Changeset 936 for src/ASM/AssemblyProof.ma

Timestamp:

Jun 10, 2011, 4:20:47 PM (8 years ago)

Author:

sacerdot

Message:

Ticks are now handled correctly everywhere and the main proof takes care of
them.

File:

• src/ASM/AssemblyProof.ma (modified) (15 diffs)

src/ASM/AssemblyProof.ma

@@ -834 +834 @@
   P [[true;true;false]] → P [[true;true;true]] → ∀v. P v.
 
+definition ticks_of_instruction ≝
+ λi.
+  let trivial_code_memory ≝ assembly1 i in
+  let trivial_status ≝ load_code_memory trivial_code_memory in
+   \snd (fetch trivial_status (zero ?)).
+
 axiom fetch_assembly:
   ∀pc,i,code_memory,assembled.
@@ -842 +848 @@
       let 〈instr_pc, ticks〉 ≝ fetched in
       let 〈instr,pc'〉 ≝ instr_pc in
-       (eq_instruction instr i ∧ eq_bv … pc' (bitvector_of_nat … (pc + len))) = true.
+       (eq_instruction instr i ∧ eqb ticks (ticks_of_instruction instr) ∧ eq_bv … pc' (bitvector_of_nat … (pc + len))) = true.
 (* #pc #i #code_memory #assembled cases i [8: *]
  [16,20,29: * * |18,19: * * [1,2,4,5: *] |28: * * [1,2: * [1,2: * [1,2: * [1,2: *]]]]]
@@ -876 +882 @@
      let 〈instr_pc, ticks〉 ≝ fetched in
      let 〈instr,pc'〉 ≝ instr_pc in
-      eq_instruction instr i = true ∧ fetch_many code_memory final_pc pc' tl].
+      eq_instruction instr i = true ∧
+      ticks = (ticks_of_instruction i) ∧
+      fetch_many code_memory final_pc pc' tl].
 
 lemma option_destruct_Some: ∀A,a,b. Some A a = Some A b → a=b.
@@ -887 +895 @@
 
 axiom eq_bv_to_eq: ∀n.∀v1,v2: BitVector n. eq_bv … v1 v2 = true → v1=v2.
+
+axiom eq_instruction_to_eq: ∀i1,i2. eq_instruction i1 i2 = true → i1 = i2.
 
 lemma fetch_assembly_pseudo:
@@ -906 +916 @@
     generalize in match (fetch_assembly pc i code_memory … (refl …) H1)
     cases (fetch code_memory (bitvector_of_nat … pc)) #newi_pc #ticks whd in ⊢ (% → %)
-    cases newi_pc #newi #newpc whd in ⊢ (% → %) #K cases (conjunction_true … K) -K; #K1 #K2 % //
-    >(eq_bv_to_eq … K2) @IH @H2 ]
+    cases newi_pc #newi #newpc whd in ⊢ (% → %) #K cases (conjunction_true … K) -K; #K1
+    cases (conjunction_true … K1) -K1; #K1 #K2 #K3 % try % //
+    [ @eqb_true_to_eq <(eq_instruction_to_eq … K1) // | >(eq_bv_to_eq … K3) @IH @H2 ]
 qed.
 
@@ -1602 +1613 @@
 qed.
 
-definition ticks_of: pseudo_assembly_program → Word → nat × nat ≝
+definition ticks_of0: pseudo_assembly_program → Word → ? → nat × nat ≝
   λprogram: pseudo_assembly_program.
   λppc: Word.
-    let 〈preamble, pseudo〉 ≝ program in
-    let 〈fetched, new_ppc〉 ≝ fetch_pseudo_instruction pseudo ppc in
+  λfetched.
     match fetched with
     [ Instruction instr ⇒
@@ -1664 +1674 @@
         | long_jump ⇒ 〈4, 4〉
         ]
-      | ADD arg1 arg2 ⇒ 
-        let trivial_code_memory ≝ assembly1 (ADD ? arg1 arg2) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+      | ADD arg1 arg2 ⇒
+        let ticks ≝ ticks_of_instruction (ADD ? arg1 arg2) in
+         〈ticks, ticks〉
       | ADDC arg1 arg2 ⇒ 
-        let trivial_code_memory ≝ assembly1 (ADDC ? arg1 arg2) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (ADDC ? arg1 arg2) in
+         〈ticks, ticks〉
       | SUBB arg1 arg2 ⇒ 
-        let trivial_code_memory ≝ assembly1 (SUBB ? arg1 arg2) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (SUBB ? arg1 arg2) in
+         〈ticks, ticks〉
       | INC arg ⇒ 
-        let trivial_code_memory ≝ assembly1 (INC ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (INC ? arg) in
+         〈ticks, ticks〉
       | DEC arg ⇒ 
-        let trivial_code_memory ≝ assembly1 (DEC ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (DEC ? arg) in
+         〈ticks, ticks〉
       | MUL arg1 arg2 ⇒ 
-        let trivial_code_memory ≝ assembly1 (MUL ? arg1 arg2) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (MUL ? arg1 arg2) in
+         〈ticks, ticks〉
       | DIV arg1 arg2 ⇒ 
-        let trivial_code_memory ≝ assembly1 (DIV ? arg1 arg2) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (DIV ? arg1 arg2) in
+         〈ticks, ticks〉
       | DA arg ⇒ 
-        let trivial_code_memory ≝ assembly1 (DA ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (DA ? arg) in
+         〈ticks, ticks〉
       | ANL arg ⇒
-        let trivial_code_memory ≝ assembly1 (ANL ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (ANL ? arg) in
+         〈ticks, ticks〉
       | ORL arg ⇒
-        let trivial_code_memory ≝ assembly1 (ORL ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (ORL ? arg) in
+         〈ticks, ticks〉
       | XRL arg ⇒
-        let trivial_code_memory ≝ assembly1 (XRL ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (XRL ? arg) in
+         〈ticks, ticks〉
       | CLR arg ⇒
-        let trivial_code_memory ≝ assembly1 (CLR ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (CLR ? arg) in
+         〈ticks, ticks〉
       | CPL arg ⇒
-        let trivial_code_memory ≝ assembly1 (CPL ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (CPL ? arg) in
+         〈ticks, ticks〉
       | RL arg ⇒
-        let trivial_code_memory ≝ assembly1 (RL ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (RL ? arg) in
+         〈ticks, ticks〉
       | RLC arg ⇒
-        let trivial_code_memory ≝ assembly1 (RLC ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (RLC ? arg) in
+         〈ticks, ticks〉
       | RR arg ⇒
-        let trivial_code_memory ≝ assembly1 (RR ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (RR ? arg) in
+         〈ticks, ticks〉
       | RRC arg ⇒
-        let trivial_code_memory ≝ assembly1 (RRC ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (RRC ? arg) in
+         〈ticks, ticks〉
       | SWAP arg ⇒
-        let trivial_code_memory ≝ assembly1 (SWAP ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (SWAP ? arg) in
+         〈ticks, ticks〉
       | MOV arg ⇒
-        let trivial_code_memory ≝ assembly1 (MOV ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (MOV ? arg) in
+         〈ticks, ticks〉
       | MOVX arg ⇒
-        let trivial_code_memory ≝ assembly1 (MOVX ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (MOVX ? arg) in
+         〈ticks, ticks〉
       | SETB arg ⇒
-        let trivial_code_memory ≝ assembly1 (SETB ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (SETB ? arg) in
+         〈ticks, ticks〉
       | PUSH arg ⇒
-        let trivial_code_memory ≝ assembly1 (PUSH ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (PUSH ? arg) in
+         〈ticks, ticks〉
       | POP arg ⇒
-        let trivial_code_memory ≝ assembly1 (POP ? arg) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (POP ? arg) in
+         〈ticks, ticks〉
       | XCH arg1 arg2 ⇒
-        let trivial_code_memory ≝ assembly1 (XCH ? arg1 arg2) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (XCH ? arg1 arg2) in
+         〈ticks, ticks〉
       | XCHD arg1 arg2 ⇒
-        let trivial_code_memory ≝ assembly1 (XCHD ? arg1 arg2) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (XCHD ? arg1 arg2) in
+         〈ticks, ticks〉
       | RET ⇒
-        let trivial_code_memory ≝ assembly1 (RET ?) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (RET ?) in
+         〈ticks, ticks〉
       | RETI ⇒
-        let trivial_code_memory ≝ assembly1 (RETI ?) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (RETI ?) in
+         〈ticks, ticks〉
       | NOP ⇒
-        let trivial_code_memory ≝ assembly1 (NOP ?) in
-        let trivial_status ≝ load_code_memory trivial_code_memory in
-        let ticks ≝ \snd (fetch trivial_status (zero ?)) in
-          〈0, ticks〉
+        let ticks ≝ ticks_of_instruction (NOP ?) in
+         〈ticks, ticks〉
       ]
     | Comment comment ⇒ 〈0, 0〉
@@ -1814 +1768 @@
 qed.
 
-axiom eq_instruction_to_eq: ∀i1,i2. eq_instruction i1 i2 = true → i1 = i2.
+definition ticks_of: pseudo_assembly_program → Word → nat × nat ≝
+  λprogram: pseudo_assembly_program.
+  λppc: Word.
+    let 〈preamble, pseudo〉 ≝ program in
+    let 〈fetched, new_ppc〉 ≝ fetch_pseudo_instruction pseudo ppc in
+     ticks_of0 program ppc fetched.
 
 lemma get_register_set_program_counter:
@@ -1844 +1803 @@
 qed.
 
-lemma set_arg_8_set_program_counter:
-  ∀n.∀l:Vector addressing_mode_tag (S n). ¬(is_in ? l ACC_PC) →
-  ∀T,s.∀pc:Word.∀b:l.
-   set_arg_8 T (set_program_counter … s pc) b = set_arg_8 … s b.
- [2,3: cases b; *; normalize //]
- #n #l #prf #T #s #pc #b * *; 
-qed.
-
 lemma get_arg_8_set_code_memory:
  ∀T1,T2,s,code_mem,b,arg.
@@ -1877 +1828 @@
  #T1 #s #f1 #f2 #f3 %
 qed.
-
-axiom ignore_clock: ∀T,ps,x.set_clock T ps x = ps.
 
 lemma eq_rect_Type1_r:
@@ -1892 +1841 @@
 
 lemma main_thm:
- ∀ticks_of.
  ∀ps,s,s''.
   status_of_pseudo_status ps = Some … s →
-  status_of_pseudo_status (execute_1_pseudo_instruction ticks_of ps) = Some … s'' →
+  status_of_pseudo_status (execute_1_pseudo_instruction (ticks_of (code_memory … ps)) ps) = Some … s'' →
    ∃n. execute n s = s''.
- #ticks_of #ps #s #s''
+ #ps #s #s''
  generalize in match (fetch_assembly_pseudo2 (code_memory … ps))
  whd in ⊢ (? → ??%? → ??%? → ?)
@@ -1917 +1865 @@
   (∃n.
     execute n (set_program_counter ? (set_code_memory ?? ps (load_code_memory assembled)) ?)
-   = set_program_counter ? (set_code_memory ?? (execute_1_pseudo_instruction ticks_of ps) (load_code_memory assembled)) ?)
+   = set_program_counter ? (set_code_memory ?? (execute_1_pseudo_instruction ? ps) (load_code_memory assembled)) ?)
  whd in match (\snd 〈preamble,instr_list〉) in H;
  whd in match (\fst 〈preamble,instr_list〉) in H;
  whd in match (\snd 〈final_pc,assembled〉) in H;
  -s s'' labels costs final_ppc final_pc;
- letin ps' ≝ (execute_1_pseudo_instruction ticks_of ps)
+ letin ps' ≝ (execute_1_pseudo_instruction (ticks_of 〈preamble,instr_list〉) ps)
  (* NICE STATEMENT HERE *)
  generalize in match (refl … ps') generalize in ⊢ (??%? → ?) normalize nodelta; -ps'; #ps'
  #K <K generalize in match K; -K;
  (* STATEMENT WITH EQUALITY HERE *)
- whd in ⊢ (???% → ?) generalize in match (H (program_counter … ps)) >EQ0 normalize nodelta;
+ whd in ⊢ (???(?%?) → ?)
+ whd in ⊢ (???% → ?) generalize in match (H (program_counter … ps)) -H; >EQ0 normalize nodelta;
  cases (fetch_pseudo_instruction instr_list (program_counter … ps))
  #pi #newppc normalize nodelta; * #instructions *;
@@ -1933 +1882 @@
   [2,3: (* Comment, Cost *) #ARG #H1 #H2 #EQ %[1,3:@0]
     normalize in H1; generalize in match (option_destruct_Some ??? H1) #K1 >K1 in H2; whd in ⊢ (% → ?)
-    #H2 >(eq_bv_to_eq … H2) >ignore_clock in EQ; #EQ >EQ %
+    #H2 >(eq_bv_to_eq … H2) >EQ %
   |4: (* Jmp *)
   |5: (* Call *)
@@ -1942 +1891 @@
        change in ⊢ (? → ??%?) with (execute_1_0 ??)
        cases (fetch (load_code_memory assembled) (sigma 〈preamble,instr_list〉 (program_counter … ps))) * #instr #newppc' #ticks normalize nodelta;
-       * #H2a whd in ⊢ (% → ?) #H2b
-       >ignore_clock in EQ;
-       >(eq_instruction_to_eq … H2a)
-       whd in ⊢ (???% → ??%?);
-       >ignore_clock
+       * * #H2a #H2b whd in ⊢ (% → ?) #H2c
+       >H2b >(eq_instruction_to_eq … H2a)
+       generalize in match EQ; -EQ; whd in ⊢ (???% → ??%?);
        @(list_addressing_mode_tags_elim_prop … arg1) whd try % -arg1;
        @(list_addressing_mode_tags_elim_prop … arg2) whd try % -arg2; #ARG2
@@ -1952 +1899 @@
        [1,2,3,4,5,6,7,8: cases (add_8_with_carry ???) |*: cases (sub_8_with_carry ???)]
        #result #flags
-       #EQ >EQ -EQ; normalize nodelta; >(eq_bv_to_eq … H2b) -newppc'; %
+       #EQ >EQ -EQ; normalize nodelta; >(eq_bv_to_eq … H2c) %
     | (* INC *) #arg1 #H1 #H2 #EQ %[@1]
        normalize in H1; generalize in match (option_destruct_Some ??? H1) #K1 >K1 in H2; whd in ⊢ (% → ?)
        change in ⊢ (? → ??%?) with (execute_1_0 ??)
        cases (fetch (load_code_memory assembled) (sigma 〈preamble,instr_list〉 (program_counter … ps))) * #instr #newppc' #ticks normalize nodelta;
-       * #H2a whd in ⊢ (% → ?) #H2b
-       >ignore_clock in EQ;
-       >(eq_instruction_to_eq … H2a)
-       whd in ⊢ (???% → ??%?);
-       >ignore_clock
+       * * #H2a #H2b whd in ⊢ (% → ?) #H2c
+       >H2b >(eq_instruction_to_eq … H2a)
+       generalize in match EQ; -EQ; whd in ⊢ (???% → ??%?);
        @(list_addressing_mode_tags_elim_prop … arg1) whd try % -arg1; normalize nodelta; [1,2,3: #ARG]
        [1,2,3,4: cases (half_add ???) #carry #result
        | cases (half_add ???) #carry #bl normalize nodelta;
          cases (full_add ????) #carry' #bu normalize nodelta ]
-        #EQ >EQ -EQ; normalize nodelta; >(eq_bv_to_eq … H2b) -newppc';
+        #EQ >EQ -EQ; normalize nodelta; >(eq_bv_to_eq … H2c) -newppc';
         [5: %
-        |1: >set_code_memory_set_flags >set_program_counter_set_flags >program_counter_set_flags %
-
-        XXX
-          % 
-  
+        |1: