diff options
Diffstat (limited to 'arm')
-rw-r--r-- | arm/SelectOp.vp | 73 | ||||
-rw-r--r-- | arm/SelectOpproof.v | 145 |
2 files changed, 105 insertions, 113 deletions
diff --git a/arm/SelectOp.vp b/arm/SelectOp.vp index 9296ce62..255c97c1 100644 --- a/arm/SelectOp.vp +++ b/arm/SelectOp.vp @@ -68,34 +68,6 @@ Nondetfunction notint (e: expr) := | _ => Eop Onot (e:::Enil) end. -(** ** Boolean value and boolean negation *) - -Fixpoint boolval (e: expr) {struct e} : expr := - let default := Eop (Ocmp (Ccompuimm Cne Int.zero)) (e ::: Enil) in - match e with - | Eop (Ointconst n) Enil => - Eop (Ointconst (if Int.eq n Int.zero then Int.zero else Int.one)) Enil - | Eop (Ocmp cond) args => - Eop (Ocmp cond) args - | Econdition e1 e2 e3 => - Econdition e1 (boolval e2) (boolval e3) - | _ => - default - end. - -Fixpoint notbool (e: expr) {struct e} : expr := - let default := Eop (Ocmp (Ccompuimm Ceq Int.zero)) (e ::: Enil) in - match e with - | Eop (Ointconst n) Enil => - Eop (Ointconst (if Int.eq n Int.zero then Int.one else Int.zero)) Enil - | Eop (Ocmp cond) args => - Eop (Ocmp (negate_condition cond)) args - | Econdition e1 e2 e3 => - Econdition e1 (notbool e2) (notbool e3) - | _ => - default - end. - (** ** Integer addition and pointer addition *) Nondetfunction addimm (n: int) (e: expr) := @@ -360,32 +332,48 @@ Definition divf (e1 e2: expr) := Eop Odivf (e1 ::: e2 ::: Enil). (** ** Comparisons *) +Nondetfunction compimm (default: comparison -> int -> condition) + (sem: comparison -> int -> int -> bool) + (c: comparison) (e1: expr) (n2: int) := + match c, e1 with + | c, Eop (Ointconst n1) Enil => + Eop (Ointconst (if sem c n1 n2 then Int.one else Int.zero)) Enil + | Ceq, Eop (Ocmp c) el => + if Int.eq_dec n2 Int.zero then + Eop (Ocmp (negate_condition c)) el + else if Int.eq_dec n2 Int.one then + Eop (Ocmp c) el + else + Eop (Ointconst Int.zero) Enil + | Cne, Eop (Ocmp c) el => + if Int.eq_dec n2 Int.zero then + Eop (Ocmp c) el + else if Int.eq_dec n2 Int.one then + Eop (Ocmp (negate_condition c)) el + else + Eop (Ointconst Int.one) Enil + | _, _ => + Eop (Ocmp (default c n2)) (e1 ::: Enil) + end. + Nondetfunction comp (c: comparison) (e1: expr) (e2: expr) := match e1, e2 with | Eop (Ointconst n1) Enil, t2 => - Eop (Ocmp (Ccompimm (swap_comparison c) n1)) (t2:::Enil) + compimm Ccompimm Int.cmp (swap_comparison c) t2 n1 | t1, Eop (Ointconst n2) Enil => - Eop (Ocmp (Ccompimm c n2)) (t1:::Enil) - | Eop (Oshift s) (t1:::Enil), t2 => - Eop (Ocmp (Ccompshift (swap_comparison c) s)) (t2:::t1:::Enil) - | t1, Eop (Oshift s) (t2:::Enil) => - Eop (Ocmp (Ccompshift c s)) (t1:::t2:::Enil) + compimm Ccompimm Int.cmp c t1 n2 | _, _ => - Eop (Ocmp (Ccomp c)) (e1:::e2:::Enil) + Eop (Ocmp (Ccomp c)) (e1 ::: e2 ::: Enil) end. Nondetfunction compu (c: comparison) (e1: expr) (e2: expr) := match e1, e2 with | Eop (Ointconst n1) Enil, t2 => - Eop (Ocmp (Ccompuimm (swap_comparison c) n1)) (t2:::Enil) + compimm Ccompuimm Int.cmpu (swap_comparison c) t2 n1 | t1, Eop (Ointconst n2) Enil => - Eop (Ocmp (Ccompuimm c n2)) (t1:::Enil) - | Eop (Oshift s) (t1:::Enil), t2 => - Eop (Ocmp (Ccompushift (swap_comparison c) s)) (t2:::t1:::Enil) - | t1, Eop (Oshift s) (t2:::Enil) => - Eop (Ocmp (Ccompushift c s)) (t1:::t2:::Enil) + compimm Ccompuimm Int.cmpu c t1 n2 | _, _ => - Eop (Ocmp (Ccompu c)) (e1:::e2:::Enil) + Eop (Ocmp (Ccompu c)) (e1 ::: e2 ::: Enil) end. Definition compf (c: comparison) (e1: expr) (e2: expr) := @@ -456,4 +444,3 @@ Nondetfunction addressing (chunk: memory_chunk) (e: expr) := | _ => (Aindexed Int.zero, e:::Enil) end. -Definition cond_of_expr (e: expr) := (Ccompuimm Cne Int.zero, e:::Enil). diff --git a/arm/SelectOpproof.v b/arm/SelectOpproof.v index dc4fb54d..a72913d3 100644 --- a/arm/SelectOpproof.v +++ b/arm/SelectOpproof.v @@ -141,53 +141,6 @@ Proof. TrivialExists. Qed. -Theorem eval_boolval: unary_constructor_sound boolval Val.boolval. -Proof. - assert (DFL: - forall le a x, - eval_expr ge sp e m le a x -> - exists v, eval_expr ge sp e m le (Eop (Ocmp (Ccompuimm Cne Int.zero)) (a ::: Enil)) v - /\ Val.lessdef (Val.boolval x) v). - intros. TrivialExists. simpl. destruct x; simpl; auto. - - red. induction a; simpl; intros; eauto. destruct o; eauto. -(* intconst *) - destruct e0; eauto. InvEval. TrivialExists. simpl. destruct (Int.eq i Int.zero); auto. -(* cmp *) - inv H. simpl in H5. - destruct (eval_condition c vl m) as []_eqn. - TrivialExists. simpl. inv H5. rewrite Heqo. destruct b; auto. - simpl in H5. inv H5. - exists Vundef; split; auto. EvalOp; simpl. rewrite Heqo; auto. - -(* condition *) - inv H. destruct v1. - exploit IHa1; eauto. intros [v [A B]]. exists v; split; auto. eapply eval_Econdition; eauto. - exploit IHa2; eauto. intros [v [A B]]. exists v; split; auto. eapply eval_Econdition; eauto. -Qed. - -Theorem eval_notbool: unary_constructor_sound notbool Val.notbool. -Proof. - assert (DFL: - forall le a x, - eval_expr ge sp e m le a x -> - exists v, eval_expr ge sp e m le (Eop (Ocmp (Ccompuimm Ceq Int.zero)) (a ::: Enil)) v - /\ Val.lessdef (Val.notbool x) v). - intros. TrivialExists. simpl. destruct x; simpl; auto. - - red. induction a; simpl; intros; eauto. destruct o; eauto. -(* intconst *) - destruct e0; eauto. InvEval. TrivialExists. simpl. destruct (Int.eq i Int.zero); auto. -(* cmp *) - inv H. simpl in H5. inv H5. - TrivialExists. simpl. rewrite eval_negate_condition. - destruct (eval_condition c vl m); auto. destruct b; auto. -(* condition *) - inv H. destruct v1. - exploit IHa1; eauto. intros [v [A B]]. exists v; split; auto. eapply eval_Econdition; eauto. - exploit IHa2; eauto. intros [v [A B]]. exists v; split; auto. eapply eval_Econdition; eauto. -Qed. - Theorem eval_addimm: forall n, unary_constructor_sound (addimm n) (fun x => Val.add x (Vint n)). Proof. @@ -640,14 +593,82 @@ Proof. red; intros; TrivialExists. Qed. +Section COMP_IMM. + +Variable default: comparison -> int -> condition. +Variable intsem: comparison -> int -> int -> bool. +Variable sem: comparison -> val -> val -> val. + +Hypothesis sem_int: forall c x y, sem c (Vint x) (Vint y) = Val.of_bool (intsem c x y). +Hypothesis sem_undef: forall c v, sem c Vundef v = Vundef. +Hypothesis sem_eq: forall x y, sem Ceq (Vint x) (Vint y) = Val.of_bool (Int.eq x y). +Hypothesis sem_ne: forall x y, sem Cne (Vint x) (Vint y) = Val.of_bool (negb (Int.eq x y)). +Hypothesis sem_default: forall c v n, sem c v (Vint n) = Val.of_optbool (eval_condition (default c n) (v :: nil) m). + +Lemma eval_compimm: + forall le c a n2 x, + eval_expr ge sp e m le a x -> + exists v, eval_expr ge sp e m le (compimm default intsem c a n2) v + /\ Val.lessdef (sem c x (Vint n2)) v. +Proof. + intros until x. + unfold compimm; case (compimm_match c a); intros. +(* constant *) + InvEval. rewrite sem_int. TrivialExists. simpl. destruct (intsem c0 n1 n2); auto. +(* eq cmp *) + InvEval. inv H. simpl in H5. inv H5. + destruct (Int.eq_dec n2 Int.zero). subst n2. TrivialExists. + simpl. rewrite eval_negate_condition. + destruct (eval_condition c0 vl m); simpl. + unfold Vtrue, Vfalse. destruct b; simpl; rewrite sem_eq; auto. + rewrite sem_undef; auto. + destruct (Int.eq_dec n2 Int.one). subst n2. TrivialExists. + simpl. destruct (eval_condition c0 vl m); simpl. + unfold Vtrue, Vfalse. destruct b; simpl; rewrite sem_eq; auto. + rewrite sem_undef; auto. + exists (Vint Int.zero); split. EvalOp. + destruct (eval_condition c0 vl m); simpl. + unfold Vtrue, Vfalse. destruct b; rewrite sem_eq; rewrite Int.eq_false; auto. + rewrite sem_undef; auto. +(* ne cmp *) + InvEval. inv H. simpl in H5. inv H5. + destruct (Int.eq_dec n2 Int.zero). subst n2. TrivialExists. + simpl. destruct (eval_condition c0 vl m); simpl. + unfold Vtrue, Vfalse. destruct b; simpl; rewrite sem_ne; auto. + rewrite sem_undef; auto. + destruct (Int.eq_dec n2 Int.one). subst n2. TrivialExists. + simpl. rewrite eval_negate_condition. destruct (eval_condition c0 vl m); simpl. + unfold Vtrue, Vfalse. destruct b; simpl; rewrite sem_ne; auto. + rewrite sem_undef; auto. + exists (Vint Int.one); split. EvalOp. + destruct (eval_condition c0 vl m); simpl. + unfold Vtrue, Vfalse. destruct b; rewrite sem_ne; rewrite Int.eq_false; auto. + rewrite sem_undef; auto. +(* default *) + TrivialExists. simpl. rewrite sem_default. auto. +Qed. + +Hypothesis sem_swap: + forall c x y, sem (swap_comparison c) x y = sem c y x. + +Lemma eval_compimm_swap: + forall le c a n2 x, + eval_expr ge sp e m le a x -> + exists v, eval_expr ge sp e m le (compimm default intsem (swap_comparison c) a n2) v + /\ Val.lessdef (sem c (Vint n2) x) v. +Proof. + intros. rewrite <- sem_swap. eapply eval_compimm; eauto. +Qed. + +End COMP_IMM. + Theorem eval_comp: forall c, binary_constructor_sound (comp c) (Val.cmp c). Proof. intros; red; intros until y. unfold comp; case (comp_match a b); intros; InvEval. - TrivialExists. simpl. rewrite Val.swap_cmp_bool. auto. - TrivialExists. - subst. TrivialExists. simpl. rewrite Val.swap_cmp_bool. auto. - subst. TrivialExists. + eapply eval_compimm_swap; eauto. + intros. unfold Val.cmp. rewrite Val.swap_cmp_bool; auto. + eapply eval_compimm; eauto. TrivialExists. Qed. @@ -655,10 +676,9 @@ Theorem eval_compu: forall c, binary_constructor_sound (compu c) (Val.cmpu (Mem.valid_pointer m) c). Proof. intros; red; intros until y. unfold compu; case (compu_match a b); intros; InvEval. - TrivialExists. simpl. rewrite Val.swap_cmpu_bool. auto. - TrivialExists. - subst. TrivialExists. simpl. rewrite Val.swap_cmpu_bool. auto. - subst. TrivialExists. + eapply eval_compimm_swap; eauto. + intros. unfold Val.cmpu. rewrite Val.swap_cmpu_bool; auto. + eapply eval_compimm; eauto. TrivialExists. Qed. @@ -765,19 +785,4 @@ Proof. exists (v :: nil); split. eauto with evalexpr. subst. simpl. rewrite Int.add_zero; auto. Qed. -Theorem eval_cond_of_expr: - forall le a v b, - eval_expr ge sp e m le a v -> - Val.bool_of_val v b -> - match cond_of_expr a with (cond, args) => - exists vl, - eval_exprlist ge sp e m le args vl /\ - eval_condition cond vl m = Some b - end. -Proof. - intros. unfold cond_of_expr; simpl. - exists (v :: nil); split; auto with evalexpr. - simpl. inversion H0; simpl. rewrite Int.eq_false; auto. auto. auto. -Qed. - End CMCONSTR. |