Changeset 1645 for src/ASM/ASMCosts.ma

Timestamp:

Jan 13, 2012, 6:11:39 PM (8 years ago)

Author:

mulligan

Message:

more progress on the ASMCosts work: block_costs is now complete (subject to inhabiting the type of the subaddressing_mode eliminator). pushing on through file propagating changes and fixing type errors

File:

• src/ASM/ASMCosts.ma (modified) (12 diffs)

src/ASM/ASMCosts.ma

@@ -205 +205 @@
       | _ ⇒ λother: False. ⊥
       ] (subaddressing_modein … addr)
-    | JMP   addr     ⇒ True (* XXX: JMP is used for fptrs and unconstrained *)
+    | JMP   addr     ⇒ (* XXX: JMP is used for fptrs and unconstrained *)
+      nat_of_bitvector … program_counter < nat_of_bitvector … program_counter' ∧
+        nat_of_bitvector … program_counter' < total_program_size
     | MOVC  src trgt ⇒
         nat_of_bitvector … program_counter < nat_of_bitvector … program_counter' ∧
@@ -346 +348 @@
 qed.
 
-axiom subaddressing_mode_elim':
+lemma subaddressing_mode_elim':
+  ∀T: Type[2].
+  ∀n: nat.
+  ∀o: nat.
+  ∀Q: addressing_mode → T → Prop.
+  ∀fixed_v: Vector addressing_mode_tag (n + o).
+  ∀P1,P2,P3,P4,P5,P6,P7,P8,P9,P10,P11,P12,P13,P14,P15,P16,P17,P18,P19.
+  ∀v1: Vector addressing_mode_tag n.
+  ∀v2: Vector addressing_mode_tag o.
+  ∀fixed_v_proof: fixed_v = v1 @@ v2.
+  ∀subaddressing_mode_proof.
+    subaddressing_mode_elim_type T (n + o) fixed_v Q P1 P2 P3 P4 P5 P6 P7
+      P8 P9 P10 P11 P12 P13 P14 P15 P16 P17 P18 P19 (n + o) (v1 @@ v2) subaddressing_mode_proof.
+  #T #n #o #Q #fixed_v #P1 #P2 #P3 #P4 #P5 #P6 #P7 #P8 #P9 #P10
+  #P11 #P12 #P13 #P14 #P15 #P16 #P17 #P18 #P19 #v1 #v2 #fixed_v_proof
+  cases daemon
+qed.
+
+axiom subaddressing_mode_elim:
   ∀T: Type[2].
   ∀m: nat.
+  ∀n: nat.
+  ∀Q: addressing_mode → T → Prop.
   ∀fixed_v: Vector addressing_mode_tag m.
-  ∀Q: addressing_mode → T → Prop.
   ∀P1,P2,P3,P4,P5,P6,P7,P8,P9,P10,P11,P12,P13,P14,P15,P16,P17,P18,P19.
-  ∀n: nat.
   ∀v: Vector addressing_mode_tag n.
   ∀proof.
     subaddressing_mode_elim_type T m fixed_v Q P1 P2 P3 P4 P5 P6 P7
       P8 P9 P10 P11 P12 P13 P14 P15 P16 P17 P18 P19 n v proof.
-(*  #T #m #fixed_v #Q #H1 #H2 #H3 #H4 #H5 #H6 #H7 #H8 #H9 #H10 #H11 #H12 #H13 #H14 #H15 #H16 #H17 #H18 #H19 #n #v
-  elim v
-  [ #proof normalize
-    
-qed. *)
 
 (*
@@ -406 +421 @@
     n < o → m + n < m + o.
   #m #n #o #assm /2 by monotonic_le_plus_r/
-qed.
-
-(*
-axiom blah:
-  ∀instruction: instruction.
-  ∀program_counter': Word.
-  ∀ticks, n: nat.
-  ∀code_memory: BitVectorTrie Byte 16.
-    〈instruction,program_counter',ticks〉 = fetch code_memory (fetch_program_counter_n n code_memory (zero 16)) →
-       program_counter' = fetch_program_counter_n (S n) code_memory (zero …).
-*)    
+qed.    
 
 let rec block_cost
@@ -469 +474 @@
     lapply(good_program_witness program_counter reachable_program_counter_witness)
       <FETCH normalize nodelta <instr normalize nodelta
-    @(subaddressing_mode_elim' … [[addr11]] … [[addr11]]) [1: // ] #new_addr
+    @(subaddressing_mode_elim … [[addr11]] … [[addr11]]) [1: // ] #new_addr
     cases (split … 8 8 program_counter') #pc_bu #pc_bl normalize nodelta
     cases (split … 3 8 new_addr) #thr #eig normalize nodelta
@@ -489 +494 @@
     lapply(good_program_witness program_counter reachable_program_counter_witness)
       <FETCH normalize nodelta <instr normalize nodelta
-    @(subaddressing_mode_elim' … [[addr11]] … [[addr11]]) [1: // ] #new_addr
+    @(subaddressing_mode_elim … [[addr11]] … [[addr11]]) [1: // ] #new_addr
     cases (split … 8 8 program_counter') #pc_bu #pc_bl normalize nodelta
     cases (split … 3 8 new_addr) #thr #eig normalize nodelta
@@ -506 +511 @@
     lapply(good_program_witness program_counter reachable_program_counter_witness)
       <FETCH normalize nodelta <instr normalize nodelta
-    @(subaddressing_mode_elim' … [[addr16]] … [[addr16]]) [1: // ] #new_addr
+    @(subaddressing_mode_elim … [[addr16]] … [[addr16]]) [1: // ] #new_addr
     * * * * #n'
     #_ #_ #program_counter_lt' #program_counter_lt_tps'      
@@ -524 +529 @@
     lapply(good_program_witness program_counter reachable_program_counter_witness)
       <FETCH normalize nodelta <instr normalize nodelta
-    @(subaddressing_mode_elim' … [[addr16]] … [[addr16]]) [1: // ] #new_addr
+    @(subaddressing_mode_elim … [[addr16]] … [[addr16]]) [1: // ] #new_addr
     * * * * #n'
     #_ #_ #program_counter_lt' #program_counter_lt_tps'
@@ -535 +540 @@
       assumption
     ]
-  |6:
-    cases daemon (* XXX *)
-  |7:
-    cases daemon (* XXX *)
-  |8:
+  |6,8: (* JMP and MOVC *)
     cases reachable_program_counter_witness * #n #fetch_n_hyp #lt_hyp
     lapply(good_program_witness program_counter reachable_program_counter_witness)
@@ -556 +557 @@
         nat_of_bitvector … program_counter')
     assumption
-  |9:
-    cases reachable_program_counter_witness * #n #fetch_n_hyp #lt_hyp
-    lapply(good_program_witness program_counter reachable_program_counter_witness)
-      <FETCH normalize nodelta <instr normalize nodelta *
+  |7,9:
+    cases reachable_program_counter_witness * #n #fetch_n_hyp #lt_hyp
+    lapply(good_program_witness program_counter reachable_program_counter_witness)
+    <FETCH normalize nodelta <instr normalize nodelta *
     #program_counter_lt' #program_counter_lt_tps' %
-    [1:
+    [1,3:
       %{(S n)} whd in ⊢ (???%); <fetch_n_hyp normalize nodelta
       <FETCH normalize nodelta whd in match ltb; normalize nodelta
       >(le_to_leb_true … program_counter_lt') %
-    |2:
+    |2,4:
       assumption
     ]
@@ -572 +573 @@
     cases reachable_program_counter_witness * #n #fetch_n_hyp #lt_hyp
     lapply(good_program_witness program_counter reachable_program_counter_witness)
-      <FETCH normalize nodelta <real_instruction_refl <instr normalize nodelta *
+    <FETCH normalize nodelta <real_instruction_refl <instr normalize nodelta *
     #program_counter_lt' #program_counter_lt_tps' %
-    [1:
+    try assumption
+    [*:
       %{(S n)} whd in ⊢ (???%); <fetch_n_hyp normalize nodelta
       <FETCH normalize nodelta whd in match ltb; normalize nodelta
       >(le_to_leb_true … program_counter_lt') %
-    |2:
-      assumption
     ]
   |10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,
@@ -601 +601 @@
   ]
 qed.
-    
-    
-    
-    
-    
-    
-    
-  [1: (* ACALL *)
-    generalize in match good_program_witness;
-    whd in match good_program; normalize nodelta
-    cases FETCH normalize nodelta
-    cases instr normalize nodelta
-    @(subaddressing_mode_elim' … [[addr11]] … [[addr11]]) [1: // ] #new_addr
-    cases (split … 8 8 program_counter) #pc_bu #pc_bl normalize nodelta
-    cases (split … 3 8 new_addr) #thr #eig normalize nodelta
-    cases (split … 5 3 pc_bu) #fiv #thr' normalize nodelta
-    #assm cases assm #ignore
-    whd in match good_program_counter; normalize nodelta * #n * *
-    #program_counter_eq #program_counter_lt_total_program_size
-    #fetch_n_leq_program_counter
-    @(transitive_le
-      total_program_size
-      ((S program_size') + nat_of_bitvector … program_counter)
-      (program_size' + nat_of_bitvector … program_counter') recursive_case)
-    normalize in match (S program_size' + nat_of_bitvector … program_counter);
-    >plus_n_Sm
-    @monotonic_le_plus_r
-    change with (
-      nat_of_bitvector … program_counter <
-        nat_of_bitvector … program_counter')
-    >program_counter_eq in FETCH; #hyp
-    >(blah … hyp)
-    <program_counter_eq assumption
-  |2:
-    generalize in match good_program_witness;
-    whd in match good_program; normalize nodelta
-    cases FETCH normalize nodelta
-    cases instr normalize nodelta
-    @(subaddressing_mode_elim' … [[addr11]] … [[addr11]]) [1: // ] #new_addr
-    cases (split … 8 8 program_counter) #pc_bu #pc_bl normalize nodelta
-    cases (split … 3 8 new_addr) #thr #eig normalize nodelta
-    cases (split … 5 3 pc_bu) #fiv #thr' normalize nodelta
-    #assm cases assm #ignore
-    whd in match good_program_counter; normalize nodelta * #n * *
-    #program_counter_eq #program_counter_lt_total_program_size
-    #fetch_n_leq_program_counter
-
-    whd in match good_program; normalize nodelta
-    @pair_elim #lft #rgt normalize nodelta #fetch_hyp
-    @pair_elim #instruction #program
-  |2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,
-   54,56,58,60,62:
-  |3: (* LCALL *)
-    generalize in match good_program_witness;
-    whd in match good_program; normalize nodelta
-    cases FETCH normalize nodelta
-    cases instr normalize nodelta
-    @(subaddressing_mode_elim' … [[addr16]] … [[addr16]]) [1: // ] #new_addr
-    * #irrelevant
-    whd in match good_program_counter; normalize nodelta * #n * *
-    #program_counter_eq #program_counter_lt_total_program_size
-    #fetch_n_leq_program_counter
-    @(transitive_le
-      total_program_size
-      ((S program_size') + nat_of_bitvector … program_counter)
-      (program_size' + nat_of_bitvector … program_counter') recursive_case)
-    normalize in match (S program_size' + nat_of_bitvector … program_counter);
-    >plus_n_Sm
-    @monotonic_le_plus_r
-    change with (
-      nat_of_bitvector … program_counter <
-        nat_of_bitvector … program_counter')
-    >program_counter_eq in FETCH; #hyp
-    >(blah … hyp)
-    <program_counter_eq assumption
-  |5,7: (* JMP and MOVC *)
-    generalize in match good_program_witness;
-    whd in match good_program; normalize nodelta
-    cases FETCH normalize nodelta
-    cases instr normalize nodelta
-  |9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,
-   49,51,53,55,57,59,61,63: (* ADD and similar non-branching instructions *)
-    generalize in match good_program_witness;
-    whd in match good_program; normalize nodelta
-    cases FETCH normalize nodelta
-    <real_instruction_refl <instr normalize nodelta
+
+axiom fetch_program_counter_n_Sn:
+  ∀instruction: instruction.
+  ∀program_counter, program_counter': Word.
+  ∀ticks, n: nat.
+  ∀code_memory: BitVectorTrie Byte 16.
+    Some … program_counter = fetch_program_counter_n n code_memory (zero 16) →
+      〈instruction,program_counter',ticks〉 = fetch code_memory program_counter →
+        Some … program_counter' = fetch_program_counter_n (S n) code_memory (zero …).
+       
+let rec traverse_code_internal
+  (program: list Byte) (code_memory: BitVectorTrie Byte 16)
+    (cost_labels: BitVectorTrie costlabel 16) (program_counter: Word)
+      (program_size: nat) (reachable_program_counter_witness: reachable_program_counter code_memory program_size program_counter)
+        (good_program_witness: good_program code_memory program_size)
+          (n: nat) (fetch_program_counter_proof: Some … program_counter = fetch_program_counter_n n code_memory (zero …))
+        on program: identifier_map CostTag nat ≝
+  let 〈instruction, new_program_counter, ticks〉 as FETCH ≝ fetch … code_memory program_counter in
+  match program with
+  [ nil ⇒ empty_map …
+  | cons hd tl ⇒
+    match lookup_opt … program_counter cost_labels with
+    [ None ⇒ traverse_code_internal tl code_memory cost_labels new_program_counter program_size ? good_program_witness (S n) ?
+    | Some lbl ⇒
+      let cost ≝ block_cost code_memory program_counter program_size program_size cost_labels ? good_program_witness ? in
+      let cost_mapping ≝ traverse_code_internal tl code_memory cost_labels new_program_counter program_size ? good_program_witness (S n) ? in
+        add … cost_mapping lbl cost
+    ]
+  ].
+  [6:
+    //
+  |2,4:
+    @(fetch_program_counter_n_Sn instruction program_counter new_program_counter ticks n)
+    assumption
+  |5:
+    assumption
+  |1,3:
+    whd in match reachable_program_counter; normalize nodelta
+    @conj
+    [1,3:
+      %{(S n)}
+      @(fetch_program_counter_n_Sn instruction program_counter new_program_counter ticks n)
+      assumption
+    |2,4:
+      cases daemon (* XXX ??? *)
+    ]
   ]
-    whd in match good_program_counter; normalize nodelta * #n * *
-    #program_counter_eq #program_counter_lt_total_program_size
-    #fetch_n_leq_program_counter
-    @(transitive_le
-      total_program_size
-      (S program_size' + nat_of_bitvector … program_counter)
-      (program_size' + nat_of_bitvector … program_counter')
-      recursive_case)
-    normalize in match (S program_size' + nat_of_bitvector … program_counter);
-    >plus_n_Sm
-    @monotonic_le_plus_r
-    change with (
-      nat_of_bitvector … program_counter <
-        nat_of_bitvector … program_counter')
-    >program_counter_eq in FETCH; #hyp
-    >(blah … hyp)
-    <program_counter_eq assumption
-qed.
-       
-(* XXX: use memoisation here in the future *)
-let rec block_cost
-  (code_memory: BitVectorTrie Byte 16) (cost_labels: BitVectorTrie costlabel 16)
-    (program_counter: Word) (program_size: nat) (total_program_size: nat)
-      (size_invariant: total_program_size ≤ code_memory_size)
-        (pc_invariant: nat_of_bitvector … program_counter < total_program_size)
-          on program_size: total_program_size - nat_of_bitvector … program_counter ≤ program_size → nat ≝
-  match program_size return λprogram_size: nat. total_program_size - nat_of_bitvector … program_counter ≤ program_size → nat with
-  [ O ⇒ λbase_case. 0 (* XXX: change from ⊥ before *)
-  | S program_size ⇒ λrecursive_case.
-    let 〈instr, newpc, ticks〉 ≝ fetch … code_memory program_counter in
-      match lookup_opt … newpc cost_labels return λx: option costlabel. nat with
-      [ None ⇒
-          let classify ≝ ASM_classify0 instr in
-          match classify return λx. classify = x → ? with
-          [ cl_jump ⇒ λclassify_refl. ticks
-          | cl_call ⇒ λclassify_refl. (* ite here *)
-              ticks + (block_cost code_memory cost_labels newpc program_size total_program_size size_invariant ? final_instr_invariant ?)
-          | cl_return ⇒ λclassify_refl. ticks
-          | cl_other ⇒ λclassify_refl. (* ite here *)
-              ticks + (block_cost code_memory cost_labels newpc program_size total_program_size size_invariant ? final_instr_invariant ?)
-          ] (refl … classify)
-        | Some _ ⇒ ticks
-      ]
-  ].
-
-let rec traverse_code_internal
-  (program: list Byte) (mem: BitVectorTrie Byte 16)
-    (cost_labels: BitVectorTrie costlabel 16) (pc: Word) (program_size: nat)
-      on program: identifier_map CostTag nat ≝
- let 〈instr,newpc,ticks〉 ≝ fetch … mem pc in
- match program with
- [ nil ⇒ empty_map …
- | cons hd tl ⇒
-   match lookup_opt … pc cost_labels with
-   [ None ⇒ traverse_code_internal tl mem cost_labels newpc program_size
-   | Some lbl ⇒
-     let cost ≝ block_cost mem cost_labels pc program_size in
-     let cost_mapping ≝ traverse_code_internal tl mem cost_labels newpc program_size in
-       add … cost_mapping lbl cost ]].
+qed.
 
 definition traverse_code ≝
   λprogram: list Byte.
-  λmem: BitVectorTrie Byte 16.
+  λcode_memory: BitVectorTrie Byte 16.
   λcost_labels.
   λprogram_size: nat.
-    traverse_code_internal program mem cost_labels (zero …) program_size.
+  λprogram_not_empty_proof: 0 < program_size.
+  λgood_program_witness: good_program code_memory program_size.
+    traverse_code_internal program code_memory cost_labels (zero …) program_size ? good_program_witness.
+  normalize @conj
+  [2:
+    assumption
+  |1:
+    %{0} %
+  ]
+qed.
 
 definition compute_costs ≝
@@ -759 +670 @@
   λcost_labels: BitVectorTrie costlabel 16.
   λhas_main: bool.
-  let program_size ≝ |program| + 1 in
-  let memory ≝ load_code_memory program in
-   traverse_code program memory cost_labels program_size.
+  λgood_program_witness: good_program (load_code_memory program) (|program| + 1).
+  λprogram_not_empty_proof: 0 < |program|.
+    let program_size ≝ |program| + 1 in
+    let code_memory ≝ load_code_memory program in
+      traverse_code program code_memory cost_labels program_size ?.
+  //
+qed.