Changeset 1621

Timestamp:

Dec 15, 2011, 10:22:59 AM (8 years ago)

Author:

mulligan

Message:

to prevent conflicts

File:

• src/ASM/ASMCosts.ma (modified) (2 diffs)

src/ASM/ASMCosts.ma

@@ -91 +91 @@
   //
 qed. 
-  
-axiom minus_m_n_le_minus_m_So_to_Sm_minus_n_le_minus_m_o:
-  ∀m, n, o: nat.
-    m - n ≤ m - S o → S m - n ≤ m - o.
-(* XXX: ^^^ false without some preconditions *)
-
-axiom m_leq_n_to_m_eq_n_or_m_lt_n:
-  ∀n, m: nat.
-    m ≤ n → m = n ∨ m < n.
-
-lemma strengthened_invariant:
-  ∀code_memory: BitVectorTrie Byte 16.
-  ∀total_program_size: nat.
-  ∀new_program_counter: Word.
-  ∀program_counter: Word.
-    total_program_size ≤ code_memory_size →
-      let end_instr ≝ \fst (\fst (fetch … code_memory (bitvector_of_nat … total_program_size))) in
-        Or (ASM_classify0 end_instr = cl_jump) (ASM_classify0 end_instr = cl_return) →
-          new_program_counter = \snd (\fst (fetch … code_memory program_counter)) →
-            nat_of_bitvector … program_counter ≤ total_program_size →
-              nat_of_bitvector … new_program_counter ≤ total_program_size.
-  #code_memory #total_program_size #new_program_counter #program_counter
-  #relation_total_program_code_memory_size #end_instruction_is_ok
-  #new_program_counter_from_fetch #program_counter_within_program
-  >new_program_counter_from_fetch
-  lapply (fetch code_memory program_counter) #assm
-  cases daemon
+    
+definition good_program_counter: BitVectorTrie Byte 16 → Word → nat → Prop ≝
+  λcode_memory: BitVectorTrie Byte 16.
+  λprogram_counter: Word.
+  λprogram_size: nat.
+    ∃n: nat.
+      let tail_program_counter ≝ fetch_program_counter_n n code_memory (zero 16) in
+        program_counter = fetch_program_counter_n (S n) code_memory (zero 16) ∧
+          nat_of_bitvector 16 program_counter ≤ program_size ∧
+            nat_of_bitvector 16 tail_program_counter ≤ nat_of_bitvector 16 program_counter.
+
+definition good_program: BitVectorTrie Byte 16 → Word → nat → Prop ≝
+  λcode_memory: BitVectorTrie Byte 16.
+  λprogram_counter: Word.
+  λtotal_program_size: nat.
+  let 〈instruction, program_counter, ticks〉 ≝ fetch code_memory program_counter in
+    match instruction with
+    [ RealInstruction instr ⇒
+      match instr with
+      [ RET                    ⇒ True
+      | JC   relative          ⇒ True (* XXX: see below *)
+      | JNC  relative          ⇒ True (* XXX: see below *)
+      | JB   bit_addr relative ⇒ True
+      | JNB  bit_addr relative ⇒ True
+      | JBC  bit_addr relative ⇒ True
+      | JZ   relative          ⇒ True
+      | JNZ  relative          ⇒ True
+      | CJNE src_trgt relative ⇒ True
+      | DJNZ src_trgt relative ⇒ True
+      | _                      ⇒
+          good_program_counter code_memory program_counter total_program_size
+      ]
+    | LCALL addr         ⇒
+      match addr return λx. bool_to_Prop (is_in … [[ addr16 ]] x) → Prop with
+      [ ADDR16 addr ⇒ λaddr16: True.
+          good_program_counter code_memory addr total_program_size ∧
+            good_program_counter code_memory program_counter total_program_size
+      | _ ⇒ λother: False. ⊥
+      ] (subaddressing_modein … addr)
+    | ACALL addr         ⇒
+      match addr return λx. bool_to_Prop (is_in … [[ addr11 ]] x) → Prop with
+      [ ADDR11 addr ⇒ λaddr11: True.
+        let 〈pc_bu, pc_bl〉 ≝ split … 8 8 program_counter in
+        let 〈thr, eig〉 ≝ split … 3 8 addr in
+        let 〈fiv, thr'〉 ≝ split … 5 3 pc_bu in
+        let new_program_counter ≝ (fiv @@ thr) @@ pc_bl in
+          good_program_counter code_memory new_program_counter total_program_size ∧
+            good_program_counter code_memory program_counter total_program_size
+      | _ ⇒ λother: False. ⊥
+      ] (subaddressing_modein … addr)
+    | AJMP  addr         ⇒
+      match addr return λx. bool_to_Prop (is_in … [[ addr11 ]] x) → Prop with
+      [ ADDR11 addr ⇒ λaddr11: True.
+        let 〈pc_bu, pc_bl〉 ≝ split … 8 8 program_counter in
+        let 〈nu, nl〉 ≝ split … 4 4 pc_bu in
+        let bit ≝ get_index' … O ? nl in
+        let 〈relevant1, relevant2〉 ≝ split … 3 8 addr in
+        let new_addr ≝ (nu @@ (bit ::: relevant1)) @@ relevant2 in
+        let 〈carry, new_program_counter〉 ≝ half_add 16 program_counter new_addr in
+          (good_program_counter code_memory new_program_counter total_program_size) ∧
+            (good_program_counter code_memory program_counter total_program_size)
+      | _ ⇒ λother: False. ⊥
+      ] (subaddressing_modein … addr)
+    | LJMP  addr         ⇒
+      match addr return λx. bool_to_Prop (is_in … [[ addr16 ]] x) → Prop with
+      [ ADDR16 addr ⇒ λaddr16: True.
+          good_program_counter code_memory addr total_program_size ∧
+            good_program_counter code_memory program_counter total_program_size
+      | _ ⇒ λother: False. ⊥
+      ] (subaddressing_modein … addr)
+    | SJMP  addr     ⇒
+      match addr return λx. bool_to_Prop (is_in … [[ relative ]] x) → Prop with
+      [ RELATIVE addr ⇒ λrelative: True.
+        let 〈carry, new_program_counter〉 ≝ half_add … program_counter (sign_extension addr) in
+          good_program_counter code_memory new_program_counter total_program_size ∧
+            good_program_counter code_memory program_counter total_program_size
+      | _ ⇒ λother: False. ⊥
+      ] (subaddressing_modein … addr)
+    | JMP   addr     ⇒ True (* XXX: should recurse here, but dptr in JMP ... *)
+    | MOVC  src trgt ⇒
+        good_program_counter code_memory program_counter total_program_size
+    ].
+  cases other
 qed.
-    
+
+axiom dubious:
+  ∀m, n, o, p: nat.
+    1 ≤ p → n ≤ m → m - n ≤ S o → m - (n + p) ≤ o.
+
+lemma subaddressing_mod_elim:
+ ∀T:Type[2].
+ ∀P1,P2,P3,P4,P5,P6,P7,P8,P9,P10,P11,P12,P13,P14,P15,P16,P17,P18,P19,addr,p.
+ ∀Q: addressing_mode → T → Prop.
+ (∀w. Q (ADDR11 w) (P1 w)) →
+  Q addr (match addr
+     in addressing_mode
+     return λx:addressing_mode.(is_in 1 [[addr11]] x→T)
+     with 
+    [ADDR11 (x:Word11) ⇒ λH:True. P1 x
+    |ADDR16 _ ⇒ λH:False. P2 H
+    |DIRECT _ ⇒ λH:False. P3 H
+    |INDIRECT _ ⇒ λH:False. P4 H
+    |EXT_INDIRECT _ ⇒ λH:False. P5 H
+    |ACC_A ⇒ λH:False. P6 H
+    |REGISTER _ ⇒ λH:False. P7 H
+    |ACC_B ⇒ λH:False. P8 H
+    |DPTR ⇒ λH:False. P9 H
+    |DATA _ ⇒ λH:False. P10 H
+    |DATA16 _ ⇒ λH:False. P11 H
+    |ACC_DPTR ⇒ λH:False. P12 H
+    |ACC_PC ⇒ λH:False. P13 H
+    |EXT_INDIRECT_DPTR ⇒ λH:False. P14 H
+    |INDIRECT_DPTR ⇒ λH:False. P15 H
+    |CARRY ⇒ λH:False. P16 H
+    |BIT_ADDR _ ⇒ λH:False. P17 H
+    |N_BIT_ADDR _ ⇒ λH:False. P18 H   
+    |RELATIVE _ ⇒ λH:False. P19 H
+    ] p).
+ #T #P1 #P2 #P3 #P4 #P5 #P6 #P7 #P8 #P9 #P10 #P11 #P12 #P13
+ #P14 #P15 #P16 #P17 #P18 #P19
+ * try #x1 try #x2 try #x3 try #x4
+ try (@⊥ assumption) normalize @x4
+qed.
+
+let rec block_cost
+  (code_memory: BitVectorTrie Byte 16) (program_counter: Word)
+    (program_size: nat) (total_program_size: nat) (cost_labels: BitVectorTrie costlabel 16)
+      (good_program_witness: good_program code_memory program_counter total_program_size)
+        on program_size: total_program_size - nat_of_bitvector … program_counter ≤ program_size → nat ≝
+  match program_size return λprogram_size: nat. total_program_size - nat_of_bitvector … program_counter ≤ program_size → nat with
+  [ O ⇒ λbase_case. 0
+  | S program_size' ⇒ λrecursive_case.
+    let 〈instruction, program_counter', ticks〉 as FETCH ≝ fetch code_memory program_counter in
+      match lookup_opt … program_counter' cost_labels return λx: option costlabel. nat with
+      [ None   ⇒
+        match instruction return λx. x = instruction → ? with
+        [ RealInstruction instruction ⇒ λreal_instruction.
+          match instruction return λx. x = instruction → ? with
+          [ RET                    ⇒ λret.  ticks
+          | JC   relative          ⇒ λjc.   ticks
+          | JNC  relative          ⇒ λjnc.  ticks
+          | JB   bit_addr relative ⇒ λjb.   ticks
+          | JNB  bit_addr relative ⇒ λjnb.  ticks
+          | JBC  bit_addr relative ⇒ λjbc.  ticks
+          | JZ   relative          ⇒ λjz.   ticks
+          | JNZ  relative          ⇒ λjnz.  ticks
+          | CJNE src_trgt relative ⇒ λcjne. ticks
+          | DJNZ src_trgt relative ⇒ λdjnz. ticks
+          | _                      ⇒ λalt.
+              ticks + block_cost code_memory program_counter' program_size' total_program_size cost_labels ? ?
+          ] (refl … instruction)
+        | ACALL addr     ⇒ λacall.
+            ticks + block_cost code_memory program_counter' program_size' total_program_size cost_labels ? ?
+        | AJMP  addr     ⇒ λajmp. ticks
+        | LCALL addr     ⇒ λlcall.
+            ticks + block_cost code_memory program_counter' program_size' total_program_size cost_labels ? ?
+        | LJMP  addr     ⇒ λljmp. ticks
+        | SJMP  addr     ⇒ λsjmp. ticks
+        | JMP   addr     ⇒ λjmp. (* XXX: actually a call due to use with fptrs *)
+            ticks + block_cost code_memory program_counter' program_size' total_program_size cost_labels ? ?
+        | MOVC  src trgt ⇒ λmovc.
+            ticks + block_cost code_memory program_counter' program_size' total_program_size cost_labels ? ?
+        ] (refl … instruction)
+      | Some _ ⇒ ticks
+      ]
+  ].
+  [1: -block_cost -eta62747 -program_size
+    generalize in match good_program_witness;
+    whd in match good_program; normalize nodelta
+    cases FETCH normalize nodelta
+    cases acall normalize nodelta
+    @(subaddressing_mod_elim Prop ??????????????????? addr
+       (subaddressing_modein ? [[addr11]] addr)
+       (λ_.λP. P → total_program_size-nat_of_bitvector 16 program_counter'≤program_size'))
+       
+    cases addr #subaddressing_mode cases subaddressing_mode
+    try (#assm #absurd normalize in absurd; cases absurd)
+    try (#absurd normalize in absurd; cases absurd)
+    normalize nodelta
+    cases (split … 8 8 program_counter') #pc_bu #pc_bl normalize nodelta
+    cases (split … 3 8 assm) #thr #eig normalize nodelta
+    cases (split … 5 3 pc_bu) #fiv #thr' normalize nodelta
+    #assm cases assm #ignore
+    whd in match good_program_counter; normalize nodelta * #n * *
+    #program_counter_eq' #program_counter_lt_total_program_size
+    #fetch_n_leq_program_counter'
+    lapply(dubious total_program_size (nat_of_bitvector … program_counter')
+      program_size' ? ? ? ?)
+    [2: assumption ]
+  [2:
+    (* generalize in match good_program_witness; *)
+    whd in match good_program; normalize nodelta
+    cases FETCH normalize nodelta
+    cases (fetch code_memory program_counter') #instruction_program_counter' #ticks' normalize nodelta
+    cases instruction_program_counter' #instruction' #program_counter'' normalize nodelta
+    cases acall normalize nodelta
+    cases addr #subaddressing_mode cases subaddressing_mode
+    try (#assm #absurd normalize in absurd; cases absurd)
+    try (#absurd normalize in absurd; cases absurd)
+    normalize nodelta
+    cases instruction'
+    try (#assm normalize nodelta)
+    [7:
+      #irrelevant
+      whd in match good_program_counter; normalize nodelta
+      
+      
+      
+      
+      
+      
+      
+      
+      
 (* XXX: use memoisation here in the future *)
 let rec block_cost
@@ -126 +311 @@
       (size_invariant: total_program_size ≤ code_memory_size)
         (pc_invariant: nat_of_bitvector … program_counter < total_program_size)
-          (final_instr_invariant:
-            let instr ≝ \fst (\fst (fetch … code_memory (bitvector_of_nat … total_program_size))) in
-              Or (ASM_classify0 instr = cl_jump) (ASM_classify0 instr = cl_return))
-                on program_size: total_program_size - nat_of_bitvector … program_counter ≤ program_size → nat ≝
+          on program_size: total_program_size - nat_of_bitvector … program_counter ≤ program_size → nat ≝
   match program_size return λprogram_size: nat. total_program_size - nat_of_bitvector … program_counter ≤ program_size → nat with
   [ O ⇒ λbase_case. 0 (* XXX: change from ⊥ before *)
   | S program_size ⇒ λrecursive_case.
-    let ticks ≝ \snd (fetch … code_memory program_counter) in
-    let instr ≝ \fst (\fst (fetch … code_memory program_counter)) in
-    let newpc ≝ \snd (\fst (fetch … code_memory program_counter)) in
-    match lookup_opt … newpc cost_labels return λx: option costlabel. nat with
-    [ None ⇒
-        match ASM_classify0 instr with
-        [ cl_jump ⇒ ticks
-        | cl_call ⇒ ticks + (block_cost code_memory cost_labels newpc program_size total_program_size size_invariant ? final_instr_invariant ?)
-        | cl_return ⇒ ticks
-        | cl_other ⇒ ticks + (block_cost code_memory cost_labels newpc program_size total_program_size size_invariant ? final_instr_invariant ?)
-        ]
-    | Some _ ⇒ ticks
-    ]
+    let 〈instr, newpc, ticks〉 ≝ fetch … code_memory program_counter in
+      match lookup_opt … newpc cost_labels return λx: option costlabel. nat with
+      [ None ⇒
+          let classify ≝ ASM_classify0 instr in
+          match classify return λx. classify = x → ? with
+          [ cl_jump ⇒ λclassify_refl. ticks
+          | cl_call ⇒ λclassify_refl. (* ite here *)
+              ticks + (block_cost code_memory cost_labels newpc program_size total_program_size size_invariant ? final_instr_invariant ?)
+          | cl_return ⇒ λclassify_refl. ticks
+          | cl_other ⇒ λclassify_refl. (* ite here *)
+              ticks + (block_cost code_memory cost_labels newpc program_size total_program_size size_invariant ? final_instr_invariant ?)
+          ] (refl … classify)
+        | Some _ ⇒ ticks
+      ]
   ].
-  [1,3:
-    lapply(sig2 ? ? (fetch code_memory program_counter))
-    change with (
-      nat_of_bitvector … newpc
-    ) in ⊢ (??% → ?);
-  
-  
-  
-  [1:
-    cases(lt_to_not_zero … absurd)
-  |2,4:
-    cut(nat_of_bitvector … program_counter < nat_of_bitvector … newpc)
-    [1,3:
-      normalize nodelta in match newpc;
-      lapply(sig2 ? ? (fetch code_memory program_counter))
-      [*: #assm assumption ]
-    |2,4:
-      #first_lt_assm
-    ]
-    
-    
-  |3,5:
-    lapply(sig2
-      normalize in recursive_case;
-      change with (
-        S (total_program_size - nat_of_bitvector … newpc) ≤ program_size)
-      lapply (le_S_S_to_le … recursive_case)
-      change with (
-        initial_program_size - (nat_of_bitvector … pc) ≤ program_size
-      ) in ⊢ (% → ?);
-      #second_le_assm
-      @(transitive_le
-        (S (initial_program_size-nat_of_bitvector 16 newpc))
-        (initial_program_size-nat_of_bitvector_aux 16 O pc)
-        program_size ? second_le_assm)
-      change with (
-        initial_program_size - nat_of_bitvector … pc
-      ) in ⊢ (??%);
-      lapply (minus_Sn_m (nat_of_bitvector … newpc) initial_program_size)
-      #assm <assm in ⊢ (?%?);
-      [1,3:
-        @minus_m_n_le_minus_m_So_to_Sm_minus_n_le_minus_m_o
-        @monotonic_le_minus_r
-        assumption
-      |2,4:
-        @(strengthened_invariant mem initial_program_size newpc pc size_invariant final_instr_invariant)
-        [1,3:
-          %
-        |2,4:
-          assumption
-        ]
-      ]
-    ]
-  |3,5:
-  ]
-qed.
 
 let rec traverse_code_internal