Library mcertikos.mm.ShareIntroGenLink
Require Import LinkTemplate.
Require Import MShareIntro.
Require Import ShareIntroGen.
Require Import ShareIntroGenLinkSource.
Require Import MPTNew.
Require Import MPTNewCSource.
Require Import MPTNewCode.
Section WITHCOMPCERTIKOS.
Context `{compcertikos_prf: CompCertiKOS} `{real_params_prf: RealParams}.
Context `{multi_oracle_prop: MultiOracleProp}.
Lemma make_program_find_symbol (CTXT md : module)(m : mem) s :
(p <- make_program s (CTXT ⊕ (md
⊕ SHRDMEMPOOL_LOC ↦ smspool_loc_type) ⊕ ∅) (mptnew ⊕ L64);
ret (Genv.init_mem p) = OK (Some m)) →
∃ b, find_symbol s SHRDMEMPOOL_LOC = Some b ∧
∀ pid1 pid2,
0 ≤ pid1 < num_proc →
0 ≤ pid2 < num_proc →
Mem.valid_access m Mint32 b (pid1 × (num_proc × 12) + pid2 × 12) Writable ∧
Mem.valid_access m Mint32 b (pid1 × (num_proc × 12) + pid2 × 12 + 4) Writable ∧
Mem.valid_access m Mint32 b (pid1 × (num_proc × 12) + pid2 × 12 + 8) Writable.
Proof.
intros mkprog; inv_monad´ mkprog.
assert (mkgenv := make_program_make_globalenv _ _ _ _ mkprog0).
pose proof mkgenv as mkgenv´.
eapply make_globalenv_stencil_matches in mkgenv´.
inv_make_globalenv mkgenv.
subst.
rewrite (stencil_matches_symbols _ _ mkgenv´) in ×. inv mkgenv´.
eexists; split; try eassumption.
specialize (Genv.init_mem_characterization _ _ Hbvi H0); eauto.
unfold Genv.perm_globvar; simpl; intros [Hperm _].
change (Z.max 12582912 0) with 12582912 in Hperm.
change 12288 with (num_proc × 12); try omega.
intros; repeat split.
- unfold Mem.range_perm; intros; apply Hperm.
simpl in H2.
omega.
- replace (pid1 × (num_proc × 12) + pid2 × 12) with ((pid1 × (num_proc × 3) + pid2 × 3) × 4) by omega.
eexists; reflexivity.
- unfold Mem.range_perm; intros; apply Hperm.
simpl in H2.
omega.
- replace (pid1 × (num_proc × 12) + pid2 × 12 + 4) with ((pid1 × (num_proc × 3) + pid2 × 3 + 1) × 4) by omega.
eexists; reflexivity.
- unfold Mem.range_perm; intros; apply Hperm.
simpl in H2.
omega.
- replace (pid1 × (num_proc × 12) + pid2 × 12 + 8) with ((pid1 × (num_proc × 3) + pid2 × 3 + 2) × 4) by omega.
eexists; reflexivity.
Qed.
Lemma init_correct:
init_correct_type MShareIntro_module mptnew mshareintro.
Proof.
init_correct.
exploit make_program_find_symbol; eauto.
intros (b´ & find_symbol_SHRDMEMPOOL_LOC & access).
assert (b´ = b) by congruence; subst.
econstructor; try eassumption; intros.
rewrite 2 ZMap.gi.
specialize (access _ _ H0 H1).
destruct access as [ ? [] ].
assert (readable : Mem.valid_access m2 Mint32 b (pid1 × (num_proc × 12) + pid2 × 12) Readable).
{ eapply Mem.valid_access_implies; try eassumption; constructor. }
assert (readable4 : Mem.valid_access m2 Mint32 b (pid1 × (num_proc × 12) + pid2 × 12 + 4) Readable).
{ eapply Mem.valid_access_implies; try eassumption; constructor. }
assert (readable8 : Mem.valid_access m2 Mint32 b (pid1 × (num_proc × 12) + pid2 × 12 + 8) Readable).
{ eapply Mem.valid_access_implies; try eassumption; constructor. }
destruct (Mem.valid_access_load _ _ _ _ readable) as [ v load ].
destruct (Mem.valid_access_load _ _ _ _ readable4) as [ v4 load4 ].
destruct (Mem.valid_access_load _ _ _ _ readable8) as [ v8 load8 ].
∃ v, v4, v8; repeat (split; [ eassumption |]).
constructor.
Qed.
Lemma link_correct_aux:
link_correct_aux_type MShareIntro_module mptnew mshareintro.
Proof.
link_correct_aux.
- link_cfunction
clear_shared_mem_spec_ref
MPTNewCode.clear_shared_mem_code_correct.
- link_cfunction
get_shared_mem_state_spec_ref
MPTNewCode.get_shared_mem_state_code_correct.
- link_cfunction
get_shared_mem_seen_spec_ref
MPTNewCode.get_shared_mem_seen_code_correct.
- link_cfunction
get_shared_mem_loc_spec_ref
MPTNewCode.get_shared_mem_loc_code_correct.
- link_cfunction
set_shared_mem_state_spec_ref
MPTNewCode.set_shared_mem_state_code_correct.
- link_cfunction
set_shared_mem_seen_spec_ref
MPTNewCode.set_shared_mem_seen_code_correct.
- link_cfunction
set_shared_mem_loc_spec_ref
MPTNewCode.set_shared_mem_loc_code_correct.
- apply passthrough_correct.
Qed.
Theorem cl_backward_simulation:
cl_backward_simulation_type MShareIntro_module mptnew mshareintro.
Proof.
cl_backward_simulation init_correct link_correct_aux.
Qed.
Theorem make_program_exists:
make_program_exist_type MShareIntro_module mptnew mshareintro.
Proof.
make_program_exists link_correct_aux.
Qed.
End WITHCOMPCERTIKOS.
Require Import MShareIntro.
Require Import ShareIntroGen.
Require Import ShareIntroGenLinkSource.
Require Import MPTNew.
Require Import MPTNewCSource.
Require Import MPTNewCode.
Section WITHCOMPCERTIKOS.
Context `{compcertikos_prf: CompCertiKOS} `{real_params_prf: RealParams}.
Context `{multi_oracle_prop: MultiOracleProp}.
Lemma make_program_find_symbol (CTXT md : module)(m : mem) s :
(p <- make_program s (CTXT ⊕ (md
⊕ SHRDMEMPOOL_LOC ↦ smspool_loc_type) ⊕ ∅) (mptnew ⊕ L64);
ret (Genv.init_mem p) = OK (Some m)) →
∃ b, find_symbol s SHRDMEMPOOL_LOC = Some b ∧
∀ pid1 pid2,
0 ≤ pid1 < num_proc →
0 ≤ pid2 < num_proc →
Mem.valid_access m Mint32 b (pid1 × (num_proc × 12) + pid2 × 12) Writable ∧
Mem.valid_access m Mint32 b (pid1 × (num_proc × 12) + pid2 × 12 + 4) Writable ∧
Mem.valid_access m Mint32 b (pid1 × (num_proc × 12) + pid2 × 12 + 8) Writable.
Proof.
intros mkprog; inv_monad´ mkprog.
assert (mkgenv := make_program_make_globalenv _ _ _ _ mkprog0).
pose proof mkgenv as mkgenv´.
eapply make_globalenv_stencil_matches in mkgenv´.
inv_make_globalenv mkgenv.
subst.
rewrite (stencil_matches_symbols _ _ mkgenv´) in ×. inv mkgenv´.
eexists; split; try eassumption.
specialize (Genv.init_mem_characterization _ _ Hbvi H0); eauto.
unfold Genv.perm_globvar; simpl; intros [Hperm _].
change (Z.max 12582912 0) with 12582912 in Hperm.
change 12288 with (num_proc × 12); try omega.
intros; repeat split.
- unfold Mem.range_perm; intros; apply Hperm.
simpl in H2.
omega.
- replace (pid1 × (num_proc × 12) + pid2 × 12) with ((pid1 × (num_proc × 3) + pid2 × 3) × 4) by omega.
eexists; reflexivity.
- unfold Mem.range_perm; intros; apply Hperm.
simpl in H2.
omega.
- replace (pid1 × (num_proc × 12) + pid2 × 12 + 4) with ((pid1 × (num_proc × 3) + pid2 × 3 + 1) × 4) by omega.
eexists; reflexivity.
- unfold Mem.range_perm; intros; apply Hperm.
simpl in H2.
omega.
- replace (pid1 × (num_proc × 12) + pid2 × 12 + 8) with ((pid1 × (num_proc × 3) + pid2 × 3 + 2) × 4) by omega.
eexists; reflexivity.
Qed.
Lemma init_correct:
init_correct_type MShareIntro_module mptnew mshareintro.
Proof.
init_correct.
exploit make_program_find_symbol; eauto.
intros (b´ & find_symbol_SHRDMEMPOOL_LOC & access).
assert (b´ = b) by congruence; subst.
econstructor; try eassumption; intros.
rewrite 2 ZMap.gi.
specialize (access _ _ H0 H1).
destruct access as [ ? [] ].
assert (readable : Mem.valid_access m2 Mint32 b (pid1 × (num_proc × 12) + pid2 × 12) Readable).
{ eapply Mem.valid_access_implies; try eassumption; constructor. }
assert (readable4 : Mem.valid_access m2 Mint32 b (pid1 × (num_proc × 12) + pid2 × 12 + 4) Readable).
{ eapply Mem.valid_access_implies; try eassumption; constructor. }
assert (readable8 : Mem.valid_access m2 Mint32 b (pid1 × (num_proc × 12) + pid2 × 12 + 8) Readable).
{ eapply Mem.valid_access_implies; try eassumption; constructor. }
destruct (Mem.valid_access_load _ _ _ _ readable) as [ v load ].
destruct (Mem.valid_access_load _ _ _ _ readable4) as [ v4 load4 ].
destruct (Mem.valid_access_load _ _ _ _ readable8) as [ v8 load8 ].
∃ v, v4, v8; repeat (split; [ eassumption |]).
constructor.
Qed.
Lemma link_correct_aux:
link_correct_aux_type MShareIntro_module mptnew mshareintro.
Proof.
link_correct_aux.
- link_cfunction
clear_shared_mem_spec_ref
MPTNewCode.clear_shared_mem_code_correct.
- link_cfunction
get_shared_mem_state_spec_ref
MPTNewCode.get_shared_mem_state_code_correct.
- link_cfunction
get_shared_mem_seen_spec_ref
MPTNewCode.get_shared_mem_seen_code_correct.
- link_cfunction
get_shared_mem_loc_spec_ref
MPTNewCode.get_shared_mem_loc_code_correct.
- link_cfunction
set_shared_mem_state_spec_ref
MPTNewCode.set_shared_mem_state_code_correct.
- link_cfunction
set_shared_mem_seen_spec_ref
MPTNewCode.set_shared_mem_seen_code_correct.
- link_cfunction
set_shared_mem_loc_spec_ref
MPTNewCode.set_shared_mem_loc_code_correct.
- apply passthrough_correct.
Qed.
Theorem cl_backward_simulation:
cl_backward_simulation_type MShareIntro_module mptnew mshareintro.
Proof.
cl_backward_simulation init_correct link_correct_aux.
Qed.
Theorem make_program_exists:
make_program_exist_type MShareIntro_module mptnew mshareintro.
Proof.
make_program_exists link_correct_aux.
Qed.
End WITHCOMPCERTIKOS.