Lecture 8: CompCert II

We’ll use Coq 8.5 and CompCert (the arm backend) for this lecture.

Preparation

The first step is optional: install a gcc cross compiler for arm.

• OS X: use homebrew brew cask install gcc-arm-embedded.
• Ubuntu: use apt-get install gcc-arm-none-eabi.

Now you should have arm-none-eabi-gcc installed.

Then, grab a version of CompCert that is compatible with Coq 8.5.

$ git clone -b coq8.5 https://github.com/xiw/compcert2.6 compcert
$ cd compcert

This version also includes ring support to CompCert machine integers, which may help you with some proofs.

Next, configure and build your CompCert for arm.

$ ./configure -toolprefix arm-none-eabi- arm-eabi
$ make

Create a simple C source file test.c and make sure ccomp -S produces arm assembly in test.s.

To use CoqIDE to single-step file.v, you need to pass the right include path options. One simple way is to run the following command in CompCert’s top directory (you need to have coqide in PATH or set up the shell alias as in previous lectures):

$ coqide `make print-includes` file.v

CompCert also provides two scripts, coq and pg, for launching CoqIDE and Proof General, respectively.

Today’s plan

• proof structure
• machine integers, C values
• hands-ons, Peek

Add an optimization x + x => x << 1

Let’s use this C file as a test case.

int foo(int x)
{
	return x + x;
}

int bar(int x)
{
	return x << 1;
}

Show the results from clang -target arm-none-eabi/arm-none-eabi-gcc (both -O0 and -O2) and from ccomp.

We will do this in two steps. Prove the arithmetic lemma, and then integrate it into one of CompCert passes.

Go to the root directory of CompCert source tree. Open an empty file, using:

• coqide `make print-includes` test.v or ./coq test.v (for CoqIDE), or
• ./pg test.v (for Proof General).

Complete the following admitted proofs. You may find lemmas in these modules useful: ZBits, Integers, and Values.

Require Import Coqlib Integers Values.

Lemma Zshl_1_add:
  forall (x: Z), Z.shiftl x 1 = x + x.
Proof.
Admitted.

Lemma Ishl_1_add:
  forall (x: int), Int.shl x Int.one = Int.add x x.
Proof.
Admitted.

Lemma Vshl_1_add:
  forall (x: val), Val.shl x Vone = Val.add x x.
Proof.
Admitted.

Second, let’s implement the optimization on one of the RTL passes. Open arm/CombineOp.v. Modify combine_op to optimize x + x into x << 1. Do make.

Now we need to fix the proof. Open arm/CombineOpproof.v and locate the theorem combine_op_sound. Use the arithmetic lemma to finish the proof.