[sledge sem] Refactor inductive definitions a bit

Summary: Add universal quantification to suppress warning messages

Reviewed By: jberdine

Differential Revision: D18058834

fbshipit-source-id: c96230ff7
master
Scott Owens 5 years ago committed by Facebook Github Bot
parent 573f0d8aed
commit 86024892e1

@ -250,15 +250,17 @@ End
(* Which values have which types *) (* Which values have which types *)
Inductive value_type: Inductive value_type:
(value_type (IntT W1) (FlatV (W1V w1))) (∀w1. value_type (IntT W1) (FlatV (W1V w1)))
(value_type (IntT W8) (FlatV (W8V w8))) (∀w8. value_type (IntT W8) (FlatV (W8V w8)))
(value_type (IntT W32) (FlatV (W32V w32))) (∀w32. value_type (IntT W32) (FlatV (W32V w32)))
(value_type (IntT W64) (FlatV (W64V w64))) (∀w64. value_type (IntT W64) (FlatV (W64V w64)))
(value_type (PtrT _) (FlatV (PtrV ptr))) (∀t ptr. value_type (PtrT t) (FlatV (PtrV ptr)))
(every (value_type t) vs length vs = n first_class_type t (∀t vs n.
every (value_type t) vs length vs = n first_class_type t
value_type (ArrT n t) (AggV vs)) value_type (ArrT n t) (AggV vs))
(list_rel value_type ts vs (∀ts vs.
list_rel value_type ts vs
value_type (StrT ts) (AggV vs)) value_type (StrT ts) (AggV vs))
End End
@ -491,8 +493,8 @@ Definition inc_pc_def:
End End
Inductive get_obs: Inductive get_obs:
(flookup s.globals x = Some (n, w) get_obs s w bytes (W x bytes)) (∀s w bytes x n. flookup s.globals x = Some (n, w) get_obs s w bytes (W x bytes))
((∀n. (n, w) FRANGE s.globals) get_obs s w bytes Tau) (∀s w bytes. (∀n. (n, w) FRANGE s.globals) get_obs s w bytes Tau)
End End
(* NB, the semantics tracks the poison values, but not much thought has been put (* NB, the semantics tracks the poison values, but not much thought has been put
@ -500,7 +502,8 @@ End
* exactly right. We also are currently ignoring the undefined value. *) * exactly right. We also are currently ignoring the undefined value. *)
Inductive step_instr: Inductive step_instr:
(s.stack = fr::st (∀prog s t a fr v st new_h.
s.stack = fr::st
deallocate fr.stack_allocs s.heap = new_h deallocate fr.stack_allocs s.heap = new_h
eval s a = Some v eval s a = Some v
@ -514,7 +517,8 @@ Inductive step_instr:
heap := new_h; heap := new_h;
status := s.status |>)) status := s.status |>))
(eval s a = Some <| poison := p; value := FlatV (W1V tf) |> (∀prog s a l1 l2 tf l p.
eval s a = Some <| poison := p; value := FlatV (W1V tf) |>
l = Some (if tf = 0w then l2 else l1) l = Some (if tf = 0w then l2 else l1)
step_instr prog s step_instr prog s
@ -522,16 +526,18 @@ Inductive step_instr:
(s with ip := <| f := s.ip.f; b := l; i := Phi_ip s.ip.b |>)) (s with ip := <| f := s.ip.f; b := l; i := Phi_ip s.ip.b |>))
(* TODO *) (* TODO *)
(step_instr prog s (Invoke r t a args l1 l2) Tau s) (∀prog s r t a args l1 l2. step_instr prog s (Invoke r t a args l1 l2) Tau s)
(eval s a = Some v1 (∀prog s a exit_code v1.
eval s a = Some v1
signed_v_to_int v1.value = Some exit_code signed_v_to_int v1.value = Some exit_code
step_instr prog s step_instr prog s
(Exit a) (Exit exit_code) (Exit a) (Exit exit_code)
(s with status := Complete exit_code)) (s with status := Complete exit_code))
(eval s a1 = Some v1 (∀prog s r nuw nsw t a1 a2 v3 v1 v2.
eval s a1 = Some v1
eval s a2 = Some v2 eval s a2 = Some v2
do_sub nuw nsw v1 v2 t = Some v3 do_sub nuw nsw v1 v2 t = Some v3
@ -539,7 +545,8 @@ Inductive step_instr:
(Sub r nuw nsw t a1 a2) Tau (Sub r nuw nsw t a1 a2) Tau
(inc_pc (update_result r v3 s))) (inc_pc (update_result r v3 s)))
(eval s a = Some v (∀prog s r t a const_indices v ns result.
eval s a = Some v
(* The manual implies (but does not explicitly state) that the indices are (* The manual implies (but does not explicitly state) that the indices are
* interpreted as signed numbers *) * interpreted as signed numbers *)
map (λci. signed_v_to_num (eval_const s.globals ci)) const_indices = map Some ns map (λci. signed_v_to_num (eval_const s.globals ci)) const_indices = map Some ns
@ -549,7 +556,8 @@ Inductive step_instr:
(Extractvalue r (t, a) const_indices) Tau (Extractvalue r (t, a) const_indices) Tau
(inc_pc (update_result r <| poison := v.poison; value := result |> s))) (inc_pc (update_result r <| poison := v.poison; value := result |> s)))
(eval s a1 = Some v1 (∀prog s r t1 a1 t2 a2 const_indices result v1 v2 ns.
eval s a1 = Some v1
eval s a2 = Some v2 eval s a2 = Some v2
(* The manual implies (but does not explicitly state) that the indices are (* The manual implies (but does not explicitly state) that the indices are
* interpreted as signed numbers *) * interpreted as signed numbers *)
@ -561,7 +569,8 @@ Inductive step_instr:
(inc_pc (update_result r (inc_pc (update_result r
<| poison := (v1.poison v2.poison); value := result |> s))) <| poison := (v1.poison v2.poison); value := result |> s)))
(eval s a1 = Some v (∀prog s r t t1 a1 ptr new_h v n n2.
eval s a1 = Some v
(* TODO Question is the number to allocate interpreted as a signed or (* TODO Question is the number to allocate interpreted as a signed or
* unsigned quantity. E.g., if we allocate i8 0xFF does that do 255 or -1? *) * unsigned quantity. E.g., if we allocate i8 0xFF does that do 255 or -1? *)
signed_v_to_num v.value = Some n signed_v_to_num v.value = Some n
@ -573,7 +582,8 @@ Inductive step_instr:
(inc_pc (update_result r <| poison := v.poison; value := ptr |> (inc_pc (update_result r <| poison := v.poison; value := ptr |>
(s with heap := new_h)))) (s with heap := new_h))))
(eval s a1 = Some <| poison := p1; value := FlatV (PtrV w) |> (∀prog s r t t1 a1 pbytes w interval freeable p1.
eval s a1 = Some <| poison := p1; value := FlatV (PtrV w) |>
interval = Interval freeable (w2n w) (w2n w + sizeof t) interval = Interval freeable (w2n w) (w2n w + sizeof t)
is_allocated interval s.heap is_allocated interval s.heap
pbytes = get_bytes s.heap interval pbytes = get_bytes s.heap interval
@ -585,7 +595,8 @@ Inductive step_instr:
value := fst (bytes_to_llvm_value t (map snd pbytes)) |> value := fst (bytes_to_llvm_value t (map snd pbytes)) |>
s))) s)))
(eval s a2 = Some <| poison := p2; value := FlatV (PtrV w) |> (∀prog s t1 a1 t2 a2 obs p2 bytes w v1 freeable interval.
eval s a2 = Some <| poison := p2; value := FlatV (PtrV w) |>
eval s a1 = Some v1 eval s a1 = Some v1
interval = Interval freeable (w2n w) (w2n w + sizeof t1) interval = Interval freeable (w2n w) (w2n w + sizeof t1)
is_allocated interval s.heap is_allocated interval s.heap
@ -597,7 +608,8 @@ Inductive step_instr:
(Store (t1, a1) (t2, a2)) obs (Store (t1, a1) (t2, a2)) obs
(inc_pc (s with heap := set_bytes p2 bytes (w2n w) s.heap))) (inc_pc (s with heap := set_bytes p2 bytes (w2n w) s.heap)))
(map (eval s o snd) tindices = map Some (i1::indices) (∀prog s r t t1 a1 tindices v1 i1 indices v w1 i is off ptr.
map (eval s o snd) tindices = map Some (i1::indices)
eval s a1 = Some v eval s a1 = Some v
v.value = FlatV (PtrV w1) v.value = FlatV (PtrV w1)
(* The manual states that the indices are interpreted as signed numbers *) (* The manual states that the indices are interpreted as signed numbers *)
@ -613,7 +625,8 @@ Inductive step_instr:
value := ptr |> value := ptr |>
s))) s)))
(eval s a1 = Some v1 (∀prog s r t1 a1 t v1 int_v w.
eval s a1 = Some v1
v1.value = FlatV (PtrV w) v1.value = FlatV (PtrV w)
w64_cast w t = Some int_v w64_cast w t = Some int_v
@ -621,7 +634,8 @@ Inductive step_instr:
(Ptrtoint r (t1, a1) t) Tau (Ptrtoint r (t1, a1) t) Tau
(inc_pc (update_result r <| poison := v1.poison; value := int_v |> s))) (inc_pc (update_result r <| poison := v1.poison; value := int_v |> s)))
(eval s a1 = Some v1 (∀prog s r t1 a1 t ptr v1 n.
eval s a1 = Some v1
unsigned_v_to_num v1.value = Some n unsigned_v_to_num v1.value = Some n
mk_ptr n = Some ptr mk_ptr n = Some ptr
@ -629,7 +643,8 @@ Inductive step_instr:
(Inttoptr r (t1, a1) t) Tau (Inttoptr r (t1, a1) t) Tau
(inc_pc (update_result r <| poison := v1.poison; value := ptr |> s))) (inc_pc (update_result r <| poison := v1.poison; value := ptr |> s)))
(eval s a1 = Some v1 (∀prog s r c t a1 a2 v3 v1 v2.
eval s a1 = Some v1
eval s a2 = Some v2 eval s a2 = Some v2
do_icmp c v1 v2 = Some v3 do_icmp c v1 v2 = Some v3
@ -637,7 +652,8 @@ Inductive step_instr:
(Icmp r c t a1 a2) Tau (Icmp r c t a1 a2) Tau
(inc_pc (update_result r v3 s))) (inc_pc (update_result r v3 s)))
(alookup prog fname = Some d (∀prog s r t fname targs d vs.
alookup prog fname = Some d
map (eval s o snd) targs = map Some vs map (eval s o snd) targs = map Some vs
step_instr prog s step_instr prog s
@ -668,14 +684,14 @@ Inductive step_instr:
End End
Inductive get_instr: Inductive get_instr:
(∀prog ip. (∀prog ip idx b d.
alookup prog ip.f = Some d alookup prog ip.f = Some d
alookup d.blocks ip.b = Some b alookup d.blocks ip.b = Some b
ip.i = Offset idx ip.i = Offset idx
idx < length b.body idx < length b.body
get_instr prog ip (Inl (el idx b.body))) get_instr prog ip (Inl (el idx b.body)))
(∀prog ip. (∀prog ip from_l phis d b landing.
alookup prog ip.f = Some d alookup prog ip.f = Some d
alookup d.blocks ip.b = Some b alookup d.blocks ip.b = Some b
ip.i = Phi_ip from_l ip.i = Phi_ip from_l
@ -685,7 +701,8 @@ Inductive get_instr:
End End
Inductive step: Inductive step:
(get_instr p s.ip (Inl i) (∀p s l s' i.
get_instr p s.ip (Inl i)
step_instr p s i l s' step_instr p s i l s'
step p s l s') step p s l s')
@ -701,18 +718,21 @@ Inductive step:
* %r2 = phi [%r1, %l] * %r2 = phi [%r1, %l]
* %r1 = phi [0, %l] * %r1 = phi [0, %l]
*) *)
(get_instr p s.ip (Inr (from_l, phis)) (∀p s updates from_l phis.
get_instr p s.ip (Inr (from_l, phis))
map (do_phi from_l s) phis = map Some updates map (do_phi from_l s) phis = map Some updates
step p s Tau (inc_pc (s with locals := locals |++ updates))) step p s Tau (inc_pc (s with locals := s.locals |++ updates)))
End End
Inductive sem_step: Inductive sem_step:
(step p s1 l s2 (∀p s1 l s2.
step p s1 l s2
s1.status = Partial s1.status = Partial
sem_step p s1 l s2) sem_step p s1 l s2)
((¬∃l s2. step p s1 l s2) (∀p s1.
(¬∃l s2. step p s1 l s2)
s1.status = Partial s1.status = Partial
sem_step p s1 Error (s1 with status := Stuck)) sem_step p s1 Error (s1 with status := Stuck))

@ -356,7 +356,7 @@ Proof
QED QED
Theorem step_instr_invariant: Theorem step_instr_invariant:
i l s2. p s1 i l s2.
step_instr p s1 i l s2 prog_ok p get_instr p s1.ip (Inl i) state_invariant p s1 step_instr p s1 i l s2 prog_ok p get_instr p s1.ip (Inl i) state_invariant p s1
state_invariant p s2 state_invariant p s2
@ -498,14 +498,6 @@ Proof
>- (fs [stack_ok_def, frame_ok_def, EVERY_MEM] >> metis_tac []) >- (fs [stack_ok_def, frame_ok_def, EVERY_MEM] >> metis_tac [])
QED QED
(* TODO: remove
Theorem exit_no_step:
!p s1. s1.exited None ¬?l s2. step p s1 l s2
Proof
rw [step_cases, METIS_PROVE [] ``~x y (x y)``]
QED
*)
Definition is_call_def: Definition is_call_def:
(is_call (Call _ _ _ _) T) (is_call (Call _ _ _ _) T)
(is_call _ F) (is_call _ F)

@ -172,6 +172,7 @@ End
(* Allocate a free chunk of memory, and write non-deterministic bytes into it *) (* Allocate a free chunk of memory, and write non-deterministic bytes into it *)
Inductive allocate: Inductive allocate:
∀h size tag p bytes b.
b = Interval T p (p + size) b = Interval T p (p + size)
is_free b h is_free b h
length bytes = size length bytes = size

Loading…
Cancel
Save