source: src/ASM/AssemblyProof.ma @ 843

Last change on this file since 843 was 841, checked in by sacerdot, 10 years ago

Minor changes.

File size: 9.2 KB
Line 
1include "ASM/Assembly.ma".
2include "ASM/Interpret.ma".
3
4(* This establishes the correspondence between pseudo program counters and
5   program counters. It is at the heart of the proof. *)
6(*CSC: code taken from build_maps *)
7definition sigma: pseudo_assembly_program → option (Word → Word) ≝
8 λinstr_list.
9  let result ≝ foldl ??
10    (λt. λi.
11       match t with
12       [ None ⇒ None ?
13       | Some ppc_pc_map ⇒
14         let 〈ppc,pc_map〉 ≝ ppc_pc_map in
15         let 〈program_counter, sigma_map〉 ≝ pc_map in
16         let 〈label, i〉 ≝ i in
17          match construct_costs instr_list program_counter (λx. zero ?) (λx. zero ?) (Stub …) i with
18           [ None ⇒ None ?
19           | Some pc_ignore ⇒
20              let 〈pc,ignore〉 ≝ pc_ignore in
21              Some … 〈S ppc,〈pc, insert ? ? (bitvector_of_nat ? ppc) (bitvector_of_nat ? pc) sigma_map〉〉 ]
22       ]) (Some ? 〈0, 〈0, (Stub ? ?)〉〉) (\snd instr_list) in
23  match result with
24  [ None ⇒ None ?
25  | Some result ⇒
26    let 〈ppc,pc_sigma_map〉 ≝ result in
27    let 〈pc, sigma_map〉 ≝ pc_sigma_map in
28      if gtb pc (2^16) then
29        None ?
30      else
31        Some ? (λx.lookup ?? x sigma_map (zero …)) ].
32
33
34let rec encoding_check (code_memory: BitVectorTrie Byte 16) (pc: Word) (final_pc: Word)
35                       (encoding: list Byte) on encoding: Prop ≝
36  match encoding with
37  [ nil ⇒ final_pc = pc
38  | cons hd tl ⇒
39    let 〈new_pc, byte〉 ≝ next code_memory pc in
40      hd = byte ∧ encoding_check code_memory new_pc final_pc tl
41  ].
42
43axiom sigma: pseudo_assembly_program → Word → Word.
44
45definition assembly_specification:
46  ∀assembly_program: pseudo_assembly_program.
47  ∀code_mem: BitVectorTrie Byte 16. Prop ≝
48  λpseudo_assembly_program.
49  λcode_mem.
50    ∀pc: Word.
51      let 〈preamble, instr_list〉 ≝ pseudo_assembly_program in
52      let 〈pre_instr, pre_new_pc〉 ≝ fetch_pseudo_instruction instr_list pc in
53      let labels ≝ λx. sigma pseudo_assembly_program (address_of_word_labels_code_mem instr_list x) in
54      let datalabels ≝ λx. sigma pseudo_assembly_program (lookup ? ? x (construct_datalabels preamble) (zero ?)) in
55      let pre_assembled ≝ assembly_1_pseudoinstruction pseudo_assembly_program
56       (sigma pseudo_assembly_program pc) labels datalabels pre_instr in
57      match pre_assembled with
58       [ None ⇒ True
59       | Some pc_code ⇒
60          let 〈new_pc,code〉 ≝ pc_code in
61           encoding_check code_mem pc (sigma pseudo_assembly_program pre_new_pc) code ].
62
63axiom assembly_meets_specification:
64  ∀pseudo_assembly_program.
65    match assembly pseudo_assembly_program with
66    [ None ⇒ True
67    | Some code_mem_cost ⇒
68      let 〈code_mem, cost〉 ≝ code_mem_cost in
69        assembly_specification pseudo_assembly_program (load_code_memory code_mem)
70    ].
71(*
72  # PROGRAM
73  [ cases PROGRAM
74    # PREAMBLE
75    # INSTR_LIST
76    elim INSTR_LIST
77    [ whd
78      whd in ⊢ (∀_. %)
79      # PC
80      whd
81    | # INSTR
82      # INSTR_LIST_TL
83      # H
84      whd
85      whd in ⊢ (match % with [ _ ⇒ ? | _ ⇒ ?])
86    ]
87  | cases not_implemented
88  ] *)
89
90definition status_of_pseudo_status: PseudoStatus → option Status ≝
91 λps.
92  let pap ≝ code_memory … ps in
93   match assembly pap with
94    [ None ⇒ None …
95    | Some p ⇒
96       let cm ≝ load_code_memory (\fst p) in
97       let pc ≝ sigma pap (program_counter ? ps) in
98        Some …
99         (mk_PreStatus (BitVectorTrie Byte 16)
100           cm
101           (low_internal_ram … ps)
102           (high_internal_ram … ps)
103           (external_ram … ps)
104           pc
105           (special_function_registers_8051 … ps)
106           (special_function_registers_8052 … ps)
107           (p1_latch … ps)
108           (p3_latch … ps)
109           (clock … ps)) ].
110           
111(* RUSSEL **)
112
113include "basics/jmeq.ma".
114
115definition inject : ∀A.∀P:A → Prop.∀a.∀p:P a.Σx:A.P x ≝ λA,P,a,p. dp … a p.
116definition eject : ∀A.∀P: A → Prop.(Σx:A.P x) → A ≝ λA,P,c.match c with [ dp w p ⇒ w].
117
118coercion inject : ∀A.∀P:A → Prop.∀a.∀p:P a.Σx:A.P x ≝ inject on a:? to Σx:?.?.
119coercion eject : ∀A.∀P:A → Prop.∀c:Σx:A.P x.A ≝ eject on _c:Σx:?.? to ?.
120
121lemma sig2: ∀A.∀P:A → Prop. ∀p:Σx:A.P x. P (eject … p).
122 #A #P #p cases p #w #q @q
123qed.
124
125(* END RUSSELL **)
126
127definition write_at_stack_pointer':
128 ∀M. ∀ps: PreStatus M. Byte → Σps':PreStatus M.(code_memory … ps = code_memory … ps') ≝
129  λM: Type[0].
130  λs: PreStatus M.
131  λv: Byte.
132    let 〈 nu, nl 〉 ≝ split … 4 4 (get_8051_sfr ? s SFR_SP) in
133    let bit_zero ≝ get_index_v… nu O ? in
134    let bit_1 ≝ get_index_v… nu 1 ? in
135    let bit_2 ≝ get_index_v… nu 2 ? in
136    let bit_3 ≝ get_index_v… nu 3 ? in
137      if bit_zero then
138        let memory ≝ insert … ([[ bit_1 ; bit_2 ; bit_3 ]] @@ nl)
139                              v (low_internal_ram ? s) in
140          set_low_internal_ram ? s memory
141      else
142        let memory ≝ insert … ([[ bit_1 ; bit_2 ; bit_3 ]] @@ nl)
143                              v (high_internal_ram ? s) in
144          set_high_internal_ram ? s memory.
145  [ cases l0 %
146  |2,3,4,5: cases not_implemented (* CSC: ???? normalize repeat (@ le_S_S) @ le_O_n *)
147  ]
148qed.
149
150definition execute_1_pseudo_instruction': (Word → nat) → ∀ps:PseudoStatus.
151 Σps':PseudoStatus.(code_memory … ps = code_memory … ps')
152
153  λticks_of.
154  λs.
155  let 〈instr, pc〉 ≝ fetch_pseudo_instruction (\snd (code_memory ? s)) (program_counter ? s) in
156  let ticks ≝ ticks_of (program_counter ? s) in
157  let s ≝ set_clock ? s (clock ? s + ticks) in
158  let s ≝ set_program_counter ? s pc in
159    match instr with
160    [ Instruction instr ⇒
161       execute_1_preinstruction … (λx, y. address_of_word_labels y x) instr s
162    | Comment cmt ⇒ s
163    | Cost cst ⇒ s
164    | Jmp jmp ⇒ set_program_counter ? s (address_of_word_labels s jmp)
165    | Call call ⇒
166      let a ≝ address_of_word_labels s call in
167      let 〈carry, new_sp〉 ≝ half_add ? (get_8051_sfr ? s SFR_SP) (bitvector_of_nat 8 1) in
168      let s ≝ set_8051_sfr ? s SFR_SP new_sp in
169      let 〈pc_bu, pc_bl〉 ≝ split ? 8 8 (program_counter ? s) in
170      let s ≝ write_at_stack_pointer' ? s pc_bl in
171      let 〈carry, new_sp〉 ≝ half_add ? (get_8051_sfr ? s SFR_SP) (bitvector_of_nat 8 1) in
172      let s ≝ set_8051_sfr ? s SFR_SP new_sp in
173      let s ≝ write_at_stack_pointer' ? s pc_bu in
174        set_program_counter ? s a
175    | Mov dptr ident ⇒
176       set_arg_16 ? s (get_arg_16 ? s (DATA16 (address_of_word_labels s ident))) dptr
177    ].
178 [
179 |2,3,4: %
180 | <(sig2 … l7) whd in ⊢ (??? (??%)) <(sig2 … l5) %
181 |
182 | (*CSC: ??? *)
183 | (*CSC: ??? *)
184 | %
185 ]
186 cases not_implemented
187qed.
188
189(*
190lemma execute_code_memory_unchanged:
191 ∀ticks_of,ps. code_memory ? ps = code_memory ? (execute_1_pseudo_instruction ticks_of ps).
192 #ticks #ps whd in ⊢ (??? (??%))
193 cases (fetch_pseudo_instruction (\snd (code_memory pseudo_assembly_program ps))
194  (program_counter pseudo_assembly_program ps)) #instr #pc
195 whd in ⊢ (??? (??%)) cases instr
196  [ #pre cases pre
197     [ #a1 #a2 whd in ⊢ (??? (??%)) cases (add_8_with_carry ???) #y1 #y2 whd in ⊢ (??? (??%))
198       cases (split ????) #z1 #z2 %
199     | #a1 #a2 whd in ⊢ (??? (??%)) cases (add_8_with_carry ???) #y1 #y2 whd in ⊢ (??? (??%))
200       cases (split ????) #z1 #z2 %
201     | #a1 #a2 whd in ⊢ (??? (??%)) cases (sub_8_with_carry ???) #y1 #y2 whd in ⊢ (??? (??%))
202       cases (split ????) #z1 #z2 %
203     | #a1 whd in ⊢ (??? (??%)) cases a1 #x #H whd in ⊢ (??? (??%)) cases x
204       [ #x1 whd in ⊢ (??? (??%))
205     | *: cases not_implemented
206     ]
207  | #comment %
208  | #cost %
209  | #label %
210  | #label whd in ⊢ (??? (??%)) cases (half_add ???) #x1 #x2 whd in ⊢ (??? (??%))
211    cases (split ????) #y1 #y2 whd in ⊢ (??? (??%)) cases (half_add ???) #z1 #z2
212    whd in ⊢ (??? (??%)) whd in ⊢ (??? (??%)) cases (split ????) #w1 #w2
213    whd in ⊢ (??? (??%)) cases (get_index_v bool ????) whd in ⊢ (??? (??%))
214    (* CSC: ??? *)
215  | #dptr #label (* CSC: ??? *)
216  ]
217  cases not_implemented
218qed.
219*)
220
221lemma status_of_pseudo_status_failure_depends_only_on_code_memory:
222 ∀ps,ps': PseudoStatus.
223  code_memory … ps = code_memory … ps' →
224   match status_of_pseudo_status ps with
225    [ None ⇒ status_of_pseudo_status ps' = None …
226    | Some _ ⇒ ∃w. status_of_pseudo_status ps' = Some … w
227    ].
228 #ps #ps' #H whd in ⊢ (match % with [ _ ⇒ ? | _ ⇒ ? ])
229 generalize in match (refl … (assembly (code_memory … ps)))
230 cases (assembly ?) in ⊢ (???% → %)
231  [ #K whd whd in ⊢ (??%?) <H >K %
232  | #x #K whd whd in ⊢ (?? (λ_.??%?)) <H >K % [2: % ] ]
233qed.
234 
235lemma main_thm:
236 ∀ticks_of.
237 ∀ps: PseudoStatus.
238  match status_of_pseudo_status ps with [ None ⇒ True | Some s ⇒
239  let ps' ≝ execute_1_pseudo_instruction ticks_of ps in
240  match status_of_pseudo_status ps' with [ None ⇒ True | Some s'' ⇒
241  let s' ≝ execute_1 s in
242   s = s'']].
243 #ticks_of #ps
244 whd in ⊢ (match % with [ _ ⇒ ? | _ ⇒ ? ])
245 cases (assembly (code_memory pseudo_assembly_program ps)) [%] * #cm #costs whd
246 whd in ⊢ (match % with [ _ ⇒ ? | _ ⇒ ? ])
247 generalize in match (sig2 … (execute_1_pseudo_instruction' ticks_of ps))
248 
249 cases (status_of_pseudo_status (execute_1_pseudo_instruction ticks_of ps)) [%] #s'' whd
Note: See TracBrowser for help on using the repository browser.