source: Deliverables/D3.3/id-lookup-branch/common/Values.ma @ 1939

Last change on this file since 1939 was 1311, checked in by campbell, 9 years ago

Merge trunk to invariants branch, sorting out the handling of temporaries
in Clight/toCminor.

File size: 33.9 KB
RevLine 
[3]1(* *********************************************************************)
2(*                                                                     *)
3(*              The Compcert verified compiler                         *)
4(*                                                                     *)
5(*          Xavier Leroy, INRIA Paris-Rocquencourt                     *)
6(*                                                                     *)
7(*  Copyright Institut National de Recherche en Informatique et en     *)
8(*  Automatique.  All rights reserved.  This file is distributed       *)
9(*  under the terms of the GNU General Public License as published by  *)
10(*  the Free Software Foundation, either version 2 of the License, or  *)
11(*  (at your option) any later version.  This file is also distributed *)
12(*  under the terms of the INRIA Non-Commercial License Agreement.     *)
13(*                                                                     *)
14(* *********************************************************************)
15
16(* * This module defines the type of values that is used in the dynamic
17  semantics of all our intermediate languages. *)
18
[700]19include "utilities/Coqlib.ma".
20include "common/Floats.ma".
21include "common/Errors.ma".
[1311]22include "common/Pointers.ma".
[487]23include "basics/logic.ma".
[3]24
25(* * A value is either:
26- a machine integer;
27- a floating-point number;
[482]28- a pointer: a triple giving the representation of the pointer (in terms of the
29             memory regions such a pointer could address), a memory address and
30             an integer offset with respect to this address;
[484]31- a null pointer: the region denotes the representation (i.e., pointer size)
[3]32- the [Vundef] value denoting an arbitrary bit pattern, such as the
33  value of an uninitialized variable.
34*)
35
[487]36inductive val: Type[0] ≝
[3]37  | Vundef: val
[961]38  | Vint: ∀sz:intsize. bvint sz → val
[482]39  | Vfloat: float → val
[484]40  | Vnull: region → val
[583]41  | Vptr: ∀r:region. ∀b:block. pointer_compat b r → offset → val.
[3]42
[961]43definition Vzero : intsize → val ≝ λsz. Vint sz (zero ?).
44definition Vone: intsize → val ≝ λsz. Vint sz (repr sz 1).
45definition mone ≝ λsz. bitvector_of_Z (bitsize_of_intsize sz) (neg one).
46definition Vmone: intsize → val ≝ λsz. Vint sz (mone ?).
[3]47
[961]48(* XXX 32bit booleans are Clight specific. *)
49definition Vtrue: val ≝ Vone I32.
50definition Vfalse: val ≝ Vzero I32.
[3]51
[636]52(* Values split into bytes.  Ideally we'd use some kind of sizeof for the
53   predicates here, but we don't (currently) have a single sizeof for Vundef.
54   We only split in stages of the compiler where all Vint values are byte sized.
55 *)
56
57definition ptr_may_be_single : region → bool ≝
58λr.match r with [ Data ⇒ true | IData ⇒ true | _ ⇒ false ].
59
60definition may_be_single : val → Prop ≝
61λv. match v with
62[ Vundef ⇒ True
[961]63| Vint _ _ ⇒ True
[636]64| Vfloat _ ⇒ False
65| Vnull r ⇒ ptr_may_be_single r = true
66| Vptr r _ _ _ ⇒ ptr_may_be_single r = true
67].
68
69definition may_be_split : val → Prop ≝
70λv.match v with
[961]71[ Vint _ _ ⇒ False
[636]72| Vnull r ⇒ ptr_may_be_single r = false
73| Vptr r _ _ _ ⇒ ptr_may_be_single r = false
74| _ ⇒ True
75].
76
77inductive split_val : Type[0] ≝
78| Single : ∀v:val. may_be_single v → split_val
79| High   : ∀v:val. may_be_split v → split_val
80| Low    : ∀v:val. may_be_split v → split_val.
81
82notation > "vbox('do' _ ← e; break e')" with precedence 40 for @{'bind ${e} (λ_.${e'})}.
[797]83(*
[636]84let rec assert_nat_eq (m,n:nat) : res (m = n) ≝
85match m return λx.res (x = n) with
86[ O ⇒ match n return λx. res (O = x) with [ O ⇒ OK ? (refl ??) | _ ⇒ Error ? ]
87| S m' ⇒ match n return λx.res (S m' = x) with [ O ⇒ Error ? | S n' ⇒
88  do E ← assert_nat_eq m' n';
89  match E return λx.λ_. res (S m' = S x) with [ refl ⇒ OK ? (refl ??) ] ]
90].
91
92definition res_eq_nat : ∀m,n:nat. ∀P:nat → Type[0]. P m → res (P n) ≝
93λm,n,P,p.
94  do E ← assert_nat_eq m n;
95  match E return λx.λ_. res (P x) with [ refl ⇒ OK ? p ].
96
97definition break : ∀n:nat. val → res (Vector split_val n) ≝
98λn,v. match v return λv'. (may_be_single v' → ?) → (may_be_split v' → ?) → ? with
99[ Vundef ⇒ λs.λt. res_eq_nat 1 n ? (s I)
100| Vint i ⇒ λs.λt. res_eq_nat 1 n ? (s I)
101| Vfloat f ⇒ λs.λt. res_eq_nat 2 n ? (t I)
102| Vnull r ⇒
103    match ptr_may_be_single r return λx. (x = true → ?) → (x = false → ?) → ? with
104    [ true ⇒ λs.λt. res_eq_nat 1 n ? (s (refl ??))
105    | false ⇒ λs.λt. ?
106    ]
107| Vptr r b p o ⇒
108    match ptr_may_be_single r return λx. (x = true → ?) → (x = false → ?) → ? with
109    [ true ⇒ λs.λt. res_eq_nat 1 n ? (s (refl ??))
110    | false ⇒ λs.λt. ?
111    ]
112] (λp. [[ Single v p ]]) (λp. [[ Low v p; High v p ]]).
113@(res_eq_nat 2 n ? (t (refl ??))) qed. (* XXX: I have no idea why this fails if you do it directly. *)
114
115definition val_eq : val → val → bool ≝
116λx,y.
117match x with
118[ Vundef ⇒ match y with [ Vundef ⇒ true | _ ⇒ false ]
119| Vint i ⇒ match y with [ Vint j ⇒ eq i j | _ ⇒ false ]
120| Vfloat f ⇒ match y with [ Vfloat f' ⇒ match eq_dec f f' with [ inl _ ⇒ true | _ ⇒ false ] | _ ⇒ false ]
121| Vnull r ⇒ match y with [ Vnull r' ⇒ eq_region r r' | _ ⇒ false ]
122| Vptr r b p o ⇒ match y with [ Vptr r' b' p' o' ⇒ eq_region r r' ∧ eq_block b b' ∧ eq_offset o o' | _ ⇒ false ]
123].
124
125definition merge : ∀n:nat. Vector split_val n → res val ≝
126λn,s. match s with
127[ VEmpty ⇒ Error ?
128| VCons _ h1 t1 ⇒
129  match t1 with
130  [ VEmpty ⇒ match h1 with [ Single v _ ⇒ OK ? v | _ ⇒ Error ? ]
131  | VCons _ h2 t2 ⇒
132    match t2 with
133    [ VEmpty ⇒ match h1 with [ Low v _ ⇒ match h2 with [ High v' _ ⇒ if val_eq v v' then OK ? v else Error ? | _ ⇒ Error ? ] | _ ⇒ Error ? ]
134    | VCons _ _ _ ⇒ Error ?
135    ]
136  ]
137].
138   
[797]139*)
[3]140(*
141(** The module [Val] defines a number of arithmetic and logical operations
142  over type [val].  Most of these operations are straightforward extensions
143  of the corresponding integer or floating-point operations. *)
144
145Module Val.
146*)
[487]147definition of_bool : bool → val ≝ λb. if b then Vtrue else Vfalse.
[484]148(*
[487]149definition has_type ≝ λv: val. λt: typ.
[3]150  match v with
151  [ Vundef ⇒ True
[478]152  | Vint _ ⇒ match t with [ ASTint ⇒ True | _ ⇒ False ]
153  | Vfloat _ ⇒ match t with [ ASTfloat ⇒ True | _ ⇒ False ]
[718]154  | Vptr _ _ _ ⇒ match t with [ ASTptr ⇒ True | _ ⇒ False ]
[3]155  | _ ⇒ False
156  ].
157
[487]158let rec has_type_list (vl: list val) (tl: list typ) on vl : Prop ≝
[3]159  match vl with
160  [ nil ⇒ match tl with [ nil ⇒ True | _ ⇒ False ]
161  | cons v1 vs ⇒ match tl with [ nil ⇒ False | cons t1 ts ⇒
162               has_type v1 t1 ∧ has_type_list vs ts ]
163  ].
[484]164*)
[3]165(* * Truth values.  Pointers and non-zero integers are treated as [True].
166  The integer 0 (also used to represent the null pointer) is [False].
167  [Vundef] and floats are neither true nor false. *)
168
[487]169definition is_true : val → Prop ≝ λv.
[3]170  match v with
[961]171  [ Vint _ n ⇒ n ≠ (zero ?)
[500]172  | Vptr _ b _ ofs ⇒ True
[3]173  | _ ⇒ False
174  ].
175
[487]176definition is_false : val → Prop ≝ λv.
[3]177  match v with
[961]178  [ Vint _ n ⇒ n = (zero ?)
[484]179  | Vnull _ ⇒ True
[3]180  | _ ⇒ False
181  ].
182
[487]183inductive bool_of_val: val → bool → Prop ≝
[3]184  | bool_of_val_int_true:
[961]185      ∀sz,n. n ≠ zero ? → bool_of_val (Vint sz n) true
[3]186  | bool_of_val_int_false:
[961]187      ∀sz. bool_of_val (Vzero sz) false
[3]188  | bool_of_val_ptr:
[500]189      ∀r,b,p,ofs. bool_of_val (Vptr r b p ofs) true
[484]190  | bool_of_val_null:
191      ∀r. bool_of_val (Vnull r) true.
[3]192
[797]193axiom ValueNotABoolean : String.
194
[751]195definition eval_bool_of_val : val → res bool ≝
196λv. match v with
[961]197[ Vint _ i ⇒ OK ? (notb (eq_bv ? i (zero ?)))
[751]198| Vnull _ ⇒ OK ? false
199| Vptr _ _ _ _ ⇒ OK ? true
[797]200| _ ⇒ Error ? (msg ValueNotABoolean)
[751]201].
202
[487]203definition neg : val → val ≝ λv.
[3]204  match v with
[961]205  [ Vint sz n ⇒ Vint sz (two_complement_negation ? n)
[3]206  | _ ⇒ Vundef
207  ].
208
[487]209definition negf : val → val ≝ λv.
[3]210  match v with
211  [ Vfloat f ⇒ Vfloat (Fneg f)
212  | _ => Vundef
213  ].
214
[487]215definition absf : val → val ≝ λv.
[3]216  match v with
217  [ Vfloat f ⇒ Vfloat (Fabs f)
218  | _ ⇒ Vundef
219  ].
220
[961]221definition intoffloat : intsize → val → val ≝ λsz,v.
[3]222  match v with
[961]223  [ Vfloat f ⇒ Vint sz (intoffloat ? f)
[3]224  | _ ⇒ Vundef
225  ].
226
[961]227definition intuoffloat : intsize → val → val ≝ λsz,v.
[3]228  match v with
[961]229  [ Vfloat f ⇒ Vint sz (intuoffloat ? f)
[3]230  | _ ⇒ Vundef
231  ].
232
[487]233definition floatofint : val → val ≝ λv.
[3]234  match v with
[961]235  [ Vint sz n ⇒ Vfloat (floatofint ? n)
[3]236  | _ ⇒ Vundef
237  ].
238
[487]239definition floatofintu : val → val ≝ λv.
[3]240  match v with
[961]241  [ Vint sz n ⇒ Vfloat (floatofintu ? n)
[3]242  | _ ⇒ Vundef
243  ].
244
[487]245definition notint : val → val ≝ λv.
[3]246  match v with
[961]247  [ Vint sz n ⇒ Vint sz (exclusive_disjunction_bv ? n (mone ?))
[3]248  | _ ⇒ Vundef
249  ].
250 
[487]251definition notbool : val → val ≝ λv.
[3]252  match v with
[961]253  [ Vint sz n ⇒ of_bool (eq_bv ? n (zero ?))
[500]254  | Vptr _ b _ ofs ⇒ Vfalse
[484]255  | Vnull _ ⇒ Vtrue
[3]256  | _ ⇒ Vundef
257  ].
258
[961]259definition zero_ext ≝ λrsz: intsize. λv: val.
[3]260  match v with
[961]261  [ Vint sz n ⇒ Vint rsz (zero_ext … n)
[3]262  | _ ⇒ Vundef
263  ].
264
[961]265definition sign_ext ≝ λrsz:intsize. λv:val.
[3]266  match v with
[961]267  [ Vint sz i ⇒ Vint rsz (sign_ext … i)
[3]268  | _ ⇒ Vundef
269  ].
270
[487]271definition singleoffloat : val → val ≝ λv.
[3]272  match v with
273  [ Vfloat f ⇒ Vfloat (singleoffloat f)
274  | _ ⇒ Vundef
275  ].
276
[484]277(* TODO: add zero to null? *)
[487]278definition add ≝ λv1,v2: val.
[3]279  match v1 with
[961]280  [ Vint sz1 n1 ⇒ match v2 with
281    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
282                    (λn1. Vint sz2 (addition_n ? n1 n2))
283                    Vundef
284    | Vptr r b2 p ofs2 ⇒ Vptr r b2 p (shift_offset ? ofs2 n1)
[3]285    | _ ⇒ Vundef ]
[500]286  | Vptr r b1 p ofs1 ⇒ match v2 with
[961]287    [ Vint _ n2 ⇒ Vptr r b1 p (shift_offset ? ofs1 n2)
[3]288    | _ ⇒ Vundef ]
289  | _ ⇒ Vundef ].
290
[961]291(* XXX Is I32 the best answer for ptr subtraction? *)
292
[487]293definition sub ≝ λv1,v2: val.
[3]294  match v1 with
[961]295  [ Vint sz1 n1 ⇒ match v2 with
296    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
297                    (λn1. Vint sz2 (subtraction ? n1 n2))
298                    Vundef
[3]299    | _ ⇒ Vundef ]
[500]300  | Vptr r1 b1 p1 ofs1 ⇒ match v2 with
[961]301    [ Vint sz2 n2 ⇒ Vptr r1 b1 p1 (neg_shift_offset ? ofs1 n2)
[500]302    | Vptr r2 b2 p2 ofs2 ⇒
[961]303        if eq_block b1 b2 then Vint I32 (sub_offset ? ofs1 ofs2) else Vundef
[3]304    | _ ⇒ Vundef ]
[961]305  | Vnull r ⇒ match v2 with [ Vnull r' ⇒ Vzero I32 | _ ⇒ Vundef ]
[3]306  | _ ⇒ Vundef ].
307
[487]308definition mul ≝ λv1, v2: val.
[3]309  match v1 with
[961]310  [ Vint sz1 n1 ⇒ match v2 with
311    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
312                    (λn1. Vint sz2 (\snd (split … (multiplication ? n1 n2))))
313                    Vundef
[3]314    | _ ⇒ Vundef ]
315  | _ ⇒ Vundef ].
316(*
[487]317definition divs ≝ λv1, v2: val.
[3]318  match v1 with
319  [ Vint n1 ⇒ match v2 with
320    [ Vint n2 ⇒ Vint (divs n1 n2)
321    | _ ⇒ Vundef ]
322  | _ ⇒ Vundef ].
323
324Definition mods (v1 v2: val): val :=
325  match v1, v2 with
326  | Vint n1, Vint n2 =>
327      if Int.eq n2 Int.zero then Vundef else Vint(Int.mods n1 n2)
328  | _, _ => Vundef
329  end.
330
331Definition divu (v1 v2: val): val :=
332  match v1, v2 with
333  | Vint n1, Vint n2 =>
334      if Int.eq n2 Int.zero then Vundef else Vint(Int.divu n1 n2)
335  | _, _ => Vundef
336  end.
337
338Definition modu (v1 v2: val): val :=
339  match v1, v2 with
340  | Vint n1, Vint n2 =>
341      if Int.eq n2 Int.zero then Vundef else Vint(Int.modu n1 n2)
342  | _, _ => Vundef
343  end.
344*)
[487]345definition v_and ≝ λv1, v2: val.
[3]346  match v1 with
[961]347  [ Vint sz1 n1 ⇒ match v2 with
348    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
349                    (λn1. Vint ? (conjunction_bv ? n1 n2))
350                    Vundef
[3]351    | _ ⇒ Vundef ]
352  | _ ⇒ Vundef ].
353
[487]354definition or ≝ λv1, v2: val.
[3]355  match v1 with
[961]356  [ Vint sz1 n1 ⇒ match v2 with
357    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
358                    (λn1. Vint ? (inclusive_disjunction_bv ? n1 n2))
359                    Vundef
[3]360    | _ ⇒ Vundef ]
361  | _ ⇒ Vundef ].
362
[487]363definition xor ≝ λv1, v2: val.
[3]364  match v1 with
[961]365  [ Vint sz1 n1 ⇒ match v2 with
366    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
367                    (λn1. Vint ? (exclusive_disjunction_bv ? n1 n2))
368                    Vundef
[3]369    | _ ⇒ Vundef ]
370  | _ ⇒ Vundef ].
371(*
372Definition shl (v1 v2: val): val :=
373  match v1, v2 with
374  | Vint n1, Vint n2 =>
375     if Int.ltu n2 Int.iwordsize
376     then Vint(Int.shl n1 n2)
377     else Vundef
378  | _, _ => Vundef
379  end.
380
381Definition shr (v1 v2: val): val :=
382  match v1, v2 with
383  | Vint n1, Vint n2 =>
384     if Int.ltu n2 Int.iwordsize
385     then Vint(Int.shr n1 n2)
386     else Vundef
387  | _, _ => Vundef
388  end.
389
390Definition shr_carry (v1 v2: val): val :=
391  match v1, v2 with
392  | Vint n1, Vint n2 =>
393     if Int.ltu n2 Int.iwordsize
394     then Vint(Int.shr_carry n1 n2)
395     else Vundef
396  | _, _ => Vundef
397  end.
398
399Definition shrx (v1 v2: val): val :=
400  match v1, v2 with
401  | Vint n1, Vint n2 =>
402     if Int.ltu n2 Int.iwordsize
403     then Vint(Int.shrx n1 n2)
404     else Vundef
405  | _, _ => Vundef
406  end.
407
408Definition shru (v1 v2: val): val :=
409  match v1, v2 with
410  | Vint n1, Vint n2 =>
411     if Int.ltu n2 Int.iwordsize
412     then Vint(Int.shru n1 n2)
413     else Vundef
414  | _, _ => Vundef
415  end.
416
417Definition rolm (v: val) (amount mask: int): val :=
418  match v with
419  | Vint n => Vint(Int.rolm n amount mask)
420  | _ => Vundef
421  end.
422
423Definition ror (v1 v2: val): val :=
424  match v1, v2 with
425  | Vint n1, Vint n2 =>
426     if Int.ltu n2 Int.iwordsize
427     then Vint(Int.ror n1 n2)
428     else Vundef
429  | _, _ => Vundef
430  end.
431*)
[487]432definition addf ≝ λv1,v2: val.
[3]433  match v1 with
434  [ Vfloat f1 ⇒ match v2 with
435    [ Vfloat f2 ⇒ Vfloat (Fadd f1 f2)
436    | _ ⇒ Vundef ]
437  | _ ⇒ Vundef ].
438
[487]439definition subf ≝ λv1,v2: val.
[3]440  match v1 with
441  [ Vfloat f1 ⇒ match v2 with
442    [ Vfloat f2 ⇒ Vfloat (Fsub f1 f2)
443    | _ ⇒ Vundef ]
444  | _ ⇒ Vundef ].
445
[487]446definition mulf ≝ λv1,v2: val.
[3]447  match v1 with
448  [ Vfloat f1 ⇒ match v2 with
449    [ Vfloat f2 ⇒ Vfloat (Fmul f1 f2)
450    | _ ⇒ Vundef ]
451  | _ ⇒ Vundef ].
452
[487]453definition divf ≝ λv1,v2: val.
[3]454  match v1 with
455  [ Vfloat f1 ⇒ match v2 with
456    [ Vfloat f2 ⇒ Vfloat (Fdiv f1 f2)
457    | _ ⇒ Vundef ]
458  | _ ⇒ Vundef ].
459
[487]460definition cmp_match : comparison → val ≝ λc.
[484]461  match c with
462  [ Ceq ⇒ Vtrue
463  | Cne ⇒ Vfalse
464  | _   ⇒ Vundef
465  ].
466
[487]467definition cmp_mismatch : comparison → val ≝ λc.
[3]468  match c with
469  [ Ceq ⇒ Vfalse
470  | Cne ⇒ Vtrue
471  | _   ⇒ Vundef
472  ].
473
[583]474definition cmp_offset ≝
475λc: comparison. λx,y:offset.
476  match c with
477  [ Ceq ⇒  eq_offset x y
478  | Cne ⇒ ¬eq_offset x y
479  | Clt ⇒  lt_offset x y
480  | Cle ⇒ ¬lt_offset y x
481  | Cgt ⇒  lt_offset y x
482  | Cge ⇒ ¬lt_offset x y
483  ].
484
[961]485definition cmp_int : ∀n. comparison → BitVector n → BitVector n → bool ≝
486λn,c,x,y.
487  match c with
488  [ Ceq ⇒ eq_bv ? x y
489  | Cne ⇒ notb (eq_bv ? x y)
490  | Clt ⇒ lt_s ? x y
491  | Cle ⇒ notb (lt_s ? y x)
492  | Cgt ⇒ lt_s ? y x
493  | Cge ⇒ notb (lt_s ? x y)
494  ].
495
496definition cmpu_int : ∀n. comparison → BitVector n → BitVector n → bool ≝
497λn,c,x,y.
498  match c with
499  [ Ceq ⇒ eq_bv ? x y
500  | Cne ⇒ notb (eq_bv ? x y)
501  | Clt ⇒ lt_u ? x y
502  | Cle ⇒ notb (lt_u ? y x)
503  | Cgt ⇒ lt_u ? y x
504  | Cge ⇒ notb (lt_u ? x y)
505  ].
506
[487]507definition cmp ≝ λc: comparison. λv1,v2: val.
[3]508  match v1 with
[961]509  [ Vint sz1 n1 ⇒ match v2 with
510    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
511                    (λn1. of_bool (cmp_int ? c n1 n2))
512                    Vundef
[3]513    | _ ⇒ Vundef ]
[500]514  | Vptr r1 b1 p1 ofs1 ⇒ match v2 with
515    [ Vptr r2 b2 p2 ofs2 ⇒
[496]516        if eq_block b1 b2
[583]517        then of_bool (cmp_offset c ofs1 ofs2)
[3]518        else cmp_mismatch c
[484]519    | Vnull r2 ⇒ cmp_mismatch c
[3]520    | _ ⇒ Vundef ]
[484]521  | Vnull r1 ⇒ match v2 with
[500]522    [ Vptr _ _ _ _ ⇒ cmp_mismatch c
[484]523    | Vnull r2 ⇒ cmp_match c
524    | _ ⇒ Vundef
525    ]
[3]526  | _ ⇒ Vundef ].
527
[487]528definition cmpu ≝ λc: comparison. λv1,v2: val.
[3]529  match v1 with
[961]530  [ Vint sz1 n1 ⇒ match v2 with
531    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
532                    (λn1. of_bool (cmpu_int ? c n1 n2))
533                    Vundef
[3]534    | _ ⇒ Vundef ]
[500]535  | Vptr r1 b1 p1 ofs1 ⇒ match v2 with
536    [ Vptr r2 b2 p2 ofs2 ⇒
[496]537        if eq_block b1 b2
[583]538        then of_bool (cmp_offset c ofs1 ofs2)
[3]539        else cmp_mismatch c
[484]540    | Vnull r2 ⇒ cmp_mismatch c
[3]541    | _ ⇒ Vundef ]
[484]542  | Vnull r1 ⇒ match v2 with
[500]543    [ Vptr _ _ _ _ ⇒ cmp_mismatch c
[484]544    | Vnull r2 ⇒ cmp_match c
545    | _ ⇒ Vundef
546    ]
[3]547  | _ ⇒ Vundef ].
548
[961]549definition cmpf ≝ λc: comparison. λsz:intsize. λv1,v2: val.
[3]550  match v1 with
551  [ Vfloat f1 ⇒ match v2 with
552    [ Vfloat f2 ⇒ of_bool (Fcmp c f1 f2)
553    | _ ⇒ Vundef ]
554  | _ ⇒ Vundef ].
555
556(* * [load_result] is used in the memory model (library [Mem])
557  to post-process the results of a memory read.  For instance,
558  consider storing the integer value [0xFFF] on 1 byte at a
559  given address, and reading it back.  If it is read back with
560  chunk [Mint8unsigned], zero-extension must be performed, resulting
561  in [0xFF].  If it is read back as a [Mint8signed], sign-extension
562  is performed and [0xFFFFFFFF] is returned.   Type mismatches
563  (e.g. reading back a float as a [Mint32]) read back as [Vundef]. *)
[961]564(* XXX update comment *)
565(* XXX is this even necessary now?
566       should we be able to extract bytes? *)
[3]567
[487]568let rec load_result (chunk: memory_chunk) (v: val) ≝
[3]569  match v with
[961]570  [ Vint sz n ⇒
[3]571    match chunk with
[961]572    [ Mint8signed ⇒ match sz with [ I8 ⇒ v | _ ⇒ Vundef ]
573    | Mint8unsigned ⇒ match sz with [ I8 ⇒ v | _ ⇒ Vundef ]
574    | Mint16signed ⇒ match sz with [ I16 ⇒ v | _ ⇒ Vundef ]
575    | Mint16unsigned ⇒ match sz with [ I16 ⇒ v | _ ⇒ Vundef ]
576    | Mint32 ⇒  match sz with [ I32 ⇒ v | _ ⇒ Vundef ]
[3]577    | _ ⇒ Vundef
578    ]
[500]579  | Vptr r b p ofs ⇒
[483]580    match chunk with
[500]581    [ Mpointer r' ⇒ if eq_region r r' then Vptr r b p ofs else Vundef
[483]582    | _ ⇒ Vundef
[3]583    ]
[484]584  | Vnull r ⇒
585    match chunk with
586    [ Mpointer r' ⇒ if eq_region r r' then Vnull r else Vundef
587    | _ ⇒ Vundef
588    ]
[3]589  | Vfloat f ⇒
590    match chunk with
591    [ Mfloat32 ⇒ Vfloat(singleoffloat f)
592    | Mfloat64 ⇒ Vfloat f
593    | _ ⇒ Vundef
594    ]
595  | _ ⇒ Vundef
596  ].
597
598(*
599(** Theorems on arithmetic operations. *)
600
601Theorem cast8unsigned_and:
602  forall x, zero_ext 8 x = and x (Vint(Int.repr 255)).
603Proof.
604  destruct x; simpl; auto. decEq.
605  change 255 with (two_p 8 - 1). apply Int.zero_ext_and. vm_compute; auto.
606Qed.
607
608Theorem cast16unsigned_and:
609  forall x, zero_ext 16 x = and x (Vint(Int.repr 65535)).
610Proof.
611  destruct x; simpl; auto. decEq.
612  change 65535 with (two_p 16 - 1). apply Int.zero_ext_and. vm_compute; auto.
613Qed.
614
615Theorem istrue_not_isfalse:
616  forall v, is_false v -> is_true (notbool v).
617Proof.
618  destruct v; simpl; try contradiction.
619  intros. subst i. simpl. discriminate.
620Qed.
621
622Theorem isfalse_not_istrue:
623  forall v, is_true v -> is_false (notbool v).
624Proof.
625  destruct v; simpl; try contradiction.
626  intros. generalize (Int.eq_spec i Int.zero).
627  case (Int.eq i Int.zero); intro.
628  contradiction. simpl. auto.
629  auto.
630Qed.
631
632Theorem bool_of_true_val:
633  forall v, is_true v -> bool_of_val v true.
634Proof.
635  intro. destruct v; simpl; intros; try contradiction.
636  constructor; auto. constructor.
637Qed.
638
639Theorem bool_of_true_val2:
640  forall v, bool_of_val v true -> is_true v.
641Proof.
642  intros. inversion H; simpl; auto.
643Qed.
644
645Theorem bool_of_true_val_inv:
646  forall v b, is_true v -> bool_of_val v b -> b = true.
647Proof.
648  intros. inversion H0; subst v b; simpl in H; auto.
649Qed.
650
651Theorem bool_of_false_val:
652  forall v, is_false v -> bool_of_val v false.
653Proof.
654  intro. destruct v; simpl; intros; try contradiction.
655  subst i;  constructor.
656Qed.
657
658Theorem bool_of_false_val2:
659  forall v, bool_of_val v false -> is_false v.
660Proof.
661  intros. inversion H; simpl; auto.
662Qed.
663
664Theorem bool_of_false_val_inv:
665  forall v b, is_false v -> bool_of_val v b -> b = false.
666Proof.
667  intros. inversion H0; subst v b; simpl in H.
668  congruence. auto. contradiction.
669Qed.
670
671Theorem notbool_negb_1:
672  forall b, of_bool (negb b) = notbool (of_bool b).
673Proof.
674  destruct b; reflexivity.
675Qed.
676
677Theorem notbool_negb_2:
678  forall b, of_bool b = notbool (of_bool (negb b)).
679Proof.
680  destruct b; reflexivity.
681Qed.
682
683Theorem notbool_idem2:
684  forall b, notbool(notbool(of_bool b)) = of_bool b.
685Proof.
686  destruct b; reflexivity.
687Qed.
688
689Theorem notbool_idem3:
690  forall x, notbool(notbool(notbool x)) = notbool x.
691Proof.
692  destruct x; simpl; auto.
693  case (Int.eq i Int.zero); reflexivity.
694Qed.
695
696Theorem add_commut: forall x y, add x y = add y x.
697Proof.
698  destruct x; destruct y; simpl; auto.
699  decEq. apply Int.add_commut.
700Qed.
701
702Theorem add_assoc: forall x y z, add (add x y) z = add x (add y z).
703Proof.
704  destruct x; destruct y; destruct z; simpl; auto.
705  rewrite Int.add_assoc; auto.
706  rewrite Int.add_assoc; auto.
707  decEq. decEq. apply Int.add_commut.
708  decEq. rewrite Int.add_commut. rewrite <- Int.add_assoc.
709  decEq. apply Int.add_commut.
710  decEq. rewrite Int.add_assoc. auto.
711Qed.
712
713Theorem add_permut: forall x y z, add x (add y z) = add y (add x z).
714Proof.
715  intros. rewrite (add_commut y z). rewrite <- add_assoc. apply add_commut.
716Qed.
717
718Theorem add_permut_4:
719  forall x y z t, add (add x y) (add z t) = add (add x z) (add y t).
720Proof.
721  intros. rewrite add_permut. rewrite add_assoc.
722  rewrite add_permut. symmetry. apply add_assoc.
723Qed.
724
725Theorem neg_zero: neg Vzero = Vzero.
726Proof.
727  reflexivity.
728Qed.
729
730Theorem neg_add_distr: forall x y, neg(add x y) = add (neg x) (neg y).
731Proof.
732  destruct x; destruct y; simpl; auto. decEq. apply Int.neg_add_distr.
733Qed.
734
735Theorem sub_zero_r: forall x, sub Vzero x = neg x.
736Proof.
737  destruct x; simpl; auto.
738Qed.
739
740Theorem sub_add_opp: forall x y, sub x (Vint y) = add x (Vint (Int.neg y)).
741Proof.
742  destruct x; intro y; simpl; auto; rewrite Int.sub_add_opp; auto.
743Qed.
744
745Theorem sub_opp_add: forall x y, sub x (Vint (Int.neg y)) = add x (Vint y).
746Proof.
747  intros. unfold sub, add.
748  destruct x; auto; rewrite Int.sub_add_opp; rewrite Int.neg_involutive; auto.
749Qed.
750
751Theorem sub_add_l:
752  forall v1 v2 i, sub (add v1 (Vint i)) v2 = add (sub v1 v2) (Vint i).
753Proof.
754  destruct v1; destruct v2; intros; simpl; auto.
755  rewrite Int.sub_add_l. auto.
756  rewrite Int.sub_add_l. auto.
757  case (zeq b b0); intro. rewrite Int.sub_add_l. auto. reflexivity.
758Qed.
759
760Theorem sub_add_r:
761  forall v1 v2 i, sub v1 (add v2 (Vint i)) = add (sub v1 v2) (Vint (Int.neg i)).
762Proof.
763  destruct v1; destruct v2; intros; simpl; auto.
764  rewrite Int.sub_add_r. auto.
765  repeat rewrite Int.sub_add_opp. decEq.
766  repeat rewrite Int.add_assoc. decEq. apply Int.add_commut.
767  decEq. repeat rewrite Int.sub_add_opp.
768  rewrite Int.add_assoc. decEq. apply Int.neg_add_distr.
769  case (zeq b b0); intro. simpl. decEq.
770  repeat rewrite Int.sub_add_opp. rewrite Int.add_assoc. decEq.
771  apply Int.neg_add_distr.
772  reflexivity.
773Qed.
774
775Theorem mul_commut: forall x y, mul x y = mul y x.
776Proof.
777  destruct x; destruct y; simpl; auto. decEq. apply Int.mul_commut.
778Qed.
779
780Theorem mul_assoc: forall x y z, mul (mul x y) z = mul x (mul y z).
781Proof.
782  destruct x; destruct y; destruct z; simpl; auto.
783  decEq. apply Int.mul_assoc.
784Qed.
785
786Theorem mul_add_distr_l:
787  forall x y z, mul (add x y) z = add (mul x z) (mul y z).
788Proof.
789  destruct x; destruct y; destruct z; simpl; auto.
790  decEq. apply Int.mul_add_distr_l.
791Qed.
792
793
794Theorem mul_add_distr_r:
795  forall x y z, mul x (add y z) = add (mul x y) (mul x z).
796Proof.
797  destruct x; destruct y; destruct z; simpl; auto.
798  decEq. apply Int.mul_add_distr_r.
799Qed.
800
801Theorem mul_pow2:
802  forall x n logn,
803  Int.is_power2 n = Some logn ->
804  mul x (Vint n) = shl x (Vint logn).
805Proof.
806  intros; destruct x; simpl; auto.
807  change 32 with (Z_of_nat Int.wordsize).
808  rewrite (Int.is_power2_range _ _ H). decEq. apply Int.mul_pow2. auto.
809Qed. 
810
811Theorem mods_divs:
812  forall x y, mods x y = sub x (mul (divs x y) y).
813Proof.
814  destruct x; destruct y; simpl; auto.
815  case (Int.eq i0 Int.zero); simpl. auto. decEq. apply Int.mods_divs.
816Qed.
817
818Theorem modu_divu:
819  forall x y, modu x y = sub x (mul (divu x y) y).
820Proof.
821  destruct x; destruct y; simpl; auto.
822  generalize (Int.eq_spec i0 Int.zero);
823  case (Int.eq i0 Int.zero); simpl. auto.
824  intro. decEq. apply Int.modu_divu. auto.
825Qed.
826
827Theorem divs_pow2:
828  forall x n logn,
829  Int.is_power2 n = Some logn ->
830  divs x (Vint n) = shrx x (Vint logn).
831Proof.
832  intros; destruct x; simpl; auto.
833  change 32 with (Z_of_nat Int.wordsize).
834  rewrite (Int.is_power2_range _ _ H).
835  generalize (Int.eq_spec n Int.zero);
836  case (Int.eq n Int.zero); intro.
837  subst n. compute in H. discriminate.
838  decEq. apply Int.divs_pow2. auto.
839Qed.
840
841Theorem divu_pow2:
842  forall x n logn,
843  Int.is_power2 n = Some logn ->
844  divu x (Vint n) = shru x (Vint logn).
845Proof.
846  intros; destruct x; simpl; auto.
847  change 32 with (Z_of_nat Int.wordsize).
848  rewrite (Int.is_power2_range _ _ H).
849  generalize (Int.eq_spec n Int.zero);
850  case (Int.eq n Int.zero); intro.
851  subst n. compute in H. discriminate.
852  decEq. apply Int.divu_pow2. auto.
853Qed.
854
855Theorem modu_pow2:
856  forall x n logn,
857  Int.is_power2 n = Some logn ->
858  modu x (Vint n) = and x (Vint (Int.sub n Int.one)).
859Proof.
860  intros; destruct x; simpl; auto.
861  generalize (Int.eq_spec n Int.zero);
862  case (Int.eq n Int.zero); intro.
863  subst n. compute in H. discriminate.
864  decEq. eapply Int.modu_and; eauto.
865Qed.
866
867Theorem and_commut: forall x y, and x y = and y x.
868Proof.
869  destruct x; destruct y; simpl; auto. decEq. apply Int.and_commut.
870Qed.
871
872Theorem and_assoc: forall x y z, and (and x y) z = and x (and y z).
873Proof.
874  destruct x; destruct y; destruct z; simpl; auto.
875  decEq. apply Int.and_assoc.
876Qed.
877
878Theorem or_commut: forall x y, or x y = or y x.
879Proof.
880  destruct x; destruct y; simpl; auto. decEq. apply Int.or_commut.
881Qed.
882
883Theorem or_assoc: forall x y z, or (or x y) z = or x (or y z).
884Proof.
885  destruct x; destruct y; destruct z; simpl; auto.
886  decEq. apply Int.or_assoc.
887Qed.
888
889Theorem xor_commut: forall x y, xor x y = xor y x.
890Proof.
891  destruct x; destruct y; simpl; auto. decEq. apply Int.xor_commut.
892Qed.
893
894Theorem xor_assoc: forall x y z, xor (xor x y) z = xor x (xor y z).
895Proof.
896  destruct x; destruct y; destruct z; simpl; auto.
897  decEq. apply Int.xor_assoc.
898Qed.
899
900Theorem shl_mul: forall x y, Val.mul x (Val.shl Vone y) = Val.shl x y.
901Proof.
902  destruct x; destruct y; simpl; auto.
903  case (Int.ltu i0 Int.iwordsize); auto.
904  decEq. symmetry. apply Int.shl_mul.
905Qed.
906
907Theorem shl_rolm:
908  forall x n,
909  Int.ltu n Int.iwordsize = true ->
910  shl x (Vint n) = rolm x n (Int.shl Int.mone n).
911Proof.
912  intros; destruct x; simpl; auto.
913  rewrite H. decEq. apply Int.shl_rolm. exact H.
914Qed.
915
916Theorem shru_rolm:
917  forall x n,
918  Int.ltu n Int.iwordsize = true ->
919  shru x (Vint n) = rolm x (Int.sub Int.iwordsize n) (Int.shru Int.mone n).
920Proof.
921  intros; destruct x; simpl; auto.
922  rewrite H. decEq. apply Int.shru_rolm. exact H.
923Qed.
924
925Theorem shrx_carry:
926  forall x y,
927  add (shr x y) (shr_carry x y) = shrx x y.
928Proof.
929  destruct x; destruct y; simpl; auto.
930  case (Int.ltu i0 Int.iwordsize); auto.
931  simpl. decEq. apply Int.shrx_carry.
932Qed.
933
934Theorem or_rolm:
935  forall x n m1 m2,
936  or (rolm x n m1) (rolm x n m2) = rolm x n (Int.or m1 m2).
937Proof.
938  intros; destruct x; simpl; auto.
939  decEq. apply Int.or_rolm.
940Qed.
941
942Theorem rolm_rolm:
943  forall x n1 m1 n2 m2,
944  rolm (rolm x n1 m1) n2 m2 =
945    rolm x (Int.modu (Int.add n1 n2) Int.iwordsize)
946           (Int.and (Int.rol m1 n2) m2).
947Proof.
948  intros; destruct x; simpl; auto.
949  decEq.
950  apply Int.rolm_rolm. apply int_wordsize_divides_modulus.
951Qed.
952
953Theorem rolm_zero:
954  forall x m,
955  rolm x Int.zero m = and x (Vint m).
956Proof.
957  intros; destruct x; simpl; auto. decEq. apply Int.rolm_zero.
958Qed.
959
960Theorem addf_commut: forall x y, addf x y = addf y x.
961Proof.
962  destruct x; destruct y; simpl; auto. decEq. apply Float.addf_commut.
963Qed.
964
965Lemma negate_cmp_mismatch:
966  forall c,
967  cmp_mismatch (negate_comparison c) = notbool(cmp_mismatch c).
968Proof.
969  destruct c; reflexivity.
970Qed.
971
972Theorem negate_cmp:
973  forall c x y,
974  cmp (negate_comparison c) x y = notbool (cmp c x y).
975Proof.
976  destruct x; destruct y; simpl; auto.
977  rewrite Int.negate_cmp. apply notbool_negb_1.
978  case (Int.eq i Int.zero). apply negate_cmp_mismatch. reflexivity.
979  case (Int.eq i0 Int.zero). apply negate_cmp_mismatch. reflexivity.
980  case (zeq b b0); intro.
981  rewrite Int.negate_cmp. apply notbool_negb_1.
982  apply negate_cmp_mismatch.
983Qed.
984
985Theorem negate_cmpu:
986  forall c x y,
987  cmpu (negate_comparison c) x y = notbool (cmpu c x y).
988Proof.
989  destruct x; destruct y; simpl; auto.
990  rewrite Int.negate_cmpu. apply notbool_negb_1.
991  case (Int.eq i Int.zero). apply negate_cmp_mismatch. reflexivity.
992  case (Int.eq i0 Int.zero). apply negate_cmp_mismatch. reflexivity.
993  case (zeq b b0); intro.
994  rewrite Int.negate_cmpu. apply notbool_negb_1.
995  apply negate_cmp_mismatch.
996Qed.
997
998Lemma swap_cmp_mismatch:
999  forall c, cmp_mismatch (swap_comparison c) = cmp_mismatch c.
1000Proof.
1001  destruct c; reflexivity.
1002Qed.
1003 
1004Theorem swap_cmp:
1005  forall c x y,
1006  cmp (swap_comparison c) x y = cmp c y x.
1007Proof.
1008  destruct x; destruct y; simpl; auto.
1009  rewrite Int.swap_cmp. auto.
1010  case (Int.eq i Int.zero). apply swap_cmp_mismatch. auto.
1011  case (Int.eq i0 Int.zero). apply swap_cmp_mismatch. auto.
1012  case (zeq b b0); intro.
1013  subst b0. rewrite zeq_true. rewrite Int.swap_cmp. auto.
1014  rewrite zeq_false. apply swap_cmp_mismatch. auto.
1015Qed.
1016
1017Theorem swap_cmpu:
1018  forall c x y,
1019  cmpu (swap_comparison c) x y = cmpu c y x.
1020Proof.
1021  destruct x; destruct y; simpl; auto.
1022  rewrite Int.swap_cmpu. auto.
1023  case (Int.eq i Int.zero). apply swap_cmp_mismatch. auto.
1024  case (Int.eq i0 Int.zero). apply swap_cmp_mismatch. auto.
1025  case (zeq b b0); intro.
1026  subst b0. rewrite zeq_true. rewrite Int.swap_cmpu. auto.
1027  rewrite zeq_false. apply swap_cmp_mismatch. auto.
1028Qed.
1029
1030Theorem negate_cmpf_eq:
1031  forall v1 v2, notbool (cmpf Cne v1 v2) = cmpf Ceq v1 v2.
1032Proof.
1033  destruct v1; destruct v2; simpl; auto.
1034  rewrite Float.cmp_ne_eq. rewrite notbool_negb_1.
1035  apply notbool_idem2.
1036Qed.
1037
1038Theorem negate_cmpf_ne:
1039  forall v1 v2, notbool (cmpf Ceq v1 v2) = cmpf Cne v1 v2.
1040Proof.
1041  destruct v1; destruct v2; simpl; auto.
1042  rewrite Float.cmp_ne_eq. rewrite notbool_negb_1. auto.
1043Qed.
1044
1045Lemma or_of_bool:
1046  forall b1 b2, or (of_bool b1) (of_bool b2) = of_bool (b1 || b2).
1047Proof.
1048  destruct b1; destruct b2; reflexivity.
1049Qed.
1050
1051Theorem cmpf_le:
1052  forall v1 v2, cmpf Cle v1 v2 = or (cmpf Clt v1 v2) (cmpf Ceq v1 v2).
1053Proof.
1054  destruct v1; destruct v2; simpl; auto.
1055  rewrite or_of_bool. decEq. apply Float.cmp_le_lt_eq.
1056Qed.
1057
1058Theorem cmpf_ge:
1059  forall v1 v2, cmpf Cge v1 v2 = or (cmpf Cgt v1 v2) (cmpf Ceq v1 v2).
1060Proof.
1061  destruct v1; destruct v2; simpl; auto.
1062  rewrite or_of_bool. decEq. apply Float.cmp_ge_gt_eq.
1063Qed.
1064
1065Definition is_bool (v: val) :=
1066  v = Vundef \/ v = Vtrue \/ v = Vfalse.
1067
1068Lemma of_bool_is_bool:
1069  forall b, is_bool (of_bool b).
1070Proof.
1071  destruct b; unfold is_bool; simpl; tauto.
1072Qed.
1073
1074Lemma undef_is_bool: is_bool Vundef.
1075Proof.
1076  unfold is_bool; tauto.
1077Qed.
1078
1079Lemma cmp_mismatch_is_bool:
1080  forall c, is_bool (cmp_mismatch c).
1081Proof.
1082  destruct c; simpl; unfold is_bool; tauto.
1083Qed.
1084
1085Lemma cmp_is_bool:
1086  forall c v1 v2, is_bool (cmp c v1 v2).
1087Proof.
1088  destruct v1; destruct v2; simpl; try apply undef_is_bool.
1089  apply of_bool_is_bool.
1090  case (Int.eq i Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
1091  case (Int.eq i0 Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
1092  case (zeq b b0); intro. apply of_bool_is_bool. apply cmp_mismatch_is_bool.
1093Qed.
1094
1095Lemma cmpu_is_bool:
1096  forall c v1 v2, is_bool (cmpu c v1 v2).
1097Proof.
1098  destruct v1; destruct v2; simpl; try apply undef_is_bool.
1099  apply of_bool_is_bool.
1100  case (Int.eq i Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
1101  case (Int.eq i0 Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
1102  case (zeq b b0); intro. apply of_bool_is_bool. apply cmp_mismatch_is_bool.
1103Qed.
1104
1105Lemma cmpf_is_bool:
1106  forall c v1 v2, is_bool (cmpf c v1 v2).
1107Proof.
1108  destruct v1; destruct v2; simpl;
1109  apply undef_is_bool || apply of_bool_is_bool.
1110Qed.
1111
1112Lemma notbool_is_bool:
1113  forall v, is_bool (notbool v).
1114Proof.
1115  destruct v; simpl.
1116  apply undef_is_bool. apply of_bool_is_bool.
1117  apply undef_is_bool. unfold is_bool; tauto.
1118Qed.
1119
1120Lemma notbool_xor:
1121  forall v, is_bool v -> v = xor (notbool v) Vone.
1122Proof.
1123  intros. elim H; intro. 
1124  subst v. reflexivity.
1125  elim H0; intro; subst v; reflexivity.
1126Qed.
1127
1128Lemma rolm_lt_zero:
1129  forall v, rolm v Int.one Int.one = cmp Clt v (Vint Int.zero).
1130Proof.
1131  intros. destruct v; simpl; auto.
1132  transitivity (Vint (Int.shru i (Int.repr (Z_of_nat Int.wordsize - 1)))).
1133  decEq. symmetry. rewrite Int.shru_rolm. auto. auto.
1134  rewrite Int.shru_lt_zero. destruct (Int.lt i Int.zero); auto.
1135Qed.
1136
1137Lemma rolm_ge_zero:
1138  forall v,
1139  xor (rolm v Int.one Int.one) (Vint Int.one) = cmp Cge v (Vint Int.zero).
1140Proof.
1141  intros. rewrite rolm_lt_zero. destruct v; simpl; auto.
1142  destruct (Int.lt i Int.zero); auto.
1143Qed.
1144*)
1145(* * The ``is less defined'' relation between values.
1146    A value is less defined than itself, and [Vundef] is
1147    less defined than any value. *)
1148
[487]1149inductive Val_lessdef: val → val → Prop ≝
[3]1150  | lessdef_refl: ∀v. Val_lessdef v v
1151  | lessdef_undef: ∀v. Val_lessdef Vundef v.
1152
[487]1153inductive lessdef_list: list val → list val → Prop ≝
[3]1154  | lessdef_list_nil:
1155      lessdef_list (nil ?) (nil ?)
1156  | lessdef_list_cons:
1157      ∀v1,v2,vl1,vl2.
1158      Val_lessdef v1 v2 → lessdef_list vl1 vl2 →
1159      lessdef_list (v1 :: vl1) (v2 :: vl2).
1160
1161(*Hint Resolve lessdef_refl lessdef_undef lessdef_list_nil lessdef_list_cons.*)
[487]1162(*
1163lemma lessdef_list_inv:
[3]1164  ∀vl1,vl2. lessdef_list vl1 vl2 → vl1 = vl2 ∨ in_list ? Vundef vl1.
[487]1165#vl1 elim vl1;
1166[ #vl2 #H inversion H; /2/; #h1 #h2 #t1 #t2 #H1 #H2 #H3 #Hbad destruct
1167| #h #t #IH #vl2 #H
1168    inversion H;
1169    [ #H' destruct
1170    | #h1 #h2 #t1 #t2 #H1 #H2 #H3 #e1 #e2 destruct;
1171        elim H1;
1172        [ elim (IH t2 H2);
1173            [ #e destruct; /2/;
1174            | /3/ ]
1175        | /3/ ]
1176    ]
1177] qed.
1178*)
1179lemma load_result_lessdef:
[3]1180  ∀chunk,v1,v2.
1181  Val_lessdef v1 v2 → Val_lessdef (load_result chunk v1) (load_result chunk v2).
[487]1182#chunk #v1 #v2 #H inversion H; //; #v #e1 #e2 cases chunk
1183[ 8: #r ] whd in ⊢ (?%?); //;
1184qed.
[3]1185
[744]1186lemma zero_ext_lessdef:
1187  ∀n,v1,v2. Val_lessdef v1 v2 → Val_lessdef (zero_ext n v1) (zero_ext n v2).
1188#n #v1 #v2 #H inversion H // #v #E1 #E2 destruct //
1189qed.
1190
[487]1191lemma sign_ext_lessdef:
[3]1192  ∀n,v1,v2. Val_lessdef v1 v2 → Val_lessdef (sign_ext n v1) (sign_ext n v2).
[891]1193#n #v1 #v2 #H inversion H // #v #e1 #e2 whd in ⊢ (?%?) //
[487]1194qed.
[3]1195(*
1196Lemma singleoffloat_lessdef:
1197  forall v1 v2, lessdef v1 v2 -> lessdef (singleoffloat v1) (singleoffloat v2).
1198Proof.
1199  intros; inv H; simpl; auto.
1200Qed.
1201
1202End Val.
1203*)
Note: See TracBrowser for help on using the repository browser.