Changeset 1097 for Deliverables/D3.3/id-lookup-branch

Timestamp:

Aug 3, 2011, 1:04:49 PM (9 years ago)

Author:

campbell

Message:

Checkpoint labels work on branch again.

Location:

Deliverables/D3.3/id-lookup-branch

Files:

• Clight/toCminor.ma (modified) (8 diffs)
• Cminor/syntax.ma (modified) (1 diff)

Deliverables/D3.3/id-lookup-branch/Clight/toCminor.ma

@@ -746 +746 @@
 definition lpresent ≝ λlbls:lenv. λl. ∃l'. lookup ?? lbls l' = Some ? l.
 
+let rec labels_defined (s:statement) : list ident ≝
+match s with
+[ Ssequence s1 s2 ⇒ labels_defined s1 @ labels_defined s2
+| Sifthenelse _ s1 s2 ⇒ labels_defined s1 @ labels_defined s2
+| Swhile _ s ⇒ labels_defined s
+| Sdowhile _ s ⇒ labels_defined s
+| Sfor s1 _ s2 s3 ⇒ labels_defined s1 @ labels_defined s2 @ labels_defined s3
+| Sswitch _ ls ⇒ labels_defined_switch ls
+| Slabel l s ⇒ l::(labels_defined s)
+| Scost _ s ⇒ labels_defined s
+| _ ⇒ [ ]
+]
+and labels_defined_switch (ls:labeled_statements) : list ident ≝
+match ls with
+[ LSdefault s ⇒ labels_defined s
+| LScase _ _ s ls ⇒ labels_defined s @ labels_defined_switch ls
+].
+
+definition ldefined ≝ λs.λl.Exists ? (λl'.l' = l) (labels_of s).
+
+axiom MissingLabel : String.
+
+definition lookup_label ≝
+λlbls:lenv.λl. opt_to_res … [MSG MissingLabel; CTX ? l] (lookup ?? lbls l).
+
+definition labels_translated : lenv → statement → stmt → Prop ≝
+λlbls,s,s'.  ∀l.
+  (Exists ? (λl'.l' = l) (labels_defined s)) →
+  ∃l'. lookup_label lbls l = OK ? l' ∧ ldefined s' l'.
+
 definition stmt_inv ≝
 λvars. λlbls:lenv.
@@ -794 +824 @@
 ] qed.
 
-axiom MissingLabel : String.
-
-definition lookup_label ≝
-λlbls:lenv.λl. opt_to_res … [MSG MissingLabel; CTX ? l] (lookup ?? lbls l).
-
 lemma lookup_label_hit : ∀lbls,l,l'.
   lookup_label lbls l = OK ? l' →
@@ -806 +831 @@
 qed.
 
-let rec translate_statement (vars:var_types) (lbls:lenv) (tmp:Σi:ident.local_id vars i) (tmpp:Σi:ident.local_id vars i) (s:statement) on s : res (Σs:stmt.stmt_inv vars lbls s) ≝
-match s with
+definition trans_inv : var_types → lenv → statement → stmt → Prop ≝
+λvars,lbls,s,s'. stmt_inv vars lbls s' ∧ labels_translated lbls s s'.
+
+lemma trans_inv_stmt_inv : ∀vars,lbls,s,s'.
+  trans_inv vars lbls s s' → stmt_inv vars lbls s'.
+#var #lbls #s #s' * //
+qed.
+
+lemma trans_inv_labels : ∀vars,lbls,s,s'.
+  trans_inv vars lbls s s' → labels_translated lbls s s'.
+#vars #lbls #s #s' @proj2
+qed.
+
+lemma Exists_append : ∀A,P,l1,l2.
+  Exists A P (l1@l2) →
+  Exists A P l1 ∨ Exists A P l2.
+#A #P #l1 elim l1
+[ #l2 #H %2 @H
+| #h #t #IH #l2 whd in ⊢ (% → ?) *
+  [ #H %1 %1 @H
+  | #H cases (IH l2 H) /4/
+  ]
+] qed.
+
+lemma Exists_append_l : ∀A,P,l1,l2.
+  Exists A P l1 → Exists A P (l1@l2).
+#A #P #l1 #l2 elim l1
+[ *
+| #h #t #IH *
+  [ #H %1 @H
+  | #H %2 @IH @H
+  ]
+] qed.
+
+lemma Exists_append_r : ∀A,P,l1,l2.
+  Exists A P l2 → Exists A P (l1@l2).
+#A #P #l1 #l2 elim l1
+[ #H @H
+| #h #t #IH #H %2 @IH @H
+] qed.
+
+
+let rec translate_statement (vars:var_types) (lbls:lenv) (tmp:Σi:ident.local_id vars i) (tmpp:Σi:ident.local_id vars i) (s:statement) on s : res (Σs':stmt.trans_inv vars lbls s s') ≝
+match s return λs.res (Σs':stmt.trans_inv vars lbls s s') with
 [ Sskip ⇒ OK ? «St_skip, ?»
 | Sassign e1 e2 ⇒
@@ -897 +964 @@
     OK ? «St_cost l s1', ?»
 ].
-try @conj try @conj try @conj try @conj try @conj try @conj try @conj try @conj try @conj
+try @conj try @conj try @conj try @conj try @conj try @conj try @conj try @conj try @conj try @conj
 try @I
+try @(trans_inv_stmt_inv ???? (sig_ok ? (λs.trans_inv ??? s) …))
 try @(sig_ok ? (λs.stmt_inv ?? s))
 try @(sig_ok ? (λe.expr_vars ? e ?))
@@ -906 +974 @@
 try @(sig_ok ? (local_id vars))
 try @(lookup_label_hit … E)
-[ @(sig_ok ?? s')
+[ 1,3,5,6,7,13,14,15,16,18: whd #l *
+| @(sig_ok ?? s')
 | @p
-] qed.
-
-let rec labels_defined (s:statement) : list ident ≝
-match s with
-[ Ssequence s1 s2 ⇒ labels_defined s1 @ labels_defined s2
-| Sifthenelse _ s1 s2 ⇒ labels_defined s1 @ labels_defined s2
-| Swhile _ s ⇒ labels_defined s
-| Sdowhile _ s ⇒ labels_defined s
-| Sfor s1 _ s2 s3 ⇒ labels_defined s1 @ labels_defined s2 @ labels_defined s3
-| Sswitch _ ls ⇒ labels_defined_switch ls
-| Slabel l s ⇒ l::(labels_defined s)
-| Scost _ s ⇒ labels_defined s
-| _ ⇒ [ ]
-]
-and labels_defined_switch (ls:labeled_statements) : list ident ≝
-match ls with
-[ LSdefault s ⇒ labels_defined s
-| LScase _ _ s ls ⇒ labels_defined s @ labels_defined_switch ls
-].
-
-lemma OK_sig_eq : ∀A,P,x,xp,y,yp. OK (Σx:A.P x) «x,xp» = OK (Σx:A.P x) «y,yp» → x = y.
-#A #P #x #xp #y #yp #E destruct @refl
-qed.
-
-definition ldefined ≝ λs.λl.Exists ? (λl'.l' = l) (labels_of s).
-
-lemma Exists_append : ∀A,P,l1,l2.
-  Exists A P (l1@l2) →
-  Exists A P l1 ∨ Exists A P l2.
-#A #P #l1 elim l1
-[ #l2 #H %2 @H
-| #h #t #IH #l2 whd in ⊢ (% → ?) *
-  [ #H %1 %1 @H
-  | #H cases (IH l2 H) /4/
-  ]
-] qed.
-
-lemma Exists_append_l : ∀A,P,l1,l2.
-  Exists A P l1 → Exists A P (l1@l2).
-#A #P #l1 #l2 elim l1
-[ *
-| #h #t #IH *
-  [ #H %1 @H
-  | #H %2 @IH @H
-  ]
-] qed.
-
-lemma Exists_append_r : ∀A,P,l1,l2.
-  Exists A P l2 → Exists A P (l1@l2).
-#A #P #l1 #l2 elim l1
-[ #H @H
-| #h #t #IH #H %2 @IH @H
-] qed.
-
-lemma reflmatch : ∀A,B,e.∀P:∀v:A. e = OK ? v → res B.∀x.
- match e return λx.e = x → ? with [ OK v ⇒ P v | Error m ⇒ λ_.Error ? m ] (refl ? e) = OK ? x →
- ∃v,p. P v p = OK ? x.
-#A #B *
-[ #v #P #x normalize #H %{v} % [ @refl | @H ]
-| #m #P #x normalize #H destruct 
-] qed. 
-
-lemma labels_translated : ∀vars,lbls,tmp,tmpp,s,l,s',p.
-  (Exists ? (λl'.l' = l) (labels_defined s)) →
-  translate_statement vars lbls tmp tmpp s = OK ? «s', p» →
-  ∃l'. lookup_label lbls l = OK ? l' ∧ ldefined s' l'.
-#vars #lbls #tmp #tmpp #s #l @(statement_ind … s) (* FIXME: once switch is done we'll need something else here *)
-[ #s' #p *
-| #e1 #e2 #s' #p *
-| #eo #e #args #s' #p *
-| #s1 #s2 #IH1 #IH2 #s' #p #H #E
-  cases (bind_inversion ????? E) * #s1' #I1 * #E1 -E #E
-  cases (bind_inversion ????? E) * #s2' #I2 * #E2 -E #E
-  <(OK_sig_eq ?????? E) -E;
-  cases (Exists_append ???? H)
-  [ #H1 cases (IH1 s1' I1 H1 E1) #l' * #L1 #L2 %{l'} % [ @L1 | @Exists_append_l @L2 ]
-  | #H2 cases (IH2 s2' I2 H2 E2) #l' * #L1 #L2 %{l'} % [ @L1 | @Exists_append_r @L2 ]
-  ]
-| #e #s1 #s2 #IH1 #IH2 #s' #p #H #E
-  (* Carefully get rid of the equality that will screw up the case analysis *)
-  cases (bind_inversion ????? E) #e' * #_ cases (typ_of_type (typeof e)) in e' ⊢ %
-  [ #sz #sg #e' #E
-    cases (bind_inversion ????? E) * #s1' #I1 * #E1 -E #E
-    cases (bind_inversion ????? E) * #s2' #I2 * #E2 -E #E
-    <(OK_sig_eq ?????? E) -E;
-    cases (Exists_append ???? H)
-    [ #H1 cases (IH1 s1' I1 H1 E1) #l' * #L1 #L2 %{l'} % [ @L1 | @Exists_append_l @L2 ]
-    | #H2 cases (IH2 s2' I2 H2 E2) #l' * #L1 #L2 %{l'} % [ @L1 | @Exists_append_r @L2 ]
-    ]
-  | *: #x #e' normalize #E destruct
-  ]
-| #e #s #IH #s' #p #H #E
-  (* Carefully get rid of the equality that will screw up the case analysis *)
-  cases (bind_inversion ????? E) #e' * #_ cases (typ_of_type (typeof e)) in e' ⊢ %
-  [ #sz #sg #e' #E
-    cases (bind_inversion ????? E) * #s1' #I1 * #E1 -E #E
-    <(OK_sig_eq ?????? E) -E;
-    cases (IH s1' I1 H E1) #l' * #La #Lb %{l'} % [ @La | whd; normalize in ⊢ (???%) >append_nil @Lb ]
-  | *: #x #e' normalize #E destruct
-  ]
-| #e #s #IH #s' #p #H #E
-  (* Carefully get rid of the equality that will screw up the case analysis *)
-  cases (bind_inversion ????? E) #e' * #_ cases (typ_of_type (typeof e)) in e' ⊢ %
-  [ #sz #sg #e' #E
-    cases (bind_inversion ????? E) * #s1' #I1 * #E1 -E #E
-    <(OK_sig_eq ?????? E) -E;
-    cases (IH s1' I1 H E1) #l' * #La #Lb %{l'} % [ @La | whd; normalize in ⊢ (???%) >append_nil @Lb ]
-  | *: #x #e' normalize #E destruct
-  ]
-| #s1 #e #s1 #s2 #IH1 #IH2 #IH3 #s' #p #H #E
-  (* Carefully get rid of the equality that will screw up the case analysis *)
-  cases (bind_inversion ????? E) #e' * #_ cases (typ_of_type (typeof e)) in e' ⊢ %
-  [ #sz #sg #e' #E
-    cases (bind_inversion ????? E) * #s1' #I1 * #E1 -E #E
-    cases (bind_inversion ????? E) * #s2' #I2 * #E2 -E #E
-    cases (bind_inversion ????? E) * #s3' #I3 * #E3 -E #E
-    <(OK_sig_eq ?????? E) -E;
-    cases (Exists_append ???? H)
-    [ #H1 cases (IH1 s1' I1 H1 E1) #l' * #L1 #L2 %{l'} % [ @L1 | @Exists_append_l @L2 ]
-    | -H #H cases (Exists_append ???? H)
-      [ #H2 cases (IH2 s2' I2 H2 E2) #l' * #L1 #L2 %{l'} % [ @L1 | @Exists_append_r @Exists_append_l @Exists_append_r @L2 ] 
-      | #H3 cases (IH3 s3' I3 H3 E3) #l' * #L1 #L2 %{l'} % [ @L1 | @Exists_append_r @Exists_append_l @Exists_append_l @L2 ] 
-      ]
-    ]
-  | *: #x #e' normalize #E destruct
-  ]
-| #s' #p *
-| #s' #p *
-| #eo #s' #p *
-| #e #ls #IH #s' #p #H #E whd in E:(??%?); destruct (* FIXME once switch is implemented ... *)
-| #l0 #s0 #IH #s' #p #H
-  whd in ⊢ (??%? → ?) #E cases (reflmatch ????? E) -E #l1 * #El #E
-  cases (bind_inversion ????? E) * #s1' #I1 * #E1 -E #E
-  <(OK_sig_eq ?????? E) -E;
-  cases H
-  [ #El' %{l1} <El' % [ @El | %1 @refl ]
-  | #H1 cases (IH s1' I1 H1 E1) #l' * #L1 #L2 %{l'} % [ @L1 | %2 @L2 ]
-  ]
-| #l0 #s' #p *
-| #l0 #s0 #IH #s' #p #H #E
-  cases (bind_inversion ????? E) * #s1' #I1 * #E1 -E #E
-  <(OK_sig_eq ?????? E) -E;
-  @(IH s1' I1 H E1)
-] qed.
+| #l #H cases (Exists_append … H)
+  [ #H1 cases s1' #s1' * #S1 #L1 cases (L1 l H1) #l' * #E1 #D1
+    %{l'} % [ @E1 | @Exists_append_l @D1 ]
+  | #H2 cases s2' #s2' * #S2 #L2 cases (L2 l H2) #l' * #E2 #D2
+    %{l'} % [ @E2 | @Exists_append_r @D2 ]
+  ]
+| #l #H cases (Exists_append … H)
+  [ #H1 cases s1' #s1' * #S1 #L1 cases (L1 l H1) #l' * #E1 #D1
+    %{l'} % [ @E1 | @Exists_append_l @D1 ]
+  | #H2 cases s2' #s2' * #S2 #L2 cases (L2 l H2) #l' * #E2 #D2
+    %{l'} % [ @E2 | @Exists_append_r @D2 ]
+  ]
+| cases s1' #s1' * #S1 #L1 #l #H cases (L1 l H) #l' * #E1 #D1
+  %{l'} % [ @E1 | @Exists_append_l @D1 ]
+| cases s1' #s1' * #S1 #L1 #l #H cases (L1 l H) #l' * #E1 #D1
+  %{l'} % [ @E1 | @Exists_append_l @D1 ]
+| #l #H cases (Exists_append … H)
+  [ #H1 cases s1' #s1' * #S1 #L1 cases (L1 l H1) #l' * #E1 #D1
+    %{l'} % [ @E1 | @Exists_append_l @D1 ]
+  | #H cases (Exists_append … H)
+    [ #H2 cases s2' #s2' * #S2 #L2 cases (L2 l H2) #l' * #E2 #D2
+      %{l'} % [ @E2 | @Exists_append_r @Exists_append_l @Exists_append_r @D2 ]
+    | #H3 cases s3' #s3' * #S3 #L3 cases (L3 l H3) #l' * #E3 #D3
+      %{l'} % [ @E3 | @Exists_append_r @Exists_append_l @Exists_append_l @D3 ]
+    ]
+  ]
+| cases s1' #s1' * #S1 #L1 #l0 *
+  [ #El <El %{l'} >E % [ @refl | %1 @refl ]
+  | #H cases (L1 l0 H) #l0' * #E1 #D1
+    %{l0'} % [ @E1 | %2 @D1 ]
+  ]
+| cases s1' #s1' * #S1 #L1 @L1
+] qed.
+
 
 axiom ParamGlobalMixup : String.
 
-definition alloc_params : ∀vars:var_types.∀ls. list (ident×type) → (Σs:stmt. stmt_inv vars ls s) → res (Σs:stmt.stmt_inv vars ls s) ≝
-λvars,ls,params,s. foldl ?? (λs,it.
+(* ls and s0 aren't real parameters, they're just there for giving the invariant. *)
+definition alloc_params : ∀vars:var_types.∀ls,s0. list (ident×type) → (Σs:stmt. trans_inv vars ls s0 s) → res (Σs:stmt.trans_inv vars ls s0 s) ≝
+λvars,ls,s0,params,s. foldl ?? (λs,it.
   let 〈id,ty〉 ≝ it in
   do s ← s;
@@ -1074 +1034 @@
 try @I
 [ whd >E @I
-| @(sig_ok … s)
+| @(trans_inv_stmt_inv … s0) @(sig_ok … s)
+| cases s #s * #S #L @L
 ] qed.
 
@@ -1121 +1082 @@
 ] qed. 
 
+definition lenv_inv : lenv → lenv → statement → Prop ≝
+λlbls0,lbls,s. (∀l. Exists ? (λl'. l' = l) (labels_defined s) → ∃lm. lookup_label lbls l = OK ? lm) ∧
+  ∀l,l'. lookup_label lbls0 l = OK ? l' → lookup_label lbls l = OK ? l'.
+
+definition lenv_inv_switch : lenv → lenv → labeled_statements → Prop ≝
+λlbls0,lbls,ls. (∀l. Exists ? (λl'. l' = l) (labels_defined_switch ls) → ∃lm. lookup_label lbls l = OK ? lm) ∧
+  ∀l,l'. lookup_label lbls0 l = OK ? l' → lookup_label lbls l = OK ? l'.
+
+axiom DuplicateLabel : String.
+(*
 (* We only record labels from Slabel, not Sgoto, so that we detect badly formed
-   programs. *)
-let rec extend_label_env (s:statement) (lbls:lenv) (u:universe ?) : lenv × (universe ?) ≝
-match s with
-[ Ssequence s1 s2 ⇒
-    let 〈lbls,u〉 ≝ extend_label_env s1 lbls u in
-    extend_label_env s2 lbls u
+   programs.  The gratutitous let-in expansion is so that Russell generated
+   nice hypotheses for us. *)
+let rec extend_label_env (s:statement) (lu0:lenv×(universe ?)) : res (Σx:lenv × (universe ?). lenv_inv (\fst lu0) (\fst x) s) ≝
+match s return λs.res (Σx:lenv × (universe ?). lenv_inv (\fst lu0) (\fst x) s) with
+[ Ssequence s1 s2 ⇒ 
+    do lu1 ← extend_label_env s1 lu0;
+    do lu2 ← extend_label_env s2 lu1; OK ? «eject … lu2, ?»
 | Sifthenelse _ s1 s2 ⇒
-    let 〈lbls,u〉 ≝ extend_label_env s1 lbls u in
-    extend_label_env s2 lbls u
-| Swhile _ s ⇒ extend_label_env s lbls u
-| Sdowhile _ s ⇒ extend_label_env s lbls u
+    do lu1 ← extend_label_env s1 lu0;
+    do lu2 ← extend_label_env s2 lu1; OK ? «eject … lu2, ?»
+| Swhile _ s ⇒ do lu ← extend_label_env s lu0; OK ? «eject … lu, ?»
+| Sdowhile _ s ⇒ do lu ← extend_label_env s lu0; OK ? «eject … lu, ?»
 | Sfor s1 _ s2 s3 ⇒
-    let 〈lbls,u〉 ≝ extend_label_env s1 lbls u in
-    let 〈lbls,u〉 ≝ extend_label_env s2 lbls u in
-    extend_label_env s3 lbls u
-| Sswitch _ ls ⇒ extend_label_env' ls lbls u
+    do lu1 ← extend_label_env s1 lu0;
+    do lu2 ← extend_label_env s2 lu1;
+    do lu3 ← extend_label_env s3 lu2; OK ? «eject … lu3, ?»
+| Sswitch _ ls ⇒ do lu ← extend_label_env' ls lu0; OK ? «eject … lu, ?»
 | Slabel l s ⇒
-    let 〈l',u〉 ≝ fresh ? u in
-    extend_label_env s (add … lbls l l') u
-| Scost _ s ⇒ extend_label_env s lbls u
-| _ ⇒ 〈lbls,u〉
+    let 〈lbls, u〉 ≝ lu0 in
+    match lookup_label lbls l with
+    [ OK _ ⇒ Error ? (msg DuplicateLabel)
+    | Error _ ⇒
+        let 〈l',u〉 ≝ fresh ? u in
+        do lu ← extend_label_env s 〈add … lbls l l', u〉; OK ? «eject … lu, ?»
+    ]
+| Scost _ s ⇒ do lu ← extend_label_env s lu0; OK ? «eject … lu, ?»
+| _ ⇒ OK ? «lu0, ?»
 ]
-and extend_label_env' (ls:labeled_statements) (lbls:lenv) (u:universe ?) : lenv × (universe ?) ≝
-match ls with
-[ LSdefault s ⇒ extend_label_env s lbls u
+and extend_label_env' (ls:labeled_statements) (lu0:lenv×(universe ?)) : res (Σx:lenv × (universe ?). lenv_inv_switch (\fst lu0) (\fst x) ls) ≝
+match ls return λls.res (Σx:lenv × (universe ?). lenv_inv_switch (\fst lu0) (\fst x) ls) with
+[ LSdefault s ⇒ do lu ← extend_label_env s lu0; OK ? «eject … lu, ?»
 | LScase _ _ s ls ⇒
-    let 〈lbls,u〉 ≝ extend_label_env s lbls u in
-    extend_label_env' ls lbls u
-].
+    do lu1 ← extend_label_env s lu0;
+    do lu2 ← extend_label_env' ls lu1; OK ? «eject … lu2, ?»
+]. @conj
+[ 1,3,5,17,19,21,27: #l *
+| 2,4,6,18,20,22,28: #l #l' #H @H
+| cases lu1 in lu2 ⊢ % * #lbls1 #u1 * #I1 #E1 * * #lbls2 #u2 * #I2 #E2 whd in E2:(∀_.∀_.??(?%?)? → ?) ⊢ (∀_.? → ??(λ_.??(?%?)?))
+  #l #H cases (Exists_append … H)
+  [ #H1 cases (I1 l H1) #l' #L1 %{l'} @E2 @L1
+  | #H2 cases (I2 l H2) #l' #L2 %{l'} @L2
+  ]
 
 definition build_label_env ≝ λbody. extend_label_env body (empty_map ??) (new_universe ?).
+*)
+
+definition lenv_list_inv : lenv → lenv → list ident → Prop ≝
+λlbls0,lbls,ls. (∀l. Exists ? (λl'. l' = l) ls → ∃lm. lookup_label lbls l = OK ? lm) ∧
+  ∀l,l'. lookup_label lbls0 l = OK ? l' → lookup_label lbls l = OK ? l'.
+
+lemma lookup_label_add : ∀lbls,l,l'.
+  lookup_label (add … lbls l l') l = OK ? l'.
+#lbls #l #l' whd in ⊢ (??%?) >lookup_add_hit @refl
+qed.
+
+lemma lookup_label_new : ∀lbls,l,l',msg,l0,l0'.
+  lookup_label lbls l = Error ? msg →
+  lookup_label lbls l0 = OK ? l0' →
+  lookup_label (add … lbls l l') l0 = OK ? l0'.
+#lbls #l #l' #msg #l0 #l0' #E1 #E2
+whd in ⊢ (??%%)
+>lookup_add_miss
+[ @E2 | @(eq_identifier_elim ?? l0 l) // #E >E in E2 >E1 #X destruct ]
+qed.  
+
+let rec populate_lenv (ls:list ident) (lbls:lenv) (u:universe ?) : res (Σlbls':lenv. lenv_list_inv lbls lbls' ls) ≝
+match ls return λls. res (Σlbls':lenv. lenv_list_inv lbls lbls' ls) with
+[ nil ⇒ OK ? «lbls, ?»
+| cons l t ⇒
+    match lookup_label lbls l return λx.lookup_label lbls l = x → ? with
+    [ OK _ ⇒ λ_. Error ? (msg DuplicateLabel)
+    | Error _ ⇒ λLOOK.
+        let 〈l',u1〉 ≝ fresh … u in
+        do lbls1 ← populate_lenv t (add … lbls l l') u1;
+        OK ? «eject … lbls1, ?»
+    ] (refl ? (lookup_label lbls l))
+]. @conj
+[  #l *
+| #l #l' #H @H
+| cases lbls1 #lbls' * #E1 #E2 whd in ⊢ (∀_.?→??(λ_.??(?%?)?)) #l0 *
+  [ #E <E %{l'} @E2 @lookup_label_add
+  | @E1
+  ]
+| cases lbls1 #lbls' * #E1 #E2 #l1 #l2 #L whd in ⊢ (??(?%?)?)
+  @E2 @(lookup_label_new … LOOK L)
+] qed.
+
+definition build_label_env : ∀body:statement. res (Σlbls:lenv. ∀l.Exists ? (λl'.l' = l) (labels_defined body) → ∃l'.lookup_label lbls l = OK ? l') ≝
+λbody.
+  do lbls ← populate_lenv (labels_defined body) (empty_map ??) (new_universe ?);
+  OK ? «eject … lbls, ?».
+cases lbls #lbls * #E1 #E2 @E1
+qed.
+
+notation > "vbox('do' « ident v , ident p » ← e; break e')" with precedence 40
+  for @{ bind ?? ${e} (λ${fresh x}.match ${fresh x} with [ dp ${ident v} ${ident p} ⇒ ${e'} ]) }.
 
 (* FIXME: the temporary handling is nonsense, I'm afraid. *)
 definition translate_function : list (ident×region) → function → res internal_function ≝
 λglobals, f.
-  let 〈lbls, label_universe〉 ≝ build_label_env (fn_body f) in
+  do «lbls, Ilbls» ← build_label_env (fn_body f);
   let 〈vartypes0, stacksize〉 as E ≝ characterise_vars globals f in
   let tmp ≝ bigid1 in (* FIXME *)
   let tmpp ≝ bigid2 in (* FIXME *)
   let vartypes ≝ add … (add … vartypes0 tmp Local) tmpp Local in
-  do s as E1 ← translate_statement vartypes lbls tmp tmpp (fn_body f);
-  do s as E2 ← alloc_params vartypes lbls (fn_params f) s;
+  do s ← translate_statement vartypes lbls tmp tmpp (fn_body f);
+  do «s,Is» ← alloc_params vartypes lbls ? (fn_params f) s;
   OK ? (mk_internal_function
     (opttyp_of_type (fn_return f))
@@ -1170 +1206 @@
     stacksize
     s ?).
-[ whd whd in ⊢ (match % with [ _ ⇒ ? | _ ⇒ ? ]) >lookup_add_hit %
+[ cases Is #S #L
+  @(stmt_P_mp ???? S)
+  #s1 * #H1 #H2 %
+  [ @(stmt_vars_mp … H1)
+    #i #H cases (identifier_eq ? tmp i)
+    [ #E <E @Exists_mid @refl
+    | #NE1 @Exists_rm cases (identifier_eq ? tmpp i)
+      [ #E <E @Exists_mid @refl
+      | #NE2 @Exists_rm
+        >map_append
+        @Exists_map [ 2: @(characterise_vars_all … (sym_eq ??? E) i)
+                         @(local_id_add_miss ?? Local ? NE1)
+                         @(local_id_add_miss ?? Local ? NE2) @H
+                    | skip
+                    | * #id #ty #E1 <E1 @refl
+                    ]
+      ]
+    ]
+  | @(stmt_labels_mp … H2)
+    #l * #l' #LOOKUP
+    
+     generalize in ⊢ (???(?(???(????%))))
+    * #S #L
+| whd whd in ⊢ (match % with [ _ ⇒ ? | _ ⇒ ? ]) >lookup_add_hit %
 | whd whd in ⊢ (match % with [ _ ⇒ ? | _ ⇒ ? ]) >lookup_add_miss [ >lookup_add_hit %| % ]
-| @(stmt_P_mp ???? (sig_ok ?? s))
-  #s1 * #H1 #H2 % [ 2: @H2 ]
-  @stmt_vars_mp [ 3: @sig_ok | skip ]
-  #i #H cases (identifier_eq ? tmp i)
-  [ #E <E @Exists_mid @refl
-  | #NE1 @Exists_rm cases (identifier_eq ? tmpp i)
-    [ #E <E @Exists_mid @refl
-    | #NE2 @Exists_rm
-      >map_append
-      @Exists_map [ 2: @(characterise_vars_all … (sym_eq ??? E) i)
-                       @(local_id_add_miss ?? Local ? NE1)
-                       @(local_id_add_miss ?? Local ? NE2) @H
-                  | skip
-                  | * #id #ty #E1 <E1 @refl
-                  ]
-    ]
-  ]
+
 ] qed.
 

Deliverables/D3.3/id-lookup-branch/Cminor/syntax.ma

@@ -129 +129 @@
 ] qed.
 
+lemma stmt_labels_mp : ∀P,Q. (∀l. P l → Q l) → ∀s. stmt_labels P s → stmt_labels Q s.
+#P #Q #H #s elim s normalize /2/ qed.
+
 (* Get labels from a Cminor statement. *)
 let rec labels_of (s:stmt) : list (identifier Label) ≝