Changeset 1910 for src/ASM/ASMCosts.ma

Timestamp:

Apr 27, 2012, 5:48:20 PM (8 years ago)

Author:

mulligan

Message:

Finished proof modulo termination argument

File:

• src/ASM/ASMCosts.ma (modified) (20 diffs)

src/ASM/ASMCosts.ma

@@ -224 +224 @@
 qed.
 
-(*
 (* XXX: indexing bug *)
-lemma fetch_twice_fetch_execute_1:
+lemma execute_1_and_program_counter_after_other_in_lockstep:
   ∀code_memory: BitVectorTrie Byte 16.
   ∀start_status: Status code_memory.
     ASM_classify code_memory start_status = cl_other →
-    \snd (\fst (fetch code_memory (program_counter … start_status))) =
-      program_counter … (execute_1 … start_status).
+      let 〈instruction, pc, ticks〉 ≝ fetch code_memory (program_counter … start_status) in
+        program_counter ? ? (execute_1 … start_status) =
+          program_counter_after_other pc instruction.
   #code_memory #start_status #classify_assm
   whd in match execute_1; normalize nodelta
   cases (execute_1' code_memory start_status) #the_status 
-  * #_ #classify_assm' @classify_assm' assumption
+  * #_ whd in classify_assm:(??%?); whd in match (current_instruction ??) in classify_assm;
+  cases (fetch ? ?) in classify_assm; * #instruction #pc #ticks
+  #classify_assm #classify_assm' @classify_assm' assumption
 qed-.
-*)
 
 lemma reachable_program_counter_to_0_lt_total_program_size:
@@ -268 +269 @@
   ∀program_counter'' : Word.
   ∀FETCH : (〈instruction,program_counter'',ticks〉=fetch code_memory' program_counter').
+  let program_counter''' ≝ program_counter_after_other program_counter'' instruction in
   ∀start_status : (Status code_memory').
   ∀final_status : (Status code_memory').
@@ -275 +277 @@
   ∀classify_assm: ASM_classify0 instruction = cl_other.
   ∀pi1 : ℕ.
-   (if match lookup_opt costlabel 16 program_counter'' cost_labels with 
+   (if match lookup_opt costlabel 16 program_counter''' cost_labels with 
          [None ⇒ true
          |Some _ ⇒ false
@@ -284 +286 @@
       ∀trace_ends_flag0:trace_ends_with_ret.
       ∀the_trace0:trace_any_label (ASM_abstract_status code_memory' cost_labels) trace_ends_flag0 start_status0 final_status0.
-        program_counter'' = program_counter (BitVectorTrie Byte 16) code_memory' start_status0 →
+        program_counter''' = program_counter (BitVectorTrie Byte 16) code_memory' start_status0 →
                   pi1
                     =compute_paid_trace_any_label code_memory' cost_labels
@@ -313 +315 @@
       #lookup_assm cases lookup_assm
       [1:
-        #None_lookup_opt_assm normalize nodelta #ignore
+        #None_lookup_opt_assm normalize nodelta #_
         generalize in match recursive_assm;
-        cut(program_counter'' = (program_counter (BitVectorTrie Byte 16) code_memory' (execute_1 code_memory' status_pre)))
-        [1:
-          <fetch_twice_fetch_execute_1
-          [1:
-            <FETCH %
-          |2:
-            >classifier_assm %
-          ]
+        lapply (execute_1_and_program_counter_after_other_in_lockstep code_memory' ? classifier_assm)
+        <FETCH normalize nodelta #rewrite_assm >rewrite_assm in None_lookup_opt_assm;
+        #None_lookup_opt_assm <None_lookup_opt_assm
+        normalize nodelta #new_recursive_assm
+        cases(new_recursive_assm (execute_1 code_memory' status_pre) status_end
+          end_flag trace_any_label ?) try %
+        whd in match (current_instruction_cost … status_pre);
+        cut(ticks = \snd (fetch code_memory'
+           (program_counter (BitVectorTrie Byte 16) code_memory' status_pre)))
+        [1,3:
+          <FETCH %
         |2:
-          #program_counter_assm >program_counter_assm <None_lookup_opt_assm
-          normalize nodelta #new_recursive_assm
-          cases(new_recursive_assm (execute_1 code_memory' status_pre) status_end
-            end_flag trace_any_label ?) try %
-          whd in match (current_instruction_cost … status_pre);
-          cut(ticks = \snd (fetch code_memory'
-             (program_counter (BitVectorTrie Byte 16) code_memory' status_pre)))
-          [1:
-            <FETCH %
-          |2:
-            #ticks_refl_assm >ticks_refl_assm %
-          ]
+          #ticks_refl_assm >ticks_refl_assm %
+        |4:
+          #ticks_refl_assm
+          >rewrite_assm %
         ]
       |2:
@@ -359 +356 @@
         #costlabel #Some_lookup_opt_assm normalize nodelta #ignore
         generalize in match recursive_assm;
-        cut(program_counter'' = (program_counter (BitVectorTrie Byte 16) code_memory' (execute_1 … status_start)))
+        cases classifier_assm
         [1:
-          <fetch_twice_fetch_execute_1
-          [1:
-            <FETCH %
-          |2:
-            cases classifier_assm
-            [1:
-              whd in ⊢ (% → ?);
-              whd in ⊢ (??%? → ?);
-              whd in match (current_instruction code_memory' status_start);
-              <FETCH generalize in match classify_assm;
-              cases instruction
-              [8:
-                #preinstruction normalize nodelta
-                whd in match ASM_classify0; normalize nodelta
-                #contradiction >contradiction #absurd destruct(absurd)
-              ]
-              try(#addr1 #addr2 normalize nodelta #ignore #absurd destruct(absurd))
-              try(#addr normalize nodelta #ignore #absurd destruct(absurd))
-              normalize in ignore; destruct(ignore)
-            |2:
-              #classifier_assm' >classifier_assm' %
-            ]
+          whd in ⊢ (% → ?);
+          whd in ⊢ (??%? → ?);
+          whd in match (current_instruction code_memory' status_start);
+          <FETCH generalize in match classify_assm;
+          cases instruction
+          [8:
+            #preinstruction normalize nodelta
+            whd in match ASM_classify0; normalize nodelta
+            #contradiction >contradiction #absurd destruct(absurd)
           ]
+          try(#addr1 #addr2 normalize nodelta #ignore #absurd destruct(absurd))
+          try(#addr normalize nodelta #ignore #absurd destruct(absurd))
+          normalize in ignore; destruct(ignore)
         |2:
-          #program_counter_assm >program_counter_assm <Some_lookup_opt_assm
+          -classifier_assm #classifier_assm
+          lapply (execute_1_and_program_counter_after_other_in_lockstep code_memory' ? classifier_assm)
+          <FETCH normalize nodelta #rewrite_assm >rewrite_assm in Some_lookup_opt_assm;
+          #Some_lookup_opt_assm <Some_lookup_opt_assm
           normalize nodelta #new_recursive_assm >new_recursive_assm
           cut(ticks = \snd (fetch code_memory'
@@ -415 +405 @@
   whd in match current_instruction0 in classifier_assm; normalize nodelta in classifier_assm;
   <FETCH in classifier_assm; >classify_assm #absurd destruct(absurd)
-qed. *)
+qed.
 
 lemma trace_compute_paid_trace_cl_jump:
@@ -674 +664 @@
       
 let rec block_cost'
-  (code_memory': BitVectorTrie Byte 16) (program_counter': Word)
+  (code_memory': BitVectorTrie Byte 16) (program_counter': Word) (visited: list Word)
     (program_size: nat) (total_program_size: nat) (cost_labels: BitVectorTrie costlabel 16)
       (reachable_program_counter_witness: reachable_program_counter code_memory' total_program_size program_counter')
@@ -691 +681 @@
             (cost_of_block = 0) ≝
   match program_size return λprogram_size: nat. total_program_size ≤ program_size + nat_of_bitvector … program_counter' → ? with
-  [ O ⇒ λbase_case. ⊥
+  [ O ⇒ λbase_case. ⊥ (* XXX: dummy to be inserted here *)
   | S program_size' ⇒ λrecursive_case.
     let 〈instruction, program_counter'', ticks〉 as FETCH ≝ fetch code_memory' program_counter' in
@@ -723 +713 @@
           | DJNZ src_trgt relative ⇒ λinstr. ticks
           | _                      ⇒ λinstr.
-          
-              ticks + block_cost' code_memory' program_counter'' program_size' total_program_size cost_labels ? good_program_witness false ?
+              ticks + block_cost' code_memory' program_counter'' (program_counter'::visited) program_size' total_program_size cost_labels ? good_program_witness false ?
           ] (refl …)
         | ACALL addr     ⇒ λinstr.
-            ticks + block_cost' code_memory' program_counter'' program_size' total_program_size cost_labels ? good_program_witness false ?
+            ticks + block_cost' code_memory' program_counter'' (program_counter'::visited) program_size' total_program_size cost_labels ? good_program_witness false ?
         | AJMP  addr     ⇒ λinstr.
-            ticks + block_cost' code_memory' ? program_size' total_program_size cost_labels ? good_program_witness false ?
+          let jump_target ≝ compute_target_of_unconditional_jump program_counter'' instruction in
+            ticks + block_cost' code_memory' jump_target (program_counter'::visited) program_size' total_program_size cost_labels ? good_program_witness false ?
         | LCALL addr     ⇒ λinstr.
-            ticks + block_cost' code_memory' program_counter'' program_size' total_program_size cost_labels ? good_program_witness false ?
-        | LJMP  addr     ⇒ λinstr. ticks
-        | SJMP  addr     ⇒ λinstr. ticks
+            ticks + block_cost' code_memory' program_counter'' (program_counter'::visited) program_size' total_program_size cost_labels ? good_program_witness false ?
+        | LJMP  addr     ⇒ λinstr.
+          let jump_target ≝ compute_target_of_unconditional_jump program_counter'' instruction in
+            ticks + block_cost' code_memory' jump_target (program_counter'::visited) program_size' total_program_size cost_labels ? good_program_witness false ?
+        | SJMP  addr     ⇒ λinstr.
+          let jump_target ≝ compute_target_of_unconditional_jump program_counter'' instruction in
+            ticks + block_cost' code_memory' jump_target (program_counter'::visited) program_size' total_program_size cost_labels ? good_program_witness false ?
         | JMP   addr     ⇒ λinstr. (* XXX: actually a call due to use with fptrs *)
-            ticks + block_cost' code_memory' program_counter'' program_size' total_program_size cost_labels ? good_program_witness false ?
+            ticks + block_cost' code_memory' program_counter'' (program_counter'::visited) program_size' total_program_size cost_labels ? good_program_witness false ?
         | MOVC  src trgt ⇒ λinstr.
-            ticks + block_cost' code_memory' program_counter'' program_size' total_program_size cost_labels ? good_program_witness false ?
+            ticks + block_cost' code_memory' program_counter'' (program_counter'::visited) program_size' total_program_size cost_labels ? good_program_witness false ?
         ] (refl …))
       else
@@ -754 +748 @@
           ])
   ].
-  [1:
+  [2:
+    change with (if to_continue then ? else (? = 0))
+    >p in ⊢ (match % return ? with [ _ ⇒ ? | _ ⇒ ? ]); normalize nodelta
+    @pi2
+  |1:
     cases reachable_program_counter_witness #_ #hyp
     @(absurd (total_program_size < total_program_size) … (not_le_Sn_n …))
     @(le_to_lt_to_lt … base_case hyp)
-  |2:
-    change with (if to_continue then ? else (? = 0))
-    >p in ⊢ (match % return ? with [ _ ⇒ ? | _ ⇒ ? ]); normalize nodelta
-    @pi2
   |3:
     change with (if to_continue then ? else (0 = 0))
@@ -769 +763 @@
     @(trace_compute_paid_trace_cl_return … reachable_program_counter_witness good_program_witness … recursive_case … FETCH … the_trace program_counter_refl)
     destruct %
-  |96,102,105:
+  |96,108,111:
     #start_status #final_status #trace_ends_flag #the_trace #program_counter_refl
-    cases(block_cost' ?????????) -block_cost'
+    cases(block_cost' ??????????) -block_cost'
     @(trace_compute_paid_trace_cl_call … reachable_program_counter_witness good_program_witness … recursive_case … FETCH … program_counter_refl)
     destruct %
   |4,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57,69,72,75,78,81,84,87,
-   90,93:
+   90,93,99,102,105:
     #start_status #final_status #trace_ends_flag #the_trace #program_counter_refl
-    cases(block_cost' ?????????) -block_cost'
-    @(trace_compute_paid_trace_cl_other … reachable_program_counter_witness good_program_witness … recursive_case … FETCH … the_trace program_counter_refl)
-    destruct %
-  |60,61,62,63,64,65,66,67,68,69,99,101,100,102:
+    cases(block_cost' ??????????) -block_cost'
+    lapply (trace_compute_paid_trace_cl_other ???? reachable_program_counter_witness good_program_witness ? recursive_case ??? FETCH ??? the_trace program_counter_refl)
+    normalize nodelta destruct #assm @assm %
+  |60,61,62,63,64,65,66,67,68:
     #start_status #final_status #trace_ends_flag #the_trace #program_counter_refl 
     @(trace_compute_paid_trace_cl_jump … reachable_program_counter_witness good_program_witness … recursive_case … FETCH … the_trace program_counter_refl)
     destruct %
-  |103:
+  ]
+  -block_cost'
+  [63:
     cases reachable_program_counter_witness * #n #fetch_n_hyp #lt_hyp
     lapply(good_program_witness program_counter' reachable_program_counter_witness)
@@ -799 +795 @@
       assumption
     ]
-  |104:
+  |64:
     cases reachable_program_counter_witness * #n #fetch_n_hyp #lt_hyp
     lapply(good_program_witness program_counter' reachable_program_counter_witness)
@@ -817 +813 @@
         nat_of_bitvector … program_counter'')
     assumption
-  |106:
+  |65:
     cases reachable_program_counter_witness * #n #fetch_n_hyp #lt_hyp
     lapply(good_program_witness program_counter' reachable_program_counter_witness)
@@ -834 +830 @@
       assumption
     ]
-  |107:
+  |66:
     cases reachable_program_counter_witness * #n #fetch_n_hyp #lt_hyp
     lapply(good_program_witness program_counter' reachable_program_counter_witness)
@@ -854 +850 @@
         nat_of_bitvector … program_counter'')
     assumption
-  |94,97:
+  |53,55:
     cases reachable_program_counter_witness * #n #fetch_n_hyp #lt_hyp
     lapply(good_program_witness program_counter' reachable_program_counter_witness)
@@ -866 +862 @@
       assumption
     ]
-  |5,10,12,13,16,18,19,22,25,28,31,34,37,40,43,46,49,52,55,58,70,73,
-   76,79,82,85,88,91:
+  |54,56:
+    cases reachable_program_counter_witness * #n #fetch_n_hyp #lt_hyp
+    lapply(good_program_witness program_counter' reachable_program_counter_witness)
+    <FETCH normalize nodelta <instr normalize nodelta
+    try(<real_instruction_refl <instr normalize nodelta) *
+    #pc_pc_lt_hyp' #pc_tps_lt_hyp'
+    @(transitive_le
+      total_program_size
+      ((S program_size') + nat_of_bitvector … program_counter')
+      (program_size' + nat_of_bitvector … program_counter'') recursive_case)
+    normalize in match (S program_size' + nat_of_bitvector … program_counter');
+    >plus_n_Sm
+    @monotonic_le_plus_r
+    change with (
+      nat_of_bitvector … program_counter' <
+        nat_of_bitvector … program_counter'')
+    assumption
+  |1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,
+   55:
     cases reachable_program_counter_witness * #n #fetch_n_hyp #lt_hyp
     lapply(good_program_witness program_counter' reachable_program_counter_witness)
@@ -876 +889 @@
     <FETCH normalize nodelta whd in match ltb; normalize nodelta
     >(le_to_leb_true … program_counter_lt') %
-  |6,11,14,17,20,23,26,29,32,35,38,41,44,47,50,53,56,59,71,74,77,80,83,86,89,
-   92:
+  |2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,
+   56:
     cases reachable_program_counter_witness * #n #fetch_n_hyp #lt_hyp
     lapply(good_program_witness program_counter' reachable_program_counter_witness)
@@ -894 +907 @@
         nat_of_bitvector … program_counter'')
     assumption
-  |95,98:
-    cases reachable_program_counter_witness * #n #fetch_n_hyp #lt_hyp
-    lapply(good_program_witness program_counter' reachable_program_counter_witness)
-    <FETCH normalize nodelta <instr normalize nodelta
-    try(<real_instruction_refl <instr normalize nodelta) *
-    #pc_pc_lt_hyp' #pc_tps_lt_hyp'
-    @(transitive_le
-      total_program_size
-      ((S program_size') + nat_of_bitvector … program_counter')
-      (program_size' + nat_of_bitvector … program_counter'') recursive_case)
-    normalize in match (S program_size' + nat_of_bitvector … program_counter');
-    >plus_n_Sm
-    @monotonic_le_plus_r
-    change with (
-      nat_of_bitvector … program_counter' <
-        nat_of_bitvector … program_counter'')
-    assumption
+  |*:
+    normalize nodelta
+    cases daemon (* XXX: new goals using jump_target *)
   ]
 qed.
@@ -934 +933 @@
   λreachable_program_counter_witness: reachable_program_counter code_memory total_program_size program_counter.
   λgood_program_witness: good_program code_memory total_program_size. ?.
-  cases(block_cost' code_memory program_counter total_program_size total_program_size cost_labels
+  cases(block_cost' code_memory program_counter [ ] total_program_size total_program_size cost_labels
     reachable_program_counter_witness good_program_witness true ?)
   [1: