1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
|
(* *********************************************************************)
(* *)
(* The Compcert verified compiler *)
(* *)
(* Xavier Leroy, INRIA Paris-Rocquencourt *)
(* *)
(* Copyright Institut National de Recherche en Informatique et en *)
(* Automatique. All rights reserved. This file is distributed *)
(* under the terms of the INRIA Non-Commercial License Agreement. *)
(* *)
(* *********************************************************************)
(** Correctness of instruction selection *)
Require Import Coqlib.
Require Import Maps.
Require Import AST.
Require Import Integers.
Require Import Floats.
Require Import Values.
Require Import Memory.
Require Import Events.
Require Import Globalenvs.
Require Import Smallstep.
Require Import Cminor.
Require Import Op.
Require Import CminorSel.
Require Import SelectOp.
Require Import Selection.
Require Import SelectOpproof.
Open Local Scope cminorsel_scope.
(** * Correctness of the instruction selection functions for expressions *)
Section CMCONSTR.
Variable ge: genv.
Variable sp: val.
Variable e: env.
Variable m: mem.
(** Conversion of condition expressions. *)
Lemma negate_condexpr_correct:
forall le a b,
eval_condexpr ge sp e m le a b ->
eval_condexpr ge sp e m le (negate_condexpr a) (negb b).
Proof.
induction 1; simpl.
constructor.
constructor.
econstructor. eauto. apply eval_negate_condition. auto.
econstructor. eauto. destruct vb1; auto.
Qed.
Scheme expr_ind2 := Induction for expr Sort Prop
with exprlist_ind2 := Induction for exprlist Sort Prop.
Fixpoint forall_exprlist (P: expr -> Prop) (el: exprlist) {struct el}: Prop :=
match el with
| Enil => True
| Econs e el' => P e /\ forall_exprlist P el'
end.
Lemma expr_induction_principle:
forall (P: expr -> Prop),
(forall i : ident, P (Evar i)) ->
(forall (o : operation) (e : exprlist),
forall_exprlist P e -> P (Eop o e)) ->
(forall (m : memory_chunk) (a : Op.addressing) (e : exprlist),
forall_exprlist P e -> P (Eload m a e)) ->
(forall (c : condexpr) (e : expr),
P e -> forall e0 : expr, P e0 -> P (Econdition c e e0)) ->
(forall e : expr, P e -> forall e0 : expr, P e0 -> P (Elet e e0)) ->
(forall n : nat, P (Eletvar n)) ->
forall e : expr, P e.
Proof.
intros. apply expr_ind2 with (P := P) (P0 := forall_exprlist P); auto.
simpl. auto.
intros. simpl. auto.
Qed.
Lemma eval_base_condition_of_expr:
forall le a v b,
eval_expr ge sp e m le a v ->
Val.bool_of_val v b ->
eval_condexpr ge sp e m le
(CEcond (Ccompimm Cne Int.zero) (a ::: Enil))
b.
Proof.
intros.
eapply eval_CEcond. eauto with evalexpr.
inversion H0; simpl. rewrite Int.eq_false; auto. auto. auto.
Qed.
Lemma is_compare_neq_zero_correct:
forall c v b,
is_compare_neq_zero c = true ->
eval_condition c (v :: nil) = Some b ->
Val.bool_of_val v b.
Proof.
intros.
destruct c; simpl in H; try discriminate;
destruct c; simpl in H; try discriminate;
generalize (Int.eq_spec i Int.zero); rewrite H; intro; subst i.
simpl in H0. destruct v; inv H0.
generalize (Int.eq_spec i Int.zero). destruct (Int.eq i Int.zero); intros; simpl.
subst i; constructor. constructor; auto. constructor.
simpl in H0. destruct v; inv H0.
generalize (Int.eq_spec i Int.zero). destruct (Int.eq i Int.zero); intros; simpl.
subst i; constructor. constructor; auto.
Qed.
Lemma is_compare_eq_zero_correct:
forall c v b,
is_compare_eq_zero c = true ->
eval_condition c (v :: nil) = Some b ->
Val.bool_of_val v (negb b).
Proof.
intros. apply is_compare_neq_zero_correct with (negate_condition c).
destruct c; simpl in H; simpl; try discriminate;
destruct c; simpl; try discriminate; auto.
apply eval_negate_condition; auto.
Qed.
Lemma eval_condition_of_expr:
forall a le v b,
eval_expr ge sp e m le a v ->
Val.bool_of_val v b ->
eval_condexpr ge sp e m le (condexpr_of_expr a) b.
Proof.
intro a0; pattern a0.
apply expr_induction_principle; simpl; intros;
try (eapply eval_base_condition_of_expr; eauto; fail).
destruct o; try (eapply eval_base_condition_of_expr; eauto; fail).
destruct e0. inv H0. inv H5. simpl in H7. inv H7.
inversion H1.
rewrite Int.eq_false; auto. constructor.
subst i; rewrite Int.eq_true. constructor.
eapply eval_base_condition_of_expr; eauto.
inv H0. simpl in H7.
assert (eval_condition c vl = Some b).
destruct (eval_condition c vl); try discriminate.
destruct b0; inv H7; inversion H1; congruence.
assert (eval_condexpr ge sp e m le (CEcond c e0) b).
eapply eval_CEcond; eauto.
destruct e0; auto. destruct e1; auto.
simpl in H. destruct H.
inv H5. inv H11.
case_eq (is_compare_neq_zero c); intros.
eapply H; eauto.
apply is_compare_neq_zero_correct with c; auto.
case_eq (is_compare_eq_zero c); intros.
replace b with (negb (negb b)). apply negate_condexpr_correct.
eapply H; eauto.
apply is_compare_eq_zero_correct with c; auto.
apply negb_involutive.
auto.
inv H1. destruct v1; eauto with evalexpr.
Qed.
Lemma eval_load:
forall le a v chunk v',
eval_expr ge sp e m le a v ->
Mem.loadv chunk m v = Some v' ->
eval_expr ge sp e m le (load chunk a) v'.
Proof.
intros. generalize H0; destruct v; simpl; intro; try discriminate.
unfold load.
generalize (eval_addressing _ _ _ _ _ chunk _ _ _ _ H (refl_equal _)).
destruct (addressing chunk a). intros [vl [EV EQ]].
eapply eval_Eload; eauto.
Qed.
Lemma eval_store:
forall chunk a1 a2 v1 v2 f k m',
eval_expr ge sp e m nil a1 v1 ->
eval_expr ge sp e m nil a2 v2 ->
Mem.storev chunk m v1 v2 = Some m' ->
step ge (State f (store chunk a1 a2) k sp e m)
E0 (State f Sskip k sp e m').
Proof.
intros. generalize H1; destruct v1; simpl; intro; try discriminate.
unfold store.
generalize (eval_addressing _ _ _ _ _ chunk _ _ _ _ H (refl_equal _)).
destruct (addressing chunk a1). intros [vl [EV EQ]].
eapply step_store; eauto.
Qed.
(** Correctness of instruction selection for operators *)
Lemma eval_sel_unop:
forall le op a1 v1 v,
eval_expr ge sp e m le a1 v1 ->
eval_unop op v1 = Some v ->
eval_expr ge sp e m le (sel_unop op a1) v.
Proof.
destruct op; simpl; intros; FuncInv; try subst v.
apply eval_cast8unsigned; auto.
apply eval_cast8signed; auto.
apply eval_cast16unsigned; auto.
apply eval_cast16signed; auto.
apply eval_negint; auto.
generalize (Int.eq_spec i Int.zero). destruct (Int.eq i Int.zero); intro.
change true with (negb false). eapply eval_notbool; eauto. subst i; constructor.
change false with (negb true). eapply eval_notbool; eauto. constructor; auto.
change Vfalse with (Val.of_bool (negb true)).
eapply eval_notbool; eauto. constructor.
apply eval_notint; auto.
apply eval_negf; auto.
apply eval_absf; auto.
apply eval_singleoffloat; auto.
apply eval_intoffloat; auto.
apply eval_intuoffloat; auto.
apply eval_floatofint; auto.
apply eval_floatofintu; auto.
Qed.
Lemma eval_sel_binop:
forall le op a1 a2 v1 v2 v,
eval_expr ge sp e m le a1 v1 ->
eval_expr ge sp e m le a2 v2 ->
eval_binop op v1 v2 = Some v ->
eval_expr ge sp e m le (sel_binop op a1 a2) v.
Proof.
destruct op; simpl; intros; FuncInv; try subst v.
apply eval_add; auto.
apply eval_add_ptr_2; auto.
apply eval_add_ptr; auto.
apply eval_sub; auto.
apply eval_sub_ptr_int; auto.
destruct (eq_block b b0); inv H1.
eapply eval_sub_ptr_ptr; eauto.
apply eval_mul; eauto.
generalize (Int.eq_spec i0 Int.zero). destruct (Int.eq i0 Int.zero); inv H1.
apply eval_divs; eauto.
generalize (Int.eq_spec i0 Int.zero). destruct (Int.eq i0 Int.zero); inv H1.
apply eval_divu; eauto.
generalize (Int.eq_spec i0 Int.zero). destruct (Int.eq i0 Int.zero); inv H1.
apply eval_mods; eauto.
generalize (Int.eq_spec i0 Int.zero). destruct (Int.eq i0 Int.zero); inv H1.
apply eval_modu; eauto.
apply eval_and; auto.
apply eval_or; auto.
apply eval_xor; auto.
caseEq (Int.ltu i0 Int.iwordsize); intro; rewrite H2 in H1; inv H1.
apply eval_shl; auto.
caseEq (Int.ltu i0 Int.iwordsize); intro; rewrite H2 in H1; inv H1.
apply eval_shr; auto.
caseEq (Int.ltu i0 Int.iwordsize); intro; rewrite H2 in H1; inv H1.
apply eval_shru; auto.
apply eval_addf; auto.
apply eval_subf; auto.
apply eval_mulf; auto.
apply eval_divf; auto.
apply eval_comp_int; auto.
eapply eval_comp_int_ptr; eauto.
eapply eval_comp_ptr_int; eauto.
destruct (eq_block b b0); inv H1.
eapply eval_comp_ptr_ptr; eauto.
eapply eval_comp_ptr_ptr_2; eauto.
eapply eval_compu; eauto.
eapply eval_compf; eauto.
Qed.
End CMCONSTR.
(** * Semantic preservation for instruction selection. *)
Section PRESERVATION.
Variable prog: Cminor.program.
Let tprog := sel_program prog.
Let ge := Genv.globalenv prog.
Let tge := Genv.globalenv tprog.
(** Relationship between the global environments for the original
CminorSel program and the generated RTL program. *)
Lemma symbols_preserved:
forall (s: ident), Genv.find_symbol tge s = Genv.find_symbol ge s.
Proof.
intros; unfold ge, tge, tprog, sel_program.
apply Genv.find_symbol_transf.
Qed.
Lemma functions_translated:
forall (v: val) (f: Cminor.fundef),
Genv.find_funct ge v = Some f ->
Genv.find_funct tge v = Some (sel_fundef f).
Proof.
intros.
exact (Genv.find_funct_transf sel_fundef _ _ H).
Qed.
Lemma function_ptr_translated:
forall (b: block) (f: Cminor.fundef),
Genv.find_funct_ptr ge b = Some f ->
Genv.find_funct_ptr tge b = Some (sel_fundef f).
Proof.
intros.
exact (Genv.find_funct_ptr_transf sel_fundef _ _ H).
Qed.
Lemma sig_function_translated:
forall f,
funsig (sel_fundef f) = Cminor.funsig f.
Proof.
intros. destruct f; reflexivity.
Qed.
(** Semantic preservation for expressions. *)
Lemma sel_expr_correct:
forall sp e m a v,
Cminor.eval_expr ge sp e m a v ->
forall le,
eval_expr tge sp e m le (sel_expr a) v.
Proof.
induction 1; intros; simpl.
(* Evar *)
constructor; auto.
(* Econst *)
destruct cst; simpl; simpl in H; (econstructor; [constructor|simpl;auto]).
rewrite symbols_preserved. auto.
(* Eunop *)
eapply eval_sel_unop; eauto.
(* Ebinop *)
eapply eval_sel_binop; eauto.
(* Eload *)
eapply eval_load; eauto.
(* Econdition *)
econstructor; eauto. eapply eval_condition_of_expr; eauto.
destruct b1; auto.
Qed.
Hint Resolve sel_expr_correct: evalexpr.
Lemma sel_exprlist_correct:
forall sp e m a v,
Cminor.eval_exprlist ge sp e m a v ->
forall le,
eval_exprlist tge sp e m le (sel_exprlist a) v.
Proof.
induction 1; intros; simpl; constructor; auto with evalexpr.
Qed.
Hint Resolve sel_exprlist_correct: evalexpr.
(** Semantic preservation for terminating function calls and statements. *)
Fixpoint sel_cont (k: Cminor.cont) : CminorSel.cont :=
match k with
| Cminor.Kstop => Kstop
| Cminor.Kseq s1 k1 => Kseq (sel_stmt s1) (sel_cont k1)
| Cminor.Kblock k1 => Kblock (sel_cont k1)
| Cminor.Kcall id f sp e k1 =>
Kcall id (sel_function f) sp e (sel_cont k1)
end.
Inductive match_states: Cminor.state -> CminorSel.state -> Prop :=
| match_state: forall f s k s' k' sp e m,
s' = sel_stmt s ->
k' = sel_cont k ->
match_states
(Cminor.State f s k sp e m)
(State (sel_function f) s' k' sp e m)
| match_callstate: forall f args k k' m,
k' = sel_cont k ->
match_states
(Cminor.Callstate f args k m)
(Callstate (sel_fundef f) args k' m)
| match_returnstate: forall v k k' m,
k' = sel_cont k ->
match_states
(Cminor.Returnstate v k m)
(Returnstate v k' m).
Remark call_cont_commut:
forall k, call_cont (sel_cont k) = sel_cont (Cminor.call_cont k).
Proof.
induction k; simpl; auto.
Qed.
Remark find_label_commut:
forall lbl s k,
find_label lbl (sel_stmt s) (sel_cont k) =
option_map (fun sk => (sel_stmt (fst sk), sel_cont (snd sk)))
(Cminor.find_label lbl s k).
Proof.
induction s; intros; simpl; auto.
unfold store. destruct (addressing m (sel_expr e)); auto.
change (Kseq (sel_stmt s2) (sel_cont k))
with (sel_cont (Cminor.Kseq s2 k)).
rewrite IHs1. rewrite IHs2.
destruct (Cminor.find_label lbl s1 (Cminor.Kseq s2 k)); auto.
rewrite IHs1. rewrite IHs2.
destruct (Cminor.find_label lbl s1 k); auto.
change (Kseq (Sloop (sel_stmt s)) (sel_cont k))
with (sel_cont (Cminor.Kseq (Cminor.Sloop s) k)).
auto.
change (Kblock (sel_cont k))
with (sel_cont (Cminor.Kblock k)).
auto.
destruct o; auto.
destruct (ident_eq lbl l); auto.
Qed.
Lemma sel_step_correct:
forall S1 t S2, Cminor.step ge S1 t S2 ->
forall T1, match_states S1 T1 ->
exists T2, step tge T1 t T2 /\ match_states S2 T2.
Proof.
induction 1; intros T1 ME; inv ME; simpl;
try (econstructor; split; [econstructor; eauto with evalexpr | econstructor; eauto]; fail).
(* skip call *)
econstructor; split.
econstructor. destruct k; simpl in H; simpl; auto.
rewrite <- H0; reflexivity.
simpl. eauto.
constructor; auto.
(*
(* assign *)
exists (State (sel_function f) Sskip (sel_cont k) sp (PTree.set id v e) m); split.
constructor. auto with evalexpr.
constructor; auto.
*)
(* store *)
econstructor; split.
eapply eval_store; eauto with evalexpr.
constructor; auto.
(* Scall *)
econstructor; split.
econstructor; eauto with evalexpr.
apply functions_translated; eauto.
apply sig_function_translated.
constructor; auto.
(* Stailcall *)
econstructor; split.
econstructor; eauto with evalexpr.
apply functions_translated; eauto.
apply sig_function_translated.
constructor; auto. apply call_cont_commut.
(* Sifthenelse *)
exists (State (sel_function f) (if b then sel_stmt s1 else sel_stmt s2) (sel_cont k) sp e m); split.
constructor. eapply eval_condition_of_expr; eauto with evalexpr.
constructor; auto. destruct b; auto.
(* Sreturn None *)
econstructor; split.
econstructor. simpl; eauto.
constructor; auto. apply call_cont_commut.
(* Sreturn Some *)
econstructor; split.
econstructor. simpl. eauto with evalexpr. simpl; eauto.
constructor; auto. apply call_cont_commut.
(* Sgoto *)
econstructor; split.
econstructor. simpl. rewrite call_cont_commut. rewrite find_label_commut.
rewrite H. simpl. reflexivity.
constructor; auto.
Qed.
Lemma sel_initial_states:
forall S, Cminor.initial_state prog S ->
exists R, initial_state tprog R /\ match_states S R.
Proof.
induction 1.
econstructor; split.
econstructor.
apply Genv.init_mem_transf; eauto.
simpl. fold tge. rewrite symbols_preserved. eexact H0.
apply function_ptr_translated. eauto.
rewrite <- H2. apply sig_function_translated; auto.
constructor; auto.
Qed.
Lemma sel_final_states:
forall S R r,
match_states S R -> Cminor.final_state S r -> final_state R r.
Proof.
intros. inv H0. inv H. simpl. constructor.
Qed.
Theorem transf_program_correct:
forall (beh: program_behavior), not_wrong beh ->
Cminor.exec_program prog beh -> CminorSel.exec_program tprog beh.
Proof.
unfold CminorSel.exec_program, Cminor.exec_program; intros.
eapply simulation_step_preservation; eauto.
eexact sel_initial_states.
eexact sel_final_states.
exact sel_step_correct.
Qed.
End PRESERVATION.
|
