Context Navigation

← Previous Change
Next Change →

Changeset 2200 for src

Timestamp:

Jul 17, 2012, 6:00:03 PM (8 years ago)

Author:

tranquil

Message:

updated joint semantics: generation of linear and graph semantics
opened two axioms in BitVectorZ

Location:

Files:

: 1 added
: 4 edited

ASM/BitVectorZ.ma (modified) (3 diffs)
joint/linearise.ma (modified) (2 diffs)
joint/semanticsUtils_paolo.ma (modified) (4 diffs)
joint/semantics_paolo.ma (modified) (5 diffs)
utilities/hide.ma (added)

Legend:

: Unmodified
: Added
: Removed

src/ASM/BitVectorZ.ma

-                      r1516
+                      r2200
 include "ASM/BitVector.ma".
 include "ASM/Arithmetic.ma".
+include "utilities/binary/division.ma".
 let rec Z_of_unsigned_bitvector (n:nat) (bv:BitVector n) on bv : Z ≝
 …
 theorem bv_Z_unsigned_max : ∀n. ∀bv:BitVector n. Z_of_unsigned_bitvector n bv < Z_two_power_nat n.
 #n #bv normalize
 lapply (bvZ_length n bv) cases (Z_of_unsigned_bitvector n bv) // #p normalize /2/
+lapply (bvZ_length n bv) cases (Z_of_unsigned_bitvector n bv) // #p normalize /2 by pos_length_lt/
 qed.
 …
 | #t whd in ⊢ (?%?); //
 ] qed.
+(* TODO *)
+axiom Z_of_unsigned_bitvector_of_Z :
+  ∀n,z.
+  Z_of_unsigned_bitvector n (bitvector_of_Z n z) =
+  modZ z (Z_two_power_nat n).
+axiom bitvector_of_Z_of_unsigned_bitvector :
+  ∀n,bv.
+  bitvector_of_Z n (Z_of_unsigned_bitvector n bv) = bv.

src/joint/linearise.ma

-                      r2182
+                      r2200
 include "joint/TranslateUtils_paolo.ma".
+include "utilities/hide.ma".
 definition graph_to_lin_statement :
 …
 #p#globals * [//] * //
 qed.
-definition hide_prf : ∀P : Prop.P → P ≝ λP,prf.prf.
-definition hide_Prop : Prop → Prop ≝ λP.P.
-interpretation "hide proof" 'hide p = (hide_prf ? p).
-interpretation "hide Prop" 'hide p = (hide_Prop p).
 (* discard all elements passing test, return first element failing it *)

src/joint/semanticsUtils_paolo.ma

-                      r1882
+                      r2200
 include "joint/semantics_paolo.ma".
 include alias "common/Identifiers.ma".
+include "utilities/hide.ma".
 (*** Store/retrieve on pseudo-registers ***)
 …
 (******************************** GRAPHS **************************************)
+definition graph_pointer_of_label : cpointer → label → res cpointer ≝
+  λoldpc,l.
+  return (mk_pointer Code
+   (mk_block Code (block_id (pblock oldpc))) ? (mk_offset (pos (word_of_identifier … l))) : cpointer).
+% qed.
+definition bitvector_from_pos :
+  ∀n.Pos → BitVector n ≝
+  λn,p.bitvector_of_Z n (Zpred (pos p)).
+definition graph_label_of_pointer: pointer → res label ≝
+ λp. OK … (an_identifier ? (match offv (poff p) with [ OZ ⇒ one | pos x ⇒ x | neg x ⇒ x ])).
+definition pos_from_bitvector :
+  ∀n.BitVector n → Pos ≝
+  λn,v.
+  match Zsucc (Z_of_unsigned_bitvector n v)
+  return λx.Zsucc (Z_of_unsigned_bitvector n v) = x → ?
+  with
+  [ OZ ⇒ λprf.⊥
+  | pos x ⇒ λ_. x
+  | neg x ⇒ λprf.⊥
+  ] (refl …).
+@hide_prf
+elim v in prf;
+[2,4: #n * #v #IH [2,4: assumption ]] normalize #ABS destruct(ABS) qed.
+definition graph_fetch_statement:
+ ∀pars : graph_params.
+ ∀sem_pars : sem_state_params.
+ ∀globals.
+  genv globals pars →
+  cpointer →
+  res (joint_statement pars globals) ≝
+ λpars,sem_pars,globals,ge,p.
+  do f ← fetch_function … ge p ;
+  do l ← graph_label_of_pointer p;
+  opt_to_res ? [MSG BadProgramCounter] (lookup ?? (joint_if_code … f) l).
+lemma pos_pos_from_bitvector :
+  ∀n,bv.pos (pos_from_bitvector n bv) = Zsucc (Z_of_unsigned_bitvector n bv).
+#n #bv elim bv -n
+[ %
+| #n * #bv #IH [ % | @IH ]
+]
+qed.
+lemma bitvector_from_pos_from_bitvector :
+  ∀n,bv.bitvector_from_pos n (pos_from_bitvector n bv) = bv.
+#n #bv whd in ⊢ (??%?); >pos_pos_from_bitvector
+>Zpred_Zsucc //
+qed.
+lemma divide_elim : ∀P : (natp × natp) → Prop.∀m,n : Pos.
+  (∀q,r.
+    ppos m = natp_plus (natp_times q (ppos n)) r →
+    natp_lt r n →
+    P (〈q,r〉)) →
+  P (divide m n).
+#P #m #n #H
+lapply (refl … (divide m n))
+cases (divide ??) in ⊢ (???%→%);
+#q #r #EQ elim (divide_ok … EQ) -EQ @H
+qed.
+lemma lt_divisor_to_eq_mod : ∀p,q : Pos.
+  p < q → \snd (divide p q) = ppos p.
+#p #q #H @divide_elim * [2: #quot ]
+* [2,4: #rest] normalize #EQ destruct(EQ) #_ [2: %]
+@⊥ elim (lt_to_not_le ?? H) #H @H -H -H
+[ @(transitive_le … (quot*q)) ] /2 by /
+qed.
+lemma pos_from_bitvector_from_pos :
+  ∀n,p.
+  p ≤ two_power_nat n →
+  pos_from_bitvector n (bitvector_from_pos n p) = p.
+#n #p #H
+cut (pos (pos_from_bitvector n (bitvector_from_pos n p)) = pos p)
+[2: #EQ destruct(EQ) <e0 in ⊢ (???%); % ]
+>pos_pos_from_bitvector
+whd in match (bitvector_from_pos ??);
+>Z_of_unsigned_bitvector_of_Z
+cases p in H ⊢ %;
+[ #_ %
+|*: #p' #H
+  whd in match (Zpred ?);
+  whd in match (Z_two_power_nat ?);
+  whd in ⊢ (??(?%)?);
+  >lt_divisor_to_eq_mod [1,3: normalize nodelta whd in match (Zsucc ?); ]
+  whd
+  <succ_pred_n try assumption % #ABS destruct(ABS)
+]
+qed.
+lemma pos_from_bitvector_max : ∀n,bv.
+  pos_from_bitvector n bv ≤ two_power_nat n.
+#n #bv
+change with (pos (pos_from_bitvector n bv) ≤ Z_two_power_nat n)
+>pos_pos_from_bitvector
+@Zlt_to_Zle
+@bv_Z_unsigned_max
+qed.
+definition graph_offset_of_label : label → option offset ≝
+  λl.let p ≝ word_of_identifier … l in
+  if leb p (two_power_nat offset_size) then
+    return mk_offset (bitvector_from_pos … p)
+  else
+    None ?.
+definition graph_label_of_offset: offset → label ≝
+ λo.an_identifier ? (pos_from_bitvector ? (offv o)).
 definition make_sem_graph_params :
 …
       pars
       g_pars
       graph_pointer_of_label
       (λ_.λ_.graph_pointer_of_label)
       (graph_fetch_statement ? g_pars)
+      graph_offset_of_label
+      graph_label_of_offset
+      ??
     ).
+whd in match graph_label_of_offset;
+whd in match graph_offset_of_label;
+whd in match word_of_identifier;
+normalize nodelta * #x
+@(leb_elim ? (two_power_nat ?)) normalize nodelta
+[ #_ >bitvector_from_pos_from_bitvector %
+| #ABS @⊥ @(absurd ?? ABS) @pos_from_bitvector_max
+| #H whd >(pos_from_bitvector_from_pos … H) %
+| #_ %
+]
+qed.
 (******************************** LINEAR **************************************)
-check mk_pointer
-definition lin_succ_p: cpointer → unit → res cpointer :=
- λptr.λ_.return «mk_pointer Code (pblock ptr) ? (mk_offset (offv (poff ptr) + 1)), ?».
-[%| cases ptr //] qed.
+axiom BadLabel: String.
+definition lin_offset_of_nat : ℕ → option offset ≝
+  λn.
+  if leb (S n) (2^offset_size) then
+    return mk_offset (bitvector_of_nat ? n)
+  else
+    None ?.
+definition lin_pointer_of_label:
+ ∀pars : lin_params.
+ ∀globals. genv globals pars → cpointer → label → res cpointer ≝
+ λpars,globals,ge,old,l.
+  do fn ← fetch_function … ge old ;
+  do pos ←
+   opt_to_res ? [MSG BadLabel]
+    (position_of ?
+      (λs. let 〈l',x〉 ≝ s in
+        match l' with [ None ⇒ false | Some l'' ⇒ if eq_identifier … l l'' then true else false])
+     (joint_if_code … pars fn)) ;
+  OK … (mk_Sig … (mk_pointer Code (mk_block Code (block_id (pblock old))) ? (mk_offset pos)) ?).
+% qed.
+definition lin_nat_of_offset : offset → ℕ ≝
+  λo.nat_of_bitvector ? (offv o).
-definition lin_fetch_statement:
- ∀pars : lin_params.
- ∀sem_pars : sem_state_params.
- ∀globals.
- genv globals pars → cpointer → res (joint_statement pars globals) ≝
- λpars,sem_pars,globals,ge,ppc.
-  do fn ← fetch_function … ge ppc ;
-  let off ≝ abs (offv (poff ppc)) in (* The offset should always be positive! *)
-  do found ← opt_to_res ? [MSG BadProgramCounter] (nth_opt ? off (joint_if_code … fn)) ;
-  return (\snd found).
 definition make_sem_lin_params :
 …
       pars
       g_pars
       lin_succ_p
       (lin_pointer_of_label ?)
       (lin_fetch_statement ? g_pars)
+      lin_offset_of_nat
+      lin_nat_of_offset
+      ??
     ).
+definition step_unbranching : ∀p,globals.joint_step p globals → bool ≝
+  λp,globals,stp.match stp with
+  [ COND _ _ ⇒ false
+  | CALL_ID _ _ _ ⇒ false
+  | extension c' ⇒ (* FIXME: does not care about calling extensions!! *)
+    match ext_step_labels … c' with
+    [ nil ⇒ true
+    | _ ⇒ false
+    ]
+  | _ ⇒ true
+  ].
+definition is_not_seq : ∀p,globals.joint_statement p globals → bool ≝
+  λp,globals,stp.match stp with
+  [ sequential _ _ ⇒ false
+  | _ ⇒ true
+  ].
+inductive s_block (p : params) (globals : list ident) : Type[0] ≝
+  | Skip : s_block p globals
+  | FinStep : (Σs.bool_to_Prop (¬step_unbranching p globals s)) → s_block p globals
+  | FinStmt : (Σs.bool_to_Prop (is_not_seq p globals s)) → s_block p globals
+  | Cons : (Σs.bool_to_Prop (step_unbranching p globals s)) → s_block p globals → s_block p globals.
+include "utilities/bind_new.ma".
+definition Block ≝ λp : params.λglobals.bind_new (localsT p) (s_block p globals).
+definition Bcons ≝ λp : params.λglobals.
+    λs : Σs.bool_to_Prop (step_unbranching p globals s).
+    λB : Block p globals.
+    ! b ← B ; return Cons ?? s b.
+interpretation "block cons" 'vcons hd tl = (Bcons ??? hd tl).
+let rec is_unbranching p globals (b1 : s_block p globals) on b1 : bool ≝
+  match b1 with
+  [ Skip ⇒ true
+  | FinStep _ ⇒ false
+  | FinStmt _ ⇒ false
+  | Cons _ tl ⇒ is_unbranching ?? tl
+  ].
+let rec Is_unbranching p globals (b1 : Block p globals) on b1 : Prop ≝
+  match b1 with
+  [ bret b ⇒ bool_to_Prop (is_unbranching … b)
+  | bnew f ⇒ ∀x.Is_unbranching … (f x)
+  ].
+let rec s_block_append_aux p globals (b1 : s_block p globals) (b2 : s_block p globals) on b1 : is_unbranching … b1 → s_block p globals ≝
+  match b1 return λx.is_unbranching ?? x → ? with
+  [ Skip ⇒ λ_.b2
+  | Cons x tl ⇒ λprf.Cons ?? x (s_block_append_aux ?? tl b2 prf)
+  | _ ⇒ Ⓧ
+  ].
+definition s_block_append ≝
+  λp,globals.λb1 : Σb.bool_to_Prop (is_unbranching … b).λb2.
+  match b1 with
+  [ mk_Sig b1 prf ⇒ s_block_append_aux p globals b1 b2 prf ].
+definition Is_to_is_unbr : ∀p,globals.(ΣB.Is_unbranching p globals B) →
+  bind_new (localsT p) (Σb.bool_to_Prop (is_unbranching p globals b)) ≝
+  λp,globals. ?.
+* #b elim b -b
+[ #b #H @bret @b @H
+| #f #IH #H @bnew #x @(IH x) @H
+[ * ] #x
+whd in match lin_offset_of_nat;
+whd in match lin_nat_of_offset;
+normalize nodelta
+@leb_elim normalize nodelta #H
+[ >bitvector_of_nat_inverse_nat_of_bitvector %
+| @⊥ cases H #H @H -H -H //
+| whd >(nat_of_bitvector_bitvector_of_nat_inverse … H) %
+| %
+]
 qed.
-lemma Is_to_is_unbr_OK : ∀p,globals,B.! b ← Is_to_is_unbr p globals B ; return pi1 … b = pi1 … B.
-#p #globals * #b elim b
-[ //
-| #f #IH #H @bnew_proper
-  #x @IH
+]
-qed.
-definition Block_append ≝
-  λp,globals.λB : Σb.Is_unbranching … b.λB'.
-  ! b1 ← Is_to_is_unbr … B;
-  ! b2 ← B';
-  return s_block_append p globals b1 b2.
-definition all_unbranching ≝ λp,globals.All ? (λs.bool_to_Prop (step_unbranching p globals s)).
-let rec step_list_to_s_block (p : params) globals (l : list (joint_step p globals)) on l :
-    s_block p globals ≝
-  match l  with
-  [ nil ⇒ Skip ??
-  | cons hd tl ⇒
-    If step_unbranching … hd then with prf do
-      Cons ?? hd (step_list_to_s_block ?? tl)
-    else with prf do
-      FinStep ?? hd
-  ]. [assumption | >prf % ] qed.
-definition step_list_to_block : ∀R,p,g.? → Block R p g ≝
-  λR,p,globals,l.bret R ? (step_list_to_s_block p globals l).
-record sem_rel (p1 : sem_params) (p2 : sem_params) (globals : list ident) : Type[0] ≝
-  { function_rel : joint_function globals p1 → joint_function globals p2 → Prop
-  ; genv_rel : genv globals p1 → genv globals p2 → Prop
-  ; pc_rel : cpointer → cpointer → Prop
-  ; st_rel : state p1 → state p2 → Prop
-  ; stmt_rel : joint_statement p1 globals → Block
-  (* TODO: state what do we need of genv_rel (like finding the same symbols and what relation to above rels ) *)
-  ; st_to_pc_rel : ∀st1,st2.st_rel st1 st2 → pc_rel (pc ? st1) (pc ? st2)
-  }.
-(* move *)
-definition beval_pair_of_xdata_pointer: (Σp:pointer. ptype p = XData) → beval × beval ≝
- λp. match p return λp. ptype p = XData → ? with [ mk_pointer pty pbl pok poff ⇒
-  match pty return λpty. ? → pty = XData → ? with
-   [ XData ⇒ λpok.λE. list_to_pair ? (bevals_of_pointer (mk_pointer XData pbl ? poff)) ?
-   | _ ⇒ λpok'.λabs. ⊥] pok] ?.
-[@(pi2 … p) |6: // |7: %] destruct (abs)
-qed.
-definition safe_address_of_xdata_pointer: (Σp:pointer. ptype p = XData) → safe_address ≝ beval_pair_of_xdata_pointer.
-cases H -H * #r #b #H #o #EQ destruct(EQ) normalize lapply H
-lapply (pointer_compat_from_ind … H) -H cases b * #z * #H
-%{«mk_pointer ? (mk_block ? z) H o,I»}
-% [2,4: % [2,4: % [1,3: % [1,3: % ]] % |*:]|*:]
-qed.
-definition state_rel : ∀p1,p2.∀R : sem_rel p1 p2.good_state p1 → good_state p2 → Prop ≝
-  λp1,p2,R,st1,st2.
-    frames_rel p1 p2 R (st_frms … st1) (st_frms … st2) ∧
-    pc_rel p1 p2 R (pc … st1) (pc … st2) ∧
-    sp_rel p1 p2 R
-      (safe_address_of_xdata_pointer (sp … st1))
-      (safe_address_of_xdata_pointer (sp … st2)) ∧
-    isp_rel p1 p2 R
-      (safe_address_of_xdata_pointer (isp … st1))
-      (safe_address_of_xdata_pointer (isp … st2)) ∧
-    sp_rel p1 p2 R
-      (safe_address_of_xdata_pointer (sp … st1))
-      (safe_address_of_xdata_pointer (sp … st2)) ∧
-    carry … st1 = carry … st2 ∧
-    regs_rel p1 p2 R (regs … st1) (regs … st2) ∧
-    mem_rel p1 p2 R (m … st1) (m … st2).
-elim st1 -st1 #st1 ** #good_pc1 #good_sp1 #good_isp1
-elim st2 -st2 #st2 ** #good_pc2 #good_sp2 #good_isp2
-assumption
-qed.
- elim st2
--st1 -st2 #st2 ** #good_pc2 # ∧
-    frames_rel … R (st_frms … st1) (st_frms … st2) ∧
-    frames_rel … R (st_frms … st1) (st_frms … st2) ∧
-    frames_rel … R (st_frms … st1) (st_frms … st2) ∧

src/joint/semantics_paolo.ma

-                      r2186
+                      r2200
 record more_sem_params (pp : params) : Type[1] ≝
   { msg_pars :> more_sem_genv_params pp
+  ; offset_of_point : code_point pp → offset
+  ; point_of_offset : offset → option (code_point pp)
+  ; point_of_offset_of_point : ∀pt.point_of_offset (offset_of_point pt) = Some ? pt
+  ; offset_of_point_of_offset : ∀o.opt_All ? (eq ? o) (! pt ← point_of_offset o ; return offset_of_point pt)
+  ; offset_of_point : code_point pp → option offset (* can overflow *)
+  ; point_of_offset : offset → code_point pp
+  ; point_of_offset_of_point :
+    ∀pt.opt_All ? (eq ? pt) (option_map ?? point_of_offset (offset_of_point pt))
+  ; offset_of_point_of_offset :
+    ∀o.offset_of_point (point_of_offset o) = Some ? o
   }.
+axiom CodePointerOverflow : String.
 definition pointer_of_point : ∀p.more_sem_params p →
   cpointer→ code_point p → cpointer ≝
+  cpointer→ code_point p → res cpointer ≝
   λp,msp,ptr,pt.
+    mk_pointer (pblock ptr) (offset_of_point p msp pt).
+  ! o ← opt_to_res ? [MSG CodePointerOverflow] (offset_of_point ? msp pt) ;
+  return «mk_pointer (pblock ptr) o, ?».
 elim ptr #ptr' #EQ <EQ % qed.
-axiom BadOffsetForCodePoint : String.
 definition point_of_pointer :
+  ∀p.more_sem_params p → cpointer → res (code_point p) ≝
+  λp,msp,ptr.opt_to_res … (msg BadOffsetForCodePoint)
+    (point_of_offset p msp (poff ptr)).
+  ∀p.more_sem_params p → cpointer → code_point p ≝
+  λp,msp,ptr.point_of_offset p msp (poff ptr).
 lemma point_of_pointer_of_point :
+  ∀p,msp.∀ptr : cpointer.∀pt.point_of_pointer p msp (pointer_of_point p msp ptr pt) = return pt.
+#p #msp #ptr #pt normalize
+>point_of_offset_of_point %
+  ∀p,msp.∀ptr1,ptr2 : cpointer.∀pt.
+  pointer_of_point p msp ptr1 pt = return ptr2 →
+  point_of_pointer p msp ptr2 = pt.
+#p #msp #ptr1 #ptr2 #pt normalize
+lapply (point_of_offset_of_point p msp pt)
+cases (offset_of_point ???) normalize
+[ * #ABS destruct(ABS)
+| #o #EQ1 #EQ2 destruct %
+]
 qed.
 lemma pointer_of_point_block :
+  ∀p,msp,ptr,pt.pblock (pointer_of_point p msp ptr pt) = pblock ptr.
+/ by refl/
+  ∀p,msp,ptr1,ptr2,pt.
+  pointer_of_point p msp ptr1 pt = return ptr2 →
+  pblock ptr2 = pblock ptr1.
+#p #msp #ptr1 #ptr2 #pt normalize
+cases (offset_of_point ???) normalize
+[ #ABS destruct(ABS)
+| #o #EQ destruct(EQ) %
+]
 qed.
 …
 lemma pointer_of_point_of_pointer :
   ∀p,msp.∀ptr1,ptr2 : cpointer.∀pt.
     pblock ptr1 = pblock ptr2 → point_of_pointer p msp ptr1 = OK … pt →
     pointer_of_point p msp ptr2 pt = ptr1.
+  ∀p,msp.∀ptr1,ptr2 : cpointer.
+    pblock ptr1 = pblock ptr2 →
+    pointer_of_point p msp ptr1 (point_of_pointer p msp ptr2) = return ptr2.
 #p #msp ** #b1 #o1 #EQ1
         ** #b2 #o2 #EQ2
+#pt #EQ3
+destruct
+lapply (offset_of_point_of_offset p msp o1)
+normalize
+elim (point_of_offset ???) normalize [* #ABS destruct(ABS)]
+#pt' #EQ #EQ' destruct %
+#EQ3 destruct
+normalize >offset_of_point_of_offset normalize %
 qed.
 axiom ProgramCounterOutOfCode : String.
 …
   genv globals p → cpointer → res (joint_statement p globals) ≝
   λp,msp,globals,ge,ptr.
   ! pt ← point_of_pointer ? msp ptr ;
+  let pt ≝ point_of_pointer ? msp ptr in
   ! fn ← fetch_function … ge ptr ;
   opt_to_res … (msg ProgramCounterOutOfCode) (stmt_at … (joint_if_code … fn) pt).
 …
   ! pt ← opt_to_res … [MSG LabelNotFound ; CTX ? lbl]
             (point_of_label … (joint_if_code … fn) lbl) ;
+  return (mk_pointer(mk_block Code (block_id (pblock ptr)))
+    (offset_of_point p msp pt) : Σp.?). // qed.
+  pointer_of_point p msp ptr pt.
 definition succ_pc : ∀p : params.∀ msp : more_sem_params p.
   cpointer → succ p → res cpointer ≝
   λp,msp,ptr,nxt.
   ! curr ← point_of_pointer p msp ptr ;
   return pointer_of_point p msp ptr (point_of_succ p curr nxt).
+  let curr ≝ point_of_pointer p msp ptr in
+  pointer_of_point p msp ptr (point_of_succ p curr nxt).
 record sem_params : Type[1] ≝
 …
     let st' ≝ set_regs p regs st in
     let pointer_in_fn ≝ mk_pointer (mk_block Code id) (mk_offset (bv_zero …)) in
     let pc ≝ pointer_of_point ? p … pointer_in_fn l' in
+    ! pc ← pointer_of_point ? p … pointer_in_fn l' ;
     return mk_state_pc ? st' pc. % qed.

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: