1 | (* *********************************************************************) |
2 | (* *) |
3 | (* The Compcert verified compiler *) |
4 | (* *) |
5 | (* Xavier Leroy, INRIA Paris-Rocquencourt *) |
6 | (* *) |
7 | (* Copyright Institut National de Recherche en Informatique et en *) |
8 | (* Automatique. All rights reserved. This file is distributed *) |
9 | (* under the terms of the GNU General Public License as published by *) |
10 | (* the Free Software Foundation, either version 2 of the License, or *) |
11 | (* (at your option) any later version. This file is also distributed *) |
12 | (* under the terms of the INRIA Non-Commercial License Agreement. *) |
13 | (* *) |
14 | (* *********************************************************************) |
15 | |
16 | (* * Dynamic semantics for the Clight language *) |
17 | |
18 | include "Coqlib.ma". |
19 | include "Errors.ma". |
20 | include "Integers.ma". |
21 | include "Floats.ma". |
22 | include "Values.ma". |
23 | include "AST.ma". |
24 | include "Mem.ma". |
25 | include "Globalenvs.ma". |
26 | include "Csyntax.ma". |
27 | include "Maps.ma". |
28 | include "Events.ma". |
29 | include "Smallstep.ma". |
30 | |
31 | (* * * Semantics of type-dependent operations *) |
32 | |
33 | (* * Interpretation of values as truth values. |
34 | Non-zero integers, non-zero floats and non-null pointers are |
35 | considered as true. The integer zero (which also represents |
36 | the null pointer) and the float 0.0 are false. *) |
37 | |
38 | ninductive is_false: val → type → Prop ≝ |
39 | | is_false_int: ∀sz,sg. |
40 | is_false (Vint zero) (Tint sz sg) |
41 | | is_false_pointer: ∀t. |
42 | is_false (Vint zero) (Tpointer t) |
43 | | is_false_float: ∀sz. |
44 | is_false (Vfloat Fzero) (Tfloat sz). |
45 | |
46 | ninductive is_true: val → type → Prop ≝ |
47 | | is_true_int_int: ∀n,sz,sg. |
48 | n ≠ zero → |
49 | is_true (Vint n) (Tint sz sg) |
50 | | is_true_pointer_int: ∀b,ofs,sz,sg. |
51 | is_true (Vptr b ofs) (Tint sz sg) |
52 | | is_true_int_pointer: ∀n,t. |
53 | n ≠ zero → |
54 | is_true (Vint n) (Tpointer t) |
55 | | is_true_pointer_pointer: ∀b,ofs,t. |
56 | is_true (Vptr b ofs) (Tpointer t) |
57 | | is_true_float: ∀f,sz. |
58 | f ≠ Fzero → |
59 | is_true (Vfloat f) (Tfloat sz). |
60 | |
61 | ninductive bool_of_val : val → type → val → Prop ≝ |
62 | | bool_of_val_true: ∀v,ty. |
63 | is_true v ty → |
64 | bool_of_val v ty Vtrue |
65 | | bool_of_val_false: ∀v,ty. |
66 | is_false v ty → |
67 | bool_of_val v ty Vfalse. |
68 | |
69 | (* * The following [sem_] functions compute the result of an operator |
70 | application. Since operators are overloaded, the result depends |
71 | both on the static types of the arguments and on their run-time values. |
72 | Unlike in C, automatic conversions between integers and floats |
73 | are not performed. For instance, [e1 + e2] is undefined if [e1] |
74 | is a float and [e2] an integer. The Clight producer must have explicitly |
75 | promoted [e2] to a float. *) |
76 | |
77 | nlet rec sem_neg (v: val) (ty: type) : option val ≝ |
78 | match ty with |
79 | [ Tint _ _ ⇒ |
80 | match v with |
81 | [ Vint n ⇒ Some ? (Vint (neg n)) |
82 | | _ => None ? |
83 | ] |
84 | | Tfloat _ ⇒ |
85 | match v with |
86 | [ Vfloat f ⇒ Some ? (Vfloat (Fneg f)) |
87 | | _ ⇒ None ? |
88 | ] |
89 | | _ ⇒ None ? |
90 | ]. |
91 | |
92 | nlet rec sem_notint (v: val) : option val ≝ |
93 | match v with |
94 | [ Vint n ⇒ Some ? (Vint (xor n mone)) |
95 | | _ ⇒ None ? |
96 | ]. |
97 | |
98 | nlet rec sem_notbool (v: val) (ty: type) : option val ≝ |
99 | match ty with |
100 | [ Tint _ _ ⇒ |
101 | match v with |
102 | [ Vint n ⇒ Some ? (of_bool (eq n zero)) |
103 | | Vptr _ _ ⇒ Some ? Vfalse |
104 | | _ ⇒ None ? |
105 | ] |
106 | | Tpointer _ ⇒ |
107 | match v with |
108 | [ Vint n ⇒ Some ? (of_bool (eq n zero)) |
109 | | Vptr _ _ ⇒ Some ? Vfalse |
110 | | _ ⇒ None ? |
111 | ] |
112 | | Tfloat _ ⇒ |
113 | match v with |
114 | [ Vfloat f ⇒ Some ? (of_bool (Fcmp Ceq f Fzero)) |
115 | | _ ⇒ None ? |
116 | ] |
117 | | _ ⇒ None ? |
118 | ]. |
119 | |
120 | nlet rec sem_add (v1:val) (t1:type) (v2: val) (t2:type) : option val ≝ |
121 | match classify_add t1 t2 with |
122 | [ add_case_ii ⇒ (**r integer addition *) |
123 | match v1 with |
124 | [ Vint n1 ⇒ match v2 with |
125 | [ Vint n2 ⇒ Some ? (Vint (add n1 n2)) |
126 | | _ ⇒ None ? ] |
127 | | _ ⇒ None ? ] |
128 | | add_case_ff ⇒ (**r float addition *) |
129 | match v1 with |
130 | [ Vfloat n1 ⇒ match v2 with |
131 | [ Vfloat n2 ⇒ Some ? (Vfloat (Fadd n1 n2)) |
132 | | _ ⇒ None ? ] |
133 | | _ ⇒ None ? ] |
134 | | add_case_pi ty ⇒ (**r pointer plus integer *) |
135 | match v1 with |
136 | [ Vptr b1 ofs1 ⇒ match v2 with |
137 | [ Vint n2 ⇒ Some ? (Vptr b1 (add ofs1 (mul (repr (sizeof ty)) n2))) |
138 | | _ ⇒ None ? ] |
139 | | _ ⇒ None ? ] |
140 | | add_case_ip ty ⇒ (**r integer plus pointer *) |
141 | match v1 with |
142 | [ Vint n1 ⇒ match v2 with |
143 | [ Vptr b2 ofs2 ⇒ Some ? (Vptr b2 (add ofs2 (mul (repr (sizeof ty)) n1))) |
144 | | _ ⇒ None ? ] |
145 | | _ ⇒ None ? ] |
146 | | add_default ⇒ None ? |
147 | ]. |
148 | |
149 | nlet rec sem_sub (v1:val) (t1:type) (v2: val) (t2:type) : option val ≝ |
150 | match classify_sub t1 t2 with |
151 | [ sub_case_ii ⇒ (**r integer subtraction *) |
152 | match v1 with |
153 | [ Vint n1 ⇒ match v2 with |
154 | [ Vint n2 ⇒ Some ? (Vint (sub n1 n2)) |
155 | | _ ⇒ None ? ] |
156 | | _ ⇒ None ? ] |
157 | | sub_case_ff ⇒ (**r float subtraction *) |
158 | match v1 with |
159 | [ Vfloat f1 ⇒ match v2 with |
160 | [ Vfloat f2 ⇒ Some ? (Vfloat (Fsub f1 f2)) |
161 | | _ ⇒ None ? ] |
162 | | _ ⇒ None ? ] |
163 | | sub_case_pi ty ⇒ (**r pointer minus integer *) |
164 | match v1 with |
165 | [ Vptr b1 ofs1 ⇒ match v2 with |
166 | [ Vint n2 ⇒ Some ? (Vptr b1 (sub ofs1 (mul (repr (sizeof ty)) n2))) |
167 | | _ ⇒ None ? ] |
168 | | _ ⇒ None ? ] |
169 | | sub_case_pp ty ⇒ (**r pointer minus pointer *) |
170 | match v1 with |
171 | [ Vptr b1 ofs1 ⇒ match v2 with |
172 | [ Vptr b2 ofs2 ⇒ |
173 | if eqZb b1 b2 then |
174 | if eq (repr (sizeof ty)) zero then None ? |
175 | else Some ? (Vint (divu (sub ofs1 ofs2) (repr (sizeof ty)))) |
176 | else None ? |
177 | | _ ⇒ None ? ] |
178 | | _ ⇒ None ? ] |
179 | | sub_default ⇒ None ? |
180 | ]. |
181 | |
182 | nlet rec sem_mul (v1:val) (t1:type) (v2: val) (t2:type) : option val ≝ |
183 | match classify_mul t1 t2 with |
184 | [ mul_case_ii ⇒ |
185 | match v1 with |
186 | [ Vint n1 ⇒ match v2 with |
187 | [ Vint n2 ⇒ Some ? (Vint (mul n1 n2)) |
188 | | _ ⇒ None ? ] |
189 | | _ ⇒ None ? ] |
190 | | mul_case_ff ⇒ |
191 | match v1 with |
192 | [ Vfloat f1 ⇒ match v2 with |
193 | [ Vfloat f2 ⇒ Some ? (Vfloat (Fmul f1 f2)) |
194 | | _ ⇒ None ? ] |
195 | | _ ⇒ None ? ] |
196 | | mul_default ⇒ |
197 | None ? |
198 | ]. |
199 | |
200 | nlet rec sem_div (v1:val) (t1:type) (v2: val) (t2:type) : option val ≝ |
201 | match classify_div t1 t2 with |
202 | [ div_case_I32unsi ⇒ |
203 | match v1 with |
204 | [ Vint n1 ⇒ match v2 with |
205 | [ Vint n2 ⇒ if eq n2 zero then None ? else Some ? (Vint (divu n1 n2)) |
206 | | _ ⇒ None ? ] |
207 | | _ ⇒ None ? ] |
208 | | div_case_ii ⇒ |
209 | match v1 with |
210 | [ Vint n1 ⇒ match v2 with |
211 | [ Vint n2 ⇒ if eq n2 zero then None ? else Some ? (Vint(divs n1 n2)) |
212 | | _ ⇒ None ? ] |
213 | | _ ⇒ None ? ] |
214 | | div_case_ff ⇒ |
215 | match v1 with |
216 | [ Vfloat f1 ⇒ match v2 with |
217 | [ Vfloat f2 ⇒ Some ? (Vfloat(Fdiv f1 f2)) |
218 | | _ ⇒ None ? ] |
219 | | _ ⇒ None ? ] |
220 | | div_default ⇒ |
221 | None ? |
222 | ]. |
223 | |
224 | nlet rec sem_mod (v1:val) (t1:type) (v2: val) (t2:type) : option val ≝ |
225 | match classify_mod t1 t2 with |
226 | [ mod_case_I32unsi ⇒ |
227 | match v1 with |
228 | [ Vint n1 ⇒ match v2 with |
229 | [ Vint n2 ⇒ if eq n2 zero then None ? else Some ? (Vint (modu n1 n2)) |
230 | | _ ⇒ None ? ] |
231 | | _ ⇒ None ? ] |
232 | | mod_case_ii ⇒ |
233 | match v1 with |
234 | [ Vint n1 ⇒ match v2 with |
235 | [ Vint n2 ⇒ if eq n2 zero then None ? else Some ? (Vint (mods n1 n2)) |
236 | | _ ⇒ None ? ] |
237 | | _ ⇒ None ? ] |
238 | | mod_default ⇒ |
239 | None ? |
240 | ]. |
241 | |
242 | nlet rec sem_and (v1,v2: val) : option val ≝ |
243 | match v1 with |
244 | [ Vint n1 ⇒ match v2 with |
245 | [ Vint n2 ⇒ Some ? (Vint(i_and n1 n2)) |
246 | | _ ⇒ None ? ] |
247 | | _ ⇒ None ? |
248 | ]. |
249 | |
250 | nlet rec sem_or (v1,v2: val) : option val ≝ |
251 | match v1 with |
252 | [ Vint n1 ⇒ match v2 with |
253 | [ Vint n2 ⇒ Some ? (Vint(or n1 n2)) |
254 | | _ ⇒ None ? ] |
255 | | _ ⇒ None ? |
256 | ]. |
257 | |
258 | nlet rec sem_xor (v1,v2: val) : option val ≝ |
259 | match v1 with |
260 | [ Vint n1 ⇒ match v2 with |
261 | [ Vint n2 ⇒ Some ? (Vint(xor n1 n2)) |
262 | | _ ⇒ None ? ] |
263 | | _ ⇒ None ? |
264 | ]. |
265 | |
266 | nlet rec sem_shl (v1,v2: val): option val ≝ |
267 | match v1 with |
268 | [ Vint n1 ⇒ match v2 with |
269 | [ Vint n2 ⇒ |
270 | if ltu n2 iwordsize then Some ? (Vint(shl n1 n2)) else None ? |
271 | | _ ⇒ None ? ] |
272 | | _ ⇒ None ? ]. |
273 | |
274 | nlet rec sem_shr (v1: val) (t1: type) (v2: val) (t2: type): option val ≝ |
275 | match classify_shr t1 t2 with |
276 | [ shr_case_I32unsi ⇒ |
277 | match v1 with |
278 | [ Vint n1 ⇒ match v2 with |
279 | [ Vint n2 ⇒ |
280 | if ltu n2 iwordsize then Some ? (Vint (shru n1 n2)) else None ? |
281 | | _ ⇒ None ? ] |
282 | | _ ⇒ None ? ] |
283 | | shr_case_ii => |
284 | match v1 with |
285 | [ Vint n1 ⇒ match v2 with |
286 | [ Vint n2 ⇒ |
287 | if ltu n2 iwordsize then Some ? (Vint (shr n1 n2)) else None ? |
288 | | _ ⇒ None ? ] |
289 | | _ ⇒ None ? ] |
290 | | shr_default ⇒ |
291 | None ? |
292 | ]. |
293 | |
294 | nlet rec sem_cmp_mismatch (c: comparison): option val ≝ |
295 | match c with |
296 | [ Ceq => Some ? Vfalse |
297 | | Cne => Some ? Vtrue |
298 | | _ => None ? |
299 | ]. |
300 | |
301 | nlet rec sem_cmp (c:comparison) |
302 | (v1: val) (t1: type) (v2: val) (t2: type) |
303 | (m: mem): option val ≝ |
304 | match classify_cmp t1 t2 with |
305 | [ cmp_case_I32unsi ⇒ |
306 | match v1 with |
307 | [ Vint n1 ⇒ match v2 with |
308 | [ Vint n2 ⇒ Some ? (of_bool (cmpu c n1 n2)) |
309 | | _ ⇒ None ? ] |
310 | | _ ⇒ None ? ] |
311 | | cmp_case_ipip ⇒ |
312 | match v1 with |
313 | [ Vint n1 ⇒ match v2 with |
314 | [ Vint n2 ⇒ Some ? (of_bool (cmp c n1 n2)) |
315 | | Vptr b ofs ⇒ if eq n1 zero then sem_cmp_mismatch c else None ? |
316 | | _ ⇒ None ? |
317 | ] |
318 | | Vptr b1 ofs1 ⇒ |
319 | match v2 with |
320 | [ Vptr b2 ofs2 ⇒ |
321 | if valid_pointer m b1 (signed ofs1) |
322 | ∧ valid_pointer m b2 (signed ofs2) then |
323 | if eqZb b1 b2 |
324 | then Some ? (of_bool (cmp c ofs1 ofs2)) |
325 | else sem_cmp_mismatch c |
326 | else None ? |
327 | | Vint n ⇒ |
328 | if eq n zero then sem_cmp_mismatch c else None ? |
329 | | _ ⇒ None ? ] |
330 | | _ ⇒ None ? ] |
331 | | cmp_case_ff ⇒ |
332 | match v1 with |
333 | [ Vfloat f1 ⇒ |
334 | match v2 with |
335 | [ Vfloat f2 ⇒ Some ? (of_bool (Fcmp c f1 f2)) |
336 | | _ ⇒ None ? ] |
337 | | _ ⇒ None ? ] |
338 | | cmp_default ⇒ None ? |
339 | ]. |
340 | |
341 | ndefinition sem_unary_operation |
342 | : unary_operation → val → type → option val ≝ |
343 | λop,v,ty. |
344 | match op with |
345 | [ Onotbool => sem_notbool v ty |
346 | | Onotint => sem_notint v |
347 | | Oneg => sem_neg v ty |
348 | ]. |
349 | |
350 | nlet rec sem_binary_operation |
351 | (op: binary_operation) |
352 | (v1: val) (t1: type) (v2: val) (t2:type) |
353 | (m: mem): option val ≝ |
354 | match op with |
355 | [ Oadd ⇒ sem_add v1 t1 v2 t2 |
356 | | Osub ⇒ sem_sub v1 t1 v2 t2 |
357 | | Omul ⇒ sem_mul v1 t1 v2 t2 |
358 | | Omod ⇒ sem_mod v1 t1 v2 t2 |
359 | | Odiv ⇒ sem_div v1 t1 v2 t2 |
360 | | Oand ⇒ sem_and v1 v2 |
361 | | Oor ⇒ sem_or v1 v2 |
362 | | Oxor ⇒ sem_xor v1 v2 |
363 | | Oshl ⇒ sem_shl v1 v2 |
364 | | Oshr ⇒ sem_shr v1 t1 v2 t2 |
365 | | Oeq ⇒ sem_cmp Ceq v1 t1 v2 t2 m |
366 | | One ⇒ sem_cmp Cne v1 t1 v2 t2 m |
367 | | Olt ⇒ sem_cmp Clt v1 t1 v2 t2 m |
368 | | Ogt ⇒ sem_cmp Cgt v1 t1 v2 t2 m |
369 | | Ole ⇒ sem_cmp Cle v1 t1 v2 t2 m |
370 | | Oge ⇒ sem_cmp Cge v1 t1 v2 t2 m |
371 | ]. |
372 | |
373 | (* * Semantic of casts. [cast v1 t1 t2 v2] holds if value [v1], |
374 | viewed with static type [t1], can be cast to type [t2], |
375 | resulting in value [v2]. *) |
376 | |
377 | nlet rec cast_int_int (sz: intsize) (sg: signedness) (i: int) : int ≝ |
378 | match sz with |
379 | [ I8 ⇒ match sg with [ Signed ⇒ sign_ext 8 i | Unsigned ⇒ zero_ext 8 i ] |
380 | | I16 ⇒ match sg with [ Signed => sign_ext 16 i | Unsigned ⇒ zero_ext 16 i ] |
381 | | I32 ⇒ i |
382 | ]. |
383 | |
384 | nlet rec cast_int_float (si : signedness) (i: int) : float ≝ |
385 | match si with |
386 | [ Signed ⇒ floatofint i |
387 | | Unsigned ⇒ floatofintu i |
388 | ]. |
389 | |
390 | nlet rec cast_float_int (si : signedness) (f: float) : int ≝ |
391 | match si with |
392 | [ Signed ⇒ intoffloat f |
393 | | Unsigned ⇒ intuoffloat f |
394 | ]. |
395 | |
396 | nlet rec cast_float_float (sz: floatsize) (f: float) : float ≝ |
397 | match sz with |
398 | [ F32 ⇒ singleoffloat f |
399 | | F64 ⇒ f |
400 | ]. |
401 | |
402 | ninductive neutral_for_cast: type → Prop ≝ |
403 | | nfc_int: ∀sg. |
404 | neutral_for_cast (Tint I32 sg) |
405 | | nfc_ptr: ∀ty. |
406 | neutral_for_cast (Tpointer ty) |
407 | | nfc_array: ∀ty,sz. |
408 | neutral_for_cast (Tarray ty sz) |
409 | | nfc_fun: ∀targs,tres. |
410 | neutral_for_cast (Tfunction targs tres). |
411 | |
412 | ninductive cast : val → type → type → val → Prop ≝ |
413 | | cast_ii: ∀i,sz2,sz1,si1,si2. (**r int to int *) |
414 | cast (Vint i) (Tint sz1 si1) (Tint sz2 si2) |
415 | (Vint (cast_int_int sz2 si2 i)) |
416 | | cast_fi: ∀f,sz1,sz2,si2. (**r float to int *) |
417 | cast (Vfloat f) (Tfloat sz1) (Tint sz2 si2) |
418 | (Vint (cast_int_int sz2 si2 (cast_float_int si2 f))) |
419 | | cast_if: ∀i,sz1,sz2,si1. (**r int to float *) |
420 | cast (Vint i) (Tint sz1 si1) (Tfloat sz2) |
421 | (Vfloat (cast_float_float sz2 (cast_int_float si1 i))) |
422 | | cast_ff: ∀f,sz1,sz2. (**r float to float *) |
423 | cast (Vfloat f) (Tfloat sz1) (Tfloat sz2) |
424 | (Vfloat (cast_float_float sz2 f)) |
425 | | cast_nn_p: ∀b,ofs,t1,t2. (**r no change in data representation *) |
426 | neutral_for_cast t1 → neutral_for_cast t2 → |
427 | cast (Vptr b ofs) t1 t2 (Vptr b ofs) |
428 | | cast_nn_i: ∀n,t1,t2. (**r no change in data representation *) |
429 | neutral_for_cast t1 → neutral_for_cast t2 → |
430 | cast (Vint n) t1 t2 (Vint n). |
431 | |
432 | (* * * Operational semantics *) |
433 | |
434 | (* * The semantics uses two environments. The global environment |
435 | maps names of functions and global variables to memory block references, |
436 | and function pointers to their definitions. (See module [Globalenvs].) *) |
437 | |
438 | ndefinition genv ≝ (genv_t Genv) fundef. |
439 | |
440 | (* * The local environment maps local variables to block references. |
441 | The current value of the variable is stored in the associated memory |
442 | block. *) |
443 | |
444 | ndefinition env ≝ (tree_t ? PTree) block. (* map variable -> location *) |
445 | |
446 | ndefinition empty_env: env ≝ (empty ? PTree block). |
447 | |
448 | (* * [load_value_of_type ty m b ofs] computes the value of a datum |
449 | of type [ty] residing in memory [m] at block [b], offset [ofs]. |
450 | If the type [ty] indicates an access by value, the corresponding |
451 | memory load is performed. If the type [ty] indicates an access by |
452 | reference, the pointer [Vptr b ofs] is returned. *) |
453 | |
454 | nlet rec load_value_of_type (ty: type) (m: mem) (b: block) (ofs: int) : option val ≝ |
455 | match access_mode ty with |
456 | [ By_value chunk ⇒ loadv chunk m (Vptr b ofs) |
457 | | By_reference ⇒ Some ? (Vptr b ofs) |
458 | | By_nothing ⇒ None ? |
459 | ]. |
460 | |
461 | (* * Symmetrically, [store_value_of_type ty m b ofs v] returns the |
462 | memory state after storing the value [v] in the datum |
463 | of type [ty] residing in memory [m] at block [b], offset [ofs]. |
464 | This is allowed only if [ty] indicates an access by value. *) |
465 | |
466 | nlet rec store_value_of_type (ty_dest: type) (m: mem) (loc: block) (ofs: int) (v: val) : option mem ≝ |
467 | match access_mode ty_dest with |
468 | [ By_value chunk ⇒ storev chunk m (Vptr loc ofs) v |
469 | | By_reference ⇒ None ? |
470 | | By_nothing ⇒ None ? |
471 | ]. |
472 | |
473 | (* * Allocation of function-local variables. |
474 | [alloc_variables e1 m1 vars e2 m2] allocates one memory block |
475 | for each variable declared in [vars], and associates the variable |
476 | name with this block. [e1] and [m1] are the initial local environment |
477 | and memory state. [e2] and [m2] are the final local environment |
478 | and memory state. *) |
479 | |
480 | ninductive alloc_variables: env → mem → |
481 | list (ident × type) → |
482 | env → mem → Prop ≝ |
483 | | alloc_variables_nil: |
484 | ∀e,m. |
485 | alloc_variables e m (nil ?) e m |
486 | | alloc_variables_cons: |
487 | ∀e,m,id,ty,vars,m1,b1,m2,e2. |
488 | alloc m 0 (sizeof ty) = 〈m1, b1〉 → |
489 | alloc_variables (set ? PTree ? id b1 e) m1 vars e2 m2 → |
490 | alloc_variables e m (〈id, ty〉 :: vars) e2 m2. |
491 | |
492 | (* * Initialization of local variables that are parameters to a function. |
493 | [bind_parameters e m1 params args m2] stores the values [args] |
494 | in the memory blocks corresponding to the variables [params]. |
495 | [m1] is the initial memory state and [m2] the final memory state. *) |
496 | |
497 | ninductive bind_parameters: env → |
498 | mem → list (ident × type) → list val → |
499 | mem → Prop ≝ |
500 | | bind_parameters_nil: |
501 | ∀e,m. |
502 | bind_parameters e m (nil ?) (nil ?) m |
503 | | bind_parameters_cons: |
504 | ∀e,m,id,ty,params,v1,vl,b,m1,m2. |
505 | get ? PTree ? id e = Some ? b → |
506 | store_value_of_type ty m b zero v1 = Some ? m1 → |
507 | bind_parameters e m1 params vl m2 → |
508 | bind_parameters e m (〈id, ty〉 :: params) (v1 :: vl) m2. |
509 | |
510 | (* * Return the list of blocks in the codomain of [e]. *) |
511 | |
512 | ndefinition blocks_of_env : env → list block ≝ λe. |
513 | map ?? (snd ident block) (elements ? PTree ? e). |
514 | |
515 | (* * Selection of the appropriate case of a [switch], given the value [n] |
516 | of the selector expression. *) |
517 | |
518 | nlet rec select_switch (n: int) (sl: labeled_statements) |
519 | on sl : labeled_statements ≝ |
520 | match sl with |
521 | [ LSdefault _ ⇒ sl |
522 | | LScase c s sl' ⇒ if eq c n then sl else select_switch n sl' |
523 | ]. |
524 | |
525 | (* * Turn a labeled statement into a sequence *) |
526 | |
527 | nlet rec seq_of_labeled_statement (sl: labeled_statements) : statement ≝ |
528 | match sl with |
529 | [ LSdefault s ⇒ s |
530 | | LScase c s sl' ⇒ Ssequence s (seq_of_labeled_statement sl') |
531 | ]. |
532 | |
533 | (* |
534 | Section SEMANTICS. |
535 | |
536 | Variable ge: genv. |
537 | |
538 | (** ** Evaluation of expressions *) |
539 | |
540 | Section EXPR. |
541 | |
542 | Variable e: env. |
543 | Variable m: mem. |
544 | *) |
545 | (* * [eval_expr ge e m a v] defines the evaluation of expression [a] |
546 | in r-value position. [v] is the value of the expression. |
547 | [e] is the current environment and [m] is the current memory state. *) |
548 | |
549 | ninductive eval_expr (ge:genv) (e:env) (m:mem) : expr → val → Prop ≝ |
550 | | eval_Econst_int: ∀i,ty. |
551 | eval_expr ge e m (Expr (Econst_int i) ty) (Vint i) |
552 | | eval_Econst_float: ∀f,ty. |
553 | eval_expr ge e m (Expr (Econst_float f) ty) (Vfloat f) |
554 | | eval_Elvalue: ∀a,ty,loc,ofs,v. |
555 | eval_lvalue ge e m (Expr a ty) loc ofs -> |
556 | load_value_of_type ty m loc ofs = Some ? v -> |
557 | eval_expr ge e m (Expr a ty) v |
558 | | eval_Eaddrof: ∀a,ty,loc,ofs. |
559 | eval_lvalue ge e m a loc ofs -> |
560 | eval_expr ge e m (Expr (Eaddrof a) ty) (Vptr loc ofs) |
561 | | eval_Esizeof: ∀ty',ty. |
562 | eval_expr ge e m (Expr (Esizeof ty') ty) (Vint (repr (sizeof ty'))) |
563 | | eval_Eunop: ∀op,a,ty,v1,v. |
564 | eval_expr ge e m a v1 -> |
565 | sem_unary_operation op v1 (typeof a) = Some ? v -> |
566 | eval_expr ge e m (Expr (Eunop op a) ty) v |
567 | | eval_Ebinop: ∀op,a1,a2,ty,v1,v2,v. |
568 | eval_expr ge e m a1 v1 -> |
569 | eval_expr ge e m a2 v2 -> |
570 | sem_binary_operation op v1 (typeof a1) v2 (typeof a2) m = Some ? v -> |
571 | eval_expr ge e m (Expr (Ebinop op a1 a2) ty) v |
572 | | eval_Econdition_true: ∀a1,a2,a3,ty,v1,v2. |
573 | eval_expr ge e m a1 v1 -> |
574 | is_true v1 (typeof a1) -> |
575 | eval_expr ge e m a2 v2 -> |
576 | eval_expr ge e m (Expr (Econdition a1 a2 a3) ty) v2 |
577 | | eval_Econdition_false: ∀a1,a2,a3,ty,v1,v3. |
578 | eval_expr ge e m a1 v1 -> |
579 | is_false v1 (typeof a1) -> |
580 | eval_expr ge e m a3 v3 -> |
581 | eval_expr ge e m (Expr (Econdition a1 a2 a3) ty) v3 |
582 | | eval_Eorbool_1: ∀a1,a2,ty,v1. |
583 | eval_expr ge e m a1 v1 -> |
584 | is_true v1 (typeof a1) -> |
585 | eval_expr ge e m (Expr (Eorbool a1 a2) ty) Vtrue |
586 | | eval_Eorbool_2: ∀a1,a2,ty,v1,v2,v. |
587 | eval_expr ge e m a1 v1 -> |
588 | is_false v1 (typeof a1) -> |
589 | eval_expr ge e m a2 v2 -> |
590 | bool_of_val v2 (typeof a2) v -> |
591 | eval_expr ge e m (Expr (Eorbool a1 a2) ty) v |
592 | | eval_Eandbool_1: ∀a1,a2,ty,v1. |
593 | eval_expr ge e m a1 v1 -> |
594 | is_false v1 (typeof a1) -> |
595 | eval_expr ge e m (Expr (Eandbool a1 a2) ty) Vfalse |
596 | | eval_Eandbool_2: ∀a1,a2,ty,v1,v2,v. |
597 | eval_expr ge e m a1 v1 -> |
598 | is_true v1 (typeof a1) -> |
599 | eval_expr ge e m a2 v2 -> |
600 | bool_of_val v2 (typeof a2) v -> |
601 | eval_expr ge e m (Expr (Eandbool a1 a2) ty) v |
602 | | eval_Ecast: ∀a,ty,ty',v1,v. |
603 | eval_expr ge e m a v1 -> |
604 | cast v1 (typeof a) ty v -> |
605 | eval_expr ge e m (Expr (Ecast ty a) ty') v |
606 | |
607 | (* * [eval_lvalue ge e m a b ofs] defines the evaluation of expression [a] |
608 | in l-value position. The result is the memory location [b, ofs] |
609 | that contains the value of the expression [a]. *) |
610 | |
611 | with eval_lvalue (*(ge:genv) (e:env) (m:mem)*) : expr -> block -> int -> Prop ≝ |
612 | | eval_Evar_local: ∀id,l,ty. |
613 | (* XXX notation? e!id*) get ? PTree ? id e = Some ? l -> |
614 | eval_lvalue ge e m (Expr (Evar id) ty) l zero |
615 | | eval_Evar_global: ∀id,l,ty. |
616 | (* XXX e!id *) get ? PTree ? id e = None ? -> |
617 | find_symbol Genv ? ge id = Some ? l -> |
618 | eval_lvalue ge e m (Expr (Evar id) ty) l zero |
619 | | eval_Ederef: ∀a,ty,l,ofs. |
620 | eval_expr ge e m a (Vptr l ofs) -> |
621 | eval_lvalue ge e m (Expr (Ederef a) ty) l ofs |
622 | | eval_Efield_struct: ∀a,i,ty,l,ofs,id,fList,delta. |
623 | eval_lvalue ge e m a l ofs -> |
624 | typeof a = Tstruct id fList -> |
625 | field_offset i fList = OK ? delta -> |
626 | eval_lvalue ge e m (Expr (Efield a i) ty) l (add ofs (repr delta)) |
627 | | eval_Efield_union: ∀a,i,ty,l,ofs,id,fList. |
628 | eval_lvalue ge e m a l ofs -> |
629 | typeof a = Tunion id fList -> |
630 | eval_lvalue ge e m (Expr (Efield a i) ty) l ofs. |
631 | |
632 | (* |
633 | Scheme eval_expr_ind2 := Minimality for eval_expr Sort Prop |
634 | with eval_lvalue_ind2 := Minimality for eval_lvalue Sort Prop. |
635 | *) |
636 | |
637 | (* * [eval_exprlist ge e m al vl] evaluates a list of r-value |
638 | expressions [al] to their values [vl]. *) |
639 | |
640 | ninductive eval_exprlist (ge:genv) (e:env) (m:mem) : list expr -> list val -> Prop := |
641 | | eval_Enil: |
642 | eval_exprlist ge e m (nil ?) (nil ?) |
643 | | eval_Econs: ∀a,bl,v,vl. |
644 | eval_expr ge e m a v -> |
645 | eval_exprlist ge e m bl vl -> |
646 | eval_exprlist ge e m (a :: bl) (v :: vl). |
647 | |
648 | (*End EXPR.*) |
649 | |
650 | (* * ** Transition semantics for statements and functions *) |
651 | |
652 | (* * Continuations *) |
653 | |
654 | ninductive cont: Type := |
655 | | Kstop: cont |
656 | | Kseq: statement -> cont -> cont |
657 | (**r [Kseq s2 k] = after [s1] in [s1;s2] *) |
658 | | Kwhile: expr -> statement -> cont -> cont |
659 | (**r [Kwhile e s k] = after [s] in [while (e) s] *) |
660 | | Kdowhile: expr -> statement -> cont -> cont |
661 | (**r [Kdowhile e s k] = after [s] in [do s while (e)] *) |
662 | | Kfor2: expr -> statement -> statement -> cont -> cont |
663 | (**r [Kfor2 e2 e3 s k] = after [s] in [for(e1;e2;e3) s] *) |
664 | | Kfor3: expr -> statement -> statement -> cont -> cont |
665 | (**r [Kfor3 e2 e3 s k] = after [e3] in [for(e1;e2;e3) s] *) |
666 | | Kswitch: cont -> cont |
667 | (**r catches [break] statements arising out of [switch] *) |
668 | | Kcall: option (block × int × type) -> (**r where to store result *) |
669 | function -> (**r calling function *) |
670 | env -> (**r local env of calling function *) |
671 | cont -> cont. |
672 | |
673 | (* * Pop continuation until a call or stop *) |
674 | |
675 | nlet rec call_cont (k: cont) : cont := |
676 | match k with |
677 | [ Kseq s k => call_cont k |
678 | | Kwhile e s k => call_cont k |
679 | | Kdowhile e s k => call_cont k |
680 | | Kfor2 e2 e3 s k => call_cont k |
681 | | Kfor3 e2 e3 s k => call_cont k |
682 | | Kswitch k => call_cont k |
683 | | _ => k |
684 | ]. |
685 | |
686 | ndefinition is_call_cont : cont → Prop ≝ λk. |
687 | match k with |
688 | [ Kstop => True |
689 | | Kcall _ _ _ _ => True |
690 | | _ => False |
691 | ]. |
692 | |
693 | (* * States *) |
694 | |
695 | ninductive state: Type := |
696 | | State: |
697 | ∀f: function. |
698 | ∀s: statement. |
699 | ∀k: cont. |
700 | ∀e: env. |
701 | ∀m: mem. state |
702 | | Callstate: |
703 | ∀fd: fundef. |
704 | ∀args: list val. |
705 | ∀k: cont. |
706 | ∀m: mem. state |
707 | | Returnstate: |
708 | ∀res: val. |
709 | ∀k: cont. |
710 | ∀m: mem. state. |
711 | |
712 | (* * Find the statement and manufacture the continuation |
713 | corresponding to a label *) |
714 | |
715 | nlet rec find_label (lbl: label) (s: statement) (k: cont) |
716 | on s: option (statement × cont) := |
717 | match s with |
718 | [ Ssequence s1 s2 => |
719 | match find_label lbl s1 (Kseq s2 k) with |
720 | [ Some sk => Some ? sk |
721 | | None => find_label lbl s2 k |
722 | ] |
723 | | Sifthenelse a s1 s2 => |
724 | match find_label lbl s1 k with |
725 | [ Some sk => Some ? sk |
726 | | None => find_label lbl s2 k |
727 | ] |
728 | | Swhile a s1 => |
729 | find_label lbl s1 (Kwhile a s1 k) |
730 | | Sdowhile a s1 => |
731 | find_label lbl s1 (Kdowhile a s1 k) |
732 | | Sfor a1 a2 a3 s1 => |
733 | match find_label lbl a1 (Kseq (Sfor Sskip a2 a3 s1) k) with |
734 | [ Some sk => Some ? sk |
735 | | None => |
736 | match find_label lbl s1 (Kfor2 a2 a3 s1 k) with |
737 | [ Some sk => Some ? sk |
738 | | None => find_label lbl a3 (Kfor3 a2 a3 s1 k) |
739 | ] |
740 | ] |
741 | | Sswitch e sl => |
742 | find_label_ls lbl sl (Kswitch k) |
743 | | Slabel lbl' s' => |
744 | match ident_eq lbl lbl' with |
745 | [ inl _ ⇒ Some ? 〈s', k〉 |
746 | | inr _ ⇒ find_label lbl s' k |
747 | ] |
748 | | _ => None ? |
749 | ] |
750 | |
751 | and find_label_ls (lbl: label) (sl: labeled_statements) (k: cont) |
752 | on sl: option (statement × cont) := |
753 | match sl with |
754 | [ LSdefault s => find_label lbl s k |
755 | | LScase _ s sl' => |
756 | match find_label lbl s (Kseq (seq_of_labeled_statement sl') k) with |
757 | [ Some sk => Some ? sk |
758 | | None => find_label_ls lbl sl' k |
759 | ] |
760 | ]. |
761 | |
762 | (* * Transition relation *) |
763 | |
764 | ninductive step (ge:genv) : state -> trace -> state -> Prop := |
765 | |
766 | | step_assign: ∀f,a1,a2,k,e,m,loc,ofs,v2,m'. |
767 | eval_lvalue ge e m a1 loc ofs -> |
768 | eval_expr ge e m a2 v2 -> |
769 | store_value_of_type (typeof a1) m loc ofs v2 = Some ? m' -> |
770 | step ge (State f (Sassign a1 a2) k e m) |
771 | E0 (State f Sskip k e m') |
772 | |
773 | | step_call_none: ∀f,a,al,k,e,m,vf,vargs,fd. |
774 | eval_expr ge e m a vf -> |
775 | eval_exprlist ge e m al vargs -> |
776 | find_funct Genv ? ge vf = Some ? fd -> |
777 | type_of_fundef fd = typeof a -> |
778 | step ge (State f (Scall (None ?) a al) k e m) |
779 | E0 (Callstate fd vargs (Kcall (None ?) f e k) m) |
780 | |
781 | | step_call_some: ∀f,lhs,a,al,k,e,m,loc,ofs,vf,vargs,fd. |
782 | eval_lvalue ge e m lhs loc ofs -> |
783 | eval_expr ge e m a vf -> |
784 | eval_exprlist ge e m al vargs -> |
785 | find_funct Genv ? ge vf = Some ? fd -> |
786 | type_of_fundef fd = typeof a -> |
787 | step ge (State f (Scall (Some ? lhs) a al) k e m) |
788 | E0 (Callstate fd vargs (Kcall (Some ? 〈〈loc, ofs〉, typeof lhs〉) f e k) m) |
789 | |
790 | | step_seq: ∀f,s1,s2,k,e,m. |
791 | step ge (State f (Ssequence s1 s2) k e m) |
792 | E0 (State f s1 (Kseq s2 k) e m) |
793 | | step_skip_seq: ∀f,s,k,e,m. |
794 | step ge (State f Sskip (Kseq s k) e m) |
795 | E0 (State f s k e m) |
796 | | step_continue_seq: ∀f,s,k,e,m. |
797 | step ge (State f Scontinue (Kseq s k) e m) |
798 | E0 (State f Scontinue k e m) |
799 | | step_break_seq: ∀f,s,k,e,m. |
800 | step ge (State f Sbreak (Kseq s k) e m) |
801 | E0 (State f Sbreak k e m) |
802 | |
803 | | step_ifthenelse_true: ∀f,a,s1,s2,k,e,m,v1. |
804 | eval_expr ge e m a v1 -> |
805 | is_true v1 (typeof a) -> |
806 | step ge (State f (Sifthenelse a s1 s2) k e m) |
807 | E0 (State f s1 k e m) |
808 | | step_ifthenelse_false: ∀f,a,s1,s2,k,e,m,v1. |
809 | eval_expr ge e m a v1 -> |
810 | is_false v1 (typeof a) -> |
811 | step ge (State f (Sifthenelse a s1 s2) k e m) |
812 | E0 (State f s2 k e m) |
813 | |
814 | | step_while_false: ∀f,a,s,k,e,m,v. |
815 | eval_expr ge e m a v -> |
816 | is_false v (typeof a) -> |
817 | step ge (State f (Swhile a s) k e m) |
818 | E0 (State f Sskip k e m) |
819 | | step_while_true: ∀f,a,s,k,e,m,v. |
820 | eval_expr ge e m a v -> |
821 | is_true v (typeof a) -> |
822 | step ge (State f (Swhile a s) k e m) |
823 | E0 (State f s (Kwhile a s k) e m) |
824 | | step_skip_or_continue_while: ∀f,x,a,s,k,e,m. |
825 | x = Sskip ∨ x = Scontinue -> |
826 | step ge (State f x (Kwhile a s k) e m) |
827 | E0 (State f (Swhile a s) k e m) |
828 | | step_break_while: ∀f,a,s,k,e,m. |
829 | step ge (State f Sbreak (Kwhile a s k) e m) |
830 | E0 (State f Sskip k e m) |
831 | |
832 | | step_dowhile: ∀f,a,s,k,e,m. |
833 | step ge (State f (Sdowhile a s) k e m) |
834 | E0 (State f s (Kdowhile a s k) e m) |
835 | | step_skip_or_continue_dowhile_false: ∀f,x,a,s,k,e,m,v. |
836 | x = Sskip ∨ x = Scontinue -> |
837 | eval_expr ge e m a v -> |
838 | is_false v (typeof a) -> |
839 | step ge (State f x (Kdowhile a s k) e m) |
840 | E0 (State f Sskip k e m) |
841 | | step_skip_or_continue_dowhile_true: ∀f,x,a,s,k,e,m,v. |
842 | x = Sskip ∨ x = Scontinue -> |
843 | eval_expr ge e m a v -> |
844 | is_true v (typeof a) -> |
845 | step ge (State f x (Kdowhile a s k) e m) |
846 | E0 (State f (Sdowhile a s) k e m) |
847 | | step_break_dowhile: ∀f,a,s,k,e,m. |
848 | step ge (State f Sbreak (Kdowhile a s k) e m) |
849 | E0 (State f Sskip k e m) |
850 | |
851 | | step_for_start: ∀f,a1,a2,a3,s,k,e,m. |
852 | a1 ≠ Sskip -> |
853 | step ge (State f (Sfor a1 a2 a3 s) k e m) |
854 | E0 (State f a1 (Kseq (Sfor Sskip a2 a3 s) k) e m) |
855 | | step_for_false: ∀f,a2,a3,s,k,e,m,v. |
856 | eval_expr ge e m a2 v -> |
857 | is_false v (typeof a2) -> |
858 | step ge (State f (Sfor Sskip a2 a3 s) k e m) |
859 | E0 (State f Sskip k e m) |
860 | | step_for_true: ∀f,a2,a3,s,k,e,m,v. |
861 | eval_expr ge e m a2 v -> |
862 | is_true v (typeof a2) -> |
863 | step ge (State f (Sfor Sskip a2 a3 s) k e m) |
864 | E0 (State f s (Kfor2 a2 a3 s k) e m) |
865 | | step_skip_or_continue_for2: ∀f,x,a2,a3,s,k,e,m. |
866 | x = Sskip ∨ x = Scontinue -> |
867 | step ge (State f x (Kfor2 a2 a3 s k) e m) |
868 | E0 (State f a3 (Kfor3 a2 a3 s k) e m) |
869 | | step_break_for2: ∀f,a2,a3,s,k,e,m. |
870 | step ge (State f Sbreak (Kfor2 a2 a3 s k) e m) |
871 | E0 (State f Sskip k e m) |
872 | | step_skip_for3: ∀f,a2,a3,s,k,e,m. |
873 | step ge (State f Sskip (Kfor3 a2 a3 s k) e m) |
874 | E0 (State f (Sfor Sskip a2 a3 s) k e m) |
875 | |
876 | | step_return_0: ∀f,k,e,m. |
877 | fn_return f = Tvoid -> |
878 | step ge (State f (Sreturn (None ?)) k e m) |
879 | E0 (Returnstate Vundef (call_cont k) (free_list m (blocks_of_env e))) |
880 | | step_return_1: ∀f,a,k,e,m,v. |
881 | fn_return f ≠ Tvoid -> |
882 | eval_expr ge e m a v -> |
883 | step ge (State f (Sreturn (Some ? a)) k e m) |
884 | E0 (Returnstate v (call_cont k) (free_list m (blocks_of_env e))) |
885 | | step_skip_call: ∀f,k,e,m. |
886 | is_call_cont k -> |
887 | fn_return f = Tvoid -> |
888 | step ge (State f Sskip k e m) |
889 | E0 (Returnstate Vundef k (free_list m (blocks_of_env e))) |
890 | |
891 | | step_switch: ∀f,a,sl,k,e,m,n. |
892 | eval_expr ge e m a (Vint n) -> |
893 | step ge (State f (Sswitch a sl) k e m) |
894 | E0 (State f (seq_of_labeled_statement (select_switch n sl)) (Kswitch k) e m) |
895 | | step_skip_break_switch: ∀f,x,k,e,m. |
896 | x = Sskip ∨ x = Sbreak -> |
897 | step ge (State f x (Kswitch k) e m) |
898 | E0 (State f Sskip k e m) |
899 | | step_continue_switch: ∀f,k,e,m. |
900 | step ge (State f Scontinue (Kswitch k) e m) |
901 | E0 (State f Scontinue k e m) |
902 | |
903 | | step_label: ∀f,lbl,s,k,e,m. |
904 | step ge (State f (Slabel lbl s) k e m) |
905 | E0 (State f s k e m) |
906 | |
907 | | step_goto: ∀f,lbl,k,e,m,s',k'. |
908 | find_label lbl (fn_body f) (call_cont k) = Some ? 〈s', k'〉 -> |
909 | step ge (State f (Sgoto lbl) k e m) |
910 | E0 (State f s' k' e m) |
911 | |
912 | | step_internal_function: ∀f,vargs,k,m,e,m1,m2. |
913 | alloc_variables empty_env m ((fn_params f) @ (fn_vars f)) e m1 -> |
914 | bind_parameters e m1 (fn_params f) vargs m2 -> |
915 | step ge (Callstate (Internal f) vargs k m) |
916 | E0 (State f (fn_body f) k e m2) |
917 | |
918 | | step_external_function: ∀id,targs,tres,vargs,k,m,vres,t. |
919 | event_match (external_function id targs tres) vargs t vres -> |
920 | step ge (Callstate (External id targs tres) vargs k m) |
921 | t (Returnstate vres k m) |
922 | |
923 | | step_returnstate_0: ∀v,f,e,k,m. |
924 | step ge (Returnstate v (Kcall (None ?) f e k) m) |
925 | E0 (State f Sskip k e m) |
926 | |
927 | | step_returnstate_1: ∀v,f,e,k,m,m',loc,ofs,ty. |
928 | store_value_of_type ty m loc ofs v = Some ? m' -> |
929 | step ge (Returnstate v (Kcall (Some ? 〈〈loc, ofs〉, ty〉) f e k) m) |
930 | E0 (State f Sskip k e m'). |
931 | (* |
---|
932 | (** * Alternate big-step semantics *) |
---|
933 | |
---|
934 | (** ** Big-step semantics for terminating statements and functions *) |
---|
935 | |
---|
936 | (** The execution of a statement produces an ``outcome'', indicating |
---|
937 | how the execution terminated: either normally or prematurely |
---|
938 | through the execution of a [break], [continue] or [return] statement. *) |
---|
939 | |
---|
940 | ninductive outcome: Type := |
---|
941 | | Out_break: outcome (**r terminated by [break] *) |
---|
942 | | Out_continue: outcome (**r terminated by [continue] *) |
---|
943 | | Out_normal: outcome (**r terminated normally *) |
---|
944 | | Out_return: option val -> outcome. (**r terminated by [return] *) |
---|
945 | |
---|
946 | ninductive out_normal_or_continue : outcome -> Prop := |
---|
947 | | Out_normal_or_continue_N: out_normal_or_continue Out_normal |
---|
948 | | Out_normal_or_continue_C: out_normal_or_continue Out_continue. |
---|
949 | |
---|
950 | ninductive out_break_or_return : outcome -> outcome -> Prop := |
---|
951 | | Out_break_or_return_B: out_break_or_return Out_break Out_normal |
---|
952 | | Out_break_or_return_R: ∀ov. |
---|
953 | out_break_or_return (Out_return ov) (Out_return ov). |
---|
954 | |
---|
955 | Definition outcome_switch (out: outcome) : outcome := |
---|
956 | match out with |
---|
957 | | Out_break => Out_normal |
---|
958 | | o => o |
---|
959 | end. |
---|
960 | |
---|
961 | Definition outcome_result_value (out: outcome) (t: type) (v: val) : Prop := |
---|
962 | match out, t with |
---|
963 | | Out_normal, Tvoid => v = Vundef |
---|
964 | | Out_return None, Tvoid => v = Vundef |
---|
965 | | Out_return (Some v'), ty => ty <> Tvoid /\ v'=v |
---|
966 | | _, _ => False |
---|
967 | end. |
---|
968 | |
---|
969 | (** [exec_stmt ge e m1 s t m2 out] describes the execution of |
---|
970 | the statement [s]. [out] is the outcome for this execution. |
---|
971 | [m1] is the initial memory state, [m2] the final memory state. |
---|
972 | [t] is the trace of input/output events performed during this |
---|
973 | evaluation. *) |
---|
974 | |
---|
975 | ninductive exec_stmt: env -> mem -> statement -> trace -> mem -> outcome -> Prop := |
---|
976 | | exec_Sskip: ∀e,m. |
---|
977 | exec_stmt e m Sskip |
---|
978 | E0 m Out_normal |
---|
979 | | exec_Sassign: ∀e,m,a1,a2,loc,ofs,v2,m'. |
---|
980 | eval_lvalue e m a1 loc ofs -> |
---|
981 | eval_expr e m a2 v2 -> |
---|
982 | store_value_of_type (typeof a1) m loc ofs v2 = Some m' -> |
---|
983 | exec_stmt e m (Sassign a1 a2) |
---|
984 | E0 m' Out_normal |
---|
985 | | exec_Scall_none: ∀e,m,a,al,vf,vargs,f,t,m',vres. |
---|
986 | eval_expr e m a vf -> |
---|
987 | eval_exprlist e m al vargs -> |
---|
988 | Genv.find_funct ge vf = Some f -> |
---|
989 | type_of_fundef f = typeof a -> |
---|
990 | eval_funcall m f vargs t m' vres -> |
---|
991 | exec_stmt e m (Scall None a al) |
---|
992 | t m' Out_normal |
---|
993 | | exec_Scall_some: ∀e,m,lhs,a,al,loc,ofs,vf,vargs,f,t,m',vres,m''. |
---|
994 | eval_lvalue e m lhs loc ofs -> |
---|
995 | eval_expr e m a vf -> |
---|
996 | eval_exprlist e m al vargs -> |
---|
997 | Genv.find_funct ge vf = Some f -> |
---|
998 | type_of_fundef f = typeof a -> |
---|
999 | eval_funcall m f vargs t m' vres -> |
---|
1000 | store_value_of_type (typeof lhs) m' loc ofs vres = Some m'' -> |
---|
1001 | exec_stmt e m (Scall (Some lhs) a al) |
---|
1002 | t m'' Out_normal |
---|
1003 | | exec_Sseq_1: ∀e,m,s1,s2,t1,m1,t2,m2,out. |
---|
1004 | exec_stmt e m s1 t1 m1 Out_normal -> |
---|
1005 | exec_stmt e m1 s2 t2 m2 out -> |
---|
1006 | exec_stmt e m (Ssequence s1 s2) |
---|
1007 | (t1 ** t2) m2 out |
---|
1008 | | exec_Sseq_2: ∀e,m,s1,s2,t1,m1,out. |
---|
1009 | exec_stmt e m s1 t1 m1 out -> |
---|
1010 | out <> Out_normal -> |
---|
1011 | exec_stmt e m (Ssequence s1 s2) |
---|
1012 | t1 m1 out |
---|
1013 | | exec_Sifthenelse_true: ∀e,m,a,s1,s2,v1,t,m',out. |
---|
1014 | eval_expr e m a v1 -> |
---|
1015 | is_true v1 (typeof a) -> |
---|
1016 | exec_stmt e m s1 t m' out -> |
---|
1017 | exec_stmt e m (Sifthenelse a s1 s2) |
---|
1018 | t m' out |
---|
1019 | | exec_Sifthenelse_false: ∀e,m,a,s1,s2,v1,t,m',out. |
---|
1020 | eval_expr e m a v1 -> |
---|
1021 | is_false v1 (typeof a) -> |
---|
1022 | exec_stmt e m s2 t m' out -> |
---|
1023 | exec_stmt e m (Sifthenelse a s1 s2) |
---|
1024 | t m' out |
---|
1025 | | exec_Sreturn_none: ∀e,m. |
---|
1026 | exec_stmt e m (Sreturn None) |
---|
1027 | E0 m (Out_return None) |
---|
1028 | | exec_Sreturn_some: ∀e,m,a,v. |
---|
1029 | eval_expr e m a v -> |
---|
1030 | exec_stmt e m (Sreturn (Some a)) |
---|
1031 | E0 m (Out_return (Some v)) |
---|
1032 | | exec_Sbreak: ∀e,m. |
---|
1033 | exec_stmt e m Sbreak |
---|
1034 | E0 m Out_break |
---|
1035 | | exec_Scontinue: ∀e,m. |
---|
1036 | exec_stmt e m Scontinue |
---|
1037 | E0 m Out_continue |
---|
1038 | | exec_Swhile_false: ∀e,m,a,s,v. |
---|
1039 | eval_expr e m a v -> |
---|
1040 | is_false v (typeof a) -> |
---|
1041 | exec_stmt e m (Swhile a s) |
---|
1042 | E0 m Out_normal |
---|
1043 | | exec_Swhile_stop: ∀e,m,a,v,s,t,m',out',out. |
---|
1044 | eval_expr e m a v -> |
---|
1045 | is_true v (typeof a) -> |
---|
1046 | exec_stmt e m s t m' out' -> |
---|
1047 | out_break_or_return out' out -> |
---|
1048 | exec_stmt e m (Swhile a s) |
---|
1049 | t m' out |
---|
1050 | | exec_Swhile_loop: ∀e,m,a,s,v,t1,m1,out1,t2,m2,out. |
---|
1051 | eval_expr e m a v -> |
---|
1052 | is_true v (typeof a) -> |
---|
1053 | exec_stmt e m s t1 m1 out1 -> |
---|
1054 | out_normal_or_continue out1 -> |
---|
1055 | exec_stmt e m1 (Swhile a s) t2 m2 out -> |
---|
1056 | exec_stmt e m (Swhile a s) |
---|
1057 | (t1 ** t2) m2 out |
---|
1058 | | exec_Sdowhile_false: ∀e,m,s,a,t,m1,out1,v. |
---|
1059 | exec_stmt e m s t m1 out1 -> |
---|
1060 | out_normal_or_continue out1 -> |
---|
1061 | eval_expr e m1 a v -> |
---|
1062 | is_false v (typeof a) -> |
---|
1063 | exec_stmt e m (Sdowhile a s) |
---|
1064 | t m1 Out_normal |
---|
1065 | | exec_Sdowhile_stop: ∀e,m,s,a,t,m1,out1,out. |
---|
1066 | exec_stmt e m s t m1 out1 -> |
---|
1067 | out_break_or_return out1 out -> |
---|
1068 | exec_stmt e m (Sdowhile a s) |
---|
1069 | t m1 out |
---|
1070 | | exec_Sdowhile_loop: ∀e,m,s,a,m1,m2,t1,t2,out,out1,v. |
---|
1071 | exec_stmt e m s t1 m1 out1 -> |
---|
1072 | out_normal_or_continue out1 -> |
---|
1073 | eval_expr e m1 a v -> |
---|
1074 | is_true v (typeof a) -> |
---|
1075 | exec_stmt e m1 (Sdowhile a s) t2 m2 out -> |
---|
1076 | exec_stmt e m (Sdowhile a s) |
---|
1077 | (t1 ** t2) m2 out |
---|
1078 | | exec_Sfor_start: ∀e,m,s,a1,a2,a3,out,m1,m2,t1,t2. |
---|
1079 | a1 <> Sskip -> |
---|
1080 | exec_stmt e m a1 t1 m1 Out_normal -> |
---|
1081 | exec_stmt e m1 (Sfor Sskip a2 a3 s) t2 m2 out -> |
---|
1082 | exec_stmt e m (Sfor a1 a2 a3 s) |
---|
1083 | (t1 ** t2) m2 out |
---|
1084 | | exec_Sfor_false: ∀e,m,s,a2,a3,v. |
---|
1085 | eval_expr e m a2 v -> |
---|
1086 | is_false v (typeof a2) -> |
---|
1087 | exec_stmt e m (Sfor Sskip a2 a3 s) |
---|
1088 | E0 m Out_normal |
---|
1089 | | exec_Sfor_stop: ∀e,m,s,a2,a3,v,m1,t,out1,out. |
---|
1090 | eval_expr e m a2 v -> |
---|
1091 | is_true v (typeof a2) -> |
---|
1092 | exec_stmt e m s t m1 out1 -> |
---|
1093 | out_break_or_return out1 out -> |
---|
1094 | exec_stmt e m (Sfor Sskip a2 a3 s) |
---|
1095 | t m1 out |
---|
1096 | | exec_Sfor_loop: ∀e,m,s,a2,a3,v,m1,m2,m3,t1,t2,t3,out1,out. |
---|
1097 | eval_expr e m a2 v -> |
---|
1098 | is_true v (typeof a2) -> |
---|
1099 | exec_stmt e m s t1 m1 out1 -> |
---|
1100 | out_normal_or_continue out1 -> |
---|
1101 | exec_stmt e m1 a3 t2 m2 Out_normal -> |
---|
1102 | exec_stmt e m2 (Sfor Sskip a2 a3 s) t3 m3 out -> |
---|
1103 | exec_stmt e m (Sfor Sskip a2 a3 s) |
---|
1104 | (t1 ** t2 ** t3) m3 out |
---|
1105 | | exec_Sswitch: ∀e,m,a,t,n,sl,m1,out. |
---|
1106 | eval_expr e m a (Vint n) -> |
---|
1107 | exec_stmt e m (seq_of_labeled_statement (select_switch n sl)) t m1 out -> |
---|
1108 | exec_stmt e m (Sswitch a sl) |
---|
1109 | t m1 (outcome_switch out) |
---|
1110 | |
---|
1111 | (** [eval_funcall m1 fd args t m2 res] describes the invocation of |
---|
1112 | function [fd] with arguments [args]. [res] is the value returned |
---|
1113 | by the call. *) |
---|
1114 | |
---|
1115 | with eval_funcall: mem -> fundef -> list val -> trace -> mem -> val -> Prop := |
---|
1116 | | eval_funcall_internal: ∀m,f,vargs,t,e,m1,m2,m3,out,vres. |
---|
1117 | alloc_variables empty_env m (f.(fn_params) ++ f.(fn_vars)) e m1 -> |
---|
1118 | bind_parameters e m1 f.(fn_params) vargs m2 -> |
---|
1119 | exec_stmt e m2 f.(fn_body) t m3 out -> |
---|
1120 | outcome_result_value out f.(fn_return) vres -> |
---|
1121 | eval_funcall m (Internal f) vargs t (Mem.free_list m3 (blocks_of_env e)) vres |
---|
1122 | | eval_funcall_external: ∀m,id,targs,tres,vargs,t,vres. |
---|
1123 | event_match (external_function id targs tres) vargs t vres -> |
---|
1124 | eval_funcall m (External id targs tres) vargs t m vres. |
---|
1125 | |
---|
1126 | Scheme exec_stmt_ind2 := Minimality for exec_stmt Sort Prop |
---|
1127 | with eval_funcall_ind2 := Minimality for eval_funcall Sort Prop. |
---|
1128 | |
---|
1129 | (** ** Big-step semantics for diverging statements and functions *) |
---|
1130 | |
---|
1131 | (** Coinductive semantics for divergence. |
---|
1132 | [execinf_stmt ge e m s t] holds if the execution of statement [s] |
---|
1133 | diverges, i.e. loops infinitely. [t] is the possibly infinite |
---|
1134 | trace of observable events performed during the execution. *) |
---|
1135 | |
---|
1136 | Coninductive execinf_stmt: env -> mem -> statement -> traceinf -> Prop := |
---|
1137 | | execinf_Scall_none: ∀e,m,a,al,vf,vargs,f,t. |
---|
1138 | eval_expr e m a vf -> |
---|
1139 | eval_exprlist e m al vargs -> |
---|
1140 | Genv.find_funct ge vf = Some f -> |
---|
1141 | type_of_fundef f = typeof a -> |
---|
1142 | evalinf_funcall m f vargs t -> |
---|
1143 | execinf_stmt e m (Scall None a al) t |
---|
1144 | | execinf_Scall_some: ∀e,m,lhs,a,al,loc,ofs,vf,vargs,f,t. |
---|
1145 | eval_lvalue e m lhs loc ofs -> |
---|
1146 | eval_expr e m a vf -> |
---|
1147 | eval_exprlist e m al vargs -> |
---|
1148 | Genv.find_funct ge vf = Some f -> |
---|
1149 | type_of_fundef f = typeof a -> |
---|
1150 | evalinf_funcall m f vargs t -> |
---|
1151 | execinf_stmt e m (Scall (Some lhs) a al) t |
---|
1152 | | execinf_Sseq_1: ∀e,m,s1,s2,t. |
---|
1153 | execinf_stmt e m s1 t -> |
---|
1154 | execinf_stmt e m (Ssequence s1 s2) t |
---|
1155 | | execinf_Sseq_2: ∀e,m,s1,s2,t1,m1,t2. |
---|
1156 | exec_stmt e m s1 t1 m1 Out_normal -> |
---|
1157 | execinf_stmt e m1 s2 t2 -> |
---|
1158 | execinf_stmt e m (Ssequence s1 s2) (t1 *** t2) |
---|
1159 | | execinf_Sifthenelse_true: ∀e,m,a,s1,s2,v1,t. |
---|
1160 | eval_expr e m a v1 -> |
---|
1161 | is_true v1 (typeof a) -> |
---|
1162 | execinf_stmt e m s1 t -> |
---|
1163 | execinf_stmt e m (Sifthenelse a s1 s2) t |
---|
1164 | | execinf_Sifthenelse_false: ∀e,m,a,s1,s2,v1,t. |
---|
1165 | eval_expr e m a v1 -> |
---|
1166 | is_false v1 (typeof a) -> |
---|
1167 | execinf_stmt e m s2 t -> |
---|
1168 | execinf_stmt e m (Sifthenelse a s1 s2) t |
---|
1169 | | execinf_Swhile_body: ∀e,m,a,v,s,t. |
---|
1170 | eval_expr e m a v -> |
---|
1171 | is_true v (typeof a) -> |
---|
1172 | execinf_stmt e m s t -> |
---|
1173 | execinf_stmt e m (Swhile a s) t |
---|
1174 | | execinf_Swhile_loop: ∀e,m,a,s,v,t1,m1,out1,t2. |
---|
1175 | eval_expr e m a v -> |
---|
1176 | is_true v (typeof a) -> |
---|
1177 | exec_stmt e m s t1 m1 out1 -> |
---|
1178 | out_normal_or_continue out1 -> |
---|
1179 | execinf_stmt e m1 (Swhile a s) t2 -> |
---|
1180 | execinf_stmt e m (Swhile a s) (t1 *** t2) |
---|
1181 | | execinf_Sdowhile_body: ∀e,m,s,a,t. |
---|
1182 | execinf_stmt e m s t -> |
---|
1183 | execinf_stmt e m (Sdowhile a s) t |
---|
1184 | | execinf_Sdowhile_loop: ∀e,m,s,a,m1,t1,t2,out1,v. |
---|
1185 | exec_stmt e m s t1 m1 out1 -> |
---|
1186 | out_normal_or_continue out1 -> |
---|
1187 | eval_expr e m1 a v -> |
---|
1188 | is_true v (typeof a) -> |
---|
1189 | execinf_stmt e m1 (Sdowhile a s) t2 -> |
---|
1190 | execinf_stmt e m (Sdowhile a s) (t1 *** t2) |
---|
1191 | | execinf_Sfor_start_1: ∀e,m,s,a1,a2,a3,t. |
---|
1192 | execinf_stmt e m a1 t -> |
---|
1193 | execinf_stmt e m (Sfor a1 a2 a3 s) t |
---|
1194 | | execinf_Sfor_start_2: ∀e,m,s,a1,a2,a3,m1,t1,t2. |
---|
1195 | a1 <> Sskip -> |
---|
1196 | exec_stmt e m a1 t1 m1 Out_normal -> |
---|
1197 | execinf_stmt e m1 (Sfor Sskip a2 a3 s) t2 -> |
---|
1198 | execinf_stmt e m (Sfor a1 a2 a3 s) (t1 *** t2) |
---|
1199 | | execinf_Sfor_body: ∀e,m,s,a2,a3,v,t. |
---|
1200 | eval_expr e m a2 v -> |
---|
1201 | is_true v (typeof a2) -> |
---|
1202 | execinf_stmt e m s t -> |
---|
1203 | execinf_stmt e m (Sfor Sskip a2 a3 s) t |
---|
1204 | | execinf_Sfor_next: ∀e,m,s,a2,a3,v,m1,t1,t2,out1. |
---|
1205 | eval_expr e m a2 v -> |
---|
1206 | is_true v (typeof a2) -> |
---|
1207 | exec_stmt e m s t1 m1 out1 -> |
---|
1208 | out_normal_or_continue out1 -> |
---|
1209 | execinf_stmt e m1 a3 t2 -> |
---|
1210 | execinf_stmt e m (Sfor Sskip a2 a3 s) (t1 *** t2) |
---|
1211 | | execinf_Sfor_loop: ∀e,m,s,a2,a3,v,m1,m2,t1,t2,t3,out1. |
---|
1212 | eval_expr e m a2 v -> |
---|
1213 | is_true v (typeof a2) -> |
---|
1214 | exec_stmt e m s t1 m1 out1 -> |
---|
1215 | out_normal_or_continue out1 -> |
---|
1216 | exec_stmt e m1 a3 t2 m2 Out_normal -> |
---|
1217 | execinf_stmt e m2 (Sfor Sskip a2 a3 s) t3 -> |
---|
1218 | execinf_stmt e m (Sfor Sskip a2 a3 s) (t1 *** t2 *** t3) |
---|
1219 | | execinf_Sswitch: ∀e,m,a,t,n,sl. |
---|
1220 | eval_expr e m a (Vint n) -> |
---|
1221 | execinf_stmt e m (seq_of_labeled_statement (select_switch n sl)) t -> |
---|
1222 | execinf_stmt e m (Sswitch a sl) t |
---|
1223 | |
---|
1224 | (** [evalinf_funcall ge m fd args t] holds if the invocation of function |
---|
1225 | [fd] on arguments [args] diverges, with observable trace [t]. *) |
---|
1226 | |
---|
1227 | with evalinf_funcall: mem -> fundef -> list val -> traceinf -> Prop := |
---|
1228 | | evalinf_funcall_internal: ∀m,f,vargs,t,e,m1,m2. |
---|
1229 | alloc_variables empty_env m (f.(fn_params) ++ f.(fn_vars)) e m1 -> |
---|
1230 | bind_parameters e m1 f.(fn_params) vargs m2 -> |
---|
1231 | execinf_stmt e m2 f.(fn_body) t -> |
---|
1232 | evalinf_funcall m (Internal f) vargs t. |
---|
1233 | |
---|
1234 | End SEMANTICS. |
1235 | *) |
1236 | (* * * Whole-program semantics *) |
1237 | |
1238 | (* * Execution of whole programs are described as sequences of transitions |
1239 | from an initial state to a final state. An initial state is a [Callstate] |
1240 | corresponding to the invocation of the ``main'' function of the program |
1241 | without arguments and with an empty continuation. *) |
1242 | |
1243 | ninductive initial_state (p: program): state -> Prop := |
1244 | | initial_state_intro: ∀b,f. |
1245 | let ge := globalenv Genv ?? p in |
1246 | let m0 := init_mem Genv ?? p in |
1247 | find_symbol Genv ? ge (prog_main ?? p) = Some ? b -> |
1248 | find_funct_ptr Genv ? ge b = Some ? f -> |
1249 | initial_state p (Callstate f (nil ?) Kstop m0). |
1250 | |
1251 | (* * A final state is a [Returnstate] with an empty continuation. *) |
1252 | |
1253 | ninductive final_state: state -> int -> Prop := |
1254 | | final_state_intro: ∀r,m. |
1255 | final_state (Returnstate (Vint r) Kstop m) r. |
1256 | |
1257 | (* * Execution of a whole program: [exec_program p beh] |
1258 | holds if the application of [p]'s main function to no arguments |
1259 | in the initial memory state for [p] has [beh] as observable |
1260 | behavior. *) |
1261 | |
1262 | ndefinition exec_program : program → program_behavior → Prop ≝ λp,beh. |
1263 | program_behaves (mk_transrel ?? step) (initial_state p) final_state (globalenv Genv ?? p) beh. |
1264 | (* |
---|
1265 | (** Big-step execution of a whole program. *) |
---|
1266 | |
---|
1267 | ninductive bigstep_program_terminates (p: program): trace -> int -> Prop := |
---|
1268 | | bigstep_program_terminates_intro: ∀b,f,m1,t,r. |
---|
1269 | let ge := Genv.globalenv p in |
---|
1270 | let m0 := Genv.init_mem p in |
---|
1271 | Genv.find_symbol ge p.(prog_main) = Some b -> |
---|
1272 | Genv.find_funct_ptr ge b = Some f -> |
---|
1273 | eval_funcall ge m0 f nil t m1 (Vint r) -> |
---|
1274 | bigstep_program_terminates p t r. |
---|
1275 | |
---|
1276 | ninductive bigstep_program_diverges (p: program): traceinf -> Prop := |
---|
1277 | | bigstep_program_diverges_intro: ∀b,f,t. |
---|
1278 | let ge := Genv.globalenv p in |
---|
1279 | let m0 := Genv.init_mem p in |
---|
1280 | Genv.find_symbol ge p.(prog_main) = Some b -> |
---|
1281 | Genv.find_funct_ptr ge b = Some f -> |
---|
1282 | evalinf_funcall ge m0 f nil t -> |
---|
1283 | bigstep_program_diverges p t. |
---|
1284 | |
---|
1285 | (** * Implication from big-step semantics to transition semantics *) |
---|
1286 | |
---|
1287 | Section BIGSTEP_TO_TRANSITIONS. |
---|
1288 | |
---|
1289 | Variable prog: program. |
---|
1290 | Let ge : genv := Genv.globalenv prog. |
---|
1291 | |
---|
1292 | Definition exec_stmt_eval_funcall_ind |
---|
1293 | (PS: env -> mem -> statement -> trace -> mem -> outcome -> Prop) |
---|
1294 | (PF: mem -> fundef -> list val -> trace -> mem -> val -> Prop) := |
---|
1295 | fun a b c d e f g h i j k l m n o p q r s t u v w x y => |
---|
1296 | conj (exec_stmt_ind2 ge PS PF a b c d e f g h i j k l m n o p q r s t u v w x y) |
---|
1297 | (eval_funcall_ind2 ge PS PF a b c d e f g h i j k l m n o p q r s t u v w x y). |
---|
1298 | |
---|
1299 | ninductive outcome_state_match |
---|
1300 | (e: env) (m: mem) (f: function) (k: cont): outcome -> state -> Prop := |
---|
1301 | | osm_normal: |
---|
1302 | outcome_state_match e m f k Out_normal (State f Sskip k e m) |
---|
1303 | | osm_break: |
---|
1304 | outcome_state_match e m f k Out_break (State f Sbreak k e m) |
---|
1305 | | osm_continue: |
---|
1306 | outcome_state_match e m f k Out_continue (State f Scontinue k e m) |
---|
1307 | | osm_return_none: ∀k'. |
---|
1308 | call_cont k' = call_cont k -> |
---|
1309 | outcome_state_match e m f k |
---|
1310 | (Out_return None) (State f (Sreturn None) k' e m) |
---|
1311 | | osm_return_some: ∀a,v,k'. |
---|
1312 | call_cont k' = call_cont k -> |
---|
1313 | eval_expr ge e m a v -> |
---|
1314 | outcome_state_match e m f k |
---|
1315 | (Out_return (Some v)) (State f (Sreturn (Some a)) k' e m). |
---|
1316 | |
---|
1317 | Lemma is_call_cont_call_cont: |
---|
1318 | ∀k. is_call_cont k -> call_cont k = k. |
---|
1319 | Proof. |
---|
1320 | destruct k; simpl; intros; contradiction || auto. |
---|
1321 | Qed. |
---|
1322 | |
---|
1323 | Lemma exec_stmt_eval_funcall_steps: |
---|
1324 | (∀e,m,s,t,m',out. |
---|
1325 | exec_stmt ge e m s t m' out -> |
---|
1326 | ∀f,k. exists S, |
---|
1327 | star step ge (State f s k e m) t S |
---|
1328 | /\ outcome_state_match e m' f k out S) |
---|
1329 | /\ |
---|
1330 | (∀m,fd,args,t,m',res. |
---|
1331 | eval_funcall ge m fd args t m' res -> |
---|
1332 | ∀k. |
---|
1333 | is_call_cont k -> |
---|
1334 | star step ge (Callstate fd args k m) t (Returnstate res k m')). |
---|
1335 | Proof. |
---|
1336 | apply exec_stmt_eval_funcall_ind; intros. |
---|
1337 | |
---|
1338 | (* skip *) |
---|
1339 | econstructor; split. apply star_refl. constructor. |
---|
1340 | |
---|
1341 | (* assign *) |
---|
1342 | econstructor; split. apply star_one. econstructor; eauto. constructor. |
---|
1343 | |
---|
1344 | (* call none *) |
---|
1345 | econstructor; split. |
---|
1346 | eapply star_left. econstructor; eauto. |
---|
1347 | eapply star_right. apply H4. simpl; auto. econstructor. reflexivity. traceEq. |
---|
1348 | constructor. |
---|
1349 | |
---|
1350 | (* call some *) |
---|
1351 | econstructor; split. |
---|
1352 | eapply star_left. econstructor; eauto. |
---|
1353 | eapply star_right. apply H5. simpl; auto. econstructor; eauto. reflexivity. traceEq. |
---|
1354 | constructor. |
---|
1355 | |
---|
1356 | (* sequence 2 *) |
---|
1357 | destruct (H0 f (Kseq s2 k)) as [S1 [A1 B1]]. inv B1. |
---|
1358 | destruct (H2 f k) as [S2 [A2 B2]]. |
---|
1359 | econstructor; split. |
---|
1360 | eapply star_left. econstructor. |
---|
1361 | eapply star_trans. eexact A1. |
---|
1362 | eapply star_left. constructor. eexact A2. |
---|
1363 | reflexivity. reflexivity. traceEq. |
---|
1364 | auto. |
---|
1365 | |
---|
1366 | (* sequence 1 *) |
---|
1367 | destruct (H0 f (Kseq s2 k)) as [S1 [A1 B1]]. |
---|
1368 | set (S2 := |
---|
1369 | match out with |
---|
1370 | | Out_break => State f Sbreak k e m1 |
---|
1371 | | Out_continue => State f Scontinue k e m1 |
---|
1372 | | _ => S1 |
---|
1373 | end). |
---|
1374 | exists S2; split. |
---|
1375 | eapply star_left. econstructor. |
---|
1376 | eapply star_trans. eexact A1. |
---|
1377 | unfold S2; inv B1. |
---|
1378 | congruence. |
---|
1379 | apply star_one. apply step_break_seq. |
---|
1380 | apply star_one. apply step_continue_seq. |
---|
1381 | apply star_refl. |
---|
1382 | apply star_refl. |
---|
1383 | reflexivity. traceEq. |
---|
1384 | unfold S2; inv B1; congruence || econstructor; eauto. |
---|
1385 | |
---|
1386 | (* ifthenelse true *) |
---|
1387 | destruct (H2 f k) as [S1 [A1 B1]]. |
---|
1388 | exists S1; split. |
---|
1389 | eapply star_left. eapply step_ifthenelse_true; eauto. eexact A1. traceEq. |
---|
1390 | auto. |
---|
1391 | |
---|
1392 | (* ifthenelse false *) |
---|
1393 | destruct (H2 f k) as [S1 [A1 B1]]. |
---|
1394 | exists S1; split. |
---|
1395 | eapply star_left. eapply step_ifthenelse_false; eauto. eexact A1. traceEq. |
---|
1396 | auto. |
---|
1397 | |
---|
1398 | (* return none *) |
---|
1399 | econstructor; split. apply star_refl. constructor. auto. |
---|
1400 | |
---|
1401 | (* return some *) |
---|
1402 | econstructor; split. apply star_refl. econstructor; eauto. |
---|
1403 | |
---|
1404 | (* break *) |
---|
1405 | econstructor; split. apply star_refl. constructor. |
---|
1406 | |
---|
1407 | (* continue *) |
---|
1408 | econstructor; split. apply star_refl. constructor. |
---|
1409 | |
---|
1410 | (* while false *) |
---|
1411 | econstructor; split. |
---|
1412 | apply star_one. eapply step_while_false; eauto. |
---|
1413 | constructor. |
---|
1414 | |
---|
1415 | (* while stop *) |
---|
1416 | destruct (H2 f (Kwhile a s k)) as [S1 [A1 B1]]. |
---|
1417 | set (S2 := |
---|
1418 | match out' with |
---|
1419 | | Out_break => State f Sskip k e m' |
---|
1420 | | _ => S1 |
---|
1421 | end). |
---|
1422 | exists S2; split. |
---|
1423 | eapply star_left. eapply step_while_true; eauto. |
---|
1424 | eapply star_trans. eexact A1. |
---|
1425 | unfold S2. inversion H3; subst. |
---|
1426 | inv B1. apply star_one. constructor. |
---|
1427 | apply star_refl. |
---|
1428 | reflexivity. traceEq. |
---|
1429 | unfold S2. inversion H3; subst. constructor. inv B1; econstructor; eauto. |
---|
1430 | |
---|
1431 | (* while loop *) |
---|
1432 | destruct (H2 f (Kwhile a s k)) as [S1 [A1 B1]]. |
---|
1433 | destruct (H5 f k) as [S2 [A2 B2]]. |
---|
1434 | exists S2; split. |
---|
1435 | eapply star_left. eapply step_while_true; eauto. |
---|
1436 | eapply star_trans. eexact A1. |
---|
1437 | eapply star_left. |
---|
1438 | inv H3; inv B1; apply step_skip_or_continue_while; auto. |
---|
1439 | eexact A2. |
---|
1440 | reflexivity. reflexivity. traceEq. |
---|
1441 | auto. |
---|
1442 | |
---|
1443 | (* dowhile false *) |
---|
1444 | destruct (H0 f (Kdowhile a s k)) as [S1 [A1 B1]]. |
---|
1445 | exists (State f Sskip k e m1); split. |
---|
1446 | eapply star_left. constructor. |
---|
1447 | eapply star_right. eexact A1. |
---|
1448 | inv H1; inv B1; eapply step_skip_or_continue_dowhile_false; eauto. |
---|
1449 | reflexivity. traceEq. |
---|
1450 | constructor. |
---|
1451 | |
---|
1452 | (* dowhile stop *) |
---|
1453 | destruct (H0 f (Kdowhile a s k)) as [S1 [A1 B1]]. |
---|
1454 | set (S2 := |
---|
1455 | match out1 with |
---|
1456 | | Out_break => State f Sskip k e m1 |
---|
1457 | | _ => S1 |
---|
1458 | end). |
---|
1459 | exists S2; split. |
---|
1460 | eapply star_left. apply step_dowhile. |
---|
1461 | eapply star_trans. eexact A1. |
---|
1462 | unfold S2. inversion H1; subst. |
---|
1463 | inv B1. apply star_one. constructor. |
---|
1464 | apply star_refl. |
---|
1465 | reflexivity. traceEq. |
---|
1466 | unfold S2. inversion H1; subst. constructor. inv B1; econstructor; eauto. |
---|
1467 | |
---|
1468 | (* dowhile loop *) |
---|
1469 | destruct (H0 f (Kdowhile a s k)) as [S1 [A1 B1]]. |
---|
1470 | destruct (H5 f k) as [S2 [A2 B2]]. |
---|
1471 | exists S2; split. |
---|
1472 | eapply star_left. apply step_dowhile. |
---|
1473 | eapply star_trans. eexact A1. |
---|
1474 | eapply star_left. |
---|
1475 | inv H1; inv B1; eapply step_skip_or_continue_dowhile_true; eauto. |
---|
1476 | eexact A2. |
---|
1477 | reflexivity. reflexivity. traceEq. |
---|
1478 | auto. |
---|
1479 | |
---|
1480 | (* for start *) |
---|
1481 | destruct (H1 f (Kseq (Sfor Sskip a2 a3 s) k)) as [S1 [A1 B1]]. inv B1. |
---|
1482 | destruct (H3 f k) as [S2 [A2 B2]]. |
---|
1483 | exists S2; split. |
---|
1484 | eapply star_left. apply step_for_start; auto. |
---|
1485 | eapply star_trans. eexact A1. |
---|
1486 | eapply star_left. constructor. eexact A2. |
---|
1487 | reflexivity. reflexivity. traceEq. |
---|
1488 | auto. |
---|
1489 | |
---|
1490 | (* for false *) |
---|
1491 | econstructor; split. |
---|
1492 | eapply star_one. eapply step_for_false; eauto. |
---|
1493 | constructor. |
---|
1494 | |
---|
1495 | (* for stop *) |
---|
1496 | destruct (H2 f (Kfor2 a2 a3 s k)) as [S1 [A1 B1]]. |
---|
1497 | set (S2 := |
---|
1498 | match out1 with |
---|
1499 | | Out_break => State f Sskip k e m1 |
---|
1500 | | _ => S1 |
---|
1501 | end). |
---|
1502 | exists S2; split. |
---|
1503 | eapply star_left. eapply step_for_true; eauto. |
---|
1504 | eapply star_trans. eexact A1. |
---|
1505 | unfold S2. inversion H3; subst. |
---|
1506 | inv B1. apply star_one. constructor. |
---|
1507 | apply star_refl. |
---|
1508 | reflexivity. traceEq. |
---|
1509 | unfold S2. inversion H3; subst. constructor. inv B1; econstructor; eauto. |
---|
1510 | |
---|
1511 | (* for loop *) |
---|
1512 | destruct (H2 f (Kfor2 a2 a3 s k)) as [S1 [A1 B1]]. |
---|
1513 | destruct (H5 f (Kfor3 a2 a3 s k)) as [S2 [A2 B2]]. inv B2. |
---|
1514 | destruct (H7 f k) as [S3 [A3 B3]]. |
---|
1515 | exists S3; split. |
---|
1516 | eapply star_left. eapply step_for_true; eauto. |
---|
1517 | eapply star_trans. eexact A1. |
---|
1518 | eapply star_trans with (s2 := State f a3 (Kfor3 a2 a3 s k) e m1). |
---|
1519 | inv H3; inv B1. |
---|
1520 | apply star_one. constructor. auto. |
---|
1521 | apply star_one. constructor. auto. |
---|
1522 | eapply star_trans. eexact A2. |
---|
1523 | eapply star_left. constructor. |
---|
1524 | eexact A3. |
---|
1525 | reflexivity. reflexivity. reflexivity. reflexivity. traceEq. |
---|
1526 | auto. |
---|
1527 | |
---|
1528 | (* switch *) |
---|
1529 | destruct (H1 f (Kswitch k)) as [S1 [A1 B1]]. |
---|
1530 | set (S2 := |
---|
1531 | match out with |
---|
1532 | | Out_normal => State f Sskip k e m1 |
---|
1533 | | Out_break => State f Sskip k e m1 |
---|
1534 | | Out_continue => State f Scontinue k e m1 |
---|
1535 | | _ => S1 |
---|
1536 | end). |
---|
1537 | exists S2; split. |
---|
1538 | eapply star_left. eapply step_switch; eauto. |
---|
1539 | eapply star_trans. eexact A1. |
---|
1540 | unfold S2; inv B1. |
---|
1541 | apply star_one. constructor. auto. |
---|
1542 | apply star_one. constructor. auto. |
---|
1543 | apply star_one. constructor. |
---|
1544 | apply star_refl. |
---|
1545 | apply star_refl. |
---|
1546 | reflexivity. traceEq. |
---|
1547 | unfold S2. inv B1; simpl; econstructor; eauto. |
---|
1548 | |
---|
1549 | (* call internal *) |
---|
1550 | destruct (H2 f k) as [S1 [A1 B1]]. |
---|
1551 | eapply star_left. eapply step_internal_function; eauto. |
---|
1552 | eapply star_right. eexact A1. |
---|
1553 | inv B1; simpl in H3; try contradiction. |
---|
1554 | (* Out_normal *) |
---|
1555 | assert (fn_return f = Tvoid /\ vres = Vundef). |
---|
1556 | destruct (fn_return f); auto || contradiction. |
---|
1557 | destruct H5. subst vres. apply step_skip_call; auto. |
---|
1558 | (* Out_return None *) |
---|
1559 | assert (fn_return f = Tvoid /\ vres = Vundef). |
---|
1560 | destruct (fn_return f); auto || contradiction. |
---|
1561 | destruct H6. subst vres. |
---|
1562 | rewrite <- (is_call_cont_call_cont k H4). rewrite <- H5. |
---|
1563 | apply step_return_0; auto. |
---|
1564 | (* Out_return Some *) |
---|
1565 | destruct H3. subst vres. |
---|
1566 | rewrite <- (is_call_cont_call_cont k H4). rewrite <- H5. |
---|
1567 | eapply step_return_1; eauto. |
---|
1568 | reflexivity. traceEq. |
---|
1569 | |
---|
1570 | (* call external *) |
---|
1571 | apply star_one. apply step_external_function; auto. |
---|
1572 | Qed. |
---|
1573 | |
---|
1574 | Lemma exec_stmt_steps: |
---|
1575 | ∀e,m,s,t,m',out. |
---|
1576 | exec_stmt ge e m s t m' out -> |
---|
1577 | ∀f,k. exists S, |
---|
1578 | star step ge (State f s k e m) t S |
---|
1579 | /\ outcome_state_match e m' f k out S. |
---|
1580 | Proof (proj1 exec_stmt_eval_funcall_steps). |
---|
1581 | |
---|
1582 | Lemma eval_funcall_steps: |
---|
1583 | ∀m,fd,args,t,m',res. |
---|
1584 | eval_funcall ge m fd args t m' res -> |
---|
1585 | ∀k. |
---|
1586 | is_call_cont k -> |
---|
1587 | star step ge (Callstate fd args k m) t (Returnstate res k m'). |
---|
1588 | Proof (proj2 exec_stmt_eval_funcall_steps). |
---|
1589 | |
---|
1590 | Definition order (x y: unit) := False. |
---|
1591 | |
---|
1592 | Lemma evalinf_funcall_forever: |
---|
1593 | ∀m,fd,args,T,k. |
---|
1594 | evalinf_funcall ge m fd args T -> |
---|
1595 | forever_N step order ge tt (Callstate fd args k m) T. |
---|
1596 | Proof. |
---|
1597 | cofix CIH_FUN. |
---|
1598 | assert (∀e,m,s,T,f,k. |
---|
1599 | execinf_stmt ge e m s T -> |
---|
1600 | forever_N step order ge tt (State f s k e m) T). |
---|
1601 | cofix CIH_STMT. |
---|
1602 | intros. inv H. |
---|
1603 | |
---|
1604 | (* call none *) |
---|
1605 | eapply forever_N_plus. |
---|
1606 | apply plus_one. eapply step_call_none; eauto. |
---|
1607 | apply CIH_FUN. eauto. traceEq. |
---|
1608 | (* call some *) |
---|
1609 | eapply forever_N_plus. |
---|
1610 | apply plus_one. eapply step_call_some; eauto. |
---|
1611 | apply CIH_FUN. eauto. traceEq. |
---|
1612 | |
---|
1613 | (* seq 1 *) |
---|
1614 | eapply forever_N_plus. |
---|
1615 | apply plus_one. econstructor. |
---|
1616 | apply CIH_STMT; eauto. traceEq. |
---|
1617 | (* seq 2 *) |
---|
1618 | destruct (exec_stmt_steps _ _ _ _ _ _ H0 f (Kseq s2 k)) as [S1 [A1 B1]]. |
---|
1619 | inv B1. |
---|
1620 | eapply forever_N_plus. |
---|
1621 | eapply plus_left. constructor. eapply star_trans. eexact A1. |
---|
1622 | apply star_one. constructor. reflexivity. reflexivity. |
---|
1623 | apply CIH_STMT; eauto. traceEq. |
---|
1624 | |
---|
1625 | (* ifthenelse true *) |
---|
1626 | eapply forever_N_plus. |
---|
1627 | apply plus_one. eapply step_ifthenelse_true; eauto. |
---|
1628 | apply CIH_STMT; eauto. traceEq. |
---|
1629 | (* ifthenelse false *) |
---|
1630 | eapply forever_N_plus. |
---|
1631 | apply plus_one. eapply step_ifthenelse_false; eauto. |
---|
1632 | apply CIH_STMT; eauto. traceEq. |
---|
1633 | |
---|
1634 | (* while body *) |
---|
1635 | eapply forever_N_plus. |
---|
1636 | eapply plus_one. eapply step_while_true; eauto. |
---|
1637 | apply CIH_STMT; eauto. traceEq. |
---|
1638 | (* while loop *) |
---|
1639 | destruct (exec_stmt_steps _ _ _ _ _ _ H2 f (Kwhile a s0 k)) as [S1 [A1 B1]]. |
---|
1640 | eapply forever_N_plus with (s2 := State f (Swhile a s0) k e m1). |
---|
1641 | eapply plus_left. eapply step_while_true; eauto. |
---|
1642 | eapply star_right. eexact A1. |
---|
1643 | inv H3; inv B1; apply step_skip_or_continue_while; auto. |
---|
1644 | reflexivity. reflexivity. |
---|
1645 | apply CIH_STMT; eauto. traceEq. |
---|
1646 | |
---|
1647 | (* dowhile body *) |
---|
1648 | eapply forever_N_plus. |
---|
1649 | eapply plus_one. eapply step_dowhile. |
---|
1650 | apply CIH_STMT; eauto. |
---|
1651 | traceEq. |
---|
1652 | |
---|
1653 | (* dowhile loop *) |
---|
1654 | destruct (exec_stmt_steps _ _ _ _ _ _ H0 f (Kdowhile a s0 k)) as [S1 [A1 B1]]. |
---|
1655 | eapply forever_N_plus with (s2 := State f (Sdowhile a s0) k e m1). |
---|
1656 | eapply plus_left. eapply step_dowhile. |
---|
1657 | eapply star_right. eexact A1. |
---|
1658 | inv H1; inv B1; eapply step_skip_or_continue_dowhile_true; eauto. |
---|
1659 | reflexivity. reflexivity. |
---|
1660 | apply CIH_STMT. eauto. |
---|
1661 | traceEq. |
---|
1662 | |
---|
1663 | (* for start 1 *) |
---|
1664 | assert (a1 <> Sskip). red; intros; subst. inv H0. |
---|
1665 | eapply forever_N_plus. |
---|
1666 | eapply plus_one. apply step_for_start; auto. |
---|
1667 | apply CIH_STMT; eauto. |
---|
1668 | traceEq. |
---|
1669 | |
---|
1670 | (* for start 2 *) |
---|
1671 | destruct (exec_stmt_steps _ _ _ _ _ _ H1 f (Kseq (Sfor Sskip a2 a3 s0) k)) as [S1 [A1 B1]]. |
---|
1672 | inv B1. |
---|
1673 | eapply forever_N_plus. |
---|
1674 | eapply plus_left. eapply step_for_start; eauto. |
---|
1675 | eapply star_right. eexact A1. |
---|
1676 | apply step_skip_seq. |
---|
1677 | reflexivity. reflexivity. |
---|
1678 | apply CIH_STMT; eauto. |
---|
1679 | traceEq. |
---|
1680 | |
---|
1681 | (* for body *) |
---|
1682 | eapply forever_N_plus. |
---|
1683 | apply plus_one. eapply step_for_true; eauto. |
---|
1684 | apply CIH_STMT; eauto. |
---|
1685 | traceEq. |
---|
1686 | |
---|
1687 | (* for next *) |
---|
1688 | destruct (exec_stmt_steps _ _ _ _ _ _ H2 f (Kfor2 a2 a3 s0 k)) as [S1 [A1 B1]]. |
---|
1689 | eapply forever_N_plus. |
---|
1690 | eapply plus_left. eapply step_for_true; eauto. |
---|
1691 | eapply star_trans. eexact A1. |
---|
1692 | apply star_one. |
---|
1693 | inv H3; inv B1; apply step_skip_or_continue_for2; auto. |
---|
1694 | reflexivity. reflexivity. |
---|
1695 | apply CIH_STMT; eauto. |
---|
1696 | traceEq. |
---|
1697 | |
---|
1698 | (* for body *) |
---|
1699 | destruct (exec_stmt_steps _ _ _ _ _ _ H2 f (Kfor2 a2 a3 s0 k)) as [S1 [A1 B1]]. |
---|
1700 | destruct (exec_stmt_steps _ _ _ _ _ _ H4 f (Kfor3 a2 a3 s0 k)) as [S2 [A2 B2]]. |
---|
1701 | inv B2. |
---|
1702 | eapply forever_N_plus. |
---|
1703 | eapply plus_left. eapply step_for_true; eauto. |
---|
1704 | eapply star_trans. eexact A1. |
---|
1705 | eapply star_left. inv H3; inv B1; apply step_skip_or_continue_for2; auto. |
---|
1706 | eapply star_right. eexact A2. |
---|
1707 | constructor. |
---|
1708 | reflexivity. reflexivity. reflexivity. reflexivity. |
---|
1709 | apply CIH_STMT; eauto. |
---|
1710 | traceEq. |
---|
1711 | |
---|
1712 | (* switch *) |
---|
1713 | eapply forever_N_plus. |
---|
1714 | eapply plus_one. eapply step_switch; eauto. |
---|
1715 | apply CIH_STMT; eauto. |
---|
1716 | traceEq. |
---|
1717 | |
---|
1718 | (* call internal *) |
---|
1719 | intros. inv H0. |
---|
1720 | eapply forever_N_plus. |
---|
1721 | eapply plus_one. econstructor; eauto. |
---|
1722 | apply H; eauto. |
---|
1723 | traceEq. |
---|
1724 | Qed. |
---|
1725 | |
---|
1726 | Theorem bigstep_program_terminates_exec: |
---|
1727 | ∀t,r. bigstep_program_terminates prog t r -> exec_program prog (Terminates t r). |
---|
1728 | Proof. |
---|
1729 | intros. inv H. unfold ge0, m0 in *. |
---|
1730 | econstructor. |
---|
1731 | econstructor. eauto. eauto. |
---|
1732 | apply eval_funcall_steps. eauto. red; auto. |
---|
1733 | econstructor. |
---|
1734 | Qed. |
---|
1735 | |
---|
1736 | Theorem bigstep_program_diverges_exec: |
---|
1737 | ∀T. bigstep_program_diverges prog T -> |
---|
1738 | exec_program prog (Reacts T) \/ |
---|
1739 | exists t, exec_program prog (Diverges t) /\ traceinf_prefix t T. |
---|
1740 | Proof. |
---|
1741 | intros. inv H. |
---|
1742 | set (st := Callstate f nil Kstop m0). |
---|
1743 | assert (forever step ge0 st T). |
---|
1744 | eapply forever_N_forever with (order := order). |
---|
1745 | red; intros. constructor; intros. red in H. elim H. |
---|
1746 | eapply evalinf_funcall_forever; eauto. |
---|
1747 | destruct (forever_silent_or_reactive _ _ _ _ _ _ H) |
---|
1748 | as [A | [t [s' [T' [B [C D]]]]]]. |
---|
1749 | left. econstructor. econstructor. eauto. eauto. auto. |
---|
1750 | right. exists t. split. |
---|
1751 | econstructor. econstructor; eauto. eauto. auto. |
---|
1752 | subst T. rewrite <- (E0_right t) at 1. apply traceinf_prefix_app. constructor. |
---|
1753 | Qed. |
---|
1754 | |
---|
1755 | End BIGSTEP_TO_TRANSITIONS. |
---|
1756 | |
---|
1757 | |
---|
1758 | |
---|
1759 | *) |
---|
1760 | |
---|
1761 | |
