source: src/common/Values.ma @ 1367

Last change on this file since 1367 was 1347, checked in by campbell, 8 years ago

Remove obsolete definitions.

File size: 30.5 KB
Line 
1(* *********************************************************************)
2(*                                                                     *)
3(*              The Compcert verified compiler                         *)
4(*                                                                     *)
5(*          Xavier Leroy, INRIA Paris-Rocquencourt                     *)
6(*                                                                     *)
7(*  Copyright Institut National de Recherche en Informatique et en     *)
8(*  Automatique.  All rights reserved.  This file is distributed       *)
9(*  under the terms of the GNU General Public License as published by  *)
10(*  the Free Software Foundation, either version 2 of the License, or  *)
11(*  (at your option) any later version.  This file is also distributed *)
12(*  under the terms of the INRIA Non-Commercial License Agreement.     *)
13(*                                                                     *)
14(* *********************************************************************)
15
16(* * This module defines the type of values that is used in the dynamic
17  semantics of all our intermediate languages. *)
18
19include "utilities/Coqlib.ma".
20include "common/Floats.ma".
21include "common/Errors.ma".
22include "common/Pointers.ma".
23include "basics/logic.ma".
24
25(* * A value is either:
26- a machine integer;
27- a floating-point number;
28- a pointer: a triple giving the representation of the pointer (in terms of the
29             memory regions such a pointer could address), a memory address and
30             an integer offset with respect to this address;
31- a null pointer: the region denotes the representation (i.e., pointer size)
32- the [Vundef] value denoting an arbitrary bit pattern, such as the
33  value of an uninitialized variable.
34*)
35
36inductive val: Type[0] ≝
37  | Vundef: val
38  | Vint: ∀sz:intsize. bvint sz → val
39  | Vfloat: float → val
40  | Vnull: region → val
41  | Vptr: ∀r:region. ∀b:block. pointer_compat b r → offset → val.
42
43definition Vzero : intsize → val ≝ λsz. Vint sz (zero ?).
44definition Vone: intsize → val ≝ λsz. Vint sz (repr sz 1).
45definition mone ≝ λsz. bitvector_of_Z (bitsize_of_intsize sz) (neg one).
46definition Vmone: intsize → val ≝ λsz. Vint sz (mone ?).
47
48(* XXX 32bit booleans are Clight specific. *)
49definition Vtrue: val ≝ Vone I32.
50definition Vfalse: val ≝ Vzero I32.
51
52(*
53(** The module [Val] defines a number of arithmetic and logical operations
54  over type [val].  Most of these operations are straightforward extensions
55  of the corresponding integer or floating-point operations. *)
56
57Module Val.
58*)
59definition of_bool : bool → val ≝ λb. if b then Vtrue else Vfalse.
60(*
61definition has_type ≝ λv: val. λt: typ.
62  match v with
63  [ Vundef ⇒ True
64  | Vint _ ⇒ match t with [ ASTint ⇒ True | _ ⇒ False ]
65  | Vfloat _ ⇒ match t with [ ASTfloat ⇒ True | _ ⇒ False ]
66  | Vptr _ _ _ ⇒ match t with [ ASTptr ⇒ True | _ ⇒ False ]
67  | _ ⇒ False
68  ].
69
70let rec has_type_list (vl: list val) (tl: list typ) on vl : Prop ≝
71  match vl with
72  [ nil ⇒ match tl with [ nil ⇒ True | _ ⇒ False ]
73  | cons v1 vs ⇒ match tl with [ nil ⇒ False | cons t1 ts ⇒
74               has_type v1 t1 ∧ has_type_list vs ts ]
75  ].
76*)
77(* * Truth values.  Pointers and non-zero integers are treated as [True].
78  The integer 0 (also used to represent the null pointer) is [False].
79  [Vundef] and floats are neither true nor false. *)
80
81definition is_true : val → Prop ≝ λv.
82  match v with
83  [ Vint _ n ⇒ n ≠ (zero ?)
84  | Vptr _ b _ ofs ⇒ True
85  | _ ⇒ False
86  ].
87
88definition is_false : val → Prop ≝ λv.
89  match v with
90  [ Vint _ n ⇒ n = (zero ?)
91  | Vnull _ ⇒ True
92  | _ ⇒ False
93  ].
94
95inductive bool_of_val: val → bool → Prop ≝
96  | bool_of_val_int_true:
97      ∀sz,n. n ≠ zero ? → bool_of_val (Vint sz n) true
98  | bool_of_val_int_false:
99      ∀sz. bool_of_val (Vzero sz) false
100  | bool_of_val_ptr:
101      ∀r,b,p,ofs. bool_of_val (Vptr r b p ofs) true
102  | bool_of_val_null:
103      ∀r. bool_of_val (Vnull r) true.
104
105axiom ValueNotABoolean : String.
106
107definition eval_bool_of_val : val → res bool ≝
108λv. match v with
109[ Vint _ i ⇒ OK ? (notb (eq_bv ? i (zero ?)))
110| Vnull _ ⇒ OK ? false
111| Vptr _ _ _ _ ⇒ OK ? true
112| _ ⇒ Error ? (msg ValueNotABoolean)
113].
114
115definition neg : val → val ≝ λv.
116  match v with
117  [ Vint sz n ⇒ Vint sz (two_complement_negation ? n)
118  | _ ⇒ Vundef
119  ].
120
121definition negf : val → val ≝ λv.
122  match v with
123  [ Vfloat f ⇒ Vfloat (Fneg f)
124  | _ => Vundef
125  ].
126
127definition absf : val → val ≝ λv.
128  match v with
129  [ Vfloat f ⇒ Vfloat (Fabs f)
130  | _ ⇒ Vundef
131  ].
132
133definition intoffloat : intsize → val → val ≝ λsz,v.
134  match v with
135  [ Vfloat f ⇒ Vint sz (intoffloat ? f)
136  | _ ⇒ Vundef
137  ].
138
139definition intuoffloat : intsize → val → val ≝ λsz,v.
140  match v with
141  [ Vfloat f ⇒ Vint sz (intuoffloat ? f)
142  | _ ⇒ Vundef
143  ].
144
145definition floatofint : val → val ≝ λv.
146  match v with
147  [ Vint sz n ⇒ Vfloat (floatofint ? n)
148  | _ ⇒ Vundef
149  ].
150
151definition floatofintu : val → val ≝ λv.
152  match v with
153  [ Vint sz n ⇒ Vfloat (floatofintu ? n)
154  | _ ⇒ Vundef
155  ].
156
157definition notint : val → val ≝ λv.
158  match v with
159  [ Vint sz n ⇒ Vint sz (exclusive_disjunction_bv ? n (mone ?))
160  | _ ⇒ Vundef
161  ].
162 
163definition notbool : val → val ≝ λv.
164  match v with
165  [ Vint sz n ⇒ of_bool (eq_bv ? n (zero ?))
166  | Vptr _ b _ ofs ⇒ Vfalse
167  | Vnull _ ⇒ Vtrue
168  | _ ⇒ Vundef
169  ].
170
171definition zero_ext ≝ λrsz: intsize. λv: val.
172  match v with
173  [ Vint sz n ⇒ Vint rsz (zero_ext … n)
174  | _ ⇒ Vundef
175  ].
176
177definition sign_ext ≝ λrsz:intsize. λv:val.
178  match v with
179  [ Vint sz i ⇒ Vint rsz (sign_ext … i)
180  | _ ⇒ Vundef
181  ].
182
183definition singleoffloat : val → val ≝ λv.
184  match v with
185  [ Vfloat f ⇒ Vfloat (singleoffloat f)
186  | _ ⇒ Vundef
187  ].
188
189(* TODO: add zero to null? *)
190definition add ≝ λv1,v2: val.
191  match v1 with
192  [ Vint sz1 n1 ⇒ match v2 with
193    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
194                    (λn1. Vint sz2 (addition_n ? n1 n2))
195                    Vundef
196    | Vptr r b2 p ofs2 ⇒ Vptr r b2 p (shift_offset ? ofs2 n1)
197    | _ ⇒ Vundef ]
198  | Vptr r b1 p ofs1 ⇒ match v2 with
199    [ Vint _ n2 ⇒ Vptr r b1 p (shift_offset ? ofs1 n2)
200    | _ ⇒ Vundef ]
201  | _ ⇒ Vundef ].
202
203(* XXX Is I32 the best answer for ptr subtraction? *)
204
205definition sub ≝ λv1,v2: val.
206  match v1 with
207  [ Vint sz1 n1 ⇒ match v2 with
208    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
209                    (λn1. Vint sz2 (subtraction ? n1 n2))
210                    Vundef
211    | _ ⇒ Vundef ]
212  | Vptr r1 b1 p1 ofs1 ⇒ match v2 with
213    [ Vint sz2 n2 ⇒ Vptr r1 b1 p1 (neg_shift_offset ? ofs1 n2)
214    | Vptr r2 b2 p2 ofs2 ⇒
215        if eq_block b1 b2 then Vint I32 (sub_offset ? ofs1 ofs2) else Vundef
216    | _ ⇒ Vundef ]
217  | Vnull r ⇒ match v2 with [ Vnull r' ⇒ Vzero I32 | _ ⇒ Vundef ]
218  | _ ⇒ Vundef ].
219
220definition mul ≝ λv1, v2: val.
221  match v1 with
222  [ Vint sz1 n1 ⇒ match v2 with
223    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
224                    (λn1. Vint sz2 (\snd (split … (multiplication ? n1 n2))))
225                    Vundef
226    | _ ⇒ Vundef ]
227  | _ ⇒ Vundef ].
228(*
229definition divs ≝ λv1, v2: val.
230  match v1 with
231  [ Vint n1 ⇒ match v2 with
232    [ Vint n2 ⇒ Vint (divs n1 n2)
233    | _ ⇒ Vundef ]
234  | _ ⇒ Vundef ].
235
236Definition mods (v1 v2: val): val :=
237  match v1, v2 with
238  | Vint n1, Vint n2 =>
239      if Int.eq n2 Int.zero then Vundef else Vint(Int.mods n1 n2)
240  | _, _ => Vundef
241  end.
242
243Definition divu (v1 v2: val): val :=
244  match v1, v2 with
245  | Vint n1, Vint n2 =>
246      if Int.eq n2 Int.zero then Vundef else Vint(Int.divu n1 n2)
247  | _, _ => Vundef
248  end.
249
250Definition modu (v1 v2: val): val :=
251  match v1, v2 with
252  | Vint n1, Vint n2 =>
253      if Int.eq n2 Int.zero then Vundef else Vint(Int.modu n1 n2)
254  | _, _ => Vundef
255  end.
256*)
257definition v_and ≝ λv1, v2: val.
258  match v1 with
259  [ Vint sz1 n1 ⇒ match v2 with
260    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
261                    (λn1. Vint ? (conjunction_bv ? n1 n2))
262                    Vundef
263    | _ ⇒ Vundef ]
264  | _ ⇒ Vundef ].
265
266definition or ≝ λv1, v2: val.
267  match v1 with
268  [ Vint sz1 n1 ⇒ match v2 with
269    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
270                    (λn1. Vint ? (inclusive_disjunction_bv ? n1 n2))
271                    Vundef
272    | _ ⇒ Vundef ]
273  | _ ⇒ Vundef ].
274
275definition xor ≝ λv1, v2: val.
276  match v1 with
277  [ Vint sz1 n1 ⇒ match v2 with
278    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
279                    (λn1. Vint ? (exclusive_disjunction_bv ? n1 n2))
280                    Vundef
281    | _ ⇒ Vundef ]
282  | _ ⇒ Vundef ].
283(*
284Definition shl (v1 v2: val): val :=
285  match v1, v2 with
286  | Vint n1, Vint n2 =>
287     if Int.ltu n2 Int.iwordsize
288     then Vint(Int.shl n1 n2)
289     else Vundef
290  | _, _ => Vundef
291  end.
292
293Definition shr (v1 v2: val): val :=
294  match v1, v2 with
295  | Vint n1, Vint n2 =>
296     if Int.ltu n2 Int.iwordsize
297     then Vint(Int.shr n1 n2)
298     else Vundef
299  | _, _ => Vundef
300  end.
301
302Definition shr_carry (v1 v2: val): val :=
303  match v1, v2 with
304  | Vint n1, Vint n2 =>
305     if Int.ltu n2 Int.iwordsize
306     then Vint(Int.shr_carry n1 n2)
307     else Vundef
308  | _, _ => Vundef
309  end.
310
311Definition shrx (v1 v2: val): val :=
312  match v1, v2 with
313  | Vint n1, Vint n2 =>
314     if Int.ltu n2 Int.iwordsize
315     then Vint(Int.shrx n1 n2)
316     else Vundef
317  | _, _ => Vundef
318  end.
319
320Definition shru (v1 v2: val): val :=
321  match v1, v2 with
322  | Vint n1, Vint n2 =>
323     if Int.ltu n2 Int.iwordsize
324     then Vint(Int.shru n1 n2)
325     else Vundef
326  | _, _ => Vundef
327  end.
328
329Definition rolm (v: val) (amount mask: int): val :=
330  match v with
331  | Vint n => Vint(Int.rolm n amount mask)
332  | _ => Vundef
333  end.
334
335Definition ror (v1 v2: val): val :=
336  match v1, v2 with
337  | Vint n1, Vint n2 =>
338     if Int.ltu n2 Int.iwordsize
339     then Vint(Int.ror n1 n2)
340     else Vundef
341  | _, _ => Vundef
342  end.
343*)
344definition addf ≝ λv1,v2: val.
345  match v1 with
346  [ Vfloat f1 ⇒ match v2 with
347    [ Vfloat f2 ⇒ Vfloat (Fadd f1 f2)
348    | _ ⇒ Vundef ]
349  | _ ⇒ Vundef ].
350
351definition subf ≝ λv1,v2: val.
352  match v1 with
353  [ Vfloat f1 ⇒ match v2 with
354    [ Vfloat f2 ⇒ Vfloat (Fsub f1 f2)
355    | _ ⇒ Vundef ]
356  | _ ⇒ Vundef ].
357
358definition mulf ≝ λv1,v2: val.
359  match v1 with
360  [ Vfloat f1 ⇒ match v2 with
361    [ Vfloat f2 ⇒ Vfloat (Fmul f1 f2)
362    | _ ⇒ Vundef ]
363  | _ ⇒ Vundef ].
364
365definition divf ≝ λv1,v2: val.
366  match v1 with
367  [ Vfloat f1 ⇒ match v2 with
368    [ Vfloat f2 ⇒ Vfloat (Fdiv f1 f2)
369    | _ ⇒ Vundef ]
370  | _ ⇒ Vundef ].
371
372definition cmp_match : comparison → val ≝ λc.
373  match c with
374  [ Ceq ⇒ Vtrue
375  | Cne ⇒ Vfalse
376  | _   ⇒ Vundef
377  ].
378
379definition cmp_mismatch : comparison → val ≝ λc.
380  match c with
381  [ Ceq ⇒ Vfalse
382  | Cne ⇒ Vtrue
383  | _   ⇒ Vundef
384  ].
385
386definition cmp_offset ≝
387λc: comparison. λx,y:offset.
388  match c with
389  [ Ceq ⇒  eq_offset x y
390  | Cne ⇒ ¬eq_offset x y
391  | Clt ⇒  lt_offset x y
392  | Cle ⇒ ¬lt_offset y x
393  | Cgt ⇒  lt_offset y x
394  | Cge ⇒ ¬lt_offset x y
395  ].
396
397definition cmp_int : ∀n. comparison → BitVector n → BitVector n → bool ≝
398λn,c,x,y.
399  match c with
400  [ Ceq ⇒ eq_bv ? x y
401  | Cne ⇒ notb (eq_bv ? x y)
402  | Clt ⇒ lt_s ? x y
403  | Cle ⇒ notb (lt_s ? y x)
404  | Cgt ⇒ lt_s ? y x
405  | Cge ⇒ notb (lt_s ? x y)
406  ].
407
408definition cmpu_int : ∀n. comparison → BitVector n → BitVector n → bool ≝
409λn,c,x,y.
410  match c with
411  [ Ceq ⇒ eq_bv ? x y
412  | Cne ⇒ notb (eq_bv ? x y)
413  | Clt ⇒ lt_u ? x y
414  | Cle ⇒ notb (lt_u ? y x)
415  | Cgt ⇒ lt_u ? y x
416  | Cge ⇒ notb (lt_u ? x y)
417  ].
418
419definition cmp ≝ λc: comparison. λv1,v2: val.
420  match v1 with
421  [ Vint sz1 n1 ⇒ match v2 with
422    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
423                    (λn1. of_bool (cmp_int ? c n1 n2))
424                    Vundef
425    | _ ⇒ Vundef ]
426  | Vptr r1 b1 p1 ofs1 ⇒ match v2 with
427    [ Vptr r2 b2 p2 ofs2 ⇒
428        if eq_block b1 b2
429        then of_bool (cmp_offset c ofs1 ofs2)
430        else cmp_mismatch c
431    | Vnull r2 ⇒ cmp_mismatch c
432    | _ ⇒ Vundef ]
433  | Vnull r1 ⇒ match v2 with
434    [ Vptr _ _ _ _ ⇒ cmp_mismatch c
435    | Vnull r2 ⇒ cmp_match c
436    | _ ⇒ Vundef
437    ]
438  | _ ⇒ Vundef ].
439
440definition cmpu ≝ λc: comparison. λv1,v2: val.
441  match v1 with
442  [ Vint sz1 n1 ⇒ match v2 with
443    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
444                    (λn1. of_bool (cmpu_int ? c n1 n2))
445                    Vundef
446    | _ ⇒ Vundef ]
447  | Vptr r1 b1 p1 ofs1 ⇒ match v2 with
448    [ Vptr r2 b2 p2 ofs2 ⇒
449        if eq_block b1 b2
450        then of_bool (cmp_offset c ofs1 ofs2)
451        else cmp_mismatch c
452    | Vnull r2 ⇒ cmp_mismatch c
453    | _ ⇒ Vundef ]
454  | Vnull r1 ⇒ match v2 with
455    [ Vptr _ _ _ _ ⇒ cmp_mismatch c
456    | Vnull r2 ⇒ cmp_match c
457    | _ ⇒ Vundef
458    ]
459  | _ ⇒ Vundef ].
460
461definition cmpf ≝ λc: comparison. λsz:intsize. λv1,v2: val.
462  match v1 with
463  [ Vfloat f1 ⇒ match v2 with
464    [ Vfloat f2 ⇒ of_bool (Fcmp c f1 f2)
465    | _ ⇒ Vundef ]
466  | _ ⇒ Vundef ].
467
468(* * [load_result] is used in the memory model (library [Mem])
469  to post-process the results of a memory read.  For instance,
470  consider storing the integer value [0xFFF] on 1 byte at a
471  given address, and reading it back.  If it is read back with
472  chunk [Mint8unsigned], zero-extension must be performed, resulting
473  in [0xFF].  If it is read back as a [Mint8signed], sign-extension
474  is performed and [0xFFFFFFFF] is returned.   Type mismatches
475  (e.g. reading back a float as a [Mint32]) read back as [Vundef]. *)
476(* XXX update comment *)
477(* XXX is this even necessary now?
478       should we be able to extract bytes? *)
479
480let rec load_result (chunk: memory_chunk) (v: val) ≝
481  match v with
482  [ Vint sz n ⇒
483    match chunk with
484    [ Mint8signed ⇒ match sz with [ I8 ⇒ v | _ ⇒ Vundef ]
485    | Mint8unsigned ⇒ match sz with [ I8 ⇒ v | _ ⇒ Vundef ]
486    | Mint16signed ⇒ match sz with [ I16 ⇒ v | _ ⇒ Vundef ]
487    | Mint16unsigned ⇒ match sz with [ I16 ⇒ v | _ ⇒ Vundef ]
488    | Mint32 ⇒  match sz with [ I32 ⇒ v | _ ⇒ Vundef ]
489    | _ ⇒ Vundef
490    ]
491  | Vptr r b p ofs ⇒
492    match chunk with
493    [ Mpointer r' ⇒ if eq_region r r' then Vptr r b p ofs else Vundef
494    | _ ⇒ Vundef
495    ]
496  | Vnull r ⇒
497    match chunk with
498    [ Mpointer r' ⇒ if eq_region r r' then Vnull r else Vundef
499    | _ ⇒ Vundef
500    ]
501  | Vfloat f ⇒
502    match chunk with
503    [ Mfloat32 ⇒ Vfloat(singleoffloat f)
504    | Mfloat64 ⇒ Vfloat f
505    | _ ⇒ Vundef
506    ]
507  | _ ⇒ Vundef
508  ].
509
510(*
511(** Theorems on arithmetic operations. *)
512
513Theorem cast8unsigned_and:
514  forall x, zero_ext 8 x = and x (Vint(Int.repr 255)).
515Proof.
516  destruct x; simpl; auto. decEq.
517  change 255 with (two_p 8 - 1). apply Int.zero_ext_and. vm_compute; auto.
518Qed.
519
520Theorem cast16unsigned_and:
521  forall x, zero_ext 16 x = and x (Vint(Int.repr 65535)).
522Proof.
523  destruct x; simpl; auto. decEq.
524  change 65535 with (two_p 16 - 1). apply Int.zero_ext_and. vm_compute; auto.
525Qed.
526
527Theorem istrue_not_isfalse:
528  forall v, is_false v -> is_true (notbool v).
529Proof.
530  destruct v; simpl; try contradiction.
531  intros. subst i. simpl. discriminate.
532Qed.
533
534Theorem isfalse_not_istrue:
535  forall v, is_true v -> is_false (notbool v).
536Proof.
537  destruct v; simpl; try contradiction.
538  intros. generalize (Int.eq_spec i Int.zero).
539  case (Int.eq i Int.zero); intro.
540  contradiction. simpl. auto.
541  auto.
542Qed.
543
544Theorem bool_of_true_val:
545  forall v, is_true v -> bool_of_val v true.
546Proof.
547  intro. destruct v; simpl; intros; try contradiction.
548  constructor; auto. constructor.
549Qed.
550
551Theorem bool_of_true_val2:
552  forall v, bool_of_val v true -> is_true v.
553Proof.
554  intros. inversion H; simpl; auto.
555Qed.
556
557Theorem bool_of_true_val_inv:
558  forall v b, is_true v -> bool_of_val v b -> b = true.
559Proof.
560  intros. inversion H0; subst v b; simpl in H; auto.
561Qed.
562
563Theorem bool_of_false_val:
564  forall v, is_false v -> bool_of_val v false.
565Proof.
566  intro. destruct v; simpl; intros; try contradiction.
567  subst i;  constructor.
568Qed.
569
570Theorem bool_of_false_val2:
571  forall v, bool_of_val v false -> is_false v.
572Proof.
573  intros. inversion H; simpl; auto.
574Qed.
575
576Theorem bool_of_false_val_inv:
577  forall v b, is_false v -> bool_of_val v b -> b = false.
578Proof.
579  intros. inversion H0; subst v b; simpl in H.
580  congruence. auto. contradiction.
581Qed.
582
583Theorem notbool_negb_1:
584  forall b, of_bool (negb b) = notbool (of_bool b).
585Proof.
586  destruct b; reflexivity.
587Qed.
588
589Theorem notbool_negb_2:
590  forall b, of_bool b = notbool (of_bool (negb b)).
591Proof.
592  destruct b; reflexivity.
593Qed.
594
595Theorem notbool_idem2:
596  forall b, notbool(notbool(of_bool b)) = of_bool b.
597Proof.
598  destruct b; reflexivity.
599Qed.
600
601Theorem notbool_idem3:
602  forall x, notbool(notbool(notbool x)) = notbool x.
603Proof.
604  destruct x; simpl; auto.
605  case (Int.eq i Int.zero); reflexivity.
606Qed.
607
608Theorem add_commut: forall x y, add x y = add y x.
609Proof.
610  destruct x; destruct y; simpl; auto.
611  decEq. apply Int.add_commut.
612Qed.
613
614Theorem add_assoc: forall x y z, add (add x y) z = add x (add y z).
615Proof.
616  destruct x; destruct y; destruct z; simpl; auto.
617  rewrite Int.add_assoc; auto.
618  rewrite Int.add_assoc; auto.
619  decEq. decEq. apply Int.add_commut.
620  decEq. rewrite Int.add_commut. rewrite <- Int.add_assoc.
621  decEq. apply Int.add_commut.
622  decEq. rewrite Int.add_assoc. auto.
623Qed.
624
625Theorem add_permut: forall x y z, add x (add y z) = add y (add x z).
626Proof.
627  intros. rewrite (add_commut y z). rewrite <- add_assoc. apply add_commut.
628Qed.
629
630Theorem add_permut_4:
631  forall x y z t, add (add x y) (add z t) = add (add x z) (add y t).
632Proof.
633  intros. rewrite add_permut. rewrite add_assoc.
634  rewrite add_permut. symmetry. apply add_assoc.
635Qed.
636
637Theorem neg_zero: neg Vzero = Vzero.
638Proof.
639  reflexivity.
640Qed.
641
642Theorem neg_add_distr: forall x y, neg(add x y) = add (neg x) (neg y).
643Proof.
644  destruct x; destruct y; simpl; auto. decEq. apply Int.neg_add_distr.
645Qed.
646
647Theorem sub_zero_r: forall x, sub Vzero x = neg x.
648Proof.
649  destruct x; simpl; auto.
650Qed.
651
652Theorem sub_add_opp: forall x y, sub x (Vint y) = add x (Vint (Int.neg y)).
653Proof.
654  destruct x; intro y; simpl; auto; rewrite Int.sub_add_opp; auto.
655Qed.
656
657Theorem sub_opp_add: forall x y, sub x (Vint (Int.neg y)) = add x (Vint y).
658Proof.
659  intros. unfold sub, add.
660  destruct x; auto; rewrite Int.sub_add_opp; rewrite Int.neg_involutive; auto.
661Qed.
662
663Theorem sub_add_l:
664  forall v1 v2 i, sub (add v1 (Vint i)) v2 = add (sub v1 v2) (Vint i).
665Proof.
666  destruct v1; destruct v2; intros; simpl; auto.
667  rewrite Int.sub_add_l. auto.
668  rewrite Int.sub_add_l. auto.
669  case (zeq b b0); intro. rewrite Int.sub_add_l. auto. reflexivity.
670Qed.
671
672Theorem sub_add_r:
673  forall v1 v2 i, sub v1 (add v2 (Vint i)) = add (sub v1 v2) (Vint (Int.neg i)).
674Proof.
675  destruct v1; destruct v2; intros; simpl; auto.
676  rewrite Int.sub_add_r. auto.
677  repeat rewrite Int.sub_add_opp. decEq.
678  repeat rewrite Int.add_assoc. decEq. apply Int.add_commut.
679  decEq. repeat rewrite Int.sub_add_opp.
680  rewrite Int.add_assoc. decEq. apply Int.neg_add_distr.
681  case (zeq b b0); intro. simpl. decEq.
682  repeat rewrite Int.sub_add_opp. rewrite Int.add_assoc. decEq.
683  apply Int.neg_add_distr.
684  reflexivity.
685Qed.
686
687Theorem mul_commut: forall x y, mul x y = mul y x.
688Proof.
689  destruct x; destruct y; simpl; auto. decEq. apply Int.mul_commut.
690Qed.
691
692Theorem mul_assoc: forall x y z, mul (mul x y) z = mul x (mul y z).
693Proof.
694  destruct x; destruct y; destruct z; simpl; auto.
695  decEq. apply Int.mul_assoc.
696Qed.
697
698Theorem mul_add_distr_l:
699  forall x y z, mul (add x y) z = add (mul x z) (mul y z).
700Proof.
701  destruct x; destruct y; destruct z; simpl; auto.
702  decEq. apply Int.mul_add_distr_l.
703Qed.
704
705
706Theorem mul_add_distr_r:
707  forall x y z, mul x (add y z) = add (mul x y) (mul x z).
708Proof.
709  destruct x; destruct y; destruct z; simpl; auto.
710  decEq. apply Int.mul_add_distr_r.
711Qed.
712
713Theorem mul_pow2:
714  forall x n logn,
715  Int.is_power2 n = Some logn ->
716  mul x (Vint n) = shl x (Vint logn).
717Proof.
718  intros; destruct x; simpl; auto.
719  change 32 with (Z_of_nat Int.wordsize).
720  rewrite (Int.is_power2_range _ _ H). decEq. apply Int.mul_pow2. auto.
721Qed. 
722
723Theorem mods_divs:
724  forall x y, mods x y = sub x (mul (divs x y) y).
725Proof.
726  destruct x; destruct y; simpl; auto.
727  case (Int.eq i0 Int.zero); simpl. auto. decEq. apply Int.mods_divs.
728Qed.
729
730Theorem modu_divu:
731  forall x y, modu x y = sub x (mul (divu x y) y).
732Proof.
733  destruct x; destruct y; simpl; auto.
734  generalize (Int.eq_spec i0 Int.zero);
735  case (Int.eq i0 Int.zero); simpl. auto.
736  intro. decEq. apply Int.modu_divu. auto.
737Qed.
738
739Theorem divs_pow2:
740  forall x n logn,
741  Int.is_power2 n = Some logn ->
742  divs x (Vint n) = shrx x (Vint logn).
743Proof.
744  intros; destruct x; simpl; auto.
745  change 32 with (Z_of_nat Int.wordsize).
746  rewrite (Int.is_power2_range _ _ H).
747  generalize (Int.eq_spec n Int.zero);
748  case (Int.eq n Int.zero); intro.
749  subst n. compute in H. discriminate.
750  decEq. apply Int.divs_pow2. auto.
751Qed.
752
753Theorem divu_pow2:
754  forall x n logn,
755  Int.is_power2 n = Some logn ->
756  divu x (Vint n) = shru x (Vint logn).
757Proof.
758  intros; destruct x; simpl; auto.
759  change 32 with (Z_of_nat Int.wordsize).
760  rewrite (Int.is_power2_range _ _ H).
761  generalize (Int.eq_spec n Int.zero);
762  case (Int.eq n Int.zero); intro.
763  subst n. compute in H. discriminate.
764  decEq. apply Int.divu_pow2. auto.
765Qed.
766
767Theorem modu_pow2:
768  forall x n logn,
769  Int.is_power2 n = Some logn ->
770  modu x (Vint n) = and x (Vint (Int.sub n Int.one)).
771Proof.
772  intros; destruct x; simpl; auto.
773  generalize (Int.eq_spec n Int.zero);
774  case (Int.eq n Int.zero); intro.
775  subst n. compute in H. discriminate.
776  decEq. eapply Int.modu_and; eauto.
777Qed.
778
779Theorem and_commut: forall x y, and x y = and y x.
780Proof.
781  destruct x; destruct y; simpl; auto. decEq. apply Int.and_commut.
782Qed.
783
784Theorem and_assoc: forall x y z, and (and x y) z = and x (and y z).
785Proof.
786  destruct x; destruct y; destruct z; simpl; auto.
787  decEq. apply Int.and_assoc.
788Qed.
789
790Theorem or_commut: forall x y, or x y = or y x.
791Proof.
792  destruct x; destruct y; simpl; auto. decEq. apply Int.or_commut.
793Qed.
794
795Theorem or_assoc: forall x y z, or (or x y) z = or x (or y z).
796Proof.
797  destruct x; destruct y; destruct z; simpl; auto.
798  decEq. apply Int.or_assoc.
799Qed.
800
801Theorem xor_commut: forall x y, xor x y = xor y x.
802Proof.
803  destruct x; destruct y; simpl; auto. decEq. apply Int.xor_commut.
804Qed.
805
806Theorem xor_assoc: forall x y z, xor (xor x y) z = xor x (xor y z).
807Proof.
808  destruct x; destruct y; destruct z; simpl; auto.
809  decEq. apply Int.xor_assoc.
810Qed.
811
812Theorem shl_mul: forall x y, Val.mul x (Val.shl Vone y) = Val.shl x y.
813Proof.
814  destruct x; destruct y; simpl; auto.
815  case (Int.ltu i0 Int.iwordsize); auto.
816  decEq. symmetry. apply Int.shl_mul.
817Qed.
818
819Theorem shl_rolm:
820  forall x n,
821  Int.ltu n Int.iwordsize = true ->
822  shl x (Vint n) = rolm x n (Int.shl Int.mone n).
823Proof.
824  intros; destruct x; simpl; auto.
825  rewrite H. decEq. apply Int.shl_rolm. exact H.
826Qed.
827
828Theorem shru_rolm:
829  forall x n,
830  Int.ltu n Int.iwordsize = true ->
831  shru x (Vint n) = rolm x (Int.sub Int.iwordsize n) (Int.shru Int.mone n).
832Proof.
833  intros; destruct x; simpl; auto.
834  rewrite H. decEq. apply Int.shru_rolm. exact H.
835Qed.
836
837Theorem shrx_carry:
838  forall x y,
839  add (shr x y) (shr_carry x y) = shrx x y.
840Proof.
841  destruct x; destruct y; simpl; auto.
842  case (Int.ltu i0 Int.iwordsize); auto.
843  simpl. decEq. apply Int.shrx_carry.
844Qed.
845
846Theorem or_rolm:
847  forall x n m1 m2,
848  or (rolm x n m1) (rolm x n m2) = rolm x n (Int.or m1 m2).
849Proof.
850  intros; destruct x; simpl; auto.
851  decEq. apply Int.or_rolm.
852Qed.
853
854Theorem rolm_rolm:
855  forall x n1 m1 n2 m2,
856  rolm (rolm x n1 m1) n2 m2 =
857    rolm x (Int.modu (Int.add n1 n2) Int.iwordsize)
858           (Int.and (Int.rol m1 n2) m2).
859Proof.
860  intros; destruct x; simpl; auto.
861  decEq.
862  apply Int.rolm_rolm. apply int_wordsize_divides_modulus.
863Qed.
864
865Theorem rolm_zero:
866  forall x m,
867  rolm x Int.zero m = and x (Vint m).
868Proof.
869  intros; destruct x; simpl; auto. decEq. apply Int.rolm_zero.
870Qed.
871
872Theorem addf_commut: forall x y, addf x y = addf y x.
873Proof.
874  destruct x; destruct y; simpl; auto. decEq. apply Float.addf_commut.
875Qed.
876
877Lemma negate_cmp_mismatch:
878  forall c,
879  cmp_mismatch (negate_comparison c) = notbool(cmp_mismatch c).
880Proof.
881  destruct c; reflexivity.
882Qed.
883
884Theorem negate_cmp:
885  forall c x y,
886  cmp (negate_comparison c) x y = notbool (cmp c x y).
887Proof.
888  destruct x; destruct y; simpl; auto.
889  rewrite Int.negate_cmp. apply notbool_negb_1.
890  case (Int.eq i Int.zero). apply negate_cmp_mismatch. reflexivity.
891  case (Int.eq i0 Int.zero). apply negate_cmp_mismatch. reflexivity.
892  case (zeq b b0); intro.
893  rewrite Int.negate_cmp. apply notbool_negb_1.
894  apply negate_cmp_mismatch.
895Qed.
896
897Theorem negate_cmpu:
898  forall c x y,
899  cmpu (negate_comparison c) x y = notbool (cmpu c x y).
900Proof.
901  destruct x; destruct y; simpl; auto.
902  rewrite Int.negate_cmpu. apply notbool_negb_1.
903  case (Int.eq i Int.zero). apply negate_cmp_mismatch. reflexivity.
904  case (Int.eq i0 Int.zero). apply negate_cmp_mismatch. reflexivity.
905  case (zeq b b0); intro.
906  rewrite Int.negate_cmpu. apply notbool_negb_1.
907  apply negate_cmp_mismatch.
908Qed.
909
910Lemma swap_cmp_mismatch:
911  forall c, cmp_mismatch (swap_comparison c) = cmp_mismatch c.
912Proof.
913  destruct c; reflexivity.
914Qed.
915 
916Theorem swap_cmp:
917  forall c x y,
918  cmp (swap_comparison c) x y = cmp c y x.
919Proof.
920  destruct x; destruct y; simpl; auto.
921  rewrite Int.swap_cmp. auto.
922  case (Int.eq i Int.zero). apply swap_cmp_mismatch. auto.
923  case (Int.eq i0 Int.zero). apply swap_cmp_mismatch. auto.
924  case (zeq b b0); intro.
925  subst b0. rewrite zeq_true. rewrite Int.swap_cmp. auto.
926  rewrite zeq_false. apply swap_cmp_mismatch. auto.
927Qed.
928
929Theorem swap_cmpu:
930  forall c x y,
931  cmpu (swap_comparison c) x y = cmpu c y x.
932Proof.
933  destruct x; destruct y; simpl; auto.
934  rewrite Int.swap_cmpu. auto.
935  case (Int.eq i Int.zero). apply swap_cmp_mismatch. auto.
936  case (Int.eq i0 Int.zero). apply swap_cmp_mismatch. auto.
937  case (zeq b b0); intro.
938  subst b0. rewrite zeq_true. rewrite Int.swap_cmpu. auto.
939  rewrite zeq_false. apply swap_cmp_mismatch. auto.
940Qed.
941
942Theorem negate_cmpf_eq:
943  forall v1 v2, notbool (cmpf Cne v1 v2) = cmpf Ceq v1 v2.
944Proof.
945  destruct v1; destruct v2; simpl; auto.
946  rewrite Float.cmp_ne_eq. rewrite notbool_negb_1.
947  apply notbool_idem2.
948Qed.
949
950Theorem negate_cmpf_ne:
951  forall v1 v2, notbool (cmpf Ceq v1 v2) = cmpf Cne v1 v2.
952Proof.
953  destruct v1; destruct v2; simpl; auto.
954  rewrite Float.cmp_ne_eq. rewrite notbool_negb_1. auto.
955Qed.
956
957Lemma or_of_bool:
958  forall b1 b2, or (of_bool b1) (of_bool b2) = of_bool (b1 || b2).
959Proof.
960  destruct b1; destruct b2; reflexivity.
961Qed.
962
963Theorem cmpf_le:
964  forall v1 v2, cmpf Cle v1 v2 = or (cmpf Clt v1 v2) (cmpf Ceq v1 v2).
965Proof.
966  destruct v1; destruct v2; simpl; auto.
967  rewrite or_of_bool. decEq. apply Float.cmp_le_lt_eq.
968Qed.
969
970Theorem cmpf_ge:
971  forall v1 v2, cmpf Cge v1 v2 = or (cmpf Cgt v1 v2) (cmpf Ceq v1 v2).
972Proof.
973  destruct v1; destruct v2; simpl; auto.
974  rewrite or_of_bool. decEq. apply Float.cmp_ge_gt_eq.
975Qed.
976
977Definition is_bool (v: val) :=
978  v = Vundef \/ v = Vtrue \/ v = Vfalse.
979
980Lemma of_bool_is_bool:
981  forall b, is_bool (of_bool b).
982Proof.
983  destruct b; unfold is_bool; simpl; tauto.
984Qed.
985
986Lemma undef_is_bool: is_bool Vundef.
987Proof.
988  unfold is_bool; tauto.
989Qed.
990
991Lemma cmp_mismatch_is_bool:
992  forall c, is_bool (cmp_mismatch c).
993Proof.
994  destruct c; simpl; unfold is_bool; tauto.
995Qed.
996
997Lemma cmp_is_bool:
998  forall c v1 v2, is_bool (cmp c v1 v2).
999Proof.
1000  destruct v1; destruct v2; simpl; try apply undef_is_bool.
1001  apply of_bool_is_bool.
1002  case (Int.eq i Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
1003  case (Int.eq i0 Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
1004  case (zeq b b0); intro. apply of_bool_is_bool. apply cmp_mismatch_is_bool.
1005Qed.
1006
1007Lemma cmpu_is_bool:
1008  forall c v1 v2, is_bool (cmpu c v1 v2).
1009Proof.
1010  destruct v1; destruct v2; simpl; try apply undef_is_bool.
1011  apply of_bool_is_bool.
1012  case (Int.eq i Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
1013  case (Int.eq i0 Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
1014  case (zeq b b0); intro. apply of_bool_is_bool. apply cmp_mismatch_is_bool.
1015Qed.
1016
1017Lemma cmpf_is_bool:
1018  forall c v1 v2, is_bool (cmpf c v1 v2).
1019Proof.
1020  destruct v1; destruct v2; simpl;
1021  apply undef_is_bool || apply of_bool_is_bool.
1022Qed.
1023
1024Lemma notbool_is_bool:
1025  forall v, is_bool (notbool v).
1026Proof.
1027  destruct v; simpl.
1028  apply undef_is_bool. apply of_bool_is_bool.
1029  apply undef_is_bool. unfold is_bool; tauto.
1030Qed.
1031
1032Lemma notbool_xor:
1033  forall v, is_bool v -> v = xor (notbool v) Vone.
1034Proof.
1035  intros. elim H; intro. 
1036  subst v. reflexivity.
1037  elim H0; intro; subst v; reflexivity.
1038Qed.
1039
1040Lemma rolm_lt_zero:
1041  forall v, rolm v Int.one Int.one = cmp Clt v (Vint Int.zero).
1042Proof.
1043  intros. destruct v; simpl; auto.
1044  transitivity (Vint (Int.shru i (Int.repr (Z_of_nat Int.wordsize - 1)))).
1045  decEq. symmetry. rewrite Int.shru_rolm. auto. auto.
1046  rewrite Int.shru_lt_zero. destruct (Int.lt i Int.zero); auto.
1047Qed.
1048
1049Lemma rolm_ge_zero:
1050  forall v,
1051  xor (rolm v Int.one Int.one) (Vint Int.one) = cmp Cge v (Vint Int.zero).
1052Proof.
1053  intros. rewrite rolm_lt_zero. destruct v; simpl; auto.
1054  destruct (Int.lt i Int.zero); auto.
1055Qed.
1056*)
1057(* * The ``is less defined'' relation between values.
1058    A value is less defined than itself, and [Vundef] is
1059    less defined than any value. *)
1060
1061inductive Val_lessdef: val → val → Prop ≝
1062  | lessdef_refl: ∀v. Val_lessdef v v
1063  | lessdef_undef: ∀v. Val_lessdef Vundef v.
1064
1065inductive lessdef_list: list val → list val → Prop ≝
1066  | lessdef_list_nil:
1067      lessdef_list (nil ?) (nil ?)
1068  | lessdef_list_cons:
1069      ∀v1,v2,vl1,vl2.
1070      Val_lessdef v1 v2 → lessdef_list vl1 vl2 →
1071      lessdef_list (v1 :: vl1) (v2 :: vl2).
1072
1073(*Hint Resolve lessdef_refl lessdef_undef lessdef_list_nil lessdef_list_cons.*)
1074(*
1075lemma lessdef_list_inv:
1076  ∀vl1,vl2. lessdef_list vl1 vl2 → vl1 = vl2 ∨ in_list ? Vundef vl1.
1077#vl1 elim vl1;
1078[ #vl2 #H inversion H; /2/; #h1 #h2 #t1 #t2 #H1 #H2 #H3 #Hbad destruct
1079| #h #t #IH #vl2 #H
1080    inversion H;
1081    [ #H' destruct
1082    | #h1 #h2 #t1 #t2 #H1 #H2 #H3 #e1 #e2 destruct;
1083        elim H1;
1084        [ elim (IH t2 H2);
1085            [ #e destruct; /2/;
1086            | /3/ ]
1087        | /3/ ]
1088    ]
1089] qed.
1090*)
1091lemma load_result_lessdef:
1092  ∀chunk,v1,v2.
1093  Val_lessdef v1 v2 → Val_lessdef (load_result chunk v1) (load_result chunk v2).
1094#chunk #v1 #v2 #H inversion H; //; #v #e1 #e2 cases chunk
1095[ 8: #r ] whd in ⊢ (?%?); //;
1096qed.
1097
1098lemma zero_ext_lessdef:
1099  ∀n,v1,v2. Val_lessdef v1 v2 → Val_lessdef (zero_ext n v1) (zero_ext n v2).
1100#n #v1 #v2 #H inversion H //
1101qed.
1102
1103lemma sign_ext_lessdef:
1104  ∀n,v1,v2. Val_lessdef v1 v2 → Val_lessdef (sign_ext n v1) (sign_ext n v2).
1105#n #v1 #v2 #H inversion H //
1106qed.
1107(*
1108Lemma singleoffloat_lessdef:
1109  forall v1 v2, lessdef v1 v2 -> lessdef (singleoffloat v1) (singleoffloat v2).
1110Proof.
1111  intros; inv H; simpl; auto.
1112Qed.
1113
1114End Val.
1115*)
Note: See TracBrowser for help on using the repository browser.