Changeset 2188 for src/ASM

Timestamp:

Jul 16, 2012, 11:28:11 PM (7 years ago)

Author:

sacerdot

Message:

1. Policy specification generalized
2. All invariants but the main one closed again under weaker specification

File:

• src/ASM/Assembly.ma (modified) (9 diffs)

src/ASM/Assembly.ma

@@ -709 +709 @@
      (nat_of_bitvector … pc + instruction_size lookup_labels sigma policy ppc instruction < 2^16
      ∨
-     S (nat_of_bitvector … ppc) = |instr_list| ∧
+     (∀ppc'. ∀ppc_ok':nat_of_bitvector … ppc' < |instr_list|. nat_of_bitvector … ppc < nat_of_bitvector … ppc' →
+       let instruction' ≝ \fst (fetch_pseudo_instruction instr_list ppc' ppc_ok') in
+       instruction_size lookup_labels sigma policy ppc' instruction' = 0)
+     ∧
      nat_of_bitvector … pc + instruction_size lookup_labels sigma policy ppc instruction = 2^16).
 
@@ -893 +896 @@
          ppc = bitvector_of_nat … (|pre|) ∧
          |code| ≤ 2^16 ∧
-         (|code| = 2^16 → |pre| = |instr_list|) ∧
+         True(*(ppc = zero … → code = [])*) ∧
          (nat_of_bitvector … (sigma ppc) = |code| ∨
-          sigma ppc = zero … ∧ |code| = 2^16) ∧
+          sigma ppc = zero … ∧ |code| = 2^16 ∧
+          (|pre| < 2^16 → ∀ppc'. ∀ppc_ok':nat_of_bitvector … ppc' < |instr_list|. nat_of_bitvector … ppc ≤ nat_of_bitvector … ppc' →
+            let instruction' ≝ \fst (fetch_pseudo_instruction instr_list ppc' ppc_ok') in
+            instruction_size lookup_labels sigma policy ppc' instruction' = 0)
+         ) ∧
          ∀ppc'.∀ppc_ok'.
           (nat_of_bitvector … ppc' < nat_of_bitvector … ppc ∨ |pre| = 2^16) →
@@ -917 +924 @@
   [ cases (foldl_strong ? (λx.Σy.?) ???) in p1; #ignore_revcode #Hfold #EQignore_revcode
     >EQignore_revcode in Hfold; #Hfold #sigma_pol_ok #instr_list_ok
-    cases (Hfold sigma_pol_ok instr_list_ok) -Hfold * * * #Hfold1 #Hfold4 #Hfold5 #Hfold3 #Hfold2 whd
+    cases (Hfold sigma_pol_ok instr_list_ok) -Hfold * * * #Hfold1 #Hfold4 #_ #Hfold5 #Hfold3 whd
     <eq_create_label_cost_map whd %
-    [2: #ppc #LTppc @Hfold2 >Hfold1 @(eqb_elim (|instr_list|) 2^16)
+    [2: #ppc #LTppc @Hfold3 >Hfold1 @(eqb_elim (|instr_list|) 2^16)
       [ #limit %2 @limit
       | #nlimit %1 >nat_of_bitvector_bitvector_of_nat_inverse try assumption
         @not_eq_to_le_to_lt assumption ]
-    | >length_reverse % try assumption cases Hfold3 -Hfold3
-      [ #Hfold3 <Hfold3 % >Hfold1 %
-      | #Hfold5 %2 <Hfold1 assumption ]]
+    | >length_reverse % try assumption cases Hfold5 -Hfold5
+      [ #Hfold5 <Hfold5 % >Hfold1 %
+      | * #Hfold51 #Hfold52 %2 <Hfold1 assumption ]]
   | * #sigma_pol_ok1 #_ #instr_list_ok %
-    [ % % [%] // [#abs change with (0=S ?) in abs; destruct(abs) | >sigma_pol_ok1 % ]]
+    [ % % [%] // >sigma_pol_ok1 % ]
     #ppc' #ppc_ok' #abs @⊥ cases abs
      [#abs2 cases (not_le_Sn_O ?) [#H @(H abs2) | skip]
@@ -933 +940 @@
   | * #sigma_pol_ok1 #sigma_pol_ok2 #instr_list_ok cases ppc_code in p1; -ppc_code #ppc_code #IH #EQppc_code >EQppc_code in IH; -EQppc_code
     #IH cases (IH ? instr_list_ok) [2: % assumption ] -IH
-    * * * #IH1 #IH2 #IH4 *
-    [2: * #_ #H @⊥ lapply (IH4 H) >prf >length_append
-        >(plus_n_O (|prefix|)) in ⊢ (??%? → ?); #X
-        lapply (injective_plus_r … X) >length_append normalize #abs' destruct(abs')]
-    #IH3 #IH5
+    * * * #IH1 #IH2 #IH2' #IH3 #IH4
     cut (|prefix| < |instr_list|)
     [ >prf >length_append normalize <plus_n_Sm @le_S_S // ] #LT_prefix_instr_list
@@ -963 +966 @@
       >fst_assembly_1_pseudoinstruction_insensible_to_lookup_datalabels [ >p2 | skip] % ]
     #EQpc_delta2
-    cases (sigma_pol_ok2 … ppc_ok) -sigma_pol_ok2
+    cases (sigma_pol_ok2 … ppc_ok)
     <eq_fetch_pseudo_instruction <eq_create_label_cost_map <EQpc_delta2
     #sigma_pol3 #sigma_pol4
     % [ % [% [% ] ] ]
     [ >length_append normalize nodelta >IH1 @sym_eq @add_bitvector_of_nat
-    | >length_append >length_reverse <IH3 <EQpc_delta >commutative_plus
-      cases sigma_pol4 [ #LT @(transitive_le … LT) // | * #_ #EQ >EQ % ]
-    | >length_append >commutative_plus >length_reverse <IH3 <EQpc_delta
+    | >length_append >length_reverse <EQpc_delta 
+      cases IH3 -IH3
+      [ #IH3 <IH3 >commutative_plus
+        cases sigma_pol4 [ #LT @(transitive_le … LT) // | * #_ #EQ >EQ % ]
+      | * * #IH3a #IH3b #IH3c >IH3b <EQpc_delta >EQpc_delta2 >eq_fetch_pseudo_instruction
+        >IH3c try % assumption ]
+(*        cut (ppc ≠ zero …)
+        [% #EQppc_zero @(absurd … IH3b) >IH2' [ @not_eq_O_S ] assumption ] #Not_eq_ppc_zero
+        cut (bitvector_of_nat ? (S (pred (nat_of_bitvector … ppc))) = ppc)
+        [ inversion (nat_of_bitvector … ppc)
+          [2: #p #_ #H normalize in match (pred ?);
+              lapply(eq_f … (bitvector_of_nat 16) … H) >bitvector_of_nat_inverse_nat_of_bitvector
+              #H' <H' %
+          | #H @⊥
+            lapply(eq_f … (bitvector_of_nat 16) … H) >bitvector_of_nat_inverse_nat_of_bitvector
+            #H' @(absurd ?? Not_eq_ppc_zero) >H' % ]] #EQppc lapply ppc_ok; <EQppc #S_pred_ppc_ok
+        cases (sigma_pol_ok2 (bitvector_of_nat 16 (pred (nat_of_bitvector 16 ppc))) ?)
+        [2: @(transitive_lt … ppc_ok) >nat_of_bitvector_bitvector_of_nat_inverse
+            [2: cases daemon (*CSC: True *) | cases daemon (*CSC: True*) ]
+        | #Sigma_pol1 *
+          [ cases daemon (*??????????*)
+          | * #Sigma_pol2 #Sigma_pol3 lapply (Sigma_pol2 … S_pred_ppc_ok ?)
+            [ cases daemon (*CSC: True *) ]
+            whd in ⊢ (% → ?); <eq_create_label_cost_map #H >H % ]]]*)
+    | %(* >length_append >commutative_plus >length_reverse <IH3 <EQpc_delta
        #abs >abs in sigma_pol4; *
        [ #abs' cases (absurd ? abs' (not_le_Sn_n …))
        | * #abs' #_ <abs' >length_append <plus_n_Sm <plus_n_O @eq_f >IH1
-         >nat_of_bitvector_bitvector_of_nat_inverse // ]
-    | >length_append >length_reverse <IH3 <EQpc_delta cases sigma_pol4
-      [ #LT %1 >sigma_pol3 >nat_of_bitvector_add
-        [2: >nat_of_bitvector_bitvector_of_nat_inverse assumption]
-        >nat_of_bitvector_bitvector_of_nat_inverse try assumption //
-      | * #EQ1 #EQ2 %2 %
-        [ lapply (eq_f … (bitvector_of_nat 16) … EQ2) <add_bitvector_of_nat_plus
-          >bitvector_of_nat_inverse_nat_of_bitvector <sigma_pol3 #X >X @bitvector_of_nat_exp_zero
-        | >commutative_plus assumption ]]
+         >nat_of_bitvector_bitvector_of_nat_inverse // ]*)
+    | >length_append >length_reverse
+      cases IH3 -IH3
+      [ #IH3 <IH3 <EQpc_delta cases sigma_pol4
+        [ #LT %1 >sigma_pol3 >nat_of_bitvector_add
+          [2: >nat_of_bitvector_bitvector_of_nat_inverse assumption]
+          >nat_of_bitvector_bitvector_of_nat_inverse try assumption //
+        | * #EQ1 #EQ2 %2 %
+          [ lapply (eq_f … (bitvector_of_nat 16) … EQ2) <add_bitvector_of_nat_plus
+            >bitvector_of_nat_inverse_nat_of_bitvector <sigma_pol3 #X >X % //
+          | #LLT_prefix
+            cut (S (nat_of_bitvector … ppc) < 2^16)
+            [ >length_append in LLT_prefix; <plus_n_Sm <plus_n_O #LLT_prefix
+              >IH1 >nat_of_bitvector_bitvector_of_nat_inverse assumption ]
+            -LLT_prefix #LLT_prefix
+            #ppc' #ppc_ok' #LEQ_newppc_ppc' whd >EQ1 try %
+            @(lt_to_le_to_lt … LEQ_newppc_ppc') normalize nodelta
+            >nat_of_bitvector_add >nat_of_bitvector_bitvector_of_nat_inverse // ]]
+      | * * #IH5 #IH6 #IH7 %2 % [% ]
+        [ normalize nodelta >sigma_pol3 >IH5
+          >add_commutative <add_zero >nat_of_bitvector_bitvector_of_nat_inverse try assumption
+          >EQpc_delta2 >eq_fetch_pseudo_instruction >IH7 try % assumption
+        | >IH6 <EQpc_delta >EQpc_delta2 >eq_fetch_pseudo_instruction >IH7 try %
+          assumption
+        | #LLT_prefix
+          cut (S (nat_of_bitvector … ppc) < 2^16)
+          [ >length_append in LLT_prefix; <plus_n_Sm <plus_n_O #LLT_prefix
+            >IH1 >nat_of_bitvector_bitvector_of_nat_inverse assumption ]
+          -LLT_prefix #LLT_prefix
+          #ppc' #ppc_ok' #LEQ_newppc_ppc' whd @IH7 try assumption
+          @(transitive_le … LEQ_newppc_ppc') normalize nodelta
+          >nat_of_bitvector_add >nat_of_bitvector_bitvector_of_nat_inverse // ]]
   | #ppc' #LTppc' cases hd in prf p2 EQpc_delta2 eq_fetch_pseudo_instruction; #label #pi #prf #p2
     #EQpc_delta2 #eq_fetch_pseudo_instruction *
-    [2: #eq_S_prefix_bound (*@(IH5 ? LTppc')
+    [2: #eq_S_prefix_bound
+      cut (instr_list = prefix @ [〈label,pi〉 ]) [ cases daemon (*CSC: easy *) ] #EQinstr_list
       @pair_elim #pi' #newppc' #eq_fetch_pseudo_instruction'
-      @pair_elim*) cases daemon
+      @pair_elim #len #assembledi #eq_assembly_1_pseudoinstruction %
+      [
+      |
+      ]
     | #LTppc_ppc
       cases (le_to_or_lt_eq … LTppc_ppc)
@@ -1005 +1057 @@
           [2,4: @(lt_to_le_to_lt … LTj) <EQpc_delta @(transitive_le … pc_delta_ok) %2 %
           |3: (*CSC: TRUE, NEEDS LEMMA *) cases daemon ]
-          >reverse_append >reverse_reverse >IH3 <(length_reverse … code)
-          @nth_safe_prepend
+          >reverse_append >reverse_reverse
+          cases IH3 -IH3
+          [ #IH3 >IH3 <(length_reverse … code) @nth_safe_prepend
+          | cases daemon (*CSC: ?????????? *) ]
       | #LTppc''
         cut (nat_of_bitvector … ppc' < |instr_list|)
@@ -1025 +1079 @@
                   @(transitive_le … H) //
               | @le_S_S //*) ]]]]
-      #X lapply (IH5 ppc' X)
+      #X lapply (IH4 ppc' X)
       @pair_elim #pi' #newppc' #eq_fetch_pseudoinstruction
       @pair_elim #len' #assembledi' #eq_assembly_1_pseudoinstruction #IH
@@ -1035 +1089 @@
       | #j #LTj >reverse_append >reverse_reverse #K
         >IH
-        [2: >length_reverse <IH3 (*CSC: USE MONOTONICITY *) cases daemon
+        [2: >length_reverse (*CSC: ?????????? <IH3 (*CSC: USE MONOTONICITY *)*) cases daemon
         | @shift_nth_prefix ]]]]]
 (*        |3: @le_S_S_to_le @(transitive_le … LTppc'') >nat_of_bitvector_add
@@ -1045 +1099 @@
                [ // | <p_refl in instr_list_ok; >prf >length_append #H @(transitive_le … H) // ]]]]
 *)
+cases daemon
 qed.