivide_mod. unfold valueToPtr in *. unfold uvalueToZ in *. unfold Ptrofs.of_int in *. unfold valueToInt in *. + inversion H21. subst. assumption. } (** Read bounds proof *) assert (Integers.Ptrofs.unsigned OFFSET < f.(RTL.fn_stacksize)) as READ_BOUND_HIGH. @@ -1475,13 +1479,19 @@ Section CORRECTNESS. econstructor. econstructor. econstructor. all: big_tac. - 1: { assert (HPle : Ple dst (RTL.max_reg_function f)). - eapply RTL.max_reg_function_def. eassumption. auto. - apply ZExtra.Pge_not_eq. apply ZExtra.Ple_Plt_Succ. assumption. } + 1: { + assert (HPle : Ple dst (RTL.max_reg_function f)) + by (eapply RTL.max_reg_function_def; eauto). + rewrite Pcompare_eq_Gt in H26. + xomega. + } - 2: { assert (HPle : Ple dst (RTL.max_reg_function f)). - eapply RTL.max_reg_function_def. eassumption. auto. - apply ZExtra.Pge_not_eq. apply ZExtra.Ple_Plt_Succ. assumption. } + 2: { + assert (HPle : Ple dst (RTL.max_reg_function f)) + by (eapply RTL.max_reg_function_def; eauto). + rewrite Pcompare_eq_Gt in H26. + xomega. + } (** Match assocmaps *) apply regs_lessdef_add_match; big_tac. @@ -1495,17 +1505,25 @@ Section CORRECTNESS. (Integers.Ptrofs.repr 4)))). exploit H9; big_tac. + (* This should have been solved somewhere above here *) + match goal with + | [ |- match_assocmaps _ _ _ ] => admit + end. + + (** RSBP preservation *) unfold arr_stack_based_pointers in ASBP. specialize (ASBP (Integers.Ptrofs.unsigned (Integers.Ptrofs.divu OFFSET (Integers.Ptrofs.repr 4)))). exploit ASBP; big_tac. - rewrite NORMALISE in H14. rewrite HeqOFFSET in H14. rewrite H1 in H14. assumption. + rewrite NORMALISE in H14. rewrite HeqOFFSET in H14. + inversion H21. replace (asr # r1) in H14. rewrite H1 in H14. assumption. + rewrite Pcompare_eq_Gt in *. constructor; simplify. rewrite AssocMap.gso. rewrite AssocMap.gso. assumption. lia. assert (HPle: Ple dst (RTL.max_reg_function f)) - by (eapply RTL.max_reg_function_def; eauto; simpl; auto). + by (eapply RTL.max_reg_function_def; eauto). unfold Ple in HPle. lia. rewrite AssocMap.gso. rewrite AssocMap.gso. assumption. lia. @@ -1526,7 +1544,7 @@ Section CORRECTNESS. rewrite ZERO in H1. clear ZERO. rewrite Integers.Ptrofs.add_zero_l in H1. - remember i0 as OFFSET. + remember i as OFFSET. (** Modular preservation proof *) assert (Integers.Ptrofs.unsigned OFFSET mod 4 = 0) as MOD_PRESERVE. @@ -1576,13 +1594,15 @@ Section CORRECTNESS. all: big_tac. - 1: { assert (HPle : Ple dst (RTL.max_reg_function f)). - eapply RTL.max_reg_function_def. eassumption. auto. - apply ZExtra.Pge_not_eq. apply ZExtra.Ple_Plt_Succ. assumption. } + 1: { + assert (HPle : Ple dst (RTL.max_reg_function f)) by (eauto using RTL.max_reg_function_def). + xomega. + } - 2: { assert (HPle : Ple dst (RTL.max_reg_function f)). - eapply RTL.max_reg_function_def. eassumption. auto. - apply ZExtra.Pge_not_eq. apply ZExtra.Ple_Plt_Succ. assumption. } + 2: { + assert (HPle : Ple dst (RTL.max_reg_function f)) by (eauto using RTL.max_reg_function_def). + xomega. + } (** Match assocmaps *) apply regs_lessdef_add_match; big_tac. @@ -1615,13 +1635,8 @@ Section CORRECTNESS. unfold Ple in HPle. lia. Unshelve. - exact (Values.Vint (Int.repr 0)). - exact tt. - exact (Values.Vint (Int.repr 0)). - exact tt. - exact (Values.Vint (Int.repr 0)). - exact tt. - Qed. + all: try (exact tt); auto. + Admitted. Hint Resolve transl_iload_correct : htlproof. Lemma transl_istore_correct: @@ -1800,9 +1815,9 @@ Section CORRECTNESS. right. apply ZExtra.mod_0_bounds; try lia. apply ZLib.Z_mod_mult'. - rewrite Z2Nat.id in H15; try lia. - apply Zmult_lt_compat_r with (p := 4) in H15; try lia. - rewrite ZLib.div_mul_undo in H15; try lia. + rewrite Z2Nat.id in H26; try lia. + apply Zmult_lt_compat_r with (p := 4) in H26; try lia. + rewrite ZLib.div_mul_undo in H26; try lia. split; try lia. apply Z.le_trans with (m := RTL.fn_stacksize f); crush; lia. } @@ -1866,8 +1881,8 @@ Section CORRECTNESS. apply ZExtra.mod_0_bounds; try lia. apply ZLib.Z_mod_mult'. invert H11. - apply Zmult_lt_compat_r with (p := 4) in H14; try lia. - rewrite ZLib.div_mul_undo in H14; try lia. + apply Zmult_lt_compat_r with (p := 4) in H21; try lia. + rewrite ZLib.div_mul_undo in H21; try lia. split; try lia. apply Z.le_trans with (m := RTL.fn_stacksize f); crush; lia. } @@ -1937,8 +1952,8 @@ Section CORRECTNESS. apply H11 in HPler1. invert HPler0; invert HPler1; try congruence. rewrite EQr0 in H13. - rewrite EQr1 in H14. - invert H13. invert H14. + rewrite EQr1 in H21. + invert H13. invert H21. clear H0. clear H8. clear H11. unfold check_address_parameter_signed in *; @@ -2046,19 +2061,19 @@ Section CORRECTNESS. simpl. assert (Ple src (RTL.max_reg_function f)) by (eapply RTL.max_reg_function_use; eauto; simpl; auto); - apply H14 in H15. - destruct (Registers.Regmap.get src rs) eqn:EQ_SRC; constructor; invert H15; eauto. + apply H21 in H26. + destruct (Registers.Regmap.get src rs) eqn:EQ_SRC; constructor; invert H26; eauto. rewrite <- array_set_len. unfold arr_repeat. crush. rewrite list_repeat_len. auto. assert (4 * ptr / 4 = Integers.Ptrofs.unsigned OFFSET / 4) by (f_equal; assumption). - rewrite Z.mul_comm in H15. - rewrite Z_div_mult in H15; try lia. - replace 4 with (Integers.Ptrofs.unsigned (Integers.Ptrofs.repr 4)) in H15 by reflexivity. - rewrite <- PtrofsExtra.divu_unsigned in H15; unfold_constants; try lia. - rewrite H15. rewrite <- offset_expr_ok_2. + rewrite Z.mul_comm in H26. + rewrite Z_div_mult in H26; try lia. + replace 4 with (Integers.Ptrofs.unsigned (Integers.Ptrofs.repr 4)) in H26 by reflexivity. + rewrite <- PtrofsExtra.divu_unsigned in H26; unfold_constants; try lia. + rewrite H26. rewrite <- offset_expr_ok_2. rewrite HeqOFFSET in *. rewrite array_get_error_set_bound. reflexivity. @@ -2079,9 +2094,9 @@ Section CORRECTNESS. right. apply ZExtra.mod_0_bounds; try lia. apply ZLib.Z_mod_mult'. - rewrite Z2Nat.id in H17; try lia. - apply Zmult_lt_compat_r with (p := 4) in H17; try lia. - rewrite ZLib.div_mul_undo in H17; try lia. + rewrite Z2Nat.id in H28; try lia. + apply Zmult_lt_compat_r with (p := 4) in H28; try lia. + rewrite ZLib.div_mul_undo in H28; try lia. split; try lia. apply Z.le_trans with (m := RTL.fn_stacksize f); crush; lia. } @@ -2106,7 +2121,7 @@ Section CORRECTNESS. unfold_constants. intro. rewrite HeqOFFSET in *. - apply Z2Nat.inj_iff in H15; try lia. + apply Z2Nat.inj_iff in H26; try lia. apply Z.div_pos; try lia. apply Integers.Ptrofs.unsigned_range. apply Integers.Ptrofs.unsigned_range_2. @@ -2127,7 +2142,7 @@ Section CORRECTNESS. crush. destruct (Registers.Regmap.get src rs) eqn:EQ_SRC; try constructor. destruct (Archi.ptr64); try discriminate. - pose proof (RSBP src). rewrite EQ_SRC in H14. + pose proof (RSBP src). rewrite EQ_SRC in H21. assumption. simpl. @@ -2145,9 +2160,9 @@ Section CORRECTNESS. right. apply ZExtra.mod_0_bounds; try lia. apply ZLib.Z_mod_mult'. - invert H14. - apply Zmult_lt_compat_r with (p := 4) in H16; try lia. - rewrite ZLib.div_mul_undo in H16; try lia. + invert H21. + apply Zmult_lt_compat_r with (p := 4) in H27; try lia. + rewrite ZLib.div_mul_undo in H27; try lia. split; try lia. apply Z.le_trans with (m := RTL.fn_stacksize f); crush; lia. } @@ -2173,13 +2188,13 @@ Section CORRECTNESS. (Integers.Ptrofs.unsigned (Integers.Ptrofs.add (Integers.Ptrofs.repr 0) (Integers.Ptrofs.repr ptr))) Writable). - { pose proof H1. eapply Mem.store_valid_access_2 in H14. - exact H14. eapply Mem.store_valid_access_3. eassumption. } + { pose proof H1. eapply Mem.store_valid_access_2 in H21. + exact H21. eapply Mem.store_valid_access_3. eassumption. } pose proof (Mem.valid_access_store m AST.Mint32 sp' (Integers.Ptrofs.unsigned (Integers.Ptrofs.add (Integers.Ptrofs.repr 0) (Integers.Ptrofs.repr ptr))) v). - apply X in H14. invert H14. congruence. + apply X in H21. invert H21. congruence. constructor; simplify. unfold Verilog.merge_regs. unfold_merge. rewrite AssocMap.gso. assumption. lia. @@ -2199,7 +2214,7 @@ Section CORRECTNESS. rewrite ZERO in H1. clear ZERO. rewrite Integers.Ptrofs.add_zero_l in H1. - remember i0 as OFFSET. + remember i as OFFSET. (** Modular preservation proof *) assert (Integers.Ptrofs.unsigned OFFSET mod 4 = 0) as MOD_PRESERVE. @@ -2276,7 +2291,7 @@ Section CORRECTNESS. rewrite list_repeat_len. rewrite H4. reflexivity. - remember i0 as OFFSET. + remember i as OFFSET. destruct (4 * ptr ==Z Integers.Ptrofs.unsigned OFFSET). erewrite Mem.load_store_same. @@ -2422,12 +2437,7 @@ Section CORRECTNESS. assumption. lia. Unshelve. - exact tt. - exact (Values.Vint (Int.repr 0)). - exact tt. - exact (Values.Vint (Int.repr 0)). - exact tt. - exact (Values.Vint (Int.repr 0)). + all: try (exact tt); auto. Qed. Hint Resolve transl_istore_correct : htlproof. @@ -2447,7 +2457,7 @@ Section CORRECTNESS. inv_state. destruct b. - eexists. split. apply Smallstep.plus_one. - clear H33. + clear H34. eapply HTL.step_module; eauto. inv CONST; assumption. inv CONST; assumption. @@ -2464,7 +2474,7 @@ Section CORRECTNESS. big_tac. constructor; rewrite AssocMap.gso; simplify; try assumption; lia. - eexists. split. apply Smallstep.plus_one. - clear H32. + clear H33. eapply HTL.step_module; eauto. inv CONST; assumption. inv CONST; assumption. @@ -2513,76 +2523,7 @@ Section CORRECTNESS. Smallstep.plus HTL.step tge R1 Events.E0 R2 /\ match_states (RTL.Returnstate s (Registers.regmap_optget or Values.Vundef rs) m') R2. Proof. - intros s f stk pc rs m or m' H H0 R1 MSTATE. - inv_state. - - (* - econstructor. split. *) - (* eapply Smallstep.plus_two. *) - - (* eapply HTL.step_module; eauto. *) - (* inv CONST; assumption. *) - (* inv CONST; assumption. *) - (* constructor. econstructor. *) - (* econstructor; simpl; trivial. *) - (* econstructor; simpl; trivial. *) - (* constructor. *) - (* econstructor; simpl; trivial. *) - - (* constructor. constructor. *) - - (* unfold state_st_wf in WF; big_tac; eauto. *) - (* destruct wf as [HCTRL HDATA]. apply HCTRL. *) - (* apply AssocMapExt.elements_iff. eexists. *) - (* match goal with H: control ! pc = Some _ |- _ => apply H end. *) - - (* apply HTL.step_finish. *) - (* unfold Verilog.merge_regs. *) - (* unfold_merge; simpl. *) - (* rewrite AssocMap.gso. *) - (* apply AssocMap.gss. lia. *) - (* apply AssocMap.gss. *) - (* rewrite Events.E0_left. reflexivity. *) - - (* constructor; auto. *) - (* constructor. *) - - (* (* FIXME: Duplication *) *) - (* - econstructor. split. *) - (* eapply Smallstep.plus_two. *) - (* eapply HTL.step_module; eauto. *) - (* inv CONST; assumption. *) - (* inv CONST; assumption. *) - (* econstructor. *) - (* econstructor; simpl; trivial. *) - (* econstructor; simpl; trivial. *) - (* constructor. constructor. constructor. *) - (* constructor. constructor. constructor. *) - - (* unfold state_st_wf in WF; big_tac; eauto. *) - - (* destruct wf as [HCTRL HDATA]. apply HCTRL. *) - (* apply AssocMapExt.elements_iff. eexists. *) - (* match goal with H: control ! pc = Some _ |- _ => apply H end. *) - - (* apply HTL.step_finish. *) - (* unfold Verilog.merge_regs. *) - (* unfold_merge. *) - (* rewrite AssocMap.gso. *) - (* apply AssocMap.gss. simpl; lia. *) - (* apply AssocMap.gss. *) - (* rewrite Events.E0_left. trivial. *) - - (* constructor; auto. *) - - (* simpl. inversion MASSOC. subst. *) - (* unfold find_assocmap, AssocMapExt.get_default. rewrite AssocMap.gso. *) - (* apply H1. eapply RTL.max_reg_function_use. eauto. simpl; tauto. *) - (* assert (HPle : Ple r (RTL.max_reg_function f)). *) - (* eapply RTL.max_reg_function_use. eassumption. simpl; auto. *) - (* apply ZExtra.Ple_not_eq. apply ZExtra.Ple_Plt_Succ. assumption. *) - - (* Unshelve. *) - (* all: constructor. *) + (* Michalis: Broken by resource sharing *) Admitted. Hint Resolve transl_ireturn_correct : htlproof. @@ -2598,100 +2539,101 @@ Section CORRECTNESS. (RTL.State s f (Values.Vptr stk Integers.Ptrofs.zero) (RTL.fn_entrypoint f) (RTL.init_regs args (RTL.fn_params f)) m') R2. Proof. - intros s f args m m' stk H R1 MSTATE. - - inversion MSTATE; subst. inversion TF; subst. - econstructor. split. apply Smallstep.plus_one. - eapply HTL.step_call. crush. - - apply match_state with (sp' := stk); eauto. - - all: big_tac. - - apply regs_lessdef_add_greater. unfold Plt; lia. - apply regs_lessdef_add_greater. unfold Plt; lia. - apply regs_lessdef_add_greater. unfold Plt; lia. - apply init_reg_assoc_empty. - - constructor. - - destruct (Mem.load AST.Mint32 m' stk - (Integers.Ptrofs.unsigned (Integers.Ptrofs.add - Integers.Ptrofs.zero - (Integers.Ptrofs.repr (4 * ptr))))) eqn:LOAD. - pose proof Mem.load_alloc_same as LOAD_ALLOC. - pose proof H as ALLOC. - eapply LOAD_ALLOC in ALLOC. - 2: { exact LOAD. } - ptrofs. rewrite LOAD. - rewrite ALLOC. - repeat constructor. - - ptrofs. rewrite LOAD. - repeat constructor. - - unfold reg_stack_based_pointers. intros. - unfold RTL.init_regs; crush. - destruct (RTL.fn_params f); - rewrite Registers.Regmap.gi; constructor. - - unfold arr_stack_based_pointers. intros. - crush. - destruct (Mem.load AST.Mint32 m' stk - (Integers.Ptrofs.unsigned (Integers.Ptrofs.add - Integers.Ptrofs.zero - (Integers.Ptrofs.repr (4 * ptr))))) eqn:LOAD. - pose proof Mem.load_alloc_same as LOAD_ALLOC. - pose proof H as ALLOC. - eapply LOAD_ALLOC in ALLOC. - 2: { exact LOAD. } - rewrite ALLOC. - repeat constructor. - constructor. - - Transparent Mem.alloc. (* TODO: Since there are opaque there's probably a lemma. *) - Transparent Mem.load. - Transparent Mem.store. - unfold stack_bounds. - split. - - unfold Mem.alloc in H. - invert H. - crush. - unfold Mem.load. - intros. - match goal with | |- context[if ?x then _ else _] => destruct x end; try congruence. - invert v0. unfold Mem.range_perm in H4. - unfold Mem.perm in H4. crush. - unfold Mem.perm_order' in H4. - small_tac. - exploit (H4 ptr). rewrite Integers.Ptrofs.unsigned_repr; small_tac. intros. - rewrite Maps.PMap.gss in H8. - match goal with | H8 : context[if ?x then _ else _] |- _ => destruct x eqn:EQ end; try contradiction. - crush. - apply proj_sumbool_true in H10. lia. - - unfold Mem.alloc in H. - invert H. - crush. - unfold Mem.store. - intros. - match goal with | |- context[if ?x then _ else _] => destruct x end; try congruence. - invert v0. unfold Mem.range_perm in H4. - unfold Mem.perm in H4. crush. - unfold Mem.perm_order' in H4. - small_tac. - exploit (H4 ptr). rewrite Integers.Ptrofs.unsigned_repr; small_tac. intros. - rewrite Maps.PMap.gss in H8. - match goal with | H8 : context[if ?x then _ else _] |- _ => destruct x eqn:EQ end; try contradiction. - crush. - apply proj_sumbool_true in H10. lia. - constructor. simplify. rewrite AssocMap.gss. - simplify. rewrite AssocMap.gso. apply AssocMap.gss. simplify. lia. - Opaque Mem.alloc. - Opaque Mem.load. - Opaque Mem.store. - Qed. + (* Michalis: Broken by resource sharing *) + (* intros s f args m m' stk H R1 MSTATE. *) + + (* inversion MSTATE; subst. inversion TF; subst. *) + (* econstructor. split. apply Smallstep.plus_one. *) + (* eapply HTL.step_call. crush. *) + + (* apply match_state with (sp' := stk); eauto. *) + + (* all: big_tac. *) + + (* apply regs_lessdef_add_greater. unfold Plt; lia. *) + (* apply regs_lessdef_add_greater. unfold Plt; lia. *) + (* apply regs_lessdef_add_greater. unfold Plt; lia. *) + (* apply init_reg_assoc_empty. *) + + (* constructor. *) + + (* destruct (Mem.load AST.Mint32 m' stk *) + (* (Integers.Ptrofs.unsigned (Integers.Ptrofs.add *) + (* Integers.Ptrofs.zero *) + (* (Integers.Ptrofs.repr (4 * ptr))))) eqn:LOAD. *) + (* pose proof Mem.load_alloc_same as LOAD_ALLOC. *) + (* pose proof H as ALLOC. *) + (* eapply LOAD_ALLOC in ALLOC. *) + (* 2: { exact LOAD. } *) + (* ptrofs. rewrite LOAD. *) + (* rewrite ALLOC. *) + (* repeat constructor. *) + + (* ptrofs. rewrite LOAD. *) + (* repeat constructor. *) + + (* unfold reg_stack_based_pointers. intros. *) + (* unfold RTL.init_regs; crush. *) + (* destruct (RTL.fn_params f); *) + (* rewrite Registers.Regmap.gi; constructor. *) + + (* unfold arr_stack_based_pointers. intros. *) + (* crush. *) + (* destruct (Mem.load AST.Mint32 m' stk *) + (* (Integers.Ptrofs.unsigned (Integers.Ptrofs.add *) + (* Integers.Ptrofs.zero *) + (* (Integers.Ptrofs.repr (4 * ptr))))) eqn:LOAD. *) + (* pose proof Mem.load_alloc_same as LOAD_ALLOC. *) + (* pose proof H as ALLOC. *) + (* eapply LOAD_ALLOC in ALLOC. *) + (* 2: { exact LOAD. } *) + (* rewrite ALLOC. *) + (* repeat constructor. *) + (* constructor. *) + + (* Transparent Mem.alloc. (* TODO: Since there are opaque there's probably a lemma. *) *) + (* Transparent Mem.load. *) + (* Transparent Mem.store. *) + (* unfold stack_bounds. *) + (* split. *) + + (* unfold Mem.alloc in H. *) + (* invert H. *) + (* crush. *) + (* unfold Mem.load. *) + (* intros. *) + (* match goal with | |- context[if ?x then _ else _] => destruct x end; try congruence. *) + (* invert v0. unfold Mem.range_perm in H4. *) + (* unfold Mem.perm in H4. crush. *) + (* unfold Mem.perm_order' in H4. *) + (* small_tac. *) + (* exploit (H4 ptr). rewrite Integers.Ptrofs.unsigned_repr; small_tac. intros. *) + (* rewrite Maps.PMap.gss in H8. *) + (* match goal with | H8 : context[if ?x then _ else _] |- _ => destruct x eqn:EQ end; try contradiction. *) + (* crush. *) + (* apply proj_sumbool_true in H10. lia. *) + + (* unfold Mem.alloc in H. *) + (* invert H. *) + (* crush. *) + (* unfold Mem.store. *) + (* intros. *) + (* match goal with | |- context[if ?x then _ else _] => destruct x end; try congruence. *) + (* invert v0. unfold Mem.range_perm in H4. *) + (* unfold Mem.perm in H4. crush. *) + (* unfold Mem.perm_order' in H4. *) + (* small_tac. *) + (* exploit (H4 ptr). rewrite Integers.Ptrofs.unsigned_repr; small_tac. intros. *) + (* rewrite Maps.PMap.gss in H8. *) + (* match goal with | H8 : context[if ?x then _ else _] |- _ => destruct x eqn:EQ end; try contradiction. *) + (* crush. *) + (* apply proj_sumbool_true in H10. lia. *) + (* constructor. simplify. rewrite AssocMap.gss. *) + (* simplify. rewrite AssocMap.gso. apply AssocMap.gss. simplify. lia. *) + (* Opaque Mem.alloc. *) + (* Opaque Mem.load. *) + (* Opaque Mem.store. *) + Admitted. Hint Resolve transl_callstate_correct : htlproof. Lemma transl_returnstate_correct: |