Changeset 2236 for src

Timestamp:

Jul 23, 2012, 10:46:06 PM (9 years ago)

Author:

sacerdot

Message:

One subproof made shorter.

File:

• src/ASM/PolicyStep.ma (modified) (12 diffs)

src/ASM/PolicyStep.ma

@@ -103 +103 @@
 qed.
 
-(*
+lemma destination_of_None_to_is_jump_false:
+ ∀instr. destination_of instr = None … → is_jump' instr = false.
+ * normalize // try (#H1 #H2 #abs) try (#H1 #abs) destruct(abs)
+qed.
+
+lemma destination_of_Some_to_is_jump_true:
+ ∀instr,dst. destination_of instr = Some … dst → is_jump' instr = true.
+ #instr #dst cases instr normalize // try (#H1 #H2 #abs) try (#H1 #abs) try #abs
+ destruct(abs)
+qed.
+
 lemma jump_expansion_step3:
-(*
- program :
-  (Σl:list labelled_instruction.S (|l|)< 2 \sup 16 ∧is_well_labelled_p l)
- labels :
-  (Σlm:label_map
-   .(∀l:identifier ASMTag
+∀program.(* :
+  (Σl:list labelled_instruction.S (|l|)< 2 \sup 16 ∧is_well_labelled_p l)*)
+ ∀labels :
+  label_map(*Σlm:label_map
+   .∀l:identifier ASMTag
      .occurs_exactly_once ASMTag pseudo_instruction l program
       →bitvector_of_nat 16 (lookup_def ASMTag ℕ lm l O)
-       =address_of_word_labels_code_mem program l))*)
+       =address_of_word_labels_code_mem program l).*).
  ∀old_sigma :
    Σpolicy:ppc_pc_map
-   .True(*not_jump_default program policy
-    ∧\fst  (lookup (ℕ×jump_length) 16 (bitvector_of_nat 16 O) (\snd  policy)
+   .not_jump_default program policy
+    (*∧\fst  (lookup (ℕ×jump_length) 16 (bitvector_of_nat 16 O) (\snd  policy)
                  〈O,short_jump〉)
      =O
@@ -125 +134 @@
     ∧sigma_compact_unsafe program labels policy
     ∧\fst  policy≤ 2 \sup 16*).
- ∀prefix : list (option Identifier×pseudo_instruction). (*
- x : (option Identifier×pseudo_instruction)
- tl : (list (option Identifier×pseudo_instruction))
- prf : (program=prefix@[x]@tl)
+ ∀prefix : list (option Identifier×pseudo_instruction).
+ ∀x : option Identifier×pseudo_instruction.
+ ∀tl : list (option Identifier×pseudo_instruction).
+ ∀prf : program=prefix@[x]@tl.(*
  acc :
   (Σx0:ℕ×ppc_pc_map
@@ -149 +158 @@
                    (\snd  old_sigma) 〈O,short_jump〉)
        +added
-     ∧sigma_safe prefix labels added old_sigma policy))
- inc_added : ℕ
- inc_pc_sigma : ppc_pc_map
+     ∧sigma_safe prefix labels added old_sigma policy))*)
+ ∀inc_added : ℕ.
+ ∀inc_pc_sigma : ppc_pc_map. (*
  p : (acc≃〈inc_added,inc_pc_sigma〉)*)
  ∀label : option Identifier.
- ∀instr : pseudo_instruction.(*
- p1 : (x≃〈label,instr〉)
+ ∀instr : pseudo_instruction.
+ ∀p1 : x≃〈label,instr〉.(*
  add_instr ≝
   match instr
@@ -172 +181 @@
    Some jump_length
    (select_call_length labels old_sigma inc_pc_sigma inc_added (|prefix|) c)
-  |Mov (_:[[dptr]])   (_0:Identifier)⇒None jump_length]
- inc_pc : ℕ
- inc_sigma : (BitVectorTrie (ℕ×jump_length) 16)
- Hips : (inc_pc_sigma=〈inc_pc,inc_sigma〉)
- old_pc : ℕ
- old_length : jump_length
- Holdeq :
-  (lookup (ℕ×jump_length) 16 (bitvector_of_nat 16 (|prefix|)) (\snd  old_sigma)
+  |Mov (_:[[dptr]])   (_0:Identifier)⇒None jump_length]*)
+ ∀inc_pc : ℕ.
+ ∀inc_sigma : (BitVectorTrie (ℕ×jump_length) 16).(*
+ Hips : (inc_pc_sigma=〈inc_pc,inc_sigma〉)*)
+ ∀old_pc : ℕ.
+ ∀old_length : jump_length.
+ ∀Holdeq :
+  lookup (ℕ×jump_length) 16 (bitvector_of_nat 16 (|prefix|)) (\snd  old_sigma)
    〈O,short_jump〉
-   =〈old_pc,old_length〉)
- Hpolicy :
-  (not_jump_default prefix 〈inc_pc,inc_sigma〉
+   =〈old_pc,old_length〉.
+ ∀Hpolicy :
+  (*not_jump_default prefix 〈inc_pc,inc_sigma〉
    ∧\fst  (lookup (ℕ×jump_length) 16 (bitvector_of_nat 16 O) inc_sigma
                 〈O,short_jump〉)
@@ -190 +199 @@
     =\fst  (lookup (ℕ×jump_length) 16 (bitvector_of_nat 16 (|prefix|)) inc_sigma
                  〈O,short_jump〉)
-   ∧jump_increase prefix old_sigma 〈inc_pc,inc_sigma〉
+   ∧*)jump_increase prefix old_sigma 〈inc_pc,inc_sigma〉(*
    ∧sigma_compact_unsafe prefix labels 〈inc_pc,inc_sigma〉
    ∧(sigma_jump_equal prefix old_sigma 〈inc_pc,inc_sigma〉→inc_added=O)
@@ -198 +207 @@
                 〈O,short_jump〉)
     =old_pc+inc_added
-   ∧sigma_safe prefix labels inc_added old_sigma 〈inc_pc,inc_sigma〉)
- added : ℕ*)
+   ∧sigma_safe prefix labels inc_added old_sigma 〈inc_pc,inc_sigma〉)*).
+(* added : ℕ*)
  ∀policy : ppc_pc_map.
- (*new_length : jump_length
- isize : ℕ
- Heq1 :
-  (match 
+ ∀new_length : jump_length.
+ ∀isize : ℕ.
+ ∀Heq1 :
+   match 
    match instr
     in pseudo_instruction
@@ -220 +229 @@
     Some jump_length
     (select_call_length labels old_sigma inc_pc_sigma inc_added (|prefix|) c)
-   |Mov (_:[[dptr]])   (_0:Identifier)⇒None jump_length]
+   |Mov (_:[[dptr]]) (_:Identifier)⇒None jump_length]
     in option
-    return λ_0:(option jump_length).(jump_length×ℕ)
+    return λ_:(option jump_length).(jump_length×ℕ)
     with 
    [None⇒〈short_jump,instruction_size_jmplen short_jump instr〉
@@ -228 +237 @@
     〈max_length old_length pl,
     instruction_size_jmplen (max_length old_length pl) instr〉]
-   =〈new_length,isize〉)
- prefix_ok1 : (S (|prefix|)< 2 \sup 16 )
- prefix_ok : (|prefix|< 2 \sup 16 )
+   =〈new_length,isize〉.
+ ∀prefix_ok1 : S (|prefix|)< 2 \sup 16.
+ ∀prefix_ok : |prefix|< 2 \sup 16.(*
  Heq2a :
   (match 
@@ -255 +264 @@
    |Some (x0:jump_length)⇒
     inc_added+(isize-instruction_size_jmplen old_length instr)]
-   =added)
- Heq2b :
-  (〈inc_pc+isize,
+   =added)*)
+ ∀Heq2b :
+  〈inc_pc+isize,
    insert (ℕ×jump_length) 16 (bitvector_of_nat 16 (S (|prefix|)))
    〈inc_pc+isize,
@@ -264 +273 @@
    (insert (ℕ×jump_length) 16 (bitvector_of_nat 16 (|prefix|))
     〈inc_pc,new_length〉 inc_sigma)〉
-   =policy)*)
+   =policy.
  jump_increase (prefix@[〈label,instr〉]) old_sigma policy.
- #old_sigma #prefix #label #instr #policy
+ #program #labels #old_sigma #prefix #x #tl #prf #inc_added #inc_pc_sigma #label
+ #instr #p1 #inc_pc #inc_sigma #old_pc #old_length #Holdeq #Hpolicy #policy #new_length
+ #isize #Heq1 #prefix_ok1 #prefix_ok #Heq2
     #i >append_length >commutative_plus #Hi normalize in Hi;
     cases (le_to_or_lt_eq … Hi) -Hi; #Hi
     [ cases (le_to_or_lt_eq … (le_S_S_to_le … Hi)) -Hi #Hi
       [ (* USE[pass]: jump_increase *)
-        lapply (proj2 ?? (proj1 ?? (proj1 ?? (proj1 ?? (proj1 ?? (proj1 ?? (proj1 ?? Hpolicy)))))) i (le_S_to_le … Hi))
-        <(proj2 ?? (pair_destruct ?????? Heq2))
+        lapply (Hpolicy i (le_S_to_le … Hi))
+        <Heq2
         @pair_elim #opc #oj #EQ1 >lookup_insert_miss
         [ >lookup_insert_miss
@@ -278 +289 @@
           | @bitvector_of_nat_abs
             [ @(transitive_lt ??? Hi) ]
-            [1,2: @(transitive_lt … (proj1 ?? (pi2 ?? program))) >prf >append_length
-              @le_S_S @le_plus_n_r
+            [1,2: assumption
             | @lt_to_not_eq @Hi
             ]
@@ -285 +295 @@
         | @bitvector_of_nat_abs
           [ @(transitive_lt ??? Hi) @le_S_to_le ]
-          [1,2: @(transitive_lt … (proj1 ?? (pi2 ?? program))) >prf
-            >append_length @le_S_S <plus_n_Sm @le_plus_n_r
+          [1,2: assumption
           | @lt_to_not_eq @le_S @Hi
           ]
         ]
-      | >Hi <(proj2 ?? (pair_destruct ?????? Heq2)) >Holdeq normalize nodelta
+      | >Hi <Heq2 >Holdeq normalize nodelta
+        cut (|prefix| < |program|)
+        [ >prf >append_length <plus_n_Sm @le_S_S @le_plus_n_r ] #lt_prefix_program
         >lookup_insert_miss
-        [ >lookup_insert_hit cases (dec_is_jump instr)
+        [ >lookup_insert_hit inversion (is_jump instr) normalize nodelta
           [ cases instr in Heq1; normalize nodelta
-            [ #pi cases pi
-              [1,2,3,4,5,6,7,8,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37:
-                [1,2,3,6,7,24,25: #x #y
-                |4,5,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23: #x] #_ #Hj cases Hj
-              |9,10,11,12,13,14,15,16,17: #x [3,4,5,8,9: #y]
-                whd in match jump_expansion_step_instruction; normalize nodelta #Heq1
-                #_ <(proj1 ?? (pair_destruct ?????? Heq1))
-                @jmpleq_max_length
-              ]
-            |2,3,6: #x [3: #y] #_ #Hj cases Hj
+            [ #pi whd in match jump_expansion_step_instruction; normalize nodelta
+              lapply (destination_of_None_to_is_jump_false pi)
+              cases (destination_of ?) normalize nodelta
+              [ #abs #_ whd in match is_jump; normalize nodelta >abs try % #abs'
+                destruct(abs')
+              | #tgt #_ #Heq1 #_ <(proj1 ?? (pair_destruct ?????? Heq1)) @jmpleq_max_length
+              ]
+            |2,3,6: #x [3: #y] #_ #Hj normalize in Hj; destruct(Hj)
             |4,5: #x #Heq1 #_ <(proj1 ?? (pair_destruct ?????? Heq1)) @jmpleq_max_length
             ]
-          | lapply Heq1 -Heq1; lapply (refl ? instr); cases instr in ⊢ (???% → %); normalize nodelta
-            [ #pi cases pi
-              [1,2,3,4,5,6,7,8,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37:
-                [1,2,3,6,7,24,25: #x #y
-                |4,5,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23: #x]
-                whd in match jump_expansion_step_instruction; normalize nodelta #Heqi #Heq1
-                #Hj <(proj1 ?? (pair_destruct ?????? Heq1))
-                (* USE: not_jump_default (from old_sigma) *)
-                lapply (proj1 ?? (proj1 ?? (proj1 ?? (proj1 ?? (pi2 ?? old_sigma)))) (|prefix|) ??)
-                [1,4,7,10,13,16,19,22,25,28,31,34,37,40,43,46,49,52,55,58,61,64,67,70,73,76,79,82:
-                  >prf >nth_append_second
-                  [1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55:
-                    <minus_n_n whd in match (nth ????); >p1 >Heqi @Hj
-                  |2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56:
-                    @le_n
-                  ]
-                |2,5,8,11,14,17,20,23,26,29,32,35,38,41,44,47,50,53,56,59,62,65,68,71,74,77,80,83:
-                  >prf >append_length <plus_n_Sm @le_S_S @le_plus_n_r
-                |3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57,60,63,66,69,72,75,78,81,84:
-                  >Holdeq #EQ2 >EQ2 %2 @refl
+          | lapply Heq1 -Heq1; inversion instr normalize nodelta
+            [ 4,5: #x #_ #_ #abs @⊥ normalize in abs; destruct(abs)
+            | #pi #Heqi whd in match jump_expansion_step_instruction; normalize nodelta
+              lapply (destination_of_Some_to_is_jump_true pi)
+              cases (destination_of pi) normalize nodelta
+              [2: #tgt #abs #_ whd in match is_jump; normalize nodelta >abs try %
+                  #abs' destruct(abs')]
+              #_
+            |*: #x [3: #y] #Heqi ]
+            #Hj #Hx <(proj1 ?? (pair_destruct ?????? Hj))
+              lapply (pi2 ?? old_sigma (|prefix|) ??)
+              [1,4,7,10: >prf >nth_append_second
+                [1,3,5,7: <minus_n_n whd in match (nth ????); >p1 >Heqi >Hj try % >Hx %
+                |*: @le_n
                 ]
-              |9,10,11,12,13,14,15,16,17: #x [3,4,5,8,9: #y]
-                #_ #_ #abs @⊥ @(absurd ? I abs)
-              ]
-            |2,3,6: #x [3: #y] #Heqi #Heq1 #Hj <(proj1 ?? (pair_destruct ?????? Heq1))
-              (* USE: not_jump_default (from old_sigma) *)
-              lapply (proj1 ?? (proj1 ?? (proj1 ?? (proj1 ?? (pi2 ?? old_sigma)))) (|prefix|) ??)
-              [1,4,7: >prf >nth_append_second
-                [1,3,5: <minus_n_n whd in match (nth ????); >p1 >Heqi @Hj
-                |2,4,6: @le_n
-                ]
-              |2,5,8: >prf >append_length <plus_n_Sm @le_S_S @le_plus_n_r
-              |3,6,9: >Holdeq #EQ2 >EQ2 %2 @refl
-              ]
-            |4,5: #x #_ #_ #abs @⊥ @(absurd ? I abs)
-            ]
-          ]
+              |2,5,8,11: @lt_prefix_program
+              |*: >Holdeq #EQ2 >EQ2 %2 @refl]]
         | @bitvector_of_nat_abs
           [ @le_S_to_le ]
-          [1,2: @(transitive_lt … (proj1 ?? (pi2 … program))) @le_S_S >prf
-            >append_length <plus_n_Sm @le_S_S @le_plus_n_r
+          [1,2: assumption
           | @lt_to_not_eq @le_n
           ]
         ]
       ]
-    | <(proj2 ?? (pair_destruct ?????? Heq2)) >Hi >lookup_insert_hit
+    | <Heq2 >Hi >lookup_insert_hit
       normalize nodelta
       cases (bvt_lookup … (bitvector_of_nat ? (S (|prefix|))) (\snd old_sigma) 〈0,short_jump〉)
       #a #b normalize nodelta %2 @refl
     ]
-  ]
-qed.*)
+qed.
 
 (* One step in the search for a jump expansion fixpoint. *)