This file defines the type of I, R, G, and some properties of them
Require Import Coqlib Maps Values GlobDefs GMemory TSOMem Footprint FPLemmas MemAux.
The type of I
Definition stInv :
Type :=
gmem ->
tsomem ->
Prop.
The type of R, G
Definition stRel :
Type :=
gmem ->
tsomem ->
gmem ->
tsomem ->
Prop.
Definition Sta (
I:
stInv) (
R:
stRel) :
Prop :=
forall gm tm gm'
tm',
I gm tm ->
R gm tm gm'
tm' ->
I gm'
tm'.
Definition Implies (
G:
stRel) (
R:
stRel) :
Prop :=
forall gm tm gm'
tm',
G gm tm gm'
tm' ->
R gm tm gm'
tm'.
Definition Implies' (
I :
stInv) (
G:
stRel) (
R:
stRel) :
Prop :=
forall gm tm gm'
tm',
I gm tm ->
G gm tm gm'
tm' ->
R gm tm gm'
tm'.
Definition G_ub :
stRel :=
fun gm tm gm'
tm' =>
gm =
gm' /\ (
exists t,
unbuffer tm t =
Some tm').
Lemma unbuffer_G_ub:
forall gm tm t tm',
unbuffer tm t =
Some tm' ->
G_ub gm tm gm tm'.
Proof.
intros.
unfold G_ub.
eauto.
Qed.
Definition UBSta (
I:
stInv) :
Prop :=
forall gm tm gm'
tm',
I gm tm ->
G_ub gm tm gm'
tm' ->
I gm tm'.
Definition UBImplies (
I:
stInv) (
R:
stRel) :
Prop :=
forall gm tm gm'
tm',
I gm tm ->
G_ub gm tm gm'
tm' ->
R gm tm gm'
tm'.
Definition rel_tm_gm_vb (
M :
gmem) (
tm :
tsomem) (
fl :
freelist) (
t :
tid) :=
forall n b gm,
get_block fl n =
b ->
apply_buffer (
tso_buffers tm t) (
memory tm) =
Some gm ->
In b (
GMem.validblocks gm) <->
In b (
GMem.validblocks M).
Definition tm_alloc_not_fl (
tm :
tsomem) (
fl :
freelist) (
t :
tid) :=
forall t'
blk n lo hi,
t' <>
t ->
In (
BufferedAlloc blk lo hi) (
tso_buffers tm t') ->
blk <>
get_block fl n.
obj_mem is a proposition to judge whether an location belongs to
object memory. Location in object memory only has max permission. This definition
corresponds to objM defined in Figure 20 on page 20
in submission #115 supplement text
Definition obj_mem (
m:
gmem) (
b:
block) (
ofs:
Z) :
Prop :=
(
PMap.get b (
GMem.mem_access m))
ofs Memperm.Max <>
None /\
(
PMap.get b (
GMem.mem_access m))
ofs Memperm.Cur =
None.
client_mem is a proposition to judge whether an location belongs to
client memory.
Definition client_mem (
m:
gmem) (
b:
block) (
ofs:
Z) :
Prop :=
(
GMem.mem_access m) !!
b ofs Memperm.Cur <>
None /\
(
GMem.mem_access m) !!
b ofs Memperm.Max <>
None.
Definition unused_mem (
m:
gmem) (
b:
block) (
ofs:
Z) :
Prop :=
(
GMem.mem_access m) !!
b ofs Memperm.Max =
None.
We define eq_on_loc to describle the memory relation between the location
in gmem of high-level x86SC program and the same one in gmem of low-level x86TSO
program after applying thread buffer
Record eq_on_loc (
b:
block) (
ofs:
Z) (
m tm:
gmem) :
Prop :=
{
eq_loc_validity:
GMem.valid_block m b <->
GMem.valid_block tm b;
eq_loc_perm:
forall k, (
GMem.mem_access m) !!
b ofs k = (
GMem.mem_access tm) !!
b ofs k;
eq_loc_content:
ZMap.get ofs ((
GMem.mem_contents m) !!
b) =
ZMap.get ofs ((
GMem.mem_contents tm) !!
b);
}.
Definition sep_obj_client_block (
sm:
gmem) :
Prop :=
forall b ofs1 ofs2,
obj_mem sm b ofs1 ->
client_mem sm b ofs2 ->
False.
Inductive obj_fp (
gm gm':
gmem) (
fp:
FP.t) :
Prop :=
|
obj_emp_fp:
fp =
FP.emp ->
obj_fp gm gm'
fp
|
obj_valid_block_fp:
forall (
H_object_valid_block_fp:
forall b ofs,
Locs.belongsto (
FP.locs fp)
b ofs ->
obj_mem gm b ofs \/
exists ofs',
obj_mem gm b ofs'),
obj_fp gm gm'
fp
|
obj_alloc_fp:
forall (
H_object_alloc_fp:
forall b ofs,
Locs.belongsto (
FP.locs fp)
b ofs ->
~
GMem.valid_block gm b /\
GMem.valid_block gm'
b /\
(
forall ofs',
obj_mem gm'
b ofs' \/
unused_mem gm'
b ofs')),
obj_fp gm gm'
fp.
Inductive client_fp (
gm gm':
gmem) (
fp:
FP.t) :
Prop :=
|
client_emp_fp:
fp =
FP.emp ->
client_fp gm gm'
fp
|
client_valid_block_fp:
forall (
H_client_valid_block_fp:
forall b ofs,
Locs.belongsto (
FP.locs fp)
b ofs ->
client_mem gm b ofs \/
exists ofs',
client_mem gm b ofs' ),
client_fp gm gm'
fp
|
client_alloc_fp:
forall (
H_client_alloc_fp:
forall b ofs,
Locs.belongsto (
FP.locs fp)
b ofs ->
~
GMem.valid_block gm b /\
GMem.valid_block gm'
b /\
(
forall ofs',
client_mem gm'
b ofs' \/
unused_mem gm'
b ofs')),
client_fp gm gm'
fp.
Inductive client_fp' (
gm:
gmem) (
fp:
FP.t) :
Prop :=
|
client_emp_fp' :
fp =
FP.emp ->
client_fp'
gm fp
|
client_valid_block_fp' :
forall (
H_client_valid_block_fp:
forall b ofs,
Locs.belongsto (
FP.locs fp)
b ofs ->
client_mem gm b ofs \/
exists ofs',
client_mem gm b ofs'),
client_fp'
gm fp
|
client_alloc_fp' :
(
forall (
b :
block) (
ofs :
Z),
Locs.belongsto (
FP.locs fp)
b ofs -> ~
GMem.valid_block gm b) ->
client_fp'
gm fp.
Lemma client_fp_client_fp':
forall gm gm'
fp,
client_fp gm gm'
fp ->
client_fp'
gm fp.
Proof.
clear. intros. inv H.
eapply client_emp_fp'; auto.
eapply client_valid_block_fp'; auto.
eapply client_alloc_fp'. intros. apply H_client_alloc_fp in H. intuition.
Qed.
Lemma obj_mem_valid:
forall sm b ofs,
obj_mem sm b ofs ->
GMem.valid_block sm b.
Proof.
Lemma client_mem_valid:
forall sm b ofs,
client_mem sm b ofs ->
GMem.valid_block sm b.
Proof.
Lemma unused_mem_client_mem_excluded:
forall sm b ofs,
unused_mem sm b ofs ->
client_mem sm b ofs ->
False.
Proof.
Lemma unused_mem_object_mem_excluded:
forall sm b ofs,
unused_mem sm b ofs ->
obj_mem sm b ofs ->
False.
Proof.
Lemma valid_unused_mem_forward:
forall sm sm'
b ofs,
GMem.valid_block sm b ->
GMem.forward sm sm' ->
unused_mem sm b ofs ->
unused_mem sm'
b ofs.
Proof.
Lemma obj_mem_client_mem_excluded:
forall sm sm'
b ofs,
GMem.forward sm sm' ->
obj_mem sm b ofs ->
client_mem sm'
b ofs ->
False.
Proof.
Lemma fp_conflict_locs_conflict:
forall fp1 fp2,
FP.conflict'
fp1 fp2 ->
exists b ofs,
Locs.belongsto (
FP.locs fp1)
b ofs /\
Locs.belongsto (
FP.locs fp2)
b ofs.
Proof.
clear.
destruct fp1,
fp2;
intro;
inv H;
Locs.unfolds;
simpl in *;
unfold FP.locs,
FP.ge_cmps,
FP.ge_reads,
FP.ge_writes in *;
simpl in *;
destruct H0 as (
b &
ofs & ?);
red_boolean_true;
Locs.unfolds;
exists b,
ofs;
split;
auto;
red_boolean_true.
Qed.
Lemma smile_emp_fp:
forall fp,
FP.smile fp FP.emp.
Proof.
Lemma forward_client_mem':
forall sm1 sm2 b ofs,
GMem.forward sm1 sm2 ->
GMem.valid_block sm1 b ->
client_mem sm2 b ofs ->
client_mem sm1 b ofs.
Proof.
Lemma sep_obj_client_block_excluded:
forall sm1 sm2 b ofs1 ofs2,
sep_obj_client_block sm1 ->
GMem.forward sm1 sm2 ->
obj_mem sm1 b ofs1 ->
client_mem sm2 b ofs2 ->
False.
Proof.
intros sm1 sm2 b ofs1 ofs2 Hsep Hforward Hobj Hclt.
exploit obj_mem_valid.
eauto.
intro.
exploit forward_client_mem';
eauto.
Qed.
Lemma obj_fp_forward_client_fp'
_smile:
forall sm1 fp1 sm2 sm3 fp3,
sep_obj_client_block sm1 ->
obj_fp sm1 sm2 fp1 ->
GMem.forward sm1 sm2 ->
GMem.forward sm2 sm3 ->
client_fp'
sm3 fp3 ->
FP.smile fp1 fp3.
Proof.
Lemma client_mem_obj_mem_excluded:
forall sm1 sm2,
(
forall b ofs,
obj_mem sm1 b ofs <->
obj_mem sm2 b ofs) ->
(
forall b ofs,
client_mem sm1 b ofs ->
obj_mem sm2 b ofs ->
False).
Proof.
clear. intros. apply H in H1. inv H0; inv H1; congruence.
Qed.
Lemma adjacent_client_fp_obj_fp_smile:
forall sm1 fp1 sm2 fp2 sm3,
sep_obj_client_block sm1 ->
client_fp sm1 sm2 fp1 ->
GMem.forward sm1 sm2 ->
(
forall b ofs,
obj_mem sm1 b ofs <->
obj_mem sm2 b ofs) ->
obj_fp sm2 sm3 fp2 ->
FP.smile fp1 fp2.
Proof.