source: src/common/Values.ma @ 1516

Last change on this file since 1516 was 1510, checked in by sacerdot, 9 years ago

All files ported to new dependent inversion.

File size: 30.8 KB
Line 
1(* *********************************************************************)
2(*                                                                     *)
3(*              The Compcert verified compiler                         *)
4(*                                                                     *)
5(*          Xavier Leroy, INRIA Paris-Rocquencourt                     *)
6(*                                                                     *)
7(*  Copyright Institut National de Recherche en Informatique et en     *)
8(*  Automatique.  All rights reserved.  This file is distributed       *)
9(*  under the terms of the GNU General Public License as published by  *)
10(*  the Free Software Foundation, either version 2 of the License, or  *)
11(*  (at your option) any later version.  This file is also distributed *)
12(*  under the terms of the INRIA Non-Commercial License Agreement.     *)
13(*                                                                     *)
14(* *********************************************************************)
15
16(* * This module defines the type of values that is used in the dynamic
17  semantics of all our intermediate languages. *)
18
19include "utilities/Coqlib.ma".
20include "common/Floats.ma".
21include "common/Errors.ma".
22include "common/Pointers.ma".
23include "basics/logic.ma".
24
25(* * A value is either:
26- a machine integer;
27- a floating-point number;
28- a pointer: a triple giving the representation of the pointer (in terms of the
29             memory regions such a pointer could address), a memory address and
30             an integer offset with respect to this address;
31- a null pointer: the region denotes the representation (i.e., pointer size)
32- the [Vundef] value denoting an arbitrary bit pattern, such as the
33  value of an uninitialized variable.
34*)
35
36inductive val: Type[0] ≝
37  | Vundef: val
38  | Vint: ∀sz:intsize. bvint sz → val
39  | Vfloat: float → val
40  | Vnull: region → val
41  | Vptr: ∀r:region. ∀b:block. pointer_compat b r → offset → val.
42
43definition Vzero : intsize → val ≝ λsz. Vint sz (zero ?).
44definition Vone: intsize → val ≝ λsz. Vint sz (repr sz 1).
45definition mone ≝ λsz. bitvector_of_Z (bitsize_of_intsize sz) (neg one).
46definition Vmone: intsize → val ≝ λsz. Vint sz (mone ?).
47
48(* XXX 32bit booleans are Clight specific. *)
49definition Vtrue: val ≝ Vone I32.
50definition Vfalse: val ≝ Vzero I32.
51
52inductive val_typ : val → typ → Prop ≝
53  | VTint: ∀sz,sg,i. val_typ (Vint sz i) (ASTint sz sg)
54  | VTfloat: ∀sz,f. val_typ (Vfloat f) (ASTfloat sz)
55  | VTnull: ∀r. val_typ (Vnull r) (ASTptr r)
56  | VTptr: ∀r,b,c,o. val_typ (Vptr r b c o) (ASTptr r).
57
58(*
59(** The module [Val] defines a number of arithmetic and logical operations
60  over type [val].  Most of these operations are straightforward extensions
61  of the corresponding integer or floating-point operations. *)
62
63Module Val.
64*)
65definition of_bool : bool → val ≝ λb. if b then Vtrue else Vfalse.
66(*
67definition has_type ≝ λv: val. λt: typ.
68  match v with
69  [ Vundef ⇒ True
70  | Vint _ ⇒ match t with [ ASTint ⇒ True | _ ⇒ False ]
71  | Vfloat _ ⇒ match t with [ ASTfloat ⇒ True | _ ⇒ False ]
72  | Vptr _ _ _ ⇒ match t with [ ASTptr ⇒ True | _ ⇒ False ]
73  | _ ⇒ False
74  ].
75
76let rec has_type_list (vl: list val) (tl: list typ) on vl : Prop ≝
77  match vl with
78  [ nil ⇒ match tl with [ nil ⇒ True | _ ⇒ False ]
79  | cons v1 vs ⇒ match tl with [ nil ⇒ False | cons t1 ts ⇒
80               has_type v1 t1 ∧ has_type_list vs ts ]
81  ].
82*)
83(* * Truth values.  Pointers and non-zero integers are treated as [True].
84  The integer 0 (also used to represent the null pointer) is [False].
85  [Vundef] and floats are neither true nor false. *)
86
87definition is_true : val → Prop ≝ λv.
88  match v with
89  [ Vint _ n ⇒ n ≠ (zero ?)
90  | Vptr _ b _ ofs ⇒ True
91  | _ ⇒ False
92  ].
93
94definition is_false : val → Prop ≝ λv.
95  match v with
96  [ Vint _ n ⇒ n = (zero ?)
97  | Vnull _ ⇒ True
98  | _ ⇒ False
99  ].
100
101inductive bool_of_val: val → bool → Prop ≝
102  | bool_of_val_int_true:
103      ∀sz,n. n ≠ zero ? → bool_of_val (Vint sz n) true
104  | bool_of_val_int_false:
105      ∀sz. bool_of_val (Vzero sz) false
106  | bool_of_val_ptr:
107      ∀r,b,p,ofs. bool_of_val (Vptr r b p ofs) true
108  | bool_of_val_null:
109      ∀r. bool_of_val (Vnull r) true.
110
111axiom ValueNotABoolean : String.
112
113definition eval_bool_of_val : val → res bool ≝
114λv. match v with
115[ Vint _ i ⇒ OK ? (notb (eq_bv ? i (zero ?)))
116| Vnull _ ⇒ OK ? false
117| Vptr _ _ _ _ ⇒ OK ? true
118| _ ⇒ Error ? (msg ValueNotABoolean)
119].
120
121definition neg : val → val ≝ λv.
122  match v with
123  [ Vint sz n ⇒ Vint sz (two_complement_negation ? n)
124  | _ ⇒ Vundef
125  ].
126
127definition negf : val → val ≝ λv.
128  match v with
129  [ Vfloat f ⇒ Vfloat (Fneg f)
130  | _ => Vundef
131  ].
132
133definition absf : val → val ≝ λv.
134  match v with
135  [ Vfloat f ⇒ Vfloat (Fabs f)
136  | _ ⇒ Vundef
137  ].
138
139definition intoffloat : intsize → val → val ≝ λsz,v.
140  match v with
141  [ Vfloat f ⇒ Vint sz (intoffloat ? f)
142  | _ ⇒ Vundef
143  ].
144
145definition intuoffloat : intsize → val → val ≝ λsz,v.
146  match v with
147  [ Vfloat f ⇒ Vint sz (intuoffloat ? f)
148  | _ ⇒ Vundef
149  ].
150
151definition floatofint : val → val ≝ λv.
152  match v with
153  [ Vint sz n ⇒ Vfloat (floatofint ? n)
154  | _ ⇒ Vundef
155  ].
156
157definition floatofintu : val → val ≝ λv.
158  match v with
159  [ Vint sz n ⇒ Vfloat (floatofintu ? n)
160  | _ ⇒ Vundef
161  ].
162
163definition notint : val → val ≝ λv.
164  match v with
165  [ Vint sz n ⇒ Vint sz (exclusive_disjunction_bv ? n (mone ?))
166  | _ ⇒ Vundef
167  ].
168 
169definition notbool : val → val ≝ λv.
170  match v with
171  [ Vint sz n ⇒ of_bool (eq_bv ? n (zero ?))
172  | Vptr _ b _ ofs ⇒ Vfalse
173  | Vnull _ ⇒ Vtrue
174  | _ ⇒ Vundef
175  ].
176
177definition zero_ext ≝ λrsz: intsize. λv: val.
178  match v with
179  [ Vint sz n ⇒ Vint rsz (zero_ext … n)
180  | _ ⇒ Vundef
181  ].
182
183definition sign_ext ≝ λrsz:intsize. λv:val.
184  match v with
185  [ Vint sz i ⇒ Vint rsz (sign_ext … i)
186  | _ ⇒ Vundef
187  ].
188
189definition singleoffloat : val → val ≝ λv.
190  match v with
191  [ Vfloat f ⇒ Vfloat (singleoffloat f)
192  | _ ⇒ Vundef
193  ].
194
195(* TODO: add zero to null? *)
196definition add ≝ λv1,v2: val.
197  match v1 with
198  [ Vint sz1 n1 ⇒ match v2 with
199    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
200                    (λn1. Vint sz2 (addition_n ? n1 n2))
201                    Vundef
202    | Vptr r b2 p ofs2 ⇒ Vptr r b2 p (shift_offset ? ofs2 n1)
203    | _ ⇒ Vundef ]
204  | Vptr r b1 p ofs1 ⇒ match v2 with
205    [ Vint _ n2 ⇒ Vptr r b1 p (shift_offset ? ofs1 n2)
206    | _ ⇒ Vundef ]
207  | _ ⇒ Vundef ].
208
209(* XXX Is I32 the best answer for ptr subtraction? *)
210
211definition sub ≝ λv1,v2: val.
212  match v1 with
213  [ Vint sz1 n1 ⇒ match v2 with
214    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
215                    (λn1. Vint sz2 (subtraction ? n1 n2))
216                    Vundef
217    | _ ⇒ Vundef ]
218  | Vptr r1 b1 p1 ofs1 ⇒ match v2 with
219    [ Vint sz2 n2 ⇒ Vptr r1 b1 p1 (neg_shift_offset ? ofs1 n2)
220    | Vptr r2 b2 p2 ofs2 ⇒
221        if eq_block b1 b2 then Vint I32 (sub_offset ? ofs1 ofs2) else Vundef
222    | _ ⇒ Vundef ]
223  | Vnull r ⇒ match v2 with [ Vnull r' ⇒ Vzero I32 | _ ⇒ Vundef ]
224  | _ ⇒ Vundef ].
225
226definition mul ≝ λv1, v2: val.
227  match v1 with
228  [ Vint sz1 n1 ⇒ match v2 with
229    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
230                    (λn1. Vint sz2 (\snd (split … (multiplication ? n1 n2))))
231                    Vundef
232    | _ ⇒ Vundef ]
233  | _ ⇒ Vundef ].
234(*
235definition divs ≝ λv1, v2: val.
236  match v1 with
237  [ Vint n1 ⇒ match v2 with
238    [ Vint n2 ⇒ Vint (divs n1 n2)
239    | _ ⇒ Vundef ]
240  | _ ⇒ Vundef ].
241
242Definition mods (v1 v2: val): val :=
243  match v1, v2 with
244  | Vint n1, Vint n2 =>
245      if Int.eq n2 Int.zero then Vundef else Vint(Int.mods n1 n2)
246  | _, _ => Vundef
247  end.
248
249Definition divu (v1 v2: val): val :=
250  match v1, v2 with
251  | Vint n1, Vint n2 =>
252      if Int.eq n2 Int.zero then Vundef else Vint(Int.divu n1 n2)
253  | _, _ => Vundef
254  end.
255
256Definition modu (v1 v2: val): val :=
257  match v1, v2 with
258  | Vint n1, Vint n2 =>
259      if Int.eq n2 Int.zero then Vundef else Vint(Int.modu n1 n2)
260  | _, _ => Vundef
261  end.
262*)
263definition v_and ≝ λv1, v2: val.
264  match v1 with
265  [ Vint sz1 n1 ⇒ match v2 with
266    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
267                    (λn1. Vint ? (conjunction_bv ? n1 n2))
268                    Vundef
269    | _ ⇒ Vundef ]
270  | _ ⇒ Vundef ].
271
272definition or ≝ λv1, v2: val.
273  match v1 with
274  [ Vint sz1 n1 ⇒ match v2 with
275    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
276                    (λn1. Vint ? (inclusive_disjunction_bv ? n1 n2))
277                    Vundef
278    | _ ⇒ Vundef ]
279  | _ ⇒ Vundef ].
280
281definition xor ≝ λv1, v2: val.
282  match v1 with
283  [ Vint sz1 n1 ⇒ match v2 with
284    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
285                    (λn1. Vint ? (exclusive_disjunction_bv ? n1 n2))
286                    Vundef
287    | _ ⇒ Vundef ]
288  | _ ⇒ Vundef ].
289(*
290Definition shl (v1 v2: val): val :=
291  match v1, v2 with
292  | Vint n1, Vint n2 =>
293     if Int.ltu n2 Int.iwordsize
294     then Vint(Int.shl n1 n2)
295     else Vundef
296  | _, _ => Vundef
297  end.
298
299Definition shr (v1 v2: val): val :=
300  match v1, v2 with
301  | Vint n1, Vint n2 =>
302     if Int.ltu n2 Int.iwordsize
303     then Vint(Int.shr n1 n2)
304     else Vundef
305  | _, _ => Vundef
306  end.
307
308Definition shr_carry (v1 v2: val): val :=
309  match v1, v2 with
310  | Vint n1, Vint n2 =>
311     if Int.ltu n2 Int.iwordsize
312     then Vint(Int.shr_carry n1 n2)
313     else Vundef
314  | _, _ => Vundef
315  end.
316
317Definition shrx (v1 v2: val): val :=
318  match v1, v2 with
319  | Vint n1, Vint n2 =>
320     if Int.ltu n2 Int.iwordsize
321     then Vint(Int.shrx n1 n2)
322     else Vundef
323  | _, _ => Vundef
324  end.
325
326Definition shru (v1 v2: val): val :=
327  match v1, v2 with
328  | Vint n1, Vint n2 =>
329     if Int.ltu n2 Int.iwordsize
330     then Vint(Int.shru n1 n2)
331     else Vundef
332  | _, _ => Vundef
333  end.
334
335Definition rolm (v: val) (amount mask: int): val :=
336  match v with
337  | Vint n => Vint(Int.rolm n amount mask)
338  | _ => Vundef
339  end.
340
341Definition ror (v1 v2: val): val :=
342  match v1, v2 with
343  | Vint n1, Vint n2 =>
344     if Int.ltu n2 Int.iwordsize
345     then Vint(Int.ror n1 n2)
346     else Vundef
347  | _, _ => Vundef
348  end.
349*)
350definition addf ≝ λv1,v2: val.
351  match v1 with
352  [ Vfloat f1 ⇒ match v2 with
353    [ Vfloat f2 ⇒ Vfloat (Fadd f1 f2)
354    | _ ⇒ Vundef ]
355  | _ ⇒ Vundef ].
356
357definition subf ≝ λv1,v2: val.
358  match v1 with
359  [ Vfloat f1 ⇒ match v2 with
360    [ Vfloat f2 ⇒ Vfloat (Fsub f1 f2)
361    | _ ⇒ Vundef ]
362  | _ ⇒ Vundef ].
363
364definition mulf ≝ λv1,v2: val.
365  match v1 with
366  [ Vfloat f1 ⇒ match v2 with
367    [ Vfloat f2 ⇒ Vfloat (Fmul f1 f2)
368    | _ ⇒ Vundef ]
369  | _ ⇒ Vundef ].
370
371definition divf ≝ λv1,v2: val.
372  match v1 with
373  [ Vfloat f1 ⇒ match v2 with
374    [ Vfloat f2 ⇒ Vfloat (Fdiv f1 f2)
375    | _ ⇒ Vundef ]
376  | _ ⇒ Vundef ].
377
378definition cmp_match : comparison → val ≝ λc.
379  match c with
380  [ Ceq ⇒ Vtrue
381  | Cne ⇒ Vfalse
382  | _   ⇒ Vundef
383  ].
384
385definition cmp_mismatch : comparison → val ≝ λc.
386  match c with
387  [ Ceq ⇒ Vfalse
388  | Cne ⇒ Vtrue
389  | _   ⇒ Vundef
390  ].
391
392definition cmp_offset ≝
393λc: comparison. λx,y:offset.
394  match c with
395  [ Ceq ⇒  eq_offset x y
396  | Cne ⇒ ¬eq_offset x y
397  | Clt ⇒  lt_offset x y
398  | Cle ⇒ ¬lt_offset y x
399  | Cgt ⇒  lt_offset y x
400  | Cge ⇒ ¬lt_offset x y
401  ].
402
403definition cmp_int : ∀n. comparison → BitVector n → BitVector n → bool ≝
404λn,c,x,y.
405  match c with
406  [ Ceq ⇒ eq_bv ? x y
407  | Cne ⇒ notb (eq_bv ? x y)
408  | Clt ⇒ lt_s ? x y
409  | Cle ⇒ notb (lt_s ? y x)
410  | Cgt ⇒ lt_s ? y x
411  | Cge ⇒ notb (lt_s ? x y)
412  ].
413
414definition cmpu_int : ∀n. comparison → BitVector n → BitVector n → bool ≝
415λn,c,x,y.
416  match c with
417  [ Ceq ⇒ eq_bv ? x y
418  | Cne ⇒ notb (eq_bv ? x y)
419  | Clt ⇒ lt_u ? x y
420  | Cle ⇒ notb (lt_u ? y x)
421  | Cgt ⇒ lt_u ? y x
422  | Cge ⇒ notb (lt_u ? x y)
423  ].
424
425definition cmp ≝ λc: comparison. λv1,v2: val.
426  match v1 with
427  [ Vint sz1 n1 ⇒ match v2 with
428    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
429                    (λn1. of_bool (cmp_int ? c n1 n2))
430                    Vundef
431    | _ ⇒ Vundef ]
432  | Vptr r1 b1 p1 ofs1 ⇒ match v2 with
433    [ Vptr r2 b2 p2 ofs2 ⇒
434        if eq_block b1 b2
435        then of_bool (cmp_offset c ofs1 ofs2)
436        else cmp_mismatch c
437    | Vnull r2 ⇒ cmp_mismatch c
438    | _ ⇒ Vundef ]
439  | Vnull r1 ⇒ match v2 with
440    [ Vptr _ _ _ _ ⇒ cmp_mismatch c
441    | Vnull r2 ⇒ cmp_match c
442    | _ ⇒ Vundef
443    ]
444  | _ ⇒ Vundef ].
445
446definition cmpu ≝ λc: comparison. λv1,v2: val.
447  match v1 with
448  [ Vint sz1 n1 ⇒ match v2 with
449    [ Vint sz2 n2 ⇒ intsize_eq_elim ? sz1 sz2 ? n1
450                    (λn1. of_bool (cmpu_int ? c n1 n2))
451                    Vundef
452    | _ ⇒ Vundef ]
453  | Vptr r1 b1 p1 ofs1 ⇒ match v2 with
454    [ Vptr r2 b2 p2 ofs2 ⇒
455        if eq_block b1 b2
456        then of_bool (cmp_offset c ofs1 ofs2)
457        else cmp_mismatch c
458    | Vnull r2 ⇒ cmp_mismatch c
459    | _ ⇒ Vundef ]
460  | Vnull r1 ⇒ match v2 with
461    [ Vptr _ _ _ _ ⇒ cmp_mismatch c
462    | Vnull r2 ⇒ cmp_match c
463    | _ ⇒ Vundef
464    ]
465  | _ ⇒ Vundef ].
466
467definition cmpf ≝ λc: comparison. λsz:intsize. λv1,v2: val.
468  match v1 with
469  [ Vfloat f1 ⇒ match v2 with
470    [ Vfloat f2 ⇒ of_bool (Fcmp c f1 f2)
471    | _ ⇒ Vundef ]
472  | _ ⇒ Vundef ].
473
474(* * [load_result] is used in the memory model (library [Mem])
475  to post-process the results of a memory read.  For instance,
476  consider storing the integer value [0xFFF] on 1 byte at a
477  given address, and reading it back.  If it is read back with
478  chunk [Mint8unsigned], zero-extension must be performed, resulting
479  in [0xFF].  If it is read back as a [Mint8signed], sign-extension
480  is performed and [0xFFFFFFFF] is returned.   Type mismatches
481  (e.g. reading back a float as a [Mint32]) read back as [Vundef]. *)
482(* XXX update comment *)
483(* XXX is this even necessary now?
484       should we be able to extract bytes? *)
485
486let rec load_result (chunk: memory_chunk) (v: val) ≝
487  match v with
488  [ Vint sz n ⇒
489    match chunk with
490    [ Mint8signed ⇒ match sz with [ I8 ⇒ v | _ ⇒ Vundef ]
491    | Mint8unsigned ⇒ match sz with [ I8 ⇒ v | _ ⇒ Vundef ]
492    | Mint16signed ⇒ match sz with [ I16 ⇒ v | _ ⇒ Vundef ]
493    | Mint16unsigned ⇒ match sz with [ I16 ⇒ v | _ ⇒ Vundef ]
494    | Mint32 ⇒  match sz with [ I32 ⇒ v | _ ⇒ Vundef ]
495    | _ ⇒ Vundef
496    ]
497  | Vptr r b p ofs ⇒
498    match chunk with
499    [ Mpointer r' ⇒ if eq_region r r' then Vptr r b p ofs else Vundef
500    | _ ⇒ Vundef
501    ]
502  | Vnull r ⇒
503    match chunk with
504    [ Mpointer r' ⇒ if eq_region r r' then Vnull r else Vundef
505    | _ ⇒ Vundef
506    ]
507  | Vfloat f ⇒
508    match chunk with
509    [ Mfloat32 ⇒ Vfloat(singleoffloat f)
510    | Mfloat64 ⇒ Vfloat f
511    | _ ⇒ Vundef
512    ]
513  | _ ⇒ Vundef
514  ].
515
516(*
517(** Theorems on arithmetic operations. *)
518
519Theorem cast8unsigned_and:
520  forall x, zero_ext 8 x = and x (Vint(Int.repr 255)).
521Proof.
522  destruct x; simpl; auto. decEq.
523  change 255 with (two_p 8 - 1). apply Int.zero_ext_and. vm_compute; auto.
524Qed.
525
526Theorem cast16unsigned_and:
527  forall x, zero_ext 16 x = and x (Vint(Int.repr 65535)).
528Proof.
529  destruct x; simpl; auto. decEq.
530  change 65535 with (two_p 16 - 1). apply Int.zero_ext_and. vm_compute; auto.
531Qed.
532
533Theorem istrue_not_isfalse:
534  forall v, is_false v -> is_true (notbool v).
535Proof.
536  destruct v; simpl; try contradiction.
537  intros. subst i. simpl. discriminate.
538Qed.
539
540Theorem isfalse_not_istrue:
541  forall v, is_true v -> is_false (notbool v).
542Proof.
543  destruct v; simpl; try contradiction.
544  intros. generalize (Int.eq_spec i Int.zero).
545  case (Int.eq i Int.zero); intro.
546  contradiction. simpl. auto.
547  auto.
548Qed.
549
550Theorem bool_of_true_val:
551  forall v, is_true v -> bool_of_val v true.
552Proof.
553  intro. destruct v; simpl; intros; try contradiction.
554  constructor; auto. constructor.
555Qed.
556
557Theorem bool_of_true_val2:
558  forall v, bool_of_val v true -> is_true v.
559Proof.
560  intros. inversion H; simpl; auto.
561Qed.
562
563Theorem bool_of_true_val_inv:
564  forall v b, is_true v -> bool_of_val v b -> b = true.
565Proof.
566  intros. inversion H0; subst v b; simpl in H; auto.
567Qed.
568
569Theorem bool_of_false_val:
570  forall v, is_false v -> bool_of_val v false.
571Proof.
572  intro. destruct v; simpl; intros; try contradiction.
573  subst i;  constructor.
574Qed.
575
576Theorem bool_of_false_val2:
577  forall v, bool_of_val v false -> is_false v.
578Proof.
579  intros. inversion H; simpl; auto.
580Qed.
581
582Theorem bool_of_false_val_inv:
583  forall v b, is_false v -> bool_of_val v b -> b = false.
584Proof.
585  intros. inversion H0; subst v b; simpl in H.
586  congruence. auto. contradiction.
587Qed.
588
589Theorem notbool_negb_1:
590  forall b, of_bool (negb b) = notbool (of_bool b).
591Proof.
592  destruct b; reflexivity.
593Qed.
594
595Theorem notbool_negb_2:
596  forall b, of_bool b = notbool (of_bool (negb b)).
597Proof.
598  destruct b; reflexivity.
599Qed.
600
601Theorem notbool_idem2:
602  forall b, notbool(notbool(of_bool b)) = of_bool b.
603Proof.
604  destruct b; reflexivity.
605Qed.
606
607Theorem notbool_idem3:
608  forall x, notbool(notbool(notbool x)) = notbool x.
609Proof.
610  destruct x; simpl; auto.
611  case (Int.eq i Int.zero); reflexivity.
612Qed.
613
614Theorem add_commut: forall x y, add x y = add y x.
615Proof.
616  destruct x; destruct y; simpl; auto.
617  decEq. apply Int.add_commut.
618Qed.
619
620Theorem add_assoc: forall x y z, add (add x y) z = add x (add y z).
621Proof.
622  destruct x; destruct y; destruct z; simpl; auto.
623  rewrite Int.add_assoc; auto.
624  rewrite Int.add_assoc; auto.
625  decEq. decEq. apply Int.add_commut.
626  decEq. rewrite Int.add_commut. rewrite <- Int.add_assoc.
627  decEq. apply Int.add_commut.
628  decEq. rewrite Int.add_assoc. auto.
629Qed.
630
631Theorem add_permut: forall x y z, add x (add y z) = add y (add x z).
632Proof.
633  intros. rewrite (add_commut y z). rewrite <- add_assoc. apply add_commut.
634Qed.
635
636Theorem add_permut_4:
637  forall x y z t, add (add x y) (add z t) = add (add x z) (add y t).
638Proof.
639  intros. rewrite add_permut. rewrite add_assoc.
640  rewrite add_permut. symmetry. apply add_assoc.
641Qed.
642
643Theorem neg_zero: neg Vzero = Vzero.
644Proof.
645  reflexivity.
646Qed.
647
648Theorem neg_add_distr: forall x y, neg(add x y) = add (neg x) (neg y).
649Proof.
650  destruct x; destruct y; simpl; auto. decEq. apply Int.neg_add_distr.
651Qed.
652
653Theorem sub_zero_r: forall x, sub Vzero x = neg x.
654Proof.
655  destruct x; simpl; auto.
656Qed.
657
658Theorem sub_add_opp: forall x y, sub x (Vint y) = add x (Vint (Int.neg y)).
659Proof.
660  destruct x; intro y; simpl; auto; rewrite Int.sub_add_opp; auto.
661Qed.
662
663Theorem sub_opp_add: forall x y, sub x (Vint (Int.neg y)) = add x (Vint y).
664Proof.
665  intros. unfold sub, add.
666  destruct x; auto; rewrite Int.sub_add_opp; rewrite Int.neg_involutive; auto.
667Qed.
668
669Theorem sub_add_l:
670  forall v1 v2 i, sub (add v1 (Vint i)) v2 = add (sub v1 v2) (Vint i).
671Proof.
672  destruct v1; destruct v2; intros; simpl; auto.
673  rewrite Int.sub_add_l. auto.
674  rewrite Int.sub_add_l. auto.
675  case (zeq b b0); intro. rewrite Int.sub_add_l. auto. reflexivity.
676Qed.
677
678Theorem sub_add_r:
679  forall v1 v2 i, sub v1 (add v2 (Vint i)) = add (sub v1 v2) (Vint (Int.neg i)).
680Proof.
681  destruct v1; destruct v2; intros; simpl; auto.
682  rewrite Int.sub_add_r. auto.
683  repeat rewrite Int.sub_add_opp. decEq.
684  repeat rewrite Int.add_assoc. decEq. apply Int.add_commut.
685  decEq. repeat rewrite Int.sub_add_opp.
686  rewrite Int.add_assoc. decEq. apply Int.neg_add_distr.
687  case (zeq b b0); intro. simpl. decEq.
688  repeat rewrite Int.sub_add_opp. rewrite Int.add_assoc. decEq.
689  apply Int.neg_add_distr.
690  reflexivity.
691Qed.
692
693Theorem mul_commut: forall x y, mul x y = mul y x.
694Proof.
695  destruct x; destruct y; simpl; auto. decEq. apply Int.mul_commut.
696Qed.
697
698Theorem mul_assoc: forall x y z, mul (mul x y) z = mul x (mul y z).
699Proof.
700  destruct x; destruct y; destruct z; simpl; auto.
701  decEq. apply Int.mul_assoc.
702Qed.
703
704Theorem mul_add_distr_l:
705  forall x y z, mul (add x y) z = add (mul x z) (mul y z).
706Proof.
707  destruct x; destruct y; destruct z; simpl; auto.
708  decEq. apply Int.mul_add_distr_l.
709Qed.
710
711
712Theorem mul_add_distr_r:
713  forall x y z, mul x (add y z) = add (mul x y) (mul x z).
714Proof.
715  destruct x; destruct y; destruct z; simpl; auto.
716  decEq. apply Int.mul_add_distr_r.
717Qed.
718
719Theorem mul_pow2:
720  forall x n logn,
721  Int.is_power2 n = Some logn ->
722  mul x (Vint n) = shl x (Vint logn).
723Proof.
724  intros; destruct x; simpl; auto.
725  change 32 with (Z_of_nat Int.wordsize).
726  rewrite (Int.is_power2_range _ _ H). decEq. apply Int.mul_pow2. auto.
727Qed. 
728
729Theorem mods_divs:
730  forall x y, mods x y = sub x (mul (divs x y) y).
731Proof.
732  destruct x; destruct y; simpl; auto.
733  case (Int.eq i0 Int.zero); simpl. auto. decEq. apply Int.mods_divs.
734Qed.
735
736Theorem modu_divu:
737  forall x y, modu x y = sub x (mul (divu x y) y).
738Proof.
739  destruct x; destruct y; simpl; auto.
740  generalize (Int.eq_spec i0 Int.zero);
741  case (Int.eq i0 Int.zero); simpl. auto.
742  intro. decEq. apply Int.modu_divu. auto.
743Qed.
744
745Theorem divs_pow2:
746  forall x n logn,
747  Int.is_power2 n = Some logn ->
748  divs x (Vint n) = shrx x (Vint logn).
749Proof.
750  intros; destruct x; simpl; auto.
751  change 32 with (Z_of_nat Int.wordsize).
752  rewrite (Int.is_power2_range _ _ H).
753  generalize (Int.eq_spec n Int.zero);
754  case (Int.eq n Int.zero); intro.
755  subst n. compute in H. discriminate.
756  decEq. apply Int.divs_pow2. auto.
757Qed.
758
759Theorem divu_pow2:
760  forall x n logn,
761  Int.is_power2 n = Some logn ->
762  divu x (Vint n) = shru x (Vint logn).
763Proof.
764  intros; destruct x; simpl; auto.
765  change 32 with (Z_of_nat Int.wordsize).
766  rewrite (Int.is_power2_range _ _ H).
767  generalize (Int.eq_spec n Int.zero);
768  case (Int.eq n Int.zero); intro.
769  subst n. compute in H. discriminate.
770  decEq. apply Int.divu_pow2. auto.
771Qed.
772
773Theorem modu_pow2:
774  forall x n logn,
775  Int.is_power2 n = Some logn ->
776  modu x (Vint n) = and x (Vint (Int.sub n Int.one)).
777Proof.
778  intros; destruct x; simpl; auto.
779  generalize (Int.eq_spec n Int.zero);
780  case (Int.eq n Int.zero); intro.
781  subst n. compute in H. discriminate.
782  decEq. eapply Int.modu_and; eauto.
783Qed.
784
785Theorem and_commut: forall x y, and x y = and y x.
786Proof.
787  destruct x; destruct y; simpl; auto. decEq. apply Int.and_commut.
788Qed.
789
790Theorem and_assoc: forall x y z, and (and x y) z = and x (and y z).
791Proof.
792  destruct x; destruct y; destruct z; simpl; auto.
793  decEq. apply Int.and_assoc.
794Qed.
795
796Theorem or_commut: forall x y, or x y = or y x.
797Proof.
798  destruct x; destruct y; simpl; auto. decEq. apply Int.or_commut.
799Qed.
800
801Theorem or_assoc: forall x y z, or (or x y) z = or x (or y z).
802Proof.
803  destruct x; destruct y; destruct z; simpl; auto.
804  decEq. apply Int.or_assoc.
805Qed.
806
807Theorem xor_commut: forall x y, xor x y = xor y x.
808Proof.
809  destruct x; destruct y; simpl; auto. decEq. apply Int.xor_commut.
810Qed.
811
812Theorem xor_assoc: forall x y z, xor (xor x y) z = xor x (xor y z).
813Proof.
814  destruct x; destruct y; destruct z; simpl; auto.
815  decEq. apply Int.xor_assoc.
816Qed.
817
818Theorem shl_mul: forall x y, Val.mul x (Val.shl Vone y) = Val.shl x y.
819Proof.
820  destruct x; destruct y; simpl; auto.
821  case (Int.ltu i0 Int.iwordsize); auto.
822  decEq. symmetry. apply Int.shl_mul.
823Qed.
824
825Theorem shl_rolm:
826  forall x n,
827  Int.ltu n Int.iwordsize = true ->
828  shl x (Vint n) = rolm x n (Int.shl Int.mone n).
829Proof.
830  intros; destruct x; simpl; auto.
831  rewrite H. decEq. apply Int.shl_rolm. exact H.
832Qed.
833
834Theorem shru_rolm:
835  forall x n,
836  Int.ltu n Int.iwordsize = true ->
837  shru x (Vint n) = rolm x (Int.sub Int.iwordsize n) (Int.shru Int.mone n).
838Proof.
839  intros; destruct x; simpl; auto.
840  rewrite H. decEq. apply Int.shru_rolm. exact H.
841Qed.
842
843Theorem shrx_carry:
844  forall x y,
845  add (shr x y) (shr_carry x y) = shrx x y.
846Proof.
847  destruct x; destruct y; simpl; auto.
848  case (Int.ltu i0 Int.iwordsize); auto.
849  simpl. decEq. apply Int.shrx_carry.
850Qed.
851
852Theorem or_rolm:
853  forall x n m1 m2,
854  or (rolm x n m1) (rolm x n m2) = rolm x n (Int.or m1 m2).
855Proof.
856  intros; destruct x; simpl; auto.
857  decEq. apply Int.or_rolm.
858Qed.
859
860Theorem rolm_rolm:
861  forall x n1 m1 n2 m2,
862  rolm (rolm x n1 m1) n2 m2 =
863    rolm x (Int.modu (Int.add n1 n2) Int.iwordsize)
864           (Int.and (Int.rol m1 n2) m2).
865Proof.
866  intros; destruct x; simpl; auto.
867  decEq.
868  apply Int.rolm_rolm. apply int_wordsize_divides_modulus.
869Qed.
870
871Theorem rolm_zero:
872  forall x m,
873  rolm x Int.zero m = and x (Vint m).
874Proof.
875  intros; destruct x; simpl; auto. decEq. apply Int.rolm_zero.
876Qed.
877
878Theorem addf_commut: forall x y, addf x y = addf y x.
879Proof.
880  destruct x; destruct y; simpl; auto. decEq. apply Float.addf_commut.
881Qed.
882
883Lemma negate_cmp_mismatch:
884  forall c,
885  cmp_mismatch (negate_comparison c) = notbool(cmp_mismatch c).
886Proof.
887  destruct c; reflexivity.
888Qed.
889
890Theorem negate_cmp:
891  forall c x y,
892  cmp (negate_comparison c) x y = notbool (cmp c x y).
893Proof.
894  destruct x; destruct y; simpl; auto.
895  rewrite Int.negate_cmp. apply notbool_negb_1.
896  case (Int.eq i Int.zero). apply negate_cmp_mismatch. reflexivity.
897  case (Int.eq i0 Int.zero). apply negate_cmp_mismatch. reflexivity.
898  case (zeq b b0); intro.
899  rewrite Int.negate_cmp. apply notbool_negb_1.
900  apply negate_cmp_mismatch.
901Qed.
902
903Theorem negate_cmpu:
904  forall c x y,
905  cmpu (negate_comparison c) x y = notbool (cmpu c x y).
906Proof.
907  destruct x; destruct y; simpl; auto.
908  rewrite Int.negate_cmpu. apply notbool_negb_1.
909  case (Int.eq i Int.zero). apply negate_cmp_mismatch. reflexivity.
910  case (Int.eq i0 Int.zero). apply negate_cmp_mismatch. reflexivity.
911  case (zeq b b0); intro.
912  rewrite Int.negate_cmpu. apply notbool_negb_1.
913  apply negate_cmp_mismatch.
914Qed.
915
916Lemma swap_cmp_mismatch:
917  forall c, cmp_mismatch (swap_comparison c) = cmp_mismatch c.
918Proof.
919  destruct c; reflexivity.
920Qed.
921 
922Theorem swap_cmp:
923  forall c x y,
924  cmp (swap_comparison c) x y = cmp c y x.
925Proof.
926  destruct x; destruct y; simpl; auto.
927  rewrite Int.swap_cmp. auto.
928  case (Int.eq i Int.zero). apply swap_cmp_mismatch. auto.
929  case (Int.eq i0 Int.zero). apply swap_cmp_mismatch. auto.
930  case (zeq b b0); intro.
931  subst b0. rewrite zeq_true. rewrite Int.swap_cmp. auto.
932  rewrite zeq_false. apply swap_cmp_mismatch. auto.
933Qed.
934
935Theorem swap_cmpu:
936  forall c x y,
937  cmpu (swap_comparison c) x y = cmpu c y x.
938Proof.
939  destruct x; destruct y; simpl; auto.
940  rewrite Int.swap_cmpu. auto.
941  case (Int.eq i Int.zero). apply swap_cmp_mismatch. auto.
942  case (Int.eq i0 Int.zero). apply swap_cmp_mismatch. auto.
943  case (zeq b b0); intro.
944  subst b0. rewrite zeq_true. rewrite Int.swap_cmpu. auto.
945  rewrite zeq_false. apply swap_cmp_mismatch. auto.
946Qed.
947
948Theorem negate_cmpf_eq:
949  forall v1 v2, notbool (cmpf Cne v1 v2) = cmpf Ceq v1 v2.
950Proof.
951  destruct v1; destruct v2; simpl; auto.
952  rewrite Float.cmp_ne_eq. rewrite notbool_negb_1.
953  apply notbool_idem2.
954Qed.
955
956Theorem negate_cmpf_ne:
957  forall v1 v2, notbool (cmpf Ceq v1 v2) = cmpf Cne v1 v2.
958Proof.
959  destruct v1; destruct v2; simpl; auto.
960  rewrite Float.cmp_ne_eq. rewrite notbool_negb_1. auto.
961Qed.
962
963Lemma or_of_bool:
964  forall b1 b2, or (of_bool b1) (of_bool b2) = of_bool (b1 || b2).
965Proof.
966  destruct b1; destruct b2; reflexivity.
967Qed.
968
969Theorem cmpf_le:
970  forall v1 v2, cmpf Cle v1 v2 = or (cmpf Clt v1 v2) (cmpf Ceq v1 v2).
971Proof.
972  destruct v1; destruct v2; simpl; auto.
973  rewrite or_of_bool. decEq. apply Float.cmp_le_lt_eq.
974Qed.
975
976Theorem cmpf_ge:
977  forall v1 v2, cmpf Cge v1 v2 = or (cmpf Cgt v1 v2) (cmpf Ceq v1 v2).
978Proof.
979  destruct v1; destruct v2; simpl; auto.
980  rewrite or_of_bool. decEq. apply Float.cmp_ge_gt_eq.
981Qed.
982
983Definition is_bool (v: val) :=
984  v = Vundef \/ v = Vtrue \/ v = Vfalse.
985
986Lemma of_bool_is_bool:
987  forall b, is_bool (of_bool b).
988Proof.
989  destruct b; unfold is_bool; simpl; tauto.
990Qed.
991
992Lemma undef_is_bool: is_bool Vundef.
993Proof.
994  unfold is_bool; tauto.
995Qed.
996
997Lemma cmp_mismatch_is_bool:
998  forall c, is_bool (cmp_mismatch c).
999Proof.
1000  destruct c; simpl; unfold is_bool; tauto.
1001Qed.
1002
1003Lemma cmp_is_bool:
1004  forall c v1 v2, is_bool (cmp c v1 v2).
1005Proof.
1006  destruct v1; destruct v2; simpl; try apply undef_is_bool.
1007  apply of_bool_is_bool.
1008  case (Int.eq i Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
1009  case (Int.eq i0 Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
1010  case (zeq b b0); intro. apply of_bool_is_bool. apply cmp_mismatch_is_bool.
1011Qed.
1012
1013Lemma cmpu_is_bool:
1014  forall c v1 v2, is_bool (cmpu c v1 v2).
1015Proof.
1016  destruct v1; destruct v2; simpl; try apply undef_is_bool.
1017  apply of_bool_is_bool.
1018  case (Int.eq i Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
1019  case (Int.eq i0 Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool.
1020  case (zeq b b0); intro. apply of_bool_is_bool. apply cmp_mismatch_is_bool.
1021Qed.
1022
1023Lemma cmpf_is_bool:
1024  forall c v1 v2, is_bool (cmpf c v1 v2).
1025Proof.
1026  destruct v1; destruct v2; simpl;
1027  apply undef_is_bool || apply of_bool_is_bool.
1028Qed.
1029
1030Lemma notbool_is_bool:
1031  forall v, is_bool (notbool v).
1032Proof.
1033  destruct v; simpl.
1034  apply undef_is_bool. apply of_bool_is_bool.
1035  apply undef_is_bool. unfold is_bool; tauto.
1036Qed.
1037
1038Lemma notbool_xor:
1039  forall v, is_bool v -> v = xor (notbool v) Vone.
1040Proof.
1041  intros. elim H; intro. 
1042  subst v. reflexivity.
1043  elim H0; intro; subst v; reflexivity.
1044Qed.
1045
1046Lemma rolm_lt_zero:
1047  forall v, rolm v Int.one Int.one = cmp Clt v (Vint Int.zero).
1048Proof.
1049  intros. destruct v; simpl; auto.
1050  transitivity (Vint (Int.shru i (Int.repr (Z_of_nat Int.wordsize - 1)))).
1051  decEq. symmetry. rewrite Int.shru_rolm. auto. auto.
1052  rewrite Int.shru_lt_zero. destruct (Int.lt i Int.zero); auto.
1053Qed.
1054
1055Lemma rolm_ge_zero:
1056  forall v,
1057  xor (rolm v Int.one Int.one) (Vint Int.one) = cmp Cge v (Vint Int.zero).
1058Proof.
1059  intros. rewrite rolm_lt_zero. destruct v; simpl; auto.
1060  destruct (Int.lt i Int.zero); auto.
1061Qed.
1062*)
1063(* * The ``is less defined'' relation between values.
1064    A value is less defined than itself, and [Vundef] is
1065    less defined than any value. *)
1066
1067inductive Val_lessdef: val → val → Prop ≝
1068  | lessdef_refl: ∀v. Val_lessdef v v
1069  | lessdef_undef: ∀v. Val_lessdef Vundef v.
1070
1071inductive lessdef_list: list val → list val → Prop ≝
1072  | lessdef_list_nil:
1073      lessdef_list (nil ?) (nil ?)
1074  | lessdef_list_cons:
1075      ∀v1,v2,vl1,vl2.
1076      Val_lessdef v1 v2 → lessdef_list vl1 vl2 →
1077      lessdef_list (v1 :: vl1) (v2 :: vl2).
1078
1079(*Hint Resolve lessdef_refl lessdef_undef lessdef_list_nil lessdef_list_cons.*)
1080(*
1081lemma lessdef_list_inv:
1082  ∀vl1,vl2. lessdef_list vl1 vl2 → vl1 = vl2 ∨ in_list ? Vundef vl1.
1083#vl1 elim vl1;
1084[ #vl2 #H inversion H; /2/; #h1 #h2 #t1 #t2 #H1 #H2 #H3 #Hbad destruct
1085| #h #t #IH #vl2 #H
1086    inversion H;
1087    [ #H' destruct
1088    | #h1 #h2 #t1 #t2 #H1 #H2 #H3 #e1 #e2 destruct;
1089        elim H1;
1090        [ elim (IH t2 H2);
1091            [ #e destruct; /2/;
1092            | /3/ ]
1093        | /3/ ]
1094    ]
1095] qed.
1096*)
1097lemma load_result_lessdef:
1098  ∀chunk,v1,v2.
1099  Val_lessdef v1 v2 → Val_lessdef (load_result chunk v1) (load_result chunk v2).
1100#chunk #v1 #v2 #H inversion H; //; #v #e1 #e2 #e3 cases chunk
1101[ 8: #r ] whd in ⊢ (?%?); //;
1102qed.
1103
1104lemma zero_ext_lessdef:
1105  ∀n,v1,v2. Val_lessdef v1 v2 → Val_lessdef (zero_ext n v1) (zero_ext n v2).
1106#n #v1 #v2 #H inversion H //
1107qed.
1108
1109lemma sign_ext_lessdef:
1110  ∀n,v1,v2. Val_lessdef v1 v2 → Val_lessdef (sign_ext n v1) (sign_ext n v2).
1111#n #v1 #v2 #H inversion H //
1112qed.
1113(*
1114Lemma singleoffloat_lessdef:
1115  forall v1 v2, lessdef v1 v2 -> lessdef (singleoffloat v1) (singleoffloat v2).
1116Proof.
1117  intros; inv H; simpl; auto.
1118Qed.
1119
1120End Val.
1121*)
Note: See TracBrowser for help on using the repository browser.