include "RTLabs/syntax.ma".
include "RTL/RTL_paolo.ma".
include "common/AssocList.ma".
include "common/FrontEndOps.ma".
include "common/Graphs.ma".
include "joint/TranslateUtils_paolo.ma".
include "utilities/bindLists.ma".
include alias "ASM/BitVector.ma".
include alias "arithmetics/nat.ma".

definition size_of_sig_type ≝
  λsig.
  match sig with
  [ ASTint isize sign ⇒
    let isize' ≝ match isize with [ I8 ⇒ 8 | I16 ⇒ 16 | I32 ⇒ 32 ] in
      isize' ÷ (nat_of_bitvector ? int_size)
  | ASTfloat _ ⇒ ? (* dpm: not implemented *)
  | ASTptr rgn ⇒ nat_of_bitvector ? ptr_size
  ].
  cases not_implemented;
qed.

inductive register_type: Type[0] ≝
  | register_int: register → register_type
  | register_ptr: register → register → register_type.

definition local_env ≝ identifier_map RegisterTag (list register).

definition local_env_typed :
  list (register × typ) → local_env → Prop ≝
  λl,env.All ?
    (λp.let 〈r, ty〉 ≝ p in ∃regs.lookup … env r = Some ? regs ∧
                                 |regs| = size_of_sig_type ty) l.

definition find_local_env ≝ λr.λlenv : local_env.
  λprf : r ∈ lenv.opt_safe … (lookup … lenv r) ?.
lapply (in_map_domain … lenv r)
>prf * #x #lookup_eq >lookup_eq % #ABS destruct(ABS)
qed.

lemma find_local_env_elim : ∀P : list register → Prop.∀r. ∀lenv: local_env.∀prf.
  (∀x.lookup … lenv r = Some ? x → P x) → P (find_local_env r lenv prf).
#P#r#lenv#prf #H
change with (P (opt_safe ???))
@opt_safe_elim assumption
qed.

definition find_local_env_arg ≝
  λr,lenv,prf. map … Reg (find_local_env r lenv prf).

definition m_fresh : ∀tag.state_monad (universe tag) (identifier tag) ≝
λtag,univ.let pr ≝ fresh … univ in 〈\snd pr, \fst pr〉.

let rec register_freshes (n: nat) on n :
  state_monad (universe RegisterTag) (Σl.|l| = n) ≝
  match n return λx.state_monad ? (Σl.|l| = x) with
  [ O ⇒ return «[ ],?»
  | S n' ⇒
    ! r ← m_fresh ?;
    ! res ← register_freshes n';
    return «r::res,?»
  ].[2: cases res -res #res #EQ <EQ] % qed.

definition initialize_local_env_internal :
  (universe RegisterTag × local_env) → (register×typ) → (universe RegisterTag × local_env) ≝
  λlenv_runiverse,r_sig.
  let 〈runiverse,lenv〉 ≝ lenv_runiverse in
  let 〈r, sig〉 ≝ r_sig in
  let size ≝ size_of_sig_type sig in
  let 〈runiverse,rs〉 ≝ register_freshes size runiverse in
    〈runiverse,add … lenv r rs〉.

definition initialize_local_env :
  list (register×typ) →
  state_monad (universe RegisterTag) local_env ≝
  λregisters,runiverse.
  foldl … initialize_local_env_internal 〈runiverse,empty_map …〉 registers.

include alias "common/Identifiers.ma".
let rec map_list_local_env 
  lenv (regs : list (register×typ)) on regs :
  All ? (λpr.bool_to_Prop (\fst pr ∈ lenv)) regs → list register ≝
  match regs return λx.All ?? x → ? with
  [ nil ⇒ λ_.[ ]
  | cons hd tl ⇒ λprf.find_local_env (\fst hd) lenv ? @ map_list_local_env lenv tl ?
  ].cases prf #A #B assumption qed.

definition make_addr ≝
  λA.
  λlst: list A.
  λprf: 2 = length A lst.〈nth_safe … 0 lst ?, nth_safe … 1 lst ?〉. <prf //
  qed.

definition find_and_addr ≝
  λr,lenv,prf. make_addr ? (find_local_env r lenv prf).

include alias "common/Identifiers.ma".
let rec rtl_args (args : list register) (env : local_env) on args :
  All ? (λr.bool_to_Prop (r∈env)) args → list rtl_argument ≝
  match args return λx.All ?? x → ? with
  [ nil ⇒ λ_.[ ]
  | cons hd tl ⇒ λprf.find_local_env_arg hd env ? @ rtl_args tl env ?
  ].
  cases prf #H #G assumption
  qed.

include alias "basics/lists/list.ma".
let rec vrsplit A (m,n : nat) 
  on m : Vector A (m*n) → Σs : list (Vector A n).|s| = m ≝
  match m return λx.Vector A (x*n) → Sig (list ?) ? with
  [ O ⇒ λv.[ ]
  | S k ⇒ λv.let spl ≝ vsplit ? n … v in \fst spl :: vrsplit ? k n (\snd spl)
  ].
  [ %
  | cases (vrsplit ????) #lst #EQ normalize >EQ %
  ] qed.

definition split_into_bytes:
  ∀size. ∀int: bvint size. Σbytes: list Byte. |bytes| = size_intsize size ≝ 
λsize.vrsplit ? (size_intsize size) 8.

let rec list_inject_All_aux A P (l : list A) on l : All A P l → list (Σx.P x) ≝
match l return λx.All A P x → ? with
[ nil ⇒ λ_.[ ]
| cons hd tl ⇒ λprf.«hd, ?» :: list_inject_All_aux A P tl ?
]. cases prf #H1 #H2 [@H1 | @H2]
qed.

include alias "basics/lists/list.ma".
definition translate_op:
  ∀globals. Op2 →
  ∀dests : list register.
  ∀srcrs1 : list rtl_argument.
  ∀srcrs2 : list rtl_argument.
  |dests| = |srcrs1| → |srcrs1| = |srcrs2| →
  list (joint_seq rtl_params globals)
  ≝
  λglobals: list ident.
  λop.
  λdestrs.
  λsrcrs1.
  λsrcrs2.
  λprf1,prf2.
  (* first, clear carry if op relies on it *)
  match op with
  [ Addc ⇒ [CLEAR_CARRY ??]
  | Sub ⇒ [CLEAR_CARRY ??]
  | _ ⇒ [ ]
  ] @ map3 ???? (OP2 rtl_params globals op) destrs srcrs1 srcrs2 prf1 prf2.

let rec nat_to_args (size : nat) (k : nat) on size : Σl : list rtl_argument.|l| = size ≝
match size with
[ O ⇒ [ ]
| S size' ⇒
  match nat_to_args size' (k ÷ 8) with
  [ mk_Sig res prf ⇒
    imm_nat k :: res
  ]
]. normalize // qed.

definition size_of_cst ≝ λtyp.λcst : constant typ.match cst with
  [ Ointconst size _ _ ⇒ size_intsize size
  | Ofloatconst _ _ ⇒ ? (* not implemented *)
  | _ ⇒ 2
  ].
  cases not_implemented qed.

definition cst_well_defd : ∀ty.list ident → constant ty → Prop ≝ λty,globals,cst.
  match cst with
  [ Oaddrsymbol r id offset ⇒ member id (eq_identifier ?) globals
  | _ ⇒ True
  ].

definition translate_cst :
  ∀ty.
  ∀globals: list ident.
  ∀cst_sig: Σcst : constant ty.cst_well_defd ty globals cst.
  ∀destrs: list register.
  |destrs| = size_of_cst ? cst_sig →
  list (joint_seq rtl_params globals)
 ≝
  λty,globals,cst_sig,destrs.
  match pi1 … cst_sig in constant return λty'.λx : constant ty'.
      cst_well_defd ty' ? x → |destrs| = size_of_cst ty' x → ?
  with
  [ Ointconst size sign const ⇒ λcst_prf,prf.
      map2 … (λr.λb : Byte.r ← (b : rtl_argument)) destrs
        (split_into_bytes size const) ?
  | Ofloatconst _ _ ⇒ ?
  | Oaddrsymbol r id offset ⇒ λcst_prf,prf.
    let 〈r1, r2〉 ≝ make_addr … destrs ? in
    [ADDRESS rtl_params globals id ? r1 r2]
  | Oaddrstack offset ⇒ λcst_prf,prf.
    let 〈r1, r2〉 ≝ make_addr … destrs ? in
    [(rtl_stack_address r1 r2 : joint_seq rtl_params globals)]
  ] (pi2 … cst_sig).
  [2: cases not_implemented
  |1: cases (split_into_bytes ??) #lst
    #EQ >EQ >prf whd in ⊢ (??%?); cases size %
  |3: @cst_prf
  |*: >prf %
  ]
qed.
  
definition translate_move :
  ∀globals.
  ∀destrs: list register.
  ∀srcrs: list rtl_argument.
  |destrs| = |srcrs| → list (joint_seq rtl_params globals) ≝ 
  λglobals,destrs,srcrs,length_eq.
  map2 … (λdst,src.dst ← src) destrs srcrs length_eq.

lemma make_list_length:
  ∀A: Type[0].
  ∀elt: A.
  ∀n: nat.
    n = length ? (make_list A elt n).
  #A #ELT #N
  elim N normalize // qed.

definition sign_mask : ∀globals.register → register →
  list (joint_seq rtl_params globals) ≝
    (* this sets destr to 0xFF if s is neg, 0x00 o.w. Done like that:
       byte in destr if srcr is: neg   |  pos
       destr ← srcr | 127       11...1 | 01...1
       destr ← destr <rot< 1    1...11 | 1...10
       destr ← INC destr        0....0 | 1....1
       destr ← CPL destr        1....1 | 0....0
     *)
  λglobals,destr,srcr.
  [destr ← srcr .Or. 127 ;
   destr ← .Rl. destr ;
   destr ← .Inc. destr ;
   destr ← .Cmpl. destr ].

definition translate_cast_signed :
  ∀globals : list ident.
  list register → register →
  bind_new (localsT rtl_params) (list (joint_seq rtl_params globals)) ≝
  λglobals,destrs,srcr.
  ν tmp in
  (sign_mask ? tmp srcr @
  translate_move ? destrs (make_list ? (Reg tmp) (|destrs|)) (make_list_length …)).
 
definition translate_fill_with_zero :
  ∀globals : list ident.
  list register → list (joint_seq rtl_params globals) ≝
  λglobals,destrs.
  match nat_to_args (|destrs|) 0 with
  [ mk_Sig res prf ⇒ translate_move ? destrs res ?].
  // qed.

let rec last A (l : list A) on l : option A ≝
match l with
[ nil ⇒ None ?
| cons hd tl ⇒
  match tl with
  [ nil ⇒ Some ? hd
  | _ ⇒ last A tl
  ]
].

lemma last_nth : ∀A,l.last A l = nth_opt A (pred (|l|)) l.
#A #l elim l [%]
#hd * [#_ %]
#hd2 #tl #IH
change with (last A (hd2 :: tl) = ?)
>IH //
qed.

(* using size of lists as size of ints *)
definition translate_cast :
  ∀globals: list ident.
  signedness → list register → list register →
    bind_new (localsT rtl_params) (list (joint_seq rtl_params globals)) ≝
  λglobals,src_sign,destrs,srcrs.
  match reduce_strong ?? destrs srcrs with
  [ mk_Sig t prf ⇒
    let src_common ≝ \fst (\fst t) in
    let src_rest   ≝ \snd (\fst t) in
    let dst_common ≝ \fst (\snd t) in
    let dst_rest   ≝ \snd (\snd t) in
    (* first, move the common part *)
    translate_move ? src_common (map … Reg dst_common) ? @@
    match src_rest return λ_.bind_new ?? with
    [ nil ⇒ (* upcast *)
      match src_sign return λ_.bind_new ?? with
      [ Unsigned ⇒ translate_fill_with_zero ? dst_rest
      | Signed ⇒
        match last … srcrs (* = src_common *) with
        [ Some src_last ⇒ translate_cast_signed ? dst_rest src_last
        | None ⇒ (* srcrs is empty *) translate_fill_with_zero ? dst_rest
        ]
      ]
    | _ ⇒ (* downcast, nothing else to do *) [ ]
    ]
  ].
  >length_map @prf qed.
  
definition translate_notint :
  ∀globals : list ident.
  ∀destrs : list register.
  ∀srcrs_arg : list register.
  |destrs| = |srcrs_arg| → list (joint_seq rtl_params globals) ≝
  λglobals, destrs, srcrs, prf.
  map2 ??? (OP1 rtl_params globals Cmpl) destrs srcrs prf.

definition translate_negint : ∀globals.? → ? → ? → bind_new (localsT rtl_params) (list (joint_seq rtl_params globals)) ≝
  λglobals: list ident.
  λdestrs: list register.
  λsrcrs: list register.
  λprf: |destrs| = |srcrs|. (* assert in caml code *)
  translate_notint … destrs srcrs prf @
  match nat_to_args (|destrs|) 1 with
  [ mk_Sig res prf' ⇒
    translate_op ? Add destrs (map … Reg destrs) res ??
  ].
// qed.

definition translate_notbool:
  ∀globals : list ident.
  list register → list register →
    bind_new (localsT rtl_params) (list (joint_seq rtl_params globals)) ≝
  λglobals,destrs,srcrs.
  match destrs with
  [ nil ⇒ [ ]
  | cons destr destrs' ⇒
    translate_fill_with_zero ? destrs' @@
    match srcrs return λ_.bind_new ?? with
    [ nil ⇒ [destr ← 0]
    | cons srcr srcrs' ⇒
      (destr ← srcr) :::
      map register (joint_seq rtl_params globals) (λr. destr ← destr .Or. r) srcrs' @@
      (* now destr is non-null iff srcrs was non-null *)
      CLEAR_CARRY ?? :::
      (* many uses of 0, better not use immediates *)
      ν tmp in
      [tmp ← 0 ;
       destr ← tmp .Sub. tmp ;
       (* now carry bit is set iff destr was non-null *)
       destr ← tmp .Addc. tmp]
     ]
   ].

definition translate_op1 : ∀globals.? → ? → ? → ? → ? → ? → ? →
  bind_new (localsT rtl_params) (list (joint_seq rtl_params globals)) ≝
  λglobals.
  λty, ty'.
  λop1: unary_operation ty ty'.
  λdestrs: list register.
  λsrcrs: list register.
  λprf1: |destrs| = size_of_sig_type ty'.
  λprf2: |srcrs| = size_of_sig_type ty.
  match op1
  return λty'',ty'''.λx : unary_operation ty'' ty'''.ty'' = ty → ty''' = ty' →
    bind_new (localsT rtl_params) (list (joint_seq rtl_params globals)) with
  [ Ocastint _ src_sign _ _ ⇒ λeq1,eq2.
    translate_cast globals src_sign destrs srcrs
  | Onegint sz sg ⇒ λeq1,eq2.
    translate_negint globals destrs srcrs ?
  | Onotbool _ _ _ _ ⇒ λeq1,eq2.
    translate_notbool globals destrs srcrs
  | Onotint sz sg ⇒ λeq1,eq2.
    translate_notint globals destrs srcrs ?
  | Optrofint sz sg r ⇒ λeq1,eq2.
    translate_cast globals Unsigned destrs srcrs
  | Ointofptr sz sg r ⇒ λeq1,eq2.
    translate_cast globals Unsigned destrs srcrs
  | Oid t ⇒ λeq1,eq2.
      translate_move globals destrs (map … Reg srcrs) ?
  | _ ⇒ λeq1,eq2.? (* float operations implemented in runtime *)
  ] (refl …) (refl …).
  [3,4,5,6,7,8,9:  cases not_implemented
  |*: destruct >prf1 >prf2 //
  ]
qed.

include alias "arithmetics/nat.ma".

let rec range_strong_internal (start : ℕ) (count : ℕ)
  (* Paolo: no notation to avoid ambiguity *)
  on count : list (Σn : ℕ.lt n (plus start count)) ≝
match count return λx.count = x → list (Σn : ℕ. n < start + count)
  with
[ O ⇒ λ_.[ ]
| S count' ⇒ λEQ.
  let f : (Σn : ℕ. lt n (S start + count')) → Σn : ℕ. lt n (start + count) ≝
    λsig.match sig with [mk_Sig n prf ⇒ n] in
  start :: map … f (range_strong_internal (S start) count')
] (refl …).
destruct(EQ) // qed.

definition range_strong : ∀end : ℕ. list (Σn.n<end) ≝
  λend.range_strong_internal 0 end.

definition translate_mul_i :
  ∀globals.
  register → register →
  (* size of destination and sources *)
  ∀n : ℕ.
  (* the temporary destination, with a dummy register at the end *)
  ∀tmp_destrs_dummy : list register.
  ∀srcrs1,srcrs2 : list rtl_argument.
  |tmp_destrs_dummy| = S n →
  n = |srcrs1| →
  |srcrs1| = |srcrs2| →
  (* the position of the least significant byte of the result we compute at
     this stage (goes from 0 to n in the main function) *)
  ∀k : ℕ.
  lt k n →
  (* the position of the byte in the first source we will use in this stage.
     the position in the other source will be k - i *)
  (Σi.i<S k) →
  (* the accumulator *)
  list (joint_seq rtl_params globals) →
    list (joint_seq rtl_params globals) ≝
  λglobals,a,b,n,tmp_destrs_dummy,srcrs1,srcrs2,
    tmp_destrs_dummy_prf,srcrs1_prf,srcrs2_prf,k,k_prf,i_sig,acc.
  (* the following will expand to
     a, b ← srcrs1[i] * srcrs2[k-i]
     tmp_destrs_dummy[k]   ← tmp_destrs_dummy[k] + a
     tmp_destrs_dummy[k+1] ← tmp_destrs_dummy[k+1] + b + C
     tmp_destrs_dummy[k+2] ← tmp_destrs_dummy[k+2] + 0 + C
     ...
     tmp_destrs_dummy[n]   ← tmp_destrs_dummy[n] + 0 + C
     ( all calculations on tmp_destrs_dummy[n] will be eliminated with
     liveness analysis) *)
  match i_sig with
    [ mk_Sig i i_prf ⇒
      (* we pad the result of a byte multiplication with zeros in order
         for the bit to be carried. Redundant calculations will be eliminated
         by constant propagation. *)
      let args : list rtl_argument ≝
        [Reg a;Reg b] @ make_list ? (Imm (zero …)) (n - 1 - k) in
      let tmp_destrs_view : list register ≝
        ltl ? tmp_destrs_dummy k in
      ❮a, b❯ ← (nth_safe ? i srcrs1 ?) .Mul. (nth_safe ? (k - i) srcrs2 ?) ::
      translate_op … Add tmp_destrs_view (map … Reg tmp_destrs_view) args ?? @
      acc
    ].
[ @lt_plus_to_minus [ @le_S_S_to_le assumption | <srcrs2_prf <srcrs1_prf
  whd >(plus_n_O (S k)) @le_plus // ]
| <srcrs1_prf
  @(transitive_le … i_prf k_prf)
| >length_map //
| >length_map
  >length_ltl
  >tmp_destrs_dummy_prf >length_append
  <make_list_length
  normalize in ⊢ (???(?%?));
  >plus_minus_commutative
    [2: @le_plus_to_minus_r <plus_n_Sm <plus_n_O assumption]
  cut (S n = 2 + (n - 1))
    [2: #EQ >EQ //]
  >plus_minus_commutative
    [2: @(transitive_le … k_prf) //]
  @sym_eq
  @plus_to_minus
  <plus_n_Sm
  //
] qed.

definition translate_mul : ∀globals.?→?→?→?→?→bind_new (localsT rtl_params) (list (joint_seq rtl_params globals)) ≝
λglobals : list ident.
λdestrs : list register.
λsrcrs1 : list rtl_argument.
λsrcrs2 : list rtl_argument.
λsrcrs1_prf : |destrs| = |srcrs1|.
λsrcrs2_prf : |srcrs1| = |srcrs2|.
(* needed fresh registers *)
νa in
νb in
(* temporary registers for the result are created, so to avoid overwriting
   sources *)
νν |destrs| as tmp_destrs with tmp_destrs_prf in
νdummy in
(* the step calculating all products with least significant byte going in the
   k-th position of the result *)
let translate_mul_k : (Σk.k<|destrs|) → list (joint_seq rtl_params globals) →
  list (joint_seq rtl_params globals) ≝
  λk_sig,acc.match k_sig with
  [ mk_Sig k k_prf ⇒
    foldr … (translate_mul_i ? a b (|destrs|)
      (tmp_destrs @ [dummy]) srcrs1 srcrs2
      ? srcrs1_prf srcrs2_prf k k_prf) acc (range_strong (S k))
  ] in
(* initializing tmp_destrs to zero
   dummy is intentionally uninitialized *)
translate_fill_with_zero … tmp_destrs @
(* the main body, roughly:
   for k in 0 ... n-1 do
     for i in 0 ... k do
       translate_mul_i … k … i *)
foldr … translate_mul_k [ ] (range_strong (|destrs|)) @ 
(* epilogue: saving the result *)
translate_move … destrs (map … Reg tmp_destrs) ?.
[ >length_map >tmp_destrs_prf //
| >length_append <plus_n_Sm <plus_n_O //
]
qed.

definition translate_divumodu8 : ∀globals.?→?→?→?→?→?→
    bind_new (localsT rtl_params) (list (joint_seq rtl_params globals)) ≝
  λglobals: list ident.
  λdiv_not_mod: bool.
  λdestrs: list register.
  λsrcrs1: list rtl_argument.
  λsrcrs2: list rtl_argument.
  λsrcrs1_prf : |destrs| = |srcrs1|.
  λsrcrs2_prf : |srcrs1| = |srcrs2|.
  match destrs return λx.x = destrs → bind_new ?? with
  [ nil ⇒ λ_.[ ]
  | cons destr destrs' ⇒ λeq_destrs.
    match destrs' with
    [ nil ⇒
      match srcrs1 return λx.x = srcrs1 → bind_new ??  with
      [ nil ⇒ λeq_srcrs1.⊥
      | cons srcr1 srcrs1' ⇒ λeq_srcrs1.
        match srcrs2 return λx.x = srcrs2 → bind_new ??  with
        [ nil ⇒ λeq_srcrs2.⊥
        | cons srcr2 srcrs2' ⇒ λeq_srcrs2.
          νdummy in
          let 〈destr1, destr2〉 ≝
            if div_not_mod then 〈destr, dummy〉 else 〈dummy, destr〉 in
          [❮destr1, destr2❯ ← srcr1 .DivuModu. srcr2]
        ] (refl …)
      ] (refl …)
    | _ ⇒ ? (* not implemented *)
    ]
  ] (refl …).
[3: elim not_implemented]
destruct normalize in srcrs1_prf; normalize in srcrs2_prf; destruct qed.

(* Paolo: to be moved elsewhere *)
let rec foldr2 (A : Type[0]) (B : Type[0]) (C : Type[0]) (f : A→B→C→C) (init : C) (l1 : list A) (l2 : list B)
  (prf : |l1| = |l2|) on l1 : C ≝
  match l1 return λx.x = l1 → C with 
  [ nil ⇒ λ_.init
  | cons a l1' ⇒ λeq_l1.
    match l2 return λy.y = l2 → C with
    [ nil ⇒ λeq_l2.⊥
    | cons b l2' ⇒ λeq_l2.
      f a b (foldr2 A B C f init l1' l2' ?)
    ] (refl …)
  ] (refl …).
destruct normalize in prf;  [destruct|//]
qed.

definition translate_ne: ∀globals: list ident.?→?→?→?→
  bind_new (localsT rtl_params) (list (joint_seq rtl_params globals)) ≝
  λglobals: list ident.
  λdestrs: list register.
  λsrcrs1: list rtl_argument.
  λsrcrs2: list rtl_argument.
  match destrs return λ_.|srcrs1| = |srcrs2| → bind_new ?? with
  [ nil ⇒ λ_.[ ]
  | cons destr destrs' ⇒ λEQ.
    translate_fill_with_zero … destrs' @@
    match srcrs1 return λx.|x| = |srcrs2| → bind_new ?? with
    [ nil ⇒ λ_.[destr ← 0]
    | cons srcr1 srcrs1' ⇒
      match srcrs2 return λx.S (|srcrs1'|) = |x| → bind_new ?? with
      [ nil ⇒ λEQ.⊥
      | cons srcr2 srcrs2' ⇒ λEQ.
        νtmpr in
        let f : rtl_argument → rtl_argument → list (joint_seq rtl_params globals) → list (joint_seq rtl_params globals) ≝
          λs1,s2,acc.
          tmpr  ← s1 .Xor. s2 ::
          destr ← destr .Or. tmpr ::
          acc in
        let epilogue : list (joint_seq rtl_params globals) ≝
          [ CLEAR_CARRY ?? ;
            tmpr ← 0 .Sub. destr ;
            (* now carry bit is 1 iff destrs != 0 *)
            destr ← 0 .Addc. 0 ] in
         destr ← srcr1 .Xor. srcr2 ::
         foldr2 ??? f epilogue srcrs1' srcrs2' ?
       ]
     ] EQ
   ]. normalize in EQ; destruct(EQ) assumption qed.

(* if destrs is 0 or 1, it inverses it. To be used after operations that
   ensure this. *)
definition translate_toggle_bool : ∀globals.?→list (joint_seq rtl_params globals) ≝
  λglobals: list ident.
  λdestrs: list register.
  match destrs with
  [ nil ⇒ [ ]
  | cons destr _ ⇒ [destr ← .Cmpl. destr]
  ].
  
definition translate_lt_unsigned :
  ∀globals.
  ∀destrs: list register.
  ∀srcrs1: list rtl_argument.
  ∀srcrs2: list rtl_argument.
  |srcrs1| = |srcrs2| →
  bind_new (localsT rtl_params) (list (joint_seq rtl_params globals)) ≝
  λglobals,destrs,srcrs1,srcrs2,srcrs_prf.
  match destrs with
  [ nil ⇒ [ ]
  | cons destr destrs' ⇒
    ν tmpr in
    (translate_fill_with_zero … destrs' @
    (* I perform a subtraction, but the only interest is in the carry bit *)
    translate_op ? Sub (make_list … tmpr (|srcrs1|)) srcrs1 srcrs2 ? srcrs_prf @
    [ destr ← 0 .Addc. 0 ])
  ].
<make_list_length % qed.

(* shifts signed integers by adding 128 to the most significant byte
   it replaces it with a fresh register which must be provided *)
let rec shift_signed globals
  (tmp : register)
  (srcrs : list rtl_argument) on srcrs :
  Σt : (list rtl_argument) × (list (joint_seq rtl_params globals)).|\fst t| = |srcrs| ≝
  match srcrs with
  [ nil ⇒ 〈[ ],[ ]〉
  | cons srcr srcrs' ⇒
    match srcrs' with
    [ nil ⇒ 〈[ Reg tmp ], [ tmp ← srcr .Add. 128 ]〉
    | _ ⇒
      let re ≝ shift_signed globals tmp srcrs' in
      〈srcr :: \fst re, \snd re〉
    ]
  ].
[1,2: %
|*: cases re * #a #b >p1 normalize #EQ >EQ %
] qed.

definition translate_lt_signed :
  ∀globals.
  ∀destrs: list register.
  ∀srcrs1: list rtl_argument.
  ∀srcrs2: list rtl_argument.
  |srcrs1| = |srcrs2| →
  bind_new (localsT rtl_params) (list (joint_seq rtl_params globals)) ≝
  λglobals,destrs,srcrs1,srcrs2,srcrs_prf.
  νtmp_last_s1 in
  νtmp_last_s2 in
  let p1 ≝ shift_signed globals tmp_last_s1 srcrs1 in
  let new_srcrs1 ≝ \fst p1 in
  let shift_srcrs1 ≝ \snd p1 in
  let p2 ≝ shift_signed globals tmp_last_s2 srcrs2 in
  let new_srcrs2 ≝ \fst p2 in
  let shift_srcrs2 ≝ \snd p2 in
  shift_srcrs1 @@ shift_srcrs2 @@
  translate_lt_unsigned globals destrs new_srcrs1 new_srcrs2 ?.
whd in match new_srcrs1; whd in match new_srcrs2;
cases p1
cases p2
//
qed.

definition translate_lt : bool→∀globals.?→?→?→?→bind_new (localsT rtl_params) (list (joint_seq rtl_params globals)) ≝
  λis_unsigned,globals,destrs,srcrs1,srcrs2,srcrs_prf.
  if is_unsigned then
    translate_lt_unsigned globals destrs srcrs1 srcrs2 srcrs_prf
  else
    translate_lt_signed globals destrs srcrs1 srcrs2 srcrs_prf.

definition translate_cmp ≝
  λis_unsigned,globals,cmp,destrs,srcrs1,srcrs2,srcrs_prf.
  match cmp with
  [ Ceq ⇒
    translate_ne globals destrs srcrs1 srcrs2 srcrs_prf @@
    translate_toggle_bool globals destrs
  | Cne ⇒
    translate_ne globals destrs srcrs1 srcrs2 srcrs_prf
  | Clt ⇒
    translate_lt is_unsigned globals destrs srcrs1 srcrs2 srcrs_prf
  | Cgt ⇒
    translate_lt is_unsigned globals destrs srcrs2 srcrs1 ?
  | Cle ⇒
    translate_lt is_unsigned globals destrs srcrs2 srcrs1 ? @@
    translate_toggle_bool globals destrs
  | Cge ⇒
    translate_lt is_unsigned globals destrs srcrs1 srcrs2 srcrs_prf @@
    translate_toggle_bool globals destrs
  ].
// qed.

definition translate_op2 :
  ∀globals.∀ty1,ty2,ty3.∀op : binary_operation ty1 ty2 ty3.
  ∀destrs : list register.
  ∀srcrs1,srcrs2 : list rtl_argument.
  |destrs| = size_of_sig_type ty3 →
  |srcrs1| = size_of_sig_type ty1 →
  |srcrs2| = size_of_sig_type ty2 →
  bind_new (localsT rtl_params) (list (joint_seq rtl_params globals)) ≝
  λglobals,ty1,ty2,ty3,op2,destrs,srcrs1,srcrs2.
  match op2 return λty1,ty2,ty3.λx : binary_operation ty1 ty2 ty3.
    ? = size_of_sig_type ty3 → ? = size_of_sig_type ty1 → ? = size_of_sig_type ty2 →
    bind_new ?? with
  [ Oadd sz sg ⇒ λprf1,prf2,prf3.
    translate_op globals Add destrs srcrs1 srcrs2 ??
  | Oaddp sz r ⇒ λprf1,prf2,prf3.
    let is_Oaddp ≝ 0 in
    translate_op globals Add destrs srcrs1 srcrs2 ??
  | Osub sz sg ⇒ λprf1,prf2,prf2.
    translate_op globals Sub destrs srcrs1 srcrs2 ??
  | Osubpi sz r ⇒ λprf1,prf2,prf3.
    let is_Osubpi ≝ 0 in
    translate_op globals Sub destrs srcrs1 srcrs2 ??
  | Osubpp sz r1 r2 ⇒ λprf1,prf2,prf3.
    let is_Osubpp ≝ 0 in
    translate_op globals Sub destrs srcrs1 srcrs2 ??
  | Omul sz sg ⇒ λprf1,prf2,prf3.
    translate_mul globals destrs srcrs1 srcrs2 ??
  | Odivu sz ⇒ λprf1,prf2,prf3.
    translate_divumodu8 globals true destrs srcrs1 srcrs2 ??
  | Omodu sz ⇒ λprf1,prf2,prf3.
    translate_divumodu8 globals false destrs srcrs1 srcrs2 ??
  | Oand sz sg ⇒ λprf1,prf2,prf3.
    translate_op globals And destrs srcrs1 srcrs2 ??
  | Oor sz sg ⇒ λprf1,prf2,prf3.
    translate_op globals Or destrs srcrs1 srcrs2 ??
  | Oxor sz sg ⇒ λprf1,prf2,prf3.
    translate_op globals Xor destrs srcrs1 srcrs2 ??
  | Ocmp sz sg1 sg2 c ⇒ λprf1,prf2,prf3.
    translate_cmp false globals c destrs srcrs1 srcrs2 ?
  | Ocmpu sz sg c ⇒ λprf1,prf2,prf3.
    translate_cmp true globals c destrs srcrs1 srcrs2 ?
  | Ocmpp r sg c ⇒ λprf1,prf2,prf3.
    let is_Ocmpp ≝ 0 in
    translate_cmp true globals c destrs srcrs1 srcrs2 ?
  | _ ⇒ ⊥ (* assert false, implemented in run time or float op *)
  ]. // try @not_implemented
  (* pointer arithmetics is broken at the moment *)
  cases daemon
  qed.

definition translate_cond: ∀globals: list ident. list register → label →
  bind_seq_block rtl_params globals (joint_step rtl_params globals) ≝
  λglobals: list ident.
  λsrcrs: list register.
  λlbl_true: label.
  match srcrs return λ_.bind_seq_block rtl_params ? (joint_step ??) with
  [ nil ⇒ bret … 〈[ ], NOOP ??〉
  | cons srcr srcrs' ⇒
    ν tmpr in
    let f : register → joint_seq rtl_params globals ≝
      λr. tmpr ← tmpr .Or. r in 
    bret … 〈MOVE rtl_params globals 〈tmpr,srcr〉 ::
    map ?? f srcrs', (COND … tmpr lbl_true : joint_step ??) 〉
  ].

(* Paolo: to be controlled (original seemed overly complex) *)
definition translate_load : ∀globals.?→?→?→bind_new (localsT rtl_params) ? ≝
  λglobals: list ident.
  λaddr : list rtl_argument.
  λaddr_prf: 2 = |addr|.
  λdestrs: list register.
  ν tmp_addr_l in
  ν tmp_addr_h in
  let f ≝ λdestr : register.λacc : list (joint_seq rtl_params globals).
    LOAD rtl_params globals destr (Reg tmp_addr_l) (Reg tmp_addr_h) ::
    translate_op … Add
      [tmp_addr_l ; tmp_addr_h]
      [Reg tmp_addr_l ; Reg tmp_addr_h]
      [imm_nat 0 ; Imm int_size] ? ? @ acc in
  translate_move … [tmp_addr_l ; tmp_addr_h] addr ? @@
  foldr … f [ ] destrs.
[1: <addr_prf] // qed.
  
definition translate_store : ∀globals.?→?→?→bind_new (localsT rtl_params) ? ≝
  λglobals: list ident.
  λaddr : list rtl_argument.
  λaddr_prf: 2 = |addr|.
  λsrcrs: list rtl_argument.
  ν tmp_addr_l in
  ν tmp_addr_h in
  let f ≝ λsrcr : rtl_argument.λacc : list (joint_seq rtl_params globals).
    STORE rtl_params globals (Reg tmp_addr_l) (Reg tmp_addr_h) srcr ::
    translate_op … Add
      [tmp_addr_l ; tmp_addr_h]
      [Reg tmp_addr_l ; Reg tmp_addr_h]
      [imm_nat 0 ; Imm int_size] ? ? @ acc in
  translate_move … [tmp_addr_l ; tmp_addr_h] addr ? @@
  foldr … f [ ] srcrs.
[1: <addr_prf] // qed.

definition translate_statement : ∀globals.local_env → statement →
  𝚺b :
  bind_seq_block rtl_params globals (joint_step rtl_params globals) +
  bind_seq_block rtl_params globals (joint_fin_step rtl_params).
  if is_inl … b then label else unit ≝
  λglobals,lenv,stmt.
  (*λstmt_typed : TODO*)
  match stmt return λ_.𝚺b:bind_seq_block ???+bind_seq_block ???.if is_inl … b then label else unit with
  [ St_skip lbl' ⇒
    ❬NOOP ??, lbl'❭
  | St_cost cost_lbl lbl' ⇒
    ❬COST_LABEL … cost_lbl, lbl'❭
  | St_const ty destr cst lbl' ⇒
    ❬translate_cst ty globals cst (find_local_env destr lenv ?) ?, lbl'❭
  | St_op1 ty ty' op1 destr srcr lbl' ⇒
    ❬translate_op1 globals ty' ty op1
      (find_local_env destr lenv ?)
      (find_local_env srcr lenv ?) ??, lbl'❭
  | St_op2 ty1 ty2 ty3 op2 destr srcr1 srcr2 lbl' ⇒
    ❬translate_op2 globals … op2
      (find_local_env destr lenv ?)
      (find_local_env_arg srcr1 lenv ?)
      (find_local_env_arg srcr2 lenv ?) ???, lbl'❭
    (* XXX: should we be ignoring this? *)
  | St_load ignore addr destr lbl' ⇒
    ❬translate_load globals
      (find_local_env_arg addr lenv ?) ? (find_local_env destr lenv ?), lbl'❭
    (* XXX: should we be ignoring this? *)
  | St_store ignore addr srcr lbl' ⇒
    ❬translate_store globals (find_local_env_arg addr lenv ?) ?
      (find_local_env_arg srcr lenv ?), lbl'❭
  | St_call_id f args retr lbl' ⇒
    ❬(match retr with
      [ Some retr ⇒
        CALL_ID rtl_params ? f (rtl_args args lenv ?) (find_local_env retr lenv ?)
      | None ⇒
        CALL_ID rtl_params ? f (rtl_args args lenv ?) [ ]
      ] : bind_seq_block ???), lbl'❭
  | St_call_ptr f args retr lbl' ⇒
    let fs ≝ find_and_addr f lenv ?? in
    ❬(rtl_call_ptr (\fst fs) (\snd fs) (rtl_args args lenv ?)
      (match retr with
       [ Some retr ⇒
         find_local_env retr lenv ?
       | None ⇒ [ ]
       ]) : joint_step ??), lbl'❭
  | St_cond r lbl_true lbl_false ⇒
    ❬translate_cond globals (find_local_env r lenv ?) lbl_true, lbl_false❭
  | St_jumptable r l ⇒  ? (* assert false: not implemented yet *)
  | St_return ⇒ ❬RETURN ?, it❭
  ].
  [*: cases daemon
  (* TODO: proofs regarding lengths of lists, examine! *)
  ]
qed.

lemma initialize_local_env_in : ∀l,runiverse,r.
  Exists ? (λx.\fst x = r) l → r ∈ \snd (initialize_local_env l runiverse).
#l #U #r @(list_elim_left … l)
[ *
| * #tl #sig #hd #IH #G elim (Exists_append … G) -G
  whd in match initialize_local_env; normalize nodelta
  >foldl_step change with (initialize_local_env ??) in match (foldl ?????);
  [ #H lapply (IH H)
  | * [2: *] #EQ destruct(EQ)
  ]  
  cases (initialize_local_env ??)
  #U' #env' [#G] whd in match initialize_local_env_internal; normalize nodelta
  elim (register_freshes ??) #U'' #rs
  [ >mem_set_add @orb_Prop_r assumption
  | @mem_set_add_id
  ]
qed.

definition proj1_rewrite : ∀A,B,a,b.∀pr : A×B.〈a,b〉 = pr → a = \fst pr.
// qed.
definition proj2_rewrite : ∀A,B,a,b.∀pr : A×B.〈a,b〉 = pr → b = \snd pr.
// qed.


(* XXX: we use a "hack" here to circumvent the proof obligations required to
   create res, an empty internal_function record.  we insert into our graph
   the start and end nodes to ensure that they are in, and place dummy
   skip instructions at these nodes. *)
definition translate_internal ≝
  λglobals: list ident.
  λdef.
  let runiverse ≝ f_reggen def in
  let 〈runiverse',lenv〉 as pr_eq ≝ initialize_local_env
    (match f_result def with [ None ⇒ [ ] | Some r_sig ⇒ [r_sig]] @
     f_params def @ f_locals def) runiverse in
  let params' ≝ map_list_local_env lenv (f_params def) ? in
  let locals' ≝ map_list_local_env lenv (f_locals def) ? in
  let result' ≝
    match (f_result def) return λx.f_result def = x → ? with
    [ None ⇒ λ_.[ ]
    | Some r_typ ⇒ λEQ.
       find_local_env (\fst r_typ) lenv ?
    ] (refl …)
  in
  let luniverse' ≝ f_labgen def in
  let stack_size' ≝ f_stacksize def in
  let entry' ≝ f_entry def in
  let exit' ≝ f_exit def in
  let graph' ≝ empty_map LabelTag (joint_statement rtl_params globals) in
  let graph' ≝ add LabelTag ? graph' entry'
    (GOTO … exit') in 
  let graph' ≝ add LabelTag ? graph' exit'
    (RETURN …) in
  let f_trans ≝ λlbl,stmt,def.
    let pr ≝ translate_statement … lenv stmt in
    b_adds_graph … (rtl_ertl_fresh_reg …) (dpi1 … pr) lbl (dpi2 … pr) def in
  let res ≝
    mk_joint_internal_function globals rtl_params luniverse' runiverse' result' params'
     locals' stack_size' graph' (pi1 … entry') (pi1 … exit') in
    foldi … f_trans (f_graph def) res.  
    
[1,2: >graph_code_has_point @map_mem_prop [@graph_add_lookup] @graph_add
| >(proj2_rewrite ????? pr_eq)
  @initialize_local_env_in >EQ normalize nodelta %1 %
|*: >(proj2_rewrite ????? pr_eq)
  @(All_mp ??? (λpr.initialize_local_env_in ?? (\fst pr)))
  [ @(All_mp … (λpr.Exists ? (λx.\fst x = \fst pr) (f_locals def)))
    [ #a #H @Exists_append_r @Exists_append_r @H
    | generalize in match (f_locals def);
    ]
  | @(All_mp … (λpr.Exists ? (λx.\fst x = \fst pr) (f_params def)))
    [ #a #H @Exists_append_r @Exists_append_l @H
    | generalize in match (f_params def);
    ]
  ]
  #l elim l [1,3: %] #hd #tl #IH % [1,3: %1 %] @(All_mp … IH) #x #G %2{G}
]
qed.

(*CSC: here we are not doing any alignment on variables, like it is done in OCaml
  because of CompCert heritage *)
definition rtlabs_to_rtl: RTLabs_program → rtl_program ≝
 λp. transform_program … p (λvarnames. transf_fundef … (translate_internal varnames)).