Module SimplExprproof

From Coq Require Import FunInd .
Require Import Coqlib Maps Errors Integers .
Require Import AST Linking .
Require Import Values Memory Events Globalenvs Smallstep .
Require Import Ctypes Cop Csyntax Csem Cstrategy Clight .
Require Import SimplExpr SimplExprspec .

Relational specification of the translation.

Definition match_prog (p: Csyntax.program ) (tp: Clight.program ) :=
match_program_gen tr_fundef eq p p tp
/\ prog_types tp = prog_types p.

Lemma transf_program_match :
forall p tp, transl_program p = OK tp -> match_prog p tp.

Semantic preservation

Section PRESERVATION .

Variable prog : Csyntax.program .
Variable tprog : Clight.program .
Hypothesis TRANSL : match_prog prog tprog .

Let ge := Csem.globalenv prog .
Let tge := Clight.globalenv tprog .


Lemma comp_env_preserved :
Clight.genv_cenv tge = Csem.genv_cenv ge .

Lemma symbols_preserved :
forall (s: ident ), Genv.find_symbol tge s = Genv.find_symbol ge s.
Proof (Genv.find_symbol_match (proj1 TRANSL )).

Lemma senv_preserved :
Senv.equiv ge tge .
Proof (Genv.senv_match (proj1 TRANSL )).

Lemma function_ptr_translated :
forall b f,
Genv.find_funct_ptr ge b = Some f ->
exists cu tf,
Genv.find_funct_ptr tge b = Some tf /\ tr_fundef cu f tf /\ linkorder cu prog .
Proof (Genv.find_funct_ptr_match (proj1 TRANSL )).

Lemma functions_translated :
forall v f,
Genv.find_funct ge v = Some f ->
exists cu tf,
Genv.find_funct tge v = Some tf /\ tr_fundef cu f tf /\ linkorder cu prog .
Proof (Genv.find_funct_match (proj1 TRANSL )).

Lemma type_of_fundef_preserved :
forall cu f tf, tr_fundef cu f tf ->
type_of_fundef tf = Csyntax.type_of_fundef f.

Lemma function_return_preserved :
forall ce f tf, tr_function ce f tf ->
fn_return tf = Csyntax.fn_return f.


Section TRANSLATION .

Variable cunit : Csyntax.program .
Hypothesis LINKORDER : linkorder cunit prog .
Let ce := cunit .(prog_comp_env ).

Lemma eval_Ederef':
forall ge e le m a t l ofs,
eval_expr ge e le m a (Vptr l ofs) ->
eval_lvalue ge e le m (Ederef' a t) l ofs Full .

Lemma typeof_Ederef':
forall a t, typeof (Ederef' a t) = t.

Lemma eval_Eaddrof':
forall ge e le m a t l ofs,
eval_lvalue ge e le m a l ofs Full ->
eval_expr ge e le m (Eaddrof' a t) (Vptr l ofs).

Lemma typeof_Eaddrof':
forall a t, typeof (Eaddrof' a t) = t.

Lemma eval_make_normalize :
forall ge e le m a n sz sg sg1 attr width,
0 < width -> width <= bitsize_intsize sz ->
typeof a = Tint sz sg1 attr ->
eval_expr ge e le m a (Vint n) ->
eval_expr ge e le m (make_normalize sz sg width a) (Vint (bitfield_normalize sz sg width n)).


Lemma tr_simple_nil :
(forall le dst r sl a tmps, tr_expr ce le dst r sl a tmps ->
dst = For_val \/ dst = For_effects -> simple r = true -> sl = nil )
/\(forall le rl sl al tmps, tr_exprlist ce le rl sl al tmps ->
simplelist rl = true -> sl = nil ).

Lemma tr_simple_expr_nil :
forall le dst r sl a tmps, tr_expr ce le dst r sl a tmps ->
dst = For_val \/ dst = For_effects -> simple r = true -> sl = nil .
Proof (proj1 tr_simple_nil ).

Lemma tr_simple_exprlist_nil :
forall le rl sl al tmps, tr_exprlist ce le rl sl al tmps ->
simplelist rl = true -> sl = nil .
Proof (proj2 tr_simple_nil ).


Remark deref_loc_translated :
forall ty m b ofs bf t v,
Csem.deref_loc ge ty m b ofs bf t v ->
match chunk_for_volatile_type ty bf with
| None => t = E0 /\ Clight.deref_loc ty m b ofs bf v
| Some chunk => bf = Full /\ volatile_load tge chunk m b ofs t v
end.

Remark assign_loc_translated :
forall ty m b ofs bf v t m' v',
Csem.assign_loc ge ty m b ofs bf v t m' v' ->
match chunk_for_volatile_type ty bf with
| None => t = E0 /\ Clight.assign_loc tge ty m b ofs bf v m'
| Some chunk => bf = Full /\ volatile_store tge chunk m b ofs v t m'
end.


Lemma is_bitfield_access_sound : forall e le m a b ofs bf bf',
eval_lvalue tge e le m a b ofs bf ->
tr_is_bitfield_access ce a bf' ->
bf' = bf.

Lemma make_assign_value_sound :
forall ty m b ofs bf v t m' v',
Csem.assign_loc ge ty m b ofs bf v t m' v' ->
forall tge e le m'' r,
typeof r = ty ->
eval_expr tge e le m'' r v ->
eval_expr tge e le m'' (make_assign_value bf r) v'.

Lemma typeof_make_assign_value : forall bf r,
typeof (make_assign_value bf r) = typeof r.


Lemma tr_simple :
forall e m,
(forall r v,
eval_simple_rvalue ge e m r v ->
forall le dst sl a tmps,
tr_expr ce le dst r sl a tmps ->
match dst with
| For_val => sl = nil /\ Csyntax.typeof r = typeof a /\ eval_expr tge e le m a v
| For_effects => sl = nil
| For_set sd =>
exists b, sl = do_set sd b
/\ Csyntax.typeof r = typeof b
/\ eval_expr tge e le m b v
end)
/\
(forall l b ofs bf,
eval_simple_lvalue ge e m l b ofs bf ->
forall le sl a tmps,
tr_expr ce le For_val l sl a tmps ->
sl = nil /\ Csyntax.typeof l = typeof a /\ eval_lvalue tge e le m a b ofs bf).

Lemma tr_simple_rvalue :
forall e m r v,
eval_simple_rvalue ge e m r v ->
forall le dst sl a tmps,
tr_expr ce le dst r sl a tmps ->
match dst with
| For_val => sl = nil /\ Csyntax.typeof r = typeof a /\ eval_expr tge e le m a v
| For_effects => sl = nil
| For_set sd =>
exists b, sl = do_set sd b
/\ Csyntax.typeof r = typeof b
/\ eval_expr tge e le m b v
end.

Lemma tr_simple_lvalue :
forall e m l b ofs bf,
eval_simple_lvalue ge e m l b ofs bf ->
forall le sl a tmps,
tr_expr ce le For_val l sl a tmps ->
sl = nil /\ Csyntax.typeof l = typeof a /\ eval_lvalue tge e le m a b ofs bf.

Lemma tr_simple_exprlist :
forall le rl sl al tmps,
tr_exprlist ce le rl sl al tmps ->
forall e m tyl vl,
eval_simple_list ge e m rl tyl vl ->
sl = nil /\ eval_exprlist tge e le m al tyl vl.


Lemma typeof_context :
forall k1 k2 C, leftcontext k1 k2 C ->
forall e1 e2, Csyntax.typeof e1 = Csyntax.typeof e2 ->
Csyntax.typeof (C e1) = Csyntax.typeof (C e2).

Scheme leftcontext_ind2 := Minimality for leftcontext Sort Prop
with leftcontextlist_ind2 := Minimality for leftcontextlist Sort Prop.
Combined Scheme leftcontext_leftcontextlist_ind from leftcontext_ind2 , leftcontextlist_ind2 .

Lemma tr_expr_leftcontext_rec :
(
forall from to C, leftcontext from to C ->
forall le e dst sl a tmps,
tr_expr ce le dst (C e) sl a tmps ->
exists dst', exists sl1, exists sl2, exists a', exists tmp',
tr_expr ce le dst' e sl1 a' tmp'
/\ sl = sl1 ++ sl2
/\ incl tmp' tmps
/\ (forall le' e' sl3,
tr_expr ce le' dst' e' sl3 a' tmp' ->
(forall id, ~In id tmp' -> le'!id = le!id) ->
Csyntax.typeof e' = Csyntax.typeof e ->
tr_expr ce le' dst (C e') (sl3 ++ sl2) a tmps)
) /\ (
forall from C, leftcontextlist from C ->
forall le e sl a tmps,
tr_exprlist ce le (C e) sl a tmps ->
exists dst', exists sl1, exists sl2, exists a', exists tmp',
tr_expr ce le dst' e sl1 a' tmp'
/\ sl = sl1 ++ sl2
/\ incl tmp' tmps
/\ (forall le' e' sl3,
tr_expr ce le' dst' e' sl3 a' tmp' ->
(forall id, ~In id tmp' -> le'!id = le!id) ->
Csyntax.typeof e' = Csyntax.typeof e ->
tr_exprlist ce le' (C e') (sl3 ++ sl2) a tmps)
).

Theorem tr_expr_leftcontext :
forall C le r dst sl a tmps,
leftcontext RV RV C ->
tr_expr ce le dst (C r) sl a tmps ->
exists dst', exists sl1, exists sl2, exists a', exists tmp',
tr_expr ce le dst' r sl1 a' tmp'
/\ sl = sl1 ++ sl2
/\ incl tmp' tmps
/\ (forall le' r' sl3,
tr_expr ce le' dst' r' sl3 a' tmp' ->
(forall id, ~In id tmp' -> le'!id = le!id) ->
Csyntax.typeof r' = Csyntax.typeof r ->
tr_expr ce le' dst (C r') (sl3 ++ sl2) a tmps).

Theorem tr_top_leftcontext :
forall e le m dst rtop sl a tmps,
tr_top ce tge e le m dst rtop sl a tmps ->
forall r C,
rtop = C r ->
leftcontext RV RV C ->
exists dst', exists sl1, exists sl2, exists a', exists tmp',
tr_top ce tge e le m dst' r sl1 a' tmp'
/\ sl = sl1 ++ sl2
/\ incl tmp' tmps
/\ (forall le' m' r' sl3,
tr_expr ce le' dst' r' sl3 a' tmp' ->
(forall id, ~In id tmp' -> le'!id = le!id) ->
Csyntax.typeof r' = Csyntax.typeof r ->
tr_top ce tge e le' m' dst (C r') (sl3 ++ sl2) a tmps).


Remark sem_cast_deterministic :
forall v ty ty' m1 v1 m2 v2,
sem_cast v ty ty' m1 = Some v1 ->
sem_cast v ty ty' m2 = Some v2 ->
v1 = v2.

Lemma eval_simpl_expr_sound :
forall e le m a v, eval_expr tge e le m a v ->
match eval_simpl_expr a with Some v' => v' = v | None => True end.

Lemma static_bool_val_sound :
forall v t m b, bool_val v t Mem.empty = Some b -> bool_val v t m = Some b.

Lemma step_makeif :
forall f a s1 s2 k e le m v1 b,
eval_expr tge e le m a v1 ->
bool_val v1 (typeof a) m = Some b ->
star step1 tge (State f (makeif a s1 s2) k e le m)
E0 (State f (if b then s1 else s2) k e le m).

Lemma step_make_set :
forall id a ty m b ofs bf t v e le f k,
Csem.deref_loc ge ty m b ofs bf t v ->
eval_lvalue tge e le m a b ofs bf ->
typeof a = ty ->
step1 tge (State f (make_set bf id a) k e le m)
t (State f Sskip k e (PTree.set id v le) m).

Lemma step_make_assign :
forall a1 a2 ty m b ofs bf t v m' v' v2 e le f k,
Csem.assign_loc ge ty m b ofs bf v t m' v' ->
eval_lvalue tge e le m a1 b ofs bf ->
eval_expr tge e le m a2 v2 ->
sem_cast v2 (typeof a2) ty m = Some v ->
typeof a1 = ty ->
step1 tge (State f (make_assign bf a1 a2) k e le m)
t (State f Sskip k e le m').

Fixpoint Kseqlist (sl: list statement ) (k: cont ) :=
match sl with
| nil => k
| s :: l => Kseq s (Kseqlist l k)
end.

Remark Kseqlist_app :
forall sl1 sl2 k,
Kseqlist (sl1 ++ sl2) k = Kseqlist sl1 (Kseqlist sl2 k).

Lemma push_seq :
forall f sl k e le m,
star step1 tge (State f (makeseq sl) k e le m)
E0 (State f Sskip (Kseqlist sl k) e le m).

Lemma step_tr_rvalof :
forall ty m b ofs bf t v e le a sl a' tmp f k,
Csem.deref_loc ge ty m b ofs bf t v ->
eval_lvalue tge e le m a b ofs bf ->
tr_rvalof ce ty a sl a' tmp ->
typeof a = ty ->
exists le',
star step1 tge (State f Sskip (Kseqlist sl k) e le m)
t (State f Sskip k e le' m)
/\ eval_expr tge e le' m a' v
/\ typeof a' = typeof a
/\ forall x, ~In x tmp -> le'!x = le!x.

End TRANSLATION .



Inductive match_cont : composite_env -> Csem.cont -> cont -> Prop :=
| match_Kstop : forall ce,
match_cont ce Csem.Kstop Kstop
| match_Kseq : forall ce s k ts tk,
tr_stmt ce s ts ->
match_cont ce k tk ->
match_cont ce (Csem.Kseq s k) (Kseq ts tk)
| match_Kwhile2 : forall ce r s k s' ts tk,
tr_if ce r Sskip Sbreak s' ->
tr_stmt ce s ts ->
match_cont ce k tk ->
match_cont ce (Csem.Kwhile2 r s k)
(Kloop1 (Ssequence s' ts) Sskip tk)
| match_Kdowhile1 : forall ce r s k s' ts tk,
tr_if ce r Sskip Sbreak s' ->
tr_stmt ce s ts ->
match_cont ce k tk ->
match_cont ce (Csem.Kdowhile1 r s k)
(Kloop1 ts s' tk)
| match_Kfor3 : forall ce r s3 s k ts3 s' ts tk,
tr_if ce r Sskip Sbreak s' ->
tr_stmt ce s3 ts3 ->
tr_stmt ce s ts ->
match_cont ce k tk ->
match_cont ce (Csem.Kfor3 r s3 s k)
(Kloop1 (Ssequence s' ts) ts3 tk)
| match_Kfor4 : forall ce r s3 s k ts3 s' ts tk,
tr_if ce r Sskip Sbreak s' ->
tr_stmt ce s3 ts3 ->
tr_stmt ce s ts ->
match_cont ce k tk ->
match_cont ce (Csem.Kfor4 r s3 s k)
(Kloop2 (Ssequence s' ts) ts3 tk)
| match_Kswitch2 : forall ce k tk,
match_cont ce k tk ->
match_cont ce (Csem.Kswitch2 k) (Kswitch tk)
| match_Kcall : forall f e C ty k optid tf le sl tk a dest tmps cu ce,
linkorder cu prog ->
tr_function cu.(prog_comp_env ) f tf ->
leftcontext RV RV C ->
(forall v m, tr_top cu.(prog_comp_env ) tge e (set_opttemp optid v le) m dest (C (Csyntax.Eval v ty)) sl a tmps) ->
match_cont_exp cu.(prog_comp_env ) dest a k tk ->
match_cont ce (Csem.Kcall f e C ty k)
(Kcall optid tf e le (Kseqlist sl tk))

with match_cont_exp : composite_env -> destination -> expr -> Csem.cont -> cont -> Prop :=
| match_Kdo : forall ce k a tk,
match_cont ce k tk ->
match_cont_exp ce For_effects a (Csem.Kdo k) tk
| match_Kifthenelse_empty : forall ce a k tk,
match_cont ce k tk ->
match_cont_exp ce For_val a (Csem.Kifthenelse Csyntax.Sskip Csyntax.Sskip k) (Kseq Sskip tk)
| match_Kifthenelse_1 : forall ce a s1 s2 k ts1 ts2 tk,
tr_stmt ce s1 ts1 -> tr_stmt ce s2 ts2 ->
match_cont ce k tk ->
match_cont_exp ce For_val a (Csem.Kifthenelse s1 s2 k) (Kseq (Sifthenelse a ts1 ts2) tk)
| match_Kwhile1 : forall ce r s k s' a ts tk,
tr_if ce r Sskip Sbreak s' ->
tr_stmt ce s ts ->
match_cont ce k tk ->
match_cont_exp ce For_val a
(Csem.Kwhile1 r s k)
(Kseq (makeif a Sskip Sbreak )
(Kseq ts (Kloop1 (Ssequence s' ts) Sskip tk)))
| match_Kdowhile2 : forall ce r s k s' a ts tk,
tr_if ce r Sskip Sbreak s' ->
tr_stmt ce s ts ->
match_cont ce k tk ->
match_cont_exp ce For_val a
(Csem.Kdowhile2 r s k)
(Kseq (makeif a Sskip Sbreak ) (Kloop2 ts s' tk))
| match_Kfor2 : forall ce r s3 s k s' a ts3 ts tk,
tr_if ce r Sskip Sbreak s' ->
tr_stmt ce s3 ts3 ->
tr_stmt ce s ts ->
match_cont ce k tk ->
match_cont_exp ce For_val a
(Csem.Kfor2 r s3 s k)
(Kseq (makeif a Sskip Sbreak )
(Kseq ts (Kloop1 (Ssequence s' ts) ts3 tk)))
| match_Kswitch1 : forall ce ls k a tls tk,
tr_lblstmts ce ls tls ->
match_cont ce k tk ->
match_cont_exp ce For_val a (Csem.Kswitch1 ls k) (Kseq (Sswitch a tls) tk)
| match_Kreturn : forall ce k a tk,
match_cont ce k tk ->
match_cont_exp ce For_val a (Csem.Kreturn k) (Kseq (Sreturn (Some a)) tk).

Lemma match_cont_is_call_cont :
forall ce k tk,
match_cont ce k tk -> Csem.is_call_cont k ->
forall ce', match_cont ce' k tk.

Lemma match_cont_call_cont :
forall ce k tk,
match_cont ce k tk ->
forall ce', match_cont ce' (Csem.call_cont k) (call_cont tk).


Inductive match_states : Csem.state -> state -> Prop :=
| match_exprstates : forall f r k e m tf sl tk le dest a tmps cu
(LINK: linkorder cu prog )
(TRF: tr_function cu.(prog_comp_env ) f tf)
(TR: tr_top cu.(prog_comp_env ) tge e le m dest r sl a tmps)
(MK: match_cont_exp cu.(prog_comp_env ) dest a k tk),
match_states (Csem.ExprState f r k e m)
(State tf Sskip (Kseqlist sl tk) e le m)
| match_regularstates : forall f s k e m tf ts tk le cu
(LINK: linkorder cu prog )
(TRF: tr_function cu.(prog_comp_env ) f tf)
(TR: tr_stmt cu.(prog_comp_env ) s ts)
(MK: match_cont cu.(prog_comp_env ) k tk),
match_states (Csem.State f s k e m)
(State tf ts tk e le m)
| match_callstates : forall fd args k m tfd tk cu
(LINK: linkorder cu prog )
(TR: tr_fundef cu fd tfd)
(MK: forall ce, match_cont ce k tk),
match_states (Csem.Callstate fd args k m)
(Callstate tfd args tk m)
| match_returnstates : forall res k m tk
(MK: forall ce, match_cont ce k tk),
match_states (Csem.Returnstate res k m)
(Returnstate res tk m)
| match_stuckstate : forall S,
match_states Csem.Stuckstate S.


Lemma tr_select_switch :
forall ce n ls tls,
tr_lblstmts ce ls tls ->
tr_lblstmts ce (Csem.select_switch n ls) (select_switch n tls).

Lemma tr_seq_of_labeled_statement :
forall ce ls tls,
tr_lblstmts ce ls tls ->
tr_stmt ce (Csem.seq_of_labeled_statement ls) (seq_of_labeled_statement tls).


Section FIND_LABEL .

Variable ce : composite_env .
Variable lbl : label .

Definition nolabel (s: statement ) : Prop :=
forall k, find_label lbl s k = None .

Fixpoint nolabel_list (sl: list statement ) : Prop :=
match sl with
| nil => True
| s1 :: sl' => nolabel s1 /\ nolabel_list sl'
end.

Lemma nolabel_list_app :
forall sl2 sl1, nolabel_list sl1 -> nolabel_list sl2 -> nolabel_list (sl1 ++ sl2).

Lemma makeseq_nolabel :
forall sl, nolabel_list sl -> nolabel (makeseq sl).

Lemma makeif_nolabel :
forall a s1 s2, nolabel s1 -> nolabel s2 -> nolabel (makeif a s1 s2).

Lemma make_set_nolabel :
forall bf t a, nolabel (make_set bf t a).

Lemma make_assign_nolabel :
forall bf l r, nolabel (make_assign bf l r).

Lemma tr_rvalof_nolabel :
forall ce ty a sl a' tmp, tr_rvalof ce ty a sl a' tmp -> nolabel_list sl.

Lemma nolabel_do_set :
forall sd a, nolabel_list (do_set sd a).

Lemma nolabel_final :
forall dst a, nolabel_list (final dst a).

Ltac NoLabelTac :=
match goal with
| [ |- nolabel_list nil ] => exact I
| [ |- nolabel_list (final _ _) ] => apply nolabel_final
| [ |- nolabel_list (_ :: _) ] => simpl; split; NoLabelTac
| [ |- nolabel_list (_ ++ _) ] => apply nolabel_list_app ; NoLabelTac
| [ H: _ -> nolabel_list ?x |- nolabel_list ?x ] => apply H; NoLabelTac
| [ |- nolabel (makeseq _) ] => apply makeseq_nolabel ; NoLabelTac
| [ |- nolabel (makeif _ _ _) ] => apply makeif_nolabel ; NoLabelTac
| [ |- nolabel (make_set _ _ _) ] => apply make_set_nolabel
| [ |- nolabel (make_assign _ _ _) ] => apply make_assign_nolabel
| [ |- nolabel _ ] => red; intros; simpl; auto
| [ |- _ /\ _ ] => split; NoLabelTac
| _ => auto
end.

Lemma tr_find_label_expr :
(forall le dst r sl a tmps, tr_expr ce le dst r sl a tmps -> nolabel_list sl)
/\(forall le rl sl al tmps, tr_exprlist ce le rl sl al tmps -> nolabel_list sl).

Lemma tr_find_label_top :
forall e le m dst r sl a tmps,
tr_top ce tge e le m dst r sl a tmps -> nolabel_list sl.

Lemma tr_find_label_expression :
forall r s a, tr_expression ce r s a -> forall k, find_label lbl s k = None .

Lemma tr_find_label_expr_stmt :
forall r s, tr_expr_stmt ce r s -> forall k, find_label lbl s k = None .

Lemma tr_find_label_if :
forall r s,
tr_if ce r Sskip Sbreak s ->
forall k, find_label lbl s k = None .

Lemma tr_find_label :
forall s k ts tk
(TR: tr_stmt ce s ts)
(MC: match_cont ce k tk),
match Csem.find_label lbl s k with
| None =>
find_label lbl ts tk = None
| Some (s', k') =>
exists ts', exists tk',
find_label lbl ts tk = Some (ts', tk')
/\ tr_stmt ce s' ts'
/\ match_cont ce k' tk'
end
with tr_find_label_ls :
forall s k ts tk
(TR: tr_lblstmts ce s ts)
(MC: match_cont ce k tk),
match Csem.find_label_ls lbl s k with
| None =>
find_label_ls lbl ts tk = None
| Some (s', k') =>
exists ts', exists tk',
find_label_ls lbl ts tk = Some (ts', tk')
/\ tr_stmt ce s' ts'
/\ match_cont ce k' tk'
end.

End FIND_LABEL .



Fixpoint esize (a: Csyntax.expr ) : nat :=
match a with
| Csyntax.Eloc _ _ _ _ => 1%nat
| Csyntax.Evar _ _ => 1%nat
| Csyntax.Ederef r1 _ => S (esize r1)
| Csyntax.Efield l1 _ _ => S (esize l1)
| Csyntax.Eval _ _ => O
| Csyntax.Evalof l1 _ => S (esize l1)
| Csyntax.Eaddrof l1 _ => S (esize l1)
| Csyntax.Eunop _ r1 _ => S (esize r1)
| Csyntax.Ebinop _ r1 r2 _ => S (esize r1 + esize r2)%nat
| Csyntax.Ecast r1 _ => S (esize r1)
| Csyntax.Eseqand r1 _ _ => S (esize r1)
| Csyntax.Eseqor r1 _ _ => S (esize r1)
| Csyntax.Econdition r1 _ _ _ => S (esize r1)
| Csyntax.Esizeof _ _ => 1%nat
| Csyntax.Ealignof _ _ => 1%nat
| Csyntax.Eassign l1 r2 _ => S (esize l1 + esize r2)%nat
| Csyntax.Eassignop _ l1 r2 _ _ => S (esize l1 + esize r2)%nat
| Csyntax.Epostincr _ l1 _ => S (esize l1)
| Csyntax.Ecomma r1 r2 _ => S (esize r1 + esize r2)%nat
| Csyntax.Ecall r1 rl2 _ => S (esize r1 + esizelist rl2)%nat
| Csyntax.Ebuiltin ef _ rl _ => S (esizelist rl)%nat
| Csyntax.Eparen r1 _ _ => S (esize r1)
end

with esizelist (el: Csyntax.exprlist ) : nat :=
match el with
| Csyntax.Enil => O
| Csyntax.Econs r1 rl2 => (esize r1 + esizelist rl2)%nat
end.

Definition measure (st: Csem.state ) : nat :=
match st with
| Csem.ExprState _ r _ _ _ => (esize r + 1)%nat
| Csem.State _ Csyntax.Sskip _ _ _ => 0%nat
| Csem.State _ (Csyntax.Sdo r) _ _ _ => (esize r + 2)%nat
| Csem.State _ (Csyntax.Sifthenelse r _ _) _ _ _ => (esize r + 2)%nat
| _ => 0%nat
end.

Lemma leftcontext_size :
forall from to C,
leftcontext from to C ->
forall e1 e2,
(esize e1 < esize e2)%nat ->
(esize (C e1) < esize (C e2))%nat
with leftcontextlist_size :
forall from C,
leftcontextlist from C ->
forall e1 e2,
(esize e1 < esize e2)%nat ->
(esizelist (C e1) < esizelist (C e2))%nat.


Lemma tr_val_gen :
forall ce le dst v ty a tmp,
typeof a = ty ->
(forall tge e le' m,
(forall id, In id tmp -> le'!id = le!id) ->
eval_expr tge e le' m a v) ->
tr_expr ce le dst (Csyntax.Eval v ty) (final dst a) a tmp.

Lemma estep_simulation :
forall S1 t S2, Cstrategy.estep ge S1 t S2 ->
forall S1' (MS: match_states S1 S1'),
exists S2',
(plus step1 tge S1' t S2' \/
(star step1 tge S1' t S2' /\ measure S2 < measure S1)%nat)
/\ match_states S2 S2'.


Lemma tr_top_val_for_val_inv :
forall ce e le m v ty sl a tmps,
tr_top ce tge e le m For_val (Csyntax.Eval v ty) sl a tmps ->
sl = nil /\ typeof a = ty /\ eval_expr tge e le m a v.

Lemma alloc_variables_preserved :
forall e m params e' m',
Csem.alloc_variables ge e m params e' m' ->
alloc_variables tge e m params e' m'.

Lemma bind_parameters_preserved :
forall e m params args m',
Csem.bind_parameters ge e m params args m' ->
bind_parameters tge e m params args m'.

Lemma blocks_of_env_preserved :
forall e, blocks_of_env tge e = Csem.blocks_of_env ge e.

Lemma sstep_simulation :
forall S1 t S2, Csem.sstep ge S1 t S2 ->
forall S1' (MS: match_states S1 S1'),
exists S2',
(plus step1 tge S1' t S2' \/
(star step1 tge S1' t S2' /\ measure S2 < measure S1)%nat)
/\ match_states S2 S2'.


Theorem simulation :
forall S1 t S2, Cstrategy.step ge S1 t S2 ->
forall S1' (MS: match_states S1 S1'),
exists S2',
(plus step1 tge S1' t S2' \/
(star step1 tge S1' t S2' /\ measure S2 < measure S1)%nat)
/\ match_states S2 S2'.

Lemma transl_initial_states :
forall S,
Csem.initial_state prog S ->
exists S', Clight.initial_state tprog S' /\ match_states S S'.

Lemma transl_final_states :
forall S S' r,
match_states S S' -> Csem.final_state S r -> Clight.final_state S' r.

Theorem transl_program_correct :
forward_simulation (Cstrategy.semantics prog ) (Clight.semantics1 tprog ).

End PRESERVATION .

Commutation with linking

Global Instance TransfSimplExprLink : TransfLink match_prog .