Changeset 2271 for src/Clight/switchRemoval.ma

Timestamp:

Jul 26, 2012, 5:02:52 PM (9 years ago)

Author:

garnier

Message:

Proof of correction for the semantics of expressions under memory injections terminated.

File:

• src/Clight/switchRemoval.ma (modified) (2 diffs)

src/Clight/switchRemoval.ma

@@ -2980 +2980 @@
 ] qed.
 
+lemma cast_value_eq : 
+ ∀E,m1,m2,v1,v2. (* memory_inj E m1 m2 → *) value_eq E v1 v2 →
+  ∀ty,cast_ty,res. exec_cast m1 v1 ty cast_ty = OK ? res → 
+  ∃res'. exec_cast m2 v2 ty cast_ty = OK ? res' ∧ value_eq E res res'.
+#E #m1 #m2 #v1 #v2 (* #Hmemory_inj *) #Hvalue_eq #ty #cast_ty #res
+@(value_eq_inversion … Hvalue_eq)
+[ 1: #v normalize #Habsurd destruct (Habsurd)
+| 2: #vsz #vi whd in match (exec_cast ????);
+     cases ty
+     [ 1: | 2: #sz #sg | 3: #fl | 4: #ptrty | 5: #arrayty #n | 6: #tl #retty | 7: #id #fl | 8: #id #fl | 9: #comptrty ]
+     normalize nodelta
+     [ 1,3,7,8,9: #Habsurd destruct (Habsurd)
+     | 2: @intsize_eq_elim_elim
+          [ 1: #Hneq #Habsurd destruct (Habsurd)
+          | 2: #Heq destruct (Heq) normalize nodelta
+               cases cast_ty
+               [ 1: | 2: #csz #csg | 3: #cfl | 4: #cptrty | 5: #carrayty #cn 
+               | 6: #ctl #cretty | 7: #cid #cfl | 8: #cid #cfl | 9: #ccomptrty ]
+               normalize nodelta
+               [ 1,7,8,9: #Habsurd destruct (Habsurd)
+               | 2: #Heq destruct (Heq) /3 by ex_intro, conj, vint_eq/
+               | 3: #Heq destruct (Heq) /3 by ex_intro, conj, vfloat_eq/
+               | 4,5,6: whd in match (try_cast_null ?????); normalize nodelta
+                    @eq_bv_elim
+                    [ 1,3,5: #Heq destruct (Heq) >eq_intsize_identity normalize nodelta
+                         whd in match (m_bind ?????);
+                         #Heq destruct (Heq) /3 by ex_intro, conj, vnull_eq/
+                    | 2,4,6: #Hneq >eq_intsize_identity normalize nodelta
+                         whd in match (m_bind ?????);
+                         #Habsurd destruct (Habsurd) ] ]
+          ]
+     | 4,5,6: whd in match (try_cast_null ?????); normalize nodelta
+          @eq_bv_elim
+          [ 1,3,5: #Heq destruct (Heq) normalize nodelta
+               whd in match (m_bind ?????); #Habsurd destruct (Habsurd)
+          | 2,4,6: #Hneq normalize nodelta
+               whd in match (m_bind ?????); #Habsurd destruct (Habsurd) ]
+     ]
+| 3: #f whd in match (exec_cast ????);
+     cases ty
+     [ 1: | 2: #sz #sg | 3: #fl | 4: #ptrty | 5: #arrayty #n 
+     | 6: #tl #retty | 7: #id #fl | 8: #id #fl | 9: #comptrty ]
+     normalize nodelta
+     [ 1,2,4,5,6,7,8,9: #Habsurd destruct (Habsurd) ]
+     cases cast_ty
+     [ 1: | 2: #csz #csg | 3: #cfl | 4: #cptrty | 5: #carrayty #cn 
+     | 6: #ctl #cretty | 7: #cid #cfl | 8: #cid #cfl | 9: #ccomptrty ]
+     normalize nodelta
+     [ 1,4,5,6,7,8,9: #Habsurd destruct (Habsurd) ]
+     #Heq destruct (Heq)
+     [ 1: /3 by ex_intro, conj, vint_eq/
+     | 2: /3 by ex_intro, conj, vfloat_eq/ ]
+| 4: whd in match (exec_cast ????);
+     cases ty
+     [ 1: | 2: #sz #sg | 3: #fl | 4: #ptrty | 5: #arrayty #n 
+     | 6: #tl #retty | 7: #id #fl | 8: #id #fl | 9: #comptrty ]
+     normalize
+     [ 1,2,3,7,8,9: #Habsurd destruct (Habsurd) ]
+     cases cast_ty normalize nodelta
+     [ 1,10,19: #Habsurd destruct (Habsurd) 
+     | 2,11,20: #csz #csg #Habsurd destruct (Habsurd) 
+     | 3,12,21: #cfl #Habsurd destruct (Habsurd) 
+     | 4,13,22: #cptrty #Heq destruct (Heq) /3 by ex_intro, conj, vnull_eq/
+     | 5,14,23: #carrayty #cn #Heq destruct (Heq) /3 by ex_intro, conj, vnull_eq/
+     | 6,15,24: #ctl #cretty #Heq destruct (Heq) /3 by ex_intro, conj, vnull_eq/
+     | 7,16,25: #cid #cfl #Habsurd destruct (Habsurd)
+     | 8,17,26: #cid #cfl #Habsurd destruct (Habsurd)
+     | 9,18,27: #ccomptrty #Habsurd destruct (Habsurd) ]
+| 5: #p1 #p2 #Hembed whd in match (exec_cast ????);
+     cases ty
+     [ 1: | 2: #sz #sg | 3: #fl | 4: #ptrty | 5: #arrayty #n 
+     | 6: #tl #retty | 7: #id #fl | 8: #id #fl | 9: #comptrty ]
+     normalize
+     [ 1,2,3,7,8,9: #Habsurd destruct (Habsurd) ]
+     cases cast_ty normalize nodelta
+     [ 1,10,19: #Habsurd destruct (Habsurd)
+     | 2,11,20: #csz #csg #Habsurd destruct (Habsurd)
+     | 3,12,21: #cfl #Habsurd destruct (Habsurd) 
+     | 4,13,22: #cptrty #Heq destruct (Heq) %{(Vptr p2)} @conj try @refl @vptr_eq assumption
+     | 5,14,23: #carrayty #cn #Heq destruct (Heq)
+                %{(Vptr p2)} @conj try @refl @vptr_eq assumption
+     | 6,15,24: #ctl #cretty #Heq destruct (Heq)
+                %{(Vptr p2)} @conj try @refl @vptr_eq assumption
+     | 7,16,25: #cid #cfl #Habsurd destruct (Habsurd)
+     | 8,17,26: #cid #cfl #Habsurd destruct (Habsurd)
+     | 9,18,27: #ccomptrty #Habsurd destruct (Habsurd) ]
+qed.
+
+lemma bool_of_val_value_eq : 
+ ∀E,v1,v2. value_eq E v1 v2 →
+   ∀ty,b.exec_bool_of_val v1 ty = OK ? b → exec_bool_of_val v2 ty = OK ? b.
+#E #v1 #v2 #Hvalue_eq #ty #b
+@(value_eq_inversion … Hvalue_eq) //
+[ 1: #v #H normalize in H; destruct (H)
+| 2: #p1 #p2 #Hembed #H @H ] qed.
  
 (* Simulation relation on expressions *)
@@ -3097 +3192 @@
      >Hopval_eq normalize destruct /2 by conj/
 | 9: #ty #cast_ty #e #Hsim @(exec_expr_expr_elim … Hsim)
-     #v1 #v2 #trace #Hvalue_eq (* TODO ... *) @cthulhu
-| *: @cthulhu ] qed.
-
-(* TODO: Old cases, to be ported to memory injection.
-| 8: #ty #op #e1 #e2 #Hind1 #Hind2
-     whd in match (exec_expr ge ???);    
-     whd in match (exec_expr ge' ???);
-     @(exec_expr_expr_elim … Hind1)
-     cases (exec_expr ge en1 m1 e2) in Hind2;
-     [ 2: #error normalize //
-     | 1: * #v1 #tr1 normalize in ⊢ (% → ?); #Hind2 elim (Hind2 〈v1,tr1〉 (refl ??)) * #v2 #tr2 *
-          #Hexec_eq * #Hvalue_eq #Htrace_eq #v1' #v2' #trace #Hvalue_eq'
-          >Hexec_eq whd in match (m_bind ?????); whd in match (m_bind ?????);
-
-
-| 9: #ty #castty #e #Hind
-     whd in match (exec_expr ge ???);    
-     whd in match (exec_expr ge' ???);
-     cases Hind
-     [ 2: * #error #Hfail >Hfail @SimFail /2 by ex_intro/
-     | 1: cases (exec_expr ge en m e)
-          [ 2: #error #_ @SimFail /2 by ex_intro/
-          | 1: #a #Hind >(Hind a (refl ? (OK ? a))) @SimOk // 
-          ] 
-     ]
-| 10: #ty #e1 #e2 #e3 #Hind1 #Hind2 #Hind3
-     whd in match (exec_expr ge ???);    
-     whd in match (exec_expr ge' ???);
-     cases Hind1
-     [ 2: * #error #Hfail >Hfail @SimFail /2 by ex_intro/
-     | 1: cases (exec_expr ge en m e1)
-          [ 2: #error #_ @SimFail /2 by ex_intro/
-          | 1: #a1 #Hind1 >(Hind1 a1 (refl ? (OK ? a1)))
-               normalize nodelta
-               cases (exec_bool_of_val ??)
-               [ 2: #error @SimFail /2 by ex_intro/
-               | 1: * whd in match (m_bind ?????); normalize nodelta
-                    [ 1: cases Hind2
-                         [ 2: * #error #Hfail >Hfail @SimFail /2 by ex_intro/
-                         | 1: cases (exec_expr ge en m e2)
-                              [ 2: #error #_  @SimFail /2 by ex_intro/
-                              | 1: #a2 #Hind2 >(Hind2 a2 (refl ? (OK ? a2)))                                   
-                                   @SimOk normalize nodelta #a2
-                                   whd in match (m_bind ?????); // ]
-                         ]
-                    | 2: cases Hind3
-                         [ 2: * #error #Hfail >Hfail @SimFail /2 by ex_intro/
-                         | 1: cases (exec_expr ge en m e3)
-                              [ 2: #error #_  @SimFail /2 by ex_intro/
-                              | 1: #a3 #Hind3 >(Hind3 a3 (refl ? (OK ? a3)))
-                                   @SimOk normalize nodelta #a3
-                                   whd in match (m_bind ?????); // ]
-                         ]
-     ] ] ] ]                      
-| 11: #ty #e1 #e2 #Hind1 #Hind2
-     whd in match (exec_expr ge ???);    
-     whd in match (exec_expr ge' ???);
-     cases Hind1
-     [ 2: * #error #Hfail >Hfail @SimFail /2 by ex_intro/
-     | 1: cases (exec_expr ge en m e1)
-          [ 2: #error #_ @SimFail /2 by ex_intro/
-          | 1: #a1 #Hind1 >(Hind1 a1 (refl ? (OK ? a1)))
-               normalize nodelta
-               cases (exec_bool_of_val ??)
-               [ 2: #error @SimFail /2 by ex_intro/
-               | 1: * whd in match (m_bind ?????);
-                    [ 2: @SimOk // ]
-                    cases Hind2
-                    [ 2: * #error #Hfail >Hfail @SimFail /2 by ex_intro/
-                    | 1: cases (exec_expr ge en m e2)
-                         [ 2: #error #_  @SimFail /2 by ex_intro/
-                         | 1: #a2 #Hind2 >(Hind2 a2 (refl ? (OK ? a2)))
-                              @SimOk #a2
-                              whd in match (m_bind ?????); //
-     ] ] ] ] ]
-| 12: #ty #e1 #e2 #Hind1 #Hind2
-     whd in match (exec_expr ge ???);    
-     whd in match (exec_expr ge' ???);
-     cases Hind1
-     [ 2: * #error #Hfail >Hfail @SimFail /2 by ex_intro/
-     | 1: cases (exec_expr ge en m e1)
-          [ 2: #error #_ @SimFail /2 by ex_intro/
-          | 1: #a1 #Hind1 >(Hind1 a1 (refl ? (OK ? a1)))
-               normalize nodelta
-               cases (exec_bool_of_val ??)
-               [ 2: #error @SimFail /2 by ex_intro/
-               | 1: * whd in match (m_bind ?????);
-                    [ 1: @SimOk // ]
-                    cases Hind2
-                    [ 2: * #error #Hfail >Hfail @SimFail /2 by ex_intro/
-                    | 1: cases (exec_expr ge en m e2)
-                         [ 2: #error #_  @SimFail /2 by ex_intro/
-                         | 1: #a2 #Hind2 >(Hind2 a2 (refl ? (OK ? a2)))
-                              @SimOk #a2
-                              whd in match (m_bind ?????); //
-     ] ] ] ] ]
-| 13: #ty #sizeof_ty
-     whd in match (exec_expr ge ???);    
-     whd in match (exec_expr ge' ???);
-     @SimOk //
-| 14: #ty #e #ty' #fld #Hind
-     whd in match (exec_lvalue' ge ????);
-     whd in match (exec_lvalue' ge' ????);
-     whd in match (typeof ?);
-     cases ty' in Hind;
-     [ 1: | 2: #sz #sg | 3: #fsz | 4: #rg #ptr_ty | 5: #rg #array_ty #array_sz | 6: #domain #codomain
-     | 7: #structname #fieldspec | 8: #unionname #fieldspec | 9: #rg #id ]
-     normalize nodelta #Hind
-     try (@SimFail /2 by ex_intro/)
-     whd in match (exec_lvalue ????);
-     whd in match (exec_lvalue ????);     
-     cases Hind
-     [ 2,4: * #error #Hfail >Hfail @SimFail /2 by ex_intro/
-     | 1,3: cases (exec_lvalue' ge en m e ?)
-         [ 2,4: #error #_ @SimFail /2 by ex_intro/
-         | 1,3: #a #Hind >(Hind a (refl ? (OK ? a))) @SimOk //
-     ] ]
-| 15: #ty #l #e #Hind
-     whd in match (exec_expr ge ???);
-     whd in match (exec_expr ge' ???);
-     cases Hind
-     [ 2: * #error #Hfail >Hfail @SimFail /2 by ex_intro/
-     | 1: cases (exec_expr ge en m e)
-        [ 2: #error #_ @SimFail /2 by ex_intro/
-        | 1: #a #Hind >(Hind a (refl ? (OK ? a))) @SimOk //
-     ] ]
+     #v1 #v2 #trace #Hvalue_eq lapply (cast_value_eq E m1 m2 … Hvalue_eq (typeof e) cast_ty)
+     cases (exec_cast m1 v1 (typeof e) cast_ty)
+     [ 2: #error #_ normalize @I
+     | 1: #res #H lapply (H res (refl ??)) whd in match (m_bind ?????);
+          * #res' * #Hexec_cast >Hexec_cast #Hvalue_eq normalize nodelta
+          @conj // ]
+| 10: #ty #e1 #e2 #e3 #Hsim1 #Hsim2 #Hsim3
+     @(exec_expr_expr_elim … Hsim1) #v1 #v2 #trace #Hvalue_eq
+     lapply (bool_of_val_value_eq E v1 v2 Hvalue_eq (typeof e1))
+     cases (exec_bool_of_val ? (typeof e1)) #b
+     [ 2: #_ normalize @I ]
+     #H lapply (H ? (refl ??)) #Hexec >Hexec normalize
+     cases b normalize nodelta
+     [ 1: (* true branch *)
+          cases (exec_expr ge en1 m1 e2) in Hsim2;
+          [ 2: #error normalize #_ @I
+          | 1: * #e2v #e2tr normalize #H elim (H ? (refl ??))
+               * #e2v' #e2tr' * #Hexec2 >Hexec2 * #Hvalue_eq2 #Htrace_eq2 normalize
+                    destruct @conj try // ]
+     | 2: (* false branch *)
+          cases (exec_expr ge en1 m1 e3) in Hsim3;
+          [ 2: #error normalize #_ @I
+          | 1: * #e3v #e3tr normalize #H elim (H ? (refl ??))
+               * #e3v' #e3tr' * #Hexec3 >Hexec3 * #Hvalue_eq3 #Htrace_eq3 normalize
+               destruct @conj // ] ]
+| 11,12: #ty #e1 #e2 #Hsim1 #Hsim2
+     @(exec_expr_expr_elim … Hsim1) #v1 #v1' #trace #Hvalue_eq
+     lapply (bool_of_val_value_eq E v1 v1' Hvalue_eq (typeof e1))     
+     cases (exec_bool_of_val v1 (typeof e1))
+     [ 2,4:  #error #_ normalize @I ]
+     #b cases b #H lapply (H ? (refl ??)) #Heq >Heq
+     whd in match (m_bind ?????);
+     whd in match (m_bind ?????);
+     [ 2,3: normalize @conj try @refl try @vint_eq ]
+     cases (exec_expr ge en1 m1 e2) in Hsim2;
+     [ 2,4: #error #_ normalize @I ]
+     * #v2 #tr2 whd in ⊢ (% → %); #H2 normalize nodelta elim (H2 ? (refl ??))
+     * #v2' #tr2' * #Heq2 * #Hvalue_eq2 #Htrace2 >Heq2 normalize nodelta
+     lapply (bool_of_val_value_eq E v2 v2' Hvalue_eq2 (typeof e2))
+     cases (exec_bool_of_val v2 (typeof e2))
+     [ 2,4: #error #_ normalize @I ]
+     #b2 #H3 lapply (H3 ? (refl ??)) #Heq3 >Heq3 normalize nodelta
+     destruct @conj try @conj //
+     cases b2 whd in match (of_bool ?); @vint_eq
+| 13: #ty #ty' cases ty
+     [ 1: | 2: #sz #sg | 3: #fl | 4: #ty | 5: #ty #n 
+     | 6: #tl #ty | 7: #id #fl | 8: #id #fl | 9: #ty ]
+     whd in match (exec_expr ????); whd
+     * #v #trace #Heq destruct %{〈Vint sz (repr sz (sizeof ty')), E0〉}
+     @conj try @refl @conj //
+| 14: #ty #ed #aggregty #i #Hsim whd * * #b #o #tr normalize nodelta
+    whd in match (exec_lvalue' ?????);
+    whd in match (exec_lvalue' ge' en2 m2 (Efield (Expr ed aggregty) i) ty);
+    whd in match (typeof ?);
+    cases aggregty in Hsim;
+    [ 1: | 2: #sz' #sg' | 3: #fl' | 4: #ty' | 5: #ty' #n'
+    | 6: #tl' #ty' | 7: #id' #fl' | 8: #id' #fl' | 9: #ty' ]
+    normalize nodelta #Hsim
+    [ 1,2,3,4,5,6,9: #Habsurd destruct (Habsurd) ]
+    whd in match (m_bind ?????);
+    whd in match (m_bind ?????);
+    whd in match (exec_lvalue ge en1 m1 (Expr ed ?));
+    cases (exec_lvalue' ge en1 m1 ed ?) in Hsim;
+    [ 2,4: #error #_ normalize in ⊢ (% → ?); #Habsurd destruct (Habsurd) ]
+    * * #b1 #o1 #tr1 whd in ⊢ (% → ?); #H elim (H ? (refl ??))
+    * * #b1' #o1' #tr1' * #Hexec normalize nodelta * #Hvalue_eq #Htrace_eq
+    whd in match (exec_lvalue ????); >Hexec normalize nodelta
+    [ 2: #Heq destruct (Heq) %{〈 b1',o1',tr1'〉} @conj //
+         normalize @conj // ]
+    cases (field_offset i fl')
+    [ 2: #error normalize #Habsurd destruct (Habsurd) ]
+    #offset whd in match (m_bind ?????); #Heq destruct (Heq)
+    whd in match (m_bind ?????);
+    %{〈b1',shift_offset (bitsize_of_intsize I32) o1' (repr I32 offset),tr1'〉} @conj 
+    destruct // normalize nodelta @conj try @refl @vptr_eq
+    -H lapply (value_eq_ptr_inversion … Hvalue_eq) * #p2 * #Hptr_eq
+    whd in match (pointer_translation ??);      
+    whd in match (pointer_translation ??);
+    cases (E b)
+    [ 1: normalize nodelta #Habsurd destruct (Habsurd) ]
+    * #b' #o' normalize nodelta #Heq destruct (Heq) destruct (Hptr_eq)
+    cut (offset_plus (mk_offset (offv o1+Z_of_signed_bitvector (bitsize_of_intsize I32) (repr I32 offset))) o'
+          = (shift_offset (bitsize_of_intsize I32) (offset_plus o1 o') (repr I32 offset)))
+    [ normalize >associative_Zplus >(sym_Zplus ? (offv o')) in ⊢ (??%?); <associative_Zplus @refl ]
+    #Heq >Heq @refl
+| 15: #ty #l #e #Hsim
+     @(exec_expr_expr_elim … Hsim) #v1 #v2 #trace #Hvalue_eq normalize nodelta @conj //
 | 16: *
   [ 1: #sz #i | 2: #fl | 3: #var_id | 4: #e1 | 5: #e1 | 6: #op #e1 | 7: #op #e1 #e2 | 8: #cast_ty #e1
   | 9: #cond #iftrue #iffalse | 10: #e1 #e2 | 11: #e1 #e2 | 12: #sizeofty | 13: #e1 #field | 14: #cost #e1 ]
   #ty normalize in ⊢ (% → ?);
-  [ 1,2: #_ @SimOk #a normalize //
-  | 3,4,13: #H @(False_ind … H)
-  | *: #_ @SimFail /2 by ex_intro/
-  ]
-] qed. *)
+  [ 3,4,13: @False_ind
+  | *: #_ normalize #a1 #Habsurd destruct (Habsurd) ]
+] qed.    
+
 
 (*