Context Navigation

← Previous Change
Next Change →

Changeset 1555 for src/ASM

Timestamp:

Nov 24, 2011, 5:19:30 PM (8 years ago)

Author:

boender

Message:

changes to assembly
added lookup to PositiveMap?
lightly changed Fetch to make it compile

Location:

src/ASM

Files:

: 2 edited

Assembly.ma (modified) (8 diffs)
Fetch.ma (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

src/ASM/Assembly.ma

-                      r1528
+                      r1555
 include "ASM/ASM.ma".
-include "ASM/BitVectorTrie.ma".
 include "ASM/Arithmetic.ma".
 include "ASM/Fetch.ma".
 …
 qed.
-(* lemma coerc_sigma:
- ∀A,P.∀p:A.P p → Σx:A.P x.
-#A #P #a #p % [ @a | /2/]
-qed.
-coercion coerc_sigma:∀A,P.∀p:A.P p → Σx:A.P x
-≝ coerc_sigma on p: ? to (Sig ??). *)
 lemma coerc_pair_sigma:
  ∀A,B,P. ∀p:A × B. P (\snd p) → A × (Σx:B.P x).
 …
 ≝ coerc_pair_sigma on p: (? × ?) to (? × (Sig ??)).
+let rec create_label_map (program: list labelled_instruction)
   (policy: jump_expansion_policy):
+definition create_label_map: ∀program:list labelled_instruction.
+  ∀policy:jump_expansion_policy.
   (Σlabels:label_map.
     ∀i:ℕ.lt i (|program|) (* XXX using < causes (false?) ambiguity *) →
+    ∀i:ℕ.lt i (|program|) →
     ∀l.occurs_exactly_once l program →
     is_label (nth i ? program 〈None ?, Comment [ ]〉) l →
     ∃a.lookup … labels l = Some ? 〈i,a〉
   ) ≝
+  λprogram.λpolicy.
   let 〈final_pc, final_labels〉 ≝
     foldl_strong (option Identifier × pseudo_instruction)
     (λprefix.ℕ × (Σlabels.
       ∀i:ℕ.i < |prefix| →
+      ∀i:ℕ.lt i (|prefix|) →
       ∀l.occurs_exactly_once l prefix →
       is_label (nth i ? prefix 〈None ?, Comment [ ]〉) l →
 …
   ].
 definition jmpleq: jump_length → jump_length → Prop ≝
+definition jmple: jump_length → jump_length → Prop ≝
   λj1.λj2.
   match j1 with
+  [ short_jump  ⇒ True
+  | medium_jump ⇒
+  [ short_jump  ⇒
     match j2 with
     [ short_jump ⇒ False
     | _          ⇒ True
+    ]
   | long_jump   ⇒
+  | medium_jump ⇒
     match j2 with
     [ long_jump ⇒ True
     | _         ⇒ False
+    ]
+  | long_jump   ⇒ False
   ].
+lemma jmpleq_max_length: ∀x,y.jmpleq y (max_length y x).
  #x #y
  cases y
+ [ //
  | cases x //
  | //
+ ]
 qed.
+definition jmpleq: jump_length → jump_length → Prop ≝
+  λj1.λj2.jmple j1 j2 ∨ j1 = j2.
+lemma jmpleq_max_length: ∀ol,nl.
+  jmpleq ol (max_length ol nl).
+ #ol #nl cases ol cases nl
+ /2 by or_introl, or_intror, I/
+qed.
 definition is_jump' ≝
   λx:preinstruction Identifier.
 …
 definition jump_in_policy ≝
   λprefix:list labelled_instruction.λpolicy:jump_expansion_policy.
+  ∀i:ℕ.i < |prefix| → is_jump (nth i ? prefix 〈None ?, Comment []〉) →
+  ∃p,j.lookup_opt … (bitvector_of_nat 16 i) policy = Some ? 〈p,j〉.
+  ∀i:ℕ.i < |prefix| →
+  (is_jump (nth i ? prefix 〈None ?, Comment []〉) ↔
+   ∃p,j.lookup_opt … (bitvector_of_nat 16 i) policy = Some ? 〈p,j〉).
 axiom bitvector_of_nat_abs:
   ∀x,y:ℕ.x ≠ y → ¬eq_bv 16 (bitvector_of_nat 16 x) (bitvector_of_nat 16 y).
+let rec jump_expansion_start (program: list labelled_instruction):
+  (Σpolicy.jump_in_policy program policy) ≝
+lemma le_S_to_le: ∀n,m:ℕ.S n ≤ m → n ≤ m.
+ /2/ qed.
+lemma jump_not_in_policy: ∀prefix:list labelled_instruction.
+ ∀policy:(Σp:jump_expansion_policy.
+ (∀i.i ≥ |prefix| → lookup_opt … (bitvector_of_nat ? i) p = None ?) ∧
+ jump_in_policy prefix p).
+  ∀i:ℕ.i < |prefix| →
+  ¬is_jump (nth i ? prefix 〈None ?, Comment []〉) ↔
+  lookup_opt … (bitvector_of_nat 16 i) policy = None ?.
+ #prefix #policy #i #Hi @conj
+ [ #Hnotjmp lapply (refl ? (lookup_opt … (bitvector_of_nat 16 i) policy))
+   cases (lookup_opt … (bitvector_of_nat 16 i) policy) in ⊢ (???% → ?);
+   [ #H @H
+   | #x cases x #y #z #H @⊥ @(absurd ? ? Hnotjmp) @(proj2 ?? (proj2 ?? (sig2 ?? policy) i Hi))
+     @(ex_intro … y (ex_intro … z H))
+   ]
+ | #Hnone @nmk #Hj lapply (proj1 ?? (proj2 ?? (sig2 ?? policy) i Hi) Hj)
+   #H elim H -H; #x #H elim H -H; #y #H >H in Hnone; #abs destruct (abs)
+ ]
+qed.
+definition jump_expansion_start: ∀program:list labelled_instruction.
+  Σpolicy:jump_expansion_policy.(∀i.i ≥ |program| → lookup_opt … (bitvector_of_nat 16 i) policy = None ?) ∧ jump_in_policy program policy ≝
+  λprogram.
   foldl_strong (option Identifier × pseudo_instruction)
   (λprefix.Σpolicy.jump_in_policy prefix policy)
+  (λprefix.Σpolicy:jump_expansion_policy.(∀i.i ≥ |prefix| → lookup_opt … (bitvector_of_nat 16 i) policy = None ?) ∧ jump_in_policy prefix policy)
   program
   (λprefix.λx.λtl.λprf.λpolicy.
 …
    match instr with
    [ Instruction i ⇒ match i with
      [ JC _ ⇒ insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
      | JNC _ ⇒ insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
      | JZ _ ⇒ insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
      | JNZ _ ⇒ insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
      | JB _ _ ⇒ insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
      | JNB _ _ ⇒ insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
      | JBC _ _ ⇒ insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
      | CJNE _ _ ⇒ insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
      | DJNZ _ _ ⇒ insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
+     [ JC _ ⇒ bvt_insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
+     | JNC _ ⇒ bvt_insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
+     | JZ _ ⇒ bvt_insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
+     | JNZ _ ⇒ bvt_insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
+     | JB _ _ ⇒ bvt_insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
+     | JNB _ _ ⇒ bvt_insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
+     | JBC _ _ ⇒ bvt_insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
+     | CJNE _ _ ⇒ bvt_insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
+     | DJNZ _ _ ⇒ bvt_insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
      | _ ⇒ (eject … policy)
+     ]
    | Call c ⇒ insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
    | Jmp j  ⇒ insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
+   | Call c ⇒ bvt_insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
+   | Jmp j  ⇒ bvt_insert … (bitvector_of_nat 16 (|prefix|)) 〈0,short_jump〉 policy
    | _      ⇒ (eject … policy)
+   ]
   ) (Stub ? ?).
+[43: normalize #i #Hi @⊥ @(absurd (i < 0)) [ @Hi | @not_le_Sn_O ] ]
+whd #i >append_length <commutative_plus #Hi normalize in Hi; cases (le_to_or_lt_eq … Hi) -Hi;
+#Hi
+[2,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,70,72,74,76,78,80,82,84:
+ >nth_append_second >(injective_S … Hi)
+ [2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62: @le_n]
+ <minus_n_n #Hj normalize in Hj; @⊥ @Hj
+|4,6,52,54,56,58,60,62,64,66,68: >nth_append_second >(injective_S … Hi)
+ [2,4,6,8,10,12,14,16,18,20,22: @le_n]
+ <minus_n_n #Hj % [1,3,5,7,9,11,13,15,17,19,21: @O ] %
+ [1,3,5,7,9,11,13,15,17,19,21: @short_jump ] @lookup_opt_insert_hit
+@conj
+(* non-jumps, lookup_opt = None *)
+[1,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,69,71,73,75,77,79,81,83:
+  #i >append_length <commutative_plus #Hi normalize in Hi; cases (le_to_or_lt_eq … Hi)
+  -Hi; #Hi @((proj1 ?? (sig2 ?? policy)) i)
+  [1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65:
+    @le_S_to_le @le_S_to_le @Hi
+  |2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66:
+    <Hi @le_n_Sn
+  ]
+(* non-jumps, lookup_opt = Some *)
+|2,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,70,72,74,76,78,80,82,84:
+  #i >append_length <commutative_plus #Hi normalize in Hi; cases (le_to_or_lt_eq … Hi)
+  -Hi; #Hi
+  [1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65:
+    >(nth_append_first ? ? prefix ? ? (le_S_S_to_le … Hi))
+    @((proj2 ?? (sig2 ?? policy)) i (le_S_S_to_le … Hi))
+  |2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66:
+    @conj >(injective_S … Hi)
+    [1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65:
+      >(nth_append_second ? ? prefix ? ? (le_n (|prefix|)))
+      <minus_n_n #H @⊥ @H
+    |2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66:
+      #H elim H; -H; #t1 #H elim H; -H #t2 #H
+      lapply (proj1 ?? (sig2 ?? policy) (|prefix|) (le_n (|prefix|)))
+      #H2 >H2 in H; #H destruct (H)
+    ]
+  ]
+(* jumps, lookup_opt = None *)
+|3,5,51,53,55,57,59,61,63,65,67: #i >append_length <commutative_plus #Hi normalize in Hi;
+  >lookup_opt_insert_miss
+  [1,3,5,7,9,11,13,15,17,19,21,23: @((proj1 ?? (sig2 ?? policy)) i) @(le_S_to_le … Hi)
+  |2,4,6,8,10,12,14,16,18,20,22,24: >eq_bv_sym @bitvector_of_nat_abs @lt_to_not_eq @Hi
+  ]
+(* non-jumps, lookup_opt = Some *)
+|4,6,52,54,56,58,60,62,64,66,68: #i >append_length <commutative_plus #Hi normalize in Hi;
+  cases (le_to_or_lt_eq … Hi) -Hi; #Hi
+  [1,3,5,7,9,11,13,15,17,19,21,23: >(nth_append_first ? ? prefix ? ? (le_S_S_to_le … Hi))
+    >lookup_opt_insert_miss
+    [1,3,5,7,9,11,13,15,17,19,21,23: @((proj2 ?? (sig2 ?? policy)) i) @(le_S_S_to_le … Hi)
+    |2,4,6,8,10,12,14,16,18,20,22,24: @bitvector_of_nat_abs @(lt_to_not_eq … (le_S_S_to_le … Hi))
+    ]
+  |2,4,6,8,10,12,14,16,18,20,22,24: @conj >(injective_S … Hi) #H
+    [2,4,6,8,10,12,14,16,18,20,22,24: >(nth_append_second ? ? prefix ? ? (le_n (|prefix|)))
+       <minus_n_n // ]
+    @(ex_intro ? ? 0 (ex_intro ? ? short_jump (lookup_opt_insert_hit ? ? 16 ? policy)))
+  ]
+(* cases for the empty program *)
+|85: #i #Hi //
+|86: whd #i #Hi @⊥ @(absurd (i < 0)) [ @Hi | @not_le_Sn_O ]
+]
+ >(nth_append_first ? ? prefix ? ? (le_S_S_to_le … Hi)) #Hj
+ lapply (sig2 … policy) #Hpolicy elim (Hpolicy i (le_S_S_to_le … Hi) Hj)
+ #p #H elim H #j #Hpj %
+ [1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83: @p] %
+ [1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83: @j]
+ [2,3,26,27,28,29,30,31,32,33,34: >lookup_opt_insert_miss]
+ [2,4,6,8,10,12,14,16,18,20,22: @bitvector_of_nat_abs @lt_to_not_eq @(le_S_S_to_le … Hi) ] @Hpj
+qed.
+(* not really recursive *)
+let rec jump_expansion_step (program: list labelled_instruction)
+  (old_policy: Σpolicy.jump_in_policy program policy):
+qed.
+definition policy_increase: list labelled_instruction → jump_expansion_policy →
+  jump_expansion_policy → Prop ≝
+ λprogram.λop.λp.
+  (* (∀i:ℕ.i < |program| →
+    lookup_opt … (bitvector_of_nat ? i) op = lookup_opt … (bitvector_of_nat ? i) p) ∨ *)
+  (∀i:ℕ.i < |program| →
+    jmpleq
+      (\snd (bvt_lookup … (bitvector_of_nat ? i) op 〈0,short_jump〉))
+      (\snd (bvt_lookup … (bitvector_of_nat ? i) p 〈0,short_jump〉))).
+definition jump_expansion_step: ∀program:list labelled_instruction.
+  ∀old_policy:(Σpolicy.
+    (∀i.i ≥ |program| → lookup_opt … (bitvector_of_nat 16 i) policy = None ?) ∧
+    jump_in_policy program policy).
   (Σpolicy.
+    And (jump_in_policy program policy) (* XXX ∧ causes ambiguity *)
+    (jump_in_policy program policy →
+     (∀i.lt i (|program|) (* XXX < causes ambiguity *) → is_jump (nth i ? program 〈None ?, Comment []〉) →
+     jmpleq
+       (\snd (lookup … (bitvector_of_nat 16 i) old_policy 〈0,short_jump〉))
+       (\snd (lookup … (bitvector_of_nat 16 i) policy 〈0,short_jump〉)))
+    )
+   ) ≝
+    (∀i.i ≥ |program| → lookup_opt … (bitvector_of_nat 16 i) policy = None ?) ∧
+    jump_in_policy program policy ∧
+    policy_increase program old_policy policy)
+    ≝
+  λprogram.λold_policy.
   let labels ≝ create_label_map program old_policy in
   let 〈final_pc, final_policy〉 ≝
     foldl_strong (option Identifier × pseudo_instruction)
     (λprefix.ℕ × Σpolicy.
+      (∀i.i ≥ |prefix| → lookup_opt … (bitvector_of_nat 16 i) policy = None ?) ∧
       jump_in_policy prefix policy ∧
+      (jump_in_policy prefix policy →
+       (∀i.i < |prefix| → is_jump (nth i ? prefix 〈None ?, Comment []〉) →
+       jmpleq
+         (\snd (lookup … (bitvector_of_nat 16 i) old_policy 〈0,short_jump〉))
+         (\snd (lookup … (bitvector_of_nat 16 i) policy 〈0,short_jump〉)))
+      )
+      policy_increase prefix old_policy policy
+    )
     program
 …
     ) 〈0, Stub ? ?〉 in
     final_policy.
+[ @conj
+  [ #i >append_length <commutative_plus #Hi normalize in Hi; cases (le_to_or_lt_eq … Hi) -Hi;
+    [ #Hi; >(nth_append_first ? ? prefix ? ? (le_S_S_to_le … Hi)) #Hj
+      lapply (sig2 … policy) #Hacc elim ((proj1 … Hacc) i (le_S_S_to_le … Hi) Hj) #h #n elim n
+      -n #n #Hn
+      % [ @h | % [ @n | normalize nodelta cases instr normalize nodelta
+      [2,3: #x cases (lookup ??? old_policy ?) #y #z @Hn
+      |6: #x #y cases (lookup ??? old_policy ?) #w #z @Hn
+      |1: #pi cases (lookup ??? old_policy ?) #x #y cases (jump_expansion_step_instruction ???)
+        [ @Hn
+        | #z normalize nodelta <Hn @lookup_opt_insert_miss
+          @bitvector_of_nat_abs @(lt_to_not_eq i (|prefix|)) @(le_S_S_to_le … Hi)
+[ @conj [ @conj #i >append_length <commutative_plus #Hi normalize in Hi;
+[ cases (lookup ??? old_policy ?) #h #n cases add_instr
+  [ @(proj1 ?? (proj1 ?? (sig2 ?? policy)) i (le_S_to_le … Hi))
+  | #z normalize nodelta >lookup_opt_insert_miss
+    [ @(proj1 ?? (proj1 ?? (sig2 ?? policy)) i (le_S_to_le … Hi))
+    | >eq_bv_sym @bitvector_of_nat_abs @lt_to_not_eq @Hi
+    ]
+  ]
+| cases (le_to_or_lt_eq … Hi) -Hi;
+  [ #Hi; >(nth_append_first ? ? prefix ? ? (le_S_S_to_le … Hi)) @conj
+    [ #Hj lapply (proj2 ?? (proj1 ?? (sig2 ?? policy)) i (le_S_S_to_le … Hi)) #Hacc
+      cases add_instr cases (lookup ??? old_policy ?) normalize nodelta #x #y
+      [ @(proj1 ?? Hacc Hj)
+      | #z elim (proj1 ?? Hacc Hj) #h #n elim n -n #n #Hn
+        % [ @h | % [ @n | <Hn @lookup_opt_insert_miss @bitvector_of_nat_abs
+            @(lt_to_not_eq i (|prefix|)) @(le_S_S_to_le … Hi) ] ]
+      ]
+    | lapply (proj2 ?? (proj1 ?? (sig2 ?? policy)) i (le_S_S_to_le … Hi)) #Hacc
+      #H elim H -H; #h #H elim H -H; #n cases add_instr cases (lookup ??? old_policy ?)
+      normalize nodelta #x #y [2: #z]
+      #Hl @(proj2 ?? Hacc) @(ex_intro ?? h (ex_intro ?? n ?))
+      [ <Hl @sym_eq @lookup_opt_insert_miss @bitvector_of_nat_abs @lt_to_not_eq @(le_S_S_to_le … Hi)
+      | @Hl
+      ]
+    ]
+  | #Hi >(injective_S … Hi) >(nth_append_second ? ? prefix ? ? (le_n (|prefix|)))
+     <minus_n_n whd in match (nth ????); whd in match (add_instr); cases instr
+     [1: #pi | 2,3: #x | 4,5: #id | 6: #x #y] @conj normalize nodelta
+     [3,5,11: #H @⊥ @H (* instr is not a jump *)
+     |4,6,12: #H elim H -H; #h #H elim H -H #n cases (lookup ??? old_policy ?)
+       #x #y normalize nodelta >(proj1 ?? (proj1 ?? (sig2 ?? policy)) (|prefix|) (le_n (|prefix|)))
+       #H destruct (H)
+     |7,9: (* instr is a jump *) #_ cases (lookup ??? old_policy ?) #h #n
+       whd in match (snd ???); @(ex_intro ?? pc)
+       [ @(ex_intro ?? (max_length n (select_jump_length (create_label_map program old_policy) pc id)))
+       | @(ex_intro ?? (max_length n (select_call_length (create_label_map program old_policy) pc id)))
+       ] @lookup_opt_insert_hit
+     |8,10: #_ //
+     |1,2: cases pi
+       [35,36,37: #H @⊥ @H
+       |4,5,8,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32: #x #H @⊥ @H
+       |1,2,3,6,7,33,34: #x #y #H @⊥ @H
+       |9,10,14,15: #id #_ cases (lookup ??? old_policy ?) #h #n
+         whd in match (snd ???);
+         @(ex_intro ?? pc (ex_intro ?? (max_length n (select_reljump_length (create_label_map program old_policy) pc id)) ?))
+         @lookup_opt_insert_hit
+       |11,12,13,16,17: #x #id #_ cases (lookup ??? old_policy ?) #h #n
+         whd in match (snd ???);
+         @(ex_intro ?? pc (ex_intro ?? (max_length n (select_reljump_length (create_label_map program old_policy) pc id)) ?))
+         @lookup_opt_insert_hit
+       |72,73,74: #H elim H -H; #h #H elim H -H #n cases (lookup ??? old_policy ?)
+        #x #y normalize nodelta
+        >(proj1 ?? (proj1 ?? (sig2 ?? policy)) (|prefix|) (le_n (|prefix|))) #H destruct (H)
+       |41,42,45,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69: #x
+        #H elim H -H; #h #H elim H -H #n cases (lookup ??? old_policy ?)
+        #x #y normalize nodelta
+        >(proj1 ?? (proj1 ?? (sig2 ?? policy)) (|prefix|) (le_n (|prefix|))) #H destruct (H)
+       |38,39,40,43,44,70,71: #x #y #H elim H -H; #h #H elim H -H #n
+        cases (lookup ??? old_policy ?) #x #y normalize nodelta
+        >(proj1 ?? (proj1 ?? (sig2 ?? policy)) (|prefix|) (le_n (|prefix|))) #H destruct (H)
+       |46,47,51,52: #id #_ //
+       |48,49,50,53,54: #x #id #_ //
+       ]
+     ]
+   ]
+  ]
+| lapply (refl ? add_instr) cases add_instr in ⊢ (???% → %);
+  [ #Ha #i >append_length >commutative_plus #Hi normalize in Hi;
+    cases (le_to_or_lt_eq … Hi) -Hi; #Hi
+    [ cases (lookup … (bitvector_of_nat ? (|prefix|)) old_policy 〈0,short_jump〉)
+      #x #y @((proj2 ?? (sig2 ?? policy)) i (le_S_S_to_le … Hi))
+    | normalize nodelta >(injective_S … Hi)
+      >lookup_opt_lookup_miss
+      [ >lookup_opt_lookup_miss
+        [ //
+        | cases (lookup ?? (bitvector_of_nat ? (|prefix|)) old_policy 〈0,short_jump〉)
+          #x #y normalize nodelta
+          >(proj1 ?? (proj1 ?? (sig2 ?? policy)) (|prefix|) (le_n (|prefix|))) //
+        ]
+      |4,5: #id cases (lookup ??? old_policy ?) #x #y normalize nodelta <Hn
+        @lookup_opt_insert_miss @bitvector_of_nat_abs
+        @(lt_to_not_eq i (|prefix|)) @(le_S_S_to_le … Hi)
+      ] ] ]
+    | #Hi >nth_append_second >(injective_S … Hi)
+      [ <minus_n_n #Hj normalize in Hj; normalize nodelta cases instr in Hj;
+        [2,3: #x #Hj @⊥ @Hj
+        |6: #x #y #Hj @⊥ @Hj
+        |1: #pi cases pi
+          [35,36,37: #Hj @⊥ @Hj
+          |4,5,8,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32: #x #Hj @⊥ @Hj
+          |1,2,3,6,7,33,34: #x #y #Hj @⊥ @Hj
+          |9,10,14,15: #j normalize nodelta #_
+            % [1,3,5,7: @pc
+              |2,4,6,8: lapply (refl ? (lookup … (bitvector_of_nat ? (|prefix|)) old_policy 〈0,short_jump〉))
+                cases (lookup … (bitvector_of_nat ? (|prefix|)) old_policy 〈0,short_jump〉) in ⊢ (???% → %);
+                #x #y #Hl normalize nodelta
+            % [1,3,5,7: @(max_length y (select_reljump_length (create_label_map program old_policy) pc j))
+              |2,4,6,8: @lookup_opt_insert_hit
+              ] ]
+          |11,12,13,16,17: #x #j normalize nodelta #_
+            % [1,3,5,7,9: @pc
+              |2,4,6,8,10: lapply (refl ? (lookup … (bitvector_of_nat ? (|prefix|)) old_policy 〈0,short_jump〉))
+                cases (lookup … (bitvector_of_nat ? (|prefix|)) old_policy 〈0,short_jump〉) in ⊢ (???% → %);
+                #x #y #Hl normalize nodelta
+            % [1,3,5,7,9: @(max_length y (select_reljump_length (create_label_map program old_policy) pc j))
+              |2,4,6,8,10: @lookup_opt_insert_hit
+              ] ]
+          ]
+        |4,5: #j normalize nodelta #_
+          % [1,3: @pc
+            |2,4: cases (lookup … (bitvector_of_nat ? (|prefix|)) old_policy 〈0,short_jump〉)
+                #x #y normalize nodelta
+            % [1: @(max_length y (select_jump_length (create_label_map program old_policy) pc j))
+              |3: @(max_length y (select_call_length (create_label_map program old_policy) pc j))
+              |2,4: @lookup_opt_insert_hit
+              ]
+            ]
+        ]
+      | @le_n
+      | >(proj1 ?? (jump_not_in_policy program old_policy (|prefix|) ?))
+        [ //
+        | >prf >p1 >nth_append_second [ <minus_n_n
+        generalize in match Ha; normalize nodelta cases instr normalize nodelta
+        [1: #pi cases pi
+         [1,2,3,6,7,33,34: #x #y #H normalize /2 by nmk/
+         |4,5,8,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32: #x #H normalize /2 by nmk/
+         |35,36,37: #H normalize /2 by nmk/
+         |9,10,14,15: #id whd in match (jump_expansion_step_instruction ???);
+           #H destruct (H)
+         |11,12,13,16,17: #x #id whd in match (jump_expansion_step_instruction ???);
+           #H destruct (H)
+         ]
+        |2,3: #x #H normalize /2 by nmk/
+        |6: #x #y #H normalize /2 by nmk/
+        |4,5: #id #H destruct (H)
+        ] | @le_n ]
+        | >prf >append_length normalize <plus_n_Sm @le_plus_n_r
+        ]
+      ]
+    ]
+  | #Hjip #i >append_length <commutative_plus #Hi normalize in Hi; cases (le_to_or_lt_eq … Hi) -Hi;
+    [ #Hi >(nth_append_first ? ? prefix ? ? (le_S_S_to_le … Hi)) #Hj
+      lapply (sig2 … policy) #Hpolicy normalize nodelta cases instr normalize nodelta
+      [2,3: #x cases (lookup ? 16 (bitvector_of_nat 16 (|prefix|)) old_policy ?) #y #z
+        normalize nodelta @(proj2 ? ? Hpolicy (proj1 ? ? Hpolicy) ? (le_S_S_to_le … Hi) Hj)
+      |6: #x #y cases (lookup ? 16 (bitvector_of_nat 16 (|prefix|)) old_policy ?) #w #z
+        normalize nodelta @(proj2 ? ? Hpolicy (proj1 ? ? Hpolicy) ? (le_S_S_to_le … Hi) Hj)
+      |1: #pi cases (lookup ? 16 (bitvector_of_nat 16 (|prefix|)) old_policy ?) #x #y
+        cases (jump_expansion_step_instruction ???)
+        [ @(proj2 ? ? Hpolicy (proj1 ? ? Hpolicy) ? (le_S_S_to_le … Hi) Hj)
+        | #z normalize nodelta
+          whd in match (snd ℕ jump_expansion_policy ?); >lookup_insert_miss
+          [ @(proj2 … Hpolicy (proj1 ? ? Hpolicy) ? (le_S_S_to_le … Hi) Hj)
+          | @bitvector_of_nat_abs @(lt_to_not_eq i (|prefix|)) @(le_S_S_to_le … Hi)
+  | #x #Ha #i >append_length >commutative_plus #Hi normalize in Hi;
+    cases (le_to_or_lt_eq … Hi) -Hi; #Hi
+    [ cases (lookup … (bitvector_of_nat ? (|prefix|)) old_policy 〈0,short_jump〉)
+      #y #z normalize nodelta normalize nodelta >lookup_insert_miss
+      [ @((proj2 ?? (sig2 ?? policy)) i (le_S_S_to_le … Hi))
+      | @bitvector_of_nat_abs @lt_to_not_eq @(le_S_S_to_le … Hi)
+      ]
+    | >(injective_S … Hi) elim (proj1 ?? (proj2 ?? (sig2 ?? old_policy) (|prefix|) ?) ?)
+      [ #a #H elim H -H; #b #H >H >(lookup_opt_lookup_hit … 〈a,b〉 H)
+        normalize nodelta >lookup_insert_hit @jmpleq_max_length
+      | >prf >p1 >nth_append_second
+        [ <minus_n_n generalize in match Ha; normalize nodelta cases instr normalize nodelta
+          [1: #pi cases pi
+           [1,2,3,6,7,33,34: #x #y #H normalize in H; destruct (H)
+           |4,5,8,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32: #x #H normalize in H; destruct (H)
+           |35,36,37: #H normalize in H; destruct (H)
+           |9,10,14,15: #id #H //
+           |11,12,13,16,17: #x #id #H //
+           ]
+          |2,3: #x #H normalize in H; destruct (H)
+          |6: #x #y #H normalize in H; destruct (H)
+          |4,5: #id #H //
+          ]
+        ]
+      |4,5: #id cases (lookup ? 16 (bitvector_of_nat 16 (|prefix|)) old_policy ?) #x #y
+        normalize nodelta >lookup_insert_miss
+        [1,3: @(proj2 … Hpolicy (proj1 ? ? Hpolicy) ? (le_S_S_to_le … Hi) Hj)
+        |2,4: @bitvector_of_nat_abs @(lt_to_not_eq i (|prefix|)) @(le_S_S_to_le … Hi)
+        ]
+        | @le_n ]
+      | >prf >append_length normalize <plus_n_Sm @le_plus_n_r
+      ]
+    | #Hi >nth_append_second >(injective_S … Hi)
+      [ <minus_n_n #Hj normalize in Hj; normalize nodelta cases instr in Hj;
+        [2,3: #x #Hj @⊥ @Hj
+        |6: #x #y #Hj @⊥ @Hj
+        |1: #pi cases pi
+          [35,36,37: #Hj @⊥ @Hj
+          |4,5,8,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32: #x #Hj @⊥ @Hj
+          |1,2,3,6,7,33,34: #x #y #Hj @⊥ @Hj
+          |9,10,14,15: #j normalize nodelta #_
+            cases (lookup ???? 〈0,short_jump〉) #x #y
+            whd in match (snd ℕ jump_expansion_policy ?);
+            >lookup_insert_hit normalize @jmpleq_max_length
+          |11,12,13,16,17: #z #j normalize nodelta #_
+            cases (lookup ???? 〈0,short_jump〉) #x #y
+            whd in match (snd ℕ jump_expansion_policy ?);
+            >lookup_insert_hit normalize @jmpleq_max_length
+          ]
+        |4,5: #id #_ cases (lookup ???? 〈0,short_jump〉) #x #y
+              whd in match (snd ℕ jump_expansion_policy ?);
+              >lookup_insert_hit normalize @jmpleq_max_length
+        ]
+      | @le_n
+      ]
+    ]
+  ]
+| @conj
+  [ #i #Hi @⊥ @(absurd (i<0)) [ @Hi | @(not_le_Sn_O) ]
+  | #H #i #Hi @⊥ @(absurd (i<0)) [ @Hi | @(not_le_Sn_O) ]
+  ]
+    ]
+  ] ]
+| @conj [ @conj
+  [ #i #Hi //
+  | #i #Hi @conj [ >nth_nil #H @⊥ @H | #H elim H #x #H1 elim H1 #y #H2
+                   normalize in H2; destruct (H2) ]
+  ]
+  | #i #Hi @⊥ @(absurd (i<0)) [ @Hi | @(not_le_Sn_O) ]
+]
 qed.
 let rec jump_expansion_internal (program: list labelled_instruction)
+  (n: ℕ) on n: (Σpolicy:jump_expansion_policy.jump_in_policy program policy) ≝
+  (n: ℕ) on n: (Σpolicy:jump_expansion_policy.
+    And
+    (∀i:ℕ.i ≥ |program| → lookup_opt ? 16 (bitvector_of_nat ? i) policy = None ?)
+    (jump_in_policy program policy)) ≝
   match n with
   [ O   ⇒ jump_expansion_start program
 …
+]
 qed.
+definition policy_equal ≝
+  λprogram:list labelled_instruction.λp1,p2:jump_expansion_policy.
+  ∀n:ℕ.n < |program| →
+    (\snd (bvt_lookup … (bitvector_of_nat 16 n) p1 〈0,short_jump〉)) =
+    (\snd (bvt_lookup … (bitvector_of_nat 16 n) p2 〈0,short_jump〉)).
+lemma pe_refl:
+  ∀program.reflexive ? (policy_equal program).
+ #program whd #x whd #n #Hn @refl
+qed.
+lemma pe_sym:
+  ∀program.symmetric ? (policy_equal program).
+ #program whd #x #y #Hxy whd #n #Hn
+ >(Hxy n Hn) @refl
+qed.
+lemma pe_trans:
+  ∀program.transitive ? (policy_equal program).
+ #program whd #x #y #z #Hxy #Hyz whd #n #Hn
+ >(Hxy n Hn) @(Hyz n Hn)
+qed.
+lemma le_plus:
+  ∀n,m:ℕ.n ≤ m → ∃k:ℕ.m = n + k.
+ #n #m elim m -m;
+ [ #Hn % [ @O | <(le_n_O_to_eq n Hn) // ]
+ | #m #Hind #Hn cases (le_to_or_lt_eq … Hn) -Hn; #Hn
+   [ elim (Hind (le_S_S_to_le … Hn)) #k #Hk % [ @(S k) | >Hk // ]
+   | % [ @O | <Hn // ]
+   ]
+ ]
+qed.
+theorem plus_Sn_m1: ∀n,m:nat. S m + n = m + S n.
+#n (elim n) normalize /2 by S_pred/ qed.
+lemma pe_step: ∀program:list labelled_instruction.
+ ∀p1,p2:Σpolicy.
+ (∀i:ℕ.i ≥ |program| → lookup_opt … (bitvector_of_nat ? i) policy = None ?)
+ ∧jump_in_policy program policy.
+  policy_equal program p1 p2 →
+  policy_equal program (jump_expansion_step program p1) (jump_expansion_step program p2).
+ #program #p1 #p2 #Heq whd #n #Hn lapply (Heq n Hn) #H
+ lapply (refl ? (lookup_opt … (bitvector_of_nat ? n) p1))
+ cases (lookup_opt … (bitvector_of_nat ? n) p1) in ⊢ (???% → ?);
+ [ #Hl lapply ((proj2 ?? (jump_not_in_policy program p1 n Hn)) Hl)
+   #Hnotjmp >lookup_opt_lookup_miss
+   [ >lookup_opt_lookup_miss
+     [ @refl
+     | @(proj1 ?? (jump_not_in_policy program (eject … (jump_expansion_step program p2)) n Hn))
+       [ @(proj1 ?? (sig2 … (jump_expansion_step program p2)))
+       | @Hnotjmp
+       ]
+     ]
+   | @(proj1 ?? (jump_not_in_policy program (eject … (jump_expansion_step program p1)) n Hn))
+     [ @(proj1 ?? (sig2 ?? (jump_expansion_step program p1)))
+     | @Hnotjmp
+     ]
+   ]
+ | #x #Hl cases daemon
+ ]
+qed.
+lemma equal_remains_equal: ∀program:list labelled_instruction.∀n:ℕ.
+  policy_equal program (jump_expansion_internal program n) (jump_expansion_internal program (S n)) →
+  ∀k.k ≥ n → policy_equal program (jump_expansion_internal program n) (jump_expansion_internal program k).
+ #program #n #Heq #k #Hk elim (le_plus … Hk); #z #H >H -H -Hk -k;
+ lapply Heq -Heq; lapply n -n; elim z -z;
+ [ #n #Heq <plus_n_O @pe_refl
+ | #z #Hind #n #Heq <plus_Sn_m1 whd in match (plus (S n) z); @(pe_trans … (jump_expansion_internal program (S n)))
+   [ @Heq
+   | @pe_step @Hind @Heq
+   ]
+ ]
+qed.
+lemma dec_bounded_forall:
+  ∀P:ℕ → Prop.(∀n.(P n) + (¬P n)) → ∀k.(∀n.n < k → P n) + ¬(∀n.n < k → P n).
+ #P #HP_dec #k elim k -k
+ [ %1 #n #Hn @⊥ @(absurd (n < 0) Hn) @not_le_Sn_O
+ | #k #Hind cases Hind
+   [ #Hk cases (HP_dec k)
+     [ #HPk %1 #n #Hn cases (le_to_or_lt_eq … Hn)
+       [ #H @(Hk … (le_S_S_to_le … H))
+       | #H >(injective_S … H) @HPk
+       ]
+     | #HPk %2 @nmk #Habs @(absurd (P k)) [ @(Habs … (le_n (S k))) | @HPk ]
+     ]
+   | #Hk %2 @nmk #Habs @(absurd (∀n.n<k→P n)) [ #n' #Hn' @(Habs … (le_S … Hn')) | @Hk ]
+   ]
+ ]
+qed.
+lemma dec_bounded_exists:
+  ∀P:ℕ→Prop.(∀n.(P n) + (¬P n)) → ∀k.(∃n.n < k ∧ P n) + ¬(∃n.n < k ∧ P n).
+ #P #HP_dec #k elim k -k
+ [ %2 @nmk #Habs elim Habs #n #Hn @(absurd (n < 0) (proj1 … Hn)) @not_le_Sn_O
+ | #k #Hind cases Hind
+   [ #Hk %1 elim Hk #n #Hn @(ex_intro … n) @conj [ @le_S @(proj1 … Hn) | @(proj2 … Hn) ]
+   | #Hk cases (HP_dec k)
+     [ #HPk %1 @(ex_intro … k) @conj [ @le_n | @HPk ]
+     | #HPk %2 @nmk #Habs elim Habs #n #Hn cases (le_to_or_lt_eq … (proj1 … Hn))
+       [ #H @(absurd (∃n.n < k ∧ P n)) [ @(ex_intro … n) @conj
+         [ @(le_S_S_to_le … H) | @(proj2 … Hn) ] | @Hk ]
+       | #H @(absurd (P k)) [ <(injective_S … H) @(proj2 … Hn) | @HPk ]
+       ]
+     ]
+   ]
+ ]
+qed.
+lemma not_exists_forall:
+  ∀A:Type[0].∀P:A → Prop.¬(∃x.P x) → ∀x.¬P x.
+ #A #P #Hex #x @nmk #Habs @(absurd ? ? Hex) @(ex_intro … x) @Habs
+qed.
+lemma de_morgan1:
+ ∀A,B:Prop.¬(A ∧ ¬B) → A → ¬¬B.
+ #A #B #Hnot #HA @nmk #H @(absurd (A∧¬B)) [ % [ @HA | @H ] | @Hnot ]
+qed.
+lemma thingie:
+  ∀A:Prop.(A + ¬A) → (¬¬A) → A.
+ #A #Adec #nnA cases Adec
+ [ //
+ | #H @⊥ @(absurd (¬A) H nnA)
+ ]
+qed.
+lemma dec_eq_jump_length: ∀a,b:jump_length.(a = b) + (a ≠ b).
+  #a #b cases a cases b /2/
+  %2 @nmk #H destruct (H)
+qed.
+lemma incr_or_equal: ∀program:list labelled_instruction.
+  ∀policy:(Σp:jump_expansion_policy.
+    (∀i.i ≥ |program| → lookup_opt … (bitvector_of_nat ? i) p = None ?) ∧
+    jump_in_policy program p).
+  policy_equal program policy (jump_expansion_step program policy) ∨
+  ∃n:ℕ.jmple
+    (\snd (bvt_lookup … (bitvector_of_nat ? n) policy 〈0,short_jump〉))
+    (\snd (bvt_lookup … (bitvector_of_nat ? n) (jump_expansion_step program policy) 〈0,short_jump〉)).
+ #program #policy cases (dec_bounded_exists
+   (λk.
+     \snd (bvt_lookup ?? (bitvector_of_nat ? k) policy 〈0,short_jump〉) ≠
+     \snd (bvt_lookup ?? (bitvector_of_nat ? k) (jump_expansion_step program policy) 〈0,short_jump〉))
+   ? (|program|))
+   [ #H %2 elim H -H; #i #Hi
+     cases (proj2 ?? (sig2 ?? (jump_expansion_step program policy)) i (proj1 ?? Hi))
+     [ #H @(ex_intro … i H)
+     | #H @⊥ @(absurd ? H (proj2 ?? Hi))
+     ]
+   | #H %1 whd #i #Hi @(thingie ? (dec_eq_jump_length ??)) elim H -H #H; @nmk #H2 @H
+     @(ex_intro … i) @conj [ @Hi | @H2 ]
+   | #n cases (dec_eq_jump_length (\snd (lookup ?? (bitvector_of_nat ? n) policy 〈0,short_jump〉))
+     (\snd (lookup ?? (bitvector_of_nat ? n) (jump_expansion_step program policy) 〈0,short_jump〉)))
+     [ #H %2 @nmk #H1 elim H1 #H2 @H2 @H
+     | #H %1 @H
+     ]
+   ]
+qed.
 (**************************************** START OF POLICY ABSTRACTION ********************)

src/ASM/Fetch.ma

r895	r1555
6	6	λpmem: BitVectorTrie Byte 16.
7	7	λpc: Word.
8		〈\snd (half_add … pc (bitvector_of_nat 16 (S O))), lookup … pc pmem (zero 8)〉.
	8	〈\snd (half_add … pc (bitvector_of_nat 16 (S O))), lookup ? ? pc pmem (zero 8)〉.
9	9
10	10	(* timings taken from SIEMENS *)

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 1555 for src/ASM

Legend:

src/ASM/Assembly.ma

src/ASM/Fetch.ma

Download in other formats: