source: Deliverables/D3.1/C-semantics/Values.ma @ 484

Last change on this file since 484 was 484, checked in by campbell, 8 years ago

Separate out null values from integer zeros.

File size: 28.1 KB
Line 
1(* *********************************************************************)
2(*                                                                     *)
3(*              The Compcert verified compiler                         *)
4(*                                                                     *)
5(*          Xavier Leroy, INRIA Paris-Rocquencourt                     *)
6(*                                                                     *)
7(*  Copyright Institut National de Recherche en Informatique et en     *)
8(*  Automatique.  All rights reserved.  This file is distributed       *)
9(*  under the terms of the GNU General Public License as published by  *)
10(*  the Free Software Foundation, either version 2 of the License, or  *)
11(*  (at your option) any later version.  This file is also distributed *)
12(*  under the terms of the INRIA Non-Commercial License Agreement.     *)
13(*                                                                     *)
14(* *********************************************************************)
15
16(* * This module defines the type of values that is used in the dynamic
17  semantics of all our intermediate languages. *)
18
19include "Coqlib.ma".
20include "AST.ma".
21include "Integers.ma".
22include "Floats.ma".
23
24include "Plogic/connectives.ma".
25
26ndefinition block ≝ Z.
27(*ndefinition eq_block ≝ zeq.*)
28
29(* * A value is either:
30- a machine integer;
31- a floating-point number;
32- a pointer: a triple giving the representation of the pointer (in terms of the
33             memory regions such a pointer could address), a memory address and
34             an integer offset with respect to this address;
35- a null pointer: the region denotes the representation (i.e., pointer size)
36- the [Vundef] value denoting an arbitrary bit pattern, such as the
37  value of an uninitialized variable.
38*)
39
40ninductive val: Type[0] ≝
41  | Vundef: val
42  | Vint: int → val
43  | Vfloat: float → val
44  | Vnull: region → val
45  | Vptr: region → block → int → val.
46
47ndefinition Vzero: val ≝ Vint zero.
48ndefinition Vone: val ≝ Vint one.
49ndefinition Vmone: val ≝ Vint mone.
50
51ndefinition Vtrue: val ≝ Vint one.
52ndefinition Vfalse: val ≝ Vint zero.
53
54(*
55(** The module [Val] defines a number of arithmetic and logical operations
56  over type [val].  Most of these operations are straightforward extensions
57  of the corresponding integer or floating-point operations. *)
58
59Module Val.
60*)
61ndefinition of_bool : bool → val ≝ λb. if b then Vtrue else Vfalse.
62(*
63ndefinition has_type ≝ λv: val. λt: typ.
64  match v with
65  [ Vundef ⇒ True
66  | Vint _ ⇒ match t with [ ASTint ⇒ True | _ ⇒ False ]
67  | Vfloat _ ⇒ match t with [ ASTfloat ⇒ True | _ ⇒ False ]
68  | Vptr _ _ _ ⇒ match t with [ ASTint ⇒ True | _ ⇒ False ]
69  | _ ⇒ False
70  ].
71
72nlet rec has_type_list (vl: list val) (tl: list typ) on vl : Prop ≝
73  match vl with
74  [ nil ⇒ match tl with [ nil ⇒ True | _ ⇒ False ]
75  | cons v1 vs ⇒ match tl with [ nil ⇒ False | cons t1 ts ⇒
76               has_type v1 t1 ∧ has_type_list vs ts ]
77  ].
78*)
79(* * Truth values.  Pointers and non-zero integers are treated as [True].
80  The integer 0 (also used to represent the null pointer) is [False].
81  [Vundef] and floats are neither true nor false. *)
82
83ndefinition is_true : val → Prop ≝ λv.
84  match v with
85  [ Vint n ⇒ n ≠ zero
86  | Vptr _ b ofs ⇒ True
87  | _ ⇒ False
88  ].
89
90ndefinition is_false : val → Prop ≝ λv.
91  match v with
92  [ Vint n ⇒ n = zero
93  | Vnull _ ⇒ True
94  | _ ⇒ False
95  ].
96
97ninductive bool_of_val: val → bool → Prop ≝
98  | bool_of_val_int_true:
99      ∀n. n ≠ zero → bool_of_val (Vint n) true
100  | bool_of_val_int_false:
101      bool_of_val (Vint zero) false
102  | bool_of_val_ptr:
103      ∀r,b,ofs. bool_of_val (Vptr r b ofs) true
104  | bool_of_val_null:
105      ∀r. bool_of_val (Vnull r) true.
106
107ndefinition neg : val → val ≝ λv.
108  match v with
109  [ Vint n ⇒ Vint (neg n)
110  | _ ⇒ Vundef
111  ].
112
113ndefinition negf : val → val ≝ λv.
114  match v with
115  [ Vfloat f ⇒ Vfloat (Fneg f)
116  | _ => Vundef
117  ].
118
119ndefinition absf : val → val ≝ λv.
120  match v with
121  [ Vfloat f ⇒ Vfloat (Fabs f)
122  | _ ⇒ Vundef
123  ].
124
125ndefinition intoffloat : val → val ≝ λv.
126  match v with
127  [ Vfloat f ⇒ Vint (intoffloat f)
128  | _ ⇒ Vundef
129  ].
130
131ndefinition intuoffloat : val → val ≝ λv.
132  match v with
133  [ Vfloat f ⇒ Vint (intuoffloat f)
134  | _ ⇒ Vundef
135  ].
136
137ndefinition floatofint : val → val ≝ λv.
138  match v with
139  [ Vint n ⇒ Vfloat (floatofint n)
140  | _ ⇒ Vundef
141  ].
142
143ndefinition floatofintu : val → val ≝ λv.
144  match v with
145  [ Vint n ⇒ Vfloat (floatofintu n)
146  | _ ⇒ Vundef
147  ].
148
149ndefinition notint : val → val ≝ λv.
150  match v with
151  [ Vint n ⇒ Vint (xor n mone)
152  | _ ⇒ Vundef
153  ].
154 
155(* FIXME: switch to alias, or rename, or … *)
156ndefinition int_eq : int → int → bool ≝ eq.
157ndefinition notbool : val → val ≝ λv.
158  match v with
159  [ Vint n ⇒ of_bool (int_eq n zero)
160  | Vptr _ b ofs ⇒ Vfalse
161  | Vnull _ ⇒ Vtrue
162  | _ ⇒ Vundef
163  ].
164
165ndefinition zero_ext ≝ λnbits: Z. λv: val.
166  match v with
167  [ Vint n ⇒ Vint (zero_ext nbits n)
168  | _ ⇒ Vundef
169  ].
170
171ndefinition sign_ext ≝ λnbits:Z. λv:val.
172  match v with
173  [ Vint i ⇒ Vint (sign_ext nbits i)
174  | _ ⇒ Vundef
175  ].
176
177ndefinition singleoffloat : val → val ≝ λv.
178  match v with
179  [ Vfloat f ⇒ Vfloat (singleoffloat f)
180  | _ ⇒ Vundef
181  ].
182
183(* TODO: add zero to null? *)
184ndefinition add ≝ λv1,v2: val.
185  match v1 with
186  [ Vint n1 ⇒ match v2 with
187    [ Vint n2 ⇒ Vint (add n1 n2)
188    | Vptr pty b2 ofs2 ⇒ Vptr pty b2 (add ofs2 n1)
189    | _ ⇒ Vundef ]
190  | Vptr pty b1 ofs1 ⇒ match v2 with
191    [ Vint n2 ⇒ Vptr pty b1 (add ofs1 n2)
192    | _ ⇒ Vundef ]
193  | _ ⇒ Vundef ].
194
195ndefinition sub ≝ λv1,v2: val.
196  match v1 with
197  [ Vint n1 ⇒ match v2 with
198    [ Vint n2 ⇒ Vint (sub n1 n2)
199    | _ ⇒ Vundef ]
200  | Vptr pty1 b1 ofs1 ⇒ match v2 with
201    [ Vint n2 ⇒ Vptr pty1 b1 (sub ofs1 n2)
202    | Vptr pty2 b2 ofs2 ⇒
203        if eqZb b1 b2 then Vint (sub ofs1 ofs2) else Vundef
204    | _ ⇒ Vundef ]
205  | Vnull r ⇒ match v2 with [ Vnull r' ⇒ Vint zero | _ ⇒ Vundef ]
206  | _ ⇒ Vundef ].
207
208ndefinition mul ≝ λv1, v2: val.
209  match v1 with
210  [ Vint n1 ⇒ match v2 with
211    [ Vint n2 ⇒ Vint (mul n1 n2)
212    | _ ⇒ Vundef ]
213  | _ ⇒ Vundef ].
214(*
215ndefinition divs ≝ λv1, v2: val.
216  match v1 with
217  [ Vint n1 ⇒ match v2 with
218    [ Vint n2 ⇒ Vint (divs n1 n2)
219    | _ ⇒ Vundef ]
220  | _ ⇒ Vundef ].
221
222Definition mods (v1 v2: val): val :=
223  match v1, v2 with
224  | Vint n1, Vint n2 =>
225      if Int.eq n2 Int.zero then Vundef else Vint(Int.mods n1 n2)
226  | _, _ => Vundef
227  end.
228
229Definition divu (v1 v2: val): val :=
230  match v1, v2 with
231  | Vint n1, Vint n2 =>
232      if Int.eq n2 Int.zero then Vundef else Vint(Int.divu n1 n2)
233  | _, _ => Vundef
234  end.
235
236Definition modu (v1 v2: val): val :=
237  match v1, v2 with
238  | Vint n1, Vint n2 =>
239      if Int.eq n2 Int.zero then Vundef else Vint(Int.modu n1 n2)
240  | _, _ => Vundef
241  end.
242*)
243ndefinition v_and ≝ λv1, v2: val.
244  match v1 with
245  [ Vint n1 ⇒ match v2 with
246    [ Vint n2 ⇒ Vint (i_and n1 n2)
247    | _ ⇒ Vundef ]
248  | _ ⇒ Vundef ].
249
250ndefinition or ≝ λv1, v2: val.
251  match v1 with
252  [ Vint n1 ⇒ match v2 with
253    [ Vint n2 ⇒ Vint (or n1 n2)
254    | _ ⇒ Vundef ]
255  | _ ⇒ Vundef ].
256
257ndefinition xor ≝ λv1, v2: val.
258  match v1 with
259  [ Vint n1 ⇒ match v2 with
260    [ Vint n2 ⇒ Vint (xor n1 n2)
261    | _ ⇒ Vundef ]
262  | _ ⇒ Vundef ].
263(*
264Definition shl (v1 v2: val): val :=
265  match v1, v2 with
266  | Vint n1, Vint n2 =>
267     if Int.ltu n2 Int.iwordsize
268     then Vint(Int.shl n1 n2)
269     else Vundef
270  | _, _ => Vundef
271  end.
272
273Definition shr (v1 v2: val): val :=
274  match v1, v2 with
275  | Vint n1, Vint n2 =>
276     if Int.ltu n2 Int.iwordsize
277     then Vint(Int.shr n1 n2)
278     else Vundef
279  | _, _ => Vundef
280  end.
281
282Definition shr_carry (v1 v2: val): val :=
283  match v1, v2 with
284  | Vint n1, Vint n2 =>
285     if Int.ltu n2 Int.iwordsize
286     then Vint(Int.shr_carry n1 n2)
287     else Vundef
288  | _, _ => Vundef
289  end.
290
291Definition shrx (v1 v2: val): val :=
292  match v1, v2 with
293  | Vint n1, Vint n2 =>
294     if Int.ltu n2 Int.iwordsize
295     then Vint(Int.shrx n1 n2)
296     else Vundef
297  | _, _ => Vundef
298  end.
299
300Definition shru (v1 v2: val): val :=
301  match v1, v2 with
302  | Vint n1, Vint n2 =>
303     if Int.ltu n2 Int.iwordsize
304     then Vint(Int.shru n1 n2)
305     else Vundef
306  | _, _ => Vundef
307  end.
308
309Definition rolm (v: val) (amount mask: int): val :=
310  match v with
311  | Vint n => Vint(Int.rolm n amount mask)
312  | _ => Vundef
313  end.
314
315Definition ror (v1 v2: val): val :=
316  match v1, v2 with
317  | Vint n1, Vint n2 =>
318     if Int.ltu n2 Int.iwordsize
319     then Vint(Int.ror n1 n2)
320     else Vundef
321  | _, _ => Vundef
322  end.
323*)
324ndefinition addf ≝ λv1,v2: val.
325  match v1 with
326  [ Vfloat f1 ⇒ match v2 with
327    [ Vfloat f2 ⇒ Vfloat (Fadd f1 f2)
328    | _ ⇒ Vundef ]
329  | _ ⇒ Vundef ].
330
331ndefinition subf ≝ λv1,v2: val.
332  match v1 with
333  [ Vfloat f1 ⇒ match v2 with
334    [ Vfloat f2 ⇒ Vfloat (Fsub f1 f2)
335    | _ ⇒ Vundef ]
336  | _ ⇒ Vundef ].
337
338ndefinition mulf ≝ λv1,v2: val.
339  match v1 with
340  [ Vfloat f1 ⇒ match v2 with
341    [ Vfloat f2 ⇒ Vfloat (Fmul f1 f2)
342    | _ ⇒ Vundef ]
343  | _ ⇒ Vundef ].
344
345ndefinition divf ≝ λv1,v2: val.
346  match v1 with
347  [ Vfloat f1 ⇒ match v2 with
348    [ Vfloat f2 ⇒ Vfloat (Fdiv f1 f2)
349    | _ ⇒ Vundef ]
350  | _ ⇒ Vundef ].
351
352ndefinition cmp_match : comparison → val ≝ λc.
353  match c with
354  [ Ceq ⇒ Vtrue
355  | Cne ⇒ Vfalse
356  | _   ⇒ Vundef
357  ].
358
359ndefinition cmp_mismatch : comparison → val ≝ λc.
360  match c with
361  [ Ceq ⇒ Vfalse
362  | Cne ⇒ Vtrue
363  | _   ⇒ Vundef
364  ].
365
366(* TODO: consider whether to check pointer representations *)
367ndefinition cmp ≝ λc: comparison. λv1,v2: val.
368  match v1 with
369  [ Vint n1 ⇒ match v2 with
370    [ Vint n2 ⇒ of_bool (cmp c n1 n2)
371    | _ ⇒ Vundef ]
372  | Vptr r1 b1 ofs1 ⇒ match v2 with
373    [ Vptr r2 b2 ofs2 ⇒
374        if eqZb b1 b2
375        then of_bool (cmp c ofs1 ofs2)
376        else cmp_mismatch c
377    | Vnull r2 ⇒ cmp_mismatch c
378    | _ ⇒ Vundef ]
379  | Vnull r1 ⇒ match v2 with
380    [ Vptr _ _ _ ⇒ cmp_mismatch c
381    | Vnull r2 ⇒ cmp_match c
382    | _ ⇒ Vundef
383    ]
384  | _ ⇒ Vundef ].
385
386ndefinition cmpu ≝ λc: comparison. λv1,v2: val.
387  match v1 with
388  [ Vint n1 ⇒ match v2 with
389    [ Vint n2 ⇒ of_bool (cmpu c n1 n2)
390    | _ ⇒ Vundef ]
391  | Vptr r1 b1 ofs1 ⇒ match v2 with
392    [ Vptr r2 b2 ofs2 ⇒
393        if eqZb b1 b2
394        then of_bool (cmpu c ofs1 ofs2)
395        else cmp_mismatch c
396    | Vnull r2 ⇒ cmp_mismatch c
397    | _ ⇒ Vundef ]
398  | Vnull r1 ⇒ match v2 with
399    [ Vptr _ _ _ ⇒ cmp_mismatch c
400    | Vnull r2 ⇒ cmp_match c
401    | _ ⇒ Vundef
402    ]
403  | _ ⇒ Vundef ].
404
405ndefinition cmpf ≝ λc: comparison. λv1,v2: val.
406  match v1 with
407  [ Vfloat f1 ⇒ match v2 with
408    [ Vfloat f2 ⇒ of_bool (Fcmp c f1 f2)
409    | _ ⇒ Vundef ]
410  | _ ⇒ Vundef ].
411
412(* * [load_result] is used in the memory model (library [Mem])
413  to post-process the results of a memory read.  For instance,
414  consider storing the integer value [0xFFF] on 1 byte at a
415  given address, and reading it back.  If it is read back with
416  chunk [Mint8unsigned], zero-extension must be performed, resulting
417  in [0xFF].  If it is read back as a [Mint8signed], sign-extension
418  is performed and [0xFFFFFFFF] is returned.   Type mismatches
419  (e.g. reading back a float as a [Mint32]) read back as [Vundef]. *)
420
421nlet rec load_result (chunk: memory_chunk) (v: val) ≝
422  match v with
423  [ Vint n ⇒
424    match chunk with
425    [ Mint8signed ⇒ Vint (sign_ext 8 n)
426    | Mint8unsigned ⇒ Vint (zero_ext 8 n)
427    | Mint16signed ⇒ Vint (sign_ext 16 n)
428    | Mint16unsigned ⇒ Vint (zero_ext 16 n)
429    | Mint32 ⇒ Vint n
430    | _ ⇒ Vundef
431    ]
432  | Vptr r b ofs ⇒
433    match chunk with
434    [ Mpointer r' ⇒ if eq_region r r' then Vptr r b ofs else Vundef
435    | _ ⇒ Vundef
436    ]
437  | Vnull r ⇒
438    match chunk with
439    [ Mpointer r' ⇒ if eq_region r r' then Vnull r else Vundef
440    | _ ⇒ Vundef
441    ]
442  | Vfloat f ⇒
443    match chunk with
444    [ Mfloat32 ⇒ Vfloat(singleoffloat f)
445    | Mfloat64 ⇒ Vfloat f
446    | _ ⇒ Vundef
447    ]
448  | _ ⇒ Vundef
449  ].
450
451(*
452(** Theorems on arithmetic operations. *)
453
454Theorem cast8unsigned_and:
455  forall x, zero_ext 8 x = and x (Vint(Int.repr 255)).
456Proof.
457  destruct x; simpl; auto. decEq.
458  change 255 with (two_p 8 - 1). apply Int.zero_ext_and. vm_compute; auto.
459Qed.
460
461Theorem cast16unsigned_and:
462  forall x, zero_ext 16 x = and x (Vint(Int.repr 65535)).
463Proof.
464  destruct x; simpl; auto. decEq.
465  change 65535 with (two_p 16 - 1). apply Int.zero_ext_and. vm_compute; auto.
466Qed.
467
468Theorem istrue_not_isfalse:
469  forall v, is_false v -> is_true (notbool v).
470Proof.
471  destruct v; simpl; try contradiction.
472  intros. subst i. simpl. discriminate.
473Qed.
474
475Theorem isfalse_not_istrue:
476  forall v, is_true v -> is_false (notbool v).
477Proof.
478  destruct v; simpl; try contradiction.
479  intros. generalize (Int.eq_spec i Int.zero).
480  case (Int.eq i Int.zero); intro.
481  contradiction. simpl. auto.
482  auto.
483Qed.
484
485Theorem bool_of_true_val:
486  forall v, is_true v -> bool_of_val v true.
487Proof.
488  intro. destruct v; simpl; intros; try contradiction.
489  constructor; auto. constructor.
490Qed.
491
492Theorem bool_of_true_val2:
493  forall v, bool_of_val v true -> is_true v.
494Proof.
495  intros. inversion H; simpl; auto.
496Qed.
497
498Theorem bool_of_true_val_inv:
499  forall v b, is_true v -> bool_of_val v b -> b = true.
500Proof.
501  intros. inversion H0; subst v b; simpl in H; auto.
502Qed.
503
504Theorem bool_of_false_val:
505  forall v, is_false v -> bool_of_val v false.
506Proof.
507  intro. destruct v; simpl; intros; try contradiction.
508  subst i;  constructor.
509Qed.
510
511Theorem bool_of_false_val2:
512  forall v, bool_of_val v false -> is_false v.
513Proof.
514  intros. inversion H; simpl; auto.
515Qed.
516
517Theorem bool_of_false_val_inv:
518  forall v b, is_false v -> bool_of_val v b -> b = false.
519Proof.
520  intros. inversion H0; subst v b; simpl in H.
521  congruence. auto. contradiction.
522Qed.
523
524Theorem notbool_negb_1:
525  forall b, of_bool (negb b) = notbool (of_bool b).
526Proof.
527  destruct b; reflexivity.
528Qed.
529
530Theorem notbool_negb_2:
531  forall b, of_bool b = notbool (of_bool (negb b)).
532Proof.
533  destruct b; reflexivity.
534Qed.
535
536Theorem notbool_idem2:
537  forall b, notbool(notbool(of_bool b)) = of_bool b.
538Proof.
539  destruct b; reflexivity.
540Qed.
541
542Theorem notbool_idem3:
543  forall x, notbool(notbool(notbool x)) = notbool x.
544Proof.
545  destruct x; simpl; auto.
546  case (Int.eq i Int.zero); reflexivity.
547Qed.
548
549Theorem add_commut: forall x y, add x y = add y x.
550Proof.
551  destruct x; destruct y; simpl; auto.
552  decEq. apply Int.add_commut.
553Qed.
554
555Theorem add_assoc: forall x y z, add (add x y) z = add x (add y z).
556Proof.
557  destruct x; destruct y; destruct z; simpl; auto.
558  rewrite Int.add_assoc; auto.
559  rewrite Int.add_assoc; auto.
560  decEq. decEq. apply Int.add_commut.
561  decEq. rewrite Int.add_commut. rewrite <- Int.add_assoc.
562  decEq. apply Int.add_commut.
563  decEq. rewrite Int.add_assoc. auto.
564Qed.
565
566Theorem add_permut: forall x y z, add x (add y z) = add y (add x z).
567Proof.
568  intros. rewrite (add_commut y z). rewrite <- add_assoc. apply add_commut.
569Qed.
570
571Theorem add_permut_4:
572  forall x y z t, add (add x y) (add z t) = add (add x z) (add y t).
573Proof.
574  intros. rewrite add_permut. rewrite add_assoc.
575  rewrite add_permut. symmetry. apply add_assoc.
576Qed.
577
578Theorem neg_zero: neg Vzero = Vzero.
579Proof.
580  reflexivity.
581Qed.
582
583Theorem neg_add_distr: forall x y, neg(add x y) = add (neg x) (neg y).
584Proof.
585  destruct x; destruct y; simpl; auto. decEq. apply Int.neg_add_distr.
586Qed.
587
588Theorem sub_zero_r: forall x, sub Vzero x = neg x.
589Proof.
590  destruct x; simpl; auto.
591Qed.
592
593Theorem sub_add_opp: forall x y, sub x (Vint y) = add x (Vint (Int.neg y)).
594Proof.
595  destruct x; intro y; simpl; auto; rewrite Int.sub_add_opp; auto.
596Qed.
597
598Theorem sub_opp_add: forall x y, sub x (Vint (Int.neg y)) = add x (Vint y).
599Proof.
600  intros. unfold sub, add.
601  destruct x; auto; rewrite Int.sub_add_opp; rewrite Int.neg_involutive; auto.
602Qed.
603
604Theorem sub_add_l:
605  forall v1 v2 i, sub (add v1 (Vint i)) v2 = add (sub v1 v2) (Vint i).
606Proof.
607  destruct v1; destruct v2; intros; simpl; auto.
608  rewrite Int.sub_add_l. auto.
609  rewrite Int.sub_add_l. auto.
610  case (zeq b b0); intro. rewrite Int.sub_add_l. auto. reflexivity.
611Qed.
612
613Theorem sub_add_r:
614  forall v1 v2 i, sub v1 (add v2 (Vint i)) = add (sub v1 v2) (Vint (Int.neg i)).
615Proof.
616  destruct v1; destruct v2; intros; simpl; auto.
617  rewrite Int.sub_add_r. auto.
618  repeat rewrite Int.sub_add_opp. decEq.
619  repeat rewrite Int.add_assoc. decEq. apply Int.add_commut.
620  decEq. repeat rewrite Int.sub_add_opp.
621  rewrite Int.add_assoc. decEq. apply Int.neg_add_distr.
622  case (zeq b b0); intro. simpl. decEq.
623  repeat rewrite Int.sub_add_opp. rewrite Int.add_assoc. decEq.
624  apply Int.neg_add_distr.
625  reflexivity.
626Qed.
627
628Theorem mul_commut: forall x y, mul x y = mul y x.
629Proof.
630  destruct x; destruct y; simpl; auto. decEq. apply Int.mul_commut.
631Qed.
632
633Theorem mul_assoc: forall x y z, mul (mul x y) z = mul x (mul y z).
634Proof.
635  destruct x; destruct y; destruct z; simpl; auto.
636  decEq. apply Int.mul_assoc.
637Qed.
638
639Theorem mul_add_distr_l:
640  forall x y z, mul (add x y) z = add (mul x z) (mul y z).
641Proof.
642  destruct x; destruct y; destruct z; simpl; auto.
643  decEq. apply Int.mul_add_distr_l.
644Qed.
645
646
647Theorem mul_add_distr_r:
648  forall x y z, mul x (add y z) = add (mul x y) (mul x z).
649Proof.
650  destruct x; destruct y; destruct z; simpl; auto.
651  decEq. apply Int.mul_add_distr_r.
652Qed.
653
654Theorem mul_pow2:
655  forall x n logn,
656  Int.is_power2 n = Some logn ->
657  mul x (Vint n) = shl x (Vint logn).
658Proof.
659  intros; destruct x; simpl; auto.
660  change 32 with (Z_of_nat Int.wordsize).
661  rewrite (Int.is_power2_range _ _ H). decEq. apply Int.mul_pow2. auto.
662Qed. 
663
664Theorem mods_divs:
665  forall x y, mods x y = sub x (mul (divs x y) y).
666Proof.
667  destruct x; destruct y; simpl; auto.
668  case (Int.eq i0 Int.zero); simpl. auto. decEq. apply Int.mods_divs.
669Qed.
670
671Theorem modu_divu:
672  forall x y, modu x y = sub x (mul (divu x y) y).
673Proof.
674  destruct x; destruct y; simpl; auto.
675  generalize (Int.eq_spec i0 Int.zero);
676  case (Int.eq i0 Int.zero); simpl. auto.
677  intro. decEq. apply Int.modu_divu. auto.
678Qed.
679
680Theorem divs_pow2:
681  forall x n logn,
682  Int.is_power2 n = Some logn ->
683  divs x (Vint n) = shrx x (Vint logn).
684Proof.
685  intros; destruct x; simpl; auto.
686  change 32 with (Z_of_nat Int.wordsize).
687  rewrite (Int.is_power2_range _ _ H).
688  generalize (Int.eq_spec n Int.zero);
689  case (Int.eq n Int.zero); intro.
690  subst n. compute in H. discriminate.
691  decEq. apply Int.divs_pow2. auto.
692Qed.
693
694Theorem divu_pow2:
695  forall x n logn,
696  Int.is_power2 n = Some logn ->
697  divu x (Vint n) = shru x (Vint logn).
698Proof.
699  intros; destruct x; simpl; auto.
700  change 32 with (Z_of_nat Int.wordsize).
701  rewrite (Int.is_power2_range _ _ H).
702  generalize (Int.eq_spec n Int.zero);
703  case (Int.eq n Int.zero); intro.
704  subst n. compute in H. discriminate.
705  decEq. apply Int.divu_pow2. auto.
706Qed.
707
708Theorem modu_pow2:
709  forall x n logn,
710  Int.is_power2 n = Some logn ->
711  modu x (Vint n) = and x (Vint (Int.sub n Int.one)).
712Proof.
713  intros; destruct x; simpl; auto.
714  generalize (Int.eq_spec n Int.zero);
715  case (Int.eq n Int.zero); intro.
716  subst n. compute in H. discriminate.
717  decEq. eapply Int.modu_and; eauto.
718Qed.
719
720Theorem and_commut: forall x y, and x y = and y x.
721Proof.
722  destruct x; destruct y; simpl; auto. decEq. apply Int.and_commut.
723Qed.
724
725Theorem and_assoc: forall x y z, and (and x y) z = and x (and y z).
726Proof.
727  destruct x; destruct y; destruct z; simpl; auto.
728  decEq. apply Int.and_assoc.
729Qed.
730
731Theorem or_commut: forall x y, or x y = or y x.
732Proof.
733  destruct x; destruct y; simpl; auto. decEq. apply Int.or_commut.
734Qed.
735
736Theorem or_assoc: forall x y z, or (or x y) z = or x (or y z).
737Proof.
738  destruct x; destruct y; destruct z; simpl; auto.
739  decEq. apply Int.or_assoc.
740Qed.
741
742Theorem xor_commut: forall x y, xor x y = xor y x.
743Proof.
744  destruct x; destruct y; simpl; auto. decEq. apply Int.xor_commut.
745Qed.
746
747Theorem xor_assoc: forall x y z, xor (xor x y) z = xor x (xor y z).
748Proof.
749  destruct x; destruct y; destruct z; simpl; auto.
750  decEq. apply Int.xor_assoc.
751Qed.
752
753Theorem shl_mul: forall x y, Val.mul x (Val.shl Vone y) = Val.shl x y.
754Proof.
755  destruct x; destruct y; simpl; auto.
756  case (Int.ltu i0 Int.iwordsize); auto.
757  decEq. symmetry. apply Int.shl_mul.
758Qed.
759
760Theorem shl_rolm:
761  forall x n,
762  Int.ltu n Int.iwordsize = true ->
763  shl x (Vint n) = rolm x n (Int.shl Int.mone n).
764Proof.
765  intros; destruct x; simpl; auto.
766  rewrite H. decEq. apply Int.shl_rolm. exact H.
767Qed.
768
769Theorem shru_rolm:
770  forall x n,
771  Int.ltu n Int.iwordsize = true ->
772  shru x (Vint n) = rolm x (Int.sub Int.iwordsize n) (Int.shru Int.mone n).
773Proof.
774  intros; destruct x; simpl; auto.
775  rewrite H. decEq. apply Int.shru_rolm. exact H.
776Qed.
777
778Theorem shrx_carry:
779  forall x y,
780  add (shr x y) (shr_carry x y) = shrx x y.
781Proof.
782  destruct x; destruct y; simpl; auto.
783  case (Int.ltu i0 Int.iwordsize); auto.
784  simpl. decEq. apply Int.shrx_carry.
785Qed.
786
787Theorem or_rolm:
788  forall x n m1 m2,
789  or (rolm x n m1) (rolm x n m2) = rolm x n (Int.or m1 m2).
790Proof.
791  intros; destruct x; simpl; auto.
792  decEq. apply Int.or_rolm.
793Qed.
794
795Theorem rolm_rolm:
796  forall x n1 m1 n2 m2,
797  rolm (rolm x n1 m1) n2 m2 =
798    rolm x (Int.modu (Int.add n1 n2) Int.iwordsize)
799           (Int.and (Int.rol m1 n2) m2).
800Proof.
801  intros; destruct x; simpl; auto.
802  decEq.
803  apply Int.rolm_rolm. apply int_wordsize_divides_modulus.
804Qed.
805
806Theorem rolm_zero:
807  forall x m,
808  rolm x Int.zero m = and x (Vint m).
809Proof.
810  intros; destruct x; simpl; auto. decEq. apply Int.rolm_zero.
811Qed.
812
813Theorem addf_commut: forall x y, addf x y = addf y x.
814Proof.
815  destruct x; destruct y; simpl; auto. decEq. apply Float.addf_commut.
816Qed.
817
818Lemma negate_cmp_mismatch:
819  forall c,
820  cmp_mismatch (negate_comparison c) = notbool(cmp_mismatch c).
821Proof.
822  destruct c; reflexivity.
823Qed.
824
825Theorem negate_cmp:
826  forall c x y,
827  cmp (negate_comparison c) x y = notbool (cmp c x y).
828Proof.
829  destruct x; destruct y; simpl; auto.
830  rewrite Int.negate_cmp. apply notbool_negb_1.
831  case (Int.eq i Int.zero). apply negate_cmp_mismatch. reflexivity.
832  case (Int.eq i0 Int.zero). apply negate_cmp_mismatch. reflexivity.
833  case (zeq b b0); intro.
834  rewrite Int.negate_cmp. apply notbool_negb_1.
835  apply negate_cmp_mismatch.
836Qed.
837
838Theorem negate_cmpu:
839  forall c x y,
840  cmpu (negate_comparison c) x y = notbool (cmpu c x y).
841Proof.
842  destruct x; destruct y; simpl; auto.
843  rewrite Int.negate_cmpu. apply notbool_negb_1.
844  case (Int.eq i Int.zero). apply negate_cmp_mismatch. reflexivity.
845  case (Int.eq i0 Int.zero). apply negate_cmp_mismatch. reflexivity.
846  case (zeq b b0); intro.
847  rewrite Int.negate_cmpu. apply notbool_negb_1.
848  apply negate_cmp_mismatch.
849Qed.
850
851Lemma swap_cmp_mismatch:
852  forall c, cmp_mismatch (swap_comparison c) = cmp_mismatch c.
853Proof.
854  destruct c; reflexivity.
855Qed.
856 
857Theorem swap_cmp:
858  forall c x y,
859  cmp (swap_comparison c) x y = cmp c y x.
860Proof.
861  destruct x; destruct y; simpl; auto.
862  rewrite Int.swap_cmp. auto.
863  case (Int.eq i Int.zero). apply swap_cmp_mismatch. auto.
864  case (Int.eq i0 Int.zero). apply swap_cmp_mismatch. auto.
865  case (zeq b b0); intro.
866  subst b0. rewrite zeq_true. rewrite Int.swap_cmp. auto.
867  rewrite zeq_false. apply swap_cmp_mismatch. auto.
868Qed.
869
870Theorem swap_cmpu:
871  forall c x y,
872  cmpu (swap_comparison c) x y = cmpu c y x.
873Proof.
874  destruct x; destruct y; simpl; auto.
875  rewrite Int.swap_cmpu. auto.
876  case (Int.eq i Int.zero). apply swap_cmp_mismatch. auto.
877  case (Int.eq i0 Int.zero). apply swap_cmp_mismatch. auto.
878  case (zeq b b0); intro.
879  subst b0. rewrite zeq_true. rewrite Int.swap_cmpu. auto.
880  rewrite zeq_false. apply swap_cmp_mismatch. auto.
881Qed.
882
883Theorem negate_cmpf_eq:
884  forall v1 v2, notbool (cmpf Cne v1 v2) = cmpf Ceq v1 v2.
885Proof.
886  destruct v1; destruct v2; simpl; auto.
887  rewrite Float.cmp_ne_eq. rewrite notbool_negb_1.
888  apply notbool_idem2.
889Qed.
890
891Theorem negate_cmpf_ne:
892  forall v1 v2, notbool (cmpf Ceq v1 v2) = cmpf Cne v1 v2.
893Proof.
894  destruct v1; destruct v2; simpl; auto.
895  rewrite Float.cmp_ne_eq. rewrite notbool_negb_1. auto.
896Qed.
897
898Lemma or_of_bool:
899  forall b1 b2, or (of_bool b1) (of_bool b2) = of_bool (b1 || b2).
900Proof.
901  destruct b1; destruct b2; reflexivity.
902Qed.
903
904Theorem cmpf_le:
905  forall v1 v2, cmpf Cle v1 v2 = or (cmpf Clt v1 v2) (cmpf Ceq v1 v2).
906Proof.
907  destruct v1; destruct v2; simpl; auto.
908  rewrite or_of_bool. decEq. apply Float.cmp_le_lt_eq.
909Qed.
910
911Theorem cmpf_ge:
912  forall v1 v2, cmpf Cge v1 v2 = or (cmpf Cgt v1 v2) (cmpf Ceq v1 v2).
913Proof.
914  destruct v1; destruct v2; simpl; auto.
915  rewrite or_of_bool. decEq. apply Float.cmp_ge_gt_eq.
916Qed.
917
918Definition is_bool (v: val) :=
919  v = Vundef \/ v = Vtrue \/ v = Vfalse.
920
921Lemma of_bool_is_bool:
922  forall b, is_bool (of_bool b).
923Proof.
924  destruct b; unfold is_bool; simpl; tauto.
925Qed.
926
927Lemma undef_is_bool: is_bool Vundef.
928Proof.
929  unfold is_bool; tauto.
930Qed.
931
932Lemma cmp_mismatch_is_bool:
933  forall c, is_bool (cmp_mismatch c).
934Proof.
935  destruct c; simpl; unfold is_bool; tauto.
936Qed.
937
938Lemma cmp_is_bool:
939  forall c v1 v2, is_bool (cmp c v1 v2).
940Proof.
941  destruct v1; destruct v2; simpl; try apply undef_is_bool.
942  apply of_bool_is_bool.
943  case (Int.eq i Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
944  case (Int.eq i0 Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
945  case (zeq b b0); intro. apply of_bool_is_bool. apply cmp_mismatch_is_bool.
946Qed.
947
948Lemma cmpu_is_bool:
949  forall c v1 v2, is_bool (cmpu c v1 v2).
950Proof.
951  destruct v1; destruct v2; simpl; try apply undef_is_bool.
952  apply of_bool_is_bool.
953  case (Int.eq i Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
954  case (Int.eq i0 Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
955  case (zeq b b0); intro. apply of_bool_is_bool. apply cmp_mismatch_is_bool.
956Qed.
957
958Lemma cmpf_is_bool:
959  forall c v1 v2, is_bool (cmpf c v1 v2).
960Proof.
961  destruct v1; destruct v2; simpl;
962  apply undef_is_bool || apply of_bool_is_bool.
963Qed.
964
965Lemma notbool_is_bool:
966  forall v, is_bool (notbool v).
967Proof.
968  destruct v; simpl.
969  apply undef_is_bool. apply of_bool_is_bool.
970  apply undef_is_bool. unfold is_bool; tauto.
971Qed.
972
973Lemma notbool_xor:
974  forall v, is_bool v -> v = xor (notbool v) Vone.
975Proof.
976  intros. elim H; intro. 
977  subst v. reflexivity.
978  elim H0; intro; subst v; reflexivity.
979Qed.
980
981Lemma rolm_lt_zero:
982  forall v, rolm v Int.one Int.one = cmp Clt v (Vint Int.zero).
983Proof.
984  intros. destruct v; simpl; auto.
985  transitivity (Vint (Int.shru i (Int.repr (Z_of_nat Int.wordsize - 1)))).
986  decEq. symmetry. rewrite Int.shru_rolm. auto. auto.
987  rewrite Int.shru_lt_zero. destruct (Int.lt i Int.zero); auto.
988Qed.
989
990Lemma rolm_ge_zero:
991  forall v,
992  xor (rolm v Int.one Int.one) (Vint Int.one) = cmp Cge v (Vint Int.zero).
993Proof.
994  intros. rewrite rolm_lt_zero. destruct v; simpl; auto.
995  destruct (Int.lt i Int.zero); auto.
996Qed.
997*)
998(* * The ``is less defined'' relation between values.
999    A value is less defined than itself, and [Vundef] is
1000    less defined than any value. *)
1001
1002ninductive Val_lessdef: val → val → Prop ≝
1003  | lessdef_refl: ∀v. Val_lessdef v v
1004  | lessdef_undef: ∀v. Val_lessdef Vundef v.
1005
1006ninductive lessdef_list: list val → list val → Prop ≝
1007  | lessdef_list_nil:
1008      lessdef_list (nil ?) (nil ?)
1009  | lessdef_list_cons:
1010      ∀v1,v2,vl1,vl2.
1011      Val_lessdef v1 v2 → lessdef_list vl1 vl2 →
1012      lessdef_list (v1 :: vl1) (v2 :: vl2).
1013
1014(*Hint Resolve lessdef_refl lessdef_undef lessdef_list_nil lessdef_list_cons.*)
1015
1016nlemma lessdef_list_inv:
1017  ∀vl1,vl2. lessdef_list vl1 vl2 → vl1 = vl2 ∨ in_list ? Vundef vl1.
1018#vl1; nelim vl1;
1019##[ #vl2; #H; ninversion H; /2/; #h1;#h2;#t1;#t2;#H1;#H2;#H3;#Hbad; ndestruct
1020##| #h;#t;#IH;#vl2;#H;
1021    ninversion H;
1022    ##[ #H'; ndestruct
1023    ##| #h1;#h2;#t1;#t2;#H1;#H2;#H3;#e1;#e2; ndestruct;
1024        nelim H1;
1025        ##[ nelim (IH t2 H2);
1026            ##[ #e; ndestruct; /2/;
1027            ##| /3/ ##]
1028        ##| /3/ ##]
1029    ##]
1030##] nqed.
1031
1032nlemma load_result_lessdef:
1033  ∀chunk,v1,v2.
1034  Val_lessdef v1 v2 → Val_lessdef (load_result chunk v1) (load_result chunk v2).
1035#chunk;#v1;#v2;#H; ninversion H; //; #v e1 e2; ncases chunk;
1036##[ ##8: #r ##] nwhd in ⊢ (?%?); //;
1037nqed.
1038
1039(*
1040Lemma zero_ext_lessdef:
1041  forall n v1 v2, lessdef v1 v2 -> lessdef (zero_ext n v1) (zero_ext n v2).
1042Proof.
1043  intros; inv H; simpl; auto.
1044Qed.
1045*)
1046nlemma sign_ext_lessdef:
1047  ∀n,v1,v2. Val_lessdef v1 v2 → Val_lessdef (sign_ext n v1) (sign_ext n v2).
1048#n;#v1;#v2;#H;ninversion H;//;#v;#e1;#e2;nrewrite < e1 in H; nrewrite > e2; //;
1049nqed.
1050(*
1051Lemma singleoffloat_lessdef:
1052  forall v1 v2, lessdef v1 v2 -> lessdef (singleoffloat v1) (singleoffloat v2).
1053Proof.
1054  intros; inv H; simpl; auto.
1055Qed.
1056
1057End Val.
1058*)
Note: See TracBrowser for help on using the repository browser.