source: Deliverables/D3.1/C-semantics/Values.ma @ 483

Last change on this file since 483 was 483, checked in by campbell, 8 years ago

Use pointer-specific "chunks" of memory for pointer loads and stores,
in particular getting rid of Mint24.

File size: 27.6 KB
Line 
1(* *********************************************************************)
2(*                                                                     *)
3(*              The Compcert verified compiler                         *)
4(*                                                                     *)
5(*          Xavier Leroy, INRIA Paris-Rocquencourt                     *)
6(*                                                                     *)
7(*  Copyright Institut National de Recherche en Informatique et en     *)
8(*  Automatique.  All rights reserved.  This file is distributed       *)
9(*  under the terms of the GNU General Public License as published by  *)
10(*  the Free Software Foundation, either version 2 of the License, or  *)
11(*  (at your option) any later version.  This file is also distributed *)
12(*  under the terms of the INRIA Non-Commercial License Agreement.     *)
13(*                                                                     *)
14(* *********************************************************************)
15
16(* * This module defines the type of values that is used in the dynamic
17  semantics of all our intermediate languages. *)
18
19include "Coqlib.ma".
20include "AST.ma".
21include "Integers.ma".
22include "Floats.ma".
23
24include "Plogic/connectives.ma".
25
26ndefinition block ≝ Z.
27(*ndefinition eq_block ≝ zeq.*)
28
29(* * A value is either:
30- a machine integer;
31- a floating-point number;
32- a pointer: a triple giving the representation of the pointer (in terms of the
33             memory regions such a pointer could address), a memory address and
34             an integer offset with respect to this address;
35- the [Vundef] value denoting an arbitrary bit pattern, such as the
36  value of an uninitialized variable.
37*)
38
39ninductive val: Type[0] ≝
40  | Vundef: val
41  | Vint: int → val
42  | Vfloat: float → val
43  | Vptr: region → block → int → val.
44
45ndefinition Vzero: val ≝ Vint zero.
46ndefinition Vone: val ≝ Vint one.
47ndefinition Vmone: val ≝ Vint mone.
48
49ndefinition Vtrue: val ≝ Vint one.
50ndefinition Vfalse: val ≝ Vint zero.
51
52(*
53(** The module [Val] defines a number of arithmetic and logical operations
54  over type [val].  Most of these operations are straightforward extensions
55  of the corresponding integer or floating-point operations. *)
56
57Module Val.
58*)
59ndefinition of_bool : bool → val ≝ λb. if b then Vtrue else Vfalse.
60
61ndefinition has_type ≝ λv: val. λt: typ.
62  match v with
63  [ Vundef ⇒ True
64  | Vint _ ⇒ match t with [ ASTint ⇒ True | _ ⇒ False ]
65  | Vfloat _ ⇒ match t with [ ASTfloat ⇒ True | _ ⇒ False ]
66  | Vptr _ _ _ ⇒ match t with [ ASTint ⇒ True | _ ⇒ False ]
67  | _ ⇒ False
68  ].
69
70nlet rec has_type_list (vl: list val) (tl: list typ) on vl : Prop ≝
71  match vl with
72  [ nil ⇒ match tl with [ nil ⇒ True | _ ⇒ False ]
73  | cons v1 vs ⇒ match tl with [ nil ⇒ False | cons t1 ts ⇒
74               has_type v1 t1 ∧ has_type_list vs ts ]
75  ].
76
77(* * Truth values.  Pointers and non-zero integers are treated as [True].
78  The integer 0 (also used to represent the null pointer) is [False].
79  [Vundef] and floats are neither true nor false. *)
80
81ndefinition is_true : val → Prop ≝ λv.
82  match v with
83  [ Vint n ⇒ n ≠ zero
84  | Vptr _ b ofs ⇒ True
85  | _ ⇒ False
86  ].
87
88ndefinition is_false : val → Prop ≝ λv.
89  match v with
90  [ Vint n ⇒ n = zero
91  | _ ⇒ False
92  ].
93
94ninductive bool_of_val: val → bool → Prop ≝
95  | bool_of_val_int_true:
96      ∀n. n ≠ zero → bool_of_val (Vint n) true
97  | bool_of_val_int_false:
98      bool_of_val (Vint zero) false
99  | bool_of_val_ptr:
100      ∀pty,b,ofs. bool_of_val (Vptr pty b ofs) true.
101
102ndefinition neg : val → val ≝ λv.
103  match v with
104  [ Vint n ⇒ Vint (neg n)
105  | _ ⇒ Vundef
106  ].
107
108ndefinition negf : val → val ≝ λv.
109  match v with
110  [ Vfloat f ⇒ Vfloat (Fneg f)
111  | _ => Vundef
112  ].
113
114ndefinition absf : val → val ≝ λv.
115  match v with
116  [ Vfloat f ⇒ Vfloat (Fabs f)
117  | _ ⇒ Vundef
118  ].
119
120ndefinition intoffloat : val → val ≝ λv.
121  match v with
122  [ Vfloat f ⇒ Vint (intoffloat f)
123  | _ ⇒ Vundef
124  ].
125
126ndefinition intuoffloat : val → val ≝ λv.
127  match v with
128  [ Vfloat f ⇒ Vint (intuoffloat f)
129  | _ ⇒ Vundef
130  ].
131
132ndefinition floatofint : val → val ≝ λv.
133  match v with
134  [ Vint n ⇒ Vfloat (floatofint n)
135  | _ ⇒ Vundef
136  ].
137
138ndefinition floatofintu : val → val ≝ λv.
139  match v with
140  [ Vint n ⇒ Vfloat (floatofintu n)
141  | _ ⇒ Vundef
142  ].
143
144ndefinition notint : val → val ≝ λv.
145  match v with
146  [ Vint n ⇒ Vint (xor n mone)
147  | _ ⇒ Vundef
148  ].
149 
150(* FIXME: switch to alias, or rename, or … *)
151ndefinition int_eq : int → int → bool ≝ eq.
152ndefinition notbool : val → val ≝ λv.
153  match v with
154  [ Vint n ⇒ of_bool (int_eq n zero)
155  | Vptr _ b ofs ⇒ Vfalse
156  | _ ⇒ Vundef
157  ].
158
159ndefinition zero_ext ≝ λnbits: Z. λv: val.
160  match v with
161  [ Vint n ⇒ Vint (zero_ext nbits n)
162  | _ ⇒ Vundef
163  ].
164
165ndefinition sign_ext ≝ λnbits:Z. λv:val.
166  match v with
167  [ Vint i ⇒ Vint (sign_ext nbits i)
168  | _ ⇒ Vundef
169  ].
170
171ndefinition singleoffloat : val → val ≝ λv.
172  match v with
173  [ Vfloat f ⇒ Vfloat (singleoffloat f)
174  | _ ⇒ Vundef
175  ].
176
177ndefinition add ≝ λv1,v2: val.
178  match v1 with
179  [ Vint n1 ⇒ match v2 with
180    [ Vint n2 ⇒ Vint (add n1 n2)
181    | Vptr pty b2 ofs2 ⇒ Vptr pty b2 (add ofs2 n1)
182    | _ ⇒ Vundef ]
183  | Vptr pty b1 ofs1 ⇒ match v2 with
184    [ Vint n2 ⇒ Vptr pty b1 (add ofs1 n2)
185    | _ ⇒ Vundef ]
186  | _ ⇒ Vundef ].
187
188ndefinition sub ≝ λv1,v2: val.
189  match v1 with
190  [ Vint n1 ⇒ match v2 with
191    [ Vint n2 ⇒ Vint (sub n1 n2)
192    | _ ⇒ Vundef ]
193  | Vptr pty1 b1 ofs1 ⇒ match v2 with
194    [ Vint n2 ⇒ Vptr pty1 b1 (sub ofs1 n2)
195    | Vptr pty2 b2 ofs2 ⇒
196        if eqZb b1 b2 then Vint (sub ofs1 ofs2) else Vundef
197    | _ ⇒ Vundef ]
198  | _ ⇒ Vundef ].
199
200ndefinition mul ≝ λv1, v2: val.
201  match v1 with
202  [ Vint n1 ⇒ match v2 with
203    [ Vint n2 ⇒ Vint (mul n1 n2)
204    | _ ⇒ Vundef ]
205  | _ ⇒ Vundef ].
206(*
207ndefinition divs ≝ λv1, v2: val.
208  match v1 with
209  [ Vint n1 ⇒ match v2 with
210    [ Vint n2 ⇒ Vint (divs n1 n2)
211    | _ ⇒ Vundef ]
212  | _ ⇒ Vundef ].
213
214Definition mods (v1 v2: val): val :=
215  match v1, v2 with
216  | Vint n1, Vint n2 =>
217      if Int.eq n2 Int.zero then Vundef else Vint(Int.mods n1 n2)
218  | _, _ => Vundef
219  end.
220
221Definition divu (v1 v2: val): val :=
222  match v1, v2 with
223  | Vint n1, Vint n2 =>
224      if Int.eq n2 Int.zero then Vundef else Vint(Int.divu n1 n2)
225  | _, _ => Vundef
226  end.
227
228Definition modu (v1 v2: val): val :=
229  match v1, v2 with
230  | Vint n1, Vint n2 =>
231      if Int.eq n2 Int.zero then Vundef else Vint(Int.modu n1 n2)
232  | _, _ => Vundef
233  end.
234*)
235ndefinition v_and ≝ λv1, v2: val.
236  match v1 with
237  [ Vint n1 ⇒ match v2 with
238    [ Vint n2 ⇒ Vint (i_and n1 n2)
239    | _ ⇒ Vundef ]
240  | _ ⇒ Vundef ].
241
242ndefinition or ≝ λv1, v2: val.
243  match v1 with
244  [ Vint n1 ⇒ match v2 with
245    [ Vint n2 ⇒ Vint (or n1 n2)
246    | _ ⇒ Vundef ]
247  | _ ⇒ Vundef ].
248
249ndefinition xor ≝ λv1, v2: val.
250  match v1 with
251  [ Vint n1 ⇒ match v2 with
252    [ Vint n2 ⇒ Vint (xor n1 n2)
253    | _ ⇒ Vundef ]
254  | _ ⇒ Vundef ].
255(*
256Definition shl (v1 v2: val): val :=
257  match v1, v2 with
258  | Vint n1, Vint n2 =>
259     if Int.ltu n2 Int.iwordsize
260     then Vint(Int.shl n1 n2)
261     else Vundef
262  | _, _ => Vundef
263  end.
264
265Definition shr (v1 v2: val): val :=
266  match v1, v2 with
267  | Vint n1, Vint n2 =>
268     if Int.ltu n2 Int.iwordsize
269     then Vint(Int.shr n1 n2)
270     else Vundef
271  | _, _ => Vundef
272  end.
273
274Definition shr_carry (v1 v2: val): val :=
275  match v1, v2 with
276  | Vint n1, Vint n2 =>
277     if Int.ltu n2 Int.iwordsize
278     then Vint(Int.shr_carry n1 n2)
279     else Vundef
280  | _, _ => Vundef
281  end.
282
283Definition shrx (v1 v2: val): val :=
284  match v1, v2 with
285  | Vint n1, Vint n2 =>
286     if Int.ltu n2 Int.iwordsize
287     then Vint(Int.shrx n1 n2)
288     else Vundef
289  | _, _ => Vundef
290  end.
291
292Definition shru (v1 v2: val): val :=
293  match v1, v2 with
294  | Vint n1, Vint n2 =>
295     if Int.ltu n2 Int.iwordsize
296     then Vint(Int.shru n1 n2)
297     else Vundef
298  | _, _ => Vundef
299  end.
300
301Definition rolm (v: val) (amount mask: int): val :=
302  match v with
303  | Vint n => Vint(Int.rolm n amount mask)
304  | _ => Vundef
305  end.
306
307Definition ror (v1 v2: val): val :=
308  match v1, v2 with
309  | Vint n1, Vint n2 =>
310     if Int.ltu n2 Int.iwordsize
311     then Vint(Int.ror n1 n2)
312     else Vundef
313  | _, _ => Vundef
314  end.
315*)
316ndefinition addf ≝ λv1,v2: val.
317  match v1 with
318  [ Vfloat f1 ⇒ match v2 with
319    [ Vfloat f2 ⇒ Vfloat (Fadd f1 f2)
320    | _ ⇒ Vundef ]
321  | _ ⇒ Vundef ].
322
323ndefinition subf ≝ λv1,v2: val.
324  match v1 with
325  [ Vfloat f1 ⇒ match v2 with
326    [ Vfloat f2 ⇒ Vfloat (Fsub f1 f2)
327    | _ ⇒ Vundef ]
328  | _ ⇒ Vundef ].
329
330ndefinition mulf ≝ λv1,v2: val.
331  match v1 with
332  [ Vfloat f1 ⇒ match v2 with
333    [ Vfloat f2 ⇒ Vfloat (Fmul f1 f2)
334    | _ ⇒ Vundef ]
335  | _ ⇒ Vundef ].
336
337ndefinition divf ≝ λv1,v2: val.
338  match v1 with
339  [ Vfloat f1 ⇒ match v2 with
340    [ Vfloat f2 ⇒ Vfloat (Fdiv f1 f2)
341    | _ ⇒ Vundef ]
342  | _ ⇒ Vundef ].
343
344ndefinition cmp_mismatch : comparison → val ≝ λc.
345  match c with
346  [ Ceq ⇒ Vfalse
347  | Cne ⇒ Vtrue
348  | _   ⇒ Vundef
349  ].
350
351ndefinition cmp ≝ λc: comparison. λv1,v2: val.
352  match v1 with
353  [ Vint n1 ⇒ match v2 with
354    [ Vint n2 ⇒ of_bool (cmp c n1 n2)
355    | Vptr pty2 b2 ofs2 ⇒
356        if eq n1 zero then cmp_mismatch c else Vundef
357    | _ ⇒ Vundef ]
358  | Vptr pty1 b1 ofs1 ⇒ match v2 with
359    [ Vptr pty2 b2 ofs2 ⇒
360        if eqZb b1 b2
361        then of_bool (cmp c ofs1 ofs2)
362        else cmp_mismatch c
363    | Vint n2 ⇒
364        if eq n2 zero then cmp_mismatch c else Vundef
365    | _ ⇒ Vundef ]
366  | _ ⇒ Vundef ].
367
368ndefinition cmpu ≝ λc: comparison. λv1,v2: val.
369  match v1 with
370  [ Vint n1 ⇒ match v2 with
371    [ Vint n2 ⇒ of_bool (cmpu c n1 n2)
372    | Vptr pty2 b2 ofs2 ⇒
373        if eq n1 zero then cmp_mismatch c else Vundef
374    | _ ⇒ Vundef ]
375  | Vptr pty1 b1 ofs1 ⇒ match v2 with
376    [ Vptr pty2 b2 ofs2 ⇒
377        if eqZb b1 b2
378        then of_bool (cmpu c ofs1 ofs2)
379        else cmp_mismatch c
380    | Vint n2 ⇒
381        if eq n2 zero then cmp_mismatch c else Vundef
382    | _ ⇒ Vundef ]
383  | _ ⇒ Vundef ].
384
385ndefinition cmpf ≝ λc: comparison. λv1,v2: val.
386  match v1 with
387  [ Vfloat f1 ⇒ match v2 with
388    [ Vfloat f2 ⇒ of_bool (Fcmp c f1 f2)
389    | _ ⇒ Vundef ]
390  | _ ⇒ Vundef ].
391
392(* * [load_result] is used in the memory model (library [Mem])
393  to post-process the results of a memory read.  For instance,
394  consider storing the integer value [0xFFF] on 1 byte at a
395  given address, and reading it back.  If it is read back with
396  chunk [Mint8unsigned], zero-extension must be performed, resulting
397  in [0xFF].  If it is read back as a [Mint8signed], sign-extension
398  is performed and [0xFFFFFFFF] is returned.   Type mismatches
399  (e.g. reading back a float as a [Mint32]) read back as [Vundef]. *)
400
401nlet rec load_result (chunk: memory_chunk) (v: val) ≝
402  match v with
403  [ Vint n ⇒
404    match chunk with
405    [ Mint8signed ⇒ Vint (sign_ext 8 n)
406    | Mint8unsigned ⇒ Vint (zero_ext 8 n)
407    | Mint16signed ⇒ Vint (sign_ext 16 n)
408    | Mint16unsigned ⇒ Vint (zero_ext 16 n)
409    | Mint32 ⇒ Vint n
410    | Mpointer r ⇒ if eq n zero then Vint zero else Vundef
411    | _ ⇒ Vundef
412    ]
413  | Vptr r b ofs ⇒
414    match chunk with
415    [ Mpointer r' ⇒ if eq_region r r' then Vptr r b ofs else Vundef
416    | _ ⇒ Vundef
417    ]
418  | Vfloat f ⇒
419    match chunk with
420    [ Mfloat32 ⇒ Vfloat(singleoffloat f)
421    | Mfloat64 ⇒ Vfloat f
422    | _ ⇒ Vundef
423    ]
424  | _ ⇒ Vundef
425  ].
426
427(*
428(** Theorems on arithmetic operations. *)
429
430Theorem cast8unsigned_and:
431  forall x, zero_ext 8 x = and x (Vint(Int.repr 255)).
432Proof.
433  destruct x; simpl; auto. decEq.
434  change 255 with (two_p 8 - 1). apply Int.zero_ext_and. vm_compute; auto.
435Qed.
436
437Theorem cast16unsigned_and:
438  forall x, zero_ext 16 x = and x (Vint(Int.repr 65535)).
439Proof.
440  destruct x; simpl; auto. decEq.
441  change 65535 with (two_p 16 - 1). apply Int.zero_ext_and. vm_compute; auto.
442Qed.
443
444Theorem istrue_not_isfalse:
445  forall v, is_false v -> is_true (notbool v).
446Proof.
447  destruct v; simpl; try contradiction.
448  intros. subst i. simpl. discriminate.
449Qed.
450
451Theorem isfalse_not_istrue:
452  forall v, is_true v -> is_false (notbool v).
453Proof.
454  destruct v; simpl; try contradiction.
455  intros. generalize (Int.eq_spec i Int.zero).
456  case (Int.eq i Int.zero); intro.
457  contradiction. simpl. auto.
458  auto.
459Qed.
460
461Theorem bool_of_true_val:
462  forall v, is_true v -> bool_of_val v true.
463Proof.
464  intro. destruct v; simpl; intros; try contradiction.
465  constructor; auto. constructor.
466Qed.
467
468Theorem bool_of_true_val2:
469  forall v, bool_of_val v true -> is_true v.
470Proof.
471  intros. inversion H; simpl; auto.
472Qed.
473
474Theorem bool_of_true_val_inv:
475  forall v b, is_true v -> bool_of_val v b -> b = true.
476Proof.
477  intros. inversion H0; subst v b; simpl in H; auto.
478Qed.
479
480Theorem bool_of_false_val:
481  forall v, is_false v -> bool_of_val v false.
482Proof.
483  intro. destruct v; simpl; intros; try contradiction.
484  subst i;  constructor.
485Qed.
486
487Theorem bool_of_false_val2:
488  forall v, bool_of_val v false -> is_false v.
489Proof.
490  intros. inversion H; simpl; auto.
491Qed.
492
493Theorem bool_of_false_val_inv:
494  forall v b, is_false v -> bool_of_val v b -> b = false.
495Proof.
496  intros. inversion H0; subst v b; simpl in H.
497  congruence. auto. contradiction.
498Qed.
499
500Theorem notbool_negb_1:
501  forall b, of_bool (negb b) = notbool (of_bool b).
502Proof.
503  destruct b; reflexivity.
504Qed.
505
506Theorem notbool_negb_2:
507  forall b, of_bool b = notbool (of_bool (negb b)).
508Proof.
509  destruct b; reflexivity.
510Qed.
511
512Theorem notbool_idem2:
513  forall b, notbool(notbool(of_bool b)) = of_bool b.
514Proof.
515  destruct b; reflexivity.
516Qed.
517
518Theorem notbool_idem3:
519  forall x, notbool(notbool(notbool x)) = notbool x.
520Proof.
521  destruct x; simpl; auto.
522  case (Int.eq i Int.zero); reflexivity.
523Qed.
524
525Theorem add_commut: forall x y, add x y = add y x.
526Proof.
527  destruct x; destruct y; simpl; auto.
528  decEq. apply Int.add_commut.
529Qed.
530
531Theorem add_assoc: forall x y z, add (add x y) z = add x (add y z).
532Proof.
533  destruct x; destruct y; destruct z; simpl; auto.
534  rewrite Int.add_assoc; auto.
535  rewrite Int.add_assoc; auto.
536  decEq. decEq. apply Int.add_commut.
537  decEq. rewrite Int.add_commut. rewrite <- Int.add_assoc.
538  decEq. apply Int.add_commut.
539  decEq. rewrite Int.add_assoc. auto.
540Qed.
541
542Theorem add_permut: forall x y z, add x (add y z) = add y (add x z).
543Proof.
544  intros. rewrite (add_commut y z). rewrite <- add_assoc. apply add_commut.
545Qed.
546
547Theorem add_permut_4:
548  forall x y z t, add (add x y) (add z t) = add (add x z) (add y t).
549Proof.
550  intros. rewrite add_permut. rewrite add_assoc.
551  rewrite add_permut. symmetry. apply add_assoc.
552Qed.
553
554Theorem neg_zero: neg Vzero = Vzero.
555Proof.
556  reflexivity.
557Qed.
558
559Theorem neg_add_distr: forall x y, neg(add x y) = add (neg x) (neg y).
560Proof.
561  destruct x; destruct y; simpl; auto. decEq. apply Int.neg_add_distr.
562Qed.
563
564Theorem sub_zero_r: forall x, sub Vzero x = neg x.
565Proof.
566  destruct x; simpl; auto.
567Qed.
568
569Theorem sub_add_opp: forall x y, sub x (Vint y) = add x (Vint (Int.neg y)).
570Proof.
571  destruct x; intro y; simpl; auto; rewrite Int.sub_add_opp; auto.
572Qed.
573
574Theorem sub_opp_add: forall x y, sub x (Vint (Int.neg y)) = add x (Vint y).
575Proof.
576  intros. unfold sub, add.
577  destruct x; auto; rewrite Int.sub_add_opp; rewrite Int.neg_involutive; auto.
578Qed.
579
580Theorem sub_add_l:
581  forall v1 v2 i, sub (add v1 (Vint i)) v2 = add (sub v1 v2) (Vint i).
582Proof.
583  destruct v1; destruct v2; intros; simpl; auto.
584  rewrite Int.sub_add_l. auto.
585  rewrite Int.sub_add_l. auto.
586  case (zeq b b0); intro. rewrite Int.sub_add_l. auto. reflexivity.
587Qed.
588
589Theorem sub_add_r:
590  forall v1 v2 i, sub v1 (add v2 (Vint i)) = add (sub v1 v2) (Vint (Int.neg i)).
591Proof.
592  destruct v1; destruct v2; intros; simpl; auto.
593  rewrite Int.sub_add_r. auto.
594  repeat rewrite Int.sub_add_opp. decEq.
595  repeat rewrite Int.add_assoc. decEq. apply Int.add_commut.
596  decEq. repeat rewrite Int.sub_add_opp.
597  rewrite Int.add_assoc. decEq. apply Int.neg_add_distr.
598  case (zeq b b0); intro. simpl. decEq.
599  repeat rewrite Int.sub_add_opp. rewrite Int.add_assoc. decEq.
600  apply Int.neg_add_distr.
601  reflexivity.
602Qed.
603
604Theorem mul_commut: forall x y, mul x y = mul y x.
605Proof.
606  destruct x; destruct y; simpl; auto. decEq. apply Int.mul_commut.
607Qed.
608
609Theorem mul_assoc: forall x y z, mul (mul x y) z = mul x (mul y z).
610Proof.
611  destruct x; destruct y; destruct z; simpl; auto.
612  decEq. apply Int.mul_assoc.
613Qed.
614
615Theorem mul_add_distr_l:
616  forall x y z, mul (add x y) z = add (mul x z) (mul y z).
617Proof.
618  destruct x; destruct y; destruct z; simpl; auto.
619  decEq. apply Int.mul_add_distr_l.
620Qed.
621
622
623Theorem mul_add_distr_r:
624  forall x y z, mul x (add y z) = add (mul x y) (mul x z).
625Proof.
626  destruct x; destruct y; destruct z; simpl; auto.
627  decEq. apply Int.mul_add_distr_r.
628Qed.
629
630Theorem mul_pow2:
631  forall x n logn,
632  Int.is_power2 n = Some logn ->
633  mul x (Vint n) = shl x (Vint logn).
634Proof.
635  intros; destruct x; simpl; auto.
636  change 32 with (Z_of_nat Int.wordsize).
637  rewrite (Int.is_power2_range _ _ H). decEq. apply Int.mul_pow2. auto.
638Qed. 
639
640Theorem mods_divs:
641  forall x y, mods x y = sub x (mul (divs x y) y).
642Proof.
643  destruct x; destruct y; simpl; auto.
644  case (Int.eq i0 Int.zero); simpl. auto. decEq. apply Int.mods_divs.
645Qed.
646
647Theorem modu_divu:
648  forall x y, modu x y = sub x (mul (divu x y) y).
649Proof.
650  destruct x; destruct y; simpl; auto.
651  generalize (Int.eq_spec i0 Int.zero);
652  case (Int.eq i0 Int.zero); simpl. auto.
653  intro. decEq. apply Int.modu_divu. auto.
654Qed.
655
656Theorem divs_pow2:
657  forall x n logn,
658  Int.is_power2 n = Some logn ->
659  divs x (Vint n) = shrx x (Vint logn).
660Proof.
661  intros; destruct x; simpl; auto.
662  change 32 with (Z_of_nat Int.wordsize).
663  rewrite (Int.is_power2_range _ _ H).
664  generalize (Int.eq_spec n Int.zero);
665  case (Int.eq n Int.zero); intro.
666  subst n. compute in H. discriminate.
667  decEq. apply Int.divs_pow2. auto.
668Qed.
669
670Theorem divu_pow2:
671  forall x n logn,
672  Int.is_power2 n = Some logn ->
673  divu x (Vint n) = shru x (Vint logn).
674Proof.
675  intros; destruct x; simpl; auto.
676  change 32 with (Z_of_nat Int.wordsize).
677  rewrite (Int.is_power2_range _ _ H).
678  generalize (Int.eq_spec n Int.zero);
679  case (Int.eq n Int.zero); intro.
680  subst n. compute in H. discriminate.
681  decEq. apply Int.divu_pow2. auto.
682Qed.
683
684Theorem modu_pow2:
685  forall x n logn,
686  Int.is_power2 n = Some logn ->
687  modu x (Vint n) = and x (Vint (Int.sub n Int.one)).
688Proof.
689  intros; destruct x; simpl; auto.
690  generalize (Int.eq_spec n Int.zero);
691  case (Int.eq n Int.zero); intro.
692  subst n. compute in H. discriminate.
693  decEq. eapply Int.modu_and; eauto.
694Qed.
695
696Theorem and_commut: forall x y, and x y = and y x.
697Proof.
698  destruct x; destruct y; simpl; auto. decEq. apply Int.and_commut.
699Qed.
700
701Theorem and_assoc: forall x y z, and (and x y) z = and x (and y z).
702Proof.
703  destruct x; destruct y; destruct z; simpl; auto.
704  decEq. apply Int.and_assoc.
705Qed.
706
707Theorem or_commut: forall x y, or x y = or y x.
708Proof.
709  destruct x; destruct y; simpl; auto. decEq. apply Int.or_commut.
710Qed.
711
712Theorem or_assoc: forall x y z, or (or x y) z = or x (or y z).
713Proof.
714  destruct x; destruct y; destruct z; simpl; auto.
715  decEq. apply Int.or_assoc.
716Qed.
717
718Theorem xor_commut: forall x y, xor x y = xor y x.
719Proof.
720  destruct x; destruct y; simpl; auto. decEq. apply Int.xor_commut.
721Qed.
722
723Theorem xor_assoc: forall x y z, xor (xor x y) z = xor x (xor y z).
724Proof.
725  destruct x; destruct y; destruct z; simpl; auto.
726  decEq. apply Int.xor_assoc.
727Qed.
728
729Theorem shl_mul: forall x y, Val.mul x (Val.shl Vone y) = Val.shl x y.
730Proof.
731  destruct x; destruct y; simpl; auto.
732  case (Int.ltu i0 Int.iwordsize); auto.
733  decEq. symmetry. apply Int.shl_mul.
734Qed.
735
736Theorem shl_rolm:
737  forall x n,
738  Int.ltu n Int.iwordsize = true ->
739  shl x (Vint n) = rolm x n (Int.shl Int.mone n).
740Proof.
741  intros; destruct x; simpl; auto.
742  rewrite H. decEq. apply Int.shl_rolm. exact H.
743Qed.
744
745Theorem shru_rolm:
746  forall x n,
747  Int.ltu n Int.iwordsize = true ->
748  shru x (Vint n) = rolm x (Int.sub Int.iwordsize n) (Int.shru Int.mone n).
749Proof.
750  intros; destruct x; simpl; auto.
751  rewrite H. decEq. apply Int.shru_rolm. exact H.
752Qed.
753
754Theorem shrx_carry:
755  forall x y,
756  add (shr x y) (shr_carry x y) = shrx x y.
757Proof.
758  destruct x; destruct y; simpl; auto.
759  case (Int.ltu i0 Int.iwordsize); auto.
760  simpl. decEq. apply Int.shrx_carry.
761Qed.
762
763Theorem or_rolm:
764  forall x n m1 m2,
765  or (rolm x n m1) (rolm x n m2) = rolm x n (Int.or m1 m2).
766Proof.
767  intros; destruct x; simpl; auto.
768  decEq. apply Int.or_rolm.
769Qed.
770
771Theorem rolm_rolm:
772  forall x n1 m1 n2 m2,
773  rolm (rolm x n1 m1) n2 m2 =
774    rolm x (Int.modu (Int.add n1 n2) Int.iwordsize)
775           (Int.and (Int.rol m1 n2) m2).
776Proof.
777  intros; destruct x; simpl; auto.
778  decEq.
779  apply Int.rolm_rolm. apply int_wordsize_divides_modulus.
780Qed.
781
782Theorem rolm_zero:
783  forall x m,
784  rolm x Int.zero m = and x (Vint m).
785Proof.
786  intros; destruct x; simpl; auto. decEq. apply Int.rolm_zero.
787Qed.
788
789Theorem addf_commut: forall x y, addf x y = addf y x.
790Proof.
791  destruct x; destruct y; simpl; auto. decEq. apply Float.addf_commut.
792Qed.
793
794Lemma negate_cmp_mismatch:
795  forall c,
796  cmp_mismatch (negate_comparison c) = notbool(cmp_mismatch c).
797Proof.
798  destruct c; reflexivity.
799Qed.
800
801Theorem negate_cmp:
802  forall c x y,
803  cmp (negate_comparison c) x y = notbool (cmp c x y).
804Proof.
805  destruct x; destruct y; simpl; auto.
806  rewrite Int.negate_cmp. apply notbool_negb_1.
807  case (Int.eq i Int.zero). apply negate_cmp_mismatch. reflexivity.
808  case (Int.eq i0 Int.zero). apply negate_cmp_mismatch. reflexivity.
809  case (zeq b b0); intro.
810  rewrite Int.negate_cmp. apply notbool_negb_1.
811  apply negate_cmp_mismatch.
812Qed.
813
814Theorem negate_cmpu:
815  forall c x y,
816  cmpu (negate_comparison c) x y = notbool (cmpu c x y).
817Proof.
818  destruct x; destruct y; simpl; auto.
819  rewrite Int.negate_cmpu. apply notbool_negb_1.
820  case (Int.eq i Int.zero). apply negate_cmp_mismatch. reflexivity.
821  case (Int.eq i0 Int.zero). apply negate_cmp_mismatch. reflexivity.
822  case (zeq b b0); intro.
823  rewrite Int.negate_cmpu. apply notbool_negb_1.
824  apply negate_cmp_mismatch.
825Qed.
826
827Lemma swap_cmp_mismatch:
828  forall c, cmp_mismatch (swap_comparison c) = cmp_mismatch c.
829Proof.
830  destruct c; reflexivity.
831Qed.
832 
833Theorem swap_cmp:
834  forall c x y,
835  cmp (swap_comparison c) x y = cmp c y x.
836Proof.
837  destruct x; destruct y; simpl; auto.
838  rewrite Int.swap_cmp. auto.
839  case (Int.eq i Int.zero). apply swap_cmp_mismatch. auto.
840  case (Int.eq i0 Int.zero). apply swap_cmp_mismatch. auto.
841  case (zeq b b0); intro.
842  subst b0. rewrite zeq_true. rewrite Int.swap_cmp. auto.
843  rewrite zeq_false. apply swap_cmp_mismatch. auto.
844Qed.
845
846Theorem swap_cmpu:
847  forall c x y,
848  cmpu (swap_comparison c) x y = cmpu c y x.
849Proof.
850  destruct x; destruct y; simpl; auto.
851  rewrite Int.swap_cmpu. auto.
852  case (Int.eq i Int.zero). apply swap_cmp_mismatch. auto.
853  case (Int.eq i0 Int.zero). apply swap_cmp_mismatch. auto.
854  case (zeq b b0); intro.
855  subst b0. rewrite zeq_true. rewrite Int.swap_cmpu. auto.
856  rewrite zeq_false. apply swap_cmp_mismatch. auto.
857Qed.
858
859Theorem negate_cmpf_eq:
860  forall v1 v2, notbool (cmpf Cne v1 v2) = cmpf Ceq v1 v2.
861Proof.
862  destruct v1; destruct v2; simpl; auto.
863  rewrite Float.cmp_ne_eq. rewrite notbool_negb_1.
864  apply notbool_idem2.
865Qed.
866
867Theorem negate_cmpf_ne:
868  forall v1 v2, notbool (cmpf Ceq v1 v2) = cmpf Cne v1 v2.
869Proof.
870  destruct v1; destruct v2; simpl; auto.
871  rewrite Float.cmp_ne_eq. rewrite notbool_negb_1. auto.
872Qed.
873
874Lemma or_of_bool:
875  forall b1 b2, or (of_bool b1) (of_bool b2) = of_bool (b1 || b2).
876Proof.
877  destruct b1; destruct b2; reflexivity.
878Qed.
879
880Theorem cmpf_le:
881  forall v1 v2, cmpf Cle v1 v2 = or (cmpf Clt v1 v2) (cmpf Ceq v1 v2).
882Proof.
883  destruct v1; destruct v2; simpl; auto.
884  rewrite or_of_bool. decEq. apply Float.cmp_le_lt_eq.
885Qed.
886
887Theorem cmpf_ge:
888  forall v1 v2, cmpf Cge v1 v2 = or (cmpf Cgt v1 v2) (cmpf Ceq v1 v2).
889Proof.
890  destruct v1; destruct v2; simpl; auto.
891  rewrite or_of_bool. decEq. apply Float.cmp_ge_gt_eq.
892Qed.
893
894Definition is_bool (v: val) :=
895  v = Vundef \/ v = Vtrue \/ v = Vfalse.
896
897Lemma of_bool_is_bool:
898  forall b, is_bool (of_bool b).
899Proof.
900  destruct b; unfold is_bool; simpl; tauto.
901Qed.
902
903Lemma undef_is_bool: is_bool Vundef.
904Proof.
905  unfold is_bool; tauto.
906Qed.
907
908Lemma cmp_mismatch_is_bool:
909  forall c, is_bool (cmp_mismatch c).
910Proof.
911  destruct c; simpl; unfold is_bool; tauto.
912Qed.
913
914Lemma cmp_is_bool:
915  forall c v1 v2, is_bool (cmp c v1 v2).
916Proof.
917  destruct v1; destruct v2; simpl; try apply undef_is_bool.
918  apply of_bool_is_bool.
919  case (Int.eq i Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
920  case (Int.eq i0 Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
921  case (zeq b b0); intro. apply of_bool_is_bool. apply cmp_mismatch_is_bool.
922Qed.
923
924Lemma cmpu_is_bool:
925  forall c v1 v2, is_bool (cmpu c v1 v2).
926Proof.
927  destruct v1; destruct v2; simpl; try apply undef_is_bool.
928  apply of_bool_is_bool.
929  case (Int.eq i Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
930  case (Int.eq i0 Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
931  case (zeq b b0); intro. apply of_bool_is_bool. apply cmp_mismatch_is_bool.
932Qed.
933
934Lemma cmpf_is_bool:
935  forall c v1 v2, is_bool (cmpf c v1 v2).
936Proof.
937  destruct v1; destruct v2; simpl;
938  apply undef_is_bool || apply of_bool_is_bool.
939Qed.
940
941Lemma notbool_is_bool:
942  forall v, is_bool (notbool v).
943Proof.
944  destruct v; simpl.
945  apply undef_is_bool. apply of_bool_is_bool.
946  apply undef_is_bool. unfold is_bool; tauto.
947Qed.
948
949Lemma notbool_xor:
950  forall v, is_bool v -> v = xor (notbool v) Vone.
951Proof.
952  intros. elim H; intro. 
953  subst v. reflexivity.
954  elim H0; intro; subst v; reflexivity.
955Qed.
956
957Lemma rolm_lt_zero:
958  forall v, rolm v Int.one Int.one = cmp Clt v (Vint Int.zero).
959Proof.
960  intros. destruct v; simpl; auto.
961  transitivity (Vint (Int.shru i (Int.repr (Z_of_nat Int.wordsize - 1)))).
962  decEq. symmetry. rewrite Int.shru_rolm. auto. auto.
963  rewrite Int.shru_lt_zero. destruct (Int.lt i Int.zero); auto.
964Qed.
965
966Lemma rolm_ge_zero:
967  forall v,
968  xor (rolm v Int.one Int.one) (Vint Int.one) = cmp Cge v (Vint Int.zero).
969Proof.
970  intros. rewrite rolm_lt_zero. destruct v; simpl; auto.
971  destruct (Int.lt i Int.zero); auto.
972Qed.
973*)
974(* * The ``is less defined'' relation between values.
975    A value is less defined than itself, and [Vundef] is
976    less defined than any value. *)
977
978ninductive Val_lessdef: val → val → Prop ≝
979  | lessdef_refl: ∀v. Val_lessdef v v
980  | lessdef_undef: ∀v. Val_lessdef Vundef v.
981
982ninductive lessdef_list: list val → list val → Prop ≝
983  | lessdef_list_nil:
984      lessdef_list (nil ?) (nil ?)
985  | lessdef_list_cons:
986      ∀v1,v2,vl1,vl2.
987      Val_lessdef v1 v2 → lessdef_list vl1 vl2 →
988      lessdef_list (v1 :: vl1) (v2 :: vl2).
989
990(*Hint Resolve lessdef_refl lessdef_undef lessdef_list_nil lessdef_list_cons.*)
991
992nlemma lessdef_list_inv:
993  ∀vl1,vl2. lessdef_list vl1 vl2 → vl1 = vl2 ∨ in_list ? Vundef vl1.
994#vl1; nelim vl1;
995##[ #vl2; #H; ninversion H; /2/; #h1;#h2;#t1;#t2;#H1;#H2;#H3;#Hbad; ndestruct
996##| #h;#t;#IH;#vl2;#H;
997    ninversion H;
998    ##[ #H'; ndestruct
999    ##| #h1;#h2;#t1;#t2;#H1;#H2;#H3;#e1;#e2; ndestruct;
1000        nelim H1;
1001        ##[ nelim (IH t2 H2);
1002            ##[ #e; ndestruct; /2/;
1003            ##| /3/ ##]
1004        ##| /3/ ##]
1005    ##]
1006##] nqed.
1007
1008nlemma load_result_lessdef:
1009  ∀chunk,v1,v2.
1010  Val_lessdef v1 v2 → Val_lessdef (load_result chunk v1) (load_result chunk v2).
1011#chunk;#v1;#v2;#H; ninversion H; //; #v e1 e2; ncases chunk;
1012##[ ##8: #r ##] nwhd in ⊢ (?%?); //;
1013nqed.
1014
1015(*
1016Lemma zero_ext_lessdef:
1017  forall n v1 v2, lessdef v1 v2 -> lessdef (zero_ext n v1) (zero_ext n v2).
1018Proof.
1019  intros; inv H; simpl; auto.
1020Qed.
1021*)
1022nlemma sign_ext_lessdef:
1023  ∀n,v1,v2. Val_lessdef v1 v2 → Val_lessdef (sign_ext n v1) (sign_ext n v2).
1024#n;#v1;#v2;#H;ninversion H;//;#v;#e1;#e2;nrewrite < e1 in H; nrewrite > e2; //;
1025nqed.
1026(*
1027Lemma singleoffloat_lessdef:
1028  forall v1 v2, lessdef v1 v2 -> lessdef (singleoffloat v1) (singleoffloat v2).
1029Proof.
1030  intros; inv H; simpl; auto.
1031Qed.
1032
1033End Val.
1034*)
Note: See TracBrowser for help on using the repository browser.