From 2ae43be7b9d4118335c9d2cef6e098f9b9f807fe Mon Sep 17 00:00:00 2001 From: xleroy Date: Thu, 9 Feb 2006 14:55:48 +0000 Subject: Initial import of compcert git-svn-id: https://yquem.inria.fr/compcert/svn/compcert/trunk@1 fca1b0fc-160b-0410-b1d3-a4f43f01ea2e --- .depend | 64 + .globfile | 75292 ++++++++++++++++++++++++++++++++++++++++ Makefile | 75 + backend/AST.v | 216 + backend/Allocation.v | 418 + backend/Allocproof.v | 1827 + backend/Allocproof_aux.v | 850 + backend/Alloctyping.v | 509 + backend/Alloctyping_aux.v | 895 + backend/CSE.v | 420 + backend/CSEproof.v | 845 + backend/Cmconstr.v | 911 + backend/Cmconstrproof.v | 1154 + backend/Cminor.v | 348 + backend/Cminorgen.v | 398 + backend/Cminorgenproof.v | 2409 ++ backend/Coloring.v | 267 + backend/Coloringproof.v | 845 + backend/Constprop.v | 1032 + backend/Constpropproof.v | 883 + backend/Conventions.v | 690 + backend/Csharpminor.v | 511 + backend/Globalenvs.v | 587 + backend/InterfGraph.v | 310 + backend/Kildall.v | 1231 + backend/LTL.v | 357 + backend/LTLtyping.v | 93 + backend/Linear.v | 203 + backend/Linearize.v | 212 + backend/Linearizeproof.v | 711 + backend/Linearizetyping.v | 340 + backend/Lineartyping.v | 254 + backend/Locations.v | 476 + backend/Mach.v | 295 + backend/Machabstr.v | 371 + backend/Machabstr2mach.v | 1120 + backend/Machtyping.v | 367 + backend/Main.v | 307 + backend/Mem.v | 2253 ++ backend/Op.v | 691 + backend/PPC.v | 775 + backend/PPCgen.v | 514 + backend/PPCgenproof.v | 1242 + backend/PPCgenproof1.v | 1566 + backend/Parallelmove.v | 2529 ++ backend/RTL.v | 349 + backend/RTLgen.v | 473 + backend/RTLgenproof.v | 1302 + backend/RTLgenproof1.v | 1463 + backend/RTLtyping.v | 1277 + backend/Registers.v | 49 + backend/Stacking.v | 226 + backend/Stackingproof.v | 1610 + backend/Stackingtyping.v | 222 + backend/Tunneling.v | 131 + backend/Tunnelingproof.v | 311 + backend/Tunnelingtyping.v | 44 + backend/Values.v | 888 + caml/Allocationaux.ml | 39 + caml/Allocationaux.mli | 5 + caml/CMlexer.mli | 4 + caml/CMlexer.mll | 112 + caml/CMparser.mly | 327 + caml/Camlcoq.ml | 98 + caml/Coloringaux.ml | 615 + caml/Coloringaux.mli | 8 + caml/Floataux.ml | 23 + caml/Main2.ml | 34 + caml/PrintPPC.ml | 336 + caml/PrintPPC.mli | 1 + caml/RTLgenaux.ml | 3 + ccomp | Bin 0 -> 2961610 bytes doc/compcert.html | 250 + doc/index.html | 8295 +++++ doc/removeproofs | 8 + doc/style.css | 32 + extraction/.depend | 395 + extraction/Kildall.ml.patch | 22 + extraction/Linearize.ml.patch | 22 + extraction/Makefile | 91 + extraction/extraction.v | 53 + extraction/uncapitalize | 6 + lib/Coqlib.v | 709 + lib/Floats.v | 55 + lib/Inclusion.v | 367 + lib/Integers.v | 2184 ++ lib/Lattice.v | 331 + lib/Maps.v | 1034 + lib/Ordered.v | 156 + lib/Sets.v | 190 + lib/union_find.v | 537 + test/cminor/Makefile | 76 + test/cminor/aes.cmp | 364 + test/cminor/almabench.cmp | 159 + test/cminor/fft.cm | 149 + test/cminor/fib.cm | 7 + test/cminor/integr.cm | 25 + test/cminor/manyargs.cm | 53 + test/cminor/qsort.cm | 30 + test/cminor/sha1.cmp | 189 + test/harness/mainaes.c | 739 + test/harness/mainalmabench.c | 185 + test/harness/mainfft.c | 72 + test/harness/mainfib.c | 13 + test/harness/mainintegr.c | 13 + test/harness/mainmanyargs.c | 13 + test/harness/mainqsort.c | 36 + test/harness/mainsha1.c | 75 + test/lib/staticlib.S | 26 + 109 files changed, 134574 insertions(+) create mode 100644 .depend create mode 100644 .globfile create mode 100644 Makefile create mode 100644 backend/AST.v create mode 100644 backend/Allocation.v create mode 100644 backend/Allocproof.v create mode 100644 backend/Allocproof_aux.v create mode 100644 backend/Alloctyping.v create mode 100644 backend/Alloctyping_aux.v create mode 100644 backend/CSE.v create mode 100644 backend/CSEproof.v create mode 100644 backend/Cmconstr.v create mode 100644 backend/Cmconstrproof.v create mode 100644 backend/Cminor.v create mode 100644 backend/Cminorgen.v create mode 100644 backend/Cminorgenproof.v create mode 100644 backend/Coloring.v create mode 100644 backend/Coloringproof.v create mode 100644 backend/Constprop.v create mode 100644 backend/Constpropproof.v create mode 100644 backend/Conventions.v create mode 100644 backend/Csharpminor.v create mode 100644 backend/Globalenvs.v create mode 100644 backend/InterfGraph.v create mode 100644 backend/Kildall.v create mode 100644 backend/LTL.v create mode 100644 backend/LTLtyping.v create mode 100644 backend/Linear.v create mode 100644 backend/Linearize.v create mode 100644 backend/Linearizeproof.v create mode 100644 backend/Linearizetyping.v create mode 100644 backend/Lineartyping.v create mode 100644 backend/Locations.v create mode 100644 backend/Mach.v create mode 100644 backend/Machabstr.v create mode 100644 backend/Machabstr2mach.v create mode 100644 backend/Machtyping.v create mode 100644 backend/Main.v create mode 100644 backend/Mem.v create mode 100644 backend/Op.v create mode 100644 backend/PPC.v create mode 100644 backend/PPCgen.v create mode 100644 backend/PPCgenproof.v create mode 100644 backend/PPCgenproof1.v create mode 100644 backend/Parallelmove.v create mode 100644 backend/RTL.v create mode 100644 backend/RTLgen.v create mode 100644 backend/RTLgenproof.v create mode 100644 backend/RTLgenproof1.v create mode 100644 backend/RTLtyping.v create mode 100644 backend/Registers.v create mode 100644 backend/Stacking.v create mode 100644 backend/Stackingproof.v create mode 100644 backend/Stackingtyping.v create mode 100644 backend/Tunneling.v create mode 100644 backend/Tunnelingproof.v create mode 100644 backend/Tunnelingtyping.v create mode 100644 backend/Values.v create mode 100644 caml/Allocationaux.ml create mode 100644 caml/Allocationaux.mli create mode 100644 caml/CMlexer.mli create mode 100644 caml/CMlexer.mll create mode 100644 caml/CMparser.mly create mode 100644 caml/Camlcoq.ml create mode 100644 caml/Coloringaux.ml create mode 100644 caml/Coloringaux.mli create mode 100644 caml/Floataux.ml create mode 100644 caml/Main2.ml create mode 100644 caml/PrintPPC.ml create mode 100644 caml/PrintPPC.mli create mode 100644 caml/RTLgenaux.ml create mode 100755 ccomp create mode 100644 doc/compcert.html create mode 100644 doc/index.html create mode 100755 doc/removeproofs create mode 100644 doc/style.css create mode 100644 extraction/.depend create mode 100644 extraction/Kildall.ml.patch create mode 100644 extraction/Linearize.ml.patch create mode 100644 extraction/Makefile create mode 100644 extraction/extraction.v create mode 100755 extraction/uncapitalize create mode 100644 lib/Coqlib.v create mode 100644 lib/Floats.v create mode 100644 lib/Inclusion.v create mode 100644 lib/Integers.v create mode 100644 lib/Lattice.v create mode 100644 lib/Maps.v create mode 100644 lib/Ordered.v create mode 100644 lib/Sets.v create mode 100644 lib/union_find.v create mode 100644 test/cminor/Makefile create mode 100644 test/cminor/aes.cmp create mode 100644 test/cminor/almabench.cmp create mode 100644 test/cminor/fft.cm create mode 100644 test/cminor/fib.cm create mode 100644 test/cminor/integr.cm create mode 100644 test/cminor/manyargs.cm create mode 100644 test/cminor/qsort.cm create mode 100644 test/cminor/sha1.cmp create mode 100644 test/harness/mainaes.c create mode 100644 test/harness/mainalmabench.c create mode 100644 test/harness/mainfft.c create mode 100644 test/harness/mainfib.c create mode 100644 test/harness/mainintegr.c create mode 100644 test/harness/mainmanyargs.c create mode 100644 test/harness/mainqsort.c create mode 100644 test/harness/mainsha1.c create mode 100644 test/lib/staticlib.S diff --git a/.depend b/.depend new file mode 100644 index 00000000..dc2aa641 --- /dev/null +++ b/.depend @@ -0,0 +1,64 @@ +lib/Coqlib.vo: lib/Coqlib.v +lib/Maps.vo: lib/Maps.v lib/Coqlib.vo +lib/Sets.vo: lib/Sets.v lib/Coqlib.vo lib/Maps.vo lib/Lattice.vo +lib/union_find.vo: lib/union_find.v +lib/Inclusion.vo: lib/Inclusion.v +lib/Lattice.vo: lib/Lattice.v lib/Coqlib.vo lib/Maps.vo +lib/Ordered.vo: lib/Ordered.v lib/Coqlib.vo lib/Maps.vo +lib/Integers.vo: lib/Integers.v lib/Coqlib.vo backend/AST.vo +lib/Floats.vo: lib/Floats.v backend/AST.vo lib/Integers.vo +backend/AST.vo: backend/AST.v lib/Coqlib.vo +backend/Values.vo: backend/Values.v lib/Coqlib.vo backend/AST.vo lib/Integers.vo lib/Floats.vo +backend/Mem.vo: backend/Mem.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo +backend/Globalenvs.vo: backend/Globalenvs.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Values.vo backend/Mem.vo +backend/Op.vo: backend/Op.v lib/Coqlib.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo +backend/Cminor.vo: backend/Cminor.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Mem.vo backend/Op.vo backend/Globalenvs.vo +backend/Cmconstr.vo: backend/Cmconstr.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Mem.vo backend/Op.vo backend/Globalenvs.vo backend/Cminor.vo +backend/Cmconstrproof.vo: backend/Cmconstrproof.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Mem.vo backend/Op.vo backend/Globalenvs.vo backend/Cminor.vo backend/Cmconstr.vo +backend/Csharpminor.vo: backend/Csharpminor.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo +backend/Cminorgen.vo: backend/Cminorgen.v lib/Coqlib.vo lib/Maps.vo lib/Sets.vo backend/AST.vo lib/Integers.vo backend/Mem.vo backend/Csharpminor.vo backend/Op.vo backend/Cminor.vo backend/Cmconstr.vo +backend/Cminorgenproof.vo: backend/Cminorgenproof.v lib/Coqlib.vo lib/Maps.vo lib/Sets.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Csharpminor.vo backend/Op.vo backend/Cminor.vo backend/Cmconstr.vo backend/Cminorgen.vo backend/Cmconstrproof.vo +backend/Registers.vo: backend/Registers.v lib/Coqlib.vo backend/AST.vo lib/Maps.vo lib/Sets.vo +backend/RTL.vo: backend/RTL.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Registers.vo +backend/RTLgen.vo: backend/RTLgen.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Values.vo backend/Op.vo backend/Registers.vo backend/Cminor.vo backend/RTL.vo +backend/RTLgenproof1.vo: backend/RTLgenproof1.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Registers.vo backend/Cminor.vo backend/RTL.vo backend/RTLgen.vo +backend/RTLgenproof.vo: backend/RTLgenproof.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Registers.vo backend/Cminor.vo backend/RTL.vo backend/RTLgen.vo backend/RTLgenproof1.vo +backend/RTLtyping.vo: backend/RTLtyping.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Op.vo backend/Registers.vo backend/RTL.vo lib/union_find.vo backend/Globalenvs.vo backend/Values.vo backend/Mem.vo lib/Integers.vo +backend/Kildall.vo: backend/Kildall.v lib/Coqlib.vo lib/Maps.vo lib/Lattice.vo +backend/Constprop.vo: backend/Constprop.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Globalenvs.vo backend/Op.vo backend/Registers.vo backend/RTL.vo lib/Lattice.vo backend/Kildall.vo +backend/Constpropproof.vo: backend/Constpropproof.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Registers.vo backend/RTL.vo lib/Lattice.vo backend/Kildall.vo backend/Constprop.vo +backend/CSE.vo: backend/CSE.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Registers.vo backend/RTL.vo backend/Kildall.vo +backend/CSEproof.vo: backend/CSEproof.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Registers.vo backend/RTL.vo backend/Kildall.vo backend/CSE.vo +backend/Locations.vo: backend/Locations.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Values.vo +backend/Conventions.vo: backend/Conventions.v lib/Coqlib.vo backend/AST.vo backend/Locations.vo +backend/LTL.vo: backend/LTL.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo backend/Conventions.vo +backend/LTLtyping.vo: backend/LTLtyping.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Op.vo backend/RTL.vo backend/Locations.vo backend/LTL.vo backend/Conventions.vo +backend/InterfGraph.vo: backend/InterfGraph.v lib/Coqlib.vo lib/Maps.vo lib/Ordered.vo backend/Registers.vo backend/Locations.vo +backend/Coloring.vo: backend/Coloring.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Op.vo backend/Registers.vo backend/RTL.vo backend/RTLtyping.vo backend/Locations.vo backend/Conventions.vo backend/InterfGraph.vo +backend/Coloringproof.vo: backend/Coloringproof.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Op.vo backend/Registers.vo backend/RTL.vo backend/RTLtyping.vo backend/Locations.vo backend/Conventions.vo backend/InterfGraph.vo backend/Coloring.vo +backend/Parallelmove.vo: backend/Parallelmove.v backend/Conventions.vo lib/Coqlib.vo backend/Values.vo backend/LTL.vo backend/Locations.vo backend/AST.vo +backend/Allocation.vo: backend/Allocation.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Values.vo backend/Globalenvs.vo backend/Op.vo backend/Registers.vo backend/RTL.vo backend/RTLtyping.vo backend/Kildall.vo backend/Locations.vo backend/Conventions.vo backend/Coloring.vo backend/Parallelmove.vo backend/LTL.vo +backend/Allocproof_aux.vo: backend/Allocproof_aux.v lib/Coqlib.vo backend/Values.vo backend/Parallelmove.vo backend/Allocation.vo backend/LTL.vo backend/Locations.vo backend/Conventions.vo +backend/Allocproof.vo: backend/Allocproof.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Registers.vo backend/RTL.vo backend/RTLtyping.vo backend/Locations.vo backend/Conventions.vo backend/Coloring.vo backend/Coloringproof.vo backend/Allocation.vo backend/Allocproof_aux.vo backend/LTL.vo +backend/Alloctyping_aux.vo: backend/Alloctyping_aux.v lib/Coqlib.vo backend/Locations.vo backend/LTL.vo backend/Allocation.vo backend/LTLtyping.vo backend/Allocproof_aux.vo backend/Parallelmove.vo lib/Inclusion.vo +backend/Alloctyping.vo: backend/Alloctyping.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Op.vo backend/Registers.vo backend/RTL.vo backend/Locations.vo backend/LTL.vo backend/Coloring.vo backend/Coloringproof.vo backend/Allocation.vo backend/Allocproof.vo backend/RTLtyping.vo backend/LTLtyping.vo backend/Conventions.vo backend/Alloctyping_aux.vo +backend/Tunneling.vo: backend/Tunneling.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Values.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo backend/LTL.vo +backend/Tunnelingproof.vo: backend/Tunnelingproof.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo backend/LTL.vo backend/Tunneling.vo +backend/Tunnelingtyping.vo: backend/Tunnelingtyping.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo backend/LTL.vo backend/LTLtyping.vo backend/Tunneling.vo +backend/Linear.vo: backend/Linear.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo backend/LTL.vo backend/Conventions.vo +backend/Lineartyping.vo: backend/Lineartyping.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Op.vo backend/RTL.vo backend/Locations.vo backend/Linear.vo backend/Conventions.vo +backend/Linearize.vo: backend/Linearize.v lib/Coqlib.vo lib/Maps.vo lib/Sets.vo backend/AST.vo backend/Values.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo backend/LTL.vo backend/Linear.vo backend/Kildall.vo lib/Lattice.vo +backend/Linearizeproof.vo: backend/Linearizeproof.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo backend/LTL.vo backend/Linear.vo backend/Linearize.vo lib/Lattice.vo +backend/Linearizetyping.vo: backend/Linearizetyping.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Op.vo backend/Locations.vo backend/LTL.vo backend/Linear.vo backend/Linearize.vo backend/LTLtyping.vo backend/Lineartyping.vo backend/Conventions.vo +backend/Mach.vo: backend/Mach.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo +backend/Machabstr.vo: backend/Machabstr.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Mem.vo lib/Integers.vo backend/Values.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo backend/Conventions.vo backend/Mach.vo +backend/Machtyping.vo: backend/Machtyping.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Mem.vo lib/Integers.vo backend/Values.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo backend/Conventions.vo backend/Mach.vo backend/Machabstr.vo +backend/Stacking.vo: backend/Stacking.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Op.vo backend/RTL.vo backend/Locations.vo backend/Linear.vo backend/Lineartyping.vo backend/Mach.vo backend/Conventions.vo +backend/Stackingproof.vo: backend/Stackingproof.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Values.vo backend/Op.vo backend/Mem.vo backend/Globalenvs.vo backend/Locations.vo backend/Mach.vo backend/Machabstr.vo backend/Linear.vo backend/Lineartyping.vo backend/Conventions.vo backend/Stacking.vo +backend/Stackingtyping.vo: backend/Stackingtyping.v lib/Coqlib.vo lib/Maps.vo lib/Integers.vo backend/AST.vo backend/Op.vo backend/Locations.vo backend/Conventions.vo backend/Linear.vo backend/Lineartyping.vo backend/Mach.vo backend/Machtyping.vo backend/Stacking.vo backend/Stackingproof.vo +backend/Machabstr2mach.vo: backend/Machabstr2mach.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo backend/Machabstr.vo backend/Mach.vo backend/Machtyping.vo backend/Stackingproof.vo +backend/PPC.vo: backend/PPC.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo +backend/PPCgen.vo: backend/PPCgen.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo backend/Mach.vo backend/PPC.vo +backend/PPCgenproof1.vo: backend/PPCgenproof1.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo backend/Mach.vo backend/Machtyping.vo backend/PPC.vo backend/PPCgen.vo +backend/PPCgenproof.vo: backend/PPCgenproof.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo lib/Integers.vo lib/Floats.vo backend/Values.vo backend/Mem.vo backend/Globalenvs.vo backend/Op.vo backend/Locations.vo backend/Mach.vo backend/Machtyping.vo backend/PPC.vo backend/PPCgen.vo backend/PPCgenproof1.vo +backend/Main.vo: backend/Main.v lib/Coqlib.vo lib/Maps.vo backend/AST.vo backend/Values.vo backend/Csharpminor.vo backend/Cminor.vo backend/RTL.vo backend/LTL.vo backend/Linear.vo backend/Mach.vo backend/PPC.vo backend/Cminorgen.vo backend/RTLgen.vo backend/Constprop.vo backend/CSE.vo backend/Allocation.vo backend/Tunneling.vo backend/Linearize.vo backend/Stacking.vo backend/PPCgen.vo backend/RTLtyping.vo backend/LTLtyping.vo backend/Lineartyping.vo backend/Machtyping.vo backend/Cminorgenproof.vo backend/RTLgenproof.vo backend/Constpropproof.vo backend/CSEproof.vo backend/Allocproof.vo backend/Alloctyping.vo backend/Tunnelingproof.vo backend/Tunnelingtyping.vo backend/Linearizeproof.vo backend/Linearizetyping.vo backend/Stackingproof.vo backend/Stackingtyping.vo backend/Machabstr2mach.vo backend/PPCgenproof.vo diff --git a/.globfile b/.globfile new file mode 100644 index 00000000..b941c5de --- /dev/null +++ b/.globfile @@ -0,0 +1,75292 @@ +FCoqlib +R177 Coq.Init.Logic "x = y" type_scope +R165 Coq.Init.Logic "x = y" type_scope +R242 Coq.Init.Logic "x = y" type_scope +R394 Coq.Init.Logic.refl_equal +R490 Coq.Init.Logic.refl_equal +R607 Coq.Init.Logic "x = y" type_scope +R600 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R609 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R709 Coq.Init.Logic "x = y" type_scope +R699 Coq.Init.Datatypes.Some +R712 Coq.Init.Datatypes.Some +R800 Coq.Init.Logic "x = y" type_scope +R884 Coq.Init.Logic "x = y" type_scope +R964 Coq.Init.Logic "x = y" type_scope +R1040 Coq.Init.Logic "x = y" type_scope +R1112 Coq.Init.Logic "x = y" type_scope +R1182 Coq.Init.Logic "x <> y" type_scope +R1210 Coq.Init.Logic "x <> y" type_scope +R1138 Coq.Init.Logic.f_equal +R1068 Coq.Init.Logic.f_equal2 +R994 Coq.Init.Logic.f_equal3 +R916 Coq.Init.Logic.f_equal4 +R834 Coq.Init.Logic.f_equal5 +R741 Coq.Init.Logic.f_equal +R751 Coq.Init.Datatypes.Some +R633 Coq.Init.Datatypes.injective_projections +R1294 Coq.Init.Logic.False +R1358 Coq.Init.Logic.False +R1443 Coq.Init.Specif "{ A } + { B }" type_scope +R1446 Coq.Init.Logic "x = y" type_scope +R1456 Coq.Init.Logic "x <> y" type_scope +R1432 Coq.NArith.BinPos.positive +R1432 Coq.NArith.BinPos.positive +R1488 Coq.NArith.BinPos.Pcompare +R1501 Coq.Init.Datatypes.Eq +R1488 Coq.NArith.BinPos.Pcompare +R1501 Coq.Init.Datatypes.Eq +R1527 Coq.NArith.BinPos.Pcompare_Eq_eq +R1527 Coq.NArith.BinPos.Pcompare_Eq_eq +R1595 Coq.NArith.BinPos.Pcompare_refl +R1595 Coq.NArith.BinPos.Pcompare_refl +R1678 Coq.NArith.BinPos.Pcompare_refl +R1678 Coq.NArith.BinPos.Pcompare_refl +R1804 Coq.Init.Logic "x = y" type_scope +R1783 Coqlib.peq +R1759 Coq.NArith.BinPos.positive +R1834 Coqlib.peq +R1834 Coqlib.peq +R1978 Coq.Init.Logic "x = y" type_scope +R1957 Coqlib.peq +R1945 Coq.Init.Logic "x <> y" type_scope +R1923 Coq.NArith.BinPos.positive +R1923 Coq.NArith.BinPos.positive +R2008 Coqlib.peq +R2008 Coqlib.peq +R2098 Coq.ZArith.BinInt.Zlt +R2112 Coq.ZArith.BinInt.Zpos +R2103 Coq.ZArith.BinInt.Zpos +R2079 Coq.NArith.BinPos.positive +R2079 Coq.NArith.BinPos.positive +R2175 Coq.Init.Logic "x <> y" type_scope +R2162 Coqlib.Plt +R2151 Coq.NArith.BinPos.positive +R2151 Coq.NArith.BinPos.positive +R2256 Coqlib.Plt_ne +R2340 Coqlib.Plt +R2329 Coqlib.Plt +R2318 Coqlib.Plt +R2307 Coq.NArith.BinPos.positive +R2307 Coq.NArith.BinPos.positive +R2307 Coq.NArith.BinPos.positive +R2450 Coq.Init.Logic "x = y" type_scope +R2435 Coq.ZArith.BinInt.Zpos +R2441 Coq.NArith.BinPos.Psucc +R2452 Coq.ZArith.BinInt.Zsucc +R2459 Coq.ZArith.BinInt.Zpos +R2424 Coq.NArith.BinPos.positive +R2493 Coq.NArith.BinPos.Pplus_one_succ_r +R2493 Coq.NArith.BinPos.Pplus_one_succ_r +R2573 Coqlib.Plt +R2580 Coq.NArith.BinPos.Psucc +R2562 Coq.NArith.BinPos.positive +R2626 Coqlib.Psucc_Zsucc +R2626 Coqlib.Psucc_Zsucc +R2664 Coqlib.Plt_succ +R2742 Coqlib.Plt +R2749 Coq.NArith.BinPos.Psucc +R2731 Coqlib.Plt +R2720 Coq.NArith.BinPos.positive +R2720 Coq.NArith.BinPos.positive +R2782 Coqlib.Plt_trans +R2782 Coqlib.Plt_trans +R2818 Coqlib.Plt_succ +R2818 Coqlib.Plt_succ +R2846 Coqlib.Plt_succ +R2938 Coq.Init.Logic "A \/ B" type_scope +R2930 Coqlib.Plt +R2943 Coq.Init.Logic "x = y" type_scope +R2911 Coqlib.Plt +R2918 Coq.NArith.BinPos.Psucc +R2900 Coq.NArith.BinPos.positive +R2900 Coq.NArith.BinPos.positive +R2989 Coqlib.Psucc_Zsucc +R2989 Coqlib.Psucc_Zsucc +R3043 Coq.Init.Logic "A \/ B" type_scope +R3031 Coq.ZArith.BinInt "x < y" Z_scope +R3024 Coq.ZArith.BinInt.Zpos +R3033 Coq.ZArith.BinInt.Zpos +R3053 Coq.Init.Logic "x = y" type_scope +R3046 Coq.ZArith.BinInt.Zpos +R3055 Coq.ZArith.BinInt.Zpos +R3043 Coq.Init.Logic "A \/ B" type_scope +R3031 Coq.ZArith.BinInt "x < y" Z_scope +R3024 Coq.ZArith.BinInt.Zpos +R3033 Coq.ZArith.BinInt.Zpos +R3053 Coq.Init.Logic "x = y" type_scope +R3046 Coq.ZArith.BinInt.Zpos +R3055 Coq.ZArith.BinInt.Zpos +R3166 Coq.Init.Specif "{ A } + { B }" type_scope +R3167 Coqlib.Plt +R3179 Coq.Init.Logic "~ x" type_scope +R3181 Coqlib.Plt +R3154 Coq.NArith.BinPos.positive +R3154 Coq.NArith.BinPos.positive +R3225 Coq.ZArith.ZArith_dec.Z_lt_dec +R3225 Coq.ZArith.ZArith_dec.Z_lt_dec +R3275 Coq.ZArith.BinInt.Zle +R3289 Coq.ZArith.BinInt.Zpos +R3280 Coq.ZArith.BinInt.Zpos +R3262 Coq.NArith.BinPos.positive +R3262 Coq.NArith.BinPos.positive +R3337 Coqlib.Ple +R3326 Coq.NArith.BinPos.positive +R3453 Coqlib.Ple +R3442 Coqlib.Ple +R3431 Coqlib.Ple +R3420 Coq.NArith.BinPos.positive +R3420 Coq.NArith.BinPos.positive +R3420 Coq.NArith.BinPos.positive +R3554 Coqlib.Ple +R3543 Coqlib.Plt +R3532 Coq.NArith.BinPos.positive +R3532 Coq.NArith.BinPos.positive +R3648 Coqlib.Ple +R3655 Coq.NArith.BinPos.Psucc +R3637 Coq.NArith.BinPos.positive +R3688 Coqlib.Plt_Ple +R3688 Coqlib.Plt_Ple +R3703 Coqlib.Plt_succ +R3703 Coqlib.Plt_succ +R3790 Coqlib.Plt +R3779 Coqlib.Ple +R3768 Coqlib.Plt +R3757 Coq.NArith.BinPos.positive +R3757 Coq.NArith.BinPos.positive +R3757 Coq.NArith.BinPos.positive +R3874 Coq.Init.Logic "~ x" type_scope +R3876 Coqlib.Plt +R3940 Coqlib.Ple_refl +R3949 Coqlib.Plt_Ple +R3957 Coqlib.Ple_succ +R3966 Coqlib.Plt_strict +R4067 Coq.Init.Wf.well_founded +R4080 Coqlib.Plt +R4128 Coq.NArith.BinPos.nat_of_P +R4100 Coq.Arith.Wf_nat.well_founded_lt_compat +R4128 Coq.NArith.BinPos.nat_of_P +R4100 Coq.Arith.Wf_nat.well_founded_lt_compat +R4154 Coq.NArith.Pnat.nat_of_P_lt_Lt_compare_morphism +R4154 Coq.NArith.Pnat.nat_of_P_lt_Lt_compare_morphism +R4247 Coq.NArith.BinPos.positive +R4308 Coqlib.Plt +R4313 Coq.NArith.BinPos.Ppred +R4299 Coq.Init.Logic "x <> y" type_scope +R4302 Coq.NArith.BinPos.xH +R4348 Coq.NArith.BinPos.Psucc_pred +R4348 Coq.NArith.BinPos.Psucc_pred +R4397 Coq.NArith.BinPos.Ppred +R4397 Coq.NArith.BinPos.Ppred +R4433 Coqlib.Plt_succ +R4433 Coqlib.Plt_succ +R4515 Coqlib.peq +R4521 Coq.NArith.BinPos.xH +R4533 Coq.Init.Specif.left +R4551 Coq.Init.Specif.right +R4592 Coqlib.Ppred_Plt +R4582 Coq.NArith.BinPos.Ppred +R4569 Coq.NArith.BinPos.Ppred +R4486 Coqlib.Plt +R4462 Coq.NArith.BinPos.positive +R4646 Coq.NArith.BinPos.positive +R4665 Coq.Init.Wf.Fix +R4669 Coqlib.Plt_wf +R4752 Coq.Init.Logic "x = y" type_scope +R4737 Coqlib.positive_rec +R4773 Coqlib.positive_rec +R4827 Coq.Init.Wf.Fix_eq +R4834 Coqlib.Plt_wf +R4827 Coq.Init.Wf.Fix_eq +R4834 Coqlib.Plt_wf +R4890 Coqlib.peq +R4890 Coqlib.peq +R4986 Coq.Init.Logic "x = y" type_scope +R4962 Coqlib.positive_rec +R5009 Coqlib.unroll_positive_rec +R5009 Coqlib.unroll_positive_rec +R5049 Coqlib.peq +R5049 Coqlib.peq +R5154 Coq.Init.Logic "x = y" type_scope +R5131 Coqlib.positive_rec +R5145 Coq.NArith.BinPos.Psucc +R5161 Coqlib.positive_rec +R5202 Coqlib.unroll_positive_rec +R5202 Coqlib.unroll_positive_rec +R5244 Coqlib.peq +R5249 Coq.NArith.BinPos.Psucc +R5244 Coqlib.peq +R5249 Coq.NArith.BinPos.Psucc +R5319 Coq.NArith.BinPos.Ppred_succ +R5319 Coq.NArith.BinPos.Ppred_succ +R5434 Coq.NArith.BinPos.Psucc +R5405 Coq.NArith.BinPos.xH +R5382 Coq.NArith.BinPos.positive +R5490 Coq.Init.Wf.well_founded_ind +R5507 Coqlib.Plt_wf +R5490 Coq.Init.Wf.well_founded_ind +R5507 Coqlib.Plt_wf +R5537 Coqlib.peq +R5544 Coq.NArith.BinPos.xH +R5537 Coqlib.peq +R5544 Coq.NArith.BinPos.xH +R5582 Coq.NArith.BinPos.Psucc_pred +R5582 Coq.NArith.BinPos.Psucc_pred +R5663 Coqlib.Ppred_Plt +R5663 Coqlib.Ppred_Plt +R5760 Coq.Init.Specif "{ A } + { B }" type_scope +R5763 Coq.Init.Logic "x = y" type_scope +R5773 Coq.Init.Logic "x <> y" type_scope +R5756 Coq.ZArith.BinInt.Z +R5756 Coq.ZArith.BinInt.Z +R5782 Coq.ZArith.ZArith_dec.Z_eq_dec +R5869 Coq.Init.Logic "x = y" type_scope +R5848 Coqlib.zeq +R5831 Coq.ZArith.BinInt.Z +R5899 Coqlib.zeq +R5899 Coqlib.zeq +R6036 Coq.Init.Logic "x = y" type_scope +R6015 Coqlib.zeq +R6003 Coq.Init.Logic "x <> y" type_scope +R5988 Coq.ZArith.BinInt.Z +R5988 Coq.ZArith.BinInt.Z +R6066 Coqlib.zeq +R6066 Coqlib.zeq +R6170 Coq.Init.Specif "{ A } + { B }" type_scope +R6173 Coq.ZArith.BinInt "x < y" Z_scope +R6183 Coq.ZArith.BinInt "x >= y" Z_scope +R6166 Coq.ZArith.BinInt.Z +R6166 Coq.ZArith.BinInt.Z +R6192 Coq.ZArith.ZArith_dec.Z_lt_ge_dec +R6296 Coq.Init.Logic "x = y" type_scope +R6275 Coqlib.zlt +R6264 Coq.ZArith.BinInt "x < y" Z_scope +R6246 Coq.ZArith.BinInt.Z +R6246 Coq.ZArith.BinInt.Z +R6326 Coqlib.zlt +R6326 Coqlib.zlt +R6472 Coq.Init.Logic "x = y" type_scope +R6451 Coqlib.zlt +R6439 Coq.ZArith.BinInt "x >= y" Z_scope +R6421 Coq.ZArith.BinInt.Z +R6421 Coq.ZArith.BinInt.Z +R6502 Coqlib.zlt +R6502 Coqlib.zlt +R6589 Coq.Init.Specif "{ A } + { B }" type_scope +R6592 Coq.ZArith.BinInt "x <= y" Z_scope +R6603 Coq.ZArith.BinInt "x > y" Z_scope +R6585 Coq.ZArith.BinInt.Z +R6585 Coq.ZArith.BinInt.Z +R6611 Coq.ZArith.ZArith_dec.Z_le_gt_dec +R6716 Coq.Init.Logic "x = y" type_scope +R6695 Coqlib.zle +R6683 Coq.ZArith.BinInt "x <= y" Z_scope +R6665 Coq.ZArith.BinInt.Z +R6665 Coq.ZArith.BinInt.Z +R6746 Coqlib.zle +R6746 Coqlib.zle +R6891 Coq.Init.Logic "x = y" type_scope +R6870 Coqlib.zle +R6859 Coq.ZArith.BinInt "x > y" Z_scope +R6841 Coq.ZArith.BinInt.Z +R6841 Coq.ZArith.BinInt.Z +R6921 Coqlib.zle +R6921 Coqlib.zle +R7036 Coq.Init.Logic "x = y" type_scope +R7020 Coq.ZArith.Zpower.two_power_nat +R7034 Coq.Init.Datatypes.O +R7125 Coq.ZArith.BinInt "x > y" Z_scope +R7109 Coq.ZArith.Zpower.two_power_nat +R7104 Coq.Init.Datatypes.nat +R7160 Coqlib.two_power_nat_O +R7160 Coqlib.two_power_nat_O +R7194 Coq.ZArith.Zpower.two_power_nat_S +R7194 Coq.ZArith.Zpower.two_power_nat_S +R7280 Coq.Init.Logic "x = y" type_scope +R7271 Coq.ZArith.Zmin.Zmin +R7285 Coqlib.zlt +R7331 Coqlib.zlt +R7331 Coqlib.zlt +R7423 Coq.ZArith.BinInt "x ?= y" Z_scope +R7423 Coq.ZArith.BinInt "x ?= y" Z_scope +R7446 Coq.ZArith.Zcompare.Zcompare_Eq_eq +R7446 Coq.ZArith.Zcompare.Zcompare_Eq_eq +R7546 Coq.Init.Logic "x = y" type_scope +R7537 Coq.ZArith.Zmin.Zmax +R7551 Coqlib.zlt +R7597 Coqlib.zlt +R7597 Coqlib.zlt +R7659 Coq.ZArith.Zcompare.Zcompare_antisym +R7659 Coq.ZArith.Zcompare.Zcompare_antisym +R7735 Coq.ZArith.Zcompare.Zcompare_antisym +R7735 Coq.ZArith.Zcompare.Zcompare_antisym +R7770 Coq.ZArith.BinInt "x ?= y" Z_scope +R7770 Coq.ZArith.BinInt "x ?= y" Z_scope +R7809 Coq.ZArith.Zcompare.Zcompare_Eq_eq +R7809 Coq.ZArith.Zcompare.Zcompare_Eq_eq +R7915 Coq.ZArith.BinInt "x <= y" Z_scope +R7918 Coq.ZArith.Zmin.Zmax +R7905 Coq.ZArith.BinInt "x <= y" Z_scope +R7957 Coq.ZArith.Zmin.Zmax1 +R7957 Coq.ZArith.Zmin.Zmax1 +R8029 Coq.ZArith.BinInt "x <= y" Z_scope +R8032 Coq.ZArith.Zmin.Zmax +R8019 Coq.ZArith.BinInt "x <= y" Z_scope +R8071 Coq.ZArith.Zmin.Zmax2 +R8071 Coq.ZArith.Zmin.Zmax2 +R8163 Coq.Init.Logic "x = y" type_scope +R8159 Coq.ZArith.Zdiv "x / y" Z_scope +R8145 Coq.ZArith.BinInt "x <= y < z" Z_scope +R8195 Coq.ZArith.BinInt "x > y" Z_scope +R8195 Coq.ZArith.BinInt "x > y" Z_scope +R8281 Coq.Init.Logic "x = y" type_scope +R8255 Coq.ZArith.BinInt "x <= y < z" Z_scope +R8264 Coq.ZArith.BinInt "x + y" Z_scope +R8260 Coq.ZArith.BinInt "x * y" Z_scope +R8264 Coq.ZArith.BinInt "x + y" Z_scope +R8260 Coq.ZArith.BinInt "x * y" Z_scope +R8237 Coq.ZArith.BinInt "x <= y < z" Z_scope +R8281 Coq.Init.Logic "x = y" type_scope +R8255 Coq.ZArith.BinInt "x <= y < z" Z_scope +R8264 Coq.ZArith.BinInt "x + y" Z_scope +R8260 Coq.ZArith.BinInt "x * y" Z_scope +R8264 Coq.ZArith.BinInt "x + y" Z_scope +R8260 Coq.ZArith.BinInt "x * y" Z_scope +R8237 Coq.ZArith.BinInt "x <= y < z" Z_scope +R8314 Coq.Init.Logic "A \/ B" type_scope +R8310 Coq.Init.Logic "x = y" type_scope +R8323 Coq.Init.Logic "A \/ B" type_scope +R8319 Coq.ZArith.BinInt "x > y" Z_scope +R8329 Coq.ZArith.BinInt "x > y" Z_scope +R8327 Coq.ZArith.BinInt "- x" Z_scope +R8314 Coq.Init.Logic "A \/ B" type_scope +R8310 Coq.Init.Logic "x = y" type_scope +R8323 Coq.Init.Logic "A \/ B" type_scope +R8319 Coq.ZArith.BinInt "x > y" Z_scope +R8329 Coq.ZArith.BinInt "x > y" Z_scope +R8327 Coq.ZArith.BinInt "- x" Z_scope +R8404 Coq.ZArith.BinInt "x >= y" Z_scope +R8400 Coq.ZArith.BinInt "x * y" Z_scope +R8409 Coq.ZArith.BinInt "x * y" Z_scope +R8404 Coq.ZArith.BinInt "x >= y" Z_scope +R8400 Coq.ZArith.BinInt "x * y" Z_scope +R8409 Coq.ZArith.BinInt "x * y" Z_scope +R8421 Coq.ZArith.Zorder.Zmult_ge_compat_l +R8421 Coq.ZArith.Zorder.Zmult_ge_compat_l +R8497 Coq.ZArith.BinInt "x >= y" Z_scope +R8490 Coq.ZArith.BinInt "x * y" Z_scope +R8493 Coq.ZArith.BinInt "- x" Z_scope +R8502 Coq.ZArith.BinInt "x * y" Z_scope +R8497 Coq.ZArith.BinInt "x >= y" Z_scope +R8490 Coq.ZArith.BinInt "x * y" Z_scope +R8493 Coq.ZArith.BinInt "- x" Z_scope +R8502 Coq.ZArith.BinInt "x * y" Z_scope +R8514 Coq.ZArith.Zorder.Zmult_ge_compat_l +R8514 Coq.ZArith.Zorder.Zmult_ge_compat_l +R8560 Coq.ZArith.BinInt.Zopp_mult_distr_r +R8560 Coq.ZArith.BinInt.Zopp_mult_distr_r +R8624 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R8624 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R8641 Coq.ZArith.Zdiv.Z_mod_lt +R8641 Coq.ZArith.Zdiv.Z_mod_lt +R8670 Coq.ZArith.Zdiv.Z_div_mod_eq +R8670 Coq.ZArith.Zdiv.Z_div_mod_eq +R8756 Coq.Init.Logic "x = y" type_scope +R8750 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R8736 Coq.ZArith.BinInt "x <= y < z" Z_scope +R8788 Coq.ZArith.BinInt "x > y" Z_scope +R8788 Coq.ZArith.BinInt "x > y" Z_scope +R8815 Coq.ZArith.Zdiv.Z_div_mod_eq +R8815 Coq.ZArith.Zdiv.Z_div_mod_eq +R8849 Coqlib.Zdiv_small +R8849 Coqlib.Zdiv_small +R8959 Coq.Init.Logic "x = y" type_scope +R8953 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R8939 Coq.ZArith.BinInt "x <= y < z" Z_scope +R8922 Coq.Init.Logic "x = y" type_scope +R8930 Coq.ZArith.BinInt "x + y" Z_scope +R8926 Coq.ZArith.BinInt "x * y" Z_scope +R8998 Coq.ZArith.BinInt.Zplus_comm +R8998 Coq.ZArith.BinInt.Zplus_comm +R9021 Coq.ZArith.Zdiv.Z_mod_plus +R9021 Coq.ZArith.Zdiv.Z_mod_plus +R9039 Coqlib.Zmod_small +R9039 Coqlib.Zmod_small +R9146 Coq.Init.Logic "x = y" type_scope +R9142 Coq.ZArith.Zdiv "x / y" Z_scope +R9128 Coq.ZArith.BinInt "x <= y < z" Z_scope +R9111 Coq.Init.Logic "x = y" type_scope +R9119 Coq.ZArith.BinInt "x + y" Z_scope +R9115 Coq.ZArith.BinInt "x * y" Z_scope +R9185 Coq.ZArith.BinInt.Zplus_comm +R9185 Coq.ZArith.BinInt.Zplus_comm +R9207 Coq.ZArith.Zdiv.Z_div_plus +R9207 Coq.ZArith.Zdiv.Z_div_plus +R9228 Coqlib.Zdiv_small +R9228 Coqlib.Zdiv_small +R9374 Coq.Init.Datatypes.option +R9405 Coq.Init.Datatypes.None +R9413 Coq.Init.Datatypes.None +R9422 Coq.Init.Datatypes.Some +R9432 Coq.Init.Datatypes.Some +R9362 Coq.Init.Datatypes.option +R9532 Coq.Init.Datatypes "x + y" type_scope +R9558 Coq.Init.Datatypes.inl +R9567 Coq.Init.Datatypes.inl +R9583 Coq.Init.Datatypes.inr +R9592 Coq.Init.Datatypes.inr +R9523 Coq.Init.Datatypes "x + y" type_scope +R9639 Coq.Lists.List.in_eq +R9645 Coq.Lists.List.in_cons +R9763 Coq.Lists.List.In +R9751 Coq.Init.Logic "x = y" type_scope +R9732 Coq.Lists.List.nth_error +R9753 Coq.Init.Datatypes.Some +R9714 Coq.Lists.List.list +R9705 Coq.Init.Datatypes.nat +R9880 Coq.Lists.List.in_eq +R9880 Coq.Lists.List.in_eq +R9938 Coq.Lists.List.in_cons +R9938 Coq.Lists.List.in_cons +R9971 Coqlib.nth_error_in +R10068 Coq.Init.Logic "x = y" type_scope +R10045 Coq.Lists.List.nth_error +R10057 Coq.Lists.List.nil +R10070 Coq.Init.Datatypes.None +R10039 Coq.Init.Datatypes.nat +R10146 Coqlib.nth_error_nil +R10252 Coq.Lists.List.incl +R10233 Coq.Lists.List.incl +R10241 Coq.Lists.List "x :: y" list_scope +R10222 Coq.Lists.List.list +R10222 Coq.Lists.List.list +R10307 Coq.Lists.List.in_cons +R10307 Coq.Lists.List.in_cons +R10340 Coqlib.incl_cons_inv +R10446 Coq.Lists.List.incl +R10425 Coq.Lists.List.incl +R10434 Coq.Lists.List "x ++ y" list_scope +R10414 Coq.Lists.List.list +R10414 Coq.Lists.List.list +R10414 Coq.Lists.List.list +R10502 Coq.Lists.List.in_or_app +R10502 Coq.Lists.List.in_or_app +R10619 Coq.Lists.List.incl +R10598 Coq.Lists.List.incl +R10607 Coq.Lists.List "x ++ y" list_scope +R10587 Coq.Lists.List.list +R10587 Coq.Lists.List.list +R10587 Coq.Lists.List.list +R10675 Coq.Lists.List.in_or_app +R10675 Coq.Lists.List.in_or_app +R10724 Coqlib.incl_app_inv_l +R10739 Coqlib.incl_app_inv_r +R10798 Coq.Lists.List.list +R10857 Coq.Lists.List.nil +R10961 Coq.Lists.List "x :: y" list_scope +R10910 Coq.Init.Logic "~ x" type_scope +R10912 Coq.Lists.List.In +R11073 Coq.Init.Logic "x <> y" type_scope +R11060 Coq.Lists.List.In +R11049 Coq.Lists.List.In +R11012 Coq.Lists.List.list +R11012 Coq.Lists.List.list +R11184 Coqlib.list_disjoint +R11154 Coqlib.list_disjoint +R11171 Coq.Lists.List "x :: y" list_scope +R11143 Coq.Lists.List.list +R11143 Coq.Lists.List.list +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R11379 Coqlib.list_disjoint +R11349 Coqlib.list_disjoint +R11369 Coq.Lists.List "x :: y" list_scope +R11338 Coq.Lists.List.list +R11338 Coq.Lists.List.list +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R11573 Coq.Init.Logic "~ x" type_scope +R11575 Coq.Lists.List.In +R11562 Coq.Lists.List.In +R11539 Coqlib.list_disjoint +R11521 Coq.Lists.List.list +R11521 Coq.Lists.List.list +R11754 Coqlib.list_disjoint +R11731 Coqlib.list_disjoint +R11720 Coq.Lists.List.list +R11720 Coq.Lists.List.list +R11823 Coq.Init.Logic.sym_not_equal +R11823 Coq.Init.Logic.sym_not_equal +R11983 Coq.Init.Logic "x = y" type_scope +R11969 Coq.Lists.List.map +R11985 Coq.Lists.List.map +R11956 Coq.Init.Logic "x = y" type_scope +R11942 Coq.Lists.List.In +R11920 Coq.Lists.List.list +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R12245 Coq.Init.Logic "x = y" type_scope +R12219 Coq.Lists.List.map +R12231 Coq.Lists.List.map +R12247 Coq.Lists.List.map +R12208 Coq.Lists.List.list +R12454 Coq.Init.Logic "x = y" type_scope +R12427 Coq.Lists.List.nth_error +R12438 Coq.Lists.List.map +R12456 Coqlib.option_map +R12470 Coq.Lists.List.nth_error +R12419 Coq.Init.Datatypes.nat +R12407 Coq.Lists.List.list +R12540 Coqlib.nth_error_nil +R12540 Coqlib.nth_error_nil +R12540 Coqlib.nth_error_nil +R12540 Coqlib.nth_error_nil +R12711 Coq.Init.Logic "x = y" type_scope +R12684 Coq.Lists.List.length +R12697 Coq.Lists.List.map +R12713 Coq.Lists.List.length +R12673 Coq.Lists.List.list +R12875 Coq.Init.Logic "'exists' x : t , p" type_scope +R12895 Coq.Init.Logic "A /\ B" type_scope +R12889 Coq.Init.Logic "x = y" type_scope +R12898 Coq.Lists.List.In +R12852 Coq.Lists.List.In +R12858 Coq.Lists.List.map +R12834 Coq.Lists.List.list +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R13228 Coqlib.list_norepet +R13242 Coq.Lists.List.map +R13215 Coq.Init.Logic "x <> y" type_scope +R13203 Coq.Init.Logic "x <> y" type_scope +R13191 Coq.Lists.List.In +R13181 Coq.Lists.List.In +R13148 Coqlib.list_norepet +R13137 Coq.Lists.List.list +R13350 Coqlib.list_in_map_inv +R13350 Coqlib.list_in_map_inv +R13427 Coq.Init.Logic "x <> y" type_scope +R13427 Coq.Init.Logic "x <> y" type_scope +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R13665 Coq.Init.Logic "x = y" type_scope +R13643 Coq.Lists.List.map +R13658 Coq.Lists.List "x ++ y" list_scope +R13681 Coq.Lists.List "x ++ y" list_scope +R13667 Coq.Lists.List.map +R13684 Coq.Lists.List.map +R13632 Coq.Lists.List.list +R13632 Coq.Lists.List.list +R13866 Coqlib.list_norepet +R13882 Coq.Lists.List "x ++ y" list_scope +R13841 Coqlib.list_norepet +R13857 Coq.Lists.List "x ++ y" list_scope +R13830 Coq.Lists.List.list +R13830 Coq.Lists.List.list +R14031 Coqlib.list_norepet +R14047 Coq.Lists.List "x ++ y" list_scope +R14052 Coq.Lists.List "x :: y" list_scope +R14006 Coq.Init.Logic "~ x" type_scope +R14008 Coq.Lists.List.In +R13993 Coq.Init.Logic "~ x" type_scope +R13995 Coq.Lists.List.In +R13968 Coqlib.list_norepet +R13984 Coq.Lists.List "x ++ y" list_scope +R13947 Coq.Lists.List.list +R13935 Coq.Lists.List.list +R14031 Coqlib.list_norepet +R14047 Coq.Lists.List "x ++ y" list_scope +R14052 Coq.Lists.List "x :: y" list_scope +R14006 Coq.Init.Logic "~ x" type_scope +R14008 Coq.Lists.List.In +R13993 Coq.Init.Logic "~ x" type_scope +R13995 Coq.Lists.List.In +R13968 Coqlib.list_norepet +R13984 Coq.Lists.List "x ++ y" list_scope +R13947 Coq.Lists.List.list +R13935 Coq.Lists.List.list +R14167 Coq.Lists.List.in_app_or +R14167 Coq.Lists.List.in_app_or +R14214 Coq.Lists.List.in_or_app +R14214 Coq.Lists.List.in_or_app +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R14302 Coq.Lists.List.in_or_app +R14302 Coq.Lists.List.in_or_app +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R14373 Coq.Lists.List.app_nil_end +R14373 Coq.Lists.List.app_nil_end +R14453 Coq.Lists.List.in_or_app +R14453 Coq.Lists.List.in_or_app +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R14500 Coq.Lists.List.in_or_app +R14500 Coq.Lists.List.in_or_app +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R14621 Coqlib.list_norepet +R14594 Coqlib.list_norepet +R14611 Coq.Lists.List "x ++ y" list_scope +R14583 Coq.Lists.List.list +R14583 Coq.Lists.List.list +R14820 Coqlib.list_norepet +R14793 Coqlib.list_norepet +R14810 Coq.Lists.List "x ++ y" list_scope +R14782 Coq.Lists.List.list +R14782 Coq.Lists.List.list +R14860 Coqlib.list_norepet_append_right +R14860 Coqlib.list_norepet_append_right +R14904 Coqlib.list_norepet_append_commut +R14904 Coqlib.list_norepet_append_commut +R15059 Coq.Lists.List.list +R15049 Coq.Lists.List.list +R15122 Coq.Lists.List.nil +R15118 Coq.Lists.List.nil +R15254 Coq.Lists.List "x :: y" list_scope +R15243 Coq.Lists.List "x :: y" list_scope +R15497 Coqlib.list_forall2 +R15458 Coq.Lists.List.In +R15446 Coq.Lists.List.In +R15373 Coqlib.list_forall2 +R15362 Coq.Lists.List.list +R15349 Coq.Lists.List.list +FMaps +R199 Coq.Init.Specif "{ A } + { B }" type_scope +R202 Coq.Init.Logic "x = y" type_scope +R212 Coq.Init.Logic "x <> y" type_scope +R193 Maps.elt +R193 Maps.elt +R349 Coq.Init.Specif "{ A } + { B }" type_scope +R352 Coq.Init.Logic "x = y" type_scope +R362 Coq.Init.Logic "x <> y" type_scope +R343 Maps.t +R343 Maps.t +R295 Coq.Init.Specif "{ A } + { B }" type_scope +R297 Coq.Init.Logic "x = y" type_scope +R305 Coq.Init.Logic "x <> y" type_scope +R404 Maps.t +R456 Coq.Init.Datatypes.option +R449 Maps.t +R442 Maps.elt +R518 Maps.t +R511 Maps.t +R499 Maps.elt +R573 Maps.t +R566 Maps.t +R559 Maps.elt +R645 Coq.Init.Logic "x = y" type_scope +R629 Maps.get +R636 Maps.empty +R647 Coq.Init.Datatypes.None +R623 Maps.elt +R735 Coq.Init.Logic "x = y" type_scope +R717 Maps.get +R724 Maps.set +R737 Coq.Init.Datatypes.Some +R711 Maps.t +R695 Maps.elt +R843 Coq.Init.Logic "x = y" type_scope +R825 Maps.get +R832 Maps.set +R845 Maps.get +R817 Coq.Init.Logic "x <> y" type_scope +R805 Maps.t +R789 Maps.elt +R789 Maps.elt +R945 Coq.Init.Logic "x = y" type_scope +R927 Maps.get +R934 Maps.set +R950 Maps.elt_eq +R978 Maps.get +R966 Coq.Init.Datatypes.Some +R917 Maps.t +R901 Maps.elt +R901 Maps.elt +R1089 Coq.Init.Logic "x = y" type_scope +R1079 Maps.set +R1067 Coq.Init.Logic "x = y" type_scope +R1059 Maps.get +R1069 Coq.Init.Datatypes.Some +R1042 Maps.t +R1033 Maps.elt +R1362 Coq.Init.Logic "x = y" type_scope +R1343 Maps.get +R1350 Maps.remove +R1364 Coq.Init.Datatypes.None +R1337 Maps.t +R1328 Maps.elt +R1462 Coq.Init.Logic "x = y" type_scope +R1443 Maps.get +R1450 Maps.remove +R1464 Maps.get +R1435 Coq.Init.Logic "x <> y" type_scope +R1423 Maps.t +R1414 Maps.elt +R1414 Maps.elt +R1538 Maps.t +R1531 Maps.t +R1513 Maps.elt +R1642 Coq.Init.Logic "x = y" type_scope +R1626 Maps.get +R1633 Maps.map +R1644 Coqlib.option_map +R1662 Maps.get +R1616 Maps.t +R1607 Maps.elt +R1588 Maps.elt +R1765 Maps.t +R1758 Maps.t +R1751 Maps.t +R1738 Coq.Init.Datatypes.option +R1726 Coq.Init.Datatypes.option +R1714 Coq.Init.Datatypes.option +R1939 Coq.Init.Logic "x = y" type_scope +R1915 Maps.get +R1922 Maps.combine +R1955 Maps.get +R1944 Maps.get +R1901 Coq.Init.Logic "x = y" type_scope +R1896 Coq.Init.Datatypes.None +R1891 Coq.Init.Datatypes.None +R1903 Coq.Init.Datatypes.None +R1879 Maps.elt +R1870 Maps.t +R1870 Maps.t +R1841 Coq.Init.Datatypes.option +R1829 Coq.Init.Datatypes.option +R1817 Coq.Init.Datatypes.option +R2148 Coq.Init.Logic "x = y" type_scope +R2132 Maps.combine +R2150 Maps.combine +R2122 Maps.t +R2122 Maps.t +R2091 Coq.Init.Logic "x = y" type_scope +R2074 Coq.Init.Datatypes.option +R2074 Coq.Init.Datatypes.option +R2045 Coq.Init.Datatypes.option +R2033 Coq.Init.Datatypes.option +R2021 Coq.Init.Datatypes.option +R2045 Coq.Init.Datatypes.option +R2033 Coq.Init.Datatypes.option +R2021 Coq.Init.Datatypes.option +R2216 Coq.Lists.List.list +R2226 Coq.Init.Datatypes "x * y" type_scope +R2222 Maps.elt +R2209 Maps.t +R2333 Coq.Lists.List.In +R2344 Maps.elements +R2336 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2321 Coq.Init.Logic "x = y" type_scope +R2313 Maps.get +R2323 Coq.Init.Datatypes.Some +R2296 Maps.elt +R2287 Maps.t +R2473 Coq.Init.Logic "x = y" type_scope +R2465 Maps.get +R2475 Coq.Init.Datatypes.Some +R2439 Coq.Lists.List.In +R2450 Maps.elements +R2442 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2422 Maps.elt +R2413 Maps.t +R2547 Maps.t +R2529 Maps.elt +R2664 Coq.Init.Logic "x = y" type_scope +R2653 Maps.fold +R2670 Coq.Lists.List.fold_left +R2719 Maps.elements +R2710 Coq.Init.Datatypes.snd +R2702 Coq.Init.Datatypes.fst +R2643 Maps.t +R2617 Maps.elt +R2821 Coq.Init.Specif "{ A } + { B }" type_scope +R2824 Coq.Init.Logic "x = y" type_scope +R2834 Coq.Init.Logic "x <> y" type_scope +R2815 Maps.elt +R2815 Maps.elt +R2906 Maps.t +R2951 Maps.t +R2944 Maps.elt +R3013 Maps.t +R3006 Maps.t +R2994 Maps.elt +R3087 Coq.Init.Logic "x = y" type_scope +R3072 Maps.get +R3079 Maps.init +R3059 Maps.elt +R3174 Coq.Init.Logic "x = y" type_scope +R3156 Maps.get +R3163 Maps.set +R3150 Maps.t +R3134 Maps.elt +R3277 Coq.Init.Logic "x = y" type_scope +R3259 Maps.get +R3266 Maps.set +R3279 Maps.get +R3251 Coq.Init.Logic "x <> y" type_scope +R3239 Maps.t +R3223 Maps.elt +R3223 Maps.elt +R3379 Coq.Init.Logic "x = y" type_scope +R3361 Maps.get +R3368 Maps.set +R3384 Maps.elt_eq +R3407 Maps.get +R3351 Maps.t +R3335 Maps.elt +R3335 Maps.elt +R3505 Coq.Init.Logic "x = y" type_scope +R3479 Maps.get +R3486 Maps.set +R3493 Maps.get +R3507 Maps.get +R3473 Maps.t +R3464 Maps.elt +R3464 Maps.elt +R3570 Maps.t +R3563 Maps.t +R3667 Coq.Init.Logic "x = y" type_scope +R3651 Maps.get +R3658 Maps.map +R3671 Maps.get +R3641 Maps.t +R3632 Maps.elt +R3733 Coq.NArith.BinPos.positive +R3766 Coqlib.peq +R3851 Coq.Init.Datatypes.option +R3965 Maps.tree +R4070 Coq.Init.Specif "{ A } + { B }" type_scope +R4073 Coq.Init.Logic "x = y" type_scope +R4083 Coq.Init.Logic "x <> y" type_scope +R4064 Maps.t +R4064 Maps.t +R4027 Coq.Init.Specif "{ A } + { B }" type_scope +R4029 Coq.Init.Logic "x = y" type_scope +R4037 Coq.Init.Logic "x <> y" type_scope +R4224 Maps.t +R4217 Maps.Leaf +R4294 Coq.Init.Datatypes.option +R4276 Maps.t +R4261 Coq.NArith.BinPos.positive +R4329 Maps.Leaf +R4337 Coq.Init.Datatypes.None +R4348 Maps.Node +R4393 Coq.NArith.BinPos.xH +R4411 Coq.NArith.BinPos.xO +R4439 Coq.NArith.BinPos.xI +R4276 Maps.t +R4261 Coq.NArith.BinPos.positive +R4550 Maps.t +R4532 Maps.t +R4509 Coq.NArith.BinPos.positive +R4580 Maps.Leaf +R4619 Coq.NArith.BinPos.xH +R4625 Maps.Node +R4644 Maps.Leaf +R4636 Coq.Init.Datatypes.Some +R4630 Maps.Leaf +R4659 Coq.NArith.BinPos.xO +R4668 Maps.Node +R4694 Maps.Leaf +R4689 Coq.Init.Datatypes.None +R4683 Maps.Leaf +R4709 Coq.NArith.BinPos.xI +R4718 Maps.Node +R4743 Maps.Leaf +R4728 Coq.Init.Datatypes.None +R4723 Maps.Leaf +R4767 Maps.Node +R4812 Coq.NArith.BinPos.xH +R4818 Maps.Node +R4826 Coq.Init.Datatypes.Some +R4846 Coq.NArith.BinPos.xO +R4855 Maps.Node +R4887 Coq.NArith.BinPos.xI +R4896 Maps.Node +R4532 Maps.t +R4509 Coq.NArith.BinPos.positive +R5006 Maps.t +R4988 Maps.t +R4973 Coq.NArith.BinPos.positive +R5036 Coq.NArith.BinPos.xH +R5073 Maps.Leaf +R5081 Maps.Leaf +R5096 Maps.Node +R5101 Maps.Leaf +R5108 Maps.Leaf +R5116 Maps.Leaf +R5131 Maps.Node +R5145 Maps.Node +R5152 Coq.Init.Datatypes.None +R5177 Coq.NArith.BinPos.xO +R5217 Maps.Leaf +R5225 Maps.Leaf +R5240 Maps.Node +R5247 Coq.Init.Datatypes.None +R5252 Maps.Leaf +R5309 Maps.Leaf +R5317 Maps.Leaf +R5342 Maps.Node +R5355 Maps.Leaf +R5350 Coq.Init.Datatypes.None +R5386 Maps.Node +R5400 Maps.Node +R5441 Coq.NArith.BinPos.xI +R5481 Maps.Leaf +R5489 Maps.Leaf +R5504 Maps.Node +R5509 Maps.Leaf +R5514 Coq.Init.Datatypes.None +R5573 Maps.Leaf +R5581 Maps.Leaf +R5606 Maps.Node +R5616 Coq.Init.Datatypes.None +R5611 Maps.Leaf +R5650 Maps.Node +R5664 Maps.Node +R4988 Maps.t +R4973 Coq.NArith.BinPos.positive +R5778 Coq.Init.Logic "x = y" type_scope +R5762 Maps.get +R5769 Maps.empty +R5780 Coq.Init.Datatypes.None +R5751 Coq.NArith.BinPos.positive +R5917 Coq.Init.Logic "x = y" type_scope +R5899 Maps.get +R5906 Maps.set +R5919 Coq.Init.Datatypes.Some +R5893 Maps.t +R5872 Coq.NArith.BinPos.positive +R6056 Coq.Init.Logic "x = y" type_scope +R6037 Maps.get +R6051 Maps.t +R6044 Maps.Leaf +R6058 Coq.Init.Datatypes.None +R6026 Coq.NArith.BinPos.positive +R6081 Maps.gempty +R6081 Maps.gempty +R6195 Coq.Init.Logic "x = y" type_scope +R6177 Maps.get +R6184 Maps.set +R6197 Maps.get +R6169 Coq.Init.Logic "x <> y" type_scope +R6157 Maps.t +R6136 Coq.NArith.BinPos.positive +R6136 Coq.NArith.BinPos.positive +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6294 Maps.gleaf +R6440 Coq.Init.Logic "x = y" type_scope +R6422 Maps.get +R6429 Maps.set +R6445 Coqlib.peq +R6470 Maps.get +R6458 Coq.Init.Datatypes.Some +R6412 Maps.t +R6391 Coq.NArith.BinPos.positive +R6391 Coq.NArith.BinPos.positive +R6514 Coqlib.peq +R6543 Maps.gss +R6555 Maps.gso +R6514 Coqlib.peq +R6543 Maps.gss +R6555 Maps.gso +R6680 Coq.Init.Logic "x = y" type_scope +R6670 Maps.set +R6658 Coq.Init.Logic "x = y" type_scope +R6650 Maps.get +R6660 Coq.Init.Datatypes.Some +R6633 Maps.t +R6619 Coq.NArith.BinPos.positive +R6925 Coq.Init.Logic "x = y" type_scope +R6903 Maps.remove +R6920 Maps.t +R6913 Maps.Leaf +R6927 Maps.Leaf +R6892 Coq.NArith.BinPos.positive +R7053 Coq.Init.Logic "x = y" type_scope +R7034 Maps.get +R7041 Maps.remove +R7055 Coq.Init.Datatypes.None +R7028 Maps.t +R7014 Coq.NArith.BinPos.positive +R7205 Maps.rleaf +R7205 Maps.rleaf +R7267 Coq.Init.Logic "x = y" type_scope +R7234 Maps.get +R7241 Maps.remove +R7251 Maps.Node +R7269 Coq.Init.Datatypes.None +R7267 Coq.Init.Logic "x = y" type_scope +R7234 Maps.get +R7241 Maps.remove +R7251 Maps.Node +R7269 Coq.Init.Datatypes.None +R7294 Maps.remove +R7304 Maps.Node +R7294 Maps.remove +R7304 Maps.Node +R7463 Maps.rleaf +R7463 Maps.rleaf +R7525 Coq.Init.Logic "x = y" type_scope +R7492 Maps.get +R7499 Maps.remove +R7509 Maps.Node +R7527 Coq.Init.Datatypes.None +R7525 Coq.Init.Logic "x = y" type_scope +R7492 Maps.get +R7499 Maps.remove +R7509 Maps.Node +R7527 Coq.Init.Datatypes.None +R7552 Maps.remove +R7562 Maps.Node +R7552 Maps.remove +R7562 Maps.Node +R7779 Coq.Init.Logic "x = y" type_scope +R7760 Maps.get +R7767 Maps.remove +R7781 Maps.get +R7752 Coq.Init.Logic "x <> y" type_scope +R7740 Maps.t +R7726 Coq.NArith.BinPos.positive +R7726 Coq.NArith.BinPos.positive +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7945 Maps.rleaf +R8084 Maps.rleaf +R8123 Maps.gleaf +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7869 Maps.rleaf +R7878 Coq.NArith.BinPos.xI +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7907 Maps.rleaf +R7916 Coq.NArith.BinPos.xO +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R7945 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8084 Maps.rleaf +R8123 Maps.gleaf +R8123 Maps.gleaf +R8123 Maps.gleaf +R8123 Maps.gleaf +R8123 Maps.gleaf +R8123 Maps.gleaf +R8123 Maps.gleaf +R8123 Maps.gleaf +R8123 Maps.gleaf +R8123 Maps.gleaf +R8123 Maps.gleaf +R8123 Maps.gleaf +R8123 Maps.gleaf +R8123 Maps.gleaf +R8187 Coq.Init.Logic "x = y" type_scope +R8151 Maps.get +R8158 Maps.remove +R8168 Maps.Node +R8189 Maps.get +R8196 Maps.Node +R8236 Maps.remove +R8246 Maps.Node +R8279 Maps.gleaf +R8187 Coq.Init.Logic "x = y" type_scope +R8151 Maps.get +R8158 Maps.remove +R8168 Maps.Node +R8189 Maps.get +R8196 Maps.Node +R8236 Maps.remove +R8246 Maps.Node +R8279 Maps.gleaf +R8279 Maps.gleaf +R8346 Maps.remove +R8356 Maps.Node +R8397 Maps.gleaf +R8346 Maps.remove +R8356 Maps.Node +R8397 Maps.gleaf +R8397 Maps.gleaf +R8438 Maps.remove +R8448 Maps.Node +R8488 Maps.gleaf +R8438 Maps.remove +R8448 Maps.Node +R8488 Maps.gleaf +R8488 Maps.gleaf +R8561 Coq.Init.Logic "x = y" type_scope +R8524 Maps.get +R8531 Maps.remove +R8541 Maps.Node +R8563 Maps.get +R8570 Maps.Node +R8611 Maps.remove +R8621 Maps.Node +R8655 Maps.gleaf +R8561 Coq.Init.Logic "x = y" type_scope +R8524 Maps.get +R8531 Maps.remove +R8541 Maps.Node +R8563 Maps.get +R8570 Maps.Node +R8611 Maps.remove +R8621 Maps.Node +R8655 Maps.gleaf +R8655 Maps.gleaf +R8722 Maps.remove +R8732 Maps.Node +R8772 Maps.gleaf +R8722 Maps.remove +R8732 Maps.Node +R8772 Maps.gleaf +R8772 Maps.gleaf +R8813 Maps.remove +R8823 Maps.Node +R8864 Maps.gleaf +R8813 Maps.remove +R8823 Maps.Node +R8864 Maps.gleaf +R8864 Maps.gleaf +R8948 Coq.NArith.BinPos.positive +R8925 Coq.NArith.BinPos.positive +R8925 Coq.NArith.BinPos.positive +R8987 Coq.NArith.BinPos.xH +R9003 Coq.NArith.BinPos.xI +R9012 Coq.NArith.BinPos.xI +R9037 Coq.NArith.BinPos.xO +R9046 Coq.NArith.BinPos.xO +R8925 Coq.NArith.BinPos.positive +R8925 Coq.NArith.BinPos.positive +R9170 Coq.Init.Logic "x = y" type_scope +R9154 Maps.append +R9164 Coq.NArith.BinPos.xO +R9172 Maps.append +R9180 Maps.append +R9190 Coq.NArith.BinPos.xO +R9193 Coq.NArith.BinPos.xH +R9116 Coq.NArith.BinPos.positive +R9116 Coq.NArith.BinPos.positive +R9282 Coq.NArith.BinPos.xI +R9314 Coq.NArith.BinPos.xO +R9348 Coq.NArith.BinPos.xH +R9282 Coq.NArith.BinPos.xI +R9282 Coq.NArith.BinPos.xI +R9282 Coq.NArith.BinPos.xI +R9282 Coq.NArith.BinPos.xI +R9282 Coq.NArith.BinPos.xI +R9282 Coq.NArith.BinPos.xI +R9314 Coq.NArith.BinPos.xO +R9314 Coq.NArith.BinPos.xO +R9314 Coq.NArith.BinPos.xO +R9314 Coq.NArith.BinPos.xO +R9314 Coq.NArith.BinPos.xO +R9314 Coq.NArith.BinPos.xO +R9348 Coq.NArith.BinPos.xH +R9348 Coq.NArith.BinPos.xH +R9348 Coq.NArith.BinPos.xH +R9348 Coq.NArith.BinPos.xH +R9348 Coq.NArith.BinPos.xH +R9348 Coq.NArith.BinPos.xH +R9470 Coq.Init.Logic "x = y" type_scope +R9454 Maps.append +R9464 Coq.NArith.BinPos.xI +R9472 Maps.append +R9480 Maps.append +R9490 Coq.NArith.BinPos.xI +R9493 Coq.NArith.BinPos.xH +R9416 Coq.NArith.BinPos.positive +R9416 Coq.NArith.BinPos.positive +R9582 Coq.NArith.BinPos.xI +R9614 Coq.NArith.BinPos.xO +R9648 Coq.NArith.BinPos.xH +R9582 Coq.NArith.BinPos.xI +R9582 Coq.NArith.BinPos.xI +R9582 Coq.NArith.BinPos.xI +R9582 Coq.NArith.BinPos.xI +R9582 Coq.NArith.BinPos.xI +R9582 Coq.NArith.BinPos.xI +R9614 Coq.NArith.BinPos.xO +R9614 Coq.NArith.BinPos.xO +R9614 Coq.NArith.BinPos.xO +R9614 Coq.NArith.BinPos.xO +R9614 Coq.NArith.BinPos.xO +R9614 Coq.NArith.BinPos.xO +R9648 Coq.NArith.BinPos.xH +R9648 Coq.NArith.BinPos.xH +R9648 Coq.NArith.BinPos.xH +R9648 Coq.NArith.BinPos.xH +R9648 Coq.NArith.BinPos.xH +R9648 Coq.NArith.BinPos.xH +R9739 Coq.Init.Logic "x = y" type_scope +R9727 Maps.append +R9736 Coq.NArith.BinPos.xH +R9716 Coq.NArith.BinPos.positive +R9867 Coq.Init.Logic "x = y" type_scope +R9855 Maps.append +R9862 Coq.NArith.BinPos.xH +R9844 Coq.NArith.BinPos.positive +R10018 Maps.t +R9982 Coq.NArith.BinPos.positive +R9972 Maps.t +R9947 Coq.NArith.BinPos.positive +R10052 Maps.Leaf +R10060 Maps.Leaf +R10073 Maps.Node +R10087 Maps.Node +R10208 Maps.append +R10218 Coq.NArith.BinPos.xI +R10221 Coq.NArith.BinPos.xH +R10150 Coqlib.option_map +R10103 Maps.append +R10113 Coq.NArith.BinPos.xO +R10116 Coq.NArith.BinPos.xH +R9982 Coq.NArith.BinPos.positive +R9972 Maps.t +R9947 Coq.NArith.BinPos.positive +R10298 Maps.xmap +R10307 Coq.NArith.BinPos.xH +R10273 Coq.NArith.BinPos.positive +R10429 Coq.Init.Logic "x = y" type_scope +R10410 Maps.get +R10417 Maps.xmap +R10431 Coqlib.option_map +R10460 Maps.get +R10446 Maps.append +R10398 Maps.t +R10384 Coq.NArith.BinPos.positive +R10384 Coq.NArith.BinPos.positive +R10357 Coq.NArith.BinPos.positive +R10548 Maps.append_assoc_1 +R10548 Maps.append_assoc_1 +R10595 Maps.append_assoc_0 +R10595 Maps.append_assoc_0 +R10642 Maps.append_neutral_r +R10642 Maps.append_neutral_r +R10785 Coq.Init.Logic "x = y" type_scope +R10769 Maps.get +R10776 Maps.map +R10787 Coqlib.option_map +R10805 Maps.get +R10759 Maps.t +R10745 Coq.NArith.BinPos.positive +R10721 Coq.NArith.BinPos.positive +R10879 Maps.append +R10886 Coq.NArith.BinPos.xH +R10879 Maps.append +R10886 Coq.NArith.BinPos.xH +R10904 Maps.xgmap +R10904 Maps.xgmap +R10923 Maps.append_neutral_l +R10923 Maps.append_neutral_l +R11074 Maps.t +R11056 Maps.t +R11018 Coq.Init.Datatypes.option +R11006 Coq.Init.Datatypes.option +R10994 Coq.Init.Datatypes.option +R11108 Maps.Leaf +R11116 Maps.Leaf +R11129 Maps.Node +R11143 Maps.Node +R11170 Coq.Init.Datatypes.None +R11056 Maps.t +R11018 Coq.Init.Datatypes.option +R11006 Coq.Init.Datatypes.option +R10994 Coq.Init.Datatypes.option +R11393 Coq.Init.Logic "x = y" type_scope +R11370 Maps.get +R11377 Maps.xcombine_l +R11407 Coq.Init.Datatypes.None +R11398 Maps.get +R11360 Coq.Init.Logic "x = y" type_scope +R11355 Coq.Init.Datatypes.None +R11350 Coq.Init.Datatypes.None +R11362 Coq.Init.Datatypes.None +R11332 Maps.t +R11317 Coq.NArith.BinPos.positive +R11285 Coq.Init.Datatypes.option +R11273 Coq.Init.Datatypes.option +R11261 Coq.Init.Datatypes.option +R11605 Maps.t +R11587 Maps.t +R11549 Coq.Init.Datatypes.option +R11537 Coq.Init.Datatypes.option +R11525 Coq.Init.Datatypes.option +R11639 Maps.Leaf +R11647 Maps.Leaf +R11660 Maps.Node +R11674 Maps.Node +R11699 Coq.Init.Datatypes.None +R11587 Maps.t +R11549 Coq.Init.Datatypes.option +R11537 Coq.Init.Datatypes.option +R11525 Coq.Init.Datatypes.option +R11924 Coq.Init.Logic "x = y" type_scope +R11901 Maps.get +R11908 Maps.xcombine_r +R11934 Maps.get +R11928 Coq.Init.Datatypes.None +R11891 Coq.Init.Logic "x = y" type_scope +R11886 Coq.Init.Datatypes.None +R11881 Coq.Init.Datatypes.None +R11893 Coq.Init.Datatypes.None +R11863 Maps.t +R11848 Coq.NArith.BinPos.positive +R11816 Coq.Init.Datatypes.option +R11804 Coq.Init.Datatypes.option +R11792 Coq.Init.Datatypes.option +R12132 Maps.t +R12113 Maps.t +R12113 Maps.t +R12075 Coq.Init.Datatypes.option +R12063 Coq.Init.Datatypes.option +R12051 Coq.Init.Datatypes.option +R12163 Maps.Leaf +R12171 Maps.xcombine_r +R12193 Maps.Node +R12242 Maps.Leaf +R12250 Maps.xcombine_l +R12276 Maps.Node +R12293 Maps.Node +R12113 Maps.t +R12113 Maps.t +R12075 Coq.Init.Datatypes.option +R12063 Coq.Init.Datatypes.option +R12051 Coq.Init.Datatypes.option +R12546 Coq.Init.Logic "x = y" type_scope +R12522 Maps.get +R12529 Maps.combine +R12562 Maps.get +R12551 Maps.get +R12506 Coq.Init.Logic "x = y" type_scope +R12501 Coq.Init.Datatypes.None +R12496 Coq.Init.Datatypes.None +R12508 Coq.Init.Datatypes.None +R12482 Maps.t +R12482 Maps.t +R12451 Coq.NArith.BinPos.positive +R12437 Coq.Init.Datatypes.option +R12425 Coq.Init.Datatypes.option +R12413 Coq.Init.Datatypes.option +R12666 Maps.xgcombine_r +R12689 Maps.xgcombine_l +R12666 Maps.xgcombine_r +R12666 Maps.xgcombine_r +R12666 Maps.xgcombine_r +R12666 Maps.xgcombine_r +R12689 Maps.xgcombine_l +R12689 Maps.xgcombine_l +R12689 Maps.xgcombine_l +R12689 Maps.xgcombine_l +R12889 Coq.Init.Logic "x = y" type_scope +R12865 Maps.get +R12872 Maps.combine +R12905 Maps.get +R12894 Maps.get +R12851 Coq.Init.Logic "x = y" type_scope +R12846 Coq.Init.Datatypes.None +R12841 Coq.Init.Datatypes.None +R12853 Coq.Init.Datatypes.None +R12824 Coq.NArith.BinPos.positive +R12815 Maps.t +R12815 Maps.t +R12786 Coq.Init.Datatypes.option +R12774 Coq.Init.Datatypes.option +R12762 Coq.Init.Datatypes.option +R12958 Maps.xgcombine +R12958 Maps.xgcombine +R13160 Coq.Init.Logic "x = y" type_scope +R13145 Maps.xcombine_l +R13162 Maps.xcombine_r +R13127 Coq.Init.Logic "x = y" type_scope +R13110 Coq.Init.Datatypes.option +R13110 Coq.Init.Datatypes.option +R13083 Maps.t +R13068 Coq.Init.Datatypes.option +R13056 Coq.Init.Datatypes.option +R13044 Coq.Init.Datatypes.option +R13068 Coq.Init.Datatypes.option +R13056 Coq.Init.Datatypes.option +R13044 Coq.Init.Datatypes.option +R13493 Coq.Init.Logic "x = y" type_scope +R13477 Maps.combine +R13495 Maps.combine +R13467 Maps.t +R13467 Maps.t +R13436 Coq.Init.Logic "x = y" type_scope +R13419 Coq.Init.Datatypes.option +R13419 Coq.Init.Datatypes.option +R13390 Coq.Init.Datatypes.option +R13378 Coq.Init.Datatypes.option +R13366 Coq.Init.Datatypes.option +R13390 Coq.Init.Datatypes.option +R13378 Coq.Init.Datatypes.option +R13366 Coq.Init.Datatypes.option +R13590 Coq.Init.Logic "x = y" type_scope +R13573 Coq.Init.Datatypes.option +R13573 Coq.Init.Datatypes.option +R13590 Coq.Init.Logic "x = y" type_scope +R13573 Coq.Init.Datatypes.option +R13573 Coq.Init.Datatypes.option +R13711 Maps.xcombine_lr +R13751 Maps.xcombine_lr +R13711 Maps.xcombine_lr +R13711 Maps.xcombine_lr +R13711 Maps.xcombine_lr +R13711 Maps.xcombine_lr +R13711 Maps.xcombine_lr +R13711 Maps.xcombine_lr +R13711 Maps.xcombine_lr +R13711 Maps.xcombine_lr +R13751 Maps.xcombine_lr +R13751 Maps.xcombine_lr +R13751 Maps.xcombine_lr +R13751 Maps.xcombine_lr +R13751 Maps.xcombine_lr +R13751 Maps.xcombine_lr +R13751 Maps.xcombine_lr +R13751 Maps.xcombine_lr +R13751 Maps.xcombine_lr +R13751 Maps.xcombine_lr +R13927 Coq.Lists.List.list +R13942 Coq.Init.Datatypes "x * y" type_scope +R13933 Coq.NArith.BinPos.positive +R13891 Coq.NArith.BinPos.positive +R13881 Maps.t +R13977 Maps.Leaf +R13985 Coq.Lists.List.nil +R13997 Maps.Node +R14004 Coq.Init.Datatypes.None +R14055 Coq.Lists.List "x ++ y" list_scope +R14038 Maps.append +R14048 Coq.NArith.BinPos.xO +R14051 Coq.NArith.BinPos.xH +R14074 Maps.append +R14084 Coq.NArith.BinPos.xI +R14087 Coq.NArith.BinPos.xH +R14101 Maps.Node +R14109 Coq.Init.Datatypes.Some +R14163 Coq.Lists.List "x ++ y" list_scope +R14146 Maps.append +R14156 Coq.NArith.BinPos.xO +R14159 Coq.NArith.BinPos.xH +R14186 Coq.Lists.List "x :: y" list_scope +R14179 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14202 Maps.append +R14212 Coq.NArith.BinPos.xI +R14215 Coq.NArith.BinPos.xH +R13891 Coq.NArith.BinPos.positive +R13881 Maps.t +R14410 Maps.xelements +R14422 Coq.NArith.BinPos.xH +R14402 Maps.t +R14538 Coq.Lists.List.In +R14558 Maps.xelements +R14541 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14542 Maps.append +R14526 Coq.Init.Logic "x = y" type_scope +R14518 Maps.get +R14528 Coq.Init.Datatypes.Some +R14494 Coq.NArith.BinPos.positive +R14494 Coq.NArith.BinPos.positive +R14482 Maps.t +R14628 Maps.gleaf +R14628 Maps.gleaf +R14723 Maps.append_assoc_1 +R14745 Coq.Lists.List.in_or_app +R14769 Coq.Lists.List.in_cons +R14723 Maps.append_assoc_1 +R14745 Coq.Lists.List.in_or_app +R14769 Coq.Lists.List.in_cons +R14822 Maps.append_assoc_0 +R14844 Coq.Lists.List.in_or_app +R14822 Maps.append_assoc_0 +R14844 Coq.Lists.List.in_or_app +R14895 Maps.append_neutral_r +R14919 Coq.Lists.List.in_or_app +R14988 Coq.Lists.List.in_eq +R14895 Maps.append_neutral_r +R14919 Coq.Lists.List.in_or_app +R14988 Coq.Lists.List.in_eq +R15011 Maps.append_assoc_1 +R15033 Coq.Lists.List.in_or_app +R15011 Maps.append_assoc_1 +R15033 Coq.Lists.List.in_or_app +R15085 Maps.append_assoc_0 +R15107 Coq.Lists.List.in_or_app +R15085 Maps.append_assoc_0 +R15107 Coq.Lists.List.in_or_app +R15275 Coq.Lists.List.In +R15286 Maps.elements +R15278 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15263 Coq.Init.Logic "x = y" type_scope +R15255 Maps.get +R15265 Coq.Init.Datatypes.Some +R15233 Coq.NArith.BinPos.positive +R15224 Maps.t +R15341 Maps.xelements_correct +R15363 Coq.NArith.BinPos.xH +R15341 Maps.xelements_correct +R15363 Coq.NArith.BinPos.xH +R15446 Coq.Init.Datatypes.option +R15428 Maps.t +R15413 Coq.NArith.BinPos.positive +R15413 Coq.NArith.BinPos.positive +R15491 Coq.NArith.BinPos.xH +R15497 Maps.get +R15513 Coq.NArith.BinPos.xO +R15520 Coq.NArith.BinPos.xO +R15550 Coq.NArith.BinPos.xI +R15557 Coq.NArith.BinPos.xI +R15595 Coq.Init.Datatypes.None +R15428 Maps.t +R15413 Coq.NArith.BinPos.positive +R15413 Coq.NArith.BinPos.positive +R15783 Coq.Init.Logic "x = y" type_scope +R15759 Maps.xget +R15769 Maps.Node +R15785 Coq.Init.Datatypes.Some +R15747 Coq.Init.Logic "x = y" type_scope +R15718 Maps.xget +R15726 Maps.append +R15736 Coq.NArith.BinPos.xO +R15739 Coq.NArith.BinPos.xH +R15749 Coq.Init.Datatypes.Some +R15693 Coq.Init.Datatypes.option +R15683 Maps.t +R15683 Maps.t +R15664 Coq.NArith.BinPos.positive +R15664 Coq.NArith.BinPos.positive +R16048 Coq.Lists.List.In +R16059 Maps.xelements +R16051 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16011 Coq.Lists.List.In +R16025 Maps.xelements +R16038 Coq.NArith.BinPos.xI +R16014 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16015 Coq.NArith.BinPos.xI +R15987 Coq.NArith.BinPos.positive +R15987 Coq.NArith.BinPos.positive +R15975 Maps.t +R16181 Coq.Lists.List.in_app_or +R16216 Coq.Lists.List.in_or_app +R16181 Coq.Lists.List.in_app_or +R16181 Coq.Lists.List.in_app_or +R16216 Coq.Lists.List.in_or_app +R16216 Coq.Lists.List.in_or_app +R16216 Coq.Lists.List.in_or_app +R16216 Coq.Lists.List.in_or_app +R16284 Coq.Lists.List.in_inv +R16284 Coq.Lists.List.in_inv +R16367 Coq.Lists.List.in_eq +R16367 Coq.Lists.List.in_eq +R16389 Coq.Lists.List.in_cons +R16389 Coq.Lists.List.in_cons +R16578 Coq.Init.Logic "~ x" type_scope +R16579 Coq.Lists.List.In +R16593 Maps.xelements +R16606 Coq.NArith.BinPos.xO +R16582 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16583 Coq.NArith.BinPos.xI +R16554 Coq.NArith.BinPos.positive +R16554 Coq.NArith.BinPos.positive +R16542 Maps.t +R16717 Coq.Lists.List.in_app_or +R16717 Coq.Lists.List.in_app_or +R16717 Coq.Lists.List.in_app_or +R16786 Coq.Lists.List.in_inv +R16786 Coq.Lists.List.in_inv +R17047 Coq.Lists.List.In +R17058 Maps.xelements +R17050 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17010 Coq.Lists.List.In +R17024 Maps.xelements +R17037 Coq.NArith.BinPos.xO +R17013 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17014 Coq.NArith.BinPos.xO +R16986 Coq.NArith.BinPos.positive +R16986 Coq.NArith.BinPos.positive +R16974 Maps.t +R17180 Coq.Lists.List.in_app_or +R17215 Coq.Lists.List.in_or_app +R17180 Coq.Lists.List.in_app_or +R17180 Coq.Lists.List.in_app_or +R17215 Coq.Lists.List.in_or_app +R17215 Coq.Lists.List.in_or_app +R17215 Coq.Lists.List.in_or_app +R17215 Coq.Lists.List.in_or_app +R17283 Coq.Lists.List.in_inv +R17283 Coq.Lists.List.in_inv +R17366 Coq.Lists.List.in_eq +R17366 Coq.Lists.List.in_eq +R17388 Coq.Lists.List.in_cons +R17388 Coq.Lists.List.in_cons +R17577 Coq.Init.Logic "~ x" type_scope +R17578 Coq.Lists.List.In +R17592 Maps.xelements +R17605 Coq.NArith.BinPos.xI +R17581 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17582 Coq.NArith.BinPos.xO +R17553 Coq.NArith.BinPos.positive +R17553 Coq.NArith.BinPos.positive +R17541 Maps.t +R17716 Coq.Lists.List.in_app_or +R17716 Coq.Lists.List.in_app_or +R17716 Coq.Lists.List.in_app_or +R17785 Coq.Lists.List.in_inv +R17785 Coq.Lists.List.in_inv +R18071 Coq.Lists.List.In +R18082 Maps.xelements +R18095 Coq.NArith.BinPos.xH +R18074 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18025 Coq.Lists.List.In +R18039 Maps.xelements +R18064 Coq.NArith.BinPos.xH +R18050 Maps.Node +R18028 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18029 Coq.NArith.BinPos.xI +R18001 Coq.NArith.BinPos.positive +R17986 Coq.Init.Datatypes.option +R17977 Maps.t +R17977 Maps.t +R18154 Coq.Lists.List.in_app_or +R18154 Coq.Lists.List.in_app_or +R18154 Coq.Lists.List.in_app_or +R18190 Coq.Lists.List.In +R18204 Maps.xelements +R18193 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18194 Coq.NArith.BinPos.xI +R18234 Maps.xelements_io +R18190 Coq.Lists.List.In +R18204 Maps.xelements +R18193 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18194 Coq.NArith.BinPos.xI +R18234 Maps.xelements_io +R18272 Coq.Lists.List.in_inv +R18272 Coq.Lists.List.in_inv +R18320 Maps.xelements_ii +R18320 Maps.xelements_ii +R18356 Coq.Lists.List.In +R18370 Maps.xelements +R18359 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18360 Coq.NArith.BinPos.xI +R18400 Maps.xelements_io +R18356 Coq.Lists.List.In +R18370 Maps.xelements +R18359 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18360 Coq.NArith.BinPos.xI +R18400 Maps.xelements_io +R18434 Maps.xelements_ii +R18434 Maps.xelements_ii +R18613 Coq.Lists.List.In +R18624 Maps.xelements +R18637 Coq.NArith.BinPos.xH +R18616 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18567 Coq.Lists.List.In +R18581 Maps.xelements +R18606 Coq.NArith.BinPos.xH +R18592 Maps.Node +R18570 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18571 Coq.NArith.BinPos.xO +R18543 Coq.NArith.BinPos.positive +R18528 Coq.Init.Datatypes.option +R18519 Maps.t +R18519 Maps.t +R18696 Coq.Lists.List.in_app_or +R18696 Coq.Lists.List.in_app_or +R18696 Coq.Lists.List.in_app_or +R18730 Maps.xelements_oo +R18730 Maps.xelements_oo +R18768 Coq.Lists.List.in_inv +R18768 Coq.Lists.List.in_inv +R18818 Coq.Lists.List.In +R18832 Maps.xelements +R18821 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18822 Coq.NArith.BinPos.xO +R18862 Maps.xelements_oi +R18818 Coq.Lists.List.In +R18832 Maps.xelements +R18821 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18822 Coq.NArith.BinPos.xO +R18862 Maps.xelements_oi +R18896 Maps.xelements_oo +R18896 Maps.xelements_oo +R18932 Coq.Lists.List.In +R18946 Maps.xelements +R18935 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18936 Coq.NArith.BinPos.xO +R18976 Maps.xelements_oi +R18932 Coq.Lists.List.In +R18946 Maps.xelements +R18935 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18936 Coq.NArith.BinPos.xO +R18976 Maps.xelements_oi +R19091 Coq.Init.Logic "~ x" type_scope +R19092 Coq.Lists.List.In +R19104 Maps.xelements +R19117 Coq.NArith.BinPos.xI +R19095 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19096 Coq.NArith.BinPos.xH +R19067 Coq.NArith.BinPos.positive +R19057 Maps.t +R19228 Coq.Lists.List.in_app_or +R19228 Coq.Lists.List.in_app_or +R19228 Coq.Lists.List.in_app_or +R19307 Coq.Lists.List.in_inv +R19307 Coq.Lists.List.in_inv +R19559 Coq.Init.Logic "~ x" type_scope +R19560 Coq.Lists.List.In +R19572 Maps.xelements +R19585 Coq.NArith.BinPos.xO +R19563 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19564 Coq.NArith.BinPos.xH +R19535 Coq.NArith.BinPos.positive +R19525 Maps.t +R19696 Coq.Lists.List.in_app_or +R19696 Coq.Lists.List.in_app_or +R19696 Coq.Lists.List.in_app_or +R19775 Coq.Lists.List.in_inv +R19775 Coq.Lists.List.in_inv +R20019 Coq.Init.Logic "x = y" type_scope +R20011 Maps.get +R20021 Maps.xget +R20028 Coq.NArith.BinPos.xH +R20000 Coq.NArith.BinPos.positive +R19991 Maps.t +R20218 Coq.Init.Logic "x = y" type_scope +R20207 Maps.xget +R20220 Coq.Init.Datatypes.Some +R20178 Coq.Lists.List.In +R20189 Maps.xelements +R20181 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20159 Maps.t +R20145 Coq.NArith.BinPos.positive +R20145 Coq.NArith.BinPos.positive +R20316 Maps.xelements_ii +R20316 Maps.xelements_ii +R20351 Coq.Lists.List.In +R20365 Maps.xelements +R20378 Coq.NArith.BinPos.xO +R20354 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20355 Coq.NArith.BinPos.xI +R20399 Maps.xelements_io +R20351 Coq.Lists.List.In +R20365 Maps.xelements +R20378 Coq.NArith.BinPos.xO +R20354 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20355 Coq.NArith.BinPos.xI +R20399 Maps.xelements_io +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R20475 Maps.get_xget_h +R20475 Maps.get_xget_h +R20505 Maps.xelements_ih +R20505 Maps.xelements_ih +R20547 Coq.Lists.List.In +R20561 Maps.xelements +R20574 Coq.NArith.BinPos.xI +R20550 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20551 Coq.NArith.BinPos.xO +R20595 Maps.xelements_oi +R20547 Coq.Lists.List.In +R20561 Maps.xelements +R20574 Coq.NArith.BinPos.xI +R20550 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20551 Coq.NArith.BinPos.xO +R20595 Maps.xelements_oi +R20633 Maps.xelements_oo +R20633 Maps.xelements_oo +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R20715 Maps.get_xget_h +R20715 Maps.get_xget_h +R20745 Maps.xelements_oh +R20745 Maps.xelements_oh +R20787 Coq.Lists.List.In +R20799 Maps.xelements +R20812 Coq.NArith.BinPos.xI +R20790 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20791 Coq.NArith.BinPos.xH +R20833 Maps.xelements_hi +R20787 Coq.Lists.List.In +R20799 Maps.xelements +R20812 Coq.NArith.BinPos.xI +R20790 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20791 Coq.NArith.BinPos.xH +R20833 Maps.xelements_hi +R20862 Coq.Lists.List.In +R20874 Maps.xelements +R20887 Coq.NArith.BinPos.xO +R20865 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20866 Coq.NArith.BinPos.xH +R20908 Maps.xelements_ho +R20862 Coq.Lists.List.In +R20874 Maps.xelements +R20887 Coq.NArith.BinPos.xO +R20865 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20866 Coq.NArith.BinPos.xH +R20908 Maps.xelements_ho +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R21010 Coq.Lists.List.in_app_or +R21010 Coq.Lists.List.in_app_or +R21010 Coq.Lists.List.in_app_or +R21047 Coq.Lists.List.In +R21059 Maps.xelements +R21073 Coq.NArith.BinPos.xO +R21076 Coq.NArith.BinPos.xH +R21050 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21051 Coq.NArith.BinPos.xH +R21095 Maps.xelements_ho +R21047 Coq.Lists.List.In +R21059 Maps.xelements +R21073 Coq.NArith.BinPos.xO +R21076 Coq.NArith.BinPos.xH +R21050 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21051 Coq.NArith.BinPos.xH +R21095 Maps.xelements_ho +R21128 Coq.Lists.List.in_inv +R21128 Coq.Lists.List.in_inv +R21180 Coq.Lists.List.In +R21192 Maps.xelements +R21206 Coq.NArith.BinPos.xI +R21209 Coq.NArith.BinPos.xH +R21183 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21184 Coq.NArith.BinPos.xH +R21228 Maps.xelements_hi +R21180 Coq.Lists.List.In +R21192 Maps.xelements +R21206 Coq.NArith.BinPos.xI +R21209 Coq.NArith.BinPos.xH +R21183 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21184 Coq.NArith.BinPos.xH +R21228 Maps.xelements_hi +R21259 Coq.Lists.List.In +R21271 Maps.xelements +R21285 Coq.NArith.BinPos.xO +R21288 Coq.NArith.BinPos.xH +R21262 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21263 Coq.NArith.BinPos.xH +R21307 Maps.xelements_ho +R21259 Coq.Lists.List.In +R21271 Maps.xelements +R21285 Coq.NArith.BinPos.xO +R21288 Coq.NArith.BinPos.xH +R21262 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21263 Coq.NArith.BinPos.xH +R21307 Maps.xelements_ho +R21338 Coq.Lists.List.In +R21350 Maps.xelements +R21364 Coq.NArith.BinPos.xI +R21367 Coq.NArith.BinPos.xH +R21341 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21342 Coq.NArith.BinPos.xH +R21386 Maps.xelements_hi +R21338 Coq.Lists.List.In +R21350 Maps.xelements +R21364 Coq.NArith.BinPos.xI +R21367 Coq.NArith.BinPos.xH +R21341 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21342 Coq.NArith.BinPos.xH +R21386 Maps.xelements_hi +R21528 Coq.Init.Logic "x = y" type_scope +R21520 Maps.get +R21530 Coq.Init.Datatypes.Some +R21494 Coq.Lists.List.In +R21505 Maps.elements +R21497 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21472 Coq.NArith.BinPos.positive +R21463 Maps.t +R21607 Maps.get_xget_h +R21607 Maps.get_xget_h +R21630 Maps.xelements_complete +R21651 Coq.NArith.BinPos.xH +R21630 Maps.xelements_complete +R21651 Coq.NArith.BinPos.xH +R21754 Coq.Lists.List.fold_left +R21803 Maps.elements +R21794 Coq.Init.Datatypes.snd +R21786 Coq.Init.Datatypes.fst +R21734 Maps.t +R21709 Coq.NArith.BinPos.positive +R21924 Coq.Init.Logic "x = y" type_scope +R21913 Maps.fold +R21930 Coq.Lists.List.fold_left +R21979 Maps.elements +R21970 Coq.Init.Datatypes.snd +R21962 Coq.Init.Datatypes.fst +R21903 Maps.t +R21872 Coq.NArith.BinPos.positive +R22094 Coq.NArith.BinPos.positive +R22127 Coqlib.peq +R22170 Coq.Init.Datatypes "x * y" type_scope +R22172 Maps.t +R22233 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22237 Maps.empty +R22319 Maps.get +R22332 Coq.Init.Datatypes.snd +R22350 Coq.Init.Datatypes.Some +R22368 Coq.Init.Datatypes.None +R22376 Coq.Init.Datatypes.fst +R22301 Maps.t +R22286 Coq.NArith.BinPos.positive +R22459 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22460 Coq.Init.Datatypes.fst +R22467 Maps.set +R22482 Coq.Init.Datatypes.snd +R22447 Maps.t +R22424 Coq.NArith.BinPos.positive +R22563 Coq.Init.Logic "x = y" type_scope +R22548 Maps.get +R22555 Maps.init +R22530 Coq.NArith.BinPos.positive +R22629 Maps.gempty +R22629 Maps.gempty +R22741 Coq.Init.Logic "x = y" type_scope +R22723 Maps.get +R22730 Maps.set +R22717 Maps.t +R22696 Coq.NArith.BinPos.positive +R22806 Maps.gss +R22806 Maps.gss +R22931 Coq.Init.Logic "x = y" type_scope +R22913 Maps.get +R22920 Maps.set +R22933 Maps.get +R22905 Coq.Init.Logic "x <> y" type_scope +R22893 Maps.t +R22872 Coq.NArith.BinPos.positive +R22872 Coq.NArith.BinPos.positive +R23002 Maps.gso +R23002 Maps.gso +R23120 Coq.Init.Logic "x = y" type_scope +R23102 Maps.get +R23109 Maps.set +R23125 Coqlib.peq +R23145 Maps.get +R23092 Maps.t +R23071 Coq.NArith.BinPos.positive +R23071 Coq.NArith.BinPos.positive +R23185 Coqlib.peq +R23185 Coqlib.peq +R23217 Maps.gss +R23217 Maps.gss +R23239 Maps.gso +R23239 Maps.gso +R23353 Coq.Init.Logic "x = y" type_scope +R23327 Maps.get +R23334 Maps.set +R23341 Maps.get +R23355 Maps.get +R23317 Maps.t +R23303 Coq.NArith.BinPos.positive +R23303 Coq.NArith.BinPos.positive +R23395 Coqlib.peq +R23395 Coqlib.peq +R23429 Maps.gss +R23429 Maps.gss +R23453 Maps.gso +R23453 Maps.gso +R23526 Maps.t +R23537 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23541 Coq.Init.Datatypes.fst +R23549 Maps.map +R23573 Coq.Init.Datatypes.snd +R23519 Maps.t +R23677 Coq.Init.Logic "x = y" type_scope +R23661 Maps.get +R23668 Maps.map +R23681 Maps.get +R23651 Maps.t +R23637 Coq.NArith.BinPos.positive +R23751 Maps.gmap +R23751 Maps.gmap +R23796 Maps.get +R23809 Coq.Init.Datatypes.snd +R23796 Maps.get +R23809 Coq.Init.Datatypes.snd +R23911 Coq.NArith.BinPos.positive +R23906 Maps.t +R23985 Coq.Init.Logic "x = y" type_scope +R23970 Coq.Init.Logic "x = y" type_scope +R23962 Maps.index +R23972 Maps.index +R23958 Maps.t +R23958 Maps.t +R24022 Coq.Init.Specif "{ A } + { B }" type_scope +R24025 Coq.Init.Logic "x = y" type_scope +R24035 Coq.Init.Logic "x <> y" type_scope +R24018 Maps.t +R24018 Maps.t +R24177 Maps.t +R24222 Maps.init +R24282 Maps.get +R24274 Maps.t +R24360 Maps.set +R24352 Maps.t +R24437 Maps.t +R24444 Maps.map +R24430 Maps.t +R24523 Coq.Init.Logic "x = y" type_scope +R24508 Maps.get +R24515 Maps.init +R24573 Maps.gi +R24573 Maps.gi +R24668 Coq.Init.Logic "x = y" type_scope +R24650 Maps.get +R24657 Maps.set +R24644 Maps.t +R24717 Maps.gss +R24717 Maps.gss +R24828 Coq.Init.Logic "x = y" type_scope +R24810 Maps.get +R24817 Maps.set +R24830 Maps.get +R24802 Coq.Init.Logic "x <> y" type_scope +R24790 Maps.t +R24883 Maps.gso +R24883 Maps.gso +R25039 Coq.Init.Logic "x = y" type_scope +R25021 Maps.get +R25028 Maps.set +R25065 Maps.get +R25011 Maps.t +R25125 Maps.gsspec +R25125 Maps.gsspec +R25187 Coqlib.peq_true +R25187 Coqlib.peq_true +R25222 Coqlib.peq_false +R25222 Coqlib.peq_false +R25391 Coq.Init.Logic "x = y" type_scope +R25375 Maps.get +R25382 Maps.map +R25395 Maps.get +R25365 Maps.t +R25449 Maps.gmap +R25449 Maps.gmap +R25515 Coq.ZArith.BinInt.Z +R25545 Coq.NArith.BinPos.positive +R25580 Coq.ZArith.BinInt.Z0 +R25586 Coq.NArith.BinPos.xH +R25595 Coq.ZArith.BinInt.Zpos +R25605 Coq.NArith.BinPos.xO +R25616 Coq.ZArith.BinInt.Zneg +R25626 Coq.NArith.BinPos.xI +R25541 Coq.ZArith.BinInt.Z +R25699 Coq.Init.Logic "x = y" type_scope +R25684 Coq.Init.Logic "x = y" type_scope +R25676 Maps.index +R25686 Maps.index +R25672 Coq.ZArith.BinInt.Z +R25672 Coq.ZArith.BinInt.Z +R25860 Coqlib.zeq +R25947 Coq.NArith.BinNat.N +R25977 Coq.NArith.BinPos.positive +R26012 Coq.NArith.BinNat.N0 +R26018 Coq.NArith.BinPos.xH +R26027 Coq.NArith.BinNat.Npos +R26037 Coq.NArith.BinPos.xO +R25973 Coq.NArith.BinNat.N +R26110 Coq.Init.Logic "x = y" type_scope +R26095 Coq.Init.Logic "x = y" type_scope +R26087 Maps.index +R26097 Maps.index +R26083 Coq.NArith.BinNat.N +R26083 Coq.NArith.BinNat.N +R26265 Coq.Init.Specif "{ A } + { B }" type_scope +R26268 Coq.Init.Logic "x = y" type_scope +R26278 Coq.Init.Logic "x <> y" type_scope +R26261 Coq.NArith.BinNat.N +R26261 Coq.NArith.BinNat.N +R26321 Coqlib.peq +R26321 Coqlib.peq +R26458 Coq.Init.Specif "{ A } + { B }" type_scope +R26461 Coq.Init.Logic "x = y" type_scope +R26471 Coq.Init.Logic "x <> y" type_scope +R26454 Maps.t +R26454 Maps.t +R26723 Maps.t +R26782 Maps.t +R26897 Coq.Init.Logic "x = y" type_scope +R26888 Maps.init +R26875 Maps.elt +R27016 Coq.Init.Logic "x = y" type_scope +R27003 Maps.set +R26996 Maps.t +R26980 Maps.elt +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R27198 Coq.Init.Logic "x = y" type_scope +R27185 Maps.set +R27176 Coq.Init.Logic "x <> y" type_scope +R27164 Maps.t +R27148 Maps.elt +R27148 Maps.elt +R27384 Coq.Init.Logic "x = y" type_scope +R27366 Maps.get +R27373 Maps.set +R27389 Maps.elt_eq +R27412 Maps.get +R27356 Maps.t +R27340 Maps.elt +R27340 Maps.elt +R27571 Coq.Init.Logic "x = y" type_scope +R27545 Maps.get +R27552 Maps.set +R27559 Maps.get +R27573 Maps.get +R27539 Maps.t +R27530 Maps.elt +R27530 Maps.elt +R27724 Maps.t +R27847 Coq.Init.Logic "x = y" type_scope +R27831 Maps.get +R27838 Maps.map +R27851 Maps.get +R27821 Maps.t +R27812 Maps.elt +R28007 Coq.Init.Logic "x = y" type_scope +R27993 Coq.Init.Logic "x = y" type_scope +R27962 Maps.t +R27962 Maps.t +R28050 Coqlib.extensionality +R28050 Coqlib.extensionality +R28141 Maps.get +R28192 Maps.get +FLattice +R122 Coq.Init.Specif "{ A } + { B }" type_scope +R124 Coq.Init.Logic "x = y" type_scope +R132 Coq.Init.Logic "x <> y" type_scope +R118 Lattice.t +R118 Lattice.t +R158 Lattice.t +R153 Lattice.t +R201 Lattice.ge +R266 Lattice.ge +R256 Lattice.ge +R246 Lattice.ge +R290 Lattice.t +R324 Lattice.ge +R329 Lattice.bot +R360 Lattice.t +R355 Lattice.t +R350 Lattice.t +R408 Coq.Init.Logic "x = y" type_scope +R400 Lattice.lub +R410 Lattice.lub +R457 Lattice.ge +R461 Lattice.lub +R578 Coq.Init.Specif "{ A } + { B }" type_scope +R580 Coq.Init.Logic "x = y" type_scope +R588 Coq.Init.Logic "x <> y" type_scope +R574 Lattice.t +R574 Lattice.t +R614 Lattice.t +R609 Lattice.t +R657 Lattice.ge +R722 Lattice.ge +R712 Lattice.ge +R702 Lattice.ge +R746 Lattice.t +R780 Lattice.ge +R785 Lattice.bot +R806 Lattice.t +R840 Lattice.ge +R843 Lattice.top +R876 Lattice.t +R871 Lattice.t +R866 Lattice.t +R924 Coq.Init.Logic "x = y" type_scope +R916 Lattice.lub +R926 Lattice.lub +R973 Lattice.ge +R977 Lattice.lub +R1119 Maps.t +R1153 Maps.t +R1194 Lattice.t_ +R1226 Coq.Init.Specif "{ A } + { B }" type_scope +R1228 Coq.Init.Logic "x = y" type_scope +R1236 Coq.Init.Logic "x <> y" type_scope +R1222 Lattice.t +R1222 Lattice.t +R1286 Coq.Init.Specif "{ A } + { B }" type_scope +R1289 Coq.Init.Logic "x = y" type_scope +R1299 Coq.Init.Logic "x <> y" type_scope +R1273 Maps.t +R1273 Maps.t +R1286 Coq.Init.Specif "{ A } + { B }" type_scope +R1289 Coq.Init.Logic "x = y" type_scope +R1299 Coq.Init.Logic "x <> y" type_scope +R1273 Maps.t +R1273 Maps.t +R1315 Maps.eq +R1315 Maps.eq +R1426 Lattice.Bot_except +R1455 Maps "a ! b" +R1463 Coq.Init.Datatypes.None +R1479 Coq.Init.Datatypes.Some +R1499 Lattice.Top_except +R1528 Maps "a ! b" +R1536 Coq.Init.Datatypes.None +R1552 Coq.Init.Datatypes.Some +R1395 Lattice.t +R1381 Coq.NArith.BinPos.positive +R1623 Lattice.t +R1647 Lattice.Bot_except +R1669 Lattice.Bot_except +R1681 Maps.set +R1702 Lattice.Top_except +R1724 Lattice.Top_except +R1736 Maps.set +R1618 Lattice.t +R1595 Coq.NArith.BinPos.positive +R1808 Coq.Init.Logic "x = y" type_scope +R1790 Lattice.get +R1797 Lattice.set +R1857 Maps.gss +R1857 Maps.gss +R1857 Maps.gss +R1939 Coq.Init.Logic "x = y" type_scope +R1921 Lattice.get +R1928 Lattice.set +R1941 Lattice.get +R1913 Coq.Init.Logic "x <> y" type_scope +R1994 Maps.gso +R1994 Maps.gso +R1994 Maps.gso +R2078 Lattice.get +R2068 Lattice.get +R2037 Lattice.t +R2037 Lattice.t +R2114 Lattice.ge +R2223 Lattice.ge +R2213 Lattice.ge +R2203 Lattice.ge +R2282 Lattice.get +R2282 Lattice.get +R2322 Lattice.Bot_except +R2334 Maps.empty +R2388 Coq.Init.Logic "x = y" type_scope +R2378 Lattice.get +R2384 Lattice.bot +R2441 Maps.gempty +R2441 Maps.gempty +R2491 Lattice.ge +R2496 Lattice.bot +R2537 Lattice.get_bot +R2537 Lattice.get_bot +R2586 Lattice.Top_except +R2598 Maps.empty +R2652 Coq.Init.Logic "x = y" type_scope +R2642 Lattice.get +R2648 Lattice.top +R2705 Maps.gempty +R2705 Maps.gempty +R2755 Lattice.ge +R2758 Lattice.top +R2801 Lattice.get_top +R2801 Lattice.get_top +R2858 Lattice.t +R2885 Lattice.Bot_except +R2899 Lattice.Bot_except +R2921 Lattice.Bot_except +R2941 Maps.combine +R3025 Coq.Init.Datatypes.Some +R3033 Coq.Init.Datatypes.Some +R3043 Coq.Init.Datatypes.Some +R3076 Coq.Init.Datatypes.None +R3108 Coq.Init.Datatypes.None +R3157 Lattice.Bot_except +R3171 Lattice.Top_except +R3193 Lattice.Top_except +R3213 Maps.combine +R3296 Coq.Init.Datatypes.Some +R3304 Coq.Init.Datatypes.Some +R3314 Coq.Init.Datatypes.Some +R3347 Coq.Init.Datatypes.None +R3379 Coq.Init.Datatypes.None +R3387 Coq.Init.Datatypes.None +R3441 Lattice.Top_except +R3455 Lattice.Bot_except +R3477 Lattice.Top_except +R3497 Maps.combine +R3580 Coq.Init.Datatypes.Some +R3588 Coq.Init.Datatypes.Some +R3598 Coq.Init.Datatypes.Some +R3631 Coq.Init.Datatypes.None +R3642 Coq.Init.Datatypes.None +R3666 Coq.Init.Datatypes.None +R3725 Lattice.Top_except +R3739 Lattice.Top_except +R3761 Lattice.Top_except +R3781 Maps.combine +R3865 Coq.Init.Datatypes.Some +R3873 Coq.Init.Datatypes.Some +R3883 Coq.Init.Datatypes.Some +R3924 Coq.Init.Datatypes.None +R2853 Lattice.t +R2853 Lattice.t +R4012 Coq.Init.Logic "x = y" type_scope +R4004 Lattice.lub +R4014 Lattice.lub +R4084 Maps.combine_commut +R4084 Maps.combine_commut +R4084 Maps.combine_commut +R4084 Maps.combine_commut +R4084 Maps.combine_commut +R4214 Lattice.ge +R4218 Lattice.lub +R4303 Maps.gcombine +R4303 Maps.gcombine +R4333 Maps "a ! b" +R4333 Maps "a ! b" +R4348 Maps "a ! b" +R4348 Maps "a ! b" +R4403 Maps "a ! b" +R4403 Maps "a ! b" +R4459 Maps.gcombine +R4459 Maps.gcombine +R4489 Maps "a ! b" +R4489 Maps "a ! b" +R4504 Maps "a ! b" +R4504 Maps "a ! b" +R4558 Maps "a ! b" +R4558 Maps "a ! b" +R4613 Maps.gcombine +R4613 Maps.gcombine +R4643 Maps "a ! b" +R4643 Maps "a ! b" +R4658 Maps "a ! b" +R4658 Maps "a ! b" +R4736 Maps.gcombine +R4736 Maps.gcombine +R4766 Maps "a ! b" +R4766 Maps "a ! b" +R4781 Maps "a ! b" +R4781 Maps "a ! b" +R5013 Lattice.t_ +R5045 Coq.Init.Specif "{ A } + { B }" type_scope +R5047 Coq.Init.Logic "x = y" type_scope +R5055 Coq.Init.Logic "x <> y" type_scope +R5041 Lattice.t +R5041 Lattice.t +R5160 Lattice.Top +R5170 Coq.Init.Logic.True +R5182 Lattice.Bot +R5189 Coq.Init.Logic.True +R5198 Lattice.Inj +R5205 Lattice.Inj +R5216 Coq.Init.Logic "x = y" type_scope +R5232 Coq.Init.Logic.False +R5125 Lattice.t +R5125 Lattice.t +R5271 Lattice.ge +R5373 Lattice.ge +R5363 Lattice.ge +R5353 Lattice.ge +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R5499 Lattice.t +R5504 Lattice.Bot +R5534 Lattice.ge +R5539 Lattice.bot +R5600 Lattice.t +R5605 Lattice.Top +R5635 Lattice.ge +R5638 Lattice.top +R5711 Lattice.t +R5738 Lattice.Bot +R5757 Lattice.Bot +R5770 Lattice.Top +R5780 Lattice.Top +R5791 Lattice.Top +R5798 Lattice.Top +R5806 Lattice.Inj +R5813 Lattice.Inj +R5850 Lattice.Top +R5839 Lattice.Inj +R5706 Lattice.t +R5706 Lattice.t +R5900 Coq.Init.Logic "x = y" type_scope +R5892 Lattice.lub +R5902 Lattice.lub +R6054 Lattice.ge +R6058 Lattice.lub +R6228 Coq.Init.Datatypes.bool +R6262 Coq.Init.Specif "{ A } + { B }" type_scope +R6264 Coq.Init.Logic "x = y" type_scope +R6272 Coq.Init.Logic "x <> y" type_scope +R6258 Lattice.t +R6258 Lattice.t +R6347 Coq.Init.Logic "A \/ B" type_scope +R6343 Coq.Init.Logic "x = y" type_scope +R6352 Coq.Init.Logic "x = y" type_scope +R6354 Coq.Init.Datatypes.true +R6328 Lattice.t +R6328 Lattice.t +R6386 Lattice.ge +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R6475 Lattice.ge +R6465 Lattice.ge +R6455 Lattice.ge +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R6547 Coq.Init.Datatypes.false +R6579 Lattice.ge +R6584 Lattice.bot +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R6648 Coq.Init.Datatypes.true +R6679 Lattice.ge +R6682 Lattice.top +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R6754 Coq.Bool.Bool "x || y" bool_scope +R6746 Lattice.t +R6746 Lattice.t +R6799 Coq.Init.Logic "x = y" type_scope +R6791 Lattice.lub +R6801 Lattice.lub +R6843 Coq.Bool.Bool.orb_comm +R6843 Coq.Bool.Bool.orb_comm +R6890 Lattice.ge +R6894 Lattice.lub +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +FSets +R212 Coq.Init.Datatypes.unit +R248 Coq.Init.Specif "{ A } + { B }" type_scope +R250 Coq.Init.Logic "x = y" type_scope +R258 Coq.Init.Logic "x <> y" type_scope +R244 Sets.t +R244 Sets.t +R394 Coq.Init.Datatypes.unit +R462 Coq.Init.Datatypes.None +R470 Coq.Init.Datatypes.false +R478 Coq.Init.Datatypes.Some +R488 Coq.Init.Datatypes.true +R431 Sets.t +R422 Sets.elt +R543 Coq.Init.Datatypes.tt +R529 Sets.t +R520 Sets.elt +R583 Sets.t +R574 Sets.elt +R707 Coq.Init.Datatypes.None +R713 Coq.Init.Datatypes.None +R721 Coq.Init.Datatypes.None +R744 Coq.Init.Datatypes.Some +R749 Coq.Init.Datatypes.tt +R631 Sets.t +R631 Sets.t +R824 Coq.Init.Logic "x = y" type_scope +R812 Sets.mem +R818 Sets.empty +R826 Coq.Init.Datatypes.false +R958 Coq.Init.Logic "x = y" type_scope +R942 Sets.mem +R949 Sets.add +R960 Coq.Init.Datatypes.true +R1103 Coq.Init.Logic "x = y" type_scope +R1086 Sets.mem +R1094 Sets.add +R1105 Sets.mem +R1077 Coq.Init.Logic "x <> y" type_scope +R1242 Coq.Init.Logic "x = y" type_scope +R1223 Sets.mem +R1230 Sets.remove +R1244 Coq.Init.Datatypes.false +R1397 Coq.Init.Logic "x = y" type_scope +R1377 Sets.mem +R1385 Sets.remove +R1399 Sets.mem +R1368 Coq.Init.Logic "x <> y" type_scope +R1538 Coq.Init.Logic "x = y" type_scope +R1518 Sets.mem +R1525 Sets.union +R1550 Coq.Bool.Bool "x || y" bool_scope +R1541 Sets.mem +R1553 Sets.mem +R1727 Coq.Lists.List.map +R1738 Coq.Init.Datatypes.fst +R1746 Coq.Init.Datatypes.unit +R1742 Sets.elt +R1717 Sets.t +R1829 Coq.Lists.List.In +R1835 Sets.elements +R1819 Coq.Init.Logic "x = y" type_scope +R1811 Sets.mem +R1821 Coq.Init.Datatypes.true +R1946 Coq.Init.Datatypes.fst +R1950 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1946 Coq.Init.Datatypes.fst +R1950 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1965 Coq.Lists.List.in_map +R1965 Coq.Lists.List.in_map +R2120 Coq.Init.Logic "x = y" type_scope +R2112 Sets.mem +R2122 Coq.Init.Datatypes.true +R2091 Coq.Lists.List.In +R2097 Sets.elements +R2188 Coqlib.list_in_map_inv +R2188 Coqlib.list_in_map_inv +R2433 Coq.Init.Datatypes.unit +R2424 Sets.elt +R2384 Sets.t +R2370 Sets.elt +R2543 Coq.Init.Logic "x = y" type_scope +R2532 Sets.fold +R2545 Coq.Lists.List.fold_left +R2563 Sets.elements +R2517 Sets.t +R2503 Sets.elt +R2785 Sets.fold +R2818 Coq.Init.Datatypes.true +R2802 Coq.Bool.Bool.andb +R2775 Sets.t +R2765 Coq.Init.Datatypes.bool +R2758 Sets.elt +R2913 Coq.Init.Logic "x = y" type_scope +R2915 Coq.Init.Datatypes.true +R2899 Coq.Init.Logic "x = y" type_scope +R2891 Sets.mem +R2901 Coq.Init.Datatypes.true +R2881 Coq.Init.Logic "x = y" type_scope +R2869 Sets.for_all +R2883 Coq.Init.Datatypes.true +R2974 Sets.fold_spec +R2974 Sets.fold_spec +R3089 Coq.Init.Logic "x = y" type_scope +R3091 Coq.Init.Datatypes.true +R3070 Coq.Init.Logic "x = y" type_scope +R3016 Coq.Lists.List.fold_left +R3057 Coq.Bool.Bool "x && y" bool_scope +R3047 Sets.elt +R3036 Coq.Init.Datatypes.bool +R3072 Coq.Init.Datatypes.true +R3089 Coq.Init.Logic "x = y" type_scope +R3091 Coq.Init.Datatypes.true +R3070 Coq.Init.Logic "x = y" type_scope +R3016 Coq.Lists.List.fold_left +R3057 Coq.Bool.Bool "x && y" bool_scope +R3047 Sets.elt +R3036 Coq.Init.Datatypes.bool +R3072 Coq.Init.Datatypes.true +R3183 Coq.Bool.Bool.andb_prop +R3183 Coq.Bool.Bool.andb_prop +R3330 Coq.Init.Logic "x = y" type_scope +R3332 Coq.Init.Datatypes.true +R3316 Coq.Lists.List.In +R3300 Coq.Init.Logic "x = y" type_scope +R3244 Coq.Lists.List.fold_left +R3295 Coq.Init.Datatypes.true +R3285 Coq.Bool.Bool "x && y" bool_scope +R3275 Sets.elt +R3264 Coq.Init.Datatypes.bool +R3302 Coq.Init.Datatypes.true +R3330 Coq.Init.Logic "x = y" type_scope +R3332 Coq.Init.Datatypes.true +R3316 Coq.Lists.List.In +R3300 Coq.Init.Logic "x = y" type_scope +R3244 Coq.Lists.List.fold_left +R3295 Coq.Init.Datatypes.true +R3285 Coq.Bool.Bool "x && y" bool_scope +R3275 Sets.elt +R3264 Coq.Init.Datatypes.bool +R3302 Coq.Init.Datatypes.true +R3544 Sets.elements_correct +R3544 Sets.elements_correct +R3655 Coq.Init.Logic "x = y" type_scope +R3646 Sets.mem +R3657 Coq.Init.Datatypes.true +R3636 Coq.Init.Logic "x = y" type_scope +R3627 Sets.mem +R3638 Coq.Init.Datatypes.true +R3600 Sets.t +R3600 Sets.t +R3691 Sets.ge +R3797 Sets.ge +R3787 Sets.ge +R3777 Sets.ge +R3871 Sets.empty +R3898 Sets.union +R3936 Sets.ge +R3941 Sets.bot +R3932 Sets.t +R3986 Sets.mem_empty +R3986 Sets.mem_empty +R4069 Coq.Init.Logic "x = y" type_scope +R4061 Sets.lub +R4071 Sets.lub +R4057 Sets.t +R4057 Sets.t +R4231 Sets.ge +R4235 Sets.lub +R4227 Sets.t +R4227 Sets.t +R4297 Sets.mem_union +R4297 Sets.mem_union +R4379 Sets.ge +R4383 Sets.lub +R4375 Sets.t +R4375 Sets.t +R4424 Sets.lub_commut +R4424 Sets.lub_commut +R4442 Sets.ge_lub_left +R4442 Sets.ge_lub_left +Funion_find +R82 Coq.Init.Logic.refl_equal +R197 Coq.Init.Logic "'exists' x : t , p" type_scope +R288 Coq.Init.Logic "A /\ B" type_scope +R362 Coq.Init.Logic "A \/ B" type_scope +R626 Coq.Init.Specif "{ A } + { B }" type_scope +R629 Coq.Init.Logic "x = y" type_scope +R639 Coq.Init.Logic "x <> y" type_scope +R622 union_find.T +R622 union_find.T +R775 union_find.T +R806 Coq.Init.Datatypes.option +R813 union_find.elt +R801 union_find.T +R794 union_find.elt +R853 union_find.T +R848 union_find.T +R841 union_find.elt +R834 union_find.elt +R910 Coq.Init.Logic "x = y" type_scope +R898 union_find.get +R904 union_find.empty +R912 Coq.Init.Datatypes.None +R892 union_find.elt +R989 Coq.Init.Logic "x = y" type_scope +R971 union_find.get +R978 union_find.add +R991 Coq.Init.Datatypes.Some +R967 union_find.T +R958 union_find.elt +R958 union_find.elt +R1082 Coq.Init.Logic "x = y" type_scope +R1064 union_find.get +R1071 union_find.add +R1084 union_find.get +R1056 Coq.Init.Logic "x <> y" type_scope +R1050 union_find.T +R1041 union_find.elt +R1041 union_find.elt +R1041 union_find.elt +R1226 union_find.T +R1258 union_find.elt +R1251 union_find.elt +R1246 union_find.T +R1303 union_find.T +R1296 union_find.elt +R1289 union_find.elt +R1284 union_find.T +R1367 Coq.Init.Logic "x = y" type_scope +R1358 union_find.repr +R1369 union_find.repr +R1343 union_find.elt +R1343 union_find.elt +R1334 union_find.T +R1482 union_find.sameclass +R1476 union_find.elt +R1469 union_find.T +R1576 union_find.sameclass +R1557 union_find.sameclass +R1551 union_find.elt +R1551 union_find.elt +R1542 union_find.T +R1697 union_find.sameclass +R1678 union_find.sameclass +R1659 union_find.sameclass +R1649 union_find.elt +R1649 union_find.elt +R1649 union_find.elt +R1638 union_find.T +R1852 Coq.Init.Logic "x = y" type_scope +R1834 union_find.repr +R1842 union_find.repr +R1854 union_find.repr +R1828 union_find.elt +R1821 union_find.T +R1921 union_find.sameclass +R1936 union_find.repr +R1915 union_find.elt +R1908 union_find.T +R2044 Coq.Init.Logic "x = y" type_scope +R2031 union_find.repr +R2036 union_find.empty +R2025 union_find.elt +R2127 Coq.Init.Logic "x = y" type_scope +R2102 union_find.sameclass +R2112 union_find.empty +R2096 union_find.elt +R2096 union_find.elt +R2310 union_find.sameclass +R2321 union_find.identify +R2304 union_find.elt +R2304 union_find.elt +R2295 union_find.T +R2434 union_find.sameclass +R2445 union_find.identify +R2415 union_find.sameclass +R2405 union_find.elt +R2405 union_find.elt +R2405 union_find.elt +R2405 union_find.elt +R2392 union_find.T +R3110 Coq.Init.Logic "x = y" type_scope +R3112 Coq.Init.Datatypes.Some +R3082 union_find.elt +R3082 union_find.elt +R3237 Coq.Init.Specif "A + { B }" type_scope +R3215 Coq.Init.Specif "{ x : A | P }" type_scope +R3227 Coq.Init.Logic "x = y" type_scope +R3229 Coq.Init.Datatypes.Some +R3219 union_find.elt +R3242 Coq.Init.Logic "x = y" type_scope +R3244 Coq.Init.Datatypes.None +R3202 Coq.Init.Datatypes.option +R3209 union_find.elt +R3422 union_find.option_sum +R3457 Coq.Init.Specif.inleft +R3465 Coq.Init.Specif.exist +R3494 Coq.Init.Specif.inright +R3403 union_find.elt +R3383 union_find.repr_order +R3378 union_find.elt +R3357 union_find.elt +R3598 union_find.elt +R3607 Coq.Init.Wf.Fix +R3637 union_find.repr_rec +R3631 union_find.elt +R3623 union_find.elt +R3591 union_find.elt +R3558 Coq.Init.Wf.well_founded +R3572 union_find.repr_order +R3823 Coq.Init.Logic "x = y" type_scope +R3808 union_find.repr_rec +R3825 union_find.repr_rec +R3794 Coq.Init.Logic "x = y" type_scope +R3769 union_find.repr_order +R3760 union_find.elt +R3740 union_find.elt +R3720 union_find.repr_order +R3715 union_find.elt +R3740 union_find.elt +R3720 union_find.repr_order +R3715 union_find.elt +R3695 union_find.elt +R3884 union_find.option_sum +R3884 union_find.option_sum +R4089 Coq.Init.Logic "x = y" type_scope +R4073 union_find.repr_aux +R4061 Coq.Init.Logic "x = y" type_scope +R4063 Coq.Init.Datatypes.None +R4043 union_find.elt +R4010 Coq.Init.Wf.well_founded +R4024 union_find.repr_order +R4126 Coq.Init.Wf.Fix_eq +R4171 union_find.repr_rec_ext +R4158 union_find.repr_rec +R4152 union_find.elt +R4144 union_find.elt +R4126 Coq.Init.Wf.Fix_eq +R4171 union_find.repr_rec_ext +R4158 union_find.repr_rec +R4152 union_find.elt +R4144 union_find.elt +R4259 union_find.option_sum +R4259 union_find.option_sum +R4494 Coq.Init.Logic "x = y" type_scope +R4478 union_find.repr_aux +R4496 union_find.repr_aux +R4463 Coq.Init.Logic "x = y" type_scope +R4465 Coq.Init.Datatypes.Some +R4445 union_find.elt +R4445 union_find.elt +R4409 Coq.Init.Wf.well_founded +R4423 union_find.repr_order +R4546 Coq.Init.Wf.Fix_eq +R4591 union_find.repr_rec_ext +R4578 union_find.repr_rec +R4572 union_find.elt +R4564 union_find.elt +R4546 Coq.Init.Wf.Fix_eq +R4591 union_find.repr_rec_ext +R4578 union_find.repr_rec +R4572 union_find.elt +R4564 union_find.elt +R4675 union_find.option_sum +R4675 union_find.option_sum +R4943 Coq.Init.Logic "x = y" type_scope +R4924 union_find.repr_aux +R4945 Coq.Init.Datatypes.None +R4909 union_find.elt +R4876 Coq.Init.Wf.well_founded +R4890 union_find.repr_order +R4977 Coq.Init.Wf.well_founded_ind +R5040 Coq.Init.Logic "x = y" type_scope +R5021 union_find.repr_aux +R5042 Coq.Init.Datatypes.None +R5006 union_find.elt +R4977 Coq.Init.Wf.well_founded_ind +R5040 Coq.Init.Logic "x = y" type_scope +R5021 union_find.repr_aux +R5042 Coq.Init.Datatypes.None +R5006 union_find.elt +R5074 Coq.Init.Wf.Fix_eq +R5119 union_find.repr_rec_ext +R5106 union_find.repr_rec +R5100 union_find.elt +R5092 union_find.elt +R5074 Coq.Init.Wf.Fix_eq +R5119 union_find.repr_rec_ext +R5106 union_find.repr_rec +R5100 union_find.elt +R5092 union_find.elt +R5206 union_find.option_sum +R5206 union_find.option_sum +R5427 Coq.Init.Wf.well_founded +R5441 union_find.repr_order +R5489 Coq.Init.Wf.Acc_intro +R5489 Coq.Init.Wf.Acc_intro +R5670 Coq.Init.Wf.well_founded +R5684 union_find.repr_order +R5713 union_find.elt +R5741 Coq.Init.Logic "x <> y" type_scope +R5777 Coq.Init.Logic "x = y" type_scope +R5779 Coq.Init.Datatypes.None +R5815 Coq.Init.Logic "x = y" type_scope +R5817 Coq.Init.Datatypes.None +R5923 Coq.Init.Logic "x = y" type_scope +R5909 union_find.identify_base +R5925 Coq.Init.Datatypes.None +R6001 Coq.Init.Logic.sym_not_eq +R6001 Coq.Init.Logic.sym_not_eq +R6082 Coq.Init.Logic "x = y" type_scope +R6068 union_find.identify_base +R6084 Coq.Init.Datatypes.Some +R6262 Coq.Init.Logic "A \/ B" type_scope +R6245 union_find.repr_order +R6272 Coq.Init.Logic "A /\ B" type_scope +R6268 Coq.Init.Logic "x = y" type_scope +R6277 Coq.Init.Logic "x = y" type_scope +R6211 union_find.repr_order +R6222 union_find.identify_base +R6203 union_find.elt +R6203 union_find.elt +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R6522 Coq.Init.Wf.well_founded +R6536 union_find.repr_order +R6547 union_find.identify_base +R6626 Coq.Init.Wf.Acc +R6631 union_find.repr_order +R6642 union_find.identify_base +R6602 Coq.Init.Wf.Acc +R6607 union_find.repr_order +R6596 union_find.elt +R6626 Coq.Init.Wf.Acc +R6631 union_find.repr_order +R6642 union_find.identify_base +R6602 Coq.Init.Wf.Acc +R6607 union_find.repr_order +R6596 union_find.elt +R6729 Coq.Init.Wf.Acc_intro +R6729 Coq.Init.Wf.Acc_intro +R6758 union_find.identify_base_repr_order +R6758 union_find.identify_base_repr_order +R6832 Coq.Init.Wf.Acc_intro +R6832 Coq.Init.Wf.Acc_intro +R6879 union_find.identify_base_b_canon +R6879 union_find.identify_base_b_canon +R7028 Coq.Init.Logic "A \/ B" type_scope +R6997 Coq.Init.Logic "A /\ B" type_scope +R6990 Coq.Init.Logic "x = y" type_scope +R6992 Coq.Init.Datatypes.None +R7022 Coq.Init.Logic "x = y" type_scope +R7008 union_find.identify_base +R7024 Coq.Init.Datatypes.None +R7095 Coq.Init.Logic "A \/ B" type_scope +R7042 Coq.Init.Logic "A /\ B" type_scope +R7038 Coq.Init.Logic "x = y" type_scope +R7062 Coq.Init.Logic "A /\ B" type_scope +R7055 Coq.Init.Logic "x = y" type_scope +R7057 Coq.Init.Datatypes.None +R7087 Coq.Init.Logic "x = y" type_scope +R7073 union_find.identify_base +R7089 Coq.Init.Datatypes.Some +R7103 Coq.Init.Logic "'exists' x , p" type_scope +R7132 Coq.Init.Logic "A /\ B" type_scope +R7123 Coq.Init.Logic "x = y" type_scope +R7125 Coq.Init.Datatypes.Some +R7157 Coq.Init.Logic "x = y" type_scope +R7143 union_find.identify_base +R7159 Coq.Init.Datatypes.Some +R6968 union_find.elt +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R7482 Coq.Init.Logic "x = y" type_scope +R7434 union_find.repr_aux +R7457 union_find.identify_base_order_wf +R7443 union_find.identify_base +R7496 union_find.repr_aux +R7528 union_find.repr_aux +R7426 union_find.elt +R7575 Coq.Init.Wf.well_founded_ind +R7671 Coq.Init.Logic "x = y" type_scope +R7623 union_find.repr_aux +R7646 union_find.identify_base_order_wf +R7632 union_find.identify_base +R7689 union_find.repr_aux +R7721 union_find.repr_aux +R7609 union_find.elt +R7575 Coq.Init.Wf.well_founded_ind +R7671 Coq.Init.Logic "x = y" type_scope +R7623 union_find.repr_aux +R7646 union_find.identify_base_order_wf +R7632 union_find.identify_base +R7689 union_find.repr_aux +R7721 union_find.repr_aux +R7609 union_find.elt +R7762 union_find.identify_aux_decomp +R7762 union_find.identify_aux_decomp +R7798 union_find.repr_aux_none +R7812 union_find.identify_base +R7798 union_find.repr_aux_none +R7812 union_find.identify_base +R7839 union_find.repr_aux_none +R7839 union_find.repr_aux_none +R7910 union_find.identify_base_a_maps_to_b +R7910 union_find.identify_base_a_maps_to_b +R8000 union_find.repr_aux_none +R8000 union_find.repr_aux_none +R8067 union_find.repr_aux_some +R8095 union_find.identify_base_order_wf +R8081 union_find.identify_base +R8067 union_find.repr_aux_some +R8095 union_find.identify_base_order_wf +R8081 union_find.identify_base +R8135 union_find.repr_aux_none +R8163 union_find.identify_base_order_wf +R8149 union_find.identify_base +R8135 union_find.repr_aux_none +R8163 union_find.identify_base_order_wf +R8149 union_find.identify_base +R8204 union_find.identify_base_b_canon +R8204 union_find.identify_base_b_canon +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R8255 union_find.repr_aux_some +R8283 union_find.identify_base_order_wf +R8269 union_find.identify_base +R8255 union_find.repr_aux_some +R8283 union_find.identify_base_order_wf +R8269 union_find.identify_base +R8330 union_find.repr_aux_some +R8330 union_find.repr_aux_some +R8514 Coq.Init.Logic "x = y" type_scope +R8466 union_find.repr_aux +R8489 union_find.identify_base_order_wf +R8475 union_find.identify_base +R8520 union_find.repr_aux +R8543 union_find.identify_base_order_wf +R8529 union_find.identify_base +R8442 Coq.Init.Logic "x = y" type_scope +R8425 union_find.repr_aux +R8444 union_find.repr_aux +R8417 union_find.elt +R8417 union_find.elt +R8596 union_find.identify_base_repr +R8596 union_find.identify_base_repr +R8626 union_find.identify_base_repr +R8626 union_find.identify_base_repr +R8829 Coq.Init.Logic "x = y" type_scope +R8781 union_find.repr_aux +R8804 union_find.identify_base_order_wf +R8790 union_find.identify_base +R8833 union_find.repr_aux +R8856 union_find.identify_base_order_wf +R8842 union_find.identify_base +R8772 Coq.Init.Logic "x = y" type_scope +R8755 union_find.repr_aux +R8746 Coq.Init.Logic "x = y" type_scope +R8729 union_find.repr_aux +R8721 union_find.elt +R8721 union_find.elt +R8909 union_find.identify_base_repr +R8909 union_find.identify_base_repr +R8939 union_find.identify_base_repr +R8939 union_find.identify_base_repr +R9013 union_find.repr_aux +R9013 union_find.repr_aux +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R9174 Coq.Init.Wf.well_founded +R9188 union_find.repr_order +R9224 union_find.unionfind +R9279 union_find.elt +R9288 union_find.repr_aux +R9307 union_find.wf +R9298 union_find.map +R9272 union_find.elt +R9257 union_find.unionfind +R9390 Coq.Init.Logic "x = y" type_scope +R9370 union_find.repr +R9379 union_find.repr +R9392 union_find.repr +R9364 union_find.elt +R9349 union_find.unionfind +R9446 union_find.repr_aux_none +R9478 union_find.repr_aux +R9497 union_find.wf +R9488 union_find.map +R9470 union_find.wf +R9461 union_find.map +R9446 union_find.repr_aux_none +R9478 union_find.repr_aux +R9497 union_find.wf +R9488 union_find.map +R9470 union_find.wf +R9461 union_find.map +R9525 union_find.repr_aux_canon +R9525 union_find.repr_aux_canon +R9568 union_find.mkunionfind +R9588 union_find.wf_empty +R9648 union_find.unionfind +R9687 union_find.repr +R9675 union_find.repr +R9707 Coq.Init.Specif.left +R9731 Coq.Init.Specif.right +R9752 union_find.mkunionfind +R9830 union_find.identify_base_order_wf +R9937 union_find.repr_aux_canon +R9962 union_find.wf +R9953 union_find.map +R9895 union_find.repr +R9883 union_find.repr +R9863 union_find.wf +R9854 union_find.map +R9773 union_find.identify_base +R9809 union_find.repr +R9797 union_find.repr +R9788 union_find.map +R9641 union_find.elt +R9641 union_find.elt +R9624 union_find.unionfind +R10051 Coq.Init.Logic "x = y" type_scope +R10041 union_find.repr +R10053 union_find.repr +R10024 union_find.elt +R10024 union_find.elt +R10007 union_find.unionfind +R10122 union_find.sameclass +R10116 union_find.elt +R10101 union_find.unionfind +R10252 union_find.sameclass +R10232 union_find.sameclass +R10226 union_find.elt +R10226 union_find.elt +R10209 union_find.unionfind +R10421 union_find.sameclass +R10401 union_find.sameclass +R10381 union_find.sameclass +R10373 union_find.elt +R10373 union_find.elt +R10373 union_find.elt +R10354 union_find.unionfind +R10475 union_find.repr +R10475 union_find.repr +R10569 union_find.sameclass +R10585 union_find.repr +R10563 union_find.elt +R10548 union_find.unionfind +R10637 union_find.repr_repr +R10637 union_find.repr_repr +R10710 Coq.Init.Logic "x = y" type_scope +R10697 union_find.repr +R10702 union_find.empty +R10691 union_find.elt +R10777 union_find.repr_aux_none +R10777 union_find.repr_aux_none +R10888 Coq.Init.Logic "x = y" type_scope +R10863 union_find.sameclass +R10873 union_find.empty +R10857 union_find.elt +R10857 union_find.elt +R10928 union_find.repr_empty +R10928 union_find.repr_empty +R10955 union_find.repr_empty +R10955 union_find.repr_empty +R11075 union_find.sameclass +R11086 union_find.identify +R11055 union_find.sameclass +R11047 union_find.elt +R11047 union_find.elt +R11047 union_find.elt +R11047 union_find.elt +R11026 union_find.unionfind +R11170 union_find.repr +R11158 union_find.repr +R11170 union_find.repr +R11158 union_find.repr +R11241 union_find.identify_base_sameclass_1 +R11241 union_find.identify_base_sameclass_1 +R11276 union_find.repr_aux_canon +R11276 union_find.repr_aux_canon +R11376 union_find.sameclass +R11387 union_find.identify +R11368 union_find.elt +R11368 union_find.elt +R11351 union_find.unionfind +R11471 union_find.repr +R11459 union_find.repr +R11471 union_find.repr +R11459 union_find.repr +R11544 union_find.identify_base_sameclass_2 +R11544 union_find.identify_base_sameclass_2 +R11579 union_find.repr_aux_canon +R11579 union_find.repr_aux_canon +FInclusion +R573 Coq.Lists.List.cons +R581 Coq.Lists.List.nil +R612 Coq.Lists.List.cons +R689 Coq.Lists.List.app +R766 Coq.Lists.List.app +R665 Coq.Lists.List.app +R670 Coq.Lists.List.cons +R677 Coq.Lists.List.nil +R596 Coq.Lists.List.cons +R603 Coq.Lists.List.nil +R964 Coq.Init.Datatypes.nat +R1020 Inclusion.bin +R1003 Inclusion.bin +R1003 Inclusion.bin +R1046 Inclusion.node +R1105 Inclusion.node +R1003 Inclusion.bin +R1003 Inclusion.bin +R1151 Inclusion.bin +R1144 Inclusion.bin +R1177 Inclusion.node +R1191 Inclusion.flatten_aux +R1144 Inclusion.bin +R1281 Coq.Init.Datatypes.bool +R1264 Coq.Init.Datatypes.nat +R1264 Coq.Init.Datatypes.nat +R1311 Coq.Init.Datatypes.O +R1319 Coq.Init.Datatypes.true +R1328 Coq.Init.Datatypes.S +R1333 Coq.Init.Datatypes.O +R1338 Coq.Init.Datatypes.false +R1348 Coq.Init.Datatypes.S +R1353 Coq.Init.Datatypes.S +R1264 Coq.Init.Datatypes.nat +R1264 Coq.Init.Datatypes.nat +R1431 Inclusion.bin +R1414 Inclusion.bin +R1407 Coq.Init.Datatypes.nat +R1457 Inclusion.leaf +R1475 Inclusion.nat_le_bool +R1541 Inclusion.node +R1555 Inclusion.leaf +R1547 Inclusion.leaf +R1503 Inclusion.node +R1517 Inclusion.leaf +R1509 Inclusion.leaf +R1567 Inclusion.node +R1573 Inclusion.leaf +R1594 Inclusion.nat_le_bool +R1636 Inclusion.node +R1642 Inclusion.leaf +R1615 Inclusion.node +R1621 Inclusion.leaf +R1676 Inclusion.node +R1682 Inclusion.leaf +R1414 Inclusion.bin +R1407 Coq.Init.Datatypes.nat +R1728 Inclusion.bin +R1721 Inclusion.bin +R1754 Inclusion.node +R1760 Inclusion.leaf +R1774 Inclusion.insert_bin +R1721 Inclusion.bin +R1921 Coq.Init.Logic "x = y" type_scope +R1973 Inclusion.bin +R1956 Coq.Lists.List.list +R2016 Inclusion.node +R2070 Inclusion.leaf +R2080 Coq.Lists.List.nth +R1973 Inclusion.bin +R1956 Coq.Lists.List.list +R2207 Coq.Init.Logic "x = y" type_scope +R2191 Inclusion.bin_A +R2176 Inclusion.bin_A +R2209 Inclusion.bin_A +R2222 Inclusion.flatten_aux +R2164 Inclusion.bin +R2164 Inclusion.bin +R2144 Coq.Lists.List.list +R2464 Coq.Init.Logic "x = y" type_scope +R2450 Inclusion.bin_A +R2466 Inclusion.bin_A +R2479 Inclusion.flatten +R2440 Inclusion.bin +R2423 Coq.Lists.List.list +R2578 Inclusion.flatten_aux_valid_A +R2578 Inclusion.flatten_aux_valid_A +R2696 Coq.Lists.List.cons +R2782 Coq.Init.Logic "x = y" type_scope +R2822 Coq.Init.Datatypes.S +R2761 Coq.Init.Logic "x = y" type_scope +R2891 Coq.Lists.List.app +R2982 Coq.Lists.List.cons +R3047 Coq.Lists.List.app +R3231 Inclusion.leaf +R3206 Inclusion.leaf +R3143 Inclusion.node +R3347 Coq.Lists.List.In +R3354 Coq.Lists.List "x ++ y" list_scope +R3357 Coq.Lists.List "x ++ y" list_scope +R3329 Coq.Lists.List.In +R3336 Coq.Lists.List "x ++ y" list_scope +R3339 Coq.Lists.List "x ++ y" list_scope +R3318 Coq.Lists.List.list +R3318 Coq.Lists.List.list +R3318 Coq.Lists.List.list +R3403 Coq.Lists.List.incl +R3419 Coq.Lists.List "x ++ y" list_scope +R3422 Coq.Lists.List "x ++ y" list_scope +R3410 Coq.Lists.List "x ++ y" list_scope +R3413 Coq.Lists.List "x ++ y" list_scope +R3403 Coq.Lists.List.incl +R3419 Coq.Lists.List "x ++ y" list_scope +R3422 Coq.Lists.List "x ++ y" list_scope +R3410 Coq.Lists.List "x ++ y" list_scope +R3413 Coq.Lists.List "x ++ y" list_scope +R3444 Coq.Lists.List.ass_app +R3444 Coq.Lists.List.ass_app +R3444 Coq.Lists.List.ass_app +R3444 Coq.Lists.List.ass_app +R3669 Coq.Lists.List.In +R3675 Inclusion.bin_A +R3710 Inclusion.node +R3716 Inclusion.leaf +R3691 Coq.Lists.List.app +R3682 Coq.Lists.List.list +R3602 Coq.Lists.List.In +R3608 Inclusion.bin_A +R3643 Inclusion.insert_bin +R3624 Coq.Lists.List.app +R3615 Coq.Lists.List.list +R3587 Coq.Lists.List.list +R3568 Coq.Lists.List.list +R3574 Coq.Lists.List.list +R3537 Inclusion.bin +R3522 Coq.Init.Datatypes.nat +R3831 Coq.Lists.List.app_ass +R3831 Coq.Lists.List.app_ass +R3831 Coq.Lists.List.app_ass +R3868 Coq.Lists.List.app_ass +R3868 Coq.Lists.List.app_ass +R3890 Inclusion.nat_le_bool +R3890 Inclusion.nat_le_bool +R3937 Inclusion.In_permute_app_head +R3937 Inclusion.In_permute_app_head +R3963 Coq.Lists.List.in_app_or +R3963 Coq.Lists.List.in_app_or +R4012 Coq.Lists.List.in_or_app +R4012 Coq.Lists.List.in_or_app +R4047 Coq.Lists.List.in_or_app +R4047 Coq.Lists.List.in_or_app +R4128 Inclusion.nat_le_bool +R4128 Inclusion.nat_le_bool +R4178 Coq.Lists.List.app_nil_end +R4191 Coq.Lists.List.nth +R4178 Coq.Lists.List.app_nil_end +R4191 Coq.Lists.List.nth +R4220 Coq.Lists.List.app_nil_end +R4233 Coq.Lists.List.nth +R4220 Coq.Lists.List.app_nil_end +R4233 Coq.Lists.List.nth +R4254 Inclusion.In_permute_app_head +R4254 Inclusion.In_permute_app_head +R4462 Coq.Lists.List.In +R4468 Inclusion.bin_A +R4502 Inclusion.insert_bin +R4483 Coq.Lists.List.app +R4475 Coq.Lists.List.list +R4411 Coq.Init.Logic "A \/ B" type_scope +R4392 Coq.Lists.List.In +R4398 Coq.Lists.List.nth +R4414 Coq.Lists.List.In +R4420 Inclusion.bin_A +R4435 Coq.Lists.List.app +R4427 Coq.Lists.List.list +R4381 Coq.Lists.List.list +R4361 Coq.Lists.List.list +R4367 Coq.Lists.List.list +R4341 Inclusion.bin +R4332 Coq.Init.Datatypes.nat +R4606 Coq.Lists.List.in_or_app +R4606 Coq.Lists.List.in_or_app +R4630 Inclusion.nat_le_bool +R4630 Inclusion.nat_le_bool +R4671 Coq.Lists.List.in_or_app +R4671 Coq.Lists.List.in_or_app +R4711 Coq.Lists.List.in_or_app +R4711 Coq.Lists.List.in_or_app +R4754 Coq.Lists.List.in_app_or +R4802 Coq.Lists.List.in_or_app +R4754 Coq.Lists.List.in_app_or +R4802 Coq.Lists.List.in_or_app +R4802 Coq.Lists.List.in_or_app +R4846 Inclusion.nat_le_bool +R4878 Coq.Lists.List.in_or_app +R4846 Inclusion.nat_le_bool +R4846 Inclusion.nat_le_bool +R4878 Coq.Lists.List.in_or_app +R4878 Coq.Lists.List.in_or_app +R4878 Coq.Lists.List.in_or_app +R4878 Coq.Lists.List.in_or_app +R5055 Coq.Lists.List.In +R5061 Inclusion.bin_A +R5077 Coq.Lists.List.app +R5068 Coq.Lists.List.list +R4994 Coq.Lists.List.In +R5000 Inclusion.bin_A +R5035 Inclusion.sort_bin +R5016 Coq.Lists.List.app +R5007 Coq.Lists.List.list +R4981 Coq.Lists.List.list +R4963 Coq.Lists.List.list +R4968 Coq.Lists.List.list +R4936 Inclusion.bin +R5189 Inclusion.insert_bin_included +R5189 Inclusion.insert_bin_included +R5222 Inclusion.insert_bin_included +R5222 Inclusion.insert_bin_included +R5294 Coq.Lists.List.in_app_or +R5343 Inclusion.in_or_insert_bin +R5294 Coq.Lists.List.in_app_or +R5343 Inclusion.in_or_insert_bin +R5343 Inclusion.in_or_insert_bin +R5542 Coq.Lists.List.In +R5548 Inclusion.bin_A +R5583 Inclusion.sort_bin +R5564 Coq.Lists.List.app +R5555 Coq.Lists.List.list +R5492 Coq.Lists.List.In +R5498 Inclusion.bin_A +R5514 Coq.Lists.List.app +R5505 Coq.Lists.List.list +R5479 Coq.Lists.List.list +R5461 Coq.Lists.List.list +R5466 Coq.Lists.List.list +R5434 Inclusion.bin +R5695 Inclusion.in_or_insert_bin +R5695 Inclusion.in_or_insert_bin +R5718 Coq.Lists.List.in_app_or +R5718 Coq.Lists.List.in_app_or +R5875 Coq.Lists.List.In +R5883 Coq.Lists.List "x ++ y" list_scope +R5863 Coq.Lists.List.In +R5852 Coq.Lists.List.In +R5834 Coq.Lists.List.In +R5842 Coq.Lists.List "x ++ y" list_scope +R5823 Coq.Lists.List.list +R5823 Coq.Lists.List.list +R5823 Coq.Lists.List.list +R5921 Coq.Lists.List.in_app_or +R5969 Coq.Lists.List.in_or_app +R5921 Coq.Lists.List.in_app_or +R5969 Coq.Lists.List.in_or_app +R5969 Coq.Lists.List.in_or_app +R6046 Coq.Init.Datatypes.bool +R6028 Inclusion.bin +R6021 Coq.Init.Datatypes.nat +R6073 Inclusion.leaf +R6084 Coq.ring.ArithRing.nateq +R6099 Inclusion.node +R6113 Coq.Bool.Bool.andb +R6028 Inclusion.bin +R6021 Coq.Init.Datatypes.nat +R6227 Inclusion.bin +R6210 Inclusion.bin +R6203 Coq.Init.Datatypes.nat +R6253 Inclusion.leaf +R6263 Inclusion.leaf +R6274 Inclusion.node +R6280 Inclusion.leaf +R6302 Coq.ring.ArithRing.nateq +R6210 Inclusion.bin +R6203 Coq.Init.Datatypes.nat +R6417 Coq.Init.Datatypes.bool +R6398 Inclusion.bin +R6398 Inclusion.bin +R6445 Inclusion.leaf +R6455 Inclusion.check_all_leaves +R6481 Inclusion.node +R6487 Inclusion.leaf +R6531 Coq.Bool.Bool "x || y" bool_scope +R6508 Inclusion.check_all_leaves +R6554 Inclusion.remove_all_leaves +R6588 Coq.Init.Datatypes.false +R6398 Inclusion.bin +R6398 Inclusion.bin +R6794 Coq.Lists.List.In +R6800 Coq.Lists.List.nth +R6743 Coq.Lists.List.In +R6749 Inclusion.bin_A +R6765 Coq.Lists.List.app +R6756 Coq.Lists.List.list +R6730 Coq.Lists.List.list +R6712 Coq.Lists.List.list +R6717 Coq.Lists.List.list +R6676 Coq.Init.Logic "x = y" type_scope +R6654 Inclusion.check_all_leaves +R6678 Coq.Init.Datatypes.true +R6858 Inclusion.check_all_leaves +R6894 Inclusion.check_all_leaves +R6858 Inclusion.check_all_leaves +R6894 Inclusion.check_all_leaves +R6894 Inclusion.check_all_leaves +R6982 Coq.Lists.List.in_app_or +R6982 Coq.Lists.List.in_app_or +R7062 Coq.ring.ArithRing.nateq_prop +R7062 Coq.ring.ArithRing.nateq_prop +R7341 Coq.Init.Logic "A \/ B" type_scope +R7276 Coq.Lists.List.In +R7282 Inclusion.bin_A +R7316 Inclusion.remove_all_leaves +R7298 Coq.Lists.List.app +R7289 Coq.Lists.List.list +R7346 Coq.Lists.List.In +R7352 Coq.Lists.List.nth +R7228 Coq.Lists.List.In +R7234 Inclusion.bin_A +R7250 Coq.Lists.List.app +R7241 Coq.Lists.List.list +R7217 Coq.Lists.List.list +R7199 Coq.Lists.List.list +R7204 Coq.Lists.List.list +R7458 Coq.Init.Logic.refl_equal +R7470 Coq.ring.ArithRing.nateq +R7492 Coq.ring.ArithRing.nateq +R7517 Coq.ring.ArithRing.nateq +R7458 Coq.Init.Logic.refl_equal +R7470 Coq.ring.ArithRing.nateq +R7492 Coq.ring.ArithRing.nateq +R7517 Coq.ring.ArithRing.nateq +R7578 Coq.Init.Logic "x = y" type_scope +R7578 Coq.Init.Logic "x = y" type_scope +R7589 Coq.ring.ArithRing.nateq_prop +R7589 Coq.ring.ArithRing.nateq_prop +R7671 Coq.Lists.List.in_app_or +R7671 Coq.Lists.List.in_app_or +R7948 Coq.Lists.List.In +R7954 Inclusion.bin_A +R7969 Coq.Lists.List.app +R7961 Coq.Lists.List.list +R7901 Coq.Lists.List.In +R7907 Inclusion.bin_A +R7922 Coq.Lists.List.app +R7914 Coq.Lists.List.list +R7890 Coq.Lists.List.list +R7872 Coq.Lists.List.list +R7877 Coq.Lists.List.list +R7838 Coq.Init.Logic "x = y" type_scope +R7817 Inclusion.test_inclusion +R7840 Coq.Init.Datatypes.true +R7810 Inclusion.bin +R7810 Inclusion.bin +R8152 Coq.Init.Logic "A \/ B" type_scope +R8145 Coq.Init.Logic "x = y" type_scope +R8123 Inclusion.check_all_leaves +R8147 Coq.Init.Datatypes.true +R8203 Coq.Init.Logic "x = y" type_scope +R8158 Inclusion.test_inclusion +R8179 Inclusion.remove_all_leaves +R8205 Coq.Init.Datatypes.true +R8152 Coq.Init.Logic "A \/ B" type_scope +R8145 Coq.Init.Logic "x = y" type_scope +R8123 Inclusion.check_all_leaves +R8147 Coq.Init.Datatypes.true +R8203 Coq.Init.Logic "x = y" type_scope +R8158 Inclusion.test_inclusion +R8179 Inclusion.remove_all_leaves +R8205 Coq.Init.Datatypes.true +R8222 Inclusion.check_all_leaves +R8256 Inclusion.test_inclusion +R8277 Inclusion.remove_all_leaves +R8222 Inclusion.check_all_leaves +R8256 Inclusion.test_inclusion +R8277 Inclusion.remove_all_leaves +R8256 Inclusion.test_inclusion +R8277 Inclusion.remove_all_leaves +R8381 Coq.Lists.List.in_or_app +R8404 Inclusion.check_all_leaves_sound +R8381 Coq.Lists.List.in_or_app +R8404 Inclusion.check_all_leaves_sound +R8453 Inclusion.remove_all_leaves_sound +R8453 Inclusion.remove_all_leaves_sound +R8514 Coq.Lists.List.in_or_app +R8514 Coq.Lists.List.in_or_app +R8572 Coq.Lists.List.in_or_app +R8572 Coq.Lists.List.in_or_app +R8602 Inclusion.check_all_leaves_sound +R8602 Inclusion.check_all_leaves_sound +R8866 Coq.Lists.List.In +R8872 Inclusion.bin_A +R8888 Coq.Lists.List.app +R8879 Coq.Lists.List.list +R8816 Coq.Lists.List.In +R8822 Inclusion.bin_A +R8838 Coq.Lists.List.app +R8829 Coq.Lists.List.list +R8803 Coq.Lists.List.list +R8785 Coq.Lists.List.list +R8790 Coq.Lists.List.list +R8749 Coq.Init.Logic "x = y" type_scope +R8686 Inclusion.test_inclusion +R8726 Inclusion.sort_bin +R8736 Inclusion.flatten +R8702 Inclusion.sort_bin +R8712 Inclusion.flatten +R8751 Coq.Init.Datatypes.true +R8677 Inclusion.bin +R8677 Inclusion.bin +R8983 Coq.Lists.List.ass_app +R8948 Inclusion.flatten_valid_A +R8983 Coq.Lists.List.ass_app +R8948 Inclusion.flatten_valid_A +R9008 Inclusion.sort_included +R9008 Inclusion.sort_included +R9062 Inclusion.sort_bin +R9072 Inclusion.flatten +R9029 Inclusion.test_inclusion_sound +R9062 Inclusion.sort_bin +R9072 Inclusion.flatten +R9029 Inclusion.test_inclusion_sound +R9104 Inclusion.sort_included2 +R9104 Inclusion.sort_included2 +R9158 Coq.Lists.List.ass_app +R9131 Inclusion.flatten_valid_A +R9158 Coq.Lists.List.ass_app +R9131 Inclusion.flatten_valid_A +R9237 Coq.Lists.List.In +R9243 Coq.Lists.List.nil +R9272 Coq.Lists.List.In +R9285 Coq.Lists.List.In +R9409 Coq.Lists.List.nil +R9417 Coq.Lists.List.list +R9531 Coq.Lists.List.In +R9537 Inclusion.bin_A +R9567 Coq.Lists.List.nil +R9553 Coq.Lists.List.app +R9544 Coq.Lists.List.list +R9601 Inclusion.inclusion_theorem +R9644 Coq.Init.Logic.refl_equal +R9715 Coq.Lists.List.incl +FAST +R69 Coq.NArith.BinPos.positive +R103 Coqlib.peq +R198 Coq.ZArith.BinInt.Z +R219 AST.Tint +R231 AST.Tfloat +R191 AST.typ +R699 AST.comparison +R732 AST.Ceq +R739 AST.Cne +R747 AST.Cne +R754 AST.Ceq +R762 AST.Clt +R769 AST.Cge +R777 AST.Cle +R784 AST.Cgt +R792 AST.Cgt +R799 AST.Cle +R807 AST.Cge +R814 AST.Clt +R686 AST.comparison +R870 AST.comparison +R903 AST.Ceq +R910 AST.Ceq +R918 AST.Cne +R925 AST.Cne +R933 AST.Clt +R940 AST.Cgt +R948 AST.Cle +R955 AST.Cge +R963 AST.Cgt +R970 AST.Clt +R978 AST.Cge +R985 AST.Cle +R857 AST.comparison +R1049 Coq.Lists.List.list +R1054 AST.typ +R1070 Coq.Init.Datatypes.option +R1077 AST.typ +R1148 Coq.Lists.List.list +R1160 Coq.Init.Datatypes "x * y" type_scope +R1154 AST.ident +R1183 AST.ident +R1203 Coq.Lists.List.list +R1215 Coq.Init.Datatypes "x * y" type_scope +R1209 AST.ident +R1217 Coq.ZArith.BinInt.Z +R1342 Coq.Lists.List.list +R1354 Coq.Init.Datatypes "x * y" type_scope +R1348 AST.ident +R1322 Coq.Lists.List.list +R1334 Coq.Init.Datatypes "x * y" type_scope +R1328 AST.ident +R1381 Coq.Lists.List.nil +R1388 Coq.Lists.List.nil +R1405 Coq.Lists.List "x :: y" list_scope +R1396 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1431 Coq.Lists.List "x :: y" list_scope +R1415 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1322 Coq.Lists.List.list +R1334 Coq.Init.Datatypes "x * y" type_scope +R1328 AST.ident +R1507 AST.program +R1522 AST.mkprogram +R1593 AST.prog_vars +R1575 AST.prog_main +R1537 AST.transf_program +R1555 AST.prog_funct +R1494 AST.program +R1695 Coq.Init.Logic "'exists' x , p" type_scope +R1718 Coq.Init.Logic "A /\ B" type_scope +R1705 Coq.Lists.List.In +R1708 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1730 Coq.Init.Logic "x = y" type_scope +R1659 Coq.Lists.List.In +R1671 AST.transf_program +R1662 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R2064 Coq.Init.Logic "'exists' x , p" type_scope +R2099 Coq.Init.Logic "A /\ B" type_scope +R2074 Coq.Lists.List.In +R2087 AST.prog_funct +R2077 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2111 Coq.Init.Logic "x = y" type_scope +R2013 Coq.Lists.List.In +R2047 AST.prog_funct +R2025 AST.transform_program +R2016 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2148 AST.transf_program_functions +R2148 AST.transf_program_functions +R2290 Coq.Init.Datatypes.option +R2369 Coq.Init.Datatypes.option +R2377 Coq.Lists.List.list +R2389 Coq.Init.Datatypes "x * y" type_scope +R2383 AST.ident +R2349 Coq.Lists.List.list +R2361 Coq.Init.Datatypes "x * y" type_scope +R2355 AST.ident +R2417 Coq.Lists.List.nil +R2424 Coq.Init.Datatypes.Some +R2429 Coq.Lists.List.nil +R2446 Coq.Lists.List "x :: y" list_scope +R2437 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2499 Coq.Init.Datatypes.None +R2507 Coq.Init.Datatypes.None +R2520 Coq.Init.Datatypes.Some +R2592 Coq.Init.Datatypes.None +R2600 Coq.Init.Datatypes.None +R2617 Coq.Init.Datatypes.Some +R2629 Coq.Init.Datatypes.Some +R2645 Coq.Lists.List "x :: y" list_scope +R2635 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2349 Coq.Lists.List.list +R2361 Coq.Init.Datatypes "x * y" type_scope +R2355 AST.ident +R2739 Coq.Init.Datatypes.option +R2747 AST.program +R2769 AST.transf_partial_program +R2795 AST.prog_funct +R2816 Coq.Init.Datatypes.None +R2824 Coq.Init.Datatypes.None +R2833 Coq.Init.Datatypes.Some +R2844 Coq.Init.Datatypes.Some +R2850 AST.mkprogram +R2880 AST.prog_vars +R2866 AST.prog_main +R2726 AST.program +R3027 Coq.Init.Logic "'exists' x , p" type_scope +R3050 Coq.Init.Logic "A /\ B" type_scope +R3037 Coq.Lists.List.In +R3040 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3070 Coq.Init.Logic "x = y" type_scope +R3072 Coq.Init.Datatypes.Some +R3007 Coq.Lists.List.In +R3010 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2991 Coq.Init.Logic "x = y" type_scope +R2965 AST.transf_partial_program +R2993 Coq.Init.Datatypes.Some +R3266 AST.transf_partial_program +R3266 AST.transf_partial_program +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R3705 Coq.Init.Logic "'exists' x , p" type_scope +R3740 Coq.Init.Logic "A /\ B" type_scope +R3715 Coq.Lists.List.In +R3728 AST.prog_funct +R3718 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3760 Coq.Init.Logic "x = y" type_scope +R3762 Coq.Init.Datatypes.Some +R3673 Coq.Lists.List.In +R3688 AST.prog_funct +R3676 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3658 Coq.Init.Logic "x = y" type_scope +R3630 AST.transform_partial_program +R3660 Coq.Init.Datatypes.Some +R3843 AST.transf_partial_program +R3867 AST.prog_funct +R3843 AST.transf_partial_program +R3867 AST.prog_funct +R3899 AST.transf_partial_program_functions +R3899 AST.transf_partial_program_functions +R4133 Coq.Init.Logic "x = y" type_scope +R4122 AST.prog_main +R4138 AST.prog_main +R4103 Coq.Init.Logic "x = y" type_scope +R4075 AST.transform_partial_program +R4105 Coq.Init.Datatypes.Some +R4218 AST.transf_partial_program +R4242 AST.prog_funct +R4218 AST.transf_partial_program +R4242 AST.prog_funct +FIntegers +R66 Coq.Init.Datatypes.nat +R102 Coq.ZArith.BinInt.Z +R107 Coq.ZArith.Zpower.two_power_nat +R121 Integers.wordsize +R157 Coq.ZArith.BinInt.Z +R170 Coq.ZArith.Zdiv "x / y" Z_scope +R162 Integers.modulus +R216 Coq.ZArith.BinInt "x ?= y" Z_scope +R230 Coq.Init.Datatypes.Lt +R236 Coq.Init.Logic.False +R264 Coq.ZArith.BinInt "x ?= y" Z_scope +R267 Integers.modulus +R286 Coq.Init.Datatypes.Lt +R292 Coq.Init.Logic.True +R309 Coq.Init.Logic.False +R200 Coq.ZArith.BinInt.Z +R366 Coq.ZArith.BinInt.Z +R379 Integers.in_range +R438 Coq.ZArith.BinInt.Z +R451 Coq.ZArith.BinInt "x - y" Z_scope +R443 Integers.modulus +R480 Coq.ZArith.BinInt.Z +R498 Coq.ZArith.BinInt "x - y" Z_scope +R485 Integers.half_modulus +R527 Coq.ZArith.BinInt.Z +R532 Coq.ZArith.BinInt "- x" Z_scope +R534 Integers.half_modulus +R580 Coq.ZArith.BinInt.Z +R585 Integers.intval +R573 Integers.int +R625 Coq.ZArith.BinInt.Z +R635 Coqlib.zlt +R652 Integers.half_modulus +R640 Integers.unsigned +R701 Coq.ZArith.BinInt "x - y" Z_scope +R690 Integers.unsigned +R703 Integers.modulus +R672 Integers.unsigned +R618 Integers.int +R745 Integers.in_range +R755 Coq.ZArith.Zdiv.Zmod +R762 Integers.modulus +R802 Coq.ZArith.Zdiv.Z_mod_lt +R822 Coqlib.two_power_nat_pos +R840 Integers.wordsize +R813 Integers.modulus +R802 Coq.ZArith.Zdiv.Z_mod_lt +R822 Coqlib.two_power_nat_pos +R840 Integers.wordsize +R813 Integers.modulus +R895 Coq.ZArith.BinInt "x >= y" Z_scope +R883 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R887 Integers.modulus +R895 Coq.ZArith.BinInt "x >= y" Z_scope +R883 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R887 Integers.modulus +R974 Coq.ZArith.BinInt "x ?= y" Z_scope +R962 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R966 Integers.modulus +R974 Coq.ZArith.BinInt "x ?= y" Z_scope +R962 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R966 Integers.modulus +R1019 Integers.int +R1029 Integers.mkint +R1053 Integers.mod_in_range +R1036 Coq.ZArith.Zdiv.Zmod +R1043 Integers.modulus +R1014 Coq.ZArith.BinInt.Z +R1090 Integers.repr +R1117 Integers.repr +R1144 Integers.repr +R1230 Coq.Init.Logic "x = y" type_scope +R1214 Integers.in_range +R1214 Integers.in_range +R1203 Coq.ZArith.BinInt.Z +R1369 Coq.Init.Logic "x = y" type_scope +R1316 Coq.ZArith.BinInt "x ?= y" Z_scope +R1319 Integers.modulus +R1332 Coq.Init.Datatypes.Lt +R1338 Coq.Init.Logic.True +R1350 Coq.Init.Logic.False +R1316 Coq.ZArith.BinInt "x ?= y" Z_scope +R1319 Integers.modulus +R1332 Coq.Init.Datatypes.Lt +R1338 Coq.Init.Logic.True +R1350 Coq.Init.Logic.False +R1369 Coq.Init.Logic "x = y" type_scope +R1316 Coq.ZArith.BinInt "x ?= y" Z_scope +R1319 Integers.modulus +R1332 Coq.Init.Datatypes.Lt +R1338 Coq.Init.Logic.True +R1350 Coq.Init.Logic.False +R1316 Coq.ZArith.BinInt "x ?= y" Z_scope +R1319 Integers.modulus +R1332 Coq.Init.Datatypes.Lt +R1338 Coq.Init.Logic.True +R1350 Coq.Init.Logic.False +R1390 Coq.ZArith.BinInt "x ?= y" Z_scope +R1393 Integers.modulus +R1390 Coq.ZArith.BinInt "x ?= y" Z_scope +R1393 Integers.modulus +R1508 Coq.ZArith.BinInt "x ?= y" Z_scope +R1508 Coq.ZArith.BinInt "x ?= y" Z_scope +R1606 Coq.Init.Logic "x = y" type_scope +R1595 Integers.mkint +R1608 Integers.mkint +R1588 Coq.Init.Logic "x = y" type_scope +R1661 Integers.in_range_proof_irrelevance +R1661 Integers.in_range_proof_irrelevance +R1769 Coq.Init.Specif "{ A } + { B }" type_scope +R1772 Coq.Init.Logic "x = y" type_scope +R1782 Coq.Init.Logic "x <> y" type_scope +R1763 Integers.int +R1763 Integers.int +R1836 Coqlib.zeq +R1836 Coqlib.zeq +R1879 Integers.mkint_eq +R1879 Integers.mkint_eq +R1971 Coq.Init.Datatypes.bool +R1985 Coqlib.zeq +R2003 Integers.unsigned +R1990 Integers.unsigned +R2030 Coq.Init.Datatypes.false +R2020 Coq.Init.Datatypes.true +R1964 Integers.int +R1964 Integers.int +R2064 Coq.Init.Datatypes.bool +R2077 Coqlib.zlt +R2093 Integers.signed +R2082 Integers.signed +R2118 Coq.Init.Datatypes.false +R2108 Coq.Init.Datatypes.true +R2057 Integers.int +R2057 Integers.int +R2153 Coq.Init.Datatypes.bool +R2166 Coqlib.zlt +R2184 Integers.unsigned +R2171 Integers.unsigned +R2211 Coq.Init.Datatypes.false +R2201 Coq.Init.Datatypes.true +R2146 Integers.int +R2146 Integers.int +R2245 Integers.int +R2252 Integers.repr +R2258 Coq.ZArith.BinInt "- x" Z_scope +R2260 Integers.unsigned +R2238 Integers.int +R2307 Integers.int +R2355 Coqlib.zlt +R2382 Integers.repr +R2390 Coq.ZArith.BinInt "x - y" Z_scope +R2370 Integers.repr +R2325 Coq.ZArith.Zdiv.Zmod +R2331 Integers.unsigned +R2300 Integers.int +R2434 Integers.int +R2443 Integers.repr +R2449 Coq.ZArith.Zdiv.Zmod +R2455 Integers.unsigned +R2427 Integers.int +R2508 Integers.int +R2558 Coqlib.zlt +R2587 Integers.repr +R2595 Coq.ZArith.BinInt "x - y" Z_scope +R2575 Integers.repr +R2526 Coq.ZArith.Zdiv.Zmod +R2532 Integers.unsigned +R2501 Integers.int +R2642 Integers.int +R2651 Integers.repr +R2657 Coq.ZArith.Zdiv.Zmod +R2663 Integers.unsigned +R2635 Integers.int +R2712 Integers.int +R2721 Integers.repr +R2738 Coq.ZArith.BinInt "x + y" Z_scope +R2727 Integers.unsigned +R2740 Integers.unsigned +R2705 Integers.int +R2705 Integers.int +R2781 Integers.int +R2790 Integers.repr +R2807 Coq.ZArith.BinInt "x - y" Z_scope +R2796 Integers.unsigned +R2809 Integers.unsigned +R2774 Integers.int +R2774 Integers.int +R2850 Integers.int +R2859 Integers.repr +R2876 Coq.ZArith.BinInt "x * y" Z_scope +R2865 Integers.unsigned +R2878 Integers.unsigned +R2843 Integers.int +R2843 Integers.int +R2925 Coq.ZArith.BinInt.Z +R2935 Coqlib.zlt +R3012 Coqlib.zlt +R3044 Coq.ZArith.Zdiv "x / y" Z_scope +R3025 Coq.ZArith.BinInt "- x" Z_scope +R3029 Coq.ZArith.Zdiv "x / y" Z_scope +R3032 Coq.ZArith.BinInt "- x" Z_scope +R2955 Coqlib.zlt +R2985 Coq.ZArith.BinInt "- x" Z_scope +R2991 Coq.ZArith.Zdiv "x / y" Z_scope +R2989 Coq.ZArith.BinInt "- x" Z_scope +R2971 Coq.ZArith.Zdiv "x / y" Z_scope +R2969 Coq.ZArith.BinInt "- x" Z_scope +R2976 Coq.ZArith.BinInt "- x" Z_scope +R2920 Coq.ZArith.BinInt.Z +R2920 Coq.ZArith.BinInt.Z +R3083 Coq.ZArith.BinInt.Z +R3092 Coq.ZArith.BinInt "x - y" Z_scope +R3109 Coq.ZArith.BinInt "x * y" Z_scope +R3095 Integers.Zdiv_round +R3078 Coq.ZArith.BinInt.Z +R3078 Coq.ZArith.BinInt.Z +R3146 Integers.int +R3155 Integers.repr +R3161 Integers.Zdiv_round +R3184 Integers.signed +R3173 Integers.signed +R3139 Integers.int +R3139 Integers.int +R3225 Integers.int +R3234 Integers.repr +R3240 Integers.Zmod_round +R3263 Integers.signed +R3252 Integers.signed +R3218 Integers.int +R3218 Integers.int +R3304 Integers.int +R3313 Integers.repr +R3330 Coq.ZArith.Zdiv "x / y" Z_scope +R3319 Integers.unsigned +R3332 Integers.unsigned +R3297 Integers.int +R3297 Integers.int +R3374 Integers.int +R3383 Integers.repr +R3389 Coq.ZArith.Zdiv.Zmod +R3408 Integers.unsigned +R3395 Integers.unsigned +R3367 Integers.int +R3367 Integers.int +R3495 Coq.ZArith.BinInt "x * y" Z_scope +R3484 Coq.ZArith.BinInt "x + y" Z_scope +R3480 Coq.ZArith.BinInt "x * y" Z_scope +R3460 Coq.ZArith.BinInt.Z +R3450 Coq.Init.Datatypes.bool +R3539 Coq.Init.Datatypes "x * y" type_scope +R3534 Coq.Init.Datatypes.bool +R3541 Coq.ZArith.BinInt.Z +R3565 Coq.ZArith.BinInt.Z0 +R3571 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3572 Coq.Init.Datatypes.false +R3586 Coq.ZArith.BinInt.Zpos +R3623 Coq.NArith.BinPos.xI +R3631 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3632 Coq.Init.Datatypes.true +R3638 Coq.ZArith.BinInt.Zpos +R3654 Coq.NArith.BinPos.xO +R3662 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3663 Coq.Init.Datatypes.false +R3670 Coq.ZArith.BinInt.Zpos +R3686 Coq.NArith.BinPos.xH +R3692 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3693 Coq.Init.Datatypes.true +R3716 Coq.ZArith.BinInt.Zneg +R3753 Coq.NArith.BinPos.xI +R3761 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3762 Coq.Init.Datatypes.true +R3775 Coq.ZArith.BinInt "x - y" Z_scope +R3768 Coq.ZArith.BinInt.Zneg +R3788 Coq.NArith.BinPos.xO +R3796 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3797 Coq.Init.Datatypes.false +R3804 Coq.ZArith.BinInt.Zneg +R3820 Coq.NArith.BinPos.xH +R3826 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3827 Coq.Init.Datatypes.true +R3529 Coq.ZArith.BinInt.Z +R3907 Coq.Init.Datatypes.bool +R3902 Coq.ZArith.BinInt.Z +R3887 Coq.ZArith.BinInt.Z +R3878 Coq.Init.Datatypes.nat +R3934 Coq.Init.Datatypes.O +R3958 Coq.Init.Datatypes.false +R3953 Coq.ZArith.BinInt.Z +R3969 Coq.Init.Datatypes.S +R3996 Integers.Z_bin_decomp +R4068 Coqlib.zeq +R4093 Coq.ZArith.BinInt "x - y" Z_scope +R4060 Coq.ZArith.BinInt.Z +R3887 Coq.ZArith.BinInt.Z +R3878 Coq.Init.Datatypes.nat +R4162 Coq.ZArith.BinInt.Z +R4144 Coq.Init.Datatypes.bool +R4139 Coq.ZArith.BinInt.Z +R4130 Coq.Init.Datatypes.nat +R4186 Coq.Init.Datatypes.O +R4197 Coq.Init.Datatypes.S +R4204 Integers.Z_shift_add +R4250 Coq.ZArith.BinInt "x + y" Z_scope +R4144 Coq.Init.Datatypes.bool +R4139 Coq.ZArith.BinInt.Z +R4130 Coq.Init.Datatypes.nat +R4426 Integers.repr +R4432 Integers.Z_of_bits +R4442 Integers.wordsize +R4389 Integers.bits_of_Z +R4409 Integers.unsigned +R4399 Integers.wordsize +R4342 Integers.bits_of_Z +R4362 Integers.unsigned +R4352 Integers.wordsize +R4322 Integers.int +R4322 Integers.int +R4310 Coq.Init.Datatypes.bool +R4302 Coq.Init.Datatypes.bool +R4294 Coq.Init.Datatypes.bool +R4508 Integers.int +R4515 Integers.bitwise_binop +R4529 Coq.Bool.Bool.andb +R4502 Integers.int +R4502 Integers.int +R4565 Integers.int +R4572 Integers.bitwise_binop +R4586 Coq.Bool.Bool.orb +R4559 Integers.int +R4559 Integers.int +R4623 Integers.int +R4630 Integers.bitwise_binop +R4644 Coq.Bool.Bool.xorb +R4616 Integers.int +R4616 Integers.int +R4681 Integers.int +R4688 Integers.xor +R4694 Integers.mone +R4674 Integers.int +R4728 Integers.int +R4810 Integers.repr +R4816 Integers.Z_of_bits +R4851 Coq.ZArith.BinInt "x - y" Z_scope +R4826 Integers.wordsize +R4794 Integers.unsigned +R4747 Integers.bits_of_Z +R4767 Integers.unsigned +R4757 Integers.wordsize +R4722 Integers.int +R4722 Integers.int +R4889 Integers.int +R4971 Integers.repr +R4977 Integers.Z_of_bits +R5012 Coq.ZArith.BinInt "x + y" Z_scope +R4987 Integers.wordsize +R4955 Integers.unsigned +R4908 Integers.bits_of_Z +R4928 Integers.unsigned +R4918 Integers.wordsize +R4883 Integers.int +R4883 Integers.int +R5049 Integers.int +R5058 Integers.repr +R5073 Coq.ZArith.Zdiv "x / y" Z_scope +R5064 Integers.signed +R5075 Coq.ZArith.Zpower.two_p +R5082 Integers.unsigned +R5043 Integers.int +R5043 Integers.int +R5124 Integers.int +R5133 Integers.divs +R5141 Integers.shl +R5145 Integers.one +R5118 Integers.int +R5118 Integers.int +R5191 Integers.sub +R5207 Integers.shr +R5196 Integers.shrx +R5181 Integers.int +R5181 Integers.int +R5246 Integers.int +R5328 Integers.repr +R5334 Integers.Z_of_bits +R5376 Coq.ZArith.Zdiv.Zmod +R5391 Coq.ZArith.BinInt.Z_of_nat +R5400 Integers.wordsize +R5384 Coq.ZArith.BinInt "x - y" Z_scope +R5344 Integers.wordsize +R5312 Integers.unsigned +R5265 Integers.bits_of_Z +R5285 Integers.unsigned +R5275 Integers.wordsize +R5239 Integers.int +R5239 Integers.int +R5445 Integers.int +R5452 Integers.and +R5457 Integers.rol +R5439 Integers.int +R5439 Integers.int +R5439 Integers.int +R5525 Coq.Lists.List.list +R5530 Coq.ZArith.BinInt.Z +R5510 Coq.ZArith.BinInt.Z +R5503 Coq.ZArith.BinInt.Z +R5494 Coq.Init.Datatypes.nat +R5554 Coq.Init.Datatypes.O +R5559 Coq.Lists.List.nil +R5567 Coq.Init.Datatypes.S +R5594 Integers.Z_bin_decomp +R5676 Coq.ZArith.BinInt "x + y" Z_scope +R5630 Coq.Lists.List "x :: y" list_scope +R5650 Coq.ZArith.BinInt "x + y" Z_scope +R5510 Coq.ZArith.BinInt.Z +R5503 Coq.ZArith.BinInt.Z +R5494 Coq.Init.Datatypes.nat +R5720 Coq.Init.Datatypes.option +R5727 Integers.int +R5742 Integers.Z_one_bits +R5763 Integers.unsigned +R5753 Integers.wordsize +R5788 Coq.Lists.List "x :: y" list_scope +R5791 Coq.Lists.List.nil +R5798 Coq.Init.Datatypes.Some +R5804 Integers.repr +R5821 Coq.Init.Datatypes.None +R5713 Integers.int +R5865 Coq.Lists.List.list +R5870 Integers.int +R5879 Coq.Lists.List.map +R5894 Integers.Z_one_bits +R5915 Integers.unsigned +R5905 Integers.wordsize +R5888 Integers.repr +R5858 Integers.int +R6573 Integers.rlw_state +R6608 Integers.RLW_S0 +R6616 Coq.Init.Datatypes.false +R6625 Integers.RLW_S1 +R6636 Integers.RLW_S0 +R6644 Coq.Init.Datatypes.true +R6653 Integers.RLW_S4 +R6664 Integers.RLW_S1 +R6672 Coq.Init.Datatypes.false +R6681 Integers.RLW_S1 +R6692 Integers.RLW_S1 +R6700 Coq.Init.Datatypes.true +R6709 Integers.RLW_S2 +R6720 Integers.RLW_S2 +R6728 Coq.Init.Datatypes.false +R6737 Integers.RLW_S3 +R6748 Integers.RLW_S2 +R6756 Coq.Init.Datatypes.true +R6765 Integers.RLW_S2 +R6776 Integers.RLW_S3 +R6784 Coq.Init.Datatypes.false +R6793 Integers.RLW_S3 +R6804 Integers.RLW_S3 +R6812 Coq.Init.Datatypes.true +R6821 Integers.RLW_Sbad +R6834 Integers.RLW_S4 +R6842 Coq.Init.Datatypes.false +R6851 Integers.RLW_S5 +R6862 Integers.RLW_S4 +R6870 Coq.Init.Datatypes.true +R6879 Integers.RLW_S4 +R6890 Integers.RLW_S5 +R6898 Coq.Init.Datatypes.false +R6907 Integers.RLW_S5 +R6918 Integers.RLW_S5 +R6926 Coq.Init.Datatypes.true +R6935 Integers.RLW_S6 +R6946 Integers.RLW_S6 +R6954 Coq.Init.Datatypes.false +R6963 Integers.RLW_Sbad +R6976 Integers.RLW_S6 +R6984 Coq.Init.Datatypes.true +R6993 Integers.RLW_S6 +R7004 Integers.RLW_Sbad +R7019 Integers.RLW_Sbad +R6565 Coq.Init.Datatypes.bool +R6550 Integers.rlw_state +R7078 Coq.Init.Datatypes.bool +R7105 Integers.RLW_S0 +R7115 Coq.Init.Datatypes.false +R7125 Integers.RLW_S1 +R7135 Coq.Init.Datatypes.false +R7145 Integers.RLW_S2 +R7155 Coq.Init.Datatypes.true +R7164 Integers.RLW_S3 +R7174 Coq.Init.Datatypes.true +R7183 Integers.RLW_S4 +R7193 Coq.Init.Datatypes.true +R7202 Integers.RLW_S5 +R7212 Coq.Init.Datatypes.true +R7221 Integers.RLW_S6 +R7231 Coq.Init.Datatypes.true +R7240 Integers.RLW_Sbad +R7252 Coq.Init.Datatypes.false +R7065 Integers.rlw_state +R7335 Coq.Init.Datatypes.bool +R7319 Coq.ZArith.BinInt.Z +R7304 Integers.rlw_state +R7295 Coq.Init.Datatypes.nat +R7362 Coq.Init.Datatypes.O +R7373 Integers.rlw_accepting +R7393 Coq.Init.Datatypes.S +R7420 Integers.Z_bin_decomp +R7463 Integers.rlw_transition +R7319 Coq.ZArith.BinInt.Z +R7304 Integers.rlw_state +R7295 Coq.Init.Datatypes.nat +R7527 Coq.Init.Datatypes.bool +R7537 Integers.is_rlw_mask_rec +R7570 Integers.unsigned +R7562 Integers.RLW_S0 +R7553 Integers.wordsize +R7520 Integers.int +R7628 Coq.Init.Datatypes.bool +R7655 AST.Ceq +R7662 Integers.eq +R7673 AST.Cne +R7680 Coq.Bool.Bool.negb +R7686 Integers.eq +R7698 AST.Clt +R7705 Integers.lt +R7716 AST.Cle +R7723 Coq.Bool.Bool.negb +R7729 Integers.lt +R7741 AST.Cgt +R7748 Integers.lt +R7759 AST.Cge +R7766 Coq.Bool.Bool.negb +R7772 Integers.lt +R7621 Integers.int +R7621 Integers.int +R7603 AST.comparison +R7833 Coq.Init.Datatypes.bool +R7860 AST.Ceq +R7867 Integers.eq +R7878 AST.Cne +R7885 Coq.Bool.Bool.negb +R7891 Integers.eq +R7903 AST.Clt +R7910 Integers.ltu +R7922 AST.Cle +R7929 Coq.Bool.Bool.negb +R7935 Integers.ltu +R7948 AST.Cgt +R7955 Integers.ltu +R7967 AST.Cge +R7974 Coq.Bool.Bool.negb +R7980 Integers.ltu +R7826 Integers.int +R7826 Integers.int +R7808 AST.comparison +R8038 Coq.Init.Logic "x = y" type_scope +R8040 Integers.zero +R8021 Integers.int +R8087 Coq.Init.Logic "x <> y" type_scope +R8090 Integers.zero +R8070 Integers.int +R8127 Integers.int +R8138 Integers.eq +R8143 Integers.zero +R8162 Integers.zero +R8153 Integers.one +R8120 Integers.int +R8239 Coq.Init.Logic "x <> y" type_scope +R8231 Integers.one +R8242 Integers.zero +R8326 Coq.Init.Logic "x = y" type_scope +R8319 Integers.eq +R8328 Integers.eq +R8370 Coqlib.zeq +R8388 Integers.unsigned +R8375 Integers.unsigned +R8370 Coqlib.zeq +R8388 Integers.unsigned +R8375 Integers.unsigned +R8430 Coqlib.zeq_true +R8430 Coqlib.zeq_true +R8456 Coqlib.zeq_false +R8456 Coqlib.zeq_false +R8524 Integers.eq +R8549 Coq.Init.Logic "x <> y" type_scope +R8538 Coq.Init.Logic "x = y" type_scope +R8515 Integers.int +R8515 Integers.int +R8589 Integers.eq_dec +R8589 Integers.eq_dec +R8628 Coqlib.zeq_true +R8628 Coqlib.zeq_true +R8654 Coqlib.zeq_false +R8654 Coqlib.zeq_false +R8733 Integers.mkint_eq +R8733 Integers.mkint_eq +R8789 Coq.Init.Logic "x = y" type_scope +R8782 Integers.eq +R8791 Coq.Init.Datatypes.true +R8826 Integers.eq_spec +R8846 Integers.eq +R8826 Integers.eq_spec +R8846 Integers.eq +R8928 Coq.Init.Logic "x = y" type_scope +R8921 Integers.eq +R8930 Coq.Init.Datatypes.false +R8913 Coq.Init.Logic "x <> y" type_scope +R8966 Integers.eq_spec +R8986 Integers.eq +R8966 Integers.eq_spec +R8986 Integers.eq +R9050 Coq.ZArith.BinInt "x > y" Z_scope +R9042 Integers.modulus +R9086 Coqlib.two_power_nat_pos +R9086 Coqlib.two_power_nat_pos +R9124 Integers.modulus_pos +R9222 Coq.ZArith.BinInt.Z +R9253 Coq.ZArith.BinInt "x > y" Z_scope +R9295 Coq.Init.Logic "'exists' x , p" type_scope +R9307 Coq.Init.Logic "x = y" type_scope +R9319 Coq.ZArith.BinInt "x + y" Z_scope +R9311 Coq.ZArith.BinInt "x * y" Z_scope +R9282 Coq.ZArith.BinInt.Z +R9282 Coq.ZArith.BinInt.Z +R9353 Integers.eqmod +R9449 Integers.eqmod +R9442 Coq.Init.Logic "x = y" type_scope +R9492 Integers.eqmod_refl +R9492 Integers.eqmod_refl +R9552 Integers.eqmod +R9539 Integers.eqmod +R9604 Coq.ZArith.BinInt "- x" Z_scope +R9604 Coq.ZArith.BinInt "- x" Z_scope +R9689 Integers.eqmod +R9676 Integers.eqmod +R9663 Integers.eqmod +R9759 Coq.ZArith.BinInt "x + y" Z_scope +R9759 Coq.ZArith.BinInt "x + y" Z_scope +R9883 Coq.Init.Logic "x = y" type_scope +R9865 Coq.ZArith.BinInt "x <= y < z" Z_scope +R9847 Coq.ZArith.BinInt "x <= y < z" Z_scope +R9832 Integers.eqmod +R9936 Coqlib.Zdiv_unique +R9936 Coqlib.Zdiv_unique +R9982 Coqlib.Zdiv_small +R9982 Coqlib.Zdiv_small +R10092 Coq.Init.Logic "x = y" type_scope +R10082 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R10096 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R10067 Integers.eqmod +R10155 Coq.ZArith.BinInt.Zplus_comm +R10155 Coq.ZArith.BinInt.Zplus_comm +R10173 Coq.ZArith.Zdiv.Z_mod_plus +R10173 Coq.ZArith.Zdiv.Z_mod_plus +R10226 Integers.eqmod +R10237 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R10281 Coq.ZArith.Zdiv "x / y" Z_scope +R10281 Coq.ZArith.Zdiv "x / y" Z_scope +R10302 Coq.ZArith.BinInt.Zmult_comm +R10302 Coq.ZArith.BinInt.Zmult_comm +R10320 Coq.ZArith.Zdiv.Z_div_mod_eq +R10320 Coq.ZArith.Zdiv.Z_div_mod_eq +R10407 Integers.eqmod +R10424 Coq.ZArith.BinInt "x + y" Z_scope +R10416 Coq.ZArith.BinInt "x + y" Z_scope +R10394 Integers.eqmod +R10381 Integers.eqmod +R10509 Coq.ZArith.BinInt "x + y" Z_scope +R10509 Coq.ZArith.BinInt "x + y" Z_scope +R10572 Integers.eqmod +R10584 Coq.ZArith.BinInt "- x" Z_scope +R10579 Coq.ZArith.BinInt "- x" Z_scope +R10559 Integers.eqmod +R10630 Coq.ZArith.BinInt "- x" Z_scope +R10630 Coq.ZArith.BinInt "- x" Z_scope +R10721 Integers.eqmod +R10738 Coq.ZArith.BinInt "x - y" Z_scope +R10730 Coq.ZArith.BinInt "x - y" Z_scope +R10708 Integers.eqmod +R10695 Integers.eqmod +R10823 Coq.ZArith.BinInt "x - y" Z_scope +R10823 Coq.ZArith.BinInt "x - y" Z_scope +R10904 Integers.eqmod +R10921 Coq.ZArith.BinInt "x * y" Z_scope +R10913 Coq.ZArith.BinInt "x * y" Z_scope +R10891 Integers.eqmod +R10878 Integers.eqmod +R11030 Coq.ZArith.BinInt "x + y" Z_scope +R11021 Coq.ZArith.BinInt "x + y" Z_scope +R11013 Coq.ZArith.BinInt "x * y" Z_scope +R11008 Coq.ZArith.BinInt "x * y" Z_scope +R11025 Coq.ZArith.BinInt "x * y" Z_scope +R11035 Coq.ZArith.BinInt "x * y" Z_scope +R11030 Coq.ZArith.BinInt "x + y" Z_scope +R11021 Coq.ZArith.BinInt "x + y" Z_scope +R11013 Coq.ZArith.BinInt "x * y" Z_scope +R11008 Coq.ZArith.BinInt "x * y" Z_scope +R11025 Coq.ZArith.BinInt "x * y" Z_scope +R11035 Coq.ZArith.BinInt "x * y" Z_scope +R11123 Integers.eqmod +R11129 Integers.modulus +R11165 Integers.eqm +R11181 Integers.eqmod_refl +R11192 Integers.modulus +R11215 Integers.eqm_refl +R11272 Integers.eqm +R11265 Coq.Init.Logic "x = y" type_scope +R11288 Integers.eqmod_refl2 +R11300 Integers.modulus +R11323 Integers.eqm_refl2 +R11379 Integers.eqm +R11368 Integers.eqm +R11395 Integers.eqmod_sym +R11405 Integers.modulus +R11428 Integers.eqm_sym +R11497 Integers.eqm +R11486 Integers.eqm +R11475 Integers.eqm +R11513 Integers.eqmod_trans +R11525 Integers.modulus +R11548 Integers.eqm_trans +R11616 Coq.Init.Logic "x = y" type_scope +R11609 Integers.repr +R11618 Integers.repr +R11598 Integers.eqm +R11662 Integers.mkint_eq +R11662 Integers.mkint_eq +R11681 Integers.eqmod_mod_eq +R11681 Integers.eqmod_mod_eq +R11763 Integers.eqm +R11770 Integers.unsigned +R11780 Integers.repr +R11850 Integers.eqmod_mod +R11850 Integers.eqmod_mod +R11895 Integers.eqm_unsigned_repr +R11973 Integers.eqm +R11978 Integers.unsigned +R11988 Integers.repr +R11962 Integers.eqm +R12023 Integers.eqm_trans +R12023 Integers.eqm_trans +R12050 Integers.eqm_sym +R12050 Integers.eqm_sym +R12065 Integers.eqm_unsigned_repr +R12065 Integers.eqm_unsigned_repr +R12108 Integers.eqm_unsigned_repr_l +R12188 Integers.eqm +R12195 Integers.unsigned +R12205 Integers.repr +R12177 Integers.eqm +R12238 Integers.eqm_trans +R12238 Integers.eqm_trans +R12270 Integers.eqm_unsigned_repr +R12270 Integers.eqm_unsigned_repr +R12308 Integers.eqm_unsigned_repr_r +R12375 Integers.eqm +R12391 Integers.unsigned +R12380 Integers.signed +R12450 Integers.unsigned +R12450 Integers.unsigned +R12471 Coqlib.zlt +R12477 Integers.half_modulus +R12471 Coqlib.zlt +R12477 Integers.half_modulus +R12507 Integers.eqmod_refl +R12507 Integers.eqmod_refl +R12637 Coq.Init.Logic "x = y" type_scope +R12617 Coq.ZArith.BinInt "x <= y < z" Z_scope +R12624 Integers.modulus +R12597 Coq.ZArith.BinInt "x <= y < z" Z_scope +R12604 Integers.modulus +R12584 Integers.eqm +R12649 Integers.eqmod_small_eq +R12664 Integers.modulus +R12687 Integers.eqm_small_eq +R12763 Integers.eqm +R12778 Coq.ZArith.BinInt "x + y" Z_scope +R12770 Coq.ZArith.BinInt "x + y" Z_scope +R12752 Integers.eqm +R12741 Integers.eqm +R12791 Integers.eqmod_add +R12801 Integers.modulus +R12824 Integers.eqm_add +R12880 Integers.eqm +R12890 Coq.ZArith.BinInt "- x" Z_scope +R12885 Coq.ZArith.BinInt "- x" Z_scope +R12869 Integers.eqm +R12902 Integers.eqmod_neg +R12912 Integers.modulus +R12935 Integers.eqm_neg +R13006 Integers.eqm +R13021 Coq.ZArith.BinInt "x - y" Z_scope +R13013 Coq.ZArith.BinInt "x - y" Z_scope +R12995 Integers.eqm +R12984 Integers.eqm +R13034 Integers.eqmod_sub +R13044 Integers.modulus +R13067 Integers.eqm_sub +R13139 Integers.eqm +R13154 Coq.ZArith.BinInt "x * y" Z_scope +R13146 Coq.ZArith.BinInt "x * y" Z_scope +R13128 Integers.eqm +R13117 Integers.eqm +R13167 Integers.eqmod_mult +R13178 Integers.modulus +R13201 Integers.eqm_mult +R13268 Coq.ZArith.BinInt "x <= y < z" Z_scope +R13275 Integers.modulus +R13252 Integers.in_range +R13319 Coq.Init.Logic "A /\ B" type_scope +R13314 Coq.ZArith.BinInt "x >= y" Z_scope +R13324 Coq.ZArith.BinInt "x < y" Z_scope +R13326 Integers.modulus +R13319 Coq.Init.Logic "A /\ B" type_scope +R13314 Coq.ZArith.BinInt "x >= y" Z_scope +R13324 Coq.ZArith.BinInt "x < y" Z_scope +R13326 Integers.modulus +R13393 Coq.ZArith.BinInt "x ?= y" Z_scope +R13393 Coq.ZArith.BinInt "x ?= y" Z_scope +R13414 Coq.ZArith.BinInt "x ?= y" Z_scope +R13417 Integers.modulus +R13414 Coq.ZArith.BinInt "x ?= y" Z_scope +R13417 Integers.modulus +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R13501 Coq.ZArith.BinInt "x ?= y" Z_scope +R13504 Integers.modulus +R13501 Coq.ZArith.BinInt "x ?= y" Z_scope +R13504 Integers.modulus +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R13610 Coq.ZArith.BinInt "x <= y < z" Z_scope +R13613 Integers.unsigned +R13613 Integers.unsigned +R13626 Integers.modulus +R13672 Integers.in_range_range +R13672 Integers.in_range_range +R13712 Integers.unsigned_range +R13775 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R13778 Integers.unsigned +R13778 Integers.unsigned +R13792 Integers.max_unsigned +R13858 Integers.unsigned_range +R13858 Integers.unsigned_range +R13902 Integers.unsigned_range_2 +R13972 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R13961 Integers.min_signed +R13975 Integers.signed +R13975 Integers.signed +R13987 Integers.max_signed +R14046 Integers.unsigned_range +R14046 Integers.unsigned_range +R14075 Integers.unsigned +R14075 Integers.unsigned +R14104 Coqlib.zlt +R14110 Integers.half_modulus +R14104 Coqlib.zlt +R14110 Integers.half_modulus +R14172 Coq.ZArith.BinInt "x < y" Z_scope +R14161 Integers.min_signed +R14172 Coq.ZArith.BinInt "x < y" Z_scope +R14161 Integers.min_signed +R14259 Coq.ZArith.BinInt "x * y" Z_scope +R14261 Integers.half_modulus +R14243 Integers.modulus +R14259 Coq.ZArith.BinInt "x * y" Z_scope +R14261 Integers.half_modulus +R14243 Integers.modulus +R14301 Coq.ZArith.BinInt "x * y" Z_scope +R14303 Integers.half_modulus +R14285 Integers.modulus +R14301 Coq.ZArith.BinInt "x * y" Z_scope +R14303 Integers.half_modulus +R14285 Integers.modulus +R14391 Coq.Init.Logic "x = y" type_scope +R14373 Integers.repr +R14379 Integers.unsigned +R14443 Integers.mkint_eq +R14443 Integers.mkint_eq +R14461 Coqlib.Zmod_small +R14461 Coqlib.Zmod_small +R14479 Integers.in_range_range +R14479 Integers.in_range_range +R14519 Integers.repr_unsigned +R14588 Coq.Init.Logic "x = y" type_scope +R14572 Integers.repr +R14578 Integers.signed +R14624 Integers.repr +R14630 Integers.unsigned +R14624 Integers.repr +R14630 Integers.unsigned +R14653 Integers.eqm_samerepr +R14653 Integers.eqm_samerepr +R14673 Integers.eqm_signed_unsigned +R14673 Integers.eqm_signed_unsigned +R14728 Integers.repr_unsigned +R14829 Coq.Init.Logic "x = y" type_scope +R14811 Integers.unsigned +R14821 Integers.repr +R14787 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R14795 Integers.max_unsigned +R14890 Coqlib.Zmod_small +R14890 Coqlib.Zmod_small +R14953 Integers.unsigned_repr +R15057 Coq.Init.Logic "x = y" type_scope +R15041 Integers.signed +R15049 Integers.repr +R15019 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R15008 Integers.min_signed +R15027 Integers.max_signed +R15100 Coqlib.zle +R15100 Coqlib.zle +R15128 Integers.unsigned +R15138 Integers.repr +R15128 Integers.unsigned +R15138 Integers.repr +R15165 Coqlib.zlt_true +R15165 Coqlib.zlt_true +R15230 Integers.unsigned_repr +R15230 Integers.unsigned_repr +R15282 Integers.max_signed +R15267 Coq.ZArith.Zorder.Zle_trans +R15282 Integers.max_signed +R15267 Coq.ZArith.Zorder.Zle_trans +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R15349 Coq.ZArith.BinInt "x + y" Z_scope +R15351 Integers.modulus +R15349 Coq.ZArith.BinInt "x + y" Z_scope +R15351 Integers.modulus +R15372 Integers.repr +R15386 Integers.repr +R15372 Integers.repr +R15386 Integers.repr +R15407 Integers.unsigned +R15417 Integers.repr +R15407 Integers.unsigned +R15417 Integers.repr +R15446 Coqlib.zlt_false +R15446 Coqlib.zlt_false +R15549 Coq.ZArith.BinInt "x + y" Z_scope +R15536 Integers.half_modulus +R15551 Integers.half_modulus +R15522 Integers.modulus +R15549 Coq.ZArith.BinInt "x + y" Z_scope +R15536 Integers.half_modulus +R15551 Integers.half_modulus +R15522 Integers.modulus +R15591 Integers.unsigned_repr +R15591 Integers.unsigned_repr +R15705 Coq.ZArith.BinInt "x + y" Z_scope +R15692 Integers.half_modulus +R15707 Integers.half_modulus +R15678 Integers.modulus +R15705 Coq.ZArith.BinInt "x + y" Z_scope +R15692 Integers.half_modulus +R15707 Integers.half_modulus +R15678 Integers.modulus +R15740 Integers.eqm_samerepr +R15740 Integers.eqm_samerepr +R15865 Coq.Init.Logic "x = y" type_scope +R15857 Integers.add +R15867 Integers.repr +R15884 Coq.ZArith.BinInt "x + y" Z_scope +R15873 Integers.unsigned +R15886 Integers.unsigned +R15973 Coq.Init.Logic "x = y" type_scope +R15965 Integers.add +R15975 Integers.repr +R15990 Coq.ZArith.BinInt "x + y" Z_scope +R15981 Integers.signed +R15992 Integers.signed +R16029 Integers.add_unsigned +R16029 Integers.add_unsigned +R16049 Integers.eqm_samerepr +R16049 Integers.eqm_samerepr +R16071 Integers.eqm_add +R16086 Integers.eqm_sym +R16101 Integers.eqm_signed_unsigned +R16071 Integers.eqm_add +R16086 Integers.eqm_sym +R16086 Integers.eqm_sym +R16101 Integers.eqm_signed_unsigned +R16101 Integers.eqm_signed_unsigned +R16168 Coq.Init.Logic "x = y" type_scope +R16160 Integers.add +R16170 Integers.add +R16265 Coq.Init.Logic "x = y" type_scope +R16254 Integers.add +R16260 Integers.zero +R16314 Integers.unsigned +R16324 Integers.repr +R16314 Integers.unsigned +R16324 Integers.repr +R16351 Coq.ZArith.BinInt.Zplus_0_r +R16351 Coq.ZArith.BinInt.Zplus_0_r +R16368 Integers.repr_unsigned +R16368 Integers.repr_unsigned +R16438 Coq.Init.Logic "x = y" type_scope +R16422 Integers.add +R16427 Integers.add +R16440 Integers.add +R16447 Integers.add +R16499 Integers.unsigned +R16499 Integers.unsigned +R16525 Integers.unsigned +R16525 Integers.unsigned +R16551 Integers.unsigned +R16551 Integers.unsigned +R16572 Integers.eqm_samerepr +R16572 Integers.eqm_samerepr +R16619 Coq.ZArith.BinInt "x + y" Z_scope +R16615 Coq.ZArith.BinInt "x + y" Z_scope +R16595 Integers.eqm_trans +R16619 Coq.ZArith.BinInt "x + y" Z_scope +R16615 Coq.ZArith.BinInt "x + y" Z_scope +R16595 Integers.eqm_trans +R16659 Coq.ZArith.BinInt.Zplus_assoc +R16659 Coq.ZArith.BinInt.Zplus_assoc +R16744 Coq.Init.Logic "x = y" type_scope +R16728 Integers.add +R16735 Integers.add +R16746 Integers.add +R16753 Integers.add +R16789 Integers.add_commut +R16789 Integers.add_commut +R16817 Integers.add_assoc +R16817 Integers.add_assoc +R16834 Integers.add_commut +R16834 Integers.add_commut +R16899 Coq.Init.Logic "x = y" type_scope +R16885 Integers.add +R16892 Integers.neg +R16901 Integers.zero +R16953 Integers.eqm_samerepr +R16953 Integers.eqm_samerepr +R16996 Coq.ZArith.BinInt "x + y" Z_scope +R16985 Integers.unsigned +R16999 Coq.ZArith.BinInt "- x" Z_scope +R17002 Integers.unsigned +R16996 Coq.ZArith.BinInt "x + y" Z_scope +R16985 Integers.unsigned +R16999 Coq.ZArith.BinInt "- x" Z_scope +R17002 Integers.unsigned +R17119 Coq.Init.Logic "x = y" type_scope +R17106 Integers.neg +R17111 Integers.repr +R17121 Integers.repr +R17127 Coq.ZArith.BinInt "- x" Z_scope +R17167 Integers.eqm_samerepr +R17167 Integers.eqm_samerepr +R17230 Coq.Init.Logic "x = y" type_scope +R17221 Integers.neg +R17225 Integers.zero +R17232 Integers.zero +R17280 Integers.mkint_eq +R17280 Integers.mkint_eq +R17350 Coq.Init.Logic "x = y" type_scope +R17337 Integers.neg +R17341 Integers.add +R17352 Integers.add +R17365 Integers.neg +R17357 Integers.neg +R17413 Integers.eqm_samerepr +R17413 Integers.eqm_samerepr +R17451 Coq.ZArith.BinInt "- x" Z_scope +R17465 Coq.ZArith.BinInt "x + y" Z_scope +R17454 Integers.unsigned +R17467 Integers.unsigned +R17435 Integers.eqm_trans +R17451 Coq.ZArith.BinInt "- x" Z_scope +R17465 Coq.ZArith.BinInt "x + y" Z_scope +R17454 Integers.unsigned +R17467 Integers.unsigned +R17435 Integers.eqm_trans +R17510 Coq.ZArith.BinInt "- x" Z_scope +R17524 Coq.ZArith.BinInt "x + y" Z_scope +R17513 Integers.unsigned +R17526 Integers.unsigned +R17563 Coq.ZArith.BinInt "x + y" Z_scope +R17551 Coq.ZArith.BinInt "- x" Z_scope +R17553 Integers.unsigned +R17568 Coq.ZArith.BinInt "- x" Z_scope +R17570 Integers.unsigned +R17510 Coq.ZArith.BinInt "- x" Z_scope +R17524 Coq.ZArith.BinInt "x + y" Z_scope +R17513 Integers.unsigned +R17526 Integers.unsigned +R17563 Coq.ZArith.BinInt "x + y" Z_scope +R17551 Coq.ZArith.BinInt "- x" Z_scope +R17553 Integers.unsigned +R17568 Coq.ZArith.BinInt "- x" Z_scope +R17570 Integers.unsigned +R17689 Coq.Init.Logic "x = y" type_scope +R17678 Integers.sub +R17684 Integers.zero +R17731 Integers.unsigned +R17740 Integers.zero +R17731 Integers.unsigned +R17740 Integers.zero +R17776 Coq.ZArith.BinInt "x - y" Z_scope +R17765 Integers.unsigned +R17787 Integers.unsigned +R17776 Coq.ZArith.BinInt "x - y" Z_scope +R17765 Integers.unsigned +R17787 Integers.unsigned +R17806 Integers.repr_unsigned +R17806 Integers.repr_unsigned +R17877 Coq.Init.Logic "x = y" type_scope +R17866 Integers.sub +R17870 Integers.zero +R17879 Integers.neg +R17928 Integers.unsigned +R17937 Integers.zero +R17928 Integers.unsigned +R17937 Integers.zero +R17964 Coq.ZArith.BinInt "x - y" Z_scope +R17966 Integers.unsigned +R17984 Coq.ZArith.BinInt "- x" Z_scope +R17986 Integers.unsigned +R17964 Coq.ZArith.BinInt "x - y" Z_scope +R17966 Integers.unsigned +R17984 Coq.ZArith.BinInt "- x" Z_scope +R17986 Integers.unsigned +R18061 Coq.Init.Logic "x = y" type_scope +R18053 Integers.sub +R18063 Integers.add +R18070 Integers.neg +R18139 Coq.ZArith.BinInt "x - y" Z_scope +R18128 Integers.unsigned +R18141 Integers.unsigned +R18175 Coq.ZArith.BinInt "x + y" Z_scope +R18164 Integers.unsigned +R18178 Coq.ZArith.BinInt "- x" Z_scope +R18180 Integers.unsigned +R18139 Coq.ZArith.BinInt "x - y" Z_scope +R18128 Integers.unsigned +R18141 Integers.unsigned +R18175 Coq.ZArith.BinInt "x + y" Z_scope +R18164 Integers.unsigned +R18178 Coq.ZArith.BinInt "- x" Z_scope +R18180 Integers.unsigned +R18202 Integers.eqm_samerepr +R18202 Integers.eqm_samerepr +R18281 Coq.Init.Logic "x = y" type_scope +R18273 Integers.sub +R18283 Integers.zero +R18338 Coq.ZArith.BinInt "x - y" Z_scope +R18327 Integers.unsigned +R18340 Integers.unsigned +R18338 Coq.ZArith.BinInt "x - y" Z_scope +R18327 Integers.unsigned +R18340 Integers.unsigned +R18437 Coq.Init.Logic "x = y" type_scope +R18421 Integers.sub +R18426 Integers.add +R18439 Integers.add +R18444 Integers.sub +R18488 Integers.sub_add_opp +R18488 Integers.sub_add_opp +R18488 Integers.sub_add_opp +R18488 Integers.sub_add_opp +R18519 Integers.add_assoc +R18519 Integers.add_assoc +R18519 Integers.add_assoc +R18519 Integers.add_assoc +R18543 Integers.add_commut +R18543 Integers.add_commut +R18610 Coq.Init.Logic "x = y" type_scope +R18594 Integers.sub +R18601 Integers.add +R18612 Integers.add +R18627 Integers.neg +R18617 Integers.sub +R18667 Integers.sub_add_opp +R18667 Integers.sub_add_opp +R18667 Integers.sub_add_opp +R18667 Integers.sub_add_opp +R18690 Integers.neg_add_distr +R18690 Integers.neg_add_distr +R18713 Integers.add_permut +R18713 Integers.add_permut +R18731 Integers.add_commut +R18731 Integers.add_commut +R18825 Coq.Init.Logic "x = y" type_scope +R18817 Integers.mul +R18827 Integers.mul +R18924 Coq.Init.Logic "x = y" type_scope +R18913 Integers.mul +R18919 Integers.zero +R18926 Integers.zero +R18969 Integers.unsigned +R18978 Integers.zero +R18969 Integers.unsigned +R18978 Integers.zero +R19063 Coq.Init.Logic "x = y" type_scope +R19053 Integers.mul +R19059 Integers.one +R19105 Integers.unsigned +R19114 Integers.one +R19105 Integers.unsigned +R19114 Integers.one +R19143 Integers.repr +R19149 Integers.unsigned +R19143 Integers.repr +R19149 Integers.unsigned +R19184 Integers.repr_unsigned +R19184 Integers.repr_unsigned +R19254 Coq.Init.Logic "x = y" type_scope +R19238 Integers.mul +R19243 Integers.mul +R19256 Integers.mul +R19263 Integers.mul +R19315 Integers.unsigned +R19315 Integers.unsigned +R19341 Integers.unsigned +R19341 Integers.unsigned +R19367 Integers.unsigned +R19367 Integers.unsigned +R19388 Integers.eqm_samerepr +R19388 Integers.eqm_samerepr +R19432 Coq.ZArith.BinInt "x * y" Z_scope +R19428 Coq.ZArith.BinInt "x * y" Z_scope +R19408 Integers.eqm_trans +R19432 Coq.ZArith.BinInt "x * y" Z_scope +R19428 Coq.ZArith.BinInt "x * y" Z_scope +R19408 Integers.eqm_trans +R19472 Coq.ZArith.BinInt.Zmult_assoc +R19472 Coq.ZArith.BinInt.Zmult_assoc +R19564 Coq.Init.Logic "x = y" type_scope +R19548 Integers.mul +R19553 Integers.add +R19566 Integers.add +R19581 Integers.mul +R19571 Integers.mul +R19633 Integers.eqm_samerepr +R19633 Integers.eqm_samerepr +R19660 Integers.unsigned +R19660 Integers.unsigned +R19686 Integers.unsigned +R19686 Integers.unsigned +R19712 Integers.unsigned +R19712 Integers.unsigned +R19757 Coq.ZArith.BinInt "x * y" Z_scope +R19753 Coq.ZArith.BinInt "x + y" Z_scope +R19733 Integers.eqm_trans +R19757 Coq.ZArith.BinInt "x * y" Z_scope +R19753 Coq.ZArith.BinInt "x + y" Z_scope +R19733 Integers.eqm_trans +R19803 Coq.ZArith.BinInt "x * y" Z_scope +R19799 Coq.ZArith.BinInt "x + y" Z_scope +R19825 Coq.ZArith.BinInt "x + y" Z_scope +R19820 Coq.ZArith.BinInt "x * y" Z_scope +R19830 Coq.ZArith.BinInt "x * y" Z_scope +R19803 Coq.ZArith.BinInt "x * y" Z_scope +R19799 Coq.ZArith.BinInt "x + y" Z_scope +R19825 Coq.ZArith.BinInt "x + y" Z_scope +R19820 Coq.ZArith.BinInt "x * y" Z_scope +R19830 Coq.ZArith.BinInt "x * y" Z_scope +R19926 Coq.Init.Logic "x = y" type_scope +R19910 Integers.mul +R19917 Integers.add +R19928 Integers.add +R19943 Integers.mul +R19933 Integers.mul +R19978 Integers.mul_commut +R19978 Integers.mul_commut +R19998 Integers.mul_add_distr_l +R19998 Integers.mul_add_distr_l +R20031 Integers.mul_commut +R20031 Integers.mul_commut +R20031 Integers.mul_commut +R20098 Coq.Init.Logic "x = y" type_scope +R20085 Integers.neg +R20089 Integers.mul +R20100 Integers.mul +R20105 Integers.neg +R20163 Coq.Init.Logic "x = y" type_scope +R20150 Integers.neg +R20154 Integers.mul +R20165 Integers.mul +R20172 Integers.neg +R20326 Coq.Init.Logic "x = y" type_scope +R20268 Integers.Z_shift_add +R20304 Coq.Init.Datatypes.snd +R20309 Integers.Z_bin_decomp +R20281 Coq.Init.Datatypes.fst +R20286 Integers.Z_bin_decomp +R20469 Coq.Init.Logic "x = y" type_scope +R20465 Coq.ZArith.BinInt "x - y" Z_scope +R20455 Coq.ZArith.BinInt "x * y" Z_scope +R20460 Coq.ZArith.BinInt "x + y" Z_scope +R20477 Coq.ZArith.BinInt "x + y" Z_scope +R20473 Coq.ZArith.BinInt "x * y" Z_scope +R20469 Coq.Init.Logic "x = y" type_scope +R20465 Coq.ZArith.BinInt "x - y" Z_scope +R20455 Coq.ZArith.BinInt "x * y" Z_scope +R20460 Coq.ZArith.BinInt "x + y" Z_scope +R20477 Coq.ZArith.BinInt "x + y" Z_scope +R20473 Coq.ZArith.BinInt "x * y" Z_scope +R20514 Coq.ZArith.BinInt.Zpos +R20514 Coq.ZArith.BinInt.Zpos +R20645 Coq.Init.Logic "A /\ B" type_scope +R20640 Coq.Init.Logic "x = y" type_scope +R20651 Coq.Init.Logic "x = y" type_scope +R20614 Coq.Init.Logic "x = y" type_scope +R20596 Integers.Z_shift_add +R20616 Integers.Z_shift_add +R20913 Coq.Init.Logic "x = y" type_scope +R20898 Integers.Z_of_bits +R20915 Integers.Z_of_bits +R20885 Coq.Init.Logic "x = y" type_scope +R20859 Coq.ZArith.BinInt "x <= y < z" Z_scope +R20866 Coq.ZArith.BinInt.Z_of_nat +R20993 Coq.ZArith.Znat.inj_S +R20993 Coq.ZArith.Znat.inj_S +R21121 Integers.eqm +R21126 Integers.Z_of_bits +R21146 Integers.bits_of_Z +R21156 Integers.wordsize +R21136 Integers.wordsize +R21201 Coq.Init.Logic "'exists' x , p" type_scope +R21243 Coq.Init.Logic "x = y" type_scope +R21215 Integers.Z_of_bits +R21228 Integers.bits_of_Z +R21265 Coq.ZArith.BinInt "x + y" Z_scope +R21247 Coq.ZArith.BinInt "x * y" Z_scope +R21249 Coq.ZArith.Zpower.two_power_nat +R21201 Coq.Init.Logic "'exists' x , p" type_scope +R21243 Coq.Init.Logic "x = y" type_scope +R21215 Integers.Z_of_bits +R21228 Integers.bits_of_Z +R21265 Coq.ZArith.BinInt "x + y" Z_scope +R21247 Coq.ZArith.BinInt "x * y" Z_scope +R21249 Coq.ZArith.Zpower.two_power_nat +R21304 Coqlib.two_power_nat_O +R21304 Coqlib.two_power_nat_O +R21336 Coq.ZArith.BinInt "- x" Z_scope +R21336 Coq.ZArith.BinInt "- x" Z_scope +R21358 Coq.ZArith.Zpower.two_power_nat_S +R21358 Coq.ZArith.Zpower.two_power_nat_S +R21392 Integers.Z_bin_decomp +R21392 Integers.Z_bin_decomp +R21444 Integers.Z_of_bits +R21469 Coqlib.zeq +R21476 Coq.ZArith.BinInt "x + y" Z_scope +R21495 Integers.bits_of_Z +R21516 Coq.ZArith.BinInt "x - y" Z_scope +R21512 Coq.ZArith.BinInt "x + y" Z_scope +R21534 Integers.Z_of_bits +R21547 Integers.bits_of_Z +R21444 Integers.Z_of_bits +R21469 Coqlib.zeq +R21476 Coq.ZArith.BinInt "x + y" Z_scope +R21495 Integers.bits_of_Z +R21516 Coq.ZArith.BinInt "x - y" Z_scope +R21512 Coq.ZArith.BinInt "x + y" Z_scope +R21534 Integers.Z_of_bits +R21547 Integers.bits_of_Z +R21622 Integers.Z_shift_add_bin_decomp +R21622 Integers.Z_shift_add_bin_decomp +R21730 Integers.Z_of_bits_exten +R21730 Integers.Z_of_bits_exten +R21765 Coqlib.zeq_false +R21765 Coqlib.zeq_false +R21816 Integers.wordsize +R21816 Integers.wordsize +R21887 Coq.Init.Logic "x = y" type_scope +R21871 Integers.bits_of_Z +R21889 Coq.Init.Datatypes.false +R21949 Coqlib.zeq +R21949 Coqlib.zeq +R22047 Coq.Init.Logic "x = y" type_scope +R22022 Integers.Z_bin_decomp +R22042 Coq.ZArith.BinInt "x - y" Z_scope +R22038 Coq.ZArith.BinInt "x * y" Z_scope +R22049 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22050 Coq.Init.Datatypes.true +R22058 Coq.ZArith.BinInt "x - y" Z_scope +R22089 Integers.Z_bin_decomp +R22109 Coq.ZArith.BinInt "x - y" Z_scope +R22105 Coq.ZArith.BinInt "x * y" Z_scope +R22089 Integers.Z_bin_decomp +R22109 Coq.ZArith.BinInt "x - y" Z_scope +R22105 Coq.ZArith.BinInt "x * y" Z_scope +R22145 Integers.Z_shift_add_bin_decomp +R22175 Coq.ZArith.BinInt "x - y" Z_scope +R22171 Coq.ZArith.BinInt "x * y" Z_scope +R22145 Integers.Z_shift_add_bin_decomp +R22175 Coq.ZArith.BinInt "x - y" Z_scope +R22171 Coq.ZArith.BinInt "x * y" Z_scope +R22220 Coq.ZArith.BinInt "x - y" Z_scope +R22216 Coq.ZArith.BinInt "x * y" Z_scope +R22231 Integers.Z_shift_add +R22251 Coq.ZArith.BinInt "x - y" Z_scope +R22243 Coq.Init.Datatypes.true +R22220 Coq.ZArith.BinInt "x - y" Z_scope +R22216 Coq.ZArith.BinInt "x * y" Z_scope +R22231 Integers.Z_shift_add +R22251 Coq.ZArith.BinInt "x - y" Z_scope +R22243 Coq.Init.Datatypes.true +R22273 Integers.Z_shift_add_inj +R22273 Integers.Z_shift_add_inj +R22456 Coq.Init.Logic "x = y" type_scope +R22420 Integers.bits_of_Z +R22449 Coq.ZArith.BinInt "x - y" Z_scope +R22433 Coq.ZArith.Zpower.two_power_nat +R22458 Coq.Init.Datatypes.true +R22396 Coq.ZArith.BinInt "x <= y < z" Z_scope +R22403 Coq.ZArith.BinInt.Z_of_nat +R22553 Integers.bits_of_Z +R22553 Integers.bits_of_Z +R22574 Coq.ZArith.Zpower.two_power_nat_S +R22574 Coq.ZArith.Zpower.two_power_nat_S +R22599 Integers.Z_bin_decomp_2xm1 +R22599 Integers.Z_bin_decomp_2xm1 +R22628 Coq.ZArith.Znat.inj_S +R22628 Coq.ZArith.Znat.inj_S +R22646 Coqlib.zeq +R22646 Coqlib.zeq +R22771 Coq.Init.Logic "x = y" type_scope +R22740 Integers.Z_bin_decomp +R22754 Integers.Z_shift_add +R22773 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22806 Integers.Z_bin_decomp +R22820 Integers.Z_shift_add +R22806 Integers.Z_bin_decomp +R22820 Integers.Z_shift_add +R22870 Integers.Z_shift_add_bin_decomp +R22894 Integers.Z_shift_add +R22870 Integers.Z_shift_add_bin_decomp +R22894 Integers.Z_shift_add +R22933 Coq.Init.Datatypes.fst +R22944 Coq.Init.Datatypes.snd +R22933 Coq.Init.Datatypes.fst +R22944 Coq.Init.Datatypes.snd +R22964 Integers.Z_shift_add_inj +R22964 Integers.Z_shift_add_inj +R23118 Coq.Init.Logic "x = y" type_scope +R23088 Integers.bits_of_Z +R23101 Integers.Z_of_bits +R23065 Coq.ZArith.BinInt "x <= y < z" Z_scope +R23072 Coq.ZArith.BinInt.Z_of_nat +R23206 Integers.Z_bin_decomp_shift_add +R23206 Integers.Z_bin_decomp_shift_add +R23238 Coqlib.zeq +R23238 Coqlib.zeq +R23306 Coq.ZArith.Znat.inj_S +R23306 Coq.ZArith.Znat.inj_S +R23370 Coq.ZArith.BinInt "x <= y < z" Z_scope +R23373 Integers.Z_of_bits +R23383 Integers.wordsize +R23373 Integers.Z_of_bits +R23383 Integers.wordsize +R23396 Integers.modulus +R23457 Integers.wordsize +R23457 Integers.wordsize +R23505 Coqlib.two_power_nat_O +R23505 Coqlib.two_power_nat_O +R23539 Coq.ZArith.Zpower.two_power_nat_S +R23539 Coq.ZArith.Zpower.two_power_nat_S +R23587 Coq.ZArith.BinInt "x + y" Z_scope +R23587 Coq.ZArith.BinInt "x + y" Z_scope +R23607 Integers.Z_of_bits +R23634 Coq.ZArith.BinInt "x + y" Z_scope +R23607 Integers.Z_of_bits +R23634 Coq.ZArith.BinInt "x + y" Z_scope +R23712 Integers.Z_of_bits_range +R23775 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R23778 Integers.Z_of_bits +R23788 Integers.wordsize +R23778 Integers.Z_of_bits +R23788 Integers.wordsize +R23802 Integers.max_unsigned +R23868 Integers.Z_of_bits_range +R23868 Integers.Z_of_bits_range +R23913 Integers.Z_of_bits_range_2 +R24003 Coq.Init.Logic "x = y" type_scope +R23987 Integers.bits_of_Z +R24005 Coq.Init.Datatypes.false +R23980 Coq.ZArith.BinInt "x < y" Z_scope +R24076 Integers.Z_bin_decomp +R24076 Integers.Z_bin_decomp +R24101 Coqlib.zeq_false +R24101 Coqlib.zeq_false +R24219 Coq.Init.Logic "x = y" type_scope +R24203 Integers.bits_of_Z +R24221 Coq.Init.Datatypes.false +R24186 Coq.ZArith.BinInt "x >= y" Z_scope +R24189 Coq.ZArith.BinInt.Z_of_nat +R24292 Integers.Z_bin_decomp +R24292 Integers.Z_bin_decomp +R24317 Coqlib.zeq_false +R24317 Coqlib.zeq_false +R24349 Coq.ZArith.Znat.inj_S +R24349 Coq.ZArith.Znat.inj_S +R24376 Coq.ZArith.Znat.inj_S +R24376 Coq.ZArith.Znat.inj_S +R24604 Coq.Init.Logic "x = y" type_scope +R24588 Coq.ZArith.BinInt "x + y" Z_scope +R24574 Integers.Z_of_bits +R24590 Integers.Z_of_bits +R24606 Integers.Z_of_bits +R24562 Coq.Init.Logic "x = y" type_scope +R24555 Coq.Bool.Bool "x || y" bool_scope +R24530 Coq.ZArith.BinInt "x <= y < z" Z_scope +R24537 Coq.ZArith.BinInt.Z_of_nat +R24503 Coq.Init.Logic "x = y" type_scope +R24496 Coq.Bool.Bool "x && y" bool_scope +R24505 Coq.Init.Datatypes.false +R24471 Coq.ZArith.BinInt "x <= y < z" Z_scope +R24478 Coq.ZArith.BinInt.Z_of_nat +R24691 Coq.ZArith.Znat.inj_S +R24691 Coq.ZArith.Znat.inj_S +R24711 Coq.ZArith.Znat.inj_S +R24711 Coq.ZArith.Znat.inj_S +R24791 Coq.ZArith.BinInt "x + y" Z_scope +R24773 Coq.ZArith.BinInt "x + y" Z_scope +R24755 Coq.ZArith.BinInt "x + y" Z_scope +R24791 Coq.ZArith.BinInt "x + y" Z_scope +R24773 Coq.ZArith.BinInt "x + y" Z_scope +R24755 Coq.ZArith.BinInt "x + y" Z_scope +R24810 Coq.ZArith.BinInt "x <= y < z" Z_scope +R24817 Coq.ZArith.BinInt.Zsucc +R24823 Coq.ZArith.BinInt.Z_of_nat +R24810 Coq.ZArith.BinInt "x <= y < z" Z_scope +R24817 Coq.ZArith.BinInt.Zsucc +R24823 Coq.ZArith.BinInt.Z_of_nat +R24901 Integers.Z_of_bits +R24927 Coq.ZArith.BinInt "x + y" Z_scope +R24901 Integers.Z_of_bits +R24927 Coq.ZArith.BinInt "x + y" Z_scope +R24947 Integers.Z_of_bits +R24973 Coq.ZArith.BinInt "x + y" Z_scope +R24947 Integers.Z_of_bits +R24973 Coq.ZArith.BinInt "x + y" Z_scope +R25301 Coq.Init.Logic "x = y" type_scope +R25281 Integers.bitwise_binop +R25303 Integers.bitwise_binop +R25253 Coq.Init.Logic "x = y" type_scope +R25378 Integers.Z_of_bits_exten +R25378 Integers.Z_of_bits_exten +R25559 Coq.Init.Logic "x = y" type_scope +R25519 Integers.bitwise_binop +R25536 Integers.bitwise_binop +R25563 Integers.bitwise_binop +R25582 Integers.bitwise_binop +R25483 Coq.Init.Logic "x = y" type_scope +R25660 Integers.unsigned_repr +R25660 Integers.unsigned_repr +R25660 Integers.unsigned_repr +R25660 Integers.unsigned_repr +R25660 Integers.unsigned_repr +R25660 Integers.unsigned_repr +R25706 Integers.Z_of_bits_exten +R25706 Integers.Z_of_bits_exten +R25749 Integers.bits_of_Z_of_bits +R25749 Integers.bits_of_Z_of_bits +R25749 Integers.bits_of_Z_of_bits +R25880 Coq.Init.Logic "x = y" type_scope +R25860 Integers.bitwise_binop +R25838 Coq.Init.Logic "x = y" type_scope +R25940 Integers.repr +R25946 Integers.Z_of_bits +R25966 Integers.bits_of_Z +R25986 Integers.unsigned +R25976 Integers.wordsize +R25956 Integers.wordsize +R25940 Integers.repr +R25946 Integers.Z_of_bits +R25966 Integers.bits_of_Z +R25986 Integers.unsigned +R25976 Integers.wordsize +R25956 Integers.wordsize +R26017 Integers.Z_of_bits_exten +R26017 Integers.Z_of_bits_exten +R26064 Integers.repr +R26070 Integers.unsigned +R26064 Integers.repr +R26070 Integers.unsigned +R26092 Integers.eqm_samerepr +R26092 Integers.eqm_samerepr +R26112 Integers.Z_of_bits_of_Z +R26112 Integers.Z_of_bits_of_Z +R26134 Integers.repr_unsigned +R26134 Integers.repr_unsigned +R26228 Coq.Init.Logic "x = y" type_scope +R26220 Integers.and +R26230 Integers.and +R26246 Integers.bitwise_binop_commut +R26272 Coq.Bool.Bool.andb_comm +R26267 Coq.Bool.Bool.andb +R26334 Coq.Init.Logic "x = y" type_scope +R26318 Integers.and +R26323 Integers.and +R26336 Integers.and +R26343 Integers.and +R26360 Integers.bitwise_binop_assoc +R26385 Coq.Bool.Bool.andb_assoc +R26380 Coq.Bool.Bool.andb +R26438 Coq.Init.Logic "x = y" type_scope +R26427 Integers.and +R26433 Integers.zero +R26440 Integers.zero +R26513 Integers.repr +R26519 Integers.Z_of_bits +R26539 Integers.bits_of_Z +R26549 Integers.wordsize +R26529 Integers.wordsize +R26513 Integers.repr +R26519 Integers.Z_of_bits +R26539 Integers.bits_of_Z +R26549 Integers.wordsize +R26529 Integers.wordsize +R26579 Integers.Z_of_bits_exten +R26579 Integers.Z_of_bits_exten +R26614 Integers.unsigned +R26624 Integers.repr +R26614 Integers.unsigned +R26624 Integers.repr +R26651 Integers.bits_of_Z_zero +R26651 Integers.bits_of_Z_zero +R26673 Coq.Bool.Bool.andb_b_false +R26673 Coq.Bool.Bool.andb_b_false +R26743 Coq.Init.Logic "x = y" type_scope +R26738 Integers.mone +R26745 Integers.repr +R26750 Integers.max_unsigned +R26792 Integers.eqm_samerepr +R26792 Integers.eqm_samerepr +R26894 Coq.Init.Logic "x = y" type_scope +R26883 Integers.and +R26889 Integers.mone +R26954 Integers.mone_max_unsigned +R26954 Integers.mone_max_unsigned +R27019 Integers.repr +R27025 Integers.Z_of_bits +R27045 Integers.bits_of_Z +R27065 Integers.unsigned +R27055 Integers.wordsize +R27035 Integers.wordsize +R27019 Integers.repr +R27025 Integers.Z_of_bits +R27045 Integers.bits_of_Z +R27065 Integers.unsigned +R27055 Integers.wordsize +R27035 Integers.wordsize +R27096 Integers.Z_of_bits_exten +R27096 Integers.Z_of_bits_exten +R27131 Integers.unsigned_repr +R27131 Integers.unsigned_repr +R27154 Integers.bits_of_Z_mone +R27154 Integers.bits_of_Z_mone +R27179 Coq.Bool.Bool.andb_b_true +R27179 Coq.Bool.Bool.andb_b_true +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R27246 Integers.repr +R27252 Integers.unsigned +R27246 Integers.repr +R27252 Integers.unsigned +R27275 Integers.eqm_samerepr +R27275 Integers.eqm_samerepr +R27295 Integers.Z_of_bits_of_Z +R27295 Integers.Z_of_bits_of_Z +R27319 Integers.repr_unsigned +R27319 Integers.repr_unsigned +R27376 Coq.Init.Logic "x = y" type_scope +R27368 Integers.and +R27415 Coq.Init.Logic "x = y" type_scope +R27410 Coq.Bool.Bool "x && y" bool_scope +R27415 Coq.Init.Logic "x = y" type_scope +R27410 Coq.Bool.Bool "x && y" bool_scope +R27459 Integers.bitwise_binop_idem +R27478 Coq.Bool.Bool.andb +R27459 Integers.bitwise_binop_idem +R27478 Coq.Bool.Bool.andb +R27563 Coq.Init.Logic "x = y" type_scope +R27556 Integers.or +R27565 Integers.or +R27580 Integers.bitwise_binop_commut +R27605 Coq.Bool.Bool.orb_comm +R27601 Coq.Bool.Bool.orb +R27663 Coq.Init.Logic "x = y" type_scope +R27649 Integers.or +R27653 Integers.or +R27665 Integers.or +R27671 Integers.or +R27687 Integers.bitwise_binop_assoc +R27711 Coq.Bool.Bool.orb_assoc +R27707 Coq.Bool.Bool.orb +R27761 Coq.Init.Logic "x = y" type_scope +R27751 Integers.or +R27756 Integers.zero +R27832 Integers.repr +R27838 Integers.Z_of_bits +R27858 Integers.bits_of_Z +R27878 Integers.unsigned +R27868 Integers.wordsize +R27848 Integers.wordsize +R27832 Integers.repr +R27838 Integers.Z_of_bits +R27858 Integers.bits_of_Z +R27878 Integers.unsigned +R27868 Integers.wordsize +R27848 Integers.wordsize +R27909 Integers.Z_of_bits_exten +R27909 Integers.Z_of_bits_exten +R27944 Integers.unsigned +R27954 Integers.repr +R27944 Integers.unsigned +R27954 Integers.repr +R27981 Integers.bits_of_Z_zero +R27981 Integers.bits_of_Z_zero +R28003 Coq.Bool.Bool.orb_b_false +R28003 Coq.Bool.Bool.orb_b_false +R28032 Integers.repr +R28038 Integers.unsigned +R28032 Integers.repr +R28038 Integers.unsigned +R28076 Integers.eqm_samerepr +R28076 Integers.eqm_samerepr +R28096 Integers.Z_of_bits_of_Z +R28096 Integers.Z_of_bits_of_Z +R28155 Coq.Init.Logic "x = y" type_scope +R28145 Integers.or +R28150 Integers.mone +R28157 Integers.mone +R28180 Integers.mone_max_unsigned +R28180 Integers.mone_max_unsigned +R28262 Integers.Z_of_bits +R28282 Integers.bits_of_Z +R28301 Integers.max_unsigned +R28292 Integers.wordsize +R28272 Integers.wordsize +R28262 Integers.Z_of_bits +R28282 Integers.bits_of_Z +R28301 Integers.max_unsigned +R28292 Integers.wordsize +R28272 Integers.wordsize +R28325 Integers.Z_of_bits_exten +R28325 Integers.Z_of_bits_exten +R28395 Integers.max_unsigned +R28360 Integers.unsigned +R28370 Integers.repr +R28375 Integers.max_unsigned +R28395 Integers.max_unsigned +R28360 Integers.unsigned +R28370 Integers.repr +R28375 Integers.max_unsigned +R28449 Integers.bits_of_Z_mone +R28449 Integers.bits_of_Z_mone +R28479 Coq.Bool.Bool.orb_b_true +R28479 Coq.Bool.Bool.orb_b_true +R28500 Integers.eqm_small_eq +R28500 Integers.eqm_small_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R28601 Coq.Init.Logic "x = y" type_scope +R28594 Integers.or +R28640 Coq.Init.Logic "x = y" type_scope +R28635 Coq.Bool.Bool "x || y" bool_scope +R28640 Coq.Init.Logic "x = y" type_scope +R28635 Coq.Bool.Bool "x || y" bool_scope +R28684 Integers.bitwise_binop_idem +R28703 Coq.Bool.Bool.orb +R28684 Integers.bitwise_binop_idem +R28703 Coq.Bool.Bool.orb +R28774 Coq.Init.Logic "x = y" type_scope +R28759 Integers.and +R28766 Integers.or +R28776 Integers.or +R28790 Integers.and +R28780 Integers.and +R28872 Integers.unsigned_repr +R28872 Integers.unsigned_repr +R28872 Integers.unsigned_repr +R28872 Integers.unsigned_repr +R28872 Integers.unsigned_repr +R28872 Integers.unsigned_repr +R28872 Integers.unsigned_repr +R28872 Integers.unsigned_repr +R28911 Integers.Z_of_bits_exten +R28911 Integers.Z_of_bits_exten +R28953 Integers.bits_of_Z_of_bits +R28953 Integers.bits_of_Z_of_bits +R28953 Integers.bits_of_Z_of_bits +R28953 Integers.bits_of_Z_of_bits +R28953 Integers.bits_of_Z_of_bits +R28953 Integers.bits_of_Z_of_bits +R28953 Integers.bits_of_Z_of_bits +R28953 Integers.bits_of_Z_of_bits +R28986 Coq.Bool.Bool.demorgan1 +R28986 Coq.Bool.Bool.demorgan1 +R29078 Coq.Init.Logic "x = y" type_scope +R29070 Integers.xor +R29080 Integers.xor +R29096 Integers.bitwise_binop_commut +R29122 Coq.Bool.Bool.xorb_comm +R29117 Coq.Bool.Bool.xorb +R29184 Coq.Init.Logic "x = y" type_scope +R29168 Integers.xor +R29173 Integers.xor +R29186 Integers.xor +R29193 Integers.xor +R29252 Coq.Init.Logic "x = y" type_scope +R29234 Coq.Bool.Bool.xorb +R29242 Coq.Bool.Bool.xorb +R29254 Coq.Bool.Bool.xorb +R29260 Coq.Bool.Bool.xorb +R29252 Coq.Init.Logic "x = y" type_scope +R29234 Coq.Bool.Bool.xorb +R29242 Coq.Bool.Bool.xorb +R29254 Coq.Bool.Bool.xorb +R29260 Coq.Bool.Bool.xorb +R29292 Coq.Bool.Bool.xorb_assoc +R29292 Coq.Bool.Bool.xorb_assoc +R29313 Integers.bitwise_binop_assoc +R29333 Coq.Bool.Bool.xorb +R29313 Integers.bitwise_binop_assoc +R29333 Coq.Bool.Bool.xorb +R29387 Coq.Init.Logic "x = y" type_scope +R29376 Integers.xor +R29382 Integers.zero +R29459 Integers.repr +R29465 Integers.Z_of_bits +R29485 Integers.bits_of_Z +R29505 Integers.unsigned +R29495 Integers.wordsize +R29475 Integers.wordsize +R29459 Integers.repr +R29465 Integers.Z_of_bits +R29485 Integers.bits_of_Z +R29505 Integers.unsigned +R29495 Integers.wordsize +R29475 Integers.wordsize +R29536 Integers.Z_of_bits_exten +R29536 Integers.Z_of_bits_exten +R29571 Integers.unsigned +R29581 Integers.repr +R29571 Integers.unsigned +R29581 Integers.repr +R29608 Integers.bits_of_Z_zero +R29608 Integers.bits_of_Z_zero +R29630 Coq.Bool.Bool.xorb_false +R29630 Coq.Bool.Bool.xorb_false +R29658 Integers.repr +R29664 Integers.unsigned +R29658 Integers.repr +R29664 Integers.unsigned +R29702 Integers.eqm_samerepr +R29702 Integers.eqm_samerepr +R29722 Integers.Z_of_bits_of_Z +R29722 Integers.Z_of_bits_of_Z +R29779 Coq.Init.Logic "x = y" type_scope +R29766 Integers.xor +R29775 Integers.one +R29770 Integers.zero +R29781 Integers.one +R29845 Coq.Init.Logic "x = y" type_scope +R29833 Integers.xor +R29841 Integers.one +R29837 Integers.one +R29847 Integers.zero +R29938 Coq.Init.Logic "x = y" type_scope +R29922 Integers.and +R29929 Integers.xor +R29940 Integers.xor +R29955 Integers.and +R29945 Integers.and +R30038 Integers.unsigned_repr +R30038 Integers.unsigned_repr +R30038 Integers.unsigned_repr +R30038 Integers.unsigned_repr +R30038 Integers.unsigned_repr +R30038 Integers.unsigned_repr +R30038 Integers.unsigned_repr +R30038 Integers.unsigned_repr +R30077 Integers.Z_of_bits_exten +R30077 Integers.Z_of_bits_exten +R30119 Integers.bits_of_Z_of_bits +R30119 Integers.bits_of_Z_of_bits +R30119 Integers.bits_of_Z_of_bits +R30119 Integers.bits_of_Z_of_bits +R30119 Integers.bits_of_Z_of_bits +R30119 Integers.bits_of_Z_of_bits +R30119 Integers.bits_of_Z_of_bits +R30119 Integers.bits_of_Z_of_bits +R30184 Coq.Init.Logic "x = y" type_scope +R30170 Coq.Bool.Bool "x && y" bool_scope +R30174 Coq.Bool.Bool.xorb +R30186 Coq.Bool.Bool.xorb +R30203 Coq.Bool.Bool "x && y" bool_scope +R30194 Coq.Bool.Bool "x && y" bool_scope +R30184 Coq.Init.Logic "x = y" type_scope +R30170 Coq.Bool.Bool "x && y" bool_scope +R30174 Coq.Bool.Bool.xorb +R30186 Coq.Bool.Bool.xorb +R30203 Coq.Bool.Bool "x && y" bool_scope +R30194 Coq.Bool.Bool "x && y" bool_scope +R30359 Coq.Init.Logic "'exists' x , p" type_scope +R30404 Coq.Init.Logic "x = y" type_scope +R30371 Integers.Z_of_bits +R30398 Coq.ZArith.BinInt "x - y" Z_scope +R30430 Coq.ZArith.BinInt "x + y" Z_scope +R30412 Coq.ZArith.BinInt "x * y" Z_scope +R30414 Coq.ZArith.Zpower.two_power_nat +R30432 Integers.Z_shift_add +R30454 Integers.Z_of_bits +R30517 Coqlib.two_power_nat_O +R30517 Coqlib.two_power_nat_O +R30631 Coq.ZArith.Zpower.two_power_nat_S +R30631 Coq.ZArith.Zpower.two_power_nat_S +R30683 Coq.ZArith.BinInt "x + y" Z_scope +R30683 Coq.ZArith.BinInt "x + y" Z_scope +R30716 Integers.Z_of_bits +R30747 Coq.ZArith.BinInt "x + y" Z_scope +R30743 Coq.ZArith.BinInt "x - y" Z_scope +R30765 Integers.Z_of_bits +R30796 Coq.ZArith.BinInt "x - y" Z_scope +R30792 Coq.ZArith.BinInt "x + y" Z_scope +R30716 Integers.Z_of_bits +R30747 Coq.ZArith.BinInt "x + y" Z_scope +R30743 Coq.ZArith.BinInt "x - y" Z_scope +R30765 Integers.Z_of_bits +R30796 Coq.ZArith.BinInt "x - y" Z_scope +R30792 Coq.ZArith.BinInt "x + y" Z_scope +R30837 Coq.ZArith.BinInt "x + y" Z_scope +R30837 Coq.ZArith.BinInt "x + y" Z_scope +R30934 Integers.Z_of_bits_exten +R30934 Integers.Z_of_bits_exten +R31071 Integers.eqm +R31132 Coq.ZArith.BinInt "x * y" Z_scope +R31124 Coq.ZArith.Zpower.two_p +R31134 Integers.Z_of_bits +R31144 Integers.wordsize +R31076 Integers.Z_of_bits +R31110 Coq.ZArith.BinInt "x - y" Z_scope +R31086 Integers.wordsize +R31057 Coq.Init.Logic "x = y" type_scope +R31059 Coq.Init.Datatypes.false +R31046 Coq.ZArith.BinInt "x < y" Z_scope +R31023 Coq.ZArith.BinInt "x <= y" Z_scope +R31191 Coq.ZArith.Wf_Z.natlike_ind +R31191 Coq.ZArith.Wf_Z.natlike_ind +R31212 Integers.eqm_refl2 +R31212 Integers.eqm_refl2 +R31237 Integers.Z_of_bits +R31247 Integers.wordsize +R31237 Integers.Z_of_bits +R31247 Integers.wordsize +R31268 Integers.Z_of_bits_exten +R31268 Integers.Z_of_bits_exten +R31315 Coq.ZArith.Zpower.two_p +R31315 Coq.ZArith.Zpower.two_p +R31347 Coq.ZArith.Zpower.two_p_S +R31347 Coq.ZArith.Zpower.two_p_S +R31389 Coq.ZArith.BinInt "x - y" Z_scope +R31389 Coq.ZArith.BinInt "x - y" Z_scope +R31420 Integers.Z_of_bits +R31455 Coq.ZArith.BinInt "x - y" Z_scope +R31430 Integers.wordsize +R31404 Integers.eqm_trans +R31420 Integers.Z_of_bits +R31455 Coq.ZArith.BinInt "x - y" Z_scope +R31430 Integers.wordsize +R31404 Integers.eqm_trans +R31471 Integers.eqm_refl2 +R31471 Integers.eqm_refl2 +R31488 Integers.Z_of_bits_exten +R31488 Integers.Z_of_bits_exten +R31564 Integers.Z_shift_add +R31587 Integers.Z_of_bits +R31597 Integers.wordsize +R31548 Integers.eqm_trans +R31564 Integers.Z_shift_add +R31587 Integers.Z_of_bits +R31597 Integers.wordsize +R31548 Integers.eqm_trans +R31621 Integers.Z_of_bits_shift +R31637 Integers.wordsize +R31621 Integers.Z_of_bits_shift +R31637 Integers.wordsize +R31710 Coq.ZArith.BinInt.Zmult_assoc +R31710 Coq.ZArith.BinInt.Zmult_assoc +R31729 Integers.eqm_mult +R31729 Integers.eqm_mult +R31745 Integers.eqm_refl +R31745 Integers.eqm_refl +R31837 Coq.Init.Logic "x = y" type_scope +R31829 Integers.shl +R31839 Integers.mul +R31846 Integers.repr +R31852 Coq.ZArith.Zpower.two_p +R31859 Integers.unsigned +R31917 Integers.eqm_samerepr +R31917 Integers.eqm_samerepr +R31941 Integers.eqm_trans +R31941 Integers.eqm_trans +R31960 Integers.Z_of_bits_shifts +R31960 Integers.Z_of_bits_shifts +R31992 Integers.unsigned_range +R31992 Integers.unsigned_range +R32034 Integers.bits_of_Z_below +R32034 Integers.bits_of_Z_below +R32067 Coq.ZArith.BinInt.Zmult_comm +R32067 Coq.ZArith.BinInt.Zmult_comm +R32085 Integers.eqm_mult +R32085 Integers.eqm_mult +R32103 Integers.Z_of_bits_of_Z +R32103 Integers.Z_of_bits_of_Z +R32125 Integers.eqm_unsigned_repr +R32125 Integers.eqm_unsigned_repr +R32189 Coq.Init.Logic "x = y" type_scope +R32178 Integers.shl +R32184 Integers.zero +R32219 Integers.shl_mul_two_p +R32219 Integers.shl_mul_two_p +R32280 Integers.one +R32245 Integers.repr +R32251 Coq.ZArith.Zpower.two_p +R32258 Integers.unsigned +R32267 Integers.zero +R32280 Integers.one +R32245 Integers.repr +R32251 Coq.ZArith.Zpower.two_p +R32258 Integers.unsigned +R32267 Integers.zero +R32293 Integers.mul_one +R32293 Integers.mul_one +R32349 Coq.Init.Logic "x = y" type_scope +R32341 Integers.shl +R32351 Integers.mul +R32358 Integers.shl +R32362 Integers.one +R32408 Coq.Init.Logic "x = y" type_scope +R32398 Integers.shl +R32402 Integers.one +R32410 Integers.repr +R32416 Coq.ZArith.Zpower.two_p +R32423 Integers.unsigned +R32408 Coq.Init.Logic "x = y" type_scope +R32398 Integers.shl +R32402 Integers.one +R32410 Integers.repr +R32416 Coq.ZArith.Zpower.two_p +R32423 Integers.unsigned +R32448 Integers.shl_mul_two_p +R32448 Integers.shl_mul_two_p +R32471 Integers.mul_commut +R32471 Integers.mul_commut +R32491 Integers.mul_one +R32491 Integers.mul_one +R32525 Integers.shl_mul_two_p +R32525 Integers.shl_mul_two_p +R32633 Coq.Init.Logic "x = y" type_scope +R32625 Integers.shl +R32635 Integers.rolm +R32645 Integers.shl +R32649 Integers.mone +R32613 Coq.Init.Logic "x = y" type_scope +R32580 Integers.ltu +R32587 Integers.repr +R32593 Coq.ZArith.BinInt.Z_of_nat +R32602 Integers.wordsize +R32615 Coq.Init.Datatypes.true +R32702 Integers.unsigned_repr +R32702 Integers.unsigned_repr +R32723 Coqlib.zlt +R32741 Coq.ZArith.BinInt.Z_of_nat +R32750 Integers.wordsize +R32728 Integers.unsigned +R32723 Coqlib.zlt +R32741 Coq.ZArith.BinInt.Z_of_nat +R32750 Integers.wordsize +R32728 Integers.unsigned +R32836 Integers.Z_of_bits_exten +R32836 Integers.Z_of_bits_exten +R32878 Integers.unsigned_repr +R32878 Integers.unsigned_repr +R32878 Integers.unsigned_repr +R32878 Integers.unsigned_repr +R32878 Integers.unsigned_repr +R32878 Integers.unsigned_repr +R32926 Integers.bits_of_Z_of_bits +R32926 Integers.bits_of_Z_of_bits +R32926 Integers.bits_of_Z_of_bits +R32926 Integers.bits_of_Z_of_bits +R32926 Integers.bits_of_Z_of_bits +R32926 Integers.bits_of_Z_of_bits +R32960 Coqlib.zlt +R32967 Integers.unsigned +R32960 Coqlib.zlt +R32967 Integers.unsigned +R33017 Coq.ZArith.BinInt "x < y" Z_scope +R33004 Coq.ZArith.BinInt "x - y" Z_scope +R33006 Integers.unsigned +R33017 Coq.ZArith.BinInt "x < y" Z_scope +R33004 Coq.ZArith.BinInt "x - y" Z_scope +R33006 Integers.unsigned +R33041 Integers.bits_of_Z_below +R33067 Integers.unsigned +R33057 Integers.wordsize +R33041 Integers.bits_of_Z_below +R33067 Integers.unsigned +R33057 Integers.wordsize +R33097 Integers.bits_of_Z_below +R33123 Integers.unsigned +R33132 Integers.mone +R33113 Integers.wordsize +R33097 Integers.bits_of_Z_below +R33123 Integers.unsigned +R33132 Integers.mone +R33113 Integers.wordsize +R33163 Coq.Bool.Bool.andb_b_false +R33163 Coq.Bool.Bool.andb_b_false +R33203 Coq.ZArith.BinInt "x < y" Z_scope +R33190 Coq.ZArith.BinInt "x - y" Z_scope +R33192 Integers.unsigned +R33205 Coq.ZArith.BinInt.Z_of_nat +R33214 Integers.wordsize +R33203 Coq.ZArith.BinInt "x < y" Z_scope +R33190 Coq.ZArith.BinInt "x - y" Z_scope +R33192 Integers.unsigned +R33205 Coq.ZArith.BinInt.Z_of_nat +R33214 Integers.wordsize +R33241 Integers.unsigned_range +R33241 Integers.unsigned_range +R33279 Integers.unsigned +R33288 Integers.mone +R33323 Coq.ZArith.BinInt "x - y" Z_scope +R33300 Coq.ZArith.Zpower.two_power_nat +R33314 Integers.wordsize +R33279 Integers.unsigned +R33288 Integers.mone +R33323 Coq.ZArith.BinInt "x - y" Z_scope +R33300 Coq.ZArith.Zpower.two_power_nat +R33314 Integers.wordsize +R33339 Integers.bits_of_Z_mone +R33339 Integers.bits_of_Z_mone +R33363 Coq.Bool.Bool.andb_b_true +R33363 Coq.Bool.Bool.andb_b_true +R33393 Coqlib.Zmod_small +R33393 Coqlib.Zmod_small +R33436 Integers.mone_max_unsigned +R33436 Integers.mone_max_unsigned +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R33633 Coq.Init.Logic "x = y" type_scope +R33597 Integers.bitwise_binop +R33624 Integers.shl +R33614 Integers.shl +R33635 Integers.shl +R33640 Integers.bitwise_binop +R33584 Coq.Init.Logic "x = y" type_scope +R33578 Coq.Init.Datatypes.false +R33572 Coq.Init.Datatypes.false +R33586 Coq.Init.Datatypes.false +R33732 Integers.unsigned_repr +R33732 Integers.unsigned_repr +R33732 Integers.unsigned_repr +R33732 Integers.unsigned_repr +R33732 Integers.unsigned_repr +R33732 Integers.unsigned_repr +R33732 Integers.unsigned_repr +R33732 Integers.unsigned_repr +R33771 Integers.Z_of_bits_exten +R33771 Integers.Z_of_bits_exten +R33804 Coqlib.zlt +R33811 Coq.ZArith.BinInt "x - y" Z_scope +R33813 Integers.unsigned +R33804 Coqlib.zlt +R33811 Coq.ZArith.BinInt "x - y" Z_scope +R33813 Integers.unsigned +R33851 Coq.Init.Datatypes.false +R33851 Coq.Init.Datatypes.false +R33873 Integers.bits_of_Z_of_bits +R33873 Integers.bits_of_Z_of_bits +R33873 Integers.bits_of_Z_of_bits +R33873 Integers.bits_of_Z_of_bits +R33873 Integers.bits_of_Z_of_bits +R33873 Integers.bits_of_Z_of_bits +R33915 Integers.bits_of_Z_below +R33915 Integers.bits_of_Z_below +R33915 Integers.bits_of_Z_below +R33915 Integers.bits_of_Z_below +R33915 Integers.bits_of_Z_below +R33915 Integers.bits_of_Z_below +R33948 Integers.bits_of_Z_below +R33948 Integers.bits_of_Z_below +R33988 Integers.bits_of_Z_of_bits +R33988 Integers.bits_of_Z_of_bits +R33988 Integers.bits_of_Z_of_bits +R33988 Integers.bits_of_Z_of_bits +R33988 Integers.bits_of_Z_of_bits +R33988 Integers.bits_of_Z_of_bits +R33988 Integers.bits_of_Z_of_bits +R33988 Integers.bits_of_Z_of_bits +R34027 Integers.unsigned_range +R34027 Integers.unsigned_range +R34116 Coq.Init.Logic "x = y" type_scope +R34092 Integers.and +R34107 Integers.shl +R34097 Integers.shl +R34118 Integers.shl +R34123 Integers.and +R34170 Integers.bitwise_binop_shl +R34170 Integers.bitwise_binop_shl +R34297 Coq.Init.Logic "x = y" type_scope +R34288 Integers.shru +R34299 Integers.rolm +R34342 Integers.shru +R34347 Integers.mone +R34307 Integers.sub +R34312 Integers.repr +R34318 Coq.ZArith.BinInt.Z_of_nat +R34327 Integers.wordsize +R34276 Coq.Init.Logic "x = y" type_scope +R34243 Integers.ltu +R34250 Integers.repr +R34256 Coq.ZArith.BinInt.Z_of_nat +R34265 Integers.wordsize +R34278 Coq.Init.Datatypes.true +R34400 Integers.unsigned_repr +R34400 Integers.unsigned_repr +R34424 Coqlib.zlt +R34442 Coq.ZArith.BinInt.Z_of_nat +R34451 Integers.wordsize +R34429 Integers.unsigned +R34424 Coqlib.zlt +R34442 Coq.ZArith.BinInt.Z_of_nat +R34451 Integers.wordsize +R34429 Integers.unsigned +R34538 Integers.Z_of_bits_exten +R34538 Integers.Z_of_bits_exten +R34580 Integers.unsigned_repr +R34580 Integers.unsigned_repr +R34580 Integers.unsigned_repr +R34580 Integers.unsigned_repr +R34580 Integers.unsigned_repr +R34580 Integers.unsigned_repr +R34628 Integers.bits_of_Z_of_bits +R34628 Integers.bits_of_Z_of_bits +R34628 Integers.bits_of_Z_of_bits +R34628 Integers.bits_of_Z_of_bits +R34628 Integers.bits_of_Z_of_bits +R34628 Integers.bits_of_Z_of_bits +R34726 Coq.ZArith.BinInt.Z_of_nat +R34735 Integers.wordsize +R34679 Integers.unsigned +R34689 Integers.repr +R34695 Coq.ZArith.BinInt.Z_of_nat +R34704 Integers.wordsize +R34726 Coq.ZArith.BinInt.Z_of_nat +R34735 Integers.wordsize +R34679 Integers.unsigned +R34689 Integers.repr +R34695 Coq.ZArith.BinInt.Z_of_nat +R34704 Integers.wordsize +R34756 Integers.unsigned_repr +R34756 Integers.unsigned_repr +R34780 Coqlib.zlt +R34802 Coq.ZArith.BinInt.Z_of_nat +R34811 Integers.wordsize +R34787 Coq.ZArith.BinInt "x + y" Z_scope +R34789 Integers.unsigned +R34780 Coqlib.zlt +R34802 Coq.ZArith.BinInt.Z_of_nat +R34811 Integers.wordsize +R34787 Coq.ZArith.BinInt "x + y" Z_scope +R34789 Integers.unsigned +R34845 Integers.unsigned +R34854 Integers.mone +R34889 Coq.ZArith.BinInt "x - y" Z_scope +R34866 Coq.ZArith.Zpower.two_power_nat +R34880 Integers.wordsize +R34845 Integers.unsigned +R34854 Integers.mone +R34889 Coq.ZArith.BinInt "x - y" Z_scope +R34866 Coq.ZArith.Zpower.two_power_nat +R34880 Integers.wordsize +R34905 Integers.bits_of_Z_mone +R34905 Integers.bits_of_Z_mone +R34929 Coq.Bool.Bool.andb_b_true +R34929 Coq.Bool.Bool.andb_b_true +R34965 Coq.ZArith.BinInt "x - y" Z_scope +R34986 Coq.ZArith.BinInt "x - y" Z_scope +R34968 Coq.ZArith.BinInt.Z_of_nat +R34977 Integers.wordsize +R34988 Integers.unsigned +R35027 Coq.ZArith.BinInt "x + y" Z_scope +R35015 Coq.ZArith.BinInt "x + y" Z_scope +R35017 Integers.unsigned +R35034 Coq.ZArith.BinInt "x * y" Z_scope +R35038 Coq.ZArith.BinInt.Z_of_nat +R35047 Integers.wordsize +R34965 Coq.ZArith.BinInt "x - y" Z_scope +R34986 Coq.ZArith.BinInt "x - y" Z_scope +R34968 Coq.ZArith.BinInt.Z_of_nat +R34977 Integers.wordsize +R34988 Integers.unsigned +R35027 Coq.ZArith.BinInt "x + y" Z_scope +R35015 Coq.ZArith.BinInt "x + y" Z_scope +R35017 Integers.unsigned +R35034 Coq.ZArith.BinInt "x * y" Z_scope +R35038 Coq.ZArith.BinInt.Z_of_nat +R35047 Integers.wordsize +R35068 Coq.ZArith.Zdiv.Z_mod_plus +R35068 Coq.ZArith.Zdiv.Z_mod_plus +R35096 Coqlib.Zmod_small +R35096 Coqlib.Zmod_small +R35122 Integers.unsigned_range +R35122 Integers.unsigned_range +R35177 Integers.unsigned_range +R35177 Integers.unsigned_range +R35230 Integers.bits_of_Z_above +R35256 Integers.unsigned +R35246 Integers.wordsize +R35230 Integers.bits_of_Z_above +R35256 Integers.unsigned +R35246 Integers.wordsize +R35287 Integers.bits_of_Z_above +R35313 Integers.unsigned +R35322 Integers.mone +R35303 Integers.wordsize +R35287 Integers.bits_of_Z_above +R35313 Integers.unsigned +R35322 Integers.mone +R35303 Integers.wordsize +R35354 Coq.Bool.Bool.andb_b_false +R35354 Coq.Bool.Bool.andb_b_false +R35406 Coq.ZArith.BinInt.Z_of_nat +R35415 Integers.wordsize +R35390 Coq.ZArith.Zorder.Zle_trans +R35406 Coq.ZArith.BinInt.Z_of_nat +R35415 Integers.wordsize +R35390 Coq.ZArith.Zorder.Zle_trans +R35440 Integers.unsigned_range +R35440 Integers.unsigned_range +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R35677 Coq.Init.Logic "x = y" type_scope +R35639 Integers.bitwise_binop +R35667 Integers.shru +R35656 Integers.shru +R35679 Integers.shru +R35685 Integers.bitwise_binop +R35626 Coq.Init.Logic "x = y" type_scope +R35620 Coq.Init.Datatypes.false +R35614 Coq.Init.Datatypes.false +R35628 Coq.Init.Datatypes.false +R35778 Integers.unsigned_repr +R35778 Integers.unsigned_repr +R35778 Integers.unsigned_repr +R35778 Integers.unsigned_repr +R35778 Integers.unsigned_repr +R35778 Integers.unsigned_repr +R35778 Integers.unsigned_repr +R35778 Integers.unsigned_repr +R35817 Integers.Z_of_bits_exten +R35817 Integers.Z_of_bits_exten +R35850 Coqlib.zlt +R35872 Coq.ZArith.BinInt.Z_of_nat +R35881 Integers.wordsize +R35857 Coq.ZArith.BinInt "x + y" Z_scope +R35859 Integers.unsigned +R35850 Coqlib.zlt +R35872 Coq.ZArith.BinInt.Z_of_nat +R35881 Integers.wordsize +R35857 Coq.ZArith.BinInt "x + y" Z_scope +R35859 Integers.unsigned +R35917 Integers.bits_of_Z_of_bits +R35917 Integers.bits_of_Z_of_bits +R35917 Integers.bits_of_Z_of_bits +R35917 Integers.bits_of_Z_of_bits +R35917 Integers.bits_of_Z_of_bits +R35917 Integers.bits_of_Z_of_bits +R35917 Integers.bits_of_Z_of_bits +R35917 Integers.bits_of_Z_of_bits +R35956 Integers.unsigned_range +R35956 Integers.unsigned_range +R35997 Coq.Init.Datatypes.false +R35997 Coq.Init.Datatypes.false +R36019 Integers.bits_of_Z_of_bits +R36019 Integers.bits_of_Z_of_bits +R36019 Integers.bits_of_Z_of_bits +R36019 Integers.bits_of_Z_of_bits +R36019 Integers.bits_of_Z_of_bits +R36019 Integers.bits_of_Z_of_bits +R36061 Integers.bits_of_Z_above +R36061 Integers.bits_of_Z_above +R36061 Integers.bits_of_Z_above +R36061 Integers.bits_of_Z_above +R36061 Integers.bits_of_Z_above +R36061 Integers.bits_of_Z_above +R36094 Integers.bits_of_Z_above +R36094 Integers.bits_of_Z_above +R36183 Coq.Init.Logic "x = y" type_scope +R36157 Integers.and +R36173 Integers.shru +R36162 Integers.shru +R36185 Integers.shru +R36191 Integers.and +R36238 Integers.bitwise_binop_shru +R36238 Integers.bitwise_binop_shru +R36320 Coq.Init.Logic "x = y" type_scope +R36309 Integers.rol +R36315 Integers.zero +R36368 Integers.repr +R36374 Integers.Z_of_bits +R36394 Integers.bits_of_Z +R36414 Integers.unsigned +R36404 Integers.wordsize +R36384 Integers.wordsize +R36368 Integers.repr +R36374 Integers.Z_of_bits +R36394 Integers.bits_of_Z +R36414 Integers.unsigned +R36404 Integers.wordsize +R36384 Integers.wordsize +R36456 Integers.repr +R36462 Integers.unsigned +R36456 Integers.repr +R36462 Integers.unsigned +R36491 Integers.eqm_small_eq +R36491 Integers.eqm_small_eq +R36511 Integers.Z_of_bits_of_Z +R36511 Integers.Z_of_bits_of_Z +R36666 Coq.Init.Logic "x = y" type_scope +R36630 Integers.bitwise_binop +R36657 Integers.rol +R36647 Integers.rol +R36668 Integers.rol +R36673 Integers.bitwise_binop +R36766 Integers.unsigned_repr +R36766 Integers.unsigned_repr +R36766 Integers.unsigned_repr +R36766 Integers.unsigned_repr +R36766 Integers.unsigned_repr +R36806 Integers.Z_of_bits_exten +R36806 Integers.Z_of_bits_exten +R36848 Integers.bits_of_Z_of_bits +R36848 Integers.bits_of_Z_of_bits +R36848 Integers.bits_of_Z_of_bits +R36848 Integers.bits_of_Z_of_bits +R36848 Integers.bits_of_Z_of_bits +R36848 Integers.bits_of_Z_of_bits +R36848 Integers.bits_of_Z_of_bits +R36848 Integers.bits_of_Z_of_bits +R36881 Coq.ZArith.Zdiv.Z_mod_lt +R36881 Coq.ZArith.Zdiv.Z_mod_lt +R36964 Coq.Init.Logic "x = y" type_scope +R36948 Integers.rol +R36953 Integers.and +R36966 Integers.and +R36981 Integers.rol +R36971 Integers.rol +R37036 Integers.bitwise_binop_rol +R37036 Integers.bitwise_binop_rol +R37112 Coq.Init.Logic "x = y" type_scope +R37096 Integers.rol +R37101 Integers.rol +R37114 Integers.rol +R37121 Integers.modu +R37137 Integers.repr +R37143 Coq.ZArith.BinInt.Z_of_nat +R37152 Integers.wordsize +R37127 Integers.add +R37219 Integers.unsigned_repr +R37219 Integers.unsigned_repr +R37219 Integers.unsigned_repr +R37259 Integers.Z_of_bits_exten +R37259 Integers.Z_of_bits_exten +R37301 Integers.bits_of_Z_of_bits +R37301 Integers.bits_of_Z_of_bits +R37301 Integers.bits_of_Z_of_bits +R37301 Integers.bits_of_Z_of_bits +R37366 Coq.ZArith.BinInt.Z_of_nat +R37375 Integers.wordsize +R37366 Coq.ZArith.BinInt.Z_of_nat +R37375 Integers.wordsize +R37398 Integers.unsigned +R37421 Integers.unsigned +R37398 Integers.unsigned +R37421 Integers.unsigned +R37446 Coq.ZArith.BinInt "x > y" Z_scope +R37446 Coq.ZArith.BinInt "x > y" Z_scope +R37487 Integers.eqmod +R37498 Integers.unsigned +R37508 Integers.repr +R37487 Integers.eqmod +R37498 Integers.unsigned +R37508 Integers.repr +R37536 Integers.eqm_unsigned_repr +R37536 Integers.eqm_unsigned_repr +R37590 Coq.ZArith.BinInt "x * y" Z_scope +R37601 Coq.ZArith.Zdiv "x / y" Z_scope +R37593 Integers.modulus +R37590 Coq.ZArith.BinInt "x * y" Z_scope +R37601 Coq.ZArith.Zdiv "x / y" Z_scope +R37593 Integers.modulus +R37640 Coq.ZArith.BinInt "x * y" Z_scope +R37624 Coq.ZArith.BinInt "x * y" Z_scope +R37635 Coq.ZArith.Zdiv "x / y" Z_scope +R37627 Integers.modulus +R37653 Coq.ZArith.BinInt "x * y" Z_scope +R37655 Integers.modulus +R37640 Coq.ZArith.BinInt "x * y" Z_scope +R37624 Coq.ZArith.BinInt "x * y" Z_scope +R37635 Coq.ZArith.Zdiv "x / y" Z_scope +R37627 Integers.modulus +R37653 Coq.ZArith.BinInt "x * y" Z_scope +R37655 Integers.modulus +R37686 Coq.ZArith.BinInt.Zmult_assoc +R37686 Coq.ZArith.BinInt.Zmult_assoc +R37720 Integers.eqmod_mod_eq +R37720 Integers.eqmod_mod_eq +R37750 Integers.unsigned +R37760 Integers.repr +R37750 Integers.unsigned +R37760 Integers.repr +R37805 Coq.ZArith.BinInt "x - y" Z_scope +R37813 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R37810 Coq.ZArith.BinInt "x + y" Z_scope +R37785 Integers.eqmod_trans +R37805 Coq.ZArith.BinInt "x - y" Z_scope +R37813 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R37810 Coq.ZArith.BinInt "x + y" Z_scope +R37785 Integers.eqmod_trans +R37855 Coq.ZArith.BinInt "x - y" Z_scope +R37852 Coq.ZArith.BinInt "x - y" Z_scope +R37831 Integers.eqmod_trans +R37855 Coq.ZArith.BinInt "x - y" Z_scope +R37852 Coq.ZArith.BinInt "x - y" Z_scope +R37831 Integers.eqmod_trans +R37871 Integers.eqmod_sub +R37871 Integers.eqmod_sub +R37888 Integers.eqmod_sym +R37888 Integers.eqmod_sym +R37905 Integers.eqmod_mod +R37905 Integers.eqmod_mod +R37930 Integers.eqmod_refl +R37930 Integers.eqmod_refl +R37960 Coq.ZArith.BinInt "x - y" Z_scope +R37956 Coq.ZArith.BinInt "x - y" Z_scope +R37973 Coq.ZArith.BinInt "x - y" Z_scope +R37978 Coq.ZArith.BinInt "x + y" Z_scope +R37960 Coq.ZArith.BinInt "x - y" Z_scope +R37956 Coq.ZArith.BinInt "x - y" Z_scope +R37973 Coq.ZArith.BinInt "x - y" Z_scope +R37978 Coq.ZArith.BinInt "x + y" Z_scope +R37993 Integers.eqmod_sub +R37993 Integers.eqmod_sub +R38010 Integers.eqmod_refl +R38010 Integers.eqmod_refl +R38028 Integers.eqmod_mod +R38028 Integers.eqmod_mod +R38062 Integers.eqmod_sub +R38062 Integers.eqmod_sub +R38079 Integers.eqmod_refl +R38079 Integers.eqmod_refl +R38101 Integers.eqmod_trans +R38101 Integers.eqmod_trans +R38141 Integers.eqmod_trans +R38167 Integers.eqmod_mod +R38141 Integers.eqmod_trans +R38167 Integers.eqmod_mod +R38187 Integers.eqmod_sym +R38187 Integers.eqmod_sym +R38205 Integers.eqmod_trans +R38231 Integers.eqmod_mod +R38205 Integers.eqmod_trans +R38231 Integers.eqmod_mod +R38251 Integers.eqmod_sym +R38251 Integers.eqmod_sym +R38293 Coq.ZArith.Zdiv.Z_mod_lt +R38293 Coq.ZArith.Zdiv.Z_mod_lt +R38373 Coq.Init.Logic "x = y" type_scope +R38359 Integers.rolm +R38366 Integers.zero +R38375 Integers.and +R38422 Integers.rol_zero +R38422 Integers.rol_zero +R38515 Coq.Init.Logic "x = y" type_scope +R38489 Integers.rolm +R38495 Integers.rolm +R38521 Integers.rolm +R38586 Integers.and +R38591 Integers.rol +R38529 Integers.modu +R38547 Integers.repr +R38553 Coq.ZArith.BinInt.Z_of_nat +R38562 Integers.wordsize +R38535 Integers.add +R38647 Integers.rol_and +R38647 Integers.rol_and +R38664 Integers.and_assoc +R38664 Integers.and_assoc +R38686 Integers.rol_rol +R38686 Integers.rol_rol +R38763 Coq.Init.Logic "x = y" type_scope +R38748 Integers.rol +R38753 Integers.or +R38765 Integers.or +R38779 Integers.rol +R38769 Integers.rol +R38833 Integers.bitwise_binop_rol +R38833 Integers.bitwise_binop_rol +R38928 Coq.Init.Logic "x = y" type_scope +R38897 Integers.or +R38915 Integers.rolm +R38901 Integers.rolm +R38930 Integers.rolm +R38940 Integers.or +R38997 Integers.and_or_distrib +R38997 Integers.and_or_distrib +R39083 Coq.ZArith.BinInt.Z +R39074 Coq.Lists.List.list +R39079 Coq.ZArith.BinInt.Z +R39107 Coq.Lists.List.nil +R39122 Coq.Lists.List "x :: y" list_scope +R39139 Coq.ZArith.BinInt "x + y" Z_scope +R39131 Coq.ZArith.Zpower.two_p +R39074 Coq.Lists.List.list +R39079 Coq.ZArith.BinInt.Z +R39225 Coq.ZArith.BinInt "x <= y < z" Z_scope +R39228 Coq.Init.Datatypes.snd +R39233 Integers.Z_bin_decomp +R39228 Coq.Init.Datatypes.snd +R39233 Integers.Z_bin_decomp +R39207 Coq.ZArith.BinInt "x <= y < z" Z_scope +R39216 Coq.ZArith.BinInt "x * y" Z_scope +R39283 Integers.Z_shift_add_bin_decomp +R39283 Integers.Z_shift_add_bin_decomp +R39352 Coq.Init.Datatypes.fst +R39357 Integers.Z_bin_decomp +R39352 Coq.Init.Datatypes.fst +R39357 Integers.Z_bin_decomp +R39451 Coq.Init.Logic "x = y" type_scope +R39453 Integers.powerserie +R39465 Integers.Z_one_bits +R39476 Integers.wordsize +R39431 Coq.ZArith.BinInt "x <= y < z" Z_scope +R39438 Integers.modulus +R39585 Coq.Init.Logic "x = y" type_scope +R39575 Coq.ZArith.BinInt "x * y" Z_scope +R39577 Coq.ZArith.Zpower.two_p +R39587 Integers.powerserie +R39599 Integers.Z_one_bits +R39543 Coq.ZArith.BinInt "x <= y < z" Z_scope +R39550 Coq.ZArith.Zpower.two_power_nat +R39529 Coq.ZArith.BinInt "x <= y" Z_scope +R39585 Coq.Init.Logic "x = y" type_scope +R39575 Coq.ZArith.BinInt "x * y" Z_scope +R39577 Coq.ZArith.Zpower.two_p +R39587 Integers.powerserie +R39599 Integers.Z_one_bits +R39543 Coq.ZArith.BinInt "x <= y < z" Z_scope +R39550 Coq.ZArith.Zpower.two_power_nat +R39529 Coq.ZArith.BinInt "x <= y" Z_scope +R39659 Coqlib.two_power_nat_O +R39659 Coqlib.two_power_nat_O +R39695 Coq.Init.Logic "x = y" type_scope +R39695 Coq.Init.Logic "x = y" type_scope +R39734 Coq.ZArith.Zpower.two_power_nat_S +R39734 Coq.ZArith.Zpower.two_power_nat_S +R39763 Integers.Z_one_bits +R39763 Integers.Z_one_bits +R39789 Integers.Z_shift_add_bin_decomp +R39789 Integers.Z_shift_add_bin_decomp +R39830 Integers.Z_bin_decomp_range +R39830 Integers.Z_bin_decomp_range +R39866 Integers.Z_bin_decomp +R39866 Integers.Z_bin_decomp +R39966 Integers.powerserie +R39966 Integers.powerserie +R40005 Coq.ZArith.Zpower.two_p_is_exp +R40005 Coq.ZArith.Zpower.two_p_is_exp +R40027 Coq.ZArith.Zpower.two_p +R40027 Coq.ZArith.Zpower.two_p +R40107 Coq.ZArith.Zpower.two_p_is_exp +R40107 Coq.ZArith.Zpower.two_p_is_exp +R40129 Coq.ZArith.Zpower.two_p +R40129 Coq.ZArith.Zpower.two_p +R40212 Coq.ZArith.Zpower.two_p +R40212 Coq.ZArith.Zpower.two_p +R40335 Coq.ZArith.BinInt "x <= y < z" Z_scope +R40342 Coq.ZArith.BinInt.Z_of_nat +R40351 Integers.wordsize +R40299 Coq.Lists.List.In +R40305 Integers.Z_one_bits +R40316 Integers.wordsize +R40427 Coq.ZArith.BinInt "x <= y < z" Z_scope +R40436 Coq.ZArith.BinInt "x + y" Z_scope +R40438 Coq.ZArith.BinInt.Z_of_nat +R40398 Coq.Lists.List.In +R40404 Integers.Z_one_bits +R40427 Coq.ZArith.BinInt "x <= y < z" Z_scope +R40436 Coq.ZArith.BinInt "x + y" Z_scope +R40438 Coq.ZArith.BinInt.Z_of_nat +R40398 Coq.Lists.List.In +R40404 Integers.Z_one_bits +R40472 Coq.Lists.List.In +R40472 Coq.Lists.List.In +R40472 Coq.Lists.List.In +R40520 Integers.Z_bin_decomp +R40520 Integers.Z_bin_decomp +R40555 Coq.ZArith.Znat.inj_S +R40555 Coq.ZArith.Znat.inj_S +R40654 Coq.ZArith.Znat.inj_S +R40654 Coq.ZArith.Znat.inj_S +R40718 Integers.wordsize +R40718 Integers.wordsize +R40822 Coq.ZArith.BinInt "x <= y < z" Z_scope +R40825 Integers.unsigned +R40825 Integers.unsigned +R40841 Coq.ZArith.BinInt.Z_of_nat +R40850 Integers.wordsize +R40803 Coq.Init.Logic "x = y" type_scope +R40791 Integers.is_power2 +R40805 Coq.Init.Datatypes.Some +R40916 Integers.Z_one_bits_range +R40934 Integers.unsigned +R40916 Integers.Z_one_bits_range +R40934 Integers.unsigned +R40960 Integers.Z_one_bits +R40981 Integers.unsigned +R40971 Integers.wordsize +R40960 Integers.Z_one_bits +R40981 Integers.unsigned +R40971 Integers.wordsize +R41100 Coq.ZArith.BinInt "x <= y < z" Z_scope +R41107 Coq.ZArith.BinInt.Z_of_nat +R41116 Integers.wordsize +R41100 Coq.ZArith.BinInt "x <= y < z" Z_scope +R41107 Coq.ZArith.BinInt.Z_of_nat +R41116 Integers.wordsize +R41166 Integers.unsigned_repr +R41166 Integers.unsigned_repr +R41215 Coq.ZArith.BinInt "x < y" Z_scope +R41197 Coq.ZArith.BinInt.Z_of_nat +R41206 Integers.wordsize +R41217 Integers.max_unsigned +R41215 Coq.ZArith.BinInt "x < y" Z_scope +R41197 Coq.ZArith.BinInt.Z_of_nat +R41206 Integers.wordsize +R41217 Integers.max_unsigned +R41393 Coq.Init.Logic "x = y" type_scope +R41357 Integers.ltu +R41367 Integers.repr +R41373 Coq.ZArith.BinInt.Z_of_nat +R41382 Integers.wordsize +R41395 Coq.Init.Datatypes.true +R41342 Coq.Init.Logic "x = y" type_scope +R41330 Integers.is_power2 +R41344 Coq.Init.Datatypes.Some +R41483 Coq.ZArith.BinInt.Z_of_nat +R41492 Integers.wordsize +R41440 Integers.unsigned +R41450 Integers.repr +R41456 Coq.ZArith.BinInt.Z_of_nat +R41465 Integers.wordsize +R41483 Coq.ZArith.BinInt.Z_of_nat +R41492 Integers.wordsize +R41440 Integers.unsigned +R41450 Integers.repr +R41456 Coq.ZArith.BinInt.Z_of_nat +R41465 Integers.wordsize +R41517 Integers.is_power2_rng +R41517 Integers.is_power2_rng +R41548 Coqlib.zlt +R41569 Coq.ZArith.BinInt.Z_of_nat +R41578 Integers.wordsize +R41553 Integers.unsigned +R41548 Coqlib.zlt +R41569 Coq.ZArith.BinInt.Z_of_nat +R41578 Integers.wordsize +R41553 Integers.unsigned +R41718 Coq.Init.Logic "x = y" type_scope +R41707 Integers.unsigned +R41720 Coq.ZArith.Zpower.two_p +R41727 Integers.unsigned +R41690 Coq.Init.Logic "x = y" type_scope +R41678 Integers.is_power2 +R41692 Coq.Init.Datatypes.Some +R41799 Integers.Z_one_bits_powerserie +R41835 Integers.unsigned_range +R41822 Integers.unsigned +R41799 Integers.Z_one_bits_powerserie +R41835 Integers.unsigned_range +R41822 Integers.unsigned +R41869 Integers.Z_one_bits_range +R41887 Integers.unsigned +R41869 Integers.Z_one_bits_range +R41887 Integers.unsigned +R41913 Integers.Z_one_bits +R41934 Integers.unsigned +R41924 Integers.wordsize +R41913 Integers.Z_one_bits +R41934 Integers.unsigned +R41924 Integers.wordsize +R42065 Integers.unsigned_repr +R42065 Integers.unsigned_repr +R42089 Coq.ZArith.Zpower.two_p +R42112 Coq.ZArith.BinInt "x + y" Z_scope +R42104 Coq.ZArith.Zpower.two_p +R42089 Coq.ZArith.Zpower.two_p +R42112 Coq.ZArith.BinInt "x + y" Z_scope +R42104 Coq.ZArith.Zpower.two_p +R42182 Coq.ZArith.BinInt "x < y" Z_scope +R42164 Coq.ZArith.BinInt.Z_of_nat +R42173 Integers.wordsize +R42184 Integers.max_unsigned +R42182 Coq.ZArith.BinInt "x < y" Z_scope +R42164 Coq.ZArith.BinInt.Z_of_nat +R42173 Integers.wordsize +R42184 Integers.max_unsigned +R42348 Coq.Init.Logic "x = y" type_scope +R42340 Integers.mul +R42350 Integers.shl +R42323 Coq.Init.Logic "x = y" type_scope +R42311 Integers.is_power2 +R42325 Coq.Init.Datatypes.Some +R42391 Integers.is_power2_correct +R42391 Integers.is_power2_correct +R42437 Integers.shl_mul_two_p +R42437 Integers.shl_mul_two_p +R42475 Integers.repr_unsigned +R42475 Integers.repr_unsigned +R42609 Coq.Init.Logic "x = y" type_scope +R42595 Integers.Z_of_bits +R42611 Integers.Z_shift_add +R42630 Integers.Z_of_bits +R42656 Coq.ZArith.BinInt "x + y" Z_scope +R42581 Coq.Init.Logic "x = y" type_scope +R42583 Coq.Init.Datatypes.false +R42560 Coq.ZArith.BinInt "x >= y" Z_scope +R42563 Coq.ZArith.BinInt.Z_of_nat +R42788 Coq.ZArith.BinInt "x + y" Z_scope +R42788 Coq.ZArith.BinInt "x + y" Z_scope +R42839 Coq.ZArith.Znat.inj_S +R42839 Coq.ZArith.Znat.inj_S +R42970 Coq.Init.Logic "'exists' x , p" type_scope +R43060 Coq.Init.Logic "A /\ B" type_scope +R43003 Coq.Init.Logic "x = y" type_scope +R42982 Integers.Z_of_bits +R42992 Integers.wordsize +R43007 Coq.ZArith.BinInt "x + y" Z_scope +R43017 Coq.ZArith.BinInt "x * y" Z_scope +R43009 Coq.ZArith.Zpower.two_p +R43019 Integers.Z_of_bits +R43052 Coq.ZArith.BinInt "x + y" Z_scope +R43029 Integers.wordsize +R43065 Coq.ZArith.BinInt "x <= y < z" Z_scope +R43072 Coq.ZArith.Zpower.two_p +R42956 Coq.Init.Logic "x = y" type_scope +R42958 Coq.Init.Datatypes.false +R42928 Coq.ZArith.BinInt "x >= y" Z_scope +R42931 Coq.ZArith.BinInt.Z_of_nat +R42940 Integers.wordsize +R42905 Coq.ZArith.BinInt "x <= y" Z_scope +R43115 Coq.ZArith.Wf_Z.natlike_ind +R43115 Coq.ZArith.Wf_Z.natlike_ind +R43148 Coq.ZArith.Zpower.two_p +R43148 Coq.ZArith.Zpower.two_p +R43188 Integers.Z_of_bits +R43222 Coq.ZArith.BinInt "x + y" Z_scope +R43198 Integers.wordsize +R43188 Integers.Z_of_bits +R43222 Coq.ZArith.BinInt "x + y" Z_scope +R43198 Integers.wordsize +R43238 Integers.Z_of_bits_exten +R43238 Integers.Z_of_bits_exten +R43354 Coq.ZArith.BinInt "x + y" Z_scope +R43354 Coq.ZArith.BinInt "x + y" Z_scope +R43417 Coq.Init.Logic "x = y" type_scope +R43419 Coq.Init.Datatypes.false +R43388 Coq.ZArith.BinInt "x >= y" Z_scope +R43391 Coq.ZArith.BinInt.Z_of_nat +R43400 Integers.wordsize +R43417 Coq.Init.Logic "x = y" type_scope +R43419 Coq.Init.Datatypes.false +R43388 Coq.ZArith.BinInt "x >= y" Z_scope +R43391 Coq.ZArith.BinInt.Z_of_nat +R43400 Integers.wordsize +R43481 Integers.Z_of_bits_shift_rev +R43501 Integers.wordsize +R43481 Integers.Z_of_bits_shift_rev +R43501 Integers.wordsize +R43565 Integers.Z_of_bits +R43599 Coq.ZArith.BinInt "x + y" Z_scope +R43601 Coq.ZArith.BinInt.Zsucc +R43575 Integers.wordsize +R43565 Integers.Z_of_bits +R43599 Coq.ZArith.BinInt "x + y" Z_scope +R43601 Coq.ZArith.BinInt.Zsucc +R43575 Integers.wordsize +R43624 Integers.Z_of_bits +R43659 Coq.ZArith.BinInt "x + y" Z_scope +R43634 Integers.wordsize +R43624 Integers.Z_of_bits +R43659 Coq.ZArith.BinInt "x + y" Z_scope +R43634 Integers.wordsize +R43684 Coq.ZArith.Zpower.two_p_S +R43684 Coq.ZArith.Zpower.two_p_S +R43740 Coq.ZArith.BinInt "x + y" Z_scope +R43742 Coq.ZArith.Zpower.two_p +R43740 Coq.ZArith.BinInt "x + y" Z_scope +R43742 Coq.ZArith.Zpower.two_p +R43832 Integers.Z_of_bits_exten +R43832 Integers.Z_of_bits_exten +R43946 Coq.Init.Logic "x = y" type_scope +R43937 Integers.shru +R43948 Integers.repr +R43965 Coq.ZArith.Zdiv "x / y" Z_scope +R43954 Integers.unsigned +R43967 Coq.ZArith.Zpower.two_p +R43974 Integers.unsigned +R44032 Integers.unsigned +R44032 Integers.unsigned +R44056 Integers.unsigned +R44056 Integers.unsigned +R44077 Integers.Z_of_bits_shifts_rev +R44102 Integers.bits_of_Z +R44112 Integers.wordsize +R44077 Integers.Z_of_bits_shifts_rev +R44102 Integers.bits_of_Z +R44112 Integers.wordsize +R44161 Integers.Z_of_bits +R44181 Integers.bits_of_Z +R44191 Integers.wordsize +R44171 Integers.wordsize +R44161 Integers.Z_of_bits +R44181 Integers.bits_of_Z +R44191 Integers.wordsize +R44171 Integers.wordsize +R44230 Coq.ZArith.BinInt.Zplus_comm +R44230 Coq.ZArith.BinInt.Zplus_comm +R44256 Coq.ZArith.BinInt.Zmult_comm +R44256 Coq.ZArith.BinInt.Zmult_comm +R44288 Coqlib.Zdiv_unique +R44288 Coqlib.Zdiv_unique +R44354 Integers.eqm_small_eq +R44354 Integers.eqm_small_eq +R44374 Integers.eqm_sym +R44374 Integers.eqm_sym +R44389 Integers.Z_of_bits_of_Z +R44389 Integers.Z_of_bits_of_Z +R44425 Integers.unsigned_range +R44425 Integers.unsigned_range +R44474 Integers.unsigned_range +R44474 Integers.unsigned_range +R44527 Integers.bits_of_Z_above +R44527 Integers.bits_of_Z_above +R44599 Coq.Init.Logic "x = y" type_scope +R44587 Integers.shru +R44594 Integers.zero +R44629 Integers.shru_div_two_p +R44629 Integers.shru_div_two_p +R44653 Coq.ZArith.Zpower.two_p +R44660 Integers.unsigned +R44669 Integers.zero +R44653 Coq.ZArith.Zpower.two_p +R44660 Integers.unsigned +R44669 Integers.zero +R44700 Integers.repr +R44706 Integers.unsigned +R44700 Integers.repr +R44706 Integers.unsigned +R44733 Coqlib.Zdiv_unique +R44733 Coqlib.Zdiv_unique +R44832 Coq.Init.Logic "x = y" type_scope +R44821 Integers.shr +R44827 Integers.zero +R44874 Coq.ZArith.Zpower.two_p +R44881 Integers.unsigned +R44890 Integers.zero +R44874 Coq.ZArith.Zpower.two_p +R44881 Integers.unsigned +R44890 Integers.zero +R44925 Coq.ZArith.Zdiv "x / y" Z_scope +R44916 Integers.signed +R44936 Integers.signed +R44925 Coq.ZArith.Zdiv "x / y" Z_scope +R44916 Integers.signed +R44936 Integers.signed +R44955 Integers.repr_signed +R44955 Integers.repr_signed +R44986 Coqlib.Zdiv_unique +R44986 Coqlib.Zdiv_unique +R45105 Coq.Init.Logic "x = y" type_scope +R45096 Integers.divu +R45107 Integers.shru +R45079 Coq.Init.Logic "x = y" type_scope +R45067 Integers.is_power2 +R45081 Coq.Init.Datatypes.Some +R45149 Integers.is_power2_correct +R45149 Integers.is_power2_correct +R45228 Integers.shru_div_two_p +R45228 Integers.shru_div_two_p +R45303 Coq.Init.Logic "x = y" type_scope +R45305 Integers.add +R45329 Integers.modu +R45310 Integers.mul +R45315 Integers.divu +R45290 Coq.Init.Logic "x <> y" type_scope +R45293 Integers.zero +R45402 Integers.repr +R45408 Integers.unsigned +R45402 Integers.repr +R45408 Integers.unsigned +R45447 Integers.eqm_samerepr +R45447 Integers.eqm_samerepr +R45475 Integers.unsigned +R45475 Integers.unsigned +R45499 Integers.unsigned +R45499 Integers.unsigned +R45551 Coq.ZArith.BinInt "x + y" Z_scope +R45544 Coq.ZArith.BinInt "x * y" Z_scope +R45540 Coq.ZArith.Zdiv "x / y" Z_scope +R45556 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R45520 Integers.eqm_trans +R45551 Coq.ZArith.BinInt "x + y" Z_scope +R45544 Coq.ZArith.BinInt "x * y" Z_scope +R45540 Coq.ZArith.Zdiv "x / y" Z_scope +R45556 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R45520 Integers.eqm_trans +R45573 Integers.eqm_refl2 +R45573 Integers.eqm_refl2 +R45592 Coq.ZArith.BinInt.Zmult_comm +R45592 Coq.ZArith.BinInt.Zmult_comm +R45610 Coq.ZArith.Zdiv.Z_div_mod_eq +R45610 Coq.ZArith.Zdiv.Z_div_mod_eq +R45638 Integers.unsigned_range +R45638 Integers.unsigned_range +R45685 Coq.Init.Logic "x <> y" type_scope +R45674 Integers.unsigned +R45685 Coq.Init.Logic "x <> y" type_scope +R45674 Integers.unsigned +R45727 Integers.repr_unsigned +R45727 Integers.repr_unsigned +R45869 Coq.Init.Logic "x = y" type_scope +R45860 Integers.modu +R45871 Integers.sub +R45878 Integers.mul +R45883 Integers.divu +R45849 Coq.Init.Logic "x <> y" type_scope +R45852 Integers.zero +R45956 Coq.Init.Logic "x = y" type_scope +R45958 Integers.sub +R45941 Coq.Init.Logic "x = y" type_scope +R45943 Integers.add +R45956 Coq.Init.Logic "x = y" type_scope +R45958 Integers.sub +R45941 Coq.Init.Logic "x = y" type_scope +R45943 Integers.add +R45995 Integers.sub_add_l +R45995 Integers.sub_add_l +R46014 Integers.sub_idem +R46014 Integers.sub_idem +R46034 Integers.add_commut +R46034 Integers.add_commut +R46054 Integers.add_zero +R46054 Integers.add_zero +R46088 Integers.modu_divu_Euclid +R46088 Integers.modu_divu_Euclid +R46160 Coq.Init.Logic "x = y" type_scope +R46151 Integers.mods +R46162 Integers.sub +R46169 Integers.mul +R46174 Integers.divs +R46242 Integers.eqm_samerepr +R46242 Integers.eqm_samerepr +R46285 Integers.eqm_sub +R46285 Integers.eqm_sub +R46300 Integers.eqm_signed_unsigned +R46300 Integers.eqm_signed_unsigned +R46330 Integers.eqm_unsigned_repr_r +R46330 Integers.eqm_unsigned_repr_r +R46360 Integers.eqm_mult +R46360 Integers.eqm_mult +R46392 Integers.eqm_signed_unsigned +R46392 Integers.eqm_signed_unsigned +R46497 Coq.Init.Logic "x = y" type_scope +R46488 Integers.divs +R46499 Integers.shrx +R46471 Coq.Init.Logic "x = y" type_scope +R46459 Integers.is_power2 +R46473 Coq.Init.Datatypes.Some +R46541 Integers.is_power2_correct +R46541 Integers.is_power2_correct +R46597 Integers.shl_mul_two_p +R46597 Integers.shl_mul_two_p +R46622 Integers.mul_commut +R46622 Integers.mul_commut +R46642 Integers.mul_one +R46642 Integers.mul_one +R46676 Integers.repr_unsigned +R46676 Integers.repr_unsigned +R46769 Coq.Init.Logic "x = y" type_scope +R46739 Integers.add +R46754 Integers.shr_carry +R46744 Integers.shr +R46771 Integers.shrx +R46827 Integers.sub_add_opp +R46827 Integers.sub_add_opp +R46848 Integers.add_permut +R46848 Integers.add_permut +R46871 Integers.add_neg_zero +R46871 Integers.add_neg_zero +R46891 Integers.add_zero +R46891 Integers.add_zero +R47003 Coq.Init.Logic "x = y" type_scope +R46979 Integers.add +R46994 Integers.and +R46984 Integers.and +R46967 Coq.Init.Logic "x = y" type_scope +R46960 Integers.or +R46969 Integers.mone +R46948 Coq.Init.Logic "x = y" type_scope +R46940 Integers.and +R46950 Integers.zero +R47051 Integers.repr +R47057 Integers.unsigned +R47051 Integers.repr +R47057 Integers.unsigned +R47140 Integers.unsigned_repr +R47140 Integers.unsigned_repr +R47140 Integers.unsigned_repr +R47140 Integers.unsigned_repr +R47140 Integers.unsigned_repr +R47140 Integers.unsigned_repr +R47187 Integers.Z_of_bits +R47207 Integers.bits_of_Z +R47227 Integers.unsigned +R47217 Integers.wordsize +R47197 Integers.wordsize +R47187 Integers.Z_of_bits +R47207 Integers.bits_of_Z +R47227 Integers.unsigned +R47217 Integers.wordsize +R47197 Integers.wordsize +R47250 Integers.Z_of_bits_excl +R47250 Integers.Z_of_bits_excl +R47318 Coq.Init.Logic "x = y" type_scope +R47306 Coq.Bool.Bool "x && y" bool_scope +R47301 Coq.Bool.Bool "x && y" bool_scope +R47312 Coq.Bool.Bool "x && y" bool_scope +R47322 Coq.Bool.Bool "x && y" bool_scope +R47328 Coq.Bool.Bool "x && y" bool_scope +R47318 Coq.Init.Logic "x = y" type_scope +R47306 Coq.Bool.Bool "x && y" bool_scope +R47301 Coq.Bool.Bool "x && y" bool_scope +R47312 Coq.Bool.Bool "x && y" bool_scope +R47322 Coq.Bool.Bool "x && y" bool_scope +R47328 Coq.Bool.Bool "x && y" bool_scope +R47449 Coq.Bool.Bool "x && y" bool_scope +R47415 Integers.bits_of_Z +R47435 Integers.unsigned +R47425 Integers.wordsize +R47463 Integers.bits_of_Z +R47483 Integers.unsigned +R47473 Integers.wordsize +R47509 Integers.bits_of_Z +R47529 Integers.unsigned +R47539 Integers.and +R47519 Integers.wordsize +R47449 Coq.Bool.Bool "x && y" bool_scope +R47415 Integers.bits_of_Z +R47435 Integers.unsigned +R47425 Integers.wordsize +R47463 Integers.bits_of_Z +R47483 Integers.unsigned +R47473 Integers.wordsize +R47509 Integers.bits_of_Z +R47529 Integers.unsigned +R47539 Integers.and +R47519 Integers.wordsize +R47574 Integers.unsigned +R47583 Integers.zero +R47574 Integers.unsigned +R47583 Integers.zero +R47608 Integers.bits_of_Z_zero +R47608 Integers.bits_of_Z_zero +R47630 Coq.Bool.Bool.andb_b_false +R47630 Coq.Bool.Bool.andb_b_false +R47684 Integers.unsigned_repr +R47684 Integers.unsigned_repr +R47723 Integers.bits_of_Z_of_bits +R47723 Integers.bits_of_Z_of_bits +R47786 Coq.Bool.Bool.demorgan1 +R47786 Coq.Bool.Bool.demorgan1 +R47843 Coq.Bool.Bool "x || y" bool_scope +R47809 Integers.bits_of_Z +R47829 Integers.unsigned +R47819 Integers.wordsize +R47857 Integers.bits_of_Z +R47877 Integers.unsigned +R47867 Integers.wordsize +R47903 Integers.bits_of_Z +R47923 Integers.unsigned +R47933 Integers.or +R47913 Integers.wordsize +R47843 Coq.Bool.Bool "x || y" bool_scope +R47809 Integers.bits_of_Z +R47829 Integers.unsigned +R47819 Integers.wordsize +R47857 Integers.bits_of_Z +R47877 Integers.unsigned +R47867 Integers.wordsize +R47903 Integers.bits_of_Z +R47923 Integers.unsigned +R47933 Integers.or +R47913 Integers.wordsize +R48012 Coq.ZArith.BinInt "x - y" Z_scope +R47989 Coq.ZArith.Zpower.two_power_nat +R48003 Integers.wordsize +R47968 Integers.unsigned +R47977 Integers.mone +R48012 Coq.ZArith.BinInt "x - y" Z_scope +R47989 Coq.ZArith.Zpower.two_power_nat +R48003 Integers.wordsize +R47968 Integers.unsigned +R47977 Integers.mone +R48028 Integers.bits_of_Z_mone +R48028 Integers.bits_of_Z_mone +R48056 Coq.Bool.Bool.andb_b_true +R48056 Coq.Bool.Bool.andb_b_true +R48108 Integers.unsigned_repr +R48108 Integers.unsigned_repr +R48147 Integers.bits_of_Z_of_bits +R48147 Integers.bits_of_Z_of_bits +R48180 Integers.eqm_small_eq +R48180 Integers.eqm_small_eq +R48216 Integers.Z_of_bits_of_Z +R48216 Integers.Z_of_bits_of_Z +R48310 Integers.int +R48303 Integers.int +R48358 Coq.Init.Datatypes.bool +R48351 Coq.Init.Datatypes.nat +R48385 Coq.Init.Datatypes.O +R48390 Coq.Init.Datatypes.true +R48399 Coq.Init.Datatypes.S +R48409 Integers.eq +R48440 Integers.repr +R48446 Coq.ZArith.BinInt.Z_of_nat +R48416 Integers.repr +R48422 Coq.ZArith.BinInt.Z_of_nat +R48515 Coq.Init.Datatypes.false +R48351 Coq.Init.Datatypes.nat +R48659 Coq.Init.Logic "x = y" type_scope +R48651 Integers.repr +R48664 Integers.repr +R48627 Coq.ZArith.BinInt "x <= y < z" Z_scope +R48634 Coq.ZArith.BinInt.Z_of_nat +R48603 Coq.Init.Logic "x = y" type_scope +R48580 Integers.check_equal_on_range +R48605 Coq.Init.Datatypes.true +R48741 Integers.check_equal_on_range +R48741 Integers.check_equal_on_range +R48779 Integers.repr +R48785 Coq.ZArith.BinInt.Z_of_nat +R48779 Integers.repr +R48785 Coq.ZArith.BinInt.Z_of_nat +R48816 Integers.repr +R48822 Coq.ZArith.BinInt.Z_of_nat +R48816 Integers.repr +R48822 Coq.ZArith.BinInt.Z_of_nat +R48851 Integers.eq_spec +R48851 Integers.eq_spec +R48875 Integers.eq +R48875 Integers.eq +R48904 Coq.ZArith.Znat.inj_S +R48904 Coq.ZArith.Znat.inj_S +R48948 Coq.Init.Logic "A \/ B" type_scope +R48930 Coq.ZArith.BinInt "x <= y < z" Z_scope +R48937 Coq.ZArith.BinInt.Z_of_nat +R48953 Coq.Init.Logic "x = y" type_scope +R48955 Coq.ZArith.BinInt.Z_of_nat +R48948 Coq.Init.Logic "A \/ B" type_scope +R48930 Coq.ZArith.BinInt "x <= y < z" Z_scope +R48937 Coq.ZArith.BinInt.Z_of_nat +R48953 Coq.Init.Logic "x = y" type_scope +R48955 Coq.ZArith.BinInt.Z_of_nat +R49180 Coq.Init.Logic "x = y" type_scope +R49137 Coq.ZArith.BinInt "x <= y < z" Z_scope +R49140 Integers.unsigned +R49140 Integers.unsigned +R49153 Coq.ZArith.BinInt.Z_of_nat +R49162 Integers.wordsize +R49113 Coq.Init.Logic "x = y" type_scope +R49083 Integers.check_equal_on_range +R49104 Integers.wordsize +R49115 Coq.Init.Datatypes.true +R49220 Integers.repr +R49226 Integers.unsigned +R49220 Integers.repr +R49226 Integers.unsigned +R49283 Integers.wordsize +R49249 Integers.check_equal_on_range_correct +R49283 Integers.wordsize +R49249 Integers.check_equal_on_range_correct +R49307 Integers.repr_unsigned +R49307 Integers.repr_unsigned +R49455 Coq.Init.Logic "x = y" type_scope +R49429 Integers.rol +R49434 Integers.shru +R49439 Integers.mone +R49457 Integers.shl +R49461 Integers.mone +R49387 Coq.ZArith.BinInt "x <= y < z" Z_scope +R49390 Integers.unsigned +R49390 Integers.unsigned +R49406 Coq.ZArith.BinInt.Z_of_nat +R49415 Integers.wordsize +R49479 Integers.equal_on_range +R49572 Coq.Init.Logic.refl_equal +R49583 Coq.Init.Datatypes.true +R49551 Integers.shl +R49555 Integers.mone +R49512 Integers.rol +R49517 Integers.shru +R49522 Integers.mone +R49736 Coq.Init.Logic "x = y" type_scope +R49675 Integers.and +R49696 Integers.sub +R49731 Integers.one +R49701 Integers.repr +R49707 Coq.ZArith.Zpower.two_p +R49714 Integers.unsigned +R49680 Integers.shl +R49684 Integers.mone +R49738 Integers.zero +R49633 Coq.ZArith.BinInt "x <= y < z" Z_scope +R49636 Integers.unsigned +R49636 Integers.unsigned +R49652 Coq.ZArith.BinInt.Z_of_nat +R49661 Integers.wordsize +R49751 Integers.equal_on_range +R49896 Coq.Init.Logic.refl_equal +R49907 Coq.Init.Datatypes.true +R49880 Integers.zero +R49784 Integers.and +R49824 Integers.sub +R49856 Integers.one +R49829 Integers.repr +R49835 Coq.ZArith.Zpower.two_p +R49842 Integers.unsigned +R49789 Integers.shl +R49793 Integers.mone +R50059 Coq.Init.Logic "x = y" type_scope +R49999 Integers.or +R50019 Integers.sub +R50054 Integers.one +R50024 Integers.repr +R50030 Coq.ZArith.Zpower.two_p +R50037 Integers.unsigned +R50003 Integers.shl +R50007 Integers.mone +R50061 Integers.mone +R49957 Coq.ZArith.BinInt "x <= y < z" Z_scope +R49960 Integers.unsigned +R49960 Integers.unsigned +R49976 Coq.ZArith.BinInt.Z_of_nat +R49985 Integers.wordsize +R50074 Integers.equal_on_range +R50217 Coq.Init.Logic.refl_equal +R50228 Coq.Init.Datatypes.true +R50202 Integers.mone +R50107 Integers.or +R50146 Integers.sub +R50178 Integers.one +R50151 Integers.repr +R50157 Coq.ZArith.Zpower.two_p +R50164 Integers.unsigned +R50111 Integers.shl +R50115 Integers.mone +R50314 Coq.Init.Logic "x = y" type_scope +R50305 Integers.modu +R50316 Integers.and +R50323 Integers.sub +R50329 Integers.one +R50288 Coq.Init.Logic "x = y" type_scope +R50276 Integers.is_power2 +R50290 Coq.Init.Datatypes.Some +R50364 Integers.is_power2_correct +R50364 Integers.is_power2_correct +R50411 Integers.is_power2_rng +R50411 Integers.is_power2_rng +R50452 Coq.Init.Logic "x <> y" type_scope +R50455 Integers.zero +R50452 Coq.Init.Logic "x <> y" type_scope +R50455 Integers.zero +R50496 Integers.unsigned +R50505 Integers.zero +R50496 Integers.unsigned +R50505 Integers.zero +R50559 Coq.ZArith.BinInt "x > y" Z_scope +R50537 Coq.ZArith.Zpower.two_p +R50544 Integers.unsigned +R50559 Coq.ZArith.BinInt "x > y" Z_scope +R50537 Coq.ZArith.Zpower.two_p +R50544 Integers.unsigned +R50571 Coq.ZArith.Zpower.two_p_gt_ZERO +R50571 Coq.ZArith.Zpower.two_p_gt_ZERO +R50631 Integers.modu_divu_Euclid +R50631 Integers.modu_divu_Euclid +R50711 Coq.Init.Logic "x = y" type_scope +R50696 Coq.Init.Logic "x = y" type_scope +R50688 Integers.add +R50698 Integers.add +R50711 Coq.Init.Logic "x = y" type_scope +R50696 Coq.Init.Logic "x = y" type_scope +R50688 Integers.add +R50698 Integers.add +R50753 Coq.Init.Logic "x = y" type_scope +R50737 Integers.sub +R50742 Integers.add +R50755 Integers.sub +R50760 Integers.add +R50753 Coq.Init.Logic "x = y" type_scope +R50737 Integers.sub +R50742 Integers.add +R50755 Integers.sub +R50760 Integers.add +R50804 Integers.sub_add_l +R50804 Integers.sub_add_l +R50804 Integers.sub_add_l +R50804 Integers.sub_add_l +R50836 Integers.sub_idem +R50836 Integers.sub_idem +R50836 Integers.sub_idem +R50864 Integers.add_commut +R50890 Integers.add_zero +R50864 Integers.add_commut +R50890 Integers.add_zero +R50918 Integers.add_commut +R50944 Integers.add_zero +R50918 Integers.add_commut +R50944 Integers.add_zero +R50987 Integers.mul +R50992 Integers.divu +R50987 Integers.mul +R50992 Integers.divu +R51035 Integers.divu_pow2 +R51035 Integers.divu_pow2 +R51070 Integers.mul_pow2 +R51080 Integers.shru +R51070 Integers.mul_pow2 +R51080 Integers.shru +R51115 Integers.shru_rolm +R51115 Integers.shru_rolm +R51134 Integers.shl_rolm +R51134 Integers.shl_rolm +R51152 Integers.rolm_rolm +R51152 Integers.rolm_rolm +R51173 Integers.sub_add_opp +R51173 Integers.sub_add_opp +R51194 Integers.add_assoc +R51194 Integers.add_assoc +R51217 Integers.add +R51222 Integers.neg +R51243 Integers.zero +R51217 Integers.add +R51222 Integers.neg +R51243 Integers.zero +R51259 Integers.add_zero +R51259 Integers.add_zero +R51348 Integers.zero +R51279 Integers.modu +R51312 Integers.repr +R51318 Coq.ZArith.BinInt.Z_of_nat +R51327 Integers.wordsize +R51285 Integers.repr +R51291 Coq.ZArith.BinInt.Z_of_nat +R51300 Integers.wordsize +R51348 Integers.zero +R51279 Integers.modu +R51312 Integers.repr +R51318 Coq.ZArith.BinInt.Z_of_nat +R51327 Integers.wordsize +R51285 Integers.repr +R51291 Coq.ZArith.BinInt.Z_of_nat +R51300 Integers.wordsize +R51364 Integers.rolm_zero +R51364 Integers.rolm_zero +R51406 Integers.repr +R51412 Coq.ZArith.Zpower.two_p +R51419 Integers.unsigned +R51406 Integers.repr +R51412 Coq.ZArith.Zpower.two_p +R51419 Integers.unsigned +R51447 Integers.modu_and_masks_1 +R51447 Integers.modu_and_masks_1 +R51481 Integers.and_idem +R51481 Integers.and_idem +R51499 Integers.add_and +R51499 Integers.add_and +R51514 Integers.modu_and_masks_2 +R51514 Integers.modu_and_masks_2 +R51544 Integers.modu_and_masks_3 +R51544 Integers.modu_and_masks_3 +R51584 Integers.repr +R51590 Integers.unsigned +R51584 Integers.repr +R51590 Integers.unsigned +R51643 Integers.add_commut +R51643 Integers.add_commut +R51663 Integers.add_neg_zero +R51663 Integers.add_neg_zero +R51703 Coqlib.zlt_true +R51703 Coqlib.zlt_true +R51767 Coq.ZArith.BinInt.Z_of_nat +R51776 Integers.wordsize +R51724 Integers.unsigned +R51734 Integers.repr +R51740 Coq.ZArith.BinInt.Z_of_nat +R51749 Integers.wordsize +R51767 Coq.ZArith.BinInt.Z_of_nat +R51776 Integers.wordsize +R51724 Integers.unsigned +R51734 Integers.repr +R51740 Coq.ZArith.BinInt.Z_of_nat +R51749 Integers.wordsize +R51816 Coqlib.zlt_true +R51816 Coqlib.zlt_true +R51880 Coq.ZArith.BinInt.Z_of_nat +R51889 Integers.wordsize +R51837 Integers.unsigned +R51847 Integers.repr +R51853 Coq.ZArith.BinInt.Z_of_nat +R51862 Integers.wordsize +R51880 Coq.ZArith.BinInt.Z_of_nat +R51889 Integers.wordsize +R51837 Integers.unsigned +R51847 Integers.repr +R51853 Coq.ZArith.BinInt.Z_of_nat +R51862 Integers.wordsize +R51970 Coq.Init.Logic "x = y" type_scope +R51954 Integers.cast8unsigned +R51972 Integers.and +R51979 Integers.repr +R52073 Integers.modu +R52081 Integers.repr +R52040 Integers.repr +R52057 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R52046 Integers.unsigned +R52073 Integers.modu +R52081 Integers.repr +R52040 Integers.repr +R52057 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R52046 Integers.unsigned +R52119 Integers.sub +R52134 Integers.one +R52124 Integers.repr +R52103 Integers.repr +R52119 Integers.sub +R52134 Integers.one +R52124 Integers.repr +R52103 Integers.repr +R52163 Integers.repr +R52148 Integers.modu_and +R52163 Integers.repr +R52148 Integers.modu_and +R52248 Coq.Init.Logic "x = y" type_scope +R52231 Integers.cast16unsigned +R52250 Integers.and +R52257 Integers.repr +R52356 Integers.modu +R52364 Integers.repr +R52321 Integers.repr +R52338 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R52327 Integers.unsigned +R52356 Integers.modu +R52364 Integers.repr +R52321 Integers.repr +R52338 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R52327 Integers.unsigned +R52406 Integers.sub +R52423 Integers.one +R52411 Integers.repr +R52388 Integers.repr +R52406 Integers.sub +R52423 Integers.one +R52411 Integers.repr +R52388 Integers.repr +R52452 Integers.repr +R52437 Integers.modu_and +R52452 Integers.repr +R52437 Integers.modu_and +R52524 Integers.eqmod +R52537 Integers.unsigned +R52547 Integers.repr +R52586 Integers.eqm_unsigned_repr +R52586 Integers.eqm_unsigned_repr +R52654 Coq.ZArith.BinInt "x * y" Z_scope +R52665 Coq.ZArith.Zdiv "x / y" Z_scope +R52657 Integers.modulus +R52654 Coq.ZArith.BinInt "x * y" Z_scope +R52665 Coq.ZArith.Zdiv "x / y" Z_scope +R52657 Integers.modulus +R52706 Coq.ZArith.BinInt "x * y" Z_scope +R52688 Coq.ZArith.BinInt "x * y" Z_scope +R52699 Coq.ZArith.Zdiv "x / y" Z_scope +R52691 Integers.modulus +R52728 Coq.ZArith.BinInt "x * y" Z_scope +R52745 Coq.ZArith.BinInt "x * y" Z_scope +R52740 Coq.ZArith.Zdiv "x / y" Z_scope +R52732 Integers.modulus +R52706 Coq.ZArith.BinInt "x * y" Z_scope +R52688 Coq.ZArith.BinInt "x * y" Z_scope +R52699 Coq.ZArith.Zdiv "x / y" Z_scope +R52691 Integers.modulus +R52728 Coq.ZArith.BinInt "x * y" Z_scope +R52745 Coq.ZArith.BinInt "x * y" Z_scope +R52740 Coq.ZArith.Zdiv "x / y" Z_scope +R52732 Integers.modulus +R52826 Integers.eqmod +R52841 Integers.unsigned +R52851 Integers.repr +R52890 Integers.eqm_unsigned_repr +R52890 Integers.eqm_unsigned_repr +R52958 Coq.ZArith.BinInt "x * y" Z_scope +R52969 Coq.ZArith.Zdiv "x / y" Z_scope +R52961 Integers.modulus +R52958 Coq.ZArith.BinInt "x * y" Z_scope +R52969 Coq.ZArith.Zdiv "x / y" Z_scope +R52961 Integers.modulus +R53014 Coq.ZArith.BinInt "x * y" Z_scope +R52994 Coq.ZArith.BinInt "x * y" Z_scope +R53005 Coq.ZArith.Zdiv "x / y" Z_scope +R52997 Integers.modulus +R53038 Coq.ZArith.BinInt "x * y" Z_scope +R53057 Coq.ZArith.BinInt "x * y" Z_scope +R53050 Coq.ZArith.Zdiv "x / y" Z_scope +R53042 Integers.modulus +R53014 Coq.ZArith.BinInt "x * y" Z_scope +R52994 Coq.ZArith.BinInt "x * y" Z_scope +R53005 Coq.ZArith.Zdiv "x / y" Z_scope +R52997 Integers.modulus +R53038 Coq.ZArith.BinInt "x * y" Z_scope +R53057 Coq.ZArith.BinInt "x * y" Z_scope +R53050 Coq.ZArith.Zdiv "x / y" Z_scope +R53042 Integers.modulus +R53168 Coq.Init.Logic "x = y" type_scope +R53138 Integers.cast8signed +R53151 Integers.cast8unsigned +R53170 Integers.cast8signed +R53249 Integers.unsigned +R53249 Integers.unsigned +R53272 Integers.unsigned_repr +R53272 Integers.unsigned_repr +R53309 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53302 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53328 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53309 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53302 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53328 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53364 Coqlib.Zmod_small +R53364 Coqlib.Zmod_small +R53382 Coq.ZArith.Zdiv.Z_mod_lt +R53382 Coq.ZArith.Zdiv.Z_mod_lt +R53411 Coq.ZArith.BinInt "x <= y < z" Z_scope +R53416 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53416 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53411 Coq.ZArith.BinInt "x <= y < z" Z_scope +R53416 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53416 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53438 Coq.ZArith.Zdiv.Z_mod_lt +R53438 Coq.ZArith.Zdiv.Z_mod_lt +R53469 Coq.ZArith.BinInt "x < y" Z_scope +R53471 Integers.max_unsigned +R53469 Coq.ZArith.BinInt "x < y" Z_scope +R53471 Integers.max_unsigned +R53589 Coq.Init.Logic "x = y" type_scope +R53559 Integers.cast8unsigned +R53574 Integers.cast8signed +R53591 Integers.cast8unsigned +R53683 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53672 Integers.unsigned +R53683 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53672 Integers.unsigned +R53705 Coq.ZArith.BinInt "x <= y < z" Z_scope +R53705 Coq.ZArith.BinInt "x <= y < z" Z_scope +R53734 Coq.ZArith.Zdiv.Z_mod_lt +R53734 Coq.ZArith.Zdiv.Z_mod_lt +R53771 Coq.Init.Logic "x = y" type_scope +R53763 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53771 Coq.Init.Logic "x = y" type_scope +R53763 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53783 Coqlib.Zmod_small +R53783 Coqlib.Zmod_small +R53815 Coq.ZArith.BinInt "x <= y" Z_scope +R53818 Integers.max_unsigned +R53815 Coq.ZArith.BinInt "x <= y" Z_scope +R53818 Integers.max_unsigned +R53872 Coqlib.zlt +R53872 Coqlib.zlt +R53901 Integers.unsigned_repr +R53901 Integers.unsigned_repr +R53947 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53947 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R53972 Integers.eqmod_mod_eq +R53972 Integers.eqmod_mod_eq +R54022 Coq.ZArith.BinInt "x - y" Z_scope +R54002 Integers.eqmod_trans +R54022 Coq.ZArith.BinInt "x - y" Z_scope +R54002 Integers.eqmod_trans +R54036 Integers.eqmod_sym +R54036 Integers.eqmod_sym +R54053 Integers.eqmod_256_unsigned_repr +R54053 Integers.eqmod_256_unsigned_repr +R54088 Integers.eqmod +R54111 Coq.ZArith.BinInt "x - y" Z_scope +R54101 Coq.ZArith.BinInt "x - y" Z_scope +R54088 Integers.eqmod +R54111 Coq.ZArith.BinInt "x - y" Z_scope +R54101 Coq.ZArith.BinInt "x - y" Z_scope +R54128 Integers.eqmod_sub +R54128 Integers.eqmod_sub +R54145 Integers.eqmod_refl +R54145 Integers.eqmod_refl +R54203 Coq.ZArith.BinInt "x - y" Z_scope +R54203 Coq.ZArith.BinInt "x - y" Z_scope +R54317 Coq.Init.Logic "x = y" type_scope +R54285 Integers.cast16unsigned +R54301 Integers.cast16signed +R54319 Integers.cast16unsigned +R54414 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R54403 Integers.unsigned +R54414 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R54403 Integers.unsigned +R54438 Coq.ZArith.BinInt "x <= y < z" Z_scope +R54438 Coq.ZArith.BinInt "x <= y < z" Z_scope +R54469 Coq.ZArith.Zdiv.Z_mod_lt +R54469 Coq.ZArith.Zdiv.Z_mod_lt +R54508 Coq.Init.Logic "x = y" type_scope +R54498 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R54508 Coq.Init.Logic "x = y" type_scope +R54498 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R54520 Coqlib.Zmod_small +R54520 Coqlib.Zmod_small +R54554 Coq.ZArith.BinInt "x <= y" Z_scope +R54557 Integers.max_unsigned +R54554 Coq.ZArith.BinInt "x <= y" Z_scope +R54557 Integers.max_unsigned +R54611 Coqlib.zlt +R54611 Coqlib.zlt +R54642 Integers.unsigned_repr +R54642 Integers.unsigned_repr +R54688 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R54688 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R54715 Integers.eqmod_mod_eq +R54715 Integers.eqmod_mod_eq +R54765 Coq.ZArith.BinInt "x - y" Z_scope +R54745 Integers.eqmod_trans +R54765 Coq.ZArith.BinInt "x - y" Z_scope +R54745 Integers.eqmod_trans +R54781 Integers.eqmod_sym +R54781 Integers.eqmod_sym +R54798 Integers.eqmod_65536_unsigned_repr +R54798 Integers.eqmod_65536_unsigned_repr +R54835 Integers.eqmod +R54862 Coq.ZArith.BinInt "x - y" Z_scope +R54850 Coq.ZArith.BinInt "x - y" Z_scope +R54835 Integers.eqmod +R54862 Coq.ZArith.BinInt "x - y" Z_scope +R54850 Coq.ZArith.BinInt "x - y" Z_scope +R54879 Integers.eqmod_sub +R54879 Integers.eqmod_sub +R54896 Integers.eqmod_refl +R54896 Integers.eqmod_refl +R54954 Coq.ZArith.BinInt "x - y" Z_scope +R54954 Coq.ZArith.BinInt "x - y" Z_scope +R55065 Coq.Init.Logic "x = y" type_scope +R55033 Integers.cast8unsigned +R55048 Integers.cast8unsigned +R55067 Integers.cast8unsigned +R55116 Integers.cast8unsigned_and +R55116 Integers.cast8unsigned_and +R55116 Integers.cast8unsigned_and +R55116 Integers.cast8unsigned_and +R55146 Integers.and_assoc +R55146 Integers.and_assoc +R55253 Coq.Init.Logic "x = y" type_scope +R55219 Integers.cast16unsigned +R55235 Integers.cast16unsigned +R55255 Integers.cast16unsigned +R55305 Integers.cast16unsigned_and +R55305 Integers.cast16unsigned_and +R55305 Integers.cast16unsigned_and +R55305 Integers.cast16unsigned_and +R55336 Integers.and_assoc +R55336 Integers.and_assoc +R55434 Coq.Init.Logic "x = y" type_scope +R55406 Integers.cast8signed +R55419 Integers.cast8signed +R55436 Integers.cast8signed +R55511 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R55500 Integers.unsigned +R55511 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R55500 Integers.unsigned +R55535 Coq.ZArith.BinInt "x < y" Z_scope +R55537 Integers.max_unsigned +R55535 Coq.ZArith.BinInt "x < y" Z_scope +R55537 Integers.max_unsigned +R55579 Coq.ZArith.BinInt "x <= y < z" Z_scope +R55579 Coq.ZArith.BinInt "x <= y < z" Z_scope +R55608 Coq.ZArith.Zdiv.Z_mod_lt +R55608 Coq.ZArith.Zdiv.Z_mod_lt +R55634 Coqlib.zlt +R55634 Coqlib.zlt +R55681 Coq.Init.Logic "x = y" type_scope +R55663 Integers.unsigned +R55673 Integers.repr +R55681 Coq.Init.Logic "x = y" type_scope +R55663 Integers.unsigned +R55673 Integers.repr +R55697 Integers.unsigned_repr +R55697 Integers.unsigned_repr +R55746 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R55746 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R55769 Coqlib.zlt_true +R55769 Coqlib.zlt_true +R55803 Coqlib.Zmod_small +R55803 Coqlib.Zmod_small +R55860 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R55834 Integers.unsigned +R55844 Integers.repr +R55852 Coq.ZArith.BinInt "x - y" Z_scope +R55860 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R55834 Integers.unsigned +R55844 Integers.repr +R55852 Coq.ZArith.BinInt "x - y" Z_scope +R55883 Coq.Init.Logic "x = y" type_scope +R55883 Coq.Init.Logic "x = y" type_scope +R55912 Integers.eqmod_mod_eq +R55912 Integers.eqmod_mod_eq +R55981 Coq.ZArith.BinInt "x - y" Z_scope +R55973 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R55962 Integers.unsigned +R55944 Integers.eqmod_trans +R55981 Coq.ZArith.BinInt "x - y" Z_scope +R55973 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R55962 Integers.unsigned +R55944 Integers.eqmod_trans +R55999 Integers.eqmod_sym +R55999 Integers.eqmod_sym +R56016 Integers.eqmod_256_unsigned_repr +R56016 Integers.eqmod_256_unsigned_repr +R56081 Coq.ZArith.BinInt "x - y" Z_scope +R56070 Integers.unsigned +R56052 Integers.eqmod_trans +R56081 Coq.ZArith.BinInt "x - y" Z_scope +R56070 Integers.unsigned +R56052 Integers.eqmod_trans +R56097 Integers.eqmod_sub +R56097 Integers.eqmod_sub +R56119 Integers.eqmod_sym +R56119 Integers.eqmod_sym +R56136 Integers.eqmod_mod +R56136 Integers.eqmod_mod +R56199 Integers.eqmod_refl2 +R56199 Integers.eqmod_refl2 +R56241 Coqlib.zlt_false +R56241 Coqlib.zlt_false +R56334 Coq.Init.Logic "x = y" type_scope +R56304 Integers.cast16signed +R56318 Integers.cast16signed +R56336 Integers.cast16signed +R56413 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R56402 Integers.unsigned +R56413 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R56402 Integers.unsigned +R56441 Coq.ZArith.BinInt "x < y" Z_scope +R56443 Integers.max_unsigned +R56441 Coq.ZArith.BinInt "x < y" Z_scope +R56443 Integers.max_unsigned +R56485 Coq.ZArith.BinInt "x <= y < z" Z_scope +R56485 Coq.ZArith.BinInt "x <= y < z" Z_scope +R56516 Coq.ZArith.Zdiv.Z_mod_lt +R56516 Coq.ZArith.Zdiv.Z_mod_lt +R56542 Coqlib.zlt +R56542 Coqlib.zlt +R56591 Coq.Init.Logic "x = y" type_scope +R56573 Integers.unsigned +R56583 Integers.repr +R56591 Coq.Init.Logic "x = y" type_scope +R56573 Integers.unsigned +R56583 Integers.repr +R56607 Integers.unsigned_repr +R56607 Integers.unsigned_repr +R56656 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R56656 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R56681 Coqlib.zlt_true +R56681 Coqlib.zlt_true +R56715 Coqlib.Zmod_small +R56715 Coqlib.Zmod_small +R56774 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R56746 Integers.unsigned +R56756 Integers.repr +R56764 Coq.ZArith.BinInt "x - y" Z_scope +R56774 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R56746 Integers.unsigned +R56756 Integers.repr +R56764 Coq.ZArith.BinInt "x - y" Z_scope +R56799 Coq.Init.Logic "x = y" type_scope +R56799 Coq.Init.Logic "x = y" type_scope +R56828 Integers.eqmod_mod_eq +R56828 Integers.eqmod_mod_eq +R56899 Coq.ZArith.BinInt "x - y" Z_scope +R56889 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R56878 Integers.unsigned +R56860 Integers.eqmod_trans +R56899 Coq.ZArith.BinInt "x - y" Z_scope +R56889 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R56878 Integers.unsigned +R56860 Integers.eqmod_trans +R56919 Integers.eqmod_sym +R56919 Integers.eqmod_sym +R56936 Integers.eqmod_65536_unsigned_repr +R56936 Integers.eqmod_65536_unsigned_repr +R57003 Coq.ZArith.BinInt "x - y" Z_scope +R56992 Integers.unsigned +R56974 Integers.eqmod_trans +R57003 Coq.ZArith.BinInt "x - y" Z_scope +R56992 Integers.unsigned +R56974 Integers.eqmod_trans +R57019 Integers.eqmod_sub +R57019 Integers.eqmod_sub +R57041 Integers.eqmod_sym +R57041 Integers.eqmod_sym +R57058 Integers.eqmod_mod +R57058 Integers.eqmod_mod +R57121 Integers.eqmod_refl2 +R57121 Integers.eqmod_refl2 +R57163 Coqlib.zlt_false +R57163 Coqlib.zlt_false +R57302 Coq.Init.Logic "x = y" type_scope +R57288 Integers.cast8signed +R57304 Integers.cast8signed +R57265 Coq.Init.Logic "x = y" type_scope +R57249 Integers.cast8unsigned +R57267 Integers.cast8unsigned +R57403 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R57392 Integers.unsigned +R57403 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R57392 Integers.unsigned +R57437 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R57426 Integers.unsigned +R57437 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R57426 Integers.unsigned +R57467 Integers.eqm +R57467 Integers.eqm +R57505 Integers.unsigned +R57515 Integers.repr +R57489 Integers.eqm_trans +R57505 Integers.unsigned +R57515 Integers.repr +R57489 Integers.eqm_trans +R57532 Integers.eqm_unsigned_repr +R57532 Integers.eqm_unsigned_repr +R57572 Integers.eqm_sym +R57572 Integers.eqm_sym +R57587 Integers.eqm_unsigned_repr +R57587 Integers.eqm_unsigned_repr +R57628 Coq.ZArith.BinInt "x <= y < z" Z_scope +R57633 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R57633 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R57643 Integers.modulus +R57628 Coq.ZArith.BinInt "x <= y < z" Z_scope +R57633 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R57633 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R57643 Integers.modulus +R57680 Coq.ZArith.BinInt "x <= y < z" Z_scope +R57685 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R57685 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R57680 Coq.ZArith.BinInt "x <= y < z" Z_scope +R57685 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R57685 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R57707 Coq.ZArith.Zdiv.Z_mod_lt +R57707 Coq.ZArith.Zdiv.Z_mod_lt +R57740 Coq.ZArith.BinInt "x <= y" Z_scope +R57743 Integers.modulus +R57740 Coq.ZArith.BinInt "x <= y" Z_scope +R57743 Integers.modulus +R57798 Coq.Init.Logic "x = y" type_scope +R57798 Coq.Init.Logic "x = y" type_scope +R57815 Integers.eqm_small_eq +R57815 Integers.eqm_small_eq +R57997 Coq.Init.Logic "x = y" type_scope +R57982 Integers.cast16signed +R57999 Integers.cast16signed +R57958 Coq.Init.Logic "x = y" type_scope +R57941 Integers.cast16unsigned +R57960 Integers.cast16unsigned +R58101 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R58090 Integers.unsigned +R58101 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R58090 Integers.unsigned +R58137 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R58126 Integers.unsigned +R58137 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R58126 Integers.unsigned +R58169 Integers.eqm +R58169 Integers.eqm +R58207 Integers.unsigned +R58217 Integers.repr +R58191 Integers.eqm_trans +R58207 Integers.unsigned +R58217 Integers.repr +R58191 Integers.eqm_trans +R58234 Integers.eqm_unsigned_repr +R58234 Integers.eqm_unsigned_repr +R58274 Integers.eqm_sym +R58274 Integers.eqm_sym +R58289 Integers.eqm_unsigned_repr +R58289 Integers.eqm_unsigned_repr +R58330 Coq.ZArith.BinInt "x <= y < z" Z_scope +R58335 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R58335 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R58347 Integers.modulus +R58330 Coq.ZArith.BinInt "x <= y < z" Z_scope +R58335 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R58335 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R58347 Integers.modulus +R58384 Coq.ZArith.BinInt "x <= y < z" Z_scope +R58389 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R58389 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R58384 Coq.ZArith.BinInt "x <= y < z" Z_scope +R58389 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R58389 Coq.ZArith.Zdiv "x 'mod' y" Z_scope +R58415 Coq.ZArith.Zdiv.Z_mod_lt +R58415 Coq.ZArith.Zdiv.Z_mod_lt +R58450 Coq.ZArith.BinInt "x <= y" Z_scope +R58453 Integers.modulus +R58450 Coq.ZArith.BinInt "x <= y" Z_scope +R58453 Integers.modulus +R58508 Coq.Init.Logic "x = y" type_scope +R58508 Coq.Init.Logic "x = y" type_scope +R58525 Integers.eqm_small_eq +R58525 Integers.eqm_small_eq +R58735 Coq.Init.Logic "x = y" type_scope +R58702 Integers.ltu +R58709 Integers.repr +R58715 Coq.ZArith.BinInt.Z_of_nat +R58724 Integers.wordsize +R58737 Coq.Init.Datatypes.true +R58681 Coq.Lists.List.In +R58687 Integers.one_bits +R58790 Coqlib.list_in_map_inv +R58790 Coqlib.list_in_map_inv +R58864 Coqlib.zlt_true +R58864 Coqlib.zlt_true +R58889 Integers.Z_one_bits_range +R58889 Integers.Z_one_bits_range +R58935 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R58938 Coq.ZArith.BinInt.Z_of_nat +R58947 Integers.wordsize +R58938 Coq.ZArith.BinInt.Z_of_nat +R58947 Integers.wordsize +R58959 Integers.max_unsigned +R58935 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R58938 Coq.ZArith.BinInt.Z_of_nat +R58947 Integers.wordsize +R58938 Coq.ZArith.BinInt.Z_of_nat +R58947 Integers.wordsize +R58959 Integers.max_unsigned +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R59026 Integers.unsigned_repr +R59026 Integers.unsigned_repr +R59026 Integers.unsigned_repr +R59026 Integers.unsigned_repr +R59026 Integers.unsigned_repr +R59026 Integers.unsigned_repr +R59095 Integers.int +R59083 Coq.Lists.List.list +R59088 Integers.int +R59121 Coq.Lists.List.nil +R59128 Integers.zero +R59139 Coq.Lists.List "x :: y" list_scope +R59147 Integers.add +R59152 Integers.shl +R59156 Integers.one +R59083 Coq.Lists.List.list +R59088 Integers.int +R59230 Coq.Init.Logic "x = y" type_scope +R59232 Integers.int_of_one_bits +R59249 Integers.one_bits +R59296 Integers.repr +R59302 Integers.powerserie +R59314 Integers.Z_one_bits +R59335 Integers.unsigned +R59325 Integers.wordsize +R59296 Integers.repr +R59302 Integers.powerserie +R59314 Integers.Z_one_bits +R59335 Integers.unsigned +R59325 Integers.wordsize +R59369 Integers.repr +R59375 Integers.unsigned +R59369 Integers.repr +R59375 Integers.unsigned +R59420 Integers.Z_one_bits_powerserie +R59420 Integers.Z_one_bits_powerserie +R59495 Integers.Z_one_bits_range +R59513 Integers.unsigned +R59495 Integers.Z_one_bits_range +R59513 Integers.unsigned +R59541 Integers.Z_one_bits +R59562 Integers.unsigned +R59552 Integers.wordsize +R59541 Integers.Z_one_bits +R59562 Integers.unsigned +R59552 Integers.wordsize +R59667 Integers.eqm_samerepr +R59667 Integers.eqm_samerepr +R59689 Integers.eqm_add +R59689 Integers.eqm_add +R59706 Integers.shl_mul_two_p +R59706 Integers.shl_mul_two_p +R59729 Integers.mul_commut +R59729 Integers.mul_commut +R59752 Integers.mul_one +R59752 Integers.mul_one +R59767 Integers.eqm_unsigned_repr_r +R59767 Integers.eqm_unsigned_repr_r +R59799 Integers.unsigned_repr +R59799 Integers.unsigned_repr +R59849 Coq.Lists.List.in_eq +R59849 Coq.Lists.List.in_eq +R59891 Coq.ZArith.BinInt "x < y" Z_scope +R59873 Coq.ZArith.BinInt.Z_of_nat +R59882 Integers.wordsize +R59893 Integers.max_unsigned +R59891 Coq.ZArith.BinInt "x < y" Z_scope +R59873 Coq.ZArith.BinInt.Z_of_nat +R59882 Integers.wordsize +R59893 Integers.max_unsigned +R60057 Coq.Init.Logic "x = y" type_scope +R60027 Integers.cmp +R60032 AST.negate_comparison +R60059 Coq.Bool.Bool.negb +R60065 Integers.cmp +R60125 Coq.Bool.Bool.negb_elim +R60125 Coq.Bool.Bool.negb_elim +R60125 Coq.Bool.Bool.negb_elim +R60125 Coq.Bool.Bool.negb_elim +R60125 Coq.Bool.Bool.negb_elim +R60125 Coq.Bool.Bool.negb_elim +R60125 Coq.Bool.Bool.negb_elim +R60216 Coq.Init.Logic "x = y" type_scope +R60185 Integers.cmpu +R60191 AST.negate_comparison +R60218 Coq.Bool.Bool.negb +R60224 Integers.cmpu +R60285 Coq.Bool.Bool.negb_elim +R60285 Coq.Bool.Bool.negb_elim +R60285 Coq.Bool.Bool.negb_elim +R60285 Coq.Bool.Bool.negb_elim +R60285 Coq.Bool.Bool.negb_elim +R60285 Coq.Bool.Bool.negb_elim +R60285 Coq.Bool.Bool.negb_elim +R60370 Coq.Init.Logic "x = y" type_scope +R60342 Integers.cmp +R60347 AST.swap_comparison +R60372 Integers.cmp +R60431 Integers.eq_sym +R60431 Integers.eq_sym +R60452 Integers.eq_sym +R60452 Integers.eq_sym +R60530 Coq.Init.Logic "x = y" type_scope +R60501 Integers.cmpu +R60507 AST.swap_comparison +R60532 Integers.cmpu +R60592 Integers.eq_sym +R60592 Integers.eq_sym +R60613 Integers.eq_sym +R60613 Integers.eq_sym +R60688 Coq.Init.Logic "x = y" type_scope +R60665 Integers.eq +R60679 Integers.add +R60669 Integers.add +R60690 Integers.eq +R60732 Coqlib.zeq +R60750 Integers.unsigned +R60737 Integers.unsigned +R60732 Coqlib.zeq +R60750 Integers.unsigned +R60737 Integers.unsigned +R60802 Coqlib.zeq_true +R60802 Coqlib.zeq_true +R60820 Coqlib.zeq_false +R60820 Coqlib.zeq_false +R60873 Integers.eqm_small_eq +R60873 Integers.eqm_small_eq +R60914 Integers.unsigned +R60956 Coq.ZArith.BinInt "x - y" Z_scope +R60944 Coq.ZArith.BinInt "x + y" Z_scope +R60933 Integers.unsigned +R60946 Integers.unsigned +R60960 Integers.unsigned +R60914 Integers.unsigned +R60956 Coq.ZArith.BinInt "x - y" Z_scope +R60944 Coq.ZArith.BinInt "x + y" Z_scope +R60933 Integers.unsigned +R60946 Integers.unsigned +R60960 Integers.unsigned +R60984 Integers.unsigned +R61026 Coq.ZArith.BinInt "x - y" Z_scope +R61014 Coq.ZArith.BinInt "x + y" Z_scope +R61003 Integers.unsigned +R61016 Integers.unsigned +R61030 Integers.unsigned +R60984 Integers.unsigned +R61026 Coq.ZArith.BinInt "x - y" Z_scope +R61014 Coq.ZArith.BinInt "x + y" Z_scope +R61003 Integers.unsigned +R61016 Integers.unsigned +R61030 Integers.unsigned +R61051 Integers.eqm_sub +R61051 Integers.eqm_sub +R61082 Integers.unsigned +R61092 Integers.repr +R61109 Coq.ZArith.BinInt "x + y" Z_scope +R61098 Integers.unsigned +R61111 Integers.unsigned +R61066 Integers.eqm_trans +R61082 Integers.unsigned +R61092 Integers.repr +R61109 Coq.ZArith.BinInt "x + y" Z_scope +R61098 Integers.unsigned +R61111 Integers.unsigned +R61066 Integers.eqm_trans +R61167 Integers.unsigned +R61177 Integers.repr +R61194 Coq.ZArith.BinInt "x + y" Z_scope +R61183 Integers.unsigned +R61196 Integers.unsigned +R61151 Integers.eqm_trans +R61167 Integers.unsigned +R61177 Integers.repr +R61194 Coq.ZArith.BinInt "x + y" Z_scope +R61183 Integers.unsigned +R61196 Integers.unsigned +R61151 Integers.eqm_trans +R61453 Coq.Init.Logic "x = y" type_scope +R61430 Integers.lt +R61444 Integers.add +R61434 Integers.add +R61455 Integers.lt +R61388 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R61377 Integers.min_signed +R61400 Coq.ZArith.BinInt "x + y" Z_scope +R61391 Integers.signed +R61402 Integers.signed +R61400 Coq.ZArith.BinInt "x + y" Z_scope +R61391 Integers.signed +R61402 Integers.signed +R61414 Integers.max_signed +R61335 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R61324 Integers.min_signed +R61347 Coq.ZArith.BinInt "x + y" Z_scope +R61338 Integers.signed +R61349 Integers.signed +R61347 Coq.ZArith.BinInt "x + y" Z_scope +R61338 Integers.signed +R61349 Integers.signed +R61361 Integers.max_signed +R61495 Integers.add_signed +R61495 Integers.add_signed +R61495 Integers.add_signed +R61495 Integers.add_signed +R61535 Integers.signed_repr +R61535 Integers.signed_repr +R61535 Integers.signed_repr +R61535 Integers.signed_repr +R61535 Integers.signed_repr +R61535 Integers.signed_repr +R61560 Coqlib.zlt +R61576 Integers.signed +R61565 Integers.signed +R61560 Coqlib.zlt +R61576 Integers.signed +R61565 Integers.signed +R61603 Coqlib.zlt_true +R61603 Coqlib.zlt_true +R61628 Coqlib.zlt_false +R61628 Coqlib.zlt_false +R61827 Coq.Init.Logic "x = y" type_scope +R61801 Integers.cmp +R61818 Integers.add +R61808 Integers.add +R61829 Integers.cmp +R61759 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R61748 Integers.min_signed +R61771 Coq.ZArith.BinInt "x + y" Z_scope +R61762 Integers.signed +R61773 Integers.signed +R61771 Coq.ZArith.BinInt "x + y" Z_scope +R61762 Integers.signed +R61773 Integers.signed +R61785 Integers.max_signed +R61706 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R61695 Integers.min_signed +R61718 Coq.ZArith.BinInt "x + y" Z_scope +R61709 Integers.signed +R61720 Integers.signed +R61718 Coq.ZArith.BinInt "x + y" Z_scope +R61709 Integers.signed +R61720 Integers.signed +R61732 Integers.max_signed +R61879 Integers.translate_eq +R61879 Integers.translate_eq +R61908 Integers.translate_lt +R61908 Integers.translate_lt +R61908 Integers.translate_lt +R61908 Integers.translate_lt +R61908 Integers.translate_lt +R61908 Integers.translate_lt +R61908 Integers.translate_lt +R61908 Integers.translate_lt +R61994 Integers.is_true +R62003 Integers.notbool +R61980 Integers.is_false +R62163 Integers.is_false +R62173 Integers.notbool +R62150 Integers.is_true +R62251 Integers.eq_spec +R62261 Integers.zero +R62251 Integers.eq_spec +R62261 Integers.zero +R62274 Integers.eq +R62279 Integers.zero +R62274 Integers.eq +R62279 Integers.zero +FFloats +R121 Floats.float +R143 Floats.float +R175 Floats.float +R166 Floats.float +R206 Floats.float +R197 Floats.float +R247 Floats.float +R238 Floats.float +R285 Integers.int +R276 Floats.float +R319 Floats.float +R312 Integers.int +R356 Floats.float +R349 Integers.int +R397 Floats.float +R388 Floats.float +R379 Floats.float +R437 Floats.float +R428 Floats.float +R419 Floats.float +R477 Floats.float +R468 Floats.float +R459 Floats.float +R517 Floats.float +R508 Floats.float +R499 Floats.float +R572 Coq.Init.Datatypes.bool +R563 Floats.float +R554 Floats.float +R540 AST.comparison +R616 Coq.Init.Specif "{ A } + { B }" type_scope +R620 Coq.Init.Logic "x = y" type_scope +R632 Coq.Init.Logic "x <> y" type_scope +R608 Floats.float +R608 Floats.float +R684 Coq.Init.Logic "x = y" type_scope +R674 Floats.add +R686 Floats.add +R742 Coq.Init.Logic "x = y" type_scope +R732 Floats.sub +R744 Floats.add +R752 Floats.neg +R832 Coq.Init.Logic "x = y" type_scope +R800 Floats.singleoffloat +R815 Floats.singleoffloat +R834 Floats.singleoffloat +R897 Coq.Init.Logic "x = y" type_scope +R883 Floats.cmp +R887 AST.Cne +R899 Coq.Bool.Bool.negb +R905 Floats.cmp +R909 AST.Ceq +R969 Coq.Init.Logic "x = y" type_scope +R955 Floats.cmp +R959 AST.Cle +R985 Coq.Bool.Bool "x || y" bool_scope +R971 Floats.cmp +R975 AST.Clt +R988 Floats.cmp +R992 AST.Ceq +R1051 Coq.Init.Logic "x = y" type_scope +R1037 Floats.cmp +R1041 AST.Cge +R1067 Coq.Bool.Bool "x || y" bool_scope +R1053 Floats.cmp +R1057 AST.Cgt +R1070 Floats.cmp +R1074 AST.Ceq +R1124 Coq.Init.Logic "x = y" type_scope +R1106 Floats.cmp +R1119 Floats.zero +R1114 Floats.zero +R1110 AST.Ceq +R1126 Coq.Init.Datatypes.true +R1191 Coq.Init.Logic "x = y" type_scope +R1176 Floats.cmp +R1186 Floats.zero +R1180 AST.Ceq +R1193 Coq.Init.Datatypes.false +R1165 Coq.Init.Logic "x <> y" type_scope +R1168 Floats.zero +FValues +R118 Coq.ZArith.BinInt.Z +R144 Coqlib.zeq +R198 Integers.int +R221 Floats.float +R253 Integers.int +R244 Values.block +R284 Values.val +R291 Values.Vint +R296 Integers.zero +R323 Values.val +R330 Values.Vint +R335 Integers.one +R362 Values.val +R369 Values.Vint +R374 Integers.mone +R403 Values.val +R410 Values.Vint +R415 Integers.one +R443 Values.val +R450 Values.Vint +R455 Integers.zero +R509 Values.val +R537 Values.Vfalse +R526 Values.Vtrue +R502 Coq.Init.Datatypes.bool +R616 Values.Vundef +R629 Coq.Init.Logic.True +R638 Values.Vint +R646 AST.Tint +R654 Coq.Init.Logic.True +R663 Values.Vfloat +R673 AST.Tfloat +R683 Coq.Init.Logic.True +R692 Values.Vptr +R702 AST.Tint +R710 Coq.Init.Logic.True +R727 Coq.Init.Logic.False +R579 AST.typ +R570 Values.val +R784 Coq.Lists.List.list +R789 AST.typ +R769 Coq.Lists.List.list +R774 Values.val +R840 Coq.Lists.List.nil +R845 Coq.Lists.List.nil +R852 Coq.Init.Logic.True +R864 Coq.Lists.List "x :: y" list_scope +R874 Coq.Lists.List "x :: y" list_scope +R898 Coq.Init.Logic "A /\ B" type_scope +R883 Values.has_type +R933 Coq.Init.Logic.False +R784 Coq.Lists.List.list +R789 AST.typ +R769 Coq.Lists.List.list +R774 Values.val +R1004 Values.Vint +R1016 Coq.Init.Logic "x <> y" type_scope +R1019 Integers.zero +R1032 Values.Vptr +R1046 Coq.Init.Logic.True +R1060 Coq.Init.Logic.False +R970 Values.val +R1132 Values.Vint +R1144 Coq.Init.Logic "x = y" type_scope +R1146 Integers.zero +R1164 Coq.Init.Logic.False +R1098 Values.val +R1208 Coq.Init.Datatypes.bool +R1201 Values.val +R1304 Coq.Init.Datatypes.true +R1296 Values.Vint +R1268 Coq.Init.Logic "x <> y" type_scope +R1271 Integers.zero +R1370 Coq.Init.Datatypes.false +R1355 Values.Vint +R1360 Integers.zero +R1442 Coq.Init.Datatypes.true +R1430 Values.Vptr +R1475 Values.val +R1501 Values.Vint +R1511 Values.Vint +R1517 Integers.neg +R1537 Values.Vundef +R1468 Values.val +R1579 Values.val +R1605 Values.Vfloat +R1617 Values.Vfloat +R1625 Floats.neg +R1647 Values.Vundef +R1572 Values.val +R1689 Values.val +R1715 Values.Vfloat +R1727 Values.Vfloat +R1735 Floats.abs +R1757 Values.Vundef +R1682 Values.val +R1805 Values.val +R1831 Values.Vfloat +R1843 Values.Vint +R1849 Floats.intoffloat +R1878 Values.Vundef +R1798 Values.val +R1926 Values.val +R1952 Values.Vint +R1962 Values.Vfloat +R1970 Floats.floatofint +R1999 Values.Vundef +R1919 Values.val +R2048 Values.val +R2074 Values.Vint +R2084 Values.Vfloat +R2092 Floats.floatofintu +R2122 Values.Vundef +R2041 Values.val +R2166 Values.val +R2192 Values.Vint +R2202 Values.Vint +R2208 Integers.xor +R2218 Integers.mone +R2237 Values.Vundef +R2159 Values.val +R2282 Values.val +R2308 Values.Vint +R2318 Values.of_bool +R2327 Integers.eq +R2336 Integers.zero +R2350 Values.Vptr +R2364 Values.Vfalse +R2380 Values.Vundef +R2275 Values.val +R2429 Values.val +R2455 Values.Vint +R2465 Values.Vint +R2470 Integers.cast8signed +R2498 Values.Vundef +R2422 Values.val +R2549 Values.val +R2575 Values.Vint +R2585 Values.Vint +R2590 Integers.cast8unsigned +R2620 Values.Vundef +R2542 Values.val +R2670 Values.val +R2696 Values.Vint +R2706 Values.Vint +R2711 Integers.cast16signed +R2740 Values.Vundef +R2663 Values.val +R2792 Values.val +R2818 Values.Vint +R2828 Values.Vint +R2833 Integers.cast16unsigned +R2864 Values.Vundef +R2785 Values.val +R2915 Values.val +R2941 Values.Vfloat +R2953 Values.Vfloat +R2960 Floats.singleoffloat +R2992 Values.Vundef +R2908 Values.val +R3036 Values.val +R3067 Values.Vint +R3076 Values.Vint +R3087 Values.Vint +R3092 Integers.add +R3111 Values.Vptr +R3125 Values.Vint +R3136 Values.Vptr +R3145 Integers.add +R3166 Values.Vint +R3175 Values.Vptr +R3191 Values.Vptr +R3200 Integers.add +R3229 Values.Vundef +R3030 Values.val +R3030 Values.val +R3273 Values.val +R3304 Values.Vint +R3313 Values.Vint +R3324 Values.Vint +R3329 Integers.sub +R3348 Values.Vptr +R3362 Values.Vint +R3373 Values.Vptr +R3382 Integers.sub +R3403 Values.Vptr +R3417 Values.Vptr +R3442 Coqlib.zeq +R3486 Values.Vundef +R3457 Values.Vint +R3462 Integers.sub +R3505 Values.Vundef +R3267 Values.val +R3267 Values.val +R3549 Values.val +R3580 Values.Vint +R3589 Values.Vint +R3600 Values.Vint +R3605 Integers.mul +R3632 Values.Vundef +R3543 Values.val +R3543 Values.val +R3677 Values.val +R3708 Values.Vint +R3717 Values.Vint +R3737 Integers.eq +R3747 Integers.zero +R3773 Values.Vint +R3778 Integers.divs +R3761 Values.Vundef +R3806 Values.Vundef +R3671 Values.val +R3671 Values.val +R3851 Values.val +R3882 Values.Vint +R3891 Values.Vint +R3911 Integers.eq +R3921 Integers.zero +R3947 Values.Vint +R3952 Integers.mods +R3935 Values.Vundef +R3980 Values.Vundef +R3845 Values.val +R3845 Values.val +R4025 Values.val +R4056 Values.Vint +R4065 Values.Vint +R4085 Integers.eq +R4095 Integers.zero +R4121 Values.Vint +R4126 Integers.divu +R4109 Values.Vundef +R4154 Values.Vundef +R4019 Values.val +R4019 Values.val +R4199 Values.val +R4230 Values.Vint +R4239 Values.Vint +R4259 Integers.eq +R4269 Integers.zero +R4295 Values.Vint +R4300 Integers.modu +R4283 Values.Vundef +R4328 Values.Vundef +R4193 Values.val +R4193 Values.val +R4372 Values.val +R4403 Values.Vint +R4412 Values.Vint +R4423 Values.Vint +R4428 Integers.and +R4455 Values.Vundef +R4366 Values.val +R4366 Values.val +R4498 Values.val +R4529 Values.Vint +R4538 Values.Vint +R4549 Values.Vint +R4554 Integers.or +R4580 Values.Vundef +R4492 Values.val +R4492 Values.val +R4624 Values.val +R4655 Values.Vint +R4664 Values.Vint +R4675 Values.Vint +R4680 Integers.xor +R4707 Values.Vundef +R4618 Values.val +R4618 Values.val +R4751 Values.val +R4782 Values.Vint +R4791 Values.Vint +R4810 Integers.ltu +R4822 Integers.repr +R4875 Values.Vundef +R4845 Values.Vint +R4850 Integers.shl +R4894 Values.Vundef +R4745 Values.val +R4745 Values.val +R4938 Values.val +R4969 Values.Vint +R4978 Values.Vint +R4997 Integers.ltu +R5009 Integers.repr +R5062 Values.Vundef +R5032 Values.Vint +R5037 Integers.shr +R5081 Values.Vundef +R4932 Values.val +R4932 Values.val +R5131 Values.val +R5162 Values.Vint +R5171 Values.Vint +R5190 Integers.ltu +R5202 Integers.repr +R5261 Values.Vundef +R5225 Values.Vint +R5230 Integers.shr_carry +R5280 Values.Vundef +R5125 Values.val +R5125 Values.val +R5325 Values.val +R5356 Values.Vint +R5365 Values.Vint +R5384 Integers.ltu +R5396 Integers.repr +R5450 Values.Vundef +R5419 Values.Vint +R5424 Integers.shrx +R5469 Values.Vundef +R5319 Values.val +R5319 Values.val +R5514 Values.val +R5545 Values.Vint +R5554 Values.Vint +R5573 Integers.ltu +R5585 Integers.repr +R5639 Values.Vundef +R5608 Values.Vint +R5613 Integers.shru +R5658 Values.Vundef +R5508 Values.val +R5508 Values.val +R5718 Values.val +R5744 Values.Vint +R5754 Values.Vint +R5759 Integers.rolm +R5792 Values.Vundef +R5712 Integers.int +R5712 Integers.int +R5693 Values.val +R5837 Values.val +R5868 Values.Vfloat +R5879 Values.Vfloat +R5892 Values.Vfloat +R5899 Floats.add +R5928 Values.Vundef +R5831 Values.val +R5831 Values.val +R5973 Values.val +R6004 Values.Vfloat +R6015 Values.Vfloat +R6028 Values.Vfloat +R6035 Floats.sub +R6064 Values.Vundef +R5967 Values.val +R5967 Values.val +R6109 Values.val +R6140 Values.Vfloat +R6151 Values.Vfloat +R6164 Values.Vfloat +R6171 Floats.mul +R6200 Values.Vundef +R6103 Values.val +R6103 Values.val +R6245 Values.val +R6276 Values.Vfloat +R6287 Values.Vfloat +R6300 Values.Vfloat +R6307 Floats.div +R6336 Values.Vundef +R6239 Values.val +R6239 Values.val +R6392 Values.val +R6418 AST.Ceq +R6425 Values.Vfalse +R6436 AST.Cne +R6443 Values.Vtrue +R6460 Values.Vundef +R6379 AST.comparison +R6520 Values.val +R6551 Values.Vint +R6560 Values.Vint +R6571 Values.of_bool +R6580 Integers.cmp +R6601 Values.Vint +R6610 Values.Vptr +R6635 Integers.eq +R6645 Integers.zero +R6679 Values.Vundef +R6659 Values.cmp_mismatch +R6690 Values.Vptr +R6704 Values.Vptr +R6729 Coqlib.zeq +R6791 Values.cmp_mismatch +R6750 Values.of_bool +R6759 Integers.cmp +R6810 Values.Vptr +R6824 Values.Vint +R6844 Integers.eq +R6854 Integers.zero +R6888 Values.Vundef +R6868 Values.cmp_mismatch +R6907 Values.Vundef +R6514 Values.val +R6514 Values.val +R6494 AST.comparison +R6968 Values.val +R6999 Values.Vint +R7008 Values.Vint +R7025 Values.of_bool +R7034 Integers.cmpu +R7056 Values.Vint +R7065 Values.Vptr +R7090 Integers.eq +R7100 Integers.zero +R7134 Values.Vundef +R7114 Values.cmp_mismatch +R7145 Values.Vptr +R7159 Values.Vptr +R7184 Coqlib.zeq +R7247 Values.cmp_mismatch +R7205 Values.of_bool +R7214 Integers.cmpu +R7266 Values.Vptr +R7280 Values.Vint +R7300 Integers.eq +R7310 Integers.zero +R7344 Values.Vundef +R7324 Values.cmp_mismatch +R7363 Values.Vundef +R6962 Values.val +R6962 Values.val +R6942 AST.comparison +R7424 Values.val +R7455 Values.Vfloat +R7466 Values.Vfloat +R7479 Values.of_bool +R7488 Floats.cmp +R7519 Values.Vundef +R7418 Values.val +R7418 Values.val +R7398 AST.comparison +R7617 AST.Mint8signed +R7630 Values.Vint +R7640 Values.Vint +R7646 Integers.cast8signed +R7669 AST.Mint8unsigned +R7684 Values.Vint +R7694 Values.Vint +R7700 Integers.cast8unsigned +R7725 AST.Mint16signed +R7739 Values.Vint +R7749 Values.Vint +R7755 Integers.cast16signed +R7779 AST.Mint16unsigned +R7795 Values.Vint +R7805 Values.Vint +R7811 Integers.cast16unsigned +R7837 AST.Mint32 +R7845 Values.Vint +R7855 Values.Vint +R7866 AST.Mint32 +R7874 Values.Vptr +R7888 Values.Vptr +R7903 AST.Mfloat32 +R7913 Values.Vfloat +R7925 Values.Vfloat +R7932 Floats.singleoffloat +R7959 AST.Mfloat64 +R7969 Values.Vfloat +R7981 Values.Vfloat +R8002 Values.Vundef +R7583 Values.val +R7565 AST.memory_chunk +R8113 Coq.Init.Logic "x = y" type_scope +R8097 Values.cast8unsigned +R8115 Values.and +R8122 Values.Vint +R8127 Integers.repr +R8190 Integers.cast8unsigned_and +R8190 Integers.cast8unsigned_and +R8276 Coq.Init.Logic "x = y" type_scope +R8259 Values.cast16unsigned +R8278 Values.and +R8285 Values.Vint +R8290 Integers.repr +R8355 Integers.cast16unsigned_and +R8355 Integers.cast16unsigned_and +R8439 Values.is_true +R8448 Values.notbool +R8425 Values.is_false +R8606 Values.is_false +R8616 Values.notbool +R8593 Values.is_true +R8697 Integers.eq_spec +R8711 Integers.zero +R8697 Integers.eq_spec +R8711 Integers.zero +R8730 Integers.eq +R8739 Integers.zero +R8730 Integers.eq +R8739 Integers.zero +R8852 Values.bool_of_val +R8866 Coq.Init.Datatypes.true +R8839 Values.is_true +R9035 Values.is_true +R9013 Values.bool_of_val +R9027 Coq.Init.Datatypes.true +R9173 Coq.Init.Logic "x = y" type_scope +R9175 Coq.Init.Datatypes.true +R9152 Values.bool_of_val +R9139 Values.is_true +R9301 Values.bool_of_val +R9315 Coq.Init.Datatypes.false +R9287 Values.is_false +R9478 Values.is_false +R9455 Values.bool_of_val +R9469 Coq.Init.Datatypes.false +R9619 Coq.Init.Logic "x = y" type_scope +R9621 Coq.Init.Datatypes.false +R9598 Values.bool_of_val +R9584 Values.is_false +R9776 Coq.Init.Logic "x = y" type_scope +R9759 Values.of_bool +R9768 Coq.Bool.Bool.negb +R9778 Values.notbool +R9787 Values.of_bool +R9885 Coq.Init.Logic "x = y" type_scope +R9875 Values.of_bool +R9887 Values.notbool +R9896 Values.of_bool +R9905 Coq.Bool.Bool.negb +R10018 Coq.Init.Logic "x = y" type_scope +R9990 Values.notbool +R9998 Values.notbool +R10006 Values.of_bool +R10020 Values.of_bool +R10134 Coq.Init.Logic "x = y" type_scope +R10106 Values.notbool +R10114 Values.notbool +R10122 Values.notbool +R10136 Values.notbool +R10190 Integers.eq +R10199 Integers.zero +R10190 Integers.eq +R10199 Integers.zero +R10269 Coq.Init.Logic "x = y" type_scope +R10261 Values.add +R10271 Values.add +R10341 Integers.add_commut +R10341 Integers.add_commut +R10412 Coq.Init.Logic "x = y" type_scope +R10396 Values.add +R10401 Values.add +R10414 Values.add +R10421 Values.add +R10499 Integers.add_assoc +R10499 Integers.add_assoc +R10530 Integers.add_assoc +R10530 Integers.add_assoc +R10573 Integers.add_commut +R10573 Integers.add_commut +R10606 Integers.add_commut +R10606 Integers.add_commut +R10633 Integers.add_assoc +R10633 Integers.add_assoc +R10664 Integers.add_commut +R10664 Integers.add_commut +R10697 Integers.add_assoc +R10697 Integers.add_assoc +R10774 Coq.Init.Logic "x = y" type_scope +R10758 Values.add +R10765 Values.add +R10776 Values.add +R10783 Values.add +R10819 Values.add_commut +R10819 Values.add_commut +R10847 Values.add_assoc +R10847 Values.add_assoc +R10864 Values.add_commut +R10864 Values.add_commut +R10946 Coq.Init.Logic "x = y" type_scope +R10922 Values.add +R10937 Values.add +R10927 Values.add +R10948 Values.add +R10963 Values.add +R10953 Values.add +R10998 Values.add_permut +R10998 Values.add_permut +R11018 Values.add_assoc +R11018 Values.add_assoc +R11040 Values.add_permut +R11040 Values.add_permut +R11068 Values.add_assoc +R11068 Values.add_assoc +R11114 Coq.Init.Logic "x = y" type_scope +R11104 Values.neg +R11108 Values.Vzero +R11116 Values.Vzero +R11199 Coq.Init.Logic "x = y" type_scope +R11186 Values.neg +R11190 Values.add +R11201 Values.add +R11214 Values.neg +R11206 Values.neg +R11281 Integers.neg_add_distr +R11281 Integers.neg_add_distr +R11348 Coq.Init.Logic "x = y" type_scope +R11336 Values.sub +R11340 Values.Vzero +R11350 Values.neg +R11446 Coq.Init.Logic "x = y" type_scope +R11431 Values.sub +R11438 Values.Vint +R11448 Values.add +R11455 Values.Vint +R11461 Integers.neg +R11525 Integers.sub_add_opp +R11525 Integers.sub_add_opp +R11525 Integers.sub_add_opp +R11616 Coq.Init.Logic "x = y" type_scope +R11591 Values.sub +R11596 Values.add +R11604 Values.Vint +R11618 Values.add +R11635 Values.Vint +R11623 Values.sub +R11710 Integers.sub_add_l +R11710 Integers.sub_add_l +R11741 Integers.sub_add_l +R11741 Integers.sub_add_l +R11770 Coqlib.zeq +R11770 Coqlib.zeq +R11796 Integers.sub_add_l +R11796 Integers.sub_add_l +R11898 Coq.Init.Logic "x = y" type_scope +R11873 Values.sub +R11881 Values.add +R11889 Values.Vint +R11900 Values.add +R11917 Values.Vint +R11923 Integers.neg +R11905 Values.sub +R12002 Integers.sub_add_r +R12002 Integers.sub_add_r +R12040 Integers.sub_add_opp +R12040 Integers.sub_add_opp +R12040 Integers.sub_add_opp +R12040 Integers.sub_add_opp +R12082 Integers.add_assoc +R12082 Integers.add_assoc +R12082 Integers.add_assoc +R12082 Integers.add_assoc +R12110 Integers.add_commut +R12110 Integers.add_commut +R12150 Integers.sub_add_opp +R12150 Integers.sub_add_opp +R12150 Integers.sub_add_opp +R12150 Integers.sub_add_opp +R12178 Integers.add_assoc +R12178 Integers.add_assoc +R12206 Integers.neg_add_distr +R12206 Integers.neg_add_distr +R12233 Coqlib.zeq +R12233 Coqlib.zeq +R12283 Integers.sub_add_opp +R12283 Integers.sub_add_opp +R12283 Integers.sub_add_opp +R12283 Integers.sub_add_opp +R12308 Integers.add_assoc +R12308 Integers.add_assoc +R12338 Integers.neg_add_distr +R12338 Integers.neg_add_distr +R12418 Coq.Init.Logic "x = y" type_scope +R12410 Values.mul +R12420 Values.mul +R12488 Integers.mul_commut +R12488 Integers.mul_commut +R12559 Coq.Init.Logic "x = y" type_scope +R12543 Values.mul +R12548 Values.mul +R12561 Values.mul +R12568 Values.mul +R12651 Integers.mul_assoc +R12651 Integers.mul_assoc +R12729 Coq.Init.Logic "x = y" type_scope +R12713 Values.mul +R12718 Values.add +R12731 Values.add +R12746 Values.mul +R12736 Values.mul +R12829 Integers.mul_add_distr_l +R12829 Integers.mul_add_distr_l +R12914 Coq.Init.Logic "x = y" type_scope +R12898 Values.mul +R12905 Values.add +R12916 Values.add +R12931 Values.mul +R12921 Values.mul +R13014 Integers.mul_add_distr_r +R13014 Integers.mul_add_distr_r +R13128 Coq.Init.Logic "x = y" type_scope +R13113 Values.mul +R13120 Values.Vint +R13130 Values.shl +R13137 Values.Vint +R13096 Coq.Init.Logic "x = y" type_scope +R13080 Integers.is_power2 +R13098 Coq.Init.Datatypes.Some +R13209 Coq.ZArith.BinInt.Z_of_nat +R13218 Integers.wordsize +R13209 Coq.ZArith.BinInt.Z_of_nat +R13218 Integers.wordsize +R13240 Integers.is_power2_range +R13240 Integers.is_power2_range +R13281 Integers.mul_pow2 +R13281 Integers.mul_pow2 +R13351 Coq.Init.Logic "x = y" type_scope +R13342 Values.mods +R13353 Values.sub +R13360 Values.mul +R13365 Values.divs +R13433 Integers.eq +R13443 Integers.zero +R13433 Integers.eq +R13443 Integers.zero +R13480 Integers.mods_divs +R13480 Integers.mods_divs +R13543 Coq.Init.Logic "x = y" type_scope +R13534 Values.modu +R13545 Values.sub +R13552 Values.mul +R13557 Values.divu +R13631 Integers.eq_spec +R13646 Integers.zero +R13665 Integers.eq +R13675 Integers.zero +R13631 Integers.eq_spec +R13646 Integers.zero +R13665 Integers.eq +R13675 Integers.zero +R13722 Integers.modu_divu +R13722 Integers.modu_divu +R13838 Coq.Init.Logic "x = y" type_scope +R13822 Values.divs +R13830 Values.Vint +R13840 Values.shrx +R13848 Values.Vint +R13805 Coq.Init.Logic "x = y" type_scope +R13789 Integers.is_power2 +R13807 Coq.Init.Datatypes.Some +R13920 Coq.ZArith.BinInt.Z_of_nat +R13929 Integers.wordsize +R13920 Coq.ZArith.BinInt.Z_of_nat +R13929 Integers.wordsize +R13951 Integers.is_power2_range +R13951 Integers.is_power2_range +R13994 Integers.eq_spec +R14008 Integers.zero +R14027 Integers.eq +R14036 Integers.zero +R13994 Integers.eq_spec +R14008 Integers.zero +R14027 Integers.eq +R14036 Integers.zero +R14108 Integers.divs_pow2 +R14108 Integers.divs_pow2 +R14224 Coq.Init.Logic "x = y" type_scope +R14208 Values.divu +R14216 Values.Vint +R14226 Values.shru +R14234 Values.Vint +R14191 Coq.Init.Logic "x = y" type_scope +R14175 Integers.is_power2 +R14193 Coq.Init.Datatypes.Some +R14306 Coq.ZArith.BinInt.Z_of_nat +R14315 Integers.wordsize +R14306 Coq.ZArith.BinInt.Z_of_nat +R14315 Integers.wordsize +R14337 Integers.is_power2_range +R14337 Integers.is_power2_range +R14380 Integers.eq_spec +R14394 Integers.zero +R14413 Integers.eq +R14422 Integers.zero +R14380 Integers.eq_spec +R14394 Integers.zero +R14413 Integers.eq +R14422 Integers.zero +R14494 Integers.divu_pow2 +R14494 Integers.divu_pow2 +R14610 Coq.Init.Logic "x = y" type_scope +R14594 Values.modu +R14602 Values.Vint +R14612 Values.and +R14619 Values.Vint +R14625 Integers.sub +R14635 Integers.one +R14577 Coq.Init.Logic "x = y" type_scope +R14561 Integers.is_power2 +R14579 Coq.Init.Datatypes.Some +R14702 Integers.eq_spec +R14716 Integers.zero +R14735 Integers.eq +R14744 Integers.zero +R14702 Integers.eq_spec +R14716 Integers.zero +R14735 Integers.eq +R14744 Integers.zero +R14817 Integers.modu_and +R14817 Integers.modu_and +R14884 Coq.Init.Logic "x = y" type_scope +R14876 Values.and +R14886 Values.and +R14954 Integers.and_commut +R14954 Integers.and_commut +R15025 Coq.Init.Logic "x = y" type_scope +R15009 Values.and +R15014 Values.and +R15027 Values.and +R15034 Values.and +R15117 Integers.and_assoc +R15117 Integers.and_assoc +R15176 Coq.Init.Logic "x = y" type_scope +R15169 Values.or +R15178 Values.or +R15245 Integers.or_commut +R15245 Integers.or_commut +R15312 Coq.Init.Logic "x = y" type_scope +R15298 Values.or +R15302 Values.or +R15314 Values.or +R15320 Values.or +R15402 Integers.or_assoc +R15402 Integers.or_assoc +R15462 Coq.Init.Logic "x = y" type_scope +R15454 Values.xor +R15464 Values.xor +R15532 Integers.xor_commut +R15532 Integers.xor_commut +R15603 Coq.Init.Logic "x = y" type_scope +R15587 Values.xor +R15592 Values.xor +R15605 Values.xor +R15612 Values.xor +R15695 Integers.xor_assoc +R15695 Integers.xor_assoc +R15772 Coq.Init.Logic "x = y" type_scope +R15745 Values.mul +R15756 Values.shl +R15764 Values.Vone +R15774 Values.shl +R15842 Integers.ltu +R15854 Integers.repr +R15842 Integers.ltu +R15854 Integers.repr +R15900 Integers.shl_mul +R15900 Integers.shl_mul +R16004 Coq.Init.Logic "x = y" type_scope +R15989 Values.shl +R15996 Values.Vint +R16006 Values.rolm +R16016 Integers.shl +R16024 Integers.mone +R15977 Coq.Init.Logic "x = y" type_scope +R15953 Integers.ltu +R15964 Integers.repr +R15979 Coq.Init.Datatypes.true +R16105 Integers.shl_rolm +R16105 Integers.shl_rolm +R16221 Coq.Init.Logic "x = y" type_scope +R16205 Values.shru +R16213 Values.Vint +R16223 Values.rolm +R16257 Integers.shru +R16266 Integers.mone +R16231 Integers.sub +R16240 Integers.repr +R16193 Coq.Init.Logic "x = y" type_scope +R16169 Integers.ltu +R16180 Integers.repr +R16195 Coq.Init.Datatypes.true +R16347 Integers.shru_rolm +R16347 Integers.shru_rolm +R16443 Coq.Init.Logic "x = y" type_scope +R16413 Values.add +R16428 Values.shr_carry +R16418 Values.shr +R16445 Values.shrx +R16509 Integers.ltu +R16521 Integers.repr +R16509 Integers.ltu +R16521 Integers.repr +R16564 Integers.shrx_carry +R16564 Integers.shrx_carry +R16656 Coq.Init.Logic "x = y" type_scope +R16625 Values.or +R16643 Values.rolm +R16629 Values.rolm +R16658 Values.rolm +R16668 Integers.or +R16740 Integers.or_rolm +R16740 Integers.or_rolm +R16830 Coq.Init.Logic "x = y" type_scope +R16804 Values.rolm +R16810 Values.rolm +R16836 Values.rolm +R16895 Integers.and +R16904 Integers.rol +R16844 Integers.and +R16869 Integers.repr +R16853 Integers.add +R16987 Integers.and +R17012 Integers.repr +R16996 Integers.add +R17037 Integers.modu +R17063 Integers.repr +R17047 Integers.add +R16987 Integers.and +R17012 Integers.repr +R16996 Integers.add +R17037 Integers.modu +R17063 Integers.repr +R17047 Integers.add +R17086 Integers.rolm_rolm +R17086 Integers.rolm_rolm +R17130 Integers.sub +R17152 Integers.one +R17139 Integers.repr +R17111 Integers.repr +R17130 Integers.sub +R17152 Integers.one +R17139 Integers.repr +R17111 Integers.repr +R17189 Integers.repr +R17170 Integers.modu_and +R17189 Integers.repr +R17170 Integers.modu_and +R17274 Coq.Init.Logic "x = y" type_scope +R17256 Values.rolm +R17263 Integers.zero +R17276 Values.and +R17283 Values.Vint +R17347 Integers.rolm_zero +R17347 Integers.rolm_zero +R17410 Coq.Init.Logic "x = y" type_scope +R17401 Values.addf +R17412 Values.addf +R17481 Floats.addf_commut +R17481 Floats.addf_commut +R17582 Coq.Init.Logic "x = y" type_scope +R17547 Values.cmp_mismatch +R17561 AST.negate_comparison +R17584 Values.notbool +R17592 Values.cmp_mismatch +R17717 Coq.Init.Logic "x = y" type_scope +R17687 Values.cmp +R17692 AST.negate_comparison +R17719 Values.notbool +R17728 Values.cmp +R17796 Integers.negate_cmp +R17796 Integers.negate_cmp +R17818 Values.notbool_negb_1 +R17818 Values.notbool_negb_1 +R17842 Integers.eq +R17851 Integers.zero +R17842 Integers.eq +R17851 Integers.zero +R17868 Values.negate_cmp_mismatch +R17868 Values.negate_cmp_mismatch +R17910 Integers.eq +R17920 Integers.zero +R17910 Integers.eq +R17920 Integers.zero +R17937 Values.negate_cmp_mismatch +R17937 Values.negate_cmp_mismatch +R17979 Coqlib.zeq +R17979 Coqlib.zeq +R18007 Integers.negate_cmp +R18007 Integers.negate_cmp +R18029 Values.notbool_negb_1 +R18029 Values.notbool_negb_1 +R18053 Values.negate_cmp_mismatch +R18053 Values.negate_cmp_mismatch +R18150 Coq.Init.Logic "x = y" type_scope +R18119 Values.cmpu +R18125 AST.negate_comparison +R18152 Values.notbool +R18161 Values.cmpu +R18230 Integers.negate_cmpu +R18230 Integers.negate_cmpu +R18253 Values.notbool_negb_1 +R18253 Values.notbool_negb_1 +R18277 Integers.eq +R18286 Integers.zero +R18277 Integers.eq +R18286 Integers.zero +R18303 Values.negate_cmp_mismatch +R18303 Values.negate_cmp_mismatch +R18345 Integers.eq +R18355 Integers.zero +R18345 Integers.eq +R18355 Integers.zero +R18372 Values.negate_cmp_mismatch +R18372 Values.negate_cmp_mismatch +R18414 Coqlib.zeq +R18414 Coqlib.zeq +R18442 Integers.negate_cmpu +R18442 Integers.negate_cmpu +R18465 Values.notbool_negb_1 +R18465 Values.notbool_negb_1 +R18489 Values.negate_cmp_mismatch +R18489 Values.negate_cmp_mismatch +R18586 Coq.Init.Logic "x = y" type_scope +R18553 Values.cmp_mismatch +R18567 AST.swap_comparison +R18588 Values.cmp_mismatch +R18710 Coq.Init.Logic "x = y" type_scope +R18682 Values.cmp +R18687 AST.swap_comparison +R18712 Values.cmp +R18779 Integers.swap_cmp +R18779 Integers.swap_cmp +R18807 Integers.eq +R18816 Integers.zero +R18807 Integers.eq +R18816 Integers.zero +R18833 Values.swap_cmp_mismatch +R18833 Values.swap_cmp_mismatch +R18866 Integers.eq +R18876 Integers.zero +R18866 Integers.eq +R18876 Integers.zero +R18893 Values.swap_cmp_mismatch +R18893 Values.swap_cmp_mismatch +R18926 Coqlib.zeq +R18926 Coqlib.zeq +R18964 Coqlib.zeq_true +R18964 Coqlib.zeq_true +R18982 Integers.swap_cmp +R18982 Integers.swap_cmp +R19012 Coqlib.zeq_false +R19012 Coqlib.zeq_false +R19029 Values.swap_cmp_mismatch +R19029 Values.swap_cmp_mismatch +R19126 Coq.Init.Logic "x = y" type_scope +R19097 Values.cmpu +R19103 AST.swap_comparison +R19128 Values.cmpu +R19196 Integers.swap_cmpu +R19196 Integers.swap_cmpu +R19225 Integers.eq +R19234 Integers.zero +R19225 Integers.eq +R19234 Integers.zero +R19251 Values.swap_cmp_mismatch +R19251 Values.swap_cmp_mismatch +R19284 Integers.eq +R19294 Integers.zero +R19284 Integers.eq +R19294 Integers.zero +R19311 Values.swap_cmp_mismatch +R19311 Values.swap_cmp_mismatch +R19344 Coqlib.zeq +R19344 Coqlib.zeq +R19382 Coqlib.zeq_true +R19382 Coqlib.zeq_true +R19400 Integers.swap_cmpu +R19400 Integers.swap_cmpu +R19431 Coqlib.zeq_false +R19431 Coqlib.zeq_false +R19448 Values.swap_cmp_mismatch +R19448 Values.swap_cmp_mismatch +R19544 Coq.Init.Logic "x = y" type_scope +R19519 Values.notbool +R19528 Values.cmpf +R19533 AST.Cne +R19546 Values.cmpf +R19551 AST.Ceq +R19620 Floats.cmp_ne_eq +R19620 Floats.cmp_ne_eq +R19645 Values.notbool_negb_1 +R19645 Values.notbool_negb_1 +R19670 Values.notbool_idem2 +R19670 Values.notbool_idem2 +R19754 Coq.Init.Logic "x = y" type_scope +R19725 Values.or +R19742 Values.of_bool +R19729 Values.of_bool +R19756 Values.of_bool +R19768 Coq.Bool.Bool "x || y" bool_scope +R19878 Coq.Init.Logic "x = y" type_scope +R19863 Values.cmpf +R19868 AST.Cle +R19880 Values.or +R19901 Values.cmpf +R19906 AST.Ceq +R19884 Values.cmpf +R19889 AST.Clt +R19976 Values.or_of_bool +R19976 Values.or_of_bool +R20001 Floats.cmp_le_lt_eq +R20001 Floats.cmp_le_lt_eq +R20075 Coq.Init.Logic "x = y" type_scope +R20060 Values.cmpf +R20065 AST.Cge +R20077 Values.or +R20098 Values.cmpf +R20103 AST.Ceq +R20081 Values.cmpf +R20086 AST.Cgt +R20173 Values.or_of_bool +R20173 Values.or_of_bool +R20198 Floats.cmp_ge_gt_eq +R20198 Floats.cmp_ge_gt_eq +R20268 Coq.Init.Logic "A \/ B" type_scope +R20259 Coq.Init.Logic "x = y" type_scope +R20261 Values.Vundef +R20281 Coq.Init.Logic "A \/ B" type_scope +R20273 Coq.Init.Logic "x = y" type_scope +R20275 Values.Vtrue +R20286 Coq.Init.Logic "x = y" type_scope +R20288 Values.Vfalse +R20247 Values.val +R20332 Values.is_bool +R20341 Values.of_bool +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R20431 Values.is_bool +R20439 Values.Vundef +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R20525 Values.is_bool +R20534 Values.cmp_mismatch +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R20645 Values.is_bool +R20654 Values.cmp +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20720 Values.undef_is_bool +R20743 Values.of_bool_is_bool +R20743 Values.of_bool_is_bool +R20768 Integers.eq +R20777 Integers.zero +R20768 Integers.eq +R20777 Integers.zero +R20794 Values.cmp_mismatch_is_bool +R20794 Values.cmp_mismatch_is_bool +R20822 Values.undef_is_bool +R20822 Values.undef_is_bool +R20845 Integers.eq +R20855 Integers.zero +R20845 Integers.eq +R20855 Integers.zero +R20872 Values.cmp_mismatch_is_bool +R20872 Values.cmp_mismatch_is_bool +R20900 Values.undef_is_bool +R20900 Values.undef_is_bool +R20923 Coqlib.zeq +R20923 Coqlib.zeq +R20947 Values.of_bool_is_bool +R20947 Values.of_bool_is_bool +R20970 Values.cmp_mismatch_is_bool +R20970 Values.cmp_mismatch_is_bool +R21036 Values.is_bool +R21045 Values.cmpu +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21112 Values.undef_is_bool +R21135 Values.of_bool_is_bool +R21135 Values.of_bool_is_bool +R21160 Integers.eq +R21169 Integers.zero +R21160 Integers.eq +R21169 Integers.zero +R21186 Values.cmp_mismatch_is_bool +R21186 Values.cmp_mismatch_is_bool +R21214 Values.undef_is_bool +R21214 Values.undef_is_bool +R21237 Integers.eq +R21247 Integers.zero +R21237 Integers.eq +R21247 Integers.zero +R21264 Values.cmp_mismatch_is_bool +R21264 Values.cmp_mismatch_is_bool +R21292 Values.undef_is_bool +R21292 Values.undef_is_bool +R21315 Coqlib.zeq +R21315 Coqlib.zeq +R21339 Values.of_bool_is_bool +R21339 Values.of_bool_is_bool +R21362 Values.cmp_mismatch_is_bool +R21362 Values.cmp_mismatch_is_bool +R21428 Values.is_bool +R21437 Values.cmpf +R21525 Values.of_bool_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21525 Values.of_bool_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21502 Values.undef_is_bool +R21583 Values.is_bool +R21592 Values.notbool +R21640 Values.undef_is_bool +R21640 Values.undef_is_bool +R21661 Values.of_bool_is_bool +R21661 Values.of_bool_is_bool +R21687 Values.undef_is_bool +R21687 Values.undef_is_bool +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R21777 Coq.Init.Logic "x = y" type_scope +R21779 Values.xor +R21795 Values.Vone +R21784 Values.notbool +R21762 Values.is_bool +FMem +R191 Coq.ZArith.BinInt.Z +R215 Coqlib.zeq +R181 Coq.ZArith.BinInt.Z +R167 Coq.ZArith.BinInt.Z +R351 Coq.Init.Logic "x = y" type_scope +R336 Mem.update +R325 Coq.ZArith.BinInt.Z +R311 Coq.ZArith.BinInt.Z +R394 Coqlib.zeq_true +R394 Coqlib.zeq_true +R505 Coq.Init.Logic "x = y" type_scope +R490 Mem.update +R482 Coq.Init.Logic "x <> y" type_scope +R474 Coq.ZArith.BinInt.Z +R462 Coq.ZArith.BinInt.Z +R448 Coq.ZArith.BinInt.Z +R550 Coqlib.zeq_false +R550 Coqlib.zeq_false +R631 Values.val +R659 Values.val +R687 Values.val +R715 Values.val +R786 Mem.content +R781 Coq.ZArith.BinInt.Z +R844 Coq.ZArith.BinInt.Z +R855 Coq.ZArith.BinInt.Z +R870 Mem.contentmap +R952 Coq.Init.Logic "x = y" type_scope +R954 Mem.Undef +R921 Coq.Init.Logic "A \/ B" type_scope +R915 Coq.ZArith.BinInt "x < y" Z_scope +R928 Coq.ZArith.BinInt "x >= y" Z_scope +R1007 Mem.block_contents +R1002 Coq.ZArith.BinInt.Z +R1036 Values.block +R1070 Coq.ZArith.BinInt "x > y" Z_scope +R1267 Mem.Size8 +R1282 Mem.Size16 +R1298 Mem.Size32 +R1314 Mem.Size64 +R1231 Mem.memory_size +R1403 AST.Mint8signed +R1418 Mem.Size8 +R1428 AST.Mint8unsigned +R1445 Mem.Size8 +R1455 AST.Mint16signed +R1471 Mem.Size16 +R1482 AST.Mint16unsigned +R1500 Mem.Size16 +R1511 AST.Mint32 +R1521 Mem.Size32 +R1532 AST.Mfloat32 +R1544 Mem.Size32 +R1555 AST.Mfloat64 +R1567 Mem.Size64 +R1363 AST.memory_chunk +R1629 Mem.size_mem +R1639 Mem.mem_chunk +R1612 AST.memory_chunk +R1702 Coq.ZArith.BinInt "x > y" Z_scope +R1821 Coq.Init.Logic "x = y" type_scope +R1810 Mem.Undef +R1823 Mem.Undef +R1784 Coq.Init.Logic "A \/ B" type_scope +R1779 Coq.ZArith.BinInt "x < y" Z_scope +R1791 Coq.ZArith.BinInt "x >= y" Z_scope +R1887 Mem.block_contents +R1907 Mem.mkblock +R1939 Mem.undef_undef_outside +R1931 Mem.Undef +R1882 Coq.ZArith.BinInt.Z +R1882 Coq.ZArith.BinInt.Z +R1986 Mem.mem +R1995 Mem.mkmem +R2030 Mem.one_pos +R2011 Mem.empty_block +R2060 Values.block +R2178 Coq.ZArith.BinInt "x > y" Z_scope +R2158 Coq.ZArith.BinInt.Zsucc +R2167 Mem.nextblock +R2209 Mem.nextblock_pos +R2209 Mem.nextblock_pos +R2282 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2283 Mem.mkmem +R2419 Mem.succ_nextblock_pos +R2388 Coq.ZArith.BinInt.Zsucc +R2397 Mem.nextblock +R2290 Mem.update +R2369 Mem.blocks +R2330 Mem.empty_block +R2300 Mem.nextblock +R2448 Mem.nextblock +R2274 Coq.ZArith.BinInt.Z +R2274 Coq.ZArith.BinInt.Z +R2261 Mem.mem +R2544 Mem.mkmem +R2656 Mem.nextblock_pos +R2634 Mem.nextblock +R2551 Mem.update +R2614 Mem.blocks +R2578 Mem.empty_block +R2532 Values.block +R2523 Mem.mem +R2764 Coq.Lists.List.fold_right +R2792 Mem.free +R2747 Coq.Lists.List.list +R2752 Values.block +R2739 Mem.mem +R2964 Mem.low +R2972 Mem.blocks +R2952 Values.block +R2943 Mem.mem +R3031 Mem.high +R3040 Mem.blocks +R3019 Values.block +R3010 Mem.mem +R3163 Coq.ZArith.BinInt "x < y" Z_scope +R3168 Mem.nextblock +R3149 Values.block +R3140 Mem.mem +R3310 Coq.Init.Datatypes.bool +R3285 Mem.contentmap +R3278 Coq.ZArith.BinInt.Z +R3269 Coq.Init.Datatypes.nat +R3337 Coq.Init.Datatypes.O +R3342 Coq.Init.Datatypes.true +R3351 Coq.Init.Datatypes.S +R3388 Mem.Cont +R3413 Coq.ZArith.BinInt "x + y" Z_scope +R3433 Coq.Init.Datatypes.false +R3285 Mem.contentmap +R3278 Coq.ZArith.BinInt.Z +R3269 Coq.Init.Datatypes.nat +R3507 Mem.content +R3523 Mem.check_cont +R3539 Coq.ZArith.BinInt "x + y" Z_scope +R3560 Mem.Undef +R3493 Mem.contentmap +R3486 Coq.ZArith.BinInt.Z +R3477 Coq.Init.Datatypes.nat +R3631 Mem.contentmap +R3606 Mem.contentmap +R3599 Coq.ZArith.BinInt.Z +R3590 Coq.Init.Datatypes.nat +R3664 Coq.Init.Datatypes.O +R3675 Coq.Init.Datatypes.S +R3683 Mem.update +R3713 Coq.ZArith.BinInt "x + y" Z_scope +R3692 Mem.Cont +R3606 Mem.contentmap +R3599 Coq.ZArith.BinInt.Z +R3590 Coq.Init.Datatypes.nat +R3792 Mem.contentmap +R3808 Mem.update +R3820 Mem.set_cont +R3834 Coq.ZArith.BinInt "x + y" Z_scope +R3778 Mem.contentmap +R3765 Mem.content +R3758 Coq.ZArith.BinInt.Z +R3749 Coq.Init.Datatypes.nat +R3957 Coq.Init.Logic "x = y" type_scope +R3940 Mem.check_cont +R3959 Coq.Init.Datatypes.true +R3927 Coq.Init.Logic "x = y" type_scope +R3929 Mem.Cont +R3898 Coq.ZArith.BinInt "x <= y < z" Z_scope +R3907 Coq.ZArith.BinInt "x + y" Z_scope +R3909 Coq.ZArith.BinInt.Z_of_nat +R4069 Coq.ZArith.Znat.inj_S +R4069 Coq.ZArith.Znat.inj_S +R4093 Coq.ZArith.Znat.inj_S +R4093 Coq.ZArith.Znat.inj_S +R4127 Mem.check_cont_true +R4256 Coq.Init.Logic "x = y" type_scope +R4258 Mem.Cont +R4227 Coq.ZArith.BinInt "x <= y < z" Z_scope +R4236 Coq.ZArith.BinInt "x + y" Z_scope +R4238 Coq.ZArith.BinInt.Z_of_nat +R4202 Coq.Init.Logic "x = y" type_scope +R4185 Mem.check_cont +R4204 Coq.Init.Datatypes.true +R4376 Mem.check_cont +R4376 Mem.check_cont +R4447 Coq.Init.Logic "A \/ B" type_scope +R4443 Coq.Init.Logic "x = y" type_scope +R4456 Coq.ZArith.BinInt "x <= y < z" Z_scope +R4452 Coq.ZArith.BinInt "x + y" Z_scope +R4469 Coq.ZArith.BinInt "x + y" Z_scope +R4466 Coq.ZArith.BinInt "x + y" Z_scope +R4473 Coq.ZArith.BinInt.Z_of_nat +R4447 Coq.Init.Logic "A \/ B" type_scope +R4443 Coq.Init.Logic "x = y" type_scope +R4456 Coq.ZArith.BinInt "x <= y < z" Z_scope +R4452 Coq.ZArith.BinInt "x + y" Z_scope +R4469 Coq.ZArith.BinInt "x + y" Z_scope +R4466 Coq.ZArith.BinInt "x + y" Z_scope +R4473 Coq.ZArith.BinInt.Z_of_nat +R4498 Coq.ZArith.Znat.inj_S +R4498 Coq.ZArith.Znat.inj_S +R4574 Coq.ZArith.BinInt "x + y" Z_scope +R4574 Coq.ZArith.BinInt "x + y" Z_scope +R4605 Mem.check_cont_inv +R4729 Coq.Init.Logic "x = y" type_scope +R4712 Mem.check_cont +R4731 Coq.Init.Datatypes.false +R4699 Coq.Init.Logic "x <> y" type_scope +R4702 Mem.Cont +R4668 Coq.ZArith.BinInt "x <= y < z" Z_scope +R4677 Coq.ZArith.BinInt "x + y" Z_scope +R4679 Coq.ZArith.BinInt.Z_of_nat +R4763 Mem.check_cont +R4763 Mem.check_cont +R4803 Mem.check_cont_inv +R4803 Mem.check_cont_inv +R4882 Mem.check_cont_false +R4992 Coq.Init.Logic "x = y" type_scope +R4974 Mem.set_cont +R4994 Mem.Cont +R4946 Coq.ZArith.BinInt "x <= y < z" Z_scope +R4955 Coq.ZArith.BinInt "x + y" Z_scope +R4957 Coq.ZArith.BinInt.Z_of_nat +R5100 Coq.Init.Logic "A \/ B" type_scope +R5096 Coq.Init.Logic "x = y" type_scope +R5109 Coq.ZArith.BinInt "x <= y < z" Z_scope +R5105 Coq.ZArith.BinInt "x + y" Z_scope +R5122 Coq.ZArith.BinInt "x + y" Z_scope +R5119 Coq.ZArith.BinInt "x + y" Z_scope +R5126 Coq.ZArith.BinInt.Z_of_nat +R5100 Coq.Init.Logic "A \/ B" type_scope +R5096 Coq.Init.Logic "x = y" type_scope +R5109 Coq.ZArith.BinInt "x <= y < z" Z_scope +R5105 Coq.ZArith.BinInt "x + y" Z_scope +R5122 Coq.ZArith.BinInt "x + y" Z_scope +R5119 Coq.ZArith.BinInt "x + y" Z_scope +R5126 Coq.ZArith.BinInt.Z_of_nat +R5151 Coq.ZArith.Znat.inj_S +R5151 Coq.ZArith.Znat.inj_S +R5206 Mem.update_s +R5206 Mem.update_s +R5226 Mem.update_o +R5226 Mem.update_o +R5304 Mem.set_cont_inside +R5419 Coq.Init.Logic "x = y" type_scope +R5401 Mem.set_cont +R5372 Coq.Init.Logic "A \/ B" type_scope +R5368 Coq.ZArith.BinInt "x < y" Z_scope +R5390 Coq.ZArith.BinInt "x <= y" Z_scope +R5377 Coq.ZArith.BinInt "x + y" Z_scope +R5379 Coq.ZArith.BinInt.Z_of_nat +R5488 Coq.ZArith.Znat.inj_S +R5488 Coq.ZArith.Znat.inj_S +R5511 Mem.update_o +R5511 Mem.update_o +R5565 Mem.set_cont_outside +R5650 Coq.Init.Logic "x = y" type_scope +R5626 Mem.getN +R5636 Mem.setN +R5701 Mem.check_cont_true +R5701 Mem.check_cont_true +R5724 Mem.update_s +R5724 Mem.update_s +R5752 Mem.update_o +R5752 Mem.update_o +R5768 Mem.set_cont_inside +R5768 Mem.set_cont_inside +R5820 Mem.getN_setN_same +R5968 Coq.Init.Logic "x = y" type_scope +R5940 Mem.getN +R5952 Mem.setN +R5970 Mem.getN +R5910 Coq.Init.Logic "A \/ B" type_scope +R5905 Coq.ZArith.BinInt "x < y" Z_scope +R5891 Coq.ZArith.BinInt "x + y" Z_scope +R5893 Coq.ZArith.BinInt.Z_of_nat +R5930 Coq.ZArith.BinInt "x < y" Z_scope +R5916 Coq.ZArith.BinInt "x + y" Z_scope +R5918 Coq.ZArith.BinInt.Z_of_nat +R6030 Mem.check_cont +R6048 Coq.ZArith.BinInt "x + y" Z_scope +R6030 Mem.check_cont +R6048 Coq.ZArith.BinInt "x + y" Z_scope +R6074 Mem.check_cont_true +R6074 Mem.check_cont_true +R6099 Mem.update_o +R6099 Mem.update_o +R6117 Mem.set_cont_outside +R6117 Mem.set_cont_outside +R6167 Mem.update_o +R6167 Mem.update_o +R6185 Mem.set_cont_outside +R6185 Mem.set_cont_outside +R6212 Mem.check_cont_inv +R6212 Mem.check_cont_inv +R6268 Mem.check_cont +R6292 Mem.update +R6305 Mem.set_cont +R6321 Coq.ZArith.BinInt "x + y" Z_scope +R6286 Coq.ZArith.BinInt "x + y" Z_scope +R6268 Mem.check_cont +R6292 Mem.update +R6305 Mem.set_cont +R6321 Coq.ZArith.BinInt "x + y" Z_scope +R6286 Coq.ZArith.BinInt "x + y" Z_scope +R6375 Coq.Init.Logic "x = y" type_scope +R6350 Mem.check_cont +R6368 Coq.ZArith.BinInt "x + y" Z_scope +R6377 Coq.Init.Datatypes.true +R6375 Coq.Init.Logic "x = y" type_scope +R6350 Mem.check_cont +R6368 Coq.ZArith.BinInt "x + y" Z_scope +R6377 Coq.Init.Datatypes.true +R6392 Mem.check_cont_true +R6392 Mem.check_cont_true +R6432 Mem.check_cont_inv +R6432 Mem.check_cont_inv +R6473 Mem.update_o +R6473 Mem.update_o +R6491 Mem.set_cont_outside +R6491 Mem.set_cont_outside +R6591 Mem.getN_setN_other +R6780 Coq.Init.Logic "A \/ B" type_scope +R6773 Coq.Init.Logic "x = y" type_scope +R6745 Mem.getN +R6757 Mem.setN +R6775 Mem.Cont +R6813 Coq.Init.Logic "x = y" type_scope +R6785 Mem.getN +R6797 Mem.setN +R6815 Mem.Undef +R6732 Coq.Init.Logic "x <> y" type_scope +R6735 Mem.Cont +R6719 Coq.ZArith.BinInt "x >= y" Z_scope +R6705 Coq.ZArith.BinInt "x + y" Z_scope +R6707 Coq.ZArith.BinInt.Z_of_nat +R6693 Coq.ZArith.BinInt "x >= y" Z_scope +R6679 Coq.ZArith.BinInt "x + y" Z_scope +R6681 Coq.ZArith.BinInt.Z_of_nat +R6665 Coq.Init.Logic "x <> y" type_scope +R6862 Mem.check_cont +R6886 Mem.setN +R6880 Coq.ZArith.BinInt "x + y" Z_scope +R6862 Mem.check_cont +R6886 Mem.setN +R6880 Coq.ZArith.BinInt "x + y" Z_scope +R6919 Coqlib.zlt +R6919 Coqlib.zlt +R6955 Coq.ZArith.BinInt "x <= y < z" Z_scope +R6951 Coq.ZArith.BinInt "x + y" Z_scope +R6970 Coq.ZArith.BinInt "x + y" Z_scope +R6966 Coq.ZArith.BinInt "x + y" Z_scope +R6972 Coq.ZArith.BinInt.Z_of_nat +R6955 Coq.ZArith.BinInt "x <= y < z" Z_scope +R6951 Coq.ZArith.BinInt "x + y" Z_scope +R6970 Coq.ZArith.BinInt "x + y" Z_scope +R6966 Coq.ZArith.BinInt "x + y" Z_scope +R6972 Coq.ZArith.BinInt.Z_of_nat +R7007 Mem.check_cont_inv +R7007 Mem.check_cont_inv +R7063 Mem.update_s +R7063 Mem.update_s +R7124 Mem.update_o +R7124 Mem.update_o +R7142 Mem.set_cont_inside +R7142 Mem.set_cont_inside +R7207 Mem.getN_setN_overlap +R7307 Coq.Init.Logic "A \/ B" type_scope +R7303 Coq.Init.Logic "x = y" type_scope +R7277 Mem.getN +R7288 Mem.setN +R7336 Coq.Init.Logic "x = y" type_scope +R7310 Mem.getN +R7321 Mem.setN +R7338 Mem.Undef +R7386 Mem.check_cont +R7409 Mem.setN +R7403 Coq.ZArith.BinInt "x + y" Z_scope +R7386 Mem.check_cont +R7409 Mem.setN +R7403 Coq.ZArith.BinInt "x + y" Z_scope +R7460 Mem.update_s +R7460 Mem.update_s +R7504 Mem.getN_setN_mismatch +R7584 Coq.Init.Logic "x = y" type_scope +R7558 Mem.getN +R7577 Mem.Undef +R7586 Mem.Undef +R7631 Mem.check_cont +R7662 Mem.Undef +R7647 Coq.ZArith.BinInt "x + y" Z_scope +R7631 Mem.check_cont +R7662 Mem.Undef +R7647 Coq.ZArith.BinInt "x + y" Z_scope +R7696 Mem.getN_init +R7814 Coq.Init.Specif "{ A } + { B }" type_scope +R7830 Coq.Init.Logic "A /\ B" type_scope +R7823 Coq.ZArith.BinInt "x <= y" Z_scope +R7818 Mem.low +R7856 Coq.ZArith.BinInt "x <= y" Z_scope +R7837 Coq.ZArith.BinInt "x + y" Z_scope +R7839 Mem.size_chunk +R7862 Mem.high +R7892 Coq.Init.Logic "A \/ B" type_scope +R7886 Coq.ZArith.BinInt "x > y" Z_scope +R7881 Mem.low +R7918 Coq.ZArith.BinInt "x > y" Z_scope +R7899 Coq.ZArith.BinInt "x + y" Z_scope +R7901 Mem.size_chunk +R7923 Mem.high +R7958 Coqlib.zle +R7990 Mem.high +R7967 Coq.ZArith.BinInt "x + y" Z_scope +R7969 Mem.size_chunk +R7941 Coqlib.zle +R7948 Mem.low +R8005 Coq.Init.Specif.left +R8014 Coq.Init.Specif.left +R8025 Coq.Init.Specif.left +R8033 Coq.Init.Logic.conj +R8049 Coq.Init.Specif.left +R8058 Coq.Init.Specif.right +R8070 Coq.Init.Specif.right +R8079 Coq.Init.Logic.or_intror +R8099 Coq.Init.Specif.right +R8114 Coq.Init.Specif.right +R8123 Coq.Init.Logic.or_introl +R7787 Mem.block_contents +R7780 Coq.ZArith.BinInt.Z +R7760 AST.memory_chunk +R8357 Coq.Init.Logic "x = y" type_scope +R8322 Mem.in_bounds +R8301 Coq.ZArith.BinInt "x <= y" Z_scope +R8282 Coq.ZArith.BinInt "x + y" Z_scope +R8284 Mem.size_chunk +R8307 Mem.high +R8268 Coq.ZArith.BinInt "x <= y" Z_scope +R8263 Mem.low +R8214 Mem.block_contents +R8207 Coq.ZArith.BinInt.Z +R8187 AST.memory_chunk +R8387 Mem.in_bounds +R8387 Mem.in_bounds +R8609 Coq.Init.Logic "x = y" type_scope +R8558 Mem.in_bounds +R8579 Mem.mkblock +R8596 Mem.high +R8588 Mem.low +R8613 Mem.in_bounds +R8541 Mem.contentmap +R8521 Mem.block_contents +R8514 Coq.ZArith.BinInt.Z +R8494 AST.memory_chunk +R8685 Mem.in_bounds_holds +R8701 Mem.in_bounds_exten +R8775 Coq.Init.Datatypes.bool +R8788 Coqlib.zlt +R8797 Mem.nextblock +R8956 Coq.Init.Datatypes.false +R8851 Coqlib.zle +R8858 Mem.low +R8942 Coq.Init.Datatypes.false +R8875 Coqlib.zlt +R8886 Mem.high +R8907 Coq.Init.Datatypes.false +R8897 Coq.Init.Datatypes.true +R8830 Mem.blocks +R8770 Coq.ZArith.BinInt.Z +R8757 Values.block +R8748 Mem.mem +R9073 Values.val +R9100 Mem.Size8 +R9121 Mem.getN +R9151 Mem.Datum8 +R9178 Values.Vundef +R9199 Mem.Size16 +R9221 Mem.getN +R9251 Mem.Datum16 +R9279 Values.Vundef +R9300 Mem.Size32 +R9322 Mem.getN +R9352 Mem.Datum32 +R9380 Values.Vundef +R9401 Mem.Size64 +R9423 Mem.getN +R9453 Mem.Datum64 +R9481 Values.Vundef +R9068 Coq.ZArith.BinInt.Z +R9050 Mem.contentmap +R9033 Mem.memory_size +R9591 Coq.Init.Datatypes.option +R9598 Values.val +R9610 Coqlib.zlt +R9619 Mem.nextblock +R9832 Coq.Init.Datatypes.None +R9673 Mem.in_bounds +R9815 Coq.Init.Datatypes.None +R9705 Coq.Init.Datatypes.Some +R9711 Values.load_result +R9754 Mem.load_contents +R9789 Mem.contents +R9769 Mem.mem_chunk +R9652 Mem.blocks +R9570 Coq.ZArith.BinInt.Z +R9557 Values.block +R9548 Mem.mem +R9530 AST.memory_chunk +R9901 Coq.Init.Datatypes.option +R9908 Values.val +R9937 Values.Vptr +R9951 Mem.load +R9967 Integers.signed +R9992 Coq.Init.Datatypes.None +R9894 Values.val +R9882 Mem.mem +R9864 AST.memory_chunk +R10185 Coq.Init.Logic "'exists' x , p" type_scope +R10214 Coq.Init.Logic "x = y" type_scope +R10195 Mem.load +R10216 Coq.Init.Datatypes.Some +R10162 Coq.ZArith.BinInt "x <= y" Z_scope +R10143 Coq.ZArith.BinInt "x + y" Z_scope +R10145 Mem.size_chunk +R10165 Mem.high_bound +R10127 Coq.ZArith.BinInt "x <= y" Z_scope +R10113 Mem.low_bound +R10092 Mem.valid_block +R10086 Coq.ZArith.BinInt.Z +R10073 Values.block +R10064 Mem.mem +R10046 AST.memory_chunk +R10262 Coqlib.zlt_true +R10262 Coqlib.zlt_true +R10288 Mem.in_bounds_holds +R10288 Mem.in_bounds_holds +R10316 Values.load_result +R10351 Mem.load_contents +R10411 Mem.contents +R10424 Mem.blocks +R10366 Mem.mem_chunk +R10316 Values.load_result +R10351 Mem.load_contents +R10411 Mem.contents +R10424 Mem.blocks +R10366 Mem.mem_chunk +R10672 Coq.Init.Logic "A /\ B" type_scope +R10656 Coq.ZArith.BinInt "x < y" Z_scope +R10661 Mem.nextblock +R10692 Coq.Init.Logic "A /\ B" type_scope +R10685 Coq.ZArith.BinInt "x <= y" Z_scope +R10680 Mem.low +R10732 Coq.Init.Logic "A /\ B" type_scope +R10720 Coq.ZArith.BinInt "x <= y" Z_scope +R10701 Coq.ZArith.BinInt "x + y" Z_scope +R10703 Mem.size_chunk +R10726 Mem.high +R10811 Coq.Init.Logic "x = y" type_scope +R10737 Values.load_result +R10760 Mem.load_contents +R10796 Mem.contents +R10775 Mem.mem_chunk +R10639 Mem.blocks +R10613 Coq.Init.Logic "x = y" type_scope +R10594 Mem.load +R10615 Coq.Init.Datatypes.Some +R10586 Values.val +R10579 Coq.ZArith.BinInt.Z +R10566 Values.block +R10557 Mem.mem +R10539 AST.memory_chunk +R10862 Coqlib.zlt +R10869 Mem.nextblock +R10862 Coqlib.zlt +R10869 Mem.nextblock +R10906 Mem.blocks +R10906 Mem.blocks +R10926 Mem.in_bounds +R10926 Mem.in_bounds +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R11040 Mem.load_in_bounds +R11055 Mem.load_inv +R11210 Mem.contentmap +R11244 Mem.Size8 +R11259 Mem.setN +R11275 Mem.Datum8 +R11291 Mem.Size16 +R11307 Mem.setN +R11323 Mem.Datum16 +R11340 Mem.Size32 +R11356 Mem.setN +R11372 Mem.Datum32 +R11389 Mem.Size64 +R11405 Mem.setN +R11421 Mem.Datum64 +R11203 Values.val +R11196 Coq.ZArith.BinInt.Z +R11152 Mem.contentmap +R11135 Mem.memory_size +R11665 Coq.Init.Logic "x = y" type_scope +R11637 Mem.store_contents +R11667 Mem.Undef +R11618 Coq.Init.Logic "A \/ B" type_scope +R11613 Coq.ZArith.BinInt "x < y" Z_scope +R11623 Coq.ZArith.BinInt "x >= y" Z_scope +R11586 Coq.Init.Logic "x = y" type_scope +R11588 Mem.Undef +R11568 Coq.Init.Logic "A \/ B" type_scope +R11563 Coq.ZArith.BinInt "x < y" Z_scope +R11573 Coq.ZArith.BinInt "x >= y" Z_scope +R11518 Coq.Init.Logic "A /\ B" type_scope +R11511 Coq.ZArith.BinInt "x <= y" Z_scope +R11539 Coq.ZArith.BinInt "x <= y" Z_scope +R11525 Coq.ZArith.BinInt "x + y" Z_scope +R11527 Mem.size_mem +R11851 Coq.Init.Logic "x = y" type_scope +R11834 Mem.setN +R11853 Mem.Undef +R11808 Coq.Init.Logic "A \/ B" type_scope +R11803 Coq.ZArith.BinInt "x < y" Z_scope +R11813 Coq.ZArith.BinInt "x >= y" Z_scope +R11780 Coq.ZArith.BinInt "x <= y" Z_scope +R11761 Coq.ZArith.BinInt "x + y" Z_scope +R11766 Coq.ZArith.BinInt "x + y" Z_scope +R11768 Coq.ZArith.BinInt.Z_of_nat +R11851 Coq.Init.Logic "x = y" type_scope +R11834 Mem.setN +R11853 Mem.Undef +R11808 Coq.Init.Logic "A \/ B" type_scope +R11803 Coq.ZArith.BinInt "x < y" Z_scope +R11813 Coq.ZArith.BinInt "x >= y" Z_scope +R11780 Coq.ZArith.BinInt "x <= y" Z_scope +R11761 Coq.ZArith.BinInt "x + y" Z_scope +R11766 Coq.ZArith.BinInt "x + y" Z_scope +R11768 Coq.ZArith.BinInt.Z_of_nat +R11894 Mem.update_o +R11894 Mem.update_o +R11934 Mem.set_cont_outside +R11934 Mem.set_cont_outside +R12080 Coq.ZArith.BinInt.Z_of_nat +R12299 Mem.mem +R12335 Mem.mkmem +R12637 Mem.nextblock_pos +R12619 Mem.nextblock +R12346 Mem.update +R12603 Mem.blocks +R12364 Mem.mkblock +R12478 Mem.store_contents_undef_outside +R12575 Mem.undef_outside +R12528 Mem.contents +R12508 Mem.mem_chunk +R12407 Mem.store_contents +R12443 Mem.contents +R12423 Mem.mem_chunk +R12383 Mem.high +R12375 Mem.low +R12320 Mem.blocks +R12236 Coq.Init.Logic "A /\ B" type_scope +R12229 Coq.ZArith.BinInt "x <= y" Z_scope +R12224 Mem.low +R12212 Mem.blocks +R12271 Coq.ZArith.BinInt "x <= y" Z_scope +R12252 Coq.ZArith.BinInt "x + y" Z_scope +R12254 Mem.size_chunk +R12290 Mem.high +R12278 Mem.blocks +R12194 Values.val +R12187 Coq.ZArith.BinInt.Z +R12169 Values.block +R12160 Mem.mem +R12142 AST.memory_chunk +R12750 Coq.Init.Datatypes.option +R12757 Mem.mem +R12769 Coqlib.zlt +R12778 Mem.nextblock +R12941 Coq.Init.Datatypes.None +R12804 Mem.in_bounds +R12828 Mem.blocks +R12850 Coq.Init.Specif.left +R12860 Coq.Init.Datatypes.Some +R12865 Mem.unchecked_store +R12906 Coq.Init.Specif.right +R12917 Coq.Init.Datatypes.None +R12743 Values.val +R12736 Coq.ZArith.BinInt.Z +R12706 Values.block +R12697 Mem.mem +R12679 AST.memory_chunk +R13013 Coq.Init.Datatypes.option +R13020 Mem.mem +R13049 Values.Vptr +R13063 Mem.store +R13080 Integers.signed +R13107 Coq.Init.Datatypes.None +R13006 Values.val +R13006 Values.val +R12992 Mem.mem +R12974 AST.memory_chunk +R13310 Coq.Init.Logic "'exists' x , p" type_scope +R13343 Coq.Init.Logic "x = y" type_scope +R13321 Mem.store +R13345 Coq.Init.Datatypes.Some +R13287 Coq.ZArith.BinInt "x <= y" Z_scope +R13268 Coq.ZArith.BinInt "x + y" Z_scope +R13270 Mem.size_chunk +R13290 Mem.high_bound +R13252 Coq.ZArith.BinInt "x <= y" Z_scope +R13238 Mem.low_bound +R13217 Mem.valid_block +R13209 Values.val +R13202 Coq.ZArith.BinInt.Z +R13189 Values.block +R13180 Mem.mem +R13162 AST.memory_chunk +R13395 Coqlib.zlt_true +R13395 Coqlib.zlt_true +R13420 Mem.in_bounds +R13441 Mem.blocks +R13420 Mem.in_bounds +R13441 Mem.blocks +R13474 Mem.unchecked_store +R13474 Mem.unchecked_store +R13774 Coq.Init.Logic "A /\ B" type_scope +R13758 Coq.ZArith.BinInt "x < y" Z_scope +R13763 Mem.nextblock +R13794 Coq.Init.Logic "A /\ B" type_scope +R13787 Coq.ZArith.BinInt "x <= y" Z_scope +R13782 Mem.low +R13834 Coq.Init.Logic "A /\ B" type_scope +R13822 Coq.ZArith.BinInt "x <= y" Z_scope +R13803 Coq.ZArith.BinInt "x + y" Z_scope +R13805 Mem.size_chunk +R13828 Mem.high +R13870 Coq.Init.Logic "A /\ B" type_scope +R13854 Coq.Init.Logic "x = y" type_scope +R13843 Mem.nextblock +R13859 Mem.nextblock +R13875 Coq.Init.Logic "'exists' x , p" type_scope +R13897 Coq.Init.Logic "x = y" type_scope +R13889 Mem.blocks +R13903 Mem.update +R14046 Mem.blocks +R13913 Mem.mkblock +R13963 Mem.store_contents +R13999 Mem.contents +R13979 Mem.mem_chunk +R13932 Mem.high +R13924 Mem.low +R13741 Mem.blocks +R13714 Coq.Init.Logic "x = y" type_scope +R13692 Mem.store +R13716 Coq.Init.Datatypes.Some +R13684 Values.val +R13677 Coq.ZArith.BinInt.Z +R13664 Values.block +R13655 Mem.mem +R13655 Mem.mem +R13634 AST.memory_chunk +R14102 Coqlib.zlt +R14109 Mem.nextblock +R14102 Coqlib.zlt +R14109 Mem.nextblock +R14146 Mem.blocks +R14146 Mem.blocks +R14166 Mem.in_bounds +R14166 Mem.in_bounds +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R14269 Mem.store_contents_undef_outside +R14368 Mem.undef_outside +R14357 Mem.high +R14349 Mem.low +R14330 Mem.contents +R14299 Mem.mem_chunk +R14269 Mem.store_contents_undef_outside +R14368 Mem.undef_outside +R14357 Mem.high +R14349 Mem.low +R14330 Mem.contents +R14299 Mem.mem_chunk +R14462 Mem.store_in_bounds +R14478 Mem.store_inv +R14624 Coq.Init.Logic "x <> y" type_scope +R14599 Coq.Init.Logic "~ x" type_scope +R14601 Mem.valid_block +R14580 Mem.valid_block +R14795 Coq.Init.Logic "~ x" type_scope +R14797 Mem.valid_block +R14782 Coq.Init.Logic "x = y" type_scope +R14767 Mem.alloc +R14784 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14756 Values.block +R14749 Coq.ZArith.BinInt.Z +R14749 Coq.ZArith.BinInt.Z +R14736 Mem.mem +R14736 Mem.mem +R15000 Mem.valid_block +R14987 Coq.Init.Logic "x = y" type_scope +R14972 Mem.alloc +R14989 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14961 Values.block +R14954 Coq.ZArith.BinInt.Z +R14954 Coq.ZArith.BinInt.Z +R14941 Mem.mem +R14941 Mem.mem +R15253 Mem.valid_block +R15233 Mem.valid_block +R15217 Coq.Init.Logic "x = y" type_scope +R15202 Mem.alloc +R15219 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15191 Values.block +R15191 Values.block +R15181 Coq.ZArith.BinInt.Z +R15181 Coq.ZArith.BinInt.Z +R15168 Mem.mem +R15168 Mem.mem +R15533 Mem.valid_block +R15513 Mem.valid_block +R15498 Coq.Init.Logic "x = y" type_scope +R15474 Mem.store +R15500 Coq.Init.Datatypes.Some +R15466 Values.val +R15459 Coq.ZArith.BinInt.Z +R15446 Values.block +R15446 Values.block +R15434 Mem.mem +R15434 Mem.mem +R15412 AST.memory_chunk +R15580 Mem.store_inv +R15580 Mem.store_inv +R15754 Mem.valid_block +R15767 Mem.free +R15735 Mem.valid_block +R15724 Values.block +R15724 Values.block +R15712 Mem.mem +R16086 Coq.Init.Logic "x = y" type_scope +R16066 Mem.load +R16088 Coq.Init.Datatypes.Some +R16052 Coq.Init.Logic "x = y" type_scope +R16032 Mem.load +R16054 Coq.Init.Datatypes.Some +R16016 Coq.Init.Logic "x = y" type_scope +R16001 Mem.alloc +R16018 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15993 Values.val +R15986 Coq.ZArith.BinInt.Z +R15986 Coq.ZArith.BinInt.Z +R15986 Coq.ZArith.BinInt.Z +R15967 Values.block +R15967 Values.block +R15946 Mem.mem +R15946 Mem.mem +R15924 AST.memory_chunk +R16183 Mem.load_inv +R16183 Mem.load_inv +R16266 Coqlib.zlt_true +R16266 Coqlib.zlt_true +R16294 Mem.update_o +R16294 Mem.update_o +R16294 Mem.update_o +R16294 Mem.update_o +R16315 Mem.in_bounds_holds +R16315 Mem.in_bounds_holds +R16481 Coq.Init.Logic "x = y" type_scope +R16443 Mem.load_contents +R16470 Mem.Undef +R16483 Values.Vundef +R16437 Coq.ZArith.BinInt.Z +R16418 Mem.memory_size +R16727 Coq.Init.Logic "x = y" type_scope +R16729 Values.Vundef +R16711 Coq.Init.Logic "x = y" type_scope +R16690 Mem.load +R16713 Coq.Init.Datatypes.Some +R16674 Coq.Init.Logic "x = y" type_scope +R16659 Mem.alloc +R16676 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16651 Values.val +R16644 Coq.ZArith.BinInt.Z +R16644 Coq.ZArith.BinInt.Z +R16644 Coq.ZArith.BinInt.Z +R16625 Values.block +R16625 Values.block +R16604 Mem.mem +R16604 Mem.mem +R16582 AST.memory_chunk +R16824 Mem.load_inv +R16824 Mem.load_inv +R16877 Mem.update_s +R16877 Mem.update_s +R16943 Mem.load_contents_init +R16943 Mem.load_contents_init +R17124 Coq.Init.Logic "x = y" type_scope +R17109 Mem.low_bound +R17129 Coqlib.zeq +R17151 Mem.low_bound +R17093 Coq.Init.Logic "x = y" type_scope +R17078 Mem.alloc +R17095 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17072 Coq.ZArith.BinInt.Z +R17072 Coq.ZArith.BinInt.Z +R17057 Values.block +R17057 Values.block +R17045 Mem.mem +R17045 Mem.mem +R17306 Coqlib.zeq +R17313 Mem.nextblock +R17306 Coqlib.zeq +R17313 Mem.nextblock +R17471 Coq.Init.Logic "x = y" type_scope +R17455 Mem.high_bound +R17476 Coqlib.zeq +R17498 Mem.high_bound +R17439 Coq.Init.Logic "x = y" type_scope +R17424 Mem.alloc +R17441 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17418 Coq.ZArith.BinInt.Z +R17418 Coq.ZArith.BinInt.Z +R17403 Values.block +R17403 Values.block +R17391 Mem.mem +R17391 Mem.mem +R17655 Coqlib.zeq +R17662 Mem.nextblock +R17655 Coqlib.zeq +R17662 Mem.nextblock +R17877 Coq.Init.Logic "'exists' x , p" type_scope +R17912 Coq.Init.Logic "x = y" type_scope +R17889 Mem.store +R17914 Coq.Init.Datatypes.Some +R17866 Coq.ZArith.BinInt "x <= y" Z_scope +R17847 Coq.ZArith.BinInt "x + y" Z_scope +R17849 Mem.size_chunk +R17833 Coq.ZArith.BinInt "x <= y" Z_scope +R17815 Coq.Init.Logic "x = y" type_scope +R17800 Mem.alloc +R17817 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17792 Values.val +R17785 Coq.ZArith.BinInt.Z +R17785 Coq.ZArith.BinInt.Z +R17785 Coq.ZArith.BinInt.Z +R17766 Values.block +R17757 Mem.mem +R17757 Mem.mem +R17735 AST.memory_chunk +R17993 Coq.ZArith.BinInt "x < y" Z_scope +R17999 Mem.nextblock +R17993 Coq.ZArith.BinInt "x < y" Z_scope +R17999 Mem.nextblock +R18075 Coq.ZArith.BinInt "x <= y" Z_scope +R18060 Mem.low_bound +R18075 Coq.ZArith.BinInt "x <= y" Z_scope +R18060 Mem.low_bound +R18138 Mem.update_s +R18138 Mem.update_s +R18205 Coq.ZArith.BinInt "x <= y" Z_scope +R18186 Coq.ZArith.BinInt "x + y" Z_scope +R18188 Mem.size_chunk +R18208 Mem.high_bound +R18205 Coq.ZArith.BinInt "x <= y" Z_scope +R18186 Coq.ZArith.BinInt "x + y" Z_scope +R18188 Mem.size_chunk +R18208 Mem.high_bound +R18281 Mem.update_s +R18281 Mem.update_s +R18321 Mem.store_in_bounds +R18321 Mem.store_in_bounds +R18381 Mem.store_alloc +R18393 Mem.high_bound_alloc +R18410 Mem.low_bound_alloc +R18426 Mem.load_alloc_same +R18442 Mem.load_contents_init +R18461 Mem.load_alloc_other +R18642 Coq.Init.Logic "x = y" type_scope +R18613 Mem.load +R18625 Mem.free +R18644 Mem.load +R18602 Coq.Init.Logic "x <> y" type_scope +R18594 Coq.ZArith.BinInt.Z +R18581 Values.block +R18581 Values.block +R18569 Mem.mem +R18551 AST.memory_chunk +R18715 Coqlib.zlt +R18722 Mem.nextblock +R18715 Coqlib.zlt +R18722 Mem.nextblock +R18755 Mem.update_o +R18755 Mem.update_o +R18889 Coq.Init.Logic "x = y" type_scope +R18865 Mem.low_bound +R18876 Mem.free +R18891 Mem.low_bound +R18854 Coq.Init.Logic "x <> y" type_scope +R18842 Values.block +R18842 Values.block +R18830 Mem.mem +R18964 Mem.update_o +R18964 Mem.update_o +R19084 Coq.Init.Logic "x = y" type_scope +R19059 Mem.high_bound +R19071 Mem.free +R19086 Mem.high_bound +R19048 Coq.Init.Logic "x <> y" type_scope +R19036 Values.block +R19036 Values.block +R19024 Mem.mem +R19161 Mem.update_o +R19161 Mem.update_o +R19195 Mem.load_free +R19205 Mem.low_bound_free +R19220 Mem.high_bound_free +R19391 Coq.Init.Logic "A /\ B" type_scope +R19384 Coq.ZArith.BinInt "x <= y" Z_scope +R19369 Mem.low_bound +R19417 Coq.ZArith.BinInt "x <= y" Z_scope +R19398 Coq.ZArith.BinInt "x + y" Z_scope +R19400 Mem.size_chunk +R19420 Mem.high_bound +R19354 Coq.Init.Logic "x = y" type_scope +R19331 Mem.store +R19356 Coq.Init.Datatypes.Some +R19466 Mem.store_inv +R19466 Mem.store_inv +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R19710 Coq.Init.Logic "x = y" type_scope +R19661 Mem.load_contents +R19679 Mem.store_contents +R19653 Values.val +R19646 Coq.ZArith.BinInt.Z +R19628 Mem.contentmap +R19611 Mem.memory_size +R19809 Mem.getN_setN_same +R19809 Mem.getN_setN_same +R19809 Mem.getN_setN_same +R19809 Mem.getN_setN_same +R19809 Mem.getN_setN_same +R20005 Coq.Init.Logic "x = y" type_scope +R19985 Mem.load +R20007 Coq.Init.Datatypes.Some +R20013 Values.load_result +R19970 Coq.Init.Logic "x = y" type_scope +R19947 Mem.store +R19972 Coq.Init.Datatypes.Some +R19939 Values.val +R19932 Coq.ZArith.BinInt.Z +R19919 Values.block +R19910 Mem.mem +R19910 Mem.mem +R19888 AST.memory_chunk +R20070 Mem.store_inv +R20070 Mem.store_inv +R20170 Coqlib.zlt_true +R20170 Coqlib.zlt_true +R20216 Mem.update_s +R20216 Mem.update_s +R20216 Mem.update_s +R20244 Mem.in_bounds_exten +R20244 Mem.in_bounds_exten +R20269 Mem.in_bounds_holds +R20269 Mem.in_bounds_holds +R20302 Mem.load_store_contents_same +R20302 Mem.load_store_contents_same +R20586 Coq.Init.Logic "x = y" type_scope +R20533 Mem.load_contents +R20552 Mem.store_contents +R20590 Mem.load_contents +R20497 Coq.Init.Logic "A \/ B" type_scope +R20489 Coq.ZArith.BinInt "x <= y" Z_scope +R20474 Coq.ZArith.BinInt "x + y" Z_scope +R20476 Mem.size_mem +R20520 Coq.ZArith.BinInt "x <= y" Z_scope +R20505 Coq.ZArith.BinInt "x + y" Z_scope +R20507 Mem.size_mem +R20461 Values.val +R20454 Coq.ZArith.BinInt.Z +R20454 Coq.ZArith.BinInt.Z +R20420 Mem.contentmap +R20403 Mem.memory_size +R20403 Mem.memory_size +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R20732 Mem.getN_setN_other +R20774 Coq.ZArith.BinInt.Z_of_nat +R21082 Coq.Init.Logic "x = y" type_scope +R21059 Mem.load +R21084 Mem.load +R20980 Coq.Init.Logic "A \/ B" type_scope +R20972 Coq.Init.Logic "x <> y" type_scope +R21018 Coq.Init.Logic "A \/ B" type_scope +R21008 Coq.ZArith.BinInt "x <= y" Z_scope +R20988 Coq.ZArith.BinInt "x + y" Z_scope +R20990 Mem.size_chunk +R21046 Coq.ZArith.BinInt "x <= y" Z_scope +R21026 Coq.ZArith.BinInt "x + y" Z_scope +R21028 Mem.size_chunk +R20954 Coq.Init.Logic "x = y" type_scope +R20928 Mem.store +R20956 Coq.Init.Datatypes.Some +R20920 Values.val +R20913 Coq.ZArith.BinInt.Z +R20913 Coq.ZArith.BinInt.Z +R20894 Values.block +R20894 Values.block +R20872 Mem.mem +R20872 Mem.mem +R20850 AST.memory_chunk +R20850 AST.memory_chunk +R21139 Mem.store_inv +R21139 Mem.store_inv +R21236 Coqlib.zlt +R21244 Mem.nextblock +R21236 Coqlib.zlt +R21244 Mem.nextblock +R21301 Coqlib.zeq +R21301 Coqlib.zeq +R21347 Mem.in_bounds_exten +R21347 Mem.in_bounds_exten +R21375 Mem.load_store_contents_other +R21375 Mem.load_store_contents_other +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R21697 Coq.Init.Logic "x = y" type_scope +R21499 Mem.getN +R21516 Mem.setN +R21554 Mem.Undef +R21575 Mem.Datum8 +R21599 Mem.Datum16 +R21624 Mem.Datum32 +R21649 Mem.Datum64 +R21674 Mem.Cont +R21715 Mem.getN_setN_overlap +R21902 Coq.ZArith.BinInt.Z_of_nat +R21930 Coq.ZArith.BinInt.Z_of_nat +R22228 Coq.Init.Logic "x = y" type_scope +R22175 Mem.load_contents +R22194 Mem.store_contents +R22230 Values.Vundef +R22163 Coq.ZArith.BinInt "x > y" Z_scope +R22148 Coq.ZArith.BinInt "x + y" Z_scope +R22150 Mem.size_mem +R22133 Coq.ZArith.BinInt "x > y" Z_scope +R22118 Coq.ZArith.BinInt "x + y" Z_scope +R22120 Mem.size_mem +R22100 Coq.Init.Logic "x <> y" type_scope +R22087 Values.val +R22080 Coq.ZArith.BinInt.Z +R22080 Coq.ZArith.BinInt.Z +R22046 Mem.contentmap +R22029 Mem.memory_size +R22029 Mem.memory_size +R22371 Coq.Init.Logic "x <> y" type_scope +R22620 Coq.Init.Logic "x = y" type_scope +R22424 Mem.getN +R22440 Mem.setN +R22477 Mem.Undef +R22498 Mem.Datum8 +R22522 Mem.Datum16 +R22547 Mem.Datum32 +R22572 Mem.Datum64 +R22597 Mem.Cont +R22638 Mem.getN_setN_mismatch +R22983 Coq.Init.Logic "x = y" type_scope +R22932 Mem.load_contents +R22951 Mem.store_contents +R22985 Values.Vundef +R22920 Coq.Init.Logic "x <> y" type_scope +R22908 Values.val +R22901 Coq.ZArith.BinInt.Z +R22873 Mem.contentmap +R22856 Mem.memory_size +R22856 Mem.memory_size +R23219 Coq.Init.Logic "x = y" type_scope +R23203 Mem.low_bound +R23221 Mem.low_bound +R23188 Coq.Init.Logic "x = y" type_scope +R23165 Mem.store +R23190 Coq.Init.Datatypes.Some +R23157 Values.val +R23150 Coq.ZArith.BinInt.Z +R23137 Values.block +R23137 Values.block +R23125 Mem.mem +R23125 Mem.mem +R23103 AST.memory_chunk +R23269 Mem.store_inv +R23269 Mem.store_inv +R23386 Coqlib.zeq +R23386 Coqlib.zeq +R23610 Coq.Init.Logic "x = y" type_scope +R23593 Mem.high_bound +R23612 Mem.high_bound +R23578 Coq.Init.Logic "x = y" type_scope +R23555 Mem.store +R23580 Coq.Init.Datatypes.Some +R23547 Values.val +R23540 Coq.ZArith.BinInt.Z +R23527 Values.block +R23527 Values.block +R23515 Mem.mem +R23515 Mem.mem +R23493 AST.memory_chunk +R23661 Mem.store_inv +R23661 Mem.store_inv +R23779 Coqlib.zeq +R23779 Coqlib.zeq +R23857 Mem.high_bound_store +R23874 Mem.low_bound_store +R23890 Mem.load_store_contents_mismatch +R23919 Mem.load_store_contents_overlap +R23947 Mem.load_store_other +R23964 Mem.store_is_in_bounds +R23985 Mem.load_store_contents_same +R24011 Mem.load_store_same +R24027 Mem.load_store_contents_other +R24202 Coq.Init.Logic "x = y" type_scope +R24180 Coq.ZArith.BinInt "x <= y < z" Z_scope +R24169 Coq.ZArith.BinInt.Z +R24139 Mem.contentmap +R24139 Mem.contentmap +R24128 Coq.ZArith.BinInt.Z +R24128 Coq.ZArith.BinInt.Z +R24285 Mem.contentmap_agree +R24326 Mem.contents +R24312 Mem.contents +R24264 Mem.block_contents +R24264 Mem.block_contents +R24253 Coq.ZArith.BinInt.Z +R24253 Coq.ZArith.BinInt.Z +R24401 Mem.block_contents_agree +R24454 Mem.blocks +R24438 Mem.blocks +R24391 Mem.mem +R24391 Mem.mem +R24380 Coq.ZArith.BinInt.Z +R24380 Coq.ZArith.BinInt.Z +R24365 Values.block +R24536 Mem.block_agree +R24530 Coq.ZArith.BinInt.Z +R24530 Coq.ZArith.BinInt.Z +R24515 Values.block +R24506 Mem.mem +R24698 Mem.block_agree +R24667 Mem.block_agree +R24661 Coq.ZArith.BinInt.Z +R24661 Coq.ZArith.BinInt.Z +R24646 Values.block +R24637 Mem.mem +R24637 Mem.mem +R24925 Mem.block_agree +R24894 Mem.block_agree +R24863 Mem.block_agree +R24857 Coq.ZArith.BinInt.Z +R24857 Coq.ZArith.BinInt.Z +R24842 Values.block +R24833 Mem.mem +R24833 Mem.mem +R24833 Mem.mem +R24999 Mem.contents +R25009 Mem.blocks +R24999 Mem.contents +R25009 Mem.blocks +R25257 Coq.Init.Logic "x = y" type_scope +R25237 Mem.check_cont +R25259 Mem.check_cont +R25226 Coq.ZArith.BinInt "x <= y" Z_scope +R25213 Coq.ZArith.BinInt "x + y" Z_scope +R25215 Coq.ZArith.BinInt.Z_of_nat +R25199 Coq.ZArith.BinInt "x <= y" Z_scope +R25190 Coq.ZArith.BinInt.Z +R25179 Coq.Init.Datatypes.nat +R25134 Mem.contentmap_agree +R25128 Coq.ZArith.BinInt.Z +R25128 Coq.ZArith.BinInt.Z +R25108 Mem.contentmap +R25108 Mem.contentmap +R25335 Coq.ZArith.Znat.inj_S +R25335 Coq.ZArith.Znat.inj_S +R25603 Coq.Init.Logic "x = y" type_scope +R25589 Mem.getN +R25605 Mem.getN +R25579 Coq.ZArith.BinInt "x < y" Z_scope +R25566 Coq.ZArith.BinInt "x + y" Z_scope +R25568 Coq.ZArith.BinInt.Z_of_nat +R25552 Coq.ZArith.BinInt "x <= y" Z_scope +R25543 Coq.ZArith.BinInt.Z +R25532 Coq.Init.Datatypes.nat +R25487 Mem.contentmap_agree +R25481 Coq.ZArith.BinInt.Z +R25481 Coq.ZArith.BinInt.Z +R25461 Mem.contentmap +R25461 Mem.contentmap +R25662 Mem.check_cont_agree +R25700 Coq.ZArith.BinInt "x + y" Z_scope +R25662 Mem.check_cont_agree +R25700 Coq.ZArith.BinInt "x + y" Z_scope +R25715 Mem.check_cont +R25733 Coq.ZArith.BinInt "x + y" Z_scope +R25715 Mem.check_cont +R25733 Coq.ZArith.BinInt "x + y" Z_scope +R25993 Coq.Init.Logic "x = y" type_scope +R25969 Mem.load_contents +R25995 Mem.load_contents +R25958 Coq.ZArith.BinInt "x <= y" Z_scope +R25944 Coq.ZArith.BinInt "x + y" Z_scope +R25946 Mem.size_mem +R25930 Coq.ZArith.BinInt "x <= y" Z_scope +R25893 Mem.contentmap_agree +R25887 Coq.ZArith.BinInt.Z +R25887 Coq.ZArith.BinInt.Z +R25887 Coq.ZArith.BinInt.Z +R25863 Mem.contentmap +R25863 Mem.contentmap +R25842 Mem.memory_size +R26126 Mem.getN_agree +R26166 Coq.ZArith.BinInt.Z_of_nat +R26126 Mem.getN_agree +R26126 Mem.getN_agree +R26126 Mem.getN_agree +R26126 Mem.getN_agree +R26166 Coq.ZArith.BinInt.Z_of_nat +R26166 Coq.ZArith.BinInt.Z_of_nat +R26166 Coq.ZArith.BinInt.Z_of_nat +R26166 Coq.ZArith.BinInt.Z_of_nat +R26306 Mem.contentmap_agree +R26350 Mem.set_cont +R26330 Mem.set_cont +R26272 Mem.contentmap_agree +R26266 Coq.ZArith.BinInt.Z +R26248 Mem.contentmap +R26248 Mem.contentmap +R26235 Coq.Init.Datatypes.nat +R26228 Coq.ZArith.BinInt.Z +R26228 Coq.ZArith.BinInt.Z +R26443 Coqlib.zeq +R26443 Coqlib.zeq +R26489 Mem.update_s +R26489 Mem.update_s +R26489 Mem.update_s +R26489 Mem.update_s +R26531 Mem.update_o +R26531 Mem.update_o +R26531 Mem.update_o +R26531 Mem.update_o +R26531 Mem.update_o +R26531 Mem.update_o +R26723 Mem.contentmap_agree +R26765 Mem.setN +R26747 Mem.setN +R26689 Mem.contentmap_agree +R26677 Mem.content +R26670 Coq.ZArith.BinInt.Z +R26652 Mem.contentmap +R26652 Mem.contentmap +R26639 Coq.Init.Datatypes.nat +R26632 Coq.ZArith.BinInt.Z +R26632 Coq.ZArith.BinInt.Z +R26838 Coqlib.zeq +R26838 Coqlib.zeq +R26884 Mem.update_s +R26884 Mem.update_s +R26884 Mem.update_s +R26884 Mem.update_s +R26926 Mem.update_o +R26926 Mem.update_o +R26926 Mem.update_o +R26926 Mem.update_o +R26953 Mem.set_cont_agree +R26987 Coq.ZArith.BinInt "x + y" Z_scope +R26953 Mem.set_cont_agree +R26987 Coq.ZArith.BinInt "x + y" Z_scope +R27146 Mem.contentmap_agree +R27206 Mem.store_contents +R27177 Mem.store_contents +R27112 Mem.contentmap_agree +R27104 Values.val +R27097 Coq.ZArith.BinInt.Z +R27097 Coq.ZArith.BinInt.Z +R27097 Coq.ZArith.BinInt.Z +R27073 Mem.contentmap +R27073 Mem.contentmap +R27052 Mem.memory_size +R27290 Mem.setN_agree +R27290 Mem.setN_agree +R27290 Mem.setN_agree +R27290 Mem.setN_agree +R27290 Mem.setN_agree +R27480 Mem.contentmap_agree +R27507 Mem.set_cont +R27462 Coq.Init.Logic "A \/ B" type_scope +R27456 Coq.ZArith.BinInt "x <= y" Z_scope +R27443 Coq.ZArith.BinInt "x + y" Z_scope +R27445 Coq.ZArith.BinInt.Z_of_nat +R27468 Coq.ZArith.BinInt "x <= y" Z_scope +R27405 Mem.contentmap_agree +R27399 Coq.ZArith.BinInt.Z +R27381 Mem.contentmap +R27381 Mem.contentmap +R27368 Coq.Init.Datatypes.nat +R27361 Coq.ZArith.BinInt.Z +R27361 Coq.ZArith.BinInt.Z +R27599 Coq.ZArith.Znat.inj_S +R27599 Coq.ZArith.Znat.inj_S +R27635 Coqlib.zeq +R27635 Coqlib.zeq +R27898 Mem.contentmap_agree +R27925 Mem.setN +R27880 Coq.Init.Logic "A \/ B" type_scope +R27875 Coq.ZArith.BinInt "x < y" Z_scope +R27862 Coq.ZArith.BinInt "x + y" Z_scope +R27864 Coq.ZArith.BinInt.Z_of_nat +R27886 Coq.ZArith.BinInt "x <= y" Z_scope +R27824 Mem.contentmap_agree +R27812 Mem.content +R27805 Coq.ZArith.BinInt.Z +R27787 Mem.contentmap +R27787 Mem.contentmap +R27774 Coq.Init.Datatypes.nat +R27767 Coq.ZArith.BinInt.Z +R27767 Coq.ZArith.BinInt.Z +R28013 Coqlib.zeq +R28013 Coqlib.zeq +R28063 Mem.set_cont_outside_agree +R28105 Coq.ZArith.BinInt "x + y" Z_scope +R28063 Mem.set_cont_outside_agree +R28105 Coq.ZArith.BinInt "x + y" Z_scope +R28323 Mem.contentmap_agree +R28350 Mem.store_contents +R28305 Coq.Init.Logic "A \/ B" type_scope +R28299 Coq.ZArith.BinInt "x <= y" Z_scope +R28285 Coq.ZArith.BinInt "x + y" Z_scope +R28287 Mem.size_mem +R28311 Coq.ZArith.BinInt "x <= y" Z_scope +R28247 Mem.contentmap_agree +R28239 Values.val +R28232 Coq.ZArith.BinInt.Z +R28232 Coq.ZArith.BinInt.Z +R28232 Coq.ZArith.BinInt.Z +R28208 Mem.contentmap +R28208 Mem.contentmap +R28187 Mem.memory_size +R28461 Mem.setN_outside_agree +R28493 Coq.ZArith.BinInt.Z_of_nat +R28461 Mem.setN_outside_agree +R28461 Mem.setN_outside_agree +R28461 Mem.setN_outside_agree +R28461 Mem.setN_outside_agree +R28493 Coq.ZArith.BinInt.Z_of_nat +R28493 Coq.ZArith.BinInt.Z_of_nat +R28493 Coq.ZArith.BinInt.Z_of_nat +R28493 Coq.ZArith.BinInt.Z_of_nat +R28788 Coq.Init.Logic "x = y" type_scope +R28770 Coq.Init.Logic "x = y" type_scope +R28750 Mem.load +R28772 Coq.Init.Datatypes.Some +R28735 Coq.Init.Logic "x = y" type_scope +R28715 Mem.load +R28737 Coq.Init.Datatypes.Some +R28704 Coq.ZArith.BinInt "x <= y" Z_scope +R28685 Coq.ZArith.BinInt "x + y" Z_scope +R28687 Mem.size_chunk +R28671 Coq.ZArith.BinInt "x <= y" Z_scope +R28637 Mem.block_agree +R28629 Values.val +R28629 Values.val +R28618 Coq.ZArith.BinInt.Z +R28609 Coq.ZArith.BinInt.Z +R28609 Coq.ZArith.BinInt.Z +R28594 Values.block +R28575 Mem.mem +R28575 Mem.mem +R28553 AST.memory_chunk +R28826 Mem.load_inv +R28826 Mem.load_inv +R28886 Mem.load_inv +R28886 Mem.load_inv +R28980 Mem.load_contentmap_agree +R28980 Mem.load_contentmap_agree +R29291 Mem.block_agree +R29275 Coq.Init.Logic "x = y" type_scope +R29251 Mem.store +R29277 Coq.Init.Datatypes.Some +R29235 Coq.Init.Logic "x = y" type_scope +R29211 Mem.store +R29237 Coq.Init.Datatypes.Some +R29180 Mem.block_agree +R29172 Values.val +R29165 Coq.ZArith.BinInt.Z +R29152 Values.block +R29135 Coq.ZArith.BinInt.Z +R29135 Coq.ZArith.BinInt.Z +R29120 Values.block +R29102 Mem.mem +R29102 Mem.mem +R29102 Mem.mem +R29102 Mem.mem +R29072 AST.memory_chunk +R29351 Mem.store_inv +R29351 Mem.store_inv +R29424 Mem.store_inv +R29424 Mem.store_inv +R29543 Coqlib.zeq +R29543 Coqlib.zeq +R29586 Mem.store_contentmap_agree +R29586 Mem.store_contentmap_agree +R29919 Mem.block_agree +R29903 Coq.Init.Logic "x = y" type_scope +R29879 Mem.store +R29905 Coq.Init.Datatypes.Some +R29829 Coq.Init.Logic "A \/ B" type_scope +R29823 Coq.Init.Logic "x <> y" type_scope +R29861 Coq.Init.Logic "A \/ B" type_scope +R29855 Coq.ZArith.BinInt "x <= y" Z_scope +R29836 Coq.ZArith.BinInt "x + y" Z_scope +R29838 Mem.size_chunk +R29867 Coq.ZArith.BinInt "x <= y" Z_scope +R29790 Mem.block_agree +R29782 Values.val +R29775 Coq.ZArith.BinInt.Z +R29762 Values.block +R29745 Coq.ZArith.BinInt.Z +R29745 Coq.ZArith.BinInt.Z +R29730 Values.block +R29712 Mem.mem +R29712 Mem.mem +R29712 Mem.mem +R29686 AST.memory_chunk +R29978 Mem.store_inv +R29978 Mem.store_inv +R30083 Coqlib.zeq +R30083 Coqlib.zeq +R30127 Mem.store_contentmap_outside_agree +R30127 Mem.store_contentmap_outside_agree +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R30334 Coq.Init.Logic "A /\ B" type_scope +R30322 Coq.ZArith.BinInt "x <= y" Z_scope +R30317 Mem.low +R30329 Mem.low +R30360 Coq.Init.Logic "A /\ B" type_scope +R30347 Coq.ZArith.BinInt "x <= y" Z_scope +R30341 Mem.high +R30354 Mem.high +R30365 Mem.contentmap_agree +R30419 Mem.contents +R30405 Mem.contents +R30395 Mem.high +R30386 Mem.low +R30292 Mem.block_contents +R30292 Mem.block_contents +R30500 Coq.Init.Logic "A /\ B" type_scope +R30483 Coq.Init.Logic "x = y" type_scope +R30472 Mem.nextblock +R30489 Mem.nextblock +R30550 Mem.block_contents_extends +R30594 Mem.blocks +R30578 Mem.blocks +R30528 Coq.ZArith.BinInt "x < y" Z_scope +R30534 Mem.nextblock +R30516 Values.block +R30458 Mem.mem +R30458 Mem.mem +R30648 Mem.extends +R30642 Mem.mem +R31002 Coq.Init.Logic "A /\ B" type_scope +R30997 Coq.Init.Logic "x = y" type_scope +R31005 Mem.extends +R30977 Coq.Init.Logic "x = y" type_scope +R30960 Mem.alloc +R30979 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R30943 Coq.Init.Logic "x = y" type_scope +R30926 Mem.alloc +R30945 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R30914 Coq.ZArith.BinInt "x <= y" Z_scope +R30900 Coq.ZArith.BinInt "x <= y" Z_scope +R30877 Mem.extends +R30867 Values.block +R30867 Values.block +R30856 Coq.ZArith.BinInt.Z +R30856 Coq.ZArith.BinInt.Z +R30856 Coq.ZArith.BinInt.Z +R30856 Coq.ZArith.BinInt.Z +R30833 Mem.mem +R30833 Mem.mem +R30833 Mem.mem +R30833 Mem.mem +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R31195 Coqlib.zeq +R31202 Mem.nextblock +R31195 Coqlib.zeq +R31202 Mem.nextblock +R31251 Mem.update_s +R31251 Mem.update_s +R31251 Mem.update_s +R31251 Mem.update_s +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R31332 Mem.update_o +R31332 Mem.update_o +R31332 Mem.update_o +R31332 Mem.update_o +R31332 Mem.update_o +R31332 Mem.update_o +R31458 Mem.extends +R31479 Mem.free +R31467 Mem.free +R31439 Mem.extends +R31429 Values.block +R31420 Mem.mem +R31420 Mem.mem +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R31582 Coqlib.zeq +R31582 Coqlib.zeq +R31628 Mem.update_s +R31628 Mem.update_s +R31628 Mem.update_s +R31628 Mem.update_s +R31732 Mem.update_o +R31732 Mem.update_o +R31732 Mem.update_o +R31732 Mem.update_o +R31732 Mem.update_o +R31732 Mem.update_o +R31956 Coq.Init.Logic "x = y" type_scope +R31936 Mem.load +R31958 Coq.Init.Datatypes.Some +R31922 Coq.Init.Logic "x = y" type_scope +R31902 Mem.load +R31924 Coq.Init.Datatypes.Some +R31883 Mem.extends +R31875 Values.val +R31868 Coq.ZArith.BinInt.Z +R31855 Values.block +R31846 Mem.mem +R31846 Mem.mem +R31824 AST.memory_chunk +R32023 Mem.load_inv +R32023 Mem.load_inv +R32110 Coqlib.zlt_true +R32110 Coqlib.zlt_true +R32176 Mem.in_bounds_holds +R32176 Mem.in_bounds_holds +R32272 Mem.low +R32277 Mem.blocks +R32303 Mem.high +R32309 Mem.blocks +R32234 Mem.load_contentmap_agree +R32272 Mem.low +R32277 Mem.blocks +R32303 Mem.high +R32309 Mem.blocks +R32234 Mem.load_contentmap_agree +R32522 Coq.Init.Logic "'exists' x , p" type_scope +R32568 Coq.Init.Logic "A /\ B" type_scope +R32557 Coq.Init.Logic "x = y" type_scope +R32534 Mem.store +R32559 Coq.Init.Datatypes.Some +R32571 Mem.extends +R32506 Coq.Init.Logic "x = y" type_scope +R32483 Mem.store +R32508 Coq.Init.Datatypes.Some +R32464 Mem.extends +R32456 Values.val +R32449 Coq.ZArith.BinInt.Z +R32436 Values.block +R32427 Mem.mem +R32427 Mem.mem +R32427 Mem.mem +R32401 AST.memory_chunk +R32653 Mem.store_inv +R32653 Mem.store_inv +R32798 Coqlib.zlt_true +R32798 Coqlib.zlt_true +R32822 Mem.in_bounds +R32840 Mem.blocks +R32822 Mem.in_bounds +R32840 Mem.blocks +R32872 Mem.unchecked_store +R32872 Mem.unchecked_store +R33108 Coqlib.zeq +R33108 Coqlib.zeq +R33182 Mem.store_contentmap_agree +R33182 Mem.store_contentmap_agree +R33512 Mem.extends +R33496 Coq.Init.Logic "x = y" type_scope +R33473 Mem.store +R33498 Coq.Init.Datatypes.Some +R33442 Coq.Init.Logic "A \/ B" type_scope +R33424 Coq.ZArith.BinInt "x <= y" Z_scope +R33405 Coq.ZArith.BinInt "x + y" Z_scope +R33407 Mem.size_chunk +R33427 Mem.low_bound +R33461 Coq.ZArith.BinInt "x <= y" Z_scope +R33445 Mem.high_bound +R33382 Mem.extends +R33374 Values.val +R33367 Coq.ZArith.BinInt.Z +R33354 Values.block +R33345 Mem.mem +R33345 Mem.mem +R33345 Mem.mem +R33319 AST.memory_chunk +R33600 Mem.store_inv +R33600 Mem.store_inv +R33740 Coqlib.zeq +R33740 Coqlib.zeq +R33860 Mem.store_contentmap_outside_agree +R33860 Mem.store_contentmap_outside_agree +R34146 Coq.Init.Logic "x = y" type_scope +R34092 Mem.block_contents_agree +R34126 Mem.high +R34117 Mem.low +R34075 Coq.Init.Logic "x = y" type_scope +R34069 Mem.high +R34081 Mem.high +R34049 Coq.Init.Logic "x = y" type_scope +R34044 Mem.low +R34055 Mem.low +R34021 Mem.block_contents +R34021 Mem.block_contents +R34310 Coq.Init.Logic "x = y" type_scope +R34310 Coq.Init.Logic "x = y" type_scope +R34347 Coqlib.extensionality +R34347 Coqlib.extensionality +R34380 Coqlib.zlt +R34380 Coqlib.zlt +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R34459 Coqlib.zlt +R34459 Coqlib.zlt +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R34576 Coq.Init.Logic "x = y" type_scope +R34576 Coq.Init.Logic "x = y" type_scope +R34594 Coqlib.proof_irrelevance +R34594 Coqlib.proof_irrelevance +R34769 Coq.Init.Logic "x = y" type_scope +R34744 Coq.Init.Logic "x = y" type_scope +R34734 Mem.blocks +R34750 Mem.blocks +R34697 Coq.Init.Logic "x = y" type_scope +R34686 Mem.nextblock +R34703 Mem.nextblock +R34905 Coq.Init.Logic "x = y" type_scope +R34905 Coq.Init.Logic "x = y" type_scope +R34920 Coqlib.extensionality +R34920 Coqlib.extensionality +R34967 Coq.Init.Logic "x = y" type_scope +R34967 Coq.Init.Logic "x = y" type_scope +R34986 Coqlib.proof_irrelevance +R34986 Coqlib.proof_irrelevance +R35102 Coq.Init.Datatypes.option +R35116 Coq.Init.Datatypes "x * y" type_scope +R35110 Values.block +R35118 Coq.ZArith.BinInt.Z +R35093 Values.block +R35141 Mem.meminj +R35179 Values.val +R35172 Values.val +R35251 Values.Vint +R35242 Values.Vint +R35320 Values.Vfloat +R35309 Values.Vfloat +R35486 Values.Vptr +R35471 Values.Vptr +R35422 Coq.Init.Logic "x = y" type_scope +R35424 Integers.add +R35438 Integers.repr +R35393 Coq.Init.Logic "x = y" type_scope +R35395 Coq.Init.Datatypes.Some +R35400 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35549 Values.Vundef +R35573 Mem.val_inject_int +R35588 Mem.val_inject_float +R35605 Mem.val_inject_ptr +R35621 Mem.val_inject_undef +R35679 Coq.Lists.List.list +R35684 Values.val +R35667 Coq.Lists.List.list +R35672 Values.val +R35745 Coq.Lists.List.nil +R35741 Coq.Lists.List.nil +R35876 Coq.Lists.List "x :: y" list_scope +R35867 Coq.Lists.List "x :: y" list_scope +R35799 Mem.val_inject +R35940 Values.val +R35933 Values.val +R35918 Mem.memory_size +R36013 Mem.val_inject +R36208 Values.Vint +R36198 Values.Vint +R36191 Mem.Size8 +R36140 Coq.Init.Logic "x = y" type_scope +R36119 Integers.cast8unsigned +R36142 Integers.cast8unsigned +R36362 Values.Vint +R36352 Values.Vint +R36344 Mem.Size16 +R36292 Coq.Init.Logic "x = y" type_scope +R36270 Integers.cast16unsigned +R36294 Integers.cast16unsigned +R36520 Values.Vfloat +R36508 Values.Vfloat +R36500 Mem.Size32 +R36447 Coq.Init.Logic "x = y" type_scope +R36424 Floats.singleoffloat +R36449 Floats.singleoffloat +R36546 Mem.val_content_inject_base +R36609 Mem.content +R36598 Mem.content +R36692 Mem.Undef +R36821 Mem.Datum8 +R36809 Mem.Datum8 +R36753 Mem.val_content_inject +R36772 Mem.Size8 +R36956 Mem.Datum16 +R36943 Mem.Datum16 +R36886 Mem.val_content_inject +R36905 Mem.Size16 +R37092 Mem.Datum32 +R37079 Mem.Datum32 +R37022 Mem.val_content_inject +R37041 Mem.Size32 +R37228 Mem.Datum64 +R37215 Mem.Datum64 +R37158 Mem.val_content_inject +R37177 Mem.Size64 +R37291 Mem.Cont +R37286 Mem.Cont +R37311 Mem.content_inject_undef +R37332 Mem.content_inject_datum8 +R37355 Mem.content_inject_datum16 +R37378 Mem.content_inject_datum32 +R37401 Mem.content_inject_datum64 +R37424 Mem.content_inject_cont +R37554 Mem.content_inject +R37583 Coq.ZArith.BinInt "x + y" Z_scope +R37537 Coq.ZArith.BinInt "x <= y < z" Z_scope +R37509 Coq.ZArith.BinInt.Z +R37509 Coq.ZArith.BinInt.Z +R37509 Coq.ZArith.BinInt.Z +R37483 Mem.contentmap +R37483 Mem.contentmap +R37632 Mem.block_contents +R37656 Coq.ZArith.BinInt.Z +R37729 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R37714 Integers.min_signed +R37741 Integers.max_signed +R37783 Coq.Init.Logic "A \/ B" type_scope +R37779 Coq.Init.Logic "x = y" type_scope +R37830 Coq.Init.Logic "A /\ B" type_scope +R37818 Coq.ZArith.BinInt "x <= y" Z_scope +R37803 Integers.min_signed +R37825 Mem.low +R37843 Coq.ZArith.BinInt "x <= y" Z_scope +R37837 Mem.high +R37846 Integers.max_signed +R37950 Coq.ZArith.BinInt "x <= y < z" Z_scope +R37946 Mem.low +R37953 Coq.ZArith.BinInt "x + y" Z_scope +R37953 Coq.ZArith.BinInt "x + y" Z_scope +R37966 Mem.high +R37897 Coq.ZArith.BinInt "x <= y < z" Z_scope +R37893 Mem.low +R37908 Mem.high +R37999 Mem.contentmap_inject +R38058 Mem.high +R38049 Mem.low +R38035 Mem.contents +R38021 Mem.contents +R38102 Mem.mem +R38197 Coq.Init.Logic "x = y" type_scope +R38199 Coq.Init.Datatypes.None +R38172 Coq.ZArith.BinInt "x >= y" Z_scope +R38179 Mem.nextblock +R38308 Coq.Init.Logic "A /\ B" type_scope +R38291 Coq.ZArith.BinInt "x < y" Z_scope +R38297 Mem.nextblock +R38317 Mem.block_contents_inject +R38389 Mem.blocks +R38344 Mem.blocks +R38261 Coq.Init.Logic "x = y" type_scope +R38263 Coq.Init.Datatypes.Some +R38267 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38610 Coq.Init.Logic "A \/ B" type_scope +R38596 Coq.Init.Logic "x <> y" type_scope +R38786 Coq.Init.Logic "x <> y" type_scope +R38778 Coq.ZArith.BinInt "x + y" Z_scope +R38791 Coq.ZArith.BinInt "x + y" Z_scope +R38718 Coq.ZArith.BinInt "x <= y < z" Z_scope +R38702 Mem.low_bound +R38726 Mem.high_bound +R38644 Coq.ZArith.BinInt "x <= y < z" Z_scope +R38628 Mem.low_bound +R38652 Mem.high_bound +R38562 Coq.Init.Logic "x = y" type_scope +R38564 Coq.Init.Datatypes.Some +R38569 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38527 Coq.Init.Logic "x = y" type_scope +R38529 Coq.Init.Datatypes.Some +R38534 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38507 Coq.Init.Logic "x <> y" type_scope +R38899 Coq.ZArith.BinInt "x > y" Z_scope +R38887 Mem.size_mem +R38997 Coq.ZArith.BinInt "x > y" Z_scope +R38980 Mem.size_chunk +R39042 Mem.size_mem_pos +R39042 Mem.size_mem_pos +R39341 Coq.Init.Logic "x = y" type_scope +R39325 Integers.signed +R39359 Coq.ZArith.BinInt "x + y" Z_scope +R39343 Integers.signed +R39292 Coq.Init.Logic "x = y" type_scope +R39294 Integers.add +R39308 Integers.repr +R39267 Coq.Init.Logic "x = y" type_scope +R39269 Coq.Init.Datatypes.Some +R39274 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39230 Coq.ZArith.BinInt "x <= y" Z_scope +R39211 Coq.ZArith.BinInt "x + y" Z_scope +R39195 Integers.signed +R39213 Mem.size_chunk +R39251 Mem.high +R39238 Mem.blocks +R39171 Coq.ZArith.BinInt "x <= y" Z_scope +R39166 Mem.low +R39153 Mem.blocks +R39174 Integers.signed +R39126 Mem.mem_inject +R39396 Mem.size_chunk_pos +R39396 Mem.size_chunk_pos +R39440 Mem.mi_mappedblocks +R39440 Mem.mi_mappedblocks +R39567 Coq.ZArith.BinInt.Zplus_0_r +R39567 Coq.ZArith.BinInt.Zplus_0_r +R39587 Integers.add_zero +R39587 Integers.add_zero +R39666 Integers.add_signed +R39666 Integers.add_signed +R39697 Integers.signed_repr +R39697 Integers.signed_repr +R39697 Integers.signed_repr +R39697 Integers.signed_repr +R39697 Integers.signed_repr +R39697 Integers.signed_repr +R39697 Integers.signed_repr +R39697 Integers.signed_repr +R39758 Coq.ZArith.BinInt "x <= y < z" Z_scope +R39739 Mem.low +R39744 Mem.blocks +R39761 Integers.signed +R39761 Integers.signed +R39779 Mem.high +R39785 Mem.blocks +R39758 Coq.ZArith.BinInt "x <= y < z" Z_scope +R39739 Mem.low +R39744 Mem.blocks +R39761 Integers.signed +R39761 Integers.signed +R39779 Mem.high +R39785 Mem.blocks +R39838 Integers.signed +R39838 Integers.signed +R40058 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R40043 Integers.min_signed +R40076 Coq.ZArith.BinInt "x + y" Z_scope +R40061 Integers.signed +R40078 Integers.signed +R40090 Integers.repr +R40076 Coq.ZArith.BinInt "x + y" Z_scope +R40061 Integers.signed +R40078 Integers.signed +R40090 Integers.repr +R40105 Integers.max_signed +R40024 Coq.Init.Logic "x = y" type_scope +R40026 Coq.Init.Datatypes.Some +R40030 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40008 Coq.Init.Logic "x = y" type_scope +R39972 Mem.valid_pointer +R39992 Integers.signed +R40010 Coq.Init.Datatypes.true +R39950 Mem.mem_inject +R40178 Coqlib.zlt +R40185 Mem.nextblock +R40178 Coqlib.zlt +R40185 Mem.nextblock +R40231 Coqlib.zle +R40256 Integers.signed +R40236 Mem.low +R40241 Mem.blocks +R40231 Coqlib.zle +R40256 Integers.signed +R40236 Mem.low +R40241 Mem.blocks +R40304 Coqlib.zlt +R40326 Mem.high +R40332 Mem.blocks +R40309 Integers.signed +R40304 Coqlib.zlt +R40326 Mem.high +R40332 Mem.blocks +R40309 Integers.signed +R40502 Integers.signed_repr +R40502 Integers.signed_repr +R40549 Coq.ZArith.BinInt.Zplus_0_r +R40549 Coq.ZArith.BinInt.Zplus_0_r +R40567 Integers.signed_range +R40567 Integers.signed_range +R40630 Coq.Init.Logic.conj +R40630 Coq.Init.Logic.conj +R40661 Integers.signed_repr +R40661 Integers.signed_repr +R40929 Coq.Init.Logic "x = y" type_scope +R40901 Mem.check_cont +R40917 Coq.ZArith.BinInt "x + y" Z_scope +R40931 Coq.Init.Datatypes.true +R40889 Coq.Init.Logic "x = y" type_scope +R40871 Mem.check_cont +R40891 Coq.Init.Datatypes.true +R40860 Coq.ZArith.BinInt "x <= y" Z_scope +R40847 Coq.ZArith.BinInt "x + y" Z_scope +R40849 Coq.ZArith.BinInt.Z_of_nat +R40837 Coq.ZArith.BinInt "x <= y" Z_scope +R40779 Mem.contentmap_inject +R40997 Mem.check_cont +R40997 Mem.check_cont +R41017 Coq.ZArith.Znat.inj_S +R41017 Coq.ZArith.Znat.inj_S +R41053 Coq.ZArith.BinInt "x <= y < z" Z_scope +R41053 Coq.ZArith.BinInt "x <= y < z" Z_scope +R41165 Coq.ZArith.BinInt "x + y" Z_scope +R41157 Coq.ZArith.BinInt "x + y" Z_scope +R41182 Coq.ZArith.BinInt "x + y" Z_scope +R41179 Coq.ZArith.BinInt "x + y" Z_scope +R41165 Coq.ZArith.BinInt "x + y" Z_scope +R41157 Coq.ZArith.BinInt "x + y" Z_scope +R41182 Coq.ZArith.BinInt "x + y" Z_scope +R41179 Coq.ZArith.BinInt "x + y" Z_scope +R41257 Mem.check_cont_inject +R41417 Mem.content_inject +R41447 Mem.getN +R41457 Coq.ZArith.BinInt "x + y" Z_scope +R41433 Mem.getN +R41407 Coq.ZArith.BinInt "x < y" Z_scope +R41394 Coq.ZArith.BinInt "x + y" Z_scope +R41396 Coq.ZArith.BinInt.Z_of_nat +R41384 Coq.ZArith.BinInt "x <= y" Z_scope +R41326 Mem.contentmap_inject +R41514 Coq.ZArith.BinInt "x <= y < z" Z_scope +R41514 Coq.ZArith.BinInt "x <= y < z" Z_scope +R41558 Mem.check_cont +R41574 Coq.ZArith.BinInt "x + y" Z_scope +R41558 Mem.check_cont +R41574 Coq.ZArith.BinInt "x + y" Z_scope +R41602 Mem.check_cont +R41626 Coq.ZArith.BinInt "x + y" Z_scope +R41618 Coq.ZArith.BinInt "x + y" Z_scope +R41640 Coq.Init.Datatypes.true +R41602 Mem.check_cont +R41626 Coq.ZArith.BinInt "x + y" Z_scope +R41618 Coq.ZArith.BinInt "x + y" Z_scope +R41640 Coq.Init.Datatypes.true +R41701 Coq.ZArith.BinInt "x + y" Z_scope +R41693 Coq.ZArith.BinInt "x + y" Z_scope +R41718 Coq.ZArith.BinInt "x + y" Z_scope +R41715 Coq.ZArith.BinInt "x + y" Z_scope +R41701 Coq.ZArith.BinInt "x + y" Z_scope +R41693 Coq.ZArith.BinInt "x + y" Z_scope +R41718 Coq.ZArith.BinInt "x + y" Z_scope +R41715 Coq.ZArith.BinInt "x + y" Z_scope +R41739 Mem.check_cont_inject +R41739 Mem.check_cont_inject +R41823 Mem.getN_inject +R41862 Coq.Init.Datatypes.nat +R41883 Coq.ZArith.BinInt.Z0 +R41889 Coq.Init.Datatypes.O +R41893 Coq.ZArith.BinInt.Zpos +R41905 Coq.NArith.BinPos.nat_of_P +R41919 Coq.ZArith.BinInt.Zneg +R41928 Coq.Init.Datatypes.O +R41858 Coq.ZArith.BinInt.Z +R42079 Mem.val_content_inject +R42126 Mem.load_contents +R42149 Coq.ZArith.BinInt "x + y" Z_scope +R42102 Mem.load_contents +R42068 Coq.ZArith.BinInt "x <= y" Z_scope +R42054 Coq.ZArith.BinInt "x + y" Z_scope +R42056 Mem.size_mem +R42044 Coq.ZArith.BinInt "x <= y" Z_scope +R42000 Mem.contentmap_inject +R42183 Mem.content_inject +R42237 Mem.getN +R42269 Coq.ZArith.BinInt "x + y" Z_scope +R42262 Coq.Init.Peano "x - y" nat_scope +R42243 Mem.ztonat +R42250 Mem.size_mem +R42199 Mem.getN +R42225 Coq.Init.Peano "x - y" nat_scope +R42205 Mem.ztonat +R42213 Mem.size_mem +R42183 Mem.content_inject +R42237 Mem.getN +R42269 Coq.ZArith.BinInt "x + y" Z_scope +R42262 Coq.Init.Peano "x - y" nat_scope +R42243 Mem.ztonat +R42250 Mem.size_mem +R42199 Mem.getN +R42225 Coq.Init.Peano "x - y" nat_scope +R42205 Mem.ztonat +R42213 Mem.size_mem +R42308 Coq.ZArith.BinInt "x <= y < z" Z_scope +R42349 Mem.getN_inject +R42308 Coq.ZArith.BinInt "x <= y < z" Z_scope +R42308 Coq.ZArith.BinInt "x <= y < z" Z_scope +R42308 Coq.ZArith.BinInt "x <= y < z" Z_scope +R42308 Coq.ZArith.BinInt "x <= y < z" Z_scope +R42349 Mem.getN_inject +R42349 Mem.getN_inject +R42349 Mem.getN_inject +R42349 Mem.getN_inject +R42470 Mem.load_contents_inject +R42591 Mem.val_inject +R42630 Values.load_result +R42603 Values.load_result +R42543 Mem.val_content_inject +R42563 Mem.mem_chunk +R42774 Integers.cast8signed +R42800 Integers.cast8signed +R42774 Integers.cast8signed +R42800 Integers.cast8signed +R42841 Integers.cast8_signed_equal_if_unsigned_equal +R42841 Integers.cast8_signed_equal_if_unsigned_equal +R42923 Integers.cast16signed +R42950 Integers.cast16signed +R42923 Integers.cast16signed +R42950 Integers.cast16signed +R42992 Integers.cast16_signed_equal_if_unsigned_equal +R42992 Integers.cast16_signed_equal_if_unsigned_equal +R43100 Mem.val_inject_ptr +R43100 Mem.val_inject_ptr +R43308 Coq.Init.Logic "A /\ B" type_scope +R43295 Coq.ZArith.BinInt "x <= y" Z_scope +R43290 Mem.low +R43300 Coq.ZArith.BinInt "x + y" Z_scope +R43342 Coq.ZArith.BinInt "x <= y" Z_scope +R43321 Coq.ZArith.BinInt "x + y" Z_scope +R43314 Coq.ZArith.BinInt "x + y" Z_scope +R43325 Mem.size_chunk +R43349 Mem.high +R43244 Coq.Init.Logic "A /\ B" type_scope +R43239 Coq.ZArith.BinInt "x <= y" Z_scope +R43234 Mem.low +R43268 Coq.ZArith.BinInt "x <= y" Z_scope +R43249 Coq.ZArith.BinInt "x + y" Z_scope +R43251 Mem.size_chunk +R43275 Mem.high +R43191 Mem.block_contents_inject +R43403 Mem.size_chunk_pos +R43403 Mem.size_chunk_pos +R43450 Coq.ZArith.BinInt "x <= y < z" Z_scope +R43443 Mem.low +R43474 Coq.ZArith.BinInt "x - y" Z_scope +R43455 Coq.ZArith.BinInt "x + y" Z_scope +R43457 Mem.size_chunk +R43474 Coq.ZArith.BinInt "x - y" Z_scope +R43455 Coq.ZArith.BinInt "x + y" Z_scope +R43457 Mem.size_chunk +R43480 Mem.high +R43450 Coq.ZArith.BinInt "x <= y < z" Z_scope +R43443 Mem.low +R43474 Coq.ZArith.BinInt "x - y" Z_scope +R43455 Coq.ZArith.BinInt "x + y" Z_scope +R43457 Mem.size_chunk +R43474 Coq.ZArith.BinInt "x - y" Z_scope +R43455 Coq.ZArith.BinInt "x + y" Z_scope +R43457 Mem.size_chunk +R43480 Mem.high +R43557 Coq.ZArith.BinInt "x <= y < z" Z_scope +R43550 Mem.low +R43564 Mem.high +R43557 Coq.ZArith.BinInt "x <= y < z" Z_scope +R43550 Mem.low +R43564 Mem.high +R43775 Mem.val_content_inject +R43838 Mem.load_contents +R43872 Coq.ZArith.BinInt "x + y" Z_scope +R43859 Mem.contents +R43798 Mem.load_contents +R43819 Mem.contents +R43757 Coq.ZArith.BinInt "x <= y" Z_scope +R43743 Coq.ZArith.BinInt "x + y" Z_scope +R43745 Mem.size_mem +R43764 Mem.high +R43733 Coq.ZArith.BinInt "x <= y" Z_scope +R43728 Mem.low +R43687 Mem.block_contents_inject +R43948 Mem.low +R43957 Mem.high +R43918 Mem.load_contents_inject +R43948 Mem.low +R43957 Mem.high +R43918 Mem.load_contents_inject +R44132 Coq.Init.Logic "'exists' x , p" type_scope +R44184 Coq.Init.Logic "A /\ B" type_scope +R44174 Coq.Init.Logic "x = y" type_scope +R44143 Mem.load +R44165 Coq.ZArith.BinInt "x + y" Z_scope +R44176 Coq.Init.Datatypes.Some +R44187 Mem.val_inject +R44108 Coq.Init.Logic "x = y" type_scope +R44110 Coq.Init.Datatypes.Some +R44115 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44088 Coq.Init.Logic "x = y" type_scope +R44067 Mem.load +R44090 Coq.Init.Datatypes.Some +R44045 Mem.mem_inject +R44236 Mem.load_inv +R44236 Mem.load_inv +R44379 Values.load_result +R44402 Mem.load_contents +R44477 Coq.ZArith.BinInt "x + y" Z_scope +R44463 Mem.contents +R44450 Mem.blocks +R44417 Mem.mem_chunk +R44379 Values.load_result +R44402 Mem.load_contents +R44477 Coq.ZArith.BinInt "x + y" Z_scope +R44463 Mem.contents +R44450 Mem.blocks +R44417 Mem.mem_chunk +R44528 Mem.size_chunk_pos +R44528 Mem.size_chunk_pos +R44569 Coqlib.zlt_true +R44569 Coqlib.zlt_true +R44587 Mem.in_bounds_holds +R44587 Mem.in_bounds_holds +R44639 Coq.ZArith.BinInt "x <= y < z" Z_scope +R44620 Mem.low +R44625 Mem.blocks +R44648 Mem.high +R44654 Mem.blocks +R44639 Coq.ZArith.BinInt "x <= y < z" Z_scope +R44620 Mem.low +R44625 Mem.blocks +R44648 Mem.high +R44654 Mem.blocks +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R44751 Coq.ZArith.BinInt "x <= y < z" Z_scope +R44732 Mem.low +R44737 Mem.blocks +R44777 Coq.ZArith.BinInt "x - y" Z_scope +R44758 Coq.ZArith.BinInt "x + y" Z_scope +R44760 Mem.size_chunk +R44777 Coq.ZArith.BinInt "x - y" Z_scope +R44758 Coq.ZArith.BinInt "x + y" Z_scope +R44760 Mem.size_chunk +R44783 Mem.high +R44788 Mem.blocks +R44751 Coq.ZArith.BinInt "x <= y < z" Z_scope +R44732 Mem.low +R44737 Mem.blocks +R44777 Coq.ZArith.BinInt "x - y" Z_scope +R44758 Coq.ZArith.BinInt "x + y" Z_scope +R44760 Mem.size_chunk +R44777 Coq.ZArith.BinInt "x - y" Z_scope +R44758 Coq.ZArith.BinInt "x + y" Z_scope +R44760 Mem.size_chunk +R44783 Mem.high +R44788 Mem.blocks +R44892 Mem.load_result_inject +R44892 Mem.load_result_inject +R44922 Mem.load_contents_inject +R44922 Mem.load_contents_inject +R45087 Coq.Init.Logic "'exists' x , p" type_scope +R45126 Coq.Init.Logic "A /\ B" type_scope +R45116 Coq.Init.Logic "x = y" type_scope +R45098 Mem.loadv +R45118 Coq.Init.Datatypes.Some +R45129 Mem.val_inject +R45065 Mem.val_inject +R45050 Coq.Init.Logic "x = y" type_scope +R45032 Mem.loadv +R45052 Coq.Init.Datatypes.Some +R45010 Mem.mem_inject +R45237 Integers.signed +R45276 Coq.ZArith.BinInt "x + y" Z_scope +R45260 Integers.signed +R45237 Integers.signed +R45276 Coq.ZArith.BinInt "x + y" Z_scope +R45260 Integers.signed +R45290 Mem.load_inject +R45290 Mem.load_inject +R45351 Mem.load_inv +R45351 Mem.load_inv +R45405 Mem.address_inject +R45405 Mem.address_inject +R45629 Mem.contentmap_inject +R45666 Mem.set_cont +R45680 Coq.ZArith.BinInt "x + y" Z_scope +R45648 Mem.set_cont +R45618 Coq.ZArith.BinInt "x <= y" Z_scope +R45605 Coq.ZArith.BinInt "x + y" Z_scope +R45607 Coq.ZArith.BinInt.Z_of_nat +R45595 Coq.ZArith.BinInt "x <= y" Z_scope +R45537 Mem.contentmap_inject +R45830 Coqlib.zeq +R45830 Coqlib.zeq +R45866 Coqlib.zeq_true +R45866 Coqlib.zeq_true +R45897 Coqlib.zeq_false +R45897 Coqlib.zeq_false +R45927 Coq.ZArith.BinInt "x + y" Z_scope +R45919 Coq.ZArith.BinInt "x + y" Z_scope +R45944 Coq.ZArith.BinInt "x + y" Z_scope +R45941 Coq.ZArith.BinInt "x + y" Z_scope +R45927 Coq.ZArith.BinInt "x + y" Z_scope +R45919 Coq.ZArith.BinInt "x + y" Z_scope +R45944 Coq.ZArith.BinInt "x + y" Z_scope +R45941 Coq.ZArith.BinInt "x + y" Z_scope +R45982 Coq.ZArith.Znat.inj_S +R45982 Coq.ZArith.Znat.inj_S +R46196 Mem.contentmap_inject +R46232 Mem.setN +R46242 Coq.ZArith.BinInt "x + y" Z_scope +R46215 Mem.setN +R46186 Coq.ZArith.BinInt "x < y" Z_scope +R46173 Coq.ZArith.BinInt "x + y" Z_scope +R46175 Coq.ZArith.BinInt.Z_of_nat +R46163 Coq.ZArith.BinInt "x <= y" Z_scope +R46134 Mem.content_inject +R46093 Mem.contentmap_inject +R46360 Coqlib.zeq +R46360 Coqlib.zeq +R46397 Coqlib.zeq_true +R46397 Coqlib.zeq_true +R46429 Coqlib.zeq_false +R46429 Coqlib.zeq_false +R46462 Coq.ZArith.BinInt "x + y" Z_scope +R46454 Coq.ZArith.BinInt "x + y" Z_scope +R46479 Coq.ZArith.BinInt "x + y" Z_scope +R46476 Coq.ZArith.BinInt "x + y" Z_scope +R46462 Coq.ZArith.BinInt "x + y" Z_scope +R46454 Coq.ZArith.BinInt "x + y" Z_scope +R46479 Coq.ZArith.BinInt "x + y" Z_scope +R46476 Coq.ZArith.BinInt "x + y" Z_scope +R46499 Mem.set_cont_inject +R46499 Mem.set_cont_inject +R46772 Mem.contentmap_inject +R46840 Mem.store_contents +R46864 Coq.ZArith.BinInt "x + y" Z_scope +R46791 Mem.store_contents +R46761 Coq.ZArith.BinInt "x <= y" Z_scope +R46747 Coq.ZArith.BinInt "x + y" Z_scope +R46749 Mem.size_mem +R46737 Coq.ZArith.BinInt "x <= y" Z_scope +R46701 Mem.val_content_inject +R46660 Mem.contentmap_inject +R46960 Mem.setN_inject +R46960 Mem.setN_inject +R46960 Mem.setN_inject +R46960 Mem.setN_inject +R46960 Mem.setN_inject +R47118 Coq.Init.Logic "x = y" type_scope +R47100 Mem.set_cont +R47088 Coq.Init.Logic "x <> y" type_scope +R47061 Coq.ZArith.BinInt "x <= y < z" Z_scope +R47070 Coq.ZArith.BinInt "x + y" Z_scope +R47072 Coq.ZArith.BinInt.Z_of_nat +R47180 Coq.ZArith.Znat.inj_S +R47180 Coq.ZArith.Znat.inj_S +R47200 Mem.update_o +R47200 Mem.update_o +R47507 Mem.contentmap_inject +R47529 Mem.set_cont +R47487 Coq.Init.Logic "x <> y" type_scope +R47493 Coq.ZArith.BinInt "x + y" Z_scope +R47452 Coq.ZArith.BinInt "x <= y < z" Z_scope +R47406 Coq.ZArith.BinInt "x <= y < z" Z_scope +R47416 Coq.ZArith.BinInt "x + y" Z_scope +R47418 Coq.ZArith.BinInt.Z_of_nat +R47334 Mem.contentmap_inject +R47614 Mem.set_cont_outside1 +R47614 Mem.set_cont_outside1 +R47919 Mem.contentmap_inject +R47941 Mem.setN +R47899 Coq.Init.Logic "x <> y" type_scope +R47905 Coq.ZArith.BinInt "x + y" Z_scope +R47865 Coq.ZArith.BinInt "x <= y < z" Z_scope +R47815 Coq.ZArith.BinInt "x <= y < z" Z_scope +R47825 Coq.ZArith.BinInt "x + y" Z_scope +R47827 Coq.ZArith.BinInt.Z_of_nat +R47837 Coq.Init.Datatypes.S +R47757 Mem.contentmap_inject +R48020 Mem.update_o +R48020 Mem.update_o +R48038 Mem.set_cont_outside_inject +R48038 Mem.set_cont_outside_inject +R48108 Coq.ZArith.Znat.inj_S +R48108 Coq.ZArith.Znat.inj_S +R48155 Coq.ZArith.Znat.inj_S +R48155 Coq.ZArith.Znat.inj_S +R48413 Mem.contentmap_inject +R48435 Mem.store_contents +R48394 Coq.Init.Logic "x <> y" type_scope +R48400 Coq.ZArith.BinInt "x + y" Z_scope +R48360 Coq.ZArith.BinInt "x <= y < z" Z_scope +R48313 Coq.ZArith.BinInt "x <= y < z" Z_scope +R48323 Coq.ZArith.BinInt "x + y" Z_scope +R48325 Mem.size_mem +R48255 Mem.contentmap_inject +R48524 Mem.size_mem_pos +R48524 Mem.size_mem_pos +R48590 Mem.setN_outside_inject +R48590 Mem.setN_outside_inject +R48590 Mem.setN_outside_inject +R48590 Mem.setN_outside_inject +R48590 Mem.setN_outside_inject +R48849 Coq.Init.Logic "'exists' x , p" type_scope +R48913 Coq.Init.Logic "A /\ B" type_scope +R48899 Coq.Init.Logic "x = y" type_scope +R48864 Mem.store +R48887 Coq.ZArith.BinInt "x + y" Z_scope +R48901 Coq.Init.Datatypes.Some +R48916 Mem.mem_inject +R48801 Mem.val_content_inject +R48821 Mem.mem_chunk +R48777 Coq.Init.Logic "x = y" type_scope +R48779 Coq.Init.Datatypes.Some +R48784 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48757 Coq.Init.Logic "x = y" type_scope +R48732 Mem.store +R48759 Coq.Init.Datatypes.Some +R48710 Mem.mem_inject +R48962 Mem.size_chunk_pos +R48962 Mem.size_chunk_pos +R49012 Mem.store_inv +R49012 Mem.store_inv +R49161 Mem.in_bounds_inject +R49191 Coq.Init.Logic.conj +R49161 Mem.in_bounds_inject +R49191 Coq.Init.Logic.conj +R49223 Mem.unchecked_store +R49255 Coq.ZArith.BinInt "x + y" Z_scope +R49223 Mem.unchecked_store +R49255 Coq.ZArith.BinInt "x + y" Z_scope +R49301 Coqlib.zlt_true +R49301 Coqlib.zlt_true +R49323 Mem.in_bounds +R49354 Mem.blocks +R49344 Coq.ZArith.BinInt "x + y" Z_scope +R49323 Mem.in_bounds +R49354 Mem.blocks +R49344 Coq.ZArith.BinInt "x + y" Z_scope +R49387 Coq.Init.Logic "x = y" type_scope +R49387 Coq.Init.Logic "x = y" type_scope +R49401 Coqlib.proof_irrelevance +R49401 Coqlib.proof_irrelevance +R49688 Coqlib.zeq +R49688 Coqlib.zeq +R49725 Coq.Init.Logic "x = y" type_scope +R49725 Coq.Init.Logic "x = y" type_scope +R49770 Coq.Init.Logic "x = y" type_scope +R49770 Coq.Init.Logic "x = y" type_scope +R49814 Coqlib.zeq_true +R49814 Coqlib.zeq_true +R49869 Mem.store_contents_inject +R49869 Mem.store_contents_inject +R49977 Coqlib.zeq +R49977 Coqlib.zeq +R50059 Mem.store_contents_outside_inject +R50124 Coq.ZArith.BinInt "x + y" Z_scope +R50100 Mem.mem_chunk +R50059 Mem.store_contents_outside_inject +R50124 Coq.ZArith.BinInt "x + y" Z_scope +R50100 Mem.mem_chunk +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R50277 Coq.Init.Logic.sym_not_equal +R50277 Coq.Init.Logic.sym_not_equal +R50320 Coq.ZArith.BinInt "x + y" Z_scope +R50313 Coq.ZArith.BinInt "x - y" Z_scope +R50320 Coq.ZArith.BinInt "x + y" Z_scope +R50313 Coq.ZArith.BinInt "x - y" Z_scope +R50576 Coqlib.zeq +R50576 Coqlib.zeq +R50620 Coqlib.zeq_false +R50620 Coqlib.zeq_false +R50650 Coqlib.zeq +R50650 Coqlib.zeq +R50893 Coq.Init.Logic "'exists' x , p" type_scope +R50957 Coq.Init.Logic "A /\ B" type_scope +R50943 Coq.Init.Logic "x = y" type_scope +R50908 Mem.store +R50931 Coq.ZArith.BinInt "x + y" Z_scope +R50945 Coq.Init.Datatypes.Some +R50960 Mem.mem_inject +R50871 Mem.val_inject +R50847 Coq.Init.Logic "x = y" type_scope +R50849 Coq.Init.Datatypes.Some +R50854 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R50827 Coq.Init.Logic "x = y" type_scope +R50802 Mem.store +R50829 Coq.Init.Datatypes.Some +R50780 Mem.mem_inject +R51002 Mem.store_mapped_inject_1 +R51002 Mem.store_mapped_inject_1 +R51183 Mem.mem_inject +R51171 Coq.Init.Logic "x = y" type_scope +R51173 Coq.Init.Datatypes.None +R51151 Coq.Init.Logic "x = y" type_scope +R51126 Mem.store +R51153 Coq.Init.Datatypes.Some +R51104 Mem.mem_inject +R51241 Mem.store_inv +R51241 Mem.store_inv +R51432 Coqlib.zeq_false +R51432 Coqlib.zeq_false +R51509 Coq.Init.Logic "x = y" type_scope +R51494 Mem.low_bound +R51511 Mem.low_bound +R51509 Coq.Init.Logic "x = y" type_scope +R51494 Mem.low_bound +R51511 Mem.low_bound +R51590 Coqlib.zeq +R51590 Coqlib.zeq +R51679 Coq.Init.Logic "x = y" type_scope +R51663 Mem.high_bound +R51681 Mem.high_bound +R51679 Coq.Init.Logic "x = y" type_scope +R51663 Mem.high_bound +R51681 Mem.high_bound +R51762 Coqlib.zeq +R51762 Coqlib.zeq +R52065 Coq.Init.Logic "'exists' x , p" type_scope +R52112 Coq.Init.Logic "A /\ B" type_scope +R52102 Coq.Init.Logic "x = y" type_scope +R52080 Mem.storev +R52104 Coq.Init.Datatypes.Some +R52115 Mem.mem_inject +R52017 Mem.val_content_inject +R52037 Mem.mem_chunk +R51995 Mem.val_inject +R51980 Coq.Init.Logic "x = y" type_scope +R51958 Mem.storev +R51982 Coq.Init.Datatypes.Some +R51936 Mem.mem_inject +R52237 Integers.signed +R52273 Coq.ZArith.BinInt "x + y" Z_scope +R52260 Integers.signed +R52237 Integers.signed +R52273 Coq.ZArith.BinInt "x + y" Z_scope +R52260 Integers.signed +R52288 Mem.store_mapped_inject_1 +R52288 Mem.store_mapped_inject_1 +R52342 Mem.store_inv +R52342 Mem.store_inv +R52407 Mem.address_inject +R52407 Mem.address_inject +R52628 Coq.Init.Logic "'exists' x , p" type_scope +R52675 Coq.Init.Logic "A /\ B" type_scope +R52665 Coq.Init.Logic "x = y" type_scope +R52643 Mem.storev +R52667 Coq.Init.Datatypes.Some +R52678 Mem.mem_inject +R52606 Mem.val_inject +R52584 Mem.val_inject +R52569 Coq.Init.Logic "x = y" type_scope +R52547 Mem.storev +R52571 Coq.Init.Datatypes.Some +R52525 Mem.mem_inject +R52720 Mem.storev_mapped_inject_1 +R52720 Mem.storev_mapped_inject_1 +R52851 Mem.mem_inject +R52863 Mem.free +R52829 Mem.mem_inject +R53056 Coqlib.zeq +R53056 Coqlib.zeq +R53286 Coqlib.zeq +R53286 Coqlib.zeq +R53356 Coqlib.zeq +R53356 Coqlib.zeq +R53557 Mem.mem_inject +R53569 Mem.free_list +R53535 Mem.mem_inject +R53642 Mem.free_first_inject +R53642 Mem.free_first_inject +R53844 Mem.mem_inject +R53859 Mem.free +R53822 Mem.mem_inject +R53796 Coq.ZArith.BinInt "x >= y" Z_scope +R53780 Mem.low_bound +R53799 Mem.high_bound +R53739 Coq.Init.Logic "x = y" type_scope +R53741 Coq.Init.Datatypes.Some +R53745 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R54063 Coqlib.zeq +R54063 Coqlib.zeq +R54477 Coq.ZArith.BinInt "x >= y" Z_scope +R54461 Mem.low_bound +R54480 Mem.high_bound +R54450 Coq.Init.Logic "x = y" type_scope +R54440 Mem.free +R54600 Mem.update_s +R54600 Mem.update_s +R54744 Coq.ZArith.BinInt "x >= y" Z_scope +R54728 Mem.low_bound +R54747 Mem.high_bound +R54718 Coq.Lists.List.In +R54687 Mem.free_list +R54838 Coq.Lists.List.in_inv +R54838 Coq.Lists.List.in_inv +R54921 Mem.bounds_free_block +R54944 Coq.Lists.List.fold_right +R54985 Mem.free +R54977 Mem.mem +R54965 Values.block +R54921 Mem.bounds_free_block +R54944 Coq.Lists.List.fold_right +R54985 Mem.free +R54977 Mem.mem +R54965 Values.block +R55144 Coqlib.zeq +R55144 Coqlib.zeq +R55359 Mem.mem_inject +R55388 Mem.free +R55371 Mem.free_list +R55337 Mem.mem_inject +R55323 Coq.Lists.List.In +R55303 Coq.Init.Logic "x = y" type_scope +R55305 Coq.Init.Datatypes.Some +R55309 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55424 Mem.free_snd_inject +R55424 Mem.free_snd_inject +R55459 Mem.free_empty_bounds +R55459 Mem.free_empty_bounds +R55514 Mem.free_first_list_inject +R55514 Mem.free_first_list_inject +R55581 Mem.val_inject_int +R55596 Mem.val_inject_float +R55613 Mem.val_inject_ptr +R55628 Mem.val_inject_undef +R55659 Mem.val_nil_inject +R55674 Mem.val_cons_inject +R55796 Coq.Init.Logic "A \/ B" type_scope +R55789 Coq.Init.Logic "x = y" type_scope +R55804 Coq.Init.Logic "x = y" type_scope +R55806 Coq.Init.Datatypes.None +R55754 Mem.meminj +R55754 Mem.meminj +R55852 Mem.inject_incr +R56018 Mem.inject_incr +R55997 Mem.inject_incr +R55976 Mem.inject_incr +R56374 Mem.val_inject +R56350 Mem.val_inject +R56327 Mem.inject_incr +R56488 Mem.val_inject_ptr +R56488 Mem.val_inject_ptr +R56673 Mem.val_list_inject +R56642 Mem.val_list_inject +R56621 Mem.inject_incr +R56780 Mem.val_inject_incr +R56780 Mem.val_inject_incr +R56861 Mem.inject_incr_refl +R56878 Mem.val_inject_incr +R56894 Mem.val_list_inject_incr +R56960 Mem.meminj +R56985 Mem.inject_incr +R57097 Mem.val_content_inject +R57059 Mem.val_content_inject +R57169 Mem.val_content_inject_base +R57169 Mem.val_content_inject_base +R57201 Mem.val_inject_incr +R57201 Mem.val_inject_incr +R57233 Mem.val_content_inject_8 +R57233 Mem.val_content_inject_8 +R57269 Mem.val_content_inject_16 +R57269 Mem.val_content_inject_16 +R57306 Mem.val_content_inject_32 +R57306 Mem.val_content_inject_32 +R57409 Mem.content_inject +R57383 Mem.content_inject +R57475 Mem.val_content_inject_incr +R57475 Mem.val_content_inject_incr +R57475 Mem.val_content_inject_incr +R57475 Mem.val_content_inject_incr +R57475 Mem.val_content_inject_incr +R57616 Mem.contentmap_inject +R57572 Mem.contentmap_inject +R57706 Mem.content_inject_incr +R57706 Mem.content_inject_incr +R57837 Mem.block_contents_inject +R57796 Mem.block_contents_inject +R57931 Mem.contentmap_inject_incr +R57931 Mem.contentmap_inject_incr +R58102 Mem.meminj +R58127 Values.eq_block +R58092 Mem.meminj +R58068 Coq.Init.Datatypes.option +R58082 Coq.Init.Datatypes "x * y" type_scope +R58076 Values.block +R58084 Coq.ZArith.BinInt.Z +R58057 Values.block +R58220 Mem.inject_incr +R58235 Mem.extend_inject +R58208 Coq.Init.Logic "x = y" type_scope +R58210 Coq.Init.Datatypes.None +R58318 Values.eq_block +R58318 Values.eq_block +R58495 Mem.mem_inject +R58479 Coq.Init.Logic "x = y" type_scope +R58464 Mem.alloc +R58481 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R58440 Mem.mem_inject +R58745 Mem.update_o +R58745 Mem.update_o +R58947 Coq.Init.Logic "A /\ B" type_scope +R58904 Mem.mem_inject +R58916 Mem.extend_inject +R58932 Coq.Init.Datatypes.None +R58952 Mem.inject_incr +R58967 Mem.extend_inject +R58983 Coq.Init.Datatypes.None +R58888 Coq.Init.Logic "x = y" type_scope +R58873 Mem.alloc +R58890 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R58849 Mem.mem_inject +R59086 Mem.inject_incr +R59101 Mem.extend_inject +R59117 Coq.Init.Datatypes.None +R59086 Mem.inject_incr +R59101 Mem.extend_inject +R59117 Coq.Init.Datatypes.None +R59135 Mem.extend_inject_incr +R59135 Mem.extend_inject_incr +R59290 Values.eq_block +R59290 Values.eq_block +R59403 Values.eq_block +R59403 Values.eq_block +R59505 Mem.update_o +R59505 Mem.update_o +R59591 Mem.block_contents_inject_incr +R59591 Mem.block_contents_inject_incr +R59691 Values.eq_block +R59691 Values.eq_block +R59734 Values.eq_block +R59734 Values.eq_block +R59852 Mem.update_o +R59852 Mem.update_o +R59852 Mem.update_o +R59852 Mem.update_o +R59852 Mem.update_o +R59852 Mem.update_o +R60452 Coq.Init.Logic "A /\ B" type_scope +R60397 Mem.mem_inject +R60409 Mem.extend_inject +R60426 Coq.Init.Datatypes.Some +R60431 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R60457 Mem.inject_incr +R60472 Mem.extend_inject +R60489 Coq.Init.Datatypes.Some +R60494 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R60350 Coq.Init.Logic "A \/ B" type_scope +R60338 Coq.ZArith.BinInt "x <= y" Z_scope +R60331 Coq.ZArith.BinInt "x + y" Z_scope +R60314 Mem.high_bound +R60344 Coq.ZArith.BinInt "x + y" Z_scope +R60365 Coq.ZArith.BinInt "x <= y" Z_scope +R60359 Coq.ZArith.BinInt "x + y" Z_scope +R60384 Coq.ZArith.BinInt "x + y" Z_scope +R60368 Mem.low_bound +R60289 Coq.Init.Logic "x = y" type_scope +R60291 Coq.Init.Datatypes.Some +R60296 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R60238 Coq.ZArith.BinInt "x <= y" Z_scope +R60232 Coq.ZArith.BinInt "x + y" Z_scope +R60241 Mem.high_bound +R60212 Coq.ZArith.BinInt "x <= y" Z_scope +R60196 Mem.low_bound +R60218 Coq.ZArith.BinInt "x + y" Z_scope +R60173 Coq.ZArith.BinInt "x <= y" Z_scope +R60156 Mem.high_bound +R60176 Integers.max_signed +R60132 Coq.ZArith.BinInt "x <= y" Z_scope +R60117 Integers.min_signed +R60135 Mem.low_bound +R60087 Coq.ZArith.BinInt "x <= y <= z" Z_scope +R60072 Integers.min_signed +R60097 Integers.max_signed +R60049 Mem.valid_block +R60033 Coq.Init.Logic "x = y" type_scope +R60018 Mem.alloc +R60035 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R59994 Mem.mem_inject +R60551 Mem.low_bound_alloc +R60551 Mem.low_bound_alloc +R60622 Mem.high_bound_alloc +R60622 Mem.high_bound_alloc +R60774 Mem.inject_incr +R60789 Mem.extend_inject +R60806 Coq.Init.Datatypes.Some +R60811 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R60774 Mem.inject_incr +R60789 Mem.extend_inject +R60806 Coq.Init.Datatypes.Some +R60811 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R60835 Mem.extend_inject_incr +R60835 Mem.extend_inject_incr +R61010 Values.eq_block +R61010 Values.eq_block +R61185 Values.eq_block +R61185 Values.eq_block +R61331 Mem.update_s +R61331 Mem.update_s +R61615 Mem.update_o +R61615 Mem.update_o +R61639 Mem.block_contents_inject_incr +R61639 Mem.block_contents_inject_incr +R61812 Coqlib.zeq +R61829 Coqlib.zeq +R61812 Coqlib.zeq +R61829 Coqlib.zeq +R61829 Coqlib.zeq +R61911 Values.eq_block +R61911 Values.eq_block +R62068 Values.eq_block +R62068 Values.eq_block +FGlobalenvs +R281 Globalenvs.t +R268 AST.program +R337 Mem.mem +R324 AST.program +R396 Coq.Init.Datatypes.option +R389 Values.val +R382 Globalenvs.t +R466 Coq.Init.Datatypes.option +R457 Values.block +R450 Globalenvs.t +R533 Coq.Init.Datatypes.option +R540 Values.block +R524 AST.ident +R517 Globalenvs.t +R656 Coq.Init.Logic "'exists' x , p" type_scope +R668 Coq.Init.Logic "x = y" type_scope +R670 Values.Vptr +R677 Integers.zero +R644 Coq.Init.Logic "x = y" type_scope +R628 Globalenvs.find_funct +R646 Coq.Init.Datatypes.Some +R611 Values.val +R602 Globalenvs.t +R805 Coq.Init.Logic "x = y" type_scope +R773 Globalenvs.find_funct +R788 Values.Vptr +R795 Integers.zero +R807 Globalenvs.find_funct_ptr +R761 Values.block +R752 Globalenvs.t +R1025 Coq.Init.Logic "x = y" type_scope +R994 Globalenvs.find_funct_ptr +R1010 Globalenvs.globalenv +R1027 Coq.Init.Datatypes.Some +R953 Coq.Lists.List.In +R965 AST.prog_funct +R956 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R920 Values.block +R905 AST.program +R1229 Coq.Init.Logic "x = y" type_scope +R1202 Globalenvs.find_funct +R1214 Globalenvs.globalenv +R1231 Coq.Init.Datatypes.Some +R1161 Coq.Lists.List.In +R1173 AST.prog_funct +R1164 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1130 Values.val +R1115 AST.program +R1369 Coq.Init.Logic "A /\ B" type_scope +R1347 Mem.valid_block +R1361 Mem.nullptr +R1395 Coq.Init.Logic "x = y" type_scope +R1379 Mem.blocks +R1387 Mem.nullptr +R1397 Mem.empty_block +R1329 Globalenvs.init_mem +R1304 AST.program +R1493 Coq.Init.Logic "'exists' x , p" type_scope +R1504 Coq.Init.Logic "'exists' x , p" type_scope +R1544 Coq.Init.Logic "x = y" type_scope +R1534 Mem.blocks +R1521 Globalenvs.init_mem +R1546 Mem.empty_block +R1481 Values.block +R1466 AST.program +R1701 Coq.ZArith.BinInt "x < y" Z_scope +R1687 Coq.Init.Logic "x = y" type_scope +R1656 Globalenvs.find_funct_ptr +R1672 Globalenvs.globalenv +R1689 Coq.Init.Datatypes.Some +R1637 Values.block +R1622 AST.program +R1842 Coq.ZArith.BinInt "x < y" Z_scope +R1844 Mem.nextblock +R1855 Globalenvs.init_mem +R1828 Coq.Init.Logic "x = y" type_scope +R1799 Globalenvs.find_symbol +R1812 Globalenvs.globalenv +R1830 Coq.Init.Datatypes.Some +R1787 Values.block +R1776 AST.ident +R1760 AST.program +R2087 Coq.Init.Logic "x = y" type_scope +R2029 Globalenvs.find_funct_ptr +R2045 Globalenvs.globalenv +R2056 AST.transform_program +R2089 Coq.Init.Datatypes.Some +R2013 Coq.Init.Logic "x = y" type_scope +R1982 Globalenvs.find_funct_ptr +R1998 Globalenvs.globalenv +R2015 Coq.Init.Datatypes.Some +R1963 Values.block +R1948 AST.program +R2310 Coq.Init.Logic "x = y" type_scope +R2256 Globalenvs.find_funct +R2268 Globalenvs.globalenv +R2279 AST.transform_program +R2312 Coq.Init.Datatypes.Some +R2240 Coq.Init.Logic "x = y" type_scope +R2213 Globalenvs.find_funct +R2225 Globalenvs.globalenv +R2242 Coq.Init.Datatypes.Some +R2196 Values.val +R2181 AST.program +R2487 Coq.Init.Logic "x = y" type_scope +R2432 Globalenvs.find_symbol +R2445 Globalenvs.globalenv +R2456 AST.transform_program +R2493 Globalenvs.find_symbol +R2506 Globalenvs.globalenv +R2420 AST.ident +R2405 AST.program +R2649 Coq.Init.Logic "x = y" type_scope +R2611 Globalenvs.init_mem +R2621 AST.transform_program +R2651 Globalenvs.init_mem +R2595 AST.program +R2972 Coq.Init.Logic "A /\ B" type_scope +R2961 Coq.Init.Logic "x = y" type_scope +R2929 Globalenvs.find_funct_ptr +R2945 Globalenvs.globalenv +R2984 Coq.Init.Logic "x <> y" type_scope +R2987 Coq.Init.Datatypes.None +R2913 Coq.Init.Logic "x = y" type_scope +R2882 Globalenvs.find_funct_ptr +R2898 Globalenvs.globalenv +R2915 Coq.Init.Datatypes.Some +R2863 Values.block +R2835 Coq.Init.Logic "x = y" type_scope +R2800 AST.transform_partial_program +R2837 Coq.Init.Datatypes.Some +R2784 AST.program +R2768 AST.program +R2743 Coq.Init.Datatypes.option +R3288 Coq.Init.Logic "A /\ B" type_scope +R3277 Coq.Init.Logic "x = y" type_scope +R3249 Globalenvs.find_funct +R3261 Globalenvs.globalenv +R3300 Coq.Init.Logic "x <> y" type_scope +R3303 Coq.Init.Datatypes.None +R3233 Coq.Init.Logic "x = y" type_scope +R3206 Globalenvs.find_funct +R3218 Globalenvs.globalenv +R3235 Coq.Init.Datatypes.Some +R3189 Values.val +R3161 Coq.Init.Logic "x = y" type_scope +R3126 AST.transform_partial_program +R3163 Coq.Init.Datatypes.Some +R3110 AST.program +R3094 AST.program +R3069 Coq.Init.Datatypes.option +R3547 Coq.Init.Logic "x = y" type_scope +R3518 Globalenvs.find_symbol +R3531 Globalenvs.globalenv +R3549 Globalenvs.find_symbol +R3562 Globalenvs.globalenv +R3506 AST.ident +R3478 Coq.Init.Logic "x = y" type_scope +R3443 AST.transform_partial_program +R3480 Coq.Init.Datatypes.Some +R3427 AST.program +R3411 AST.program +R3386 Coq.Init.Datatypes.option +R3773 Coq.Init.Logic "x = y" type_scope +R3761 Globalenvs.init_mem +R3775 Globalenvs.init_mem +R3744 Coq.Init.Logic "x = y" type_scope +R3709 AST.transform_partial_program +R3746 Coq.Init.Datatypes.Some +R3693 AST.program +R3677 AST.program +R3652 Coq.Init.Datatypes.option +R3945 Maps.t +R3953 Coq.Init.Datatypes.option +R4027 Coq.ZArith.BinInt.Z +R4041 Maps.t +R4049 Values.block +R4120 Globalenvs.genv +R4188 Globalenvs.genv +R4229 Globalenvs.mkgenv +R4314 Maps.set +R4344 Globalenvs.symbols +R4325 Coq.Init.Datatypes.fst +R4295 Coq.ZArith.BinInt.Zpred +R4237 Maps.set +R4273 Globalenvs.functions +R4249 Coq.Init.Datatypes.Some +R4255 Coq.Init.Datatypes.snd +R4210 Globalenvs.nextfunction +R4180 Globalenvs.genv +R4166 Coq.Init.Datatypes "x * y" type_scope +R4160 AST.ident +R4415 Globalenvs.genv +R4425 Globalenvs.mkgenv +R4482 Maps.set +R4502 Globalenvs.symbols +R4458 Globalenvs.nextfunction +R4435 Globalenvs.functions +R4407 Globalenvs.genv +R4396 Values.block +R4385 AST.ident +R4563 Coq.Init.Datatypes.option +R4581 Maps.get +R4595 Globalenvs.functions +R4554 Values.block +R4544 Globalenvs.genv +R4651 Coq.Init.Datatypes.option +R4686 Values.Vptr +R4709 Integers.eq +R4720 Integers.zero +R4758 Coq.Init.Datatypes.None +R4734 Globalenvs.find_funct_ptr +R4778 Coq.Init.Datatypes.None +R4644 Values.val +R4634 Globalenvs.genv +R4840 Coq.Init.Datatypes.option +R4847 Values.block +R4858 Maps.get +R4876 Globalenvs.symbols +R4831 AST.ident +R4818 Globalenvs.genv +R4977 Coq.Init.Logic "'exists' x , p" type_scope +R4989 Coq.Init.Logic "x = y" type_scope +R4991 Values.Vptr +R4998 Integers.zero +R4965 Coq.Init.Logic "x = y" type_scope +R4949 Globalenvs.find_funct +R4967 Coq.Init.Datatypes.Some +R4930 Values.val +R4923 Globalenvs.t +R5106 Integers.eq_spec +R5120 Integers.zero +R5106 Integers.eq_spec +R5120 Integers.zero +R5137 Integers.eq +R5146 Integers.zero +R5137 Integers.eq +R5146 Integers.zero +R5307 Coq.Init.Logic "x = y" type_scope +R5275 Globalenvs.find_funct +R5290 Values.Vptr +R5297 Integers.zero +R5309 Globalenvs.find_funct_ptr +R5265 Values.block +R5258 Globalenvs.t +R5370 Integers.eq_spec +R5391 Integers.zero +R5382 Integers.zero +R5370 Integers.eq_spec +R5391 Integers.zero +R5382 Integers.zero +R5410 Integers.eq +R5426 Integers.zero +R5417 Integers.zero +R5410 Integers.eq +R5426 Integers.zero +R5417 Integers.zero +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R5539 Globalenvs.genv +R5549 Globalenvs.mkgenv +R5579 Maps.empty +R5591 Values.block +R5557 Maps.init +R5567 Coq.Init.Datatypes.None +R5665 Globalenvs.genv +R5675 Coq.Lists.List.fold_right +R5691 Globalenvs.add_funct +R5641 Coq.Lists.List.list +R5653 Coq.Init.Datatypes "x * y" type_scope +R5647 AST.ident +R5629 Globalenvs.genv +R5795 Coq.Init.Datatypes "x * y" type_scope +R5790 Globalenvs.genv +R5797 Mem.mem +R5806 Coq.Lists.List.fold_right +R5957 Mem.alloc +R5985 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5986 Globalenvs.add_symbol +R5862 Coq.Init.Datatypes "x * y" type_scope +R5857 Globalenvs.genv +R5864 Mem.mem +R5845 Coq.Init.Datatypes "x * y" type_scope +R5839 AST.ident +R5847 Coq.ZArith.BinInt.Z +R5770 Coq.Lists.List.list +R5782 Coq.Init.Datatypes "x * y" type_scope +R5776 AST.ident +R5784 Coq.ZArith.BinInt.Z +R5756 Coq.Init.Datatypes "x * y" type_scope +R5751 Globalenvs.genv +R5758 Mem.mem +R6083 Coq.Init.Datatypes "x * y" type_scope +R6078 Globalenvs.genv +R6085 Mem.mem +R6095 Globalenvs.add_globals +R6163 AST.prog_vars +R6111 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R6112 Globalenvs.add_functs +R6132 AST.prog_funct +R6123 Globalenvs.empty +R6145 Mem.empty +R6060 AST.program +R6218 Globalenvs.genv +R6228 Coq.Init.Datatypes.fst +R6233 Globalenvs.globalenv_initmem +R6201 AST.program +R6297 Mem.mem +R6306 Coq.Init.Datatypes.snd +R6311 Globalenvs.globalenv_initmem +R6280 AST.program +R6416 Coq.Init.Logic "x = y" type_scope +R6392 Globalenvs.functions +R6403 Globalenvs.globalenv +R6418 Globalenvs.functions +R6429 Globalenvs.add_functs +R6449 AST.prog_funct +R6440 Globalenvs.empty +R6374 AST.program +R6577 Coq.Init.Logic "x = y" type_scope +R6537 Globalenvs.functions +R6548 Coq.Init.Datatypes.fst +R6553 Globalenvs.add_globals +R6579 Globalenvs.functions +R6590 Coq.Init.Datatypes.fst +R6513 Coq.Lists.List.list +R6525 Coq.Init.Datatypes "x * y" type_scope +R6519 AST.ident +R6527 Coq.ZArith.BinInt.Z +R6499 Coq.Init.Datatypes "x * y" type_scope +R6494 Globalenvs.genv +R6501 Mem.mem +R6577 Coq.Init.Logic "x = y" type_scope +R6537 Globalenvs.functions +R6548 Coq.Init.Datatypes.fst +R6553 Globalenvs.add_globals +R6579 Globalenvs.functions +R6590 Coq.Init.Datatypes.fst +R6513 Coq.Lists.List.list +R6525 Coq.Init.Datatypes "x * y" type_scope +R6519 AST.ident +R6527 Coq.ZArith.BinInt.Z +R6499 Coq.Init.Datatypes "x * y" type_scope +R6494 Globalenvs.genv +R6501 Mem.mem +R6666 Globalenvs.add_globals +R6666 Globalenvs.add_globals +R6932 Coq.Init.Logic "A /\ B" type_scope +R6910 Mem.valid_block +R6924 Mem.nullptr +R6956 Coq.Init.Logic "x = y" type_scope +R6940 Mem.blocks +R6948 Mem.nullptr +R6958 Mem.mkblock +R6988 Mem.undef_undef_outside +R6980 Mem.Undef +R6894 Globalenvs.init_mem +R6867 AST.program +R7302 Coq.Init.Logic "A /\ B" type_scope +R7285 Coq.ZArith.BinInt "x < y" Z_scope +R7291 Mem.nextblock +R7329 Coq.Init.Logic "x = y" type_scope +R7313 Mem.blocks +R7321 Mem.nullptr +R7331 Mem.mkblock +R7361 Mem.undef_undef_outside +R7353 Mem.Undef +R7248 Coq.Init.Datatypes.snd +R7253 Globalenvs.add_globals +R7215 Coq.Lists.List.list +R7227 Coq.Init.Datatypes "x * y" type_scope +R7221 AST.ident +R7229 Coq.ZArith.BinInt.Z +R7137 Coq.Init.Logic "x = y" type_scope +R7121 Mem.blocks +R7129 Mem.nullptr +R7139 Mem.mkblock +R7169 Mem.undef_undef_outside +R7161 Mem.Undef +R7093 Coq.ZArith.BinInt "x < y" Z_scope +R7099 Mem.nextblock +R7075 Coq.Init.Datatypes.snd +R7053 Coq.Init.Datatypes "x * y" type_scope +R7048 Globalenvs.genv +R7055 Mem.mem +R7302 Coq.Init.Logic "A /\ B" type_scope +R7285 Coq.ZArith.BinInt "x < y" Z_scope +R7291 Mem.nextblock +R7329 Coq.Init.Logic "x = y" type_scope +R7313 Mem.blocks +R7321 Mem.nullptr +R7331 Mem.mkblock +R7361 Mem.undef_undef_outside +R7353 Mem.Undef +R7248 Coq.Init.Datatypes.snd +R7253 Globalenvs.add_globals +R7215 Coq.Lists.List.list +R7227 Coq.Init.Datatypes "x * y" type_scope +R7221 AST.ident +R7229 Coq.ZArith.BinInt.Z +R7137 Coq.Init.Logic "x = y" type_scope +R7121 Mem.blocks +R7129 Mem.nullptr +R7139 Mem.mkblock +R7169 Mem.undef_undef_outside +R7161 Mem.Undef +R7093 Coq.ZArith.BinInt "x < y" Z_scope +R7099 Mem.nextblock +R7075 Coq.Init.Datatypes.snd +R7053 Coq.Init.Datatypes "x * y" type_scope +R7048 Globalenvs.genv +R7055 Mem.mem +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R7455 Globalenvs.add_globals +R7455 Globalenvs.add_globals +R7592 Mem.update_o +R7592 Mem.update_o +R7614 Coq.Init.Logic.sym_not_equal +R7614 Coq.Init.Logic.sym_not_equal +R7635 Coq.ZArith.Zorder.Zlt_not_eq +R7635 Coq.ZArith.Zorder.Zlt_not_eq +R7839 Coq.Init.Logic "'exists' x , p" type_scope +R7850 Coq.Init.Logic "'exists' x , p" type_scope +R7888 Coq.Init.Logic "x = y" type_scope +R7878 Mem.blocks +R7865 Globalenvs.init_mem +R7890 Mem.empty_block +R7829 Values.block +R7810 AST.program +R8007 Coq.Init.Logic "'exists' x , p" type_scope +R8018 Coq.Init.Logic "'exists' x , p" type_scope +R8049 Coq.Init.Logic "x = y" type_scope +R8039 Mem.blocks +R8051 Mem.empty_block +R7988 Coq.Init.Logic "x = y" type_scope +R7955 Globalenvs.add_globals +R7967 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7972 Mem.empty +R7990 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8007 Coq.Init.Logic "'exists' x , p" type_scope +R8018 Coq.Init.Logic "'exists' x , p" type_scope +R8049 Coq.Init.Logic "x = y" type_scope +R8039 Mem.blocks +R8051 Mem.empty_block +R7988 Coq.Init.Logic "x = y" type_scope +R7955 Globalenvs.add_globals +R7967 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7972 Mem.empty +R7990 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8195 Globalenvs.add_globals +R8207 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8212 Mem.empty +R8195 Globalenvs.add_globals +R8207 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8212 Mem.empty +R8358 Coqlib.zeq +R8365 Mem.nextblock +R8358 Coqlib.zeq +R8365 Mem.nextblock +R8443 Globalenvs.globalenv_initmem +R8443 Globalenvs.globalenv_initmem +R8659 Coq.ZArith.BinInt "x < y" Z_scope +R8623 Globalenvs.nextfunction +R8637 Globalenvs.add_functs +R8648 Globalenvs.empty +R8863 Coq.ZArith.BinInt "x < y" Z_scope +R8849 Coq.Init.Logic "x = y" type_scope +R8818 Globalenvs.find_funct_ptr +R8834 Globalenvs.globalenv +R8851 Coq.Init.Datatypes.Some +R8797 Values.block +R8778 AST.program +R8975 Coq.ZArith.BinInt "x < y" Z_scope +R8961 Coq.Init.Logic "x = y" type_scope +R8915 Maps.get +R8927 Globalenvs.functions +R8938 Globalenvs.add_functs +R8949 Globalenvs.empty +R8963 Coq.Init.Datatypes.Some +R8975 Coq.ZArith.BinInt "x < y" Z_scope +R8961 Coq.Init.Logic "x = y" type_scope +R8915 Maps.get +R8927 Globalenvs.functions +R8938 Globalenvs.add_functs +R8949 Globalenvs.empty +R8963 Coq.Init.Datatypes.Some +R9019 Maps.gi +R9019 Maps.gi +R9052 Maps.gsspec +R9052 Maps.gsspec +R9071 Maps.eq +R9086 Globalenvs.nextfunction +R9100 Globalenvs.add_functs +R9111 Globalenvs.empty +R9071 Maps.eq +R9086 Globalenvs.nextfunction +R9100 Globalenvs.add_functs +R9111 Globalenvs.empty +R9160 Globalenvs.nextfunction_add_functs_neg +R9160 Globalenvs.nextfunction_add_functs_neg +R9233 Globalenvs.functions_globalenv +R9233 Globalenvs.functions_globalenv +R9400 Coq.ZArith.BinInt "x < y" Z_scope +R9402 Mem.nextblock +R9413 Globalenvs.init_mem +R9386 Coq.Init.Logic "x = y" type_scope +R9357 Globalenvs.find_symbol +R9370 Globalenvs.globalenv +R9388 Coq.Init.Datatypes.Some +R9347 Values.block +R9336 AST.ident +R9316 AST.program +R9514 Coq.ZArith.BinInt "x < y" Z_scope +R9500 Coq.Init.Logic "x = y" type_scope +R9494 Maps "a ! b" +R9464 Globalenvs.symbols +R9473 Globalenvs.add_functs +R9484 Globalenvs.empty +R9502 Coq.Init.Datatypes.Some +R9514 Coq.ZArith.BinInt "x < y" Z_scope +R9500 Coq.Init.Logic "x = y" type_scope +R9494 Maps "a ! b" +R9464 Globalenvs.symbols +R9473 Globalenvs.add_functs +R9484 Globalenvs.empty +R9502 Coq.Init.Datatypes.Some +R9570 Maps.gempty +R9570 Maps.gempty +R9606 Maps.gsspec +R9606 Maps.gsspec +R9645 Coqlib.peq +R9645 Coqlib.peq +R9694 Globalenvs.nextfunction_add_functs_neg +R9694 Globalenvs.nextfunction_add_functs_neg +R9870 Coq.ZArith.BinInt "x < y" Z_scope +R9872 Mem.nextblock +R9852 Coq.Init.Logic "x = y" type_scope +R9848 Maps "a ! b" +R9839 Globalenvs.symbols +R9854 Coq.Init.Datatypes.Some +R9822 Coq.Init.Logic "x = y" type_scope +R9771 Globalenvs.add_globals +R9783 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9784 Globalenvs.add_functs +R9795 Globalenvs.empty +R9806 Mem.empty +R9824 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9870 Coq.ZArith.BinInt "x < y" Z_scope +R9872 Mem.nextblock +R9852 Coq.Init.Logic "x = y" type_scope +R9848 Maps "a ! b" +R9839 Globalenvs.symbols +R9854 Coq.Init.Datatypes.Some +R9822 Coq.Init.Logic "x = y" type_scope +R9771 Globalenvs.add_globals +R9783 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9784 Globalenvs.add_functs +R9795 Globalenvs.empty +R9806 Mem.empty +R9824 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10028 Globalenvs.add_globals +R10040 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10041 Globalenvs.add_functs +R10052 Globalenvs.empty +R10063 Mem.empty +R10028 Globalenvs.add_globals +R10040 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10041 Globalenvs.add_functs +R10052 Globalenvs.empty +R10063 Mem.empty +R10175 Maps.gsspec +R10175 Maps.gsspec +R10195 Coqlib.peq +R10195 Coqlib.peq +R10392 Globalenvs.add_globals +R10472 AST.prog_vars +R10404 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10405 Globalenvs.add_functs +R10423 AST.prog_funct +R10416 Globalenvs.empty +R10438 Mem.empty +R10392 Globalenvs.add_globals +R10472 AST.prog_vars +R10404 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10405 Globalenvs.add_functs +R10423 AST.prog_funct +R10416 Globalenvs.empty +R10438 Mem.empty +R10754 Coq.Init.Logic "x = y" type_scope +R10723 Globalenvs.find_funct_ptr +R10739 Globalenvs.globalenv +R10756 Coq.Init.Datatypes.Some +R10684 Coq.Lists.List.In +R10696 AST.prog_funct +R10687 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10653 Values.block +R10638 AST.program +R10831 Globalenvs.functions_globalenv +R10831 Globalenvs.functions_globalenv +R10866 AST.prog_funct +R10866 AST.prog_funct +R10911 Maps.gi +R10911 Maps.gi +R10952 Maps.gsspec +R10952 Maps.gsspec +R10973 Maps.eq +R10988 Globalenvs.nextfunction +R11002 Globalenvs.add_functs +R11014 Globalenvs.empty +R10973 Maps.eq +R10988 Globalenvs.nextfunction +R11002 Globalenvs.add_functs +R11014 Globalenvs.empty +R11053 Coq.Init.Datatypes.fst +R11053 Coq.Init.Datatypes.fst +R11336 Coq.Init.Logic "x = y" type_scope +R11309 Globalenvs.find_funct +R11321 Globalenvs.globalenv +R11338 Coq.Init.Datatypes.Some +R11270 Coq.Lists.List.In +R11282 AST.prog_funct +R11273 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R11241 Values.val +R11226 AST.program +R11450 Integers.eq +R11459 Integers.zero +R11450 Integers.eq +R11459 Integers.zero +R11519 Globalenvs.find_funct_ptr_prop +R11519 Globalenvs.find_funct_ptr_prop +R11683 Coq.Init.Datatypes.option +R11705 AST.program +R11729 AST.program +R11797 Coq.Init.Logic "x = y" type_scope +R11762 AST.transform_partial_program +R11799 Coq.Init.Datatypes.Some +R12059 Coq.Init.Logic "A /\ B" type_scope +R12042 Coq.Init.Logic "x = y" type_scope +R12026 Globalenvs.nextfunction +R12044 Globalenvs.nextfunction +R12087 Coq.Init.Logic "A /\ B" type_scope +R12075 Coq.Init.Logic "x = y" type_scope +R12064 Globalenvs.symbols +R12077 Globalenvs.symbols +R12196 Coq.Init.Logic "A /\ B" type_scope +R12185 Coq.Init.Logic "x = y" type_scope +R12159 Maps.get +R12171 Globalenvs.functions +R12208 Coq.Init.Logic "x <> y" type_scope +R12211 Coq.Init.Datatypes.None +R12145 Coq.Init.Logic "x = y" type_scope +R12120 Maps.get +R12132 Globalenvs.functions +R12147 Coq.Init.Datatypes.Some +R12103 Values.block +R11995 Globalenvs.add_functs +R12007 Globalenvs.empty +R11955 Globalenvs.add_functs +R11967 Globalenvs.empty +R11929 Coq.Init.Logic "x = y" type_scope +R11895 AST.transf_partial_program +R11931 Coq.Init.Datatypes.Some +R11874 Coq.Lists.List.list +R11886 Coq.Init.Datatypes "x * y" type_scope +R11880 AST.ident +R11849 Coq.Lists.List.list +R11861 Coq.Init.Datatypes "x * y" type_scope +R11855 AST.ident +R12370 Maps.gi +R12370 Maps.gi +R12370 Maps.gi +R12370 Maps.gi +R12473 AST.transf_partial_program +R12473 AST.transf_partial_program +R12729 Coqlib.zeq +R12736 Globalenvs.nextfunction +R12750 Globalenvs.add_functs +R12762 Globalenvs.empty +R12729 Coqlib.zeq +R12736 Globalenvs.nextfunction +R12750 Globalenvs.add_functs +R12762 Globalenvs.empty +R12813 Maps.gss +R12813 Maps.gss +R12813 Maps.gss +R12813 Maps.gss +R12936 Maps.gso +R12936 Maps.gso +R12936 Maps.gso +R13142 Coq.Init.Logic "x = y" type_scope +R13111 Coq.Init.Datatypes.snd +R13116 Globalenvs.add_globals +R13128 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13144 Coq.Init.Datatypes.snd +R13149 Globalenvs.add_globals +R13161 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13090 Coq.Lists.List.list +R13102 Coq.Init.Datatypes "x * y" type_scope +R13096 AST.ident +R13104 Coq.ZArith.BinInt.Z +R13078 Mem.mem +R13066 Globalenvs.genv +R13053 Globalenvs.genv +R13247 Globalenvs.add_globals +R13259 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13247 Globalenvs.add_globals +R13259 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13286 Globalenvs.add_globals +R13298 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13286 Globalenvs.add_globals +R13298 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13549 Coq.Init.Logic "x = y" type_scope +R13508 Globalenvs.symbols +R13517 Coq.Init.Datatypes.fst +R13522 Globalenvs.add_globals +R13534 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13553 Globalenvs.symbols +R13562 Coq.Init.Datatypes.fst +R13567 Globalenvs.add_globals +R13579 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13487 Coq.Lists.List.list +R13499 Coq.Init.Datatypes "x * y" type_scope +R13493 AST.ident +R13501 Coq.ZArith.BinInt.Z +R13455 Coq.Init.Logic "x = y" type_scope +R13444 Globalenvs.symbols +R13457 Globalenvs.symbols +R13436 Mem.mem +R13424 Globalenvs.genv +R13411 Globalenvs.genv +R13655 Globalenvs.mem_add_globals_transf +R13655 Globalenvs.mem_add_globals_transf +R13724 Globalenvs.add_globals +R13736 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13724 Globalenvs.add_globals +R13736 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13763 Globalenvs.add_globals +R13775 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13763 Globalenvs.add_globals +R13775 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13954 Coq.Init.Logic "x = y" type_scope +R13909 AST.transf_partial_program +R13942 AST.prog_funct +R13956 Coq.Init.Datatypes.Some +R13965 AST.prog_funct +R14051 AST.transf_partial_program +R14082 AST.prog_funct +R14051 AST.transf_partial_program +R14082 AST.prog_funct +R14347 Coq.Init.Logic "A /\ B" type_scope +R14336 Coq.Init.Logic "x = y" type_scope +R14304 Globalenvs.find_funct_ptr +R14320 Globalenvs.globalenv +R14359 Coq.Init.Logic "x <> y" type_scope +R14362 Coq.Init.Datatypes.None +R14290 Coq.Init.Logic "x = y" type_scope +R14259 Globalenvs.find_funct_ptr +R14275 Globalenvs.globalenv +R14292 Coq.Init.Datatypes.Some +R14242 Values.block +R14408 Globalenvs.add_functs_transf +R14441 Globalenvs.prog_funct_transf_OK +R14429 AST.prog_funct +R14408 Globalenvs.add_functs_transf +R14441 Globalenvs.prog_funct_transf_OK +R14429 AST.prog_funct +R14528 Globalenvs.functions_globalenv +R14528 Globalenvs.functions_globalenv +R14528 Globalenvs.functions_globalenv +R14528 Globalenvs.functions_globalenv +R14712 Coq.Init.Logic "A /\ B" type_scope +R14701 Coq.Init.Logic "x = y" type_scope +R14673 Globalenvs.find_funct +R14685 Globalenvs.globalenv +R14724 Coq.Init.Logic "x <> y" type_scope +R14727 Coq.Init.Datatypes.None +R14659 Coq.Init.Logic "x = y" type_scope +R14632 Globalenvs.find_funct +R14644 Globalenvs.globalenv +R14661 Coq.Init.Datatypes.Some +R14617 Values.val +R14840 Integers.eq +R14851 Integers.zero +R14840 Integers.eq +R14851 Integers.zero +R14898 Globalenvs.find_funct_ptr_transf_partial +R14898 Globalenvs.find_funct_ptr_transf_partial +R14988 Coq.Init.Logic "x = y" type_scope +R14965 Globalenvs.symbols +R14974 Globalenvs.globalenv +R14990 Globalenvs.symbols +R14999 Globalenvs.globalenv +R15080 Globalenvs.add_functs_transf +R15113 Globalenvs.prog_funct_transf_OK +R15101 AST.prog_funct +R15080 Globalenvs.add_functs_transf +R15113 Globalenvs.prog_funct_transf_OK +R15101 AST.prog_funct +R15224 AST.transf_partial_program +R15255 AST.prog_funct +R15224 AST.transf_partial_program +R15255 AST.prog_funct +R15345 Globalenvs.symbols_add_globals_transf +R15345 Globalenvs.symbols_add_globals_transf +R15513 Coq.Init.Logic "x = y" type_scope +R15484 Globalenvs.find_symbol +R15497 Globalenvs.globalenv +R15515 Globalenvs.find_symbol +R15528 Globalenvs.globalenv +R15474 AST.ident +R15592 Globalenvs.symbols_init_transf +R15592 Globalenvs.symbols_init_transf +R15672 Coq.Init.Logic "x = y" type_scope +R15660 Globalenvs.init_mem +R15674 Globalenvs.init_mem +R15807 AST.transf_partial_program +R15838 AST.prog_funct +R15807 AST.transf_partial_program +R15838 AST.prog_funct +R15928 Globalenvs.mem_add_globals_transf +R15928 Globalenvs.mem_add_globals_transf +R16093 AST.program +R16114 AST.transform_program +R16178 Coq.Init.Datatypes.option +R16190 Coq.Init.Datatypes.Some +R16331 Coq.Init.Logic "x = y" type_scope +R16289 AST.transf_partial_program +R16312 Globalenvs.transf_partial +R16335 Coq.Init.Datatypes.Some +R16341 AST.transf_program +R16268 Coq.Lists.List.list +R16280 Coq.Init.Datatypes "x * y" type_scope +R16274 AST.ident +R16561 Coq.Init.Logic "x = y" type_scope +R16518 AST.transform_partial_program +R16544 Globalenvs.transf_partial +R16563 Coq.Init.Datatypes.Some +R16655 Globalenvs.transf_program_transf_partial_program +R16655 Globalenvs.transf_program_transf_partial_program +R16853 Coq.Init.Logic "x = y" type_scope +R16821 Globalenvs.find_funct_ptr +R16837 Globalenvs.globalenv +R16855 Coq.Init.Datatypes.Some +R16807 Coq.Init.Logic "x = y" type_scope +R16776 Globalenvs.find_funct_ptr +R16792 Globalenvs.globalenv +R16809 Coq.Init.Datatypes.Some +R16759 Values.block +R16903 Globalenvs.find_funct_ptr_transf_partial +R16968 Globalenvs.transform_program_transform_partial_program +R16933 Globalenvs.transf_partial +R16903 Globalenvs.find_funct_ptr_transf_partial +R16968 Globalenvs.transform_program_transform_partial_program +R16933 Globalenvs.transf_partial +R17189 Coq.Init.Logic "x = y" type_scope +R17161 Globalenvs.find_funct +R17173 Globalenvs.globalenv +R17191 Coq.Init.Datatypes.Some +R17147 Coq.Init.Logic "x = y" type_scope +R17120 Globalenvs.find_funct +R17132 Globalenvs.globalenv +R17149 Coq.Init.Datatypes.Some +R17105 Values.val +R17239 Globalenvs.find_funct_transf_partial +R17300 Globalenvs.transform_program_transform_partial_program +R17265 Globalenvs.transf_partial +R17239 Globalenvs.find_funct_transf_partial +R17300 Globalenvs.transform_program_transform_partial_program +R17265 Globalenvs.transf_partial +R17477 Coq.Init.Logic "x = y" type_scope +R17448 Globalenvs.find_symbol +R17461 Globalenvs.globalenv +R17479 Globalenvs.find_symbol +R17492 Globalenvs.globalenv +R17438 AST.ident +R17565 Globalenvs.transf_partial +R17533 Globalenvs.find_symbol_transf_partial +R17565 Globalenvs.transf_partial +R17533 Globalenvs.find_symbol_transf_partial +R17589 Globalenvs.transform_program_transform_partial_program +R17589 Globalenvs.transform_program_transform_partial_program +R17679 Coq.Init.Logic "x = y" type_scope +R17667 Globalenvs.init_mem +R17681 Globalenvs.init_mem +R17737 Globalenvs.transf_partial +R17708 Globalenvs.init_mem_transf_partial +R17737 Globalenvs.transf_partial +R17708 Globalenvs.init_mem_transf_partial +R17761 Globalenvs.transform_program_transform_partial_program +R17761 Globalenvs.transform_program_transform_partial_program +FOp +R263 AST.comparison +R337 AST.comparison +R428 Integers.int +R414 AST.comparison +R523 Integers.int +R509 AST.comparison +R604 AST.comparison +R680 AST.comparison +R767 Integers.int +R846 Integers.int +R1006 Integers.int +R1097 Floats.float +R1193 Integers.int +R1184 AST.ident +R1294 Integers.int +R1726 Integers.int +R1857 Integers.int +R1980 Integers.int +R2247 Integers.int +R2369 Integers.int +R2493 Integers.int +R2884 Integers.int +R2956 Integers.int +R3106 Integers.int +R3099 Integers.int +R4092 Op.condition +R4222 Integers.int +R4370 Integers.int +R4361 AST.ident +R4445 Integers.int +R4436 AST.ident +R4518 Integers.int +R4644 Coq.Init.Datatypes.option +R4651 Coq.Init.Datatypes.bool +R4664 Integers.eq +R4673 Integers.zero +R4763 Coq.Init.Datatypes.None +R4703 AST.Ceq +R4710 Coq.Init.Datatypes.Some +R4715 Coq.Init.Datatypes.false +R4723 AST.Cne +R4730 Coq.Init.Datatypes.Some +R4735 Coq.Init.Datatypes.true +R4747 Coq.Init.Datatypes.None +R4637 Integers.int +R4621 AST.comparison +R4831 Coq.Init.Datatypes.option +R4838 Coq.Init.Datatypes.bool +R4872 Op.Ccomp +R4889 Coq.Lists.List "x :: y" list_scope +R4881 Values.Vint +R4900 Coq.Lists.List "x :: y" list_scope +R4892 Values.Vint +R4903 Coq.Lists.List.nil +R4916 Coq.Init.Datatypes.Some +R4922 Integers.cmp +R4943 Op.Ccomp +R4963 Coq.Lists.List "x :: y" list_scope +R4952 Values.Vptr +R4977 Coq.Lists.List "x :: y" list_scope +R4966 Values.Vptr +R4980 Coq.Lists.List.nil +R4996 Values.eq_block +R5044 Coq.Init.Datatypes.None +R5016 Coq.Init.Datatypes.Some +R5022 Integers.cmp +R5053 Op.Ccomp +R5073 Coq.Lists.List "x :: y" list_scope +R5062 Values.Vptr +R5084 Coq.Lists.List "x :: y" list_scope +R5076 Values.Vint +R5087 Coq.Lists.List.nil +R5100 Op.eval_compare_null +R5127 Op.Ccomp +R5144 Coq.Lists.List "x :: y" list_scope +R5136 Values.Vint +R5158 Coq.Lists.List "x :: y" list_scope +R5147 Values.Vptr +R5161 Coq.Lists.List.nil +R5174 Op.eval_compare_null +R5201 Op.Ccompu +R5219 Coq.Lists.List "x :: y" list_scope +R5211 Values.Vint +R5230 Coq.Lists.List "x :: y" list_scope +R5222 Values.Vint +R5233 Coq.Lists.List.nil +R5246 Coq.Init.Datatypes.Some +R5252 Integers.cmpu +R5274 Op.Ccompu +R5295 Coq.Lists.List "x :: y" list_scope +R5284 Values.Vptr +R5309 Coq.Lists.List "x :: y" list_scope +R5298 Values.Vptr +R5312 Coq.Lists.List.nil +R5328 Values.eq_block +R5377 Coq.Init.Datatypes.None +R5348 Coq.Init.Datatypes.Some +R5354 Integers.cmpu +R5386 Op.Ccompu +R5407 Coq.Lists.List "x :: y" list_scope +R5396 Values.Vptr +R5418 Coq.Lists.List "x :: y" list_scope +R5410 Values.Vint +R5421 Coq.Lists.List.nil +R5434 Op.eval_compare_null +R5461 Op.Ccompu +R5479 Coq.Lists.List "x :: y" list_scope +R5471 Values.Vint +R5493 Coq.Lists.List "x :: y" list_scope +R5482 Values.Vptr +R5496 Coq.Lists.List.nil +R5509 Op.eval_compare_null +R5536 Op.Ccompimm +R5558 Coq.Lists.List "x :: y" list_scope +R5550 Values.Vint +R5561 Coq.Lists.List.nil +R5574 Coq.Init.Datatypes.Some +R5580 Integers.cmp +R5600 Op.Ccompimm +R5625 Coq.Lists.List "x :: y" list_scope +R5614 Values.Vptr +R5628 Coq.Lists.List.nil +R5641 Op.eval_compare_null +R5667 Op.Ccompuimm +R5690 Coq.Lists.List "x :: y" list_scope +R5682 Values.Vint +R5693 Coq.Lists.List.nil +R5706 Coq.Init.Datatypes.Some +R5712 Integers.cmpu +R5733 Op.Ccompuimm +R5759 Coq.Lists.List "x :: y" list_scope +R5748 Values.Vptr +R5762 Coq.Lists.List.nil +R5775 Op.eval_compare_null +R5801 Op.Ccompf +R5821 Coq.Lists.List "x :: y" list_scope +R5811 Values.Vfloat +R5834 Coq.Lists.List "x :: y" list_scope +R5824 Values.Vfloat +R5837 Coq.Lists.List.nil +R5850 Coq.Init.Datatypes.Some +R5856 Floats.cmp +R5879 Op.Cnotcompf +R5902 Coq.Lists.List "x :: y" list_scope +R5892 Values.Vfloat +R5915 Coq.Lists.List "x :: y" list_scope +R5905 Values.Vfloat +R5918 Coq.Lists.List.nil +R5931 Coq.Init.Datatypes.Some +R5937 Coq.Bool.Bool.negb +R5943 Floats.cmp +R5967 Op.Cmaskzero +R5988 Coq.Lists.List "x :: y" list_scope +R5980 Values.Vint +R5991 Coq.Lists.List.nil +R6004 Coq.Init.Datatypes.Some +R6010 Integers.eq +R6032 Integers.zero +R6018 Integers.and +R6046 Op.Cmasknotzero +R6070 Coq.Lists.List "x :: y" list_scope +R6062 Values.Vint +R6073 Coq.Lists.List.nil +R6086 Coq.Init.Datatypes.Some +R6092 Coq.Bool.Bool.negb +R6098 Integers.eq +R6120 Integers.zero +R6106 Integers.and +R6149 Coq.Init.Datatypes.None +R4819 Coq.Lists.List.list +R4824 Values.val +R4803 Op.condition +R6208 Coq.Init.Datatypes.option +R6215 Values.val +R6242 Values.Vptr +R6254 Coq.Init.Datatypes.Some +R6260 Values.Vptr +R6268 Integers.add +R6295 Coq.Init.Datatypes.None +R6201 Integers.int +R6188 Values.val +R6411 Coq.Init.Datatypes.option +R6418 Values.val +R6449 Op.Omove +R6458 Coq.Lists.List "x :: y" list_scope +R6460 Coq.Lists.List.nil +R6467 Coq.Init.Datatypes.Some +R6479 Op.Ointconst +R6492 Coq.Lists.List.nil +R6499 Coq.Init.Datatypes.Some +R6505 Values.Vint +R6517 Op.Ofloatconst +R6532 Coq.Lists.List.nil +R6539 Coq.Init.Datatypes.Some +R6545 Values.Vfloat +R6559 Op.Oaddrsymbol +R6578 Coq.Lists.List.nil +R6597 Globalenvs.find_symbol +R6634 Coq.Init.Datatypes.None +R6642 Coq.Init.Datatypes.None +R6655 Coq.Init.Datatypes.Some +R6665 Coq.Init.Datatypes.Some +R6671 Values.Vptr +R6697 Op.Oaddrstack +R6713 Coq.Lists.List.nil +R6720 Op.offset_sp +R6741 Op.Oundef +R6749 Coq.Lists.List.nil +R6756 Coq.Init.Datatypes.Some +R6761 Values.Vundef +R6772 Op.Ocast8signed +R6794 Coq.Lists.List "x :: y" list_scope +R6786 Values.Vint +R6797 Coq.Lists.List.nil +R6804 Coq.Init.Datatypes.Some +R6810 Values.Vint +R6816 Integers.cast8signed +R6841 Op.Ocast16signed +R6864 Coq.Lists.List "x :: y" list_scope +R6856 Values.Vint +R6867 Coq.Lists.List.nil +R6874 Coq.Init.Datatypes.Some +R6880 Values.Vint +R6886 Integers.cast16signed +R6912 Op.Oadd +R6926 Coq.Lists.List "x :: y" list_scope +R6918 Values.Vint +R6937 Coq.Lists.List "x :: y" list_scope +R6929 Values.Vint +R6940 Coq.Lists.List.nil +R6947 Coq.Init.Datatypes.Some +R6953 Values.Vint +R6959 Integers.add +R6979 Op.Oadd +R6993 Coq.Lists.List "x :: y" list_scope +R6985 Values.Vint +R7007 Coq.Lists.List "x :: y" list_scope +R6996 Values.Vptr +R7010 Coq.Lists.List.nil +R7017 Coq.Init.Datatypes.Some +R7023 Values.Vptr +R7032 Integers.add +R7052 Op.Oadd +R7069 Coq.Lists.List "x :: y" list_scope +R7058 Values.Vptr +R7080 Coq.Lists.List "x :: y" list_scope +R7072 Values.Vint +R7083 Coq.Lists.List.nil +R7090 Coq.Init.Datatypes.Some +R7096 Values.Vptr +R7105 Integers.add +R7125 Op.Oaddimm +R7144 Coq.Lists.List "x :: y" list_scope +R7136 Values.Vint +R7147 Coq.Lists.List.nil +R7154 Coq.Init.Datatypes.Some +R7160 Values.Vint +R7166 Integers.add +R7185 Op.Oaddimm +R7207 Coq.Lists.List "x :: y" list_scope +R7196 Values.Vptr +R7210 Coq.Lists.List.nil +R7217 Coq.Init.Datatypes.Some +R7223 Values.Vptr +R7232 Integers.add +R7251 Op.Osub +R7265 Coq.Lists.List "x :: y" list_scope +R7257 Values.Vint +R7276 Coq.Lists.List "x :: y" list_scope +R7268 Values.Vint +R7279 Coq.Lists.List.nil +R7286 Coq.Init.Datatypes.Some +R7292 Values.Vint +R7298 Integers.sub +R7318 Op.Osub +R7335 Coq.Lists.List "x :: y" list_scope +R7324 Values.Vptr +R7346 Coq.Lists.List "x :: y" list_scope +R7338 Values.Vint +R7349 Coq.Lists.List.nil +R7356 Coq.Init.Datatypes.Some +R7362 Values.Vptr +R7371 Integers.sub +R7391 Op.Osub +R7408 Coq.Lists.List "x :: y" list_scope +R7397 Values.Vptr +R7422 Coq.Lists.List "x :: y" list_scope +R7411 Values.Vptr +R7425 Coq.Lists.List.nil +R7441 Values.eq_block +R7494 Coq.Init.Datatypes.None +R7461 Coq.Init.Datatypes.Some +R7467 Values.Vint +R7473 Integers.sub +R7503 Op.Osubimm +R7522 Coq.Lists.List "x :: y" list_scope +R7514 Values.Vint +R7525 Coq.Lists.List.nil +R7532 Coq.Init.Datatypes.Some +R7538 Values.Vint +R7544 Integers.sub +R7563 Op.Omul +R7577 Coq.Lists.List "x :: y" list_scope +R7569 Values.Vint +R7588 Coq.Lists.List "x :: y" list_scope +R7580 Values.Vint +R7591 Coq.Lists.List.nil +R7598 Coq.Init.Datatypes.Some +R7604 Values.Vint +R7610 Integers.mul +R7630 Op.Omulimm +R7649 Coq.Lists.List "x :: y" list_scope +R7641 Values.Vint +R7652 Coq.Lists.List.nil +R7659 Coq.Init.Datatypes.Some +R7665 Values.Vint +R7671 Integers.mul +R7690 Op.Odiv +R7704 Coq.Lists.List "x :: y" list_scope +R7696 Values.Vint +R7715 Coq.Lists.List "x :: y" list_scope +R7707 Values.Vint +R7718 Coq.Lists.List.nil +R7734 Integers.eq +R7744 Integers.zero +R7768 Coq.Init.Datatypes.Some +R7774 Values.Vint +R7780 Integers.divs +R7758 Coq.Init.Datatypes.None +R7801 Op.Odivu +R7816 Coq.Lists.List "x :: y" list_scope +R7808 Values.Vint +R7827 Coq.Lists.List "x :: y" list_scope +R7819 Values.Vint +R7830 Coq.Lists.List.nil +R7846 Integers.eq +R7856 Integers.zero +R7880 Coq.Init.Datatypes.Some +R7886 Values.Vint +R7892 Integers.divu +R7870 Coq.Init.Datatypes.None +R7913 Op.Oand +R7927 Coq.Lists.List "x :: y" list_scope +R7919 Values.Vint +R7938 Coq.Lists.List "x :: y" list_scope +R7930 Values.Vint +R7941 Coq.Lists.List.nil +R7948 Coq.Init.Datatypes.Some +R7954 Values.Vint +R7960 Integers.and +R7980 Op.Oandimm +R7999 Coq.Lists.List "x :: y" list_scope +R7991 Values.Vint +R8002 Coq.Lists.List.nil +R8009 Coq.Init.Datatypes.Some +R8015 Values.Vint +R8021 Integers.and +R8040 Op.Oor +R8053 Coq.Lists.List "x :: y" list_scope +R8045 Values.Vint +R8064 Coq.Lists.List "x :: y" list_scope +R8056 Values.Vint +R8067 Coq.Lists.List.nil +R8074 Coq.Init.Datatypes.Some +R8080 Values.Vint +R8086 Integers.or +R8105 Op.Oorimm +R8123 Coq.Lists.List "x :: y" list_scope +R8115 Values.Vint +R8126 Coq.Lists.List.nil +R8133 Coq.Init.Datatypes.Some +R8139 Values.Vint +R8145 Integers.or +R8163 Op.Oxor +R8177 Coq.Lists.List "x :: y" list_scope +R8169 Values.Vint +R8188 Coq.Lists.List "x :: y" list_scope +R8180 Values.Vint +R8191 Coq.Lists.List.nil +R8198 Coq.Init.Datatypes.Some +R8204 Values.Vint +R8210 Integers.xor +R8230 Op.Oxorimm +R8249 Coq.Lists.List "x :: y" list_scope +R8241 Values.Vint +R8252 Coq.Lists.List.nil +R8259 Coq.Init.Datatypes.Some +R8265 Values.Vint +R8271 Integers.xor +R8290 Op.Onand +R8305 Coq.Lists.List "x :: y" list_scope +R8297 Values.Vint +R8316 Coq.Lists.List "x :: y" list_scope +R8308 Values.Vint +R8319 Coq.Lists.List.nil +R8326 Coq.Init.Datatypes.Some +R8332 Values.Vint +R8338 Integers.not +R8347 Integers.and +R8368 Op.Onor +R8382 Coq.Lists.List "x :: y" list_scope +R8374 Values.Vint +R8393 Coq.Lists.List "x :: y" list_scope +R8385 Values.Vint +R8396 Coq.Lists.List.nil +R8403 Coq.Init.Datatypes.Some +R8409 Values.Vint +R8415 Integers.not +R8424 Integers.or +R8444 Op.Onxor +R8459 Coq.Lists.List "x :: y" list_scope +R8451 Values.Vint +R8470 Coq.Lists.List "x :: y" list_scope +R8462 Values.Vint +R8473 Coq.Lists.List.nil +R8480 Coq.Init.Datatypes.Some +R8486 Values.Vint +R8492 Integers.not +R8501 Integers.xor +R8522 Op.Oshl +R8536 Coq.Lists.List "x :: y" list_scope +R8528 Values.Vint +R8547 Coq.Lists.List "x :: y" list_scope +R8539 Values.Vint +R8550 Coq.Lists.List.nil +R8566 Integers.ltu +R8578 Integers.repr +R8629 Coq.Init.Datatypes.None +R8596 Coq.Init.Datatypes.Some +R8602 Values.Vint +R8608 Integers.shl +R8638 Op.Oshr +R8652 Coq.Lists.List "x :: y" list_scope +R8644 Values.Vint +R8663 Coq.Lists.List "x :: y" list_scope +R8655 Values.Vint +R8666 Coq.Lists.List.nil +R8682 Integers.ltu +R8694 Integers.repr +R8745 Coq.Init.Datatypes.None +R8712 Coq.Init.Datatypes.Some +R8718 Values.Vint +R8724 Integers.shr +R8754 Op.Oshrimm +R8773 Coq.Lists.List "x :: y" list_scope +R8765 Values.Vint +R8776 Coq.Lists.List.nil +R8792 Integers.ltu +R8803 Integers.repr +R8853 Coq.Init.Datatypes.None +R8821 Coq.Init.Datatypes.Some +R8827 Values.Vint +R8833 Integers.shr +R8862 Op.Oshrximm +R8882 Coq.Lists.List "x :: y" list_scope +R8874 Values.Vint +R8885 Coq.Lists.List.nil +R8901 Integers.ltu +R8912 Integers.repr +R8963 Coq.Init.Datatypes.None +R8930 Coq.Init.Datatypes.Some +R8936 Values.Vint +R8942 Integers.shrx +R8972 Op.Oshru +R8987 Coq.Lists.List "x :: y" list_scope +R8979 Values.Vint +R8998 Coq.Lists.List "x :: y" list_scope +R8990 Values.Vint +R9001 Coq.Lists.List.nil +R9017 Integers.ltu +R9029 Integers.repr +R9081 Coq.Init.Datatypes.None +R9047 Coq.Init.Datatypes.Some +R9053 Values.Vint +R9059 Integers.shru +R9090 Op.Orolm +R9117 Coq.Lists.List "x :: y" list_scope +R9109 Values.Vint +R9120 Coq.Lists.List.nil +R9133 Coq.Init.Datatypes.Some +R9139 Values.Vint +R9145 Integers.rolm +R9175 Op.Onegf +R9192 Coq.Lists.List "x :: y" list_scope +R9182 Values.Vfloat +R9195 Coq.Lists.List.nil +R9202 Coq.Init.Datatypes.Some +R9208 Values.Vfloat +R9216 Floats.neg +R9235 Op.Oabsf +R9252 Coq.Lists.List "x :: y" list_scope +R9242 Values.Vfloat +R9255 Coq.Lists.List.nil +R9262 Coq.Init.Datatypes.Some +R9268 Values.Vfloat +R9276 Floats.abs +R9295 Op.Oaddf +R9312 Coq.Lists.List "x :: y" list_scope +R9302 Values.Vfloat +R9325 Coq.Lists.List "x :: y" list_scope +R9315 Values.Vfloat +R9328 Coq.Lists.List.nil +R9335 Coq.Init.Datatypes.Some +R9341 Values.Vfloat +R9349 Floats.add +R9371 Op.Osubf +R9388 Coq.Lists.List "x :: y" list_scope +R9378 Values.Vfloat +R9401 Coq.Lists.List "x :: y" list_scope +R9391 Values.Vfloat +R9404 Coq.Lists.List.nil +R9411 Coq.Init.Datatypes.Some +R9417 Values.Vfloat +R9425 Floats.sub +R9447 Op.Omulf +R9464 Coq.Lists.List "x :: y" list_scope +R9454 Values.Vfloat +R9477 Coq.Lists.List "x :: y" list_scope +R9467 Values.Vfloat +R9480 Coq.Lists.List.nil +R9487 Coq.Init.Datatypes.Some +R9493 Values.Vfloat +R9501 Floats.mul +R9523 Op.Odivf +R9540 Coq.Lists.List "x :: y" list_scope +R9530 Values.Vfloat +R9553 Coq.Lists.List "x :: y" list_scope +R9543 Values.Vfloat +R9556 Coq.Lists.List.nil +R9563 Coq.Init.Datatypes.Some +R9569 Values.Vfloat +R9577 Floats.div +R9599 Op.Omuladdf +R9619 Coq.Lists.List "x :: y" list_scope +R9609 Values.Vfloat +R9632 Coq.Lists.List "x :: y" list_scope +R9622 Values.Vfloat +R9645 Coq.Lists.List "x :: y" list_scope +R9635 Values.Vfloat +R9648 Coq.Lists.List.nil +R9661 Coq.Init.Datatypes.Some +R9667 Values.Vfloat +R9675 Floats.add +R9686 Floats.mul +R9712 Op.Omulsubf +R9732 Coq.Lists.List "x :: y" list_scope +R9722 Values.Vfloat +R9745 Coq.Lists.List "x :: y" list_scope +R9735 Values.Vfloat +R9758 Coq.Lists.List "x :: y" list_scope +R9748 Values.Vfloat +R9761 Coq.Lists.List.nil +R9774 Coq.Init.Datatypes.Some +R9780 Values.Vfloat +R9788 Floats.sub +R9799 Floats.mul +R9825 Op.Osingleoffloat +R9851 Coq.Lists.List "x :: y" list_scope +R9841 Values.Vfloat +R9854 Coq.Lists.List.nil +R9867 Coq.Init.Datatypes.Some +R9873 Values.Vfloat +R9881 Floats.singleoffloat +R9910 Op.Ointoffloat +R9933 Coq.Lists.List "x :: y" list_scope +R9923 Values.Vfloat +R9936 Coq.Lists.List.nil +R9950 Coq.Init.Datatypes.Some +R9956 Values.Vint +R9962 Floats.intoffloat +R9988 Op.Ofloatofint +R10009 Coq.Lists.List "x :: y" list_scope +R10001 Values.Vint +R10012 Coq.Lists.List.nil +R10026 Coq.Init.Datatypes.Some +R10032 Values.Vfloat +R10040 Floats.floatofint +R10066 Op.Ofloatofintu +R10088 Coq.Lists.List "x :: y" list_scope +R10080 Values.Vint +R10091 Coq.Lists.List.nil +R10105 Coq.Init.Datatypes.Some +R10111 Values.Vfloat +R10119 Floats.floatofintu +R10146 Op.Ocmp +R10171 Op.eval_condition +R10204 Coq.Init.Datatypes.None +R10212 Coq.Init.Datatypes.None +R10225 Coq.Init.Datatypes.Some +R10230 Coq.Init.Datatypes.false +R10239 Coq.Init.Datatypes.Some +R10244 Values.Vfalse +R10259 Coq.Init.Datatypes.Some +R10264 Coq.Init.Datatypes.true +R10272 Coq.Init.Datatypes.Some +R10277 Values.Vtrue +R10305 Coq.Init.Datatypes.None +R6399 Coq.Lists.List.list +R6404 Values.val +R6383 Op.operation +R6369 Values.val +R6354 Globalenvs.t +R10425 Coq.Init.Datatypes.option +R10432 Values.val +R10465 Op.Aindexed +R10488 Coq.Lists.List "x :: y" list_scope +R10477 Values.Vptr +R10491 Coq.Lists.List.nil +R10504 Coq.Init.Datatypes.Some +R10510 Values.Vptr +R10519 Integers.add +R10538 Op.Aindexed2 +R10560 Coq.Lists.List "x :: y" list_scope +R10549 Values.Vptr +R10571 Coq.Lists.List "x :: y" list_scope +R10563 Values.Vint +R10574 Coq.Lists.List.nil +R10587 Coq.Init.Datatypes.Some +R10593 Values.Vptr +R10602 Integers.add +R10622 Op.Aindexed2 +R10641 Coq.Lists.List "x :: y" list_scope +R10633 Values.Vint +R10655 Coq.Lists.List "x :: y" list_scope +R10644 Values.Vptr +R10658 Coq.Lists.List.nil +R10671 Coq.Init.Datatypes.Some +R10677 Values.Vptr +R10686 Integers.add +R10706 Op.Aglobal +R10721 Coq.Lists.List.nil +R10740 Globalenvs.find_symbol +R10777 Coq.Init.Datatypes.None +R10785 Coq.Init.Datatypes.None +R10798 Coq.Init.Datatypes.Some +R10808 Coq.Init.Datatypes.Some +R10814 Values.Vptr +R10840 Op.Abased +R10862 Coq.Lists.List "x :: y" list_scope +R10854 Values.Vint +R10865 Coq.Lists.List.nil +R10884 Globalenvs.find_symbol +R10921 Coq.Init.Datatypes.None +R10929 Coq.Init.Datatypes.None +R10942 Coq.Init.Datatypes.Some +R10952 Coq.Init.Datatypes.Some +R10958 Values.Vptr +R10966 Integers.add +R10997 Op.Ainstack +R11011 Coq.Lists.List.nil +R11024 Op.offset_sp +R11053 Coq.Init.Datatypes.None +R10413 Coq.Lists.List.list +R10418 Values.val +R10396 Op.addressing +R10380 Values.val +R10365 Globalenvs.t +R11113 Op.condition +R11148 Op.Ccomp +R11159 Op.Ccomp +R11165 AST.negate_comparison +R11190 Op.Ccompu +R11202 Op.Ccompu +R11209 AST.negate_comparison +R11234 Op.Ccompimm +R11250 Op.Ccompimm +R11260 AST.negate_comparison +R11287 Op.Ccompuimm +R11304 Op.Ccompuimm +R11315 AST.negate_comparison +R11342 Op.Ccompf +R11354 Op.Cnotcompf +R11370 Op.Cnotcompf +R11385 Op.Ccompf +R11398 Op.Cmaskzero +R11413 Op.Cmasknotzero +R11432 Op.Cmasknotzero +R11450 Op.Cmaskzero +R11101 Op.condition +R11553 Coq.Init.Logic "x = y" type_scope +R11526 Coq.Lists.List.nil +R11539 Coq.Lists.List "x :: y" list_scope +R11555 Coq.Init.Datatypes.Some +R11711 Coq.Init.Logic "x = y" type_scope +R11649 Values.Vundef +R11663 Values.Vint +R11677 Values.Vfloat +R11693 Values.Vptr +R11713 Coq.Init.Datatypes.Some +R11800 Coq.Init.Logic "x = y" type_scope +R11793 Coq.Init.Datatypes.Some +R11802 Coq.Init.Datatypes.Some +R12020 Coq.Init.Logic "x = y" type_scope +R11978 Op.eval_compare_null +R11997 AST.negate_comparison +R12022 Coq.Init.Datatypes.Some +R12028 Coq.Bool.Bool.negb +R11964 Coq.Init.Logic "x = y" type_scope +R11942 Op.eval_compare_null +R11966 Coq.Init.Datatypes.Some +R12096 Integers.eq +R12105 Integers.zero +R12096 Integers.eq +R12105 Integers.zero +R12380 Coq.Init.Logic "x = y" type_scope +R12338 Op.eval_condition +R12354 Op.negate_condition +R12382 Coq.Init.Datatypes.Some +R12388 Coq.Bool.Bool.negb +R12324 Coq.Init.Logic "x = y" type_scope +R12301 Op.eval_condition +R12326 Coq.Init.Datatypes.Some +R12292 Coq.Init.Datatypes.bool +R12278 Coq.Lists.List.list +R12283 Values.val +R12262 Op.condition +R12483 Integers.negate_cmp +R12483 Integers.negate_cmp +R12513 Op.eval_negate_compare_null +R12513 Op.eval_negate_compare_null +R12553 Op.eval_negate_compare_null +R12553 Op.eval_negate_compare_null +R12597 Values.eq_block +R12597 Values.eq_block +R12622 Integers.negate_cmp +R12622 Integers.negate_cmp +R12676 Integers.negate_cmpu +R12676 Integers.negate_cmpu +R12707 Op.eval_negate_compare_null +R12707 Op.eval_negate_compare_null +R12747 Op.eval_negate_compare_null +R12747 Op.eval_negate_compare_null +R12791 Values.eq_block +R12791 Values.eq_block +R12816 Integers.negate_cmpu +R12816 Integers.negate_cmpu +R12871 Integers.negate_cmp +R12871 Integers.negate_cmp +R12901 Op.eval_negate_compare_null +R12901 Op.eval_negate_compare_null +R12943 Integers.negate_cmpu +R12943 Integers.negate_cmpu +R12974 Op.eval_negate_compare_null +R12974 Op.eval_negate_compare_null +R13024 Coq.Bool.Bool.negb_elim +R13024 Coq.Bool.Bool.negb_elim +R13059 Coq.Bool.Bool.negb_elim +R13059 Coq.Bool.Bool.negb_elim +R13139 Globalenvs.t +R13164 Globalenvs.t +R13248 Coq.Init.Logic "x = y" type_scope +R13225 Globalenvs.find_symbol +R13250 Globalenvs.find_symbol +R13217 AST.ident +R13356 Coq.Init.Logic "x = y" type_scope +R13328 Op.eval_operation +R13358 Op.eval_operation +R13580 Coq.Init.Logic "x = y" type_scope +R13549 Op.eval_addressing +R13582 Op.eval_addressing +R13854 Coq.Init.Datatypes.option +R13892 Op.Omove +R13903 Coq.Lists.List "x :: y" list_scope +R13906 Coq.Lists.List.nil +R13913 Coq.Init.Datatypes.Some +R13934 Coq.Init.Datatypes.None +R13844 Coq.Lists.List.list +R13826 Op.operation +R14090 Coq.Init.Logic "A /\ B" type_scope +R14082 Coq.Init.Logic "x = y" type_scope +R14084 Op.Omove +R14098 Coq.Init.Logic "x = y" type_scope +R14102 Coq.Lists.List "x :: y" list_scope +R14105 Coq.Lists.List.nil +R14065 Coq.Init.Logic "x = y" type_scope +R14039 Op.is_move_operation +R14067 Coq.Init.Datatypes.Some +R14021 Coq.Lists.List.list +R14003 Op.operation +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R14381 Coq.Lists.List.list +R14386 AST.typ +R14412 Op.Ccomp +R14428 Coq.Lists.List "x :: y" list_scope +R14423 AST.Tint +R14436 Coq.Lists.List "x :: y" list_scope +R14431 AST.Tint +R14439 Coq.Lists.List.nil +R14447 Op.Ccompu +R14464 Coq.Lists.List "x :: y" list_scope +R14459 AST.Tint +R14472 Coq.Lists.List "x :: y" list_scope +R14467 AST.Tint +R14475 Coq.Lists.List.nil +R14483 Op.Ccompimm +R14504 Coq.Lists.List "x :: y" list_scope +R14499 AST.Tint +R14507 Coq.Lists.List.nil +R14515 Op.Ccompuimm +R14537 Coq.Lists.List "x :: y" list_scope +R14532 AST.Tint +R14540 Coq.Lists.List.nil +R14548 Op.Ccompf +R14567 Coq.Lists.List "x :: y" list_scope +R14560 AST.Tfloat +R14577 Coq.Lists.List "x :: y" list_scope +R14570 AST.Tfloat +R14580 Coq.Lists.List.nil +R14588 Op.Cnotcompf +R14610 Coq.Lists.List "x :: y" list_scope +R14603 AST.Tfloat +R14620 Coq.Lists.List "x :: y" list_scope +R14613 AST.Tfloat +R14623 Coq.Lists.List.nil +R14631 Op.Cmaskzero +R14651 Coq.Lists.List "x :: y" list_scope +R14646 AST.Tint +R14654 Coq.Lists.List.nil +R14662 Op.Cmasknotzero +R14685 Coq.Lists.List "x :: y" list_scope +R14680 AST.Tint +R14688 Coq.Lists.List.nil +R14368 Op.condition +R14756 Coq.Init.Datatypes "x * y" type_scope +R14747 Coq.Lists.List.list +R14752 AST.typ +R14758 AST.typ +R14785 Op.Omove +R14794 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14795 Coq.Lists.List.nil +R14800 AST.Tint +R14836 Op.Ointconst +R14851 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14852 Coq.Lists.List.nil +R14857 AST.Tint +R14867 Op.Ofloatconst +R14884 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14885 Coq.Lists.List.nil +R14890 AST.Tfloat +R14902 Op.Oaddrsymbol +R14921 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14922 Coq.Lists.List.nil +R14927 AST.Tint +R14937 Op.Oaddrstack +R14953 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14954 Coq.Lists.List.nil +R14959 AST.Tint +R14969 Op.Oundef +R14979 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14980 Coq.Lists.List.nil +R14985 AST.Tint +R15020 Op.Ocast8signed +R15036 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15042 Coq.Lists.List "x :: y" list_scope +R15037 AST.Tint +R15045 Coq.Lists.List.nil +R15050 AST.Tint +R15060 Op.Ocast16signed +R15077 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15083 Coq.Lists.List "x :: y" list_scope +R15078 AST.Tint +R15086 Coq.Lists.List.nil +R15091 AST.Tint +R15101 Op.Oadd +R15109 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15115 Coq.Lists.List "x :: y" list_scope +R15110 AST.Tint +R15123 Coq.Lists.List "x :: y" list_scope +R15118 AST.Tint +R15126 Coq.Lists.List.nil +R15131 AST.Tint +R15141 Op.Oaddimm +R15154 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15160 Coq.Lists.List "x :: y" list_scope +R15155 AST.Tint +R15163 Coq.Lists.List.nil +R15168 AST.Tint +R15178 Op.Osub +R15186 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15192 Coq.Lists.List "x :: y" list_scope +R15187 AST.Tint +R15200 Coq.Lists.List "x :: y" list_scope +R15195 AST.Tint +R15203 Coq.Lists.List.nil +R15208 AST.Tint +R15218 Op.Osubimm +R15231 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15237 Coq.Lists.List "x :: y" list_scope +R15232 AST.Tint +R15240 Coq.Lists.List.nil +R15245 AST.Tint +R15255 Op.Omul +R15263 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15269 Coq.Lists.List "x :: y" list_scope +R15264 AST.Tint +R15277 Coq.Lists.List "x :: y" list_scope +R15272 AST.Tint +R15280 Coq.Lists.List.nil +R15285 AST.Tint +R15295 Op.Omulimm +R15308 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15314 Coq.Lists.List "x :: y" list_scope +R15309 AST.Tint +R15317 Coq.Lists.List.nil +R15322 AST.Tint +R15332 Op.Odiv +R15340 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15346 Coq.Lists.List "x :: y" list_scope +R15341 AST.Tint +R15354 Coq.Lists.List "x :: y" list_scope +R15349 AST.Tint +R15357 Coq.Lists.List.nil +R15362 AST.Tint +R15372 Op.Odivu +R15381 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15387 Coq.Lists.List "x :: y" list_scope +R15382 AST.Tint +R15395 Coq.Lists.List "x :: y" list_scope +R15390 AST.Tint +R15398 Coq.Lists.List.nil +R15403 AST.Tint +R15413 Op.Oand +R15421 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15427 Coq.Lists.List "x :: y" list_scope +R15422 AST.Tint +R15435 Coq.Lists.List "x :: y" list_scope +R15430 AST.Tint +R15438 Coq.Lists.List.nil +R15443 AST.Tint +R15453 Op.Oandimm +R15466 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15472 Coq.Lists.List "x :: y" list_scope +R15467 AST.Tint +R15475 Coq.Lists.List.nil +R15480 AST.Tint +R15490 Op.Oor +R15497 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15503 Coq.Lists.List "x :: y" list_scope +R15498 AST.Tint +R15511 Coq.Lists.List "x :: y" list_scope +R15506 AST.Tint +R15514 Coq.Lists.List.nil +R15519 AST.Tint +R15529 Op.Oorimm +R15541 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15547 Coq.Lists.List "x :: y" list_scope +R15542 AST.Tint +R15550 Coq.Lists.List.nil +R15555 AST.Tint +R15565 Op.Oxor +R15573 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15579 Coq.Lists.List "x :: y" list_scope +R15574 AST.Tint +R15587 Coq.Lists.List "x :: y" list_scope +R15582 AST.Tint +R15590 Coq.Lists.List.nil +R15595 AST.Tint +R15605 Op.Oxorimm +R15618 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15624 Coq.Lists.List "x :: y" list_scope +R15619 AST.Tint +R15627 Coq.Lists.List.nil +R15632 AST.Tint +R15642 Op.Onand +R15651 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15657 Coq.Lists.List "x :: y" list_scope +R15652 AST.Tint +R15665 Coq.Lists.List "x :: y" list_scope +R15660 AST.Tint +R15668 Coq.Lists.List.nil +R15673 AST.Tint +R15683 Op.Onor +R15691 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15697 Coq.Lists.List "x :: y" list_scope +R15692 AST.Tint +R15705 Coq.Lists.List "x :: y" list_scope +R15700 AST.Tint +R15708 Coq.Lists.List.nil +R15713 AST.Tint +R15723 Op.Onxor +R15732 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15738 Coq.Lists.List "x :: y" list_scope +R15733 AST.Tint +R15746 Coq.Lists.List "x :: y" list_scope +R15741 AST.Tint +R15749 Coq.Lists.List.nil +R15754 AST.Tint +R15764 Op.Oshl +R15772 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15778 Coq.Lists.List "x :: y" list_scope +R15773 AST.Tint +R15786 Coq.Lists.List "x :: y" list_scope +R15781 AST.Tint +R15789 Coq.Lists.List.nil +R15794 AST.Tint +R15804 Op.Oshr +R15812 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15818 Coq.Lists.List "x :: y" list_scope +R15813 AST.Tint +R15826 Coq.Lists.List "x :: y" list_scope +R15821 AST.Tint +R15829 Coq.Lists.List.nil +R15834 AST.Tint +R15844 Op.Oshrimm +R15857 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15863 Coq.Lists.List "x :: y" list_scope +R15858 AST.Tint +R15866 Coq.Lists.List.nil +R15871 AST.Tint +R15881 Op.Oshrximm +R15895 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15901 Coq.Lists.List "x :: y" list_scope +R15896 AST.Tint +R15904 Coq.Lists.List.nil +R15909 AST.Tint +R15919 Op.Oshru +R15928 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15934 Coq.Lists.List "x :: y" list_scope +R15929 AST.Tint +R15942 Coq.Lists.List "x :: y" list_scope +R15937 AST.Tint +R15945 Coq.Lists.List.nil +R15950 AST.Tint +R15960 Op.Orolm +R15973 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15979 Coq.Lists.List "x :: y" list_scope +R15974 AST.Tint +R15982 Coq.Lists.List.nil +R15987 AST.Tint +R15997 Op.Onegf +R16006 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16014 Coq.Lists.List "x :: y" list_scope +R16007 AST.Tfloat +R16017 Coq.Lists.List.nil +R16022 AST.Tfloat +R16034 Op.Oabsf +R16043 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16051 Coq.Lists.List "x :: y" list_scope +R16044 AST.Tfloat +R16054 Coq.Lists.List.nil +R16059 AST.Tfloat +R16071 Op.Oaddf +R16080 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16088 Coq.Lists.List "x :: y" list_scope +R16081 AST.Tfloat +R16098 Coq.Lists.List "x :: y" list_scope +R16091 AST.Tfloat +R16101 Coq.Lists.List.nil +R16106 AST.Tfloat +R16118 Op.Osubf +R16127 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16135 Coq.Lists.List "x :: y" list_scope +R16128 AST.Tfloat +R16145 Coq.Lists.List "x :: y" list_scope +R16138 AST.Tfloat +R16148 Coq.Lists.List.nil +R16153 AST.Tfloat +R16165 Op.Omulf +R16174 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16182 Coq.Lists.List "x :: y" list_scope +R16175 AST.Tfloat +R16192 Coq.Lists.List "x :: y" list_scope +R16185 AST.Tfloat +R16195 Coq.Lists.List.nil +R16200 AST.Tfloat +R16212 Op.Odivf +R16221 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16229 Coq.Lists.List "x :: y" list_scope +R16222 AST.Tfloat +R16239 Coq.Lists.List "x :: y" list_scope +R16232 AST.Tfloat +R16242 Coq.Lists.List.nil +R16247 AST.Tfloat +R16259 Op.Omuladdf +R16271 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16279 Coq.Lists.List "x :: y" list_scope +R16272 AST.Tfloat +R16289 Coq.Lists.List "x :: y" list_scope +R16282 AST.Tfloat +R16299 Coq.Lists.List "x :: y" list_scope +R16292 AST.Tfloat +R16302 Coq.Lists.List.nil +R16307 AST.Tfloat +R16319 Op.Omulsubf +R16331 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16339 Coq.Lists.List "x :: y" list_scope +R16332 AST.Tfloat +R16349 Coq.Lists.List "x :: y" list_scope +R16342 AST.Tfloat +R16359 Coq.Lists.List "x :: y" list_scope +R16352 AST.Tfloat +R16362 Coq.Lists.List.nil +R16367 AST.Tfloat +R16379 Op.Osingleoffloat +R16397 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16405 Coq.Lists.List "x :: y" list_scope +R16398 AST.Tfloat +R16408 Coq.Lists.List.nil +R16413 AST.Tfloat +R16425 Op.Ointoffloat +R16440 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16448 Coq.Lists.List "x :: y" list_scope +R16441 AST.Tfloat +R16451 Coq.Lists.List.nil +R16456 AST.Tint +R16466 Op.Ofloatofint +R16481 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16487 Coq.Lists.List "x :: y" list_scope +R16482 AST.Tint +R16490 Coq.Lists.List.nil +R16495 AST.Tfloat +R16507 Op.Ofloatofintu +R16523 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16529 Coq.Lists.List "x :: y" list_scope +R16524 AST.Tint +R16532 Coq.Lists.List.nil +R16537 AST.Tfloat +R16549 Op.Ocmp +R16559 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16560 Op.type_of_condition +R16581 AST.Tint +R14734 Op.operation +R16646 Coq.Lists.List.list +R16651 AST.typ +R16680 Op.Aindexed +R16699 Coq.Lists.List "x :: y" list_scope +R16694 AST.Tint +R16702 Coq.Lists.List.nil +R16710 Op.Aindexed2 +R16728 Coq.Lists.List "x :: y" list_scope +R16723 AST.Tint +R16736 Coq.Lists.List "x :: y" list_scope +R16731 AST.Tint +R16739 Coq.Lists.List.nil +R16747 Op.Aglobal +R16762 Coq.Lists.List.nil +R16770 Op.Abased +R16789 Coq.Lists.List "x :: y" list_scope +R16784 AST.Tint +R16792 Coq.Lists.List.nil +R16800 Op.Ainstack +R16814 Coq.Lists.List.nil +R16632 Op.addressing +R16871 AST.typ +R16897 AST.Mint8signed +R16912 AST.Tint +R16921 AST.Mint8unsigned +R16938 AST.Tint +R16947 AST.Mint16signed +R16963 AST.Tint +R16972 AST.Mint16unsigned +R16990 AST.Tint +R16999 AST.Mint32 +R17009 AST.Tint +R17018 AST.Mfloat32 +R17030 AST.Tfloat +R17041 AST.Mfloat64 +R17053 AST.Tfloat +R16855 AST.memory_chunk +R17120 Globalenvs.t +R17261 Values.has_type +R17277 Coq.Init.Datatypes.snd +R17282 Op.type_of_operation +R17247 Coq.Init.Logic "x = y" type_scope +R17218 Op.eval_operation +R17249 Coq.Init.Datatypes.Some +R17203 Coq.Init.Logic "x <> y" type_scope +R17206 Op.Oundef +R17188 Coq.Init.Logic "x <> y" type_scope +R17191 Op.Omove +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17383 Coq.Init.Logic.I +R17412 Globalenvs.find_symbol +R17476 Coq.Init.Logic.I +R17412 Globalenvs.find_symbol +R17476 Coq.Init.Logic.I +R17565 Coq.Init.Logic.I +R17565 Coq.Init.Logic.I +R17580 Values.eq_block +R17580 Values.eq_block +R17632 Coq.Init.Logic.I +R17632 Coq.Init.Logic.I +R17663 Integers.eq +R17673 Integers.zero +R17663 Integers.eq +R17673 Integers.zero +R17737 Coq.Init.Logic.I +R17737 Coq.Init.Logic.I +R17752 Integers.eq +R17762 Integers.zero +R17752 Integers.eq +R17762 Integers.zero +R17826 Coq.Init.Logic.I +R17826 Coq.Init.Logic.I +R17841 Integers.ltu +R17853 Integers.repr +R17841 Integers.ltu +R17853 Integers.repr +R17906 Coq.Init.Logic.I +R17906 Coq.Init.Logic.I +R17935 Integers.ltu +R17947 Integers.repr +R17935 Integers.ltu +R17947 Integers.repr +R18000 Coq.Init.Logic.I +R18000 Coq.Init.Logic.I +R18029 Integers.ltu +R18040 Integers.repr +R18029 Integers.ltu +R18040 Integers.repr +R18093 Coq.Init.Logic.I +R18093 Coq.Init.Logic.I +R18122 Integers.ltu +R18133 Integers.repr +R18122 Integers.ltu +R18133 Integers.repr +R18186 Coq.Init.Logic.I +R18186 Coq.Init.Logic.I +R18215 Integers.ltu +R18227 Integers.repr +R18215 Integers.ltu +R18227 Integers.repr +R18280 Coq.Init.Logic.I +R18280 Coq.Init.Logic.I +R18309 Op.eval_condition +R18309 Op.eval_condition +R18382 Coq.Init.Logic.I +R18382 Coq.Init.Logic.I +R18382 Coq.Init.Logic.I +R18500 Values.has_type +R18516 Op.type_of_chunk +R18486 Coq.Init.Logic "x = y" type_scope +R18463 Mem.loadv +R18488 Coq.Init.Datatypes.Some +R18580 Values.has_type +R18620 Op.type_of_chunk +R18594 Values.load_result +R18580 Values.has_type +R18620 Op.type_of_chunk +R18594 Values.load_result +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18679 Coq.Init.Logic.I +R18776 Mem.load_inv +R18776 Mem.load_inv +R19092 Globalenvs.t +R19158 Values.val +R19173 Globalenvs.find_symbol +R19207 Coq.Init.Datatypes.Some +R19217 Values.Vptr +R19232 Coq.Init.Datatypes.None +R19240 Values.Vundef +R19151 Integers.int +R19138 AST.ident +R19322 Values.val +R19355 Op.Ccomp +R19366 Coq.Lists.List "x :: y" list_scope +R19370 Coq.Lists.List "x :: y" list_scope +R19372 Coq.Lists.List.nil +R19379 Values.cmp +R19399 Op.Ccompu +R19411 Coq.Lists.List "x :: y" list_scope +R19415 Coq.Lists.List "x :: y" list_scope +R19417 Coq.Lists.List.nil +R19424 Values.cmpu +R19445 Op.Ccompimm +R19461 Coq.Lists.List "x :: y" list_scope +R19463 Coq.Lists.List.nil +R19470 Values.cmp +R19484 Values.Vint +R19496 Op.Ccompuimm +R19513 Coq.Lists.List "x :: y" list_scope +R19515 Coq.Lists.List.nil +R19522 Values.cmpu +R19537 Values.Vint +R19549 Op.Ccompf +R19561 Coq.Lists.List "x :: y" list_scope +R19565 Coq.Lists.List "x :: y" list_scope +R19567 Coq.Lists.List.nil +R19574 Values.cmpf +R19595 Op.Cnotcompf +R19610 Coq.Lists.List "x :: y" list_scope +R19614 Coq.Lists.List "x :: y" list_scope +R19616 Coq.Lists.List.nil +R19623 Values.notbool +R19635 Values.cmpf +R19657 Op.Cmaskzero +R19672 Coq.Lists.List "x :: y" list_scope +R19674 Coq.Lists.List.nil +R19681 Values.notbool +R19694 Values.and +R19706 Values.Vint +R19719 Op.Cmasknotzero +R19737 Coq.Lists.List "x :: y" list_scope +R19739 Coq.Lists.List.nil +R19746 Values.notbool +R19758 Values.notbool +R19771 Values.and +R19783 Values.Vint +R19805 Values.Vundef +R19310 Coq.Lists.List.list +R19315 Values.val +R19294 Op.condition +R19895 Values.val +R19926 Op.Omove +R19935 Coq.Lists.List "x :: y" list_scope +R19937 Coq.Lists.List.nil +R19951 Op.Ointconst +R19964 Coq.Lists.List.nil +R19971 Values.Vint +R19982 Op.Ofloatconst +R19997 Coq.Lists.List.nil +R20004 Values.Vfloat +R20017 Op.Oaddrsymbol +R20036 Coq.Lists.List.nil +R20043 Op.find_symbol_offset +R20072 Op.Oaddrstack +R20088 Coq.Lists.List.nil +R20095 Values.add +R20107 Values.Vint +R20121 Op.Oundef +R20129 Coq.Lists.List.nil +R20136 Values.Vundef +R20147 Op.Ocast8signed +R20163 Coq.Lists.List "x :: y" list_scope +R20165 Coq.Lists.List.nil +R20172 Values.cast8signed +R20195 Op.Ocast16signed +R20212 Coq.Lists.List "x :: y" list_scope +R20214 Coq.Lists.List.nil +R20221 Values.cast16signed +R20245 Op.Oadd +R20253 Coq.Lists.List "x :: y" list_scope +R20257 Coq.Lists.List "x :: y" list_scope +R20259 Coq.Lists.List.nil +R20266 Values.add +R20284 Op.Oaddimm +R20297 Coq.Lists.List "x :: y" list_scope +R20299 Coq.Lists.List.nil +R20306 Values.add +R20318 Values.Vint +R20330 Op.Osub +R20338 Coq.Lists.List "x :: y" list_scope +R20342 Coq.Lists.List "x :: y" list_scope +R20344 Coq.Lists.List.nil +R20351 Values.sub +R20369 Op.Osubimm +R20382 Coq.Lists.List "x :: y" list_scope +R20384 Coq.Lists.List.nil +R20391 Values.sub +R20400 Values.Vint +R20415 Op.Omul +R20423 Coq.Lists.List "x :: y" list_scope +R20427 Coq.Lists.List "x :: y" list_scope +R20429 Coq.Lists.List.nil +R20436 Values.mul +R20454 Op.Omulimm +R20467 Coq.Lists.List "x :: y" list_scope +R20469 Coq.Lists.List.nil +R20476 Values.mul +R20488 Values.Vint +R20500 Op.Odiv +R20508 Coq.Lists.List "x :: y" list_scope +R20512 Coq.Lists.List "x :: y" list_scope +R20514 Coq.Lists.List.nil +R20521 Values.divs +R20540 Op.Odivu +R20549 Coq.Lists.List "x :: y" list_scope +R20553 Coq.Lists.List "x :: y" list_scope +R20555 Coq.Lists.List.nil +R20562 Values.divu +R20581 Op.Oand +R20589 Coq.Lists.List "x :: y" list_scope +R20593 Coq.Lists.List "x :: y" list_scope +R20595 Coq.Lists.List.nil +R20602 Values.and +R20620 Op.Oandimm +R20633 Coq.Lists.List "x :: y" list_scope +R20635 Coq.Lists.List.nil +R20642 Values.and +R20654 Values.Vint +R20666 Op.Oor +R20673 Coq.Lists.List "x :: y" list_scope +R20677 Coq.Lists.List "x :: y" list_scope +R20679 Coq.Lists.List.nil +R20686 Values.or +R20703 Op.Oorimm +R20715 Coq.Lists.List "x :: y" list_scope +R20717 Coq.Lists.List.nil +R20724 Values.or +R20735 Values.Vint +R20747 Op.Oxor +R20755 Coq.Lists.List "x :: y" list_scope +R20759 Coq.Lists.List "x :: y" list_scope +R20761 Coq.Lists.List.nil +R20768 Values.xor +R20786 Op.Oxorimm +R20799 Coq.Lists.List "x :: y" list_scope +R20801 Coq.Lists.List.nil +R20808 Values.xor +R20820 Values.Vint +R20832 Op.Onand +R20841 Coq.Lists.List "x :: y" list_scope +R20845 Coq.Lists.List "x :: y" list_scope +R20847 Coq.Lists.List.nil +R20854 Values.notint +R20865 Values.and +R20884 Op.Onor +R20892 Coq.Lists.List "x :: y" list_scope +R20896 Coq.Lists.List "x :: y" list_scope +R20898 Coq.Lists.List.nil +R20905 Values.notint +R20916 Values.or +R20934 Op.Onxor +R20943 Coq.Lists.List "x :: y" list_scope +R20947 Coq.Lists.List "x :: y" list_scope +R20949 Coq.Lists.List.nil +R20956 Values.notint +R20967 Values.xor +R20986 Op.Oshl +R20994 Coq.Lists.List "x :: y" list_scope +R20998 Coq.Lists.List "x :: y" list_scope +R21000 Coq.Lists.List.nil +R21007 Values.shl +R21025 Op.Oshr +R21033 Coq.Lists.List "x :: y" list_scope +R21037 Coq.Lists.List "x :: y" list_scope +R21039 Coq.Lists.List.nil +R21046 Values.shr +R21064 Op.Oshrimm +R21077 Coq.Lists.List "x :: y" list_scope +R21079 Coq.Lists.List.nil +R21086 Values.shr +R21098 Values.Vint +R21110 Op.Oshrximm +R21124 Coq.Lists.List "x :: y" list_scope +R21126 Coq.Lists.List.nil +R21133 Values.shrx +R21146 Values.Vint +R21158 Op.Oshru +R21167 Coq.Lists.List "x :: y" list_scope +R21171 Coq.Lists.List "x :: y" list_scope +R21173 Coq.Lists.List.nil +R21180 Values.shru +R21199 Op.Orolm +R21220 Coq.Lists.List "x :: y" list_scope +R21222 Coq.Lists.List.nil +R21229 Values.rolm +R21257 Op.Onegf +R21266 Coq.Lists.List "x :: y" list_scope +R21268 Coq.Lists.List.nil +R21275 Values.negf +R21291 Op.Oabsf +R21300 Coq.Lists.List "x :: y" list_scope +R21302 Coq.Lists.List.nil +R21309 Values.absf +R21325 Op.Oaddf +R21334 Coq.Lists.List "x :: y" list_scope +R21338 Coq.Lists.List "x :: y" list_scope +R21340 Coq.Lists.List.nil +R21347 Values.addf +R21366 Op.Osubf +R21375 Coq.Lists.List "x :: y" list_scope +R21379 Coq.Lists.List "x :: y" list_scope +R21381 Coq.Lists.List.nil +R21388 Values.subf +R21407 Op.Omulf +R21416 Coq.Lists.List "x :: y" list_scope +R21420 Coq.Lists.List "x :: y" list_scope +R21422 Coq.Lists.List.nil +R21429 Values.mulf +R21448 Op.Odivf +R21457 Coq.Lists.List "x :: y" list_scope +R21461 Coq.Lists.List "x :: y" list_scope +R21463 Coq.Lists.List.nil +R21470 Values.divf +R21489 Op.Omuladdf +R21501 Coq.Lists.List "x :: y" list_scope +R21505 Coq.Lists.List "x :: y" list_scope +R21509 Coq.Lists.List "x :: y" list_scope +R21511 Coq.Lists.List.nil +R21518 Values.addf +R21528 Values.mulf +R21551 Op.Omulsubf +R21563 Coq.Lists.List "x :: y" list_scope +R21567 Coq.Lists.List "x :: y" list_scope +R21571 Coq.Lists.List "x :: y" list_scope +R21573 Coq.Lists.List.nil +R21580 Values.subf +R21590 Values.mulf +R21613 Op.Osingleoffloat +R21631 Coq.Lists.List "x :: y" list_scope +R21633 Coq.Lists.List.nil +R21640 Values.singleoffloat +R21665 Op.Ointoffloat +R21680 Coq.Lists.List "x :: y" list_scope +R21682 Coq.Lists.List.nil +R21689 Values.intoffloat +R21711 Op.Ofloatofint +R21726 Coq.Lists.List "x :: y" list_scope +R21728 Coq.Lists.List.nil +R21735 Values.floatofint +R21757 Op.Ofloatofintu +R21773 Coq.Lists.List "x :: y" list_scope +R21775 Coq.Lists.List.nil +R21782 Values.floatofintu +R21805 Op.Ocmp +R21818 Op.eval_condition_total +R21856 Values.Vundef +R19883 Coq.Lists.List.list +R19888 Values.val +R19867 Op.operation +R19857 Values.val +R21954 Values.val +R21987 Op.Aindexed +R22001 Coq.Lists.List "x :: y" list_scope +R22003 Coq.Lists.List.nil +R22010 Values.add +R22022 Values.Vint +R22034 Op.Aindexed2 +R22047 Coq.Lists.List "x :: y" list_scope +R22051 Coq.Lists.List "x :: y" list_scope +R22053 Coq.Lists.List.nil +R22060 Values.add +R22078 Op.Aglobal +R22093 Coq.Lists.List.nil +R22100 Op.find_symbol_offset +R22129 Op.Abased +R22145 Coq.Lists.List "x :: y" list_scope +R22147 Coq.Lists.List.nil +R22154 Values.add +R22163 Op.find_symbol_offset +R22196 Op.Ainstack +R22210 Coq.Lists.List.nil +R22217 Values.add +R22229 Values.Vint +R22251 Values.Vundef +R21942 Coq.Lists.List.list +R21947 Values.val +R21925 Op.addressing +R21913 Values.val +R22409 Coq.Init.Logic "x = y" type_scope +R22356 Integers.eq +R22365 Integers.zero +R22403 Values.Vundef +R22379 Values.cmp_mismatch +R22413 Values.of_bool +R22338 Coq.Init.Logic "x = y" type_scope +R22316 Op.eval_compare_null +R22340 Coq.Init.Datatypes.Some +R22484 Integers.eq +R22493 Integers.zero +R22484 Integers.eq +R22493 Integers.zero +R22694 Coq.Init.Logic "x = y" type_scope +R22668 Op.eval_condition_total +R22696 Values.of_bool +R22654 Coq.Init.Logic "x = y" type_scope +R22634 Op.eval_condition +R22656 Coq.Init.Datatypes.Some +R22832 Op.eval_compare_null_weaken +R22832 Op.eval_compare_null_weaken +R22832 Op.eval_compare_null_weaken +R22832 Op.eval_compare_null_weaken +R22832 Op.eval_compare_null_weaken +R22832 Op.eval_compare_null_weaken +R22832 Op.eval_compare_null_weaken +R22832 Op.eval_compare_null_weaken +R22832 Op.eval_compare_null_weaken +R22832 Op.eval_compare_null_weaken +R22832 Op.eval_compare_null_weaken +R22899 Coqlib.zeq +R22899 Coqlib.zeq +R22957 Coqlib.zeq +R22957 Coqlib.zeq +R22999 Values.notbool_negb_1 +R22999 Values.notbool_negb_1 +R23038 Values.notbool_negb_1 +R23038 Values.notbool_negb_1 +R23190 Coq.Init.Logic "x = y" type_scope +R23160 Op.eval_operation_total +R23146 Coq.Init.Logic "x = y" type_scope +R23117 Op.eval_operation +R23148 Coq.Init.Datatypes.Some +R23345 Globalenvs.find_symbol +R23345 Globalenvs.find_symbol +R23515 Coqlib.zeq +R23515 Coqlib.zeq +R23550 Integers.eq +R23560 Integers.zero +R23550 Integers.eq +R23560 Integers.zero +R23595 Integers.eq +R23605 Integers.zero +R23595 Integers.eq +R23605 Integers.zero +R23640 Integers.ltu +R23652 Integers.repr +R23640 Integers.ltu +R23652 Integers.repr +R23691 Integers.ltu +R23703 Integers.repr +R23691 Integers.ltu +R23703 Integers.repr +R23742 Integers.ltu +R23753 Integers.repr +R23742 Integers.ltu +R23753 Integers.repr +R23792 Integers.ltu +R23803 Integers.repr +R23792 Integers.ltu +R23803 Integers.repr +R23842 Integers.ltu +R23854 Integers.repr +R23842 Integers.ltu +R23854 Integers.repr +R23891 Op.eval_condition +R23891 Op.eval_condition +R23956 Values.of_bool +R23956 Values.of_bool +R23980 Op.eval_condition_weaken +R23980 Op.eval_condition_weaken +R24198 Coq.Init.Logic "x = y" type_scope +R24165 Op.eval_addressing_total +R24151 Coq.Init.Logic "x = y" type_scope +R24119 Op.eval_addressing +R24153 Coq.Init.Datatypes.Some +R24329 Integers.add_commut +R24329 Integers.add_commut +R24387 Globalenvs.find_symbol +R24387 Globalenvs.find_symbol +R24466 Globalenvs.find_symbol +R24466 Globalenvs.find_symbol +R24653 Values.is_bool +R24666 Op.eval_condition_total +R24754 Values.undef_is_bool +R24798 Values.undef_is_bool +R24847 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24754 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24798 Values.undef_is_bool +R24847 Values.undef_is_bool +R24847 Values.undef_is_bool +R24847 Values.undef_is_bool +R24847 Values.undef_is_bool +R24847 Values.undef_is_bool +R24847 Values.undef_is_bool +R24847 Values.undef_is_bool +R24847 Values.undef_is_bool +R24882 Values.cmp_is_bool +R24882 Values.cmp_is_bool +R24907 Values.cmpu_is_bool +R24907 Values.cmpu_is_bool +R24933 Values.cmp_is_bool +R24933 Values.cmp_is_bool +R24958 Values.cmpu_is_bool +R24958 Values.cmpu_is_bool +R24984 Values.cmpf_is_bool +R24984 Values.cmpf_is_bool +R25010 Values.notbool_is_bool +R25010 Values.notbool_is_bool +R25039 Values.notbool_is_bool +R25039 Values.notbool_is_bool +R25068 Values.notbool_is_bool +R25068 Values.notbool_is_bool +FCminor +R260 AST.ident +R288 AST.ident +R320 Op.operation +R378 Op.addressing +R362 AST.memory_chunk +R438 Op.addressing +R422 AST.memory_chunk +R489 AST.signature +R623 Coq.Init.Datatypes.nat +R714 Op.condition +R931 Cminor.expr +R961 Cminor.condexpr +R1070 Coq.Init.Datatypes.nat +R1095 Coq.Init.Datatypes.option +R1102 Cminor.expr +R1248 AST.signature +R1272 Coq.Lists.List.list +R1277 AST.ident +R1295 Coq.Lists.List.list +R1300 AST.ident +R1324 Coq.ZArith.BinInt.Z +R1338 Cminor.stmtlist +R1373 AST.program +R1385 Cminor.function +R1489 Coq.Init.Datatypes.nat +R1520 Coq.Init.Datatypes.option +R1527 Values.val +R1669 Cminor.Out_normal +R1681 Coq.Init.Datatypes.None +R1691 Coq.Init.Logic "x = y" type_scope +R1693 Values.Vundef +R1704 Cminor.Out_return +R1715 Coq.Init.Datatypes.None +R1721 Coq.Init.Datatypes.None +R1731 Coq.Init.Logic "x = y" type_scope +R1733 Values.Vundef +R1744 Cminor.Out_return +R1756 Coq.Init.Datatypes.Some +R1766 Coq.Init.Datatypes.Some +R1779 Coq.Init.Logic "x = y" type_scope +R1796 Coq.Init.Logic.False +R1629 Values.val +R1613 Coq.Init.Datatypes.option +R1620 AST.typ +R1599 Cminor.outcome +R1852 Cminor.outcome +R1884 Cminor.Out_normal +R1898 Cminor.Out_normal +R1913 Cminor.Out_exit +R1922 Coq.Init.Datatypes.O +R1927 Cminor.Out_normal +R1942 Cminor.Out_exit +R1952 Coq.Init.Datatypes.S +R1960 Cminor.Out_exit +R1975 Cminor.Out_return +R1994 Cminor.Out_return +R1841 Cminor.outcome +R2037 Globalenvs.t +R2044 Cminor.function +R2072 Maps.t +R2080 Values.val +R2106 Coq.Lists.List.list +R2111 Values.val +R2183 Cminor.env +R2157 Coq.Lists.List.list +R2162 AST.ident +R2142 Coq.Lists.List.list +R2147 Values.val +R2217 Coq.Lists.List "x :: y" list_scope +R2227 Coq.Lists.List "x :: y" list_scope +R2236 Maps.set +R2278 Coq.Lists.List "x :: y" list_scope +R2285 Coq.Lists.List.nil +R2292 Maps.set +R2324 Coq.Lists.List.nil +R2305 Values.Vundef +R2344 Maps.empty +R2356 Values.val +R2157 Coq.Lists.List.list +R2162 AST.ident +R2142 Coq.Lists.List.list +R2147 Values.val +R2428 Cminor.env +R2409 Cminor.env +R2393 Coq.Lists.List.list +R2398 AST.ident +R2455 Coq.Lists.List.nil +R2471 Coq.Lists.List "x :: y" list_scope +R2480 Maps.set +R2493 Values.Vundef +R2409 Cminor.env +R2393 Coq.Lists.List.list +R2398 AST.ident +R2556 Cminor.genv +R2664 Values.val +R2657 Mem.mem +R2650 Cminor.env +R2633 Cminor.expr +R2626 Mem.mem +R2619 Cminor.env +R2600 Cminor.letenv +R2593 Values.val +R4702 Coq.Init.Datatypes.bool +R4695 Mem.mem +R4688 Cminor.env +R4667 Cminor.condexpr +R4660 Mem.mem +R4653 Cminor.env +R4634 Cminor.letenv +R4627 Values.val +R5446 Coq.Lists.List.list +R5451 Values.val +R5439 Mem.mem +R5432 Cminor.env +R5411 Cminor.exprlist +R5404 Mem.mem +R5397 Cminor.env +R5378 Cminor.letenv +R5371 Values.val +R5829 Values.val +R5822 Mem.mem +R5802 Coq.Lists.List.list +R5807 Values.val +R5790 Cminor.function +R5783 Mem.mem +R6303 Cminor.outcome +R6296 Mem.mem +R6289 Cminor.env +R6272 Cminor.stmt +R6265 Mem.mem +R6258 Cminor.env +R6242 Values.val +R7681 Cminor.outcome +R7674 Mem.mem +R7667 Cminor.env +R7646 Cminor.stmtlist +R7639 Mem.mem +R7632 Cminor.env +R7616 Values.val +R2783 Cminor.Evar +R2744 Coq.Init.Logic "x = y" type_scope +R2729 Maps.get +R2746 Coq.Init.Datatypes.Some +R2934 Maps.set +R2919 Cminor.Eassign +R3130 Cminor.Eop +R3091 Coq.Init.Logic "x = y" type_scope +R3064 Op.eval_operation +R3093 Coq.Init.Datatypes.Some +R3375 Cminor.Eload +R3336 Coq.Init.Logic "x = y" type_scope +R3315 Mem.loadv +R3338 Coq.Init.Datatypes.Some +R3297 Coq.Init.Logic "x = y" type_scope +R3267 Op.eval_addressing +R3299 Coq.Init.Datatypes.Some +R3687 Cminor.Estore +R3647 Coq.Init.Logic "x = y" type_scope +R3623 Mem.storev +R3649 Coq.Init.Datatypes.Some +R3605 Coq.Init.Logic "x = y" type_scope +R3575 Op.eval_addressing +R3607 Coq.Init.Datatypes.Some +R4023 Cminor.Ecall +R3946 Coq.Init.Logic "x = y" type_scope +R3938 Cminor.fn_sig +R3917 Coq.Init.Logic "x = y" type_scope +R3895 Globalenvs.find_funct +R3919 Coq.Init.Datatypes.Some +R4252 Cminor.Econdition +R4455 Cminor.Elet +R4402 Coq.Lists.List "x :: y" list_scope +R4580 Cminor.Eletvar +R4541 Coq.Init.Logic "x = y" type_scope +R4526 Coq.Lists.List.nth_error +R4543 Coq.Init.Datatypes.Some +R4800 Coq.Init.Datatypes.true +R4789 Cminor.CEtrue +R4889 Coq.Init.Datatypes.false +R4877 Cminor.CEfalse +R5072 Cminor.CEcond +R5029 Coq.Init.Logic "x = y" type_scope +R5006 Op.eval_condition +R5031 Coq.Init.Datatypes.Some +R5312 Cminor.CEcondition +R5544 Coq.Lists.List.nil +R5535 Cminor.Enil +R5748 Coq.Lists.List "x :: y" list_scope +R5727 Cminor.Econs +R6195 Mem.free +R6111 Cminor.outcome_result_value +R6148 AST.sig_res +R6139 Cminor.fn_sig +R6083 Cminor.fn_body +R6057 Values.Vptr +R6065 Integers.zero +R6029 Coq.Init.Logic "x = y" type_scope +R5973 Cminor.set_locals +R5997 Cminor.set_params +R6017 Cminor.fn_params +R5987 Cminor.fn_vars +R5953 Coq.Init.Logic "x = y" type_scope +R5921 Mem.alloc +R5938 Cminor.fn_stackspace +R5955 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R6448 Cminor.Out_normal +R6433 Cminor.Sexpr +R6388 Coq.Lists.List.nil +R6668 Cminor.Sifthenelse +R6554 Coq.Lists.List.nil +R6885 Cminor.Sloop +R6838 Cminor.Sloop +R6798 Cminor.Out_normal +R7054 Cminor.Sloop +R7013 Coq.Init.Logic "x <> y" type_scope +R7016 Cminor.Out_normal +R7210 Cminor.outcome_block +R7192 Cminor.Sblock +R7306 Cminor.Out_exit +R7292 Cminor.Sexit +R7405 Cminor.Out_return +R7416 Coq.Init.Datatypes.None +R7386 Cminor.Sreturn +R7394 Coq.Init.Datatypes.None +R7565 Cminor.Out_return +R7577 Coq.Init.Datatypes.Some +R7540 Cminor.Sreturn +R7549 Coq.Init.Datatypes.Some +R7495 Coq.Lists.List.nil +R7772 Cminor.Out_normal +R7763 Cminor.Snil +R7968 Cminor.Scons +R7881 Cminor.Out_normal +R8140 Cminor.Scons +R8095 Coq.Init.Logic "x <> y" type_scope +R8098 Cminor.Out_normal +R8298 Coq.Init.Logic "'exists' x , p" type_scope +R8308 Coq.Init.Logic "'exists' x , p" type_scope +R8318 Coq.Init.Logic "'exists' x , p" type_scope +R8373 Coq.Init.Logic "A /\ B" type_scope +R8364 Coq.Init.Logic "x = y" type_scope +R8330 Globalenvs.find_symbol +R8353 AST.prog_main +R8366 Coq.Init.Datatypes.Some +R8412 Coq.Init.Logic "A /\ B" type_scope +R8403 Coq.Init.Logic "x = y" type_scope +R8378 Globalenvs.find_funct_ptr +R8405 Coq.Init.Datatypes.Some +R8458 Coq.Init.Logic "A /\ B" type_scope +R8428 Coq.Init.Logic "x = y" type_scope +R8420 Cminor.fn_sig +R8430 AST.mksignature +R8447 Coq.Init.Datatypes.Some +R8452 AST.Tint +R8442 Coq.Lists.List.nil +R8463 Cminor.eval_funcall +R8484 Coq.Lists.List.nil +R8277 Globalenvs.init_mem +R8245 Globalenvs.globalenv +R8218 Values.val +R8205 Cminor.program +FCmconstr +R378 Cminor.expr +R360 Cminor.expr +R351 Coq.Init.Datatypes.nat +R1026 Cminor.condexpr +R1004 Cminor.condexpr +R995 Coq.Init.Datatypes.nat +R1316 Cminor.exprlist +R1294 Cminor.exprlist +R1285 Coq.Init.Datatypes.nat +R405 Cminor.Evar +R416 Cminor.Evar +R428 Cminor.Eassign +R444 Cminor.Eassign +R475 Cminor.Eop +R488 Cminor.Eop +R520 Cminor.Eload +R543 Cminor.Eload +R585 Cminor.Estore +R617 Cminor.Estore +R676 Cminor.Ecall +R694 Cminor.Ecall +R745 Cminor.Econdition +R771 Cminor.Econdition +R838 Cminor.Elet +R850 Cminor.Elet +R883 Coq.Init.Datatypes.S +R895 Cminor.Eletvar +R917 Coq.Arith.Compare_dec.le_gt_dec +R955 Cminor.Eletvar +R936 Cminor.Eletvar +R945 Coq.Init.Datatypes.S +R360 Cminor.expr +R351 Coq.Init.Datatypes.nat +R1057 Cminor.CEtrue +R1067 Cminor.CEtrue +R1078 Cminor.CEfalse +R1089 Cminor.CEfalse +R1101 Cminor.CEcond +R1119 Cminor.CEcond +R1156 Cminor.CEcondition +R1183 Cminor.CEcondition +R1004 Cminor.condexpr +R995 Coq.Init.Datatypes.nat +R1347 Cminor.Enil +R1355 Cminor.Enil +R1364 Cminor.Econs +R1378 Cminor.Econs +R1294 Cminor.exprlist +R1285 Coq.Init.Datatypes.nat +R1456 Cminor.expr +R1464 Cmconstr.lift_expr +R1474 Coq.Init.Datatypes.O +R1449 Cminor.expr +R1495 Cminor.Econs +R1636 Cminor.Eop +R1662 Cmconstr "x ::: y" cminor_scope +R1666 Cminor.Enil +R1641 Op.Osubimm +R1649 Integers.zero +R1627 Cminor.expr +R1706 Cminor.Eop +R1719 Cmconstr "x ::: y" cminor_scope +R1723 Cminor.Enil +R1710 Op.Onegf +R1697 Cminor.expr +R1763 Cminor.Eop +R1776 Cmconstr "x ::: y" cminor_scope +R1780 Cminor.Enil +R1767 Op.Oabsf +R1754 Cminor.expr +R1822 Cminor.Eop +R1841 Cmconstr "x ::: y" cminor_scope +R1845 Cminor.Enil +R1826 Op.Ointoffloat +R1813 Cminor.expr +R1887 Cminor.Eop +R1906 Cmconstr "x ::: y" cminor_scope +R1910 Cminor.Enil +R1891 Op.Ofloatofint +R1878 Cminor.expr +R1953 Cminor.Eop +R1973 Cmconstr "x ::: y" cminor_scope +R1977 Cminor.Enil +R1957 Op.Ofloatofintu +R1944 Cminor.expr +R2313 Cminor.expr +R2401 Cminor.Eop +R2413 Cmconstr "x ::: y" cminor_scope +R2418 Cmconstr "x ::: y" cminor_scope +R2421 Cminor.Enil +R2405 Op.Oand +R2374 Cminor.expr +R2363 Cminor.expr +R2502 Cminor.Eop +R2513 Cmconstr "x ::: y" cminor_scope +R2518 Cmconstr "x ::: y" cminor_scope +R2521 Cminor.Enil +R2506 Op.Oor +R2475 Cminor.expr +R2464 Cminor.expr +R2602 Cminor.Eop +R2614 Cmconstr "x ::: y" cminor_scope +R2619 Cmconstr "x ::: y" cminor_scope +R2622 Cminor.Enil +R2606 Op.Oxor +R2575 Cminor.expr +R2564 Cminor.expr +R2666 Cminor.expr +R2756 Cmconstr.notint_cases +R2781 Cminor.Eop +R2785 Op.Oand +R2793 Cmconstr "x ::: y" cminor_scope +R2798 Cmconstr "x ::: y" cminor_scope +R2801 Cminor.Enil +R2816 Cmconstr.notint_case1 +R2839 Cminor.Eop +R2843 Op.Oor +R2850 Cmconstr "x ::: y" cminor_scope +R2855 Cmconstr "x ::: y" cminor_scope +R2858 Cminor.Enil +R2873 Cmconstr.notint_case2 +R2896 Cminor.Eop +R2900 Op.Oxor +R2908 Cmconstr "x ::: y" cminor_scope +R2913 Cmconstr "x ::: y" cminor_scope +R2916 Cminor.Enil +R2931 Cmconstr.notint_case3 +R2965 Cmconstr.notint_default +R2724 Cminor.expr +R3029 Cmconstr.notint_match +R3053 Cmconstr.notint_case1 +R3081 Cminor.Eop +R3094 Cmconstr "x ::: y" cminor_scope +R3099 Cmconstr "x ::: y" cminor_scope +R3102 Cminor.Enil +R3085 Op.Onand +R3112 Cmconstr.notint_case2 +R3140 Cminor.Eop +R3152 Cmconstr "x ::: y" cminor_scope +R3157 Cmconstr "x ::: y" cminor_scope +R3160 Cminor.Enil +R3144 Op.Onor +R3170 Cmconstr.notint_case3 +R3198 Cminor.Eop +R3211 Cmconstr "x ::: y" cminor_scope +R3216 Cmconstr "x ::: y" cminor_scope +R3219 Cminor.Enil +R3202 Op.Onxor +R3229 Cmconstr.notint_default +R3255 Cminor.Elet +R3263 Cminor.Eop +R3283 Cmconstr "x ::: y" cminor_scope +R3273 Cminor.Eletvar +R3281 Coq.Init.Datatypes.O +R3297 Cmconstr "x ::: y" cminor_scope +R3287 Cminor.Eletvar +R3295 Coq.Init.Datatypes.O +R3301 Cminor.Enil +R3267 Op.Onor +R3012 Cminor.expr +R3355 Cminor.Eop +R3394 Cmconstr "x ::: y" cminor_scope +R3398 Cminor.Enil +R3360 Op.Ocmp +R3366 Op.Ccompuimm +R3380 Integers.zero +R3376 AST.Ceq +R3344 Cminor.expr +R3446 Cminor.expr +R3427 Cminor.expr +R3473 Cminor.Eop +R3478 Op.Ointconst +R3491 Cminor.Enil +R3505 Cminor.Eop +R3571 Cminor.Enil +R3510 Op.Ointconst +R3524 Integers.eq +R3533 Integers.zero +R3560 Integers.zero +R3547 Integers.one +R3580 Cminor.Eop +R3585 Op.Ocmp +R3610 Cminor.Eop +R3615 Op.Ocmp +R3621 Op.negate_condition +R3654 Cminor.Econdition +R3683 Cminor.Econdition +R3738 Cmconstr.notbool_base +R3427 Cminor.expr +R3797 Cminor.Eop +R3817 Cmconstr "x ::: y" cminor_scope +R3821 Cminor.Enil +R3801 Op.Ocast8signed +R3788 Cminor.expr +R3869 Cminor.Eop +R3908 Cmconstr "x ::: y" cminor_scope +R3912 Cminor.Enil +R3874 Op.Orolm +R3890 Integers.repr +R3880 Integers.zero +R3858 Cminor.expr +R3958 Cminor.Eop +R3979 Cmconstr "x ::: y" cminor_scope +R3983 Cminor.Enil +R3962 Op.Ocast16signed +R3947 Cminor.expr +R4031 Cminor.Eop +R4072 Cmconstr "x ::: y" cminor_scope +R4076 Cminor.Enil +R4036 Op.Orolm +R4052 Integers.repr +R4042 Integers.zero +R4020 Cminor.expr +R4123 Cminor.Eop +R4145 Cmconstr "x ::: y" cminor_scope +R4149 Cminor.Enil +R4127 Op.Osingleoffloat +R4112 Cminor.expr +R4619 Cminor.expr +R4694 Cminor.Eop +R4712 Cminor.Enil +R4699 Op.Ointconst +R4668 Integers.int +R4790 Cminor.Eop +R4812 Cminor.Enil +R4795 Op.Oaddrsymbol +R4764 Integers.int +R4753 AST.ident +R4879 Cminor.Eop +R4898 Cminor.Enil +R4884 Op.Oaddrstack +R4853 Integers.int +R4975 Cminor.Eop +R4994 Cmconstr "x ::: y" cminor_scope +R4998 Cminor.Enil +R4980 Op.Oaddimm +R4948 Cminor.expr +R4939 Integers.int +R5042 Cminor.expr +R5132 Cmconstr.addimm_cases +R5157 Cminor.Eop +R5162 Op.Ointconst +R5175 Cminor.Enil +R5189 Cmconstr.addimm_case1 +R5208 Cminor.Eop +R5213 Op.Oaddrsymbol +R5230 Cminor.Enil +R5244 Cmconstr.addimm_case2 +R5265 Cminor.Eop +R5270 Op.Oaddrstack +R5284 Cminor.Enil +R5298 Cmconstr.addimm_case3 +R5317 Cminor.Eop +R5322 Op.Oaddimm +R5336 Cmconstr "x ::: y" cminor_scope +R5340 Cminor.Enil +R5355 Cmconstr.addimm_case4 +R5387 Cmconstr.addimm_default +R5100 Cminor.expr +R5457 Integers.eq +R5466 Integers.zero +R5495 Cmconstr.addimm_match +R5519 Cmconstr.addimm_case1 +R5543 Cminor.Eop +R5572 Cminor.Enil +R5548 Op.Ointconst +R5558 Integers.add +R5581 Cmconstr.addimm_case2 +R5607 Cminor.Eop +R5641 Cminor.Enil +R5612 Op.Oaddrsymbol +R5627 Integers.add +R5650 Cmconstr.addimm_case3 +R5674 Cminor.Eop +R5705 Cminor.Enil +R5679 Op.Oaddrstack +R5691 Integers.add +R5714 Cmconstr.addimm_case4 +R5740 Cminor.Eop +R5770 Cmconstr "x ::: y" cminor_scope +R5774 Cminor.Enil +R5745 Op.Oaddimm +R5753 Integers.add +R5784 Cmconstr.addimm_default +R5810 Cminor.Eop +R5829 Cmconstr "x ::: y" cminor_scope +R5833 Cminor.Enil +R5815 Op.Oaddimm +R5443 Cminor.expr +R5434 Integers.int +R6372 Cminor.expr +R6361 Cminor.expr +R6453 Cminor.Eop +R6472 Cminor.Enil +R6458 Op.Ointconst +R6429 Cminor.expr +R6419 Integers.int +R6602 Cminor.Eop +R6622 Cmconstr "x ::: y" cminor_scope +R6625 Cminor.Enil +R6607 Op.Oaddimm +R6571 Cminor.Eop +R6591 Cmconstr "x ::: y" cminor_scope +R6594 Cminor.Enil +R6576 Op.Oaddimm +R6547 Cminor.expr +R6537 Integers.int +R6526 Cminor.expr +R6516 Integers.int +R6710 Cminor.Eop +R6729 Cmconstr "x ::: y" cminor_scope +R6732 Cminor.Enil +R6714 Op.Oaddimm +R6686 Cminor.expr +R6675 Cminor.expr +R6665 Integers.int +R6816 Cminor.Eop +R6835 Cminor.Enil +R6821 Op.Ointconst +R6788 Integers.int +R6777 Cminor.expr +R6924 Cminor.Eop +R6944 Cmconstr "x ::: y" cminor_scope +R6947 Cminor.Enil +R6929 Op.Oaddimm +R6895 Cminor.expr +R6885 Integers.int +R6874 Cminor.expr +R7000 Cminor.expr +R6989 Cminor.expr +R7105 Cmconstr.add_cases +R7130 Cminor.Eop +R7135 Op.Ointconst +R7149 Cminor.Enil +R7163 Cmconstr.add_case4 +R7183 Cminor.Eop +R7188 Op.Oaddimm +R7203 Cmconstr "x ::: y" cminor_scope +R7206 Cminor.Enil +R7221 Cmconstr.add_case5 +R7256 Cmconstr.add_default +R7072 Cminor.expr +R7061 Cminor.expr +R7362 Cmconstr.add_cases +R7387 Cminor.Eop +R7392 Op.Ointconst +R7406 Cminor.Enil +R7424 Cmconstr.add_case1 +R7444 Cminor.Eop +R7449 Op.Oaddimm +R7464 Cmconstr "x ::: y" cminor_scope +R7467 Cminor.Enil +R7474 Cminor.Eop +R7479 Op.Oaddimm +R7494 Cmconstr "x ::: y" cminor_scope +R7497 Cminor.Enil +R7512 Cmconstr.add_case2 +R7538 Cminor.Eop +R7542 Op.Oaddimm +R7557 Cmconstr "x ::: y" cminor_scope +R7560 Cminor.Enil +R7579 Cmconstr.add_case3 +R7618 Cmconstr.add_match_aux +R7319 Cminor.expr +R7308 Cminor.expr +R7694 Cmconstr.add_match +R7719 Cmconstr.add_case1 +R7744 Cmconstr.addimm +R7761 Cmconstr.add_case2 +R7792 Cmconstr.addimm +R7816 Cminor.Eop +R7828 Cmconstr "x ::: y" cminor_scope +R7833 Cmconstr "x ::: y" cminor_scope +R7836 Cminor.Enil +R7820 Op.Oadd +R7800 Integers.add +R7847 Cmconstr.add_case3 +R7875 Cmconstr.addimm +R7886 Cminor.Eop +R7898 Cmconstr "x ::: y" cminor_scope +R7903 Cmconstr "x ::: y" cminor_scope +R7906 Cminor.Enil +R7890 Op.Oadd +R7917 Cmconstr.add_case4 +R7942 Cmconstr.addimm +R7959 Cmconstr.add_case5 +R7987 Cmconstr.addimm +R7998 Cminor.Eop +R8010 Cmconstr "x ::: y" cminor_scope +R8015 Cmconstr "x ::: y" cminor_scope +R8018 Cminor.Enil +R8002 Op.Oadd +R8029 Cmconstr.add_default +R8056 Cminor.Eop +R8068 Cmconstr "x ::: y" cminor_scope +R8073 Cmconstr "x ::: y" cminor_scope +R8076 Cminor.Enil +R8060 Op.Oadd +R7677 Cminor.expr +R7666 Cminor.expr +R8590 Cminor.expr +R8579 Cminor.expr +R8676 Cminor.Eop +R8695 Cminor.Enil +R8681 Op.Ointconst +R8648 Integers.int +R8637 Cminor.expr +R8820 Cminor.Eop +R8840 Cmconstr "x ::: y" cminor_scope +R8843 Cminor.Enil +R8825 Op.Oaddimm +R8789 Cminor.Eop +R8809 Cmconstr "x ::: y" cminor_scope +R8812 Cminor.Enil +R8794 Op.Oaddimm +R8765 Cminor.expr +R8755 Integers.int +R8744 Cminor.expr +R8734 Integers.int +R8928 Cminor.Eop +R8948 Cmconstr "x ::: y" cminor_scope +R8951 Cminor.Enil +R8933 Op.Oaddimm +R8904 Cminor.expr +R8893 Cminor.expr +R8883 Integers.int +R9046 Cminor.Eop +R9066 Cmconstr "x ::: y" cminor_scope +R9069 Cminor.Enil +R9051 Op.Oaddimm +R9017 Cminor.expr +R9007 Integers.int +R8996 Cminor.expr +R9122 Cminor.expr +R9111 Cminor.expr +R9227 Cmconstr.sub_cases +R9252 Cminor.Eop +R9257 Op.Oaddimm +R9272 Cmconstr "x ::: y" cminor_scope +R9275 Cminor.Enil +R9290 Cmconstr.sub_case3 +R9325 Cmconstr.sub_default +R9194 Cminor.expr +R9183 Cminor.expr +R9431 Cmconstr.sub_cases +R9456 Cminor.Eop +R9461 Op.Ointconst +R9475 Cminor.Enil +R9493 Cmconstr.sub_case1 +R9513 Cminor.Eop +R9518 Op.Oaddimm +R9533 Cmconstr "x ::: y" cminor_scope +R9536 Cminor.Enil +R9543 Cminor.Eop +R9548 Op.Oaddimm +R9563 Cmconstr "x ::: y" cminor_scope +R9566 Cminor.Enil +R9581 Cmconstr.sub_case2 +R9607 Cminor.Eop +R9612 Op.Oaddimm +R9627 Cmconstr "x ::: y" cminor_scope +R9630 Cminor.Enil +R9649 Cmconstr.sub_case4 +R9688 Cmconstr.sub_match_aux +R9388 Cminor.expr +R9377 Cminor.expr +R9764 Cmconstr.sub_match +R9789 Cmconstr.sub_case1 +R9814 Cmconstr.addimm +R9822 Integers.neg +R9841 Cmconstr.sub_case2 +R9872 Cmconstr.addimm +R9896 Cminor.Eop +R9908 Cmconstr "x ::: y" cminor_scope +R9913 Cmconstr "x ::: y" cminor_scope +R9916 Cminor.Enil +R9900 Op.Osub +R9880 Integers.sub +R9927 Cmconstr.sub_case3 +R9955 Cmconstr.addimm +R9966 Cminor.Eop +R9978 Cmconstr "x ::: y" cminor_scope +R9983 Cmconstr "x ::: y" cminor_scope +R9986 Cminor.Enil +R9970 Op.Osub +R9997 Cmconstr.sub_case4 +R10025 Cmconstr.addimm +R10046 Cminor.Eop +R10058 Cmconstr "x ::: y" cminor_scope +R10063 Cmconstr "x ::: y" cminor_scope +R10066 Cminor.Enil +R10050 Op.Osub +R10033 Integers.neg +R10077 Cmconstr.sub_default +R10104 Cminor.Eop +R10116 Cmconstr "x ::: y" cminor_scope +R10121 Cmconstr "x ::: y" cminor_scope +R10124 Cminor.Enil +R10108 Op.Osub +R9747 Cminor.expr +R9736 Cminor.expr +R10665 Cminor.expr +R10737 Cminor.Eop +R10756 Cminor.Enil +R10742 Op.Ointconst +R10713 Integers.int +R10849 Cminor.Eop +R10878 Cmconstr "x ::: y" cminor_scope +R10881 Cminor.Enil +R10854 Op.Orolm +R10824 Cminor.expr +R10814 Integers.int +R10801 Integers.int +R10924 Cminor.expr +R11013 Cmconstr.rolm_cases +R11036 Cminor.Eop +R11041 Op.Ointconst +R11055 Cminor.Enil +R11069 Cmconstr.rolm_case1 +R11087 Cminor.Eop +R11092 Op.Orolm +R11116 Cmconstr "x ::: y" cminor_scope +R11119 Cminor.Enil +R11134 Cmconstr.rolm_case2 +R11178 Cmconstr.rolm_default +R10980 Cminor.expr +R11261 Cmconstr.rolm_match +R11284 Cmconstr.rolm_case1 +R11307 Cminor.Eop +R11359 Cminor.Enil +R11312 Op.Ointconst +R11322 Integers.and +R11331 Integers.rol +R11368 Cmconstr.rolm_case2 +R11538 Integers.is_rlw_mask +R11617 Cminor.Eop +R11646 Cmconstr "x ::: y" cminor_scope +R11649 Cminor.Enil +R11622 Op.Orolm +R11570 Cminor.Eop +R11597 Cmconstr "x ::: y" cminor_scope +R11600 Cminor.Enil +R11575 Op.Orolm +R11488 Integers.and +R11497 Integers.rol +R11419 Integers.and +R11454 Integers.repr +R11428 Integers.add +R11659 Cmconstr.rolm_default +R11684 Cminor.Eop +R11713 Cmconstr "x ::: y" cminor_scope +R11716 Cminor.Enil +R11689 Op.Orolm +R11245 Integers.int +R11245 Integers.int +R11223 Cminor.expr +R11777 Integers.eq +R11787 Integers.zero +R11818 Integers.ltu +R11830 Integers.repr +R11896 Cminor.Eop +R11908 Cmconstr "x ::: y" cminor_scope +R11934 Cmconstr "x ::: y" cminor_scope +R11911 Cminor.Eop +R11930 Cminor.Enil +R11916 Op.Ointconst +R11937 Cminor.Enil +R11900 Op.Oshl +R11852 Cmconstr.rolm +R11864 Integers.shl +R11872 Integers.mone +R11764 Integers.int +R11753 Cminor.expr +R11993 Integers.eq +R12003 Integers.zero +R12034 Integers.ltu +R12046 Integers.repr +R12137 Cminor.Eop +R12150 Cmconstr "x ::: y" cminor_scope +R12176 Cmconstr "x ::: y" cminor_scope +R12153 Cminor.Eop +R12172 Cminor.Enil +R12158 Op.Ointconst +R12179 Cminor.Enil +R12141 Op.Oshru +R12068 Cmconstr.rolm +R12104 Integers.shru +R12113 Integers.mone +R12077 Integers.sub +R12086 Integers.repr +R11980 Integers.int +R11969 Cminor.expr +R12242 Integers.one_bits +R12269 Coq.Lists.List "x :: y" list_scope +R12272 Coq.Lists.List.nil +R12285 Cmconstr.shlimm +R12303 Coq.Lists.List "x :: y" list_scope +R12308 Coq.Lists.List "x :: y" list_scope +R12311 Coq.Lists.List.nil +R12324 Cminor.Elet +R12341 Cminor.Eop +R12372 Cmconstr "x ::: y" cminor_scope +R12351 Cmconstr.shlimm +R12359 Cminor.Eletvar +R12416 Cmconstr "x ::: y" cminor_scope +R12395 Cmconstr.shlimm +R12403 Cminor.Eletvar +R12420 Cminor.Enil +R12345 Op.Oadd +R12442 Cminor.Eop +R12462 Cmconstr "x ::: y" cminor_scope +R12465 Cminor.Enil +R12447 Op.Omulimm +R12225 Cminor.expr +R12215 Integers.int +R12758 Cminor.expr +R12834 Cminor.Eop +R12853 Cminor.Enil +R12839 Op.Ointconst +R12808 Integers.int +R12932 Cminor.Eop +R12952 Cmconstr "x ::: y" cminor_scope +R12955 Cminor.Enil +R12937 Op.Oaddimm +R12905 Cminor.expr +R12895 Integers.int +R13000 Cminor.expr +R13093 Cmconstr.mulimm_cases +R13118 Cminor.Eop +R13123 Op.Ointconst +R13137 Cminor.Enil +R13151 Cmconstr.mulimm_case1 +R13171 Cminor.Eop +R13176 Op.Oaddimm +R13191 Cmconstr "x ::: y" cminor_scope +R13194 Cminor.Enil +R13209 Cmconstr.mulimm_case2 +R13244 Cmconstr.mulimm_default +R13060 Cminor.expr +R13317 Integers.eq +R13327 Integers.zero +R13396 Integers.eq +R13406 Integers.one +R13439 Cmconstr.mulimm_match +R13464 Cmconstr.mulimm_case1 +R13489 Cminor.Eop +R13520 Cminor.Enil +R13494 Op.Ointconst +R13504 Integers.mul +R13529 Cmconstr.mulimm_case2 +R13557 Cmconstr.addimm +R13581 Cmconstr.mulimm_base +R13565 Integers.mul +R13604 Cmconstr.mulimm_default +R13631 Cmconstr.mulimm_base +R13346 Cminor.Elet +R13355 Cminor.Eop +R13380 Cminor.Enil +R13360 Op.Ointconst +R13370 Integers.zero +R13303 Cminor.expr +R13293 Integers.int +R13909 Cminor.expr +R13898 Cminor.expr +R13990 Cminor.Eop +R14009 Cminor.Enil +R13995 Op.Ointconst +R13966 Cminor.expr +R13956 Integers.int +R14092 Cminor.Eop +R14111 Cminor.Enil +R14097 Op.Ointconst +R14064 Integers.int +R14053 Cminor.expr +R14163 Cminor.expr +R14152 Cminor.expr +R14268 Cmconstr.mul_cases +R14293 Cminor.Eop +R14298 Op.Ointconst +R14312 Cminor.Enil +R14326 Cmconstr.mul_case2 +R14358 Cmconstr.mul_default +R14235 Cminor.expr +R14224 Cminor.expr +R14454 Cmconstr.mul_cases +R14479 Cminor.Eop +R14484 Op.Ointconst +R14498 Cminor.Enil +R14512 Cmconstr.mul_case1 +R14544 Cmconstr.mul_match_aux +R14421 Cminor.expr +R14410 Cminor.expr +R14620 Cmconstr.mul_match +R14645 Cmconstr.mul_case1 +R14670 Cmconstr.mulimm +R14687 Cmconstr.mul_case2 +R14712 Cmconstr.mulimm +R14729 Cmconstr.mul_default +R14756 Cminor.Eop +R14768 Cmconstr "x ::: y" cminor_scope +R14773 Cmconstr "x ::: y" cminor_scope +R14776 Cminor.Enil +R14760 Op.Omul +R14603 Cminor.expr +R14592 Cminor.expr +R14831 Cminor.Eop +R14843 Cmconstr "x ::: y" cminor_scope +R14848 Cmconstr "x ::: y" cminor_scope +R14851 Cminor.Enil +R14835 Op.Odiv +R14822 Cminor.expr +R14811 Cminor.expr +R14916 Cminor.Elet +R14929 Cminor.Elet +R14951 Cminor.Eop +R14971 Cmconstr "x ::: y" cminor_scope +R14961 Cminor.Eletvar +R15125 Cmconstr "x ::: y" cminor_scope +R14992 Cminor.Eop +R15047 Cmconstr "x ::: y" cminor_scope +R15002 Cminor.Eop +R15023 Cmconstr "x ::: y" cminor_scope +R15013 Cminor.Eletvar +R15037 Cmconstr "x ::: y" cminor_scope +R15027 Cminor.Eletvar +R15041 Cminor.Enil +R15088 Cmconstr "x ::: y" cminor_scope +R15078 Cminor.Eletvar +R15119 Cminor.Enil +R14996 Op.Omul +R15146 Cminor.Enil +R14955 Op.Osub +R14935 Cmconstr.lift +R14905 Cminor.expr +R14905 Cminor.expr +R14886 Op.operation +R15175 Cmconstr.mod_aux +R15183 Op.Odiv +R15224 Cminor.expr +R15296 Cminor.Eop +R15315 Cminor.Enil +R15301 Op.Ointconst +R15272 Integers.int +R15357 Cminor.expr +R15446 Cmconstr.divu_cases +R15469 Cminor.Eop +R15474 Op.Ointconst +R15488 Cminor.Enil +R15502 Cmconstr.divu_case1 +R15532 Cmconstr.divu_default +R15413 Cminor.expr +R15605 Cmconstr.divu_match +R15628 Cmconstr.divu_case1 +R15657 Integers.is_power2 +R15687 Coq.Init.Datatypes.Some +R15698 Cmconstr.shruimm +R15720 Coq.Init.Datatypes.None +R15731 Cminor.Eop +R15744 Cmconstr "x ::: y" cminor_scope +R15749 Cmconstr "x ::: y" cminor_scope +R15752 Cminor.Enil +R15735 Op.Odivu +R15772 Cmconstr.divu_default +R15797 Cminor.Eop +R15810 Cmconstr "x ::: y" cminor_scope +R15815 Cmconstr "x ::: y" cminor_scope +R15818 Cminor.Enil +R15801 Op.Odivu +R15588 Cminor.expr +R15577 Cminor.expr +R15881 Cmconstr.divu_match +R15904 Cmconstr.divu_case1 +R15933 Integers.is_power2 +R15963 Coq.Init.Datatypes.Some +R15974 Cmconstr.rolm +R15992 Integers.sub +R16003 Integers.one +R15982 Integers.zero +R16020 Coq.Init.Datatypes.None +R16031 Cmconstr.mod_aux +R16039 Op.Odivu +R16065 Cmconstr.divu_default +R16090 Cmconstr.mod_aux +R16098 Op.Odivu +R15864 Cminor.expr +R15853 Cminor.expr +R16165 Integers.is_rlw_mask +R16218 Cminor.Eop +R16238 Cmconstr "x ::: y" cminor_scope +R16241 Cminor.Enil +R16223 Op.Oandimm +R16191 Cmconstr.rolm +R16199 Integers.zero +R16151 Cminor.expr +R16141 Integers.int +R16297 Cmconstr.mul_match +R16322 Cmconstr.mul_case1 +R16347 Cmconstr.andimm +R16364 Cmconstr.mul_case2 +R16389 Cmconstr.andimm +R16406 Cmconstr.mul_default +R16433 Cminor.Eop +R16445 Cmconstr "x ::: y" cminor_scope +R16450 Cmconstr "x ::: y" cminor_scope +R16453 Cminor.Enil +R16437 Op.Oand +R16280 Cminor.expr +R16269 Cminor.expr +R16534 Cminor.Evar +R16543 Cminor.Evar +R16557 AST.ident_eq +R16587 Coq.Init.Datatypes.false +R16577 Coq.Init.Datatypes.true +R16605 Coq.Init.Datatypes.false +R16501 Cminor.expr +R16501 Cminor.expr +R16662 Cminor.expr +R16651 Cminor.expr +R16868 Cminor.Eop +R16897 Cmconstr "x ::: y" cminor_scope +R16900 Cminor.Enil +R16873 Op.Orolm +R16811 Cminor.Eop +R16841 Cmconstr "x ::: y" cminor_scope +R16844 Cminor.Enil +R16816 Op.Orolm +R16788 Cminor.expr +R16778 Integers.int +R16765 Integers.int +R16736 Cminor.expr +R16726 Integers.int +R16713 Integers.int +R16952 Cminor.expr +R16941 Cminor.expr +R17061 Cmconstr.or_cases +R17085 Cminor.Eop +R17090 Op.Orolm +R17115 Cmconstr "x ::: y" cminor_scope +R17118 Cminor.Enil +R17129 Cminor.Eop +R17134 Op.Orolm +R17158 Cmconstr "x ::: y" cminor_scope +R17161 Cminor.Enil +R17176 Cmconstr.or_case1 +R17239 Cmconstr.or_default +R17018 Cminor.expr +R17007 Cminor.expr +R17311 Cmconstr.or_match +R17335 Cmconstr.or_case1 +R17465 Coq.Bool.Bool "x && y" bool_scope +R17419 Coq.Bool.Bool "x && y" bool_scope +R17390 Integers.eq +R17422 Integers.is_rlw_mask +R17439 Integers.or +R17468 Cmconstr.same_expr_pure +R17564 Cminor.Eop +R17575 Cmconstr "x ::: y" cminor_scope +R17580 Cmconstr "x ::: y" cminor_scope +R17583 Cminor.Enil +R17568 Op.Oor +R17500 Cminor.Eop +R17544 Cmconstr "x ::: y" cminor_scope +R17547 Cminor.Enil +R17505 Op.Orolm +R17520 Integers.or +R17593 Cmconstr.or_default +R17619 Cminor.Eop +R17630 Cmconstr "x ::: y" cminor_scope +R17635 Cmconstr "x ::: y" cminor_scope +R17638 Cminor.Enil +R17623 Op.Oor +R17294 Cminor.expr +R17283 Cminor.expr +R17684 Cminor.Eop +R17696 Cmconstr "x ::: y" cminor_scope +R17701 Cmconstr "x ::: y" cminor_scope +R17704 Cminor.Enil +R17688 Op.Oxor +R17675 Cminor.expr +R17675 Cminor.expr +R17747 Cminor.expr +R17821 Cminor.Eop +R17840 Cminor.Enil +R17826 Op.Ointconst +R17796 Integers.int +R17883 Cminor.expr +R17974 Cmconstr.shift_cases +R17998 Cminor.Eop +R18003 Op.Ointconst +R18017 Cminor.Enil +R18031 Cmconstr.shift_case1 +R18062 Cmconstr.shift_default +R17941 Cminor.expr +R18135 Cmconstr.shift_match +R18159 Cmconstr.shift_case1 +R18183 Cmconstr.shlimm +R18200 Cmconstr.shift_default +R18226 Cminor.Eop +R18238 Cmconstr "x ::: y" cminor_scope +R18243 Cmconstr "x ::: y" cminor_scope +R18246 Cminor.Enil +R18230 Op.Oshl +R18118 Cminor.expr +R18107 Cminor.expr +R18294 Cminor.Eop +R18306 Cmconstr "x ::: y" cminor_scope +R18311 Cmconstr "x ::: y" cminor_scope +R18314 Cminor.Enil +R18298 Op.Oshr +R18283 Cminor.expr +R18283 Cminor.expr +R18371 Cmconstr.shift_match +R18395 Cmconstr.shift_case1 +R18419 Cmconstr.shruimm +R18437 Cmconstr.shift_default +R18463 Cminor.Eop +R18476 Cmconstr "x ::: y" cminor_scope +R18481 Cmconstr "x ::: y" cminor_scope +R18484 Cminor.Enil +R18467 Op.Oshru +R18354 Cminor.expr +R18343 Cminor.expr +R18817 Cminor.expr +R18806 Cminor.expr +R18912 Cminor.Eop +R18925 Cmconstr "x ::: y" cminor_scope +R18930 Cmconstr "x ::: y" cminor_scope +R18933 Cminor.Enil +R18916 Op.Omulf +R18887 Cminor.expr +R18876 Cminor.expr +R18865 Cminor.expr +R19031 Cminor.Eop +R19044 Cmconstr "x ::: y" cminor_scope +R19049 Cmconstr "x ::: y" cminor_scope +R19052 Cminor.Enil +R19035 Op.Omulf +R19001 Cminor.expr +R18990 Cminor.expr +R18979 Cminor.expr +R19106 Cminor.expr +R19095 Cminor.expr +R19213 Cmconstr.addf_cases +R19239 Cminor.Eop +R19243 Op.Omulf +R19252 Cmconstr "x ::: y" cminor_scope +R19257 Cmconstr "x ::: y" cminor_scope +R19260 Cminor.Enil +R19275 Cmconstr.addf_case2 +R19311 Cmconstr.addf_default +R19180 Cminor.expr +R19169 Cminor.expr +R19409 Cmconstr.addf_cases +R19435 Cminor.Eop +R19439 Op.Omulf +R19448 Cmconstr "x ::: y" cminor_scope +R19453 Cmconstr "x ::: y" cminor_scope +R19456 Cminor.Enil +R19471 Cmconstr.addf_case1 +R19507 Cmconstr.addf_match_aux +R19376 Cminor.expr +R19365 Cminor.expr +R19585 Cmconstr.addf_match +R19611 Cmconstr.addf_case1 +R19640 Cminor.Eop +R19656 Cmconstr "x ::: y" cminor_scope +R19661 Cmconstr "x ::: y" cminor_scope +R19666 Cmconstr "x ::: y" cminor_scope +R19669 Cminor.Enil +R19644 Op.Omuladdf +R19679 Cmconstr.addf_case2 +R19708 Cminor.Elet +R19717 Cminor.Eop +R19738 Cmconstr "x ::: y" cminor_scope +R19731 Cmconstr.lift +R19748 Cmconstr "x ::: y" cminor_scope +R19741 Cmconstr.lift +R19760 Cmconstr "x ::: y" cminor_scope +R19751 Cminor.Eletvar +R19763 Cminor.Enil +R19721 Op.Omuladdf +R19774 Cmconstr.addf_default +R19802 Cminor.Eop +R19815 Cmconstr "x ::: y" cminor_scope +R19820 Cmconstr "x ::: y" cminor_scope +R19823 Cminor.Enil +R19806 Op.Oaddf +R19568 Cminor.expr +R19557 Cminor.expr +R20073 Cminor.expr +R20062 Cminor.expr +R20168 Cminor.Eop +R20181 Cmconstr "x ::: y" cminor_scope +R20186 Cmconstr "x ::: y" cminor_scope +R20189 Cminor.Enil +R20172 Op.Omulf +R20143 Cminor.expr +R20132 Cminor.expr +R20121 Cminor.expr +R20248 Cminor.expr +R20237 Cminor.expr +R20351 Cmconstr.subf_cases +R20377 Cminor.Eop +R20381 Op.Omulf +R20390 Cmconstr "x ::: y" cminor_scope +R20395 Cmconstr "x ::: y" cminor_scope +R20398 Cminor.Enil +R20413 Cmconstr.subf_case1 +R20449 Cmconstr.subf_default +R20318 Cminor.expr +R20307 Cminor.expr +R20525 Cmconstr.subf_match +R20551 Cmconstr.subf_case1 +R20580 Cminor.Eop +R20596 Cmconstr "x ::: y" cminor_scope +R20601 Cmconstr "x ::: y" cminor_scope +R20606 Cmconstr "x ::: y" cminor_scope +R20609 Cminor.Enil +R20584 Op.Omulsubf +R20619 Cmconstr.subf_default +R20647 Cminor.Eop +R20660 Cmconstr "x ::: y" cminor_scope +R20665 Cmconstr "x ::: y" cminor_scope +R20668 Cminor.Enil +R20651 Op.Osubf +R20508 Cminor.expr +R20497 Cminor.expr +R20715 Cminor.Eop +R20728 Cmconstr "x ::: y" cminor_scope +R20733 Cmconstr "x ::: y" cminor_scope +R20736 Cminor.Enil +R20719 Op.Omulf +R20706 Cminor.expr +R20706 Cminor.expr +R20776 Cminor.Eop +R20789 Cmconstr "x ::: y" cminor_scope +R20794 Cmconstr "x ::: y" cminor_scope +R20797 Cminor.Enil +R20780 Op.Odivf +R20767 Cminor.expr +R20767 Cminor.expr +R20855 Cminor.Eop +R20879 Cmconstr "x ::: y" cminor_scope +R20884 Cmconstr "x ::: y" cminor_scope +R20887 Cminor.Enil +R20860 Op.Ocmp +R20866 Op.Ccomp +R20844 Cminor.expr +R20844 Cminor.expr +R20824 AST.comparison +R20945 Cminor.Eop +R20970 Cmconstr "x ::: y" cminor_scope +R20975 Cmconstr "x ::: y" cminor_scope +R20978 Cminor.Enil +R20950 Op.Ocmp +R20956 Op.Ccompu +R20934 Cminor.expr +R20934 Cminor.expr +R20914 AST.comparison +R21036 Cminor.Eop +R21061 Cmconstr "x ::: y" cminor_scope +R21066 Cmconstr "x ::: y" cminor_scope +R21069 Cminor.Enil +R21041 Op.Ocmp +R21047 Op.Ccompf +R21025 Cminor.expr +R21025 Cminor.expr +R21005 AST.comparison +R21115 Cminor.condexpr +R21107 Cminor.expr +R21146 Cminor.Eop +R21151 Op.Ointconst +R21164 Cminor.Enil +R21181 Integers.eq +R21190 Integers.zero +R21217 Cminor.CEtrue +R21204 Cminor.CEfalse +R21228 Cminor.Eop +R21233 Op.Ocmp +R21247 Cminor.CEcond +R21263 Cminor.Econdition +R21292 Cminor.CEcondition +R21360 Cminor.CEcond +R21394 Cmconstr "x ::: y" cminor_scope +R21397 Cminor.Enil +R21368 Op.Ccompuimm +R21382 Integers.zero +R21378 AST.Cne +R21107 Cminor.expr +R21457 Cminor.expr +R21467 Cminor.Econdition +R21479 Cmconstr.condexpr_of_expr +R21449 Cminor.expr +R21449 Cminor.expr +R21449 Cminor.expr +R21948 Cminor.expr +R22042 Cminor.Eop +R22064 Cminor.Enil +R22047 Op.Oaddrsymbol +R22012 Integers.int +R22001 AST.ident +R22139 Cminor.Eop +R22158 Cminor.Enil +R22144 Op.Oaddrstack +R22109 Integers.int +R22263 Cminor.Eop +R22299 Cmconstr "x ::: y" cminor_scope +R22273 Cminor.Eop +R22295 Cminor.Enil +R22278 Op.Oaddrsymbol +R22304 Cmconstr "x ::: y" cminor_scope +R22307 Cminor.Enil +R22267 Op.Oadd +R22224 Cminor.expr +R22214 Integers.int +R22203 AST.ident +R22394 Cminor.Eop +R22413 Cmconstr "x ::: y" cminor_scope +R22416 Cminor.Enil +R22399 Op.Oaddimm +R22363 Cminor.expr +R22353 Integers.int +R22505 Cminor.Eop +R22517 Cmconstr "x ::: y" cminor_scope +R22522 Cmconstr "x ::: y" cminor_scope +R22525 Cminor.Enil +R22509 Op.Oadd +R22474 Cminor.expr +R22463 Cminor.expr +R22573 Cminor.expr +R22671 Cmconstr.addressing_cases +R22700 Cminor.Eop +R22705 Op.Oaddrsymbol +R22722 Cminor.Enil +R22736 Cmconstr.addressing_case1 +R22761 Cminor.Eop +R22766 Op.Oaddrstack +R22780 Cminor.Enil +R22794 Cmconstr.addressing_case2 +R22817 Cminor.Eop +R22821 Op.Oadd +R22853 Cmconstr "x ::: y" cminor_scope +R22827 Cminor.Eop +R22832 Op.Oaddrsymbol +R22849 Cminor.Enil +R22858 Cmconstr "x ::: y" cminor_scope +R22861 Cminor.Enil +R22876 Cmconstr.addressing_case3 +R22904 Cminor.Eop +R22909 Op.Oaddimm +R22923 Cmconstr "x ::: y" cminor_scope +R22926 Cminor.Enil +R22941 Cmconstr.addressing_case4 +R22967 Cminor.Eop +R22971 Op.Oadd +R22979 Cmconstr "x ::: y" cminor_scope +R22984 Cmconstr "x ::: y" cminor_scope +R22987 Cminor.Enil +R23002 Cmconstr.addressing_case5 +R23040 Cmconstr.addressing_default +R22639 Cminor.expr +R23112 Cmconstr.addressing_match +R23140 Cmconstr.addressing_case1 +R23170 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23171 Op.Aglobal +R23184 Cminor.Enil +R23194 Cmconstr.addressing_case2 +R23222 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23223 Op.Ainstack +R23235 Cminor.Enil +R23245 Cmconstr.addressing_case3 +R23278 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23279 Op.Abased +R23293 Cmconstr "x ::: y" cminor_scope +R23296 Cminor.Enil +R23306 Cmconstr.addressing_case4 +R23337 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23338 Op.Aindexed +R23352 Cmconstr "x ::: y" cminor_scope +R23355 Cminor.Enil +R23365 Cmconstr.addressing_case5 +R23397 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23398 Op.Aindexed2 +R23411 Cmconstr "x ::: y" cminor_scope +R23416 Cmconstr "x ::: y" cminor_scope +R23419 Cminor.Enil +R23429 Cmconstr.addressing_default +R23459 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23460 Op.Aindexed +R23469 Integers.zero +R23480 Cmconstr "x ::: y" cminor_scope +R23483 Cminor.Enil +R23095 Cminor.expr +R23557 Cmconstr.addressing +R23580 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23596 Cminor.Eload +R23540 Cminor.expr +R23521 AST.memory_chunk +R23690 Cmconstr.addressing +R23713 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23729 Cminor.Estore +R23673 Cminor.expr +R23673 Cminor.expr +R23651 AST.memory_chunk +R23820 Cminor.stmt +R23830 Cminor.Sifthenelse +R23843 Cmconstr.condexpr_of_expr +R23808 Cminor.stmtlist +R23808 Cminor.stmtlist +R23789 Cminor.expr +FCmconstrproof +R355 Cminor.genv +R431 Cminor.letenv +R424 Values.val +R417 Coq.Init.Datatypes.nat +R407 Cminor.letenv +R515 Coq.Lists.List "x :: y" list_scope +R508 Coq.Init.Datatypes.O +R639 Coq.Lists.List "x :: y" list_scope +R629 Coq.Init.Datatypes.S +R621 Coq.Lists.List "x :: y" list_scope +R801 Coq.Init.Logic "x = y" type_scope +R785 Coq.Lists.List.nth_error +R803 Coq.Init.Datatypes.Some +R771 Coq.Init.Peano "x > y" nat_scope +R756 Coq.Init.Logic "x = y" type_scope +R741 Coq.Lists.List.nth_error +R758 Coq.Init.Datatypes.Some +R699 Cmconstrproof.insert_lenv +R1103 Coq.Init.Logic "x = y" type_scope +R1083 Coq.Lists.List.nth_error +R1098 Coq.Init.Datatypes.S +R1105 Coq.Init.Datatypes.Some +R1068 Coq.Init.Peano "x <= y" nat_scope +R1053 Coq.Init.Logic "x = y" type_scope +R1038 Coq.Lists.List.nth_error +R1055 Coq.Init.Datatypes.Some +R996 Cmconstrproof.insert_lenv +R1466 Cminor.eval_Evar +R1476 Cminor.eval_Eassign +R1489 Cminor.eval_Eop +R1498 Cminor.eval_Eload +R1509 Cminor.eval_Estore +R1534 Cminor.eval_Ecall +R1545 Cminor.eval_Econdition +R1574 Cminor.eval_Elet +R1584 Cminor.eval_Eletvar +R1611 Cminor.eval_CEtrue +R1623 Cminor.eval_CEfalse +R1636 Cminor.eval_CEcond +R1661 Cminor.eval_CEcondition +R1678 Cminor.eval_Enil +R1688 Cminor.eval_Econs +R1851 Cminor.eval_expr +R1878 Cmconstr.lift_expr +R1823 Cmconstrproof.insert_lenv +R1769 Cminor.eval_expr +R1930 Cmconstrproof.eval_expr_ind_3 +R2321 Cminor.eval_exprlist +R2352 Cmconstr.lift_exprlist +R2289 Cmconstrproof.insert_lenv +R2173 Cminor.eval_condexpr +R2204 Cmconstr.lift_condexpr +R2141 Cmconstrproof.insert_lenv +R2035 Cminor.eval_expr +R2062 Cmconstr.lift_expr +R2003 Cmconstrproof.insert_lenv +R1930 Cmconstrproof.eval_expr_ind_3 +R2321 Cminor.eval_exprlist +R2352 Cmconstr.lift_exprlist +R2289 Cmconstrproof.insert_lenv +R2173 Cminor.eval_condexpr +R2204 Cmconstr.lift_condexpr +R2141 Cmconstrproof.insert_lenv +R2035 Cminor.eval_expr +R2062 Cmconstr.lift_expr +R2003 Cmconstrproof.insert_lenv +R2445 Cminor.eval_Econdition +R2445 Cminor.eval_Econdition +R2445 Cminor.eval_Econdition +R2523 Cminor.eval_Elet +R2523 Cminor.eval_Elet +R2557 Cmconstrproof.insert_lenv_S +R2557 Cmconstrproof.insert_lenv_S +R2587 Coq.Arith.Compare_dec.le_gt_dec +R2587 Coq.Arith.Compare_dec.le_gt_dec +R2619 Cminor.eval_Eletvar +R2619 Cminor.eval_Eletvar +R2640 Cmconstrproof.insert_lenv_lookup2 +R2640 Cmconstrproof.insert_lenv_lookup2 +R2676 Cminor.eval_Eletvar +R2676 Cminor.eval_Eletvar +R2697 Cmconstrproof.insert_lenv_lookup1 +R2697 Cmconstrproof.insert_lenv_lookup1 +R2749 Cminor.eval_CEcondition +R2749 Cminor.eval_CEcondition +R2749 Cminor.eval_CEcondition +R2917 Cminor.eval_expr +R2948 Cmconstr.lift +R2935 Coq.Lists.List "x :: y" list_scope +R2877 Cminor.eval_expr +R3002 Cmconstrproof.eval_lift_expr +R3002 Cmconstrproof.eval_lift_expr +R3036 Cmconstrproof.insert_lenv_0 +R3036 Cmconstrproof.insert_lenv_0 +R3070 Cmconstrproof.eval_lift +R3129 Cminor.eval_Eop +R3333 Coq.Init.Logic "A /\ B" type_scope +R3328 Coq.Init.Logic "x = y" type_scope +R3344 Coq.Init.Logic "A /\ B" type_scope +R3339 Coq.Init.Logic "x = y" type_scope +R3375 Coq.Init.Logic "x = y" type_scope +R3347 Op.eval_operation +R3371 Coq.Lists.List.nil +R3377 Coq.Init.Datatypes.Some +R3273 Cminor.eval_expr +R3299 Cminor.Eop +R3306 Cminor.Enil +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R3584 Coq.Init.Logic "'exists' x , p" type_scope +R3634 Coq.Init.Logic "A /\ B" type_scope +R3597 Cminor.eval_expr +R3675 Coq.Init.Logic "x = y" type_scope +R3639 Op.eval_operation +R3667 Coq.Lists.List "x :: y" list_scope +R3670 Coq.Lists.List.nil +R3677 Coq.Init.Datatypes.Some +R3523 Cminor.eval_expr +R3549 Cminor.Eop +R3560 Cmconstr "x ::: y" cminor_scope +R3564 Cminor.Enil +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R3964 Coq.Init.Logic "'exists' x , p" type_scope +R3975 Coq.Init.Logic "'exists' x , p" type_scope +R3986 Coq.Init.Logic "'exists' x , p" type_scope +R3997 Coq.Init.Logic "'exists' x , p" type_scope +R4047 Coq.Init.Logic "A /\ B" type_scope +R4010 Cminor.eval_expr +R4089 Coq.Init.Logic "A /\ B" type_scope +R4052 Cminor.eval_expr +R4136 Coq.Init.Logic "x = y" type_scope +R4094 Op.eval_operation +R4122 Coq.Lists.List "x :: y" list_scope +R4128 Coq.Lists.List "x :: y" list_scope +R4131 Coq.Lists.List.nil +R4138 Coq.Init.Datatypes.Some +R3896 Cminor.eval_expr +R3922 Cminor.Eop +R3933 Cmconstr "x ::: y" cminor_scope +R3940 Cmconstr "x ::: y" cminor_scope +R3944 Cminor.Enil +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R4386 Cminor.eval_expr +R4415 Cminor.Eop +R4423 Cminor.Enil +R4720 Cminor.eval_expr +R4749 Cminor.Eop +R4762 Cmconstr "x ::: y" cminor_scope +R4766 Cminor.Enil +R5027 Cminor.eval_expr +R5056 Cminor.Eop +R5069 Cmconstr "x ::: y" cminor_scope +R5077 Cmconstr "x ::: y" cminor_scope +R5081 Cminor.Enil +R5144 Cmconstrproof.inv_eval_Eop_2 +R4829 Cmconstrproof.inv_eval_Eop_1 +R4485 Cmconstrproof.inv_eval_Eop_0 +R5640 Cminor.eval_expr +R5683 Values.Vint +R5689 Integers.neg +R5666 Cmconstr.negint +R5593 Cminor.eval_expr +R5627 Values.Vint +R5721 Cmconstr.negint +R5842 Cminor.eval_expr +R5887 Values.Vfloat +R5895 Floats.neg +R5868 Cmconstr.negfloat +R5793 Cminor.eval_expr +R5827 Values.Vfloat +R5929 Cmconstr.negfloat +R6051 Cminor.eval_expr +R6096 Values.Vfloat +R6104 Floats.abs +R6077 Cmconstr.absfloat +R6002 Cminor.eval_expr +R6036 Values.Vfloat +R6138 Cmconstr.absfloat +R6262 Cminor.eval_expr +R6309 Values.Vint +R6315 Floats.intoffloat +R6288 Cmconstr.intoffloat +R6213 Cminor.eval_expr +R6247 Values.Vfloat +R6356 Cmconstr.intoffloat +R6480 Cminor.eval_expr +R6527 Values.Vfloat +R6535 Floats.floatofint +R6506 Cmconstr.floatofint +R6433 Cminor.eval_expr +R6467 Values.Vint +R6576 Cmconstr.floatofint +R6701 Cminor.eval_expr +R6749 Values.Vfloat +R6757 Floats.floatofintu +R6727 Cmconstr.floatofintu +R6654 Cminor.eval_expr +R6688 Values.Vint +R6799 Cmconstr.floatofintu +R6920 Cminor.eval_expr +R6963 Values.Vint +R6969 Integers.not +R6946 Cmconstr.notint +R6873 Cminor.eval_expr +R6907 Values.Vint +R7028 Cmconstr.notint_match +R7028 Cmconstr.notint_match +R7212 Cminor.eval_Elet +R7212 Cminor.eval_Elet +R7243 Cminor.eval_Eop +R7243 Cminor.eval_Eop +R7262 Cminor.eval_Econs +R7262 Cminor.eval_Econs +R7280 Cminor.eval_Eletvar +R7280 Cminor.eval_Eletvar +R7323 Cminor.eval_Econs +R7323 Cminor.eval_Econs +R7341 Cminor.eval_Eletvar +R7341 Cminor.eval_Eletvar +R7383 Cminor.eval_Enil +R7383 Cminor.eval_Enil +R7412 Integers.or_idem +R7412 Integers.or_idem +R7563 Cminor.eval_expr +R7612 Values.of_bool +R7625 Coq.Bool.Bool.negb +R7589 Cmconstr.notbool_base +R7538 Values.bool_of_val +R7498 Cminor.eval_expr +R7655 Cmconstr.notbool_base +R7704 Integers.eq_false +R7704 Integers.eq_false +R7734 Integers.eq_true +R7734 Integers.eq_true +R7787 Values.bool_of_true_val +R7808 Values.bool_of_false_val +R7843 Values.bool_of_true_val_inv +R7868 Values.bool_of_false_val_inv +R8030 Cminor.eval_expr +R8074 Values.of_bool +R8087 Coq.Bool.Bool.negb +R8056 Cmconstr.notbool +R8005 Values.bool_of_val +R7965 Cminor.eval_expr +R8171 Values.is_true +R8184 Values.of_bool +R8197 Coq.Bool.Bool.negb +R8148 Values.bool_of_val +R8130 Values.is_false +R8171 Values.is_true +R8184 Values.of_bool +R8197 Coq.Bool.Bool.negb +R8148 Values.bool_of_val +R8130 Values.is_false +R8290 Integers.one_not_zero +R8290 Integers.one_not_zero +R8389 Values.is_false +R8403 Values.of_bool +R8416 Coq.Bool.Bool.negb +R8366 Values.bool_of_val +R8349 Values.is_true +R8389 Values.is_false +R8403 Values.of_bool +R8416 Coq.Bool.Bool.negb +R8366 Values.bool_of_val +R8349 Values.is_true +R8547 Cmconstrproof.eval_notbool_base +R8547 Cmconstrproof.eval_notbool_base +R8547 Cmconstrproof.eval_notbool_base +R8547 Cmconstrproof.eval_notbool_base +R8547 Cmconstrproof.eval_notbool_base +R8547 Cmconstrproof.eval_notbool_base +R8547 Cmconstrproof.eval_notbool_base +R8547 Cmconstrproof.eval_notbool_base +R8547 Cmconstrproof.eval_notbool_base +R8547 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8600 Cmconstrproof.eval_notbool_base +R8753 Integers.eq_false +R8753 Integers.eq_false +R8814 Integers.eq_true +R8814 Integers.eq_true +R8864 Cmconstrproof.eval_notbool_base +R8864 Cmconstrproof.eval_notbool_base +R8964 Cminor.eval_Eop +R8964 Cminor.eval_Eop +R8998 Op.eval_condition +R8998 Op.eval_condition +R9063 Coq.Init.Logic "x = y" type_scope +R9063 Coq.Init.Logic "x = y" type_scope +R9150 Op.eval_negate_condition +R9150 Op.eval_negate_condition +R9369 Cminor.eval_Econdition +R9369 Cminor.eval_Econdition +R9533 Cminor.eval_expr +R9581 Values.Vint +R9587 Integers.cast8signed +R9559 Cmconstr.cast8signed +R9486 Cminor.eval_expr +R9520 Values.Vint +R9625 Cmconstr.cast8signed +R9753 Cminor.eval_expr +R9803 Values.Vint +R9809 Integers.cast8unsigned +R9779 Cmconstr.cast8unsigned +R9706 Cminor.eval_expr +R9740 Values.Vint +R9852 Cmconstr.cast8unsigned +R9885 Integers.rolm_zero +R9885 Integers.rolm_zero +R9908 Integers.cast8unsigned_and +R9908 Integers.cast8unsigned_and +R10055 Cminor.eval_expr +R10104 Values.Vint +R10110 Integers.cast16signed +R10081 Cmconstr.cast16signed +R10008 Cminor.eval_expr +R10042 Values.Vint +R10149 Cmconstr.cast16signed +R10279 Cminor.eval_expr +R10330 Values.Vint +R10336 Integers.cast16unsigned +R10305 Cmconstr.cast16unsigned +R10232 Cminor.eval_expr +R10266 Values.Vint +R10380 Cmconstr.cast16unsigned +R10414 Integers.rolm_zero +R10414 Integers.rolm_zero +R10437 Integers.cast16unsigned_and +R10437 Integers.cast16unsigned_and +R10584 Cminor.eval_expr +R10634 Values.Vfloat +R10642 Floats.singleoffloat +R10610 Cmconstr.singleoffloat +R10535 Cminor.eval_expr +R10569 Values.Vfloat +R10687 Cmconstr.singleoffloat +R10813 Cminor.eval_expr +R10858 Values.Vint +R10864 Integers.add +R10839 Cmconstr.addimm +R10766 Cminor.eval_expr +R10800 Values.Vint +R10933 Integers.eq_spec +R10947 Integers.zero +R10933 Integers.eq_spec +R10947 Integers.zero +R10964 Integers.eq +R10973 Integers.zero +R10964 Integers.eq +R10973 Integers.zero +R11010 Integers.add_zero +R11010 Integers.add_zero +R11038 Cmconstr.addimm_match +R11038 Cmconstr.addimm_match +R11100 Integers.add_commut +R11100 Integers.add_commut +R11146 Globalenvs.find_symbol +R11146 Globalenvs.find_symbol +R11300 Integers.add_assoc +R11300 Integers.add_assoc +R11342 Integers.add_commut +R11342 Integers.add_commut +R11492 Cminor.eval_expr +R11537 Values.Vptr +R11545 Integers.add +R11518 Cmconstr.addimm +R11441 Cminor.eval_expr +R11475 Values.Vptr +R11618 Integers.eq_spec +R11632 Integers.zero +R11618 Integers.eq_spec +R11632 Integers.zero +R11649 Integers.eq +R11658 Integers.zero +R11649 Integers.eq +R11658 Integers.zero +R11695 Integers.add_zero +R11695 Integers.add_zero +R11723 Cmconstr.addimm_match +R11723 Cmconstr.addimm_match +R11807 Globalenvs.find_symbol +R11807 Globalenvs.find_symbol +R11844 Integers.add_commut +R11844 Integers.add_commut +R12006 Integers.add_assoc +R12006 Integers.add_assoc +R12034 Integers.add_commut +R12034 Integers.add_commut +R12123 Integers.add_commut +R12123 Integers.add_commut +R12152 Integers.add_assoc +R12152 Integers.add_assoc +R12346 Cminor.eval_expr +R12388 Values.Vint +R12394 Integers.add +R12372 Cmconstr.add +R12299 Cminor.eval_expr +R12333 Values.Vint +R12252 Cminor.eval_expr +R12286 Values.Vint +R12452 Cmconstr.add_match +R12452 Cmconstr.add_match +R12497 Integers.add_commut +R12497 Integers.add_commut +R12519 Cmconstrproof.eval_addimm +R12519 Cmconstrproof.eval_addimm +R12601 Integers.add +R12620 Integers.add +R12644 Integers.add +R12629 Integers.add +R12601 Integers.add +R12620 Integers.add +R12644 Integers.add +R12629 Integers.add +R12671 Cmconstrproof.eval_addimm +R12671 Cmconstrproof.eval_addimm +R12735 Integers.add_assoc +R12735 Integers.add_assoc +R12735 Integers.add_assoc +R12735 Integers.add_assoc +R12763 Integers.add_permut +R12763 Integers.add_permut +R12816 Integers.add +R12835 Integers.add +R12844 Integers.add +R12816 Integers.add +R12835 Integers.add +R12844 Integers.add +R12872 Cmconstrproof.eval_addimm +R12872 Cmconstrproof.eval_addimm +R12921 Integers.add_assoc +R12921 Integers.add_assoc +R12921 Integers.add_assoc +R12921 Integers.add_assoc +R12949 Integers.add_commut +R12949 Integers.add_commut +R12998 Cmconstrproof.eval_addimm +R12998 Cmconstrproof.eval_addimm +R13054 Integers.add +R13073 Integers.add +R13082 Integers.add +R13054 Integers.add +R13073 Integers.add +R13082 Integers.add +R13110 Cmconstrproof.eval_addimm +R13110 Cmconstrproof.eval_addimm +R13152 Integers.add_assoc +R13152 Integers.add_assoc +R13353 Cminor.eval_expr +R13395 Values.Vptr +R13403 Integers.add +R13379 Cmconstr.add +R13306 Cminor.eval_expr +R13340 Values.Vint +R13257 Cminor.eval_expr +R13291 Values.Vptr +R13461 Cmconstr.add_match +R13461 Cmconstr.add_match +R13556 Integers.add +R13575 Integers.add +R13599 Integers.add +R13584 Integers.add +R13556 Integers.add +R13575 Integers.add +R13599 Integers.add +R13584 Integers.add +R13626 Cmconstrproof.eval_addimm_ptr +R13626 Cmconstrproof.eval_addimm_ptr +R13703 Integers.add_assoc +R13703 Integers.add_assoc +R13703 Integers.add_assoc +R13703 Integers.add_assoc +R13731 Integers.add_permut +R13731 Integers.add_permut +R13784 Integers.add +R13803 Integers.add +R13812 Integers.add +R13784 Integers.add +R13803 Integers.add +R13812 Integers.add +R13840 Cmconstrproof.eval_addimm_ptr +R13840 Cmconstrproof.eval_addimm_ptr +R13903 Integers.add_assoc +R13903 Integers.add_assoc +R13903 Integers.add_assoc +R13903 Integers.add_assoc +R13931 Integers.add_commut +R13931 Integers.add_commut +R13967 Cmconstrproof.eval_addimm_ptr +R13967 Cmconstrproof.eval_addimm_ptr +R14027 Integers.add +R14046 Integers.add +R14055 Integers.add +R14027 Integers.add +R14046 Integers.add +R14055 Integers.add +R14083 Cmconstrproof.eval_addimm_ptr +R14083 Cmconstrproof.eval_addimm_ptr +R14129 Integers.add_assoc +R14129 Integers.add_assoc +R14332 Cminor.eval_expr +R14374 Values.Vptr +R14382 Integers.add +R14358 Cmconstr.add +R14283 Cminor.eval_expr +R14317 Values.Vptr +R14236 Cminor.eval_expr +R14270 Values.Vint +R14440 Cmconstr.add_match +R14440 Cmconstr.add_match +R14488 Cmconstrproof.eval_addimm_ptr +R14488 Cmconstrproof.eval_addimm_ptr +R14568 Integers.add +R14587 Integers.add +R14611 Integers.add +R14596 Integers.add +R14568 Integers.add +R14587 Integers.add +R14611 Integers.add +R14596 Integers.add +R14638 Cmconstrproof.eval_addimm_ptr +R14638 Cmconstrproof.eval_addimm_ptr +R14715 Integers.add_assoc +R14715 Integers.add_assoc +R14715 Integers.add_assoc +R14715 Integers.add_assoc +R14751 Integers.add_commut +R14751 Integers.add_commut +R14780 Integers.add_permut +R14780 Integers.add_permut +R14833 Integers.add +R14852 Integers.add +R14861 Integers.add +R14833 Integers.add +R14852 Integers.add +R14861 Integers.add +R14889 Cmconstrproof.eval_addimm_ptr +R14889 Cmconstrproof.eval_addimm_ptr +R14943 Integers.add_assoc +R14943 Integers.add_assoc +R14943 Integers.add_assoc +R15016 Integers.add +R15035 Integers.add +R15044 Integers.add +R15016 Integers.add +R15035 Integers.add +R15044 Integers.add +R15072 Cmconstrproof.eval_addimm_ptr +R15072 Cmconstrproof.eval_addimm_ptr +R15148 Integers.add_assoc +R15148 Integers.add_assoc +R15148 Integers.add_assoc +R15148 Integers.add_assoc +R15176 Integers.add_commut +R15176 Integers.add_commut +R15364 Cminor.eval_expr +R15406 Values.Vint +R15412 Integers.sub +R15390 Cmconstr.sub +R15317 Cminor.eval_expr +R15351 Values.Vint +R15270 Cminor.eval_expr +R15304 Values.Vint +R15472 Cmconstr.sub_match +R15472 Cmconstr.sub_match +R15518 Integers.sub_add_opp +R15518 Integers.sub_add_opp +R15546 Cmconstrproof.eval_addimm +R15546 Cmconstrproof.eval_addimm +R15627 Integers.sub +R15646 Integers.add +R15670 Integers.sub +R15655 Integers.sub +R15627 Integers.sub +R15646 Integers.add +R15670 Integers.sub +R15655 Integers.sub +R15697 Cmconstrproof.eval_addimm +R15697 Cmconstrproof.eval_addimm +R15759 Integers.sub_add_opp +R15759 Integers.sub_add_opp +R15759 Integers.sub_add_opp +R15759 Integers.sub_add_opp +R15759 Integers.sub_add_opp +R15795 Integers.add_assoc +R15795 Integers.add_assoc +R15795 Integers.add_assoc +R15795 Integers.add_assoc +R15830 Integers.add_permut +R15830 Integers.add_permut +R15869 Integers.neg_add_distr +R15869 Integers.neg_add_distr +R15924 Integers.sub +R15943 Integers.add +R15952 Integers.sub +R15924 Integers.sub +R15943 Integers.add +R15952 Integers.sub +R15980 Cmconstrproof.eval_addimm +R15980 Cmconstrproof.eval_addimm +R16022 Integers.sub_add_l +R16022 Integers.sub_add_l +R16080 Integers.sub +R16099 Integers.add +R16122 Integers.neg +R16108 Integers.sub +R16080 Integers.sub +R16099 Integers.add +R16122 Integers.neg +R16108 Integers.sub +R16146 Cmconstrproof.eval_addimm +R16146 Cmconstrproof.eval_addimm +R16189 Integers.add_commut +R16189 Integers.add_commut +R16227 Integers.sub_add_r +R16227 Integers.sub_add_r +R16427 Cminor.eval_expr +R16469 Values.Vptr +R16477 Integers.sub +R16453 Cmconstr.sub +R16380 Cminor.eval_expr +R16414 Values.Vint +R16331 Cminor.eval_expr +R16365 Values.Vptr +R16537 Cmconstr.sub_match +R16537 Cmconstr.sub_match +R16583 Integers.sub_add_opp +R16583 Integers.sub_add_opp +R16611 Cmconstrproof.eval_addimm_ptr +R16611 Cmconstrproof.eval_addimm_ptr +R16710 Integers.sub +R16729 Integers.add +R16753 Integers.sub +R16738 Integers.sub +R16710 Integers.sub +R16729 Integers.add +R16753 Integers.sub +R16738 Integers.sub +R16780 Cmconstrproof.eval_addimm_ptr +R16780 Cmconstrproof.eval_addimm_ptr +R16846 Integers.sub_add_opp +R16846 Integers.sub_add_opp +R16846 Integers.sub_add_opp +R16846 Integers.sub_add_opp +R16846 Integers.sub_add_opp +R16882 Integers.add_assoc +R16882 Integers.add_assoc +R16882 Integers.add_assoc +R16882 Integers.add_assoc +R16917 Integers.add_permut +R16917 Integers.add_permut +R16956 Integers.neg_add_distr +R16956 Integers.neg_add_distr +R17020 Integers.sub +R17039 Integers.add +R17048 Integers.sub +R17020 Integers.sub +R17039 Integers.add +R17048 Integers.sub +R17076 Cmconstrproof.eval_addimm_ptr +R17076 Cmconstrproof.eval_addimm_ptr +R17122 Integers.sub_add_l +R17122 Integers.sub_add_l +R17180 Integers.sub +R17199 Integers.add +R17222 Integers.neg +R17208 Integers.sub +R17180 Integers.sub +R17199 Integers.add +R17222 Integers.neg +R17208 Integers.sub +R17246 Cmconstrproof.eval_addimm_ptr +R17246 Cmconstrproof.eval_addimm_ptr +R17293 Integers.add_commut +R17293 Integers.add_commut +R17331 Integers.sub_add_r +R17331 Integers.sub_add_r +R17533 Cminor.eval_expr +R17575 Values.Vint +R17581 Integers.sub +R17559 Cmconstr.sub +R17484 Cminor.eval_expr +R17518 Values.Vptr +R17435 Cminor.eval_expr +R17469 Values.Vptr +R17641 Cmconstr.sub_match +R17641 Cmconstr.sub_match +R17736 Integers.sub +R17755 Integers.add +R17779 Integers.sub +R17764 Integers.sub +R17736 Integers.sub +R17755 Integers.add +R17779 Integers.sub +R17764 Integers.sub +R17806 Cmconstrproof.eval_addimm +R17806 Cmconstrproof.eval_addimm +R17884 Coqlib.zeq_true +R17884 Coqlib.zeq_true +R17941 Integers.sub_add_opp +R17941 Integers.sub_add_opp +R17941 Integers.sub_add_opp +R17941 Integers.sub_add_opp +R17941 Integers.sub_add_opp +R17977 Integers.add_assoc +R17977 Integers.add_assoc +R17977 Integers.add_assoc +R17977 Integers.add_assoc +R18012 Integers.add_permut +R18012 Integers.add_permut +R18051 Integers.neg_add_distr +R18051 Integers.neg_add_distr +R18115 Integers.sub +R18134 Integers.add +R18143 Integers.sub +R18115 Integers.sub +R18134 Integers.add +R18143 Integers.sub +R18171 Cmconstrproof.eval_addimm +R18171 Cmconstrproof.eval_addimm +R18228 Coqlib.zeq_true +R18228 Coqlib.zeq_true +R18265 Integers.sub_add_l +R18265 Integers.sub_add_l +R18332 Integers.sub +R18351 Integers.add +R18374 Integers.neg +R18360 Integers.sub +R18332 Integers.sub +R18351 Integers.add +R18374 Integers.neg +R18360 Integers.sub +R18398 Cmconstrproof.eval_addimm +R18398 Cmconstrproof.eval_addimm +R18455 Coqlib.zeq_true +R18455 Coqlib.zeq_true +R18493 Integers.add_commut +R18493 Integers.add_commut +R18531 Integers.sub_add_r +R18531 Integers.sub_add_r +R18589 Coqlib.zeq_true +R18589 Coqlib.zeq_true +R18721 Cminor.eval_expr +R18774 Values.Vint +R18780 Integers.rolm +R18747 Cmconstr.rolm +R18674 Cminor.eval_expr +R18708 Values.Vint +R18850 Cmconstr.rolm_match +R18850 Cmconstr.rolm_match +R18916 Integers.is_rlw_mask +R18933 Integers.and +R18942 Integers.rol +R18916 Integers.is_rlw_mask +R18933 Integers.and +R18942 Integers.rol +R19047 Integers.and +R19081 Integers.repr +R19056 Integers.add +R19106 Integers.modu +R19141 Integers.repr +R19116 Integers.add +R19047 Integers.and +R19081 Integers.repr +R19056 Integers.add +R19106 Integers.modu +R19141 Integers.repr +R19116 Integers.add +R19174 Integers.rolm_rolm +R19174 Integers.rolm_rolm +R19219 Integers.sub +R19241 Integers.one +R19228 Integers.repr +R19200 Integers.repr +R19219 Integers.sub +R19241 Integers.one +R19228 Integers.repr +R19200 Integers.repr +R19278 Integers.repr +R19259 Integers.modu_and +R19278 Integers.repr +R19259 Integers.modu_and +R19471 Cminor.eval_expr +R19516 Values.Vint +R19522 Integers.shl +R19497 Cmconstr.shlimm +R19459 Coq.Init.Logic "x = y" type_scope +R19435 Integers.ltu +R19446 Integers.repr +R19461 Coq.Init.Datatypes.true +R19388 Cminor.eval_expr +R19422 Values.Vint +R19584 Integers.eq_spec +R19598 Integers.zero +R19615 Integers.eq +R19624 Integers.zero +R19584 Integers.eq_spec +R19598 Integers.zero +R19615 Integers.eq +R19624 Integers.zero +R19661 Integers.shl_zero +R19661 Integers.shl_zero +R19706 Integers.shl +R19725 Integers.rolm +R19739 Integers.shl +R19747 Integers.mone +R19706 Integers.shl +R19725 Integers.rolm +R19739 Integers.shl +R19747 Integers.mone +R19769 Cmconstrproof.eval_rolm +R19769 Cmconstrproof.eval_rolm +R19802 Integers.shl_rolm +R19802 Integers.shl_rolm +R19973 Cminor.eval_expr +R20019 Values.Vint +R20025 Integers.shru +R19999 Cmconstr.shruimm +R19961 Coq.Init.Logic "x = y" type_scope +R19937 Integers.ltu +R19948 Integers.repr +R19963 Coq.Init.Datatypes.true +R19890 Cminor.eval_expr +R19924 Values.Vint +R20089 Integers.eq_spec +R20103 Integers.zero +R20120 Integers.eq +R20129 Integers.zero +R20089 Integers.eq_spec +R20103 Integers.zero +R20120 Integers.eq +R20129 Integers.zero +R20166 Integers.shru_zero +R20166 Integers.shru_zero +R20212 Integers.shru +R20232 Integers.rolm +R20270 Integers.shru +R20279 Integers.mone +R20244 Integers.sub +R20253 Integers.repr +R20212 Integers.shru +R20232 Integers.rolm +R20270 Integers.shru +R20279 Integers.mone +R20244 Integers.sub +R20253 Integers.repr +R20301 Cmconstrproof.eval_rolm +R20301 Cmconstrproof.eval_rolm +R20334 Integers.shru_rolm +R20334 Integers.shru_rolm +R20472 Cminor.eval_expr +R20522 Values.Vint +R20528 Integers.mul +R20498 Cmconstr.mulimm_base +R20425 Cminor.eval_expr +R20459 Values.Vint +R20595 Integers.one_bits_decomp +R20595 Integers.one_bits_decomp +R20634 Integers.one_bits_range +R20634 Integers.one_bits_range +R20667 Coq.ZArith.BinInt.Z_of_nat +R20676 Integers.wordsize +R20667 Coq.ZArith.BinInt.Z_of_nat +R20676 Integers.wordsize +R20707 Integers.one_bits +R20707 Integers.one_bits +R20797 Integers.add_zero +R20797 Integers.add_zero +R20822 Integers.shl_mul +R20822 Integers.shl_mul +R20843 Cmconstrproof.eval_shlimm +R20843 Cmconstrproof.eval_shlimm +R20933 Values.Vint +R20911 Cminor.eval_Elet +R20933 Values.Vint +R20911 Cminor.eval_Elet +R20977 Integers.add_zero +R20977 Integers.add_zero +R21002 Integers.mul_add_distr_r +R21002 Integers.mul_add_distr_r +R21036 Integers.shl_mul +R21036 Integers.shl_mul +R21062 Integers.shl_mul +R21062 Integers.shl_mul +R21092 Cminor.eval_Econs +R21092 Cminor.eval_Econs +R21113 Cmconstrproof.eval_shlimm +R21113 Cmconstrproof.eval_shlimm +R21132 Cminor.eval_Eletvar +R21132 Cminor.eval_Eletvar +R21196 Cminor.eval_Econs +R21196 Cminor.eval_Econs +R21216 Cmconstrproof.eval_shlimm +R21216 Cmconstrproof.eval_shlimm +R21235 Cminor.eval_Eletvar +R21235 Cminor.eval_Eletvar +R21455 Cminor.eval_expr +R21500 Values.Vint +R21506 Integers.mul +R21481 Cmconstr.mulimm +R21408 Cminor.eval_expr +R21442 Values.Vint +R21575 Integers.eq_spec +R21589 Integers.zero +R21606 Integers.eq +R21615 Integers.zero +R21575 Integers.eq_spec +R21589 Integers.zero +R21606 Integers.eq +R21615 Integers.zero +R21652 Integers.mul_zero +R21652 Integers.mul_zero +R21702 Integers.eq_spec +R21716 Integers.one +R21732 Integers.eq +R21741 Integers.one +R21702 Integers.eq_spec +R21716 Integers.one +R21732 Integers.eq +R21741 Integers.one +R21777 Integers.mul_one +R21777 Integers.mul_one +R21804 Cmconstr.mulimm_match +R21804 Cmconstr.mulimm_match +R21859 Integers.mul_commut +R21859 Integers.mul_commut +R21923 Integers.mul +R21942 Integers.add +R21965 Integers.mul +R21951 Integers.mul +R21923 Integers.mul +R21942 Integers.add +R21965 Integers.mul +R21951 Integers.mul +R21989 Cmconstrproof.eval_addimm +R21989 Cmconstrproof.eval_addimm +R22008 Cmconstrproof.eval_mulimm_base +R22008 Cmconstrproof.eval_mulimm_base +R22051 Integers.mul_add_distr_l +R22051 Integers.mul_add_distr_l +R22085 Integers.mul_commut +R22085 Integers.mul_commut +R22109 Cmconstrproof.eval_mulimm_base +R22109 Cmconstrproof.eval_mulimm_base +R22301 Cminor.eval_expr +R22343 Values.Vint +R22349 Integers.mul +R22327 Cmconstr.mul +R22254 Cminor.eval_expr +R22288 Values.Vint +R22207 Cminor.eval_expr +R22241 Values.Vint +R22409 Cmconstr.mul_match +R22409 Cmconstr.mul_match +R22454 Integers.mul_commut +R22454 Integers.mul_commut +R22476 Cmconstrproof.eval_mulimm +R22476 Cmconstrproof.eval_mulimm +R22515 Cmconstrproof.eval_mulimm +R22515 Cmconstrproof.eval_mulimm +R22726 Cminor.eval_expr +R22769 Values.Vint +R22775 Integers.divs +R22752 Cmconstr.divs +R22709 Coq.Init.Logic "x <> y" type_scope +R22712 Integers.zero +R22660 Cminor.eval_expr +R22694 Values.Vint +R22613 Cminor.eval_expr +R22647 Values.Vint +R22810 Cmconstr.divs +R22835 Integers.eq +R22842 Integers.eq_spec +R22856 Integers.zero +R23225 Cminor.eval_expr +R23280 Values.Vint +R23286 Integers.sub +R23297 Integers.mul +R23251 Cmconstr.mod_aux +R23208 Coq.Init.Logic "x <> y" type_scope +R23211 Integers.zero +R23159 Cminor.eval_expr +R23193 Values.Vint +R23112 Cminor.eval_expr +R23146 Values.Vint +R23032 Coq.Init.Logic "x = y" type_scope +R22979 Op.eval_operation +R23014 Coq.Lists.List "x :: y" list_scope +R23007 Values.Vint +R23024 Coq.Lists.List "x :: y" list_scope +R23017 Values.Vint +R23027 Coq.Lists.List.nil +R23037 Coq.Init.Datatypes.Some +R23043 Values.Vint +R22961 Coq.Init.Logic "x <> y" type_scope +R22964 Integers.zero +R23368 Cminor.eval_Elet +R23368 Cminor.eval_Elet +R23397 Cminor.eval_Elet +R23397 Cminor.eval_Elet +R23417 Cmconstrproof.eval_lift +R23417 Cmconstrproof.eval_lift +R23448 Cminor.eval_Eop +R23448 Cminor.eval_Eop +R23465 Cminor.eval_Econs +R23465 Cminor.eval_Econs +R23487 Cminor.eval_Eletvar +R23487 Cminor.eval_Eletvar +R23530 Cminor.eval_Econs +R23530 Cminor.eval_Econs +R23549 Cminor.eval_Eop +R23549 Cminor.eval_Eop +R23569 Cminor.eval_Econs +R23569 Cminor.eval_Econs +R23588 Cminor.eval_Eop +R23588 Cminor.eval_Eop +R23607 Cminor.eval_Econs +R23607 Cminor.eval_Econs +R23625 Cminor.eval_Eletvar +R23625 Cminor.eval_Eletvar +R23668 Cminor.eval_Econs +R23668 Cminor.eval_Econs +R23686 Cminor.eval_Eletvar +R23686 Cminor.eval_Eletvar +R23728 Cminor.eval_Enil +R23728 Cminor.eval_Enil +R23769 Cminor.eval_Econs +R23769 Cminor.eval_Econs +R23787 Cminor.eval_Eletvar +R23787 Cminor.eval_Eletvar +R23829 Cminor.eval_Enil +R23829 Cminor.eval_Enil +R23866 Cminor.eval_Enil +R23866 Cminor.eval_Enil +R24075 Cminor.eval_expr +R24118 Values.Vint +R24124 Integers.mods +R24101 Cmconstr.mods +R24058 Coq.Init.Logic "x <> y" type_scope +R24061 Integers.zero +R24009 Cminor.eval_expr +R24043 Values.Vint +R23962 Cminor.eval_expr +R23996 Values.Vint +R24181 Integers.mods_divs +R24181 Integers.mods_divs +R24206 Cmconstrproof.eval_mod_aux +R24206 Cmconstrproof.eval_mod_aux +R24254 Integers.eq +R24261 Integers.eq_spec +R24276 Integers.zero +R24495 Cminor.eval_expr +R24558 Values.Vint +R24564 Integers.divu +R24521 Cminor.Eop +R24534 Cmconstr "x ::: y" cminor_scope +R24540 Cmconstr "x ::: y" cminor_scope +R24544 Cminor.Enil +R24525 Op.Odivu +R24478 Coq.Init.Logic "x <> y" type_scope +R24481 Integers.zero +R24429 Cminor.eval_expr +R24463 Values.Vint +R24382 Cminor.eval_expr +R24416 Values.Vint +R24624 Integers.eq +R24631 Integers.eq_spec +R24645 Integers.zero +R24858 Cminor.eval_expr +R24901 Values.Vint +R24907 Integers.divu +R24884 Cmconstr.divu +R24841 Coq.Init.Logic "x <> y" type_scope +R24844 Integers.zero +R24792 Cminor.eval_expr +R24826 Values.Vint +R24745 Cminor.eval_expr +R24779 Values.Vint +R24969 Cmconstr.divu_match +R24969 Cmconstr.divu_match +R25014 Integers.is_power2 +R25014 Integers.is_power2 +R25052 Integers.divu_pow2 +R25052 Integers.divu_pow2 +R25085 Cmconstrproof.eval_shruimm +R25085 Cmconstrproof.eval_shruimm +R25113 Integers.is_power2_range +R25113 Integers.is_power2_range +R25174 Cmconstrproof.eval_divu_base +R25174 Cmconstrproof.eval_divu_base +R25223 Cmconstrproof.eval_divu_base +R25223 Cmconstrproof.eval_divu_base +R25428 Cminor.eval_expr +R25471 Values.Vint +R25477 Integers.modu +R25454 Cmconstr.modu +R25411 Coq.Init.Logic "x <> y" type_scope +R25414 Integers.zero +R25362 Cminor.eval_expr +R25396 Values.Vint +R25315 Cminor.eval_expr +R25349 Values.Vint +R25537 Cmconstr.divu_match +R25537 Cmconstr.divu_match +R25582 Integers.is_power2 +R25582 Integers.is_power2 +R25620 Integers.modu_and +R25620 Integers.modu_and +R25657 Integers.rolm_zero +R25657 Integers.rolm_zero +R25678 Cmconstrproof.eval_rolm +R25678 Cmconstrproof.eval_rolm +R25712 Integers.modu_divu +R25712 Integers.modu_divu +R25734 Cmconstrproof.eval_mod_aux +R25734 Cmconstrproof.eval_mod_aux +R25775 Integers.eq +R25782 Integers.eq_spec +R25797 Integers.zero +R25872 Integers.modu_divu +R25872 Integers.modu_divu +R25894 Cmconstrproof.eval_mod_aux +R25894 Cmconstrproof.eval_mod_aux +R25935 Integers.eq +R25942 Integers.eq_spec +R25957 Integers.zero +R26135 Cminor.eval_expr +R26180 Values.Vint +R26186 Integers.and +R26161 Cmconstr.andimm +R26088 Cminor.eval_expr +R26122 Values.Vint +R26240 Integers.is_rlw_mask +R26240 Integers.is_rlw_mask +R26273 Integers.rolm_zero +R26273 Integers.rolm_zero +R26294 Cmconstrproof.eval_rolm +R26294 Cmconstrproof.eval_rolm +R26484 Cminor.eval_expr +R26526 Values.Vint +R26532 Integers.and +R26510 Cmconstr.and +R26437 Cminor.eval_expr +R26471 Values.Vint +R26390 Cminor.eval_expr +R26424 Values.Vint +R26590 Cmconstr.mul_match +R26590 Cmconstr.mul_match +R26635 Integers.and_commut +R26635 Integers.and_commut +R26657 Cmconstrproof.eval_andimm +R26657 Cmconstrproof.eval_andimm +R26696 Cmconstrproof.eval_andimm +R26696 Cmconstrproof.eval_andimm +R26932 Coq.Init.Logic "A /\ B" type_scope +R26927 Coq.Init.Logic "x = y" type_scope +R26943 Coq.Init.Logic "A /\ B" type_scope +R26938 Coq.Init.Logic "x = y" type_scope +R26954 Coq.Init.Logic "A /\ B" type_scope +R26949 Coq.Init.Logic "x = y" type_scope +R26960 Coq.Init.Logic "x = y" type_scope +R26882 Cminor.eval_expr +R26840 Cminor.eval_expr +R26828 Coq.Init.Logic "x = y" type_scope +R26807 Cmconstr.same_expr_pure +R26830 Coq.Init.Datatypes.true +R27101 AST.ident_eq +R27101 AST.ident_eq +R27179 Coq.Init.Logic "x = y" type_scope +R27179 Coq.Init.Logic "x = y" type_scope +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R27380 Cminor.eval_expr +R27421 Values.Vint +R27427 Integers.or +R27406 Cmconstr.or +R27333 Cminor.eval_expr +R27367 Values.Vint +R27286 Cminor.eval_expr +R27320 Values.Vint +R27483 Cmconstr.or_match +R27483 Cmconstr.or_match +R27520 Integers.eq_spec +R27556 Integers.eq +R27520 Integers.eq_spec +R27556 Integers.eq +R27596 Integers.is_rlw_mask +R27613 Integers.or +R27596 Integers.is_rlw_mask +R27613 Integers.or +R27645 Cmconstr.same_expr_pure +R27645 Cmconstr.same_expr_pure +R27740 Cmconstrproof.eval_same_expr_pure +R27740 Cmconstrproof.eval_same_expr_pure +R27959 Integers.or_rolm +R27959 Integers.or_rolm +R28204 Cminor.eval_expr +R28246 Values.Vint +R28252 Integers.xor +R28230 Cmconstr.xor +R28157 Cminor.eval_expr +R28191 Values.Vint +R28110 Cminor.eval_expr +R28144 Values.Vint +R28284 Cmconstr.xor +R28487 Cminor.eval_expr +R28529 Values.Vint +R28535 Integers.shl +R28513 Cmconstr.shl +R28475 Coq.Init.Logic "x = y" type_scope +R28451 Integers.ltu +R28462 Integers.repr +R28477 Coq.Init.Datatypes.true +R28404 Cminor.eval_expr +R28438 Values.Vint +R28357 Cminor.eval_expr +R28391 Values.Vint +R28593 Cmconstr.shift_match +R28593 Cmconstr.shift_match +R28637 Cmconstrproof.eval_shlimm +R28637 Cmconstrproof.eval_shlimm +R28889 Cminor.eval_expr +R28931 Values.Vint +R28937 Integers.shr +R28915 Cmconstr.shr +R28877 Coq.Init.Logic "x = y" type_scope +R28853 Integers.ltu +R28864 Integers.repr +R28879 Coq.Init.Datatypes.true +R28806 Cminor.eval_expr +R28840 Values.Vint +R28759 Cminor.eval_expr +R28793 Values.Vint +R28971 Cmconstr.shr +R29200 Cminor.eval_expr +R29243 Values.Vint +R29249 Integers.shru +R29226 Cmconstr.shru +R29188 Coq.Init.Logic "x = y" type_scope +R29164 Integers.ltu +R29175 Integers.repr +R29190 Coq.Init.Datatypes.true +R29117 Cminor.eval_expr +R29151 Values.Vint +R29070 Cminor.eval_expr +R29104 Values.Vint +R29309 Cmconstr.shift_match +R29309 Cmconstr.shift_match +R29353 Cmconstrproof.eval_shruimm +R29353 Cmconstrproof.eval_shruimm +R29575 Cminor.eval_expr +R29618 Values.Vfloat +R29626 Floats.add +R29601 Cmconstr.addf +R29526 Cminor.eval_expr +R29560 Values.Vfloat +R29477 Cminor.eval_expr +R29511 Values.Vfloat +R29687 Cmconstr.addf_match +R29687 Cmconstr.addf_match +R29801 Cminor.eval_Elet +R29801 Cminor.eval_Elet +R29840 Cminor.eval_Econs +R29840 Cminor.eval_Econs +R29858 Cmconstrproof.eval_lift +R29858 Cmconstrproof.eval_lift +R29889 Cminor.eval_Econs +R29889 Cminor.eval_Econs +R29907 Cmconstrproof.eval_lift +R29907 Cmconstrproof.eval_lift +R29939 Cminor.eval_Econs +R29939 Cminor.eval_Econs +R29957 Cminor.eval_Eletvar +R29957 Cminor.eval_Eletvar +R29999 Cminor.eval_Enil +R29999 Cminor.eval_Enil +R30030 Floats.addf_commut +R30030 Floats.addf_commut +R30240 Cminor.eval_expr +R30283 Values.Vfloat +R30291 Floats.sub +R30266 Cmconstr.subf +R30191 Cminor.eval_expr +R30225 Values.Vfloat +R30142 Cminor.eval_expr +R30176 Values.Vfloat +R30352 Cmconstr.subf_match +R30352 Cmconstr.subf_match +R30606 Cminor.eval_expr +R30649 Values.Vfloat +R30657 Floats.mul +R30632 Cmconstr.mulf +R30557 Cminor.eval_expr +R30591 Values.Vfloat +R30508 Cminor.eval_expr +R30542 Values.Vfloat +R30691 Cmconstr.mulf +R30864 Cminor.eval_expr +R30907 Values.Vfloat +R30915 Floats.div +R30890 Cmconstr.divf +R30815 Cminor.eval_expr +R30849 Values.Vfloat +R30766 Cminor.eval_expr +R30800 Values.Vfloat +R30949 Cmconstr.divf +R31119 Cminor.eval_expr +R31163 Values.of_bool +R31176 Integers.cmp +R31145 Cmconstr.cmp +R31072 Cminor.eval_expr +R31106 Values.Vint +R31025 Cminor.eval_expr +R31059 Values.Vint +R31213 Cmconstr.cmp +R31234 Integers.cmp +R31234 Integers.cmp +R31493 Cminor.eval_expr +R31519 Cmconstr.cmp +R31460 Coq.Init.Logic "A \/ B" type_scope +R31447 Coq.Init.Logic "A /\ B" type_scope +R31441 Coq.Init.Logic "x = y" type_scope +R31443 AST.Ceq +R31452 Coq.Init.Logic "x = y" type_scope +R31454 Values.Vfalse +R31474 Coq.Init.Logic "A /\ B" type_scope +R31468 Coq.Init.Logic "x = y" type_scope +R31470 AST.Cne +R31479 Coq.Init.Logic "x = y" type_scope +R31481 Values.Vtrue +R31384 Cminor.eval_expr +R31418 Values.Vint +R31423 Integers.zero +R31335 Cminor.eval_expr +R31369 Values.Vptr +R31559 Cmconstr.cmp +R31869 Cminor.eval_expr +R31895 Cmconstr.cmp +R31836 Coq.Init.Logic "A \/ B" type_scope +R31823 Coq.Init.Logic "A /\ B" type_scope +R31817 Coq.Init.Logic "x = y" type_scope +R31819 AST.Ceq +R31828 Coq.Init.Logic "x = y" type_scope +R31830 Values.Vfalse +R31850 Coq.Init.Logic "A /\ B" type_scope +R31844 Coq.Init.Logic "x = y" type_scope +R31846 AST.Cne +R31855 Coq.Init.Logic "x = y" type_scope +R31857 Values.Vtrue +R31765 Cminor.eval_expr +R31799 Values.Vptr +R31711 Cminor.eval_expr +R31745 Values.Vint +R31750 Integers.zero +R31935 Cmconstr.cmp +R32182 Cminor.eval_expr +R32226 Values.of_bool +R32239 Integers.cmp +R32208 Cmconstr.cmp +R32133 Cminor.eval_expr +R32167 Values.Vptr +R32084 Cminor.eval_expr +R32118 Values.Vptr +R32276 Cmconstr.cmp +R32316 Coqlib.zeq_true +R32316 Coqlib.zeq_true +R32335 Integers.cmp +R32335 Integers.cmp +R32522 Cminor.eval_expr +R32567 Values.of_bool +R32580 Integers.cmpu +R32548 Cmconstr.cmpu +R32475 Cminor.eval_expr +R32509 Values.Vint +R32428 Cminor.eval_expr +R32462 Values.Vint +R32618 Cmconstr.cmpu +R32640 Integers.cmpu +R32640 Integers.cmpu +R32832 Cminor.eval_expr +R32877 Values.of_bool +R32890 Floats.cmp +R32858 Cmconstr.cmpf +R32783 Cminor.eval_expr +R32817 Values.Vfloat +R32734 Cminor.eval_expr +R32768 Values.Vfloat +R32929 Cmconstr.cmpf +R32951 Floats.cmp +R32951 Floats.cmp +R33125 Cminor.eval_condexpr +R33172 Cminor.CEcond +R33207 Cmconstr "x ::: y" cminor_scope +R33211 Cminor.Enil +R33180 Op.Ccompuimm +R33194 Integers.zero +R33190 AST.Cne +R33100 Values.bool_of_val +R33060 Cminor.eval_expr +R33051 Coq.Init.Datatypes.bool +R33270 Cminor.eval_CEcond +R33270 Cminor.eval_CEcond +R33336 Integers.eq_false +R33336 Integers.eq_false +R33513 Cminor.eval_condexpr +R33543 Cmconstr.condexpr_of_expr +R33488 Values.bool_of_val +R33448 Cminor.eval_expr +R33439 Coq.Init.Datatypes.bool +R33625 Cmconstrproof.eval_base_condition_of_expr +R33625 Cmconstrproof.eval_base_condition_of_expr +R33625 Cmconstrproof.eval_base_condition_of_expr +R33625 Cmconstrproof.eval_base_condition_of_expr +R33625 Cmconstrproof.eval_base_condition_of_expr +R33625 Cmconstrproof.eval_base_condition_of_expr +R33625 Cmconstrproof.eval_base_condition_of_expr +R33625 Cmconstrproof.eval_base_condition_of_expr +R33625 Cmconstrproof.eval_base_condition_of_expr +R33625 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33694 Cmconstrproof.eval_base_condition_of_expr +R33910 Integers.eq_false +R33910 Integers.eq_false +R33962 Integers.eq_true +R33962 Integers.eq_true +R33997 Cmconstrproof.eval_base_condition_of_expr +R33997 Cmconstrproof.eval_base_condition_of_expr +R34056 Cminor.eval_CEcond +R34056 Cminor.eval_CEcond +R34102 Op.eval_condition +R34102 Op.eval_condition +R34466 Cminor.eval_expr +R34492 Cmconstr.conditionalexpr +R34424 Cminor.eval_expr +R34404 Values.is_true +R34362 Cminor.eval_expr +R34604 Coq.Init.Datatypes.true +R34577 Cminor.eval_Econdition +R34604 Coq.Init.Datatypes.true +R34577 Cminor.eval_Econdition +R34625 Cmconstrproof.eval_condition_of_expr +R34625 Cmconstrproof.eval_condition_of_expr +R34869 Cminor.eval_expr +R34895 Cmconstr.conditionalexpr +R34827 Cminor.eval_expr +R34806 Values.is_false +R34764 Cminor.eval_expr +R35007 Coq.Init.Datatypes.false +R34980 Cminor.eval_Econdition +R35007 Coq.Init.Datatypes.false +R34980 Cminor.eval_Econdition +R35029 Cmconstrproof.eval_condition_of_expr +R35029 Cmconstrproof.eval_condition_of_expr +R35210 Cmconstr.addressing +R35228 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35248 Coq.Init.Logic "'exists' x , p" type_scope +R35306 Coq.Init.Logic "A /\ B" type_scope +R35263 Cminor.eval_exprlist +R35344 Coq.Init.Logic "x = y" type_scope +R35314 Op.eval_addressing +R35346 Coq.Init.Datatypes.Some +R35186 Coq.Init.Logic "x = y" type_scope +R35188 Values.Vptr +R35144 Cminor.eval_expr +R35410 Cmconstr.addressing_match +R35410 Cmconstr.addressing_match +R35461 Coq.Lists.List.nil +R35465 Values.val +R35461 Coq.Lists.List.nil +R35465 Values.val +R35537 Coq.Lists.List.nil +R35541 Values.val +R35537 Coq.Lists.List.nil +R35541 Values.val +R35667 Coq.Lists.List "x :: y" list_scope +R35659 Values.Vint +R35670 Coq.Lists.List.nil +R35667 Coq.Lists.List "x :: y" list_scope +R35659 Values.Vint +R35670 Coq.Lists.List.nil +R35735 Globalenvs.find_symbol +R35735 Globalenvs.find_symbol +R35826 Globalenvs.find_symbol +R35826 Globalenvs.find_symbol +R35899 Coq.Lists.List "x :: y" list_scope +R35891 Values.Vint +R35902 Coq.Lists.List.nil +R35899 Coq.Lists.List "x :: y" list_scope +R35891 Values.Vint +R35902 Coq.Lists.List.nil +R35958 Globalenvs.find_symbol +R35958 Globalenvs.find_symbol +R36072 Coq.Lists.List "x :: y" list_scope +R36062 Values.Vptr +R36075 Coq.Lists.List.nil +R36072 Coq.Lists.List "x :: y" list_scope +R36062 Values.Vptr +R36075 Coq.Lists.List.nil +R36191 Coq.Lists.List "x :: y" list_scope +R36184 Values.Vint +R36205 Coq.Lists.List "x :: y" list_scope +R36194 Values.Vptr +R36208 Coq.Lists.List.nil +R36191 Coq.Lists.List "x :: y" list_scope +R36184 Values.Vint +R36205 Coq.Lists.List "x :: y" list_scope +R36194 Values.Vptr +R36208 Coq.Lists.List.nil +R36266 Integers.add_commut +R36266 Integers.add_commut +R36316 Coq.Lists.List "x :: y" list_scope +R36306 Values.Vptr +R36327 Coq.Lists.List "x :: y" list_scope +R36319 Values.Vint +R36330 Coq.Lists.List.nil +R36316 Coq.Lists.List "x :: y" list_scope +R36306 Values.Vptr +R36327 Coq.Lists.List "x :: y" list_scope +R36319 Values.Vint +R36330 Coq.Lists.List.nil +R36399 Coq.Lists.List "x :: y" list_scope +R36402 Coq.Lists.List.nil +R36399 Coq.Lists.List "x :: y" list_scope +R36402 Coq.Lists.List.nil +R36465 Integers.add_zero +R36465 Integers.add_zero +R36629 Cminor.eval_expr +R36655 Cmconstr.load +R36614 Coq.Init.Logic "x = y" type_scope +R36593 Mem.loadv +R36616 Coq.Init.Datatypes.Some +R36553 Cminor.eval_expr +R36785 Cmconstrproof.eval_addressing +R36824 Coq.Init.Logic.refl_equal +R36785 Cmconstrproof.eval_addressing +R36824 Coq.Init.Logic.refl_equal +R36852 Cmconstr.addressing +R36852 Cmconstr.addressing +R36898 Cminor.eval_Eload +R36898 Cminor.eval_Eload +R37126 Cminor.eval_expr +R37152 Cmconstr.store +R37111 Coq.Init.Logic "x = y" type_scope +R37085 Mem.storev +R37113 Coq.Init.Datatypes.Some +R37043 Cminor.eval_expr +R37001 Cminor.eval_expr +R37288 Cmconstrproof.eval_addressing +R37327 Coq.Init.Logic.refl_equal +R37288 Cmconstrproof.eval_addressing +R37327 Coq.Init.Logic.refl_equal +R37355 Cmconstr.addressing +R37355 Cmconstr.addressing +R37402 Cminor.eval_Estore +R37402 Cminor.eval_Estore +R37617 Cminor.exec_stmt +R37640 Cmconstr.ifthenelse +R37571 Cminor.exec_stmtlist +R37552 Values.is_true +R37511 Cminor.eval_expr +R37527 Coq.Lists.List.nil +R37748 Coq.Init.Datatypes.true +R37720 Cminor.exec_Sifthenelse +R37748 Coq.Init.Datatypes.true +R37720 Cminor.exec_Sifthenelse +R37763 Cmconstrproof.eval_condition_of_expr +R37763 Cmconstrproof.eval_condition_of_expr +R38014 Cminor.exec_stmt +R38037 Cmconstr.ifthenelse +R37967 Cminor.exec_stmtlist +R37947 Values.is_false +R37906 Cminor.eval_expr +R37922 Coq.Lists.List.nil +R38145 Coq.Init.Datatypes.false +R38117 Cminor.exec_Sifthenelse +R38145 Coq.Init.Datatypes.false +R38117 Cminor.exec_Sifthenelse +R38161 Cmconstrproof.eval_condition_of_expr +R38161 Cmconstrproof.eval_condition_of_expr +FCminorplus +R250 Integers.int +R284 Floats.float +R954 AST.comparison +R989 AST.comparison +R1024 AST.comparison +R1085 AST.ident +R1113 AST.ident +R1141 AST.ident +R1173 Cminorplus.operation +R1215 AST.memory_chunk +R1257 AST.memory_chunk +R1306 AST.signature +R1436 Coq.Init.Datatypes.nat +R1568 Cminorplus.expr +R1598 Cminorplus.expr +R1703 Coq.Init.Datatypes.nat +R1728 Coq.Init.Datatypes.option +R1735 Cminorplus.expr +R1881 AST.memory_chunk +R1925 Coq.ZArith.BinInt.Z +R1995 AST.signature +R2019 Coq.Lists.List.list +R2031 Coq.Init.Datatypes "x * y" type_scope +R2025 AST.ident +R2033 AST.memory_chunk +R2059 Coq.Lists.List.list +R2071 Coq.Init.Datatypes "x * y" type_scope +R2065 AST.ident +R2073 Cminorplus.local_variable +R2101 Cminorplus.stmtlist +R2136 AST.program +R2148 Cminorplus.function +R2252 Coq.Init.Datatypes.nat +R2283 Coq.Init.Datatypes.option +R2290 Values.val +R2432 Cminorplus.Out_normal +R2444 Coq.Init.Datatypes.None +R2454 Coq.Init.Logic "x = y" type_scope +R2456 Values.Vundef +R2467 Cminorplus.Out_return +R2478 Coq.Init.Datatypes.None +R2484 Coq.Init.Datatypes.None +R2494 Coq.Init.Logic "x = y" type_scope +R2496 Values.Vundef +R2507 Cminorplus.Out_return +R2519 Coq.Init.Datatypes.Some +R2529 Coq.Init.Datatypes.Some +R2542 Coq.Init.Logic "x = y" type_scope +R2559 Coq.Init.Logic.False +R2392 Values.val +R2376 Coq.Init.Datatypes.option +R2383 AST.typ +R2362 Cminorplus.outcome +R2615 Cminorplus.outcome +R2647 Cminorplus.Out_normal +R2661 Cminorplus.Out_normal +R2676 Cminorplus.Out_exit +R2685 Coq.Init.Datatypes.O +R2690 Cminorplus.Out_normal +R2705 Cminorplus.Out_exit +R2715 Coq.Init.Datatypes.S +R2723 Cminorplus.Out_exit +R2738 Cminorplus.Out_return +R2757 Cminorplus.Out_return +R2604 Cminorplus.outcome +R2800 Globalenvs.t +R2807 Cminorplus.function +R2835 Maps.t +R2850 Coq.Init.Datatypes "x * y" type_scope +R2844 Values.block +R2852 Cminorplus.local_variable +R2892 Cminorplus.env +R2899 Maps.empty +R2918 Coq.Init.Datatypes "x * y" type_scope +R2912 Values.block +R2920 Cminorplus.local_variable +R2958 Coq.Lists.List.list +R2963 Values.val +R3010 Coq.ZArith.BinInt.Z +R3035 Cminorplus.LVscalar +R3053 Mem.size_chunk +R3074 Cminorplus.LVarray +R3088 Coq.ZArith.Zmin.Zmax +R2992 Cminorplus.local_variable +R3236 Coq.Lists.List "x ++ y" list_scope +R3149 Coq.Lists.List.map +R3223 Cminorplus.fn_params +R3179 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3180 Coq.Init.Datatypes.fst +R3194 Cminorplus.LVscalar +R3204 Coq.Init.Datatypes.snd +R3242 Cminorplus.fn_vars +R3134 Cminorplus.function +R3299 Coq.Lists.List.map +R3337 Cminorplus.fn_params +R3310 Coq.Init.Datatypes.fst +R3320 AST.memory_chunk +R3314 AST.ident +R3284 Cminorplus.function +R3394 Coq.Lists.List.map +R3434 Cminorplus.fn_vars +R3405 Coq.Init.Datatypes.fst +R3415 Cminorplus.local_variable +R3409 AST.ident +R3379 Cminorplus.function +R3502 Coq.Init.Datatypes.option +R3509 Values.val +R3521 Integers.eq +R3530 Integers.zero +R3622 Coq.Init.Datatypes.None +R3560 AST.Ceq +R3567 Coq.Init.Datatypes.Some +R3572 Values.Vfalse +R3581 AST.Cne +R3588 Coq.Init.Datatypes.Some +R3593 Values.Vtrue +R3606 Coq.Init.Datatypes.None +R3495 Integers.int +R3479 AST.comparison +R3696 Coq.Init.Datatypes.option +R3703 Values.val +R3734 Cminorplus.Ointconst +R3747 Coq.Lists.List.nil +R3754 Coq.Init.Datatypes.Some +R3760 Values.Vint +R3772 Cminorplus.Ofloatconst +R3787 Coq.Lists.List.nil +R3794 Coq.Init.Datatypes.Some +R3800 Values.Vfloat +R3814 Cminorplus.Ocast8unsigned +R3838 Coq.Lists.List "x :: y" list_scope +R3830 Values.Vint +R3841 Coq.Lists.List.nil +R3848 Coq.Init.Datatypes.Some +R3854 Values.Vint +R3860 Integers.cast8unsigned +R3887 Cminorplus.Ocast8signed +R3909 Coq.Lists.List "x :: y" list_scope +R3901 Values.Vint +R3912 Coq.Lists.List.nil +R3919 Coq.Init.Datatypes.Some +R3925 Values.Vint +R3931 Integers.cast8signed +R3956 Cminorplus.Ocast16unsigned +R3981 Coq.Lists.List "x :: y" list_scope +R3973 Values.Vint +R3984 Coq.Lists.List.nil +R3991 Coq.Init.Datatypes.Some +R3997 Values.Vint +R4003 Integers.cast16unsigned +R4031 Cminorplus.Ocast16signed +R4054 Coq.Lists.List "x :: y" list_scope +R4046 Values.Vint +R4057 Coq.Lists.List.nil +R4064 Coq.Init.Datatypes.Some +R4070 Values.Vint +R4076 Integers.cast16signed +R4102 Cminorplus.Onotint +R4119 Coq.Lists.List "x :: y" list_scope +R4111 Values.Vint +R4122 Coq.Lists.List.nil +R4129 Coq.Init.Datatypes.Some +R4135 Values.Vint +R4141 Integers.not +R4158 Cminorplus.Oadd +R4172 Coq.Lists.List "x :: y" list_scope +R4164 Values.Vint +R4183 Coq.Lists.List "x :: y" list_scope +R4175 Values.Vint +R4186 Coq.Lists.List.nil +R4193 Coq.Init.Datatypes.Some +R4199 Values.Vint +R4205 Integers.add +R4225 Cminorplus.Oadd +R4239 Coq.Lists.List "x :: y" list_scope +R4231 Values.Vint +R4253 Coq.Lists.List "x :: y" list_scope +R4242 Values.Vptr +R4256 Coq.Lists.List.nil +R4263 Coq.Init.Datatypes.Some +R4269 Values.Vptr +R4278 Integers.add +R4298 Cminorplus.Oadd +R4315 Coq.Lists.List "x :: y" list_scope +R4304 Values.Vptr +R4326 Coq.Lists.List "x :: y" list_scope +R4318 Values.Vint +R4329 Coq.Lists.List.nil +R4336 Coq.Init.Datatypes.Some +R4342 Values.Vptr +R4351 Integers.add +R4371 Cminorplus.Osub +R4385 Coq.Lists.List "x :: y" list_scope +R4377 Values.Vint +R4396 Coq.Lists.List "x :: y" list_scope +R4388 Values.Vint +R4399 Coq.Lists.List.nil +R4406 Coq.Init.Datatypes.Some +R4412 Values.Vint +R4418 Integers.sub +R4438 Cminorplus.Osub +R4455 Coq.Lists.List "x :: y" list_scope +R4444 Values.Vptr +R4466 Coq.Lists.List "x :: y" list_scope +R4458 Values.Vint +R4469 Coq.Lists.List.nil +R4476 Coq.Init.Datatypes.Some +R4482 Values.Vptr +R4491 Integers.sub +R4511 Cminorplus.Osub +R4528 Coq.Lists.List "x :: y" list_scope +R4517 Values.Vptr +R4542 Coq.Lists.List "x :: y" list_scope +R4531 Values.Vptr +R4545 Coq.Lists.List.nil +R4561 Values.eq_block +R4614 Coq.Init.Datatypes.None +R4581 Coq.Init.Datatypes.Some +R4587 Values.Vint +R4593 Integers.sub +R4623 Cminorplus.Omul +R4637 Coq.Lists.List "x :: y" list_scope +R4629 Values.Vint +R4648 Coq.Lists.List "x :: y" list_scope +R4640 Values.Vint +R4651 Coq.Lists.List.nil +R4658 Coq.Init.Datatypes.Some +R4664 Values.Vint +R4670 Integers.mul +R4690 Cminorplus.Odiv +R4704 Coq.Lists.List "x :: y" list_scope +R4696 Values.Vint +R4715 Coq.Lists.List "x :: y" list_scope +R4707 Values.Vint +R4718 Coq.Lists.List.nil +R4734 Integers.eq +R4744 Integers.zero +R4768 Coq.Init.Datatypes.Some +R4774 Values.Vint +R4780 Integers.divs +R4758 Coq.Init.Datatypes.None +R4801 Cminorplus.Odivu +R4816 Coq.Lists.List "x :: y" list_scope +R4808 Values.Vint +R4827 Coq.Lists.List "x :: y" list_scope +R4819 Values.Vint +R4830 Coq.Lists.List.nil +R4846 Integers.eq +R4856 Integers.zero +R4880 Coq.Init.Datatypes.Some +R4886 Values.Vint +R4892 Integers.divu +R4870 Coq.Init.Datatypes.None +R4913 Cminorplus.Omod +R4927 Coq.Lists.List "x :: y" list_scope +R4919 Values.Vint +R4938 Coq.Lists.List "x :: y" list_scope +R4930 Values.Vint +R4941 Coq.Lists.List.nil +R4957 Integers.eq +R4967 Integers.zero +R4991 Coq.Init.Datatypes.Some +R4997 Values.Vint +R5003 Integers.mods +R4981 Coq.Init.Datatypes.None +R5024 Cminorplus.Omodu +R5039 Coq.Lists.List "x :: y" list_scope +R5031 Values.Vint +R5050 Coq.Lists.List "x :: y" list_scope +R5042 Values.Vint +R5053 Coq.Lists.List.nil +R5069 Integers.eq +R5079 Integers.zero +R5103 Coq.Init.Datatypes.Some +R5109 Values.Vint +R5115 Integers.modu +R5093 Coq.Init.Datatypes.None +R5136 Cminorplus.Oand +R5150 Coq.Lists.List "x :: y" list_scope +R5142 Values.Vint +R5161 Coq.Lists.List "x :: y" list_scope +R5153 Values.Vint +R5164 Coq.Lists.List.nil +R5171 Coq.Init.Datatypes.Some +R5177 Values.Vint +R5183 Integers.and +R5203 Cminorplus.Oor +R5216 Coq.Lists.List "x :: y" list_scope +R5208 Values.Vint +R5227 Coq.Lists.List "x :: y" list_scope +R5219 Values.Vint +R5230 Coq.Lists.List.nil +R5237 Coq.Init.Datatypes.Some +R5243 Values.Vint +R5249 Integers.or +R5268 Cminorplus.Oxor +R5282 Coq.Lists.List "x :: y" list_scope +R5274 Values.Vint +R5293 Coq.Lists.List "x :: y" list_scope +R5285 Values.Vint +R5296 Coq.Lists.List.nil +R5303 Coq.Init.Datatypes.Some +R5309 Values.Vint +R5315 Integers.xor +R5335 Cminorplus.Oshl +R5349 Coq.Lists.List "x :: y" list_scope +R5341 Values.Vint +R5360 Coq.Lists.List "x :: y" list_scope +R5352 Values.Vint +R5363 Coq.Lists.List.nil +R5379 Integers.ltu +R5391 Integers.repr +R5442 Coq.Init.Datatypes.None +R5409 Coq.Init.Datatypes.Some +R5415 Values.Vint +R5421 Integers.shl +R5451 Cminorplus.Oshr +R5465 Coq.Lists.List "x :: y" list_scope +R5457 Values.Vint +R5476 Coq.Lists.List "x :: y" list_scope +R5468 Values.Vint +R5479 Coq.Lists.List.nil +R5495 Integers.ltu +R5507 Integers.repr +R5558 Coq.Init.Datatypes.None +R5525 Coq.Init.Datatypes.Some +R5531 Values.Vint +R5537 Integers.shr +R5567 Cminorplus.Oshru +R5582 Coq.Lists.List "x :: y" list_scope +R5574 Values.Vint +R5593 Coq.Lists.List "x :: y" list_scope +R5585 Values.Vint +R5596 Coq.Lists.List.nil +R5612 Integers.ltu +R5624 Integers.repr +R5676 Coq.Init.Datatypes.None +R5642 Coq.Init.Datatypes.Some +R5648 Values.Vint +R5654 Integers.shru +R5685 Cminorplus.Onegf +R5702 Coq.Lists.List "x :: y" list_scope +R5692 Values.Vfloat +R5705 Coq.Lists.List.nil +R5712 Coq.Init.Datatypes.Some +R5718 Values.Vfloat +R5726 Floats.neg +R5745 Cminorplus.Oabsf +R5762 Coq.Lists.List "x :: y" list_scope +R5752 Values.Vfloat +R5765 Coq.Lists.List.nil +R5772 Coq.Init.Datatypes.Some +R5778 Values.Vfloat +R5786 Floats.abs +R5805 Cminorplus.Oaddf +R5822 Coq.Lists.List "x :: y" list_scope +R5812 Values.Vfloat +R5835 Coq.Lists.List "x :: y" list_scope +R5825 Values.Vfloat +R5838 Coq.Lists.List.nil +R5845 Coq.Init.Datatypes.Some +R5851 Values.Vfloat +R5859 Floats.add +R5881 Cminorplus.Osubf +R5898 Coq.Lists.List "x :: y" list_scope +R5888 Values.Vfloat +R5911 Coq.Lists.List "x :: y" list_scope +R5901 Values.Vfloat +R5914 Coq.Lists.List.nil +R5921 Coq.Init.Datatypes.Some +R5927 Values.Vfloat +R5935 Floats.sub +R5957 Cminorplus.Omulf +R5974 Coq.Lists.List "x :: y" list_scope +R5964 Values.Vfloat +R5987 Coq.Lists.List "x :: y" list_scope +R5977 Values.Vfloat +R5990 Coq.Lists.List.nil +R5997 Coq.Init.Datatypes.Some +R6003 Values.Vfloat +R6011 Floats.mul +R6033 Cminorplus.Odivf +R6050 Coq.Lists.List "x :: y" list_scope +R6040 Values.Vfloat +R6063 Coq.Lists.List "x :: y" list_scope +R6053 Values.Vfloat +R6066 Coq.Lists.List.nil +R6073 Coq.Init.Datatypes.Some +R6079 Values.Vfloat +R6087 Floats.div +R6109 Cminorplus.Osingleoffloat +R6135 Coq.Lists.List "x :: y" list_scope +R6125 Values.Vfloat +R6138 Coq.Lists.List.nil +R6151 Coq.Init.Datatypes.Some +R6157 Values.Vfloat +R6165 Floats.singleoffloat +R6194 Cminorplus.Ointoffloat +R6217 Coq.Lists.List "x :: y" list_scope +R6207 Values.Vfloat +R6220 Coq.Lists.List.nil +R6234 Coq.Init.Datatypes.Some +R6240 Values.Vint +R6246 Floats.intoffloat +R6272 Cminorplus.Ofloatofint +R6293 Coq.Lists.List "x :: y" list_scope +R6285 Values.Vint +R6296 Coq.Lists.List.nil +R6310 Coq.Init.Datatypes.Some +R6316 Values.Vfloat +R6324 Floats.floatofint +R6350 Cminorplus.Ofloatofintu +R6372 Coq.Lists.List "x :: y" list_scope +R6364 Values.Vint +R6375 Coq.Lists.List.nil +R6389 Coq.Init.Datatypes.Some +R6395 Values.Vfloat +R6403 Floats.floatofintu +R6430 Cminorplus.Ocmp +R6446 Coq.Lists.List "x :: y" list_scope +R6438 Values.Vint +R6457 Coq.Lists.List "x :: y" list_scope +R6449 Values.Vint +R6460 Coq.Lists.List.nil +R6473 Coq.Init.Datatypes.Some +R6479 Values.of_bool +R6491 Integers.cmp +R6513 Cminorplus.Ocmp +R6532 Coq.Lists.List "x :: y" list_scope +R6521 Values.Vptr +R6546 Coq.Lists.List "x :: y" list_scope +R6535 Values.Vptr +R6549 Coq.Lists.List.nil +R6606 Coq.Bool.Bool "x && y" bool_scope +R6565 Mem.valid_pointer +R6585 Integers.signed +R6609 Mem.valid_pointer +R6629 Integers.signed +R6744 Coq.Init.Datatypes.None +R6660 Values.eq_block +R6720 Coq.Init.Datatypes.None +R6680 Coq.Init.Datatypes.Some +R6685 Values.of_bool +R6697 Integers.cmp +R6753 Cminorplus.Ocmp +R6772 Coq.Lists.List "x :: y" list_scope +R6761 Values.Vptr +R6783 Coq.Lists.List "x :: y" list_scope +R6775 Values.Vint +R6786 Coq.Lists.List.nil +R6793 Cminorplus.eval_compare_null +R6820 Cminorplus.Ocmp +R6836 Coq.Lists.List "x :: y" list_scope +R6828 Values.Vint +R6850 Coq.Lists.List "x :: y" list_scope +R6839 Values.Vptr +R6853 Coq.Lists.List.nil +R6860 Cminorplus.eval_compare_null +R6887 Cminorplus.Ocmpu +R6904 Coq.Lists.List "x :: y" list_scope +R6896 Values.Vint +R6915 Coq.Lists.List "x :: y" list_scope +R6907 Values.Vint +R6918 Coq.Lists.List.nil +R6931 Coq.Init.Datatypes.Some +R6937 Values.of_bool +R6949 Integers.cmpu +R6972 Cminorplus.Ocmpf +R6991 Coq.Lists.List "x :: y" list_scope +R6981 Values.Vfloat +R7004 Coq.Lists.List "x :: y" list_scope +R6994 Values.Vfloat +R7007 Coq.Lists.List.nil +R7020 Coq.Init.Datatypes.Some +R7026 Values.of_bool +R7039 Floats.cmp +R7071 Coq.Init.Datatypes.None +R3690 Mem.mem +R3676 Coq.Lists.List.list +R3681 Values.val +R3660 Cminorplus.operation +R7133 Coq.Init.Datatypes.option +R7140 Values.val +R7173 AST.Mint8signed +R7186 Values.Vint +R7196 Coq.Init.Datatypes.Some +R7202 Values.Vint +R7208 Integers.cast8signed +R7232 AST.Mint8unsigned +R7247 Values.Vint +R7257 Coq.Init.Datatypes.Some +R7263 Values.Vint +R7269 Integers.cast8unsigned +R7295 AST.Mint16signed +R7309 Values.Vint +R7319 Coq.Init.Datatypes.Some +R7325 Values.Vint +R7331 Integers.cast16signed +R7356 AST.Mint16unsigned +R7372 Values.Vint +R7382 Coq.Init.Datatypes.Some +R7388 Values.Vint +R7394 Integers.cast16unsigned +R7421 AST.Mint32 +R7429 Values.Vint +R7439 Coq.Init.Datatypes.Some +R7444 Values.Vint +R7456 AST.Mint32 +R7464 Values.Vptr +R7478 Coq.Init.Datatypes.Some +R7483 Values.Vptr +R7499 AST.Mfloat32 +R7509 Values.Vfloat +R7521 Coq.Init.Datatypes.Some +R7526 Values.Vfloat +R7533 Floats.singleoffloat +R7561 AST.Mfloat64 +R7571 Values.Vfloat +R7583 Coq.Init.Datatypes.Some +R7588 Values.Vfloat +R7610 Coq.Init.Datatypes.None +R7126 Values.val +R7108 AST.memory_chunk +R7765 Coq.Lists.List.list +R7770 Values.block +R7758 Mem.mem +R7751 Cminorplus.env +R7691 Coq.Lists.List.list +R7703 Coq.Init.Datatypes "x * y" type_scope +R7697 AST.ident +R7705 Cminorplus.local_variable +R7657 Mem.mem +R7650 Cminorplus.env +R7864 Coq.Lists.List.nil +R7856 Coq.Lists.List.nil +R8107 Coq.Lists.List "x :: y" list_scope +R8088 Coq.Lists.List "x :: y" list_scope +R8079 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8007 Maps.set +R8020 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7970 Coq.Init.Logic "x = y" type_scope +R7944 Mem.alloc +R7959 Cminorplus.sizeof +R7972 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8254 Mem.mem +R8215 Coq.Lists.List.list +R8220 Values.val +R8184 Coq.Lists.List.list +R8196 Coq.Init.Datatypes "x * y" type_scope +R8190 AST.ident +R8198 AST.memory_chunk +R8177 Mem.mem +R8143 Cminorplus.env +R8342 Coq.Lists.List.nil +R8338 Coq.Lists.List.nil +R8649 Coq.Lists.List "x :: y" list_scope +R8634 Coq.Lists.List "x :: y" list_scope +R8622 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8539 Coq.Init.Logic "x = y" type_scope +R8514 Mem.store +R8541 Coq.Init.Datatypes.Some +R8495 Coq.Init.Logic "x = y" type_scope +R8481 Cminorplus.cast +R8497 Coq.Init.Datatypes.Some +R8446 Coq.Init.Logic "x = y" type_scope +R8431 Maps.get +R8448 Coq.Init.Datatypes.Some +R8452 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8456 Cminorplus.LVscalar +R8691 Cminorplus.genv +R8776 Values.val +R8769 Mem.mem +R8761 Cminorplus.expr +R8754 Mem.mem +R8738 Cminorplus.env +R8728 Cminorplus.letenv +R11257 Coq.Lists.List.list +R11262 Values.val +R11250 Mem.mem +R11229 Cminorplus.exprlist +R11222 Mem.mem +R11206 Cminorplus.env +R11196 Cminorplus.letenv +R11604 Values.val +R11597 Mem.mem +R11577 Coq.Lists.List.list +R11582 Values.val +R11565 Cminorplus.function +R11558 Mem.mem +R12102 Cminorplus.outcome +R12095 Mem.mem +R12078 Cminorplus.stmt +R12071 Mem.mem +R12055 Cminorplus.env +R13544 Cminorplus.outcome +R13537 Mem.mem +R13516 Cminorplus.stmtlist +R13509 Mem.mem +R13493 Cminorplus.env +R8954 Cminorplus.Evar +R8918 Coq.Init.Logic "x = y" type_scope +R8897 Mem.load +R8920 Coq.Init.Datatypes.Some +R8861 Coq.Init.Logic "x = y" type_scope +R8846 Maps.get +R8863 Coq.Init.Datatypes.Some +R8868 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8872 Cminorplus.LVscalar +R9218 Cminorplus.Eassign +R9181 Coq.Init.Logic "x = y" type_scope +R9155 Mem.store +R9183 Coq.Init.Datatypes.Some +R9136 Coq.Init.Logic "x = y" type_scope +R9122 Cminorplus.cast +R9138 Coq.Init.Datatypes.Some +R9086 Coq.Init.Logic "x = y" type_scope +R9071 Maps.get +R9088 Coq.Init.Datatypes.Some +R9093 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9097 Cminorplus.LVscalar +R9369 Values.Vptr +R9376 Integers.zero +R9354 Cminorplus.Eaddrof +R9312 Coq.Init.Logic "x = y" type_scope +R9297 Maps.get +R9314 Coq.Init.Datatypes.Some +R9319 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9548 Values.Vptr +R9555 Integers.zero +R9533 Cminorplus.Eaddrof +R9497 Coq.Init.Logic "x = y" type_scope +R9474 Globalenvs.find_symbol +R9499 Coq.Init.Datatypes.Some +R9458 Coq.Init.Logic "x = y" type_scope +R9443 Maps.get +R9460 Coq.Init.Datatypes.None +R9719 Cminorplus.Eop +R9683 Coq.Init.Logic "x = y" type_scope +R9659 Cminorplus.eval_operation +R9685 Coq.Init.Datatypes.Some +R9886 Cminorplus.Eload +R9850 Coq.Init.Logic "x = y" type_scope +R9828 Mem.loadv +R9852 Coq.Init.Datatypes.Some +R10143 Cminorplus.Estore +R10106 Coq.Init.Logic "x = y" type_scope +R10080 Mem.storev +R10108 Coq.Init.Datatypes.Some +R10061 Coq.Init.Logic "x = y" type_scope +R10047 Cminorplus.cast +R10063 Coq.Init.Datatypes.Some +R10446 Cminorplus.Ecall +R10372 Coq.Init.Logic "x = y" type_scope +R10364 Cminorplus.fn_sig +R10343 Coq.Init.Logic "x = y" type_scope +R10321 Globalenvs.find_funct +R10345 Coq.Init.Datatypes.Some +R10652 Cminorplus.Econdition +R10575 Values.is_true +R10860 Cminorplus.Econdition +R10782 Values.is_false +R11035 Cminorplus.Elet +R10989 Coq.Lists.List "x :: y" list_scope +R11151 Cminorplus.Eletvar +R11115 Coq.Init.Logic "x = y" type_scope +R11100 Coq.Lists.List.nth_error +R11117 Coq.Init.Datatypes.Some +R11347 Coq.Lists.List.nil +R11340 Cminorplus.Enil +R11523 Coq.Lists.List "x :: y" list_scope +R11505 Cminorplus.Econs +R12003 Mem.free_list +R11919 Cminorplus.outcome_result_value +R11956 AST.sig_res +R11947 Cminorplus.fn_sig +R11894 Cminorplus.fn_body +R11819 Cminorplus.bind_parameters +R11843 Cminorplus.fn_params +R11757 Cminorplus.alloc_variables +R11786 Cminorplus.fn_variables +R11773 Cminorplus.empty_env +R11696 Coqlib.list_norepet +R11728 Coq.Lists.List "x ++ y" list_scope +R11710 Cminorplus.fn_params_names +R11731 Cminorplus.fn_vars_names +R12229 Cminorplus.Out_normal +R12217 Cminorplus.Sexpr +R12178 Coq.Lists.List.nil +R12427 Cminorplus.Sifthenelse +R12349 Values.is_true +R12324 Coq.Lists.List.nil +R12646 Cminorplus.Sifthenelse +R12567 Values.is_false +R12542 Coq.Lists.List.nil +R12835 Cminorplus.Sloop +R12794 Cminorplus.Sloop +R12758 Cminorplus.Out_normal +R12986 Cminorplus.Sloop +R12948 Coq.Init.Logic "x <> y" type_scope +R12951 Cminorplus.Out_normal +R13121 Cminorplus.outcome_block +R13106 Cminorplus.Sblock +R13209 Cminorplus.Out_exit +R13197 Cminorplus.Sexit +R13300 Cminorplus.Out_return +R13311 Coq.Init.Datatypes.None +R13283 Cminorplus.Sreturn +R13291 Coq.Init.Datatypes.None +R13442 Cminorplus.Out_return +R13454 Coq.Init.Datatypes.Some +R13420 Cminorplus.Sreturn +R13429 Coq.Init.Datatypes.Some +R13381 Coq.Lists.List.nil +R13627 Cminorplus.Out_normal +R13620 Cminorplus.Snil +R13798 Cminorplus.Scons +R13721 Cminorplus.Out_normal +R13952 Cminorplus.Scons +R13910 Coq.Init.Logic "x <> y" type_scope +R13913 Cminorplus.Out_normal +R14431 Coq.Init.Logic "'exists' x , p" type_scope +R14441 Coq.Init.Logic "'exists' x , p" type_scope +R14451 Coq.Init.Logic "'exists' x , p" type_scope +R14506 Coq.Init.Logic "A /\ B" type_scope +R14497 Coq.Init.Logic "x = y" type_scope +R14463 Globalenvs.find_symbol +R14486 AST.prog_main +R14499 Coq.Init.Datatypes.Some +R14545 Coq.Init.Logic "A /\ B" type_scope +R14536 Coq.Init.Logic "x = y" type_scope +R14511 Globalenvs.find_funct_ptr +R14538 Coq.Init.Datatypes.Some +R14591 Coq.Init.Logic "A /\ B" type_scope +R14561 Coq.Init.Logic "x = y" type_scope +R14553 Cminorplus.fn_sig +R14563 AST.mksignature +R14580 Coq.Init.Datatypes.Some +R14585 AST.Tint +R14575 Coq.Lists.List.nil +R14596 Cminorplus.eval_funcall +R14617 Coq.Lists.List.nil +R14410 Globalenvs.init_mem +R14378 Globalenvs.globalenv +R14351 Values.val +R14338 Cminorplus.program +FCminorgen +R323 Coq.Init.Datatypes.option +R330 Cminor.expr +R358 Cminor.Enil +R394 Cminorgen.Ointconst +R411 Coq.Init.Datatypes.Some +R416 Cminor.Eop +R434 Cminor.Enil +R421 Op.Ointconst +R448 Cminorgen.Ofloatconst +R467 Coq.Init.Datatypes.Some +R472 Cminor.Eop +R492 Cminor.Enil +R477 Op.Ofloatconst +R511 Coq.Init.Datatypes.None +R530 Cminor.Econs +R539 Cminor.Enil +R575 Cminorgen.Ocast8unsigned +R595 Coq.Init.Datatypes.Some +R600 Cmconstr.cast8unsigned +R635 Cminorgen.Ocast8signed +R653 Coq.Init.Datatypes.Some +R658 Cmconstr.cast8signed +R691 Cminorgen.Ocast16unsigned +R712 Coq.Init.Datatypes.Some +R717 Cmconstr.cast16unsigned +R753 Cminorgen.Ocast16signed +R772 Coq.Init.Datatypes.Some +R777 Cmconstr.cast16signed +R811 Cminorgen.Onotint +R824 Coq.Init.Datatypes.Some +R829 Cmconstr.notint +R857 Cminorgen.Onegf +R868 Coq.Init.Datatypes.Some +R873 Cmconstr.negfloat +R903 Cminorgen.Oabsf +R914 Coq.Init.Datatypes.Some +R919 Cmconstr.absfloat +R949 Cminorgen.Osingleoffloat +R969 Coq.Init.Datatypes.Some +R974 Cmconstr.singleoffloat +R1009 Cminorgen.Ointoffloat +R1026 Coq.Init.Datatypes.Some +R1031 Cmconstr.intoffloat +R1063 Cminorgen.Ofloatofint +R1080 Coq.Init.Datatypes.Some +R1085 Cmconstr.floatofint +R1117 Cminorgen.Ofloatofintu +R1135 Coq.Init.Datatypes.Some +R1140 Cmconstr.floatofintu +R1178 Coq.Init.Datatypes.None +R1197 Cminor.Econs +R1207 Cminor.Econs +R1216 Cminor.Enil +R1253 Cminorgen.Oadd +R1263 Coq.Init.Datatypes.Some +R1268 Cmconstr.add +R1296 Cminorgen.Osub +R1306 Coq.Init.Datatypes.Some +R1311 Cmconstr.sub +R1339 Cminorgen.Omul +R1349 Coq.Init.Datatypes.Some +R1354 Cmconstr.mul +R1382 Cminorgen.Odiv +R1392 Coq.Init.Datatypes.Some +R1397 Cmconstr.divs +R1426 Cminorgen.Odivu +R1437 Coq.Init.Datatypes.Some +R1442 Cmconstr.divu +R1471 Cminorgen.Omod +R1481 Coq.Init.Datatypes.Some +R1486 Cmconstr.mods +R1515 Cminorgen.Omodu +R1526 Coq.Init.Datatypes.Some +R1531 Cmconstr.modu +R1560 Cminorgen.Oand +R1570 Coq.Init.Datatypes.Some +R1575 Cmconstr.and +R1603 Cminorgen.Oor +R1612 Coq.Init.Datatypes.Some +R1617 Cmconstr.or +R1644 Cminorgen.Oxor +R1654 Coq.Init.Datatypes.Some +R1659 Cmconstr.xor +R1687 Cminorgen.Oshl +R1697 Coq.Init.Datatypes.Some +R1702 Cmconstr.shl +R1730 Cminorgen.Oshr +R1740 Coq.Init.Datatypes.Some +R1745 Cmconstr.shr +R1773 Cminorgen.Oshru +R1784 Coq.Init.Datatypes.Some +R1789 Cmconstr.shru +R1818 Cminorgen.Oaddf +R1829 Coq.Init.Datatypes.Some +R1834 Cmconstr.addf +R1863 Cminorgen.Osubf +R1874 Coq.Init.Datatypes.Some +R1879 Cmconstr.subf +R1908 Cminorgen.Omulf +R1919 Coq.Init.Datatypes.Some +R1924 Cmconstr.mulf +R1953 Cminorgen.Odivf +R1964 Coq.Init.Datatypes.Some +R1969 Cmconstr.divf +R1998 Cminorgen.Ocmp +R2010 Coq.Init.Datatypes.Some +R2015 Cmconstr.cmp +R2045 Cminorgen.Ocmpu +R2058 Coq.Init.Datatypes.Some +R2063 Cmconstr.cmpu +R2094 Cminorgen.Ocmpf +R2107 Coq.Init.Datatypes.Some +R2112 Cmconstr.cmpf +R2148 Coq.Init.Datatypes.None +R2172 Coq.Init.Datatypes.None +R312 Cminor.exprlist +R294 Cminorgen.operation +R2239 Cminor.expr +R2270 AST.Mint8signed +R2285 Cmconstr.cast8signed +R2312 AST.Mint8unsigned +R2329 Cmconstr.cast8unsigned +R2358 AST.Mint16signed +R2374 Cmconstr.cast16signed +R2402 AST.Mint16unsigned +R2420 Cmconstr.cast16unsigned +R2450 AST.Mint32 +R2466 AST.Mfloat32 +R2478 Cmconstr.singleoffloat +R2507 AST.Mfloat64 +R2232 Cminor.expr +R2214 AST.memory_chunk +R2583 Cminor.expr +R2593 Cmconstr.load +R2576 Cminor.expr +R2558 AST.memory_chunk +R2676 Cminor.expr +R2686 Cminorgen.make_cast +R2703 Cmconstr.store +R2669 Cminor.expr +R2669 Cminor.expr +R2647 AST.memory_chunk +R2769 Cminor.expr +R2779 Cminor.Eop +R2811 Cminor.Enil +R2784 Op.Oaddrstack +R2796 Integers.repr +R2765 Coq.ZArith.BinInt.Z +R2860 AST.memory_chunk +R2923 Coq.ZArith.BinInt.Z +R2907 AST.memory_chunk +R2958 Coq.ZArith.BinInt.Z +R3023 Maps.t +R3030 Cminorgen.var_info +R3091 Coq.Init.Datatypes.option +R3098 Cminor.expr +R3114 Maps.get +R3140 Cminorgen.Var_local +R3159 Coq.Init.Datatypes.Some +R3164 Cminor.Evar +R3177 Cminorgen.Var_stack_scalar +R3207 Coq.Init.Datatypes.Some +R3212 Cminorgen.make_load +R3229 Cminorgen.make_stackaddr +R3254 Cminorgen.Var_stack_array +R3277 Coq.Init.Datatypes.None +R3286 Cminorgen.Var_global +R3300 Coq.Init.Datatypes.None +R3083 AST.ident +R3067 Cminorgen.compilenv +R3375 Coq.Init.Datatypes.option +R3382 Cminor.expr +R3398 Maps.get +R3424 Cminorgen.Var_local +R3443 Coq.Init.Datatypes.Some +R3448 Cminor.Eassign +R3460 Cminorgen.make_cast +R3486 Cminorgen.Var_stack_scalar +R3522 Coq.Init.Datatypes.Some +R3527 Cminorgen.make_store +R3545 Cminorgen.make_stackaddr +R3574 Cminorgen.Var_stack_array +R3597 Coq.Init.Datatypes.None +R3606 Cminorgen.Var_global +R3620 Coq.Init.Datatypes.None +R3368 Cminor.expr +R3355 AST.ident +R3339 Cminorgen.compilenv +R3684 Coq.Init.Datatypes.option +R3691 Cminor.expr +R3707 Maps.get +R3733 Cminorgen.Var_local +R3752 Coq.Init.Datatypes.None +R3761 Cminorgen.Var_stack_scalar +R3791 Coq.Init.Datatypes.Some +R3797 Cminorgen.make_stackaddr +R3821 Cminorgen.Var_stack_array +R3844 Coq.Init.Datatypes.Some +R3850 Cminorgen.make_stackaddr +R3874 Cminorgen.Var_global +R3888 Coq.Init.Datatypes.Some +R3894 Cminor.Eop +R3924 Cminor.Enil +R3899 Op.Oaddrsymbol +R3914 Integers.zero +R3676 AST.ident +R3660 Cminorgen.compilenv +R3999 Coq.Init.Datatypes.option +R4030 Coq.Init.Datatypes.None +R4038 Coq.Init.Datatypes.None +R4047 Coq.Init.Datatypes.Some +R3988 Coq.Init.Datatypes.option +R3969 Coq.Init.Datatypes.option +R4100 Cminorgen.bind +R4269 Coq.Init.Datatypes.option +R4276 Cminor.expr +R4228 Cminorgen.expr +R4213 Cminorgen.compilenv +R5323 Coq.Init.Datatypes.option +R5330 Cminor.exprlist +R5277 Cminorgen.exprlist +R5261 Cminorgen.compilenv +R4303 Cminorgen.Evar +R4316 Cminorgen.var_get +R4336 Cminorgen.Eaddrof +R4352 Cminorgen.var_addr +R4373 Cminorgen.Eassign +R4397 Cminorgen "'do' X <- A ; B" +R4426 Cminorgen.var_set +R4449 Cminorgen.Eop +R4470 Cminorgen "'do' X <- A ; B" +R4505 Cminorgen.make_op +R4524 Cminorgen.Eload +R4549 Cminorgen "'do' X <- A ; B" +R4578 Coq.Init.Datatypes.Some +R4584 Cminorgen.make_load +R4608 Cminorgen.Estore +R4638 Cminorgen "'do' X <- A ; B" +R4675 Cminorgen "'do' X <- A ; B" +R4712 Coq.Init.Datatypes.Some +R4718 Cminorgen.make_store +R4748 Cminorgen.Ecall +R4774 Cminorgen "'do' X <- A ; B" +R4809 Cminorgen "'do' X <- A ; B" +R4850 Coq.Init.Datatypes.Some +R4856 Cminor.Ecall +R4878 Cminorgen.Econdition +R4909 Cminorgen "'do' X <- A ; B" +R4946 Cminorgen "'do' X <- A ; B" +R4983 Cminorgen "'do' X <- A ; B" +R5020 Coq.Init.Datatypes.Some +R5026 Cmconstr.conditionalexpr +R5068 Cminorgen.Elet +R5090 Cminorgen "'do' X <- A ; B" +R5127 Cminorgen "'do' X <- A ; B" +R5164 Coq.Init.Datatypes.Some +R5170 Cminor.Elet +R5188 Cminorgen.Eletvar +R5209 Coq.Init.Datatypes.Some +R5215 Cminor.Eletvar +R4228 Cminorgen.expr +R4213 Cminorgen.compilenv +R5362 Cminorgen.Enil +R5378 Coq.Init.Datatypes.Some +R5383 Cminor.Enil +R5392 Cminorgen.Econs +R5415 Cminorgen "'do' X <- A ; B" +R5452 Cminorgen "'do' X <- A ; B" +R5493 Coq.Init.Datatypes.Some +R5499 Cminor.Econs +R5277 Cminorgen.exprlist +R5261 Cminorgen.compilenv +R5606 Coq.Init.Datatypes.option +R5613 Cminor.stmt +R5565 Cminorgen.stmt +R5550 Cminorgen.compilenv +R6324 Coq.Init.Datatypes.option +R6331 Cminor.stmtlist +R6279 Cminorgen.stmtlist +R6264 Cminorgen.compilenv +R5640 Cminorgen.Sexpr +R5659 Cminorgen "'do' X <- A ; B" +R5668 Cminorgen.transl_expr +R5688 Coq.Init.Datatypes.Some +R5693 Cminor.Sexpr +R5707 Cminorgen.Sifthenelse +R5738 Cminorgen "'do' X <- A ; B" +R5747 Cminorgen.transl_expr +R5773 Cminorgen "'do' X <- A ; B" +R5814 Cminorgen "'do' X <- A ; B" +R5855 Coq.Init.Datatypes.Some +R5861 Cmconstr.ifthenelse +R5897 Cminorgen.Sloop +R5916 Cminorgen "'do' X <- A ; B" +R5955 Coq.Init.Datatypes.Some +R5961 Cminor.Sloop +R5975 Cminorgen.Sblock +R5995 Cminorgen "'do' X <- A ; B" +R6034 Coq.Init.Datatypes.Some +R6040 Cminor.Sblock +R6055 Cminorgen.Sexit +R6074 Coq.Init.Datatypes.Some +R6080 Cminor.Sexit +R6093 Cminorgen.Sreturn +R6103 Coq.Init.Datatypes.None +R6117 Coq.Init.Datatypes.Some +R6123 Cminor.Sreturn +R6131 Coq.Init.Datatypes.None +R6141 Cminorgen.Sreturn +R6152 Coq.Init.Datatypes.Some +R6169 Cminorgen "'do' X <- A ; B" +R6178 Cminorgen.transl_expr +R6204 Coq.Init.Datatypes.Some +R6210 Cminor.Sreturn +R6219 Coq.Init.Datatypes.Some +R5565 Cminorgen.stmt +R5550 Cminorgen.compilenv +R6362 Cminorgen.Snil +R6372 Coq.Init.Datatypes.Some +R6377 Cminor.Snil +R6386 Cminorgen.Scons +R6409 Cminorgen "'do' X <- A ; B" +R6446 Cminorgen "'do' X <- A ; B" +R6487 Coq.Init.Datatypes.Some +R6493 Cminor.Scons +R6279 Cminorgen.stmtlist +R6264 Cminorgen.compilenv +R6590 Cminorgen.t +R6581 Cminorgen.expr +R7311 Cminorgen.t +R7298 Cminorgen.exprlist +R6623 Cminorgen.Evar +R6636 Cminorgen.empty +R6655 Cminorgen.Eaddrof +R6671 Cminorgen.add +R6687 Cminorgen.empty +R6706 Cminorgen.Eassign +R6746 Cminorgen.Eop +R6788 Cminorgen.Eload +R6829 Cminorgen.Estore +R6859 Cminorgen.union +R6920 Cminorgen.Ecall +R6946 Cminorgen.union +R7010 Cminorgen.Econdition +R7041 Cminorgen.union +R7087 Cminorgen.union +R7149 Cminorgen.Elet +R7171 Cminorgen.union +R7232 Cminorgen.Eletvar +R7247 Cminorgen.empty +R6581 Cminorgen.expr +R7344 Cminorgen.Enil +R7354 Cminorgen.empty +R7373 Cminorgen.Econs +R7396 Cminorgen.union +R7298 Cminorgen.exprlist +R7503 Cminorgen.t +R7494 Cminorgen.stmt +R7953 Cminorgen.t +R7940 Cminorgen.stmtlist +R7536 Cminorgen.Sexpr +R7549 Cminorgen.addr_taken_expr +R7571 Cminorgen.Sifthenelse +R7602 Cminorgen.union +R7646 Cminorgen.union +R7618 Cminorgen.addr_taken_expr +R7716 Cminorgen.Sloop +R7755 Cminorgen.Sblock +R7795 Cminorgen.Sexit +R7808 Cminorgen.empty +R7827 Cminorgen.Sreturn +R7837 Coq.Init.Datatypes.None +R7845 Cminorgen.empty +R7864 Cminorgen.Sreturn +R7875 Coq.Init.Datatypes.Some +R7886 Cminorgen.addr_taken_expr +R7494 Cminorgen.stmt +R7986 Cminorgen.Snil +R7996 Cminorgen.empty +R8015 Cminorgen.Scons +R8038 Cminorgen.union +R7940 Cminorgen.stmtlist +R8174 Coq.ZArith.BinInt "x * y" Z_scope +R8164 Coq.ZArith.Zdiv "x / y" Z_scope +R8161 Coq.ZArith.BinInt "x - y" Z_scope +R8152 Coq.ZArith.BinInt "x + y" Z_scope +R8140 Coq.ZArith.BinInt.Z +R8128 Coq.ZArith.BinInt.Z +R8320 Coq.Init.Datatypes "x * y" type_scope +R8310 Cminorgen.compilenv +R8322 Coq.ZArith.BinInt.Z +R8395 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8400 Cminorplus.LVarray +R8459 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8460 Maps.set +R8473 Cminorgen.Var_stack_array +R8504 Coq.ZArith.BinInt "x + y" Z_scope +R8506 Coq.ZArith.Zmin.Zmax +R8432 Cminorgen.align +R8521 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8526 Cminorplus.LVscalar +R8554 Cminorgen.mem +R8747 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8748 Maps.set +R8761 Cminorgen.Var_local +R8670 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8671 Maps.set +R8684 Cminorgen.Var_stack_scalar +R8722 Coq.ZArith.BinInt "x + y" Z_scope +R8640 Cminorgen.align +R8597 Mem.size_chunk +R8303 Coq.Init.Datatypes "x * y" type_scope +R8293 Cminorgen.compilenv +R8305 Coq.ZArith.BinInt.Z +R8254 Coq.Init.Datatypes "x * y" type_scope +R8248 AST.ident +R8256 Cminorplus.local_variable +R8224 Cminorgen.t +R8970 Coq.Init.Datatypes "x * y" type_scope +R8960 Cminorgen.compilenv +R8972 Coq.ZArith.BinInt.Z +R8930 Coq.Init.Datatypes "x * y" type_scope +R8920 Cminorgen.compilenv +R8932 Coq.ZArith.BinInt.Z +R8868 Coq.Lists.List.list +R8880 Coq.Init.Datatypes "x * y" type_scope +R8874 AST.ident +R8882 Cminorplus.local_variable +R8839 Cminorgen.t +R9005 Coq.Lists.List.nil +R9037 Coq.Lists.List "x :: y" list_scope +R9079 Cminorgen.assign_variable +R8930 Coq.Init.Datatypes "x * y" type_scope +R8920 Cminorgen.compilenv +R8932 Coq.ZArith.BinInt.Z +R8868 Coq.Lists.List.list +R8880 Coq.Init.Datatypes "x * y" type_scope +R8874 AST.ident +R8882 Cminorplus.local_variable +R8839 Cminorgen.t +R9184 Coq.Init.Datatypes "x * y" type_scope +R9174 Cminorgen.compilenv +R9186 Coq.ZArith.BinInt.Z +R9193 Cminorgen.assign_variables +R9275 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9276 Maps.init +R9286 Cminorgen.Var_global +R9255 Cminorplus.fn_variables +R9215 Cminorgen.addr_taken_stmtlist +R9238 Cminorgen.fn_body +R9160 Cminorgen.function +R9417 Cminor.stmtlist +R9363 Coq.Lists.List.list +R9375 Coq.Init.Datatypes "x * y" type_scope +R9369 AST.ident +R9377 AST.memory_chunk +R9343 Cminorgen.compilenv +R9453 Coq.Lists.List.nil +R9460 Cminor.Snil +R9481 Coq.Lists.List "x :: y" list_scope +R9469 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9503 Maps.get +R9533 Cminorgen.Var_local +R9562 Cminor.Scons +R9569 Cminor.Sexpr +R9576 Cminor.Eassign +R9588 Cminorgen.make_cast +R9605 Cminor.Evar +R9669 Cminorgen.Var_stack_scalar +R9709 Cminor.Scons +R9716 Cminor.Sexpr +R9723 Cminorgen.make_store +R9762 Cminor.Evar +R9741 Cminorgen.make_stackaddr +R9840 Cminor.Snil +R9363 Coq.Lists.List.list +R9375 Coq.Init.Datatypes "x * y" type_scope +R9369 AST.ident +R9377 AST.memory_chunk +R9343 Cminorgen.compilenv +R9933 Coq.Init.Datatypes.option +R9940 Cminor.function +R9979 Cminorgen.build_compilenv +R10005 Coqlib.zle +R10019 Integers.max_signed +R10321 Coq.Init.Datatypes.None +R10043 Cminorgen "'do' X <- A ; B" +R10055 Cminorgen.transl_stmtlist +R10079 Cminorgen.fn_body +R10098 Coq.Init.Datatypes.Some +R10104 Cminor.mkfunction +R10251 Cminor.Scons +R10258 Cminor.Sblock +R10266 Cminorgen.store_parameters +R10291 Cminorgen.fn_params +R10193 Cminorgen.fn_vars_names +R10157 Cminorgen.fn_params_names +R10130 Cminorgen.fn_sig +R9920 Cminorgen.function +R10371 Coq.Init.Datatypes.option +R10378 Cminor.program +R10391 AST.transform_partial_program +R10417 Cminorgen.transl_function +R10358 Cminorgen.program +FCminorgenproof +R1141 Cminorgenproof.program +R1168 Cminor.program +R1216 Coq.Init.Logic "x = y" type_scope +R1196 Cminorgen.transl_program +R1218 Coq.Init.Datatypes.Some +R1239 Cminorgenproof.genv +R1249 Globalenvs.globalenv +R1279 Cminor.genv +R1287 Globalenvs.globalenv +R1379 Coq.Init.Logic "x = y" type_scope +R1356 Globalenvs.find_symbol +R1381 Globalenvs.find_symbol +R1348 AST.ident +R1482 Cminorgen.transl_function +R1445 Globalenvs.find_symbol_transf_partial +R1482 Cminorgen.transl_function +R1445 Globalenvs.find_symbol_transf_partial +R1630 Coq.Init.Logic "'exists' x , p" type_scope +R1679 Coq.Init.Logic "A /\ B" type_scope +R1669 Coq.Init.Logic "x = y" type_scope +R1643 Globalenvs.find_funct_ptr +R1671 Coq.Init.Datatypes.Some +R1700 Coq.Init.Logic "x = y" type_scope +R1682 Cminorgen.transl_function +R1702 Coq.Init.Datatypes.Some +R1616 Coq.Init.Logic "x = y" type_scope +R1591 Globalenvs.find_funct_ptr +R1618 Coq.Init.Datatypes.Some +R1576 Cminorgenproof.function +R1565 Values.block +R1747 Globalenvs.find_funct_ptr_transf_partial +R1782 Cminorgen.transl_function +R1747 Globalenvs.find_funct_ptr_transf_partial +R1782 Cminorgen.transl_function +R1817 Cminorgen.transl_function +R1817 Cminorgen.transl_function +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R2017 Coq.Init.Logic "'exists' x , p" type_scope +R2062 Coq.Init.Logic "A /\ B" type_scope +R2052 Coq.Init.Logic "x = y" type_scope +R2030 Globalenvs.find_funct +R2054 Coq.Init.Datatypes.Some +R2083 Coq.Init.Logic "x = y" type_scope +R2065 Cminorgen.transl_function +R2085 Coq.Init.Datatypes.Some +R2003 Coq.Init.Logic "x = y" type_scope +R1982 Globalenvs.find_funct +R2005 Coq.Init.Datatypes.Some +R1967 Cminorgenproof.function +R1958 Values.val +R2130 Globalenvs.find_funct_transf_partial +R2161 Cminorgen.transl_function +R2130 Globalenvs.find_funct_transf_partial +R2161 Cminorgen.transl_function +R2196 Cminorgen.transl_function +R2196 Cminorgen.transl_function +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R2388 Mem.meminj +R2531 Coq.Init.Logic "A /\ B" type_scope +R2517 Coq.Init.Logic "x = y" type_scope +R2519 Coq.Init.Datatypes.Some +R2524 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2558 Coq.Init.Logic "x = y" type_scope +R2534 Globalenvs.find_symbol +R2560 Coq.Init.Datatypes.Some +R2495 Coq.Init.Logic "x = y" type_scope +R2472 Globalenvs.find_symbol +R2497 Coq.Init.Datatypes.Some +R2615 Coq.Init.Logic "x = y" type_scope +R2617 Coq.Init.Datatypes.Some +R2621 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2604 Coq.ZArith.BinInt "x < y" Z_scope +R2658 Mem.meminj +R2671 AST.ident +R2702 Cminorgenproof.env +R2713 Mem.mem +R2723 Cminor.env +R2733 Values.block +R2763 Cminorgen.var_info +R3035 Cminorgen.Var_local +R2982 Mem.val_inject +R2963 Coq.Init.Logic "x = y" type_scope +R2947 Maps.get +R2965 Coq.Init.Datatypes.Some +R2931 Coq.Init.Logic "x = y" type_scope +R2933 Coq.Init.Datatypes.None +R2909 Coq.Init.Logic "x = y" type_scope +R2888 Mem.load +R2911 Coq.Init.Datatypes.Some +R2852 Coq.Init.Logic "x = y" type_scope +R2837 Maps.get +R2854 Coq.Init.Datatypes.Some +R2859 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2863 Cminorplus.LVscalar +R3254 Cminorgen.Var_stack_scalar +R3163 Mem.val_inject +R3195 Values.Vptr +R3204 Integers.repr +R3177 Values.Vptr +R3184 Integers.zero +R3127 Coq.Init.Logic "x = y" type_scope +R3112 Maps.get +R3129 Coq.Init.Datatypes.Some +R3134 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3138 Cminorplus.LVscalar +R3476 Cminorgen.Var_stack_array +R3385 Mem.val_inject +R3417 Values.Vptr +R3426 Integers.repr +R3399 Values.Vptr +R3406 Integers.zero +R3353 Coq.Init.Logic "x = y" type_scope +R3338 Maps.get +R3355 Coq.Init.Datatypes.Some +R3360 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3364 Cminorplus.LVarray +R3582 Cminorgen.Var_global +R3540 Coq.Init.Logic "x = y" type_scope +R3525 Maps.get +R3542 Coq.Init.Datatypes.None +R3617 Mem.meminj +R3632 Cminorgen.compilenv +R3664 Cminorgenproof.env +R3675 Mem.mem +R3685 Cminor.env +R3695 Values.block +R3727 Coq.ZArith.BinInt.Z +R3787 Cminorgenproof.match_var +R3813 Maps.get +R3858 Coq.ZArith.BinInt "x <= y" Z_scope +R3938 Coq.ZArith.BinInt "x <= y < z" Z_scope +R3918 Coq.Init.Logic "x = y" type_scope +R3903 Maps.get +R3920 Coq.Init.Datatypes.Some +R3924 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4102 Coq.Init.Logic "x <> y" type_scope +R4089 Coq.Init.Logic "x <> y" type_scope +R4060 Coq.Init.Logic "x = y" type_scope +R4044 Maps.get +R4062 Coq.Init.Datatypes.Some +R4066 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4019 Coq.Init.Logic "x = y" type_scope +R4003 Maps.get +R4021 Coq.Init.Datatypes.Some +R4025 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4177 Coq.ZArith.BinInt "x <= y < z" Z_scope +R4153 Coq.Init.Logic "x = y" type_scope +R4155 Coq.Init.Datatypes.Some +R4159 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4270 Coq.ZArith.BinInt "x < y" Z_scope +R4259 Coq.ZArith.BinInt "x < y" Z_scope +R4236 Coq.Init.Logic "x = y" type_scope +R4238 Coq.Init.Datatypes.Some +R4242 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4328 Cminorgen.compilenv +R4349 Cminorgenproof.env +R4367 Cminor.env +R4383 Values.block +R4402 Coq.ZArith.BinInt.Z +R4418 Coq.ZArith.BinInt.Z +R4456 Coq.Lists.List.list +R4461 Cminorgenproof.frame +R4529 Mem.mem +R4524 Coq.ZArith.BinInt.Z +R4519 Coq.ZArith.BinInt.Z +R4506 Cminorgenproof.callstack +R4496 Mem.meminj +R4640 Coq.Lists.List.nil +R4594 Cminorgenproof.match_globalenvs +R4900 Coq.Lists.List "x :: y" list_scope +R4873 Cminorgenproof.mkframe +R4774 Cminorgenproof.match_env +R4756 Coq.ZArith.BinInt "x < y" Z_scope +R4735 Coq.ZArith.BinInt "x <= y" Z_scope +R5134 Cminorgenproof.match_env +R5095 Cminorgenproof.match_env +R5080 Coq.Init.Logic "x = y" type_scope +R5057 Mem.store +R5082 Coq.Init.Datatypes.Some +R5044 Coq.Init.Logic "x <> y" type_scope +R5047 Coq.Init.Datatypes.None +R5337 Mem.load_store_other +R5337 Mem.load_store_other +R5576 Cminorgenproof.match_callstack +R5561 Coq.Init.Logic "x = y" type_scope +R5538 Mem.store +R5563 Coq.Init.Datatypes.Some +R5525 Coq.Init.Logic "x <> y" type_scope +R5528 Coq.Init.Datatypes.None +R5452 Cminorgenproof.match_callstack +R5674 Cminorgenproof.match_env_store_mapped +R5674 Cminorgenproof.match_env_store_mapped +R5815 Coq.Init.Logic "'exists' x , p" type_scope +R5828 Coq.Init.Logic "x = y" type_scope +R5830 Values.load_result +R5798 Values.val +R5780 AST.memory_chunk +R5949 Coq.Init.Logic "x = y" type_scope +R5901 Values.load_result +R5924 Values.load_result +R5953 Values.load_result +R6038 Integers.cast8_signed_idem +R6038 Integers.cast8_signed_idem +R6077 Integers.cast8_unsigned_idem +R6077 Integers.cast8_unsigned_idem +R6118 Integers.cast16_signed_idem +R6118 Integers.cast16_signed_idem +R6158 Integers.cast16_unsigned_idem +R6158 Integers.cast16_unsigned_idem +R6200 Floats.singleoffloat_idem +R6200 Floats.singleoffloat_idem +R6338 Coq.Init.Logic "x = y" type_scope +R6314 Values.load_result +R6288 Cminorgenproof.val_normalized +R6394 Cminorgenproof.load_result_idem +R6394 Cminorgenproof.load_result_idem +R6666 Cminorgenproof.match_env +R6689 Maps.set +R6627 Cminorgenproof.match_env +R6612 Coq.Init.Logic "x = y" type_scope +R6591 Mem.store +R6614 Coq.Init.Datatypes.Some +R6562 Cminorgenproof.val_normalized +R6539 Mem.val_inject +R6508 Coq.Init.Logic "x = y" type_scope +R6504 Maps "a ! b" +R6510 Coq.Init.Datatypes.Some +R6514 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R6518 Cminorplus.LVscalar +R6855 Coqlib.peq +R6855 Coqlib.peq +R6954 Cminorplus.local_variable +R6932 Cminorgenproof.local_variable +R6954 Cminorplus.local_variable +R6932 Cminorgenproof.local_variable +R7084 Mem.load_store_same +R7084 Mem.load_store_same +R7127 Maps.gss +R7127 Maps.gss +R7172 Values.load_result +R7172 Values.load_result +R7209 Mem.load_result_inject +R7209 Mem.load_result_inject +R7263 Cminorgenproof.load_result_normalized +R7263 Cminorgenproof.load_result_normalized +R7379 Mem.load_store_other +R7379 Mem.load_store_other +R7417 Maps.gso +R7417 Maps.gso +R7743 Cminorgenproof.match_env +R7704 Cminorgenproof.match_env +R7694 Coq.ZArith.BinInt "x <= y" Z_scope +R7676 Coq.Init.Logic "x = y" type_scope +R7655 Mem.store +R7678 Coq.Init.Datatypes.Some +R7932 Mem.load_store_other +R7932 Mem.load_store_other +R8217 Cminorgenproof.match_callstack +R8207 Coq.ZArith.BinInt "x <= y" Z_scope +R8186 Coq.Init.Logic "x = y" type_scope +R8165 Mem.store +R8188 Coq.Init.Datatypes.Some +R8100 Cminorgenproof.match_callstack +R8315 Cminorgenproof.match_env_store_above +R8315 Cminorgenproof.match_env_store_above +R8735 Cminorgenproof.match_callstack +R8799 Coq.Lists.List "x :: y" list_scope +R8754 Cminorgenproof.mkframe +R8770 Maps.set +R8661 Cminorgenproof.match_callstack +R8707 Coq.Lists.List "x :: y" list_scope +R8680 Cminorgenproof.mkframe +R8646 Coq.Init.Logic "x = y" type_scope +R8625 Mem.store +R8648 Coq.Init.Datatypes.Some +R8596 Cminorgenproof.val_normalized +R8573 Mem.val_inject +R8542 Coq.Init.Logic "x = y" type_scope +R8538 Maps "a ! b" +R8544 Coq.Init.Datatypes.Some +R8548 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8552 Cminorplus.LVscalar +R8882 Cminorgenproof.match_env_store_local +R8882 Cminorgenproof.match_env_store_local +R8921 Cminorgenproof.match_callstack_store_above +R8921 Cminorgenproof.match_callstack_store_above +R9176 Cminorgenproof.match_env +R9161 Coq.Init.Logic "x = y" type_scope +R9157 Maps "a ! b" +R9166 Maps "a ! b" +R9089 Cminorgenproof.match_env +R9703 Cminorgenproof.match_callstack +R9749 Coq.Lists.List "x :: y" list_scope +R9722 Cminorgenproof.mkframe +R9629 Cminorgenproof.match_callstack +R9675 Coq.Lists.List "x :: y" list_scope +R9648 Cminorgenproof.mkframe +R9614 Coq.Init.Logic "x = y" type_scope +R9610 Maps "a ! b" +R9616 Coq.Init.Datatypes.Some +R9593 Coq.Init.Logic "x = y" type_scope +R9572 Mem.store +R9595 Coq.Init.Datatypes.Some +R9543 Cminorgenproof.val_normalized +R9520 Mem.val_inject +R9489 Coq.Init.Logic "x = y" type_scope +R9485 Maps "a ! b" +R9491 Coq.Init.Datatypes.Some +R9495 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9499 Cminorplus.LVscalar +R9859 Maps.set +R9831 Cminorgenproof.match_env_extensional +R9859 Maps.set +R9831 Cminorgenproof.match_env_extensional +R9889 Cminorgenproof.match_env_store_local +R9889 Cminorgenproof.match_env_store_local +R9937 Maps.gsspec +R9937 Maps.gsspec +R9960 Coqlib.peq +R9960 Coqlib.peq +R10008 Cminorgenproof.match_callstack_store_above +R10008 Cminorgenproof.match_callstack_store_above +R10285 Cminorgenproof.match_callstack +R10269 Coq.ZArith.BinInt "x <= y" Z_scope +R10249 Coq.ZArith.BinInt "x <= y" Z_scope +R10177 Cminorgenproof.match_callstack +R10519 Coq.Init.Logic "x = y" type_scope +R10484 Mem.load +R10496 Mem.free_list +R10521 Mem.load +R10472 Coq.Init.Logic "x <> y" type_scope +R10456 Coq.Lists.List.In +R10598 Mem.load_free +R10598 Mem.load_free +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R10657 Coq.Init.Logic.sym_not_equal +R10657 Coq.Init.Logic.sym_not_equal +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R10834 Cminorgenproof.match_env +R10854 Mem.free_list +R10823 Coq.ZArith.BinInt "x <= y" Z_scope +R10808 Coq.Lists.List.In +R10759 Cminorgenproof.match_env +R11039 Cminorgenproof.load_freelist +R11039 Cminorgenproof.load_freelist +R11324 Cminorgenproof.match_callstack +R11359 Mem.free_list +R11313 Coq.ZArith.BinInt "x <= y" Z_scope +R11295 Coq.Lists.List.In +R11229 Cminorgenproof.match_callstack +R11435 Cminorgenproof.match_env_freelist +R11435 Cminorgenproof.match_env_freelist +R11787 Cminorgenproof.match_callstack +R11822 Mem.free_list +R11714 Cminorgenproof.match_callstack +R11760 Coq.Lists.List "x :: y" list_scope +R11733 Cminorgenproof.mkframe +R11703 Coq.ZArith.BinInt "x <= y" Z_scope +R11688 Coq.Lists.List.In +R11894 Cminorgenproof.match_callstack_incr_bound +R11894 Cminorgenproof.match_callstack_incr_bound +R11941 Cminorgenproof.match_callstack_freelist_rec +R11941 Cminorgenproof.match_callstack_freelist_rec +R12135 Coq.Init.Logic "x = y" type_scope +R12117 Mem.load +R12137 Coq.Init.Datatypes.Some +R12142 Values.Vundef +R12102 Coq.Init.Logic "x = y" type_scope +R12072 Mem.alloc +R12084 Mem.size_chunk +R12104 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12178 Mem.valid_block +R12178 Mem.valid_block +R12204 Mem.valid_new_block +R12204 Mem.valid_new_block +R12253 Coq.ZArith.BinInt "x <= y" Z_scope +R12238 Mem.low_bound +R12253 Coq.ZArith.BinInt "x <= y" Z_scope +R12238 Mem.low_bound +R12277 Mem.low_bound_alloc +R12277 Mem.low_bound_alloc +R12317 Coqlib.zeq_true +R12317 Coqlib.zeq_true +R12365 Coq.ZArith.BinInt "x <= y" Z_scope +R12346 Coq.ZArith.BinInt "x + y" Z_scope +R12348 Mem.size_chunk +R12368 Mem.high_bound +R12365 Coq.ZArith.BinInt "x <= y" Z_scope +R12346 Coq.ZArith.BinInt "x + y" Z_scope +R12348 Mem.size_chunk +R12368 Mem.high_bound +R12402 Mem.high_bound_alloc +R12402 Mem.high_bound_alloc +R12443 Coqlib.zeq_true +R12443 Coqlib.zeq_true +R12468 Mem.load_in_bounds +R12468 Mem.load_in_bounds +R12529 Coq.Init.Logic "x = y" type_scope +R12531 Values.Vundef +R12529 Coq.Init.Logic "x = y" type_scope +R12531 Values.Vundef +R12547 Mem.load_alloc_same +R12547 Mem.load_alloc_same +R13207 Cminorgenproof.match_env +R13245 Mem.nextblock +R13184 Mem.inject_incr +R13155 Maps.set +R13168 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13117 Maps.set +R13075 Mem.extend_inject +R13050 Coq.Init.Logic "x = y" type_scope +R13046 Maps "a ! b" +R13052 Coq.Init.Datatypes.Some +R12990 Cminorgenproof.match_env +R13028 Mem.nextblock +R12739 Cminorgen.Var_local +R12770 Coq.Init.Logic "A /\ B" type_scope +R12763 Coq.Init.Logic "x = y" type_scope +R12765 Coq.Init.Datatypes.None +R12776 Coq.Init.Logic "x = y" type_scope +R12778 Cminorplus.LVscalar +R12799 Cminorgen.Var_stack_scalar +R12850 Coq.Init.Logic "A /\ B" type_scope +R12834 Coq.Init.Logic "x = y" type_scope +R12836 Coq.Init.Datatypes.Some +R12840 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12856 Coq.Init.Logic "x = y" type_scope +R12858 Cminorplus.LVscalar +R12879 Cminorgen.Var_stack_array +R12923 Coq.Init.Logic "A /\ B" type_scope +R12907 Coq.Init.Logic "x = y" type_scope +R12909 Coq.Init.Datatypes.Some +R12913 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12926 Coq.Init.Logic "'exists' x , p" type_scope +R12940 Coq.Init.Logic "x = y" type_scope +R12942 Cminorplus.LVarray +R12959 Cminorgen.Var_global +R12973 Coq.Init.Logic.False +R12702 Coq.Init.Logic "x = y" type_scope +R12679 Mem.alloc +R12691 Cminorplus.sizeof +R12704 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13287 Coq.Init.Logic "x = y" type_scope +R13293 Mem.nextblock +R13287 Coq.Init.Logic "x = y" type_scope +R13293 Mem.nextblock +R13362 Coq.Init.Logic "x = y" type_scope +R13351 Mem.nextblock +R13364 Coq.ZArith.BinInt.Zsucc +R13374 Mem.nextblock +R13362 Coq.Init.Logic "x = y" type_scope +R13351 Mem.nextblock +R13364 Coq.ZArith.BinInt.Zsucc +R13374 Mem.nextblock +R13517 Maps.gsspec +R13517 Maps.gsspec +R13536 Coqlib.peq +R13536 Coqlib.peq +R13698 Values.Vundef +R13675 Cminorgenproof.match_var_local +R13698 Values.Vundef +R13675 Cminorgenproof.match_var_local +R13734 Maps.gss +R13734 Maps.gss +R13770 Cminorgenproof.load_from_alloc_is_undef +R13770 Cminorgenproof.load_from_alloc_is_undef +R13904 Coqlib.zeq_true +R13904 Coqlib.zeq_true +R14032 Cminorgenproof.match_var_stack_scalar +R14032 Cminorgenproof.match_var_stack_scalar +R14089 Maps.gss +R14089 Maps.gss +R14125 Mem.val_inject_ptr +R14125 Mem.val_inject_ptr +R14192 Coqlib.zeq_true +R14192 Coqlib.zeq_true +R14223 Integers.add_commut +R14223 Integers.add_commut +R14247 Integers.add_zero +R14247 Integers.add_zero +R14348 Cminorgenproof.match_var_stack_array +R14348 Cminorgenproof.match_var_stack_array +R14406 Maps.gss +R14406 Maps.gss +R14442 Mem.val_inject_ptr +R14442 Mem.val_inject_ptr +R14509 Coqlib.zeq_true +R14509 Coqlib.zeq_true +R14540 Integers.add_commut +R14540 Integers.add_commut +R14564 Integers.add_zero +R14564 Integers.add_zero +R14757 Maps.gso +R14757 Maps.gso +R14823 Coqlib.zeq_false +R14823 Coqlib.zeq_false +R14928 Maps.gso +R14928 Maps.gso +R14970 Maps.gso +R14970 Maps.gso +R15012 Maps.gso +R15012 Maps.gso +R15134 Maps.gsspec +R15134 Maps.gsspec +R15157 Coqlib.peq +R15157 Coqlib.peq +R15359 Maps.gsspec +R15359 Maps.gsspec +R15359 Maps.gsspec +R15359 Maps.gsspec +R15381 Coqlib.peq +R15400 Coqlib.peq +R15381 Coqlib.peq +R15400 Coqlib.peq +R15400 Coqlib.peq +R15722 Coqlib.zeq +R15722 Coqlib.zeq +R15917 Coqlib.zeq +R15917 Coqlib.zeq +R16322 Cminorgenproof.match_env +R16299 Mem.inject_incr +R16270 Mem.extend_inject +R16220 Cminorgenproof.match_env +R16197 Coq.ZArith.BinInt "x <= y" Z_scope +R16204 Mem.nextblock +R16141 Coq.Init.Datatypes.None +R16149 Coq.Init.Logic.True +R16156 Coq.Init.Datatypes.Some +R16161 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16180 Coq.ZArith.BinInt "x < y" Z_scope +R16110 Coq.Init.Logic "x = y" type_scope +R16084 Mem.alloc +R16096 Cminorplus.sizeof +R16112 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16388 Coq.Init.Logic "x = y" type_scope +R16394 Mem.nextblock +R16388 Coq.Init.Logic "x = y" type_scope +R16394 Mem.nextblock +R16627 Coqlib.zeq_false +R16627 Coqlib.zeq_false +R16792 Coqlib.zeq +R16792 Coqlib.zeq +R16940 Coqlib.zeq +R16940 Coqlib.zeq +R17342 Cminorgenproof.match_callstack +R17319 Mem.inject_incr +R17290 Mem.extend_inject +R17257 Coq.ZArith.BinInt "x <= y" Z_scope +R17264 Mem.nextblock +R17193 Coq.Init.Datatypes.None +R17201 Coq.Init.Logic.True +R17208 Coq.Init.Datatypes.Some +R17213 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17236 Coq.ZArith.BinInt "x <= y" Z_scope +R17162 Coq.Init.Logic "x = y" type_scope +R17139 Mem.alloc +R17151 Cminorplus.sizeof +R17164 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17073 Cminorgenproof.match_callstack +R17675 Cminorgenproof.match_env_alloc_other +R17675 Cminorgenproof.match_env_alloc_other +R18551 Cminorgenproof.match_callstack +R18623 Mem.nextblock +R18612 Coq.Lists.List "x :: y" list_scope +R18571 Cminorgenproof.mkframe +R18601 Mem.nextblock +R18528 Mem.inject_incr +R18499 Maps.set +R18512 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18461 Maps.set +R18419 Mem.extend_inject +R18394 Coq.Init.Logic "x = y" type_scope +R18390 Maps "a ! b" +R18396 Coq.Init.Datatypes.Some +R18290 Cminorgenproof.match_callstack +R18362 Mem.nextblock +R18351 Coq.Lists.List "x :: y" list_scope +R18310 Cminorgenproof.mkframe +R18340 Mem.nextblock +R18039 Cminorgen.Var_local +R18070 Coq.Init.Logic "A /\ B" type_scope +R18063 Coq.Init.Logic "x = y" type_scope +R18065 Coq.Init.Datatypes.None +R18076 Coq.Init.Logic "x = y" type_scope +R18078 Cminorplus.LVscalar +R18099 Cminorgen.Var_stack_scalar +R18150 Coq.Init.Logic "A /\ B" type_scope +R18134 Coq.Init.Logic "x = y" type_scope +R18136 Coq.Init.Datatypes.Some +R18140 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18156 Coq.Init.Logic "x = y" type_scope +R18158 Cminorplus.LVscalar +R18179 Cminorgen.Var_stack_array +R18223 Coq.Init.Logic "A /\ B" type_scope +R18207 Coq.Init.Logic "x = y" type_scope +R18209 Coq.Init.Datatypes.Some +R18213 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18226 Coq.Init.Logic "'exists' x , p" type_scope +R18240 Coq.Init.Logic "x = y" type_scope +R18242 Cminorplus.LVarray +R18259 Cminorgen.Var_global +R18273 Coq.Init.Logic.False +R18002 Coq.Init.Logic "x = y" type_scope +R17979 Mem.alloc +R17991 Cminorplus.sizeof +R18004 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18733 Cminorgenproof.match_env_alloc_same +R18733 Cminorgenproof.match_env_alloc_same +R18782 Cminorgenproof.match_callstack_alloc_other +R18782 Cminorgenproof.match_callstack_alloc_other +R19158 Cminorgenproof.match_callstack +R19190 Mem.nextblock +R19108 Cminorgenproof.match_callstack +R19140 Mem.nextblock +R19092 Coq.Init.Logic "x = y" type_scope +R19076 Mem.alloc +R19094 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19228 Cminorgenproof.match_callstack_incr_bound +R19228 Cminorgenproof.match_callstack_incr_bound +R19441 Cminorgenproof.match_globalenvs +R19400 Cminorgenproof.match_callstack +R19613 Cminorgenproof.match_env +R19601 Coq.ZArith.BinInt "x <= y" Z_scope +R19560 Cminorgenproof.match_env +R19968 Cminorgenproof.match_callstack +R20017 Coq.Lists.List "x :: y" list_scope +R19987 Cminorgenproof.mkframe +R19895 Cminorgenproof.match_callstack +R19941 Coq.Lists.List "x :: y" list_scope +R19914 Cminorgenproof.mkframe +R20106 Cminorgenproof.match_env_incr_hi +R20106 Cminorgenproof.match_env_incr_hi +R20216 Cmconstrproof.eval_negint +R20228 Cmconstrproof.eval_negfloat +R20242 Cmconstrproof.eval_absfloat +R20256 Cmconstrproof.eval_intoffloat +R20274 Cmconstrproof.eval_floatofint +R20290 Cmconstrproof.eval_floatofintu +R20307 Cmconstrproof.eval_notint +R20319 Cmconstrproof.eval_notbool +R20334 Cmconstrproof.eval_cast8signed +R20351 Cmconstrproof.eval_cast8unsigned +R20370 Cmconstrproof.eval_cast16signed +R20390 Cmconstrproof.eval_cast16unsigned +R20410 Cmconstrproof.eval_singleoffloat +R20429 Cmconstrproof.eval_add +R20438 Cmconstrproof.eval_add_ptr +R20453 Cmconstrproof.eval_add_ptr_2 +R20468 Cmconstrproof.eval_sub +R20477 Cmconstrproof.eval_sub_ptr_int +R20494 Cmconstrproof.eval_sub_ptr_ptr +R20513 Cmconstrproof.eval_mul +R20522 Cmconstrproof.eval_divs +R20532 Cmconstrproof.eval_mods +R20542 Cmconstrproof.eval_divu +R20552 Cmconstrproof.eval_modu +R20564 Cmconstrproof.eval_and +R20573 Cmconstrproof.eval_or +R20581 Cmconstrproof.eval_xor +R20590 Cmconstrproof.eval_shl +R20599 Cmconstrproof.eval_shr +R20608 Cmconstrproof.eval_shru +R20621 Cmconstrproof.eval_addf +R20631 Cmconstrproof.eval_subf +R20641 Cmconstrproof.eval_mulf +R20651 Cmconstrproof.eval_divf +R20663 Cmconstrproof.eval_cmp +R20672 Cmconstrproof.eval_cmp_null_r +R20688 Cmconstrproof.eval_cmp_null_l +R20704 Cmconstrproof.eval_cmp_ptr +R20719 Cmconstrproof.eval_cmpu +R20729 Cmconstrproof.eval_cmpf +R20796 Mem.val_inject +R20826 Values.of_bool +R20810 Values.of_bool +R20970 Coq.Init.Logic "'exists' x , p" type_scope +R20982 Coq.Init.Logic "A /\ B" type_scope +R20985 Mem.val_inject +R20999 Values.Vint +R21096 Coq.Init.Logic "'exists' x , p" type_scope +R21108 Coq.Init.Logic "A /\ B" type_scope +R21111 Mem.val_inject +R21125 Values.Vfloat +R21226 Coq.Init.Logic "'exists' x , p" type_scope +R21238 Coq.Init.Logic "A /\ B" type_scope +R21241 Mem.val_inject +R21255 Values.of_bool +R21292 Values.of_bool +R21350 Cminorgenproof.val_inject_val_of_bool +R21157 Values.Vfloat +R21029 Values.Vint +R21497 Coq.Init.Logic "x = y" type_scope +R21461 Integers.sub +R21484 Integers.add +R21470 Integers.add +R21499 Integers.sub +R21537 Integers.sub_add_opp +R21537 Integers.sub_add_opp +R21562 Integers.neg_add_distr +R21562 Integers.neg_add_distr +R21591 Integers.add_assoc +R21591 Integers.add_assoc +R21618 Integers.add_commut +R21646 Integers.neg +R21634 Integers.neg +R21618 Integers.add_commut +R21646 Integers.neg +R21634 Integers.neg +R21673 Integers.add_assoc +R21673 Integers.add_assoc +R21699 Integers.add_neg_zero +R21699 Integers.add_neg_zero +R21728 Integers.add_commut +R21743 Integers.zero +R21728 Integers.add_commut +R21743 Integers.zero +R21762 Integers.add_zero +R21762 Integers.add_zero +R21794 Integers.sub_add_opp +R21794 Integers.sub_add_opp +R21916 Coq.Init.Logic "A /\ B" type_scope +R21905 Coq.Init.Logic "x = y" type_scope +R21907 Integers.zero +R21942 Coq.Init.Logic "A \/ B" type_scope +R21928 Coq.Init.Logic "A /\ B" type_scope +R21922 Coq.Init.Logic "x = y" type_scope +R21924 AST.Ceq +R21933 Coq.Init.Logic "x = y" type_scope +R21935 Values.Vfalse +R21953 Coq.Init.Logic "A /\ B" type_scope +R21947 Coq.Init.Logic "x = y" type_scope +R21949 AST.Cne +R21958 Coq.Init.Logic "x = y" type_scope +R21960 Values.Vtrue +R21889 Coq.Init.Logic "x = y" type_scope +R21865 Cminorgenproof.eval_compare_null +R21891 Coq.Init.Datatypes.Some +R22032 Integers.eq +R22039 Integers.eq_spec +R22053 Integers.zero +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22412 Coq.Init.Logic "'exists' x , p" type_scope +R22487 Coq.Init.Logic "A /\ B" type_scope +R22428 Cminor.eval_expr +R22443 Values.Vptr +R22451 Integers.zero +R22490 Mem.val_inject +R22387 Mem.mem_inject +R22357 Mem.val_list_inject +R22289 Cminor.eval_exprlist +R22308 Values.Vptr +R22316 Integers.zero +R22275 Coq.Init.Logic "x = y" type_scope +R22249 Cminorgenproof.eval_operation +R22277 Coq.Init.Datatypes.Some +R22235 Coq.Init.Logic "x = y" type_scope +R22221 Cminorgen.make_op +R22237 Coq.Init.Datatypes.Some +R23809 Values.Vptr +R23818 Integers.add +R23809 Values.Vptr +R23818 Integers.add +R23872 Mem.val_inject_ptr +R23872 Mem.val_inject_ptr +R23930 Integers.add_assoc +R23930 Integers.add_assoc +R23930 Integers.add_assoc +R23930 Integers.add_assoc +R23958 Integers.add_commut +R23958 Integers.add_commut +R24004 Values.Vptr +R24013 Integers.add +R24004 Values.Vptr +R24013 Integers.add +R24068 Mem.val_inject_ptr +R24068 Mem.val_inject_ptr +R24126 Integers.add_assoc +R24126 Integers.add_assoc +R24126 Integers.add_assoc +R24126 Integers.add_assoc +R24154 Integers.add_commut +R24154 Integers.add_commut +R24200 Values.Vptr +R24209 Integers.sub +R24200 Values.Vptr +R24209 Integers.sub +R24264 Mem.val_inject_ptr +R24264 Mem.val_inject_ptr +R24313 Integers.sub_add_l +R24313 Integers.sub_add_l +R24361 Values.eq_block +R24361 Values.eq_block +R24432 Coq.Init.Logic "x = y" type_scope +R24432 Coq.Init.Logic "x = y" type_scope +R24471 Values.Vint +R24477 Integers.sub +R24471 Values.Vint +R24477 Integers.sub +R24572 Cminorgenproof.int_sub_shifted +R24572 Cminorgenproof.int_sub_shifted +R24643 Integers.eq_spec +R24658 Integers.zero +R24679 Integers.eq +R24689 Integers.zero +R24643 Integers.eq_spec +R24658 Integers.zero +R24679 Integers.eq +R24689 Integers.zero +R24779 Integers.eq_spec +R24794 Integers.zero +R24815 Integers.eq +R24825 Integers.zero +R24779 Integers.eq_spec +R24794 Integers.zero +R24815 Integers.eq +R24825 Integers.zero +R24915 Integers.eq_spec +R24930 Integers.zero +R24951 Integers.eq +R24961 Integers.zero +R24915 Integers.eq_spec +R24930 Integers.zero +R24951 Integers.eq +R24961 Integers.zero +R25051 Integers.eq_spec +R25066 Integers.zero +R25087 Integers.eq +R25097 Integers.zero +R25051 Integers.eq_spec +R25066 Integers.zero +R25087 Integers.eq +R25097 Integers.zero +R25182 Integers.ltu +R25194 Integers.repr +R25182 Integers.ltu +R25194 Integers.repr +R25304 Integers.ltu +R25316 Integers.repr +R25304 Integers.ltu +R25316 Integers.repr +R25427 Integers.ltu +R25439 Integers.repr +R25427 Integers.ltu +R25439 Integers.repr +R25555 Cminorgenproof.eval_compare_null_inv +R25555 Cminorgenproof.eval_compare_null_inv +R25747 Cminorgenproof.eval_compare_null_inv +R25747 Cminorgenproof.eval_compare_null_inv +R25976 Coq.Bool.Bool "x && y" bool_scope +R25942 Mem.valid_pointer +R25962 Integers.signed +R25979 Mem.valid_pointer +R26000 Integers.signed +R25976 Coq.Bool.Bool "x && y" bool_scope +R25942 Mem.valid_pointer +R25962 Integers.signed +R25979 Mem.valid_pointer +R26000 Integers.signed +R26078 Values.eq_block +R26078 Values.eq_block +R26142 Coq.Init.Logic "x = y" type_scope +R26142 Coq.Init.Logic "x = y" type_scope +R26185 Coq.Init.Logic "x = y" type_scope +R26185 Coq.Init.Logic "x = y" type_scope +R26222 Coq.Bool.Bool.andb_prop +R26222 Coq.Bool.Bool.andb_prop +R26259 Values.of_bool +R26272 Integers.cmp +R26259 Values.of_bool +R26272 Integers.cmp +R26353 Integers.translate_cmp +R26353 Integers.translate_cmp +R26381 Cminorgenproof.val_inject_val_of_bool +R26381 Cminorgenproof.val_inject_val_of_bool +R26415 Mem.valid_pointer_inject_no_overflow +R26415 Mem.valid_pointer_inject_no_overflow +R26465 Mem.valid_pointer_inject_no_overflow +R26465 Mem.valid_pointer_inject_no_overflow +R27073 Coq.Init.Logic "'exists' x , p" type_scope +R27189 Coq.Init.Logic "A /\ B" type_scope +R27087 Cminor.eval_expr +R27144 Cminorgen.make_cast +R27102 Values.Vptr +R27110 Integers.zero +R27214 Coq.Init.Logic "A /\ B" type_scope +R27192 Mem.val_inject +R27217 Cminorgenproof.val_normalized +R27050 Mem.val_inject +R27035 Coq.Init.Logic "x = y" type_scope +R27022 Cminorplus.cast +R27037 Coq.Init.Datatypes.Some +R26960 Cminor.eval_expr +R26975 Values.Vptr +R26983 Integers.zero +R27365 Values.Vint +R27371 Integers.cast8signed +R27365 Values.Vint +R27371 Integers.cast8signed +R27408 Cmconstrproof.eval_cast8signed +R27408 Cmconstrproof.eval_cast8signed +R27463 Values.Vint +R27463 Values.Vint +R27496 Values.Vint +R27502 Integers.cast8unsigned +R27496 Values.Vint +R27502 Integers.cast8unsigned +R27540 Cmconstrproof.eval_cast8unsigned +R27540 Cmconstrproof.eval_cast8unsigned +R27597 Values.Vint +R27597 Values.Vint +R27630 Values.Vint +R27636 Integers.cast16signed +R27630 Values.Vint +R27636 Integers.cast16signed +R27674 Cmconstrproof.eval_cast16signed +R27674 Cmconstrproof.eval_cast16signed +R27730 Values.Vint +R27730 Values.Vint +R27763 Values.Vint +R27769 Integers.cast16unsigned +R27763 Values.Vint +R27769 Integers.cast16unsigned +R27808 Cmconstrproof.eval_cast16unsigned +R27808 Cmconstrproof.eval_cast16unsigned +R27866 Values.Vint +R27866 Values.Vint +R27899 Values.Vint +R27899 Values.Vint +R27944 Values.Vint +R27944 Values.Vint +R27977 Values.Vptr +R27977 Values.Vptr +R28028 Values.Vptr +R28028 Values.Vptr +R28067 Values.Vfloat +R28075 Floats.singleoffloat +R28067 Values.Vfloat +R28075 Floats.singleoffloat +R28116 Cmconstrproof.eval_singleoffloat +R28116 Cmconstrproof.eval_singleoffloat +R28173 Values.Vfloat +R28173 Values.Vfloat +R28209 Values.Vfloat +R28209 Values.Vfloat +R28257 Values.Vfloat +R28257 Values.Vfloat +R28346 Cminor.eval_expr +R28440 Values.Vptr +R28449 Integers.repr +R28401 Cminorgen.make_stackaddr +R28361 Values.Vptr +R28369 Integers.zero +R28514 Cminor.eval_Eop +R28514 Cminor.eval_Eop +R28569 Integers.add_commut +R28569 Integers.add_commut +R28591 Integers.add_zero +R28591 Integers.add_zero +R28782 Cminor.eval_expr +R28839 Cminorgen.make_load +R28797 Values.Vptr +R28805 Integers.zero +R28768 Coq.Init.Logic "x = y" type_scope +R28745 Mem.loadv +R28770 Coq.Init.Datatypes.Some +R28683 Cminor.eval_expr +R28698 Values.Vptr +R28706 Integers.zero +R28925 Cmconstrproof.eval_load +R28925 Cmconstrproof.eval_load +R29064 Mem.val_content_inject +R29086 Mem.mem_chunk +R29039 Mem.val_inject +R29024 Coq.Init.Logic "x = y" type_scope +R29010 Cminorplus.cast +R29026 Coq.Init.Datatypes.Some +R29220 Mem.val_content_inject_8 +R29220 Mem.val_content_inject_8 +R29248 Integers.cast8_unsigned_signed +R29248 Integers.cast8_unsigned_signed +R29283 Mem.val_content_inject_8 +R29283 Mem.val_content_inject_8 +R29311 Integers.cast8_unsigned_idem +R29311 Integers.cast8_unsigned_idem +R29344 Mem.val_content_inject_16 +R29344 Mem.val_content_inject_16 +R29373 Integers.cast16_unsigned_signed +R29373 Integers.cast16_unsigned_signed +R29409 Mem.val_content_inject_16 +R29409 Mem.val_content_inject_16 +R29438 Integers.cast16_unsigned_idem +R29438 Integers.cast16_unsigned_idem +R29536 Mem.val_content_inject_32 +R29536 Mem.val_content_inject_32 +R29565 Floats.singleoffloat_idem +R29565 Floats.singleoffloat_idem +R30070 Coq.Init.Logic "'exists' x , p" type_scope +R30082 Coq.Init.Logic "'exists' x , p" type_scope +R30204 Coq.Init.Logic "A /\ B" type_scope +R30095 Cminor.eval_expr +R30152 Cminorgen.make_store +R30110 Values.Vptr +R30118 Integers.zero +R30229 Coq.Init.Logic "A /\ B" type_scope +R30207 Mem.mem_inject +R30252 Coq.Init.Logic "A /\ B" type_scope +R30232 Mem.val_inject +R30269 Coq.Init.Logic "x = y" type_scope +R30255 Mem.nextblock +R30271 Mem.nextblock +R30041 Mem.val_inject +R30010 Mem.val_inject +R29985 Mem.mem_inject +R29970 Coq.Init.Logic "x = y" type_scope +R29942 Mem.storev +R29972 Coq.Init.Datatypes.Some +R29928 Coq.Init.Logic "x = y" type_scope +R29912 Cminorplus.cast +R29930 Coq.Init.Datatypes.Some +R29833 Cminor.eval_expr +R29848 Values.Vptr +R29856 Integers.zero +R29752 Cminor.eval_expr +R29767 Values.Vptr +R29775 Integers.zero +R30332 Mem.val_content_inject +R30354 Mem.mem_chunk +R30332 Mem.val_content_inject +R30354 Mem.mem_chunk +R30392 Cminorgenproof.val_content_inject_cast +R30392 Cminorgenproof.val_content_inject_cast +R30432 Mem.storev_mapped_inject_1 +R30432 Mem.storev_mapped_inject_1 +R30530 Cmconstrproof.eval_store +R30530 Cmconstrproof.eval_store +R30611 Cminorgenproof.make_cast_correct +R30611 Cminorgenproof.make_cast_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R30824 Mem.store_inv +R30824 Mem.store_inv +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R31165 Coq.Init.Logic "'exists' x , p" type_scope +R31233 Coq.Init.Logic "A /\ B" type_scope +R31180 Cminor.eval_expr +R31195 Values.Vptr +R31203 Integers.zero +R31240 Mem.val_inject +R31151 Coq.Init.Logic "x = y" type_scope +R31134 Mem.load +R31153 Coq.Init.Datatypes.Some +R31103 Coq.Init.Logic "x = y" type_scope +R31099 Maps "a ! b" +R31105 Coq.Init.Datatypes.Some +R31109 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31113 Cminorplus.LVscalar +R31075 Mem.mem_inject +R30986 Cminorgenproof.match_callstack +R31057 Mem.nextblock +R31042 Mem.nextblock +R31032 Coq.Lists.List "x :: y" list_scope +R31005 Cminorgenproof.mkframe +R30972 Coq.Init.Logic "x = y" type_scope +R30956 Cminorgen.var_get +R30974 Coq.Init.Datatypes.Some +R31302 Cminorgenproof.match_var +R31331 Maps "a !! b" +R31302 Cminorgenproof.match_var +R31331 Maps "a !! b" +R31391 Maps "a !! b" +R31391 Maps "a !! b" +R31545 Cminor.eval_Evar +R31545 Cminor.eval_Evar +R31714 Coq.Init.Logic "x = y" type_scope +R31714 Coq.Init.Logic "x = y" type_scope +R31755 Coq.Init.Logic "x = y" type_scope +R31755 Coq.Init.Logic "x = y" type_scope +R31829 Coq.Init.Logic "x = y" type_scope +R31797 Mem.loadv +R31812 Values.Vptr +R31819 Integers.zero +R31831 Coq.Init.Datatypes.Some +R31829 Coq.Init.Logic "x = y" type_scope +R31797 Mem.loadv +R31812 Values.Vptr +R31819 Integers.zero +R31831 Coq.Init.Datatypes.Some +R31866 Mem.loadv_inject +R31866 Mem.loadv_inject +R31975 Cminorgenproof.make_load_correct +R31975 Cminorgenproof.make_load_correct +R32008 Cminorgenproof.make_stackaddr_correct +R32008 Cminorgenproof.make_stackaddr_correct +R32281 Coq.Init.Logic "'exists' x , p" type_scope +R32349 Coq.Init.Logic "A /\ B" type_scope +R32296 Cminor.eval_expr +R32311 Values.Vptr +R32319 Integers.zero +R32356 Mem.val_inject +R32370 Values.Vptr +R32377 Integers.zero +R32262 Coq.Init.Logic "x = y" type_scope +R32258 Maps "a ! b" +R32264 Coq.Init.Datatypes.Some +R32268 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R32168 Cminorgenproof.match_callstack +R32239 Mem.nextblock +R32224 Mem.nextblock +R32214 Coq.Lists.List "x :: y" list_scope +R32187 Cminorgenproof.mkframe +R32154 Coq.Init.Logic "x = y" type_scope +R32137 Cminorgen.var_addr +R32156 Coq.Init.Datatypes.Some +R32435 Cminorgenproof.match_var +R32464 Maps "a !! b" +R32435 Cminorgenproof.match_var +R32464 Maps "a !! b" +R32524 Maps "a !! b" +R32524 Maps "a !! b" +R32666 Values.Vptr +R32675 Integers.repr +R32666 Values.Vptr +R32675 Integers.repr +R32705 Cminorgenproof.make_stackaddr_correct +R32705 Cminorgenproof.make_stackaddr_correct +R32802 Values.Vptr +R32811 Integers.repr +R32802 Values.Vptr +R32811 Integers.repr +R32841 Cminorgenproof.make_stackaddr_correct +R32841 Cminorgenproof.make_stackaddr_correct +R33199 Coq.Init.Logic "'exists' x , p" type_scope +R33267 Coq.Init.Logic "A /\ B" type_scope +R33214 Cminor.eval_expr +R33229 Values.Vptr +R33237 Integers.zero +R33274 Mem.val_inject +R33288 Values.Vptr +R33295 Integers.zero +R33185 Coq.Init.Logic "x = y" type_scope +R33162 Globalenvs.find_symbol +R33187 Coq.Init.Datatypes.Some +R33150 Coq.Init.Logic "x = y" type_scope +R33146 Maps "a ! b" +R33152 Coq.Init.Datatypes.None +R33056 Cminorgenproof.match_callstack +R33127 Mem.nextblock +R33112 Mem.nextblock +R33102 Coq.Lists.List "x :: y" list_scope +R33075 Cminorgenproof.mkframe +R33042 Coq.Init.Logic "x = y" type_scope +R33025 Cminorgen.var_addr +R33044 Coq.Init.Datatypes.Some +R33353 Cminorgenproof.match_var +R33382 Maps "a !! b" +R33353 Cminorgenproof.match_var +R33382 Maps "a !! b" +R33444 Maps "a !! b" +R33444 Maps "a !! b" +R33545 Cminorgenproof.match_callstack_match_globalenvs +R33545 Cminorgenproof.match_callstack_match_globalenvs +R33664 Values.Vptr +R33671 Integers.zero +R33664 Values.Vptr +R33671 Integers.zero +R33698 Cminor.eval_Eop +R33698 Cminor.eval_Eop +R34244 Coq.Init.Logic "'exists' x , p" type_scope +R34256 Coq.Init.Logic "'exists' x , p" type_scope +R34268 Coq.Init.Logic "'exists' x , p" type_scope +R34340 Coq.Init.Logic "A /\ B" type_scope +R34283 Cminor.eval_expr +R34298 Values.Vptr +R34306 Integers.zero +R34366 Coq.Init.Logic "A /\ B" type_scope +R34347 Mem.val_inject +R34393 Coq.Init.Logic "A /\ B" type_scope +R34373 Mem.mem_inject +R34400 Cminorgenproof.match_callstack +R34474 Mem.nextblock +R34458 Mem.nextblock +R34447 Coq.Lists.List "x :: y" list_scope +R34419 Cminorgenproof.mkframe +R34229 Coq.Init.Logic "x = y" type_scope +R34207 Mem.store +R34231 Coq.Init.Datatypes.Some +R34192 Coq.Init.Logic "x = y" type_scope +R34178 Cminorplus.cast +R34194 Coq.Init.Datatypes.Some +R34147 Coq.Init.Logic "x = y" type_scope +R34143 Maps "a ! b" +R34149 Coq.Init.Datatypes.Some +R34153 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R34157 Cminorplus.LVscalar +R34117 Mem.mem_inject +R34091 Mem.val_inject +R34025 Cminor.eval_expr +R34040 Values.Vptr +R34048 Integers.zero +R33932 Cminorgenproof.match_callstack +R34006 Mem.nextblock +R33990 Mem.nextblock +R33979 Coq.Lists.List "x :: y" list_scope +R33951 Cminorgenproof.mkframe +R33918 Coq.Init.Logic "x = y" type_scope +R33898 Cminorgen.var_set +R33920 Coq.Init.Datatypes.Some +R34556 Coq.Init.Logic "x = y" type_scope +R34543 Mem.nextblock +R34558 Mem.nextblock +R34556 Coq.Init.Logic "x = y" type_scope +R34543 Mem.nextblock +R34558 Mem.nextblock +R34589 Mem.store_inv +R34589 Mem.store_inv +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R34731 Maps "a !! b" +R34731 Maps "a !! b" +R34917 Coq.Init.Logic "x = y" type_scope +R34917 Coq.Init.Logic "x = y" type_scope +R34957 Coq.Init.Logic "x = y" type_scope +R34957 Coq.Init.Logic "x = y" type_scope +R34998 Cminorgenproof.make_cast_correct +R34998 Cminorgenproof.make_cast_correct +R35092 Maps.set +R35092 Maps.set +R35153 Cminor.eval_Eassign +R35153 Cminor.eval_Eassign +R35205 Mem.store_unmapped_inject +R35205 Mem.store_unmapped_inject +R35264 Cminorgenproof.match_callstack_store_local +R35264 Cminorgenproof.match_callstack_store_local +R35422 Coq.Init.Logic "x = y" type_scope +R35422 Coq.Init.Logic "x = y" type_scope +R35462 Coq.Init.Logic "x = y" type_scope +R35462 Coq.Init.Logic "x = y" type_scope +R35542 Coq.Init.Logic "x = y" type_scope +R35505 Mem.storev +R35522 Values.Vptr +R35529 Integers.zero +R35544 Coq.Init.Datatypes.Some +R35542 Coq.Init.Logic "x = y" type_scope +R35505 Mem.storev +R35522 Values.Vptr +R35529 Integers.zero +R35544 Coq.Init.Datatypes.Some +R35580 Cminorgenproof.make_stackaddr_correct +R35580 Cminorgenproof.make_stackaddr_correct +R35658 Cminorgenproof.make_store_correct +R35658 Cminorgenproof.make_store_correct +R35953 Cminorgenproof.match_callstack_mapped +R35953 Cminorgenproof.match_callstack_mapped +R36097 Coq.ZArith.BinInt "x <= y" Z_scope +R36100 Cminorgen.align +R36088 Coq.ZArith.BinInt "x > y" Z_scope +R36244 Coq.ZArith.BinInt "x <= y" Z_scope +R36223 Coq.Init.Logic "x = y" type_scope +R36186 Cminorgen.assign_variables +R36212 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R36225 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R36383 Cminorgen.mem +R36383 Cminorgen.mem +R36460 Mem.size_chunk_pos +R36460 Mem.size_chunk_pos +R36500 Cminorgenproof.align_bounds +R36517 Mem.size_chunk +R36500 Cminorgenproof.align_bounds +R36517 Mem.size_chunk +R36605 Coq.ZArith.BinInt "x > y" Z_scope +R36605 Coq.ZArith.BinInt "x > y" Z_scope +R36630 Cminorgenproof.align_bounds +R36630 Cminorgenproof.align_bounds +R36665 Coq.ZArith.BinInt "x <= y" Z_scope +R36668 Coq.ZArith.Zmin.Zmax +R36665 Coq.ZArith.BinInt "x <= y" Z_scope +R36668 Coq.ZArith.Zmin.Zmax +R36685 Coqlib.Zmax_bound_l +R36685 Coqlib.Zmax_bound_l +R37340 Coq.Init.Logic "'exists' x , p" type_scope +R37375 Coq.Init.Logic "A /\ B" type_scope +R37356 Mem.inject_incr +R37400 Coq.Init.Logic "A /\ B" type_scope +R37378 Mem.mem_inject +R37403 Cminorgenproof.match_callstack +R37514 Mem.nextblock +R37499 Mem.nextblock +R37464 Coq.Lists.List "x :: y" list_scope +R37423 Cminorgenproof.mkframe +R37453 Mem.nextblock +R37326 Coq.Init.Logic "x <> y" type_scope +R37322 Maps "a ! b" +R37329 Coq.Init.Datatypes.None +R37300 Coq.Lists.List.In +R37303 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37273 Coq.ZArith.BinInt "x <= y" Z_scope +R37265 Coq.ZArith.BinInt "x + y" Z_scope +R37250 Mem.high_bound +R37229 Coq.Init.Logic "x = y" type_scope +R37231 Coq.Init.Datatypes.Some +R37235 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37197 Coq.ZArith.BinInt "x <= y" Z_scope +R37172 Mem.mem_inject +R37052 Cminorgenproof.match_callstack +R37154 Mem.nextblock +R37139 Mem.nextblock +R37109 Coq.Lists.List "x :: y" list_scope +R37071 Cminorgenproof.mkframe +R37098 Mem.nextblock +R37032 Coq.Init.Logic "x = y" type_scope +R36995 Cminorgen.assign_variables +R37021 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37034 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R36936 Cminorplus.alloc_variables +R36885 Coq.ZArith.BinInt "x <= y" Z_scope +R36888 Integers.max_signed +R36870 Coq.Init.Logic "x = y" type_scope +R36853 Mem.high_bound +R36844 Coq.Init.Logic "x = y" type_scope +R36828 Mem.low_bound +R36805 Mem.valid_block +R37686 Mem.inject_incr_refl +R37686 Mem.inject_incr_refl +R37835 Cminorgen.assign_variables +R37862 Cminorgen.assign_variable +R37891 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37882 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37775 Cminorgen.assign_variables +R37815 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37806 Coq.Lists.List "x :: y" list_scope +R37797 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37835 Cminorgen.assign_variables +R37862 Cminorgen.assign_variable +R37891 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37882 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37775 Cminorgen.assign_variables +R37815 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37806 Coq.Lists.List "x :: y" list_scope +R37797 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37915 Cminorgen.assign_variable +R37944 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37935 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37915 Cminorgen.assign_variable +R37944 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37935 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38083 Coq.Init.Logic "x <> y" type_scope +R38078 Maps "a ! b" +R38086 Coq.Init.Datatypes.None +R38054 Coq.Lists.List.In +R38057 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38083 Coq.Init.Logic "x <> y" type_scope +R38078 Maps "a ! b" +R38086 Coq.Init.Datatypes.None +R38054 Coq.Lists.List.In +R38057 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38152 Coq.Init.Logic "'exists' x , p" type_scope +R38169 Coq.Init.Logic "x = y" type_scope +R38165 Maps "a ! b" +R38171 Coq.Init.Datatypes.Some +R38152 Coq.Init.Logic "'exists' x , p" type_scope +R38169 Coq.Init.Logic "x = y" type_scope +R38165 Maps "a ! b" +R38171 Coq.Init.Datatypes.Some +R38199 Coq.Init.Logic "x <> y" type_scope +R38195 Maps "a ! b" +R38202 Coq.Init.Datatypes.None +R38199 Coq.Init.Logic "x <> y" type_scope +R38195 Maps "a ! b" +R38202 Coq.Init.Datatypes.None +R38260 Maps "a ! b" +R38260 Maps "a ! b" +R38443 Cminorgen.mem +R38443 Cminorgen.mem +R38527 Cminorgen.align +R38537 Mem.size_chunk +R38527 Cminorgen.align +R38537 Mem.size_chunk +R38618 Mem.extend_inject +R38636 Coq.Init.Datatypes.Some +R38641 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38618 Mem.extend_inject +R38636 Coq.Init.Datatypes.Some +R38641 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38672 Mem.size_chunk_pos +R38672 Mem.size_chunk_pos +R38726 Cminorgenproof.align_bounds +R38743 Mem.size_chunk +R38726 Cminorgenproof.align_bounds +R38743 Mem.size_chunk +R38826 Coq.Init.Logic "A /\ B" type_scope +R38806 Mem.mem_inject +R38829 Mem.inject_incr +R38826 Coq.Init.Logic "A /\ B" type_scope +R38806 Mem.mem_inject +R38829 Mem.inject_incr +R38877 Coq.ZArith.BinInt "x < y" Z_scope +R38862 Integers.min_signed +R38877 Coq.ZArith.BinInt "x < y" Z_scope +R38862 Integers.min_signed +R38916 Cminorgenproof.assign_variables_incr +R38916 Cminorgenproof.assign_variables_incr +R38988 Mem.alloc_mapped_inject +R38988 Mem.alloc_mapped_inject +R39203 Cminorgenproof.match_callstack +R39336 Mem.nextblock +R39321 Mem.nextblock +R39300 Coq.Lists.List "x :: y" list_scope +R39236 Cminorgenproof.mkframe +R39286 Mem.nextblock +R39251 Maps.set +R39264 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39203 Cminorgenproof.match_callstack +R39336 Mem.nextblock +R39321 Mem.nextblock +R39300 Coq.Lists.List "x :: y" list_scope +R39236 Cminorgenproof.mkframe +R39286 Mem.nextblock +R39251 Maps.set +R39264 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39392 Cminorgenproof.match_callstack_alloc_left +R39392 Cminorgenproof.match_callstack_alloc_left +R39449 Coq.ZArith.BinInt "x <= y" Z_scope +R39449 Coq.ZArith.BinInt "x <= y" Z_scope +R39602 Coq.ZArith.BinInt "x <= y" Z_scope +R39594 Coq.ZArith.BinInt "x + y" Z_scope +R39578 Mem.high_bound +R39521 Coq.Init.Logic "x = y" type_scope +R39523 Coq.Init.Datatypes.Some +R39527 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39602 Coq.ZArith.BinInt "x <= y" Z_scope +R39594 Coq.ZArith.BinInt "x + y" Z_scope +R39578 Mem.high_bound +R39521 Coq.Init.Logic "x = y" type_scope +R39523 Coq.Init.Datatypes.Some +R39527 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39688 Mem.high_bound_alloc +R39688 Mem.high_bound_alloc +R39733 Coqlib.zeq +R39733 Coqlib.zeq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R40004 Mem.inject_incr_trans +R40004 Mem.inject_incr_trans +R40139 Mem.alloc_unmapped_inject +R40139 Mem.alloc_unmapped_inject +R40199 Mem.extend_inject +R40216 Coq.Init.Datatypes.None +R40199 Mem.extend_inject +R40216 Coq.Init.Datatypes.None +R40267 Cminorgenproof.match_callstack +R40400 Mem.nextblock +R40385 Mem.nextblock +R40364 Coq.Lists.List "x :: y" list_scope +R40300 Cminorgenproof.mkframe +R40350 Mem.nextblock +R40315 Maps.set +R40328 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40267 Cminorgenproof.match_callstack +R40400 Mem.nextblock +R40385 Mem.nextblock +R40364 Coq.Lists.List "x :: y" list_scope +R40300 Cminorgenproof.mkframe +R40350 Mem.nextblock +R40315 Maps.set +R40328 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40456 Cminorgenproof.match_callstack_alloc_left +R40456 Cminorgenproof.match_callstack_alloc_left +R40613 Coq.ZArith.BinInt "x <= y" Z_scope +R40605 Coq.ZArith.BinInt "x + y" Z_scope +R40589 Mem.high_bound +R40532 Coq.Init.Logic "x = y" type_scope +R40534 Coq.Init.Datatypes.Some +R40538 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40613 Coq.ZArith.BinInt "x <= y" Z_scope +R40605 Coq.ZArith.BinInt "x + y" Z_scope +R40589 Mem.high_bound +R40532 Coq.Init.Logic "x = y" type_scope +R40534 Coq.Init.Datatypes.Some +R40538 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40698 Mem.high_bound_alloc +R40698 Mem.high_bound_alloc +R40743 Coqlib.zeq +R40743 Coqlib.zeq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R40958 Mem.inject_incr_trans +R40958 Mem.inject_incr_trans +R41101 Coq.ZArith.BinInt "x <= y" Z_scope +R41104 Coq.ZArith.Zmin.Zmax +R41101 Coq.ZArith.BinInt "x <= y" Z_scope +R41104 Coq.ZArith.Zmin.Zmax +R41123 Coq.ZArith.Zmin.Zmax1 +R41123 Coq.ZArith.Zmin.Zmax1 +R41143 Coq.ZArith.BinInt "x > y" Z_scope +R41143 Coq.ZArith.BinInt "x > y" Z_scope +R41170 Cminorgenproof.align_bounds +R41170 Cminorgenproof.align_bounds +R41214 Cminorgen.align +R41214 Cminorgen.align +R41245 Mem.extend_inject +R41263 Coq.Init.Datatypes.Some +R41268 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41245 Mem.extend_inject +R41263 Coq.Init.Datatypes.Some +R41268 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41313 Coq.Init.Logic "A /\ B" type_scope +R41293 Mem.mem_inject +R41316 Mem.inject_incr +R41313 Coq.Init.Logic "A /\ B" type_scope +R41293 Mem.mem_inject +R41316 Mem.inject_incr +R41362 Coq.ZArith.BinInt "x < y" Z_scope +R41347 Integers.min_signed +R41362 Coq.ZArith.BinInt "x < y" Z_scope +R41347 Integers.min_signed +R41399 Cminorgenproof.assign_variables_incr +R41399 Cminorgenproof.assign_variables_incr +R41469 Mem.alloc_mapped_inject +R41469 Mem.alloc_mapped_inject +R41680 Cminorgenproof.match_callstack +R41813 Mem.nextblock +R41798 Mem.nextblock +R41777 Coq.Lists.List "x :: y" list_scope +R41713 Cminorgenproof.mkframe +R41763 Mem.nextblock +R41728 Maps.set +R41741 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41680 Cminorgenproof.match_callstack +R41813 Mem.nextblock +R41798 Mem.nextblock +R41777 Coq.Lists.List "x :: y" list_scope +R41713 Cminorgenproof.mkframe +R41763 Mem.nextblock +R41728 Maps.set +R41741 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41869 Cminorgenproof.match_callstack_alloc_left +R41869 Cminorgenproof.match_callstack_alloc_left +R41926 Coq.ZArith.BinInt "x <= y" Z_scope +R41926 Coq.ZArith.BinInt "x <= y" Z_scope +R42079 Coq.ZArith.BinInt "x <= y" Z_scope +R42071 Coq.ZArith.BinInt "x + y" Z_scope +R42055 Mem.high_bound +R41998 Coq.Init.Logic "x = y" type_scope +R42000 Coq.Init.Datatypes.Some +R42004 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R42079 Coq.ZArith.BinInt "x <= y" Z_scope +R42071 Coq.ZArith.BinInt "x + y" Z_scope +R42055 Mem.high_bound +R41998 Coq.Init.Logic "x = y" type_scope +R42000 Coq.Init.Datatypes.Some +R42004 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R42165 Mem.high_bound_alloc +R42165 Mem.high_bound_alloc +R42210 Coqlib.zeq +R42210 Coqlib.zeq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R42481 Mem.inject_incr_trans +R42481 Mem.inject_incr_trans +R42611 Coq.Init.Logic "x <> y" type_scope +R42606 Maps "a ! b" +R42584 Cminor.set_params +R42614 Coq.Init.Datatypes.None +R42567 Coq.Lists.List.In +R42699 Maps.gsspec +R42699 Maps.gsspec +R42719 Coqlib.peq +R42719 Coqlib.peq +R42811 Maps.gsspec +R42811 Maps.gsspec +R42831 Coqlib.peq +R42831 Coqlib.peq +R43020 Coq.Init.Logic "x <> y" type_scope +R43015 Maps "a ! b" +R42998 Cminor.set_locals +R43023 Coq.Init.Datatypes.None +R42978 Coq.Init.Logic "A \/ B" type_scope +R42967 Coq.Lists.List.In +R42986 Coq.Init.Logic "x <> y" type_scope +R42982 Maps "a ! b" +R42989 Coq.Init.Datatypes.None +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R43088 Maps.gsspec +R43088 Maps.gsspec +R43108 Coqlib.peq +R43108 Coqlib.peq +R43166 Coq.Init.Logic "x <> y" type_scope +R43166 Coq.Init.Logic "x <> y" type_scope +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R43338 Coq.Init.Logic "x <> y" type_scope +R43333 Maps "a ! b" +R43293 Cminor.set_locals +R43310 Cminor.set_params +R43341 Coq.Init.Datatypes.None +R43264 Coq.Lists.List.In +R43278 Coq.Lists.List "x ++ y" list_scope +R43370 Cminorgenproof.set_locals_defined +R43370 Cminorgenproof.set_locals_defined +R43399 Coq.Lists.List.in_app_or +R43399 Coq.Lists.List.in_app_or +R43442 Cminorgenproof.set_params_defined +R43442 Cminorgenproof.set_params_defined +R44021 Coq.Init.Logic "'exists' x , p" type_scope +R44056 Coq.Init.Logic "A /\ B" type_scope +R44037 Mem.inject_incr +R44082 Coq.Init.Logic "A /\ B" type_scope +R44059 Mem.mem_inject +R44085 Cminorgenproof.match_callstack +R44206 Mem.nextblock +R44190 Mem.nextblock +R44155 Coq.Lists.List "x :: y" list_scope +R44105 Cminorgenproof.mkframe +R44144 Mem.nextblock +R44129 Mem.nextblock +R43972 Cminor.set_locals +R43990 Cminor.set_params +R43905 Coq.Lists.List.map +R43946 Cminorgenproof.fn_vars +R43916 Coq.Init.Datatypes.fst +R43926 Cminorplus.local_variable +R43920 AST.ident +R43835 Coq.Lists.List.map +R43874 Cminorgenproof.fn_params +R43846 Coq.Init.Datatypes.fst +R43856 AST.memory_chunk +R43850 AST.ident +R43797 Mem.mem_inject +R43740 Cminorgenproof.match_callstack +R43779 Mem.nextblock +R43764 Mem.nextblock +R43723 Coq.Init.Logic "x = y" type_scope +R43705 Mem.alloc +R43725 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R43644 Cminorplus.alloc_variables +R43675 Cminorplus.fn_variables +R43660 Cminorgenproof.empty_env +R43621 Coq.ZArith.BinInt "x <= y" Z_scope +R43624 Integers.max_signed +R43600 Coq.Init.Logic "x = y" type_scope +R43581 Cminorgen.build_compilenv +R43602 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44256 Coq.Init.Logic "x = y" type_scope +R44258 Mem.nextblock +R44256 Coq.Init.Logic "x = y" type_scope +R44258 Mem.nextblock +R44334 Cminorgenproof.match_callstack_alloc_variables_rec +R44334 Cminorgenproof.match_callstack_alloc_variables_rec +R44404 Mem.valid_new_block +R44404 Mem.valid_new_block +R44439 Mem.low_bound_alloc +R44439 Mem.low_bound_alloc +R44479 Coqlib.zeq_true +R44479 Coqlib.zeq_true +R44500 Mem.high_bound_alloc +R44500 Mem.high_bound_alloc +R44541 Coqlib.zeq_true +R44541 Coqlib.zeq_true +R44606 Mem.valid_block +R44606 Mem.valid_block +R44634 Mem.valid_new_block +R44634 Mem.valid_new_block +R44712 Maps.gi +R44712 Maps.gi +R44765 Maps.gempty +R44765 Maps.gempty +R44883 Maps.gempty +R44883 Maps.gempty +R44976 Maps.gempty +R44976 Maps.gempty +R45037 Mem.mi_mappedblocks +R45037 Mem.mi_mappedblocks +R45091 Mem.fresh_block_alloc +R45091 Mem.fresh_block_alloc +R45163 Mem.mi_mappedblocks +R45163 Mem.mi_mappedblocks +R45258 Mem.alloc_right_inject +R45258 Mem.alloc_right_inject +R45310 Mem.mi_mappedblocks +R45310 Mem.mi_mappedblocks +R45439 Cminorgenproof.set_locals_params_defined +R45439 Cminorgenproof.set_locals_params_defined +R45554 Cminorgenproof.fn_params +R45528 Cminorplus.fn_params +R45554 Cminorgenproof.fn_params +R45528 Cminorplus.fn_params +R45607 Cminorgenproof.fn_vars +R45583 Cminorplus.fn_vars +R45607 Cminorgenproof.fn_vars +R45583 Cminorplus.fn_vars +R45633 Coq.Lists.List.in_app_or +R45633 Coq.Lists.List.in_app_or +R45670 Coqlib.list_in_map_inv +R45670 Coqlib.list_in_map_inv +R45721 Coq.Lists.List.in_or_app +R45721 Coq.Lists.List.in_or_app +R45757 Coq.Lists.List.in_map +R45757 Coq.Lists.List.in_map +R45784 Coq.Lists.List.in_or_app +R45784 Coq.Lists.List.in_or_app +R45821 Coq.Init.Datatypes.fst +R45825 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45821 Coq.Init.Datatypes.fst +R45825 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45842 Coq.Lists.List.in_map +R45842 Coq.Lists.List.in_map +R45991 Coq.ZArith.BinInt "x <= y" Z_scope +R45978 Mem.nextblock +R45994 Mem.nextblock +R45937 Cminorplus.alloc_variables +R46267 Coq.Init.Logic "A <-> B" type_scope +R46245 Coq.ZArith.BinInt "x <= y < z" Z_scope +R46234 Mem.nextblock +R46256 Mem.nextblock +R46271 Coq.Lists.List.In +R46179 Cminorplus.alloc_variables +R46419 Coq.Init.Logic "x = y" type_scope +R46407 Mem.nextblock +R46419 Coq.Init.Logic "x = y" type_scope +R46407 Mem.nextblock +R46476 Coq.Init.Logic "x = y" type_scope +R46463 Mem.nextblock +R46478 Coq.ZArith.BinInt.Zsucc +R46485 Mem.nextblock +R46476 Coq.Init.Logic "x = y" type_scope +R46463 Mem.nextblock +R46478 Coq.ZArith.BinInt.Zsucc +R46485 Mem.nextblock +R46598 Coq.Init.Logic "A \/ B" type_scope +R46594 Coq.Init.Logic "x = y" type_scope +R46582 Mem.nextblock +R46614 Coq.ZArith.BinInt "x <= y < z" Z_scope +R46601 Mem.nextblock +R46621 Mem.nextblock +R46598 Coq.Init.Logic "A \/ B" type_scope +R46594 Coq.Init.Logic "x = y" type_scope +R46582 Mem.nextblock +R46614 Coq.ZArith.BinInt "x <= y < z" Z_scope +R46601 Mem.nextblock +R46621 Mem.nextblock +R46767 Cminorgenproof.alloc_variables_nextblock_incr +R46767 Cminorgenproof.alloc_variables_nextblock_incr +R46967 Cminor.env +R46955 Coq.Lists.List.list +R46960 Values.val +R46924 Coq.Lists.List.list +R46936 Coq.Init.Datatypes "x * y" type_scope +R46930 AST.ident +R46938 AST.memory_chunk +R46914 Mem.meminj +R47048 Coq.Lists.List.nil +R47044 Coq.Lists.List.nil +R47259 Coq.Lists.List "x :: y" list_scope +R47247 Coq.Lists.List "x :: y" list_scope +R47235 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R47149 Mem.val_inject +R47130 Coq.Init.Logic "x = y" type_scope +R47126 Maps "a ! b" +R47132 Coq.Init.Datatypes.Some +R47441 Cminorgenproof.vars_vals_match +R47427 Coq.Init.Logic "x = y" type_scope +R47423 Maps "a ! b" +R47431 Maps "a ! b" +R47400 Coq.Lists.List.In +R47403 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R47335 Cminorgenproof.vars_vals_match +R48014 Coq.Init.Logic "'exists' x , p" type_scope +R48026 Coq.Init.Logic "'exists' x , p" type_scope +R48178 Coq.Init.Logic "A /\ B" type_scope +R48043 Cminor.exec_stmtlist +R48165 Cminor.Out_normal +R48108 Cminorgen.store_parameters +R48062 Values.Vptr +R48070 Integers.zero +R48203 Coq.Init.Logic "A /\ B" type_scope +R48181 Mem.mem_inject +R48206 Cminorgenproof.match_callstack +R48280 Mem.nextblock +R48264 Mem.nextblock +R48253 Coq.Lists.List "x :: y" list_scope +R48225 Cminorgenproof.mkframe +R47921 Cminorgenproof.match_callstack +R47995 Mem.nextblock +R47979 Mem.nextblock +R47968 Coq.Lists.List "x :: y" list_scope +R47940 Cminorgenproof.mkframe +R47896 Mem.mem_inject +R47834 Coqlib.list_norepet +R47848 Coq.Lists.List.map +R47859 Coq.Init.Datatypes.fst +R47869 AST.memory_chunk +R47863 AST.ident +R47797 Cminorgenproof.vars_vals_match +R47721 Cminorplus.bind_parameters +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R48692 Coq.Init.Logic "x = y" type_scope +R48679 Mem.nextblock +R48694 Mem.nextblock +R48692 Coq.Init.Logic "x = y" type_scope +R48679 Mem.nextblock +R48694 Mem.nextblock +R48724 Mem.store_inv +R48724 Mem.store_inv +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R48884 Cminorplus.local_variable +R48862 Cminorgenproof.local_variable +R48884 Cminorplus.local_variable +R48862 Cminorgenproof.local_variable +R48987 Coq.Init.Logic "x = y" type_scope +R48987 Coq.Init.Logic "x = y" type_scope +R49026 Cminor.eval_expr +R49072 Cminor.Evar +R49059 Coq.Lists.List.nil +R49041 Values.Vptr +R49049 Integers.zero +R49026 Cminor.eval_expr +R49072 Cminor.Evar +R49059 Coq.Lists.List.nil +R49041 Values.Vptr +R49049 Integers.zero +R49131 Cminorgenproof.make_cast_correct +R49131 Cminorgenproof.make_cast_correct +R49252 Maps.set +R49252 Maps.set +R49291 Cminorgenproof.vars_vals_match +R49291 Cminorgenproof.vars_vals_match +R49335 Cminorgenproof.vars_vals_match_extensional +R49335 Cminorgenproof.vars_vals_match_extensional +R49409 Maps.gso +R49409 Maps.gso +R49472 Coq.Init.Datatypes.fst +R49476 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49472 Coq.Init.Datatypes.fst +R49476 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49493 Coq.Lists.List.in_map +R49493 Coq.Lists.List.in_map +R49526 Mem.store_unmapped_inject +R49526 Mem.store_unmapped_inject +R49604 Cminorgenproof.match_callstack_store_local +R49604 Cminorgenproof.match_callstack_store_local +R49926 Cminor.exec_Scons_continue +R49926 Cminor.exec_Scons_continue +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R50139 Cminorplus.local_variable +R50117 Cminorgenproof.local_variable +R50139 Cminorplus.local_variable +R50117 Cminorgenproof.local_variable +R50246 Cminorgenproof.make_stackaddr_correct +R50272 Coq.Lists.List.nil +R50246 Cminorgenproof.make_stackaddr_correct +R50272 Coq.Lists.List.nil +R50307 Cminor.eval_expr +R50353 Cminor.Evar +R50340 Coq.Lists.List.nil +R50322 Values.Vptr +R50330 Integers.zero +R50307 Cminor.eval_expr +R50353 Cminor.Evar +R50340 Coq.Lists.List.nil +R50322 Values.Vptr +R50330 Integers.zero +R50410 Cminorgenproof.make_store_correct +R50478 Values.Vptr +R50485 Integers.zero +R50410 Cminorgenproof.make_store_correct +R50478 Values.Vptr +R50485 Integers.zero +R50604 Coq.Init.Logic "x <> y" type_scope +R50607 Coq.Init.Datatypes.None +R50604 Coq.Init.Logic "x <> y" type_scope +R50607 Coq.Init.Datatypes.None +R50654 Cminorgenproof.match_callstack_mapped +R50654 Cminorgenproof.match_callstack_mapped +R50941 Cminor.exec_Scons_continue +R50941 Cminor.exec_Scons_continue +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R51124 Cminorplus.local_variable +R51102 Cminorgenproof.local_variable +R51124 Cminorplus.local_variable +R51102 Cminorgenproof.local_variable +R51191 Cminorplus.local_variable +R51169 Cminorgenproof.local_variable +R51191 Cminorplus.local_variable +R51169 Cminorgenproof.local_variable +R51435 Cminorgenproof.vars_vals_match +R51470 Cminor.set_params +R51488 Coq.Lists.List.map +R51499 Coq.Init.Datatypes.fst +R51509 AST.memory_chunk +R51503 AST.ident +R51401 Mem.val_list_inject +R51377 Coq.Init.Logic "x = y" type_scope +R51358 Coq.Lists.List.length +R51379 Coq.Lists.List.length +R51296 Coqlib.list_norepet +R51310 Coq.Lists.List.map +R51321 Coq.Init.Datatypes.fst +R51331 AST.memory_chunk +R51325 AST.ident +R51747 Maps.gss +R51747 Maps.gss +R51824 Cminor.set_params +R51840 Coq.Lists.List.map +R51846 Coq.Init.Datatypes.fst +R51856 AST.memory_chunk +R51850 AST.ident +R51788 Cminorgenproof.vars_vals_match_extensional +R51824 Cminor.set_params +R51840 Coq.Lists.List.map +R51846 Coq.Init.Datatypes.fst +R51856 AST.memory_chunk +R51850 AST.ident +R51788 Cminorgenproof.vars_vals_match_extensional +R51930 Maps.gso +R51930 Maps.gso +R52006 Coq.Init.Datatypes.fst +R52010 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51983 Coq.Init.Datatypes.fst +R51987 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52006 Coq.Init.Datatypes.fst +R52010 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51983 Coq.Init.Datatypes.fst +R51987 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52030 Coq.Lists.List.in_map +R52030 Coq.Lists.List.in_map +R52328 Cminorgenproof.vars_vals_match +R52363 Cminor.set_locals +R52425 Cminor.set_params +R52443 Coq.Lists.List.map +R52454 Coq.Init.Datatypes.fst +R52464 AST.memory_chunk +R52458 AST.ident +R52375 Coq.Lists.List.map +R52386 Coq.Init.Datatypes.fst +R52396 Cminorplus.local_variable +R52390 AST.ident +R52208 Coqlib.list_norepet +R52277 Coq.Lists.List "x ++ y" list_scope +R52222 Coq.Lists.List.map +R52233 Coq.Init.Datatypes.fst +R52243 Cminorplus.local_variable +R52237 AST.ident +R52280 Coq.Lists.List.map +R52291 Coq.Init.Datatypes.fst +R52301 AST.memory_chunk +R52295 AST.ident +R52159 Mem.val_list_inject +R52135 Coq.Init.Logic "x = y" type_scope +R52116 Coq.Lists.List.length +R52137 Coq.Lists.List.length +R52538 Cminorgenproof.vars_vals_match_holds_1 +R52538 Cminorgenproof.vars_vals_match_holds_1 +R52608 Cminorgenproof.vars_vals_match_extensional +R52608 Cminorgenproof.vars_vals_match_extensional +R52660 Maps.gso +R52660 Maps.gso +R52710 Coq.Lists.List.in_or_app +R52710 Coq.Lists.List.in_or_app +R52749 Coq.Init.Datatypes.fst +R52753 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52754 Coq.Init.Datatypes.fst +R52736 Coq.Init.Datatypes.fst +R52749 Coq.Init.Datatypes.fst +R52753 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52754 Coq.Init.Datatypes.fst +R52736 Coq.Init.Datatypes.fst +R52775 Coq.Lists.List.in_map +R52775 Coq.Lists.List.in_map +R52922 Coq.Init.Logic "x = y" type_scope +R52903 Coq.Lists.List.length +R52924 Coq.Lists.List.length +R52862 Cminorplus.bind_parameters +R53547 Coq.Init.Logic "'exists' x , p" type_scope +R53558 Coq.Init.Logic "'exists' x , p" type_scope +R53570 Coq.Init.Logic "'exists' x , p" type_scope +R53729 Coq.Init.Logic "A /\ B" type_scope +R53587 Cminor.exec_stmtlist +R53716 Cminor.Out_normal +R53650 Cminorgen.store_parameters +R53676 Cminorgenproof.fn_params +R53606 Values.Vptr +R53614 Integers.zero +R53755 Coq.Init.Logic "A /\ B" type_scope +R53732 Mem.mem_inject +R53777 Coq.Init.Logic "A /\ B" type_scope +R53758 Mem.inject_incr +R53908 Coq.Init.Logic "A /\ B" type_scope +R53780 Cminorgenproof.match_callstack +R53892 Mem.nextblock +R53876 Mem.nextblock +R53858 Coq.Lists.List "x :: y" list_scope +R53807 Cminorgenproof.mkframe +R53847 Mem.nextblock +R53832 Mem.nextblock +R53958 Coq.Init.Logic "A <-> B" type_scope +R53936 Coq.ZArith.BinInt "x <= y < z" Z_scope +R53925 Mem.nextblock +R53947 Mem.nextblock +R53962 Coq.Lists.List.In +R53488 Coqlib.list_norepet +R53521 Coq.Lists.List "x ++ y" list_scope +R53502 Cminorplus.fn_params_names +R53524 Cminorplus.fn_vars_names +R53465 Mem.mem_inject +R53429 Mem.val_list_inject +R53353 Cminor.set_locals +R53384 Cminor.set_params +R53403 Cminorplus.fn_params_names +R53365 Cminorplus.fn_vars_names +R53322 Coq.Init.Logic "x = y" type_scope +R53304 Mem.alloc +R53324 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53281 Coq.ZArith.BinInt "x <= y" Z_scope +R53284 Integers.max_signed +R53260 Coq.Init.Logic "x = y" type_scope +R53241 Cminorgen.build_compilenv +R53262 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53184 Cminorgenproof.match_callstack +R53223 Mem.nextblock +R53208 Mem.nextblock +R53132 Cminorplus.bind_parameters +R53157 Cminorgenproof.fn_params +R53073 Cminorplus.alloc_variables +R53102 Cminorplus.fn_variables +R53089 Cminorplus.empty_env +R54004 Cminorgenproof.bind_parameters_length +R54004 Cminorgenproof.bind_parameters_length +R54066 Cminorgenproof.match_callstack_alloc_variables +R54066 Cminorgenproof.match_callstack_alloc_variables +R54232 Mem.val_list_inject +R54232 Mem.val_list_inject +R54277 Mem.val_list_inject_incr +R54277 Mem.val_list_inject_incr +R54320 Cminorgenproof.vars_vals_match_holds +R54379 Coqlib.list_norepet_append_commut +R54320 Cminorgenproof.vars_vals_match_holds +R54379 Coqlib.list_norepet_append_commut +R54457 Coqlib.list_norepet +R54471 Coq.Lists.List.map +R54510 Cminorgenproof.fn_params +R54482 Coq.Init.Datatypes.fst +R54492 AST.memory_chunk +R54486 AST.ident +R54457 Coqlib.list_norepet +R54471 Coq.Lists.List.map +R54510 Cminorgenproof.fn_params +R54482 Coq.Init.Datatypes.fst +R54492 AST.memory_chunk +R54486 AST.ident +R54571 Coqlib.list_norepet_append_left +R54571 Coqlib.list_norepet_append_left +R54616 Cminorgenproof.store_parameters_correct +R54616 Cminorgenproof.store_parameters_correct +R54864 Cminorgenproof.alloc_variables_list_block +R54864 Cminorgenproof.alloc_variables_list_block +R55037 Coq.Init.Logic "x = y" type_scope +R55022 Cminorgen.bind +R55039 Coq.Init.Datatypes.Some +R55296 Coq.Init.Logic "x = y" type_scope +R55291 Coq.Init.Datatypes.None +R55298 Coq.Init.Datatypes.Some +R55359 Coq.Init.Logic "x = y" type_scope +R55352 Coq.Init.Datatypes.Some +R55361 Coq.Init.Datatypes.Some +R55100 Coq.Init.Logic.refl_equal +R55522 Coq.Init.Logic "x = y" type_scope +R55507 Cminorgen.bind +R55524 Coq.Init.Datatypes.Some +R55570 Coq.Init.Logic "x = y" type_scope +R55565 Coq.Init.Datatypes.None +R55572 Coq.Init.Datatypes.Some +R55619 Coq.Init.Logic "x = y" type_scope +R55612 Coq.Init.Datatypes.Some +R55621 Coq.Init.Datatypes.Some +R55678 Coq.Init.Logic "x = y" type_scope +R55680 Coq.Init.Datatypes.Some +R55744 Coq.Init.Logic "x = y" type_scope +R55746 Coq.Init.Datatypes.Some +R55808 Coq.Init.Logic "x = y" type_scope +R55810 Coq.Init.Datatypes.Some +R55870 Coq.Init.Logic "x = y" type_scope +R55872 Coq.Init.Datatypes.Some +R55930 Coq.Init.Logic "x = y" type_scope +R55932 Coq.Init.Datatypes.Some +R55988 Coq.Init.Logic "x = y" type_scope +R55990 Coq.Init.Datatypes.Some +R56044 Coq.Init.Logic "x = y" type_scope +R56046 Coq.Init.Datatypes.Some +R56597 Coq.Init.Logic "'exists' x , p" type_scope +R56608 Coq.Init.Logic "'exists' x , p" type_scope +R56620 Coq.Init.Logic "'exists' x , p" type_scope +R56632 Coq.Init.Logic "'exists' x , p" type_scope +R56709 Coq.Init.Logic "A /\ B" type_scope +R56648 Cminor.eval_expr +R56663 Values.Vptr +R56671 Integers.zero +R56733 Coq.Init.Logic "A /\ B" type_scope +R56712 Mem.val_inject +R56759 Coq.Init.Logic "A /\ B" type_scope +R56736 Mem.mem_inject +R56782 Coq.Init.Logic "A /\ B" type_scope +R56762 Mem.inject_incr +R56785 Cminorgenproof.match_callstack +R56876 Mem.nextblock +R56860 Mem.nextblock +R56841 Coq.Lists.List "x :: y" list_scope +R56813 Cminorgenproof.mkframe +R56434 Cminorgenproof.match_callstack +R56531 Mem.nextblock +R56515 Mem.nextblock +R56493 Coq.Lists.List "x :: y" list_scope +R56465 Cminorgenproof.mkframe +R56402 Mem.mem_inject +R56366 Mem.val_list_inject +R56346 Coq.Init.Logic "x = y" type_scope +R56327 Cminorgen.transl_expr +R56348 Coq.Init.Datatypes.Some +R56261 Values.val +R56252 Mem.mem +R56239 Cminorgenproof.expr +R56230 Mem.mem +R56218 Cminorgenproof.env +R56204 Cminorgenproof.letenv +R57347 Coq.Init.Logic "'exists' x , p" type_scope +R57358 Coq.Init.Logic "'exists' x , p" type_scope +R57370 Coq.Init.Logic "'exists' x , p" type_scope +R57382 Coq.Init.Logic "'exists' x , p" type_scope +R57466 Coq.Init.Logic "A /\ B" type_scope +R57399 Cminor.eval_exprlist +R57418 Values.Vptr +R57426 Integers.zero +R57497 Coq.Init.Logic "A /\ B" type_scope +R57469 Mem.val_list_inject +R57523 Coq.Init.Logic "A /\ B" type_scope +R57500 Mem.mem_inject +R57546 Coq.Init.Logic "A /\ B" type_scope +R57526 Mem.inject_incr +R57549 Cminorgenproof.match_callstack +R57640 Mem.nextblock +R57624 Mem.nextblock +R57605 Coq.Lists.List "x :: y" list_scope +R57577 Cminorgenproof.mkframe +R57179 Cminorgenproof.match_callstack +R57276 Mem.nextblock +R57260 Mem.nextblock +R57238 Coq.Lists.List "x :: y" list_scope +R57210 Cminorgenproof.mkframe +R57147 Mem.mem_inject +R57111 Mem.val_list_inject +R57090 Coq.Init.Logic "x = y" type_scope +R57066 Cminorgen.transl_exprlist +R57092 Coq.Init.Datatypes.Some +R56994 Coq.Lists.List.list +R56999 Values.val +R56984 Mem.mem +R56967 Cminorgenproof.exprlist +R56957 Mem.mem +R56945 Cminorgenproof.env +R56931 Cminorgenproof.letenv +R57975 Coq.Init.Logic "'exists' x , p" type_scope +R57986 Coq.Init.Logic "'exists' x , p" type_scope +R57998 Coq.Init.Logic "'exists' x , p" type_scope +R58058 Coq.Init.Logic "A /\ B" type_scope +R58016 Cminor.eval_funcall +R58086 Coq.Init.Logic "A /\ B" type_scope +R58061 Mem.val_inject +R58112 Coq.Init.Logic "A /\ B" type_scope +R58089 Mem.mem_inject +R58135 Coq.Init.Logic "A /\ B" type_scope +R58115 Mem.inject_incr +R58138 Cminorgenproof.match_callstack +R58180 Mem.nextblock +R58164 Mem.nextblock +R57941 Mem.val_list_inject +R57872 Cminorgenproof.match_callstack +R57914 Mem.nextblock +R57898 Mem.nextblock +R57840 Mem.mem_inject +R57819 Coq.Init.Logic "x = y" type_scope +R57800 Cminorgen.transl_function +R57821 Coq.Init.Datatypes.Some +R57749 Values.val +R57738 Mem.mem +R57723 Coq.Lists.List.list +R57728 Values.val +R57704 Cminorgenproof.function +R57694 Mem.mem +R58225 Mem.meminj +R58248 Cminor.outcome +R58235 Cminorgenproof.outcome +R58330 Cminor.Out_normal +R58317 Cminorgenproof.Out_normal +R58415 Cminor.Out_exit +R58400 Cminorgenproof.Out_exit +R58503 Cminor.Out_return +R58514 Coq.Init.Datatypes.None +R58483 Cminorgenproof.Out_return +R58496 Coq.Init.Datatypes.None +R58649 Cminor.Out_return +R58661 Coq.Init.Datatypes.Some +R58624 Cminorgenproof.Out_return +R58638 Coq.Init.Datatypes.Some +R58578 Mem.val_inject +R59053 Coq.Init.Logic "'exists' x , p" type_scope +R59064 Coq.Init.Logic "'exists' x , p" type_scope +R59076 Coq.Init.Logic "'exists' x , p" type_scope +R59088 Coq.Init.Logic "'exists' x , p" type_scope +R59165 Coq.Init.Logic "A /\ B" type_scope +R59106 Cminor.exec_stmt +R59121 Values.Vptr +R59129 Integers.zero +R59197 Coq.Init.Logic "A /\ B" type_scope +R59168 Cminorgenproof.outcome_inject +R59223 Coq.Init.Logic "A /\ B" type_scope +R59200 Mem.mem_inject +R59246 Coq.Init.Logic "A /\ B" type_scope +R59226 Mem.inject_incr +R59249 Cminorgenproof.match_callstack +R59340 Mem.nextblock +R59324 Mem.nextblock +R59305 Coq.Lists.List "x :: y" list_scope +R59277 Cminorgenproof.mkframe +R58890 Cminorgenproof.match_callstack +R58987 Mem.nextblock +R58971 Mem.nextblock +R58949 Coq.Lists.List "x :: y" list_scope +R58921 Cminorgenproof.mkframe +R58858 Mem.mem_inject +R58838 Coq.Init.Logic "x = y" type_scope +R58819 Cminorgen.transl_stmt +R58840 Coq.Init.Datatypes.Some +R58752 Cminorgenproof.outcome +R58741 Mem.mem +R58728 Cminorgenproof.stmt +R58719 Mem.mem +R58707 Cminorgenproof.env +R59752 Coq.Init.Logic "'exists' x , p" type_scope +R59763 Coq.Init.Logic "'exists' x , p" type_scope +R59775 Coq.Init.Logic "'exists' x , p" type_scope +R59787 Coq.Init.Logic "'exists' x , p" type_scope +R59868 Coq.Init.Logic "A /\ B" type_scope +R59805 Cminor.exec_stmtlist +R59824 Values.Vptr +R59832 Integers.zero +R59900 Coq.Init.Logic "A /\ B" type_scope +R59871 Cminorgenproof.outcome_inject +R59926 Coq.Init.Logic "A /\ B" type_scope +R59903 Mem.mem_inject +R59949 Coq.Init.Logic "A /\ B" type_scope +R59929 Mem.inject_incr +R59952 Cminorgenproof.match_callstack +R60043 Mem.nextblock +R60027 Mem.nextblock +R60008 Coq.Lists.List "x :: y" list_scope +R59980 Cminorgenproof.mkframe +R59585 Cminorgenproof.match_callstack +R59682 Mem.nextblock +R59666 Mem.nextblock +R59644 Coq.Lists.List "x :: y" list_scope +R59616 Cminorgenproof.mkframe +R59553 Mem.mem_inject +R59533 Coq.Init.Logic "x = y" type_scope +R59510 Cminorgen.transl_stmtlist +R59535 Coq.Init.Datatypes.Some +R59443 Cminorgenproof.outcome +R59432 Mem.mem +R59415 Cminorgenproof.stmtlist +R59406 Mem.mem +R59394 Cminorgenproof.env +R60313 Cminorgenproof.eval_expr_prop +R60336 Cminorgenproof.Evar +R60298 Coq.Init.Logic "x = y" type_scope +R60281 Mem.load +R60300 Coq.Init.Datatypes.Some +R60248 Coq.Init.Logic "x = y" type_scope +R60243 Maps "a ! b" +R60250 Coq.Init.Datatypes.Some +R60255 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R60259 Cminorplus.LVscalar +R60232 Values.val +R60213 AST.memory_chunk +R60197 Values.block +R60177 Coq.NArith.BinPos.positive +R60166 Mem.mem +R60127 Maps.t +R60142 Coq.Init.Datatypes "x * y" type_scope +R60136 Values.block +R60144 Cminorplus.local_variable +R60107 Cminorgenproof.letenv +R60422 Cminorgenproof.var_get_correct +R60422 Cminorgenproof.var_get_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R60977 Cminorgenproof.eval_expr_prop +R61000 Cminorgenproof.Eassign +R60961 Coq.Init.Logic "x = y" type_scope +R60939 Mem.store +R60963 Coq.Init.Datatypes.Some +R60923 Coq.Init.Logic "x = y" type_scope +R60909 Cminorplus.cast +R60925 Coq.Init.Datatypes.Some +R60876 Coq.Init.Logic "x = y" type_scope +R60871 Maps "a ! b" +R60878 Coq.Init.Datatypes.Some +R60883 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R60887 Cminorplus.LVscalar +R60833 Cminorgenproof.eval_expr_prop +R60797 Cminorgenproof.eval_expr +R60788 Mem.mem +R60777 Values.val +R60777 Values.val +R60754 AST.memory_chunk +R60733 Values.block +R60723 Mem.mem +R60709 Cminorgenproof.expr +R60694 Coq.NArith.BinPos.positive +R60678 Mem.mem +R60666 Cminorgenproof.env +R60651 Cminorgenproof.letenv +R61223 Cminorgenproof.var_set_correct +R61223 Cminorgenproof.var_set_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R61668 Cminorgenproof.eval_expr_prop +R61706 Values.Vptr +R61713 Integers.zero +R61691 Cminorplus.Eaddrof +R61647 Coq.Init.Logic "x = y" type_scope +R61642 Maps "a ! b" +R61649 Coq.Init.Datatypes.Some +R61654 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R61620 Cminorplus.local_variable +R61607 Values.block +R61587 Coq.NArith.BinPos.positive +R61576 Mem.mem +R61537 Maps.t +R61552 Coq.Init.Datatypes "x * y" type_scope +R61546 Values.block +R61554 Cminorplus.local_variable +R61517 Cminorgenproof.letenv +R61782 Cminorgenproof.var_addr_local_correct +R61782 Cminorgenproof.var_addr_local_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R62175 Cminorgenproof.eval_expr_prop +R62213 Values.Vptr +R62220 Integers.zero +R62198 Cminorplus.Eaddrof +R62160 Coq.Init.Logic "x = y" type_scope +R62137 Globalenvs.find_symbol +R62162 Coq.Init.Datatypes.Some +R62124 Coq.Init.Logic "x = y" type_scope +R62119 Maps "a ! b" +R62126 Coq.Init.Datatypes.None +R62106 Values.block +R62086 Coq.NArith.BinPos.positive +R62075 Mem.mem +R62036 Maps.t +R62051 Coq.Init.Datatypes "x * y" type_scope +R62045 Values.block +R62053 Cminorplus.local_variable +R62016 Cminorgenproof.letenv +R62289 Cminorgenproof.var_addr_global_correct +R62289 Cminorgenproof.var_addr_global_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R62757 Cminorgenproof.eval_expr_prop +R62780 Cminorgenproof.Eop +R62742 Coq.Init.Logic "x = y" type_scope +R62716 Cminorgenproof.eval_operation +R62744 Coq.Init.Datatypes.Some +R62675 Cminorgenproof.eval_exprlist_prop +R62634 Cminorgenproof.eval_exprlist +R62625 Values.val +R62610 Coq.Lists.List.list +R62615 Values.val +R62594 Mem.mem +R62576 Cminorgenproof.exprlist +R62557 Cminorgenproof.operation +R62541 Mem.mem +R62529 Cminorgenproof.env +R62514 Cminorgenproof.letenv +R62997 Cminorgenproof.make_op_correct +R62997 Cminorgenproof.make_op_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R63439 Cminorgenproof.eval_expr_prop +R63462 Cminorgenproof.Eload +R63424 Coq.Init.Logic "x = y" type_scope +R63406 Mem.loadv +R63426 Coq.Init.Datatypes.Some +R63370 Cminorgenproof.eval_expr_prop +R63334 Cminorgenproof.eval_expr +R63325 Values.val +R63325 Values.val +R63307 Mem.mem +R63293 Cminorgenproof.expr +R63274 AST.memory_chunk +R63255 Mem.mem +R63243 Cminorgenproof.env +R63228 Cminorgenproof.letenv +R63664 Mem.loadv_inject +R63664 Mem.loadv_inject +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R63811 Cminorgenproof.make_load_correct +R63811 Cminorgenproof.make_load_correct +R64258 Cminorgenproof.eval_expr_prop +R64281 Cminorgenproof.Estore +R64242 Coq.Init.Logic "x = y" type_scope +R64220 Mem.storev +R64244 Coq.Init.Datatypes.Some +R64204 Coq.Init.Logic "x = y" type_scope +R64190 Cminorplus.cast +R64206 Coq.Init.Datatypes.Some +R64153 Cminorgenproof.eval_expr_prop +R64116 Cminorgenproof.eval_expr +R64080 Cminorgenproof.eval_expr_prop +R64044 Cminorgenproof.eval_expr +R64035 Values.val +R64024 Mem.mem +R64013 Values.val +R64002 Mem.mem +R63991 Values.val +R63975 Mem.mem +R63961 Cminorgenproof.expr +R63961 Cminorgenproof.expr +R63940 AST.memory_chunk +R63921 Mem.mem +R63909 Cminorgenproof.env +R63894 Cminorgenproof.letenv +R64491 Mem.val_list_inject +R64491 Mem.val_list_inject +R64526 Mem.val_list_inject_incr +R64526 Mem.val_list_inject_incr +R64700 Mem.val_inject +R64700 Mem.val_inject +R64730 Mem.val_inject_incr +R64730 Mem.val_inject_incr +R64766 Cminorgenproof.make_store_correct +R64766 Cminorgenproof.make_store_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R65011 Mem.inject_incr_trans +R65011 Mem.inject_incr_trans +R65047 Mem.val_inject +R65047 Mem.val_inject +R65077 Mem.val_inject_incr +R65077 Mem.val_inject_incr +R65202 Mem.nextblock +R65222 Mem.nextblock +R65202 Mem.nextblock +R65222 Mem.nextblock +R65246 Cminorgenproof.match_callstack_mapped +R65246 Cminorgenproof.match_callstack_mapped +R65304 Mem.store_inv +R65304 Mem.store_inv +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R65446 Coq.Init.Logic "x = y" type_scope +R65438 Cminor.fn_sig +R65451 Cminorgenproof.fn_sig +R65421 Coq.Init.Logic "x = y" type_scope +R65403 Cminorgen.transl_function +R65423 Coq.Init.Datatypes.Some +R65520 Cminorgen.build_compilenv +R65520 Cminorgen.build_compilenv +R65548 Coqlib.zle +R65554 Integers.max_signed +R65548 Coqlib.zle +R65554 Integers.max_signed +R66171 Cminorgenproof.eval_expr_prop +R66194 Cminorgenproof.Ecall +R66128 Cminorgenproof.eval_funcall_prop +R66085 Cminorgenproof.eval_funcall +R66073 Coq.Init.Logic "x = y" type_scope +R66062 Cminorgenproof.fn_sig +R66047 Coq.Init.Logic "x = y" type_scope +R66025 Globalenvs.find_funct +R66049 Coq.Init.Datatypes.Some +R65980 Cminorgenproof.eval_exprlist_prop +R65935 Cminorgenproof.eval_exprlist +R65899 Cminorgenproof.eval_expr_prop +R65863 Cminorgenproof.eval_expr +R65847 Cminorgenproof.function +R65832 Values.val +R65814 Coq.Lists.List.list +R65819 Values.val +R65800 Values.val +R65789 Mem.mem +R65789 Mem.mem +R65789 Mem.mem +R65760 Cminorgenproof.exprlist +R65746 Cminorgenproof.expr +R65730 AST.signature +R65713 Mem.mem +R65701 Cminorgenproof.env +R65686 Cminorgenproof.letenv +R66420 Mem.val_list_inject +R66420 Mem.val_list_inject +R66455 Mem.val_list_inject_incr +R66455 Mem.val_list_inject_incr +R66632 Coq.Init.Logic "x = y" type_scope +R66632 Coq.Init.Logic "x = y" type_scope +R66649 Globalenvs.find_funct_inv +R66649 Globalenvs.find_funct_inv +R66718 Globalenvs.find_funct_find_funct_ptr +R66718 Globalenvs.find_funct_find_funct_ptr +R66773 Globalenvs.find_funct_ptr_inv +R66773 Globalenvs.find_funct_ptr_inv +R66821 Cminorgenproof.match_globalenvs +R66821 Cminorgenproof.match_globalenvs +R66850 Cminorgenproof.match_callstack_match_globalenvs +R66850 Cminorgenproof.match_callstack_match_globalenvs +R66907 Cminorgenproof.mg_functions +R66907 Cminorgenproof.mg_functions +R67094 Cminorgenproof.functions_translated +R67094 Cminorgenproof.functions_translated +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R67335 Cminor.eval_Ecall +R67335 Cminor.eval_Ecall +R67375 Cminorgenproof.sig_transl_function +R67375 Cminorgenproof.sig_transl_function +R67410 Mem.inject_incr_trans +R67410 Mem.inject_incr_trans +R67452 Mem.inject_incr_trans +R67452 Mem.inject_incr_trans +R67824 Cminorgenproof.eval_expr_prop +R67847 Cminorgenproof.Econdition +R67787 Cminorgenproof.eval_expr_prop +R67750 Cminorgenproof.eval_expr +R67729 Values.is_true +R67693 Cminorgenproof.eval_expr_prop +R67657 Cminorgenproof.eval_expr +R67648 Values.val +R67632 Mem.mem +R67621 Values.val +R67610 Mem.mem +R67596 Cminorgenproof.expr +R67596 Cminorgenproof.expr +R67596 Cminorgenproof.expr +R67577 Mem.mem +R67565 Cminorgenproof.env +R67550 Cminorgenproof.letenv +R68057 Mem.val_list_inject +R68057 Mem.val_list_inject +R68092 Mem.val_list_inject_incr +R68092 Mem.val_list_inject_incr +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R68334 Cmconstrproof.eval_conditionalexpr_true +R68334 Cmconstrproof.eval_conditionalexpr_true +R68454 Mem.inject_incr_trans +R68454 Mem.inject_incr_trans +R68821 Cminorgenproof.eval_expr_prop +R68844 Cminorgenproof.Econdition +R68784 Cminorgenproof.eval_expr_prop +R68747 Cminorgenproof.eval_expr +R68725 Values.is_false +R68689 Cminorgenproof.eval_expr_prop +R68653 Cminorgenproof.eval_expr +R68644 Values.val +R68628 Mem.mem +R68617 Values.val +R68606 Mem.mem +R68592 Cminorgenproof.expr +R68592 Cminorgenproof.expr +R68592 Cminorgenproof.expr +R68573 Mem.mem +R68561 Cminorgenproof.env +R68546 Cminorgenproof.letenv +R69054 Mem.val_list_inject +R69054 Mem.val_list_inject +R69089 Mem.val_list_inject_incr +R69089 Mem.val_list_inject_incr +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R69331 Cmconstrproof.eval_conditionalexpr_false +R69331 Cmconstrproof.eval_conditionalexpr_false +R69452 Mem.inject_incr_trans +R69452 Mem.inject_incr_trans +R69794 Cminorgenproof.eval_expr_prop +R69817 Cminorgenproof.Elet +R69749 Cminorgenproof.eval_expr_prop +R69768 Coq.Lists.List "x :: y" list_scope +R69704 Cminorgenproof.eval_expr +R69723 Coq.Lists.List "x :: y" list_scope +R69668 Cminorgenproof.eval_expr_prop +R69632 Cminorgenproof.eval_expr +R69623 Values.val +R69612 Mem.mem +R69601 Values.val +R69590 Mem.mem +R69576 Cminorgenproof.expr +R69576 Cminorgenproof.expr +R69559 Mem.mem +R69547 Cminorgenproof.env +R69532 Cminorgenproof.letenv +R70019 Mem.val_list_inject +R70054 Coq.Lists.List "x :: y" list_scope +R70042 Coq.Lists.List "x :: y" list_scope +R70019 Mem.val_list_inject +R70054 Coq.Lists.List "x :: y" list_scope +R70042 Coq.Lists.List "x :: y" list_scope +R70094 Mem.val_list_inject_incr +R70094 Mem.val_list_inject_incr +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R70331 Cminor.eval_Elet +R70331 Cminor.eval_Elet +R70358 Mem.inject_incr_trans +R70358 Mem.inject_incr_trans +R70508 Coq.Init.Logic "'exists' x , p" type_scope +R70544 Coq.Init.Logic "A /\ B" type_scope +R70534 Coq.Init.Logic "x = y" type_scope +R70519 Coq.Lists.List.nth_error +R70536 Coq.Init.Datatypes.Some +R70547 Mem.val_inject +R70493 Coq.Init.Logic "x = y" type_scope +R70478 Coq.Lists.List.nth_error +R70495 Coq.Init.Datatypes.Some +R70436 Mem.val_list_inject +R70860 Cminorgenproof.eval_expr_prop +R70883 Cminorgenproof.Eletvar +R70845 Coq.Init.Logic "x = y" type_scope +R70830 Coq.Lists.List.nth_error +R70847 Coq.Init.Datatypes.Some +R70821 Values.val +R70806 Coq.Init.Datatypes.nat +R70796 Mem.mem +R70784 Cminorgenproof.env +R70769 Coq.Lists.List.list +R70774 Values.val +R70956 Cminorgenproof.val_list_inject_nth +R70956 Cminorgenproof.val_list_inject_nth +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R71091 Cminor.eval_Eletvar +R71091 Cminor.eval_Eletvar +R71205 Cminorgenproof.eval_exprlist_prop +R71240 Coq.Lists.List.nil +R71231 Cminorgenproof.Enil +R71196 Mem.mem +R71184 Cminorgenproof.env +R71169 Cminorgenproof.letenv +R71335 Coq.Lists.List.nil +R71339 Values.val +R71335 Coq.Lists.List.nil +R71339 Values.val +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R71720 Cminorgenproof.eval_exprlist_prop +R71767 Coq.Lists.List "x :: y" list_scope +R71747 Cminorgenproof.Econs +R71678 Cminorgenproof.eval_exprlist_prop +R71636 Cminorgenproof.eval_exprlist +R71601 Cminorgenproof.eval_expr_prop +R71566 Cminorgenproof.eval_expr +R71552 Coq.Lists.List.list +R71557 Values.val +R71541 Mem.mem +R71530 Values.val +R71515 Mem.mem +R71497 Cminorgenproof.exprlist +R71483 Cminorgenproof.expr +R71468 Mem.mem +R71456 Cminorgenproof.env +R71441 Cminorgenproof.letenv +R71959 Mem.val_list_inject +R71959 Mem.val_list_inject +R71994 Mem.val_list_inject_incr +R71994 Mem.val_list_inject_incr +R72168 Mem.val_inject +R72168 Mem.val_inject +R72197 Mem.val_inject_incr +R72197 Mem.val_inject_incr +R72270 Coq.Lists.List "x :: y" list_scope +R72270 Coq.Lists.List "x :: y" list_scope +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R72333 Mem.inject_incr_trans +R72333 Mem.inject_incr_trans +R72883 Cminorgenproof.eval_funcall_prop +R72912 Mem.free_list +R72822 Cminorgenproof.outcome_result_value +R72850 AST.sig_res +R72859 Cminorgenproof.fn_sig +R72771 Cminorgenproof.exec_stmtlist_prop +R72796 Cminorgenproof.fn_body +R72720 Cminorgenproof.exec_stmtlist +R72745 Cminorgenproof.fn_body +R72668 Cminorplus.bind_parameters +R72690 Cminorgenproof.fn_params +R72609 Cminorplus.alloc_variables +R72638 Cminorplus.fn_variables +R72625 Cminorplus.empty_env +R72551 Coqlib.list_norepet +R72583 Coq.Lists.List "x ++ y" list_scope +R72565 Cminorplus.fn_params_names +R72586 Cminorplus.fn_vars_names +R72542 Values.val +R72523 Cminorgenproof.outcome +R72506 Mem.mem +R72506 Mem.mem +R72485 Coq.Lists.List.list +R72490 Values.block +R72474 Mem.mem +R72461 Cminorgenproof.env +R72441 Coq.Lists.List.list +R72446 Values.val +R72420 Cminorgenproof.function +R72410 Mem.mem +R73026 Cminorgen.build_compilenv +R73026 Cminorgen.build_compilenv +R73109 Coqlib.zle +R73123 Integers.max_signed +R73109 Coqlib.zle +R73123 Integers.max_signed +R73194 Mem.alloc +R73194 Mem.alloc +R73250 Cminorgenproof.function_entry_ok +R73250 Cminorgenproof.function_entry_ok +R73555 Coq.Init.Logic "'exists' x , p" type_scope +R73636 Coq.Init.Logic "A /\ B" type_scope +R73581 Cminor.outcome_result_value +R73621 AST.sig_res +R73610 Cminorgenproof.fn_sig +R73650 Mem.val_inject +R73555 Coq.Init.Logic "'exists' x , p" type_scope +R73636 Coq.Init.Logic "A /\ B" type_scope +R73581 Cminor.outcome_result_value +R73621 AST.sig_res +R73610 Cminorgenproof.fn_sig +R73650 Mem.val_inject +R73786 AST.sig_res +R73795 Cminorgenproof.fn_sig +R73786 AST.sig_res +R73795 Cminorgenproof.fn_sig +R73844 Values.Vundef +R73844 Values.Vundef +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R73915 AST.sig_res +R73924 Cminorgenproof.fn_sig +R73915 AST.sig_res +R73924 Cminorgenproof.fn_sig +R73973 Values.Vundef +R73973 Values.Vundef +R74033 AST.sig_res +R74042 Cminorgenproof.fn_sig +R74033 AST.sig_res +R74042 Cminorgenproof.fn_sig +R74204 Mem.free +R74204 Mem.free +R74314 Cminor.exec_Scons_continue +R74314 Cminor.exec_Scons_continue +R74374 Cminor.outcome_block +R74388 Cminor.Out_normal +R74357 Cminor.Out_normal +R74374 Cminor.outcome_block +R74388 Cminor.Out_normal +R74357 Cminor.Out_normal +R74409 Cminor.exec_Sblock +R74409 Cminor.exec_Sblock +R74533 Mem.free_inject +R74533 Mem.free_inject +R74700 Mem.inject_incr_trans +R74700 Mem.inject_incr_trans +R74802 Coq.Init.Logic "x = y" type_scope +R74774 Mem.nextblock +R74785 Mem.free_list +R74804 Mem.nextblock +R74802 Coq.Init.Logic "x = y" type_scope +R74774 Mem.nextblock +R74785 Mem.free_list +R74804 Mem.nextblock +R74892 Mem.nextblock +R74892 Mem.nextblock +R74925 Cminorgenproof.match_callstack_freelist +R74925 Cminorgenproof.match_callstack_freelist +R75213 Cminorgenproof.exec_stmt_prop +R75247 Cminorgenproof.Out_normal +R75233 Cminorgenproof.Sexpr +R75177 Cminorgenproof.eval_expr_prop +R75192 Coq.Lists.List.nil +R75141 Cminorgenproof.eval_expr +R75156 Coq.Lists.List.nil +R75132 Values.val +R75122 Mem.mem +R75103 Cminorgenproof.expr +R75093 Mem.mem +R75081 Cminorgenproof.env +R75344 Mem.val_nil_inject +R75344 Mem.val_nil_inject +R75487 Cminor.Out_normal +R75487 Cminor.Out_normal +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R75918 Cminorgenproof.exec_stmt_prop +R75938 Cminorgenproof.Sifthenelse +R75877 Cminorgenproof.exec_stmtlist_prop +R75836 Cminorgenproof.exec_stmtlist +R75815 Values.is_true +R75778 Cminorgenproof.eval_expr_prop +R75793 Coq.Lists.List.nil +R75741 Cminorgenproof.eval_expr +R75756 Coq.Lists.List.nil +R75726 Cminorgenproof.outcome +R75709 Mem.mem +R75698 Values.val +R75687 Mem.mem +R75669 Cminorgenproof.stmtlist +R75669 Cminorgenproof.stmtlist +R75645 Cminorgenproof.expr +R75635 Mem.mem +R75623 Cminorgenproof.env +R76053 Mem.val_nil_inject +R76053 Mem.val_nil_inject +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R76354 Cmconstrproof.exec_ifthenelse_true +R76354 Cmconstrproof.exec_ifthenelse_true +R76468 Mem.inject_incr_trans +R76468 Mem.inject_incr_trans +R76856 Cminorgenproof.exec_stmt_prop +R76876 Cminorgenproof.Sifthenelse +R76815 Cminorgenproof.exec_stmtlist_prop +R76774 Cminorgenproof.exec_stmtlist +R76752 Values.is_false +R76715 Cminorgenproof.eval_expr_prop +R76730 Coq.Lists.List.nil +R76678 Cminorgenproof.eval_expr +R76693 Coq.Lists.List.nil +R76663 Cminorgenproof.outcome +R76646 Mem.mem +R76635 Values.val +R76624 Mem.mem +R76606 Cminorgenproof.stmtlist +R76606 Cminorgenproof.stmtlist +R76582 Cminorgenproof.expr +R76572 Mem.mem +R76560 Cminorgenproof.env +R76991 Mem.val_nil_inject +R76991 Mem.val_nil_inject +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R77292 Cmconstrproof.exec_ifthenelse_false +R77292 Cmconstrproof.exec_ifthenelse_false +R77407 Mem.inject_incr_trans +R77407 Mem.inject_incr_trans +R77756 Cminorgenproof.exec_stmt_prop +R77776 Cminorgenproof.Sloop +R77710 Cminorgenproof.exec_stmt_prop +R77731 Cminorgenproof.Sloop +R77664 Cminorgenproof.exec_stmt +R77685 Cminorgenproof.Sloop +R77616 Cminorgenproof.exec_stmtlist_prop +R77645 Cminorgenproof.Out_normal +R77568 Cminorgenproof.exec_stmtlist +R77597 Cminorgenproof.Out_normal +R77553 Cminorgenproof.outcome +R77541 Mem.mem +R77541 Mem.mem +R77515 Cminorgenproof.stmtlist +R77504 Mem.mem +R77492 Cminorgenproof.env +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R78161 Cminor.exec_Sloop_loop +R78161 Cminor.exec_Sloop_loop +R78233 Mem.inject_incr_trans +R78233 Mem.inject_incr_trans +R78496 Cminorgenproof.exec_stmt_prop +R78516 Cminorgenproof.Sloop +R78474 Coq.Init.Logic "x <> y" type_scope +R78477 Cminorgenproof.Out_normal +R78431 Cminorgenproof.exec_stmtlist_prop +R78392 Cminorgenproof.exec_stmtlist +R78377 Cminorgenproof.outcome +R78365 Mem.mem +R78342 Cminorgenproof.stmtlist +R78331 Mem.mem +R78319 Cminorgenproof.env +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R78778 Cminor.exec_Sloop_stop +R78778 Cminor.exec_Sloop_stop +R79056 Cminorgenproof.exec_stmt_prop +R79098 Cminorgenproof.outcome_block +R79076 Cminorgenproof.Sblock +R79017 Cminorgenproof.exec_stmtlist_prop +R78978 Cminorgenproof.exec_stmtlist +R78963 Cminorgenproof.outcome +R78951 Mem.mem +R78928 Cminorgenproof.stmtlist +R78917 Mem.mem +R78905 Cminorgenproof.env +R79326 Cminor.outcome_block +R79326 Cminor.outcome_block +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R79378 Cminor.exec_Sblock +R79378 Cminor.exec_Sblock +R79604 Cminorgenproof.exec_stmt_prop +R79638 Cminorgenproof.Out_exit +R79624 Cminorgenproof.Sexit +R79595 Coq.Init.Datatypes.nat +R79585 Mem.mem +R79573 Cminorgenproof.env +R79741 Cminor.Out_exit +R79741 Cminor.Out_exit +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R79885 Cminorgenproof.exec_stmt_prop +R79929 Cminorgenproof.Out_return +R79942 Coq.Init.Datatypes.None +R79905 Cminorgenproof.Sreturn +R79915 Coq.Init.Datatypes.None +R79876 Mem.mem +R79864 Cminorgenproof.env +R80037 Cminor.Out_return +R80048 Coq.Init.Datatypes.None +R80037 Cminor.Out_return +R80048 Coq.Init.Datatypes.None +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R80297 Cminorgenproof.exec_stmt_prop +R80346 Cminorgenproof.Out_return +R80360 Coq.Init.Datatypes.Some +R80317 Cminorgenproof.Sreturn +R80328 Coq.Init.Datatypes.Some +R80261 Cminorgenproof.eval_expr_prop +R80276 Coq.Lists.List.nil +R80225 Cminorgenproof.eval_expr +R80240 Coq.Lists.List.nil +R80216 Values.val +R80206 Mem.mem +R80187 Cminorgenproof.expr +R80177 Mem.mem +R80165 Cminorgenproof.env +R80452 Mem.val_nil_inject +R80452 Mem.val_nil_inject +R80594 Cminor.Out_return +R80606 Coq.Init.Datatypes.Some +R80594 Cminor.Out_return +R80606 Coq.Init.Datatypes.Some +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R80759 Cminorgenproof.exec_stmtlist_prop +R80791 Cminorgenproof.Out_normal +R80782 Cminorgenproof.Snil +R80750 Mem.mem +R80738 Cminorgenproof.env +R80892 Cminor.Out_normal +R80892 Cminor.Out_normal +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R81268 Cminorgenproof.exec_stmtlist_prop +R81292 Cminorgenproof.Scons +R81228 Cminorgenproof.exec_stmtlist_prop +R81188 Cminorgenproof.exec_stmtlist +R81145 Cminorgenproof.exec_stmt_prop +R81169 Cminorgenproof.Out_normal +R81102 Cminorgenproof.exec_stmt +R81126 Cminorgenproof.Out_normal +R81087 Cminorgenproof.outcome +R81075 Mem.mem +R81075 Mem.mem +R81054 Cminorgenproof.stmtlist +R81035 Cminorgenproof.stmt +R81025 Mem.mem +R81013 Cminorgenproof.env +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R81677 Cminor.exec_Scons_continue +R81677 Cminor.exec_Scons_continue +R81752 Mem.inject_incr_trans +R81752 Mem.inject_incr_trans +R82018 Cminorgenproof.exec_stmtlist_prop +R82042 Cminorgenproof.Scons +R81996 Coq.Init.Logic "x <> y" type_scope +R81999 Cminorgenproof.Out_normal +R81958 Cminorgenproof.exec_stmt_prop +R81924 Cminorgenproof.exec_stmt +R81909 Cminorgenproof.outcome +R81897 Mem.mem +R81879 Cminorgenproof.stmtlist +R81860 Cminorgenproof.stmt +R81850 Mem.mem +R81838 Cminorgenproof.env +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R82306 Cminor.exec_Scons_stop +R82306 Cminor.exec_Scons_stop +R82491 Cminorgenproof.eval_funcall_prop +R82448 Cminorgenproof.eval_funcall +R82538 Cminorplus.eval_funcall_ind5 +R83582 Cminorgenproof.transl_stmtlist_Scons_1_correct +R83545 Cminorgenproof.transl_stmtlist_Scons_2_correct +R83511 Cminorgenproof.transl_stmtlist_Snil_correct +R83473 Cminorgenproof.transl_stmt_Sreturn_some_correct +R83435 Cminorgenproof.transl_stmt_Sreturn_none_correct +R83404 Cminorgenproof.transl_stmt_Sexit_correct +R83372 Cminorgenproof.transl_stmt_Sblock_correct +R83336 Cminorgenproof.transl_stmt_Sloop_exit_correct +R83300 Cminorgenproof.transl_stmt_Sloop_loop_correct +R83257 Cminorgenproof.transl_stmt_Sifthenelse_false_correct +R83215 Cminorgenproof.transl_stmt_Sifthenelse_true_correct +R83184 Cminorgenproof.transl_stmt_Sexpr_correct +R83156 Cminorgenproof.transl_funcall_correct +R83121 Cminorgenproof.transl_exprlist_Econs_correct +R83087 Cminorgenproof.transl_exprlist_Enil_correct +R83054 Cminorgenproof.transl_expr_Eletvar_correct +R83024 Cminorgenproof.transl_expr_Elet_correct +R82982 Cminorgenproof.transl_expr_Econdition_false_correct +R82941 Cminorgenproof.transl_expr_Econdition_true_correct +R82910 Cminorgenproof.transl_expr_Ecall_correct +R82878 Cminorgenproof.transl_expr_Estore_correct +R82847 Cminorgenproof.transl_expr_Eload_correct +R82818 Cminorgenproof.transl_expr_Eop_correct +R82778 Cminorgenproof.transl_expr_Eaddrof_global_correct +R82739 Cminorgenproof.transl_expr_Eaddrof_local_correct +R82706 Cminorgenproof.transl_expr_Eassign_correct +R82676 Cminorgenproof.transl_expr_Evar_correct +R82651 Cminorgenproof.exec_stmtlist_prop +R82631 Cminorgenproof.exec_stmt_prop +R82608 Cminorgenproof.eval_funcall_prop +R82584 Cminorgenproof.eval_exprlist_prop +R82564 Cminorgenproof.eval_expr_prop +R83841 Cminorgenproof.match_globalenvs +R83790 Coqlib.zlt +R83799 Mem.nextblock +R83831 Coq.Init.Datatypes.None +R83815 Coq.Init.Datatypes.Some +R83819 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R83744 Globalenvs.init_mem +R83710 Globalenvs.init_mem +R83944 Coqlib.zlt_true +R83944 Coqlib.zlt_true +R83980 Globalenvs.find_symbol_inv +R83980 Globalenvs.find_symbol_inv +R84031 Cminorgenproof.symbols_preserved +R84031 Cminorgenproof.symbols_preserved +R84078 Coqlib.zlt_true +R84078 Coqlib.zlt_true +R84108 Mem.nextblock_pos +R84108 Mem.nextblock_pos +R84219 Cminor.exec_program +R84239 Values.Vint +R84185 Cminorgenproof.exec_program +R84206 Values.Vint +R84315 Cminorgenproof.function_ptr_translated +R84315 Cminorgenproof.function_ptr_translated +R84387 Globalenvs.init_mem +R84387 Globalenvs.init_mem +R84437 Coqlib.zlt +R84447 Mem.nextblock +R84479 Coq.Init.Datatypes.None +R84463 Coq.Init.Datatypes.Some +R84467 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R84437 Coqlib.zlt +R84447 Mem.nextblock +R84479 Coq.Init.Datatypes.None +R84463 Coq.Init.Datatypes.Some +R84467 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R84503 Mem.mem_inject +R84503 Mem.mem_inject +R84569 Coqlib.zlt_false +R84569 Coqlib.zlt_false +R84600 Coqlib.zlt +R84608 Mem.nextblock +R84600 Coqlib.zlt +R84608 Mem.nextblock +R84788 Globalenvs.initmem_undef +R84788 Globalenvs.initmem_undef +R84898 Coqlib.zlt +R84906 Mem.nextblock +R84898 Coqlib.zlt +R84906 Mem.nextblock +R84954 Coqlib.zlt +R84962 Mem.nextblock +R84954 Coqlib.zlt +R84962 Mem.nextblock +R85037 Cminorgenproof.match_callstack +R85078 Mem.nextblock +R85063 Mem.nextblock +R85055 Coq.Lists.List.nil +R85037 Cminorgenproof.match_callstack +R85078 Mem.nextblock +R85063 Mem.nextblock +R85055 Coq.Lists.List.nil +R85127 Cminorgenproof.match_globalenvs_init +R85127 Cminorgenproof.match_globalenvs_init +R85181 Cminorgenproof.transl_function_correct +R85284 Mem.val_nil_inject +R85181 Cminorgenproof.transl_function_correct +R85284 Mem.val_nil_inject +R85449 AST.prog_main +R85471 AST.prog_main +R85449 AST.prog_main +R85471 AST.prog_main +R85504 Cminorgenproof.symbols_preserved +R85504 Cminorgenproof.symbols_preserved +R85567 Cminorgen.transl_function +R85531 AST.transform_partial_program_main +R85567 Cminorgen.transl_function +R85531 AST.transform_partial_program_main +R85648 Cminorgenproof.sig_transl_function +R85648 Cminorgenproof.sig_transl_function +R85686 Globalenvs.init_mem_transf_partial +R85715 Cminorgen.transl_function +R85686 Globalenvs.init_mem_transf_partial +R85715 Cminorgen.transl_function +FCminorgenproof +R410 Cminorgenproof.program +R437 Cminor.program +R485 Coq.Init.Logic "x = y" type_scope +R465 Cminorgen.transl_program +R487 Coq.Init.Datatypes.Some +R508 Cminorgenproof.genv +R518 Globalenvs.globalenv +R548 Cminor.genv +R556 Globalenvs.globalenv +R648 Coq.Init.Logic "x = y" type_scope +R625 Globalenvs.find_symbol +R650 Globalenvs.find_symbol +R617 AST.ident +R751 Cminorgen.transl_function +R714 Globalenvs.find_symbol_transf_partial +R751 Cminorgen.transl_function +R714 Globalenvs.find_symbol_transf_partial +R899 Coq.Init.Logic "'exists' x , p" type_scope +R948 Coq.Init.Logic "A /\ B" type_scope +R938 Coq.Init.Logic "x = y" type_scope +R912 Globalenvs.find_funct_ptr +R940 Coq.Init.Datatypes.Some +R969 Coq.Init.Logic "x = y" type_scope +R951 Cminorgen.transl_function +R971 Coq.Init.Datatypes.Some +R885 Coq.Init.Logic "x = y" type_scope +R860 Globalenvs.find_funct_ptr +R887 Coq.Init.Datatypes.Some +R845 Cminorgenproof.function +R834 Values.block +R1016 Globalenvs.find_funct_ptr_transf_partial +R1051 Cminorgen.transl_function +R1016 Globalenvs.find_funct_ptr_transf_partial +R1051 Cminorgen.transl_function +R1086 Cminorgen.transl_function +R1086 Cminorgen.transl_function +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R1286 Coq.Init.Logic "'exists' x , p" type_scope +R1331 Coq.Init.Logic "A /\ B" type_scope +R1321 Coq.Init.Logic "x = y" type_scope +R1299 Globalenvs.find_funct +R1323 Coq.Init.Datatypes.Some +R1352 Coq.Init.Logic "x = y" type_scope +R1334 Cminorgen.transl_function +R1354 Coq.Init.Datatypes.Some +R1272 Coq.Init.Logic "x = y" type_scope +R1251 Globalenvs.find_funct +R1274 Coq.Init.Datatypes.Some +R1236 Cminorgenproof.function +R1227 Values.val +R1399 Globalenvs.find_funct_transf_partial +R1430 Cminorgen.transl_function +R1399 Globalenvs.find_funct_transf_partial +R1430 Cminorgen.transl_function +R1465 Cminorgen.transl_function +R1465 Cminorgen.transl_function +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R1657 Mem.meminj +R1800 Coq.Init.Logic "A /\ B" type_scope +R1786 Coq.Init.Logic "x = y" type_scope +R1788 Coq.Init.Datatypes.Some +R1793 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1827 Coq.Init.Logic "x = y" type_scope +R1803 Globalenvs.find_symbol +R1829 Coq.Init.Datatypes.Some +R1764 Coq.Init.Logic "x = y" type_scope +R1741 Globalenvs.find_symbol +R1766 Coq.Init.Datatypes.Some +R1884 Coq.Init.Logic "x = y" type_scope +R1886 Coq.Init.Datatypes.Some +R1890 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1873 Coq.ZArith.BinInt "x < y" Z_scope +R1927 Mem.meminj +R1940 AST.ident +R1971 Cminorgenproof.env +R1982 Mem.mem +R1992 Cminor.env +R2002 Values.block +R2032 Cminorgen.var_info +R2304 Cminorgen.Var_local +R2251 Mem.val_inject +R2232 Coq.Init.Logic "x = y" type_scope +R2216 Maps.get +R2234 Coq.Init.Datatypes.Some +R2200 Coq.Init.Logic "x = y" type_scope +R2202 Coq.Init.Datatypes.None +R2178 Coq.Init.Logic "x = y" type_scope +R2157 Mem.load +R2180 Coq.Init.Datatypes.Some +R2121 Coq.Init.Logic "x = y" type_scope +R2106 Maps.get +R2123 Coq.Init.Datatypes.Some +R2128 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2132 Cminorplus.LVscalar +R2523 Cminorgen.Var_stack_scalar +R2432 Mem.val_inject +R2464 Values.Vptr +R2473 Integers.repr +R2446 Values.Vptr +R2453 Integers.zero +R2396 Coq.Init.Logic "x = y" type_scope +R2381 Maps.get +R2398 Coq.Init.Datatypes.Some +R2403 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2407 Cminorplus.LVscalar +R2745 Cminorgen.Var_stack_array +R2654 Mem.val_inject +R2686 Values.Vptr +R2695 Integers.repr +R2668 Values.Vptr +R2675 Integers.zero +R2622 Coq.Init.Logic "x = y" type_scope +R2607 Maps.get +R2624 Coq.Init.Datatypes.Some +R2629 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2633 Cminorplus.LVarray +R2851 Cminorgen.Var_global +R2809 Coq.Init.Logic "x = y" type_scope +R2794 Maps.get +R2811 Coq.Init.Datatypes.None +R2886 Mem.meminj +R2901 Cminorgen.compilenv +R2933 Cminorgenproof.env +R2944 Mem.mem +R2954 Cminor.env +R2964 Values.block +R2996 Coq.ZArith.BinInt.Z +R3056 Cminorgenproof.match_var +R3082 Maps.get +R3127 Coq.ZArith.BinInt "x <= y" Z_scope +R3207 Coq.ZArith.BinInt "x <= y < z" Z_scope +R3187 Coq.Init.Logic "x = y" type_scope +R3172 Maps.get +R3189 Coq.Init.Datatypes.Some +R3193 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3371 Coq.Init.Logic "x <> y" type_scope +R3358 Coq.Init.Logic "x <> y" type_scope +R3329 Coq.Init.Logic "x = y" type_scope +R3313 Maps.get +R3331 Coq.Init.Datatypes.Some +R3335 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3288 Coq.Init.Logic "x = y" type_scope +R3272 Maps.get +R3290 Coq.Init.Datatypes.Some +R3294 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3446 Coq.ZArith.BinInt "x <= y < z" Z_scope +R3422 Coq.Init.Logic "x = y" type_scope +R3424 Coq.Init.Datatypes.Some +R3428 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3539 Coq.ZArith.BinInt "x < y" Z_scope +R3528 Coq.ZArith.BinInt "x < y" Z_scope +R3505 Coq.Init.Logic "x = y" type_scope +R3507 Coq.Init.Datatypes.Some +R3511 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3597 Cminorgen.compilenv +R3618 Cminorgenproof.env +R3636 Cminor.env +R3652 Values.block +R3671 Coq.ZArith.BinInt.Z +R3687 Coq.ZArith.BinInt.Z +R3725 Coq.Lists.List.list +R3730 Cminorgenproof.frame +R3798 Mem.mem +R3793 Coq.ZArith.BinInt.Z +R3788 Coq.ZArith.BinInt.Z +R3775 Cminorgenproof.callstack +R3765 Mem.meminj +R3909 Coq.Lists.List.nil +R3863 Cminorgenproof.match_globalenvs +R4169 Coq.Lists.List "x :: y" list_scope +R4142 Cminorgenproof.mkframe +R4043 Cminorgenproof.match_env +R4025 Coq.ZArith.BinInt "x < y" Z_scope +R4004 Coq.ZArith.BinInt "x <= y" Z_scope +R4403 Cminorgenproof.match_env +R4364 Cminorgenproof.match_env +R4349 Coq.Init.Logic "x = y" type_scope +R4326 Mem.store +R4351 Coq.Init.Datatypes.Some +R4313 Coq.Init.Logic "x <> y" type_scope +R4316 Coq.Init.Datatypes.None +R4606 Mem.load_store_other +R4606 Mem.load_store_other +R4845 Cminorgenproof.match_callstack +R4830 Coq.Init.Logic "x = y" type_scope +R4807 Mem.store +R4832 Coq.Init.Datatypes.Some +R4794 Coq.Init.Logic "x <> y" type_scope +R4797 Coq.Init.Datatypes.None +R4721 Cminorgenproof.match_callstack +R4943 Cminorgenproof.match_env_store_mapped +R4943 Cminorgenproof.match_env_store_mapped +R5084 Coq.Init.Logic "'exists' x , p" type_scope +R5097 Coq.Init.Logic "x = y" type_scope +R5099 Values.load_result +R5067 Values.val +R5049 AST.memory_chunk +R5218 Coq.Init.Logic "x = y" type_scope +R5170 Values.load_result +R5193 Values.load_result +R5222 Values.load_result +R5307 Integers.cast8_signed_idem +R5307 Integers.cast8_signed_idem +R5346 Integers.cast8_unsigned_idem +R5346 Integers.cast8_unsigned_idem +R5387 Integers.cast16_signed_idem +R5387 Integers.cast16_signed_idem +R5427 Integers.cast16_unsigned_idem +R5427 Integers.cast16_unsigned_idem +R5469 Floats.singleoffloat_idem +R5469 Floats.singleoffloat_idem +R5607 Coq.Init.Logic "x = y" type_scope +R5583 Values.load_result +R5557 Cminorgenproof.val_normalized +R5663 Cminorgenproof.load_result_idem +R5663 Cminorgenproof.load_result_idem +R5935 Cminorgenproof.match_env +R5958 Maps.set +R5896 Cminorgenproof.match_env +R5881 Coq.Init.Logic "x = y" type_scope +R5860 Mem.store +R5883 Coq.Init.Datatypes.Some +R5831 Cminorgenproof.val_normalized +R5808 Mem.val_inject +R5777 Coq.Init.Logic "x = y" type_scope +R5773 Maps "a ! b" +R5779 Coq.Init.Datatypes.Some +R5783 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5787 Cminorplus.LVscalar +R6124 Coqlib.peq +R6124 Coqlib.peq +R6223 Cminorplus.local_variable +R6201 Cminorgenproof.local_variable +R6223 Cminorplus.local_variable +R6201 Cminorgenproof.local_variable +R6353 Mem.load_store_same +R6353 Mem.load_store_same +R6396 Maps.gss +R6396 Maps.gss +R6441 Values.load_result +R6441 Values.load_result +R6478 Mem.load_result_inject +R6478 Mem.load_result_inject +R6532 Cminorgenproof.load_result_normalized +R6532 Cminorgenproof.load_result_normalized +R6648 Mem.load_store_other +R6648 Mem.load_store_other +R6686 Maps.gso +R6686 Maps.gso +R7012 Cminorgenproof.match_env +R6973 Cminorgenproof.match_env +R6963 Coq.ZArith.BinInt "x <= y" Z_scope +R6945 Coq.Init.Logic "x = y" type_scope +R6924 Mem.store +R6947 Coq.Init.Datatypes.Some +R7201 Mem.load_store_other +R7201 Mem.load_store_other +R7486 Cminorgenproof.match_callstack +R7476 Coq.ZArith.BinInt "x <= y" Z_scope +R7455 Coq.Init.Logic "x = y" type_scope +R7434 Mem.store +R7457 Coq.Init.Datatypes.Some +R7369 Cminorgenproof.match_callstack +R7584 Cminorgenproof.match_env_store_above +R7584 Cminorgenproof.match_env_store_above +R8004 Cminorgenproof.match_callstack +R8068 Coq.Lists.List "x :: y" list_scope +R8023 Cminorgenproof.mkframe +R8039 Maps.set +R7930 Cminorgenproof.match_callstack +R7976 Coq.Lists.List "x :: y" list_scope +R7949 Cminorgenproof.mkframe +R7915 Coq.Init.Logic "x = y" type_scope +R7894 Mem.store +R7917 Coq.Init.Datatypes.Some +R7865 Cminorgenproof.val_normalized +R7842 Mem.val_inject +R7811 Coq.Init.Logic "x = y" type_scope +R7807 Maps "a ! b" +R7813 Coq.Init.Datatypes.Some +R7817 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7821 Cminorplus.LVscalar +R8151 Cminorgenproof.match_env_store_local +R8151 Cminorgenproof.match_env_store_local +R8190 Cminorgenproof.match_callstack_store_above +R8190 Cminorgenproof.match_callstack_store_above +R8445 Cminorgenproof.match_env +R8430 Coq.Init.Logic "x = y" type_scope +R8426 Maps "a ! b" +R8435 Maps "a ! b" +R8358 Cminorgenproof.match_env +R8972 Cminorgenproof.match_callstack +R9018 Coq.Lists.List "x :: y" list_scope +R8991 Cminorgenproof.mkframe +R8898 Cminorgenproof.match_callstack +R8944 Coq.Lists.List "x :: y" list_scope +R8917 Cminorgenproof.mkframe +R8883 Coq.Init.Logic "x = y" type_scope +R8879 Maps "a ! b" +R8885 Coq.Init.Datatypes.Some +R8862 Coq.Init.Logic "x = y" type_scope +R8841 Mem.store +R8864 Coq.Init.Datatypes.Some +R8812 Cminorgenproof.val_normalized +R8789 Mem.val_inject +R8758 Coq.Init.Logic "x = y" type_scope +R8754 Maps "a ! b" +R8760 Coq.Init.Datatypes.Some +R8764 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8768 Cminorplus.LVscalar +R9128 Maps.set +R9100 Cminorgenproof.match_env_extensional +R9128 Maps.set +R9100 Cminorgenproof.match_env_extensional +R9158 Cminorgenproof.match_env_store_local +R9158 Cminorgenproof.match_env_store_local +R9206 Maps.gsspec +R9206 Maps.gsspec +R9229 Coqlib.peq +R9229 Coqlib.peq +R9277 Cminorgenproof.match_callstack_store_above +R9277 Cminorgenproof.match_callstack_store_above +R9554 Cminorgenproof.match_callstack +R9538 Coq.ZArith.BinInt "x <= y" Z_scope +R9518 Coq.ZArith.BinInt "x <= y" Z_scope +R9446 Cminorgenproof.match_callstack +R9788 Coq.Init.Logic "x = y" type_scope +R9753 Mem.load +R9765 Mem.free_list +R9790 Mem.load +R9741 Coq.Init.Logic "x <> y" type_scope +R9725 Coq.Lists.List.In +R9867 Mem.load_free +R9867 Mem.load_free +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R9926 Coq.Init.Logic.sym_not_equal +R9926 Coq.Init.Logic.sym_not_equal +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R10103 Cminorgenproof.match_env +R10123 Mem.free_list +R10092 Coq.ZArith.BinInt "x <= y" Z_scope +R10077 Coq.Lists.List.In +R10028 Cminorgenproof.match_env +R10308 Cminorgenproof.load_freelist +R10308 Cminorgenproof.load_freelist +R10593 Cminorgenproof.match_callstack +R10628 Mem.free_list +R10582 Coq.ZArith.BinInt "x <= y" Z_scope +R10564 Coq.Lists.List.In +R10498 Cminorgenproof.match_callstack +R10704 Cminorgenproof.match_env_freelist +R10704 Cminorgenproof.match_env_freelist +R11056 Cminorgenproof.match_callstack +R11091 Mem.free_list +R10983 Cminorgenproof.match_callstack +R11029 Coq.Lists.List "x :: y" list_scope +R11002 Cminorgenproof.mkframe +R10972 Coq.ZArith.BinInt "x <= y" Z_scope +R10957 Coq.Lists.List.In +R11163 Cminorgenproof.match_callstack_incr_bound +R11163 Cminorgenproof.match_callstack_incr_bound +R11210 Cminorgenproof.match_callstack_freelist_rec +R11210 Cminorgenproof.match_callstack_freelist_rec +R11404 Coq.Init.Logic "x = y" type_scope +R11386 Mem.load +R11406 Coq.Init.Datatypes.Some +R11411 Values.Vundef +R11371 Coq.Init.Logic "x = y" type_scope +R11341 Mem.alloc +R11353 Mem.size_chunk +R11373 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R11447 Mem.valid_block +R11447 Mem.valid_block +R11473 Mem.valid_new_block +R11473 Mem.valid_new_block +R11522 Coq.ZArith.BinInt "x <= y" Z_scope +R11507 Mem.low_bound +R11522 Coq.ZArith.BinInt "x <= y" Z_scope +R11507 Mem.low_bound +R11546 Mem.low_bound_alloc +R11546 Mem.low_bound_alloc +R11586 Coqlib.zeq_true +R11586 Coqlib.zeq_true +R11634 Coq.ZArith.BinInt "x <= y" Z_scope +R11615 Coq.ZArith.BinInt "x + y" Z_scope +R11617 Mem.size_chunk +R11637 Mem.high_bound +R11634 Coq.ZArith.BinInt "x <= y" Z_scope +R11615 Coq.ZArith.BinInt "x + y" Z_scope +R11617 Mem.size_chunk +R11637 Mem.high_bound +R11671 Mem.high_bound_alloc +R11671 Mem.high_bound_alloc +R11712 Coqlib.zeq_true +R11712 Coqlib.zeq_true +R11737 Mem.load_in_bounds +R11737 Mem.load_in_bounds +R11798 Coq.Init.Logic "x = y" type_scope +R11800 Values.Vundef +R11798 Coq.Init.Logic "x = y" type_scope +R11800 Values.Vundef +R11816 Mem.load_alloc_same +R11816 Mem.load_alloc_same +R12476 Cminorgenproof.match_env +R12514 Mem.nextblock +R12453 Mem.inject_incr +R12424 Maps.set +R12437 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12386 Maps.set +R12344 Mem.extend_inject +R12319 Coq.Init.Logic "x = y" type_scope +R12315 Maps "a ! b" +R12321 Coq.Init.Datatypes.Some +R12259 Cminorgenproof.match_env +R12297 Mem.nextblock +R12008 Cminorgen.Var_local +R12039 Coq.Init.Logic "A /\ B" type_scope +R12032 Coq.Init.Logic "x = y" type_scope +R12034 Coq.Init.Datatypes.None +R12045 Coq.Init.Logic "x = y" type_scope +R12047 Cminorplus.LVscalar +R12068 Cminorgen.Var_stack_scalar +R12119 Coq.Init.Logic "A /\ B" type_scope +R12103 Coq.Init.Logic "x = y" type_scope +R12105 Coq.Init.Datatypes.Some +R12109 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12125 Coq.Init.Logic "x = y" type_scope +R12127 Cminorplus.LVscalar +R12148 Cminorgen.Var_stack_array +R12192 Coq.Init.Logic "A /\ B" type_scope +R12176 Coq.Init.Logic "x = y" type_scope +R12178 Coq.Init.Datatypes.Some +R12182 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12195 Coq.Init.Logic "'exists' x , p" type_scope +R12209 Coq.Init.Logic "x = y" type_scope +R12211 Cminorplus.LVarray +R12228 Cminorgen.Var_global +R12242 Coq.Init.Logic.False +R11971 Coq.Init.Logic "x = y" type_scope +R11948 Mem.alloc +R11960 Cminorplus.sizeof +R11973 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12556 Coq.Init.Logic "x = y" type_scope +R12562 Mem.nextblock +R12556 Coq.Init.Logic "x = y" type_scope +R12562 Mem.nextblock +R12631 Coq.Init.Logic "x = y" type_scope +R12620 Mem.nextblock +R12633 Coq.ZArith.BinInt.Zsucc +R12643 Mem.nextblock +R12631 Coq.Init.Logic "x = y" type_scope +R12620 Mem.nextblock +R12633 Coq.ZArith.BinInt.Zsucc +R12643 Mem.nextblock +R12786 Maps.gsspec +R12786 Maps.gsspec +R12805 Coqlib.peq +R12805 Coqlib.peq +R12967 Values.Vundef +R12944 Cminorgenproof.match_var_local +R12967 Values.Vundef +R12944 Cminorgenproof.match_var_local +R13003 Maps.gss +R13003 Maps.gss +R13039 Cminorgenproof.load_from_alloc_is_undef +R13039 Cminorgenproof.load_from_alloc_is_undef +R13173 Coqlib.zeq_true +R13173 Coqlib.zeq_true +R13301 Cminorgenproof.match_var_stack_scalar +R13301 Cminorgenproof.match_var_stack_scalar +R13358 Maps.gss +R13358 Maps.gss +R13394 Mem.val_inject_ptr +R13394 Mem.val_inject_ptr +R13461 Coqlib.zeq_true +R13461 Coqlib.zeq_true +R13492 Integers.add_commut +R13492 Integers.add_commut +R13516 Integers.add_zero +R13516 Integers.add_zero +R13617 Cminorgenproof.match_var_stack_array +R13617 Cminorgenproof.match_var_stack_array +R13675 Maps.gss +R13675 Maps.gss +R13711 Mem.val_inject_ptr +R13711 Mem.val_inject_ptr +R13778 Coqlib.zeq_true +R13778 Coqlib.zeq_true +R13809 Integers.add_commut +R13809 Integers.add_commut +R13833 Integers.add_zero +R13833 Integers.add_zero +R14026 Maps.gso +R14026 Maps.gso +R14092 Coqlib.zeq_false +R14092 Coqlib.zeq_false +R14197 Maps.gso +R14197 Maps.gso +R14239 Maps.gso +R14239 Maps.gso +R14281 Maps.gso +R14281 Maps.gso +R14403 Maps.gsspec +R14403 Maps.gsspec +R14426 Coqlib.peq +R14426 Coqlib.peq +R14628 Maps.gsspec +R14628 Maps.gsspec +R14628 Maps.gsspec +R14628 Maps.gsspec +R14650 Coqlib.peq +R14669 Coqlib.peq +R14650 Coqlib.peq +R14669 Coqlib.peq +R14669 Coqlib.peq +R14991 Coqlib.zeq +R14991 Coqlib.zeq +R15186 Coqlib.zeq +R15186 Coqlib.zeq +R15591 Cminorgenproof.match_env +R15568 Mem.inject_incr +R15539 Mem.extend_inject +R15489 Cminorgenproof.match_env +R15466 Coq.ZArith.BinInt "x <= y" Z_scope +R15473 Mem.nextblock +R15410 Coq.Init.Datatypes.None +R15418 Coq.Init.Logic.True +R15425 Coq.Init.Datatypes.Some +R15430 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15449 Coq.ZArith.BinInt "x < y" Z_scope +R15379 Coq.Init.Logic "x = y" type_scope +R15353 Mem.alloc +R15365 Cminorplus.sizeof +R15381 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15657 Coq.Init.Logic "x = y" type_scope +R15663 Mem.nextblock +R15657 Coq.Init.Logic "x = y" type_scope +R15663 Mem.nextblock +R15896 Coqlib.zeq_false +R15896 Coqlib.zeq_false +R16061 Coqlib.zeq +R16061 Coqlib.zeq +R16209 Coqlib.zeq +R16209 Coqlib.zeq +R16611 Cminorgenproof.match_callstack +R16588 Mem.inject_incr +R16559 Mem.extend_inject +R16526 Coq.ZArith.BinInt "x <= y" Z_scope +R16533 Mem.nextblock +R16462 Coq.Init.Datatypes.None +R16470 Coq.Init.Logic.True +R16477 Coq.Init.Datatypes.Some +R16482 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16505 Coq.ZArith.BinInt "x <= y" Z_scope +R16431 Coq.Init.Logic "x = y" type_scope +R16408 Mem.alloc +R16420 Cminorplus.sizeof +R16433 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16342 Cminorgenproof.match_callstack +R16944 Cminorgenproof.match_env_alloc_other +R16944 Cminorgenproof.match_env_alloc_other +R17820 Cminorgenproof.match_callstack +R17892 Mem.nextblock +R17881 Coq.Lists.List "x :: y" list_scope +R17840 Cminorgenproof.mkframe +R17870 Mem.nextblock +R17797 Mem.inject_incr +R17768 Maps.set +R17781 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17730 Maps.set +R17688 Mem.extend_inject +R17663 Coq.Init.Logic "x = y" type_scope +R17659 Maps "a ! b" +R17665 Coq.Init.Datatypes.Some +R17559 Cminorgenproof.match_callstack +R17631 Mem.nextblock +R17620 Coq.Lists.List "x :: y" list_scope +R17579 Cminorgenproof.mkframe +R17609 Mem.nextblock +R17308 Cminorgen.Var_local +R17339 Coq.Init.Logic "A /\ B" type_scope +R17332 Coq.Init.Logic "x = y" type_scope +R17334 Coq.Init.Datatypes.None +R17345 Coq.Init.Logic "x = y" type_scope +R17347 Cminorplus.LVscalar +R17368 Cminorgen.Var_stack_scalar +R17419 Coq.Init.Logic "A /\ B" type_scope +R17403 Coq.Init.Logic "x = y" type_scope +R17405 Coq.Init.Datatypes.Some +R17409 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17425 Coq.Init.Logic "x = y" type_scope +R17427 Cminorplus.LVscalar +R17448 Cminorgen.Var_stack_array +R17492 Coq.Init.Logic "A /\ B" type_scope +R17476 Coq.Init.Logic "x = y" type_scope +R17478 Coq.Init.Datatypes.Some +R17482 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17495 Coq.Init.Logic "'exists' x , p" type_scope +R17509 Coq.Init.Logic "x = y" type_scope +R17511 Cminorplus.LVarray +R17528 Cminorgen.Var_global +R17542 Coq.Init.Logic.False +R17271 Coq.Init.Logic "x = y" type_scope +R17248 Mem.alloc +R17260 Cminorplus.sizeof +R17273 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18002 Cminorgenproof.match_env_alloc_same +R18002 Cminorgenproof.match_env_alloc_same +R18051 Cminorgenproof.match_callstack_alloc_other +R18051 Cminorgenproof.match_callstack_alloc_other +R18427 Cminorgenproof.match_callstack +R18459 Mem.nextblock +R18377 Cminorgenproof.match_callstack +R18409 Mem.nextblock +R18361 Coq.Init.Logic "x = y" type_scope +R18345 Mem.alloc +R18363 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18497 Cminorgenproof.match_callstack_incr_bound +R18497 Cminorgenproof.match_callstack_incr_bound +R18710 Cminorgenproof.match_globalenvs +R18669 Cminorgenproof.match_callstack +R18882 Cminorgenproof.match_env +R18870 Coq.ZArith.BinInt "x <= y" Z_scope +R18829 Cminorgenproof.match_env +R19237 Cminorgenproof.match_callstack +R19286 Coq.Lists.List "x :: y" list_scope +R19256 Cminorgenproof.mkframe +R19164 Cminorgenproof.match_callstack +R19210 Coq.Lists.List "x :: y" list_scope +R19183 Cminorgenproof.mkframe +R19375 Cminorgenproof.match_env_incr_hi +R19375 Cminorgenproof.match_env_incr_hi +R19485 Cmconstrproof.eval_negint +R19497 Cmconstrproof.eval_negfloat +R19511 Cmconstrproof.eval_absfloat +R19525 Cmconstrproof.eval_intoffloat +R19543 Cmconstrproof.eval_floatofint +R19559 Cmconstrproof.eval_floatofintu +R19576 Cmconstrproof.eval_notint +R19588 Cmconstrproof.eval_notbool +R19603 Cmconstrproof.eval_cast8signed +R19620 Cmconstrproof.eval_cast8unsigned +R19639 Cmconstrproof.eval_cast16signed +R19659 Cmconstrproof.eval_cast16unsigned +R19679 Cmconstrproof.eval_singleoffloat +R19698 Cmconstrproof.eval_add +R19707 Cmconstrproof.eval_add_ptr +R19722 Cmconstrproof.eval_add_ptr_2 +R19737 Cmconstrproof.eval_sub +R19746 Cmconstrproof.eval_sub_ptr_int +R19763 Cmconstrproof.eval_sub_ptr_ptr +R19782 Cmconstrproof.eval_mul +R19791 Cmconstrproof.eval_divs +R19801 Cmconstrproof.eval_mods +R19811 Cmconstrproof.eval_divu +R19821 Cmconstrproof.eval_modu +R19833 Cmconstrproof.eval_and +R19842 Cmconstrproof.eval_or +R19850 Cmconstrproof.eval_xor +R19859 Cmconstrproof.eval_shl +R19868 Cmconstrproof.eval_shr +R19877 Cmconstrproof.eval_shru +R19890 Cmconstrproof.eval_addf +R19900 Cmconstrproof.eval_subf +R19910 Cmconstrproof.eval_mulf +R19920 Cmconstrproof.eval_divf +R19932 Cmconstrproof.eval_cmp +R19941 Cmconstrproof.eval_cmp_null_r +R19957 Cmconstrproof.eval_cmp_null_l +R19973 Cmconstrproof.eval_cmp_ptr +R19988 Cmconstrproof.eval_cmpu +R19998 Cmconstrproof.eval_cmpf +R20065 Mem.val_inject +R20095 Values.of_bool +R20079 Values.of_bool +R20239 Coq.Init.Logic "'exists' x , p" type_scope +R20251 Coq.Init.Logic "A /\ B" type_scope +R20254 Mem.val_inject +R20268 Values.Vint +R20365 Coq.Init.Logic "'exists' x , p" type_scope +R20377 Coq.Init.Logic "A /\ B" type_scope +R20380 Mem.val_inject +R20394 Values.Vfloat +R20495 Coq.Init.Logic "'exists' x , p" type_scope +R20507 Coq.Init.Logic "A /\ B" type_scope +R20510 Mem.val_inject +R20524 Values.of_bool +R20561 Values.of_bool +R20619 Cminorgenproof.val_inject_val_of_bool +R20426 Values.Vfloat +R20298 Values.Vint +R20766 Coq.Init.Logic "x = y" type_scope +R20730 Integers.sub +R20753 Integers.add +R20739 Integers.add +R20768 Integers.sub +R20806 Integers.sub_add_opp +R20806 Integers.sub_add_opp +R20831 Integers.neg_add_distr +R20831 Integers.neg_add_distr +R20860 Integers.add_assoc +R20860 Integers.add_assoc +R20887 Integers.add_commut +R20915 Integers.neg +R20903 Integers.neg +R20887 Integers.add_commut +R20915 Integers.neg +R20903 Integers.neg +R20942 Integers.add_assoc +R20942 Integers.add_assoc +R20968 Integers.add_neg_zero +R20968 Integers.add_neg_zero +R20997 Integers.add_commut +R21012 Integers.zero +R20997 Integers.add_commut +R21012 Integers.zero +R21031 Integers.add_zero +R21031 Integers.add_zero +R21063 Integers.sub_add_opp +R21063 Integers.sub_add_opp +R21185 Coq.Init.Logic "A /\ B" type_scope +R21174 Coq.Init.Logic "x = y" type_scope +R21176 Integers.zero +R21211 Coq.Init.Logic "A \/ B" type_scope +R21197 Coq.Init.Logic "A /\ B" type_scope +R21191 Coq.Init.Logic "x = y" type_scope +R21193 AST.Ceq +R21202 Coq.Init.Logic "x = y" type_scope +R21204 Values.Vfalse +R21222 Coq.Init.Logic "A /\ B" type_scope +R21216 Coq.Init.Logic "x = y" type_scope +R21218 AST.Cne +R21227 Coq.Init.Logic "x = y" type_scope +R21229 Values.Vtrue +R21158 Coq.Init.Logic "x = y" type_scope +R21134 Cminorgenproof.eval_compare_null +R21160 Coq.Init.Datatypes.Some +R21301 Integers.eq +R21308 Integers.eq_spec +R21322 Integers.zero +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R21681 Coq.Init.Logic "'exists' x , p" type_scope +R21756 Coq.Init.Logic "A /\ B" type_scope +R21697 Cminor.eval_expr +R21712 Values.Vptr +R21720 Integers.zero +R21759 Mem.val_inject +R21656 Mem.mem_inject +R21626 Mem.val_list_inject +R21558 Cminor.eval_exprlist +R21577 Values.Vptr +R21585 Integers.zero +R21544 Coq.Init.Logic "x = y" type_scope +R21518 Cminorgenproof.eval_operation +R21546 Coq.Init.Datatypes.Some +R21504 Coq.Init.Logic "x = y" type_scope +R21490 Cminorgen.make_op +R21506 Coq.Init.Datatypes.Some +R23078 Values.Vptr +R23087 Integers.add +R23078 Values.Vptr +R23087 Integers.add +R23141 Mem.val_inject_ptr +R23141 Mem.val_inject_ptr +R23199 Integers.add_assoc +R23199 Integers.add_assoc +R23199 Integers.add_assoc +R23199 Integers.add_assoc +R23227 Integers.add_commut +R23227 Integers.add_commut +R23273 Values.Vptr +R23282 Integers.add +R23273 Values.Vptr +R23282 Integers.add +R23337 Mem.val_inject_ptr +R23337 Mem.val_inject_ptr +R23395 Integers.add_assoc +R23395 Integers.add_assoc +R23395 Integers.add_assoc +R23395 Integers.add_assoc +R23423 Integers.add_commut +R23423 Integers.add_commut +R23469 Values.Vptr +R23478 Integers.sub +R23469 Values.Vptr +R23478 Integers.sub +R23533 Mem.val_inject_ptr +R23533 Mem.val_inject_ptr +R23582 Integers.sub_add_l +R23582 Integers.sub_add_l +R23630 Values.eq_block +R23630 Values.eq_block +R23701 Coq.Init.Logic "x = y" type_scope +R23701 Coq.Init.Logic "x = y" type_scope +R23740 Values.Vint +R23746 Integers.sub +R23740 Values.Vint +R23746 Integers.sub +R23841 Cminorgenproof.int_sub_shifted +R23841 Cminorgenproof.int_sub_shifted +R23912 Integers.eq_spec +R23927 Integers.zero +R23948 Integers.eq +R23958 Integers.zero +R23912 Integers.eq_spec +R23927 Integers.zero +R23948 Integers.eq +R23958 Integers.zero +R24048 Integers.eq_spec +R24063 Integers.zero +R24084 Integers.eq +R24094 Integers.zero +R24048 Integers.eq_spec +R24063 Integers.zero +R24084 Integers.eq +R24094 Integers.zero +R24184 Integers.eq_spec +R24199 Integers.zero +R24220 Integers.eq +R24230 Integers.zero +R24184 Integers.eq_spec +R24199 Integers.zero +R24220 Integers.eq +R24230 Integers.zero +R24320 Integers.eq_spec +R24335 Integers.zero +R24356 Integers.eq +R24366 Integers.zero +R24320 Integers.eq_spec +R24335 Integers.zero +R24356 Integers.eq +R24366 Integers.zero +R24451 Integers.ltu +R24463 Integers.repr +R24451 Integers.ltu +R24463 Integers.repr +R24573 Integers.ltu +R24585 Integers.repr +R24573 Integers.ltu +R24585 Integers.repr +R24696 Integers.ltu +R24708 Integers.repr +R24696 Integers.ltu +R24708 Integers.repr +R24824 Cminorgenproof.eval_compare_null_inv +R24824 Cminorgenproof.eval_compare_null_inv +R25016 Cminorgenproof.eval_compare_null_inv +R25016 Cminorgenproof.eval_compare_null_inv +R25245 Coq.Bool.Bool "x && y" bool_scope +R25211 Mem.valid_pointer +R25231 Integers.signed +R25248 Mem.valid_pointer +R25269 Integers.signed +R25245 Coq.Bool.Bool "x && y" bool_scope +R25211 Mem.valid_pointer +R25231 Integers.signed +R25248 Mem.valid_pointer +R25269 Integers.signed +R25347 Values.eq_block +R25347 Values.eq_block +R25411 Coq.Init.Logic "x = y" type_scope +R25411 Coq.Init.Logic "x = y" type_scope +R25454 Coq.Init.Logic "x = y" type_scope +R25454 Coq.Init.Logic "x = y" type_scope +R25491 Coq.Bool.Bool.andb_prop +R25491 Coq.Bool.Bool.andb_prop +R25528 Values.of_bool +R25541 Integers.cmp +R25528 Values.of_bool +R25541 Integers.cmp +R25622 Integers.translate_cmp +R25622 Integers.translate_cmp +R25650 Cminorgenproof.val_inject_val_of_bool +R25650 Cminorgenproof.val_inject_val_of_bool +R25684 Mem.valid_pointer_inject_no_overflow +R25684 Mem.valid_pointer_inject_no_overflow +R25734 Mem.valid_pointer_inject_no_overflow +R25734 Mem.valid_pointer_inject_no_overflow +R26342 Coq.Init.Logic "'exists' x , p" type_scope +R26458 Coq.Init.Logic "A /\ B" type_scope +R26356 Cminor.eval_expr +R26413 Cminorgen.make_cast +R26371 Values.Vptr +R26379 Integers.zero +R26483 Coq.Init.Logic "A /\ B" type_scope +R26461 Mem.val_inject +R26486 Cminorgenproof.val_normalized +R26319 Mem.val_inject +R26304 Coq.Init.Logic "x = y" type_scope +R26291 Cminorplus.cast +R26306 Coq.Init.Datatypes.Some +R26229 Cminor.eval_expr +R26244 Values.Vptr +R26252 Integers.zero +R26634 Values.Vint +R26640 Integers.cast8signed +R26634 Values.Vint +R26640 Integers.cast8signed +R26677 Cmconstrproof.eval_cast8signed +R26677 Cmconstrproof.eval_cast8signed +R26732 Values.Vint +R26732 Values.Vint +R26765 Values.Vint +R26771 Integers.cast8unsigned +R26765 Values.Vint +R26771 Integers.cast8unsigned +R26809 Cmconstrproof.eval_cast8unsigned +R26809 Cmconstrproof.eval_cast8unsigned +R26866 Values.Vint +R26866 Values.Vint +R26899 Values.Vint +R26905 Integers.cast16signed +R26899 Values.Vint +R26905 Integers.cast16signed +R26943 Cmconstrproof.eval_cast16signed +R26943 Cmconstrproof.eval_cast16signed +R26999 Values.Vint +R26999 Values.Vint +R27032 Values.Vint +R27038 Integers.cast16unsigned +R27032 Values.Vint +R27038 Integers.cast16unsigned +R27077 Cmconstrproof.eval_cast16unsigned +R27077 Cmconstrproof.eval_cast16unsigned +R27135 Values.Vint +R27135 Values.Vint +R27168 Values.Vint +R27168 Values.Vint +R27213 Values.Vint +R27213 Values.Vint +R27246 Values.Vptr +R27246 Values.Vptr +R27297 Values.Vptr +R27297 Values.Vptr +R27336 Values.Vfloat +R27344 Floats.singleoffloat +R27336 Values.Vfloat +R27344 Floats.singleoffloat +R27385 Cmconstrproof.eval_singleoffloat +R27385 Cmconstrproof.eval_singleoffloat +R27442 Values.Vfloat +R27442 Values.Vfloat +R27478 Values.Vfloat +R27478 Values.Vfloat +R27526 Values.Vfloat +R27526 Values.Vfloat +R27615 Cminor.eval_expr +R27709 Values.Vptr +R27718 Integers.repr +R27670 Cminorgen.make_stackaddr +R27630 Values.Vptr +R27638 Integers.zero +R27783 Cminor.eval_Eop +R27783 Cminor.eval_Eop +R27838 Integers.add_commut +R27838 Integers.add_commut +R27860 Integers.add_zero +R27860 Integers.add_zero +R28051 Cminor.eval_expr +R28108 Cminorgen.make_load +R28066 Values.Vptr +R28074 Integers.zero +R28037 Coq.Init.Logic "x = y" type_scope +R28014 Mem.loadv +R28039 Coq.Init.Datatypes.Some +R27952 Cminor.eval_expr +R27967 Values.Vptr +R27975 Integers.zero +R28194 Cmconstrproof.eval_load +R28194 Cmconstrproof.eval_load +R28333 Mem.val_content_inject +R28355 Mem.mem_chunk +R28308 Mem.val_inject +R28293 Coq.Init.Logic "x = y" type_scope +R28279 Cminorplus.cast +R28295 Coq.Init.Datatypes.Some +R28489 Mem.val_content_inject_8 +R28489 Mem.val_content_inject_8 +R28517 Integers.cast8_unsigned_signed +R28517 Integers.cast8_unsigned_signed +R28552 Mem.val_content_inject_8 +R28552 Mem.val_content_inject_8 +R28580 Integers.cast8_unsigned_idem +R28580 Integers.cast8_unsigned_idem +R28613 Mem.val_content_inject_16 +R28613 Mem.val_content_inject_16 +R28642 Integers.cast16_unsigned_signed +R28642 Integers.cast16_unsigned_signed +R28678 Mem.val_content_inject_16 +R28678 Mem.val_content_inject_16 +R28707 Integers.cast16_unsigned_idem +R28707 Integers.cast16_unsigned_idem +R28805 Mem.val_content_inject_32 +R28805 Mem.val_content_inject_32 +R28834 Floats.singleoffloat_idem +R28834 Floats.singleoffloat_idem +R29339 Coq.Init.Logic "'exists' x , p" type_scope +R29351 Coq.Init.Logic "'exists' x , p" type_scope +R29473 Coq.Init.Logic "A /\ B" type_scope +R29364 Cminor.eval_expr +R29421 Cminorgen.make_store +R29379 Values.Vptr +R29387 Integers.zero +R29498 Coq.Init.Logic "A /\ B" type_scope +R29476 Mem.mem_inject +R29521 Coq.Init.Logic "A /\ B" type_scope +R29501 Mem.val_inject +R29538 Coq.Init.Logic "x = y" type_scope +R29524 Mem.nextblock +R29540 Mem.nextblock +R29310 Mem.val_inject +R29279 Mem.val_inject +R29254 Mem.mem_inject +R29239 Coq.Init.Logic "x = y" type_scope +R29211 Mem.storev +R29241 Coq.Init.Datatypes.Some +R29197 Coq.Init.Logic "x = y" type_scope +R29181 Cminorplus.cast +R29199 Coq.Init.Datatypes.Some +R29102 Cminor.eval_expr +R29117 Values.Vptr +R29125 Integers.zero +R29021 Cminor.eval_expr +R29036 Values.Vptr +R29044 Integers.zero +R29601 Mem.val_content_inject +R29623 Mem.mem_chunk +R29601 Mem.val_content_inject +R29623 Mem.mem_chunk +R29661 Cminorgenproof.val_content_inject_cast +R29661 Cminorgenproof.val_content_inject_cast +R29701 Mem.storev_mapped_inject_1 +R29701 Mem.storev_mapped_inject_1 +R29799 Cmconstrproof.eval_store +R29799 Cmconstrproof.eval_store +R29880 Cminorgenproof.make_cast_correct +R29880 Cminorgenproof.make_cast_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R30093 Mem.store_inv +R30093 Mem.store_inv +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R30434 Coq.Init.Logic "'exists' x , p" type_scope +R30502 Coq.Init.Logic "A /\ B" type_scope +R30449 Cminor.eval_expr +R30464 Values.Vptr +R30472 Integers.zero +R30509 Mem.val_inject +R30420 Coq.Init.Logic "x = y" type_scope +R30403 Mem.load +R30422 Coq.Init.Datatypes.Some +R30372 Coq.Init.Logic "x = y" type_scope +R30368 Maps "a ! b" +R30374 Coq.Init.Datatypes.Some +R30378 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R30382 Cminorplus.LVscalar +R30344 Mem.mem_inject +R30255 Cminorgenproof.match_callstack +R30326 Mem.nextblock +R30311 Mem.nextblock +R30301 Coq.Lists.List "x :: y" list_scope +R30274 Cminorgenproof.mkframe +R30241 Coq.Init.Logic "x = y" type_scope +R30225 Cminorgen.var_get +R30243 Coq.Init.Datatypes.Some +R30571 Cminorgenproof.match_var +R30600 Maps "a !! b" +R30571 Cminorgenproof.match_var +R30600 Maps "a !! b" +R30660 Maps "a !! b" +R30660 Maps "a !! b" +R30814 Cminor.eval_Evar +R30814 Cminor.eval_Evar +R30983 Coq.Init.Logic "x = y" type_scope +R30983 Coq.Init.Logic "x = y" type_scope +R31024 Coq.Init.Logic "x = y" type_scope +R31024 Coq.Init.Logic "x = y" type_scope +R31098 Coq.Init.Logic "x = y" type_scope +R31066 Mem.loadv +R31081 Values.Vptr +R31088 Integers.zero +R31100 Coq.Init.Datatypes.Some +R31098 Coq.Init.Logic "x = y" type_scope +R31066 Mem.loadv +R31081 Values.Vptr +R31088 Integers.zero +R31100 Coq.Init.Datatypes.Some +R31135 Mem.loadv_inject +R31135 Mem.loadv_inject +R31244 Cminorgenproof.make_load_correct +R31244 Cminorgenproof.make_load_correct +R31277 Cminorgenproof.make_stackaddr_correct +R31277 Cminorgenproof.make_stackaddr_correct +R31550 Coq.Init.Logic "'exists' x , p" type_scope +R31618 Coq.Init.Logic "A /\ B" type_scope +R31565 Cminor.eval_expr +R31580 Values.Vptr +R31588 Integers.zero +R31625 Mem.val_inject +R31639 Values.Vptr +R31646 Integers.zero +R31531 Coq.Init.Logic "x = y" type_scope +R31527 Maps "a ! b" +R31533 Coq.Init.Datatypes.Some +R31537 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31437 Cminorgenproof.match_callstack +R31508 Mem.nextblock +R31493 Mem.nextblock +R31483 Coq.Lists.List "x :: y" list_scope +R31456 Cminorgenproof.mkframe +R31423 Coq.Init.Logic "x = y" type_scope +R31406 Cminorgen.var_addr +R31425 Coq.Init.Datatypes.Some +R31704 Cminorgenproof.match_var +R31733 Maps "a !! b" +R31704 Cminorgenproof.match_var +R31733 Maps "a !! b" +R31793 Maps "a !! b" +R31793 Maps "a !! b" +R31935 Values.Vptr +R31944 Integers.repr +R31935 Values.Vptr +R31944 Integers.repr +R31974 Cminorgenproof.make_stackaddr_correct +R31974 Cminorgenproof.make_stackaddr_correct +R32071 Values.Vptr +R32080 Integers.repr +R32071 Values.Vptr +R32080 Integers.repr +R32110 Cminorgenproof.make_stackaddr_correct +R32110 Cminorgenproof.make_stackaddr_correct +R32468 Coq.Init.Logic "'exists' x , p" type_scope +R32536 Coq.Init.Logic "A /\ B" type_scope +R32483 Cminor.eval_expr +R32498 Values.Vptr +R32506 Integers.zero +R32543 Mem.val_inject +R32557 Values.Vptr +R32564 Integers.zero +R32454 Coq.Init.Logic "x = y" type_scope +R32431 Globalenvs.find_symbol +R32456 Coq.Init.Datatypes.Some +R32419 Coq.Init.Logic "x = y" type_scope +R32415 Maps "a ! b" +R32421 Coq.Init.Datatypes.None +R32325 Cminorgenproof.match_callstack +R32396 Mem.nextblock +R32381 Mem.nextblock +R32371 Coq.Lists.List "x :: y" list_scope +R32344 Cminorgenproof.mkframe +R32311 Coq.Init.Logic "x = y" type_scope +R32294 Cminorgen.var_addr +R32313 Coq.Init.Datatypes.Some +R32622 Cminorgenproof.match_var +R32651 Maps "a !! b" +R32622 Cminorgenproof.match_var +R32651 Maps "a !! b" +R32713 Maps "a !! b" +R32713 Maps "a !! b" +R32814 Cminorgenproof.match_callstack_match_globalenvs +R32814 Cminorgenproof.match_callstack_match_globalenvs +R32933 Values.Vptr +R32940 Integers.zero +R32933 Values.Vptr +R32940 Integers.zero +R32967 Cminor.eval_Eop +R32967 Cminor.eval_Eop +R33513 Coq.Init.Logic "'exists' x , p" type_scope +R33525 Coq.Init.Logic "'exists' x , p" type_scope +R33537 Coq.Init.Logic "'exists' x , p" type_scope +R33609 Coq.Init.Logic "A /\ B" type_scope +R33552 Cminor.eval_expr +R33567 Values.Vptr +R33575 Integers.zero +R33635 Coq.Init.Logic "A /\ B" type_scope +R33616 Mem.val_inject +R33662 Coq.Init.Logic "A /\ B" type_scope +R33642 Mem.mem_inject +R33669 Cminorgenproof.match_callstack +R33743 Mem.nextblock +R33727 Mem.nextblock +R33716 Coq.Lists.List "x :: y" list_scope +R33688 Cminorgenproof.mkframe +R33498 Coq.Init.Logic "x = y" type_scope +R33476 Mem.store +R33500 Coq.Init.Datatypes.Some +R33461 Coq.Init.Logic "x = y" type_scope +R33447 Cminorplus.cast +R33463 Coq.Init.Datatypes.Some +R33416 Coq.Init.Logic "x = y" type_scope +R33412 Maps "a ! b" +R33418 Coq.Init.Datatypes.Some +R33422 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R33426 Cminorplus.LVscalar +R33386 Mem.mem_inject +R33360 Mem.val_inject +R33294 Cminor.eval_expr +R33309 Values.Vptr +R33317 Integers.zero +R33201 Cminorgenproof.match_callstack +R33275 Mem.nextblock +R33259 Mem.nextblock +R33248 Coq.Lists.List "x :: y" list_scope +R33220 Cminorgenproof.mkframe +R33187 Coq.Init.Logic "x = y" type_scope +R33167 Cminorgen.var_set +R33189 Coq.Init.Datatypes.Some +R33825 Coq.Init.Logic "x = y" type_scope +R33812 Mem.nextblock +R33827 Mem.nextblock +R33825 Coq.Init.Logic "x = y" type_scope +R33812 Mem.nextblock +R33827 Mem.nextblock +R33858 Mem.store_inv +R33858 Mem.store_inv +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R34000 Maps "a !! b" +R34000 Maps "a !! b" +R34186 Coq.Init.Logic "x = y" type_scope +R34186 Coq.Init.Logic "x = y" type_scope +R34226 Coq.Init.Logic "x = y" type_scope +R34226 Coq.Init.Logic "x = y" type_scope +R34267 Cminorgenproof.make_cast_correct +R34267 Cminorgenproof.make_cast_correct +R34361 Maps.set +R34361 Maps.set +R34422 Cminor.eval_Eassign +R34422 Cminor.eval_Eassign +R34474 Mem.store_unmapped_inject +R34474 Mem.store_unmapped_inject +R34533 Cminorgenproof.match_callstack_store_local +R34533 Cminorgenproof.match_callstack_store_local +R34691 Coq.Init.Logic "x = y" type_scope +R34691 Coq.Init.Logic "x = y" type_scope +R34731 Coq.Init.Logic "x = y" type_scope +R34731 Coq.Init.Logic "x = y" type_scope +R34811 Coq.Init.Logic "x = y" type_scope +R34774 Mem.storev +R34791 Values.Vptr +R34798 Integers.zero +R34813 Coq.Init.Datatypes.Some +R34811 Coq.Init.Logic "x = y" type_scope +R34774 Mem.storev +R34791 Values.Vptr +R34798 Integers.zero +R34813 Coq.Init.Datatypes.Some +R34849 Cminorgenproof.make_stackaddr_correct +R34849 Cminorgenproof.make_stackaddr_correct +R34927 Cminorgenproof.make_store_correct +R34927 Cminorgenproof.make_store_correct +R35222 Cminorgenproof.match_callstack_mapped +R35222 Cminorgenproof.match_callstack_mapped +R35366 Coq.ZArith.BinInt "x <= y" Z_scope +R35369 Cminorgen.align +R35357 Coq.ZArith.BinInt "x > y" Z_scope +R35513 Coq.ZArith.BinInt "x <= y" Z_scope +R35492 Coq.Init.Logic "x = y" type_scope +R35455 Cminorgen.assign_variables +R35481 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35494 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35652 Cminorgen.mem +R35652 Cminorgen.mem +R35729 Mem.size_chunk_pos +R35729 Mem.size_chunk_pos +R35769 Cminorgenproof.align_bounds +R35786 Mem.size_chunk +R35769 Cminorgenproof.align_bounds +R35786 Mem.size_chunk +R35874 Coq.ZArith.BinInt "x > y" Z_scope +R35874 Coq.ZArith.BinInt "x > y" Z_scope +R35899 Cminorgenproof.align_bounds +R35899 Cminorgenproof.align_bounds +R35934 Coq.ZArith.BinInt "x <= y" Z_scope +R35937 Coq.ZArith.Zmin.Zmax +R35934 Coq.ZArith.BinInt "x <= y" Z_scope +R35937 Coq.ZArith.Zmin.Zmax +R35954 Coqlib.Zmax_bound_l +R35954 Coqlib.Zmax_bound_l +R36609 Coq.Init.Logic "'exists' x , p" type_scope +R36644 Coq.Init.Logic "A /\ B" type_scope +R36625 Mem.inject_incr +R36669 Coq.Init.Logic "A /\ B" type_scope +R36647 Mem.mem_inject +R36672 Cminorgenproof.match_callstack +R36783 Mem.nextblock +R36768 Mem.nextblock +R36733 Coq.Lists.List "x :: y" list_scope +R36692 Cminorgenproof.mkframe +R36722 Mem.nextblock +R36595 Coq.Init.Logic "x <> y" type_scope +R36591 Maps "a ! b" +R36598 Coq.Init.Datatypes.None +R36569 Coq.Lists.List.In +R36572 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R36542 Coq.ZArith.BinInt "x <= y" Z_scope +R36534 Coq.ZArith.BinInt "x + y" Z_scope +R36519 Mem.high_bound +R36498 Coq.Init.Logic "x = y" type_scope +R36500 Coq.Init.Datatypes.Some +R36504 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R36466 Coq.ZArith.BinInt "x <= y" Z_scope +R36441 Mem.mem_inject +R36321 Cminorgenproof.match_callstack +R36423 Mem.nextblock +R36408 Mem.nextblock +R36378 Coq.Lists.List "x :: y" list_scope +R36340 Cminorgenproof.mkframe +R36367 Mem.nextblock +R36301 Coq.Init.Logic "x = y" type_scope +R36264 Cminorgen.assign_variables +R36290 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R36303 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R36205 Cminorplus.alloc_variables +R36154 Coq.ZArith.BinInt "x <= y" Z_scope +R36157 Integers.max_signed +R36139 Coq.Init.Logic "x = y" type_scope +R36122 Mem.high_bound +R36113 Coq.Init.Logic "x = y" type_scope +R36097 Mem.low_bound +R36074 Mem.valid_block +R36955 Mem.inject_incr_refl +R36955 Mem.inject_incr_refl +R37104 Cminorgen.assign_variables +R37131 Cminorgen.assign_variable +R37160 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37151 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37044 Cminorgen.assign_variables +R37084 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37075 Coq.Lists.List "x :: y" list_scope +R37066 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37104 Cminorgen.assign_variables +R37131 Cminorgen.assign_variable +R37160 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37151 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37044 Cminorgen.assign_variables +R37084 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37075 Coq.Lists.List "x :: y" list_scope +R37066 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37184 Cminorgen.assign_variable +R37213 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37204 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37184 Cminorgen.assign_variable +R37213 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37204 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37352 Coq.Init.Logic "x <> y" type_scope +R37347 Maps "a ! b" +R37355 Coq.Init.Datatypes.None +R37323 Coq.Lists.List.In +R37326 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37352 Coq.Init.Logic "x <> y" type_scope +R37347 Maps "a ! b" +R37355 Coq.Init.Datatypes.None +R37323 Coq.Lists.List.In +R37326 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37421 Coq.Init.Logic "'exists' x , p" type_scope +R37438 Coq.Init.Logic "x = y" type_scope +R37434 Maps "a ! b" +R37440 Coq.Init.Datatypes.Some +R37421 Coq.Init.Logic "'exists' x , p" type_scope +R37438 Coq.Init.Logic "x = y" type_scope +R37434 Maps "a ! b" +R37440 Coq.Init.Datatypes.Some +R37468 Coq.Init.Logic "x <> y" type_scope +R37464 Maps "a ! b" +R37471 Coq.Init.Datatypes.None +R37468 Coq.Init.Logic "x <> y" type_scope +R37464 Maps "a ! b" +R37471 Coq.Init.Datatypes.None +R37529 Maps "a ! b" +R37529 Maps "a ! b" +R37712 Cminorgen.mem +R37712 Cminorgen.mem +R37796 Cminorgen.align +R37806 Mem.size_chunk +R37796 Cminorgen.align +R37806 Mem.size_chunk +R37887 Mem.extend_inject +R37905 Coq.Init.Datatypes.Some +R37910 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37887 Mem.extend_inject +R37905 Coq.Init.Datatypes.Some +R37910 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37941 Mem.size_chunk_pos +R37941 Mem.size_chunk_pos +R37995 Cminorgenproof.align_bounds +R38012 Mem.size_chunk +R37995 Cminorgenproof.align_bounds +R38012 Mem.size_chunk +R38095 Coq.Init.Logic "A /\ B" type_scope +R38075 Mem.mem_inject +R38098 Mem.inject_incr +R38095 Coq.Init.Logic "A /\ B" type_scope +R38075 Mem.mem_inject +R38098 Mem.inject_incr +R38146 Coq.ZArith.BinInt "x < y" Z_scope +R38131 Integers.min_signed +R38146 Coq.ZArith.BinInt "x < y" Z_scope +R38131 Integers.min_signed +R38185 Cminorgenproof.assign_variables_incr +R38185 Cminorgenproof.assign_variables_incr +R38257 Mem.alloc_mapped_inject +R38257 Mem.alloc_mapped_inject +R38472 Cminorgenproof.match_callstack +R38605 Mem.nextblock +R38590 Mem.nextblock +R38569 Coq.Lists.List "x :: y" list_scope +R38505 Cminorgenproof.mkframe +R38555 Mem.nextblock +R38520 Maps.set +R38533 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38472 Cminorgenproof.match_callstack +R38605 Mem.nextblock +R38590 Mem.nextblock +R38569 Coq.Lists.List "x :: y" list_scope +R38505 Cminorgenproof.mkframe +R38555 Mem.nextblock +R38520 Maps.set +R38533 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38661 Cminorgenproof.match_callstack_alloc_left +R38661 Cminorgenproof.match_callstack_alloc_left +R38718 Coq.ZArith.BinInt "x <= y" Z_scope +R38718 Coq.ZArith.BinInt "x <= y" Z_scope +R38871 Coq.ZArith.BinInt "x <= y" Z_scope +R38863 Coq.ZArith.BinInt "x + y" Z_scope +R38847 Mem.high_bound +R38790 Coq.Init.Logic "x = y" type_scope +R38792 Coq.Init.Datatypes.Some +R38796 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38871 Coq.ZArith.BinInt "x <= y" Z_scope +R38863 Coq.ZArith.BinInt "x + y" Z_scope +R38847 Mem.high_bound +R38790 Coq.Init.Logic "x = y" type_scope +R38792 Coq.Init.Datatypes.Some +R38796 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38957 Mem.high_bound_alloc +R38957 Mem.high_bound_alloc +R39002 Coqlib.zeq +R39002 Coqlib.zeq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R39273 Mem.inject_incr_trans +R39273 Mem.inject_incr_trans +R39408 Mem.alloc_unmapped_inject +R39408 Mem.alloc_unmapped_inject +R39468 Mem.extend_inject +R39485 Coq.Init.Datatypes.None +R39468 Mem.extend_inject +R39485 Coq.Init.Datatypes.None +R39536 Cminorgenproof.match_callstack +R39669 Mem.nextblock +R39654 Mem.nextblock +R39633 Coq.Lists.List "x :: y" list_scope +R39569 Cminorgenproof.mkframe +R39619 Mem.nextblock +R39584 Maps.set +R39597 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39536 Cminorgenproof.match_callstack +R39669 Mem.nextblock +R39654 Mem.nextblock +R39633 Coq.Lists.List "x :: y" list_scope +R39569 Cminorgenproof.mkframe +R39619 Mem.nextblock +R39584 Maps.set +R39597 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39725 Cminorgenproof.match_callstack_alloc_left +R39725 Cminorgenproof.match_callstack_alloc_left +R39882 Coq.ZArith.BinInt "x <= y" Z_scope +R39874 Coq.ZArith.BinInt "x + y" Z_scope +R39858 Mem.high_bound +R39801 Coq.Init.Logic "x = y" type_scope +R39803 Coq.Init.Datatypes.Some +R39807 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39882 Coq.ZArith.BinInt "x <= y" Z_scope +R39874 Coq.ZArith.BinInt "x + y" Z_scope +R39858 Mem.high_bound +R39801 Coq.Init.Logic "x = y" type_scope +R39803 Coq.Init.Datatypes.Some +R39807 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39967 Mem.high_bound_alloc +R39967 Mem.high_bound_alloc +R40012 Coqlib.zeq +R40012 Coqlib.zeq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R40227 Mem.inject_incr_trans +R40227 Mem.inject_incr_trans +R40370 Coq.ZArith.BinInt "x <= y" Z_scope +R40373 Coq.ZArith.Zmin.Zmax +R40370 Coq.ZArith.BinInt "x <= y" Z_scope +R40373 Coq.ZArith.Zmin.Zmax +R40392 Coq.ZArith.Zmin.Zmax1 +R40392 Coq.ZArith.Zmin.Zmax1 +R40412 Coq.ZArith.BinInt "x > y" Z_scope +R40412 Coq.ZArith.BinInt "x > y" Z_scope +R40439 Cminorgenproof.align_bounds +R40439 Cminorgenproof.align_bounds +R40483 Cminorgen.align +R40483 Cminorgen.align +R40514 Mem.extend_inject +R40532 Coq.Init.Datatypes.Some +R40537 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40514 Mem.extend_inject +R40532 Coq.Init.Datatypes.Some +R40537 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40582 Coq.Init.Logic "A /\ B" type_scope +R40562 Mem.mem_inject +R40585 Mem.inject_incr +R40582 Coq.Init.Logic "A /\ B" type_scope +R40562 Mem.mem_inject +R40585 Mem.inject_incr +R40631 Coq.ZArith.BinInt "x < y" Z_scope +R40616 Integers.min_signed +R40631 Coq.ZArith.BinInt "x < y" Z_scope +R40616 Integers.min_signed +R40668 Cminorgenproof.assign_variables_incr +R40668 Cminorgenproof.assign_variables_incr +R40738 Mem.alloc_mapped_inject +R40738 Mem.alloc_mapped_inject +R40949 Cminorgenproof.match_callstack +R41082 Mem.nextblock +R41067 Mem.nextblock +R41046 Coq.Lists.List "x :: y" list_scope +R40982 Cminorgenproof.mkframe +R41032 Mem.nextblock +R40997 Maps.set +R41010 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40949 Cminorgenproof.match_callstack +R41082 Mem.nextblock +R41067 Mem.nextblock +R41046 Coq.Lists.List "x :: y" list_scope +R40982 Cminorgenproof.mkframe +R41032 Mem.nextblock +R40997 Maps.set +R41010 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41138 Cminorgenproof.match_callstack_alloc_left +R41138 Cminorgenproof.match_callstack_alloc_left +R41195 Coq.ZArith.BinInt "x <= y" Z_scope +R41195 Coq.ZArith.BinInt "x <= y" Z_scope +R41348 Coq.ZArith.BinInt "x <= y" Z_scope +R41340 Coq.ZArith.BinInt "x + y" Z_scope +R41324 Mem.high_bound +R41267 Coq.Init.Logic "x = y" type_scope +R41269 Coq.Init.Datatypes.Some +R41273 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41348 Coq.ZArith.BinInt "x <= y" Z_scope +R41340 Coq.ZArith.BinInt "x + y" Z_scope +R41324 Mem.high_bound +R41267 Coq.Init.Logic "x = y" type_scope +R41269 Coq.Init.Datatypes.Some +R41273 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41434 Mem.high_bound_alloc +R41434 Mem.high_bound_alloc +R41479 Coqlib.zeq +R41479 Coqlib.zeq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R41750 Mem.inject_incr_trans +R41750 Mem.inject_incr_trans +R41880 Coq.Init.Logic "x <> y" type_scope +R41875 Maps "a ! b" +R41853 Cminor.set_params +R41883 Coq.Init.Datatypes.None +R41836 Coq.Lists.List.In +R41968 Maps.gsspec +R41968 Maps.gsspec +R41988 Coqlib.peq +R41988 Coqlib.peq +R42080 Maps.gsspec +R42080 Maps.gsspec +R42100 Coqlib.peq +R42100 Coqlib.peq +R42289 Coq.Init.Logic "x <> y" type_scope +R42284 Maps "a ! b" +R42267 Cminor.set_locals +R42292 Coq.Init.Datatypes.None +R42247 Coq.Init.Logic "A \/ B" type_scope +R42236 Coq.Lists.List.In +R42255 Coq.Init.Logic "x <> y" type_scope +R42251 Maps "a ! b" +R42258 Coq.Init.Datatypes.None +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R42357 Maps.gsspec +R42357 Maps.gsspec +R42377 Coqlib.peq +R42377 Coqlib.peq +R42435 Coq.Init.Logic "x <> y" type_scope +R42435 Coq.Init.Logic "x <> y" type_scope +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R42607 Coq.Init.Logic "x <> y" type_scope +R42602 Maps "a ! b" +R42562 Cminor.set_locals +R42579 Cminor.set_params +R42610 Coq.Init.Datatypes.None +R42533 Coq.Lists.List.In +R42547 Coq.Lists.List "x ++ y" list_scope +R42639 Cminorgenproof.set_locals_defined +R42639 Cminorgenproof.set_locals_defined +R42668 Coq.Lists.List.in_app_or +R42668 Coq.Lists.List.in_app_or +R42711 Cminorgenproof.set_params_defined +R42711 Cminorgenproof.set_params_defined +R43290 Coq.Init.Logic "'exists' x , p" type_scope +R43325 Coq.Init.Logic "A /\ B" type_scope +R43306 Mem.inject_incr +R43351 Coq.Init.Logic "A /\ B" type_scope +R43328 Mem.mem_inject +R43354 Cminorgenproof.match_callstack +R43475 Mem.nextblock +R43459 Mem.nextblock +R43424 Coq.Lists.List "x :: y" list_scope +R43374 Cminorgenproof.mkframe +R43413 Mem.nextblock +R43398 Mem.nextblock +R43241 Cminor.set_locals +R43259 Cminor.set_params +R43174 Coq.Lists.List.map +R43215 Cminorgenproof.fn_vars +R43185 Coq.Init.Datatypes.fst +R43195 Cminorplus.local_variable +R43189 AST.ident +R43104 Coq.Lists.List.map +R43143 Cminorgenproof.fn_params +R43115 Coq.Init.Datatypes.fst +R43125 AST.memory_chunk +R43119 AST.ident +R43066 Mem.mem_inject +R43009 Cminorgenproof.match_callstack +R43048 Mem.nextblock +R43033 Mem.nextblock +R42992 Coq.Init.Logic "x = y" type_scope +R42974 Mem.alloc +R42994 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R42913 Cminorplus.alloc_variables +R42944 Cminorplus.fn_variables +R42929 Cminorgenproof.empty_env +R42890 Coq.ZArith.BinInt "x <= y" Z_scope +R42893 Integers.max_signed +R42869 Coq.Init.Logic "x = y" type_scope +R42850 Cminorgen.build_compilenv +R42871 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R43525 Coq.Init.Logic "x = y" type_scope +R43527 Mem.nextblock +R43525 Coq.Init.Logic "x = y" type_scope +R43527 Mem.nextblock +R43603 Cminorgenproof.match_callstack_alloc_variables_rec +R43603 Cminorgenproof.match_callstack_alloc_variables_rec +R43673 Mem.valid_new_block +R43673 Mem.valid_new_block +R43708 Mem.low_bound_alloc +R43708 Mem.low_bound_alloc +R43748 Coqlib.zeq_true +R43748 Coqlib.zeq_true +R43769 Mem.high_bound_alloc +R43769 Mem.high_bound_alloc +R43810 Coqlib.zeq_true +R43810 Coqlib.zeq_true +R43875 Mem.valid_block +R43875 Mem.valid_block +R43903 Mem.valid_new_block +R43903 Mem.valid_new_block +R43981 Maps.gi +R43981 Maps.gi +R44034 Maps.gempty +R44034 Maps.gempty +R44152 Maps.gempty +R44152 Maps.gempty +R44245 Maps.gempty +R44245 Maps.gempty +R44306 Mem.mi_mappedblocks +R44306 Mem.mi_mappedblocks +R44360 Mem.fresh_block_alloc +R44360 Mem.fresh_block_alloc +R44432 Mem.mi_mappedblocks +R44432 Mem.mi_mappedblocks +R44527 Mem.alloc_right_inject +R44527 Mem.alloc_right_inject +R44579 Mem.mi_mappedblocks +R44579 Mem.mi_mappedblocks +R44708 Cminorgenproof.set_locals_params_defined +R44708 Cminorgenproof.set_locals_params_defined +R44823 Cminorgenproof.fn_params +R44797 Cminorplus.fn_params +R44823 Cminorgenproof.fn_params +R44797 Cminorplus.fn_params +R44876 Cminorgenproof.fn_vars +R44852 Cminorplus.fn_vars +R44876 Cminorgenproof.fn_vars +R44852 Cminorplus.fn_vars +R44902 Coq.Lists.List.in_app_or +R44902 Coq.Lists.List.in_app_or +R44939 Coqlib.list_in_map_inv +R44939 Coqlib.list_in_map_inv +R44990 Coq.Lists.List.in_or_app +R44990 Coq.Lists.List.in_or_app +R45026 Coq.Lists.List.in_map +R45026 Coq.Lists.List.in_map +R45053 Coq.Lists.List.in_or_app +R45053 Coq.Lists.List.in_or_app +R45090 Coq.Init.Datatypes.fst +R45094 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45090 Coq.Init.Datatypes.fst +R45094 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45111 Coq.Lists.List.in_map +R45111 Coq.Lists.List.in_map +R45260 Coq.ZArith.BinInt "x <= y" Z_scope +R45247 Mem.nextblock +R45263 Mem.nextblock +R45206 Cminorplus.alloc_variables +R45536 Coq.Init.Logic "A <-> B" type_scope +R45514 Coq.ZArith.BinInt "x <= y < z" Z_scope +R45503 Mem.nextblock +R45525 Mem.nextblock +R45540 Coq.Lists.List.In +R45448 Cminorplus.alloc_variables +R45688 Coq.Init.Logic "x = y" type_scope +R45676 Mem.nextblock +R45688 Coq.Init.Logic "x = y" type_scope +R45676 Mem.nextblock +R45745 Coq.Init.Logic "x = y" type_scope +R45732 Mem.nextblock +R45747 Coq.ZArith.BinInt.Zsucc +R45754 Mem.nextblock +R45745 Coq.Init.Logic "x = y" type_scope +R45732 Mem.nextblock +R45747 Coq.ZArith.BinInt.Zsucc +R45754 Mem.nextblock +R45867 Coq.Init.Logic "A \/ B" type_scope +R45863 Coq.Init.Logic "x = y" type_scope +R45851 Mem.nextblock +R45883 Coq.ZArith.BinInt "x <= y < z" Z_scope +R45870 Mem.nextblock +R45890 Mem.nextblock +R45867 Coq.Init.Logic "A \/ B" type_scope +R45863 Coq.Init.Logic "x = y" type_scope +R45851 Mem.nextblock +R45883 Coq.ZArith.BinInt "x <= y < z" Z_scope +R45870 Mem.nextblock +R45890 Mem.nextblock +R46036 Cminorgenproof.alloc_variables_nextblock_incr +R46036 Cminorgenproof.alloc_variables_nextblock_incr +R46236 Cminor.env +R46224 Coq.Lists.List.list +R46229 Values.val +R46193 Coq.Lists.List.list +R46205 Coq.Init.Datatypes "x * y" type_scope +R46199 AST.ident +R46207 AST.memory_chunk +R46183 Mem.meminj +R46317 Coq.Lists.List.nil +R46313 Coq.Lists.List.nil +R46528 Coq.Lists.List "x :: y" list_scope +R46516 Coq.Lists.List "x :: y" list_scope +R46504 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R46418 Mem.val_inject +R46399 Coq.Init.Logic "x = y" type_scope +R46395 Maps "a ! b" +R46401 Coq.Init.Datatypes.Some +R46710 Cminorgenproof.vars_vals_match +R46696 Coq.Init.Logic "x = y" type_scope +R46692 Maps "a ! b" +R46700 Maps "a ! b" +R46669 Coq.Lists.List.In +R46672 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R46604 Cminorgenproof.vars_vals_match +R47283 Coq.Init.Logic "'exists' x , p" type_scope +R47295 Coq.Init.Logic "'exists' x , p" type_scope +R47447 Coq.Init.Logic "A /\ B" type_scope +R47312 Cminor.exec_stmtlist +R47434 Cminor.Out_normal +R47377 Cminorgen.store_parameters +R47331 Values.Vptr +R47339 Integers.zero +R47472 Coq.Init.Logic "A /\ B" type_scope +R47450 Mem.mem_inject +R47475 Cminorgenproof.match_callstack +R47549 Mem.nextblock +R47533 Mem.nextblock +R47522 Coq.Lists.List "x :: y" list_scope +R47494 Cminorgenproof.mkframe +R47190 Cminorgenproof.match_callstack +R47264 Mem.nextblock +R47248 Mem.nextblock +R47237 Coq.Lists.List "x :: y" list_scope +R47209 Cminorgenproof.mkframe +R47165 Mem.mem_inject +R47103 Coqlib.list_norepet +R47117 Coq.Lists.List.map +R47128 Coq.Init.Datatypes.fst +R47138 AST.memory_chunk +R47132 AST.ident +R47066 Cminorgenproof.vars_vals_match +R46990 Cminorplus.bind_parameters +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R47961 Coq.Init.Logic "x = y" type_scope +R47948 Mem.nextblock +R47963 Mem.nextblock +R47961 Coq.Init.Logic "x = y" type_scope +R47948 Mem.nextblock +R47963 Mem.nextblock +R47993 Mem.store_inv +R47993 Mem.store_inv +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R48153 Cminorplus.local_variable +R48131 Cminorgenproof.local_variable +R48153 Cminorplus.local_variable +R48131 Cminorgenproof.local_variable +R48256 Coq.Init.Logic "x = y" type_scope +R48256 Coq.Init.Logic "x = y" type_scope +R48295 Cminor.eval_expr +R48341 Cminor.Evar +R48328 Coq.Lists.List.nil +R48310 Values.Vptr +R48318 Integers.zero +R48295 Cminor.eval_expr +R48341 Cminor.Evar +R48328 Coq.Lists.List.nil +R48310 Values.Vptr +R48318 Integers.zero +R48400 Cminorgenproof.make_cast_correct +R48400 Cminorgenproof.make_cast_correct +R48521 Maps.set +R48521 Maps.set +R48560 Cminorgenproof.vars_vals_match +R48560 Cminorgenproof.vars_vals_match +R48604 Cminorgenproof.vars_vals_match_extensional +R48604 Cminorgenproof.vars_vals_match_extensional +R48678 Maps.gso +R48678 Maps.gso +R48741 Coq.Init.Datatypes.fst +R48745 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48741 Coq.Init.Datatypes.fst +R48745 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48762 Coq.Lists.List.in_map +R48762 Coq.Lists.List.in_map +R48795 Mem.store_unmapped_inject +R48795 Mem.store_unmapped_inject +R48873 Cminorgenproof.match_callstack_store_local +R48873 Cminorgenproof.match_callstack_store_local +R49195 Cminor.exec_Scons_continue +R49195 Cminor.exec_Scons_continue +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R49408 Cminorplus.local_variable +R49386 Cminorgenproof.local_variable +R49408 Cminorplus.local_variable +R49386 Cminorgenproof.local_variable +R49515 Cminorgenproof.make_stackaddr_correct +R49541 Coq.Lists.List.nil +R49515 Cminorgenproof.make_stackaddr_correct +R49541 Coq.Lists.List.nil +R49576 Cminor.eval_expr +R49622 Cminor.Evar +R49609 Coq.Lists.List.nil +R49591 Values.Vptr +R49599 Integers.zero +R49576 Cminor.eval_expr +R49622 Cminor.Evar +R49609 Coq.Lists.List.nil +R49591 Values.Vptr +R49599 Integers.zero +R49679 Cminorgenproof.make_store_correct +R49747 Values.Vptr +R49754 Integers.zero +R49679 Cminorgenproof.make_store_correct +R49747 Values.Vptr +R49754 Integers.zero +R49873 Coq.Init.Logic "x <> y" type_scope +R49876 Coq.Init.Datatypes.None +R49873 Coq.Init.Logic "x <> y" type_scope +R49876 Coq.Init.Datatypes.None +R49923 Cminorgenproof.match_callstack_mapped +R49923 Cminorgenproof.match_callstack_mapped +R50210 Cminor.exec_Scons_continue +R50210 Cminor.exec_Scons_continue +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R50393 Cminorplus.local_variable +R50371 Cminorgenproof.local_variable +R50393 Cminorplus.local_variable +R50371 Cminorgenproof.local_variable +R50460 Cminorplus.local_variable +R50438 Cminorgenproof.local_variable +R50460 Cminorplus.local_variable +R50438 Cminorgenproof.local_variable +R50704 Cminorgenproof.vars_vals_match +R50739 Cminor.set_params +R50757 Coq.Lists.List.map +R50768 Coq.Init.Datatypes.fst +R50778 AST.memory_chunk +R50772 AST.ident +R50670 Mem.val_list_inject +R50646 Coq.Init.Logic "x = y" type_scope +R50627 Coq.Lists.List.length +R50648 Coq.Lists.List.length +R50565 Coqlib.list_norepet +R50579 Coq.Lists.List.map +R50590 Coq.Init.Datatypes.fst +R50600 AST.memory_chunk +R50594 AST.ident +R51016 Maps.gss +R51016 Maps.gss +R51093 Cminor.set_params +R51109 Coq.Lists.List.map +R51115 Coq.Init.Datatypes.fst +R51125 AST.memory_chunk +R51119 AST.ident +R51057 Cminorgenproof.vars_vals_match_extensional +R51093 Cminor.set_params +R51109 Coq.Lists.List.map +R51115 Coq.Init.Datatypes.fst +R51125 AST.memory_chunk +R51119 AST.ident +R51057 Cminorgenproof.vars_vals_match_extensional +R51199 Maps.gso +R51199 Maps.gso +R51275 Coq.Init.Datatypes.fst +R51279 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51252 Coq.Init.Datatypes.fst +R51256 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51275 Coq.Init.Datatypes.fst +R51279 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51252 Coq.Init.Datatypes.fst +R51256 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51299 Coq.Lists.List.in_map +R51299 Coq.Lists.List.in_map +R51597 Cminorgenproof.vars_vals_match +R51632 Cminor.set_locals +R51694 Cminor.set_params +R51712 Coq.Lists.List.map +R51723 Coq.Init.Datatypes.fst +R51733 AST.memory_chunk +R51727 AST.ident +R51644 Coq.Lists.List.map +R51655 Coq.Init.Datatypes.fst +R51665 Cminorplus.local_variable +R51659 AST.ident +R51477 Coqlib.list_norepet +R51546 Coq.Lists.List "x ++ y" list_scope +R51491 Coq.Lists.List.map +R51502 Coq.Init.Datatypes.fst +R51512 Cminorplus.local_variable +R51506 AST.ident +R51549 Coq.Lists.List.map +R51560 Coq.Init.Datatypes.fst +R51570 AST.memory_chunk +R51564 AST.ident +R51428 Mem.val_list_inject +R51404 Coq.Init.Logic "x = y" type_scope +R51385 Coq.Lists.List.length +R51406 Coq.Lists.List.length +R51807 Cminorgenproof.vars_vals_match_holds_1 +R51807 Cminorgenproof.vars_vals_match_holds_1 +R51877 Cminorgenproof.vars_vals_match_extensional +R51877 Cminorgenproof.vars_vals_match_extensional +R51929 Maps.gso +R51929 Maps.gso +R51979 Coq.Lists.List.in_or_app +R51979 Coq.Lists.List.in_or_app +R52018 Coq.Init.Datatypes.fst +R52022 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52023 Coq.Init.Datatypes.fst +R52005 Coq.Init.Datatypes.fst +R52018 Coq.Init.Datatypes.fst +R52022 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52023 Coq.Init.Datatypes.fst +R52005 Coq.Init.Datatypes.fst +R52044 Coq.Lists.List.in_map +R52044 Coq.Lists.List.in_map +R52191 Coq.Init.Logic "x = y" type_scope +R52172 Coq.Lists.List.length +R52193 Coq.Lists.List.length +R52131 Cminorplus.bind_parameters +R52816 Coq.Init.Logic "'exists' x , p" type_scope +R52827 Coq.Init.Logic "'exists' x , p" type_scope +R52839 Coq.Init.Logic "'exists' x , p" type_scope +R52998 Coq.Init.Logic "A /\ B" type_scope +R52856 Cminor.exec_stmtlist +R52985 Cminor.Out_normal +R52919 Cminorgen.store_parameters +R52945 Cminorgenproof.fn_params +R52875 Values.Vptr +R52883 Integers.zero +R53024 Coq.Init.Logic "A /\ B" type_scope +R53001 Mem.mem_inject +R53046 Coq.Init.Logic "A /\ B" type_scope +R53027 Mem.inject_incr +R53177 Coq.Init.Logic "A /\ B" type_scope +R53049 Cminorgenproof.match_callstack +R53161 Mem.nextblock +R53145 Mem.nextblock +R53127 Coq.Lists.List "x :: y" list_scope +R53076 Cminorgenproof.mkframe +R53116 Mem.nextblock +R53101 Mem.nextblock +R53227 Coq.Init.Logic "A <-> B" type_scope +R53205 Coq.ZArith.BinInt "x <= y < z" Z_scope +R53194 Mem.nextblock +R53216 Mem.nextblock +R53231 Coq.Lists.List.In +R52757 Coqlib.list_norepet +R52790 Coq.Lists.List "x ++ y" list_scope +R52771 Cminorplus.fn_params_names +R52793 Cminorplus.fn_vars_names +R52734 Mem.mem_inject +R52698 Mem.val_list_inject +R52622 Cminor.set_locals +R52653 Cminor.set_params +R52672 Cminorplus.fn_params_names +R52634 Cminorplus.fn_vars_names +R52591 Coq.Init.Logic "x = y" type_scope +R52573 Mem.alloc +R52593 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52550 Coq.ZArith.BinInt "x <= y" Z_scope +R52553 Integers.max_signed +R52529 Coq.Init.Logic "x = y" type_scope +R52510 Cminorgen.build_compilenv +R52531 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52453 Cminorgenproof.match_callstack +R52492 Mem.nextblock +R52477 Mem.nextblock +R52401 Cminorplus.bind_parameters +R52426 Cminorgenproof.fn_params +R52342 Cminorplus.alloc_variables +R52371 Cminorplus.fn_variables +R52358 Cminorplus.empty_env +R53273 Cminorgenproof.bind_parameters_length +R53273 Cminorgenproof.bind_parameters_length +R53335 Cminorgenproof.match_callstack_alloc_variables +R53335 Cminorgenproof.match_callstack_alloc_variables +R53501 Mem.val_list_inject +R53501 Mem.val_list_inject +R53546 Mem.val_list_inject_incr +R53546 Mem.val_list_inject_incr +R53589 Cminorgenproof.vars_vals_match_holds +R53648 Coqlib.list_norepet_append_commut +R53589 Cminorgenproof.vars_vals_match_holds +R53648 Coqlib.list_norepet_append_commut +R53726 Coqlib.list_norepet +R53740 Coq.Lists.List.map +R53779 Cminorgenproof.fn_params +R53751 Coq.Init.Datatypes.fst +R53761 AST.memory_chunk +R53755 AST.ident +R53726 Coqlib.list_norepet +R53740 Coq.Lists.List.map +R53779 Cminorgenproof.fn_params +R53751 Coq.Init.Datatypes.fst +R53761 AST.memory_chunk +R53755 AST.ident +R53840 Coqlib.list_norepet_append_left +R53840 Coqlib.list_norepet_append_left +R53885 Cminorgenproof.store_parameters_correct +R53885 Cminorgenproof.store_parameters_correct +R54133 Cminorgenproof.alloc_variables_list_block +R54133 Cminorgenproof.alloc_variables_list_block +R54306 Coq.Init.Logic "x = y" type_scope +R54291 Cminorgen.bind +R54308 Coq.Init.Datatypes.Some +R54565 Coq.Init.Logic "x = y" type_scope +R54560 Coq.Init.Datatypes.None +R54567 Coq.Init.Datatypes.Some +R54628 Coq.Init.Logic "x = y" type_scope +R54621 Coq.Init.Datatypes.Some +R54630 Coq.Init.Datatypes.Some +R54369 Coq.Init.Logic.refl_equal +R54791 Coq.Init.Logic "x = y" type_scope +R54776 Cminorgen.bind +R54793 Coq.Init.Datatypes.Some +R54839 Coq.Init.Logic "x = y" type_scope +R54834 Coq.Init.Datatypes.None +R54841 Coq.Init.Datatypes.Some +R54888 Coq.Init.Logic "x = y" type_scope +R54881 Coq.Init.Datatypes.Some +R54890 Coq.Init.Datatypes.Some +R54947 Coq.Init.Logic "x = y" type_scope +R54949 Coq.Init.Datatypes.Some +R55013 Coq.Init.Logic "x = y" type_scope +R55015 Coq.Init.Datatypes.Some +R55077 Coq.Init.Logic "x = y" type_scope +R55079 Coq.Init.Datatypes.Some +R55139 Coq.Init.Logic "x = y" type_scope +R55141 Coq.Init.Datatypes.Some +R55199 Coq.Init.Logic "x = y" type_scope +R55201 Coq.Init.Datatypes.Some +R55257 Coq.Init.Logic "x = y" type_scope +R55259 Coq.Init.Datatypes.Some +R55313 Coq.Init.Logic "x = y" type_scope +R55315 Coq.Init.Datatypes.Some +R55818 Coq.Init.Logic "'exists' x , p" type_scope +R55829 Coq.Init.Logic "'exists' x , p" type_scope +R55841 Coq.Init.Logic "'exists' x , p" type_scope +R55853 Coq.Init.Logic "'exists' x , p" type_scope +R55930 Coq.Init.Logic "A /\ B" type_scope +R55869 Cminor.eval_expr +R55884 Values.Vptr +R55892 Integers.zero +R55954 Coq.Init.Logic "A /\ B" type_scope +R55933 Mem.val_inject +R55980 Coq.Init.Logic "A /\ B" type_scope +R55957 Mem.mem_inject +R56003 Coq.Init.Logic "A /\ B" type_scope +R55983 Mem.inject_incr +R56006 Cminorgenproof.match_callstack +R56097 Mem.nextblock +R56081 Mem.nextblock +R56062 Coq.Lists.List "x :: y" list_scope +R56034 Cminorgenproof.mkframe +R55703 Cminorgenproof.match_callstack +R55800 Mem.nextblock +R55784 Mem.nextblock +R55762 Coq.Lists.List "x :: y" list_scope +R55734 Cminorgenproof.mkframe +R55671 Mem.mem_inject +R55635 Mem.val_list_inject +R55615 Coq.Init.Logic "x = y" type_scope +R55596 Cminorgen.transl_expr +R55617 Coq.Init.Datatypes.Some +R55530 Values.val +R55521 Mem.mem +R55508 Cminorgenproof.expr +R55499 Mem.mem +R55487 Cminorgenproof.env +R55473 Cminorgenproof.letenv +R56515 Coq.Init.Logic "'exists' x , p" type_scope +R56526 Coq.Init.Logic "'exists' x , p" type_scope +R56538 Coq.Init.Logic "'exists' x , p" type_scope +R56550 Coq.Init.Logic "'exists' x , p" type_scope +R56634 Coq.Init.Logic "A /\ B" type_scope +R56567 Cminor.eval_exprlist +R56586 Values.Vptr +R56594 Integers.zero +R56665 Coq.Init.Logic "A /\ B" type_scope +R56637 Mem.val_list_inject +R56691 Coq.Init.Logic "A /\ B" type_scope +R56668 Mem.mem_inject +R56714 Coq.Init.Logic "A /\ B" type_scope +R56694 Mem.inject_incr +R56717 Cminorgenproof.match_callstack +R56808 Mem.nextblock +R56792 Mem.nextblock +R56773 Coq.Lists.List "x :: y" list_scope +R56745 Cminorgenproof.mkframe +R56400 Cminorgenproof.match_callstack +R56497 Mem.nextblock +R56481 Mem.nextblock +R56459 Coq.Lists.List "x :: y" list_scope +R56431 Cminorgenproof.mkframe +R56368 Mem.mem_inject +R56332 Mem.val_list_inject +R56311 Coq.Init.Logic "x = y" type_scope +R56287 Cminorgen.transl_exprlist +R56313 Coq.Init.Datatypes.Some +R56215 Coq.Lists.List.list +R56220 Values.val +R56205 Mem.mem +R56188 Cminorgenproof.exprlist +R56178 Mem.mem +R56166 Cminorgenproof.env +R56152 Cminorgenproof.letenv +R57143 Coq.Init.Logic "'exists' x , p" type_scope +R57154 Coq.Init.Logic "'exists' x , p" type_scope +R57166 Coq.Init.Logic "'exists' x , p" type_scope +R57226 Coq.Init.Logic "A /\ B" type_scope +R57184 Cminor.eval_funcall +R57254 Coq.Init.Logic "A /\ B" type_scope +R57229 Mem.val_inject +R57280 Coq.Init.Logic "A /\ B" type_scope +R57257 Mem.mem_inject +R57303 Coq.Init.Logic "A /\ B" type_scope +R57283 Mem.inject_incr +R57306 Cminorgenproof.match_callstack +R57348 Mem.nextblock +R57332 Mem.nextblock +R57109 Mem.val_list_inject +R57040 Cminorgenproof.match_callstack +R57082 Mem.nextblock +R57066 Mem.nextblock +R57008 Mem.mem_inject +R56987 Coq.Init.Logic "x = y" type_scope +R56968 Cminorgen.transl_function +R56989 Coq.Init.Datatypes.Some +R56917 Values.val +R56906 Mem.mem +R56891 Coq.Lists.List.list +R56896 Values.val +R56872 Cminorgenproof.function +R56862 Mem.mem +R57393 Mem.meminj +R57416 Cminor.outcome +R57403 Cminorgenproof.outcome +R57498 Cminor.Out_normal +R57485 Cminorgenproof.Out_normal +R57583 Cminor.Out_exit +R57568 Cminorgenproof.Out_exit +R57671 Cminor.Out_return +R57682 Coq.Init.Datatypes.None +R57651 Cminorgenproof.Out_return +R57664 Coq.Init.Datatypes.None +R57817 Cminor.Out_return +R57829 Coq.Init.Datatypes.Some +R57792 Cminorgenproof.Out_return +R57806 Coq.Init.Datatypes.Some +R57746 Mem.val_inject +R58173 Coq.Init.Logic "'exists' x , p" type_scope +R58184 Coq.Init.Logic "'exists' x , p" type_scope +R58196 Coq.Init.Logic "'exists' x , p" type_scope +R58208 Coq.Init.Logic "'exists' x , p" type_scope +R58285 Coq.Init.Logic "A /\ B" type_scope +R58226 Cminor.exec_stmt +R58241 Values.Vptr +R58249 Integers.zero +R58317 Coq.Init.Logic "A /\ B" type_scope +R58288 Cminorgenproof.outcome_inject +R58343 Coq.Init.Logic "A /\ B" type_scope +R58320 Mem.mem_inject +R58366 Coq.Init.Logic "A /\ B" type_scope +R58346 Mem.inject_incr +R58369 Cminorgenproof.match_callstack +R58460 Mem.nextblock +R58444 Mem.nextblock +R58425 Coq.Lists.List "x :: y" list_scope +R58397 Cminorgenproof.mkframe +R58058 Cminorgenproof.match_callstack +R58155 Mem.nextblock +R58139 Mem.nextblock +R58117 Coq.Lists.List "x :: y" list_scope +R58089 Cminorgenproof.mkframe +R58026 Mem.mem_inject +R58006 Coq.Init.Logic "x = y" type_scope +R57987 Cminorgen.transl_stmt +R58008 Coq.Init.Datatypes.Some +R57920 Cminorgenproof.outcome +R57909 Mem.mem +R57896 Cminorgenproof.stmt +R57887 Mem.mem +R57875 Cminorgenproof.env +R58820 Coq.Init.Logic "'exists' x , p" type_scope +R58831 Coq.Init.Logic "'exists' x , p" type_scope +R58843 Coq.Init.Logic "'exists' x , p" type_scope +R58855 Coq.Init.Logic "'exists' x , p" type_scope +R58936 Coq.Init.Logic "A /\ B" type_scope +R58873 Cminor.exec_stmtlist +R58892 Values.Vptr +R58900 Integers.zero +R58968 Coq.Init.Logic "A /\ B" type_scope +R58939 Cminorgenproof.outcome_inject +R58994 Coq.Init.Logic "A /\ B" type_scope +R58971 Mem.mem_inject +R59017 Coq.Init.Logic "A /\ B" type_scope +R58997 Mem.inject_incr +R59020 Cminorgenproof.match_callstack +R59111 Mem.nextblock +R59095 Mem.nextblock +R59076 Coq.Lists.List "x :: y" list_scope +R59048 Cminorgenproof.mkframe +R58705 Cminorgenproof.match_callstack +R58802 Mem.nextblock +R58786 Mem.nextblock +R58764 Coq.Lists.List "x :: y" list_scope +R58736 Cminorgenproof.mkframe +R58673 Mem.mem_inject +R58653 Coq.Init.Logic "x = y" type_scope +R58630 Cminorgen.transl_stmtlist +R58655 Coq.Init.Datatypes.Some +R58563 Cminorgenproof.outcome +R58552 Mem.mem +R58535 Cminorgenproof.stmtlist +R58526 Mem.mem +R58514 Cminorgenproof.env +R59381 Cminorgenproof.eval_expr_prop +R59404 Cminorgenproof.Evar +R59366 Coq.Init.Logic "x = y" type_scope +R59349 Mem.load +R59368 Coq.Init.Datatypes.Some +R59316 Coq.Init.Logic "x = y" type_scope +R59311 Maps "a ! b" +R59318 Coq.Init.Datatypes.Some +R59323 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R59327 Cminorplus.LVscalar +R59300 Values.val +R59281 AST.memory_chunk +R59265 Values.block +R59245 Coq.NArith.BinPos.positive +R59234 Mem.mem +R59195 Maps.t +R59210 Coq.Init.Datatypes "x * y" type_scope +R59204 Values.block +R59212 Cminorplus.local_variable +R59175 Cminorgenproof.letenv +R59490 Cminorgenproof.var_get_correct +R59490 Cminorgenproof.var_get_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R60045 Cminorgenproof.eval_expr_prop +R60068 Cminorgenproof.Eassign +R60029 Coq.Init.Logic "x = y" type_scope +R60007 Mem.store +R60031 Coq.Init.Datatypes.Some +R59991 Coq.Init.Logic "x = y" type_scope +R59977 Cminorplus.cast +R59993 Coq.Init.Datatypes.Some +R59944 Coq.Init.Logic "x = y" type_scope +R59939 Maps "a ! b" +R59946 Coq.Init.Datatypes.Some +R59951 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R59955 Cminorplus.LVscalar +R59901 Cminorgenproof.eval_expr_prop +R59865 Cminorgenproof.eval_expr +R59856 Mem.mem +R59845 Values.val +R59845 Values.val +R59822 AST.memory_chunk +R59801 Values.block +R59791 Mem.mem +R59777 Cminorgenproof.expr +R59762 Coq.NArith.BinPos.positive +R59746 Mem.mem +R59734 Cminorgenproof.env +R59719 Cminorgenproof.letenv +R60291 Cminorgenproof.var_set_correct +R60291 Cminorgenproof.var_set_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R60736 Cminorgenproof.eval_expr_prop +R60774 Values.Vptr +R60781 Integers.zero +R60759 Cminorplus.Eaddrof +R60715 Coq.Init.Logic "x = y" type_scope +R60710 Maps "a ! b" +R60717 Coq.Init.Datatypes.Some +R60722 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R60688 Cminorplus.local_variable +R60675 Values.block +R60655 Coq.NArith.BinPos.positive +R60644 Mem.mem +R60605 Maps.t +R60620 Coq.Init.Datatypes "x * y" type_scope +R60614 Values.block +R60622 Cminorplus.local_variable +R60585 Cminorgenproof.letenv +R60850 Cminorgenproof.var_addr_local_correct +R60850 Cminorgenproof.var_addr_local_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R61243 Cminorgenproof.eval_expr_prop +R61281 Values.Vptr +R61288 Integers.zero +R61266 Cminorplus.Eaddrof +R61228 Coq.Init.Logic "x = y" type_scope +R61205 Globalenvs.find_symbol +R61230 Coq.Init.Datatypes.Some +R61192 Coq.Init.Logic "x = y" type_scope +R61187 Maps "a ! b" +R61194 Coq.Init.Datatypes.None +R61174 Values.block +R61154 Coq.NArith.BinPos.positive +R61143 Mem.mem +R61104 Maps.t +R61119 Coq.Init.Datatypes "x * y" type_scope +R61113 Values.block +R61121 Cminorplus.local_variable +R61084 Cminorgenproof.letenv +R61357 Cminorgenproof.var_addr_global_correct +R61357 Cminorgenproof.var_addr_global_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R61825 Cminorgenproof.eval_expr_prop +R61848 Cminorgenproof.Eop +R61810 Coq.Init.Logic "x = y" type_scope +R61784 Cminorgenproof.eval_operation +R61812 Coq.Init.Datatypes.Some +R61743 Cminorgenproof.eval_exprlist_prop +R61702 Cminorgenproof.eval_exprlist +R61693 Values.val +R61678 Coq.Lists.List.list +R61683 Values.val +R61662 Mem.mem +R61644 Cminorgenproof.exprlist +R61625 Cminorgenproof.operation +R61609 Mem.mem +R61597 Cminorgenproof.env +R61582 Cminorgenproof.letenv +R62065 Cminorgenproof.make_op_correct +R62065 Cminorgenproof.make_op_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R62507 Cminorgenproof.eval_expr_prop +R62530 Cminorgenproof.Eload +R62492 Coq.Init.Logic "x = y" type_scope +R62474 Mem.loadv +R62494 Coq.Init.Datatypes.Some +R62438 Cminorgenproof.eval_expr_prop +R62402 Cminorgenproof.eval_expr +R62393 Values.val +R62393 Values.val +R62375 Mem.mem +R62361 Cminorgenproof.expr +R62342 AST.memory_chunk +R62323 Mem.mem +R62311 Cminorgenproof.env +R62296 Cminorgenproof.letenv +R62732 Mem.loadv_inject +R62732 Mem.loadv_inject +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R62879 Cminorgenproof.make_load_correct +R62879 Cminorgenproof.make_load_correct +R63326 Cminorgenproof.eval_expr_prop +R63349 Cminorgenproof.Estore +R63310 Coq.Init.Logic "x = y" type_scope +R63288 Mem.storev +R63312 Coq.Init.Datatypes.Some +R63272 Coq.Init.Logic "x = y" type_scope +R63258 Cminorplus.cast +R63274 Coq.Init.Datatypes.Some +R63221 Cminorgenproof.eval_expr_prop +R63184 Cminorgenproof.eval_expr +R63148 Cminorgenproof.eval_expr_prop +R63112 Cminorgenproof.eval_expr +R63103 Values.val +R63092 Mem.mem +R63081 Values.val +R63070 Mem.mem +R63059 Values.val +R63043 Mem.mem +R63029 Cminorgenproof.expr +R63029 Cminorgenproof.expr +R63008 AST.memory_chunk +R62989 Mem.mem +R62977 Cminorgenproof.env +R62962 Cminorgenproof.letenv +R63559 Mem.val_list_inject +R63559 Mem.val_list_inject +R63594 Mem.val_list_inject_incr +R63594 Mem.val_list_inject_incr +R63768 Mem.val_inject +R63768 Mem.val_inject +R63798 Mem.val_inject_incr +R63798 Mem.val_inject_incr +R63834 Cminorgenproof.make_store_correct +R63834 Cminorgenproof.make_store_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R64079 Mem.inject_incr_trans +R64079 Mem.inject_incr_trans +R64115 Mem.val_inject +R64115 Mem.val_inject +R64145 Mem.val_inject_incr +R64145 Mem.val_inject_incr +R64270 Mem.nextblock +R64290 Mem.nextblock +R64270 Mem.nextblock +R64290 Mem.nextblock +R64314 Cminorgenproof.match_callstack_mapped +R64314 Cminorgenproof.match_callstack_mapped +R64372 Mem.store_inv +R64372 Mem.store_inv +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R64514 Coq.Init.Logic "x = y" type_scope +R64506 Cminor.fn_sig +R64519 Cminorgenproof.fn_sig +R64489 Coq.Init.Logic "x = y" type_scope +R64471 Cminorgen.transl_function +R64491 Coq.Init.Datatypes.Some +R64588 Cminorgen.build_compilenv +R64588 Cminorgen.build_compilenv +R64616 Coqlib.zle +R64622 Integers.max_signed +R64616 Coqlib.zle +R64622 Integers.max_signed +R65239 Cminorgenproof.eval_expr_prop +R65262 Cminorgenproof.Ecall +R65196 Cminorgenproof.eval_funcall_prop +R65153 Cminorgenproof.eval_funcall +R65141 Coq.Init.Logic "x = y" type_scope +R65130 Cminorgenproof.fn_sig +R65115 Coq.Init.Logic "x = y" type_scope +R65093 Globalenvs.find_funct +R65117 Coq.Init.Datatypes.Some +R65048 Cminorgenproof.eval_exprlist_prop +R65003 Cminorgenproof.eval_exprlist +R64967 Cminorgenproof.eval_expr_prop +R64931 Cminorgenproof.eval_expr +R64915 Cminorgenproof.function +R64900 Values.val +R64882 Coq.Lists.List.list +R64887 Values.val +R64868 Values.val +R64857 Mem.mem +R64857 Mem.mem +R64857 Mem.mem +R64828 Cminorgenproof.exprlist +R64814 Cminorgenproof.expr +R64798 AST.signature +R64781 Mem.mem +R64769 Cminorgenproof.env +R64754 Cminorgenproof.letenv +R65488 Mem.val_list_inject +R65488 Mem.val_list_inject +R65523 Mem.val_list_inject_incr +R65523 Mem.val_list_inject_incr +R65700 Coq.Init.Logic "x = y" type_scope +R65700 Coq.Init.Logic "x = y" type_scope +R65717 Globalenvs.find_funct_inv +R65717 Globalenvs.find_funct_inv +R65786 Globalenvs.find_funct_find_funct_ptr +R65786 Globalenvs.find_funct_find_funct_ptr +R65841 Globalenvs.find_funct_ptr_inv +R65841 Globalenvs.find_funct_ptr_inv +R65889 Cminorgenproof.match_globalenvs +R65889 Cminorgenproof.match_globalenvs +R65918 Cminorgenproof.match_callstack_match_globalenvs +R65918 Cminorgenproof.match_callstack_match_globalenvs +R65975 Cminorgenproof.mg_functions +R65975 Cminorgenproof.mg_functions +R66162 Cminorgenproof.functions_translated +R66162 Cminorgenproof.functions_translated +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R66403 Cminor.eval_Ecall +R66403 Cminor.eval_Ecall +R66443 Cminorgenproof.sig_transl_function +R66443 Cminorgenproof.sig_transl_function +R66478 Mem.inject_incr_trans +R66478 Mem.inject_incr_trans +R66520 Mem.inject_incr_trans +R66520 Mem.inject_incr_trans +R66892 Cminorgenproof.eval_expr_prop +R66915 Cminorgenproof.Econdition +R66855 Cminorgenproof.eval_expr_prop +R66818 Cminorgenproof.eval_expr +R66797 Values.is_true +R66761 Cminorgenproof.eval_expr_prop +R66725 Cminorgenproof.eval_expr +R66716 Values.val +R66700 Mem.mem +R66689 Values.val +R66678 Mem.mem +R66664 Cminorgenproof.expr +R66664 Cminorgenproof.expr +R66664 Cminorgenproof.expr +R66645 Mem.mem +R66633 Cminorgenproof.env +R66618 Cminorgenproof.letenv +R67125 Mem.val_list_inject +R67125 Mem.val_list_inject +R67160 Mem.val_list_inject_incr +R67160 Mem.val_list_inject_incr +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R67402 Cmconstrproof.eval_conditionalexpr_true +R67402 Cmconstrproof.eval_conditionalexpr_true +R67522 Mem.inject_incr_trans +R67522 Mem.inject_incr_trans +R67889 Cminorgenproof.eval_expr_prop +R67912 Cminorgenproof.Econdition +R67852 Cminorgenproof.eval_expr_prop +R67815 Cminorgenproof.eval_expr +R67793 Values.is_false +R67757 Cminorgenproof.eval_expr_prop +R67721 Cminorgenproof.eval_expr +R67712 Values.val +R67696 Mem.mem +R67685 Values.val +R67674 Mem.mem +R67660 Cminorgenproof.expr +R67660 Cminorgenproof.expr +R67660 Cminorgenproof.expr +R67641 Mem.mem +R67629 Cminorgenproof.env +R67614 Cminorgenproof.letenv +R68122 Mem.val_list_inject +R68122 Mem.val_list_inject +R68157 Mem.val_list_inject_incr +R68157 Mem.val_list_inject_incr +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R68399 Cmconstrproof.eval_conditionalexpr_false +R68399 Cmconstrproof.eval_conditionalexpr_false +R68520 Mem.inject_incr_trans +R68520 Mem.inject_incr_trans +R68862 Cminorgenproof.eval_expr_prop +R68885 Cminorgenproof.Elet +R68817 Cminorgenproof.eval_expr_prop +R68836 Coq.Lists.List "x :: y" list_scope +R68772 Cminorgenproof.eval_expr +R68791 Coq.Lists.List "x :: y" list_scope +R68736 Cminorgenproof.eval_expr_prop +R68700 Cminorgenproof.eval_expr +R68691 Values.val +R68680 Mem.mem +R68669 Values.val +R68658 Mem.mem +R68644 Cminorgenproof.expr +R68644 Cminorgenproof.expr +R68627 Mem.mem +R68615 Cminorgenproof.env +R68600 Cminorgenproof.letenv +R69087 Mem.val_list_inject +R69122 Coq.Lists.List "x :: y" list_scope +R69110 Coq.Lists.List "x :: y" list_scope +R69087 Mem.val_list_inject +R69122 Coq.Lists.List "x :: y" list_scope +R69110 Coq.Lists.List "x :: y" list_scope +R69162 Mem.val_list_inject_incr +R69162 Mem.val_list_inject_incr +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R69399 Cminor.eval_Elet +R69399 Cminor.eval_Elet +R69426 Mem.inject_incr_trans +R69426 Mem.inject_incr_trans +R69576 Coq.Init.Logic "'exists' x , p" type_scope +R69612 Coq.Init.Logic "A /\ B" type_scope +R69602 Coq.Init.Logic "x = y" type_scope +R69587 Coq.Lists.List.nth_error +R69604 Coq.Init.Datatypes.Some +R69615 Mem.val_inject +R69561 Coq.Init.Logic "x = y" type_scope +R69546 Coq.Lists.List.nth_error +R69563 Coq.Init.Datatypes.Some +R69504 Mem.val_list_inject +R69928 Cminorgenproof.eval_expr_prop +R69951 Cminorgenproof.Eletvar +R69913 Coq.Init.Logic "x = y" type_scope +R69898 Coq.Lists.List.nth_error +R69915 Coq.Init.Datatypes.Some +R69889 Values.val +R69874 Coq.Init.Datatypes.nat +R69864 Mem.mem +R69852 Cminorgenproof.env +R69837 Coq.Lists.List.list +R69842 Values.val +R70024 Cminorgenproof.val_list_inject_nth +R70024 Cminorgenproof.val_list_inject_nth +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R70159 Cminor.eval_Eletvar +R70159 Cminor.eval_Eletvar +R70273 Cminorgenproof.eval_exprlist_prop +R70308 Coq.Lists.List.nil +R70299 Cminorgenproof.Enil +R70264 Mem.mem +R70252 Cminorgenproof.env +R70237 Cminorgenproof.letenv +R70403 Coq.Lists.List.nil +R70407 Values.val +R70403 Coq.Lists.List.nil +R70407 Values.val +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R70788 Cminorgenproof.eval_exprlist_prop +R70835 Coq.Lists.List "x :: y" list_scope +R70815 Cminorgenproof.Econs +R70746 Cminorgenproof.eval_exprlist_prop +R70704 Cminorgenproof.eval_exprlist +R70669 Cminorgenproof.eval_expr_prop +R70634 Cminorgenproof.eval_expr +R70620 Coq.Lists.List.list +R70625 Values.val +R70609 Mem.mem +R70598 Values.val +R70583 Mem.mem +R70565 Cminorgenproof.exprlist +R70551 Cminorgenproof.expr +R70536 Mem.mem +R70524 Cminorgenproof.env +R70509 Cminorgenproof.letenv +R71027 Mem.val_list_inject +R71027 Mem.val_list_inject +R71062 Mem.val_list_inject_incr +R71062 Mem.val_list_inject_incr +R71236 Mem.val_inject +R71236 Mem.val_inject +R71265 Mem.val_inject_incr +R71265 Mem.val_inject_incr +R71338 Coq.Lists.List "x :: y" list_scope +R71338 Coq.Lists.List "x :: y" list_scope +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R71401 Mem.inject_incr_trans +R71401 Mem.inject_incr_trans +R71951 Cminorgenproof.eval_funcall_prop +R71980 Mem.free_list +R71890 Cminorgenproof.outcome_result_value +R71918 AST.sig_res +R71927 Cminorgenproof.fn_sig +R71839 Cminorgenproof.exec_stmtlist_prop +R71864 Cminorgenproof.fn_body +R71788 Cminorgenproof.exec_stmtlist +R71813 Cminorgenproof.fn_body +R71736 Cminorplus.bind_parameters +R71758 Cminorgenproof.fn_params +R71677 Cminorplus.alloc_variables +R71706 Cminorplus.fn_variables +R71693 Cminorplus.empty_env +R71619 Coqlib.list_norepet +R71651 Coq.Lists.List "x ++ y" list_scope +R71633 Cminorplus.fn_params_names +R71654 Cminorplus.fn_vars_names +R71610 Values.val +R71591 Cminorgenproof.outcome +R71574 Mem.mem +R71574 Mem.mem +R71553 Coq.Lists.List.list +R71558 Values.block +R71542 Mem.mem +R71529 Cminorgenproof.env +R71509 Coq.Lists.List.list +R71514 Values.val +R71488 Cminorgenproof.function +R71478 Mem.mem +R72094 Cminorgen.build_compilenv +R72094 Cminorgen.build_compilenv +R72177 Coqlib.zle +R72191 Integers.max_signed +R72177 Coqlib.zle +R72191 Integers.max_signed +R72262 Mem.alloc +R72262 Mem.alloc +R72318 Cminorgenproof.function_entry_ok +R72318 Cminorgenproof.function_entry_ok +R72623 Coq.Init.Logic "'exists' x , p" type_scope +R72704 Coq.Init.Logic "A /\ B" type_scope +R72649 Cminor.outcome_result_value +R72689 AST.sig_res +R72678 Cminorgenproof.fn_sig +R72718 Mem.val_inject +R72623 Coq.Init.Logic "'exists' x , p" type_scope +R72704 Coq.Init.Logic "A /\ B" type_scope +R72649 Cminor.outcome_result_value +R72689 AST.sig_res +R72678 Cminorgenproof.fn_sig +R72718 Mem.val_inject +R72854 AST.sig_res +R72863 Cminorgenproof.fn_sig +R72854 AST.sig_res +R72863 Cminorgenproof.fn_sig +R72912 Values.Vundef +R72912 Values.Vundef +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R72983 AST.sig_res +R72992 Cminorgenproof.fn_sig +R72983 AST.sig_res +R72992 Cminorgenproof.fn_sig +R73041 Values.Vundef +R73041 Values.Vundef +R73101 AST.sig_res +R73110 Cminorgenproof.fn_sig +R73101 AST.sig_res +R73110 Cminorgenproof.fn_sig +R73272 Mem.free +R73272 Mem.free +R73382 Cminor.exec_Scons_continue +R73382 Cminor.exec_Scons_continue +R73442 Cminor.outcome_block +R73456 Cminor.Out_normal +R73425 Cminor.Out_normal +R73442 Cminor.outcome_block +R73456 Cminor.Out_normal +R73425 Cminor.Out_normal +R73477 Cminor.exec_Sblock +R73477 Cminor.exec_Sblock +R73601 Mem.free_inject +R73601 Mem.free_inject +R73768 Mem.inject_incr_trans +R73768 Mem.inject_incr_trans +R73870 Coq.Init.Logic "x = y" type_scope +R73842 Mem.nextblock +R73853 Mem.free_list +R73872 Mem.nextblock +R73870 Coq.Init.Logic "x = y" type_scope +R73842 Mem.nextblock +R73853 Mem.free_list +R73872 Mem.nextblock +R73960 Mem.nextblock +R73960 Mem.nextblock +R73993 Cminorgenproof.match_callstack_freelist +R73993 Cminorgenproof.match_callstack_freelist +R74281 Cminorgenproof.exec_stmt_prop +R74315 Cminorgenproof.Out_normal +R74301 Cminorgenproof.Sexpr +R74245 Cminorgenproof.eval_expr_prop +R74260 Coq.Lists.List.nil +R74209 Cminorgenproof.eval_expr +R74224 Coq.Lists.List.nil +R74200 Values.val +R74190 Mem.mem +R74171 Cminorgenproof.expr +R74161 Mem.mem +R74149 Cminorgenproof.env +R74412 Mem.val_nil_inject +R74412 Mem.val_nil_inject +R74555 Cminor.Out_normal +R74555 Cminor.Out_normal +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R74986 Cminorgenproof.exec_stmt_prop +R75006 Cminorgenproof.Sifthenelse +R74945 Cminorgenproof.exec_stmtlist_prop +R74904 Cminorgenproof.exec_stmtlist +R74883 Values.is_true +R74846 Cminorgenproof.eval_expr_prop +R74861 Coq.Lists.List.nil +R74809 Cminorgenproof.eval_expr +R74824 Coq.Lists.List.nil +R74794 Cminorgenproof.outcome +R74777 Mem.mem +R74766 Values.val +R74755 Mem.mem +R74737 Cminorgenproof.stmtlist +R74737 Cminorgenproof.stmtlist +R74713 Cminorgenproof.expr +R74703 Mem.mem +R74691 Cminorgenproof.env +R75121 Mem.val_nil_inject +R75121 Mem.val_nil_inject +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R75422 Cmconstrproof.exec_ifthenelse_true +R75422 Cmconstrproof.exec_ifthenelse_true +R75536 Mem.inject_incr_trans +R75536 Mem.inject_incr_trans +R75924 Cminorgenproof.exec_stmt_prop +R75944 Cminorgenproof.Sifthenelse +R75883 Cminorgenproof.exec_stmtlist_prop +R75842 Cminorgenproof.exec_stmtlist +R75820 Values.is_false +R75783 Cminorgenproof.eval_expr_prop +R75798 Coq.Lists.List.nil +R75746 Cminorgenproof.eval_expr +R75761 Coq.Lists.List.nil +R75731 Cminorgenproof.outcome +R75714 Mem.mem +R75703 Values.val +R75692 Mem.mem +R75674 Cminorgenproof.stmtlist +R75674 Cminorgenproof.stmtlist +R75650 Cminorgenproof.expr +R75640 Mem.mem +R75628 Cminorgenproof.env +R76059 Mem.val_nil_inject +R76059 Mem.val_nil_inject +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R76360 Cmconstrproof.exec_ifthenelse_false +R76360 Cmconstrproof.exec_ifthenelse_false +R76475 Mem.inject_incr_trans +R76475 Mem.inject_incr_trans +R76824 Cminorgenproof.exec_stmt_prop +R76844 Cminorgenproof.Sloop +R76778 Cminorgenproof.exec_stmt_prop +R76799 Cminorgenproof.Sloop +R76732 Cminorgenproof.exec_stmt +R76753 Cminorgenproof.Sloop +R76684 Cminorgenproof.exec_stmtlist_prop +R76713 Cminorgenproof.Out_normal +R76636 Cminorgenproof.exec_stmtlist +R76665 Cminorgenproof.Out_normal +R76621 Cminorgenproof.outcome +R76609 Mem.mem +R76609 Mem.mem +R76583 Cminorgenproof.stmtlist +R76572 Mem.mem +R76560 Cminorgenproof.env +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R77229 Cminor.exec_Sloop_loop +R77229 Cminor.exec_Sloop_loop +R77301 Mem.inject_incr_trans +R77301 Mem.inject_incr_trans +R77564 Cminorgenproof.exec_stmt_prop +R77584 Cminorgenproof.Sloop +R77542 Coq.Init.Logic "x <> y" type_scope +R77545 Cminorgenproof.Out_normal +R77499 Cminorgenproof.exec_stmtlist_prop +R77460 Cminorgenproof.exec_stmtlist +R77445 Cminorgenproof.outcome +R77433 Mem.mem +R77410 Cminorgenproof.stmtlist +R77399 Mem.mem +R77387 Cminorgenproof.env +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R77846 Cminor.exec_Sloop_stop +R77846 Cminor.exec_Sloop_stop +R78124 Cminorgenproof.exec_stmt_prop +R78166 Cminorgenproof.outcome_block +R78144 Cminorgenproof.Sblock +R78085 Cminorgenproof.exec_stmtlist_prop +R78046 Cminorgenproof.exec_stmtlist +R78031 Cminorgenproof.outcome +R78019 Mem.mem +R77996 Cminorgenproof.stmtlist +R77985 Mem.mem +R77973 Cminorgenproof.env +R78394 Cminor.outcome_block +R78394 Cminor.outcome_block +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R78446 Cminor.exec_Sblock +R78446 Cminor.exec_Sblock +R78672 Cminorgenproof.exec_stmt_prop +R78706 Cminorgenproof.Out_exit +R78692 Cminorgenproof.Sexit +R78663 Coq.Init.Datatypes.nat +R78653 Mem.mem +R78641 Cminorgenproof.env +R78809 Cminor.Out_exit +R78809 Cminor.Out_exit +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R78953 Cminorgenproof.exec_stmt_prop +R78997 Cminorgenproof.Out_return +R79010 Coq.Init.Datatypes.None +R78973 Cminorgenproof.Sreturn +R78983 Coq.Init.Datatypes.None +R78944 Mem.mem +R78932 Cminorgenproof.env +R79105 Cminor.Out_return +R79116 Coq.Init.Datatypes.None +R79105 Cminor.Out_return +R79116 Coq.Init.Datatypes.None +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R79365 Cminorgenproof.exec_stmt_prop +R79414 Cminorgenproof.Out_return +R79428 Coq.Init.Datatypes.Some +R79385 Cminorgenproof.Sreturn +R79396 Coq.Init.Datatypes.Some +R79329 Cminorgenproof.eval_expr_prop +R79344 Coq.Lists.List.nil +R79293 Cminorgenproof.eval_expr +R79308 Coq.Lists.List.nil +R79284 Values.val +R79274 Mem.mem +R79255 Cminorgenproof.expr +R79245 Mem.mem +R79233 Cminorgenproof.env +R79520 Mem.val_nil_inject +R79520 Mem.val_nil_inject +R79662 Cminor.Out_return +R79674 Coq.Init.Datatypes.Some +R79662 Cminor.Out_return +R79674 Coq.Init.Datatypes.Some +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R79827 Cminorgenproof.exec_stmtlist_prop +R79859 Cminorgenproof.Out_normal +R79850 Cminorgenproof.Snil +R79818 Mem.mem +R79806 Cminorgenproof.env +R79960 Cminor.Out_normal +R79960 Cminor.Out_normal +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R80336 Cminorgenproof.exec_stmtlist_prop +R80360 Cminorgenproof.Scons +R80296 Cminorgenproof.exec_stmtlist_prop +R80256 Cminorgenproof.exec_stmtlist +R80213 Cminorgenproof.exec_stmt_prop +R80237 Cminorgenproof.Out_normal +R80170 Cminorgenproof.exec_stmt +R80194 Cminorgenproof.Out_normal +R80155 Cminorgenproof.outcome +R80143 Mem.mem +R80143 Mem.mem +R80122 Cminorgenproof.stmtlist +R80103 Cminorgenproof.stmt +R80093 Mem.mem +R80081 Cminorgenproof.env +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R80745 Cminor.exec_Scons_continue +R80745 Cminor.exec_Scons_continue +R80820 Mem.inject_incr_trans +R80820 Mem.inject_incr_trans +R81086 Cminorgenproof.exec_stmtlist_prop +R81110 Cminorgenproof.Scons +R81064 Coq.Init.Logic "x <> y" type_scope +R81067 Cminorgenproof.Out_normal +R81026 Cminorgenproof.exec_stmt_prop +R80992 Cminorgenproof.exec_stmt +R80977 Cminorgenproof.outcome +R80965 Mem.mem +R80947 Cminorgenproof.stmtlist +R80928 Cminorgenproof.stmt +R80918 Mem.mem +R80906 Cminorgenproof.env +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R81374 Cminor.exec_Scons_stop +R81374 Cminor.exec_Scons_stop +R81559 Cminorgenproof.eval_funcall_prop +R81516 Cminorgenproof.eval_funcall +R81606 Cminorplus.eval_funcall_ind5 +R82650 Cminorgenproof.transl_stmtlist_Scons_1_correct +R82613 Cminorgenproof.transl_stmtlist_Scons_2_correct +R82579 Cminorgenproof.transl_stmtlist_Snil_correct +R82541 Cminorgenproof.transl_stmt_Sreturn_some_correct +R82503 Cminorgenproof.transl_stmt_Sreturn_none_correct +R82472 Cminorgenproof.transl_stmt_Sexit_correct +R82440 Cminorgenproof.transl_stmt_Sblock_correct +R82404 Cminorgenproof.transl_stmt_Sloop_exit_correct +R82368 Cminorgenproof.transl_stmt_Sloop_loop_correct +R82325 Cminorgenproof.transl_stmt_Sifthenelse_false_correct +R82283 Cminorgenproof.transl_stmt_Sifthenelse_true_correct +R82252 Cminorgenproof.transl_stmt_Sexpr_correct +R82224 Cminorgenproof.transl_funcall_correct +R82189 Cminorgenproof.transl_exprlist_Econs_correct +R82155 Cminorgenproof.transl_exprlist_Enil_correct +R82122 Cminorgenproof.transl_expr_Eletvar_correct +R82092 Cminorgenproof.transl_expr_Elet_correct +R82050 Cminorgenproof.transl_expr_Econdition_false_correct +R82009 Cminorgenproof.transl_expr_Econdition_true_correct +R81978 Cminorgenproof.transl_expr_Ecall_correct +R81946 Cminorgenproof.transl_expr_Estore_correct +R81915 Cminorgenproof.transl_expr_Eload_correct +R81886 Cminorgenproof.transl_expr_Eop_correct +R81846 Cminorgenproof.transl_expr_Eaddrof_global_correct +R81807 Cminorgenproof.transl_expr_Eaddrof_local_correct +R81774 Cminorgenproof.transl_expr_Eassign_correct +R81744 Cminorgenproof.transl_expr_Evar_correct +R81719 Cminorgenproof.exec_stmtlist_prop +R81699 Cminorgenproof.exec_stmt_prop +R81676 Cminorgenproof.eval_funcall_prop +R81652 Cminorgenproof.eval_exprlist_prop +R81632 Cminorgenproof.eval_expr_prop +R82909 Cminorgenproof.match_globalenvs +R82858 Coqlib.zlt +R82867 Mem.nextblock +R82899 Coq.Init.Datatypes.None +R82883 Coq.Init.Datatypes.Some +R82887 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R82812 Globalenvs.init_mem +R82778 Globalenvs.init_mem +R83012 Coqlib.zlt_true +R83012 Coqlib.zlt_true +R83048 Globalenvs.find_symbol_inv +R83048 Globalenvs.find_symbol_inv +R83099 Cminorgenproof.symbols_preserved +R83099 Cminorgenproof.symbols_preserved +R83146 Coqlib.zlt_true +R83146 Coqlib.zlt_true +R83176 Mem.nextblock_pos +R83176 Mem.nextblock_pos +R83287 Cminor.exec_program +R83307 Values.Vint +R83253 Cminorgenproof.exec_program +R83274 Values.Vint +R83383 Cminorgenproof.function_ptr_translated +R83383 Cminorgenproof.function_ptr_translated +R83455 Globalenvs.init_mem +R83455 Globalenvs.init_mem +R83505 Coqlib.zlt +R83515 Mem.nextblock +R83547 Coq.Init.Datatypes.None +R83531 Coq.Init.Datatypes.Some +R83535 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R83505 Coqlib.zlt +R83515 Mem.nextblock +R83547 Coq.Init.Datatypes.None +R83531 Coq.Init.Datatypes.Some +R83535 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R83571 Mem.mem_inject +R83571 Mem.mem_inject +R83637 Coqlib.zlt_false +R83637 Coqlib.zlt_false +R83668 Coqlib.zlt +R83676 Mem.nextblock +R83668 Coqlib.zlt +R83676 Mem.nextblock +R83856 Globalenvs.initmem_undef +R83856 Globalenvs.initmem_undef +R83966 Coqlib.zlt +R83974 Mem.nextblock +R83966 Coqlib.zlt +R83974 Mem.nextblock +R84022 Coqlib.zlt +R84030 Mem.nextblock +R84022 Coqlib.zlt +R84030 Mem.nextblock +R84105 Cminorgenproof.match_callstack +R84146 Mem.nextblock +R84131 Mem.nextblock +R84123 Coq.Lists.List.nil +R84105 Cminorgenproof.match_callstack +R84146 Mem.nextblock +R84131 Mem.nextblock +R84123 Coq.Lists.List.nil +R84195 Cminorgenproof.match_globalenvs_init +R84195 Cminorgenproof.match_globalenvs_init +R84249 Cminorgenproof.transl_function_correct +R84352 Mem.val_nil_inject +R84249 Cminorgenproof.transl_function_correct +R84352 Mem.val_nil_inject +R84517 AST.prog_main +R84539 AST.prog_main +R84517 AST.prog_main +R84539 AST.prog_main +R84572 Cminorgenproof.symbols_preserved +R84572 Cminorgenproof.symbols_preserved +R84635 Cminorgen.transl_function +R84599 AST.transform_partial_program_main +R84635 Cminorgen.transl_function +R84599 AST.transform_partial_program_main +R84716 Cminorgenproof.sig_transl_function +R84716 Cminorgenproof.sig_transl_function +R84754 Globalenvs.init_mem_transf_partial +R84783 Cminorgen.transl_function +R84754 Globalenvs.init_mem_transf_partial +R84783 Cminorgen.transl_function +FRegisters +R130 Coq.NArith.BinPos.positive +R171 Coqlib.peq +R198 Maps.t +R205 AST.typ +R378 Coq.Init.Datatypes.None +R394 Coq.Init.Datatypes.Some +R404 Registers.get +R339 Registers.t +R313 Coq.Init.Datatypes.option +R320 Registers.reg +R509 Registers.t +R543 Coq.Init.Datatypes.None +R558 Coq.Init.Datatypes.Some +R568 Registers.set +R495 Registers.t +R471 Coq.Init.Datatypes.option +R478 Registers.reg +R615 Registers.get +R667 Coq.Lists.List.map +R686 Registers.get +R745 Registers.set +FRTL +R273 Coq.NArith.BinPos.positive +R324 RTL.node +R385 RTL.node +R378 Registers.reg +R366 Coq.Lists.List.list +R371 Registers.reg +R353 Op.operation +R465 RTL.node +R458 Registers.reg +R446 Coq.Lists.List.list +R451 Registers.reg +R432 Op.addressing +R416 AST.memory_chunk +R546 RTL.node +R539 Registers.reg +R527 Coq.Lists.List.list +R532 Registers.reg +R513 Op.addressing +R497 AST.memory_chunk +R624 RTL.node +R617 Registers.reg +R605 Coq.Lists.List.list +R610 Registers.reg +R594 Coq.Init.Datatypes "x + y" type_scope +R590 Registers.reg +R596 AST.ident +R577 AST.signature +R688 RTL.node +R680 RTL.node +R668 Coq.Lists.List.list +R673 Registers.reg +R655 Op.condition +R721 Coq.Init.Datatypes.option +R728 Registers.reg +R773 Maps.t +R781 RTL.instruction +R842 AST.signature +R866 Coq.Lists.List.list +R871 Registers.reg +R892 Coq.ZArith.BinInt.Z +R906 RTL.code +R929 RTL.node +R948 RTL.node +R1004 Coq.Init.Logic "A \/ B" type_scope +R987 Coqlib.Plt +R1018 Coq.Init.Logic "x = y" type_scope +R1014 Maps "a ! b" +R1020 Coq.Init.Datatypes.None +R980 RTL.node +R1051 AST.program +R1063 RTL.function +R1093 Globalenvs.t +R1100 RTL.function +R1131 Registers.t +R1140 Values.val +R1238 RTL.regset +R1214 Coq.Lists.List.list +R1219 Registers.reg +R1199 Coq.Lists.List.list +R1204 Values.val +R1275 Coq.Lists.List "x :: y" list_scope +R1285 Coq.Lists.List "x :: y" list_scope +R1294 Registers.set +R1341 Registers.init +R1353 Values.Vundef +R1214 Coq.Lists.List.list +R1219 Registers.reg +R1199 Coq.Lists.List.list +R1204 Values.val +R1398 RTL.genv +R1464 Coq.Init.Datatypes.option +R1471 RTL.function +R1504 Coq.Init.Datatypes.inl +R1513 Globalenvs.find_funct +R1534 Registers "a # b" +R1541 Coq.Init.Datatypes.inr +R1565 Globalenvs.find_symbol +R1603 Coq.Init.Datatypes.None +R1611 Coq.Init.Datatypes.None +R1624 Coq.Init.Datatypes.Some +R1634 Globalenvs.find_funct_ptr +R1454 RTL.regset +R1440 Coq.Init.Datatypes "x + y" type_scope +R1436 Registers.reg +R1442 AST.ident +R1801 Mem.mem +R1791 RTL.regset +R1783 RTL.node +R1754 Mem.mem +R1744 RTL.regset +R1736 RTL.node +R1707 Values.val +R1699 RTL.code +R3498 Mem.mem +R3488 RTL.regset +R3480 RTL.node +R3455 Mem.mem +R3445 RTL.regset +R3437 RTL.node +R3412 Values.val +R3404 RTL.code +R4032 Mem.mem +R4025 Values.val +R3986 Mem.mem +R3974 Coq.Lists.List.list +R3979 Values.val +R3962 RTL.function +R1873 Coq.Init.Logic "x = y" type_scope +R1869 Maps "a ! b" +R1875 Coq.Init.Datatypes.Some +R1880 RTL.Inop +R2125 Registers "a # b <- c" +R2074 Coq.Init.Logic "x = y" type_scope +R2041 Op.eval_operation +R2067 Registers "a ## b" +R2076 Coq.Init.Datatypes.Some +R2004 Coq.Init.Logic "x = y" type_scope +R2000 Maps "a ! b" +R2006 Coq.Init.Datatypes.Some +R2011 RTL.Iop +R2392 Registers "a # b <- c" +R2341 Coq.Init.Logic "x = y" type_scope +R2321 Mem.loadv +R2343 Coq.Init.Datatypes.Some +R2303 Coq.Init.Logic "x = y" type_scope +R2267 Op.eval_addressing +R2296 Registers "a ## b" +R2305 Coq.Init.Datatypes.Some +R2220 Coq.Init.Logic "x = y" type_scope +R2216 Maps "a ! b" +R2222 Coq.Init.Datatypes.Some +R2227 RTL.Iload +R2619 Coq.Init.Logic "x = y" type_scope +R2591 Mem.storev +R2614 Registers "a # b" +R2621 Coq.Init.Datatypes.Some +R2573 Coq.Init.Logic "x = y" type_scope +R2537 Op.eval_addressing +R2566 Registers "a ## b" +R2575 Coq.Init.Datatypes.Some +R2489 Coq.Init.Logic "x = y" type_scope +R2485 Maps "a ! b" +R2491 Coq.Init.Datatypes.Some +R2496 RTL.Istore +R2945 Registers "a # b <- c" +R2886 Registers "a ## b" +R2846 Coq.Init.Logic "x = y" type_scope +R2851 RTL.fn_sig +R2824 Coq.Init.Logic "x = y" type_scope +R2803 RTL.find_function +R2826 Coq.Init.Datatypes.Some +R2759 Coq.Init.Logic "x = y" type_scope +R2755 Maps "a ! b" +R2761 Coq.Init.Datatypes.Some +R2766 RTL.Icall +R3115 Coq.Init.Logic "x = y" type_scope +R3086 Op.eval_condition +R3108 Registers "a ## b" +R3117 Coq.Init.Datatypes.Some +R3122 Coq.Init.Datatypes.true +R3042 Coq.Init.Logic "x = y" type_scope +R3038 Maps "a ! b" +R3044 Coq.Init.Datatypes.Some +R3049 RTL.Icond +R3326 Coq.Init.Logic "x = y" type_scope +R3297 Op.eval_condition +R3319 Registers "a ## b" +R3328 Coq.Init.Datatypes.Some +R3333 Coq.Init.Datatypes.false +R3253 Coq.Init.Logic "x = y" type_scope +R3249 Maps "a ! b" +R3255 Coq.Init.Datatypes.Some +R3260 RTL.Icond +R4433 Mem.free +R4366 Coq.Init.Logic "x = y" type_scope +R4368 Registers.regmap_optget +R4385 Values.Vundef +R4333 Coq.Init.Logic "x = y" type_scope +R4329 Maps "a ! b" +R4321 RTL.fn_code +R4335 Coq.Init.Datatypes.Some +R4340 RTL.Ireturn +R4249 RTL.init_regs +R4267 RTL.fn_params +R4233 RTL.fn_entrypoint +R4193 Values.Vptr +R4202 Integers.zero +R4183 RTL.fn_code +R4147 Coq.Init.Logic "x = y" type_scope +R4116 Mem.alloc +R4133 RTL.fn_stacksize +R4149 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4805 RTL.exec_instrs +R4761 RTL.exec_instrs +R4718 RTL.exec_instr +R4869 RTL.exec_trans +R4869 RTL.exec_trans +R4887 RTL.exec_one +R4887 RTL.exec_one +R5091 RTL.exec_instr +R5070 Coq.Init.Logic "x = y" type_scope +R5075 Registers "a # b <- c" +R5052 Coq.Init.Logic "x = y" type_scope +R5019 Op.eval_operation +R5045 Registers "a ## b" +R5054 Coq.Init.Datatypes.Some +R4986 Coq.Init.Logic "x = y" type_scope +R4982 Maps "a ! b" +R4988 Coq.Init.Datatypes.Some +R4993 RTL.Iop +R5163 RTL.exec_Iop +R5163 RTL.exec_Iop +R5419 RTL.exec_instr +R5398 Coq.Init.Logic "x = y" type_scope +R5403 Registers "a # b <- c" +R5380 Coq.Init.Logic "x = y" type_scope +R5360 Mem.loadv +R5382 Coq.Init.Datatypes.Some +R5346 Coq.Init.Logic "x = y" type_scope +R5310 Op.eval_addressing +R5339 Registers "a ## b" +R5348 Coq.Init.Datatypes.Some +R5267 Coq.Init.Logic "x = y" type_scope +R5263 Maps "a ! b" +R5269 Coq.Init.Datatypes.Some +R5274 RTL.Iload +R5491 RTL.exec_Iload +R5491 RTL.exec_Iload +R5625 Coq.Init.Logic "x <> y" type_scope +R5621 Maps "a ! b" +R5628 Coq.Init.Datatypes.None +R5578 RTL.exec_instr +R5802 Coq.Init.Logic "x <> y" type_scope +R5798 Maps "a ! b" +R5805 Coq.Init.Datatypes.None +R5786 Coq.Init.Logic "x <> y" type_scope +R5781 Maps "a ! b" +R5789 Coq.Init.Datatypes.None +R5737 RTL.exec_instrs +R5858 RTL.exec_instr_present +R5858 RTL.exec_instr_present +R6034 Coq.Init.Logic "'exists' x , p" type_scope +R6044 Coq.Init.Logic "'exists' x , p" type_scope +R6054 Coq.Init.Logic "'exists' x , p" type_scope +R6109 Coq.Init.Logic "A /\ B" type_scope +R6100 Coq.Init.Logic "x = y" type_scope +R6066 Globalenvs.find_symbol +R6089 AST.prog_main +R6102 Coq.Init.Datatypes.Some +R6148 Coq.Init.Logic "A /\ B" type_scope +R6139 Coq.Init.Logic "x = y" type_scope +R6114 Globalenvs.find_funct_ptr +R6141 Coq.Init.Datatypes.Some +R6194 Coq.Init.Logic "A /\ B" type_scope +R6164 Coq.Init.Logic "x = y" type_scope +R6156 RTL.fn_sig +R6166 AST.mksignature +R6183 Coq.Init.Datatypes.Some +R6188 AST.Tint +R6178 Coq.Lists.List.nil +R6199 RTL.exec_function +R6218 Coq.Lists.List.nil +R6013 Globalenvs.init_mem +R5981 Globalenvs.globalenv +R5954 Values.val +R5941 RTL.program +R6322 Coq.Lists.List.list +R6327 RTL.node +R6354 Maps "a ! b" +R6346 RTL.fn_code +R6367 Coq.Init.Datatypes.None +R6375 Coq.Lists.List.nil +R6383 Coq.Init.Datatypes.Some +R6420 RTL.Inop +R6432 Coq.Lists.List "x :: y" list_scope +R6435 Coq.Lists.List.nil +R6447 RTL.Iop +R6470 Coq.Lists.List "x :: y" list_scope +R6473 Coq.Lists.List.nil +R6485 RTL.Iload +R6518 Coq.Lists.List "x :: y" list_scope +R6521 Coq.Lists.List.nil +R6533 RTL.Istore +R6567 Coq.Lists.List "x :: y" list_scope +R6570 Coq.Lists.List.nil +R6582 RTL.Icall +R6612 Coq.Lists.List "x :: y" list_scope +R6615 Coq.Lists.List.nil +R6627 RTL.Icond +R6662 Coq.Lists.List "x :: y" list_scope +R6671 Coq.Lists.List "x :: y" list_scope +R6674 Coq.Lists.List.nil +R6686 RTL.Ireturn +R6704 Coq.Lists.List.nil +R6314 RTL.node +R6299 RTL.function +R6844 Coq.Lists.List.In +R6852 RTL.successors +R6791 RTL.exec_instr +R6808 RTL.fn_code +R6923 RTL.fn_code +R6923 RTL.fn_code +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R7087 RTL.instruction +R7072 RTL.instruction +R7064 RTL.node +R7249 Coq.Init.Logic "A \/ B" type_scope +R7235 Coqlib.Plt +R7276 Coq.Init.Logic "x = y" type_scope +R7271 Maps "a ! b" +R7253 Maps.map +R7278 Coq.Init.Datatypes.None +R7228 RTL.node +R7194 Coq.Init.Logic "A \/ B" type_scope +R7180 Coqlib.Plt +R7202 Coq.Init.Logic "x = y" type_scope +R7198 Maps "a ! b" +R7204 Coq.Init.Datatypes.None +R7173 RTL.node +R7151 RTL.node +R7136 RTL.code +R7359 Maps.gmap +R7359 Maps.gmap +R7445 RTL.function +R7459 RTL.mkfunction +R7604 RTL.transf_code_wf +R7648 RTL.fn_code_wf +R7634 RTL.fn_nextpc +R7622 RTL.fn_code +R7588 RTL.fn_nextpc +R7566 RTL.fn_entrypoint +R7529 Maps.map +R7549 RTL.fn_code +R7510 RTL.fn_stacksize +R7492 RTL.fn_params +R7477 RTL.fn_sig +R7433 RTL.function +FRTLgen +R313 Coq.Lists.List.list +R318 AST.ident +R305 Cminor.expr +R792 Coq.Lists.List.list +R797 AST.ident +R780 Cminor.condexpr +R1039 Coq.Lists.List.list +R1044 AST.ident +R1027 Cminor.exprlist +R346 Cminor.Evar +R357 Coq.Lists.List.nil +R365 Cminor.Eassign +R384 Coq.Lists.List "x :: y" list_scope +R406 Cminor.Eop +R443 Cminor.Eload +R483 Cminor.Estore +R522 Coq.Lists.List "x ++ y" list_scope +R544 Cminor.Ecall +R575 Coq.Lists.List "x ++ y" list_scope +R602 Cminor.Econdition +R641 Coq.Lists.List "x ++ y" list_scope +R659 Coq.Lists.List "x ++ y" list_scope +R681 Cminor.Elet +R708 Coq.Lists.List "x ++ y" list_scope +R730 Cminor.Eletvar +R743 Coq.Lists.List.nil +R305 Cminor.expr +R825 Cminor.CEtrue +R835 Coq.Lists.List.nil +R843 Cminor.CEfalse +R854 Coq.Lists.List.nil +R862 Cminor.CEcond +R904 Cminor.CEcondition +R950 Coq.Lists.List "x ++ y" list_scope +R972 Coq.Lists.List "x ++ y" list_scope +R780 Cminor.condexpr +R1072 Cminor.Enil +R1080 Coq.Lists.List.nil +R1088 Cminor.Econs +R1117 Coq.Lists.List "x ++ y" list_scope +R1027 Cminor.exprlist +R1234 Maps.t +R1242 Registers.reg +R1262 Coq.Lists.List.list +R1267 Registers.reg +R1320 Coq.NArith.BinPos.positive +R1345 Coq.NArith.BinPos.positive +R1366 RTL.code +R1423 Coq.Init.Logic "A \/ B" type_scope +R1404 Coqlib.Plt +R1437 Coq.Init.Logic "x = y" type_scope +R1433 Maps "a ! b" +R1439 Coq.Init.Datatypes.None +R1393 Coq.NArith.BinPos.positive +R1570 RTLgen.state +R1629 RTLgen.res +R1620 RTLgen.state +R1670 RTLgen.mon +R1697 RTLgen.OK +R1687 RTLgen.state +R1734 RTLgen.mon +R1761 RTLgen.Error +R1751 RTLgen.state +R1827 RTLgen.mon +R1881 RTLgen.Error +R1890 RTLgen.Error +R1904 RTLgen.OK +R1846 RTLgen.state +R1818 RTLgen.mon +R1802 RTLgen.mon +R2002 RTLgen.mon +R2013 RTLgen.bind +R2043 Coq.Init.Datatypes.snd +R2034 Coq.Init.Datatypes.fst +R1993 RTLgen.mon +R1966 RTLgen.mon +R1973 Coq.Init.Datatypes "x * y" type_scope +R2085 RTLgen.bind +R2205 RTLgen.bind2 +R2384 Coq.Init.Logic "A \/ B" type_scope +R2366 Coqlib.Plt +R2416 Coq.Init.Logic "x = y" type_scope +R2411 Maps "a ! b" +R2388 Maps.empty +R2400 RTL.instruction +R2418 Coq.Init.Datatypes.None +R2452 Maps.gempty +R2452 Maps.gempty +R2496 RTLgen.state +R2507 RTLgen.mkstate +R2563 RTLgen.init_state_wf +R2538 Maps.empty +R2550 RTL.instruction +R2665 Coq.Init.Logic "A \/ B" type_scope +R2648 Coqlib.Plt +R2656 Coq.NArith.BinPos.Psucc +R2699 Coq.Init.Logic "x = y" type_scope +R2694 Maps "a ! b" +R2669 Maps.set +R2686 RTLgen.st_code +R2701 Coq.Init.Datatypes.None +R2630 RTLgen.st_nextnode +R2730 Coqlib.peq +R2730 Coqlib.peq +R2772 Coqlib.Plt_succ +R2772 Coqlib.Plt_succ +R2792 Maps.gso +R2792 Maps.gso +R2817 RTLgen.st_wf +R2817 RTLgen.st_wf +R2851 Coqlib.Plt_trans_succ +R2851 Coqlib.Plt_trans_succ +R2943 RTLgen.mon +R2947 RTL.node +R3002 RTLgen.OK +R3015 RTLgen.mkstate +R3125 RTLgen.add_instr_wf +R3081 Maps.set +R3098 RTLgen.st_code +R3055 Coq.NArith.BinPos.Psucc +R3026 RTLgen.st_nextreg +R2982 RTLgen.st_nextnode +R2928 RTL.instruction +R3218 Coq.Init.Logic "A \/ B" type_scope +R3187 Coqlib.Plt +R3195 Coq.NArith.BinPos.Psucc +R3204 RTLgen.st_nextnode +R3236 Coq.Init.Logic "x = y" type_scope +R3232 Maps "a ! b" +R3224 RTLgen.st_code +R3238 Coq.Init.Datatypes.None +R3267 RTLgen.st_wf +R3267 RTLgen.st_wf +R3301 Coqlib.Plt_trans_succ +R3301 Coqlib.Plt_trans_succ +R3371 RTLgen.mon +R3375 RTL.node +R3430 RTLgen.OK +R3436 RTLgen.mkstate +R3500 RTLgen.reserve_instr_wf +R3472 RTLgen.st_code +R3460 Coq.NArith.BinPos.Psucc +R3447 RTLgen.st_nextreg +R3410 RTLgen.st_nextnode +R3627 Coq.Init.Logic "A \/ B" type_scope +R3604 Coqlib.Plt +R3614 RTLgen.st_nextnode +R3661 Coq.Init.Logic "x = y" type_scope +R3656 Maps "a ! b" +R3631 Maps.set +R3648 RTLgen.st_code +R3663 Coq.Init.Datatypes.None +R3564 Coqlib.Plt +R3573 RTLgen.st_nextnode +R3694 Coqlib.peq +R3694 Coqlib.peq +R3752 Maps.gso +R3752 Maps.gso +R3776 RTLgen.st_wf +R3776 RTLgen.st_wf +R3848 RTLgen.mon +R3852 Coq.Init.Datatypes.unit +R3881 Coqlib.plt +R3890 RTLgen.st_nextnode +R3914 Coq.Init.Specif.left +R3934 RTLgen.OK +R3941 RTLgen.mkstate +R4056 RTLgen.update_instr_wf +R4004 Maps.set +R4021 RTLgen.st_code +R3967 RTLgen.st_nextnode +R3952 RTLgen.st_nextreg +R3937 Coq.Init.Datatypes.tt +R4090 Coq.Init.Specif.right +R4109 RTLgen.Error +R4115 Coq.Init.Datatypes.unit +R3833 RTL.instruction +R3823 RTL.node +R4151 RTLgen.mon +R4155 Registers.reg +R4177 RTLgen.OK +R4203 RTLgen.mkstate +R4281 RTLgen.st_wf +R4269 RTLgen.st_code +R4253 RTLgen.st_nextnode +R4212 Coq.NArith.BinPos.Psucc +R4221 RTLgen.st_nextreg +R4183 RTLgen.st_nextreg +R4353 RTLgen.mapping +R4366 RTLgen.mkmapping +R4394 Coq.Lists.List.nil +R4377 Maps.empty +R4389 Registers.reg +R4450 RTLgen.mon +R4459 Coq.Init.Datatypes "x * y" type_scope +R4455 Registers.reg +R4461 RTLgen.mapping +R4475 RTLgen "'do' X <- A ; B" +R4483 RTLgen.new_reg +R4497 RTLgen.ret +R4501 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4505 RTLgen.mkmapping +R4577 RTLgen.map_letvars +R4516 Maps.set +R4538 RTLgen.map_vars +R4441 AST.ident +R4425 RTLgen.mapping +R4682 RTLgen.mon +R4696 Coq.Init.Datatypes "x * y" type_scope +R4687 Coq.Lists.List.list +R4692 Registers.reg +R4698 RTLgen.mapping +R4634 Coq.Lists.List.list +R4639 AST.ident +R4617 RTLgen.mapping +R4733 Coq.Lists.List.nil +R4740 RTLgen.ret +R4744 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4745 Coq.Lists.List.nil +R4762 Coq.Lists.List "x :: y" list_scope +R4777 RTLgen "'do' ( X , Y ) <- A ; B" +R4817 RTLgen "'do' ( X , Y ) <- A ; B" +R4834 RTLgen.add_var +R4857 RTLgen.ret +R4861 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4865 Coq.Lists.List "x :: y" list_scope +R4634 Coq.Lists.List.list +R4639 AST.ident +R4617 RTLgen.mapping +R4937 RTLgen.mon +R4941 Registers.reg +R4956 Maps.get +R4976 RTLgen.map_vars +R4995 Coq.Init.Datatypes.None +R5003 RTLgen.error +R5009 Registers.reg +R5017 Coq.Init.Datatypes.Some +R5027 RTLgen.ret +R4928 AST.ident +R4912 RTLgen.mapping +R5089 RTLgen.mapping +R5102 RTLgen.mkmapping +R5130 Coq.Lists.List "x :: y" list_scope +R5138 RTLgen.map_letvars +R5117 RTLgen.map_vars +R5082 Registers.reg +R5069 RTLgen.mapping +R5205 RTLgen.mon +R5209 Registers.reg +R5224 Coq.Lists.List.nth_error +R5244 RTLgen.map_letvars +R5270 Coq.Init.Datatypes.None +R5278 RTLgen.error +R5284 Registers.reg +R5292 Coq.Init.Datatypes.Some +R5302 RTLgen.ret +R5198 Coq.Init.Datatypes.nat +R5183 RTLgen.mapping +R5426 RTLgen.mon +R5430 Registers.reg +R5456 Cminor.Evar +R5476 Coq.Lists.List.In_dec +R5483 AST.ident_eq +R5529 RTLgen.find_var +R5510 RTLgen.new_reg +R5549 Cminor.Eletvar +R5568 RTLgen.find_letvar +R5601 RTLgen.new_reg +R5418 Cminor.expr +R5402 Coq.Lists.List.list +R5407 AST.ident +R5387 RTLgen.mapping +R5717 RTLgen.mon +R5722 Coq.Lists.List.list +R5727 Registers.reg +R5674 Cminor.exprlist +R5657 Coq.Lists.List.list +R5662 AST.ident +R5643 RTLgen.mapping +R5755 Cminor.Enil +R5769 RTLgen.ret +R5773 Coq.Lists.List.nil +R5781 Cminor.Econs +R5801 RTLgen "'do' X <- A ; B" +R5839 RTLgen "'do' X <- A ; B" +R5848 RTLgen.alloc_reg +R5875 RTLgen.ret +R5882 Coq.Lists.List "x :: y" list_scope +R5674 Cminor.exprlist +R5657 Coq.Lists.List.list +R5662 AST.ident +R5643 RTLgen.mapping +R6021 RTLgen.mon +R6025 RTL.node +R6038 Registers.eq +R6072 RTLgen.add_instr +R6083 RTL.Iop +R6096 Coq.Lists.List "x :: y" list_scope +R6098 Coq.Lists.List.nil +R6087 Op.Omove +R6058 RTLgen.ret +R6013 RTL.node +R6003 Registers.reg +R6003 Registers.reg +R6287 RTLgen.mon +R6291 RTL.node +R6248 RTL.node +R6238 Registers.reg +R6227 Cminor.expr +R6190 Coq.Lists.List.list +R6195 AST.ident +R6175 RTLgen.mapping +R7769 RTLgen.mon +R7773 RTL.node +R7729 RTL.node +R7729 RTL.node +R7704 Cminor.condexpr +R7666 Coq.Lists.List.list +R7671 AST.ident +R7651 RTLgen.mapping +R8353 RTLgen.mon +R8357 RTL.node +R8312 RTL.node +R8297 Coq.Lists.List.list +R8302 Registers.reg +R8282 Cminor.exprlist +R8243 Coq.Lists.List.list +R8248 AST.ident +R8228 RTLgen.mapping +R6318 Cminor.Evar +R6334 RTLgen "'do' X <- A ; B" +R6342 RTLgen.find_var +R6358 RTLgen.add_move +R6379 Cminor.Eassign +R6400 RTLgen "'do' X <- A ; B" +R6408 RTLgen.find_var +R6430 RTLgen "'do' X <- A ; B" +R6439 RTLgen.add_move +R6489 Cminor.Eop +R6508 RTLgen "'do' X <- A ; B" +R6517 RTLgen.alloc_regs +R6546 RTLgen "'do' X <- A ; B" +R6555 RTLgen.add_instr +R6566 RTL.Iop +R6630 Cminor.Eload +R6659 RTLgen "'do' X <- A ; B" +R6668 RTLgen.alloc_regs +R6697 RTLgen "'do' X <- A ; B" +R6706 RTLgen.add_instr +R6717 RTL.Iload +R6791 Cminor.Estore +R6823 RTLgen "'do' X <- A ; B" +R6832 RTLgen.alloc_regs +R6861 RTLgen "'do' X <- A ; B" +R6870 RTLgen.add_instr +R6881 RTL.Istore +R6916 RTLgen "'do' X <- A ; B" +R7000 Cminor.Ecall +R7024 RTLgen "'do' X <- A ; B" +R7033 RTLgen.alloc_reg +R7060 RTLgen "'do' X <- A ; B" +R7072 RTLgen.alloc_regs +R7101 RTLgen "'do' X <- A ; B" +R7110 RTLgen.add_instr +R7121 RTL.Icall +R7132 Coq.Init.Datatypes.inl +R7162 RTLgen "'do' X <- A ; B" +R7249 Cminor.Econdition +R7275 RTLgen "'do' X <- A ; B" +R7323 RTLgen "'do' X <- A ; B" +R7418 Cminor.Elet +R7436 RTLgen "'do' X <- A ; B" +R7445 RTLgen.new_reg +R7460 RTLgen "'do' X <- A ; B" +R7482 RTLgen.add_letvar +R7553 Cminor.Eletvar +R7572 RTLgen "'do' X <- A ; B" +R7580 RTLgen.find_letvar +R7599 RTLgen.add_move +R6248 RTL.node +R6238 Registers.reg +R6227 Cminor.expr +R6190 Coq.Lists.List.list +R6195 AST.ident +R6175 RTLgen.mapping +R7800 Cminor.CEtrue +R7816 RTLgen.ret +R7830 Cminor.CEfalse +R7847 RTLgen.ret +R7862 Cminor.CEcond +R7886 RTLgen "'do' X <- A ; B" +R7895 RTLgen.alloc_regs +R7924 RTLgen "'do' X <- A ; B" +R7933 RTLgen.add_instr +R7944 RTL.Icond +R8019 Cminor.CEcondition +R8046 RTLgen "'do' X <- A ; B" +R8102 RTLgen "'do' X <- A ; B" +R7729 RTL.node +R7729 RTL.node +R7704 Cminor.condexpr +R7666 Coq.Lists.List.list +R7671 AST.ident +R7651 RTLgen.mapping +R8389 Cminor.Enil +R8395 Coq.Lists.List.nil +R8408 RTLgen.ret +R8419 Cminor.Econs +R8433 Coq.Lists.List "x :: y" list_scope +R8448 RTLgen "'do' X <- A ; B" +R8536 RTLgen.error +R8542 RTL.node +R8312 RTL.node +R8297 Coq.Lists.List.list +R8302 Registers.reg +R8282 Cminor.exprlist +R8243 Coq.Lists.List.list +R8248 AST.ident +R8228 RTLgen.mapping +R8673 Coq.Init.Datatypes.bool +R8661 Cminor.stmtlist +R8649 Cminor.stmtlist +R8637 Cminor.condexpr +R8877 RTLgen.mon +R8881 RTL.node +R8831 Coq.Init.Datatypes.option +R8838 Registers.reg +R8818 RTL.node +R8800 Coq.Lists.List.list +R8805 RTL.node +R8764 RTL.node +R8753 Cminor.stmt +R8740 RTLgen.mapping +R10250 RTLgen.mon +R10254 RTL.node +R10206 Coq.Init.Datatypes.option +R10213 Registers.reg +R10193 RTL.node +R10175 Coq.Lists.List.list +R10180 RTL.node +R10142 RTL.node +R10127 Cminor.stmtlist +R10113 RTLgen.mapping +R8908 Cminor.Sexpr +R8960 RTLgen "'do' X <- A ; B" +R8968 RTLgen.alloc_reg +R8989 RTLgen.transl_expr +R8936 RTLgen.mutated_expr +R9020 Cminor.Sifthenelse +R9099 RTLgen.more_likely +R9337 RTLgen "'do' X <- A ; B" +R9406 RTLgen "'do' X <- A ; B" +R9475 RTLgen.transl_condition +R9139 RTLgen "'do' X <- A ; B" +R9208 RTLgen "'do' X <- A ; B" +R9277 RTLgen.transl_condition +R9067 RTLgen.mutated_condexpr +R9520 Cminor.Sloop +R9541 RTLgen "'do' X <- A ; B" +R9553 RTLgen.reserve_instr +R9574 RTLgen "'do' X <- A ; B" +R9642 RTLgen "'do' X <- A ; B" +R9650 RTLgen.update_instr +R9670 RTL.Inop +R9689 RTLgen.ret +R9703 Cminor.Sblock +R9758 Coq.Lists.List "x :: y" list_scope +R9783 Cminor.Sexit +R9806 Coq.Lists.List.nth_error +R9838 Coq.Init.Datatypes.None +R9846 RTLgen.error +R9852 RTL.node +R9865 Coq.Init.Datatypes.Some +R9876 RTLgen.ret +R9897 Cminor.Sreturn +R9951 Coq.Init.Datatypes.None +R9957 Coq.Init.Datatypes.None +R9965 RTLgen.ret +R9982 Coq.Init.Datatypes.Some +R9990 Coq.Init.Datatypes.Some +R10000 RTLgen.transl_expr +R10017 RTLgen.mutated_expr +R10058 RTLgen.error +R10064 RTL.node +R8831 Coq.Init.Datatypes.option +R8838 Registers.reg +R8818 RTL.node +R8800 Coq.Lists.List.list +R8805 RTL.node +R8764 RTL.node +R8753 Cminor.stmt +R8740 RTLgen.mapping +R10282 Cminor.Snil +R10290 RTLgen.ret +R10301 Cminor.Scons +R10322 RTLgen "'do' X <- A ; B" +R10206 Coq.Init.Datatypes.option +R10213 Registers.reg +R10193 RTL.node +R10175 Coq.Lists.List.list +R10180 RTL.node +R10142 RTL.node +R10127 Cminor.stmtlist +R10113 RTLgen.mapping +R10509 Coq.Init.Datatypes.option +R10516 Registers.reg +R10536 AST.sig_res +R10554 Coq.Init.Datatypes.None +R10562 Coq.Init.Datatypes.None +R10571 Coq.Init.Datatypes.Some +R10582 Coq.Init.Datatypes.Some +R10502 Registers.reg +R10486 AST.signature +R10643 RTLgen.mon +R10653 Coq.Init.Datatypes "x * y" type_scope +R10648 RTL.node +R10655 Coq.Lists.List.list +R10660 Registers.reg +R10670 RTLgen "'do' ( X , Y ) <- A ; B" +R10692 RTLgen.add_vars +R10717 Cminor.fn_params +R10701 RTLgen.init_mapping +R10738 RTLgen "'do' ( X , Y ) <- A ; B" +R10758 RTLgen.add_vars +R10775 Cminor.fn_vars +R10794 RTLgen "'do' X <- A ; B" +R10805 RTLgen.new_reg +R10865 RTLgen "'do' X <- A ; B" +R10876 RTLgen.add_instr +R10887 RTL.Ireturn +R10905 RTLgen "'do' X <- A ; B" +R10918 RTLgen.transl_stmtlist +R10963 Coq.Lists.List.nil +R10942 Cminor.fn_body +R10981 RTLgen.ret +R10985 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10829 RTLgen.ret_reg +R10840 Cminor.fn_sig +R10624 Cminor.function +R11055 Coq.Init.Datatypes.option +R11062 RTL.function +R11086 RTLgen.transl_fun +R11099 RTLgen.init_state +R11119 RTLgen.Error +R11128 Coq.Init.Datatypes.None +R11137 RTLgen.OK +R11140 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R11169 Coq.Init.Datatypes.Some +R11175 RTL.mkfunction +R11335 RTLgen.st_wf +R11311 RTLgen.st_nextnode +R11276 RTLgen.st_code +R11243 Cminor.fn_stackspace +R11201 Cminor.fn_sig +R11036 Cminor.function +R11399 Coq.Init.Datatypes.option +R11406 RTL.program +R11423 AST.transform_partial_program +R11449 RTLgen.transl_function +R11381 Cminor.program +FRTLgenproof1 +R469 Coq.Init.Logic "x = y" type_scope +R455 RTLgen.bind +R471 RTLgen.OK +R794 Coq.Init.Logic "x = y" type_scope +R779 RTLgen.bind2 +R796 RTLgen.OK +R1261 Coq.Init.Logic "x = y" type_scope +R1251 RTLgen.error +R1263 RTLgen.OK +R1331 Coq.Init.Logic "x = y" type_scope +R1323 RTLgen.ret +R1333 RTLgen.OK +R1399 Coq.Init.Logic "x = y" type_scope +R1391 RTLgen.Error +R1401 RTLgen.OK +R1462 Coq.Init.Logic "x = y" type_scope +R1455 RTLgen.OK +R1464 RTLgen.OK +R878 Coq.Init.Logic.refl_equal +R534 Coq.Init.Logic.refl_equal +R1631 Coq.Init.Logic "x = y" type_scope +R1617 RTLgen.bind +R1633 RTLgen.OK +R1691 Coq.Init.Logic "x = y" type_scope +R1676 RTLgen.bind2 +R1693 RTLgen.OK +R1746 Coq.Init.Logic "x = y" type_scope +R1736 RTLgen.error +R1748 RTLgen.OK +R1796 Coq.Init.Logic "x = y" type_scope +R1788 RTLgen.ret +R1798 RTLgen.OK +R1846 Coq.Init.Logic "x = y" type_scope +R1838 RTLgen.Error +R1848 RTLgen.OK +R1895 Coq.Init.Logic "x = y" type_scope +R1888 RTLgen.OK +R1897 RTLgen.OK +R1954 Coq.Init.Logic "x = y" type_scope +R1956 RTLgen.OK +R2021 Coq.Init.Logic "x = y" type_scope +R2023 RTLgen.OK +R2086 Coq.Init.Logic "x = y" type_scope +R2088 RTLgen.OK +R2149 Coq.Init.Logic "x = y" type_scope +R2151 RTLgen.OK +R2210 Coq.Init.Logic "x = y" type_scope +R2212 RTLgen.OK +R2269 Coq.Init.Logic "x = y" type_scope +R2271 RTLgen.OK +R2326 Coq.Init.Logic "x = y" type_scope +R2328 RTLgen.OK +R2485 RTLgen.state +R2476 RTLgen.state +R2696 Coq.Init.Logic "x = y" type_scope +R2692 Maps "a ! b" +R2684 RTLgen.st_code +R2710 Maps "a ! b" +R2702 RTLgen.st_code +R2653 Coqlib.Plt +R2664 RTLgen.st_nextnode +R2598 Coqlib.Ple +R2622 RTLgen.st_nextreg +R2606 RTLgen.st_nextreg +R2553 Coqlib.Ple +R2578 RTLgen.st_nextnode +R2561 RTLgen.st_nextnode +R2541 RTLgen.state +R2541 RTLgen.state +R2776 RTLgenproof1.state_incr +R2815 RTLgenproof1.state_incr_intro +R2815 RTLgenproof1.state_incr_intro +R2841 Coqlib.Ple_refl +R2841 Coqlib.Ple_refl +R2857 Coqlib.Ple_refl +R2857 Coqlib.Ple_refl +R2899 RTLgenproof1.state_incr_refl +R3006 RTLgenproof1.state_incr +R2986 RTLgenproof1.state_incr +R2966 RTLgenproof1.state_incr +R3074 RTLgenproof1.state_incr_intro +R3074 RTLgenproof1.state_incr_intro +R3116 RTLgen.st_nextnode +R3100 Coqlib.Ple_trans +R3116 RTLgen.st_nextnode +R3100 Coqlib.Ple_trans +R3170 RTLgen.st_nextreg +R3154 Coqlib.Ple_trans +R3170 RTLgen.st_nextreg +R3154 Coqlib.Ple_trans +R3234 Maps "a ! b" +R3226 RTLgen.st_code +R3234 Maps "a ! b" +R3226 RTLgen.st_code +R3281 RTLgen.st_nextnode +R3258 Coqlib.Plt_Ple_trans +R3281 RTLgen.st_nextnode +R3258 Coqlib.Plt_Ple_trans +R3337 RTLgenproof1.state_incr_trans +R3473 RTLgenproof1.state_incr +R3451 RTLgenproof1.state_incr +R3431 RTLgenproof1.state_incr +R3411 RTLgenproof1.state_incr +R3665 RTLgenproof1.state_incr +R3643 RTLgenproof1.state_incr +R3623 RTLgenproof1.state_incr +R3603 RTLgenproof1.state_incr +R3583 RTLgenproof1.state_incr +R3882 RTLgenproof1.state_incr +R3860 RTLgenproof1.state_incr +R3840 RTLgenproof1.state_incr +R3818 RTLgenproof1.state_incr +R3798 RTLgenproof1.state_incr +R3778 RTLgenproof1.state_incr +R4122 RTLgenproof1.state_incr +R4100 RTLgenproof1.state_incr +R4080 RTLgenproof1.state_incr +R4060 RTLgenproof1.state_incr +R4038 RTLgenproof1.state_incr +R4018 RTLgenproof1.state_incr +R3998 RTLgenproof1.state_incr +R4387 RTLgenproof1.state_incr +R4367 RTLgenproof1.state_incr +R4345 RTLgenproof1.state_incr +R4325 RTLgenproof1.state_incr +R4305 RTLgenproof1.state_incr +R4283 RTLgenproof1.state_incr +R4263 RTLgenproof1.state_incr +R4243 RTLgenproof1.state_incr +R4534 Coq.Init.Logic "A \/ B" type_scope +R4527 Coq.Init.Logic "x = y" type_scope +R4523 Maps "a ! b" +R4515 RTLgen.st_code +R4529 Coq.Init.Datatypes.None +R4553 Coq.Init.Logic "x = y" type_scope +R4549 Maps "a ! b" +R4541 RTLgen.st_code +R4567 Maps "a ! b" +R4559 RTLgen.st_code +R4480 RTLgen.state +R4480 RTLgen.state +R4637 RTLgenproof1.state_extends +R4617 RTLgenproof1.state_incr +R4721 Coqlib.plt +R4732 RTLgen.st_nextnode +R4721 Coqlib.plt +R4732 RTLgen.st_nextnode +R4797 RTLgen.st_wf +R4797 RTLgen.st_wf +R4855 RTLgenproof1.state_incr_extends +R4921 RTLgen.state +R4944 RTLgenproof1.state_extends +R5078 Coq.Init.Logic "x <> y" type_scope +R5074 Maps "a ! b" +R5081 Coq.Init.Datatypes.None +R5032 RTL.exec_instr +R5271 Coq.Init.Logic "x = y" type_scope +R5267 Maps "a ! b" +R5259 RTLgen.st_code +R5285 Maps "a ! b" +R5277 RTLgen.st_code +R5201 RTL.exec_instr +R5219 RTLgen.st_code +R5339 RTLgenproof1.exec_instr_not_halt +R5339 RTLgenproof1.exec_instr_not_halt +R5547 RTL.exec_instr +R5534 Coq.Init.Logic "x = y" type_scope +R5530 Maps "a ! b" +R5538 Maps "a ! b" +R5473 RTL.exec_instr +R5627 RTL.exec_Inop +R5627 RTL.exec_Inop +R5658 RTL.exec_Iop +R5658 RTL.exec_Iop +R5707 RTL.exec_Iload +R5707 RTL.exec_Iload +R5774 RTL.exec_Istore +R5774 RTL.exec_Istore +R5850 RTL.exec_Icall +R5850 RTL.exec_Icall +R5908 RTL.exec_Icond_true +R5908 RTL.exec_Icond_true +R5972 RTL.exec_Icond_false +R5972 RTL.exec_Icond_false +R6151 RTL.exec_instr +R6169 RTLgen.st_code +R6097 RTL.exec_instr +R6115 RTLgen.st_code +R6255 RTLgen.st_code +R6226 RTLgenproof1.exec_instr_extends_rec +R6255 RTLgen.st_code +R6226 RTLgenproof1.exec_instr_extends_rec +R6301 RTLgenproof1.exec_instr_in_s2 +R6301 RTLgenproof1.exec_instr_in_s2 +R6473 RTL.exec_instrs +R6492 RTLgen.st_code +R6453 Coq.Init.Logic "x = y" type_scope +R6459 RTLgen.st_code +R6405 RTL.exec_instrs +R6564 RTL.exec_refl +R6564 RTL.exec_refl +R6583 RTL.exec_one +R6583 RTL.exec_one +R6599 RTLgenproof1.exec_instr_extends +R6599 RTLgenproof1.exec_instr_extends +R6654 RTL.exec_trans +R6654 RTL.exec_trans +R6815 RTL.exec_instrs +R6834 RTLgen.st_code +R6758 RTL.exec_instrs +R6777 RTLgen.st_code +R6923 RTLgen.st_code +R6893 RTLgenproof1.exec_instrs_extends_rec +R6923 RTLgen.st_code +R6893 RTLgenproof1.exec_instrs_extends_rec +R7015 RTLgen.state +R7039 RTLgenproof1.state_incr +R7174 RTL.exec_instr +R7192 RTLgen.st_code +R7118 RTL.exec_instr +R7136 RTLgen.st_code +R7251 RTLgenproof1.exec_instr_extends +R7251 RTLgenproof1.exec_instr_extends +R7287 RTLgenproof1.state_incr_extends +R7287 RTLgenproof1.state_incr_extends +R7445 RTL.exec_instrs +R7464 RTLgen.st_code +R7388 RTL.exec_instrs +R7407 RTLgen.st_code +R7523 RTLgenproof1.exec_instrs_extends +R7523 RTLgenproof1.exec_instrs_extends +R7560 RTLgenproof1.state_incr_extends +R7560 RTLgenproof1.state_incr_extends +R7707 Coqlib.Plt +R7716 RTLgen.st_nextreg +R7687 RTLgen.state +R7678 Registers.reg +R7783 Coq.Init.Logic "~ x" type_scope +R7785 Coqlib.Plt +R7794 RTLgen.st_nextreg +R7764 RTLgen.state +R7755 Registers.reg +R7887 Coq.Init.Logic.False +R7870 RTLgenproof1.reg_fresh +R7851 RTLgenproof1.reg_bounded +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R7979 RTLgenproof1.bounded_fresh_absurd +R8098 Coq.Init.Logic "x <> y" type_scope +R8077 RTLgenproof1.reg_fresh +R8057 RTLgenproof1.reg_bounded +R8179 RTLgenproof1.bounded_fresh_different +R8294 RTLgenproof1.reg_bounded +R8274 RTLgenproof1.reg_bounded +R8254 RTLgenproof1.state_incr +R8416 RTLgen.st_nextreg +R8396 Coqlib.Plt_Ple_trans +R8416 RTLgen.st_nextreg +R8396 Coqlib.Plt_Ple_trans +R8456 RTLgenproof1.reg_bounded_incr +R8559 RTLgenproof1.reg_fresh +R8541 RTLgenproof1.reg_fresh +R8521 RTLgenproof1.state_incr +R8699 RTLgen.st_nextreg +R8679 Coqlib.Plt_Ple_trans +R8699 RTLgen.st_nextreg +R8679 Coqlib.Plt_Ple_trans +R8740 RTLgenproof1.reg_fresh_decr +R8813 RTLgen.mapping +R8826 RTLgen.state +R8929 RTLgenproof1.reg_bounded +R8917 Coq.Init.Logic "x = y" type_scope +R8913 Maps "a ! b" +R8904 RTLgen.map_vars +R8919 Coq.Init.Datatypes.Some +R9015 RTLgenproof1.reg_bounded +R8991 Coq.Lists.List.In +R8999 RTLgen.map_letvars +R9145 Coq.Init.Logic "x = y" type_scope +R9129 Coq.Init.Logic "x = y" type_scope +R9124 Maps "a ! b" +R9115 RTLgen.map_vars +R9131 Coq.Init.Datatypes.Some +R9100 Coq.Init.Logic "x = y" type_scope +R9095 Maps "a ! b" +R9086 RTLgen.map_vars +R9102 Coq.Init.Datatypes.Some +R9252 Coq.Init.Logic.False +R9228 Coq.Lists.List.In +R9236 RTLgen.map_letvars +R9216 Coq.Init.Logic "x = y" type_scope +R9212 Maps "a ! b" +R9203 RTLgen.map_vars +R9218 Coq.Init.Datatypes.Some +R9277 RTLgenproof1.map_wf_var_bounded +R9309 RTLgenproof1.map_wf_letvar_bounded +R9344 RTLgenproof1.map_wf_inj +R9355 RTLgenproof1.map_wf_disj +R9449 RTLgenproof1.map_wf +R9434 RTLgenproof1.map_wf +R9414 RTLgenproof1.state_incr +R9485 RTLgenproof1.mk_map_wf +R9485 RTLgenproof1.mk_map_wf +R9539 RTLgenproof1.map_wf_incr +R9651 Coq.Init.Logic "A \/ B" type_scope +R9616 Coq.Init.Logic "'exists' x , p" type_scope +R9643 Coq.Init.Logic "x = y" type_scope +R9639 Maps "a ! b" +R9630 RTLgen.map_vars +R9645 Coq.Init.Datatypes.Some +R9656 Coq.Lists.List.In +R9664 RTLgen.map_letvars +R9598 Registers.reg +R9585 RTLgen.mapping +R9756 Coq.Init.Logic "'exists' x , p" type_scope +R9777 Coq.Init.Logic "A /\ B" type_scope +R9767 Coq.Lists.List.In +R9798 Coq.Init.Logic "x = y" type_scope +R9794 Maps "a ! b" +R9785 RTLgen.map_vars +R9800 Coq.Init.Datatypes.Some +R9739 Registers.reg +R9723 Coq.Lists.List.list +R9728 AST.ident +R9708 RTLgen.mapping +R9925 RTLgenproof1.state_incr +R9912 Coq.Init.Logic "x = y" type_scope +R9897 RTLgen.add_instr +R9914 RTLgen.OK +R9998 RTLgenproof1.state_incr_intro +R9998 RTLgenproof1.state_incr_intro +R10031 Coqlib.Ple_succ +R10031 Coqlib.Ple_succ +R10049 Coqlib.Ple_refl +R10049 Coqlib.Ple_refl +R10075 Maps.gso +R10092 Coqlib.Plt_ne +R10075 Maps.gso +R10092 Coqlib.Plt_ne +R10124 RTLgenproof1.add_instr_incr +R10232 Coq.Init.Logic "x = y" type_scope +R10229 Maps "a ! b" +R10221 RTLgen.st_code +R10234 Coq.Init.Datatypes.Some +R10204 Coq.Init.Logic "x = y" type_scope +R10189 RTLgen.add_instr +R10206 RTLgen.OK +R10313 Maps.gss +R10313 Maps.gss +R10342 RTLgenproof1.add_instr_at +R10472 Coq.Init.Logic "x = y" type_scope +R10469 Maps "a ! b" +R10461 RTLgen.st_code +R10435 RTLgenproof1.state_incr +R10424 Coq.Init.Logic "x <> y" type_scope +R10427 Coq.Init.Datatypes.None +R10415 Coq.Init.Logic "x = y" type_scope +R10412 Maps "a ! b" +R10404 RTLgen.st_code +R10540 RTLgen.st_wf +R10540 RTLgen.st_wf +R10677 RTLgenproof1.state_incr +R10664 Coq.Init.Logic "x = y" type_scope +R10647 RTLgen.reserve_instr +R10666 RTLgen.OK +R10750 RTLgenproof1.state_incr_intro +R10750 RTLgenproof1.state_incr_intro +R10783 Coqlib.Ple_succ +R10783 Coqlib.Ple_succ +R10801 Coqlib.Ple_refl +R10801 Coqlib.Ple_refl +R10969 RTLgenproof1.state_incr +R10954 Coq.Init.Logic "x = y" type_scope +R10934 RTLgen.update_instr +R10956 RTLgen.OK +R10912 RTLgenproof1.state_incr +R10897 Coq.Init.Logic "x = y" type_scope +R10880 RTLgen.reserve_instr +R10899 RTLgen.OK +R11064 Coqlib.plt +R11071 RTLgen.st_nextnode +R11064 Coqlib.plt +R11071 RTLgen.st_nextnode +R11142 RTLgenproof1.state_incr_intro +R11142 RTLgenproof1.state_incr_intro +R11175 Coqlib.Plt_Ple +R11175 Coqlib.Plt_Ple +R11210 RTLgen.st_nextnode +R11190 Coqlib.Plt_Ple_trans +R11210 RTLgen.st_nextnode +R11190 Coqlib.Plt_Ple_trans +R11252 Coqlib.Plt_succ +R11252 Coqlib.Plt_succ +R11340 Maps.gso +R11340 Maps.gso +R11405 Coqlib.Plt_trans_succ +R11405 Coqlib.Plt_trans_succ +R11450 Coqlib.Plt_ne +R11450 Coqlib.Plt_ne +R11647 RTLgenproof1.state_extends +R11632 Coq.Init.Logic "x = y" type_scope +R11612 RTLgen.update_instr +R11634 RTLgen.OK +R11590 RTLgenproof1.state_incr +R11575 Coq.Init.Logic "x = y" type_scope +R11558 RTLgen.reserve_instr +R11577 RTLgen.OK +R11723 Coqlib.peq +R11723 Coqlib.peq +R11824 RTLgen.st_wf +R11824 RTLgen.st_wf +R11871 Coqlib.Plt_strict +R11871 Coqlib.Plt_strict +R11942 Coqlib.Plt_succ +R11942 Coqlib.Plt_succ +R11998 Coqlib.plt +R12008 RTLgen.st_nextnode +R11998 Coqlib.plt +R12008 RTLgen.st_nextnode +R12079 Maps.gso +R12079 Maps.gso +R12164 RTLgenproof1.state_incr +R12151 Coq.Init.Logic "x = y" type_scope +R12140 RTLgen.new_reg +R12153 RTLgen.OK +R12237 RTLgenproof1.state_incr_intro +R12237 RTLgenproof1.state_incr_intro +R12270 Coqlib.Ple_refl +R12270 Coqlib.Ple_refl +R12286 Coqlib.Ple_succ +R12286 Coqlib.Ple_succ +R12320 RTLgenproof1.new_reg_incr +R12408 RTLgenproof1.reg_bounded +R12395 Coq.Init.Logic "x = y" type_scope +R12384 RTLgen.new_reg +R12397 RTLgen.OK +R12539 Coqlib.Plt_succ +R12539 Coqlib.Plt_succ +R12567 RTLgenproof1.new_reg_bounded +R12656 RTLgenproof1.reg_fresh +R12643 Coq.Init.Logic "x = y" type_scope +R12632 RTLgen.new_reg +R12645 RTLgen.OK +R12764 Coqlib.Plt_strict +R12764 Coqlib.Plt_strict +R12797 RTLgenproof1.new_reg_fresh +R12895 RTLgenproof1.reg_bounded +R12877 RTLgenproof1.reg_in_map +R12863 RTLgenproof1.map_wf +R13020 RTLgenproof1.reg_in_map_bounded +R13134 Coq.Init.Logic "~ x" type_scope +R13136 RTLgenproof1.reg_in_map +R13119 RTLgenproof1.map_wf +R13106 Coq.Init.Logic "x = y" type_scope +R13095 RTLgen.new_reg +R13108 RTLgen.OK +R13218 RTLgenproof1.new_reg_not_in_map +R13316 RTLgenproof1.reg_in_map +R13291 RTLgenproof1.mutated_reg +R13422 RTLgenproof1.mutated_reg_in_map +R13541 Coq.Init.Logic "~ x" type_scope +R13543 RTLgenproof1.mutated_reg +R13526 RTLgenproof1.map_wf +R13513 Coq.Init.Logic "x = y" type_scope +R13502 RTLgen.new_reg +R13515 RTLgen.OK +R13609 RTLgenproof1.mutated_reg_in_map +R13609 RTLgenproof1.mutated_reg_in_map +R13655 RTLgenproof1.new_reg_not_in_map +R13655 RTLgenproof1.new_reg_not_in_map +R13710 RTLgenproof1.new_reg_not_mutated +R13819 RTLgenproof1.map_wf +R13826 RTLgen.init_mapping +R13885 RTLgenproof1.mk_map_wf +R13885 RTLgenproof1.mk_map_wf +R13921 Maps.gempty +R13921 Maps.gempty +R13981 Maps.gempty +R13981 Maps.gempty +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R14115 RTLgenproof1.state_incr +R14102 Coq.Init.Logic "x = y" type_scope +R14081 RTLgen.find_var +R14104 RTLgen.OK +R14195 Maps "a ! b" +R14183 RTLgen.map_vars +R14195 Maps "a ! b" +R14183 RTLgen.map_vars +R14282 RTLgenproof1.find_var_incr +R14407 RTLgenproof1.reg_in_map +R14390 RTLgenproof1.map_wf +R14377 Coq.Init.Logic "x = y" type_scope +R14356 RTLgen.find_var +R14379 RTLgen.OK +R14489 Maps "a ! b" +R14480 RTLgen.map_vars +R14489 Maps "a ! b" +R14480 RTLgen.map_vars +R14610 RTLgenproof1.find_var_in_map +R14738 RTLgenproof1.reg_bounded +R14721 RTLgenproof1.map_wf +R14708 Coq.Init.Logic "x = y" type_scope +R14687 RTLgen.find_var +R14710 RTLgen.OK +R14800 RTLgenproof1.find_var_bounded +R14961 Coq.Init.Logic "~ x" type_scope +R14963 RTLgenproof1.mutated_reg +R14941 Coq.Init.Logic "~ x" type_scope +R14943 Coq.Lists.List.In +R14922 RTLgenproof1.map_wf +R14907 Coq.Init.Logic "x = y" type_scope +R14886 RTLgen.find_var +R14909 RTLgen.OK +R15053 Maps "a ! b" +R15044 RTLgen.map_vars +R15053 Maps "a ! b" +R15044 RTLgen.map_vars +R15172 Coq.Init.Logic "x = y" type_scope +R15172 Coq.Init.Logic "x = y" type_scope +R15262 RTLgenproof1.find_var_not_mutated +R15379 RTLgenproof1.state_incr +R15366 Coq.Init.Logic "x = y" type_scope +R15343 RTLgen.find_letvar +R15368 RTLgen.OK +R15450 Coq.Lists.List.nth_error +R15461 RTLgen.map_letvars +R15450 Coq.Lists.List.nth_error +R15461 RTLgen.map_letvars +R15563 RTLgenproof1.find_letvar_incr +R15695 RTLgenproof1.reg_in_map +R15678 RTLgenproof1.map_wf +R15665 Coq.Init.Logic "x = y" type_scope +R15642 RTLgen.find_letvar +R15667 RTLgen.OK +R15768 Coq.Lists.List.nth_error +R15779 RTLgen.map_letvars +R15768 Coq.Lists.List.nth_error +R15779 RTLgen.map_letvars +R15864 Coqlib.nth_error_in +R15864 Coqlib.nth_error_in +R15932 RTLgenproof1.find_letvar_in_map +R16067 RTLgenproof1.reg_bounded +R16050 RTLgenproof1.map_wf +R16037 Coq.Init.Logic "x = y" type_scope +R16014 RTLgen.find_letvar +R16039 RTLgen.OK +R16129 RTLgenproof1.find_letvar_bounded +R16277 Coq.Init.Logic "~ x" type_scope +R16279 RTLgenproof1.mutated_reg +R16258 RTLgenproof1.map_wf +R16243 Coq.Init.Logic "x = y" type_scope +R16220 RTLgen.find_letvar +R16245 RTLgen.OK +R16358 Coq.Lists.List.nth_error +R16369 RTLgen.map_letvars +R16358 Coq.Lists.List.nth_error +R16369 RTLgen.map_letvars +R16555 RTLgenproof1.find_letvar_not_mutated +R16688 RTLgenproof1.reg_bounded +R16667 Coq.Init.Logic "x = y" type_scope +R16646 RTLgen.add_var +R16669 RTLgen.OK +R16672 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16879 RTLgenproof1.state_incr +R16865 Coq.Init.Logic "x = y" type_scope +R16845 RTLgen.add_var +R16867 RTLgen.OK +R16980 RTLgenproof1.add_var_incr +R17110 RTLgenproof1.map_wf +R17093 RTLgenproof1.map_wf +R17073 Coq.Init.Logic "x = y" type_scope +R17053 RTLgen.add_var +R17075 RTLgen.OK +R17078 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17213 RTLgenproof1.mk_map_wf +R17213 RTLgenproof1.mk_map_wf +R17256 Maps.gsspec +R17256 Maps.gsspec +R17279 Coqlib.peq +R17279 Coqlib.peq +R17429 Maps.gsspec +R17429 Maps.gsspec +R17429 Maps.gsspec +R17429 Maps.gsspec +R17453 Coqlib.peq +R17474 Coqlib.peq +R17453 Coqlib.peq +R17474 Coqlib.peq +R17474 Coqlib.peq +R17665 Coqlib.peq +R17665 Coqlib.peq +R17706 Maps.gss +R17706 Maps.gss +R17793 Maps.gso +R17793 Maps.gso +R17845 RTLgenproof1.add_var_wf +R17979 Coq.Init.Logic "x = y" type_scope +R17973 Maps "a ! b" +R17964 RTLgen.map_vars +R17981 Coq.Init.Datatypes.Some +R17938 Coq.Init.Logic "x = y" type_scope +R17918 RTLgen.add_var +R17940 RTLgen.OK +R17943 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18087 Maps.gss +R18087 Maps.gss +R18190 RTLgenproof1.state_incr +R18177 Coq.Init.Logic "x = y" type_scope +R18155 RTLgen.add_vars +R18179 RTLgen.OK +R18510 RTLgenproof1.reg_bounded +R18499 Coq.Lists.List.In +R18465 Coq.Init.Logic "x = y" type_scope +R18442 RTLgen.add_vars +R18467 RTLgen.OK +R18470 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18699 RTLgenproof1.add_var_bounded +R18699 RTLgenproof1.add_var_bounded +R18744 RTLgenproof1.reg_bounded_incr +R18744 RTLgenproof1.reg_bounded_incr +R18918 RTLgenproof1.map_wf +R18901 RTLgenproof1.map_wf +R18878 Coq.Init.Logic "x = y" type_scope +R18856 RTLgen.add_vars +R18880 RTLgen.OK +R18883 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19110 RTLgenproof1.add_var_wf +R19110 RTLgenproof1.add_var_wf +R19187 RTLgenproof1.add_vars_wf +R19312 RTLgenproof1.map_wf +R19320 RTLgen.add_letvar +R19287 Coq.Init.Logic "~ x" type_scope +R19289 RTLgenproof1.reg_in_map +R19266 RTLgenproof1.reg_bounded +R19248 RTLgenproof1.map_wf +R19383 RTLgenproof1.mk_map_wf +R19383 RTLgenproof1.mk_map_wf +R19410 RTLgenproof1.map_wf_var_bounded +R19410 RTLgenproof1.map_wf_var_bounded +R19498 RTLgenproof1.map_wf_letvar_bounded +R19498 RTLgenproof1.map_wf_letvar_bounded +R19537 RTLgenproof1.map_wf_inj +R19537 RTLgenproof1.map_wf_inj +R19640 RTLgenproof1.map_wf_disj +R19640 RTLgenproof1.map_wf_disj +R19800 RTLgenproof1.state_incr +R19787 Coq.Init.Logic "x = y" type_scope +R19764 RTLgen.alloc_reg +R19789 RTLgen.OK +R19906 Coq.Lists.List.In_dec +R19913 AST.ident_eq +R19906 Coq.Lists.List.In_dec +R19913 AST.ident_eq +R19965 RTLgenproof1.alloc_reg_incr +R20098 RTLgenproof1.reg_bounded +R20085 Coq.Init.Logic "x = y" type_scope +R20062 RTLgen.alloc_reg +R20087 RTLgen.OK +R20043 RTLgenproof1.map_wf +R20204 Coq.Lists.List.In_dec +R20211 AST.ident_eq +R20204 Coq.Lists.List.In_dec +R20211 AST.ident_eq +R20263 RTLgenproof1.alloc_reg_bounded +R20423 Coq.Init.Logic "A \/ B" type_scope +R20406 RTLgenproof1.reg_in_map +R20426 RTLgenproof1.reg_fresh +R20391 Coq.Init.Logic "x = y" type_scope +R20369 RTLgen.alloc_reg +R20393 RTLgen.OK +R20351 RTLgenproof1.map_wf +R20543 Coq.Lists.List.In_dec +R20550 AST.ident_eq +R20543 Coq.Lists.List.In_dec +R20550 AST.ident_eq +R20732 Registers.reg +R20724 Cminor.expr +R20710 Coq.Lists.List.list +R20715 AST.ident +R20699 RTLgen.mapping +R20690 RTLgen.state +R20885 Cminor.Evar +R20842 Coq.Init.Logic "x = y" type_scope +R20838 Maps "a ! b" +R20829 RTLgen.map_vars +R20844 Coq.Init.Datatypes.Some +R20808 Coq.Init.Logic "~ x" type_scope +R20810 Coq.Lists.List.In +R21030 Cminor.Eletvar +R20987 Coq.Init.Logic "x = y" type_scope +R20955 Coq.Lists.List.nth_error +R20970 RTLgen.map_letvars +R20989 Coq.Init.Datatypes.Some +R21130 RTLgenproof1.reg_bounded +R21101 Coq.Init.Logic "~ x" type_scope +R21103 RTLgenproof1.reg_in_map +R21297 RTLgenproof1.target_reg_ok +R21263 RTLgenproof1.target_reg_ok +R21241 RTLgenproof1.state_incr +R21367 RTLgenproof1.target_reg_immut_var +R21367 RTLgenproof1.target_reg_immut_var +R21403 RTLgenproof1.target_reg_letvar +R21403 RTLgenproof1.target_reg_letvar +R21436 RTLgenproof1.target_reg_other +R21436 RTLgenproof1.target_reg_other +R21489 RTLgenproof1.target_reg_ok_incr +R21619 RTLgenproof1.reg_bounded +R21586 RTLgenproof1.target_reg_ok +R21568 RTLgenproof1.map_wf +R21709 RTLgenproof1.target_reg_bounded +R21843 Coq.Init.Logic "~ x" type_scope +R21845 RTLgenproof1.mutated_reg +R21810 RTLgenproof1.target_reg_ok +R21792 RTLgenproof1.map_wf +R21987 Coq.Init.Logic "x = y" type_scope +R21987 Coq.Init.Logic "x = y" type_scope +R22048 Coq.Lists.List.In +R22054 RTLgen.map_letvars +R22048 Coq.Lists.List.In +R22054 RTLgen.map_letvars +R22172 RTLgenproof1.target_reg_not_mutated +R22317 RTLgenproof1.target_reg_ok +R22302 Coq.Init.Logic "x = y" type_scope +R22279 RTLgen.alloc_reg +R22304 RTLgen.OK +R22260 RTLgenproof1.map_wf +R22431 RTLgenproof1.target_reg_other +R22431 RTLgenproof1.target_reg_other +R22431 RTLgenproof1.target_reg_other +R22431 RTLgenproof1.target_reg_other +R22431 RTLgenproof1.target_reg_other +R22431 RTLgenproof1.target_reg_other +R22431 RTLgenproof1.target_reg_other +R22431 RTLgenproof1.target_reg_other +R22431 RTLgenproof1.target_reg_other +R22431 RTLgenproof1.target_reg_other +R22495 Coq.Lists.List.In_dec +R22502 AST.ident_eq +R22495 Coq.Lists.List.In_dec +R22502 AST.ident_eq +R22535 RTLgenproof1.target_reg_other +R22535 RTLgenproof1.target_reg_other +R22578 RTLgenproof1.target_reg_immut_var +R22578 RTLgenproof1.target_reg_immut_var +R22661 Maps "a ! b" +R22649 RTLgen.map_vars +R22661 Maps "a ! b" +R22649 RTLgen.map_vars +R22721 RTLgenproof1.target_reg_letvar +R22721 RTLgenproof1.target_reg_letvar +R22786 Coq.Lists.List.nth_error +R22797 RTLgen.map_letvars +R22786 Coq.Lists.List.nth_error +R22797 RTLgen.map_letvars +R22883 RTLgenproof1.alloc_reg_target_ok +R23005 RTLgenproof1.state_incr +R22991 Coq.Init.Logic "x = y" type_scope +R22966 RTLgen.alloc_regs +R22993 RTLgen.OK +R23161 RTLgenproof1.alloc_regs_incr +R23324 RTLgenproof1.reg_bounded +R23313 Coq.Lists.List.In +R23287 Coq.Init.Logic "x = y" type_scope +R23262 RTLgen.alloc_regs +R23289 RTLgen.OK +R23243 RTLgenproof1.map_wf +R23542 RTLgenproof1.alloc_regs_bounded +R23730 Coq.Init.Logic "A \/ B" type_scope +R23713 RTLgenproof1.reg_in_map +R23733 RTLgenproof1.reg_fresh +R23702 Coq.Lists.List.In +R23676 Coq.Init.Logic "x = y" type_scope +R23652 RTLgen.alloc_regs +R23678 RTLgen.OK +R23634 RTLgenproof1.map_wf +R23851 Coq.Lists.List.in_inv +R23851 Coq.Lists.List.in_inv +R23897 RTLgenproof1.map_wf +R23897 RTLgenproof1.map_wf +R23938 RTLgenproof1.alloc_reg_fresh_or_in_map +R23938 RTLgenproof1.alloc_reg_fresh_or_in_map +R24141 Coq.Lists.List.list +R24146 Registers.reg +R24129 Cminor.exprlist +R24115 Coq.Lists.List.list +R24120 AST.ident +R24104 RTLgen.mapping +R24095 RTLgen.state +R24242 Coq.Lists.List.nil +R24237 Cminor.Enil +R24466 Coq.Lists.List "x :: y" list_scope +R24451 Cminor.Econs +R24348 RTLgenproof1.target_reg_ok +R24325 Coq.Init.Logic "A \/ B" type_scope +R24308 RTLgenproof1.reg_in_map +R24328 Coq.Init.Logic "~ x" type_scope +R24330 Coq.Lists.List.In +R24603 RTLgenproof1.target_regs_ok +R24581 RTLgenproof1.state_incr +R24531 RTLgenproof1.target_regs_ok +R24674 RTLgenproof1.target_regs_nil +R24674 RTLgenproof1.target_regs_nil +R24700 RTLgenproof1.target_regs_cons +R24700 RTLgenproof1.target_regs_cons +R24754 RTLgenproof1.target_regs_ok_incr +R24912 RTLgenproof1.reg_bounded +R24901 Coq.Lists.List.In +R24873 RTLgenproof1.map_wf +R24837 RTLgenproof1.target_regs_ok +R25056 RTLgenproof1.target_regs_bounded +R25218 Coq.Init.Logic "~ x" type_scope +R25220 RTLgenproof1.mutated_reg +R25207 Coq.Lists.List.In +R25179 RTLgenproof1.map_wf +R25143 RTLgenproof1.target_regs_ok +R25371 RTLgenproof1.target_regs_not_mutated +R25523 RTLgenproof1.target_regs_ok +R25507 Coq.Init.Logic "x = y" type_scope +R25482 RTLgen.alloc_regs +R25509 RTLgen.OK +R25463 RTLgenproof1.map_wf +R25625 RTLgenproof1.target_regs_nil +R25625 RTLgenproof1.target_regs_nil +R25686 RTLgenproof1.target_regs_cons +R25686 RTLgenproof1.target_regs_cons +R25738 RTLgenproof1.map_wf +R25738 RTLgenproof1.map_wf +R25778 RTLgenproof1.alloc_reg_fresh_or_in_map +R25778 RTLgenproof1.alloc_reg_fresh_or_in_map +R25912 RTLgenproof1.alloc_regs_target_ok +R26049 Coq.Init.Datatypes.option +R26056 Registers.reg +R26038 RTLgen.mapping +R26029 RTLgen.state +R26141 Coq.Init.Datatypes.None +R26267 Coq.Init.Datatypes.Some +R26221 RTLgenproof1.reg_bounded +R26198 Coq.Init.Logic "~ x" type_scope +R26200 RTLgenproof1.reg_in_map +R26379 RTLgenproof1.return_reg_ok +R26350 RTLgenproof1.return_reg_ok +R26328 RTLgenproof1.state_incr +R26498 RTLgenproof1.return_reg_ok_incr +R26623 RTLgenproof1.return_reg_ok +R26645 RTLgen.ret_reg +R26604 RTLgenproof1.map_wf +R26589 Coq.Init.Logic "x = y" type_scope +R26578 RTLgen.new_reg +R26591 RTLgen.OK +R26704 AST.sig_res +R26704 AST.sig_res +R26874 RTLgen.mapping +R26887 Cminor.env +R26904 Cminor.letenv +R26924 RTL.regset +R27018 Coq.Init.Logic "'exists' x , p" type_scope +R27055 Coq.Init.Logic "A /\ B" type_scope +R27046 Coq.Init.Logic "x = y" type_scope +R27042 Maps "a ! b" +R27033 RTLgen.map_vars +R27048 Coq.Init.Datatypes.Some +R27063 Coq.Init.Logic "x = y" type_scope +R27060 Registers "a # b" +R27006 Coq.Init.Logic "x = y" type_scope +R27002 Maps "a ! b" +R27008 Coq.Init.Datatypes.Some +R27115 Coq.Init.Logic "x = y" type_scope +R27093 Registers "a ## b" +R27101 RTLgen.map_letvars +R27274 Coq.Init.Logic "x = y" type_scope +R27271 Registers "a # b" +R27255 Coq.Init.Logic "x = y" type_scope +R27251 Maps "a ! b" +R27257 Coq.Init.Datatypes.Some +R27223 RTLgenproof1.match_env +R27208 Coq.Init.Logic "x = y" type_scope +R27189 RTLgen.find_var +R27210 RTLgen.OK +R27345 Maps "a ! b" +R27336 RTLgen.map_vars +R27345 Maps "a ! b" +R27336 RTLgen.map_vars +R27411 RTLgenproof1.me_vars +R27411 RTLgenproof1.me_vars +R27565 RTLgenproof1.match_env_find_reg +R27726 RTLgenproof1.match_env +R27713 Coq.Init.Logic "x = y" type_scope +R27710 Registers "a # b" +R27717 Registers "a # b" +R27686 RTLgenproof1.reg_in_map +R27647 RTLgenproof1.match_env +R27773 RTLgenproof1.mk_match_env +R27773 RTLgenproof1.mk_match_env +R27819 RTLgenproof1.me_vars +R27819 RTLgenproof1.me_vars +R27961 Registers "a ## b" +R27965 RTLgen.map_letvars +R27961 Registers "a ## b" +R27965 RTLgen.map_letvars +R27991 Coqlib.list_map_exten +R27991 Coqlib.list_map_exten +R28060 RTLgenproof1.me_letvars +R28060 RTLgenproof1.me_letvars +R28198 RTLgenproof1.match_env +R28220 Registers "a # b <- c" +R28173 Coq.Init.Logic "~ x" type_scope +R28175 RTLgenproof1.reg_in_map +R28146 RTLgenproof1.match_env +R28253 RTLgenproof1.match_env_invariant +R28253 RTLgenproof1.match_env_invariant +R28304 Registers.eq +R28304 Registers.eq +R28361 Registers.gso +R28361 Registers.gso +R28397 RTLgenproof1.match_env_update_temp +R28628 RTLgenproof1.match_env +R28643 Maps.set +R28615 Coq.Init.Logic "x = y" type_scope +R28612 Registers "a # b" +R28619 Registers "a # b" +R28601 Coq.Init.Logic "x <> y" type_scope +R28579 Coq.Init.Logic "x = y" type_scope +R28576 Registers "a # b" +R28546 RTLgenproof1.match_env +R28531 Coq.Init.Logic "x = y" type_scope +R28513 RTLgen.find_var +R28533 RTLgen.OK +R28495 RTLgenproof1.map_wf +R28753 Maps "a ! b" +R28741 RTLgen.map_vars +R28753 Maps "a ! b" +R28741 RTLgen.map_vars +R28798 RTLgenproof1.mk_match_env +R28798 RTLgenproof1.mk_match_env +R28837 Coqlib.peq +R28837 Coqlib.peq +R28879 Maps.gss +R28879 Maps.gss +R28966 Maps.gso +R28966 Maps.gso +R28996 RTLgenproof1.me_vars +R28996 RTLgenproof1.me_vars +R29179 Registers "a ## b" +R29183 RTLgen.map_letvars +R29179 Registers "a ## b" +R29183 RTLgen.map_letvars +R29209 Coqlib.list_map_exten +R29209 Coqlib.list_map_exten +R29310 RTLgenproof1.me_letvars +R29310 RTLgenproof1.me_letvars +R29454 RTLgenproof1.match_env +R29488 Coq.Lists.List "x :: y" list_scope +R29465 RTLgen.add_letvar +R29445 Coq.Init.Logic "x = y" type_scope +R29442 Registers "a # b" +R29413 RTLgenproof1.match_env +R29550 RTLgenproof1.mk_match_env +R29550 RTLgenproof1.mk_match_env +R29588 RTLgenproof1.me_vars +R29588 RTLgenproof1.me_vars +R29631 RTLgenproof1.me_letvars +R29631 RTLgenproof1.me_letvars +R29783 RTLgenproof1.match_env +R29753 RTLgenproof1.match_env +R29737 Coq.Init.Logic "x = y" type_scope +R29734 Registers "a # b" +R29742 Registers "a # b" +R29830 RTLgenproof1.mk_match_env +R29830 RTLgenproof1.mk_match_env +R29866 RTLgenproof1.me_vars +R29866 RTLgenproof1.me_vars +R29985 Registers "a ## b" +R29989 RTLgen.map_letvars +R29985 Registers "a ## b" +R29989 RTLgen.map_letvars +R30015 Coqlib.list_map_exten +R30015 Coqlib.list_map_exten +R30077 RTLgenproof1.me_letvars +R30077 RTLgenproof1.me_letvars +R30221 Coq.Init.Logic "x = y" type_scope +R30208 RTLgen.map_letvars +R30229 RTLgen.map_letvars +R30179 Coq.Init.Logic "x = y" type_scope +R30161 RTLgen.add_var +R30181 RTLgen.OK +R30184 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R30439 Coq.Init.Logic "x = y" type_scope +R30426 RTLgen.map_letvars +R30447 RTLgen.map_letvars +R30396 Coq.Init.Logic "x = y" type_scope +R30376 RTLgen.add_vars +R30398 RTLgen.OK +R30401 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R30586 RTLgen.map_letvars +R30586 RTLgen.map_letvars +R30622 RTLgenproof1.add_var_letenv +R30622 RTLgenproof1.add_var_letenv +R30729 RTLgenproof1.match_env +R30766 Registers.init +R30778 Values.Vundef +R30761 Coq.Lists.List.nil +R30744 Maps.empty +R30756 Values.val +R30718 Coq.Init.Logic "x = y" type_scope +R30705 RTLgen.map_letvars +R30720 Coq.Lists.List.nil +R30810 RTLgenproof1.mk_match_env +R30810 RTLgenproof1.mk_match_env +R30842 Maps.gempty +R30842 Maps.gempty +R31084 Coq.Init.Logic "A /\ B" type_scope +R31026 RTLgenproof1.match_env +R31065 RTL.init_regs +R31060 Coq.Lists.List.nil +R31042 Cminor.set_params +R31136 Coq.Init.Logic "x = y" type_scope +R31132 Registers "a # b" +R31117 RTL.init_regs +R31138 Values.Vundef +R31098 RTLgenproof1.reg_fresh +R31002 Coq.Init.Logic "x = y" type_scope +R30974 RTLgen.add_vars +R30983 RTLgen.init_mapping +R31004 RTLgen.OK +R31007 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31255 RTLgenproof1.match_env_empty +R31255 RTLgenproof1.match_env_empty +R31306 Registers.gi +R31306 Registers.gi +R31470 Coq.Init.Logic "x = y" type_scope +R31453 RTLgen.map_letvars +R31472 Coq.Lists.List.nil +R31470 Coq.Init.Logic "x = y" type_scope +R31453 RTLgen.map_letvars +R31472 Coq.Lists.List.nil +R31494 RTLgen.map_letvars +R31494 RTLgen.map_letvars +R31519 RTLgenproof1.add_var_letenv +R31519 RTLgenproof1.add_var_letenv +R31559 RTLgen.map_letvars +R31571 RTLgen.init_mapping +R31559 RTLgen.map_letvars +R31571 RTLgen.init_mapping +R31595 RTLgenproof1.add_vars_letenv +R31595 RTLgenproof1.add_vars_letenv +R31694 Coq.Lists.List.nil +R31694 Coq.Lists.List.nil +R31794 Maps.gsspec +R31814 Coqlib.peq +R31794 Maps.gsspec +R31794 Maps.gsspec +R31794 Maps.gsspec +R31814 Coqlib.peq +R31866 Registers.gi +R31866 Registers.gi +R31901 RTLgenproof1.me_vars +R31901 RTLgenproof1.me_vars +R31985 RTL.init_regs +R31995 Coq.Lists.List.nil +R32008 Registers.init +R32020 Values.Vundef +R31985 RTL.init_regs +R31995 Coq.Lists.List.nil +R32008 Registers.init +R32020 Values.Vundef +R32111 Registers.gi +R32111 Registers.gi +R32270 Maps.gsspec +R32290 Coqlib.peq +R32270 Maps.gsspec +R32270 Maps.gsspec +R32270 Maps.gsspec +R32290 Coqlib.peq +R32342 Registers.gss +R32342 Registers.gss +R32378 RTLgenproof1.me_vars +R32378 RTLgenproof1.me_vars +R32459 Registers.gso +R32459 Registers.gso +R32485 RTLgenproof1.bounded_fresh_different +R32485 RTLgenproof1.bounded_fresh_different +R32533 RTLgenproof1.map_wf +R32533 RTLgenproof1.map_wf +R32555 RTLgenproof1.add_vars_wf +R32555 RTLgenproof1.add_vars_wf +R32581 RTLgenproof1.init_mapping_wf +R32581 RTLgenproof1.init_mapping_wf +R32679 Registers.gso +R32679 Registers.gso +R32730 Coq.Init.Logic.sym_not_equal +R32730 Coq.Init.Logic.sym_not_equal +R32985 RTLgenproof1.match_env +R33001 Cminor.set_locals +R32961 Coq.Init.Logic "x = y" type_scope +R32941 RTLgen.add_vars +R32963 RTLgen.OK +R32966 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R32926 Coq.Init.Logic "x = y" type_scope +R32923 Registers "a # b" +R32928 Values.Vundef +R32903 RTLgenproof1.reg_fresh +R32864 RTLgenproof1.match_env +R32812 RTLgenproof1.map_wf +R33164 RTLgenproof1.match_env +R33177 Cminor.set_locals +R33164 RTLgenproof1.match_env +R33177 Cminor.set_locals +R33338 Maps.gsspec +R33338 Maps.gsspec +R33338 Maps.gsspec +R33338 Maps.gsspec +R33361 Coqlib.peq +R33361 Coqlib.peq +R33453 RTLgenproof1.reg_fresh_decr +R33453 RTLgenproof1.reg_fresh_decr +R33486 RTLgenproof1.add_vars_incr +R33486 RTLgenproof1.add_vars_incr +R33536 RTLgenproof1.me_vars +R33536 RTLgenproof1.me_vars +R33569 RTLgenproof1.me_letvars +R33569 RTLgenproof1.me_letvars +R33800 RTLgenproof1.match_env +R33878 RTL.init_regs +R33873 Coq.Lists.List.nil +R33816 Cminor.set_locals +R33833 Cminor.set_params +R33773 Coq.Init.Logic "x = y" type_scope +R33751 RTLgen.add_vars +R33775 RTLgen.OK +R33778 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R33722 Coq.Init.Logic "x = y" type_scope +R33690 RTLgen.add_vars +R33699 RTLgen.init_mapping +R33724 RTLgen.OK +R33727 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R33938 RTLgenproof1.match_set_params_init_regs +R33938 RTLgenproof1.match_set_params_init_regs +R34012 RTLgenproof1.match_set_locals +R34012 RTLgenproof1.match_set_locals +R34046 RTLgenproof1.add_vars_wf +R34046 RTLgenproof1.add_vars_wf +R34072 RTLgenproof1.init_mapping_wf +R34072 RTLgenproof1.init_mapping_wf +R34243 RTLgenproof1.state_incr +R34227 Coq.Init.Logic "x = y" type_scope +R34207 RTLgen.add_move +R34229 RTLgen.OK +R34312 Registers.eq +R34312 Registers.eq +R34418 RTLgenproof1.add_move_incr +R35907 Coq.Init.Logic "A /\ B" type_scope +R35898 Cminor.expr +R35947 Coq.Init.Logic "A /\ B" type_scope +R35932 Cminor.condexpr +R35972 Cminor.exprlist +R35863 Cminor.Econs +R35840 Cminor.exprlist +R35807 Cminor.expr +R35780 Cminor.Enil +R35745 Cminor.CEcondition +R35722 Cminor.condexpr +R35683 Cminor.condexpr +R35637 Cminor.condexpr +R35602 Cminor.CEcond +R35579 Cminor.exprlist +R35563 Op.condition +R35532 Cminor.CEfalse +R35512 Cminor.CEtrue +R35487 Cminor.Eletvar +R35479 Coq.Init.Datatypes.nat +R35445 Cminor.Elet +R35428 Cminor.expr +R35403 Cminor.expr +R35361 Cminor.Econdition +R35344 Cminor.expr +R35311 Cminor.expr +R35266 Cminor.condexpr +R35229 Cminor.Ecall +R35207 Cminor.exprlist +R35173 Cminor.expr +R35157 AST.signature +R35116 Cminor.Estore +R35099 Cminor.expr +R35060 Cminor.exprlist +R35043 Op.addressing +R35024 AST.memory_chunk +R34987 Cminor.Eload +R34957 Cminor.exprlist +R34940 Op.addressing +R34921 AST.memory_chunk +R34888 Cminor.Eop +R34866 Cminor.exprlist +R34850 Op.operation +R34813 Cminor.Eassign +R34796 Cminor.expr +R34784 AST.ident +R34752 Cminor.Evar +R34742 AST.ident +R34704 Cminor.exprlist +R34671 Cminor.condexpr +R34651 Cminor.expr +R36021 RTLgenproof1.expr_ind3 +R36021 RTLgenproof1.expr_ind3 +R36069 RTLgenproof1.condexpr_ind3 +R36069 RTLgenproof1.condexpr_ind3 +R36114 RTLgenproof1.exprlist_ind3 +R36114 RTLgenproof1.exprlist_ind3 +R36287 RTLgenproof1.state_incr +R36273 Coq.Init.Logic "x = y" type_scope +R36243 RTLgen.transl_expr +R36275 RTLgen.OK +R36193 Cminor.expr +R36463 RTLgenproof1.state_incr +R36449 Coq.Init.Logic "x = y" type_scope +R36407 RTLgen.transl_condition +R36451 RTLgen.OK +R36346 Cminor.condexpr +R36625 RTLgenproof1.state_incr +R36611 Coq.Init.Logic "x = y" type_scope +R36576 RTLgen.transl_exprlist +R36613 RTLgen.OK +R36522 Cminor.exprlist +R36722 Coq.Init.Logic "A /\ B" type_scope +R36699 RTLgenproof1.transl_expr_incr_pred +R36768 Coq.Init.Logic "A /\ B" type_scope +R36740 RTLgenproof1.transl_condition_incr_pred +R36787 RTLgenproof1.transl_exprlist_incr_pred +R36833 RTLgenproof1.expr_condexpr_exprlist_ind +R36833 RTLgenproof1.expr_condexpr_exprlist_ind +R37108 RTLgenproof1.state_incr_trans3 +R37108 RTLgenproof1.state_incr_trans3 +R37181 RTLgenproof1.state_incr_trans4 +R37181 RTLgenproof1.state_incr_trans4 +R37501 RTLgenproof1.state_incr +R37487 Coq.Init.Logic "x = y" type_scope +R37457 RTLgen.transl_expr +R37489 RTLgen.OK +R37525 Coq.Init.Logic.proj1 +R37531 RTLgenproof1.transl_expr_condition_exprlist_incr +R37698 RTLgenproof1.state_incr +R37684 Coq.Init.Logic "x = y" type_scope +R37642 RTLgen.transl_condition +R37686 RTLgen.OK +R37722 Coq.Init.Logic.proj1 +R37729 Coq.Init.Logic.proj2 +R37735 RTLgenproof1.transl_expr_condition_exprlist_incr +R37889 RTLgenproof1.state_incr +R37875 Coq.Init.Logic "x = y" type_scope +R37840 RTLgen.transl_exprlist +R37877 RTLgen.OK +R37913 Coq.Init.Logic.proj2 +R37920 Coq.Init.Logic.proj2 +R37926 RTLgenproof1.transl_expr_condition_exprlist_incr +R37979 RTLgenproof1.transl_expr_incr +R37996 RTLgenproof1.transl_condition_incr +R38018 RTLgenproof1.transl_exprlist_incr +R38726 Coq.Init.Logic "A /\ B" type_scope +R38717 Cminor.stmt +R38751 Cminor.stmtlist +R38682 Cminor.Scons +R38659 Cminor.stmtlist +R38626 Cminor.stmt +R38599 Cminor.Snil +R38574 Cminor.Sreturn +R38558 Coq.Init.Datatypes.option +R38565 Cminor.expr +R38526 Cminor.Sexit +R38518 Coq.Init.Datatypes.nat +R38485 Cminor.Sblock +R38464 Cminor.stmtlist +R38432 Cminor.Sloop +R38411 Cminor.stmtlist +R38368 Cminor.Sifthenelse +R38346 Cminor.stmtlist +R38307 Cminor.stmtlist +R38292 Cminor.condexpr +R38259 Cminor.Sexpr +R38250 Cminor.expr +R38212 Cminor.stmtlist +R38192 Cminor.stmt +R38800 RTLgenproof1.stmt_ind2 +R38800 RTLgenproof1.stmt_ind2 +R38838 RTLgenproof1.stmtlist_ind2 +R38838 RTLgenproof1.stmtlist_ind2 +R39030 RTLgenproof1.state_incr +R39014 Coq.Init.Logic "x = y" type_scope +R38974 RTLgen.transl_stmt +R39016 RTLgen.OK +R38914 Cminor.stmt +R39214 RTLgenproof1.state_incr +R39198 Coq.Init.Logic "x = y" type_scope +R39153 RTLgen.transl_stmtlist +R39200 RTLgen.OK +R39089 Cminor.stmtlist +R39301 Coq.Init.Logic "A /\ B" type_scope +R39278 RTLgenproof1.transl_stmt_incr_pred +R39320 RTLgenproof1.transl_stmtlist_incr_pred +R39366 RTLgenproof1.stmt_stmtlist_ind +R39366 RTLgenproof1.stmt_stmtlist_ind +R39596 RTLgen.more_likely +R39596 RTLgen.more_likely +R39697 RTL.Inop +R39667 RTLgenproof1.update_instr_incr +R39697 RTL.Inop +R39667 RTLgenproof1.update_instr_incr +R39757 Coq.Lists.List.nth_error +R39757 Coq.Lists.List.nth_error +R40085 RTLgenproof1.state_incr +R40069 Coq.Init.Logic "x = y" type_scope +R40029 RTLgen.transl_stmt +R40071 RTLgen.OK +R40109 Coq.Init.Logic.proj1 +R40115 RTLgenproof1.transl_stmt_stmtlist_incr +R40280 RTLgenproof1.state_incr +R40264 Coq.Init.Logic "x = y" type_scope +R40219 RTLgen.transl_stmtlist +R40266 RTLgen.OK +R40304 Coq.Init.Logic.proj2 +R40310 RTLgenproof1.transl_stmt_stmtlist_incr +R40352 RTLgenproof1.transl_stmt_incr +R40369 RTLgenproof1.transl_stmtlist_incr +FRTLgenproof +R381 Cminor.program +R413 RTL.program +R465 Coq.Init.Logic "x = y" type_scope +R445 RTLgen.transl_program +R467 Coq.Init.Datatypes.Some +R489 Cminor.genv +R504 Globalenvs.globalenv +R535 RTL.genv +R547 Globalenvs.globalenv +R639 Coq.Init.Logic "x = y" type_scope +R616 Globalenvs.find_symbol +R641 Globalenvs.find_symbol +R608 AST.ident +R742 RTLgen.transl_function +R705 Globalenvs.find_symbol_transf_partial +R742 RTLgen.transl_function +R705 Globalenvs.find_symbol_transf_partial +R895 Coq.Init.Logic "'exists' x , p" type_scope +R944 Coq.Init.Logic "A /\ B" type_scope +R934 Coq.Init.Logic "x = y" type_scope +R908 Globalenvs.find_funct_ptr +R936 Coq.Init.Datatypes.Some +R965 Coq.Init.Logic "x = y" type_scope +R947 RTLgen.transl_function +R967 Coq.Init.Datatypes.Some +R881 Coq.Init.Logic "x = y" type_scope +R856 Globalenvs.find_funct_ptr +R883 Coq.Init.Datatypes.Some +R836 Cminor.function +R825 Values.block +R1012 Globalenvs.find_funct_ptr_transf_partial +R1047 RTLgen.transl_function +R1012 Globalenvs.find_funct_ptr_transf_partial +R1047 RTLgen.transl_function +R1082 RTLgen.transl_function +R1082 RTLgen.transl_function +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R1287 Coq.Init.Logic "'exists' x , p" type_scope +R1332 Coq.Init.Logic "A /\ B" type_scope +R1322 Coq.Init.Logic "x = y" type_scope +R1300 Globalenvs.find_funct +R1324 Coq.Init.Datatypes.Some +R1353 Coq.Init.Logic "x = y" type_scope +R1335 RTLgen.transl_function +R1355 Coq.Init.Datatypes.Some +R1273 Coq.Init.Logic "x = y" type_scope +R1252 Globalenvs.find_funct +R1275 Coq.Init.Datatypes.Some +R1232 Cminor.function +R1223 Values.val +R1400 Globalenvs.find_funct_transf_partial +R1431 RTLgen.transl_function +R1400 Globalenvs.find_funct_transf_partial +R1431 RTLgen.transl_function +R1466 RTLgen.transl_function +R1466 RTLgen.transl_function +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R1676 Coq.Init.Logic "'exists' x , p" type_scope +R1740 Coq.Init.Logic "A /\ B" type_scope +R1690 RTL.exec_instrs +R1710 RTLgen.st_code +R1760 Coq.Init.Logic "A /\ B" type_scope +R1752 Coq.Init.Logic "x = y" type_scope +R1748 Registers "a # b" +R1756 Registers "a # b" +R1793 Coq.Init.Logic "x = y" type_scope +R1790 Registers "a # b" +R1797 Registers "a # b" +R1778 Coq.Init.Logic "x <> y" type_scope +R1660 Coq.Init.Logic "x = y" type_scope +R1640 RTLgen.add_move +R1662 RTLgen.OK +R1853 Registers.eq +R1853 Registers.eq +R1946 RTL.exec_refl +R1946 RTL.exec_refl +R1995 Registers "a # b <- c" +R2005 Registers "a # b" +R1995 Registers "a # b <- c" +R2005 Registers "a # b" +R2027 RTL.exec_one +R2027 RTL.exec_one +R2044 RTL.exec_Iop +R2044 RTL.exec_Iop +R2103 Registers.gss +R2103 Registers.gss +R2132 Registers.gso +R2132 Registers.gso +R2604 Coq.Init.Logic "'exists' x , p" type_scope +R2673 Coq.Init.Logic "A /\ B" type_scope +R2621 RTL.exec_instrs +R2641 RTLgen.st_code +R2702 Coq.Init.Logic "A /\ B" type_scope +R2676 RTLgenproof1.match_env +R2718 Coq.Init.Logic "A /\ B" type_scope +R2712 Coq.Init.Logic "x = y" type_scope +R2708 Registers "a # b" +R2837 Coq.Init.Logic "x = y" type_scope +R2834 Registers "a # b" +R2841 Registers "a # b" +R2810 Coq.Init.Logic "A \/ B" type_scope +R2793 RTLgenproof1.reg_in_map +R2815 Coq.Init.Logic "x <> y" type_scope +R2758 Coq.Init.Logic "~ x" type_scope +R2760 RTLgenproof1.mutated_reg +R2739 RTLgenproof1.reg_bounded +R2571 RTLgenproof1.target_reg_ok +R2534 Coq.Lists.List.incl +R2540 RTLgen.mutated_expr +R2501 RTLgenproof1.match_env +R2480 Coq.Init.Logic "x = y" type_scope +R2450 RTLgen.transl_expr +R2482 RTLgen.OK +R2427 RTLgenproof1.map_wf +R2368 Values.val +R2359 Mem.mem +R2349 Cminor.env +R2313 Cminor.expr +R2304 Mem.mem +R2295 Cminor.env +R2283 Cminor.letenv +R2273 Values.val +R3244 Coq.Init.Logic "'exists' x , p" type_scope +R3313 Coq.Init.Logic "A /\ B" type_scope +R3261 RTL.exec_instrs +R3281 RTLgen.st_code +R3342 Coq.Init.Logic "A /\ B" type_scope +R3316 RTLgenproof1.match_env +R3360 Coq.Init.Logic "A /\ B" type_scope +R3353 Coq.Init.Logic "x = y" type_scope +R3348 Registers "a ## b" +R3482 Coq.Init.Logic "x = y" type_scope +R3479 Registers "a # b" +R3486 Registers "a # b" +R3452 Coq.Init.Logic "A \/ B" type_scope +R3435 RTLgenproof1.reg_in_map +R3455 Coq.Init.Logic "~ x" type_scope +R3457 Coq.Lists.List.In +R3400 Coq.Init.Logic "~ x" type_scope +R3402 RTLgenproof1.mutated_reg +R3381 RTLgenproof1.reg_bounded +R3209 RTLgenproof1.target_regs_ok +R3167 Coq.Lists.List.incl +R3173 RTLgen.mutated_exprlist +R3134 RTLgenproof1.match_env +R3113 Coq.Init.Logic "x = y" type_scope +R3078 RTLgen.transl_exprlist +R3115 RTLgen.OK +R3055 RTLgenproof1.map_wf +R2991 Coq.Lists.List.list +R2996 Values.val +R2981 Mem.mem +R2971 Cminor.env +R2931 Cminor.exprlist +R2921 Mem.mem +R2912 Cminor.env +R2900 Cminor.letenv +R2890 Values.val +R3856 Coq.Init.Logic "'exists' x , p" type_scope +R3953 Coq.Init.Logic "A /\ B" type_scope +R3873 RTL.exec_instrs +R3893 RTLgen.st_code +R3982 Coq.Init.Logic "A /\ B" type_scope +R3956 RTLgenproof1.match_env +R4065 Coq.Init.Logic "x = y" type_scope +R4062 Registers "a # b" +R4069 Registers "a # b" +R4023 Coq.Init.Logic "~ x" type_scope +R4025 RTLgenproof1.mutated_reg +R4004 RTLgenproof1.reg_bounded +R3822 Coq.Lists.List.incl +R3828 RTLgen.mutated_condexpr +R3789 RTLgenproof1.match_env +R3768 Coq.Init.Logic "x = y" type_scope +R3726 RTLgen.transl_condition +R3770 RTLgen.OK +R3703 RTLgenproof1.map_wf +R3636 Coq.Init.Datatypes.bool +R3626 Mem.mem +R3616 Cminor.env +R3576 Cminor.condexpr +R3567 Mem.mem +R3558 Cminor.env +R3546 Cminor.letenv +R3536 Values.val +R4211 Cminor.Out_normal +R4231 Coq.Init.Logic "x = y" type_scope +R4240 Cminor.Out_exit +R4273 Coq.Init.Logic "x = y" type_scope +R4254 Coq.Lists.List.nth_error +R4275 Coq.Init.Datatypes.Some +R4287 Cminor.Out_return +R4308 Coq.Init.Logic "x = y" type_scope +R4174 RTL.node +R4163 RTL.node +R4145 Coq.Lists.List.list +R4150 RTL.node +R4130 RTL.node +R4109 Cminor.outcome +R4426 Coq.Init.Datatypes.None +R4434 Coq.Init.Logic.True +R4443 Coq.Init.Datatypes.Some +R4458 Coq.Init.Logic "x = y" type_scope +R4455 Registers "a # b" +R4389 Values.val +R4373 Coq.Init.Datatypes.option +R4380 Registers.reg +R4358 RTL.regset +R4584 Cminor.Out_normal +R4598 Coq.Init.Logic.True +R4607 Cminor.Out_exit +R4621 Coq.Init.Logic.True +R4630 Cminor.Out_return +R4685 Coq.Init.Datatypes.None +R4691 Coq.Init.Datatypes.None +R4699 Coq.Init.Logic.True +R4712 Coq.Init.Datatypes.Some +R4720 Coq.Init.Datatypes.Some +R4735 Coq.Init.Logic "x = y" type_scope +R4732 Registers "a # b" +R4755 Coq.Init.Logic.False +R4545 RTL.regset +R4528 Coq.Init.Datatypes.option +R4535 Registers.reg +R4512 Cminor.outcome +R5167 Coq.Init.Logic "'exists' x , p" type_scope +R5236 Coq.Init.Logic "A /\ B" type_scope +R5184 RTL.exec_instrs +R5204 RTLgen.st_code +R5266 Coq.Init.Logic "A /\ B" type_scope +R5239 RTLgenproof1.match_env +R5256 Coq.Lists.List.nil +R5269 RTLgenproof.match_return_outcome +R5138 RTLgenproof1.return_reg_ok +R5089 RTLgenproof.outcome_node +R5055 RTLgenproof1.match_env +R5071 Coq.Lists.List.nil +R5034 Coq.Init.Logic "x = y" type_scope +R4991 RTLgen.transl_stmt +R5036 RTLgen.OK +R4968 RTLgenproof1.map_wf +R4889 Cminor.outcome +R4878 Mem.mem +R4868 Cminor.env +R4845 Cminor.stmt +R4836 Mem.mem +R4827 Cminor.env +R4818 Values.val +R5707 Coq.Init.Logic "'exists' x , p" type_scope +R5776 Coq.Init.Logic "A /\ B" type_scope +R5724 RTL.exec_instrs +R5744 RTLgen.st_code +R5806 Coq.Init.Logic "A /\ B" type_scope +R5779 RTLgenproof1.match_env +R5796 Coq.Lists.List.nil +R5809 RTLgenproof.match_return_outcome +R5678 RTLgenproof1.return_reg_ok +R5629 RTLgenproof.outcome_node +R5595 RTLgenproof1.match_env +R5611 Coq.Lists.List.nil +R5574 Coq.Init.Logic "x = y" type_scope +R5526 RTLgen.transl_stmtlist +R5576 RTLgen.OK +R5503 RTLgenproof1.map_wf +R5424 Cminor.outcome +R5413 Mem.mem +R5403 Cminor.env +R5376 Cminor.stmtlist +R5366 Mem.mem +R5357 Cminor.env +R5348 Values.val +R6020 RTL.exec_function +R6006 Coq.Init.Logic "x = y" type_scope +R5988 RTLgen.transl_function +R6008 Coq.Init.Datatypes.Some +R5952 Values.val +R5940 Mem.mem +R5922 Coq.Lists.List.list +R5927 Values.val +R5897 Cminor.function +R5888 Mem.mem +R6249 RTLgenproof.transl_expr_correct +R6280 Cminor.Evar +R6235 Coq.Init.Logic "x = y" type_scope +R6231 Maps "a ! b" +R6237 Coq.Init.Datatypes.Some +R6222 Values.val +R6211 AST.ident +R6201 Mem.mem +R6192 Cminor.env +R6180 Cminor.letenv +R6170 Values.val +R6401 Maps "a ! b" +R6389 RTLgen.map_vars +R6401 Maps "a ! b" +R6389 RTLgen.map_vars +R6470 RTLgenproof.add_move_correct +R6470 RTLgenproof.add_move_correct +R6723 RTLgenproof1.match_env_exten +R6723 RTLgenproof1.match_env_exten +R6764 Registers.eq +R6764 Registers.eq +R6889 RTLgenproof1.match_env_invariant +R6889 RTLgenproof1.match_env_invariant +R7083 Registers.eq +R7083 Registers.eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R7593 RTLgenproof.transl_expr_correct +R7624 Cminor.Eop +R7579 Coq.Init.Logic "x = y" type_scope +R7552 Op.eval_operation +R7581 Coq.Init.Datatypes.Some +R7501 RTLgenproof.transl_exprlist_correct +R7457 Cminor.eval_exprlist +R7449 Values.val +R7426 Coq.Lists.List.list +R7431 Values.val +R7415 Mem.mem +R7404 Cminor.env +R7388 Cminor.exprlist +R7362 Op.operation +R7351 Mem.mem +R7341 Cminor.env +R7328 Cminor.letenv +R7317 Values.val +R7775 RTLgenproof1.target_regs_ok +R7775 RTLgenproof1.target_regs_ok +R7841 RTLgenproof1.map_wf +R7841 RTLgenproof1.map_wf +R7982 Registers "a # b <- c" +R7982 Registers "a # b <- c" +R8020 RTL.exec_trans +R8020 RTL.exec_trans +R8053 RTLgenproof1.exec_instrs_incr +R8053 RTLgenproof1.exec_instrs_incr +R8104 RTL.exec_one +R8121 RTL.exec_Iop +R8104 RTL.exec_one +R8121 RTL.exec_Iop +R8173 Op.eval_operation_preserved +R8214 RTL.function +R8198 Cminor.function +R8173 Op.eval_operation_preserved +R8214 RTL.function +R8198 Cminor.function +R8259 RTLgenproof.symbols_preserved +R8259 RTLgenproof.symbols_preserved +R8367 Registers.gss +R8367 Registers.gss +R8414 Registers.gso +R8414 Registers.gso +R8476 Coq.Lists.List.In_dec +R8483 Registers.eq +R8476 Coq.Lists.List.In_dec +R8483 Registers.eq +R8517 RTLgenproof1.alloc_regs_fresh_or_in_map +R8517 RTLgenproof1.alloc_regs_fresh_or_in_map +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R8971 RTLgenproof.transl_expr_correct +R9017 Maps.set +R9002 Cminor.Eassign +R8926 RTLgenproof.transl_expr_correct +R8888 Cminor.eval_expr +R8880 Values.val +R8865 Mem.mem +R8854 Cminor.env +R8842 Cminor.expr +R8830 AST.ident +R8814 Mem.mem +R8804 Cminor.env +R8791 Cminor.letenv +R8780 Values.val +R9144 RTLgenproof1.map_wf +R9144 RTLgenproof1.map_wf +R9193 Coq.Lists.List.incl +R9199 RTLgen.mutated_expr +R9193 Coq.Lists.List.incl +R9199 RTLgen.mutated_expr +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R9279 RTLgenproof1.target_reg_ok +R9279 RTLgenproof1.target_reg_ok +R9334 RTLgenproof1.target_reg_other +R9334 RTLgenproof1.target_reg_other +R9482 RTLgenproof.add_move_correct +R9482 RTLgenproof.add_move_correct +R9604 RTL.exec_trans +R9604 RTL.exec_trans +R9636 RTLgenproof1.exec_instrs_incr +R9636 RTLgenproof1.exec_instrs_incr +R9727 RTLgenproof1.match_env_update_var +R9727 RTLgenproof1.match_env_update_var +R9813 Registers.eq +R9813 Registers.eq +R9925 Registers "a # b" +R9925 Registers "a # b" +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R10089 Maps "a ! b" +R10077 RTLgen.map_vars +R10089 Maps "a ! b" +R10077 RTLgen.map_vars +R10576 RTLgenproof.transl_expr_correct +R10607 Cminor.Eload +R10562 Coq.Init.Logic "x = y" type_scope +R10541 Mem.loadv +R10564 Coq.Init.Datatypes.Some +R10527 Coq.Init.Logic "x = y" type_scope +R10497 Op.eval_addressing +R10529 Coq.Init.Datatypes.Some +R10446 RTLgenproof.transl_exprlist_correct +R10402 Cminor.eval_exprlist +R10394 Values.val +R10380 Coq.Lists.List.list +R10385 Values.val +R10364 Values.val +R10354 Mem.mem +R10343 Cminor.env +R10327 Cminor.exprlist +R10304 Op.addressing +R10282 AST.memory_chunk +R10264 Mem.mem +R10254 Cminor.env +R10241 Cminor.letenv +R10230 Values.val +R10746 RTLgenproof1.map_wf +R10746 RTLgenproof1.map_wf +R10795 RTLgenproof1.target_regs_ok +R10795 RTLgenproof1.target_regs_ok +R10957 Registers "a # b <- c" +R10957 Registers "a # b <- c" +R10995 RTL.exec_trans +R10995 RTL.exec_trans +R11028 RTLgenproof1.exec_instrs_incr +R11028 RTLgenproof1.exec_instrs_incr +R11079 RTL.exec_one +R11079 RTL.exec_one +R11096 RTL.exec_Iload +R11096 RTL.exec_Iload +R11151 Op.eval_addressing_preserved +R11151 Op.eval_addressing_preserved +R11209 RTLgenproof.symbols_preserved +R11209 RTLgenproof.symbols_preserved +R11272 RTLgenproof1.match_env_update_temp +R11272 RTLgenproof1.match_env_update_temp +R11362 Registers.gss +R11362 Registers.gss +R11409 Registers.gso +R11409 Registers.gso +R11475 Coq.Lists.List.In_dec +R11482 Registers.eq +R11475 Coq.Lists.List.In_dec +R11482 Registers.eq +R11510 RTLgenproof1.alloc_regs_fresh_or_in_map +R11510 RTLgenproof1.alloc_regs_fresh_or_in_map +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R12199 RTLgenproof.transl_expr_correct +R12230 Cminor.Estore +R12184 Coq.Init.Logic "x = y" type_scope +R12160 Mem.storev +R12186 Coq.Init.Datatypes.Some +R12145 Coq.Init.Logic "x = y" type_scope +R12115 Op.eval_addressing +R12147 Coq.Init.Datatypes.Some +R12068 RTLgenproof.transl_expr_correct +R12028 Cminor.eval_expr +R11977 RTLgenproof.transl_exprlist_correct +R11933 Cminor.eval_exprlist +R11925 Values.val +R11916 Values.val +R11901 Mem.mem +R11901 Mem.mem +R11887 Cminor.env +R11871 Coq.Lists.List.list +R11876 Values.val +R11855 Mem.mem +R11844 Cminor.env +R11832 Cminor.expr +R11817 Cminor.exprlist +R11794 Op.addressing +R11772 AST.memory_chunk +R11754 Mem.mem +R11744 Cminor.env +R11731 Cminor.letenv +R11720 Values.val +R12373 RTLgenproof1.map_wf +R12373 RTLgenproof1.map_wf +R12400 RTLgenproof1.map_wf_incr +R12400 RTLgenproof1.map_wf_incr +R12431 RTLgenproof1.state_incr_trans2 +R12431 RTLgenproof1.state_incr_trans2 +R12511 Coq.Lists.List.incl +R12517 RTLgen.mutated_exprlist +R12511 Coq.Lists.List.incl +R12517 RTLgen.mutated_exprlist +R12579 RTLgenproof1.target_regs_ok +R12579 RTLgenproof1.target_regs_ok +R12623 RTLgenproof1.target_regs_ok_incr +R12623 RTLgenproof1.target_regs_ok_incr +R12784 RTLgenproof1.map_wf +R12784 RTLgenproof1.map_wf +R12833 Coq.Lists.List.incl +R12839 RTLgen.mutated_expr +R12833 Coq.Lists.List.incl +R12839 RTLgen.mutated_expr +R12896 RTLgenproof1.target_reg_ok +R12896 RTLgenproof1.target_reg_ok +R12953 RTLgenproof1.target_reg_other +R12953 RTLgenproof1.target_reg_other +R13129 RTL.exec_trans +R13129 RTL.exec_trans +R13162 RTLgenproof1.exec_instrs_incr +R13162 RTLgenproof1.exec_instrs_incr +R13214 RTL.exec_trans +R13214 RTL.exec_trans +R13247 RTLgenproof1.exec_instrs_incr +R13247 RTLgenproof1.exec_instrs_incr +R13298 RTL.exec_one +R13298 RTL.exec_one +R13315 RTL.exec_Istore +R13315 RTL.exec_Istore +R13362 Coq.Init.Logic "x = y" type_scope +R13358 Registers "a ## b" +R13367 Registers "a ## b" +R13362 Coq.Init.Logic "x = y" type_scope +R13358 Registers "a ## b" +R13367 Registers "a ## b" +R13383 Coqlib.list_map_exten +R13383 Coqlib.list_map_exten +R13486 RTLgenproof1.alloc_regs_fresh_or_in_map +R13486 RTLgenproof1.alloc_regs_fresh_or_in_map +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R13571 Coq.Init.Logic.sym_not_equal +R13571 Coq.Init.Logic.sym_not_equal +R13597 RTLgenproof1.bounded_fresh_different +R13597 RTLgenproof1.bounded_fresh_different +R13713 Op.eval_addressing_preserved +R13713 Op.eval_addressing_preserved +R13771 RTLgenproof.symbols_preserved +R13771 RTLgenproof.symbols_preserved +R13944 Registers "a # b" +R13944 Registers "a # b" +R13972 RTLgenproof1.reg_bounded_incr +R13972 RTLgenproof1.reg_bounded_incr +R14063 RTLgenproof1.reg_bounded_incr +R14063 RTLgenproof1.reg_bounded_incr +R14096 RTLgenproof1.state_incr_trans2 +R14096 RTLgenproof1.state_incr_trans2 +R14175 Coq.Lists.List.In_dec +R14182 Registers.eq +R14175 Coq.Lists.List.In_dec +R14182 Registers.eq +R14213 RTLgenproof1.alloc_regs_fresh_or_in_map +R14213 RTLgenproof1.alloc_regs_fresh_or_in_map +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R14916 RTLgenproof.transl_expr_correct +R14947 Cminor.Ecall +R14868 RTLgenproof.transl_function_correct +R14828 Cminor.eval_funcall +R14817 Coq.Init.Logic "x = y" type_scope +R14801 Cminor.fn_sig +R14787 Coq.Init.Logic "x = y" type_scope +R14765 Globalenvs.find_funct +R14789 Coq.Init.Datatypes.Some +R14709 RTLgenproof.transl_exprlist_correct +R14660 Cminor.eval_exprlist +R14614 RTLgenproof.transl_expr_correct +R14575 Cminor.eval_expr +R14555 Cminor.function +R14545 Values.val +R14527 Coq.Lists.List.list +R14532 Values.val +R14508 Values.val +R14497 Mem.mem +R14497 Mem.mem +R14497 Mem.mem +R14480 Cminor.env +R14480 Cminor.env +R14456 Cminor.exprlist +R14444 Cminor.expr +R14428 AST.signature +R14411 Mem.mem +R14401 Cminor.env +R14388 Cminor.letenv +R14377 Values.val +R15064 Coq.Lists.List.incl +R15070 RTLgen.mutated_expr +R15064 Coq.Lists.List.incl +R15070 RTLgen.mutated_expr +R15128 Coq.Lists.List.incl +R15134 RTLgen.mutated_exprlist +R15128 Coq.Lists.List.incl +R15134 RTLgen.mutated_exprlist +R15196 RTLgenproof1.map_wf +R15196 RTLgenproof1.map_wf +R15222 RTLgenproof1.map_wf_incr +R15222 RTLgenproof1.map_wf_incr +R15253 RTLgenproof1.state_incr_trans3 +R15253 RTLgenproof1.state_incr_trans3 +R15335 RTLgenproof1.target_reg_ok +R15335 RTLgenproof1.target_reg_ok +R15377 RTLgenproof1.target_reg_ok_incr +R15377 RTLgenproof1.target_reg_ok_incr +R15415 RTLgenproof1.state_incr_trans2 +R15415 RTLgenproof1.state_incr_trans2 +R15623 RTLgenproof1.map_wf +R15623 RTLgenproof1.map_wf +R15649 RTLgenproof1.map_wf_incr +R15649 RTLgenproof1.map_wf_incr +R15680 RTLgenproof1.state_incr_trans2 +R15680 RTLgenproof1.state_incr_trans2 +R15759 RTLgenproof1.target_regs_ok +R15759 RTLgenproof1.target_regs_ok +R15802 RTLgenproof1.target_regs_ok_incr +R15802 RTLgenproof1.target_regs_ok_incr +R15992 RTLgenproof.functions_translated +R15992 RTLgenproof.functions_translated +R16100 RTL.exec_instrs +R16169 Registers "a # b <- c" +R16117 RTLgen.st_code +R16100 RTL.exec_instrs +R16169 Registers "a # b <- c" +R16117 RTLgen.st_code +R16195 RTL.exec_one +R16195 RTL.exec_one +R16212 RTL.exec_Icall +R16212 RTL.exec_Icall +R16262 Registers "a # b" +R16262 Registers "a # b" +R16340 RTLgenproof1.reg_bounded_incr +R16340 RTLgenproof1.reg_bounded_incr +R16391 RTLgenproof1.target_reg_not_mutated +R16391 RTLgenproof1.target_reg_not_mutated +R16479 RTLgenproof1.map_wf +R16479 RTLgenproof1.map_wf +R16520 Coq.Lists.List.In_dec +R16527 Registers.eq +R16520 Coq.Lists.List.In_dec +R16527 Registers.eq +R16555 RTLgenproof1.alloc_regs_fresh_or_in_map +R16555 RTLgenproof1.alloc_regs_fresh_or_in_map +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R16649 RTLgenproof1.bounded_fresh_absurd +R16649 RTLgenproof1.bounded_fresh_absurd +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R16774 RTLgen.transl_fun +R16787 RTLgen.init_state +R16774 RTLgen.transl_fun +R16787 RTLgen.init_state +R16937 Registers "a # b <- c" +R16937 Registers "a # b <- c" +R16978 RTL.exec_trans +R16978 RTL.exec_trans +R17011 RTLgenproof1.exec_instrs_incr +R17011 RTLgenproof1.exec_instrs_incr +R17063 RTL.exec_trans +R17063 RTL.exec_trans +R17096 RTLgenproof1.exec_instrs_incr +R17096 RTLgenproof1.exec_instrs_incr +R17183 RTLgenproof1.match_env_update_temp +R17183 RTLgenproof1.match_env_update_temp +R17275 Registers.gss +R17275 Registers.gss +R17324 Registers.gso +R17324 Registers.gso +R17353 Registers "a # b" +R17353 Registers "a # b" +R17387 RTLgenproof1.reg_bounded_incr +R17387 RTLgenproof1.reg_bounded_incr +R17423 RTLgenproof1.state_incr_trans2 +R17423 RTLgenproof1.state_incr_trans2 +R17521 RTLgenproof1.map_wf +R17521 RTLgenproof1.map_wf +R17564 Coq.Lists.List.In_dec +R17571 Registers.eq +R17564 Coq.Lists.List.In_dec +R17571 Registers.eq +R17602 RTLgenproof1.alloc_regs_fresh_or_in_map +R17602 RTLgenproof1.alloc_regs_fresh_or_in_map +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R17699 RTLgenproof1.bounded_fresh_absurd +R17699 RTLgenproof1.bounded_fresh_absurd +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R17802 RTLgenproof1.reg_bounded_incr +R17802 RTLgenproof1.reg_bounded_incr +R17837 RTLgenproof1.state_incr_trans3 +R17837 RTLgenproof1.state_incr_trans3 +R17929 Registers.eq +R17929 Registers.eq +R17974 RTLgenproof1.alloc_reg_fresh_or_in_map +R17974 RTLgenproof1.alloc_reg_fresh_or_in_map +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R18560 RTLgenproof.transl_expr_correct +R18591 Cminor.Econdition +R18492 RTLgenproof.transl_expr_correct +R18431 Cminor.eval_expr +R18380 RTLgenproof.transl_condition_correct +R18337 Cminor.eval_condexpr +R18329 Values.val +R18318 Mem.mem +R18307 Cminor.env +R18295 Coq.Init.Datatypes.bool +R18279 Mem.mem +R18268 Cminor.env +R18256 Cminor.expr +R18256 Cminor.expr +R18239 Cminor.condexpr +R18224 Mem.mem +R18214 Cminor.env +R18201 Cminor.letenv +R18190 Values.val +R18730 RTLgenproof1.map_wf +R18730 RTLgenproof1.map_wf +R18756 RTLgenproof1.map_wf_incr +R18756 RTLgenproof1.map_wf_incr +R18821 Coq.Lists.List.incl +R18827 RTLgen.mutated_condexpr +R18821 Coq.Lists.List.incl +R18827 RTLgen.mutated_condexpr +R18991 RTLgenproof1.map_wf +R18991 RTLgenproof1.map_wf +R19040 Coq.Lists.List.incl +R19046 RTLgen.mutated_expr +R19040 Coq.Lists.List.incl +R19046 RTLgen.mutated_expr +R19103 RTLgenproof1.target_reg_ok +R19103 RTLgenproof1.target_reg_ok +R19160 RTLgenproof1.target_reg_other +R19160 RTLgenproof1.target_reg_other +R19338 RTL.exec_trans +R19338 RTL.exec_trans +R19371 RTLgenproof1.exec_instrs_incr +R19371 RTLgenproof1.exec_instrs_incr +R19548 Registers "a # b" +R19548 Registers "a # b" +R19621 RTLgenproof1.reg_bounded_incr +R19621 RTLgenproof1.reg_bounded_incr +R19654 RTLgenproof1.state_incr_trans +R19654 RTLgenproof1.state_incr_trans +R19726 Coq.Lists.List.incl +R19732 RTLgen.mutated_expr +R19726 Coq.Lists.List.incl +R19732 RTLgen.mutated_expr +R19789 RTLgenproof1.target_reg_ok +R19789 RTLgenproof1.target_reg_ok +R19845 RTLgenproof1.target_reg_other +R19845 RTLgenproof1.target_reg_other +R20010 RTL.exec_trans +R20010 RTL.exec_trans +R20043 RTLgenproof1.exec_instrs_incr +R20043 RTLgenproof1.exec_instrs_incr +R20220 Registers "a # b" +R20220 Registers "a # b" +R20293 RTLgenproof1.reg_bounded_incr +R20293 RTLgenproof1.reg_bounded_incr +R20326 RTLgenproof1.state_incr_trans2 +R20326 RTLgenproof1.state_incr_trans2 +R20758 RTLgenproof.transl_expr_correct +R20789 Cminor.Elet +R20702 RTLgenproof.transl_expr_correct +R20729 Coq.Lists.List "x :: y" list_scope +R20653 Cminor.eval_expr +R20673 Coq.Lists.List "x :: y" list_scope +R20607 RTLgenproof.transl_expr_correct +R20568 Cminor.eval_expr +R20560 Values.val +R20549 Mem.mem +R20538 Cminor.env +R20522 Values.val +R20511 Mem.mem +R20500 Cminor.env +R20488 Cminor.expr +R20488 Cminor.expr +R20471 Mem.mem +R20461 Cminor.env +R20448 Cminor.letenv +R20437 Values.val +R20910 RTLgenproof1.map_wf +R20910 RTLgenproof1.map_wf +R20959 Coq.Lists.List.incl +R20965 RTLgen.mutated_expr +R20959 Coq.Lists.List.incl +R20965 RTLgen.mutated_expr +R21022 RTLgenproof1.target_reg_ok +R21022 RTLgenproof1.target_reg_ok +R21062 RTLgenproof1.target_reg_other +R21062 RTLgenproof1.target_reg_other +R21212 RTLgenproof1.map_wf +R21220 RTLgen.add_letvar +R21212 RTLgenproof1.map_wf +R21220 RTLgen.add_letvar +R21252 RTLgenproof1.add_letvar_wf +R21252 RTLgenproof1.add_letvar_wf +R21301 Coq.Lists.List.incl +R21307 RTLgen.mutated_expr +R21301 Coq.Lists.List.incl +R21307 RTLgen.mutated_expr +R21363 RTLgenproof1.match_env +R21399 Coq.Lists.List "x :: y" list_scope +R21374 RTLgen.add_letvar +R21363 RTLgenproof1.match_env +R21399 Coq.Lists.List "x :: y" list_scope +R21374 RTLgen.add_letvar +R21420 RTLgenproof1.match_env_letvar +R21420 RTLgenproof1.match_env_letvar +R21466 RTLgenproof1.target_reg_ok +R21484 RTLgen.add_letvar +R21466 RTLgenproof1.target_reg_ok +R21484 RTLgen.add_letvar +R21536 RTLgenproof1.target_reg_other +R21536 RTLgenproof1.target_reg_other +R21679 RTLgenproof1.bounded_fresh_absurd +R21679 RTLgenproof1.bounded_fresh_absurd +R21949 RTL.exec_trans +R21949 RTL.exec_trans +R21982 RTLgenproof1.exec_instrs_incr +R21982 RTLgenproof1.exec_instrs_incr +R22067 RTLgenproof1.mk_match_env +R22067 RTLgenproof1.mk_match_env +R22088 RTLgenproof1.me_vars +R22088 RTLgenproof1.me_vars +R22125 RTLgenproof1.me_letvars +R22125 RTLgenproof1.me_letvars +R22285 Registers "a # b" +R22285 Registers "a # b" +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22569 RTLgenproof1.bounded_fresh_absurd +R22569 RTLgenproof1.bounded_fresh_absurd +R22797 RTLgenproof.transl_expr_correct +R22828 Cminor.Eletvar +R22783 Coq.Init.Logic "x = y" type_scope +R22768 Coq.Lists.List.nth_error +R22785 Coq.Init.Datatypes.Some +R22760 Values.val +R22750 Coq.Init.Datatypes.nat +R22740 Mem.mem +R22725 Cminor.env +R22710 Coq.Lists.List.list +R22715 Values.val +R22699 Values.val +R22964 Coq.Lists.List.nth_error +R22975 RTLgen.map_letvars +R22964 Coq.Lists.List.nth_error +R22975 RTLgen.map_letvars +R23058 RTLgenproof.add_move_correct +R23058 RTLgenproof.add_move_correct +R23234 Coq.Init.Logic "x = y" type_scope +R23234 Coq.Init.Logic "x = y" type_scope +R23270 RTLgenproof1.match_env_exten +R23270 RTLgenproof1.match_env_exten +R23312 Registers.eq +R23312 Registers.eq +R23368 RTLgenproof1.match_env_invariant +R23368 RTLgenproof1.match_env_invariant +R23528 RTLgenproof1.me_letvars +R23528 RTLgenproof1.me_letvars +R23576 Registers.reg +R23562 Coq.NArith.BinPos.positive +R23576 Registers.reg +R23562 Coq.NArith.BinPos.positive +R23591 Coqlib.list_map_nth +R23591 Coqlib.list_map_nth +R23692 Coq.Init.Logic "x = y" type_scope +R23692 Coq.Init.Logic "x = y" type_scope +R23728 Registers.eq +R23728 Registers.eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R23941 RTLgenproof.transl_condition_correct +R23987 Coq.Init.Datatypes.true +R23976 Cminor.CEtrue +R23933 Mem.mem +R23923 Cminor.env +R23910 Cminor.letenv +R23899 Values.val +R24085 RTL.exec_refl +R24085 RTL.exec_refl +R24221 RTLgenproof.transl_condition_correct +R24268 Coq.Init.Datatypes.false +R24256 Cminor.CEfalse +R24213 Mem.mem +R24203 Cminor.env +R24190 Cminor.letenv +R24179 Values.val +R24367 RTL.exec_refl +R24367 RTL.exec_refl +R24728 RTLgenproof.transl_condition_correct +R24764 Cminor.CEcond +R24713 Coq.Init.Logic "x = y" type_scope +R24690 Op.eval_condition +R24716 Coq.Init.Datatypes.Some +R24639 RTLgenproof.transl_exprlist_correct +R24595 Cminor.eval_exprlist +R24586 Coq.Init.Datatypes.bool +R24571 Coq.Lists.List.list +R24576 Values.val +R24560 Mem.mem +R24544 Cminor.env +R24528 Cminor.exprlist +R24511 Op.condition +R24494 Mem.mem +R24484 Cminor.env +R24471 Cminor.letenv +R24460 Values.val +R24882 RTLgenproof1.map_wf +R24882 RTLgenproof1.map_wf +R24946 RTLgenproof1.target_regs_ok +R24946 RTLgenproof1.target_regs_ok +R25138 RTL.exec_trans +R25138 RTL.exec_trans +R25171 RTLgenproof1.exec_instrs_incr +R25171 RTLgenproof1.exec_instrs_incr +R25222 RTL.exec_one +R25222 RTL.exec_one +R25256 RTL.exec_Icond_true +R25256 RTL.exec_Icond_true +R25328 RTL.exec_Icond_false +R25328 RTL.exec_Icond_false +R25501 Coq.Lists.List.In_dec +R25508 Registers.eq +R25501 Coq.Lists.List.In_dec +R25508 Registers.eq +R25536 RTLgenproof1.alloc_regs_fresh_or_in_map +R25536 RTLgenproof1.alloc_regs_fresh_or_in_map +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R26089 RTLgenproof.transl_condition_correct +R26125 Cminor.CEcondition +R26014 RTLgenproof.transl_condition_correct +R25947 Cminor.eval_condexpr +R25895 RTLgenproof.transl_condition_correct +R25851 Cminor.eval_condexpr +R25842 Coq.Init.Datatypes.bool +R25830 Mem.mem +R25819 Cminor.env +R25807 Coq.Init.Datatypes.bool +R25790 Mem.mem +R25779 Cminor.env +R25763 Cminor.condexpr +R25763 Cminor.condexpr +R25763 Cminor.condexpr +R25745 Mem.mem +R25735 Cminor.env +R25722 Cminor.letenv +R25711 Values.val +R26264 RTLgenproof1.map_wf +R26264 RTLgenproof1.map_wf +R26313 Coq.Lists.List.incl +R26319 RTLgen.mutated_condexpr +R26313 Coq.Lists.List.incl +R26319 RTLgen.mutated_condexpr +R26484 RTLgenproof1.map_wf +R26484 RTLgenproof1.map_wf +R26533 Coq.Lists.List.incl +R26539 RTLgen.mutated_condexpr +R26533 Coq.Lists.List.incl +R26539 RTLgen.mutated_condexpr +R26702 RTL.exec_trans +R26702 RTL.exec_trans +R26735 RTLgenproof1.exec_instrs_incr +R26735 RTLgenproof1.exec_instrs_incr +R26840 Registers "a # b" +R26840 Registers "a # b" +R26929 Coq.Lists.List.incl +R26935 RTLgen.mutated_condexpr +R26929 Coq.Lists.List.incl +R26935 RTLgen.mutated_condexpr +R27096 RTL.exec_trans +R27096 RTL.exec_trans +R27129 RTLgenproof1.exec_instrs_incr +R27129 RTLgenproof1.exec_instrs_incr +R27234 Registers "a # b" +R27234 Registers "a # b" +R27405 RTLgenproof.transl_exprlist_correct +R27448 Coq.Lists.List.nil +R27439 Cminor.Enil +R27397 Mem.mem +R27387 Cminor.env +R27374 Cminor.letenv +R27363 Values.val +R27582 RTL.exec_refl +R27582 RTL.exec_refl +R28047 RTLgenproof.transl_exprlist_correct +R28103 Coq.Lists.List "x :: y" list_scope +R28082 Cminor.Econs +R27994 RTLgenproof.transl_exprlist_correct +R27948 Cminor.eval_exprlist +R27903 RTLgenproof.transl_expr_correct +R27865 Cminor.eval_expr +R27852 Coq.Lists.List.list +R27857 Values.val +R27841 Mem.mem +R27830 Cminor.env +R27819 Values.val +R27804 Mem.mem +R27793 Cminor.env +R27777 Cminor.exprlist +R27765 Cminor.expr +R27750 Mem.mem +R27740 Cminor.env +R27727 Cminor.letenv +R27716 Values.val +R28252 Coq.Lists.List.incl +R28258 RTLgen.mutated_expr +R28252 Coq.Lists.List.incl +R28258 RTLgen.mutated_expr +R28315 Coq.Lists.List.incl +R28321 RTLgen.mutated_exprlist +R28315 Coq.Lists.List.incl +R28321 RTLgen.mutated_exprlist +R28383 RTLgenproof1.map_wf +R28383 RTLgenproof1.map_wf +R28432 RTLgenproof1.target_reg_ok +R28432 RTLgenproof1.target_reg_ok +R28717 RTL.exec_trans +R28717 RTL.exec_trans +R28750 RTLgenproof1.exec_instrs_incr +R28750 RTLgenproof1.exec_instrs_incr +R29037 Registers "a # b" +R29037 Registers "a # b" +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R29163 Coq.Init.Logic.sym_not_equal +R29163 Coq.Init.Logic.sym_not_equal +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R29704 RTLgenproof.transl_function_correct +R29739 Mem.free +R29641 Cminor.outcome_result_value +R29685 AST.sig_res +R29669 Cminor.fn_sig +R29566 RTLgenproof.transl_stmtlist_correct +R29615 Cminor.fn_body +R29591 Values.Vptr +R29599 Integers.zero +R29498 Cminor.exec_stmtlist +R29540 Cminor.fn_body +R29516 Values.Vptr +R29524 Integers.zero +R29489 Coq.Init.Logic "x = y" type_scope +R29419 Cminor.set_locals +R29450 Cminor.set_params +R29468 Cminor.fn_params +R29431 Cminor.fn_vars +R29403 Coq.Init.Logic "x = y" type_scope +R29371 Mem.alloc +R29386 Cminor.fn_stackspace +R29405 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R29363 Values.val +R29346 Cminor.outcome +R29329 Mem.mem +R29318 Cminor.env +R29318 Cminor.env +R29303 Values.block +R29292 Mem.mem +R29271 Coq.Lists.List.list +R29276 Values.val +R29245 Cminor.function +R29235 Mem.mem +R29842 RTLgen.transl_fun +R29855 RTLgen.init_state +R29842 RTLgen.transl_fun +R29855 RTLgen.init_state +R30026 RTL.init_regs +R30026 RTL.init_regs +R30060 RTLgenproof1.match_env +R30075 Coq.Lists.List.nil +R30060 RTLgenproof1.match_env +R30075 Coq.Lists.List.nil +R30122 RTLgenproof1.match_init_env_init_reg +R30122 RTLgenproof1.match_init_env_init_reg +R30171 RTLgenproof.outcome_node +R30190 Coq.Lists.List.nil +R30171 RTLgenproof.outcome_node +R30190 Coq.Lists.List.nil +R30309 RTLgenproof1.map_wf +R30309 RTLgenproof1.map_wf +R30333 RTLgenproof1.add_vars_wf +R30333 RTLgenproof1.add_vars_wf +R30368 RTLgenproof1.add_vars_wf +R30368 RTLgenproof1.add_vars_wf +R30400 RTLgenproof1.init_mapping_wf +R30400 RTLgenproof1.init_mapping_wf +R30433 RTLgenproof1.map_wf +R30433 RTLgenproof1.map_wf +R30456 RTLgenproof1.map_wf_incr +R30456 RTLgenproof1.map_wf_incr +R30483 RTLgenproof1.state_incr_trans +R30483 RTLgenproof1.state_incr_trans +R30556 RTLgenproof1.return_reg_ok +R30577 RTLgen.ret_reg +R30586 Cminor.fn_sig +R30556 RTLgenproof1.return_reg_ok +R30577 RTLgen.ret_reg +R30586 Cminor.fn_sig +R30616 RTLgenproof1.return_reg_ok_incr +R30616 RTLgenproof1.return_reg_ok_incr +R30670 RTLgenproof1.new_reg_return_ok +R30670 RTLgenproof1.new_reg_return_ok +R30836 RTLgen.ret_reg +R30845 Cminor.fn_sig +R30810 RTL.exec_funct +R30836 RTLgen.ret_reg +R30845 Cminor.fn_sig +R30810 RTL.exec_funct +R30967 RTLgenproof1.instr_at_incr +R30967 RTLgenproof1.instr_at_incr +R31161 AST.sig_res +R31170 Cminor.fn_sig +R31161 AST.sig_res +R31170 Cminor.fn_sig +R31607 RTLgenproof.transl_stmt_correct +R31650 Cminor.Out_normal +R31635 Cminor.Sexpr +R31561 RTLgenproof.transl_expr_correct +R31584 Coq.Lists.List.nil +R31522 Cminor.eval_expr +R31538 Coq.Lists.List.nil +R31514 Values.val +R31504 Mem.mem +R31493 Cminor.env +R31476 Cminor.expr +R31466 Mem.mem +R31456 Cminor.env +R31446 Values.val +R31786 RTLgenproof1.map_wf +R31786 RTLgenproof1.map_wf +R31834 RTLgenproof1.target_reg_ok +R31856 RTLgen.mutated_expr +R31834 RTLgenproof1.target_reg_ok +R31856 RTLgen.mutated_expr +R31941 Coq.Lists.List.incl_refl +R31952 RTLgen.mutated_expr +R31941 Coq.Lists.List.incl_refl +R31952 RTLgen.mutated_expr +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R32486 RTLgenproof.transl_stmt_correct +R32514 Cminor.Sifthenelse +R32412 RTLgenproof.transl_stmtlist_correct +R32345 Cminor.exec_stmtlist +R32293 RTLgenproof.transl_condition_correct +R32321 Coq.Lists.List.nil +R32249 Cminor.eval_condexpr +R32269 Coq.Lists.List.nil +R32237 Cminor.outcome +R32225 Mem.mem +R32214 Cminor.env +R32202 Coq.Init.Datatypes.bool +R32186 Mem.mem +R32175 Cminor.env +R32159 Cminor.stmtlist +R32159 Cminor.stmtlist +R32134 Cminor.condexpr +R32124 Mem.mem +R32114 Cminor.env +R32104 Values.val +R32613 RTLgen.more_likely +R32613 RTLgen.more_likely +R32684 RTLgenproof1.map_wf +R32684 RTLgenproof1.map_wf +R32764 Coq.Lists.List.incl_refl +R32764 Coq.Lists.List.incl_refl +R32845 RTLgenproof1.map_wf +R32845 RTLgenproof1.map_wf +R32894 RTLgenproof1.return_reg_ok +R32894 RTLgenproof1.return_reg_ok +R33063 RTL.exec_trans +R33063 RTL.exec_trans +R33093 RTLgenproof1.exec_instrs_incr +R33093 RTLgenproof1.exec_instrs_incr +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R33279 RTL.exec_trans +R33279 RTL.exec_trans +R33309 RTLgenproof1.exec_instrs_incr +R33309 RTLgenproof1.exec_instrs_incr +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R33391 RTLgenproof1.map_wf +R33391 RTLgenproof1.map_wf +R33471 Coq.Lists.List.incl_refl +R33471 Coq.Lists.List.incl_refl +R33657 RTL.exec_trans +R33657 RTL.exec_trans +R33687 RTLgenproof1.exec_instrs_incr +R33687 RTLgenproof1.exec_instrs_incr +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R33768 RTLgenproof1.map_wf +R33768 RTLgenproof1.map_wf +R33817 RTLgenproof1.return_reg_ok +R33817 RTLgenproof1.return_reg_ok +R33986 RTL.exec_trans +R33986 RTL.exec_trans +R34016 RTLgenproof1.exec_instrs_incr +R34016 RTLgenproof1.exec_instrs_incr +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R34461 RTLgenproof.transl_stmt_correct +R34489 Cminor.Sloop +R34406 RTLgenproof.transl_stmt_correct +R34436 Cminor.Sloop +R34358 Cminor.exec_stmt +R34381 Cminor.Sloop +R34302 RTLgenproof.transl_stmtlist_correct +R34342 Cminor.Out_normal +R34253 Cminor.exec_stmtlist +R34286 Cminor.Out_normal +R34241 Cminor.outcome +R34224 Mem.mem +R34213 Cminor.env +R34202 Mem.mem +R34191 Cminor.env +R34170 Cminor.stmtlist +R34159 Mem.mem +R34149 Cminor.env +R34139 Values.val +R34620 RTLgenproof1.map_wf +R34620 RTLgenproof1.map_wf +R34642 RTLgenproof1.map_wf_incr +R34642 RTLgenproof1.map_wf_incr +R34671 RTLgenproof1.reserve_instr_incr +R34671 RTLgenproof1.reserve_instr_incr +R34728 RTLgenproof.outcome_node +R34741 Cminor.Out_normal +R34728 RTLgenproof.outcome_node +R34741 Cminor.Out_normal +R34815 RTLgenproof1.return_reg_ok +R34815 RTLgenproof1.return_reg_ok +R34852 RTLgenproof1.return_reg_ok_incr +R34852 RTLgenproof1.return_reg_ok_incr +R34888 RTLgenproof1.reserve_instr_incr +R34888 RTLgenproof1.reserve_instr_incr +R35142 RTL.exec_trans +R35142 RTL.exec_trans +R35162 RTLgenproof1.exec_instrs_extends +R35162 RTLgenproof1.exec_instrs_extends +R35201 RTLgenproof1.update_instr_extends +R35201 RTLgenproof1.update_instr_extends +R35285 RTL.exec_trans +R35285 RTL.exec_trans +R35320 RTL.exec_one +R35320 RTL.exec_one +R35336 RTL.exec_Inop +R35336 RTL.exec_Inop +R35396 Coqlib.plt +R35403 RTLgen.st_nextnode +R35396 Coqlib.plt +R35403 RTLgen.st_nextnode +R35470 Maps.gss +R35470 Maps.gss +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R35762 RTLgenproof.transl_stmt_correct +R35790 Cminor.Sloop +R35743 Coq.Init.Logic "x <> y" type_scope +R35746 Cminor.Out_normal +R35690 RTLgenproof.transl_stmtlist_correct +R35648 Cminor.exec_stmtlist +R35636 Cminor.outcome +R35624 Mem.mem +R35613 Cminor.env +R35592 Cminor.stmtlist +R35581 Mem.mem +R35571 Cminor.env +R35561 Values.val +R35905 RTLgenproof1.map_wf +R35905 RTLgenproof1.map_wf +R35927 RTLgenproof1.map_wf_incr +R35927 RTLgenproof1.map_wf_incr +R35956 RTLgenproof1.reserve_instr_incr +R35956 RTLgenproof1.reserve_instr_incr +R36011 RTLgenproof.outcome_node +R36011 RTLgenproof.outcome_node +R36140 RTLgenproof1.return_reg_ok +R36140 RTLgenproof1.return_reg_ok +R36177 RTLgenproof1.return_reg_ok_incr +R36177 RTLgenproof1.return_reg_ok_incr +R36213 RTLgenproof1.reserve_instr_incr +R36213 RTLgenproof1.reserve_instr_incr +R36376 RTLgenproof1.exec_instrs_extends +R36376 RTLgenproof1.exec_instrs_extends +R36415 RTLgenproof1.update_instr_extends +R36415 RTLgenproof1.update_instr_extends +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R36734 RTLgenproof.transl_stmt_correct +R36780 Cminor.outcome_block +R36762 Cminor.Sblock +R36685 RTLgenproof.transl_stmtlist_correct +R36643 Cminor.exec_stmtlist +R36631 Cminor.outcome +R36619 Mem.mem +R36608 Cminor.env +R36587 Cminor.stmtlist +R36576 Mem.mem +R36566 Cminor.env +R36556 Values.val +R36860 RTLgenproof.outcome_node +R36890 Coq.Lists.List "x :: y" list_scope +R36860 RTLgenproof.outcome_node +R36890 Coq.Lists.List "x :: y" list_scope +R37416 RTLgenproof.transl_stmt_correct +R37458 Cminor.Out_exit +R37444 Cminor.Sexit +R37408 Coq.Init.Datatypes.nat +R37398 Mem.mem +R37388 Cminor.env +R37378 Values.val +R37534 Coq.Lists.List.nth_error +R37534 Coq.Lists.List.nth_error +R37620 Coq.Init.Logic "x = y" type_scope +R37620 Coq.Init.Logic "x = y" type_scope +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R37679 RTL.exec_refl +R37679 RTL.exec_refl +R37799 RTLgenproof.transl_stmt_correct +R37846 Cminor.Out_return +R37857 Coq.Init.Datatypes.None +R37827 Cminor.Sreturn +R37835 Coq.Init.Datatypes.None +R37791 Mem.mem +R37781 Cminor.env +R37771 Values.val +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R38014 RTL.exec_refl +R38014 RTL.exec_refl +R38246 RTLgenproof.transl_stmt_correct +R38299 Cminor.Out_return +R38311 Coq.Init.Datatypes.Some +R38274 Cminor.Sreturn +R38283 Coq.Init.Datatypes.Some +R38200 RTLgenproof.transl_expr_correct +R38223 Coq.Lists.List.nil +R38161 Cminor.eval_expr +R38177 Coq.Lists.List.nil +R38153 Values.val +R38143 Mem.mem +R38132 Cminor.env +R38115 Cminor.expr +R38105 Mem.mem +R38095 Cminor.env +R38085 Values.val +R38415 RTLgenproof1.target_reg_ok +R38436 RTLgen.mutated_expr +R38415 RTLgenproof1.target_reg_ok +R38436 RTLgen.mutated_expr +R38481 RTLgenproof1.target_reg_other +R38481 RTLgenproof1.target_reg_other +R38549 Coq.Lists.List.incl_refl +R38549 Coq.Lists.List.incl_refl +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R38756 RTLgenproof.transl_stmtlist_correct +R38796 Cminor.Out_normal +R38787 Cminor.Snil +R38748 Mem.mem +R38738 Cminor.env +R38728 Values.val +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R38953 RTL.exec_refl +R38953 RTL.exec_refl +R39345 RTLgenproof.transl_stmtlist_correct +R39377 Cminor.Scons +R39294 RTLgenproof.transl_stmtlist_correct +R39250 Cminor.exec_stmtlist +R39199 RTLgenproof.transl_stmt_correct +R39234 Cminor.Out_normal +R39155 Cminor.exec_stmt +R39183 Cminor.Out_normal +R39143 Cminor.outcome +R39131 Mem.mem +R39115 Cminor.env +R39104 Mem.mem +R39093 Cminor.env +R39077 Cminor.stmtlist +R39060 Cminor.stmt +R39050 Mem.mem +R39040 Cminor.env +R39030 Values.val +R39483 RTLgenproof1.map_wf +R39483 RTLgenproof1.map_wf +R39532 RTLgenproof.outcome_node +R39545 Cminor.Out_normal +R39532 RTLgenproof.outcome_node +R39545 Cminor.Out_normal +R39607 RTLgenproof1.return_reg_ok +R39607 RTLgenproof1.return_reg_ok +R39876 RTL.exec_trans +R39876 RTL.exec_trans +R39909 RTLgenproof1.exec_instrs_incr +R39909 RTLgenproof1.exec_instrs_incr +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R40263 RTLgenproof.transl_stmtlist_correct +R40295 Cminor.Scons +R40244 Coq.Init.Logic "x <> y" type_scope +R40247 Cminor.Out_normal +R40196 RTLgenproof.transl_stmt_correct +R40159 Cminor.exec_stmt +R40147 Cminor.outcome +R40135 Mem.mem +R40124 Cminor.env +R40108 Cminor.stmtlist +R40091 Cminor.stmt +R40081 Mem.mem +R40071 Cminor.env +R40061 Values.val +R40414 RTLgenproof1.map_wf +R40414 RTLgenproof1.map_wf +R40463 RTLgenproof.outcome_node +R40463 RTLgenproof.outcome_node +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R40554 RTLgenproof1.return_reg_ok +R40554 RTLgenproof1.return_reg_ok +R41165 RTLgenproof.transl_function_correct +R41126 Cminor.eval_funcall +R41217 RTLgenproof.eval_funcall_ind_6 +R42272 RTLgenproof.transl_stmtlist_Scons_stop_correct +R42229 RTLgenproof.transl_stmtlist_Scons_continue_correct +R42196 RTLgenproof.transl_stmtlist_Snil_correct +R42159 RTLgenproof.transl_stmt_Sreturn_some_correct +R42122 RTLgenproof.transl_stmt_Sreturn_none_correct +R42092 RTLgenproof.transl_stmt_Sexit_correct +R42061 RTLgenproof.transl_stmt_Sblock_correct +R42026 RTLgenproof.transl_stmt_Sloop_stop_correct +R41991 RTLgenproof.transl_stmt_Sloop_loop_correct +R41955 RTLgenproof.transl_stmt_Sifthenelse_correct +R41925 RTLgenproof.transl_stmt_Sexpr_correct +R41898 RTLgenproof.transl_funcall_correct +R41864 RTLgenproof.transl_exprlist_Econs_correct +R41831 RTLgenproof.transl_exprlist_Enil_correct +R41790 RTLgenproof.transl_condition_CEcondition_correct +R41754 RTLgenproof.transl_condition_CEcond_correct +R41717 RTLgenproof.transl_condition_CEfalse_correct +R41681 RTLgenproof.transl_condition_CEtrue_correct +R41649 RTLgenproof.transl_expr_Eletvar_correct +R41620 RTLgenproof.transl_expr_Elet_correct +R41585 RTLgenproof.transl_expr_Econdition_correct +R41555 RTLgenproof.transl_expr_Ecall_correct +R41524 RTLgenproof.transl_expr_Estore_correct +R41494 RTLgenproof.transl_expr_Eload_correct +R41466 RTLgenproof.transl_expr_Eop_correct +R41434 RTLgenproof.transl_expr_Eassign_correct +R41405 RTLgenproof.transl_expr_Evar_correct +R41376 RTLgenproof.transl_stmtlist_correct +R41352 RTLgenproof.transl_stmt_correct +R41324 RTLgenproof.transl_function_correct +R41296 RTLgenproof.transl_exprlist_correct +R41267 RTLgenproof.transl_condition_correct +R41243 RTLgenproof.transl_expr_correct +R42395 RTL.exec_program +R42363 Cminor.exec_program +R42355 Values.val +R42491 RTLgenproof.function_ptr_translated +R42491 RTLgenproof.function_ptr_translated +R42612 RTLgenproof.symbols_preserved +R42612 RTLgenproof.symbols_preserved +R42643 AST.prog_main +R42666 AST.prog_main +R42643 AST.prog_main +R42666 AST.prog_main +R42752 RTLgen.transl_function +R42716 AST.transform_partial_program_main +R42752 RTLgen.transl_function +R42716 AST.transform_partial_program_main +R42872 RTLgen.transl_fun +R42885 RTLgen.init_state +R42872 RTLgen.transl_fun +R42885 RTLgen.init_state +R43017 Globalenvs.init_mem_transf_partial +R43046 RTLgen.transl_function +R43017 Globalenvs.init_mem_transf_partial +R43046 RTLgen.transl_function +R43085 RTLgenproof.transl_function_correctness +R43085 RTLgenproof.transl_function_correctness +FRTLtyping +R185 AST.typ +R178 Registers.reg +R224 RTLtyping.regenv +R248 RTL.function +R280 RTL.instruction +R348 RTL.Inop +R433 RTL.Iop +R447 Coq.Lists.List "x :: y" list_scope +R450 Coq.Lists.List.nil +R437 Op.Omove +R406 Coq.Init.Logic "x = y" type_scope +R511 RTL.Iop +R522 Coq.Lists.List.nil +R515 Op.Oundef +R685 RTL.Iop +R643 Coq.Init.Logic "x = y" type_scope +R614 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R615 Coq.Lists.List.map +R645 Op.type_of_operation +R595 Coq.Init.Logic "x <> y" type_scope +R598 Op.Oundef +R580 Coq.Init.Logic "x <> y" type_scope +R583 Op.Omove +R862 RTL.Iload +R821 Coq.Init.Logic "x = y" type_scope +R823 Op.type_of_chunk +R778 Coq.Init.Logic "x = y" type_scope +R760 Coq.Lists.List.map +R780 Op.type_of_addressing +R1050 RTL.Istore +R1009 Coq.Init.Logic "x = y" type_scope +R1011 Op.type_of_chunk +R966 Coq.Init.Logic "x = y" type_scope +R948 Coq.Lists.List.map +R968 Op.type_of_addressing +R1330 RTL.Icall +R1251 Coq.Init.Logic "x = y" type_scope +R1264 AST.sig_res +R1278 Coq.Init.Datatypes.None +R1286 AST.Tint +R1293 Coq.Init.Datatypes.Some +R1217 Coq.Init.Logic "x = y" type_scope +R1199 Coq.Lists.List.map +R1224 AST.sig_args +R1148 Coq.Init.Datatypes.inl +R1163 Coq.Init.Logic "x = y" type_scope +R1165 AST.Tint +R1172 Coq.Init.Datatypes.inr +R1181 Coq.Init.Logic.True +R1468 RTL.Icond +R1424 Coq.Init.Logic "x = y" type_scope +R1406 Coq.Lists.List.map +R1426 Op.type_of_condition +R1603 RTL.Ireturn +R1557 Coq.Init.Logic "x = y" type_scope +R1535 Coqlib.option_map +R1575 AST.sig_res +R1566 RTL.fn_sig +R1661 RTLtyping.regenv +R1673 RTL.function +R1760 Coq.Init.Logic "x = y" type_scope +R1733 Coq.Lists.List.map +R1749 RTL.fn_params +R1774 AST.sig_args +R1765 RTL.fn_sig +R1807 Coqlib.list_norepet +R1823 RTL.fn_params +R1904 RTLtyping.wt_instr +R1888 Coq.Init.Logic "x = y" type_scope +R1884 Maps "a ! b" +R1876 RTL.fn_code +R1890 Coq.Init.Datatypes.Some +R2107 AST.typ +R2129 Registers.reg +R2174 RTLtyping.myT +R2215 Coq.Init.Specif "{ A } + { B }" type_scope +R2217 Coq.Init.Logic "x = y" type_scope +R2223 Coq.Init.Logic "x <> y" type_scope +R2211 RTLtyping.T +R2211 RTLtyping.T +R2287 Coq.Init.Specif.right +R2320 Coq.Init.Specif.left +R2287 Coq.Init.Specif.right +R2287 Coq.Init.Specif.right +R2287 Coq.Init.Specif.right +R2287 Coq.Init.Specif.right +R2320 Coq.Init.Specif.left +R2320 Coq.Init.Specif.left +R2385 Coq.Init.Specif.right +R2416 Coq.Init.Specif.left +R2385 Coq.Init.Specif.right +R2385 Coq.Init.Specif.right +R2385 Coq.Init.Specif.right +R2385 Coq.Init.Specif.right +R2416 Coq.Init.Specif.left +R2416 Coq.Init.Specif.left +R2445 Coqlib.peq +R2445 Coqlib.peq +R2485 Coq.Init.Specif.left +R2497 Coq.Init.Logic.refl_equal +R2485 Coq.Init.Specif.left +R2497 Coq.Init.Logic.refl_equal +R2519 Coq.Init.Specif.right +R2519 Coq.Init.Specif.right +R2595 RTLtyping.T +R2640 Coq.NArith.BinPos.positive +R2675 RTLtyping.tTy +R2679 AST.Tint +R2687 Coq.NArith.BinPos.xH +R2696 RTLtyping.tTy +R2700 AST.Tfloat +R2710 Coq.NArith.BinPos.xI +R2713 Coq.NArith.BinPos.xH +R2722 RTLtyping.tReg +R2732 Coq.NArith.BinPos.xO +R2629 RTLtyping.T +R2783 RTLtyping.elt +R2813 Coq.NArith.BinPos.xH +R2819 RTLtyping.tTy +R2823 AST.Tint +R2834 Coq.NArith.BinPos.xI +R2842 RTLtyping.tTy +R2846 AST.Tfloat +R2859 Coq.NArith.BinPos.xO +R2867 RTLtyping.tReg +R2771 Coq.NArith.BinPos.positive +R2946 Coq.Init.Logic "x = y" type_scope +R2928 RTLtyping.decode +R2936 RTLtyping.encode +R2919 RTLtyping.T +R3093 Coq.Init.Logic "x = y" type_scope +R3077 Coq.Init.Logic "x = y" type_scope +R3068 RTLtyping.encode +R3079 RTLtyping.encode +R3058 RTLtyping.T +R3058 RTLtyping.T +R3258 Maps.t +R3266 Coq.NArith.BinPos.positive +R3298 Maps.empty +R3310 Coq.NArith.BinPos.positive +R3364 Coqlib.option_map +R3383 Maps.get +R3394 RTLtyping.encode +R3375 RTLtyping.decode +R3354 RTLtyping.T +R3344 RTLtyping.elt +R3458 Maps.set +R3482 RTLtyping.encode +R3469 RTLtyping.encode +R3448 RTLtyping.T +R3438 RTLtyping.elt +R3438 RTLtyping.elt +R3550 Coq.Init.Logic "x = y" type_scope +R3538 RTLtyping.get +R3544 RTLtyping.empty +R3552 Coq.Init.Datatypes.None +R3532 RTLtyping.elt +R3620 Maps.gempty +R3620 Maps.gempty +R3730 Coq.Init.Logic "x = y" type_scope +R3712 RTLtyping.get +R3719 RTLtyping.add +R3732 Coq.Init.Datatypes.Some +R3708 RTLtyping.T +R3698 RTLtyping.elt +R3698 RTLtyping.elt +R3801 Maps.gss +R3801 Maps.gss +R3831 RTLtyping.encode_decode +R3831 RTLtyping.encode_decode +R3943 Coq.Init.Logic "x = y" type_scope +R3925 RTLtyping.get +R3932 RTLtyping.add +R3945 RTLtyping.get +R3917 Coq.Init.Logic "x <> y" type_scope +R3911 RTLtyping.T +R3901 RTLtyping.elt +R3901 RTLtyping.elt +R3901 RTLtyping.elt +R4015 Maps.gso +R4015 Maps.gso +R4058 RTLtyping.encode_injective +R4058 RTLtyping.encode_injective +R4162 RTLtyping.identify +R4195 RTLtyping.tTy +R4199 AST.Tfloat +R4184 RTLtyping.tTy +R4188 AST.Tint +R4174 RTLtyping.empty +R4351 RTLtyping.T +R4314 Coq.Lists.List.list +R4300 Coq.Lists.List.list +R4288 RTLtyping.T +R4259 RTLtyping.T +R4241 RTLtyping.T +R4385 Coq.Lists.List "x :: y" list_scope +R4393 Coq.Lists.List "x :: y" list_scope +R4434 Coq.Lists.List.nil +R4439 Coq.Lists.List.nil +R4463 RTLtyping.error +R4314 Coq.Lists.List.list +R4300 Coq.Lists.List.list +R4288 RTLtyping.T +R4259 RTLtyping.T +R4241 RTLtyping.T +R4638 RTLtyping.T +R4670 Coq.Init.Datatypes.Some +R4678 Coq.Init.Datatypes.Some +R4703 Coq.Init.Datatypes.None +R4709 Coq.Init.Datatypes.None +R4734 RTLtyping.error +R4602 Coq.Init.Datatypes.option +R4586 Coq.Init.Datatypes.option +R4574 RTLtyping.T +R4536 RTLtyping.T +R4518 RTLtyping.T +R4781 Coq.Init.Datatypes.bool +R4815 AST.Tint +R4821 AST.Tint +R4829 Coq.Init.Datatypes.true +R4838 AST.Tfloat +R4846 AST.Tfloat +R4856 Coq.Init.Datatypes.true +R4873 Coq.Init.Datatypes.false +R4774 AST.typ +R4774 AST.typ +R4947 RTLtyping.identify +R4971 RTLtyping.tTy +R4962 RTLtyping.tReg +R4937 AST.typ +R4927 Registers.reg +R4916 RTLtyping.T +R5057 Coq.Init.Datatypes.inl +R5066 RTLtyping.identify +R5090 RTLtyping.tTy +R5094 AST.Tint +R5081 RTLtyping.tReg +R5104 Coq.Init.Datatypes.inr +R5025 Coq.Init.Datatypes "x + y" type_scope +R5022 Registers.reg +R5026 AST.ident +R5009 RTLtyping.T +R5184 AST.sig_res +R5198 Coq.Init.Datatypes.None +R5206 AST.Tint +R5213 Coq.Init.Datatypes.Some +R5157 AST.signature +R5349 RTL.Inop +R5365 RTL.Iop +R5369 Op.Omove +R5379 Coq.Lists.List "x :: y" list_scope +R5382 Coq.Lists.List.nil +R5395 RTLtyping.identify +R5420 RTLtyping.tReg +R5410 RTLtyping.tReg +R5433 RTL.Iop +R5437 Op.Omove +R5452 RTLtyping.error +R5462 RTL.Iop +R5466 Op.Oundef +R5473 Coq.Lists.List.nil +R5490 RTL.Iop +R5494 Op.Oundef +R5510 RTLtyping.error +R5520 RTL.Iop +R5570 Op.type_of_operation +R5644 RTLtyping.fold2 +R5650 RTLtyping.type_rtl_arg +R5610 RTLtyping.type_rtl_arg +R5682 RTL.Iload +R5779 RTLtyping.fold2 +R5807 Op.type_of_addressing +R5785 RTLtyping.type_rtl_arg +R5730 RTLtyping.type_rtl_arg +R5749 Op.type_of_chunk +R5836 RTL.Istore +R5932 RTLtyping.fold2 +R5960 Op.type_of_addressing +R5938 RTLtyping.type_rtl_arg +R5883 RTLtyping.type_rtl_arg +R5902 Op.type_of_chunk +R5989 RTL.Icall +R6122 RTLtyping.fold2 +R6155 AST.sig_args +R6128 RTLtyping.type_rtl_arg +R6071 RTLtyping.type_rtl_arg +R6091 RTLtyping.type_of_sig_res +R6033 RTLtyping.type_rtl_ros +R6169 RTL.Icond +R6198 RTLtyping.fold2 +R6225 Op.type_of_condition +R6204 RTLtyping.type_rtl_arg +R6253 RTL.Ireturn +R6266 RTLtyping.option_fold2 +R6279 RTLtyping.type_rtl_arg +R5314 RTL.instruction +R5299 Coq.NArith.BinPos.positive +R5288 RTLtyping.T +R5267 Coq.Init.Datatypes.option +R5274 AST.typ +R6356 RTLtyping.eq +R6387 RTLtyping.repr +R6398 RTLtyping.tTy +R6402 AST.Tfloat +R6366 RTLtyping.repr +R6377 RTLtyping.tReg +R6432 AST.Tint +R6418 AST.Tfloat +R6343 Registers.reg +R6332 RTLtyping.T +R6493 Coq.Init.Datatypes.bool +R6470 Coq.Lists.List.list +R6475 Registers.reg +R6460 Registers.reg +R6520 Coq.Lists.List.nil +R6527 Coq.Init.Datatypes.false +R6539 Coq.Lists.List "x :: y" list_scope +R6553 Coqlib.peq +R6566 Coq.Init.Datatypes.true +R6470 Coq.Lists.List.list +R6475 Registers.reg +R6460 Registers.reg +R6630 Coq.Init.Datatypes.bool +R6618 Coq.Lists.List.list +R6623 Registers.reg +R6657 Coq.Lists.List.nil +R6664 Coq.Init.Datatypes.false +R6676 Coq.Lists.List "x :: y" list_scope +R6701 Coq.Bool.Bool "x || y" bool_scope +R6687 RTLtyping.member +R6618 Coq.Lists.List.list +R6623 Registers.reg +R6956 RTLtyping.repet +R6965 RTL.fn_params +R7004 RTLtyping.eq +R7038 RTLtyping.repr +R7050 RTLtyping.tTy +R7054 AST.Tfloat +R7014 RTLtyping.repr +R7026 RTLtyping.tTy +R7030 AST.Tint +R7086 Coq.Init.Datatypes.Some +R7092 RTLtyping.mk_env +R7072 Coq.Init.Datatypes.None +R6985 Coq.Init.Datatypes.None +R6890 RTLtyping.fold2 +R6938 AST.sig_args +R6929 RTL.fn_sig +R6915 RTL.fn_params +R6896 RTLtyping.type_rtl_arg +R6782 Maps.fold +R6866 RTLtyping.empty +R6857 RTL.fn_code +R6794 RTLtyping.type_rtl_instr +R6821 AST.sig_res +R6812 RTL.fn_sig +R6757 RTL.function +R7294 Coq.Init.Logic "x <> y" type_scope +R7273 RTLtyping.repr +R7284 RTLtyping.tTy +R7288 AST.Tint +R7297 RTLtyping.repr +R7308 RTLtyping.tTy +R7312 AST.Tfloat +R7262 RTLtyping.T +R7482 Coq.Init.Logic "x = y" type_scope +R7412 RTLtyping.eq +R7445 RTLtyping.repr +R7456 RTLtyping.tTy +R7460 AST.Tfloat +R7422 RTLtyping.repr +R7433 RTLtyping.tTy +R7437 AST.Tint +R7390 RTLtyping.consistent +R7360 RTLtyping.T +R7554 RTLtyping.eq +R7587 RTLtyping.repr +R7598 RTLtyping.tTy +R7602 AST.Tfloat +R7564 RTLtyping.repr +R7575 RTLtyping.tTy +R7579 AST.Tint +R7554 RTLtyping.eq +R7587 RTLtyping.repr +R7598 RTLtyping.tTy +R7602 AST.Tfloat +R7564 RTLtyping.repr +R7575 RTLtyping.tTy +R7579 AST.Tint +R7725 Coq.Init.Logic "x = y" type_scope +R7699 RTLtyping.eq +R7666 RTLtyping.myT +R7767 RTLtyping.eq +R7767 RTLtyping.eq +R7848 RTLtyping.consistent +R7859 RTLtyping.error +R7904 RTLtyping.consistent +R7915 RTLtyping.error +R7904 RTLtyping.consistent +R7915 RTLtyping.error +R8000 RTLtyping.sameclass_identify_1 +R8000 RTLtyping.sameclass_identify_1 +R8119 Coq.Init.Logic "x = y" type_scope +R8106 Coq.Init.Logic "x = y" type_scope +R8096 RTLtyping.teq +R8108 Coq.Init.Datatypes.true +R8090 AST.typ +R8090 AST.typ +R8327 Coq.Init.Logic "x = y" type_scope +R8313 RTLtyping.repr +R8329 RTLtyping.repr +R8294 Coq.Init.Logic "x = y" type_scope +R8280 RTLtyping.repr +R8296 RTLtyping.repr +R8270 RTLtyping.myT +R8270 RTLtyping.myT +R8237 RTLtyping.T +R8237 RTLtyping.T +R8388 RTLtyping.included +R8381 RTLtyping.T +R8535 RTLtyping.included +R8517 RTLtyping.included +R8499 RTLtyping.included +R8490 RTLtyping.T +R8490 RTLtyping.T +R8490 RTLtyping.T +R8685 RTLtyping.consistent +R8668 RTLtyping.consistent +R8650 RTLtyping.included +R8641 RTLtyping.T +R8641 RTLtyping.T +R8870 RTLtyping.included +R8882 RTLtyping.identify +R8864 RTLtyping.myT +R8864 RTLtyping.myT +R8849 RTLtyping.T +R8950 RTLtyping.sameclass_identify_2 +R8950 RTLtyping.sameclass_identify_2 +R9139 Coq.Init.Logic "x = y" type_scope +R9096 RTLtyping.repr +R9126 RTLtyping.tReg +R9105 RTLtyping.type_rtl_arg +R9141 RTLtyping.repr +R9171 RTLtyping.tTy +R9150 RTLtyping.type_rtl_arg +R9059 RTLtyping.consistent +R9071 RTLtyping.type_rtl_arg +R9051 AST.typ +R9041 Registers.reg +R9030 RTLtyping.T +R9237 RTLtyping.sameclass_identify_1 +R9237 RTLtyping.sameclass_identify_1 +R9413 Coq.Init.Logic "x = y" type_scope +R9383 RTLtyping.mk_env +R9391 RTLtyping.type_rtl_arg +R9348 RTLtyping.consistent +R9360 RTLtyping.type_rtl_arg +R9340 AST.typ +R9330 Registers.reg +R9319 RTLtyping.T +R9471 RTLtyping.type_arg_correct_1 +R9471 RTLtyping.type_arg_correct_1 +R9517 RTLtyping.consistent_not_eq +R9517 RTLtyping.consistent_not_eq +R9556 RTLtyping.eq +R9566 RTLtyping.repr +R9601 RTLtyping.tTy +R9605 AST.Tfloat +R9575 RTLtyping.type_rtl_arg +R9592 AST.Tfloat +R9556 RTLtyping.eq +R9566 RTLtyping.repr +R9601 RTLtyping.tTy +R9605 AST.Tfloat +R9575 RTLtyping.type_rtl_arg +R9592 AST.Tfloat +R9717 RTLtyping.included +R9729 RTLtyping.type_rtl_arg +R9711 AST.typ +R9701 Registers.reg +R9690 RTLtyping.T +R9806 RTLtyping.included_identify +R9806 RTLtyping.included_identify +R9936 RTLtyping.consistent +R9901 RTLtyping.consistent +R9913 RTLtyping.type_rtl_arg +R9893 AST.typ +R9883 Registers.reg +R9872 RTLtyping.T +R10013 RTLtyping.type_rtl_arg +R9981 RTLtyping.included_consistent +R10013 RTLtyping.type_rtl_arg +R9981 RTLtyping.included_consistent +R10044 RTLtyping.type_arg_included +R10044 RTLtyping.type_arg_included +R10208 RTLtyping.included +R10220 RTLtyping.fold2 +R10226 RTLtyping.type_rtl_arg +R10163 RTLtyping.consistent +R10175 RTLtyping.fold2 +R10181 RTLtyping.type_rtl_arg +R10154 RTLtyping.T +R10139 Coq.Lists.List.list +R10144 AST.typ +R10123 Coq.Lists.List.list +R10128 Registers.reg +R10326 RTLtyping.included_refl +R10326 RTLtyping.included_refl +R10363 RTLtyping.error_inconsistent +R10363 RTLtyping.error_inconsistent +R10411 RTLtyping.error_inconsistent +R10411 RTLtyping.error_inconsistent +R10501 RTLtyping.type_rtl_arg +R10474 RTLtyping.included_trans +R10501 RTLtyping.type_rtl_arg +R10474 RTLtyping.included_trans +R10532 RTLtyping.type_arg_included +R10532 RTLtyping.type_arg_included +R10709 RTLtyping.consistent +R10666 RTLtyping.consistent +R10678 RTLtyping.fold2 +R10684 RTLtyping.type_rtl_arg +R10657 RTLtyping.T +R10642 Coq.Lists.List.list +R10647 AST.typ +R10626 Coq.Lists.List.list +R10631 Registers.reg +R10755 RTLtyping.included_consistent +R10780 RTLtyping.type_args_included +R10755 RTLtyping.included_consistent +R10780 RTLtyping.type_args_included +R11001 Coq.Init.Logic "x = y" type_scope +R10956 Coq.Lists.List.map +R10961 RTLtyping.mk_env +R10969 RTLtyping.fold2 +R10975 RTLtyping.type_rtl_arg +R10911 RTLtyping.consistent +R10923 RTLtyping.fold2 +R10929 RTLtyping.type_rtl_arg +R10902 RTLtyping.T +R10887 Coq.Lists.List.list +R10892 AST.typ +R10871 Coq.Lists.List.list +R10876 Registers.reg +R11114 RTLtyping.error_inconsistent +R11114 RTLtyping.error_inconsistent +R11191 RTLtyping.error_inconsistent +R11191 RTLtyping.error_inconsistent +R11266 RTLtyping.type_rtl_arg +R11266 RTLtyping.type_rtl_arg +R11338 RTLtyping.type_args_included +R11375 RTLtyping.tTy +R11379 AST.Tint +R11366 RTLtyping.tReg +R11338 RTLtyping.type_args_included +R11375 RTLtyping.tTy +R11379 AST.Tint +R11366 RTLtyping.tReg +R11399 RTLtyping.consistent_not_eq +R11399 RTLtyping.consistent_not_eq +R11434 RTLtyping.type_arg_correct_1 +R11434 RTLtyping.type_arg_correct_1 +R11464 RTLtyping.type_args_extends +R11464 RTLtyping.type_args_extends +R11529 RTLtyping.type_args_included +R11566 RTLtyping.tTy +R11570 AST.Tfloat +R11557 RTLtyping.tReg +R11529 RTLtyping.type_args_included +R11566 RTLtyping.tTy +R11570 AST.Tfloat +R11557 RTLtyping.tReg +R11592 RTLtyping.equal_eq +R11592 RTLtyping.equal_eq +R11618 RTLtyping.type_arg_correct_1 +R11618 RTLtyping.type_arg_correct_1 +R11648 RTLtyping.type_args_extends +R11648 RTLtyping.type_args_extends +R11888 Coq.Init.Logic "x = y" type_scope +R11861 Coq.Lists.List.map +R11877 RTL.fn_params +R11902 AST.sig_args +R11893 RTL.fn_sig +R11845 Coq.Init.Logic "x = y" type_scope +R11825 RTLtyping.type_rtl_function +R11847 Coq.Init.Datatypes.Some +R11814 RTLtyping.regenv +R11798 RTL.function +R11985 RTLtyping.repet +R11985 RTLtyping.repet +R12049 Maps.fold +R12102 RTLtyping.empty +R12061 RTLtyping.type_rtl_instr +R12077 AST.sig_res +R12049 Maps.fold +R12102 RTLtyping.empty +R12061 RTLtyping.type_rtl_instr +R12077 AST.sig_res +R12139 RTLtyping.consistent +R12151 RTLtyping.fold2 +R12183 AST.sig_args +R12157 RTLtyping.type_rtl_arg +R12139 RTLtyping.consistent +R12151 RTLtyping.fold2 +R12183 AST.sig_args +R12157 RTLtyping.type_rtl_arg +R12229 RTLtyping.repr +R12238 RTLtyping.fold2 +R12270 AST.sig_args +R12244 RTLtyping.type_rtl_arg +R12229 RTLtyping.repr +R12238 RTLtyping.fold2 +R12270 AST.sig_args +R12244 RTLtyping.type_rtl_arg +R12321 RTLtyping.eq +R12349 RTLtyping.tTy +R12353 AST.Tfloat +R12334 RTLtyping.tTy +R12338 AST.Tint +R12321 RTLtyping.eq +R12349 RTLtyping.tTy +R12353 AST.Tfloat +R12334 RTLtyping.tTy +R12338 AST.Tint +R12437 RTLtyping.type_args_correct +R12437 RTLtyping.type_args_correct +R12510 RTLtyping.equal_eq +R12510 RTLtyping.equal_eq +R12674 Coq.Init.Logic "~ x" type_scope +R12675 Coq.Lists.List.In +R12663 Coq.Init.Logic "x = y" type_scope +R12652 RTLtyping.member +R12665 Coq.Init.Datatypes.false +R12646 Registers.reg +R12631 Coq.Lists.List.list +R12636 Registers.reg +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R12749 Coqlib.peq +R12749 Coqlib.peq +R12933 Coqlib.list_norepet +R12922 Coq.Init.Logic "x = y" type_scope +R12914 RTLtyping.repet +R12924 Coq.Init.Datatypes.false +R12903 Coq.Lists.List.list +R12908 Registers.reg +R13002 Coqlib.list_norepet_nil +R13019 Registers.reg +R13002 Coqlib.list_norepet_nil +R13019 Registers.reg +R13036 Coq.Bool.Bool.orb_false_elim +R13065 RTLtyping.repet +R13052 RTLtyping.member +R13036 Coq.Bool.Bool.orb_false_elim +R13065 RTLtyping.repet +R13052 RTLtyping.member +R13097 Coqlib.list_norepet_cons +R13097 Coqlib.list_norepet_cons +R13128 RTLtyping.member_correct +R13128 RTLtyping.member_correct +R13291 Coqlib.list_norepet +R13307 RTL.fn_params +R13275 Coq.Init.Logic "x = y" type_scope +R13255 RTLtyping.type_rtl_function +R13277 Coq.Init.Datatypes.Some +R13244 RTLtyping.regenv +R13228 RTL.function +R13410 Coq.Init.Logic "x = y" type_scope +R13394 RTLtyping.repet +R13412 Coq.Init.Datatypes.false +R13410 Coq.Init.Logic "x = y" type_scope +R13394 RTLtyping.repet +R13412 Coq.Init.Datatypes.false +R13438 RTLtyping.repet_correct +R13438 RTLtyping.repet_correct +R13474 RTLtyping.repet +R13474 RTLtyping.repet +R13648 Coq.Init.Logic "'exists' x : t , p" type_scope +R13808 Coq.Init.Logic "A /\ B" type_scope +R13673 RTLtyping.included +R13683 Maps.fold +R13772 RTLtyping.empty +R13763 RTL.fn_code +R13695 RTLtyping.type_rtl_instr +R13722 AST.sig_res +R13713 RTL.fn_sig +R13834 Coq.Init.Logic "A /\ B" type_scope +R13815 Coq.Init.Logic "x = y" type_scope +R13817 RTLtyping.mk_env +R13837 RTLtyping.consistent +R13660 RTLtyping.T +R13632 Coq.Init.Logic "x = y" type_scope +R13612 RTLtyping.type_rtl_function +R13634 Coq.Init.Datatypes.Some +R13601 RTLtyping.regenv +R13584 RTL.function +R13896 Maps.fold +R13985 RTLtyping.empty +R13976 RTL.fn_code +R13908 RTLtyping.type_rtl_instr +R13935 AST.sig_res +R13926 RTL.fn_sig +R13896 Maps.fold +R13985 RTLtyping.empty +R13976 RTL.fn_code +R13908 RTLtyping.type_rtl_instr +R13935 AST.sig_res +R13926 RTL.fn_sig +R14066 RTLtyping.repet +R14075 RTL.fn_params +R14066 RTLtyping.repet +R14075 RTL.fn_params +R14139 RTLtyping.fold2 +R14187 AST.sig_args +R14178 RTL.fn_sig +R14164 RTL.fn_params +R14145 RTLtyping.type_rtl_arg +R14139 RTLtyping.fold2 +R14187 AST.sig_args +R14178 RTL.fn_sig +R14164 RTL.fn_params +R14145 RTLtyping.type_rtl_arg +R14245 RTLtyping.eq +R14279 RTLtyping.repr +R14291 RTLtyping.tTy +R14295 AST.Tfloat +R14255 RTLtyping.repr +R14267 RTLtyping.tTy +R14271 AST.Tint +R14245 RTLtyping.eq +R14279 RTLtyping.repr +R14291 RTLtyping.tTy +R14295 AST.Tfloat +R14255 RTLtyping.repr +R14267 RTLtyping.tTy +R14271 AST.Tint +R14350 RTLtyping.equal_eq +R14350 RTLtyping.equal_eq +R14405 RTLtyping.consistent_not_eq +R14405 RTLtyping.consistent_not_eq +R14439 Coq.Init.Logic.conj +R14439 Coq.Init.Logic.conj +R14470 RTLtyping.type_args_included +R14470 RTLtyping.type_args_included +R14510 Coq.Init.Logic.conj +R14510 Coq.Init.Logic.conj +R14737 Coq.Init.Logic "x = y" type_scope +R14684 RTLtyping.fold2 +R14704 RTLtyping.type_rtl_arg +R14690 RTLtyping.type_rtl_arg +R14743 RTLtyping.fold2 +R14792 Coq.Init.Datatypes.fst +R14763 RTLtyping.type_rtl_arg +R14781 Coq.Init.Datatypes.snd +R14749 RTLtyping.type_rtl_arg +R14641 Coq.Init.Datatypes "x * y" type_scope +R14632 Coq.Lists.List.list +R14637 AST.typ +R14643 AST.typ +R14622 Registers.reg +R14607 Coq.Lists.List.list +R14612 Registers.reg +R14596 RTLtyping.T +R14830 Coq.Init.Datatypes.surjective_pairing +R14830 Coq.Init.Datatypes.surjective_pairing +R15044 RTLtyping.included +R15056 RTLtyping.fold2 +R15076 RTLtyping.type_rtl_arg +R15062 RTLtyping.type_rtl_arg +R14980 RTLtyping.consistent +R14992 RTLtyping.fold2 +R15012 RTLtyping.type_rtl_arg +R14998 RTLtyping.type_rtl_arg +R14972 AST.typ +R14962 Registers.reg +R14951 RTLtyping.T +R14936 Coq.Lists.List.list +R14941 AST.typ +R14920 Coq.Lists.List.list +R14925 Registers.reg +R15158 RTLtyping.type_rtl_arg +R15131 RTLtyping.included_trans +R15158 RTLtyping.type_rtl_arg +R15131 RTLtyping.included_trans +R15187 RTLtyping.type_arg_included +R15187 RTLtyping.type_arg_included +R15214 RTLtyping.type_args_included +R15214 RTLtyping.type_args_included +R15468 RTLtyping.included +R15480 RTLtyping.fold2 +R15500 RTLtyping.type_rtl_arg +R15514 RTLtyping.type_rtl_ros +R15486 RTLtyping.type_rtl_arg +R15385 RTLtyping.consistent +R15397 RTLtyping.fold2 +R15417 RTLtyping.type_rtl_arg +R15431 RTLtyping.type_rtl_ros +R15403 RTLtyping.type_rtl_arg +R15374 Coq.Init.Datatypes "x + y" type_scope +R15371 Registers.reg +R15375 AST.ident +R15350 AST.typ +R15340 Registers.reg +R15329 RTLtyping.T +R15314 Coq.Lists.List.list +R15319 AST.typ +R15298 Coq.Lists.List.list +R15303 Registers.reg +R15599 RTLtyping.type_rtl_ros +R15572 RTLtyping.included_trans +R15599 RTLtyping.type_rtl_ros +R15572 RTLtyping.included_trans +R15665 RTLtyping.included_identify +R15665 RTLtyping.included_identify +R15692 RTLtyping.included_refl +R15692 RTLtyping.included_refl +R15715 RTLtyping.type_args_res_included +R15715 RTLtyping.type_args_res_included +R15903 RTLtyping.included +R15915 RTLtyping.type_rtl_instr +R15857 RTLtyping.consistent +R15869 RTLtyping.type_rtl_instr +R15842 Coq.Init.Datatypes.option +R15849 AST.typ +R15826 RTLtyping.T +R15808 RTL.instruction +R15793 Coq.NArith.BinPos.positive +R16011 RTLtyping.type_args_res_included +R16011 RTLtyping.type_args_res_included +R16011 RTLtyping.type_args_res_included +R16011 RTLtyping.type_args_res_included +R16011 RTLtyping.type_args_res_included +R16011 RTLtyping.type_args_res_included +R16011 RTLtyping.type_args_res_included +R16011 RTLtyping.type_args_res_included +R16051 RTLtyping.included_refl +R16051 RTLtyping.included_refl +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16117 RTLtyping.type_args_res_included +R16198 RTLtyping.error_inconsistent +R16198 RTLtyping.error_inconsistent +R16275 RTLtyping.included_identify +R16275 RTLtyping.included_identify +R16304 RTLtyping.error_inconsistent +R16304 RTLtyping.error_inconsistent +R16381 RTLtyping.included_refl +R16381 RTLtyping.included_refl +R16406 RTLtyping.error_inconsistent +R16406 RTLtyping.error_inconsistent +R16442 RTLtyping.type_args_res_ros_included +R16442 RTLtyping.type_args_res_ros_included +R16486 RTLtyping.type_args_included +R16486 RTLtyping.type_args_included +R16581 RTLtyping.error_inconsistent +R16581 RTLtyping.error_inconsistent +R16581 RTLtyping.error_inconsistent +R16581 RTLtyping.error_inconsistent +R16581 RTLtyping.error_inconsistent +R16624 RTLtyping.type_arg_included +R16624 RTLtyping.type_arg_included +R16653 RTLtyping.included_refl +R16653 RTLtyping.included_refl +R16877 RTLtyping.consistent +R16786 RTLtyping.consistent +R16804 Coq.Lists.List.fold_left +R16826 RTLtyping.type_rtl_instr +R16859 Coq.Init.Datatypes.snd +R16851 Coq.Init.Datatypes.fst +R16771 Coq.Init.Datatypes.option +R16778 AST.typ +R16755 RTLtyping.T +R16719 Coq.Lists.List.list +R16734 Coq.Init.Datatypes "x * y" type_scope +R16725 Coq.NArith.BinPos.positive +R16736 RTL.instruction +R16982 RTLtyping.type_rtl_instr +R17015 Coq.Init.Datatypes.snd +R17007 Coq.Init.Datatypes.fst +R16944 RTLtyping.included_consistent +R16982 RTLtyping.type_rtl_instr +R17015 Coq.Init.Datatypes.snd +R17007 Coq.Init.Datatypes.fst +R16944 RTLtyping.included_consistent +R17033 RTLtyping.type_instr_included +R17033 RTLtyping.type_instr_included +R17347 RTLtyping.included +R17368 Coq.Lists.List.fold_left +R17390 RTLtyping.type_rtl_instr +R17423 Coq.Init.Datatypes.snd +R17415 Coq.Init.Datatypes.fst +R17256 RTLtyping.consistent +R17274 Coq.Lists.List.fold_left +R17296 RTLtyping.type_rtl_instr +R17329 Coq.Init.Datatypes.snd +R17321 Coq.Init.Datatypes.fst +R17241 Coq.Init.Datatypes.option +R17248 AST.typ +R17225 RTLtyping.T +R17189 Coq.Lists.List.list +R17204 Coq.Init.Datatypes "x * y" type_scope +R17195 Coq.NArith.BinPos.positive +R17206 RTL.instruction +R17488 RTLtyping.included_refl +R17488 RTLtyping.included_refl +R17547 RTLtyping.type_rtl_instr +R17580 Coq.Init.Datatypes.snd +R17572 Coq.Init.Datatypes.fst +R17519 RTLtyping.included_trans +R17547 RTLtyping.type_rtl_instr +R17580 Coq.Init.Datatypes.snd +R17572 Coq.Init.Datatypes.fst +R17519 RTLtyping.included_trans +R17600 RTLtyping.type_instr_included +R17600 RTLtyping.type_instr_included +R17631 RTLtyping.type_instrs_extends +R17631 RTLtyping.type_instrs_extends +R17912 Coq.Init.Logic "'exists' x : t , p" type_scope +R17984 Coq.Init.Logic "A /\ B" type_scope +R17937 RTLtyping.consistent +R17949 RTLtyping.type_rtl_instr +R17987 RTLtyping.included +R18048 Maps.fold +R18060 RTLtyping.type_rtl_instr +R17997 RTLtyping.type_rtl_instr +R17923 RTLtyping.T +R17898 Coq.Init.Logic "x = y" type_scope +R17894 Maps "a ! b" +R17900 Coq.Init.Datatypes.Some +R17877 RTL.instruction +R17862 Coq.NArith.BinPos.positive +R17791 RTLtyping.consistent +R17803 Maps.fold +R17815 RTLtyping.type_rtl_instr +R17782 RTLtyping.T +R17770 RTL.code +R17753 Coq.Init.Datatypes.option +R17760 AST.typ +R18123 Maps.fold_spec +R18123 Maps.fold_spec +R18152 Maps.fold_spec +R18152 Maps.fold_spec +R18190 Maps.elements_correct +R18190 Maps.elements_correct +R18322 Maps.elements +R18322 Maps.elements +R18365 Coq.Lists.List.In +R18376 Coq.Lists.List.nil +R18368 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18365 Coq.Lists.List.In +R18376 Coq.Lists.List.nil +R18368 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18392 Coq.Lists.List.in_nil +R18392 Coq.Lists.List.in_nil +R18547 Coq.Init.Logic.conj +R18547 Coq.Init.Logic.conj +R18563 RTLtyping.type_instrs_extends +R18563 RTLtyping.type_instrs_extends +R18637 RTLtyping.type_instrs_included +R18637 RTLtyping.type_instrs_included +R18824 Coq.Init.Logic "A \/ B" type_scope +R18797 Coq.Init.Logic "x = y" type_scope +R18778 RTLtyping.repr +R18789 RTLtyping.tReg +R18799 RTLtyping.repr +R18810 RTLtyping.tTy +R18814 AST.Tfloat +R18846 Coq.Init.Logic "x = y" type_scope +R18827 RTLtyping.repr +R18838 RTLtyping.tReg +R18848 RTLtyping.repr +R18859 RTLtyping.tTy +R18863 AST.Tint +R18768 Registers.reg +R18757 RTLtyping.T +R18942 RTL.Inop +R18952 Coq.Init.Logic.True +R18961 RTL.Iop +R18965 Op.Omove +R18975 Coq.Lists.List "x :: y" list_scope +R18978 Coq.Lists.List.nil +R19011 Coq.Init.Logic "x = y" type_scope +R18991 RTLtyping.repr +R19002 RTLtyping.tReg +R19013 RTLtyping.repr +R19024 RTLtyping.tReg +R19037 RTL.Iop +R19041 Op.Oundef +R19057 Coq.Init.Logic.True +R19066 RTL.Iop +R19106 Coq.Init.Logic "A /\ B" type_scope +R19094 RTLtyping.mapped +R19138 RTLtyping.mapped +R19125 Coq.Lists.List.In +R19120 Registers.reg +R19153 RTL.Iload +R19197 Coq.Init.Logic "A /\ B" type_scope +R19185 RTLtyping.mapped +R19229 RTLtyping.mapped +R19216 Coq.Lists.List.In +R19211 Registers.reg +R19244 RTL.Istore +R19289 Coq.Init.Logic "A /\ B" type_scope +R19277 RTLtyping.mapped +R19321 RTLtyping.mapped +R19308 Coq.Lists.List.In +R19303 Registers.reg +R19336 RTL.Icall +R19424 Coq.Init.Logic "A /\ B" type_scope +R19382 Coq.Init.Datatypes.inl +R19391 RTLtyping.mapped +R19409 Coq.Init.Logic.True +R19439 Coq.Init.Logic "A /\ B" type_scope +R19427 RTLtyping.mapped +R19471 RTLtyping.mapped +R19458 Coq.Lists.List.In +R19453 Registers.reg +R19486 RTL.Icond +R19541 RTLtyping.mapped +R19528 Coq.Lists.List.In +R19523 Registers.reg +R19556 RTL.Ireturn +R19564 Coq.Init.Datatypes.None +R19572 Coq.Init.Logic.True +R19581 RTL.Ireturn +R19590 Coq.Init.Datatypes.Some +R19601 RTLtyping.mapped +R18907 RTL.instruction +R18896 RTLtyping.T +R19689 RTLtyping.mapped +R19697 RTLtyping.type_rtl_arg +R19681 AST.typ +R19671 Registers.reg +R19660 RTLtyping.T +R19806 RTLtyping.sameclass_identify_1 +R19806 RTLtyping.sameclass_identify_1 +R19845 RTLtyping.sameclass_identify_1 +R19845 RTLtyping.sameclass_identify_1 +R19961 RTLtyping.mapped +R19969 RTLtyping.type_rtl_arg +R19946 RTLtyping.mapped +R19938 AST.typ +R19928 Registers.reg +R19928 Registers.reg +R19914 RTLtyping.T +R20082 RTLtyping.sameclass_identify_2 +R20082 RTLtyping.sameclass_identify_2 +R20128 RTLtyping.sameclass_identify_2 +R20128 RTLtyping.sameclass_identify_2 +R20318 RTLtyping.mapped +R20326 RTLtyping.fold2 +R20332 RTLtyping.type_rtl_arg +R20300 RTLtyping.mapped +R20255 RTLtyping.consistent +R20267 RTLtyping.fold2 +R20273 RTLtyping.type_rtl_arg +R20247 Registers.reg +R20236 RTLtyping.T +R20221 Coq.Lists.List.list +R20226 AST.typ +R20205 Coq.Lists.List.list +R20210 Registers.reg +R20434 RTLtyping.error_inconsistent +R20434 RTLtyping.error_inconsistent +R20506 RTLtyping.error_inconsistent +R20506 RTLtyping.error_inconsistent +R20506 RTLtyping.error_inconsistent +R20569 RTLtyping.type_arg_mapped +R20569 RTLtyping.type_arg_mapped +R20747 RTLtyping.mapped +R20755 RTLtyping.fold2 +R20761 RTLtyping.type_rtl_arg +R20736 Coq.Lists.List.In +R20680 RTLtyping.consistent +R20692 RTLtyping.fold2 +R20698 RTLtyping.type_rtl_arg +R20671 RTLtyping.T +R20656 Coq.Lists.List.list +R20661 AST.typ +R20640 Coq.Lists.List.list +R20645 Registers.reg +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R20888 RTLtyping.error_inconsistent +R20888 RTLtyping.error_inconsistent +R20974 RTLtyping.type_args_mapped +R20974 RTLtyping.type_args_mapped +R21006 RTLtyping.type_arg_complete +R21006 RTLtyping.type_arg_complete +R21216 RTLtyping.mapped +R21224 RTLtyping.fold2 +R21244 RTLtyping.type_rtl_arg +R21230 RTLtyping.type_rtl_arg +R21152 RTLtyping.consistent +R21164 RTLtyping.fold2 +R21184 RTLtyping.type_rtl_arg +R21170 RTLtyping.type_rtl_arg +R21144 AST.typ +R21134 Registers.reg +R21119 Coq.Lists.List.list +R21124 AST.typ +R21103 Coq.Lists.List.list +R21108 Registers.reg +R21091 RTLtyping.T +R21299 RTLtyping.type_args_mapped +R21299 RTLtyping.type_args_mapped +R21331 RTLtyping.type_arg_complete +R21331 RTLtyping.type_arg_complete +R21589 Coq.Init.Logic "A /\ B" type_scope +R21526 RTLtyping.mapped +R21534 RTLtyping.fold2 +R21554 RTLtyping.type_rtl_arg +R21540 RTLtyping.type_rtl_arg +R21616 RTLtyping.mapped +R21624 RTLtyping.fold2 +R21644 RTLtyping.type_rtl_arg +R21630 RTLtyping.type_rtl_arg +R21604 Coq.Lists.List.In +R21462 RTLtyping.consistent +R21474 RTLtyping.fold2 +R21494 RTLtyping.type_rtl_arg +R21480 RTLtyping.type_rtl_arg +R21454 AST.typ +R21444 Registers.reg +R21429 Coq.Lists.List.list +R21434 AST.typ +R21413 Coq.Lists.List.list +R21418 Registers.reg +R21401 RTLtyping.T +R21801 Coq.Init.Logic.conj +R21801 Coq.Init.Logic.conj +R21815 RTLtyping.type_res_complete +R21815 RTLtyping.type_res_complete +R21848 RTLtyping.type_args_complete +R21848 RTLtyping.type_args_complete +R22116 RTLtyping.mapped +R22124 RTLtyping.fold2 +R22144 RTLtyping.type_rtl_arg +R22190 RTLtyping.type_rtl_ros +R22206 Coq.Init.Datatypes.inl +R22210 AST.ident +R22130 RTLtyping.type_rtl_arg +R21984 RTLtyping.consistent +R21996 RTLtyping.fold2 +R22016 RTLtyping.type_rtl_arg +R22066 RTLtyping.type_rtl_ros +R22082 Coq.Init.Datatypes.inl +R22086 AST.ident +R22002 RTLtyping.type_rtl_arg +R21976 AST.typ +R21966 Registers.reg +R21966 Registers.reg +R21948 Coq.Lists.List.list +R21953 AST.typ +R21932 Coq.Lists.List.list +R21937 Registers.reg +R21920 RTLtyping.T +R22262 RTLtyping.type_args_mapped +R22262 RTLtyping.type_args_mapped +R22294 RTLtyping.type_arg_mapped +R22294 RTLtyping.type_arg_mapped +R22368 RTLtyping.sameclass_identify_1 +R22368 RTLtyping.sameclass_identify_1 +R22626 Coq.Init.Logic "x = y" type_scope +R22569 RTLtyping.mk_env +R22577 RTLtyping.fold2 +R22597 RTLtyping.type_rtl_arg +R22583 RTLtyping.type_rtl_arg +R22505 RTLtyping.consistent +R22517 RTLtyping.fold2 +R22537 RTLtyping.type_rtl_arg +R22523 RTLtyping.type_rtl_arg +R22497 AST.typ +R22487 Registers.reg +R22472 Coq.Lists.List.list +R22477 AST.typ +R22456 Coq.Lists.List.list +R22461 Registers.reg +R22444 RTLtyping.T +R22676 RTLtyping.type_args_included +R22713 RTLtyping.tTy +R22704 RTLtyping.tReg +R22676 RTLtyping.type_args_included +R22713 RTLtyping.tTy +R22704 RTLtyping.tReg +R22744 RTLtyping.consistent_not_eq +R22744 RTLtyping.consistent_not_eq +R22777 RTLtyping.equal_eq +R22777 RTLtyping.equal_eq +R22822 RTLtyping.sameclass_identify_1 +R22822 RTLtyping.sameclass_identify_1 +R23216 Coq.Init.Logic "x = y" type_scope +R23094 RTLtyping.mk_env +R23102 RTLtyping.fold2 +R23122 RTLtyping.type_rtl_arg +R23168 RTLtyping.type_rtl_ros +R23184 Coq.Init.Datatypes.inl +R23188 AST.ident +R23108 RTLtyping.type_rtl_arg +R23218 AST.Tint +R22962 RTLtyping.consistent +R22974 RTLtyping.fold2 +R22994 RTLtyping.type_rtl_arg +R23044 RTLtyping.type_rtl_ros +R23060 Coq.Init.Datatypes.inl +R23064 AST.ident +R22980 RTLtyping.type_rtl_arg +R22954 AST.typ +R22944 Registers.reg +R22944 Registers.reg +R22926 Coq.Lists.List.list +R22931 AST.typ +R22910 Coq.Lists.List.list +R22915 Registers.reg +R22898 RTLtyping.T +R23269 RTLtyping.type_args_included +R23307 RTLtyping.tTy +R23311 AST.Tint +R23297 RTLtyping.tReg +R23269 RTLtyping.type_args_included +R23307 RTLtyping.tTy +R23311 AST.Tint +R23297 RTLtyping.tReg +R23327 RTLtyping.consistent_not_eq +R23327 RTLtyping.consistent_not_eq +R23363 RTLtyping.type_arg_included +R23428 RTLtyping.tTy +R23432 AST.Tint +R23418 RTLtyping.tReg +R23382 RTLtyping.type_rtl_ros +R23398 Coq.Init.Datatypes.inl +R23402 AST.ident +R23363 RTLtyping.type_arg_included +R23428 RTLtyping.tTy +R23432 AST.Tint +R23418 RTLtyping.tReg +R23382 RTLtyping.type_rtl_ros +R23398 Coq.Init.Datatypes.inl +R23402 AST.ident +R23465 RTLtyping.sameclass_identify_1 +R23465 RTLtyping.sameclass_identify_1 +R23754 Coq.Init.Logic "A /\ B" type_scope +R23682 RTLtyping.wt_instr +R23692 RTLtyping.mk_env +R23700 RTLtyping.type_rtl_instr +R23727 AST.sig_res +R23718 RTL.fn_sig +R23757 RTLtyping.definite +R23767 RTLtyping.type_rtl_instr +R23794 AST.sig_res +R23785 RTL.fn_sig +R23618 RTLtyping.consistent +R23630 RTLtyping.type_rtl_instr +R23657 AST.sig_res +R23648 RTL.fn_sig +R23604 Coq.Init.Logic "x = y" type_scope +R23600 Maps "a ! b" +R23606 Coq.Init.Datatypes.Some +R23586 Coq.NArith.BinPos.positive +R23567 RTL.instruction +R23556 RTL.code +R23541 RTL.function +R23530 RTLtyping.T +R23923 Coq.Init.Logic.conj +R23923 Coq.Init.Logic.conj +R23941 RTLtyping.wt_Inop +R23941 RTLtyping.wt_Inop +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24000 Coq.Init.Logic.conj +R24027 RTLtyping.wt_Iop +R24082 RTLtyping.type_args_correct +R24135 RTLtyping.type_res_correct +R24207 RTLtyping.type_args_res_complete +R24290 RTLtyping.error_inconsistent +R24290 RTLtyping.error_inconsistent +R24358 RTLtyping.error_inconsistent +R24358 RTLtyping.error_inconsistent +R24397 Coq.Init.Logic.conj +R24397 Coq.Init.Logic.conj +R24415 RTLtyping.wt_Iopmove +R24415 RTLtyping.wt_Iopmove +R24475 RTLtyping.sameclass_identify_1 +R24475 RTLtyping.sameclass_identify_1 +R24545 RTLtyping.sameclass_identify_1 +R24545 RTLtyping.sameclass_identify_1 +R24634 RTLtyping.error_inconsistent +R24634 RTLtyping.error_inconsistent +R24673 Coq.Init.Logic.conj +R24673 Coq.Init.Logic.conj +R24685 RTLtyping.wt_Iopundef +R24685 RTLtyping.wt_Iopundef +R24755 Coq.Init.Logic.conj +R24755 Coq.Init.Logic.conj +R24773 RTLtyping.wt_Iload +R24773 RTLtyping.wt_Iload +R24799 RTLtyping.type_args_correct +R24799 RTLtyping.type_args_correct +R24850 RTLtyping.type_res_correct +R24850 RTLtyping.type_res_correct +R24908 RTLtyping.type_args_res_complete +R24908 RTLtyping.type_args_res_complete +R24975 Coq.Init.Logic.conj +R24975 Coq.Init.Logic.conj +R24993 RTLtyping.wt_Istore +R24993 RTLtyping.wt_Istore +R25020 RTLtyping.type_args_correct +R25020 RTLtyping.type_args_correct +R25071 RTLtyping.type_res_correct +R25071 RTLtyping.type_res_correct +R25129 RTLtyping.type_args_res_complete +R25129 RTLtyping.type_args_res_complete +R25195 Coq.Init.Logic.conj +R25195 Coq.Init.Logic.conj +R25213 RTLtyping.wt_Icall +R25213 RTLtyping.wt_Icall +R25255 RTLtyping.type_ros_correct +R25255 RTLtyping.type_ros_correct +R25292 RTLtyping.type_args_correct +R25292 RTLtyping.type_args_correct +R25330 RTLtyping.type_of_sig_res +R25330 RTLtyping.type_of_sig_res +R25356 RTLtyping.type_res_correct +R25356 RTLtyping.type_res_correct +R25412 Coq.Init.Logic.conj +R25412 Coq.Init.Logic.conj +R25432 RTLtyping.type_ros_complete +R25432 RTLtyping.type_ros_complete +R25471 RTLtyping.type_args_res_complete +R25471 RTLtyping.type_args_res_complete +R25514 Coq.Init.Logic.conj +R25514 Coq.Init.Logic.conj +R25541 RTLtyping.type_args_res_complete +R25541 RTLtyping.type_args_res_complete +R25600 Coq.Init.Logic.conj +R25600 Coq.Init.Logic.conj +R25618 RTLtyping.wt_Icond +R25618 RTLtyping.wt_Icond +R25642 RTLtyping.type_args_correct +R25642 RTLtyping.type_args_correct +R25692 RTLtyping.type_args_complete +R25692 RTLtyping.type_args_complete +R25777 Coq.Init.Logic.conj +R25777 Coq.Init.Logic.conj +R25796 RTLtyping.wt_Ireturn +R25796 RTLtyping.wt_Ireturn +R25838 AST.sig_res +R25829 RTL.fn_sig +R25838 AST.sig_res +R25829 RTL.fn_sig +R25886 RTLtyping.type_arg_correct +R25886 RTLtyping.type_arg_correct +R25926 RTLtyping.error_inconsistent +R25926 RTLtyping.error_inconsistent +R25980 AST.sig_res +R25971 RTL.fn_sig +R25980 AST.sig_res +R25971 RTL.fn_sig +R26026 RTLtyping.type_arg_complete +R26026 RTLtyping.type_arg_complete +R26061 RTLtyping.error_inconsistent +R26061 RTLtyping.error_inconsistent +R26099 Coq.Init.Logic.conj +R26099 Coq.Init.Logic.conj +R26117 RTLtyping.wt_Ireturn +R26117 RTLtyping.wt_Ireturn +R26158 AST.sig_res +R26149 RTL.fn_sig +R26158 AST.sig_res +R26149 RTL.fn_sig +R26203 RTLtyping.error_inconsistent +R26203 RTLtyping.error_inconsistent +R26428 Coq.Init.Logic "x = y" type_scope +R26416 RTLtyping.mk_env +R26430 RTLtyping.mk_env +R26397 RTLtyping.consistent +R26377 RTLtyping.included +R26360 RTLtyping.mapped +R26352 Registers.reg +R26341 RTLtyping.T +R26341 RTLtyping.T +R26560 RTLtyping.equal_eq +R26578 RTLtyping.equal_eq +R26560 RTLtyping.equal_eq +R26578 RTLtyping.equal_eq +R26605 RTLtyping.consistent_not_eq +R26605 RTLtyping.consistent_not_eq +R26639 RTLtyping.consistent_not_eq +R26639 RTLtyping.consistent_not_eq +R26678 RTLtyping.included_consistent +R26678 RTLtyping.included_consistent +R26917 Coq.Init.Logic "x = y" type_scope +R26898 Coq.Lists.List.map +R26903 RTLtyping.mk_env +R26919 Coq.Lists.List.map +R26924 RTLtyping.mk_env +R26877 RTLtyping.consistent +R26857 RTLtyping.included +R26839 RTLtyping.mapped +R26828 Coq.Lists.List.In +R26804 Coq.Lists.List.list +R26809 Registers.reg +R26792 RTLtyping.T +R26792 RTLtyping.T +R26996 RTLtyping.mapped_included_consistent +R26996 RTLtyping.mapped_included_consistent +R27214 RTLtyping.mapped +R27195 RTLtyping.mapped +R27175 RTLtyping.included +R27167 Registers.reg +R27156 RTLtyping.T +R27156 RTLtyping.T +R27526 Coq.Init.Logic "A /\ B" type_scope +R27514 RTLtyping.mapped +R27550 RTLtyping.mapped +R27540 Coq.Lists.List.In +R27470 Coq.Init.Logic "A /\ B" type_scope +R27458 RTLtyping.mapped +R27494 RTLtyping.mapped +R27484 Coq.Lists.List.In +R27438 RTLtyping.included +R27425 Coq.Lists.List.list +R27430 Registers.reg +R27415 Registers.reg +R27404 RTLtyping.T +R27404 RTLtyping.T +R27608 Coq.Init.Logic.conj +R27608 Coq.Init.Logic.conj +R27623 RTLtyping.included_mapped +R27623 RTLtyping.included_mapped +R27674 RTLtyping.included_mapped +R27674 RTLtyping.included_mapped +R27831 RTLtyping.definite +R27814 RTLtyping.definite +R27796 RTLtyping.included +R27780 RTL.instruction +R27769 RTLtyping.T +R27769 RTLtyping.T +R27907 RTLtyping.included_mapped_forall +R27907 RTLtyping.included_mapped_forall +R27907 RTLtyping.included_mapped_forall +R27907 RTLtyping.included_mapped_forall +R27907 RTLtyping.included_mapped_forall +R27907 RTLtyping.included_mapped_forall +R27907 RTLtyping.included_mapped_forall +R27907 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R27976 RTLtyping.included_mapped_forall +R28049 RTLtyping.included_mapped_forall +R28049 RTLtyping.included_mapped_forall +R28116 RTLtyping.included_mapped_forall +R28116 RTLtyping.included_mapped_forall +R28202 Coq.Init.Logic.conj +R28202 Coq.Init.Logic.conj +R28217 RTLtyping.included_mapped +R28217 RTLtyping.included_mapped +R28255 RTLtyping.included_mapped_forall +R28255 RTLtyping.included_mapped_forall +R28320 Coq.Init.Logic.conj +R28320 Coq.Init.Logic.conj +R28341 RTLtyping.included_mapped_forall +R28341 RTLtyping.included_mapped_forall +R28398 RTLtyping.included_mapped +R28398 RTLtyping.included_mapped +R28463 RTLtyping.included_mapped +R28463 RTLtyping.included_mapped +R28662 RTLtyping.wt_instr +R28672 RTLtyping.mk_env +R28641 RTLtyping.consistent +R28622 RTLtyping.definite +R28592 RTLtyping.wt_instr +R28602 RTLtyping.mk_env +R28572 RTLtyping.included +R28556 RTL.instruction +R28545 RTLtyping.T +R28545 RTLtyping.T +R28526 RTL.function +R28796 RTLtyping.wt_Inop +R28796 RTLtyping.wt_Inop +R28816 RTLtyping.wt_Iopmove +R28816 RTLtyping.wt_Iopmove +R28881 RTLtyping.wt_Iopundef +R28881 RTLtyping.wt_Iopundef +R28905 RTLtyping.wt_Iop +R28905 RTLtyping.wt_Iop +R29021 RTLtyping.mapped_included_consistent +R29080 RTLtyping.mapped_list_included +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29021 RTLtyping.mapped_included_consistent +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29080 RTLtyping.mapped_list_included +R29132 RTLtyping.wt_Iload +R29132 RTLtyping.wt_Iload +R29157 RTLtyping.mapped_list_included +R29157 RTLtyping.mapped_list_included +R29213 RTLtyping.mapped_included_consistent +R29213 RTLtyping.mapped_included_consistent +R29273 RTLtyping.wt_Istore +R29273 RTLtyping.wt_Istore +R29299 RTLtyping.mapped_list_included +R29299 RTLtyping.mapped_list_included +R29355 RTLtyping.mapped_included_consistent +R29355 RTLtyping.mapped_included_consistent +R29446 RTLtyping.wt_Icall +R29446 RTLtyping.wt_Icall +R29446 RTLtyping.wt_Icall +R29471 RTLtyping.mapped_included_consistent +R29471 RTLtyping.mapped_included_consistent +R29535 RTLtyping.mapped_list_included +R29535 RTLtyping.mapped_list_included +R29591 RTLtyping.mapped_included_consistent +R29591 RTLtyping.mapped_included_consistent +R29667 RTLtyping.mapped_list_included +R29667 RTLtyping.mapped_list_included +R29723 RTLtyping.mapped_included_consistent +R29723 RTLtyping.mapped_included_consistent +R29783 RTLtyping.wt_Icond +R29783 RTLtyping.wt_Icond +R29802 RTLtyping.mapped_list_included +R29802 RTLtyping.mapped_list_included +R29854 RTLtyping.wt_Ireturn +R29854 RTLtyping.wt_Ireturn +R29910 AST.sig_res +R29901 RTL.fn_sig +R29910 AST.sig_res +R29901 RTL.fn_sig +R29910 AST.sig_res +R29901 RTL.fn_sig +R29980 RTLtyping.mapped_included_consistent +R29980 RTLtyping.mapped_included_consistent +R30186 RTLtyping.wt_instr +R30174 Coq.Init.Logic "x = y" type_scope +R30170 Maps "a ! b" +R30162 RTL.fn_code +R30176 Coq.Init.Datatypes.Some +R30130 Coq.Init.Logic "x = y" type_scope +R30110 RTLtyping.type_rtl_function +R30132 Coq.Init.Datatypes.Some +R30099 RTLtyping.regenv +R30083 RTL.function +R30235 RTLtyping.step1 +R30235 RTLtyping.step1 +R30337 RTLtyping.step2 +R30350 RTLtyping.included_consistent +R30337 RTLtyping.step2 +R30350 RTLtyping.included_consistent +R30433 RTLtyping.step3 +R30433 RTLtyping.step3 +R30480 RTLtyping.step4 +R30480 RTLtyping.step4 +R30516 RTLtyping.step4 +R30516 RTLtyping.step4 +R30553 RTLtyping.included_consistent +R30553 RTLtyping.included_consistent +R30599 RTLtyping.definite_included +R30599 RTLtyping.definite_included +R30789 RTLtyping.wt_function +R30775 Coq.Init.Logic "x = y" type_scope +R30755 RTLtyping.type_rtl_function +R30777 Coq.Init.Datatypes.Some +R30744 RTLtyping.regenv +R30728 RTL.function +R30840 RTLtyping.mk_wt_function +R30993 RTLtyping.type_rtl_function_instrs +R30927 RTLtyping.type_rtl_function_norepet +R30862 RTLtyping.type_rtl_function_params +R30840 RTLtyping.mk_wt_function +R30993 RTLtyping.type_rtl_function_instrs +R30927 RTLtyping.type_rtl_function_norepet +R30862 RTLtyping.type_rtl_function_params +R31142 Coq.Init.Logic "x <> y" type_scope +R31122 RTLtyping.type_rtl_function +R31145 Coq.Init.Datatypes.None +R31094 Coq.Lists.List.In +R31105 AST.prog_funct +R31097 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31061 RTL.program +R31408 Values.has_type +R31424 Registers "a # b" +R31378 RTL.regset +R31365 RTLtyping.regenv +R31535 RTLtyping.wt_regset +R31552 Registers "a # b <- c" +R31507 Values.has_type +R31485 RTLtyping.wt_regset +R31603 Registers.gsspec +R31603 Registers.gsspec +R31626 Coqlib.peq +R31626 Coqlib.peq +R31759 Values.has_type_list +R31787 Coq.Lists.List.map +R31780 Registers "a ## b" +R31726 RTLtyping.wt_regset +R31971 RTLtyping.wt_regset +R31986 RTL.init_regs +R31925 Values.has_type_list +R31949 Coq.Lists.List.map +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R32085 Registers.gi +R32085 Registers.gi +R32118 RTLtyping.wt_regset_assign +R32118 RTLtyping.wt_regset_assign +FKildall +R96 Coq.Init.Datatypes.nat +R303 Coq.Init.Datatypes.option +R311 Maps.t +R318 Kildall.t +R274 Coq.Lists.List.list +R289 Coq.Init.Datatypes "x * y" type_scope +R280 Coq.NArith.BinPos.positive +R291 Kildall.t +R262 Kildall.t +R255 Kildall.t +R243 Coq.NArith.BinPos.positive +R226 Coq.NArith.BinPos.positive +R204 Coq.Lists.List.list +R209 Coq.NArith.BinPos.positive +R192 Coq.NArith.BinPos.positive +R528 Kildall.ge +R553 Maps "a !! b" +R536 Maps "a !! b" +R501 Coq.Lists.List.In +R484 Coqlib.Plt +R466 Coq.Init.Logic "x = y" type_scope +R419 Kildall.fixpoint +R468 Coq.Init.Datatypes.Some +R745 Kildall.ge +R753 Maps "a !! b" +R716 Coq.Lists.List.In +R719 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R698 Coq.Init.Logic "x = y" type_scope +R651 Kildall.fixpoint +R700 Coq.Init.Datatypes.Some +R960 Coq.Lists.List.list +R965 Coq.NArith.BinPos.positive +R948 Coq.NArith.BinPos.positive +R993 Coq.NArith.BinPos.positive +R1039 Kildall.t +R1032 Kildall.t +R1020 Coq.NArith.BinPos.positive +R1066 Coq.Lists.List.list +R1081 Coq.Init.Datatypes "x * y" type_scope +R1072 Coq.NArith.BinPos.positive +R1083 Kildall.t +R1131 Maps.t +R1138 Kildall.t +R1151 Coq.Lists.List.list +R1156 Coq.NArith.BinPos.positive +R1223 Maps.t +R1230 Kildall.t +R1198 Coq.Lists.List.list +R1213 Coq.Init.Datatypes "x * y" type_scope +R1204 Coq.NArith.BinPos.positive +R1215 Kildall.t +R1257 Coq.Lists.List.nil +R1270 Maps.init +R1280 Kildall.bot +R1297 Coq.Lists.List "x :: y" list_scope +R1290 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1344 Maps.set +R1356 Kildall.lub +R1363 Maps "a !! b" +R1198 Coq.Lists.List.list +R1213 Coq.Init.Datatypes "x * y" type_scope +R1204 Coq.NArith.BinPos.positive +R1215 Kildall.t +R1412 Coqlib.positive_rec +R1447 Coq.Lists.List.cons +R1452 Coq.NArith.BinPos.positive +R1441 Coq.Lists.List.nil +R1426 Coq.Lists.List.list +R1431 Coq.NArith.BinPos.positive +R1500 Kildall.mkstate +R1537 Kildall.start_state_wrk +R1509 Kildall.start_state_in +R1625 Coq.Lists.List.In_dec +R1637 Coqlib.peq +R1663 Coq.Lists.List "x :: y" list_scope +R1602 Coq.Lists.List.list +R1607 Coq.NArith.BinPos.positive +R1586 Coq.NArith.BinPos.positive +R1804 Kildall.eq +R1835 Kildall.mkstate +R1872 Kildall.add_to_worklist +R1893 Kildall.st_wrk +R1844 Maps.set +R1863 Kildall.st_in +R1781 Kildall.lub +R1760 Maps "a !! b" +R1754 Kildall.st_in +R1724 Coq.NArith.BinPos.positive +R1715 Kildall.t +R1702 Kildall.state +R2024 Kildall.state +R1963 Coq.Lists.List.list +R1968 Coq.NArith.BinPos.positive +R1950 Kildall.t +R1937 Kildall.state +R2056 Coq.Lists.List.nil +R2071 Coq.Lists.List "x :: y" list_scope +R2102 Kildall.propagate_succ +R1963 Coq.Lists.List.list +R1968 Coq.NArith.BinPos.positive +R1950 Kildall.t +R1937 Kildall.state +R2240 Coq.Init.Datatypes.option +R2248 Maps.t +R2255 Kildall.t +R2221 Kildall.state +R2212 Coq.Init.Datatypes.nat +R2282 Coq.Init.Datatypes.O +R2287 Coq.Init.Datatypes.None +R2296 Coq.Init.Datatypes.S +R2318 Kildall.st_wrk +R2339 Coq.Lists.List.nil +R2356 Coq.Init.Datatypes.Some +R2364 Kildall.st_in +R2381 Coq.Lists.List "x :: y" list_scope +R2424 Kildall.propagate_succ_list +R2515 Maps "a !! b" +R2509 Kildall.st_in +R2459 Kildall.mkstate +R2470 Kildall.st_in +R2221 Kildall.state +R2212 Coq.Init.Datatypes.nat +R2591 Kildall.iterate +R2614 Kildall.start_state +R2599 Kildall.num_iterations +R2711 Kildall.ge +R2726 Maps "a !! b" +R2719 Maps "a !! b" +R2677 Maps.t +R2684 Kildall.t +R2677 Maps.t +R2684 Kildall.t +R2766 Kildall.in_incr +R2822 Kildall.ge_refl +R2822 Kildall.ge_refl +R2920 Kildall.in_incr +R2901 Kildall.in_incr +R2882 Kildall.in_incr +R2995 Maps "a !! b" +R2976 Kildall.ge_trans +R2995 Maps "a !! b" +R2976 Kildall.ge_trans +R3060 Kildall.in_incr +R3106 Kildall.st_in +R3080 Kildall.propagate_succ +R3072 Kildall.st_in +R3178 Kildall.eq +R3198 Kildall.lub +R3214 Maps "a !! b" +R3208 Kildall.st_in +R3193 Maps "a !! b" +R3187 Kildall.st_in +R3178 Kildall.eq +R3198 Kildall.lub +R3214 Maps "a !! b" +R3208 Kildall.st_in +R3193 Maps "a !! b" +R3187 Kildall.st_in +R3240 Kildall.ge_refl +R3240 Kildall.ge_refl +R3266 Coqlib.peq +R3266 Coqlib.peq +R3304 Maps.gss +R3304 Maps.gss +R3320 Kildall.ge_lub_left +R3320 Kildall.ge_lub_left +R3345 Maps.gso +R3345 Maps.gso +R3367 Kildall.ge_refl +R3367 Kildall.ge_refl +R3441 Kildall.in_incr +R3496 Kildall.st_in +R3461 Kildall.propagate_succ_list +R3453 Kildall.st_in +R3553 Kildall.in_incr_refl +R3553 Kildall.in_incr_refl +R3621 Kildall.st_in +R3595 Kildall.propagate_succ +R3575 Kildall.in_incr_trans +R3621 Kildall.st_in +R3595 Kildall.propagate_succ +R3575 Kildall.in_incr_trans +R3638 Kildall.propagate_succ_incr +R3638 Kildall.propagate_succ_incr +R3742 Kildall.in_incr +R3754 Kildall.st_in +R3726 Coq.Init.Logic "x = y" type_scope +R3713 Kildall.iterate +R3728 Coq.Init.Datatypes.Some +R3849 Kildall.st_wrk +R3849 Kildall.st_wrk +R3917 Kildall.ge_refl +R3917 Kildall.ge_refl +R4103 Kildall.st_in +R3968 Kildall.propagate_succ_list +R4055 Maps "a !! b" +R4047 Kildall.st_in +R3989 Kildall.mkstate +R3998 Kildall.st_in +R3944 Kildall.in_incr_trans +R4103 Kildall.st_in +R3968 Kildall.propagate_succ_list +R4055 Maps "a !! b" +R4047 Kildall.st_in +R3989 Kildall.mkstate +R3998 Kildall.st_in +R3944 Kildall.in_incr_trans +R4137 Kildall.st_in +R4144 Kildall.mkstate +R4153 Kildall.st_in +R4121 Kildall.st_in +R4137 Kildall.st_in +R4144 Kildall.mkstate +R4153 Kildall.st_in +R4121 Kildall.st_in +R4176 Kildall.propagate_succ_list_incr +R4176 Kildall.propagate_succ_list_incr +R4287 Kildall.in_incr +R4296 Kildall.start_state_in +R4273 Coq.Init.Logic "x = y" type_scope +R4264 Kildall.fixpoint +R4275 Coq.Init.Datatypes.Some +R4419 Kildall.st_in +R4406 Kildall.start_state +R4373 Kildall.start_state_in +R4419 Kildall.st_in +R4406 Kildall.start_state +R4373 Kildall.start_state_in +R4453 Kildall.num_iterations +R4435 Kildall.iterate_incr +R4453 Kildall.num_iterations +R4435 Kildall.iterate_incr +R4604 Coq.Init.Logic "A \/ B" type_scope +R4587 Coq.Lists.List.In +R4596 Kildall.st_wrk +R4660 Kildall.ge +R4699 Maps "a !! b" +R4693 Kildall.st_in +R4675 Maps "a !! b" +R4669 Kildall.st_in +R4620 Coq.Lists.List.In +R4568 Coqlib.Plt +R4537 Kildall.state +R4733 Kildall.good_state +R4744 Kildall.start_state +R4884 Coqlib.positive_Peano_ind +R4884 Coqlib.positive_Peano_ind +R4972 Coqlib.positive_rec_succ +R4972 Coqlib.positive_rec_succ +R5000 Coqlib.Plt_succ_inv +R5000 Coqlib.Plt_succ_inv +R5125 Coq.Lists.List.In +R5131 Kildall.add_to_worklist +R5204 Coq.Lists.List.In_dec +R5211 Coqlib.peq +R5204 Coq.Lists.List.In_dec +R5211 Coqlib.peq +R5304 Coq.Lists.List.In +R5311 Kildall.add_to_worklist +R5291 Coq.Lists.List.In +R5384 Coq.Lists.List.In_dec +R5391 Coqlib.peq +R5384 Coq.Lists.List.In_dec +R5391 Coqlib.peq +R5542 Coq.Init.Logic "A /\ B" type_scope +R5518 Kildall.ge +R5534 Maps "a !! b" +R5528 Kildall.st_in +R5583 Coq.Init.Logic "x = y" type_scope +R5579 Maps "a !! b" +R5573 Kildall.st_in +R5595 Maps "a !! b" +R5589 Kildall.st_in +R5560 Coq.Init.Logic "x <> y" type_scope +R5489 Kildall.propagate_succ +R5656 Kildall.eq +R5678 Kildall.lub +R5693 Maps "a !! b" +R5685 Kildall.st_in +R5670 Maps "a !! b" +R5662 Kildall.st_in +R5656 Kildall.eq +R5678 Kildall.lub +R5693 Maps "a !! b" +R5685 Kildall.st_in +R5670 Maps "a !! b" +R5662 Kildall.st_in +R5742 Kildall.lub_commut +R5742 Kildall.lub_commut +R5762 Kildall.ge_lub_left +R5762 Kildall.ge_lub_left +R5811 Maps.gss +R5811 Maps.gss +R5829 Kildall.lub_commut +R5829 Kildall.lub_commut +R5849 Kildall.ge_lub_left +R5849 Kildall.ge_lub_left +R5882 Maps.gso +R5882 Maps.gso +R6063 Coq.Init.Logic "A /\ B" type_scope +R6040 Kildall.ge +R6056 Maps "a !! b" +R6050 Kildall.st_in +R6026 Coq.Lists.List.In +R6103 Coq.Init.Logic "x = y" type_scope +R6099 Maps "a !! b" +R6093 Kildall.st_in +R6115 Maps "a !! b" +R6109 Kildall.st_in +R6071 Coq.Init.Logic "~ x" type_scope +R6073 Coq.Lists.List.In +R5975 Kildall.propagate_succ_list +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R6194 Kildall.propagate_succ +R6194 Kildall.propagate_succ +R6251 Kildall.propagate_succ_charact +R6251 Kildall.propagate_succ_charact +R6401 Maps "a !! b" +R6395 Kildall.st_in +R6369 Kildall.propagate_succ +R6352 Kildall.ge_trans +R6401 Maps "a !! b" +R6395 Kildall.st_in +R6369 Kildall.propagate_succ +R6352 Kildall.ge_trans +R6414 Kildall.propagate_succ_list_incr +R6414 Kildall.propagate_succ_list_incr +R6517 Maps "a !! b" +R6511 Kildall.st_in +R6485 Kildall.propagate_succ +R6517 Maps "a !! b" +R6511 Kildall.st_in +R6485 Kildall.propagate_succ +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R6621 Coq.Lists.List.incl +R6665 Kildall.st_wrk +R6639 Kildall.propagate_succ +R6630 Kildall.st_wrk +R6723 Kildall.eq +R6745 Kildall.lub +R6760 Maps "a !! b" +R6752 Kildall.st_in +R6737 Maps "a !! b" +R6729 Kildall.st_in +R6723 Kildall.eq +R6745 Kildall.lub +R6760 Maps "a !! b" +R6752 Kildall.st_in +R6737 Maps "a !! b" +R6729 Kildall.st_in +R6789 Coq.Lists.List.incl_refl +R6789 Coq.Lists.List.incl_refl +R6828 Kildall.add_to_worklist_2 +R6828 Kildall.add_to_worklist_2 +R6925 Coq.Lists.List.incl +R6978 Kildall.st_wrk +R6943 Kildall.propagate_succ_list +R6934 Kildall.st_wrk +R7036 Coq.Lists.List.incl_refl +R7036 Coq.Lists.List.incl_refl +R7097 Kildall.st_wrk +R7071 Kildall.propagate_succ +R7055 Coq.Lists.List.incl_tran +R7097 Kildall.st_wrk +R7071 Kildall.propagate_succ +R7055 Coq.Lists.List.incl_tran +R7114 Kildall.propagate_succ_incr_worklist +R7114 Kildall.propagate_succ_incr_worklist +R7277 Coq.Init.Logic "A \/ B" type_scope +R7259 Coq.Lists.List.In +R7269 Kildall.st_wrk +R7295 Coq.Init.Logic "x = y" type_scope +R7291 Maps "a !! b" +R7285 Kildall.st_in +R7307 Maps "a !! b" +R7301 Kildall.st_in +R7230 Kildall.propagate_succ +R7368 Kildall.eq +R7390 Kildall.lub +R7405 Maps "a !! b" +R7397 Kildall.st_in +R7382 Maps "a !! b" +R7374 Kildall.st_in +R7368 Kildall.eq +R7390 Kildall.lub +R7405 Maps "a !! b" +R7397 Kildall.st_in +R7382 Maps "a !! b" +R7374 Kildall.st_in +R7449 Coqlib.peq +R7449 Coqlib.peq +R7496 Kildall.add_to_worklist_1 +R7496 Kildall.add_to_worklist_1 +R7537 Maps.gso +R7537 Maps.gso +R7696 Coq.Init.Logic "A \/ B" type_scope +R7678 Coq.Lists.List.In +R7688 Kildall.st_wrk +R7714 Coq.Init.Logic "x = y" type_scope +R7710 Maps "a !! b" +R7704 Kildall.st_in +R7726 Maps "a !! b" +R7720 Kildall.st_in +R7640 Kildall.propagate_succ_list +R7795 Kildall.propagate_succ_records_changes +R7795 Kildall.propagate_succ_records_changes +R7860 Kildall.propagate_succ_list_incr_worklist +R7860 Kildall.propagate_succ_list_incr_worklist +R8020 Kildall.good_state +R8032 Kildall.propagate_succ_list +R8131 Maps "a !! b" +R8125 Kildall.st_in +R8053 Kildall.mkstate +R8065 Kildall.st_in +R8001 Kildall.good_state +R7985 Coq.Init.Logic "x = y" type_scope +R7977 Kildall.st_wrk +R7989 Coq.Lists.List "x :: y" list_scope +R8280 Maps "a !! b" +R8274 Kildall.st_in +R8280 Maps "a !! b" +R8274 Kildall.st_in +R8317 Kildall.propagate_succ_list_records_changes +R8384 Kildall.mkstate +R8396 Kildall.st_in +R8317 Kildall.propagate_succ_list_records_changes +R8384 Kildall.mkstate +R8396 Kildall.st_in +R8494 Coqlib.peq +R8494 Coqlib.peq +R8557 Kildall.propagate_succ_list_charact +R8615 Kildall.mkstate +R8627 Kildall.st_in +R8557 Kildall.propagate_succ_list_charact +R8615 Kildall.mkstate +R8627 Kildall.st_in +R8778 Kildall.propagate_succ_list_incr_worklist +R8778 Kildall.propagate_succ_list_incr_worklist +R8923 Coq.Lists.List.In_dec +R8930 Coqlib.peq +R8923 Coq.Lists.List.In_dec +R8930 Coqlib.peq +R9059 Maps "a !! b" +R9053 Kildall.st_in +R9033 Kildall.ge_trans +R9059 Maps "a !! b" +R9053 Kildall.st_in +R9033 Kildall.ge_trans +R9124 Maps "a !! b" +R9118 Kildall.st_in +R9093 Kildall.mkstate +R9105 Kildall.st_in +R9083 Maps "a !! b" +R9077 Kildall.st_in +R9124 Maps "a !! b" +R9118 Kildall.st_in +R9093 Kildall.mkstate +R9105 Kildall.st_in +R9083 Maps "a !! b" +R9077 Kildall.st_in +R9137 Kildall.propagate_succ_list_incr +R9137 Kildall.propagate_succ_list_incr +R9245 Kildall.propagate_succ_list_charact +R9303 Kildall.mkstate +R9315 Kildall.st_in +R9245 Kildall.propagate_succ_list_charact +R9303 Kildall.mkstate +R9315 Kildall.st_in +R9525 Kildall.ge +R9550 Maps "a !! b" +R9533 Maps "a !! b" +R9500 Coq.Lists.List.In +R9483 Coqlib.Plt +R9467 Coq.Init.Logic "x = y" type_scope +R9450 Kildall.iterate +R9469 Coq.Init.Datatypes.Some +R9431 Kildall.good_state +R9651 Kildall.st_wrk +R9651 Kildall.st_wrk +R9801 Kildall.propagate_succ_list +R9872 Maps "a !! b" +R9866 Kildall.st_in +R9822 Kildall.mkstate +R9834 Kildall.st_in +R9801 Kildall.propagate_succ_list +R9872 Maps "a !! b" +R9866 Kildall.st_in +R9822 Kildall.mkstate +R9834 Kildall.st_in +R9903 Kildall.step_state_good +R9903 Kildall.step_state_good +R10066 Kildall.ge +R10091 Maps "a !! b" +R10074 Maps "a !! b" +R10041 Coq.Lists.List.In +R10024 Coqlib.Plt +R10008 Coq.Init.Logic "x = y" type_scope +R9999 Kildall.fixpoint +R10010 Coq.Init.Datatypes.Some +R10161 Kildall.num_iterations +R10176 Kildall.start_state +R10139 Kildall.iterate_solution +R10161 Kildall.num_iterations +R10176 Kildall.start_state +R10139 Kildall.iterate_solution +R10197 Kildall.start_state_good +R10197 Kildall.start_state_good +R10306 Kildall.ge +R10329 Maps "a !! b" +R10312 Kildall.start_state_in +R10288 Coq.Lists.List.In +R10291 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10422 Maps.gss +R10422 Maps.gss +R10440 Kildall.lub_commut +R10440 Kildall.lub_commut +R10460 Kildall.ge_lub_left +R10460 Kildall.ge_lub_left +R10497 Maps.gsspec +R10497 Maps.gsspec +R10516 Coqlib.peq +R10516 Coqlib.peq +R10584 Maps "a !! b" +R10567 Kildall.start_state_in +R10550 Kildall.ge_trans +R10584 Maps "a !! b" +R10567 Kildall.start_state_in +R10550 Kildall.ge_trans +R10598 Kildall.ge_lub_left +R10598 Kildall.ge_lub_left +R10729 Kildall.ge +R10737 Maps "a !! b" +R10702 Coq.Lists.List.In +R10705 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10686 Coq.Init.Logic "x = y" type_scope +R10677 Kildall.fixpoint +R10688 Coq.Init.Datatypes.Some +R10812 Maps "a !! b" +R10786 Kildall.start_state_in +R10769 Kildall.ge_trans +R10812 Maps "a !! b" +R10786 Kildall.start_state_in +R10769 Kildall.ge_trans +R10826 Kildall.fixpoint_incr +R10826 Kildall.fixpoint_incr +R10855 Kildall.start_state_in_entry +R10855 Kildall.start_state_in_entry +R11028 Coq.Lists.List.list +R11033 Coq.NArith.BinPos.positive +R11016 Coq.NArith.BinPos.positive +R11061 Coq.NArith.BinPos.positive +R11234 Maps.t +R11242 Coq.Lists.List.list +R11247 Coq.NArith.BinPos.positive +R11177 Coq.Lists.List.list +R11182 Coq.NArith.BinPos.positive +R11158 Coq.NArith.BinPos.positive +R11103 Maps.t +R11111 Coq.Lists.List.list +R11116 Coq.NArith.BinPos.positive +R11284 Coq.Lists.List.nil +R11303 Coq.Lists.List "x :: y" list_scope +R11335 Maps.set +R11353 Coq.Lists.List "x :: y" list_scope +R11360 Maps "a !! b" +R11177 Coq.Lists.List.list +R11182 Coq.NArith.BinPos.positive +R11158 Coq.NArith.BinPos.positive +R11103 Maps.t +R11111 Coq.Lists.List.list +R11116 Coq.NArith.BinPos.positive +R11500 Coq.Lists.List.In +R11537 Maps "a !! b" +R11506 Kildall.add_successors +R11465 Coq.Init.Logic "A \/ B" type_scope +R11452 Coq.Lists.List.In +R11461 Maps "a !! b" +R11478 Coq.Init.Logic "A /\ B" type_scope +R11471 Coq.Init.Logic "x = y" type_scope +R11481 Coq.Lists.List.In +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R11622 Maps.gsspec +R11622 Maps.gsspec +R11641 Coqlib.peq +R11641 Coqlib.peq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R11825 Maps.t +R11833 Coq.Lists.List.list +R11838 Coq.NArith.BinPos.positive +R11853 Coqlib.positive_rec +R11926 Kildall.add_successors +R11892 Maps.init +R11902 Coq.Lists.List.nil +R11867 Maps.t +R11875 Coq.Lists.List.list +R11880 Coq.NArith.BinPos.positive +R12071 Coq.Lists.List.In +R12093 Maps "a !! b" +R12076 Kildall.make_predecessors +R12046 Coq.Lists.List.In +R12027 Coqlib.Plt +R12159 Coqlib.positive_Peano_ind +R12159 Coqlib.positive_Peano_ind +R12239 Coqlib.positive_rec_succ +R12239 Coqlib.positive_rec_succ +R12266 Kildall.add_successors_correct +R12266 Kildall.add_successors_correct +R12298 Coqlib.Plt_succ_inv +R12298 Coqlib.Plt_succ_inv +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R12637 Coq.Init.Datatypes.option +R12645 Maps.t +R12652 Kildall.t +R12608 Coq.Lists.List.list +R12623 Coq.Init.Datatypes "x * y" type_scope +R12614 Coq.NArith.BinPos.positive +R12625 Kildall.t +R12596 Kildall.t +R12589 Kildall.t +R12577 Coq.NArith.BinPos.positive +R12560 Coq.NArith.BinPos.positive +R12538 Coq.Lists.List.list +R12543 Coq.NArith.BinPos.positive +R12526 Coq.NArith.BinPos.positive +R12879 Kildall.ge +R12904 Maps "a !! b" +R12887 Maps "a !! b" +R12852 Coq.Lists.List.In +R12835 Coqlib.Plt +R12818 Coqlib.Plt +R12800 Coq.Init.Logic "x = y" type_scope +R12753 Kildall.fixpoint +R12802 Coq.Init.Datatypes.Some +R13096 Kildall.ge +R13104 Maps "a !! b" +R13067 Coq.Lists.List.In +R13070 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13049 Coq.Init.Logic "x = y" type_scope +R13002 Kildall.fixpoint +R13051 Coq.Init.Datatypes.Some +R13364 Coq.Lists.List.list +R13369 Coq.NArith.BinPos.positive +R13352 Coq.NArith.BinPos.positive +R13397 Coq.NArith.BinPos.positive +R13443 Kildall.t +R13436 Kildall.t +R13424 Coq.NArith.BinPos.positive +R13470 Coq.Lists.List.list +R13485 Coq.Init.Datatypes "x * y" type_scope +R13476 Coq.NArith.BinPos.positive +R13487 Kildall.t +R13573 Kildall.fixpoint +R13599 Maps "a !! b" +R13531 Kildall.make_predecessors +R13766 Kildall.ge +R13791 Maps "a !! b" +R13774 Maps "a !! b" +R13741 Coq.Lists.List.In +R13722 Coqlib.Plt +R13705 Coqlib.Plt +R13689 Coq.Init.Logic "x = y" type_scope +R13680 Kildall.fixpoint +R13691 Coq.Init.Datatypes.Some +R13897 Maps "a !! b" +R13861 Kildall.make_predecessors +R13820 Kildall.fixpoint_solution +R13897 Maps "a !! b" +R13861 Kildall.make_predecessors +R13820 Kildall.fixpoint_solution +R13957 Kildall.make_predecessors_correct +R13957 Kildall.make_predecessors_correct +R14092 Kildall.ge +R14100 Maps "a !! b" +R14065 Coq.Lists.List.In +R14068 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14049 Coq.Init.Logic "x = y" type_scope +R14040 Kildall.fixpoint +R14051 Coq.Init.Datatypes.Some +R14204 Maps "a !! b" +R14168 Kildall.make_predecessors +R14130 Kildall.fixpoint_entry +R14204 Maps "a !! b" +R14168 Kildall.make_predecessors +R14130 Kildall.fixpoint_entry +R14422 Kildall.t +R14417 Kildall.t +R14449 Kildall.t +R14483 Kildall.ge +R14486 Kildall.top +R14525 Kildall.ge +R14758 Coq.Init.Datatypes.option +R14766 Maps.t +R14773 Kildall.t +R14742 Coq.NArith.BinPos.positive +R14730 Kildall.t +R14723 Kildall.t +R14711 Coq.NArith.BinPos.positive +R14694 Coq.NArith.BinPos.positive +R14672 Coq.Lists.List.list +R14677 Coq.NArith.BinPos.positive +R14660 Coq.NArith.BinPos.positive +R14981 Kildall.ge +R15006 Maps "a !! b" +R14989 Maps "a !! b" +R14954 Coq.Lists.List.In +R14937 Coqlib.Plt +R14919 Coq.Init.Logic "x = y" type_scope +R14873 Kildall.fixpoint +R14921 Coq.Init.Datatypes.Some +R15179 Coq.Init.Logic "x = y" type_scope +R15166 Maps "a !! b" +R15181 Kildall.top +R15145 Coq.Init.Logic "x = y" type_scope +R15099 Kildall.fixpoint +R15147 Coq.Init.Datatypes.Some +R15452 Maps "a !! b" +R15429 Coq.Init.Logic "x = y" type_scope +R15383 Kildall.fixpoint +R15431 Coq.Init.Datatypes.Some +R15306 Kildall.top +R15286 Kildall.t +R15658 Coq.Lists.List.list +R15663 Coq.NArith.BinPos.positive +R15646 Coq.NArith.BinPos.positive +R15691 Coq.NArith.BinPos.positive +R15737 Kildall.t +R15730 Kildall.t +R15718 Coq.NArith.BinPos.positive +R15763 Coq.NArith.BinPos.positive +R15785 Kildall.t +R15817 Kildall.top +R15914 Coq.Init.Datatypes.bool +R15902 Coq.NArith.BinPos.positive +R15941 Maps.t +R15948 Kildall.t +R15995 Kildall.result +R16011 Coq.Lists.List.list +R16016 Coq.NArith.BinPos.positive +R16140 Kildall.state +R16112 Kildall.state +R16102 Kildall.t +R16083 Coq.Lists.List.list +R16088 Coq.NArith.BinPos.positive +R16068 Kildall.bbmap +R16172 Coq.Lists.List.nil +R16189 Coq.Lists.List "x :: y" list_scope +R16317 Kildall.mkstate +R16375 Coq.Lists.List "x :: y" list_scope +R16382 Kildall.st_wrk +R16326 Maps.set +R16344 Kildall.st_in +R16112 Kildall.state +R16102 Kildall.t +R16083 Coq.Lists.List.list +R16088 Coq.NArith.BinPos.positive +R16068 Kildall.bbmap +R16480 Coq.Init.Datatypes.option +R16487 Kildall.result +R16452 Kildall.state +R16440 Kildall.bbmap +R16430 Coq.Init.Datatypes.nat +R16520 Coq.Init.Datatypes.O +R16525 Coq.Init.Datatypes.None +R16534 Coq.Init.Datatypes.S +R16559 Kildall.st_wrk +R16580 Coq.Lists.List.nil +R16587 Coq.Init.Datatypes.Some +R16596 Kildall.st_in +R16614 Coq.Lists.List "x :: y" list_scope +R16637 Coqlib.plt +R16887 Kildall.mkstate +R16899 Kildall.st_in +R16699 Kildall.propagate_successors +R16819 Kildall.mkstate +R16831 Kildall.st_in +R16795 Maps "a !! b" +R16789 Kildall.st_in +R16452 Kildall.state +R16440 Kildall.bbmap +R16430 Coq.Init.Datatypes.nat +R17014 Coq.Init.Datatypes.bool +R17035 Maps "a !! b" +R17049 Coq.Lists.List.nil +R17056 Coq.Init.Datatypes.true +R17104 Coq.Lists.List "x :: y" list_scope +R17107 Coq.Lists.List.nil +R17124 Coqlib.peq +R17157 Coqlib.peq +R17190 Coq.Init.Datatypes.false +R17180 Coq.Init.Datatypes.true +R17138 Coq.Init.Datatypes.true +R17202 Coq.Lists.List "x :: y" list_scope +R17207 Coq.Lists.List "x :: y" list_scope +R17215 Coq.Init.Datatypes.true +R17002 Coq.NArith.BinPos.positive +R16973 Maps.t +R16981 Coq.Lists.List.list +R16986 Coq.NArith.BinPos.positive +R17257 Kildall.bbmap +R17268 Kildall.is_basic_block_head +R17289 Kildall.make_predecessors +R17371 Coq.Lists.List.list +R17376 Coq.NArith.BinPos.positive +R17390 Coqlib.positive_rec +R17457 Coq.Lists.List "x :: y" list_scope +R17419 Coq.Lists.List.nil +R17404 Coq.Lists.List.list +R17409 Coq.NArith.BinPos.positive +R17362 Kildall.bbmap +R17503 Coq.Init.Datatypes.option +R17510 Kildall.result +R17553 Kildall.analyze +R17580 Kildall.mkstate +R17607 Kildall.basic_block_list +R17589 Maps.init +R17599 Kildall.top +R17561 Kildall.num_iterations +R17532 Kildall.basic_block_map +R17683 Kildall.make_predecessors +R17806 Coq.Lists.List.In +R17823 Maps "a !! b" +R17811 Kildall.predecessors +R17783 Coq.Lists.List.In +R17766 Coqlib.Plt +R17873 Kildall.make_predecessors_correct +R17873 Kildall.make_predecessors_correct +R18082 Coq.Init.Logic "x = y" type_scope +R18064 Kildall.basic_block_map +R18084 Coq.Init.Datatypes.true +R18053 Coq.Init.Logic "x <> y" type_scope +R18024 Coq.Lists.List.In +R18006 Coqlib.Plt +R17980 Coq.Lists.List.In +R17962 Coqlib.Plt +R18118 Coq.Lists.List.In +R18136 Maps "a !! b" +R18124 Kildall.predecessors +R18118 Coq.Lists.List.In +R18136 Maps "a !! b" +R18124 Kildall.predecessors +R18148 Kildall.predecessors_correct +R18148 Kildall.predecessors_correct +R18186 Coq.Lists.List.In +R18204 Maps "a !! b" +R18192 Kildall.predecessors +R18186 Coq.Lists.List.In +R18204 Maps "a !! b" +R18192 Kildall.predecessors +R18216 Kildall.predecessors_correct +R18216 Kildall.predecessors_correct +R18298 Kildall.predecessors +R18298 Kildall.predecessors +R18336 Maps "a !! b" +R18324 Kildall.predecessors +R18336 Maps "a !! b" +R18324 Kildall.predecessors +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R18522 Coq.Init.Logic "x = y" type_scope +R18504 Kildall.basic_block_map +R18524 Coq.Init.Datatypes.true +R18481 Coq.Lists.List.In +R18464 Coqlib.Plt +R18599 Kildall.predecessors +R18599 Kildall.predecessors +R18628 Kildall.predecessors_correct +R18628 Kildall.predecessors_correct +R18691 Maps "a !! b" +R18679 Kildall.predecessors +R18691 Maps "a !! b" +R18679 Kildall.predecessors +R18741 Coqlib.peq_true +R18741 Coqlib.peq_true +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R18897 Coq.Init.Logic "A /\ B" type_scope +R18890 Coq.Init.Logic "x = y" type_scope +R18886 Maps "a !! b" +R18880 Kildall.st_in +R18892 Kildall.top +R18866 Coq.Init.Logic "x = y" type_scope +R18848 Kildall.basic_block_map +R18868 Coq.Init.Datatypes.true +R18952 Coq.Init.Logic "A \/ B" type_scope +R18935 Coq.Lists.List.In +R18944 Kildall.st_wrk +R19008 Kildall.ge +R19047 Maps "a !! b" +R19041 Kildall.st_in +R19023 Maps "a !! b" +R19017 Kildall.st_in +R18969 Coq.Lists.List.In +R18915 Coqlib.Plt +R18818 Kildall.state +R19119 Coq.Lists.List.incl +R19181 Kildall.st_wrk +R19144 Kildall.propagate_successors +R19128 Kildall.st_wrk +R19239 Coq.Lists.List.incl_refl +R19239 Coq.Lists.List.incl_refl +R19299 Coq.Lists.List "x :: y" list_scope +R19302 Kildall.st_wrk +R19281 Coq.Lists.List.incl_tran +R19299 Coq.Lists.List "x :: y" list_scope +R19302 Kildall.st_wrk +R19281 Coq.Lists.List.incl_tran +R19322 Coq.Lists.List.incl_tl +R19322 Coq.Lists.List.incl_tl +R19337 Coq.Lists.List.incl_refl +R19337 Coq.Lists.List.incl_refl +R19363 Kildall.mkstate +R19400 Coq.Lists.List "x :: y" list_scope +R19403 Kildall.st_wrk +R19372 Maps.set +R19386 Kildall.st_in +R19363 Kildall.mkstate +R19400 Coq.Lists.List "x :: y" list_scope +R19403 Kildall.st_wrk +R19372 Maps.set +R19386 Kildall.st_in +R19449 Kildall.st_wrk +R19429 Coq.Lists.List "x :: y" list_scope +R19432 Kildall.st_wrk +R19449 Kildall.st_wrk +R19429 Coq.Lists.List "x :: y" list_scope +R19432 Kildall.st_wrk +R19662 Coq.Init.Logic "A /\ B" type_scope +R19641 Coq.Init.Logic "A /\ B" type_scope +R19623 Coq.Lists.List.In +R19633 Kildall.st_wrk +R19659 Coq.Init.Logic "x = y" type_scope +R19655 Maps "a !! b" +R19649 Kildall.st_in +R19612 Coq.Init.Logic "x = y" type_scope +R19614 Coq.Init.Datatypes.false +R19593 Coq.Lists.List.In +R19713 Coq.Init.Logic "x = y" type_scope +R19709 Maps "a !! b" +R19703 Kildall.st_in +R19725 Maps "a !! b" +R19719 Kildall.st_in +R19680 Coq.Init.Logic "A \/ B" type_scope +R19668 Coq.Init.Logic "~ x" type_scope +R19669 Coq.Lists.List.In +R19688 Coq.Init.Logic "x = y" type_scope +R19690 Coq.Init.Datatypes.true +R19552 Kildall.propagate_successors +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R20007 Kildall.mkstate +R20044 Coq.Lists.List "x :: y" list_scope +R20047 Kildall.st_wrk +R20016 Maps.set +R20030 Kildall.st_in +R20007 Kildall.mkstate +R20044 Coq.Lists.List "x :: y" list_scope +R20047 Kildall.st_wrk +R20016 Maps.set +R20030 Kildall.st_in +R20160 Kildall.propagate_successors_charact1 +R20160 Kildall.propagate_successors_charact1 +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R20213 Coq.Lists.List.In_dec +R20220 Coqlib.peq +R20213 Coq.Lists.List.In_dec +R20220 Coqlib.peq +R20302 Maps.gss +R20302 Maps.gss +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R20374 Maps.gso +R20374 Maps.gso +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R20587 Kildall.state_invariant +R20609 Kildall.propagate_successors +R20735 Kildall.mkstate +R20702 Maps "a !! b" +R20630 Kildall.basic_block_map +R20540 Kildall.state_invariant +R20557 Kildall.mkstate +R20573 Coq.Lists.List "x :: y" list_scope +R20520 Coqlib.Plt +R20859 Maps "a !! b" +R20859 Maps "a !! b" +R20880 Kildall.propagate_successors_charact1 +R20961 Kildall.mkstate +R20910 Kildall.basic_block_map +R20880 Kildall.propagate_successors_charact1 +R20961 Kildall.mkstate +R20910 Kildall.basic_block_map +R20994 Kildall.propagate_successors_charact2 +R21075 Kildall.mkstate +R21024 Kildall.basic_block_map +R20994 Kildall.propagate_successors_charact2 +R21075 Kildall.mkstate +R21024 Kildall.basic_block_map +R21108 Kildall.propagate_successors +R21181 Kildall.mkstate +R21129 Kildall.basic_block_map +R21108 Kildall.propagate_successors +R21181 Kildall.mkstate +R21129 Kildall.basic_block_map +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R21411 Coqlib.peq +R21411 Coqlib.peq +R21505 Maps "a !! b" +R21499 Kildall.st_in +R21519 Maps "a !! b" +R21505 Maps "a !! b" +R21499 Kildall.st_in +R21519 Maps "a !! b" +R21544 Kildall.basic_block_map +R21544 Kildall.basic_block_map +R21611 Kildall.top_ge +R21611 Kildall.top_ge +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R21679 Kildall.refl_ge +R21679 Kildall.refl_ge +R21751 Coq.Lists.List.In_dec +R21758 Coqlib.peq +R21751 Coq.Lists.List.In_dec +R21758 Coqlib.peq +R21805 Kildall.no_self_loop +R21805 Kildall.no_self_loop +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22093 Coq.Init.Logic "x = y" type_scope +R22089 Maps "a !! b" +R22083 Kildall.st_in +R22098 Maps "a !! b" +R22055 Coq.Lists.List.In +R22093 Coq.Init.Logic "x = y" type_scope +R22089 Maps "a !! b" +R22083 Kildall.st_in +R22098 Maps "a !! b" +R22055 Coq.Lists.List.In +R22425 Coq.Lists.List.In_dec +R22432 Coqlib.peq +R22425 Coq.Lists.List.In_dec +R22432 Coqlib.peq +R22480 Kildall.multiple_predecessors +R22480 Kildall.multiple_predecessors +R22543 Coq.Lists.List.In_dec +R22550 Coqlib.peq +R22543 Coq.Lists.List.In_dec +R22550 Coqlib.peq +R22690 Kildall.basic_block_map +R22690 Kildall.basic_block_map +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R23169 Kildall.state_invariant +R23186 Kildall.mkstate +R23122 Kildall.state_invariant +R23139 Kildall.mkstate +R23155 Coq.Lists.List "x :: y" list_scope +R23099 Coq.Init.Logic "~ x" type_scope +R23101 Coqlib.Plt +R23523 Kildall.state_invariant +R23540 Kildall.mkstate +R23552 Coq.Lists.List.nil +R23499 Kildall.state_invariant +R23483 Coq.Init.Logic "x = y" type_scope +R23450 Kildall.analyze +R23464 Kildall.basic_block_map +R23485 Coq.Init.Datatypes.Some +R23734 Coqlib.plt +R23734 Coqlib.plt +R23790 Kildall.propagate_successors_invariant +R23790 Kildall.propagate_successors_invariant +R23860 Kildall.discard_top_worklist_invariant +R23860 Kildall.discard_top_worklist_invariant +R23938 Kildall.state_invariant +R23955 Kildall.mkstate +R23982 Kildall.basic_block_list +R23999 Kildall.basic_block_map +R23964 Maps.init +R23974 Kildall.top +R24057 Maps.gi +R24057 Maps.gi +R24098 Maps.gi +R24098 Maps.gi +R24098 Maps.gi +R24098 Maps.gi +R24113 Kildall.top_ge +R24113 Kildall.top_ge +R24243 Kildall.ge +R24268 Maps "a !! b" +R24251 Maps "a !! b" +R24218 Coq.Lists.List.In +R24201 Coqlib.Plt +R24185 Coq.Init.Logic "x = y" type_scope +R24176 Kildall.fixpoint +R24187 Coq.Init.Datatypes.Some +R24322 Kildall.state_invariant +R24339 Kildall.mkstate +R24351 Coq.Lists.List.nil +R24322 Kildall.state_invariant +R24339 Kildall.mkstate +R24351 Coq.Lists.List.nil +R24367 Kildall.analyze_invariant +R24367 Kildall.analyze_invariant +R24399 Kildall.initial_state_invariant +R24399 Kildall.initial_state_invariant +R24590 Coq.Init.Logic "x = y" type_scope +R24577 Maps "a !! b" +R24592 Kildall.top +R24558 Coq.Init.Logic "x = y" type_scope +R24549 Kildall.fixpoint +R24560 Coq.Init.Datatypes.Some +R24647 Kildall.state_invariant +R24664 Kildall.mkstate +R24676 Coq.Lists.List.nil +R24647 Kildall.state_invariant +R24664 Kildall.mkstate +R24676 Coq.Lists.List.nil +R24692 Kildall.analyze_invariant +R24692 Kildall.analyze_invariant +R24724 Kildall.initial_state_invariant +R24724 Kildall.initial_state_invariant +R24840 Kildall.predecessors +R24840 Kildall.predecessors +R24879 Maps "a !! b" +R24867 Kildall.predecessors +R24879 Maps "a !! b" +R24867 Kildall.predecessors +R24924 Coqlib.peq +R24924 Coqlib.peq +R24955 Coqlib.peq_true +R24955 Coqlib.peq_true +R25045 Maps "a !! b" +R25039 Kildall.st_in +R25003 Kildall.state +R25142 Kildall.Pstate +R25150 Kildall.propagate_successors +R25127 Kildall.Pstate +R25306 Maps.gsspec +R25306 Maps.gsspec +R25325 Coqlib.peq +R25325 Coqlib.peq +R25482 Maps "a !! b" +R25449 Kildall.Pstate +R25432 Coq.Init.Logic "x = y" type_scope +R25412 Kildall.analyze +R25434 Coq.Init.Datatypes.Some +R25568 Kildall.st_wrk +R25568 Kildall.st_wrk +R25622 Coqlib.plt +R25622 Coqlib.plt +R25680 Kildall.propagate_successors_P +R25680 Kildall.propagate_successors_P +R25858 Maps "a !! b" +R25839 Coq.Init.Logic "x = y" type_scope +R25830 Kildall.fixpoint +R25841 Coq.Init.Datatypes.Some +R25910 Kildall.analyze_P +R25910 Kildall.analyze_P +R25957 Maps.gi +R25957 Maps.gi +FConstprop +R372 Integers.int +R393 Floats.float +R425 Integers.int +R416 AST.ident +R498 Constprop.approx +R535 Coq.Init.Specif "{ A } + { B }" type_scope +R537 Coq.Init.Logic "x = y" type_scope +R545 Coq.Init.Logic "x <> y" type_scope +R531 Constprop.t +R531 Constprop.t +R591 Integers.eq_dec +R591 Integers.eq_dec +R613 Floats.eq_dec +R613 Floats.eq_dec +R637 Integers.eq_dec +R637 Integers.eq_dec +R659 AST.ident_eq +R659 AST.ident_eq +R727 Coq.Init.Logic "A \/ B" type_scope +R717 Coq.Init.Logic "x = y" type_scope +R719 Constprop.Unknown +R742 Coq.Init.Logic "A \/ B" type_scope +R732 Coq.Init.Logic "x = y" type_scope +R734 Constprop.Novalue +R747 Coq.Init.Logic "x = y" type_scope +R698 Constprop.t +R698 Constprop.t +R779 Constprop.ge +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R877 Constprop.ge +R867 Constprop.ge +R857 Constprop.ge +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R958 Constprop.Novalue +R987 Constprop.Unknown +R1022 Constprop.ge +R1027 Constprop.bot +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R1101 Constprop.ge +R1104 Constprop.top +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R1182 Constprop.t +R1194 Constprop.eq +R1239 Constprop.Novalue +R1264 Constprop.Novalue +R1291 Constprop.Unknown +R1177 Constprop.t +R1177 Constprop.t +R1348 Coq.Init.Logic "x = y" type_scope +R1340 Constprop.lub +R1350 Constprop.lub +R1402 Constprop.eq +R1417 Constprop.eq +R1402 Constprop.eq +R1417 Constprop.eq +R1417 Constprop.eq +R1524 Constprop.ge +R1528 Constprop.lub +R1583 Constprop.eq +R1583 Constprop.eq +R1609 Constprop.ge_refl +R1609 Constprop.ge_refl +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R2407 Coq.Lists.List.list +R2412 Constprop.approx +R2391 Op.condition +R2533 Coq.Lists.List "x :: y" list_scope +R2528 Constprop.I +R2541 Coq.Lists.List "x :: y" list_scope +R2536 Constprop.I +R2544 Coq.Lists.List.nil +R2518 Op.Ccomp +R2655 Coq.Lists.List "x :: y" list_scope +R2650 Constprop.I +R2663 Coq.Lists.List "x :: y" list_scope +R2658 Constprop.I +R2666 Coq.Lists.List.nil +R2639 Op.Ccompu +R2780 Coq.Lists.List "x :: y" list_scope +R2775 Constprop.I +R2783 Coq.Lists.List.nil +R2760 Op.Ccompimm +R2898 Coq.Lists.List "x :: y" list_scope +R2893 Constprop.I +R2901 Coq.Lists.List.nil +R2877 Op.Ccompuimm +R3012 Coq.Lists.List "x :: y" list_scope +R3007 Constprop.F +R3020 Coq.Lists.List "x :: y" list_scope +R3015 Constprop.F +R3023 Coq.Lists.List.nil +R2996 Op.Ccompf +R3137 Coq.Lists.List "x :: y" list_scope +R3132 Constprop.F +R3145 Coq.Lists.List "x :: y" list_scope +R3140 Constprop.F +R3148 Coq.Lists.List.nil +R3118 Op.Cnotcompf +R3259 Coq.Lists.List "x :: y" list_scope +R3254 Constprop.I +R3262 Coq.Lists.List.nil +R3240 Op.Cmaskzero +R3376 Coq.Lists.List "x :: y" list_scope +R3371 Constprop.I +R3379 Coq.Lists.List.nil +R3354 Op.Cmasknotzero +R3455 Coq.Lists.List.list +R3460 Constprop.approx +R3439 Op.condition +R3627 Constprop.eval_static_condition_cases +R3670 Op.Ccomp +R3684 Coq.Lists.List "x :: y" list_scope +R3679 Constprop.I +R3692 Coq.Lists.List "x :: y" list_scope +R3687 Constprop.I +R3695 Coq.Lists.List.nil +R3708 Constprop.eval_static_condition_case1 +R3748 Op.Ccompu +R3763 Coq.Lists.List "x :: y" list_scope +R3758 Constprop.I +R3771 Coq.Lists.List "x :: y" list_scope +R3766 Constprop.I +R3774 Coq.Lists.List.nil +R3787 Constprop.eval_static_condition_case2 +R3827 Op.Ccompimm +R3846 Coq.Lists.List "x :: y" list_scope +R3841 Constprop.I +R3849 Coq.Lists.List.nil +R3862 Constprop.eval_static_condition_case3 +R3901 Op.Ccompuimm +R3921 Coq.Lists.List "x :: y" list_scope +R3916 Constprop.I +R3924 Coq.Lists.List.nil +R3937 Constprop.eval_static_condition_case4 +R3976 Op.Ccompf +R3991 Coq.Lists.List "x :: y" list_scope +R3986 Constprop.F +R3999 Coq.Lists.List "x :: y" list_scope +R3994 Constprop.F +R4002 Coq.Lists.List.nil +R4015 Constprop.eval_static_condition_case5 +R4055 Op.Cnotcompf +R4073 Coq.Lists.List "x :: y" list_scope +R4068 Constprop.F +R4081 Coq.Lists.List "x :: y" list_scope +R4076 Constprop.F +R4084 Coq.Lists.List.nil +R4097 Constprop.eval_static_condition_case6 +R4137 Op.Cmaskzero +R4155 Coq.Lists.List "x :: y" list_scope +R4150 Constprop.I +R4158 Coq.Lists.List.nil +R4171 Constprop.eval_static_condition_case7 +R4208 Op.Cmasknotzero +R4229 Coq.Lists.List "x :: y" list_scope +R4224 Constprop.I +R4232 Coq.Lists.List.nil +R4245 Constprop.eval_static_condition_case8 +R4300 Constprop.eval_static_condition_default +R3575 Coq.Lists.List.list +R3580 Constprop.approx +R3559 Op.condition +R4426 Constprop.eval_static_condition_match +R4471 Constprop.eval_static_condition_case1 +R4516 Coq.Init.Datatypes.Some +R4521 Integers.cmp +R4542 Constprop.eval_static_condition_case2 +R4587 Coq.Init.Datatypes.Some +R4592 Integers.cmpu +R4614 Constprop.eval_static_condition_case3 +R4658 Coq.Init.Datatypes.Some +R4663 Integers.cmp +R4683 Constprop.eval_static_condition_case4 +R4727 Coq.Init.Datatypes.Some +R4732 Integers.cmpu +R4753 Constprop.eval_static_condition_case5 +R4798 Coq.Init.Datatypes.Some +R4803 Floats.cmp +R4826 Constprop.eval_static_condition_case6 +R4871 Coq.Init.Datatypes.Some +R4876 Coq.Bool.Bool.negb +R4881 Floats.cmp +R4905 Constprop.eval_static_condition_case7 +R4947 Coq.Init.Datatypes.Some +R4952 Integers.eq +R4974 Integers.zero +R4960 Integers.and +R4988 Constprop.eval_static_condition_case8 +R5030 Coq.Init.Datatypes.Some +R5035 Coq.Bool.Bool.negb +R5040 Integers.eq +R5062 Integers.zero +R5048 Integers.and +R5077 Constprop.eval_static_condition_default +R5124 Coq.Init.Datatypes.None +R4402 Coq.Lists.List.list +R4407 Constprop.approx +R4386 Op.condition +R8057 Coq.Lists.List.list +R8062 Constprop.approx +R8041 Op.operation +R8173 Coq.Lists.List "x :: y" list_scope +R8175 Coq.Lists.List.nil +R8163 Op.Omove +R8278 Coq.Lists.List.nil +R8264 Op.Ointconst +R8383 Coq.Lists.List.nil +R8367 Op.Ofloatconst +R8492 Coq.Lists.List.nil +R8474 Op.Oaddrsymbol +R8602 Coq.Lists.List "x :: y" list_scope +R8597 Constprop.I +R8605 Coq.Lists.List.nil +R8582 Op.Ocast8signed +R8716 Coq.Lists.List "x :: y" list_scope +R8711 Constprop.I +R8719 Coq.Lists.List.nil +R8695 Op.Ocast16signed +R8824 Coq.Lists.List "x :: y" list_scope +R8819 Constprop.I +R8832 Coq.Lists.List "x :: y" list_scope +R8827 Constprop.I +R8835 Coq.Lists.List.nil +R8812 Op.Oadd +R8946 Coq.Lists.List "x :: y" list_scope +R8938 Constprop.S +R8954 Coq.Lists.List "x :: y" list_scope +R8949 Constprop.I +R8957 Coq.Lists.List.nil +R8931 Op.Oadd +R9067 Coq.Lists.List "x :: y" list_scope +R9062 Constprop.I +R9070 Coq.Lists.List.nil +R9050 Op.Oaddimm +R9186 Coq.Lists.List "x :: y" list_scope +R9178 Constprop.S +R9189 Coq.Lists.List.nil +R9166 Op.Oaddimm +R9295 Coq.Lists.List "x :: y" list_scope +R9290 Constprop.I +R9303 Coq.Lists.List "x :: y" list_scope +R9298 Constprop.I +R9306 Coq.Lists.List.nil +R9283 Op.Osub +R9418 Coq.Lists.List "x :: y" list_scope +R9410 Constprop.S +R9426 Coq.Lists.List "x :: y" list_scope +R9421 Constprop.I +R9429 Coq.Lists.List.nil +R9403 Op.Osub +R9539 Coq.Lists.List "x :: y" list_scope +R9534 Constprop.I +R9542 Coq.Lists.List.nil +R9522 Op.Osubimm +R9648 Coq.Lists.List "x :: y" list_scope +R9643 Constprop.I +R9656 Coq.Lists.List "x :: y" list_scope +R9651 Constprop.I +R9659 Coq.Lists.List.nil +R9636 Op.Omul +R9769 Coq.Lists.List "x :: y" list_scope +R9764 Constprop.I +R9772 Coq.Lists.List.nil +R9752 Op.Omulimm +R9878 Coq.Lists.List "x :: y" list_scope +R9873 Constprop.I +R9886 Coq.Lists.List "x :: y" list_scope +R9881 Constprop.I +R9889 Coq.Lists.List.nil +R9866 Op.Odiv +R9996 Coq.Lists.List "x :: y" list_scope +R9991 Constprop.I +R10004 Coq.Lists.List "x :: y" list_scope +R9999 Constprop.I +R10007 Coq.Lists.List.nil +R9983 Op.Odivu +R10113 Coq.Lists.List "x :: y" list_scope +R10108 Constprop.I +R10121 Coq.Lists.List "x :: y" list_scope +R10116 Constprop.I +R10124 Coq.Lists.List.nil +R10101 Op.Oand +R10234 Coq.Lists.List "x :: y" list_scope +R10229 Constprop.I +R10237 Coq.Lists.List.nil +R10217 Op.Oandimm +R10342 Coq.Lists.List "x :: y" list_scope +R10337 Constprop.I +R10350 Coq.Lists.List "x :: y" list_scope +R10345 Constprop.I +R10353 Coq.Lists.List.nil +R10331 Op.Oor +R10462 Coq.Lists.List "x :: y" list_scope +R10457 Constprop.I +R10465 Coq.Lists.List.nil +R10446 Op.Oorimm +R10571 Coq.Lists.List "x :: y" list_scope +R10566 Constprop.I +R10579 Coq.Lists.List "x :: y" list_scope +R10574 Constprop.I +R10582 Coq.Lists.List.nil +R10559 Op.Oxor +R10692 Coq.Lists.List "x :: y" list_scope +R10687 Constprop.I +R10695 Coq.Lists.List.nil +R10675 Op.Oxorimm +R10802 Coq.Lists.List "x :: y" list_scope +R10797 Constprop.I +R10810 Coq.Lists.List "x :: y" list_scope +R10805 Constprop.I +R10813 Coq.Lists.List.nil +R10789 Op.Onand +R10919 Coq.Lists.List "x :: y" list_scope +R10914 Constprop.I +R10927 Coq.Lists.List "x :: y" list_scope +R10922 Constprop.I +R10930 Coq.Lists.List.nil +R10907 Op.Onor +R11037 Coq.Lists.List "x :: y" list_scope +R11032 Constprop.I +R11045 Coq.Lists.List "x :: y" list_scope +R11040 Constprop.I +R11048 Coq.Lists.List.nil +R11024 Op.Onxor +R11154 Coq.Lists.List "x :: y" list_scope +R11149 Constprop.I +R11162 Coq.Lists.List "x :: y" list_scope +R11157 Constprop.I +R11165 Coq.Lists.List.nil +R11142 Op.Oshl +R11271 Coq.Lists.List "x :: y" list_scope +R11266 Constprop.I +R11279 Coq.Lists.List "x :: y" list_scope +R11274 Constprop.I +R11282 Coq.Lists.List.nil +R11259 Op.Oshr +R11392 Coq.Lists.List "x :: y" list_scope +R11387 Constprop.I +R11395 Coq.Lists.List.nil +R11375 Op.Oshrimm +R11506 Coq.Lists.List "x :: y" list_scope +R11501 Constprop.I +R11509 Coq.Lists.List.nil +R11488 Op.Oshrximm +R11616 Coq.Lists.List "x :: y" list_scope +R11611 Constprop.I +R11624 Coq.Lists.List "x :: y" list_scope +R11619 Constprop.I +R11627 Coq.Lists.List.nil +R11603 Op.Oshru +R11755 Coq.Lists.List "x :: y" list_scope +R11750 Constprop.I +R11758 Coq.Lists.List.nil +R11730 Op.Orolm +R11862 Coq.Lists.List "x :: y" list_scope +R11857 Constprop.F +R11865 Coq.Lists.List.nil +R11849 Op.Onegf +R11969 Coq.Lists.List "x :: y" list_scope +R11964 Constprop.F +R11972 Coq.Lists.List.nil +R11956 Op.Oabsf +R12079 Coq.Lists.List "x :: y" list_scope +R12074 Constprop.F +R12087 Coq.Lists.List "x :: y" list_scope +R12082 Constprop.F +R12090 Coq.Lists.List.nil +R12066 Op.Oaddf +R12197 Coq.Lists.List "x :: y" list_scope +R12192 Constprop.F +R12205 Coq.Lists.List "x :: y" list_scope +R12200 Constprop.F +R12208 Coq.Lists.List.nil +R12184 Op.Osubf +R12315 Coq.Lists.List "x :: y" list_scope +R12310 Constprop.F +R12323 Coq.Lists.List "x :: y" list_scope +R12318 Constprop.F +R12326 Coq.Lists.List.nil +R12302 Op.Omulf +R12433 Coq.Lists.List "x :: y" list_scope +R12428 Constprop.F +R12441 Coq.Lists.List "x :: y" list_scope +R12436 Constprop.F +R12444 Coq.Lists.List.nil +R12420 Op.Odivf +R12557 Coq.Lists.List "x :: y" list_scope +R12552 Constprop.F +R12565 Coq.Lists.List "x :: y" list_scope +R12560 Constprop.F +R12573 Coq.Lists.List "x :: y" list_scope +R12568 Constprop.F +R12576 Coq.Lists.List.nil +R12541 Op.Omuladdf +R12689 Coq.Lists.List "x :: y" list_scope +R12684 Constprop.F +R12697 Coq.Lists.List "x :: y" list_scope +R12692 Constprop.F +R12705 Coq.Lists.List "x :: y" list_scope +R12700 Constprop.F +R12708 Coq.Lists.List.nil +R12673 Op.Omulsubf +R12821 Coq.Lists.List "x :: y" list_scope +R12816 Constprop.F +R12824 Coq.Lists.List.nil +R12799 Op.Osingleoffloat +R12934 Coq.Lists.List "x :: y" list_scope +R12929 Constprop.F +R12937 Coq.Lists.List.nil +R12915 Op.Ointoffloat +R13047 Coq.Lists.List "x :: y" list_scope +R13042 Constprop.I +R13050 Coq.Lists.List.nil +R13028 Op.Ofloatofint +R13161 Coq.Lists.List "x :: y" list_scope +R13156 Constprop.I +R13164 Coq.Lists.List.nil +R13141 Op.Ofloatofintu +R13257 Op.Ocmp +R13339 Coq.Lists.List.list +R13344 Constprop.approx +R13323 Op.operation +R13505 Constprop.eval_static_operation_cases +R13548 Op.Omove +R13557 Coq.Lists.List "x :: y" list_scope +R13559 Coq.Lists.List.nil +R13572 Constprop.eval_static_operation_case1 +R13607 Op.Ointconst +R13620 Coq.Lists.List.nil +R13633 Constprop.eval_static_operation_case2 +R13667 Op.Ofloatconst +R13682 Coq.Lists.List.nil +R13695 Constprop.eval_static_operation_case3 +R13729 Op.Oaddrsymbol +R13746 Coq.Lists.List.nil +R13759 Constprop.eval_static_operation_case4 +R13795 Op.Ocast8signed +R13814 Coq.Lists.List "x :: y" list_scope +R13809 Constprop.I +R13817 Coq.Lists.List.nil +R13830 Constprop.eval_static_operation_case6 +R13865 Op.Ocast16signed +R13885 Coq.Lists.List "x :: y" list_scope +R13880 Constprop.I +R13888 Coq.Lists.List.nil +R13901 Constprop.eval_static_operation_case7 +R13936 Op.Oadd +R13947 Coq.Lists.List "x :: y" list_scope +R13942 Constprop.I +R13955 Coq.Lists.List "x :: y" list_scope +R13950 Constprop.I +R13958 Coq.Lists.List.nil +R13971 Constprop.eval_static_operation_case8 +R14009 Op.Oadd +R14023 Coq.Lists.List "x :: y" list_scope +R14015 Constprop.S +R14031 Coq.Lists.List "x :: y" list_scope +R14026 Constprop.I +R14034 Coq.Lists.List.nil +R14047 Constprop.eval_static_operation_case9 +R14088 Op.Oaddimm +R14104 Coq.Lists.List "x :: y" list_scope +R14099 Constprop.I +R14107 Coq.Lists.List.nil +R14120 Constprop.eval_static_operation_case11 +R14158 Op.Oaddimm +R14177 Coq.Lists.List "x :: y" list_scope +R14169 Constprop.S +R14180 Coq.Lists.List.nil +R14193 Constprop.eval_static_operation_case12 +R14234 Op.Osub +R14245 Coq.Lists.List "x :: y" list_scope +R14240 Constprop.I +R14253 Coq.Lists.List "x :: y" list_scope +R14248 Constprop.I +R14256 Coq.Lists.List.nil +R14269 Constprop.eval_static_operation_case13 +R14308 Op.Osub +R14322 Coq.Lists.List "x :: y" list_scope +R14314 Constprop.S +R14330 Coq.Lists.List "x :: y" list_scope +R14325 Constprop.I +R14333 Coq.Lists.List.nil +R14346 Constprop.eval_static_operation_case14 +R14388 Op.Osubimm +R14404 Coq.Lists.List "x :: y" list_scope +R14399 Constprop.I +R14407 Coq.Lists.List.nil +R14420 Constprop.eval_static_operation_case15 +R14458 Op.Omul +R14469 Coq.Lists.List "x :: y" list_scope +R14464 Constprop.I +R14477 Coq.Lists.List "x :: y" list_scope +R14472 Constprop.I +R14480 Coq.Lists.List.nil +R14493 Constprop.eval_static_operation_case16 +R14532 Op.Omulimm +R14548 Coq.Lists.List "x :: y" list_scope +R14543 Constprop.I +R14551 Coq.Lists.List.nil +R14564 Constprop.eval_static_operation_case17 +R14602 Op.Odiv +R14613 Coq.Lists.List "x :: y" list_scope +R14608 Constprop.I +R14621 Coq.Lists.List "x :: y" list_scope +R14616 Constprop.I +R14624 Coq.Lists.List.nil +R14637 Constprop.eval_static_operation_case18 +R14676 Op.Odivu +R14688 Coq.Lists.List "x :: y" list_scope +R14683 Constprop.I +R14696 Coq.Lists.List "x :: y" list_scope +R14691 Constprop.I +R14699 Coq.Lists.List.nil +R14712 Constprop.eval_static_operation_case19 +R14751 Op.Oand +R14762 Coq.Lists.List "x :: y" list_scope +R14757 Constprop.I +R14770 Coq.Lists.List "x :: y" list_scope +R14765 Constprop.I +R14773 Coq.Lists.List.nil +R14786 Constprop.eval_static_operation_case20 +R14825 Op.Oandimm +R14841 Coq.Lists.List "x :: y" list_scope +R14836 Constprop.I +R14844 Coq.Lists.List.nil +R14857 Constprop.eval_static_operation_case21 +R14895 Op.Oor +R14905 Coq.Lists.List "x :: y" list_scope +R14900 Constprop.I +R14913 Coq.Lists.List "x :: y" list_scope +R14908 Constprop.I +R14916 Coq.Lists.List.nil +R14929 Constprop.eval_static_operation_case22 +R14968 Op.Oorimm +R14983 Coq.Lists.List "x :: y" list_scope +R14978 Constprop.I +R14986 Coq.Lists.List.nil +R14999 Constprop.eval_static_operation_case23 +R15037 Op.Oxor +R15048 Coq.Lists.List "x :: y" list_scope +R15043 Constprop.I +R15056 Coq.Lists.List "x :: y" list_scope +R15051 Constprop.I +R15059 Coq.Lists.List.nil +R15072 Constprop.eval_static_operation_case24 +R15111 Op.Oxorimm +R15127 Coq.Lists.List "x :: y" list_scope +R15122 Constprop.I +R15130 Coq.Lists.List.nil +R15143 Constprop.eval_static_operation_case25 +R15181 Op.Onand +R15193 Coq.Lists.List "x :: y" list_scope +R15188 Constprop.I +R15201 Coq.Lists.List "x :: y" list_scope +R15196 Constprop.I +R15204 Coq.Lists.List.nil +R15217 Constprop.eval_static_operation_case26 +R15256 Op.Onor +R15267 Coq.Lists.List "x :: y" list_scope +R15262 Constprop.I +R15275 Coq.Lists.List "x :: y" list_scope +R15270 Constprop.I +R15278 Coq.Lists.List.nil +R15291 Constprop.eval_static_operation_case27 +R15330 Op.Onxor +R15342 Coq.Lists.List "x :: y" list_scope +R15337 Constprop.I +R15350 Coq.Lists.List "x :: y" list_scope +R15345 Constprop.I +R15353 Coq.Lists.List.nil +R15366 Constprop.eval_static_operation_case28 +R15405 Op.Oshl +R15416 Coq.Lists.List "x :: y" list_scope +R15411 Constprop.I +R15424 Coq.Lists.List "x :: y" list_scope +R15419 Constprop.I +R15427 Coq.Lists.List.nil +R15440 Constprop.eval_static_operation_case29 +R15479 Op.Oshr +R15490 Coq.Lists.List "x :: y" list_scope +R15485 Constprop.I +R15498 Coq.Lists.List "x :: y" list_scope +R15493 Constprop.I +R15501 Coq.Lists.List.nil +R15514 Constprop.eval_static_operation_case30 +R15553 Op.Oshrimm +R15569 Coq.Lists.List "x :: y" list_scope +R15564 Constprop.I +R15572 Coq.Lists.List.nil +R15585 Constprop.eval_static_operation_case31 +R15623 Op.Oshrximm +R15640 Coq.Lists.List "x :: y" list_scope +R15635 Constprop.I +R15643 Coq.Lists.List.nil +R15656 Constprop.eval_static_operation_case32 +R15694 Op.Oshru +R15706 Coq.Lists.List "x :: y" list_scope +R15701 Constprop.I +R15714 Coq.Lists.List "x :: y" list_scope +R15709 Constprop.I +R15717 Coq.Lists.List.nil +R15730 Constprop.eval_static_operation_case33 +R15769 Op.Orolm +R15793 Coq.Lists.List "x :: y" list_scope +R15788 Constprop.I +R15796 Coq.Lists.List.nil +R15809 Constprop.eval_static_operation_case34 +R15857 Op.Onegf +R15869 Coq.Lists.List "x :: y" list_scope +R15864 Constprop.F +R15872 Coq.Lists.List.nil +R15885 Constprop.eval_static_operation_case35 +R15921 Op.Oabsf +R15933 Coq.Lists.List "x :: y" list_scope +R15928 Constprop.F +R15936 Coq.Lists.List.nil +R15949 Constprop.eval_static_operation_case36 +R15985 Op.Oaddf +R15997 Coq.Lists.List "x :: y" list_scope +R15992 Constprop.F +R16005 Coq.Lists.List "x :: y" list_scope +R16000 Constprop.F +R16008 Coq.Lists.List.nil +R16021 Constprop.eval_static_operation_case37 +R16060 Op.Osubf +R16072 Coq.Lists.List "x :: y" list_scope +R16067 Constprop.F +R16080 Coq.Lists.List "x :: y" list_scope +R16075 Constprop.F +R16083 Coq.Lists.List.nil +R16096 Constprop.eval_static_operation_case38 +R16135 Op.Omulf +R16147 Coq.Lists.List "x :: y" list_scope +R16142 Constprop.F +R16155 Coq.Lists.List "x :: y" list_scope +R16150 Constprop.F +R16158 Coq.Lists.List.nil +R16171 Constprop.eval_static_operation_case39 +R16210 Op.Odivf +R16222 Coq.Lists.List "x :: y" list_scope +R16217 Constprop.F +R16230 Coq.Lists.List "x :: y" list_scope +R16225 Constprop.F +R16233 Coq.Lists.List.nil +R16246 Constprop.eval_static_operation_case40 +R16285 Op.Omuladdf +R16300 Coq.Lists.List "x :: y" list_scope +R16295 Constprop.F +R16308 Coq.Lists.List "x :: y" list_scope +R16303 Constprop.F +R16316 Coq.Lists.List "x :: y" list_scope +R16311 Constprop.F +R16319 Coq.Lists.List.nil +R16332 Constprop.eval_static_operation_case41 +R16374 Op.Omulsubf +R16389 Coq.Lists.List "x :: y" list_scope +R16384 Constprop.F +R16397 Coq.Lists.List "x :: y" list_scope +R16392 Constprop.F +R16405 Coq.Lists.List "x :: y" list_scope +R16400 Constprop.F +R16408 Coq.Lists.List.nil +R16421 Constprop.eval_static_operation_case42 +R16463 Op.Osingleoffloat +R16484 Coq.Lists.List "x :: y" list_scope +R16479 Constprop.F +R16487 Coq.Lists.List.nil +R16500 Constprop.eval_static_operation_case43 +R16536 Op.Ointoffloat +R16554 Coq.Lists.List "x :: y" list_scope +R16549 Constprop.F +R16557 Coq.Lists.List.nil +R16570 Constprop.eval_static_operation_case44 +R16606 Op.Ofloatofint +R16624 Coq.Lists.List "x :: y" list_scope +R16619 Constprop.I +R16627 Coq.Lists.List.nil +R16640 Constprop.eval_static_operation_case45 +R16676 Op.Ofloatofintu +R16695 Coq.Lists.List "x :: y" list_scope +R16690 Constprop.I +R16698 Coq.Lists.List.nil +R16711 Constprop.eval_static_operation_case46 +R16747 Op.Ocmp +R16767 Constprop.eval_static_operation_case47 +R16821 Constprop.eval_static_operation_default +R13455 Coq.Lists.List.list +R13460 Constprop.approx +R13439 Op.operation +R16943 Constprop.eval_static_operation_match +R16986 Constprop.eval_static_operation_case1 +R17033 Constprop.eval_static_operation_case2 +R17072 Constprop.I +R17080 Constprop.eval_static_operation_case3 +R17119 Constprop.F +R17127 Constprop.eval_static_operation_case4 +R17168 Constprop.S +R17178 Constprop.eval_static_operation_case6 +R17218 Constprop.I +R17220 Integers.cast8signed +R17244 Constprop.eval_static_operation_case7 +R17284 Constprop.I +R17286 Integers.cast16signed +R17311 Constprop.eval_static_operation_case8 +R17354 Constprop.I +R17356 Integers.add +R17375 Constprop.eval_static_operation_case9 +R17421 Constprop.S +R17427 Integers.add +R17446 Constprop.eval_static_operation_case11 +R17489 Constprop.I +R17492 Integers.add +R17510 Constprop.eval_static_operation_case12 +R17556 Constprop.S +R17562 Integers.add +R17580 Constprop.eval_static_operation_case13 +R17624 Constprop.I +R17626 Integers.sub +R17645 Constprop.eval_static_operation_case14 +R17692 Constprop.S +R17698 Integers.sub +R17717 Constprop.eval_static_operation_case15 +R17760 Constprop.I +R17763 Integers.sub +R17781 Constprop.eval_static_operation_case16 +R17825 Constprop.I +R17827 Integers.mul +R17846 Constprop.eval_static_operation_case17 +R17889 Constprop.I +R17891 Integers.mul +R17909 Constprop.eval_static_operation_case18 +R17956 Integers.eq +R17966 Integers.zero +R17993 Constprop.I +R17995 Integers.divs +R17980 Constprop.Unknown +R18015 Constprop.eval_static_operation_case19 +R18062 Integers.eq +R18072 Integers.zero +R18099 Constprop.I +R18101 Integers.divu +R18086 Constprop.Unknown +R18121 Constprop.eval_static_operation_case20 +R18165 Constprop.I +R18167 Integers.and +R18186 Constprop.eval_static_operation_case21 +R18229 Constprop.I +R18231 Integers.and +R18249 Constprop.eval_static_operation_case22 +R18293 Constprop.I +R18295 Integers.or +R18313 Constprop.eval_static_operation_case23 +R18356 Constprop.I +R18358 Integers.or +R18375 Constprop.eval_static_operation_case24 +R18419 Constprop.I +R18421 Integers.xor +R18440 Constprop.eval_static_operation_case25 +R18483 Constprop.I +R18485 Integers.xor +R18503 Constprop.eval_static_operation_case26 +R18547 Constprop.I +R18549 Integers.xor +R18573 Integers.mone +R18558 Integers.and +R18587 Constprop.eval_static_operation_case27 +R18631 Constprop.I +R18633 Integers.xor +R18656 Integers.mone +R18642 Integers.or +R18670 Constprop.eval_static_operation_case28 +R18714 Constprop.I +R18716 Integers.xor +R18740 Integers.mone +R18725 Integers.xor +R18754 Constprop.eval_static_operation_case29 +R18801 Integers.ltu +R18813 Integers.repr +R18853 Constprop.Unknown +R18831 Constprop.I +R18833 Integers.shl +R18865 Constprop.eval_static_operation_case30 +R18912 Integers.ltu +R18924 Integers.repr +R18964 Constprop.Unknown +R18942 Constprop.I +R18944 Integers.shr +R18976 Constprop.eval_static_operation_case31 +R19022 Integers.ltu +R19033 Integers.repr +R19072 Constprop.Unknown +R19051 Constprop.I +R19053 Integers.shr +R19084 Constprop.eval_static_operation_case32 +R19130 Integers.ltu +R19141 Integers.repr +R19181 Constprop.Unknown +R19159 Constprop.I +R19161 Integers.shrx +R19193 Constprop.eval_static_operation_case33 +R19240 Integers.ltu +R19252 Integers.repr +R19293 Constprop.Unknown +R19270 Constprop.I +R19272 Integers.shru +R19305 Constprop.eval_static_operation_case34 +R19358 Constprop.I +R19360 Integers.rolm +R19389 Constprop.eval_static_operation_case35 +R19430 Constprop.F +R19432 Floats.neg +R19450 Constprop.eval_static_operation_case36 +R19491 Constprop.F +R19493 Floats.abs +R19511 Constprop.eval_static_operation_case37 +R19555 Constprop.F +R19557 Floats.add +R19578 Constprop.eval_static_operation_case38 +R19622 Constprop.F +R19624 Floats.sub +R19645 Constprop.eval_static_operation_case39 +R19689 Constprop.F +R19691 Floats.mul +R19712 Constprop.eval_static_operation_case40 +R19756 Constprop.F +R19758 Floats.div +R19779 Constprop.eval_static_operation_case41 +R19826 Constprop.F +R19828 Floats.add +R19839 Floats.mul +R19864 Constprop.eval_static_operation_case42 +R19911 Constprop.F +R19913 Floats.sub +R19924 Floats.mul +R19949 Constprop.eval_static_operation_case43 +R19990 Constprop.F +R19992 Floats.singleoffloat +R20020 Constprop.eval_static_operation_case44 +R20061 Constprop.I +R20063 Floats.intoffloat +R20088 Constprop.eval_static_operation_case45 +R20129 Constprop.F +R20131 Floats.floatofint +R20156 Constprop.eval_static_operation_case46 +R20197 Constprop.F +R20199 Floats.floatofintu +R20225 Constprop.eval_static_operation_case47 +R20274 Constprop.eval_static_condition +R20314 Coq.Init.Datatypes.None +R20322 Constprop.Unknown +R20338 Coq.Init.Datatypes.Some +R20348 Constprop.I +R20373 Integers.zero +R20360 Integers.one +R20397 Constprop.eval_static_operation_default +R20442 Constprop.Unknown +R16919 Coq.Lists.List.list +R16924 Constprop.approx +R16903 Op.operation +R20515 Coq.Lists.List.map +R20534 Constprop.get +R20505 Constprop.t +R20486 Coq.Lists.List.list +R20491 Registers.reg +R20636 Maps "a ! b" +R20628 RTL.fn_code +R20649 Coq.Init.Datatypes.None +R20668 Coq.Init.Datatypes.Some +R20705 RTL.Inop +R20740 RTL.Iop +R20844 Constprop.set +R20780 Constprop.eval_static_operation +R20806 Constprop.approx_regs +R20871 RTL.Iload +R20912 Constprop.set +R20922 Constprop.Unknown +R20945 RTL.Istore +R21002 RTL.Icall +R21040 Constprop.set +R21050 Constprop.Unknown +R21073 RTL.Icond +R21128 RTL.Ireturn +R20609 Constprop.t +R20594 RTL.node +R20579 RTL.function +R21252 Coq.Init.Datatypes.option +R21260 Maps.t +R21267 Constprop.t +R21277 Constprop.fixpoint +R21374 Coq.Lists.List "x :: y" list_scope +R21347 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21351 RTL.fn_entrypoint +R21367 Constprop.top +R21377 Coq.Lists.List.nil +R21319 Constprop.transfer +R21307 RTL.fn_nextpc +R21290 RTL.successors +R21237 RTL.function +R21456 Constprop.t +R21491 Coq.Init.Datatypes.option +R21498 Integers.int +R21513 Constprop.get +R21533 Constprop.I +R21540 Coq.Init.Datatypes.Some +R21554 Coq.Init.Datatypes.None +R21484 Registers.reg +R21619 Coq.Lists.List.list +R21624 Registers.reg +R21606 Op.condition +R21725 Coq.Lists.List "x :: y" list_scope +R21731 Coq.Lists.List "x :: y" list_scope +R21734 Coq.Lists.List.nil +R21712 Op.Ccomp +R21827 Coq.Lists.List "x :: y" list_scope +R21833 Coq.Lists.List "x :: y" list_scope +R21836 Coq.Lists.List.nil +R21813 Op.Ccompu +R22031 Constprop.cond_strength_reduction_cases +R22074 Op.Ccomp +R22086 Coq.Lists.List "x :: y" list_scope +R22092 Coq.Lists.List "x :: y" list_scope +R22095 Coq.Lists.List.nil +R22108 Constprop.csr_case1 +R22130 Op.Ccompu +R22143 Coq.Lists.List "x :: y" list_scope +R22149 Coq.Lists.List "x :: y" list_scope +R22152 Coq.Lists.List.nil +R22165 Constprop.csr_case2 +R22205 Constprop.csr_default +R21984 Coq.Lists.List.list +R21989 Registers.reg +R21968 Op.condition +R22329 Coq.Init.Datatypes "x * y" type_scope +R22319 Op.condition +R22331 Coq.Lists.List.list +R22336 Registers.reg +R22351 Constprop.cond_strength_reduction_match +R22400 Constprop.csr_case1 +R22444 Constprop.intval +R22433 Constprop.intval +R22467 Coq.Init.Datatypes.Some +R22490 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22491 Op.Ccompimm +R22501 AST.swap_comparison +R22526 Coq.Lists.List "x :: y" list_scope +R22529 Coq.Lists.List.nil +R22545 Coq.Init.Datatypes.Some +R22565 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22566 Op.Ccompimm +R22583 Coq.Lists.List "x :: y" list_scope +R22586 Coq.Lists.List.nil +R22617 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22644 Constprop.csr_case2 +R22688 Constprop.intval +R22677 Constprop.intval +R22711 Coq.Init.Datatypes.Some +R22734 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22735 Op.Ccompuimm +R22746 AST.swap_comparison +R22771 Coq.Lists.List "x :: y" list_scope +R22774 Coq.Lists.List.nil +R22790 Coq.Init.Datatypes.Some +R22810 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22811 Op.Ccompuimm +R22829 Coq.Lists.List "x :: y" list_scope +R22832 Coq.Lists.List.nil +R22863 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22890 Constprop.csr_default +R22921 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22307 Coq.Lists.List.list +R22312 Registers.reg +R22289 Op.condition +R22991 Integers.eq +R23000 Integers.zero +R23041 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23042 Op.Oaddimm +R23055 Coq.Lists.List "x :: y" list_scope +R23058 Coq.Lists.List.nil +R23016 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23017 Op.Omove +R23026 Coq.Lists.List "x :: y" list_scope +R23029 Coq.Lists.List.nil +R22978 Registers.reg +R22969 Integers.int +R23114 Integers.eq +R23123 Integers.zero +R23164 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23165 Op.Orolm +R23174 Integers.shl +R23182 Integers.mone +R23197 Coq.Lists.List "x :: y" list_scope +R23200 Coq.Lists.List.nil +R23139 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23140 Op.Omove +R23149 Coq.Lists.List "x :: y" list_scope +R23152 Coq.Lists.List.nil +R23101 Registers.reg +R23092 Integers.int +R23256 Integers.eq +R23265 Integers.zero +R23306 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23307 Op.Oshrimm +R23320 Coq.Lists.List "x :: y" list_scope +R23323 Coq.Lists.List.nil +R23281 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23282 Op.Omove +R23291 Coq.Lists.List "x :: y" list_scope +R23294 Coq.Lists.List.nil +R23243 Registers.reg +R23234 Integers.int +R23380 Integers.eq +R23389 Integers.zero +R23430 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23431 Op.Orolm +R23464 Integers.shru +R23473 Integers.mone +R23438 Integers.sub +R23447 Integers.repr +R23488 Coq.Lists.List "x :: y" list_scope +R23491 Coq.Lists.List.nil +R23405 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23406 Op.Omove +R23415 Coq.Lists.List "x :: y" list_scope +R23418 Coq.Lists.List.nil +R23367 Registers.reg +R23358 Integers.int +R23547 Integers.eq +R23556 Integers.zero +R23610 Integers.eq +R23619 Integers.one +R23671 Integers.is_power2 +R23698 Coq.Init.Datatypes.Some +R23708 Constprop.make_shlimm +R23730 Coq.Init.Datatypes.None +R23738 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23739 Op.Omulimm +R23752 Coq.Lists.List "x :: y" list_scope +R23755 Coq.Lists.List.nil +R23636 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23637 Op.Omove +R23646 Coq.Lists.List "x :: y" list_scope +R23649 Coq.Lists.List.nil +R23574 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23575 Op.Ointconst +R23585 Integers.zero +R23595 Coq.Lists.List.nil +R23534 Registers.reg +R23525 Integers.int +R23819 Integers.eq +R23828 Integers.zero +R23880 Integers.eq +R23889 Integers.mone +R23928 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23929 Op.Oandimm +R23942 Coq.Lists.List "x :: y" list_scope +R23945 Coq.Lists.List.nil +R23903 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23904 Op.Omove +R23913 Coq.Lists.List "x :: y" list_scope +R23916 Coq.Lists.List.nil +R23844 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23845 Op.Ointconst +R23855 Integers.zero +R23865 Coq.Lists.List.nil +R23806 Registers.reg +R23797 Integers.int +R24000 Integers.eq +R24009 Integers.zero +R24051 Integers.eq +R24060 Integers.mone +R24107 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R24108 Op.Oorimm +R24120 Coq.Lists.List "x :: y" list_scope +R24123 Coq.Lists.List.nil +R24074 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R24075 Op.Ointconst +R24085 Integers.mone +R24095 Coq.Lists.List.nil +R24023 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R24024 Op.Omove +R24033 Coq.Lists.List "x :: y" list_scope +R24036 Coq.Lists.List.nil +R23987 Registers.reg +R23978 Integers.int +R24179 Integers.eq +R24188 Integers.zero +R24229 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R24230 Op.Oxorimm +R24243 Coq.Lists.List "x :: y" list_scope +R24246 Coq.Lists.List.nil +R24204 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R24205 Op.Omove +R24214 Coq.Lists.List "x :: y" list_scope +R24217 Coq.Lists.List.nil +R24166 Registers.reg +R24157 Integers.int +R24305 Coq.Lists.List.list +R24310 Registers.reg +R24292 Op.operation +R24434 Coq.Lists.List "x :: y" list_scope +R24440 Coq.Lists.List "x :: y" list_scope +R24443 Coq.Lists.List.nil +R24425 Op.Oadd +R24385 Registers.reg +R24375 Registers.reg +R24558 Coq.Lists.List "x :: y" list_scope +R24564 Coq.Lists.List "x :: y" list_scope +R24567 Coq.Lists.List.nil +R24549 Op.Osub +R24509 Registers.reg +R24499 Registers.reg +R24682 Coq.Lists.List "x :: y" list_scope +R24688 Coq.Lists.List "x :: y" list_scope +R24691 Coq.Lists.List.nil +R24673 Op.Omul +R24633 Registers.reg +R24623 Registers.reg +R24806 Coq.Lists.List "x :: y" list_scope +R24812 Coq.Lists.List "x :: y" list_scope +R24815 Coq.Lists.List.nil +R24797 Op.Odiv +R24757 Registers.reg +R24747 Registers.reg +R24931 Coq.Lists.List "x :: y" list_scope +R24937 Coq.Lists.List "x :: y" list_scope +R24940 Coq.Lists.List.nil +R24921 Op.Odivu +R24881 Registers.reg +R24871 Registers.reg +R25055 Coq.Lists.List "x :: y" list_scope +R25061 Coq.Lists.List "x :: y" list_scope +R25064 Coq.Lists.List.nil +R25046 Op.Oand +R25006 Registers.reg +R24996 Registers.reg +R25178 Coq.Lists.List "x :: y" list_scope +R25184 Coq.Lists.List "x :: y" list_scope +R25187 Coq.Lists.List.nil +R25170 Op.Oor +R25130 Registers.reg +R25120 Registers.reg +R25302 Coq.Lists.List "x :: y" list_scope +R25308 Coq.Lists.List "x :: y" list_scope +R25311 Coq.Lists.List.nil +R25293 Op.Oxor +R25253 Registers.reg +R25243 Registers.reg +R25426 Coq.Lists.List "x :: y" list_scope +R25432 Coq.Lists.List "x :: y" list_scope +R25435 Coq.Lists.List.nil +R25417 Op.Oshl +R25377 Registers.reg +R25367 Registers.reg +R25551 Coq.Lists.List "x :: y" list_scope +R25557 Coq.Lists.List "x :: y" list_scope +R25560 Coq.Lists.List.nil +R25542 Op.Oshr +R25502 Registers.reg +R25492 Registers.reg +R25677 Coq.Lists.List "x :: y" list_scope +R25683 Coq.Lists.List "x :: y" list_scope +R25686 Coq.Lists.List.nil +R25667 Op.Oshru +R25627 Registers.reg +R25617 Registers.reg +R25804 Op.Ocmp +R25758 Coq.Lists.List.list +R25763 Registers.reg +R25742 Op.condition +R25886 Coq.Lists.List.list +R25891 Registers.reg +R25868 Op.operation +R26052 Constprop.op_strength_reduction_cases +R26095 Op.Oadd +R26104 Coq.Lists.List "x :: y" list_scope +R26110 Coq.Lists.List "x :: y" list_scope +R26113 Coq.Lists.List.nil +R26126 Constprop.op_strength_reduction_case1 +R26164 Op.Osub +R26173 Coq.Lists.List "x :: y" list_scope +R26179 Coq.Lists.List "x :: y" list_scope +R26182 Coq.Lists.List.nil +R26195 Constprop.op_strength_reduction_case2 +R26233 Op.Omul +R26242 Coq.Lists.List "x :: y" list_scope +R26248 Coq.Lists.List "x :: y" list_scope +R26251 Coq.Lists.List.nil +R26264 Constprop.op_strength_reduction_case3 +R26302 Op.Odiv +R26311 Coq.Lists.List "x :: y" list_scope +R26317 Coq.Lists.List "x :: y" list_scope +R26320 Coq.Lists.List.nil +R26333 Constprop.op_strength_reduction_case4 +R26371 Op.Odivu +R26381 Coq.Lists.List "x :: y" list_scope +R26387 Coq.Lists.List "x :: y" list_scope +R26390 Coq.Lists.List.nil +R26403 Constprop.op_strength_reduction_case5 +R26441 Op.Oand +R26450 Coq.Lists.List "x :: y" list_scope +R26456 Coq.Lists.List "x :: y" list_scope +R26459 Coq.Lists.List.nil +R26472 Constprop.op_strength_reduction_case6 +R26510 Op.Oor +R26518 Coq.Lists.List "x :: y" list_scope +R26524 Coq.Lists.List "x :: y" list_scope +R26527 Coq.Lists.List.nil +R26540 Constprop.op_strength_reduction_case7 +R26578 Op.Oxor +R26587 Coq.Lists.List "x :: y" list_scope +R26593 Coq.Lists.List "x :: y" list_scope +R26596 Coq.Lists.List.nil +R26609 Constprop.op_strength_reduction_case8 +R26647 Op.Oshl +R26656 Coq.Lists.List "x :: y" list_scope +R26662 Coq.Lists.List "x :: y" list_scope +R26665 Coq.Lists.List.nil +R26678 Constprop.op_strength_reduction_case9 +R26716 Op.Oshr +R26725 Coq.Lists.List "x :: y" list_scope +R26731 Coq.Lists.List "x :: y" list_scope +R26734 Coq.Lists.List.nil +R26747 Constprop.op_strength_reduction_case10 +R26786 Op.Oshru +R26796 Coq.Lists.List "x :: y" list_scope +R26802 Coq.Lists.List "x :: y" list_scope +R26805 Coq.Lists.List.nil +R26818 Constprop.op_strength_reduction_case11 +R26857 Op.Ocmp +R26877 Constprop.op_strength_reduction_case12 +R26933 Constprop.op_strength_reduction_default +R26003 Coq.Lists.List.list +R26008 Registers.reg +R25985 Op.operation +R27056 Constprop.op_strength_reduction_match +R27101 Constprop.op_strength_reduction_case1 +R27172 Constprop.intval +R27161 Constprop.intval +R27195 Coq.Init.Datatypes.Some +R27208 Constprop.make_addimm +R27236 Coq.Init.Datatypes.Some +R27246 Constprop.make_addimm +R27279 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R27304 Constprop.op_strength_reduction_case2 +R27375 Constprop.intval +R27364 Constprop.intval +R27398 Coq.Init.Datatypes.Some +R27411 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R27412 Op.Osubimm +R27426 Coq.Lists.List "x :: y" list_scope +R27429 Coq.Lists.List.nil +R27445 Coq.Init.Datatypes.Some +R27455 Constprop.make_addimm +R27468 Integers.neg +R27498 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R27523 Constprop.op_strength_reduction_case3 +R27594 Constprop.intval +R27583 Constprop.intval +R27617 Coq.Init.Datatypes.Some +R27630 Constprop.make_mulimm +R27658 Coq.Init.Datatypes.Some +R27668 Constprop.make_mulimm +R27701 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R27726 Constprop.op_strength_reduction_case4 +R27786 Constprop.intval +R27809 Coq.Init.Datatypes.Some +R27835 Integers.is_power2 +R27868 Coq.Init.Datatypes.Some +R27878 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R27879 Op.Oshrximm +R27894 Coq.Lists.List "x :: y" list_scope +R27897 Coq.Lists.List.nil +R27914 Coq.Init.Datatypes.None +R27924 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R27957 Coq.Init.Datatypes.None +R27975 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R28000 Constprop.op_strength_reduction_case5 +R28061 Constprop.intval +R28084 Coq.Init.Datatypes.Some +R28110 Integers.is_power2 +R28143 Coq.Init.Datatypes.Some +R28153 Constprop.make_shruimm +R28183 Coq.Init.Datatypes.None +R28193 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R28226 Coq.Init.Datatypes.None +R28244 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R28269 Constprop.op_strength_reduction_case6 +R28340 Constprop.intval +R28329 Constprop.intval +R28363 Coq.Init.Datatypes.Some +R28376 Constprop.make_andimm +R28404 Coq.Init.Datatypes.Some +R28414 Constprop.make_andimm +R28447 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R28472 Constprop.op_strength_reduction_case7 +R28542 Constprop.intval +R28531 Constprop.intval +R28565 Coq.Init.Datatypes.Some +R28578 Constprop.make_orimm +R28605 Coq.Init.Datatypes.Some +R28615 Constprop.make_orimm +R28647 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R28672 Constprop.op_strength_reduction_case8 +R28743 Constprop.intval +R28732 Constprop.intval +R28766 Coq.Init.Datatypes.Some +R28779 Constprop.make_xorimm +R28807 Coq.Init.Datatypes.Some +R28817 Constprop.make_xorimm +R28850 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R28875 Constprop.op_strength_reduction_case9 +R28935 Constprop.intval +R28958 Coq.Init.Datatypes.Some +R28981 Integers.ltu +R28992 Integers.repr +R29052 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R29020 Constprop.make_shlimm +R29076 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R29101 Constprop.op_strength_reduction_case10 +R29162 Constprop.intval +R29185 Coq.Init.Datatypes.Some +R29208 Integers.ltu +R29219 Integers.repr +R29279 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R29247 Constprop.make_shrimm +R29303 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R29328 Constprop.op_strength_reduction_case11 +R29390 Constprop.intval +R29413 Coq.Init.Datatypes.Some +R29436 Integers.ltu +R29447 Integers.repr +R29508 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R29475 Constprop.make_shruimm +R29532 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R29557 Constprop.op_strength_reduction_case12 +R29632 Constprop.cond_strength_reduction +R29672 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R29673 Op.Ocmp +R29693 Constprop.op_strength_reduction_default +R29754 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R27035 Coq.Lists.List.list +R27040 Registers.reg +R27017 Op.operation +R29847 Coq.Lists.List.list +R29852 Registers.reg +R29828 Op.addressing +R29986 Coq.Lists.List "x :: y" list_scope +R29992 Coq.Lists.List "x :: y" list_scope +R29995 Coq.Lists.List.nil +R29971 Op.Aindexed2 +R29928 Registers.reg +R29918 Registers.reg +R30142 Coq.Lists.List "x :: y" list_scope +R30145 Coq.Lists.List.nil +R30121 Op.Abased +R30078 Registers.reg +R30068 Integers.int +R30055 AST.ident +R30257 Coq.Lists.List "x :: y" list_scope +R30260 Coq.Lists.List.nil +R30241 Op.Aindexed +R30341 Coq.Lists.List.list +R30346 Registers.reg +R30322 Op.addressing +R30518 Constprop.addr_strength_reduction_cases +R30563 Op.Aindexed2 +R30577 Coq.Lists.List "x :: y" list_scope +R30583 Coq.Lists.List "x :: y" list_scope +R30586 Coq.Lists.List.nil +R30599 Constprop.addr_strength_reduction_case1 +R30639 Op.Abased +R30659 Coq.Lists.List "x :: y" list_scope +R30662 Coq.Lists.List.nil +R30675 Constprop.addr_strength_reduction_case2 +R30721 Op.Aindexed +R30736 Coq.Lists.List "x :: y" list_scope +R30739 Coq.Lists.List.nil +R30752 Constprop.addr_strength_reduction_case3 +R30811 Constprop.addr_strength_reduction_default +R30467 Coq.Lists.List.list +R30472 Registers.reg +R30448 Op.addressing +R30943 Constprop.addr_strength_reduction_match +R30992 Constprop.addr_strength_reduction_case1 +R31076 Constprop.get +R31059 Constprop.get +R31105 Constprop.S +R31116 Constprop.I +R31124 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31125 Op.Aglobal +R31139 Integers.add +R31155 Coq.Lists.List.nil +R31168 Constprop.S +R31184 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31185 Op.Abased +R31204 Coq.Lists.List "x :: y" list_scope +R31207 Coq.Lists.List.nil +R31220 Constprop.I +R31226 Constprop.S +R31239 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31240 Op.Aglobal +R31254 Integers.add +R31270 Coq.Lists.List.nil +R31283 Constprop.I +R31294 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31295 Op.Aindexed +R31311 Coq.Lists.List "x :: y" list_scope +R31314 Coq.Lists.List.nil +R31330 Constprop.S +R31343 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31344 Op.Abased +R31363 Coq.Lists.List "x :: y" list_scope +R31366 Coq.Lists.List.nil +R31382 Constprop.I +R31390 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31391 Op.Aindexed +R31407 Coq.Lists.List "x :: y" list_scope +R31410 Coq.Lists.List.nil +R31431 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31458 Constprop.addr_strength_reduction_case2 +R31528 Constprop.intval +R31551 Coq.Init.Datatypes.Some +R31561 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31562 Op.Aglobal +R31576 Integers.add +R31592 Coq.Lists.List.nil +R31610 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31637 Constprop.addr_strength_reduction_case3 +R31702 Constprop.get +R31731 Constprop.S +R31745 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31746 Op.Aglobal +R31760 Integers.add +R31776 Coq.Lists.List.nil +R31794 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R31821 Constprop.addr_strength_reduction_default +R31886 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R30922 Coq.Lists.List.list +R30927 Registers.reg +R30903 Op.addressing +R32044 RTL.Iop +R32077 Constprop.eval_static_operation +R32103 Constprop.approx_regs +R32141 Constprop.I +R32158 RTL.Iop +R32176 Coq.Lists.List.nil +R32163 Op.Ointconst +R32194 Constprop.F +R32211 RTL.Iop +R32231 Coq.Lists.List.nil +R32216 Op.Ofloatconst +R32249 Constprop.S +R32273 RTL.Iop +R32300 Coq.Lists.List.nil +R32278 Op.Oaddrsymbol +R32353 Constprop.op_strength_reduction +R32403 RTL.Iop +R32437 RTL.Iload +R32496 Constprop.addr_strength_reduction +R32546 RTL.Iload +R32586 RTL.Istore +R32646 Constprop.addr_strength_reduction +R32696 RTL.Istore +R32737 RTL.Icall +R33022 RTL.Icall +R32816 Coq.Init.Datatypes.inl +R32843 Constprop.get +R32877 Constprop.S +R32894 Integers.eq +R32905 Integers.zero +R32919 Coq.Init.Datatypes.inr +R32988 Coq.Init.Datatypes.inr +R33052 RTL.Icond +R33089 Constprop.eval_static_condition +R33117 Constprop.approx_regs +R33155 Coq.Init.Datatypes.Some +R33198 RTL.Inop +R33185 RTL.Inop +R33214 Coq.Init.Datatypes.None +R33254 Constprop.cond_strength_reduction +R33308 RTL.Icond +R32005 RTL.instruction +R31992 Constprop.t +R33433 RTL.code +R33443 Maps.map +R33470 Constprop.transf_instr +R33490 Maps "a !! b" +R33425 RTL.code +R33404 Maps.t +R33411 Constprop.t +R33658 Coq.Init.Logic "A \/ B" type_scope +R33631 Coqlib.Plt +R33641 RTL.fn_nextpc +R33698 Coq.Init.Logic "x = y" type_scope +R33693 Maps "a ! b" +R33662 Constprop.transf_code +R33685 RTL.fn_code +R33700 Coq.Init.Datatypes.None +R33588 Coq.Init.Logic "A \/ B" type_scope +R33567 Coqlib.Plt +R33577 RTL.fn_nextpc +R33606 Coq.Init.Logic "x = y" type_scope +R33602 Maps "a ! b" +R33594 RTL.fn_code +R33608 Coq.Init.Datatypes.None +R33798 Maps.gmap +R33798 Maps.gmap +R33906 RTL.function +R33926 Constprop.analyze +R33945 Coq.Init.Datatypes.None +R33959 Coq.Init.Datatypes.Some +R33981 RTL.mkfunction +R34157 Constprop.transf_code_wf +R34185 RTL.fn_code_wf +R34137 RTL.fn_nextpc +R34111 RTL.fn_entrypoint +R34067 Constprop.transf_code +R34090 RTL.fn_code +R34044 RTL.fn_stacksize +R34022 RTL.fn_params +R34003 RTL.fn_sig +R33894 RTL.function +R34247 RTL.program +R34260 AST.transform_program +R34278 Constprop.transf_function +R34236 RTL.program +FConstpropproof +R334 RTL.genv +R419 Constprop.Unknown +R430 Coq.Init.Logic.True +R439 Constprop.I +R448 Coq.Init.Logic "x = y" type_scope +R450 Values.Vint +R461 Constprop.F +R470 Coq.Init.Logic "x = y" type_scope +R472 Values.Vfloat +R485 Constprop.S +R499 Coq.Init.Logic "'exists' x , p" type_scope +R543 Coq.Init.Logic "A /\ B" type_scope +R534 Coq.Init.Logic "x = y" type_scope +R509 Globalenvs.find_symbol +R536 Coq.Init.Datatypes.Some +R548 Coq.Init.Logic "x = y" type_scope +R550 Values.Vptr +R570 Coq.Init.Logic.False +R385 Values.val +R373 Constprop.approx +R657 Constpropproof.val_match_approx +R688 Registers "a # b" +R675 Constprop.get +R627 RTL.regset +R617 Constprop.t +R792 Constpropproof.val_match_approx +R767 Constpropproof.val_match_approx +R748 Constprop.ge +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R1033 Constpropproof.regs_match_approx +R1006 Constpropproof.regs_match_approx +R992 Constprop.ge +R1149 Constprop.get +R1115 Constpropproof.val_match_approx_increasing +R1149 Constprop.get +R1115 Constpropproof.val_match_approx_increasing +R1285 Constpropproof.regs_match_approx +R1321 Registers "a # b <- c" +R1304 Constprop.set +R1256 Constpropproof.regs_match_approx +R1230 Constpropproof.val_match_approx +R1369 Registers.gsspec +R1369 Registers.gsspec +R1393 Coqlib.peq +R1393 Coqlib.peq +R1431 Constprop.gss +R1431 Constprop.gss +R1454 Constprop.gso +R1454 Constprop.gso +R1522 Coq.Lists.List.list +R1527 Values.val +R1507 Coq.Lists.List.list +R1512 Constprop.approx +R1588 Coq.Lists.List.nil +R1584 Coq.Lists.List.nil +R1739 Coq.Lists.List "x :: y" list_scope +R1729 Coq.Lists.List "x :: y" list_scope +R1637 Constpropproof.val_match_approx +R1826 Constpropproof.val_list_match_approx +R1870 Registers "a ## b" +R1849 Constprop.approx_regs +R1797 Constpropproof.regs_match_approx +R2008 Constpropproof.val_match_approx +R2026 Constprop.I +R2093 Constpropproof.val_match_approx +R2111 Constprop.F +R2178 Constpropproof.val_match_approx +R2196 Constprop.S +R2460 Constpropproof.val_list_match_approx +R2482 Coq.Lists.List.nil +R2525 Constpropproof.val_list_match_approx +R2551 Coq.Lists.List "x :: y" list_scope +R2812 Coq.Init.Logic "x = y" type_scope +R2789 Op.eval_condition +R2814 Coq.Init.Datatypes.Some +R2775 Coq.Init.Logic "x = y" type_scope +R2745 Constprop.eval_static_condition +R2777 Coq.Init.Datatypes.Some +R2712 Constpropproof.val_list_match_approx +R2888 Constprop.eval_static_condition_match +R2888 Constprop.eval_static_condition_match +R3107 Constpropproof.val_match_approx +R3125 Constprop.eval_static_operation +R3093 Coq.Init.Logic "x = y" type_scope +R3066 Op.eval_operation +R3095 Coq.Init.Datatypes.Some +R3033 Constpropproof.val_list_match_approx +R3223 Constprop.eval_static_operation_match +R3223 Constprop.eval_static_operation_match +R3368 Globalenvs.find_symbol +R3368 Globalenvs.find_symbol +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R3584 Integers.eq +R3594 Integers.zero +R3584 Integers.eq +R3594 Integers.zero +R3716 Integers.eq +R3726 Integers.zero +R3716 Integers.eq +R3726 Integers.zero +R3966 Integers.ltu +R3978 Integers.repr +R3966 Integers.ltu +R3978 Integers.repr +R4104 Integers.ltu +R4116 Integers.repr +R4104 Integers.ltu +R4116 Integers.repr +R4222 Integers.ltu +R4233 Integers.repr +R4222 Integers.ltu +R4233 Integers.repr +R4327 Integers.ltu +R4338 Integers.repr +R4327 Integers.ltu +R4338 Integers.repr +R4452 Integers.ltu +R4464 Integers.repr +R4452 Integers.ltu +R4464 Integers.repr +R4568 Constprop.eval_static_condition +R4568 Constprop.eval_static_condition +R4620 Constpropproof.eval_static_condition_correct +R4620 Constpropproof.eval_static_condition_correct +R4946 Constpropproof.regs_match_approx +R4965 Constprop.transfer +R4917 Constpropproof.regs_match_approx +R4898 Coq.Init.Logic "x = y" type_scope +R4903 RTL.fn_code +R4853 RTL.exec_instr +R5081 Constpropproof.regs_match_approx_update +R5081 Constpropproof.regs_match_approx_update +R5156 Registers "a ## b" +R5116 Constpropproof.eval_static_operation_correct +R5156 Registers "a ## b" +R5116 Constpropproof.eval_static_operation_correct +R5174 Constpropproof.approx_regs_val_list +R5174 Constpropproof.approx_regs_val_list +R5236 Constpropproof.regs_match_approx_update +R5236 Constpropproof.regs_match_approx_update +R5303 Constpropproof.regs_match_approx_update +R5303 Constpropproof.regs_match_approx_update +R5567 Constpropproof.regs_match_approx +R5592 Maps "a !! b" +R5529 Constpropproof.regs_match_approx +R5554 Maps "a !! b" +R5510 Coq.Init.Logic "x = y" type_scope +R5515 RTL.fn_code +R5465 RTL.exec_instr +R5411 Coq.Init.Logic "x = y" type_scope +R5401 Constprop.analyze +R5413 Coq.Init.Datatypes.Some +R5664 Constprop.transfer +R5685 Maps "a !! b" +R5629 Constpropproof.regs_match_approx_increasing +R5664 Constprop.transfer +R5685 Maps "a !! b" +R5629 Constpropproof.regs_match_approx_increasing +R5701 Constprop.fixpoint_solution +R5701 Constprop.fixpoint_solution +R5766 RTL.fn_code_wf +R5766 RTL.fn_code_wf +R5812 RTL.exec_instr_present +R5812 RTL.exec_instr_present +R5899 RTL.successors_correct +R5899 RTL.successors_correct +R5950 Constpropproof.transfer_correct +R5950 Constpropproof.transfer_correct +R6195 Constpropproof.regs_match_approx +R6220 Maps "a !! b" +R6157 Constpropproof.regs_match_approx +R6182 Maps "a !! b" +R6138 Coq.Init.Logic "x = y" type_scope +R6143 RTL.fn_code +R6092 RTL.exec_instrs +R6038 Coq.Init.Logic "x = y" type_scope +R6028 Constprop.analyze +R6040 Coq.Init.Datatypes.Some +R6300 Constpropproof.analyze_correct_1 +R6300 Constpropproof.analyze_correct_1 +R6421 Constpropproof.regs_match_approx +R6446 Maps "a !! b" +R6452 RTL.fn_entrypoint +R6401 Coq.Init.Logic "x = y" type_scope +R6391 Constprop.analyze +R6403 Coq.Init.Datatypes.Some +R6532 Constprop.top +R6498 Constpropproof.regs_match_approx_increasing +R6532 Constprop.top +R6498 Constpropproof.regs_match_approx_increasing +R6548 Constprop.fixpoint_entry +R6548 Constprop.fixpoint_entry +R6641 Constprop.get_top +R6641 Constprop.get_top +R6717 Constprop.t +R6735 Values.val +R6753 RTL.regset +R6779 Constpropproof.regs_match_approx +R6880 Coq.Init.Logic "x = y" type_scope +R6877 Registers "a # b" +R6882 Values.Vint +R6863 Coq.Init.Logic "x = y" type_scope +R6847 Constprop.intval +R6865 Coq.Init.Datatypes.Some +R6940 Constprop.get +R6940 Constprop.get +R7147 Constprop.cond_strength_reduction +R7224 Coq.Init.Logic "x = y" type_scope +R7193 Op.eval_condition +R7216 Registers "a ## b" +R7226 Op.eval_condition +R7248 Registers "a ## b" +R7313 Constprop.cond_strength_reduction_match +R7313 Constprop.cond_strength_reduction_match +R7373 Constprop.intval +R7373 Constprop.intval +R7418 Constpropproof.intval_correct +R7418 Constpropproof.intval_correct +R7456 Registers "a # b" +R7456 Registers "a # b" +R7476 Integers.swap_cmp +R7476 Integers.swap_cmp +R7533 Constprop.intval +R7533 Constprop.intval +R7578 Constpropproof.intval_correct +R7578 Constpropproof.intval_correct +R7626 Constprop.intval +R7626 Constprop.intval +R7671 Constpropproof.intval_correct +R7671 Constpropproof.intval_correct +R7709 Registers "a # b" +R7709 Registers "a # b" +R7729 Integers.swap_cmpu +R7729 Integers.swap_cmpu +R7787 Constprop.intval +R7787 Constprop.intval +R7832 Constpropproof.intval_correct +R7832 Constpropproof.intval_correct +R7947 Constprop.make_addimm +R8065 Coq.Init.Logic "x = y" type_scope +R8032 Op.eval_operation +R8058 Registers "a ## b" +R8067 Coq.Init.Datatypes.Some +R8018 Coq.Init.Logic "x = y" type_scope +R7968 Op.eval_operation +R8000 Coq.Lists.List "x :: y" list_scope +R7997 Registers "a # b" +R8010 Coq.Lists.List "x :: y" list_scope +R8003 Values.Vint +R8013 Coq.Lists.List.nil +R7989 Op.Oadd +R8020 Coq.Init.Datatypes.Some +R8126 Integers.eq_spec +R8140 Integers.zero +R8157 Integers.eq +R8166 Integers.zero +R8126 Integers.eq_spec +R8140 Integers.zero +R8157 Integers.eq +R8166 Integers.zero +R8225 Integers.add_zero +R8225 Integers.add_zero +R8266 Integers.add_zero +R8266 Integers.add_zero +R8380 Constprop.make_shlimm +R8498 Coq.Init.Logic "x = y" type_scope +R8465 Op.eval_operation +R8491 Registers "a ## b" +R8500 Coq.Init.Datatypes.Some +R8451 Coq.Init.Logic "x = y" type_scope +R8401 Op.eval_operation +R8433 Coq.Lists.List "x :: y" list_scope +R8430 Registers "a # b" +R8443 Coq.Lists.List "x :: y" list_scope +R8436 Values.Vint +R8446 Coq.Lists.List.nil +R8422 Op.Oshl +R8453 Coq.Init.Datatypes.Some +R8559 Integers.eq_spec +R8573 Integers.zero +R8590 Integers.eq +R8599 Integers.zero +R8559 Integers.eq_spec +R8573 Integers.zero +R8590 Integers.eq +R8599 Integers.zero +R8658 Integers.shl_zero +R8658 Integers.shl_zero +R8720 Integers.ltu +R8731 Integers.repr +R8720 Integers.ltu +R8731 Integers.repr +R8782 Integers.shl_rolm +R8782 Integers.shl_rolm +R8921 Constprop.make_shrimm +R9039 Coq.Init.Logic "x = y" type_scope +R9006 Op.eval_operation +R9032 Registers "a ## b" +R9041 Coq.Init.Datatypes.Some +R8992 Coq.Init.Logic "x = y" type_scope +R8942 Op.eval_operation +R8974 Coq.Lists.List "x :: y" list_scope +R8971 Registers "a # b" +R8984 Coq.Lists.List "x :: y" list_scope +R8977 Values.Vint +R8987 Coq.Lists.List.nil +R8963 Op.Oshr +R8994 Coq.Init.Datatypes.Some +R9100 Integers.eq_spec +R9114 Integers.zero +R9131 Integers.eq +R9140 Integers.zero +R9100 Integers.eq_spec +R9114 Integers.zero +R9131 Integers.eq +R9140 Integers.zero +R9199 Integers.shr_zero +R9199 Integers.shr_zero +R9314 Constprop.make_shruimm +R9434 Coq.Init.Logic "x = y" type_scope +R9401 Op.eval_operation +R9427 Registers "a ## b" +R9436 Coq.Init.Datatypes.Some +R9387 Coq.Init.Logic "x = y" type_scope +R9336 Op.eval_operation +R9369 Coq.Lists.List "x :: y" list_scope +R9366 Registers "a # b" +R9379 Coq.Lists.List "x :: y" list_scope +R9372 Values.Vint +R9382 Coq.Lists.List.nil +R9357 Op.Oshru +R9389 Coq.Init.Datatypes.Some +R9496 Integers.eq_spec +R9510 Integers.zero +R9527 Integers.eq +R9536 Integers.zero +R9496 Integers.eq_spec +R9510 Integers.zero +R9527 Integers.eq +R9536 Integers.zero +R9595 Integers.shru_zero +R9595 Integers.shru_zero +R9658 Integers.ltu +R9669 Integers.repr +R9658 Integers.ltu +R9669 Integers.repr +R9720 Integers.shru_rolm +R9720 Integers.shru_rolm +R9860 Constprop.make_mulimm +R9978 Coq.Init.Logic "x = y" type_scope +R9945 Op.eval_operation +R9971 Registers "a ## b" +R9980 Coq.Init.Datatypes.Some +R9931 Coq.Init.Logic "x = y" type_scope +R9881 Op.eval_operation +R9913 Coq.Lists.List "x :: y" list_scope +R9910 Registers "a # b" +R9923 Coq.Lists.List "x :: y" list_scope +R9916 Values.Vint +R9926 Coq.Lists.List.nil +R9902 Op.Omul +R9933 Coq.Init.Datatypes.Some +R10039 Integers.eq_spec +R10053 Integers.zero +R10070 Integers.eq +R10079 Integers.zero +R10039 Integers.eq_spec +R10053 Integers.zero +R10070 Integers.eq +R10079 Integers.zero +R10139 Integers.mul_zero +R10139 Integers.mul_zero +R10191 Integers.eq_spec +R10205 Integers.one +R10221 Integers.eq +R10230 Integers.one +R10191 Integers.eq_spec +R10205 Integers.one +R10221 Integers.eq +R10230 Integers.one +R10296 Integers.mul_one +R10296 Integers.mul_one +R10337 Integers.is_power2 +R10337 Integers.is_power2 +R10374 Op.eval_operation +R10408 Coq.Lists.List "x :: y" list_scope +R10404 Registers "a # b" +R10418 Coq.Lists.List "x :: y" list_scope +R10411 Values.Vint +R10421 Coq.Lists.List.nil +R10395 Op.Omul +R10438 Op.eval_operation +R10472 Coq.Lists.List "x :: y" list_scope +R10468 Registers "a # b" +R10482 Coq.Lists.List "x :: y" list_scope +R10475 Values.Vint +R10485 Coq.Lists.List.nil +R10459 Op.Oshl +R10374 Op.eval_operation +R10408 Coq.Lists.List "x :: y" list_scope +R10404 Registers "a # b" +R10418 Coq.Lists.List "x :: y" list_scope +R10411 Values.Vint +R10421 Coq.Lists.List.nil +R10395 Op.Omul +R10438 Op.eval_operation +R10472 Coq.Lists.List "x :: y" list_scope +R10468 Registers "a # b" +R10482 Coq.Lists.List "x :: y" list_scope +R10475 Values.Vint +R10485 Coq.Lists.List.nil +R10459 Op.Oshl +R10500 Constpropproof.make_shlimm_correct +R10500 Constpropproof.make_shlimm_correct +R10543 Integers.is_power2_range +R10543 Integers.is_power2_range +R10583 Coq.ZArith.BinInt.Z_of_nat +R10592 Integers.wordsize +R10583 Coq.ZArith.BinInt.Z_of_nat +R10592 Integers.wordsize +R10643 Registers "a # b" +R10643 Registers "a # b" +R10662 Integers.mul_pow2 +R10662 Integers.mul_pow2 +R10774 Constprop.make_andimm +R10892 Coq.Init.Logic "x = y" type_scope +R10859 Op.eval_operation +R10885 Registers "a ## b" +R10894 Coq.Init.Datatypes.Some +R10845 Coq.Init.Logic "x = y" type_scope +R10795 Op.eval_operation +R10827 Coq.Lists.List "x :: y" list_scope +R10824 Registers "a # b" +R10837 Coq.Lists.List "x :: y" list_scope +R10830 Values.Vint +R10840 Coq.Lists.List.nil +R10816 Op.Oand +R10847 Coq.Init.Datatypes.Some +R10953 Integers.eq_spec +R10967 Integers.zero +R10984 Integers.eq +R10993 Integers.zero +R10953 Integers.eq_spec +R10967 Integers.zero +R10984 Integers.eq +R10993 Integers.zero +R11052 Integers.and_zero +R11052 Integers.and_zero +R11097 Integers.eq_spec +R11111 Integers.mone +R11128 Integers.eq +R11137 Integers.mone +R11097 Integers.eq_spec +R11111 Integers.mone +R11128 Integers.eq +R11137 Integers.mone +R11196 Integers.and_mone +R11196 Integers.and_mone +R11308 Constprop.make_orimm +R11424 Coq.Init.Logic "x = y" type_scope +R11391 Op.eval_operation +R11417 Registers "a ## b" +R11426 Coq.Init.Datatypes.Some +R11377 Coq.Init.Logic "x = y" type_scope +R11328 Op.eval_operation +R11359 Coq.Lists.List "x :: y" list_scope +R11356 Registers "a # b" +R11369 Coq.Lists.List "x :: y" list_scope +R11362 Values.Vint +R11372 Coq.Lists.List.nil +R11349 Op.Oor +R11379 Coq.Init.Datatypes.Some +R11484 Integers.eq_spec +R11498 Integers.zero +R11515 Integers.eq +R11524 Integers.zero +R11484 Integers.eq_spec +R11498 Integers.zero +R11515 Integers.eq +R11524 Integers.zero +R11583 Integers.or_zero +R11583 Integers.or_zero +R11627 Integers.eq_spec +R11641 Integers.mone +R11658 Integers.eq +R11667 Integers.mone +R11627 Integers.eq_spec +R11641 Integers.mone +R11658 Integers.eq +R11667 Integers.mone +R11726 Integers.or_mone +R11726 Integers.or_mone +R11838 Constprop.make_xorimm +R11956 Coq.Init.Logic "x = y" type_scope +R11923 Op.eval_operation +R11949 Registers "a ## b" +R11958 Coq.Init.Datatypes.Some +R11909 Coq.Init.Logic "x = y" type_scope +R11859 Op.eval_operation +R11891 Coq.Lists.List "x :: y" list_scope +R11888 Registers "a # b" +R11901 Coq.Lists.List "x :: y" list_scope +R11894 Values.Vint +R11904 Coq.Lists.List.nil +R11880 Op.Oxor +R11911 Coq.Init.Datatypes.Some +R12017 Integers.eq_spec +R12031 Integers.zero +R12048 Integers.eq +R12057 Integers.zero +R12017 Integers.eq_spec +R12031 Integers.zero +R12048 Integers.eq +R12057 Integers.zero +R12116 Integers.xor_zero +R12116 Integers.xor_zero +R12244 Constprop.op_strength_reduction +R12368 Coq.Init.Logic "x = y" type_scope +R12333 Op.eval_operation +R12360 Registers "a ## b" +R12370 Coq.Init.Datatypes.Some +R12319 Coq.Init.Logic "x = y" type_scope +R12286 Op.eval_operation +R12312 Registers "a ## b" +R12321 Coq.Init.Datatypes.Some +R12433 Constprop.op_strength_reduction_match +R12485 Coq.Lists.List.map +R12433 Constprop.op_strength_reduction_match +R12485 Coq.Lists.List.map +R12485 Coq.Lists.List.map +R12485 Coq.Lists.List.map +R12485 Coq.Lists.List.map +R12485 Coq.Lists.List.map +R12485 Coq.Lists.List.map +R12485 Coq.Lists.List.map +R12485 Coq.Lists.List.map +R12485 Coq.Lists.List.map +R12485 Coq.Lists.List.map +R12485 Coq.Lists.List.map +R12485 Coq.Lists.List.map +R12485 Coq.Lists.List.map +R12518 Constprop.intval +R12518 Constprop.intval +R12556 Constpropproof.intval_correct +R12556 Constpropproof.intval_correct +R12591 Op.eval_operation +R12625 Coq.Lists.List "x :: y" list_scope +R12618 Values.Vint +R12636 Coq.Lists.List "x :: y" list_scope +R12631 Registers "a # b" +R12639 Coq.Lists.List.nil +R12612 Op.Oadd +R12656 Op.eval_operation +R12691 Coq.Lists.List "x :: y" list_scope +R12686 Registers "a # b" +R12701 Coq.Lists.List "x :: y" list_scope +R12694 Values.Vint +R12704 Coq.Lists.List.nil +R12677 Op.Oadd +R12591 Op.eval_operation +R12625 Coq.Lists.List "x :: y" list_scope +R12618 Values.Vint +R12636 Coq.Lists.List "x :: y" list_scope +R12631 Registers "a # b" +R12639 Coq.Lists.List.nil +R12612 Op.Oadd +R12656 Op.eval_operation +R12691 Coq.Lists.List "x :: y" list_scope +R12686 Registers "a # b" +R12701 Coq.Lists.List "x :: y" list_scope +R12694 Values.Vint +R12704 Coq.Lists.List.nil +R12677 Op.Oadd +R12719 Constpropproof.make_addimm_correct +R12719 Constpropproof.make_addimm_correct +R12761 Registers "a # b" +R12761 Registers "a # b" +R12780 Integers.add_commut +R12780 Integers.add_commut +R12812 Constprop.intval +R12812 Constprop.intval +R12850 Constpropproof.intval_correct +R12850 Constpropproof.intval_correct +R12880 Constpropproof.make_addimm_correct +R12880 Constpropproof.make_addimm_correct +R12938 Constprop.intval +R12938 Constprop.intval +R12976 Constpropproof.intval_correct +R12976 Constpropproof.intval_correct +R13028 Constprop.intval +R13028 Constprop.intval +R13066 Constpropproof.intval_correct +R13066 Constpropproof.intval_correct +R13102 Op.eval_operation +R13137 Coq.Lists.List "x :: y" list_scope +R13132 Registers "a # b" +R13147 Coq.Lists.List "x :: y" list_scope +R13140 Values.Vint +R13150 Coq.Lists.List.nil +R13123 Op.Osub +R13167 Op.eval_operation +R13202 Coq.Lists.List "x :: y" list_scope +R13197 Registers "a # b" +R13222 Coq.Lists.List "x :: y" list_scope +R13205 Values.Vint +R13211 Integers.neg +R13225 Coq.Lists.List.nil +R13188 Op.Oadd +R13102 Op.eval_operation +R13137 Coq.Lists.List "x :: y" list_scope +R13132 Registers "a # b" +R13147 Coq.Lists.List "x :: y" list_scope +R13140 Values.Vint +R13150 Coq.Lists.List.nil +R13123 Op.Osub +R13167 Op.eval_operation +R13202 Coq.Lists.List "x :: y" list_scope +R13197 Registers "a # b" +R13222 Coq.Lists.List "x :: y" list_scope +R13205 Values.Vint +R13211 Integers.neg +R13225 Coq.Lists.List.nil +R13188 Op.Oadd +R13240 Constpropproof.make_addimm_correct +R13240 Constpropproof.make_addimm_correct +R13281 Registers "a # b" +R13300 Integers.sub_add_opp +R13281 Registers "a # b" +R13300 Integers.sub_add_opp +R13300 Integers.sub_add_opp +R13361 Constprop.intval +R13361 Constprop.intval +R13399 Constpropproof.intval_correct +R13399 Constpropproof.intval_correct +R13434 Op.eval_operation +R13468 Coq.Lists.List "x :: y" list_scope +R13461 Values.Vint +R13479 Coq.Lists.List "x :: y" list_scope +R13474 Registers "a # b" +R13482 Coq.Lists.List.nil +R13455 Op.Omul +R13499 Op.eval_operation +R13534 Coq.Lists.List "x :: y" list_scope +R13529 Registers "a # b" +R13544 Coq.Lists.List "x :: y" list_scope +R13537 Values.Vint +R13547 Coq.Lists.List.nil +R13520 Op.Omul +R13434 Op.eval_operation +R13468 Coq.Lists.List "x :: y" list_scope +R13461 Values.Vint +R13479 Coq.Lists.List "x :: y" list_scope +R13474 Registers "a # b" +R13482 Coq.Lists.List.nil +R13455 Op.Omul +R13499 Op.eval_operation +R13534 Coq.Lists.List "x :: y" list_scope +R13529 Registers "a # b" +R13544 Coq.Lists.List "x :: y" list_scope +R13537 Values.Vint +R13547 Coq.Lists.List.nil +R13520 Op.Omul +R13562 Constpropproof.make_mulimm_correct +R13562 Constpropproof.make_mulimm_correct +R13604 Registers "a # b" +R13604 Registers "a # b" +R13623 Integers.mul_commut +R13623 Integers.mul_commut +R13655 Constprop.intval +R13655 Constprop.intval +R13693 Constpropproof.intval_correct +R13693 Constpropproof.intval_correct +R13723 Constpropproof.make_mulimm_correct +R13723 Constpropproof.make_mulimm_correct +R13781 Constprop.intval +R13781 Constprop.intval +R13818 Integers.is_power2 +R13818 Integers.is_power2 +R13855 Constpropproof.intval_correct +R13855 Constpropproof.intval_correct +R13920 Integers.eq +R13929 Integers.zero +R13920 Integers.eq +R13929 Integers.zero +R13970 Coq.ZArith.BinInt.Z_of_nat +R13979 Integers.wordsize +R13970 Coq.ZArith.BinInt.Z_of_nat +R13979 Integers.wordsize +R14002 Integers.is_power2_range +R14002 Integers.is_power2_range +R14043 Integers.divs_pow2 +R14043 Integers.divs_pow2 +R14133 Constprop.intval +R14133 Constprop.intval +R14170 Integers.is_power2 +R14170 Integers.is_power2 +R14207 Constpropproof.intval_correct +R14207 Constpropproof.intval_correct +R14241 Op.eval_operation +R14277 Coq.Lists.List "x :: y" list_scope +R14272 Registers "a # b" +R14287 Coq.Lists.List "x :: y" list_scope +R14280 Values.Vint +R14290 Coq.Lists.List.nil +R14262 Op.Odivu +R14307 Op.eval_operation +R14343 Coq.Lists.List "x :: y" list_scope +R14338 Registers "a # b" +R14354 Coq.Lists.List "x :: y" list_scope +R14346 Values.Vint +R14357 Coq.Lists.List.nil +R14328 Op.Oshru +R14241 Op.eval_operation +R14277 Coq.Lists.List "x :: y" list_scope +R14272 Registers "a # b" +R14287 Coq.Lists.List "x :: y" list_scope +R14280 Values.Vint +R14290 Coq.Lists.List.nil +R14262 Op.Odivu +R14307 Op.eval_operation +R14343 Coq.Lists.List "x :: y" list_scope +R14338 Registers "a # b" +R14354 Coq.Lists.List "x :: y" list_scope +R14346 Values.Vint +R14357 Coq.Lists.List.nil +R14328 Op.Oshru +R14372 Constpropproof.make_shruimm_correct +R14372 Constpropproof.make_shruimm_correct +R14415 Registers "a # b" +R14415 Registers "a # b" +R14445 Coq.ZArith.BinInt.Z_of_nat +R14454 Integers.wordsize +R14445 Coq.ZArith.BinInt.Z_of_nat +R14454 Integers.wordsize +R14477 Integers.is_power2_range +R14477 Integers.is_power2_range +R14521 Integers.eq_spec +R14535 Integers.zero +R14552 Integers.eq +R14561 Integers.zero +R14521 Integers.eq_spec +R14535 Integers.zero +R14552 Integers.eq +R14561 Integers.zero +R14617 Integers.divu_pow2 +R14617 Integers.divu_pow2 +R14700 Constprop.intval +R14700 Constprop.intval +R14738 Constpropproof.intval_correct +R14738 Constpropproof.intval_correct +R14773 Op.eval_operation +R14807 Coq.Lists.List "x :: y" list_scope +R14800 Values.Vint +R14818 Coq.Lists.List "x :: y" list_scope +R14813 Registers "a # b" +R14821 Coq.Lists.List.nil +R14794 Op.Oand +R14838 Op.eval_operation +R14873 Coq.Lists.List "x :: y" list_scope +R14868 Registers "a # b" +R14883 Coq.Lists.List "x :: y" list_scope +R14876 Values.Vint +R14886 Coq.Lists.List.nil +R14859 Op.Oand +R14773 Op.eval_operation +R14807 Coq.Lists.List "x :: y" list_scope +R14800 Values.Vint +R14818 Coq.Lists.List "x :: y" list_scope +R14813 Registers "a # b" +R14821 Coq.Lists.List.nil +R14794 Op.Oand +R14838 Op.eval_operation +R14873 Coq.Lists.List "x :: y" list_scope +R14868 Registers "a # b" +R14883 Coq.Lists.List "x :: y" list_scope +R14876 Values.Vint +R14886 Coq.Lists.List.nil +R14859 Op.Oand +R14901 Constpropproof.make_andimm_correct +R14901 Constpropproof.make_andimm_correct +R14943 Registers "a # b" +R14943 Registers "a # b" +R14962 Integers.and_commut +R14962 Integers.and_commut +R14994 Constprop.intval +R14994 Constprop.intval +R15032 Constpropproof.intval_correct +R15032 Constpropproof.intval_correct +R15062 Constpropproof.make_andimm_correct +R15062 Constpropproof.make_andimm_correct +R15119 Constprop.intval +R15119 Constprop.intval +R15157 Constpropproof.intval_correct +R15157 Constpropproof.intval_correct +R15192 Op.eval_operation +R15225 Coq.Lists.List "x :: y" list_scope +R15218 Values.Vint +R15236 Coq.Lists.List "x :: y" list_scope +R15231 Registers "a # b" +R15239 Coq.Lists.List.nil +R15213 Op.Oor +R15256 Op.eval_operation +R15290 Coq.Lists.List "x :: y" list_scope +R15285 Registers "a # b" +R15300 Coq.Lists.List "x :: y" list_scope +R15293 Values.Vint +R15303 Coq.Lists.List.nil +R15277 Op.Oor +R15192 Op.eval_operation +R15225 Coq.Lists.List "x :: y" list_scope +R15218 Values.Vint +R15236 Coq.Lists.List "x :: y" list_scope +R15231 Registers "a # b" +R15239 Coq.Lists.List.nil +R15213 Op.Oor +R15256 Op.eval_operation +R15290 Coq.Lists.List "x :: y" list_scope +R15285 Registers "a # b" +R15300 Coq.Lists.List "x :: y" list_scope +R15293 Values.Vint +R15303 Coq.Lists.List.nil +R15277 Op.Oor +R15318 Constpropproof.make_orimm_correct +R15318 Constpropproof.make_orimm_correct +R15359 Registers "a # b" +R15359 Registers "a # b" +R15378 Integers.or_commut +R15378 Integers.or_commut +R15409 Constprop.intval +R15409 Constprop.intval +R15447 Constpropproof.intval_correct +R15447 Constpropproof.intval_correct +R15477 Constpropproof.make_orimm_correct +R15477 Constpropproof.make_orimm_correct +R15534 Constprop.intval +R15534 Constprop.intval +R15572 Constpropproof.intval_correct +R15572 Constpropproof.intval_correct +R15607 Op.eval_operation +R15641 Coq.Lists.List "x :: y" list_scope +R15634 Values.Vint +R15652 Coq.Lists.List "x :: y" list_scope +R15647 Registers "a # b" +R15655 Coq.Lists.List.nil +R15628 Op.Oxor +R15672 Op.eval_operation +R15707 Coq.Lists.List "x :: y" list_scope +R15702 Registers "a # b" +R15717 Coq.Lists.List "x :: y" list_scope +R15710 Values.Vint +R15720 Coq.Lists.List.nil +R15693 Op.Oxor +R15607 Op.eval_operation +R15641 Coq.Lists.List "x :: y" list_scope +R15634 Values.Vint +R15652 Coq.Lists.List "x :: y" list_scope +R15647 Registers "a # b" +R15655 Coq.Lists.List.nil +R15628 Op.Oxor +R15672 Op.eval_operation +R15707 Coq.Lists.List "x :: y" list_scope +R15702 Registers "a # b" +R15717 Coq.Lists.List "x :: y" list_scope +R15710 Values.Vint +R15720 Coq.Lists.List.nil +R15693 Op.Oxor +R15735 Constpropproof.make_xorimm_correct +R15735 Constpropproof.make_xorimm_correct +R15777 Registers "a # b" +R15777 Registers "a # b" +R15796 Integers.xor_commut +R15796 Integers.xor_commut +R15828 Constprop.intval +R15828 Constprop.intval +R15866 Constpropproof.intval_correct +R15866 Constpropproof.intval_correct +R15896 Constpropproof.make_xorimm_correct +R15896 Constpropproof.make_xorimm_correct +R15954 Constprop.intval +R15954 Constprop.intval +R15991 Integers.ltu +R16002 Integers.repr +R15991 Integers.ltu +R16002 Integers.repr +R16036 Constpropproof.intval_correct +R16036 Constpropproof.intval_correct +R16065 Constpropproof.make_shlimm_correct +R16065 Constpropproof.make_shlimm_correct +R16137 Constprop.intval +R16137 Constprop.intval +R16174 Integers.ltu +R16185 Integers.repr +R16174 Integers.ltu +R16185 Integers.repr +R16219 Constpropproof.intval_correct +R16219 Constpropproof.intval_correct +R16248 Constpropproof.make_shrimm_correct +R16248 Constpropproof.make_shrimm_correct +R16321 Constprop.intval +R16321 Constprop.intval +R16358 Integers.ltu +R16369 Integers.repr +R16358 Integers.ltu +R16369 Integers.repr +R16403 Constpropproof.intval_correct +R16403 Constpropproof.intval_correct +R16432 Constpropproof.make_shruimm_correct +R16432 Constpropproof.make_shruimm_correct +R16509 Constpropproof.cond_strength_reduction_correct +R16509 Constpropproof.cond_strength_reduction_correct +R16560 Constprop.cond_strength_reduction +R16560 Constprop.cond_strength_reduction +R16717 Constpropproof.regs_match_approx +R16774 Coq.Init.Logic "x = y" type_scope +R16757 Constprop.get +R16962 Constprop.addr_strength_reduction +R17046 Coq.Init.Logic "x = y" type_scope +R17008 Op.eval_addressing +R17038 Registers "a ## b" +R17048 Op.eval_addressing +R17077 Registers "a ## b" +R17216 Coq.Init.Logic "x = y" type_scope +R17158 Op.eval_addressing +R17194 Registers "a ## b" +R17201 Coq.Lists.List "x :: y" list_scope +R17207 Coq.Lists.List "x :: y" list_scope +R17210 Coq.Lists.List.nil +R17180 Op.Aindexed2 +R17222 Op.eval_addressing +R17258 Registers "a ## b" +R17265 Coq.Lists.List "x :: y" list_scope +R17271 Coq.Lists.List "x :: y" list_scope +R17274 Coq.Lists.List.nil +R17244 Op.Aindexed2 +R17216 Coq.Init.Logic "x = y" type_scope +R17158 Op.eval_addressing +R17194 Registers "a ## b" +R17201 Coq.Lists.List "x :: y" list_scope +R17207 Coq.Lists.List "x :: y" list_scope +R17210 Coq.Lists.List.nil +R17180 Op.Aindexed2 +R17222 Op.eval_addressing +R17258 Registers "a ## b" +R17265 Coq.Lists.List "x :: y" list_scope +R17271 Coq.Lists.List "x :: y" list_scope +R17274 Coq.Lists.List.nil +R17244 Op.Aindexed2 +R17311 Registers "a # b" +R17329 Registers "a # b" +R17351 Integers.add_commut +R17311 Registers "a # b" +R17329 Registers "a # b" +R17329 Registers "a # b" +R17329 Registers "a # b" +R17329 Registers "a # b" +R17351 Integers.add_commut +R17351 Integers.add_commut +R17500 Coq.Init.Logic "x = y" type_scope +R17445 Op.eval_addressing +R17484 Registers "a ## b" +R17491 Coq.Lists.List "x :: y" list_scope +R17494 Coq.Lists.List.nil +R17468 Op.Aindexed +R17506 Op.eval_addressing +R17542 Registers "a ## b" +R17549 Coq.Lists.List "x :: y" list_scope +R17555 Coq.Lists.List "x :: y" list_scope +R17558 Coq.Lists.List.nil +R17528 Op.Aindexed2 +R17408 Constpropproof.val_match_approx +R17433 Registers "a # b" +R17426 Constprop.I +R17500 Coq.Init.Logic "x = y" type_scope +R17445 Op.eval_addressing +R17484 Registers "a ## b" +R17491 Coq.Lists.List "x :: y" list_scope +R17494 Coq.Lists.List.nil +R17468 Op.Aindexed +R17506 Op.eval_addressing +R17542 Registers "a ## b" +R17549 Coq.Lists.List "x :: y" list_scope +R17555 Coq.Lists.List "x :: y" list_scope +R17558 Coq.Lists.List.nil +R17528 Op.Aindexed2 +R17408 Constpropproof.val_match_approx +R17433 Registers "a # b" +R17426 Constprop.I +R17732 Coq.Init.Logic "x = y" type_scope +R17677 Op.eval_addressing +R17716 Registers "a ## b" +R17723 Coq.Lists.List "x :: y" list_scope +R17726 Coq.Lists.List.nil +R17700 Op.Aindexed +R17738 Op.eval_addressing +R17774 Registers "a ## b" +R17781 Coq.Lists.List "x :: y" list_scope +R17787 Coq.Lists.List "x :: y" list_scope +R17790 Coq.Lists.List.nil +R17760 Op.Aindexed2 +R17640 Constpropproof.val_match_approx +R17665 Registers "a # b" +R17658 Constprop.I +R17732 Coq.Init.Logic "x = y" type_scope +R17677 Op.eval_addressing +R17716 Registers "a ## b" +R17723 Coq.Lists.List "x :: y" list_scope +R17726 Coq.Lists.List.nil +R17700 Op.Aindexed +R17738 Op.eval_addressing +R17774 Registers "a ## b" +R17781 Coq.Lists.List "x :: y" list_scope +R17787 Coq.Lists.List "x :: y" list_scope +R17790 Coq.Lists.List.nil +R17760 Op.Aindexed2 +R17640 Constpropproof.val_match_approx +R17665 Registers "a # b" +R17658 Constprop.I +R17975 Coq.Init.Logic "x = y" type_scope +R17917 Op.eval_addressing +R17959 Registers "a ## b" +R17966 Coq.Lists.List "x :: y" list_scope +R17969 Coq.Lists.List.nil +R17940 Op.Abased +R17981 Op.eval_addressing +R18017 Registers "a ## b" +R18024 Coq.Lists.List "x :: y" list_scope +R18030 Coq.Lists.List "x :: y" list_scope +R18033 Coq.Lists.List.nil +R18003 Op.Aindexed2 +R17876 Constpropproof.val_match_approx +R17906 Registers "a # b" +R17894 Constprop.S +R17975 Coq.Init.Logic "x = y" type_scope +R17917 Op.eval_addressing +R17959 Registers "a ## b" +R17966 Coq.Lists.List "x :: y" list_scope +R17969 Coq.Lists.List.nil +R17940 Op.Abased +R17981 Op.eval_addressing +R18017 Registers "a ## b" +R18024 Coq.Lists.List "x :: y" list_scope +R18030 Coq.Lists.List "x :: y" list_scope +R18033 Coq.Lists.List.nil +R18003 Op.Aindexed2 +R17876 Constpropproof.val_match_approx +R17906 Registers "a # b" +R17894 Constprop.S +R18249 Coq.Init.Logic "x = y" type_scope +R18191 Op.eval_addressing +R18233 Registers "a ## b" +R18240 Coq.Lists.List "x :: y" list_scope +R18243 Coq.Lists.List.nil +R18214 Op.Abased +R18255 Op.eval_addressing +R18291 Registers "a ## b" +R18298 Coq.Lists.List "x :: y" list_scope +R18304 Coq.Lists.List "x :: y" list_scope +R18307 Coq.Lists.List.nil +R18277 Op.Aindexed2 +R18150 Constpropproof.val_match_approx +R18180 Registers "a # b" +R18168 Constprop.S +R18249 Coq.Init.Logic "x = y" type_scope +R18191 Op.eval_addressing +R18233 Registers "a ## b" +R18240 Coq.Lists.List "x :: y" list_scope +R18243 Coq.Lists.List.nil +R18214 Op.Abased +R18255 Op.eval_addressing +R18291 Registers "a ## b" +R18298 Coq.Lists.List "x :: y" list_scope +R18304 Coq.Lists.List "x :: y" list_scope +R18307 Coq.Lists.List.nil +R18277 Op.Aindexed2 +R18150 Constpropproof.val_match_approx +R18180 Registers "a # b" +R18168 Constprop.S +R18527 Coq.Init.Logic "x = y" type_scope +R18472 Op.eval_addressing +R18523 Coq.Lists.List.nil +R18495 Op.Aglobal +R18507 Integers.add +R18533 Op.eval_addressing +R18569 Registers "a ## b" +R18576 Coq.Lists.List "x :: y" list_scope +R18582 Coq.Lists.List "x :: y" list_scope +R18585 Coq.Lists.List.nil +R18555 Op.Aindexed2 +R18436 Constpropproof.val_match_approx +R18461 Registers "a # b" +R18454 Constprop.I +R18395 Constpropproof.val_match_approx +R18425 Registers "a # b" +R18413 Constprop.S +R18527 Coq.Init.Logic "x = y" type_scope +R18472 Op.eval_addressing +R18523 Coq.Lists.List.nil +R18495 Op.Aglobal +R18507 Integers.add +R18533 Op.eval_addressing +R18569 Registers "a ## b" +R18576 Coq.Lists.List "x :: y" list_scope +R18582 Coq.Lists.List "x :: y" list_scope +R18585 Coq.Lists.List.nil +R18555 Op.Aindexed2 +R18436 Constpropproof.val_match_approx +R18461 Registers "a # b" +R18454 Constprop.I +R18395 Constpropproof.val_match_approx +R18425 Registers "a # b" +R18413 Constprop.S +R18733 Constprop.addr_strength_reduction_match +R18733 Constprop.addr_strength_reduction_match +R18812 Constprop.get +R18848 Constprop.get +R18812 Constprop.get +R18848 Constprop.get +R18848 Constprop.get +R18848 Constprop.get +R18848 Constprop.get +R18848 Constprop.get +R18934 Integers.add_commut +R18934 Integers.add_commut +R18992 Constprop.intval +R18992 Constprop.intval +R19037 Constpropproof.intval_correct +R19037 Constpropproof.intval_correct +R19102 Constprop.get +R19102 Constprop.get +R19328 RTL.program +R19350 Constprop.transf_program +R19381 Globalenvs.globalenv +R19413 Globalenvs.globalenv +R19505 Coq.Init.Logic "x = y" type_scope +R19482 Globalenvs.find_symbol +R19507 Globalenvs.find_symbol +R19474 AST.ident +R19537 Globalenvs.find_symbol_transf +R19561 Constprop.transf_function +R19709 Coq.Init.Logic "x = y" type_scope +R19687 Globalenvs.find_funct +R19711 Coq.Init.Datatypes.Some +R19717 Constprop.transf_function +R19673 Coq.Init.Logic "x = y" type_scope +R19652 Globalenvs.find_funct +R19675 Coq.Init.Datatypes.Some +R19635 RTL.function +R19626 Values.val +R19745 Globalenvs.find_funct_transf +R19772 Constprop.transf_function +R19933 Coq.Init.Logic "x = y" type_scope +R19907 Globalenvs.find_funct_ptr +R19935 Coq.Init.Datatypes.Some +R19941 Constprop.transf_function +R19893 Coq.Init.Logic "x = y" type_scope +R19868 Globalenvs.find_funct_ptr +R19895 Coq.Init.Datatypes.Some +R19851 RTL.function +R19840 Values.block +R19969 Globalenvs.find_funct_ptr_transf +R20000 Constprop.transf_function +R20272 Coq.Init.Logic "A /\ B" type_scope +R20233 RTL.exec_instr +R20427 RTL.exec_instr +R20443 Constprop.transf_code +R20387 Constpropproof.regs_match_approx +R20415 Maps "a !! b" +R20354 Coq.Init.Logic "x = y" type_scope +R20344 Constprop.analyze +R20356 Coq.Init.Datatypes.Some +R20310 Coq.Init.Logic "x = y" type_scope +R20315 RTL.fn_code +R20216 Mem.mem +R20203 RTL.regset +R20191 RTL.node +R20172 Mem.mem +R20160 RTL.regset +R20149 RTL.node +R20131 Values.val +R20120 RTL.code +R20683 Coq.Init.Logic "A /\ B" type_scope +R20643 RTL.exec_instrs +R20838 RTL.exec_instrs +R20855 Constprop.transf_code +R20798 Constpropproof.regs_match_approx +R20826 Maps "a !! b" +R20765 Coq.Init.Logic "x = y" type_scope +R20755 Constprop.analyze +R20767 Coq.Init.Datatypes.Some +R20721 Coq.Init.Logic "x = y" type_scope +R20726 RTL.fn_code +R20626 Mem.mem +R20613 RTL.regset +R20601 RTL.node +R20582 Mem.mem +R20570 RTL.regset +R20559 RTL.node +R20541 Values.val +R20530 RTL.code +R21025 RTL.exec_function +R21044 Constprop.transf_function +R21008 Mem.mem +R20998 Values.val +R20979 Mem.mem +R20965 Coq.Lists.List.list +R20970 Values.val +R20944 RTL.function +R21143 Coq.Init.Logic "x = y" type_scope +R21126 Maps.get +R21145 Coq.Init.Datatypes.Some +R21179 Coq.Init.Logic "x = y" type_scope +R21168 Constprop.analyze +R21181 Coq.Init.Datatypes.Some +R21242 Coq.Init.Logic "x = y" type_scope +R21237 Maps "a ! b" +R21216 Constprop.transf_code +R21244 Coq.Init.Datatypes.Some +R21249 Constprop.transf_instr +R21269 Maps "a !! b" +R21333 Maps.gmap +R21501 Constpropproof.exec_function_prop +R21463 RTL.exec_function +R21553 RTL.exec_function_ind_3 +R21619 Constpropproof.exec_function_prop +R21602 Constpropproof.exec_instrs_prop +R21586 Constpropproof.exec_instr_prop +R21553 RTL.exec_function_ind_3 +R21619 Constpropproof.exec_function_prop +R21602 Constpropproof.exec_instrs_prop +R21586 Constpropproof.exec_instr_prop +R21715 RTL.exec_Inop +R21715 RTL.exec_Inop +R21748 RTL.exec_Inop +R21748 RTL.exec_Inop +R21824 RTL.exec_Iop +R21824 RTL.exec_Iop +R21865 Op.eval_operation_preserved +R21890 Constpropproof.symbols_preserved +R21865 Op.eval_operation_preserved +R21890 Constpropproof.symbols_preserved +R21926 Constprop.op_strength_reduction +R21955 Maps "a !! b" +R21926 Constprop.op_strength_reduction +R21955 Maps "a !! b" +R22040 Coq.Init.Logic "x = y" type_scope +R22004 Op.eval_operation +R22032 Registers "a ## b" +R22042 Coq.Init.Datatypes.Some +R22040 Coq.Init.Logic "x = y" type_scope +R22004 Op.eval_operation +R22032 Registers "a ## b" +R22042 Coq.Init.Datatypes.Some +R22064 Op.eval_operation_preserved +R22089 Constpropproof.symbols_preserved +R22064 Op.eval_operation_preserved +R22089 Constpropproof.symbols_preserved +R22126 Constpropproof.op_strength_reduction_correct +R22166 Maps "a !! b" +R22126 Constpropproof.op_strength_reduction_correct +R22166 Maps "a !! b" +R22257 Constpropproof.eval_static_operation_correct +R22369 Constpropproof.approx_regs_val_list +R22344 Registers "a ## b" +R22312 Constprop.approx_regs +R22336 Maps "a !! b" +R22257 Constpropproof.eval_static_operation_correct +R22369 Constpropproof.approx_regs_val_list +R22344 Registers "a ## b" +R22312 Constprop.approx_regs +R22336 Maps "a !! b" +R22421 Constprop.eval_static_operation +R22447 Constprop.approx_regs +R22471 Maps "a !! b" +R22511 RTL.exec_Iop +R22421 Constprop.eval_static_operation +R22447 Constprop.approx_regs +R22471 Maps "a !! b" +R22511 RTL.exec_Iop +R22511 RTL.exec_Iop +R22511 RTL.exec_Iop +R22511 RTL.exec_Iop +R22511 RTL.exec_Iop +R22624 Constpropproof.symbols_preserved +R22624 Constpropproof.symbols_preserved +R22736 RTL.exec_Iload +R22736 RTL.exec_Iload +R22767 Op.eval_addressing_preserved +R22793 Constpropproof.symbols_preserved +R22767 Op.eval_addressing_preserved +R22793 Constpropproof.symbols_preserved +R22829 Constprop.addr_strength_reduction +R22860 Maps "a !! b" +R22829 Constprop.addr_strength_reduction +R22860 Maps "a !! b" +R22952 Coq.Init.Logic "x = y" type_scope +R22913 Op.eval_addressing +R22944 Registers "a ## b" +R22954 Coq.Init.Datatypes.Some +R22952 Coq.Init.Logic "x = y" type_scope +R22913 Op.eval_addressing +R22944 Registers "a ## b" +R22954 Coq.Init.Datatypes.Some +R22976 Op.eval_addressing_preserved +R23002 Constpropproof.symbols_preserved +R22976 Op.eval_addressing_preserved +R23002 Constpropproof.symbols_preserved +R23039 Constpropproof.addr_strength_reduction_correct +R23081 Maps "a !! b" +R23039 Constpropproof.addr_strength_reduction_correct +R23081 Maps "a !! b" +R23181 RTL.exec_Iload +R23181 RTL.exec_Iload +R23264 RTL.exec_Istore +R23264 RTL.exec_Istore +R23295 Op.eval_addressing_preserved +R23321 Constpropproof.symbols_preserved +R23295 Op.eval_addressing_preserved +R23321 Constpropproof.symbols_preserved +R23357 Constprop.addr_strength_reduction +R23388 Maps "a !! b" +R23357 Constprop.addr_strength_reduction +R23388 Maps "a !! b" +R23480 Coq.Init.Logic "x = y" type_scope +R23441 Op.eval_addressing +R23472 Registers "a ## b" +R23482 Coq.Init.Datatypes.Some +R23480 Coq.Init.Logic "x = y" type_scope +R23441 Op.eval_addressing +R23472 Registers "a ## b" +R23482 Coq.Init.Datatypes.Some +R23504 Op.eval_addressing_preserved +R23530 Constpropproof.symbols_preserved +R23504 Op.eval_addressing_preserved +R23530 Constpropproof.symbols_preserved +R23567 Constpropproof.addr_strength_reduction_correct +R23609 Maps "a !! b" +R23567 Constpropproof.addr_strength_reduction_correct +R23609 Maps "a !! b" +R23708 RTL.exec_Istore +R23708 RTL.exec_Istore +R23778 Coq.Init.Logic "x = y" type_scope +R23753 RTL.find_function +R23780 Coq.Init.Datatypes.Some +R23786 Constprop.transf_function +R23778 Coq.Init.Logic "x = y" type_scope +R23753 RTL.find_function +R23780 Coq.Init.Datatypes.Some +R23786 Constprop.transf_function +R23868 Constpropproof.functions_translated +R23868 Constpropproof.functions_translated +R23901 Constpropproof.symbols_preserved +R23901 Constpropproof.symbols_preserved +R23930 Globalenvs.find_symbol +R23930 Globalenvs.find_symbol +R23962 Constpropproof.function_ptr_translated +R23962 Constpropproof.function_ptr_translated +R24013 Coq.Init.Logic "x = y" type_scope +R24015 RTL.fn_sig +R24023 Constprop.transf_function +R24013 Coq.Init.Logic "x = y" type_scope +R24015 RTL.fn_sig +R24023 Constprop.transf_function +R24092 Constprop.analyze +R24092 Constprop.analyze +R24165 RTL.exec_Icall +R24165 RTL.exec_Icall +R24226 Coq.Init.Datatypes.inl +R24250 Constprop.get +R24266 Maps "a !! b" +R24288 Constprop.Novalue +R24314 Constprop.Unknown +R24340 Constprop.I +R24362 Constprop.F +R24384 Constprop.S +R24401 Integers.eq +R24412 Integers.zero +R24426 Coq.Init.Datatypes.inr +R24430 Registers.reg +R24468 Coq.Init.Datatypes.inr +R24226 Coq.Init.Datatypes.inl +R24250 Constprop.get +R24266 Maps "a !! b" +R24288 Constprop.Novalue +R24314 Constprop.Unknown +R24340 Constprop.I +R24362 Constprop.F +R24384 Constprop.S +R24401 Integers.eq +R24412 Integers.zero +R24426 Coq.Init.Datatypes.inr +R24430 Registers.reg +R24468 Coq.Init.Datatypes.inr +R24509 RTL.exec_Icall +R24509 RTL.exec_Icall +R24574 Constprop.get +R24589 Maps "a !! b" +R24574 Constprop.get +R24589 Maps "a !! b" +R24624 Integers.eq_spec +R24639 Integers.zero +R24656 Integers.eq +R24666 Integers.zero +R24624 Integers.eq_spec +R24639 Integers.zero +R24656 Integers.eq +R24666 Integers.zero +R24758 Constpropproof.symbols_preserved +R24758 Constpropproof.symbols_preserved +R24850 Globalenvs.find_funct_find_funct_ptr +R24850 Globalenvs.find_funct_find_funct_ptr +R24957 RTL.exec_Icond_true +R24957 RTL.exec_Icond_true +R24991 Constprop.cond_strength_reduction +R25022 Maps "a !! b" +R24991 Constprop.cond_strength_reduction +R25022 Maps "a !! b" +R25106 Coq.Init.Logic "x = y" type_scope +R25075 Op.eval_condition +R25098 Registers "a ## b" +R25108 Coq.Init.Datatypes.Some +R25113 Coq.Init.Datatypes.true +R25106 Coq.Init.Logic "x = y" type_scope +R25075 Op.eval_condition +R25098 Registers "a ## b" +R25108 Coq.Init.Datatypes.Some +R25113 Coq.Init.Datatypes.true +R25136 Constpropproof.cond_strength_reduction_correct +R25196 Maps "a !! b" +R25136 Constpropproof.cond_strength_reduction_correct +R25196 Maps "a !! b" +R25269 Constprop.eval_static_condition +R25297 Constprop.approx_regs +R25321 Maps "a !! b" +R25269 Constprop.eval_static_condition +R25297 Constprop.approx_regs +R25321 Maps "a !! b" +R25360 Constpropproof.eval_static_condition_correct +R25420 Constpropproof.approx_regs_val_list +R25360 Constpropproof.eval_static_condition_correct +R25420 Constpropproof.approx_regs_val_list +R25489 Coq.Init.Datatypes.true +R25489 Coq.Init.Datatypes.true +R25509 RTL.exec_Inop +R25509 RTL.exec_Inop +R25556 RTL.exec_Icond_true +R25556 RTL.exec_Icond_true +R25651 RTL.exec_Icond_false +R25651 RTL.exec_Icond_false +R25686 Constprop.cond_strength_reduction +R25717 Maps "a !! b" +R25686 Constprop.cond_strength_reduction +R25717 Maps "a !! b" +R25801 Coq.Init.Logic "x = y" type_scope +R25770 Op.eval_condition +R25793 Registers "a ## b" +R25803 Coq.Init.Datatypes.Some +R25808 Coq.Init.Datatypes.false +R25801 Coq.Init.Logic "x = y" type_scope +R25770 Op.eval_condition +R25793 Registers "a ## b" +R25803 Coq.Init.Datatypes.Some +R25808 Coq.Init.Datatypes.false +R25832 Constpropproof.cond_strength_reduction_correct +R25892 Maps "a !! b" +R25832 Constpropproof.cond_strength_reduction_correct +R25892 Maps "a !! b" +R25965 Constprop.eval_static_condition +R25993 Constprop.approx_regs +R26017 Maps "a !! b" +R25965 Constprop.eval_static_condition +R25993 Constprop.approx_regs +R26017 Maps "a !! b" +R26056 Constpropproof.eval_static_condition_correct +R26116 Constpropproof.approx_regs_val_list +R26056 Constpropproof.eval_static_condition_correct +R26116 Constpropproof.approx_regs_val_list +R26185 Coq.Init.Datatypes.false +R26185 Coq.Init.Datatypes.false +R26206 RTL.exec_Inop +R26206 RTL.exec_Inop +R26253 RTL.exec_Icond_false +R26253 RTL.exec_Icond_false +R26308 RTL.exec_refl +R26308 RTL.exec_refl +R26333 RTL.exec_refl +R26333 RTL.exec_refl +R26390 RTL.exec_one +R26390 RTL.exec_one +R26422 RTL.exec_one +R26422 RTL.exec_one +R26517 RTL.exec_trans +R26517 RTL.exec_trans +R26567 RTL.exec_trans +R26567 RTL.exec_trans +R26642 Constpropproof.analyze_correct_2 +R26642 Constpropproof.analyze_correct_2 +R26741 Constprop.analyze +R26741 Constprop.analyze +R26785 RTL.exec_funct +R26785 RTL.exec_funct +R26853 Constpropproof.analyze_correct_3 +R26853 Constpropproof.analyze_correct_3 +R26916 RTL.exec_funct +R26916 RTL.exec_funct +R27017 RTL.exec_program +R26994 RTL.exec_program +R26986 Values.val +R27120 Constprop.transf_function +R27120 Constprop.transf_function +R27191 AST.prog_main +R27168 AST.prog_main +R27191 AST.prog_main +R27168 AST.prog_main +R27218 Constpropproof.symbols_preserved +R27218 Constpropproof.symbols_preserved +R27258 Constpropproof.function_ptr_translated +R27258 Constpropproof.function_ptr_translated +R27351 Constprop.analyze +R27351 Constprop.analyze +R27384 Constpropproof.transf_funct_correct +R27384 Constpropproof.transf_funct_correct +R27447 Globalenvs.init_mem_transf +R27447 Globalenvs.init_mem_transf +FCSE +R316 Coq.NArith.BinPos.positive +R371 Coq.Lists.List.list +R376 CSE.valnum +R358 Op.operation +R430 Coq.Lists.List.list +R435 CSE.valnum +R416 Op.addressing +R400 AST.memory_chunk +R495 Coq.Init.Specif "{ A } + { B }" type_scope +R497 Coq.Init.Logic "x = y" type_scope +R503 Coq.Init.Logic "x <> y" type_scope +R486 CSE.valnum +R486 CSE.valnum +R511 Coqlib.peq +R564 Coq.Init.Specif "{ A } + { B }" type_scope +R566 Coq.Init.Logic "x = y" type_scope +R572 Coq.Init.Logic "x <> y" type_scope +R549 Coq.Lists.List.list +R554 CSE.valnum +R549 Coq.Lists.List.list +R554 CSE.valnum +R688 CSE.eq_valnum +R688 CSE.eq_valnum +R835 Coq.Init.Specif "{ A } + { B }" type_scope +R837 Coq.Init.Logic "x = y" type_scope +R843 Coq.Init.Logic "x <> y" type_scope +R828 CSE.rhs +R828 CSE.rhs +R869 Integers.eq_dec +R869 Integers.eq_dec +R901 Floats.eq_dec +R901 Floats.eq_dec +R953 Coq.Init.Specif "{ A } + { B }" type_scope +R955 Coq.Init.Logic "x = y" type_scope +R961 Coq.Init.Logic "x <> y" type_scope +R945 AST.ident +R945 AST.ident +R953 Coq.Init.Specif "{ A } + { B }" type_scope +R955 Coq.Init.Logic "x = y" type_scope +R961 Coq.Init.Logic "x <> y" type_scope +R945 AST.ident +R945 AST.ident +R974 Coqlib.peq +R974 Coqlib.peq +R1015 Coq.Init.Specif "{ A } + { B }" type_scope +R1017 Coq.Init.Logic "x = y" type_scope +R1023 Coq.Init.Logic "x <> y" type_scope +R1002 AST.comparison +R1002 AST.comparison +R1015 Coq.Init.Specif "{ A } + { B }" type_scope +R1017 Coq.Init.Logic "x = y" type_scope +R1023 Coq.Init.Logic "x <> y" type_scope +R1002 AST.comparison +R1002 AST.comparison +R1082 Coq.Init.Specif "{ A } + { B }" type_scope +R1084 Coq.Init.Logic "x = y" type_scope +R1090 Coq.Init.Logic "x <> y" type_scope +R1070 Op.condition +R1070 Op.condition +R1082 Coq.Init.Specif "{ A } + { B }" type_scope +R1084 Coq.Init.Logic "x = y" type_scope +R1090 Coq.Init.Logic "x <> y" type_scope +R1070 Op.condition +R1070 Op.condition +R1149 Coq.Init.Specif "{ A } + { B }" type_scope +R1151 Coq.Init.Logic "x = y" type_scope +R1157 Coq.Init.Logic "x <> y" type_scope +R1137 Op.operation +R1137 Op.operation +R1149 Coq.Init.Specif "{ A } + { B }" type_scope +R1151 Coq.Init.Logic "x = y" type_scope +R1157 Coq.Init.Logic "x <> y" type_scope +R1137 Op.operation +R1137 Op.operation +R1219 Coq.Init.Specif "{ A } + { B }" type_scope +R1221 Coq.Init.Logic "x = y" type_scope +R1227 Coq.Init.Logic "x <> y" type_scope +R1204 AST.memory_chunk +R1204 AST.memory_chunk +R1219 Coq.Init.Specif "{ A } + { B }" type_scope +R1221 Coq.Init.Logic "x = y" type_scope +R1227 Coq.Init.Logic "x <> y" type_scope +R1204 AST.memory_chunk +R1204 AST.memory_chunk +R1287 Coq.Init.Specif "{ A } + { B }" type_scope +R1289 Coq.Init.Logic "x = y" type_scope +R1295 Coq.Init.Logic "x <> y" type_scope +R1274 Op.addressing +R1274 Op.addressing +R1287 Coq.Init.Specif "{ A } + { B }" type_scope +R1289 Coq.Init.Logic "x = y" type_scope +R1295 Coq.Init.Logic "x <> y" type_scope +R1274 Op.addressing +R1274 Op.addressing +R1332 CSE.eq_valnum +R1332 CSE.eq_valnum +R1363 CSE.eq_list_valnum +R1363 CSE.eq_list_valnum +R1463 CSE.valnum +R1482 Coq.Lists.List.list +R1495 Coq.Init.Datatypes "x * y" type_scope +R1488 CSE.valnum +R1497 CSE.rhs +R1514 Maps.t +R1522 CSE.valnum +R1565 CSE.mknumbering +R1593 Maps.empty +R1605 CSE.valnum +R1588 Coq.Lists.List.nil +R1673 Coq.Init.Datatypes "x * y" type_scope +R1663 CSE.numbering +R1675 CSE.valnum +R1693 Maps.get +R1708 CSE.num_reg +R1726 Coq.Init.Datatypes.Some +R1736 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1747 Coq.Init.Datatypes.None +R1757 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1758 CSE.mknumbering +R1858 Maps.set +R1886 CSE.num_reg +R1873 CSE.num_next +R1821 CSE.num_eqs +R1771 Coq.NArith.BinPos.Psucc +R1780 CSE.num_next +R1915 CSE.num_next +R1656 Registers.reg +R1641 CSE.numbering +R2030 Coq.Init.Datatypes "x * y" type_scope +R2020 CSE.numbering +R2032 Coq.Lists.List.list +R2037 CSE.valnum +R1975 Coq.Lists.List.list +R1980 Registers.reg +R1959 CSE.numbering +R2067 Coq.Lists.List.nil +R2080 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2084 Coq.Lists.List.nil +R2096 Coq.Lists.List "x :: y" list_scope +R2127 CSE.valnum_reg +R2195 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2203 Coq.Lists.List "x :: y" list_scope +R1975 Coq.Lists.List.list +R1980 Registers.reg +R1959 CSE.numbering +R2270 Coq.Lists.List.list +R2283 Coq.Init.Datatypes "x * y" type_scope +R2276 CSE.valnum +R2285 CSE.rhs +R2247 Coq.Lists.List.list +R2260 Coq.Init.Datatypes "x * y" type_scope +R2253 CSE.valnum +R2262 CSE.rhs +R2314 Coq.Lists.List.nil +R2321 Coq.Lists.List.nil +R2345 Coq.Lists.List "x :: y" list_scope +R2329 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2333 CSE.Load +R2382 Coq.Lists.List "x :: y" list_scope +R2397 Coq.Lists.List "x :: y" list_scope +R2247 Coq.Lists.List.list +R2260 Coq.Init.Datatypes "x * y" type_scope +R2253 CSE.valnum +R2262 CSE.rhs +R2527 Coq.Init.Datatypes.option +R2534 CSE.valnum +R2466 Coq.Lists.List.list +R2479 Coq.Init.Datatypes "x * y" type_scope +R2472 CSE.valnum +R2481 CSE.rhs +R2455 CSE.rhs +R2565 Coq.Lists.List.nil +R2572 Coq.Init.Datatypes.None +R2589 Coq.Lists.List "x :: y" list_scope +R2581 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2609 CSE.eq_rhs +R2626 Coq.Init.Datatypes.Some +R2466 Coq.Lists.List.list +R2479 Coq.Init.Datatypes "x * y" type_scope +R2472 CSE.valnum +R2481 CSE.rhs +R2455 CSE.rhs +R2725 CSE.numbering +R2746 CSE.find_valnum_rhs +R2768 CSE.num_eqs +R2786 Coq.Init.Datatypes.Some +R2805 CSE.mknumbering +R2861 Maps.set +R2882 CSE.num_reg +R2833 CSE.num_eqs +R2820 CSE.num_next +R2896 Coq.Init.Datatypes.None +R2910 CSE.mknumbering +R3016 Maps.set +R3045 CSE.num_reg +R3032 CSE.num_next +R2981 Coq.Lists.List "x :: y" list_scope +R2962 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2966 CSE.num_next +R2987 CSE.num_eqs +R2923 Coq.NArith.BinPos.Psucc +R2932 CSE.num_next +R2718 CSE.rhs +R2708 Registers.reg +R2692 CSE.numbering +R3158 CSE.valnum_regs +R3180 CSE.add_rhs +R3195 CSE.Op +R3127 Coq.Lists.List.list +R3132 Registers.reg +R3111 Op.operation +R3101 Registers.reg +R3085 CSE.numbering +R3370 CSE.valnum_regs +R3392 CSE.add_rhs +R3407 CSE.Load +R3339 Coq.Lists.List.list +R3344 Registers.reg +R3302 Op.addressing +R3281 AST.memory_chunk +R3247 Registers.reg +R3231 CSE.numbering +R3468 CSE.numbering +R3483 CSE.mknumbering +R3567 CSE.num_reg +R3523 CSE.kill_load_eqs +R3540 CSE.num_eqs +R3498 CSE.num_next +R3455 CSE.numbering +R3630 Coq.Init.Datatypes.option +R3637 Registers.reg +R3646 Maps.fold +R3765 Coq.Init.Datatypes.None +R3756 CSE.num_reg +R3718 Coqlib.peq +R3732 Coq.Init.Datatypes.Some +R3697 CSE.valnum +R3688 Registers.reg +R3672 Coq.Init.Datatypes.option +R3679 Registers.reg +R3620 CSE.valnum +R3604 CSE.numbering +R3819 Coq.Init.Datatypes.option +R3826 Registers.reg +R3841 CSE.find_valnum_rhs +R3863 CSE.num_eqs +R3881 Coq.Init.Datatypes.None +R3889 Coq.Init.Datatypes.None +R3898 Coq.Init.Datatypes.Some +R3911 CSE.reg_valnum +R3812 CSE.rhs +R3796 CSE.numbering +R4008 Coq.Init.Datatypes.option +R4015 Registers.reg +R4040 CSE.valnum_regs +R4062 CSE.find_rhs +R4075 CSE.Op +R3996 Coq.Lists.List.list +R4001 Registers.reg +R3980 Op.operation +R3964 CSE.numbering +R4185 Coq.Init.Datatypes.option +R4192 Registers.reg +R4217 CSE.valnum_regs +R4239 CSE.find_rhs +R4252 CSE.Load +R4173 Coq.Lists.List.list +R4178 Registers.reg +R4156 Op.addressing +R4135 AST.memory_chunk +R4116 CSE.numbering +R4539 CSE.Op +R4605 Coq.Init.Logic "x = y" type_scope +R4557 Op.eval_operation +R4582 Coq.Lists.List.map +R4613 Coq.Init.Datatypes.Some +R4639 CSE.Load +R4667 Coq.Init.Logic "'exists' x , p" type_scope +R4743 Coq.Init.Logic "A /\ B" type_scope +R4734 Coq.Init.Logic "x = y" type_scope +R4683 Op.eval_addressing +R4711 Coq.Lists.List.map +R4736 Coq.Init.Datatypes.Some +R4768 Coq.Init.Logic "x = y" type_scope +R4752 Mem.loadv +R4770 Coq.Init.Datatypes.Some +R4504 CSE.rhs +R4491 CSE.valnum +R4473 Mem.mem +R4464 Values.val +R4453 RTL.genv +R4438 Values.val +R4428 CSE.valnum +R5027 Coq.Init.Logic "A /\ B" type_scope +R4989 CSE.equation_holds +R4955 Coq.Lists.List.In +R4970 CSE.num_eqs +R4958 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5097 Coq.Init.Logic "x = y" type_scope +R5094 Registers "a # b" +R5079 Coq.Init.Logic "x = y" type_scope +R5055 Maps.get +R5070 CSE.num_reg +R5081 Coq.Init.Datatypes.Some +R4907 CSE.numbering +R4898 Mem.mem +R4886 RTL.regset +R4876 Values.val +R4865 RTL.genv +R4852 Values.val +R4842 CSE.valnum +R5221 Coq.Init.Logic "'exists' x , p" type_scope +R5239 CSE.numbering_holds +R5198 CSE.numbering +R5189 Mem.mem +R5177 RTL.regset +R5167 Values.val +R5156 RTL.genv +R5336 CSE.numbering_satisfiable +R5369 CSE.empty_numbering +R5439 Values.Vundef +R5428 CSE.valnum +R5439 Values.Vundef +R5428 CSE.valnum +R5490 Maps.gempty +R5490 Maps.gempty +R5567 CSE.numbering +R5694 CSE.numbering_satisfiable +R5651 CSE.numbering_satisfiable +R5602 CSE.numbering +R5602 CSE.numbering +R5751 CSE.empty_numbering +R5794 CSE.ge +R5797 CSE.top +R5856 CSE.empty_numbering_satisfiable +R5856 CSE.empty_numbering_satisfiable +R5919 CSE.ge +R6133 Maps "a ! b" +R6125 RTL.fn_code +R6146 Coq.Init.Datatypes.None +R6165 Coq.Init.Datatypes.Some +R6202 RTL.Inop +R6237 RTL.Iop +R6268 CSE.add_op +R6302 RTL.Iload +R6343 CSE.add_load +R6387 RTL.Istore +R6429 CSE.kill_loads +R6455 RTL.Icall +R6493 CSE.empty_numbering +R6517 RTL.Icond +R6572 RTL.Ireturn +R6100 CSE.numbering +R6085 RTL.node +R6070 RTL.function +R6663 Maps.t +R6670 CSE.numbering +R6691 CSE.fixpoint +R6777 RTL.fn_entrypoint +R6762 CSE.transfer +R6725 RTL.fn_nextpc +R6708 RTL.successors +R6801 Coq.Init.Datatypes.None +R6809 Maps.init +R6819 CSE.empty_numbering +R6839 Coq.Init.Datatypes.Some +R6648 RTL.function +R6932 Coq.Init.Datatypes.bool +R6960 Op.Omove +R6969 Coq.Init.Datatypes.true +R6978 Op.Ointconst +R6993 Coq.Init.Datatypes.true +R7002 Op.Oaddrsymbol +R7021 Coq.Init.Datatypes.true +R7030 Op.Oaddrstack +R7046 Coq.Init.Datatypes.true +R7055 Op.Oundef +R7065 Coq.Init.Datatypes.true +R7079 Coq.Init.Datatypes.false +R6919 Op.operation +R7179 RTL.Iop +R7209 CSE.is_trivial_op +R7256 CSE.find_op +R7289 Coq.Init.Datatypes.None +R7313 Coq.Init.Datatypes.Some +R7323 RTL.Iop +R7336 Coq.Lists.List "x :: y" list_scope +R7339 Coq.Lists.List.nil +R7327 Op.Omove +R7366 RTL.Iload +R7409 CSE.find_load +R7450 Coq.Init.Datatypes.None +R7472 Coq.Init.Datatypes.Some +R7482 RTL.Iop +R7495 Coq.Lists.List "x :: y" list_scope +R7498 Coq.Lists.List.nil +R7486 Op.Omove +R7140 RTL.instruction +R7121 CSE.numbering +R7616 RTL.code +R7626 Maps.map +R7653 CSE.transf_instr +R7673 Maps "a !! b" +R7608 RTL.code +R7581 Maps.t +R7588 CSE.numbering +R7841 Coq.Init.Logic "A \/ B" type_scope +R7814 Coqlib.Plt +R7824 RTL.fn_nextpc +R7881 Coq.Init.Logic "x = y" type_scope +R7876 Maps "a ! b" +R7845 CSE.transf_code +R7868 RTL.fn_code +R7883 Coq.Init.Datatypes.None +R7771 Coq.Init.Logic "A \/ B" type_scope +R7750 Coqlib.Plt +R7760 RTL.fn_nextpc +R7789 Coq.Init.Logic "x = y" type_scope +R7785 Maps "a ! b" +R7777 RTL.fn_code +R7791 Coq.Init.Datatypes.None +R7981 Maps.gmap +R7981 Maps.gmap +R8089 RTL.function +R8133 RTL.mkfunction +R8309 CSE.transf_code_wf +R8337 RTL.fn_code_wf +R8289 RTL.fn_nextpc +R8263 RTL.fn_entrypoint +R8219 CSE.transf_code +R8242 RTL.fn_code +R8196 RTL.fn_stacksize +R8174 RTL.fn_params +R8155 RTL.fn_sig +R8118 CSE.analyze +R8077 RTL.function +R8393 RTL.program +R8406 AST.transform_program +R8424 CSE.transf_function +R8382 RTL.program +FCSEproof +R453 CSE.Op +R486 Coqlib.Plt +R475 Coq.Lists.List.In +R501 CSE.Load +R544 Coqlib.Plt +R533 Coq.Lists.List.In +R418 CSE.rhs +R405 CSE.valnum +R648 Coq.Init.Logic "A /\ B" type_scope +R636 Coqlib.Plt +R651 CSEproof.wf_rhs +R619 CSE.rhs +R606 CSE.valnum +R593 CSE.valnum +R792 Coq.Init.Logic "A /\ B" type_scope +R763 CSEproof.wf_equation +R778 CSE.num_next +R737 Coq.Lists.List.In +R751 CSE.num_eqs +R740 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R852 Coqlib.Plt +R861 CSE.num_next +R840 Coq.Init.Logic "x = y" type_scope +R816 Maps.get +R831 CSE.num_reg +R842 Coq.Init.Datatypes.Some +R696 CSE.numbering +R902 CSEproof.wf_numbering +R915 CSE.empty_numbering +R1007 Maps.gempty +R1007 Maps.gempty +R1136 CSEproof.wf_rhs +R1117 CSEproof.wf_rhs +R1096 Coqlib.Ple +R1204 Coqlib.Plt_Ple_trans +R1204 Coqlib.Plt_Ple_trans +R1204 Coqlib.Plt_Ple_trans +R1350 CSEproof.wf_equation +R1323 CSEproof.wf_equation +R1302 Coqlib.Ple +R1425 Coqlib.Plt_Ple_trans +R1425 Coqlib.Plt_Ple_trans +R1465 CSEproof.wf_rhs_increasing +R1465 CSEproof.wf_rhs_increasing +R1615 Coq.Init.Logic "A /\ B" type_scope +R1599 CSEproof.wf_numbering +R1638 Coq.Init.Logic "A /\ B" type_scope +R1618 Coqlib.Plt +R1628 CSE.num_next +R1641 Coqlib.Ple +R1662 CSE.num_next +R1648 CSE.num_next +R1584 Coq.Init.Logic "x = y" type_scope +R1569 CSE.valnum_reg +R1586 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1549 CSEproof.wf_numbering +R1787 Maps "a ! b" +R1778 CSE.num_reg +R1787 Maps "a ! b" +R1778 CSE.num_reg +R1876 Coqlib.Ple_refl +R1876 Coqlib.Ple_refl +R2001 CSE.num_next +R1972 CSEproof.wf_equation_increasing +R2001 CSE.num_next +R1972 CSEproof.wf_equation_increasing +R2020 Coqlib.Ple_succ +R2020 Coqlib.Ple_succ +R2047 Maps.gsspec +R2047 Maps.gsspec +R2077 Coqlib.peq +R2077 Coqlib.peq +R2108 CSE.num_next +R2108 CSE.num_next +R2127 Coqlib.Plt_succ +R2127 Coqlib.Plt_succ +R2157 Coqlib.Plt_trans_succ +R2157 Coqlib.Plt_trans_succ +R2196 Coqlib.Plt_succ +R2196 Coqlib.Plt_succ +R2212 Coqlib.Ple_succ +R2212 Coqlib.Ple_succ +R2342 Coq.Init.Logic "A /\ B" type_scope +R2326 CSEproof.wf_numbering +R2388 Coq.Init.Logic "A /\ B" type_scope +R2369 Coqlib.Plt +R2379 CSE.num_next +R2358 Coq.Lists.List.In +R2395 Coqlib.Ple +R2416 CSE.num_next +R2402 CSE.num_next +R2310 Coq.Init.Logic "x = y" type_scope +R2293 CSE.valnum_regs +R2312 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2273 CSEproof.wf_numbering +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R2555 CSE.valnum_reg +R2555 CSE.valnum_reg +R2600 CSE.valnum_regs +R2600 CSE.valnum_regs +R2742 CSEproof.wf_valnum_reg +R2742 CSEproof.wf_valnum_reg +R2923 Coqlib.Plt_Ple_trans +R2923 Coqlib.Plt_Ple_trans +R2964 Coqlib.Ple_trans +R2964 Coqlib.Ple_trans +R3077 Coq.Lists.List.In +R3080 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3064 Coq.Init.Logic "x = y" type_scope +R3041 CSE.find_valnum_rhs +R3066 Coq.Init.Datatypes.Some +R3168 CSE.eq_rhs +R3168 CSE.eq_rhs +R3331 CSEproof.wf_numbering +R3345 CSE.add_rhs +R3303 CSEproof.wf_rhs +R3313 CSE.num_next +R3283 CSEproof.wf_numbering +R3420 CSE.find_valnum_rhs +R3442 CSE.num_eqs +R3420 CSE.find_valnum_rhs +R3442 CSE.num_eqs +R3513 Maps.gsspec +R3513 Maps.gsspec +R3533 Coqlib.peq +R3533 Coqlib.peq +R3596 CSEproof.find_valnum_rhs_correct +R3596 CSEproof.find_valnum_rhs_correct +R3728 Coqlib.Plt_succ +R3728 Coqlib.Plt_succ +R3770 CSE.num_next +R3744 CSEproof.wf_rhs_increasing +R3770 CSE.num_next +R3744 CSEproof.wf_rhs_increasing +R3789 Coqlib.Ple_succ +R3789 Coqlib.Ple_succ +R3844 CSE.num_next +R3813 CSEproof.wf_equation_increasing +R3844 CSE.num_next +R3813 CSEproof.wf_equation_increasing +R3861 Coqlib.Ple_succ +R3861 Coqlib.Ple_succ +R3899 Maps.gsspec +R3899 Maps.gsspec +R3919 Coqlib.peq +R3919 Coqlib.peq +R3966 Coqlib.Plt_succ +R3966 Coqlib.Plt_succ +R3991 Coqlib.Plt_trans_succ +R3991 Coqlib.Plt_trans_succ +R4081 CSEproof.wf_numbering +R4095 CSE.add_op +R4061 CSEproof.wf_numbering +R4158 CSE.valnum_regs +R4158 CSE.valnum_regs +R4209 CSEproof.wf_valnum_regs +R4209 CSEproof.wf_valnum_regs +R4265 CSEproof.wf_add_rhs +R4265 CSEproof.wf_add_rhs +R4359 CSEproof.wf_numbering +R4373 CSE.add_load +R4339 CSEproof.wf_numbering +R4448 CSE.valnum_regs +R4448 CSE.valnum_regs +R4499 CSEproof.wf_valnum_regs +R4499 CSEproof.wf_valnum_regs +R4555 CSEproof.wf_add_rhs +R4555 CSEproof.wf_add_rhs +R4680 Coq.Lists.List.incl +R4695 Coq.Lists.List "x :: y" list_scope +R4687 Coq.Lists.List "x :: y" list_scope +R4666 Coq.Lists.List.incl +R4655 Coq.Lists.List.list +R4655 Coq.Lists.List.list +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R4797 Coq.Lists.List.incl +R4808 CSE.kill_load_eqs +R4879 Coq.Lists.List.incl_refl +R4879 Coq.Lists.List.incl_refl +R4922 CSEproof.incl_same_head +R4922 CSEproof.incl_same_head +R4960 Coq.Lists.List.incl_tl +R4960 Coq.Lists.List.incl_tl +R5032 CSEproof.wf_numbering +R5046 CSE.kill_loads +R5014 CSEproof.wf_numbering +R5150 CSEproof.kill_load_eqs_incl +R5150 CSEproof.kill_load_eqs_incl +R5245 CSEproof.wf_numbering +R5259 CSE.transfer +R5227 CSEproof.wf_numbering +R5335 Maps "a ! b" +R5327 RTL.fn_code +R5335 Maps "a ! b" +R5327 RTL.fn_code +R5375 CSEproof.wf_add_op +R5375 CSEproof.wf_add_op +R5400 CSEproof.wf_add_load +R5400 CSEproof.wf_add_load +R5427 CSEproof.wf_kill_loads +R5427 CSEproof.wf_kill_loads +R5456 CSEproof.wf_empty_numbering +R5456 CSEproof.wf_empty_numbering +R5517 CSEproof.wf_numbering +R5540 Maps "a !! b" +R5531 CSE.analyze +R5590 CSE.fixpoint +R5676 RTL.fn_entrypoint +R5663 CSE.transfer +R5622 RTL.fn_nextpc +R5607 RTL.successors +R5590 CSE.fixpoint +R5676 RTL.fn_entrypoint +R5663 CSE.transfer +R5622 RTL.fn_nextpc +R5607 RTL.successors +R5761 CSEproof.wf_numbering +R5724 CSE.fixpoint_invariant +R5761 CSEproof.wf_numbering +R5724 CSE.fixpoint_invariant +R5791 CSEproof.wf_empty_numbering +R5791 CSEproof.wf_empty_numbering +R5823 CSEproof.wf_transfer +R5823 CSEproof.wf_transfer +R5856 Maps.gi +R5856 Maps.gi +R5871 CSEproof.wf_empty_numbering +R5871 CSEproof.wf_empty_numbering +R5968 CSE.valnum +R5995 Coqlib.peq +R6085 RTL.genv +R6104 Values.val +R6121 Mem.mem +R6237 Coq.Init.Logic "x = y" type_scope +R6215 Coqlib.Plt +R6185 CSE.valnum +R6173 Values.val +R6163 CSE.valnum +R6173 Values.val +R6163 CSE.valnum +R6292 CSEproof.valu_agree +R6514 CSEproof.valu_agree +R6491 Coqlib.Ple +R6456 CSEproof.valu_agree +R6421 CSEproof.valu_agree +R6617 Coqlib.Plt_Ple_trans +R6617 Coqlib.Plt_Ple_trans +R6813 Coq.Init.Logic "x = y" type_scope +R6800 Coq.Lists.List.map +R6815 Coq.Lists.List.map +R6783 Coqlib.Plt +R6772 Coq.Lists.List.In +R6728 CSEproof.valu_agree +R6852 Coqlib.list_map_exten +R6852 Coqlib.list_map_exten +R7066 CSE.numbering_holds +R7026 CSE.numbering_holds +R7006 CSEproof.wf_numbering +R6965 CSEproof.valu_agree +R6991 CSE.num_next +R7297 CSEproof.valu_agree_list +R7328 CSE.num_next +R7297 CSEproof.valu_agree_list +R7328 CSE.num_next +R7415 CSEproof.valu_agree_list +R7446 CSE.num_next +R7415 CSEproof.valu_agree_list +R7446 CSE.num_next +R7677 Coq.Init.Logic "'exists' x , p" type_scope +R7731 Coq.Init.Logic "A /\ B" type_scope +R7695 CSE.numbering_holds +R7753 Coq.Init.Logic "A /\ B" type_scope +R7746 Coq.Init.Logic "x = y" type_scope +R7750 Registers "a # b" +R7760 CSEproof.valu_agree +R7786 CSE.num_next +R7662 Coq.Init.Logic "x = y" type_scope +R7647 CSE.valnum_reg +R7664 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7607 CSE.numbering_holds +R7587 CSEproof.wf_numbering +R7863 Maps "a ! b" +R7855 CSE.num_reg +R7863 Maps "a ! b" +R7855 CSE.num_reg +R8037 CSEproof.valu_agree_refl +R8037 CSEproof.valu_agree_refl +R8170 CSEproof.set +R8194 Registers "a # b" +R8182 CSE.num_next +R8170 CSEproof.set +R8194 Registers "a # b" +R8182 CSE.num_next +R8219 CSEproof.valu_agree +R8245 CSE.num_next +R8219 CSEproof.valu_agree +R8245 CSE.num_next +R8294 CSEproof.gso +R8294 CSEproof.gso +R8335 CSEproof.numbering_holds_exten +R8335 CSEproof.numbering_holds_exten +R8489 Maps.gsspec +R8489 Maps.gsspec +R8519 Coqlib.peq +R8519 Coqlib.peq +R8554 Coqlib.peq_true +R8554 Coqlib.peq_true +R8584 Coqlib.peq +R8592 CSE.num_next +R8584 Coqlib.peq +R8592 CSE.num_next +R8681 Coqlib.Plt_strict +R8681 Coqlib.Plt_strict +R8738 CSEproof.gss +R8738 CSEproof.gss +R8913 Coq.Init.Logic "'exists' x , p" type_scope +R8967 Coq.Init.Logic "A /\ B" type_scope +R8931 CSE.numbering_holds +R9001 Coq.Init.Logic "A /\ B" type_scope +R8992 Coq.Init.Logic "x = y" type_scope +R8974 Coq.Lists.List.map +R8996 Registers "a ## b" +R9008 CSEproof.valu_agree +R9034 CSE.num_next +R8897 Coq.Init.Logic "x = y" type_scope +R8880 CSE.valnum_regs +R8899 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8840 CSE.numbering_holds +R8820 CSEproof.wf_numbering +R9192 CSEproof.valu_agree_refl +R9192 CSEproof.valu_agree_refl +R9242 CSE.valnum_reg +R9242 CSE.valnum_reg +R9287 CSE.valnum_regs +R9287 CSE.valnum_regs +R9413 CSEproof.valnum_reg_holds +R9413 CSEproof.valnum_reg_holds +R9495 CSEproof.wf_valnum_reg +R9495 CSEproof.wf_valnum_reg +R9696 CSEproof.valu_agree_trans +R9696 CSEproof.valu_agree_trans +R9826 CSE.Op +R9888 Coq.Init.Logic "x = y" type_scope +R9845 Op.eval_operation +R9870 Coq.Lists.List.map +R9890 Coq.Init.Datatypes.Some +R9901 CSE.Load +R9929 Coq.Init.Logic "'exists' x , p" type_scope +R10000 Coq.Init.Logic "A /\ B" type_scope +R9991 Coq.Init.Logic "x = y" type_scope +R9945 Op.eval_addressing +R9973 Coq.Lists.List.map +R9993 Coq.Init.Datatypes.Some +R10025 Coq.Init.Logic "x = y" type_scope +R10009 Mem.loadv +R10027 Coq.Init.Datatypes.Some +R9791 Values.val +R9782 CSE.rhs +R9772 Values.val +R9762 CSE.valnum +R10181 Coq.Init.Logic "x = y" type_scope +R10130 CSE.equation_holds +R10102 CSEproof.rhs_evals_to +R10440 CSE.equation_holds +R10456 CSEproof.set +R10412 CSEproof.rhs_evals_to +R10392 CSEproof.wf_rhs +R10578 CSEproof.gss +R10578 CSEproof.gss +R10714 Coq.Init.Logic "x = y" type_scope +R10684 Coq.Lists.List.map +R10689 CSEproof.set +R10716 Coq.Lists.List.map +R10657 Coqlib.Plt +R10646 Coq.Lists.List.In +R10610 Coq.Lists.List.list +R10615 CSE.valnum +R10714 Coq.Init.Logic "x = y" type_scope +R10684 Coq.Lists.List.map +R10689 CSEproof.set +R10716 Coq.Lists.List.map +R10657 Coqlib.Plt +R10646 Coq.Lists.List.In +R10610 Coq.Lists.List.list +R10615 CSE.valnum +R10748 Coqlib.list_map_exten +R10748 Coqlib.list_map_exten +R10793 CSEproof.gso +R10793 CSEproof.gso +R10809 Coqlib.Plt_ne +R10809 Coqlib.Plt_ne +R11044 CSE.numbering_satisfiable +R11088 CSE.add_rhs +R11075 Registers "a # b <- c" +R11015 CSEproof.rhs_evals_to +R10975 CSE.numbering_holds +R10947 CSEproof.wf_rhs +R10957 CSE.num_next +R10927 CSEproof.wf_numbering +R11150 CSE.find_valnum_rhs +R11172 CSE.num_eqs +R11150 CSE.find_valnum_rhs +R11172 CSE.num_eqs +R11294 Registers.gsspec +R11294 Registers.gsspec +R11320 Maps.gsspec +R11320 Maps.gsspec +R11352 Coqlib.peq +R11352 Coqlib.peq +R11382 CSEproof.equation_evals_to_holds_1 +R11382 CSEproof.equation_evals_to_holds_1 +R11434 CSEproof.find_valnum_rhs_correct +R11434 CSEproof.find_valnum_rhs_correct +R11534 CSEproof.set +R11546 CSE.num_next +R11534 CSEproof.set +R11546 CSE.num_next +R11580 CSEproof.valu_agree +R11606 CSE.num_next +R11580 CSEproof.valu_agree +R11606 CSE.num_next +R11655 CSEproof.gso +R11655 CSEproof.gso +R11696 CSEproof.numbering_holds_exten +R11696 CSEproof.numbering_holds_exten +R11861 CSEproof.equation_evals_to_holds_2 +R11861 CSEproof.equation_evals_to_holds_2 +R11913 Registers.gsspec +R11913 Registers.gsspec +R11936 Maps.gsspec +R11936 Maps.gsspec +R11966 Coqlib.peq +R11966 Coqlib.peq +R12023 CSEproof.gss +R12023 CSEproof.gss +R12211 CSE.numbering_satisfiable +R12256 CSE.add_op +R12242 Registers "a # b <- c" +R12197 Coq.Init.Logic "x = y" type_scope +R12164 Op.eval_operation +R12190 Registers "a ## b" +R12199 Coq.Init.Datatypes.Some +R12124 CSE.numbering_satisfiable +R12104 CSEproof.wf_numbering +R12337 CSE.valnum_regs +R12337 CSE.valnum_regs +R12390 CSEproof.valnum_regs_holds +R12390 CSEproof.valnum_regs_holds +R12471 CSEproof.wf_valnum_regs +R12471 CSEproof.wf_valnum_regs +R12528 CSEproof.add_rhs_satisfiable +R12528 CSEproof.add_rhs_satisfiable +R12803 CSE.numbering_satisfiable +R12859 CSE.add_load +R12840 Registers "a # b <- c" +R12789 Coq.Init.Logic "x = y" type_scope +R12773 Mem.loadv +R12791 Coq.Init.Datatypes.Some +R12759 Coq.Init.Logic "x = y" type_scope +R12723 Op.eval_addressing +R12752 Registers "a ## b" +R12761 Coq.Init.Datatypes.Some +R12683 CSE.numbering_satisfiable +R12663 CSEproof.wf_numbering +R12952 CSE.valnum_regs +R12952 CSE.valnum_regs +R13005 CSEproof.valnum_regs_holds +R13005 CSEproof.valnum_regs_holds +R13086 CSEproof.wf_valnum_regs +R13086 CSEproof.wf_valnum_regs +R13143 CSEproof.add_rhs_satisfiable +R13143 CSEproof.add_rhs_satisfiable +R13325 CSE.Op +R13335 Coq.Init.Logic.True +R13342 CSE.Load +R13356 Coq.Init.Logic.False +R13273 Coq.Lists.List.In +R13286 CSE.kill_load_eqs +R13276 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13640 CSE.numbering_satisfiable +R13675 CSE.kill_loads +R13600 CSE.numbering_satisfiable +R13748 CSEproof.kill_load_eqs_incl +R13770 CSE.num_eqs +R13748 CSEproof.kill_load_eqs_incl +R13770 CSE.num_eqs +R13863 CSEproof.kill_load_eqs_ops +R13863 CSEproof.kill_load_eqs_ops +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R14040 Coq.Init.Logic "x = y" type_scope +R14037 Maps "a ! b" +R14029 CSE.num_reg +R14042 Coq.Init.Datatypes.Some +R14014 Coq.Init.Logic "x = y" type_scope +R13999 CSE.reg_valnum +R14016 Coq.Init.Datatypes.Some +R14102 Maps.fold_spec +R14102 Maps.fold_spec +R14306 Coq.Init.Logic "A \/ B" type_scope +R14294 Coq.Lists.List.In +R14297 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14314 Coq.Init.Logic "x = y" type_scope +R14316 Coq.Init.Datatypes.Some +R14277 Coq.Init.Logic "x = y" type_scope +R14147 Coq.Lists.List.fold_left +R14223 Coqlib.peq +R14228 Coq.Init.Datatypes.snd +R14242 Coq.Init.Datatypes.Some +R14248 Coq.Init.Datatypes.fst +R14198 Coq.Init.Datatypes "x * y" type_scope +R14194 Registers.reg +R14200 CSE.valnum +R14178 Coq.Init.Datatypes.option +R14185 Registers.reg +R14279 Coq.Init.Datatypes.Some +R14306 Coq.Init.Logic "A \/ B" type_scope +R14294 Coq.Lists.List.In +R14297 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14314 Coq.Init.Logic "x = y" type_scope +R14316 Coq.Init.Datatypes.Some +R14277 Coq.Init.Logic "x = y" type_scope +R14147 Coq.Lists.List.fold_left +R14223 Coqlib.peq +R14228 Coq.Init.Datatypes.snd +R14242 Coq.Init.Datatypes.Some +R14248 Coq.Init.Datatypes.fst +R14198 Coq.Init.Datatypes "x * y" type_scope +R14194 Registers.reg +R14200 CSE.valnum +R14178 Coq.Init.Datatypes.option +R14185 Registers.reg +R14279 Coq.Init.Datatypes.Some +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R14437 Coqlib.peq +R14437 Coqlib.peq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R14574 Maps.elements_complete +R14574 Maps.elements_complete +R14745 CSEproof.rhs_evals_to +R14768 Registers "a # b" +R14731 Coq.Init.Logic "x = y" type_scope +R14717 CSE.find_rhs +R14733 Coq.Init.Datatypes.Some +R14678 CSE.numbering_holds +R14840 CSE.find_valnum_rhs +R14862 CSE.num_eqs +R14840 CSE.find_valnum_rhs +R14862 CSE.num_eqs +R14895 CSEproof.find_valnum_rhs_correct +R14895 CSEproof.find_valnum_rhs_correct +R14950 CSEproof.reg_valnum_correct +R14950 CSEproof.reg_valnum_correct +R15277 Coq.Init.Logic "x = y" type_scope +R15244 Op.eval_operation +R15270 Registers "a ## b" +R15279 Coq.Init.Datatypes.Some +R15286 Registers "a # b" +R15230 Coq.Init.Logic "x = y" type_scope +R15212 CSE.find_op +R15232 Coq.Init.Datatypes.Some +R15172 CSE.numbering_satisfiable +R15152 CSEproof.wf_numbering +R15362 CSE.valnum_regs +R15362 CSE.valnum_regs +R15419 CSEproof.valnum_regs_holds +R15419 CSEproof.valnum_regs_holds +R15520 CSEproof.rhs_evals_to +R15552 Registers "a # b" +R15540 CSE.Op +R15520 CSEproof.rhs_evals_to +R15552 Registers "a # b" +R15540 CSE.Op +R15566 CSEproof.find_rhs_correct +R15566 CSEproof.find_rhs_correct +R15759 Coq.Init.Logic "'exists' x , p" type_scope +R15816 Coq.Init.Logic "A /\ B" type_scope +R15807 Coq.Init.Logic "x = y" type_scope +R15771 Op.eval_addressing +R15800 Registers "a ## b" +R15809 Coq.Init.Datatypes.Some +R15837 Coq.Init.Logic "x = y" type_scope +R15821 Mem.loadv +R15839 Coq.Init.Datatypes.Some +R15846 Registers "a # b" +R15745 Coq.Init.Logic "x = y" type_scope +R15717 CSE.find_load +R15747 Coq.Init.Datatypes.Some +R15677 CSE.numbering_satisfiable +R15657 CSEproof.wf_numbering +R15924 CSE.valnum_regs +R15924 CSE.valnum_regs +R15981 CSEproof.valnum_regs_holds +R15981 CSEproof.valnum_regs_holds +R16082 CSEproof.rhs_evals_to +R16124 Registers "a # b" +R16102 CSE.Load +R16082 CSEproof.rhs_evals_to +R16124 Registers "a # b" +R16102 CSE.Load +R16138 CSEproof.find_rhs_correct +R16138 CSEproof.find_rhs_correct +R16381 CSE.numbering_satisfiable +R16417 CSE.transfer +R16341 CSE.numbering_satisfiable +R16321 CSEproof.wf_numbering +R16302 Coq.Init.Logic "x = y" type_scope +R16307 RTL.fn_code +R16257 RTL.exec_instr +R16529 CSEproof.add_op_satisfiable +R16529 CSEproof.add_op_satisfiable +R16579 CSEproof.add_load_satisfiable +R16579 CSEproof.add_load_satisfiable +R16632 CSEproof.kill_load_satisfiable +R16632 CSEproof.kill_load_satisfiable +R16684 CSE.empty_numbering_satisfiable +R16684 CSE.empty_numbering_satisfiable +R16906 CSE.numbering_satisfiable +R16951 Maps "a !! b" +R16942 CSE.analyze +R16852 CSE.numbering_satisfiable +R16895 Maps "a !! b" +R16886 CSE.analyze +R16833 Coq.Init.Logic "x = y" type_scope +R16838 RTL.fn_code +R16788 RTL.exec_instr +R17016 CSEproof.wf_analyze +R17016 CSEproof.wf_analyze +R17062 CSE.fixpoint +R17148 RTL.fn_entrypoint +R17135 CSE.transfer +R17094 RTL.fn_nextpc +R17079 RTL.successors +R17062 CSE.fixpoint +R17148 RTL.fn_entrypoint +R17135 CSE.transfer +R17094 RTL.fn_nextpc +R17079 RTL.successors +R17206 CSE.numbering_satisfiable +R17242 CSE.transfer +R17259 Maps "a !! b" +R17206 CSE.numbering_satisfiable +R17242 CSE.transfer +R17259 Maps "a !! b" +R17278 CSEproof.transfer_correct +R17278 CSEproof.transfer_correct +R17313 CSE.ge +R17336 CSE.transfer +R17353 Maps "a !! b" +R17329 Maps "a !! b" +R17313 CSE.ge +R17336 CSE.transfer +R17353 Maps "a !! b" +R17329 Maps "a !! b" +R17372 CSE.fixpoint_solution +R17372 CSE.fixpoint_solution +R17415 RTL.fn_code_wf +R17415 RTL.fn_code_wf +R17483 RTL.exec_instr_present +R17483 RTL.exec_instr_present +R17563 RTL.successors_correct +R17563 RTL.successors_correct +R17626 Maps.gi +R17626 Maps.gi +R17641 CSE.empty_numbering_satisfiable +R17641 CSE.empty_numbering_satisfiable +R17864 CSE.numbering_satisfiable +R17909 Maps "a !! b" +R17900 CSE.analyze +R17810 CSE.numbering_satisfiable +R17853 Maps "a !! b" +R17844 CSE.analyze +R17791 Coq.Init.Logic "x = y" type_scope +R17796 RTL.fn_code +R17745 RTL.exec_instrs +R17970 CSEproof.analysis_correct_1 +R17970 CSEproof.analysis_correct_1 +R18069 CSE.numbering_satisfiable +R18112 Maps "a !! b" +R18119 RTL.fn_entrypoint +R18103 CSE.analyze +R18175 Maps "a !! b" +R18182 RTL.fn_entrypoint +R18166 CSE.analyze +R18214 CSE.empty_numbering +R18175 Maps "a !! b" +R18182 RTL.fn_entrypoint +R18166 CSE.analyze +R18214 CSE.empty_numbering +R18239 CSE.empty_numbering_satisfiable +R18239 CSE.empty_numbering_satisfiable +R18296 CSE.fixpoint +R18382 RTL.fn_entrypoint +R18369 CSE.transfer +R18328 RTL.fn_nextpc +R18313 RTL.successors +R18296 CSE.fixpoint +R18382 RTL.fn_entrypoint +R18369 CSE.transfer +R18328 RTL.fn_nextpc +R18313 RTL.successors +R18465 CSE.top +R18444 CSE.empty_numbering +R18465 CSE.top +R18444 CSE.empty_numbering +R18488 CSE.fixpoint_entry +R18488 CSE.fixpoint_entry +R18544 Maps.gi +R18544 Maps.gi +R18598 RTL.program +R18620 CSE.transf_program +R18651 Globalenvs.globalenv +R18683 Globalenvs.globalenv +R18775 Coq.Init.Logic "x = y" type_scope +R18752 Globalenvs.find_symbol +R18777 Globalenvs.find_symbol +R18744 AST.ident +R18807 Globalenvs.find_symbol_transf +R18831 CSE.transf_function +R18979 Coq.Init.Logic "x = y" type_scope +R18957 Globalenvs.find_funct +R18981 Coq.Init.Datatypes.Some +R18987 CSE.transf_function +R18943 Coq.Init.Logic "x = y" type_scope +R18922 Globalenvs.find_funct +R18945 Coq.Init.Datatypes.Some +R18905 RTL.function +R18896 Values.val +R19015 Globalenvs.find_funct_transf +R19042 CSE.transf_function +R19200 Coq.Init.Logic "x = y" type_scope +R19174 Globalenvs.find_funct_ptr +R19202 Coq.Init.Datatypes.Some +R19208 CSE.transf_function +R19160 Coq.Init.Logic "x = y" type_scope +R19135 Globalenvs.find_funct_ptr +R19162 Coq.Init.Datatypes.Some +R19118 RTL.function +R19107 Values.block +R19236 Globalenvs.find_funct_ptr_transf +R19267 CSE.transf_function +R19555 RTL.exec_instr +R19571 CSE.transf_code +R19584 CSE.analyze +R19502 CSE.numbering_satisfiable +R19545 Maps "a !! b" +R19536 CSE.analyze +R19468 Coq.Init.Logic "x = y" type_scope +R19473 RTL.fn_code +R19426 Mem.mem +R19413 RTL.regset +R19401 RTL.node +R19382 Mem.mem +R19370 RTL.regset +R19359 RTL.node +R19341 Values.val +R19330 RTL.code +R19887 RTL.exec_instrs +R19904 CSE.transf_code +R19917 CSE.analyze +R19834 CSE.numbering_satisfiable +R19877 Maps "a !! b" +R19868 CSE.analyze +R19800 Coq.Init.Logic "x = y" type_scope +R19805 RTL.fn_code +R19758 Mem.mem +R19745 RTL.regset +R19733 RTL.node +R19714 Mem.mem +R19702 RTL.regset +R19691 RTL.node +R19673 Values.val +R19662 RTL.code +R20078 RTL.exec_function +R20097 CSE.transf_function +R20061 Mem.mem +R20051 Values.val +R20032 Mem.mem +R20018 Coq.Lists.List.list +R20023 Values.val +R19997 RTL.function +R20196 Coq.Init.Logic "x = y" type_scope +R20179 Maps.get +R20198 Coq.Init.Datatypes.Some +R20215 RTL.function +R20274 Coq.Init.Logic "x = y" type_scope +R20269 Maps "a ! b" +R20244 CSE.transf_code +R20257 CSE.analyze +R20276 Coq.Init.Datatypes.Some +R20281 CSE.transf_instr +R20304 Maps "a !! b" +R20295 CSE.analyze +R20369 Maps.gmap +R20540 CSEproof.exec_function_prop +R20502 RTL.exec_function +R20592 RTL.exec_function_ind_3 +R20658 CSEproof.exec_function_prop +R20641 CSEproof.exec_instrs_prop +R20625 CSEproof.exec_instr_prop +R20592 RTL.exec_function_ind_3 +R20658 CSEproof.exec_function_prop +R20641 CSEproof.exec_instrs_prop +R20625 CSEproof.exec_instr_prop +R20747 RTL.exec_Inop +R20747 RTL.exec_Inop +R20820 Coq.Init.Logic "x = y" type_scope +R20786 Op.eval_operation +R20813 Registers "a ## b" +R20822 Coq.Init.Datatypes.Some +R20820 Coq.Init.Logic "x = y" type_scope +R20786 Op.eval_operation +R20813 Registers "a ## b" +R20822 Coq.Init.Datatypes.Some +R20856 Op.eval_operation_preserved +R20856 Op.eval_operation_preserved +R20888 CSEproof.symbols_preserved +R20888 CSEproof.symbols_preserved +R20915 CSE.is_trivial_op +R20915 CSE.is_trivial_op +R20950 RTL.exec_Iop' +R20950 RTL.exec_Iop' +R20979 CSE.find_op +R20997 Maps "a !! b" +R20988 CSE.analyze +R20979 CSE.find_op +R20997 Maps "a !! b" +R20988 CSE.analyze +R21042 RTL.exec_Iop' +R21042 RTL.exec_Iop' +R21111 Coq.Init.Logic "x = y" type_scope +R21078 Op.eval_operation +R21104 Registers "a ## b" +R21113 Coq.Init.Datatypes.Some +R21120 Registers "a # b" +R21111 Coq.Init.Logic "x = y" type_scope +R21078 Op.eval_operation +R21104 Registers "a ## b" +R21113 Coq.Init.Datatypes.Some +R21120 Registers "a # b" +R21136 CSEproof.find_op_correct +R21136 CSEproof.find_op_correct +R21171 CSEproof.wf_analyze +R21171 CSEproof.wf_analyze +R21221 RTL.exec_Iop' +R21221 RTL.exec_Iop' +R21301 Coq.Init.Logic "x = y" type_scope +R21264 Op.eval_addressing +R21294 Registers "a ## b" +R21303 Coq.Init.Datatypes.Some +R21301 Coq.Init.Logic "x = y" type_scope +R21264 Op.eval_addressing +R21294 Registers "a ## b" +R21303 Coq.Init.Datatypes.Some +R21337 Op.eval_addressing_preserved +R21337 Op.eval_addressing_preserved +R21370 CSEproof.symbols_preserved +R21370 CSEproof.symbols_preserved +R21399 CSE.find_load +R21419 Maps "a !! b" +R21410 CSE.analyze +R21399 CSE.find_load +R21419 Maps "a !! b" +R21410 CSE.analyze +R21472 RTL.exec_Iop' +R21472 RTL.exec_Iop' +R21508 Coq.Init.Logic "'exists' x , p" type_scope +R21580 Coq.Init.Logic "A /\ B" type_scope +R21554 Coq.Init.Logic "x = y" type_scope +R21518 Op.eval_addressing +R21547 Registers "a ## b" +R21556 Coq.Init.Datatypes.Some +R21599 Coq.Init.Logic "x = y" type_scope +R21583 Mem.loadv +R21601 Coq.Init.Datatypes.Some +R21608 Registers "a # b" +R21508 Coq.Init.Logic "'exists' x , p" type_scope +R21580 Coq.Init.Logic "A /\ B" type_scope +R21554 Coq.Init.Logic "x = y" type_scope +R21518 Op.eval_addressing +R21547 Registers "a ## b" +R21556 Coq.Init.Datatypes.Some +R21599 Coq.Init.Logic "x = y" type_scope +R21583 Mem.loadv +R21601 Coq.Init.Datatypes.Some +R21608 Registers "a # b" +R21624 CSEproof.find_load_correct +R21624 CSEproof.find_load_correct +R21661 CSEproof.wf_analyze +R21661 CSEproof.wf_analyze +R21739 RTL.exec_Iload' +R21739 RTL.exec_Iload' +R21822 Coq.Init.Logic "x = y" type_scope +R21785 Op.eval_addressing +R21815 Registers "a ## b" +R21824 Coq.Init.Datatypes.Some +R21822 Coq.Init.Logic "x = y" type_scope +R21785 Op.eval_addressing +R21815 Registers "a ## b" +R21824 Coq.Init.Datatypes.Some +R21858 Op.eval_addressing_preserved +R21858 Op.eval_addressing_preserved +R21891 CSEproof.symbols_preserved +R21891 CSEproof.symbols_preserved +R21926 RTL.exec_Istore +R21926 RTL.exec_Istore +R21996 Coq.Init.Logic "x = y" type_scope +R21971 RTL.find_function +R21998 Coq.Init.Datatypes.Some +R22004 CSE.transf_function +R21996 Coq.Init.Logic "x = y" type_scope +R21971 RTL.find_function +R21998 Coq.Init.Datatypes.Some +R22004 CSE.transf_function +R22073 CSEproof.functions_translated +R22073 CSEproof.functions_translated +R22113 CSEproof.symbols_preserved +R22113 CSEproof.symbols_preserved +R22142 Globalenvs.find_symbol +R22142 Globalenvs.find_symbol +R22176 CSEproof.funct_ptr_translated +R22176 CSEproof.funct_ptr_translated +R22256 CSE.transf_function +R22234 RTL.exec_Icall +R22256 CSE.transf_function +R22234 RTL.exec_Icall +R22319 RTL.exec_Icond_true +R22319 RTL.exec_Icond_true +R22380 RTL.exec_Icond_false +R22380 RTL.exec_Icond_false +R22427 RTL.exec_refl +R22427 RTL.exec_refl +R22458 RTL.exec_one +R22458 RTL.exec_one +R22497 RTL.exec_trans +R22497 RTL.exec_trans +R22542 CSEproof.analysis_correct_N +R22542 CSEproof.analysis_correct_N +R22626 RTL.exec_funct +R22626 RTL.exec_funct +R22680 CSEproof.analysis_correct_entry +R22680 CSEproof.analysis_correct_entry +R22793 RTL.exec_program +R22770 RTL.exec_program +R22762 Values.val +R22904 CSE.transf_function +R22904 CSE.transf_function +R22975 AST.prog_main +R22952 AST.prog_main +R22975 AST.prog_main +R22952 AST.prog_main +R23002 CSEproof.symbols_preserved +R23002 CSEproof.symbols_preserved +R23048 CSEproof.funct_ptr_translated +R23048 CSEproof.funct_ptr_translated +R23138 CSE.analyze +R23138 CSE.analyze +R23171 CSEproof.transf_function_correct +R23171 CSEproof.transf_function_correct +R23237 Globalenvs.init_mem_transf +R23237 Globalenvs.init_mem_transf +FLocations +R1102 Coq.Init.Specif "{ A } + { B }" type_scope +R1106 Coq.Init.Logic "x = y" type_scope +R1118 Coq.Init.Logic "x <> y" type_scope +R1095 Locations.mreg +R1095 Locations.mreg +R1188 AST.typ +R1214 Locations.R3 +R1220 AST.Tint +R1228 Locations.R4 +R1234 AST.Tint +R1242 Locations.R5 +R1248 AST.Tint +R1256 Locations.R6 +R1262 AST.Tint +R1271 Locations.R7 +R1277 AST.Tint +R1285 Locations.R8 +R1291 AST.Tint +R1299 Locations.R9 +R1305 AST.Tint +R1313 Locations.R10 +R1320 AST.Tint +R1329 Locations.R13 +R1336 AST.Tint +R1343 Locations.R14 +R1350 AST.Tint +R1357 Locations.R15 +R1364 AST.Tint +R1371 Locations.R16 +R1378 AST.Tint +R1387 Locations.R17 +R1394 AST.Tint +R1401 Locations.R18 +R1408 AST.Tint +R1415 Locations.R19 +R1422 AST.Tint +R1429 Locations.R20 +R1436 AST.Tint +R1445 Locations.R21 +R1452 AST.Tint +R1459 Locations.R22 +R1466 AST.Tint +R1473 Locations.R23 +R1480 AST.Tint +R1487 Locations.R24 +R1494 AST.Tint +R1503 Locations.R25 +R1510 AST.Tint +R1517 Locations.R26 +R1524 AST.Tint +R1531 Locations.R27 +R1538 AST.Tint +R1545 Locations.R28 +R1552 AST.Tint +R1561 Locations.R29 +R1568 AST.Tint +R1575 Locations.R30 +R1582 AST.Tint +R1589 Locations.R31 +R1596 AST.Tint +R1605 Locations.F1 +R1611 AST.Tfloat +R1621 Locations.F2 +R1627 AST.Tfloat +R1637 Locations.F3 +R1643 AST.Tfloat +R1653 Locations.F4 +R1659 AST.Tfloat +R1670 Locations.F5 +R1676 AST.Tfloat +R1686 Locations.F6 +R1692 AST.Tfloat +R1702 Locations.F7 +R1708 AST.Tfloat +R1718 Locations.F8 +R1724 AST.Tfloat +R1735 Locations.F9 +R1741 AST.Tfloat +R1751 Locations.F10 +R1758 AST.Tfloat +R1767 Locations.F14 +R1774 AST.Tfloat +R1783 Locations.F15 +R1790 AST.Tfloat +R1801 Locations.F16 +R1808 AST.Tfloat +R1817 Locations.F17 +R1824 AST.Tfloat +R1833 Locations.F18 +R1840 AST.Tfloat +R1849 Locations.F19 +R1856 AST.Tfloat +R1867 Locations.F20 +R1874 AST.Tfloat +R1883 Locations.F21 +R1890 AST.Tfloat +R1899 Locations.F22 +R1906 AST.Tfloat +R1915 Locations.F23 +R1922 AST.Tfloat +R1933 Locations.F24 +R1940 AST.Tfloat +R1949 Locations.F25 +R1956 AST.Tfloat +R1965 Locations.F26 +R1972 AST.Tfloat +R1981 Locations.F27 +R1988 AST.Tfloat +R1999 Locations.F28 +R2006 AST.Tfloat +R2015 Locations.F29 +R2022 AST.Tfloat +R2031 Locations.F30 +R2038 AST.Tfloat +R2047 Locations.F31 +R2054 AST.Tfloat +R2065 Locations.IT1 +R2072 AST.Tint +R2079 Locations.IT2 +R2086 AST.Tint +R2093 Locations.IT3 +R2100 AST.Tint +R2109 Locations.FT1 +R2116 AST.Tfloat +R2125 Locations.FT2 +R2132 AST.Tfloat +R2141 Locations.FT3 +R2148 AST.Tfloat +R1181 Locations.mreg +R2224 Coq.NArith.BinPos.positive +R2255 Locations.R3 +R2266 Locations.R4 +R2277 Locations.R5 +R2288 Locations.R6 +R2300 Locations.R7 +R2311 Locations.R8 +R2322 Locations.R9 +R2333 Locations.R10 +R2346 Locations.R13 +R2357 Locations.R14 +R2369 Locations.R15 +R2381 Locations.R16 +R2395 Locations.R17 +R2407 Locations.R18 +R2419 Locations.R19 +R2431 Locations.R20 +R2445 Locations.R21 +R2457 Locations.R22 +R2469 Locations.R23 +R2481 Locations.R24 +R2495 Locations.R25 +R2507 Locations.R26 +R2519 Locations.R27 +R2531 Locations.R28 +R2545 Locations.R29 +R2557 Locations.R30 +R2569 Locations.R31 +R2583 Locations.F1 +R2595 Locations.F2 +R2607 Locations.F3 +R2619 Locations.F4 +R2632 Locations.F5 +R2644 Locations.F6 +R2656 Locations.F7 +R2668 Locations.F8 +R2681 Locations.F9 +R2693 Locations.F10 +R2705 Locations.F14 +R2717 Locations.F15 +R2731 Locations.F16 +R2743 Locations.F17 +R2755 Locations.F18 +R2767 Locations.F19 +R2781 Locations.F20 +R2793 Locations.F21 +R2805 Locations.F22 +R2817 Locations.F23 +R2831 Locations.F24 +R2843 Locations.F25 +R2855 Locations.F26 +R2867 Locations.F27 +R2881 Locations.F28 +R2893 Locations.F29 +R2905 Locations.F30 +R2917 Locations.F31 +R2931 Locations.IT1 +R2943 Locations.IT2 +R2955 Locations.IT3 +R2969 Locations.FT1 +R2981 Locations.FT2 +R2993 Locations.FT3 +R2217 Locations.mreg +R3085 Coq.Init.Logic "x = y" type_scope +R3063 Coq.Init.Logic "x = y" type_scope +R3049 Locations.mreg_index +R3065 Locations.mreg_index +R3263 AST.typ +R3258 Coq.ZArith.BinInt.Z +R3294 AST.typ +R3289 Coq.ZArith.BinInt.Z +R3325 AST.typ +R3320 Coq.ZArith.BinInt.Z +R3371 AST.typ +R3397 Locations.Local +R3420 Locations.Incoming +R3446 Locations.Outgoing +R3364 Locations.slot +R3511 Coq.Init.Specif "{ A } + { B }" type_scope +R3514 Coq.Init.Logic "x = y" type_scope +R3524 Coq.Init.Logic "x <> y" type_scope +R3504 Locations.slot +R3504 Locations.slot +R3577 Coq.Init.Specif "{ A } + { B }" type_scope +R3581 Coq.Init.Logic "x = y" type_scope +R3593 Coq.Init.Logic "x <> y" type_scope +R3571 AST.typ +R3571 AST.typ +R3577 Coq.Init.Specif "{ A } + { B }" type_scope +R3581 Coq.Init.Logic "x = y" type_scope +R3593 Coq.Init.Logic "x <> y" type_scope +R3571 AST.typ +R3571 AST.typ +R3634 Coqlib.zeq +R3634 Coqlib.zeq +R3724 Coq.ZArith.BinInt.Z +R3745 AST.Tint +R3757 AST.Tfloat +R3717 AST.typ +R3827 Coq.ZArith.BinInt "x > y" Z_scope +R3815 Locations.typesize +R3809 AST.typ +R3922 Locations.mreg +R3941 Locations.slot +R3997 AST.typ +R4027 Locations.R +R4034 Locations.mreg_type +R4052 Locations.S +R4059 Locations.slot_type +R3990 Locations.loc +R4112 Coq.Init.Specif "{ A } + { B }" type_scope +R4115 Coq.Init.Logic "x = y" type_scope +R4125 Coq.Init.Logic "x <> y" type_scope +R4106 Locations.loc +R4106 Locations.loc +R4168 Locations.mreg_eq +R4168 Locations.mreg_eq +R4183 Locations.slot_eq +R4183 Locations.slot_eq +R4269 Locations.R +R4275 Locations.R +R4286 Coq.Init.Logic "x <> y" type_scope +R4298 Locations.S +R4301 Locations.Local +R4315 Locations.S +R4318 Locations.Local +R4351 Coq.Init.Logic "A \/ B" type_scope +R4345 Coq.Init.Logic "x <> y" type_scope +R4357 Coq.Init.Logic "x <> y" type_scope +R4369 Locations.S +R4372 Locations.Incoming +R4389 Locations.S +R4392 Locations.Incoming +R4442 Coq.Init.Logic "A \/ B" type_scope +R4436 Coq.ZArith.BinInt "x <= y" Z_scope +R4422 Coq.ZArith.BinInt "x + y" Z_scope +R4424 Locations.typesize +R4462 Coq.ZArith.BinInt "x <= y" Z_scope +R4448 Coq.ZArith.BinInt "x + y" Z_scope +R4450 Locations.typesize +R4474 Locations.S +R4477 Locations.Outgoing +R4494 Locations.S +R4497 Locations.Outgoing +R4547 Coq.Init.Logic "A \/ B" type_scope +R4541 Coq.ZArith.BinInt "x <= y" Z_scope +R4527 Coq.ZArith.BinInt "x + y" Z_scope +R4529 Locations.typesize +R4567 Coq.ZArith.BinInt "x <= y" Z_scope +R4553 Coq.ZArith.BinInt "x + y" Z_scope +R4555 Locations.typesize +R4595 Coq.Init.Logic.True +R4226 Locations.loc +R4226 Locations.loc +R4647 Coq.Init.Logic "~ x" type_scope +R4649 Locations.diff +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R4752 Locations.typesize_pos +R4752 Locations.typesize_pos +R4793 Locations.typesize_pos +R4793 Locations.typesize_pos +R4882 Coq.Init.Logic "x <> y" type_scope +R4865 Locations.diff +R4938 Locations.same_not_diff +R4938 Locations.same_not_diff +R5017 Locations.diff +R5003 Locations.diff +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R5210 Coq.Init.Datatypes.bool +R5225 Coqlib.zeq +R5274 AST.Tint +R5282 Coq.Init.Datatypes.false +R5294 AST.Tfloat +R5307 Coqlib.zeq +R5315 Coq.ZArith.BinInt "x + y" Z_scope +R5338 Coq.Init.Datatypes.false +R5328 Coq.Init.Datatypes.true +R5240 Coq.Init.Datatypes.true +R5205 Coq.ZArith.BinInt.Z +R5205 Coq.ZArith.BinInt.Z +R5192 AST.typ +R5394 Coq.Init.Datatypes.bool +R5430 Locations.S +R5433 Locations.Incoming +R5450 Locations.S +R5453 Locations.Incoming +R5501 Coq.Bool.Bool "x || y" bool_scope +R5480 Locations.overlap_aux +R5504 Locations.overlap_aux +R5531 Locations.S +R5534 Locations.Outgoing +R5551 Locations.S +R5554 Locations.Outgoing +R5602 Coq.Bool.Bool "x || y" bool_scope +R5581 Locations.overlap_aux +R5605 Locations.overlap_aux +R5640 Coq.Init.Datatypes.false +R5387 Locations.loc +R5387 Locations.loc +R5747 Coq.Init.Logic "~ x" type_scope +R5772 Coq.Init.Logic "A \/ B" type_scope +R5766 Coq.ZArith.BinInt "x <= y" Z_scope +R5752 Coq.ZArith.BinInt "x + y" Z_scope +R5754 Locations.typesize +R5792 Coq.ZArith.BinInt "x <= y" Z_scope +R5778 Coq.ZArith.BinInt "x + y" Z_scope +R5780 Locations.typesize +R5733 Coq.Init.Logic "x = y" type_scope +R5712 Locations.overlap_aux +R5735 Coq.Init.Datatypes.true +R5846 Locations.typesize_pos +R5846 Locations.typesize_pos +R5887 Locations.typesize_pos +R5887 Locations.typesize_pos +R5946 Coqlib.zeq +R5946 Coqlib.zeq +R6022 Coqlib.zeq +R6030 Coq.ZArith.BinInt "x + y" Z_scope +R6022 Coqlib.zeq +R6030 Coq.ZArith.BinInt "x + y" Z_scope +R6193 Coq.Init.Logic "~ x" type_scope +R6218 Coq.Init.Logic "A \/ B" type_scope +R6212 Coq.ZArith.BinInt "x <= y" Z_scope +R6198 Coq.ZArith.BinInt "x + y" Z_scope +R6200 Locations.typesize +R6238 Coq.ZArith.BinInt "x <= y" Z_scope +R6224 Coq.ZArith.BinInt "x + y" Z_scope +R6226 Locations.typesize +R6179 Coq.Init.Logic "x = y" type_scope +R6158 Locations.overlap_aux +R6181 Coq.Init.Datatypes.true +R6279 Locations.overlap_aux_true_1 +R6279 Locations.overlap_aux_true_1 +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R6401 Coq.Init.Logic "~ x" type_scope +R6403 Locations.diff +R6391 Coq.Init.Logic "x = y" type_scope +R6377 Locations.overlap +R6393 Coq.Init.Datatypes.true +R6590 Coq.Bool.Bool.orb_true_elim +R6590 Coq.Bool.Bool.orb_true_elim +R6629 Locations.overlap_aux_true_1 +R6629 Locations.overlap_aux_true_1 +R6665 Locations.overlap_aux_true_2 +R6665 Locations.overlap_aux_true_2 +R6701 Coq.Bool.Bool.orb_true_elim +R6701 Coq.Bool.Bool.orb_true_elim +R6740 Locations.overlap_aux_true_1 +R6740 Locations.overlap_aux_true_1 +R6776 Locations.overlap_aux_true_2 +R6776 Locations.overlap_aux_true_2 +R6950 Coq.Init.Logic "A \/ B" type_scope +R6944 Coq.ZArith.BinInt "x <= y" Z_scope +R6930 Coq.ZArith.BinInt "x + y" Z_scope +R6932 Locations.typesize +R6970 Coq.ZArith.BinInt "x <= y" Z_scope +R6956 Coq.ZArith.BinInt "x + y" Z_scope +R6958 Locations.typesize +R6912 Coq.Init.Logic "x = y" type_scope +R6888 Coq.Bool.Bool "x || y" bool_scope +R6867 Locations.overlap_aux +R6891 Locations.overlap_aux +R6914 Coq.Init.Datatypes.false +R7034 Coq.Bool.Bool.orb_false_elim +R7034 Coq.Bool.Bool.orb_false_elim +R7114 Coqlib.zeq +R7114 Coqlib.zeq +R7169 Coqlib.zeq +R7169 Coqlib.zeq +R7272 Coqlib.zeq +R7280 Coq.ZArith.BinInt "x + y" Z_scope +R7272 Coqlib.zeq +R7280 Coq.ZArith.BinInt "x + y" Z_scope +R7329 Coqlib.zeq +R7337 Coq.ZArith.BinInt "x + y" Z_scope +R7329 Coqlib.zeq +R7337 Coq.ZArith.BinInt "x + y" Z_scope +R7386 Coqlib.zeq +R7394 Coq.ZArith.BinInt "x + y" Z_scope +R7386 Coqlib.zeq +R7394 Coq.ZArith.BinInt "x + y" Z_scope +R7443 Coqlib.zeq +R7451 Coq.ZArith.BinInt "x + y" Z_scope +R7443 Coqlib.zeq +R7451 Coq.ZArith.BinInt "x + y" Z_scope +R7579 Locations.diff +R7568 Coq.Init.Logic "x = y" type_scope +R7554 Locations.overlap +R7570 Coq.Init.Datatypes.false +R7545 Coq.Init.Logic "x <> y" type_scope +R7746 Coqlib.zeq +R7746 Coqlib.zeq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R7829 Locations.overlap_aux_false_1 +R7829 Locations.overlap_aux_false_1 +R7870 Locations.overlap_aux_false_1 +R7870 Locations.overlap_aux_false_1 +R7940 Coq.Lists.List.list +R7945 Locations.loc +R7930 Locations.loc +R7996 Coq.Lists.List.nil +R8003 Coq.Init.Logic.True +R8017 Coq.Lists.List "x :: y" list_scope +R8036 Coq.Init.Logic "A /\ B" type_scope +R8026 Locations.diff +R7940 Coq.Lists.List.list +R7945 Locations.loc +R7930 Locations.loc +R8113 Coq.Init.Logic "~ x" type_scope +R8115 Coq.Lists.List.In +R8099 Locations.notin +R8246 Locations.same_not_diff +R8246 Locations.same_not_diff +R8377 Locations.diff +R8365 Coq.Lists.List.In +R8353 Coq.Lists.List.In +R8315 Coq.Lists.List.list +R8320 Locations.loc +R8315 Coq.Lists.List.list +R8320 Locations.loc +R8467 Locations.disjoint +R8442 Locations.disjoint +R8454 Coq.Lists.List "x :: y" list_scope +R8628 Locations.disjoint +R8603 Locations.disjoint +R8618 Coq.Lists.List "x :: y" list_scope +R8770 Locations.disjoint +R8752 Locations.disjoint +R8830 Locations.diff_sym +R8830 Locations.diff_sym +R8925 Locations.diff +R8913 Coq.Lists.List.In +R8898 Locations.notin +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R9138 Locations.disjoint +R9123 Locations.notin +R9112 Coq.Lists.List.In +R9261 Locations.in_notin_diff +R9261 Locations.in_notin_diff +R9449 Locations.notin +R9438 Coq.Lists.List.In +R9420 Locations.disjoint +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R9645 Coq.Lists.List.list +R9650 Locations.loc +R9696 Coq.Lists.List.nil +R9779 Coq.Lists.List "x :: y" list_scope +R9738 Locations.notin +R9886 Coq.Init.Logic "A \/ B" type_scope +R9882 Coq.Init.Logic "x = y" type_scope +R9889 Locations.diff +R9868 Coq.Lists.List.In +R9847 Coq.Lists.List.In +R9821 Coq.Lists.List.list +R9826 Locations.loc +R9821 Coq.Lists.List.list +R9826 Locations.loc +R9980 Values.val +R9973 Locations.loc +R10015 Locations.t +R10028 Locations.loc +R10008 Values.val +R10075 Values.val +R10070 Locations.t +R10061 Locations.loc +R10132 Locations.t +R10166 Locations.eq +R10192 Locations.overlap +R10213 Values.Vundef +R10149 Locations.loc +R10127 Locations.t +R10118 Values.val +R10109 Locations.loc +R10272 Coq.Init.Logic "x = y" type_scope +R10259 Locations.set +R10316 Locations.eq +R10316 Locations.eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R10403 Coq.Init.Logic "x = y" type_scope +R10390 Locations.set +R10373 Locations.diff +R10449 Locations.eq +R10449 Locations.eq +R10488 Locations.same_not_diff +R10488 Locations.same_not_diff +R10525 Locations.overlap +R10525 Locations.overlap +R10560 Locations.overlap_not_diff +R10560 Locations.overlap_not_diff +FConventions +R144 Coq.Lists.List "x :: y" list_scope +R141 Locations.R3 +R150 Coq.Lists.List "x :: y" list_scope +R147 Locations.R4 +R156 Coq.Lists.List "x :: y" list_scope +R153 Locations.R5 +R162 Coq.Lists.List "x :: y" list_scope +R159 Locations.R6 +R168 Coq.Lists.List "x :: y" list_scope +R165 Locations.R7 +R174 Coq.Lists.List "x :: y" list_scope +R171 Locations.R8 +R180 Coq.Lists.List "x :: y" list_scope +R177 Locations.R9 +R187 Coq.Lists.List "x :: y" list_scope +R183 Locations.R10 +R195 Coq.Lists.List "x :: y" list_scope +R192 Locations.F1 +R201 Coq.Lists.List "x :: y" list_scope +R198 Locations.F2 +R207 Coq.Lists.List "x :: y" list_scope +R204 Locations.F3 +R213 Coq.Lists.List "x :: y" list_scope +R210 Locations.F4 +R219 Coq.Lists.List "x :: y" list_scope +R216 Locations.F5 +R225 Coq.Lists.List "x :: y" list_scope +R222 Locations.F6 +R231 Coq.Lists.List "x :: y" list_scope +R228 Locations.F7 +R237 Coq.Lists.List "x :: y" list_scope +R234 Locations.F8 +R243 Coq.Lists.List "x :: y" list_scope +R240 Locations.F9 +R250 Coq.Lists.List "x :: y" list_scope +R246 Locations.F10 +R253 Coq.Lists.List.nil +R293 Coq.Lists.List.map +R304 Conventions.destroyed_at_call_regs +R302 Locations.R +R370 Coq.Lists.List "x :: y" list_scope +R366 Locations.R13 +R377 Coq.Lists.List "x :: y" list_scope +R373 Locations.R14 +R384 Coq.Lists.List "x :: y" list_scope +R380 Locations.R15 +R391 Coq.Lists.List "x :: y" list_scope +R387 Locations.R16 +R398 Coq.Lists.List "x :: y" list_scope +R394 Locations.R17 +R405 Coq.Lists.List "x :: y" list_scope +R401 Locations.R18 +R412 Coq.Lists.List "x :: y" list_scope +R408 Locations.R19 +R419 Coq.Lists.List "x :: y" list_scope +R415 Locations.R20 +R426 Coq.Lists.List "x :: y" list_scope +R422 Locations.R21 +R433 Coq.Lists.List "x :: y" list_scope +R429 Locations.R22 +R443 Coq.Lists.List "x :: y" list_scope +R439 Locations.R23 +R450 Coq.Lists.List "x :: y" list_scope +R446 Locations.R24 +R457 Coq.Lists.List "x :: y" list_scope +R453 Locations.R25 +R464 Coq.Lists.List "x :: y" list_scope +R460 Locations.R26 +R471 Coq.Lists.List "x :: y" list_scope +R467 Locations.R27 +R478 Coq.Lists.List "x :: y" list_scope +R474 Locations.R28 +R485 Coq.Lists.List "x :: y" list_scope +R481 Locations.R29 +R492 Coq.Lists.List "x :: y" list_scope +R488 Locations.R30 +R499 Coq.Lists.List "x :: y" list_scope +R495 Locations.R31 +R502 Coq.Lists.List.nil +R551 Coq.Lists.List "x :: y" list_scope +R547 Locations.F14 +R558 Coq.Lists.List "x :: y" list_scope +R554 Locations.F15 +R565 Coq.Lists.List "x :: y" list_scope +R561 Locations.F16 +R572 Coq.Lists.List "x :: y" list_scope +R568 Locations.F17 +R579 Coq.Lists.List "x :: y" list_scope +R575 Locations.F18 +R586 Coq.Lists.List "x :: y" list_scope +R582 Locations.F19 +R593 Coq.Lists.List "x :: y" list_scope +R589 Locations.F20 +R600 Coq.Lists.List "x :: y" list_scope +R596 Locations.F21 +R607 Coq.Lists.List "x :: y" list_scope +R603 Locations.F22 +R617 Coq.Lists.List "x :: y" list_scope +R613 Locations.F23 +R624 Coq.Lists.List "x :: y" list_scope +R620 Locations.F24 +R631 Coq.Lists.List "x :: y" list_scope +R627 Locations.F25 +R638 Coq.Lists.List "x :: y" list_scope +R634 Locations.F26 +R645 Coq.Lists.List "x :: y" list_scope +R641 Locations.F27 +R652 Coq.Lists.List "x :: y" list_scope +R648 Locations.F28 +R659 Coq.Lists.List "x :: y" list_scope +R655 Locations.F29 +R666 Coq.Lists.List "x :: y" list_scope +R662 Locations.F30 +R673 Coq.Lists.List "x :: y" list_scope +R669 Locations.F31 +R676 Coq.Lists.List.nil +R747 Locations.R13 +R759 Locations.R14 +R771 Locations.R15 +R783 Locations.R16 +R796 Locations.R17 +R808 Locations.R18 +R820 Locations.R19 +R832 Locations.R20 +R845 Locations.R21 +R857 Locations.R22 +R869 Locations.R23 +R881 Locations.R24 +R895 Locations.R25 +R907 Locations.R26 +R919 Locations.R27 +R931 Locations.R28 +R945 Locations.R29 +R957 Locations.R30 +R969 Locations.R31 +R719 Locations.mreg +R1064 Locations.F14 +R1076 Locations.F15 +R1088 Locations.F16 +R1100 Locations.F17 +R1113 Locations.F18 +R1125 Locations.F19 +R1137 Locations.F20 +R1149 Locations.F21 +R1162 Locations.F22 +R1174 Locations.F23 +R1186 Locations.F24 +R1198 Locations.F25 +R1212 Locations.F26 +R1224 Locations.F27 +R1236 Locations.F28 +R1248 Locations.F29 +R1262 Locations.F30 +R1274 Locations.F31 +R1036 Locations.mreg +R1353 Coq.Init.Logic "A \/ B" type_scope +R1349 Coq.Init.Logic "x = y" type_scope +R1488 Coq.Init.Logic.False +R1606 Coq.Init.Logic "A \/ B" type_scope +R1602 Coq.Init.Logic "x = y" type_scope +R1649 Coq.Init.Logic "A \/ B" type_scope +R1645 Coq.Init.Logic "x = y" type_scope +R1678 Coq.Init.Logic.False +R1759 Coq.Init.Logic.False +R1749 Coq.Init.Logic "A \/ B" type_scope +R1745 Coq.Init.Logic "x = y" type_scope +R1877 Coq.Init.Logic.False +R1868 Coq.Init.Logic.False +R2013 Coq.ZArith.BinInt "x >= y" Z_scope +R1989 Conventions.index_int_callee_save +R1960 Coq.Lists.List.In +R1965 Conventions.int_callee_save_regs +R2200 Coq.ZArith.BinInt "x >= y" Z_scope +R2174 Conventions.index_float_callee_save +R2143 Coq.Lists.List.In +R2148 Conventions.float_callee_save_regs +R2363 Coq.Lists.List.In +R2368 Conventions.int_callee_save_regs +R2355 Coq.ZArith.BinInt "x >= y" Z_scope +R2331 Conventions.index_int_callee_save +R2540 Coq.Lists.List.In +R2545 Conventions.float_callee_save_regs +R2532 Coq.ZArith.BinInt "x >= y" Z_scope +R2506 Conventions.index_float_callee_save +R2793 Coq.Init.Logic "x <> y" type_scope +R2768 Conventions.index_int_callee_save +R2796 Conventions.index_int_callee_save +R2757 Coq.Init.Logic "x <> y" type_scope +R2722 Coq.Lists.List.In +R2728 Conventions.int_callee_save_regs +R2690 Coq.Lists.List.In +R2696 Conventions.int_callee_save_regs +R3096 Coq.Init.Logic "x <> y" type_scope +R3069 Conventions.index_float_callee_save +R3099 Conventions.index_float_callee_save +R3058 Coq.Init.Logic "x <> y" type_scope +R3021 Coq.Lists.List.In +R3027 Conventions.float_callee_save_regs +R2987 Coq.Lists.List.In +R2993 Conventions.float_callee_save_regs +R3280 Coqlib.list_disjoint +R3315 Conventions.float_callee_save_regs +R3294 Conventions.int_callee_save_regs +R3449 Coq.Lists.List "x :: y" list_scope +R3443 Locations.R +R3445 Locations.IT1 +R3458 Coq.Lists.List "x :: y" list_scope +R3452 Locations.R +R3454 Locations.IT2 +R3467 Coq.Lists.List "x :: y" list_scope +R3461 Locations.R +R3463 Locations.IT3 +R3476 Coq.Lists.List "x :: y" list_scope +R3470 Locations.R +R3472 Locations.FT1 +R3485 Coq.Lists.List "x :: y" list_scope +R3479 Locations.R +R3481 Locations.FT2 +R3494 Coq.Lists.List "x :: y" list_scope +R3488 Locations.R +R3490 Locations.FT3 +R3497 Coq.Lists.List.nil +R3600 Coq.Init.Logic "A \/ B" type_scope +R3571 Coq.Init.Logic "A \/ B" type_scope +R3550 Coq.Lists.List.In +R3559 Conventions.temporaries +R3554 Locations.R +R3574 Coq.Lists.List.In +R3583 Conventions.destroyed_at_call +R3578 Locations.R +R3634 Coq.Init.Logic "A \/ B" type_scope +R3608 Coq.Lists.List.In +R3613 Conventions.int_callee_save_regs +R3637 Coq.Lists.List.In +R3642 Conventions.float_callee_save_regs +R3943 Coq.Init.Logic "~ x" type_scope +R3945 Coq.Lists.List.In +R3950 Conventions.int_callee_save_regs +R3906 Coq.Init.Logic "A \/ B" type_scope +R3885 Coq.Lists.List.In +R3894 Conventions.temporaries +R3889 Locations.R +R3909 Coq.Lists.List.In +R3918 Conventions.destroyed_at_call +R3913 Locations.R +R4217 Coq.Init.Logic "~ x" type_scope +R4219 Coq.Lists.List.In +R4224 Conventions.float_callee_save_regs +R4180 Coq.Init.Logic "A \/ B" type_scope +R4159 Coq.Lists.List.In +R4168 Conventions.temporaries +R4163 Locations.R +R4183 Coq.Lists.List.In +R4192 Conventions.destroyed_at_call +R4187 Locations.R +R4460 Coq.Init.Logic "x = y" type_scope +R4448 Locations.mreg_type +R4462 AST.Tint +R4419 Coq.Lists.List.In +R4424 Conventions.int_callee_save_regs +R4605 Coq.Init.Logic "x = y" type_scope +R4593 Locations.mreg_type +R4607 AST.Tfloat +R4562 Coq.Lists.List.In +R4567 Conventions.float_callee_save_regs +R4708 Coqlib.list_norepet +R4721 Coq.Lists.List.nil +R4764 Coqlib.list_norepet +R4781 Coq.Lists.List "x :: y" list_scope +R4803 Coqlib.list_norepet_cons +R4740 Coqlib.list_norepet_nil +R4905 Coqlib.list_norepet +R4918 Conventions.int_callee_save_regs +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R5028 Coqlib.list_norepet +R5041 Conventions.float_callee_save_regs +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R5184 Locations.R +R5191 Coq.Init.Logic "~ x" type_scope +R5193 Coq.Lists.List.In +R5198 Conventions.temporaries +R5215 Locations.S +R5218 Locations.Local +R5239 Coq.ZArith.BinInt "x >= y" Z_scope +R5248 Locations.S +R5251 Locations.Incoming +R5268 Coq.Init.Logic.False +R5278 Locations.S +R5281 Locations.Outgoing +R5298 Coq.Init.Logic.False +R5150 Locations.loc +R5387 Conventions.loc_acceptable +R5376 Coq.Lists.List.In +R5344 Coq.Lists.List.list +R5349 Locations.loc +R5472 Locations.notin +R5484 Conventions.temporaries +R5452 Conventions.loc_acceptable +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R5647 Conventions.temporaries_not_acceptable +R5757 Locations.disjoint +R5773 Conventions.temporaries +R5735 Conventions.locs_acceptable +R5809 Locations.notin_disjoint +R5809 Locations.notin_disjoint +R5845 Conventions.temporaries_not_acceptable +R5845 Conventions.temporaries_not_acceptable +R5925 Locations.mreg +R5944 AST.sig_res +R5962 Coq.Init.Datatypes.None +R5970 Locations.R3 +R5977 Coq.Init.Datatypes.Some +R5982 AST.Tint +R5990 Locations.R3 +R5997 Coq.Init.Datatypes.Some +R6002 AST.Tfloat +R6012 Locations.F1 +R5912 AST.signature +R6089 Coq.Init.Logic "x = y" type_scope +R6062 Locations.mreg_type +R6073 Conventions.loc_result +R6104 AST.sig_res +R6118 Coq.Init.Datatypes.None +R6126 AST.Tint +R6133 Coq.Init.Datatypes.Some +R6200 AST.sig_res +R6200 AST.sig_res +R6317 Coq.Lists.List.In +R6339 Conventions.destroyed_at_call +R6321 Locations.R +R6324 Conventions.loc_result +R6305 AST.signature +R6406 AST.sig_res +R6406 AST.sig_res +R6517 Coq.Lists.List.nil +R6524 Coq.Lists.List.nil +R6533 Coq.Lists.List "x :: y" list_scope +R6488 Coq.Lists.List.list +R6493 Locations.mreg +R6600 Coq.Lists.List.nil +R6607 Coq.Lists.List.nil +R6616 Coq.Lists.List "x :: y" list_scope +R6619 Coq.Lists.List.nil +R6626 Coq.Lists.List.nil +R6636 Coq.Lists.List "x :: y" list_scope +R6643 Coq.Lists.List "x :: y" list_scope +R6571 Coq.Lists.List.list +R6576 Locations.mreg +R6774 Coq.Lists.List.list +R6779 Locations.loc +R6756 Coq.ZArith.BinInt.Z +R6735 Coq.Lists.List.list +R6740 Locations.mreg +R6716 Coq.Lists.List.list +R6721 Locations.mreg +R6698 Coq.Lists.List.list +R6703 AST.typ +R6807 Coq.Lists.List.nil +R6814 Coq.Lists.List.nil +R6827 Coq.Lists.List "x :: y" list_scope +R6822 AST.Tint +R6935 Coq.Lists.List "x :: y" list_scope +R6868 Coq.Lists.List.nil +R6875 Locations.S +R6878 Locations.Outgoing +R6891 AST.Tint +R6910 Coq.Lists.List "x :: y" list_scope +R6918 Locations.R +R6991 Coq.ZArith.BinInt "x + y" Z_scope +R6967 Conventions.drop1 +R7007 Coq.Lists.List "x :: y" list_scope +R7000 AST.Tfloat +R7117 Coq.Lists.List "x :: y" list_scope +R7048 Coq.Lists.List.nil +R7055 Locations.S +R7058 Locations.Outgoing +R7071 AST.Tfloat +R7092 Coq.Lists.List "x :: y" list_scope +R7100 Locations.R +R7181 Coq.ZArith.BinInt "x + y" Z_scope +R7163 Conventions.drop1 +R7149 Conventions.drop2 +R6756 Coq.ZArith.BinInt.Z +R6735 Coq.Lists.List.list +R6740 Locations.mreg +R6716 Coq.Lists.List.list +R6721 Locations.mreg +R6698 Coq.Lists.List.list +R6703 AST.typ +R7228 Coq.Lists.List "x :: y" list_scope +R7225 Locations.R3 +R7234 Coq.Lists.List "x :: y" list_scope +R7231 Locations.R4 +R7240 Coq.Lists.List "x :: y" list_scope +R7237 Locations.R5 +R7246 Coq.Lists.List "x :: y" list_scope +R7243 Locations.R6 +R7252 Coq.Lists.List "x :: y" list_scope +R7249 Locations.R7 +R7258 Coq.Lists.List "x :: y" list_scope +R7255 Locations.R8 +R7264 Coq.Lists.List "x :: y" list_scope +R7261 Locations.R9 +R7271 Coq.Lists.List "x :: y" list_scope +R7267 Locations.R10 +R7274 Coq.Lists.List.nil +R7315 Coq.Lists.List "x :: y" list_scope +R7312 Locations.F1 +R7321 Coq.Lists.List "x :: y" list_scope +R7318 Locations.F2 +R7327 Coq.Lists.List "x :: y" list_scope +R7324 Locations.F3 +R7333 Coq.Lists.List "x :: y" list_scope +R7330 Locations.F4 +R7339 Coq.Lists.List "x :: y" list_scope +R7336 Locations.F5 +R7345 Coq.Lists.List "x :: y" list_scope +R7342 Locations.F6 +R7351 Coq.Lists.List "x :: y" list_scope +R7348 Locations.F7 +R7357 Coq.Lists.List "x :: y" list_scope +R7354 Locations.F8 +R7363 Coq.Lists.List "x :: y" list_scope +R7360 Locations.F9 +R7370 Coq.Lists.List "x :: y" list_scope +R7366 Locations.F10 +R7373 Coq.Lists.List.nil +R7421 Coq.Lists.List.list +R7426 Locations.loc +R7435 Conventions.loc_arguments_rec +R7481 Conventions.float_param_regs +R7466 Conventions.int_param_regs +R7456 AST.sig_args +R7408 AST.signature +R7548 Coq.ZArith.BinInt.Z +R7536 Coq.Lists.List.list +R7541 AST.typ +R7574 Coq.Lists.List.nil +R7592 Coq.Lists.List "x :: y" list_scope +R7587 AST.Tint +R7604 Coq.ZArith.BinInt "x + y" Z_scope +R7640 Coq.Lists.List "x :: y" list_scope +R7633 AST.Tfloat +R7652 Coq.ZArith.BinInt "x + y" Z_scope +R7536 Coq.Lists.List.list +R7541 AST.typ +R7728 Coq.ZArith.BinInt.Z +R7735 Conventions.size_arguments_rec +R7757 AST.sig_args +R7715 AST.signature +R7842 Locations.R +R7849 Coq.Init.Logic "~ x" type_scope +R7851 Coq.Lists.List.In +R7856 Conventions.temporaries +R7873 Locations.S +R7876 Locations.Outgoing +R7900 Coq.ZArith.BinInt "x >= y" Z_scope +R7914 Coq.Init.Logic.False +R7808 Locations.loc +R7979 Coq.Lists.List.In +R7961 Coq.Lists.List.In +R7967 Conventions.drop1 +R8110 Coq.Lists.List.In +R8092 Coq.Lists.List.In +R8098 Conventions.drop2 +R8348 Locations.R +R8366 Coq.Init.Logic "A \/ B" type_scope +R8355 Coq.Lists.List.In +R8369 Coq.Lists.List.In +R8384 Locations.S +R8387 Locations.Outgoing +R8413 Coq.ZArith.BinInt "x >= y" Z_scope +R8424 Locations.S +R8431 Coq.Init.Logic.False +R8281 Coq.Lists.List.In +R8287 Conventions.loc_arguments_rec +R8474 Conventions.loc_arguments_rec +R8474 Conventions.loc_arguments_rec +R8474 Conventions.loc_arguments_rec +R8673 Conventions.drop1_incl +R8673 Conventions.drop1_incl +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R8871 Conventions.drop2_incl +R8871 Conventions.drop2_incl +R8905 Conventions.drop1_incl +R8905 Conventions.drop1_incl +R9063 Conventions.loc_argument_acceptable +R9037 Coq.Lists.List.In +R9043 Conventions.loc_arguments +R9029 Locations.loc +R9014 AST.signature +R9143 Conventions.loc_arguments_rec_charact +R9143 Conventions.loc_arguments_rec_charact +R9364 Conventions.loc_arguments_acceptable +R9449 Coqlib.list_norepet +R9463 Conventions.drop1 +R9431 Coqlib.list_norepet +R9598 Coqlib.list_norepet +R9612 Conventions.drop2 +R9580 Coqlib.list_norepet +R9850 Locations.notin +R9867 Conventions.loc_arguments_rec +R9861 Locations.R +R9831 Coq.Init.Logic "~ x" type_scope +R9833 Coq.Lists.List.In +R9814 Coq.Init.Logic "~ x" type_scope +R9816 Coq.Lists.List.In +R10096 Conventions.drop1_incl +R10096 Conventions.drop1_incl +R10235 Conventions.drop2_incl +R10235 Conventions.drop2_incl +R10283 Conventions.drop1_incl +R10283 Conventions.drop1_incl +R10386 Locations.notin +R10418 Conventions.loc_arguments_rec +R10397 Locations.S +R10400 Locations.Local +R10745 Locations.notin +R10780 Conventions.loc_arguments_rec +R10756 Locations.S +R10759 Locations.Outgoing +R10733 Coq.ZArith.BinInt "x <= y" Z_scope +R10718 Coq.ZArith.BinInt "x + y" Z_scope +R10720 Locations.typesize +R11061 Locations.norepet +R11074 Conventions.loc_arguments +R11049 AST.signature +R11226 Locations.norepet +R11239 Conventions.loc_arguments_rec +R11193 Coqlib.list_disjoint +R11167 Coqlib.list_norepet +R11141 Coqlib.list_norepet +R11226 Locations.norepet +R11239 Conventions.loc_arguments_rec +R11193 Coqlib.list_disjoint +R11167 Coqlib.list_norepet +R11141 Coqlib.list_norepet +R11382 Conventions.loc_arguments_rec_notin_outgoing +R11382 Conventions.loc_arguments_rec_notin_outgoing +R11438 Conventions.loc_arguments_rec_notin_reg +R11438 Conventions.loc_arguments_rec_notin_reg +R11529 Coq.Lists.List "x :: y" list_scope +R11501 Coqlib.list_disjoint_notin +R11529 Coq.Lists.List "x :: y" list_scope +R11501 Coqlib.list_disjoint_notin +R11579 Conventions.drop1_norepet +R11579 Conventions.drop1_norepet +R11638 Conventions.drop1_incl +R11638 Conventions.drop1_incl +R11689 Conventions.loc_arguments_rec_notin_outgoing +R11689 Conventions.loc_arguments_rec_notin_outgoing +R11745 Conventions.loc_arguments_rec_notin_reg +R11745 Conventions.loc_arguments_rec_notin_reg +R11818 Conventions.drop2_incl +R11818 Conventions.drop2_incl +R11913 Conventions.drop2_norepet +R11913 Conventions.drop2_norepet +R11940 Conventions.drop1_norepet +R11940 Conventions.drop1_norepet +R11992 Conventions.drop2_incl +R11992 Conventions.drop2_incl +R12016 Conventions.drop1_incl +R12016 Conventions.drop1_incl +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R12352 Coq.ZArith.BinInt "x <= y" Z_scope +R12338 Coq.ZArith.BinInt "x + y" Z_scope +R12340 Locations.typesize +R12355 Conventions.size_arguments +R12286 Coq.Lists.List.In +R12312 Conventions.loc_arguments +R12290 Locations.S +R12293 Locations.Outgoing +R12278 AST.typ +R12270 Coq.ZArith.BinInt.Z +R12253 AST.signature +R12435 Coq.ZArith.BinInt "x >= y" Z_scope +R12412 Conventions.size_arguments_rec +R12435 Coq.ZArith.BinInt "x >= y" Z_scope +R12412 Conventions.size_arguments_rec +R12493 Conventions.size_arguments_rec +R12493 Conventions.size_arguments_rec +R12493 Conventions.size_arguments_rec +R12689 Coq.ZArith.BinInt "x <= y" Z_scope +R12675 Coq.ZArith.BinInt "x + y" Z_scope +R12677 Locations.typesize +R12722 Coq.ZArith.BinInt "x - y" Z_scope +R12715 Coq.ZArith.BinInt "x + y" Z_scope +R12692 Conventions.size_arguments_rec +R12598 Coq.Lists.List.In +R12624 Conventions.loc_arguments_rec +R12602 Locations.S +R12605 Locations.Outgoing +R12689 Coq.ZArith.BinInt "x <= y" Z_scope +R12675 Coq.ZArith.BinInt "x + y" Z_scope +R12677 Locations.typesize +R12722 Coq.ZArith.BinInt "x - y" Z_scope +R12715 Coq.ZArith.BinInt "x + y" Z_scope +R12692 Conventions.size_arguments_rec +R12598 Coq.Lists.List.In +R12624 Conventions.loc_arguments_rec +R12602 Locations.S +R12605 Locations.Outgoing +R12751 Conventions.loc_arguments_rec +R12751 Conventions.loc_arguments_rec +R12751 Conventions.loc_arguments_rec +R12823 Conventions.size_arguments_rec +R12823 Conventions.size_arguments_rec +R12967 Locations.typesize +R12967 Locations.typesize +R13132 Locations.typesize +R13132 Locations.typesize +R13199 Conventions.size_arguments +R13244 Coq.ZArith.BinInt "x - y" Z_scope +R13240 Coq.ZArith.BinInt "x + y" Z_scope +R13223 Conventions.size_arguments +R13199 Conventions.size_arguments +R13244 Coq.ZArith.BinInt "x - y" Z_scope +R13240 Coq.ZArith.BinInt "x + y" Z_scope +R13223 Conventions.size_arguments +R13386 Locations.disjoint +R13419 Conventions.temporaries +R13400 Conventions.loc_arguments +R13484 Conventions.loc_arguments_rec_charact +R13484 Conventions.loc_arguments_rec_charact +R13685 Conventions.loc_arguments_not_temporaries +R14027 Locations.notin +R14040 Conventions.loc_arguments +R14005 Conventions.loc_acceptable +R13972 Locations.notin +R13984 Conventions.destroyed_at_call +R14119 Conventions.loc_arguments_rec_notin_reg +R14119 Conventions.loc_arguments_rec_notin_reg +R14163 Locations.notin_not_in +R14163 Locations.notin_not_in +R14272 Locations.notin_not_in +R14272 Locations.notin_not_in +R14421 Conventions.loc_arguments_rec_notin_local +R14421 Conventions.loc_arguments_rec_notin_local +R14470 Conventions.arguments_not_preserved +R14578 Coq.Init.Logic "x = y" type_scope +R14546 Coq.Lists.List.length +R14559 Conventions.loc_arguments +R14580 Coq.Lists.List.length +R14597 AST.sig_args +R14709 Coq.Init.Logic "x = y" type_scope +R14657 Coq.Lists.List.length +R14670 Conventions.loc_arguments_rec +R14711 Coq.Lists.List.length +R14709 Coq.Init.Logic "x = y" type_scope +R14657 Coq.Lists.List.length +R14670 Conventions.loc_arguments_rec +R14711 Coq.Lists.List.length +R14925 Coq.Init.Logic "x = y" type_scope +R14887 Coq.Lists.List.map +R14906 Conventions.loc_arguments +R14896 Locations.type +R14932 AST.sig_args +R15156 Coq.Init.Logic "x = y" type_scope +R15098 Coq.Lists.List.map +R15117 Conventions.loc_arguments_rec +R15107 Locations.type +R15081 Coq.Init.Logic "x = y" type_scope +R15069 Locations.mreg_type +R15083 AST.Tfloat +R15055 Coq.Lists.List.In +R15029 Coq.Init.Logic "x = y" type_scope +R15017 Locations.mreg_type +R15031 AST.Tint +R15003 Coq.Lists.List.In +R15156 Coq.Init.Logic "x = y" type_scope +R15098 Coq.Lists.List.map +R15117 Conventions.loc_arguments_rec +R15107 Locations.type +R15081 Coq.Init.Logic "x = y" type_scope +R15069 Locations.mreg_type +R15083 AST.Tfloat +R15055 Coq.Lists.List.In +R15029 Coq.Init.Logic "x = y" type_scope +R15017 Locations.mreg_type +R15031 AST.Tint +R15003 Coq.Lists.List.In +R15232 Coq.Init.Logic.f_equal2 +R15243 Coq.Lists.List.cons +R15248 AST.typ +R15232 Coq.Init.Logic.f_equal2 +R15243 Coq.Lists.List.cons +R15248 AST.typ +R15232 Coq.Init.Logic.f_equal2 +R15243 Coq.Lists.List.cons +R15248 AST.typ +R15361 Conventions.drop1_incl +R15361 Conventions.drop1_incl +R15492 Conventions.drop2_incl +R15492 Conventions.drop2_incl +R15537 Conventions.drop1_incl +R15537 Conventions.drop1_incl +R15756 Locations.no_overlap +R15777 Conventions.loc_arguments +R15730 Conventions.locs_acceptable +R15873 Conventions.loc_arguments_acceptable +R15873 Conventions.loc_arguments_acceptable +R15956 Locations.mreg_eq +R15956 Locations.mreg_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R16156 Locations.loc +R16182 Locations.S +R16185 Locations.Outgoing +R16203 Locations.S +R16206 Locations.Incoming +R16149 Locations.loc +R16286 Coq.Lists.List.map +R16318 Conventions.loc_arguments +R16295 Conventions.parameter_of_argument +R16270 AST.signature +R16417 Coq.Init.Logic "x = y" type_scope +R16378 Coq.Lists.List.map +R16397 Conventions.loc_parameters +R16387 Locations.type +R16424 AST.sig_args +R16485 Coqlib.list_map_compose +R16485 Coqlib.list_map_compose +R16517 Conventions.loc_arguments_type +R16517 Conventions.loc_arguments_type +R16545 Coqlib.list_map_exten +R16545 Coqlib.list_map_exten +R16682 Locations.disjoint +R16716 Conventions.temporaries +R16696 Conventions.loc_parameters +R16797 Coqlib.list_in_map_inv +R16797 Coqlib.list_in_map_inv +R16855 Conventions.loc_arguments_not_temporaries +R16855 Conventions.loc_arguments_not_temporaries +R17107 Locations.no_overlap +R17123 Conventions.loc_parameters +R17079 Conventions.locs_acceptable +R17230 Coqlib.list_in_map_inv +R17230 Coqlib.list_in_map_inv +R17304 Conventions.loc_arguments_acceptable +R17304 Conventions.loc_arguments_acceptable +R17410 Locations.mreg_eq +R17410 Locations.mreg_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +FLTL +R401 Coq.NArith.BinPos.positive +R459 Locations.mreg +R451 Locations.slot +R505 Locations.slot +R497 Locations.mreg +R563 Locations.mreg +R550 Coq.Lists.List.list +R555 Locations.mreg +R537 Op.operation +R640 Locations.mreg +R627 Coq.Lists.List.list +R632 Locations.mreg +R613 Op.addressing +R597 AST.memory_chunk +R718 Locations.mreg +R705 Coq.Lists.List.list +R710 Locations.mreg +R691 Op.addressing +R675 AST.memory_chunk +R770 Coq.Init.Datatypes "x + y" type_scope +R765 Locations.mreg +R772 AST.ident +R752 AST.signature +R807 LTL.node +R866 LTL.node +R858 LTL.node +R845 Coq.Lists.List.list +R850 Locations.mreg +R832 Op.condition +R925 Maps.t +R933 LTL.block +R988 AST.signature +R1015 Coq.ZArith.BinInt.Z +R1029 LTL.code +R1052 LTL.node +R1124 Coq.Init.Logic "A \/ B" type_scope +R1095 Coqlib.Plt +R1103 Coq.NArith.BinPos.Psucc +R1138 Coq.Init.Logic "x = y" type_scope +R1134 Maps "a ! b" +R1140 Coq.Init.Datatypes.None +R1088 LTL.node +R1171 AST.program +R1183 LTL.function +R1213 Globalenvs.t +R1220 LTL.function +R1251 Locations.t +R1319 LTL.locset +R1370 Locations.R +R1385 Locations.R +R1396 Locations.S +R1399 Locations.Local +R1416 Values.Vundef +R1429 Locations.S +R1432 Locations.Incoming +R1460 Locations.S +R1463 Locations.Outgoing +R1487 Locations.S +R1490 Locations.Outgoing +R1510 Values.Vundef +R1339 Locations.loc +R1309 LTL.locset +R1576 LTL.locset +R1627 Locations.R +R1645 Coq.Lists.List.In_dec +R1665 Conventions.temporaries +R1660 Locations.R +R1652 Locations.eq +R1733 Coq.Lists.List.In_dec +R1753 Conventions.destroyed_at_call +R1748 Locations.R +R1740 Locations.eq +R1842 Locations.R +R1806 Locations.R +R1712 Locations.R +R1853 Locations.S +R1868 Locations.S +R1596 Locations.loc +R1566 LTL.locset +R1566 LTL.locset +R1896 LTL.genv +R1963 Coq.Init.Datatypes.option +R1970 LTL.function +R2003 Coq.Init.Datatypes.inl +R2012 Globalenvs.find_funct +R2036 Locations.R +R2046 Coq.Init.Datatypes.inr +R2070 Globalenvs.find_symbol +R2108 Coq.Init.Datatypes.None +R2116 Coq.Init.Datatypes.None +R2129 Coq.Init.Datatypes.Some +R2139 Globalenvs.find_funct_ptr +R1953 LTL.locset +R1939 Coq.Init.Datatypes "x + y" type_scope +R1934 Locations.mreg +R1941 AST.ident +R2232 Coq.Lists.List.list +R2237 Values.val +R2246 Coq.Lists.List.map +R2269 Locations.R +R2222 LTL.locset +R2206 Coq.Lists.List.list +R2211 Locations.mreg +R2316 LTL.node +R2472 Mem.mem +R2462 LTL.locset +R2453 LTL.block +R2424 Mem.mem +R2414 LTL.locset +R2405 LTL.block +R2376 Values.val +R3879 Mem.mem +R3869 LTL.locset +R3860 LTL.block +R3835 Mem.mem +R3825 LTL.locset +R3816 LTL.block +R3791 Values.val +R4401 Mem.mem +R4391 LTL.locset +R4380 LTL.outcome +R4356 Mem.mem +R4346 LTL.locset +R4337 LTL.block +R4313 Values.val +R5303 Mem.mem +R5293 LTL.locset +R5282 LTL.outcome +R5257 Mem.mem +R5247 LTL.locset +R5239 LTL.node +R5214 Values.val +R5206 LTL.code +R5895 Mem.mem +R5885 LTL.locset +R5846 Mem.mem +R5836 LTL.locset +R5824 LTL.function +R2603 Locations.set +R2625 Locations.S +R2615 Locations.R +R2557 LTL.Bgetstack +R2754 Locations.set +R2777 Locations.R +R2766 Locations.S +R2708 LTL.Bsetstack +R2969 Locations.set +R2981 Locations.R +R2922 LTL.Bop +R2889 Coq.Init.Logic "x = y" type_scope +R2847 Op.eval_operation +R2872 LTL.reglist +R2891 Coq.Init.Datatypes.Some +R3235 Locations.set +R3247 Locations.R +R3178 LTL.Bload +R3145 Coq.Init.Logic "x = y" type_scope +R3129 Mem.loadv +R3147 Coq.Init.Datatypes.Some +R3111 Coq.Init.Logic "x = y" type_scope +R3066 Op.eval_addressing +R3094 LTL.reglist +R3113 Coq.Init.Datatypes.Some +R3461 LTL.Bstore +R3427 Coq.Init.Logic "x = y" type_scope +R3397 Mem.storev +R3419 Locations.R +R3429 Coq.Init.Datatypes.Some +R3379 Coq.Init.Logic "x = y" type_scope +R3334 Op.eval_addressing +R3362 LTL.reglist +R3381 Coq.Init.Datatypes.Some +R3749 LTL.return_regs +R3704 LTL.Bcall +R3630 Coq.Init.Logic "x = y" type_scope +R3635 LTL.fn_sig +R3608 Coq.Init.Logic "x = y" type_scope +R3587 LTL.find_function +R3610 Coq.Init.Datatypes.Some +R4541 LTL.Cont +R4494 LTL.Bgoto +R4784 LTL.Cont +R4741 Coq.Init.Logic "x = y" type_scope +R4702 Op.eval_condition +R4723 LTL.reglist +R4743 Coq.Init.Datatypes.Some +R4748 Coq.Init.Datatypes.true +R4658 LTL.Bcond +R5032 LTL.Cont +R4988 Coq.Init.Logic "x = y" type_scope +R4949 Op.eval_condition +R4970 LTL.reglist +R4990 Coq.Init.Datatypes.Some +R4995 Coq.Init.Datatypes.false +R4905 LTL.Bcond +R5173 LTL.Return +R5128 LTL.Breturn +R5399 LTL.Cont +R5485 Coq.Init.Logic "x = y" type_scope +R5481 Maps "a ! b" +R5487 Coq.Init.Datatypes.Some +R5690 LTL.Cont +R6162 Mem.free +R6113 LTL.Return +R6096 LTL.call_regs +R6080 LTL.fn_entrypoint +R6040 Values.Vptr +R6049 Integers.zero +R6030 LTL.fn_code +R5994 Coq.Init.Logic "x = y" type_scope +R5967 Mem.alloc +R5980 LTL.fn_stacksize +R5996 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R6311 Coq.Init.Logic "'exists' x , p" type_scope +R6321 Coq.Init.Logic "'exists' x , p" type_scope +R6331 Coq.Init.Logic "'exists' x , p" type_scope +R6342 Coq.Init.Logic "'exists' x , p" type_scope +R6397 Coq.Init.Logic "A /\ B" type_scope +R6388 Coq.Init.Logic "x = y" type_scope +R6354 Globalenvs.find_symbol +R6377 AST.prog_main +R6390 Coq.Init.Datatypes.Some +R6437 Coq.Init.Logic "A /\ B" type_scope +R6428 Coq.Init.Logic "x = y" type_scope +R6402 Globalenvs.find_funct_ptr +R6430 Coq.Init.Datatypes.Some +R6483 Coq.Init.Logic "A /\ B" type_scope +R6453 Coq.Init.Logic "x = y" type_scope +R6445 LTL.fn_sig +R6455 AST.mksignature +R6472 Coq.Init.Datatypes.Some +R6477 AST.Tint +R6467 Coq.Lists.List.nil +R6536 Coq.Init.Logic "A /\ B" type_scope +R6488 LTL.exec_function +R6508 Locations.init +R6520 Values.Vundef +R6584 Coq.Init.Logic "x = y" type_scope +R6545 Locations.R +R6548 Conventions.loc_result +R6574 LTL.fn_sig +R6290 Globalenvs.init_mem +R6258 Globalenvs.globalenv +R6231 Values.val +R6218 LTL.program +R6633 LTL.genv +R6655 LTL.code +R6702 Coq.Init.Logic "A \/ B" type_scope +R6694 Coq.Init.Logic "x = y" type_scope +R6690 Maps "a ! b" +R6698 Maps "a ! b" +R6711 Coq.Init.Logic "x = y" type_scope +R6707 Maps "a ! b" +R6713 Coq.Init.Datatypes.None +R6832 LTL.exec_blocks +R6784 LTL.exec_blocks +R6907 LTL.exec_blocks_refl +R6907 LTL.exec_blocks_refl +R6933 LTL.exec_blocks_one +R6933 LTL.exec_blocks_one +R7017 LTL.exec_blocks_trans +R7017 LTL.exec_blocks_trans +R7154 Coq.Lists.List.list +R7159 LTL.node +R7145 LTL.block +R7186 LTL.Bgetstack +R7226 LTL.Bsetstack +R7266 LTL.Bop +R7308 LTL.Bload +R7360 LTL.Bstore +R7413 LTL.Bcall +R7453 LTL.Bgoto +R7466 Coq.Lists.List "x :: y" list_scope +R7469 Coq.Lists.List.nil +R7477 LTL.Bcond +R7512 Coq.Lists.List "x :: y" list_scope +R7521 Coq.Lists.List "x :: y" list_scope +R7524 Coq.Lists.List.nil +R7532 LTL.Breturn +R7543 Coq.Lists.List.nil +R7145 LTL.block +R7604 Coq.Lists.List.list +R7609 LTL.node +R7636 Maps "a ! b" +R7628 LTL.fn_code +R7649 Coq.Init.Datatypes.None +R7657 Coq.Lists.List.nil +R7665 Coq.Init.Datatypes.Some +R7675 LTL.successors_aux +R7596 LTL.node +R7581 LTL.function +R7824 Coq.Init.Logic "x = y" type_scope +R7807 LTL.successors_aux +R7826 LTL.successors_aux +R7767 LTL.exec_instrs +R7941 LTL.successors_aux +R7941 LTL.successors_aux +R8116 Coq.Lists.List.In +R8124 LTL.successors +R8069 LTL.exec_block +R8094 LTL.Cont +R8055 Coq.Init.Logic "x = y" type_scope +R8051 Maps "a ! b" +R8043 LTL.fn_code +R8057 Coq.Init.Datatypes.Some +R8214 LTL.successors_aux_invariant +R8214 LTL.successors_aux_invariant +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R8287 LTL.successors_aux_invariant +R8287 LTL.successors_aux_invariant +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R8360 LTL.successors_aux_invariant +R8360 LTL.successors_aux_invariant +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +FLTLtyping +R213 LTL.function +R280 Locations.Local +R298 Coq.ZArith.BinInt "x <= y" Z_scope +R309 Locations.Outgoing +R330 Coq.ZArith.BinInt "x <= y" Z_scope +R341 Locations.Incoming +R369 Coq.Init.Logic "A /\ B" type_scope +R362 Coq.ZArith.BinInt "x <= y" Z_scope +R390 Coq.ZArith.BinInt "x <= y" Z_scope +R376 Coq.ZArith.BinInt "x + y" Z_scope +R378 Locations.typesize +R393 Conventions.size_arguments +R415 LTL.fn_sig +R252 Locations.slot +R452 LTL.block +R602 LTL.Bgetstack +R548 LTLtyping.slot_bounded +R525 Coq.Init.Logic "x = y" type_scope +R513 Locations.slot_type +R527 Locations.mreg_type +R812 LTL.Bsetstack +R758 LTLtyping.slot_bounded +R735 Coq.Init.Logic "x = y" type_scope +R723 Locations.slot_type +R737 Locations.mreg_type +R676 Locations.Incoming +R692 Coq.Init.Logic.False +R705 Coq.Init.Logic.True +R938 LTL.Bop +R952 Coq.Lists.List "x :: y" list_scope +R955 Coq.Lists.List.nil +R942 Op.Omove +R885 Coq.Init.Logic "x = y" type_scope +R872 Locations.mreg_type +R887 Locations.mreg_type +R1036 LTL.Bop +R1047 Coq.Lists.List.nil +R1040 Op.Oundef +R1242 LTL.Bop +R1180 Coq.Init.Logic "x = y" type_scope +R1139 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1140 Coq.Lists.List.map +R1149 Locations.mreg_type +R1165 Locations.mreg_type +R1182 Op.type_of_operation +R1120 Coq.Init.Logic "x <> y" type_scope +R1123 Op.Oundef +R1105 Coq.Init.Logic "x <> y" type_scope +R1108 Op.Omove +R1451 LTL.Bload +R1390 Coq.Init.Logic "x = y" type_scope +R1376 Locations.mreg_type +R1392 Op.type_of_chunk +R1341 Coq.Init.Logic "x = y" type_scope +R1317 Coq.Lists.List.map +R1326 Locations.mreg_type +R1343 Op.type_of_addressing +R1671 LTL.Bstore +R1610 Coq.Init.Logic "x = y" type_scope +R1596 Locations.mreg_type +R1612 Op.type_of_chunk +R1561 Coq.Init.Logic "x = y" type_scope +R1537 Coq.Lists.List.map +R1546 Locations.mreg_type +R1563 Op.type_of_addressing +R1843 LTL.Bcall +R1760 Coq.Init.Datatypes.inl +R1781 Coq.Init.Logic "x = y" type_scope +R1769 Locations.mreg_type +R1783 AST.Tint +R1795 Coq.Init.Logic.True +R1908 LTL.Bgoto +R2042 LTL.Bcond +R1998 Coq.Init.Logic "x = y" type_scope +R1974 Coq.Lists.List.map +R1983 Locations.mreg_type +R2000 Op.type_of_condition +R2103 LTL.Breturn +R2218 LTLtyping.wt_block +R2206 Coq.Init.Logic "x = y" type_scope +R2202 Maps "a ! b" +R2194 LTL.fn_code +R2208 Coq.Init.Datatypes.Some +R2156 LTL.function +R2320 LTLtyping.wt_function +R2292 Coq.Lists.List.In +R2303 AST.prog_funct +R2295 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2259 LTL.program +FInterfGraph +R213 Registers.reg +R246 Coq.Init.Logic "x = y" type_scope +R238 InterfGraph.t +R238 InterfGraph.t +R268 Coqlib.Plt +R304 InterfGraph.eq +R301 InterfGraph.t +R320 Coq.Init.Logic.refl_equal +R331 InterfGraph.t +R377 InterfGraph.eq +R367 InterfGraph.eq +R364 InterfGraph.t +R364 InterfGraph.t +R393 Coq.Init.Logic.sym_equal +R403 InterfGraph.t +R462 InterfGraph.eq +R452 InterfGraph.eq +R442 InterfGraph.eq +R439 InterfGraph.t +R439 InterfGraph.t +R439 InterfGraph.t +R478 Coq.Init.Logic.trans_equal +R490 InterfGraph.t +R549 InterfGraph.lt +R539 InterfGraph.lt +R529 InterfGraph.lt +R526 InterfGraph.t +R526 InterfGraph.t +R526 InterfGraph.t +R563 Coqlib.Plt_trans +R618 Coq.Init.Logic "~ x" type_scope +R620 InterfGraph.eq +R608 InterfGraph.lt +R605 InterfGraph.t +R605 InterfGraph.t +R634 Coqlib.Plt_ne +R674 FSetInterface.Compare +R685 InterfGraph.eq +R682 InterfGraph.lt +R671 InterfGraph.t +R671 InterfGraph.t +R716 Coqlib.plt +R716 Coqlib.plt +R741 FSetInterface.Lt +R741 FSetInterface.Lt +R759 Coqlib.peq +R759 Coqlib.peq +R784 FSetInterface.Eq +R784 FSetInterface.Eq +R802 FSetInterface.Gt +R802 FSetInterface.Gt +R846 Coq.Init.Logic "x <> y" type_scope +R839 Coq.ZArith.BinInt.Zpos +R849 Coq.ZArith.BinInt.Zpos +R846 Coq.Init.Logic "x <> y" type_scope +R839 Coq.ZArith.BinInt.Zpos +R849 Coq.ZArith.BinInt.Zpos +R1005 Coq.Init.Logic "x = y" type_scope +R997 InterfGraph.t +R997 InterfGraph.t +R1036 Coqlib.Plt +R1030 InterfGraph.t +R1030 InterfGraph.t +R1096 InterfGraph.eq +R1093 InterfGraph.t +R1112 Coq.Init.Logic.refl_equal +R1123 InterfGraph.t +R1169 InterfGraph.eq +R1159 InterfGraph.eq +R1156 InterfGraph.t +R1156 InterfGraph.t +R1185 Coq.Init.Logic.sym_equal +R1195 InterfGraph.t +R1254 InterfGraph.eq +R1244 InterfGraph.eq +R1234 InterfGraph.eq +R1231 InterfGraph.t +R1231 InterfGraph.t +R1231 InterfGraph.t +R1270 Coq.Init.Logic.trans_equal +R1282 InterfGraph.t +R1342 InterfGraph.lt +R1332 InterfGraph.lt +R1322 InterfGraph.lt +R1319 InterfGraph.t +R1319 InterfGraph.t +R1319 InterfGraph.t +R1385 Coqlib.Plt_trans +R1385 Coqlib.Plt_trans +R1453 Coq.Init.Logic "~ x" type_scope +R1455 InterfGraph.eq +R1443 InterfGraph.lt +R1440 InterfGraph.t +R1440 InterfGraph.t +R1531 Coqlib.Plt_strict +R1531 Coqlib.Plt_strict +R1604 FSetInterface.Compare +R1615 InterfGraph.eq +R1612 InterfGraph.lt +R1601 InterfGraph.t +R1601 InterfGraph.t +R1646 InterfGraph.compare +R1646 InterfGraph.compare +R1706 FSetInterface.Lt +R1706 FSetInterface.Lt +R1728 FSetInterface.Eq +R1728 FSetInterface.Eq +R1780 FSetInterface.Gt +R1780 FSetInterface.Gt +R1896 Coq.Init.Datatypes "x * y" type_scope +R1959 Coq.Init.Logic "A /\ B" type_scope +R1952 Coq.Init.Datatypes.fst +R1944 Coq.Init.Datatypes.fst +R1976 Coq.Init.Datatypes.snd +R1968 Coq.Init.Datatypes.snd +R1930 InterfGraph.t +R1930 InterfGraph.t +R2015 InterfGraph.eq +R2012 InterfGraph.t +R2100 InterfGraph.eq +R2090 InterfGraph.eq +R2087 InterfGraph.t +R2087 InterfGraph.t +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R2213 InterfGraph.eq +R2203 InterfGraph.eq +R2193 InterfGraph.eq +R2190 InterfGraph.t +R2190 InterfGraph.t +R2190 InterfGraph.t +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R2321 Coq.Init.Logic "A \/ B" type_scope +R2314 Coq.Init.Datatypes.fst +R2306 Coq.Init.Datatypes.fst +R2348 Coq.Init.Logic "A /\ B" type_scope +R2341 Coq.Init.Datatypes.fst +R2333 Coq.Init.Datatypes.fst +R2365 Coq.Init.Datatypes.snd +R2357 Coq.Init.Datatypes.snd +R2292 InterfGraph.t +R2292 InterfGraph.t +R2430 InterfGraph.lt +R2420 InterfGraph.lt +R2410 InterfGraph.lt +R2407 InterfGraph.t +R2407 InterfGraph.t +R2407 InterfGraph.t +R2525 Coq.Init.Datatypes.fst +R2525 Coq.Init.Datatypes.fst +R2593 Coq.Init.Datatypes.fst +R2585 Coq.Init.Datatypes.fst +R2593 Coq.Init.Datatypes.fst +R2585 Coq.Init.Datatypes.fst +R2695 Coq.Init.Datatypes.fst +R2695 Coq.Init.Datatypes.fst +R2751 Coq.Init.Datatypes.fst +R2743 Coq.Init.Datatypes.fst +R2751 Coq.Init.Datatypes.fst +R2743 Coq.Init.Datatypes.fst +R2801 Coq.Init.Datatypes.fst +R2801 Coq.Init.Datatypes.fst +R2892 Coq.Init.Datatypes.fst +R2884 Coq.Init.Datatypes.fst +R2892 Coq.Init.Datatypes.fst +R2884 Coq.Init.Datatypes.fst +R2994 Coq.Init.Datatypes.fst +R2994 Coq.Init.Datatypes.fst +R3069 Coq.Init.Datatypes.fst +R3061 Coq.Init.Datatypes.fst +R3069 Coq.Init.Datatypes.fst +R3061 Coq.Init.Datatypes.fst +R3119 Coq.Init.Datatypes.fst +R3119 Coq.Init.Datatypes.fst +R3225 Coq.Init.Datatypes.fst +R3225 Coq.Init.Datatypes.fst +R3264 Coq.Init.Datatypes.snd +R3264 Coq.Init.Datatypes.snd +R3328 Coq.Init.Logic "~ x" type_scope +R3330 InterfGraph.eq +R3318 InterfGraph.lt +R3315 InterfGraph.t +R3315 InterfGraph.t +R3538 FSetInterface.Compare +R3549 InterfGraph.eq +R3546 InterfGraph.lt +R3535 InterfGraph.t +R3535 InterfGraph.t +R3601 Coq.Init.Datatypes.fst +R3593 Coq.Init.Datatypes.fst +R3601 Coq.Init.Datatypes.fst +R3593 Coq.Init.Datatypes.fst +R3625 FSetInterface.Lt +R3625 FSetInterface.Lt +R3673 Coq.Init.Datatypes.snd +R3665 Coq.Init.Datatypes.snd +R3673 Coq.Init.Datatypes.snd +R3665 Coq.Init.Datatypes.snd +R3697 FSetInterface.Lt +R3697 FSetInterface.Lt +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R3728 FSetInterface.Eq +R3728 FSetInterface.Eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R3752 FSetInterface.Gt +R3752 FSetInterface.Gt +R3811 FSetInterface.Gt +R3811 FSetInterface.Gt +R3993 Locations.mreg +R4021 Locations.mreg_index +R4059 Locations.mreg_index_inj +R4094 Locations.mreg_eq +R4487 InterfGraph.t +R4519 InterfGraph.t +R4549 InterfGraph.t +R4579 InterfGraph.t +R4639 Coqlib.plt +R4664 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4652 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4626 Registers.reg +R4626 Registers.reg +R4701 InterfGraph.mkgraph +R4768 InterfGraph.empty +R4752 InterfGraph.empty +R4725 InterfGraph.empty +R4709 InterfGraph.empty +R4836 InterfGraph.mkgraph +R4968 InterfGraph.pref_reg_mreg +R4941 InterfGraph.pref_reg_reg +R4911 InterfGraph.interf_reg_mreg +R4845 InterfGraph.add +R4881 InterfGraph.interf_reg_reg +R4860 InterfGraph.ordered_pair +R4824 InterfGraph.graph +R4815 Registers.reg +R4815 Registers.reg +R5048 InterfGraph.mkgraph +R5169 InterfGraph.pref_reg_mreg +R5142 InterfGraph.pref_reg_reg +R5086 InterfGraph.add +R5111 InterfGraph.interf_reg_mreg +R5101 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5059 InterfGraph.interf_reg_reg +R5036 InterfGraph.graph +R5026 Locations.mreg +R5017 Registers.reg +R5233 InterfGraph.mkgraph +R5365 InterfGraph.pref_reg_mreg +R5301 InterfGraph.add +R5337 InterfGraph.pref_reg_reg +R5316 InterfGraph.ordered_pair +R5273 InterfGraph.interf_reg_mreg +R5244 InterfGraph.interf_reg_reg +R5221 InterfGraph.graph +R5212 Registers.reg +R5212 Registers.reg +R5443 InterfGraph.mkgraph +R5538 InterfGraph.add +R5563 InterfGraph.pref_reg_mreg +R5553 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5513 InterfGraph.pref_reg_reg +R5483 InterfGraph.interf_reg_mreg +R5454 InterfGraph.interf_reg_reg +R5431 InterfGraph.graph +R5421 Locations.mreg +R5412 Registers.reg +R5636 InterfGraph.In +R5671 InterfGraph.interf_reg_reg +R5650 InterfGraph.ordered_pair +R5617 InterfGraph.graph +R5608 Registers.reg +R5608 Registers.reg +R5757 InterfGraph.In +R5781 InterfGraph.interf_reg_mreg +R5771 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5738 InterfGraph.graph +R5728 Locations.mreg +R5719 Registers.reg +R5870 Coq.Init.Logic "A \/ B" type_scope +R5861 Coq.Init.Logic "x = y" type_scope +R5844 InterfGraph.ordered_pair +R5863 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5890 Coq.Init.Logic "x = y" type_scope +R5873 InterfGraph.ordered_pair +R5892 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5946 Coqlib.plt +R5946 Coqlib.plt +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R6031 Coq.Init.Logic "x = y" type_scope +R6014 InterfGraph.ordered_pair +R6033 InterfGraph.ordered_pair +R6097 Coqlib.plt +R6097 Coqlib.plt +R6122 Coqlib.plt +R6122 Coqlib.plt +R6194 Coqlib.plt +R6194 Coqlib.plt +R6236 Coq.Init.Logic "x = y" type_scope +R6229 Coq.ZArith.BinInt.Zpos +R6238 Coq.ZArith.BinInt.Zpos +R6236 Coq.Init.Logic "x = y" type_scope +R6229 Coq.ZArith.BinInt.Zpos +R6238 Coq.ZArith.BinInt.Zpos +R6348 InterfGraph.interfere +R6329 InterfGraph.interfere +R6410 InterfGraph.ordered_pair_sym +R6410 InterfGraph.ordered_pair_sym +R6538 Coq.Init.Logic "A /\ B" type_scope +R6522 InterfGraph.interfere +R6502 InterfGraph.interfere +R6583 InterfGraph.interfere_mreg +R6558 InterfGraph.interfere_mreg +R6470 InterfGraph.graph +R6470 InterfGraph.graph +R6691 InterfGraph.graph_incl +R6671 InterfGraph.graph_incl +R6651 InterfGraph.graph_incl +R6839 InterfGraph.interfere +R6854 InterfGraph.add_interf +R6935 InterfGraph.add_1 +R6935 InterfGraph.add_1 +R6963 InterfGraph.eq_refl +R6963 InterfGraph.eq_refl +R7032 InterfGraph.graph_incl +R7046 InterfGraph.add_interf +R7144 InterfGraph.add_2 +R7144 InterfGraph.add_2 +R7236 InterfGraph.interfere_mreg +R7256 InterfGraph.add_interf_mreg +R7352 InterfGraph.add_1 +R7352 InterfGraph.add_1 +R7381 InterfGraph.eq_refl +R7381 InterfGraph.eq_refl +R7456 InterfGraph.graph_incl +R7470 InterfGraph.add_interf_mreg +R7594 InterfGraph.add_2 +R7594 InterfGraph.add_2 +R7665 InterfGraph.graph_incl +R7679 InterfGraph.add_pref +R7799 InterfGraph.graph_incl +R7813 InterfGraph.add_pref_mreg +R7935 Registers.t +R7949 InterfGraph.fold +R8060 InterfGraph.fold +R8154 Registers.empty +R8131 InterfGraph.interf_reg_mreg +R8097 Registers.add +R8109 Coq.Init.Datatypes.fst +R8039 InterfGraph.interf_reg_reg +R7983 Registers.add +R8006 Registers.add +R8018 Coq.Init.Datatypes.snd +R7995 Coq.Init.Datatypes.fst +R7926 InterfGraph.graph +R8265 Coq.Init.Logic "x = y" type_scope +R8234 Registers.mem +R8248 Registers.add +R8267 Coq.Init.Datatypes.true +R8224 Coq.Init.Logic "x = y" type_scope +R8209 Registers.mem +R8226 Coq.Init.Datatypes.true +R8296 Registers.eq +R8296 Registers.eq +R8335 Registers.mem_add_same +R8335 Registers.mem_add_same +R8366 Registers.mem_add_other +R8366 Registers.mem_add_other +R8597 Coq.Init.Logic "x = y" type_scope +R8482 Registers.mem +R8500 Coq.Lists.List.fold_right +R8537 Registers.add +R8560 Registers.add +R8572 Coq.Init.Datatypes.snd +R8549 Coq.Init.Datatypes.fst +R8599 Coq.Init.Datatypes.true +R8470 Coq.Init.Logic "x = y" type_scope +R8455 Registers.mem +R8472 Coq.Init.Datatypes.true +R8658 InterfGraph.mem_add_tail +R8658 InterfGraph.mem_add_tail +R8678 InterfGraph.mem_add_tail +R8678 InterfGraph.mem_add_tail +R8942 Coq.Init.Logic "A /\ B" type_scope +R8935 Coq.Init.Logic "x = y" type_scope +R8918 Registers.mem +R8937 Coq.Init.Datatypes.true +R8962 Coq.Init.Logic "x = y" type_scope +R8945 Registers.mem +R8964 Coq.Init.Datatypes.true +R8817 Coq.Lists.List.fold_right +R8854 Registers.add +R8877 Registers.add +R8889 Coq.Init.Datatypes.snd +R8866 Coq.Init.Datatypes.fst +R8763 FSetInterface.InList +R8787 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8770 InterfGraph.eq +R9121 Registers.mem_add_same +R9121 Registers.mem_add_same +R9151 InterfGraph.mem_add_tail +R9151 InterfGraph.mem_add_tail +R9171 Registers.mem_add_same +R9171 Registers.mem_add_same +R9261 InterfGraph.mem_add_tail +R9261 InterfGraph.mem_add_tail +R9261 InterfGraph.mem_add_tail +R9261 InterfGraph.mem_add_tail +R9261 InterfGraph.mem_add_tail +R9261 InterfGraph.mem_add_tail +R9261 InterfGraph.mem_add_tail +R9261 InterfGraph.mem_add_tail +R9261 InterfGraph.mem_add_tail +R9261 InterfGraph.mem_add_tail +R9261 InterfGraph.mem_add_tail +R9495 Coq.Init.Logic "x = y" type_scope +R9478 Registers.mem +R9497 Coq.Init.Datatypes.true +R9401 Coq.Lists.List.fold_right +R9438 Registers.add +R9450 Coq.Init.Datatypes.fst +R9346 FSetInterface.InList +R9371 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9353 InterfGraph.eq +R9637 Registers.mem_add_same +R9637 Registers.mem_add_same +R9667 InterfGraph.mem_add_tail +R9667 InterfGraph.mem_add_tail +R9852 Coq.Init.Logic "A /\ B" type_scope +R9845 Coq.Init.Logic "x = y" type_scope +R9811 Registers.mem +R9826 InterfGraph.all_interf_regs +R9847 Coq.Init.Datatypes.true +R9891 Coq.Init.Logic "x = y" type_scope +R9857 Registers.mem +R9872 InterfGraph.all_interf_regs +R9893 Coq.Init.Datatypes.true +R9765 InterfGraph.In +R9790 InterfGraph.interf_reg_reg +R9778 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9955 InterfGraph.fold_1 +R10201 Registers.add +R10224 Registers.add +R10236 Coq.Init.Datatypes.snd +R10213 Coq.Init.Datatypes.fst +R10182 Registers.t +R10159 InterfGraph.elt +R10000 InterfGraph.fold +R10128 Registers.empty +R10109 InterfGraph.interf_reg_mreg +R10083 Registers.add +R10095 Coq.Init.Datatypes.fst +R10061 Registers.t +R10037 InterfGraph.elt +R9979 InterfGraph.interf_reg_reg +R9955 InterfGraph.fold_1 +R10201 Registers.add +R10224 Registers.add +R10236 Coq.Init.Datatypes.snd +R10213 Coq.Init.Datatypes.fst +R10182 Registers.t +R10159 InterfGraph.elt +R10000 InterfGraph.fold +R10128 Registers.empty +R10109 InterfGraph.interf_reg_mreg +R10083 Registers.add +R10095 Coq.Init.Datatypes.fst +R10061 Registers.t +R10037 InterfGraph.elt +R9979 InterfGraph.interf_reg_reg +R10301 InterfGraph.all_interf_regs_correct_aux_2 +R10301 InterfGraph.all_interf_regs_correct_aux_2 +R10345 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10345 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10513 Coq.Init.Logic "x = y" type_scope +R10479 Registers.mem +R10494 InterfGraph.all_interf_regs +R10515 Coq.Init.Datatypes.true +R10430 InterfGraph.In +R10457 InterfGraph.interf_reg_mreg +R10444 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10576 InterfGraph.fold_1 +R10822 Registers.add +R10845 Registers.add +R10857 Coq.Init.Datatypes.snd +R10834 Coq.Init.Datatypes.fst +R10803 Registers.t +R10780 InterfGraph.elt +R10621 InterfGraph.fold +R10749 Registers.empty +R10730 InterfGraph.interf_reg_mreg +R10704 Registers.add +R10716 Coq.Init.Datatypes.fst +R10682 Registers.t +R10658 InterfGraph.elt +R10600 InterfGraph.interf_reg_reg +R10576 InterfGraph.fold_1 +R10822 Registers.add +R10845 Registers.add +R10857 Coq.Init.Datatypes.snd +R10834 Coq.Init.Datatypes.fst +R10803 Registers.t +R10780 InterfGraph.elt +R10621 InterfGraph.fold +R10749 Registers.empty +R10730 InterfGraph.interf_reg_mreg +R10704 Registers.add +R10716 Coq.Init.Datatypes.fst +R10682 Registers.t +R10658 InterfGraph.elt +R10600 InterfGraph.interf_reg_reg +R10922 InterfGraph.all_interf_regs_correct_aux_1 +R10922 InterfGraph.all_interf_regs_correct_aux_1 +R10967 InterfGraph.fold_1 +R11086 Registers.add +R11098 Coq.Init.Datatypes.fst +R11067 Registers.t +R11043 InterfGraph.elt +R11013 Registers.empty +R10992 InterfGraph.interf_reg_mreg +R10967 InterfGraph.fold_1 +R11086 Registers.add +R11098 Coq.Init.Datatypes.fst +R11067 Registers.t +R11043 InterfGraph.elt +R11013 Registers.empty +R10992 InterfGraph.interf_reg_mreg +R11142 Registers.t +R11123 Maps.t +R11131 Coq.Init.Datatypes.unit +R11142 Registers.t +R11123 Maps.t +R11131 Coq.Init.Datatypes.unit +R11206 InterfGraph.all_interf_regs_correct_aux_3 +R11206 InterfGraph.all_interf_regs_correct_aux_3 +R11260 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R11260 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +FColoring +R423 InterfGraph.graph +R434 Registers.fold +R479 InterfGraph.add_interf +R415 InterfGraph.graph +R401 Registers.t +R389 Registers.reg +R377 Coq.Init.Datatypes.bool +R370 Registers.reg +R584 InterfGraph.graph +R595 Coloring.add_interf_live +R628 Registers.eq +R657 Coq.Init.Datatypes.true +R646 Coq.Init.Datatypes.false +R576 InterfGraph.graph +R562 Registers.t +R550 Registers.reg +R755 InterfGraph.graph +R766 Coloring.add_interf_live +R806 Registers.eq +R845 Registers.eq +R874 Coq.Init.Datatypes.true +R863 Coq.Init.Datatypes.false +R824 Coq.Init.Datatypes.false +R747 InterfGraph.graph +R733 Registers.t +R721 Registers.reg +R721 Registers.reg +R980 InterfGraph.graph +R991 Coq.Lists.List.fold_left +R1023 Registers.fold +R1047 InterfGraph.add_interf_mreg +R972 InterfGraph.graph +R957 Coq.Lists.List.list +R962 Locations.mreg +R935 Registers.t +R1186 InterfGraph.graph +R1163 InterfGraph.graph +R1149 Coq.Lists.List.list +R1154 Locations.loc +R1132 Coq.Lists.List.list +R1137 Registers.reg +R1226 Coq.Lists.List "x :: y" list_scope +R1236 Coq.Lists.List "x :: y" list_scope +R1295 Locations.R +R1303 InterfGraph.add_pref_mreg +R1163 InterfGraph.graph +R1149 Coq.Lists.List.list +R1154 Locations.loc +R1132 Coq.Lists.List.list +R1137 Registers.reg +R1441 InterfGraph.graph +R1452 Coq.Lists.List.fold_left +R1479 Coloring.add_interf_op +R1433 InterfGraph.graph +R1419 Registers.t +R1402 Coq.Lists.List.list +R1407 Registers.reg +R1592 InterfGraph.graph +R1568 InterfGraph.graph +R1554 Coq.Lists.List.list +R1559 Registers.reg +R1625 Coq.Lists.List.nil +R1641 Coq.Lists.List "x :: y" list_scope +R1686 Coq.Lists.List.fold_left +R1726 Registers.eq +R1750 InterfGraph.add_interf +R1568 InterfGraph.graph +R1554 Coq.Lists.List.list +R1559 Registers.reg +R1888 InterfGraph.graph +R1916 RTL.Iop +R1946 Registers.mem +R1985 Op.is_move_operation +R2026 Coq.Init.Datatypes.Some +R2050 InterfGraph.add_pref +R2068 Coloring.add_interf_move +R2110 Coq.Init.Datatypes.None +R2130 Coloring.add_interf_op +R2184 RTL.Iload +R2224 Registers.mem +R2255 Coloring.add_interf_op +R2297 RTL.Icall +R2331 Coloring.add_prefs_call +R2380 InterfGraph.add_pref_mreg +R2426 Coloring.add_interf_op +R2462 Coloring.add_interf_call +R2517 Conventions.destroyed_at_call_regs +R2493 Registers.remove +R2399 Conventions.loc_result +R2352 Conventions.loc_arguments +R2549 RTL.Ireturn +R2558 Coq.Init.Datatypes.Some +R2575 InterfGraph.add_pref_mreg +R2592 Conventions.loc_result +R1879 InterfGraph.graph +R1865 Registers.t +R1845 RTL.instruction +R1830 AST.signature +R2697 InterfGraph.graph +R2708 Maps.fold +R2799 InterfGraph.empty_graph +R2786 RTL.fn_code +R2738 Coloring.add_edges_instr +R2771 Maps "a !! b" +R2757 RTL.fn_sig +R2678 Maps.t +R2685 Registers.t +R2661 RTL.function +R2898 Coloring.add_prefs_call +R2960 Coloring.add_interf_params +R2999 Coloring.add_interf_entry +R3045 Coloring.add_edges_instrs +R3019 RTL.fn_params +R2981 RTL.fn_params +R2928 Conventions.loc_parameters +R2946 RTL.fn_sig +R2916 RTL.fn_params +R2883 Registers.t +R2858 Maps.t +R2865 Registers.t +R2841 RTL.function +R3189 Locations.loc +R3182 Registers.reg +R3169 Registers.t +R3159 RTLtyping.regenv +R3150 InterfGraph.graph +R3138 RTL.function +R3324 InterfGraph.for_all +R3449 InterfGraph.interf_reg_reg +R3369 Locations.eq +R3409 Coq.Init.Datatypes.snd +R3387 Coq.Init.Datatypes.fst +R3436 Coq.Init.Datatypes.true +R3425 Coq.Init.Datatypes.false +R3314 Locations.loc +R3307 Registers.reg +R3289 InterfGraph.graph +R3534 InterfGraph.for_all +R3656 InterfGraph.interf_reg_mreg +R3581 Locations.eq +R3612 Locations.R +R3615 Coq.Init.Datatypes.snd +R3599 Coq.Init.Datatypes.fst +R3643 Coq.Init.Datatypes.true +R3632 Coq.Init.Datatypes.false +R3524 Locations.loc +R3517 Registers.reg +R3499 InterfGraph.graph +R3735 AST.Tint +R3741 AST.Tint +R3749 Coq.Init.Datatypes.true +R3758 AST.Tfloat +R3766 AST.Tfloat +R3776 Coq.Init.Datatypes.true +R3793 Coq.Init.Datatypes.false +R3703 AST.typ +R3703 AST.typ +R3867 Locations.R +R3883 Coq.Lists.List.In_dec +R3899 Conventions.temporaries +R3890 Locations.eq +R3927 Coq.Init.Datatypes.true +R3916 Coq.Init.Datatypes.false +R3936 Locations.S +R3939 Locations.Local +R3964 Coqlib.zlt +R3990 Coq.Init.Datatypes.true +R3979 Coq.Init.Datatypes.false +R4009 Coq.Init.Datatypes.false +R3840 Locations.loc +R4108 Registers.for_all +R4172 Coq.Bool.Bool.andb +R4200 Coloring.same_typ +R4218 Locations.type +R4178 Coloring.loc_is_acceptable +R4098 Locations.loc +R4091 Registers.reg +R4072 RTLtyping.regenv +R4056 Registers.t +R4342 Coq.Bool.Bool.andb +R4385 Coq.Bool.Bool.andb +R4434 Coloring.check_coloring_3 +R4391 Coloring.check_coloring_2 +R4348 Coloring.check_coloring_1 +R4332 Locations.loc +R4325 Registers.reg +R4304 Registers.t +R4291 RTLtyping.regenv +R4278 InterfGraph.graph +R4647 Registers.mem +R4709 AST.Tint +R4717 Locations.R +R4719 Locations.R3 +R4724 AST.Tfloat +R4734 Locations.R +R4736 Locations.F1 +R4616 Registers.t +R4603 RTLtyping.regenv +R4592 Locations.loc +R4585 Registers.reg +R5007 Coloring.check_coloring +R5095 Coq.Init.Datatypes.None +R5047 Coq.Init.Datatypes.Some +R5053 Coloring.alloc_of_coloring +R4973 Coloring.graph_coloring +R4934 InterfGraph.all_interf_regs +R4893 Coloring.interf_graph +R4871 RTLtyping.regenv +R4855 Registers.t +R4830 Maps.t +R4837 Registers.t +R4813 RTL.function +FColoringproof +R298 InterfGraph.graph_incl +R427 InterfGraph.graph_incl +R445 Coq.Lists.List.fold_left +R495 InterfGraph.add_interf +R407 Coq.Init.Datatypes.bool +R400 Registers.reg +R585 Coloringproof.graph_incl_refl +R585 Coloringproof.graph_incl_refl +R650 InterfGraph.add_interf +R610 InterfGraph.graph_incl_trans +R650 InterfGraph.add_interf +R610 InterfGraph.graph_incl_trans +R705 InterfGraph.add_interf_incl +R705 InterfGraph.add_interf_incl +R730 Coloringproof.graph_incl_refl +R730 Coloringproof.graph_incl_refl +R843 InterfGraph.graph_incl +R857 Coloring.add_interf_live +R823 Coq.Init.Datatypes.bool +R816 Registers.reg +R942 Registers.fold_spec +R942 Registers.fold_spec +R968 Coloringproof.add_interf_live_incl_aux +R968 Coloringproof.add_interf_live_incl_aux +R1102 InterfGraph.interfere +R1123 Coq.Lists.List.fold_left +R1173 InterfGraph.add_interf +R1090 Coq.Init.Logic "x = y" type_scope +R1092 Coq.Init.Datatypes.true +R1067 Coq.Lists.List.In +R1328 Coloringproof.add_interf_live_incl_aux +R1370 InterfGraph.add_interf +R1328 Coloringproof.add_interf_live_incl_aux +R1370 InterfGraph.add_interf +R1425 InterfGraph.add_interf_correct +R1425 InterfGraph.add_interf_correct +R1587 InterfGraph.interfere +R1604 Coloring.add_interf_live +R1575 Coq.Init.Logic "x = y" type_scope +R1577 Coq.Init.Datatypes.true +R1554 Coq.Init.Logic "x = y" type_scope +R1536 Registers.mem +R1556 Coq.Init.Datatypes.true +R1690 Registers.fold_spec +R1690 Registers.fold_spec +R1716 Coloringproof.add_interf_live_correct_aux +R1716 Coloringproof.add_interf_live_correct_aux +R1759 Registers.elements_correct +R1759 Registers.elements_correct +R1846 InterfGraph.graph_incl +R1860 Coloring.add_interf_op +R1932 Coloringproof.add_interf_live_incl +R1932 Coloringproof.add_interf_live_incl +R2058 InterfGraph.interfere +R2075 Coloring.add_interf_op +R2046 Coq.Init.Logic "x <> y" type_scope +R2032 Coq.Init.Logic "x = y" type_scope +R2014 Registers.mem +R2034 Coq.Init.Datatypes.true +R2150 Coloringproof.add_interf_live_correct +R2150 Coloringproof.add_interf_live_correct +R2192 Registers.eq +R2192 Registers.eq +R2299 InterfGraph.graph_incl +R2313 Coloring.add_interf_move +R2393 Coloringproof.add_interf_live_incl +R2393 Coloringproof.add_interf_live_incl +R2537 InterfGraph.interfere +R2554 Coloring.add_interf_move +R2525 Coq.Init.Logic "x <> y" type_scope +R2513 Coq.Init.Logic "x <> y" type_scope +R2499 Coq.Init.Logic "x = y" type_scope +R2481 Registers.mem +R2501 Coq.Init.Datatypes.true +R2637 Coloringproof.add_interf_live_correct +R2637 Coloringproof.add_interf_live_correct +R2679 Registers.eq +R2679 Registers.eq +R2727 Registers.eq +R2727 Registers.eq +R2837 InterfGraph.graph_incl +R2855 Coq.Lists.List.fold_left +R2882 InterfGraph.add_interf_mreg +R2963 Coloringproof.graph_incl_refl +R2963 Coloringproof.graph_incl_refl +R3011 InterfGraph.add_interf_mreg +R2988 InterfGraph.graph_incl_trans +R3011 InterfGraph.add_interf_mreg +R2988 InterfGraph.graph_incl_trans +R3044 InterfGraph.add_interf_mreg_incl +R3044 InterfGraph.add_interf_mreg_incl +R3136 InterfGraph.graph_incl +R3154 Registers.fold +R3178 InterfGraph.add_interf_mreg +R3236 Registers.fold_spec +R3236 Registers.fold_spec +R3260 Coloringproof.add_interf_call_incl_aux_1 +R3260 Coloringproof.add_interf_call_incl_aux_1 +R3351 InterfGraph.graph_incl +R3365 Coloring.add_interf_call +R3453 Coloringproof.graph_incl_refl +R3453 Coloringproof.graph_incl_refl +R3479 InterfGraph.graph_incl_trans +R3479 InterfGraph.graph_incl_trans +R3532 Coloringproof.add_interf_call_incl_aux_2 +R3532 Coloringproof.add_interf_call_incl_aux_2 +R3658 InterfGraph.interfere +R3634 InterfGraph.interfere +R3612 InterfGraph.graph_incl +R3836 InterfGraph.interfere_mreg +R3807 InterfGraph.interfere_mreg +R3785 InterfGraph.graph_incl +R3993 InterfGraph.interfere_mreg +R4018 Coq.Lists.List.fold_left +R4045 InterfGraph.add_interf_mreg +R3978 Coq.Lists.List.In +R4164 Coloringproof.interfere_mreg_incl +R4164 Coloringproof.interfere_mreg_incl +R4194 Coloringproof.add_interf_call_incl_aux_1 +R4194 Coloringproof.add_interf_call_incl_aux_1 +R4230 InterfGraph.add_interf_mreg_correct +R4230 InterfGraph.add_interf_mreg_correct +R4374 InterfGraph.interfere_mreg +R4399 Registers.fold +R4423 InterfGraph.add_interf_mreg +R4362 Coq.Init.Logic "x = y" type_scope +R4344 Registers.mem +R4364 Coq.Init.Datatypes.true +R4481 Registers.fold_spec +R4481 Registers.fold_spec +R4505 Coloringproof.add_interf_call_correct_aux_1 +R4505 Coloringproof.add_interf_call_correct_aux_1 +R4544 Registers.elements_correct +R4544 Registers.elements_correct +R4697 InterfGraph.interfere_mreg +R4718 Coloring.add_interf_call +R4676 Coq.Lists.List.In +R4664 Coq.Init.Logic "x = y" type_scope +R4646 Registers.mem +R4666 Coq.Init.Datatypes.true +R4847 Coloringproof.interfere_mreg_incl +R4847 Coloringproof.interfere_mreg_incl +R4876 Coloringproof.add_interf_call_incl +R4876 Coloringproof.add_interf_call_incl +R4906 Coloringproof.add_interf_call_correct_aux_2 +R4906 Coloringproof.add_interf_call_correct_aux_2 +R5027 InterfGraph.graph_incl +R5041 Coloring.add_prefs_call +R5137 Coloringproof.graph_incl_refl +R5137 Coloringproof.graph_incl_refl +R5137 Coloringproof.graph_incl_refl +R5137 Coloringproof.graph_incl_refl +R5137 Coloringproof.graph_incl_refl +R5178 InterfGraph.graph_incl_trans +R5178 InterfGraph.graph_incl_trans +R5220 InterfGraph.add_pref_mreg_incl +R5220 InterfGraph.add_pref_mreg_incl +R5309 InterfGraph.graph_incl +R5323 Coloring.add_interf_entry +R5431 Coloringproof.graph_incl_refl +R5431 Coloringproof.graph_incl_refl +R5457 InterfGraph.graph_incl_trans +R5457 InterfGraph.graph_incl_trans +R5498 Coloringproof.add_interf_op_incl +R5498 Coloringproof.add_interf_op_incl +R5651 InterfGraph.interfere +R5668 Coloring.add_interf_entry +R5640 Coq.Init.Logic "x <> y" type_scope +R5625 Coq.Init.Logic "x = y" type_scope +R5606 Registers.mem +R5627 Coq.Init.Datatypes.true +R5588 Coq.Lists.List.In +R5833 Coloring.add_interf_op +R5812 Coloringproof.interfere_incl +R5833 Coloring.add_interf_op +R5812 Coloringproof.interfere_incl +R5868 Coloringproof.add_interf_entry_incl +R5868 Coloringproof.add_interf_entry_incl +R5906 InterfGraph.interfere_sym +R5906 InterfGraph.interfere_sym +R5927 Coloringproof.add_interf_op_correct +R5927 Coloringproof.add_interf_op_correct +R6024 InterfGraph.graph_incl +R6041 Coq.Lists.List.fold_left +R6077 Registers.eq +R6101 InterfGraph.add_interf +R6179 Coloringproof.graph_incl_refl +R6179 Coloringproof.graph_incl_refl +R6205 InterfGraph.graph_incl_trans +R6205 InterfGraph.graph_incl_trans +R6246 Registers.eq +R6246 Registers.eq +R6275 Coloringproof.graph_incl_refl +R6275 Coloringproof.graph_incl_refl +R6298 InterfGraph.add_interf_incl +R6298 InterfGraph.add_interf_incl +R6368 InterfGraph.graph_incl +R6382 Coloring.add_interf_params +R6453 Coloringproof.graph_incl_refl +R6453 Coloringproof.graph_incl_refl +R6479 InterfGraph.graph_incl_trans +R6479 InterfGraph.graph_incl_trans +R6520 Coloringproof.add_interf_params_incl_aux +R6520 Coloringproof.add_interf_params_incl_aux +R6642 InterfGraph.interfere +R6662 Coq.Lists.List.fold_left +R6698 Registers.eq +R6722 InterfGraph.add_interf +R6631 Coq.Init.Logic "x <> y" type_scope +R6614 Coq.Lists.List.In +R6845 InterfGraph.interfere_sym +R6845 InterfGraph.interfere_sym +R6867 Coloringproof.interfere_incl +R6867 Coloringproof.interfere_incl +R6891 Coloringproof.add_interf_params_incl_aux +R6891 Coloringproof.add_interf_params_incl_aux +R6928 Registers.eq +R6928 Registers.eq +R6970 InterfGraph.add_interf_correct +R6970 InterfGraph.add_interf_correct +R7098 InterfGraph.interfere +R7115 Coloring.add_interf_params +R7087 Coq.Init.Logic "x <> y" type_scope +R7072 Coq.Lists.List.In +R7060 Coq.Lists.List.In +R7272 Coloringproof.interfere_incl +R7272 Coloringproof.interfere_incl +R7294 Coloringproof.add_interf_params_incl +R7294 Coloringproof.add_interf_params_incl +R7326 Coloringproof.add_interf_params_correct_aux +R7326 Coloringproof.add_interf_params_correct_aux +R7380 InterfGraph.interfere_sym +R7380 InterfGraph.interfere_sym +R7404 Coloringproof.interfere_incl +R7404 Coloringproof.interfere_incl +R7426 Coloringproof.add_interf_params_incl +R7426 Coloringproof.add_interf_params_incl +R7458 Coloringproof.add_interf_params_correct_aux +R7458 Coloringproof.add_interf_params_correct_aux +R7566 InterfGraph.graph_incl +R7580 Coloring.add_edges_instr +R7684 Coloringproof.graph_incl_refl +R7684 Coloringproof.graph_incl_refl +R7684 Coloringproof.graph_incl_refl +R7684 Coloringproof.graph_incl_refl +R7684 Coloringproof.graph_incl_refl +R7684 Coloringproof.graph_incl_refl +R7684 Coloringproof.graph_incl_refl +R7684 Coloringproof.graph_incl_refl +R7709 Registers.mem +R7709 Registers.mem +R7741 Op.is_move_operation +R7741 Op.is_move_operation +R7774 InterfGraph.graph_incl_trans +R7805 InterfGraph.add_pref_incl +R7774 InterfGraph.graph_incl_trans +R7805 InterfGraph.add_pref_incl +R7829 Coloringproof.add_interf_move_incl +R7829 Coloringproof.add_interf_move_incl +R7859 Coloringproof.add_interf_op_incl +R7859 Coloringproof.add_interf_op_incl +R7887 Coloringproof.graph_incl_refl +R7887 Coloringproof.graph_incl_refl +R7912 Registers.mem +R7912 Registers.mem +R7940 Coloringproof.add_interf_op_incl +R7940 Coloringproof.add_interf_op_incl +R7968 Coloringproof.graph_incl_refl +R7968 Coloringproof.graph_incl_refl +R7994 InterfGraph.graph_incl_trans +R8025 Coloringproof.add_prefs_call_incl +R7994 InterfGraph.graph_incl_trans +R8025 Coloringproof.add_prefs_call_incl +R8056 InterfGraph.graph_incl_trans +R8087 InterfGraph.add_pref_mreg_incl +R8056 InterfGraph.graph_incl_trans +R8087 InterfGraph.add_pref_mreg_incl +R8117 InterfGraph.graph_incl_trans +R8148 Coloringproof.add_interf_op_incl +R8117 InterfGraph.graph_incl_trans +R8148 Coloringproof.add_interf_op_incl +R8177 Coloringproof.add_interf_call_incl +R8177 Coloringproof.add_interf_call_incl +R8221 InterfGraph.add_pref_mreg_incl +R8221 InterfGraph.add_pref_mreg_incl +R8249 Coloringproof.graph_incl_refl +R8249 Coloringproof.graph_incl_refl +R8390 RTL.Iop +R8423 Op.is_move_operation +R8462 Coq.Init.Datatypes.Some +R8606 InterfGraph.interfere +R8596 Coq.Init.Logic "x <> y" type_scope +R8584 Coq.Init.Logic "x <> y" type_scope +R8562 Coq.Init.Logic "x = y" type_scope +R8544 Registers.mem +R8564 Coq.Init.Datatypes.true +R8524 Coq.Init.Logic "x = y" type_scope +R8504 Registers.mem +R8526 Coq.Init.Datatypes.true +R8632 Coq.Init.Datatypes.None +R8760 InterfGraph.interfere +R8750 Coq.Init.Logic "x <> y" type_scope +R8728 Coq.Init.Logic "x = y" type_scope +R8710 Registers.mem +R8730 Coq.Init.Datatypes.true +R8690 Coq.Init.Logic "x = y" type_scope +R8670 Registers.mem +R8692 Coq.Init.Datatypes.true +R8792 RTL.Iload +R8927 InterfGraph.interfere +R8917 Coq.Init.Logic "x <> y" type_scope +R8899 Coq.Init.Logic "x = y" type_scope +R8881 Registers.mem +R8901 Coq.Init.Datatypes.true +R8865 Coq.Init.Logic "x = y" type_scope +R8845 Registers.mem +R8867 Coq.Init.Datatypes.true +R8949 RTL.Icall +R9122 Coq.Init.Logic "A /\ B" type_scope +R9101 InterfGraph.interfere_mreg +R9083 Coq.Init.Logic "x <> y" type_scope +R9041 Coq.Lists.List.In +R9047 Conventions.destroyed_at_call_regs +R9023 Coq.Init.Logic "x = y" type_scope +R9005 Registers.mem +R9025 Coq.Init.Datatypes.true +R9197 InterfGraph.interfere +R9187 Coq.Init.Logic "x <> y" type_scope +R9167 Coq.Init.Logic "x = y" type_scope +R9149 Registers.mem +R9169 Coq.Init.Datatypes.true +R9231 Coq.Init.Logic.True +R8350 InterfGraph.graph +R8333 RTL.instruction +R8315 Registers.t +R9368 Coloringproof.correct_interf_instr +R9328 Coloringproof.correct_interf_instr +R9306 InterfGraph.graph_incl +R9503 Op.is_move_operation +R9503 Op.is_move_operation +R9544 Coloringproof.interfere_incl +R9544 Coloringproof.interfere_incl +R9584 Coloringproof.interfere_incl +R9584 Coloringproof.interfere_incl +R9624 Coloringproof.interfere_incl +R9624 Coloringproof.interfere_incl +R9687 Coloringproof.interfere_mreg_incl +R9687 Coloringproof.interfere_mreg_incl +R9732 Coloringproof.interfere_incl +R9732 Coloringproof.interfere_incl +R9821 Coloringproof.correct_interf_instr +R9854 Coloring.add_edges_instr +R9995 Op.is_move_operation +R9995 Op.is_move_operation +R10047 Coloringproof.interfere_incl +R10047 Coloringproof.interfere_incl +R10072 InterfGraph.add_pref_incl +R10072 InterfGraph.add_pref_incl +R10093 Coloringproof.add_interf_move_correct +R10093 Coloringproof.add_interf_move_correct +R10143 Coloringproof.add_interf_op_correct +R10143 Coloringproof.add_interf_op_correct +R10201 Coloringproof.add_interf_op_correct +R10201 Coloringproof.add_interf_op_correct +R10286 Coloring.add_interf_call +R10325 Conventions.destroyed_at_call_regs +R10303 Registers.remove +R10256 Coloringproof.interfere_mreg_incl +R10286 Coloring.add_interf_call +R10325 Conventions.destroyed_at_call_regs +R10303 Registers.remove +R10256 Coloringproof.interfere_mreg_incl +R10361 InterfGraph.graph_incl_trans +R10392 Coloringproof.add_prefs_call_incl +R10361 InterfGraph.graph_incl_trans +R10392 Coloringproof.add_prefs_call_incl +R10423 InterfGraph.graph_incl_trans +R10454 InterfGraph.add_pref_mreg_incl +R10423 InterfGraph.graph_incl_trans +R10454 InterfGraph.add_pref_mreg_incl +R10483 Coloringproof.add_interf_op_incl +R10483 Coloringproof.add_interf_op_incl +R10511 Coloringproof.add_interf_call_correct +R10511 Coloringproof.add_interf_call_correct +R10552 Registers.mem_remove_other +R10552 Registers.mem_remove_other +R10593 Coloringproof.interfere_incl +R10593 Coloringproof.interfere_incl +R10618 InterfGraph.graph_incl_trans +R10649 Coloringproof.add_prefs_call_incl +R10618 InterfGraph.graph_incl_trans +R10649 Coloringproof.add_prefs_call_incl +R10679 InterfGraph.add_pref_mreg_incl +R10679 InterfGraph.add_pref_mreg_incl +R10707 Coloringproof.add_interf_op_correct +R10707 Coloringproof.add_interf_op_correct +R10805 InterfGraph.graph_incl +R10823 Coq.Lists.List.fold_left +R10899 Coloring.add_edges_instr +R10932 Maps "a !! b" +R10936 Coq.Init.Datatypes.fst +R10920 Coq.Init.Datatypes.snd +R10871 Coq.Init.Datatypes "x * y" type_scope +R10862 Coq.NArith.BinPos.positive +R10873 RTL.instruction +R10850 InterfGraph.graph +R11014 Coloringproof.graph_incl_refl +R11014 Coloringproof.graph_incl_refl +R11040 InterfGraph.graph_incl_trans +R11040 InterfGraph.graph_incl_trans +R11081 Coloringproof.add_edges_instr_incl +R11081 Coloringproof.add_edges_instr_incl +R11203 Coloringproof.correct_interf_instr +R11240 Coq.Lists.List.fold_left +R11316 Coloring.add_edges_instr +R11349 Maps "a !! b" +R11353 Coq.Init.Datatypes.fst +R11337 Coq.Init.Datatypes.snd +R11288 Coq.Init.Datatypes "x * y" type_scope +R11279 Coq.NArith.BinPos.positive +R11290 RTL.instruction +R11267 InterfGraph.graph +R11228 Maps "a !! b" +R11180 Coq.Lists.List.In +R11183 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R11475 Coloringproof.correct_interf_instr_incl +R11475 Coloringproof.correct_interf_instr_incl +R11510 Coloringproof.add_edges_instrs_incl_aux +R11510 Coloringproof.add_edges_instrs_incl_aux +R11545 Coloringproof.add_edges_instr_correct +R11545 Coloringproof.add_edges_instr_correct +R11669 Coloringproof.correct_interf_instr +R11702 Coloring.add_edges_instrs +R11694 Maps "a !! b" +R11655 Coq.Init.Logic "x = y" type_scope +R11651 Maps "a ! b" +R11643 RTL.fn_code +R11657 Coq.Init.Datatypes.Some +R11782 Maps.fold_spec +R11782 Maps.fold_spec +R11807 Coloringproof.add_edges_instrs_correct_aux +R11807 Coloringproof.add_edges_instrs_correct_aux +R11845 Maps.elements_correct +R11845 Maps.elements_correct +R11970 Coloringproof.correct_interf_instr +R12003 Coloring.interf_graph +R11995 Maps "a !! b" +R11956 Coq.Init.Logic "x = y" type_scope +R11952 Maps "a ! b" +R11944 RTL.fn_code +R11958 Coq.Init.Datatypes.Some +R12109 Coloring.add_edges_instrs +R12077 Coloringproof.correct_interf_instr_incl +R12109 Coloring.add_edges_instrs +R12077 Coloringproof.correct_interf_instr_incl +R12144 InterfGraph.graph_incl_trans +R12175 Coloringproof.add_prefs_call_incl +R12144 InterfGraph.graph_incl_trans +R12175 Coloringproof.add_prefs_call_incl +R12206 InterfGraph.graph_incl_trans +R12237 Coloringproof.add_interf_params_incl +R12206 InterfGraph.graph_incl_trans +R12237 Coloringproof.add_interf_params_incl +R12270 Coloringproof.add_interf_entry_incl +R12270 Coloringproof.add_interf_entry_incl +R12301 Coloringproof.add_edges_instrs_correct +R12301 Coloringproof.add_edges_instrs_correct +R12464 InterfGraph.interfere +R12481 Coloring.interf_graph +R12453 Coq.Init.Logic "x <> y" type_scope +R12425 Coq.Lists.List.In +R12434 RTL.fn_params +R12400 Coq.Lists.List.In +R12409 RTL.fn_params +R12557 Coloringproof.interfere_incl +R12557 Coloringproof.interfere_incl +R12581 Coloringproof.add_prefs_call_incl +R12581 Coloringproof.add_prefs_call_incl +R12610 Coloringproof.add_interf_params_correct +R12610 Coloringproof.add_interf_params_correct +R12781 InterfGraph.interfere +R12798 Coloring.interf_graph +R12770 Coq.Init.Logic "x <> y" type_scope +R12755 Coq.Init.Logic "x = y" type_scope +R12735 Registers.mem +R12757 Coq.Init.Datatypes.true +R12710 Coq.Lists.List.In +R12719 RTL.fn_params +R12873 Coloringproof.interfere_incl +R12873 Coloringproof.interfere_incl +R12898 InterfGraph.graph_incl_trans +R12929 Coloringproof.add_prefs_call_incl +R12898 InterfGraph.graph_incl_trans +R12929 Coloringproof.add_prefs_call_incl +R12959 Coloringproof.add_interf_params_incl +R12959 Coloringproof.add_interf_params_incl +R12991 Coloringproof.add_interf_entry_correct +R12991 Coloringproof.add_interf_entry_correct +R13128 InterfGraph.graph +R13149 RTLtyping.regenv +R13175 Registers.t +R13211 Locations.loc +R13204 Registers.reg +R13365 Coq.Init.Logic "x <> y" type_scope +R13307 InterfGraph.In +R13332 InterfGraph.interf_reg_reg +R13320 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13295 Coq.Init.Logic "x = y" type_scope +R13267 Coloring.check_coloring_1 +R13297 Coq.Init.Datatypes.true +R13434 FSetInterface.compat_bool +R13498 Locations.eq +R13538 Coq.Init.Datatypes.snd +R13516 Coq.Init.Datatypes.fst +R13583 Coq.Init.Datatypes.true +R13572 Coq.Init.Datatypes.false +R13460 InterfGraph.eq +R13434 FSetInterface.compat_bool +R13498 Locations.eq +R13538 Coq.Init.Datatypes.snd +R13516 Coq.Init.Datatypes.fst +R13583 Coq.Init.Datatypes.true +R13572 Coq.Init.Datatypes.false +R13460 InterfGraph.eq +R13715 InterfGraph.for_all_2 +R13715 InterfGraph.for_all_2 +R13761 Locations.eq +R13761 Locations.eq +R13992 Coq.Init.Logic "x <> y" type_scope +R13995 Locations.R +R13931 InterfGraph.In +R13958 InterfGraph.interf_reg_mreg +R13945 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13919 Coq.Init.Logic "x = y" type_scope +R13891 Coloring.check_coloring_2 +R13921 Coq.Init.Datatypes.true +R14055 FSetInterface.compat_bool +R14120 Locations.eq +R14150 Locations.R +R14153 Coq.Init.Datatypes.snd +R14138 Coq.Init.Datatypes.fst +R14198 Coq.Init.Datatypes.true +R14187 Coq.Init.Datatypes.false +R14081 InterfGraph.eq +R14055 FSetInterface.compat_bool +R14120 Locations.eq +R14150 Locations.R +R14153 Coq.Init.Datatypes.snd +R14138 Coq.Init.Datatypes.fst +R14198 Coq.Init.Datatypes.true +R14187 Coq.Init.Datatypes.false +R14081 InterfGraph.eq +R14331 InterfGraph.for_all_2 +R14331 InterfGraph.for_all_2 +R14378 Locations.eq +R14400 Locations.R +R14378 Locations.eq +R14400 Locations.R +R14519 Coq.Init.Logic "x = y" type_scope +R14506 Coq.Init.Logic "x = y" type_scope +R14491 Coloring.same_typ +R14508 Coq.Init.Datatypes.true +R14660 Conventions.loc_acceptable +R14650 Coq.Init.Logic "x = y" type_scope +R14630 Coloring.loc_is_acceptable +R14652 Coq.Init.Datatypes.true +R14749 Coq.Lists.List.In_dec +R14769 Conventions.temporaries +R14764 Locations.R +R14756 Locations.eq +R14749 Coq.Lists.List.In_dec +R14769 Conventions.temporaries +R14764 Locations.R +R14756 Locations.eq +R14841 Coqlib.zlt +R14841 Coqlib.zlt +R15094 Coq.Init.Logic "A /\ B" type_scope +R15066 Conventions.loc_acceptable +R15103 Coq.Init.Logic "x = y" type_scope +R15105 Locations.type +R15054 Coq.Init.Logic "x = y" type_scope +R15033 Registers.mem +R15056 Coq.Init.Datatypes.true +R15021 Coq.Init.Logic "x = y" type_scope +R14983 Coloring.check_coloring_3 +R15023 Coq.Init.Datatypes.true +R15184 Registers.for_all_spec +R15184 Registers.for_all_spec +R15228 Coq.Bool.Bool.andb_prop +R15228 Coq.Bool.Bool.andb_prop +R15270 Coloringproof.loc_is_acceptable_correct +R15270 Coloringproof.loc_is_acceptable_correct +R15311 Coloringproof.same_typ_correct +R15311 Coloringproof.same_typ_correct +R15404 InterfGraph.graph +R15425 RTLtyping.regenv +R15448 InterfGraph.all_interf_regs +R15493 Locations.loc +R15486 Registers.reg +R15511 Coloring.alloc_of_coloring +R15710 Coq.Init.Logic "x <> y" type_scope +R15655 InterfGraph.In +R15680 InterfGraph.interf_reg_reg +R15668 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15643 Coq.Init.Logic "x = y" type_scope +R15605 Coloring.check_coloring +R15645 Coq.Init.Datatypes.true +R15797 Coq.Bool.Bool.andb_prop +R15797 Coq.Bool.Bool.andb_prop +R15837 InterfGraph.all_interf_regs_correct_1 +R15837 InterfGraph.all_interf_regs_correct_1 +R15939 Coloringproof.check_coloring_1_correct +R15939 Coloringproof.check_coloring_1_correct +R16140 Coq.Init.Logic "x <> y" type_scope +R16143 Locations.R +R16082 InterfGraph.In +R16109 InterfGraph.interf_reg_mreg +R16096 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16070 Coq.Init.Logic "x = y" type_scope +R16032 Coloring.check_coloring +R16072 Coq.Init.Datatypes.true +R16224 Coq.Bool.Bool.andb_prop +R16224 Coq.Bool.Bool.andb_prop +R16258 Coq.Bool.Bool.andb_prop +R16258 Coq.Bool.Bool.andb_prop +R16299 InterfGraph.all_interf_regs_correct_2 +R16299 InterfGraph.all_interf_regs_correct_2 +R16384 Coloringproof.check_coloring_2_correct +R16384 Coloringproof.check_coloring_2_correct +R16522 Conventions.loc_acceptable +R16510 Coq.Init.Logic "x = y" type_scope +R16472 Coloring.check_coloring +R16512 Coq.Init.Datatypes.true +R16622 Coq.Bool.Bool.andb_prop +R16622 Coq.Bool.Bool.andb_prop +R16656 Coq.Bool.Bool.andb_prop +R16656 Coq.Bool.Bool.andb_prop +R16693 Registers.mem +R16693 Registers.mem +R16737 Coloringproof.check_coloring_3_correct +R16737 Coloringproof.check_coloring_3_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R16942 Coq.Init.Logic "x = y" type_scope +R16944 Locations.type +R16924 Coq.Init.Logic "x = y" type_scope +R16886 Coloring.check_coloring +R16926 Coq.Init.Datatypes.true +R17038 Coq.Bool.Bool.andb_prop +R17038 Coq.Bool.Bool.andb_prop +R17072 Coq.Bool.Bool.andb_prop +R17072 Coq.Bool.Bool.andb_prop +R17109 Registers.mem +R17109 Registers.mem +R17153 Coloringproof.check_coloring_3_correct +R17153 Coloringproof.check_coloring_3_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R17409 RTL.Iop +R17442 Op.is_move_operation +R17481 Coq.Init.Datatypes.Some +R17641 Coq.Init.Logic "x <> y" type_scope +R17623 Coq.Init.Logic "x <> y" type_scope +R17611 Coq.Init.Logic "x <> y" type_scope +R17589 Coq.Init.Logic "x = y" type_scope +R17567 Registers.mem +R17584 Maps "a !! b" +R17591 Coq.Init.Datatypes.true +R17547 Coq.Init.Logic "x = y" type_scope +R17523 Registers.mem +R17542 Maps "a !! b" +R17549 Coq.Init.Datatypes.true +R17662 Coq.Init.Datatypes.None +R17806 Coq.Init.Logic "x <> y" type_scope +R17788 Coq.Init.Logic "x <> y" type_scope +R17766 Coq.Init.Logic "x = y" type_scope +R17744 Registers.mem +R17761 Maps "a !! b" +R17768 Coq.Init.Datatypes.true +R17724 Coq.Init.Logic "x = y" type_scope +R17700 Registers.mem +R17719 Maps "a !! b" +R17726 Coq.Init.Datatypes.true +R17833 RTL.Iload +R17984 Coq.Init.Logic "x <> y" type_scope +R17966 Coq.Init.Logic "x <> y" type_scope +R17948 Coq.Init.Logic "x = y" type_scope +R17926 Registers.mem +R17943 Maps "a !! b" +R17950 Coq.Init.Datatypes.true +R17910 Coq.Init.Logic "x = y" type_scope +R17886 Registers.mem +R17905 Maps "a !! b" +R17912 Coq.Init.Datatypes.true +R18001 RTL.Icall +R18159 Coq.Init.Logic "A /\ B" type_scope +R18114 Coq.Init.Logic "~ x" type_scope +R18116 Coq.Lists.List.In +R18129 Conventions.destroyed_at_call +R18096 Coq.Init.Logic "x <> y" type_scope +R18076 Coq.Init.Logic "x = y" type_scope +R18054 Registers.mem +R18071 Maps "a !! b" +R18078 Coq.Init.Datatypes.true +R18246 Coq.Init.Logic "x <> y" type_scope +R18228 Coq.Init.Logic "x <> y" type_scope +R18208 Coq.Init.Logic "x = y" type_scope +R18186 Registers.mem +R18203 Maps "a !! b" +R18210 Coq.Init.Datatypes.true +R18275 Coq.Init.Logic.True +R17363 RTL.instruction +R17349 RTL.node +R17334 Locations.loc +R17327 Registers.reg +R17302 Maps.t +R17309 Registers.t +R18330 RTL.function +R18354 RTLtyping.regenv +R18377 Maps.t +R18384 Registers.t +R18410 Registers.t +R18443 Locations.loc +R18436 Registers.reg +R18458 Coloring.interf_graph +R18500 InterfGraph.all_interf_regs +R18535 Coloring.graph_coloring +R18678 Coq.Init.Logic "A /\ B" type_scope +R18671 Coq.Init.Logic "x = y" type_scope +R18633 Coloring.check_coloring +R18673 Coq.Init.Datatypes.true +R18689 Coq.Init.Logic "x = y" type_scope +R18691 Coloring.alloc_of_coloring +R18615 Coq.Init.Logic "x = y" type_scope +R18589 Coloring.regalloc +R18617 Coq.Init.Datatypes.Some +R18787 Coloring.check_coloring +R18803 Coloring.interf_graph +R18787 Coloring.check_coloring +R18803 Coloring.interf_graph +R19014 Conventions.loc_acceptable +R18996 Coq.Init.Logic "x = y" type_scope +R18970 Coloring.regalloc +R18998 Coq.Init.Datatypes.Some +R19063 Coloringproof.regalloc_ok +R19063 Coloringproof.regalloc_ok +R19123 Coloringproof.alloc_of_coloring_correct_3 +R19123 Coloringproof.alloc_of_coloring_correct_3 +R19257 Conventions.locs_acceptable +R19274 Coq.Lists.List.map +R19239 Coq.Init.Logic "x = y" type_scope +R19213 Coloring.regalloc +R19241 Coq.Init.Datatypes.Some +R19332 Coqlib.list_in_map_inv +R19332 Coqlib.list_in_map_inv +R19394 Coloringproof.regalloc_acceptable +R19394 Coloringproof.regalloc_acceptable +R19537 Coq.Init.Logic "x = y" type_scope +R19518 Locations.type +R19500 Coq.Init.Logic "x = y" type_scope +R19474 Coloring.regalloc +R19502 Coq.Init.Datatypes.Some +R19569 Coloringproof.regalloc_ok +R19569 Coloringproof.regalloc_ok +R19641 Coloringproof.alloc_of_coloring_correct_4 +R19641 Coloringproof.alloc_of_coloring_correct_4 +R19916 Coloringproof.correct_alloc_instr +R19873 Coloringproof.correct_interf_instr +R19898 Maps "a !! b" +R19858 Coq.Init.Logic "x <> y" type_scope +R19861 Locations.R +R19822 InterfGraph.interfere_mreg +R19788 Coq.Init.Logic "x <> y" type_scope +R19758 InterfGraph.interfere +R20081 Op.is_move_operation +R20081 Op.is_move_operation +R20207 Coqlib.list_in_map_inv +R20223 Locations.R +R20207 Coqlib.list_in_map_inv +R20223 Locations.R +R20481 Coloringproof.correct_alloc_instr +R20463 Coq.Init.Logic "x = y" type_scope +R20459 Maps "a ! b" +R20451 RTL.fn_code +R20465 Coq.Init.Datatypes.Some +R20430 Coq.Init.Logic "x = y" type_scope +R20404 Coloring.regalloc +R20432 Coq.Init.Datatypes.Some +R20545 Coloringproof.regalloc_ok +R20545 Coloringproof.regalloc_ok +R20577 Coloringproof.correct_interf_alloc_instr +R20577 Coloringproof.correct_interf_alloc_instr +R20663 InterfGraph.ordered_pair_charact +R20663 InterfGraph.ordered_pair_charact +R20707 Coloringproof.alloc_of_coloring_correct_1 +R20707 Coloringproof.alloc_of_coloring_correct_1 +R20774 Coq.Init.Logic.sym_not_equal +R20774 Coq.Init.Logic.sym_not_equal +R20797 Coloringproof.alloc_of_coloring_correct_1 +R20797 Coloringproof.alloc_of_coloring_correct_1 +R20902 Coloringproof.alloc_of_coloring_correct_2 +R20902 Coloringproof.alloc_of_coloring_correct_2 +R20965 Coloringproof.interf_graph_correct_1 +R20965 Coloringproof.interf_graph_correct_1 +R21106 Coqlib.list_norepet +R21120 Coq.Lists.List.map +R21138 RTL.fn_params +R21074 Coqlib.list_norepet +R21090 RTL.fn_params +R21056 Coq.Init.Logic "x = y" type_scope +R21030 Coloring.regalloc +R21058 Coq.Init.Datatypes.Some +R21174 Coloringproof.regalloc_ok +R21174 Coloringproof.regalloc_ok +R21206 Coqlib.list_map_norepet +R21206 Coqlib.list_map_norepet +R21277 InterfGraph.ordered_pair_charact +R21277 InterfGraph.ordered_pair_charact +R21319 Coloringproof.alloc_of_coloring_correct_1 +R21319 Coloringproof.alloc_of_coloring_correct_1 +R21403 InterfGraph.interfere +R21403 InterfGraph.interfere +R21440 Coloringproof.interf_graph_correct_2 +R21440 Coloringproof.interf_graph_correct_2 +R21478 Coq.Init.Logic.sym_not_equal +R21478 Coq.Init.Logic.sym_not_equal +R21501 Coloringproof.alloc_of_coloring_correct_1 +R21501 Coloringproof.alloc_of_coloring_correct_1 +R21585 InterfGraph.interfere +R21585 InterfGraph.interfere +R21622 Coloringproof.interf_graph_correct_2 +R21622 Coloringproof.interf_graph_correct_2 +R21826 Coq.Init.Logic "x <> y" type_scope +R21806 Coq.Init.Logic "x <> y" type_scope +R21791 Coq.Init.Logic "x = y" type_scope +R21771 Registers.mem +R21793 Coq.Init.Datatypes.true +R21746 Coq.Lists.List.In +R21755 RTL.fn_params +R21728 Coq.Init.Logic "x = y" type_scope +R21702 Coloring.regalloc +R21730 Coq.Init.Datatypes.Some +R21862 Coloringproof.regalloc_ok +R21862 Coloringproof.regalloc_ok +R21924 InterfGraph.ordered_pair_charact +R21924 InterfGraph.ordered_pair_charact +R21968 Coloringproof.alloc_of_coloring_correct_1 +R21968 Coloringproof.alloc_of_coloring_correct_1 +R22052 InterfGraph.interfere +R22052 InterfGraph.interfere +R22090 Coloringproof.interf_graph_correct_3 +R22090 Coloringproof.interf_graph_correct_3 +R22128 Coq.Init.Logic.sym_not_equal +R22128 Coq.Init.Logic.sym_not_equal +R22151 Coloringproof.alloc_of_coloring_correct_1 +R22151 Coloringproof.alloc_of_coloring_correct_1 +R22235 InterfGraph.interfere +R22235 InterfGraph.interfere +R22273 Coloringproof.interf_graph_correct_3 +R22273 Coloringproof.interf_graph_correct_3 +FParallelmove +R393 Coq.Init.Logic.refl_equal +R455 Coq.Arith.EqNat.beq_nat_eq +R531 Coq.Init.Logic "x = y" type_scope +R519 Coq.Arith.EqNat.beq_nat +R533 Coq.Init.Datatypes.false +R510 Coq.Init.Logic "x <> y" type_scope +R502 Coq.Init.Datatypes.nat +R502 Coq.Init.Datatypes.nat +R575 Coq.Arith.EqNat.beq_nat +R575 Coq.Arith.EqNat.beq_nat +R634 Parallelmove.neq_is_neq +R705 Coq.Init.Logic "x = y" type_scope +R698 Coq.Lists.List "x ++ y" list_scope +R701 Coq.Lists.List.nil +R686 Coq.Lists.List.list +R876 Coq.Init.Logic "x = y" type_scope +R868 Coq.Lists.List "x ++ y" list_scope +R863 Coq.Lists.List "x :: y" list_scope +R880 Coq.Lists.List "x :: y" list_scope +R887 Coq.Lists.List "x ++ y" list_scope +R842 Coq.Lists.List.list +R842 Coq.Lists.List.list +R987 Coq.Init.Logic "x = y" type_scope +R973 Coq.Lists.List "x ++ y" list_scope +R980 Coq.Lists.List "x ++ y" list_scope +R998 Coq.Lists.List "x ++ y" list_scope +R993 Coq.Lists.List "x ++ y" list_scope +R960 Coq.Lists.List.list +R960 Coq.Lists.List.list +R960 Coq.Lists.List.list +R1172 Coq.Init.Logic "'exists' x : t , p" type_scope +R1187 Coq.Init.Logic "'exists' x : t , p" type_scope +R1223 Coq.Init.Logic "x = y" type_scope +R1209 Coq.Lists.List "x ++ y" list_scope +R1215 Coq.Lists.List "x :: y" list_scope +R1218 Coq.Lists.List.nil +R1227 Coq.Lists.List "x :: y" list_scope +R1198 Coq.Lists.List.list +R1152 Coq.Lists.List.list +R1304 Coq.Lists.List.nil +R1304 Coq.Lists.List.nil +R1373 Coq.Lists.List "x ++ y" list_scope +R1379 Coq.Lists.List "x :: y" list_scope +R1382 Coq.Lists.List.nil +R1373 Coq.Lists.List "x ++ y" list_scope +R1379 Coq.Lists.List "x :: y" list_scope +R1382 Coq.Lists.List.nil +R1468 Coq.Init.Logic "'exists' x : t , p" type_scope +R1483 Coq.Init.Logic "'exists' x : t , p" type_scope +R1518 Coq.Init.Logic "x = y" type_scope +R1505 Coq.Lists.List "x ++ y" list_scope +R1511 Coq.Lists.List "x :: y" list_scope +R1522 Coq.Lists.List "x :: y" list_scope +R1494 Coq.Lists.List.list +R1448 Coq.Lists.List.list +R1448 Coq.Lists.List.list +R1661 Coq.Lists.List "x ++ y" list_scope +R1667 Coq.Lists.List "x :: y" list_scope +R1661 Coq.Lists.List "x ++ y" list_scope +R1667 Coq.Lists.List "x :: y" list_scope +R1752 Coq.Init.Logic "'exists' x : t , p" type_scope +R1767 Coq.Init.Logic "'exists' x : t , p" type_scope +R1794 Coq.Init.Logic "x = y" type_scope +R1789 Coq.Lists.List "x :: y" list_scope +R1798 Coq.Lists.List "x ++ y" list_scope +R1804 Coq.Lists.List "x :: y" list_scope +R1807 Coq.Lists.List.nil +R1778 Coq.Lists.List.list +R1732 Coq.Lists.List.list +R1884 Coq.Lists.List.nil +R1884 Coq.Lists.List.nil +R2007 Coq.Lists.List "x :: y" list_scope +R2010 Coq.Lists.List.nil +R2007 Coq.Lists.List "x :: y" list_scope +R2010 Coq.Lists.List.nil +R2051 Coq.Lists.List "x :: y" list_scope +R2057 Coq.Lists.List "x :: y" list_scope +R2051 Coq.Lists.List "x :: y" list_scope +R2057 Coq.Lists.List "x :: y" list_scope +R2097 Parallelmove.app_rewriter +R2132 Locations.loc +R2187 Locations.type +R2203 AST.Tint +R2211 Locations.R +R2213 Locations.IT2 +R2219 AST.Tfloat +R2229 Locations.R +R2231 Locations.FT2 +R2167 Locations.loc +R2296 Locations.diff +R2308 Parallelmove.T +R2277 Locations.loc +R2340 Coq.Init.Datatypes "x * y" type_scope +R2336 Parallelmove.Reg +R2342 Parallelmove.Reg +R2375 Coq.Lists.List.list +R2380 Parallelmove.Move +R2423 Coq.Init.Datatypes "x * y" type_scope +R2416 Coq.Init.Datatypes "x * y" type_scope +R2410 Parallelmove.Moves +R2418 Parallelmove.Moves +R2427 Parallelmove.Moves +R2479 Parallelmove.Moves +R2504 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2505 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2470 Parallelmove.State +R2564 Parallelmove.Moves +R2589 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2590 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2555 Parallelmove.State +R2648 Parallelmove.Moves +R2673 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2674 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2639 Parallelmove.State +R2730 Parallelmove.Reg +R2718 Parallelmove.Moves +R2773 Coq.Lists.List.nil +R2780 Coq.Init.Logic.True +R2796 Coq.Lists.List "x :: y" list_scope +R2789 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2817 Coq.Init.Logic "A /\ B" type_scope +R2804 Locations.diff +R2730 Parallelmove.Reg +R2718 Parallelmove.Moves +R2924 Parallelmove.noRead +R2935 Coq.Lists.List "x ++ y" list_scope +R2908 Parallelmove.noRead +R2893 Parallelmove.noRead +R2886 Parallelmove.Reg +R2874 Parallelmove.Moves +R2874 Parallelmove.Moves +R3079 Parallelmove.State +R3070 Parallelmove.State +R3190 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3194 Coq.Lists.List "x ++ y" list_scope +R3201 Coq.Lists.List.nil +R3159 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3163 Coq.Lists.List "x ++ y" list_scope +R3174 Coq.Lists.List "x :: y" list_scope +R3167 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3182 Coq.Lists.List.nil +R3141 Parallelmove.Moves +R3141 Parallelmove.Moves +R3141 Parallelmove.Moves +R3125 Parallelmove.Reg +R3303 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3307 Coq.Lists.List "x ++ y" list_scope +R3316 Coq.Lists.List "x :: y" list_scope +R3319 Coq.Lists.List.nil +R3277 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3281 Coq.Lists.List "x ++ y" list_scope +R3287 Coq.Lists.List "x :: y" list_scope +R3295 Coq.Lists.List.nil +R3259 Parallelmove.Move +R3247 Parallelmove.Moves +R3247 Parallelmove.Moves +R3247 Parallelmove.Moves +R3452 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3456 Coq.Lists.List "x ++ y" list_scope +R3470 Coq.Lists.List "x :: y" list_scope +R3463 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3481 Coq.Lists.List "x :: y" list_scope +R3474 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3406 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3410 Coq.Lists.List "x ++ y" list_scope +R3421 Coq.Lists.List "x :: y" list_scope +R3414 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3436 Coq.Lists.List "x :: y" list_scope +R3429 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3382 Parallelmove.Reg +R3382 Parallelmove.Reg +R3382 Parallelmove.Reg +R3366 Parallelmove.Moves +R3366 Parallelmove.Moves +R3366 Parallelmove.Moves +R3366 Parallelmove.Moves +R3630 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3647 Coq.Lists.List "x :: y" list_scope +R3634 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3653 Coq.Lists.List "x ++ y" list_scope +R3667 Coq.Lists.List "x :: y" list_scope +R3657 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3658 Parallelmove.T +R3670 Coq.Lists.List.nil +R3688 Coq.Lists.List "x :: y" list_scope +R3677 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3682 Parallelmove.T +R3575 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3592 Coq.Lists.List "x :: y" list_scope +R3579 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3598 Coq.Lists.List "x ++ y" list_scope +R3610 Coq.Lists.List "x :: y" list_scope +R3602 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3613 Coq.Lists.List.nil +R3551 Parallelmove.Reg +R3551 Parallelmove.Reg +R3551 Parallelmove.Reg +R3551 Parallelmove.Reg +R3526 Parallelmove.Moves +R3526 Parallelmove.Moves +R3526 Parallelmove.Moves +R3869 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3875 Coq.Lists.List "x ++ y" list_scope +R3888 Coq.Lists.List "x :: y" list_scope +R3879 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3891 Coq.Lists.List.nil +R3906 Coq.Lists.List "x :: y" list_scope +R3897 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3817 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3830 Coq.Lists.List "x :: y" list_scope +R3821 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3836 Coq.Lists.List "x ++ y" list_scope +R3849 Coq.Lists.List "x :: y" list_scope +R3840 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3852 Coq.Lists.List.nil +R3781 Locations.diff +R3761 Parallelmove.noRead +R3750 Parallelmove.Reg +R3750 Parallelmove.Reg +R3750 Parallelmove.Reg +R3750 Parallelmove.Reg +R3728 Parallelmove.Moves +R3728 Parallelmove.Moves +R3728 Parallelmove.Moves +R4012 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4016 Coq.Lists.List.nil +R4028 Coq.Lists.List "x :: y" list_scope +R4021 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3990 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4001 Coq.Lists.List "x :: y" list_scope +R3994 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4004 Coq.Lists.List.nil +R3970 Parallelmove.noRead +R3959 Parallelmove.Reg +R3959 Parallelmove.Reg +R3945 Parallelmove.Moves +R3945 Parallelmove.Moves +R4049 Parallelmove.step_nop +R4058 Parallelmove.step_start +R4069 Parallelmove.step_push +R4079 Parallelmove.step_loop +R4089 Parallelmove.step_pop +R4098 Parallelmove.step_last +R4131 Parallelmove.Moves +R4165 Coq.Lists.List.nil +R4172 Coq.Init.Logic.True +R4188 Coq.Lists.List "x :: y" list_scope +R4181 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4223 Coq.Lists.List.nil +R4230 Coq.Init.Logic.True +R4253 Coq.Lists.List "x :: y" list_scope +R4244 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4269 Coq.Init.Logic "A /\ B" type_scope +R4264 Coq.Init.Logic "x = y" type_scope +R4131 Parallelmove.Moves +R4362 Parallelmove.path +R4344 Parallelmove.path +R4352 Coq.Lists.List "x :: y" list_scope +R4336 Parallelmove.Moves +R4325 Parallelmove.Move +R4525 Parallelmove.Reg +R4513 Parallelmove.Moves +R4568 Coq.Lists.List.nil +R4575 Coq.Init.Logic.True +R4591 Coq.Lists.List "x :: y" list_scope +R4584 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4612 Coq.Init.Logic "A /\ B" type_scope +R4599 Locations.diff +R4525 Parallelmove.Reg +R4513 Parallelmove.Moves +R4733 Parallelmove.noWrite +R4745 Coq.Lists.List "x ++ y" list_scope +R4701 Parallelmove.noWrite +R4713 Coq.Lists.List "x ++ y" list_scope +R4719 Coq.Lists.List "x :: y" list_scope +R4694 Parallelmove.Reg +R4683 Parallelmove.Move +R4671 Parallelmove.Moves +R4671 Parallelmove.Moves +R4881 Parallelmove.app_cons +R4899 Parallelmove.app_cons +R4881 Parallelmove.app_cons +R4899 Parallelmove.app_cons +R5067 Locations.diff +R5027 Parallelmove.noWrite +R5039 Coq.Lists.List "x ++ y" list_scope +R5052 Coq.Lists.List "x :: y" list_scope +R5043 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5020 Parallelmove.Reg +R5020 Parallelmove.Reg +R5020 Parallelmove.Reg +R5001 Parallelmove.Moves +R5001 Parallelmove.Moves +R5198 Locations.diff_sym +R5198 Locations.diff_sym +R5240 Parallelmove.app_cons +R5240 Parallelmove.app_cons +R5413 Parallelmove.noWrite +R5425 Coq.Lists.List "x :: y" list_scope +R5432 Coq.Lists.List "x :: y" list_scope +R5381 Parallelmove.noWrite +R5393 Coq.Lists.List "x :: y" list_scope +R5400 Coq.Lists.List "x :: y" list_scope +R5374 Parallelmove.Reg +R5363 Parallelmove.Move +R5363 Parallelmove.Move +R5347 Parallelmove.Moves +R5652 Parallelmove.noWrite +R5663 Coq.Lists.List "x :: y" list_scope +R5670 Coq.Lists.List "x ++ y" list_scope +R5619 Parallelmove.noWrite +R5631 Coq.Lists.List "x ++ y" list_scope +R5637 Coq.Lists.List "x :: y" list_scope +R5612 Parallelmove.Reg +R5600 Parallelmove.Move +R5588 Parallelmove.Moves +R5588 Parallelmove.Moves +R5776 Parallelmove.app_cons +R5794 Parallelmove.app_cons +R5776 Parallelmove.app_cons +R5794 Parallelmove.app_cons +R5818 Parallelmove.noWrite_swap +R5843 Parallelmove.app_cons +R5818 Parallelmove.noWrite_swap +R5843 Parallelmove.app_cons +R5902 Parallelmove.noWrite +R5902 Parallelmove.noWrite +R6027 Parallelmove.noWrite +R6039 Coq.Lists.List "x ++ y" list_scope +R6045 Coq.Lists.List "x :: y" list_scope +R5994 Parallelmove.noWrite +R6005 Coq.Lists.List "x :: y" list_scope +R6012 Coq.Lists.List "x ++ y" list_scope +R5987 Parallelmove.Reg +R5975 Parallelmove.Move +R5963 Parallelmove.Moves +R5963 Parallelmove.Moves +R6342 Parallelmove.noWrite +R6353 Coq.Lists.List "x ++ y" list_scope +R6364 Coq.Lists.List "x :: y" list_scope +R6357 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R6367 Coq.Lists.List.nil +R6335 Parallelmove.Reg +R6286 Parallelmove.noWrite +R6297 Coq.Lists.List "x ++ y" list_scope +R6308 Coq.Lists.List "x :: y" list_scope +R6301 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R6311 Coq.Lists.List.nil +R6279 Parallelmove.Reg +R6279 Parallelmove.Reg +R6279 Parallelmove.Reg +R6263 Parallelmove.Moves +R6529 Parallelmove.Moves +R6563 Coq.Lists.List.nil +R6570 Coq.Init.Logic.True +R6586 Coq.Lists.List "x :: y" list_scope +R6579 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R6606 Coq.Init.Logic "A /\ B" type_scope +R6594 Parallelmove.noWrite +R6529 Parallelmove.Moves +R6722 Parallelmove.simpleDest +R6737 Coq.Lists.List "x ++ y" list_scope +R6689 Parallelmove.simpleDest +R6704 Coq.Lists.List "x ++ y" list_scope +R6710 Coq.Lists.List "x :: y" list_scope +R6680 Parallelmove.Moves +R6680 Parallelmove.Moves +R6665 Parallelmove.Move +R6871 Parallelmove.app_cons +R6889 Parallelmove.app_cons +R6871 Parallelmove.app_cons +R6889 Parallelmove.app_cons +R6956 Parallelmove.noWrite_pop +R6956 Parallelmove.noWrite_pop +R7069 Parallelmove.simpleDest +R7045 Parallelmove.simpleDest +R7059 Coq.Lists.List "x :: y" list_scope +R7037 Parallelmove.Moves +R7026 Parallelmove.Move +R7223 Parallelmove.simpleDest +R7197 Parallelmove.simpleDest +R7212 Coq.Lists.List "x ++ y" list_scope +R7189 Parallelmove.Moves +R7189 Parallelmove.Moves +R7313 Parallelmove.app_cons +R7313 Parallelmove.app_cons +R7352 Parallelmove.simpleDest_pop +R7352 Parallelmove.simpleDest_pop +R7477 Parallelmove.simpleDest +R7492 Coq.Lists.List "x :: y" list_scope +R7499 Coq.Lists.List "x :: y" list_scope +R7444 Parallelmove.simpleDest +R7459 Coq.Lists.List "x :: y" list_scope +R7466 Coq.Lists.List "x :: y" list_scope +R7435 Parallelmove.Moves +R7424 Parallelmove.Move +R7424 Parallelmove.Move +R7621 Locations.diff_sym +R7621 Locations.diff_sym +R7741 Parallelmove.simpleDest +R7756 Coq.Lists.List "x :: y" list_scope +R7708 Parallelmove.simpleDest +R7723 Coq.Lists.List "x :: y" list_scope +R7730 Coq.Lists.List "x :: y" list_scope +R7699 Parallelmove.Moves +R7688 Parallelmove.Move +R7688 Parallelmove.Move +R7785 Parallelmove.simpleDest_pop +R7811 Parallelmove.simpleDest_swap +R7785 Parallelmove.simpleDest_pop +R7811 Parallelmove.simpleDest_swap +R7938 Parallelmove.simpleDest +R7952 Coq.Lists.List "x :: y" list_scope +R7959 Coq.Lists.List "x ++ y" list_scope +R7905 Parallelmove.simpleDest +R7920 Coq.Lists.List "x ++ y" list_scope +R7926 Coq.Lists.List "x :: y" list_scope +R7897 Parallelmove.Move +R7885 Parallelmove.Moves +R7885 Parallelmove.Moves +R8044 Parallelmove.app_cons +R8062 Parallelmove.app_cons +R8044 Parallelmove.app_cons +R8062 Parallelmove.app_cons +R8122 Parallelmove.simpleDest_swap +R8122 Parallelmove.simpleDest_swap +R8169 Parallelmove.noWrite +R8187 Coq.Lists.List "x :: y" list_scope +R8178 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8194 Coq.Lists.List "x ++ y" list_scope +R8169 Parallelmove.noWrite +R8187 Coq.Lists.List "x :: y" list_scope +R8178 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8194 Coq.Lists.List "x ++ y" list_scope +R8212 Parallelmove.simpleDest +R8233 Coq.Lists.List "x :: y" list_scope +R8224 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8240 Coq.Lists.List "x ++ y" list_scope +R8212 Parallelmove.simpleDest +R8233 Coq.Lists.List "x :: y" list_scope +R8224 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8240 Coq.Lists.List "x ++ y" list_scope +R8331 Parallelmove.noWrite_movFront +R8331 Parallelmove.noWrite_movFront +R8457 Parallelmove.simpleDest +R8472 Coq.Lists.List "x ++ y" list_scope +R8478 Coq.Lists.List "x :: y" list_scope +R8424 Parallelmove.simpleDest +R8438 Coq.Lists.List "x :: y" list_scope +R8445 Coq.Lists.List "x ++ y" list_scope +R8416 Parallelmove.Move +R8404 Parallelmove.Moves +R8404 Parallelmove.Moves +R8563 Parallelmove.app_cons +R8563 Parallelmove.app_cons +R8651 Parallelmove.noWrite_insert +R8651 Parallelmove.noWrite_insert +R8725 Locations.diff_sym +R8725 Locations.diff_sym +R8786 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8765 Parallelmove.simpleDest_pop2 +R8786 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8765 Parallelmove.simpleDest_pop2 +R8905 Parallelmove.simpleDest +R8926 Coq.Lists.List "x ++ y" list_scope +R8921 Coq.Lists.List "x ++ y" list_scope +R8934 Coq.Lists.List "x :: y" list_scope +R8937 Coq.Lists.List.nil +R8872 Parallelmove.simpleDest +R8887 Coq.Lists.List "x ++ y" list_scope +R8893 Coq.Lists.List "x :: y" list_scope +R8864 Parallelmove.Move +R8852 Parallelmove.Moves +R8852 Parallelmove.Moves +R8966 Parallelmove.simpleDest_insert +R8995 Coq.Lists.List.nil +R8988 Coq.Lists.List "x ++ y" list_scope +R8966 Parallelmove.simpleDest_insert +R8995 Coq.Lists.List.nil +R8988 Coq.Lists.List "x ++ y" list_scope +R9011 Parallelmove.app_nil +R9026 Parallelmove.simpleDest_movFront +R9011 Parallelmove.app_nil +R9026 Parallelmove.simpleDest_movFront +R9168 Parallelmove.simpleDest +R9189 Coq.Lists.List "x ++ y" list_scope +R9184 Coq.Lists.List "x ++ y" list_scope +R9197 Coq.Lists.List "x :: y" list_scope +R9127 Parallelmove.simpleDest +R9142 Coq.Lists.List "x ++ y" list_scope +R9148 Coq.Lists.List "x :: y" list_scope +R9155 Coq.Lists.List "x ++ y" list_scope +R9119 Parallelmove.Move +R9107 Parallelmove.Moves +R9107 Parallelmove.Moves +R9107 Parallelmove.Moves +R9228 Parallelmove.simpleDest_insert +R9250 Coq.Lists.List "x ++ y" list_scope +R9228 Parallelmove.simpleDest_insert +R9250 Coq.Lists.List "x ++ y" list_scope +R9275 Parallelmove.app_app +R9275 Parallelmove.app_app +R9290 Parallelmove.simpleDest_movFront +R9290 Parallelmove.simpleDest_movFront +R9441 Parallelmove.simpleDest +R9455 Coq.Lists.List "x ++ y" list_scope +R9466 Coq.Lists.List "x :: y" list_scope +R9459 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9469 Coq.Lists.List.nil +R9434 Parallelmove.Reg +R9384 Parallelmove.simpleDest +R9398 Coq.Lists.List "x ++ y" list_scope +R9409 Coq.Lists.List "x :: y" list_scope +R9402 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9412 Coq.Lists.List.nil +R9377 Parallelmove.Reg +R9377 Parallelmove.Reg +R9363 Parallelmove.Moves +R9595 Parallelmove.noWrite_tmpLast +R9595 Parallelmove.noWrite_tmpLast +R9653 Parallelmove.Moves +R9687 Coq.Lists.List.nil +R9694 Coq.Init.Logic.True +R9710 Coq.Lists.List "x :: y" list_scope +R9703 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9752 Coq.Init.Logic "A /\ B" type_scope +R9736 Locations.diff +R9748 Parallelmove.T +R9792 Coq.Init.Logic "A /\ B" type_scope +R9776 Locations.diff +R9788 Parallelmove.T +R9653 Parallelmove.Moves +R9838 Parallelmove.Moves +R9872 Coq.Lists.List.nil +R9879 Coq.Init.Logic.True +R9895 Coq.Lists.List "x :: y" list_scope +R9888 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9898 Coq.Lists.List.nil +R9916 Locations.diff +R9928 Parallelmove.T +R9944 Coq.Lists.List "x :: y" list_scope +R9937 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9986 Coq.Init.Logic "A /\ B" type_scope +R9970 Locations.diff +R9982 Parallelmove.T +R10026 Coq.Init.Logic "A /\ B" type_scope +R10010 Locations.diff +R10022 Parallelmove.T +R9838 Parallelmove.Moves +R10142 Parallelmove.noTmpLast +R10156 Coq.Lists.List "x ++ y" list_scope +R10162 Coq.Lists.List "x :: y" list_scope +R10118 Parallelmove.noTmpLast +R10131 Coq.Lists.List "x :: y" list_scope +R10106 Parallelmove.noTmp +R10098 Parallelmove.Move +R10086 Parallelmove.Moves +R10086 Parallelmove.Moves +R10249 Coq.Lists.List "x ++ y" list_scope +R10255 Coq.Lists.List "x :: y" list_scope +R10249 Coq.Lists.List "x ++ y" list_scope +R10255 Coq.Lists.List "x :: y" list_scope +R10563 Parallelmove.noTmp +R10531 Parallelmove.noTmpLast +R10544 Coq.Lists.List "x ++ y" list_scope +R10550 Coq.Lists.List "x :: y" list_scope +R10553 Coq.Lists.List.nil +R10524 Parallelmove.Move +R10512 Parallelmove.Moves +R10660 Parallelmove.app_cons +R10660 Parallelmove.app_cons +R10721 Coq.Lists.List "x ++ y" list_scope +R10727 Coq.Lists.List "x :: y" list_scope +R10730 Coq.Lists.List.nil +R10721 Coq.Lists.List "x ++ y" list_scope +R10727 Coq.Lists.List "x :: y" list_scope +R10730 Coq.Lists.List.nil +R10898 Coq.Lists.List.list +R10903 Parallelmove.Reg +R10889 Parallelmove.Moves +R10927 Coq.Lists.List.nil +R10934 Coq.Lists.List.nil +R10949 Coq.Lists.List "x :: y" list_scope +R10942 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10959 Coq.Lists.List "x :: y" list_scope +R10889 Parallelmove.Moves +R11009 Coq.Lists.List.list +R11014 Parallelmove.Reg +R11000 Parallelmove.Moves +R11038 Coq.Lists.List.nil +R11045 Coq.Lists.List.nil +R11060 Coq.Lists.List "x :: y" list_scope +R11053 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R11070 Coq.Lists.List "x :: y" list_scope +R11000 Parallelmove.Moves +R11128 Coq.Lists.List.list +R11133 Parallelmove.Reg +R11118 Parallelmove.Reg +R11176 Coq.Lists.List.nil +R11183 Coq.Init.Logic.True +R11194 Coq.Lists.List "x :: y" list_scope +R11224 Coq.Init.Logic "A /\ B" type_scope +R11209 Coq.Init.Logic "A \/ B" type_scope +R11205 Coq.Init.Logic "x = y" type_scope +R11212 Locations.diff +R11128 Coq.Lists.List.list +R11133 Parallelmove.Reg +R11118 Parallelmove.Reg +R11331 Parallelmove.noOverlap_aux +R11348 Parallelmove.getdst +R11311 Coq.Lists.List.In +R11317 Parallelmove.getsrc +R11281 Parallelmove.Moves +R11425 Coq.Init.Logic "A /\ B" type_scope +R11405 Parallelmove.path +R11411 Parallelmove.StateBeing +R11475 Coq.Init.Logic "A /\ B" type_scope +R11432 Parallelmove.simpleDest +R11458 Coq.Lists.List "x ++ y" list_scope +R11444 Parallelmove.StateToMove +R11461 Parallelmove.StateBeing +R11525 Coq.Init.Logic "A /\ B" type_scope +R11483 Parallelmove.noOverlap +R11508 Coq.Lists.List "x ++ y" list_scope +R11494 Parallelmove.StateToMove +R11511 Parallelmove.StateBeing +R11556 Coq.Init.Logic "A /\ B" type_scope +R11534 Parallelmove.noTmp +R11541 Parallelmove.StateToMove +R11559 Parallelmove.noTmpLast +R11570 Parallelmove.StateBeing +R11385 Parallelmove.State +R11610 Values.val +R11635 LTL.locset +R11683 Locations.get +R11675 Parallelmove.Reg +R11665 Parallelmove.Env +R11753 Parallelmove.Env +R11760 Locations.set +R11744 Parallelmove.Value +R11734 Parallelmove.Reg +R11724 Parallelmove.Env +R11830 Parallelmove.Env +R11812 Parallelmove.Env +R11800 Parallelmove.Moves +R11854 Coq.Lists.List.nil +R11874 Coq.Lists.List "x :: y" list_scope +R11867 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R11926 Parallelmove.update +R11939 Parallelmove.get +R11812 Parallelmove.Env +R11800 Parallelmove.Moves +R12007 Parallelmove.Env +R11989 Parallelmove.Env +R11977 Parallelmove.Moves +R12031 Coq.Lists.List.nil +R12051 Coq.Lists.List "x :: y" list_scope +R12044 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12059 Parallelmove.update +R12081 Parallelmove.get +R11989 Parallelmove.Env +R11977 Parallelmove.Moves +R12186 Coq.Init.Logic "x = y" type_scope +R12163 Parallelmove.get +R12168 Parallelmove.update +R12194 Locations.eq +R12222 Locations.overlap +R12257 Parallelmove.get +R12245 Values.Vundef +R12153 Parallelmove.Value +R12143 Parallelmove.Reg +R12143 Parallelmove.Reg +R12129 Parallelmove.Env +R12430 Coq.Init.Logic "x = y" type_scope +R12407 Parallelmove.get +R12412 Parallelmove.update +R12398 Parallelmove.Value +R12388 Parallelmove.Reg +R12377 Parallelmove.Env +R12466 Parallelmove.get_update +R12466 Parallelmove.get_update +R12499 Locations.eq +R12499 Locations.eq +R12665 Coq.Init.Logic "x = y" type_scope +R12642 Parallelmove.get +R12647 Parallelmove.update +R12667 Parallelmove.get +R12623 Locations.diff +R12614 Parallelmove.Value +R12604 Parallelmove.Reg +R12604 Parallelmove.Reg +R12590 Parallelmove.Env +R12742 Locations.eq +R12742 Locations.eq +R12775 Coq.Init.Logic "x = y" type_scope +R12789 Locations.diff_not_eq +R12775 Coq.Init.Logic "x = y" type_scope +R12789 Locations.diff_not_eq +R12834 Locations.overlap +R12834 Locations.overlap +R12878 Locations.diff +R12902 Locations.overlap_not_diff +R12878 Locations.diff +R12902 Locations.overlap_not_diff +R13087 Coq.Init.Logic "x = y" type_scope +R13064 Parallelmove.get +R13069 Parallelmove.update +R13089 Values.Vundef +R13039 Coq.Init.Logic.not +R13044 Locations.diff +R13030 Coq.Init.Logic "x <> y" type_scope +R13018 Parallelmove.Value +R13008 Parallelmove.Reg +R13008 Parallelmove.Reg +R12994 Parallelmove.Env +R13162 Locations.eq +R13162 Locations.eq +R13195 Coq.Init.Logic "x = y" type_scope +R13195 Coq.Init.Logic "x = y" type_scope +R13222 Locations.overlap +R13222 Locations.overlap +R13266 Locations.diff +R13266 Locations.diff +R13307 Locations.non_overlap_diff +R13307 Locations.non_overlap_diff +R13500 Coq.Init.Logic "x = y" type_scope +R13466 Parallelmove.get +R13471 Parallelmove.pexec +R13481 Coq.Lists.List "x :: y" list_scope +R13488 Coq.Lists.List "x :: y" list_scope +R13502 Parallelmove.get +R13507 Parallelmove.pexec +R13517 Coq.Lists.List "x :: y" list_scope +R13524 Coq.Lists.List "x :: y" list_scope +R13458 Parallelmove.Reg +R13448 Parallelmove.Env +R13403 Parallelmove.simpleDest +R13418 Coq.Lists.List "x :: y" list_scope +R13425 Coq.Lists.List "x :: y" list_scope +R13394 Parallelmove.Moves +R13383 Parallelmove.Move +R13383 Parallelmove.Move +R13669 Locations.eq +R13690 Locations.eq +R13669 Locations.eq +R13690 Locations.eq +R13690 Locations.eq +R13725 Coq.Init.Logic "x = y" type_scope +R13741 Locations.diff_not_eq +R13764 Locations.diff_sym +R13725 Coq.Init.Logic "x = y" type_scope +R13741 Locations.diff_not_eq +R13764 Locations.diff_sym +R13835 Locations.overlap +R13835 Locations.overlap +R13870 Locations.diff +R13896 Locations.overlap_not_diff +R13870 Locations.diff +R13896 Locations.overlap_not_diff +R13977 Parallelmove.get_update_id +R14000 Parallelmove.get_update_diff +R14031 Parallelmove.get_update_id +R13977 Parallelmove.get_update_id +R14000 Parallelmove.get_update_diff +R14031 Parallelmove.get_update_id +R14031 Parallelmove.get_update_id +R14061 Locations.overlap +R14061 Locations.overlap +R14096 Locations.diff +R14123 Locations.overlap_not_diff +R14164 Locations.diff_sym +R14096 Locations.diff +R14123 Locations.overlap_not_diff +R14164 Locations.diff_sym +R14218 Parallelmove.get_update_id +R14242 Parallelmove.get_update_diff +R14269 Parallelmove.get_update_id +R14300 Locations.diff_sym +R14218 Parallelmove.get_update_id +R14218 Parallelmove.get_update_id +R14242 Parallelmove.get_update_diff +R14269 Parallelmove.get_update_id +R14300 Locations.diff_sym +R14332 Locations.overlap +R14360 Locations.overlap +R14332 Locations.overlap +R14360 Locations.overlap +R14360 Locations.overlap +R14404 Parallelmove.get_update_ndiff +R14436 Locations.overlap_not_diff +R14404 Parallelmove.get_update_ndiff +R14404 Parallelmove.get_update_ndiff +R14404 Parallelmove.get_update_ndiff +R14404 Parallelmove.get_update_ndiff +R14404 Parallelmove.get_update_ndiff +R14404 Parallelmove.get_update_ndiff +R14404 Parallelmove.get_update_ndiff +R14436 Locations.overlap_not_diff +R14436 Locations.overlap_not_diff +R14436 Locations.overlap_not_diff +R14436 Locations.overlap_not_diff +R14436 Locations.overlap_not_diff +R14489 Coq.Init.Logic "~ x" type_scope +R14491 Locations.diff +R14516 Locations.overlap_not_diff +R14569 Parallelmove.get_update_ndiff +R14489 Coq.Init.Logic "~ x" type_scope +R14491 Locations.diff +R14516 Locations.overlap_not_diff +R14569 Parallelmove.get_update_ndiff +R14602 Parallelmove.get_update_diff +R14629 Parallelmove.get_update_ndiff +R14660 Locations.non_overlap_diff +R14602 Parallelmove.get_update_diff +R14629 Parallelmove.get_update_ndiff +R14660 Locations.non_overlap_diff +R14694 Coq.Init.Logic "~ x" type_scope +R14696 Locations.diff +R14728 Locations.overlap_not_diff +R14694 Coq.Init.Logic "~ x" type_scope +R14696 Locations.diff +R14728 Locations.overlap_not_diff +R14762 Locations.diff +R14794 Locations.non_overlap_diff +R14762 Locations.diff +R14794 Locations.non_overlap_diff +R14839 Parallelmove.get_update_diff +R14839 Parallelmove.get_update_diff +R14878 Parallelmove.get_update_ndiff +R14878 Parallelmove.get_update_ndiff +R14878 Parallelmove.get_update_ndiff +R14878 Parallelmove.get_update_ndiff +R14878 Parallelmove.get_update_ndiff +R14878 Parallelmove.get_update_ndiff +R14878 Parallelmove.get_update_ndiff +R14878 Parallelmove.get_update_ndiff +R14908 Locations.diff +R14940 Locations.non_overlap_diff +R14908 Locations.diff +R14940 Locations.non_overlap_diff +R14974 Locations.diff +R15006 Locations.non_overlap_diff +R14974 Locations.diff +R15006 Locations.non_overlap_diff +R15059 Parallelmove.get_update_diff +R15059 Parallelmove.get_update_diff +R15059 Parallelmove.get_update_diff +R15059 Parallelmove.get_update_diff +R15059 Parallelmove.get_update_diff +R15059 Parallelmove.get_update_diff +R15059 Parallelmove.get_update_diff +R15059 Parallelmove.get_update_diff +R15059 Parallelmove.get_update_diff +R15059 Parallelmove.get_update_diff +R15243 Coq.Init.Logic "x = y" type_scope +R15217 Parallelmove.get +R15222 Parallelmove.pexec +R15231 Coq.Lists.List "x :: y" list_scope +R15245 Parallelmove.get +R15250 Parallelmove.pexec +R15259 Coq.Lists.List "x :: y" list_scope +R15209 Parallelmove.Move +R15172 Coq.Init.Logic "x = y" type_scope +R15153 Parallelmove.get +R15158 Parallelmove.pexec +R15174 Parallelmove.get +R15179 Parallelmove.pexec +R15146 Parallelmove.Env +R15136 Parallelmove.Reg +R15124 Parallelmove.Moves +R15124 Parallelmove.Moves +R15366 Locations.eq +R15386 Locations.overlap +R15366 Locations.eq +R15386 Locations.overlap +R15386 Locations.overlap +R15573 Coq.Init.Logic "x = y" type_scope +R15539 Parallelmove.get +R15544 Parallelmove.pexec +R15553 Coq.Lists.List "x :: y" list_scope +R15560 Coq.Lists.List "x ++ y" list_scope +R15575 Parallelmove.get +R15580 Parallelmove.pexec +R15590 Coq.Lists.List "x ++ y" list_scope +R15596 Coq.Lists.List "x :: y" list_scope +R15531 Parallelmove.Reg +R15521 Parallelmove.Env +R15476 Parallelmove.simpleDest +R15490 Coq.Lists.List "x :: y" list_scope +R15497 Coq.Lists.List "x ++ y" list_scope +R15468 Parallelmove.Move +R15456 Parallelmove.Moves +R15456 Parallelmove.Moves +R15686 Parallelmove.app_cons +R15686 Parallelmove.app_cons +R15712 Parallelmove.pexec_swap +R15738 Parallelmove.app_cons +R15712 Parallelmove.pexec_swap +R15738 Parallelmove.app_cons +R15760 Parallelmove.pexec_add +R15760 Parallelmove.pexec_add +R15792 Parallelmove.simpleDest_pop2 +R15792 Parallelmove.simpleDest_pop2 +R15983 Coq.Init.Logic "x = y" type_scope +R15949 Parallelmove.get +R15954 Parallelmove.pexec +R15964 Coq.Lists.List "x ++ y" list_scope +R15970 Coq.Lists.List "x :: y" list_scope +R15985 Parallelmove.get +R15990 Parallelmove.pexec +R15999 Coq.Lists.List "x :: y" list_scope +R16006 Coq.Lists.List "x ++ y" list_scope +R15941 Parallelmove.Reg +R15931 Parallelmove.Env +R15886 Parallelmove.simpleDest +R15901 Coq.Lists.List "x ++ y" list_scope +R15907 Coq.Lists.List "x :: y" list_scope +R15878 Parallelmove.Move +R15866 Parallelmove.Moves +R15866 Parallelmove.Moves +R16046 Parallelmove.pexec_movBack +R16046 Parallelmove.pexec_movBack +R16074 Parallelmove.simpleDest_movFront +R16074 Parallelmove.simpleDest_movFront +R16278 Coq.Init.Logic "x = y" type_scope +R16236 Parallelmove.get +R16241 Parallelmove.pexec +R16264 Coq.Lists.List "x ++ y" list_scope +R16252 Coq.Lists.List "x ++ y" list_scope +R16258 Coq.Lists.List "x :: y" list_scope +R16282 Parallelmove.get +R16287 Parallelmove.pexec +R16303 Coq.Lists.List "x ++ y" list_scope +R16298 Coq.Lists.List "x ++ y" list_scope +R16311 Coq.Lists.List "x :: y" list_scope +R16228 Parallelmove.Reg +R16218 Parallelmove.Env +R16165 Parallelmove.simpleDest +R16193 Coq.Lists.List "x ++ y" list_scope +R16181 Coq.Lists.List "x ++ y" list_scope +R16187 Coq.Lists.List "x :: y" list_scope +R16157 Parallelmove.Move +R16145 Parallelmove.Moves +R16145 Parallelmove.Moves +R16145 Parallelmove.Moves +R16362 Parallelmove.app_app +R16362 Parallelmove.app_app +R16379 Parallelmove.app_cons +R16379 Parallelmove.app_cons +R16405 Parallelmove.pexec_movFront +R16405 Parallelmove.pexec_movFront +R16432 Parallelmove.simpleDest +R16446 Coq.Lists.List "x :: y" list_scope +R16453 Coq.Lists.List "x ++ y" list_scope +R16460 Coq.Lists.List "x ++ y" list_scope +R16432 Parallelmove.simpleDest +R16446 Coq.Lists.List "x :: y" list_scope +R16453 Coq.Lists.List "x ++ y" list_scope +R16460 Coq.Lists.List "x ++ y" list_scope +R16479 Parallelmove.app_app +R16479 Parallelmove.app_app +R16499 Parallelmove.pexec_movFront +R16499 Parallelmove.pexec_movFront +R16527 Parallelmove.simpleDest_swap_app +R16527 Parallelmove.simpleDest_swap_app +R16560 Parallelmove.simpleDest_movFront +R16560 Parallelmove.simpleDest_movFront +R16637 Coq.Init.Specif "{ A } + { B }" type_scope +R16640 Locations.diff +R16661 Coq.Init.Logic.not +R16666 Locations.diff +R16630 Parallelmove.Reg +R16630 Parallelmove.Reg +R16698 Locations.eq +R16698 Locations.eq +R16752 Coq.Init.Logic "x = y" type_scope +R16752 Coq.Init.Logic "x = y" type_scope +R16770 Locations.diff_not_eq +R16770 Locations.diff_not_eq +R16808 Locations.overlap +R16808 Locations.overlap +R16846 Locations.overlap_not_diff +R16846 Locations.overlap_not_diff +R16893 Locations.non_overlap_diff +R16893 Locations.non_overlap_diff +R17041 Coq.Init.Logic "x = y" type_scope +R17043 Parallelmove.get +R17048 Parallelmove.pexec +R17057 Parallelmove.update +R17030 Parallelmove.Value +R17020 Parallelmove.Env +R16992 Parallelmove.noWrite +R16985 Parallelmove.Reg +R16973 Parallelmove.Moves +R17134 Parallelmove.get_update_id +R17134 Parallelmove.get_update_id +R17223 Parallelmove.get_update_diff +R17223 Parallelmove.get_update_diff +R17369 Coq.Init.Logic "x = y" type_scope +R17339 Parallelmove.get +R17344 Parallelmove.pexec +R17358 Coq.Lists.List "x :: y" list_scope +R17351 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17371 Parallelmove.get +R17376 Parallelmove.pexec +R17322 Locations.diff +R17315 Parallelmove.Reg +R17305 Parallelmove.Env +R17295 Parallelmove.Reg +R17283 Parallelmove.Moves +R17420 Parallelmove.get_update_diff +R17420 Parallelmove.get_update_diff +R17506 Parallelmove.noWrite +R17477 Parallelmove.simpleDest +R17496 Coq.Lists.List "x :: y" list_scope +R17489 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17910 Coq.Init.Logic "x = y" type_scope +R17892 Parallelmove.get +R17897 Parallelmove.pexec +R17912 Parallelmove.get +R17885 Parallelmove.Env +R17845 Parallelmove.simpleDest +R17864 Coq.Lists.List "x :: y" list_scope +R17857 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17838 Parallelmove.Reg +R17838 Parallelmove.Reg +R17824 Parallelmove.Moves +R18063 Locations.eq +R18063 Locations.eq +R18095 Coq.Init.Logic "x = y" type_scope +R18108 Locations.diff_not_eq +R18095 Coq.Init.Logic "x = y" type_scope +R18108 Locations.diff_not_eq +R18156 Parallelmove.get_update_diff +R18156 Parallelmove.get_update_diff +R18260 Parallelmove.noOverlap +R18270 Coq.Lists.List.nil +R18441 Coq.Lists.List.In +R18447 Parallelmove.getsrc +R18458 Coq.Lists.List "x ++ y" list_scope +R18464 Coq.Lists.List "x :: y" list_scope +R18412 Coq.Lists.List.In +R18418 Parallelmove.getsrc +R18429 Coq.Lists.List "x ++ y" list_scope +R18405 Parallelmove.Reg +R18393 Parallelmove.Moves +R18393 Parallelmove.Moves +R18378 Parallelmove.Move +R18704 Coq.Init.Logic "x = y" type_scope +R18672 Parallelmove.getdst +R18683 Coq.Lists.List "x ++ y" list_scope +R18696 Coq.Lists.List "x :: y" list_scope +R18687 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18716 Coq.Lists.List "x ++ y" list_scope +R18706 Parallelmove.getdst +R18723 Coq.Lists.List "x :: y" list_scope +R18726 Parallelmove.getdst +R18662 Parallelmove.Moves +R18662 Parallelmove.Moves +R18648 Parallelmove.Reg +R18648 Parallelmove.Reg +R18900 Coq.Init.Logic "x = y" type_scope +R18882 Parallelmove.getdst +R18893 Coq.Lists.List "x ++ y" list_scope +R18912 Coq.Lists.List "x ++ y" list_scope +R18902 Parallelmove.getdst +R18915 Parallelmove.getdst +R18873 Parallelmove.Moves +R18873 Parallelmove.Moves +R19104 Parallelmove.noOverlap_aux +R19075 Parallelmove.noOverlap_aux +R19094 Coq.Lists.List "x :: y" list_scope +R19063 Coq.Lists.List.list +R19068 Parallelmove.Reg +R19053 Parallelmove.Reg +R19053 Parallelmove.Reg +R19300 Parallelmove.noOverlap_aux +R19320 Coq.Lists.List "x ++ y" list_scope +R19262 Parallelmove.noOverlap_aux +R19282 Coq.Lists.List "x ++ y" list_scope +R19288 Coq.Lists.List "x :: y" list_scope +R19250 Coq.Lists.List.list +R19255 Parallelmove.Reg +R19250 Coq.Lists.List.list +R19255 Parallelmove.Reg +R19236 Parallelmove.Reg +R19236 Parallelmove.Reg +R19409 Coq.Lists.List.app +R19409 Coq.Lists.List.app +R19409 Coq.Lists.List.app +R19428 Parallelmove.noOverlap_auxpop +R19428 Parallelmove.noOverlap_auxpop +R19473 Parallelmove.app_cons +R19473 Parallelmove.app_cons +R19603 Parallelmove.noOverlap +R19580 Parallelmove.noOverlap +R19593 Coq.Lists.List "x :: y" list_scope +R19572 Parallelmove.Moves +R19561 Parallelmove.Move +R19649 Parallelmove.noOverlap_nil +R19649 Parallelmove.noOverlap_nil +R19919 Parallelmove.noOverlap +R19933 Coq.Lists.List "x ++ y" list_scope +R19887 Parallelmove.noOverlap +R19901 Coq.Lists.List "x ++ y" list_scope +R19907 Coq.Lists.List "x :: y" list_scope +R19878 Parallelmove.Moves +R19878 Parallelmove.Moves +R19863 Parallelmove.Move +R20016 Parallelmove.noOverlap_pop +R20016 Parallelmove.noOverlap_pop +R20047 Parallelmove.app_cons +R20047 Parallelmove.app_cons +R20211 Parallelmove.getsrc_add +R20211 Parallelmove.getsrc_add +R20311 Parallelmove.getdst_app +R20329 Parallelmove.noOverlap_auxPop +R20311 Parallelmove.getdst_app +R20329 Parallelmove.noOverlap_auxPop +R20372 Parallelmove.getdst_add +R20372 Parallelmove.getdst_add +R20727 Parallelmove.noOverlap +R20702 Parallelmove.noOverlap +R20716 Coq.Lists.List "x ++ y" list_scope +R20694 Parallelmove.Moves +R20694 Parallelmove.Moves +R20816 Parallelmove.app_cons +R20816 Parallelmove.app_cons +R20855 Parallelmove.noOverlap_pop +R20855 Parallelmove.noOverlap_pop +R20989 Coq.Init.Logic "x = y" type_scope +R20958 Parallelmove.get +R20963 Parallelmove.pexec +R20972 Parallelmove.update +R20991 Parallelmove.get +R20996 Parallelmove.pexec +R20943 Parallelmove.noRead +R20926 Locations.diff +R21053 Parallelmove.get_update_diff +R21053 Parallelmove.get_update_diff +R21113 Locations.eq +R21113 Locations.eq +R21160 Parallelmove.get_update_id +R21160 Parallelmove.get_update_id +R21160 Parallelmove.get_update_id +R21160 Parallelmove.get_update_id +R21184 Parallelmove.get_update_diff +R21213 Locations.diff_sym +R21184 Parallelmove.get_update_diff +R21213 Locations.diff_sym +R21248 Parallelmove.diff_dec +R21248 Parallelmove.diff_dec +R21287 Parallelmove.get_update_diff +R21287 Parallelmove.get_update_diff +R21287 Parallelmove.get_update_diff +R21287 Parallelmove.get_update_diff +R21287 Parallelmove.get_update_diff +R21287 Parallelmove.get_update_diff +R21359 Parallelmove.get_update_ndiff +R21359 Parallelmove.get_update_ndiff +R21359 Parallelmove.get_update_ndiff +R21359 Parallelmove.get_update_ndiff +R21359 Parallelmove.get_update_ndiff +R21359 Parallelmove.get_update_ndiff +R21359 Parallelmove.get_update_ndiff +R21359 Parallelmove.get_update_ndiff +R21585 Coq.Init.Logic "x = y" type_scope +R21545 Parallelmove.get +R21550 Parallelmove.pexec +R21571 Parallelmove.sexec +R21564 Coq.Lists.List "x :: y" list_scope +R21557 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21589 Parallelmove.get +R21594 Parallelmove.pexec +R21603 Parallelmove.sexec +R21617 Coq.Lists.List "x :: y" list_scope +R21610 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21524 Coq.Init.Logic "A \/ B" type_scope +R21520 Coq.Init.Logic "x = y" type_scope +R21527 Locations.diff +R21511 Parallelmove.Reg +R21501 Parallelmove.Env +R21460 Parallelmove.simpleDest +R21479 Coq.Lists.List "x :: y" list_scope +R21472 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21445 Parallelmove.noRead +R21438 Parallelmove.Reg +R21438 Parallelmove.Reg +R21424 Parallelmove.Moves +R21424 Parallelmove.Moves +R21692 Parallelmove.get_update_id +R21692 Parallelmove.get_update_id +R21722 Parallelmove.sD_pexec +R21753 Parallelmove.get_update_id +R21722 Parallelmove.sD_pexec +R21753 Parallelmove.get_update_id +R21782 Parallelmove.pexec_update +R21782 Parallelmove.pexec_update +R21810 Parallelmove.get_update_diff +R21810 Parallelmove.get_update_diff +R21884 Parallelmove.pexec +R21923 Parallelmove.sexec +R21930 Parallelmove.StateDone +R21905 Coq.Lists.List "x ++ y" list_scope +R21891 Parallelmove.StateToMove +R21908 Parallelmove.StateBeing +R21873 Parallelmove.Env +R21861 Parallelmove.State +R22033 Coq.Init.Logic "x = y" type_scope +R22024 Parallelmove.get +R22035 Parallelmove.get +R22006 Parallelmove.notemporary +R22000 Parallelmove.Reg +R21977 Parallelmove.Env +R21977 Parallelmove.Env +R22096 Parallelmove.noOverlap +R22114 Coq.Lists.List "x :: y" list_scope +R22107 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22132 Coq.Lists.List "x ++ y" list_scope +R22118 Parallelmove.StateToMove +R22135 Parallelmove.StateBeing +R22083 Parallelmove.State +R22073 Parallelmove.Reg +R22258 Parallelmove.noOverlap_aux +R22277 Coq.Lists.List "x :: y" list_scope +R22284 Coq.Lists.List "x ++ y" list_scope +R22220 Parallelmove.noOverlap_aux +R22240 Coq.Lists.List "x ++ y" list_scope +R22246 Coq.Lists.List "x :: y" list_scope +R22213 Parallelmove.Reg +R22213 Parallelmove.Reg +R22196 Coq.Lists.List.list +R22201 Parallelmove.Reg +R22196 Coq.Lists.List.list +R22201 Parallelmove.Reg +R22338 Parallelmove.noOverlap_aux +R22338 Parallelmove.noOverlap_aux +R22338 Parallelmove.noOverlap_aux +R22493 Parallelmove.noOverlap_auxpop +R22493 Parallelmove.noOverlap_auxpop +R22596 Parallelmove.noRead +R22606 Parallelmove.T +R22574 Parallelmove.noTmp +R22916 Parallelmove.noRead +R22897 Locations.diff +R22864 Parallelmove.path +R22872 Coq.Lists.List "x ++ y" list_scope +R22885 Coq.Lists.List "x :: y" list_scope +R22876 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22888 Coq.Lists.List.nil +R22810 Parallelmove.simpleDest +R22831 Coq.Lists.List "x :: y" list_scope +R22822 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22837 Coq.Lists.List "x ++ y" list_scope +R22850 Coq.Lists.List "x :: y" list_scope +R22841 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22853 Coq.Lists.List.nil +R22803 Parallelmove.Reg +R22803 Parallelmove.Reg +R22803 Parallelmove.Reg +R22803 Parallelmove.Reg +R22781 Parallelmove.Moves +R22781 Parallelmove.Moves +R23034 Parallelmove.app_cons +R23034 Parallelmove.app_cons +R23085 Coq.Lists.List "x ++ y" list_scope +R23098 Coq.Lists.List "x :: y" list_scope +R23089 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23101 Coq.Lists.List.nil +R23085 Coq.Lists.List "x ++ y" list_scope +R23098 Coq.Lists.List "x :: y" list_scope +R23089 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23101 Coq.Lists.List.nil +R23370 Parallelmove.simpleDest_pop +R23385 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23402 Parallelmove.simpleDest_swap +R23370 Parallelmove.simpleDest_pop +R23385 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23402 Parallelmove.simpleDest_swap +R23432 Parallelmove.path_pop +R23441 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23432 Parallelmove.path_pop +R23441 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23556 Parallelmove.noOverlap +R23570 Coq.Lists.List "x :: y" list_scope +R23577 Coq.Lists.List "x :: y" list_scope +R23524 Parallelmove.noOverlap +R23538 Coq.Lists.List "x :: y" list_scope +R23545 Coq.Lists.List "x :: y" list_scope +R23515 Parallelmove.Moves +R23504 Parallelmove.Move +R23504 Parallelmove.Move +R23717 Coq.Init.Logic "A \/ B" type_scope +R23712 Coq.Init.Logic "x = y" type_scope +R23730 Coq.Init.Logic "A \/ B" type_scope +R23725 Coq.Init.Logic "x = y" type_scope +R23733 Coq.Lists.List.In +R23740 Parallelmove.getsrc +R23717 Coq.Init.Logic "A \/ B" type_scope +R23712 Coq.Init.Logic "x = y" type_scope +R23730 Coq.Init.Logic "A \/ B" type_scope +R23725 Coq.Init.Logic "x = y" type_scope +R23733 Coq.Lists.List.In +R23740 Parallelmove.getsrc +R24065 Coq.Init.Logic "x = y" type_scope +R24033 Parallelmove.getsrc +R24044 Coq.Lists.List "x ++ y" list_scope +R24057 Coq.Lists.List "x :: y" list_scope +R24048 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R24077 Coq.Lists.List "x ++ y" list_scope +R24067 Parallelmove.getsrc +R24084 Coq.Lists.List "x :: y" list_scope +R24087 Parallelmove.getsrc +R24023 Parallelmove.Moves +R24023 Parallelmove.Moves +R24009 Parallelmove.Reg +R24009 Parallelmove.Reg +R24261 Coq.Init.Logic "x = y" type_scope +R24243 Parallelmove.getsrc +R24254 Coq.Lists.List "x ++ y" list_scope +R24273 Coq.Lists.List "x ++ y" list_scope +R24263 Parallelmove.getsrc +R24276 Parallelmove.getsrc +R24234 Parallelmove.Moves +R24234 Parallelmove.Moves +R24479 Coq.Lists.List.In +R24485 Parallelmove.getsrc +R24496 Coq.Lists.List "x ++ y" list_scope +R24502 Coq.Lists.List "x :: y" list_scope +R24443 Coq.Lists.List.In +R24449 Parallelmove.getsrc +R24459 Coq.Lists.List "x :: y" list_scope +R24466 Coq.Lists.List "x ++ y" list_scope +R24436 Parallelmove.Reg +R24424 Parallelmove.Moves +R24424 Parallelmove.Moves +R24409 Parallelmove.Move +R24623 Parallelmove.getsrc_add1 +R24623 Parallelmove.getsrc_add1 +R24649 Coq.Lists.List.in_or_app +R24674 Coq.Lists.List "x :: y" list_scope +R24677 Parallelmove.getsrc +R24660 Parallelmove.getsrc +R24649 Coq.Lists.List.in_or_app +R24674 Coq.Lists.List "x :: y" list_scope +R24677 Parallelmove.getsrc +R24660 Parallelmove.getsrc +R24709 Coq.Lists.List.in_eq +R24709 Coq.Lists.List.in_eq +R24728 Parallelmove.getsrc_add +R24728 Parallelmove.getsrc_add +R24848 Parallelmove.noOverlap +R24861 Coq.Lists.List "x :: y" list_scope +R24868 Coq.Lists.List "x ++ y" list_scope +R24816 Parallelmove.noOverlap +R24830 Coq.Lists.List "x ++ y" list_scope +R24836 Coq.Lists.List "x :: y" list_scope +R24808 Parallelmove.Move +R24796 Parallelmove.Moves +R24796 Parallelmove.Moves +R24938 Parallelmove.getdst_add +R24956 Parallelmove.getdst +R24972 Parallelmove.getdst_app +R24938 Parallelmove.getdst_add +R24956 Parallelmove.getdst +R24972 Parallelmove.getdst_app +R24998 Parallelmove.noOverlapaux_swap2 +R24998 Parallelmove.noOverlapaux_swap2 +R25037 Parallelmove.Ingetsrc_swap +R25037 Parallelmove.Ingetsrc_swap +R25299 Coq.Init.Logic "x = y" type_scope +R25250 Parallelmove.get +R25255 Parallelmove.pexec +R25285 Parallelmove.sexec +R25264 Coq.Lists.List "x ++ y" list_scope +R25275 Coq.Lists.List "x :: y" list_scope +R25268 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R25278 Coq.Lists.List.nil +R25303 Parallelmove.get +R25308 Parallelmove.pexec +R25340 Parallelmove.sexec +R25356 Coq.Lists.List "x :: y" list_scope +R25347 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R25351 Parallelmove.T +R25317 Coq.Lists.List "x ++ y" list_scope +R25330 Coq.Lists.List "x :: y" list_scope +R25321 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R25322 Parallelmove.T +R25333 Coq.Lists.List.nil +R25229 Coq.Init.Logic "A \/ B" type_scope +R25225 Coq.Init.Logic "x = y" type_scope +R25232 Locations.diff +R25205 Parallelmove.notemporary +R25198 Parallelmove.Reg +R25188 Parallelmove.Env +R25164 Parallelmove.noTmp +R25126 Parallelmove.simpleDest +R25140 Coq.Lists.List "x ++ y" list_scope +R25151 Coq.Lists.List "x :: y" list_scope +R25144 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R25154 Coq.Lists.List.nil +R25119 Parallelmove.Reg +R25119 Parallelmove.Reg +R25105 Parallelmove.Moves +R25105 Parallelmove.Moves +R25400 Parallelmove.pexec_movFront +R25400 Parallelmove.pexec_movFront +R25400 Parallelmove.pexec_movFront +R25400 Parallelmove.pexec_movFront +R25400 Parallelmove.pexec_movFront +R25400 Parallelmove.pexec_movFront +R25439 Parallelmove.app_nil +R25439 Parallelmove.app_nil +R25439 Parallelmove.app_nil +R25439 Parallelmove.app_nil +R25501 Parallelmove.get_update_id +R25501 Parallelmove.get_update_id +R25501 Parallelmove.get_update_id +R25501 Parallelmove.get_update_id +R25501 Parallelmove.get_update_id +R25539 Parallelmove.get_update_diff +R25539 Parallelmove.get_update_diff +R25539 Parallelmove.get_update_diff +R25539 Parallelmove.get_update_diff +R25539 Parallelmove.get_update_diff +R25539 Parallelmove.get_update_diff +R25571 Parallelmove.pexec_update +R25571 Parallelmove.pexec_update +R25597 Locations.diff_sym +R25597 Locations.diff_sym +R25652 Parallelmove.noTmp_noReadTmp +R25652 Parallelmove.noTmp_noReadTmp +R25682 Parallelmove.simpleDest_tmpLast +R25682 Parallelmove.simpleDest_tmpLast +R25975 Coq.Init.Logic "x = y" type_scope +R25926 Parallelmove.get +R25931 Parallelmove.pexec +R25961 Parallelmove.sexec +R25940 Coq.Lists.List "x ++ y" list_scope +R25951 Coq.Lists.List "x :: y" list_scope +R25944 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R25954 Coq.Lists.List.nil +R25979 Parallelmove.get +R25984 Parallelmove.pexec +R26016 Parallelmove.sexec +R26032 Coq.Lists.List "x :: y" list_scope +R26023 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R26027 Parallelmove.T +R25993 Coq.Lists.List "x ++ y" list_scope +R26006 Coq.Lists.List "x :: y" list_scope +R25997 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R25998 Parallelmove.T +R26009 Coq.Lists.List.nil +R25905 Coq.Init.Logic "A \/ B" type_scope +R25901 Coq.Init.Logic "x = y" type_scope +R25908 Locations.diff +R25881 Parallelmove.notemporary +R25874 Parallelmove.Reg +R25864 Parallelmove.Env +R25815 Parallelmove.noTmpLast +R25828 Coq.Lists.List "x ++ y" list_scope +R25839 Coq.Lists.List "x :: y" list_scope +R25832 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R25842 Coq.Lists.List.nil +R25777 Parallelmove.simpleDest +R25791 Coq.Lists.List "x ++ y" list_scope +R25802 Coq.Lists.List "x :: y" list_scope +R25795 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R25805 Coq.Lists.List.nil +R25770 Parallelmove.Reg +R25770 Parallelmove.Reg +R25756 Parallelmove.Moves +R25756 Parallelmove.Moves +R26066 Parallelmove.step_inv_loop_aux +R26066 Parallelmove.step_inv_loop_aux +R26098 Parallelmove.noTmpLast_popBack +R26118 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R26098 Parallelmove.noTmpLast_popBack +R26118 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R26431 Coq.Init.Logic "x = y" type_scope +R26413 Parallelmove.get +R26418 Parallelmove.exec +R26433 Parallelmove.get +R26438 Parallelmove.exec +R26385 Coq.Init.Logic "A \/ B" type_scope +R26381 Coq.Init.Logic "x = y" type_scope +R26388 Locations.diff +R26368 Coq.Lists.List.In +R26333 Parallelmove.notemporary +R26230 Parallelmove.getdst +R26277 Coq.Lists.List "x ++ y" list_scope +R26261 Coq.Lists.List "x ++ y" list_scope +R26246 Parallelmove.StateToMove +R26264 Parallelmove.StateBeing +R26298 Coq.Lists.List "x ++ y" list_scope +R26283 Parallelmove.StateToMove +R26301 Parallelmove.StateBeing +R26204 Parallelmove.Reg +R26194 Parallelmove.Env +R26169 Parallelmove.State +R26169 Parallelmove.State +R26548 Coq.Init.Logic "x = y" type_scope +R26540 Parallelmove.get +R26550 Parallelmove.get +R26555 Parallelmove.pexec +R26533 Parallelmove.Env +R26506 Parallelmove.noWrite +R26499 Parallelmove.Reg +R26487 Parallelmove.Moves +R26736 Locations.eq +R26736 Locations.eq +R26774 Coq.Init.Logic "x = y" type_scope +R26792 Locations.diff_not_eq +R26774 Coq.Init.Logic "x = y" type_scope +R26792 Locations.diff_not_eq +R26835 Locations.overlap +R26835 Locations.overlap +R26869 Locations.diff +R26897 Locations.overlap_not_diff +R26869 Locations.diff +R26897 Locations.overlap_not_diff +R27062 Parallelmove.sameExec +R27047 Parallelmove.stepInv +R27033 Parallelmove.step +R27025 Parallelmove.State +R27025 Parallelmove.State +R27217 Parallelmove.app_nil +R27217 Parallelmove.app_nil +R27217 Parallelmove.app_nil +R27217 Parallelmove.app_nil +R27217 Parallelmove.app_nil +R27217 Parallelmove.app_nil +R27217 Parallelmove.app_nil +R27217 Parallelmove.app_nil +R27217 Parallelmove.app_nil +R27217 Parallelmove.app_nil +R27217 Parallelmove.app_nil +R27273 Parallelmove.pexec_movFront +R27273 Parallelmove.pexec_movFront +R27308 Locations.eq +R27308 Locations.eq +R27351 Parallelmove.get_update_id +R27372 Parallelmove.get_noWrite +R27391 Parallelmove.sD_nW +R27412 Parallelmove.simpleDest_movFront +R27351 Parallelmove.get_update_id +R27372 Parallelmove.get_noWrite +R27391 Parallelmove.sD_nW +R27412 Parallelmove.simpleDest_movFront +R27487 Coq.Init.Logic "x = y" type_scope +R27522 Parallelmove.get_update_diff +R27551 Locations.diff_sym +R27487 Coq.Init.Logic "x = y" type_scope +R27522 Parallelmove.get_update_diff +R27551 Locations.diff_sym +R27597 Parallelmove.getdst_app +R27624 Coq.Lists.List.in_or_app +R27647 Coq.Lists.List.in_or_app +R27597 Parallelmove.getdst_app +R27597 Parallelmove.getdst_app +R27597 Parallelmove.getdst_app +R27597 Parallelmove.getdst_app +R27624 Coq.Lists.List.in_or_app +R27647 Coq.Lists.List.in_or_app +R27695 Parallelmove.pexec_movFront +R27695 Parallelmove.pexec_movFront +R27695 Parallelmove.pexec_movFront +R27695 Parallelmove.pexec_movFront +R27695 Parallelmove.pexec_movFront +R27695 Parallelmove.pexec_movFront +R27726 Parallelmove.app_nil +R27726 Parallelmove.app_nil +R27747 Parallelmove.simpleDest_movBack +R27747 Parallelmove.simpleDest_movBack +R27779 Parallelmove.pexec_mov +R27779 Parallelmove.pexec_mov +R27815 Parallelmove.app_cons +R27833 Parallelmove.app_app +R27815 Parallelmove.app_cons +R27833 Parallelmove.app_app +R27815 Parallelmove.app_cons +R27833 Parallelmove.app_app +R27815 Parallelmove.app_cons +R27849 Parallelmove.step_inv_loop +R27849 Parallelmove.step_inv_loop +R27889 Parallelmove.app_app +R27906 Parallelmove.app_cons +R27889 Parallelmove.app_app +R27906 Parallelmove.app_cons +R27942 Parallelmove.app_app +R27959 Parallelmove.app_cons +R27942 Parallelmove.app_app +R27959 Parallelmove.app_cons +R27942 Parallelmove.app_app +R27982 Parallelmove.noTmp_app +R27982 Parallelmove.noTmp_app +R28074 Locations.diff_sym +R28074 Locations.diff_sym +R28128 Parallelmove.getdst_app +R28128 Parallelmove.getdst_app +R28128 Parallelmove.getdst_app +R28128 Parallelmove.getdst_app +R28128 Parallelmove.getdst_app +R28128 Parallelmove.getdst_app +R28128 Parallelmove.getdst_app +R28154 Coq.Lists.List.in_or_app +R28177 Coq.Lists.List.in_or_app +R28215 Coq.Lists.List.in_or_app +R28154 Coq.Lists.List.in_or_app +R28177 Coq.Lists.List.in_or_app +R28215 Coq.Lists.List.in_or_app +R28264 Parallelmove.pexec_movFront +R28292 Parallelmove.pexec_push +R28264 Parallelmove.pexec_movFront +R28292 Parallelmove.pexec_push +R28316 Parallelmove.noRead_app +R28316 Parallelmove.noRead_app +R28340 Parallelmove.noRead_app +R28340 Parallelmove.noRead_app +R28359 Parallelmove.noRead_by_path +R28359 Parallelmove.noRead_by_path +R28405 Parallelmove.simpleDest_right +R28405 Parallelmove.simpleDest_right +R28439 Parallelmove.path_pop +R28448 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R28439 Parallelmove.path_pop +R28448 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R28486 Locations.diff_sym +R28486 Locations.diff_sym +R28521 Parallelmove.simpleDest_movFront +R28521 Parallelmove.simpleDest_movFront +R28651 Locations.diff_sym +R28651 Locations.diff_sym +R28699 Parallelmove.getdst_app +R28699 Parallelmove.getdst_app +R28699 Parallelmove.getdst_app +R28699 Parallelmove.getdst_app +R28699 Parallelmove.getdst_app +R28699 Parallelmove.getdst_app +R28699 Parallelmove.getdst_app +R28725 Coq.Lists.List.in_or_app +R28748 Coq.Lists.List.in_or_app +R28725 Coq.Lists.List.in_or_app +R28748 Coq.Lists.List.in_or_app +R28796 Parallelmove.pexec_movFront +R28796 Parallelmove.pexec_movFront +R28826 Parallelmove.app_nil +R28826 Parallelmove.app_nil +R28847 Parallelmove.pexec_push +R28847 Parallelmove.pexec_push +R28877 Parallelmove.app_nil +R28877 Parallelmove.app_nil +R28897 Parallelmove.simpleDest_movFront +R28897 Parallelmove.simpleDest_movFront +R28991 Locations.diff_sym +R28991 Locations.diff_sym +R29039 Parallelmove.getdst_app +R29065 Coq.Lists.List.in_or_app +R29088 Coq.Lists.List.in_or_app +R29039 Parallelmove.getdst_app +R29039 Parallelmove.getdst_app +R29039 Parallelmove.getdst_app +R29065 Coq.Lists.List.in_or_app +R29088 Coq.Lists.List.in_or_app +R29222 Parallelmove.path +R29230 Coq.Lists.List "x ++ y" list_scope +R29243 Coq.Lists.List "x :: y" list_scope +R29234 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R29235 Parallelmove.T +R29246 Coq.Lists.List.nil +R29190 Parallelmove.path +R29198 Coq.Lists.List "x ++ y" list_scope +R29209 Coq.Lists.List "x :: y" list_scope +R29202 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R29212 Coq.Lists.List.nil +R29181 Parallelmove.Moves +R29171 Parallelmove.Reg +R29171 Parallelmove.Reg +R29340 Parallelmove.app_cons +R29340 Parallelmove.app_cons +R29340 Parallelmove.app_cons +R29340 Parallelmove.app_cons +R29528 Parallelmove.path +R29534 Parallelmove.StateBeing +R29513 Parallelmove.stepInv +R29499 Parallelmove.step +R29491 Parallelmove.State +R29491 Parallelmove.State +R29791 Parallelmove.app_cons +R29812 Parallelmove.app_cons +R29791 Parallelmove.app_cons +R29812 Parallelmove.app_cons +R29829 Parallelmove.path_tmpLast +R29829 Parallelmove.path_tmpLast +R29867 Parallelmove.path_pop +R29867 Parallelmove.path_pop +R29966 Parallelmove.simpleDest +R29993 Coq.Lists.List "x ++ y" list_scope +R29978 Parallelmove.StateToMove +R29996 Parallelmove.StateBeing +R29951 Parallelmove.stepInv +R29937 Parallelmove.step +R29928 Parallelmove.State +R29928 Parallelmove.State +R30171 Parallelmove.app_nil +R30171 Parallelmove.app_nil +R30171 Parallelmove.app_nil +R30171 Parallelmove.app_nil +R30171 Parallelmove.app_nil +R30171 Parallelmove.app_nil +R30171 Parallelmove.app_nil +R30171 Parallelmove.app_nil +R30171 Parallelmove.app_nil +R30171 Parallelmove.app_nil +R30171 Parallelmove.app_nil +R30213 Parallelmove.simpleDest_Pop +R30228 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R30213 Parallelmove.simpleDest_Pop +R30228 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R30255 Parallelmove.simpleDest_movBack +R30255 Parallelmove.simpleDest_movBack +R30293 Parallelmove.simpleDest_insert +R30323 Parallelmove.app_app +R30338 Parallelmove.simpleDest_movFront +R30293 Parallelmove.simpleDest_insert +R30323 Parallelmove.app_app +R30338 Parallelmove.simpleDest_movFront +R30370 Parallelmove.app_cons +R30388 Parallelmove.app_app +R30370 Parallelmove.app_cons +R30388 Parallelmove.app_app +R30437 Parallelmove.app_cons +R30464 Parallelmove.app_app +R30437 Parallelmove.app_cons +R30437 Parallelmove.app_cons +R30437 Parallelmove.app_cons +R30464 Parallelmove.app_app +R30464 Parallelmove.app_app +R30464 Parallelmove.app_app +R30486 Parallelmove.simpleDest_tmpLast +R30508 Coq.Lists.List "x ++ y" list_scope +R30525 Coq.Lists.List "x :: y" list_scope +R30512 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R30486 Parallelmove.simpleDest_tmpLast +R30508 Coq.Lists.List "x ++ y" list_scope +R30525 Coq.Lists.List "x :: y" list_scope +R30512 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R30566 Parallelmove.simpleDest_Pop +R30566 Parallelmove.simpleDest_Pop +R30594 Parallelmove.app_nil +R30629 Parallelmove.simpleDest_Pop +R30594 Parallelmove.app_nil +R30629 Parallelmove.simpleDest_Pop +R30733 Parallelmove.noTmp +R30743 Coq.Lists.List "x ++ y" list_scope +R30705 Parallelmove.noTmp +R30715 Coq.Lists.List "x ++ y" list_scope +R30721 Coq.Lists.List "x :: y" list_scope +R30697 Parallelmove.Moves +R30697 Parallelmove.Moves +R30682 Parallelmove.Move +R30877 Parallelmove.app_cons +R30895 Parallelmove.app_cons +R30877 Parallelmove.app_cons +R30895 Parallelmove.app_cons +R31045 Parallelmove.noTmp +R31052 Parallelmove.StateToMove +R31030 Parallelmove.stepInv +R31016 Parallelmove.step +R31008 Parallelmove.State +R31008 Parallelmove.State +R31268 Parallelmove.noTmp_pop +R31268 Parallelmove.noTmp_pop +R31268 Parallelmove.noTmp_pop +R31268 Parallelmove.noTmp_pop +R31268 Parallelmove.noTmp_pop +R31268 Parallelmove.noTmp_pop +R31268 Parallelmove.noTmp_pop +R31348 Parallelmove.noTmpLast +R31336 Parallelmove.noTmp +R31328 Parallelmove.Moves +R31615 Parallelmove.noTmpLast +R31592 Parallelmove.noTmpLast +R31605 Coq.Lists.List "x :: y" list_scope +R31584 Parallelmove.Moves +R31573 Parallelmove.Move +R31821 Parallelmove.noTmpLast +R31835 Coq.Lists.List "x ++ y" list_scope +R31789 Parallelmove.noTmpLast +R31803 Coq.Lists.List "x ++ y" list_scope +R31809 Coq.Lists.List "x :: y" list_scope +R31780 Parallelmove.Moves +R31780 Parallelmove.Moves +R31765 Parallelmove.Move +R32031 Parallelmove.app_cons +R32031 Parallelmove.app_cons +R32031 Parallelmove.app_cons +R32031 Parallelmove.app_cons +R32179 Parallelmove.app_cons +R32197 Parallelmove.app_cons +R32179 Parallelmove.app_cons +R32197 Parallelmove.app_cons +R32362 Parallelmove.noTmpLast +R32375 Coq.Lists.List "x :: y" list_scope +R32345 Parallelmove.noTmpLast +R32318 Parallelmove.noTmp +R32328 Coq.Lists.List "x ++ y" list_scope +R32334 Coq.Lists.List "x :: y" list_scope +R32309 Parallelmove.Moves +R32309 Parallelmove.Moves +R32309 Parallelmove.Moves +R32291 Parallelmove.Move +R32523 Parallelmove.app_cons +R32523 Parallelmove.app_cons +R32738 Parallelmove.noTmpLast +R32751 Coq.Lists.List "x ++ y" list_scope +R32764 Coq.Lists.List "x :: y" list_scope +R32755 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R32756 Parallelmove.T +R32767 Coq.Lists.List.nil +R32701 Parallelmove.noTmpLast +R32714 Coq.Lists.List "x ++ y" list_scope +R32725 Coq.Lists.List "x :: y" list_scope +R32718 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R32728 Coq.Lists.List.nil +R32692 Parallelmove.Moves +R32682 Parallelmove.Reg +R32682 Parallelmove.Reg +R32853 Parallelmove.app_cons +R32871 Parallelmove.app_cons +R32853 Parallelmove.app_cons +R32871 Parallelmove.app_cons +R32981 Parallelmove.app_cons +R32999 Parallelmove.app_cons +R32981 Parallelmove.app_cons +R32999 Parallelmove.app_cons +R33153 Parallelmove.noTmpLast +R33164 Parallelmove.StateBeing +R33138 Parallelmove.stepInv +R33124 Parallelmove.step +R33116 Parallelmove.State +R33116 Parallelmove.State +R33366 Parallelmove.noTmpLast_push +R33366 Parallelmove.noTmpLast_push +R33404 Parallelmove.noTmpLast_push +R33419 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R33404 Parallelmove.noTmpLast_push +R33419 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R33466 Parallelmove.app_cons +R33487 Parallelmove.app_cons +R33503 Parallelmove.noTmpLast_tmpLast +R33466 Parallelmove.app_cons +R33487 Parallelmove.app_cons +R33503 Parallelmove.noTmpLast_tmpLast +R33529 Parallelmove.noTmpLast_pop +R33543 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R33529 Parallelmove.noTmpLast_pop +R33543 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R33673 Parallelmove.noOverlap_aux +R33693 Coq.Lists.List "x ++ y" list_scope +R33699 Coq.Lists.List "x :: y" list_scope +R33635 Parallelmove.noOverlap_aux +R33654 Coq.Lists.List "x :: y" list_scope +R33661 Coq.Lists.List "x ++ y" list_scope +R33628 Parallelmove.Reg +R33628 Parallelmove.Reg +R33611 Coq.Lists.List.list +R33616 Parallelmove.Reg +R33611 Coq.Lists.List.list +R33616 Parallelmove.Reg +R34004 Parallelmove.app_cons +R34004 Parallelmove.app_cons +R34025 Parallelmove.noOverlap_auxpop +R34025 Parallelmove.noOverlap_auxpop +R34211 Coq.Lists.List.In +R34217 Parallelmove.getsrc +R34227 Coq.Lists.List "x :: y" list_scope +R34234 Coq.Lists.List "x ++ y" list_scope +R34175 Coq.Lists.List.In +R34181 Parallelmove.getsrc +R34192 Coq.Lists.List "x ++ y" list_scope +R34198 Coq.Lists.List "x :: y" list_scope +R34168 Parallelmove.Reg +R34156 Parallelmove.Moves +R34156 Parallelmove.Moves +R34141 Parallelmove.Move +R34576 Parallelmove.noOverlap +R34590 Coq.Lists.List "x ++ y" list_scope +R34596 Coq.Lists.List "x :: y" list_scope +R34544 Parallelmove.noOverlap +R34557 Coq.Lists.List "x :: y" list_scope +R34564 Coq.Lists.List "x ++ y" list_scope +R34536 Parallelmove.Move +R34524 Parallelmove.Moves +R34524 Parallelmove.Moves +R34650 Parallelmove.getdst_add +R34668 Parallelmove.getdst +R34685 Parallelmove.getdst_app +R34650 Parallelmove.getdst_add +R34668 Parallelmove.getdst +R34685 Parallelmove.getdst_app +R34711 Parallelmove.noOverlapaux_insert +R34711 Parallelmove.noOverlapaux_insert +R34832 Parallelmove.getsrc +R34832 Parallelmove.getsrc +R34852 Parallelmove.Ingetsrc_swap2 +R34867 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R34852 Parallelmove.Ingetsrc_swap2 +R34867 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35001 Parallelmove.noOverlap +R35021 Coq.Lists.List "x ++ y" list_scope +R35016 Coq.Lists.List "x ++ y" list_scope +R35029 Coq.Lists.List "x :: y" list_scope +R35032 Coq.Lists.List.nil +R34969 Parallelmove.noOverlap +R34983 Coq.Lists.List "x ++ y" list_scope +R34989 Coq.Lists.List "x :: y" list_scope +R34961 Parallelmove.Move +R34949 Parallelmove.Moves +R34949 Parallelmove.Moves +R35061 Parallelmove.noOverlap_insert +R35089 Coq.Lists.List.nil +R35082 Coq.Lists.List "x ++ y" list_scope +R35061 Parallelmove.noOverlap_insert +R35089 Coq.Lists.List.nil +R35082 Coq.Lists.List "x ++ y" list_scope +R35105 Parallelmove.app_nil +R35120 Parallelmove.noOverlap_movFront +R35105 Parallelmove.app_nil +R35120 Parallelmove.noOverlap_movFront +R35241 Parallelmove.noOverlap +R35254 Coq.Lists.List "x ++ y" list_scope +R35265 Coq.Lists.List "x :: y" list_scope +R35258 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35268 Coq.Lists.List.nil +R35213 Parallelmove.noOverlap +R35231 Coq.Lists.List "x :: y" list_scope +R35224 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35206 Parallelmove.Reg +R35206 Parallelmove.Reg +R35192 Parallelmove.Moves +R35322 Parallelmove.noOverlap_insert +R35322 Parallelmove.noOverlap_insert +R35348 Parallelmove.app_nil +R35348 Parallelmove.app_nil +R35465 Parallelmove.noOverlap +R35483 Coq.Lists.List "x :: y" list_scope +R35476 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35428 Parallelmove.noOverlap +R35441 Coq.Lists.List "x ++ y" list_scope +R35452 Coq.Lists.List "x :: y" list_scope +R35445 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35455 Coq.Lists.List.nil +R35421 Parallelmove.Reg +R35421 Parallelmove.Reg +R35407 Parallelmove.Moves +R35548 Coq.Init.Logic "x = y" type_scope +R35543 Coq.Lists.List "x :: y" list_scope +R35536 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35557 Coq.Lists.List "x :: y" list_scope +R35550 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35563 Coq.Lists.List "x ++ y" list_scope +R35566 Coq.Lists.List.nil +R35548 Coq.Init.Logic "x = y" type_scope +R35543 Coq.Lists.List "x :: y" list_scope +R35536 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35557 Coq.Lists.List "x :: y" list_scope +R35550 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35563 Coq.Lists.List "x ++ y" list_scope +R35566 Coq.Lists.List.nil +R35600 Parallelmove.noOverlap_movFront +R35600 Parallelmove.noOverlap_movFront +R35634 Parallelmove.app_nil +R35634 Parallelmove.app_nil +R35746 Parallelmove.notemporary +R35709 Parallelmove.noTmpLast +R35722 Coq.Lists.List "x ++ y" list_scope +R35733 Coq.Lists.List "x :: y" list_scope +R35726 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R35736 Coq.Lists.List.nil +R35702 Parallelmove.Reg +R35702 Parallelmove.Reg +R35688 Parallelmove.Moves +R35858 Parallelmove.app_cons +R35858 Parallelmove.app_cons +R35894 Parallelmove.noTmpLast_pop +R35894 Parallelmove.noTmpLast_pop +R36021 Parallelmove.noOverlap_aux +R36041 Coq.Lists.List "x ++ y" list_scope +R35998 Parallelmove.noOverlap_aux +R35976 Parallelmove.noOverlap_aux +R35969 Parallelmove.Reg +R36293 Parallelmove.noOverlap_aux +R36314 Parallelmove.getdst +R36308 Parallelmove.T +R36281 Parallelmove.noTmp +R36275 Parallelmove.Reg +R36611 Parallelmove.noTmp +R36621 Coq.Lists.List "x ++ y" list_scope +R36598 Parallelmove.noTmp +R36586 Parallelmove.noTmp +R36812 Parallelmove.noOverlap +R36838 Coq.Lists.List "x ++ y" list_scope +R36823 Parallelmove.StateToMove +R36841 Parallelmove.StateBeing +R36797 Parallelmove.stepInv +R36783 Parallelmove.step +R36774 Parallelmove.State +R36774 Parallelmove.State +R37016 Parallelmove.app_nil +R37084 Parallelmove.noOverlap_Pop +R37016 Parallelmove.app_nil +R37016 Parallelmove.app_nil +R37016 Parallelmove.app_nil +R37016 Parallelmove.app_nil +R37016 Parallelmove.app_nil +R37016 Parallelmove.app_nil +R37016 Parallelmove.app_nil +R37016 Parallelmove.app_nil +R37016 Parallelmove.app_nil +R37016 Parallelmove.app_nil +R37084 Parallelmove.noOverlap_Pop +R37084 Parallelmove.noOverlap_Pop +R37084 Parallelmove.noOverlap_Pop +R37084 Parallelmove.noOverlap_Pop +R37084 Parallelmove.noOverlap_Pop +R37084 Parallelmove.noOverlap_Pop +R37119 Parallelmove.noOverlap_movBack +R37119 Parallelmove.noOverlap_movBack +R37150 Parallelmove.noOverlap_insert +R37179 Parallelmove.app_app +R37194 Parallelmove.noOverlap_movFront +R37226 Parallelmove.app_cons +R37244 Parallelmove.app_app +R37150 Parallelmove.noOverlap_insert +R37179 Parallelmove.app_app +R37194 Parallelmove.noOverlap_movFront +R37226 Parallelmove.app_cons +R37244 Parallelmove.app_app +R37293 Parallelmove.app_cons +R37320 Parallelmove.app_app +R37360 Parallelmove.noOverlap_movBack0 +R37293 Parallelmove.app_cons +R37293 Parallelmove.app_cons +R37293 Parallelmove.app_cons +R37320 Parallelmove.app_app +R37320 Parallelmove.app_app +R37320 Parallelmove.app_app +R37360 Parallelmove.noOverlap_movBack0 +R37388 Parallelmove.noOverlap +R37407 Coq.Lists.List "x :: y" list_scope +R37399 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37413 Coq.Lists.List "x ++ y" list_scope +R37430 Coq.Lists.List "x :: y" list_scope +R37417 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37448 Parallelmove.noOverlap_Front0 +R37388 Parallelmove.noOverlap +R37407 Coq.Lists.List "x :: y" list_scope +R37399 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37413 Coq.Lists.List "x ++ y" list_scope +R37430 Coq.Lists.List "x :: y" list_scope +R37417 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37448 Parallelmove.noOverlap_Front0 +R37679 Coq.Lists.List "x ++ y" list_scope +R37691 Coq.Lists.List "x :: y" list_scope +R37683 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37694 Coq.Lists.List.nil +R37679 Coq.Lists.List "x ++ y" list_scope +R37691 Coq.Lists.List "x :: y" list_scope +R37683 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37694 Coq.Lists.List.nil +R37714 Coq.Lists.List.app_eq_nil +R37736 Coq.Lists.List "x :: y" list_scope +R37728 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37739 Coq.Lists.List.nil +R37714 Coq.Lists.List.app_eq_nil +R37736 Coq.Lists.List "x :: y" list_scope +R37728 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R37739 Coq.Lists.List.nil +R37897 Parallelmove.noTmpL_diff +R37897 Parallelmove.noTmpL_diff +R37982 Parallelmove.noTmP_noOverlap_aux +R38009 Parallelmove.noTmp_append +R38041 Parallelmove.app_cons +R38086 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38063 Parallelmove.noTmpLast_popBack +R37982 Parallelmove.noTmP_noOverlap_aux +R38009 Parallelmove.noTmp_append +R38041 Parallelmove.app_cons +R38086 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38063 Parallelmove.noTmpLast_popBack +R38113 Parallelmove.app_nil +R38134 Parallelmove.noOverlap_Pop +R38148 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38113 Parallelmove.app_nil +R38134 Parallelmove.noOverlap_Pop +R38148 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R38245 Parallelmove.stepInv +R38230 Parallelmove.stepInv +R38216 Parallelmove.step +R38208 Parallelmove.State +R38208 Parallelmove.State +R38311 Parallelmove.step_inv_path +R38311 Parallelmove.step_inv_path +R38346 Parallelmove.step_inv_simpleDest +R38346 Parallelmove.step_inv_simpleDest +R38387 Parallelmove.step_inv_noOverlap +R38387 Parallelmove.step_inv_noOverlap +R38427 Parallelmove.step_inv_noTmp +R38427 Parallelmove.step_inv_noTmp +R38463 Parallelmove.step_inv_noTmpLast +R38463 Parallelmove.step_inv_noTmpLast +R38544 Coq.Init.Logic "~ x" type_scope +R38547 Coq.Init.Logic "'exists' x : t , p" type_scope +R38566 Parallelmove.step +R38558 Parallelmove.State +R38527 Parallelmove.State +R38607 Parallelmove.State +R38598 Parallelmove.State +R38651 Parallelmove.State +R38718 Parallelmove.step +R38710 Parallelmove.State +R38710 Parallelmove.State +R38710 Parallelmove.State +R38775 Parallelmove.stepp_refl +R38786 Parallelmove.stepp_trans +R38885 Parallelmove.stepp +R38869 Parallelmove.stepp +R38854 Parallelmove.stepp +R38846 Parallelmove.State +R38846 Parallelmove.State +R38846 Parallelmove.State +R39024 Parallelmove.stepp +R39009 Parallelmove.step +R39001 Parallelmove.State +R39001 Parallelmove.State +R39130 Parallelmove.stepInv +R39115 Parallelmove.stepInv +R39100 Parallelmove.stepp +R39092 Parallelmove.State +R39092 Parallelmove.State +R39229 Parallelmove.step_inv +R39229 Parallelmove.step_inv +R39338 Parallelmove.notemporary +R39301 Parallelmove.noTmpLast +R39314 Coq.Lists.List "x ++ y" list_scope +R39325 Coq.Lists.List "x :: y" list_scope +R39318 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39328 Coq.Lists.List.nil +R39453 Parallelmove.noTmpLast +R39473 Coq.Lists.List "x :: y" list_scope +R39464 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39479 Coq.Lists.List "x ++ y" list_scope +R39490 Coq.Lists.List "x :: y" list_scope +R39483 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39493 Coq.Lists.List.nil +R39453 Parallelmove.noTmpLast +R39473 Coq.Lists.List "x :: y" list_scope +R39464 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39479 Coq.Lists.List "x ++ y" list_scope +R39490 Coq.Lists.List "x :: y" list_scope +R39483 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39493 Coq.Lists.List.nil +R39553 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39534 Parallelmove.noTmpLast_pop +R39553 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R39534 Parallelmove.noTmpLast_pop +R39694 Parallelmove.NoOverlap +R39675 Parallelmove.NoOverlap +R39661 Parallelmove.stepInv +R39644 Parallelmove.notemporary +R39630 Parallelmove.step +R39619 Parallelmove.State +R39619 Parallelmove.State +R39941 Parallelmove.app_nil +R39977 Parallelmove.app_cons +R40028 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40002 Parallelmove.noOverlap_Pop +R39941 Parallelmove.app_nil +R39941 Parallelmove.app_nil +R39941 Parallelmove.app_nil +R39977 Parallelmove.app_cons +R39977 Parallelmove.app_cons +R39977 Parallelmove.app_cons +R40028 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40002 Parallelmove.noOverlap_Pop +R40062 Parallelmove.app_nil +R40087 Coq.Lists.List.app_ass +R40115 Parallelmove.app_cons +R40142 Coq.Lists.List.ass_app +R40157 Parallelmove.noOverlap_movBack +R40062 Parallelmove.app_nil +R40062 Parallelmove.app_nil +R40087 Coq.Lists.List.app_ass +R40115 Parallelmove.app_cons +R40115 Parallelmove.app_cons +R40115 Parallelmove.app_cons +R40142 Coq.Lists.List.ass_app +R40157 Parallelmove.noOverlap_movBack +R40206 Coq.Lists.List.app_ass +R40243 Parallelmove.app_cons +R40206 Coq.Lists.List.app_ass +R40206 Coq.Lists.List.app_ass +R40206 Coq.Lists.List.app_ass +R40243 Parallelmove.app_cons +R40243 Parallelmove.app_cons +R40243 Parallelmove.app_cons +R40243 Parallelmove.app_cons +R40269 Coq.Lists.List.ass_app +R40284 Parallelmove.noOverlap_insert +R40310 Coq.Lists.List.app_ass +R40326 Parallelmove.noOverlap_movFront +R40269 Coq.Lists.List.ass_app +R40284 Parallelmove.noOverlap_insert +R40310 Coq.Lists.List.app_ass +R40326 Parallelmove.noOverlap_movFront +R40378 Parallelmove.app_cons +R40404 Coq.Lists.List.ass_app +R40420 Parallelmove.noOverlap_movBack0 +R40378 Parallelmove.app_cons +R40378 Parallelmove.app_cons +R40378 Parallelmove.app_cons +R40378 Parallelmove.app_cons +R40378 Parallelmove.app_cons +R40404 Coq.Lists.List.ass_app +R40420 Parallelmove.noOverlap_movBack0 +R40477 Coq.Lists.List.app_ass +R40477 Coq.Lists.List.app_ass +R40510 Parallelmove.noOverlap +R40529 Coq.Lists.List "x :: y" list_scope +R40521 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40545 Coq.Lists.List "x ++ y" list_scope +R40541 Coq.Lists.List "x :: y" list_scope +R40534 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40564 Coq.Lists.List "x :: y" list_scope +R40551 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40582 Parallelmove.noOverlap_Front0 +R40510 Parallelmove.noOverlap +R40529 Coq.Lists.List "x :: y" list_scope +R40521 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40545 Coq.Lists.List "x ++ y" list_scope +R40541 Coq.Lists.List "x :: y" list_scope +R40534 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40564 Coq.Lists.List "x :: y" list_scope +R40551 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40582 Parallelmove.noOverlap_Front0 +R40647 Coq.Lists.List.app_ass +R40647 Coq.Lists.List.app_ass +R40647 Coq.Lists.List.app_ass +R40771 Parallelmove.notemporary +R40771 Parallelmove.notemporary +R40795 Parallelmove.noTmpLast +R40824 Coq.Lists.List "x ++ y" list_scope +R40820 Coq.Lists.List "x :: y" list_scope +R40807 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40838 Coq.Lists.List "x :: y" list_scope +R40830 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40841 Coq.Lists.List.nil +R40866 Parallelmove.noTmpLast_lastnoTmp +R40900 Coq.Lists.List "x :: y" list_scope +R40887 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40795 Parallelmove.noTmpLast +R40824 Coq.Lists.List "x ++ y" list_scope +R40820 Coq.Lists.List "x :: y" list_scope +R40807 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40838 Coq.Lists.List "x :: y" list_scope +R40830 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R40841 Coq.Lists.List.nil +R40866 Parallelmove.noTmpLast_lastnoTmp +R40900 Coq.Lists.List "x :: y" list_scope +R40887 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41070 Parallelmove.noTmP_noOverlap_aux +R41070 Parallelmove.noTmP_noOverlap_aux +R41103 Parallelmove.noTmp_append +R41103 Parallelmove.noTmp_append +R41131 Parallelmove.noTmpLast +R41160 Coq.Lists.List "x ++ y" list_scope +R41156 Coq.Lists.List "x :: y" list_scope +R41143 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41174 Coq.Lists.List "x :: y" list_scope +R41166 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41177 Coq.Lists.List.nil +R41231 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41201 Parallelmove.noTmpLast_popBack +R41131 Parallelmove.noTmpLast +R41160 Coq.Lists.List "x ++ y" list_scope +R41156 Coq.Lists.List "x :: y" list_scope +R41143 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41174 Coq.Lists.List "x :: y" list_scope +R41166 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41177 Coq.Lists.List.nil +R41231 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41201 Parallelmove.noTmpLast_popBack +R41334 Parallelmove.noOverlap +R41357 Coq.Lists.List "x ++ y" list_scope +R41353 Coq.Lists.List "x :: y" list_scope +R41346 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41372 Coq.Lists.List "x :: y" list_scope +R41363 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41378 Coq.Lists.List "x ++ y" list_scope +R41391 Coq.Lists.List "x :: y" list_scope +R41382 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41394 Coq.Lists.List.nil +R41334 Parallelmove.noOverlap +R41357 Coq.Lists.List "x ++ y" list_scope +R41353 Coq.Lists.List "x :: y" list_scope +R41346 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41372 Coq.Lists.List "x :: y" list_scope +R41363 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41378 Coq.Lists.List "x ++ y" list_scope +R41391 Coq.Lists.List "x :: y" list_scope +R41382 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41394 Coq.Lists.List.nil +R41422 Parallelmove.noOverlap +R41445 Coq.Lists.List "x ++ y" list_scope +R41441 Coq.Lists.List "x :: y" list_scope +R41434 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41453 Coq.Lists.List "x ++ y" list_scope +R41466 Coq.Lists.List "x :: y" list_scope +R41457 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41469 Coq.Lists.List.nil +R41486 Parallelmove.noOverlap_Pop +R41500 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41422 Parallelmove.noOverlap +R41445 Coq.Lists.List "x ++ y" list_scope +R41441 Coq.Lists.List "x :: y" list_scope +R41434 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41453 Coq.Lists.List "x ++ y" list_scope +R41466 Coq.Lists.List "x :: y" list_scope +R41457 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41469 Coq.Lists.List.nil +R41486 Parallelmove.noOverlap_Pop +R41500 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R41536 Parallelmove.app_cons +R41553 Parallelmove.noOverlap_Pop +R41536 Parallelmove.app_cons +R41536 Parallelmove.app_cons +R41536 Parallelmove.app_cons +R41553 Parallelmove.noOverlap_Pop +R41694 Coq.Lists.List.In +R41700 Parallelmove.getdst +R41723 Coq.Lists.List "x ++ y" list_scope +R41708 Parallelmove.StateToMove +R41726 Parallelmove.StateBeing +R41641 Coq.Lists.List.In +R41647 Parallelmove.getdst +R41670 Coq.Lists.List "x ++ y" list_scope +R41655 Parallelmove.StateToMove +R41673 Parallelmove.StateBeing +R41626 Parallelmove.step +R41615 Parallelmove.State +R41615 Parallelmove.State +R41853 Parallelmove.getdst_app +R41889 Parallelmove.app_nil +R41913 Coq.Lists.List.in_or_app +R41853 Parallelmove.getdst_app +R41853 Parallelmove.getdst_app +R41853 Parallelmove.getdst_app +R41853 Parallelmove.getdst_app +R41853 Parallelmove.getdst_app +R41889 Parallelmove.app_nil +R41889 Parallelmove.app_nil +R41889 Parallelmove.app_nil +R41913 Coq.Lists.List.in_or_app +R41930 Coq.Lists.List.in_app_or +R41953 Parallelmove.getdst +R41941 Parallelmove.getdst +R41930 Coq.Lists.List.in_app_or +R41953 Parallelmove.getdst +R41941 Parallelmove.getdst +R42030 Parallelmove.getdst_app +R42090 Parallelmove.app_nil +R42113 Coq.Lists.List.in_or_app +R42030 Parallelmove.getdst_app +R42030 Parallelmove.getdst_app +R42030 Parallelmove.getdst_app +R42030 Parallelmove.getdst_app +R42030 Parallelmove.getdst_app +R42090 Parallelmove.app_nil +R42090 Parallelmove.app_nil +R42113 Coq.Lists.List.in_or_app +R42130 Coq.Lists.List.in_app_or +R42169 Coq.Lists.List "x :: y" list_scope +R42172 Coq.Lists.List.nil +R42151 Coq.Lists.List "x ++ y" list_scope +R42141 Parallelmove.getdst +R42154 Parallelmove.getdst +R42130 Coq.Lists.List.in_app_or +R42169 Coq.Lists.List "x :: y" list_scope +R42172 Coq.Lists.List.nil +R42151 Coq.Lists.List "x ++ y" list_scope +R42141 Parallelmove.getdst +R42154 Parallelmove.getdst +R42200 Coq.Lists.List.in_app_or +R42223 Parallelmove.getdst +R42211 Parallelmove.getdst +R42200 Coq.Lists.List.in_app_or +R42223 Parallelmove.getdst +R42211 Parallelmove.getdst +R42375 Parallelmove.getdst_app +R42411 Parallelmove.app_nil +R42435 Coq.Lists.List.in_or_app +R42375 Parallelmove.getdst_app +R42375 Parallelmove.getdst_app +R42375 Parallelmove.getdst_app +R42375 Parallelmove.getdst_app +R42375 Parallelmove.getdst_app +R42411 Parallelmove.app_nil +R42435 Coq.Lists.List.in_or_app +R42452 Coq.Lists.List.in_app_or +R42491 Coq.Lists.List "x :: y" list_scope +R42497 Coq.Lists.List "x :: y" list_scope +R42500 Parallelmove.getdst +R42473 Coq.Lists.List "x ++ y" list_scope +R42463 Parallelmove.getdst +R42476 Parallelmove.getdst +R42452 Coq.Lists.List.in_app_or +R42491 Coq.Lists.List "x :: y" list_scope +R42497 Coq.Lists.List "x :: y" list_scope +R42500 Parallelmove.getdst +R42473 Coq.Lists.List "x ++ y" list_scope +R42463 Parallelmove.getdst +R42476 Parallelmove.getdst +R42535 Coq.Lists.List.in_app_or +R42558 Parallelmove.getdst +R42546 Parallelmove.getdst +R42535 Coq.Lists.List.in_app_or +R42558 Parallelmove.getdst +R42546 Parallelmove.getdst +R42598 Coq.Lists.List.in_or_app +R42598 Coq.Lists.List.in_or_app +R42639 Coq.Lists.List.in_or_app +R42639 Coq.Lists.List.in_or_app +R42711 Coq.Lists.List.in_or_app +R42711 Coq.Lists.List.in_or_app +R42848 Parallelmove.getdst_app +R42848 Parallelmove.getdst_app +R42848 Parallelmove.getdst_app +R42848 Parallelmove.getdst_app +R42848 Parallelmove.getdst_app +R42848 Parallelmove.getdst_app +R42895 Parallelmove.getdst_app +R42895 Parallelmove.getdst_app +R42895 Parallelmove.getdst_app +R42895 Parallelmove.getdst_app +R42895 Parallelmove.getdst_app +R42895 Parallelmove.getdst_app +R42929 Coq.Lists.List.in_app_or +R42960 Coq.Lists.List "x ++ y" list_scope +R42951 Parallelmove.getdst +R42967 Coq.Lists.List "x :: y" list_scope +R42970 Coq.Lists.List.nil +R42940 Parallelmove.getdst +R43000 Coq.Lists.List.in_or_app +R42929 Coq.Lists.List.in_app_or +R42960 Coq.Lists.List "x ++ y" list_scope +R42951 Parallelmove.getdst +R42967 Coq.Lists.List "x :: y" list_scope +R42970 Coq.Lists.List.nil +R42940 Parallelmove.getdst +R43000 Coq.Lists.List.in_or_app +R43000 Coq.Lists.List.in_or_app +R43023 Coq.Lists.List.in_app_or +R43048 Coq.Lists.List "x :: y" list_scope +R43051 Coq.Lists.List.nil +R43034 Parallelmove.getdst +R43023 Coq.Lists.List.in_app_or +R43048 Coq.Lists.List "x :: y" list_scope +R43051 Coq.Lists.List.nil +R43034 Parallelmove.getdst +R43100 Coq.Lists.List.in_or_app +R43100 Coq.Lists.List.in_or_app +R43160 Coq.Lists.List.in_or_app +R43160 Coq.Lists.List.in_or_app +R43213 Parallelmove.app_nil +R43239 Parallelmove.getdst_app +R43213 Parallelmove.app_nil +R43239 Parallelmove.getdst_app +R43239 Parallelmove.getdst_app +R43273 Coq.Lists.List.in_or_app +R43273 Coq.Lists.List.in_or_app +R43386 Parallelmove.sameExec +R43371 Parallelmove.stepInv +R43356 Parallelmove.stepp +R43348 Parallelmove.State +R43348 Parallelmove.State +R43493 Parallelmove.sameExec +R43526 Parallelmove.step_sameExec +R43493 Parallelmove.sameExec +R43526 Parallelmove.step_sameExec +R43652 Parallelmove.step_inv +R43652 Parallelmove.step_inv +R43726 Parallelmove.getdst_app +R43753 Coq.Lists.List.in_or_app +R43726 Parallelmove.getdst_app +R43726 Parallelmove.getdst_app +R43726 Parallelmove.getdst_app +R43726 Parallelmove.getdst_app +R43726 Parallelmove.getdst_app +R43726 Parallelmove.getdst_app +R43726 Parallelmove.getdst_app +R43753 Coq.Lists.List.in_or_app +R43771 Coq.Lists.List.in_app_or +R43864 Coq.Lists.List "x ++ y" list_scope +R43840 Parallelmove.getdst +R43848 Parallelmove.StateToMove +R43867 Parallelmove.getdst +R43875 Parallelmove.StateBeing +R43809 Coq.Lists.List "x ++ y" list_scope +R43785 Parallelmove.getdst +R43793 Parallelmove.StateToMove +R43812 Parallelmove.getdst +R43820 Parallelmove.StateBeing +R43771 Coq.Lists.List.in_app_or +R43864 Coq.Lists.List "x ++ y" list_scope +R43840 Parallelmove.getdst +R43848 Parallelmove.StateToMove +R43867 Parallelmove.getdst +R43875 Parallelmove.StateBeing +R43809 Coq.Lists.List "x ++ y" list_scope +R43785 Parallelmove.getdst +R43793 Parallelmove.StateToMove +R43812 Parallelmove.getdst +R43820 Parallelmove.StateBeing +R43920 Parallelmove.step_inv_getdst +R43962 Parallelmove.getdst_app +R43920 Parallelmove.step_inv_getdst +R43962 Parallelmove.getdst_app +R43962 Parallelmove.getdst_app +R43962 Parallelmove.getdst_app +R44058 Parallelmove.getdst_app +R44085 Coq.Lists.List.in_or_app +R44058 Parallelmove.getdst_app +R44058 Parallelmove.getdst_app +R44058 Parallelmove.getdst_app +R44058 Parallelmove.getdst_app +R44058 Parallelmove.getdst_app +R44058 Parallelmove.getdst_app +R44058 Parallelmove.getdst_app +R44085 Coq.Lists.List.in_or_app +R44103 Coq.Lists.List.in_app_or +R44196 Coq.Lists.List "x ++ y" list_scope +R44172 Parallelmove.getdst +R44180 Parallelmove.StateToMove +R44199 Parallelmove.getdst +R44207 Parallelmove.StateBeing +R44141 Coq.Lists.List "x ++ y" list_scope +R44117 Parallelmove.getdst +R44125 Parallelmove.StateToMove +R44144 Parallelmove.getdst +R44152 Parallelmove.StateBeing +R44103 Coq.Lists.List.in_app_or +R44196 Coq.Lists.List "x ++ y" list_scope +R44172 Parallelmove.getdst +R44180 Parallelmove.StateToMove +R44199 Parallelmove.getdst +R44207 Parallelmove.StateBeing +R44141 Coq.Lists.List "x ++ y" list_scope +R44117 Parallelmove.getdst +R44125 Parallelmove.StateToMove +R44144 Parallelmove.getdst +R44152 Parallelmove.StateBeing +R44252 Parallelmove.step_inv_getdst +R44294 Parallelmove.getdst_app +R44252 Parallelmove.step_inv_getdst +R44294 Parallelmove.getdst_app +R44294 Parallelmove.getdst_app +R44294 Parallelmove.getdst_app +R44370 Parallelmove.State +R44361 Parallelmove.State +R44466 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44470 Coq.Lists.List.nil +R44444 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44452 Coq.Lists.List "x :: y" list_scope +R44445 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44458 Coq.Lists.List.nil +R44429 Parallelmove.Moves +R44429 Parallelmove.Moves +R44417 Parallelmove.Reg +R44577 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44588 Coq.Lists.List "x :: y" list_scope +R44581 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44591 Coq.Lists.List.nil +R44555 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44563 Coq.Lists.List "x :: y" list_scope +R44556 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44569 Coq.Lists.List.nil +R44540 Coq.Init.Logic "x <> y" type_scope +R44527 Parallelmove.Reg +R44527 Parallelmove.Reg +R44513 Parallelmove.Moves +R44513 Parallelmove.Moves +R44746 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44750 Coq.Lists.List "x ++ y" list_scope +R44764 Coq.Lists.List "x :: y" list_scope +R44757 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44775 Coq.Lists.List "x :: y" list_scope +R44768 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44700 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44704 Coq.Lists.List "x ++ y" list_scope +R44715 Coq.Lists.List "x :: y" list_scope +R44708 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44730 Coq.Lists.List "x :: y" list_scope +R44723 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44666 Parallelmove.noRead +R44655 Parallelmove.Reg +R44655 Parallelmove.Reg +R44655 Parallelmove.Reg +R44639 Parallelmove.Moves +R44639 Parallelmove.Moves +R44639 Parallelmove.Moves +R44639 Parallelmove.Moves +R44937 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44943 Coq.Lists.List "x ++ y" list_scope +R44957 Coq.Lists.List "x :: y" list_scope +R44947 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44948 Parallelmove.T +R44960 Coq.Lists.List.nil +R44974 Coq.Lists.List "x :: y" list_scope +R44966 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44989 Coq.Lists.List "x :: y" list_scope +R44978 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44983 Parallelmove.T +R44887 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44899 Coq.Lists.List "x :: y" list_scope +R44891 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44905 Coq.Lists.List "x ++ y" list_scope +R44917 Coq.Lists.List "x :: y" list_scope +R44909 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R44920 Coq.Lists.List.nil +R44853 Parallelmove.noRead +R44842 Parallelmove.Reg +R44842 Parallelmove.Reg +R44842 Parallelmove.Reg +R44825 Parallelmove.Moves +R44825 Parallelmove.Moves +R44825 Parallelmove.Moves +R45173 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45179 Coq.Lists.List "x ++ y" list_scope +R45192 Coq.Lists.List "x :: y" list_scope +R45183 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45195 Coq.Lists.List.nil +R45210 Coq.Lists.List "x :: y" list_scope +R45201 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45121 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45134 Coq.Lists.List "x :: y" list_scope +R45125 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45140 Coq.Lists.List "x ++ y" list_scope +R45153 Coq.Lists.List "x :: y" list_scope +R45144 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45156 Coq.Lists.List.nil +R45084 Locations.diff +R45064 Parallelmove.noRead +R45053 Parallelmove.Reg +R45053 Parallelmove.Reg +R45053 Parallelmove.Reg +R45053 Parallelmove.Reg +R45031 Parallelmove.Moves +R45031 Parallelmove.Moves +R45031 Parallelmove.Moves +R45318 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45322 Coq.Lists.List.nil +R45334 Coq.Lists.List "x :: y" list_scope +R45327 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45296 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45307 Coq.Lists.List "x :: y" list_scope +R45300 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45310 Coq.Lists.List.nil +R45275 Parallelmove.noRead +R45264 Parallelmove.Reg +R45264 Parallelmove.Reg +R45250 Parallelmove.Moves +R45250 Parallelmove.Moves +R45355 Parallelmove.dstep_nop +R45365 Parallelmove.dstep_start +R45377 Parallelmove.dstep_push +R45403 Parallelmove.dstep_pop_loop +R45418 Parallelmove.dstep_pop +R45428 Parallelmove.dstep_last +R45516 Parallelmove.stepp +R45501 Parallelmove.stepInv +R45486 Parallelmove.dstep +R45478 Parallelmove.State +R45478 Parallelmove.State +R45599 Parallelmove.stepp +R45636 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45640 Coq.Lists.List.nil +R45605 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45610 Coq.Lists.List "x ++ y" list_scope +R45606 Coq.Lists.List.nil +R45621 Coq.Lists.List "x :: y" list_scope +R45614 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45628 Coq.Lists.List.nil +R45656 Parallelmove.step_stepp +R45676 Parallelmove.step_nop +R45687 Coq.Lists.List.nil +R45599 Parallelmove.stepp +R45636 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45640 Coq.Lists.List.nil +R45605 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45610 Coq.Lists.List "x ++ y" list_scope +R45606 Coq.Lists.List.nil +R45621 Coq.Lists.List "x :: y" list_scope +R45614 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45628 Coq.Lists.List.nil +R45656 Parallelmove.step_stepp +R45676 Parallelmove.step_nop +R45687 Coq.Lists.List.nil +R45703 Parallelmove.stepp +R45740 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45751 Coq.Lists.List "x :: y" list_scope +R45744 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45754 Coq.Lists.List.nil +R45709 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45714 Coq.Lists.List "x ++ y" list_scope +R45710 Coq.Lists.List.nil +R45725 Coq.Lists.List "x :: y" list_scope +R45718 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45732 Coq.Lists.List.nil +R45771 Parallelmove.step_stepp +R45790 Parallelmove.step_start +R45801 Coq.Lists.List.nil +R45703 Parallelmove.stepp +R45740 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45751 Coq.Lists.List "x :: y" list_scope +R45744 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45754 Coq.Lists.List.nil +R45709 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45714 Coq.Lists.List "x ++ y" list_scope +R45710 Coq.Lists.List.nil +R45725 Coq.Lists.List "x :: y" list_scope +R45718 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45732 Coq.Lists.List.nil +R45771 Parallelmove.step_stepp +R45790 Parallelmove.step_start +R45801 Coq.Lists.List.nil +R45819 Parallelmove.stepp_trans +R45942 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45948 Coq.Lists.List "x ++ y" list_scope +R45962 Coq.Lists.List "x :: y" list_scope +R45952 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45953 Parallelmove.T +R45965 Coq.Lists.List.nil +R45979 Coq.Lists.List "x :: y" list_scope +R45971 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45994 Coq.Lists.List "x :: y" list_scope +R45983 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45988 Parallelmove.T +R45880 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45892 Coq.Lists.List "x :: y" list_scope +R45884 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45898 Coq.Lists.List "x ++ y" list_scope +R45912 Coq.Lists.List "x :: y" list_scope +R45902 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45903 Parallelmove.T +R45915 Coq.Lists.List.nil +R45933 Coq.Lists.List "x :: y" list_scope +R45922 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45927 Parallelmove.T +R45834 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45846 Coq.Lists.List "x :: y" list_scope +R45838 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45852 Coq.Lists.List "x ++ y" list_scope +R45864 Coq.Lists.List "x :: y" list_scope +R45856 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45867 Coq.Lists.List.nil +R45819 Parallelmove.stepp_trans +R45942 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45948 Coq.Lists.List "x ++ y" list_scope +R45962 Coq.Lists.List "x :: y" list_scope +R45952 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45953 Parallelmove.T +R45965 Coq.Lists.List.nil +R45979 Coq.Lists.List "x :: y" list_scope +R45971 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45994 Coq.Lists.List "x :: y" list_scope +R45983 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45988 Parallelmove.T +R45880 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45892 Coq.Lists.List "x :: y" list_scope +R45884 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45898 Coq.Lists.List "x ++ y" list_scope +R45912 Coq.Lists.List "x :: y" list_scope +R45902 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45903 Parallelmove.T +R45915 Coq.Lists.List.nil +R45933 Coq.Lists.List "x :: y" list_scope +R45922 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45927 Parallelmove.T +R45834 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45846 Coq.Lists.List "x :: y" list_scope +R45838 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45852 Coq.Lists.List "x ++ y" list_scope +R45864 Coq.Lists.List "x :: y" list_scope +R45856 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R45867 Coq.Lists.List.nil +R46015 Parallelmove.step_stepp +R46033 Parallelmove.step_pop +R46015 Parallelmove.step_stepp +R46033 Parallelmove.step_pop +R46167 Coq.Lists.List "x ++ y" list_scope +R46179 Coq.Lists.List "x :: y" list_scope +R46171 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R46182 Coq.Lists.List.nil +R46167 Coq.Lists.List "x ++ y" list_scope +R46179 Coq.Lists.List "x :: y" list_scope +R46171 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R46182 Coq.Lists.List.nil +R46306 Parallelmove.stepInv +R46291 Parallelmove.stepInv +R46276 Parallelmove.dstep +R46268 Parallelmove.State +R46268 Parallelmove.State +R46340 Parallelmove.stepp_inv +R46340 Parallelmove.stepp_inv +R46370 Parallelmove.dstep_step +R46370 Parallelmove.dstep_step +R46423 Parallelmove.State +R46414 Parallelmove.State +R46468 Parallelmove.State +R46537 Parallelmove.dstep +R46529 Parallelmove.State +R46529 Parallelmove.State +R46529 Parallelmove.State +R46597 Parallelmove.dstepp_refl +R46609 Parallelmove.dstepp_trans +R46702 Parallelmove.stepp +R46685 Parallelmove.dstepp +R46671 Parallelmove.stepInv +R46663 Parallelmove.State +R46663 Parallelmove.State +R46786 Parallelmove.stepp_transitive +R46786 Parallelmove.stepp_transitive +R46826 Parallelmove.dstep_step +R46826 Parallelmove.dstep_step +R46871 Parallelmove.dstep_inv +R46871 Parallelmove.dstep_inv +R46981 Parallelmove.sameExec +R46966 Parallelmove.stepInv +R46950 Parallelmove.dstepp +R46942 Parallelmove.State +R46942 Parallelmove.State +R47018 Parallelmove.stepp_sameExec +R47018 Parallelmove.stepp_sameExec +R47046 Parallelmove.dstepp_stepp +R47046 Parallelmove.dstepp_stepp +R47141 Coq.Init.Datatypes.option +R47161 Coq.Init.Datatypes "x * y" type_scope +R47156 Coq.Init.Datatypes "x * y" type_scope +R47150 Parallelmove.Moves +R47158 Parallelmove.Reg +R47165 Parallelmove.Moves +R47122 Parallelmove.Reg +R47110 Parallelmove.Moves +R47199 Coq.Lists.List "x :: y" list_scope +R47192 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R47221 Parallelmove.diff_dec +R47246 Coq.Init.Specif.right +R47257 Coq.Init.Datatypes.Some +R47262 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R47263 Coq.Lists.List.nil +R47285 Coq.Init.Specif.left +R47347 Coq.Init.Datatypes.Some +R47353 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R47370 Coq.Init.Datatypes.Some +R47375 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R47383 Coq.Lists.List "x :: y" list_scope +R47376 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R47411 Coq.Init.Datatypes.None +R47419 Coq.Init.Datatypes.None +R47451 Coq.Lists.List.nil +R47458 Coq.Init.Datatypes.None +R47122 Parallelmove.Reg +R47110 Parallelmove.Moves +R47527 Coq.Init.Datatypes.option +R47547 Coq.Init.Datatypes "x * y" type_scope +R47542 Coq.Init.Datatypes "x * y" type_scope +R47536 Parallelmove.Moves +R47544 Parallelmove.Reg +R47551 Parallelmove.Moves +R47508 Parallelmove.Reg +R47496 Parallelmove.Moves +R47585 Coq.Lists.List "x :: y" list_scope +R47578 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R47607 Locations.eq +R47630 Coq.Init.Specif.left +R47640 Coq.Init.Datatypes.Some +R47645 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R47646 Coq.Lists.List.nil +R47668 Coq.Init.Specif.right +R47730 Coq.Init.Datatypes.Some +R47736 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R47753 Coq.Init.Datatypes.Some +R47758 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R47766 Coq.Lists.List "x :: y" list_scope +R47759 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R47794 Coq.Init.Datatypes.None +R47802 Coq.Init.Datatypes.None +R47834 Coq.Lists.List.nil +R47841 Coq.Init.Datatypes.None +R47508 Parallelmove.Reg +R47496 Parallelmove.Moves +R47870 Parallelmove.Move +R47878 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R47879 Locations.R +R47881 Locations.IT1 +R47886 Locations.R +R47888 Locations.IT1 +R47924 Parallelmove.Move +R47915 Parallelmove.Moves +R47948 Coq.Lists.List.nil +R47955 Parallelmove.def +R47978 Coq.Lists.List "x :: y" list_scope +R47981 Coq.Lists.List.nil +R48009 Coq.Lists.List "x :: y" list_scope +R47915 Parallelmove.Moves +R48074 Parallelmove.Moves +R48065 Parallelmove.Moves +R48100 Coq.Lists.List.nil +R48107 Coq.Lists.List.nil +R48118 Coq.Lists.List "x :: y" list_scope +R48121 Coq.Lists.List.nil +R48128 Coq.Lists.List.nil +R48139 Coq.Lists.List "x :: y" list_scope +R48153 Coq.Lists.List "x :: y" list_scope +R48065 Parallelmove.Moves +R48221 Parallelmove.Moves +R48212 Parallelmove.Moves +R48247 Coq.Lists.List.nil +R48254 Coq.Lists.List.nil +R48264 Coq.Lists.List "x :: y" list_scope +R48267 Coq.Lists.List.nil +R48295 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48314 Coq.Lists.List "x :: y" list_scope +R48305 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48306 Parallelmove.T +R48317 Coq.Lists.List.nil +R48331 Coq.Lists.List "x :: y" list_scope +R48344 Coq.Lists.List "x :: y" list_scope +R48212 Parallelmove.Moves +R48407 Coq.Init.Logic.refl_equal +R48491 Parallelmove.State +R48522 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48523 Coq.Lists.List.nil +R48528 Coq.Lists.List.nil +R48548 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48556 Coq.Lists.List "x :: y" list_scope +R48549 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48563 Coq.Lists.List.nil +R48588 Parallelmove.diff_dec +R48616 Coq.Init.Specif.right +R48627 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48632 Coq.Lists.List.nil +R48651 Coq.Init.Specif.left +R48661 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48673 Coq.Lists.List "x :: y" list_scope +R48666 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48676 Coq.Lists.List.nil +R48702 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48713 Coq.Lists.List "x :: y" list_scope +R48706 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48739 Parallelmove.split_move +R48769 Coq.Init.Datatypes.Some +R48775 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48803 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48807 Coq.Lists.List "x ++ y" list_scope +R48821 Coq.Lists.List "x :: y" list_scope +R48814 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48832 Coq.Lists.List "x :: y" list_scope +R48825 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48853 Coq.Init.Datatypes.None +R48902 Coq.Lists.List.nil +R48909 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48913 Coq.Lists.List.nil +R48925 Coq.Lists.List "x :: y" list_scope +R48918 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48976 Parallelmove.diff_dec +R48988 Coq.Init.Datatypes.fst +R48993 Parallelmove.last +R49027 Coq.Init.Specif.right +R49060 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49064 Parallelmove.replace_last_s +R49089 Coq.Lists.List "x :: y" list_scope +R49082 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49102 Coq.Lists.List "x :: y" list_scope +R49093 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49097 Parallelmove.T +R49130 Coq.Init.Specif.left +R49140 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49154 Coq.Lists.List "x :: y" list_scope +R49147 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R48482 Parallelmove.State +R49253 Parallelmove.State +R49284 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49285 Coq.Lists.List.nil +R49290 Coq.Lists.List.nil +R49310 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49318 Coq.Lists.List "x :: y" list_scope +R49311 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49325 Coq.Lists.List.nil +R49350 Locations.eq +R49376 Coq.Init.Specif.left +R49386 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49391 Coq.Lists.List.nil +R49410 Coq.Init.Specif.right +R49421 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49433 Coq.Lists.List "x :: y" list_scope +R49426 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49436 Coq.Lists.List.nil +R49462 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49473 Coq.Lists.List "x :: y" list_scope +R49466 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49499 Parallelmove.split_move +R49529 Coq.Init.Datatypes.Some +R49535 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49563 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49567 Coq.Lists.List "x ++ y" list_scope +R49581 Coq.Lists.List "x :: y" list_scope +R49574 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49592 Coq.Lists.List "x :: y" list_scope +R49585 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49613 Coq.Init.Datatypes.None +R49662 Coq.Lists.List.nil +R49669 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49673 Coq.Lists.List.nil +R49685 Coq.Lists.List "x :: y" list_scope +R49678 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49736 Locations.eq +R49746 Coq.Init.Datatypes.fst +R49751 Parallelmove.last +R49785 Coq.Init.Specif.left +R49817 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49821 Parallelmove.replace_last_s +R49846 Coq.Lists.List "x :: y" list_scope +R49839 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49859 Coq.Lists.List "x :: y" list_scope +R49850 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49854 Parallelmove.T +R49887 Coq.Init.Specif.right +R49898 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49912 Coq.Lists.List "x :: y" list_scope +R49905 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R49244 Parallelmove.State +R50037 Coq.Init.Logic "x = y" type_scope +R50032 Coq.Lists.List "x :: y" list_scope +R50062 Coq.Lists.List "x ++ y" list_scope +R50039 Parallelmove.head_but_last +R50056 Coq.Lists.List "x :: y" list_scope +R50080 Coq.Lists.List "x :: y" list_scope +R50066 Parallelmove.last +R50074 Coq.Lists.List "x :: y" list_scope +R50083 Coq.Lists.List.nil +R50021 Parallelmove.Move +R50009 Parallelmove.Moves +R50296 Parallelmove.noRead +R50273 Coq.Init.Logic "x = y" type_scope +R50258 Parallelmove.split_move +R50275 Coq.Init.Datatypes.Some +R50280 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R50221 Parallelmove.noOverlap +R50234 Coq.Lists.List "x ++ y" list_scope +R50245 Coq.Lists.List "x :: y" list_scope +R50238 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R50248 Coq.Lists.List.nil +R50214 Parallelmove.Reg +R50214 Parallelmove.Reg +R50214 Parallelmove.Reg +R50198 Parallelmove.Moves +R50198 Parallelmove.Moves +R50198 Parallelmove.Moves +R50411 Locations.eq +R50411 Locations.eq +R50473 Parallelmove.split_move +R50473 Parallelmove.split_move +R50567 Parallelmove.noOverlap +R50592 Coq.Lists.List "x ++ y" list_scope +R50588 Coq.Lists.List "x :: y" list_scope +R50579 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R50605 Coq.Lists.List "x :: y" list_scope +R50598 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R50608 Coq.Lists.List.nil +R50567 Parallelmove.noOverlap +R50592 Coq.Lists.List "x ++ y" list_scope +R50588 Coq.Lists.List "x :: y" list_scope +R50579 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R50605 Coq.Lists.List "x :: y" list_scope +R50598 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R50608 Coq.Lists.List.nil +R50634 Parallelmove.noOverlap +R50652 Coq.Lists.List "x :: y" list_scope +R50645 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R50665 Coq.Lists.List "x :: y" list_scope +R50656 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R50634 Parallelmove.noOverlap +R50652 Coq.Lists.List "x :: y" list_scope +R50645 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R50665 Coq.Lists.List "x :: y" list_scope +R50656 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R50680 Parallelmove.noOverlap_Front0 +R50680 Parallelmove.noOverlap_Front0 +R50924 Coq.Init.Logic "x = y" type_scope +R50924 Coq.Init.Logic "x = y" type_scope +R50942 Locations.diff_sym +R50942 Locations.diff_sym +R51022 Parallelmove.noOverlap_pop +R51036 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51022 Parallelmove.noOverlap_pop +R51036 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51221 Coq.Init.Logic "x = y" type_scope +R51226 Coq.Lists.List "x ++ y" list_scope +R51237 Coq.Lists.List "x :: y" list_scope +R51230 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51196 Coq.Init.Logic "x = y" type_scope +R51181 Parallelmove.split_move +R51198 Coq.Init.Datatypes.Some +R51203 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51144 Parallelmove.noOverlap +R51157 Coq.Lists.List "x ++ y" list_scope +R51168 Coq.Lists.List "x :: y" list_scope +R51161 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51171 Coq.Lists.List.nil +R51137 Parallelmove.Reg +R51137 Parallelmove.Reg +R51137 Parallelmove.Reg +R51121 Parallelmove.Moves +R51121 Parallelmove.Moves +R51121 Parallelmove.Moves +R51355 Parallelmove.diff_dec +R51355 Parallelmove.diff_dec +R51385 Locations.eq +R51385 Locations.eq +R51414 Locations.diff +R51414 Locations.diff +R51453 Locations.same_not_diff +R51453 Locations.same_not_diff +R51480 Parallelmove.split_move +R51480 Parallelmove.split_move +R51568 Parallelmove.app_cons +R51568 Parallelmove.app_cons +R51637 Parallelmove.noOverlap_pop +R51651 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51637 Parallelmove.noOverlap_pop +R51651 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51674 Locations.eq +R51674 Locations.eq +R51742 Parallelmove.noOverlap_aux +R51760 Parallelmove.getdst +R51775 Coq.Lists.List "x :: y" list_scope +R51768 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51778 Coq.Lists.List.nil +R51742 Parallelmove.noOverlap_aux +R51760 Parallelmove.getdst +R51775 Coq.Lists.List "x :: y" list_scope +R51768 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51778 Coq.Lists.List.nil +R51841 Coq.Init.Logic "x = y" type_scope +R51841 Coq.Init.Logic "x = y" type_scope +R51862 Locations.diff +R51890 Locations.diff_sym +R51862 Locations.diff +R51890 Locations.diff_sym +R51935 Parallelmove.app_cons +R51935 Parallelmove.app_cons +R51960 Parallelmove.noOverlap +R51973 Coq.Lists.List "x ++ y" list_scope +R51986 Coq.Lists.List "x :: y" list_scope +R51977 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51997 Coq.Lists.List "x :: y" list_scope +R51990 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52000 Coq.Lists.List.nil +R52022 Parallelmove.noOverlap_insert +R51960 Parallelmove.noOverlap +R51973 Coq.Lists.List "x ++ y" list_scope +R51986 Coq.Lists.List "x :: y" list_scope +R51977 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R51997 Coq.Lists.List "x :: y" list_scope +R51990 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52000 Coq.Lists.List.nil +R52022 Parallelmove.noOverlap_insert +R52022 Parallelmove.noOverlap_insert +R52062 Parallelmove.noOverlap +R52082 Coq.Lists.List "x :: y" list_scope +R52073 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52093 Coq.Lists.List "x :: y" list_scope +R52086 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52096 Coq.Lists.List.nil +R52062 Parallelmove.noOverlap +R52082 Coq.Lists.List "x :: y" list_scope +R52073 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52093 Coq.Lists.List "x :: y" list_scope +R52086 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52096 Coq.Lists.List.nil +R52111 Parallelmove.noOverlap_right +R52111 Parallelmove.noOverlap_right +R52261 Coq.Init.Logic "x = y" type_scope +R52261 Coq.Init.Logic "x = y" type_scope +R52412 Coq.Init.Logic "x = y" type_scope +R52388 Parallelmove.replace_last_s +R52406 Coq.Lists.List "x :: y" list_scope +R52416 Coq.Lists.List "x :: y" list_scope +R52419 Parallelmove.replace_last_s +R52377 Coq.Init.Logic "x <> y" type_scope +R52380 Coq.Lists.List.nil +R52366 Parallelmove.Moves +R52355 Parallelmove.Move +R52613 Coq.Init.Logic "x = y" type_scope +R52575 Parallelmove.replace_last_s +R52593 Coq.Lists.List "x ++ y" list_scope +R52604 Coq.Lists.List "x :: y" list_scope +R52597 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52607 Coq.Lists.List.nil +R52617 Coq.Lists.List "x ++ y" list_scope +R52630 Coq.Lists.List "x :: y" list_scope +R52621 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52622 Parallelmove.T +R52633 Coq.Lists.List.nil +R52567 Parallelmove.Reg +R52567 Parallelmove.Reg +R52553 Parallelmove.Moves +R52713 Coq.Lists.List.app_comm_cons +R52713 Coq.Lists.List.app_comm_cons +R52713 Coq.Lists.List.app_comm_cons +R52713 Coq.Lists.List.app_comm_cons +R52737 Parallelmove.cons_replace +R52737 Parallelmove.cons_replace +R52788 Coq.Lists.List.app_eq_nil +R52809 Coq.Lists.List "x :: y" list_scope +R52802 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52812 Coq.Lists.List.nil +R52788 Coq.Lists.List.app_eq_nil +R52809 Coq.Lists.List "x :: y" list_scope +R52802 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R52812 Coq.Lists.List.nil +R52925 Coq.Init.Logic "x = y" type_scope +R52902 Parallelmove.last +R52910 Coq.Lists.List "x ++ y" list_scope +R52916 Coq.Lists.List "x :: y" list_scope +R52919 Coq.Lists.List.nil +R52894 Parallelmove.Move +R52882 Parallelmove.Moves +R52983 Coq.Lists.List "x ++ y" list_scope +R52989 Coq.Lists.List "x :: y" list_scope +R52992 Coq.Lists.List.nil +R52983 Coq.Lists.List "x ++ y" list_scope +R52989 Coq.Lists.List "x :: y" list_scope +R52992 Coq.Lists.List.nil +R53012 Coq.Lists.List.app_eq_nil +R53028 Coq.Lists.List "x :: y" list_scope +R53031 Coq.Lists.List.nil +R53012 Coq.Lists.List.app_eq_nil +R53028 Coq.Lists.List "x :: y" list_scope +R53031 Coq.Lists.List.nil +R53191 Coq.Init.Logic "x = y" type_scope +R53169 Parallelmove.last +R53178 Coq.Lists.List "x :: y" list_scope +R53184 Coq.Lists.List "x :: y" list_scope +R53193 Parallelmove.last +R53201 Coq.Lists.List "x :: y" list_scope +R53161 Parallelmove.Move +R53161 Parallelmove.Move +R53146 Parallelmove.Moves +R53380 Coq.Init.Logic "x = y" type_scope +R53332 Parallelmove.stepf +R53338 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53349 Coq.Lists.List "x :: y" list_scope +R53342 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53355 Coq.Lists.List "x ++ y" list_scope +R53367 Coq.Lists.List "x :: y" list_scope +R53359 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53370 Coq.Lists.List.nil +R53384 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53390 Coq.Lists.List "x ++ y" list_scope +R53404 Coq.Lists.List "x :: y" list_scope +R53394 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53395 Parallelmove.T +R53407 Coq.Lists.List.nil +R53420 Coq.Lists.List "x :: y" list_scope +R53413 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53433 Coq.Lists.List "x :: y" list_scope +R53424 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53428 Parallelmove.T +R53320 Coq.Init.Logic "x = y" type_scope +R53305 Parallelmove.split_move +R53322 Coq.Init.Datatypes.None +R53298 Parallelmove.Reg +R53298 Parallelmove.Reg +R53298 Parallelmove.Reg +R53281 Parallelmove.Moves +R53281 Parallelmove.Moves +R53281 Parallelmove.Moves +R53484 Coq.Lists.List "x ++ y" list_scope +R53496 Coq.Lists.List "x :: y" list_scope +R53488 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53499 Coq.Lists.List.nil +R53484 Coq.Lists.List "x ++ y" list_scope +R53496 Coq.Lists.List "x :: y" list_scope +R53488 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53499 Coq.Lists.List.nil +R53563 Parallelmove.last_app +R53588 Parallelmove.last_replace +R53563 Parallelmove.last_app +R53588 Parallelmove.last_replace +R53608 Locations.eq +R53608 Locations.eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R53836 Coq.Init.Logic "x = y" type_scope +R53788 Parallelmove.stepf +R53794 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53805 Coq.Lists.List "x :: y" list_scope +R53798 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53811 Coq.Lists.List "x ++ y" list_scope +R53823 Coq.Lists.List "x :: y" list_scope +R53815 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53826 Coq.Lists.List.nil +R53840 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53846 Coq.Lists.List "x ++ y" list_scope +R53858 Coq.Lists.List "x :: y" list_scope +R53850 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53861 Coq.Lists.List.nil +R53874 Coq.Lists.List "x :: y" list_scope +R53867 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53778 Coq.Init.Logic "x <> y" type_scope +R53765 Coq.Init.Logic "x = y" type_scope +R53750 Parallelmove.split_move +R53767 Coq.Init.Datatypes.None +R53743 Parallelmove.Reg +R53743 Parallelmove.Reg +R53743 Parallelmove.Reg +R53743 Parallelmove.Reg +R53724 Parallelmove.Moves +R53724 Parallelmove.Moves +R53724 Parallelmove.Moves +R53924 Coq.Lists.List "x ++ y" list_scope +R53936 Coq.Lists.List "x :: y" list_scope +R53928 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53939 Coq.Lists.List.nil +R53924 Coq.Lists.List "x ++ y" list_scope +R53936 Coq.Lists.List "x :: y" list_scope +R53928 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53939 Coq.Lists.List.nil +R54003 Parallelmove.last_app +R54003 Parallelmove.last_app +R54026 Locations.eq +R54026 Locations.eq +R54056 Coq.Init.Logic "x = y" type_scope +R54056 Coq.Init.Logic "x = y" type_scope +R54190 Parallelmove.noOverlap +R54204 Coq.Lists.List "x ++ y" list_scope +R54210 Coq.Lists.List "x :: y" list_scope +R54213 Coq.Lists.List.nil +R54158 Parallelmove.noOverlap +R54172 Coq.Lists.List "x ++ y" list_scope +R54178 Coq.Lists.List "x :: y" list_scope +R54302 Coq.Init.Logic "x = y" type_scope +R54282 Coq.Lists.List "x ++ y" list_scope +R54288 Coq.Lists.List "x :: y" list_scope +R54294 Coq.Lists.List "x :: y" list_scope +R54321 Coq.Lists.List "x ++ y" list_scope +R54308 Coq.Lists.List "x ++ y" list_scope +R54314 Coq.Lists.List "x :: y" list_scope +R54317 Coq.Lists.List.nil +R54329 Coq.Lists.List "x :: y" list_scope +R54356 Coq.Lists.List.app_ass +R54302 Coq.Init.Logic "x = y" type_scope +R54282 Coq.Lists.List "x ++ y" list_scope +R54288 Coq.Lists.List "x :: y" list_scope +R54294 Coq.Lists.List "x :: y" list_scope +R54321 Coq.Lists.List "x ++ y" list_scope +R54308 Coq.Lists.List "x ++ y" list_scope +R54314 Coq.Lists.List "x :: y" list_scope +R54317 Coq.Lists.List.nil +R54329 Coq.Lists.List "x :: y" list_scope +R54356 Coq.Lists.List.app_ass +R54419 Coq.Init.Logic "x = y" type_scope +R54406 Coq.Lists.List "x ++ y" list_scope +R54412 Coq.Lists.List "x :: y" list_scope +R54438 Coq.Lists.List "x ++ y" list_scope +R54425 Coq.Lists.List "x ++ y" list_scope +R54431 Coq.Lists.List "x :: y" list_scope +R54434 Coq.Lists.List.nil +R54466 Coq.Lists.List.app_ass +R54419 Coq.Init.Logic "x = y" type_scope +R54406 Coq.Lists.List "x ++ y" list_scope +R54412 Coq.Lists.List "x :: y" list_scope +R54438 Coq.Lists.List "x ++ y" list_scope +R54425 Coq.Lists.List "x ++ y" list_scope +R54431 Coq.Lists.List "x :: y" list_scope +R54434 Coq.Lists.List.nil +R54466 Coq.Lists.List.app_ass +R54517 Parallelmove.noOverlap_Pop +R54517 Parallelmove.noOverlap_Pop +R54665 Parallelmove.noRead +R54628 Parallelmove.noOverlap +R54641 Coq.Lists.List "x ++ y" list_scope +R54652 Coq.Lists.List "x :: y" list_scope +R54645 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R54655 Coq.Lists.List.nil +R54618 Coq.Init.Logic "x = y" type_scope +R54603 Parallelmove.split_move +R54620 Coq.Init.Datatypes.None +R54596 Parallelmove.Reg +R54596 Parallelmove.Reg +R54582 Parallelmove.Moves +R54751 Locations.eq +R54751 Locations.eq +R54809 Parallelmove.split_move +R54809 Parallelmove.split_move +R54902 Parallelmove.noOverlap +R54927 Coq.Lists.List "x ++ y" list_scope +R54923 Coq.Lists.List "x :: y" list_scope +R54914 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R54940 Coq.Lists.List "x :: y" list_scope +R54933 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R54943 Coq.Lists.List.nil +R54902 Parallelmove.noOverlap +R54927 Coq.Lists.List "x ++ y" list_scope +R54923 Coq.Lists.List "x :: y" list_scope +R54914 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R54940 Coq.Lists.List "x :: y" list_scope +R54933 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R54943 Coq.Lists.List.nil +R54968 Parallelmove.noOverlap +R54986 Coq.Lists.List "x :: y" list_scope +R54979 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R54999 Coq.Lists.List "x :: y" list_scope +R54990 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R54968 Parallelmove.noOverlap +R54986 Coq.Lists.List "x :: y" list_scope +R54979 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R54999 Coq.Lists.List "x :: y" list_scope +R54990 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55014 Parallelmove.noOverlap_Front0 +R55014 Parallelmove.noOverlap_Front0 +R55046 Parallelmove.noOverlap +R55066 Coq.Lists.List "x :: y" list_scope +R55057 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55077 Coq.Lists.List "x :: y" list_scope +R55070 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55046 Parallelmove.noOverlap +R55066 Coq.Lists.List "x :: y" list_scope +R55057 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55077 Coq.Lists.List "x :: y" list_scope +R55070 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55092 Parallelmove.noOverlap_swap +R55092 Parallelmove.noOverlap_swap +R55369 Coq.Init.Logic "x = y" type_scope +R55369 Coq.Init.Logic "x = y" type_scope +R55387 Locations.diff_sym +R55387 Locations.diff_sym +R55471 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55452 Parallelmove.noOverlap_pop +R55471 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55452 Parallelmove.noOverlap_pop +R55601 Coq.Init.Logic "A \/ B" type_scope +R55597 Coq.Init.Logic "x = y" type_scope +R55604 Locations.diff +R55535 Parallelmove.noOverlap +R55549 Coq.Lists.List "x ++ y" list_scope +R55560 Coq.Lists.List "x :: y" list_scope +R55553 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55567 Coq.Lists.List "x ++ y" list_scope +R55579 Coq.Lists.List "x :: y" list_scope +R55571 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55582 Coq.Lists.List.nil +R55641 Parallelmove.noOverlap +R55659 Coq.Lists.List "x :: y" list_scope +R55652 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55666 Coq.Lists.List "x ++ y" list_scope +R55678 Coq.Lists.List "x :: y" list_scope +R55670 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55681 Coq.Lists.List.nil +R55641 Parallelmove.noOverlap +R55659 Coq.Lists.List "x :: y" list_scope +R55652 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55666 Coq.Lists.List "x ++ y" list_scope +R55678 Coq.Lists.List "x :: y" list_scope +R55670 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55681 Coq.Lists.List.nil +R55703 Parallelmove.noOverlap_right +R55703 Parallelmove.noOverlap_right +R55738 Parallelmove.noOverlap +R55772 Coq.Lists.List "x ++ y" list_scope +R55753 Coq.Lists.List "x ++ y" list_scope +R55765 Coq.Lists.List "x :: y" list_scope +R55757 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55768 Coq.Lists.List.nil +R55785 Coq.Lists.List "x :: y" list_scope +R55778 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55788 Coq.Lists.List.nil +R55738 Parallelmove.noOverlap +R55772 Coq.Lists.List "x ++ y" list_scope +R55753 Coq.Lists.List "x ++ y" list_scope +R55765 Coq.Lists.List "x :: y" list_scope +R55757 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55768 Coq.Lists.List.nil +R55785 Coq.Lists.List "x :: y" list_scope +R55778 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55788 Coq.Lists.List.nil +R55809 Parallelmove.noOverlap_movBack0 +R55832 Coq.Lists.List "x ++ y" list_scope +R55844 Coq.Lists.List "x :: y" list_scope +R55836 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55847 Coq.Lists.List.nil +R55809 Parallelmove.noOverlap_movBack0 +R55832 Coq.Lists.List "x ++ y" list_scope +R55844 Coq.Lists.List "x :: y" list_scope +R55836 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55847 Coq.Lists.List.nil +R55914 Coq.Init.Logic "x = y" type_scope +R55893 Coq.Lists.List "x ++ y" list_scope +R55874 Coq.Lists.List "x ++ y" list_scope +R55886 Coq.Lists.List "x :: y" list_scope +R55878 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55889 Coq.Lists.List.nil +R55906 Coq.Lists.List "x :: y" list_scope +R55899 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55909 Coq.Lists.List.nil +R55921 Coq.Lists.List "x ++ y" list_scope +R55940 Coq.Lists.List "x ++ y" list_scope +R55934 Coq.Lists.List "x :: y" list_scope +R55926 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55937 Coq.Lists.List.nil +R55953 Coq.Lists.List "x :: y" list_scope +R55946 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55956 Coq.Lists.List.nil +R55914 Coq.Init.Logic "x = y" type_scope +R55893 Coq.Lists.List "x ++ y" list_scope +R55874 Coq.Lists.List "x ++ y" list_scope +R55886 Coq.Lists.List "x :: y" list_scope +R55878 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55889 Coq.Lists.List.nil +R55906 Coq.Lists.List "x :: y" list_scope +R55899 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55909 Coq.Lists.List.nil +R55921 Coq.Lists.List "x ++ y" list_scope +R55940 Coq.Lists.List "x ++ y" list_scope +R55934 Coq.Lists.List "x :: y" list_scope +R55926 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55937 Coq.Lists.List.nil +R55953 Coq.Lists.List "x :: y" list_scope +R55946 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R55956 Coq.Lists.List.nil +R55978 Coq.Lists.List.app_ass +R55978 Coq.Lists.List.app_ass +R56035 Parallelmove.noOverlap +R56054 Coq.Lists.List "x :: y" list_scope +R56046 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R56065 Coq.Lists.List "x :: y" list_scope +R56058 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R56068 Coq.Lists.List.nil +R56035 Parallelmove.noOverlap +R56054 Coq.Lists.List "x :: y" list_scope +R56046 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R56065 Coq.Lists.List "x :: y" list_scope +R56058 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R56068 Coq.Lists.List.nil +R56089 Parallelmove.noOverlap_right +R56089 Parallelmove.noOverlap_right +R56433 Parallelmove.dstep +R56424 Coq.Init.Logic "x = y" type_scope +R56415 Parallelmove.stepf +R56368 Parallelmove.noOverlap +R56394 Coq.Lists.List "x ++ y" list_scope +R56379 Parallelmove.StateToMove +R56397 Parallelmove.StateBeing +R56345 Coq.Init.Logic "x <> y" type_scope +R56348 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R56349 Coq.Lists.List.nil +R56354 Coq.Lists.List.nil +R56332 Parallelmove.Moves +R56310 Parallelmove.State +R56310 Parallelmove.State +R56573 Locations.eq +R56573 Locations.eq +R56626 Parallelmove.dstep_nop +R56626 Parallelmove.dstep_nop +R56675 Parallelmove.dstep_start +R56675 Parallelmove.dstep_start +R56757 Parallelmove.split_move +R56757 Parallelmove.split_move +R56892 Parallelmove.unsplit_move +R56908 Coq.Lists.List "x :: y" list_scope +R56892 Parallelmove.unsplit_move +R56908 Coq.Lists.List "x :: y" list_scope +R56958 Parallelmove.dstep_push +R56958 Parallelmove.dstep_push +R57041 Parallelmove.splitSome +R57060 Coq.Lists.List "x :: y" list_scope +R57052 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R57041 Parallelmove.splitSome +R57060 Coq.Lists.List "x :: y" list_scope +R57052 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R57093 Parallelmove.noOverlap_head +R57093 Parallelmove.noOverlap_head +R57171 Parallelmove.noOverlap_head +R57171 Parallelmove.noOverlap_head +R57283 Parallelmove.dstep_last +R57283 Parallelmove.dstep_last +R57283 Parallelmove.dstep_last +R57378 Parallelmove.splitNone +R57378 Parallelmove.splitNone +R57483 Parallelmove.rebuild_l +R57483 Parallelmove.rebuild_l +R57522 Parallelmove.last +R57530 Coq.Lists.List "x :: y" list_scope +R57522 Parallelmove.last +R57530 Coq.Lists.List "x :: y" list_scope +R57544 Locations.eq +R57544 Locations.eq +R57589 Parallelmove.head_but_last +R57606 Coq.Lists.List "x :: y" list_scope +R57704 Locations.eq +R57589 Parallelmove.head_but_last +R57606 Coq.Lists.List "x :: y" list_scope +R57704 Locations.eq +R57704 Locations.eq +R57764 Parallelmove.dstep_pop_loop +R57783 Coq.Lists.List.nil +R57779 Coq.Lists.List.nil +R57764 Parallelmove.dstep_pop_loop +R57783 Coq.Lists.List.nil +R57779 Coq.Lists.List.nil +R57835 Parallelmove.dstep_pop_loop +R57866 Coq.Lists.List.nil +R57860 Coq.Lists.List "x :: y" list_scope +R57851 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R57888 Coq.Lists.List.app +R57931 Parallelmove.splitNone +R57835 Parallelmove.dstep_pop_loop +R57866 Coq.Lists.List.nil +R57860 Coq.Lists.List "x :: y" list_scope +R57851 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R57888 Coq.Lists.List.app +R57931 Parallelmove.splitNone +R58017 Coq.Lists.List "x ++ y" list_scope +R57994 Parallelmove.head_but_last +R58011 Coq.Lists.List "x :: y" list_scope +R58029 Coq.Lists.List "x :: y" list_scope +R58021 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R58032 Coq.Lists.List.nil +R57973 Parallelmove.noOverlap_head +R58017 Coq.Lists.List "x ++ y" list_scope +R57994 Parallelmove.head_but_last +R58011 Coq.Lists.List "x :: y" list_scope +R58029 Coq.Lists.List "x :: y" list_scope +R58021 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R58032 Coq.Lists.List.nil +R57973 Parallelmove.noOverlap_head +R58053 Parallelmove.stepf_popLoop +R58053 Parallelmove.stepf_popLoop +R58086 Parallelmove.dstep_pop_loop +R58107 Coq.Lists.List "x :: y" list_scope +R58161 Parallelmove.splitNone +R58086 Parallelmove.dstep_pop_loop +R58107 Coq.Lists.List "x :: y" list_scope +R58161 Parallelmove.splitNone +R58247 Coq.Lists.List "x ++ y" list_scope +R58224 Parallelmove.head_but_last +R58241 Coq.Lists.List "x :: y" list_scope +R58259 Coq.Lists.List "x :: y" list_scope +R58251 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R58262 Coq.Lists.List.nil +R58203 Parallelmove.noOverlap_head +R58247 Coq.Lists.List "x ++ y" list_scope +R58224 Parallelmove.head_but_last +R58241 Coq.Lists.List "x :: y" list_scope +R58259 Coq.Lists.List "x :: y" list_scope +R58251 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R58262 Coq.Lists.List.nil +R58203 Parallelmove.noOverlap_head +R58290 Locations.diff +R58290 Locations.diff +R58319 Coq.Init.Logic "A \/ B" type_scope +R58315 Coq.Init.Logic "x = y" type_scope +R58322 Locations.diff +R58319 Coq.Init.Logic "A \/ B" type_scope +R58315 Coq.Init.Logic "x = y" type_scope +R58322 Locations.diff +R58344 Parallelmove.noO_diff +R58356 Parallelmove.head_but_last +R58373 Coq.Lists.List "x :: y" list_scope +R58344 Parallelmove.noO_diff +R58356 Parallelmove.head_but_last +R58373 Coq.Lists.List "x :: y" list_scope +R58428 Coq.Init.Logic "x = y" type_scope +R58428 Coq.Init.Logic "x = y" type_scope +R58467 Parallelmove.stepf_pop +R58467 Parallelmove.stepf_pop +R58496 Parallelmove.dstep_pop +R58509 Parallelmove.head_but_last +R58526 Coq.Lists.List "x :: y" list_scope +R58496 Parallelmove.dstep_pop +R58509 Parallelmove.head_but_last +R58526 Coq.Lists.List "x :: y" list_scope +R58578 Parallelmove.splitNone +R58578 Parallelmove.splitNone +R58664 Coq.Lists.List "x ++ y" list_scope +R58641 Parallelmove.head_but_last +R58658 Coq.Lists.List "x :: y" list_scope +R58676 Coq.Lists.List "x :: y" list_scope +R58668 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R58679 Coq.Lists.List.nil +R58620 Parallelmove.noOverlap_head +R58664 Coq.Lists.List "x ++ y" list_scope +R58641 Parallelmove.head_but_last +R58658 Coq.Lists.List "x :: y" list_scope +R58676 Coq.Lists.List "x :: y" list_scope +R58668 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R58679 Coq.Lists.List.nil +R58620 Parallelmove.noOverlap_head +R58833 Parallelmove.dstep +R58843 Parallelmove.stepf +R58785 Parallelmove.noOverlap +R58811 Coq.Lists.List "x ++ y" list_scope +R58796 Parallelmove.StateToMove +R58814 Parallelmove.StateBeing +R58762 Coq.Init.Logic "x <> y" type_scope +R58765 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R58766 Coq.Lists.List.nil +R58771 Coq.Lists.List.nil +R58749 Parallelmove.Moves +R58727 Parallelmove.State +R58884 Parallelmove.f2ind +R58884 Parallelmove.f2ind +R58989 Coq.Init.Logic "x = y" type_scope +R58964 Coq.Lists.List.length +R58975 Coq.Lists.List "x ++ y" list_scope +R58981 Coq.Lists.List "x :: y" list_scope +R59010 Coq.Init.Peano "x + y" nat_scope +R58992 Coq.Lists.List.length +R59003 Coq.Lists.List "x ++ y" list_scope +R58955 Parallelmove.Move +R58943 Parallelmove.Moves +R58943 Parallelmove.Moves +R59138 Coq.Init.Datatypes.nat +R59201 Coq.Init.Peano "x + y" nat_scope +R59190 Coq.Init.Peano "x * y" nat_scope +R59192 Coq.Lists.List.length +R59203 Coq.Lists.List.length +R59129 Parallelmove.State +R59349 Coq.Init.Peano "x < y" nat_scope +R59337 Coq.Init.Peano "x + y" nat_scope +R59325 Coq.Init.Peano "x * y" nat_scope +R59327 Coq.Lists.List.length +R59339 Coq.Lists.List.length +R59365 Coq.Init.Peano "x + y" nat_scope +R59353 Coq.Init.Peano "x * y" nat_scope +R59355 Coq.Lists.List.length +R59367 Coq.Lists.List.length +R59285 Parallelmove.dstep +R59304 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R59291 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R59276 Parallelmove.Moves +R59276 Parallelmove.Moves +R59260 Parallelmove.Moves +R59260 Parallelmove.Moves +R59260 Parallelmove.Moves +R59260 Parallelmove.Moves +R59459 Parallelmove.appcons_length +R59459 Parallelmove.appcons_length +R59520 Coq.Init.Logic "x = y" type_scope +R59487 Coq.Lists.List.length +R59497 Coq.Lists.List "x ++ y" list_scope +R59511 Coq.Lists.List "x :: y" list_scope +R59501 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R59502 Parallelmove.T +R59514 Coq.Lists.List.nil +R59522 Coq.Lists.List.length +R59532 Coq.Lists.List "x ++ y" list_scope +R59544 Coq.Lists.List "x :: y" list_scope +R59536 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R59547 Coq.Lists.List.nil +R59520 Coq.Init.Logic "x = y" type_scope +R59487 Coq.Lists.List.length +R59497 Coq.Lists.List "x ++ y" list_scope +R59511 Coq.Lists.List "x :: y" list_scope +R59501 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R59502 Parallelmove.T +R59514 Coq.Lists.List.nil +R59522 Coq.Lists.List.length +R59532 Coq.Lists.List "x ++ y" list_scope +R59544 Coq.Lists.List "x :: y" list_scope +R59536 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R59547 Coq.Lists.List.nil +R59611 Parallelmove.appcons_length +R59611 Parallelmove.appcons_length +R59611 Parallelmove.appcons_length +R59611 Parallelmove.appcons_length +R59709 Coq.Init.Peano "x < y" nat_scope +R59699 Parallelmove.mesure +R59711 Parallelmove.mesure +R59682 Parallelmove.dstep +R59674 Parallelmove.State +R59674 Parallelmove.State +R59821 Parallelmove.step_dec0 +R59821 Parallelmove.step_dec0 +R60039 Coq.Init.Peano "x < y" nat_scope +R60029 Parallelmove.mesure +R60041 Parallelmove.mesure +R59954 Coq.Init.Logic "A /\ B" type_scope +R59937 Coq.Init.Logic "x <> y" type_scope +R59940 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R59941 Coq.Lists.List.nil +R59946 Coq.Lists.List.nil +R59924 Parallelmove.Moves +R59975 Coq.Init.Logic "A /\ B" type_scope +R59964 Coq.Init.Logic "x = y" type_scope +R59966 Parallelmove.stepf +R59978 Parallelmove.noOverlap +R60004 Coq.Lists.List "x ++ y" list_scope +R59989 Parallelmove.StateToMove +R60007 Parallelmove.StateBeing +R59902 Parallelmove.State +R59902 Parallelmove.State +R60097 Parallelmove.step_dec +R60097 Parallelmove.step_dec +R60113 Parallelmove.f2ind +R60113 Parallelmove.f2ind +R60322 Coq.Arith.Wf_nat.ltof +R60329 Parallelmove.mesure +R60218 Coq.Init.Logic "A /\ B" type_scope +R60207 Coq.Init.Logic "x = y" type_scope +R60209 Parallelmove.stepf +R60266 Coq.Init.Logic "A /\ B" type_scope +R60249 Coq.Init.Logic "x <> y" type_scope +R60252 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R60253 Coq.Lists.List.nil +R60258 Coq.Lists.List.nil +R60236 Parallelmove.Moves +R60273 Parallelmove.noOverlap +R60299 Coq.Lists.List "x ++ y" list_scope +R60284 Parallelmove.StateToMove +R60302 Parallelmove.StateBeing +R60195 Parallelmove.State +R60195 Parallelmove.State +R60396 Parallelmove.step_dec +R60396 Parallelmove.step_dec +R60412 Parallelmove.f2ind +R60412 Parallelmove.f2ind +R60532 Coq.Init.Logic "x = y" type_scope +R60500 Parallelmove.replace_last_s +R60518 Coq.Lists.List "x :: y" list_scope +R60525 Coq.Lists.List "x :: y" list_scope +R60536 Coq.Lists.List "x :: y" list_scope +R60539 Parallelmove.replace_last_s +R60558 Coq.Lists.List "x :: y" list_scope +R60710 Coq.Init.Logic "x = y" type_scope +R60684 Coq.Lists.List.length +R60692 Parallelmove.replace_last_s +R60712 Coq.Lists.List.length +R60874 Coq.Init.Logic "x = y" type_scope +R60856 Coq.Lists.List.length +R60867 Coq.Lists.List "x ++ y" list_scope +R60886 Coq.Init.Peano "x + y" nat_scope +R60876 Coq.Lists.List.length +R60888 Coq.Lists.List.length +R60844 Coq.Lists.List.list +R60844 Coq.Lists.List.list +R61088 Coq.Init.Logic "x = y" type_scope +R61079 Coq.Lists.List.length +R61112 Coq.Init.Peano "x + y" nat_scope +R61101 Coq.Init.Peano "x + y" nat_scope +R61091 Coq.Lists.List.length +R61103 Coq.Lists.List.length +R61054 Coq.Init.Logic "x = y" type_scope +R61039 Parallelmove.split_move +R61056 Coq.Init.Datatypes.Some +R61061 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R61032 Parallelmove.Reg +R61032 Parallelmove.Reg +R61018 Parallelmove.Moves +R61018 Parallelmove.Moves +R61018 Parallelmove.Moves +R61219 Locations.eq +R61219 Locations.eq +R61284 Parallelmove.split_move +R61284 Parallelmove.split_move +R61581 Coq.Init.Peano "x < y" nat_scope +R61563 Parallelmove.mesure +R61571 Parallelmove.stepf +R61583 Parallelmove.mesure +R61538 Coq.Init.Logic "x <> y" type_scope +R61541 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R61542 Coq.Lists.List.nil +R61547 Coq.Lists.List.nil +R61525 Parallelmove.Moves +R61503 Parallelmove.State +R61785 Locations.eq +R61796 Coq.Init.Datatypes.fst +R61801 Parallelmove.last +R61809 Coq.Lists.List "x :: y" list_scope +R61785 Locations.eq +R61796 Coq.Init.Datatypes.fst +R61801 Parallelmove.last +R61809 Coq.Lists.List "x :: y" list_scope +R61836 Parallelmove.length_replace +R61836 Parallelmove.length_replace +R61942 Locations.eq +R61942 Locations.eq +R62003 Locations.eq +R62003 Locations.eq +R62047 Parallelmove.split_move +R62047 Parallelmove.split_move +R62114 Parallelmove.split_length +R62114 Parallelmove.split_length +R62157 Parallelmove.length_app +R62157 Parallelmove.length_app +R62215 Locations.eq +R62226 Coq.Init.Datatypes.fst +R62231 Parallelmove.last +R62239 Coq.Lists.List "x :: y" list_scope +R62215 Locations.eq +R62226 Coq.Init.Datatypes.fst +R62231 Parallelmove.last +R62239 Coq.Lists.List "x :: y" list_scope +R62266 Parallelmove.length_replace +R62266 Parallelmove.length_replace +R62428 Coq.Arith.Wf_nat.ltof +R62435 Parallelmove.mesure +R62413 Coq.Init.Logic "x = y" type_scope +R62415 Parallelmove.stepf +R62387 Coq.Init.Logic "x <> y" type_scope +R62390 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R62391 Coq.Lists.List.nil +R62396 Coq.Lists.List.nil +R62374 Parallelmove.Moves +R62352 Parallelmove.State +R62352 Parallelmove.State +R62506 Parallelmove.stepf_dec0' +R62506 Parallelmove.stepf_dec0' +R62624 Coq.Init.Logic "x <> y" type_scope +R62606 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R62609 Coq.Lists.List "x :: y" list_scope +R62627 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R62628 Coq.Lists.List.nil +R62633 Coq.Lists.List.nil +R62591 Coq.Lists.List.list +R62596 Parallelmove.Move +R62591 Coq.Lists.List.list +R62596 Parallelmove.Move +R62591 Coq.Lists.List.list +R62596 Parallelmove.Move +R62591 Coq.Lists.List.list +R62596 Parallelmove.Move +R62570 Parallelmove.Move +R62760 Coq.Init.Logic "x <> y" type_scope +R62742 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R62749 Coq.Lists.List "x :: y" list_scope +R62763 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R62764 Coq.Lists.List.nil +R62769 Coq.Lists.List.nil +R62727 Coq.Lists.List.list +R62732 Parallelmove.Move +R62727 Coq.Lists.List.list +R62732 Parallelmove.Move +R62727 Coq.Lists.List.list +R62732 Parallelmove.Move +R62727 Coq.Lists.List.list +R62732 Parallelmove.Move +R62706 Parallelmove.Move +R62827 Parallelmove.disc1 +R62833 Parallelmove.disc2 +R62890 Parallelmove.sameExec +R62881 Parallelmove.State +R63048 Coq.Init.Specif "{ A } + { B }" type_scope +R63051 Coq.Init.Logic "'exists' x : t , p" type_scope +R63076 Coq.Init.Logic "x = y" type_scope +R63078 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R63079 Coq.Lists.List.nil +R63084 Coq.Lists.List.nil +R63062 Coq.Lists.List.list +R63067 Parallelmove.Move +R63117 Coq.Init.Logic "x <> y" type_scope +R63120 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R63121 Coq.Lists.List.nil +R63126 Coq.Lists.List.nil +R63038 Parallelmove.State +R63275 Coq.Init.Wf.Fix +R63428 Parallelmove.base_case_Pmov_dec +R63465 Coq.Init.Specif.left +R63489 Coq.Init.Specif.right +R63517 Parallelmove.stepf_dec0' +R63506 Parallelmove.stepf +R63404 Parallelmove.State +R63381 Coq.Arith.Wf_nat.ltof +R63388 Parallelmove.mesure +R63344 Parallelmove.State +R63322 Parallelmove.State +R63284 Coq.Arith.Wf_nat.well_founded_ltof +R63304 Parallelmove.mesure +R63586 Coq.Init.Logic "x = y" type_scope +R63578 Parallelmove.Pmov +R63649 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R63650 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R63651 Coq.Lists.List.nil +R63656 Coq.Lists.List.nil +R63724 Parallelmove.Pmov +R63730 Parallelmove.stepf +R63836 Coq.Init.Wf.Fix_eq +R64020 Parallelmove.base_case_Pmov_dec +R64064 Coq.Init.Specif.left +R64095 Coq.Init.Specif.right +R64123 Parallelmove.stepf_dec0' +R64112 Parallelmove.stepf +R63989 Parallelmove.State +R63966 Coq.Arith.Wf_nat.ltof +R63973 Parallelmove.mesure +R63922 Parallelmove.State +R63893 Parallelmove.State +R63855 Coq.Arith.Wf_nat.well_founded_ltof +R63875 Parallelmove.mesure +R63836 Coq.Init.Wf.Fix_eq +R64020 Parallelmove.base_case_Pmov_dec +R64064 Coq.Init.Specif.left +R64095 Coq.Init.Specif.right +R64123 Parallelmove.stepf_dec0' +R64112 Parallelmove.stepf +R63989 Parallelmove.State +R63966 Coq.Arith.Wf_nat.ltof +R63973 Parallelmove.mesure +R63922 Parallelmove.State +R63893 Parallelmove.State +R63855 Coq.Arith.Wf_nat.well_founded_ltof +R63875 Parallelmove.mesure +R64153 Parallelmove.Pmov +R64153 Parallelmove.Pmov +R64266 Coq.Init.Logic "x = y" type_scope +R64235 Coq.Init.Specif.left +R64249 Coq.Init.Specif.right +R64451 Coq.Init.Logic "x = y" type_scope +R64420 Coq.Init.Specif.left +R64434 Coq.Init.Specif.right +R64816 Parallelmove.sameExec +R64797 Parallelmove.sameExec +R64779 Parallelmove.sameExec +R64726 Coq.Lists.List.In +R64732 Parallelmove.getdst +R64755 Coq.Lists.List "x ++ y" list_scope +R64740 Parallelmove.StateToMove +R64758 Parallelmove.StateBeing +R64672 Coq.Lists.List.In +R64678 Parallelmove.getdst +R64701 Coq.Lists.List "x ++ y" list_scope +R64686 Parallelmove.StateToMove +R64704 Parallelmove.StateBeing +R64606 Coq.Lists.List.In +R64612 Parallelmove.getdst +R64635 Coq.Lists.List "x ++ y" list_scope +R64620 Parallelmove.StateToMove +R64638 Parallelmove.StateBeing +R64552 Coq.Lists.List.In +R64558 Parallelmove.getdst +R64581 Coq.Lists.List "x ++ y" list_scope +R64566 Parallelmove.StateToMove +R64584 Parallelmove.StateBeing +R64530 Parallelmove.State +R64530 Parallelmove.State +R64530 Parallelmove.State +R64895 Parallelmove.getdst_app +R64895 Parallelmove.getdst_app +R64895 Parallelmove.getdst_app +R64895 Parallelmove.getdst_app +R64895 Parallelmove.getdst_app +R64895 Parallelmove.getdst_app +R64895 Parallelmove.getdst_app +R64895 Parallelmove.getdst_app +R64895 Parallelmove.getdst_app +R64895 Parallelmove.getdst_app +R64895 Parallelmove.getdst_app +R64895 Parallelmove.getdst_app +R64895 Parallelmove.getdst_app +R64895 Parallelmove.getdst_app +R65087 Coq.Lists.List.in_or_app +R65087 Coq.Lists.List.in_or_app +R65110 Coq.Lists.List.in_app_or +R65156 Coq.Lists.List "x ++ y" list_scope +R65146 Parallelmove.getdst +R65159 Parallelmove.getdst +R65131 Coq.Lists.List "x ++ y" list_scope +R65121 Parallelmove.getdst +R65134 Parallelmove.getdst +R65110 Coq.Lists.List.in_app_or +R65156 Coq.Lists.List "x ++ y" list_scope +R65146 Parallelmove.getdst +R65159 Parallelmove.getdst +R65131 Coq.Lists.List "x ++ y" list_scope +R65121 Parallelmove.getdst +R65134 Parallelmove.getdst +R65208 Coq.Lists.List.in_or_app +R65208 Coq.Lists.List.in_or_app +R65231 Coq.Lists.List.in_app_or +R65277 Coq.Lists.List "x ++ y" list_scope +R65267 Parallelmove.getdst +R65280 Parallelmove.getdst +R65252 Coq.Lists.List "x ++ y" list_scope +R65242 Parallelmove.getdst +R65255 Parallelmove.getdst +R65231 Coq.Lists.List.in_app_or +R65277 Coq.Lists.List "x ++ y" list_scope +R65267 Parallelmove.getdst +R65280 Parallelmove.getdst +R65252 Coq.Lists.List "x ++ y" list_scope +R65242 Parallelmove.getdst +R65255 Parallelmove.getdst +R65429 Coq.Lists.List.In +R65435 Parallelmove.getdst +R65458 Coq.Lists.List "x ++ y" list_scope +R65443 Parallelmove.StateToMove +R65461 Parallelmove.StateBeing +R65376 Coq.Lists.List.In +R65382 Parallelmove.getdst +R65405 Coq.Lists.List "x ++ y" list_scope +R65390 Parallelmove.StateToMove +R65408 Parallelmove.StateBeing +R65360 Parallelmove.dstep +R65349 Parallelmove.State +R65349 Parallelmove.State +R65581 Parallelmove.app_nil +R65609 Parallelmove.getdst_app +R65581 Parallelmove.app_nil +R65581 Parallelmove.app_nil +R65581 Parallelmove.app_nil +R65581 Parallelmove.app_nil +R65581 Parallelmove.app_nil +R65581 Parallelmove.app_nil +R65581 Parallelmove.app_nil +R65581 Parallelmove.app_nil +R65581 Parallelmove.app_nil +R65581 Parallelmove.app_nil +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65609 Parallelmove.getdst_app +R65681 Coq.Lists.List.in_app_or +R65705 Coq.Lists.List "x :: y" list_scope +R65708 Coq.Lists.List.nil +R65692 Parallelmove.getdst +R65681 Coq.Lists.List.in_app_or +R65705 Coq.Lists.List "x :: y" list_scope +R65708 Coq.Lists.List.nil +R65692 Parallelmove.getdst +R65790 Coq.Lists.List.in_app_or +R65829 Coq.Lists.List "x :: y" list_scope +R65835 Coq.Lists.List "x :: y" list_scope +R65838 Parallelmove.getdst +R65811 Coq.Lists.List "x ++ y" list_scope +R65801 Parallelmove.getdst +R65814 Parallelmove.getdst +R65790 Coq.Lists.List.in_app_or +R65829 Coq.Lists.List "x :: y" list_scope +R65835 Coq.Lists.List "x :: y" list_scope +R65838 Parallelmove.getdst +R65811 Coq.Lists.List "x ++ y" list_scope +R65801 Parallelmove.getdst +R65814 Parallelmove.getdst +R65883 Coq.Lists.List.in_app_or +R65906 Parallelmove.getdst +R65894 Parallelmove.getdst +R65883 Coq.Lists.List.in_app_or +R65906 Parallelmove.getdst +R65894 Parallelmove.getdst +R65950 Coq.Lists.List.in_or_app +R65973 Coq.Lists.List.in_or_app +R65950 Coq.Lists.List.in_or_app +R65973 Coq.Lists.List.in_or_app +R66008 Coq.Lists.List.in_or_app +R66031 Coq.Lists.List.in_or_app +R66008 Coq.Lists.List.in_or_app +R66031 Coq.Lists.List.in_or_app +R66120 Coq.Lists.List.in_or_app +R66143 Coq.Lists.List.in_or_app +R66120 Coq.Lists.List.in_or_app +R66143 Coq.Lists.List.in_or_app +R66186 Coq.Lists.List.in_or_app +R66186 Coq.Lists.List.in_or_app +R66229 Coq.Lists.List.in_or_app +R66229 Coq.Lists.List.in_or_app +R66279 Coq.Lists.List.in_app_or +R66310 Coq.Lists.List "x ++ y" list_scope +R66301 Parallelmove.getdst +R66316 Coq.Lists.List "x :: y" list_scope +R66319 Coq.Lists.List.nil +R66290 Parallelmove.getdst +R66279 Coq.Lists.List.in_app_or +R66310 Coq.Lists.List "x ++ y" list_scope +R66301 Parallelmove.getdst +R66316 Coq.Lists.List "x :: y" list_scope +R66319 Coq.Lists.List.nil +R66290 Parallelmove.getdst +R66358 Coq.Lists.List.in_or_app +R66358 Coq.Lists.List.in_or_app +R66393 Coq.Lists.List.in_app_or +R66417 Coq.Lists.List "x :: y" list_scope +R66420 Coq.Lists.List.nil +R66404 Parallelmove.getdst +R66393 Coq.Lists.List.in_app_or +R66417 Coq.Lists.List "x :: y" list_scope +R66420 Coq.Lists.List.nil +R66404 Parallelmove.getdst +R66458 Coq.Lists.List.in_or_app +R66496 Coq.Lists.List.in_or_app +R66458 Coq.Lists.List.in_or_app +R66496 Coq.Lists.List.in_or_app +R66579 Coq.Lists.List.in_or_app +R66617 Coq.Lists.List.in_or_app +R66579 Coq.Lists.List.in_or_app +R66617 Coq.Lists.List.in_or_app +R66654 Coq.Lists.List.in_app_or +R66685 Coq.Lists.List "x ++ y" list_scope +R66676 Parallelmove.getdst +R66692 Coq.Lists.List "x :: y" list_scope +R66695 Coq.Lists.List.nil +R66665 Parallelmove.getdst +R66654 Coq.Lists.List.in_app_or +R66685 Coq.Lists.List "x ++ y" list_scope +R66676 Parallelmove.getdst +R66692 Coq.Lists.List "x :: y" list_scope +R66695 Coq.Lists.List.nil +R66665 Parallelmove.getdst +R66734 Coq.Lists.List.in_or_app +R66734 Coq.Lists.List.in_or_app +R66769 Coq.Lists.List.in_app_or +R66794 Coq.Lists.List "x :: y" list_scope +R66797 Coq.Lists.List.nil +R66780 Parallelmove.getdst +R66769 Coq.Lists.List.in_app_or +R66794 Coq.Lists.List "x :: y" list_scope +R66797 Coq.Lists.List.nil +R66780 Parallelmove.getdst +R66880 Coq.Lists.List.in_or_app +R66918 Coq.Lists.List.in_or_app +R66880 Coq.Lists.List.in_or_app +R66918 Coq.Lists.List.in_or_app +R66953 Coq.Lists.List.in_or_app +R66991 Coq.Lists.List.in_or_app +R66953 Coq.Lists.List.in_or_app +R66991 Coq.Lists.List.in_or_app +R67028 Coq.Lists.List.in_or_app +R67028 Coq.Lists.List.in_or_app +R67126 Coq.Init.Logic "x = y" type_scope +R67104 Parallelmove.StateToMove +R67117 Parallelmove.Pmov +R67128 Coq.Lists.List.nil +R67095 Parallelmove.State +R67167 Coq.Init.Wf.well_founded_ind +R67185 Coq.Arith.Wf_nat.well_founded_ltof +R67212 Parallelmove.mesure +R67167 Coq.Init.Wf.well_founded_ind +R67185 Coq.Arith.Wf_nat.well_founded_ltof +R67212 Parallelmove.mesure +R67291 Parallelmove.Pmov_equation +R67291 Parallelmove.Pmov_equation +R67354 Parallelmove.stepf1_dec +R67354 Parallelmove.stepf1_dec +R67390 Parallelmove.stepf1_dec +R67390 Parallelmove.stepf1_dec +R67475 Coq.Init.Logic "x = y" type_scope +R67454 Parallelmove.StateBeing +R67466 Parallelmove.Pmov +R67477 Coq.Lists.List.nil +R67445 Parallelmove.State +R67516 Coq.Init.Wf.well_founded_ind +R67534 Coq.Arith.Wf_nat.well_founded_ltof +R67561 Parallelmove.mesure +R67516 Coq.Init.Wf.well_founded_ind +R67534 Coq.Arith.Wf_nat.well_founded_ltof +R67561 Parallelmove.mesure +R67640 Parallelmove.Pmov_equation +R67640 Parallelmove.Pmov_equation +R67703 Parallelmove.stepf1_dec +R67703 Parallelmove.stepf1_dec +R67739 Parallelmove.stepf1_dec +R67739 Parallelmove.stepf1_dec +R67824 Parallelmove.sameExec +R67837 Parallelmove.Pmov +R67809 Parallelmove.stepInv +R67801 Parallelmove.State +R67881 Coq.Init.Wf.well_founded_ind +R67899 Coq.Arith.Wf_nat.well_founded_ltof +R67926 Parallelmove.mesure +R67881 Coq.Init.Wf.well_founded_ind +R67899 Coq.Arith.Wf_nat.well_founded_ltof +R67926 Parallelmove.mesure +R67983 Parallelmove.Pmov_equation +R67983 Parallelmove.Pmov_equation +R68141 Coq.Lists.List.In +R68147 Parallelmove.getdst +R68178 Coq.Lists.List "x ++ y" list_scope +R68155 Parallelmove.StateToMove +R68168 Parallelmove.stepf +R68181 Parallelmove.StateBeing +R68193 Parallelmove.stepf +R68057 Coq.Lists.List.In +R68063 Parallelmove.getdst +R68101 Coq.Lists.List "x ++ y" list_scope +R68071 Parallelmove.StateToMove +R68084 Parallelmove.Pmov +R68090 Parallelmove.stepf +R68104 Parallelmove.StateBeing +R68116 Parallelmove.Pmov +R68122 Parallelmove.stepf +R68046 Parallelmove.Reg +R68141 Coq.Lists.List.In +R68147 Parallelmove.getdst +R68178 Coq.Lists.List "x ++ y" list_scope +R68155 Parallelmove.StateToMove +R68168 Parallelmove.stepf +R68181 Parallelmove.StateBeing +R68193 Parallelmove.stepf +R68057 Coq.Lists.List.In +R68063 Parallelmove.getdst +R68101 Coq.Lists.List "x ++ y" list_scope +R68071 Parallelmove.StateToMove +R68084 Parallelmove.Pmov +R68090 Parallelmove.stepf +R68104 Parallelmove.StateBeing +R68116 Parallelmove.Pmov +R68122 Parallelmove.stepf +R68046 Parallelmove.Reg +R68229 Parallelmove.STM_Pmov +R68239 Parallelmove.stepf +R68259 Parallelmove.SB_Pmov +R68229 Parallelmove.STM_Pmov +R68239 Parallelmove.stepf +R68259 Parallelmove.SB_Pmov +R68326 Parallelmove.sameExec_reflexive +R68326 Parallelmove.sameExec_reflexive +R68355 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R68356 Coq.Lists.List.nil +R68364 Parallelmove.Move +R68373 Coq.Lists.List "x :: y" list_scope +R68355 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R68356 Coq.Lists.List.nil +R68364 Parallelmove.Move +R68373 Coq.Lists.List "x :: y" list_scope +R68392 Parallelmove.dstep +R68402 Parallelmove.stepf +R68425 Parallelmove.f2ind +R68392 Parallelmove.dstep +R68402 Parallelmove.stepf +R68425 Parallelmove.f2ind +R68425 Parallelmove.f2ind +R68532 Parallelmove.stepf +R68506 Parallelmove.sameExec_transitive +R68532 Parallelmove.stepf +R68506 Parallelmove.sameExec_transitive +R68565 Parallelmove.dstep_inv_getdst +R68565 Parallelmove.dstep_inv_getdst +R68595 Parallelmove.dstepp_sameExec +R68643 Parallelmove.stepf +R68624 Parallelmove.dstepp_trans +R68595 Parallelmove.dstepp_sameExec +R68643 Parallelmove.stepf +R68624 Parallelmove.dstepp_trans +R68666 Parallelmove.dstepp_refl +R68666 Parallelmove.dstepp_refl +R68722 Parallelmove.step_dec +R68722 Parallelmove.step_dec +R68751 Parallelmove.dstep_inv +R68751 Parallelmove.dstep_inv +R68787 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R68790 Coq.Lists.List "x :: y" list_scope +R68787 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R68790 Coq.Lists.List "x :: y" list_scope +R68812 Parallelmove.dstep +R68822 Parallelmove.stepf +R68845 Parallelmove.f2ind +R68812 Parallelmove.dstep +R68822 Parallelmove.stepf +R68845 Parallelmove.f2ind +R68845 Parallelmove.f2ind +R68952 Parallelmove.stepf +R68926 Parallelmove.sameExec_transitive +R68952 Parallelmove.stepf +R68926 Parallelmove.sameExec_transitive +R68985 Parallelmove.dstep_inv_getdst +R68985 Parallelmove.dstep_inv_getdst +R69015 Parallelmove.dstepp_sameExec +R69063 Parallelmove.stepf +R69044 Parallelmove.dstepp_trans +R69015 Parallelmove.dstepp_sameExec +R69063 Parallelmove.stepf +R69044 Parallelmove.dstepp_trans +R69086 Parallelmove.dstepp_refl +R69086 Parallelmove.dstepp_refl +R69142 Parallelmove.step_dec +R69142 Parallelmove.step_dec +R69171 Parallelmove.dstep_inv +R69171 Parallelmove.dstep_inv +R69245 Parallelmove.StateDone +R69256 Parallelmove.Pmov +R69261 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R69265 Coq.Lists.List.nil +R69270 Coq.Lists.List.nil +R69235 Parallelmove.Moves +R69299 Parallelmove.sexec +R69326 Parallelmove.get +R69393 Parallelmove.Moves +R69368 Coq.Lists.List.list +R69373 Locations.loc +R69368 Coq.Lists.List.list +R69373 Locations.loc +R69421 Coq.Lists.List.nil +R69428 Coq.Lists.List.nil +R69438 Coq.Lists.List "x :: y" list_scope +R69478 Coq.Lists.List.nil +R69485 Coq.Lists.List.nil +R69500 Coq.Lists.List "x :: y" list_scope +R69518 Coq.Lists.List "x :: y" list_scope +R69511 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R69368 Coq.Lists.List.list +R69373 Locations.loc +R69368 Coq.Lists.List.list +R69373 Locations.loc +R69660 Coq.Init.Logic "A \/ B" type_scope +R69656 Coq.Init.Logic "x = y" type_scope +R69663 Locations.diff +R69642 Coq.Lists.List.In +R69621 Coq.Lists.List.In +R69595 Coq.Lists.List.list +R69600 Locations.loc +R69595 Coq.Lists.List.list +R69600 Locations.loc +R69725 Parallelmove.no_overlap +R69786 Parallelmove.getdst +R69808 Coq.Lists.List "x ++ y" list_scope +R69794 Parallelmove.StateToMove +R69811 Parallelmove.StateBeing +R69741 Parallelmove.getsrc +R69763 Coq.Lists.List "x ++ y" list_scope +R69749 Parallelmove.StateToMove +R69766 Parallelmove.StateBeing +R69712 Parallelmove.State +R69868 Parallelmove.no_overlap +R69891 Parallelmove.getdst +R69880 Parallelmove.getsrc +R70014 Parallelmove.noOverlap_aux +R70031 Parallelmove.getdst +R69992 Coq.Init.Logic "A \/ B" type_scope +R69988 Coq.Init.Logic "x = y" type_scope +R69995 Locations.diff +R69965 Coq.Lists.List.In +R69971 Parallelmove.getdst +R69959 Parallelmove.Reg +R70177 Locations.diff_sym +R70177 Locations.diff_sym +R70349 Parallelmove.noOverlap +R70374 Coq.Lists.List "x ++ y" list_scope +R70360 Parallelmove.StateToMove +R70377 Parallelmove.StateBeing +R70326 Parallelmove.no_overlap_state +R70468 Coq.Lists.List "x ++ y" list_scope +R70454 Parallelmove.StateToMove +R70471 Parallelmove.StateBeing +R70468 Coq.Lists.List "x ++ y" list_scope +R70454 Parallelmove.StateToMove +R70471 Parallelmove.StateBeing +R70526 Parallelmove.Indst_noOverlap_aux +R70526 Parallelmove.Indst_noOverlap_aux +R70775 Coq.Init.Logic "x = y" type_scope +R70757 Parallelmove.get +R70762 Parallelmove.pexec +R70777 Parallelmove.get +R70782 Parallelmove.sexec +R70789 Parallelmove.StateDone +R70800 Parallelmove.Pmov +R70805 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R70809 Coq.Lists.List.nil +R70814 Coq.Lists.List.nil +R70735 Coq.Init.Logic "A \/ B" type_scope +R70731 Coq.Init.Logic "x = y" type_scope +R70738 Locations.diff +R70709 Coq.Lists.List.In +R70715 Parallelmove.getdst +R70703 Parallelmove.Reg +R70672 Parallelmove.notemporary +R70660 Parallelmove.noTmp +R70638 Parallelmove.no_overlap_list +R70621 Parallelmove.simpleDest +R70882 Parallelmove.Fpmov_correct +R70896 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R70900 Coq.Lists.List.nil +R70905 Coq.Lists.List.nil +R70951 Parallelmove.SB_Pmov +R70968 Parallelmove.STM_Pmov +R70882 Parallelmove.Fpmov_correct +R70896 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R70900 Coq.Lists.List.nil +R70905 Coq.Lists.List.nil +R70951 Parallelmove.SB_Pmov +R70968 Parallelmove.STM_Pmov +R71001 Parallelmove.app_nil +R71001 Parallelmove.app_nil +R71001 Parallelmove.app_nil +R71001 Parallelmove.app_nil +R71086 Parallelmove.app_nil +R71086 Parallelmove.app_nil +R71086 Parallelmove.app_nil +R71086 Parallelmove.app_nil +R71127 Parallelmove.no_overlap_noOverlap +R71148 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R71152 Coq.Lists.List.nil +R71157 Coq.Lists.List.nil +R71127 Parallelmove.no_overlap_noOverlap +R71148 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R71152 Coq.Lists.List.nil +R71157 Coq.Lists.List.nil +R71282 Parallelmove.app_nil +R71282 Parallelmove.app_nil +R71282 Parallelmove.app_nil +R71530 Coq.Init.Logic "x = y" type_scope +R71522 Parallelmove.get +R71532 Parallelmove.get +R71537 Parallelmove.sexec +R71544 Parallelmove.StateDone +R71555 Parallelmove.Pmov +R71560 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R71564 Coq.Lists.List.nil +R71569 Coq.Lists.List.nil +R71506 Parallelmove.noWrite +R71485 Coq.Init.Logic "A \/ B" type_scope +R71481 Coq.Init.Logic "x = y" type_scope +R71488 Locations.diff +R71459 Coq.Lists.List.In +R71465 Parallelmove.getdst +R71453 Parallelmove.Reg +R71422 Parallelmove.notemporary +R71410 Parallelmove.noTmp +R71388 Parallelmove.no_overlap_list +R71371 Parallelmove.simpleDest +R71364 Parallelmove.Reg +R71354 Parallelmove.Env +R71342 Parallelmove.Moves +R71659 Parallelmove.Fpmov_correctMoves +R71659 Parallelmove.Fpmov_correctMoves +R71756 Locations.eq +R71756 Locations.eq +R71804 Locations.diff +R71804 Locations.diff +R71844 Locations.same_not_diff +R71844 Locations.same_not_diff +R71895 Parallelmove.get_update_diff +R71895 Parallelmove.get_update_diff +R71936 Parallelmove.get_noWrite +R71936 Parallelmove.get_noWrite +R72078 Locations.diff +R72047 Parallelmove.simpleDest +R72068 Coq.Lists.List "x :: y" list_scope +R72059 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R72032 Coq.Lists.List.In +R72035 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R72023 Parallelmove.Moves +R72013 Parallelmove.Reg +R72013 Parallelmove.Reg +R72013 Parallelmove.Reg +R72013 Parallelmove.Reg +R72210 Locations.diff_sym +R72210 Locations.diff_sym +R72267 Parallelmove.simpleDest_pop2 +R72267 Parallelmove.simpleDest_pop2 +R72447 Coq.Init.Logic "x = y" type_scope +R72429 Parallelmove.get +R72434 Parallelmove.pexec +R72449 Parallelmove.get +R72392 Parallelmove.simpleDest +R72382 Coq.Lists.List.In +R72373 Parallelmove.Moves +R72362 Parallelmove.Move +R72352 Parallelmove.Env +R72513 Coq.Lists.List.in_inv +R72513 Coq.Lists.List.in_inv +R72558 Parallelmove.get_update_id +R72558 Parallelmove.get_update_id +R72617 Parallelmove.get_update_diff +R72617 Parallelmove.get_update_diff +R72658 Parallelmove.simpleDest_pop +R72673 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R72658 Parallelmove.simpleDest_pop +R72673 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R72709 Parallelmove.In_SD_diff +R72709 Parallelmove.In_SD_diff +R72850 Parallelmove.notemporary +R72838 Parallelmove.noTmp +R72823 Coq.Lists.List.In +R72826 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R72815 Parallelmove.Moves +R72805 Parallelmove.Reg +R72805 Parallelmove.Reg +R73130 Coq.Lists.List.In +R73136 Parallelmove.getdst +R73114 Coq.Lists.List.In +R73117 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R73382 Locations.diff +R73351 Parallelmove.simpleDest +R73372 Coq.Lists.List "x :: y" list_scope +R73363 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R73332 Coq.Lists.List.In +R73338 Parallelmove.getdst +R73323 Parallelmove.Moves +R73313 Parallelmove.Reg +R73313 Parallelmove.Reg +R73313 Parallelmove.Reg +R73536 Locations.diff_sym +R73536 Locations.diff_sym +R73625 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R73604 Parallelmove.simpleDest_pop2 +R73625 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R73604 Parallelmove.simpleDest_pop2 +R73787 Coq.Init.Logic "A \/ B" type_scope +R73783 Coq.Init.Logic "x = y" type_scope +R73790 Locations.diff +R73761 Coq.Lists.List.In +R73767 Parallelmove.getdst +R73755 Parallelmove.Reg +R73727 Parallelmove.simpleDest +R73711 Coq.Lists.List.In +R73714 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R73702 Parallelmove.Moves +R73692 Parallelmove.Reg +R73692 Parallelmove.Reg +R73994 Parallelmove.In_SD_diff' +R73994 Parallelmove.In_SD_diff' +R74062 Locations.diff_sym +R74083 Parallelmove.In_SD_diff +R74062 Locations.diff_sym +R74083 Parallelmove.In_SD_diff +R74145 Parallelmove.simpleDest_pop +R74160 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R74145 Parallelmove.simpleDest_pop +R74160 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R74228 Coq.Init.Logic "x = y" type_scope +R74219 Parallelmove.getdst +R74230 Coq.Lists.List.map +R74244 Coq.Init.Datatypes.snd +R74370 Coq.Init.Logic "x = y" type_scope +R74361 Parallelmove.getsrc +R74372 Coq.Lists.List.map +R74386 Coq.Init.Datatypes.fst +R74673 Coq.Init.Logic "x = y" type_scope +R74624 Parallelmove.get +R74629 Parallelmove.sexec +R74636 Parallelmove.StateDone +R74647 Parallelmove.Pmov +R74652 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R74656 Coq.Lists.List.nil +R74661 Coq.Lists.List.nil +R74675 Parallelmove.get +R74591 Parallelmove.noTmp +R74569 Parallelmove.no_overlap_list +R74552 Parallelmove.simpleDest +R74541 Coq.Lists.List.In +R74533 Parallelmove.Move +R74523 Parallelmove.Env +R74511 Parallelmove.Moves +R74761 Parallelmove.Fpmov_correctMoves +R74761 Parallelmove.Fpmov_correctMoves +R74846 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R74820 Parallelmove.pexec_correct +R74846 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R74820 Parallelmove.pexec_correct +R74869 Parallelmove.In_noTmp_notempo +R74869 Parallelmove.In_noTmp_notempo +R74907 Parallelmove.In_SD_no_o +R74907 Parallelmove.In_SD_no_o +R74999 Parallelmove.noWrite +R74972 Locations.notin +R74985 Parallelmove.getdst +R75114 Locations.diff_sym +R75114 Locations.diff_sym +R75289 Parallelmove.noTmp +R75249 Locations.disjoint +R75273 Conventions.temporaries +R75263 Parallelmove.getdst +R75209 Locations.disjoint +R75233 Conventions.temporaries +R75223 Parallelmove.getsrc +R75360 Parallelmove.getsrc +R75374 Parallelmove.getdst +R75360 Parallelmove.getsrc +R75374 Parallelmove.getdst +R75451 Locations.type +R75451 Locations.type +R75590 Locations.type +R75590 Locations.type +R75724 Locations.disjoint_cons_left +R75724 Locations.disjoint_cons_left +R75768 Locations.disjoint_cons_left +R75768 Locations.disjoint_cons_left +R76027 Coq.Init.Logic "x = y" type_scope +R75976 Parallelmove.sexec +R75983 Parallelmove.StateDone +R75994 Parallelmove.Pmov +R75999 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R76003 Coq.Lists.List.nil +R76008 Coq.Lists.List.nil +R76020 Locations.R +R76022 Locations.IT3 +R76033 Locations.R +R76035 Locations.IT3 +R75934 Locations.disjoint +R75958 Conventions.temporaries +R75948 Parallelmove.getdst +R75894 Locations.disjoint +R75918 Conventions.temporaries +R75908 Parallelmove.getsrc +R75872 Parallelmove.no_overlap_list +R75855 Parallelmove.simpleDest +R76105 Parallelmove.Fpmov_correctMoves +R76105 Parallelmove.Fpmov_correctMoves +R76199 Parallelmove.get_noWrite +R76214 Locations.R +R76216 Locations.IT3 +R76199 Parallelmove.get_noWrite +R76214 Locations.R +R76216 Locations.IT3 +R76281 Parallelmove.notindst_nW +R76281 Parallelmove.notindst_nW +R76301 Locations.disjoint_notin +R76320 Conventions.temporaries +R76301 Locations.disjoint_notin +R76320 Conventions.temporaries +R76340 Locations.disjoint_sym +R76340 Locations.disjoint_sym +R76399 Parallelmove.disjoint_tmp__noTmp +R76399 Parallelmove.disjoint_tmp__noTmp +R76465 Locations.type +R76465 Locations.type +R76555 Parallelmove.getdst +R76531 Locations.in_notin_diff +R76555 Parallelmove.getdst +R76531 Locations.in_notin_diff +R76602 Conventions.temporaries +R76578 Locations.disjoint_notin +R76602 Conventions.temporaries +R76578 Locations.disjoint_notin +R76627 Locations.disjoint_sym +R76627 Locations.disjoint_sym +R76913 Coq.Init.Logic "x = y" type_scope +R76849 Coq.Lists.List.map +R76903 Parallelmove.getdst +R76859 Parallelmove.sexec +R76866 Parallelmove.StateDone +R76877 Parallelmove.Pmov +R76882 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R76886 Coq.Lists.List.nil +R76891 Coq.Lists.List.nil +R76917 Coq.Lists.List.map +R76930 Parallelmove.getsrc +R76808 Locations.disjoint +R76832 Conventions.temporaries +R76822 Parallelmove.getdst +R76768 Locations.disjoint +R76792 Conventions.temporaries +R76782 Parallelmove.getsrc +R76746 Parallelmove.no_overlap_list +R76729 Parallelmove.simpleDest +R76964 Parallelmove.getsrc_map +R76984 Parallelmove.getdst_map +R77004 Coqlib.list_map_compose +R77031 Coqlib.list_map_compose +R77055 Coqlib.list_map_exten +R76964 Parallelmove.getsrc_map +R76984 Parallelmove.getdst_map +R77004 Coqlib.list_map_compose +R77031 Coqlib.list_map_compose +R77055 Coqlib.list_map_exten +R77091 Parallelmove.Fpmov_correct2 +R77091 Parallelmove.Fpmov_correct2 +R77196 Parallelmove.disjoint_tmp__noTmp +R77196 Parallelmove.disjoint_tmp__noTmp +R77504 Coq.Init.Logic "x = y" type_scope +R77459 Parallelmove.sexec +R77466 Parallelmove.StateDone +R77477 Parallelmove.Pmov +R77482 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R77486 Coq.Lists.List.nil +R77491 Coq.Lists.List.nil +R77429 Locations.notin +R77441 Conventions.temporaries +R77402 Locations.notin +R77415 Parallelmove.getdst +R77351 Locations.disjoint +R77375 Conventions.temporaries +R77365 Parallelmove.getdst +R77311 Locations.disjoint +R77335 Conventions.temporaries +R77325 Parallelmove.getsrc +R77289 Parallelmove.no_overlap_list +R77272 Parallelmove.simpleDest +R77539 Parallelmove.Fpmov_correct1 +R77539 Parallelmove.Fpmov_correct1 +R77622 Parallelmove.disjoint_tmp__noTmp +R77622 Parallelmove.disjoint_tmp__noTmp +R77711 Locations.type +R77711 Locations.type +R78074 Locations.eq +R78074 Locations.eq +R78186 Parallelmove.getdst +R78162 Locations.in_notin_diff +R78186 Parallelmove.getdst +R78162 Locations.in_notin_diff +R78209 Parallelmove.notindst_nW +R78209 Parallelmove.notindst_nW +FAllocation +R409 Registers.add +R442 Registers.remove +R536 Coq.Init.Datatypes.None +R549 Coq.Init.Datatypes.Some +R507 Registers.t +R490 Coq.Init.Datatypes.option +R497 Registers.reg +R657 Coq.Init.Datatypes.inl +R682 Coq.Init.Datatypes.inr +R627 Registers.t +R613 Coq.Init.Datatypes "x + y" type_scope +R609 Registers.reg +R615 AST.ident +R780 Registers.t +R756 Registers.t +R741 Coq.Lists.List.list +R746 Registers.reg +R812 Coq.Lists.List.nil +R829 Coq.Lists.List "x :: y" list_scope +R756 Registers.t +R741 Coq.Lists.List.list +R746 Registers.reg +R960 Registers.t +R936 Registers.t +R921 Coq.Lists.List.list +R926 Registers.reg +R992 Coq.Lists.List.nil +R1009 Coq.Lists.List "x :: y" list_scope +R936 Registers.t +R921 Coq.Lists.List.list +R926 Registers.reg +R1141 Registers.t +R1172 Maps "a ! b" +R1164 RTL.fn_code +R1185 Coq.Init.Datatypes.None +R1209 Coq.Init.Datatypes.Some +R1246 RTL.Inop +R1280 RTL.Iop +R1314 Registers.mem +R1352 Allocation.reg_list_live +R1433 RTL.Iload +R1477 Registers.mem +R1515 Allocation.reg_list_live +R1596 RTL.Istore +R1638 Allocation.reg_list_live +R1686 RTL.Icall +R1724 Allocation.reg_list_live +R1755 Allocation.reg_sum_live +R1802 RTL.Icond +R1842 Allocation.reg_list_live +R1875 RTL.Ireturn +R1903 Allocation.reg_option_live +R1129 Registers.t +R1115 RTL.node +R1096 RTL.function +R2036 Coq.Init.Datatypes.option +R2044 Maps.t +R2051 Registers.t +R2066 Allocation.fixpoint +R2120 Coq.Lists.List.nil +R2108 Allocation.transfer +R2096 RTL.fn_nextpc +R2079 RTL.successors +R2021 RTL.function +R2225 Locations.mreg +R2252 Locations.R +R2265 Locations.S +R2278 Locations.slot_type +R2295 AST.Tint +R2303 Locations.IT1 +R2309 AST.Tfloat +R2319 Locations.FT1 +R2218 Locations.loc +R2437 Coq.Lists.List.list +R2442 Locations.mreg +R2388 Coq.Lists.List.list +R2393 Locations.mreg +R2388 Coq.Lists.List.list +R2393 Locations.mreg +R2364 Coq.Lists.List.list +R2369 Locations.loc +R2489 Coq.Lists.List "x :: y" list_scope +R2500 Coq.Lists.List "x :: y" list_scope +R2512 Coq.Lists.List "x :: y" list_scope +R2645 Coq.Lists.List "x :: y" list_scope +R2550 Locations.R +R2567 Locations.S +R2580 Locations.slot_type +R2597 AST.Tint +R2611 AST.Tfloat +R2687 Coq.Lists.List.nil +R2388 Coq.Lists.List.list +R2393 Locations.mreg +R2388 Coq.Lists.List.list +R2393 Locations.mreg +R2364 Coq.Lists.List.list +R2369 Locations.loc +R2741 Allocation.regs_for_rec +R2791 Coq.Lists.List "x :: y" list_scope +R2787 Locations.FT1 +R2798 Coq.Lists.List "x :: y" list_scope +R2794 Locations.FT2 +R2805 Coq.Lists.List "x :: y" list_scope +R2801 Locations.FT3 +R2808 Coq.Lists.List.nil +R2764 Coq.Lists.List "x :: y" list_scope +R2760 Locations.IT1 +R2771 Coq.Lists.List "x :: y" list_scope +R2767 Locations.IT2 +R2778 Coq.Lists.List "x :: y" list_scope +R2774 Locations.IT3 +R2781 Coq.Lists.List.nil +R2726 Coq.Lists.List.list +R2731 Locations.loc +R2946 Locations.R +R2957 Locations.mreg_eq +R2984 LTL.Bop +R2998 Coq.Lists.List "x :: y" list_scope +R3001 Coq.Lists.List.nil +R2988 Op.Omove +R3016 Locations.S +R3024 LTL.Bgetstack +R2915 LTL.block +R2905 Locations.mreg +R2894 Locations.loc +R3130 Locations.R +R3141 Locations.mreg_eq +R3168 LTL.Bop +R3183 Coq.Lists.List "x :: y" list_scope +R3186 Coq.Lists.List.nil +R3172 Op.Omove +R3200 Locations.S +R3208 LTL.Bsetstack +R3099 LTL.block +R3090 Locations.loc +R3078 Locations.mreg +R3362 LTL.block +R3295 LTL.block +R3280 Coq.Lists.List.list +R3285 Locations.mreg +R3263 Coq.Lists.List.list +R3268 Locations.loc +R3402 Coq.Lists.List "x :: y" list_scope +R3412 Coq.Lists.List "x :: y" list_scope +R3427 Allocation.add_reload +R3295 LTL.block +R3280 Coq.Lists.List.list +R3285 Locations.mreg +R3263 Coq.Lists.List.list +R3268 Locations.loc +R3548 Locations.eq +R3605 Locations.R +R3624 Allocation.add_spill +R3652 Locations.R +R3668 Allocation.add_reload +R3694 Locations.S +R3700 Locations.S +R3804 Allocation.add_reload +R3824 Allocation.add_spill +R3743 Locations.slot_type +R3761 AST.Tint +R3769 Locations.IT1 +R3775 AST.Tfloat +R3785 Locations.FT1 +R3533 LTL.block +R3524 Locations.loc +R3524 Locations.loc +R3915 Parallelmove.Moves +R3890 Coq.Lists.List.list +R3895 Locations.loc +R3890 Coq.Lists.List.list +R3895 Locations.loc +R3950 Coq.Lists.List.nil +R3960 Coq.Lists.List.nil +R3970 Coq.Lists.List "x :: y" list_scope +R3979 Coq.Lists.List.nil +R3986 Coq.Lists.List.nil +R3996 Coq.Lists.List "x :: y" list_scope +R4007 Coq.Lists.List "x :: y" list_scope +R4025 Coq.Lists.List "x :: y" list_scope +R4018 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3890 Coq.Lists.List.list +R3895 Locations.loc +R3890 Coq.Lists.List.list +R3895 Locations.loc +R4119 Parallelmove.P_move +R4140 Allocation.listsLoc2Moves +R4103 Coq.Lists.List.list +R4108 Locations.loc +R4103 Coq.Lists.List.list +R4108 Locations.loc +R4226 LTL.block +R4237 Coq.Lists.List.fold_left +R4302 Allocation.parallel_move_order +R4268 Allocation.add_move +R4286 Coq.Init.Datatypes.snd +R4278 Coq.Init.Datatypes.fst +R4217 LTL.block +R4203 Coq.Lists.List.list +R4208 Locations.loc +R4203 Coq.Lists.List.list +R4208 Locations.loc +R4526 Op.is_move_operation +R4561 Coq.Init.Datatypes.Some +R4579 Allocation.add_move +R4597 LTL.Bgoto +R4610 Coq.Init.Datatypes.None +R4693 Allocation.add_reloads +R4717 LTL.Bop +R4736 Allocation.add_spill +R4756 LTL.Bgoto +R4672 Allocation.reg_for +R4637 Allocation.regs_for +R4509 LTL.node +R4500 Locations.loc +R4484 Coq.Lists.List.list +R4489 Locations.loc +R4466 Op.operation +R4960 Allocation.add_reloads +R4988 LTL.Bload +R5017 Allocation.add_spill +R5037 LTL.Bgoto +R4943 Allocation.reg_for +R4912 Allocation.regs_for +R4888 LTL.node +R4879 Locations.loc +R4863 Coq.Lists.List.list +R4868 Locations.loc +R4824 Op.addressing +R4803 AST.memory_chunk +R5182 Allocation.regs_for +R5196 Coq.Lists.List "x :: y" list_scope +R5214 Coq.Lists.List.nil +R5221 LTL.Breturn +R5279 Coq.Lists.List "x :: y" list_scope +R5297 Allocation.add_reloads +R5348 LTL.Bstore +R5378 LTL.Bgoto +R5329 Coq.Lists.List "x :: y" list_scope +R5314 Coq.Lists.List "x :: y" list_scope +R5165 LTL.node +R5156 Locations.loc +R5140 Coq.Lists.List.list +R5145 Locations.loc +R5100 Op.addressing +R5079 AST.memory_chunk +R5603 Coq.Init.Datatypes.inl +R5620 Allocation.add_reload +R5647 Allocation.parallel_move +R5683 LTL.Bcall +R5706 Allocation.add_spill +R5726 LTL.Bgoto +R5694 Coq.Init.Datatypes.inl +R5700 Locations.IT3 +R5634 Locations.IT3 +R5743 Coq.Init.Datatypes.inr +R5759 Allocation.parallel_move +R5793 LTL.Bcall +R5815 Allocation.add_spill +R5835 LTL.Bgoto +R5804 Coq.Init.Datatypes.inr +R5564 Conventions.loc_result +R5528 Conventions.loc_arguments +R5504 LTL.node +R5495 Locations.loc +R5479 Coq.Lists.List.list +R5484 Locations.loc +R5443 Coq.Init.Datatypes "x + y" type_scope +R5439 Locations.loc +R5445 AST.ident +R5422 AST.signature +R5965 Allocation.add_reloads +R5989 LTL.Bcond +R5946 Allocation.regs_for +R5922 LTL.node +R5922 LTL.node +R5899 Coq.Lists.List.list +R5904 Locations.loc +R5881 Op.condition +R6107 Coq.Init.Datatypes.Some +R6119 Allocation.add_reload +R6151 LTL.Breturn +R6135 Conventions.loc_result +R6163 Coq.Init.Datatypes.None +R6175 LTL.Bop +R6207 LTL.Breturn +R6191 Conventions.loc_result +R6186 Coq.Lists.List.nil +R6179 Op.Oundef +R6068 Coq.Init.Datatypes.option +R6075 Locations.loc +R6048 AST.signature +R6285 LTL.block +R6264 LTL.block +R6250 Coq.Lists.List.list +R6255 Locations.loc +R6314 Coq.Lists.List.nil +R6331 Coq.Lists.List "x :: y" list_scope +R6327 Locations.R +R6340 LTL.Bop +R6351 Coq.Lists.List.nil +R6344 Op.Oundef +R6383 Coq.Lists.List "x :: y" list_scope +R6379 Locations.S +R6264 LTL.block +R6250 Coq.Lists.List.list +R6255 Locations.loc +R6528 Allocation.parallel_move +R6571 Allocation.add_undefs +R6590 LTL.Bgoto +R6543 Conventions.loc_parameters +R6517 LTL.node +R6482 Coq.Lists.List.list +R6487 Locations.loc +R6463 Coq.Lists.List.list +R6468 Locations.loc +R6443 AST.signature +R6780 LTL.block +R6816 RTL.Inop +R6832 LTL.Bgoto +R6844 RTL.Iop +R6874 Registers.mem +R6893 Maps "a !! b" +R6978 LTL.Bgoto +R6911 Allocation.add_op +R6922 Coq.Lists.List.map +R6990 RTL.Iload +R7030 Registers.mem +R7049 Maps "a !! b" +R7144 LTL.Bgoto +R7067 Allocation.add_load +R7088 Coq.Lists.List.map +R7156 RTL.Istore +R7194 Allocation.add_store +R7216 Coq.Lists.List.map +R7257 RTL.Icall +R7291 Allocation.add_call +R7331 Coq.Lists.List.map +R7305 Coqlib.sum_left_map +R7391 RTL.Icond +R7427 Allocation.add_cond +R7442 Coq.Lists.List.map +R7479 RTL.Ireturn +R7503 Allocation.add_return +R7530 Coqlib.option_map +R7515 RTL.fn_sig +R6761 RTL.instruction +R6747 LTL.node +R6728 Locations.loc +R6721 Registers.reg +R6695 Maps.t +R6702 Registers.t +R6674 RTL.function +R7688 LTL.code +R7925 Maps.set +R7953 Allocation.add_entry +R8045 Coq.Lists.List.map +R7994 Coq.Lists.List.map +R8011 RTL.fn_params +R7964 RTL.fn_sig +R7798 Registers.elements +R7815 Allocation.reg_list_dead +R7883 Allocation.transfer +R7907 Maps "a !! b" +R7830 RTL.fn_params +R7759 RTL.fn_nextpc +R7718 RTL.fn_entrypoint +R7676 LTL.code +R7656 Locations.loc +R7649 Registers.reg +R7623 Maps.t +R7630 Registers.t +R7602 RTL.function +R8386 Coq.Init.Logic "A \/ B" type_scope +R8353 Coqlib.Plt +R8361 Coq.NArith.BinPos.Psucc +R8368 RTL.fn_nextpc +R8396 Coq.Init.Logic "x = y" type_scope +R8392 Maps "a ! b" +R8398 Coq.Init.Datatypes.None +R8346 LTL.node +R8293 Allocation.transf_entrypoint +R8222 Maps.map +R8262 RTL.fn_code +R8233 Allocation.transf_instr +R8203 Locations.loc +R8196 Registers.reg +R8170 Maps.t +R8177 Registers.t +R8149 RTL.function +R8427 Coqlib.plt +R8435 Coq.NArith.BinPos.Psucc +R8442 RTL.fn_nextpc +R8427 Coqlib.plt +R8435 Coq.NArith.BinPos.Psucc +R8442 RTL.fn_nextpc +R8507 Coq.Init.Logic "x <> y" type_scope +R8510 RTL.fn_nextpc +R8507 Coq.Init.Logic "x <> y" type_scope +R8510 RTL.fn_nextpc +R8566 Coqlib.Plt_succ +R8566 Coqlib.Plt_succ +R8586 Coq.Init.Logic "~ x" type_scope +R8589 Coqlib.Plt +R8597 RTL.fn_nextpc +R8586 Coq.Init.Logic "~ x" type_scope +R8589 Coqlib.Plt +R8597 RTL.fn_nextpc +R8645 Coqlib.Plt_trans_succ +R8645 Coqlib.Plt_trans_succ +R8718 Maps.gso +R8718 Maps.gso +R8758 Maps.gmap +R8758 Maps.gmap +R8779 RTL.fn_code_wf +R8779 RTL.fn_code_wf +R8915 Coq.Init.Datatypes.option +R8922 LTL.function +R8946 RTLtyping.type_rtl_function +R8975 Coq.Init.Datatypes.None +R8983 Coq.Init.Datatypes.None +R8992 Coq.Init.Datatypes.Some +R9014 Allocation.analyze +R9035 Coq.Init.Datatypes.None +R9043 Coq.Init.Datatypes.None +R9054 Coq.Init.Datatypes.Some +R9168 Coloring.regalloc +R9207 Coq.Init.Datatypes.None +R9215 Coq.Init.Datatypes.None +R9228 Coq.Init.Datatypes.Some +R9253 Coq.Init.Datatypes.Some +R9259 LTL.mkfunction +R9499 Allocation.transf_entrypoint_wf +R9469 RTL.fn_nextpc +R9347 Allocation.transf_entrypoint +R9399 Maps.map +R9439 RTL.fn_code +R9410 Allocation.transf_instr +R9314 RTL.fn_stacksize +R9287 RTL.fn_sig +R9128 Allocation.transfer +R9147 Maps "a !! b" +R9087 RTL.fn_entrypoint +R8899 RTL.function +R9607 Coq.Init.Datatypes.option +R9614 LTL.program +R9631 AST.transform_partial_program +R9657 Allocation.transf_function +R9592 RTL.program +FAllocproof_aux +R226 LTL.genv +R250 Values.val +R319 Coq.Init.Logic "'exists' x , p" type_scope +R389 Coq.Init.Logic "A /\ B" type_scope +R337 LTL.exec_instrs +R356 Allocation.add_move +R415 Coq.Init.Logic "A /\ B" type_scope +R406 Coq.Init.Logic "x = y" type_scope +R518 Coq.Init.Logic "x = y" type_scope +R489 Locations.diff +R501 Locations.R +R503 Locations.FT1 +R467 Locations.diff +R479 Locations.R +R481 Locations.IT1 +R442 Locations.diff +R581 Coq.Init.Logic "'exists' x , p" type_scope +R646 Coq.Init.Logic "A /\ B" type_scope +R597 LTL.exec_instrs +R616 Allocation.add_move +R684 Coq.Init.Logic "A /\ B" type_scope +R660 Coq.Init.Logic "x = y" type_scope +R662 Parallelmove.update +R780 Coq.Init.Logic "x = y" type_scope +R783 Parallelmove.update +R751 Locations.diff +R763 Locations.R +R765 Locations.FT1 +R729 Locations.diff +R741 Locations.R +R743 Locations.IT1 +R707 Locations.diff +R937 Parallelmove.get_update_id +R937 Parallelmove.get_update_id +R1035 Parallelmove.get_update_diff +R1035 Parallelmove.get_update_diff +R1116 Locations.diff_sym +R1116 Locations.diff_sym +R1252 Coq.Init.Logic "x = y" type_scope +R1237 Coq.Lists.List.In +R1213 Coq.Init.Logic "x = y" type_scope +R1205 Coq.Lists.List.map +R1215 Coq.Lists.List.map +R1416 Parallelmove.Moves +R1450 Coq.Lists.List.nil +R1457 Coq.Init.Logic.True +R1473 Coq.Lists.List "x :: y" list_scope +R1466 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1504 Coq.Init.Logic "A /\ B" type_scope +R1481 Locations.notin +R1494 Parallelmove.getdst +R1416 Parallelmove.Moves +R1564 Coq.Lists.List "x :: y" list_scope +R1558 Locations.R +R1560 Locations.IT1 +R1574 Coq.Lists.List "x :: y" list_scope +R1568 Locations.R +R1570 Locations.FT1 +R1577 Coq.Lists.List.nil +R1654 Parallelmove.no_overlap_list +R1625 Parallelmove.no_overlap_list +R1644 Coq.Lists.List "x :: y" list_scope +R1922 Coq.Init.Logic "'exists' x , p" type_scope +R2081 Coq.Init.Logic "A /\ B" type_scope +R1938 LTL.exec_instrs +R1965 Coq.Lists.List.fold_left +R2026 Allocation.add_move +R2045 Coq.Init.Datatypes.snd +R2036 Coq.Init.Datatypes.fst +R2016 Coq.Init.Datatypes "x * y" type_scope +R2012 Locations.loc +R2018 Locations.loc +R1992 LTL.block +R2238 Coq.Init.Logic "x = y" type_scope +R2241 Parallelmove.sexec +R2199 Locations.diff +R2211 Locations.R +R2223 Locations.FT1 +R2163 Locations.diff +R2175 Locations.R +R2187 Locations.IT1 +R2139 Coq.Init.Logic "A \/ B" type_scope +R2135 Coq.Init.Logic "x = y" type_scope +R2142 Locations.diff +R2113 Coq.Lists.List.In +R2119 Parallelmove.getdst +R1879 Locations.disjoint +R1903 Allocproof_aux.temporaries1 +R1893 Parallelmove.getsrc +R1838 Locations.disjoint +R1862 Allocproof_aux.temporaries1 +R1852 Parallelmove.getdst +R1816 Parallelmove.no_overlap_list +R2340 LTL.exec_refl +R2340 LTL.exec_refl +R2419 Allocation.add_move +R2485 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2460 Allocproof_aux.no_overlap_list_pop +R2505 Locations.disjoint_cons_left +R2541 Locations.disjoint_cons_left +R2419 Allocation.add_move +R2485 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2460 Allocproof_aux.no_overlap_list_pop +R2505 Locations.disjoint_cons_left +R2541 Locations.disjoint_cons_left +R2757 Allocation.add_move +R2733 LTL.exec_trans +R2757 Allocation.add_move +R2733 LTL.exec_trans +R2840 Locations.eq +R2840 Locations.eq +R2881 Parallelmove.get_update_id +R2881 Parallelmove.get_update_id +R3155 Locations.diff_sym +R3155 Locations.diff_sym +R3347 Coq.Init.Logic "x = y" type_scope +R3347 Coq.Init.Logic "x = y" type_scope +R3405 Parallelmove.get_update_diff +R3405 Parallelmove.get_update_diff +R3499 Locations.diff_sym +R3499 Locations.diff_sym +R3605 Coq.Lists.List.fold_left +R3697 Parallelmove.P_move +R3663 Allocation.add_move +R3681 Coq.Init.Datatypes.snd +R3673 Coq.Init.Datatypes.fst +R3653 Coq.Init.Datatypes "x * y" type_scope +R3649 Locations.loc +R3655 Locations.loc +R3630 LTL.block +R3592 LTL.block +R3559 Coq.Lists.List.list +R3569 Coq.Init.Datatypes "x * y" type_scope +R3565 Locations.loc +R3571 Locations.loc +R3767 Parallelmove.simpleDest +R3740 Locations.norepet +R3753 Parallelmove.getdst +R3872 Parallelmove.notindst_nW +R3872 Parallelmove.notindst_nW +R3992 Coq.Init.Logic "x = y" type_scope +R3979 Parallelmove.StateDone +R3994 Coq.Lists.List.nil +R3969 Coq.Init.Logic "x = y" type_scope +R3948 Parallelmove.StateDone +R3959 Parallelmove.stepf +R3971 Coq.Lists.List.nil +R4138 Locations.eq +R4149 Coq.Init.Datatypes.fst +R4154 Parallelmove.last +R4162 Coq.Lists.List "x :: y" list_scope +R4138 Locations.eq +R4149 Coq.Init.Datatypes.fst +R4154 Parallelmove.last +R4162 Coq.Lists.List "x :: y" list_scope +R4249 Locations.eq +R4249 Locations.eq +R4314 Locations.eq +R4314 Locations.eq +R4369 Parallelmove.split_move +R4369 Parallelmove.split_move +R4489 Locations.eq +R4500 Coq.Init.Datatypes.fst +R4505 Parallelmove.last +R4513 Coq.Lists.List "x :: y" list_scope +R4489 Locations.eq +R4500 Coq.Init.Datatypes.fst +R4505 Parallelmove.last +R4513 Coq.Lists.List "x :: y" list_scope +R4639 Coq.Init.Logic "x = y" type_scope +R4626 Parallelmove.StateDone +R4641 Coq.Lists.List.nil +R4616 Coq.Init.Logic "x = y" type_scope +R4596 Parallelmove.StateDone +R4607 Parallelmove.Pmov +R4618 Coq.Lists.List.nil +R4680 Coq.Init.Wf.well_founded_ind +R4698 Coq.Arith.Wf_nat.well_founded_ltof +R4725 Parallelmove.mesure +R4680 Coq.Init.Wf.well_founded_ind +R4698 Coq.Arith.Wf_nat.well_founded_ltof +R4725 Parallelmove.mesure +R4803 Parallelmove.Pmov_equation +R4803 Parallelmove.Pmov_equation +R4898 Coq.Init.Logic "x = y" type_scope +R4863 Parallelmove.StateDone +R4874 Parallelmove.stepf +R4880 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4881 Coq.Lists.List.nil +R4888 Coq.Lists.List "x :: y" list_scope +R4900 Coq.Lists.List.nil +R4932 Parallelmove.stepf1_dec +R4951 Allocproof_aux.SDone_stepf +R4898 Coq.Init.Logic "x = y" type_scope +R4863 Parallelmove.StateDone +R4874 Parallelmove.stepf +R4880 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4881 Coq.Lists.List.nil +R4888 Coq.Lists.List "x :: y" list_scope +R4900 Coq.Lists.List.nil +R4932 Parallelmove.stepf1_dec +R4951 Allocproof_aux.SDone_stepf +R5019 Coq.Init.Logic "x = y" type_scope +R4986 Parallelmove.StateDone +R4997 Parallelmove.stepf +R5003 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5006 Coq.Lists.List "x :: y" list_scope +R5021 Coq.Lists.List.nil +R5053 Parallelmove.stepf1_dec +R5072 Allocproof_aux.SDone_stepf +R5019 Coq.Init.Logic "x = y" type_scope +R4986 Parallelmove.StateDone +R4997 Parallelmove.stepf +R5003 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5006 Coq.Lists.List "x :: y" list_scope +R5021 Coq.Lists.List.nil +R5053 Parallelmove.stepf1_dec +R5072 Allocproof_aux.SDone_stepf +R5161 Coq.Init.Logic "A \/ B" type_scope +R5157 Coq.Init.Logic "x = y" type_scope +R5164 Locations.diff +R5134 Coq.Lists.List.In +R5139 Conventions.temporaries +R5205 Locations.eq +R5205 Locations.eq +R5601 Coq.Init.Logic "A /\ B" type_scope +R5589 Coq.Init.Logic "x = y" type_scope +R5579 Parallelmove.getdst +R5591 Parallelmove.getsrc +R5614 Coq.Init.Logic "x = y" type_scope +R5604 Parallelmove.getdst +R5616 Parallelmove.getsrc +R5549 Coq.Init.Logic "x = y" type_scope +R5536 Coq.Lists.List "x ++ y" list_scope +R5526 Parallelmove.getdst +R5539 Parallelmove.getdst +R5561 Coq.Lists.List "x ++ y" list_scope +R5551 Parallelmove.getsrc +R5564 Parallelmove.getsrc +R5929 Coq.Init.Logic "A \/ B" type_scope +R5925 Coq.Init.Logic "x = y" type_scope +R5932 Locations.diff +R5912 Coq.Lists.List.In +R5902 Coq.Lists.List.In +R5885 Locations.norepet +R6121 Locations.in_notin_diff +R6121 Locations.in_notin_diff +R6175 Locations.diff_sym +R6195 Locations.in_notin_diff +R6175 Locations.diff_sym +R6195 Locations.in_notin_diff +R6298 Parallelmove.no_overlap +R6376 Parallelmove.getdst +R6398 Coq.Lists.List "x ++ y" list_scope +R6384 Parallelmove.StateToMove +R6415 Coq.Lists.List "x ++ y" list_scope +R6402 Parallelmove.StateBeing +R6418 Parallelmove.StateDone +R6314 Parallelmove.getsrc +R6336 Coq.Lists.List "x ++ y" list_scope +R6322 Parallelmove.StateToMove +R6353 Coq.Lists.List "x ++ y" list_scope +R6340 Parallelmove.StateBeing +R6356 Parallelmove.StateDone +R6285 Parallelmove.State +R6746 Coq.Lists.List.incl_tl +R6711 Coq.Lists.List.incl_appr +R6663 Coq.Lists.List.incl_appl +R6599 Coq.Lists.List.in_or_app +R6542 Coq.Lists.List.in_or_app +R6499 Coq.Lists.List.in_cons +R6823 Coq.Lists.List.incl_app +R6804 Coq.Lists.List.incl_cons +R6887 Coq.Lists.List.In +R6920 Coq.Lists.List.In +R6973 Coq.Lists.List.incl +R7139 Coq.Lists.List.In +R7130 Coq.Init.Logic "x <> y" type_scope +R7111 Coq.Lists.List.In +R7119 Coq.Lists.List "x :: y" list_scope +R7102 Coq.Lists.List.list +R7232 Coq.Init.Logic "x = y" type_scope +R7232 Coq.Init.Logic "x = y" type_scope +R7328 Allocproof_aux.no_overlap_stateD +R7303 Allocproof_aux.no_overlap_stateD +R7289 Parallelmove.step +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7481 Parallelmove.getdst_app +R7461 Parallelmove.getsrc_app +R7593 Locations.eq +R7603 Parallelmove.T +R7593 Locations.eq +R7603 Parallelmove.T +R7627 Allocproof_aux.no_overlap_temp +R7692 Locations.diff_sym +R7627 Allocproof_aux.no_overlap_temp +R7692 Locations.diff_sym +R7742 Locations.type +R7742 Locations.type +R7826 Locations.eq +R7837 Parallelmove.T +R7826 Locations.eq +R7837 Parallelmove.T +R7863 Allocproof_aux.no_overlap_temp +R7915 Locations.type +R7863 Allocproof_aux.no_overlap_temp +R7915 Locations.type +R8035 Parallelmove.T +R8009 Allocproof_aux.in_cons_noteq +R8035 Parallelmove.T +R8009 Allocproof_aux.in_cons_noteq +R8035 Parallelmove.T +R8009 Allocproof_aux.in_cons_noteq +R8162 Allocproof_aux.no_overlap_stateD +R8137 Allocproof_aux.no_overlap_stateD +R8122 Parallelmove.stepp +R8270 Allocproof_aux.no_overlapD_inv +R8270 Allocproof_aux.no_overlapD_inv +R8383 Allocproof_aux.no_overlap_stateD +R8402 Parallelmove.stepf +R8358 Allocproof_aux.no_overlap_stateD +R8344 Parallelmove.stepInv +R8498 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8499 Coq.Lists.List.nil +R8507 Parallelmove.Move +R8516 Coq.Lists.List "x :: y" list_scope +R8498 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8499 Coq.Lists.List.nil +R8507 Parallelmove.Move +R8516 Coq.Lists.List "x :: y" list_scope +R8536 Allocproof_aux.no_overlapD_invpp +R8566 Parallelmove.dstep_step +R8536 Allocproof_aux.no_overlapD_invpp +R8566 Parallelmove.dstep_step +R8604 Parallelmove.f2ind +R8604 Parallelmove.f2ind +R8734 Parallelmove.no_overlap_noOverlap +R8734 Parallelmove.no_overlap_noOverlap +R8848 Parallelmove.getdst_app +R8878 Parallelmove.getsrc_app +R8848 Parallelmove.getdst_app +R8848 Parallelmove.getdst_app +R8848 Parallelmove.getdst_app +R8878 Parallelmove.getsrc_app +R8878 Parallelmove.getsrc_app +R8878 Parallelmove.getsrc_app +R9037 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9040 Coq.Lists.List "x :: y" list_scope +R9047 Coq.Lists.List.nil +R9055 Parallelmove.Move +R9037 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9040 Coq.Lists.List "x :: y" list_scope +R9047 Coq.Lists.List.nil +R9055 Parallelmove.Move +R9075 Allocproof_aux.no_overlapD_invpp +R9105 Parallelmove.dstep_step +R9075 Allocproof_aux.no_overlapD_invpp +R9105 Parallelmove.dstep_step +R9143 Parallelmove.f2ind +R9143 Parallelmove.f2ind +R9273 Parallelmove.no_overlap_noOverlap +R9273 Parallelmove.no_overlap_noOverlap +R9387 Parallelmove.getdst_app +R9417 Parallelmove.getsrc_app +R9453 Parallelmove.app_nil +R9387 Parallelmove.getdst_app +R9387 Parallelmove.getdst_app +R9387 Parallelmove.getdst_app +R9387 Parallelmove.getdst_app +R9417 Parallelmove.getsrc_app +R9417 Parallelmove.getsrc_app +R9417 Parallelmove.getsrc_app +R9417 Parallelmove.getsrc_app +R9453 Parallelmove.app_nil +R9453 Parallelmove.app_nil +R9453 Parallelmove.app_nil +R9608 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9611 Coq.Lists.List "x :: y" list_scope +R9621 Coq.Lists.List "x :: y" list_scope +R9608 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9611 Coq.Lists.List "x :: y" list_scope +R9621 Coq.Lists.List "x :: y" list_scope +R9641 Allocproof_aux.no_overlapD_invpp +R9671 Parallelmove.dstep_step +R9641 Allocproof_aux.no_overlapD_invpp +R9671 Parallelmove.dstep_step +R9709 Parallelmove.f2ind +R9709 Parallelmove.f2ind +R9839 Parallelmove.no_overlap_noOverlap +R9839 Parallelmove.no_overlap_noOverlap +R9953 Parallelmove.getdst_app +R9983 Parallelmove.getsrc_app +R9953 Parallelmove.getdst_app +R9953 Parallelmove.getdst_app +R9953 Parallelmove.getdst_app +R9953 Parallelmove.getdst_app +R9983 Parallelmove.getsrc_app +R9983 Parallelmove.getsrc_app +R9983 Parallelmove.getsrc_app +R9983 Parallelmove.getsrc_app +R10227 Allocproof_aux.no_overlap_stateD +R10246 Parallelmove.Pmov +R10202 Allocproof_aux.no_overlap_stateD +R10188 Parallelmove.stepInv +R10290 Coq.Init.Wf.well_founded_ind +R10308 Coq.Arith.Wf_nat.well_founded_ltof +R10335 Parallelmove.mesure +R10290 Coq.Init.Wf.well_founded_ind +R10308 Coq.Arith.Wf_nat.well_founded_ltof +R10335 Parallelmove.mesure +R10405 Parallelmove.Pmov_equation +R10405 Parallelmove.Pmov_equation +R10482 Parallelmove.stepf1_dec +R10482 Parallelmove.stepf1_dec +R10507 Parallelmove.dstep_inv +R10517 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10518 Coq.Lists.List.nil +R10525 Coq.Lists.List "x :: y" list_scope +R10507 Parallelmove.dstep_inv +R10517 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10518 Coq.Lists.List.nil +R10525 Coq.Lists.List "x :: y" list_scope +R10548 Parallelmove.f2ind' +R10548 Parallelmove.f2ind' +R10568 Parallelmove.no_overlap_noOverlap +R10568 Parallelmove.no_overlap_noOverlap +R10696 Parallelmove.getdst_app +R10725 Parallelmove.getsrc_app +R10696 Parallelmove.getdst_app +R10696 Parallelmove.getdst_app +R10725 Parallelmove.getsrc_app +R10725 Parallelmove.getsrc_app +R10802 Allocproof_aux.no_overlapD_invf +R10802 Allocproof_aux.no_overlapD_invf +R10852 Parallelmove.stepf1_dec +R10852 Parallelmove.stepf1_dec +R10877 Parallelmove.dstep_inv +R10887 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10890 Coq.Lists.List "x :: y" list_scope +R10877 Parallelmove.dstep_inv +R10887 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10890 Coq.Lists.List "x :: y" list_scope +R10916 Parallelmove.f2ind' +R10916 Parallelmove.f2ind' +R10936 Parallelmove.no_overlap_noOverlap +R10936 Parallelmove.no_overlap_noOverlap +R11067 Parallelmove.getdst_app +R11105 Parallelmove.getsrc_app +R11067 Parallelmove.getdst_app +R11067 Parallelmove.getdst_app +R11067 Parallelmove.getdst_app +R11067 Parallelmove.getdst_app +R11105 Parallelmove.getsrc_app +R11105 Parallelmove.getsrc_app +R11105 Parallelmove.getsrc_app +R11105 Parallelmove.getsrc_app +R11313 Allocproof_aux.no_overlapD_invf +R11313 Allocproof_aux.no_overlapD_invf +R11379 Coq.Lists.List "x :: y" list_scope +R11373 Locations.R +R11375 Locations.IT1 +R11389 Coq.Lists.List "x :: y" list_scope +R11383 Locations.R +R11385 Locations.FT1 +R11399 Coq.Lists.List "x :: y" list_scope +R11393 Locations.R +R11395 Locations.IT3 +R11402 Coq.Lists.List.nil +R11444 Coq.Lists.List "x :: y" list_scope +R11438 Locations.R +R11440 Locations.IT2 +R11454 Coq.Lists.List "x :: y" list_scope +R11448 Locations.R +R11450 Locations.FT2 +R11457 Coq.Lists.List.nil +R11562 Coq.Init.Logic "A /\ B" type_scope +R11510 Locations.disjoint +R11547 Allocproof_aux.temporaries1_3 +R11524 Parallelmove.getsrc +R11532 Parallelmove.StateDone +R11568 Locations.disjoint +R11605 Allocproof_aux.temporaries1_3 +R11582 Parallelmove.getdst +R11590 Parallelmove.StateDone +R11497 Parallelmove.State +R11794 Coq.Init.Logic "A /\ B" type_scope +R11744 Coq.Init.Logic "A \/ B" type_scope +R11726 Coq.Lists.List.In +R11731 Allocproof_aux.temporaries2 +R11747 Coq.Lists.List.In +R11753 Parallelmove.getsrc +R11776 Coq.Lists.List "x ++ y" list_scope +R11761 Parallelmove.StateToMove +R11779 Parallelmove.StateBeing +R11688 Coq.Lists.List.In +R11694 Parallelmove.getsrc +R11702 Parallelmove.StateDone +R11860 Coq.Init.Logic "A \/ B" type_scope +R11842 Coq.Lists.List.In +R11847 Allocproof_aux.temporaries2 +R11863 Coq.Lists.List.In +R11869 Parallelmove.getdst +R11892 Coq.Lists.List "x ++ y" list_scope +R11877 Parallelmove.StateToMove +R11895 Parallelmove.StateBeing +R11804 Coq.Lists.List.In +R11810 Parallelmove.getdst +R11818 Parallelmove.StateDone +R11660 Parallelmove.State +R11660 Parallelmove.State +R12160 Locations.diff +R12172 Locations.R +R12174 Locations.IT3 +R12089 Coq.Lists.List.In +R12095 Parallelmove.getdst +R12118 Coq.Lists.List "x ++ y" list_scope +R12103 Parallelmove.StateToMove +R12136 Coq.Lists.List "x ++ y" list_scope +R12122 Parallelmove.StateBeing +R12139 Parallelmove.StateDone +R12054 Locations.diff +R12066 Locations.R +R12068 Locations.IT3 +R11982 Coq.Lists.List.In +R11988 Parallelmove.getdst +R12011 Coq.Lists.List "x ++ y" list_scope +R11996 Parallelmove.StateToMove +R12029 Coq.Lists.List "x ++ y" list_scope +R12015 Parallelmove.StateBeing +R12032 Parallelmove.StateDone +R11954 Parallelmove.step +R12259 Parallelmove.StateDone +R12276 Parallelmove.StateToMove +R12295 Parallelmove.StateBeing +R12313 Parallelmove.getdst +R12339 Parallelmove.getdst_app +R12259 Parallelmove.StateDone +R12259 Parallelmove.StateDone +R12259 Parallelmove.StateDone +R12259 Parallelmove.StateDone +R12259 Parallelmove.StateDone +R12276 Parallelmove.StateToMove +R12276 Parallelmove.StateToMove +R12276 Parallelmove.StateToMove +R12276 Parallelmove.StateToMove +R12276 Parallelmove.StateToMove +R12295 Parallelmove.StateBeing +R12295 Parallelmove.StateBeing +R12295 Parallelmove.StateBeing +R12295 Parallelmove.StateBeing +R12295 Parallelmove.StateBeing +R12313 Parallelmove.getdst +R12313 Parallelmove.getdst +R12313 Parallelmove.getdst +R12313 Parallelmove.getdst +R12313 Parallelmove.getdst +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12339 Parallelmove.getdst_app +R12440 Locations.eq +R12450 Parallelmove.T +R12440 Locations.eq +R12450 Parallelmove.T +R12496 Locations.type +R12496 Locations.type +R12597 Parallelmove.T +R12571 Allocproof_aux.in_cons_noteq +R12597 Parallelmove.T +R12571 Allocproof_aux.in_cons_noteq +R12892 Locations.diff +R12904 Locations.R +R12906 Locations.IT3 +R12821 Coq.Lists.List.In +R12827 Parallelmove.getdst +R12850 Coq.Lists.List "x ++ y" list_scope +R12835 Parallelmove.StateToMove +R12868 Coq.Lists.List "x ++ y" list_scope +R12854 Parallelmove.StateBeing +R12871 Parallelmove.StateDone +R12786 Locations.diff +R12798 Locations.R +R12800 Locations.IT3 +R12714 Coq.Lists.List.In +R12720 Parallelmove.getdst +R12743 Coq.Lists.List "x ++ y" list_scope +R12728 Parallelmove.StateToMove +R12761 Coq.Lists.List "x ++ y" list_scope +R12747 Parallelmove.StateBeing +R12764 Parallelmove.StateDone +R12685 Parallelmove.stepp +R13026 Allocproof_aux.Done_notmp3_inv +R13026 Allocproof_aux.Done_notmp3_inv +R13339 Locations.diff +R13351 Locations.R +R13353 Locations.IT3 +R13236 Coq.Lists.List.In +R13246 Parallelmove.getdst +R13281 Coq.Lists.List "x ++ y" list_scope +R13258 Parallelmove.StateToMove +R13271 Parallelmove.stepf +R13307 Coq.Lists.List "x ++ y" list_scope +R13285 Parallelmove.StateBeing +R13297 Parallelmove.stepf +R13310 Parallelmove.StateDone +R13321 Parallelmove.stepf +R13201 Locations.diff +R13213 Locations.R +R13215 Locations.IT3 +R13129 Coq.Lists.List.In +R13135 Parallelmove.getdst +R13158 Coq.Lists.List "x ++ y" list_scope +R13143 Parallelmove.StateToMove +R13176 Coq.Lists.List "x ++ y" list_scope +R13162 Parallelmove.StateBeing +R13179 Parallelmove.StateDone +R13101 Parallelmove.stepInv +R13514 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13569 Allocproof_aux.Done_notmp3_invpp +R13604 Parallelmove.dstep_step +R13628 Parallelmove.f2ind +R13514 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13569 Allocproof_aux.Done_notmp3_invpp +R13569 Allocproof_aux.Done_notmp3_invpp +R13569 Allocproof_aux.Done_notmp3_invpp +R13604 Parallelmove.dstep_step +R13604 Parallelmove.dstep_step +R13604 Parallelmove.dstep_step +R13628 Parallelmove.f2ind +R13628 Parallelmove.f2ind +R13628 Parallelmove.f2ind +R13931 Locations.diff +R13943 Locations.R +R13945 Locations.IT3 +R13831 Coq.Lists.List.In +R13841 Parallelmove.getdst +R13875 Coq.Lists.List "x ++ y" list_scope +R13853 Parallelmove.StateToMove +R13866 Parallelmove.Pmov +R13900 Coq.Lists.List "x ++ y" list_scope +R13879 Parallelmove.StateBeing +R13891 Parallelmove.Pmov +R13903 Parallelmove.StateDone +R13914 Parallelmove.Pmov +R13796 Locations.diff +R13808 Locations.R +R13810 Locations.IT3 +R13724 Coq.Lists.List.In +R13730 Parallelmove.getdst +R13753 Coq.Lists.List "x ++ y" list_scope +R13738 Parallelmove.StateToMove +R13771 Coq.Lists.List "x ++ y" list_scope +R13757 Parallelmove.StateBeing +R13774 Parallelmove.StateDone +R13696 Parallelmove.stepInv +R13985 Coq.Init.Wf.well_founded_ind +R14003 Coq.Arith.Wf_nat.well_founded_ltof +R14030 Parallelmove.mesure +R13985 Coq.Init.Wf.well_founded_ind +R14003 Coq.Arith.Wf_nat.well_founded_ltof +R14030 Parallelmove.mesure +R14101 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14101 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14132 Parallelmove.Pmov_equation +R14132 Parallelmove.Pmov_equation +R14284 Parallelmove.stepf1_dec +R14304 Parallelmove.dstep_inv +R14331 Parallelmove.f2ind' +R14350 Allocproof_aux.Done_notmp3_invf +R14284 Parallelmove.stepf1_dec +R14304 Parallelmove.dstep_inv +R14331 Parallelmove.f2ind' +R14350 Allocproof_aux.Done_notmp3_invf +R14284 Parallelmove.stepf1_dec +R14304 Parallelmove.dstep_inv +R14331 Parallelmove.f2ind' +R14350 Allocproof_aux.Done_notmp3_invf +R14669 Coq.Init.Logic "A /\ B" type_scope +R14650 Locations.diff +R14662 Locations.R +R14664 Locations.IT1 +R14672 Locations.diff +R14684 Locations.R +R14686 Locations.FT1 +R14579 Coq.Lists.List.In +R14585 Parallelmove.getdst +R14608 Coq.Lists.List "x ++ y" list_scope +R14593 Parallelmove.StateToMove +R14626 Coq.Lists.List "x ++ y" list_scope +R14612 Parallelmove.StateBeing +R14629 Parallelmove.StateDone +R14541 Coq.Init.Logic "A /\ B" type_scope +R14522 Locations.diff +R14534 Locations.R +R14536 Locations.IT1 +R14544 Locations.diff +R14556 Locations.R +R14558 Locations.FT1 +R14450 Coq.Lists.List.In +R14456 Parallelmove.getdst +R14479 Coq.Lists.List "x ++ y" list_scope +R14464 Parallelmove.StateToMove +R14497 Coq.Lists.List "x ++ y" list_scope +R14483 Parallelmove.StateBeing +R14500 Parallelmove.StateDone +R14422 Parallelmove.step +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14782 Parallelmove.getdst_app +R14883 Locations.eq +R14893 Parallelmove.T +R14883 Locations.eq +R14893 Parallelmove.T +R14935 Locations.type +R14935 Locations.type +R15031 Parallelmove.T +R15005 Allocproof_aux.in_cons_noteq +R15031 Parallelmove.T +R15005 Allocproof_aux.in_cons_noteq +R15379 Coq.Init.Logic "A /\ B" type_scope +R15360 Locations.diff +R15372 Locations.R +R15374 Locations.IT1 +R15382 Locations.diff +R15394 Locations.R +R15396 Locations.FT1 +R15289 Coq.Lists.List.In +R15295 Parallelmove.getdst +R15318 Coq.Lists.List "x ++ y" list_scope +R15303 Parallelmove.StateToMove +R15336 Coq.Lists.List "x ++ y" list_scope +R15322 Parallelmove.StateBeing +R15339 Parallelmove.StateDone +R15251 Coq.Init.Logic "A /\ B" type_scope +R15232 Locations.diff +R15244 Locations.R +R15246 Locations.IT1 +R15254 Locations.diff +R15266 Locations.R +R15268 Locations.FT1 +R15160 Coq.Lists.List.In +R15166 Parallelmove.getdst +R15189 Coq.Lists.List "x ++ y" list_scope +R15174 Parallelmove.StateToMove +R15207 Coq.Lists.List "x ++ y" list_scope +R15193 Parallelmove.StateBeing +R15210 Parallelmove.StateDone +R15131 Parallelmove.stepp +R15516 Allocproof_aux.Done_notmp1_inv +R15516 Allocproof_aux.Done_notmp1_inv +R15870 Coq.Init.Logic "A /\ B" type_scope +R15851 Locations.diff +R15863 Locations.R +R15865 Locations.IT1 +R15873 Locations.diff +R15885 Locations.R +R15887 Locations.FT1 +R15748 Coq.Lists.List.In +R15758 Parallelmove.getdst +R15793 Coq.Lists.List "x ++ y" list_scope +R15770 Parallelmove.StateToMove +R15783 Parallelmove.stepf +R15819 Coq.Lists.List "x ++ y" list_scope +R15797 Parallelmove.StateBeing +R15809 Parallelmove.stepf +R15822 Parallelmove.StateDone +R15833 Parallelmove.stepf +R15710 Coq.Init.Logic "A /\ B" type_scope +R15691 Locations.diff +R15703 Locations.R +R15705 Locations.IT1 +R15713 Locations.diff +R15725 Locations.R +R15727 Locations.FT1 +R15619 Coq.Lists.List.In +R15625 Parallelmove.getdst +R15648 Coq.Lists.List "x ++ y" list_scope +R15633 Parallelmove.StateToMove +R15666 Coq.Lists.List "x ++ y" list_scope +R15652 Parallelmove.StateBeing +R15669 Parallelmove.StateDone +R15591 Parallelmove.stepInv +R16048 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16103 Allocproof_aux.Done_notmp1_invpp +R16138 Parallelmove.dstep_step +R16162 Parallelmove.f2ind +R16048 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16103 Allocproof_aux.Done_notmp1_invpp +R16103 Allocproof_aux.Done_notmp1_invpp +R16103 Allocproof_aux.Done_notmp1_invpp +R16138 Parallelmove.dstep_step +R16138 Parallelmove.dstep_step +R16138 Parallelmove.dstep_step +R16162 Parallelmove.f2ind +R16162 Parallelmove.f2ind +R16162 Parallelmove.f2ind +R16506 Coq.Init.Logic "A /\ B" type_scope +R16487 Locations.diff +R16499 Locations.R +R16501 Locations.IT1 +R16509 Locations.diff +R16521 Locations.R +R16523 Locations.FT1 +R16387 Coq.Lists.List.In +R16397 Parallelmove.getdst +R16431 Coq.Lists.List "x ++ y" list_scope +R16409 Parallelmove.StateToMove +R16422 Parallelmove.Pmov +R16456 Coq.Lists.List "x ++ y" list_scope +R16435 Parallelmove.StateBeing +R16447 Parallelmove.Pmov +R16459 Parallelmove.StateDone +R16470 Parallelmove.Pmov +R16349 Coq.Init.Logic "A /\ B" type_scope +R16330 Locations.diff +R16342 Locations.R +R16344 Locations.IT1 +R16352 Locations.diff +R16364 Locations.R +R16366 Locations.FT1 +R16258 Coq.Lists.List.In +R16264 Parallelmove.getdst +R16287 Coq.Lists.List "x ++ y" list_scope +R16272 Parallelmove.StateToMove +R16305 Coq.Lists.List "x ++ y" list_scope +R16291 Parallelmove.StateBeing +R16308 Parallelmove.StateDone +R16230 Parallelmove.stepInv +R16563 Coq.Init.Wf.well_founded_ind +R16581 Coq.Arith.Wf_nat.well_founded_ltof +R16608 Parallelmove.mesure +R16563 Coq.Init.Wf.well_founded_ind +R16581 Coq.Arith.Wf_nat.well_founded_ltof +R16608 Parallelmove.mesure +R16679 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16679 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16776 Parallelmove.Pmov_equation +R16776 Parallelmove.Pmov_equation +R16862 Parallelmove.stepf1_dec +R16882 Parallelmove.dstep_inv +R16909 Parallelmove.f2ind' +R16928 Allocproof_aux.Done_notmp1_invf +R16862 Parallelmove.stepf1_dec +R16882 Parallelmove.dstep_inv +R16909 Parallelmove.f2ind' +R16928 Allocproof_aux.Done_notmp1_invf +R16862 Parallelmove.stepf1_dec +R16882 Parallelmove.dstep_inv +R16909 Parallelmove.f2ind' +R16928 Allocproof_aux.Done_notmp1_invf +R17250 Coq.Init.Logic "A /\ B" type_scope +R17231 Locations.diff +R17243 Locations.R +R17245 Locations.IT1 +R17253 Locations.diff +R17265 Locations.R +R17267 Locations.FT1 +R17160 Coq.Lists.List.In +R17166 Parallelmove.getsrc +R17189 Coq.Lists.List "x ++ y" list_scope +R17174 Parallelmove.StateToMove +R17207 Coq.Lists.List "x ++ y" list_scope +R17193 Parallelmove.StateBeing +R17210 Parallelmove.StateDone +R17122 Coq.Init.Logic "A /\ B" type_scope +R17103 Locations.diff +R17115 Locations.R +R17117 Locations.IT1 +R17125 Locations.diff +R17137 Locations.R +R17139 Locations.FT1 +R17031 Coq.Lists.List.In +R17037 Parallelmove.getsrc +R17060 Coq.Lists.List "x ++ y" list_scope +R17045 Parallelmove.StateToMove +R17078 Coq.Lists.List "x ++ y" list_scope +R17064 Parallelmove.StateBeing +R17081 Parallelmove.StateDone +R17003 Parallelmove.step +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17363 Parallelmove.getsrc_app +R17464 Locations.eq +R17474 Parallelmove.T +R17464 Locations.eq +R17474 Parallelmove.T +R17516 Locations.type +R17516 Locations.type +R17612 Parallelmove.T +R17586 Allocproof_aux.in_cons_noteq +R17612 Parallelmove.T +R17586 Allocproof_aux.in_cons_noteq +R17963 Coq.Init.Logic "A /\ B" type_scope +R17944 Locations.diff +R17956 Locations.R +R17958 Locations.IT1 +R17966 Locations.diff +R17978 Locations.R +R17980 Locations.FT1 +R17873 Coq.Lists.List.In +R17879 Parallelmove.getsrc +R17902 Coq.Lists.List "x ++ y" list_scope +R17887 Parallelmove.StateToMove +R17920 Coq.Lists.List "x ++ y" list_scope +R17906 Parallelmove.StateBeing +R17923 Parallelmove.StateDone +R17835 Coq.Init.Logic "A /\ B" type_scope +R17816 Locations.diff +R17828 Locations.R +R17830 Locations.IT1 +R17838 Locations.diff +R17850 Locations.R +R17852 Locations.FT1 +R17744 Coq.Lists.List.In +R17750 Parallelmove.getsrc +R17773 Coq.Lists.List "x ++ y" list_scope +R17758 Parallelmove.StateToMove +R17791 Coq.Lists.List "x ++ y" list_scope +R17777 Parallelmove.StateBeing +R17794 Parallelmove.StateDone +R17715 Parallelmove.stepp +R18100 Allocproof_aux.Done_notmp1src_inv +R18100 Allocproof_aux.Done_notmp1src_inv +R18460 Coq.Init.Logic "A /\ B" type_scope +R18441 Locations.diff +R18453 Locations.R +R18455 Locations.IT1 +R18463 Locations.diff +R18475 Locations.R +R18477 Locations.FT1 +R18338 Coq.Lists.List.In +R18348 Parallelmove.getsrc +R18383 Coq.Lists.List "x ++ y" list_scope +R18360 Parallelmove.StateToMove +R18373 Parallelmove.stepf +R18409 Coq.Lists.List "x ++ y" list_scope +R18387 Parallelmove.StateBeing +R18399 Parallelmove.stepf +R18412 Parallelmove.StateDone +R18423 Parallelmove.stepf +R18300 Coq.Init.Logic "A /\ B" type_scope +R18281 Locations.diff +R18293 Locations.R +R18295 Locations.IT1 +R18303 Locations.diff +R18315 Locations.R +R18317 Locations.FT1 +R18209 Coq.Lists.List.In +R18215 Parallelmove.getsrc +R18238 Coq.Lists.List "x ++ y" list_scope +R18223 Parallelmove.StateToMove +R18256 Coq.Lists.List "x ++ y" list_scope +R18242 Parallelmove.StateBeing +R18259 Parallelmove.StateDone +R18181 Parallelmove.stepInv +R18620 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18675 Allocproof_aux.Done_notmp1src_invpp +R18713 Parallelmove.dstep_step +R18738 Parallelmove.f2ind +R18620 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18675 Allocproof_aux.Done_notmp1src_invpp +R18675 Allocproof_aux.Done_notmp1src_invpp +R18675 Allocproof_aux.Done_notmp1src_invpp +R18713 Parallelmove.dstep_step +R18713 Parallelmove.dstep_step +R18713 Parallelmove.dstep_step +R18738 Parallelmove.f2ind +R18738 Parallelmove.f2ind +R18738 Parallelmove.f2ind +R19084 Coq.Init.Logic "A /\ B" type_scope +R19065 Locations.diff +R19077 Locations.R +R19079 Locations.IT1 +R19087 Locations.diff +R19099 Locations.R +R19101 Locations.FT1 +R18965 Coq.Lists.List.In +R18975 Parallelmove.getsrc +R19009 Coq.Lists.List "x ++ y" list_scope +R18987 Parallelmove.StateToMove +R19000 Parallelmove.Pmov +R19034 Coq.Lists.List "x ++ y" list_scope +R19013 Parallelmove.StateBeing +R19025 Parallelmove.Pmov +R19037 Parallelmove.StateDone +R19048 Parallelmove.Pmov +R18927 Coq.Init.Logic "A /\ B" type_scope +R18908 Locations.diff +R18920 Locations.R +R18922 Locations.IT1 +R18930 Locations.diff +R18942 Locations.R +R18944 Locations.FT1 +R18836 Coq.Lists.List.In +R18842 Parallelmove.getsrc +R18865 Coq.Lists.List "x ++ y" list_scope +R18850 Parallelmove.StateToMove +R18883 Coq.Lists.List "x ++ y" list_scope +R18869 Parallelmove.StateBeing +R18886 Parallelmove.StateDone +R18808 Parallelmove.stepInv +R19141 Coq.Init.Wf.well_founded_ind +R19159 Coq.Arith.Wf_nat.well_founded_ltof +R19186 Parallelmove.mesure +R19141 Coq.Init.Wf.well_founded_ind +R19159 Coq.Arith.Wf_nat.well_founded_ltof +R19186 Parallelmove.mesure +R19257 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19257 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19354 Parallelmove.Pmov_equation +R19354 Parallelmove.Pmov_equation +R19440 Parallelmove.stepf1_dec +R19460 Parallelmove.dstep_inv +R19487 Parallelmove.f2ind' +R19506 Allocproof_aux.Done_notmp1src_invf +R19440 Parallelmove.stepf1_dec +R19460 Parallelmove.dstep_inv +R19487 Parallelmove.f2ind' +R19506 Allocproof_aux.Done_notmp1src_invf +R19440 Parallelmove.stepf1_dec +R19460 Parallelmove.dstep_inv +R19487 Parallelmove.f2ind' +R19506 Allocproof_aux.Done_notmp1src_invf +R19694 Coq.Init.Logic "A \/ B" type_scope +R19676 Coq.Lists.List.In +R19681 Allocproof_aux.temporaries2 +R19699 Coq.Lists.List.In +R19705 Parallelmove.getdst +R19728 Coq.Lists.List "x ++ y" list_scope +R19713 Parallelmove.StateToMove +R19746 Coq.Lists.List "x ++ y" list_scope +R19732 Parallelmove.StateBeing +R19749 Parallelmove.StateDone +R19605 Coq.Lists.List.In +R19611 Parallelmove.getdst +R19634 Coq.Lists.List "x ++ y" list_scope +R19619 Parallelmove.StateToMove +R19652 Coq.Lists.List "x ++ y" list_scope +R19638 Parallelmove.StateBeing +R19655 Parallelmove.StateDone +R19579 Parallelmove.step +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19825 Parallelmove.getdst_app +R19911 Locations.eq +R19921 Parallelmove.T +R19911 Locations.eq +R19921 Parallelmove.T +R19963 Locations.type +R19963 Locations.type +R20053 Parallelmove.T +R20027 Allocproof_aux.in_cons_noteq +R20053 Parallelmove.T +R20027 Allocproof_aux.in_cons_noteq +R20236 Coq.Init.Logic "A \/ B" type_scope +R20218 Coq.Lists.List.In +R20223 Allocproof_aux.temporaries2 +R20241 Coq.Lists.List.In +R20247 Parallelmove.getdst +R20270 Coq.Lists.List "x ++ y" list_scope +R20255 Parallelmove.StateToMove +R20288 Coq.Lists.List "x ++ y" list_scope +R20274 Parallelmove.StateBeing +R20291 Parallelmove.StateDone +R20147 Coq.Lists.List.In +R20153 Parallelmove.getdst +R20176 Coq.Lists.List "x ++ y" list_scope +R20161 Parallelmove.StateToMove +R20194 Coq.Lists.List "x ++ y" list_scope +R20180 Parallelmove.StateBeing +R20197 Parallelmove.StateDone +R20120 Parallelmove.stepp +R20527 Allocproof_aux.dst_tmp2_step +R20527 Allocproof_aux.dst_tmp2_step +R20744 Coq.Init.Logic "A \/ B" type_scope +R20726 Coq.Lists.List.In +R20731 Allocproof_aux.temporaries2 +R20749 Coq.Lists.List.In +R20755 Parallelmove.getdst +R20778 Coq.Lists.List "x ++ y" list_scope +R20763 Parallelmove.StateToMove +R20796 Coq.Lists.List "x ++ y" list_scope +R20782 Parallelmove.StateBeing +R20799 Parallelmove.StateDone +R20623 Coq.Lists.List.In +R20633 Parallelmove.getdst +R20668 Coq.Lists.List "x ++ y" list_scope +R20645 Parallelmove.StateToMove +R20658 Parallelmove.stepf +R20694 Coq.Lists.List "x ++ y" list_scope +R20672 Parallelmove.StateBeing +R20684 Parallelmove.stepf +R20697 Parallelmove.StateDone +R20708 Parallelmove.stepf +R20597 Parallelmove.stepInv +R20953 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21008 Allocproof_aux.dst_tmp2_stepp +R21040 Parallelmove.dstep_step +R21064 Parallelmove.f2ind +R20953 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21008 Allocproof_aux.dst_tmp2_stepp +R21008 Allocproof_aux.dst_tmp2_stepp +R21008 Allocproof_aux.dst_tmp2_stepp +R21040 Parallelmove.dstep_step +R21040 Parallelmove.dstep_step +R21040 Parallelmove.dstep_step +R21064 Parallelmove.f2ind +R21064 Parallelmove.f2ind +R21064 Parallelmove.f2ind +R21273 Coq.Init.Logic "A \/ B" type_scope +R21255 Coq.Lists.List.In +R21260 Allocproof_aux.temporaries2 +R21278 Coq.Lists.List.In +R21284 Parallelmove.getdst +R21307 Coq.Lists.List "x ++ y" list_scope +R21292 Parallelmove.StateToMove +R21325 Coq.Lists.List "x ++ y" list_scope +R21311 Parallelmove.StateBeing +R21328 Parallelmove.StateDone +R21155 Coq.Lists.List.In +R21165 Parallelmove.getdst +R21199 Coq.Lists.List "x ++ y" list_scope +R21177 Parallelmove.StateToMove +R21190 Parallelmove.Pmov +R21224 Coq.Lists.List "x ++ y" list_scope +R21203 Parallelmove.StateBeing +R21215 Parallelmove.Pmov +R21227 Parallelmove.StateDone +R21238 Parallelmove.Pmov +R21129 Parallelmove.stepInv +R21379 Coq.Init.Wf.well_founded_ind +R21397 Coq.Arith.Wf_nat.well_founded_ltof +R21424 Parallelmove.mesure +R21379 Coq.Init.Wf.well_founded_ind +R21397 Coq.Arith.Wf_nat.well_founded_ltof +R21424 Parallelmove.mesure +R21495 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21495 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21592 Parallelmove.Pmov_equation +R21592 Parallelmove.Pmov_equation +R21673 Parallelmove.stepf +R21673 Parallelmove.stepf +R21803 Allocproof_aux.dst_tmp2_stepf +R21803 Allocproof_aux.dst_tmp2_stepf +R21831 Parallelmove.stepf1_dec +R21831 Parallelmove.stepf1_dec +R21856 Parallelmove.dstep_inv +R21894 Parallelmove.f2ind' +R21856 Parallelmove.dstep_inv +R21894 Parallelmove.f2ind' +R21930 Parallelmove.stepf +R22004 Allocproof_aux.dst_tmp2_stepf +R22035 Parallelmove.stepf1_dec +R22063 Parallelmove.dstep_inv +R22101 Parallelmove.f2ind' +R21930 Parallelmove.stepf +R22004 Allocproof_aux.dst_tmp2_stepf +R22035 Parallelmove.stepf1_dec +R22063 Parallelmove.dstep_inv +R22101 Parallelmove.f2ind' +R22258 Coq.Init.Logic "A /\ B" type_scope +R22251 Coq.Init.Logic "x = y" type_scope +R22217 Parallelmove.getsrc +R22225 Allocation.listsLoc2Moves +R22297 Coq.Init.Logic "x = y" type_scope +R22263 Parallelmove.getdst +R22271 Allocation.listsLoc2Moves +R22198 Coq.Init.Logic "x = y" type_scope +R22186 Coq.Lists.List.length +R22200 Coq.Lists.List.length +R22650 Parallelmove.stepInv +R22658 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22662 Coq.Lists.List.nil +R22667 Coq.Lists.List.nil +R22628 Parallelmove.no_overlap_list +R22588 Locations.disjoint +R22612 Conventions.temporaries +R22602 Parallelmove.getdst +R22548 Locations.disjoint +R22572 Conventions.temporaries +R22562 Parallelmove.getsrc +R22531 Parallelmove.simpleDest +R22733 Parallelmove.app_nil +R22733 Parallelmove.app_nil +R22760 Parallelmove.no_overlap_noOverlap +R22781 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22785 Coq.Lists.List.nil +R22790 Coq.Lists.List.nil +R22760 Parallelmove.no_overlap_noOverlap +R22781 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22785 Coq.Lists.List.nil +R22790 Coq.Lists.List.nil +R22906 Parallelmove.app_nil +R22906 Parallelmove.app_nil +R22927 Parallelmove.disjoint_tmp__noTmp +R22927 Parallelmove.disjoint_tmp__noTmp +R23126 Parallelmove.no_overlap_list +R23143 Parallelmove.StateDone +R23154 Parallelmove.Pmov +R23159 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23163 Coq.Lists.List.nil +R23168 Coq.Lists.List.nil +R23104 Parallelmove.no_overlap_list +R23064 Locations.disjoint +R23088 Conventions.temporaries +R23078 Parallelmove.getdst +R23024 Locations.disjoint +R23048 Conventions.temporaries +R23038 Parallelmove.getsrc +R23007 Parallelmove.simpleDest +R22998 Parallelmove.Moves +R23203 Allocproof_aux.no_overlapD_res +R23219 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23223 Coq.Lists.List.nil +R23228 Coq.Lists.List.nil +R23203 Allocproof_aux.no_overlapD_res +R23219 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23223 Coq.Lists.List.nil +R23228 Coq.Lists.List.nil +R23287 Parallelmove.STM_Pmov +R23305 Parallelmove.SB_Pmov +R23329 Parallelmove.app_nil +R23287 Parallelmove.STM_Pmov +R23305 Parallelmove.SB_Pmov +R23329 Parallelmove.app_nil +R23367 Allocproof_aux.stepInv_pnilnil +R23367 Allocproof_aux.stepInv_pnilnil +R23566 Locations.disjoint +R23621 Allocproof_aux.temporaries1 +R23580 Parallelmove.getsrc +R23588 Parallelmove.StateDone +R23599 Parallelmove.Pmov +R23604 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23608 Coq.Lists.List.nil +R23613 Coq.Lists.List.nil +R23543 Parallelmove.no_overlap_list +R23503 Locations.disjoint +R23527 Conventions.temporaries +R23517 Parallelmove.getdst +R23463 Locations.disjoint +R23487 Conventions.temporaries +R23477 Parallelmove.getsrc +R23446 Parallelmove.simpleDest +R23437 Parallelmove.Moves +R23662 Allocproof_aux.Done_notmp1src_res +R23681 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23685 Coq.Lists.List.nil +R23690 Coq.Lists.List.nil +R23662 Allocproof_aux.Done_notmp1src_res +R23681 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23685 Coq.Lists.List.nil +R23690 Coq.Lists.List.nil +R23712 Parallelmove.STM_Pmov +R23730 Parallelmove.SB_Pmov +R23754 Parallelmove.app_nil +R23712 Parallelmove.STM_Pmov +R23730 Parallelmove.SB_Pmov +R23754 Parallelmove.app_nil +R23797 Locations.notin_disjoint +R23797 Locations.notin_disjoint +R23851 Parallelmove.stepInv +R23859 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23863 Coq.Lists.List.nil +R23868 Coq.Lists.List.nil +R23886 Allocproof_aux.stepInv_pnilnil +R23851 Parallelmove.stepInv +R23859 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23863 Coq.Lists.List.nil +R23868 Coq.Lists.List.nil +R23886 Allocproof_aux.stepInv_pnilnil +R23886 Allocproof_aux.stepInv_pnilnil +R24028 Conventions.temporaries +R23997 Locations.in_notin_diff +R24078 Parallelmove.getsrc +R24053 Locations.disjoint_notin +R24028 Conventions.temporaries +R23997 Locations.in_notin_diff +R24078 Parallelmove.getsrc +R24053 Locations.disjoint_notin +R24028 Conventions.temporaries +R23997 Locations.in_notin_diff +R24078 Parallelmove.getsrc +R24053 Locations.disjoint_notin +R24281 Locations.disjoint +R24336 Allocproof_aux.temporaries1 +R24295 Parallelmove.getdst +R24303 Parallelmove.StateDone +R24314 Parallelmove.Pmov +R24319 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R24323 Coq.Lists.List.nil +R24328 Coq.Lists.List.nil +R24258 Parallelmove.no_overlap_list +R24218 Locations.disjoint +R24242 Conventions.temporaries +R24232 Parallelmove.getdst +R24178 Locations.disjoint +R24202 Conventions.temporaries +R24192 Parallelmove.getsrc +R24161 Parallelmove.simpleDest +R24152 Parallelmove.Moves +R24377 Allocproof_aux.Done_notmp1_res +R24393 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R24397 Coq.Lists.List.nil +R24402 Coq.Lists.List.nil +R24377 Allocproof_aux.Done_notmp1_res +R24393 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R24397 Coq.Lists.List.nil +R24402 Coq.Lists.List.nil +R24424 Parallelmove.STM_Pmov +R24442 Parallelmove.SB_Pmov +R24466 Parallelmove.app_nil +R24424 Parallelmove.STM_Pmov +R24442 Parallelmove.SB_Pmov +R24466 Parallelmove.app_nil +R24509 Locations.notin_disjoint +R24509 Locations.notin_disjoint +R24563 Parallelmove.stepInv +R24571 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R24575 Coq.Lists.List.nil +R24580 Coq.Lists.List.nil +R24598 Allocproof_aux.stepInv_pnilnil +R24563 Parallelmove.stepInv +R24571 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R24575 Coq.Lists.List.nil +R24580 Coq.Lists.List.nil +R24598 Allocproof_aux.stepInv_pnilnil +R24598 Allocproof_aux.stepInv_pnilnil +R24740 Conventions.temporaries +R24709 Locations.in_notin_diff +R24790 Parallelmove.getdst +R24765 Locations.disjoint_notin +R24740 Conventions.temporaries +R24709 Locations.in_notin_diff +R24790 Parallelmove.getdst +R24765 Locations.disjoint_notin +R24740 Conventions.temporaries +R24709 Locations.in_notin_diff +R24790 Parallelmove.getdst +R24765 Locations.disjoint_notin +R25004 Coq.Init.Logic "'exists' x , p" type_scope +R25064 Coq.Init.Logic "A /\ B" type_scope +R25020 LTL.exec_instrs +R25039 Allocproof_aux.p_move +R25120 Coq.Init.Logic "A /\ B" type_scope +R25095 Coq.Init.Logic "x = y" type_scope +R25071 Coq.Lists.List.map +R25085 Parallelmove.getdst +R25097 Coq.Lists.List.map +R25110 Parallelmove.getsrc +R25153 Coq.Init.Logic "A /\ B" type_scope +R25140 Coq.Init.Logic "x = y" type_scope +R25133 Locations.R +R25135 Locations.IT3 +R25146 Locations.R +R25148 Locations.IT3 +R25238 Coq.Init.Logic "x = y" type_scope +R25204 Locations.notin +R25216 Conventions.temporaries +R25178 Locations.notin +R25191 Parallelmove.getdst +R24962 Locations.disjoint +R24986 Conventions.temporaries +R24976 Parallelmove.getdst +R24922 Locations.disjoint +R24946 Conventions.temporaries +R24936 Parallelmove.getsrc +R24900 Parallelmove.no_overlap_list +R24873 Locations.norepet +R24886 Parallelmove.getdst +R25360 Parallelmove.simpleDest +R25387 Allocproof_aux.norepet_SD +R25360 Parallelmove.simpleDest +R25387 Allocproof_aux.norepet_SD +R25387 Allocproof_aux.norepet_SD +R25426 Parallelmove.stepInv +R25434 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R25438 Coq.Lists.List.nil +R25443 Coq.Lists.List.nil +R25462 Allocproof_aux.stepInv_pnilnil +R25426 Parallelmove.stepInv +R25434 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R25438 Coq.Lists.List.nil +R25443 Coq.Lists.List.nil +R25462 Allocproof_aux.stepInv_pnilnil +R25462 Allocproof_aux.stepInv_pnilnil +R25531 Parallelmove.StateToMove +R25550 Parallelmove.StateBeing +R25579 Parallelmove.app_nil +R25531 Parallelmove.StateToMove +R25550 Parallelmove.StateBeing +R25579 Parallelmove.app_nil +R25579 Parallelmove.app_nil +R25629 Allocproof_aux.exec_instrs_pmov +R25647 Parallelmove.StateDone +R25658 Parallelmove.Pmov +R25663 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R25667 Coq.Lists.List.nil +R25672 Coq.Lists.List.nil +R25706 Allocproof_aux.noO_list_pnilnil +R25736 Allocproof_aux.dis_dsttmp1_pnilnil +R25770 Allocproof_aux.dis_srctmp1_pnilnil +R25629 Allocproof_aux.exec_instrs_pmov +R25647 Parallelmove.StateDone +R25658 Parallelmove.Pmov +R25663 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R25667 Coq.Lists.List.nil +R25672 Coq.Lists.List.nil +R25706 Allocproof_aux.noO_list_pnilnil +R25706 Allocproof_aux.noO_list_pnilnil +R25706 Allocproof_aux.noO_list_pnilnil +R25706 Allocproof_aux.noO_list_pnilnil +R25736 Allocproof_aux.dis_dsttmp1_pnilnil +R25736 Allocproof_aux.dis_dsttmp1_pnilnil +R25736 Allocproof_aux.dis_dsttmp1_pnilnil +R25736 Allocproof_aux.dis_dsttmp1_pnilnil +R25736 Allocproof_aux.dis_dsttmp1_pnilnil +R25736 Allocproof_aux.dis_dsttmp1_pnilnil +R25736 Allocproof_aux.dis_dsttmp1_pnilnil +R25770 Allocproof_aux.dis_srctmp1_pnilnil +R25770 Allocproof_aux.dis_srctmp1_pnilnil +R25770 Allocproof_aux.dis_srctmp1_pnilnil +R25770 Allocproof_aux.dis_srctmp1_pnilnil +R25770 Allocproof_aux.dis_srctmp1_pnilnil +R25770 Allocproof_aux.dis_srctmp1_pnilnil +R25770 Allocproof_aux.dis_srctmp1_pnilnil +R25770 Allocproof_aux.dis_srctmp1_pnilnil +R25770 Allocproof_aux.dis_srctmp1_pnilnil +R25770 Allocproof_aux.dis_srctmp1_pnilnil +R25866 Parallelmove.Fpmov_correct_map +R25866 Parallelmove.Fpmov_correct_map +R25903 Coqlib.list_map_exten +R25994 Conventions.temporaries +R25963 Locations.in_notin_diff +R26046 Parallelmove.getdst +R26021 Locations.disjoint_notin +R25903 Coqlib.list_map_exten +R25994 Conventions.temporaries +R25963 Locations.in_notin_diff +R25994 Conventions.temporaries +R25963 Locations.in_notin_diff +R26046 Parallelmove.getdst +R26021 Locations.disjoint_notin +R25994 Conventions.temporaries +R25963 Locations.in_notin_diff +R26046 Parallelmove.getdst +R26021 Locations.disjoint_notin +R26086 Allocproof_aux.dst_tmp2_res +R26099 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R26103 Coq.Lists.List.nil +R26108 Coq.Lists.List.nil +R26086 Allocproof_aux.dst_tmp2_res +R26099 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R26103 Coq.Lists.List.nil +R26108 Coq.Lists.List.nil +R26186 Parallelmove.app_nil +R26229 Parallelmove.getdst +R26212 Allocproof_aux.In_norepet +R26274 Parallelmove.STM_Pmov +R26292 Parallelmove.SB_Pmov +R26186 Parallelmove.app_nil +R26229 Parallelmove.getdst +R26212 Allocproof_aux.In_norepet +R26274 Parallelmove.STM_Pmov +R26292 Parallelmove.SB_Pmov +R26314 Locations.diff_sym +R26365 Conventions.temporaries +R26334 Locations.in_notin_diff +R26314 Locations.diff_sym +R26365 Conventions.temporaries +R26334 Locations.in_notin_diff +R26430 Parallelmove.getdst +R26405 Locations.disjoint_notin +R26430 Parallelmove.getdst +R26405 Locations.disjoint_notin +R26524 Parallelmove.Fpmov_correct_IT3 +R26524 Parallelmove.Fpmov_correct_IT3 +R26638 Allocproof_aux.Done_notmp3_res +R26654 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R26658 Coq.Lists.List.nil +R26663 Coq.Lists.List.nil +R26691 Parallelmove.STM_Pmov +R26709 Parallelmove.SB_Pmov +R26638 Allocproof_aux.Done_notmp3_res +R26654 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R26658 Coq.Lists.List.nil +R26663 Coq.Lists.List.nil +R26691 Parallelmove.STM_Pmov +R26691 Parallelmove.STM_Pmov +R26709 Parallelmove.SB_Pmov +R26741 Parallelmove.app_nil +R26787 Conventions.temporaries +R26764 Locations.in_notin_diff +R26741 Parallelmove.app_nil +R26787 Conventions.temporaries +R26764 Locations.in_notin_diff +R26837 Parallelmove.getdst +R26812 Locations.disjoint_notin +R26837 Parallelmove.getdst +R26812 Locations.disjoint_notin +R26910 Parallelmove.Fpmov_correct_ext +R26997 Conventions.temporaries +R26974 Locations.in_notin_diff +R26910 Parallelmove.Fpmov_correct_ext +R26997 Conventions.temporaries +R26974 Locations.in_notin_diff +R26997 Conventions.temporaries +R26974 Locations.in_notin_diff +R26997 Conventions.temporaries +R26974 Locations.in_notin_diff +R27057 Allocproof_aux.dst_tmp2_res +R27070 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R27074 Coq.Lists.List.nil +R27079 Coq.Lists.List.nil +R27057 Allocproof_aux.dst_tmp2_res +R27070 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R27074 Coq.Lists.List.nil +R27079 Coq.Lists.List.nil +R27148 Parallelmove.app_nil +R27192 Parallelmove.STM_Pmov +R27210 Parallelmove.SB_Pmov +R27148 Parallelmove.app_nil +R27192 Parallelmove.STM_Pmov +R27210 Parallelmove.SB_Pmov +R27232 Locations.diff_sym +R27275 Conventions.temporaries +R27252 Locations.in_notin_diff +R27232 Locations.diff_sym +R27275 Conventions.temporaries +R27252 Locations.in_notin_diff +R27365 Locations.diff_sym +R27416 Parallelmove.getdst +R27385 Locations.in_notin_diff +R27365 Locations.diff_sym +R27416 Parallelmove.getdst +R27385 Locations.in_notin_diff +R27654 Coq.Init.Logic "'exists' x , p" type_scope +R27729 Coq.Init.Logic "A /\ B" type_scope +R27670 LTL.exec_instrs +R27689 Allocation.parallel_move +R27773 Coq.Init.Logic "A /\ B" type_scope +R27754 Coq.Init.Logic "x = y" type_scope +R27736 Coq.Lists.List.map +R27756 Coq.Lists.List.map +R27806 Coq.Init.Logic "A /\ B" type_scope +R27793 Coq.Init.Logic "x = y" type_scope +R27786 Locations.R +R27788 Locations.IT3 +R27799 Locations.R +R27801 Locations.IT3 +R27879 Coq.Init.Logic "x = y" type_scope +R27845 Locations.notin +R27857 Conventions.temporaries +R27825 Locations.notin +R27618 Locations.disjoint +R27636 Conventions.temporaries +R27584 Locations.disjoint +R27602 Conventions.temporaries +R27563 Locations.norepet +R27538 Parallelmove.no_overlap +R27515 Coq.Init.Logic "x = y" type_scope +R27498 Coq.Lists.List.length +R27517 Coq.Lists.List.length +R27963 Allocproof_aux.parallel_move_correct' +R27987 Allocation.listsLoc2Moves +R27963 Allocproof_aux.parallel_move_correct' +R27987 Allocation.listsLoc2Moves +R28028 Allocproof_aux.getdst_lists2moves +R28028 Allocproof_aux.getdst_lists2moves +FAllocproof +R599 Coq.Init.Logic "x = y" type_scope +R556 LTL.call_regs +R574 Conventions.parameter_of_argument +R526 Coq.Lists.List.In +R532 Conventions.loc_arguments +R639 Conventions.loc_arguments_acceptable +R639 Conventions.loc_arguments_acceptable +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R914 Coq.Init.Logic "x = y" type_scope +R863 LTL.return_regs +R894 Locations.R +R897 Conventions.loc_result +R928 Locations.R +R931 Conventions.loc_result +R998 Coq.Lists.List.In_dec +R1033 Conventions.temporaries +R1013 Locations.R +R1016 Conventions.loc_result +R1005 Locations.eq +R998 Coq.Lists.List.In_dec +R1033 Conventions.temporaries +R1013 Locations.R +R1016 Conventions.loc_result +R1005 Locations.eq +R1070 Coq.Lists.List.In_dec +R1105 Conventions.destroyed_at_call +R1085 Locations.R +R1088 Conventions.loc_result +R1077 Locations.eq +R1070 Coq.Lists.List.In_dec +R1105 Conventions.destroyed_at_call +R1085 Locations.R +R1088 Conventions.loc_result +R1077 Locations.eq +R1157 Conventions.loc_result_acceptable +R1157 Conventions.loc_result_acceptable +R1334 Coq.Init.Logic "x = y" type_scope +R1302 LTL.return_regs +R1280 Conventions.loc_acceptable +R1247 Locations.notin +R1259 Conventions.destroyed_at_call +R1431 Coq.Lists.List.In_dec +R1451 Conventions.temporaries +R1446 Locations.R +R1438 Locations.eq +R1431 Coq.Lists.List.In_dec +R1451 Conventions.temporaries +R1446 Locations.R +R1438 Locations.eq +R1497 Coq.Lists.List.In_dec +R1517 Conventions.destroyed_at_call +R1512 Locations.R +R1504 Locations.eq +R1497 Coq.Lists.List.In_dec +R1517 Conventions.destroyed_at_call +R1512 Locations.R +R1504 Locations.eq +R1552 Locations.notin_not_in +R1552 Locations.notin_not_in +R1842 Registers.ge +R1861 Allocation.transfer +R1878 Maps "a !! b" +R1856 Maps "a !! b" +R1815 Coq.Lists.List.In +R1821 RTL.successors +R1802 Coq.Init.Logic "x <> y" type_scope +R1799 Maps "a ! b" +R1791 RTL.fn_code +R1805 Coq.Init.Datatypes.None +R1775 Coq.Init.Logic "x <> y" type_scope +R1772 Maps "a ! b" +R1764 RTL.fn_code +R1778 Coq.Init.Datatypes.None +R1744 Coq.Init.Logic "x = y" type_scope +R1734 Allocation.analyze +R1746 Coq.Init.Datatypes.Some +R1725 RTL.node +R1725 RTL.node +R1702 Maps.t +R1709 Registers.t +R1685 RTL.function +R1910 Allocation.fixpoint_solution +R1910 Allocation.fixpoint_solution +R1973 RTL.fn_code_wf +R1973 RTL.fn_code_wf +R2026 RTL.fn_code_wf +R2026 RTL.fn_code_wf +R2149 Allocation.transfer +R2186 Maps "a !! b" +R2192 RTL.fn_entrypoint +R2163 RTL.fn_entrypoint +R2127 Maps.t +R2134 Registers.t +R2106 RTL.function +R2256 RTL.function +R2280 RTLtyping.regenv +R2303 Maps.t +R2310 Registers.t +R2343 Locations.loc +R2336 Registers.reg +R2401 Coq.Init.Logic "x = y" type_scope +R2366 Coloring.regalloc +R2383 Allocproof.live0 +R2403 Coq.Init.Datatypes.Some +R2500 Locations.diff +R2491 Coq.Init.Logic "x <> y" type_scope +R2467 Conventions.loc_acceptable +R2661 Coqlib.zeq +R2661 Coqlib.zeq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R2849 Locations.diff +R2840 Coq.Init.Logic "x <> y" type_scope +R2896 Allocproof.loc_acceptable_noteq_diff +R2896 Allocproof.loc_acceptable_noteq_diff +R2933 Coloringproof.regalloc_acceptable +R2933 Coloringproof.regalloc_acceptable +R3065 Locations.notin +R3051 Coq.Init.Logic "~ x" type_scope +R3053 Coq.Lists.List.In +R3029 Conventions.loc_acceptable +R3142 Allocproof.loc_acceptable_noteq_diff +R3142 Allocproof.loc_acceptable_noteq_diff +R3190 Coq.Init.Logic.sym_not_equal +R3190 Coq.Init.Logic.sym_not_equal +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R3320 Locations.notin +R3298 Coq.Init.Logic "~ x" type_scope +R3300 Coq.Lists.List.In +R3367 Allocproof.loc_acceptable_notin_notin +R3367 Allocproof.loc_acceptable_notin_notin +R3405 Coloringproof.regalloc_acceptable +R3405 Coloringproof.regalloc_acceptable +R3532 Locations.norepet +R3545 Coq.Lists.List.map +R3494 Coqlib.list_norepet +R3508 Coq.Lists.List.map +R3611 Locations.norepet_nil +R3611 Locations.norepet_nil +R3651 Locations.norepet_cons +R3651 Locations.norepet_cons +R3678 Allocproof.regalloc_notin_notin +R3678 Allocproof.regalloc_notin_notin +R3773 Locations.notin +R3793 Conventions.temporaries +R3764 Registers.reg +R3829 Conventions.temporaries_not_acceptable +R3829 Conventions.temporaries_not_acceptable +R3867 Coloringproof.regalloc_acceptable +R3867 Coloringproof.regalloc_acceptable +R3961 Locations.disjoint +R3994 Conventions.temporaries +R3975 Coq.Lists.List.map +R3948 Coq.Lists.List.list +R3953 Registers.reg +R4033 Locations.notin_disjoint +R4033 Locations.notin_disjoint +R4075 Coqlib.list_in_map_inv +R4075 Coqlib.list_in_map_inv +R4138 Allocproof.regalloc_not_temporary +R4138 Allocproof.regalloc_not_temporary +R4307 RTL.function +R4335 RTLtyping.regenv +R4359 Maps.t +R4366 Registers.t +R4400 Locations.loc +R4393 Registers.reg +R4463 Coq.Init.Logic "x = y" type_scope +R4426 Coloring.regalloc +R4444 Allocproof.live0 +R4465 Coq.Init.Datatypes.Some +R4610 Coq.Init.Logic "x = y" type_scope +R4614 Registers "a # b" +R4586 Coq.Init.Logic "x = y" type_scope +R4568 Registers.mem +R4588 Coq.Init.Datatypes.true +R4562 Registers.reg +R4531 LTL.locset +R4518 RTL.regset +R4503 Registers.t +R4721 Allocproof.agree +R4698 Allocproof.agree +R4673 Registers.ge +R4885 Allocproof.agree +R4852 Allocproof.agree +R4926 Allocproof.agree_increasing +R4926 Allocproof.agree_increasing +R4988 Registers.eq +R4988 Registers.eq +R5027 Registers.mem_add_same +R5027 Registers.mem_add_same +R5058 Registers.mem_add_other +R5058 Registers.mem_add_other +R5190 Allocproof.agree +R5151 Allocproof.agree +R5158 Allocation.reg_list_live +R5269 Allocproof.agree_reg_live +R5269 Allocproof.agree_reg_live +R5414 Allocproof.agree +R5375 Allocproof.agree +R5382 Allocation.reg_sum_live +R5483 Allocproof.agree_reg_live +R5483 Allocproof.agree_reg_live +R5622 Coq.Init.Logic "x = y" type_scope +R5626 Registers "a # b" +R5575 Allocproof.agree +R5662 Registers.mem_add_same +R5662 Registers.mem_add_same +R5812 Coq.Init.Logic "x = y" type_scope +R5779 Coq.Lists.List.map +R5792 Coq.Lists.List.map +R5816 Registers "a ## b" +R5738 Allocproof.agree +R5745 Allocation.reg_list_live +R5884 Coq.Init.Logic.f_equal2 +R5895 Coq.Lists.List.cons +R5900 Values.val +R5884 Coq.Init.Logic.f_equal2 +R5895 Coq.Lists.List.cons +R5900 Values.val +R5916 Allocproof.agree_eval_reg +R5916 Allocproof.agree_eval_reg +R5951 Allocproof.agree_reg_list_live +R5951 Allocproof.agree_reg_list_live +R6142 Allocproof.agree +R6129 Coq.Init.Logic "x = y" type_scope +R6096 Locations.notin +R6108 Conventions.temporaries +R6063 Allocproof.agree +R6229 Allocproof.regalloc_not_temporary +R6229 Allocproof.regalloc_not_temporary +R6371 Allocproof.agree +R6385 Registers "a # b <- c" +R6349 Allocproof.agree +R6336 Coq.Init.Logic "x = y" type_scope +R6318 Registers.mem +R6338 Coq.Init.Datatypes.false +R6437 Registers.eq +R6437 Registers.eq +R6492 Registers.gso +R6492 Registers.gso +R6795 Allocproof.agree +R6809 Registers "a # b <- c" +R6760 Allocproof.agree +R6747 Coq.Init.Logic "x = y" type_scope +R6714 Locations.notin +R6726 Conventions.temporaries +R6689 Locations.diff +R6669 Coq.Init.Logic "x = y" type_scope +R6636 Coq.Init.Logic "x <> y" type_scope +R6619 Coq.Init.Logic "x <> y" type_scope +R6607 Coq.Init.Logic "x = y" type_scope +R6589 Registers.mem +R6609 Coq.Init.Datatypes.true +R6862 Registers.eq +R6862 Registers.eq +R6903 Registers.gss +R6903 Registers.gss +R6937 Registers.gso +R6937 Registers.gso +R6987 Registers.mem_remove_other +R6987 Registers.mem_remove_other +R7034 Allocproof.regalloc_noteq_diff +R7034 Allocproof.regalloc_noteq_diff +R7093 Allocproof.regalloc_not_temporary +R7093 Allocproof.regalloc_not_temporary +R7477 Allocproof.agree +R7491 Registers "a # b <- c" +R7502 Registers "a # b" +R7425 Allocproof.agree +R7412 Coq.Init.Logic "x = y" type_scope +R7379 Locations.notin +R7391 Conventions.temporaries +R7352 Locations.diff +R7318 Coq.Init.Logic "x = y" type_scope +R7281 Coq.Init.Logic "x <> y" type_scope +R7256 Coq.Init.Logic "x <> y" type_scope +R7244 Coq.Init.Logic "x <> y" type_scope +R7232 Coq.Init.Logic "x = y" type_scope +R7214 Registers.mem +R7234 Coq.Init.Datatypes.true +R7187 LTL.locset +R7187 LTL.locset +R7554 Registers.eq +R7554 Registers.eq +R7595 Registers.gss +R7595 Registers.gss +R7637 Registers.mem_add_same +R7637 Registers.mem_add_same +R7668 Registers.gso +R7668 Registers.gso +R7694 Locations.eq +R7694 Locations.eq +R7767 Registers.eq +R7767 Registers.eq +R7816 Registers.mem_add_same +R7816 Registers.mem_add_same +R7890 Registers.eq +R7890 Registers.eq +R7927 Registers.mem_add_same +R7927 Registers.mem_add_same +R7958 Registers.mem_add_other +R7958 Registers.mem_add_other +R7996 Registers.mem_remove_other +R7996 Registers.mem_remove_other +R8036 Allocproof.regalloc_noteq_diff +R8036 Allocproof.regalloc_noteq_diff +R8073 Allocproof.regalloc_not_temporary +R8073 Allocproof.regalloc_not_temporary +R8601 Allocproof.agree +R8615 Registers "a # b <- c" +R8524 Allocproof.agree +R8531 Allocation.reg_list_live +R8551 Allocation.reg_sum_live +R8511 Coq.Init.Logic "x = y" type_scope +R8474 Locations.diff +R8454 Conventions.loc_acceptable +R8421 Locations.notin +R8433 Conventions.destroyed_at_call +R8397 Coq.Init.Logic "x = y" type_scope +R8360 Coq.Init.Logic "x <> y" type_scope +R8341 Coq.Init.Logic "x <> y" type_scope +R8329 Coq.Init.Logic "x = y" type_scope +R8311 Registers.mem +R8331 Coq.Init.Datatypes.true +R8243 Coq.Init.Logic "~ x" type_scope +R8245 Coq.Lists.List.In +R8259 Conventions.destroyed_at_call +R8229 Coq.Init.Logic "x <> y" type_scope +R8213 Coq.Init.Logic "x = y" type_scope +R8195 Registers.mem +R8215 Coq.Init.Datatypes.true +R8169 LTL.locset +R8169 LTL.locset +R8659 Allocproof.agree +R8659 Allocproof.agree +R8701 Allocproof.agree_reg_sum_live +R8701 Allocproof.agree_reg_sum_live +R8739 Allocproof.agree_reg_list_live +R8739 Allocproof.agree_reg_list_live +R8806 Registers.eq +R8806 Registers.eq +R8847 Registers.gss +R8847 Registers.gss +R8881 Registers.gso +R8881 Registers.gso +R8931 Registers.mem_remove_other +R8931 Registers.mem_remove_other +R8971 Allocproof.regalloc_notin_notin +R8971 Allocproof.regalloc_notin_notin +R9010 Coloringproof.regalloc_acceptable +R9010 Coloringproof.regalloc_acceptable +R9047 Allocproof.regalloc_noteq_diff +R9047 Allocproof.regalloc_noteq_diff +R9337 Allocproof.agree +R9349 RTL.init_regs +R9278 Allocproof.agree +R9309 Registers.init +R9321 Values.Vundef +R9285 Allocation.reg_list_dead +R9268 Coq.Init.Logic "x = y" type_scope +R9235 Coq.Lists.List.map +R9248 Coq.Lists.List.map +R9216 Coq.Init.Logic "x <> y" type_scope +R9193 Coq.Init.Logic "x <> y" type_scope +R9180 Coq.Init.Logic "x = y" type_scope +R9161 Registers.mem +R9182 Coq.Init.Datatypes.true +R9149 Coq.Lists.List.In +R9462 Allocproof.agree +R9487 RTL.init_regs +R9462 Allocproof.agree +R9487 RTL.init_regs +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R9556 Registers.eq +R9556 Registers.eq +R9598 Registers.mem_remove_same +R9598 Registers.mem_remove_same +R9652 Registers.mem_remove_other +R9652 Registers.mem_remove_other +R9742 Registers.eq +R9742 Registers.eq +R9781 Registers.gss +R9781 Registers.gss +R9816 Registers.gso +R9816 Registers.gso +R9855 Registers.mem_remove_other +R9855 Registers.mem_remove_other +R10130 Allocproof.agree +R10153 RTL.init_regs +R10137 Allocproof.live0 +R10115 Coq.Init.Logic "x = y" type_scope +R10117 Values.Vundef +R10086 Coq.Init.Logic "x = y" type_scope +R10034 Registers.mem +R10048 Allocation.reg_list_dead +R10070 Allocproof.live0 +R10088 Coq.Init.Datatypes.true +R10008 Coq.Init.Logic "x = y" type_scope +R9971 Coq.Lists.List.map +R9984 Coq.Lists.List.map +R9951 RTL.fn_params +R10201 Allocproof.agree_init_regs +R10201 Allocproof.agree_init_regs +R10236 Coloringproof.regalloc_correct_3 +R10236 Coloringproof.regalloc_correct_3 +R10301 Registers.gi +R10301 Registers.gi +R10400 LTL.genv +R10423 Values.val +R10480 Coq.Init.Logic "A \/ B" type_scope +R10476 Coq.Init.Logic "x = y" type_scope +R10463 Locations.R +R10465 Allocation.reg_for +R10483 Coq.Lists.List.In +R10502 Conventions.temporaries +R10487 Locations.R +R10490 Allocation.reg_for +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R10575 Locations.slot_type +R10575 Locations.slot_type +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R10662 Coq.Init.Logic "'exists' x , p" type_scope +R10730 Coq.Init.Logic "A /\ B" type_scope +R10676 LTL.exec_instrs +R10695 Allocation.add_reload +R10756 Coq.Init.Logic "A /\ B" type_scope +R10747 Coq.Init.Logic "x = y" type_scope +R10740 Locations.R +R10799 Coq.Init.Logic "x = y" type_scope +R10771 Locations.diff +R10781 Locations.R +R10865 Locations.mreg_eq +R10865 Locations.mreg_eq +R10926 LTL.exec_refl +R10926 LTL.exec_refl +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R10954 Locations.set +R10978 Locations.R +R10966 Locations.R +R10954 Locations.set +R10978 Locations.R +R10966 Locations.R +R11005 LTL.exec_one +R11021 LTL.exec_Bop +R11005 LTL.exec_one +R11021 LTL.exec_Bop +R11061 Locations.gss +R11061 Locations.gss +R11090 Locations.gso +R11090 Locations.gso +R11118 Locations.set +R11142 Locations.S +R11130 Locations.R +R11118 Locations.set +R11142 Locations.S +R11130 Locations.R +R11168 LTL.exec_one +R11184 LTL.exec_Bgetstack +R11168 LTL.exec_one +R11184 LTL.exec_Bgetstack +R11216 Locations.gss +R11216 Locations.gss +R11245 Locations.gso +R11245 Locations.gso +R11321 Coq.Init.Logic "'exists' x , p" type_scope +R11388 Coq.Init.Logic "A /\ B" type_scope +R11335 LTL.exec_instrs +R11354 Allocation.add_spill +R11414 Coq.Init.Logic "A /\ B" type_scope +R11401 Coq.Init.Logic "x = y" type_scope +R11407 Locations.R +R11453 Coq.Init.Logic "x = y" type_scope +R11429 Locations.diff +R11518 Locations.mreg_eq +R11518 Locations.mreg_eq +R11579 LTL.exec_refl +R11579 LTL.exec_refl +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R11607 Locations.set +R11630 Locations.R +R11619 Locations.R +R11607 Locations.set +R11630 Locations.R +R11619 Locations.R +R11658 LTL.exec_one +R11658 LTL.exec_one +R11674 LTL.exec_Bop +R11674 LTL.exec_Bop +R11712 Locations.gss +R11712 Locations.gss +R11740 Locations.gso +R11740 Locations.gso +R11768 Locations.set +R11790 Locations.R +R11780 Locations.S +R11768 Locations.set +R11790 Locations.R +R11780 Locations.S +R11818 LTL.exec_one +R11818 LTL.exec_one +R11834 LTL.exec_Bsetstack +R11834 LTL.exec_Bsetstack +R11866 Locations.gss +R11866 Locations.gss +R11894 Locations.gso +R11894 Locations.gso +R12270 Coq.Init.Logic "'exists' x , p" type_scope +R12368 Coq.Init.Logic "A /\ B" type_scope +R12284 LTL.exec_instrs +R12303 Allocation.add_reloads +R12321 Allocation.regs_for_rec +R12431 Coq.Init.Logic "A /\ B" type_scope +R12417 Coq.Init.Logic "x = y" type_scope +R12373 LTL.reglist +R12382 Allocation.regs_for_rec +R12419 Coq.Lists.List.map +R12501 Coq.Init.Logic "A /\ B" type_scope +R12491 Coq.Init.Logic "x = y" type_scope +R12486 Locations.R +R12497 Locations.R +R12464 Coq.Init.Logic "~ x" type_scope +R12466 Coq.Lists.List.In +R12447 Coq.Init.Logic "~ x" type_scope +R12449 Coq.Lists.List.In +R12529 Coq.Init.Logic "x = y" type_scope +R12524 Locations.S +R12535 Locations.S +R12246 Coqlib.list_norepet +R12222 Coqlib.list_norepet +R12191 Coqlib.list_disjoint +R12179 Coq.Init.Logic.False +R12165 Coq.Lists.List.In +R12148 Coq.Lists.List.In +R12152 Locations.R +R12125 Coq.Init.Logic.False +R12111 Coq.Lists.List.In +R12094 Coq.Lists.List.In +R12098 Locations.R +R12052 Coq.Init.Peano "x <= y" nat_scope +R12035 Coq.Lists.List.length +R12055 Coq.Lists.List.length +R12003 Coq.Init.Peano "x <= y" nat_scope +R11986 Coq.Lists.List.length +R12006 Coq.Lists.List.length +R12626 LTL.exec_refl +R12626 LTL.exec_refl +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R12795 Coq.Init.Peano "x <= y" nat_scope +R12783 Coq.Lists.List.length +R12798 Coq.Lists.List.length +R12795 Coq.Init.Peano "x <= y" nat_scope +R12783 Coq.Lists.List.length +R12798 Coq.Lists.List.length +R12852 Coq.Init.Peano "x <= y" nat_scope +R12840 Coq.Lists.List.length +R12855 Coq.Lists.List.length +R12852 Coq.Init.Peano "x <= y" nat_scope +R12840 Coq.Lists.List.length +R12855 Coq.Lists.List.length +R12937 Coq.Init.Logic.False +R12923 Coq.Lists.List.In +R12906 Coq.Lists.List.In +R12910 Locations.R +R12937 Coq.Init.Logic.False +R12923 Coq.Lists.List.In +R12906 Coq.Lists.List.In +R12910 Locations.R +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R13055 Coq.Init.Logic.False +R13041 Coq.Lists.List.In +R13024 Coq.Lists.List.In +R13028 Locations.R +R13055 Coq.Init.Logic.False +R13041 Coq.Lists.List.In +R13024 Coq.Lists.List.In +R13028 Locations.R +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R13131 Coqlib.list_disjoint +R13131 Coqlib.list_disjoint +R13170 Coqlib.list_disjoint_cons_left +R13170 Coqlib.list_disjoint_cons_left +R13206 Coqlib.list_disjoint_cons_right +R13206 Coqlib.list_disjoint_cons_right +R13253 Coqlib.list_norepet +R13253 Coqlib.list_norepet +R13312 Coqlib.list_norepet +R13312 Coqlib.list_norepet +R13545 Locations.mreg_eq +R13545 Locations.mreg_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R13598 Coq.Init.Logic.f_equal2 +R13609 Coq.Lists.List.cons +R13614 Values.val +R13598 Coq.Init.Logic.f_equal2 +R13609 Coq.Lists.List.cons +R13614 Values.val +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R13892 Locations.slot_type +R13909 AST.Tint +R13922 AST.Tfloat +R13892 Locations.slot_type +R13909 AST.Tint +R13922 AST.Tfloat +R13955 Coq.Init.Logic "~ x" type_scope +R13957 Coq.Lists.List.In +R13955 Coq.Init.Logic "~ x" type_scope +R13957 Coq.Lists.List.In +R13995 Locations.slot_type +R13995 Locations.slot_type +R14073 Coq.Lists.List "x :: y" list_scope +R14044 Coqlib.list_disjoint_notin +R14073 Coq.Lists.List "x :: y" list_scope +R14044 Coqlib.list_disjoint_notin +R14095 Coqlib.list_disjoint_sym +R14095 Coqlib.list_disjoint_sym +R14120 Coqlib.list_disjoint_cons_left +R14120 Coqlib.list_disjoint_cons_left +R14195 Coq.Init.Logic "~ x" type_scope +R14197 Coq.Lists.List.In +R14195 Coq.Init.Logic "~ x" type_scope +R14197 Coq.Lists.List.In +R14235 Locations.slot_type +R14235 Locations.slot_type +R14288 Coq.Lists.List "x :: y" list_scope +R14259 Coqlib.list_disjoint_notin +R14288 Coq.Lists.List "x :: y" list_scope +R14259 Coqlib.list_disjoint_notin +R14310 Coqlib.list_disjoint_cons_right +R14310 Coqlib.list_disjoint_cons_right +R14415 Allocproof.add_reload_correct +R14452 Allocation.add_reloads +R14470 Allocation.regs_for_rec +R14435 Locations.S +R14415 Allocproof.add_reload_correct +R14452 Allocation.add_reloads +R14470 Allocation.regs_for_rec +R14435 Locations.S +R14682 LTL.exec_trans +R14682 LTL.exec_trans +R14724 Coq.Init.Logic.f_equal2 +R14735 Coq.Lists.List.cons +R14740 Values.val +R14724 Coq.Init.Logic.f_equal2 +R14735 Coq.Lists.List.cons +R14740 Values.val +R14791 Coqlib.list_map_exten +R14791 Coqlib.list_map_exten +R14863 Coq.Init.Logic.I +R14863 Coq.Init.Logic.I +R14863 Coq.Init.Logic.I +R14930 Locations.slot_type +R14930 Locations.slot_type +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R15146 Locations.slot_type +R15146 Locations.slot_type +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R15224 Coq.Init.Logic.I +R15224 Coq.Init.Logic.I +R15352 Coq.Init.Logic "'exists' x , p" type_scope +R15434 Coq.Init.Logic "A /\ B" type_scope +R15366 LTL.exec_instrs +R15385 Allocation.add_reloads +R15403 Allocation.regs_for +R15486 Coq.Init.Logic "A /\ B" type_scope +R15467 Coq.Init.Logic "x = y" type_scope +R15439 LTL.reglist +R15448 Allocation.regs_for +R15469 Coq.Lists.List.map +R15534 Coq.Init.Logic "x = y" type_scope +R15501 Locations.notin +R15513 Conventions.temporaries +R15317 Locations.disjoint +R15335 Conventions.temporaries +R15302 Coq.Init.Peano "x <= y" nat_scope +R15285 Coq.Lists.List.length +R15580 Coq.Lists.List "x :: y" list_scope +R15576 Locations.IT1 +R15587 Coq.Lists.List "x :: y" list_scope +R15583 Locations.IT2 +R15594 Coq.Lists.List "x :: y" list_scope +R15590 Locations.IT3 +R15597 Coq.Lists.List.nil +R15580 Coq.Lists.List "x :: y" list_scope +R15576 Locations.IT1 +R15587 Coq.Lists.List "x :: y" list_scope +R15583 Locations.IT2 +R15594 Coq.Lists.List "x :: y" list_scope +R15590 Locations.IT3 +R15597 Coq.Lists.List.nil +R15624 Coq.Lists.List "x :: y" list_scope +R15620 Locations.FT1 +R15631 Coq.Lists.List "x :: y" list_scope +R15627 Locations.FT2 +R15638 Coq.Lists.List "x :: y" list_scope +R15634 Locations.FT3 +R15641 Coq.Lists.List.nil +R15624 Coq.Lists.List "x :: y" list_scope +R15620 Locations.FT1 +R15631 Coq.Lists.List "x :: y" list_scope +R15627 Locations.FT2 +R15638 Coq.Lists.List "x :: y" list_scope +R15634 Locations.FT3 +R15641 Coq.Lists.List.nil +R15679 Coq.Init.Peano "x <= y" nat_scope +R15662 Coq.Lists.List.length +R15682 Coq.Lists.List.length +R15679 Coq.Init.Peano "x <= y" nat_scope +R15662 Coq.Lists.List.length +R15682 Coq.Lists.List.length +R15776 Coq.Init.Peano "x <= y" nat_scope +R15759 Coq.Lists.List.length +R15779 Coq.Lists.List.length +R15776 Coq.Init.Peano "x <= y" nat_scope +R15759 Coq.Lists.List.length +R15779 Coq.Lists.List.length +R15896 Coq.Init.Logic.False +R15882 Coq.Lists.List.In +R15865 Coq.Lists.List.In +R15869 Locations.R +R15896 Coq.Init.Logic.False +R15882 Coq.Lists.List.In +R15865 Coq.Lists.List.In +R15869 Locations.R +R15924 Coq.Lists.List.In +R15933 Conventions.temporaries +R15928 Locations.R +R15924 Coq.Lists.List.In +R15933 Conventions.temporaries +R15928 Locations.R +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R16094 Coq.Init.Logic.False +R16080 Coq.Lists.List.In +R16063 Coq.Lists.List.In +R16067 Locations.R +R16094 Coq.Init.Logic.False +R16080 Coq.Lists.List.In +R16063 Coq.Lists.List.In +R16067 Locations.R +R16122 Coq.Lists.List.In +R16131 Conventions.temporaries +R16126 Locations.R +R16122 Coq.Lists.List.In +R16131 Conventions.temporaries +R16126 Locations.R +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R16251 Coqlib.list_disjoint +R16251 Coqlib.list_disjoint +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R16345 Coqlib.list_norepet +R16345 Coqlib.list_norepet +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R16407 Coqlib.list_norepet +R16407 Coqlib.list_norepet +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R16469 Allocproof.add_reloads_correct_rec +R16469 Allocproof.add_reloads_correct_rec +R16695 Locations.notin_not_in +R16695 Locations.notin_not_in +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R16764 Locations.notin_not_in +R16764 Locations.notin_not_in +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R16890 Coq.Init.Logic "'exists' x , p" type_scope +R16956 Coq.Init.Logic "A /\ B" type_scope +R16904 LTL.exec_instrs +R16923 Allocation.add_move +R16978 Coq.Init.Logic "A /\ B" type_scope +R16969 Coq.Init.Logic "x = y" type_scope +R17061 Coq.Init.Logic "x = y" type_scope +R17033 Locations.diff +R17045 Locations.R +R17047 Locations.FT1 +R17011 Locations.diff +R17023 Locations.R +R17025 Locations.IT1 +R16993 Locations.diff +R17111 Locations.eq +R17111 Locations.eq +R17172 LTL.exec_refl +R17172 LTL.exec_refl +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R17246 Allocproof.add_spill_correct +R17246 Allocproof.add_spill_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R17351 Locations.diff_sym +R17351 Locations.diff_sym +R17445 Allocproof.add_reload_correct +R17465 Locations.S +R17445 Allocproof.add_reload_correct +R17465 Locations.S +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R17553 Locations.diff_sym +R17553 Locations.diff_sym +R17629 Locations.slot_type +R17646 AST.Tint +R17654 Locations.IT1 +R17660 AST.Tfloat +R17670 Locations.FT1 +R17629 Locations.slot_type +R17646 AST.Tint +R17654 Locations.IT1 +R17660 AST.Tfloat +R17670 Locations.FT1 +R17694 Allocproof.add_reload_correct +R17724 Allocation.add_spill +R17739 Locations.S +R17714 Locations.S +R17694 Allocproof.add_reload_correct +R17724 Allocation.add_spill +R17739 Locations.S +R17714 Locations.S +R17803 Allocproof.add_spill_correct +R17826 Locations.S +R17803 Allocproof.add_spill_correct +R17826 Locations.S +R17906 LTL.exec_trans +R17906 LTL.exec_trans +R17991 Locations.diff_sym +R17991 Locations.diff_sym +R18023 Locations.slot_type +R18023 Locations.slot_type +R18051 Locations.diff_sym +R18051 Locations.diff_sym +R18300 Coq.Init.Logic "'exists' x , p" type_scope +R18373 Coq.Init.Logic "A /\ B" type_scope +R18314 LTL.exec_instrs +R18333 Allocation.parallel_move +R18415 Coq.Init.Logic "A /\ B" type_scope +R18396 Coq.Init.Logic "x = y" type_scope +R18378 Coq.Lists.List.map +R18398 Coq.Lists.List.map +R18445 Coq.Init.Logic "A /\ B" type_scope +R18432 Coq.Init.Logic "x = y" type_scope +R18425 Locations.R +R18427 Locations.IT3 +R18438 Locations.R +R18440 Locations.IT3 +R18513 Coq.Init.Logic "x = y" type_scope +R18480 Locations.notin +R18492 Conventions.temporaries +R18460 Locations.notin +R18265 Locations.disjoint +R18283 Conventions.temporaries +R18230 Locations.disjoint +R18248 Conventions.temporaries +R18208 Locations.norepet +R18178 Locations.no_overlap +R18154 Coq.Init.Logic "x = y" type_scope +R18137 Coq.Lists.List.length +R18156 Coq.Lists.List.length +R18537 Allocproof_aux.parallel_move_correctX +R18537 Allocproof_aux.parallel_move_correctX +R18576 Allocproof.add_move_correct +R18576 Allocproof.add_move_correct +R18781 Coq.Init.Logic "'exists' x , p" type_scope +R18855 Coq.Init.Logic "A /\ B" type_scope +R18795 LTL.exec_block +R18841 LTL.Cont +R18813 Allocation.add_op +R18873 Coq.Init.Logic "A /\ B" type_scope +R18868 Coq.Init.Logic "x = y" type_scope +R18939 Coq.Init.Logic "x = y" type_scope +R18906 Locations.notin +R18918 Conventions.temporaries +R18888 Locations.diff +R18767 Coq.Init.Logic "x = y" type_scope +R18724 Op.eval_operation +R18749 Coq.Lists.List.map +R18769 Coq.Init.Datatypes.Some +R18689 Locations.disjoint +R18707 Conventions.temporaries +R18674 Coq.Init.Peano "x <= y" nat_scope +R18657 Coq.Lists.List.length +R18990 Op.is_move_operation +R18990 Op.is_move_operation +R19064 Op.is_move_operation_correct +R19064 Op.is_move_operation_correct +R19164 Allocproof.add_move_correct +R19190 LTL.Bgoto +R19164 Allocproof.add_move_correct +R19190 LTL.Bgoto +R19269 LTL.exec_Bgoto +R19269 LTL.exec_Bgoto +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R19462 Allocation.regs_for +R19462 Allocation.regs_for +R19491 Allocation.reg_for +R19491 Allocation.reg_for +R19519 Allocproof.add_reloads_correct +R19561 LTL.Bop +R19580 Allocation.add_spill +R19600 LTL.Bgoto +R19519 Allocproof.add_reloads_correct +R19561 LTL.Bop +R19580 Allocation.add_spill +R19600 LTL.Bgoto +R19690 Locations.set +R19702 Locations.R +R19690 Locations.set +R19702 Locations.R +R19732 Allocproof.add_spill_correct +R19760 LTL.Bgoto +R19732 Allocproof.add_spill_correct +R19760 LTL.Bgoto +R19842 LTL.exec_Bgoto +R19842 LTL.exec_Bgoto +R19861 LTL.exec_trans +R19861 LTL.exec_trans +R19895 LTL.exec_trans +R19895 LTL.exec_trans +R19923 LTL.exec_one +R19923 LTL.exec_one +R19951 LTL.exec_Bop +R19951 LTL.exec_Bop +R20039 Locations.gss +R20039 Locations.gss +R20098 Locations.gso +R20098 Locations.gso +R20147 Locations.diff_sym +R20147 Locations.diff_sym +R20180 Allocproof.reg_for_spec +R20180 Allocproof.reg_for_spec +R20236 Locations.in_notin_diff +R20236 Locations.in_notin_diff +R20268 Locations.diff_sym +R20268 Locations.diff_sym +R20519 Coq.Init.Logic "'exists' x , p" type_scope +R20603 Coq.Init.Logic "A /\ B" type_scope +R20533 LTL.exec_block +R20589 LTL.Cont +R20551 Allocation.add_load +R20620 Coq.Init.Logic "A /\ B" type_scope +R20616 Coq.Init.Logic "x = y" type_scope +R20686 Coq.Init.Logic "x = y" type_scope +R20653 Locations.notin +R20665 Conventions.temporaries +R20635 Locations.diff +R20505 Coq.Init.Logic "x = y" type_scope +R20489 Mem.loadv +R20507 Coq.Init.Datatypes.Some +R20475 Coq.Init.Logic "x = y" type_scope +R20429 Op.eval_addressing +R20457 Coq.Lists.List.map +R20477 Coq.Init.Datatypes.Some +R20394 Locations.disjoint +R20412 Conventions.temporaries +R20379 Coq.Init.Peano "x <= y" nat_scope +R20362 Coq.Lists.List.length +R20745 Allocation.regs_for +R20745 Allocation.regs_for +R20774 Allocation.reg_for +R20774 Allocation.reg_for +R20820 Coq.Init.Peano "x <= y" nat_scope +R20803 Coq.Lists.List.length +R20820 Coq.Init.Peano "x <= y" nat_scope +R20803 Coq.Lists.List.length +R20853 Allocproof.add_reloads_correct +R20895 LTL.Bload +R20924 Allocation.add_spill +R20944 LTL.Bgoto +R20853 Allocproof.add_reloads_correct +R20895 LTL.Bload +R20924 Allocation.add_spill +R20944 LTL.Bgoto +R21035 Locations.set +R21047 Locations.R +R21035 Locations.set +R21047 Locations.R +R21077 Allocproof.add_spill_correct +R21105 LTL.Bgoto +R21077 Allocproof.add_spill_correct +R21105 LTL.Bgoto +R21187 LTL.exec_Bgoto +R21187 LTL.exec_Bgoto +R21206 LTL.exec_trans +R21206 LTL.exec_trans +R21234 LTL.exec_trans +R21234 LTL.exec_trans +R21262 LTL.exec_one +R21262 LTL.exec_one +R21291 LTL.exec_Bload +R21291 LTL.exec_Bload +R21405 Locations.gss +R21405 Locations.gss +R21463 Locations.gso +R21463 Locations.gso +R21513 Locations.diff_sym +R21513 Locations.diff_sym +R21546 Allocproof.reg_for_spec +R21546 Allocproof.reg_for_spec +R21601 Locations.in_notin_diff +R21601 Locations.in_notin_diff +R21633 Locations.diff_sym +R21633 Locations.diff_sym +R21928 Coq.Init.Logic "'exists' x , p" type_scope +R22014 Coq.Init.Logic "A /\ B" type_scope +R21942 LTL.exec_block +R21999 LTL.Cont +R21960 Allocation.add_store +R22062 Coq.Init.Logic "x = y" type_scope +R22029 Locations.notin +R22041 Conventions.temporaries +R21913 Coq.Init.Logic "x = y" type_scope +R21887 Mem.storev +R21915 Coq.Init.Datatypes.Some +R21873 Coq.Init.Logic "x = y" type_scope +R21827 Op.eval_addressing +R21855 Coq.Lists.List.map +R21875 Coq.Init.Datatypes.Some +R21796 Locations.notin +R21810 Conventions.temporaries +R21761 Locations.disjoint +R21779 Conventions.temporaries +R21746 Coq.Init.Peano "x <= y" nat_scope +R21729 Coq.Lists.List.length +R22129 Coq.Init.Peano "x <= y" nat_scope +R22103 Coq.Lists.List.length +R22120 Coq.Lists.List "x :: y" list_scope +R22129 Coq.Init.Peano "x <= y" nat_scope +R22103 Coq.Lists.List.length +R22120 Coq.Lists.List "x :: y" list_scope +R22175 Locations.disjoint +R22202 Conventions.temporaries +R22193 Coq.Lists.List "x :: y" list_scope +R22175 Locations.disjoint +R22202 Conventions.temporaries +R22193 Coq.Lists.List "x :: y" list_scope +R22271 Locations.in_notin_diff +R22271 Locations.in_notin_diff +R22347 Allocation.regs_for +R22361 Coq.Lists.List "x :: y" list_scope +R22347 Allocation.regs_for +R22361 Coq.Lists.List "x :: y" list_scope +R22458 Allocproof.add_reloads_correct +R22508 LTL.Bstore +R22538 LTL.Bgoto +R22483 Coq.Lists.List "x :: y" list_scope +R22458 Allocproof.add_reloads_correct +R22508 LTL.Bstore +R22538 LTL.Bgoto +R22483 Coq.Lists.List "x :: y" list_scope +R22718 LTL.exec_Bgoto +R22718 LTL.exec_Bgoto +R22740 LTL.exec_trans +R22740 LTL.exec_trans +R22788 LTL.exec_one +R22788 LTL.exec_one +R22804 LTL.exec_Bstore +R22804 LTL.exec_Bstore +R23125 Coq.Init.Logic "'exists' x , p" type_scope +R23208 Coq.Init.Logic "A /\ B" type_scope +R23139 LTL.exec_block +R23194 LTL.Cont +R23157 Allocation.add_cond +R23256 Coq.Init.Logic "x = y" type_scope +R23223 Locations.notin +R23235 Conventions.temporaries +R23090 Coq.Init.Logic "x = y" type_scope +R23074 Coq.Init.Logic "x = y" type_scope +R23035 Op.eval_condition +R23056 Coq.Lists.List.map +R23076 Coq.Init.Datatypes.Some +R23000 Locations.disjoint +R23018 Conventions.temporaries +R22985 Coq.Init.Peano "x <= y" nat_scope +R22968 Coq.Lists.List.length +R23314 Allocation.regs_for +R23314 Allocation.regs_for +R23344 Allocproof.add_reloads_correct +R23385 LTL.Bcond +R23344 Allocproof.add_reloads_correct +R23385 LTL.Bcond +R23551 LTL.exec_Bcond_true +R23551 LTL.exec_Bcond_true +R23633 LTL.exec_Bcond_false +R23633 LTL.exec_Bcond_false +R23788 Coq.Init.Datatypes.option +R23795 LTL.function +R23828 Coq.Init.Datatypes.inl +R23837 Globalenvs.find_funct +R23867 Coq.Init.Datatypes.inr +R23891 Globalenvs.find_symbol +R23929 Coq.Init.Datatypes.None +R23937 Coq.Init.Datatypes.None +R23950 Coq.Init.Datatypes.Some +R23960 Globalenvs.find_funct_ptr +R23778 LTL.locset +R23764 Coq.Init.Datatypes "x + y" type_scope +R23760 Locations.loc +R23766 AST.ident +R24516 Coq.Init.Logic "'exists' x , p" type_scope +R24598 Coq.Init.Logic "A /\ B" type_scope +R24530 LTL.exec_block +R24583 LTL.Cont +R24548 Allocation.add_call +R24618 Coq.Init.Logic "A /\ B" type_scope +R24611 Coq.Init.Logic "x = y" type_scope +R24718 Coq.Init.Logic "x = y" type_scope +R24690 Locations.diff +R24670 Conventions.loc_acceptable +R24637 Locations.notin +R24649 Conventions.destroyed_at_call +R24493 Conventions.loc_acceptable +R24461 Conventions.locs_acceptable +R24419 Coq.Init.Logic "x = y" type_scope +R24402 Coq.Lists.List.length +R24421 Coq.Lists.List.length +R24438 AST.sig_args +R24381 Coq.Init.Logic "x = y" type_scope +R24364 Coq.Lists.List.map +R24338 Coq.Init.Logic "x = y" type_scope +R24343 LTL.fn_sig +R24314 Coq.Init.Logic "x = y" type_scope +R24292 Allocproof.find_function2 +R24316 Coq.Init.Datatypes.Some +R24173 Coq.Init.Logic "'exists' x , p" type_scope +R24238 Coq.Init.Logic "A /\ B" type_scope +R24197 LTL.exec_function +R24273 Coq.Init.Logic "x = y" type_scope +R24246 Locations.R +R24249 Conventions.loc_result +R24263 LTL.fn_sig +R24154 Coq.Init.Logic "x = y" type_scope +R24114 Coq.Lists.List.map +R24128 Conventions.loc_arguments +R24145 LTL.fn_sig +R24895 Coq.Init.Logic "x = y" type_scope +R24878 Coq.Lists.List.length +R24897 Coq.Lists.List.length +R24910 Conventions.loc_arguments +R24895 Coq.Init.Logic "x = y" type_scope +R24878 Coq.Lists.List.length +R24897 Coq.Lists.List.length +R24910 Conventions.loc_arguments +R24966 Conventions.loc_arguments_length +R24966 Conventions.loc_arguments_length +R25004 Conventions.locs_acceptable_disj_temporaries +R25004 Conventions.locs_acceptable_disj_temporaries +R25064 Allocproof.add_reload_correct +R25098 Allocation.parallel_move +R25148 LTL.Bcall +R25188 Allocation.add_spill +R25220 LTL.Bgoto +R25199 Conventions.loc_result +R25159 Coq.Init.Datatypes.inl +R25169 Locations.IT3 +R25163 AST.ident +R25118 Conventions.loc_arguments +R25086 Locations.IT3 +R25064 Allocproof.add_reload_correct +R25098 Allocation.parallel_move +R25148 LTL.Bcall +R25188 Allocation.add_spill +R25220 LTL.Bgoto +R25199 Conventions.loc_result +R25159 Coq.Init.Datatypes.inl +R25169 Locations.IT3 +R25163 AST.ident +R25118 Conventions.loc_arguments +R25086 Locations.IT3 +R25300 Allocproof.parallel_move_correct +R25563 Conventions.loc_arguments_not_temporaries +R25513 Conventions.loc_arguments_norepet +R25467 Conventions.no_overlap_arguments +R25356 LTL.Bcall +R25396 Allocation.add_spill +R25428 LTL.Bgoto +R25407 Conventions.loc_result +R25367 Coq.Init.Datatypes.inl +R25377 Locations.IT3 +R25371 AST.ident +R25328 Conventions.loc_arguments +R25300 Allocproof.parallel_move_correct +R25563 Conventions.loc_arguments_not_temporaries +R25513 Conventions.loc_arguments_norepet +R25467 Conventions.no_overlap_arguments +R25356 LTL.Bcall +R25396 Allocation.add_spill +R25428 LTL.Bgoto +R25407 Conventions.loc_result +R25367 Coq.Init.Datatypes.inl +R25377 Locations.IT3 +R25371 AST.ident +R25328 Conventions.loc_arguments +R25694 Coq.Init.Logic "x = y" type_scope +R25661 Coq.Lists.List.map +R25675 Conventions.loc_arguments +R25694 Coq.Init.Logic "x = y" type_scope +R25661 Coq.Lists.List.map +R25675 Conventions.loc_arguments +R25751 Coqlib.list_map_exten +R25751 Coqlib.list_map_exten +R25809 Locations.diff_sym +R25809 Locations.diff_sym +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R25930 LTL.return_regs +R25930 LTL.return_regs +R25966 Allocproof.add_spill_correct +R26022 LTL.Bgoto +R25985 Conventions.loc_result +R25966 Allocproof.add_spill_correct +R26022 LTL.Bgoto +R25985 Conventions.loc_result +R26123 LTL.exec_Bgoto +R26123 LTL.exec_Bgoto +R26145 LTL.exec_trans +R26145 LTL.exec_trans +R26178 LTL.exec_trans +R26178 LTL.exec_trans +R26211 LTL.exec_trans +R26211 LTL.exec_trans +R26229 LTL.exec_one +R26229 LTL.exec_one +R26245 LTL.exec_Bcall +R26245 LTL.exec_Bcall +R26426 Allocproof.return_regs_result +R26426 Allocproof.return_regs_result +R26534 Allocproof.return_regs_not_destroyed +R26534 Allocproof.return_regs_not_destroyed +R26609 Locations.diff_sym +R26609 Locations.diff_sym +R26652 Conventions.temporaries +R26629 Locations.in_notin_diff +R26652 Conventions.temporaries +R26629 Locations.in_notin_diff +R26675 Conventions.temporaries_not_acceptable +R26675 Conventions.temporaries_not_acceptable +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R26731 Conventions.arguments_not_preserved +R26731 Conventions.arguments_not_preserved +R26770 Conventions.temporaries_not_acceptable +R26770 Conventions.temporaries_not_acceptable +R26812 Locations.diff_sym +R26812 Locations.diff_sym +R26884 Coq.Init.Logic "x = y" type_scope +R26867 Coq.Lists.List.length +R26886 Coq.Lists.List.length +R26899 Conventions.loc_arguments +R26884 Coq.Init.Logic "x = y" type_scope +R26867 Coq.Lists.List.length +R26886 Coq.Lists.List.length +R26899 Conventions.loc_arguments +R26955 Conventions.loc_arguments_length +R26955 Conventions.loc_arguments_length +R26993 Conventions.locs_acceptable_disj_temporaries +R26993 Conventions.locs_acceptable_disj_temporaries +R27057 Allocproof.parallel_move_correct +R27308 Conventions.loc_arguments_not_temporaries +R27267 Conventions.loc_arguments_norepet +R27221 Conventions.no_overlap_arguments +R27113 LTL.Bcall +R27151 Allocation.add_spill +R27183 LTL.Bgoto +R27162 Conventions.loc_result +R27124 Coq.Init.Datatypes.inr +R27128 Locations.mreg +R27085 Conventions.loc_arguments +R27057 Allocproof.parallel_move_correct +R27308 Conventions.loc_arguments_not_temporaries +R27267 Conventions.loc_arguments_norepet +R27221 Conventions.no_overlap_arguments +R27113 LTL.Bcall +R27151 Allocation.add_spill +R27183 LTL.Bgoto +R27162 Conventions.loc_result +R27124 Coq.Init.Datatypes.inr +R27128 Locations.mreg +R27085 Conventions.loc_arguments +R27439 Coq.Init.Logic "x = y" type_scope +R27406 Coq.Lists.List.map +R27420 Conventions.loc_arguments +R27439 Coq.Init.Logic "x = y" type_scope +R27406 Coq.Lists.List.map +R27420 Conventions.loc_arguments +R27566 LTL.return_regs +R27566 LTL.return_regs +R27602 Allocproof.add_spill_correct +R27658 LTL.Bgoto +R27621 Conventions.loc_result +R27602 Allocproof.add_spill_correct +R27658 LTL.Bgoto +R27621 Conventions.loc_result +R27759 LTL.exec_Bgoto +R27759 LTL.exec_Bgoto +R27781 LTL.exec_trans +R27781 LTL.exec_trans +R27814 LTL.exec_trans +R27814 LTL.exec_trans +R27832 LTL.exec_one +R27832 LTL.exec_one +R27848 LTL.exec_Bcall +R27848 LTL.exec_Bcall +R28001 Allocproof.return_regs_result +R28001 Allocproof.return_regs_result +R28109 Allocproof.return_regs_not_destroyed +R28109 Allocproof.return_regs_not_destroyed +R28167 Conventions.arguments_not_preserved +R28167 Conventions.arguments_not_preserved +R28206 Conventions.temporaries_not_acceptable +R28206 Conventions.temporaries_not_acceptable +R28248 Locations.diff_sym +R28248 Locations.diff_sym +R28451 Coq.Init.Logic "'exists' x , p" type_scope +R28515 Coq.Init.Logic "A /\ B" type_scope +R28465 LTL.exec_instrs +R28484 Allocation.add_undefs +R28557 Coq.Init.Logic "A /\ B" type_scope +R28549 Coq.Init.Logic "x = y" type_scope +R28551 Values.Vundef +R28531 Coq.Lists.List.In +R28600 Coq.Init.Logic "x = y" type_scope +R28575 Locations.notin +R28436 Coq.Init.Logic "x = y" type_scope +R28418 Locations.S +R28421 Locations.Local +R28438 Values.Vundef +R28385 Coq.Lists.List.In +R28389 Locations.S +R28392 Locations.Local +R28346 Conventions.loc_acceptable +R28334 Coq.Lists.List.In +R28674 LTL.exec_refl +R28674 LTL.exec_refl +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R28729 Conventions.loc_acceptable +R28717 Coq.Lists.List.In +R28729 Conventions.loc_acceptable +R28717 Coq.Lists.List.In +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R28829 Locations.set +R28847 Values.Vundef +R28841 Locations.R +R28829 Locations.set +R28847 Values.Vundef +R28841 Locations.R +R28944 Coq.Init.Logic "x = y" type_scope +R28926 Locations.S +R28929 Locations.Local +R28946 Values.Vundef +R28892 Coq.Lists.List.In +R28896 Locations.S +R28899 Locations.Local +R28944 Coq.Init.Logic "x = y" type_scope +R28926 Locations.S +R28929 Locations.Local +R28946 Values.Vundef +R28892 Coq.Lists.List.In +R28896 Locations.S +R28899 Locations.Local +R28987 Locations.gso +R28987 Locations.gso +R29039 Locations.set +R29057 Values.Vundef +R29051 Locations.R +R29039 Locations.set +R29057 Values.Vundef +R29051 Locations.R +R29149 LTL.exec_trans +R29149 LTL.exec_trans +R29167 LTL.exec_one +R29167 LTL.exec_one +R29183 LTL.exec_Bop +R29183 LTL.exec_Bop +R29250 Coq.Lists.List.In_dec +R29257 Locations.eq +R29250 Coq.Lists.List.In_dec +R29257 Locations.eq +R29351 Locations.gss +R29351 Locations.gss +R29388 Allocproof.loc_acceptable_notin_notin +R29388 Allocproof.loc_acceptable_notin_notin +R29456 Locations.gso +R29456 Locations.gso +R29477 Locations.diff_sym +R29477 Locations.diff_sym +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R29619 Coq.Init.Logic "x = y" type_scope +R29601 Locations.S +R29604 Locations.Local +R29621 Values.Vundef +R29568 Coq.Lists.List.In +R29572 Locations.S +R29575 Locations.Local +R29619 Coq.Init.Logic "x = y" type_scope +R29601 Locations.S +R29604 Locations.Local +R29621 Values.Vundef +R29568 Coq.Lists.List.In +R29572 Locations.S +R29575 Locations.Local +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R29791 Coq.Lists.List.In_dec +R29798 Locations.eq +R29791 Coq.Lists.List.In_dec +R29798 Locations.eq +R29895 Coq.Lists.List.in_eq +R29889 Locations.S +R29895 Coq.Lists.List.in_eq +R29889 Locations.S +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R29987 Allocproof.loc_acceptable_notin_notin +R29987 Allocproof.loc_acceptable_notin_notin +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R30339 Coq.Init.Logic "'exists' x , p" type_scope +R30422 Coq.Init.Logic "A /\ B" type_scope +R30353 LTL.exec_block +R30408 LTL.Cont +R30371 Allocation.add_entry +R30482 Coq.Init.Logic "A /\ B" type_scope +R30447 Coq.Init.Logic "x = y" type_scope +R30427 Coq.Lists.List.map +R30449 Coq.Lists.List.map +R30462 Conventions.loc_parameters +R30519 Coq.Init.Logic "x = y" type_scope +R30521 Values.Vundef +R30498 Coq.Lists.List.In +R30324 Coq.Init.Logic "x = y" type_scope +R30306 Locations.S +R30309 Locations.Local +R30326 Values.Vundef +R30258 Conventions.locs_acceptable +R30226 Locations.disjoint +R30198 Conventions.locs_acceptable +R30174 Locations.norepet +R30140 Coq.Init.Logic "x = y" type_scope +R30121 Coq.Lists.List.length +R30142 Coq.Lists.List.length +R30159 AST.sig_args +R30591 Coq.Init.Logic "x = y" type_scope +R30558 Coq.Lists.List.length +R30571 Conventions.loc_parameters +R30593 Coq.Lists.List.length +R30591 Coq.Init.Logic "x = y" type_scope +R30558 Coq.Lists.List.length +R30571 Conventions.loc_parameters +R30593 Coq.Lists.List.length +R30649 Coqlib.list_length_map +R30649 Coqlib.list_length_map +R30679 Conventions.loc_arguments_length +R30679 Conventions.loc_arguments_length +R30723 Locations.disjoint +R30743 Conventions.temporaries +R30723 Locations.disjoint +R30743 Conventions.temporaries +R30767 Conventions.locs_acceptable_disj_temporaries +R30767 Conventions.locs_acceptable_disj_temporaries +R30821 Allocproof.parallel_move_correct +R30968 Conventions.loc_parameters_not_temporaries +R30918 Conventions.no_overlap_parameters +R30848 Allocation.add_undefs +R30867 LTL.Bgoto +R30821 Allocproof.parallel_move_correct +R30968 Conventions.loc_parameters_not_temporaries +R30918 Conventions.no_overlap_parameters +R30848 Allocation.add_undefs +R30867 LTL.Bgoto +R31134 Coq.Init.Logic "x = y" type_scope +R31116 Locations.S +R31119 Locations.Local +R31136 Values.Vundef +R31079 Coq.Lists.List.In +R31083 Locations.S +R31086 Locations.Local +R31134 Coq.Init.Logic "x = y" type_scope +R31116 Locations.S +R31119 Locations.Local +R31136 Values.Vundef +R31079 Coq.Lists.List.In +R31083 Locations.S +R31086 Locations.Local +R31185 Locations.disjoint_notin +R31185 Locations.disjoint_notin +R31227 Locations.disjoint_sym +R31227 Locations.disjoint_sym +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R31289 Allocproof.add_undefs_correct +R31316 LTL.Bgoto +R31289 Allocproof.add_undefs_correct +R31316 LTL.Bgoto +R31404 LTL.exec_Bgoto +R31404 LTL.exec_Bgoto +R31444 LTL.exec_trans +R31444 LTL.exec_trans +R31512 Coqlib.list_map_exten +R31512 Coqlib.list_map_exten +R31570 Locations.disjoint_notin +R31570 Locations.disjoint_notin +R31671 Coq.Init.Logic "'exists' x , p" type_scope +R31744 Coq.Init.Logic "A /\ B" type_scope +R31685 LTL.exec_block +R31731 LTL.Return +R31703 Allocation.add_return +R31771 Coq.Init.Datatypes.Some +R31808 Coq.Init.Logic "x = y" type_scope +R31788 Locations.R +R31791 Conventions.loc_result +R31821 Coq.Init.Datatypes.None +R31854 Coq.Init.Logic "x = y" type_scope +R31834 Locations.R +R31837 Conventions.loc_result +R31856 Values.Vundef +R31939 Allocproof.add_reload_correct +R31977 LTL.Breturn +R31961 Conventions.loc_result +R31939 Allocproof.add_reload_correct +R31977 LTL.Breturn +R31961 Conventions.loc_result +R32057 LTL.exec_Breturn +R32057 LTL.exec_Breturn +R32105 Locations.set +R32137 Values.Vundef +R32117 Locations.R +R32120 Conventions.loc_result +R32105 Locations.set +R32137 Values.Vundef +R32117 Locations.R +R32120 Conventions.loc_result +R32166 LTL.exec_Breturn +R32166 LTL.exec_Breturn +R32186 LTL.exec_one +R32186 LTL.exec_one +R32207 LTL.exec_Bop +R32207 LTL.exec_Bop +R32236 Locations.gss +R32236 Locations.gss +R32412 Coq.Init.Peano "x <= y" nat_scope +R32378 Coq.Lists.List.length +R32391 Op.type_of_condition +R32365 Op.condition +R32591 Coq.Init.Peano "x <= y" nat_scope +R32550 Coq.Lists.List.length +R32563 Coq.Init.Datatypes.fst +R32568 Op.type_of_operation +R32537 Op.operation +R32676 Allocproof.length_type_of_condition +R32676 Allocproof.length_type_of_condition +R32810 Coq.Init.Peano "x <= y" nat_scope +R32772 Coq.Lists.List.length +R32785 Op.type_of_addressing +R32758 Op.addressing +R33059 Coq.Init.Peano "x <= y" nat_scope +R33042 Coq.Lists.List.length +R33013 Coq.Init.Logic "x = y" type_scope +R32984 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R32985 Coq.Lists.List.map +R33015 Op.type_of_operation +R32976 Registers.reg +R32960 Coq.Lists.List.list +R32965 Registers.reg +R32942 Op.operation +R32929 RTLtyping.regenv +R33099 Coqlib.list_length_map +R33099 Coqlib.list_length_map +R33136 Allocproof.length_type_of_operation +R33136 Allocproof.length_type_of_operation +R33354 Coq.Init.Peano "x <= y" nat_scope +R33337 Coq.Lists.List.length +R33305 Coq.Init.Logic "x = y" type_scope +R33287 Coq.Lists.List.map +R33307 Op.type_of_addressing +R33274 Coq.Lists.List.list +R33279 Registers.reg +R33255 Op.addressing +R33240 RTLtyping.regenv +R33394 Coqlib.list_length_map +R33394 Coqlib.list_length_map +R33436 Allocproof.length_type_of_addressing +R33436 Allocproof.length_type_of_addressing +R33620 Coq.Init.Peano "x <= y" nat_scope +R33603 Coq.Lists.List.length +R33572 Coq.Init.Logic "x = y" type_scope +R33554 Coq.Lists.List.map +R33574 Op.type_of_condition +R33541 Coq.Lists.List.list +R33546 Registers.reg +R33523 Op.condition +R33508 RTLtyping.regenv +R33660 Coqlib.list_length_map +R33660 Coqlib.list_length_map +R33702 Allocproof.length_type_of_condition +R33702 Allocproof.length_type_of_condition +R33805 RTL.program +R33834 LTL.program +R33886 Coq.Init.Logic "x = y" type_scope +R33866 Allocation.transf_program +R33888 Coq.Init.Datatypes.Some +R33911 Globalenvs.globalenv +R33943 Globalenvs.globalenv +R34035 Coq.Init.Logic "x = y" type_scope +R34012 Globalenvs.find_symbol +R34037 Globalenvs.find_symbol +R34004 AST.ident +R34137 Allocation.transf_function +R34100 Globalenvs.find_symbol_transf_partial +R34137 Allocation.transf_function +R34100 Globalenvs.find_symbol_transf_partial +R34278 Coq.Init.Logic "'exists' x , p" type_scope +R34323 Coq.Init.Logic "A /\ B" type_scope +R34313 Coq.Init.Logic "x = y" type_scope +R34291 Globalenvs.find_funct +R34315 Coq.Init.Datatypes.Some +R34344 Coq.Init.Logic "x = y" type_scope +R34326 Allocation.transf_function +R34346 Coq.Init.Datatypes.Some +R34264 Coq.Init.Logic "x = y" type_scope +R34243 Globalenvs.find_funct +R34266 Coq.Init.Datatypes.Some +R34226 RTL.function +R34217 Values.val +R34393 Globalenvs.find_funct_transf_partial +R34424 Allocation.transf_function +R34393 Globalenvs.find_funct_transf_partial +R34424 Allocation.transf_function +R34459 Allocation.transf_function +R34459 Allocation.transf_function +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R34677 Coq.Init.Logic "'exists' x , p" type_scope +R34726 Coq.Init.Logic "A /\ B" type_scope +R34716 Coq.Init.Logic "x = y" type_scope +R34690 Globalenvs.find_funct_ptr +R34718 Coq.Init.Datatypes.Some +R34747 Coq.Init.Logic "x = y" type_scope +R34729 Allocation.transf_function +R34749 Coq.Init.Datatypes.Some +R34663 Coq.Init.Logic "x = y" type_scope +R34638 Globalenvs.find_funct_ptr +R34665 Coq.Init.Datatypes.Some +R34621 RTL.function +R34603 Values.block +R34796 Globalenvs.find_funct_ptr_transf_partial +R34831 Allocation.transf_function +R34796 Globalenvs.find_funct_ptr_transf_partial +R34831 Allocation.transf_function +R34866 Allocation.transf_function +R34866 Allocation.transf_function +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R35063 Coq.Init.Logic "x = y" type_scope +R35051 LTL.fn_sig +R35068 RTL.fn_sig +R35032 Coq.Init.Logic "x = y" type_scope +R35014 Allocation.transf_function +R35034 Coq.Init.Datatypes.Some +R35139 RTLtyping.type_rtl_function +R35139 RTLtyping.type_rtl_function +R35173 Allocation.analyze +R35173 Allocation.analyze +R35197 Coloring.regalloc +R35197 Coloring.regalloc +R35469 Coq.Init.Logic "x = y" type_scope +R35450 LTL.fn_entrypoint +R35474 RTL.fn_nextpc +R35431 Coq.Init.Logic "x = y" type_scope +R35413 Allocation.transf_function +R35433 Coq.Init.Datatypes.Some +R35548 RTLtyping.type_rtl_function +R35548 RTLtyping.type_rtl_function +R35582 Allocation.analyze +R35582 Allocation.analyze +R35606 Coloring.regalloc +R35606 Coloring.regalloc +R36234 Coq.Init.Logic "'exists' x , p" type_scope +R36298 Coq.Init.Logic "A /\ B" type_scope +R36250 LTL.exec_blocks +R36281 LTL.Cont +R36305 Allocproof.agree +R36322 Maps "a !! b" +R36188 Maps.map +R36199 Allocation.transf_instr +R36130 Allocproof.agree +R36144 Allocation.transfer +R36162 Maps "a !! b" +R36101 Coq.Init.Logic "x = y" type_scope +R36066 Coloring.regalloc +R36083 Allocproof.live0 +R36103 Coq.Init.Datatypes.Some +R36032 RTLtyping.wt_function +R35999 Coq.Init.Logic "x = y" type_scope +R36004 RTL.fn_code +R35938 Mem.mem +R35925 RTL.regset +R35913 LTL.node +R35894 Mem.mem +R35882 RTL.regset +R35871 LTL.node +R35853 Values.val +R35838 RTL.code +R36847 Coq.Init.Logic "'exists' x , p" type_scope +R36911 Coq.Init.Logic "A /\ B" type_scope +R36863 LTL.exec_blocks +R36894 LTL.Cont +R36918 Allocproof.agree +R36932 Allocation.transfer +R36951 Maps "a !! b" +R36801 Maps.map +R36812 Allocation.transf_instr +R36779 Coq.Init.Logic "x <> y" type_scope +R36774 Maps "a ! b" +R36782 Coq.Init.Datatypes.None +R36708 Allocproof.agree +R36722 Allocation.transfer +R36740 Maps "a !! b" +R36679 Coq.Init.Logic "x = y" type_scope +R36644 Coloring.regalloc +R36661 Allocproof.live0 +R36681 Coq.Init.Datatypes.Some +R36616 Coq.Init.Logic "x = y" type_scope +R36606 Allocation.analyze +R36618 Coq.Init.Datatypes.Some +R36572 RTLtyping.wt_function +R36539 Coq.Init.Logic "x = y" type_scope +R36544 RTL.fn_code +R36477 Mem.mem +R36464 RTL.regset +R36452 LTL.node +R36433 Mem.mem +R36421 RTL.regset +R36410 LTL.node +R36392 Values.val +R36377 RTL.code +R37204 Coq.Init.Logic "'exists' x , p" type_scope +R37257 Coq.Init.Logic "A /\ B" type_scope +R37220 LTL.exec_function +R37309 Coq.Init.Logic "x = y" type_scope +R37269 Locations.R +R37272 Conventions.loc_result +R37299 LTL.fn_sig +R37192 Coq.Init.Logic "x = y" type_scope +R37140 Coq.Lists.List.map +R37153 Conventions.loc_arguments +R37183 LTL.fn_sig +R37125 Coq.Init.Logic "x = y" type_scope +R37107 Allocation.transf_function +R37127 Coq.Init.Datatypes.Some +R37074 Mem.mem +R37064 Values.val +R37045 Mem.mem +R37031 Coq.Lists.List.list +R37036 Values.val +R37010 RTL.function +R37409 Coq.Init.Logic "x = y" type_scope +R37395 Maps.get +R37411 Coq.Init.Datatypes.Some +R37431 Coq.Init.Logic "x = y" type_scope +R37433 RTL.fn_code +R37458 Allocproof.agree +R37467 Allocation.transfer +R37624 Coq.Init.Logic "x = y" type_scope +R37610 Maps.get +R37626 Coq.Init.Datatypes.Some +R37646 Coq.Init.Logic "x = y" type_scope +R37648 RTL.fn_code +R37673 RTLtyping.wt_function +R37772 RTLtyping.wt_instrs +R37986 Coq.Init.Logic "x = y" type_scope +R37972 Maps.get +R37988 Coq.Init.Datatypes.Some +R38017 LTL.exec_blocks_one +R38049 Maps.gmap +R38317 Allocproof.exec_instr_prop +R38296 Coq.Init.Logic "x = y" type_scope +R38291 Maps "a ! b" +R38298 Coq.Init.Datatypes.Some +R38304 RTL.Inop +R38276 RTL.node +R38264 Mem.mem +R38251 RTL.regset +R38231 Coq.NArith.BinPos.positive +R38220 Values.val +R38194 Maps.t +R38202 RTL.instruction +R38440 LTL.exec_Bgoto +R38440 LTL.exec_Bgoto +R38458 LTL.exec_refl +R38458 LTL.exec_refl +R38782 Allocproof.exec_instr_prop +R38819 Registers "a # b <- c" +R38768 Coq.Init.Logic "x = y" type_scope +R38731 Op.eval_operation +R38759 Registers "a ## b" +R38770 Coq.Init.Datatypes.Some +R38697 Coq.Init.Logic "x = y" type_scope +R38692 Maps "a ! b" +R38699 Coq.Init.Datatypes.Some +R38705 RTL.Iop +R38682 Values.val +R38668 RTL.node +R38656 Registers.reg +R38635 Coq.Lists.List.list +R38640 Registers.reg +R38616 Op.operation +R38605 Mem.mem +R38586 Registers.t +R38595 Values.val +R38566 Coq.NArith.BinPos.positive +R38555 Values.val +R38529 Maps.t +R38537 RTL.instruction +R38887 Registers.mem +R38906 Maps "a !! b" +R38887 Registers.mem +R38906 Maps "a !! b" +R38993 Coq.Init.Peano "x <= y" nat_scope +R38958 Coq.Lists.List.length +R38971 Coq.Lists.List.map +R38993 Coq.Init.Peano "x <= y" nat_scope +R38958 Coq.Lists.List.length +R38971 Coq.Lists.List.map +R39017 Coqlib.list_length_map +R39017 Coqlib.list_length_map +R39093 Allocproof.length_op_args +R39093 Allocproof.length_op_args +R39132 Locations.disjoint +R39168 Conventions.temporaries +R39146 Coq.Lists.List.map +R39132 Locations.disjoint +R39168 Conventions.temporaries +R39146 Coq.Lists.List.map +R39193 Allocproof.regalloc_disj_temporaries +R39193 Allocproof.regalloc_disj_temporaries +R39289 Coq.Init.Logic "x = y" type_scope +R39237 Op.eval_operation +R39263 Coq.Lists.List.map +R39271 Coq.Lists.List.map +R39291 Coq.Init.Datatypes.Some +R39289 Coq.Init.Logic "x = y" type_scope +R39237 Op.eval_operation +R39263 Coq.Lists.List.map +R39271 Coq.Lists.List.map +R39291 Coq.Init.Datatypes.Some +R39313 Coq.Lists.List.map +R39321 Coq.Lists.List.map +R39346 Registers "a ## b" +R39313 Coq.Lists.List.map +R39321 Coq.Lists.List.map +R39346 Registers "a ## b" +R39368 Op.eval_operation_preserved +R39393 Allocproof.symbols_preserved +R39368 Op.eval_operation_preserved +R39393 Allocproof.symbols_preserved +R39446 Allocproof.agree_eval_regs +R39446 Allocproof.agree_eval_regs +R39484 Allocproof.add_op_correct +R39526 Coq.Lists.List.map +R39484 Allocproof.add_op_correct +R39526 Coq.Lists.List.map +R39727 Coloringproof.regalloc_correct_1 +R39727 Coloringproof.regalloc_correct_1 +R39814 Op.is_move_operation +R39814 Op.is_move_operation +R39910 Op.is_move_operation_correct +R39910 Op.is_move_operation_correct +R40036 Allocproof.agree_move_live +R40036 Allocproof.agree_move_live +R40126 Allocproof.agree_eval_reg +R40126 Allocproof.agree_eval_reg +R40215 Allocproof.agree_assign_live +R40215 Allocproof.agree_assign_live +R40268 Allocproof.agree_reg_list_live +R40268 Allocproof.agree_reg_list_live +R40410 LTL.exec_Bgoto +R40428 LTL.exec_refl +R40410 LTL.exec_Bgoto +R40428 LTL.exec_refl +R40447 Allocproof.agree_assign_dead +R40447 Allocproof.agree_assign_dead +R40852 Allocproof.exec_instr_prop +R40888 Registers "a # b <- c" +R40838 Coq.Init.Logic "x = y" type_scope +R40822 Mem.loadv +R40840 Coq.Init.Datatypes.Some +R40808 Coq.Init.Logic "x = y" type_scope +R40770 Op.eval_addressing +R40800 Registers "a ## b" +R40810 Coq.Init.Datatypes.Some +R40726 Coq.Init.Logic "x = y" type_scope +R40721 Maps "a ! b" +R40728 Coq.Init.Datatypes.Some +R40734 RTL.Iload +R40711 Values.val +R40711 Values.val +R40690 RTL.node +R40678 Registers.reg +R40661 Coq.Lists.List.list +R40666 Registers.reg +R40641 Op.addressing +R40615 AST.memory_chunk +R40601 Mem.mem +R40582 Registers.t +R40591 Values.val +R40562 Coq.NArith.BinPos.positive +R40551 Values.val +R40525 Maps.t +R40533 RTL.instruction +R40955 Registers.mem +R40974 Maps "a !! b" +R40955 Registers.mem +R40974 Maps "a !! b" +R41081 Coq.Init.Peano "x <= y" nat_scope +R41046 Coq.Lists.List.length +R41059 Coq.Lists.List.map +R41081 Coq.Init.Peano "x <= y" nat_scope +R41046 Coq.Lists.List.length +R41059 Coq.Lists.List.map +R41105 Coqlib.list_length_map +R41105 Coqlib.list_length_map +R41154 Allocproof.length_addr_args +R41154 Allocproof.length_addr_args +R41195 Locations.disjoint +R41231 Conventions.temporaries +R41209 Coq.Lists.List.map +R41195 Locations.disjoint +R41231 Conventions.temporaries +R41209 Coq.Lists.List.map +R41256 Allocproof.regalloc_disj_temporaries +R41256 Allocproof.regalloc_disj_temporaries +R41368 Coq.Init.Logic "x = y" type_scope +R41313 Op.eval_addressing +R41342 Coq.Lists.List.map +R41350 Coq.Lists.List.map +R41370 Coq.Init.Datatypes.Some +R41368 Coq.Init.Logic "x = y" type_scope +R41313 Op.eval_addressing +R41342 Coq.Lists.List.map +R41350 Coq.Lists.List.map +R41370 Coq.Init.Datatypes.Some +R41414 Registers "a ## b" +R41428 Coq.Lists.List.map +R41436 Coq.Lists.List.map +R41414 Registers "a ## b" +R41428 Coq.Lists.List.map +R41436 Coq.Lists.List.map +R41465 Op.eval_addressing_preserved +R41465 Op.eval_addressing_preserved +R41498 Allocproof.symbols_preserved +R41498 Allocproof.symbols_preserved +R41528 Allocproof.agree_eval_regs +R41528 Allocproof.agree_eval_regs +R41566 Allocproof.add_load_correct +R41617 Coq.Lists.List.map +R41566 Allocproof.add_load_correct +R41617 Coq.Lists.List.map +R41823 Coloringproof.regalloc_correct_1 +R41823 Coloringproof.regalloc_correct_1 +R41920 Allocproof.agree_assign_live +R41920 Allocproof.agree_assign_live +R41955 Allocproof.agree_reg_list_live +R41955 Allocproof.agree_reg_list_live +R42059 LTL.exec_Bgoto +R42077 LTL.exec_refl +R42059 LTL.exec_Bgoto +R42077 LTL.exec_refl +R42096 Allocproof.agree_assign_dead +R42096 Allocproof.agree_assign_dead +R42517 Allocproof.exec_instr_prop +R42502 Coq.Init.Logic "x = y" type_scope +R42476 Mem.storev +R42496 Registers "a # b" +R42504 Coq.Init.Datatypes.Some +R42462 Coq.Init.Logic "x = y" type_scope +R42424 Op.eval_addressing +R42454 Registers "a ## b" +R42464 Coq.Init.Datatypes.Some +R42379 Coq.Init.Logic "x = y" type_scope +R42374 Maps "a ! b" +R42381 Coq.Init.Datatypes.Some +R42387 RTL.Istore +R42364 Mem.mem +R42353 Values.val +R42334 RTL.node +R42322 Registers.reg +R42305 Coq.Lists.List.list +R42310 Registers.reg +R42285 Op.addressing +R42259 AST.memory_chunk +R42245 Mem.mem +R42226 Registers.t +R42235 Values.val +R42206 Coq.NArith.BinPos.positive +R42195 Values.val +R42169 Maps.t +R42177 RTL.instruction +R42650 Coq.Init.Peano "x <= y" nat_scope +R42615 Coq.Lists.List.length +R42628 Coq.Lists.List.map +R42650 Coq.Init.Peano "x <= y" nat_scope +R42615 Coq.Lists.List.length +R42628 Coq.Lists.List.map +R42674 Coqlib.list_length_map +R42674 Coqlib.list_length_map +R42723 Allocproof.length_addr_args +R42723 Allocproof.length_addr_args +R42764 Locations.disjoint +R42800 Conventions.temporaries +R42778 Coq.Lists.List.map +R42764 Locations.disjoint +R42800 Conventions.temporaries +R42778 Coq.Lists.List.map +R42825 Allocproof.regalloc_disj_temporaries +R42825 Allocproof.regalloc_disj_temporaries +R42874 Locations.notin +R42897 Conventions.temporaries +R42874 Locations.notin +R42897 Conventions.temporaries +R42922 Allocproof.regalloc_not_temporary +R42922 Allocproof.regalloc_not_temporary +R43031 Coq.Init.Logic "x = y" type_scope +R42976 Op.eval_addressing +R43005 Coq.Lists.List.map +R43013 Coq.Lists.List.map +R43033 Coq.Init.Datatypes.Some +R43031 Coq.Init.Logic "x = y" type_scope +R42976 Op.eval_addressing +R43005 Coq.Lists.List.map +R43013 Coq.Lists.List.map +R43033 Coq.Init.Datatypes.Some +R43076 Registers "a ## b" +R43090 Coq.Lists.List.map +R43098 Coq.Lists.List.map +R43076 Registers "a ## b" +R43090 Coq.Lists.List.map +R43098 Coq.Lists.List.map +R43127 Op.eval_addressing_preserved +R43127 Op.eval_addressing_preserved +R43160 Allocproof.symbols_preserved +R43160 Allocproof.symbols_preserved +R43190 Allocproof.agree_eval_regs +R43190 Allocproof.agree_eval_regs +R43246 Coq.Init.Logic "x = y" type_scope +R43250 Registers "a # b" +R43246 Coq.Init.Logic "x = y" type_scope +R43250 Registers "a # b" +R43268 Allocproof.agree_eval_reg +R43268 Allocproof.agree_eval_reg +R43291 Allocproof.agree_reg_list_live +R43291 Allocproof.agree_reg_list_live +R43358 Allocproof.add_store_correct +R43410 Coq.Lists.List.map +R43358 Allocproof.add_store_correct +R43410 Coq.Lists.List.map +R43601 Coloringproof.regalloc_correct_1 +R43601 Coloringproof.regalloc_correct_1 +R43698 Allocproof.agree_exten +R43698 Allocproof.agree_exten +R43728 Allocproof.agree_reg_live +R43728 Allocproof.agree_reg_live +R43751 Allocproof.agree_reg_list_live +R43751 Allocproof.agree_reg_list_live +R44266 Allocproof.exec_instr_prop +R44302 Registers "a # b <- c" +R44219 Allocproof.exec_function_prop +R44243 Registers "a ## b" +R44170 RTL.exec_function +R44196 Registers "a ## b" +R44150 Coq.Init.Logic "x = y" type_scope +R44152 RTL.fn_sig +R44132 Coq.Init.Logic "x = y" type_scope +R44104 RTL.find_function +R44134 Coq.Init.Datatypes.Some +R44063 Coq.Init.Logic "x = y" type_scope +R44058 Maps "a ! b" +R44065 Coq.Init.Datatypes.Some +R44071 RTL.Icall +R44048 Mem.mem +R44037 Values.val +R44015 RTL.function +R43996 RTL.node +R43984 Registers.reg +R43967 Coq.Lists.List.list +R43972 Registers.reg +R43946 Coq.Init.Datatypes "x + y" type_scope +R43942 Registers.reg +R43948 AST.ident +R43924 AST.signature +R43912 Mem.mem +R43899 RTL.regset +R43879 Coq.NArith.BinPos.positive +R43868 Values.val +R43842 Maps.t +R43850 RTL.instruction +R44377 Coqlib.sum_left_map +R44377 Coqlib.sum_left_map +R44419 Coq.Init.Logic "'exists' x , p" type_scope +R44478 Coq.Init.Logic "A /\ B" type_scope +R44468 Coq.Init.Logic "x = y" type_scope +R44442 Allocproof.find_function2 +R44470 Coq.Init.Datatypes.Some +R44511 Coq.Init.Logic "x = y" type_scope +R44493 Allocation.transf_function +R44513 Coq.Init.Datatypes.Some +R44419 Coq.Init.Logic "'exists' x , p" type_scope +R44478 Coq.Init.Logic "A /\ B" type_scope +R44468 Coq.Init.Logic "x = y" type_scope +R44442 Allocproof.find_function2 +R44470 Coq.Init.Datatypes.Some +R44511 Coq.Init.Logic "x = y" type_scope +R44493 Allocation.transf_function +R44513 Coq.Init.Datatypes.Some +R44583 Allocproof.functions_translated +R44583 Allocproof.functions_translated +R44641 Registers "a # b" +R44641 Registers "a # b" +R44691 Allocproof.agree_eval_reg +R44691 Allocproof.agree_eval_reg +R44718 Allocproof.agree_reg_list_live +R44718 Allocproof.agree_reg_list_live +R44758 Allocproof.symbols_preserved +R44758 Allocproof.symbols_preserved +R44787 Globalenvs.find_symbol +R44787 Globalenvs.find_symbol +R44821 Allocproof.function_ptr_translated +R44821 Allocproof.function_ptr_translated +R44938 Coq.Init.Logic "x = y" type_scope +R44940 LTL.fn_sig +R44938 Coq.Init.Logic "x = y" type_scope +R44940 LTL.fn_sig +R44965 Allocproof.sig_function_translated +R44965 Allocproof.sig_function_translated +R45111 Coq.Init.Logic "x = y" type_scope +R45076 Coq.Lists.List.map +R45089 Coq.Lists.List.map +R45115 Registers "a ## b" +R45111 Coq.Init.Logic "x = y" type_scope +R45076 Coq.Lists.List.map +R45089 Coq.Lists.List.map +R45115 Registers "a ## b" +R45135 Allocproof.agree_eval_regs +R45135 Allocproof.agree_eval_regs +R45212 Coq.Init.Logic "x = y" type_scope +R45177 Coq.Lists.List.length +R45190 Coq.Lists.List.map +R45250 Coq.Lists.List.length +R45267 AST.sig_args +R45212 Coq.Init.Logic "x = y" type_scope +R45177 Coq.Lists.List.length +R45190 Coq.Lists.List.map +R45250 Coq.Lists.List.length +R45267 AST.sig_args +R45334 Coqlib.list_length_map +R45334 Coqlib.list_length_map +R45334 Coqlib.list_length_map +R45334 Coqlib.list_length_map +R45376 Conventions.locs_acceptable +R45393 Coq.Lists.List.map +R45376 Conventions.locs_acceptable +R45393 Coq.Lists.List.map +R45428 Coloringproof.regsalloc_acceptable +R45428 Coloringproof.regsalloc_acceptable +R45491 Coloringproof.regalloc_correct_1 +R45491 Coloringproof.regalloc_correct_1 +R45606 Conventions.loc_acceptable +R45606 Conventions.loc_acceptable +R45647 Coloringproof.regalloc_acceptable +R45647 Coloringproof.regalloc_acceptable +R45689 Allocproof.add_call_correct +R45689 Allocproof.add_call_correct +R45924 Allocproof.agree_call +R45924 Allocproof.agree_call +R46240 Allocproof.exec_instr_prop +R46223 Coq.Init.Logic "x = y" type_scope +R46192 Op.eval_condition +R46215 Registers "a ## b" +R46225 Coq.Init.Datatypes.Some +R46230 Coq.Init.Datatypes.true +R46151 Coq.Init.Logic "x = y" type_scope +R46146 Maps "a ! b" +R46153 Coq.Init.Datatypes.Some +R46159 RTL.Icond +R46131 RTL.node +R46131 RTL.node +R46103 Coq.Lists.List.list +R46108 Registers.reg +R46084 Op.condition +R46071 Mem.mem +R46052 Registers.t +R46061 Values.val +R46032 Coq.NArith.BinPos.positive +R46021 Values.val +R45995 Maps.t +R46003 RTL.instruction +R46368 Coq.Init.Peano "x <= y" nat_scope +R46338 Coq.Lists.List.length +R46351 Coq.Lists.List.map +R46368 Coq.Init.Peano "x <= y" nat_scope +R46338 Coq.Lists.List.length +R46351 Coq.Lists.List.map +R46392 Coqlib.list_length_map +R46392 Coqlib.list_length_map +R46436 Allocproof.length_cond_args +R46436 Allocproof.length_cond_args +R46477 Locations.disjoint +R46508 Conventions.temporaries +R46491 Coq.Lists.List.map +R46477 Locations.disjoint +R46508 Conventions.temporaries +R46491 Coq.Lists.List.map +R46533 Allocproof.regalloc_disj_temporaries +R46533 Allocproof.regalloc_disj_temporaries +R46630 Coq.Init.Logic "x = y" type_scope +R46583 Op.eval_condition +R46604 Coq.Lists.List.map +R46612 Coq.Lists.List.map +R46632 Coq.Init.Datatypes.Some +R46637 Coq.Init.Datatypes.true +R46630 Coq.Init.Logic "x = y" type_scope +R46583 Op.eval_condition +R46604 Coq.Lists.List.map +R46612 Coq.Lists.List.map +R46632 Coq.Init.Datatypes.Some +R46637 Coq.Init.Datatypes.true +R46657 Coq.Lists.List.map +R46665 Coq.Lists.List.map +R46690 Registers "a ## b" +R46657 Coq.Lists.List.map +R46665 Coq.Lists.List.map +R46690 Registers "a ## b" +R46731 Allocproof.agree_eval_regs +R46731 Allocproof.agree_eval_regs +R46769 Allocproof.add_cond_correct +R46842 Coq.Init.Logic.refl_equal +R46769 Allocproof.add_cond_correct +R46842 Coq.Init.Logic.refl_equal +R46945 Allocproof.agree_exten +R46945 Allocproof.agree_exten +R46972 Allocproof.agree_reg_list_live +R46972 Allocproof.agree_reg_list_live +R47314 Allocproof.exec_instr_prop +R47296 Coq.Init.Logic "x = y" type_scope +R47265 Op.eval_condition +R47288 Registers "a ## b" +R47298 Coq.Init.Datatypes.Some +R47303 Coq.Init.Datatypes.false +R47224 Coq.Init.Logic "x = y" type_scope +R47219 Maps "a ! b" +R47226 Coq.Init.Datatypes.Some +R47232 RTL.Icond +R47204 RTL.node +R47204 RTL.node +R47176 Coq.Lists.List.list +R47181 Registers.reg +R47157 Op.condition +R47144 Mem.mem +R47125 Registers.t +R47134 Values.val +R47105 Coq.NArith.BinPos.positive +R47094 Values.val +R47068 Maps.t +R47076 RTL.instruction +R47443 Coq.Init.Peano "x <= y" nat_scope +R47413 Coq.Lists.List.length +R47426 Coq.Lists.List.map +R47443 Coq.Init.Peano "x <= y" nat_scope +R47413 Coq.Lists.List.length +R47426 Coq.Lists.List.map +R47467 Coqlib.list_length_map +R47467 Coqlib.list_length_map +R47511 Allocproof.length_cond_args +R47511 Allocproof.length_cond_args +R47552 Locations.disjoint +R47583 Conventions.temporaries +R47566 Coq.Lists.List.map +R47552 Locations.disjoint +R47583 Conventions.temporaries +R47566 Coq.Lists.List.map +R47608 Allocproof.regalloc_disj_temporaries +R47608 Allocproof.regalloc_disj_temporaries +R47705 Coq.Init.Logic "x = y" type_scope +R47658 Op.eval_condition +R47679 Coq.Lists.List.map +R47687 Coq.Lists.List.map +R47707 Coq.Init.Datatypes.Some +R47712 Coq.Init.Datatypes.false +R47705 Coq.Init.Logic "x = y" type_scope +R47658 Op.eval_condition +R47679 Coq.Lists.List.map +R47687 Coq.Lists.List.map +R47707 Coq.Init.Datatypes.Some +R47712 Coq.Init.Datatypes.false +R47733 Coq.Lists.List.map +R47741 Coq.Lists.List.map +R47766 Registers "a ## b" +R47733 Coq.Lists.List.map +R47741 Coq.Lists.List.map +R47766 Registers "a ## b" +R47807 Allocproof.agree_eval_regs +R47807 Allocproof.agree_eval_regs +R47845 Allocproof.add_cond_correct +R47917 Coq.Init.Logic.refl_equal +R47845 Allocproof.add_cond_correct +R47917 Coq.Init.Logic.refl_equal +R48021 Allocproof.agree_exten +R48021 Allocproof.agree_exten +R48048 Allocproof.agree_reg_list_live +R48048 Allocproof.agree_reg_list_live +R48202 Allocproof.exec_instrs_prop +R48196 Mem.mem +R48179 RTL.regset +R48163 RTL.node +R48152 Values.val +R48137 RTL.code +R48298 LTL.exec_blocks_refl +R48298 LTL.exec_blocks_refl +R48575 Allocproof.exec_instrs_prop +R48530 Allocproof.exec_instr_prop +R48483 RTL.exec_instr +R48475 Mem.mem +R48461 RTL.regset +R48444 RTL.node +R48432 Mem.mem +R48415 RTL.regset +R48399 RTL.node +R48388 Values.val +R48373 RTL.code +R48792 Maps "a !! b" +R48766 Allocproof.agree_increasing +R48792 Maps "a !! b" +R48766 Allocproof.agree_increasing +R48806 Allocproof.analyze_correct +R48806 Allocproof.analyze_correct +R48854 RTL.exec_instr_present +R48854 RTL.exec_instr_present +R48913 RTL.successors_correct +R48913 RTL.successors_correct +R49382 Allocproof.exec_instrs_prop +R49333 Allocproof.exec_instrs_prop +R49282 RTL.exec_instrs +R49233 Allocproof.exec_instrs_prop +R49182 RTL.exec_instrs +R49174 Mem.mem +R49160 RTL.regset +R49143 RTL.node +R49127 Mem.mem +R49113 RTL.regset +R49096 RTL.node +R49084 Mem.mem +R49066 RTL.regset +R49049 RTL.node +R49037 Values.val +R49022 RTL.code +R49483 Coq.Init.Logic "x <> y" type_scope +R49478 Maps "a ! b" +R49486 Coq.Init.Datatypes.None +R49483 Coq.Init.Logic "x <> y" type_scope +R49478 Maps "a ! b" +R49486 Coq.Init.Datatypes.None +R49504 RTL.exec_instrs_present +R49504 RTL.exec_instrs_present +R49750 LTL.exec_blocks_trans +R49750 LTL.exec_blocks_trans +R49926 Coq.Init.Logic "A /\ B" type_scope +R49915 Coq.Init.Logic "~ x" type_scope +R49917 Coq.Lists.List.In +R49947 Coq.Init.Logic "x = y" type_scope +R49929 Registers.mem +R49949 Coq.Init.Datatypes.true +R49903 Coq.Init.Logic "x = y" type_scope +R49866 Registers.mem +R49880 Allocation.reg_list_dead +R49905 Coq.Init.Datatypes.true +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R50059 Coq.Init.Logic "x <> y" type_scope +R50059 Coq.Init.Logic "x <> y" type_scope +R50098 Registers.mem_remove_same +R50098 Registers.mem_remove_same +R50152 Registers.mem_remove_other +R50152 Registers.mem_remove_other +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R50551 Coq.Init.Logic "'exists' x , p" type_scope +R50669 Coq.Init.Logic "A /\ B" type_scope +R50565 LTL.exec_blocks +R50635 LTL.Cont +R50641 RTL.fn_entrypoint +R50588 RTL.fn_nextpc +R50674 Allocproof.agree +R50759 RTL.init_regs +R50775 RTL.fn_params +R50688 Allocation.transfer +R50725 Maps "a !! b" +R50728 RTL.fn_entrypoint +R50700 RTL.fn_entrypoint +R50512 Allocation.transf_entrypoint +R50487 Coq.Init.Logic "x = y" type_scope +R50469 Locations.S +R50472 Locations.Local +R50489 Values.Vundef +R50437 Coq.Init.Logic "x = y" type_scope +R50393 Coq.Lists.List.map +R50406 Conventions.loc_parameters +R50422 RTL.fn_sig +R50381 Coq.Init.Logic "x = y" type_scope +R50362 Maps "a ! b" +R50364 RTL.fn_nextpc +R50383 Coq.Init.Datatypes.None +R50342 Coq.Init.Logic "x = y" type_scope +R50307 Coloring.regalloc +R50324 Allocproof.live0 +R50344 Coq.Init.Datatypes.Some +R50284 RTLtyping.wt_function +R50871 RTL.fn_entrypoint +R50871 RTL.fn_entrypoint +R50912 RTL.fn_nextpc +R50912 RTL.fn_nextpc +R50947 RTL.fn_params +R50947 RTL.fn_params +R50982 Registers.elements +R50999 Allocation.reg_list_dead +R51021 Allocation.transfer +R51045 Maps "a !! b" +R50982 Registers.elements +R50999 Allocation.reg_list_dead +R51021 Allocation.transfer +R51045 Maps "a !! b" +R51122 Coq.Init.Logic "x = y" type_scope +R51085 Coq.Lists.List.length +R51098 Coq.Lists.List.map +R51138 Coq.Lists.List.length +R51166 AST.sig_args +R51151 RTL.fn_sig +R51122 Coq.Init.Logic "x = y" type_scope +R51085 Coq.Lists.List.length +R51098 Coq.Lists.List.map +R51138 Coq.Lists.List.length +R51166 AST.sig_args +R51151 RTL.fn_sig +R51194 RTLtyping.wt_params +R51194 RTLtyping.wt_params +R51234 Coqlib.list_length_map +R51234 Coqlib.list_length_map +R51234 Coqlib.list_length_map +R51234 Coqlib.list_length_map +R51272 Locations.norepet +R51285 Coq.Lists.List.map +R51302 RTL.fn_params +R51272 Locations.norepet +R51285 Coq.Lists.List.map +R51302 RTL.fn_params +R51333 Allocproof.regalloc_norepet_norepet +R51333 Allocproof.regalloc_norepet_norepet +R51377 Coloringproof.regalloc_correct_2 +R51377 Coloringproof.regalloc_correct_2 +R51415 RTLtyping.wt_norepet +R51415 RTLtyping.wt_norepet +R51448 Conventions.locs_acceptable +R51465 Coq.Lists.List.map +R51482 RTL.fn_params +R51448 Conventions.locs_acceptable +R51465 Coq.Lists.List.map +R51482 RTL.fn_params +R51513 Coloringproof.regsalloc_acceptable +R51513 Coloringproof.regsalloc_acceptable +R51556 Locations.disjoint +R51639 Coq.Lists.List.map +R51587 Coq.Lists.List.map +R51604 RTL.fn_params +R51556 Locations.disjoint +R51639 Coq.Lists.List.map +R51587 Coq.Lists.List.map +R51604 RTL.fn_params +R51714 Coqlib.list_in_map_inv +R51714 Coqlib.list_in_map_inv +R51806 Coqlib.list_in_map_inv +R51806 Coqlib.list_in_map_inv +R51898 Registers.elements_complete +R51898 Registers.elements_complete +R51956 Allocproof.regset_mem_reg_list_dead +R51956 Allocproof.regset_mem_reg_list_dead +R52022 Allocproof.regalloc_noteq_diff +R52022 Allocproof.regalloc_noteq_diff +R52061 Coloringproof.regalloc_correct_3 +R52061 Coloringproof.regalloc_correct_3 +R52184 Conventions.loc_acceptable +R52151 Coq.Lists.List.In +R52157 Coq.Lists.List.map +R52184 Conventions.loc_acceptable +R52151 Coq.Lists.List.In +R52157 Coq.Lists.List.map +R52232 Coqlib.list_in_map_inv +R52232 Coqlib.list_in_map_inv +R52314 Coloringproof.regalloc_acceptable +R52314 Coloringproof.regalloc_acceptable +R52356 Allocproof.add_entry_correct +R52445 Coq.Lists.List.map +R52405 Coq.Lists.List.map +R52422 RTL.fn_params +R52386 RTL.fn_sig +R52356 Allocproof.add_entry_correct +R52445 Coq.Lists.List.map +R52405 Coq.Lists.List.map +R52422 RTL.fn_params +R52386 RTL.fn_sig +R52578 LTL.exec_blocks_one +R52578 LTL.exec_blocks_one +R52605 Maps.gss +R52605 Maps.gss +R52699 Allocproof.live0 +R52653 Allocation.transfer +R52677 Maps "a !! b" +R52699 Allocproof.live0 +R52653 Allocation.transfer +R52677 Maps "a !! b" +R52738 Allocproof.agree_parameters +R52738 Allocproof.agree_parameters +R52788 Registers.reg +R52772 Registers.elt +R52788 Registers.reg +R52772 Registers.elt +R52897 Coq.Lists.List.in_map +R52897 Coq.Lists.List.in_map +R52929 Registers.elements_correct +R52929 Registers.elements_correct +R53548 Allocproof.exec_function_prop +R53582 Mem.free +R53514 Coq.Init.Logic "x = y" type_scope +R53516 Registers.regmap_optget +R53533 Values.Vundef +R53484 Coq.Init.Logic "x = y" type_scope +R53477 Maps "a ! b" +R53464 RTL.fn_code +R53486 Coq.Init.Datatypes.Some +R53492 RTL.Ireturn +R53336 Allocproof.exec_instrs_prop +R53416 RTL.init_regs +R53432 RTL.fn_params +R53394 RTL.fn_entrypoint +R53370 Values.Vptr +R53379 Integers.zero +R53354 RTL.fn_code +R53207 RTL.exec_instrs +R53289 RTL.init_regs +R53305 RTL.fn_params +R53267 RTL.fn_entrypoint +R53243 Values.Vptr +R53252 Integers.zero +R53227 RTL.fn_code +R53190 Coq.Init.Logic "x = y" type_scope +R53159 Mem.alloc +R53170 RTL.fn_stacksize +R53192 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R53151 Values.val +R53131 Coq.Init.Datatypes.option +R53138 Registers.reg +R53116 Mem.mem +R53102 RTL.regset +R53086 RTL.node +R53070 Coq.Lists.List.list +R53075 Values.val +R53044 Values.block +R53032 Mem.mem +R53032 Mem.mem +R53010 RTL.function +R53671 RTLtyping.type_rtl_function +R53671 RTLtyping.type_rtl_function +R53722 Allocation.analyze +R53722 Allocation.analyze +R53835 Allocproof.live0 +R53763 Allocation.transfer +R53800 Maps "a !! b" +R53803 RTL.fn_entrypoint +R53775 RTL.fn_entrypoint +R53835 Allocproof.live0 +R53763 Allocation.transfer +R53800 Maps "a !! b" +R53803 RTL.fn_entrypoint +R53775 RTL.fn_entrypoint +R53860 Coloring.regalloc +R53877 Allocproof.live0 +R53860 Coloring.regalloc +R53877 Allocproof.live0 +R53931 Maps.map +R53970 RTL.fn_code +R53942 Allocation.transf_instr +R53931 Maps.map +R53970 RTL.fn_code +R53942 Allocation.transf_instr +R54001 Allocation.transf_entrypoint +R54001 Allocation.transf_entrypoint +R54112 RTLtyping.type_rtl_function_correct +R54112 RTLtyping.type_rtl_function_correct +R54201 Coq.Init.Logic "x = y" type_scope +R54182 Maps "a ! b" +R54184 RTL.fn_nextpc +R54203 Coq.Init.Datatypes.None +R54201 Coq.Init.Logic "x = y" type_scope +R54182 Maps "a ! b" +R54184 RTL.fn_nextpc +R54203 Coq.Init.Datatypes.None +R54234 Maps.gmap +R54234 Maps.gmap +R54275 RTL.fn_code_wf +R54293 RTL.fn_nextpc +R54275 RTL.fn_code_wf +R54293 RTL.fn_nextpc +R54325 Coqlib.Plt_ne +R54325 Coqlib.Plt_ne +R54384 LTL.call_regs +R54384 LTL.call_regs +R54462 Coq.Init.Logic "x = y" type_scope +R54417 Coq.Lists.List.map +R54431 Conventions.loc_parameters +R54447 RTL.fn_sig +R54462 Coq.Init.Logic "x = y" type_scope +R54417 Coq.Lists.List.map +R54431 Conventions.loc_parameters +R54447 RTL.fn_sig +R54484 RTL.fn_sig +R54504 LTL.fn_sig +R54484 RTL.fn_sig +R54504 LTL.fn_sig +R54573 Coqlib.list_map_compose +R54573 Coqlib.list_map_compose +R54597 Coqlib.list_map_exten +R54597 Coqlib.list_map_exten +R54654 Allocproof.call_regs_param_of_arg +R54654 Allocproof.call_regs_param_of_arg +R54788 Coq.Init.Logic "x = y" type_scope +R54770 Locations.S +R54773 Locations.Local +R54790 Values.Vundef +R54759 AST.typ +R54750 Coq.ZArith.BinInt.Z +R54788 Coq.Init.Logic "x = y" type_scope +R54770 Locations.S +R54773 Locations.Local +R54790 Values.Vundef +R54759 AST.typ +R54750 Coq.ZArith.BinInt.Z +R54842 Allocproof.transf_entrypoint_correct +R54915 Values.Vptr +R54924 Integers.zero +R54842 Allocproof.transf_entrypoint_correct +R54915 Values.Vptr +R54924 Integers.zero +R55064 Coq.Init.Logic "x <> y" type_scope +R55060 Maps "a ! b" +R55048 RTL.fn_code +R55067 Coq.Init.Datatypes.None +R55064 Coq.Init.Logic "x <> y" type_scope +R55060 Maps "a ! b" +R55048 RTL.fn_code +R55067 Coq.Init.Datatypes.None +R55140 Coq.Init.Logic.refl_equal +R55140 Coq.Init.Logic.refl_equal +R55236 Allocproof.add_return_correct +R55324 Coqlib.option_map +R55280 RTL.fn_sig +R55260 Values.Vptr +R55269 Integers.zero +R55236 Allocproof.add_return_correct +R55324 Coqlib.option_map +R55280 RTL.fn_sig +R55260 Values.Vptr +R55269 Integers.zero +R55429 LTL.exec_funct +R55429 LTL.exec_funct +R55530 LTL.exec_blocks_trans +R55530 LTL.exec_blocks_trans +R55570 LTL.exec_blocks_extends +R55570 LTL.exec_blocks_extends +R55657 Coqlib.peq +R55664 RTL.fn_nextpc +R55657 Coqlib.peq +R55664 RTL.fn_nextpc +R55724 Maps.gmap +R55724 Maps.gmap +R55745 RTL.fn_code_wf +R55763 RTL.fn_nextpc +R55745 RTL.fn_code_wf +R55763 RTL.fn_nextpc +R55793 Coqlib.Plt_ne +R55793 Coqlib.Plt_ne +R55854 Maps.gso +R55854 Maps.gso +R55880 LTL.exec_blocks_trans +R55880 LTL.exec_blocks_trans +R55920 LTL.exec_blocks_one +R55920 LTL.exec_blocks_one +R55960 Maps.gmap +R55960 Maps.gmap +R56121 Allocproof.agree_eval_reg +R56121 Allocproof.agree_eval_reg +R56744 Allocproof.exec_function_prop +R56702 RTL.exec_function +R56789 Allocproof.exec_function_ind_3 +R57234 Allocproof.transl_function_correct +R57202 Allocproof.transl_trans_correct +R57173 Allocproof.transl_one_correct +R57143 Allocproof.transl_refl_correct +R57105 Allocproof.transl_Icond_false_correct +R57069 Allocproof.transl_Icond_true_correct +R57038 Allocproof.transl_Icall_correct +R57006 Allocproof.transl_Istore_correct +R56975 Allocproof.transl_Iload_correct +R56946 Allocproof.transl_Iop_correct +R56916 Allocproof.transl_Inop_correct +R56877 Allocproof.exec_function_prop +R56850 Allocproof.exec_instrs_prop +R56823 Allocproof.exec_instr_prop +R57341 LTL.exec_program +R57314 RTL.exec_program +R57306 Values.val +R57439 Allocproof.function_ptr_translated +R57439 Allocproof.function_ptr_translated +R57530 Coq.Init.Logic "x = y" type_scope +R57522 LTL.fn_sig +R57532 AST.mksignature +R57549 Coq.Init.Datatypes.Some +R57554 AST.Tint +R57544 Coq.Lists.List.nil +R57530 Coq.Init.Logic "x = y" type_scope +R57522 LTL.fn_sig +R57532 AST.mksignature +R57549 Coq.Init.Datatypes.Some +R57554 AST.Tint +R57544 Coq.Lists.List.nil +R57588 Allocproof.sig_function_translated +R57588 Allocproof.sig_function_translated +R57691 Coq.Init.Logic "x = y" type_scope +R57638 Coq.Lists.List.map +R57664 Conventions.loc_arguments +R57679 LTL.fn_sig +R57643 Locations.init +R57655 Values.Vundef +R57693 Coq.Lists.List.nil +R57691 Coq.Init.Logic "x = y" type_scope +R57638 Coq.Lists.List.map +R57664 Conventions.loc_arguments +R57679 LTL.fn_sig +R57643 Locations.init +R57655 Values.Vundef +R57693 Coq.Lists.List.nil +R57744 Allocproof.transl_function_correctness +R57804 Locations.init +R57816 Values.Vundef +R57744 Allocproof.transl_function_correctness +R57804 Locations.init +R57816 Values.Vundef +R57936 Allocproof.symbols_preserved +R57936 Allocproof.symbols_preserved +R57967 AST.transform_partial_program_main +R57967 AST.transform_partial_program_main +R58086 Globalenvs.init_mem +R58113 Globalenvs.init_mem +R58086 Globalenvs.init_mem +R58113 Globalenvs.init_mem +R58168 Globalenvs.init_mem_transf_partial +R58168 Globalenvs.init_mem_transf_partial +FAlloctyping_aux +R251 LTL.function +R288 Locations.loc +R353 Locations.R +R383 Locations.loc +R450 Locations.R +R514 Coq.Lists.List.In +R481 Coq.Lists.List.list +R486 Locations.loc +R600 Coq.Lists.List.In +R567 Coq.Lists.List.list +R572 Locations.loc +R799 LTLtyping.wt_block +R812 Allocation.add_move +R781 LTLtyping.wt_block +R760 Coq.Init.Logic "x = y" type_scope +R747 Locations.type +R762 Locations.type +R687 LTL.block +R677 Locations.loc +R677 Locations.loc +R907 Coq.Init.Logic "A /\ B" type_scope +R885 Coq.Lists.List.In +R897 Parallelmove.getsrc +R889 Coq.Init.Datatypes.fst +R910 Coq.Lists.List.In +R922 Parallelmove.getdst +R914 Coq.Init.Datatypes.snd +R874 Coq.Lists.List.In +R1206 Coq.Init.Logic "x = y" type_scope +R1195 Locations.type +R1208 Locations.type +R1218 Parallelmove.T +R1254 Locations.type +R1254 Locations.type +R1322 Coq.Lists.List.incl +R1327 Coq.Lists.List.nil +R1312 Coq.Lists.List.list +R1398 Alloctyping_aux.incl_nil +R1532 Coq.Init.Logic "A /\ B" type_scope +R1522 Coq.Lists.List.incl +R1535 Coq.Lists.List.incl +R1499 Coq.Init.Logic "x = y" type_scope +R1484 Parallelmove.split_move +R1501 Coq.Init.Datatypes.Some +R1506 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R1477 Parallelmove.Reg +R1477 Parallelmove.Reg +R1463 Parallelmove.Moves +R1463 Parallelmove.Moves +R1463 Parallelmove.Moves +R1651 Locations.eq +R1651 Locations.eq +R1712 Alloctyping_aux.incl_nil +R1712 Alloctyping_aux.incl_nil +R1728 Coq.Lists.List.incl_tl +R1743 Coq.Lists.List.incl_refl +R1728 Coq.Lists.List.incl_tl +R1743 Coq.Lists.List.incl_refl +R1768 Parallelmove.split_move +R1768 Parallelmove.split_move +R2065 Coq.Lists.List.incl_tl +R2065 Coq.Lists.List.incl_tl +R2186 Coq.Lists.List.In +R2189 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2163 Coq.Init.Logic "x = y" type_scope +R2148 Parallelmove.split_move +R2165 Coq.Init.Datatypes.Some +R2170 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2141 Parallelmove.Reg +R2141 Parallelmove.Reg +R2127 Parallelmove.Moves +R2127 Parallelmove.Moves +R2127 Parallelmove.Moves +R2302 Locations.eq +R2302 Locations.eq +R2374 Parallelmove.split_move +R2374 Parallelmove.split_move +R2791 Coq.Init.Logic "x = y" type_scope +R2779 Locations.type +R2793 Locations.type +R2682 Coq.Lists.List.In +R2722 Coq.Lists.List "x ++ y" list_scope +R2699 Parallelmove.StateToMove +R2712 Parallelmove.stepf +R2748 Coq.Lists.List "x ++ y" list_scope +R2726 Parallelmove.StateBeing +R2738 Parallelmove.stepf +R2751 Parallelmove.StateDone +R2762 Parallelmove.stepf +R2687 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2648 Coq.Init.Logic "x = y" type_scope +R2636 Locations.type +R2650 Locations.type +R2566 Coq.Lists.List.In +R2594 Coq.Lists.List "x ++ y" list_scope +R2579 Parallelmove.StateToMove +R2612 Coq.Lists.List "x ++ y" list_scope +R2598 Parallelmove.StateBeing +R2615 Parallelmove.StateDone +R2569 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2870 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2924 Parallelmove.StateToMove +R2951 Parallelmove.StateBeing +R2978 Parallelmove.StateDone +R3003 Coq.Lists.List.app +R2870 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2924 Parallelmove.StateToMove +R2924 Parallelmove.StateToMove +R2924 Parallelmove.StateToMove +R2951 Parallelmove.StateBeing +R2951 Parallelmove.StateBeing +R2951 Parallelmove.StateBeing +R2978 Parallelmove.StateDone +R2978 Parallelmove.StateDone +R2978 Parallelmove.StateDone +R3003 Coq.Lists.List.app +R3003 Coq.Lists.List.app +R3003 Coq.Lists.List.app +R3032 Coq.Lists.List.in_app_or +R3123 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3094 Coq.Lists.List "x ++ y" list_scope +R3072 Parallelmove.StateBeing +R3084 Parallelmove.stepf +R3097 Parallelmove.StateDone +R3108 Parallelmove.stepf +R3047 Parallelmove.StateToMove +R3060 Parallelmove.stepf +R3032 Coq.Lists.List.in_app_or +R3123 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3094 Coq.Lists.List "x ++ y" list_scope +R3072 Parallelmove.StateBeing +R3084 Parallelmove.stepf +R3097 Parallelmove.StateDone +R3108 Parallelmove.stepf +R3047 Parallelmove.StateToMove +R3060 Parallelmove.stepf +R3171 Coq.Init.Logic "x = y" type_scope +R3148 Parallelmove.StateToMove +R3161 Parallelmove.stepf +R3173 Coq.Lists.List.nil +R3171 Coq.Init.Logic "x = y" type_scope +R3148 Parallelmove.StateToMove +R3161 Parallelmove.stepf +R3173 Coq.Lists.List.nil +R3185 Parallelmove.stepf +R3185 Parallelmove.stepf +R3219 Locations.eq +R3229 Coq.Init.Datatypes.fst +R3234 Parallelmove.last +R3219 Locations.eq +R3229 Coq.Init.Datatypes.fst +R3234 Parallelmove.last +R3318 Coq.Lists.List.in_app_or +R3375 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3353 Parallelmove.StateDone +R3364 Parallelmove.stepf +R3329 Parallelmove.StateBeing +R3341 Parallelmove.stepf +R3318 Coq.Lists.List.in_app_or +R3375 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R3353 Parallelmove.StateDone +R3364 Parallelmove.stepf +R3329 Parallelmove.StateBeing +R3341 Parallelmove.stepf +R3430 Coq.Init.Logic "A \/ B" type_scope +R3424 Coq.Init.Logic "x = y" type_scope +R3402 Parallelmove.StateBeing +R3414 Parallelmove.stepf +R3426 Coq.Lists.List.nil +R3463 Coq.Init.Logic "A \/ B" type_scope +R3458 Coq.Init.Logic "x = y" type_scope +R3436 Parallelmove.StateBeing +R3448 Parallelmove.stepf +R3488 Coq.Init.Logic "x = y" type_scope +R3466 Parallelmove.StateBeing +R3478 Parallelmove.stepf +R3490 Parallelmove.replace_last_s +R3430 Coq.Init.Logic "A \/ B" type_scope +R3424 Coq.Init.Logic "x = y" type_scope +R3402 Parallelmove.StateBeing +R3414 Parallelmove.stepf +R3426 Coq.Lists.List.nil +R3463 Coq.Init.Logic "A \/ B" type_scope +R3458 Coq.Init.Logic "x = y" type_scope +R3436 Parallelmove.StateBeing +R3448 Parallelmove.stepf +R3488 Coq.Init.Logic "x = y" type_scope +R3466 Parallelmove.StateBeing +R3478 Parallelmove.stepf +R3490 Parallelmove.replace_last_s +R3517 Parallelmove.stepf +R3517 Parallelmove.stepf +R3551 Locations.eq +R3561 Coq.Init.Datatypes.fst +R3566 Parallelmove.last +R3551 Locations.eq +R3561 Coq.Init.Datatypes.fst +R3566 Parallelmove.last +R3992 Parallelmove.app_rewriter +R3992 Parallelmove.app_rewriter +R4087 Parallelmove.last_replace +R4087 Parallelmove.last_replace +R4113 Coq.Lists.List.in_app_or +R4145 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4137 Coq.Lists.List "x :: y" list_scope +R4126 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4127 Parallelmove.T +R4140 Coq.Lists.List.nil +R4113 Coq.Lists.List.in_app_or +R4145 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4137 Coq.Lists.List "x :: y" list_scope +R4126 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4127 Parallelmove.T +R4140 Coq.Lists.List.nil +R4260 Alloctyping_aux.T_type +R4260 Alloctyping_aux.T_type +R4339 Coq.Lists.List.In +R4361 Coq.Lists.List "x :: y" list_scope +R4352 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4364 Coq.Lists.List.nil +R4342 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4339 Coq.Lists.List.In +R4361 Coq.Lists.List "x :: y" list_scope +R4352 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4364 Coq.Lists.List.nil +R4342 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4482 Coq.Init.Logic "A \/ B" type_scope +R4467 Coq.Init.Logic "x = y" type_scope +R4446 Parallelmove.StateDone +R4457 Parallelmove.stepf +R4476 Coq.Lists.List "x :: y" list_scope +R4469 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4508 Coq.Init.Logic "x = y" type_scope +R4487 Parallelmove.StateDone +R4498 Parallelmove.stepf +R4517 Coq.Lists.List "x :: y" list_scope +R4510 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4530 Coq.Lists.List "x :: y" list_scope +R4521 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4525 Parallelmove.T +R4482 Coq.Init.Logic "A \/ B" type_scope +R4467 Coq.Init.Logic "x = y" type_scope +R4446 Parallelmove.StateDone +R4457 Parallelmove.stepf +R4476 Coq.Lists.List "x :: y" list_scope +R4469 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4508 Coq.Init.Logic "x = y" type_scope +R4487 Parallelmove.StateDone +R4498 Parallelmove.stepf +R4517 Coq.Lists.List "x :: y" list_scope +R4510 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4530 Coq.Lists.List "x :: y" list_scope +R4521 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4525 Parallelmove.T +R4552 Locations.eq +R4562 Coq.Init.Datatypes.fst +R4567 Parallelmove.last +R4552 Locations.eq +R4562 Coq.Init.Datatypes.fst +R4567 Parallelmove.last +R4899 Alloctyping_aux.T_type +R4899 Alloctyping_aux.T_type +R4923 Coq.Lists.List.in_app_or +R5014 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4985 Coq.Lists.List "x ++ y" list_scope +R4963 Parallelmove.StateBeing +R4975 Parallelmove.stepf +R4988 Parallelmove.StateDone +R4999 Parallelmove.stepf +R4938 Parallelmove.StateToMove +R4951 Parallelmove.stepf +R4923 Coq.Lists.List.in_app_or +R5014 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R4985 Coq.Lists.List "x ++ y" list_scope +R4963 Parallelmove.StateBeing +R4975 Parallelmove.stepf +R4988 Parallelmove.StateDone +R4999 Parallelmove.stepf +R4938 Parallelmove.StateToMove +R4951 Parallelmove.stepf +R5037 Parallelmove.stepf +R5037 Parallelmove.stepf +R5071 Locations.eq +R5071 Locations.eq +R5129 Coq.Lists.List.in_app_or +R5186 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5164 Parallelmove.StateDone +R5175 Parallelmove.stepf +R5140 Parallelmove.StateBeing +R5152 Parallelmove.stepf +R5129 Coq.Lists.List.in_app_or +R5186 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5164 Parallelmove.StateDone +R5175 Parallelmove.stepf +R5140 Parallelmove.StateBeing +R5152 Parallelmove.stepf +R5210 Parallelmove.stepf +R5210 Parallelmove.stepf +R5244 Locations.eq +R5244 Locations.eq +R5308 Parallelmove.stepf +R5308 Parallelmove.stepf +R5342 Locations.eq +R5342 Locations.eq +R5450 Coq.Lists.List.in_app_or +R5541 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5512 Coq.Lists.List "x ++ y" list_scope +R5490 Parallelmove.StateBeing +R5502 Parallelmove.stepf +R5515 Parallelmove.StateDone +R5526 Parallelmove.stepf +R5465 Parallelmove.StateToMove +R5478 Parallelmove.stepf +R5450 Coq.Lists.List.in_app_or +R5541 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5512 Coq.Lists.List "x ++ y" list_scope +R5490 Parallelmove.StateBeing +R5502 Parallelmove.stepf +R5515 Parallelmove.StateDone +R5526 Parallelmove.stepf +R5465 Parallelmove.StateToMove +R5478 Parallelmove.stepf +R5564 Parallelmove.stepf +R5564 Parallelmove.stepf +R5622 Locations.eq +R5622 Locations.eq +R5686 Parallelmove.split_move +R5686 Parallelmove.split_move +R5764 Parallelmove.StateToMove +R5764 Parallelmove.StateToMove +R5790 Alloctyping_aux.split_move_incl +R5790 Alloctyping_aux.split_move_incl +R5861 Coq.Lists.List.In +R5881 Coq.Lists.List "x :: y" list_scope +R5874 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5888 Coq.Lists.List "x ++ y" list_scope +R5864 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5861 Coq.Lists.List.In +R5881 Coq.Lists.List "x :: y" list_scope +R5874 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5888 Coq.Lists.List "x ++ y" list_scope +R5864 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5997 Coq.Lists.List.in_app_or +R6013 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R6043 Coq.Lists.List.in_or_app +R5997 Coq.Lists.List.in_app_or +R6013 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R6043 Coq.Lists.List.in_or_app +R6043 Coq.Lists.List.in_or_app +R6157 Locations.eq +R6168 Coq.Init.Datatypes.fst +R6173 Parallelmove.last +R6206 Parallelmove.StateToMove +R6157 Locations.eq +R6168 Coq.Init.Datatypes.fst +R6173 Parallelmove.last +R6206 Parallelmove.StateToMove +R6206 Parallelmove.StateToMove +R6206 Parallelmove.StateToMove +R6206 Parallelmove.StateToMove +R6258 Coq.Lists.List.in_app_or +R6315 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R6293 Parallelmove.StateDone +R6304 Parallelmove.stepf +R6269 Parallelmove.StateBeing +R6281 Parallelmove.stepf +R6258 Coq.Lists.List.in_app_or +R6315 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R6293 Parallelmove.StateDone +R6304 Parallelmove.stepf +R6269 Parallelmove.StateBeing +R6281 Parallelmove.stepf +R6339 Parallelmove.stepf +R6339 Parallelmove.stepf +R6397 Locations.eq +R6397 Locations.eq +R6441 Parallelmove.StateBeing +R6441 Parallelmove.StateBeing +R6504 Parallelmove.split_move +R6504 Parallelmove.split_move +R6564 Parallelmove.StateBeing +R6564 Parallelmove.StateBeing +R6605 Alloctyping_aux.in_split_move +R6605 Alloctyping_aux.in_split_move +R6759 Locations.eq +R6770 Coq.Init.Datatypes.fst +R6775 Parallelmove.last +R6783 Coq.Lists.List "x :: y" list_scope +R6759 Locations.eq +R6770 Coq.Init.Datatypes.fst +R6775 Parallelmove.last +R6783 Coq.Lists.List "x :: y" list_scope +R6805 Parallelmove.app_rewriter +R6818 Parallelmove.Move +R6805 Parallelmove.app_rewriter +R6818 Parallelmove.Move +R6866 Parallelmove.StateBeing +R6866 Parallelmove.StateBeing +R6913 Parallelmove.last_replace +R6913 Parallelmove.last_replace +R7020 Coq.Lists.List.in_app_or +R7052 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7044 Coq.Lists.List "x :: y" list_scope +R7033 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7034 Parallelmove.T +R7047 Coq.Lists.List.nil +R7020 Coq.Lists.List.in_app_or +R7052 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7044 Coq.Lists.List "x :: y" list_scope +R7033 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7034 Parallelmove.T +R7047 Coq.Lists.List.nil +R7165 Alloctyping_aux.T_type +R7165 Alloctyping_aux.T_type +R7230 Coq.Lists.List.In +R7252 Coq.Lists.List "x :: y" list_scope +R7243 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7255 Coq.Lists.List.nil +R7233 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7230 Coq.Lists.List.In +R7252 Coq.Lists.List "x :: y" list_scope +R7243 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7255 Coq.Lists.List.nil +R7233 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7295 Parallelmove.StateBeing +R7295 Parallelmove.StateBeing +R7356 Parallelmove.stepf +R7356 Parallelmove.stepf +R7414 Locations.eq +R7414 Locations.eq +R7478 Parallelmove.split_move +R7478 Parallelmove.split_move +R7556 Parallelmove.StateDone +R7556 Parallelmove.StateDone +R7603 Locations.eq +R7614 Coq.Init.Datatypes.fst +R7619 Parallelmove.last +R7646 Parallelmove.StateDone +R7603 Locations.eq +R7614 Coq.Init.Datatypes.fst +R7619 Parallelmove.last +R7646 Parallelmove.StateDone +R7646 Parallelmove.StateDone +R7646 Parallelmove.StateDone +R7646 Parallelmove.StateDone +R7725 Coq.Lists.List.In +R7747 Coq.Lists.List "x :: y" list_scope +R7738 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7750 Coq.Lists.List.nil +R7728 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7725 Coq.Lists.List.In +R7747 Coq.Lists.List "x :: y" list_scope +R7738 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7750 Coq.Lists.List.nil +R7728 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R7845 Alloctyping_aux.T_type +R7845 Alloctyping_aux.T_type +R8151 Coq.Init.Logic "x = y" type_scope +R8139 Locations.type +R8153 Locations.type +R8045 Coq.Lists.List.In +R8084 Coq.Lists.List "x ++ y" list_scope +R8062 Parallelmove.StateToMove +R8075 Parallelmove.Pmov +R8109 Coq.Lists.List "x ++ y" list_scope +R8088 Parallelmove.StateBeing +R8100 Parallelmove.Pmov +R8112 Parallelmove.StateDone +R8123 Parallelmove.Pmov +R8050 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8011 Coq.Init.Logic "x = y" type_scope +R7999 Locations.type +R8013 Locations.type +R7929 Coq.Lists.List.In +R7957 Coq.Lists.List "x ++ y" list_scope +R7942 Parallelmove.StateToMove +R7975 Coq.Lists.List "x ++ y" list_scope +R7961 Parallelmove.StateBeing +R7978 Parallelmove.StateDone +R7932 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8200 Coq.Init.Wf.well_founded_ind +R8218 Coq.Arith.Wf_nat.well_founded_ltof +R8245 Parallelmove.mesure +R8200 Coq.Init.Wf.well_founded_ind +R8218 Coq.Arith.Wf_nat.well_founded_ltof +R8245 Parallelmove.mesure +R8316 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8316 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8347 Parallelmove.Pmov_equation +R8347 Parallelmove.Pmov_equation +R8419 Parallelmove.stepf +R8419 Parallelmove.stepf +R8437 Parallelmove.stepf1_dec +R8437 Parallelmove.stepf1_dec +R8461 Alloctyping_aux.move_types_stepf +R8461 Alloctyping_aux.move_types_stepf +R8515 Parallelmove.stepf +R8515 Parallelmove.stepf +R8533 Parallelmove.stepf1_dec +R8533 Parallelmove.stepf1_dec +R8557 Alloctyping_aux.move_types_stepf +R8557 Alloctyping_aux.move_types_stepf +R8838 Coq.Init.Logic "A /\ B" type_scope +R8766 Coq.Init.Logic "A \/ B" type_scope +R8747 Coq.Lists.List.In +R8753 Allocproof_aux.temporaries2 +R8772 Coq.Lists.List.In +R8779 Parallelmove.getsrc +R8802 Coq.Lists.List "x ++ y" list_scope +R8787 Parallelmove.StateToMove +R8820 Coq.Lists.List "x ++ y" list_scope +R8806 Parallelmove.StateBeing +R8823 Parallelmove.StateDone +R8865 Coq.Init.Logic "A \/ B" type_scope +R8846 Coq.Lists.List.In +R8852 Allocproof_aux.temporaries2 +R8871 Coq.Lists.List.In +R8878 Parallelmove.getdst +R8901 Coq.Lists.List "x ++ y" list_scope +R8886 Parallelmove.StateToMove +R8919 Coq.Lists.List "x ++ y" list_scope +R8905 Parallelmove.StateBeing +R8922 Parallelmove.StateDone +R8649 Coq.Lists.List.In +R8689 Coq.Lists.List "x ++ y" list_scope +R8666 Parallelmove.StateToMove +R8679 Parallelmove.stepf +R8715 Coq.Lists.List "x ++ y" list_scope +R8693 Parallelmove.StateBeing +R8705 Parallelmove.stepf +R8718 Parallelmove.StateDone +R8729 Parallelmove.stepf +R8654 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8982 Parallelmove.getsrc_app +R9011 Parallelmove.getdst_app +R8982 Parallelmove.getsrc_app +R8982 Parallelmove.getsrc_app +R8982 Parallelmove.getsrc_app +R9011 Parallelmove.getdst_app +R9011 Parallelmove.getdst_app +R9011 Parallelmove.getdst_app +R9062 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9062 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9131 Alloctyping_aux.in_move__in_srcdst +R9150 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9131 Alloctyping_aux.in_move__in_srcdst +R9150 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9185 Coq.Lists.List.in_app_or +R9274 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9246 Coq.Lists.List "x ++ y" list_scope +R9224 Parallelmove.StateBeing +R9236 Parallelmove.stepf +R9249 Parallelmove.StateDone +R9260 Parallelmove.stepf +R9199 Parallelmove.StateToMove +R9212 Parallelmove.stepf +R9185 Coq.Lists.List.in_app_or +R9274 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9246 Coq.Lists.List "x ++ y" list_scope +R9224 Parallelmove.StateBeing +R9236 Parallelmove.stepf +R9249 Parallelmove.StateDone +R9260 Parallelmove.stepf +R9199 Parallelmove.StateToMove +R9212 Parallelmove.stepf +R9322 Coq.Init.Logic "x = y" type_scope +R9299 Parallelmove.StateToMove +R9312 Parallelmove.stepf +R9324 Coq.Lists.List.nil +R9322 Coq.Init.Logic "x = y" type_scope +R9299 Parallelmove.StateToMove +R9312 Parallelmove.stepf +R9324 Coq.Lists.List.nil +R9336 Parallelmove.stepf +R9336 Parallelmove.stepf +R9370 Locations.eq +R9380 Coq.Init.Datatypes.fst +R9385 Parallelmove.last +R9370 Locations.eq +R9380 Coq.Init.Datatypes.fst +R9385 Parallelmove.last +R9469 Coq.Lists.List.in_app_or +R9526 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9504 Parallelmove.StateDone +R9515 Parallelmove.stepf +R9480 Parallelmove.StateBeing +R9492 Parallelmove.stepf +R9469 Coq.Lists.List.in_app_or +R9526 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9504 Parallelmove.StateDone +R9515 Parallelmove.stepf +R9480 Parallelmove.StateBeing +R9492 Parallelmove.stepf +R9550 Parallelmove.stepf +R9550 Parallelmove.stepf +R9652 Parallelmove.app_rewriter +R9652 Parallelmove.app_rewriter +R9740 Parallelmove.last_app +R9756 Coq.Init.Datatypes.fst +R9740 Parallelmove.last_app +R9756 Coq.Init.Datatypes.fst +R9767 Locations.eq +R9767 Locations.eq +R9802 Parallelmove.last_replace +R9802 Parallelmove.last_replace +R9836 Coq.Lists.List.in_app_or +R9868 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9860 Coq.Lists.List "x :: y" list_scope +R9849 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9850 Parallelmove.T +R9863 Coq.Lists.List.nil +R9836 Coq.Lists.List.in_app_or +R9868 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9860 Coq.Lists.List "x :: y" list_scope +R9849 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9850 Parallelmove.T +R9863 Coq.Lists.List.nil +R9918 Parallelmove.getsrc_app +R9945 Parallelmove.getdst_app +R9918 Parallelmove.getsrc_app +R9945 Parallelmove.getdst_app +R9977 Alloctyping_aux.in_move__in_srcdst +R9996 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R9977 Alloctyping_aux.in_move__in_srcdst +R9996 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10118 Locations.type +R10118 Locations.type +R10244 Parallelmove.getdst_app +R10244 Parallelmove.getdst_app +R10271 Coq.Lists.List.In +R10281 Coq.Lists.List "x :: y" list_scope +R10284 Coq.Lists.List.nil +R10271 Coq.Lists.List.In +R10281 Coq.Lists.List "x :: y" list_scope +R10284 Coq.Lists.List.nil +R10318 Parallelmove.StateBeing +R10318 Parallelmove.StateBeing +R10344 Alloctyping_aux.in_move__in_srcdst +R10375 Coq.Lists.List "x ++ y" list_scope +R10388 Coq.Lists.List "x :: y" list_scope +R10379 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10391 Coq.Lists.List.nil +R10363 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10344 Alloctyping_aux.in_move__in_srcdst +R10375 Coq.Lists.List "x ++ y" list_scope +R10388 Coq.Lists.List "x :: y" list_scope +R10379 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10391 Coq.Lists.List.nil +R10363 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10603 Parallelmove.stepf +R10603 Parallelmove.stepf +R10655 Parallelmove.StateDone +R10655 Parallelmove.StateDone +R10715 Coq.Lists.List.app +R10715 Coq.Lists.List.app +R10726 Alloctyping_aux.in_move__in_srcdst +R10762 Coq.Lists.List "x :: y" list_scope +R10755 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10745 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10726 Alloctyping_aux.in_move__in_srcdst +R10762 Coq.Lists.List "x :: y" list_scope +R10755 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10745 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R10805 Coq.Init.Datatypes.snd +R10825 Coq.Init.Datatypes.fst +R10845 Parallelmove.getdst +R10869 Parallelmove.getsrc +R10805 Coq.Init.Datatypes.snd +R10825 Coq.Init.Datatypes.fst +R10845 Parallelmove.getdst +R10869 Parallelmove.getsrc +R10906 Coq.Init.Datatypes.snd +R10926 Coq.Init.Datatypes.fst +R10946 Parallelmove.getdst +R10970 Parallelmove.getsrc +R10906 Coq.Init.Datatypes.snd +R10926 Coq.Init.Datatypes.fst +R10946 Parallelmove.getdst +R10970 Parallelmove.getsrc +R11021 Parallelmove.app_rewriter +R11021 Parallelmove.app_rewriter +R11096 Parallelmove.last_app +R11096 Parallelmove.last_app +R11135 Coq.Init.Datatypes.fst +R11135 Coq.Init.Datatypes.fst +R11146 Locations.eq +R11146 Locations.eq +R11166 Parallelmove.StateDone +R11166 Parallelmove.StateDone +R11447 Parallelmove.getsrc_app +R11465 Parallelmove.getsrc +R11447 Parallelmove.getsrc_app +R11465 Parallelmove.getsrc +R11507 Coq.Lists.List.In +R11517 Coq.Lists.List "x :: y" list_scope +R11520 Coq.Lists.List.nil +R11507 Coq.Lists.List.In +R11517 Coq.Lists.List "x :: y" list_scope +R11520 Coq.Lists.List.nil +R11570 Locations.type +R11570 Locations.type +R11603 Alloctyping_aux.in_move__in_srcdst +R11622 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R11603 Alloctyping_aux.in_move__in_srcdst +R11622 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R11699 Parallelmove.StateDone +R11699 Parallelmove.StateDone +R11763 Parallelmove.getsrc +R11777 Coq.Lists.List.app +R11763 Parallelmove.getsrc +R11777 Coq.Lists.List.app +R11809 Alloctyping_aux.in_move__in_srcdst +R11845 Coq.Lists.List "x :: y" list_scope +R11838 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R11828 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R11869 Coq.Init.Datatypes.fst +R11880 Coq.Init.Datatypes.snd +R11891 Parallelmove.getsrc +R11905 Parallelmove.getdst +R11809 Alloctyping_aux.in_move__in_srcdst +R11845 Coq.Lists.List "x :: y" list_scope +R11838 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R11828 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R11869 Coq.Init.Datatypes.fst +R11880 Coq.Init.Datatypes.snd +R11891 Parallelmove.getsrc +R11905 Parallelmove.getdst +R12008 Coq.Lists.List.in_app_or +R12097 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12069 Coq.Lists.List "x ++ y" list_scope +R12047 Parallelmove.StateBeing +R12059 Parallelmove.stepf +R12072 Parallelmove.StateDone +R12083 Parallelmove.stepf +R12022 Parallelmove.StateToMove +R12035 Parallelmove.stepf +R12008 Coq.Lists.List.in_app_or +R12097 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12069 Coq.Lists.List "x ++ y" list_scope +R12047 Parallelmove.StateBeing +R12059 Parallelmove.stepf +R12072 Parallelmove.StateDone +R12083 Parallelmove.stepf +R12022 Parallelmove.StateToMove +R12035 Parallelmove.stepf +R12120 Parallelmove.stepf +R12120 Parallelmove.stepf +R12154 Locations.eq +R12154 Locations.eq +R12173 Parallelmove.StateToMove +R12173 Parallelmove.StateToMove +R12200 Alloctyping_aux.in_move__in_srcdst +R12219 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12257 Parallelmove.getsrc_app +R12275 Parallelmove.getsrc +R12303 Parallelmove.getdst_app +R12321 Parallelmove.getdst +R12337 Coq.Init.Datatypes.fst +R12348 Coq.Init.Datatypes.snd +R12200 Alloctyping_aux.in_move__in_srcdst +R12219 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12257 Parallelmove.getsrc_app +R12303 Parallelmove.getdst_app +R12337 Coq.Init.Datatypes.fst +R12348 Coq.Init.Datatypes.snd +R12410 Parallelmove.StateToMove +R12410 Parallelmove.StateToMove +R12437 Alloctyping_aux.in_move__in_srcdst +R12456 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12494 Parallelmove.getsrc_app +R12512 Parallelmove.getsrc +R12540 Parallelmove.getdst_app +R12558 Parallelmove.getdst +R12574 Coq.Init.Datatypes.fst +R12585 Coq.Init.Datatypes.snd +R12437 Alloctyping_aux.in_move__in_srcdst +R12456 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12494 Parallelmove.getsrc_app +R12540 Parallelmove.getdst_app +R12574 Coq.Init.Datatypes.fst +R12585 Coq.Init.Datatypes.snd +R12654 Coq.Lists.List.in_app_or +R12711 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12689 Parallelmove.StateDone +R12700 Parallelmove.stepf +R12665 Parallelmove.StateBeing +R12677 Parallelmove.stepf +R12654 Coq.Lists.List.in_app_or +R12711 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12689 Parallelmove.StateDone +R12700 Parallelmove.stepf +R12665 Parallelmove.StateBeing +R12677 Parallelmove.stepf +R12735 Parallelmove.stepf +R12735 Parallelmove.stepf +R12769 Locations.eq +R12769 Locations.eq +R12788 Parallelmove.StateBeing +R12788 Parallelmove.StateBeing +R12834 Parallelmove.StateBeing +R12834 Parallelmove.StateBeing +R12866 Alloctyping_aux.in_move__in_srcdst +R12902 Coq.Lists.List "x :: y" list_scope +R12895 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12905 Coq.Lists.List.nil +R12885 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12924 Coq.Init.Datatypes.fst +R12935 Coq.Init.Datatypes.snd +R12866 Alloctyping_aux.in_move__in_srcdst +R12902 Coq.Lists.List "x :: y" list_scope +R12895 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12905 Coq.Lists.List.nil +R12885 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R12924 Coq.Init.Datatypes.fst +R12935 Coq.Init.Datatypes.snd +R13130 Parallelmove.stepf +R13130 Parallelmove.stepf +R13164 Locations.eq +R13164 Locations.eq +R13183 Parallelmove.StateDone +R13183 Parallelmove.StateDone +R13214 Alloctyping_aux.in_move__in_srcdst +R13233 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13259 Coq.Init.Datatypes.fst +R13270 Coq.Init.Datatypes.snd +R13214 Alloctyping_aux.in_move__in_srcdst +R13233 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13259 Coq.Init.Datatypes.fst +R13270 Coq.Init.Datatypes.snd +R13332 Parallelmove.StateDone +R13332 Parallelmove.StateDone +R13363 Alloctyping_aux.in_move__in_srcdst +R13382 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13408 Coq.Init.Datatypes.fst +R13419 Coq.Init.Datatypes.snd +R13363 Alloctyping_aux.in_move__in_srcdst +R13382 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13408 Coq.Init.Datatypes.fst +R13419 Coq.Init.Datatypes.snd +R13482 Coq.Lists.List.in_app_or +R13571 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13543 Coq.Lists.List "x ++ y" list_scope +R13521 Parallelmove.StateBeing +R13533 Parallelmove.stepf +R13546 Parallelmove.StateDone +R13557 Parallelmove.stepf +R13496 Parallelmove.StateToMove +R13509 Parallelmove.stepf +R13482 Coq.Lists.List.in_app_or +R13571 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13543 Coq.Lists.List "x ++ y" list_scope +R13521 Parallelmove.StateBeing +R13533 Parallelmove.stepf +R13546 Parallelmove.StateDone +R13557 Parallelmove.stepf +R13496 Parallelmove.StateToMove +R13509 Parallelmove.stepf +R13594 Parallelmove.stepf +R13594 Parallelmove.stepf +R13652 Locations.eq +R13652 Locations.eq +R13719 Coq.Lists.List.app +R13719 Coq.Lists.List.app +R13743 Alloctyping_aux.in_move__in_srcdst +R13762 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13743 Alloctyping_aux.in_move__in_srcdst +R13762 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13852 Parallelmove.split_move +R13852 Parallelmove.split_move +R13981 Alloctyping_aux.split_move_incl +R13981 Alloctyping_aux.split_move_incl +R14043 Coq.Lists.List.In +R14063 Coq.Lists.List "x :: y" list_scope +R14056 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14070 Coq.Lists.List "x ++ y" list_scope +R14046 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14043 Coq.Lists.List.In +R14063 Coq.Lists.List "x :: y" list_scope +R14056 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14070 Coq.Lists.List "x ++ y" list_scope +R14046 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14179 Coq.Lists.List.in_app_or +R14195 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14225 Coq.Lists.List.in_or_app +R14179 Coq.Lists.List.in_app_or +R14195 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14225 Coq.Lists.List.in_or_app +R14225 Coq.Lists.List.in_or_app +R14338 Alloctyping_aux.in_move__in_srcdst +R14374 Coq.Lists.List "x :: y" list_scope +R14367 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14381 Coq.Lists.List "x ++ y" list_scope +R14357 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14338 Alloctyping_aux.in_move__in_srcdst +R14374 Coq.Lists.List "x :: y" list_scope +R14367 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14381 Coq.Lists.List "x ++ y" list_scope +R14357 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14564 Parallelmove.getsrc_app +R14564 Parallelmove.getsrc_app +R14602 Alloctyping_aux.in_move__in_srcdst +R14638 Coq.Lists.List "x :: y" list_scope +R14631 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14645 Coq.Lists.List "x ++ y" list_scope +R14621 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14602 Alloctyping_aux.in_move__in_srcdst +R14638 Coq.Lists.List "x :: y" list_scope +R14631 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14645 Coq.Lists.List "x ++ y" list_scope +R14621 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14814 Parallelmove.getdst_app +R14814 Parallelmove.getdst_app +R14924 Alloctyping_aux.in_move__in_srcdst +R14960 Coq.Lists.List "x :: y" list_scope +R14953 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14943 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14924 Alloctyping_aux.in_move__in_srcdst +R14960 Coq.Lists.List "x :: y" list_scope +R14953 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14943 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R14991 Coq.Init.Datatypes.snd +R15011 Coq.Init.Datatypes.fst +R14991 Coq.Init.Datatypes.snd +R15011 Coq.Init.Datatypes.fst +R15079 Parallelmove.app_rewriter +R15079 Parallelmove.app_rewriter +R15162 Parallelmove.last_app +R15178 Coq.Init.Datatypes.fst +R15162 Parallelmove.last_app +R15178 Coq.Init.Datatypes.fst +R15189 Locations.eq +R15189 Locations.eq +R15265 Alloctyping_aux.in_move__in_srcdst +R15301 Coq.Lists.List "x :: y" list_scope +R15294 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15284 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15265 Alloctyping_aux.in_move__in_srcdst +R15301 Coq.Lists.List "x :: y" list_scope +R15294 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15284 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15330 Coq.Init.Datatypes.snd +R15350 Coq.Init.Datatypes.fst +R15330 Coq.Init.Datatypes.snd +R15350 Coq.Init.Datatypes.fst +R15455 Alloctyping_aux.in_move__in_srcdst +R15491 Coq.Lists.List "x :: y" list_scope +R15484 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15474 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15455 Alloctyping_aux.in_move__in_srcdst +R15491 Coq.Lists.List "x :: y" list_scope +R15484 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15474 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15520 Coq.Init.Datatypes.snd +R15540 Coq.Init.Datatypes.fst +R15520 Coq.Init.Datatypes.snd +R15540 Coq.Init.Datatypes.fst +R15597 Coq.Lists.List.in_app_or +R15654 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15632 Parallelmove.StateDone +R15643 Parallelmove.stepf +R15608 Parallelmove.StateBeing +R15620 Parallelmove.stepf +R15597 Coq.Lists.List.in_app_or +R15654 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15632 Parallelmove.StateDone +R15643 Parallelmove.stepf +R15608 Parallelmove.StateBeing +R15620 Parallelmove.stepf +R15678 Parallelmove.stepf +R15678 Parallelmove.stepf +R15736 Locations.eq +R15736 Locations.eq +R15780 Parallelmove.StateBeing +R15780 Parallelmove.StateBeing +R15853 Alloctyping_aux.in_move__in_srcdst +R15889 Coq.Lists.List "x :: y" list_scope +R15882 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15901 Coq.Lists.List "x :: y" list_scope +R15893 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15872 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15853 Alloctyping_aux.in_move__in_srcdst +R15889 Coq.Lists.List "x :: y" list_scope +R15882 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15901 Coq.Lists.List "x :: y" list_scope +R15893 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R15872 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16114 Coq.Lists.List.In +R16124 Coq.Lists.List "x :: y" list_scope +R16127 Coq.Lists.List.nil +R16114 Coq.Lists.List.In +R16124 Coq.Lists.List "x :: y" list_scope +R16127 Coq.Lists.List.nil +R16369 Coq.Lists.List.In +R16378 Coq.Lists.List "x :: y" list_scope +R16381 Coq.Lists.List.nil +R16369 Coq.Lists.List.In +R16378 Coq.Lists.List "x :: y" list_scope +R16381 Coq.Lists.List.nil +R16452 Parallelmove.split_move +R16452 Parallelmove.split_move +R16512 Parallelmove.StateBeing +R16512 Parallelmove.StateBeing +R16544 Alloctyping_aux.in_split_move +R16544 Alloctyping_aux.in_split_move +R16641 Alloctyping_aux.in_move__in_srcdst +R16660 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16641 Alloctyping_aux.in_move__in_srcdst +R16660 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16694 Coq.Init.Datatypes.snd +R16714 Coq.Init.Datatypes.fst +R16694 Coq.Init.Datatypes.snd +R16714 Coq.Init.Datatypes.fst +R16795 Parallelmove.getsrc +R16795 Parallelmove.getsrc +R16823 Alloctyping_aux.in_move__in_srcdst +R16861 Coq.Lists.List "x :: y" list_scope +R16852 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16842 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16823 Alloctyping_aux.in_move__in_srcdst +R16861 Coq.Lists.List "x :: y" list_scope +R16852 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16842 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R16892 Coq.Init.Datatypes.snd +R16912 Coq.Init.Datatypes.fst +R16892 Coq.Init.Datatypes.snd +R16912 Coq.Init.Datatypes.fst +R17100 Coq.Lists.List.In +R17110 Coq.Lists.List "x :: y" list_scope +R17113 Coq.Lists.List.nil +R17100 Coq.Lists.List.In +R17110 Coq.Lists.List "x :: y" list_scope +R17113 Coq.Lists.List.nil +R17218 Alloctyping_aux.in_move__in_srcdst +R17237 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17218 Alloctyping_aux.in_move__in_srcdst +R17237 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17273 Coq.Init.Datatypes.snd +R17273 Coq.Init.Datatypes.snd +R17355 Alloctyping_aux.in_move__in_srcdst +R17393 Coq.Lists.List "x :: y" list_scope +R17384 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17374 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17355 Alloctyping_aux.in_move__in_srcdst +R17393 Coq.Lists.List "x :: y" list_scope +R17384 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17374 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17422 Coq.Init.Datatypes.snd +R17422 Coq.Init.Datatypes.snd +R17458 Coq.Lists.List.in_or_app +R17517 Coq.Lists.List "x ++ y" list_scope +R17493 Parallelmove.getdst +R17510 Coq.Lists.List "x :: y" list_scope +R17501 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17520 Parallelmove.getdst +R17469 Parallelmove.getdst +R17484 Coq.Lists.List "x :: y" list_scope +R17477 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17458 Coq.Lists.List.in_or_app +R17517 Coq.Lists.List "x ++ y" list_scope +R17493 Parallelmove.getdst +R17510 Coq.Lists.List "x :: y" list_scope +R17501 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17520 Parallelmove.getdst +R17469 Parallelmove.getdst +R17484 Coq.Lists.List "x :: y" list_scope +R17477 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17625 Parallelmove.app_rewriter +R17625 Parallelmove.app_rewriter +R17708 Parallelmove.last_app +R17724 Coq.Init.Datatypes.fst +R17708 Parallelmove.last_app +R17724 Coq.Init.Datatypes.fst +R17735 Locations.eq +R17735 Locations.eq +R17809 Parallelmove.last_replace +R17809 Parallelmove.last_replace +R17884 Coq.Lists.List.in_app_or +R17916 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17908 Coq.Lists.List "x :: y" list_scope +R17897 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17898 Parallelmove.T +R17911 Coq.Lists.List.nil +R17884 Coq.Lists.List.in_app_or +R17916 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17908 Coq.Lists.List "x :: y" list_scope +R17897 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17898 Parallelmove.T +R17911 Coq.Lists.List.nil +R17987 Alloctyping_aux.in_move__in_srcdst +R18006 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18031 Coq.Init.Datatypes.fst +R18042 Coq.Init.Datatypes.snd +R17987 Alloctyping_aux.in_move__in_srcdst +R18006 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18031 Coq.Init.Datatypes.fst +R18042 Coq.Init.Datatypes.snd +R18085 Parallelmove.getsrc_app +R18085 Parallelmove.getsrc_app +R18126 Alloctyping_aux.in_move__in_srcdst +R18145 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18170 Coq.Init.Datatypes.fst +R18181 Coq.Init.Datatypes.snd +R18126 Alloctyping_aux.in_move__in_srcdst +R18145 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18170 Coq.Init.Datatypes.fst +R18181 Coq.Init.Datatypes.snd +R18224 Parallelmove.getdst_app +R18224 Parallelmove.getdst_app +R18346 Locations.type +R18346 Locations.type +R18416 Parallelmove.getdst_app +R18416 Parallelmove.getdst_app +R18443 Coq.Lists.List.In +R18453 Coq.Lists.List "x :: y" list_scope +R18456 Coq.Lists.List.nil +R18443 Coq.Lists.List.In +R18453 Coq.Lists.List "x :: y" list_scope +R18456 Coq.Lists.List.nil +R18609 Alloctyping_aux.in_move__in_srcdst +R18640 Coq.Lists.List "x ++ y" list_scope +R18653 Coq.Lists.List "x :: y" list_scope +R18644 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18656 Coq.Lists.List.nil +R18628 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18609 Alloctyping_aux.in_move__in_srcdst +R18640 Coq.Lists.List "x ++ y" list_scope +R18653 Coq.Lists.List "x :: y" list_scope +R18644 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18656 Coq.Lists.List.nil +R18628 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18685 Coq.Init.Datatypes.snd +R18705 Coq.Init.Datatypes.fst +R18685 Coq.Init.Datatypes.snd +R18705 Coq.Init.Datatypes.fst +R18753 Coq.Lists.List.in_or_app +R18753 Coq.Lists.List.in_or_app +R18805 Alloctyping_aux.in_move__in_srcdst +R18836 Coq.Lists.List "x ++ y" list_scope +R18849 Coq.Lists.List "x :: y" list_scope +R18840 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18852 Coq.Lists.List.nil +R18824 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18805 Alloctyping_aux.in_move__in_srcdst +R18836 Coq.Lists.List "x ++ y" list_scope +R18849 Coq.Lists.List "x :: y" list_scope +R18840 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18852 Coq.Lists.List.nil +R18824 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18880 Coq.Init.Datatypes.snd +R18880 Coq.Init.Datatypes.snd +R18928 Coq.Lists.List.in_or_app +R18928 Coq.Lists.List.in_or_app +R18980 Parallelmove.stepf +R18980 Parallelmove.stepf +R19038 Locations.eq +R19038 Locations.eq +R19113 Alloctyping_aux.in_move__in_srcdst +R19132 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19113 Alloctyping_aux.in_move__in_srcdst +R19132 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19235 Parallelmove.split_move +R19235 Parallelmove.split_move +R19295 Parallelmove.StateDone +R19295 Parallelmove.StateDone +R19367 Alloctyping_aux.in_move__in_srcdst +R19386 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19367 Alloctyping_aux.in_move__in_srcdst +R19386 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19546 Alloctyping_aux.in_move__in_srcdst +R19584 Coq.Lists.List "x :: y" list_scope +R19575 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19565 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19546 Alloctyping_aux.in_move__in_srcdst +R19584 Coq.Lists.List "x :: y" list_scope +R19575 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19565 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R19755 Coq.Lists.List.In +R19765 Coq.Lists.List "x :: y" list_scope +R19768 Coq.Lists.List.nil +R19755 Coq.Lists.List.In +R19765 Coq.Lists.List "x :: y" list_scope +R19768 Coq.Lists.List.nil +R19926 Coq.Lists.List.In +R19936 Coq.Lists.List "x :: y" list_scope +R19939 Coq.Lists.List.nil +R19926 Coq.Lists.List.In +R19936 Coq.Lists.List "x :: y" list_scope +R19939 Coq.Lists.List.nil +R20028 Parallelmove.app_rewriter +R20028 Parallelmove.app_rewriter +R20111 Parallelmove.last_app +R20127 Coq.Init.Datatypes.fst +R20111 Parallelmove.last_app +R20127 Coq.Init.Datatypes.fst +R20138 Locations.eq +R20138 Locations.eq +R20326 Coq.Lists.List.in_or_app +R20326 Coq.Lists.List.in_or_app +R20370 Coq.Lists.List.in_or_app +R20370 Coq.Lists.List.in_or_app +R20528 Parallelmove.getsrc_app +R20528 Parallelmove.getsrc_app +R20562 Coq.Lists.List.In +R20572 Coq.Lists.List "x :: y" list_scope +R20575 Coq.Lists.List.nil +R20562 Coq.Lists.List.In +R20572 Coq.Lists.List "x :: y" list_scope +R20575 Coq.Lists.List.nil +R20626 Locations.type +R20626 Locations.type +R20652 Alloctyping_aux.in_move__in_srcdst +R20671 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20652 Alloctyping_aux.in_move__in_srcdst +R20671 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20707 Coq.Init.Datatypes.snd +R20727 Coq.Init.Datatypes.fst +R20707 Coq.Init.Datatypes.snd +R20727 Coq.Init.Datatypes.fst +R20830 Alloctyping_aux.in_move__in_srcdst +R20868 Coq.Lists.List "x :: y" list_scope +R20859 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20849 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20830 Alloctyping_aux.in_move__in_srcdst +R20868 Coq.Lists.List "x :: y" list_scope +R20859 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20849 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R20994 Coq.Lists.List.in_or_app +R20994 Coq.Lists.List.in_or_app +R21125 Coq.Lists.List.in_or_app +R21125 Coq.Lists.List.in_or_app +R21233 Coq.Init.Logic "'exists' x , p" type_scope +R21244 Coq.Lists.List.In +R21247 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21212 Coq.Lists.List.In +R21218 Parallelmove.getsrc +R21285 Parallelmove.getsrc +R21285 Parallelmove.getsrc +R21285 Parallelmove.getsrc +R21645 Coq.Lists.List.incl +R21663 Parallelmove.getsrc +R21651 Parallelmove.getsrc +R21630 Coq.Lists.List.incl +R21767 Alloctyping_aux.getsrc_f +R21767 Alloctyping_aux.getsrc_f +R21887 Coq.Lists.List.In +R21890 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21887 Coq.Lists.List.In +R21890 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21923 Alloctyping_aux.in_move__in_srcdst +R21942 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21923 Alloctyping_aux.in_move__in_srcdst +R21942 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22016 Coq.Init.Logic "'exists' x , p" type_scope +R22027 Coq.Lists.List.In +R22030 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R21995 Coq.Lists.List.In +R22001 Parallelmove.getdst +R22068 Parallelmove.getdst +R22068 Parallelmove.getdst +R22068 Parallelmove.getdst +R22428 Coq.Lists.List.incl +R22446 Parallelmove.getdst +R22434 Parallelmove.getdst +R22413 Coq.Lists.List.incl +R22550 Alloctyping_aux.getdst_f +R22550 Alloctyping_aux.getdst_f +R22670 Coq.Lists.List.In +R22673 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22670 Coq.Lists.List.In +R22673 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22706 Alloctyping_aux.in_move__in_srcdst +R22725 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22706 Alloctyping_aux.in_move__in_srcdst +R22725 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R22975 Coq.Init.Logic "A /\ B" type_scope +R22903 Coq.Init.Logic "A \/ B" type_scope +R22884 Coq.Lists.List.In +R22890 Allocproof_aux.temporaries2 +R22909 Coq.Lists.List.In +R22916 Parallelmove.getsrc +R22939 Coq.Lists.List "x ++ y" list_scope +R22924 Parallelmove.StateToMove +R22957 Coq.Lists.List "x ++ y" list_scope +R22943 Parallelmove.StateBeing +R22960 Parallelmove.StateDone +R23002 Coq.Init.Logic "A \/ B" type_scope +R22983 Coq.Lists.List.In +R22989 Allocproof_aux.temporaries2 +R23008 Coq.Lists.List.In +R23015 Parallelmove.getdst +R23038 Coq.Lists.List "x ++ y" list_scope +R23023 Parallelmove.StateToMove +R23056 Coq.Lists.List "x ++ y" list_scope +R23042 Parallelmove.StateBeing +R23059 Parallelmove.StateDone +R22789 Coq.Lists.List.In +R22828 Coq.Lists.List "x ++ y" list_scope +R22806 Parallelmove.StateToMove +R22819 Parallelmove.Pmov +R22853 Coq.Lists.List "x ++ y" list_scope +R22832 Parallelmove.StateBeing +R22844 Parallelmove.Pmov +R22856 Parallelmove.StateDone +R22867 Parallelmove.Pmov +R22794 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23111 Coq.Init.Wf.well_founded_ind +R23129 Coq.Arith.Wf_nat.well_founded_ltof +R23156 Parallelmove.mesure +R23111 Coq.Init.Wf.well_founded_ind +R23129 Coq.Arith.Wf_nat.well_founded_ltof +R23156 Parallelmove.mesure +R23227 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23227 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R23258 Parallelmove.Pmov_equation +R23258 Parallelmove.Pmov_equation +R23311 Alloctyping_aux.srcdst_tmp2_stepf +R23311 Alloctyping_aux.srcdst_tmp2_stepf +R23358 Parallelmove.stepf +R23412 Parallelmove.stepf1_dec +R23358 Parallelmove.stepf +R23412 Parallelmove.stepf1_dec +R23681 Alloctyping_aux.getsrc_f +R23681 Alloctyping_aux.getsrc_f +R23744 Alloctyping_aux.srcdst_tmp2_stepf +R23744 Alloctyping_aux.srcdst_tmp2_stepf +R23874 Alloctyping_aux.getdst_f +R23874 Alloctyping_aux.getdst_f +R23937 Alloctyping_aux.srcdst_tmp2_stepf +R23937 Alloctyping_aux.srcdst_tmp2_stepf +R23985 Alloctyping_aux.getsrc_f +R23985 Alloctyping_aux.getsrc_f +R24035 Alloctyping_aux.srcdst_tmp2_stepf +R24035 Alloctyping_aux.srcdst_tmp2_stepf +R24093 Alloctyping_aux.getdst_f +R24093 Alloctyping_aux.getdst_f +R24143 Alloctyping_aux.srcdst_tmp2_stepf +R24143 Alloctyping_aux.srcdst_tmp2_stepf +R24207 Parallelmove.stepf +R24261 Parallelmove.stepf1_dec +R24207 Parallelmove.stepf +R24261 Parallelmove.stepf1_dec +R24530 Alloctyping_aux.getsrc_f +R24530 Alloctyping_aux.getsrc_f +R24593 Alloctyping_aux.srcdst_tmp2_stepf +R24593 Alloctyping_aux.srcdst_tmp2_stepf +R24723 Alloctyping_aux.getdst_f +R24723 Alloctyping_aux.getdst_f +R24786 Alloctyping_aux.srcdst_tmp2_stepf +R24786 Alloctyping_aux.srcdst_tmp2_stepf +R24834 Alloctyping_aux.getsrc_f +R24834 Alloctyping_aux.getsrc_f +R24884 Alloctyping_aux.srcdst_tmp2_stepf +R24884 Alloctyping_aux.srcdst_tmp2_stepf +R24942 Alloctyping_aux.getdst_f +R24942 Alloctyping_aux.getdst_f +R24992 Alloctyping_aux.srcdst_tmp2_stepf +R24992 Alloctyping_aux.srcdst_tmp2_stepf +R25215 LTLtyping.wt_block +R25234 Coq.Lists.List.fold_left +R25304 Allocation.add_move +R25323 Coq.Init.Datatypes.snd +R25314 Coq.Init.Datatypes.fst +R25294 Coq.Init.Datatypes "x * y" type_scope +R25290 Locations.loc +R25296 Locations.loc +R25260 LTL.block +R25196 LTLtyping.wt_block +R25182 Parallelmove.getdst +R25153 Parallelmove.getsrc +R25104 Coq.Init.Logic "x = y" type_scope +R25075 Coq.Lists.List.map +R25094 Parallelmove.getsrc +R25084 Locations.type +R25106 Coq.Lists.List.map +R25125 Parallelmove.getdst +R25115 Locations.type +R25941 Coq.Init.Logic "x = y" type_scope +R25918 Coq.Lists.List.In +R25921 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R25881 Coq.Init.Logic "x = y" type_scope +R25864 Coq.Lists.List.map +R25871 Parallelmove.getsrc +R25883 Coq.Lists.List.map +R25890 Parallelmove.getdst +R25849 Parallelmove.Reg +R26338 LTLtyping.wt_block +R26351 Allocproof_aux.p_move +R26320 LTLtyping.wt_block +R26307 Parallelmove.getdst +R26278 Parallelmove.getsrc +R26229 Coq.Init.Logic "x = y" type_scope +R26200 Coq.Lists.List.map +R26219 Parallelmove.getsrc +R26209 Locations.type +R26231 Coq.Lists.List.map +R26250 Parallelmove.getdst +R26240 Locations.type +R26415 Alloctyping_aux.wt_add_moves +R26415 Alloctyping_aux.wt_add_moves +R26443 Parallelmove.getsrc_map +R26463 Parallelmove.getdst_map +R26443 Parallelmove.getsrc_map +R26463 Parallelmove.getdst_map +R26483 Coqlib.list_map_compose +R26483 Coqlib.list_map_compose +R26509 Coqlib.list_map_compose +R26509 Coqlib.list_map_compose +R26533 Coqlib.list_map_exten +R26533 Coqlib.list_map_exten +R26561 Alloctyping_aux.move_types_res +R26576 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R26580 Coq.Lists.List.nil +R26585 Coq.Lists.List.nil +R26561 Alloctyping_aux.move_types_res +R26576 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R26580 Coq.Lists.List.nil +R26585 Coq.Lists.List.nil +R26677 Parallelmove.app_nil +R26677 Parallelmove.app_nil +R26692 Alloctyping_aux.map_f_getsrc_getdst +R26692 Alloctyping_aux.map_f_getsrc_getdst +R26766 Alloctyping_aux.getsrc_f +R26766 Alloctyping_aux.getsrc_f +R26813 Alloctyping_aux.src_tmp2_res +R26826 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R26830 Coq.Lists.List.nil +R26835 Coq.Lists.List.nil +R26813 Alloctyping_aux.src_tmp2_res +R26826 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R26830 Coq.Lists.List.nil +R26835 Coq.Lists.List.nil +R26862 Parallelmove.app_nil +R26862 Parallelmove.app_nil +R26996 Alloctyping_aux.getdst_f +R26996 Alloctyping_aux.getdst_f +R27043 Alloctyping_aux.src_tmp2_res +R27056 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R27060 Coq.Lists.List.nil +R27065 Coq.Lists.List.nil +R27043 Alloctyping_aux.src_tmp2_res +R27056 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R27060 Coq.Lists.List.nil +R27065 Coq.Lists.List.nil +R27092 Parallelmove.app_nil +R27092 Parallelmove.app_nil +R27378 LTLtyping.wt_block +R27391 Allocation.parallel_move +R27360 LTLtyping.wt_block +R27287 Coq.Init.Logic "x = y" type_scope +R27264 Coq.Lists.List.map +R27273 Locations.type +R27289 Coq.Lists.List.map +R27298 Locations.type +R27497 Alloctyping_aux.wt_parallel_move' +R27516 Parallelmove.listsLoc2Moves +R27497 Alloctyping_aux.wt_parallel_move' +R27516 Parallelmove.listsLoc2Moves +R27609 Allocproof_aux.getdst_lists2moves +R27609 Allocproof_aux.getdst_lists2moves +R27767 Coqlib.list_length_map +R27783 Locations.type +R27767 Coqlib.list_length_map +R27783 Locations.type +R27767 Coqlib.list_length_map +R27783 Locations.type +R27767 Coqlib.list_length_map +R27783 Locations.type +R27817 Allocproof_aux.getdst_lists2moves +R27817 Allocproof_aux.getdst_lists2moves +R27961 Coqlib.list_length_map +R27977 Locations.type +R27961 Coqlib.list_length_map +R27977 Locations.type +R27961 Coqlib.list_length_map +R27977 Locations.type +R27961 Coqlib.list_length_map +R27977 Locations.type +R28011 Allocproof_aux.getdst_lists2moves +R28011 Allocproof_aux.getdst_lists2moves +R28155 Coqlib.list_length_map +R28171 Locations.type +R28155 Coqlib.list_length_map +R28171 Locations.type +R28155 Coqlib.list_length_map +R28171 Locations.type +R28155 Coqlib.list_length_map +R28171 Locations.type +FAlloctyping +R475 RTL.function +R503 RTLtyping.regenv +R526 Maps.t +R533 Registers.t +R566 Locations.loc +R559 Registers.reg +R584 LTL.function +R640 Coq.Init.Logic "x = y" type_scope +R620 RTLtyping.type_rtl_function +R642 Coq.Init.Datatypes.Some +R705 Coq.Init.Logic "x = y" type_scope +R670 Coloring.regalloc +R687 Allocproof.live0 +R707 Coq.Init.Datatypes.Some +R756 Coq.Init.Logic "x = y" type_scope +R738 Allocation.transf_function +R758 Coq.Init.Datatypes.Some +R791 RTLtyping.wt_function +R835 RTLtyping.type_rtl_function_correct +R835 RTLtyping.type_rtl_function_correct +R921 Coq.Init.Logic "x = y" type_scope +R902 Locations.type +R953 Coloringproof.regalloc_preserves_types +R953 Coloringproof.regalloc_preserves_types +R1062 Coq.Init.Logic "x = y" type_scope +R1024 Coq.Lists.List.map +R1043 Coq.Lists.List.map +R1033 Locations.type +R1064 Coq.Lists.List.map +R1106 Coqlib.list_map_compose +R1106 Coqlib.list_map_compose +R1130 Coqlib.list_map_exten +R1130 Coqlib.list_map_exten +R1172 Alloctyping.alloc_type +R1172 Alloctyping.alloc_type +R1248 Locations.R +R1255 Coq.Init.Logic.True +R1262 Locations.S +R1269 LTLtyping.slot_bounded +R1218 Locations.loc +R1356 Locations.R +R1363 Coq.Init.Logic.True +R1372 Locations.S +R1375 Locations.Incoming +R1392 Coq.Init.Logic.False +R1402 Locations.S +R1409 LTLtyping.slot_bounded +R1321 Locations.loc +R1505 Alloctyping.loc_read_ok +R1494 Coq.Lists.List.In +R1462 Coq.Lists.List.list +R1467 Locations.loc +R1594 Alloctyping.loc_write_ok +R1583 Coq.Lists.List.In +R1551 Coq.Lists.List.list +R1556 Locations.loc +R1670 Alloctyping.loc_read_ok +R1652 Alloctyping.loc_write_ok +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R1758 Alloctyping.loc_write_ok_read_ok +R1853 Alloctyping.locs_read_ok +R1833 Alloctyping.locs_write_ok +R1952 Alloctyping.locs_write_ok_read_ok +R2019 Alloctyping.loc_write_ok +R2072 Coloringproof.regalloc_acceptable +R2072 Coloringproof.regalloc_acceptable +R2213 Alloctyping.alloc_write_ok +R2275 Alloctyping.locs_write_ok +R2290 Coq.Lists.List.map +R2354 Coqlib.list_in_map_inv +R2354 Coqlib.list_in_map_inv +R2448 Alloctyping.allocs_write_ok +R2623 LTLtyping.wt_block +R2636 Allocation.add_reload +R2604 LTLtyping.wt_block +R2583 Coq.Init.Logic "x = y" type_scope +R2570 Locations.type +R2585 Locations.mreg_type +R2549 Alloctyping.loc_read_ok +R2718 Locations.mreg_eq +R2718 Locations.mreg_eq +R2753 LTLtyping.wt_Bopmove +R2753 LTLtyping.wt_Bopmove +R2789 LTLtyping.wt_Bgetstack +R2789 LTLtyping.wt_Bgetstack +R2951 LTLtyping.wt_block +R2964 Allocation.add_spill +R2932 LTLtyping.wt_block +R2912 Coq.Init.Logic "x = y" type_scope +R2898 Locations.mreg_type +R2914 Locations.type +R2876 Alloctyping.loc_write_ok +R3044 Locations.mreg_eq +R3044 Locations.mreg_eq +R3082 LTLtyping.wt_Bopmove +R3082 LTLtyping.wt_Bopmove +R3118 LTLtyping.wt_Bsetstack +R3118 LTLtyping.wt_Bsetstack +R3403 LTLtyping.wt_block +R3416 Allocation.add_reloads +R3384 LTLtyping.wt_block +R3353 Coq.Init.Logic "x = y" type_scope +R3330 Coq.Lists.List.map +R3339 Locations.type +R3355 Coq.Lists.List.map +R3364 Locations.mreg_type +R3307 Alloctyping.locs_read_ok +R3593 Alloctyping.wt_add_reload +R3593 Alloctyping.wt_add_reload +R3623 Coq.Lists.List.in_eq +R3623 Coq.Lists.List.in_eq +R3687 Coq.Lists.List.in_cons +R3687 Coq.Lists.List.in_cons +R3780 Coq.Init.Logic "x = y" type_scope +R3758 Locations.mreg_type +R3769 Allocation.reg_for +R3782 Locations.type +R3844 Locations.slot_type +R3844 Locations.slot_type +R3889 Alloctyping.wt_reg_for +R4214 Coq.Init.Logic "x = y" type_scope +R4163 Coq.Lists.List.map +R4183 Allocation.regs_for_rec +R4172 Locations.mreg_type +R4216 Coq.Lists.List.map +R4225 Locations.type +R4148 Coq.Init.Logic "x = y" type_scope +R4136 Locations.mreg_type +R4150 AST.Tfloat +R4122 Coq.Lists.List.In +R4098 Coq.Init.Logic "x = y" type_scope +R4086 Locations.mreg_type +R4100 AST.Tint +R4072 Coq.Lists.List.In +R4030 Coq.Init.Peano "x <= y" nat_scope +R4013 Coq.Lists.List.length +R4033 Coq.Lists.List.length +R3981 Coq.Init.Peano "x <= y" nat_scope +R3964 Coq.Lists.List.length +R3984 Coq.Lists.List.length +R4405 Coq.Init.Logic.f_equal2 +R4416 Coq.Lists.List.cons +R4421 AST.typ +R4405 Coq.Init.Logic.f_equal2 +R4416 Coq.Lists.List.cons +R4421 AST.typ +R4469 Locations.slot_type +R4469 Locations.slot_type +R4501 Coq.Lists.List.in_eq +R4501 Coq.Lists.List.in_eq +R4524 Coq.Lists.List.in_eq +R4524 Coq.Lists.List.in_eq +R4588 Coq.Lists.List.in_cons +R4588 Coq.Lists.List.in_cons +R4629 Coq.Lists.List.in_cons +R4629 Coq.Lists.List.in_cons +R4754 Coq.Init.Logic "x = y" type_scope +R4719 Coq.Lists.List.map +R4739 Allocation.regs_for +R4728 Locations.mreg_type +R4756 Coq.Lists.List.map +R4765 Locations.type +R4704 Coq.Init.Peano "x <= y" nat_scope +R4687 Coq.Lists.List.length +R4820 Alloctyping.wt_regs_for_rec +R4820 Alloctyping.wt_regs_for_rec +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R4984 Alloctyping.wt_regs_for +R5141 LTLtyping.wt_block +R5154 Allocation.add_move +R5122 LTLtyping.wt_block +R5102 Coq.Init.Logic "x = y" type_scope +R5089 Locations.type +R5104 Locations.type +R5067 Alloctyping.loc_write_ok +R5048 Alloctyping.loc_read_ok +R5218 Locations.eq +R5218 Locations.eq +R5272 Alloctyping.wt_add_spill +R5272 Alloctyping.wt_add_spill +R5315 Alloctyping.wt_add_reload +R5315 Alloctyping.wt_add_reload +R5356 Locations.slot_type +R5373 AST.Tint +R5381 Locations.IT1 +R5387 AST.Tfloat +R5397 Locations.FT1 +R5356 Locations.slot_type +R5373 AST.Tint +R5381 Locations.IT1 +R5387 AST.Tfloat +R5397 Locations.FT1 +R5415 Alloctyping.wt_add_reload +R5415 Alloctyping.wt_add_reload +R5464 Locations.slot_type +R5464 Locations.slot_type +R5499 Alloctyping.wt_add_spill +R5499 Alloctyping.wt_add_spill +R5574 Locations.slot_type +R5574 Locations.slot_type +R5777 LTLtyping.wt_block +R5790 Allocation.parallel_move +R5759 LTLtyping.wt_block +R5737 Alloctyping.locs_write_ok +R5715 Alloctyping.locs_read_ok +R5686 Coq.Init.Logic "x = y" type_scope +R5663 Coq.Lists.List.map +R5672 Locations.type +R5688 Coq.Lists.List.map +R5697 Locations.type +R5871 Alloctyping_aux.wt_parallel_moveX +R5871 Alloctyping_aux.wt_parallel_moveX +R5911 Alloctyping.wt_add_move +R5911 Alloctyping.wt_add_move +R6049 LTLtyping.wt_block +R6062 Allocation.add_op +R6080 Coq.Lists.List "x :: y" list_scope +R6083 Coq.Lists.List.nil +R6069 Op.Omove +R6027 Alloctyping.loc_write_ok +R6008 Alloctyping.loc_read_ok +R5988 Coq.Init.Logic "x = y" type_scope +R5975 Locations.type +R5990 Locations.type +R6144 Alloctyping.wt_add_move +R6144 Alloctyping.wt_add_move +R6258 LTLtyping.wt_block +R6271 Allocation.add_op +R6285 Coq.Lists.List.nil +R6278 Op.Oundef +R6236 Alloctyping.loc_write_ok +R6345 LTLtyping.wt_Bopundef +R6345 LTLtyping.wt_Bopundef +R6364 Alloctyping.wt_add_spill +R6364 Alloctyping.wt_add_spill +R6620 LTLtyping.wt_block +R6633 Allocation.add_op +R6598 Alloctyping.loc_write_ok +R6575 Alloctyping.locs_read_ok +R6547 Coq.Init.Logic "x = y" type_scope +R6508 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R6509 Coq.Lists.List.map +R6518 Locations.type +R6533 Locations.type +R6549 Op.type_of_operation +R6493 Coq.Init.Logic "x <> y" type_scope +R6496 Op.Oundef +R6478 Coq.Init.Logic "x <> y" type_scope +R6481 Op.Omove +R6699 Op.is_move_operation +R6699 Op.is_move_operation +R6749 Op.is_move_operation_correct +R6749 Op.is_move_operation_correct +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R6830 Coq.Init.Peano "x <= y" nat_scope +R6813 Coq.Lists.List.length +R6830 Coq.Init.Peano "x <= y" nat_scope +R6813 Coq.Lists.List.length +R6855 Coq.Lists.List.length +R6874 Coq.Lists.List.length +R6882 Coq.Init.Datatypes.fst +R6887 Op.type_of_operation +R6855 Coq.Lists.List.length +R6874 Coq.Lists.List.length +R6882 Coq.Init.Datatypes.fst +R6887 Op.type_of_operation +R6922 Allocproof.length_type_of_operation +R6922 Allocproof.length_type_of_operation +R6992 Coqlib.list_length_map +R6992 Coqlib.list_length_map +R7024 Alloctyping.wt_regs_for +R7024 Alloctyping.wt_regs_for +R7067 Alloctyping.wt_reg_for +R7067 Alloctyping.wt_reg_for +R7099 Alloctyping.wt_add_reloads +R7099 Alloctyping.wt_add_reloads +R7136 LTLtyping.wt_Bop +R7136 LTLtyping.wt_Bop +R7177 Alloctyping.wt_add_spill +R7177 Alloctyping.wt_add_spill +R7414 LTLtyping.wt_block +R7427 Allocation.add_load +R7392 Alloctyping.loc_write_ok +R7369 Alloctyping.locs_read_ok +R7342 Coq.Init.Logic "x = y" type_scope +R7329 Locations.type +R7344 Op.type_of_chunk +R7298 Coq.Init.Logic "x = y" type_scope +R7275 Coq.Lists.List.map +R7284 Locations.type +R7300 Op.type_of_addressing +R7522 Coq.Init.Peano "x <= y" nat_scope +R7505 Coq.Lists.List.length +R7522 Coq.Init.Peano "x <= y" nat_scope +R7505 Coq.Lists.List.length +R7547 Coq.Lists.List.length +R7566 Coq.Lists.List.length +R7574 Op.type_of_addressing +R7547 Coq.Lists.List.length +R7566 Coq.Lists.List.length +R7574 Op.type_of_addressing +R7611 Allocproof.length_type_of_addressing +R7611 Allocproof.length_type_of_addressing +R7673 Coqlib.list_length_map +R7673 Coqlib.list_length_map +R7718 Coq.Init.Peano "x <= y" nat_scope +R7701 Coq.Lists.List.length +R7718 Coq.Init.Peano "x <= y" nat_scope +R7701 Coq.Lists.List.length +R7751 Alloctyping.wt_regs_for +R7751 Alloctyping.wt_regs_for +R7794 Alloctyping.wt_reg_for +R7794 Alloctyping.wt_reg_for +R7826 Alloctyping.wt_add_reloads +R7826 Alloctyping.wt_add_reloads +R7863 LTLtyping.wt_Bload +R7863 LTLtyping.wt_Bload +R7906 Alloctyping.wt_add_spill +R7906 Alloctyping.wt_add_spill +R8143 LTLtyping.wt_block +R8156 Allocation.add_store +R8122 Alloctyping.loc_read_ok +R8099 Alloctyping.locs_read_ok +R8072 Coq.Init.Logic "x = y" type_scope +R8059 Locations.type +R8074 Op.type_of_chunk +R8028 Coq.Init.Logic "x = y" type_scope +R8005 Coq.Lists.List.map +R8014 Locations.type +R8030 Op.type_of_addressing +R8253 Coq.Init.Peano "x <= y" nat_scope +R8236 Coq.Lists.List.length +R8253 Coq.Init.Peano "x <= y" nat_scope +R8236 Coq.Lists.List.length +R8278 Coq.Lists.List.length +R8297 Coq.Lists.List.length +R8305 Op.type_of_addressing +R8278 Coq.Lists.List.length +R8297 Coq.Lists.List.length +R8305 Op.type_of_addressing +R8342 Allocproof.length_type_of_addressing +R8342 Allocproof.length_type_of_addressing +R8404 Coqlib.list_length_map +R8404 Coqlib.list_length_map +R8458 Coq.Init.Peano "x <= y" nat_scope +R8432 Coq.Lists.List.length +R8449 Coq.Lists.List "x :: y" list_scope +R8458 Coq.Init.Peano "x <= y" nat_scope +R8432 Coq.Lists.List.length +R8449 Coq.Lists.List "x :: y" list_scope +R8498 Alloctyping.wt_regs_for +R8515 Coq.Lists.List "x :: y" list_scope +R8498 Alloctyping.wt_regs_for +R8515 Coq.Lists.List "x :: y" list_scope +R8546 Allocation.regs_for +R8560 Coq.Lists.List "x :: y" list_scope +R8546 Allocation.regs_for +R8560 Coq.Lists.List "x :: y" list_scope +R8656 Alloctyping.wt_add_reloads +R8656 Alloctyping.wt_add_reloads +R8756 LTLtyping.wt_Bstore +R8756 LTLtyping.wt_Bstore +R9158 LTLtyping.wt_block +R9171 Allocation.add_call +R9136 Alloctyping.loc_write_ok +R9088 Coq.Init.Datatypes.inl +R9097 Alloctyping.loc_read_ok +R9113 Coq.Init.Datatypes.inr +R9122 Coq.Init.Logic.True +R9050 Alloctyping.locs_read_ok +R8985 Coq.Init.Logic "x = y" type_scope +R8972 Locations.type +R8998 AST.sig_res +R9012 Coq.Init.Datatypes.None +R9020 AST.Tint +R9027 Coq.Init.Datatypes.Some +R8950 Coq.Init.Logic "x = y" type_scope +R8927 Coq.Lists.List.map +R8936 Locations.type +R8957 AST.sig_args +R8875 Coq.Init.Datatypes.inl +R8895 Coq.Init.Logic "x = y" type_scope +R8884 Locations.type +R8897 AST.Tint +R8904 Coq.Init.Datatypes.inr +R8913 Coq.Init.Logic.True +R9229 Alloctyping.locs_write_ok +R9244 Conventions.loc_arguments +R9229 Alloctyping.locs_write_ok +R9244 Conventions.loc_arguments +R9294 Conventions.loc_arguments_acceptable +R9294 Conventions.loc_arguments_acceptable +R9451 Alloctyping.wt_add_reload +R9451 Alloctyping.wt_add_reload +R9500 Alloctyping.wt_parallel_move +R9500 Alloctyping.wt_parallel_move +R9526 Conventions.loc_arguments_type +R9526 Conventions.loc_arguments_type +R9575 LTLtyping.wt_Bcall +R9575 LTLtyping.wt_Bcall +R9607 Alloctyping.wt_add_spill +R9607 Alloctyping.wt_add_spill +R9638 Conventions.loc_result_type +R9638 Conventions.loc_result_type +R9682 Alloctyping.wt_parallel_move +R9682 Alloctyping.wt_parallel_move +R9708 Conventions.loc_arguments_type +R9708 Conventions.loc_arguments_type +R9757 LTLtyping.wt_Bcall +R9757 LTLtyping.wt_Bcall +R9781 Alloctyping.wt_add_spill +R9781 Alloctyping.wt_add_spill +R9812 Conventions.loc_result_type +R9812 Conventions.loc_result_type +R9982 LTLtyping.wt_block +R9995 Allocation.add_cond +R9959 Alloctyping.locs_read_ok +R9929 Coq.Init.Logic "x = y" type_scope +R9906 Coq.Lists.List.map +R9915 Locations.type +R9931 Op.type_of_condition +R10072 Coq.Init.Peano "x <= y" nat_scope +R10056 Coq.Lists.List.length +R10072 Coq.Init.Peano "x <= y" nat_scope +R10056 Coq.Lists.List.length +R10098 Coq.Lists.List.length +R10117 Coq.Lists.List.length +R10125 Op.type_of_condition +R10098 Coq.Lists.List.length +R10117 Coq.Lists.List.length +R10125 Op.type_of_condition +R10161 Allocproof.length_type_of_condition +R10161 Allocproof.length_type_of_condition +R10223 Coqlib.list_length_map +R10223 Coqlib.list_length_map +R10255 Alloctyping.wt_regs_for +R10255 Alloctyping.wt_regs_for +R10311 Alloctyping.wt_add_reloads +R10311 Alloctyping.wt_add_reloads +R10350 LTLtyping.wt_Bcond +R10350 LTLtyping.wt_Bcond +R10541 LTLtyping.wt_block +R10554 Allocation.add_return +R10489 Coq.Init.Datatypes.None +R10497 Coq.Init.Logic.True +R10504 Coq.Init.Datatypes.Some +R10516 Alloctyping.loc_read_ok +R10450 Coq.Init.Logic "x = y" type_scope +R10423 Coqlib.option_map +R10434 Locations.type +R10457 AST.sig_res +R10639 Alloctyping.wt_add_reload +R10639 Alloctyping.wt_add_reload +R10668 Conventions.loc_result_type +R10668 Conventions.loc_result_type +R10710 AST.sig_res +R10710 AST.sig_res +R10773 LTLtyping.wt_Bopundef +R10773 LTLtyping.wt_Bopundef +R10860 LTLtyping.wt_block +R10873 Allocation.add_undefs +R10843 LTLtyping.wt_block +R10965 LTLtyping.wt_Bopundef +R10965 LTLtyping.wt_Bopundef +R11126 LTLtyping.wt_block +R11139 Allocation.add_entry +R11150 RTL.fn_sig +R11100 Alloctyping.locs_write_ok +R11069 Coq.Init.Logic "x = y" type_scope +R11044 Coq.Lists.List.map +R11053 Locations.type +R11071 AST.sig_args +R11081 RTL.fn_sig +R11203 RTL.fn_sig +R11203 RTL.fn_sig +R11232 Coq.Init.Logic "x = y" type_scope +R11238 LTL.fn_sig +R11232 Coq.Init.Logic "x = y" type_scope +R11238 LTL.fn_sig +R11280 Allocproof.sig_function_translated +R11280 Allocproof.sig_function_translated +R11332 Alloctyping.locs_read_ok +R11346 Conventions.loc_parameters +R11332 Alloctyping.locs_read_ok +R11346 Conventions.loc_parameters +R11425 Coqlib.list_in_map_inv +R11425 Coqlib.list_in_map_inv +R11498 Conventions.loc_arguments_acceptable +R11498 Conventions.loc_arguments_acceptable +R11657 Conventions.loc_arguments_bounded +R11657 Conventions.loc_arguments_bounded +R11722 Alloctyping.wt_parallel_move +R11722 Alloctyping.wt_parallel_move +R11748 Conventions.loc_parameters_type +R11748 Conventions.loc_parameters_type +R11798 Alloctyping.wt_add_undefs +R11798 Alloctyping.wt_add_undefs +R11947 LTLtyping.wt_block +R11960 Allocation.transf_instr +R11911 RTLtyping.wt_instr +R12082 Registers.mem +R12099 Maps "a !! b" +R12082 Registers.mem +R12099 Maps "a !! b" +R12115 Alloctyping.wt_add_op_move +R12115 Alloctyping.wt_add_op_move +R12167 Alloctyping.alloc_type +R12167 Alloctyping.alloc_type +R12167 Alloctyping.alloc_type +R12167 Alloctyping.alloc_type +R12220 Registers.mem +R12237 Maps "a !! b" +R12220 Registers.mem +R12237 Maps "a !! b" +R12253 Alloctyping.wt_add_op_undef +R12253 Alloctyping.wt_add_op_undef +R12330 Registers.mem +R12349 Maps "a !! b" +R12330 Registers.mem +R12349 Maps "a !! b" +R12365 Alloctyping.wt_add_op_others +R12365 Alloctyping.wt_add_op_others +R12413 Alloctyping.alloc_types +R12413 Alloctyping.alloc_types +R12434 Alloctyping.alloc_type +R12434 Alloctyping.alloc_type +R12489 Registers.mem +R12508 Maps "a !! b" +R12489 Registers.mem +R12508 Maps "a !! b" +R12524 Alloctyping.wt_add_load +R12524 Alloctyping.wt_add_load +R12567 Alloctyping.alloc_types +R12567 Alloctyping.alloc_types +R12594 Alloctyping.alloc_type +R12594 Alloctyping.alloc_type +R12650 Alloctyping.wt_add_store +R12650 Alloctyping.wt_add_store +R12693 Alloctyping.alloc_types +R12693 Alloctyping.alloc_types +R12720 Alloctyping.alloc_type +R12720 Alloctyping.alloc_type +R12760 Alloctyping.wt_add_call +R12760 Alloctyping.wt_add_call +R12805 Alloctyping.alloc_type +R12805 Alloctyping.alloc_type +R12840 Alloctyping.alloc_types +R12840 Alloctyping.alloc_types +R12869 Alloctyping.alloc_type +R12869 Alloctyping.alloc_type +R12993 Alloctyping.wt_add_cond +R12993 Alloctyping.wt_add_cond +R13014 Alloctyping.alloc_types +R13014 Alloctyping.alloc_types +R13075 Alloctyping.wt_add_return +R13075 Alloctyping.wt_add_return +R13125 Alloctyping.alloc_type +R13125 Alloctyping.alloc_type +R13332 LTLtyping.wt_block +R13320 Coq.Init.Logic "x = y" type_scope +R13316 Maps "a ! b" +R13322 Coq.Init.Datatypes.Some +R13243 Maps.map +R13282 RTL.fn_code +R13254 Allocation.transf_instr +R13392 Maps.gmap +R13392 Maps.gmap +R13425 Maps "a ! b" +R13412 RTL.fn_code +R13425 Maps "a ! b" +R13412 RTL.fn_code +R13503 Alloctyping.wt_transf_instr +R13503 Alloctyping.wt_transf_instr +R13527 RTLtyping.wt_instrs +R13527 RTLtyping.wt_instrs +R13563 Alloctyping.wt_rtl_function +R13563 Alloctyping.wt_rtl_function +R13792 LTLtyping.wt_block +R13780 Coq.Init.Logic "x = y" type_scope +R13776 Maps "a ! b" +R13782 Coq.Init.Datatypes.Some +R13657 Allocation.transf_entrypoint +R13701 Maps.map +R13740 RTL.fn_code +R13712 Allocation.transf_instr +R13874 Maps.gsspec +R13874 Maps.gsspec +R13897 Coqlib.peq +R13905 RTL.fn_nextpc +R13897 Coqlib.peq +R13905 RTL.fn_nextpc +R13968 Alloctyping.wt_add_entry +R13968 Alloctyping.wt_add_entry +R13992 Alloctyping.alloc_types +R13992 Alloctyping.alloc_types +R14012 RTLtyping.wt_params +R14012 RTLtyping.wt_params +R14039 Alloctyping.wt_rtl_function +R14039 Alloctyping.wt_rtl_function +R14086 Alloctyping.wt_transf_instrs +R14086 Alloctyping.wt_transf_instrs +R14220 LTLtyping.wt_function +R14207 Coq.Init.Logic "x = y" type_scope +R14189 Allocation.transf_function +R14209 Coq.Init.Datatypes.Some +R14301 RTLtyping.type_rtl_function +R14301 RTLtyping.type_rtl_function +R14350 Allocation.analyze +R14350 Allocation.analyze +R14482 Allocproof.live0 +R14389 Allocation.transfer +R14447 Maps "a !! b" +R14450 RTL.fn_entrypoint +R14401 RTL.fn_entrypoint +R14482 Allocproof.live0 +R14389 Allocation.transfer +R14447 Maps "a !! b" +R14450 RTL.fn_entrypoint +R14401 RTL.fn_entrypoint +R14507 Coloring.regalloc +R14524 Allocproof.live0 +R14507 Coloring.regalloc +R14524 Allocproof.live0 +R14638 Alloctyping.wt_transf_entrypoint +R14638 Alloctyping.wt_transf_entrypoint +R14857 LTLtyping.wt_program +R14842 Coq.Init.Logic "x = y" type_scope +R14825 Allocation.transf_program +R14844 Coq.Init.Datatypes.Some +R14809 LTL.program +R14791 RTL.program +R14926 AST.transform_partial_program_function +R14961 Allocation.transf_function +R14926 AST.transform_partial_program_function +R14961 Allocation.transf_function +R15025 Alloctyping.wt_transf_function +R15025 Alloctyping.wt_transf_function +FTunneling +R287 Coq.Init.Datatypes.option +R294 LTL.node +R317 Coq.Init.Datatypes.Some +R323 LTL.Bgoto +R335 Coq.Init.Datatypes.Some +R349 Coq.Init.Datatypes.None +R271 Coq.Init.Datatypes.option +R278 LTL.block +R473 Coq.Init.Datatypes.option +R480 LTL.node +R424 Coq.Init.Datatypes.nat +R410 LTL.node +R391 LTL.function +R511 Coq.Init.Datatypes.O +R526 Coq.Init.Datatypes.None +R535 Coq.Init.Datatypes.S +R569 Tunneling.is_goto_block +R594 Maps "a ! b" +R586 LTL.fn_code +R611 Coq.Init.Datatypes.Some +R658 Coq.Init.Datatypes.None +R666 Coq.Init.Datatypes.Some +R424 Coq.Init.Datatypes.nat +R410 LTL.node +R391 LTL.function +R757 Tunneling.branch_target_rec +R796 Coq.Init.Datatypes.Some +R816 Coq.Init.Datatypes.None +R740 LTL.node +R721 LTL.function +R899 LTL.block +R879 LTL.block +R861 LTL.function +R927 LTL.Bgetstack +R952 LTL.Bgetstack +R989 LTL.Bsetstack +R1014 LTL.Bsetstack +R1051 LTL.Bop +R1078 LTL.Bop +R1117 LTL.Bload +R1154 LTL.Bload +R1203 LTL.Bstore +R1241 LTL.Bstore +R1291 LTL.Bcall +R1316 LTL.Bcall +R1353 LTL.Bgoto +R1370 LTL.Bgoto +R1377 Tunneling.branch_target +R1400 LTL.Bcond +R1431 LTL.Bcond +R1469 Tunneling.branch_target +R1448 Tunneling.branch_target +R1493 LTL.Breturn +R1510 LTL.Breturn +R879 LTL.block +R861 LTL.function +R1700 Coq.Init.Logic "A \/ B" type_scope +R1667 Coqlib.Plt +R1675 Coq.NArith.BinPos.Psucc +R1682 LTL.fn_entrypoint +R1709 Coq.Init.Logic "x = y" type_scope +R1705 Maps "a ! b" +R1711 Coq.Init.Datatypes.None +R1660 LTL.node +R1590 Maps.map +R1632 LTL.fn_code +R1613 Tunneling.tunnel_block +R1563 LTL.function +R1740 LTL.fn_code_wf +R1740 LTL.fn_code_wf +R1807 Maps.gmap +R1807 Maps.gmap +R1908 LTL.function +R1926 LTL.mkfunction +R2059 Tunneling.wf_tunneled_code +R2037 LTL.fn_entrypoint +R1978 Maps.map +R2020 LTL.fn_code +R2001 Tunneling.tunnel_block +R1957 LTL.fn_stacksize +R1942 LTL.fn_sig +R1892 LTL.function +R2126 LTL.program +R2143 AST.transform_program +R2161 Tunneling.tunnel_function +R2111 LTL.program +FTunnelingproof +R336 Coq.Init.Logic "x = y" type_scope +R338 Coq.Init.Datatypes.Some +R344 LTL.Bgoto +R322 Coq.Init.Logic "x = y" type_scope +R306 Tunneling.is_goto_block +R324 Coq.Init.Datatypes.Some +R554 Coq.Init.Logic "A \/ B" type_scope +R542 Coq.Init.Logic "x = y" type_scope +R517 Tunneling.branch_target_rec +R544 Coq.Init.Datatypes.Some +R591 Coq.Init.Logic "A \/ B" type_scope +R582 Coq.Init.Logic "x = y" type_scope +R557 Tunneling.branch_target_rec +R584 Coq.Init.Datatypes.None +R594 Coq.Init.Logic "'exists' x , p" type_scope +R621 Coq.Init.Logic "x = y" type_scope +R617 Maps "a ! b" +R609 LTL.fn_code +R623 Coq.Init.Datatypes.Some +R628 LTL.Bgoto +R707 Tunneling.is_goto_block +R732 Maps "a ! b" +R724 LTL.fn_code +R707 Tunneling.is_goto_block +R732 Maps "a ! b" +R724 LTL.fn_code +R779 Tunnelingproof.is_goto_block_correct +R779 Tunnelingproof.is_goto_block_correct +R991 Coq.Init.Logic "x = y" type_scope +R965 Tunneling.branch_target_rec +R993 Coq.Init.Datatypes.Some +R949 Coq.Init.Logic "x = y" type_scope +R923 Tunneling.branch_target_rec +R951 Coq.Init.Datatypes.Some +R899 Coq.Init.Logic "x = y" type_scope +R894 Maps "a ! b" +R886 LTL.fn_code +R901 Coq.Init.Datatypes.Some +R907 LTL.Bgoto +R1166 Tunneling.is_goto_block +R1191 Maps "a ! b" +R1183 LTL.fn_code +R1166 Tunneling.is_goto_block +R1191 Maps "a ! b" +R1183 LTL.fn_code +R1234 Tunnelingproof.is_goto_block_correct +R1234 Tunnelingproof.is_goto_block_correct +R1417 Coq.Init.Logic "A \/ B" type_scope +R1412 Coq.Init.Logic "x = y" type_scope +R1393 Tunneling.branch_target +R1423 Coq.Init.Logic "'exists' x , p" type_scope +R1480 Coq.Init.Logic "A /\ B" type_scope +R1450 Coq.Init.Logic "x = y" type_scope +R1446 Maps "a ! b" +R1438 LTL.fn_code +R1452 Coq.Init.Datatypes.Some +R1457 LTL.Bgoto +R1503 Coq.Init.Logic "x = y" type_scope +R1483 Tunneling.branch_target +R1505 Tunneling.branch_target +R1580 Tunnelingproof.branch_target_rec_1 +R1580 Tunnelingproof.branch_target_rec_1 +R1702 Tunneling.branch_target_rec +R1702 Tunneling.branch_target_rec +R1795 Tunnelingproof.branch_target_rec_2 +R1795 Tunnelingproof.branch_target_rec_2 +R1938 LTL.program +R1957 Tunneling.tunnel_program +R1985 Globalenvs.globalenv +R2014 Globalenvs.globalenv +R2135 Coq.Init.Logic "x = y" type_scope +R2113 Globalenvs.find_funct +R2137 Coq.Init.Datatypes.Some +R2143 Tunneling.tunnel_function +R2099 Coq.Init.Logic "x = y" type_scope +R2078 Globalenvs.find_funct +R2101 Coq.Init.Datatypes.Some +R2171 Globalenvs.find_funct_transf +R2198 Tunneling.tunnel_function +R2331 Coq.Init.Logic "x = y" type_scope +R2305 Globalenvs.find_funct_ptr +R2333 Coq.Init.Datatypes.Some +R2339 Tunneling.tunnel_function +R2291 Coq.Init.Logic "x = y" type_scope +R2266 Globalenvs.find_funct_ptr +R2293 Coq.Init.Datatypes.Some +R2367 Globalenvs.find_funct_ptr_transf +R2398 Tunneling.tunnel_function +R2483 Coq.Init.Logic "x = y" type_scope +R2459 Globalenvs.find_symbol +R2485 Globalenvs.find_symbol +R2517 Globalenvs.find_symbol_transf +R2545 Tunneling.tunnel_function +R2711 Coq.Init.Logic "A /\ B" type_scope +R2706 Coq.Init.Logic "x = y" type_scope +R2724 Coq.Init.Logic "A /\ B" type_scope +R2718 Coq.Init.Logic "x = y" type_scope +R2730 Coq.Init.Logic "x = y" type_scope +R2689 Coq.Init.Logic "x = y" type_scope +R2691 LTL.Bgoto +R2630 LTL.exec_instrs +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R3046 Coq.Init.Logic "A /\ B" type_scope +R3037 Coq.Init.Logic "x = y" type_scope +R3039 LTL.Cont +R3059 Coq.Init.Logic "A /\ B" type_scope +R3053 Coq.Init.Logic "x = y" type_scope +R3065 Coq.Init.Logic "x = y" type_scope +R2983 LTL.exec_block +R3001 LTL.Bgoto +R3115 Tunnelingproof.exec_instrs_Bgoto_inv +R3157 Coq.Init.Logic.refl_equal +R3115 Tunnelingproof.exec_instrs_Bgoto_inv +R3157 Coq.Init.Logic.refl_equal +R3115 Tunnelingproof.exec_instrs_Bgoto_inv +R3157 Coq.Init.Logic.refl_equal +R3115 Tunnelingproof.exec_instrs_Bgoto_inv +R3157 Coq.Init.Logic.refl_equal +R3115 Tunnelingproof.exec_instrs_Bgoto_inv +R3157 Coq.Init.Logic.refl_equal +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R3460 Coq.Init.Logic "A \/ B" type_scope +R3437 Coq.Init.Logic "A /\ B" type_scope +R3426 Coq.Init.Logic "x = y" type_scope +R3428 LTL.Cont +R3450 Coq.Init.Logic "A /\ B" type_scope +R3444 Coq.Init.Logic "x = y" type_scope +R3456 Coq.Init.Logic "x = y" type_scope +R3467 LTL.exec_blocks +R3399 Coq.Init.Logic "x = y" type_scope +R3394 Maps "a ! b" +R3401 Coq.Init.Datatypes.Some +R3407 LTL.Bgoto +R3346 LTL.exec_blocks +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R3565 Coq.Init.Logic "x = y" type_scope +R3567 LTL.Bgoto +R3565 Coq.Init.Logic "x = y" type_scope +R3567 LTL.Bgoto +R3613 Tunnelingproof.exec_block_Bgoto_inv +R3613 Tunnelingproof.exec_block_Bgoto_inv +R3721 LTL.exec_blocks_refl +R3721 LTL.exec_blocks_refl +R3802 Coq.Init.Logic "x = y" type_scope +R3802 Coq.Init.Logic "x = y" type_scope +R3906 LTL.exec_blocks_trans +R3906 LTL.exec_blocks_trans +R4032 LTL.Cont +R4043 LTL.Cont +R4049 Tunneling.branch_target +R4073 LTL.Return +R4083 LTL.Return +R3999 LTL.outcome +R3983 LTL.function +R4245 LTL.exec_instr +R4311 Tunneling.tunnel_block +R4264 Tunneling.tunnel_block +R4216 Mem.mem +R4203 LTL.locset +R4190 LTL.block +R4168 Mem.mem +R4155 LTL.locset +R4142 LTL.block +R4132 Values.val +R4487 LTL.exec_instrs +R4555 Tunneling.tunnel_block +R4507 Tunneling.tunnel_block +R4458 Mem.mem +R4445 LTL.locset +R4432 LTL.block +R4410 Mem.mem +R4397 LTL.locset +R4384 LTL.block +R4374 Values.val +R4733 LTL.exec_block +R4799 Tunnelingproof.tunnel_outcome +R4752 Tunneling.tunnel_block +R4704 Mem.mem +R4691 LTL.locset +R4676 LTL.outcome +R4653 Mem.mem +R4640 LTL.locset +R4627 LTL.block +R4617 Values.val +R4874 Maps.map +R4916 LTL.fn_code +R4897 Tunneling.tunnel_block +R4859 LTL.function +R5111 LTL.exec_blocks +R5205 Tunnelingproof.tunnel_outcome +R5163 Tunneling.branch_target +R5128 Tunnelingproof.tunneled_code +R5102 Coq.Init.Logic "x = y" type_scope +R5093 LTL.fn_code +R5061 Mem.mem +R5048 LTL.locset +R5033 LTL.outcome +R5017 Mem.mem +R5004 LTL.locset +R4992 LTL.node +R4977 Values.val +R4966 LTL.code +R5363 LTL.exec_function +R5382 Tunneling.tunnel_function +R5346 Mem.mem +R5333 LTL.locset +R5303 Mem.mem +R5290 LTL.locset +R5274 LTL.function +R5857 Tunnelingproof.exec_function_prop +R5819 LTL.exec_function +R5909 Tunnelingproof.exec_function_ind5 +R6052 Tunnelingproof.exec_function_prop +R6024 Tunnelingproof.exec_blocks_prop +R5997 Tunnelingproof.exec_block_prop +R5969 Tunnelingproof.exec_instrs_prop +R5942 Tunnelingproof.exec_instr_prop +R5909 Tunnelingproof.exec_function_ind5 +R6052 Tunnelingproof.exec_function_prop +R6024 Tunnelingproof.exec_blocks_prop +R5997 Tunnelingproof.exec_block_prop +R5969 Tunnelingproof.exec_instrs_prop +R5942 Tunnelingproof.exec_instr_prop +R6213 Op.eval_operation_preserved +R6213 Op.eval_operation_preserved +R6247 Tunnelingproof.symbols_preserved +R6247 Tunnelingproof.symbols_preserved +R6287 LTL.exec_Bload +R6287 LTL.exec_Bload +R6329 Op.eval_addressing_preserved +R6329 Op.eval_addressing_preserved +R6362 Tunnelingproof.symbols_preserved +R6362 Tunnelingproof.symbols_preserved +R6411 LTL.exec_Bstore +R6411 LTL.exec_Bstore +R6453 Op.eval_addressing_preserved +R6453 Op.eval_addressing_preserved +R6486 Tunnelingproof.symbols_preserved +R6486 Tunnelingproof.symbols_preserved +R6551 Tunneling.tunnel_function +R6534 LTL.exec_Bcall +R6551 Tunneling.tunnel_function +R6534 LTL.exec_Bcall +R6639 Tunnelingproof.functions_translated +R6639 Tunnelingproof.functions_translated +R6677 Tunnelingproof.symbols_preserved +R6677 Tunnelingproof.symbols_preserved +R6706 Globalenvs.find_symbol +R6706 Globalenvs.find_symbol +R6745 Tunnelingproof.function_ptr_translated +R6745 Tunnelingproof.function_ptr_translated +R6855 LTL.exec_refl +R6855 LTL.exec_refl +R6892 LTL.exec_one +R6892 LTL.exec_one +R6957 Tunneling.tunnel_block +R6940 LTL.exec_trans +R6957 Tunneling.tunnel_block +R6940 LTL.exec_trans +R7011 LTL.exec_Bgoto +R7011 LTL.exec_Bgoto +R7086 LTL.exec_Bcond_true +R7086 LTL.exec_Bcond_true +R7173 LTL.exec_Bcond_false +R7173 LTL.exec_Bcond_false +R7254 LTL.exec_Breturn +R7254 LTL.exec_Breturn +R7330 LTL.exec_blocks_refl +R7330 LTL.exec_blocks_refl +R7388 Tunnelingproof.branch_target_characterization +R7388 Tunnelingproof.branch_target_characterization +R7475 Tunneling.tunnel_block +R7453 LTL.exec_blocks_one +R7475 Tunneling.tunnel_block +R7453 LTL.exec_blocks_one +R7526 Maps.gmap +R7526 Maps.gmap +R7626 Coq.Init.Logic "x = y" type_scope +R7628 LTL.Bgoto +R7626 Coq.Init.Logic "x = y" type_scope +R7628 LTL.Bgoto +R7675 Tunnelingproof.exec_block_Bgoto_inv +R7675 Tunnelingproof.exec_block_Bgoto_inv +R7795 LTL.exec_blocks_refl +R7795 LTL.exec_blocks_refl +R7866 Tunneling.branch_target +R7842 LTL.exec_blocks_trans +R7866 Tunneling.branch_target +R7842 LTL.exec_blocks_trans +R8021 Tunnelingproof.tunneled_code +R7986 LTL.fn_code +R7995 Tunneling.tunnel_function +R8021 Tunnelingproof.tunneled_code +R7986 LTL.fn_code +R7995 Tunneling.tunnel_function +R8056 Tunnelingproof.branch_target_characterization +R8090 LTL.fn_entrypoint +R8056 Tunnelingproof.branch_target_characterization +R8090 LTL.fn_entrypoint +R8149 Coq.Init.Logic.refl_equal +R8149 Coq.Init.Logic.refl_equal +R8228 Tunneling.branch_target +R8245 LTL.fn_entrypoint +R8264 LTL.call_regs +R8198 LTL.exec_blocks_trans +R8228 Tunneling.branch_target +R8245 LTL.fn_entrypoint +R8264 LTL.call_regs +R8198 LTL.exec_blocks_trans +R8291 LTL.exec_blocks_one +R8291 LTL.exec_blocks_one +R8341 Maps.gmap +R8341 Maps.gmap +R8398 LTL.exec_Bgoto +R8398 LTL.exec_Bgoto +R8428 LTL.exec_refl +R8428 LTL.exec_refl +R8454 Coq.Init.Logic.refl_equal +R8454 Coq.Init.Logic.refl_equal +R8583 LTL.exec_program +R8597 Tunneling.tunnel_program +R8561 LTL.exec_program +R8553 Values.val +R8540 LTL.program +R8712 Tunneling.tunnel_function +R8712 Tunneling.tunnel_function +R8806 AST.prog_main +R8770 AST.prog_main +R8781 Tunneling.tunnel_program +R8806 AST.prog_main +R8770 AST.prog_main +R8781 Tunneling.tunnel_program +R8846 Tunnelingproof.symbols_preserved +R8846 Tunnelingproof.symbols_preserved +R8880 Tunnelingproof.function_ptr_translated +R8880 Tunnelingproof.function_ptr_translated +R8971 Tunnelingproof.tunnel_function_correct +R8971 Tunnelingproof.tunnel_function_correct +R9030 Globalenvs.init_mem_transf +R9030 Globalenvs.init_mem_transf +FTunnelingtyping +R343 LTLtyping.wt_block +R373 Tunneling.tunnel_block +R353 Tunneling.tunnel_function +R325 LTLtyping.wt_block +R503 LTLtyping.wt_function +R516 Tunneling.tunnel_function +R486 LTLtyping.wt_function +R598 Maps.gmap +R598 Maps.gmap +R649 Maps "a ! b" +R640 LTL.fn_code +R649 Maps "a ! b" +R640 LTL.fn_code +R715 Tunnelingtyping.wt_tunnel_block +R715 Tunnelingtyping.wt_tunnel_block +R847 LTLtyping.wt_program +R859 Tunneling.tunnel_program +R831 LTLtyping.wt_program +R815 LTL.program +R922 AST.transform_program_function +R949 Tunneling.tunnel_function +R922 AST.transform_program_function +R949 Tunneling.tunnel_function +R1020 Tunnelingtyping.wt_tunnel_function +R1020 Tunnelingtyping.wt_tunnel_function +FLinear +R332 Coq.NArith.BinPos.positive +R396 Locations.mreg +R388 Locations.slot +R439 Locations.slot +R431 Locations.mreg +R494 Locations.mreg +R481 Coq.Lists.List.list +R486 Locations.mreg +R468 Op.operation +R568 Locations.mreg +R555 Coq.Lists.List.list +R560 Locations.mreg +R541 Op.addressing +R525 AST.memory_chunk +R643 Locations.mreg +R630 Coq.Lists.List.list +R635 Locations.mreg +R616 Op.addressing +R600 AST.memory_chunk +R692 Coq.Init.Datatypes "x + y" type_scope +R687 Locations.mreg +R694 AST.ident +R674 AST.signature +R727 Linear.label +R759 Linear.label +R817 Linear.label +R804 Coq.Lists.List.list +R809 Locations.mreg +R791 Op.condition +R889 Coq.Lists.List.list +R894 Linear.instruction +R955 AST.signature +R982 Coq.ZArith.BinInt.Z +R996 Linear.code +R1027 AST.program +R1039 Linear.function +R1069 Globalenvs.t +R1076 Linear.function +R1107 Locations.t +R1203 Coq.Init.Datatypes.bool +R1234 Linear.Llabel +R1252 Coqlib.peq +R1280 Coq.Init.Datatypes.false +R1270 Coq.Init.Datatypes.true +R1295 Coq.Init.Datatypes.false +R1188 Linear.instruction +R1173 Linear.label +R1358 Linear.is_label +R1412 Coq.Init.Logic "x <> y" type_scope +R1415 Linear.Llabel +R1388 Coq.Init.Logic "x = y" type_scope +R1390 Linear.Llabel +R1494 Coqlib.peq +R1494 Coqlib.peq +R1587 Coq.Init.Datatypes.option +R1594 Linear.code +R1568 Linear.code +R1557 Linear.label +R1621 Coq.Lists.List.nil +R1628 Coq.Init.Datatypes.None +R1640 Coq.Lists.List "x :: y" list_scope +R1652 Linear.is_label +R1673 Coq.Init.Datatypes.Some +R1568 Linear.code +R1557 Linear.label +R1742 Linear.genv +R1809 Coq.Init.Datatypes.option +R1816 Linear.function +R1849 Coq.Init.Datatypes.inl +R1858 Globalenvs.find_funct +R1882 Locations.R +R1892 Coq.Init.Datatypes.inr +R1916 Globalenvs.find_symbol +R1954 Coq.Init.Datatypes.None +R1962 Coq.Init.Datatypes.None +R1975 Coq.Init.Datatypes.Some +R1985 Globalenvs.find_funct_ptr +R1799 Linear.locset +R1785 Coq.Init.Datatypes "x + y" type_scope +R1780 Locations.mreg +R1787 AST.ident +R2156 Mem.mem +R2146 Linear.locset +R2138 Linear.code +R2109 Mem.mem +R2099 Linear.locset +R2091 Linear.code +R2062 Values.val +R2050 Linear.function +R4380 Mem.mem +R4370 Linear.locset +R4362 Linear.code +R4337 Mem.mem +R4327 Linear.locset +R4319 Linear.code +R4294 Values.val +R4282 Linear.function +R4874 Mem.mem +R4864 Linear.locset +R4857 Mem.mem +R4847 Linear.locset +R4835 Linear.function +R2297 Locations.set +R2319 Locations.S +R2309 Locations.R +R2260 Coq.Lists.List "x :: y" list_scope +R2245 Linear.Lgetstack +R2457 Locations.set +R2480 Locations.R +R2469 Locations.S +R2421 Coq.Lists.List "x :: y" list_scope +R2406 Linear.Lsetstack +R2681 Locations.set +R2693 Locations.R +R2645 Coq.Lists.List "x :: y" list_scope +R2629 Linear.Lop +R2594 Coq.Init.Logic "x = y" type_scope +R2552 Op.eval_operation +R2577 LTL.reglist +R2596 Coq.Init.Datatypes.Some +R2956 Locations.set +R2968 Locations.R +R2920 Coq.Lists.List "x :: y" list_scope +R2894 Linear.Lload +R2859 Coq.Init.Logic "x = y" type_scope +R2843 Mem.loadv +R2861 Coq.Init.Datatypes.Some +R2825 Coq.Init.Logic "x = y" type_scope +R2780 Op.eval_addressing +R2808 LTL.reglist +R2827 Coq.Init.Datatypes.Some +R3213 Coq.Lists.List "x :: y" list_scope +R3186 Linear.Lstore +R3150 Coq.Init.Logic "x = y" type_scope +R3120 Mem.storev +R3142 Locations.R +R3152 Coq.Init.Datatypes.Some +R3102 Coq.Init.Logic "x = y" type_scope +R3057 Op.eval_addressing +R3085 LTL.reglist +R3104 Coq.Init.Datatypes.Some +R3492 LTL.return_regs +R3456 Coq.Lists.List "x :: y" list_scope +R3442 Linear.Lcall +R3364 Coq.Init.Logic "x = y" type_scope +R3370 Linear.fn_sig +R3341 Coq.Init.Logic "x = y" type_scope +R3320 Linear.find_function +R3343 Coq.Init.Datatypes.Some +R3596 Coq.Lists.List "x :: y" list_scope +R3585 Linear.Llabel +R3764 Coq.Lists.List "x :: y" list_scope +R3754 Linear.Lgoto +R3718 Coq.Init.Logic "x = y" type_scope +R3691 Linear.find_label +R3709 Linear.fn_code +R3720 Coq.Init.Datatypes.Some +R4017 Coq.Lists.List "x :: y" list_scope +R3997 Linear.Lcond +R3961 Coq.Init.Logic "x = y" type_scope +R3934 Linear.find_label +R3952 Linear.fn_code +R3963 Coq.Init.Datatypes.Some +R3913 Coq.Init.Logic "x = y" type_scope +R3875 Op.eval_condition +R3896 LTL.reglist +R3915 Coq.Init.Datatypes.Some +R3920 Coq.Init.Datatypes.true +R4223 Coq.Lists.List "x :: y" list_scope +R4203 Linear.Lcond +R4164 Coq.Init.Logic "x = y" type_scope +R4126 Op.eval_condition +R4147 LTL.reglist +R4166 Coq.Init.Datatypes.Some +R4171 Coq.Init.Datatypes.false +R5135 Mem.free +R5087 Coq.Lists.List "x :: y" list_scope +R5079 Linear.Lreturn +R5061 LTL.call_regs +R5051 Linear.fn_code +R5011 Values.Vptr +R5020 Integers.zero +R4975 Coq.Init.Logic "x = y" type_scope +R4948 Mem.alloc +R4961 Linear.fn_stacksize +R4977 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5480 Coq.Init.Logic "'exists' x , p" type_scope +R5490 Coq.Init.Logic "'exists' x , p" type_scope +R5500 Coq.Init.Logic "'exists' x , p" type_scope +R5511 Coq.Init.Logic "'exists' x , p" type_scope +R5566 Coq.Init.Logic "A /\ B" type_scope +R5557 Coq.Init.Logic "x = y" type_scope +R5523 Globalenvs.find_symbol +R5546 AST.prog_main +R5559 Coq.Init.Datatypes.Some +R5605 Coq.Init.Logic "A /\ B" type_scope +R5596 Coq.Init.Logic "x = y" type_scope +R5571 Globalenvs.find_funct_ptr +R5598 Coq.Init.Datatypes.Some +R5651 Coq.Init.Logic "A /\ B" type_scope +R5621 Coq.Init.Logic "x = y" type_scope +R5613 Linear.fn_sig +R5623 AST.mksignature +R5640 Coq.Init.Datatypes.Some +R5645 AST.Tint +R5635 Coq.Lists.List.nil +R5704 Coq.Init.Logic "A /\ B" type_scope +R5656 Linear.exec_function +R5676 Locations.init +R5688 Values.Vundef +R5752 Coq.Init.Logic "x = y" type_scope +R5713 Locations.R +R5716 Conventions.loc_result +R5742 Linear.fn_sig +R5459 Globalenvs.init_mem +R5427 Globalenvs.globalenv +R5400 Values.val +R5387 Linear.program +FLineartyping +R234 Coq.ZArith.BinInt.Z +R258 Coq.ZArith.BinInt.Z +R286 Coq.ZArith.BinInt.Z +R316 Coq.ZArith.BinInt.Z +R337 Coq.ZArith.BinInt.Z +R420 Linear.function +R475 Coq.Lists.List.list +R480 Locations.mreg +R507 Linear.Lgetstack +R526 Coq.Lists.List "x :: y" list_scope +R529 Coq.Lists.List.nil +R537 Linear.Lsetstack +R556 Coq.Lists.List "x :: y" list_scope +R559 Coq.Lists.List.nil +R567 Linear.Lop +R590 Coq.Lists.List "x :: y" list_scope +R602 Linear.Lload +R635 Coq.Lists.List "x :: y" list_scope +R647 Linear.Lstore +R681 Coq.Lists.List "x :: y" list_scope +R693 Linear.Lcall +R704 Coq.Init.Datatypes.inl +R718 Coq.Lists.List "x :: y" list_scope +R721 Coq.Lists.List.nil +R729 Linear.Lcall +R740 Coq.Init.Datatypes.inr +R750 Coq.Lists.List.nil +R758 Linear.Llabel +R772 Coq.Lists.List.nil +R780 Linear.Lgoto +R793 Coq.Lists.List.nil +R801 Linear.Lcond +R833 Linear.Lreturn +R844 Coq.Lists.List.nil +R460 Linear.instruction +R901 Coq.Lists.List.list +R906 Locations.slot +R933 Linear.Lgetstack +R952 Coq.Lists.List "x :: y" list_scope +R955 Coq.Lists.List.nil +R963 Linear.Lsetstack +R982 Coq.Lists.List "x :: y" list_scope +R985 Coq.Lists.List.nil +R998 Coq.Lists.List.nil +R886 Linear.instruction +R1073 Coq.ZArith.BinInt.Z +R1080 Coq.Lists.List.fold_left +R1107 Coq.ZArith.Zmin.Zmax +R1063 Coq.Lists.List.list +R1056 Coq.ZArith.BinInt.Z +R1184 Coq.ZArith.BinInt.Z +R1191 Lineartyping.max_over_list +R1225 Linear.fn_code +R1205 Linear.instruction +R1179 Coq.ZArith.BinInt.Z +R1164 Linear.instruction +R1307 Coq.ZArith.BinInt.Z +R1314 Lineartyping.max_over_list +R1339 Lineartyping.regs_of_instr +R1328 Locations.mreg +R1292 Linear.instruction +R1285 Coq.ZArith.BinInt.Z +R1277 Locations.mreg +R1430 Coq.ZArith.BinInt.Z +R1437 Lineartyping.max_over_list +R1462 Lineartyping.slots_of_instr +R1451 Locations.slot +R1415 Linear.instruction +R1408 Coq.ZArith.BinInt.Z +R1400 Locations.slot +R1536 Coq.ZArith.BinInt.Z +R1543 Lineartyping.max_over_instrs +R1560 Lineartyping.max_over_regs_of_instr +R1531 Coq.ZArith.BinInt.Z +R1523 Locations.mreg +R1646 Coq.ZArith.BinInt.Z +R1653 Lineartyping.max_over_instrs +R1670 Lineartyping.max_over_slots_of_instr +R1641 Coq.ZArith.BinInt.Z +R1633 Locations.slot +R1744 Coq.ZArith.BinInt "x + y" Z_scope +R1746 Conventions.index_int_callee_save +R1733 Locations.mreg +R1816 Coq.ZArith.BinInt "x + y" Z_scope +R1818 Conventions.index_float_callee_save +R1805 Locations.mreg +R1895 Locations.Local +R1905 AST.Tint +R1915 Coq.ZArith.BinInt "x + y" Z_scope +R1871 Locations.slot +R1987 Locations.Local +R1997 AST.Tfloat +R2009 Coq.ZArith.BinInt "x + y" Z_scope +R1963 Locations.slot +R2083 Locations.Outgoing +R2106 Coq.ZArith.BinInt "x + y" Z_scope +R2108 Locations.typesize +R2059 Locations.slot +R2196 Linear.Lcall +R2211 Conventions.size_arguments +R2165 Linear.instruction +R2277 Lineartyping.mkbounds +R2465 Coq.ZArith.Zmin.Zmax +R2483 Coq.ZArith.Zmin.Zmax +R2538 Lineartyping.max_over_slots_of_funct +R2562 Lineartyping.outgoing_slot +R2489 Lineartyping.max_over_instrs +R2505 Lineartyping.outgoing_space +R2418 Lineartyping.max_over_regs_of_funct +R2441 Lineartyping.float_callee_save +R2373 Lineartyping.max_over_regs_of_funct +R2396 Lineartyping.int_callee_save +R2331 Lineartyping.max_over_slots_of_funct +R2355 Lineartyping.float_local +R2291 Lineartyping.max_over_slots_of_funct +R2315 Lineartyping.int_local +R2677 Coq.ZArith.BinInt "x >= y" Z_scope +R2654 Lineartyping.max_over_list +R2643 Coq.Lists.List.list +R2636 Coq.ZArith.BinInt.Z +R2798 Coq.ZArith.BinInt "x >= y" Z_scope +R2755 Coq.Lists.List.fold_left +R2777 Coq.ZArith.Zmin.Zmax +R2798 Coq.ZArith.BinInt "x >= y" Z_scope +R2755 Coq.Lists.List.fold_left +R2777 Coq.ZArith.Zmin.Zmax +R2866 Coq.ZArith.Zmin.Zmax +R2850 Coq.ZArith.Zorder.Zge_trans +R2866 Coq.ZArith.Zmin.Zmax +R2850 Coq.ZArith.Zorder.Zge_trans +R2899 Coq.ZArith.Zorder.Zle_ge +R2899 Coq.ZArith.Zorder.Zle_ge +R2913 Coq.ZArith.Zmin.Zmax1 +R2913 Coq.ZArith.Zmin.Zmax1 +R3024 Coq.ZArith.BinInt "x >= y" Z_scope +R2995 Lineartyping.max_over_slots_of_funct +R2991 Coq.ZArith.BinInt.Z +R2983 Locations.slot +R3111 Lineartyping.max_over_list_pos +R3111 Lineartyping.max_over_list_pos +R3226 Coq.ZArith.BinInt "x >= y" Z_scope +R3198 Lineartyping.max_over_regs_of_funct +R3194 Coq.ZArith.BinInt.Z +R3186 Locations.mreg +R3312 Lineartyping.max_over_list_pos +R3312 Lineartyping.max_over_list_pos +R3398 Coq.ZArith.BinInt "x >= y" Z_scope +R3366 Lineartyping.bound_int_local +R3382 Lineartyping.function_bounds +R3426 Lineartyping.max_over_slots_of_funct_pos +R3426 Lineartyping.max_over_slots_of_funct_pos +R3526 Coq.ZArith.BinInt "x >= y" Z_scope +R3492 Lineartyping.bound_float_local +R3510 Lineartyping.function_bounds +R3554 Lineartyping.max_over_slots_of_funct_pos +R3554 Lineartyping.max_over_slots_of_funct_pos +R3662 Coq.ZArith.BinInt "x >= y" Z_scope +R3624 Lineartyping.bound_int_callee_save +R3646 Lineartyping.function_bounds +R3690 Lineartyping.max_over_regs_of_funct_pos +R3690 Lineartyping.max_over_regs_of_funct_pos +R3801 Coq.ZArith.BinInt "x >= y" Z_scope +R3761 Lineartyping.bound_float_callee_save +R3785 Lineartyping.function_bounds +R3829 Lineartyping.max_over_regs_of_funct_pos +R3829 Lineartyping.max_over_regs_of_funct_pos +R3922 Coq.ZArith.BinInt "x >= y" Z_scope +R3891 Lineartyping.bound_outgoing +R3906 Lineartyping.function_bounds +R3950 Coq.ZArith.Zorder.Zle_ge +R3950 Coq.ZArith.Zorder.Zle_ge +R3964 Coqlib.Zmax_bound_l +R3964 Coqlib.Zmax_bound_l +R4039 Linear.function +R4058 Lineartyping.function_bounds +R4127 Locations.mreg_type +R4148 AST.Tint +R4180 Coq.ZArith.BinInt "x < y" Z_scope +R4156 Conventions.index_int_callee_save +R4182 Lineartyping.bound_int_callee_save +R4210 AST.Tfloat +R4246 Coq.ZArith.BinInt "x < y" Z_scope +R4220 Conventions.index_float_callee_save +R4248 Lineartyping.bound_float_callee_save +R4110 Locations.mreg +R4338 Locations.Local +R4348 AST.Tint +R4358 Coq.ZArith.BinInt "x <= y < z" Z_scope +R4367 Lineartyping.bound_int_local +R4389 Locations.Local +R4399 AST.Tfloat +R4411 Coq.ZArith.BinInt "x <= y < z" Z_scope +R4420 Lineartyping.bound_float_local +R4444 Locations.Outgoing +R4472 Coq.Init.Logic "A /\ B" type_scope +R4465 Coq.ZArith.BinInt "x <= y" Z_scope +R4493 Coq.ZArith.BinInt "x <= y" Z_scope +R4479 Coq.ZArith.BinInt "x + y" Z_scope +R4481 Locations.typesize +R4496 Lineartyping.bound_outgoing +R4517 Locations.Incoming +R4545 Coq.Init.Logic "A /\ B" type_scope +R4538 Coq.ZArith.BinInt "x <= y" Z_scope +R4566 Coq.ZArith.BinInt "x <= y" Z_scope +R4552 Coq.ZArith.BinInt "x + y" Z_scope +R4554 Locations.typesize +R4569 Conventions.size_arguments +R4591 Linear.fn_sig +R4310 Locations.slot +R4628 Linear.instruction +R4780 Linear.Lgetstack +R4746 Lineartyping.mreg_bounded +R4728 Lineartyping.slot_bounded +R4705 Coq.Init.Logic "x = y" type_scope +R4693 Locations.slot_type +R4707 Locations.mreg_type +R4966 Linear.Lsetstack +R4932 Lineartyping.slot_bounded +R4909 Coq.Init.Logic "x = y" type_scope +R4897 Locations.slot_type +R4911 Locations.mreg_type +R4850 Locations.Incoming +R4866 Coq.Init.Logic.False +R4879 Coq.Init.Logic.True +R5092 Linear.Lop +R5106 Coq.Lists.List "x :: y" list_scope +R5109 Coq.Lists.List.nil +R5096 Op.Omove +R5058 Lineartyping.mreg_bounded +R5035 Coq.Init.Logic "x = y" type_scope +R5022 Locations.mreg_type +R5037 Locations.mreg_type +R5190 Linear.Lop +R5201 Coq.Lists.List.nil +R5194 Op.Oundef +R5156 Lineartyping.mreg_bounded +R5398 Linear.Lop +R5362 Lineartyping.mreg_bounded +R5330 Coq.Init.Logic "x = y" type_scope +R5289 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R5290 Coq.Lists.List.map +R5299 Locations.mreg_type +R5315 Locations.mreg_type +R5332 Op.type_of_operation +R5270 Coq.Init.Logic "x <> y" type_scope +R5273 Op.Oundef +R5255 Coq.Init.Logic "x <> y" type_scope +R5258 Op.Omove +R5609 Linear.Lload +R5573 Lineartyping.mreg_bounded +R5542 Coq.Init.Logic "x = y" type_scope +R5528 Locations.mreg_type +R5544 Op.type_of_chunk +R5493 Coq.Init.Logic "x = y" type_scope +R5469 Coq.Lists.List.map +R5478 Locations.mreg_type +R5495 Op.type_of_addressing +R5805 Linear.Lstore +R5764 Coq.Init.Logic "x = y" type_scope +R5750 Locations.mreg_type +R5766 Op.type_of_chunk +R5715 Coq.Init.Logic "x = y" type_scope +R5691 Coq.Lists.List.map +R5700 Locations.mreg_type +R5717 Op.type_of_addressing +R6001 Linear.Lcall +R5938 Coq.Init.Datatypes.inl +R5959 Coq.Init.Logic "x = y" type_scope +R5947 Locations.mreg_type +R5961 AST.Tint +R5973 Coq.Init.Logic.True +R5894 Coq.ZArith.BinInt "x <= y" Z_scope +R5875 Conventions.size_arguments +R5897 Lineartyping.bound_outgoing +R6065 Linear.Llabel +R6125 Linear.Lgoto +R6252 Linear.Lcond +R6208 Coq.Init.Logic "x = y" type_scope +R6184 Coq.Lists.List.map +R6193 Locations.mreg_type +R6210 Op.type_of_condition +R6306 Linear.Lreturn +R6419 Lineartyping.wt_instr +R6395 Coq.Lists.List.In +R6407 Linear.fn_code +R6359 Linear.function +R6525 Lineartyping.wt_function +R6497 Coq.Lists.List.In +R6508 AST.prog_funct +R6500 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R6464 Linear.program +FLinearize +R366 Coq.Init.Datatypes.bool +R347 Linear.code +R336 Linear.label +R405 Coq.Lists.List "x :: y" list_scope +R393 Linear.Llabel +R417 Coqlib.peq +R435 Coq.Init.Datatypes.true +R473 Coq.Init.Datatypes.false +R347 Linear.code +R336 Linear.label +R679 Linear.code +R660 Linear.code +R649 LTL.block +R706 LTL.Bgetstack +R745 Coq.Lists.List "x :: y" list_scope +R731 Linear.Lgetstack +R772 LTL.Bsetstack +R811 Coq.Lists.List "x :: y" list_scope +R797 Linear.Lsetstack +R838 LTL.Bop +R881 Coq.Lists.List "x :: y" list_scope +R865 Linear.Lop +R908 LTL.Bload +R971 Coq.Lists.List "x :: y" list_scope +R945 Linear.Lload +R998 LTL.Bstore +R1063 Coq.Lists.List "x :: y" list_scope +R1036 Linear.Lstore +R1090 LTL.Bcall +R1129 Coq.Lists.List "x :: y" list_scope +R1115 Linear.Lcall +R1156 LTL.Bgoto +R1181 Coq.Lists.List "x :: y" list_scope +R1173 Linear.Lgoto +R1190 LTL.Bcond +R1224 Linearize.starts_with +R1347 Coq.Lists.List "x :: y" list_scope +R1328 Linear.Lcond +R1359 Coq.Lists.List "x :: y" list_scope +R1350 Linear.Lgoto +R1292 Coq.Lists.List "x :: y" list_scope +R1254 Linear.Lcond +R1261 Op.negate_condition +R1304 Coq.Lists.List "x :: y" list_scope +R1295 Linear.Lgoto +R1368 LTL.Breturn +R1393 Coq.Lists.List "x :: y" list_scope +R1385 Linear.Lreturn +R660 Linear.code +R649 LTL.block +R1585 Linear.code +R1534 Coq.Lists.List.list +R1539 LTL.node +R1513 LTL.function +R1615 Coq.Lists.List.nil +R1622 Coq.Lists.List.nil +R1633 Coq.Lists.List "x :: y" list_scope +R1670 Maps "a ! b" +R1658 LTL.fn_code +R1687 Coq.Init.Datatypes.None +R1724 Coq.Init.Datatypes.Some +R1744 Coq.Lists.List "x :: y" list_scope +R1734 Linear.Llabel +R1747 Linearize.linearize_block +R1534 Coq.Lists.List.list +R1539 LTL.node +R1513 LTL.function +R1925 Coq.Init.Datatypes.option +R1933 Maps.t +R1940 Coq.Init.Datatypes.bool +R1951 Linearize.fixpoint +R2063 Coq.Lists.List "x :: y" list_scope +R2037 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R2041 LTL.fn_entrypoint +R2057 Coq.Init.Datatypes.true +R2066 Coq.Lists.List.nil +R1987 Coq.NArith.BinPos.Psucc +R1996 LTL.fn_entrypoint +R1968 LTL.successors +R1909 LTL.function +R2114 Maps.t +R2121 Coq.Init.Datatypes.bool +R2137 Linearize.reachable_aux +R2164 Coq.Init.Datatypes.None +R2172 Maps.init +R2182 Coq.Init.Datatypes.true +R2191 Coq.Init.Datatypes.Some +R2098 LTL.function +R2325 Coq.Lists.List.list +R2330 LTL.node +R2370 Coqlib.positive_rec +R2467 Coq.NArith.BinPos.Psucc +R2476 LTL.fn_entrypoint +R2428 Maps "a !! b" +R2441 Coq.Lists.List "x :: y" list_scope +R2395 Coq.Lists.List.nil +R2384 Coq.Lists.List.list +R2389 LTL.node +R2353 Linearize.reachable +R2309 LTL.function +R2544 Linear.function +R2565 Linear.mkfunction +R2625 Linearize.linearize_body +R2643 Linearize.enumerate +R2600 LTL.fn_stacksize +R2581 LTL.fn_sig +R2528 LTL.function +R2756 Linear.code +R2737 Linear.code +R2783 Coq.Lists.List.nil +R2790 Coq.Lists.List.nil +R2808 Coq.Lists.List "x :: y" list_scope +R2798 Linear.Lgoto +R2827 Linearize.starts_with +R2894 Coq.Lists.List "x :: y" list_scope +R2884 Linear.Lgoto +R2919 Coq.Lists.List "x :: y" list_scope +R2936 Coq.Lists.List "x :: y" list_scope +R2737 Linear.code +R3014 Linear.function +R3035 Linear.mkfunction +R3087 Linearize.cleanup_code +R3103 Linear.fn_code +R3066 Linear.fn_stacksize +R3051 Linear.fn_sig +R2995 Linear.function +R3547 Linear.function +R3568 Linearize.cleanup_function +R3586 Linearize.linearize_function +R3531 LTL.function +R3655 Linear.program +R3675 AST.transform_program +R3693 Linearize.transf_function +R3640 LTL.program +FLinearizeproof +R337 LTL.program +R363 Linearize.transf_program +R395 Globalenvs.globalenv +R427 Globalenvs.globalenv +R551 Coq.Init.Logic "x = y" type_scope +R529 Globalenvs.find_funct +R553 Coq.Init.Datatypes.Some +R559 Linearize.transf_function +R515 Coq.Init.Logic "x = y" type_scope +R494 Globalenvs.find_funct +R517 Coq.Init.Datatypes.Some +R587 Globalenvs.find_funct_transf +R614 Linearize.transf_function +R750 Coq.Init.Logic "x = y" type_scope +R724 Globalenvs.find_funct_ptr +R752 Coq.Init.Datatypes.Some +R758 Linearize.transf_function +R710 Coq.Init.Logic "x = y" type_scope +R685 Globalenvs.find_funct_ptr +R712 Coq.Init.Datatypes.Some +R786 Globalenvs.find_funct_ptr_transf +R817 Linearize.transf_function +R905 Coq.Init.Logic "x = y" type_scope +R881 Globalenvs.find_symbol +R907 Globalenvs.find_symbol +R939 Globalenvs.find_symbol_transf +R967 Linearize.transf_function +R1109 Coq.Init.Logic "x = y" type_scope +R1086 Maps "a !! b" +R1093 LTL.fn_entrypoint +R1075 Linearize.reachable +R1111 Coq.Init.Datatypes.true +R1162 Linearize.reachable_aux +R1162 Linearize.reachable_aux +R1230 Lattice.ge +R1269 Coq.Init.Datatypes.true +R1247 Maps "a !! b" +R1253 LTL.fn_entrypoint +R1230 Lattice.ge +R1269 Coq.Init.Datatypes.true +R1247 Maps "a !! b" +R1253 LTL.fn_entrypoint +R1285 Linearize.fixpoint_entry +R1285 Linearize.fixpoint_entry +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R1382 Maps.gi +R1382 Maps.gi +R1557 Coq.Init.Logic "x = y" type_scope +R1550 Maps "a !! b" +R1539 Linearize.reachable +R1559 Coq.Init.Datatypes.true +R1526 Coq.Init.Logic "x = y" type_scope +R1520 Maps "a !! b" +R1509 Linearize.reachable +R1528 Coq.Init.Datatypes.true +R1478 Coq.Lists.List.In +R1486 LTL.successors +R1465 Coq.Init.Logic "x <> y" type_scope +R1461 Maps "a ! b" +R1449 LTL.fn_code +R1468 Coq.Init.Datatypes.None +R1611 Linearize.reachable_aux +R1611 Linearize.reachable_aux +R1684 Lattice.ge +R1712 Maps "a !! b" +R1701 Maps "a !! b" +R1684 Lattice.ge +R1712 Maps "a !! b" +R1701 Maps "a !! b" +R1771 Maps "a !! b" +R1734 Maps "a !! b" +R1771 Maps "a !! b" +R1734 Maps "a !! b" +R1788 Linearize.fixpoint_solution +R1788 Linearize.fixpoint_solution +R1828 LTL.fn_code_wf +R1828 LTL.fn_code_wf +R1935 Maps.gi +R1935 Maps.gi +R2144 Coq.Init.Logic "x = y" type_scope +R2137 Maps "a !! b" +R2126 Linearize.reachable +R2146 Coq.Init.Datatypes.true +R2113 Coq.Init.Logic "x = y" type_scope +R2107 Maps "a !! b" +R2096 Linearize.reachable +R2115 Coq.Init.Datatypes.true +R2048 LTL.exec_block +R2073 LTL.Cont +R2034 Coq.Init.Logic "x = y" type_scope +R2030 Maps "a ! b" +R2018 LTL.fn_code +R2036 Coq.Init.Datatypes.Some +R2175 Linearizeproof.reachable_successors +R2175 Linearizeproof.reachable_successors +R2234 LTL.successors_correct +R2234 LTL.successors_correct +R2486 Coq.Init.Logic "x = y" type_scope +R2479 Maps "a !! b" +R2468 Linearize.reachable +R2488 Coq.Init.Datatypes.true +R2455 Coq.Init.Logic "x = y" type_scope +R2449 Maps "a !! b" +R2438 Linearize.reachable +R2457 Coq.Init.Datatypes.true +R2421 Coq.Init.Logic "x = y" type_scope +R2423 LTL.Cont +R2394 Coq.Init.Logic "x = y" type_scope +R2399 LTL.fn_code +R2330 LTL.exec_blocks +R2547 Linearizeproof.reachable_correct_1 +R2547 Linearizeproof.reachable_correct_1 +R2998 Coq.NArith.BinPos.Psucc +R2938 Coq.NArith.BinPos.positive +R3052 Coq.Init.Wf.well_founded_ind +R3069 Coqlib.Plt_wf +R3052 Coq.Init.Wf.well_founded_ind +R3069 Coqlib.Plt_wf +R3097 Coq.NArith.BinPos.Psucc_pred +R3097 Coq.NArith.BinPos.Psucc_pred +R3157 Coq.NArith.BinPos.Ppred +R3157 Coq.NArith.BinPos.Ppred +R3232 Coqlib.Plt_succ +R3232 Coqlib.Plt_succ +R3356 Coq.Lists.List.In +R3363 Linearize.enumerate +R3344 Coq.Init.Logic "x = y" type_scope +R3338 Maps "a !! b" +R3327 Linearize.reachable +R3346 Coq.Init.Datatypes.true +R3312 Coq.Init.Logic "x = y" type_scope +R3308 Maps "a ! b" +R3296 LTL.fn_code +R3314 Coq.Init.Datatypes.Some +R3490 Coq.Lists.List.In +R3496 Linearize.enumerate +R3476 Coq.Init.Logic "x = y" type_scope +R3471 Maps "a !! b" +R3460 Linearize.reachable +R3478 Coq.Init.Datatypes.true +R3420 Coqlib.Plt +R3427 Coq.NArith.BinPos.Psucc +R3436 LTL.fn_entrypoint +R3490 Coq.Lists.List.In +R3496 Linearize.enumerate +R3476 Coq.Init.Logic "x = y" type_scope +R3471 Maps "a !! b" +R3460 Linearize.reachable +R3478 Coq.Init.Datatypes.true +R3420 Coqlib.Plt +R3427 Coq.NArith.BinPos.Psucc +R3436 LTL.fn_entrypoint +R3540 Coq.NArith.BinPos.Psucc +R3547 LTL.fn_entrypoint +R3540 Coq.NArith.BinPos.Psucc +R3547 LTL.fn_entrypoint +R3574 Linearizeproof.positive_ind +R3574 Linearizeproof.positive_ind +R3659 Coqlib.positive_rec_succ +R3659 Coqlib.positive_rec_succ +R3684 Coqlib.Plt_succ_inv +R3684 Coqlib.Plt_succ_inv +R3732 Maps "a !! b" +R3721 Linearize.reachable +R3732 Maps "a !! b" +R3721 Linearize.reachable +R3744 Coq.Lists.List.in_cons +R3744 Coq.Lists.List.in_cons +R3794 Coq.Lists.List.in_eq +R3794 Coq.Lists.List.in_eq +R3810 LTL.fn_code_wf +R3810 LTL.fn_code_wf +R3898 Coq.Init.Logic "'exists' x , p" type_scope +R3920 Coq.Init.Logic "x = y" type_scope +R3908 Linearize.enumerate +R3944 Coq.Lists.List "x :: y" list_scope +R3925 LTL.fn_entrypoint +R3992 Coqlib.positive_rec_succ +R3992 Coqlib.positive_rec_succ +R4022 Linearizeproof.reachable_entrypoint +R4022 Linearizeproof.reachable_entrypoint +R4054 Coqlib.positive_rec +R4195 LTL.fn_entrypoint +R4152 Maps "a !! b" +R4141 Linearize.reachable +R4168 Coq.Lists.List "x :: y" list_scope +R4117 Coq.Lists.List.list +R4122 LTL.node +R4098 Coq.NArith.BinPos.positive +R4079 Coq.Lists.List.nil +R4068 Coq.Lists.List.list +R4073 LTL.node +R4054 Coqlib.positive_rec +R4195 LTL.fn_entrypoint +R4152 Maps "a !! b" +R4141 Linearize.reachable +R4168 Coq.Lists.List "x :: y" list_scope +R4117 Coq.Lists.List.list +R4122 LTL.node +R4098 Coq.NArith.BinPos.positive +R4079 Coq.Lists.List.nil +R4068 Coq.Lists.List.list +R4073 LTL.node +R4266 Coqlib.list_norepet +R4280 Linearize.enumerate +R4340 Coq.NArith.BinPos.Psucc +R4347 LTL.fn_entrypoint +R4340 Coq.NArith.BinPos.Psucc +R4347 LTL.fn_entrypoint +R4374 Linearizeproof.positive_ind +R4374 Linearizeproof.positive_ind +R4400 Coqlib.positive_rec_base +R4400 Coqlib.positive_rec_base +R4450 Coqlib.positive_rec_succ +R4450 Coqlib.positive_rec_succ +R4488 Maps "a !! b" +R4477 Linearize.reachable +R4488 Maps "a !! b" +R4477 Linearize.reachable +R4697 Coqlib.Plt +R4540 Coq.Lists.List.In +R4546 Coqlib.positive_rec +R4650 Maps "a !! b" +R4639 Linearize.reachable +R4666 Coq.Lists.List "x :: y" list_scope +R4615 Coq.Lists.List.list +R4620 LTL.node +R4596 Coq.NArith.BinPos.positive +R4576 Coq.Lists.List.nil +R4565 Coq.Lists.List.list +R4570 LTL.node +R4697 Coqlib.Plt +R4540 Coq.Lists.List.In +R4546 Coqlib.positive_rec +R4650 Maps "a !! b" +R4639 Linearize.reachable +R4666 Coq.Lists.List "x :: y" list_scope +R4615 Coq.Lists.List.list +R4620 LTL.node +R4596 Coq.NArith.BinPos.positive +R4576 Coq.Lists.List.nil +R4565 Coq.Lists.List.list +R4570 LTL.node +R4728 Linearizeproof.positive_ind +R4728 Linearizeproof.positive_ind +R4755 Coqlib.positive_rec_base +R4755 Coqlib.positive_rec_base +R4819 Coqlib.positive_rec_succ +R4819 Coqlib.positive_rec_succ +R4860 Maps "a !! b" +R4849 Linearize.reachable +R4860 Maps "a !! b" +R4849 Linearize.reachable +R4913 Coqlib.Plt_succ +R4913 Coqlib.Plt_succ +R4933 Coqlib.Plt_trans_succ +R4933 Coqlib.Plt_trans_succ +R4973 Coqlib.Plt_trans_succ +R4973 Coqlib.Plt_trans_succ +R5038 Coqlib.Plt_strict +R5038 Coqlib.Plt_strict +R6125 Linear.code +R6160 Coq.Lists.List.nil +R6167 Coq.Init.Logic.True +R6187 Coq.Lists.List "x :: y" list_scope +R6176 Linear.Llabel +R6216 Coq.Init.Logic "A /\ B" type_scope +R6195 Coq.Init.Logic "~ x" type_scope +R6197 Coq.Lists.List.In +R6201 Linear.Llabel +R6241 Coq.Lists.List "x :: y" list_scope +R6125 Linear.code +R6300 Linear.code +R6292 Linear.code +R6433 Coq.Lists.List "x :: y" list_scope +R6502 Coq.Lists.List.In +R6478 Linearizeproof.is_tail +R6489 Coq.Lists.List "x :: y" list_scope +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R6672 Linearizeproof.is_tail +R6648 Linearizeproof.is_tail +R6659 Coq.Lists.List "x :: y" list_scope +R6928 Coq.Init.Logic "x = y" type_scope +R6910 Coq.Init.Logic "x = y" type_scope +R6892 Linear.find_label +R6912 Coq.Init.Datatypes.Some +R6870 Linearizeproof.unique_labels +R6835 Linearizeproof.is_tail +R6855 Coq.Lists.List "x :: y" list_scope +R6844 Linear.Llabel +R7032 Linear.is_label_correct +R7032 Linear.is_label_correct +R7063 Linear.is_label +R7063 Linear.is_label +R7176 Linearizeproof.is_tail_in +R7176 Linearizeproof.is_tail_in +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R7460 Linear.exec_instrs +R7529 Linearize.cleanup_code +R7482 Linearize.cleanup_code +R7445 Coq.Init.Logic "x = y" type_scope +R7427 Linear.find_label +R7447 Coq.Init.Datatypes.Some +R7415 Coq.Init.Logic "x = y" type_scope +R7396 Linearize.starts_with +R7417 Coq.Init.Datatypes.true +R7374 Linearizeproof.unique_labels +R7355 Linearizeproof.is_tail +R7614 Linearize.starts_with +R7614 Linearize.starts_with +R7700 Linearize.cleanup_code +R7683 Linear.exec_trans +R7700 Linearize.cleanup_code +R7683 Linear.exec_trans +R7774 Coqlib.peq +R7774 Coqlib.peq +R7838 Linearizeproof.find_label_unique +R7838 Linearizeproof.find_label_unique +R7910 Linearizeproof.is_tail_cons_left +R7910 Linearizeproof.is_tail_cons_left +R8058 Coq.Init.Logic "x = y" type_scope +R8026 Linear.find_label +R8042 Linearize.cleanup_code +R8060 Coq.Init.Datatypes.Some +R8066 Linearize.cleanup_code +R8011 Coq.Init.Logic "x = y" type_scope +R7994 Linear.find_label +R8013 Coq.Init.Datatypes.Some +R8153 Linear.is_label_correct +R8153 Linear.is_label_correct +R8187 Linear.find_label +R8187 Linear.find_label +R8205 Linear.is_label +R8205 Linear.is_label +R8297 Coqlib.peq_true +R8297 Coqlib.peq_true +R8359 Coqlib.peq_false +R8359 Coqlib.peq_false +R8399 Linearize.starts_with +R8399 Linearize.starts_with +R8613 Linear.exec_instrs +R8726 Linearize.cleanup_code +R8678 Linearize.cleanup_code +R8630 Linearize.cleanup_function +R8582 Linearizeproof.unique_labels +R8599 Linear.fn_code +R8554 Linearizeproof.is_tail +R8568 Linear.fn_code +R8509 Linear.exec_instr +R8801 Linear.exec_one +R8801 Linear.exec_one +R8801 Linear.exec_one +R8801 Linear.exec_one +R8801 Linear.exec_one +R8801 Linear.exec_one +R8801 Linear.exec_one +R8801 Linear.exec_one +R8801 Linear.exec_one +R8801 Linear.exec_one +R8801 Linear.exec_one +R8862 Linearize.starts_with +R8862 Linearize.starts_with +R8901 Linearizeproof.starts_with_correct +R8901 Linearizeproof.starts_with_correct +R8938 Linearizeproof.is_tail_cons_left +R8938 Linearizeproof.is_tail_cons_left +R9036 Linearizeproof.find_label_cleanup_code +R9036 Linearizeproof.find_label_cleanup_code +R9108 Linear.exec_Lcond_true +R9108 Linear.exec_Lcond_true +R9174 Linearizeproof.find_label_cleanup_code +R9174 Linearizeproof.find_label_cleanup_code +R9250 Linear.exec_Lcond_false +R9250 Linear.exec_Lcond_false +R9360 Linearizeproof.is_tail +R9347 Coq.Init.Logic "x = y" type_scope +R9329 Linear.find_label +R9349 Coq.Init.Datatypes.Some +R9437 Linear.is_label +R9437 Linear.is_label +R9688 Linearizeproof.is_tail +R9702 Linear.fn_code +R9662 Linearizeproof.is_tail +R9676 Linear.fn_code +R9617 Linear.exec_instr +R9756 Linearizeproof.is_tail_cons_left +R9756 Linearizeproof.is_tail_cons_left +R9756 Linearizeproof.is_tail_cons_left +R9756 Linearizeproof.is_tail_cons_left +R9756 Linearizeproof.is_tail_cons_left +R9756 Linearizeproof.is_tail_cons_left +R9756 Linearizeproof.is_tail_cons_left +R9756 Linearizeproof.is_tail_cons_left +R9756 Linearizeproof.is_tail_cons_left +R9756 Linearizeproof.is_tail_cons_left +R9756 Linearizeproof.is_tail_cons_left +R9798 Linearizeproof.is_tail_find_label +R9798 Linearizeproof.is_tail_find_label +R9834 Linearizeproof.is_tail_find_label +R9834 Linearizeproof.is_tail_find_label +R10003 Linearizeproof.is_tail +R10017 Linear.fn_code +R9977 Linearizeproof.is_tail +R9991 Linear.fn_code +R9931 Linear.exec_instrs +R10074 Linearizeproof.is_tail_exec_instr +R10074 Linearizeproof.is_tail_exec_instr +R10287 Linear.exec_instrs +R10400 Linearize.cleanup_code +R10352 Linearize.cleanup_code +R10304 Linearize.cleanup_function +R10256 Linearizeproof.unique_labels +R10273 Linear.fn_code +R10228 Linearizeproof.is_tail +R10242 Linear.fn_code +R10182 Linear.exec_instrs +R10470 Linear.exec_refl +R10470 Linear.exec_refl +R10490 Linearizeproof.cleanup_code_correct_1 +R10490 Linearizeproof.cleanup_code_correct_1 +R10546 Linearize.cleanup_code +R10529 Linear.exec_trans +R10546 Linearize.cleanup_code +R10529 Linear.exec_trans +R10619 Linearizeproof.is_tail_exec_instrs +R10619 Linearizeproof.is_tail_exec_instrs +R10783 Linear.exec_function +R10802 Linearize.cleanup_function +R10752 Linearizeproof.unique_labels +R10769 Linear.fn_code +R10713 Linear.exec_function +R10881 Linearizeproof.cleanup_code_correct_2 +R10924 Linearizeproof.is_tail_refl +R10881 Linearizeproof.cleanup_code_correct_2 +R10924 Linearizeproof.is_tail_refl +R11130 Coq.Init.Logic "x = y" type_scope +R11093 Linear.find_label +R11109 Linearize.linearize_block +R11132 Linear.find_label +R11193 Linearize.starts_with +R11193 Linearize.starts_with +R11329 Coq.Init.Logic "'exists' x , p" type_scope +R11379 Coq.Init.Logic "x = y" type_scope +R11341 Linear.find_label +R11356 Linearize.linearize_body +R11381 Coq.Init.Datatypes.Some +R11387 Linearize.linearize_block +R11315 Coq.Init.Logic "x = y" type_scope +R11311 Maps "a ! b" +R11299 LTL.fn_code +R11317 Coq.Init.Datatypes.Some +R11280 Coq.Lists.List.In +R11460 Coqlib.peq +R11460 Coqlib.peq +R11497 Linearize.linearize_body +R11497 Linearize.linearize_body +R11557 Coqlib.peq_true +R11557 Coqlib.peq_true +R11583 Coq.Lists.List.In +R11583 Coq.Lists.List.In +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R11700 Maps "a ! b" +R11687 LTL.fn_code +R11700 Maps "a ! b" +R11687 LTL.fn_code +R11723 Coqlib.peq_false +R11723 Coqlib.peq_false +R11742 Linearizeproof.find_label_lin_block +R11742 Linearizeproof.find_label_lin_block +R11894 Coq.Init.Logic "'exists' x , p" type_scope +R11953 Coq.Init.Logic "x = y" type_scope +R11906 Linear.find_label +R11921 Linear.fn_code +R11930 Linearize.linearize_function +R11955 Coq.Init.Datatypes.Some +R11961 Linearize.linearize_block +R11882 Coq.Init.Logic "x = y" type_scope +R11876 Maps "a !! b" +R11865 Linearize.reachable +R11884 Coq.Init.Datatypes.true +R11850 Coq.Init.Logic "x = y" type_scope +R11846 Maps "a ! b" +R11834 LTL.fn_code +R11852 Coq.Init.Datatypes.Some +R12040 Linearizeproof.find_label_lin_rec +R12040 Linearizeproof.find_label_lin_rec +R12069 Linearizeproof.enumerate_complete +R12069 Linearizeproof.enumerate_complete +R12244 Coq.Lists.List.In +R12248 Linear.Llabel +R12203 Coq.Lists.List.In +R12220 Linearize.linearize_block +R12207 Linear.Llabel +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R12328 Linearize.starts_with +R12328 Linearize.starts_with +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R12471 Coq.Lists.List.In +R12428 Coq.Lists.List.In +R12445 Linearize.linearize_body +R12432 Linear.Llabel +R12556 Maps "a ! b" +R12543 LTL.fn_code +R12556 Maps "a ! b" +R12543 LTL.fn_code +R12634 Linearizeproof.label_in_lin_block +R12634 Linearizeproof.label_in_lin_block +R12755 Linearizeproof.unique_labels +R12770 Linearize.linearize_block +R12736 Linearizeproof.unique_labels +R12835 Linearize.starts_with +R12835 Linearize.starts_with +R12943 Linearizeproof.unique_labels +R12958 Linearize.linearize_body +R12920 Coqlib.list_norepet +R13061 Maps "a ! b" +R13048 LTL.fn_code +R13061 Maps "a ! b" +R13048 LTL.fn_code +R13125 Linearizeproof.label_in_lin_rec +R13125 Linearizeproof.label_in_lin_rec +R13159 Linearizeproof.label_in_lin_block +R13159 Linearizeproof.label_in_lin_block +R13200 Linearizeproof.unique_labels_lin_block +R13200 Linearizeproof.unique_labels_lin_block +R13347 Linearizeproof.unique_labels +R13362 Linear.fn_code +R13371 Linearize.linearize_function +R13454 Linearizeproof.unique_labels_lin_rec +R13454 Linearizeproof.unique_labels_lin_rec +R13483 Linearizeproof.enumerate_norepet +R13483 Linearizeproof.enumerate_norepet +R13636 LTL.Cont +R13676 Coq.Init.Logic "A /\ B" type_scope +R13669 Coq.Init.Logic "x = y" type_scope +R13664 Maps "a !! b" +R13653 Linearize.reachable +R13671 Coq.Init.Datatypes.true +R13679 Coq.Init.Logic "'exists' x , p" type_scope +R13707 Coq.Init.Logic "x = y" type_scope +R13704 Maps "a ! b" +R13692 LTL.fn_code +R13709 Coq.Init.Datatypes.Some +R13720 LTL.Return +R13730 Coq.Init.Logic.True +R13603 LTL.outcome +R13583 LTL.function +R13798 Linear.code +R13787 LTL.outcome +R13771 LTL.function +R13888 Coq.Lists.List "x :: y" list_scope +R13880 Linear.Lreturn +R13872 LTL.Return +R14017 LTL.Cont +R13979 Coq.Init.Logic "x = y" type_scope +R13933 Linear.find_label +R13970 Linear.fn_code +R13947 Linearize.linearize_function +R13981 Coq.Init.Datatypes.Some +R14179 Linear.exec_instr +R14285 Linearize.linearize_block +R14238 Linearize.linearize_block +R14195 Linearize.linearize_function +R14148 Mem.mem +R14135 Linear.locset +R14122 LTL.block +R14100 Mem.mem +R14087 Linear.locset +R14074 LTL.block +R14064 Values.val +R14466 Linear.exec_instrs +R14575 Linearize.linearize_block +R14527 Linearize.linearize_block +R14483 Linearize.linearize_function +R14435 Mem.mem +R14422 Linear.locset +R14409 LTL.block +R14387 Mem.mem +R14374 Linear.locset +R14361 LTL.block +R14351 Values.val +R14782 Coq.Init.Logic "'exists' x , p" type_scope +R14914 Coq.Init.Logic "A /\ B" type_scope +R14795 Linear.exec_instrs +R14856 Linearize.linearize_block +R14812 Linearize.linearize_function +R14917 Linearizeproof.cont_for_outcome +R14757 Linearizeproof.valid_outcome +R14727 Mem.mem +R14714 Linear.locset +R14699 LTL.outcome +R14675 Mem.mem +R14662 Linear.locset +R14649 LTL.block +R14640 Values.val +R15262 Coq.Init.Logic "'exists' x , p" type_scope +R15374 Coq.Init.Logic "A /\ B" type_scope +R15275 Linear.exec_instrs +R15292 Linearize.linearize_function +R15377 Linearizeproof.cont_for_outcome +R15237 Linearizeproof.valid_outcome +R15223 Coq.Init.Logic "x = y" type_scope +R15176 Linear.find_label +R15191 Linear.fn_code +R15200 Linearize.linearize_function +R15225 Coq.Init.Datatypes.Some +R15164 Coq.Init.Logic "x = y" type_scope +R15158 Maps "a !! b" +R15147 Linearize.reachable +R15166 Coq.Init.Datatypes.true +R15123 Coq.Init.Logic "x = y" type_scope +R15128 LTL.fn_code +R15091 Mem.mem +R15078 Linear.locset +R15063 LTL.outcome +R15029 Mem.mem +R15016 Linear.locset +R15004 LTL.node +R14994 Values.val +R14979 LTL.code +R15514 Linear.exec_function +R15533 Linearize.transf_function +R15498 Mem.mem +R15485 Linear.locset +R15474 Mem.mem +R15461 Linear.locset +R15441 LTL.function +R16119 Linearizeproof.valid_outcome +R16136 LTL.Cont +R16094 Linearizeproof.valid_outcome +R16082 Coq.Init.Logic "x = y" type_scope +R16076 Maps "a !! b" +R16065 Linearize.reachable +R16084 Coq.Init.Datatypes.true +R16041 Coq.Init.Logic "x = y" type_scope +R16046 LTL.fn_code +R15981 LTL.exec_blocks +R16313 Linearizeproof.reachable_correct_2 +R16313 Linearizeproof.reachable_correct_2 +R16477 Linearizeproof.exec_function_prop +R16435 LTL.exec_function +R16529 Linearizeproof.exec_function_ind5 +R16672 Linearizeproof.exec_function_prop +R16644 Linearizeproof.exec_blocks_prop +R16617 Linearizeproof.exec_block_prop +R16589 Linearizeproof.exec_instrs_prop +R16562 Linearizeproof.exec_instr_prop +R16529 Linearizeproof.exec_function_ind5 +R16672 Linearizeproof.exec_function_prop +R16644 Linearizeproof.exec_blocks_prop +R16617 Linearizeproof.exec_block_prop +R16589 Linearizeproof.exec_instrs_prop +R16562 Linearizeproof.exec_instr_prop +R16833 Op.eval_operation_preserved +R16833 Op.eval_operation_preserved +R16867 Linearizeproof.symbols_preserved +R16867 Linearizeproof.symbols_preserved +R16907 Linear.exec_Lload +R16907 Linear.exec_Lload +R16949 Op.eval_addressing_preserved +R16949 Op.eval_addressing_preserved +R16984 Linearizeproof.symbols_preserved +R16984 Linearizeproof.symbols_preserved +R17033 Linear.exec_Lstore +R17033 Linear.exec_Lstore +R17075 Op.eval_addressing_preserved +R17075 Op.eval_addressing_preserved +R17110 Linearizeproof.symbols_preserved +R17110 Linearizeproof.symbols_preserved +R17175 Linearize.transf_function +R17158 Linear.exec_Lcall +R17175 Linearize.transf_function +R17158 Linear.exec_Lcall +R17247 Linearizeproof.functions_translated +R17247 Linearizeproof.functions_translated +R17285 Linearizeproof.symbols_preserved +R17285 Linearizeproof.symbols_preserved +R17314 Globalenvs.find_symbol +R17314 Globalenvs.find_symbol +R17353 Linearizeproof.function_ptr_translated +R17353 Linearizeproof.function_ptr_translated +R17463 Linear.exec_refl +R17463 Linear.exec_refl +R17500 Linear.exec_one +R17500 Linear.exec_one +R17566 Linearize.linearize_block +R17549 Linear.exec_trans +R17566 Linearize.linearize_block +R17549 Linear.exec_trans +R17711 Linearizeproof.find_label_lin +R17711 Linearizeproof.find_label_lin +R17771 Linearize.linearize_block +R17771 Linearize.linearize_block +R17814 Linear.exec_trans +R17814 Linear.exec_trans +R17953 Linearizeproof.find_label_lin +R17953 Linearizeproof.find_label_lin +R18016 Linearize.linearize_block +R18016 Linearize.linearize_block +R18088 Linearize.starts_with +R18088 Linearize.starts_with +R18125 Linear.exec_trans +R18125 Linear.exec_trans +R18158 Linear.exec_trans +R18158 Linear.exec_trans +R18176 Linear.exec_one +R18176 Linear.exec_one +R18192 Linear.exec_Lcond_false +R18192 Linear.exec_Lcond_false +R18231 Coq.Bool.Bool.negb +R18236 Coq.Init.Datatypes.true +R18219 Coq.Init.Datatypes.false +R18231 Coq.Bool.Bool.negb +R18236 Coq.Init.Datatypes.true +R18219 Coq.Init.Datatypes.false +R18249 Op.eval_negate_condition +R18249 Op.eval_negate_condition +R18286 Linear.exec_one +R18286 Linear.exec_one +R18302 Linear.exec_Lgoto +R18302 Linear.exec_Lgoto +R18330 Linear.exec_trans +R18330 Linear.exec_trans +R18362 Linear.exec_one +R18362 Linear.exec_one +R18378 Linear.exec_Lcond_true +R18378 Linear.exec_Lcond_true +R18494 Linearizeproof.find_label_lin +R18494 Linearizeproof.find_label_lin +R18558 Linearize.linearize_block +R18558 Linearize.linearize_block +R18630 Linearize.starts_with +R18630 Linearize.starts_with +R18667 Linear.exec_trans +R18667 Linear.exec_trans +R18699 Linear.exec_one +R18699 Linear.exec_one +R18715 Linear.exec_Lcond_true +R18715 Linear.exec_Lcond_true +R18753 Coq.Bool.Bool.negb +R18758 Coq.Init.Datatypes.false +R18742 Coq.Init.Datatypes.true +R18753 Coq.Bool.Bool.negb +R18758 Coq.Init.Datatypes.false +R18742 Coq.Init.Datatypes.true +R18772 Op.eval_negate_condition +R18772 Op.eval_negate_condition +R18819 Linear.exec_trans +R18819 Linear.exec_trans +R18851 Linear.exec_trans +R18851 Linear.exec_trans +R18869 Linear.exec_one +R18869 Linear.exec_one +R18885 Linear.exec_Lcond_false +R18885 Linear.exec_Lcond_false +R18917 Linear.exec_one +R18917 Linear.exec_one +R18933 Linear.exec_Lgoto +R18933 Linear.exec_Lgoto +R19006 Coq.Lists.List "x :: y" list_scope +R18998 Linear.Lreturn +R19006 Coq.Lists.List "x :: y" list_scope +R18998 Linear.Lreturn +R19097 Linear.exec_refl +R19097 Linear.exec_refl +R19163 Linearizeproof.find_label_lin +R19163 Linearizeproof.find_label_lin +R19220 Coq.Init.Logic "x = y" type_scope +R19222 Linearize.linearize_block +R19220 Coq.Init.Logic "x = y" type_scope +R19222 Linearize.linearize_block +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R19381 Coq.Init.Logic "x = y" type_scope +R19374 Maps "a !! b" +R19363 Linearize.reachable +R19383 Coq.Init.Datatypes.true +R19381 Coq.Init.Logic "x = y" type_scope +R19374 Maps "a !! b" +R19363 Linearize.reachable +R19383 Coq.Init.Datatypes.true +R19401 Linearizeproof.reachable_correct_2 +R19401 Linearizeproof.reachable_correct_2 +R19460 Linearizeproof.valid_outcome +R19477 LTL.Cont +R19460 Linearizeproof.valid_outcome +R19477 LTL.Cont +R19500 Linearizeproof.exec_blocks_valid_outcome +R19500 Linearizeproof.exec_blocks_valid_outcome +R19700 Linear.exec_trans +R19700 Linear.exec_trans +R19803 Coq.Init.Logic "x = y" type_scope +R19782 Maps "a !! b" +R19786 LTL.fn_entrypoint +R19771 Linearize.reachable +R19805 Coq.Init.Datatypes.true +R19803 Coq.Init.Logic "x = y" type_scope +R19782 Maps "a !! b" +R19786 LTL.fn_entrypoint +R19771 Linearize.reachable +R19805 Coq.Init.Datatypes.true +R19822 Linearizeproof.reachable_entrypoint +R19822 Linearizeproof.reachable_entrypoint +R19859 Linearizeproof.valid_outcome +R19875 LTL.Return +R19859 Linearizeproof.valid_outcome +R19875 LTL.Return +R19912 Linearizeproof.valid_outcome +R19929 LTL.Cont +R19935 LTL.fn_entrypoint +R19912 Linearizeproof.valid_outcome +R19929 LTL.Cont +R19935 LTL.fn_entrypoint +R19966 Linearizeproof.exec_blocks_valid_outcome +R19966 Linearizeproof.exec_blocks_valid_outcome +R20010 Coq.Init.Logic "'exists' x , p" type_scope +R20051 Coq.Init.Logic "x = y" type_scope +R20020 Linear.fn_code +R20029 Linearize.linearize_function +R20078 Coq.Lists.List "x :: y" list_scope +R20053 Linear.Llabel +R20063 LTL.fn_entrypoint +R20010 Coq.Init.Logic "'exists' x , p" type_scope +R20051 Coq.Init.Logic "x = y" type_scope +R20020 Linear.fn_code +R20029 Linearize.linearize_function +R20078 Coq.Lists.List "x :: y" list_scope +R20053 Linear.Llabel +R20063 LTL.fn_entrypoint +R20134 Linearizeproof.enumerate_head +R20134 Linearizeproof.enumerate_head +R20247 Linearize.linearize_block +R20266 Linearize.linearize_body +R20247 Linearize.linearize_block +R20266 Linearize.linearize_body +R20391 Coq.Init.Logic "x = y" type_scope +R20329 Linear.find_label +R20359 Linear.fn_code +R20368 Linearize.linearize_function +R20341 LTL.fn_entrypoint +R20405 Coq.Init.Datatypes.Some +R20391 Coq.Init.Logic "x = y" type_scope +R20329 Linear.find_label +R20359 Linear.fn_code +R20368 Linearize.linearize_function +R20341 LTL.fn_entrypoint +R20405 Coq.Init.Datatypes.Some +R20445 Coqlib.peq_true +R20445 Coqlib.peq_true +R20483 Coq.Init.Logic.refl_equal +R20483 Coq.Init.Logic.refl_equal +R20596 Linearizeproof.cleanup_function_correct +R20596 Linearizeproof.cleanup_function_correct +R20664 Linear.exec_trans +R20664 Linear.exec_trans +R20684 Linear.exec_one +R20684 Linear.exec_one +R20722 Linearizeproof.unique_labels_lin_function +R20722 Linearizeproof.unique_labels_lin_function +R20872 Linear.exec_program +R20893 Linearize.transf_program +R20846 LTL.exec_program +R20838 Values.val +R20821 LTL.program +R21008 Linearize.transf_function +R21008 Linearize.transf_function +R21102 AST.prog_main +R21066 AST.prog_main +R21077 Linearize.transf_program +R21102 AST.prog_main +R21066 AST.prog_main +R21077 Linearize.transf_program +R21126 Linearizeproof.symbols_preserved +R21126 Linearizeproof.symbols_preserved +R21166 Linearizeproof.function_ptr_translated +R21166 Linearizeproof.function_ptr_translated +R21227 Linearizeproof.transf_function_correct +R21227 Linearizeproof.transf_function_correct +R21286 Globalenvs.init_mem_transf +R21286 Globalenvs.init_mem_transf +FLinearizetyping +R368 Linear.function +R394 Lineartyping.function_bounds +R513 Coq.ZArith.BinInt "x <= y" Z_scope +R516 Lineartyping.max_over_list +R496 Coq.Lists.List.In +R478 Coq.Lists.List.list +R471 Coq.ZArith.BinInt.Z +R695 Coq.Init.Logic "A /\ B" type_scope +R690 Coq.ZArith.BinInt "x <= y" Z_scope +R716 Coq.ZArith.BinInt "x <= y" Z_scope +R699 Coq.Lists.List.In +R630 Coq.Lists.List.fold_left +R652 Coq.ZArith.Zmin.Zmax +R695 Coq.Init.Logic "A /\ B" type_scope +R690 Coq.ZArith.BinInt "x <= y" Z_scope +R716 Coq.ZArith.BinInt "x <= y" Z_scope +R699 Coq.Lists.List.In +R630 Coq.Lists.List.fold_left +R652 Coq.ZArith.Zmin.Zmax +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R796 Coq.ZArith.Zmin.Zmax +R796 Coq.ZArith.Zmin.Zmax +R857 Coq.ZArith.Zmin.Zmax +R841 Coq.ZArith.Zorder.Zle_trans +R857 Coq.ZArith.Zmin.Zmax +R841 Coq.ZArith.Zorder.Zle_trans +R881 Coq.ZArith.Zmin.Zmax1 +R881 Coq.ZArith.Zmin.Zmax1 +R961 Coq.ZArith.Zmin.Zmax +R945 Coq.ZArith.Zorder.Zle_trans +R961 Coq.ZArith.Zmin.Zmax +R945 Coq.ZArith.Zorder.Zle_trans +R990 Coq.ZArith.Zmin.Zmax2 +R990 Coq.ZArith.Zmin.Zmax2 +R1147 Coq.ZArith.BinInt "x <= y" Z_scope +R1150 Lineartyping.max_over_instrs +R1120 Coq.Lists.List.In +R1128 Linear.fn_code +R1112 Coq.ZArith.BinInt.Z +R1097 Linear.instruction +R1221 Linearizetyping.max_over_list_bound +R1221 Linearizetyping.max_over_list_bound +R1379 Coq.ZArith.BinInt "x <= y" Z_scope +R1382 Lineartyping.max_over_regs_of_funct +R1344 Coq.Lists.List.In +R1350 Lineartyping.regs_of_instr +R1324 Coq.Lists.List.In +R1332 Linear.fn_code +R1314 Coq.ZArith.BinInt.Z +R1306 Locations.mreg +R1486 Lineartyping.max_over_regs_of_instr +R1470 Coq.ZArith.Zorder.Zle_trans +R1486 Lineartyping.max_over_regs_of_instr +R1470 Coq.ZArith.Zorder.Zle_trans +R1557 Linearizetyping.max_over_list_bound +R1557 Linearizetyping.max_over_list_bound +R1592 Linearizetyping.max_over_instrs_bound +R1592 Linearizetyping.max_over_instrs_bound +R1754 Coq.ZArith.BinInt "x <= y" Z_scope +R1757 Lineartyping.max_over_slots_of_funct +R1718 Coq.Lists.List.In +R1724 Lineartyping.slots_of_instr +R1698 Coq.Lists.List.In +R1706 Linear.fn_code +R1688 Coq.ZArith.BinInt.Z +R1680 Locations.slot +R1863 Lineartyping.max_over_slots_of_instr +R1847 Coq.ZArith.Zorder.Zle_trans +R1863 Lineartyping.max_over_slots_of_instr +R1847 Coq.ZArith.Zorder.Zle_trans +R1936 Linearizetyping.max_over_list_bound +R1936 Linearizetyping.max_over_list_bound +R1971 Linearizetyping.max_over_instrs_bound +R1971 Linearizetyping.max_over_instrs_bound +R2123 Coq.ZArith.BinInt "x < y" Z_scope +R2099 Conventions.index_int_callee_save +R2125 Lineartyping.bound_int_callee_save +R2071 Coq.Lists.List.In +R2077 Lineartyping.regs_of_instr +R2051 Coq.Lists.List.In +R2059 Linear.fn_code +R2192 Lineartyping.int_callee_save +R2173 Coq.ZArith.Zorder.Zlt_le_trans +R2192 Lineartyping.int_callee_save +R2173 Coq.ZArith.Zorder.Zlt_le_trans +R2307 Linearizetyping.max_over_regs_of_funct_bound +R2307 Linearizetyping.max_over_regs_of_funct_bound +R2471 Coq.ZArith.BinInt "x < y" Z_scope +R2445 Conventions.index_float_callee_save +R2473 Lineartyping.bound_float_callee_save +R2417 Coq.Lists.List.In +R2423 Lineartyping.regs_of_instr +R2397 Coq.Lists.List.In +R2405 Linear.fn_code +R2542 Lineartyping.float_callee_save +R2523 Coq.ZArith.Zorder.Zlt_le_trans +R2542 Lineartyping.float_callee_save +R2523 Coq.ZArith.Zorder.Zlt_le_trans +R2663 Linearizetyping.max_over_regs_of_funct_bound +R2663 Linearizetyping.max_over_regs_of_funct_bound +R2820 Coq.ZArith.BinInt "x < y" Z_scope +R2822 Lineartyping.bound_int_local +R2772 Coq.Lists.List.In +R2793 Lineartyping.slots_of_instr +R2776 Locations.Local +R2786 AST.Tint +R2752 Coq.Lists.List.In +R2760 Linear.fn_code +R2883 Lineartyping.int_local +R2894 Locations.Local +R2904 AST.Tint +R2864 Coq.ZArith.Zorder.Zlt_le_trans +R2883 Lineartyping.int_local +R2894 Locations.Local +R2904 AST.Tint +R2864 Coq.ZArith.Zorder.Zlt_le_trans +R2994 Linearizetyping.max_over_slots_of_funct_bound +R2994 Linearizetyping.max_over_slots_of_funct_bound +R3156 Coq.ZArith.BinInt "x < y" Z_scope +R3158 Lineartyping.bound_float_local +R3106 Coq.Lists.List.In +R3129 Lineartyping.slots_of_instr +R3110 Locations.Local +R3120 AST.Tfloat +R3086 Coq.Lists.List.In +R3094 Linear.fn_code +R3221 Lineartyping.float_local +R3234 Locations.Local +R3244 AST.Tfloat +R3202 Coq.ZArith.Zorder.Zlt_le_trans +R3221 Lineartyping.float_local +R3234 Locations.Local +R3244 AST.Tfloat +R3202 Coq.ZArith.Zorder.Zlt_le_trans +R3340 Linearizetyping.max_over_slots_of_funct_bound +R3340 Linearizetyping.max_over_slots_of_funct_bound +R3515 Coq.ZArith.BinInt "x <= y" Z_scope +R3501 Coq.ZArith.BinInt "x + y" Z_scope +R3503 Locations.typesize +R3518 Lineartyping.bound_outgoing +R3452 Coq.Lists.List.In +R3474 Lineartyping.slots_of_instr +R3456 Locations.Outgoing +R3432 Coq.Lists.List.In +R3440 Linear.fn_code +R3586 Lineartyping.outgoing_slot +R3601 Locations.Outgoing +R3565 Coq.ZArith.BinInt "x + y" Z_scope +R3567 Locations.typesize +R3586 Lineartyping.outgoing_slot +R3601 Locations.Outgoing +R3565 Coq.ZArith.BinInt "x + y" Z_scope +R3567 Locations.typesize +R3673 Coqlib.Zmax_bound_r +R3673 Coqlib.Zmax_bound_r +R3693 Coqlib.Zmax_bound_r +R3693 Coqlib.Zmax_bound_r +R3717 Linearizetyping.max_over_slots_of_funct_bound +R3717 Linearizetyping.max_over_slots_of_funct_bound +R3864 Coq.ZArith.BinInt "x <= y" Z_scope +R3845 Conventions.size_arguments +R3867 Lineartyping.bound_outgoing +R3809 Coq.Lists.List.In +R3831 Linear.fn_code +R3813 Linear.Lcall +R3936 Lineartyping.outgoing_space +R3952 Linear.Lcall +R3910 Conventions.size_arguments +R3936 Lineartyping.outgoing_space +R3952 Linear.Lcall +R3910 Conventions.size_arguments +R4022 Coqlib.Zmax_bound_r +R4022 Coqlib.Zmax_bound_r +R4042 Coqlib.Zmax_bound_l +R4042 Coqlib.Zmax_bound_l +R4064 Linearizetyping.max_over_instrs_bound +R4064 Linearizetyping.max_over_instrs_bound +R4201 Lineartyping.mreg_bounded +R4173 Coq.Lists.List.In +R4179 Lineartyping.regs_of_instr +R4153 Coq.Lists.List.In +R4161 Linear.fn_code +R4266 Locations.mreg_type +R4266 Locations.mreg_type +R4289 Linearizetyping.int_callee_save_bound +R4289 Linearizetyping.int_callee_save_bound +R4328 Linearizetyping.float_callee_save_bound +R4328 Linearizetyping.float_callee_save_bound +R4506 Lineartyping.slot_bounded +R4520 Linearize.transf_function +R4474 LTLtyping.slot_bounded +R4445 Coq.Lists.List.In +R4451 Lineartyping.slots_of_instr +R4407 Coq.Lists.List.In +R4433 Linear.fn_code +R4413 Linearize.transf_function +R4635 Linearizetyping.int_local_slot_bound +R4635 Linearizetyping.int_local_slot_bound +R4690 Linearizetyping.float_local_slot_bound +R4690 Linearizetyping.float_local_slot_bound +R4793 Linearizetyping.outgoing_slot_bound +R4793 Linearizetyping.outgoing_slot_bound +R4998 Coq.Lists.List.In +R5004 Linearize.cleanup_code +R4988 Coq.Lists.List.In +R4938 Linear.Lgoto +R4949 Coq.Init.Logic.False +R4962 Coq.Init.Logic.True +R5077 Coq.Lists.List.In +R5085 Coq.Lists.List "x :: y" list_scope +R5088 Linearize.cleanup_code +R5077 Coq.Lists.List.In +R5085 Coq.Lists.List "x :: y" list_scope +R5088 Linearize.cleanup_code +R5163 Coq.Lists.List.in_cons +R5163 Coq.Lists.List.in_cons +R5209 Coq.Lists.List.In +R5215 Linearize.cleanup_code +R5209 Coq.Lists.List.In +R5215 Linearize.cleanup_code +R5291 Linearize.starts_with +R5291 Linearize.starts_with +R5321 Coq.Lists.List.in_cons +R5321 Coq.Lists.List.in_cons +R5490 Coq.Lists.List.In +R5516 Linear.fn_code +R5496 Linearize.transf_function +R5452 Linear.Lgoto +R5463 Coq.Init.Logic.False +R5476 Coq.Init.Logic.True +R5396 Coq.Lists.List.In +R5425 Linear.fn_code +R5402 Linearize.linearize_function +R5621 Linearizetyping.cleanup_code_conservation +R5621 Linearizetyping.cleanup_code_conservation +R5735 Coq.Lists.List.In +R5710 Coq.Lists.List.In +R5716 Linearize.cleanup_code +R5826 Coq.Init.Logic "A \/ B" type_scope +R5822 Coq.Init.Logic "x = y" type_scope +R5829 Coq.Lists.List.In +R5790 Coq.Lists.List.In +R5798 Coq.Lists.List "x :: y" list_scope +R5801 Linearize.cleanup_code +R5826 Coq.Init.Logic "A \/ B" type_scope +R5822 Coq.Init.Logic "x = y" type_scope +R5829 Coq.Lists.List.In +R5790 Coq.Lists.List.In +R5798 Coq.Lists.List "x :: y" list_scope +R5801 Linearize.cleanup_code +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R5892 Linearize.starts_with +R5892 Linearize.starts_with +R6024 Coq.Lists.List.In +R6053 Linear.fn_code +R6030 Linearize.linearize_function +R5984 Coq.Lists.List.In +R6010 Linear.fn_code +R5990 Linearize.transf_function +R6094 Linearizetyping.cleanup_code_conservation_2 +R6094 Linearizetyping.cleanup_code_conservation_2 +R6217 Coq.Lists.List.incl_tl +R6225 Coq.Lists.List.incl_refl +R6330 Coq.Lists.List.incl +R6316 Coq.Lists.List.incl +R6302 Coq.Lists.List.incl +R6291 Coq.Lists.List.list +R6291 Coq.Lists.List.list +R6291 Coq.Lists.List.list +R6418 Coq.Lists.List.incl +R6426 Linearize.linearize_block +R6503 Linearize.starts_with +R6503 Linearize.starts_with +R6772 Lineartyping.wt_instr +R6782 Linearize.transf_function +R6742 Coq.Lists.List.In +R6748 Linearize.linearize_block +R6677 Coq.Lists.List.incl +R6728 Linear.fn_code +R6705 Linearize.linearize_function +R6683 Linearize.linearize_block +R6659 LTLtyping.wt_block +R6608 Lineartyping.wt_instr +R6618 Linearize.transf_function +R6598 Coq.Lists.List.In +R6860 Linearizetyping.cleanup_function_conservation +R6935 Coq.Init.Logic.I +R6923 Coq.Lists.List.in_eq +R6860 Linearizetyping.cleanup_function_conservation +R6935 Coq.Init.Logic.I +R6923 Coq.Lists.List.in_eq +R6860 Linearizetyping.cleanup_function_conservation +R6935 Coq.Init.Logic.I +R6923 Coq.Lists.List.in_eq +R6860 Linearizetyping.cleanup_function_conservation +R6935 Coq.Init.Logic.I +R6923 Coq.Lists.List.in_eq +R6860 Linearizetyping.cleanup_function_conservation +R6935 Coq.Init.Logic.I +R6923 Coq.Lists.List.in_eq +R6860 Linearizetyping.cleanup_function_conservation +R6935 Coq.Init.Logic.I +R6923 Coq.Lists.List.in_eq +R6860 Linearizetyping.cleanup_function_conservation +R6935 Coq.Init.Logic.I +R6923 Coq.Lists.List.in_eq +R6860 Linearizetyping.cleanup_function_conservation +R6935 Coq.Init.Logic.I +R6923 Coq.Lists.List.in_eq +R6860 Linearizetyping.cleanup_function_conservation +R6935 Coq.Init.Logic.I +R6923 Coq.Lists.List.in_eq +R6860 Linearizetyping.cleanup_function_conservation +R6935 Coq.Init.Logic.I +R6923 Coq.Lists.List.in_eq +R7064 Linearizetyping.slot_is_bounded +R7064 Linearizetyping.slot_is_bounded +R7125 Linearizetyping.mreg_is_bounded +R7125 Linearizetyping.mreg_is_bounded +R7231 Linearizetyping.slot_is_bounded +R7231 Linearizetyping.slot_is_bounded +R7346 Linearizetyping.mreg_is_bounded +R7346 Linearizetyping.mreg_is_bounded +R7455 Linearizetyping.mreg_is_bounded +R7455 Linearizetyping.mreg_is_bounded +R7556 Linearizetyping.mreg_is_bounded +R7556 Linearizetyping.mreg_is_bounded +R7651 Linearizetyping.mreg_is_bounded +R7651 Linearizetyping.mreg_is_bounded +R7782 Linearizetyping.size_arguments_bound +R7782 Linearizetyping.size_arguments_bound +R7865 Linearize.starts_with +R7865 Linearize.starts_with +R8359 Lineartyping.wt_instr +R8369 Linearize.transf_function +R8327 Coq.Lists.List.In +R8333 Linearize.linearize_body +R8260 Coq.Lists.List.incl +R8313 Linear.fn_code +R8290 Linearize.linearize_function +R8266 Linearize.linearize_body +R8214 LTLtyping.wt_function +R8489 Maps "a ! b" +R8476 LTL.fn_code +R8489 Maps "a ! b" +R8476 LTL.fn_code +R8589 Linearize.linearize_body +R8564 Linearizetyping.wt_linearize_block +R8589 Linearize.linearize_body +R8564 Linearizetyping.wt_linearize_block +R8665 Linearize.linearize_block +R8684 Linearize.linearize_body +R8648 Linearizetyping.incl_trans +R8665 Linearize.linearize_block +R8684 Linearize.linearize_body +R8648 Linearizetyping.incl_trans +R8717 Linearizetyping.linearize_block_incl +R8717 Linearizetyping.linearize_block_incl +R8945 Lineartyping.wt_function +R8958 Linearize.transf_function +R8916 LTLtyping.wt_function +R9041 Linearize.enumerate +R9017 Linearizetyping.wt_linearize_body +R9041 Linearize.enumerate +R9017 Linearizetyping.wt_linearize_body +R9076 Coq.Lists.List.incl_refl +R9076 Coq.Lists.List.incl_refl +R9095 Linearizetyping.cleanup_function_conservation_2 +R9095 Linearizetyping.cleanup_function_conservation_2 +R9229 Lineartyping.wt_program +R9254 Linearize.transf_program +R9201 LTLtyping.wt_program +R9185 LTL.program +R9317 AST.transform_program_function +R9344 Linearize.transf_function +R9317 AST.transform_program_function +R9344 Linearize.transf_function +R9411 Linearizetyping.wt_transf_function +R9411 Linearizetyping.wt_transf_function +FMach +R303 Coq.NArith.BinPos.positive +R373 Locations.mreg +R366 AST.typ +R359 Integers.int +R423 AST.typ +R416 Integers.int +R408 Locations.mreg +R471 Locations.mreg +R464 AST.typ +R457 Integers.int +R526 Locations.mreg +R513 Coq.Lists.List.list +R518 Locations.mreg +R500 Op.operation +R600 Locations.mreg +R587 Coq.Lists.List.list +R592 Locations.mreg +R573 Op.addressing +R557 AST.memory_chunk +R675 Locations.mreg +R662 Coq.Lists.List.list +R667 Locations.mreg +R648 Op.addressing +R632 AST.memory_chunk +R724 Coq.Init.Datatypes "x + y" type_scope +R719 Locations.mreg +R726 AST.ident +R706 AST.signature +R759 Mach.label +R791 Mach.label +R849 Mach.label +R836 Coq.Lists.List.list +R841 Locations.mreg +R823 Op.condition +R916 Coq.Lists.List.list +R921 Mach.instruction +R982 AST.signature +R1006 Mach.code +R1030 Coq.ZArith.BinInt.Z +R1051 Coq.ZArith.BinInt.Z +R1079 AST.program +R1091 Mach.function +R1121 Globalenvs.t +R1128 Mach.function +R1200 Locations.mreg +R1225 Locations.mreg_eq +R1330 Mem.block_contents +R1373 Mem.empty_block +R1440 AST.Tint +R1448 Mem.Size32 +R1457 AST.Tfloat +R1467 Mem.Size64 +R1416 AST.typ +R1521 Values.val +R1516 Coq.ZArith.BinInt.Z +R1509 AST.typ +R1500 Mach.frame +R1655 Coq.Init.Logic "x = y" type_scope +R1657 Mem.load_contents +R1709 Coq.ZArith.BinInt "x + y" Z_scope +R1704 Mem.low +R1689 Mem.contents +R1672 Mach.mem_type +R1639 Coq.ZArith.BinInt "x <= y" Z_scope +R1621 Coq.ZArith.BinInt "x + y" Z_scope +R1615 Coq.ZArith.BinInt "x + y" Z_scope +R1610 Mem.low +R1625 Coq.ZArith.BinInt "x * y" Z_scope +R1627 Locations.typesize +R1590 Coq.ZArith.BinInt "x <= y" Z_scope +R1807 Coq.Init.Logic "x = y" type_scope +R1784 Mem.size_mem +R1794 Mach.mem_type +R1811 Coq.ZArith.BinInt "x * y" Z_scope +R1813 Locations.typesize +R2187 Coq.Init.Logic "x = y" type_scope +R2123 Mem.store_contents +R2176 Coq.ZArith.BinInt "x + y" Z_scope +R2171 Mem.low +R2156 Mem.contents +R2139 Mach.mem_type +R2189 Mem.Undef +R2097 Coq.Init.Logic "A \/ B" type_scope +R2086 Coq.ZArith.BinInt "x < y" Z_scope +R2092 Mem.low +R2102 Coq.ZArith.BinInt "x >= y" Z_scope +R2109 Mem.high +R2059 Coq.Init.Logic "x = y" type_scope +R2047 Mem.contents +R2061 Mem.Undef +R2022 Coq.Init.Logic "A \/ B" type_scope +R2011 Coq.ZArith.BinInt "x < y" Z_scope +R2017 Mem.low +R2027 Coq.ZArith.BinInt "x >= y" Z_scope +R2034 Mem.high +R1988 Coq.ZArith.BinInt "x <= y" Z_scope +R1970 Coq.ZArith.BinInt "x + y" Z_scope +R1964 Coq.ZArith.BinInt "x + y" Z_scope +R1959 Mem.low +R1974 Coq.ZArith.BinInt "x * y" Z_scope +R1976 Locations.typesize +R1943 Coq.ZArith.BinInt "x <= y" Z_scope +R1932 Coq.Init.Logic "x = y" type_scope +R1926 Mem.high +R2258 Mem.low +R2267 Mem.high +R2220 Mem.store_contents_undef_outside +R2258 Mem.low +R2267 Mem.high +R2220 Mem.store_contents_undef_outside +R2287 Mach.size_mem_type +R2287 Mach.size_mem_type +R2395 Mach.frame +R2388 Values.val +R2383 Coq.ZArith.BinInt.Z +R2376 AST.typ +R2367 Mach.frame +R2588 Mem.mkblock +R2700 Mach.set_slot_undef_outside +R2745 Mem.undef_outside +R2626 Mem.store_contents +R2679 Coq.ZArith.BinInt "x + y" Z_scope +R2674 Mem.low +R2659 Mem.contents +R2642 Mach.mem_type +R2609 Mem.high +R2600 Mem.low +R2545 Coq.ZArith.BinInt "x <= y" Z_scope +R2527 Coq.ZArith.BinInt "x + y" Z_scope +R2521 Coq.ZArith.BinInt "x + y" Z_scope +R2516 Mem.low +R2531 Coq.ZArith.BinInt "x * y" Z_scope +R2533 Locations.typesize +R2494 Coq.ZArith.BinInt "x <= y" Z_scope +R2477 Coq.Init.Logic "x = y" type_scope +R2471 Mem.high +R2805 Mem.empty_block +R2818 Coq.ZArith.BinInt "- x" Z_scope +R2823 Mach.fn_framesize +R2790 Mach.function +R2863 Mach.t +R2872 Values.val +R2900 Coq.Lists.List.map +R2954 Mach.set +R3060 Coq.Init.Datatypes.bool +R3091 Mach.Mlabel +R3109 Coqlib.peq +R3137 Coq.Init.Datatypes.false +R3127 Coq.Init.Datatypes.true +R3152 Coq.Init.Datatypes.false +R3045 Mach.instruction +R3030 Mach.label +R3215 Mach.is_label +R3269 Coq.Init.Logic "x <> y" type_scope +R3272 Mach.Mlabel +R3245 Coq.Init.Logic "x = y" type_scope +R3247 Mach.Mlabel +R3351 Coqlib.peq +R3351 Coqlib.peq +R3444 Coq.Init.Datatypes.option +R3451 Mach.code +R3425 Mach.code +R3414 Mach.label +R3478 Coq.Lists.List.nil +R3485 Coq.Init.Datatypes.None +R3497 Coq.Lists.List "x :: y" list_scope +R3509 Mach.is_label +R3530 Coq.Init.Datatypes.Some +R3425 Mach.code +R3414 Mach.label +R3599 Mach.genv +R3666 Coq.Init.Datatypes.option +R3673 Mach.function +R3706 Coq.Init.Datatypes.inl +R3715 Globalenvs.find_funct +R3745 Coq.Init.Datatypes.inr +R3769 Globalenvs.find_symbol +R3807 Coq.Init.Datatypes.None +R3815 Coq.Init.Datatypes.None +R3828 Coq.Init.Datatypes.Some +R3838 Globalenvs.find_funct_ptr +R3656 Mach.regset +R3642 Coq.Init.Datatypes "x + y" type_scope +R3637 Locations.mreg +R3644 AST.ident +R4010 Mem.mem +R4001 Mach.frame +R3991 Mach.regset +R3983 Mach.code +R3970 Mem.mem +R3961 Mach.frame +R3951 Mach.regset +R3943 Mach.code +R3928 Mach.frame +R3921 Values.val +R3909 Mach.function +R6798 Mem.mem +R6789 Mach.frame +R6779 Mach.regset +R6771 Mach.code +R6758 Mem.mem +R6749 Mach.frame +R6739 Mach.regset +R6731 Mach.code +R6716 Mach.frame +R6709 Values.val +R6697 Mach.function +R7464 Mem.mem +R7454 Mach.regset +R7447 Mem.mem +R7437 Mach.regset +R7424 Values.val +R7417 Values.val +R7408 Mach.frame +R7396 Mach.function +R8001 Mem.mem +R7991 Mach.regset +R7984 Mem.mem +R7974 Mach.regset +R7965 Mach.frame +R7953 Mach.function +R4140 Coq.Lists.List "x :: y" list_scope +R4129 Mach.Mlabel +R4397 Mach "a # b <- c" +R4361 Coq.Lists.List "x :: y" list_scope +R4340 Mach.Mgetstack +R4256 Mach.get_slot +R4272 Integers.signed +R4605 Coq.Lists.List "x :: y" list_scope +R4584 Mach.Msetstack +R4489 Mach.set_slot +R4505 Integers.signed +R4867 Mach "a # b <- c" +R4831 Coq.Lists.List "x :: y" list_scope +R4810 Mach.Mgetparam +R4722 Mach.get_slot +R4742 Integers.signed +R5097 Mach "a # b <- c" +R5061 Coq.Lists.List "x :: y" list_scope +R5045 Mach.Mop +R4986 Coq.Init.Logic "x = y" type_scope +R4953 Op.eval_operation +R4979 Mach "a ## b" +R4988 Coq.Init.Datatypes.Some +R5390 Mach "a # b <- c" +R5354 Coq.Lists.List "x :: y" list_scope +R5328 Mach.Mload +R5269 Coq.Init.Logic "x = y" type_scope +R5249 Mem.loadv +R5271 Coq.Init.Datatypes.Some +R5231 Coq.Init.Logic "x = y" type_scope +R5195 Op.eval_addressing +R5224 Mach "a ## b" +R5233 Coq.Init.Datatypes.Some +R5661 Coq.Lists.List "x :: y" list_scope +R5634 Mach.Mstore +R5574 Coq.Init.Logic "x = y" type_scope +R5544 Mem.storev +R5576 Coq.Init.Datatypes.Some +R5526 Coq.Init.Logic "x = y" type_scope +R5490 Op.eval_addressing +R5519 Mach "a ## b" +R5528 Coq.Init.Datatypes.Some +R5915 Coq.Lists.List "x :: y" list_scope +R5901 Mach.Mcall +R5800 Coq.Init.Logic "x = y" type_scope +R5779 Mach.find_function +R5802 Coq.Init.Datatypes.Some +R6120 Coq.Lists.List "x :: y" list_scope +R6110 Mach.Mgoto +R6050 Coq.Init.Logic "x = y" type_scope +R6023 Mach.find_label +R6041 Mach.fn_code +R6052 Coq.Init.Datatypes.Some +R6399 Coq.Lists.List "x :: y" list_scope +R6379 Mach.Mcond +R6319 Coq.Init.Logic "x = y" type_scope +R6292 Mach.find_label +R6310 Mach.fn_code +R6321 Coq.Init.Datatypes.Some +R6271 Coq.Init.Logic "x = y" type_scope +R6242 Op.eval_condition +R6264 Mach "a ## b" +R6273 Coq.Init.Datatypes.Some +R6278 Coq.Init.Datatypes.true +R6631 Coq.Lists.List "x :: y" list_scope +R6611 Mach.Mcond +R6548 Coq.Init.Logic "x = y" type_scope +R6519 Op.eval_condition +R6541 Mach "a ## b" +R6550 Coq.Init.Datatypes.Some +R6555 Coq.Init.Datatypes.false +R7909 Mem.free +R7837 Coq.Lists.List "x :: y" list_scope +R7829 Mach.Mreturn +R7791 Mach.fn_code +R7722 Values.Vptr +R7732 Integers.repr +R7742 Coq.ZArith.BinInt "- x" Z_scope +R7746 Mach.fn_framesize +R7671 Mach.set_slot +R7684 AST.Tint +R7622 Mach.set_slot +R7646 AST.Tint +R7632 Mach.init_frame +R7601 Coq.Init.Logic "x = y" type_scope +R7570 Mem.alloc +R7587 Mach.fn_stacksize +R7603 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R8135 Values.has_type +R8151 AST.Tint +R8100 Values.has_type +R8118 AST.Tint +R15099 Coq.Init.Logic "A /\ B" type_scope +R15009 Mach.exec_instr +R14996 Mem.mem +R14983 Mach.frame +R14959 Mach.regset +R14947 Mach.code +R14936 Mem.mem +R14924 Mach.frame +R14909 Mach.regset +R14889 Mach.code +R14877 Mach.frame +R14865 Values.val +R14849 Mach.function +R15375 Coq.Init.Logic "A /\ B" type_scope +R15283 Mach.exec_instrs +R15270 Mem.mem +R15257 Mach.frame +R15233 Mach.regset +R15221 Mach.code +R15210 Mem.mem +R15198 Mach.frame +R15183 Mach.regset +R15163 Mach.code +R15151 Mach.frame +R15139 Values.val +R15123 Mach.function +R15574 Coq.Init.Logic "A /\ B" type_scope +R15502 Mach.exec_function_body +R15489 Mem.mem +R15475 Mach.regset +R15455 Mem.mem +R15442 Mach.regset +R15432 Values.val +R15432 Values.val +R15416 Mach.frame +R15399 Mach.function +R15687 Mach.exec_function +R15674 Mem.mem +R15660 Mach.regset +R15640 Mem.mem +R15627 Mach.regset +R15615 Mach.frame +R15598 Mach.function +R14731 Values.has_type +R14747 AST.Tint +R14696 Values.has_type +R14714 AST.Tint +R14682 Values.val +R14682 Values.val +R14604 Mach.exec_function_body +R14571 Values.has_type +R14587 AST.Tint +R14536 Values.has_type +R14554 AST.Tint +R14522 Values.val +R14522 Values.val +R14490 Mem.mem +R14476 Mach.regset +R14454 Mem.mem +R14441 Mach.regset +R14428 Mach.frame +R14408 Mach.function +R14371 Mem.free +R14313 Coq.Lists.List "x :: y" list_scope +R14305 Mach.Mreturn +R14283 Mach.fn_code +R14234 Values.Vptr +R14244 Integers.repr +R14254 Coq.ZArith.BinInt "- x" Z_scope +R14258 Mach.fn_framesize +R14096 Mach.exec_instrs +R14190 Coq.Lists.List "x :: y" list_scope +R14182 Mach.Mreturn +R14160 Mach.fn_code +R14111 Values.Vptr +R14121 Integers.repr +R14131 Coq.ZArith.BinInt "- x" Z_scope +R14135 Mach.fn_framesize +R14058 Mach.set_slot +R14071 AST.Tint +R14007 Mach.set_slot +R14031 AST.Tint +R14017 Mach.init_frame +R13984 Coq.Init.Logic "x = y" type_scope +R13957 Mem.alloc +R13968 Mach.fn_stacksize +R13986 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R13930 Coq.Lists.List.list +R13935 Mach.instruction +R13918 Mach.frame +R13918 Mach.frame +R13918 Mach.frame +R13886 Values.block +R13874 Mem.mem +R13874 Mem.mem +R13857 Mach.regset +R13845 Mem.mem +R13822 Mach.regset +R13811 Values.val +R13811 Values.val +R13793 Mach.frame +R13773 Mach.function +R13589 Mach.exec_instrs +R13472 Mach.exec_instrs +R13458 Mem.mem +R13435 Mach.frame +R13420 Mach.regset +R13407 Mach.code +R13396 Mem.mem +R13383 Mach.frame +R13358 Mach.regset +R13345 Mach.code +R13334 Mem.mem +R13321 Mach.frame +R13306 Mach.regset +R13283 Mach.code +R13270 Mach.frame +R13255 Values.val +R13239 Mach.function +R13069 Mach.exec_instr +R13055 Mem.mem +R13042 Mach.frame +R13017 Mach.regset +R13004 Mach.code +R12993 Mem.mem +R12981 Mach.frame +R12967 Mach.regset +R12945 Mach.code +R12933 Mach.frame +R12918 Values.val +R12902 Mach.function +R12829 Mem.mem +R12817 Mach.frame +R12803 Mach.regset +R12781 Mach.code +R12769 Mach.frame +R12754 Values.val +R12738 Mach.function +R12690 Coq.Lists.List "x :: y" list_scope +R12670 Mach.Mcond +R12631 Coq.Init.Logic "x = y" type_scope +R12600 Op.eval_condition +R12623 Mach "a ## b" +R12633 Coq.Init.Datatypes.Some +R12638 Coq.Init.Datatypes.false +R12586 Mem.mem +R12574 Mach.frame +R12563 Values.val +R12555 Locations.mreg +R12531 Coq.Lists.List.list +R12536 Mach.instruction +R12509 Mach.label +R12491 Coq.Lists.List.list +R12496 Locations.mreg +R12472 Op.condition +R12447 Mach.frame +R12432 Values.val +R12416 Mach.function +R12367 Coq.Lists.List "x :: y" list_scope +R12347 Mach.Mcond +R12311 Coq.Init.Logic "x = y" type_scope +R12284 Mach.find_label +R12300 Mach.fn_code +R12313 Coq.Init.Datatypes.Some +R12261 Coq.Init.Logic "x = y" type_scope +R12230 Op.eval_condition +R12253 Mach "a ## b" +R12263 Coq.Init.Datatypes.Some +R12268 Coq.Init.Datatypes.true +R12215 Mach.code +R12194 Mem.mem +R12182 Mach.frame +R12171 Values.val +R12163 Locations.mreg +R12139 Coq.Lists.List.list +R12144 Mach.instruction +R12117 Mach.label +R12099 Coq.Lists.List.list +R12104 Locations.mreg +R12080 Op.condition +R12055 Mach.frame +R12040 Values.val +R12024 Mach.function +R11975 Coq.Lists.List "x :: y" list_scope +R11965 Mach.Mgoto +R11929 Coq.Init.Logic "x = y" type_scope +R11902 Mach.find_label +R11918 Mach.fn_code +R11931 Coq.Init.Datatypes.Some +R11887 Mach.code +R11866 Mem.mem +R11854 Mach.frame +R11840 Mach.regset +R11816 Coq.Lists.List.list +R11821 Mach.instruction +R11794 Mach.label +R11780 Mach.frame +R11765 Values.val +R11749 Mach.function +R11699 Coq.Lists.List "x :: y" list_scope +R11685 Mach.Mcall +R11595 Mach.exec_function +R11574 Coq.Init.Logic "x = y" type_scope +R11553 Mach.find_function +R11576 Coq.Init.Datatypes.Some +R11539 Mem.mem +R11525 Mach.regset +R11508 Mach.function +R11497 Mem.mem +R11485 Mach.frame +R11461 Mach.regset +R11437 Coq.Lists.List.list +R11442 Mach.instruction +R11423 Coq.Init.Datatypes "x + y" type_scope +R11418 Locations.mreg +R11425 AST.ident +R11390 AST.signature +R11376 Mach.frame +R11361 Values.val +R11345 Mach.function +R11296 Coq.Lists.List "x :: y" list_scope +R11269 Mach.Mstore +R11233 Coq.Init.Logic "x = y" type_scope +R11207 Mem.storev +R11235 Coq.Init.Datatypes.Some +R11187 Coq.Init.Logic "x = y" type_scope +R11149 Op.eval_addressing +R11179 Mach "a ## b" +R11189 Coq.Init.Datatypes.Some +R11135 Values.val +R11125 Mem.mem +R11125 Mem.mem +R11100 Mach.frame +R11089 Values.val +R11081 Locations.mreg +R11057 Coq.Lists.List.list +R11062 Mach.instruction +R11046 Locations.mreg +R11018 Coq.Lists.List.list +R11023 Locations.mreg +R10998 Op.addressing +R10976 AST.memory_chunk +R10950 Mach.frame +R10935 Values.val +R10919 Mach.function +R10879 Mach "a # b <- c" +R10850 Coq.Lists.List "x :: y" list_scope +R10824 Mach.Mload +R10789 Coq.Init.Logic "x = y" type_scope +R10773 Mem.loadv +R10791 Coq.Init.Datatypes.Some +R10753 Coq.Init.Logic "x = y" type_scope +R10715 Op.eval_addressing +R10745 Mach "a ## b" +R10755 Coq.Init.Datatypes.Some +R10701 Values.val +R10701 Values.val +R10689 Mem.mem +R10667 Mach.frame +R10656 Values.val +R10648 Locations.mreg +R10624 Coq.Lists.List.list +R10629 Mach.instruction +R10613 Locations.mreg +R10585 Coq.Lists.List.list +R10590 Locations.mreg +R10565 Op.addressing +R10543 AST.memory_chunk +R10517 Mach.frame +R10502 Values.val +R10486 Mach.function +R10446 Mach "a # b <- c" +R10427 Coq.Lists.List "x :: y" list_scope +R10411 Mach.Mop +R10376 Coq.Init.Logic "x = y" type_scope +R10341 Op.eval_operation +R10368 Mach "a ## b" +R10378 Coq.Init.Datatypes.Some +R10327 Values.val +R10317 Mem.mem +R10305 Mach.frame +R10294 Values.val +R10286 Locations.mreg +R10252 Coq.Lists.List.list +R10257 Mach.instruction +R10241 Locations.mreg +R10223 Coq.Lists.List.list +R10228 Locations.mreg +R10194 Op.operation +R10181 Mach.frame +R10166 Values.val +R10150 Mach.function +R10100 Mach "a # b <- c" +R10081 Coq.Lists.List "x :: y" list_scope +R10060 Mach.Mgetparam +R9996 Mach.get_slot +R10016 Integers.signed +R9982 Values.val +R9972 Mem.mem +R9960 Mach.frame +R9936 Mach.regset +R9912 Coq.Lists.List.list +R9917 Mach.instruction +R9901 Locations.mreg +R9889 AST.typ +R9868 Integers.int +R9854 Mach.frame +R9839 Values.val +R9823 Mach.function +R9774 Coq.Lists.List "x :: y" list_scope +R9753 Mach.Msetstack +R9682 Mach.set_slot +R9698 Integers.signed +R9666 Mach.frame +R9654 Mem.mem +R9642 Mach.frame +R9621 Values.val +R9613 Locations.mreg +R9589 Coq.Lists.List.list +R9594 Mach.instruction +R9579 AST.typ +R9568 Integers.int +R9545 Locations.mreg +R9531 Mach.frame +R9516 Values.val +R9500 Mach.function +R9450 Mach "a # b <- c" +R9431 Coq.Lists.List "x :: y" list_scope +R9410 Mach.Mgetstack +R9350 Mach.get_slot +R9366 Integers.signed +R9336 Values.val +R9326 Mem.mem +R9314 Mach.frame +R9290 Mach.regset +R9266 Coq.Lists.List.list +R9271 Mach.instruction +R9255 Locations.mreg +R9243 AST.typ +R9222 Integers.int +R9208 Mach.frame +R9193 Values.val +R9177 Mach.function +R9129 Coq.Lists.List "x :: y" list_scope +R9118 Mach.Mlabel +R9089 Mem.mem +R9077 Mach.frame +R9063 Mach.regset +R9039 Coq.Lists.List.list +R9044 Mach.instruction +R9017 Mach.label +R9003 Mach.frame +R8988 Values.val +R8972 Mach.function +R8938 Mem.mem +R8928 Mach.regset +R8921 Mem.mem +R8911 Mach.regset +R8902 Mach.frame +R8890 Mach.function +R8862 Mem.mem +R8852 Mach.regset +R8845 Mem.mem +R8835 Mach.regset +R8828 Values.val +R8821 Values.val +R8812 Mach.frame +R8785 Mach.function +R8757 Mem.mem +R8748 Mach.frame +R8738 Mach.regset +R8730 Mach.code +R8723 Mem.mem +R8714 Mach.frame +R8689 Mach.regset +R8666 Mach.code +R8642 Mach.frame +R8620 Values.val +R8593 Mach.function +R8757 Mem.mem +R8748 Mach.frame +R8738 Mach.regset +R8730 Mach.code +R8723 Mem.mem +R8714 Mach.frame +R8689 Mach.regset +R8666 Mach.code +R8642 Mach.frame +R8620 Values.val +R8593 Mach.function +R15776 Mach.exec_instr_ind4 +R15776 Mach.exec_instr_ind4 +R15833 Mach.exec_instrs_ind4 +R15833 Mach.exec_instrs_ind4 +R15891 Mach.exec_function_body_ind4 +R15891 Mach.exec_function_body_ind4 +R15949 Mach.exec_function_ind4 +R15949 Mach.exec_function_ind4 +R16133 Coq.Init.Logic "'exists' x , p" type_scope +R16143 Coq.Init.Logic "'exists' x , p" type_scope +R16153 Coq.Init.Logic "'exists' x , p" type_scope +R16164 Coq.Init.Logic "'exists' x , p" type_scope +R16219 Coq.Init.Logic "A /\ B" type_scope +R16210 Coq.Init.Logic "x = y" type_scope +R16176 Globalenvs.find_symbol +R16199 AST.prog_main +R16212 Coq.Init.Datatypes.Some +R16258 Coq.Init.Logic "A /\ B" type_scope +R16249 Coq.Init.Logic "x = y" type_scope +R16224 Globalenvs.find_funct_ptr +R16251 Coq.Init.Datatypes.Some +R16304 Coq.Init.Logic "A /\ B" type_scope +R16274 Coq.Init.Logic "x = y" type_scope +R16266 Mach.fn_sig +R16276 AST.mksignature +R16293 Coq.Init.Datatypes.Some +R16298 AST.Tint +R16288 Coq.Lists.List.nil +R16369 Coq.Init.Logic "A /\ B" type_scope +R16309 Mach.exec_function +R16341 Mach.init +R16353 Values.Vundef +R16328 Mach.empty_frame +R16413 Coq.Init.Logic "x = y" type_scope +R16378 Conventions.loc_result +R16404 Mach.fn_sig +R16112 Globalenvs.init_mem +R16080 Globalenvs.globalenv +R16053 Values.val +R16040 Mach.program +R16459 Mach.instruction +R16529 Mach.Mlabel +R16621 Mach.Mgetstack +R16598 Coq.Init.Logic "x = y" type_scope +R16586 Locations.mreg_type +R16745 Mach.Msetstack +R16709 Coq.ZArith.BinInt "x <= y" Z_scope +R16712 Integers.signed +R16698 Coq.Init.Logic "x = y" type_scope +R16686 Locations.mreg_type +R16845 Mach.Mgetparam +R16822 Coq.Init.Logic "x = y" type_scope +R16810 Locations.mreg_type +R16949 Mach.Mop +R16963 Coq.Lists.List "x :: y" list_scope +R16966 Coq.Lists.List.nil +R16953 Op.Omove +R16917 Coq.Init.Logic "x = y" type_scope +R16904 Locations.mreg_type +R16919 Locations.mreg_type +R17021 Mach.Mop +R17032 Coq.Lists.List.nil +R17025 Op.Oundef +R17202 Mach.Mop +R17160 Coq.Init.Logic "x = y" type_scope +R17119 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R17120 Coq.Lists.List.map +R17129 Locations.mreg_type +R17145 Locations.mreg_type +R17162 Op.type_of_operation +R17100 Coq.Init.Logic "x <> y" type_scope +R17103 Op.Oundef +R17085 Coq.Init.Logic "x <> y" type_scope +R17088 Op.Omove +R17387 Mach.Mload +R17346 Coq.Init.Logic "x = y" type_scope +R17332 Locations.mreg_type +R17348 Op.type_of_chunk +R17297 Coq.Init.Logic "x = y" type_scope +R17273 Coq.Lists.List.map +R17282 Locations.mreg_type +R17299 Op.type_of_addressing +R17583 Mach.Mstore +R17542 Coq.Init.Logic "x = y" type_scope +R17528 Locations.mreg_type +R17544 Op.type_of_chunk +R17493 Coq.Init.Logic "x = y" type_scope +R17469 Coq.Lists.List.map +R17478 Locations.mreg_type +R17495 Op.type_of_addressing +R17735 Mach.Mcall +R17668 Coq.Init.Datatypes.inl +R17689 Coq.Init.Logic "x = y" type_scope +R17677 Locations.mreg_type +R17691 AST.Tint +R17698 Coq.Init.Datatypes.inr +R17707 Coq.Init.Logic.True +R17798 Mach.Mgoto +R17925 Mach.Mcond +R17881 Coq.Init.Logic "x = y" type_scope +R17857 Coq.Lists.List.map +R17866 Locations.mreg_type +R17883 Op.type_of_condition +R17978 Mach.Mreturn +R18011 Mach.function +R18112 Mach.wt_instr +R18088 Coq.Lists.List.In +R18100 Mach.fn_code +R18174 Coq.ZArith.BinInt "x >= y" Z_scope +R18160 Mach.fn_stacksize +R18226 Coq.ZArith.BinInt "x >= y" Z_scope +R18212 Mach.fn_framesize +R18281 Coq.ZArith.BinInt "x <= y" Z_scope +R18267 Mach.fn_framesize +R18284 Coq.ZArith.BinInt "- x" Z_scope +R18285 Integers.min_signed +R18391 Mach.wt_function +R18363 Coq.Lists.List.In +R18374 AST.prog_funct +R18366 Coq.Init.Datatypes "( x , y , .. , z )" core_scope +R18330 Mach.program +R18485 Values.has_type +R18506 Locations.mreg_type +R18455 Mach.regset +R18585 Mem.Datum32 +R18598 Values.has_type +R18613 AST.Tint +R18622 Mem.Datum64 +R18635 Values.has_type +R18650 AST.Tfloat +R18666 Coq.Init.Logic.True +R18547 Mem.content +R18735 Mach.wt_content +R18751 Mem.contents +R18704 Mach.frame +R18879 Mach.wt_regset +R18892 Mach "a # b <- c" +R18863 Mach.wt_regset +R18829 Values.has_type +R18845 Locations.mreg_type +R18821 Values.val +R18811 Locations.mreg +R18799 Mach.regset +R18960 Mach.eq +R18960 Mach.eq +R19111 Values.has_type +R19094 Mach.wt_frame +R19068 Mach.get_slot +R19191 Coq.ZArith.BinInt "x + y" Z_scope +R19184 Mem.low +R19191 Coq.ZArith.BinInt "x + y" Z_scope +R19184 Mem.low +R19238 Mem.check_cont +R19262 Mem.contents +R19256 Coq.ZArith.BinInt "x + y" Z_scope +R19238 Mem.check_cont +R19262 Mem.contents +R19256 Coq.ZArith.BinInt "x + y" Z_scope +R19331 Mem.contents +R19331 Mem.contents +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R19399 Mem.check_cont +R19423 Mem.contents +R19417 Coq.ZArith.BinInt "x + y" Z_scope +R19399 Mem.check_cont +R19423 Mem.contents +R19417 Coq.ZArith.BinInt "x + y" Z_scope +R19492 Mem.contents +R19492 Mem.contents +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R19662 Mach.wt_frame +R19639 Values.has_type +R19622 Mach.wt_frame +R19592 Mach.set_slot +R19726 Coq.ZArith.BinInt "x + y" Z_scope +R19719 Mem.low +R19726 Coq.ZArith.BinInt "x + y" Z_scope +R19719 Mem.low +R19859 Coq.Init.Logic "A \/ B" type_scope +R19853 Coq.Init.Logic "x = y" type_scope +R19867 Coq.Init.Logic "x = y" type_scope +R19869 Mem.Cont +R19806 Mem.set_cont +R19859 Coq.Init.Logic "A \/ B" type_scope +R19853 Coq.Init.Logic "x = y" type_scope +R19867 Coq.Init.Logic "x = y" type_scope +R19869 Mem.Cont +R19806 Mem.set_cont +R19949 Coqlib.zeq +R19949 Coqlib.zeq +R20082 Coqlib.zeq +R20082 Coqlib.zeq +R20082 Coqlib.zeq +R20143 Mem.contents +R20137 Coq.ZArith.BinInt "x + y" Z_scope +R20143 Mem.contents +R20137 Coq.ZArith.BinInt "x + y" Z_scope +R20247 Mem.contents +R20241 Coq.ZArith.BinInt "x + y" Z_scope +R20247 Mem.contents +R20241 Coq.ZArith.BinInt "x + y" Z_scope +R20348 Mach.wt_frame +R20358 Mach.init_frame +R20438 Coq.Init.Logic.I +R20438 Coq.Init.Logic.I +R20519 Coq.Lists.List.incl +R20506 Coq.Init.Logic "x = y" type_scope +R20489 Mach.find_label +R20508 Coq.Init.Datatypes.Some +R20591 Mach.is_label +R20591 Mach.is_label +R20654 Coq.Lists.List.incl_tl +R20669 Coq.Lists.List.incl_refl +R20654 Coq.Lists.List.incl_tl +R20669 Coq.Lists.List.incl_refl +R20688 Coq.Lists.List.incl_tl +R20688 Coq.Lists.List.incl_tl +R20749 Mach.program +R20775 Mach.wt_program +R20799 Globalenvs.globalenv +R21187 Coq.Init.Logic "A /\ B" type_scope +R21167 Coq.Lists.List.incl +R21178 Mach.fn_code +R21204 Coq.Init.Logic "A /\ B" type_scope +R21190 Mach.wt_regset +R21207 Mach.wt_frame +R21145 Mach.wt_frame +R21113 Mach.wt_frame +R21080 Mach.wt_regset +R21041 Coq.Lists.List.incl +R21052 Mach.fn_code +R21008 Mach.wt_function +R20983 Mem.mem +R20971 Mach.frame +R20957 Mach.regset +R20945 Mach.code +R20933 Mem.mem +R20921 Mach.frame +R20907 Mach.regset +R20895 Mach.code +R20881 Mach.frame +R20867 Values.val +R20852 Mach.function +R21545 Mach.wt_regset +R21518 Values.has_type +R21534 AST.Tint +R21476 Values.has_type +R21494 AST.Tint +R21439 Mach.wt_frame +R21406 Mach.wt_regset +R21373 Mach.wt_function +R21348 Mem.mem +R21335 Mach.regset +R21324 Mem.mem +R21311 Mach.regset +R21298 Values.val +R21298 Values.val +R21281 Mach.frame +R21262 Mach.function +R21780 Mach.wt_regset +R21758 Mach.wt_frame +R21725 Mach.wt_regset +R21692 Mach.wt_function +R21667 Mem.mem +R21654 Mach.regset +R21643 Mem.mem +R21630 Mach.regset +R21615 Mach.frame +R21596 Mach.function +R21997 Coq.Init.Logic "A /\ B" type_scope +R21942 Mach.exec_instr_prop +R21879 Mach.exec_instr +R22176 Coq.Init.Logic "A /\ B" type_scope +R22121 Mach.exec_instr_prop +R22057 Mach.exec_instrs +R22343 Coq.Init.Logic "A /\ B" type_scope +R22289 Mach.exec_function_body_prop +R22227 Mach.exec_function_body +R22435 Mach.exec_function_prop +R22386 Mach.exec_function +R22494 Mach.exec_mutual_induction +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R22494 Mach.exec_mutual_induction +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R22550 Mach.wt_function_instrs +R22586 Coq.Lists.List.in_eq +R22550 Mach.wt_function_instrs +R22550 Mach.wt_function_instrs +R22653 Mach.wt_setreg +R22653 Mach.wt_setreg +R22726 Integers.signed +R22705 Mach.wt_get_slot +R22726 Integers.signed +R22705 Mach.wt_get_slot +R22773 Mach.wt_set_slot +R22773 Mach.wt_set_slot +R22846 Mach.wt_setreg +R22846 Mach.wt_setreg +R22908 Integers.signed +R22883 Mach.wt_get_slot +R22908 Integers.signed +R22883 Mach.wt_get_slot +R22940 Mach.wt_setreg +R22940 Mach.wt_setreg +R23142 Values.Vundef +R23142 Values.Vundef +R23188 Locations.mreg_type +R23209 Coq.Init.Datatypes.snd +R23214 Op.type_of_operation +R23188 Locations.mreg_type +R23209 Coq.Init.Datatypes.snd +R23214 Op.type_of_operation +R23277 Mach.function +R23291 Mach "a ## b" +R23248 Op.type_of_operation_sound +R23277 Mach.function +R23291 Mach "a ## b" +R23248 Op.type_of_operation_sound +R23349 Mach.wt_setreg +R23349 Mach.wt_setreg +R23401 Op.type_of_chunk_correct +R23401 Op.type_of_chunk_correct +R23488 Globalenvs.find_funct_prop +R23509 Mach.wt_function +R23488 Globalenvs.find_funct_prop +R23509 Mach.wt_function +R23542 Globalenvs.find_symbol +R23542 Globalenvs.find_symbol +R23576 Globalenvs.find_funct_ptr_prop +R23601 Mach.wt_function +R23576 Globalenvs.find_funct_ptr_prop +R23601 Mach.wt_function +R23647 Mach.incl_find_label +R23647 Mach.incl_find_label +R23688 Mach.incl_find_label +R23688 Mach.incl_find_label +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R23846 Mach.wt_frame +R23846 Mach.wt_frame +R23872 Mach.wt_set_slot +R23872 Mach.wt_set_slot +R23904 Mach.wt_set_slot +R23904 Mach.wt_set_slot +R23934 Mach.wt_init_frame +R23934 Mach.wt_init_frame +R23971 Coq.Lists.List.incl_refl +R23971 Coq.Lists.List.incl_refl +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R-1 Coq.Init.Logic.iff +R-1 Coq.Init.Logic.not +R24030 Values.Vzero +R24024 Values.Vzero +R24030 Values.Vzero +R24024 Values.Vzero +R24044 Coq.Init.Logic.I +R24044 Coq.Init.Logic.I +R24053 Coq.Init.Logic.I +R24053 Coq.Init.Logic.I +R24083 Coq.Init.Logic.I +R24083 Coq.Init.Logic.I +R24092 Coq.Init.Logic.I +R24092 Coq.Init.Logic.I +R24252 Mach.exec_instr_prop +R24189 Mach.exec_instr +R24316 Coq.Init.Logic.proj1 +R24322 Mach.subject_reduction +R24496 Mach.exec_instr_prop +R24432 Mach.exec_instrs +R24560 Coq.Init.Logic.proj1 +R24567 Coq.Init.Logic.proj2 +R24573 Mach.subject_reduction +R24717 Mach.exec_function_prop +R24668 Mach.exec_function +R24767 Coq.Init.Logic.proj2 +R24774 Coq.Init.Logic.proj2 +R24781 Coq.Init.Logic.proj2 +R24787 Mach.subject_reduction +R25023 Mach.get_slot +R25036 AST.Tint +R24996 Mach.get_slot +R25009 AST.Tint +R24979 Coq.ZArith.BinInt "x <= y < z" Z_scope +R24942 Mach.frame +R24942 Mach.frame +R25090 Mach.link_invariant +R25250 Mach.link_invariant +R25238 Coq.ZArith.BinInt "x <= y" Z_scope +R25205 Mach.set_slot +R25370 Mem.contents +R25370 Mem.contents +R25386 Mem.low +R25386 Mem.low +R25422 Mem.load_store_contents_other +R25422 Mem.load_store_contents_other +R25695 Coq.Init.Logic "A /\ B" type_scope +R25675 Coq.Lists.List.incl +R25686 Mach.fn_code +R25698 Mach.link_invariant +R25650 Coq.Lists.List.incl +R25661 Mach.fn_code +R25631 Mach.wt_function +R25572 Mach.exec_instr +R25795 Mach.link_invariant_refl +R25795 Mach.link_invariant_refl +R25795 Mach.link_invariant_refl +R25795 Mach.link_invariant_refl +R25795 Mach.link_invariant_refl +R25795 Mach.link_invariant_refl +R25795 Mach.link_invariant_refl +R25795 Mach.link_invariant_refl +R25795 Mach.link_invariant_refl +R25795 Mach.link_invariant_refl +R25795 Mach.link_invariant_refl +R25795 Mach.link_invariant_refl +R25828 Mach.set_slot_link_invariant +R25828 Mach.set_slot_link_invariant +R25874 Mach.wt_function_instrs +R25907 Coq.Lists.List.in_eq +R25874 Mach.wt_function_instrs +R25907 Coq.Lists.List.in_eq +R25959 Mach.incl_find_label +R25959 Mach.incl_find_label +R25992 Mach.incl_find_label +R25992 Mach.incl_find_label +R26235 Coq.Init.Logic "A /\ B" type_scope +R26215 Coq.Lists.List.incl +R26226 Mach.fn_code +R26238 Mach.link_invariant +R26190 Coq.Lists.List.incl +R26201 Mach.fn_code +R26171 Mach.wt_function +R26111 Mach.exec_instrs +R26313 Mach.link_invariant_refl +R26313 Mach.link_invariant_refl +R26343 Mach.exec_instr_link_invariant +R26343 Mach.exec_instr_link_invariant diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..6900b3db --- /dev/null +++ b/Makefile @@ -0,0 +1,75 @@ +COQC=coqc $(INCLUDES) +COQDEP=coqdep $(INCLUDES) +COQDOC=coqdoc + +INCLUDES=-I lib -I backend + +# Files in lib/ + +LIB=Coqlib.v Maps.v Sets.v union_find.v Inclusion.v Lattice.v Ordered.v \ + Integers.v Floats.v + +# Files in backend/ + +BACKEND=AST.v Values.v Mem.v Globalenvs.v \ + Op.v Cminor.v \ + Cmconstr.v Cmconstrproof.v \ + Csharpminor.v Cminorgen.v Cminorgenproof.v \ + Registers.v RTL.v \ + RTLgen.v RTLgenproof1.v RTLgenproof.v \ + RTLtyping.v \ + Kildall.v \ + Constprop.v Constpropproof.v \ + CSE.v CSEproof.v \ + Locations.v Conventions.v LTL.v LTLtyping.v \ + InterfGraph.v Coloring.v Coloringproof.v \ + Parallelmove.v Allocation.v \ + Allocproof_aux.v Allocproof.v \ + Alloctyping_aux.v Alloctyping.v \ + Tunneling.v Tunnelingproof.v Tunnelingtyping.v \ + Linear.v Lineartyping.v \ + Linearize.v Linearizeproof.v Linearizetyping.v \ + Mach.v Machabstr.v Machtyping.v \ + Stacking.v Stackingproof.v Stackingtyping.v \ + Machabstr2mach.v \ + PPC.v PPCgen.v PPCgenproof1.v PPCgenproof.v \ + Main.v + +# All source files + +FILES=$(LIB:%=lib/%) $(BACKEND:%=backend/%) + +FLATFILES=$(LIB) $(BACKEND) + +proof: $(FILES:.v=.vo) + +all: + $(MAKE) proof + $(MAKE) -C extraction extraction + $(MAKE) -C extraction depend + $(MAKE) -C extraction + +documentation: + $(COQDOC) --html -d doc $(FLATFILES:%.v=--glob-from doc/%.glob) $(FILES) + doc/removeproofs doc/lib.*.html doc/backend.*.html + +latexdoc: + $(COQDOC) --latex -o doc/doc.tex -g $(FILES) + +.SUFFIXES: .v .vo + +.v.vo: + @rm -f doc/glob/$(*F).glob + $(COQC) -dump-glob doc/$(*F).glob $*.v + +depend: + $(COQDEP) $(FILES) > .depend + +clean: + rm -f */*.vo *~ */*~ + rm -f doc/lib.*.html doc/backend.*.html doc/*.glob + $(MAKE) -C extraction clean + $(MAKE) -C test/cminor clean + +include .depend + diff --git a/backend/AST.v b/backend/AST.v new file mode 100644 index 00000000..aae9e860 --- /dev/null +++ b/backend/AST.v @@ -0,0 +1,216 @@ +(** This file defines a number of data types and operations used in + the abstract syntax trees of many of the intermediate languages. *) + +Require Import Coqlib. + +Set Implicit Arguments. + +(** Identifiers (names of local variables, of global symbols and functions, + etc) are represented by the type [positive] of positive integers. *) + +Definition ident := positive. + +Definition ident_eq := peq. + +(** The languages are weakly typed, using only two types: [Tint] for + integers and pointers, and [Tfloat] for floating-point numbers. *) + +Inductive typ : Set := + | Tint : typ + | Tfloat : typ. + +Definition typesize (ty: typ) : Z := + match ty with Tint => 4 | Tfloat => 8 end. + +(** Additionally, function definitions and function calls are annotated + by function signatures indicating the number and types of arguments, + as well as the type of the returned value if any. These signatures + are used in particular to determine appropriate calling conventions + for the function. *) + +Record signature : Set := mksignature { + sig_args: list typ; + sig_res: option typ +}. + +(** Memory accesses (load and store instructions) are annotated by + a ``memory chunk'' indicating the type, size and signedness of the + chunk of memory being accessed. *) + +Inductive memory_chunk : Set := + | Mint8signed : memory_chunk (**r 8-bit signed integer *) + | Mint8unsigned : memory_chunk (**r 8-bit unsigned integer *) + | Mint16signed : memory_chunk (**r 16-bit signed integer *) + | Mint16unsigned : memory_chunk (**r 16-bit unsigned integer *) + | Mint32 : memory_chunk (**r 32-bit integer, or pointer *) + | Mfloat32 : memory_chunk (**r 32-bit single-precision float *) + | Mfloat64 : memory_chunk. (**r 64-bit double-precision float *) + +(** Comparison instructions can perform one of the six following comparisons + between their two operands. *) + +Inductive comparison : Set := + | Ceq : comparison (**r same *) + | Cne : comparison (**r different *) + | Clt : comparison (**r less than *) + | Cle : comparison (**r less than or equal *) + | Cgt : comparison (**r greater than *) + | Cge : comparison. (**r greater than or equal *) + +Definition negate_comparison (c: comparison): comparison := + match c with + | Ceq => Cne + | Cne => Ceq + | Clt => Cge + | Cle => Cgt + | Cgt => Cle + | Cge => Clt + end. + +Definition swap_comparison (c: comparison): comparison := + match c with + | Ceq => Ceq + | Cne => Cne + | Clt => Cgt + | Cle => Cge + | Cgt => Clt + | Cge => Cle + end. + +(** Whole programs consist of: +- a collection of function definitions (name and description); +- the name of the ``main'' function that serves as entry point in the program; +- a collection of global variable declarations (name and size in bytes). + +The type of function descriptions varies among the various intermediate +languages and is taken as parameter to the [program] type. The other parts +of whole programs are common to all languages. *) + +Record program (funct: Set) : Set := mkprogram { + prog_funct: list (ident * funct); + prog_main: ident; + prog_vars: list (ident * Z) +}. + +(** We now define a general iterator over programs that applies a given + code transformation function to all function descriptions and leaves + the other parts of the program unchanged. *) + +Section TRANSF_PROGRAM. + +Variable A B: Set. +Variable transf: A -> B. + +Fixpoint transf_program (l: list (ident * A)) : list (ident * B) := + match l with + | nil => nil + | (id, fn) :: rem => (id, transf fn) :: transf_program rem + end. + +Definition transform_program (p: program A) : program B := + mkprogram + (transf_program p.(prog_funct)) + p.(prog_main) + p.(prog_vars). + +Remark transf_program_functions: + forall fl i tf, + In (i, tf) (transf_program fl) -> + exists f, In (i, f) fl /\ transf f = tf. +Proof. + induction fl; simpl. + tauto. + destruct a. simpl. intros. + elim H; intro. exists a. split. left. congruence. congruence. + generalize (IHfl _ _ H0). intros [f [IN TR]]. + exists f. split. right. auto. auto. +Qed. + +Lemma transform_program_function: + forall p i tf, + In (i, tf) (transform_program p).(prog_funct) -> + exists f, In (i, f) p.(prog_funct) /\ transf f = tf. +Proof. + simpl. intros. eapply transf_program_functions; eauto. +Qed. + +End TRANSF_PROGRAM. + +(** The following is a variant of [transform_program] where the + code transformation function can fail and therefore returns an + option type. *) + +Section TRANSF_PARTIAL_PROGRAM. + +Variable A B: Set. +Variable transf_partial: A -> option B. + +Fixpoint transf_partial_program + (l: list (ident * A)) : option (list (ident * B)) := + match l with + | nil => Some nil + | (id, fn) :: rem => + match transf_partial fn with + | None => None + | Some fn' => + match transf_partial_program rem with + | None => None + | Some res => Some ((id, fn') :: res) + end + end + end. + +Definition transform_partial_program (p: program A) : option (program B) := + match transf_partial_program p.(prog_funct) with + | None => None + | Some fl => Some (mkprogram fl p.(prog_main) p.(prog_vars)) + end. + +Remark transf_partial_program_functions: + forall fl tfl i tf, + transf_partial_program fl = Some tfl -> + In (i, tf) tfl -> + exists f, In (i, f) fl /\ transf_partial f = Some tf. +Proof. + induction fl; simpl. + intros; injection H; intro; subst tfl; contradiction. + case a; intros id fn. intros until tf. + caseEq (transf_partial fn). + intros tfn TFN. + caseEq (transf_partial_program fl). + intros tfl1 TFL1 EQ. injection EQ; intro; clear EQ; subst tfl. + simpl. intros [EQ1|IN1]. + exists fn. intuition congruence. + generalize (IHfl _ _ _ TFL1 IN1). + intros [f [X Y]]. + exists f. intuition congruence. + intros; discriminate. + intros; discriminate. +Qed. + +Lemma transform_partial_program_function: + forall p tp i tf, + transform_partial_program p = Some tp -> + In (i, tf) tp.(prog_funct) -> + exists f, In (i, f) p.(prog_funct) /\ transf_partial f = Some tf. +Proof. + intros until tf. + unfold transform_partial_program. + caseEq (transf_partial_program (prog_funct p)). + intros. apply transf_partial_program_functions with l; auto. + injection H0; intros; subst tp. exact H1. + intros; discriminate. +Qed. + +Lemma transform_partial_program_main: + forall p tp, + transform_partial_program p = Some tp -> + tp.(prog_main) = p.(prog_main). +Proof. + intros p tp. unfold transform_partial_program. + destruct (transf_partial_program (prog_funct p)). + intro EQ; injection EQ; intro EQ1; rewrite <- EQ1; reflexivity. + intro; discriminate. +Qed. + +End TRANSF_PARTIAL_PROGRAM. diff --git a/backend/Allocation.v b/backend/Allocation.v new file mode 100644 index 00000000..30f9dcc6 --- /dev/null +++ b/backend/Allocation.v @@ -0,0 +1,418 @@ +(** Register allocation, spilling, reloading and explicitation of + calling conventions. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Values. +Require Import Globalenvs. +Require Import Op. +Require Import Registers. +Require Import RTL. +Require Import RTLtyping. +Require Import Kildall. +Require Import Locations. +Require Import Conventions. +Require Import Coloring. +Require Import Parallelmove. + +(** * Liveness analysis over RTL *) + +(** A register [r] is live at a point [p] if there exists a path + from [p] to some instruction that uses [r] as argument, + and [r] is not redefined along this path. + Liveness can be computed by a backward dataflow analysis. + The analysis operates over sets of (live) pseudo-registers. *) + +Notation reg_live := Regset.add. +Notation reg_dead := Regset.remove. + +Definition reg_option_live (or: option reg) (lv: Regset.t) := + match or with None => lv | Some r => reg_live r lv end. + +Definition reg_sum_live (ros: reg + ident) (lv: Regset.t) := + match ros with inl r => reg_live r lv | inr s => lv end. + +Fixpoint reg_list_live + (rl: list reg) (lv: Regset.t) {struct rl} : Regset.t := + match rl with + | nil => lv + | r1 :: rs => reg_list_live rs (reg_live r1 lv) + end. + +Fixpoint reg_list_dead + (rl: list reg) (lv: Regset.t) {struct rl} : Regset.t := + match rl with + | nil => lv + | r1 :: rs => reg_list_dead rs (reg_dead r1 lv) + end. + +(** Here is the transfer function for the dataflow analysis. + Since this is a backward dataflow analysis, it takes as argument + the abstract register set ``after'' the given instruction, + i.e. the registers that are live after; and it returns as result + the abstract register set ``before'' the given instruction, + i.e. the registers that must be live before. + The general relation between ``live before'' and ``live after'' + an instruction is that a register is live before if either + it is one of the arguments of the instruction, or it is not the result + of the instruction and it is live after. + However, if the result of a side-effect-free instruction is not + live ``after'', the whole instruction will be removed later + (since it computes a useless result), thus its arguments need not + be live ``before''. *) + +Definition transfer + (f: RTL.function) (pc: node) (after: Regset.t) : Regset.t := + match f.(fn_code)!pc with + | None => + after + | Some i => + match i with + | Inop s => + after + | Iop op args res s => + if Regset.mem res after then + reg_list_live args (reg_dead res after) + else + after + | Iload chunk addr args dst s => + if Regset.mem dst after then + reg_list_live args (reg_dead dst after) + else + after + | Istore chunk addr args src s => + reg_list_live args (reg_live src after) + | Icall sig ros args res s => + reg_list_live args + (reg_sum_live ros (reg_dead res after)) + | Icond cond args ifso ifnot => + reg_list_live args after + | Ireturn optarg => + reg_option_live optarg after + end + end. + +(** The liveness analysis is then obtained by instantiating the + general framework for backward dataflow analysis provided by + module [Kildall]. *) + +Module DS := Backward_Dataflow_Solver(Regset). + +Definition analyze (f: RTL.function): option (PMap.t Regset.t) := + DS.fixpoint (successors f) f.(fn_nextpc) (transfer f) nil. + +(** * Spilling and reloading *) + +(** LTL operations, like those of the target processor, operate only + over machine registers, but not over stack slots. Consider + the RTL instruction +<< + r1 <- Iop(Oadd, r1 :: r2 :: nil) +>> + and assume that [r1] and [r2] are assigned to stack locations [S s1] + and [S s2], respectively. The translated LTL code must load these + stack locations into temporary integer registers (this is called + ``reloading''), perform the [Oadd] operation over these temporaries, + leave the result in a temporary, then store the temporary back to + stack location [S s1] (this is called ``spilling''). In other term, + the generated LTL code has the following shape: +<< + IT1 <- Bgetstack s1; + IT2 <- Bgetstack s2; + IT1 <- Bop(Oadd, IT1 :: IT2 :: nil); + Bsetstack s1 IT1; +>> + This section provides functions that assist in choosing appropriate + temporaries and inserting the required spilling and reloading + operations. *) + +(** ** Allocation of temporary registers for reloading and spilling. *) + +(** [reg_for l] returns a machine register appropriate for working + over the location [l]: either the machine register [m] if [l = R m], + or a temporary register of [l]'s type if [l] is a stack slot. *) + +Definition reg_for (l: loc) : mreg := + match l with + | R r => r + | S s => match slot_type s with Tint => IT1 | Tfloat => FT1 end + end. + +(** [regs_for ll] is similar, for a list of locations [ll] of length + at most 3. We ensure that distinct temporaries are used for + different elements of [ll]. *) + +Fixpoint regs_for_rec (locs: list loc) (itmps ftmps: list mreg) + {struct locs} : list mreg := + match locs, itmps, ftmps with + | l1 :: ls, it1 :: its, ft1 :: fts => + match l1 with + | R r => r + | S s => match slot_type s with Tint => it1 | Tfloat => ft1 end + end + :: regs_for_rec ls its fts + | _, _, _ => nil + end. + +Definition regs_for (locs: list loc) := + regs_for_rec locs (IT1 :: IT2 :: IT3 :: nil) (FT1 :: FT2 :: FT3 :: nil). + +(** ** Insertion of LTL reloads, stores and moves *) + +Require Import LTL. + +(** [add_spill src dst k] prepends to [k] the instructions needed + to assign location [dst] the value of machine register [mreg]. *) + +Definition add_spill (src: mreg) (dst: loc) (k: block) := + match dst with + | R rd => if mreg_eq src rd then k else Bop Omove (src :: nil) rd k + | S sl => Bsetstack src sl k + end. + +(** [add_reload src dst k] prepends to [k] the instructions needed + to assign machine register [mreg] the value of the location [src]. *) + +Definition add_reload (src: loc) (dst: mreg) (k: block) := + match src with + | R rs => if mreg_eq rs dst then k else Bop Omove (rs :: nil) dst k + | S sl => Bgetstack sl dst k + end. + +(** [add_reloads] is similar for a list of locations (as sources) + and a list of machine registers (as destinations). *) + +Fixpoint add_reloads (srcs: list loc) (dsts: list mreg) (k: block) + {struct srcs} : block := + match srcs, dsts with + | s1 :: sl, t1 :: tl => + add_reload s1 t1 (add_reloads sl tl k) + | _, _ => + k + end. + +(** [add_move src dst k] prepends to [k] the instructions that copy + the value of location [src] into location [dst]. *) + +Definition add_move (src dst: loc) (k: block) := + if Loc.eq src dst then k else + match src, dst with + | R rs, _ => + add_spill rs dst k + | _, R rd => + add_reload src rd k + | S ss, S sd => + let tmp := + match slot_type ss with Tint => IT1 | Tfloat => FT1 end in + add_reload src tmp (add_spill tmp dst k) + end. + +(** [parallel_move srcs dsts k] is similar, but for a list of + source locations and a list of destination locations of the same + length. This is a parallel move, meaning that arbitrary overlap + between the sources and destinations is permitted. *) + +Fixpoint listsLoc2Moves (src dst : list loc) {struct src} : Moves := + match src, dst with + | nil, _ => nil + | s :: srcs, nil => nil + | s :: srcs, d :: dsts => (s, d) :: listsLoc2Moves srcs dsts + end. + +Definition parallel_move_order (src dst : list loc) := + Parallelmove.P_move (listsLoc2Moves src dst). + +Definition parallel_move (srcs dsts: list loc) (k: block) : block := + List.fold_left + (fun k p => add_move (fst p) (snd p) k) + (parallel_move_order srcs dsts) k. + +(** ** Constructors for LTL instructions *) + +(** The following functions generate LTL instructions operating + over the given locations. Appropriate reloading and spilling operations + are added around the core LTL instruction. *) + +Definition add_op (op: operation) (args: list loc) (res: loc) (s: node) := + match is_move_operation op args with + | Some src => + add_move src res (Bgoto s) + | None => + let rargs := regs_for args in + let rres := reg_for res in + add_reloads args rargs (Bop op rargs rres (add_spill rres res (Bgoto s))) + end. + +Definition add_load (chunk: memory_chunk) (addr: addressing) + (args: list loc) (dst: loc) (s: node) := + let rargs := regs_for args in + let rdst := reg_for dst in + add_reloads args rargs + (Bload chunk addr rargs rdst (add_spill rdst dst (Bgoto s))). + +Definition add_store (chunk: memory_chunk) (addr: addressing) + (args: list loc) (src: loc) (s: node) := + match regs_for (src :: args) with + | nil => Breturn (* never happens *) + | rsrc :: rargs => + add_reloads (src :: args) (rsrc :: rargs) + (Bstore chunk addr rargs rsrc (Bgoto s)) + end. + +(** For function calls, we also add appropriate moves to and from + the canonical locations for function arguments and function results, + as dictated by the calling conventions. *) + +Definition add_call (sig: signature) (ros: loc + ident) + (args: list loc) (res: loc) (s: node) := + let rargs := loc_arguments sig in + let rres := loc_result sig in + match ros with + | inl fn => + (add_reload fn IT3 + (parallel_move args rargs + (Bcall sig (inl _ IT3) (add_spill rres res (Bgoto s))))) + | inr id => + parallel_move args rargs + (Bcall sig (inr _ id) (add_spill rres res (Bgoto s))) + end. + +Definition add_cond (cond: condition) (args: list loc) (ifso ifnot: node) := + let rargs := regs_for args in + add_reloads args rargs (Bcond cond rargs ifso ifnot). + +(** For function returns, we add the appropriate move of the result + to the conventional location for the function result. If the function + returns with no value, we explicitly set the function result register + to the [Vundef] value, for consistency with RTL's semantics. *) + +Definition add_return (sig: signature) (optarg: option loc) := + match optarg with + | Some arg => add_reload arg (loc_result sig) Breturn + | None => Bop Oundef nil (loc_result sig) Breturn + end. + +(** For function entry points, we move from the parameter locations + dictated by the calling convention to the locations of the function + parameters. We also explicitly set to [Vundef] the locations + of pseudo-registers that are live at function entry but are not + parameters, again for consistency with RTL's semantics. *) + +Fixpoint add_undefs (ll: list loc) (b: block) {struct ll} : block := + match ll with + | nil => b + | R r :: ls => Bop Oundef nil r (add_undefs ls b) + | S s :: ls => add_undefs ls b + end. + +Definition add_entry (sig: signature) (params: list loc) (undefs: list loc) + (s: node) := + parallel_move (loc_parameters sig) params (add_undefs undefs (Bgoto s)). + +(** * Translation from RTL to LTL *) + +(** Each [RTL] instruction translates to an [LTL] basic block. + The register assignment [assign] returned by register allocation + is applied to the arguments and results of the RTL + instruction, followed by an invocation of the appropriate [LTL] + constructor function that will deal with spilling, reloading and + calling conventions. In addition, dead instructions are eliminated. + Dead instructions are instructions without side-effects ([Iop] and + [Iload]) whose result register is dead, i.e. whose result value + is never used. *) + +Definition transf_instr + (f: RTL.function) (live: PMap.t Regset.t) (assign: reg -> loc) + (pc: node) (instr: RTL.instruction) : LTL.block := + match instr with + | Inop s => + Bgoto s + | Iop op args res s => + if Regset.mem res live!!pc then + add_op op (List.map assign args) (assign res) s + else + Bgoto s + | Iload chunk addr args dst s => + if Regset.mem dst live!!pc then + add_load chunk addr (List.map assign args) (assign dst) s + else + Bgoto s + | Istore chunk addr args src s => + add_store chunk addr (List.map assign args) (assign src) s + | Icall sig ros args res s => + add_call sig (sum_left_map assign ros) (List.map assign args) + (assign res) s + | Icond cond args ifso ifnot => + add_cond cond (List.map assign args) ifso ifnot + | Ireturn optarg => + add_return (RTL.fn_sig f) (option_map assign optarg) + end. + +Definition transf_entrypoint + (f: RTL.function) (live: PMap.t Regset.t) (assign: reg -> loc) + (newcode: LTL.code) : LTL.code := + let oldentry := RTL.fn_entrypoint f in + let newentry := RTL.fn_nextpc f in + let undefs := + Regset.elements (reg_list_dead (RTL.fn_params f) + (transfer f oldentry live!!oldentry)) in + PTree.set + newentry + (add_entry (RTL.fn_sig f) + (List.map assign (RTL.fn_params f)) + (List.map assign undefs) + oldentry) + newcode. + +Lemma transf_entrypoint_wf: + forall (f: RTL.function) (live: PMap.t Regset.t) (assign: reg -> loc), + let tc1 := PTree.map (transf_instr f live assign) (RTL.fn_code f) in + let tc2 := transf_entrypoint f live assign tc1 in + forall (pc: node), Plt pc (Psucc (RTL.fn_nextpc f)) \/ tc2!pc = None. +Proof. + intros. case (plt pc (Psucc (RTL.fn_nextpc f))); intro. + left. auto. + right. + assert (pc <> RTL.fn_nextpc f). + red; intro. subst pc. elim n. apply Plt_succ. + assert (~ (Plt pc (RTL.fn_nextpc f))). + red; intro. elim n. apply Plt_trans_succ; auto. + unfold tc2. unfold transf_entrypoint. + rewrite PTree.gso; auto. + unfold tc1. rewrite PTree.gmap. + elim (RTL.fn_code_wf f pc); intro. + contradiction. unfold option_map. rewrite H1. auto. +Qed. + +(** The translation of a function performs liveness analysis, + construction and coloring of the inference graph, and per-instruction + transformation as described above. *) + +Definition transf_function (f: RTL.function) : option LTL.function := + match type_rtl_function f with + | None => None + | Some env => + match analyze f with + | None => None + | Some live => + let pc0 := f.(RTL.fn_entrypoint) in + let live0 := transfer f pc0 live!!pc0 in + match regalloc f live live0 env with + | None => None + | Some assign => + Some (LTL.mkfunction + (RTL.fn_sig f) + (RTL.fn_stacksize f) + (transf_entrypoint f live assign + (PTree.map (transf_instr f live assign) (RTL.fn_code f))) + (RTL.fn_nextpc f) + (transf_entrypoint_wf f live assign)) + end + end + end. + +Definition transf_program (p: RTL.program) : option LTL.program := + transform_partial_program transf_function p. + diff --git a/backend/Allocproof.v b/backend/Allocproof.v new file mode 100644 index 00000000..138e6d79 --- /dev/null +++ b/backend/Allocproof.v @@ -0,0 +1,1827 @@ +(** Correctness proof for the [Allocation] pass (translation from + RTL to LTL). *) + +Require Import Relations. +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Registers. +Require Import RTL. +Require Import RTLtyping. +Require Import Locations. +Require Import Conventions. +Require Import Coloring. +Require Import Coloringproof. +Require Import Allocation. +Require Import Allocproof_aux. + +(** * Semantic properties of calling conventions *) + +(** The value of a parameter in the called function is the same + as the value of the corresponding argument in the caller function. *) + +Lemma call_regs_param_of_arg: + forall sig ls l, + In l (loc_arguments sig) -> + LTL.call_regs ls (parameter_of_argument l) = ls l. +Proof. + intros. + generalize (loc_arguments_acceptable sig l H). + unfold LTL.call_regs; unfold parameter_of_argument. + unfold loc_argument_acceptable. + destruct l. auto. destruct s; tauto. +Qed. + +(** The return value, stored in the conventional return register, + is correctly passed from the callee back to the caller. *) + +Lemma return_regs_result: + forall sig caller callee, + LTL.return_regs caller callee (R (loc_result sig)) = + callee (R (loc_result sig)). +Proof. + intros. unfold LTL.return_regs. + case (In_dec Loc.eq (R (loc_result sig)) temporaries); intro. + auto. + case (In_dec Loc.eq (R (loc_result sig)) destroyed_at_call); intro. + auto. + elim n0. apply loc_result_acceptable. +Qed. + +(** Acceptable locations that are not destroyed at call keep + their values across a call. *) + +Lemma return_regs_not_destroyed: + forall caller callee l, + Loc.notin l destroyed_at_call -> loc_acceptable l -> + LTL.return_regs caller callee l = caller l. +Proof. + unfold loc_acceptable, LTL.return_regs. + destruct l; auto. + intros. case (In_dec Loc.eq (R m) temporaries); intro. + contradiction. + case (In_dec Loc.eq (R m) destroyed_at_call); intro. + elim (Loc.notin_not_in _ _ H i). + auto. +Qed. + +(** * Correctness condition for the liveness analysis *) + +(** The liveness information computed by the dataflow analysis is + correct in the following sense: all registers live ``before'' + an instruction are live ``after'' all of its predecessors. *) + +Lemma analyze_correct: + forall (f: function) (live: PMap.t Regset.t) (n s: node), + analyze f = Some live -> + f.(fn_code)!n <> None -> + f.(fn_code)!s <> None -> + In s (successors f n) -> + Regset.ge live!!n (transfer f s live!!s). +Proof. + intros. + eapply DS.fixpoint_solution. + unfold analyze in H. eexact H. + elim (fn_code_wf f n); intro. auto. contradiction. + elim (fn_code_wf f s); intro. auto. contradiction. + auto. +Qed. + +Definition live0 (f: RTL.function) (live: PMap.t Regset.t) := + transfer f f.(RTL.fn_entrypoint) live!!(f.(RTL.fn_entrypoint)). + +(** * Properties of allocated locations *) + +(** We list here various properties of the locations [alloc r], + where [r] is an RTL pseudo-register and [alloc] is the register + assignment returned by [regalloc]. *) + +Section REGALLOC_PROPERTIES. + +Variable f: function. +Variable env: regenv. +Variable live: PMap.t Regset.t. +Variable alloc: reg -> loc. +Hypothesis ALLOC: regalloc f live (live0 f live) env = Some alloc. + +Lemma loc_acceptable_noteq_diff: + forall l1 l2, + loc_acceptable l1 -> l1 <> l2 -> Loc.diff l1 l2. +Proof. + unfold loc_acceptable, Loc.diff; destruct l1; destruct l2; + try (destruct s); try (destruct s0); intros; auto; try congruence. + case (zeq z z0); intro. + compare t t0; intro. + subst z0; subst t0; tauto. + tauto. tauto. + contradiction. contradiction. +Qed. + +Lemma regalloc_noteq_diff: + forall r1 l2, + alloc r1 <> l2 -> Loc.diff (alloc r1) l2. +Proof. + intros. apply loc_acceptable_noteq_diff. + eapply regalloc_acceptable; eauto. + auto. +Qed. + +Lemma loc_acceptable_notin_notin: + forall r ll, + loc_acceptable r -> + ~(In r ll) -> Loc.notin r ll. +Proof. + induction ll; simpl; intros. + auto. + split. apply loc_acceptable_noteq_diff. assumption. + apply sym_not_equal. tauto. + apply IHll. assumption. tauto. +Qed. + +Lemma regalloc_notin_notin: + forall r ll, + ~(In (alloc r) ll) -> Loc.notin (alloc r) ll. +Proof. + intros. apply loc_acceptable_notin_notin. + eapply regalloc_acceptable; eauto. auto. +Qed. + +Lemma regalloc_norepet_norepet: + forall rl, + list_norepet (List.map alloc rl) -> + Loc.norepet (List.map alloc rl). +Proof. + induction rl; simpl; intros. + apply Loc.norepet_nil. + inversion H. + apply Loc.norepet_cons. + eapply regalloc_notin_notin; eauto. + auto. +Qed. + +Lemma regalloc_not_temporary: + forall (r: reg), + Loc.notin (alloc r) temporaries. +Proof. + intros. apply temporaries_not_acceptable. + eapply regalloc_acceptable; eauto. +Qed. + +Lemma regalloc_disj_temporaries: + forall (rl: list reg), + Loc.disjoint (List.map alloc rl) temporaries. +Proof. + intros. + apply Loc.notin_disjoint. intros. + generalize (list_in_map_inv _ _ _ H). intros [r [EQ IN]]. + subst x. apply regalloc_not_temporary; auto. +Qed. + +End REGALLOC_PROPERTIES. + +(** * Semantic agreement between RTL registers and LTL locations *) + +Require Import LTL. + +Section AGREE. + +Variable f: RTL.function. +Variable env: regenv. +Variable flive: PMap.t Regset.t. +Variable assign: reg -> loc. +Hypothesis REGALLOC: regalloc f flive (live0 f flive) env = Some assign. + +(** Remember the core of the code transformation performed in module + [Allocation]: every reference to register [r] is replaced by + a reference to location [assign r]. We will shortly prove + the semantic equivalence between the original code and the transformed code. + The key tool to do this is the following relation between + a register set [rs] in the original RTL program and a location set + [ls] in the transformed LTL program. The two sets agree if + they assign identical values to matching registers and locations, + that is, the value of register [r] in [rs] is the same as + the value of location [assign r] in [ls]. However, this equality + needs to hold only for live registers [r]. If [r] is dead at + the current point, its value is never used later, hence the value + of [assign r] can be arbitrary. *) + +Definition agree (live: Regset.t) (rs: regset) (ls: locset) : Prop := + forall (r: reg), Regset.mem r live = true -> ls (assign r) = rs#r. + +(** What follows is a long list of lemmas expressing properties + of the [agree_live_regs] predicate that are useful for the + semantic equivalence proof. First: two register sets that agree + on a given set of live registers also agree on a subset of + those live registers. *) + +Lemma agree_increasing: + forall live1 live2 rs ls, + Regset.ge live1 live2 -> agree live1 rs ls -> + agree live2 rs ls. +Proof. + unfold agree; intros. + apply H0. apply H. auto. +Qed. + +(** Some useful special cases of [agree_increasing]. *) + +Lemma agree_reg_live: + forall r live rs ls, + agree (reg_live r live) rs ls -> agree live rs ls. +Proof. + intros. apply agree_increasing with (reg_live r live). + red; intros. case (Reg.eq r r0); intro. + subst r0. apply Regset.mem_add_same. + rewrite Regset.mem_add_other; auto. auto. +Qed. + +Lemma agree_reg_list_live: + forall rl live rs ls, + agree (reg_list_live rl live) rs ls -> agree live rs ls. +Proof. + induction rl; simpl; intros. + assumption. + apply agree_reg_live with a. apply IHrl. assumption. +Qed. + +Lemma agree_reg_sum_live: + forall ros live rs ls, + agree (reg_sum_live ros live) rs ls -> agree live rs ls. +Proof. + intros. destruct ros; simpl in H. + apply agree_reg_live with r; auto. + auto. +Qed. + +(** Agreement over a set of live registers just extended with [r] + implies equality of the values of [r] and [assign r]. *) + +Lemma agree_eval_reg: + forall r live rs ls, + agree (reg_live r live) rs ls -> ls (assign r) = rs#r. +Proof. + intros. apply H. apply Regset.mem_add_same. +Qed. + +(** Same, for a list of registers. *) + +Lemma agree_eval_regs: + forall rl live rs ls, + agree (reg_list_live rl live) rs ls -> + List.map ls (List.map assign rl) = rs##rl. +Proof. + induction rl; simpl; intros. + reflexivity. + apply (f_equal2 (@cons val)). + apply agree_eval_reg with live. + apply agree_reg_list_live with rl. auto. + eapply IHrl. eexact H. +Qed. + +(** Agreement is insensitive to the current values of the temporary + machine registers. *) + +Lemma agree_exten: + forall live rs ls ls', + agree live rs ls -> + (forall l, Loc.notin l temporaries -> ls' l = ls l) -> + agree live rs ls'. +Proof. + unfold agree; intros. + rewrite H0. apply H. auto. eapply regalloc_not_temporary; eauto. +Qed. + +(** If a register is dead, assigning it an arbitrary value in [rs] + and leaving [ls] unchanged preserves agreement. (This corresponds + to an operation over a dead register in the original program + that is turned into a no-op in the transformed program.) *) + +Lemma agree_assign_dead: + forall live r rs ls v, + Regset.mem r live = false -> + agree live rs ls -> + agree live (rs#r <- v) ls. +Proof. + unfold agree; intros. + case (Reg.eq r r0); intro. + subst r0. congruence. + rewrite Regmap.gso; auto. +Qed. + +(** Setting [r] to value [v] in [rs] + and simultaneously setting [assign r] to value [v] in [ls] + preserves agreement, provided that all live registers except [r] + are mapped to locations other than that of [r]. *) + +Lemma agree_assign_live: + forall live r rs ls ls' v, + (forall s, + Regset.mem s live = true -> s <> r -> assign s <> assign r) -> + ls' (assign r) = v -> + (forall l, Loc.diff l (assign r) -> Loc.notin l temporaries -> ls' l = ls l) -> + agree (reg_dead r live) rs ls -> + agree live (rs#r <- v) ls'. +Proof. + unfold agree; intros. + case (Reg.eq r r0); intro. + subst r0. rewrite Regmap.gss. assumption. + rewrite Regmap.gso; auto. + rewrite H1. apply H2. rewrite Regset.mem_remove_other. auto. + auto. eapply regalloc_noteq_diff. eauto. apply H. auto. auto. + eapply regalloc_not_temporary; eauto. +Qed. + +(** This is a special case of the previous lemma where the value [v] + being stored is not arbitrary, but is the value of + another register [arg]. (This corresponds to a register-register move + instruction.) In this case, the condition can be weakened: + it suffices that all live registers except [arg] and [res] + are mapped to locations other than that of [res]. *) + +Lemma agree_move_live: + forall live arg res rs (ls ls': locset), + (forall r, + Regset.mem r live = true -> r <> res -> r <> arg -> + assign r <> assign res) -> + ls' (assign res) = ls (assign arg) -> + (forall l, Loc.diff l (assign res) -> Loc.notin l temporaries -> ls' l = ls l) -> + agree (reg_live arg (reg_dead res live)) rs ls -> + agree live (rs#res <- (rs#arg)) ls'. +Proof. + unfold agree; intros. + case (Reg.eq res r); intro. + subst r. rewrite Regmap.gss. rewrite H0. apply H2. + apply Regset.mem_add_same. + rewrite Regmap.gso; auto. + case (Loc.eq (assign r) (assign res)); intro. + rewrite e. rewrite H0. + case (Reg.eq arg r); intro. + subst r. apply H2. apply Regset.mem_add_same. + elim (H r); auto. + rewrite H1. apply H2. + case (Reg.eq arg r); intro. subst r. apply Regset.mem_add_same. + rewrite Regset.mem_add_other; auto. + rewrite Regset.mem_remove_other; auto. + eapply regalloc_noteq_diff; eauto. + eapply regalloc_not_temporary; eauto. +Qed. + +(** This complicated lemma states agreement between the states after + a function call, provided that the states before the call agree + and that calling conventions are respected. *) + +Lemma agree_call: + forall live args ros res rs v (ls ls': locset), + (forall r, + Regset.mem r live = true -> + r <> res -> + ~(In (assign r) Conventions.destroyed_at_call)) -> + (forall r, + Regset.mem r live = true -> r <> res -> assign r <> assign res) -> + ls' (assign res) = v -> + (forall l, + Loc.notin l destroyed_at_call -> loc_acceptable l -> Loc.diff l (assign res) -> + ls' l = ls l) -> + agree (reg_list_live args (reg_sum_live ros (reg_dead res live))) rs ls -> + agree live (rs#res <- v) ls'. +Proof. + intros. + assert (agree (reg_dead res live) rs ls). + apply agree_reg_sum_live with ros. + apply agree_reg_list_live with args. assumption. + red; intros. + case (Reg.eq r res); intro. + subst r. rewrite Regmap.gss. assumption. + rewrite Regmap.gso; auto. rewrite H2. apply H4. + rewrite Regset.mem_remove_other; auto. + eapply regalloc_notin_notin; eauto. + eapply regalloc_acceptable; eauto. + eapply regalloc_noteq_diff; eauto. +Qed. + +(** Agreement between the initial register set at RTL function entry + and the location set at LTL function entry. *) + +Lemma agree_init_regs: + forall rl vl ls live, + (forall r1 r2, + In r1 rl -> Regset.mem r2 live = true -> r1 <> r2 -> + assign r1 <> assign r2) -> + List.map ls (List.map assign rl) = vl -> + agree (reg_list_dead rl live) (Regmap.init Vundef) ls -> + agree live (init_regs vl rl) ls. +Proof. + induction rl; simpl; intros. + assumption. + destruct vl. discriminate. + assert (agree (reg_dead a live) (init_regs vl rl) ls). + apply IHrl. intros. apply H. tauto. + case (Reg.eq a r2); intro. subst r2. + rewrite Regset.mem_remove_same in H3. discriminate. + rewrite Regset.mem_remove_other in H3; auto. + auto. congruence. assumption. + red; intros. case (Reg.eq a r); intro. + subst r. rewrite Regmap.gss. congruence. + rewrite Regmap.gso; auto. apply H2. + rewrite Regset.mem_remove_other; auto. +Qed. + +Lemma agree_parameters: + forall vl ls, + let params := f.(RTL.fn_params) in + List.map ls (List.map assign params) = vl -> + (forall r, + Regset.mem r (reg_list_dead params (live0 f flive)) = true -> + ls (assign r) = Vundef) -> + agree (live0 f flive) (init_regs vl params) ls. +Proof. + intros. apply agree_init_regs. + intros. eapply regalloc_correct_3; eauto. + assumption. + red; intros. rewrite Regmap.gi. auto. +Qed. + +End AGREE. + +(** * Correctness of the LTL constructors *) + +(** This section proves theorems that establish the correctness of the + LTL constructor functions such as [add_op]. The theorems are of + the general form ``the generated LTL instructions execute and + modify the location set in the expected way: the result location(s) + contain the expected values and other, non-temporary locations keep + their values''. *) + +Section LTL_CONSTRUCTORS. + +Variable ge: LTL.genv. +Variable sp: val. + +Lemma reg_for_spec: + forall l, + R(reg_for l) = l \/ In (R (reg_for l)) temporaries. +Proof. + intros. unfold reg_for. destruct l. tauto. + case (slot_type s); simpl; tauto. +Qed. + +Lemma add_reload_correct: + forall src dst k rs m, + exists rs', + exec_instrs ge sp (add_reload src dst k) rs m k rs' m /\ + rs' (R dst) = rs src /\ + forall l, Loc.diff (R dst) l -> rs' l = rs l. +Proof. + intros. unfold add_reload. destruct src. + case (mreg_eq m0 dst); intro. + subst dst. exists rs. split. apply exec_refl. tauto. + exists (Locmap.set (R dst) (rs (R m0)) rs). + split. apply exec_one; apply exec_Bop. reflexivity. + split. apply Locmap.gss. + intros; apply Locmap.gso; auto. + exists (Locmap.set (R dst) (rs (S s)) rs). + split. apply exec_one; apply exec_Bgetstack. + split. apply Locmap.gss. + intros; apply Locmap.gso; auto. +Qed. + +Lemma add_spill_correct: + forall src dst k rs m, + exists rs', + exec_instrs ge sp (add_spill src dst k) rs m k rs' m /\ + rs' dst = rs (R src) /\ + forall l, Loc.diff dst l -> rs' l = rs l. +Proof. + intros. unfold add_spill. destruct dst. + case (mreg_eq src m0); intro. + subst src. exists rs. split. apply exec_refl. tauto. + exists (Locmap.set (R m0) (rs (R src)) rs). + split. apply exec_one. apply exec_Bop. reflexivity. + split. apply Locmap.gss. + intros; apply Locmap.gso; auto. + exists (Locmap.set (S s) (rs (R src)) rs). + split. apply exec_one. apply exec_Bsetstack. + split. apply Locmap.gss. + intros; apply Locmap.gso; auto. +Qed. + +Lemma add_reloads_correct_rec: + forall srcs itmps ftmps k rs m, + (List.length srcs <= List.length itmps)%nat -> + (List.length srcs <= List.length ftmps)%nat -> + (forall r, In (R r) srcs -> In r itmps -> False) -> + (forall r, In (R r) srcs -> In r ftmps -> False) -> + list_disjoint itmps ftmps -> + list_norepet itmps -> + list_norepet ftmps -> + exists rs', + exec_instrs ge sp (add_reloads srcs (regs_for_rec srcs itmps ftmps) k) rs m k rs' m /\ + reglist (regs_for_rec srcs itmps ftmps) rs' = map rs srcs /\ + (forall r, ~(In r itmps) -> ~(In r ftmps) -> rs' (R r) = rs (R r)) /\ + (forall s, rs' (S s) = rs (S s)). +Proof. + induction srcs; simpl; intros. + (* base case *) + exists rs. split. apply exec_refl. tauto. + (* inductive case *) + destruct itmps; simpl in H. omegaContradiction. + destruct ftmps; simpl in H0. omegaContradiction. + assert (R1: (length srcs <= length itmps)%nat). omega. + assert (R2: (length srcs <= length ftmps)%nat). omega. + assert (R3: forall r, In (R r) srcs -> In r itmps -> False). + intros. apply H1 with r. tauto. auto with coqlib. + assert (R4: forall r, In (R r) srcs -> In r ftmps -> False). + intros. apply H2 with r. tauto. auto with coqlib. + assert (R5: list_disjoint itmps ftmps). + eapply list_disjoint_cons_left. + eapply list_disjoint_cons_right. eauto. + assert (R6: list_norepet itmps). + inversion H4; auto. + assert (R7: list_norepet ftmps). + inversion H5; auto. + destruct a. + (* a is a register *) + generalize (IHsrcs itmps ftmps k rs m R1 R2 R3 R4 R5 R6 R7). + intros [rs' [EX [RES [OTH1 OTH2]]]]. + exists rs'. split. + unfold add_reload. case (mreg_eq m2 m2); intro; tauto. + split. simpl. apply (f_equal2 (@cons val)). + apply OTH1. + red; intro; apply H1 with m2. tauto. auto with coqlib. + red; intro; apply H2 with m2. tauto. auto with coqlib. + assumption. + split. intros. apply OTH1. simpl in H6; tauto. simpl in H7; tauto. + auto. + (* a is a stack location *) + set (tmp := match slot_type s with Tint => m0 | Tfloat => m1 end). + assert (NI: ~(In tmp itmps)). + unfold tmp; case (slot_type s). + inversion H4; auto. + apply list_disjoint_notin with (m1 :: ftmps). + apply list_disjoint_sym. apply list_disjoint_cons_left with m0. + auto. auto with coqlib. + assert (NF: ~(In tmp ftmps)). + unfold tmp; case (slot_type s). + apply list_disjoint_notin with (m0 :: itmps). + apply list_disjoint_cons_right with m1. + auto. auto with coqlib. + inversion H5; auto. + generalize + (add_reload_correct (S s) tmp + (add_reloads srcs (regs_for_rec srcs itmps ftmps) k) rs m). + intros [rs1 [EX1 [RES1 OTH]]]. + generalize (IHsrcs itmps ftmps k rs1 m R1 R2 R3 R4 R5 R6 R7). + intros [rs' [EX [RES [OTH1 OTH2]]]]. + exists rs'. + split. eapply exec_trans; eauto. + split. simpl. apply (f_equal2 (@cons val)). + rewrite OTH1; auto. + rewrite RES. apply list_map_exten. intros. + symmetry. apply OTH. + destruct x; try exact I. simpl. red; intro; subst m2. + generalize H6; unfold tmp. case (slot_type s). + intro. apply H1 with m0. tauto. auto with coqlib. + intro. apply H2 with m1. tauto. auto with coqlib. + split. intros. simpl in H6; simpl in H7. + rewrite OTH1. apply OTH. + simpl. unfold tmp. case (slot_type s); tauto. + tauto. tauto. + intros. rewrite OTH2. apply OTH. exact I. +Qed. + +Lemma add_reloads_correct: + forall srcs k rs m, + (List.length srcs <= 3)%nat -> + Loc.disjoint srcs temporaries -> + exists rs', + exec_instrs ge sp (add_reloads srcs (regs_for srcs) k) rs m k rs' m /\ + reglist (regs_for srcs) rs' = List.map rs srcs /\ + forall l, Loc.notin l temporaries -> rs' l = rs l. +Proof. + intros. + pose (itmps := IT1 :: IT2 :: IT3 :: nil). + pose (ftmps := FT1 :: FT2 :: FT3 :: nil). + assert (R1: (List.length srcs <= List.length itmps)%nat). + unfold itmps; simpl; assumption. + assert (R2: (List.length srcs <= List.length ftmps)%nat). + unfold ftmps; simpl; assumption. + assert (R3: forall r, In (R r) srcs -> In r itmps -> False). + intros. assert (In (R r) temporaries). + simpl in H2; simpl; intuition congruence. + generalize (H0 _ _ H1 H3). simpl. tauto. + assert (R4: forall r, In (R r) srcs -> In r ftmps -> False). + intros. assert (In (R r) temporaries). + simpl in H2; simpl; intuition congruence. + generalize (H0 _ _ H1 H3). simpl. tauto. + assert (R5: list_disjoint itmps ftmps). + red; intros r1 r2; simpl; intuition congruence. + assert (R6: list_norepet itmps). + unfold itmps. NoRepet. + assert (R7: list_norepet ftmps). + unfold ftmps. NoRepet. + generalize (add_reloads_correct_rec srcs itmps ftmps k rs m + R1 R2 R3 R4 R5 R6 R7). + intros [rs' [EX [RES [OTH1 OTH2]]]]. + exists rs'. split. exact EX. + split. exact RES. + intros. destruct l. apply OTH1. + generalize (Loc.notin_not_in _ _ H1). simpl. intuition congruence. + generalize (Loc.notin_not_in _ _ H1). simpl. intuition congruence. + apply OTH2. +Qed. + +Lemma add_move_correct: + forall src dst k rs m, + exists rs', + exec_instrs ge sp (add_move src dst k) rs m k rs' m /\ + rs' dst = rs src /\ + forall l, Loc.diff l dst -> Loc.diff l (R IT1) -> Loc.diff l (R FT1) -> rs' l = rs l. +Proof. + intros; unfold add_move. + case (Loc.eq src dst); intro. + subst dst. exists rs. split. apply exec_refl. tauto. + destruct src. + (* src is a register *) + generalize (add_spill_correct m0 dst k rs m); intros [rs' [EX [RES OTH]]]. + exists rs'; intuition. apply OTH; apply Loc.diff_sym; auto. + destruct dst. + (* src is a stack slot, dst a register *) + generalize (add_reload_correct (S s) m0 k rs m); intros [rs' [EX [RES OTH]]]. + exists rs'; intuition. apply OTH; apply Loc.diff_sym; auto. + (* src and dst are stack slots *) + set (tmp := match slot_type s with Tint => IT1 | Tfloat => FT1 end). + generalize (add_reload_correct (S s) tmp (add_spill tmp (S s0) k) rs m); + intros [rs1 [EX1 [RES1 OTH1]]]. + generalize (add_spill_correct tmp (S s0) k rs1 m); + intros [rs2 [EX2 [RES2 OTH2]]]. + exists rs2. split. + eapply exec_trans; eauto. + split. congruence. + intros. rewrite OTH2. apply OTH1. + apply Loc.diff_sym. unfold tmp; case (slot_type s); auto. + apply Loc.diff_sym; auto. +Qed. + +Theorem parallel_move_correct: + forall srcs dsts k rs m, + List.length srcs = List.length dsts -> + Loc.no_overlap srcs dsts -> + Loc.norepet dsts -> + Loc.disjoint srcs temporaries -> + Loc.disjoint dsts temporaries -> + exists rs', + exec_instrs ge sp (parallel_move srcs dsts k) rs m k rs' m /\ + List.map rs' dsts = List.map rs srcs /\ + rs' (R IT3) = rs (R IT3) /\ + forall l, Loc.notin l dsts -> Loc.notin l temporaries -> rs' l = rs l. +Proof. + apply (parallel_move_correctX ge sp). + apply add_move_correct. +Qed. + +Lemma add_op_correct: + forall op args res s rs m v, + (List.length args <= 3)%nat -> + Loc.disjoint args temporaries -> + eval_operation ge sp op (List.map rs args) = Some v -> + exists rs', + exec_block ge sp (add_op op args res s) rs m (Cont s) rs' m /\ + rs' res = v /\ + forall l, Loc.diff l res -> Loc.notin l temporaries -> rs' l = rs l. +Proof. + intros. unfold add_op. + caseEq (is_move_operation op args). + (* move *) + intros arg IMO. + generalize (is_move_operation_correct op args IMO). + intros [EQ1 EQ2]. subst op; subst args. + generalize (add_move_correct arg res (Bgoto s) rs m). + intros [rs' [EX [RES OTHER]]]. + exists rs'. split. + apply exec_Bgoto. exact EX. + split. simpl in H1. congruence. + intros. unfold temporaries in H3; simpl in H3. + apply OTHER. assumption. tauto. tauto. + (* other ops *) + intros. + set (rargs := regs_for args). set (rres := reg_for res). + generalize (add_reloads_correct args + (Bop op rargs rres (add_spill rres res (Bgoto s))) + rs m H H0). + intros [rs1 [EX1 [RES1 OTHER1]]]. + pose (rs2 := Locmap.set (R rres) v rs1). + generalize (add_spill_correct rres res (Bgoto s) rs2 m). + intros [rs3 [EX3 [RES3 OTHER3]]]. + exists rs3. + split. apply exec_Bgoto. eapply exec_trans. eexact EX1. + eapply exec_trans; eauto. + apply exec_one. unfold rs2. apply exec_Bop. + unfold rargs. rewrite RES1. auto. + split. rewrite RES3. unfold rs2; apply Locmap.gss. + intros. rewrite OTHER3. unfold rs2. rewrite Locmap.gso. + apply OTHER1. assumption. + apply Loc.diff_sym. unfold rres. elim (reg_for_spec res); intro. + rewrite H5; auto. + eapply Loc.in_notin_diff; eauto. apply Loc.diff_sym; auto. +Qed. + +Lemma add_load_correct: + forall chunk addr args res s rs m a v, + (List.length args <= 2)%nat -> + Loc.disjoint args temporaries -> + eval_addressing ge sp addr (List.map rs args) = Some a -> + loadv chunk m a = Some v -> + exists rs', + exec_block ge sp (add_load chunk addr args res s) rs m (Cont s) rs' m /\ + rs' res = v /\ + forall l, Loc.diff l res -> Loc.notin l temporaries -> rs' l = rs l. +Proof. + intros. unfold add_load. + set (rargs := regs_for args). set (rres := reg_for res). + assert (LL: (List.length args <= 3)%nat). omega. + generalize (add_reloads_correct args + (Bload chunk addr rargs rres (add_spill rres res (Bgoto s))) + rs m LL H0). + intros [rs1 [EX1 [RES1 OTHER1]]]. + pose (rs2 := Locmap.set (R rres) v rs1). + generalize (add_spill_correct rres res (Bgoto s) rs2 m). + intros [rs3 [EX3 [RES3 OTHER3]]]. + exists rs3. + split. apply exec_Bgoto. eapply exec_trans; eauto. + eapply exec_trans; eauto. + apply exec_one. unfold rs2. apply exec_Bload with a. + unfold rargs; rewrite RES1. assumption. assumption. + split. rewrite RES3. unfold rs2; apply Locmap.gss. + intros. rewrite OTHER3. unfold rs2. rewrite Locmap.gso. + apply OTHER1. assumption. + apply Loc.diff_sym. unfold rres. elim (reg_for_spec res); intro. + rewrite H5; auto. + eapply Loc.in_notin_diff; eauto. apply Loc.diff_sym; auto. +Qed. + +Lemma add_store_correct: + forall chunk addr args src s rs m m' a, + (List.length args <= 2)%nat -> + Loc.disjoint args temporaries -> + Loc.notin src temporaries -> + eval_addressing ge sp addr (List.map rs args) = Some a -> + storev chunk m a (rs src) = Some m' -> + exists rs', + exec_block ge sp (add_store chunk addr args src s) rs m (Cont s) rs' m' /\ + forall l, Loc.notin l temporaries -> rs' l = rs l. +Proof. + intros. + assert (LL: (List.length (src :: args) <= 3)%nat). + simpl. omega. + assert (DISJ: Loc.disjoint (src :: args) temporaries). + red; intros. elim H4; intro. subst x1. + eapply Loc.in_notin_diff; eauto. + auto with coqlib. + unfold add_store. caseEq (regs_for (src :: args)). + unfold regs_for; simpl; intro; discriminate. + intros rsrc rargs EQ. + generalize (add_reloads_correct (src :: args) + (Bstore chunk addr rargs rsrc (Bgoto s)) + rs m LL DISJ). + intros [rs1 [EX1 [RES1 OTHER1]]]. + rewrite EQ in RES1. simpl in RES1. injection RES1. + intros RES2 RES3. + exists rs1. + split. apply exec_Bgoto. + eapply exec_trans. rewrite <- EQ. eexact EX1. + apply exec_one. apply exec_Bstore with a. + rewrite RES2. assumption. rewrite RES3. assumption. + exact OTHER1. +Qed. + +Lemma add_cond_correct: + forall cond args ifso ifnot rs m b s, + (List.length args <= 3)%nat -> + Loc.disjoint args temporaries -> + eval_condition cond (List.map rs args) = Some b -> + s = (if b then ifso else ifnot) -> + exists rs', + exec_block ge sp (add_cond cond args ifso ifnot) rs m (Cont s) rs' m /\ + forall l, Loc.notin l temporaries -> rs' l = rs l. +Proof. + intros. unfold add_cond. + set (rargs := regs_for args). + generalize (add_reloads_correct args + (Bcond cond rargs ifso ifnot) + rs m H H0). + intros [rs1 [EX1 [RES1 OTHER1]]]. + fold rargs in EX1. + exists rs1. + split. destruct b; subst s. + eapply exec_Bcond_true. eexact EX1. + unfold rargs; rewrite RES1. assumption. + eapply exec_Bcond_false. eexact EX1. + unfold rargs; rewrite RES1. assumption. + exact OTHER1. +Qed. + +Definition find_function2 (los: loc + ident) (ls: locset) : option function := + match los with + | inl l => Genv.find_funct ge (ls l) + | inr symb => + match Genv.find_symbol ge symb with + | None => None + | Some b => Genv.find_funct_ptr ge b + end + end. + +Lemma add_call_correct: + forall f vargs m vres m' sig los args res s ls + (EXECF: + forall lsi, + List.map lsi (loc_arguments f.(fn_sig)) = vargs -> + exists lso, + exec_function ge f lsi m lso m' + /\ lso (R (loc_result f.(fn_sig))) = vres) + (FIND: find_function2 los ls = Some f) + (SIG: sig = f.(fn_sig)) + (VARGS: List.map ls args = vargs) + (LARGS: List.length args = List.length sig.(sig_args)) + (AARGS: locs_acceptable args) + (RES: loc_acceptable res), + exists ls', + exec_block ge sp (add_call sig los args res s) ls m (Cont s) ls' m' /\ + ls' res = vres /\ + forall l, + Loc.notin l destroyed_at_call -> loc_acceptable l -> Loc.diff l res -> + ls' l = ls l. +Proof. + intros until los. + case los; intro fn; intros; simpl in FIND; rewrite <- SIG in EXECF; unfold add_call. + (* indirect call *) + assert (LEN: List.length args = List.length (loc_arguments sig)). + rewrite LARGS. symmetry. apply loc_arguments_length. + pose (DISJ := locs_acceptable_disj_temporaries args AARGS). + generalize (add_reload_correct fn IT3 + (parallel_move args (loc_arguments sig) + (Bcall sig (inl ident IT3) + (add_spill (loc_result sig) res (Bgoto s)))) + ls m). + intros [ls1 [EX1 [RES1 OTHER1]]]. + generalize + (parallel_move_correct args (loc_arguments sig) + (Bcall sig (inl ident IT3) + (add_spill (loc_result sig) res (Bgoto s))) + ls1 m LEN + (no_overlap_arguments args sig AARGS) + (loc_arguments_norepet sig) + DISJ + (loc_arguments_not_temporaries sig)). + intros [ls2 [EX2 [RES2 [TMP2 OTHER2]]]]. + assert (PARAMS: List.map ls2 (loc_arguments sig) = vargs). + rewrite <- VARGS. rewrite RES2. + apply list_map_exten. intros. symmetry. apply OTHER1. + apply Loc.diff_sym. apply DISJ. auto. simpl; tauto. + generalize (EXECF ls2 PARAMS). + intros [ls3 [EX3 RES3]]. + pose (ls4 := return_regs ls2 ls3). + generalize (add_spill_correct (loc_result sig) res + (Bgoto s) ls4 m'). + intros [ls5 [EX5 [RES5 OTHER5]]]. + exists ls5. + (* Execution *) + split. apply exec_Bgoto. + eapply exec_trans. eexact EX1. + eapply exec_trans. eexact EX2. + eapply exec_trans. apply exec_one. apply exec_Bcall with f. + unfold find_function. rewrite TMP2. rewrite RES1. + assumption. assumption. eexact EX3. + exact EX5. + (* Result *) + split. rewrite RES5. unfold ls4. rewrite return_regs_result. + assumption. + (* Other regs *) + intros. rewrite OTHER5; auto. + unfold ls4; rewrite return_regs_not_destroyed; auto. + rewrite OTHER2. apply OTHER1. + apply Loc.diff_sym. apply Loc.in_notin_diff with temporaries. + apply temporaries_not_acceptable; auto. simpl; tauto. + apply arguments_not_preserved; auto. + apply temporaries_not_acceptable; auto. + apply Loc.diff_sym; auto. + (* direct call *) + assert (LEN: List.length args = List.length (loc_arguments sig)). + rewrite LARGS. symmetry. apply loc_arguments_length. + pose (DISJ := locs_acceptable_disj_temporaries args AARGS). + generalize + (parallel_move_correct args (loc_arguments sig) + (Bcall sig (inr mreg fn) + (add_spill (loc_result sig) res (Bgoto s))) + ls m LEN + (no_overlap_arguments args sig AARGS) + (loc_arguments_norepet sig) + DISJ (loc_arguments_not_temporaries sig)). + intros [ls2 [EX2 [RES2 [TMP2 OTHER2]]]]. + assert (PARAMS: List.map ls2 (loc_arguments sig) = vargs). + rewrite <- VARGS. rewrite RES2. auto. + generalize (EXECF ls2 PARAMS). + intros [ls3 [EX3 RES3]]. + pose (ls4 := return_regs ls2 ls3). + generalize (add_spill_correct (loc_result sig) res + (Bgoto s) ls4 m'). + intros [ls5 [EX5 [RES5 OTHER5]]]. + exists ls5. + (* Execution *) + split. apply exec_Bgoto. + eapply exec_trans. eexact EX2. + eapply exec_trans. apply exec_one. apply exec_Bcall with f. + unfold find_function. assumption. assumption. eexact EX3. + exact EX5. + (* Result *) + split. rewrite RES5. + unfold ls4. rewrite return_regs_result. + assumption. + (* Other regs *) + intros. rewrite OTHER5; auto. + unfold ls4; rewrite return_regs_not_destroyed; auto. + apply OTHER2. + apply arguments_not_preserved; auto. + apply temporaries_not_acceptable; auto. + apply Loc.diff_sym; auto. +Qed. + +Lemma add_undefs_correct: + forall res b ls m, + (forall l, In l res -> loc_acceptable l) -> + (forall ofs ty, In (S (Local ofs ty)) res -> ls (S (Local ofs ty)) = Vundef) -> + exists ls', + exec_instrs ge sp (add_undefs res b) ls m b ls' m /\ + (forall l, In l res -> ls' l = Vundef) /\ + (forall l, Loc.notin l res -> ls' l = ls l). +Proof. + induction res; simpl; intros. + exists ls. split. apply exec_refl. tauto. + assert (ACC: forall l, In l res -> loc_acceptable l). + intros. apply H. tauto. + destruct a. + (* a is a register *) + pose (ls1 := Locmap.set (R m0) Vundef ls). + assert (UNDEFS: forall ofs ty, In (S (Local ofs ty)) res -> ls1 (S (Local ofs ty)) = Vundef). + intros. unfold ls1; rewrite Locmap.gso. auto. red; auto. + generalize (IHres b (Locmap.set (R m0) Vundef ls) m ACC UNDEFS). + intros [ls2 [EX2 [RES2 OTHER2]]]. + exists ls2. split. + eapply exec_trans. apply exec_one. apply exec_Bop. + simpl; reflexivity. exact EX2. + split. intros. case (In_dec Loc.eq l res); intro. + apply RES2; auto. + rewrite OTHER2. elim H1; intro. + subst l. apply Locmap.gss. + contradiction. + apply loc_acceptable_notin_notin; auto. + intros. rewrite OTHER2. apply Locmap.gso. + apply Loc.diff_sym; tauto. tauto. + (* a is a stack location *) + assert (UNDEFS: forall ofs ty, In (S (Local ofs ty)) res -> ls (S (Local ofs ty)) = Vundef). + intros. apply H0. tauto. + generalize (IHres b ls m ACC UNDEFS). + intros [ls2 [EX2 [RES2 OTHER2]]]. + exists ls2. split. assumption. + split. intros. case (In_dec Loc.eq l res); intro. + auto. + rewrite OTHER2. elim H1; intro. + subst l. generalize (H (S s) (in_eq _ _)). + unfold loc_acceptable; destruct s; intuition auto. + contradiction. + apply loc_acceptable_notin_notin; auto. + intros. apply OTHER2. tauto. +Qed. + +Lemma add_entry_correct: + forall sig params undefs s ls m, + List.length params = List.length sig.(sig_args) -> + Loc.norepet params -> + locs_acceptable params -> + Loc.disjoint params undefs -> + locs_acceptable undefs -> + (forall ofs ty, ls (S (Local ofs ty)) = Vundef) -> + exists ls', + exec_block ge sp (add_entry sig params undefs s) ls m (Cont s) ls' m /\ + List.map ls' params = List.map ls (loc_parameters sig) /\ + (forall l, In l undefs -> ls' l = Vundef). +Proof. + intros. + assert (List.length (loc_parameters sig) = List.length params). + unfold loc_parameters. rewrite list_length_map. + rewrite loc_arguments_length. auto. + assert (DISJ: Loc.disjoint params temporaries). + apply locs_acceptable_disj_temporaries; auto. + generalize (parallel_move_correct _ _ (add_undefs undefs (Bgoto s)) + ls m H5 + (no_overlap_parameters _ _ H1) + H0 (loc_parameters_not_temporaries sig) DISJ). + intros [ls1 [EX1 [RES1 [TMP1 OTHER1]]]]. + assert (forall ofs ty, In (S (Local ofs ty)) undefs -> ls1 (S (Local ofs ty)) = Vundef). + intros. rewrite OTHER1. auto. apply Loc.disjoint_notin with undefs. + apply Loc.disjoint_sym. auto. auto. + simpl; tauto. + generalize (add_undefs_correct undefs (Bgoto s) ls1 m H3 H6). + intros [ls2 [EX2 [RES2 OTHER2]]]. + exists ls2. + split. apply exec_Bgoto. unfold add_entry. + eapply exec_trans. eexact EX1. eexact EX2. + split. rewrite <- RES1. apply list_map_exten. + intros. symmetry. apply OTHER2. eapply Loc.disjoint_notin; eauto. + exact RES2. +Qed. + +Lemma add_return_correct: + forall sig optarg ls m, + exists ls', + exec_block ge sp (add_return sig optarg) ls m Return ls' m /\ + match optarg with + | Some arg => ls' (R (loc_result sig)) = ls arg + | None => ls' (R (loc_result sig)) = Vundef + end. +Proof. + intros. unfold add_return. + destruct optarg. + generalize (add_reload_correct l (loc_result sig) Breturn ls m). + intros [ls1 [EX1 [RES1 OTH1]]]. + exists ls1. + split. apply exec_Breturn. assumption. assumption. + exists (Locmap.set (R (loc_result sig)) Vundef ls). + split. apply exec_Breturn. apply exec_one. + apply exec_Bop. reflexivity. apply Locmap.gss. +Qed. + +End LTL_CONSTRUCTORS. + +(** * Exploitation of the typing hypothesis *) + +(** Register allocation is applied to RTL code that passed type inference + (see file [RTLtyping]), and therefore is well-typed in the type system + of [RTLtyping]. We exploit this hypothesis to obtain information on + the number of arguments to operations, addressing modes and conditions. *) + +Remark length_type_of_condition: + forall (c: condition), (List.length (type_of_condition c) <= 3)%nat. +Proof. + destruct c; unfold type_of_condition; simpl; omega. +Qed. + +Remark length_type_of_operation: + forall (op: operation), (List.length (fst (type_of_operation op)) <= 3)%nat. +Proof. + destruct op; unfold type_of_operation; simpl; try omega. + apply length_type_of_condition. +Qed. + +Remark length_type_of_addressing: + forall (addr: addressing), (List.length (type_of_addressing addr) <= 2)%nat. +Proof. + destruct addr; unfold type_of_addressing; simpl; omega. +Qed. + +Lemma length_op_args: + forall (env: regenv) (op: operation) (args: list reg) (res: reg), + (List.map env args, env res) = type_of_operation op -> + (List.length args <= 3)%nat. +Proof. + intros. rewrite <- (list_length_map env). + generalize (length_type_of_operation op). + rewrite <- H. simpl. auto. +Qed. + +Lemma length_addr_args: + forall (env: regenv) (addr: addressing) (args: list reg), + List.map env args = type_of_addressing addr -> + (List.length args <= 2)%nat. +Proof. + intros. rewrite <- (list_length_map env). + rewrite H. apply length_type_of_addressing. +Qed. + +Lemma length_cond_args: + forall (env: regenv) (cond: condition) (args: list reg), + List.map env args = type_of_condition cond -> + (List.length args <= 3)%nat. +Proof. + intros. rewrite <- (list_length_map env). + rewrite H. apply length_type_of_condition. +Qed. + +(** * Preservation of semantics *) + +(** We now show that the LTL code reflecting register allocation has + the same semantics as the original RTL code. We start with + standard properties of translated functions and + global environments in the original and translated code. *) + +Section PRESERVATION. + +Variable prog: RTL.program. +Variable tprog: LTL.program. +Hypothesis TRANSF: transf_program prog = Some tprog. + +Let ge := Genv.globalenv prog. +Let tge := Genv.globalenv tprog. + +Lemma symbols_preserved: + forall (s: ident), Genv.find_symbol tge s = Genv.find_symbol ge s. +Proof. + intro. unfold ge, tge. + apply Genv.find_symbol_transf_partial with transf_function. + exact TRANSF. +Qed. + +Lemma functions_translated: + forall (v: val) (f: RTL.function), + Genv.find_funct ge v = Some f -> + exists tf, + Genv.find_funct tge v = Some tf /\ transf_function f = Some tf. +Proof. + intros. + generalize + (Genv.find_funct_transf_partial transf_function TRANSF H). + case (transf_function f). + intros tf [A B]. exists tf. tauto. + intros [A B]. elim B. reflexivity. +Qed. + +Lemma function_ptr_translated: + forall (b: Values.block) (f: RTL.function), + Genv.find_funct_ptr ge b = Some f -> + exists tf, + Genv.find_funct_ptr tge b = Some tf /\ transf_function f = Some tf. +Proof. + intros. + generalize + (Genv.find_funct_ptr_transf_partial transf_function TRANSF H). + case (transf_function f). + intros tf [A B]. exists tf. tauto. + intros [A B]. elim B. reflexivity. +Qed. + +Lemma sig_function_translated: + forall f tf, + transf_function f = Some tf -> + tf.(LTL.fn_sig) = f.(RTL.fn_sig). +Proof. + intros f tf. unfold transf_function. + destruct (type_rtl_function f). + destruct (analyze f). + destruct (regalloc f t0). + intro EQ; injection EQ; intro EQ1; rewrite <- EQ1; simpl; auto. + intros; discriminate. + intros; discriminate. + intros; discriminate. +Qed. + +Lemma entrypoint_function_translated: + forall f tf, + transf_function f = Some tf -> + tf.(LTL.fn_entrypoint) = f.(RTL.fn_nextpc). +Proof. + intros f tf. unfold transf_function. + destruct (type_rtl_function f). + destruct (analyze f). + destruct (regalloc f t0). + intro EQ; injection EQ; intro EQ1; rewrite <- EQ1; simpl; auto. + intros; discriminate. + intros; discriminate. + intros; discriminate. +Qed. + +(** The proof of semantic preservation is a simulation argument + based on diagrams of the following form: +<< + pc, rs, m ------------------- pc, ls, m + | | + | | + v v + pc', rs', m' ---------------- Cont pc', ls', m' +>> + Hypotheses: the left vertical arrow represents a transition in the + original RTL code. The top horizontal bar expresses agreement between + [rs] and [ls] over the pseudo-registers live before the RTL instruction + at [pc]. + + Conclusions: the right vertical arrow is an [exec_blocks] transition + in the LTL code generated by translation of the current function. + The bottom horizontal bar expresses agreement between [rs'] and [ls'] + over the pseudo-registers live after the RTL instruction at [pc] + (which implies agreement over the pseudo-registers live before + the instruction at [pc']). + + We capture these diagrams in the following propositions parameterized + by the transition in the original RTL code (the left arrow). +*) + +Definition exec_instr_prop + (c: RTL.code) (sp: val) + (pc: node) (rs: regset) (m: mem) + (pc': node) (rs': regset) (m': mem) : Prop := + forall f env live assign ls + (CF: c = f.(RTL.fn_code)) + (WT: wt_function env f) + (ASG: regalloc f live (live0 f live) env = Some assign) + (AG: agree assign (transfer f pc live!!pc) rs ls), + let tc := PTree.map (transf_instr f live assign) c in + exists ls', + exec_blocks tge tc sp pc ls m (Cont pc') ls' m' /\ + agree assign live!!pc rs' ls'. + +Definition exec_instrs_prop + (c: RTL.code) (sp: val) + (pc: node) (rs: regset) (m: mem) + (pc': node) (rs': regset) (m': mem) : Prop := + forall f env live assign ls, + forall (CF: c = f.(RTL.fn_code)) + (WT: wt_function env f) + (ANL: analyze f = Some live) + (ASG: regalloc f live (live0 f live) env = Some assign) + (AG: agree assign (transfer f pc live!!pc) rs ls) + (VALIDPC': c!pc' <> None), + let tc := PTree.map (transf_instr f live assign) c in + exists ls', + exec_blocks tge tc sp pc ls m (Cont pc') ls' m' /\ + agree assign (transfer f pc' live!!pc') rs' ls'. + +Definition exec_function_prop + (f: RTL.function) (args: list val) (m: mem) + (res: val) (m': mem) : Prop := + forall ls tf, + transf_function f = Some tf -> + List.map ls (Conventions.loc_arguments tf.(fn_sig)) = args -> + exists ls', + LTL.exec_function tge tf ls m ls' m' /\ + ls' (R (Conventions.loc_result tf.(fn_sig))) = res. + +(** The simulation proof is by structural induction over the RTL evaluation + derivation. We prove each case of the proof as a separate lemma. + There is one lemma for each RTL evaluation rule. Each lemma concludes + one of the [exec_*_prop] predicates, and takes the induction hypotheses + (if any) as hypotheses also expressed with the [exec_*_prop] predicates. +*) + +Ltac CleanupHyps := + match goal with + | H1: (PTree.get _ _ = Some _), + H2: (_ = RTL.fn_code _), + H3: (agree _ (transfer _ _ _) _ _) |- _ => + unfold transfer in H3; rewrite <- H2 in H3; rewrite H1 in H3; + simpl in H3; + CleanupHyps + | H1: (PTree.get _ _ = Some _), + H2: (_ = RTL.fn_code _), + H3: (wt_function _ _) |- _ => + let H := fresh in + let R := fresh "WTI" in ( + generalize (wt_instrs _ _ H3); intro H; + rewrite <- H2 in H; generalize (H _ _ H1); + intro R; clear H; clear H3); + CleanupHyps + | _ => idtac + end. + +Ltac CleanupGoal := + match goal with + | H1: (PTree.get _ _ = Some _) |- _ => + eapply exec_blocks_one; + [rewrite PTree.gmap; rewrite H1; + unfold option_map; unfold transf_instr; reflexivity + |idtac] + end. + +Lemma transl_Inop_correct: + forall (c : PTree.t instruction) (sp: val) (pc : positive) + (rs : regset) (m : mem) (pc' : RTL.node), + c ! pc = Some (Inop pc') -> + exec_instr_prop c sp pc rs m pc' rs m. +Proof. + intros; red; intros; CleanupHyps. + exists ls. split. + CleanupGoal. apply exec_Bgoto. apply exec_refl. + assumption. +Qed. + +Lemma transl_Iop_correct: + forall (c : PTree.t instruction) (sp: val) (pc : positive) + (rs : Regmap.t val) (m : mem) (op : operation) (args : list reg) + (res : reg) (pc' : RTL.node) (v: val), + c ! pc = Some (Iop op args res pc') -> + eval_operation ge sp op (rs ## args) = Some v -> + exec_instr_prop c sp pc rs m pc' (rs # res <- v) m. +Proof. + intros; red; intros; CleanupHyps. + caseEq (Regset.mem res live!!pc); intro LV; + rewrite LV in AG. + assert (LL: (List.length (List.map assign args) <= 3)%nat). + rewrite list_length_map. + inversion WTI. simpl; omega. simpl; omega. + eapply length_op_args. eauto. + assert (DISJ: Loc.disjoint (List.map assign args) temporaries). + eapply regalloc_disj_temporaries; eauto. + assert (eval_operation tge sp op (map ls (map assign args)) = Some v). + replace (map ls (map assign args)) with rs##args. + rewrite (eval_operation_preserved symbols_preserved). assumption. + symmetry. eapply agree_eval_regs; eauto. + generalize (add_op_correct tge sp op + (List.map assign args) (assign res) + pc' ls m v LL DISJ H1). + intros [ls' [EX [RES OTHER]]]. + exists ls'. split. + CleanupGoal. rewrite LV. exact EX. + rewrite CF in H. + generalize (regalloc_correct_1 f env live _ _ _ _ ASG H). + unfold correct_alloc_instr. + caseEq (is_move_operation op args). + (* Special case for moves *) + intros arg IMO CORR. + generalize (is_move_operation_correct _ _ IMO). + intros [EQ1 EQ2]. subst op; subst args. + injection H0; intro. rewrite <- H2. + apply agree_move_live with f env live ls; auto. + rewrite RES. rewrite <- H2. symmetry. eapply agree_eval_reg. + simpl in AG. eexact AG. + (* Not a move *) + intros INMO CORR. + apply agree_assign_live with f env live ls; auto. + eapply agree_reg_list_live; eauto. + (* Result is not live, instruction turned into a nop *) + exists ls. split. + CleanupGoal. rewrite LV. + apply exec_Bgoto; apply exec_refl. + apply agree_assign_dead; assumption. +Qed. + +Lemma transl_Iload_correct: + forall (c : PTree.t instruction) (sp: val) (pc : positive) + (rs : Regmap.t val) (m : mem) (chunk : memory_chunk) + (addr : addressing) (args : list reg) (dst : reg) (pc' : RTL.node) + (a v : val), + c ! pc = Some (Iload chunk addr args dst pc') -> + eval_addressing ge sp addr rs ## args = Some a -> + loadv chunk m a = Some v -> + exec_instr_prop c sp pc rs m pc' rs # dst <- v m. +Proof. + intros; red; intros; CleanupHyps. + caseEq (Regset.mem dst live!!pc); intro LV; + rewrite LV in AG. + (* dst is live *) + assert (LL: (List.length (List.map assign args) <= 2)%nat). + rewrite list_length_map. + inversion WTI. + eapply length_addr_args. eauto. + assert (DISJ: Loc.disjoint (List.map assign args) temporaries). + eapply regalloc_disj_temporaries; eauto. + assert (EADDR: + eval_addressing tge sp addr (map ls (map assign args)) = Some a). + rewrite <- H0. + replace (rs##args) with (map ls (map assign args)). + apply eval_addressing_preserved. exact symbols_preserved. + eapply agree_eval_regs; eauto. + generalize (add_load_correct tge sp chunk addr + (List.map assign args) (assign dst) + pc' ls m _ _ LL DISJ EADDR H1). + intros [ls' [EX [RES OTHER]]]. + exists ls'. split. CleanupGoal. rewrite LV. exact EX. + rewrite CF in H. + generalize (regalloc_correct_1 f env live _ _ _ _ ASG H). + unfold correct_alloc_instr. intro CORR. + eapply agree_assign_live; eauto. + eapply agree_reg_list_live; eauto. + (* dst is dead *) + exists ls. split. + CleanupGoal. rewrite LV. + apply exec_Bgoto; apply exec_refl. + apply agree_assign_dead; auto. +Qed. + +Lemma transl_Istore_correct: + forall (c : PTree.t instruction) (sp: val) (pc : positive) + (rs : Regmap.t val) (m : mem) (chunk : memory_chunk) + (addr : addressing) (args : list reg) (src : reg) (pc' : RTL.node) + (a : val) (m' : mem), + c ! pc = Some (Istore chunk addr args src pc') -> + eval_addressing ge sp addr rs ## args = Some a -> + storev chunk m a rs # src = Some m' -> + exec_instr_prop c sp pc rs m pc' rs m'. +Proof. + intros; red; intros; CleanupHyps. + assert (LL: (List.length (List.map assign args) <= 2)%nat). + rewrite list_length_map. + inversion WTI. + eapply length_addr_args. eauto. + assert (DISJ: Loc.disjoint (List.map assign args) temporaries). + eapply regalloc_disj_temporaries; eauto. + assert (SRC: Loc.notin (assign src) temporaries). + eapply regalloc_not_temporary; eauto. + assert (EADDR: + eval_addressing tge sp addr (map ls (map assign args)) = Some a). + rewrite <- H0. + replace (rs##args) with (map ls (map assign args)). + apply eval_addressing_preserved. exact symbols_preserved. + eapply agree_eval_regs; eauto. + assert (ESRC: ls (assign src) = rs#src). + eapply agree_eval_reg. eapply agree_reg_list_live. eauto. + rewrite <- ESRC in H1. + generalize (add_store_correct tge sp chunk addr + (List.map assign args) (assign src) + pc' ls m m' a LL DISJ SRC EADDR H1). + intros [ls' [EX RES]]. + exists ls'. split. CleanupGoal. exact EX. + rewrite CF in H. + generalize (regalloc_correct_1 f env live _ _ _ _ ASG H). + unfold correct_alloc_instr. intro CORR. + eapply agree_exten. eauto. + eapply agree_reg_live. eapply agree_reg_list_live. eauto. + assumption. +Qed. + +Lemma transl_Icall_correct: + forall (c : PTree.t instruction) (sp: val) (pc : positive) + (rs : regset) (m : mem) (sig : signature) (ros : reg + ident) + (args : list reg) (res : reg) (pc' : RTL.node) + (f : RTL.function) (vres : val) (m' : mem), + c ! pc = Some (Icall sig ros args res pc') -> + RTL.find_function ge ros rs = Some f -> + sig = RTL.fn_sig f -> + RTL.exec_function ge f (rs##args) m vres m' -> + exec_function_prop f (rs##args) m vres m' -> + exec_instr_prop c sp pc rs m pc' (rs#res <- vres) m'. +Proof. + intros; red; intros; CleanupHyps. + set (los := sum_left_map assign ros). + assert (FIND: exists tf, + find_function2 tge los ls = Some tf /\ + transf_function f = Some tf). + unfold los. destruct ros; simpl; simpl in H0. + apply functions_translated. + replace (ls (assign r)) with rs#r. assumption. + simpl in AG. symmetry; eapply agree_eval_reg. + eapply agree_reg_list_live; eauto. + rewrite symbols_preserved. destruct (Genv.find_symbol ge i). + apply function_ptr_translated. auto. + discriminate. + elim FIND; intros tf [AFIND TRF]; clear FIND. + assert (ASIG: sig = fn_sig tf). + rewrite (sig_function_translated _ _ TRF). auto. + generalize (fun ls => H3 ls tf TRF); intro AEXECF. + assert (AVARGS: List.map ls (List.map assign args) = rs##args). + eapply agree_eval_regs; eauto. + assert (ALARGS: List.length (List.map assign args) = + List.length sig.(sig_args)). + inversion WTI. rewrite <- H10. + repeat rewrite list_length_map. auto. + assert (AACCEPT: locs_acceptable (List.map assign args)). + eapply regsalloc_acceptable; eauto. + rewrite CF in H. + generalize (regalloc_correct_1 f0 env live _ _ _ _ ASG H). + unfold correct_alloc_instr. intros [CORR1 CORR2]. + assert (ARES: loc_acceptable (assign res)). + eapply regalloc_acceptable; eauto. + generalize (add_call_correct tge sp tf _ _ _ _ _ _ _ _ pc' _ + AEXECF AFIND ASIG AVARGS ALARGS + AACCEPT ARES). + intros [ls' [EX [RES OTHER]]]. + exists ls'. + split. rewrite CF. CleanupGoal. exact EX. + simpl. eapply agree_call; eauto. +Qed. + +Lemma transl_Icond_true_correct: + forall (c : PTree.t instruction) (sp: val) (pc : positive) + (rs : Regmap.t val) (m : mem) (cond : condition) (args : list reg) + (ifso ifnot : RTL.node), + c ! pc = Some (Icond cond args ifso ifnot) -> + eval_condition cond rs ## args = Some true -> + exec_instr_prop c sp pc rs m ifso rs m. +Proof. + intros; red; intros; CleanupHyps. + assert (LL: (List.length (map assign args) <= 3)%nat). + rewrite list_length_map. inversion WTI. + eapply length_cond_args. eauto. + assert (DISJ: Loc.disjoint (map assign args) temporaries). + eapply regalloc_disj_temporaries; eauto. + assert (COND: eval_condition cond (map ls (map assign args)) = Some true). + replace (map ls (map assign args)) with rs##args. assumption. + symmetry. eapply agree_eval_regs; eauto. + generalize (add_cond_correct tge sp _ _ _ ifnot _ m _ _ + LL DISJ COND (refl_equal ifso)). + intros [ls' [EX OTHER]]. + exists ls'. split. + CleanupGoal. assumption. + eapply agree_exten. eauto. eapply agree_reg_list_live. eauto. + assumption. +Qed. + +Lemma transl_Icond_false_correct: + forall (c : PTree.t instruction) (sp: val) (pc : positive) + (rs : Regmap.t val) (m : mem) (cond : condition) (args : list reg) + (ifso ifnot : RTL.node), + c ! pc = Some (Icond cond args ifso ifnot) -> + eval_condition cond rs ## args = Some false -> + exec_instr_prop c sp pc rs m ifnot rs m. +Proof. + intros; red; intros; CleanupHyps. + assert (LL: (List.length (map assign args) <= 3)%nat). + rewrite list_length_map. inversion WTI. + eapply length_cond_args. eauto. + assert (DISJ: Loc.disjoint (map assign args) temporaries). + eapply regalloc_disj_temporaries; eauto. + assert (COND: eval_condition cond (map ls (map assign args)) = Some false). + replace (map ls (map assign args)) with rs##args. assumption. + symmetry. eapply agree_eval_regs; eauto. + generalize (add_cond_correct tge sp _ _ ifso _ _ m _ _ + LL DISJ COND (refl_equal ifnot)). + intros [ls' [EX OTHER]]. + exists ls'. split. + CleanupGoal. assumption. + eapply agree_exten. eauto. eapply agree_reg_list_live. eauto. + assumption. +Qed. + +Lemma transl_refl_correct: + forall (c : RTL.code) (sp: val) (pc : RTL.node) (rs : regset) + (m : mem), exec_instrs_prop c sp pc rs m pc rs m. +Proof. + intros; red; intros. + exists ls. split. apply exec_blocks_refl. assumption. +Qed. + +Lemma transl_one_correct: + forall (c : RTL.code) (sp: val) (pc : RTL.node) (rs : regset) + (m : mem) (pc' : RTL.node) (rs' : regset) (m' : mem), + RTL.exec_instr ge c sp pc rs m pc' rs' m' -> + exec_instr_prop c sp pc rs m pc' rs' m' -> + exec_instrs_prop c sp pc rs m pc' rs' m'. +Proof. + intros; red; intros. + generalize (H0 f env live assign ls CF WT ASG AG). + intros [ls' [EX AG']]. + exists ls'. split. + exact EX. + apply agree_increasing with live!!pc. + apply analyze_correct. auto. + rewrite <- CF. eapply exec_instr_present; eauto. + rewrite <- CF. auto. + eapply RTL.successors_correct. + rewrite <- CF. eexact H. exact AG'. +Qed. + +Lemma transl_trans_correct: + forall (c : RTL.code) (sp: val) (pc1 : RTL.node) (rs1 : regset) + (m1 : mem) (pc2 : RTL.node) (rs2 : regset) (m2 : mem) + (pc3 : RTL.node) (rs3 : regset) (m3 : mem), + RTL.exec_instrs ge c sp pc1 rs1 m1 pc2 rs2 m2 -> + exec_instrs_prop c sp pc1 rs1 m1 pc2 rs2 m2 -> + RTL.exec_instrs ge c sp pc2 rs2 m2 pc3 rs3 m3 -> + exec_instrs_prop c sp pc2 rs2 m2 pc3 rs3 m3 -> + exec_instrs_prop c sp pc1 rs1 m1 pc3 rs3 m3. +Proof. + intros; red; intros. + assert (VALIDPC2: c!pc2 <> None). + eapply exec_instrs_present; eauto. + generalize (H0 f env live assign ls CF WT ANL ASG AG VALIDPC2). + intros [ls1 [EX1 AG1]]. + generalize (H2 f env live assign ls1 CF WT ANL ASG AG1 VALIDPC'). + intros [ls2 [EX2 AG2]]. + exists ls2. split. + eapply exec_blocks_trans. eexact EX1. exact EX2. + exact AG2. +Qed. + +Remark regset_mem_reg_list_dead: + forall rl r live, + Regset.mem r (reg_list_dead rl live) = true -> + ~(In r rl) /\ Regset.mem r live = true. +Proof. + induction rl; simpl; intros. + tauto. + elim (IHrl r (reg_dead a live) H). intros. + assert (a <> r). red; intro; subst r. + rewrite Regset.mem_remove_same in H1. discriminate. + rewrite Regset.mem_remove_other in H1; auto. + tauto. +Qed. + +Lemma transf_entrypoint_correct: + forall f env live assign c ls args sp m, + wt_function env f -> + regalloc f live (live0 f live) env = Some assign -> + c!(RTL.fn_nextpc f) = None -> + List.map ls (loc_parameters (RTL.fn_sig f)) = args -> + (forall ofs ty, ls (S (Local ofs ty)) = Vundef) -> + let tc := transf_entrypoint f live assign c in + exists ls', + exec_blocks tge tc sp (RTL.fn_nextpc f) ls m + (Cont (RTL.fn_entrypoint f)) ls' m /\ + agree assign (transfer f (RTL.fn_entrypoint f) live!!(RTL.fn_entrypoint f)) + (init_regs args (RTL.fn_params f)) ls'. +Proof. + intros until m. + unfold transf_entrypoint. + set (oldentry := RTL.fn_entrypoint f). + set (newentry := RTL.fn_nextpc f). + set (params := RTL.fn_params f). + set (undefs := Regset.elements (reg_list_dead params (transfer f oldentry live!!oldentry))). + intros. + + assert (A1: List.length (List.map assign params) = + List.length (RTL.fn_sig f).(sig_args)). + rewrite <- (wt_params _ _ H). + repeat (rewrite list_length_map). auto. + assert (A2: Loc.norepet (List.map assign (RTL.fn_params f))). + eapply regalloc_norepet_norepet; eauto. + eapply regalloc_correct_2; eauto. + eapply wt_norepet; eauto. + assert (A3: locs_acceptable (List.map assign (RTL.fn_params f))). + eapply regsalloc_acceptable; eauto. + assert (A4: Loc.disjoint + (List.map assign (RTL.fn_params f)) + (List.map assign undefs)). + red. intros ap au INAP INAU. + generalize (list_in_map_inv _ _ _ INAP). + intros [p [AP INP]]. clear INAP; subst ap. + generalize (list_in_map_inv _ _ _ INAU). + intros [u [AU INU]]. clear INAU; subst au. + generalize (Regset.elements_complete _ _ INU). intro. + generalize (regset_mem_reg_list_dead _ _ _ H4). + intros [A B]. + eapply regalloc_noteq_diff; eauto. + eapply regalloc_correct_3; eauto. + red; intro; subst u. elim (A INP). + assert (A5: forall l, In l (List.map assign undefs) -> loc_acceptable l). + intros. + generalize (list_in_map_inv _ _ _ H4). + intros [r [AR INR]]. clear H4; subst l. + eapply regalloc_acceptable; eauto. + generalize (add_entry_correct + tge sp (RTL.fn_sig f) + (List.map assign (RTL.fn_params f)) + (List.map assign undefs) + oldentry ls m A1 A2 A3 A4 A5 H3). + intros [ls1 [EX1 [PARAMS1 UNDEFS1]]]. + exists ls1. + split. eapply exec_blocks_one. + rewrite PTree.gss. reflexivity. + assumption. + change (transfer f oldentry live!!oldentry) + with (live0 f live). + unfold params; eapply agree_parameters; eauto. + change Regset.elt with reg in PARAMS1. + rewrite PARAMS1. assumption. + fold oldentry; fold params. intros. + apply UNDEFS1. apply in_map. + unfold undefs; apply Regset.elements_correct; auto. +Qed. + +Lemma transl_function_correct: + forall (f : RTL.function) (m m1 : mem) (stk : Values.block) + (args : list val) (pc : RTL.node) (rs : regset) (m2 : mem) + (or : option reg) (vres : val), + alloc m 0 (RTL.fn_stacksize f) = (m1, stk) -> + RTL.exec_instrs ge (RTL.fn_code f) (Vptr stk Int.zero) + (RTL.fn_entrypoint f) (init_regs args (fn_params f)) m1 pc rs m2 -> + exec_instrs_prop (RTL.fn_code f) (Vptr stk Int.zero) + (RTL.fn_entrypoint f) (init_regs args (fn_params f)) m1 pc rs m2 -> + (RTL.fn_code f) ! pc = Some (Ireturn or) -> + vres = regmap_optget or Vundef rs -> + exec_function_prop f args m vres (free m2 stk). +Proof. + intros; red; intros until tf. + unfold transf_function. + caseEq (type_rtl_function f). + intros env TRF. + caseEq (analyze f). + intros live ANL. + change (transfer f (RTL.fn_entrypoint f) live!!(RTL.fn_entrypoint f)) + with (live0 f live). + caseEq (regalloc f live (live0 f live) env). + intros alloc ASG. + set (tc1 := PTree.map (transf_instr f live alloc) (RTL.fn_code f)). + set (tc2 := transf_entrypoint f live alloc tc1). + intro EQ; injection EQ; intro TF; clear EQ. intro VARGS. + generalize (type_rtl_function_correct _ _ TRF); intro WTF. + assert (NEWINSTR: tc1!(RTL.fn_nextpc f) = None). + unfold tc1; rewrite PTree.gmap. unfold option_map. + elim (RTL.fn_code_wf f (fn_nextpc f)); intro. + elim (Plt_ne _ _ H4). auto. + rewrite H4. auto. + pose (ls1 := call_regs ls). + assert (VARGS1: List.map ls1 (loc_parameters (RTL.fn_sig f)) = args). + replace (RTL.fn_sig f) with (fn_sig tf). + rewrite <- VARGS. unfold loc_parameters. + rewrite list_map_compose. apply list_map_exten. + intros. symmetry. unfold ls1. eapply call_regs_param_of_arg; eauto. + rewrite <- TF; reflexivity. + assert (VUNDEFS: forall (ofs : Z) (ty : typ), ls1 (S (Local ofs ty)) = Vundef). + intros. reflexivity. + generalize (transf_entrypoint_correct f env live alloc + tc1 ls1 args (Vptr stk Int.zero) m1 + WTF ASG NEWINSTR VARGS1 VUNDEFS). + fold tc2. intros [ls2 [EX2 AGREE2]]. + assert (VALIDPC: f.(RTL.fn_code)!pc <> None). congruence. + generalize (H1 f env live alloc ls2 + (refl_equal _) WTF ANL ASG AGREE2 VALIDPC). + fold tc1. intros [ls3 [EX3 AGREE3]]. + generalize (add_return_correct tge (Vptr stk Int.zero) (RTL.fn_sig f) + (option_map alloc or) ls3 m2). + intros [ls4 [EX4 RES4]]. + exists ls4. + (* Execution *) + split. apply exec_funct with m1. + rewrite <- TF; simpl; assumption. + rewrite <- TF; simpl. fold ls1. + eapply exec_blocks_trans. eexact EX2. + apply exec_blocks_extends with tc1. + intro p. unfold tc2. unfold transf_entrypoint. + case (peq p (fn_nextpc f)); intro. + subst p. right. unfold tc1; rewrite PTree.gmap. + elim (RTL.fn_code_wf f (fn_nextpc f)); intro. + elim (Plt_ne _ _ H4); auto. rewrite H4; reflexivity. + left; apply PTree.gso; auto. + eapply exec_blocks_trans. eexact EX3. + eapply exec_blocks_one. + unfold tc1. rewrite PTree.gmap. rewrite H2. simpl. reflexivity. + exact EX4. + destruct or. + simpl in RES4. simpl in H3. + rewrite H3. rewrite <- TF; simpl. rewrite RES4. + eapply agree_eval_reg; eauto. + unfold transfer in AGREE3; rewrite H2 in AGREE3. + unfold reg_option_live in AGREE3. eexact AGREE3. + simpl in RES4. simpl in H3. + rewrite <- TF; simpl. congruence. + intros; discriminate. + intros; discriminate. + intros; discriminate. +Qed. + +(** The correctness of the code transformation is obtained by + structural induction (and case analysis on the last rule used) + on the RTL evaluation derivation. + This is a 3-way mutual induction, using [exec_instr_prop], + [exec_instrs_prop] and [exec_function_prop] as the induction + hypotheses, and the lemmas above as cases for the induction. *) + +Scheme exec_instr_ind_3 := Minimality for RTL.exec_instr Sort Prop + with exec_instrs_ind_3 := Minimality for RTL.exec_instrs Sort Prop + with exec_function_ind_3 := Minimality for RTL.exec_function Sort Prop. + +Theorem transl_function_correctness: + forall f args m res m', + RTL.exec_function ge f args m res m' -> + exec_function_prop f args m res m'. +Proof + (exec_function_ind_3 ge + exec_instr_prop + exec_instrs_prop + exec_function_prop + + transl_Inop_correct + transl_Iop_correct + transl_Iload_correct + transl_Istore_correct + transl_Icall_correct + transl_Icond_true_correct + transl_Icond_false_correct + + transl_refl_correct + transl_one_correct + transl_trans_correct + + transl_function_correct). + +(** The semantic equivalence between the original and transformed programs + follows easily. *) + +Theorem transl_program_correct: + forall (r: val), + RTL.exec_program prog r -> LTL.exec_program tprog r. +Proof. + intros r [b [f [m [FIND1 [FIND2 [SIG EXEC]]]]]]. + generalize (function_ptr_translated _ _ FIND2). + intros [tf [TFIND TRF]]. + assert (SIG2: tf.(fn_sig) = mksignature nil (Some Tint)). + rewrite <- SIG. apply sig_function_translated; auto. + assert (VPARAMS: map (Locmap.init Vundef) (loc_arguments (fn_sig tf)) = nil). + rewrite SIG2. reflexivity. + generalize (transl_function_correctness _ _ _ _ _ EXEC + (Locmap.init Vundef) tf TRF VPARAMS). + intros [ls' [TEXEC RES]]. + red. exists b; exists tf; exists ls'; exists m. + split. rewrite symbols_preserved. + rewrite (transform_partial_program_main _ _ TRANSF). + assumption. + split. assumption. + split. assumption. + split. replace (Genv.init_mem tprog) with (Genv.init_mem prog). + assumption. symmetry. + exact (Genv.init_mem_transf_partial _ _ TRANSF). + assumption. +Qed. + +End PRESERVATION. diff --git a/backend/Allocproof_aux.v b/backend/Allocproof_aux.v new file mode 100644 index 00000000..d1b213e2 --- /dev/null +++ b/backend/Allocproof_aux.v @@ -0,0 +1,850 @@ +(** Correctness results for the [parallel_move] function defined in + file [Allocation]. + + The present file, contributed by Laurence Rideau, glues the general + results over the parallel move algorithm (see file [Parallelmove]) + with the correctness proof for register allocation (file [Allocproof]). +*) + +Require Import Coqlib. +Require Import Values. +Require Import Parallelmove. +Require Import Allocation. +Require Import LTL. +Require Import Locations. +Require Import Conventions. + +Section parallel_move_correction. +Variable ge : LTL.genv. +Variable sp : val. +Hypothesis + add_move_correct : + forall src dst k rs m, + (exists rs' , + exec_instrs ge sp (add_move src dst k) rs m k rs' m /\ + (rs' dst = rs src /\ + (forall l, + Loc.diff l dst -> + Loc.diff l (R IT1) -> Loc.diff l (R FT1) -> rs' l = rs l)) ). + +Lemma exec_instr_update: + forall a1 a2 k e m, + (exists rs' , + exec_instrs ge sp (add_move a1 a2 k) e m k rs' m /\ + (rs' a2 = update e a2 (e a1) a2 /\ + (forall l, + Loc.diff l a2 -> + Loc.diff l (R IT1) -> Loc.diff l (R FT1) -> rs' l = (update e a2 (e a1)) l)) + ). +Proof. +intros; destruct (add_move_correct a1 a2 k e m) as [rs' [Hf [R1 R2]]]. +exists rs'; (repeat split); auto. +generalize (get_update_id e a2); unfold get, Locmap.get; intros H; rewrite H; + auto. +intros l H0; generalize (get_update_diff e a2); unfold get, Locmap.get; + intros H; rewrite H; auto. +apply Loc.diff_sym; assumption. +Qed. + +Lemma map_inv: + forall (A B : Set) (f f' : A -> B) l, + map f l = map f' l -> forall x, In x l -> f x = f' x. +Proof. +induction l; simpl; intros Hmap x Hin. +elim Hin. +inversion Hmap. +elim Hin; intros H; [subst a | apply IHl]; auto. +Qed. + +Fixpoint reswellFormed (p : Moves) : Prop := + match p with + nil => True + | (s, d) :: l => Loc.notin s (getdst l) /\ reswellFormed l + end. + +Definition temporaries1 := R IT1 :: (R FT1 :: nil). + +Lemma no_overlap_list_pop: + forall p m, no_overlap_list (m :: p) -> no_overlap_list p. +Proof. +induction p; unfold no_overlap_list, no_overlap; destruct m as [m1 m2]; simpl; + auto. +Qed. + +Lemma exec_instrs_pmov: + forall p k rs m, + no_overlap_list p -> + Loc.disjoint (getdst p) temporaries1 -> + Loc.disjoint (getsrc p) temporaries1 -> + (exists rs' , + exec_instrs + ge sp + (fold_left + (fun (k0 : block) => fun (p0 : loc * loc) => add_move (fst p0) (snd p0) k0) + p k) rs m k rs' m /\ + (forall l, + (forall r, In r (getdst p) -> r = l \/ Loc.diff r l) -> + Loc.diff l (Locations.R IT1) -> + Loc.diff l (Locations.R FT1) -> rs' l = (sexec p rs) l) ). +Proof. +induction p; intros k rs m. +simpl; exists rs; (repeat split); auto; apply exec_refl. +destruct a as [a1 a2]; simpl; intros Hno_O Hdisd Hdiss; + elim (IHp (add_move a1 a2 k) rs m); + [idtac | apply no_overlap_list_pop with (a1, a2) | + apply (Loc.disjoint_cons_left a2) | apply (Loc.disjoint_cons_left a1)]; + (try assumption). +intros rs' Hexec; + destruct (add_move_correct a1 a2 k rs' m) as [rs'' [Hexec2 [R1 R2]]]. +exists rs''; elim Hexec; intros; (repeat split). +apply exec_trans with ( b2 := add_move a1 a2 k ) ( rs2 := rs' ) ( m2 := m ); + auto. +intros l Heqd Hdi Hdf; case (Loc.eq a2 l); intro. +subst l; generalize get_update_id; unfold get, Locmap.get; intros Hgui; + rewrite Hgui; rewrite R1. +apply H0; auto. +unfold no_overlap_list, no_overlap in Hno_O |-; simpl in Hno_O |-; intros; + generalize (Hno_O a1). +intros H8; elim H8 with ( s := r ); + [intros H9; left | intros H9; right; apply Loc.diff_sym | left | right]; auto. +unfold Loc.disjoint in Hdiss |-; apply Hdiss; simpl; left; trivial. +apply Hdiss; simpl; [left | right; left]; auto. +elim (Heqd a2); + [intros H7; absurd (a2 = l); auto | intros H7; auto | left; trivial]. +generalize get_update_diff; unfold get, Locmap.get; intros H6; rewrite H6; auto. +rewrite R2; auto. +apply Loc.diff_sym; auto. +Qed. + +Definition p_move := + fun (l : list (loc * loc)) => + fun (k : block) => + fold_left + (fun (k0 : block) => fun (p : loc * loc) => add_move (fst p) (snd p) k0) + (P_move l) k. + +Lemma norepet_SD: forall p, Loc.norepet (getdst p) -> simpleDest p. +Proof. +induction p; (simpl; auto). +destruct a as [a1 a2]. +intro; inversion H. +split. +apply notindst_nW; auto. +apply IHp; auto. +Qed. + +Theorem SDone_stepf: + forall S1, StateDone (stepf S1) = nil -> StateDone S1 = nil. +Proof. +destruct S1 as [[t b] d]; destruct t. +destruct b; auto. +destruct m as [m1 m2]; simpl. +destruct b. +simpl; intro; discriminate. +case (Loc.eq m2 (fst (last (m :: b)))); simpl; intros; discriminate. +destruct m as [a1 a2]; simpl. +destruct b. +case (Loc.eq a1 a2); simpl; intros; auto. +destruct m as [m1 m2]; case (Loc.eq a1 m2); intro; (try (simpl; auto; fail)). +case (split_move t m2). +(repeat destruct p); simpl; intros; auto. +destruct b; (try (simpl; intro; discriminate)); auto. +case (Loc.eq m2 (fst (last (m :: b)))); intro; simpl; intro; discriminate. +Qed. + +Theorem SDone_Pmov: forall S1, StateDone (Pmov S1) = nil -> StateDone S1 = nil. +Proof. +intros S1; elim S1 using (well_founded_ind (Wf_nat.well_founded_ltof _ mesure)). +clear S1; intros S1; intros Hrec. +destruct S1 as [[t b] d]. +rewrite Pmov_equation. +destruct t. +destruct b; auto. +intro; assert (StateDone (stepf (nil, m :: b, d)) = nil); + [apply Hrec; auto; apply stepf1_dec | apply SDone_stepf]; auto. +intro; assert (StateDone (stepf (m :: t, b, d)) = nil); + [apply Hrec; auto; apply stepf1_dec | apply SDone_stepf]; auto. +Qed. + +Lemma no_overlap_temp: forall r s, In s temporaries -> r = s \/ Loc.diff r s. +Proof. +intros r s H; case (Loc.eq r s); intros e; [left | right]; (try assumption). +unfold Loc.diff; destruct r. +destruct s; trivial. +red; intro; elim e; rewrite H0; auto. +destruct s0; destruct s; trivial; + (elim H; [intros H1 | intros [H1|[H1|[H1|[H1|[H1|H1]]]]]]; (try discriminate); + inversion H1). +Qed. + +Lemma getsrcdst_app: + forall l1 l2, + getdst l1 ++ getdst l2 = getsrc l1 ++ getsrc l2 -> + getdst l1 = getsrc l1 /\ getdst l2 = getsrc l2. +Proof. +induction l1; simpl; auto. +destruct a as [a1 a2]; intros; inversion H. +subst a1; inversion H; + (elim IHl1 with ( l2 := l2 ); + [intros H0 H3; (try clear IHl1); (try exact H0) | idtac]; auto). +rewrite H0; auto. +Qed. + +Lemma In_norepet: + forall r x l, Loc.norepet l -> In x l -> In r l -> r = x \/ Loc.diff r x. +Proof. +induction l; simpl; intros. +elim H1. +inversion H. +subst hd. +elim H1; intros H2; clear H1; elim H0; intros H1. +rewrite <- H1; rewrite <- H2; auto. +subst a; right; apply Loc.in_notin_diff with l; auto. +subst a; right; apply Loc.diff_sym; apply Loc.in_notin_diff with l; auto. +apply IHl; auto. +Qed. + +Definition no_overlap_stateD (S : State) := + no_overlap + (getsrc (StateToMove S ++ (StateBeing S ++ StateDone S))) + (getdst (StateToMove S ++ (StateBeing S ++ StateDone S))). + +Ltac +incl_tac_rec := +(auto with datatypes; fail) + || + (apply in_cons; incl_tac_rec) + || + (apply in_or_app; left; incl_tac_rec) + || + (apply in_or_app; right; incl_tac_rec) + || + (apply incl_appl; incl_tac_rec) || + (apply incl_appr; incl_tac_rec) || (apply incl_tl; incl_tac_rec). + +Ltac incl_tac := (repeat (apply incl_cons || apply incl_app)); incl_tac_rec. + +Ltac +in_tac := +match goal with +| |- In ?x ?L1 => +match goal with +| H:In x ?L2 |- _ => +let H1 := fresh "H" in +(assert (H1: incl L2 L1); [incl_tac | apply (H1 x)]); auto; fail +| _ => fail end end. + +Lemma in_cons_noteq: + forall (A : Set) (a b : A) (l : list A), In a (b :: l) -> a <> b -> In a l. +Proof. +intros A a b l; simpl; intros. +elim H; intros H1; (try assumption). +absurd (a = b); auto. +Qed. + +Lemma no_overlapD_inv: + forall S1 S2, step S1 S2 -> no_overlap_stateD S1 -> no_overlap_stateD S2. +Proof. +intros S1 S2 STEP; inversion STEP; unfold no_overlap_stateD, no_overlap; simpl; + auto; (repeat (rewrite getsrc_app; rewrite getdst_app; simpl)); intros. +apply H1; in_tac. +destruct m as [m1 m2]; apply H1; in_tac. +apply H1; in_tac. +case (Loc.eq r (T r0)); intros e. +elim (no_overlap_temp s0 r); + [intro; left; auto | intro; right; apply Loc.diff_sym; auto | unfold T in e |-]. +destruct (Loc.type r0); simpl; [right; left | right; right; right; right; left]; + auto. +case (Loc.eq s0 (T r0)); intros es. +apply (no_overlap_temp r s0); unfold T in es |-; destruct (Loc.type r0); simpl; + [right; left | right; right; right; right; left]; auto. +apply H1; apply in_cons_noteq with ( b := T r0 ); auto; in_tac. +apply H3; in_tac. +Qed. + +Lemma no_overlapD_invpp: + forall S1 S2, stepp S1 S2 -> no_overlap_stateD S1 -> no_overlap_stateD S2. +Proof. +intros; induction H as [r|r1 r2 r3 H H1 HrecH]; auto. +apply HrecH; auto. +apply no_overlapD_inv with r1; auto. +Qed. + +Lemma no_overlapD_invf: + forall S1, stepInv S1 -> no_overlap_stateD S1 -> no_overlap_stateD (stepf S1). +Proof. +intros; destruct S1 as [[t1 b1] d1]. +destruct t1; destruct b1; auto. +set (S1:=(nil (A:=Move), m :: b1, d1)). +apply (no_overlapD_invpp S1); [apply dstep_step; auto | assumption]. +apply f2ind; [unfold S1 | idtac | idtac]; auto. +generalize H0; clear H0; unfold no_overlap_stateD; destruct m as [m1 m2]. +intros; apply no_overlap_noOverlap. +unfold no_overlap_state; simpl. +generalize H0; clear H0; unfold no_overlap; (repeat rewrite getdst_app); + (repeat rewrite getsrc_app); simpl; intros. +apply H0. +elim H1; intros H4; [left; assumption | right; in_tac]. +elim H2; intros H4; [left; assumption | right; in_tac]. +set (S1:=(m :: t1, nil (A:=Move), d1)). +apply (no_overlapD_invpp S1); [apply dstep_step; auto | assumption]. +apply f2ind; [unfold S1 | idtac | idtac]; auto. +generalize H0; clear H0; unfold no_overlap_stateD; destruct m as [m1 m2]. +intros; apply no_overlap_noOverlap. +unfold no_overlap_state; simpl. +generalize H0; clear H0; unfold no_overlap; (repeat rewrite getdst_app); + (repeat rewrite getsrc_app); simpl; (repeat rewrite app_nil); intros. +apply H0. +elim H1; intros H4; [left; assumption | right; (try in_tac)]. +elim H2; intros H4; [left; assumption | right; in_tac]. +set (S1:=(m :: t1, m0 :: b1, d1)). +apply (no_overlapD_invpp S1); [apply dstep_step; auto | assumption]. +apply f2ind; [unfold S1 | idtac | idtac]; auto. +generalize H0; clear H0; unfold no_overlap_stateD; destruct m as [m1 m2]. +intros; apply no_overlap_noOverlap. +unfold no_overlap_state; simpl. +generalize H0; clear H0; unfold no_overlap; (repeat rewrite getdst_app); + (repeat rewrite getsrc_app); destruct m0; simpl; intros. +apply H0. +elim H1; intros H4; [left; assumption | right; in_tac]. +elim H2; intros H4; [left; assumption | right; in_tac]. +Qed. + +Lemma no_overlapD_res: + forall S1, stepInv S1 -> no_overlap_stateD S1 -> no_overlap_stateD (Pmov S1). +Proof. +intros S1; elim S1 using (well_founded_ind (Wf_nat.well_founded_ltof _ mesure)). +clear S1; intros S1 Hrec. +destruct S1 as [[t b] d]. +rewrite Pmov_equation. +destruct t; auto. +destruct b; auto. +intros; apply Hrec. +apply stepf1_dec; auto. +apply (dstep_inv (nil, m :: b, d)); auto. +apply f2ind'; auto. +apply no_overlap_noOverlap. +generalize H0; unfold no_overlap_stateD, no_overlap_state, no_overlap; simpl. +destruct m; (repeat rewrite getdst_app); (repeat rewrite getsrc_app). +intros H1 r1 H2 s H3; (try assumption). +apply H1; in_tac. +apply no_overlapD_invf; auto. +intros; apply Hrec. +apply stepf1_dec; auto. +apply (dstep_inv (m :: t, b, d)); auto. +apply f2ind'; auto. +apply no_overlap_noOverlap. +generalize H0; destruct m; + unfold no_overlap_stateD, no_overlap_state, no_overlap; simpl; + (repeat (rewrite getdst_app; simpl)); (repeat (rewrite getsrc_app; simpl)). +simpl; intros H1 r1 H2 s H3; (try assumption). +apply H1. +elim H2; intros H4; [left; (try assumption) | right; in_tac]. +elim H3; intros H4; [left; (try assumption) | right; in_tac]. +apply no_overlapD_invf; auto. +Qed. + +Definition temporaries1_3 := R IT1 :: (R FT1 :: (R IT3 :: nil)). + +Definition temporaries2 := R IT2 :: (R FT2 :: nil). + +Definition no_tmp13_state (S1 : State) := + Loc.disjoint (getsrc (StateDone S1)) temporaries1_3 /\ + Loc.disjoint (getdst (StateDone S1)) temporaries1_3. + +Definition Done_well_formed (S1 S2 : State) := + forall x, + (In x (getsrc (StateDone S2)) -> + In x temporaries2 \/ In x (getsrc (StateToMove S1 ++ StateBeing S1))) /\ + (In x (getdst (StateDone S2)) -> + In x temporaries2 \/ In x (getdst (StateToMove S1 ++ StateBeing S1))). + +Lemma Done_notmp3_inv: + forall S1 S2, + step S1 S2 -> + (forall x, + In x (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))) -> + Loc.diff x (R IT3)) -> + forall x, + In x (getdst (StateToMove S2 ++ (StateBeing S2 ++ StateDone S2))) -> + Loc.diff x (R IT3). +Proof. +intros S1 S2 STEP; inversion STEP; (try (simpl; trivial; fail)); + simpl StateDone; simpl StateToMove; simpl StateBeing; simpl getdst; + (repeat (rewrite getdst_app; simpl)); intros. +apply H1; in_tac. +destruct m; apply H1; in_tac. +apply H1; in_tac. +case (Loc.eq x (T r0)); intros e. +unfold T in e |-; destruct (Loc.type r0); rewrite e; simpl; red; intro; + discriminate. +apply H1; apply in_cons_noteq with ( b := T r0 ); auto; in_tac. +apply H3; in_tac. +Qed. + +Lemma Done_notmp3_invpp: + forall S1 S2, + stepp S1 S2 -> + (forall x, + In x (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))) -> + Loc.diff x (R IT3)) -> + forall x, + In x (getdst (StateToMove S2 ++ (StateBeing S2 ++ StateDone S2))) -> + Loc.diff x (R IT3). +Proof. +intros S1 S2 H H0; (try assumption). +induction H as [r|r1 r2 r3 H1 H2 Hrec]; auto. +apply Hrec; auto. +apply Done_notmp3_inv with r1; auto. +Qed. + +Lemma Done_notmp3_invf: + forall S1, + stepInv S1 -> + (forall x, + In x (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))) -> + Loc.diff x (R IT3)) -> + forall x, + In + x + (getdst + (StateToMove (stepf S1) ++ (StateBeing (stepf S1) ++ StateDone (stepf S1)))) -> + Loc.diff x (R IT3). +Proof. +intros S1 H H0; (try assumption). +generalize H; unfold stepInv; intros [Hpath [HSD [HnoO [Hnotmp HnotmpL]]]]. +destruct S1 as [[t1 b1] d1]; set (S1:=(t1, b1, d1)); destruct t1; destruct b1; + auto; apply (Done_notmp3_invpp S1); auto; apply dstep_step; auto; apply f2ind; + unfold S1; auto. +Qed. + +Lemma Done_notmp3_res: + forall S1, + stepInv S1 -> + (forall x, + In x (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))) -> + Loc.diff x (R IT3)) -> + forall x, + In + x + (getdst + (StateToMove (Pmov S1) ++ (StateBeing (Pmov S1) ++ StateDone (Pmov S1)))) -> + Loc.diff x (R IT3). +Proof. +intros S1; elim S1 using (well_founded_ind (Wf_nat.well_founded_ltof _ mesure)). +clear S1; intros S1 Hrec. +destruct S1 as [[t b] d]; set (S1:=(t, b, d)). +unfold S1; rewrite Pmov_equation. +intros H; generalize H; intros [Hpath [HSD [HnoO [Htmp HtmpL]]]]. +destruct t; [destruct b; auto | idtac]; + (intro; apply Hrec; + [apply stepf1_dec | apply (dstep_inv S1); auto; apply f2ind' + | apply Done_notmp3_invf]; auto). +Qed. + +Lemma Done_notmp1_inv: + forall S1 S2, + step S1 S2 -> + (forall x, + In x (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1)) -> + forall x, + In x (getdst (StateToMove S2 ++ (StateBeing S2 ++ StateDone S2))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1). +Proof. +intros S1 S2 STEP; inversion STEP; (try (simpl; trivial; fail)); + (repeat (rewrite getdst_app; simpl)); intros. +apply H1; in_tac. +destruct m; apply H1; in_tac. +apply H1; in_tac. +case (Loc.eq x (T r0)); intro. +rewrite e; unfold T; case (Loc.type r0); simpl; split; red; intro; discriminate. +apply H1; apply in_cons_noteq with ( b := T r0 ); (try assumption); in_tac. +apply H3; in_tac. +Qed. + +Lemma Done_notmp1_invpp: + forall S1 S2, + stepp S1 S2 -> + (forall x, + In x (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1)) -> + forall x, + In x (getdst (StateToMove S2 ++ (StateBeing S2 ++ StateDone S2))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1). +Proof. +intros S1 S2 H H0; (try assumption). +induction H as [r|r1 r2 r3 H1 H2 Hrec]; auto. +apply Hrec; auto. +apply Done_notmp1_inv with r1; auto. +Qed. + +Lemma Done_notmp1_invf: + forall S1, + stepInv S1 -> + (forall x, + In x (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1)) -> + forall x, + In + x + (getdst + (StateToMove (stepf S1) ++ (StateBeing (stepf S1) ++ StateDone (stepf S1)))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1). +Proof. +intros S1 H H0; (try assumption). +generalize H; unfold stepInv; intros [Hpath [HSD [HnoO [Hnotmp HnotmpL]]]]. +destruct S1 as [[t1 b1] d1]; set (S1:=(t1, b1, d1)); destruct t1; destruct b1; + auto; apply (Done_notmp1_invpp S1); auto; apply dstep_step; auto; apply f2ind; + unfold S1; auto. +Qed. + +Lemma Done_notmp1_res: + forall S1, + stepInv S1 -> + (forall x, + In x (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1)) -> + forall x, + In + x + (getdst + (StateToMove (Pmov S1) ++ (StateBeing (Pmov S1) ++ StateDone (Pmov S1)))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1). +Proof. +intros S1; elim S1 using (well_founded_ind (Wf_nat.well_founded_ltof _ mesure)). +clear S1; intros S1 Hrec. +destruct S1 as [[t b] d]; set (S1:=(t, b, d)). +intros H; generalize H; intros [Hpath [HSD [HnoO [Htmp HtmpL]]]]. +unfold S1; rewrite Pmov_equation. +destruct t; [destruct b; auto | idtac]; + (intro; apply Hrec; + [apply stepf1_dec | apply (dstep_inv S1); auto; apply f2ind' + | apply Done_notmp1_invf]; auto). +Qed. + +Lemma Done_notmp1src_inv: + forall S1 S2, + step S1 S2 -> + (forall x, + In x (getsrc (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1)) -> + forall x, + In x (getsrc (StateToMove S2 ++ (StateBeing S2 ++ StateDone S2))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1). +Proof. +intros S1 S2 STEP; inversion STEP; (try (simpl; trivial; fail)); + (repeat (rewrite getsrc_app; simpl)); intros. +apply H1; in_tac. +destruct m; apply H1; in_tac. +apply H1; in_tac. +case (Loc.eq x (T r0)); intro. +rewrite e; unfold T; case (Loc.type r0); simpl; split; red; intro; discriminate. +apply H1; apply in_cons_noteq with ( b := T r0 ); (try assumption); in_tac. +apply H3; in_tac. +Qed. + +Lemma Done_notmp1src_invpp: + forall S1 S2, + stepp S1 S2 -> + (forall x, + In x (getsrc (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1)) -> + forall x, + In x (getsrc (StateToMove S2 ++ (StateBeing S2 ++ StateDone S2))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1). +Proof. +intros S1 S2 H H0; (try assumption). +induction H as [r|r1 r2 r3 H1 H2 Hrec]; auto. +apply Hrec; auto. +apply Done_notmp1src_inv with r1; auto. +Qed. + +Lemma Done_notmp1src_invf: + forall S1, + stepInv S1 -> + (forall x, + In x (getsrc (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1)) -> + forall x, + In + x + (getsrc + (StateToMove (stepf S1) ++ (StateBeing (stepf S1) ++ StateDone (stepf S1)))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1). +Proof. +intros S1 H H0. +generalize H; unfold stepInv; intros [Hpath [HSD [HnoO [Hnotmp HnotmpL]]]]. +destruct S1 as [[t1 b1] d1]; set (S1:=(t1, b1, d1)); destruct t1; destruct b1; + auto; apply (Done_notmp1src_invpp S1); auto; apply dstep_step; auto; + apply f2ind; unfold S1; auto. +Qed. + +Lemma Done_notmp1src_res: + forall S1, + stepInv S1 -> + (forall x, + In x (getsrc (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1)) -> + forall x, + In + x + (getsrc + (StateToMove (Pmov S1) ++ (StateBeing (Pmov S1) ++ StateDone (Pmov S1)))) -> + Loc.diff x (R IT1) /\ Loc.diff x (R FT1). +Proof. +intros S1; elim S1 using (well_founded_ind (Wf_nat.well_founded_ltof _ mesure)). +clear S1; intros S1 Hrec. +destruct S1 as [[t b] d]; set (S1:=(t, b, d)). +intros H; generalize H; intros [Hpath [HSD [HnoO [Htmp HtmpL]]]]. +unfold S1; rewrite Pmov_equation. +destruct t; [destruct b; auto | idtac]; + (intro; apply Hrec; + [apply stepf1_dec | apply (dstep_inv S1); auto; apply f2ind' + | apply Done_notmp1src_invf]; auto). +Qed. + +Lemma dst_tmp2_step: + forall S1 S2, + step S1 S2 -> + forall x, + In x (getdst (StateToMove S2 ++ (StateBeing S2 ++ StateDone S2))) -> + In x temporaries2 \/ + In x (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))). +Proof. +intros S1 S2 STEP; inversion STEP; (repeat (rewrite getdst_app; simpl)); intros; + (try (right; in_tac)). +destruct m; right; in_tac. +case (Loc.eq x (T r0)); intro. +rewrite e; unfold T; case (Loc.type r0); left; [left | right; left]; trivial. +right; apply in_cons_noteq with ( b := T r0 ); auto; in_tac. +Qed. + +Lemma dst_tmp2_stepp: + forall S1 S2, + stepp S1 S2 -> + forall x, + In x (getdst (StateToMove S2 ++ (StateBeing S2 ++ StateDone S2))) -> + In x temporaries2 \/ + In x (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))). +Proof. +intros S1 S2 H. +induction H as [r|r1 r2 r3 H1 H2 Hrec]; auto. +intros. +elim Hrec with ( x := x ); + [intros H0; (try clear Hrec); (try exact H0) | intros H0; (try clear Hrec) + | try clear Hrec]; auto. +generalize (dst_tmp2_step r1 r2); auto. +Qed. + +Lemma dst_tmp2_stepf: + forall S1, + stepInv S1 -> + forall x, + In + x + (getdst + (StateToMove (stepf S1) ++ (StateBeing (stepf S1) ++ StateDone (stepf S1)))) -> + In x temporaries2 \/ + In x (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))). +Proof. +intros S1 H H0. +generalize H; unfold stepInv; intros [Hpath [HSD [HnoO [Hnotmp HnotmpL]]]]. +destruct S1 as [[t1 b1] d1]; set (S1:=(t1, b1, d1)); destruct t1; destruct b1; + auto; apply (dst_tmp2_stepp S1); auto; apply dstep_step; auto; apply f2ind; + unfold S1; auto. +Qed. + +Lemma dst_tmp2_res: + forall S1, + stepInv S1 -> + forall x, + In + x + (getdst + (StateToMove (Pmov S1) ++ (StateBeing (Pmov S1) ++ StateDone (Pmov S1)))) -> + In x temporaries2 \/ + In x (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1))). +Proof. +intros S1; elim S1 using (well_founded_ind (Wf_nat.well_founded_ltof _ mesure)). +clear S1; intros S1 Hrec. +destruct S1 as [[t b] d]; set (S1:=(t, b, d)). +intros H; generalize H; intros [Hpath [HSD [HnoO [Htmp HtmpL]]]]. +unfold S1; rewrite Pmov_equation; intros. +destruct t; auto. +destruct b; auto. +elim Hrec with ( y := stepf S1 ) ( x := x ); + [intros H1 | intros H1 | try clear Hrec | try clear Hrec | try assumption]. +left; (try assumption). +apply dst_tmp2_stepf; auto. +apply stepf1_dec; auto. +apply (dstep_inv S1); auto; unfold S1; apply f2ind'; auto. +elim Hrec with ( y := stepf S1 ) ( x := x ); + [intro; left; (try assumption) | intros H1; apply dst_tmp2_stepf; auto | + apply stepf1_dec; auto | + apply (dstep_inv S1); auto; unfold S1; apply f2ind'; auto | try assumption]. +Qed. + +Lemma getdst_lists2moves: + forall srcs dsts, + length srcs = length dsts -> + getsrc (listsLoc2Moves srcs dsts) = srcs /\ + getdst (listsLoc2Moves srcs dsts) = dsts. +Proof. +induction srcs; intros dsts; destruct dsts; simpl; auto; intro; + (try discriminate). +inversion H. +elim IHsrcs with ( dsts := dsts ); auto; intros. +rewrite H2; rewrite H0; auto. +Qed. + +Lemma stepInv_pnilnil: + forall p, + simpleDest p -> + Loc.disjoint (getsrc p) temporaries -> + Loc.disjoint (getdst p) temporaries -> + no_overlap_list p -> stepInv (p, nil, nil). +Proof. +unfold stepInv; simpl; (repeat split); auto. +rewrite app_nil; auto. +generalize (no_overlap_noOverlap (p, nil, nil)). +simpl; (intros H3; apply H3). +generalize H2; unfold no_overlap_state, no_overlap_list; simpl; intro. +rewrite app_nil; auto. +apply disjoint_tmp__noTmp; auto. +Qed. + +Lemma noO_list_pnilnil: + forall (p : Moves), + simpleDest p -> + Loc.disjoint (getsrc p) temporaries -> + Loc.disjoint (getdst p) temporaries -> + no_overlap_list p -> no_overlap_list (StateDone (Pmov (p, nil, nil))). +Proof. +intros; generalize (no_overlapD_res (p, nil, nil)); + unfold no_overlap_stateD, no_overlap_list. +rewrite STM_Pmov; rewrite SB_Pmov; simpl; rewrite app_nil; intro. +apply H3; auto. +apply stepInv_pnilnil; auto. +Qed. + +Lemma dis_srctmp1_pnilnil: + forall (p : Moves), + simpleDest p -> + Loc.disjoint (getsrc p) temporaries -> + Loc.disjoint (getdst p) temporaries -> + no_overlap_list p -> + Loc.disjoint (getsrc (StateDone (Pmov (p, nil, nil)))) temporaries1. +Proof. +intros; generalize (Done_notmp1src_res (p, nil, nil)); simpl. +rewrite STM_Pmov; rewrite SB_Pmov; simpl; rewrite app_nil; intro. +unfold temporaries1. +apply Loc.notin_disjoint; auto. +simpl; intros. +assert (HsI: stepInv (p, nil, nil)); (try apply stepInv_pnilnil); auto. +elim H3 with x; (try assumption). +intros; (repeat split); auto. +intros; split; + (apply Loc.in_notin_diff with ( ll := temporaries ); + [apply Loc.disjoint_notin with (getsrc p) | simpl]; auto). +Qed. + +Lemma dis_dsttmp1_pnilnil: + forall (p : Moves), + simpleDest p -> + Loc.disjoint (getsrc p) temporaries -> + Loc.disjoint (getdst p) temporaries -> + no_overlap_list p -> + Loc.disjoint (getdst (StateDone (Pmov (p, nil, nil)))) temporaries1. +Proof. +intros; generalize (Done_notmp1_res (p, nil, nil)); simpl. +rewrite STM_Pmov; rewrite SB_Pmov; simpl; rewrite app_nil; intro. +unfold temporaries1. +apply Loc.notin_disjoint; auto. +simpl; intros. +assert (HsI: stepInv (p, nil, nil)); (try apply stepInv_pnilnil); auto. +elim H3 with x; (try assumption). +intros; (repeat split); auto. +intros; split; + (apply Loc.in_notin_diff with ( ll := temporaries ); + [apply Loc.disjoint_notin with (getdst p) | simpl]; auto). +Qed. + +Lemma parallel_move_correct': + forall p k rs m, + Loc.norepet (getdst p) -> + no_overlap_list p -> + Loc.disjoint (getsrc p) temporaries -> + Loc.disjoint (getdst p) temporaries -> + (exists rs' , + exec_instrs ge sp (p_move p k) rs m k rs' m /\ + (List.map rs' (getdst p) = List.map rs (getsrc p) /\ + (rs' (R IT3) = rs (R IT3) /\ + (forall l, + Loc.notin l (getdst p) -> Loc.notin l temporaries -> rs' l = rs l))) + ). +Proof. +unfold p_move, P_move. +intros p k rs m Hnorepet HnoOverlap Hdisjointsrc Hdisjointdst. +assert (HsD: simpleDest p); (try (apply norepet_SD; assumption)). +assert (HsI: stepInv (p, nil, nil)); (try (apply stepInv_pnilnil; assumption)). +generalize HsI; unfold stepInv; simpl StateToMove; simpl StateBeing; + (repeat rewrite app_nil); intros [_ [_ [HnoO [Hnotmp _]]]]. +elim (exec_instrs_pmov (StateDone (Pmov (p, nil, nil))) k rs m); auto; + (try apply noO_list_pnilnil); (try apply dis_dsttmp1_pnilnil); + (try apply dis_srctmp1_pnilnil); auto. +intros rs' [Hexec R]; exists rs'; (repeat split); auto. +rewrite <- (Fpmov_correct_map p rs); auto. +apply list_map_exten; intros; rewrite <- R; auto; + (try + (apply Loc.in_notin_diff with ( ll := temporaries ); + [apply Loc.disjoint_notin with (getdst p) | simpl]; auto)). +generalize (dst_tmp2_res (p, nil, nil)); intros. +elim H0 with ( x := r ); + [intros H2; right | + simpl; rewrite app_nil; intros H2; apply In_norepet with (getdst p); auto | + try assumption | rewrite STM_Pmov; rewrite SB_Pmov; auto]. +apply Loc.diff_sym; apply Loc.in_notin_diff with ( ll := temporaries ); + (try assumption). +apply Loc.disjoint_notin with (getdst p); auto. +generalize H2; unfold temporaries, temporaries2; intros; in_tac. +rewrite <- (Fpmov_correct_IT3 p rs); auto; rewrite <- R; + (try (simpl; intro; discriminate)); auto. +intros r H; right; apply (Done_notmp3_res (p, nil, nil)); auto; + (try (rewrite STM_Pmov; rewrite SB_Pmov; auto)). +simpl; rewrite app_nil; intros; apply Loc.in_notin_diff with temporaries; auto. +apply Loc.disjoint_notin with (getdst p); auto. +simpl; right; right; left; trivial. +intros; rewrite <- (Fpmov_correct_ext p rs); auto; rewrite <- R; auto; + (try (apply Loc.in_notin_diff with temporaries; simpl; auto)). +intros r H1; right; generalize (dst_tmp2_res (p, nil, nil)); intros. +elim H2 with ( x := r ); + [intros H3 | simpl; rewrite app_nil; intros H3 | assumption + | rewrite STM_Pmov; rewrite SB_Pmov; auto]. +apply Loc.diff_sym; apply Loc.in_notin_diff with temporaries; auto. +generalize H3; unfold temporaries, temporaries2; intros; in_tac. +apply Loc.diff_sym; apply Loc.in_notin_diff with ( ll := getdst p ); auto. +Qed. + +Lemma parallel_move_correctX: + forall srcs dsts k rs m, + List.length srcs = List.length dsts -> + no_overlap srcs dsts -> + Loc.norepet dsts -> + Loc.disjoint srcs temporaries -> + Loc.disjoint dsts temporaries -> + (exists rs' , + exec_instrs ge sp (parallel_move srcs dsts k) rs m k rs' m /\ + (List.map rs' dsts = List.map rs srcs /\ + (rs' (R IT3) = rs (R IT3) /\ + (forall l, Loc.notin l dsts -> Loc.notin l temporaries -> rs' l = rs l))) ). +Proof. +intros; unfold parallel_move, parallel_move_order; + generalize (parallel_move_correct' (listsLoc2Moves srcs dsts) k rs m). +elim (getdst_lists2moves srcs dsts); auto. +intros heq1 heq2; rewrite heq1; rewrite heq2; unfold p_move. +intros H4; apply H4; auto. +unfold no_overlap_list; rewrite heq1; rewrite heq2; auto. +Qed. + +End parallel_move_correction. diff --git a/backend/Alloctyping.v b/backend/Alloctyping.v new file mode 100644 index 00000000..39e53eef --- /dev/null +++ b/backend/Alloctyping.v @@ -0,0 +1,509 @@ +(** Preservation of typing during register allocation. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Op. +Require Import Registers. +Require Import RTL. +Require Import Locations. +Require Import LTL. +Require Import Coloring. +Require Import Coloringproof. +Require Import Allocation. +Require Import Allocproof. +Require Import RTLtyping. +Require Import LTLtyping. +Require Import Conventions. +Require Import Alloctyping_aux. + +(** This file proves that register allocation (the translation from + RTL to LTL defined in file [Allocation]) preserves typing: + given a well-typed RTL input, it produces LTL code that is + well-typed. *) + +Section TYPING_FUNCTION. + +Variable f: RTL.function. +Variable env: regenv. +Variable live: PMap.t Regset.t. +Variable alloc: reg -> loc. +Variable tf: LTL.function. + +Hypothesis TYPE_RTL: type_rtl_function f = Some env. +Hypothesis ALLOC: regalloc f live (live0 f live) env = Some alloc. +Hypothesis TRANSL: transf_function f = Some tf. + +Lemma wt_rtl_function: RTLtyping.wt_function env f. +Proof. + apply type_rtl_function_correct; auto. +Qed. + +Lemma alloc_type: forall r, Loc.type (alloc r) = env r. +Proof. + intro. eapply regalloc_preserves_types; eauto. +Qed. + +Lemma alloc_types: + forall rl, List.map Loc.type (List.map alloc rl) = List.map env rl. +Proof. + intros. rewrite list_map_compose. apply list_map_exten. + intros. symmetry. apply alloc_type. +Qed. + +(** [loc_read_ok l] states whether location [l] is well-formed in an + argument context (for reading). *) + +Definition loc_read_ok (l: loc) : Prop := + match l with R r => True | S s => slot_bounded tf s end. + +(** [loc_write_ok l] states whether location [l] is well-formed in a + result context (for writing). *) + +Definition loc_write_ok (l: loc) : Prop := + match l with + | R r => True + | S (Incoming _ _) => False + | S s => slot_bounded tf s end. + +Definition locs_read_ok (ll: list loc) : Prop := + forall l, In l ll -> loc_read_ok l. + +Definition locs_write_ok (ll: list loc) : Prop := + forall l, In l ll -> loc_write_ok l. + +Remark loc_write_ok_read_ok: + forall l, loc_write_ok l -> loc_read_ok l. +Proof. + destruct l; simpl. auto. + destruct s; tauto. +Qed. +Hint Resolve loc_write_ok_read_ok: allocty. + +Remark locs_write_ok_read_ok: + forall ll, locs_write_ok ll -> locs_read_ok ll. +Proof. + unfold locs_write_ok, locs_read_ok. auto with allocty. +Qed. +Hint Resolve locs_write_ok_read_ok: allocty. + +Lemma alloc_write_ok: + forall r, loc_write_ok (alloc r). +Proof. + intros. generalize (regalloc_acceptable _ _ _ _ _ r ALLOC). + destruct (alloc r); simpl. auto. + destruct s; try contradiction. simpl. omega. +Qed. +Hint Resolve alloc_write_ok: allocty. + +Lemma allocs_write_ok: + forall rl, locs_write_ok (List.map alloc rl). +Proof. + intros; red; intros. + generalize (list_in_map_inv _ _ _ H). intros [r [EQ IN]]. + subst l. auto with allocty. +Qed. +Hint Resolve allocs_write_ok: allocty. + +(** * Typing LTL constructors *) + +(** We show that the LTL constructor functions defined in [Allocation] + generate well-typed LTL basic blocks, given sufficient typing + and well-formedness hypotheses over the locations involved. *) + +Lemma wt_add_reload: + forall src dst k, + loc_read_ok src -> + Loc.type src = mreg_type dst -> + wt_block tf k -> + wt_block tf (add_reload src dst k). +Proof. + intros. unfold add_reload. destruct src. + case (mreg_eq m dst); intro. auto. apply wt_Bopmove. exact H0. auto. + apply wt_Bgetstack. exact H0. exact H. auto. +Qed. + +Lemma wt_add_spill: + forall src dst k, + loc_write_ok dst -> + mreg_type src = Loc.type dst -> + wt_block tf k -> + wt_block tf (add_spill src dst k). +Proof. + intros. unfold add_spill. destruct dst. + case (mreg_eq src m); intro. auto. + apply wt_Bopmove. exact H0. auto. + apply wt_Bsetstack. generalize H. simpl. destruct s; auto. + symmetry. exact H0. generalize H. simpl. destruct s; auto. contradiction. + auto. +Qed. + +Lemma wt_add_reloads: + forall srcs dsts k, + locs_read_ok srcs -> + List.map Loc.type srcs = List.map mreg_type dsts -> + wt_block tf k -> + wt_block tf (add_reloads srcs dsts k). +Proof. + induction srcs; intros. + destruct dsts. simpl; auto. simpl in H0; discriminate. + destruct dsts; simpl in H0. discriminate. simpl. + apply wt_add_reload. apply H; apply in_eq. congruence. + apply IHsrcs. red; intros; apply H; apply in_cons; auto. + congruence. auto. +Qed. + +Lemma wt_reg_for: + forall l, mreg_type (reg_for l) = Loc.type l. +Proof. + intros. destruct l; simpl. auto. + case (slot_type s); reflexivity. +Qed. +Hint Resolve wt_reg_for: allocty. + +Lemma wt_regs_for_rec: + forall locs itmps ftmps, + (List.length locs <= List.length itmps)%nat -> + (List.length locs <= List.length ftmps)%nat -> + (forall r, In r itmps -> mreg_type r = Tint) -> + (forall r, In r ftmps -> mreg_type r = Tfloat) -> + List.map mreg_type (regs_for_rec locs itmps ftmps) = List.map Loc.type locs. +Proof. + induction locs; intros. + simpl. auto. + destruct itmps; simpl in H. omegaContradiction. + destruct ftmps; simpl in H0. omegaContradiction. + simpl. apply (f_equal2 (@cons typ)). + destruct a. reflexivity. simpl. case (slot_type s). + apply H1; apply in_eq. apply H2; apply in_eq. + apply IHlocs. omega. omega. + intros; apply H1; apply in_cons; auto. + intros; apply H2; apply in_cons; auto. +Qed. + +Lemma wt_regs_for: + forall locs, + (List.length locs <= 3)%nat -> + List.map mreg_type (regs_for locs) = List.map Loc.type locs. +Proof. + intros. unfold regs_for. apply wt_regs_for_rec. + simpl. auto. simpl. auto. + simpl; intros; intuition; subst r; reflexivity. + simpl; intros; intuition; subst r; reflexivity. +Qed. +Hint Resolve wt_regs_for: allocty. + +Lemma wt_add_move: + forall src dst b, + loc_read_ok src -> loc_write_ok dst -> + Loc.type src = Loc.type dst -> + wt_block tf b -> + wt_block tf (add_move src dst b). +Proof. + intros. unfold add_move. + case (Loc.eq src dst); intro. + auto. + destruct src. apply wt_add_spill; auto. + destruct dst. apply wt_add_reload; auto. + set (tmp := match slot_type s with Tint => IT1 | Tfloat => FT1 end). + apply wt_add_reload. auto. + simpl. unfold tmp. case (slot_type s); reflexivity. + apply wt_add_spill. auto. + simpl. simpl in H1. rewrite <- H1. unfold tmp. case (slot_type s); reflexivity. + auto. +Qed. + +Theorem wt_parallel_move: + forall srcs dsts b, + List.map Loc.type srcs = List.map Loc.type dsts -> + locs_read_ok srcs -> + locs_write_ok dsts -> wt_block tf b -> wt_block tf (parallel_move srcs dsts b). +Proof. + unfold locs_read_ok, locs_write_ok. + apply wt_parallel_moveX; simpl; auto. + exact wt_add_move. +Qed. + +Lemma wt_add_op_move: + forall src res s, + Loc.type src = Loc.type res -> + loc_read_ok src -> loc_write_ok res -> + wt_block tf (add_op Omove (src :: nil) res s). +Proof. + intros. unfold add_op. simpl. + apply wt_add_move. auto. auto. auto. constructor. +Qed. + +Lemma wt_add_op_undef: + forall res s, + loc_write_ok res -> + wt_block tf (add_op Oundef nil res s). +Proof. + intros. unfold add_op. simpl. + apply wt_Bopundef. apply wt_add_spill. auto. auto with allocty. + constructor. +Qed. + +Lemma wt_add_op_others: + forall op args res s, + op <> Omove -> op <> Oundef -> + (List.map Loc.type args, Loc.type res) = type_of_operation op -> + locs_read_ok args -> + loc_write_ok res -> + wt_block tf (add_op op args res s). +Proof. + intros. unfold add_op. + caseEq (is_move_operation op args). intros. + generalize (is_move_operation_correct op args H4). tauto. + intro. assert ((List.length args <= 3)%nat). + replace (length args) with (length (fst (type_of_operation op))). + apply Allocproof.length_type_of_operation. + rewrite <- H1. simpl. apply list_length_map. + generalize (wt_regs_for args H5); intro. + generalize (wt_reg_for res); intro. + apply wt_add_reloads. auto. auto. + apply wt_Bop. auto. auto. congruence. + apply wt_add_spill. auto. auto. constructor. +Qed. + +Lemma wt_add_load: + forall chunk addr args dst s, + List.map Loc.type args = type_of_addressing addr -> + Loc.type dst = type_of_chunk chunk -> + locs_read_ok args -> + loc_write_ok dst -> + wt_block tf (add_load chunk addr args dst s). +Proof. + intros. unfold add_load. + assert ((List.length args <= 2)%nat). + replace (length args) with (length (type_of_addressing addr)). + apply Allocproof.length_type_of_addressing. + rewrite <- H. apply list_length_map. + assert ((List.length args <= 3)%nat). omega. + generalize (wt_regs_for args H4); intro. + generalize (wt_reg_for dst); intro. + apply wt_add_reloads. auto. auto. + apply wt_Bload. congruence. congruence. + apply wt_add_spill. auto. auto. constructor. +Qed. + +Lemma wt_add_store: + forall chunk addr args src s, + List.map Loc.type args = type_of_addressing addr -> + Loc.type src = type_of_chunk chunk -> + locs_read_ok args -> + loc_read_ok src -> + wt_block tf (add_store chunk addr args src s). +Proof. + intros. unfold add_store. + assert ((List.length args <= 2)%nat). + replace (length args) with (length (type_of_addressing addr)). + apply Allocproof.length_type_of_addressing. + rewrite <- H. apply list_length_map. + assert ((List.length (src :: args) <= 3)%nat). simpl. omega. + generalize (wt_regs_for (src :: args) H4); intro. + caseEq (regs_for (src :: args)). + intro. constructor. + intros rsrc rargs EQ. rewrite EQ in H5. simpl in H5. + apply wt_add_reloads. + red; intros. elim H6; intro. subst l; auto. auto. + simpl. congruence. + apply wt_Bstore. congruence. congruence. constructor. +Qed. + +Lemma wt_add_call: + forall sig los args res s, + match los with inl l => Loc.type l = Tint | inr s => True end -> + List.map Loc.type args = sig.(sig_args) -> + Loc.type res = match sig.(sig_res) with None => Tint | Some ty => ty end -> + locs_read_ok args -> + match los with inl l => loc_read_ok l | inr s => True end -> + loc_write_ok res -> + wt_block tf (add_call sig los args res s). +Proof. + intros. + assert (locs_write_ok (loc_arguments sig)). + red; intros. generalize (loc_arguments_acceptable sig l H5). + destruct l; simpl. auto. + destruct s0; try contradiction. simpl. omega. + unfold add_call. destruct los. + apply wt_add_reload. auto. simpl; congruence. + apply wt_parallel_move. rewrite loc_arguments_type. auto. + auto. auto. + apply wt_Bcall. reflexivity. + apply wt_add_spill. auto. + rewrite loc_result_type. auto. constructor. + apply wt_parallel_move. rewrite loc_arguments_type. auto. + auto. auto. + apply wt_Bcall. auto. + apply wt_add_spill. auto. + rewrite loc_result_type. auto. constructor. +Qed. + +Lemma wt_add_cond: + forall cond args ifso ifnot, + List.map Loc.type args = type_of_condition cond -> + locs_read_ok args -> + wt_block tf (add_cond cond args ifso ifnot). +Proof. + intros. + assert ((List.length args) <= 3)%nat. + replace (length args) with (length (type_of_condition cond)). + apply Allocproof.length_type_of_condition. + rewrite <- H. apply list_length_map. + generalize (wt_regs_for args H1). intro. + unfold add_cond. apply wt_add_reloads. + auto. auto. + apply wt_Bcond. congruence. +Qed. + +Lemma wt_add_return: + forall sig optarg, + option_map Loc.type optarg = sig.(sig_res) -> + match optarg with None => True | Some arg => loc_read_ok arg end -> + wt_block tf (add_return sig optarg). +Proof. + intros. unfold add_return. destruct optarg. + apply wt_add_reload. auto. rewrite loc_result_type. + simpl in H. destruct (sig_res sig). congruence. discriminate. + constructor. + apply wt_Bopundef. constructor. +Qed. + +Lemma wt_add_undefs: + forall ll b, + wt_block tf b -> wt_block tf (add_undefs ll b). +Proof. + induction ll; intros. + simpl. auto. + simpl. destruct a. apply wt_Bopundef. auto. auto. +Qed. + +Lemma wt_add_entry: + forall params undefs s, + List.map Loc.type params = sig_args (RTL.fn_sig f) -> + locs_write_ok params -> + wt_block tf (add_entry (RTL.fn_sig f) params undefs s). +Proof. + set (sig := RTL.fn_sig f). + assert (sig = tf.(fn_sig)). + unfold sig. symmetry. apply Allocproof.sig_function_translated. auto. + assert (locs_read_ok (loc_parameters sig)). + red; unfold loc_parameters. intros. + generalize (list_in_map_inv _ _ _ H0). intros [l1 [EQ IN]]. + subst l. generalize (loc_arguments_acceptable _ _ IN). + destruct l1. simpl. auto. + destruct s; try contradiction. + simpl; intros. split. omega. rewrite <- H. + apply loc_arguments_bounded. auto. + intros. unfold add_entry. + apply wt_parallel_move. rewrite loc_parameters_type. auto. + auto. auto. + apply wt_add_undefs. constructor. +Qed. + +(** * Type preservation during translation from RTL to LTL *) + +Lemma wt_transf_instr: + forall pc instr, + RTLtyping.wt_instr env f instr -> + wt_block tf (transf_instr f live alloc pc instr). +Proof. + intros. inversion H; simpl. + (* nop *) + constructor. + (* move *) + case (Regset.mem r live!!pc). + apply wt_add_op_move; auto with allocty. + repeat rewrite alloc_type. auto. constructor. + (* undef *) + case (Regset.mem r live!!pc). + apply wt_add_op_undef; auto with allocty. + constructor. + (* other ops *) + case (Regset.mem res live!!pc). + apply wt_add_op_others; auto with allocty. + rewrite alloc_types. rewrite alloc_type. auto. + constructor. + (* load *) + case (Regset.mem dst live!!pc). + apply wt_add_load; auto with allocty. + rewrite alloc_types. auto. rewrite alloc_type. auto. + constructor. + (* store *) + apply wt_add_store; auto with allocty. + rewrite alloc_types. auto. rewrite alloc_type. auto. + (* call *) + apply wt_add_call. + destruct ros; simpl. rewrite alloc_type; auto. auto. + rewrite alloc_types; auto. + rewrite alloc_type. auto. + auto with allocty. + destruct ros; simpl; auto with allocty. + auto with allocty. + (* cond *) + apply wt_add_cond. rewrite alloc_types; auto. auto with allocty. + (* return *) + apply wt_add_return. + destruct optres; simpl. rewrite alloc_type. exact H0. exact H0. + destruct optres; simpl; auto with allocty. +Qed. + +Lemma wt_transf_instrs: + let c := PTree.map (transf_instr f live alloc) (RTL.fn_code f) in + forall pc b, c!pc = Some b -> wt_block tf b. +Proof. + intros until b. + unfold c. rewrite PTree.gmap. caseEq (RTL.fn_code f)!pc. + intros instr EQ. simpl. intros. injection H; intro; subst b. + apply wt_transf_instr. eapply RTLtyping.wt_instrs; eauto. + apply wt_rtl_function. + simpl; intros; discriminate. +Qed. + +Lemma wt_transf_entrypoint: + let c := transf_entrypoint f live alloc + (PTree.map (transf_instr f live alloc) (RTL.fn_code f)) in + (forall pc b, c!pc = Some b -> wt_block tf b). +Proof. + simpl. unfold transf_entrypoint. + intros pc b. rewrite PTree.gsspec. + case (peq pc (fn_nextpc f)); intros. + injection H; intro; subst b. + apply wt_add_entry. + rewrite alloc_types. eapply RTLtyping.wt_params. apply wt_rtl_function. + auto with allocty. + apply wt_transf_instrs with pc; auto. +Qed. + +End TYPING_FUNCTION. + +Lemma wt_transf_function: + forall f tf, + transf_function f = Some tf -> wt_function tf. +Proof. + intros. generalize H; unfold transf_function. + caseEq (type_rtl_function f). intros env TYP. + caseEq (analyze f). intros live ANL. + change (transfer f (RTL.fn_entrypoint f) + live!!(RTL.fn_entrypoint f)) + with (live0 f live). + caseEq (regalloc f live (live0 f live) env). + intros alloc ALLOC. + intro EQ; injection EQ; intro; subst tf. + red. simpl. intros. eapply wt_transf_entrypoint; eauto. + intros; discriminate. + intros; discriminate. + intros; discriminate. +Qed. + +Lemma program_typing_preserved: + forall (p: RTL.program) (tp: LTL.program), + transf_program p = Some tp -> + LTLtyping.wt_program tp. +Proof. + intros; red; intros. + generalize (transform_partial_program_function transf_function p i f H H0). + intros [f0 [IN TRANSF]]. + apply wt_transf_function with f0; auto. +Qed. diff --git a/backend/Alloctyping_aux.v b/backend/Alloctyping_aux.v new file mode 100644 index 00000000..0013c240 --- /dev/null +++ b/backend/Alloctyping_aux.v @@ -0,0 +1,895 @@ +(** Type preservation for parallel move compilation. *) + +(** This file, contributed by Laurence Rideau, shows that the parallel + move compilation algorithm (file [Parallelmove]) generates a well-typed + sequence of LTL instructions, provided the original problem is well-typed: + the types of source and destination locations match pairwise. *) + +Require Import Coqlib. +Require Import Locations. +Require Import LTL. +Require Import Allocation. +Require Import LTLtyping. +Require Import Allocproof_aux. +Require Import Parallelmove. +Require Import Inclusion. + +Section wt_move_correction. +Variable tf : LTL.function. +Variable loc_read_ok : loc -> Prop. +Hypothesis loc_read_ok_R : forall r, loc_read_ok (R r). +Variable loc_write_ok : loc -> Prop. +Hypothesis loc_write_ok_R : forall r, loc_write_ok (R r). + +Let locs_read_ok (ll : list loc) : Prop := + forall l, In l ll -> loc_read_ok l. + +Let locs_write_ok (ll : list loc) : Prop := + forall l, In l ll -> loc_write_ok l. + +Hypothesis + wt_add_move : + forall (src dst : loc) (b : LTL.block), + loc_read_ok src -> + loc_write_ok dst -> + Loc.type src = Loc.type dst -> + wt_block tf b -> wt_block tf (add_move src dst b). + +Lemma in_move__in_srcdst: + forall m p, In m p -> In (fst m) (getsrc p) /\ In (snd m) (getdst p). +Proof. +intros; induction p. +inversion H. +destruct a as [a1 a2]; destruct m as [m1 m2]; simpl. +elim H; intro. +inversion H0. +subst a2; subst a1. +split; [left; trivial | left; trivial]. +split; right; (elim IHp; simpl; intros; auto). +Qed. + +Lemma T_type: forall r, Loc.type r = Loc.type (T r). +Proof. +intro; unfold T. +case (Loc.type r); auto. +Qed. + +Theorem incl_nil: forall A (l : list A), incl nil l. +Proof. +intros A l a; simpl; intros H; case H. +Qed. +Hint Resolve incl_nil :datatypes. + +Lemma split_move_incl: + forall (l t1 t2 : Moves) (s d : Reg), + split_move l s = Some (t1, d, t2) -> incl t1 l /\ incl t2 l. +Proof. +induction l. +simpl; (intros; discriminate). +intros t1 t2 s d; destruct a as [a1 a2]; simpl. +case (Loc.eq a1 s); intro. +intros. +inversion H. +split; auto. +apply incl_nil. +apply incl_tl; apply incl_refl; auto. +caseEq (split_move l s); intro; (try (intros; discriminate)). +destruct p as [[p1 p2] p3]. +intros. +inversion H0. +elim (IHl p1 p3 s p2); intros; auto. +subst p3. +split; auto. +generalize H1; unfold incl; simpl. +intros H4 a [H7|H6]; [try exact H7 | idtac]. +left; (try assumption). +right; apply H4; auto. +apply incl_tl; auto. +Qed. + +Lemma in_split_move: + forall (l t1 t2 : Moves) (s d : Reg), + split_move l s = Some (t1, d, t2) -> In (s, d) l. +Proof. +induction l. +simpl; intros; discriminate. +intros t1 t2 s d; simpl. +destruct a as [a1 a2]. +case (Loc.eq a1 s). +intros. +inversion H. +subst a1; left; auto. +intro; caseEq (split_move l s); (intros; (try discriminate)). +destruct p as [[p1 p2] p3]. +right; inversion H0. +subst p2. +apply (IHl p1 p3); auto. +Qed. + +Lemma move_types_stepf: + forall S1, + (forall x1 x2, + In (x1, x2) (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1)) -> + Loc.type x1 = Loc.type x2) -> + forall x1 x2, + In + (x1, x2) + (StateToMove (stepf S1) ++ (StateBeing (stepf S1) ++ StateDone (stepf S1))) -> + Loc.type x1 = Loc.type x2. +Proof. +intros S1 H x1 x2. +destruct S1 as [[t1 b1] d1]; set (S1:=(t1, b1, d1)); destruct t1; destruct b1; + auto; simpl StateToMove in H |-; simpl StateBeing in H |-; + simpl StateDone in H |-; simpl app in H |-. +intro; + elim + (in_app_or + (StateToMove (stepf S1)) (StateBeing (stepf S1) ++ StateDone (stepf S1)) + (x1, x2)); auto. +assert (StateToMove (stepf S1) = nil). +simpl stepf. +destruct m as [s d]. +case (Loc.eq d (fst (last b1))); case b1; simpl; auto. +rewrite H1; intros H2; inversion H2. +intro; elim (in_app_or (StateBeing (stepf S1)) (StateDone (stepf S1)) (x1, x2)); + auto. +assert + (StateBeing (stepf S1) = nil \/ + (StateBeing (stepf S1) = b1 \/ StateBeing (stepf S1) = replace_last_s b1)). +simpl stepf. +destruct m as [s d]. +case (Loc.eq d (fst (last b1))); case b1; simpl; auto. +elim H2; [intros H3; (try clear H2); (try exact H3) | intros H3; (try clear H2)]. +rewrite H3; intros H4; inversion H4. +elim H3; [intros H2; (try clear H3); (try exact H2) | intros H2; (try clear H3)]. +rewrite H2; intros H4. +apply H; (try in_tac). +rewrite H2; intros H4. +caseEq b1; intro; simpl; auto. +rewrite H3 in H4; simpl in H4 |-; inversion H4. +intros l H5; rewrite H5 in H4. +generalize (app_rewriter _ l m0). +intros [y [r H3]]; (try exact H3). +rewrite H3 in H4. +destruct y. +rewrite last_replace in H4. +elim (in_app_or r ((T r0, r1) :: nil) (x1, x2)); auto. +intro; apply H. +rewrite H5. +rewrite H3; in_tac. +intros H6; inversion H6. +inversion H7. +rewrite <- T_type. +rewrite <- H10; apply H. +rewrite H5; rewrite H3; (try in_tac). +assert (In (r0, r1) ((r0, r1) :: nil)); [simpl; auto | in_tac]. +inversion H7. +intro. +destruct m as [s d]. +assert + (StateDone (stepf S1) = (s, d) :: d1 \/ + StateDone (stepf S1) = (s, d) :: ((d, T d) :: d1)). +simpl. +case (Loc.eq d (fst (last b1))); case b1; simpl; auto. +elim H3; [intros H4; (try clear H3); (try exact H4) | intros H4; (try clear H3)]. +apply H; (try in_tac). +rewrite H4 in H2; in_tac. +rewrite H4 in H2. +simpl in H2 |-. +elim H2; [intros H3; apply H | intros H3; elim H3; intros; [idtac | apply H]]; + (try in_tac). +simpl; left; auto. +inversion H5; apply T_type. +intro; + elim + (in_app_or + (StateToMove (stepf S1)) (StateBeing (stepf S1) ++ StateDone (stepf S1)) + (x1, x2)); auto. +simpl stepf. +destruct m as [s d]. +case (Loc.eq s d); simpl; intros; apply H; in_tac. +intro; elim (in_app_or (StateBeing (stepf S1)) (StateDone (stepf S1)) (x1, x2)); + auto. +simpl stepf. +destruct m as [s d]. +case (Loc.eq s d); intros; apply H; (try in_tac). +inversion H2. +simpl stepf. +destruct m as [s d]. +case (Loc.eq s d); intros; apply H; (try in_tac). +simpl in H2 |-; in_tac. +simpl in H2 |-; in_tac. +intro; + elim + (in_app_or + (StateToMove (stepf S1)) (StateBeing (stepf S1) ++ StateDone (stepf S1)) + (x1, x2)); auto. +simpl stepf. +destruct m as [s d]. +destruct m0 as [s0 d0]. +case (Loc.eq s d0); [simpl; intros; apply H; in_tac | idtac]. +caseEq (split_move t1 d0); intro. +destruct p as [[t2 b2] d2]. +intros Hsplit Hd; simpl StateToMove; intro. +elim (split_move_incl t1 t2 d2 d0 b2 Hsplit); auto. +intros; apply H. +assert (In (x1, x2) ((s, d) :: (t1 ++ t1))). +generalize H1; simpl; intros. +elim H4; [intros H5; left; (try exact H5) | intros H5; right]. +elim (in_app_or t2 d2 (x1, x2)); auto; intro; apply in_or_app; left. +unfold incl in H2 |-. +apply H2; auto. +unfold incl in H3 |-; apply H3; auto. +in_tac. +intro; case (Loc.eq d0 (fst (last b1))); case b1; auto; simpl StateToMove; + intros; apply H; in_tac. +intro; elim (in_app_or (StateBeing (stepf S1)) (StateDone (stepf S1)) (x1, x2)); + auto. +simpl stepf. +destruct m as [s d]. +destruct m0 as [s0 d0]. +case (Loc.eq s d0). +intros e; rewrite <- e; simpl StateBeing. +rewrite <- e in H. +intro; apply H; in_tac. +caseEq (split_move t1 d0); intro. +destruct p as [[t2 b2] d2]. +simpl StateBeing. +intros. +apply H. +generalize (in_split_move t1 t2 d2 d0 b2 H2). +intros. +elim H3; intros. +rewrite <- H5. +in_tac. +in_tac. +caseEq b1. +simpl; intros e n F; elim F. +intros m l H3 H4. +case (Loc.eq d0 (fst (last (m :: l)))). +generalize (app_rewriter Move l m). +intros [y [r H5]]; rewrite H5. +simpl StateBeing. +destruct y as [y1 y2]; generalize (last_replace r y1 y2). +simpl; intros heq H6. +unfold Move in heq |-; unfold Move. +rewrite heq. +intro. +elim (in_app_or r ((T y1, y2) :: nil) (x1, x2)); auto. +intro; apply H. +rewrite H3; rewrite H5; in_tac. +simpl; intros [H8|H8]; inversion H8. +rewrite <- T_type. +apply H. +rewrite H3; rewrite H5. +rewrite <- H11; assert (In (y1, y2) ((y1, y2) :: nil)); auto. +simpl; auto. +in_tac. +simpl StateBeing; intros. +apply H; rewrite H3; (try in_tac). +simpl stepf. +destruct m as [s d]. +destruct m0 as [s0 d0]. +case (Loc.eq s d0); [simpl; intros; apply H; in_tac | idtac]. +caseEq (split_move t1 d0); intro. +destruct p as [[t2 b2] d2]. +intros Hsplit Hd; simpl StateDone; intro. +apply H; (try in_tac). +case (Loc.eq d0 (fst (last b1))); case b1; simpl StateDone; intros; + (try (apply H; in_tac)). +elim H3; intros. +apply H. +assert (In (x1, x2) ((s0, d0) :: nil)); auto. +rewrite H4; auto. +simpl; left; auto. +in_tac. +elim H4; intros. +inversion H5; apply T_type. +apply H; in_tac. +Qed. + +Lemma move_types_res: + forall S1, + (forall x1 x2, + In (x1, x2) (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1)) -> + Loc.type x1 = Loc.type x2) -> + forall x1 x2, + In + (x1, x2) + (StateToMove (Pmov S1) ++ (StateBeing (Pmov S1) ++ StateDone (Pmov S1))) -> + Loc.type x1 = Loc.type x2. +Proof. +intros S1; elim S1 using (well_founded_ind (Wf_nat.well_founded_ltof _ mesure)). +clear S1; intros S1 Hrec. +destruct S1 as [[t b] d]; set (S1:=(t, b, d)). +unfold S1; rewrite Pmov_equation; intros. +destruct t; auto. +destruct b; auto. +apply (Hrec (stepf S1)). +apply stepf1_dec; auto. +apply move_types_stepf; auto. +unfold S1; auto. +apply (Hrec (stepf S1)). +apply stepf1_dec; auto. +apply move_types_stepf; auto. +unfold S1; auto. +Qed. + +Lemma srcdst_tmp2_stepf: + forall S1 x1 x2, + In + (x1, x2) + (StateToMove (stepf S1) ++ (StateBeing (stepf S1) ++ StateDone (stepf S1))) -> + (In x1 temporaries2 \/ + In x1 (getsrc (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1)))) /\ + (In x2 temporaries2 \/ + In x2 (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1)))). +Proof. +intros S1 x1 x2 H. +(repeat rewrite getsrc_app); (repeat rewrite getdst_app). +destruct S1 as [[t1 b1] d1]; set (S1:=(t1, b1, d1)); destruct t1; destruct b1; + auto. +simpl in H |-. +elim (in_move__in_srcdst (x1, x2) d1); intros; auto. +elim + (in_app_or + (StateToMove (stepf S1)) (StateBeing (stepf S1) ++ StateDone (stepf S1)) + (x1, x2)); auto. +assert (StateToMove (stepf S1) = nil). +simpl stepf. +destruct m as [s d]. +case (Loc.eq d (fst (last b1))); case b1; simpl; auto. +rewrite H0; intros H2; inversion H2. +intro; elim (in_app_or (StateBeing (stepf S1)) (StateDone (stepf S1)) (x1, x2)); + auto. +simpl stepf. +destruct m as [s d]. +caseEq b1. +simpl. +intros h1 h2; inversion h2. +intros m l heq; generalize (app_rewriter _ l m). +intros [y [r H3]]; (try exact H3). +rewrite H3. +destruct y. +rewrite last_app; simpl fst. +case (Loc.eq d r0). +intros heqd. +rewrite last_replace. +simpl. +intro; elim (in_app_or r ((T r0, r1) :: nil) (x1, x2)); auto. +rewrite heq; rewrite H3. +rewrite getsrc_app; simpl; rewrite getdst_app; simpl. +intro; elim (in_move__in_srcdst (x1, x2) r); auto; simpl; intros; split; right; + right; in_tac. +intro. +inversion H2; inversion H4. +split. +unfold T; case (Loc.type r0); left; [left | right]; auto. +right; right; (try assumption). +rewrite heq; rewrite H3. +rewrite H7; simpl. +rewrite getdst_app; simpl. +assert (In x2 (x2 :: nil)); simpl; auto. +in_tac. +simpl StateBeing. +intros; elim (in_move__in_srcdst (x1, x2) (r ++ ((r0, r1) :: nil))); auto; + intros; split; right; right. +unfold snd in H4 |-; unfold fst in H2 |-; rewrite heq; rewrite H3; (try in_tac). +unfold snd in H4 |-; unfold fst in H2 |-; rewrite heq; rewrite H3; (try in_tac). +simpl stepf. +destruct m as [s d]. +caseEq b1; intro. +simpl StateDone; intro. +unfold S1, StateToMove, StateBeing. +simpl app. +elim (in_move__in_srcdst (x1, x2) ((s, d) :: d1)); auto; intros; split; right. +simpl snd in H4 |-; simpl fst in H3 |-; simpl getdst in H4 |-; + simpl getsrc in H3 |-; (try in_tac). +simpl snd in H4 |-; simpl fst in H3 |-; simpl getdst in H4 |-; + simpl getsrc in H3 |-; (try in_tac). +intros; generalize (app_rewriter _ l m). +intros [y [r H4]]. +generalize H2; rewrite H4; rewrite last_app. +destruct y as [y1 y2]. +simpl fst. +case (Loc.eq d y1). +simpl StateDone; intros. +elim H3; [intros H6; inversion H6; (try exact H6) | intros H6; (try clear H5)]. +simpl; split; right; left; auto. +elim H6; [intros H5; inversion H5; (try exact H5) | intros H5; (try clear H6)]. +split; [right; simpl; right | left]. +rewrite H1; rewrite H4; rewrite getsrc_app; simpl getsrc. +rewrite <- e; rewrite H8; assert (In x1 (x1 :: nil)); simpl; auto; (try in_tac). +unfold T; case (Loc.type x1); simpl; auto. +elim (in_move__in_srcdst (x1, x2) d1); auto; intros; split; right; right; + (try in_tac). +intro; simpl StateDone. +unfold S1, StateToMove, StateBeing, StateDone. +simpl getsrc; simpl app; (try in_tac). +intro; elim (in_move__in_srcdst (x1, x2) ((s, d) :: d1)); + (auto; (simpl fst; simpl snd; simpl getsrc; simpl getdst); intros); + (split; right; (try in_tac)). +unfold S1, StateToMove, StateBeing, StateDone. +elim + (in_app_or + (StateToMove (stepf S1)) (StateBeing (stepf S1) ++ StateDone (stepf S1)) + (x1, x2)); auto. +simpl stepf. +destruct m as [s d]. +case (Loc.eq s d). +simpl StateToMove. +intros; elim (in_move__in_srcdst (x1, x2) t1); auto; + (repeat (rewrite getsrc_app; simpl getsrc)); + (repeat (rewrite getdst_app; simpl getdst)); simpl fst; simpl snd; intros; + split; right; simpl; right; (try in_tac). +simpl StateToMove. +intros; elim (in_move__in_srcdst (x1, x2) t1); auto; + (repeat (rewrite getsrc_app; simpl getsrc)); + (repeat (rewrite getdst_app; simpl getdst)); simpl fst; simpl snd; intros; + split; right; simpl; right; (try in_tac). +intro; elim (in_app_or (StateBeing (stepf S1)) (StateDone (stepf S1)) (x1, x2)); + auto. +simpl stepf. +destruct m as [s d]. +case (Loc.eq s d). +simpl StateBeing; intros h1 h2; inversion h2. +simpl StateBeing; intros h1 h2. +elim (in_move__in_srcdst (x1, x2) ((s, d) :: nil)); auto; simpl fst; simpl snd; + simpl; intros; split; right; (try in_tac). +elim H1; [intros H3; left; (try exact H3) | intros H3; inversion H3]. +elim H2; [intros H3; left; (try exact H3) | intros H3; inversion H3]. +simpl stepf. +destruct m as [s d]. +case (Loc.eq s d). +simpl StateDone; intros h1 h2. +elim (in_move__in_srcdst (x1, x2) d1); auto; simpl fst; simpl snd; simpl; + intros; split; right; right; (try in_tac). +simpl StateDone; intros h1 h2. +elim (in_move__in_srcdst (x1, x2) d1); auto; simpl fst; simpl snd; simpl; + intros; split; right; right; (try in_tac). +elim + (in_app_or + (StateToMove (stepf S1)) (StateBeing (stepf S1) ++ StateDone (stepf S1)) + (x1, x2)); auto. +simpl stepf. +destruct m as [s d]. +destruct m0 as [s0 d0]. +case (Loc.eq s d0). +unfold S1, StateToMove, StateBeing, StateDone. +simpl app at 1. +intros; elim (in_move__in_srcdst (x1, x2) t1); + (auto; simpl; intros; (split; right; right; (try in_tac))). +intro; caseEq (split_move t1 d0); intro. +destruct p as [[t2 b2] d2]. +intros Hsplit; unfold S1, StateToMove, StateBeing, StateDone; intro. +elim (split_move_incl t1 t2 d2 d0 b2 Hsplit); auto. +intros. +assert (In (x1, x2) ((s, d) :: (t1 ++ t1))). +generalize H0; simpl; intros. +elim H3; [intros H5; left; (try exact H5) | intros H5; right]. +elim (in_app_or t2 d2 (x1, x2)); auto; intro; apply in_or_app; left. +unfold incl in H1 |-. +apply H1; auto. +unfold incl in H2 |-; apply H2; auto. +split; right. +elim (in_move__in_srcdst (x1, x2) ((s, d) :: (t1 ++ t1))); + (auto; simpl; intros; (try in_tac)). +elim H4; [intros H6; (try clear H4); (try exact H6) | intros H6; (try clear H4)]. +left; (try assumption). +right; (try in_tac). +rewrite getsrc_app in H6; (try in_tac). +elim (in_move__in_srcdst (x1, x2) ((s, d) :: (t1 ++ t1))); + (auto; simpl; intros; (try in_tac)). +elim H5; [intros H6; (try clear H5); (try exact H6) | intros H6; (try clear H5)]. +left; (try assumption). +right; rewrite getdst_app in H6; (try in_tac). +caseEq b1; intro. +unfold S1, StateToMove, StateBeing, StateDone. +intro; elim (in_move__in_srcdst (x1, x2) ((s, d) :: t1)); (auto; intros). +simpl snd in H4 |-; simpl fst in H3 |-; split; right; (try in_tac). +intros l heq; generalize (app_rewriter _ l m). +intros [y [r H1]]; rewrite H1. +destruct y as [y1 y2]. +rewrite last_app; simpl fst. +case (Loc.eq d0 y1). +unfold S1, StateToMove, StateBeing, StateDone. +intros; elim (in_move__in_srcdst (x1, x2) ((s, d) :: t1)); auto; intros. +simpl snd in H4 |-; simpl fst in H3 |-; (split; right; (try in_tac)). +unfold S1, StateToMove, StateBeing, StateDone. +intros; elim (in_move__in_srcdst (x1, x2) ((s, d) :: t1)); auto; intros. +simpl snd in H4 |-; simpl fst in H3 |-; (split; right; (try in_tac)). +intro; elim (in_app_or (StateBeing (stepf S1)) (StateDone (stepf S1)) (x1, x2)); + auto. +simpl stepf. +destruct m as [s d]. +destruct m0 as [s0 d0]. +case (Loc.eq s d0). +intros e; rewrite <- e; simpl StateBeing. +unfold S1, StateToMove, StateBeing, StateDone. +intros; elim (in_move__in_srcdst (x1, x2) ((s, d) :: ((s0, s) :: b1))); auto; + simpl; intros. +split; right; (try in_tac). +elim H2; [intros H4; left; (try exact H4) | intros H4; (try clear H2)]. +elim H4; [intros H2; right; (try exact H2) | intros H2; (try clear H4)]. +assert (In x1 (s0 :: nil)); auto; (try in_tac). +simpl; auto. +right; (try in_tac). +elim H3; [intros H4; left; (try exact H4) | intros H4; (try clear H3)]. +elim H4; [intros H3; right; (try exact H3) | intros H3; (try clear H4)]. +rewrite <- e; (try in_tac). +assert (In x2 (s :: nil)); [simpl; auto | try in_tac]. +right; (try in_tac). +intro; caseEq (split_move t1 d0); intro. +destruct p as [[t2 b2] d2]. +simpl StateBeing. +intros. +generalize (in_split_move t1 t2 d2 d0 b2 H1). +intros. +split; right; elim H2; intros. +rewrite H4 in H3; elim (in_move__in_srcdst (x1, x2) t1); auto; intros. +simpl snd in H6 |-; simpl fst in H5 |-; (try in_tac). +unfold S1, StateToMove, StateBeing, StateDone. +simpl getsrc; (try in_tac). +elim (in_move__in_srcdst (x1, x2) ((s0, d0) :: b1)); (auto; intros). +simpl snd in H6 |-; simpl fst in H5 |-; (try in_tac). +unfold S1, StateToMove, StateBeing, StateDone. +simpl. +simpl in H5 |-. +elim H5; [intros H7; (try clear H5); (try exact H7) | intros H7; (try clear H5)]. +assert (In x1 (s0 :: nil)); simpl; auto. +right; in_tac. +right; in_tac. +inversion H4. +simpl. +subst b2. +rewrite H4 in H3. +elim (in_move__in_srcdst (x1, x2) t1); (auto; intros). +simpl snd in H7 |-. +right; in_tac. +unfold S1, StateToMove, StateBeing, StateDone. +elim (in_move__in_srcdst (x1, x2) ((s0, d0) :: b1)); auto; intros. +simpl snd in H6 |-; (try in_tac). +apply + (in_or_app (getdst ((s, d) :: t1)) (getdst ((s0, d0) :: b1) ++ getdst d1) x2); + right; (try in_tac). +caseEq b1. +intros h1 h2; inversion h2. +intros m l heq. +generalize (app_rewriter _ l m); intros [y [r H2]]; rewrite H2. +destruct y as [y1 y2]. +rewrite last_app; simpl fst. +case (Loc.eq d0 y1). +unfold S1, StateToMove, StateBeing, StateDone. +generalize (last_replace r y1 y2). +unfold Move; intros H3 H6. +rewrite H3. +intro. +elim (in_app_or r ((T y1, y2) :: nil) (x1, x2)); auto. +intro. +rewrite heq; rewrite H2; (split; right). +elim (in_move__in_srcdst (x1, x2) r); auto; simpl fst; simpl snd; intros; + (try in_tac). +simpl. +rewrite getsrc_app; (right; (try in_tac)). +elim (in_move__in_srcdst (x1, x2) r); auto; simpl fst; simpl snd; intros; + (try in_tac). +simpl. +rewrite getdst_app; right; (try in_tac). +intros h; inversion h; inversion H5. +split; [left; simpl; auto | right]. +unfold T; case (Loc.type y1); auto. +subst y2. +rewrite heq; rewrite H2. +simpl. +rewrite getdst_app; simpl. +assert (In x2 (x2 :: nil)); [simpl; auto | right; (try in_tac)]. +unfold S1, StateToMove, StateBeing, StateDone. +intro; rewrite heq; rewrite H2; (split; right). +intros; elim (in_move__in_srcdst (x1, x2) (r ++ ((y1, y2) :: nil))); auto; + intros. +simpl snd in H5 |-; simpl fst in H4 |-. +simpl. +right; (try in_tac). +apply in_or_app; right; simpl; right; (try in_tac). +elim (in_move__in_srcdst (x1, x2) (r ++ ((y1, y2) :: nil))); auto; intros. +simpl snd in H5 |-. +simpl. +right; (try in_tac). +apply in_or_app; right; simpl; right; (try in_tac). +simpl stepf. +destruct m as [s d]. +destruct m0 as [s0 d0]. +case (Loc.eq s d0). +unfold S1, StateToMove, StateBeing, StateDone. +intros; elim (in_move__in_srcdst (x1, x2) d1); auto; intros. +simpl in H3 |-; simpl in H2 |-. +split; right; (try in_tac). +intro; caseEq (split_move t1 d0); intro. +destruct p as [[t2 b2] d2]. +simpl StateDone. +unfold S1, StateToMove, StateBeing, StateDone. +intros; elim (in_move__in_srcdst (x1, x2) d1); auto; intros. +simpl in H3 |-; simpl in H4 |-. +split; right; (try in_tac). +caseEq b1. +unfold S1, StateToMove, StateBeing, StateDone. +intros; elim (in_move__in_srcdst (x1, x2) ((s0, d0) :: d1)); auto; intros. +simpl in H5 |-; simpl in H4 |-; split; right; (try in_tac). +simpl. +elim H4; [intros H6; right; (try exact H6) | intros H6; (try clear H4)]. +assert (In x1 (x1 :: nil)); [simpl; auto | rewrite H6; (try in_tac)]. +right; (try in_tac). +elim H5; [intros H6; right; simpl; (try exact H6) | intros H6; (try clear H5)]. +assert (In x2 (x2 :: nil)); [simpl; auto | rewrite H6; (try in_tac)]. +try in_tac. +intros m l heq. +generalize (app_rewriter _ l m); intros [y [r H2]]; rewrite H2. +destruct y as [y1 y2]. +rewrite last_app; simpl fst. +case (Loc.eq d0 y1). +unfold S1, StateToMove, StateBeing, StateDone. +unfold S1, StateToMove, StateBeing, StateDone. +intros. +elim H3; intros. +inversion H4. +simpl; split; right; auto. +right; apply in_or_app; right; simpl; auto. +right; apply in_or_app; right; simpl; auto. +elim H4; intros. +inversion H5. +simpl; split; [right | left]. +rewrite heq; rewrite H2; simpl. +rewrite <- e; rewrite H7. +rewrite getsrc_app; simpl. +right; assert (In x1 (x1 :: nil)); [simpl; auto | try in_tac]. +unfold T; case (Loc.type x1); auto. +elim (in_move__in_srcdst (x1, x2) d1); (auto; intros). +simpl snd in H7 |-; simpl fst in H6 |-; split; right; (try in_tac). +unfold S1, StateToMove, StateBeing, StateDone. +intros; elim (in_move__in_srcdst (x1, x2) ((s0, d0) :: d1)); + (auto; simpl; intros). +split; right. +elim H4; [intros H6; right; (try exact H6) | intros H6; (try clear H4)]. +apply in_or_app; right; simpl; auto. +right; (try in_tac). +elim H5; [intros H6; right; (try exact H6) | intros H6; (try clear H5)]. +apply in_or_app; right; simpl; auto. +right; (try in_tac). +Qed. + +Lemma getsrc_f: forall s l, In s (getsrc l) -> (exists d , In (s, d) l ). +Proof. +induction l; simpl getsrc. +simpl; (intros h; elim h). +intros; destruct a as [a1 a2]. +simpl in H |-. +elim H; [intros H0; (try clear H); (try exact H0) | intros H0; (try clear H)]. +subst a1. +exists a2; simpl; auto. +simpl. +elim IHl; [intros d H; (try clear IHl); (try exact H) | idtac]; auto. +exists d; [right; (try assumption)]. +Qed. + +Lemma incl_src: forall l1 l2, incl l1 l2 -> incl (getsrc l1) (getsrc l2). +Proof. +intros. +unfold incl in H |-. +unfold incl. +intros a H0; (try assumption). +generalize (getsrc_f a). +intros H1; elim H1 with ( l := l1 ); + [intros d H2; (try clear H1); (try exact H2) | idtac]; auto. +assert (In (a, d) l2). +apply H; auto. +elim (in_move__in_srcdst (a, d) l2); auto. +Qed. + +Lemma getdst_f: forall d l, In d (getdst l) -> (exists s , In (s, d) l ). +Proof. +induction l; simpl getdst. +simpl; (intros h; elim h). +intros; destruct a as [a1 a2]. +simpl in H |-. +elim H; [intros H0; (try clear H); (try exact H0) | intros H0; (try clear H)]. +subst a2. +exists a1; simpl; auto. +simpl. +elim IHl; [intros s H; (try clear IHl); (try exact H) | idtac]; auto. +exists s; [right; (try assumption)]. +Qed. + +Lemma incl_dst: forall l1 l2, incl l1 l2 -> incl (getdst l1) (getdst l2). +Proof. +intros. +unfold incl in H |-. +unfold incl. +intros a H0; (try assumption). +generalize (getdst_f a). +intros H1; elim H1 with ( l := l1 ); + [intros d H2; (try clear H1); (try exact H2) | idtac]; auto. +assert (In (d, a) l2). +apply H; auto. +elim (in_move__in_srcdst (d, a) l2); auto. +Qed. + +Lemma src_tmp2_res: + forall S1 x1 x2, + In + (x1, x2) + (StateToMove (Pmov S1) ++ (StateBeing (Pmov S1) ++ StateDone (Pmov S1))) -> + (In x1 temporaries2 \/ + In x1 (getsrc (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1)))) /\ + (In x2 temporaries2 \/ + In x2 (getdst (StateToMove S1 ++ (StateBeing S1 ++ StateDone S1)))). +Proof. +intros S1; elim S1 using (well_founded_ind (Wf_nat.well_founded_ltof _ mesure)). +clear S1; intros S1 Hrec. +destruct S1 as [[t b] d]; set (S1:=(t, b, d)). +unfold S1; rewrite Pmov_equation; intros. +destruct t. +destruct b. +apply srcdst_tmp2_stepf; auto. +elim Hrec with ( y := stepf S1 ) ( x1 := x1 ) ( x2 := x2 ); + [idtac | apply stepf1_dec; auto | auto]. +intros. +elim H1; [intros H2; (try clear H1); (try exact H2) | intros H2; (try clear H1)]. +elim H0; [intros H1; (try clear H0); (try exact H1) | intros H1; (try clear H0)]. +split; [left; (try assumption) | idtac]. +left; (try assumption). +elim (getsrc_f x1) with ( 1 := H1 ); intros x3 H3. +split; auto. +elim srcdst_tmp2_stepf with ( 1 := H3 ); auto. +elim H0; [intros H1; (try clear H0); (try exact H1) | intros H1; (try clear H0)]. +elim (getdst_f x2) with ( 1 := H2 ); intros x3 H3. +split; auto. +elim srcdst_tmp2_stepf with ( 1 := H3 ); auto. +elim (getsrc_f x1) with ( 1 := H1 ); intros x3 H3. +elim srcdst_tmp2_stepf with ( 1 := H3 ); auto. +clear H3. +elim (getdst_f x2) with ( 1 := H2 ); intros x4 H3. +elim srcdst_tmp2_stepf with ( 1 := H3 ); auto. +elim Hrec with ( y := stepf S1 ) ( x1 := x1 ) ( x2 := x2 ); + [idtac | apply stepf1_dec; auto | auto]. +intros. +elim H1; [intros H2; (try clear H1); (try exact H2) | intros H2; (try clear H1)]. +elim H0; [intros H1; (try clear H0); (try exact H1) | intros H1; (try clear H0)]. +split; [left; (try assumption) | idtac]. +left; (try assumption). +elim (getsrc_f x1) with ( 1 := H1 ); intros x3 H3. +split; auto. +elim srcdst_tmp2_stepf with ( 1 := H3 ); auto. +elim H0; [intros H1; (try clear H0); (try exact H1) | intros H1; (try clear H0)]. +elim (getdst_f x2) with ( 1 := H2 ); intros x3 H3. +split; auto. +elim srcdst_tmp2_stepf with ( 1 := H3 ); auto. +elim (getsrc_f x1) with ( 1 := H1 ); intros x3 H3. +elim srcdst_tmp2_stepf with ( 1 := H3 ); auto. +clear H3. +elim (getdst_f x2) with ( 1 := H2 ); intros x4 H3. +elim srcdst_tmp2_stepf with ( 1 := H3 ); auto. +Qed. + +Lemma wt_add_moves: + forall p b, + List.map Loc.type (getsrc p) = List.map Loc.type (getdst p) -> + locs_read_ok (getsrc p) -> + locs_write_ok (getdst p) -> + wt_block tf b -> + wt_block + tf + (fold_left + (fun (k0 : LTL.block) => + fun (p0 : loc * loc) => add_move (fst p0) (snd p0) k0) p b). +Proof. +induction p. +intros; simpl; auto. +intros; destruct a as [a1 a2]; simpl. +apply IHp; auto. +inversion H; auto. +simpl in H0 |-. +unfold locs_read_ok in H0 |-. +simpl in H0 |-. +unfold locs_read_ok; auto. +generalize H1; unfold locs_write_ok; simpl; auto. +apply wt_add_move; (try assumption). +simpl in H0 |-. +unfold locs_read_ok in H0 |-. +apply H0. +simpl; left; trivial. +unfold locs_write_ok in H1 |-; apply H1. +simpl; left; trivial. +inversion H; auto. +Qed. + +Lemma map_f_getsrc_getdst: + forall (b : Set) (f : Reg -> b) p, + map f (getsrc p) = map f (getdst p) -> + forall x1 x2, In (x1, x2) p -> f x1 = f x2. +Proof. +intros b f0 p; induction p; simpl; auto. +intros; contradiction. +destruct a. +simpl. +intros heq; injection heq. +intros h1 h2. +intros x1 x2 [H3|H3]. +injection H3. +intros; subst; auto. +apply IHp; auto. +Qed. + +Lemma wt_parallel_move': + forall p b, + List.map Loc.type (getsrc p) = List.map Loc.type (getdst p) -> + locs_read_ok (getsrc p) -> + locs_write_ok (getdst p) -> wt_block tf b -> wt_block tf (p_move p b). +Proof. +unfold p_move. +unfold P_move. +intros; apply wt_add_moves; auto. +rewrite getsrc_map; rewrite getdst_map. +rewrite list_map_compose. +rewrite list_map_compose. +apply list_map_exten. +generalize (move_types_res (p, nil, nil)); auto. +destruct x as [x1 x2]; simpl; intros; auto. +symmetry; apply H3. +simpl. +rewrite app_nil. +apply map_f_getsrc_getdst; auto. +in_tac. +unfold locs_read_ok. +intros l H3. +elim getsrc_f with ( 1 := H3 ); intros x3 H4. +elim (src_tmp2_res (p, nil, nil) l x3). +simpl. +rewrite app_nil. +intros [[H'|[H'|H']]|H'] _. +subst l; hnf; auto. +subst l; hnf; auto. +contradiction. +apply H0; auto. +in_tac. +intros l H3. +elim getdst_f with ( 1 := H3 ); intros x3 H4. +elim (src_tmp2_res (p, nil, nil) x3 l). +simpl. +rewrite app_nil. +intros _ [[H'|[H'|H']]|H']. +subst l; hnf; auto. +subst l; hnf; auto. +contradiction. +apply H1; auto. +in_tac. +Qed. + +Theorem wt_parallel_moveX: + forall srcs dsts b, + List.map Loc.type srcs = List.map Loc.type dsts -> + locs_read_ok srcs -> + locs_write_ok dsts -> wt_block tf b -> wt_block tf (parallel_move srcs dsts b). +Proof. +unfold parallel_move, parallel_move_order, P_move. +intros. +generalize (wt_parallel_move' (listsLoc2Moves srcs dsts)); intros H'. +unfold p_move, P_move in H' |-. +apply H'; auto. +elim (getdst_lists2moves srcs dsts); auto. +unfold Allocation.listsLoc2Moves, listsLoc2Moves. +intros heq1 heq2; rewrite heq1; rewrite heq2; auto. +repeat rewrite <- (list_length_map Loc.type). +rewrite H; auto. +elim (getdst_lists2moves srcs dsts); auto. +unfold Allocation.listsLoc2Moves, listsLoc2Moves. +intros heq1 heq2; rewrite heq1; auto. +repeat rewrite <- (list_length_map Loc.type). +rewrite H; auto. +elim (getdst_lists2moves srcs dsts); auto. +unfold Allocation.listsLoc2Moves, listsLoc2Moves. +intros heq1 heq2; rewrite heq2; auto. +repeat rewrite <- (list_length_map Loc.type). +rewrite H; auto. +Qed. + +End wt_move_correction. diff --git a/backend/CSE.v b/backend/CSE.v new file mode 100644 index 00000000..243f6dd7 --- /dev/null +++ b/backend/CSE.v @@ -0,0 +1,420 @@ +(** Common subexpression elimination over RTL. This optimization + proceeds by value numbering over extended basic blocks. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Registers. +Require Import RTL. +Require Import Kildall. + +(** * Value numbering *) + +(** The idea behind value numbering algorithms is to associate + abstract identifiers (``value numbers'') to the contents of registers + at various program points, and record equations between these + identifiers. For instance, consider the instruction + [r1 = add(r2, r3)] and assume that [r2] and [r3] are mapped + to abstract identifiers [x] and [y] respectively at the program + point just before this instruction. At the program point just after, + we can add the equation [z = add(x, y)] and associate [r1] with [z], + where [z] is a fresh abstract identifier. However, if we already + knew an equation [u = add(x, y)], we can preferably add no equation + and just associate [r1] with [u]. If there exists a register [r4] + mapped with [u] at this point, we can then replace the instruction + [r1 = add(r2, r3)] by a move instruction [r1 = r4], therefore eliminating + a common subexpression and reusing the result of an earlier addition. + + Abstract identifiers / value numbers are represented by positive integers. + Equations are of the form [valnum = rhs], where the right-hand sides + [rhs] are either arithmetic operations or memory loads. *) + +Definition valnum := positive. + +Inductive rhs : Set := + | Op: operation -> list valnum -> rhs + | Load: memory_chunk -> addressing -> list valnum -> rhs. + +Definition eq_valnum: forall (x y: valnum), {x=y}+{x<>y} := peq. + +Definition eq_list_valnum (x y: list valnum) : {x=y}+{x<>y}. +Proof. + induction x; intros; case y; intros. + left; auto. + right; congruence. + right; congruence. + case (eq_valnum a v); intros. + case (IHx l); intros. + left; congruence. + right; congruence. + right; congruence. +Qed. + +Definition eq_rhs (x y: rhs) : {x=y}+{x<>y}. +Proof. + generalize Int.eq_dec; intro. + generalize Float.eq_dec; intro. + assert (forall (x y: ident), {x=y}+{x<>y}). exact peq. + assert (forall (x y: comparison), {x=y}+{x<>y}). decide equality. + assert (forall (x y: condition), {x=y}+{x<>y}). decide equality. + assert (forall (x y: operation), {x=y}+{x<>y}). decide equality. + assert (forall (x y: memory_chunk), {x=y}+{x<>y}). decide equality. + assert (forall (x y: addressing), {x=y}+{x<>y}). decide equality. + generalize eq_valnum; intro. + generalize eq_list_valnum; intro. + decide equality. +Qed. + +(** A value numbering is a collection of equations between value numbers + plus a partial map from registers to value numbers. Additionally, + we maintain the next unused value number, so as to easily generate + fresh value numbers. *) + +Record numbering : Set := mknumbering { + num_next: valnum; + num_eqs: list (valnum * rhs); + num_reg: PTree.t valnum +}. + +Definition empty_numbering := + mknumbering 1%positive nil (PTree.empty valnum). + +(** [valnum_reg n r] returns the value number for the contents of + register [r]. If none exists, a fresh value number is returned + and associated with register [r]. The possibly updated numbering + is also returned. [valnum_regs] is similar, but for a list of + registers. *) + +Definition valnum_reg (n: numbering) (r: reg) : numbering * valnum := + match PTree.get r n.(num_reg) with + | Some v => (n, v) + | None => (mknumbering (Psucc n.(num_next)) + n.(num_eqs) + (PTree.set r n.(num_next) n.(num_reg)), + n.(num_next)) + end. + +Fixpoint valnum_regs (n: numbering) (rl: list reg) + {struct rl} : numbering * list valnum := + match rl with + | nil => + (n, nil) + | r1 :: rs => + let (n1, v1) := valnum_reg n r1 in + let (ns, vs) := valnum_regs n1 rs in + (ns, v1 :: vs) + end. + +(** [find_valnum_rhs rhs eqs] searches the list of equations [eqs] + for an equation of the form [vn = rhs] for some value number [vn]. + If found, [Some vn] is returned, otherwise [None] is returned. *) + +Fixpoint find_valnum_rhs (r: rhs) (eqs: list (valnum * rhs)) + {struct eqs} : option valnum := + match eqs with + | nil => None + | (v, r') :: eqs1 => + if eq_rhs r r' then Some v else find_valnum_rhs r eqs1 + end. + +(** [add_rhs n rd rhs] updates the value numbering [n] to reflect + the computation of the operation or load represented by [rhs] + and the storing of the result in register [rd]. If an equation + [vn = rhs] is known, register [rd] is set to [vn]. Otherwise, + a fresh value number [vn] is generated and associated with [rd], + and the equation [vn = rhs] is added. *) + +Definition add_rhs (n: numbering) (rd: reg) (rh: rhs) : numbering := + match find_valnum_rhs rh n.(num_eqs) with + | Some vres => + mknumbering n.(num_next) n.(num_eqs) + (PTree.set rd vres n.(num_reg)) + | None => + mknumbering (Psucc n.(num_next)) + ((n.(num_next), rh) :: n.(num_eqs)) + (PTree.set rd n.(num_next) n.(num_reg)) + end. + +(** [add_op n rd op rs] specializes [add_rhs] for the case of an + arithmetic operation. The right-hand side corresponding to [op] + and the value numbers for the argument registers [rs] is built + and added to [n] as described in [add_rhs]. + + If [op] is a move instruction, we simply assign the value number of + the source register to the destination register, since we know that + the source and destination registers have exactly the same value. + This enables more common subexpressions to be recognized. For instance: +<< + z = add(x, y); u = x; v = add(u, y); +>> + Since [u] and [x] have the same value number, the second [add] + is recognized as computing the same result as the first [add], + and therefore [u] and [z] have the same value number. *) + +Definition add_op (n: numbering) (rd: reg) (op: operation) (rs: list reg) := + match is_move_operation op rs with + | Some r => + let (n1, v) := valnum_reg n r in + mknumbering n1.(num_next) n1.(num_eqs) (PTree.set rd v n1.(num_reg)) + | None => + let (n1, vs) := valnum_regs n rs in + add_rhs n1 rd (Op op vs) + end. + +(** [add_load n rd chunk addr rs] specializes [add_rhs] for the case of a + memory load. The right-hand side corresponding to [chunk], [addr] + and the value numbers for the argument registers [rs] is built + and added to [n] as described in [add_rhs]. *) + +Definition add_load (n: numbering) (rd: reg) + (chunk: memory_chunk) (addr: addressing) + (rs: list reg) := + let (n1, vs) := valnum_regs n rs in + add_rhs n1 rd (Load chunk addr vs). + +(** [kill_load n] removes all equations involving memory loads. + It is used to reflect the effect of a memory store, which can + potentially invalidate all such equations. *) + +Fixpoint kill_load_eqs (eqs: list (valnum * rhs)) : list (valnum * rhs) := + match eqs with + | nil => nil + | (_, Load _ _ _) :: rem => kill_load_eqs rem + | v_rh :: rem => v_rh :: kill_load_eqs rem + end. + +Definition kill_loads (n: numbering) : numbering := + mknumbering n.(num_next) + (kill_load_eqs n.(num_eqs)) + n.(num_reg). + +(* [reg_valnum n vn] returns a register that is mapped to value number + [vn], or [None] if no such register exists. *) + +Definition reg_valnum (n: numbering) (vn: valnum) : option reg := + PTree.fold + (fun (res: option reg) (r: reg) (v: valnum) => + if peq v vn then Some r else res) + n.(num_reg) None. + +(* [find_rhs] and its specializations [find_op] and [find_load] + return a register that already holds the result of the given arithmetic + operation or memory load, according to the given numbering. + [None] is returned if no such register exists. *) + +Definition find_rhs (n: numbering) (rh: rhs) : option reg := + match find_valnum_rhs rh n.(num_eqs) with + | None => None + | Some vres => reg_valnum n vres + end. + +Definition find_op + (n: numbering) (op: operation) (rs: list reg) : option reg := + let (n1, vl) := valnum_regs n rs in + find_rhs n1 (Op op vl). + +Definition find_load + (n: numbering) (chunk: memory_chunk) (addr: addressing) (rs: list reg) : option reg := + let (n1, vl) := valnum_regs n rs in + find_rhs n1 (Load chunk addr vl). + +(** * The static analysis *) + +(** We now define a notion of satisfiability of a numbering. This semantic + notion plays a central role in the correctness proof (see [CSEproof]), + but is defined here because we need it to define the ordering over + numberings used in the static analysis. + + A numbering is satisfiable in a given register environment and memory + state if there exists a valuation, mapping value numbers to actual values, + that validates both the equations and the association of registers + to value numbers. *) + +Definition equation_holds + (valuation: valnum -> val) + (ge: genv) (sp: val) (m: mem) + (vres: valnum) (rh: rhs) : Prop := + match rh with + | Op op vl => + eval_operation ge sp op (List.map valuation vl) = + Some (valuation vres) + | Load chunk addr vl => + exists a, + eval_addressing ge sp addr (List.map valuation vl) = Some a /\ + loadv chunk m a = Some (valuation vres) + end. + +Definition numbering_holds + (valuation: valnum -> val) + (ge: genv) (sp: val) (rs: regset) (m: mem) (n: numbering) : Prop := + (forall vn rh, + In (vn, rh) n.(num_eqs) -> + equation_holds valuation ge sp m vn rh) + /\ (forall r vn, + PTree.get r n.(num_reg) = Some vn -> rs#r = valuation vn). + +Definition numbering_satisfiable + (ge: genv) (sp: val) (rs: regset) (m: mem) (n: numbering) : Prop := + exists valuation, numbering_holds valuation ge sp rs m n. + +Lemma empty_numbering_satisfiable: + forall ge sp rs m, numbering_satisfiable ge sp rs m empty_numbering. +Proof. + intros; red. + exists (fun (vn: valnum) => Vundef). split; simpl; intros. + elim H. + rewrite PTree.gempty in H. discriminate. +Qed. + +(** We now equip the type [numbering] with a partial order and a greatest + element. The partial order is based on entailment: [n1] is greater + than [n2] if [n1] is satisfiable whenever [n2] is. The greatest element + is, of course, the empty numbering (no equations). *) + +Module Numbering. + Definition t := numbering. + Definition ge (n1 n2: numbering) : Prop := + forall ge sp rs m, + numbering_satisfiable ge sp rs m n2 -> + numbering_satisfiable ge sp rs m n1. + Definition top := empty_numbering. + Lemma top_ge: forall x, ge top x. + Proof. + intros; red; intros. unfold top. apply empty_numbering_satisfiable. + Qed. + Lemma refl_ge: forall x, ge x x. + Proof. + intros; red; auto. + Qed. +End Numbering. + +(** We reuse the solver for forward dataflow inequations based on + propagation over extended basic blocks defined in library [Kildall]. *) + +Module Solver := BBlock_solver(Numbering). + +(** The transfer function for the dataflow analysis returns the numbering + ``after'' execution of the instruction at [pc], as a function of the + numbering ``before''. For [Iop] and [Iload] instructions, we add + equations or reuse existing value numbers as described for + [add_op] and [add_load]. For [Istore] instructions, we forget + all equations involving memory loads. For [Icall] instructions, + we could simply associate a fresh, unconstrained by equations value number + to the result register. However, it is often undesirable to eliminate + common subexpressions across a function call (there is a risk of + increasing too much the register pressure across the call), so we + just forget all equations and start afresh with an empty numbering. + Finally, the remaining instructions modify neither registers nor + the memory, so we keep the numbering unchanged. *) + +Definition transfer (f: function) (pc: node) (before: numbering) := + match f.(fn_code)!pc with + | None => before + | Some i => + match i with + | Inop s => + before + | Iop op args res s => + add_op before res op args + | Iload chunk addr args dst s => + add_load before dst chunk addr args + | Istore chunk addr args src s => + kill_loads before + | Icall sig ros args res s => + empty_numbering + | Icond cond args ifso ifnot => + before + | Ireturn optarg => + before + end + end. + +(** The static analysis solves the dataflow inequations implied + by the [transfer] function using the ``extended basic block'' solver, + which produces sub-optimal solutions quickly. The result is + a mapping from program points to numberings. In the unlikely + case where the solver fails to find a solution, we simply associate + empty numberings to all program points, which is semantically correct + and effectively deactivates the CSE optimization. *) + +Definition analyze (f: RTL.function): PMap.t numbering := + match Solver.fixpoint (successors f) f.(fn_nextpc) + (transfer f) f.(fn_entrypoint) with + | None => PMap.init empty_numbering + | Some res => res + end. + +(** * Code transformation *) + +(** Some operations are so cheap to compute that it is generally not + worth reusing their results. These operations are detected by the + function below. *) + +Definition is_trivial_op (op: operation) : bool := + match op with + | Omove => true + | Ointconst _ => true + | Oaddrsymbol _ _ => true + | Oaddrstack _ => true + | Oundef => true + | _ => false + end. + +(** The code transformation is performed instruction by instruction. + [Iload] instructions and non-trivial [Iop] instructions are turned + into move instructions if their result is already available in a + register, as indicated by the numbering inferred at that program point. *) + +Definition transf_instr (n: numbering) (instr: instruction) := + match instr with + | Iop op args res s => + if is_trivial_op op then instr else + match find_op n op args with + | None => instr + | Some r => Iop Omove (r :: nil) res s + end + | Iload chunk addr args dst s => + match find_load n chunk addr args with + | None => instr + | Some r => Iop Omove (r :: nil) dst s + end + | _ => + instr + end. + +Definition transf_code (approxs: PMap.t numbering) (instrs: code) : code := + PTree.map (fun pc instr => transf_instr approxs!!pc instr) instrs. + +Lemma transf_code_wf: + forall f approxs, + (forall pc, Plt pc f.(fn_nextpc) \/ f.(fn_code)!pc = None) -> + (forall pc, Plt pc f.(fn_nextpc) + \/ (transf_code approxs f.(fn_code))!pc = None). +Proof. + intros. + elim (H pc); intro. + left; auto. + right. unfold transf_code. rewrite PTree.gmap. + unfold option_map; rewrite H0. reflexivity. +Qed. + +Definition transf_function (f: function) : function := + let approxs := analyze f in + mkfunction + f.(fn_sig) + f.(fn_params) + f.(fn_stacksize) + (transf_code approxs f.(fn_code)) + f.(fn_entrypoint) + f.(fn_nextpc) + (transf_code_wf f approxs f.(fn_code_wf)). + +Definition transf_program (p: program) : program := + transform_program transf_function p. + diff --git a/backend/CSEproof.v b/backend/CSEproof.v new file mode 100644 index 00000000..db8a973b --- /dev/null +++ b/backend/CSEproof.v @@ -0,0 +1,845 @@ +(** Correctness proof for common subexpression elimination. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Registers. +Require Import RTL. +Require Import Kildall. +Require Import CSE. + +(** * Semantic properties of value numberings *) + +(** ** Well-formedness of numberings *) + +(** A numbering is well-formed if all registers mentioned in equations + are less than the ``next'' register number given in the numbering. + This guarantees that the next register is fresh with respect to + the equations. *) + +Definition wf_rhs (next: valnum) (rh: rhs) : Prop := + match rh with + | Op op vl => forall v, In v vl -> Plt v next + | Load chunk addr vl => forall v, In v vl -> Plt v next + end. + +Definition wf_equation (next: valnum) (vr: valnum) (rh: rhs) : Prop := + Plt vr next /\ wf_rhs next rh. + +Definition wf_numbering (n: numbering) : Prop := + (forall v rh, + In (v, rh) n.(num_eqs) -> wf_equation n.(num_next) v rh) +/\ + (forall r v, + PTree.get r n.(num_reg) = Some v -> Plt v n.(num_next)). + +Lemma wf_empty_numbering: + wf_numbering empty_numbering. +Proof. + unfold empty_numbering; split; simpl; intros. + elim H. + rewrite PTree.gempty in H. congruence. +Qed. + +Lemma wf_rhs_increasing: + forall next1 next2 rh, + Ple next1 next2 -> + wf_rhs next1 rh -> wf_rhs next2 rh. +Proof. + intros; destruct rh; simpl; intros; apply Plt_Ple_trans with next1; auto. +Qed. + +Lemma wf_equation_increasing: + forall next1 next2 vr rh, + Ple next1 next2 -> + wf_equation next1 vr rh -> wf_equation next2 vr rh. +Proof. + intros. elim H0; intros. split. + apply Plt_Ple_trans with next1; auto. + apply wf_rhs_increasing with next1; auto. +Qed. + +(** We now show that all operations over numberings + preserve well-formedness. *) + +Lemma wf_valnum_reg: + forall n r n' v, + wf_numbering n -> + valnum_reg n r = (n', v) -> + wf_numbering n' /\ Plt v n'.(num_next) /\ Ple n.(num_next) n'.(num_next). +Proof. + intros until v. intros WF. inversion WF. + generalize (H0 r v). + unfold valnum_reg. destruct ((num_reg n)!r). + intros. replace n' with n. split. auto. + split. apply H1. congruence. + apply Ple_refl. + congruence. + intros. inversion H2. simpl. split. + split; simpl; intros. + apply wf_equation_increasing with (num_next n). apply Ple_succ. auto. + rewrite PTree.gsspec in H3. destruct (peq r0 r). + replace v0 with (num_next n). apply Plt_succ. congruence. + apply Plt_trans_succ; eauto. + split. apply Plt_succ. apply Ple_succ. +Qed. + +Lemma wf_valnum_regs: + forall rl n n' vl, + wf_numbering n -> + valnum_regs n rl = (n', vl) -> + wf_numbering n' /\ + (forall v, In v vl -> Plt v n'.(num_next)) /\ + Ple n.(num_next) n'.(num_next). +Proof. + induction rl; intros. + simpl in H0. inversion H0. subst n'; subst vl. + simpl. intuition. + simpl in H0. + caseEq (valnum_reg n a). intros n1 v1 EQ1. + caseEq (valnum_regs n1 rl). intros ns vs EQS. + rewrite EQ1 in H0; rewrite EQS in H0; simpl in H0. + inversion H0. subst n'; subst vl. + generalize (wf_valnum_reg _ _ _ _ H EQ1); intros [A1 [B1 C1]]. + generalize (IHrl _ _ _ A1 EQS); intros [As [Bs Cs]]. + split. auto. + split. simpl; intros. elim H1; intro. + subst v. eapply Plt_Ple_trans; eauto. + auto. + eapply Ple_trans; eauto. +Qed. + +Lemma find_valnum_rhs_correct: + forall rh vn eqs, + find_valnum_rhs rh eqs = Some vn -> In (vn, rh) eqs. +Proof. + induction eqs; simpl. + congruence. + case a; intros v r'. case (eq_rhs rh r'); intro. + intro. left. congruence. + intro. right. auto. +Qed. + +Lemma wf_add_rhs: + forall n rd rh, + wf_numbering n -> + wf_rhs n.(num_next) rh -> + wf_numbering (add_rhs n rd rh). +Proof. + intros. inversion H. unfold add_rhs. + caseEq (find_valnum_rhs rh n.(num_eqs)); intros. + split; simpl. assumption. + intros r v0. rewrite PTree.gsspec. case (peq r rd); intros. + inversion H4. subst v0. + elim (H1 v rh (find_valnum_rhs_correct _ _ _ H3)). auto. + eauto. + split; simpl. + intros v rh0 [A1|A2]. inversion A1. subst rh0. + split. apply Plt_succ. apply wf_rhs_increasing with n.(num_next). + apply Ple_succ. auto. + apply wf_equation_increasing with n.(num_next). apply Ple_succ. auto. + intros r v. rewrite PTree.gsspec. case (peq r rd); intro. + intro. inversion H4. apply Plt_succ. + intro. apply Plt_trans_succ. eauto. +Qed. + +Lemma wf_add_op: + forall n rd op rs, + wf_numbering n -> + wf_numbering (add_op n rd op rs). +Proof. + intros. unfold add_op. + case (is_move_operation op rs). + intro r. caseEq (valnum_reg n r); intros n' v EQ. + destruct (wf_valnum_reg _ _ _ _ H EQ) as [[A1 A2] [B C]]. + split; simpl. assumption. intros until v0. rewrite PTree.gsspec. + case (peq r0 rd); intros. replace v0 with v. auto. congruence. + eauto. + caseEq (valnum_regs n rs). intros n' vl EQ. + generalize (wf_valnum_regs _ _ _ _ H EQ). intros [A [B C]]. + apply wf_add_rhs; auto. +Qed. + +Lemma wf_add_load: + forall n rd chunk addr rs, + wf_numbering n -> + wf_numbering (add_load n rd chunk addr rs). +Proof. + intros. unfold add_load. + caseEq (valnum_regs n rs). intros n' vl EQ. + generalize (wf_valnum_regs _ _ _ _ H EQ). intros [A [B C]]. + apply wf_add_rhs; auto. +Qed. + +Lemma kill_load_eqs_incl: + forall eqs, List.incl (kill_load_eqs eqs) eqs. +Proof. + induction eqs; simpl; intros. + apply incl_refl. + destruct a. destruct r. apply incl_same_head; auto. + auto. + apply incl_tl. auto. +Qed. + +Lemma wf_kill_loads: + forall n, wf_numbering n -> wf_numbering (kill_loads n). +Proof. + intros. inversion H. unfold kill_loads; split; simpl; intros. + apply H0. apply kill_load_eqs_incl. auto. + eauto. +Qed. + +Lemma wf_transfer: + forall f pc n, wf_numbering n -> wf_numbering (transfer f pc n). +Proof. + intros. unfold transfer. + destruct (f.(fn_code)!pc); auto. + destruct i; auto. + apply wf_add_op; auto. + apply wf_add_load; auto. + apply wf_kill_loads; auto. + apply wf_empty_numbering. +Qed. + +(** As a consequence, the numberings computed by the static analysis + are well formed. *) + +Theorem wf_analyze: + forall f pc, wf_numbering (analyze f)!!pc. +Proof. + unfold analyze; intros. + caseEq (Solver.fixpoint (successors f) (fn_nextpc f) + (transfer f) (fn_entrypoint f)). + intros approx EQ. + eapply Solver.fixpoint_invariant with (P := wf_numbering); eauto. + exact wf_empty_numbering. + exact (wf_transfer f). + intro. rewrite PMap.gi. apply wf_empty_numbering. +Qed. + +(** ** Properties of satisfiability of numberings *) + +Module ValnumEq. + Definition t := valnum. + Definition eq := peq. +End ValnumEq. + +Module VMap := EMap(ValnumEq). + +Section SATISFIABILITY. + +Variable ge: genv. +Variable sp: val. +Variable m: mem. + +(** Agremment between two mappings from value numbers to values + up to a given value number. *) + +Definition valu_agree (valu1 valu2: valnum -> val) (upto: valnum) : Prop := + forall v, Plt v upto -> valu2 v = valu1 v. + +Lemma valu_agree_refl: + forall valu upto, valu_agree valu valu upto. +Proof. + intros; red; auto. +Qed. + +Lemma valu_agree_trans: + forall valu1 valu2 valu3 upto12 upto23, + valu_agree valu1 valu2 upto12 -> + valu_agree valu2 valu3 upto23 -> + Ple upto12 upto23 -> + valu_agree valu1 valu3 upto12. +Proof. + intros; red; intros. transitivity (valu2 v). + apply H0. apply Plt_Ple_trans with upto12; auto. + apply H; auto. +Qed. + +Lemma valu_agree_list: + forall valu1 valu2 upto vl, + valu_agree valu1 valu2 upto -> + (forall v, In v vl -> Plt v upto) -> + map valu2 vl = map valu1 vl. +Proof. + intros. apply list_map_exten. intros. symmetry. apply H. auto. +Qed. + +(** The [numbering_holds] predicate (defined in file [CSE]) is + extensional with respect to [valu_agree]. *) + +Lemma numbering_holds_exten: + forall valu1 valu2 n rs, + valu_agree valu1 valu2 n.(num_next) -> + wf_numbering n -> + numbering_holds valu1 ge sp rs m n -> + numbering_holds valu2 ge sp rs m n. +Proof. + intros. inversion H0. inversion H1. split; intros. + generalize (H2 _ _ H6). intro WFEQ. + generalize (H4 _ _ H6). + unfold equation_holds; destruct rh. + elim WFEQ; intros. + rewrite (valu_agree_list valu1 valu2 n.(num_next)). + rewrite H. auto. auto. auto. exact H8. + elim WFEQ; intros. + rewrite (valu_agree_list valu1 valu2 n.(num_next)). + rewrite H. auto. auto. auto. exact H8. + rewrite H. auto. eauto. +Qed. + +(** [valnum_reg] and [valnum_regs] preserve the [numbering_holds] predicate. + Moreover, it is always the case that the returned value number has + the value of the given register in the final assignment of values to + value numbers. *) + +Lemma valnum_reg_holds: + forall valu1 rs n r n' v, + wf_numbering n -> + numbering_holds valu1 ge sp rs m n -> + valnum_reg n r = (n', v) -> + exists valu2, + numbering_holds valu2 ge sp rs m n' /\ + valu2 v = rs#r /\ + valu_agree valu1 valu2 n.(num_next). +Proof. + intros until v. unfold valnum_reg. + caseEq (n.(num_reg)!r). + (* Register already has a value number *) + intros. inversion H2. subst n'; subst v0. + inversion H1. + exists valu1. split. auto. + split. symmetry. auto. + apply valu_agree_refl. + (* Register gets a fresh value number *) + intros. inversion H2. subst n'. subst v. inversion H1. + set (valu2 := VMap.set n.(num_next) rs#r valu1). + assert (AG: valu_agree valu1 valu2 n.(num_next)). + red; intros. unfold valu2. apply VMap.gso. + auto with coqlib. + elim (numbering_holds_exten _ _ _ _ AG H0 H1); intros. + exists valu2. + split. split; simpl; intros. auto. + unfold valu2, VMap.set, ValnumEq.eq. + rewrite PTree.gsspec in H7. destruct (peq r0 r). + inversion H7. rewrite peq_true. congruence. + case (peq vn (num_next n)); intro. + inversion H0. generalize (H9 _ _ H7). rewrite e. intro. + elim (Plt_strict _ H10). + auto. + split. unfold valu2. apply VMap.gss. + auto. +Qed. + +Lemma valnum_regs_holds: + forall rs rl valu1 n n' vl, + wf_numbering n -> + numbering_holds valu1 ge sp rs m n -> + valnum_regs n rl = (n', vl) -> + exists valu2, + numbering_holds valu2 ge sp rs m n' /\ + List.map valu2 vl = rs##rl /\ + valu_agree valu1 valu2 n.(num_next). +Proof. + induction rl; simpl; intros. + (* base case *) + inversion H1; subst n'; subst vl. + exists valu1. split. auto. split. reflexivity. apply valu_agree_refl. + (* inductive case *) + caseEq (valnum_reg n a); intros n1 v1 EQ1. + caseEq (valnum_regs n1 rl); intros ns vs EQs. + rewrite EQ1 in H1; rewrite EQs in H1. inversion H1. subst vl; subst n'. + generalize (valnum_reg_holds _ _ _ _ _ _ H H0 EQ1). + intros [valu2 [A [B C]]]. + generalize (wf_valnum_reg _ _ _ _ H EQ1). intros [D [E F]]. + generalize (IHrl _ _ _ _ D A EQs). + intros [valu3 [P [Q R]]]. + exists valu3. + split. auto. + split. simpl. rewrite R. congruence. auto. + eapply valu_agree_trans; eauto. +Qed. + +(** A reformulation of the [equation_holds] predicate in terms + of the value to which a right-hand side of an equation evaluates. *) + +Definition rhs_evals_to + (valu: valnum -> val) (rh: rhs) (v: val) : Prop := + match rh with + | Op op vl => + eval_operation ge sp op (List.map valu vl) = Some v + | Load chunk addr vl => + exists a, + eval_addressing ge sp addr (List.map valu vl) = Some a /\ + loadv chunk m a = Some v + end. + +Lemma equation_evals_to_holds_1: + forall valu rh v vres, + rhs_evals_to valu rh v -> + equation_holds valu ge sp m vres rh -> + valu vres = v. +Proof. + intros until vres. unfold rhs_evals_to, equation_holds. + destruct rh. congruence. + intros [a1 [A1 B1]] [a2 [A2 B2]]. congruence. +Qed. + +Lemma equation_evals_to_holds_2: + forall valu rh v vres, + wf_rhs vres rh -> + rhs_evals_to valu rh v -> + equation_holds (VMap.set vres v valu) ge sp m vres rh. +Proof. + intros until vres. unfold wf_rhs, rhs_evals_to, equation_holds. + rewrite VMap.gss. + assert (forall vl: list valnum, + (forall v, In v vl -> Plt v vres) -> + map (VMap.set vres v valu) vl = map valu vl). + intros. apply list_map_exten. intros. + symmetry. apply VMap.gso. apply Plt_ne. auto. + destruct rh; intros; rewrite H; auto. +Qed. + +(** The numbering obtained by adding an equation [rd = rhs] is satisfiable + in a concrete register set where [rd] is set to the value of [rhs]. *) + +Lemma add_rhs_satisfiable: + forall n rh valu1 rs rd v, + wf_numbering n -> + wf_rhs n.(num_next) rh -> + numbering_holds valu1 ge sp rs m n -> + rhs_evals_to valu1 rh v -> + numbering_satisfiable ge sp (rs#rd <- v) m (add_rhs n rd rh). +Proof. + intros. unfold add_rhs. + caseEq (find_valnum_rhs rh n.(num_eqs)). + (* RHS found *) + intros vres FINDVN. inversion H1. + exists valu1. split; simpl; intros. + auto. + rewrite Regmap.gsspec. + rewrite PTree.gsspec in H5. + destruct (peq r rd). + symmetry. eapply equation_evals_to_holds_1; eauto. + apply H3. apply find_valnum_rhs_correct. congruence. + auto. + (* RHS not found *) + intro FINDVN. + set (valu2 := VMap.set n.(num_next) v valu1). + assert (AG: valu_agree valu1 valu2 n.(num_next)). + red; intros. unfold valu2. apply VMap.gso. + auto with coqlib. + elim (numbering_holds_exten _ _ _ _ AG H H1); intros. + exists valu2. split; simpl; intros. + elim H5; intro. + inversion H6; subst vn; subst rh0. + unfold valu2. eapply equation_evals_to_holds_2; eauto. + auto. + rewrite Regmap.gsspec. rewrite PTree.gsspec in H5. destruct (peq r rd). + unfold valu2. inversion H5. symmetry. apply VMap.gss. + auto. +Qed. + +(** [add_op] returns a numbering that is satisfiable in the register + set after execution of the corresponding [Iop] instruction. *) + +Lemma add_op_satisfiable: + forall n rs op args dst v, + wf_numbering n -> + numbering_satisfiable ge sp rs m n -> + eval_operation ge sp op rs##args = Some v -> + numbering_satisfiable ge sp (rs#dst <- v) m (add_op n dst op args). +Proof. + intros. inversion H0. + unfold add_op. + caseEq (@is_move_operation reg op args). + intros arg EQ. + destruct (is_move_operation_correct _ _ EQ) as [A B]. subst op args. + caseEq (valnum_reg n arg). intros n1 v1 VL. + generalize (valnum_reg_holds _ _ _ _ _ _ H H2 VL). intros [valu2 [A [B C]]]. + generalize (wf_valnum_reg _ _ _ _ H VL). intros [D [E F]]. + elim A; intros. exists valu2; split; simpl; intros. + auto. rewrite Regmap.gsspec. rewrite PTree.gsspec in H5. + destruct (peq r dst). simpl in H1. congruence. auto. + intro NEQ. caseEq (valnum_regs n args). intros n1 vl VRL. + generalize (valnum_regs_holds _ _ _ _ _ _ H H2 VRL). intros [valu2 [A [B C]]]. + generalize (wf_valnum_regs _ _ _ _ H VRL). intros [D [E F]]. + apply add_rhs_satisfiable with valu2; auto. + simpl. congruence. +Qed. + +(** [add_load] returns a numbering that is satisfiable in the register + set after execution of the corresponding [Iload] instruction. *) + +Lemma add_load_satisfiable: + forall n rs chunk addr args dst a v, + wf_numbering n -> + numbering_satisfiable ge sp rs m n -> + eval_addressing ge sp addr rs##args = Some a -> + loadv chunk m a = Some v -> + numbering_satisfiable ge sp + (rs#dst <- v) + m (add_load n dst chunk addr args). +Proof. + intros. inversion H0. + unfold add_load. + caseEq (valnum_regs n args). intros n1 vl VRL. + generalize (valnum_regs_holds _ _ _ _ _ _ H H3 VRL). intros [valu2 [A [B C]]]. + generalize (wf_valnum_regs _ _ _ _ H VRL). intros [D [E F]]. + apply add_rhs_satisfiable with valu2; auto. + simpl. exists a; split; congruence. +Qed. + +(** [kill_load] preserves satisfiability. Moreover, the resulting numbering + is satisfiable in any concrete memory state. *) + +Lemma kill_load_eqs_ops: + forall v rhs eqs, + In (v, rhs) (kill_load_eqs eqs) -> + match rhs with Op _ _ => True | Load _ _ _ => False end. +Proof. + induction eqs; simpl; intros. + elim H. + destruct a. destruct r. + elim H; intros. inversion H0; subst v0; subst rhs. auto. + apply IHeqs. auto. + apply IHeqs. auto. +Qed. + +Lemma kill_load_satisfiable: + forall n rs m', + numbering_satisfiable ge sp rs m n -> + numbering_satisfiable ge sp rs m' (kill_loads n). +Proof. + intros. inversion H. inversion H0. + generalize (kill_load_eqs_incl n.(num_eqs)). intro. + exists x. split; intros. + generalize (H1 _ _ (H3 _ H4)). + generalize (kill_load_eqs_ops _ _ _ H4). + destruct rh; simpl. auto. tauto. + apply H2. assumption. +Qed. + +(** Correctness of [reg_valnum]: if it returns a register [r], + that register correctly maps back to the given value number. *) + +Lemma reg_valnum_correct: + forall n v r, reg_valnum n v = Some r -> n.(num_reg)!r = Some v. +Proof. + intros until r. unfold reg_valnum. rewrite PTree.fold_spec. + assert(forall l acc0, + List.fold_left + (fun (acc: option reg) (p: reg * valnum) => + if peq (snd p) v then Some (fst p) else acc) + l acc0 = Some r -> + In (r, v) l \/ acc0 = Some r). + induction l; simpl. + intros. tauto. + case a; simpl; intros r1 v1 acc0 FL. + generalize (IHl _ FL). + case (peq v1 v); intro. + subst v1. intros [A|B]. tauto. inversion B; subst r1. tauto. + tauto. + intro. elim (H _ _ H0); intro. + apply PTree.elements_complete; auto. + discriminate. +Qed. + +(** Correctness of [find_op] and [find_load]: if successful and in a + satisfiable numbering, the returned register does contain the + result value of the operation or memory load. *) + +Lemma find_rhs_correct: + forall valu rs n rh r, + numbering_holds valu ge sp rs m n -> + find_rhs n rh = Some r -> + rhs_evals_to valu rh rs#r. +Proof. + intros until r. intros NH. + unfold find_rhs. + caseEq (find_valnum_rhs rh n.(num_eqs)); intros. + generalize (find_valnum_rhs_correct _ _ _ H); intro. + generalize (reg_valnum_correct _ _ _ H0); intro. + inversion NH. + generalize (H3 _ _ H1). rewrite (H4 _ _ H2). + destruct rh; simpl; auto. + discriminate. +Qed. + +Lemma find_op_correct: + forall rs n op args r, + wf_numbering n -> + numbering_satisfiable ge sp rs m n -> + find_op n op args = Some r -> + eval_operation ge sp op rs##args = Some rs#r. +Proof. + intros until r. intros WF [valu NH]. + unfold find_op. caseEq (valnum_regs n args). intros n' vl VR FIND. + generalize (valnum_regs_holds _ _ _ _ _ _ WF NH VR). + intros [valu2 [NH2 [EQ AG]]]. + rewrite <- EQ. + change (rhs_evals_to valu2 (Op op vl) rs#r). + eapply find_rhs_correct; eauto. +Qed. + +Lemma find_load_correct: + forall rs n chunk addr args r, + wf_numbering n -> + numbering_satisfiable ge sp rs m n -> + find_load n chunk addr args = Some r -> + exists a, + eval_addressing ge sp addr rs##args = Some a /\ + loadv chunk m a = Some rs#r. +Proof. + intros until r. intros WF [valu NH]. + unfold find_load. caseEq (valnum_regs n args). intros n' vl VR FIND. + generalize (valnum_regs_holds _ _ _ _ _ _ WF NH VR). + intros [valu2 [NH2 [EQ AG]]]. + rewrite <- EQ. + change (rhs_evals_to valu2 (Load chunk addr vl) rs#r). + eapply find_rhs_correct; eauto. +Qed. + +End SATISFIABILITY. + +(** The transfer function preserves satisfiability of numberings. *) + +Lemma transfer_correct: + forall ge c sp pc rs m pc' rs' m' f n, + exec_instr ge c sp pc rs m pc' rs' m' -> + c = f.(fn_code) -> + wf_numbering n -> + numbering_satisfiable ge sp rs m n -> + numbering_satisfiable ge sp rs' m' (transfer f pc n). +Proof. + induction 1; intros; subst c; unfold transfer; rewrite H; auto. + (* Iop *) + eapply add_op_satisfiable; eauto. + (* Iload *) + eapply add_load_satisfiable; eauto. + (* Istore *) + eapply kill_load_satisfiable; eauto. + (* Icall *) + apply empty_numbering_satisfiable. +Qed. + +(** The numberings associated to each instruction by the static analysis + are inductively satisfiable, in the following sense: the numbering + at the function entry point is satisfiable, and for any RTL execution + from [pc] to [pc'], satisfiability at [pc] implies + satisfiability at [pc']. *) + +Theorem analysis_correct_1: + forall ge c sp pc rs m pc' rs' m' f, + exec_instr ge c sp pc rs m pc' rs' m' -> + c = f.(fn_code) -> + numbering_satisfiable ge sp rs m (analyze f)!!pc -> + numbering_satisfiable ge sp rs' m' (analyze f)!!pc'. +Proof. + intros until f. intros EXEC CODE. + generalize (wf_analyze f pc). + unfold analyze. + caseEq (Solver.fixpoint (successors f) (fn_nextpc f) + (transfer f) (fn_entrypoint f)). + intros res FIXPOINT WF NS. + assert (numbering_satisfiable ge sp rs' m' (transfer f pc res!!pc)). + eapply transfer_correct; eauto. + assert (Numbering.ge res!!pc' (transfer f pc res!!pc)). + eapply Solver.fixpoint_solution; eauto. + elim (fn_code_wf f pc); intro. auto. + rewrite <- CODE in H0. + elim (exec_instr_present _ _ _ _ _ _ _ _ _ EXEC H0). + rewrite CODE in EXEC. eapply successors_correct; eauto. + apply H0. auto. + intros. rewrite PMap.gi. apply empty_numbering_satisfiable. +Qed. + +Theorem analysis_correct_N: + forall ge c sp pc rs m pc' rs' m' f, + exec_instrs ge c sp pc rs m pc' rs' m' -> + c = f.(fn_code) -> + numbering_satisfiable ge sp rs m (analyze f)!!pc -> + numbering_satisfiable ge sp rs' m' (analyze f)!!pc'. +Proof. + induction 1; intros. + assumption. + eapply analysis_correct_1; eauto. + eauto. +Qed. + +Theorem analysis_correct_entry: + forall ge sp rs m f, + numbering_satisfiable ge sp rs m (analyze f)!!(f.(fn_entrypoint)). +Proof. + intros. + replace ((analyze f)!!(f.(fn_entrypoint))) + with empty_numbering. + apply empty_numbering_satisfiable. + unfold analyze. + caseEq (Solver.fixpoint (successors f) (fn_nextpc f) + (transfer f) (fn_entrypoint f)). + intros res FIXPOINT. + symmetry. change empty_numbering with Solver.L.top. + eapply Solver.fixpoint_entry; eauto. + intros. symmetry. apply PMap.gi. +Qed. + +(** * Semantic preservation *) + +Section PRESERVATION. + +Variable prog: program. +Let tprog := transf_program prog. +Let ge := Genv.globalenv prog. +Let tge := Genv.globalenv tprog. + +Lemma symbols_preserved: + forall (s: ident), Genv.find_symbol tge s = Genv.find_symbol ge s. +Proof (Genv.find_symbol_transf transf_function prog). + +Lemma functions_translated: + forall (v: val) (f: RTL.function), + Genv.find_funct ge v = Some f -> + Genv.find_funct tge v = Some (transf_function f). +Proof (@Genv.find_funct_transf _ _ transf_function prog). + +Lemma funct_ptr_translated: + forall (b: block) (f: RTL.function), + Genv.find_funct_ptr ge b = Some f -> + Genv.find_funct_ptr tge b = Some (transf_function f). +Proof (@Genv.find_funct_ptr_transf _ _ transf_function prog). + +(** The proof of semantic preservation is a simulation argument using + diagrams of the following form: +<< + pc, rs, m ------------------------ pc, rs, m + | | + | | + v v + pc', rs', m' --------------------- pc', rs', m' +>> + Left: RTL execution in the original program. Right: RTL execution in + the optimized program. Precondition (top): the numbering at [pc] + (returned by the static analysis) is satisfiable. Postcondition: none. +*) + +Definition exec_instr_prop + (c: code) (sp: val) + (pc: node) (rs: regset) (m: mem) + (pc': node) (rs': regset) (m': mem) : Prop := + forall f + (CF: c = f.(RTL.fn_code)) + (SAT: numbering_satisfiable ge sp rs m (analyze f)!!pc), + exec_instr tge (transf_code (analyze f) c) sp pc rs m pc' rs' m'. + +Definition exec_instrs_prop + (c: code) (sp: val) + (pc: node) (rs: regset) (m: mem) + (pc': node) (rs': regset) (m': mem) : Prop := + forall f + (CF: c = f.(RTL.fn_code)) + (SAT: numbering_satisfiable ge sp rs m (analyze f)!!pc), + exec_instrs tge (transf_code (analyze f) c) sp pc rs m pc' rs' m'. + +Definition exec_function_prop + (f: RTL.function) (args: list val) (m: mem) + (res: val) (m': mem) : Prop := + exec_function tge (transf_function f) args m res m'. + +Ltac TransfInstr := + match goal with + | H1: (PTree.get ?pc ?c = Some ?instr), f: function |- _ => + cut ((transf_code (analyze f) c)!pc = Some(transf_instr (analyze f)!!pc instr)); + [ simpl + | unfold transf_code; rewrite PTree.gmap; + unfold option_map; rewrite H1; reflexivity ] + end. + +(** The proof of simulation is by structural induction on the evaluation + derivation for the source program. *) + +Lemma transf_function_correct: + forall f args m res m', + exec_function ge f args m res m' -> + exec_function_prop f args m res m'. +Proof. + apply (exec_function_ind_3 ge + exec_instr_prop exec_instrs_prop exec_function_prop); + intros; red; intros; try TransfInstr. + (* Inop *) + intro; apply exec_Inop; auto. + (* Iop *) + assert (eval_operation tge sp op rs##args = Some v). + rewrite <- H0. apply eval_operation_preserved. exact symbols_preserved. + case (is_trivial_op op). + intro. eapply exec_Iop'; eauto. + caseEq (find_op (analyze f)!!pc op args). intros r FIND CODE. + eapply exec_Iop'; eauto. simpl. + assert (eval_operation ge sp op rs##args = Some rs#r). + eapply find_op_correct; eauto. + eapply wf_analyze; eauto. + congruence. + intros. eapply exec_Iop'; eauto. + (* Iload *) + assert (eval_addressing tge sp addr rs##args = Some a). + rewrite <- H0. apply eval_addressing_preserved. exact symbols_preserved. + caseEq (find_load (analyze f)!!pc chunk addr args). intros r FIND CODE. + eapply exec_Iop'; eauto. simpl. + assert (exists a, eval_addressing ge sp addr rs##args = Some a + /\ loadv chunk m a = Some rs#r). + eapply find_load_correct; eauto. + eapply wf_analyze; eauto. + elim H3; intros a' [A B]. + congruence. + intros. eapply exec_Iload'; eauto. + (* Istore *) + assert (eval_addressing tge sp addr rs##args = Some a). + rewrite <- H0. apply eval_addressing_preserved. exact symbols_preserved. + intro; eapply exec_Istore; eauto. + (* Icall *) + assert (find_function tge ros rs = Some (transf_function f)). + destruct ros; simpl in H0; simpl. + apply functions_translated; auto. + rewrite symbols_preserved. destruct (Genv.find_symbol ge i). + apply funct_ptr_translated; auto. discriminate. + intro; eapply exec_Icall with (f := transf_function f); eauto. + (* Icond true *) + intro; eapply exec_Icond_true; eauto. + (* Icond false *) + intro; eapply exec_Icond_false; eauto. + (* refl *) + apply exec_refl. + (* one *) + apply exec_one; auto. + (* trans *) + eapply exec_trans; eauto. apply H2; auto. + eapply analysis_correct_N; eauto. + (* function *) + intro. unfold transf_function; eapply exec_funct; simpl; eauto. + eapply H1; eauto. eapply analysis_correct_entry; eauto. +Qed. + +Theorem transf_program_correct: + forall (r: val), + exec_program prog r -> exec_program tprog r. +Proof. + intros r [fptr [f [m [FINDS [FINDF [SIG EXEC]]]]]]. + red. exists fptr; exists (transf_function f); exists m. + split. change (prog_main tprog) with (prog_main prog). + rewrite symbols_preserved. assumption. + split. apply funct_ptr_translated; auto. + split. unfold transf_function. + rewrite <- SIG. destruct (analyze f); reflexivity. + apply transf_function_correct. + unfold tprog, transf_program. rewrite Genv.init_mem_transf. + exact EXEC. +Qed. + +End PRESERVATION. diff --git a/backend/Cmconstr.v b/backend/Cmconstr.v new file mode 100644 index 00000000..cd50e38e --- /dev/null +++ b/backend/Cmconstr.v @@ -0,0 +1,911 @@ +(** Smart constructors for Cminor. This library provides functions + for building Cminor expressions and statements, especially expressions + consisting of operator applications. These functions examine their + arguments to choose cheaper forms of operators whenever possible. + + For instance, [add e1 e2] will return a Cminor expression semantically + equivalent to [Eop Oadd (e1 ::: e2 ::: Enil)], but will use a + [Oaddimm] operator if one of the arguments is an integer constant, + or suppress the addition altogether if one of the arguments is the + null integer. In passing, we perform operator reassociation + ([(e + c1) * c2] becomes [(e * c2) + (c1 * c2)]) and a small amount + of constant propagation. + + In more general terms, the purpose of the smart constructors is twofold: +- Perform instruction selection (for operators, loads, stores and + conditional expressions); +- Abstract over processor dependencies in operators and addressing modes, + providing Cminor providers with processor-independent ways of constructing + Cminor terms. +*) + +Require Import Coqlib. +Require Import Compare_dec. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Mem. +Require Import Op. +Require Import Globalenvs. +Require Import Cminor. + +Infix ":::" := Econs (at level 60, right associativity) : cminor_scope. + +Open Scope cminor_scope. + +(** * Lifting of let-bound variables *) + +(** Some of the smart constructors, as well as the Cminor producers, + generate [Elet] constructs to share the evaluation of a subexpression. + Owing to the use of de Bruijn indices for let-bound variables, + we need to shift de Bruijn indices when an expression [b] is put + in a [Elet a b] context. *) + +Fixpoint lift_expr (p: nat) (a: expr) {struct a}: expr := + match a with + | Evar id => Evar id + | Eassign id b => Eassign id (lift_expr p b) + | Eop op bl => Eop op (lift_exprlist p bl) + | Eload chunk addr bl => Eload chunk addr (lift_exprlist p bl) + | Estore chunk addr bl c => + Estore chunk addr (lift_exprlist p bl) (lift_expr p c) + | Ecall sig b cl => Ecall sig (lift_expr p b) (lift_exprlist p cl) + | Econdition b c d => + Econdition (lift_condexpr p b) (lift_expr p c) (lift_expr p d) + | Elet b c => Elet (lift_expr p b) (lift_expr (S p) c) + | Eletvar n => + if le_gt_dec p n then Eletvar (S n) else Eletvar n + end + +with lift_condexpr (p: nat) (a: condexpr) {struct a}: condexpr := + match a with + | CEtrue => CEtrue + | CEfalse => CEfalse + | CEcond cond bl => CEcond cond (lift_exprlist p bl) + | CEcondition b c d => + CEcondition (lift_condexpr p b) (lift_condexpr p c) (lift_condexpr p d) + end + +with lift_exprlist (p: nat) (a: exprlist) {struct a}: exprlist := + match a with + | Enil => Enil + | Econs b cl => Econs (lift_expr p b) (lift_exprlist p cl) + end. + +Definition lift (a: expr): expr := lift_expr O a. + +(** * Smart constructors for operators *) + +Definition negint (e: expr) := Eop (Osubimm Int.zero) (e ::: Enil). +Definition negfloat (e: expr) := Eop Onegf (e ::: Enil). +Definition absfloat (e: expr) := Eop Oabsf (e ::: Enil). +Definition intoffloat (e: expr) := Eop Ointoffloat (e ::: Enil). +Definition floatofint (e: expr) := Eop Ofloatofint (e ::: Enil). +Definition floatofintu (e: expr) := Eop Ofloatofintu (e ::: Enil). + +(** ** Integer logical negation *) + +(** The natural way to write smart constructors is by pattern-matching + on their arguments, recognizing cases where cheaper operators + or combined operators are applicable. For instance, integer logical + negation has three special cases (not-and, not-or and not-xor), + along with a default case that uses not-or over its arguments and itself. + This is written naively as follows: +<< +Definition notint (e: expr) := + match e with + | Eop Oand (t1:::t2:::Enil) => Eop Onand (t1:::t2:::Enil) + | Eop Oor (t1:::t2:::Enil) => Eop Onor (t1:::t2:::Enil) + | Eop Oxor (t1:::t2:::Enil) => Eop Onxor (t1:::t2:::Enil) + | _ => Elet(e, Eop Onor (Eletvar O ::: Eletvar O ::: Enil) + end. +>> + However, Coq expands complex pattern-matchings like the above into + elementary matchings over all constructors of an inductive type, + resulting in much duplication of the final catch-all case. + Such duplications generate huge executable code and duplicate + cases in the correctness proofs. + + To limit this duplication, we use the following trick due to + Yves Bertot. We first define a dependent inductive type that + characterizes the expressions that match each of the 4 cases of interest. +*) + +Inductive notint_cases: forall (e: expr), Set := + | notint_case1: + forall (t1: expr) (t2: expr), + notint_cases (Eop Oand (t1:::t2:::Enil)) + | notint_case2: + forall (t1: expr) (t2: expr), + notint_cases (Eop Oor (t1:::t2:::Enil)) + | notint_case3: + forall (t1: expr) (t2: expr), + notint_cases (Eop Oxor (t1:::t2:::Enil)) + | notint_default: + forall (e: expr), + notint_cases e. + +(** We then define a classification function that takes an expression + and return in which case it falls. Note that the catch-all case + [notint_default] does not state that it is mutually exclusive with + the first three, more specific cases. The classification function + nonetheless chooses the specific cases in preference to the catch-all + case. *) + +Definition notint_match (e: expr) := + match e as z1 return notint_cases z1 with + | Eop Oand (t1:::t2:::Enil) => + notint_case1 t1 t2 + | Eop Oor (t1:::t2:::Enil) => + notint_case2 t1 t2 + | Eop Oxor (t1:::t2:::Enil) => + notint_case3 t1 t2 + | e => + notint_default e + end. + +(** Finally, the [notint] function we need is defined by a 4-case match + over the result of the classification function. Thus, no duplication + of the right-hand sides of this match occur, and the proof has only + 4 cases to consider (it proceeds by case over [notint_match e]). + Since the default case is not obviously exclusive with the three + specific cases, it is important that its right-hand side is + semantically correct for all possible values of [e], which is the + case here and for all other smart constructors. *) + +Definition notint (e: expr) := + match notint_match e with + | notint_case1 t1 t2 => + Eop Onand (t1:::t2:::Enil) + | notint_case2 t1 t2 => + Eop Onor (t1:::t2:::Enil) + | notint_case3 t1 t2 => + Eop Onxor (t1:::t2:::Enil) + | notint_default e => + Elet e (Eop Onor (Eletvar O ::: Eletvar O ::: Enil)) + end. + +(** This programming pattern will be applied systematically for the + other smart constructors in this file. *) + +(** ** Boolean negation *) + +Definition notbool_base (e: expr) := + Eop (Ocmp (Ccompuimm Ceq Int.zero)) (e ::: Enil). + +Fixpoint notbool (e: expr) {struct e} : expr := + match e with + | Eop (Ointconst n) Enil => + Eop (Ointconst (if Int.eq n Int.zero then Int.one else Int.zero)) Enil + | Eop (Ocmp cond) args => + Eop (Ocmp (negate_condition cond)) args + | Econdition e1 e2 e3 => + Econdition e1 (notbool e2) (notbool e3) + | _ => + notbool_base e + end. + +(** ** Truncations and sign extensions *) + +Definition cast8signed (e: expr) := Eop Ocast8signed (e ::: Enil). + +Definition cast8unsigned (e: expr) := + Eop (Orolm Int.zero (Int.repr 255)) (e ::: Enil). +Definition cast16signed (e: expr) := + Eop Ocast16signed (e ::: Enil). +Definition cast16unsigned (e: expr) := + Eop (Orolm Int.zero (Int.repr 65535)) (e ::: Enil). +Definition singleoffloat (e: expr) := + Eop Osingleoffloat (e ::: Enil). + +(** ** Integer addition and pointer addition *) + +(* +Definition addimm (n: int) (e: expr) := + if Int.eq n Int.zero then e else + match e with + | Eop (Ointconst m) Enil => Eop (Ointconst(Int.add n m)) Enil + | Eop (Oaddrsymbol s m) Enil => Eop (Oaddrsymbol s (Int.add n m)) Enil + | Eop (Oaddrstack m) Enil => Eop (Oaddrstack (Int.add n m)) Enil + | Eop (Oaddimm m) (t ::: Enil) => Eop (Oaddimm(Int.add n m)) (t ::: Enil) + | _ => Eop (Oaddimm n) (e ::: Enil) + end. +*) + +(** Addition of an integer constant. *) + +Inductive addimm_cases: forall (e: expr), Set := + | addimm_case1: + forall (m: int), + addimm_cases (Eop (Ointconst m) Enil) + | addimm_case2: + forall (s: ident) (m: int), + addimm_cases (Eop (Oaddrsymbol s m) Enil) + | addimm_case3: + forall (m: int), + addimm_cases (Eop (Oaddrstack m) Enil) + | addimm_case4: + forall (m: int) (t: expr), + addimm_cases (Eop (Oaddimm m) (t ::: Enil)) + | addimm_default: + forall (e: expr), + addimm_cases e. + +Definition addimm_match (e: expr) := + match e as z1 return addimm_cases z1 with + | Eop (Ointconst m) Enil => + addimm_case1 m + | Eop (Oaddrsymbol s m) Enil => + addimm_case2 s m + | Eop (Oaddrstack m) Enil => + addimm_case3 m + | Eop (Oaddimm m) (t ::: Enil) => + addimm_case4 m t + | e => + addimm_default e + end. + +Definition addimm (n: int) (e: expr) := + if Int.eq n Int.zero then e else + match addimm_match e with + | addimm_case1 m => + Eop (Ointconst(Int.add n m)) Enil + | addimm_case2 s m => + Eop (Oaddrsymbol s (Int.add n m)) Enil + | addimm_case3 m => + Eop (Oaddrstack (Int.add n m)) Enil + | addimm_case4 m t => + Eop (Oaddimm(Int.add n m)) (t ::: Enil) + | addimm_default e => + Eop (Oaddimm n) (e ::: Enil) + end. + +(** Addition of two integer or pointer expressions. *) + +(* +Definition add (e1: expr) (e2: expr) := + match e1, e2 with + | Eop (Ointconst n1) Enil, t2 => addimm n1 t2 + | Eop (Oaddimm n1) (t1:::Enil), Eop (Oaddimm n2) (t2:::Enil) => addimm (Int.add n1 n2) (Eop Oadd (t1:::t2:::Enil)) + | Eop(Oaddimm n1) (t1:::Enil)), t2 => addimm n1 (Eop Oadd (t1:::t2:::Enil)) + | t1, Eop (Ointconst n2) Enil => addimm n2 t1 + | t1, Eop (Oaddimm n2) (t2:::Enil) => addimm n2 (Eop Oadd (t1:::t2:::Enil)) + | _, _ => Eop Oadd (e1:::e2:::Enil) + end. +*) + +Inductive add_cases: forall (e1: expr) (e2: expr), Set := + | add_case1: + forall (n1: int) (t2: expr), + add_cases (Eop (Ointconst n1) Enil) (t2) + | add_case2: + forall (n1: int) (t1: expr) (n2: int) (t2: expr), + add_cases (Eop (Oaddimm n1) (t1:::Enil)) (Eop (Oaddimm n2) (t2:::Enil)) + | add_case3: + forall (n1: int) (t1: expr) (t2: expr), + add_cases (Eop(Oaddimm n1) (t1:::Enil)) (t2) + | add_case4: + forall (t1: expr) (n2: int), + add_cases (t1) (Eop (Ointconst n2) Enil) + | add_case5: + forall (t1: expr) (n2: int) (t2: expr), + add_cases (t1) (Eop (Oaddimm n2) (t2:::Enil)) + | add_default: + forall (e1: expr) (e2: expr), + add_cases e1 e2. + +Definition add_match_aux (e1: expr) (e2: expr) := + match e2 as z2 return add_cases e1 z2 with + | Eop (Ointconst n2) Enil => + add_case4 e1 n2 + | Eop (Oaddimm n2) (t2:::Enil) => + add_case5 e1 n2 t2 + | e2 => + add_default e1 e2 + end. + +Definition add_match (e1: expr) (e2: expr) := + match e1 as z1, e2 as z2 return add_cases z1 z2 with + | Eop (Ointconst n1) Enil, t2 => + add_case1 n1 t2 + | Eop (Oaddimm n1) (t1:::Enil), Eop (Oaddimm n2) (t2:::Enil) => + add_case2 n1 t1 n2 t2 + | Eop(Oaddimm n1) (t1:::Enil), t2 => + add_case3 n1 t1 t2 + | e1, e2 => + add_match_aux e1 e2 + end. + +Definition add (e1: expr) (e2: expr) := + match add_match e1 e2 with + | add_case1 n1 t2 => + addimm n1 t2 + | add_case2 n1 t1 n2 t2 => + addimm (Int.add n1 n2) (Eop Oadd (t1:::t2:::Enil)) + | add_case3 n1 t1 t2 => + addimm n1 (Eop Oadd (t1:::t2:::Enil)) + | add_case4 t1 n2 => + addimm n2 t1 + | add_case5 t1 n2 t2 => + addimm n2 (Eop Oadd (t1:::t2:::Enil)) + | add_default e1 e2 => + Eop Oadd (e1:::e2:::Enil) + end. + +(** ** Integer and pointer subtraction *) + +(* +Definition sub (e1: expr) (e2: expr) := + match e1, e2 with + | t1, Eop (Ointconst n2) Enil => addimm (Int.neg n2) t1 + | Eop (Oaddimm n1) (t1:::Enil), Eop (Oaddimm n2) (t2:::Enil) => addimm +(intsub n1 n2) (Eop Osub (t1:::t2:::Enil)) + | Eop (Oaddimm n1) (t1:::Enil), t2 => addimm n1 (Eop Osub (t1:::t2:::Rni +l)) + | t1, Eop (Oaddimm n2) (t2:::Enil) => addimm (Int.neg n2) (Eop Osub (t1::: +:t2:::Enil)) + | _, _ => Eop Osub (e1:::e2:::Enil) + end. +*) + +Inductive sub_cases: forall (e1: expr) (e2: expr), Set := + | sub_case1: + forall (t1: expr) (n2: int), + sub_cases (t1) (Eop (Ointconst n2) Enil) + | sub_case2: + forall (n1: int) (t1: expr) (n2: int) (t2: expr), + sub_cases (Eop (Oaddimm n1) (t1:::Enil)) (Eop (Oaddimm n2) (t2:::Enil)) + | sub_case3: + forall (n1: int) (t1: expr) (t2: expr), + sub_cases (Eop (Oaddimm n1) (t1:::Enil)) (t2) + | sub_case4: + forall (t1: expr) (n2: int) (t2: expr), + sub_cases (t1) (Eop (Oaddimm n2) (t2:::Enil)) + | sub_default: + forall (e1: expr) (e2: expr), + sub_cases e1 e2. + +Definition sub_match_aux (e1: expr) (e2: expr) := + match e1 as z1 return sub_cases z1 e2 with + | Eop (Oaddimm n1) (t1:::Enil) => + sub_case3 n1 t1 e2 + | e1 => + sub_default e1 e2 + end. + +Definition sub_match (e1: expr) (e2: expr) := + match e2 as z2, e1 as z1 return sub_cases z1 z2 with + | Eop (Ointconst n2) Enil, t1 => + sub_case1 t1 n2 + | Eop (Oaddimm n2) (t2:::Enil), Eop (Oaddimm n1) (t1:::Enil) => + sub_case2 n1 t1 n2 t2 + | Eop (Oaddimm n2) (t2:::Enil), t1 => + sub_case4 t1 n2 t2 + | e2, e1 => + sub_match_aux e1 e2 + end. + +Definition sub (e1: expr) (e2: expr) := + match sub_match e1 e2 with + | sub_case1 t1 n2 => + addimm (Int.neg n2) t1 + | sub_case2 n1 t1 n2 t2 => + addimm (Int.sub n1 n2) (Eop Osub (t1:::t2:::Enil)) + | sub_case3 n1 t1 t2 => + addimm n1 (Eop Osub (t1:::t2:::Enil)) + | sub_case4 t1 n2 t2 => + addimm (Int.neg n2) (Eop Osub (t1:::t2:::Enil)) + | sub_default e1 e2 => + Eop Osub (e1:::e2:::Enil) + end. + +(** ** Rotates and immediate shifts *) + +(* +Definition rolm (e1: expr) := + match e1 with + | Eop (Ointconst n1) Enil => + Eop (Ointconst(Int.and (Int.rol n1 amount2) mask2)) Enil + | Eop (Orolm amount1 mask1) (t1:::Enil) => + let amount := Int.and (Int.add amount1 amount2) Ox1Fl in + let mask := Int.and (Int.rol mask1 amount2) mask2 in + if Int.is_rlw_mask mask + then Eop (Orolm amount mask) (t1:::Enil) + else Eop (Orolm amount2 mask2) (e1:::Enil) + | _ => Eop (Orolm amount2 mask2) (e1:::Enil) + end +*) + +Inductive rolm_cases: forall (e1: expr), Set := + | rolm_case1: + forall (n1: int), + rolm_cases (Eop (Ointconst n1) Enil) + | rolm_case2: + forall (amount1: int) (mask1: int) (t1: expr), + rolm_cases (Eop (Orolm amount1 mask1) (t1:::Enil)) + | rolm_default: + forall (e1: expr), + rolm_cases e1. + +Definition rolm_match (e1: expr) := + match e1 as z1 return rolm_cases z1 with + | Eop (Ointconst n1) Enil => + rolm_case1 n1 + | Eop (Orolm amount1 mask1) (t1:::Enil) => + rolm_case2 amount1 mask1 t1 + | e1 => + rolm_default e1 + end. + +Definition rolm (e1: expr) (amount2 mask2: int) := + match rolm_match e1 with + | rolm_case1 n1 => + Eop (Ointconst(Int.and (Int.rol n1 amount2) mask2)) Enil + | rolm_case2 amount1 mask1 t1 => + let amount := Int.and (Int.add amount1 amount2) (Int.repr 31) in + let mask := Int.and (Int.rol mask1 amount2) mask2 in + if Int.is_rlw_mask mask + then Eop (Orolm amount mask) (t1:::Enil) + else Eop (Orolm amount2 mask2) (e1:::Enil) + | rolm_default e1 => + Eop (Orolm amount2 mask2) (e1:::Enil) + end. + +Definition shlimm (e1: expr) (n2: int) := + if Int.eq n2 Int.zero then + e1 + else if Int.ltu n2 (Int.repr 32) then + rolm e1 n2 (Int.shl Int.mone n2) + else + Eop Oshl (e1:::Eop (Ointconst n2) Enil:::Enil). + +Definition shruimm (e1: expr) (n2: int) := + if Int.eq n2 Int.zero then + e1 + else if Int.ltu n2 (Int.repr 32) then + rolm e1 (Int.sub (Int.repr 32) n2) (Int.shru Int.mone n2) + else + Eop Oshru (e1:::Eop (Ointconst n2) Enil:::Enil). + +(** ** Integer multiply *) + +Definition mulimm_base (n1: int) (e2: expr) := + match Int.one_bits n1 with + | i :: nil => + shlimm e2 i + | i :: j :: nil => + Elet e2 + (Eop Oadd (shlimm (Eletvar 0) i ::: + shlimm (Eletvar 0) j ::: Enil)) + | _ => + Eop (Omulimm n1) (e2:::Enil) + end. + +(* +Definition mulimm (n1: int) (e2: expr) := + if Int.eq n1 Int.zero then + Elet e2 (Eop (Ointconst Int.zero) Enil) + else if Int.eq n1 Int.one then + e2 + else match e2 with + | Eop (Ointconst n2) Enil => Eop (Ointconst(intmul n1 n2)) Enil + | Eop (Oaddimm n2) (t2:::Enil) => addimm (intmul n1 n2) (mulimm_base n1 t2) + | _ => mulimm_base n1 e2 + end. +*) + +Inductive mulimm_cases: forall (e2: expr), Set := + | mulimm_case1: + forall (n2: int), + mulimm_cases (Eop (Ointconst n2) Enil) + | mulimm_case2: + forall (n2: int) (t2: expr), + mulimm_cases (Eop (Oaddimm n2) (t2:::Enil)) + | mulimm_default: + forall (e2: expr), + mulimm_cases e2. + +Definition mulimm_match (e2: expr) := + match e2 as z1 return mulimm_cases z1 with + | Eop (Ointconst n2) Enil => + mulimm_case1 n2 + | Eop (Oaddimm n2) (t2:::Enil) => + mulimm_case2 n2 t2 + | e2 => + mulimm_default e2 + end. + +Definition mulimm (n1: int) (e2: expr) := + if Int.eq n1 Int.zero then + Elet e2 (Eop (Ointconst Int.zero) Enil) + else if Int.eq n1 Int.one then + e2 + else match mulimm_match e2 with + | mulimm_case1 n2 => + Eop (Ointconst(Int.mul n1 n2)) Enil + | mulimm_case2 n2 t2 => + addimm (Int.mul n1 n2) (mulimm_base n1 t2) + | mulimm_default e2 => + mulimm_base n1 e2 + end. + +(* +Definition mul (e1: expr) (e2: expr) := + match e1, e2 with + | Eop (Ointconst n1) Enil, t2 => mulimm n1 t2 + | t1, Eop (Ointconst n2) Enil => mulimm n2 t1 + | _, _ => Eop Omul (e1:::e2:::Enil) + end. +*) + +Inductive mul_cases: forall (e1: expr) (e2: expr), Set := + | mul_case1: + forall (n1: int) (t2: expr), + mul_cases (Eop (Ointconst n1) Enil) (t2) + | mul_case2: + forall (t1: expr) (n2: int), + mul_cases (t1) (Eop (Ointconst n2) Enil) + | mul_default: + forall (e1: expr) (e2: expr), + mul_cases e1 e2. + +Definition mul_match_aux (e1: expr) (e2: expr) := + match e2 as z2 return mul_cases e1 z2 with + | Eop (Ointconst n2) Enil => + mul_case2 e1 n2 + | e2 => + mul_default e1 e2 + end. + +Definition mul_match (e1: expr) (e2: expr) := + match e1 as z1 return mul_cases z1 e2 with + | Eop (Ointconst n1) Enil => + mul_case1 n1 e2 + | e1 => + mul_match_aux e1 e2 + end. + +Definition mul (e1: expr) (e2: expr) := + match mul_match e1 e2 with + | mul_case1 n1 t2 => + mulimm n1 t2 + | mul_case2 t1 n2 => + mulimm n2 t1 + | mul_default e1 e2 => + Eop Omul (e1:::e2:::Enil) + end. + +(** ** Integer division and modulus *) + +Definition divs (e1: expr) (e2: expr) := Eop Odiv (e1:::e2:::Enil). + +Definition mod_aux (divop: operation) (e1 e2: expr) := + Elet e1 + (Elet (lift e2) + (Eop Osub (Eletvar 1 ::: + Eop Omul (Eop divop (Eletvar 1 ::: Eletvar 0 ::: Enil) ::: + Eletvar 0 ::: + Enil) ::: + Enil))). + +Definition mods := mod_aux Odiv. + +Inductive divu_cases: forall (e2: expr), Set := + | divu_case1: + forall (n2: int), + divu_cases (Eop (Ointconst n2) Enil) + | divu_default: + forall (e2: expr), + divu_cases e2. + +Definition divu_match (e2: expr) := + match e2 as z1 return divu_cases z1 with + | Eop (Ointconst n2) Enil => + divu_case1 n2 + | e2 => + divu_default e2 + end. + +Definition divu (e1: expr) (e2: expr) := + match divu_match e2 with + | divu_case1 n2 => + match Int.is_power2 n2 with + | Some l2 => shruimm e1 l2 + | None => Eop Odivu (e1:::e2:::Enil) + end + | divu_default e2 => + Eop Odivu (e1:::e2:::Enil) + end. + +Definition modu (e1: expr) (e2: expr) := + match divu_match e2 with + | divu_case1 n2 => + match Int.is_power2 n2 with + | Some l2 => rolm e1 Int.zero (Int.sub n2 Int.one) + | None => mod_aux Odivu e1 e2 + end + | divu_default e2 => + mod_aux Odivu e1 e2 + end. + +(** ** Bitwise and, or, xor *) + +Definition andimm (n1: int) (e2: expr) := + if Int.is_rlw_mask n1 + then rolm e2 Int.zero n1 + else Eop (Oandimm n1) (e2:::Enil). + +Definition and (e1: expr) (e2: expr) := + match mul_match e1 e2 with + | mul_case1 n1 t2 => + andimm n1 t2 + | mul_case2 t1 n2 => + andimm n2 t1 + | mul_default e1 e2 => + Eop Oand (e1:::e2:::Enil) + end. + +Definition same_expr_pure (e1 e2: expr) := + match e1, e2 with + | Evar v1, Evar v2 => if ident_eq v1 v2 then true else false + | _, _ => false + end. + +Inductive or_cases: forall (e1: expr) (e2: expr), Set := + | or_case1: + forall (amount1: int) (mask1: int) (t1: expr) + (amount2: int) (mask2: int) (t2: expr), + or_cases (Eop (Orolm amount1 mask1) (t1:::Enil)) + (Eop (Orolm amount2 mask2) (t2:::Enil)) + | or_default: + forall (e1: expr) (e2: expr), + or_cases e1 e2. + +Definition or_match (e1: expr) (e2: expr) := + match e1 as z1, e2 as z2 return or_cases z1 z2 with + | Eop (Orolm amount1 mask1) (t1:::Enil), + Eop (Orolm amount2 mask2) (t2:::Enil) => + or_case1 amount1 mask1 t1 amount2 mask2 t2 + | e1, e2 => + or_default e1 e2 + end. + +Definition or (e1: expr) (e2: expr) := + match or_match e1 e2 with + | or_case1 amount1 mask1 t1 amount2 mask2 t2 => + if Int.eq amount1 amount2 + && Int.is_rlw_mask (Int.or mask1 mask2) + && same_expr_pure t1 t2 + then Eop (Orolm amount1 (Int.or mask1 mask2)) (t1:::Enil) + else Eop Oor (e1:::e2:::Enil) + | or_default e1 e2 => + Eop Oor (e1:::e2:::Enil) + end. + +Definition xor (e1 e2: expr) := Eop Oxor (e1:::e2:::Enil). + +(** ** General shifts *) + +Inductive shift_cases: forall (e1: expr), Set := + | shift_case1: + forall (n2: int), + shift_cases (Eop (Ointconst n2) Enil) + | shift_default: + forall (e1: expr), + shift_cases e1. + +Definition shift_match (e1: expr) := + match e1 as z1 return shift_cases z1 with + | Eop (Ointconst n2) Enil => + shift_case1 n2 + | e1 => + shift_default e1 + end. + +Definition shl (e1: expr) (e2: expr) := + match shift_match e2 with + | shift_case1 n2 => + shlimm e1 n2 + | shift_default e2 => + Eop Oshl (e1:::e2:::Enil) + end. + +Definition shr (e1 e2: expr) := + Eop Oshr (e1:::e2:::Enil). + +Definition shru (e1: expr) (e2: expr) := + match shift_match e2 with + | shift_case1 n2 => + shruimm e1 n2 + | shift_default e2 => + Eop Oshru (e1:::e2:::Enil) + end. + +(** ** Floating-point arithmetic *) + +(* +Definition addf (e1: expr) (e2: expr) := + match e1, e2 with + | Eop Omulf (t1:::t2:::Enil), t3 => Eop Omuladdf (t1:::t2:::t3:::Enil) + | t1, Eop Omulf (t2:::t3:::Enil) => Elet t1 (Eop Omuladdf (t2:::t3:::Rvar 0:::Enil)) + | _, _ => Eop Oaddf (e1:::e2:::Enil) + end. +*) + +Inductive addf_cases: forall (e1: expr) (e2: expr), Set := + | addf_case1: + forall (t1: expr) (t2: expr) (t3: expr), + addf_cases (Eop Omulf (t1:::t2:::Enil)) (t3) + | addf_case2: + forall (t1: expr) (t2: expr) (t3: expr), + addf_cases (t1) (Eop Omulf (t2:::t3:::Enil)) + | addf_default: + forall (e1: expr) (e2: expr), + addf_cases e1 e2. + +Definition addf_match_aux (e1: expr) (e2: expr) := + match e2 as z2 return addf_cases e1 z2 with + | Eop Omulf (t2:::t3:::Enil) => + addf_case2 e1 t2 t3 + | e2 => + addf_default e1 e2 + end. + +Definition addf_match (e1: expr) (e2: expr) := + match e1 as z1 return addf_cases z1 e2 with + | Eop Omulf (t1:::t2:::Enil) => + addf_case1 t1 t2 e2 + | e1 => + addf_match_aux e1 e2 + end. + +Definition addf (e1: expr) (e2: expr) := + match addf_match e1 e2 with + | addf_case1 t1 t2 t3 => + Eop Omuladdf (t1:::t2:::t3:::Enil) + | addf_case2 t1 t2 t3 => + Elet t1 (Eop Omuladdf (lift t2:::lift t3:::Eletvar 0:::Enil)) + | addf_default e1 e2 => + Eop Oaddf (e1:::e2:::Enil) + end. + +(* +Definition subf (e1: expr) (e2: expr) := + match e1, e2 with + | Eop Omulfloat (t1:::t2:::Enil), t3 => Eop Omulsubf (t1:::t2:::t3:::Enil) + | _, _ => Eop Osubf (e1:::e2:::Enil) + end. +*) + +Inductive subf_cases: forall (e1: expr) (e2: expr), Set := + | subf_case1: + forall (t1: expr) (t2: expr) (t3: expr), + subf_cases (Eop Omulf (t1:::t2:::Enil)) (t3) + | subf_default: + forall (e1: expr) (e2: expr), + subf_cases e1 e2. + +Definition subf_match (e1: expr) (e2: expr) := + match e1 as z1 return subf_cases z1 e2 with + | Eop Omulf (t1:::t2:::Enil) => + subf_case1 t1 t2 e2 + | e1 => + subf_default e1 e2 + end. + +Definition subf (e1: expr) (e2: expr) := + match subf_match e1 e2 with + | subf_case1 t1 t2 t3 => + Eop Omulsubf (t1:::t2:::t3:::Enil) + | subf_default e1 e2 => + Eop Osubf (e1:::e2:::Enil) + end. + +Definition mulf (e1 e2: expr) := Eop Omulf (e1:::e2:::Enil). +Definition divf (e1 e2: expr) := Eop Odivf (e1:::e2:::Enil). + +(** ** Comparisons and conditional expressions *) + +Definition cmp (c: comparison) (e1 e2: expr) := + Eop (Ocmp (Ccomp c)) (e1:::e2:::Enil). +Definition cmpu (c: comparison) (e1 e2: expr) := + Eop (Ocmp (Ccompu c)) (e1:::e2:::Enil). +Definition cmpf (c: comparison) (e1 e2: expr) := + Eop (Ocmp (Ccompf c)) (e1:::e2:::Enil). + +Fixpoint condexpr_of_expr (e: expr) : condexpr := + match e with + | Eop (Ointconst n) Enil => + if Int.eq n Int.zero then CEfalse else CEtrue + | Eop (Ocmp c) el => CEcond c el + | Econdition e1 e2 e3 => + CEcondition e1 (condexpr_of_expr e2) (condexpr_of_expr e3) + | e => CEcond (Ccompuimm Cne Int.zero) (e:::Enil) + end. + +Definition conditionalexpr (e1 e2 e3: expr) : expr := + Econdition (condexpr_of_expr e1) e2 e3. + +(** ** Recognition of addressing modes for load and store operations *) + +(* +Definition addressing (e: expr) := + match e with + | Eop (Oaddrsymbol s n) Enil => (Aglobal s n, Enil) + | Eop (Oaddrstack n) Enil => (Ainstack n, Enil) + | Eop Oadd (Eop (Oaddrsymbol s n) Enil) e2 => (Abased(s, n), e2:::Enil) + | Eop (Oaddimm n) (e1:::Enil) => (Aindexed n, e1:::Enil) + | Eop Oadd (e1:::e2:::Enil) => (Aindexed2, e1:::e2:::Enil) + | _ => (Aindexed Int.zero, e:::Enil) + end. +*) + +Inductive addressing_cases: forall (e: expr), Set := + | addressing_case1: + forall (s: ident) (n: int), + addressing_cases (Eop (Oaddrsymbol s n) Enil) + | addressing_case2: + forall (n: int), + addressing_cases (Eop (Oaddrstack n) Enil) + | addressing_case3: + forall (s: ident) (n: int) (e2: expr), + addressing_cases + (Eop Oadd (Eop (Oaddrsymbol s n) Enil:::e2:::Enil)) + | addressing_case4: + forall (n: int) (e1: expr), + addressing_cases (Eop (Oaddimm n) (e1:::Enil)) + | addressing_case5: + forall (e1: expr) (e2: expr), + addressing_cases (Eop Oadd (e1:::e2:::Enil)) + | addressing_default: + forall (e: expr), + addressing_cases e. + +Definition addressing_match (e: expr) := + match e as z1 return addressing_cases z1 with + | Eop (Oaddrsymbol s n) Enil => + addressing_case1 s n + | Eop (Oaddrstack n) Enil => + addressing_case2 n + | Eop Oadd (Eop (Oaddrsymbol s n) Enil:::e2:::Enil) => + addressing_case3 s n e2 + | Eop (Oaddimm n) (e1:::Enil) => + addressing_case4 n e1 + | Eop Oadd (e1:::e2:::Enil) => + addressing_case5 e1 e2 + | e => + addressing_default e + end. + +Definition addressing (e: expr) := + match addressing_match e with + | addressing_case1 s n => + (Aglobal s n, Enil) + | addressing_case2 n => + (Ainstack n, Enil) + | addressing_case3 s n e2 => + (Abased s n, e2:::Enil) + | addressing_case4 n e1 => + (Aindexed n, e1:::Enil) + | addressing_case5 e1 e2 => + (Aindexed2, e1:::e2:::Enil) + | addressing_default e => + (Aindexed Int.zero, e:::Enil) + end. + +Definition load (chunk: memory_chunk) (e1: expr) := + match addressing e1 with + | (mode, args) => Eload chunk mode args + end. + +Definition store (chunk: memory_chunk) (e1 e2: expr) := + match addressing e1 with + | (mode, args) => Estore chunk mode args e2 + end. + +(** ** If-then-else statement *) + +Definition ifthenelse (e: expr) (ifso ifnot: stmtlist) : stmt := + Sifthenelse (condexpr_of_expr e) ifso ifnot. diff --git a/backend/Cmconstrproof.v b/backend/Cmconstrproof.v new file mode 100644 index 00000000..19b7473d --- /dev/null +++ b/backend/Cmconstrproof.v @@ -0,0 +1,1154 @@ +(** Correctness of the Cminor smart constructors. This file states + evaluation rules for the smart constructors, for instance that [add + a b] evaluates to [Vint(Int.add i j)] if [a] evaluates to [Vint i] + and [b] to [Vint j]. It then proves that these rules are + admissible, that is, satisfied for all possible choices of [a] and + [b]. The Cminor producer can then use these evaluation rules + (theorems) to reason about the execution of terms produced by the + smart constructors. +*) + +Require Import Coqlib. +Require Import Compare_dec. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Mem. +Require Import Op. +Require Import Globalenvs. +Require Import Cminor. +Require Import Cmconstr. + +Section CMCONSTR. + +Variable ge: Cminor.genv. + +(** * Lifting of let-bound variables *) + +Inductive insert_lenv: letenv -> nat -> val -> letenv -> Prop := + | insert_lenv_0: + forall le v, + insert_lenv le O v (v :: le) + | insert_lenv_S: + forall le p w le' v, + insert_lenv le p w le' -> + insert_lenv (v :: le) (S p) w (v :: le'). + +Lemma insert_lenv_lookup1: + forall le p w le', + insert_lenv le p w le' -> + forall n v, + nth_error le n = Some v -> (p > n)%nat -> + nth_error le' n = Some v. +Proof. + induction 1; intros. + omegaContradiction. + destruct n; simpl; simpl in H0. auto. + apply IHinsert_lenv. auto. omega. +Qed. + +Lemma insert_lenv_lookup2: + forall le p w le', + insert_lenv le p w le' -> + forall n v, + nth_error le n = Some v -> (p <= n)%nat -> + nth_error le' (S n) = Some v. +Proof. + induction 1; intros. + simpl. assumption. + simpl. destruct n. omegaContradiction. + apply IHinsert_lenv. exact H0. omega. +Qed. + +Scheme eval_expr_ind_3 := Minimality for eval_expr Sort Prop + with eval_condexpr_ind_3 := Minimality for eval_condexpr Sort Prop + with eval_exprlist_ind_3 := Minimality for eval_exprlist Sort Prop. + +Hint Resolve eval_Evar eval_Eassign eval_Eop eval_Eload eval_Estore + eval_Ecall eval_Econdition + eval_Elet eval_Eletvar + eval_CEtrue eval_CEfalse eval_CEcond + eval_CEcondition eval_Enil eval_Econs: evalexpr. + +Lemma eval_lift_expr: + forall w sp le e1 m1 a e2 m2 v, + eval_expr ge sp le e1 m1 a e2 m2 v -> + forall p le', insert_lenv le p w le' -> + eval_expr ge sp le' e1 m1 (lift_expr p a) e2 m2 v. +Proof. + intros w. + apply (eval_expr_ind_3 ge + (fun sp le e1 m1 a e2 m2 v => + forall p le', insert_lenv le p w le' -> + eval_expr ge sp le' e1 m1 (lift_expr p a) e2 m2 v) + (fun sp le e1 m1 a e2 m2 vb => + forall p le', insert_lenv le p w le' -> + eval_condexpr ge sp le' e1 m1 (lift_condexpr p a) e2 m2 vb) + (fun sp le e1 m1 al e2 m2 vl => + forall p le', insert_lenv le p w le' -> + eval_exprlist ge sp le' e1 m1 (lift_exprlist p al) e2 m2 vl)); + simpl; intros; eauto with evalexpr. + + destruct v1; eapply eval_Econdition; + eauto with evalexpr; simpl; eauto with evalexpr. + + eapply eval_Elet. eauto. apply H2. apply insert_lenv_S; auto. + + case (le_gt_dec p n); intro. + apply eval_Eletvar. eapply insert_lenv_lookup2; eauto. + apply eval_Eletvar. eapply insert_lenv_lookup1; eauto. + + destruct vb1; eapply eval_CEcondition; + eauto with evalexpr; simpl; eauto with evalexpr. +Qed. + +Lemma eval_lift: + forall sp le e1 m1 a e2 m2 v w, + eval_expr ge sp le e1 m1 a e2 m2 v -> + eval_expr ge sp (w::le) e1 m1 (lift a) e2 m2 v. +Proof. + intros. unfold lift. eapply eval_lift_expr. + eexact H. apply insert_lenv_0. +Qed. +Hint Resolve eval_lift: evalexpr. + +(** * Useful lemmas and tactics *) + +Ltac EvalOp := eapply eval_Eop; eauto with evalexpr. + +Ltac TrivialOp cstr := + unfold cstr; intros; EvalOp. + +(** The following are trivial lemmas and custom tactics that help + perform backward (inversion) and forward reasoning over the evaluation + of operator applications. *) + +Lemma inv_eval_Eop_0: + forall sp le e1 m1 op e2 m2 v, + eval_expr ge sp le e1 m1 (Eop op Enil) e2 m2 v -> + e2 = e1 /\ m2 = m1 /\ eval_operation ge sp op nil = Some v. +Proof. + intros. inversion H. inversion H6. + intuition. congruence. +Qed. + +Lemma inv_eval_Eop_1: + forall sp le e1 m1 op a1 e2 m2 v, + eval_expr ge sp le e1 m1 (Eop op (a1 ::: Enil)) e2 m2 v -> + exists v1, + eval_expr ge sp le e1 m1 a1 e2 m2 v1 /\ + eval_operation ge sp op (v1 :: nil) = Some v. +Proof. + intros. + inversion H. inversion H6. inversion H21. + subst e4; subst m4. subst e6; subst m6. + exists v1; intuition. congruence. +Qed. + +Lemma inv_eval_Eop_2: + forall sp le e1 m1 op a1 a2 e3 m3 v, + eval_expr ge sp le e1 m1 (Eop op (a1 ::: a2 ::: Enil)) e3 m3 v -> + exists e2, exists m2, exists v1, exists v2, + eval_expr ge sp le e1 m1 a1 e2 m2 v1 /\ + eval_expr ge sp le e2 m2 a2 e3 m3 v2 /\ + eval_operation ge sp op (v1 :: v2 :: nil) = Some v. +Proof. + intros. + inversion H. inversion H6. inversion H21. inversion H32. + subst e7; subst m7. subst e9; subst m9. + exists e4; exists m4; exists v1; exists v2. intuition. congruence. +Qed. + +Ltac SimplEval := + match goal with + | [ |- (eval_expr _ ?sp ?le ?e1 ?m1 (Eop ?op Enil) ?e2 ?m2 ?v) -> _] => + intro XX1; + generalize (inv_eval_Eop_0 sp le e1 m1 op e2 m2 v XX1); + clear XX1; + intros [XX1 [XX2 XX3]]; + subst e2; subst m2; simpl in XX3; + try (simplify_eq XX3; clear XX3; + let EQ := fresh "EQ" in (intro EQ; rewrite EQ)) + | [ |- (eval_expr _ ?sp ?le ?e1 ?m1 (Eop ?op (?a1 ::: Enil)) ?e2 ?m2 ?v) -> _] => + intro XX1; + generalize (inv_eval_Eop_1 sp le e1 m1 op a1 e2 m2 v XX1); + clear XX1; + let v1 := fresh "v" in let EV := fresh "EV" in + let EQ := fresh "EQ" in + (intros [v1 [EV EQ]]; simpl in EQ) + | [ |- (eval_expr _ ?sp ?le ?e1 ?m1 (Eop ?op (?a1 ::: ?a2 ::: Enil)) ?e2 ?m2 ?v) -> _] => + intro XX1; + generalize (inv_eval_Eop_2 sp le e1 m1 op a1 a2 e2 m2 v XX1); + clear XX1; + let e := fresh "e" in let m := fresh "m" in + let v1 := fresh "v" in let v2 := fresh "v" in + let EV1 := fresh "EV" in let EV2 := fresh "EV" in + let EQ := fresh "EQ" in + (intros [e [m [v1 [v2 [EV1 [EV2 EQ]]]]]]; simpl in EQ) + | _ => idtac + end. + +Ltac InvEval H := + generalize H; SimplEval; clear H. + +(** ** Admissible evaluation rules for the smart constructors *) + +(** All proofs follow a common pattern: +- Reasoning by case over the result of the classification functions + (such as [add_match] for integer addition), gathering additional + information on the shape of the argument expressions in the non-default + cases. +- Inversion of the evaluations of the arguments, exploiting the additional + information thus gathered. +- Equational reasoning over the arithmetic operations performed, + using the lemmas from the [Int] and [Float] modules. +- Construction of an evaluation derivation for the expression returned + by the smart constructor. +*) + +Theorem eval_negint: + forall sp le e1 m1 a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e1 m1 (negint a) e2 m2 (Vint (Int.neg x)). +Proof. + TrivialOp negint. +Qed. + +Theorem eval_negfloat: + forall sp le e1 m1 a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vfloat x) -> + eval_expr ge sp le e1 m1 (negfloat a) e2 m2 (Vfloat (Float.neg x)). +Proof. + TrivialOp negfloat. +Qed. + +Theorem eval_absfloat: + forall sp le e1 m1 a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vfloat x) -> + eval_expr ge sp le e1 m1 (absfloat a) e2 m2 (Vfloat (Float.abs x)). +Proof. + TrivialOp absfloat. +Qed. + +Theorem eval_intoffloat: + forall sp le e1 m1 a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vfloat x) -> + eval_expr ge sp le e1 m1 (intoffloat a) e2 m2 (Vint (Float.intoffloat x)). +Proof. + TrivialOp intoffloat. +Qed. + +Theorem eval_floatofint: + forall sp le e1 m1 a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e1 m1 (floatofint a) e2 m2 (Vfloat (Float.floatofint x)). +Proof. + TrivialOp floatofint. +Qed. + +Theorem eval_floatofintu: + forall sp le e1 m1 a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e1 m1 (floatofintu a) e2 m2 (Vfloat (Float.floatofintu x)). +Proof. + TrivialOp floatofintu. +Qed. + +Theorem eval_notint: + forall sp le e1 m1 a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e1 m1 (notint a) e2 m2 (Vint (Int.not x)). +Proof. + unfold notint; intros until x; case (notint_match a); intros. + InvEval H. FuncInv. EvalOp. simpl. congruence. + InvEval H. FuncInv. EvalOp. simpl. congruence. + InvEval H. FuncInv. EvalOp. simpl. congruence. + eapply eval_Elet. eexact H. + eapply eval_Eop. + eapply eval_Econs. apply eval_Eletvar. simpl. reflexivity. + eapply eval_Econs. apply eval_Eletvar. simpl. reflexivity. + apply eval_Enil. + simpl. rewrite Int.or_idem. auto. +Qed. + +Lemma eval_notbool_base: + forall sp le e1 m1 a e2 m2 v b, + eval_expr ge sp le e1 m1 a e2 m2 v -> + Val.bool_of_val v b -> + eval_expr ge sp le e1 m1 (notbool_base a) e2 m2 (Val.of_bool (negb b)). +Proof. + TrivialOp notbool_base. simpl. + inversion H0. + rewrite Int.eq_false; auto. + rewrite Int.eq_true; auto. + reflexivity. +Qed. + +Hint Resolve Val.bool_of_true_val Val.bool_of_false_val + Val.bool_of_true_val_inv Val.bool_of_false_val_inv: valboolof. + +Theorem eval_notbool: + forall a sp le e1 m1 e2 m2 v b, + eval_expr ge sp le e1 m1 a e2 m2 v -> + Val.bool_of_val v b -> + eval_expr ge sp le e1 m1 (notbool a) e2 m2 (Val.of_bool (negb b)). +Proof. + assert (N1: forall v b, Val.is_false v -> Val.bool_of_val v b -> Val.is_true (Val.of_bool (negb b))). + intros. inversion H0; simpl; auto; subst v; simpl in H. + congruence. apply Int.one_not_zero. contradiction. + assert (N2: forall v b, Val.is_true v -> Val.bool_of_val v b -> Val.is_false (Val.of_bool (negb b))). + intros. inversion H0; simpl; auto; subst v; simpl in H. + congruence. + + induction a; simpl; intros; try (eapply eval_notbool_base; eauto). + destruct o; try (eapply eval_notbool_base; eauto). + + destruct e. inversion H. inversion H7. subst vl. + simpl in H11. inversion H11. subst v0; subst v. + inversion H0. rewrite Int.eq_false; auto. + simpl; eauto with evalexpr. + rewrite Int.eq_true; simpl; eauto with evalexpr. + eapply eval_notbool_base; eauto. + + inversion H. subst sp0 le0 e0 m op al e3 m0 v0. + simpl in H11. eapply eval_Eop; eauto. + simpl. caseEq (eval_condition c vl); intros. + rewrite H1 in H11. + assert (b0 = b). + destruct b0; inversion H11; subst v; inversion H0; auto. + subst b0. rewrite (Op.eval_negate_condition _ _ H1). + destruct b; reflexivity. + rewrite H1 in H11; discriminate. + + inversion H; eauto 10 with evalexpr valboolof. + inversion H; eauto 10 with evalexpr valboolof. + + inversion H. eapply eval_Econdition. eexact H11. + destruct v1; eauto. +Qed. + +Theorem eval_cast8signed: + forall sp le e1 m1 a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e1 m1 (cast8signed a) e2 m2 (Vint (Int.cast8signed x)). +Proof. TrivialOp cast8signed. Qed. + +Theorem eval_cast8unsigned: + forall sp le e1 m1 a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e1 m1 (cast8unsigned a) e2 m2 (Vint (Int.cast8unsigned x)). +Proof. + TrivialOp cast8unsigned. simpl. + rewrite Int.rolm_zero. rewrite Int.cast8unsigned_and. auto. +Qed. + +Theorem eval_cast16signed: + forall sp le e1 m1 a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e1 m1 (cast16signed a) e2 m2 (Vint (Int.cast16signed x)). +Proof. TrivialOp cast16signed. Qed. + +Theorem eval_cast16unsigned: + forall sp le e1 m1 a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e1 m1 (cast16unsigned a) e2 m2 (Vint (Int.cast16unsigned x)). +Proof. + TrivialOp cast16unsigned. simpl. + rewrite Int.rolm_zero. rewrite Int.cast16unsigned_and. auto. +Qed. + +Theorem eval_singleoffloat: + forall sp le e1 m1 a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vfloat x) -> + eval_expr ge sp le e1 m1 (singleoffloat a) e2 m2 (Vfloat (Float.singleoffloat x)). +Proof. + TrivialOp singleoffloat. +Qed. + +Theorem eval_addimm: + forall sp le e1 m1 n a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e1 m1 (addimm n a) e2 m2 (Vint (Int.add x n)). +Proof. + unfold addimm; intros until x. + generalize (Int.eq_spec n Int.zero). case (Int.eq n Int.zero); intro. + subst n. rewrite Int.add_zero. auto. + case (addimm_match a); intros. + InvEval H0. EvalOp. simpl. rewrite Int.add_commut. auto. + InvEval H0. destruct (Genv.find_symbol ge s); discriminate. + InvEval H0. + destruct sp; simpl in XX3; discriminate. + InvEval H0. FuncInv. EvalOp. simpl. subst x. + rewrite Int.add_assoc. decEq; decEq; decEq. apply Int.add_commut. + EvalOp. +Qed. + +Theorem eval_addimm_ptr: + forall sp le e1 m1 n a e2 m2 b ofs, + eval_expr ge sp le e1 m1 a e2 m2 (Vptr b ofs) -> + eval_expr ge sp le e1 m1 (addimm n a) e2 m2 (Vptr b (Int.add ofs n)). +Proof. + unfold addimm; intros until ofs. + generalize (Int.eq_spec n Int.zero). case (Int.eq n Int.zero); intro. + subst n. rewrite Int.add_zero. auto. + case (addimm_match a); intros. + InvEval H0. + InvEval H0. EvalOp. simpl. + destruct (Genv.find_symbol ge s). + rewrite Int.add_commut. congruence. + discriminate. + InvEval H0. destruct sp; simpl in XX3; try discriminate. + inversion XX3. EvalOp. simpl. decEq. decEq. + rewrite Int.add_assoc. decEq. apply Int.add_commut. + InvEval H0. FuncInv. subst b0; subst ofs. EvalOp. simpl. + rewrite (Int.add_commut n m). rewrite Int.add_assoc. auto. + EvalOp. +Qed. + +Theorem eval_add: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + eval_expr ge sp le e1 m1 (add a b) e3 m3 (Vint (Int.add x y)). +Proof. + intros until y. unfold add; case (add_match a b); intros. + InvEval H. rewrite Int.add_commut. apply eval_addimm. assumption. + InvEval H. FuncInv. InvEval H0. FuncInv. + replace (Int.add x y) with (Int.add (Int.add i i0) (Int.add n1 n2)). + apply eval_addimm. EvalOp. + subst x; subst y. + repeat rewrite Int.add_assoc. decEq. apply Int.add_permut. + InvEval H. FuncInv. + replace (Int.add x y) with (Int.add (Int.add i y) n1). + apply eval_addimm. EvalOp. + subst x. repeat rewrite Int.add_assoc. decEq. apply Int.add_commut. + InvEval H0. FuncInv. + apply eval_addimm. auto. + InvEval H0. FuncInv. + replace (Int.add x y) with (Int.add (Int.add x i) n2). + apply eval_addimm. EvalOp. + subst y. rewrite Int.add_assoc. auto. + EvalOp. +Qed. + +Theorem eval_add_ptr: + forall sp le e1 m1 a e2 m2 p x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vptr p x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + eval_expr ge sp le e1 m1 (add a b) e3 m3 (Vptr p (Int.add x y)). +Proof. + intros until y. unfold add; case (add_match a b); intros. + InvEval H. + InvEval H. FuncInv. InvEval H0. FuncInv. + replace (Int.add x y) with (Int.add (Int.add i i0) (Int.add n1 n2)). + apply eval_addimm_ptr. subst b0. EvalOp. + subst x; subst y. + repeat rewrite Int.add_assoc. decEq. apply Int.add_permut. + InvEval H. FuncInv. + replace (Int.add x y) with (Int.add (Int.add i y) n1). + apply eval_addimm_ptr. subst b0. EvalOp. + subst x. repeat rewrite Int.add_assoc. decEq. apply Int.add_commut. + InvEval H0. apply eval_addimm_ptr. auto. + InvEval H0. FuncInv. + replace (Int.add x y) with (Int.add (Int.add x i) n2). + apply eval_addimm_ptr. EvalOp. + subst y. rewrite Int.add_assoc. auto. + EvalOp. +Qed. + +Theorem eval_add_ptr_2: + forall sp le e1 m1 a e2 m2 p x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vptr p y) -> + eval_expr ge sp le e1 m1 (add a b) e3 m3 (Vptr p (Int.add y x)). +Proof. + intros until y. unfold add; case (add_match a b); intros. + InvEval H. + apply eval_addimm_ptr. auto. + InvEval H. FuncInv. InvEval H0. FuncInv. + replace (Int.add y x) with (Int.add (Int.add i0 i) (Int.add n1 n2)). + apply eval_addimm_ptr. subst b0. EvalOp. + subst x; subst y. + repeat rewrite Int.add_assoc. decEq. + rewrite (Int.add_commut n1 n2). apply Int.add_permut. + InvEval H. FuncInv. + replace (Int.add y x) with (Int.add (Int.add y i) n1). + apply eval_addimm_ptr. EvalOp. + subst x. repeat rewrite Int.add_assoc. auto. + InvEval H0. + InvEval H0. FuncInv. + replace (Int.add y x) with (Int.add (Int.add i x) n2). + apply eval_addimm_ptr. EvalOp. subst b0; reflexivity. + subst y. repeat rewrite Int.add_assoc. decEq. apply Int.add_commut. + EvalOp. +Qed. + +Theorem eval_sub: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + eval_expr ge sp le e1 m1 (sub a b) e3 m3 (Vint (Int.sub x y)). +Proof. + intros until y. + unfold sub; case (sub_match a b); intros. + InvEval H0. rewrite Int.sub_add_opp. + apply eval_addimm. assumption. + InvEval H. FuncInv. InvEval H0. FuncInv. + replace (Int.sub x y) with (Int.add (Int.sub i i0) (Int.sub n1 n2)). + apply eval_addimm. EvalOp. + subst x; subst y. + repeat rewrite Int.sub_add_opp. + repeat rewrite Int.add_assoc. decEq. + rewrite Int.add_permut. decEq. symmetry. apply Int.neg_add_distr. + InvEval H. FuncInv. + replace (Int.sub x y) with (Int.add (Int.sub i y) n1). + apply eval_addimm. EvalOp. + subst x. rewrite Int.sub_add_l. auto. + InvEval H0. FuncInv. + replace (Int.sub x y) with (Int.add (Int.sub x i) (Int.neg n2)). + apply eval_addimm. EvalOp. + subst y. rewrite (Int.add_commut i n2). symmetry. apply Int.sub_add_r. + EvalOp. +Qed. + +Theorem eval_sub_ptr_int: + forall sp le e1 m1 a e2 m2 p x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vptr p x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + eval_expr ge sp le e1 m1 (sub a b) e3 m3 (Vptr p (Int.sub x y)). +Proof. + intros until y. + unfold sub; case (sub_match a b); intros. + InvEval H0. rewrite Int.sub_add_opp. + apply eval_addimm_ptr. assumption. + InvEval H. FuncInv. InvEval H0. FuncInv. + subst b0. + replace (Int.sub x y) with (Int.add (Int.sub i i0) (Int.sub n1 n2)). + apply eval_addimm_ptr. EvalOp. + subst x; subst y. + repeat rewrite Int.sub_add_opp. + repeat rewrite Int.add_assoc. decEq. + rewrite Int.add_permut. decEq. symmetry. apply Int.neg_add_distr. + InvEval H. FuncInv. subst b0. + replace (Int.sub x y) with (Int.add (Int.sub i y) n1). + apply eval_addimm_ptr. EvalOp. + subst x. rewrite Int.sub_add_l. auto. + InvEval H0. FuncInv. + replace (Int.sub x y) with (Int.add (Int.sub x i) (Int.neg n2)). + apply eval_addimm_ptr. EvalOp. + subst y. rewrite (Int.add_commut i n2). symmetry. apply Int.sub_add_r. + EvalOp. +Qed. + +Theorem eval_sub_ptr_ptr: + forall sp le e1 m1 a e2 m2 p x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vptr p x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vptr p y) -> + eval_expr ge sp le e1 m1 (sub a b) e3 m3 (Vint (Int.sub x y)). +Proof. + intros until y. + unfold sub; case (sub_match a b); intros. + InvEval H0. + InvEval H. FuncInv. InvEval H0. FuncInv. + replace (Int.sub x y) with (Int.add (Int.sub i i0) (Int.sub n1 n2)). + apply eval_addimm. EvalOp. + simpl; unfold eq_block. subst b0; subst b1; rewrite zeq_true. auto. + subst x; subst y. + repeat rewrite Int.sub_add_opp. + repeat rewrite Int.add_assoc. decEq. + rewrite Int.add_permut. decEq. symmetry. apply Int.neg_add_distr. + InvEval H. FuncInv. subst b0. + replace (Int.sub x y) with (Int.add (Int.sub i y) n1). + apply eval_addimm. EvalOp. + simpl. unfold eq_block. rewrite zeq_true. auto. + subst x. rewrite Int.sub_add_l. auto. + InvEval H0. FuncInv. subst b0. + replace (Int.sub x y) with (Int.add (Int.sub x i) (Int.neg n2)). + apply eval_addimm. EvalOp. + simpl. unfold eq_block. rewrite zeq_true. auto. + subst y. rewrite (Int.add_commut i n2). symmetry. apply Int.sub_add_r. + EvalOp. simpl. unfold eq_block. rewrite zeq_true. auto. +Qed. + +Lemma eval_rolm: + forall sp le e1 m1 a amount mask e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e1 m1 (rolm a amount mask) e2 m2 (Vint (Int.rolm x amount mask)). +Proof. + intros until x. unfold rolm; case (rolm_match a); intros. + InvEval H. eauto with evalexpr. + case (Int.is_rlw_mask (Int.and (Int.rol mask1 amount) mask)). + InvEval H. FuncInv. EvalOp. simpl. subst x. + decEq. decEq. + replace (Int.and (Int.add amount1 amount) (Int.repr 31)) + with (Int.modu (Int.add amount1 amount) (Int.repr 32)). + symmetry. apply Int.rolm_rolm. + change (Int.repr 31) with (Int.sub (Int.repr 32) Int.one). + apply Int.modu_and with (Int.repr 5). reflexivity. + EvalOp. + EvalOp. +Qed. + +Theorem eval_shlimm: + forall sp le e1 m1 a n e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + Int.ltu n (Int.repr 32) = true -> + eval_expr ge sp le e1 m1 (shlimm a n) e2 m2 (Vint (Int.shl x n)). +Proof. + intros. unfold shlimm. + generalize (Int.eq_spec n Int.zero); case (Int.eq n Int.zero); intro. + subst n. rewrite Int.shl_zero. auto. + rewrite H0. + replace (Int.shl x n) with (Int.rolm x n (Int.shl Int.mone n)). + apply eval_rolm. auto. symmetry. apply Int.shl_rolm. exact H0. +Qed. + +Theorem eval_shruimm: + forall sp le e1 m1 a n e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + Int.ltu n (Int.repr 32) = true -> + eval_expr ge sp le e1 m1 (shruimm a n) e2 m2 (Vint (Int.shru x n)). +Proof. + intros. unfold shruimm. + generalize (Int.eq_spec n Int.zero); case (Int.eq n Int.zero); intro. + subst n. rewrite Int.shru_zero. auto. + rewrite H0. + replace (Int.shru x n) with (Int.rolm x (Int.sub (Int.repr 32) n) (Int.shru Int.mone n)). + apply eval_rolm. auto. symmetry. apply Int.shru_rolm. exact H0. +Qed. + +Lemma eval_mulimm_base: + forall sp le e1 m1 a n e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e1 m1 (mulimm_base n a) e2 m2 (Vint (Int.mul x n)). +Proof. + intros; unfold mulimm_base. + generalize (Int.one_bits_decomp n). + generalize (Int.one_bits_range n). + change (Z_of_nat wordsize) with 32. + destruct (Int.one_bits n). + intros. EvalOp. + destruct l. + intros. rewrite H1. simpl. + rewrite Int.add_zero. rewrite <- Int.shl_mul. + apply eval_shlimm. auto. auto with coqlib. + destruct l. + intros. apply eval_Elet with e2 m2 (Vint x). auto. + rewrite H1. simpl. rewrite Int.add_zero. + rewrite Int.mul_add_distr_r. + rewrite <- Int.shl_mul. + rewrite <- Int.shl_mul. + EvalOp. eapply eval_Econs. + apply eval_shlimm. apply eval_Eletvar. simpl. reflexivity. + auto with coqlib. + eapply eval_Econs. + apply eval_shlimm. apply eval_Eletvar. simpl. reflexivity. + auto with coqlib. + auto with evalexpr. + reflexivity. + intros. EvalOp. +Qed. + +Theorem eval_mulimm: + forall sp le e1 m1 a n e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e1 m1 (mulimm n a) e2 m2 (Vint (Int.mul x n)). +Proof. + intros until x; unfold mulimm. + generalize (Int.eq_spec n Int.zero); case (Int.eq n Int.zero); intro. + subst n. rewrite Int.mul_zero. eauto with evalexpr. + generalize (Int.eq_spec n Int.one); case (Int.eq n Int.one); intro. + subst n. rewrite Int.mul_one. auto. + case (mulimm_match a); intros. + InvEval H1. EvalOp. rewrite Int.mul_commut. reflexivity. + InvEval H1. FuncInv. + replace (Int.mul x n) with (Int.add (Int.mul i n) (Int.mul n n2)). + apply eval_addimm. apply eval_mulimm_base. auto. + subst x. rewrite Int.mul_add_distr_l. decEq. apply Int.mul_commut. + apply eval_mulimm_base. assumption. +Qed. + +Theorem eval_mul: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + eval_expr ge sp le e1 m1 (mul a b) e3 m3 (Vint (Int.mul x y)). +Proof. + intros until y. + unfold mul; case (mul_match a b); intros. + InvEval H. rewrite Int.mul_commut. apply eval_mulimm. auto. + InvEval H0. apply eval_mulimm. auto. + EvalOp. +Qed. + +Theorem eval_divs: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + y <> Int.zero -> + eval_expr ge sp le e1 m1 (divs a b) e3 m3 (Vint (Int.divs x y)). +Proof. + TrivialOp divs. simpl. + predSpec Int.eq Int.eq_spec y Int.zero. contradiction. auto. +Qed. + +Lemma eval_mod_aux: + forall divop semdivop, + (forall sp x y, + y <> Int.zero -> + eval_operation ge sp divop (Vint x :: Vint y :: nil) = + Some (Vint (semdivop x y))) -> + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + y <> Int.zero -> + eval_expr ge sp le e1 m1 (mod_aux divop a b) e3 m3 + (Vint (Int.sub x (Int.mul (semdivop x y) y))). +Proof. + intros; unfold mod_aux. + eapply eval_Elet. eexact H0. eapply eval_Elet. + apply eval_lift. eexact H1. + eapply eval_Eop. eapply eval_Econs. + eapply eval_Eletvar. simpl; reflexivity. + eapply eval_Econs. eapply eval_Eop. + eapply eval_Econs. eapply eval_Eop. + eapply eval_Econs. apply eval_Eletvar. simpl; reflexivity. + eapply eval_Econs. apply eval_Eletvar. simpl; reflexivity. + apply eval_Enil. apply H. assumption. + eapply eval_Econs. apply eval_Eletvar. simpl; reflexivity. + apply eval_Enil. simpl; reflexivity. apply eval_Enil. + reflexivity. +Qed. + +Theorem eval_mods: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + y <> Int.zero -> + eval_expr ge sp le e1 m1 (mods a b) e3 m3 (Vint (Int.mods x y)). +Proof. + intros; unfold mods. + rewrite Int.mods_divs. + eapply eval_mod_aux; eauto. + intros. simpl. predSpec Int.eq Int.eq_spec y0 Int.zero. + contradiction. auto. +Qed. + +Lemma eval_divu_base: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + y <> Int.zero -> + eval_expr ge sp le e1 m1 (Eop Odivu (a ::: b ::: Enil)) e3 m3 (Vint (Int.divu x y)). +Proof. + intros. EvalOp. simpl. + predSpec Int.eq Int.eq_spec y Int.zero. contradiction. auto. +Qed. + +Theorem eval_divu: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + y <> Int.zero -> + eval_expr ge sp le e1 m1 (divu a b) e3 m3 (Vint (Int.divu x y)). +Proof. + intros until y. + unfold divu; case (divu_match b); intros. + InvEval H0. caseEq (Int.is_power2 y). + intros. rewrite (Int.divu_pow2 x y i H0). + apply eval_shruimm. auto. + apply Int.is_power2_range with y. auto. + intros. subst n2. eapply eval_divu_base. eexact H. EvalOp. auto. + eapply eval_divu_base; eauto. +Qed. + +Theorem eval_modu: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + y <> Int.zero -> + eval_expr ge sp le e1 m1 (modu a b) e3 m3 (Vint (Int.modu x y)). +Proof. + intros until y; unfold modu; case (divu_match b); intros. + InvEval H0. caseEq (Int.is_power2 y). + intros. rewrite (Int.modu_and x y i H0). + rewrite <- Int.rolm_zero. apply eval_rolm. auto. + intro. rewrite Int.modu_divu. eapply eval_mod_aux. + intros. simpl. predSpec Int.eq Int.eq_spec y0 Int.zero. + contradiction. auto. + eexact H. EvalOp. auto. auto. + rewrite Int.modu_divu. eapply eval_mod_aux. + intros. simpl. predSpec Int.eq Int.eq_spec y0 Int.zero. + contradiction. auto. + eexact H. eexact H0. auto. auto. +Qed. + +Theorem eval_andimm: + forall sp le e1 m1 n a e2 m2 x, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e1 m1 (andimm n a) e2 m2 (Vint (Int.and x n)). +Proof. + intros. unfold andimm. case (Int.is_rlw_mask n). + rewrite <- Int.rolm_zero. apply eval_rolm; auto. + EvalOp. +Qed. + +Theorem eval_and: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + eval_expr ge sp le e1 m1 (and a b) e3 m3 (Vint (Int.and x y)). +Proof. + intros until y; unfold and; case (mul_match a b); intros. + InvEval H. rewrite Int.and_commut. apply eval_andimm; auto. + InvEval H0. apply eval_andimm; auto. + EvalOp. +Qed. + +Remark eval_same_expr_pure: + forall a1 a2 sp le e1 m1 e2 m2 v1 e3 m3 v2, + same_expr_pure a1 a2 = true -> + eval_expr ge sp le e1 m1 a1 e2 m2 v1 -> + eval_expr ge sp le e2 m2 a2 e3 m3 v2 -> + a2 = a1 /\ v2 = v1 /\ e2 = e1 /\ m2 = m1. +Proof. + intros until v1. + destruct a1; simpl; try (intros; discriminate). + destruct a2; simpl; try (intros; discriminate). + case (ident_eq i i0); intros. + subst i0. inversion H0. inversion H1. + assert (v2 = v1). congruence. tauto. + discriminate. +Qed. + +Lemma eval_or: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + eval_expr ge sp le e1 m1 (or a b) e3 m3 (Vint (Int.or x y)). +Proof. + intros until y; unfold or; case (or_match a b); intros. + generalize (Int.eq_spec amount1 amount2); case (Int.eq amount1 amount2); intro. + case (Int.is_rlw_mask (Int.or mask1 mask2)). + caseEq (same_expr_pure t1 t2); intro. + simpl. InvEval H. FuncInv. InvEval H0. FuncInv. + generalize (eval_same_expr_pure _ _ _ _ _ _ _ _ _ _ _ _ H2 EV EV0). + intros [EQ1 [EQ2 [EQ3 EQ4]]]. + injection EQ2; intro EQ5. + subst t2; subst e2; subst m2; subst i0. + EvalOp. simpl. subst x; subst y; subst amount2. + rewrite Int.or_rolm. auto. + simpl. EvalOp. + simpl. EvalOp. + simpl. EvalOp. + EvalOp. +Qed. + +Theorem eval_xor: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + eval_expr ge sp le e1 m1 (xor a b) e3 m3 (Vint (Int.xor x y)). +Proof. TrivialOp xor. Qed. + +Theorem eval_shl: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + Int.ltu y (Int.repr 32) = true -> + eval_expr ge sp le e1 m1 (shl a b) e3 m3 (Vint (Int.shl x y)). +Proof. + intros until y; unfold shl; case (shift_match b); intros. + InvEval H0. apply eval_shlimm; auto. + EvalOp. simpl. rewrite H1. auto. +Qed. + +Theorem eval_shr: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + Int.ltu y (Int.repr 32) = true -> + eval_expr ge sp le e1 m1 (shr a b) e3 m3 (Vint (Int.shr x y)). +Proof. + TrivialOp shr. simpl. rewrite H1. auto. +Qed. + +Theorem eval_shru: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + Int.ltu y (Int.repr 32) = true -> + eval_expr ge sp le e1 m1 (shru a b) e3 m3 (Vint (Int.shru x y)). +Proof. + intros until y; unfold shru; case (shift_match b); intros. + InvEval H0. apply eval_shruimm; auto. + EvalOp. simpl. rewrite H1. auto. +Qed. + +Theorem eval_addf: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vfloat x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vfloat y) -> + eval_expr ge sp le e1 m1 (addf a b) e3 m3 (Vfloat (Float.add x y)). +Proof. + intros until y; unfold addf; case (addf_match a b); intros. + InvEval H. FuncInv. EvalOp. simpl. subst x. reflexivity. + InvEval H0. FuncInv. eapply eval_Elet. eexact H. EvalOp. + eapply eval_Econs. apply eval_lift. eexact EV. + eapply eval_Econs. apply eval_lift. eexact EV0. + eapply eval_Econs. apply eval_Eletvar. simpl; reflexivity. + apply eval_Enil. + subst y. rewrite Float.addf_commut. reflexivity. + EvalOp. +Qed. + +Theorem eval_subf: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vfloat x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vfloat y) -> + eval_expr ge sp le e1 m1 (subf a b) e3 m3 (Vfloat (Float.sub x y)). +Proof. + intros until y; unfold subf; case (subf_match a b); intros. + InvEval H. FuncInv. EvalOp. subst x. reflexivity. + EvalOp. +Qed. + +Theorem eval_mulf: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vfloat x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vfloat y) -> + eval_expr ge sp le e1 m1 (mulf a b) e3 m3 (Vfloat (Float.mul x y)). +Proof. TrivialOp mulf. Qed. + +Theorem eval_divf: + forall sp le e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vfloat x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vfloat y) -> + eval_expr ge sp le e1 m1 (divf a b) e3 m3 (Vfloat (Float.div x y)). +Proof. TrivialOp divf. Qed. + +Theorem eval_cmp: + forall sp le c e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + eval_expr ge sp le e1 m1 (cmp c a b) e3 m3 (Val.of_bool (Int.cmp c x y)). +Proof. + TrivialOp cmp. + simpl. case (Int.cmp c x y); auto. +Qed. + +Theorem eval_cmp_null_r: + forall sp le c e1 m1 a e2 m2 p x b e3 m3 v, + eval_expr ge sp le e1 m1 a e2 m2 (Vptr p x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint Int.zero) -> + (c = Ceq /\ v = Vfalse) \/ (c = Cne /\ v = Vtrue) -> + eval_expr ge sp le e1 m1 (cmp c a b) e3 m3 v. +Proof. + TrivialOp cmp. + simpl. elim H1; intros [EQ1 EQ2]; subst c; subst v; reflexivity. +Qed. + +Theorem eval_cmp_null_l: + forall sp le c e1 m1 a e2 m2 p x b e3 m3 v, + eval_expr ge sp le e1 m1 a e2 m2 (Vint Int.zero) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vptr p x) -> + (c = Ceq /\ v = Vfalse) \/ (c = Cne /\ v = Vtrue) -> + eval_expr ge sp le e1 m1 (cmp c a b) e3 m3 v. +Proof. + TrivialOp cmp. + simpl. elim H1; intros [EQ1 EQ2]; subst c; subst v; reflexivity. +Qed. + +Theorem eval_cmp_ptr: + forall sp le c e1 m1 a e2 m2 p x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vptr p x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vptr p y) -> + eval_expr ge sp le e1 m1 (cmp c a b) e3 m3 (Val.of_bool (Int.cmp c x y)). +Proof. + TrivialOp cmp. + simpl. unfold eq_block. rewrite zeq_true. + case (Int.cmp c x y); auto. +Qed. + +Theorem eval_cmpu: + forall sp le c e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vint x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vint y) -> + eval_expr ge sp le e1 m1 (cmpu c a b) e3 m3 (Val.of_bool (Int.cmpu c x y)). +Proof. + TrivialOp cmpu. + simpl. case (Int.cmpu c x y); auto. +Qed. + +Theorem eval_cmpf: + forall sp le c e1 m1 a e2 m2 x b e3 m3 y, + eval_expr ge sp le e1 m1 a e2 m2 (Vfloat x) -> + eval_expr ge sp le e2 m2 b e3 m3 (Vfloat y) -> + eval_expr ge sp le e1 m1 (cmpf c a b) e3 m3 (Val.of_bool (Float.cmp c x y)). +Proof. + TrivialOp cmpf. + simpl. case (Float.cmp c x y); auto. +Qed. + +Lemma eval_base_condition_of_expr: + forall sp le a e1 m1 e2 m2 v (b: bool), + eval_expr ge sp le e1 m1 a e2 m2 v -> + Val.bool_of_val v b -> + eval_condexpr ge sp le e1 m1 + (CEcond (Ccompuimm Cne Int.zero) (a ::: Enil)) + e2 m2 b. +Proof. + intros. + eapply eval_CEcond. eauto with evalexpr. + inversion H0; simpl. rewrite Int.eq_false; auto. auto. auto. +Qed. + +Lemma eval_condition_of_expr: + forall a sp le e1 m1 e2 m2 v (b: bool), + eval_expr ge sp le e1 m1 a e2 m2 v -> + Val.bool_of_val v b -> + eval_condexpr ge sp le e1 m1 (condexpr_of_expr a) e2 m2 b. +Proof. + induction a; simpl; intros; + try (eapply eval_base_condition_of_expr; eauto; fail). + destruct o; try (eapply eval_base_condition_of_expr; eauto; fail). + + destruct e. inversion H. subst sp0 le0 e m op al e0 m0 v0. + inversion H7. subst sp0 le0 e m e1 m1 vl. + simpl in H11. inversion H11; subst v. + inversion H0. + rewrite Int.eq_false; auto. constructor. + subst i; rewrite Int.eq_true. constructor. + eapply eval_base_condition_of_expr; eauto. + + inversion H. eapply eval_CEcond; eauto. simpl in H11. + destruct (eval_condition c vl); try discriminate. + destruct b0; inversion H11; subst v0; subst v; inversion H0; congruence. + + inversion H. + destruct v1; eauto with evalexpr. +Qed. + +Theorem eval_conditionalexpr_true: + forall sp le e1 m1 a1 e2 m2 v1 a2 e3 m3 v2 a3, + eval_expr ge sp le e1 m1 a1 e2 m2 v1 -> + Val.is_true v1 -> + eval_expr ge sp le e2 m2 a2 e3 m3 v2 -> + eval_expr ge sp le e1 m1 (conditionalexpr a1 a2 a3) e3 m3 v2. +Proof. + intros; unfold conditionalexpr. + apply eval_Econdition with e2 m2 true; auto. + eapply eval_condition_of_expr; eauto with valboolof. +Qed. + +Theorem eval_conditionalexpr_false: + forall sp le e1 m1 a1 e2 m2 v1 a2 e3 m3 v2 a3, + eval_expr ge sp le e1 m1 a1 e2 m2 v1 -> + Val.is_false v1 -> + eval_expr ge sp le e2 m2 a3 e3 m3 v2 -> + eval_expr ge sp le e1 m1 (conditionalexpr a1 a2 a3) e3 m3 v2. +Proof. + intros; unfold conditionalexpr. + apply eval_Econdition with e2 m2 false; auto. + eapply eval_condition_of_expr; eauto with valboolof. +Qed. + +Lemma eval_addressing: + forall sp le e1 m1 a e2 m2 v b ofs, + eval_expr ge sp le e1 m1 a e2 m2 v -> + v = Vptr b ofs -> + match addressing a with (mode, args) => + exists vl, + eval_exprlist ge sp le e1 m1 args e2 m2 vl /\ + eval_addressing ge sp mode vl = Some v + end. +Proof. + intros until v. unfold addressing; case (addressing_match a); intros. + InvEval H. exists (@nil val). split. eauto with evalexpr. + simpl. auto. + InvEval H. exists (@nil val). split. eauto with evalexpr. + simpl. auto. + InvEval H. FuncInv. + congruence. + InvEval EV. + exists (Vint i0 :: nil). split. eauto with evalexpr. + simpl. subst v. destruct (Genv.find_symbol ge s). congruence. + discriminate. + InvEval H. FuncInv. + destruct (Genv.find_symbol ge s); congruence. + InvEval EV. + exists (Vint i0 :: nil). split. eauto with evalexpr. + simpl. destruct (Genv.find_symbol ge s). congruence. + discriminate. + InvEval H. FuncInv. + congruence. + exists (Vptr b0 i :: nil). split. eauto with evalexpr. + simpl. congruence. + InvEval H. FuncInv. + congruence. + exists (Vint i :: Vptr b0 i0 :: nil). + split. eauto with evalexpr. simpl. + rewrite Int.add_commut. congruence. + exists (Vptr b0 i :: Vint i0 :: nil). + split. eauto with evalexpr. simpl. congruence. + exists (v :: nil). split. eauto with evalexpr. + subst v. simpl. rewrite Int.add_zero. auto. +Qed. + +Theorem eval_load: + forall sp le e1 m1 a e2 m2 v chunk v', + eval_expr ge sp le e1 m1 a e2 m2 v -> + Mem.loadv chunk m2 v = Some v' -> + eval_expr ge sp le e1 m1 (load chunk a) e2 m2 v'. +Proof. + intros. generalize H0; destruct v; simpl; intro; try discriminate. + unfold load. + generalize (eval_addressing _ _ _ _ _ _ _ _ _ _ H (refl_equal _)). + destruct (addressing a). intros [vl [EV EQ]]. + eapply eval_Eload; eauto. +Qed. + +Theorem eval_store: + forall sp le e1 m1 a1 e2 m2 v1 a2 e3 m3 v2 chunk m4, + eval_expr ge sp le e1 m1 a1 e2 m2 v1 -> + eval_expr ge sp le e2 m2 a2 e3 m3 v2 -> + Mem.storev chunk m3 v1 v2 = Some m4 -> + eval_expr ge sp le e1 m1 (store chunk a1 a2) e3 m4 v2. +Proof. + intros. generalize H1; destruct v1; simpl; intro; try discriminate. + unfold store. + generalize (eval_addressing _ _ _ _ _ _ _ _ _ _ H (refl_equal _)). + destruct (addressing a1). intros [vl [EV EQ]]. + eapply eval_Estore; eauto. +Qed. + +Theorem exec_ifthenelse_true: + forall sp e1 m1 a e2 m2 v ifso ifnot e3 m3 out, + eval_expr ge sp nil e1 m1 a e2 m2 v -> + Val.is_true v -> + exec_stmtlist ge sp e2 m2 ifso e3 m3 out -> + exec_stmt ge sp e1 m1 (ifthenelse a ifso ifnot) e3 m3 out. +Proof. + intros. unfold ifthenelse. + apply exec_Sifthenelse with e2 m2 true. + eapply eval_condition_of_expr; eauto with valboolof. + auto. +Qed. + +Theorem exec_ifthenelse_false: + forall sp e1 m1 a e2 m2 v ifso ifnot e3 m3 out, + eval_expr ge sp nil e1 m1 a e2 m2 v -> + Val.is_false v -> + exec_stmtlist ge sp e2 m2 ifnot e3 m3 out -> + exec_stmt ge sp e1 m1 (ifthenelse a ifso ifnot) e3 m3 out. +Proof. + intros. unfold ifthenelse. + apply exec_Sifthenelse with e2 m2 false. + eapply eval_condition_of_expr; eauto with valboolof. + auto. +Qed. + +End CMCONSTR. + diff --git a/backend/Cminor.v b/backend/Cminor.v new file mode 100644 index 00000000..f08d927e --- /dev/null +++ b/backend/Cminor.v @@ -0,0 +1,348 @@ +(** Abstract syntax and semantics for the Cminor language. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Mem. +Require Import Op. +Require Import Globalenvs. + +(** * Abstract syntax *) + +(** Cminor is a low-level imperative language structured in expressions, + statements, functions and programs. Expressions include + reading and writing local variables, reading and writing store locations, + arithmetic operations, function calls, and conditional expressions + (similar to [e1 ? e2 : e3] in C). The [Elet] and [Eletvar] constructs + enable sharing the computations of subexpressions. De Bruijn notation + is used: [Eletvar n] refers to the value bound by then [n+1]-th enclosing + [Elet] construct. + + A variant [condexpr] of [expr] is used to represent expressions + which are evaluated for their boolean value only and not their exact value. +*) + +Inductive expr : Set := + | Evar : ident -> expr + | Eassign : ident -> expr -> expr + | Eop : operation -> exprlist -> expr + | Eload : memory_chunk -> addressing -> exprlist -> expr + | Estore : memory_chunk -> addressing -> exprlist -> expr -> expr + | Ecall : signature -> expr -> exprlist -> expr + | Econdition : condexpr -> expr -> expr -> expr + | Elet : expr -> expr -> expr + | Eletvar : nat -> expr + +with condexpr : Set := + | CEtrue: condexpr + | CEfalse: condexpr + | CEcond: condition -> exprlist -> condexpr + | CEcondition : condexpr -> condexpr -> condexpr -> condexpr + +with exprlist : Set := + | Enil: exprlist + | Econs: expr -> exprlist -> exprlist. + +(** Statements include expression evaluation, an if/then/else conditional, + infinite loops, blocks and early block exits, and early function returns. + [Sexit n] terminates prematurely the execution of the [n+1] enclosing + [Sblock] statements. *) + +Inductive stmt : Set := + | Sexpr: expr -> stmt + | Sifthenelse: condexpr -> stmtlist -> stmtlist -> stmt + | Sloop: stmtlist -> stmt + | Sblock: stmtlist -> stmt + | Sexit: nat -> stmt + | Sreturn: option expr -> stmt + +with stmtlist : Set := + | Snil: stmtlist + | Scons: stmt -> stmtlist -> stmtlist. + +(** Functions are composed of a signature, a list of parameter names, + a list of local variables, and a list of statements representing + the function body. Each function can allocate a memory block of + size [fn_stackspace] on entrance. This block will be deallocated + automatically before the function returns. Pointers into this block + can be taken with the [Oaddrstack] operator. *) + +Record function : Set := mkfunction { + fn_sig: signature; + fn_params: list ident; + fn_vars: list ident; + fn_stackspace: Z; + fn_body: stmtlist +}. + +Definition program := AST.program function. + +(** * Operational semantics *) + +(** The operational semantics for Cminor is given in big-step operational + style. Expressions evaluate to values, and statements evaluate to + ``outcomes'' indicating how execution should proceed afterwards. *) + +Inductive outcome: Set := + | Out_normal: outcome (**r continue in sequence *) + | Out_exit: nat -> outcome (**r terminate [n+1] enclosing blocks *) + | Out_return: option val -> outcome. (**r return immediately to caller *) + +Definition outcome_result_value + (out: outcome) (ot: option typ) (v: val) : Prop := + match out, ot with + | Out_normal, None => v = Vundef + | Out_return None, None => v = Vundef + | Out_return (Some v'), Some ty => v = v' + | _, _ => False + end. + +Definition outcome_block (out: outcome) : outcome := + match out with + | Out_normal => Out_normal + | Out_exit O => Out_normal + | Out_exit (S n) => Out_exit n + | Out_return optv => Out_return optv + end. + +(** Three kinds of evaluation environments are involved: +- [genv]: global environments, define symbols and functions; +- [env]: local environments, map local variables to values; +- [lenv]: let environments, map de Bruijn indices to values. +*) + +Definition genv := Genv.t function. +Definition env := PTree.t val. +Definition letenv := list val. + +(** The following functions build the initial local environment at + function entry, binding parameters to the provided arguments and + initializing local variables to [Vundef]. *) + +Fixpoint set_params (vl: list val) (il: list ident) {struct il} : env := + match il, vl with + | i1 :: is, v1 :: vs => PTree.set i1 v1 (set_params vs is) + | i1 :: is, nil => PTree.set i1 Vundef (set_params nil is) + | _, _ => PTree.empty val + end. + +Fixpoint set_locals (il: list ident) (e: env) {struct il} : env := + match il with + | nil => e + | i1 :: is => PTree.set i1 Vundef (set_locals is e) + end. + +Section RELSEM. + +Variable ge: genv. + +(** Evaluation of an expression: [eval_expr ge sp le e m a e' m' v] + states that expression [a], in initial local environment [e] and + memory state [m], evaluates to value [v]. [e'] and [m'] are the final + local environment and memory state, respectively, reflecting variable + assignments and memory stores possibly performed by [a]. [ge] and + [le] are the global environment and let environment respectively, and + are unchanged during evaluation. [sp] is the pointer to the memory + block allocated for this function (stack frame). +*) + +Inductive eval_expr: + val -> letenv -> + env -> mem -> expr -> + env -> mem -> val -> Prop := + | eval_Evar: + forall sp le e m id v, + PTree.get id e = Some v -> + eval_expr sp le e m (Evar id) e m v + | eval_Eassign: + forall sp le e m id a e1 m1 v, + eval_expr sp le e m a e1 m1 v -> + eval_expr sp le e m (Eassign id a) (PTree.set id v e1) m1 v + | eval_Eop: + forall sp le e m op al e1 m1 vl v, + eval_exprlist sp le e m al e1 m1 vl -> + eval_operation ge sp op vl = Some v -> + eval_expr sp le e m (Eop op al) e1 m1 v + | eval_Eload: + forall sp le e m chunk addr al e1 m1 v vl a, + eval_exprlist sp le e m al e1 m1 vl -> + eval_addressing ge sp addr vl = Some a -> + Mem.loadv chunk m1 a = Some v -> + eval_expr sp le e m (Eload chunk addr al) e1 m1 v + | eval_Estore: + forall sp le e m chunk addr al b e1 m1 vl e2 m2 m3 v a, + eval_exprlist sp le e m al e1 m1 vl -> + eval_expr sp le e1 m1 b e2 m2 v -> + eval_addressing ge sp addr vl = Some a -> + Mem.storev chunk m2 a v = Some m3 -> + eval_expr sp le e m (Estore chunk addr al b) e2 m3 v + | eval_Ecall: + forall sp le e m sig a bl e1 e2 m1 m2 m3 vf vargs vres f, + eval_expr sp le e m a e1 m1 vf -> + eval_exprlist sp le e1 m1 bl e2 m2 vargs -> + Genv.find_funct ge vf = Some f -> + f.(fn_sig) = sig -> + eval_funcall m2 f vargs m3 vres -> + eval_expr sp le e m (Ecall sig a bl) e2 m3 vres + | eval_Econdition: + forall sp le e m a b c e1 m1 v1 e2 m2 v2, + eval_condexpr sp le e m a e1 m1 v1 -> + eval_expr sp le e1 m1 (if v1 then b else c) e2 m2 v2 -> + eval_expr sp le e m (Econdition a b c) e2 m2 v2 + | eval_Elet: + forall sp le e m a b e1 m1 v1 e2 m2 v2, + eval_expr sp le e m a e1 m1 v1 -> + eval_expr sp (v1::le) e1 m1 b e2 m2 v2 -> + eval_expr sp le e m (Elet a b) e2 m2 v2 + | eval_Eletvar: + forall sp le e m n v, + nth_error le n = Some v -> + eval_expr sp le e m (Eletvar n) e m v + +(** Evaluation of a condition expression: + [eval_condexpr ge sp le e m a e' m' b] + states that condition expression [a] evaluates to the boolean value [b]. + The other parameters are as in [eval_expr]. +*) + +with eval_condexpr: + val -> letenv -> + env -> mem -> condexpr -> + env -> mem -> bool -> Prop := + | eval_CEtrue: + forall sp le e m, + eval_condexpr sp le e m CEtrue e m true + | eval_CEfalse: + forall sp le e m, + eval_condexpr sp le e m CEfalse e m false + | eval_CEcond: + forall sp le e m cond al e1 m1 vl b, + eval_exprlist sp le e m al e1 m1 vl -> + eval_condition cond vl = Some b -> + eval_condexpr sp le e m (CEcond cond al) e1 m1 b + | eval_CEcondition: + forall sp le e m a b c e1 m1 vb1 e2 m2 vb2, + eval_condexpr sp le e m a e1 m1 vb1 -> + eval_condexpr sp le e1 m1 (if vb1 then b else c) e2 m2 vb2 -> + eval_condexpr sp le e m (CEcondition a b c) e2 m2 vb2 + +(** Evaluation of a list of expressions: + [eval_exprlist ge sp le al m a e' m' vl] + states that the list [al] of expressions evaluate + to the list [vl] of values. + The other parameters are as in [eval_expr]. +*) + +with eval_exprlist: + val -> letenv -> + env -> mem -> exprlist -> + env -> mem -> list val -> Prop := + | eval_Enil: + forall sp le e m, + eval_exprlist sp le e m Enil e m nil + | eval_Econs: + forall sp le e m a bl e1 m1 v e2 m2 vl, + eval_expr sp le e m a e1 m1 v -> + eval_exprlist sp le e1 m1 bl e2 m2 vl -> + eval_exprlist sp le e m (Econs a bl) e2 m2 (v :: vl) + +(** Evaluation of a function invocation: [eval_funcall ge m f args m' res] + means that the function [f], applied to the arguments [args] in + memory state [m], returns the value [res] in modified memory state [m']. +*) + +with eval_funcall: + mem -> function -> list val -> + mem -> val -> Prop := + | eval_funcall_intro: + forall m f vargs m1 sp e e2 m2 out vres, + Mem.alloc m 0 f.(fn_stackspace) = (m1, sp) -> + set_locals f.(fn_vars) (set_params vargs f.(fn_params)) = e -> + exec_stmtlist (Vptr sp Int.zero) e m1 f.(fn_body) e2 m2 out -> + outcome_result_value out f.(fn_sig).(sig_res) vres -> + eval_funcall m f vargs (Mem.free m2 sp) vres + +(** Execution of a statement: [exec_stmt ge sp e m s e' m' out] + means that statement [s] executes with outcome [out]. + The other parameters are as in [eval_expr]. *) + +with exec_stmt: + val -> + env -> mem -> stmt -> + env -> mem -> outcome -> Prop := + | exec_Sexpr: + forall sp e m a e1 m1 v, + eval_expr sp nil e m a e1 m1 v -> + exec_stmt sp e m (Sexpr a) e1 m1 Out_normal + | exec_Sifthenelse: + forall sp e m a sl1 sl2 e1 m1 v1 e2 m2 out, + eval_condexpr sp nil e m a e1 m1 v1 -> + exec_stmtlist sp e1 m1 (if v1 then sl1 else sl2) e2 m2 out -> + exec_stmt sp e m (Sifthenelse a sl1 sl2) e2 m2 out + | exec_Sloop_loop: + forall sp e m sl e1 m1 e2 m2 out, + exec_stmtlist sp e m sl e1 m1 Out_normal -> + exec_stmt sp e1 m1 (Sloop sl) e2 m2 out -> + exec_stmt sp e m (Sloop sl) e2 m2 out + | exec_Sloop_stop: + forall sp e m sl e1 m1 out, + exec_stmtlist sp e m sl e1 m1 out -> + out <> Out_normal -> + exec_stmt sp e m (Sloop sl) e1 m1 out + | exec_Sblock: + forall sp e m sl e1 m1 out, + exec_stmtlist sp e m sl e1 m1 out -> + exec_stmt sp e m (Sblock sl) e1 m1 (outcome_block out) + | exec_Sexit: + forall sp e m n, + exec_stmt sp e m (Sexit n) e m (Out_exit n) + | exec_Sreturn_none: + forall sp e m, + exec_stmt sp e m (Sreturn None) e m (Out_return None) + | exec_Sreturn_some: + forall sp e m a e1 m1 v, + eval_expr sp nil e m a e1 m1 v -> + exec_stmt sp e m (Sreturn (Some a)) e1 m1 (Out_return (Some v)) + +(** Execution of a list of statements: [exec_stmtlist ge sp e m sl e' m' out] + means that the list [sl] of statements executes sequentially + with outcome [out]. Execution stops at the first statement that + leads an outcome different from [Out_normal]. + The other parameters are as in [eval_expr]. *) + +with exec_stmtlist: + val -> + env -> mem -> stmtlist -> + env -> mem -> outcome -> Prop := + | exec_Snil: + forall sp e m, + exec_stmtlist sp e m Snil e m Out_normal + | exec_Scons_continue: + forall sp e m s sl e1 m1 e2 m2 out, + exec_stmt sp e m s e1 m1 Out_normal -> + exec_stmtlist sp e1 m1 sl e2 m2 out -> + exec_stmtlist sp e m (Scons s sl) e2 m2 out + | exec_Scons_stop: + forall sp e m s sl e1 m1 out, + exec_stmt sp e m s e1 m1 out -> + out <> Out_normal -> + exec_stmtlist sp e m (Scons s sl) e1 m1 out. + +End RELSEM. + +(** Execution of a whole program: [exec_program p r] + holds if the application of [p]'s main function to no arguments + in the initial memory state for [p] eventually returns value [r]. *) + +Definition exec_program (p: program) (r: val) : Prop := + let ge := Genv.globalenv p in + let m0 := Genv.init_mem p in + exists b, exists f, exists m, + Genv.find_symbol ge p.(prog_main) = Some b /\ + Genv.find_funct_ptr ge b = Some f /\ + f.(fn_sig) = mksignature nil (Some Tint) /\ + eval_funcall ge m0 f nil m r. + diff --git a/backend/Cminorgen.v b/backend/Cminorgen.v new file mode 100644 index 00000000..6af5260e --- /dev/null +++ b/backend/Cminorgen.v @@ -0,0 +1,398 @@ +(** Translation from Csharpminor to Cminor. *) + +Require Import Coqlib. +Require Import Maps. +Require Import Sets. +Require Import AST. +Require Import Integers. +Require Mem. +Require Import Csharpminor. +Require Import Op. +Require Import Cminor. +Require Cmconstr. + +(** The main task in translating Csharpminor to Cminor is to explicitly + stack-allocate local variables whose address is taken: these local + variables become sub-blocks of the Cminor stack data block for the + current function. Taking the address of such a variable becomes + a [Oaddrstack] operation with the corresponding offset. Accessing + or assigning such a variable becomes a load or store operation at + that address. Only scalar local variables whose address is never + taken in the Csharpminor code can be mapped to Cminor local + variable, since the latter do not reside in memory. + + Other tasks performed during the translation to Cminor: +- Transformation of Csharpminor's standard set of operators and + trivial addressing modes to Cminor's processor-dependent operators + and addressing modes. This is done using the optimizing Cminor + constructor functions provided in file [Cmconstr], therefore performing + instruction selection on the fly. +- Insertion of truncation, zero- and sign-extension operations when + assigning to a Csharpminor local variable of ``small'' type + (e.g. [Mfloat32] or [Mint8signed]). This is necessary to preserve + the ``normalize at assignment-time'' semantics of Csharpminor. +*) + +(** Translation of operators. *) + +Definition make_op (op: Csharpminor.operation) (el: exprlist): option expr := + match el with + | Enil => + match op with + | Csharpminor.Ointconst n => Some(Eop (Ointconst n) Enil) + | Csharpminor.Ofloatconst n => Some(Eop (Ofloatconst n) Enil) + | _ => None + end + | Econs e1 Enil => + match op with + | Csharpminor.Ocast8unsigned => Some(Cmconstr.cast8unsigned e1) + | Csharpminor.Ocast8signed => Some(Cmconstr.cast8signed e1) + | Csharpminor.Ocast16unsigned => Some(Cmconstr.cast16unsigned e1) + | Csharpminor.Ocast16signed => Some(Cmconstr.cast16signed e1) + | Csharpminor.Onotint => Some(Cmconstr.notint e1) + | Csharpminor.Onegf => Some(Cmconstr.negfloat e1) + | Csharpminor.Oabsf => Some(Cmconstr.absfloat e1) + | Csharpminor.Osingleoffloat => Some(Cmconstr.singleoffloat e1) + | Csharpminor.Ointoffloat => Some(Cmconstr.intoffloat e1) + | Csharpminor.Ofloatofint => Some(Cmconstr.floatofint e1) + | Csharpminor.Ofloatofintu => Some(Cmconstr.floatofintu e1) + | _ => None + end + | Econs e1 (Econs e2 Enil) => + match op with + | Csharpminor.Oadd => Some(Cmconstr.add e1 e2) + | Csharpminor.Osub => Some(Cmconstr.sub e1 e2) + | Csharpminor.Omul => Some(Cmconstr.mul e1 e2) + | Csharpminor.Odiv => Some(Cmconstr.divs e1 e2) + | Csharpminor.Odivu => Some(Cmconstr.divu e1 e2) + | Csharpminor.Omod => Some(Cmconstr.mods e1 e2) + | Csharpminor.Omodu => Some(Cmconstr.modu e1 e2) + | Csharpminor.Oand => Some(Cmconstr.and e1 e2) + | Csharpminor.Oor => Some(Cmconstr.or e1 e2) + | Csharpminor.Oxor => Some(Cmconstr.xor e1 e2) + | Csharpminor.Oshl => Some(Cmconstr.shl e1 e2) + | Csharpminor.Oshr => Some(Cmconstr.shr e1 e2) + | Csharpminor.Oshru => Some(Cmconstr.shru e1 e2) + | Csharpminor.Oaddf => Some(Cmconstr.addf e1 e2) + | Csharpminor.Osubf => Some(Cmconstr.subf e1 e2) + | Csharpminor.Omulf => Some(Cmconstr.mulf e1 e2) + | Csharpminor.Odivf => Some(Cmconstr.divf e1 e2) + | Csharpminor.Ocmp c => Some(Cmconstr.cmp c e1 e2) + | Csharpminor.Ocmpu c => Some(Cmconstr.cmpu c e1 e2) + | Csharpminor.Ocmpf c => Some(Cmconstr.cmpf c e1 e2) + | _ => None + end + | _ => None + end. + +(** [make_cast chunk e] returns a Cminor expression that normalizes + the value of Cminor expression [e] as prescribed by the memory chunk + [chunk]. For instance, 8-bit sign extension is performed if + [chunk] is [Mint8signed]. *) + +Definition make_cast (chunk: memory_chunk) (e: expr): expr := + match chunk with + | Mint8signed => Cmconstr.cast8signed e + | Mint8unsigned => Cmconstr.cast8unsigned e + | Mint16signed => Cmconstr.cast16signed e + | Mint16unsigned => Cmconstr.cast16unsigned e + | Mint32 => e + | Mfloat32 => Cmconstr.singleoffloat e + | Mfloat64 => e + end. + +Definition make_load (chunk: memory_chunk) (e: expr): expr := + Cmconstr.load chunk e. + +(** In Csharpminor, the value of a store expression is the stored data + normalized to the memory chunk. In Cminor, it is the stored data. + For the translation, we could normalize before storing. However, + the memory model performs automatic normalization of the stored + data. It is therefore correct to store the data as is, then + normalize the result value of the store expression. This is more + efficient in general because often the result value is ignored: + the normalization code will therefore be eliminated later as dead + code. *) + +Definition make_store (chunk: memory_chunk) (e1 e2: expr): expr := + make_cast chunk (Cmconstr.store chunk e1 e2). + +Definition make_stackaddr (ofs: Z): expr := + Eop (Oaddrstack (Int.repr ofs)) Enil. + +(** Compile-time information attached to each Csharpminor + variable: global variables, local variables, function parameters. + [Var_local] denotes a scalar local variable whose address is not + taken; it will be translated to a Cminor local variable of the + same name. [Var_stack_scalar] and [Var_stack_array] denote + local variables that are stored as sub-blocks of the Cminor stack + data block. [Var_global] denotes a global variable, stored in + the global symbol with the same name. *) + +Inductive var_info: Set := + | Var_local: memory_chunk -> var_info + | Var_stack_scalar: memory_chunk -> Z -> var_info + | Var_stack_array: Z -> var_info + | Var_global: var_info. + +Definition compilenv := PMap.t var_info. + +(** Generation of Cminor code corresponding to accesses to Csharpminor + local variables: reads, assignments, and taking the address of. *) + +Definition var_get (cenv: compilenv) (id: ident): option expr := + match PMap.get id cenv with + | Var_local chunk => Some(Evar id) + | Var_stack_scalar chunk ofs => Some(make_load chunk (make_stackaddr ofs)) + | Var_stack_array ofs => None + | Var_global => None + end. + +Definition var_set (cenv: compilenv) (id: ident) (rhs: expr): option expr := + match PMap.get id cenv with + | Var_local chunk => Some(Eassign id (make_cast chunk rhs)) + | Var_stack_scalar chunk ofs => + Some(make_store chunk (make_stackaddr ofs) rhs) + | Var_stack_array ofs => None + | Var_global => None + end. + +Definition var_addr (cenv: compilenv) (id: ident): option expr := + match PMap.get id cenv with + | Var_local chunk => None + | Var_stack_scalar chunk ofs => Some (make_stackaddr ofs) + | Var_stack_array ofs => Some (make_stackaddr ofs) + | Var_global => Some (Eop (Oaddrsymbol id Int.zero) Enil) + end. + +(** The translation from Csharpminor to Cminor can fail, which we + encode by returning option types ([None] denotes error). + Propagation of errors is done in monadic style, using the following + [bind] monadic composition operator, and a [do] notation inspired + by Haskell's. *) + +Definition bind (A B: Set) (a: option A) (b: A -> option B): option B := + match a with + | None => None + | Some x => b x + end. + +Notation "'do' X <- A ; B" := (bind _ _ A (fun X => B)) + (at level 200, X ident, A at level 100, B at level 200). + +(** Translation of expressions. All the hard work is done by the + [make_*] and [var_*] functions defined above. *) + +Fixpoint transl_expr (cenv: compilenv) (e: Csharpminor.expr) + {struct e}: option expr := + match e with + | Csharpminor.Evar id => var_get cenv id + | Csharpminor.Eaddrof id => var_addr cenv id + | Csharpminor.Eassign id e => + do te <- transl_expr cenv e; var_set cenv id te + | Csharpminor.Eop op el => + do tel <- transl_exprlist cenv el; make_op op tel + | Csharpminor.Eload chunk e => + do te <- transl_expr cenv e; Some (make_load chunk te) + | Csharpminor.Estore chunk e1 e2 => + do te1 <- transl_expr cenv e1; + do te2 <- transl_expr cenv e2; + Some (make_store chunk te1 te2) + | Csharpminor.Ecall sig e el => + do te <- transl_expr cenv e; + do tel <- transl_exprlist cenv el; + Some (Ecall sig te tel) + | Csharpminor.Econdition e1 e2 e3 => + do te1 <- transl_expr cenv e1; + do te2 <- transl_expr cenv e2; + do te3 <- transl_expr cenv e3; + Some (Cmconstr.conditionalexpr te1 te2 te3) + | Csharpminor.Elet e1 e2 => + do te1 <- transl_expr cenv e1; + do te2 <- transl_expr cenv e2; + Some (Elet te1 te2) + | Csharpminor.Eletvar n => + Some (Eletvar n) + end + +with transl_exprlist (cenv: compilenv) (el: Csharpminor.exprlist) + {struct el}: option exprlist := + match el with + | Csharpminor.Enil => + Some Enil + | Csharpminor.Econs e1 e2 => + do te1 <- transl_expr cenv e1; + do te2 <- transl_exprlist cenv e2; + Some (Econs te1 te2) + end. + +(** Translation of statements. Entirely straightforward. *) + +Fixpoint transl_stmt (cenv: compilenv) (s: Csharpminor.stmt) + {struct s}: option stmt := + match s with + | Csharpminor.Sexpr e => + do te <- transl_expr cenv e; Some(Sexpr te) + | Csharpminor.Sifthenelse e s1 s2 => + do te <- transl_expr cenv e; + do ts1 <- transl_stmtlist cenv s1; + do ts2 <- transl_stmtlist cenv s2; + Some (Cmconstr.ifthenelse te ts1 ts2) + | Csharpminor.Sloop s => + do ts <- transl_stmtlist cenv s; + Some (Sloop ts) + | Csharpminor.Sblock s => + do ts <- transl_stmtlist cenv s; + Some (Sblock ts) + | Csharpminor.Sexit n => + Some (Sexit n) + | Csharpminor.Sreturn None => + Some (Sreturn None) + | Csharpminor.Sreturn (Some e) => + do te <- transl_expr cenv e; + Some (Sreturn (Some te)) + end + +with transl_stmtlist (cenv: compilenv) (s: Csharpminor.stmtlist) + {struct s}: option stmtlist := + match s with + | Csharpminor.Snil => Some Snil + | Csharpminor.Scons s1 s2 => + do ts1 <- transl_stmt cenv s1; + do ts2 <- transl_stmtlist cenv s2; + Some (Scons ts1 ts2) + end. + +(** Computation of the set of variables whose address is taken in + a piece of Csharpminor code. *) + +Module Identset := MakeSet(PTree). + +Fixpoint addr_taken_expr (e: Csharpminor.expr): Identset.t := + match e with + | Csharpminor.Evar id => Identset.empty + | Csharpminor.Eaddrof id => Identset.add id Identset.empty + | Csharpminor.Eassign id e => addr_taken_expr e + | Csharpminor.Eop op el => addr_taken_exprlist el + | Csharpminor.Eload chunk e => addr_taken_expr e + | Csharpminor.Estore chunk e1 e2 => + Identset.union (addr_taken_expr e1) (addr_taken_expr e2) + | Csharpminor.Ecall sig e el => + Identset.union (addr_taken_expr e) (addr_taken_exprlist el) + | Csharpminor.Econdition e1 e2 e3 => + Identset.union (addr_taken_expr e1) + (Identset.union (addr_taken_expr e2) (addr_taken_expr e3)) + | Csharpminor.Elet e1 e2 => + Identset.union (addr_taken_expr e1) (addr_taken_expr e2) + | Csharpminor.Eletvar n => Identset.empty + end + +with addr_taken_exprlist (e: Csharpminor.exprlist): Identset.t := + match e with + | Csharpminor.Enil => Identset.empty + | Csharpminor.Econs e1 e2 => + Identset.union (addr_taken_expr e1) (addr_taken_exprlist e2) + end. + +Fixpoint addr_taken_stmt (s: Csharpminor.stmt): Identset.t := + match s with + | Csharpminor.Sexpr e => addr_taken_expr e + | Csharpminor.Sifthenelse e s1 s2 => + Identset.union (addr_taken_expr e) + (Identset.union (addr_taken_stmtlist s1) (addr_taken_stmtlist s2)) + | Csharpminor.Sloop s => addr_taken_stmtlist s + | Csharpminor.Sblock s => addr_taken_stmtlist s + | Csharpminor.Sexit n => Identset.empty + | Csharpminor.Sreturn None => Identset.empty + | Csharpminor.Sreturn (Some e) => addr_taken_expr e + end + +with addr_taken_stmtlist (s: Csharpminor.stmtlist): Identset.t := + match s with + | Csharpminor.Snil => Identset.empty + | Csharpminor.Scons s1 s2 => + Identset.union (addr_taken_stmt s1) (addr_taken_stmtlist s2) + end. + +(** Layout of the Cminor stack data block and construction of the + compilation environment. Csharpminor local variables that are + arrays or whose address is taken are allocated a slot in the Cminor + stack data. While this is not important for correctness, sufficient + padding is inserted to ensure adequate alignment of addresses. *) + +Definition assign_variable + (atk: Identset.t) + (id_lv: ident * local_variable) + (cenv_stacksize: compilenv * Z) : compilenv * Z := + let (cenv, stacksize) := cenv_stacksize in + match id_lv with + | (id, LVarray sz) => + let ofs := align stacksize 8 in + (PMap.set id (Var_stack_array ofs) cenv, ofs + Zmax 0 sz) + | (id, LVscalar chunk) => + if Identset.mem id atk then + let sz := Mem.size_chunk chunk in + let ofs := align stacksize sz in + (PMap.set id (Var_stack_scalar chunk ofs) cenv, ofs + sz) + else + (PMap.set id (Var_local chunk) cenv, stacksize) + end. + +Fixpoint assign_variables + (atk: Identset.t) + (id_lv_list: list (ident * local_variable)) + (cenv_stacksize: compilenv * Z) + {struct id_lv_list}: compilenv * Z := + match id_lv_list with + | nil => cenv_stacksize + | id_lv :: rem => + assign_variables atk rem (assign_variable atk id_lv cenv_stacksize) + end. + +Definition build_compilenv (f: Csharpminor.function) : compilenv * Z := + assign_variables + (addr_taken_stmtlist f.(Csharpminor.fn_body)) + (fn_variables f) + (PMap.init Var_global, 0). + +(** Function parameters whose address is taken must be stored in their + stack slots at function entry. (Cminor passes these parameters in + local variables.) *) + +Fixpoint store_parameters + (cenv: compilenv) (params: list (ident * memory_chunk)) + {struct params} : stmtlist := + match params with + | nil => Snil + | (id, chunk) :: rem => + match PMap.get id cenv with + | Var_local chunk => + Scons (Sexpr (Eassign id (make_cast chunk (Evar id)))) + (store_parameters cenv rem) + | Var_stack_scalar chunk ofs => + Scons (Sexpr (make_store chunk (make_stackaddr ofs) (Evar id))) + (store_parameters cenv rem) + | _ => + Snil (* should never happen *) + end + end. + +(** Translation of a Csharpminor function. We must check that the + required Cminor stack block is no bigger than [Int.max_signed], + otherwise address computations within the stack block could + overflow machine arithmetic and lead to incorrect code. *) + +Definition transl_function (f: Csharpminor.function): option function := + let (cenv, stacksize) := build_compilenv f in + if zle stacksize Int.max_signed then + do tbody <- transl_stmtlist cenv f.(Csharpminor.fn_body); + Some (mkfunction + (Csharpminor.fn_sig f) + (Csharpminor.fn_params_names f) + (Csharpminor.fn_vars_names f) + stacksize + (Scons (Sblock (store_parameters cenv f.(Csharpminor.fn_params))) tbody)) + else None. + +Definition transl_program (p: Csharpminor.program) : option program := + transform_partial_program transl_function p. diff --git a/backend/Cminorgenproof.v b/backend/Cminorgenproof.v new file mode 100644 index 00000000..b7c78843 --- /dev/null +++ b/backend/Cminorgenproof.v @@ -0,0 +1,2409 @@ +(** Correctness proof for Cminor generation. *) + +Require Import Coqlib. +Require Import Maps. +Require Import Sets. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Csharpminor. +Require Import Op. +Require Import Cminor. +Require Cmconstr. +Require Import Cminorgen. +Require Import Cmconstrproof. + +Section TRANSLATION. + +Variable prog: Csharpminor.program. +Variable tprog: program. +Hypothesis TRANSL: transl_program prog = Some tprog. +Let ge : Csharpminor.genv := Genv.globalenv prog. +Let tge: genv := Genv.globalenv tprog. + +Lemma symbols_preserved: + forall (s: ident), Genv.find_symbol tge s = Genv.find_symbol ge s. +Proof. + intro. unfold ge, tge. + apply Genv.find_symbol_transf_partial with transl_function. + exact TRANSL. +Qed. + +Lemma function_ptr_translated: + forall (b: block) (f: Csharpminor.function), + Genv.find_funct_ptr ge b = Some f -> + exists tf, + Genv.find_funct_ptr tge b = Some tf /\ transl_function f = Some tf. +Proof. + intros. + generalize + (Genv.find_funct_ptr_transf_partial transl_function TRANSL H). + case (transl_function f). + intros tf [A B]. exists tf. tauto. + intros [A B]. elim B. reflexivity. +Qed. + +Lemma functions_translated: + forall (v: val) (f: Csharpminor.function), + Genv.find_funct ge v = Some f -> + exists tf, + Genv.find_funct tge v = Some tf /\ transl_function f = Some tf. +Proof. + intros. + generalize + (Genv.find_funct_transf_partial transl_function TRANSL H). + case (transl_function f). + intros tf [A B]. exists tf. tauto. + intros [A B]. elim B. reflexivity. +Qed. + +(** * Correspondence between Csharpminor's and Cminor's environments and memory states *) + +(** In Csharpminor, every variable is stored in a separate memory block. + In the corresponding Cminor code, some of these variables reside in + the local variable environment; others are sub-blocks of the stack data + block. We capture these changes in memory via a memory injection [f]: +- [f b = None] means that the Csharpminor block [b] no longer exist + in the execution of the generated Cminor code. This corresponds to + a Csharpminor local variable translated to a Cminor local variable. +- [f b = Some(b', ofs)] means that Csharpminor block [b] corresponds + to a sub-block of Cminor block [b] at offset [ofs]. + + A memory injection [f] defines a relation [val_inject f] between + values and a relation [mem_inject f] between memory states. + These relations, defined in file [Memory], will be used intensively + in our proof of simulation between Csharpminor and Cminor executions. + + In the remainder of this section, we define relations between + Csharpminor and Cminor environments and call stacks. + + Global environments match if the memory injection [f] leaves unchanged + the references to global symbols and functions. *) + +Record match_globalenvs (f: meminj) : Prop := + mk_match_globalenvs { + mg_symbols: + forall id b, + Genv.find_symbol ge id = Some b -> + f b = Some (b, 0) /\ Genv.find_symbol tge id = Some b; + mg_functions: + forall b, b < 0 -> f b = Some(b, 0) + }. + +(** Matching for a Csharpminor variable [id]. +- If this variable is mapped to a Cminor local variable, the + corresponding Csharpminor memory block [b] must no longer exist in + Cminor ([f b = None]). Moreover, the content of block [b] must + match the value of [id] found in the Cminor local environment [te]. +- If this variable is mapped to a sub-block of the Cminor stack data + at offset [ofs], the address of this variable in Csharpminor [Vptr b + Int.zero] must match the address of the sub-block [Vptr sp (Int.repr + ofs)]. +*) + +Inductive match_var (f: meminj) (id: ident) + (e: Csharpminor.env) (m: mem) (te: env) (sp: block) : + var_info -> Prop := + | match_var_local: + forall chunk b v v', + PTree.get id e = Some (b, LVscalar chunk) -> + Mem.load chunk m b 0 = Some v -> + f b = None -> + PTree.get id te = Some v' -> + val_inject f v v' -> + match_var f id e m te sp (Var_local chunk) + | match_var_stack_scalar: + forall chunk ofs b, + PTree.get id e = Some (b, LVscalar chunk) -> + val_inject f (Vptr b Int.zero) (Vptr sp (Int.repr ofs)) -> + match_var f id e m te sp (Var_stack_scalar chunk ofs) + | match_var_stack_array: + forall ofs sz b, + PTree.get id e = Some (b, LVarray sz) -> + val_inject f (Vptr b Int.zero) (Vptr sp (Int.repr ofs)) -> + match_var f id e m te sp (Var_stack_array ofs) + | match_var_global: + PTree.get id e = None -> + match_var f id e m te sp (Var_global). + +(** Matching between a Csharpminor environment [e] and a Cminor + environment [te]. The [lo] and [hi] parameters delimit the range + of addresses for the blocks referenced from [te]. *) + +Record match_env (f: meminj) (cenv: compilenv) + (e: Csharpminor.env) (m: mem) (te: env) (sp: block) + (lo hi: Z) : Prop := + mk_match_env { + +(** Each variable mentioned in the compilation environment must match + as defined above. *) + me_vars: + forall id, match_var f id e m te sp (PMap.get id cenv); + +(** The range [lo, hi] must not be empty. *) + me_low_high: + lo <= hi; + +(** Every block appearing in the Csharpminor environment [e] must be + in the range [lo, hi]. *) + me_bounded: + forall id b lv, PTree.get id e = Some(b, lv) -> lo <= b < hi; + +(** Distinct Csharpminor local variables must be mapped to distinct blocks. *) + me_inj: + forall id1 b1 lv1 id2 b2 lv2, + PTree.get id1 e = Some(b1, lv1) -> + PTree.get id2 e = Some(b2, lv2) -> + id1 <> id2 -> b1 <> b2; + +(** All blocks mapped to sub-blocks of the Cminor stack data must be in + the range [lo, hi]. *) + me_inv: + forall b delta, + f b = Some(sp, delta) -> lo <= b < hi; + +(** All Csharpminor blocks below [lo] (i.e. allocated before the blocks + referenced from [e]) must map to blocks that are below [sp] + (i.e. allocated before the stack data for the current Cminor function). *) + me_incr: + forall b tb delta, + f b = Some(tb, delta) -> b < lo -> tb < sp + }. + +(** Call stacks represent abstractly the execution state of the current + Csharpminor and Cminor functions, as well as the states of the + calling functions. A call stack is a list of frames, each frame + collecting information on the current execution state of a Csharpminor + function and its Cminor translation. *) + +Record frame : Set := + mkframe { + fr_cenv: compilenv; + fr_e: Csharpminor.env; + fr_te: env; + fr_sp: block; + fr_low: Z; + fr_high: Z + }. + +Definition callstack : Set := list frame. + +(** Matching of call stacks imply matching of environments for each of + the frames, plus matching of the global environments, plus disjointness + conditions over the memory blocks allocated for local variables + and Cminor stack data. *) + +Inductive match_callstack: meminj -> callstack -> Z -> Z -> mem -> Prop := + | mcs_nil: + forall f bound tbound m, + match_globalenvs f -> + match_callstack f nil bound tbound m + | mcs_cons: + forall f cenv e te sp lo hi cs bound tbound m, + hi <= bound -> + sp < tbound -> + match_env f cenv e m te sp lo hi -> + match_callstack f cs lo sp m -> + match_callstack f (mkframe cenv e te sp lo hi :: cs) bound tbound m. + +(** The remainder of this section is devoted to showing preservation + of the [match_callstack] invariant under various assignments and memory + stores. First: preservation by memory stores to ``mapped'' blocks + (block that have a counterpart in the Cminor execution). *) + +Lemma match_env_store_mapped: + forall f cenv e m1 m2 te sp lo hi chunk b ofs v, + f b <> None -> + store chunk m1 b ofs v = Some m2 -> + match_env f cenv e m1 te sp lo hi -> + match_env f cenv e m2 te sp lo hi. +Proof. + intros. inversion H1. constructor; auto. + (* vars *) + intros. generalize (me_vars0 id); intro. + inversion H2; econstructor; eauto. + rewrite <- H5. eapply load_store_other; eauto. + left. congruence. +Qed. + +Lemma match_callstack_mapped: + forall f cs bound tbound m1, + match_callstack f cs bound tbound m1 -> + forall chunk b ofs v m2, + f b <> None -> + store chunk m1 b ofs v = Some m2 -> + match_callstack f cs bound tbound m2. +Proof. + induction 1; intros; econstructor; eauto. + eapply match_env_store_mapped; eauto. +Qed. + +(** Preservation by assignment to a Csharpminor variable that is + translated to a Cminor local variable. The value being assigned + must be normalized with respect to the memory chunk of the variable, + in the following sense. *) + +Definition val_normalized (chunk: memory_chunk) (v: val) : Prop := + exists v0, v = Val.load_result chunk v0. + +Lemma load_result_idem: + forall chunk v, + Val.load_result chunk (Val.load_result chunk v) = + Val.load_result chunk v. +Proof. + destruct chunk; destruct v; simpl; auto. + rewrite Int.cast8_signed_idem; auto. + rewrite Int.cast8_unsigned_idem; auto. + rewrite Int.cast16_signed_idem; auto. + rewrite Int.cast16_unsigned_idem; auto. + rewrite Float.singleoffloat_idem; auto. +Qed. + +Lemma load_result_normalized: + forall chunk v, + val_normalized chunk v -> Val.load_result chunk v = v. +Proof. + intros chunk v [v0 EQ]. rewrite EQ. apply load_result_idem. +Qed. + +Lemma match_env_store_local: + forall f cenv e m1 m2 te sp lo hi id b chunk v tv, + e!id = Some(b, LVscalar chunk) -> + val_inject f v tv -> + val_normalized chunk tv -> + store chunk m1 b 0 v = Some m2 -> + match_env f cenv e m1 te sp lo hi -> + match_env f cenv e m2 (PTree.set id tv te) sp lo hi. +Proof. + intros. inversion H3. constructor; auto. + intros. generalize (me_vars0 id0); intro. + inversion H4. + (* var_local *) + case (peq id id0); intro. + (* the stored variable *) + subst id0. + change Csharpminor.local_variable with local_variable in H6. + rewrite H in H6. injection H6; clear H6; intros; subst b0 chunk0. + econstructor. eauto. + eapply load_store_same; eauto. auto. + rewrite PTree.gss. reflexivity. + replace tv with (Val.load_result chunk tv). + apply Mem.load_result_inject. constructor; auto. + apply load_result_normalized; auto. + (* a different variable *) + econstructor; eauto. + rewrite <- H7. eapply load_store_other; eauto. + rewrite PTree.gso; auto. + (* var_stack_scalar *) + econstructor; eauto. + (* var_stack_array *) + econstructor; eauto. + (* var_global *) + econstructor; eauto. +Qed. + +Lemma match_env_store_above: + forall f cenv e m1 m2 te sp lo hi chunk b v, + store chunk m1 b 0 v = Some m2 -> + hi <= b -> + match_env f cenv e m1 te sp lo hi -> + match_env f cenv e m2 te sp lo hi. +Proof. + intros. inversion H1; constructor; auto. + intros. generalize (me_vars0 id); intro. + inversion H2; econstructor; eauto. + rewrite <- H5. eapply load_store_other; eauto. + left. generalize (me_bounded0 _ _ _ H4). unfold block in *. omega. +Qed. + +Lemma match_callstack_store_above: + forall f cs bound tbound m1, + match_callstack f cs bound tbound m1 -> + forall chunk b v m2, + store chunk m1 b 0 v = Some m2 -> + bound <= b -> + match_callstack f cs bound tbound m2. +Proof. + induction 1; intros; econstructor; eauto. + eapply match_env_store_above with (b := b); eauto. omega. + eapply IHmatch_callstack; eauto. + inversion H1. omega. +Qed. + +Lemma match_callstack_store_local: + forall f cenv e te sp lo hi cs bound tbound m1 m2 id b chunk v tv, + e!id = Some(b, LVscalar chunk) -> + val_inject f v tv -> + val_normalized chunk tv -> + store chunk m1 b 0 v = Some m2 -> + match_callstack f (mkframe cenv e te sp lo hi :: cs) bound tbound m1 -> + match_callstack f (mkframe cenv e (PTree.set id tv te) sp lo hi :: cs) bound tbound m2. +Proof. + intros. inversion H3. constructor; auto. + eapply match_env_store_local; eauto. + eapply match_callstack_store_above; eauto. + inversion H17. + generalize (me_bounded0 _ _ _ H). omega. +Qed. + +(** A variant of [match_callstack_store_local] where the Cminor environment + [te] already associates to [id] a value that matches the assigned value. + In this case, [match_callstack] is preserved even if no assignment + takes place on the Cminor side. *) + +Lemma match_env_extensional: + forall f cenv e m te1 sp lo hi, + match_env f cenv e m te1 sp lo hi -> + forall te2, + (forall id, te2!id = te1!id) -> + match_env f cenv e m te2 sp lo hi. +Proof. + induction 1; intros; econstructor; eauto. + intros. generalize (me_vars0 id); intro. + inversion H0; econstructor; eauto. + rewrite H. auto. +Qed. + +Lemma match_callstack_store_local_unchanged: + forall f cenv e te sp lo hi cs bound tbound m1 m2 id b chunk v tv, + e!id = Some(b, LVscalar chunk) -> + val_inject f v tv -> + val_normalized chunk tv -> + store chunk m1 b 0 v = Some m2 -> + te!id = Some tv -> + match_callstack f (mkframe cenv e te sp lo hi :: cs) bound tbound m1 -> + match_callstack f (mkframe cenv e te sp lo hi :: cs) bound tbound m2. +Proof. + intros. inversion H4. constructor; auto. + apply match_env_extensional with (PTree.set id tv te). + eapply match_env_store_local; eauto. + intros. rewrite PTree.gsspec. + case (peq id0 id); intros. congruence. auto. + eapply match_callstack_store_above; eauto. + inversion H18. + generalize (me_bounded0 _ _ _ H). omega. +Qed. + +(** Preservation of [match_callstack] by freeing all blocks allocated + for local variables at function entry (on the Csharpminor side). *) + +Lemma match_callstack_incr_bound: + forall f cs bound tbound m, + match_callstack f cs bound tbound m -> + forall bound' tbound', + bound <= bound' -> tbound <= tbound' -> + match_callstack f cs bound' tbound' m. +Proof. + intros. inversion H; constructor; auto. omega. omega. +Qed. + +Lemma load_freelist: + forall fbl chunk m b ofs, + (forall b', In b' fbl -> b' <> b) -> + load chunk (free_list m fbl) b ofs = load chunk m b ofs. +Proof. + induction fbl; simpl; intros. + auto. + rewrite load_free. apply IHfbl. + intros. apply H. tauto. + apply sym_not_equal. apply H. tauto. +Qed. + +Lemma match_env_freelist: + forall f cenv e m te sp lo hi fbl, + match_env f cenv e m te sp lo hi -> + (forall b, In b fbl -> hi <= b) -> + match_env f cenv e (free_list m fbl) te sp lo hi. +Proof. + intros. inversion H. econstructor; eauto. + intros. generalize (me_vars0 id); intro. + inversion H1; econstructor; eauto. + rewrite <- H4. apply load_freelist. + intros. generalize (H0 _ H8); intro. + generalize (me_bounded0 _ _ _ H3). unfold block; omega. +Qed. + +Lemma match_callstack_freelist_rec: + forall f cs bound tbound m, + match_callstack f cs bound tbound m -> + forall fbl, + (forall b, In b fbl -> bound <= b) -> + match_callstack f cs bound tbound (free_list m fbl). +Proof. + induction 1; intros; constructor; auto. + eapply match_env_freelist; eauto. + intros. generalize (H3 _ H4). omega. + apply IHmatch_callstack. intros. + generalize (H3 _ H4). inversion H1. omega. +Qed. + +Lemma match_callstack_freelist: + forall f cenv e te sp lo hi cs bound tbound m fbl, + (forall b, In b fbl -> lo <= b) -> + match_callstack f (mkframe cenv e te sp lo hi :: cs) bound tbound m -> + match_callstack f cs bound tbound (free_list m fbl). +Proof. + intros. inversion H0. inversion H14. + apply match_callstack_incr_bound with lo sp. + apply match_callstack_freelist_rec. auto. + assumption. + omega. omega. +Qed. + +(** Preservation of [match_callstack] when allocating a block for + a local variable on the Csharpminor side. *) + +Lemma load_from_alloc_is_undef: + forall m1 chunk m2 b, + alloc m1 0 (size_chunk chunk) = (m2, b) -> + load chunk m2 b 0 = Some Vundef. +Proof. + intros. + assert (valid_block m2 b). eapply valid_new_block; eauto. + assert (low_bound m2 b <= 0). + generalize (low_bound_alloc _ _ b _ _ _ H). rewrite zeq_true. omega. + assert (0 + size_chunk chunk <= high_bound m2 b). + generalize (high_bound_alloc _ _ b _ _ _ H). rewrite zeq_true. omega. + elim (load_in_bounds _ _ _ _ H0 H1 H2). intros v LOAD. + assert (v = Vundef). eapply load_alloc_same; eauto. + congruence. +Qed. + +Lemma match_env_alloc_same: + forall m1 lv m2 b info f1 cenv1 e1 te sp lo id data tv, + alloc m1 0 (sizeof lv) = (m2, b) -> + match info with + | Var_local chunk => data = None /\ lv = LVscalar chunk + | Var_stack_scalar chunk pos => data = Some(sp, pos) /\ lv = LVscalar chunk + | Var_stack_array pos => data = Some(sp, pos) /\ exists sz, lv = LVarray sz + | Var_global => False + end -> + match_env f1 cenv1 e1 m1 te sp lo m1.(nextblock) -> + te!id = Some tv -> + let f2 := extend_inject b data f1 in + let cenv2 := PMap.set id info cenv1 in + let e2 := PTree.set id (b, lv) e1 in + inject_incr f1 f2 -> + match_env f2 cenv2 e2 m2 te sp lo m2.(nextblock). +Proof. + intros. + assert (b = m1.(nextblock)). + injection H; intros. auto. + assert (m2.(nextblock) = Zsucc m1.(nextblock)). + injection H; intros. rewrite <- H6; reflexivity. + inversion H1. constructor. + (* me_vars *) + intros. unfold cenv2. rewrite PMap.gsspec. case (peq id0 id); intro. + (* same var *) + subst id0. destruct info. + (* info = Var_local chunk *) + elim H0; intros. + apply match_var_local with b Vundef tv. + unfold e2; rewrite PTree.gss. congruence. + eapply load_from_alloc_is_undef; eauto. + rewrite H7 in H. unfold sizeof in H. eauto. + unfold f2, extend_inject, eq_block. rewrite zeq_true. auto. + auto. + constructor. + (* info = Var_stack_scalar chunk ofs *) + elim H0; intros. + apply match_var_stack_scalar with b. + unfold e2; rewrite PTree.gss. congruence. + eapply val_inject_ptr. + unfold f2, extend_inject, eq_block. rewrite zeq_true. eauto. + rewrite Int.add_commut. rewrite Int.add_zero. auto. + (* info = Var_stack_array z *) + elim H0; intros A [sz B]. + apply match_var_stack_array with sz b. + unfold e2; rewrite PTree.gss. congruence. + eapply val_inject_ptr. + unfold f2, extend_inject, eq_block. rewrite zeq_true. eauto. + rewrite Int.add_commut. rewrite Int.add_zero. auto. + (* info = Var_global *) + contradiction. + (* other vars *) + generalize (me_vars0 id0); intros. + inversion H6; econstructor; eauto. + unfold e2; rewrite PTree.gso; auto. + unfold f2, extend_inject, eq_block; rewrite zeq_false; auto. + generalize (me_bounded0 _ _ _ H8). unfold block in *; omega. + unfold e2; rewrite PTree.gso; eauto. + unfold e2; rewrite PTree.gso; eauto. + unfold e2; rewrite PTree.gso; eauto. + (* lo <= hi *) + unfold block in *; omega. + (* me_bounded *) + intros until lv0. unfold e2; rewrite PTree.gsspec. + case (peq id0 id); intros. + subst id0. inversion H6. subst b0. unfold block in *; omega. + generalize (me_bounded0 _ _ _ H6). rewrite H5. omega. + (* me_inj *) + intros until lv2. unfold e2; repeat rewrite PTree.gsspec. + case (peq id1 id); case (peq id2 id); intros. + congruence. + inversion H6. subst b1. rewrite H4. + generalize (me_bounded0 _ _ _ H7). unfold block; omega. + inversion H7. subst b2. rewrite H4. + generalize (me_bounded0 _ _ _ H6). unfold block; omega. + eauto. + (* me_inv *) + intros until delta. unfold f2, extend_inject, eq_block. + case (zeq b0 b); intros. + subst b0. rewrite H4; rewrite H5. omega. + generalize (me_inv0 _ _ H6). rewrite H5. omega. + (* me_incr *) + intros until delta. unfold f2, extend_inject, eq_block. + case (zeq b0 b); intros. + subst b0. unfold block in *; omegaContradiction. + eauto. +Qed. + +Lemma match_env_alloc_other: + forall f1 cenv e m1 m2 te sp lo hi chunk b data, + alloc m1 0 (sizeof chunk) = (m2, b) -> + match data with None => True | Some (b', delta') => sp < b' end -> + hi <= m1.(nextblock) -> + match_env f1 cenv e m1 te sp lo hi -> + let f2 := extend_inject b data f1 in + inject_incr f1 f2 -> + match_env f2 cenv e m2 te sp lo hi. +Proof. + intros. + assert (b = m1.(nextblock)). injection H; auto. + rewrite <- H4 in H1. + inversion H2. constructor; auto. + (* me_vars *) + intros. generalize (me_vars0 id); intro. + inversion H5; econstructor; eauto. + unfold f2, extend_inject, eq_block. rewrite zeq_false. auto. + generalize (me_bounded0 _ _ _ H7). unfold block in *; omega. + (* me_bounded *) + intros until delta. unfold f2, extend_inject, eq_block. + case (zeq b0 b); intros. rewrite H5 in H0. omegaContradiction. + eauto. + (* me_incr *) + intros until delta. unfold f2, extend_inject, eq_block. + case (zeq b0 b); intros. subst b0. omegaContradiction. + eauto. +Qed. + +Lemma match_callstack_alloc_other: + forall f1 cs bound tbound m1, + match_callstack f1 cs bound tbound m1 -> + forall lv m2 b data, + alloc m1 0 (sizeof lv) = (m2, b) -> + match data with None => True | Some (b', delta') => tbound <= b' end -> + bound <= m1.(nextblock) -> + let f2 := extend_inject b data f1 in + inject_incr f1 f2 -> + match_callstack f2 cs bound tbound m2. +Proof. + induction 1; intros. + constructor. + inversion H. constructor. + intros. elim (mg_symbols0 _ _ H4); intros. + split; auto. elim (H3 b0); intros; congruence. + intros. generalize (mg_functions0 _ H4). elim (H3 b0); congruence. + constructor. auto. auto. + unfold f2; eapply match_env_alloc_other; eauto. + destruct data; auto. destruct p. omega. omega. + unfold f2; eapply IHmatch_callstack; eauto. + destruct data; auto. destruct p. omega. + inversion H1; omega. +Qed. + +Lemma match_callstack_alloc_left: + forall m1 lv m2 b info f1 cenv1 e1 te sp lo id data cs tv tbound, + alloc m1 0 (sizeof lv) = (m2, b) -> + match info with + | Var_local chunk => data = None /\ lv = LVscalar chunk + | Var_stack_scalar chunk pos => data = Some(sp, pos) /\ lv = LVscalar chunk + | Var_stack_array pos => data = Some(sp, pos) /\ exists sz, lv = LVarray sz + | Var_global => False + end -> + match_callstack f1 (mkframe cenv1 e1 te sp lo m1.(nextblock) :: cs) m1.(nextblock) tbound m1 -> + te!id = Some tv -> + let f2 := extend_inject b data f1 in + let cenv2 := PMap.set id info cenv1 in + let e2 := PTree.set id (b, lv) e1 in + inject_incr f1 f2 -> + match_callstack f2 (mkframe cenv2 e2 te sp lo m2.(nextblock) :: cs) m2.(nextblock) tbound m2. +Proof. + intros. inversion H1. constructor. omega. auto. + unfold f2, cenv2, e2. eapply match_env_alloc_same; eauto. + unfold f2; eapply match_callstack_alloc_other; eauto. + destruct info. + elim H0; intros. rewrite H19. auto. + elim H0; intros. rewrite H19. omega. + elim H0; intros. rewrite H19. omega. + contradiction. + inversion H17; omega. +Qed. + +Lemma match_callstack_alloc_right: + forall f cs bound tm1 m tm2 lo hi b, + alloc tm1 lo hi = (tm2, b) -> + match_callstack f cs bound tm1.(nextblock) m -> + match_callstack f cs bound tm2.(nextblock) m. +Proof. + intros. eapply match_callstack_incr_bound; eauto. omega. + injection H; intros. rewrite <- H2; simpl. omega. +Qed. + +(** [match_callstack] implies [match_globalenvs]. *) + +Lemma match_callstack_match_globalenvs: + forall f cs bound tbound m, + match_callstack f cs bound tbound m -> + match_globalenvs f. +Proof. + induction 1; eauto. +Qed. + +(** * Correctness of Cminor construction functions *) + +Hint Resolve eval_negint eval_negfloat eval_absfloat eval_intoffloat + eval_floatofint eval_floatofintu eval_notint eval_notbool + eval_cast8signed eval_cast8unsigned eval_cast16signed + eval_cast16unsigned eval_singleoffloat eval_add eval_add_ptr + eval_add_ptr_2 eval_sub eval_sub_ptr_int eval_sub_ptr_ptr + eval_mul eval_divs eval_mods eval_divu eval_modu + eval_and eval_or eval_xor eval_shl eval_shr eval_shru + eval_addf eval_subf eval_mulf eval_divf + eval_cmp eval_cmp_null_r eval_cmp_null_l eval_cmp_ptr + eval_cmpu eval_cmpf: evalexpr. + +Remark val_inject_val_of_bool: + forall f b, val_inject f (Val.of_bool b) (Val.of_bool b). +Proof. + intros; destruct b; unfold Val.of_bool, Vtrue, Vfalse; constructor. +Qed. + +Ltac TrivialOp := + match goal with + | [ |- exists x, _ /\ val_inject _ (Vint ?x) _ ] => + exists (Vint x); split; + [eauto with evalexpr | constructor] + | [ |- exists x, _ /\ val_inject _ (Vfloat ?x) _ ] => + exists (Vfloat x); split; + [eauto with evalexpr | constructor] + | [ |- exists x, _ /\ val_inject _ (Val.of_bool ?x) _ ] => + exists (Val.of_bool x); split; + [eauto with evalexpr | apply val_inject_val_of_bool] + | _ => idtac + end. + +Remark eval_compare_null_inv: + forall c i v, + Csharpminor.eval_compare_null c i = Some v -> + i = Int.zero /\ (c = Ceq /\ v = Vfalse \/ c = Cne /\ v = Vtrue). +Proof. + intros until v. unfold Csharpminor.eval_compare_null. + predSpec Int.eq Int.eq_spec i Int.zero. + case c; intro EQ; simplify_eq EQ; intro; subst v; tauto. + congruence. +Qed. + +(** Correctness of [make_op]. The generated Cminor code evaluates + to a value that matches the result value of the Csharpminor operation, + provided arguments match pairwise ([val_list_inject f] hypothesis). *) + +Lemma make_op_correct: + forall al a op vl m2 v sp le te1 tm1 te2 tm2 tvl f, + make_op op al = Some a -> + Csharpminor.eval_operation op vl m2 = Some v -> + eval_exprlist tge (Vptr sp Int.zero) le te1 tm1 al te2 tm2 tvl -> + val_list_inject f vl tvl -> + mem_inject f m2 tm2 -> + exists tv, + eval_expr tge (Vptr sp Int.zero) le te1 tm1 a te2 tm2 tv + /\ val_inject f v tv. +Proof. + intros. + destruct al as [ | a1 al]; + [idtac | destruct al as [ | a2 al]; + [idtac | destruct al as [ | a3 al]]]; + simpl in H; try discriminate. + (* Constant operators *) + inversion H1. subst sp0 le0 e m te2 tm1 tvl. + inversion H2. subst vl. + destruct op; simplify_eq H; intro; subst a; + simpl in H0; injection H0; intro; subst v. + (* intconst *) + TrivialOp. econstructor. constructor. reflexivity. + (* floatconst *) + TrivialOp. econstructor. constructor. reflexivity. + (* Unary operators *) + inversion H1. subst sp0 le0 e m a0 bl e2 m0 tvl. + inversion H14. subst sp0 le0 e m e1 m1 vl0. + inversion H2. subst vl v' vl'. inversion H8. subst vl0. + destruct op; simplify_eq H; intro; subst a; + simpl in H0; destruct v1; simplify_eq H0; intro; subst v; + inversion H7; subst v0; + TrivialOp. + (* Binary operations *) + inversion H1. subst sp0 le0 e m a0 bl e2 m0 tvl. + inversion H14. subst sp0 le0 e m a0 bl e2 m3 vl0. + inversion H16. subst sp0 le0 e m e0 m0 vl1. + inversion H2. subst vl v' vl'. + inversion H8. subst vl0 v' vl'. + inversion H12. subst vl. + destruct op; simplify_eq H; intro; subst a; + simpl in H0; destruct v2; destruct v3; simplify_eq H0; intro; try subst v; + inversion H7; inversion H9; subst v0; subst v1; + TrivialOp. + (* add int ptr *) + exists (Vptr b2 (Int.add ofs2 i)); split. + eauto with evalexpr. apply val_inject_ptr with x. auto. + subst ofs2. repeat rewrite Int.add_assoc. decEq. apply Int.add_commut. + (* add ptr int *) + exists (Vptr b2 (Int.add ofs2 i0)); split. + eauto with evalexpr. apply val_inject_ptr with x. auto. + subst ofs2. repeat rewrite Int.add_assoc. decEq. apply Int.add_commut. + (* sub ptr int *) + exists (Vptr b2 (Int.sub ofs2 i0)); split. + eauto with evalexpr. apply val_inject_ptr with x. auto. + subst ofs2. apply Int.sub_add_l. + (* sub ptr ptr *) + destruct (eq_block b b0); simplify_eq H0; intro; subst v; subst b0. + assert (b4 = b2). congruence. subst b4. + exists (Vint (Int.sub ofs2 ofs3)); split. eauto with evalexpr. + subst ofs2 ofs3. replace x0 with x. rewrite Int.sub_shifted. constructor. + congruence. + (* divs *) + generalize (Int.eq_spec i0 Int.zero); destruct (Int.eq i0 Int.zero); intro; + simplify_eq H0; intro; subst v. TrivialOp. + (* divu *) + generalize (Int.eq_spec i0 Int.zero); destruct (Int.eq i0 Int.zero); intro; + simplify_eq H0; intro; subst v. TrivialOp. + (* mods *) + generalize (Int.eq_spec i0 Int.zero); destruct (Int.eq i0 Int.zero); intro; + simplify_eq H0; intro; subst v. TrivialOp. + (* modu *) + generalize (Int.eq_spec i0 Int.zero); destruct (Int.eq i0 Int.zero); intro; + simplify_eq H0; intro; subst v. TrivialOp. + (* shl *) + caseEq (Int.ltu i0 (Int.repr 32)); intro EQ; rewrite EQ in H0; + simplify_eq H0; intro; subst v. TrivialOp. + (* shr *) + caseEq (Int.ltu i0 (Int.repr 32)); intro EQ; rewrite EQ in H0; + simplify_eq H0; intro; subst v. TrivialOp. + (* shru *) + caseEq (Int.ltu i0 (Int.repr 32)); intro EQ; rewrite EQ in H0; + simplify_eq H0; intro; subst v. TrivialOp. + (* cmp int ptr *) + elim (eval_compare_null_inv _ _ _ H0); intros; subst i1 i. + exists v; split. eauto with evalexpr. + elim H18; intros [A B]; subst v; unfold Vtrue, Vfalse; constructor. + (* cmp ptr int *) + elim (eval_compare_null_inv _ _ _ H0); intros; subst i1 i0. + exists v; split. eauto with evalexpr. + elim H18; intros [A B]; subst v; unfold Vtrue, Vfalse; constructor. + (* cmp ptr ptr *) + caseEq (valid_pointer m2 b (Int.signed i) && valid_pointer m2 b0 (Int.signed i0)); + intro EQ; rewrite EQ in H0; try discriminate. + destruct (eq_block b b0); simplify_eq H0; intro; subst v b0. + assert (b4 = b2); [congruence|subst b4]. + assert (x0 = x); [congruence|subst x0]. + elim (andb_prop _ _ EQ); intros. + exists (Val.of_bool (Int.cmp c ofs2 ofs3)); split. + eauto with evalexpr. + subst ofs2 ofs3. rewrite Int.translate_cmp. + apply val_inject_val_of_bool. + eapply valid_pointer_inject_no_overflow; eauto. + eapply valid_pointer_inject_no_overflow; eauto. +Qed. + +(** Correctness of [make_cast]. Note that the resulting Cminor value is + normalized according to the given memory chunk. *) + +Lemma make_cast_correct: + forall f sp le te1 tm1 a te2 tm2 v chunk v' tv, + eval_expr tge (Vptr sp Int.zero) le te1 tm1 a te2 tm2 tv -> + cast chunk v = Some v' -> + val_inject f v tv -> + exists tv', + eval_expr tge (Vptr sp Int.zero) le + te1 tm1 (make_cast chunk a) + te2 tm2 tv' + /\ val_inject f v' tv' + /\ val_normalized chunk tv'. +Proof. + intros. destruct chunk; destruct v; simplify_eq H0; intro; subst v'; simpl; + inversion H1; subst tv. + + exists (Vint (Int.cast8signed i)). + split. apply eval_cast8signed; auto. + split. constructor. exists (Vint i); reflexivity. + + exists (Vint (Int.cast8unsigned i)). + split. apply eval_cast8unsigned; auto. + split. constructor. exists (Vint i); reflexivity. + + exists (Vint (Int.cast16signed i)). + split. apply eval_cast16signed; auto. + split. constructor. exists (Vint i); reflexivity. + + exists (Vint (Int.cast16unsigned i)). + split. apply eval_cast16unsigned; auto. + split. constructor. exists (Vint i); reflexivity. + + exists (Vint i). + split. auto. split. auto. exists (Vint i); reflexivity. + + exists (Vptr b2 ofs2). + split. auto. split. auto. exists (Vptr b2 ofs2); reflexivity. + + exists (Vfloat (Float.singleoffloat f0)). + split. apply eval_singleoffloat; auto. + split. constructor. exists (Vfloat f0); reflexivity. + + exists (Vfloat f0). + split. auto. split. auto. exists (Vfloat f0); reflexivity. +Qed. + +Lemma make_stackaddr_correct: + forall sp le te tm ofs, + eval_expr tge (Vptr sp Int.zero) le + te tm (make_stackaddr ofs) + te tm (Vptr sp (Int.repr ofs)). +Proof. + intros; unfold make_stackaddr. + eapply eval_Eop. econstructor. simpl. decEq. decEq. + rewrite Int.add_commut. apply Int.add_zero. +Qed. + +(** Correctness of [make_load] and [make_store]. *) + +Lemma make_load_correct: + forall sp le te1 tm1 a te2 tm2 va chunk v, + eval_expr tge (Vptr sp Int.zero) le te1 tm1 a te2 tm2 va -> + Mem.loadv chunk tm2 va = Some v -> + eval_expr tge (Vptr sp Int.zero) le + te1 tm1 (make_load chunk a) + te2 tm2 v. +Proof. + intros; unfold make_load. + eapply eval_load; eauto. +Qed. + +Lemma val_content_inject_cast: + forall f chunk v1 v2 tv1, + cast chunk v1 = Some v2 -> + val_inject f v1 tv1 -> + val_content_inject f (mem_chunk chunk) v2 tv1. +Proof. + intros. destruct chunk; destruct v1; simplify_eq H; intro; subst v2; + inversion H0; simpl. + apply val_content_inject_8. apply Int.cast8_unsigned_signed. + apply val_content_inject_8. apply Int.cast8_unsigned_idem. + apply val_content_inject_16. apply Int.cast16_unsigned_signed. + apply val_content_inject_16. apply Int.cast16_unsigned_idem. + constructor; constructor. + constructor; econstructor; eauto. + apply val_content_inject_32. apply Float.singleoffloat_idem. + constructor; constructor. +Qed. + +Lemma make_store_correct: + forall f sp le te1 tm1 addr te2 tm2 tvaddr rhs te3 tm3 tvrhs + chunk vrhs v m3 vaddr m4, + eval_expr tge (Vptr sp Int.zero) le + te1 tm1 addr te2 tm2 tvaddr -> + eval_expr tge (Vptr sp Int.zero) le + te2 tm2 rhs te3 tm3 tvrhs -> + cast chunk vrhs = Some v -> + Mem.storev chunk m3 vaddr v = Some m4 -> + mem_inject f m3 tm3 -> + val_inject f vaddr tvaddr -> + val_inject f vrhs tvrhs -> + exists tm4, exists tv, + eval_expr tge (Vptr sp Int.zero) le + te1 tm1 (make_store chunk addr rhs) + te3 tm4 tv + /\ mem_inject f m4 tm4 + /\ val_inject f v tv + /\ nextblock tm4 = nextblock tm3. +Proof. + intros. unfold make_store. + assert (val_content_inject f (mem_chunk chunk) v tvrhs). + eapply val_content_inject_cast; eauto. + elim (storev_mapped_inject_1 _ _ _ _ _ _ _ _ _ H3 H2 H4 H6). + intros tm4 [STORE MEMINJ]. + generalize (eval_store _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ H H0 STORE). + intro EVALSTORE. + elim (make_cast_correct _ _ _ _ _ _ _ _ _ _ _ _ EVALSTORE H1 H5). + intros tv [EVALCAST [VALINJ VALNORM]]. + exists tm4; exists tv. intuition. + unfold storev in STORE; destruct tvaddr; try discriminate. + generalize (store_inv _ _ _ _ _ _ STORE). simpl. tauto. +Qed. + +(** Correctness of the variable accessors [var_get], [var_set] + and [var_addr]. *) + +Lemma var_get_correct: + forall cenv id a f e te sp lo hi m cs tm b chunk v le, + var_get cenv id = Some a -> + match_callstack f (mkframe cenv e te sp lo hi :: cs) m.(nextblock) tm.(nextblock) m -> + mem_inject f m tm -> + e!id = Some(b, LVscalar chunk) -> + load chunk m b 0 = Some v -> + exists tv, + eval_expr tge (Vptr sp Int.zero) le te tm a te tm tv /\ + val_inject f v tv. +Proof. + unfold var_get; intros. + assert (match_var f id e m te sp cenv!!id). + inversion H0. inversion H17. auto. + caseEq (cenv!!id); intros; rewrite H5 in H; simplify_eq H; clear H; intros; subst a. + (* var_local *) + rewrite H5 in H4. inversion H4. + exists v'; split. + apply eval_Evar. auto. + replace v with v0. auto. congruence. + (* var_stack_scalar *) + rewrite H5 in H4. inversion H4. + inversion H8. subst b1 b2 ofs1 ofs2. + assert (b0 = b). congruence. subst b0. + assert (m0 = chunk). congruence. subst m0. + assert (loadv chunk m (Vptr b Int.zero) = Some v). assumption. + generalize (loadv_inject _ _ _ _ _ _ _ H1 H H8). + subst chunk0. + intros [tv [LOAD INJ]]. + exists tv; split. + eapply make_load_correct; eauto. eapply make_stackaddr_correct; eauto. + auto. +Qed. + +Lemma var_addr_local_correct: + forall cenv id a f e te sp lo hi m cs tm b lv le, + var_addr cenv id = Some a -> + match_callstack f (mkframe cenv e te sp lo hi :: cs) m.(nextblock) tm.(nextblock) m -> + e!id = Some(b, lv) -> + exists tv, + eval_expr tge (Vptr sp Int.zero) le te tm a te tm tv /\ + val_inject f (Vptr b Int.zero) tv. +Proof. + unfold var_addr; intros. + assert (match_var f id e m te sp cenv!!id). + inversion H0. inversion H15. auto. + caseEq (cenv!!id); intros; rewrite H3 in H; simplify_eq H; clear H; intros; subst a; + rewrite H3 in H2; inversion H2. + (* var_stack_scalar *) + exists (Vptr sp (Int.repr z)); split. + eapply make_stackaddr_correct. + replace b with b0. auto. congruence. + (* var_stack_array *) + exists (Vptr sp (Int.repr z)); split. + eapply make_stackaddr_correct. + replace b with b0. auto. congruence. + (* var_global *) + congruence. +Qed. + +Lemma var_addr_global_correct: + forall cenv id a f e te sp lo hi m cs tm b le, + var_addr cenv id = Some a -> + match_callstack f (mkframe cenv e te sp lo hi :: cs) m.(nextblock) tm.(nextblock) m -> + e!id = None -> + Genv.find_symbol ge id = Some b -> + exists tv, + eval_expr tge (Vptr sp Int.zero) le te tm a te tm tv /\ + val_inject f (Vptr b Int.zero) tv. +Proof. + unfold var_addr; intros. + assert (match_var f id e m te sp cenv!!id). + inversion H0. inversion H16. auto. + destruct (cenv!!id); inversion H3; try congruence. + injection H; intro; subst a. + (* var_global *) + generalize (match_callstack_match_globalenvs _ _ _ _ _ H0); intro. + inversion H5. + elim (mg_symbols0 _ _ H2); intros. + exists (Vptr b Int.zero); split. + eapply eval_Eop. econstructor. simpl. rewrite H7. auto. + econstructor. eauto. reflexivity. +Qed. + +Lemma var_set_correct: + forall cenv id rhs a f e te2 sp lo hi m2 cs tm2 le te1 tm1 vrhs b chunk v1 v2 m3, + var_set cenv id rhs = Some a -> + match_callstack f (mkframe cenv e te2 sp lo hi :: cs) m2.(nextblock) tm2.(nextblock) m2 -> + eval_expr tge (Vptr sp Int.zero) le te1 tm1 rhs te2 tm2 vrhs -> + val_inject f v1 vrhs -> + mem_inject f m2 tm2 -> + e!id = Some(b, LVscalar chunk) -> + cast chunk v1 = Some v2 -> + store chunk m2 b 0 v2 = Some m3 -> + exists te3, exists tm3, exists tv, + eval_expr tge (Vptr sp Int.zero) le te1 tm1 a te3 tm3 tv /\ + val_inject f v2 tv /\ + mem_inject f m3 tm3 /\ + match_callstack f (mkframe cenv e te3 sp lo hi :: cs) m3.(nextblock) tm3.(nextblock) m3. +Proof. + unfold var_set; intros. + assert (NEXTBLOCK: nextblock m3 = nextblock m2). + generalize (store_inv _ _ _ _ _ _ H6). simpl. tauto. + inversion H0. subst f0 cenv0 e0 te sp0 lo0 hi0 cs0 bound tbound m. + inversion H20. + caseEq (cenv!!id); intros; rewrite H7 in H; simplify_eq H; clear H; intros; subst a. + (* var_local *) + generalize (me_vars0 id); intro. rewrite H7 in H. inversion H. + subst chunk0. + assert (b0 = b). congruence. subst b0. + assert (m = chunk). congruence. subst m. + elim (make_cast_correct _ _ _ _ _ _ _ _ _ _ _ _ H1 H5 H2). + intros tv [EVAL [INJ NORM]]. + exists (PTree.set id tv te2); exists tm2; exists tv. + split. eapply eval_Eassign. auto. + split. auto. + split. eapply store_unmapped_inject; eauto. + rewrite NEXTBLOCK. eapply match_callstack_store_local; eauto. + (* var_stack_scalar *) + generalize (me_vars0 id); intro. rewrite H7 in H. inversion H. + subst chunk0 z. + assert (b0 = b). congruence. subst b0. + assert (m = chunk). congruence. subst m. + assert (storev chunk m2 (Vptr b Int.zero) v2 = Some m3). assumption. + generalize (make_stackaddr_correct sp le te1 tm1 ofs). intro EVALSTACKADDR. + generalize (make_store_correct _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + EVALSTACKADDR H1 H5 H8 H3 H11 H2). + intros [tm3 [tv [EVAL [MEMINJ [VALINJ TNEXTBLOCK]]]]]. + exists te2; exists tm3; exists tv. + split. auto. split. auto. split. auto. + rewrite NEXTBLOCK; rewrite TNEXTBLOCK. + eapply match_callstack_mapped; eauto. + inversion H11; congruence. +Qed. + +(** * Correctness of stack allocation of local variables *) + +(** This section shows the correctness of the translation of Csharpminor + local variables, either as Cminor local variables or as sub-blocks + of the Cminor stack data. This is the most difficult part of the proof. *) + +Remark assign_variables_incr: + forall atk vars cenv sz cenv' sz', + assign_variables atk vars (cenv, sz) = (cenv', sz') -> sz <= sz'. +Proof. + induction vars; intros until sz'; simpl. + intro. replace sz' with sz. omega. congruence. + destruct a. destruct l. case (Identset.mem i atk); intros. + generalize (IHvars _ _ _ _ H). + generalize (size_chunk_pos m). intro. + generalize (align_le sz (size_chunk m) H0). omega. + eauto. + intro. generalize (IHvars _ _ _ _ H). + assert (8 > 0). omega. generalize (align_le sz 8 H0). + assert (0 <= Zmax 0 z). apply Zmax_bound_l. omega. + omega. +Qed. + +Lemma match_callstack_alloc_variables_rec: + forall tm sp cenv' sz' te lo cs atk, + valid_block tm sp -> + low_bound tm sp = 0 -> + high_bound tm sp = sz' -> + sz' <= Int.max_signed -> + forall e m vars e' m' lb, + alloc_variables e m vars e' m' lb -> + forall f cenv sz, + assign_variables atk vars (cenv, sz) = (cenv', sz') -> + match_callstack f (mkframe cenv e te sp lo m.(nextblock) :: cs) + m.(nextblock) tm.(nextblock) m -> + mem_inject f m tm -> + 0 <= sz -> + (forall b delta, f b = Some(sp, delta) -> high_bound m b + delta <= sz) -> + (forall id lv, In (id, lv) vars -> te!id <> None) -> + exists f', + inject_incr f f' + /\ mem_inject f' m' tm + /\ match_callstack f' (mkframe cenv' e' te sp lo m'.(nextblock) :: cs) + m'.(nextblock) tm.(nextblock) m'. +Proof. + intros until atk. intros VB LB HB NOOV. + induction 1. + (* base case *) + intros. simpl in H. inversion H; subst cenv sz. + exists f. split. apply inject_incr_refl. split. auto. auto. + (* inductive case *) + intros until sz. + change (assign_variables atk ((id, lv) :: vars) (cenv, sz)) + with (assign_variables atk vars (assign_variable atk (id, lv) (cenv, sz))). + caseEq (assign_variable atk (id, lv) (cenv, sz)). + intros cenv1 sz1 ASV1 ASVS MATCH MINJ SZPOS BOUND DEFINED. + assert (DEFINED1: forall id0 lv0, In (id0, lv0) vars -> te!id0 <> None). + intros. eapply DEFINED. simpl. right. eauto. + assert (exists tv, te!id = Some tv). + assert (te!id <> None). eapply DEFINED. simpl; left; auto. + destruct (te!id). exists v; auto. congruence. + elim H1; intros tv TEID; clear H1. + generalize ASV1. unfold assign_variable. + caseEq lv. + (* 1. lv = LVscalar chunk *) + intros chunk LV. case (Identset.mem id atk). + (* 1.1 info = Var_stack_scalar chunk ... *) + set (ofs := align sz (size_chunk chunk)). + intro EQ; injection EQ; intros; clear EQ. + set (f1 := extend_inject b1 (Some (sp, ofs)) f). + generalize (size_chunk_pos chunk); intro SIZEPOS. + generalize (align_le sz (size_chunk chunk) SIZEPOS). fold ofs. intro SZOFS. + assert (mem_inject f1 m1 tm /\ inject_incr f f1). + assert (Int.min_signed < 0). compute; auto. + generalize (assign_variables_incr _ _ _ _ _ _ ASVS). intro. + unfold f1; eapply alloc_mapped_inject; eauto. + omega. omega. omega. omega. unfold sizeof; rewrite LV. omega. + intros. left. generalize (BOUND _ _ H5). omega. + elim H3; intros MINJ1 INCR1; clear H3. + assert (MATCH1: match_callstack f1 + (mkframe cenv1 (PTree.set id (b1, lv) e) te sp lo (nextblock m1) :: cs) + (nextblock m1) (nextblock tm) m1). + unfold f1; rewrite <- H2; eapply match_callstack_alloc_left; eauto. + assert (SZ1POS: 0 <= sz1). rewrite <- H1. omega. + assert (BOUND1: forall b delta, f1 b = Some(sp, delta) -> + high_bound m1 b + delta <= sz1). + intros until delta; unfold f1, extend_inject, eq_block. + rewrite (high_bound_alloc _ _ b _ _ _ H). + case (zeq b b1); intros. + inversion H3. unfold sizeof; rewrite LV. omega. + generalize (BOUND _ _ H3). omega. + generalize (IHalloc_variables _ _ _ ASVS MATCH1 MINJ1 SZ1POS BOUND1 DEFINED1). + intros [f' [INCR2 [MINJ2 MATCH2]]]. + exists f'; intuition. eapply inject_incr_trans; eauto. + (* 1.2 info = Var_local chunk *) + intro EQ; injection EQ; intros; clear EQ. subst sz1. + generalize (alloc_unmapped_inject _ _ _ _ _ _ _ MINJ H). + set (f1 := extend_inject b1 None f). intros [MINJ1 INCR1]. + assert (MATCH1: match_callstack f1 + (mkframe cenv1 (PTree.set id (b1, lv) e) te sp lo (nextblock m1) :: cs) + (nextblock m1) (nextblock tm) m1). + unfold f1; rewrite <- H2; eapply match_callstack_alloc_left; eauto. + assert (BOUND1: forall b delta, f1 b = Some(sp, delta) -> + high_bound m1 b + delta <= sz). + intros until delta; unfold f1, extend_inject, eq_block. + rewrite (high_bound_alloc _ _ b _ _ _ H). + case (zeq b b1); intros. discriminate. + eapply BOUND; eauto. + generalize (IHalloc_variables _ _ _ ASVS MATCH1 MINJ1 SZPOS BOUND1 DEFINED1). + intros [f' [INCR2 [MINJ2 MATCH2]]]. + exists f'; intuition. eapply inject_incr_trans; eauto. + (* 2. lv = LVarray dim, info = Var_stack_array *) + intros dim LV EQ. injection EQ; clear EQ; intros. + assert (0 <= Zmax 0 dim). apply Zmax1. + assert (8 > 0). omega. + generalize (align_le sz 8 H4). intro. + set (ofs := align sz 8) in *. + set (f1 := extend_inject b1 (Some (sp, ofs)) f). + assert (mem_inject f1 m1 tm /\ inject_incr f f1). + assert (Int.min_signed < 0). compute; auto. + generalize (assign_variables_incr _ _ _ _ _ _ ASVS). intro. + unfold f1; eapply alloc_mapped_inject; eauto. + omega. omega. omega. omega. unfold sizeof; rewrite LV. omega. + intros. left. generalize (BOUND _ _ H8). omega. + elim H6; intros MINJ1 INCR1; clear H6. + assert (MATCH1: match_callstack f1 + (mkframe cenv1 (PTree.set id (b1, lv) e) te sp lo (nextblock m1) :: cs) + (nextblock m1) (nextblock tm) m1). + unfold f1; rewrite <- H2; eapply match_callstack_alloc_left; eauto. + assert (SZ1POS: 0 <= sz1). rewrite <- H1. omega. + assert (BOUND1: forall b delta, f1 b = Some(sp, delta) -> + high_bound m1 b + delta <= sz1). + intros until delta; unfold f1, extend_inject, eq_block. + rewrite (high_bound_alloc _ _ b _ _ _ H). + case (zeq b b1); intros. + inversion H6. unfold sizeof; rewrite LV. omega. + generalize (BOUND _ _ H6). omega. + generalize (IHalloc_variables _ _ _ ASVS MATCH1 MINJ1 SZ1POS BOUND1 DEFINED1). + intros [f' [INCR2 [MINJ2 MATCH2]]]. + exists f'; intuition. eapply inject_incr_trans; eauto. +Qed. + +Lemma set_params_defined: + forall params args id, + In id params -> (set_params args params)!id <> None. +Proof. + induction params; simpl; intros. + elim H. + destruct args. + rewrite PTree.gsspec. case (peq id a); intro. + congruence. eapply IHparams. elim H; intro. congruence. auto. + rewrite PTree.gsspec. case (peq id a); intro. + congruence. eapply IHparams. elim H; intro. congruence. auto. +Qed. + +Lemma set_locals_defined: + forall e vars id, + In id vars \/ e!id <> None -> (set_locals vars e)!id <> None. +Proof. + induction vars; simpl; intros. + tauto. + rewrite PTree.gsspec. case (peq id a); intro. + congruence. + apply IHvars. assert (a <> id). congruence. tauto. +Qed. + +Lemma set_locals_params_defined: + forall args params vars id, + In id (params ++ vars) -> + (set_locals vars (set_params args params))!id <> None. +Proof. + intros. apply set_locals_defined. + elim (in_app_or _ _ _ H); intro. + right. apply set_params_defined; auto. + left; auto. +Qed. + +(** Preservation of [match_callstack] by simultaneous allocation + of Csharpminor local variables and of the Cminor stack data block. *) + +Lemma match_callstack_alloc_variables: + forall fn cenv sz m e m' lb tm tm' sp f cs targs, + build_compilenv fn = (cenv, sz) -> + sz <= Int.max_signed -> + alloc_variables Csharpminor.empty_env m (fn_variables fn) e m' lb -> + Mem.alloc tm 0 sz = (tm', sp) -> + match_callstack f cs m.(nextblock) tm.(nextblock) m -> + mem_inject f m tm -> + let tparams := List.map (@fst ident memory_chunk) fn.(Csharpminor.fn_params) in + let tvars := List.map (@fst ident local_variable) fn.(Csharpminor.fn_vars) in + let te := set_locals tvars (set_params targs tparams) in + exists f', + inject_incr f f' + /\ mem_inject f' m' tm' + /\ match_callstack f' (mkframe cenv e te sp m.(nextblock) m'.(nextblock) :: cs) + m'.(nextblock) tm'.(nextblock) m'. +Proof. + intros. + assert (SP: sp = nextblock tm). injection H2; auto. + unfold build_compilenv in H. + eapply match_callstack_alloc_variables_rec with (sz' := sz); eauto. + eapply valid_new_block; eauto. + rewrite (low_bound_alloc _ _ sp _ _ _ H2). apply zeq_true. + rewrite (high_bound_alloc _ _ sp _ _ _ H2). apply zeq_true. + (* match_callstack *) + constructor. omega. change (valid_block tm' sp). eapply valid_new_block; eauto. + constructor. + (* me_vars *) + intros. rewrite PMap.gi. constructor. + unfold Csharpminor.empty_env. apply PTree.gempty. + (* me_low_high *) + omega. + (* me_bounded *) + intros until lv. unfold Csharpminor.empty_env. rewrite PTree.gempty. congruence. + (* me_inj *) + intros until lv2. unfold Csharpminor.empty_env; rewrite PTree.gempty; congruence. + (* me_inv *) + intros. elim (mi_mappedblocks _ _ _ H4 _ _ _ H5); intros. + elim (fresh_block_alloc _ _ _ _ _ H2 H6). + (* me_incr *) + intros. elim (mi_mappedblocks _ _ _ H4 _ _ _ H5); intros. + rewrite SP; auto. + rewrite SP; auto. + eapply alloc_right_inject; eauto. + omega. + intros. elim (mi_mappedblocks _ _ _ H4 _ _ _ H5); intros. + unfold block in SP; omegaContradiction. + (* defined *) + intros. unfold te. apply set_locals_params_defined. + unfold tparams, tvars. unfold fn_variables in H5. + change Csharpminor.fn_params with Csharpminor.fn_params in H5. + change Csharpminor.fn_vars with Csharpminor.fn_vars in H5. + elim (in_app_or _ _ _ H5); intros. + elim (list_in_map_inv _ _ _ H6). intros x [A B]. + apply in_or_app; left. inversion A. apply List.in_map. auto. + apply in_or_app; right. + change id with (fst (id, lv)). apply List.in_map; auto. +Qed. + +(** Characterization of the range of addresses for the blocks allocated + to hold Csharpminor local variables. *) + +Lemma alloc_variables_nextblock_incr: + forall e1 m1 vars e2 m2 lb, + alloc_variables e1 m1 vars e2 m2 lb -> + nextblock m1 <= nextblock m2. +Proof. + induction 1; intros. + omega. + inversion H; subst m1; simpl in IHalloc_variables. omega. +Qed. + +Lemma alloc_variables_list_block: + forall e1 m1 vars e2 m2 lb, + alloc_variables e1 m1 vars e2 m2 lb -> + forall b, m1.(nextblock) <= b < m2.(nextblock) <-> In b lb. +Proof. + induction 1; intros. + simpl; split; intro. omega. contradiction. + elim (IHalloc_variables b); intros A B. + assert (nextblock m = b1). injection H; intros. auto. + assert (nextblock m1 = Zsucc (nextblock m)). + injection H; intros; subst m1; reflexivity. + simpl; split; intro. + assert (nextblock m = b \/ nextblock m1 <= b < nextblock m2). + unfold block; rewrite H2; omega. + elim H4; intro. left; congruence. right; auto. + elim H3; intro. subst b b1. + generalize (alloc_variables_nextblock_incr _ _ _ _ _ _ H0). + rewrite H2. omega. + generalize (B H4). rewrite H2. omega. +Qed. + +(** Correctness of the code generated by [store_parameters] + to store in memory the values of parameters that are stack-allocated. *) + +Inductive vars_vals_match: + meminj -> list (ident * memory_chunk) -> list val -> env -> Prop := + | vars_vals_nil: + forall f te, + vars_vals_match f nil nil te + | vars_vals_cons: + forall f te id chunk vars v vals tv, + te!id = Some tv -> + val_inject f v tv -> + vars_vals_match f vars vals te -> + vars_vals_match f ((id, chunk) :: vars) (v :: vals) te. + +Lemma vars_vals_match_extensional: + forall f vars vals te, + vars_vals_match f vars vals te -> + forall te', + (forall id lv, In (id, lv) vars -> te'!id = te!id) -> + vars_vals_match f vars vals te'. +Proof. + induction 1; intros. + constructor. + econstructor; eauto. rewrite <- H. eapply H2. left. reflexivity. + apply IHvars_vals_match. intros. eapply H2; eauto. right. eauto. +Qed. + +Lemma store_parameters_correct: + forall e m1 params vl m2, + bind_parameters e m1 params vl m2 -> + forall f te1 cenv sp lo hi cs tm1, + vars_vals_match f params vl te1 -> + list_norepet (List.map (@fst ident memory_chunk) params) -> + mem_inject f m1 tm1 -> + match_callstack f (mkframe cenv e te1 sp lo hi :: cs) m1.(nextblock) tm1.(nextblock) m1 -> + exists te2, exists tm2, + exec_stmtlist tge (Vptr sp Int.zero) + te1 tm1 (store_parameters cenv params) + te2 tm2 Out_normal + /\ mem_inject f m2 tm2 + /\ match_callstack f (mkframe cenv e te2 sp lo hi :: cs) m2.(nextblock) tm2.(nextblock) m2. +Proof. + induction 1. + (* base case *) + intros; simpl. exists te1; exists tm1. split. constructor. tauto. + (* inductive case *) + intros until tm1. intros VVM NOREPET MINJ MATCH. simpl. + inversion VVM. subst f0 id0 chunk0 vars v vals te. + inversion MATCH. subst f0 cenv0 e0 te sp0 lo0 hi0 cs0 bound tbound m0. + inversion H19. + inversion NOREPET. subst hd tl. + assert (NEXT: nextblock m1 = nextblock m). + generalize (store_inv _ _ _ _ _ _ H1). simpl; tauto. + generalize (me_vars0 id); intro MV. inversion MV. + (* cenv!!id = Var_local chunk *) + change Csharpminor.local_variable with local_variable in H4. + rewrite H in H4. injection H4; clear H4; intros; subst b0 chunk0. + assert (v' = tv). congruence. subst v'. + assert (eval_expr tge (Vptr sp Int.zero) nil te1 tm1 (Evar id) te1 tm1 tv). + constructor. auto. + generalize (make_cast_correct _ _ _ _ _ _ _ _ _ _ _ _ + H4 H0 H11). + intros [tv' [EVAL1 [VINJ1 VNORM]]]. + set (te2 := PTree.set id tv' te1). + assert (VVM2: vars_vals_match f params vl te2). + apply vars_vals_match_extensional with te1; auto. + intros. unfold te2; apply PTree.gso. red; intro; subst id0. + elim H5. change id with (fst (id, lv)). apply List.in_map; auto. + generalize (store_unmapped_inject _ _ _ _ _ _ _ _ MINJ H1 H8); intro MINJ2. + generalize (match_callstack_store_local _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + H VINJ1 VNORM H1 MATCH); + fold te2; rewrite <- NEXT; intro MATCH2. + destruct (IHbind_parameters _ _ _ _ _ _ _ _ VVM2 H6 MINJ2 MATCH2) + as [te3 [tm3 [EXEC3 [MINJ3 MATCH3]]]]. + exists te3; exists tm3. + (* execution *) + split. apply exec_Scons_continue with te2 tm1. + econstructor. unfold te2. constructor. assumption. + assumption. + (* meminj & match_callstack *) + tauto. + + (* cenv!!id = Var_stack_scalar *) + change Csharpminor.local_variable with local_variable in H4. + rewrite H in H4. injection H4; clear H4; intros; subst b0 chunk0. + pose (EVAL1 := make_stackaddr_correct sp nil te1 tm1 ofs). + assert (EVAL2: eval_expr tge (Vptr sp Int.zero) nil te1 tm1 (Evar id) te1 tm1 tv). + constructor. auto. + destruct (make_store_correct _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + (Vptr b Int.zero) _ + EVAL1 EVAL2 H0 H1 MINJ H7 H11) + as [tm2 [tv' [EVAL3 [MINJ2 [VINJ NEXT1]]]]]. + assert (f b <> None). inversion H7. congruence. + generalize (match_callstack_mapped _ _ _ _ _ MATCH _ _ _ _ _ H4 H1). + rewrite <- NEXT; rewrite <- NEXT1; intro MATCH2. + destruct (IHbind_parameters _ _ _ _ _ _ _ _ + H12 H6 MINJ2 MATCH2) as [te3 [tm3 [EVAL4 [MINJ3 MATCH3]]]]. + exists te3; exists tm3. + (* execution *) + split. apply exec_Scons_continue with te1 tm2. + econstructor. eauto. + assumption. + (* meminj & match_callstack *) + tauto. + + (* Impossible cases on cenv!!id *) + change Csharpminor.local_variable with local_variable in H4. + congruence. + change Csharpminor.local_variable with local_variable in H4. + congruence. +Qed. + +Lemma vars_vals_match_holds_1: + forall f params args targs, + list_norepet (List.map (@fst ident memory_chunk) params) -> + List.length params = List.length args -> + val_list_inject f args targs -> + vars_vals_match f params args + (set_params targs (List.map (@fst ident memory_chunk) params)). +Proof. + induction params; destruct args; simpl; intros; try discriminate. + constructor. + inversion H1. subst v0 vl targs. + inversion H. subst hd tl. + destruct a as [id chunk]. econstructor. + simpl. rewrite PTree.gss. reflexivity. + auto. + apply vars_vals_match_extensional + with (set_params vl' (map (@fst ident memory_chunk) params)). + eapply IHparams; eauto. + intros. simpl. apply PTree.gso. red; intro; subst id0. + elim H5. change (fst (id, chunk)) with (fst (id, lv)). + apply List.in_map; auto. +Qed. + +Lemma vars_vals_match_holds: + forall f params args targs, + List.length params = List.length args -> + val_list_inject f args targs -> + forall vars, + list_norepet (List.map (@fst ident local_variable) vars + ++ List.map (@fst ident memory_chunk) params) -> + vars_vals_match f params args + (set_locals (List.map (@fst ident local_variable) vars) + (set_params targs (List.map (@fst ident memory_chunk) params))). +Proof. + induction vars; simpl; intros. + eapply vars_vals_match_holds_1; eauto. + inversion H1. subst hd tl. + eapply vars_vals_match_extensional; eauto. + intros. apply PTree.gso. red; intro; subst id; elim H4. + apply in_or_app. right. change (fst a) with (fst (fst a, lv)). + apply List.in_map; auto. +Qed. + +Lemma bind_parameters_length: + forall e m1 params args m2, + bind_parameters e m1 params args m2 -> + List.length params = List.length args. +Proof. + induction 1; simpl; eauto. +Qed. + +(** The final result in this section: the behaviour of function entry + in the generated Cminor code (allocate stack data block and store + parameters whose address is taken) simulates what happens at function + entry in the original Csharpminor (allocate one block per local variable + and initialize the blocks corresponding to function parameters). *) + +Lemma function_entry_ok: + forall fn m e m1 lb vargs m2 f cs tm cenv sz tm1 sp tvargs, + alloc_variables empty_env m (fn_variables fn) e m1 lb -> + bind_parameters e m1 fn.(Csharpminor.fn_params) vargs m2 -> + match_callstack f cs m.(nextblock) tm.(nextblock) m -> + build_compilenv fn = (cenv, sz) -> + sz <= Int.max_signed -> + Mem.alloc tm 0 sz = (tm1, sp) -> + let te := + set_locals (fn_vars_names fn) (set_params tvargs (fn_params_names fn)) in + val_list_inject f vargs tvargs -> + mem_inject f m tm -> + list_norepet (fn_params_names fn ++ fn_vars_names fn) -> + exists f2, exists te2, exists tm2, + exec_stmtlist tge (Vptr sp Int.zero) + te tm1 (store_parameters cenv fn.(Csharpminor.fn_params)) + te2 tm2 Out_normal + /\ mem_inject f2 m2 tm2 + /\ inject_incr f f2 + /\ match_callstack f2 + (mkframe cenv e te2 sp m.(nextblock) m1.(nextblock) :: cs) + m2.(nextblock) tm2.(nextblock) m2 + /\ (forall b, m.(nextblock) <= b < m1.(nextblock) <-> In b lb). +Proof. + intros. + generalize (bind_parameters_length _ _ _ _ _ H0); intro LEN1. + destruct (match_callstack_alloc_variables _ _ _ _ _ _ _ _ _ _ _ _ tvargs + H2 H3 H H4 H1 H6) + as [f1 [INCR1 [MINJ1 MATCH1]]]. + fold te in MATCH1. + assert (VLI: val_list_inject f1 vargs tvargs). + eapply val_list_inject_incr; eauto. + generalize (vars_vals_match_holds _ _ _ _ LEN1 VLI _ + (list_norepet_append_commut _ _ H7)). + fold te. intro VVM. + assert (NOREPET: list_norepet (List.map (@fst ident memory_chunk) fn.(Csharpminor.fn_params))). + unfold fn_params_names in H7. + eapply list_norepet_append_left; eauto. + destruct (store_parameters_correct _ _ _ _ _ H0 _ _ _ _ _ _ _ _ + VVM NOREPET MINJ1 MATCH1) + as [te2 [tm2 [EXEC [MINJ2 MATCH2]]]]. + exists f1; exists te2; exists tm2. + split. auto. split. auto. split. auto. split. auto. + intros; eapply alloc_variables_list_block; eauto. +Qed. + +(** * Semantic preservation for the translation *) + +(** These tactics simplify hypotheses of the form [f ... = Some x]. *) + +Ltac monadSimpl1 := + match goal with + | [ |- (bind _ _ ?F ?G = Some ?X) -> _ ] => + unfold bind at 1; + generalize (refl_equal F); + pattern F at -1 in |- *; + case F; + [ (let EQ := fresh "EQ" in + (intro; intro EQ; + try monadSimpl1)) + | intros; discriminate ] + | [ |- (None = Some _) -> _ ] => + intro; discriminate + | [ |- (Some _ = Some _) -> _ ] => + let h := fresh "H" in + (intro h; injection h; intro; clear h) + end. + +Ltac monadSimpl := + match goal with + | [ |- (bind _ _ ?F ?G = Some ?X) -> _ ] => monadSimpl1 + | [ |- (None = Some _) -> _ ] => monadSimpl1 + | [ |- (Some _ = Some _) -> _ ] => monadSimpl1 + | [ |- (?F _ _ _ _ _ _ _ = Some _) -> _ ] => simpl F; monadSimpl1 + | [ |- (?F _ _ _ _ _ _ = Some _) -> _ ] => simpl F; monadSimpl1 + | [ |- (?F _ _ _ _ _ = Some _) -> _ ] => simpl F; monadSimpl1 + | [ |- (?F _ _ _ _ = Some _) -> _ ] => simpl F; monadSimpl1 + | [ |- (?F _ _ _ = Some _) -> _ ] => simpl F; monadSimpl1 + | [ |- (?F _ _ = Some _) -> _ ] => simpl F; monadSimpl1 + | [ |- (?F _ = Some _) -> _ ] => simpl F; monadSimpl1 + end. + +Ltac monadInv H := + generalize H; monadSimpl. + +(** The proof of semantic preservation uses simulation diagrams of the + following form: +<< + le, e, m1, a --------------- tle, sp, te1, tm1, ta + | | + | | + v v + le, e, m2, v --------------- tle, sp, te2, tm2, tv +>> + where [ta] is the Cminor expression obtained by translating the + Csharpminor expression [a]. The left vertical arrow is an evaluation + of a Csharpminor expression. The right vertical arrow is an evaluation + of a Cminor expression. The precondition (top vertical bar) + includes a [mem_inject] relation between the memory states [m1] and [tm1], + a [val_list_inject] relation between the let environments [le] and [tle], + and a [match_callstack] relation for any callstack having + [e], [te1], [sp] as top frame. The postcondition (bottom vertical bar) + is the existence of a memory injection [f2] that extends the injection + [f1] we started with, preserves the [match_callstack] relation for + the transformed callstack at the final state, and validates a + [val_inject] relation between the result values [v] and [tv]. + + We capture these diagrams by the following predicates, parameterized + over the Csharpminor executions, which will serve as induction + hypotheses in the proof of simulation. *) + +Definition eval_expr_prop + (le: Csharpminor.letenv) (e: Csharpminor.env) (m1: mem) (a: Csharpminor.expr) (m2: mem) (v: val) : Prop := + forall cenv ta f1 tle te1 tm1 sp lo hi cs + (TR: transl_expr cenv a = Some ta) + (LINJ: val_list_inject f1 le tle) + (MINJ: mem_inject f1 m1 tm1) + (MATCH: match_callstack f1 + (mkframe cenv e te1 sp lo hi :: cs) + m1.(nextblock) tm1.(nextblock) m1), + exists f2, exists te2, exists tm2, exists tv, + eval_expr tge (Vptr sp Int.zero) tle te1 tm1 ta te2 tm2 tv + /\ val_inject f2 v tv + /\ mem_inject f2 m2 tm2 + /\ inject_incr f1 f2 + /\ match_callstack f2 + (mkframe cenv e te2 sp lo hi :: cs) + m2.(nextblock) tm2.(nextblock) m2. + +Definition eval_exprlist_prop + (le: Csharpminor.letenv) (e: Csharpminor.env) (m1: mem) (al: Csharpminor.exprlist) (m2: mem) (vl: list val) : Prop := + forall cenv tal f1 tle te1 tm1 sp lo hi cs + (TR: transl_exprlist cenv al = Some tal) + (LINJ: val_list_inject f1 le tle) + (MINJ: mem_inject f1 m1 tm1) + (MATCH: match_callstack f1 + (mkframe cenv e te1 sp lo hi :: cs) + m1.(nextblock) tm1.(nextblock) m1), + exists f2, exists te2, exists tm2, exists tvl, + eval_exprlist tge (Vptr sp Int.zero) tle te1 tm1 tal te2 tm2 tvl + /\ val_list_inject f2 vl tvl + /\ mem_inject f2 m2 tm2 + /\ inject_incr f1 f2 + /\ match_callstack f2 + (mkframe cenv e te2 sp lo hi :: cs) + m2.(nextblock) tm2.(nextblock) m2. + +Definition eval_funcall_prop + (m1: mem) (fn: Csharpminor.function) (args: list val) (m2: mem) (res: val) : Prop := + forall tfn f1 tm1 cs targs + (TR: transl_function fn = Some tfn) + (MINJ: mem_inject f1 m1 tm1) + (MATCH: match_callstack f1 cs m1.(nextblock) tm1.(nextblock) m1) + (ARGSINJ: val_list_inject f1 args targs), + exists f2, exists tm2, exists tres, + eval_funcall tge tm1 tfn targs tm2 tres + /\ val_inject f2 res tres + /\ mem_inject f2 m2 tm2 + /\ inject_incr f1 f2 + /\ match_callstack f2 cs m2.(nextblock) tm2.(nextblock) m2. + +Inductive outcome_inject (f: meminj) : Csharpminor.outcome -> outcome -> Prop := + | outcome_inject_normal: + outcome_inject f Csharpminor.Out_normal Out_normal + | outcome_inject_exit: + forall n, outcome_inject f (Csharpminor.Out_exit n) (Out_exit n) + | outcome_inject_return_none: + outcome_inject f (Csharpminor.Out_return None) (Out_return None) + | outcome_inject_return_some: + forall v1 v2, + val_inject f v1 v2 -> + outcome_inject f (Csharpminor.Out_return (Some v1)) (Out_return (Some v2)). + +Definition exec_stmt_prop + (e: Csharpminor.env) (m1: mem) (s: Csharpminor.stmt) (m2: mem) (out: Csharpminor.outcome): Prop := + forall cenv ts f1 te1 tm1 sp lo hi cs + (TR: transl_stmt cenv s = Some ts) + (MINJ: mem_inject f1 m1 tm1) + (MATCH: match_callstack f1 + (mkframe cenv e te1 sp lo hi :: cs) + m1.(nextblock) tm1.(nextblock) m1), + exists f2, exists te2, exists tm2, exists tout, + exec_stmt tge (Vptr sp Int.zero) te1 tm1 ts te2 tm2 tout + /\ outcome_inject f2 out tout + /\ mem_inject f2 m2 tm2 + /\ inject_incr f1 f2 + /\ match_callstack f2 + (mkframe cenv e te2 sp lo hi :: cs) + m2.(nextblock) tm2.(nextblock) m2. + +Definition exec_stmtlist_prop + (e: Csharpminor.env) (m1: mem) (s: Csharpminor.stmtlist) (m2: mem) (out: Csharpminor.outcome): Prop := + forall cenv ts f1 te1 tm1 sp lo hi cs + (TR: transl_stmtlist cenv s = Some ts) + (MINJ: mem_inject f1 m1 tm1) + (MATCH: match_callstack f1 + (mkframe cenv e te1 sp lo hi :: cs) + m1.(nextblock) tm1.(nextblock) m1), + exists f2, exists te2, exists tm2, exists tout, + exec_stmtlist tge (Vptr sp Int.zero) te1 tm1 ts te2 tm2 tout + /\ outcome_inject f2 out tout + /\ mem_inject f2 m2 tm2 + /\ inject_incr f1 f2 + /\ match_callstack f2 + (mkframe cenv e te2 sp lo hi :: cs) + m2.(nextblock) tm2.(nextblock) m2. + +(** There are as many cases in the inductive proof as there are evaluation + rules in the Csharpminor semantics. We treat each case as a separate + lemma. *) + +Lemma transl_expr_Evar_correct: + forall (le : Csharpminor.letenv) + (e : PTree.t (block * local_variable)) (m : mem) (id : positive) + (b : block) (chunk : memory_chunk) (v : val), + e ! id = Some (b, LVscalar chunk) -> + load chunk m b 0 = Some v -> + eval_expr_prop le e m (Csharpminor.Evar id) m v. +Proof. + intros; red; intros. unfold transl_expr in TR. + generalize (var_get_correct _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tle + TR MATCH MINJ H H0). + intros [tv [EVAL VINJ]]. + exists f1; exists te1; exists tm1; exists tv; intuition. +Qed. + +Lemma transl_expr_Eassign_correct: + forall (le : Csharpminor.letenv) (e : Csharpminor.env) (m : mem) + (id : positive) (a : Csharpminor.expr) (m1 : mem) (b : block) + (chunk : memory_chunk) (v1 v2 : val) (m2 : mem), + Csharpminor.eval_expr ge le e m a m1 v1 -> + eval_expr_prop le e m a m1 v1 -> + e ! id = Some (b, LVscalar chunk) -> + cast chunk v1 = Some v2 -> + store chunk m1 b 0 v2 = Some m2 -> + eval_expr_prop le e m (Csharpminor.Eassign id a) m2 v2. +Proof. + intros; red; intros. monadInv TR; intro EQ0. + generalize (H0 _ _ _ _ _ _ _ _ _ _ EQ LINJ MINJ MATCH). + intros [f2 [te2 [tm2 [tv1 [EVAL1 [VINJ1 [MINJ1 [INCR12 MATCH1]]]]]]]]. + generalize (var_set_correct _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + EQ0 MATCH1 EVAL1 VINJ1 MINJ1 H1 H2 H3). + intros [te3 [tm3 [tv2 [EVAL2 [VINJ2 [MINJ2 MATCH2]]]]]]. + exists f2; exists te3; exists tm3; exists tv2. tauto. +Qed. + +Lemma transl_expr_Eaddrof_local_correct: + forall (le : Csharpminor.letenv) + (e : PTree.t (block * local_variable)) (m : mem) (id : positive) + (b : block) (lv : local_variable), + e ! id = Some (b, lv) -> + eval_expr_prop le e m (Eaddrof id) m (Vptr b Int.zero). +Proof. + intros; red; intros. simpl in TR. + generalize (var_addr_local_correct _ _ _ _ _ _ _ _ _ _ _ _ _ _ tle + TR MATCH H). + intros [tv [EVAL VINJ]]. + exists f1; exists te1; exists tm1; exists tv. intuition. +Qed. + +Lemma transl_expr_Eaddrof_global_correct: + forall (le : Csharpminor.letenv) + (e : PTree.t (block * local_variable)) (m : mem) (id : positive) + (b : block), + e ! id = None -> + Genv.find_symbol ge id = Some b -> + eval_expr_prop le e m (Eaddrof id) m (Vptr b Int.zero). +Proof. + intros; red; intros. simpl in TR. + generalize (var_addr_global_correct _ _ _ _ _ _ _ _ _ _ _ _ _ tle + TR MATCH H H0). + intros [tv [EVAL VINJ]]. + exists f1; exists te1; exists tm1; exists tv. intuition. +Qed. + +Lemma transl_expr_Eop_correct: + forall (le : Csharpminor.letenv) (e : Csharpminor.env) (m : mem) + (op : Csharpminor.operation) (al : Csharpminor.exprlist) (m1 : mem) + (vl : list val) (v : val), + Csharpminor.eval_exprlist ge le e m al m1 vl -> + eval_exprlist_prop le e m al m1 vl -> + Csharpminor.eval_operation op vl m1 = Some v -> + eval_expr_prop le e m (Csharpminor.Eop op al) m1 v. +Proof. + intros; red; intros. monadInv TR; intro EQ0. + generalize (H0 _ _ _ _ _ _ _ _ _ _ EQ LINJ MINJ MATCH). + intros [f2 [te2 [tm2 [tvl [EVAL1 [VINJ1 [MINJ1 [INCR1 MATCH1]]]]]]]]. + generalize (make_op_correct _ _ _ _ _ _ _ _ _ _ _ _ _ _ + EQ0 H1 EVAL1 VINJ1 MINJ1). + intros [tv [EVAL2 VINJ2]]. + exists f2; exists te2; exists tm2; exists tv. intuition. +Qed. + +Lemma transl_expr_Eload_correct: + forall (le : Csharpminor.letenv) (e : Csharpminor.env) (m : mem) + (chunk : memory_chunk) (a : Csharpminor.expr) (m1 : mem) + (v1 v : val), + Csharpminor.eval_expr ge le e m a m1 v1 -> + eval_expr_prop le e m a m1 v1 -> + loadv chunk m1 v1 = Some v -> + eval_expr_prop le e m (Csharpminor.Eload chunk a) m1 v. +Proof. + intros; red; intros. + monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ _ EQ LINJ MINJ MATCH) + as [f2 [te2 [tm2 [tv1 [EVAL [VINJ1 [MINJ2 [INCR MATCH2]]]]]]]]. + destruct (loadv_inject _ _ _ _ _ _ _ MINJ2 H1 VINJ1) + as [tv [TLOAD VINJ]]. + exists f2; exists te2; exists tm2; exists tv. + intuition. + subst ta. eapply make_load_correct; eauto. +Qed. + +Lemma transl_expr_Estore_correct: + forall (le : Csharpminor.letenv) (e : Csharpminor.env) (m : mem) + (chunk : memory_chunk) (a b : Csharpminor.expr) (m1 : mem) + (v1 : val) (m2 : mem) (v2 : val) (m3 : mem) (v3 : val), + Csharpminor.eval_expr ge le e m a m1 v1 -> + eval_expr_prop le e m a m1 v1 -> + Csharpminor.eval_expr ge le e m1 b m2 v2 -> + eval_expr_prop le e m1 b m2 v2 -> + cast chunk v2 = Some v3 -> + storev chunk m2 v1 v3 = Some m3 -> + eval_expr_prop le e m (Csharpminor.Estore chunk a b) m3 v3. +Proof. + intros; red; intros. monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ _ EQ LINJ MINJ MATCH) + as [f2 [te2 [tm2 [tv1 [EVAL1 [VINJ1 [MINJ2 [INCR2 MATCH2]]]]]]]]. + assert (LINJ2: val_list_inject f2 le tle). eapply val_list_inject_incr; eauto. + destruct (H2 _ _ _ _ _ _ _ _ _ _ EQ0 LINJ2 MINJ2 MATCH2) + as [f3 [te3 [tm3 [tv2 [EVAL2 [VINJ2 [MINJ3 [INCR3 MATCH3]]]]]]]]. + assert (VINJ1': val_inject f3 v1 tv1). eapply val_inject_incr; eauto. + destruct (make_store_correct _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + EVAL1 EVAL2 H3 H4 MINJ3 VINJ1' VINJ2) + as [tm4 [tv [EVAL [MINJ4 [VINJ4 NEXTBLOCK]]]]]. + exists f3; exists te3; exists tm4; exists tv. + rewrite <- H6. intuition. + eapply inject_incr_trans; eauto. + assert (val_inject f3 v1 tv1). eapply val_inject_incr; eauto. + unfold storev in H4; destruct v1; try discriminate. + inversion H5. + rewrite NEXTBLOCK. replace (nextblock m3) with (nextblock m2). + eapply match_callstack_mapped; eauto. congruence. + generalize (store_inv _ _ _ _ _ _ H4). simpl; symmetry; tauto. +Qed. + +Lemma sig_transl_function: + forall f tf, transl_function f = Some tf -> tf.(fn_sig) = f.(Csharpminor.fn_sig). +Proof. + intros f tf. unfold transl_function. + destruct (build_compilenv f). + case (zle z Int.max_signed); intros. + monadInv H. subst tf; reflexivity. + congruence. +Qed. + +Lemma transl_expr_Ecall_correct: + forall (le : Csharpminor.letenv) (e : Csharpminor.env) (m : mem) + (sig : signature) (a : Csharpminor.expr) (bl : Csharpminor.exprlist) + (m1 m2 m3 : mem) (vf : val) (vargs : list val) (vres : val) + (f : Csharpminor.function), + Csharpminor.eval_expr ge le e m a m1 vf -> + eval_expr_prop le e m a m1 vf -> + Csharpminor.eval_exprlist ge le e m1 bl m2 vargs -> + eval_exprlist_prop le e m1 bl m2 vargs -> + Genv.find_funct ge vf = Some f -> + Csharpminor.fn_sig f = sig -> + Csharpminor.eval_funcall ge m2 f vargs m3 vres -> + eval_funcall_prop m2 f vargs m3 vres -> + eval_expr_prop le e m (Csharpminor.Ecall sig a bl) m3 vres. +Proof. + intros;red;intros. monadInv TR. subst ta. + generalize (H0 _ _ _ _ _ _ _ _ _ _ EQ LINJ MINJ MATCH). + intros [f2 [te2 [tm2 [tv1 [EVAL1 [VINJ1 [MINJ1 [INCR1 MATCH1]]]]]]]]. + assert (LINJ1: val_list_inject f2 le tle). eapply val_list_inject_incr; eauto. + generalize (H2 _ _ _ _ _ _ _ _ _ _ EQ0 LINJ1 MINJ1 MATCH1). + intros [f3 [te3 [tm3 [tv2 [EVAL2 [VINJ2 [MINJ2 [INCR2 MATCH2]]]]]]]]. + assert (tv1 = vf). + elim (Genv.find_funct_inv H3). intros bf VF. rewrite VF in H3. + rewrite Genv.find_funct_find_funct_ptr in H3. + generalize (Genv.find_funct_ptr_inv H3). intro. + assert (match_globalenvs f2). eapply match_callstack_match_globalenvs; eauto. + generalize (mg_functions _ H8 _ H7). intro. + rewrite VF in VINJ1. inversion VINJ1. subst vf. + decEq. congruence. + subst ofs2. replace x with 0. reflexivity. congruence. + subst tv1. elim (functions_translated _ _ H3). intros tf [FIND TRF]. + generalize (H6 _ _ _ _ _ TRF MINJ2 MATCH2 VINJ2). + intros [f4 [tm4 [tres [EVAL3 [VINJ3 [MINJ3 [INCR3 MATCH3]]]]]]]. + exists f4; exists te3; exists tm4; exists tres. intuition. + eapply eval_Ecall; eauto. rewrite <- H4. apply sig_transl_function; auto. + apply inject_incr_trans with f2; auto. + apply inject_incr_trans with f3; auto. +Qed. + +Lemma transl_expr_Econdition_true_correct: + forall (le : Csharpminor.letenv) (e : Csharpminor.env) (m : mem) + (a b c : Csharpminor.expr) (m1 : mem) (v1 : val) (m2 : mem) + (v2 : val), + Csharpminor.eval_expr ge le e m a m1 v1 -> + eval_expr_prop le e m a m1 v1 -> + Val.is_true v1 -> + Csharpminor.eval_expr ge le e m1 b m2 v2 -> + eval_expr_prop le e m1 b m2 v2 -> + eval_expr_prop le e m (Csharpminor.Econdition a b c) m2 v2. +Proof. + intros; red; intros. monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ _ EQ LINJ MINJ MATCH) + as [f2 [te2 [tm2 [tv1 [EVAL1 [VINJ1 [MINJ1 [INCR1 MATCH1]]]]]]]]. + assert (LINJ1: val_list_inject f2 le tle). eapply val_list_inject_incr; eauto. + destruct (H3 _ _ _ _ _ _ _ _ _ _ EQ0 LINJ1 MINJ1 MATCH1) + as [f3 [te3 [tm3 [tv2 [EVAL2 [VINJ2 [MINJ2 [INCR2 MATCH2]]]]]]]]. + exists f3; exists te3; exists tm3; exists tv2. + intuition. + rewrite <- H5. eapply eval_conditionalexpr_true; eauto. + inversion VINJ1; subst v1 tv1; simpl in H1; simpl; contradiction || auto. + eapply inject_incr_trans; eauto. +Qed. + +Lemma transl_expr_Econdition_false_correct: + forall (le : Csharpminor.letenv) (e : Csharpminor.env) (m : mem) + (a b c : Csharpminor.expr) (m1 : mem) (v1 : val) (m2 : mem) + (v2 : val), + Csharpminor.eval_expr ge le e m a m1 v1 -> + eval_expr_prop le e m a m1 v1 -> + Val.is_false v1 -> + Csharpminor.eval_expr ge le e m1 c m2 v2 -> + eval_expr_prop le e m1 c m2 v2 -> + eval_expr_prop le e m (Csharpminor.Econdition a b c) m2 v2. +Proof. + intros; red; intros. monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ _ EQ LINJ MINJ MATCH) + as [f2 [te2 [tm2 [tv1 [EVAL1 [VINJ1 [MINJ1 [INCR1 MATCH1]]]]]]]]. + assert (LINJ1: val_list_inject f2 le tle). eapply val_list_inject_incr; eauto. + destruct (H3 _ _ _ _ _ _ _ _ _ _ EQ1 LINJ1 MINJ1 MATCH1) + as [f3 [te3 [tm3 [tv2 [EVAL2 [VINJ2 [MINJ2 [INCR2 MATCH2]]]]]]]]. + exists f3; exists te3; exists tm3; exists tv2. + intuition. + rewrite <- H5. eapply eval_conditionalexpr_false; eauto. + inversion VINJ1; subst v1 tv1; simpl in H1; simpl; contradiction || auto. + eapply inject_incr_trans; eauto. +Qed. + +Lemma transl_expr_Elet_correct: + forall (le : Csharpminor.letenv) (e : Csharpminor.env) (m : mem) + (a b : Csharpminor.expr) (m1 : mem) (v1 : val) (m2 : mem) (v2 : val), + Csharpminor.eval_expr ge le e m a m1 v1 -> + eval_expr_prop le e m a m1 v1 -> + Csharpminor.eval_expr ge (v1 :: le) e m1 b m2 v2 -> + eval_expr_prop (v1 :: le) e m1 b m2 v2 -> + eval_expr_prop le e m (Csharpminor.Elet a b) m2 v2. +Proof. + intros; red; intros. monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ _ EQ LINJ MINJ MATCH) + as [f2 [te2 [tm2 [tv1 [EVAL1 [VINJ1 [MINJ1 [INCR1 MATCH1]]]]]]]]. + assert (LINJ1: val_list_inject f2 (v1 :: le) (tv1 :: tle)). + constructor. auto. eapply val_list_inject_incr; eauto. + destruct (H2 _ _ _ _ _ _ _ _ _ _ EQ0 LINJ1 MINJ1 MATCH1) + as [f3 [te3 [tm3 [tv2 [EVAL2 [VINJ2 [MINJ2 [INCR2 MATCH2]]]]]]]]. + exists f3; exists te3; exists tm3; exists tv2. + intuition. + subst ta; eapply eval_Elet; eauto. + eapply inject_incr_trans; eauto. +Qed. + +Remark val_list_inject_nth: + forall f l1 l2, val_list_inject f l1 l2 -> + forall n v1, nth_error l1 n = Some v1 -> + exists v2, nth_error l2 n = Some v2 /\ val_inject f v1 v2. +Proof. + induction 1; destruct n; simpl; intros. + discriminate. discriminate. + injection H1; intros; subst v. exists v'; split; auto. + eauto. +Qed. + +Lemma transl_expr_Eletvar_correct: + forall (le : list val) (e : Csharpminor.env) (m : mem) (n : nat) + (v : val), + nth_error le n = Some v -> + eval_expr_prop le e m (Csharpminor.Eletvar n) m v. +Proof. + intros; red; intros. monadInv TR. + destruct (val_list_inject_nth _ _ _ LINJ _ _ H) + as [tv [A B]]. + exists f1; exists te1; exists tm1; exists tv. + intuition. + subst ta. eapply eval_Eletvar; auto. +Qed. + +Lemma transl_exprlist_Enil_correct: + forall (le : Csharpminor.letenv) (e : Csharpminor.env) (m : mem), + eval_exprlist_prop le e m Csharpminor.Enil m nil. +Proof. + intros; red; intros. monadInv TR. + exists f1; exists te1; exists tm1; exists (@nil val). + intuition. subst tal; constructor. +Qed. + +Lemma transl_exprlist_Econs_correct: + forall (le : Csharpminor.letenv) (e : Csharpminor.env) (m : mem) + (a : Csharpminor.expr) (bl : Csharpminor.exprlist) (m1 : mem) + (v : val) (m2 : mem) (vl : list val), + Csharpminor.eval_expr ge le e m a m1 v -> + eval_expr_prop le e m a m1 v -> + Csharpminor.eval_exprlist ge le e m1 bl m2 vl -> + eval_exprlist_prop le e m1 bl m2 vl -> + eval_exprlist_prop le e m (Csharpminor.Econs a bl) m2 (v :: vl). +Proof. + intros; red; intros. monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ _ EQ LINJ MINJ MATCH) + as [f2 [te2 [tm2 [tv1 [EVAL1 [VINJ1 [MINJ2 [INCR2 MATCH2]]]]]]]]. + assert (LINJ2: val_list_inject f2 le tle). eapply val_list_inject_incr; eauto. + destruct (H2 _ _ _ _ _ _ _ _ _ _ EQ0 LINJ2 MINJ2 MATCH2) + as [f3 [te3 [tm3 [tv2 [EVAL2 [VINJ2 [MINJ3 [INCR3 MATCH3]]]]]]]]. + assert (VINJ1': val_inject f3 v tv1). eapply val_inject_incr; eauto. + exists f3; exists te3; exists tm3; exists (tv1 :: tv2). + intuition. subst tal; econstructor; eauto. + eapply inject_incr_trans; eauto. +Qed. + +Lemma transl_funcall_correct: + forall (m : mem) (f : Csharpminor.function) (vargs : list val) + (e : Csharpminor.env) (m1 : mem) (lb : list block) (m2 m3 : mem) + (out : Csharpminor.outcome) (vres : val), + list_norepet (fn_params_names f ++ fn_vars_names f) -> + alloc_variables empty_env m (fn_variables f) e m1 lb -> + bind_parameters e m1 (Csharpminor.fn_params f) vargs m2 -> + Csharpminor.exec_stmtlist ge e m2 (Csharpminor.fn_body f) m3 out -> + exec_stmtlist_prop e m2 (Csharpminor.fn_body f) m3 out -> + Csharpminor.outcome_result_value out (sig_res (Csharpminor.fn_sig f)) vres -> + eval_funcall_prop m f vargs (free_list m3 lb) vres. +Proof. + intros; red. intros tfn f1 tm; intros. + unfold transl_function in TR. + caseEq (build_compilenv f); intros cenv stacksize CENV. + rewrite CENV in TR. + destruct (zle stacksize Int.max_signed); try discriminate. + monadInv TR. clear TR. + caseEq (alloc tm 0 stacksize). intros tm1 sp ALLOC. + destruct (function_entry_ok _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + H0 H1 MATCH CENV z ALLOC ARGSINJ MINJ H) + as [f2 [te2 [tm2 [STOREPARAM [MINJ2 [INCR12 [MATCH2 BLOCKS]]]]]]]. + destruct (H3 _ _ _ _ _ _ _ _ _ EQ MINJ2 MATCH2) + as [f3 [te3 [tm3 [tout [EXECBODY [OUTINJ [MINJ3 [INCR23 MATCH3]]]]]]]]. + assert (exists tvres, + outcome_result_value tout f.(Csharpminor.fn_sig).(sig_res) tvres /\ + val_inject f3 vres tvres). + generalize H4. unfold Csharpminor.outcome_result_value, outcome_result_value. + inversion OUTINJ. + destruct (sig_res (Csharpminor.fn_sig f)); intro. contradiction. + exists Vundef; split. auto. subst vres; constructor. + tauto. + destruct (sig_res (Csharpminor.fn_sig f)); intro. contradiction. + exists Vundef; split. auto. subst vres; constructor. + destruct (sig_res (Csharpminor.fn_sig f)); intro. + exists v2; split. auto. subst vres; auto. + contradiction. + elim H5; clear H5; intros tvres [TOUT VINJRES]. + exists f3; exists (Mem.free tm3 sp); exists tvres. + (* execution *) + split. rewrite <- H6; econstructor; simpl; eauto. + apply exec_Scons_continue with te2 tm2. + change Out_normal with (outcome_block Out_normal). + apply exec_Sblock. exact STOREPARAM. + eexact EXECBODY. + (* val_inject *) + split. assumption. + (* mem_inject *) + split. apply free_inject; auto. + intros. elim (BLOCKS b1); intros B1 B2. apply B1. inversion MATCH3. inversion H20. + eapply me_inv0. eauto. + (* inject_incr *) + split. eapply inject_incr_trans; eauto. + (* match_callstack *) + assert (forall bl mm, nextblock (free_list mm bl) = nextblock mm). + induction bl; intros. reflexivity. simpl. auto. + unfold free; simpl nextblock. rewrite H5. + eapply match_callstack_freelist; eauto. + intros. elim (BLOCKS b); intros B1 B2. generalize (B2 H7). omega. +Qed. + +Lemma transl_stmt_Sexpr_correct: + forall (e : Csharpminor.env) (m : mem) (a : Csharpminor.expr) + (m1 : mem) (v : val), + Csharpminor.eval_expr ge nil e m a m1 v -> + eval_expr_prop nil e m a m1 v -> + exec_stmt_prop e m (Csharpminor.Sexpr a) m1 Csharpminor.Out_normal. +Proof. + intros; red; intros. monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ _ EQ (val_nil_inject f1) MINJ MATCH) + as [f2 [te2 [tm2 [tv1 [EVAL1 [VINJ1 [MINJ2 [INCR2 MATCH2]]]]]]]]. + exists f2; exists te2; exists tm2; exists Out_normal. + intuition. subst ts. econstructor; eauto. + constructor. +Qed. + +Lemma transl_stmt_Sifthenelse_true_correct: + forall (e : Csharpminor.env) (m : mem) (a : Csharpminor.expr) + (sl1 sl2 : Csharpminor.stmtlist) (m1 : mem) (v1 : val) (m2 : mem) + (out : Csharpminor.outcome), + Csharpminor.eval_expr ge nil e m a m1 v1 -> + eval_expr_prop nil e m a m1 v1 -> + Val.is_true v1 -> + Csharpminor.exec_stmtlist ge e m1 sl1 m2 out -> + exec_stmtlist_prop e m1 sl1 m2 out -> + exec_stmt_prop e m (Csharpminor.Sifthenelse a sl1 sl2) m2 out. +Proof. + intros; red; intros. monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ _ EQ (val_nil_inject f1) MINJ MATCH) + as [f2 [te2 [tm2 [tv1 [EVAL1 [VINJ1 [MINJ2 [INCR2 MATCH2]]]]]]]]. + destruct (H3 _ _ _ _ _ _ _ _ _ EQ0 MINJ2 MATCH2) + as [f3 [te3 [tm3 [tout [EVAL2 [OINJ [MINJ3 [INCR3 MATCH3]]]]]]]]. + exists f3; exists te3; exists tm3; exists tout. + intuition. + subst ts. eapply exec_ifthenelse_true; eauto. + inversion VINJ1; subst v1 tv1; simpl in H1; simpl; contradiction || auto. + eapply inject_incr_trans; eauto. +Qed. + +Lemma transl_stmt_Sifthenelse_false_correct: + forall (e : Csharpminor.env) (m : mem) (a : Csharpminor.expr) + (sl1 sl2 : Csharpminor.stmtlist) (m1 : mem) (v1 : val) (m2 : mem) + (out : Csharpminor.outcome), + Csharpminor.eval_expr ge nil e m a m1 v1 -> + eval_expr_prop nil e m a m1 v1 -> + Val.is_false v1 -> + Csharpminor.exec_stmtlist ge e m1 sl2 m2 out -> + exec_stmtlist_prop e m1 sl2 m2 out -> + exec_stmt_prop e m (Csharpminor.Sifthenelse a sl1 sl2) m2 out. +Proof. + intros; red; intros. monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ _ EQ (val_nil_inject f1) MINJ MATCH) + as [f2 [te2 [tm2 [tv1 [EVAL1 [VINJ1 [MINJ2 [INCR2 MATCH2]]]]]]]]. + destruct (H3 _ _ _ _ _ _ _ _ _ EQ1 MINJ2 MATCH2) + as [f3 [te3 [tm3 [tout [EVAL2 [OINJ [MINJ3 [INCR3 MATCH3]]]]]]]]. + exists f3; exists te3; exists tm3; exists tout. + intuition. + subst ts. eapply exec_ifthenelse_false; eauto. + inversion VINJ1; subst v1 tv1; simpl in H1; simpl; contradiction || auto. + eapply inject_incr_trans; eauto. +Qed. + +Lemma transl_stmt_Sloop_loop_correct: + forall (e : Csharpminor.env) (m : mem) (sl : Csharpminor.stmtlist) + (m1 m2 : mem) (out : Csharpminor.outcome), + Csharpminor.exec_stmtlist ge e m sl m1 Csharpminor.Out_normal -> + exec_stmtlist_prop e m sl m1 Csharpminor.Out_normal -> + Csharpminor.exec_stmt ge e m1 (Csharpminor.Sloop sl) m2 out -> + exec_stmt_prop e m1 (Csharpminor.Sloop sl) m2 out -> + exec_stmt_prop e m (Csharpminor.Sloop sl) m2 out. +Proof. + intros; red; intros. monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ EQ MINJ MATCH) + as [f2 [te2 [tm2 [tout1 [EVAL1 [OINJ1 [MINJ2 [INCR2 MATCH2]]]]]]]]. + destruct (H2 _ _ _ _ _ _ _ _ _ TR MINJ2 MATCH2) + as [f3 [te3 [tm3 [tout2 [EVAL2 [OINJ2 [MINJ3 [INCR3 MATCH3]]]]]]]]. + exists f3; exists te3; exists tm3; exists tout2. + intuition. + subst ts. eapply exec_Sloop_loop; eauto. + inversion OINJ1; subst tout1; eauto. + eapply inject_incr_trans; eauto. +Qed. + + +Lemma transl_stmt_Sloop_exit_correct: + forall (e : Csharpminor.env) (m : mem) (sl : Csharpminor.stmtlist) + (m1 : mem) (out : Csharpminor.outcome), + Csharpminor.exec_stmtlist ge e m sl m1 out -> + exec_stmtlist_prop e m sl m1 out -> + out <> Csharpminor.Out_normal -> + exec_stmt_prop e m (Csharpminor.Sloop sl) m1 out. +Proof. + intros; red; intros. monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ EQ MINJ MATCH) + as [f2 [te2 [tm2 [tout1 [EVAL1 [OINJ1 [MINJ2 [INCR2 MATCH2]]]]]]]]. + exists f2; exists te2; exists tm2; exists tout1. + intuition. subst ts; eapply exec_Sloop_stop; eauto. + inversion OINJ1; subst out tout1; congruence. +Qed. + +Lemma transl_stmt_Sblock_correct: + forall (e : Csharpminor.env) (m : mem) (sl : Csharpminor.stmtlist) + (m1 : mem) (out : Csharpminor.outcome), + Csharpminor.exec_stmtlist ge e m sl m1 out -> + exec_stmtlist_prop e m sl m1 out -> + exec_stmt_prop e m (Csharpminor.Sblock sl) m1 + (Csharpminor.outcome_block out). +Proof. + intros; red; intros. monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ EQ MINJ MATCH) + as [f2 [te2 [tm2 [tout1 [EVAL1 [OINJ1 [MINJ2 [INCR2 MATCH2]]]]]]]]. + exists f2; exists te2; exists tm2; exists (outcome_block tout1). + intuition. subst ts; eapply exec_Sblock; eauto. + inversion OINJ1; subst out tout1; simpl. + constructor. + destruct n; constructor. + constructor. + constructor; auto. +Qed. + +Lemma transl_stmt_Sexit_correct: + forall (e : Csharpminor.env) (m : mem) (n : nat), + exec_stmt_prop e m (Csharpminor.Sexit n) m (Csharpminor.Out_exit n). +Proof. + intros; red; intros. monadInv TR. + exists f1; exists te1; exists tm1; exists (Out_exit n). + intuition. subst ts; constructor. constructor. +Qed. + +Lemma transl_stmt_Sreturn_none_correct: + forall (e : Csharpminor.env) (m : mem), + exec_stmt_prop e m (Csharpminor.Sreturn None) m + (Csharpminor.Out_return None). +Proof. + intros; red; intros. monadInv TR. + exists f1; exists te1; exists tm1; exists (Out_return None). + intuition. subst ts; constructor. constructor. +Qed. + +Lemma transl_stmt_Sreturn_some_correct: + forall (e : Csharpminor.env) (m : mem) (a : Csharpminor.expr) + (m1 : mem) (v : val), + Csharpminor.eval_expr ge nil e m a m1 v -> + eval_expr_prop nil e m a m1 v -> + exec_stmt_prop e m (Csharpminor.Sreturn (Some a)) m1 + (Csharpminor.Out_return (Some v)). +Proof. + intros; red; intros; monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ _ EQ (val_nil_inject f1) MINJ MATCH) + as [f2 [te2 [tm2 [tv1 [EVAL [VINJ1 [MINJ2 [INCR MATCH2]]]]]]]]. + exists f2; exists te2; exists tm2; exists (Out_return (Some tv1)). + intuition. subst ts; econstructor; eauto. constructor; auto. +Qed. + +Lemma transl_stmtlist_Snil_correct: + forall (e : Csharpminor.env) (m : mem), + exec_stmtlist_prop e m Csharpminor.Snil m Csharpminor.Out_normal. +Proof. + intros; red; intros; monadInv TR. + exists f1; exists te1; exists tm1; exists Out_normal. + intuition. subst ts; constructor. constructor. +Qed. + +Lemma transl_stmtlist_Scons_2_correct: + forall (e : Csharpminor.env) (m : mem) (s : Csharpminor.stmt) + (sl : Csharpminor.stmtlist) (m1 m2 : mem) (out : Csharpminor.outcome), + Csharpminor.exec_stmt ge e m s m1 Csharpminor.Out_normal -> + exec_stmt_prop e m s m1 Csharpminor.Out_normal -> + Csharpminor.exec_stmtlist ge e m1 sl m2 out -> + exec_stmtlist_prop e m1 sl m2 out -> + exec_stmtlist_prop e m (Csharpminor.Scons s sl) m2 out. +Proof. + intros; red; intros; monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ EQ MINJ MATCH) + as [f2 [te2 [tm2 [tout1 [EXEC1 [OINJ1 [MINJ2 [INCR2 MATCH2]]]]]]]]. + destruct (H2 _ _ _ _ _ _ _ _ _ EQ0 MINJ2 MATCH2) + as [f3 [te3 [tm3 [tout2 [EXEC2 [OINJ2 [MINJ3 [INCR3 MATCH3]]]]]]]]. + exists f3; exists te3; exists tm3; exists tout2. + intuition. subst ts; eapply exec_Scons_continue; eauto. + inversion OINJ1. subst tout1. auto. + eapply inject_incr_trans; eauto. +Qed. + +Lemma transl_stmtlist_Scons_1_correct: + forall (e : Csharpminor.env) (m : mem) (s : Csharpminor.stmt) + (sl : Csharpminor.stmtlist) (m1 : mem) (out : Csharpminor.outcome), + Csharpminor.exec_stmt ge e m s m1 out -> + exec_stmt_prop e m s m1 out -> + out <> Csharpminor.Out_normal -> + exec_stmtlist_prop e m (Csharpminor.Scons s sl) m1 out. +Proof. + intros; red; intros; monadInv TR. + destruct (H0 _ _ _ _ _ _ _ _ _ EQ MINJ MATCH) + as [f2 [te2 [tm2 [tout1 [EXEC1 [OINJ1 [MINJ2 [INCR2 MATCH2]]]]]]]]. + exists f2; exists te2; exists tm2; exists tout1. + intuition. subst ts; eapply exec_Scons_stop; eauto. + inversion OINJ1; subst out tout1; congruence. +Qed. + +(** We conclude by an induction over the structure of the Csharpminor + evaluation derivation, using the lemmas above for each case. *) + +Lemma transl_function_correct: + forall m1 f vargs m2 vres, + Csharpminor.eval_funcall ge m1 f vargs m2 vres -> + eval_funcall_prop m1 f vargs m2 vres. +Proof + (eval_funcall_ind5 ge + eval_expr_prop + eval_exprlist_prop + eval_funcall_prop + exec_stmt_prop + exec_stmtlist_prop + + transl_expr_Evar_correct + transl_expr_Eassign_correct + transl_expr_Eaddrof_local_correct + transl_expr_Eaddrof_global_correct + transl_expr_Eop_correct + transl_expr_Eload_correct + transl_expr_Estore_correct + transl_expr_Ecall_correct + transl_expr_Econdition_true_correct + transl_expr_Econdition_false_correct + transl_expr_Elet_correct + transl_expr_Eletvar_correct + transl_exprlist_Enil_correct + transl_exprlist_Econs_correct + transl_funcall_correct + transl_stmt_Sexpr_correct + transl_stmt_Sifthenelse_true_correct + transl_stmt_Sifthenelse_false_correct + transl_stmt_Sloop_loop_correct + transl_stmt_Sloop_exit_correct + transl_stmt_Sblock_correct + transl_stmt_Sexit_correct + transl_stmt_Sreturn_none_correct + transl_stmt_Sreturn_some_correct + transl_stmtlist_Snil_correct + transl_stmtlist_Scons_2_correct + transl_stmtlist_Scons_1_correct). + +(** The [match_globalenvs] relation holds for the global environments + of the source program and the transformed program. *) + +Lemma match_globalenvs_init: + let m := Genv.init_mem prog in + let tm := Genv.init_mem tprog in + let f := fun b => if zlt b m.(nextblock) then Some(b, 0) else None in + match_globalenvs f. +Proof. + intros. constructor. + (* symbols *) + intros. split. + unfold f. rewrite zlt_true. auto. unfold m. + eapply Genv.find_symbol_inv; eauto. + rewrite <- H. apply symbols_preserved. + intros. unfold f. rewrite zlt_true. auto. + generalize (nextblock_pos m). omega. +Qed. + +(** The correctness of the translation of a whole Csharpminor program + follows. *) + +Theorem transl_program_correct: + forall n, + Csharpminor.exec_program prog (Vint n) -> + exec_program tprog (Vint n). +Proof. + intros n [b [fn [m [FINDS [FINDF [SIG EVAL]]]]]]. + elim (function_ptr_translated _ _ FINDF). intros tfn [TFIND TR]. + set (m0 := Genv.init_mem prog) in *. + set (f := fun b => if zlt b m0.(nextblock) then Some(b, 0) else None). + assert (MINJ0: mem_inject f m0 m0). + unfold f; constructor; intros. + apply zlt_false; auto. + destruct (zlt b0 (nextblock m0)); try discriminate. + inversion H; subst b' delta. + split. auto. + constructor. compute. split; congruence. left; auto. + intros; omega. + generalize (Genv.initmem_undef prog b0). fold m0. intros [lo [hi EQ]]. + rewrite EQ. simpl. constructor. + destruct (zlt b1 (nextblock m0)); try discriminate. + destruct (zlt b2 (nextblock m0)); try discriminate. + left; congruence. + assert (MATCH0: match_callstack f nil m0.(nextblock) m0.(nextblock) m0). + constructor. unfold f; apply match_globalenvs_init. + fold ge in EVAL. + destruct (transl_function_correct _ _ _ _ _ EVAL + _ _ _ _ _ TR MINJ0 MATCH0 (val_nil_inject f)) + as [f1 [tm1 [tres [TEVAL [VINJ [MINJ1 [INCR MATCH1]]]]]]]. + exists b; exists tfn; exists tm1. + split. fold tge. rewrite <- FINDS. + replace (prog_main prog) with (prog_main tprog). fold ge. apply symbols_preserved. + apply transform_partial_program_main with transl_function. assumption. + split. assumption. + split. rewrite <- SIG. apply sig_transl_function; auto. + rewrite (Genv.init_mem_transf_partial transl_function _ TRANSL). + inversion VINJ; subst tres. assumption. +Qed. + +End TRANSLATION. diff --git a/backend/Coloring.v b/backend/Coloring.v new file mode 100644 index 00000000..1a34a124 --- /dev/null +++ b/backend/Coloring.v @@ -0,0 +1,267 @@ +(** Construction and coloring of the interference graph. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Op. +Require Import Registers. +Require Import RTL. +Require Import RTLtyping. +Require Import Locations. +Require Import Conventions. +Require Import InterfGraph. + +(** * Construction of the interference graph *) + +(** Two registers interfere if there exists a program point where + they are both simultaneously live, and it is possible that they + contain different values at this program point. Consequently, + two registers that do not interfere can be merged into one register + while preserving the program behavior: there is no program point + where this merged register would have to hold two different values + (for the two original registers), so to speak. + + The simplified algorithm for constructing the interference graph + from the results of the liveness analysis is as follows: +<< + start with empty interference graph + for each parameter p and register r live at the function entry point: + add conflict edge p <-> r + for each instruction I in function: + let L be the live registers "after" I + if I is a "move" instruction dst <- src, and dst is live: + add conflict edges dst <-> r for each r in L \ {dst, src} + else if I is an instruction with result dst, and dst is live: + add conflict edges dst <-> r for each r in L \ {dst}; + if I is a "call" instruction dst <- f(args), + add conflict edges between all pseudo-registers in L \ {dst} + and all caller-save machine registers + done +>> + Notice that edges are added only when a register becomes live. + A register becomes live either if it is the result of an operation + (and is live afterwards), or if we are at the function entrance + and the register is a function parameter. For two registers to + be simultaneously live at some program point, it must be the case + that one becomes live at a point where the other is already live. + Hence, it suffices to add interference edges between registers + that become live at some instruction and registers that are already + live at this instruction. + + Notice also the special treatment of ``move'' instructions: + since the destination register of the ``move'' is assigned the same value + as the source register, it is semantically correct to assign + the destination and the source registers to the same register, + even if the source register remains live afterwards. + (This is even desirable, since the ``move'' instruction can then + be eliminated.) Thus, no interference is added between the + source and the destination of a ``move'' instruction. + + Finally, for ``call'' instructions, we must make sure that + pseudo-registers live across the instruction are allocated to + callee-save machine register or to stack slots, but never to + caller-save machine registers (these lose their values across + the call). We therefore add the corresponding conflict edges + between pseudo-registers live across and caller-save machine + registers (pairwise). + + The full algorithm is similar to the simplified algorithm above, + but records preference edges in addition to conflict edges. + Preference edges guide the graph coloring algorithm by telling it + that better code will be obtained eventually if it is possible + to allocate certain pseudo-registers to the same location or to + a given machine register. Preference edges are added: +- between the destination and source pseudo-registers of a ``move'' + instruction; +- between the arguments of a ``call'' instruction and the locations + of the arguments as dictated by the calling conventions; +- between the result of a ``call'' instruction and the location + of the result as dictated by the calling conventions. +*) + +Definition add_interf_live + (filter: reg -> bool) (res: reg) (live: Regset.t) (g: graph): graph := + Regset.fold + (fun g r => if filter r then add_interf r res g else g) live g. + +Definition add_interf_op + (res: reg) (live: Regset.t) (g: graph): graph := + add_interf_live + (fun r => if Reg.eq r res then false else true) + res live g. + +Definition add_interf_move + (arg res: reg) (live: Regset.t) (g: graph): graph := + add_interf_live + (fun r => + if Reg.eq r res then false else + if Reg.eq r arg then false else true) + res live g. + +Definition add_interf_call + (live: Regset.t) (destroyed: list mreg) (g: graph): graph := + List.fold_left + (fun g mr => Regset.fold (fun g r => add_interf_mreg r mr g) live g) + destroyed g. + +Fixpoint add_prefs_call + (args: list reg) (locs: list loc) (g: graph) {struct args} : graph := + match args, locs with + | a1 :: al, l1 :: ll => + add_prefs_call al ll + (match l1 with R mr => add_pref_mreg a1 mr g | _ => g end) + | _, _ => g + end. + +Definition add_interf_entry + (params: list reg) (live: Regset.t) (g: graph): graph := + List.fold_left (fun g r => add_interf_op r live g) params g. + +Fixpoint add_interf_params + (params: list reg) (g: graph) {struct params}: graph := + match params with + | nil => g + | p1 :: pl => + add_interf_params pl + (List.fold_left + (fun g r => if Reg.eq r p1 then g else add_interf r p1 g) + pl g) + end. + +Definition add_edges_instr + (sig: signature) (i: instruction) (live: Regset.t) (g: graph) : graph := + match i with + | Iop op args res s => + if Regset.mem res live then + match is_move_operation op args with + | Some arg => + add_pref arg res (add_interf_move arg res live g) + | None => + add_interf_op res live g + end + else g + | Iload chunk addr args dst s => + if Regset.mem dst live + then add_interf_op dst live g + else g + | Icall sig ros args res s => + add_prefs_call args (loc_arguments sig) + (add_pref_mreg res (loc_result sig) + (add_interf_op res live + (add_interf_call + (Regset.remove res live) destroyed_at_call_regs g))) + | Ireturn (Some r) => + add_pref_mreg r (loc_result sig) g + | _ => g + end. + +Definition add_edges_instrs (f: function) (live: PMap.t Regset.t) : graph := + PTree.fold + (fun g pc i => add_edges_instr f.(fn_sig) i live!!pc g) + f.(fn_code) + empty_graph. + +Definition interf_graph (f: function) (live: PMap.t Regset.t) (live0: Regset.t) := + add_prefs_call f.(fn_params) (loc_parameters f.(fn_sig)) + (add_interf_params f.(fn_params) + (add_interf_entry f.(fn_params) live0 + (add_edges_instrs f live))). + +(** * Graph coloring *) + +(** The actual coloring of the graph is performed by a function written + directly in Caml, and not proved correct in any way. This function + takes as argument the [RTL] function, the interference graph for + this function, an assignment of types to [RTL] pseudo-registers, + and the set of all [RTL] pseudo-registers mentioned in the + interference graph. It returns the coloring as a function from + pseudo-registers to locations. *) + +Parameter graph_coloring: + function -> graph -> regenv -> Regset.t -> (reg -> loc). + +(** To ensure that the result of [graph_coloring] is a correct coloring, + we check a posteriori its result using the following Coq functions. + Let [coloring] be the function [reg -> loc] returned by [graph_coloring]. + The three properties checked are: +- [coloring r1 <> coloring r2] if there is a conflict edge between + [r1] and [r2] in the interference graph. +- [coloring r1 <> R m2] if there is a conflict edge between pseudo-register + [r1] and machine register [m2] in the interference graph. +- For all [r] mentioned in the interference graph, + the location [coloring r] is acceptable and has the same type as [r]. +*) + +Definition check_coloring_1 (g: graph) (coloring: reg -> loc) := + SetRegReg.for_all + (fun r1r2 => + if Loc.eq (coloring (fst r1r2)) (coloring (snd r1r2)) then false else true) + g.(interf_reg_reg). + +Definition check_coloring_2 (g: graph) (coloring: reg -> loc) := + SetRegMreg.for_all + (fun r1mr2 => + if Loc.eq (coloring (fst r1mr2)) (R (snd r1mr2)) then false else true) + g.(interf_reg_mreg). + +Definition same_typ (t1 t2: typ) := + match t1, t2 with + | Tint, Tint => true + | Tfloat, Tfloat => true + | _, _ => false + end. + +Definition loc_is_acceptable (l: loc) := + match l with + | R r => + if In_dec Loc.eq l temporaries then false else true + | S (Local ofs ty) => + if zlt ofs 0 then false else true + | _ => + false + end. + +Definition check_coloring_3 (rs: Regset.t) (env: regenv) (coloring: reg -> loc) := + Regset.for_all + (fun r => + let l := coloring r in + andb (loc_is_acceptable l) (same_typ (env r) (Loc.type l))) + rs. + +Definition check_coloring + (g: graph) (env: regenv) (rs: Regset.t) (coloring: reg -> loc) := + andb (check_coloring_1 g coloring) + (andb (check_coloring_2 g coloring) + (check_coloring_3 rs env coloring)). + +(** To preserve decidability of checking, the checks + (especially the third one) are performed for the pseudo-registers + mentioned in the interference graph. To facilitate the proofs, + it is convenient to ensure that the properties hold for all + pseudo-registers. To this end, we ``clip'' the candidate coloring + returned by [graph_coloring]: the final coloring behave identically + over pseudo-registers mentioned in the interference graph, + but returns a dummy machine register of the correct type otherwise. *) + +Definition alloc_of_coloring (coloring: reg -> loc) (env: regenv) (rs: Regset.t) := + fun r => + if Regset.mem r rs + then coloring r + else match env r with Tint => R R3 | Tfloat => R F1 end. + +(** * Coloring of the interference graph *) + +(** The following function combines the phases described above: + construction of the interference graph, coloring by untrusted + Caml code, checking of the candidate coloring returned, + and adjustment of this coloring. If the coloring candidate is + incorrect, [None] is returned, causing register allocation to fail. *) + +Definition regalloc + (f: function) (live: PMap.t Regset.t) (live0: Regset.t) (env: regenv) := + let g := interf_graph f live live0 in + let rs := all_interf_regs g in + let coloring := graph_coloring f g env rs in + if check_coloring g env rs coloring + then Some (alloc_of_coloring coloring env rs) + else None. diff --git a/backend/Coloringproof.v b/backend/Coloringproof.v new file mode 100644 index 00000000..39b208ec --- /dev/null +++ b/backend/Coloringproof.v @@ -0,0 +1,845 @@ +(** Correctness of graph coloring. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Op. +Require Import Registers. +Require Import RTL. +Require Import RTLtyping. +Require Import Locations. +Require Import Conventions. +Require Import InterfGraph. +Require Import Coloring. + +(** * Correctness of the interference graph *) + +(** We show that the interference graph built by [interf_graph] + is correct in the sense that it contains all conflict edges + that we need. + + Many boring lemmas on the auxiliary functions used to construct + the interference graph follow. The lemmas are of two kinds: + the ``increasing'' lemmas show that the auxiliary functions only add + edges to the interference graph, but do not remove existing edges; + and the ``correct'' lemmas show that the auxiliary functions + correctly add the edges that we'd like them to add. *) + +Lemma graph_incl_refl: + forall g, graph_incl g g. +Proof. + intros; split; auto. +Qed. + +Lemma add_interf_live_incl_aux: + forall (filter: reg -> bool) res live g, + graph_incl g + (List.fold_left + (fun g r => if filter r then add_interf r res g else g) + live g). +Proof. + induction live; simpl; intros. + apply graph_incl_refl. + apply graph_incl_trans with (if filter a then add_interf a res g else g). + case (filter a). + apply add_interf_incl. + apply graph_incl_refl. + apply IHlive. +Qed. + +Lemma add_interf_live_incl: + forall (filter: reg -> bool) res live g, + graph_incl g (add_interf_live filter res live g). +Proof. + intros. unfold add_interf_live. rewrite Regset.fold_spec. + apply add_interf_live_incl_aux. +Qed. + +Lemma add_interf_live_correct_aux: + forall filter res live g r, + In r live -> filter r = true -> + interfere r res + (List.fold_left + (fun g r => if filter r then add_interf r res g else g) + live g). +Proof. + induction live; simpl; intros. + contradiction. + elim H; intros. + subst a. rewrite H0. + generalize (add_interf_live_incl_aux filter res live (add_interf r res g)). + intros [A B]. + apply A. apply add_interf_correct. + apply IHlive; auto. +Qed. + +Lemma add_interf_live_correct: + forall filter res live g r, + Regset.mem r live = true -> + filter r = true -> + interfere r res (add_interf_live filter res live g). +Proof. + intros. unfold add_interf_live. rewrite Regset.fold_spec. + apply add_interf_live_correct_aux; auto. + apply Regset.elements_correct. auto. +Qed. + +Lemma add_interf_op_incl: + forall res live g, + graph_incl g (add_interf_op res live g). +Proof. + intros; unfold add_interf_op. apply add_interf_live_incl. +Qed. + +Lemma add_interf_op_correct: + forall res live g r, + Regset.mem r live = true -> + r <> res -> + interfere r res (add_interf_op res live g). +Proof. + intros. unfold add_interf_op. + apply add_interf_live_correct. + auto. + case (Reg.eq r res); intro. + contradiction. auto. +Qed. + +Lemma add_interf_move_incl: + forall arg res live g, + graph_incl g (add_interf_move arg res live g). +Proof. + intros; unfold add_interf_move. apply add_interf_live_incl. +Qed. + +Lemma add_interf_move_correct: + forall arg res live g r, + Regset.mem r live = true -> + r <> arg -> r <> res -> + interfere r res (add_interf_move arg res live g). +Proof. + intros. unfold add_interf_move. + apply add_interf_live_correct. + auto. + case (Reg.eq r res); intro. + contradiction. + case (Reg.eq r arg); intro. + contradiction. + auto. +Qed. + +Lemma add_interf_call_incl_aux_1: + forall mr live g, + graph_incl g + (List.fold_left (fun g r => add_interf_mreg r mr g) live g). +Proof. + induction live; simpl; intros. + apply graph_incl_refl. + apply graph_incl_trans with (add_interf_mreg a mr g). + apply add_interf_mreg_incl. + auto. +Qed. + +Lemma add_interf_call_incl_aux_2: + forall mr live g, + graph_incl g + (Regset.fold (fun g r => add_interf_mreg r mr g) live g). +Proof. + intros. rewrite Regset.fold_spec. apply add_interf_call_incl_aux_1. +Qed. + +Lemma add_interf_call_incl: + forall live destroyed g, + graph_incl g (add_interf_call live destroyed g). +Proof. + induction destroyed; simpl; intros. + apply graph_incl_refl. + eapply graph_incl_trans; [idtac|apply IHdestroyed]. + apply add_interf_call_incl_aux_2. +Qed. + +Lemma interfere_incl: + forall r1 r2 g1 g2, + graph_incl g1 g2 -> + interfere r1 r2 g1 -> + interfere r1 r2 g2. +Proof. + unfold graph_incl; intros. elim H; auto. +Qed. + +Lemma interfere_mreg_incl: + forall r1 r2 g1 g2, + graph_incl g1 g2 -> + interfere_mreg r1 r2 g1 -> + interfere_mreg r1 r2 g2. +Proof. + unfold graph_incl; intros. elim H; auto. +Qed. + +Lemma add_interf_call_correct_aux_1: + forall mr live g r, + In r live -> + interfere_mreg r mr + (List.fold_left (fun g r => add_interf_mreg r mr g) live g). +Proof. + induction live; simpl; intros. + elim H. + elim H; intros. + subst a. eapply interfere_mreg_incl. + apply add_interf_call_incl_aux_1. + apply add_interf_mreg_correct. + apply IHlive; auto. +Qed. + +Lemma add_interf_call_correct_aux_2: + forall mr live g r, + Regset.mem r live = true -> + interfere_mreg r mr + (Regset.fold (fun g r => add_interf_mreg r mr g) live g). +Proof. + intros. rewrite Regset.fold_spec. apply add_interf_call_correct_aux_1. + apply Regset.elements_correct; auto. +Qed. + +Lemma add_interf_call_correct: + forall live destroyed g r mr, + Regset.mem r live = true -> + In mr destroyed -> + interfere_mreg r mr (add_interf_call live destroyed g). +Proof. + induction destroyed; simpl; intros. + elim H0. + elim H0; intros. + subst a. eapply interfere_mreg_incl. + apply add_interf_call_incl. + apply add_interf_call_correct_aux_2; auto. + apply IHdestroyed; auto. +Qed. + +Lemma add_prefs_call_incl: + forall args locs g, + graph_incl g (add_prefs_call args locs g). +Proof. + induction args; destruct locs; simpl; intros; + try apply graph_incl_refl. + destruct l. + eapply graph_incl_trans; [idtac|eauto]. + apply add_pref_mreg_incl. + auto. +Qed. + +Lemma add_interf_entry_incl: + forall params live g, + graph_incl g (add_interf_entry params live g). +Proof. + unfold add_interf_entry; induction params; simpl; intros. + apply graph_incl_refl. + eapply graph_incl_trans; [idtac|eauto]. + apply add_interf_op_incl. +Qed. + +Lemma add_interf_entry_correct: + forall params live g r1 r2, + In r1 params -> + Regset.mem r2 live = true -> + r1 <> r2 -> + interfere r1 r2 (add_interf_entry params live g). +Proof. + unfold add_interf_entry; induction params; simpl; intros. + elim H. + elim H; intro. + subst a. apply interfere_incl with (add_interf_op r1 live g). + exact (add_interf_entry_incl _ _ _). + apply interfere_sym. apply add_interf_op_correct; auto. + auto. +Qed. + +Lemma add_interf_params_incl_aux: + forall p1 pl g, + graph_incl g + (List.fold_left + (fun g r => if Reg.eq r p1 then g else add_interf r p1 g) + pl g). +Proof. + induction pl; simpl; intros. + apply graph_incl_refl. + eapply graph_incl_trans; [idtac|eauto]. + case (Reg.eq a p1); intro. + apply graph_incl_refl. apply add_interf_incl. +Qed. + +Lemma add_interf_params_incl: + forall pl g, + graph_incl g (add_interf_params pl g). +Proof. + induction pl; simpl; intros. + apply graph_incl_refl. + eapply graph_incl_trans; [idtac|eauto]. + apply add_interf_params_incl_aux. +Qed. + +Lemma add_interf_params_correct_aux: + forall p1 pl g p2, + In p2 pl -> + p1 <> p2 -> + interfere p1 p2 + (List.fold_left + (fun g r => if Reg.eq r p1 then g else add_interf r p1 g) + pl g). +Proof. + induction pl; simpl; intros. + elim H. + elim H; intro; clear H. + subst a. apply interfere_sym. eapply interfere_incl. + apply add_interf_params_incl_aux. + case (Reg.eq p2 p1); intro. + congruence. apply add_interf_correct. + auto. +Qed. + +Lemma add_interf_params_correct: + forall pl g r1 r2, + In r1 pl -> In r2 pl -> r1 <> r2 -> + interfere r1 r2 (add_interf_params pl g). +Proof. + induction pl; simpl; intros. + elim H. + elim H; intro; clear H; elim H0; intro; clear H0. + congruence. + subst a. eapply interfere_incl. apply add_interf_params_incl. + apply add_interf_params_correct_aux; auto. + subst a. apply interfere_sym. + eapply interfere_incl. apply add_interf_params_incl. + apply add_interf_params_correct_aux; auto. + auto. +Qed. + +Lemma add_edges_instr_incl: + forall sig instr live g, + graph_incl g (add_edges_instr sig instr live g). +Proof. + intros. destruct instr; unfold add_edges_instr; + try apply graph_incl_refl. + case (Regset.mem r live). + destruct (is_move_operation o l). + eapply graph_incl_trans; [idtac|apply add_pref_incl]. + apply add_interf_move_incl. + apply add_interf_op_incl. + apply graph_incl_refl. + case (Regset.mem r live). + apply add_interf_op_incl. + apply graph_incl_refl. + eapply graph_incl_trans; [idtac|apply add_prefs_call_incl]. + eapply graph_incl_trans; [idtac|apply add_pref_mreg_incl]. + eapply graph_incl_trans; [idtac|apply add_interf_op_incl]. + apply add_interf_call_incl. + destruct o. + apply add_pref_mreg_incl. + apply graph_incl_refl. +Qed. + +(** The proposition below states that graph [g] contains + all the conflict edges expected for instruction [instr]. *) + +Definition correct_interf_instr + (live: Regset.t) (instr: instruction) (g: graph) : Prop := + match instr with + | Iop op args res s => + match is_move_operation op args with + | Some arg => + forall r, + Regset.mem res live = true -> + Regset.mem r live = true -> + r <> res -> r <> arg -> interfere r res g + | None => + forall r, + Regset.mem res live = true -> + Regset.mem r live = true -> + r <> res -> interfere r res g + end + | Iload chunk addr args res s => + forall r, + Regset.mem res live = true -> + Regset.mem r live = true -> + r <> res -> interfere r res g + | Icall sig ros args res s => + (forall r mr, + Regset.mem r live = true -> + In mr destroyed_at_call_regs -> + r <> res -> + interfere_mreg r mr g) + /\ (forall r, + Regset.mem r live = true -> + r <> res -> interfere r res g) + | _ => + True + end. + +Lemma correct_interf_instr_incl: + forall live instr g1 g2, + graph_incl g1 g2 -> + correct_interf_instr live instr g1 -> + correct_interf_instr live instr g2. +Proof. + intros until g2. intro. + unfold correct_interf_instr; destruct instr; auto. + destruct (is_move_operation o l). + intros. eapply interfere_incl; eauto. + intros. eapply interfere_incl; eauto. + intros. eapply interfere_incl; eauto. + intros [A B]. split. + intros. eapply interfere_mreg_incl; eauto. + intros. eapply interfere_incl; eauto. +Qed. + +Lemma add_edges_instr_correct: + forall sig instr live g, + correct_interf_instr live instr (add_edges_instr sig instr live g). +Proof. + intros. + destruct instr; unfold add_edges_instr; unfold correct_interf_instr; auto. + destruct (is_move_operation o l); intros. + rewrite H. eapply interfere_incl. + apply add_pref_incl. apply add_interf_move_correct; auto. + rewrite H. apply add_interf_op_correct; auto. + + intros. rewrite H. apply add_interf_op_correct; auto. + + split; intros. + apply interfere_mreg_incl with + (add_interf_call (Regset.remove r live) destroyed_at_call_regs g). + eapply graph_incl_trans; [idtac|apply add_prefs_call_incl]. + eapply graph_incl_trans; [idtac|apply add_pref_mreg_incl]. + apply add_interf_op_incl. + apply add_interf_call_correct; auto. + rewrite Regset.mem_remove_other; auto. + + eapply interfere_incl. + eapply graph_incl_trans; [idtac|apply add_prefs_call_incl]. + apply add_pref_mreg_incl. + apply add_interf_op_correct; auto. +Qed. + +Lemma add_edges_instrs_incl_aux: + forall sig live instrs g, + graph_incl g + (fold_left + (fun (a : graph) (p : positive * instruction) => + add_edges_instr sig (snd p) live !! (fst p) a) + instrs g). +Proof. + induction instrs; simpl; intros. + apply graph_incl_refl. + eapply graph_incl_trans; [idtac|eauto]. + apply add_edges_instr_incl. +Qed. + +Lemma add_edges_instrs_correct_aux: + forall sig live instrs g pc i, + In (pc, i) instrs -> + correct_interf_instr live!!pc i + (fold_left + (fun (a : graph) (p : positive * instruction) => + add_edges_instr sig (snd p) live !! (fst p) a) + instrs g). +Proof. + induction instrs; simpl; intros. + elim H. + elim H; intro. + subst a; simpl. eapply correct_interf_instr_incl. + apply add_edges_instrs_incl_aux. + apply add_edges_instr_correct. + auto. +Qed. + +Lemma add_edges_instrs_correct: + forall f live pc i, + f.(fn_code)!pc = Some i -> + correct_interf_instr live!!pc i (add_edges_instrs f live). +Proof. + intros. + unfold add_edges_instrs. + rewrite PTree.fold_spec. + apply add_edges_instrs_correct_aux. + apply PTree.elements_correct. auto. +Qed. + +(** Here are the three correctness properties of the generated + inference graph. First, it contains the conflict edges + needed by every instruction of the function. *) + +Lemma interf_graph_correct_1: + forall f live live0 pc i, + f.(fn_code)!pc = Some i -> + correct_interf_instr live!!pc i (interf_graph f live live0). +Proof. + intros. unfold interf_graph. + apply correct_interf_instr_incl with (add_edges_instrs f live). + eapply graph_incl_trans; [idtac|apply add_prefs_call_incl]. + eapply graph_incl_trans; [idtac|apply add_interf_params_incl]. + apply add_interf_entry_incl. + apply add_edges_instrs_correct; auto. +Qed. + +(** Second, function parameters conflict pairwise. *) + +Lemma interf_graph_correct_2: + forall f live live0 r1 r2, + In r1 f.(fn_params) -> + In r2 f.(fn_params) -> + r1 <> r2 -> + interfere r1 r2 (interf_graph f live live0). +Proof. + intros. unfold interf_graph. + eapply interfere_incl. + apply add_prefs_call_incl. + apply add_interf_params_correct; auto. +Qed. + +(** Third, function parameters conflict pairwise with pseudo-registers + live at function entry. If the function never uses a pseudo-register + before it is defined, pseudo-registers live at function entry + are a subset of the function parameters and therefore this condition + is implied by [interf_graph_correct_3]. However, we prefer not + to make this assumption. *) + +Lemma interf_graph_correct_3: + forall f live live0 r1 r2, + In r1 f.(fn_params) -> + Regset.mem r2 live0 = true -> + r1 <> r2 -> + interfere r1 r2 (interf_graph f live live0). +Proof. + intros. unfold interf_graph. + eapply interfere_incl. + eapply graph_incl_trans; [idtac|apply add_prefs_call_incl]. + apply add_interf_params_incl. + apply add_interf_entry_correct; auto. +Qed. + +(** * Correctness of the a priori checks over the result of graph coloring *) + +(** We now show that the checks performed over the candidate coloring + returned by [graph_coloring] are correct: candidate colorings that + pass these checks are indeed correct colorings. *) + +Section CORRECT_COLORING. + +Variable g: graph. +Variable env: regenv. +Variable allregs: Regset.t. +Variable coloring: reg -> loc. + +Lemma check_coloring_1_correct: + forall r1 r2, + check_coloring_1 g coloring = true -> + SetRegReg.In (r1, r2) g.(interf_reg_reg) -> + coloring r1 <> coloring r2. +Proof. + unfold check_coloring_1. intros. + assert (FSetInterface.compat_bool OrderedRegReg.eq + (fun r1r2 => if Loc.eq (coloring (fst r1r2)) (coloring (snd r1r2)) + then false else true)). + red. unfold OrderedRegReg.eq. unfold OrderedReg.eq. + intros x y [EQ1 EQ2]. rewrite EQ1; rewrite EQ2; auto. + generalize (SetRegReg.for_all_2 H1 H H0). + simpl. case (Loc.eq (coloring r1) (coloring r2)); intro. + intro; discriminate. auto. +Qed. + +Lemma check_coloring_2_correct: + forall r1 mr2, + check_coloring_2 g coloring = true -> + SetRegMreg.In (r1, mr2) g.(interf_reg_mreg) -> + coloring r1 <> R mr2. +Proof. + unfold check_coloring_2. intros. + assert (FSetInterface.compat_bool OrderedRegMreg.eq + (fun r1r2 => if Loc.eq (coloring (fst r1r2)) (R (snd r1r2)) + then false else true)). + red. unfold OrderedRegMreg.eq. unfold OrderedReg.eq. + intros x y [EQ1 EQ2]. rewrite EQ1; rewrite EQ2; auto. + generalize (SetRegMreg.for_all_2 H1 H H0). + simpl. case (Loc.eq (coloring r1) (R mr2)); intro. + intro; discriminate. auto. +Qed. + +Lemma same_typ_correct: + forall t1 t2, same_typ t1 t2 = true -> t1 = t2. +Proof. + destruct t1; destruct t2; simpl; congruence. +Qed. + +Lemma loc_is_acceptable_correct: + forall l, loc_is_acceptable l = true -> loc_acceptable l. +Proof. + destruct l; unfold loc_is_acceptable, loc_acceptable. + case (In_dec Loc.eq (R m) temporaries); intro. + intro; discriminate. auto. + destruct s. + case (zlt z 0); intro. intro; discriminate. auto. + intro; discriminate. + intro; discriminate. +Qed. + +Lemma check_coloring_3_correct: + forall r, + check_coloring_3 allregs env coloring = true -> + Regset.mem r allregs = true -> + loc_acceptable (coloring r) /\ env r = Loc.type (coloring r). +Proof. + unfold check_coloring_3; intros. + generalize (Regset.for_all_spec _ H H0). intro. + elim (andb_prop _ _ H1); intros. + split. apply loc_is_acceptable_correct; auto. + apply same_typ_correct; auto. +Qed. + +End CORRECT_COLORING. + +(** * Correctness of clipping *) + +(** We then show the correctness of the ``clipped'' coloring + returned by [alloc_of_coloring] applied to a candidate coloring + that passes the a posteriori checks. *) + +Section ALLOC_OF_COLORING. + +Variable g: graph. +Variable env: regenv. +Let allregs := all_interf_regs g. +Variable coloring: reg -> loc. +Let alloc := alloc_of_coloring coloring env allregs. + +Lemma alloc_of_coloring_correct_1: + forall r1 r2, + check_coloring g env allregs coloring = true -> + SetRegReg.In (r1, r2) g.(interf_reg_reg) -> + alloc r1 <> alloc r2. +Proof. + unfold check_coloring, alloc, alloc_of_coloring; intros. + elim (andb_prop _ _ H); intros. + generalize (all_interf_regs_correct_1 _ _ _ H0). + intros [A B]. + unfold allregs. rewrite A; rewrite B. + eapply check_coloring_1_correct; eauto. +Qed. + +Lemma alloc_of_coloring_correct_2: + forall r1 mr2, + check_coloring g env allregs coloring = true -> + SetRegMreg.In (r1, mr2) g.(interf_reg_mreg) -> + alloc r1 <> R mr2. +Proof. + unfold check_coloring, alloc, alloc_of_coloring; intros. + elim (andb_prop _ _ H); intros. + elim (andb_prop _ _ H2); intros. + generalize (all_interf_regs_correct_2 _ _ _ H0). intros. + unfold allregs. rewrite H5. + eapply check_coloring_2_correct; eauto. +Qed. + +Lemma alloc_of_coloring_correct_3: + forall r, + check_coloring g env allregs coloring = true -> + loc_acceptable (alloc r). +Proof. + unfold check_coloring, alloc, alloc_of_coloring; intros. + elim (andb_prop _ _ H); intros. + elim (andb_prop _ _ H1); intros. + caseEq (Regset.mem r allregs); intro. + generalize (check_coloring_3_correct _ _ _ r H3 H4). tauto. + case (env r); simpl; intuition congruence. +Qed. + +Lemma alloc_of_coloring_correct_4: + forall r, + check_coloring g env allregs coloring = true -> + env r = Loc.type (alloc r). +Proof. + unfold check_coloring, alloc, alloc_of_coloring; intros. + elim (andb_prop _ _ H); intros. + elim (andb_prop _ _ H1); intros. + caseEq (Regset.mem r allregs); intro. + generalize (check_coloring_3_correct _ _ _ r H3 H4). tauto. + case (env r); reflexivity. +Qed. + +End ALLOC_OF_COLORING. + +(** * Correctness of the whole graph coloring algorithm *) + +(** Combining results from the previous sections, we now summarize + the correctness properties of the assignment (of locations to + registers) returned by [regalloc]. *) + +Definition correct_alloc_instr + (live: PMap.t Regset.t) (alloc: reg -> loc) + (pc: node) (instr: instruction) : Prop := + match instr with + | Iop op args res s => + match is_move_operation op args with + | Some arg => + forall r, + Regset.mem res live!!pc = true -> + Regset.mem r live!!pc = true -> + r <> res -> r <> arg -> alloc r <> alloc res + | None => + forall r, + Regset.mem res live!!pc = true -> + Regset.mem r live!!pc = true -> + r <> res -> alloc r <> alloc res + end + | Iload chunk addr args res s => + forall r, + Regset.mem res live!!pc = true -> + Regset.mem r live!!pc = true -> + r <> res -> alloc r <> alloc res + | Icall sig ros args res s => + (forall r, + Regset.mem r live!!pc = true -> + r <> res -> + ~(In (alloc r) Conventions.destroyed_at_call)) + /\ (forall r, + Regset.mem r live!!pc = true -> + r <> res -> alloc r <> alloc res) + | _ => + True + end. + +Section REGALLOC_PROPERTIES. + +Variable f: function. +Variable env: regenv. +Variable live: PMap.t Regset.t. +Variable live0: Regset.t. +Variable alloc: reg -> loc. + +Let g := interf_graph f live live0. +Let allregs := all_interf_regs g. +Let coloring := graph_coloring f g env allregs. + +Lemma regalloc_ok: + regalloc f live live0 env = Some alloc -> + check_coloring g env allregs coloring = true /\ + alloc = alloc_of_coloring coloring env allregs. +Proof. + unfold regalloc, coloring, allregs, g. + case (check_coloring (interf_graph f live live0) env). + intro EQ; injection EQ; intro; clear EQ. + split. auto. auto. + intro; discriminate. +Qed. + +Lemma regalloc_acceptable: + forall r, + regalloc f live live0 env = Some alloc -> + loc_acceptable (alloc r). +Proof. + intros. elim (regalloc_ok H); intros. + rewrite H1. unfold allregs. apply alloc_of_coloring_correct_3. + exact H0. +Qed. + +Lemma regsalloc_acceptable: + forall rl, + regalloc f live live0 env = Some alloc -> + locs_acceptable (List.map alloc rl). +Proof. + intros; red; intros. + elim (list_in_map_inv _ _ _ H0). intros r [EQ IN]. + subst l. apply regalloc_acceptable. auto. +Qed. + +Lemma regalloc_preserves_types: + forall r, + regalloc f live live0 env = Some alloc -> + Loc.type (alloc r) = env r. +Proof. + intros. elim (regalloc_ok H); intros. + rewrite H1. unfold allregs. symmetry. + apply alloc_of_coloring_correct_4. + exact H0. +Qed. + +Lemma correct_interf_alloc_instr: + forall pc instr, + (forall r1 r2, interfere r1 r2 g -> alloc r1 <> alloc r2) -> + (forall r1 mr2, interfere_mreg r1 mr2 g -> alloc r1 <> R mr2) -> + correct_interf_instr live!!pc instr g -> + correct_alloc_instr live alloc pc instr. +Proof. + intros pc instr ALL1 ALL2. + unfold correct_interf_instr, correct_alloc_instr; + destruct instr; auto. + destruct (is_move_operation o l); auto. + intros [A B]. split. + intros; red; intros. + unfold destroyed_at_call in H1. + generalize (list_in_map_inv R _ _ H1). + intros [mr [EQ IN]]. + generalize (A r0 mr H IN H0). intro. + generalize (ALL2 _ _ H2). contradiction. + auto. +Qed. + +Lemma regalloc_correct_1: + forall pc instr, + regalloc f live live0 env = Some alloc -> + f.(fn_code)!pc = Some instr -> + correct_alloc_instr live alloc pc instr. +Proof. + intros. elim (regalloc_ok H); intros. + apply correct_interf_alloc_instr. + intros. rewrite H2. unfold allregs. red in H3. + elim (ordered_pair_charact r1 r2); intro. + apply alloc_of_coloring_correct_1. auto. rewrite H4 in H3; auto. + apply sym_not_equal. + apply alloc_of_coloring_correct_1. auto. rewrite H4 in H3; auto. + intros. rewrite H2. unfold allregs. + apply alloc_of_coloring_correct_2. auto. exact H3. + unfold g. apply interf_graph_correct_1. auto. +Qed. + +Lemma regalloc_correct_2: + regalloc f live live0 env = Some alloc -> + list_norepet f.(fn_params) -> + list_norepet (List.map alloc f.(fn_params)). +Proof. + intros. elim (regalloc_ok H); intros. + apply list_map_norepet; auto. + intros. rewrite H2. unfold allregs. + elim (ordered_pair_charact x y); intro. + apply alloc_of_coloring_correct_1. auto. + change OrderedReg.t with reg. rewrite <- H6. + change (interfere x y g). unfold g. + apply interf_graph_correct_2; auto. + apply sym_not_equal. + apply alloc_of_coloring_correct_1. auto. + change OrderedReg.t with reg. rewrite <- H6. + change (interfere x y g). unfold g. + apply interf_graph_correct_2; auto. +Qed. + +Lemma regalloc_correct_3: + forall r1 r2, + regalloc f live live0 env = Some alloc -> + In r1 f.(fn_params) -> + Regset.mem r2 live0 = true -> + r1 <> r2 -> + alloc r1 <> alloc r2. +Proof. + intros. elim (regalloc_ok H); intros. + rewrite H4; unfold allregs. + elim (ordered_pair_charact r1 r2); intro. + apply alloc_of_coloring_correct_1. auto. + change OrderedReg.t with reg. rewrite <- H5. + change (interfere r1 r2 g). unfold g. + apply interf_graph_correct_3; auto. + apply sym_not_equal. + apply alloc_of_coloring_correct_1. auto. + change OrderedReg.t with reg. rewrite <- H5. + change (interfere r1 r2 g). unfold g. + apply interf_graph_correct_3; auto. +Qed. + +End REGALLOC_PROPERTIES. diff --git a/backend/Constprop.v b/backend/Constprop.v new file mode 100644 index 00000000..b1c5a2bb --- /dev/null +++ b/backend/Constprop.v @@ -0,0 +1,1032 @@ +(** Constant propagation over RTL. This is the first of the two + optimizations performed at RTL level. It proceeds by a standard + dataflow analysis and the corresponding code transformation. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Globalenvs. +Require Import Op. +Require Import Registers. +Require Import RTL. +Require Import Lattice. +Require Import Kildall. + +(** * Static analysis *) + +(** To each pseudo-register at each program point, the static analysis + associates a compile-time approximation taken from the following set. *) + +Inductive approx : Set := + | Novalue: approx (** No value possible, code is unreachable. *) + | Unknown: approx (** All values are possible, + no compile-time information is available. *) + | I: int -> approx (** A known integer value. *) + | F: float -> approx (** A known floating-point value. *) + | S: ident -> int -> approx. + (** The value is the address of the given global + symbol plus the given integer offset. *) + +(** We equip this set of approximations with a semi-lattice structure. + The ordering is inclusion between the sets of values denoted by + the approximations. *) + +Module Approx <: SEMILATTICE_WITH_TOP. + Definition t := approx. + Lemma eq: forall (x y: t), {x=y} + {x<>y}. + Proof. + decide equality. + apply Int.eq_dec. + apply Float.eq_dec. + apply Int.eq_dec. + apply ident_eq. + Qed. + Definition ge (x y: t) : Prop := + x = Unknown \/ y = Novalue \/ x = y. + Lemma ge_refl: forall x, ge x x. + Proof. + unfold ge; tauto. + Qed. + Lemma ge_trans: forall x y z, ge x y -> ge y z -> ge x z. + Proof. + unfold ge; intuition congruence. + Qed. + Definition bot := Novalue. + Definition top := Unknown. + Lemma ge_bot: forall x, ge x bot. + Proof. + unfold ge, bot; tauto. + Qed. + Lemma ge_top: forall x, ge top x. + Proof. + unfold ge, bot; tauto. + Qed. + Definition lub (x y: t) : t := + if eq x y then x else + match x, y with + | Novalue, _ => y + | _, Novalue => x + | _, _ => Unknown + end. + Lemma lub_commut: forall x y, lub x y = lub y x. + Proof. + unfold lub; intros. + case (eq x y); case (eq y x); intros; try congruence. + destruct x; destruct y; auto. + Qed. + Lemma ge_lub_left: forall x y, ge (lub x y) x. + Proof. + unfold lub; intros. + case (eq x y); intro. + apply ge_refl. + destruct x; destruct y; unfold ge; tauto. + Qed. +End Approx. + +Module D := LPMap Approx. + +(** We now define the abstract interpretations of conditions and operators + over this set of approximations. For instance, the abstract interpretation + of the operator [Oaddf] applied to two expressions [a] and [b] is + [F(Float.add f g)] if [a] and [b] have static approximations [Vfloat f] + and [Vfloat g] respectively, and [Unknown] otherwise. + + The static approximations are defined by large pattern-matchings over + the approximations of the results. We write these matchings in the + indirect style described in file [Cmconstr] to avoid excessive + duplication of cases in proofs. *) + +(* +Definition eval_static_condition (cond: condition) (vl: list approx) := + match cond, vl with + | Ccomp c, I n1 :: I n2 :: nil => Some(Int.cmp c n1 n2) + | Ccompu c, I n1 :: I n2 :: nil => Some(Int.cmpu c n1 n2) + | Ccompimm c n, I n1 :: nil => Some(Int.cmp c n1 n) + | Ccompuimm c n, I n1 :: nil => Some(Int.cmpu c n1 n) + | Ccompf c, F n1 :: F n2 :: nil => Some(Float.cmp c n1 n2) + | Cnotcompf c, F n1 :: F n2 :: nil => Some(negb(Float.cmp c n1 n2)) + | Cmaskzero n, I n1 :: nil => Some(Int.eq (Int.and n1 n) Int.zero) + | Cmasknotzero n, n1::nil => Some(negb(Int.eq (Int.and n1 n) Int.zero)) + | _, _ => None + end. +*) + +Inductive eval_static_condition_cases: forall (cond: condition) (vl: list approx), Set := + | eval_static_condition_case1: + forall c n1 n2, + eval_static_condition_cases (Ccomp c) (I n1 :: I n2 :: nil) + | eval_static_condition_case2: + forall c n1 n2, + eval_static_condition_cases (Ccompu c) (I n1 :: I n2 :: nil) + | eval_static_condition_case3: + forall c n n1, + eval_static_condition_cases (Ccompimm c n) (I n1 :: nil) + | eval_static_condition_case4: + forall c n n1, + eval_static_condition_cases (Ccompuimm c n) (I n1 :: nil) + | eval_static_condition_case5: + forall c n1 n2, + eval_static_condition_cases (Ccompf c) (F n1 :: F n2 :: nil) + | eval_static_condition_case6: + forall c n1 n2, + eval_static_condition_cases (Cnotcompf c) (F n1 :: F n2 :: nil) + | eval_static_condition_case7: + forall n n1, + eval_static_condition_cases (Cmaskzero n) (I n1 :: nil) + | eval_static_condition_case8: + forall n n1, + eval_static_condition_cases (Cmasknotzero n) (I n1 :: nil) + | eval_static_condition_default: + forall (cond: condition) (vl: list approx), + eval_static_condition_cases cond vl. + +Definition eval_static_condition_match (cond: condition) (vl: list approx) := + match cond as z1, vl as z2 return eval_static_condition_cases z1 z2 with + | Ccomp c, I n1 :: I n2 :: nil => + eval_static_condition_case1 c n1 n2 + | Ccompu c, I n1 :: I n2 :: nil => + eval_static_condition_case2 c n1 n2 + | Ccompimm c n, I n1 :: nil => + eval_static_condition_case3 c n n1 + | Ccompuimm c n, I n1 :: nil => + eval_static_condition_case4 c n n1 + | Ccompf c, F n1 :: F n2 :: nil => + eval_static_condition_case5 c n1 n2 + | Cnotcompf c, F n1 :: F n2 :: nil => + eval_static_condition_case6 c n1 n2 + | Cmaskzero n, I n1 :: nil => + eval_static_condition_case7 n n1 + | Cmasknotzero n, I n1 :: nil => + eval_static_condition_case8 n n1 + | cond, vl => + eval_static_condition_default cond vl + end. + +Definition eval_static_condition (cond: condition) (vl: list approx) := + match eval_static_condition_match cond vl with + | eval_static_condition_case1 c n1 n2 => + Some(Int.cmp c n1 n2) + | eval_static_condition_case2 c n1 n2 => + Some(Int.cmpu c n1 n2) + | eval_static_condition_case3 c n n1 => + Some(Int.cmp c n1 n) + | eval_static_condition_case4 c n n1 => + Some(Int.cmpu c n1 n) + | eval_static_condition_case5 c n1 n2 => + Some(Float.cmp c n1 n2) + | eval_static_condition_case6 c n1 n2 => + Some(negb(Float.cmp c n1 n2)) + | eval_static_condition_case7 n n1 => + Some(Int.eq (Int.and n1 n) Int.zero) + | eval_static_condition_case8 n n1 => + Some(negb(Int.eq (Int.and n1 n) Int.zero)) + | eval_static_condition_default cond vl => + None + end. + +(* +Definition eval_static_operation (op: operation) (vl: list approx) := + match op, vl with + | Omove, v1::nil => v1 + | Ointconst n, nil => I n + | Ofloatconst n, nil => F n + | Oaddrsymbol s n, nil => S s n + | Ocast8signed, I n1 :: nil => I(Int.cast8signed n) + | Ocast16signed, I n1 :: nil => I(Int.cast16signed n) + | Oadd, I n1 :: I n2 :: nil => I(Int.add n1 n2) + | Oadd, S s1 n1 :: I n2 :: nil => S s1 (Int.add n1 n2) + | Oaddimm n, I n1 :: nil => I (Int.add n1 n) + | Oaddimm n, S s1 n1 :: nil => S s1 (Int.add n1 n) + | Osub, I n1 :: I n2 :: nil => I(Int.sub n1 n2) + | Osub, S s1 n1 :: I n2 :: nil => S s1 (Int.sub n1 n2) + | Osubimm n, I n1 :: nil => I (Int.sub n n1) + | Omul, I n1 :: I n2 :: nil => I(Int.mul n1 n2) + | Omulimm n, I n1 :: nil => I(Int.mul n1 n) + | Odiv, I n1 :: I n2 :: nil => if Int.eq n2 Int.zero then Unknown else I(Int.divs n1 n2) + | Odivu, I n1 :: I n2 :: nil => if Int.eq n2 Int.zero then Unknown else I(Int.divu n1 n2) + | Oand, I n1 :: I n2 :: nil => I(Int.and n1 n2) + | Oandimm n, I n1 :: nil => I(Int.and n1 n) + | Oor, I n1 :: I n2 :: nil => I(Int.or n1 n2) + | Oorimm n, I n1 :: nil => I(Int.or n1 n) + | Oxor, I n1 :: I n2 :: nil => I(Int.xor n1 n2) + | Oxorimm n, I n1 :: nil => I(Int.xor n1 n) + | Onand, I n1 :: I n2 :: nil => I(Int.xor (Int.and n1 n2) Int.mone) + | Onor, I n1 :: I n2 :: nil => I(Int.xor (Int.or n1 n2) Int.mone) + | Onxor, I n1 :: I n2 :: nil => I(Int.xor (Int.xor n1 n2) Int.mone) + | Oshl, I n1 :: I n2 :: nil => if Int.ltu n2 (Int.repr 32) then I(Int.shl n1 n2) else Unknown + | Oshr, I n1 :: I n2 :: nil => if Int.ltu n2 (Int.repr 32) then I(Int.shr n1 n2) else Unknown + | Oshrimm n, I n1 :: nil => if Int.ltu n (Int.repr 32) then I(Int.shr n1 n) else Unknown + | Oshrximm n, I n1 :: nil => if Int.ltu n (Int.repr 32) then I(Int.shrx n1 n) else Unknown + | Oshru, I n1 :: I n2 :: nil => if Int.ltu n2 (Int.repr 32) then I(Int.shru n1 n2) else Unknown + | Orolm amount mask, I n1 :: nil => I(Int.rolm n1 amount mask) + | Onegf, F n1 :: nil => F(Float.neg n1) + | Oabsf, F n1 :: nil => F(Float.abs n1) + | Oaddf, F n1 :: F n2 :: nil => F(Float.add n1 n2) + | Osubf, F n1 :: F n2 :: nil => F(Float.sub n1 n2) + | Omulf, F n1 :: F n2 :: nil => F(Float.mul n1 n2) + | Odivf, F n1 :: F n2 :: nil => F(Float.div n1 n2) + | Omuladdf, F n1 :: F n2 :: F n3 :: nil => F(Float.add (Float.mul n1 n2) n3) + | Omulsubf, F n1 :: F n2 :: F n3 :: nil => F(Float.sub (Float.mul n1 n2) n3) + | Osingleoffloat, F n1 :: nil => F(Float.singleoffloat n1) + | Ointoffloat, F n1 :: nil => I(Float.intoffloat n1) + | Ofloatofint, I n1 :: nil => F(Float.floatofint n1) + | Ofloatofintu, I n1 :: nil => F(Float.floatofintu n1) + | Ocmp c, vl => + match eval_static_condition c vl with + | None => Unknown + | Some b => I(if b then Int.one else Int.zero) + end + | _, _ => Unknown + end. +*) + +Inductive eval_static_operation_cases: forall (op: operation) (vl: list approx), Set := + | eval_static_operation_case1: + forall v1, + eval_static_operation_cases (Omove) (v1::nil) + | eval_static_operation_case2: + forall n, + eval_static_operation_cases (Ointconst n) (nil) + | eval_static_operation_case3: + forall n, + eval_static_operation_cases (Ofloatconst n) (nil) + | eval_static_operation_case4: + forall s n, + eval_static_operation_cases (Oaddrsymbol s n) (nil) + | eval_static_operation_case6: + forall n1, + eval_static_operation_cases (Ocast8signed) (I n1 :: nil) + | eval_static_operation_case7: + forall n1, + eval_static_operation_cases (Ocast16signed) (I n1 :: nil) + | eval_static_operation_case8: + forall n1 n2, + eval_static_operation_cases (Oadd) (I n1 :: I n2 :: nil) + | eval_static_operation_case9: + forall s1 n1 n2, + eval_static_operation_cases (Oadd) (S s1 n1 :: I n2 :: nil) + | eval_static_operation_case11: + forall n n1, + eval_static_operation_cases (Oaddimm n) (I n1 :: nil) + | eval_static_operation_case12: + forall n s1 n1, + eval_static_operation_cases (Oaddimm n) (S s1 n1 :: nil) + | eval_static_operation_case13: + forall n1 n2, + eval_static_operation_cases (Osub) (I n1 :: I n2 :: nil) + | eval_static_operation_case14: + forall s1 n1 n2, + eval_static_operation_cases (Osub) (S s1 n1 :: I n2 :: nil) + | eval_static_operation_case15: + forall n n1, + eval_static_operation_cases (Osubimm n) (I n1 :: nil) + | eval_static_operation_case16: + forall n1 n2, + eval_static_operation_cases (Omul) (I n1 :: I n2 :: nil) + | eval_static_operation_case17: + forall n n1, + eval_static_operation_cases (Omulimm n) (I n1 :: nil) + | eval_static_operation_case18: + forall n1 n2, + eval_static_operation_cases (Odiv) (I n1 :: I n2 :: nil) + | eval_static_operation_case19: + forall n1 n2, + eval_static_operation_cases (Odivu) (I n1 :: I n2 :: nil) + | eval_static_operation_case20: + forall n1 n2, + eval_static_operation_cases (Oand) (I n1 :: I n2 :: nil) + | eval_static_operation_case21: + forall n n1, + eval_static_operation_cases (Oandimm n) (I n1 :: nil) + | eval_static_operation_case22: + forall n1 n2, + eval_static_operation_cases (Oor) (I n1 :: I n2 :: nil) + | eval_static_operation_case23: + forall n n1, + eval_static_operation_cases (Oorimm n) (I n1 :: nil) + | eval_static_operation_case24: + forall n1 n2, + eval_static_operation_cases (Oxor) (I n1 :: I n2 :: nil) + | eval_static_operation_case25: + forall n n1, + eval_static_operation_cases (Oxorimm n) (I n1 :: nil) + | eval_static_operation_case26: + forall n1 n2, + eval_static_operation_cases (Onand) (I n1 :: I n2 :: nil) + | eval_static_operation_case27: + forall n1 n2, + eval_static_operation_cases (Onor) (I n1 :: I n2 :: nil) + | eval_static_operation_case28: + forall n1 n2, + eval_static_operation_cases (Onxor) (I n1 :: I n2 :: nil) + | eval_static_operation_case29: + forall n1 n2, + eval_static_operation_cases (Oshl) (I n1 :: I n2 :: nil) + | eval_static_operation_case30: + forall n1 n2, + eval_static_operation_cases (Oshr) (I n1 :: I n2 :: nil) + | eval_static_operation_case31: + forall n n1, + eval_static_operation_cases (Oshrimm n) (I n1 :: nil) + | eval_static_operation_case32: + forall n n1, + eval_static_operation_cases (Oshrximm n) (I n1 :: nil) + | eval_static_operation_case33: + forall n1 n2, + eval_static_operation_cases (Oshru) (I n1 :: I n2 :: nil) + | eval_static_operation_case34: + forall amount mask n1, + eval_static_operation_cases (Orolm amount mask) (I n1 :: nil) + | eval_static_operation_case35: + forall n1, + eval_static_operation_cases (Onegf) (F n1 :: nil) + | eval_static_operation_case36: + forall n1, + eval_static_operation_cases (Oabsf) (F n1 :: nil) + | eval_static_operation_case37: + forall n1 n2, + eval_static_operation_cases (Oaddf) (F n1 :: F n2 :: nil) + | eval_static_operation_case38: + forall n1 n2, + eval_static_operation_cases (Osubf) (F n1 :: F n2 :: nil) + | eval_static_operation_case39: + forall n1 n2, + eval_static_operation_cases (Omulf) (F n1 :: F n2 :: nil) + | eval_static_operation_case40: + forall n1 n2, + eval_static_operation_cases (Odivf) (F n1 :: F n2 :: nil) + | eval_static_operation_case41: + forall n1 n2 n3, + eval_static_operation_cases (Omuladdf) (F n1 :: F n2 :: F n3 :: nil) + | eval_static_operation_case42: + forall n1 n2 n3, + eval_static_operation_cases (Omulsubf) (F n1 :: F n2 :: F n3 :: nil) + | eval_static_operation_case43: + forall n1, + eval_static_operation_cases (Osingleoffloat) (F n1 :: nil) + | eval_static_operation_case44: + forall n1, + eval_static_operation_cases (Ointoffloat) (F n1 :: nil) + | eval_static_operation_case45: + forall n1, + eval_static_operation_cases (Ofloatofint) (I n1 :: nil) + | eval_static_operation_case46: + forall n1, + eval_static_operation_cases (Ofloatofintu) (I n1 :: nil) + | eval_static_operation_case47: + forall c vl, + eval_static_operation_cases (Ocmp c) (vl) + | eval_static_operation_default: + forall (op: operation) (vl: list approx), + eval_static_operation_cases op vl. + +Definition eval_static_operation_match (op: operation) (vl: list approx) := + match op as z1, vl as z2 return eval_static_operation_cases z1 z2 with + | Omove, v1::nil => + eval_static_operation_case1 v1 + | Ointconst n, nil => + eval_static_operation_case2 n + | Ofloatconst n, nil => + eval_static_operation_case3 n + | Oaddrsymbol s n, nil => + eval_static_operation_case4 s n + | Ocast8signed, I n1 :: nil => + eval_static_operation_case6 n1 + | Ocast16signed, I n1 :: nil => + eval_static_operation_case7 n1 + | Oadd, I n1 :: I n2 :: nil => + eval_static_operation_case8 n1 n2 + | Oadd, S s1 n1 :: I n2 :: nil => + eval_static_operation_case9 s1 n1 n2 + | Oaddimm n, I n1 :: nil => + eval_static_operation_case11 n n1 + | Oaddimm n, S s1 n1 :: nil => + eval_static_operation_case12 n s1 n1 + | Osub, I n1 :: I n2 :: nil => + eval_static_operation_case13 n1 n2 + | Osub, S s1 n1 :: I n2 :: nil => + eval_static_operation_case14 s1 n1 n2 + | Osubimm n, I n1 :: nil => + eval_static_operation_case15 n n1 + | Omul, I n1 :: I n2 :: nil => + eval_static_operation_case16 n1 n2 + | Omulimm n, I n1 :: nil => + eval_static_operation_case17 n n1 + | Odiv, I n1 :: I n2 :: nil => + eval_static_operation_case18 n1 n2 + | Odivu, I n1 :: I n2 :: nil => + eval_static_operation_case19 n1 n2 + | Oand, I n1 :: I n2 :: nil => + eval_static_operation_case20 n1 n2 + | Oandimm n, I n1 :: nil => + eval_static_operation_case21 n n1 + | Oor, I n1 :: I n2 :: nil => + eval_static_operation_case22 n1 n2 + | Oorimm n, I n1 :: nil => + eval_static_operation_case23 n n1 + | Oxor, I n1 :: I n2 :: nil => + eval_static_operation_case24 n1 n2 + | Oxorimm n, I n1 :: nil => + eval_static_operation_case25 n n1 + | Onand, I n1 :: I n2 :: nil => + eval_static_operation_case26 n1 n2 + | Onor, I n1 :: I n2 :: nil => + eval_static_operation_case27 n1 n2 + | Onxor, I n1 :: I n2 :: nil => + eval_static_operation_case28 n1 n2 + | Oshl, I n1 :: I n2 :: nil => + eval_static_operation_case29 n1 n2 + | Oshr, I n1 :: I n2 :: nil => + eval_static_operation_case30 n1 n2 + | Oshrimm n, I n1 :: nil => + eval_static_operation_case31 n n1 + | Oshrximm n, I n1 :: nil => + eval_static_operation_case32 n n1 + | Oshru, I n1 :: I n2 :: nil => + eval_static_operation_case33 n1 n2 + | Orolm amount mask, I n1 :: nil => + eval_static_operation_case34 amount mask n1 + | Onegf, F n1 :: nil => + eval_static_operation_case35 n1 + | Oabsf, F n1 :: nil => + eval_static_operation_case36 n1 + | Oaddf, F n1 :: F n2 :: nil => + eval_static_operation_case37 n1 n2 + | Osubf, F n1 :: F n2 :: nil => + eval_static_operation_case38 n1 n2 + | Omulf, F n1 :: F n2 :: nil => + eval_static_operation_case39 n1 n2 + | Odivf, F n1 :: F n2 :: nil => + eval_static_operation_case40 n1 n2 + | Omuladdf, F n1 :: F n2 :: F n3 :: nil => + eval_static_operation_case41 n1 n2 n3 + | Omulsubf, F n1 :: F n2 :: F n3 :: nil => + eval_static_operation_case42 n1 n2 n3 + | Osingleoffloat, F n1 :: nil => + eval_static_operation_case43 n1 + | Ointoffloat, F n1 :: nil => + eval_static_operation_case44 n1 + | Ofloatofint, I n1 :: nil => + eval_static_operation_case45 n1 + | Ofloatofintu, I n1 :: nil => + eval_static_operation_case46 n1 + | Ocmp c, vl => + eval_static_operation_case47 c vl + | op, vl => + eval_static_operation_default op vl + end. + +Definition eval_static_operation (op: operation) (vl: list approx) := + match eval_static_operation_match op vl with + | eval_static_operation_case1 v1 => + v1 + | eval_static_operation_case2 n => + I n + | eval_static_operation_case3 n => + F n + | eval_static_operation_case4 s n => + S s n + | eval_static_operation_case6 n1 => + I(Int.cast8signed n1) + | eval_static_operation_case7 n1 => + I(Int.cast16signed n1) + | eval_static_operation_case8 n1 n2 => + I(Int.add n1 n2) + | eval_static_operation_case9 s1 n1 n2 => + S s1 (Int.add n1 n2) + | eval_static_operation_case11 n n1 => + I (Int.add n1 n) + | eval_static_operation_case12 n s1 n1 => + S s1 (Int.add n1 n) + | eval_static_operation_case13 n1 n2 => + I(Int.sub n1 n2) + | eval_static_operation_case14 s1 n1 n2 => + S s1 (Int.sub n1 n2) + | eval_static_operation_case15 n n1 => + I (Int.sub n n1) + | eval_static_operation_case16 n1 n2 => + I(Int.mul n1 n2) + | eval_static_operation_case17 n n1 => + I(Int.mul n1 n) + | eval_static_operation_case18 n1 n2 => + if Int.eq n2 Int.zero then Unknown else I(Int.divs n1 n2) + | eval_static_operation_case19 n1 n2 => + if Int.eq n2 Int.zero then Unknown else I(Int.divu n1 n2) + | eval_static_operation_case20 n1 n2 => + I(Int.and n1 n2) + | eval_static_operation_case21 n n1 => + I(Int.and n1 n) + | eval_static_operation_case22 n1 n2 => + I(Int.or n1 n2) + | eval_static_operation_case23 n n1 => + I(Int.or n1 n) + | eval_static_operation_case24 n1 n2 => + I(Int.xor n1 n2) + | eval_static_operation_case25 n n1 => + I(Int.xor n1 n) + | eval_static_operation_case26 n1 n2 => + I(Int.xor (Int.and n1 n2) Int.mone) + | eval_static_operation_case27 n1 n2 => + I(Int.xor (Int.or n1 n2) Int.mone) + | eval_static_operation_case28 n1 n2 => + I(Int.xor (Int.xor n1 n2) Int.mone) + | eval_static_operation_case29 n1 n2 => + if Int.ltu n2 (Int.repr 32) then I(Int.shl n1 n2) else Unknown + | eval_static_operation_case30 n1 n2 => + if Int.ltu n2 (Int.repr 32) then I(Int.shr n1 n2) else Unknown + | eval_static_operation_case31 n n1 => + if Int.ltu n (Int.repr 32) then I(Int.shr n1 n) else Unknown + | eval_static_operation_case32 n n1 => + if Int.ltu n (Int.repr 32) then I(Int.shrx n1 n) else Unknown + | eval_static_operation_case33 n1 n2 => + if Int.ltu n2 (Int.repr 32) then I(Int.shru n1 n2) else Unknown + | eval_static_operation_case34 amount mask n1 => + I(Int.rolm n1 amount mask) + | eval_static_operation_case35 n1 => + F(Float.neg n1) + | eval_static_operation_case36 n1 => + F(Float.abs n1) + | eval_static_operation_case37 n1 n2 => + F(Float.add n1 n2) + | eval_static_operation_case38 n1 n2 => + F(Float.sub n1 n2) + | eval_static_operation_case39 n1 n2 => + F(Float.mul n1 n2) + | eval_static_operation_case40 n1 n2 => + F(Float.div n1 n2) + | eval_static_operation_case41 n1 n2 n3 => + F(Float.add (Float.mul n1 n2) n3) + | eval_static_operation_case42 n1 n2 n3 => + F(Float.sub (Float.mul n1 n2) n3) + | eval_static_operation_case43 n1 => + F(Float.singleoffloat n1) + | eval_static_operation_case44 n1 => + I(Float.intoffloat n1) + | eval_static_operation_case45 n1 => + F(Float.floatofint n1) + | eval_static_operation_case46 n1 => + F(Float.floatofintu n1) + | eval_static_operation_case47 c vl => + match eval_static_condition c vl with + | None => Unknown + | Some b => I(if b then Int.one else Int.zero) + end + | eval_static_operation_default op vl => + Unknown + end. + +(** The transfer function for the dataflow analysis is straightforward: + for [Iop] instructions, we set the approximation of the destination + register to the result of executing abstractly the operation; + for [Iload] and [Icall], we set the approximation of the destination + to [Unknown]. *) + +Definition approx_regs (rl: list reg) (approx: D.t) := + List.map (fun r => D.get r approx) rl. + +Definition transfer (f: function) (pc: node) (before: D.t) := + match f.(fn_code)!pc with + | None => before + | Some i => + match i with + | Inop s => + before + | Iop op args res s => + let a := eval_static_operation op (approx_regs args before) in + D.set res a before + | Iload chunk addr args dst s => + D.set dst Unknown before + | Istore chunk addr args src s => + before + | Icall sig ros args res s => + D.set res Unknown before + | Icond cond args ifso ifnot => + before + | Ireturn optarg => + before + end + end. + +(** The static analysis itself is then an instantiation of Kildall's + generic solver for forward dataflow inequations. [analyze f] + returns a mapping from program points to mappings of pseudo-registers + to approximations. It can fail to reach a fixpoint in a reasonable + number of iterations, in which case [None] is returned. *) + +Module DS := Dataflow_Solver D. + +Definition analyze (f: RTL.function): option (PMap.t D.t) := + DS.fixpoint (successors f) f.(fn_nextpc) (transfer f) + ((f.(fn_entrypoint), D.top) :: nil). + +(** * Code transformation *) + +(** ** Operator strength reduction *) + +(** We now define auxiliary functions for strength reduction of + operators and addressing modes: replacing an operator with a cheaper + one if some of its arguments are statically known. These are again + large pattern-matchings expressed in indirect style. *) + +Section STRENGTH_REDUCTION. + +Variable approx: D.t. + +Definition intval (r: reg) : option int := + match D.get r approx with I n => Some n | _ => None end. + +Inductive cond_strength_reduction_cases: condition -> list reg -> Set := + | csr_case1: + forall c r1 r2, + cond_strength_reduction_cases (Ccomp c) (r1 :: r2 :: nil) + | csr_case2: + forall c r1 r2, + cond_strength_reduction_cases (Ccompu c) (r1 :: r2 :: nil) + | csr_default: + forall c rl, + cond_strength_reduction_cases c rl. + +Definition cond_strength_reduction_match (cond: condition) (rl: list reg) := + match cond as x, rl as y return cond_strength_reduction_cases x y with + | Ccomp c, r1 :: r2 :: nil => + csr_case1 c r1 r2 + | Ccompu c, r1 :: r2 :: nil => + csr_case2 c r1 r2 + | cond, rl => + csr_default cond rl + end. + +Definition cond_strength_reduction + (cond: condition) (args: list reg) : condition * list reg := + match cond_strength_reduction_match cond args with + | csr_case1 c r1 r2 => + match intval r1, intval r2 with + | Some n, _ => + (Ccompimm (swap_comparison c) n, r2 :: nil) + | _, Some n => + (Ccompimm c n, r1 :: nil) + | _, _ => + (cond, args) + end + | csr_case2 c r1 r2 => + match intval r1, intval r2 with + | Some n, _ => + (Ccompuimm (swap_comparison c) n, r2 :: nil) + | _, Some n => + (Ccompuimm c n, r1 :: nil) + | _, _ => + (cond, args) + end + | csr_default cond args => + (cond, args) + end. + +Definition make_addimm (n: int) (r: reg) := + if Int.eq n Int.zero + then (Omove, r :: nil) + else (Oaddimm n, r :: nil). + +Definition make_shlimm (n: int) (r: reg) := + if Int.eq n Int.zero + then (Omove, r :: nil) + else (Orolm n (Int.shl Int.mone n), r :: nil). + +Definition make_shrimm (n: int) (r: reg) := + if Int.eq n Int.zero + then (Omove, r :: nil) + else (Oshrimm n, r :: nil). + +Definition make_shruimm (n: int) (r: reg) := + if Int.eq n Int.zero + then (Omove, r :: nil) + else (Orolm (Int.sub (Int.repr 32) n) (Int.shru Int.mone n), r :: nil). + +Definition make_mulimm (n: int) (r: reg) := + if Int.eq n Int.zero then + (Ointconst Int.zero, nil) + else if Int.eq n Int.one then + (Omove, r :: nil) + else + match Int.is_power2 n with + | Some l => make_shlimm l r + | None => (Omulimm n, r :: nil) + end. + +Definition make_andimm (n: int) (r: reg) := + if Int.eq n Int.zero + then (Ointconst Int.zero, nil) + else if Int.eq n Int.mone then (Omove, r :: nil) + else (Oandimm n, r :: nil). + +Definition make_orimm (n: int) (r: reg) := + if Int.eq n Int.zero then (Omove, r :: nil) + else if Int.eq n Int.mone then (Ointconst Int.mone, nil) + else (Oorimm n, r :: nil). + +Definition make_xorimm (n: int) (r: reg) := + if Int.eq n Int.zero + then (Omove, r :: nil) + else (Oxorimm n, r :: nil). + +Inductive op_strength_reduction_cases: operation -> list reg -> Set := + | op_strength_reduction_case1: + forall (r1: reg) (r2: reg), + op_strength_reduction_cases Oadd (r1 :: r2 :: nil) + | op_strength_reduction_case2: + forall (r1: reg) (r2: reg), + op_strength_reduction_cases Osub (r1 :: r2 :: nil) + | op_strength_reduction_case3: + forall (r1: reg) (r2: reg), + op_strength_reduction_cases Omul (r1 :: r2 :: nil) + | op_strength_reduction_case4: + forall (r1: reg) (r2: reg), + op_strength_reduction_cases Odiv (r1 :: r2 :: nil) + | op_strength_reduction_case5: + forall (r1: reg) (r2: reg), + op_strength_reduction_cases Odivu (r1 :: r2 :: nil) + | op_strength_reduction_case6: + forall (r1: reg) (r2: reg), + op_strength_reduction_cases Oand (r1 :: r2 :: nil) + | op_strength_reduction_case7: + forall (r1: reg) (r2: reg), + op_strength_reduction_cases Oor (r1 :: r2 :: nil) + | op_strength_reduction_case8: + forall (r1: reg) (r2: reg), + op_strength_reduction_cases Oxor (r1 :: r2 :: nil) + | op_strength_reduction_case9: + forall (r1: reg) (r2: reg), + op_strength_reduction_cases Oshl (r1 :: r2 :: nil) + | op_strength_reduction_case10: + forall (r1: reg) (r2: reg), + op_strength_reduction_cases Oshr (r1 :: r2 :: nil) + | op_strength_reduction_case11: + forall (r1: reg) (r2: reg), + op_strength_reduction_cases Oshru (r1 :: r2 :: nil) + | op_strength_reduction_case12: + forall (c: condition) (rl: list reg), + op_strength_reduction_cases (Ocmp c) rl + | op_strength_reduction_default: + forall (op: operation) (args: list reg), + op_strength_reduction_cases op args. + +Definition op_strength_reduction_match (op: operation) (args: list reg) := + match op as z1, args as z2 return op_strength_reduction_cases z1 z2 with + | Oadd, r1 :: r2 :: nil => + op_strength_reduction_case1 r1 r2 + | Osub, r1 :: r2 :: nil => + op_strength_reduction_case2 r1 r2 + | Omul, r1 :: r2 :: nil => + op_strength_reduction_case3 r1 r2 + | Odiv, r1 :: r2 :: nil => + op_strength_reduction_case4 r1 r2 + | Odivu, r1 :: r2 :: nil => + op_strength_reduction_case5 r1 r2 + | Oand, r1 :: r2 :: nil => + op_strength_reduction_case6 r1 r2 + | Oor, r1 :: r2 :: nil => + op_strength_reduction_case7 r1 r2 + | Oxor, r1 :: r2 :: nil => + op_strength_reduction_case8 r1 r2 + | Oshl, r1 :: r2 :: nil => + op_strength_reduction_case9 r1 r2 + | Oshr, r1 :: r2 :: nil => + op_strength_reduction_case10 r1 r2 + | Oshru, r1 :: r2 :: nil => + op_strength_reduction_case11 r1 r2 + | Ocmp c, rl => + op_strength_reduction_case12 c rl + | op, args => + op_strength_reduction_default op args + end. + +Definition op_strength_reduction (op: operation) (args: list reg) := + match op_strength_reduction_match op args with + | op_strength_reduction_case1 r1 r2 => (* Oadd *) + match intval r1, intval r2 with + | Some n, _ => make_addimm n r2 + | _, Some n => make_addimm n r1 + | _, _ => (op, args) + end + | op_strength_reduction_case2 r1 r2 => (* Osub *) + match intval r1, intval r2 with + | Some n, _ => (Osubimm n, r2 :: nil) + | _, Some n => make_addimm (Int.neg n) r1 + | _, _ => (op, args) + end + | op_strength_reduction_case3 r1 r2 => (* Omul *) + match intval r1, intval r2 with + | Some n, _ => make_mulimm n r2 + | _, Some n => make_mulimm n r1 + | _, _ => (op, args) + end + | op_strength_reduction_case4 r1 r2 => (* Odiv *) + match intval r2 with + | Some n => + match Int.is_power2 n with + | Some l => (Oshrximm l, r1 :: nil) + | None => (op, args) + end + | None => + (op, args) + end + | op_strength_reduction_case5 r1 r2 => (* Odivu *) + match intval r2 with + | Some n => + match Int.is_power2 n with + | Some l => make_shruimm l r1 + | None => (op, args) + end + | None => + (op, args) + end + | op_strength_reduction_case6 r1 r2 => (* Oand *) + match intval r1, intval r2 with + | Some n, _ => make_andimm n r2 + | _, Some n => make_andimm n r1 + | _, _ => (op, args) + end + | op_strength_reduction_case7 r1 r2 => (* Oor *) + match intval r1, intval r2 with + | Some n, _ => make_orimm n r2 + | _, Some n => make_orimm n r1 + | _, _ => (op, args) + end + | op_strength_reduction_case8 r1 r2 => (* Oxor *) + match intval r1, intval r2 with + | Some n, _ => make_xorimm n r2 + | _, Some n => make_xorimm n r1 + | _, _ => (op, args) + end + | op_strength_reduction_case9 r1 r2 => (* Oshl *) + match intval r2 with + | Some n => + if Int.ltu n (Int.repr 32) + then make_shlimm n r1 + else (op, args) + | _ => (op, args) + end + | op_strength_reduction_case10 r1 r2 => (* Oshr *) + match intval r2 with + | Some n => + if Int.ltu n (Int.repr 32) + then make_shrimm n r1 + else (op, args) + | _ => (op, args) + end + | op_strength_reduction_case11 r1 r2 => (* Oshru *) + match intval r2 with + | Some n => + if Int.ltu n (Int.repr 32) + then make_shruimm n r1 + else (op, args) + | _ => (op, args) + end + | op_strength_reduction_case12 c args => (* Ocmp *) + let (c', args') := cond_strength_reduction c args in + (Ocmp c', args') + | op_strength_reduction_default op args => (* default *) + (op, args) + end. + +Inductive addr_strength_reduction_cases: forall (addr: addressing) (args: list reg), Set := + | addr_strength_reduction_case1: + forall (r1: reg) (r2: reg), + addr_strength_reduction_cases (Aindexed2) (r1 :: r2 :: nil) + | addr_strength_reduction_case2: + forall (symb: ident) (ofs: int) (r1: reg), + addr_strength_reduction_cases (Abased symb ofs) (r1 :: nil) + | addr_strength_reduction_case3: + forall n r1, + addr_strength_reduction_cases (Aindexed n) (r1 :: nil) + | addr_strength_reduction_default: + forall (addr: addressing) (args: list reg), + addr_strength_reduction_cases addr args. + +Definition addr_strength_reduction_match (addr: addressing) (args: list reg) := + match addr as z1, args as z2 return addr_strength_reduction_cases z1 z2 with + | Aindexed2, r1 :: r2 :: nil => + addr_strength_reduction_case1 r1 r2 + | Abased symb ofs, r1 :: nil => + addr_strength_reduction_case2 symb ofs r1 + | Aindexed n, r1 :: nil => + addr_strength_reduction_case3 n r1 + | addr, args => + addr_strength_reduction_default addr args + end. + +Definition addr_strength_reduction (addr: addressing) (args: list reg) := + match addr_strength_reduction_match addr args with + | addr_strength_reduction_case1 r1 r2 => (* Aindexed2 *) + match D.get r1 approx, D.get r2 approx with + | S symb n1, I n2 => (Aglobal symb (Int.add n1 n2), nil) + | S symb n1, _ => (Abased symb n1, r2 :: nil) + | I n1, S symb n2 => (Aglobal symb (Int.add n1 n2), nil) + | I n1, _ => (Aindexed n1, r2 :: nil) + | _, S symb n2 => (Abased symb n2, r1 :: nil) + | _, I n2 => (Aindexed n2, r1 :: nil) + | _, _ => (addr, args) + end + | addr_strength_reduction_case2 symb ofs r1 => (* Abased *) + match intval r1 with + | Some n => (Aglobal symb (Int.add ofs n), nil) + | _ => (addr, args) + end + | addr_strength_reduction_case3 n r1 => (* Aindexed *) + match D.get r1 approx with + | S symb ofs => (Aglobal symb (Int.add ofs n), nil) + | _ => (addr, args) + end + | addr_strength_reduction_default addr args => (* default *) + (addr, args) + end. + +End STRENGTH_REDUCTION. + +(** ** Code transformation *) + +(** The code transformation proceeds instruction by instruction. + Operators whose arguments are all statically known are turned + into ``load integer constant'', ``load float constant'' or + ``load symbol address'' operations. Operators for which some + but not all arguments are known are subject to strength reduction, + and similarly for the addressing modes of load and store instructions. + Other instructions are unchanged. *) + +Definition transf_instr (approx: D.t) (instr: instruction) := + match instr with + | Iop op args res s => + match eval_static_operation op (approx_regs args approx) with + | I n => + Iop (Ointconst n) nil res s + | F n => + Iop (Ofloatconst n) nil res s + | S symb ofs => + Iop (Oaddrsymbol symb ofs) nil res s + | _ => + let (op', args') := op_strength_reduction approx op args in + Iop op' args' res s + end + | Iload chunk addr args dst s => + let (addr', args') := addr_strength_reduction approx addr args in + Iload chunk addr' args' dst s + | Istore chunk addr args src s => + let (addr', args') := addr_strength_reduction approx addr args in + Istore chunk addr' args' src s + | Icall sig ros args res s => + let ros' := + match ros with + | inl r => + match D.get r approx with + | S symb ofs => if Int.eq ofs Int.zero then inr _ symb else ros + | _ => ros + end + | inr s => ros + end in + Icall sig ros' args res s + | Icond cond args s1 s2 => + match eval_static_condition cond (approx_regs args approx) with + | Some b => + if b then Inop s1 else Inop s2 + | None => + let (cond', args') := cond_strength_reduction approx cond args in + Icond cond' args' s1 s2 + end + | _ => + instr + end. + +Definition transf_code (approxs: PMap.t D.t) (instrs: code) : code := + PTree.map (fun pc instr => transf_instr approxs!!pc instr) instrs. + +Lemma transf_code_wf: + forall f approxs, + (forall pc, Plt pc f.(fn_nextpc) \/ f.(fn_code)!pc = None) -> + (forall pc, Plt pc f.(fn_nextpc) + \/ (transf_code approxs f.(fn_code))!pc = None). +Proof. + intros. + elim (H pc); intro. + left; auto. + right. unfold transf_code. rewrite PTree.gmap. + unfold option_map; rewrite H0. reflexivity. +Qed. + +Definition transf_function (f: function) : function := + match analyze f with + | None => f + | Some approxs => + mkfunction + f.(fn_sig) + f.(fn_params) + f.(fn_stacksize) + (transf_code approxs f.(fn_code)) + f.(fn_entrypoint) + f.(fn_nextpc) + (transf_code_wf f approxs f.(fn_code_wf)) + end. + +Definition transf_program (p: program) : program := + transform_program transf_function p. diff --git a/backend/Constpropproof.v b/backend/Constpropproof.v new file mode 100644 index 00000000..080aa74d --- /dev/null +++ b/backend/Constpropproof.v @@ -0,0 +1,883 @@ +(** Correctness proof for constant propagation. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Registers. +Require Import RTL. +Require Import Lattice. +Require Import Kildall. +Require Import Constprop. + +(** * Correctness of the static analysis *) + +Section ANALYSIS. + +Variable ge: genv. + +(** We first show that the dataflow analysis is correct with respect + to the dynamic semantics: the approximations (sets of values) + of a register at a program point predicted by the static analysis + are a superset of the values actually encountered during concrete + executions. We formalize this correspondence between run-time values and + compile-time approximations by the following predicate. *) + +Definition val_match_approx (a: approx) (v: val) : Prop := + match a with + | Unknown => True + | I p => v = Vint p + | F p => v = Vfloat p + | S symb ofs => exists b, Genv.find_symbol ge symb = Some b /\ v = Vptr b ofs + | _ => False + end. + +Definition regs_match_approx (a: D.t) (rs: regset) : Prop := + forall r, val_match_approx (D.get r a) rs#r. + +Lemma val_match_approx_increasing: + forall a1 a2 v, + Approx.ge a1 a2 -> val_match_approx a2 v -> val_match_approx a1 v. +Proof. + intros until v. + intros [A|[B|C]]. + subst a1. simpl. auto. + subst a2. simpl. tauto. + subst a2. auto. +Qed. + +Lemma regs_match_approx_increasing: + forall a1 a2 rs, + D.ge a1 a2 -> regs_match_approx a2 rs -> regs_match_approx a1 rs. +Proof. + unfold D.ge, regs_match_approx. intros. + apply val_match_approx_increasing with (D.get r a2); auto. +Qed. + +Lemma regs_match_approx_update: + forall ra rs a v r, + val_match_approx a v -> + regs_match_approx ra rs -> + regs_match_approx (D.set r a ra) (rs#r <- v). +Proof. + intros; red; intros. rewrite Regmap.gsspec. + case (peq r0 r); intro. + subst r0. rewrite D.gss. auto. + rewrite D.gso; auto. +Qed. + +Inductive val_list_match_approx: list approx -> list val -> Prop := + | vlma_nil: + val_list_match_approx nil nil + | vlma_cons: + forall a al v vl, + val_match_approx a v -> + val_list_match_approx al vl -> + val_list_match_approx (a :: al) (v :: vl). + +Lemma approx_regs_val_list: + forall ra rs rl, + regs_match_approx ra rs -> + val_list_match_approx (approx_regs rl ra) rs##rl. +Proof. + induction rl; simpl; intros. + constructor. + constructor. apply H. auto. +Qed. + +Ltac SimplVMA := + match goal with + | H: (val_match_approx (I _) ?v) |- _ => + simpl in H; (try subst v); SimplVMA + | H: (val_match_approx (F _) ?v) |- _ => + simpl in H; (try subst v); SimplVMA + | H: (val_match_approx (S _ _) ?v) |- _ => + simpl in H; + (try (elim H; + let b := fresh "b" in let A := fresh in let B := fresh in + (intros b [A B]; subst v; clear H))); + SimplVMA + | _ => + idtac + end. + +Ltac InvVLMA := + match goal with + | H: (val_list_match_approx nil ?vl) |- _ => + inversion H + | H: (val_list_match_approx (?a :: ?al) ?vl) |- _ => + inversion H; SimplVMA; InvVLMA + | _ => + idtac + end. + +(** We then show that [eval_static_operation] is a correct abstract + interpretations of [eval_operation]: if the concrete arguments match + the given approximations, the concrete results match the + approximations returned by [eval_static_operation]. *) + +Lemma eval_static_condition_correct: + forall cond al vl b, + val_list_match_approx al vl -> + eval_static_condition cond al = Some b -> + eval_condition cond vl = Some b. +Proof. + intros until b. + unfold eval_static_condition. + case (eval_static_condition_match cond al); intros; + InvVLMA; simpl; congruence. +Qed. + +Lemma eval_static_operation_correct: + forall op sp al vl v, + val_list_match_approx al vl -> + eval_operation ge sp op vl = Some v -> + val_match_approx (eval_static_operation op al) v. +Proof. + intros until v. + unfold eval_static_operation. + case (eval_static_operation_match op al); intros; + InvVLMA; simpl in *; FuncInv; try congruence. + + replace v with v0. auto. congruence. + + destruct (Genv.find_symbol ge s). exists b. intuition congruence. + congruence. + + exists b. split. auto. congruence. + exists b. split. auto. congruence. + exists b. split. auto. congruence. + + replace n2 with i0. destruct (Int.eq i0 Int.zero). + discriminate. injection H0; intro; subst v. simpl. congruence. congruence. + + replace n2 with i0. destruct (Int.eq i0 Int.zero). + discriminate. injection H0; intro; subst v. simpl. congruence. congruence. + + subst v. unfold Int.not. congruence. + subst v. unfold Int.not. congruence. + subst v. unfold Int.not. congruence. + + replace n2 with i0. destruct (Int.ltu i0 (Int.repr 32)). + injection H0; intro; subst v. simpl. congruence. discriminate. congruence. + + replace n2 with i0. destruct (Int.ltu i0 (Int.repr 32)). + injection H0; intro; subst v. simpl. congruence. discriminate. congruence. + + destruct (Int.ltu n (Int.repr 32)). + injection H0; intro; subst v. simpl. congruence. discriminate. + + destruct (Int.ltu n (Int.repr 32)). + injection H0; intro; subst v. simpl. congruence. discriminate. + + replace n2 with i0. destruct (Int.ltu i0 (Int.repr 32)). + injection H0; intro; subst v. simpl. congruence. discriminate. congruence. + + caseEq (eval_static_condition c vl0). + intros. generalize (eval_static_condition_correct _ _ _ _ H H1). + intro. rewrite H2 in H0. + destruct b; injection H0; intro; subst v; simpl; auto. + intros; simpl; auto. + + auto. +Qed. + +(** The correctness of the transfer function follows: if the register + state before a transition matches the static approximations at that + program point, the register state after that transition matches + the static approximation returned by the transfer function. *) + +Lemma transfer_correct: + forall f c sp pc rs m pc' rs' m' ra, + exec_instr ge c sp pc rs m pc' rs' m' -> + c = f.(fn_code) -> + regs_match_approx ra rs -> + regs_match_approx (transfer f pc ra) rs'. +Proof. + induction 1; intros; subst c; unfold transfer; rewrite H; auto. + (* Iop *) + apply regs_match_approx_update. + apply eval_static_operation_correct with sp rs##args. + eapply approx_regs_val_list. auto. auto. auto. + (* Iload *) + apply regs_match_approx_update; auto. simpl; auto. + (* Icall *) + apply regs_match_approx_update; auto. simpl; auto. +Qed. + +(** The correctness of the static analysis follows from the results + above and the fact that the result of the static analysis is + a solution of the forward dataflow inequations. *) + +Lemma analyze_correct_1: + forall f approxs, + analyze f = Some approxs -> + forall c sp pc rs m pc' rs' m', + exec_instr ge c sp pc rs m pc' rs' m' -> + c = f.(fn_code) -> + regs_match_approx approxs!!pc rs -> + regs_match_approx approxs!!pc' rs'. +Proof. + intros. + apply regs_match_approx_increasing with (transfer f pc approxs!!pc). + eapply DS.fixpoint_solution. + unfold analyze in H. eexact H. + elim (fn_code_wf f pc); intro. auto. + generalize (exec_instr_present _ _ _ _ _ _ _ _ _ H0). + rewrite H1. intro. contradiction. + eapply successors_correct. rewrite <- H1. eauto. + eapply transfer_correct; eauto. +Qed. + +Lemma analyze_correct_2: + forall f approxs, + analyze f = Some approxs -> + forall c sp pc rs m pc' rs' m', + exec_instrs ge c sp pc rs m pc' rs' m' -> + c = f.(fn_code) -> + regs_match_approx approxs!!pc rs -> + regs_match_approx approxs!!pc' rs'. +Proof. + intros f approxs ANL. induction 1. + auto. + intros. eapply analyze_correct_1; eauto. + eauto. +Qed. + +Lemma analyze_correct_3: + forall f approxs rs, + analyze f = Some approxs -> + regs_match_approx approxs!!(f.(fn_entrypoint)) rs. +Proof. + intros. + apply regs_match_approx_increasing with D.top. + eapply DS.fixpoint_entry. unfold analyze in H; eexact H. + auto with coqlib. + red; intros. rewrite D.get_top. simpl; auto. +Qed. + +(** * Correctness of strength reduction *) + +(** We now show that strength reduction over operators and addressing + modes preserve semantics: the strength-reduced operations and + addressings evaluate to the same values as the original ones if the + actual arguments match the static approximations used for strength + reduction. *) + +Section STRENGTH_REDUCTION. + +Variable approx: D.t. +Variable sp: val. +Variable rs: regset. +Hypothesis MATCH: regs_match_approx approx rs. + +Lemma intval_correct: + forall r n, + intval approx r = Some n -> rs#r = Vint n. +Proof. + intros until n. + unfold intval. caseEq (D.get r approx); intros; try discriminate. + generalize (MATCH r). unfold val_match_approx. rewrite H. + congruence. +Qed. + +Lemma cond_strength_reduction_correct: + forall cond args, + let (cond', args') := cond_strength_reduction approx cond args in + eval_condition cond' rs##args' = eval_condition cond rs##args. +Proof. + intros. unfold cond_strength_reduction. + case (cond_strength_reduction_match cond args); intros. + caseEq (intval approx r1); intros. + simpl. rewrite (intval_correct _ _ H). + destruct (rs#r2); auto. rewrite Int.swap_cmp. auto. + destruct c; reflexivity. + caseEq (intval approx r2); intros. + simpl. rewrite (intval_correct _ _ H0). auto. + auto. + caseEq (intval approx r1); intros. + simpl. rewrite (intval_correct _ _ H). + destruct (rs#r2); auto. rewrite Int.swap_cmpu. auto. + destruct c; reflexivity. + caseEq (intval approx r2); intros. + simpl. rewrite (intval_correct _ _ H0). auto. + auto. + auto. +Qed. + +Lemma make_addimm_correct: + forall n r v, + let (op, args) := make_addimm n r in + eval_operation ge sp Oadd (rs#r :: Vint n :: nil) = Some v -> + eval_operation ge sp op rs##args = Some v. +Proof. + intros; unfold make_addimm. + generalize (Int.eq_spec n Int.zero); case (Int.eq n Int.zero); intros. + subst n. simpl in *. FuncInv. rewrite Int.add_zero in H. congruence. + rewrite Int.add_zero in H. congruence. + exact H0. +Qed. + +Lemma make_shlimm_correct: + forall n r v, + let (op, args) := make_shlimm n r in + eval_operation ge sp Oshl (rs#r :: Vint n :: nil) = Some v -> + eval_operation ge sp op rs##args = Some v. +Proof. + intros; unfold make_shlimm. + generalize (Int.eq_spec n Int.zero); case (Int.eq n Int.zero); intros. + subst n. simpl in *. FuncInv. rewrite Int.shl_zero in H. congruence. + simpl in *. FuncInv. caseEq (Int.ltu n (Int.repr 32)); intros. + rewrite H1 in H0. rewrite Int.shl_rolm in H0. auto. exact H1. + rewrite H1 in H0. discriminate. +Qed. + +Lemma make_shrimm_correct: + forall n r v, + let (op, args) := make_shrimm n r in + eval_operation ge sp Oshr (rs#r :: Vint n :: nil) = Some v -> + eval_operation ge sp op rs##args = Some v. +Proof. + intros; unfold make_shrimm. + generalize (Int.eq_spec n Int.zero); case (Int.eq n Int.zero); intros. + subst n. simpl in *. FuncInv. rewrite Int.shr_zero in H. congruence. + assumption. +Qed. + +Lemma make_shruimm_correct: + forall n r v, + let (op, args) := make_shruimm n r in + eval_operation ge sp Oshru (rs#r :: Vint n :: nil) = Some v -> + eval_operation ge sp op rs##args = Some v. +Proof. + intros; unfold make_shruimm. + generalize (Int.eq_spec n Int.zero); case (Int.eq n Int.zero); intros. + subst n. simpl in *. FuncInv. rewrite Int.shru_zero in H. congruence. + simpl in *. FuncInv. caseEq (Int.ltu n (Int.repr 32)); intros. + rewrite H1 in H0. rewrite Int.shru_rolm in H0. auto. exact H1. + rewrite H1 in H0. discriminate. +Qed. + +Lemma make_mulimm_correct: + forall n r v, + let (op, args) := make_mulimm n r in + eval_operation ge sp Omul (rs#r :: Vint n :: nil) = Some v -> + eval_operation ge sp op rs##args = Some v. +Proof. + intros; unfold make_mulimm. + generalize (Int.eq_spec n Int.zero); case (Int.eq n Int.zero); intros. + subst n. simpl in H0. FuncInv. rewrite Int.mul_zero in H. simpl. congruence. + generalize (Int.eq_spec n Int.one); case (Int.eq n Int.one); intros. + subst n. simpl in H1. simpl. FuncInv. rewrite Int.mul_one in H0. congruence. + caseEq (Int.is_power2 n); intros. + replace (eval_operation ge sp Omul (rs # r :: Vint n :: nil)) + with (eval_operation ge sp Oshl (rs # r :: Vint i :: nil)). + apply make_shlimm_correct. + simpl. generalize (Int.is_power2_range _ _ H1). + change (Z_of_nat wordsize) with 32. intro. rewrite H2. + destruct rs#r; auto. rewrite (Int.mul_pow2 i0 _ _ H1). auto. + exact H2. +Qed. + +Lemma make_andimm_correct: + forall n r v, + let (op, args) := make_andimm n r in + eval_operation ge sp Oand (rs#r :: Vint n :: nil) = Some v -> + eval_operation ge sp op rs##args = Some v. +Proof. + intros; unfold make_andimm. + generalize (Int.eq_spec n Int.zero); case (Int.eq n Int.zero); intros. + subst n. simpl in *. FuncInv. rewrite Int.and_zero in H. congruence. + generalize (Int.eq_spec n Int.mone); case (Int.eq n Int.mone); intros. + subst n. simpl in *. FuncInv. rewrite Int.and_mone in H0. congruence. + exact H1. +Qed. + +Lemma make_orimm_correct: + forall n r v, + let (op, args) := make_orimm n r in + eval_operation ge sp Oor (rs#r :: Vint n :: nil) = Some v -> + eval_operation ge sp op rs##args = Some v. +Proof. + intros; unfold make_orimm. + generalize (Int.eq_spec n Int.zero); case (Int.eq n Int.zero); intros. + subst n. simpl in *. FuncInv. rewrite Int.or_zero in H. congruence. + generalize (Int.eq_spec n Int.mone); case (Int.eq n Int.mone); intros. + subst n. simpl in *. FuncInv. rewrite Int.or_mone in H0. congruence. + exact H1. +Qed. + +Lemma make_xorimm_correct: + forall n r v, + let (op, args) := make_xorimm n r in + eval_operation ge sp Oxor (rs#r :: Vint n :: nil) = Some v -> + eval_operation ge sp op rs##args = Some v. +Proof. + intros; unfold make_xorimm. + generalize (Int.eq_spec n Int.zero); case (Int.eq n Int.zero); intros. + subst n. simpl in *. FuncInv. rewrite Int.xor_zero in H. congruence. + exact H0. +Qed. + +Lemma op_strength_reduction_correct: + forall op args v, + let (op', args') := op_strength_reduction approx op args in + eval_operation ge sp op rs##args = Some v -> + eval_operation ge sp op' rs##args' = Some v. +Proof. + intros; unfold op_strength_reduction; + case (op_strength_reduction_match op args); intros; simpl List.map. + (* Oadd *) + caseEq (intval approx r1); intros. + rewrite (intval_correct _ _ H). + replace (eval_operation ge sp Oadd (Vint i :: rs # r2 :: nil)) + with (eval_operation ge sp Oadd (rs # r2 :: Vint i :: nil)). + apply make_addimm_correct. + simpl. destruct rs#r2; auto. rewrite Int.add_commut; auto. + caseEq (intval approx r2); intros. + rewrite (intval_correct _ _ H0). apply make_addimm_correct. + assumption. + (* Osub *) + caseEq (intval approx r1); intros. + rewrite (intval_correct _ _ H) in H0. assumption. + caseEq (intval approx r2); intros. + rewrite (intval_correct _ _ H0). + replace (eval_operation ge sp Osub (rs # r1 :: Vint i :: nil)) + with (eval_operation ge sp Oadd (rs # r1 :: Vint (Int.neg i) :: nil)). + apply make_addimm_correct. + simpl. destruct rs#r1; auto; rewrite Int.sub_add_opp; auto. + assumption. + (* Omul *) + caseEq (intval approx r1); intros. + rewrite (intval_correct _ _ H). + replace (eval_operation ge sp Omul (Vint i :: rs # r2 :: nil)) + with (eval_operation ge sp Omul (rs # r2 :: Vint i :: nil)). + apply make_mulimm_correct. + simpl. destruct rs#r2; auto. rewrite Int.mul_commut; auto. + caseEq (intval approx r2); intros. + rewrite (intval_correct _ _ H0). apply make_mulimm_correct. + assumption. + (* Odiv *) + caseEq (intval approx r2); intros. + caseEq (Int.is_power2 i); intros. + rewrite (intval_correct _ _ H) in H1. + simpl in *; FuncInv. destruct (Int.eq i Int.zero). congruence. + change 32 with (Z_of_nat wordsize). + rewrite (Int.is_power2_range _ _ H0). + rewrite (Int.divs_pow2 i1 _ _ H0) in H1. auto. + assumption. + assumption. + (* Odivu *) + caseEq (intval approx r2); intros. + caseEq (Int.is_power2 i); intros. + rewrite (intval_correct _ _ H). + replace (eval_operation ge sp Odivu (rs # r1 :: Vint i :: nil)) + with (eval_operation ge sp Oshru (rs # r1 :: Vint i0 :: nil)). + apply make_shruimm_correct. + simpl. destruct rs#r1; auto. + change 32 with (Z_of_nat wordsize). + rewrite (Int.is_power2_range _ _ H0). + generalize (Int.eq_spec i Int.zero); case (Int.eq i Int.zero); intros. + subst i. discriminate. + rewrite (Int.divu_pow2 i1 _ _ H0). auto. + assumption. + assumption. + (* Oand *) + caseEq (intval approx r1); intros. + rewrite (intval_correct _ _ H). + replace (eval_operation ge sp Oand (Vint i :: rs # r2 :: nil)) + with (eval_operation ge sp Oand (rs # r2 :: Vint i :: nil)). + apply make_andimm_correct. + simpl. destruct rs#r2; auto. rewrite Int.and_commut; auto. + caseEq (intval approx r2); intros. + rewrite (intval_correct _ _ H0). apply make_andimm_correct. + assumption. + (* Oor *) + caseEq (intval approx r1); intros. + rewrite (intval_correct _ _ H). + replace (eval_operation ge sp Oor (Vint i :: rs # r2 :: nil)) + with (eval_operation ge sp Oor (rs # r2 :: Vint i :: nil)). + apply make_orimm_correct. + simpl. destruct rs#r2; auto. rewrite Int.or_commut; auto. + caseEq (intval approx r2); intros. + rewrite (intval_correct _ _ H0). apply make_orimm_correct. + assumption. + (* Oxor *) + caseEq (intval approx r1); intros. + rewrite (intval_correct _ _ H). + replace (eval_operation ge sp Oxor (Vint i :: rs # r2 :: nil)) + with (eval_operation ge sp Oxor (rs # r2 :: Vint i :: nil)). + apply make_xorimm_correct. + simpl. destruct rs#r2; auto. rewrite Int.xor_commut; auto. + caseEq (intval approx r2); intros. + rewrite (intval_correct _ _ H0). apply make_xorimm_correct. + assumption. + (* Oshl *) + caseEq (intval approx r2); intros. + caseEq (Int.ltu i (Int.repr 32)); intros. + rewrite (intval_correct _ _ H). apply make_shlimm_correct. + assumption. + assumption. + (* Oshr *) + caseEq (intval approx r2); intros. + caseEq (Int.ltu i (Int.repr 32)); intros. + rewrite (intval_correct _ _ H). apply make_shrimm_correct. + assumption. + assumption. + (* Oshru *) + caseEq (intval approx r2); intros. + caseEq (Int.ltu i (Int.repr 32)); intros. + rewrite (intval_correct _ _ H). apply make_shruimm_correct. + assumption. + assumption. + (* Ocmp *) + generalize (cond_strength_reduction_correct c rl). + destruct (cond_strength_reduction approx c rl). + simpl. intro. rewrite H. auto. + (* default *) + assumption. +Qed. + +Ltac KnownApprox := + match goal with + | MATCH: (regs_match_approx ?approx ?rs), + H: (D.get ?r ?approx = ?a) |- _ => + generalize (MATCH r); rewrite H; intro; clear H; KnownApprox + | _ => idtac + end. + +Lemma addr_strength_reduction_correct: + forall addr args, + let (addr', args') := addr_strength_reduction approx addr args in + eval_addressing ge sp addr' rs##args' = eval_addressing ge sp addr rs##args. +Proof. + intros. + + (* Useful lemmas *) + assert (A0: forall r1 r2, + eval_addressing ge sp Aindexed2 (rs ## (r1 :: r2 :: nil)) = + eval_addressing ge sp Aindexed2 (rs ## (r2 :: r1 :: nil))). + intros. simpl. destruct (rs#r1); destruct (rs#r2); auto; + rewrite Int.add_commut; auto. + + assert (A1: forall r1 r2 n, + val_match_approx (I n) rs#r2 -> + eval_addressing ge sp (Aindexed n) (rs ## (r1 :: nil)) = + eval_addressing ge sp Aindexed2 (rs ## (r1 :: r2 :: nil))). + intros; simpl in *. rewrite H. auto. + + assert (A2: forall r1 r2 n, + val_match_approx (I n) rs#r1 -> + eval_addressing ge sp (Aindexed n) (rs ## (r2 :: nil)) = + eval_addressing ge sp Aindexed2 (rs ## (r1 :: r2 :: nil))). + intros. rewrite A0. apply A1. auto. + + assert (A3: forall r1 r2 id ofs, + val_match_approx (S id ofs) rs#r1 -> + eval_addressing ge sp (Abased id ofs) (rs ## (r2 :: nil)) = + eval_addressing ge sp Aindexed2 (rs ## (r1 :: r2 :: nil))). + intros. elim H. intros b [A B]. simpl. rewrite A; rewrite B. auto. + + assert (A4: forall r1 r2 id ofs, + val_match_approx (S id ofs) rs#r2 -> + eval_addressing ge sp (Abased id ofs) (rs ## (r1 :: nil)) = + eval_addressing ge sp Aindexed2 (rs ## (r1 :: r2 :: nil))). + intros. rewrite A0. apply A3. auto. + + assert (A5: forall r1 r2 id ofs n, + val_match_approx (S id ofs) rs#r1 -> + val_match_approx (I n) rs#r2 -> + eval_addressing ge sp (Aglobal id (Int.add ofs n)) nil = + eval_addressing ge sp Aindexed2 (rs ## (r1 :: r2 :: nil))). + intros. elim H. intros b [A B]. simpl. rewrite A; rewrite B. + simpl in H0. rewrite H0. auto. + + unfold addr_strength_reduction; + case (addr_strength_reduction_match addr args); intros. + + (* Aindexed2 *) + caseEq (D.get r1 approx); intros; + caseEq (D.get r2 approx); intros; + try reflexivity; KnownApprox; auto. + rewrite A0. rewrite Int.add_commut. apply A5; auto. + + (* Abased *) + caseEq (intval approx r1); intros. + simpl; rewrite (intval_correct _ _ H). auto. + auto. + + (* Aindexed *) + caseEq (D.get r1 approx); intros; auto. + simpl; KnownApprox. + elim H0. intros b [A B]. rewrite A; rewrite B. auto. + + (* default *) + reflexivity. +Qed. + +End STRENGTH_REDUCTION. + +End ANALYSIS. + +(** * Correctness of the code transformation *) + +(** We now show that the transformed code after constant propagation + has the same semantics as the original code. *) + +Section PRESERVATION. + +Variable prog: program. +Let tprog := transf_program prog. +Let ge := Genv.globalenv prog. +Let tge := Genv.globalenv tprog. + +Lemma symbols_preserved: + forall (s: ident), Genv.find_symbol tge s = Genv.find_symbol ge s. +Proof (Genv.find_symbol_transf transf_function prog). + +Lemma functions_translated: + forall (v: val) (f: RTL.function), + Genv.find_funct ge v = Some f -> + Genv.find_funct tge v = Some (transf_function f). +Proof (@Genv.find_funct_transf _ _ transf_function prog). + +Lemma function_ptr_translated: + forall (v: block) (f: RTL.function), + Genv.find_funct_ptr ge v = Some f -> + Genv.find_funct_ptr tge v = Some (transf_function f). +Proof (@Genv.find_funct_ptr_transf _ _ transf_function prog). + +(** The proof of semantic preservation is a simulation argument + based on diagrams of the following form: +<< + pc, rs, m ------------------- pc, rs, m + | | + | | + v v + pc', rs', m' ---------------- pc', rs', m' +>> + The left vertical arrow represents a transition in the + original RTL code. The top horizontal bar expresses that the values + of registers [rs] match their compile-time approximations at point [pc]. + These two parts of the diagram are the hypotheses. In conclusions, + we want to prove the other two parts: the right vertical arrow, + which is a transition in the transformed RTL code, and the bottom + horizontal bar, which means that [rs'] matches the compile-time + approximations at [pc']. + + To help express those diagrams, we define the following propositions + parameterized by the transition in the original RTL code (left arrow) + and summarizing the three other arrows of the diagram. *) + +Definition exec_instr_prop + (c: code) (sp: val) + (pc: node) (rs: regset) (m: mem) + (pc': node) (rs': regset) (m': mem) : Prop := + exec_instr tge c sp pc rs m pc' rs' m' /\ + forall f approxs + (CF: c = f.(RTL.fn_code)) + (ANL: analyze f = Some approxs) + (MATCH: regs_match_approx ge approxs!!pc rs), + exec_instr tge (transf_code approxs c) sp pc rs m pc' rs' m'. + +Definition exec_instrs_prop + (c: code) (sp: val) + (pc: node) (rs: regset) (m: mem) + (pc': node) (rs': regset) (m': mem) : Prop := + exec_instrs tge c sp pc rs m pc' rs' m' /\ + forall f approxs + (CF: c = f.(RTL.fn_code)) + (ANL: analyze f = Some approxs) + (MATCH: regs_match_approx ge approxs!!pc rs), + exec_instrs tge (transf_code approxs c) sp pc rs m pc' rs' m'. + +Definition exec_function_prop + (f: RTL.function) (args: list val) (m: mem) + (res: val) (m': mem) : Prop := + exec_function tge (transf_function f) args m res m'. + +Ltac TransfInstr := + match goal with + | H1: (PTree.get ?pc ?c = Some ?instr), + H2: (analyze ?f = Some ?approxs) |- _ => + cut ((transf_code approxs c)!pc = Some(transf_instr approxs!!pc instr)); + [ simpl + | unfold transf_code; rewrite PTree.gmap; + unfold option_map; rewrite H1; reflexivity ] + end. + +(** The predicates above serve as induction hypotheses in the proof of + simulation, which proceeds by induction over the + evaluation derivation of the original code. *) + +Lemma transf_funct_correct: + forall f args m res m', + exec_function ge f args m res m' -> + exec_function_prop f args m res m'. +Proof. + apply (exec_function_ind_3 ge + exec_instr_prop exec_instrs_prop exec_function_prop); + intros; red. + (* Inop *) + split; [idtac| intros; TransfInstr]. + apply exec_Inop; auto. + intros; apply exec_Inop; auto. + (* Iop *) + split; [idtac| intros; TransfInstr]. + apply exec_Iop with op args. auto. + rewrite (eval_operation_preserved symbols_preserved). auto. + caseEq (op_strength_reduction approxs!!pc op args); + intros op' args' OSR. + assert (eval_operation tge sp op' rs##args' = Some v). + rewrite (eval_operation_preserved symbols_preserved). + generalize (op_strength_reduction_correct ge approxs!!pc sp rs + MATCH op args v). + rewrite OSR; simpl. auto. + generalize (eval_static_operation_correct ge op sp + (approx_regs args approxs!!pc) rs##args v + (approx_regs_val_list _ _ _ args MATCH) H0). + case (eval_static_operation op (approx_regs args approxs!!pc)); intros; + simpl in H1; + eapply exec_Iop; eauto; simpl. + simpl in H2; congruence. + simpl in H2; congruence. + elim H2; intros b [A B]. rewrite symbols_preserved. + rewrite A; rewrite B; auto. + (* Iload *) + split; [idtac| intros; TransfInstr]. + eapply exec_Iload; eauto. + rewrite (eval_addressing_preserved symbols_preserved). auto. + caseEq (addr_strength_reduction approxs!!pc addr args); + intros addr' args' ASR. + assert (eval_addressing tge sp addr' rs##args' = Some a). + rewrite (eval_addressing_preserved symbols_preserved). + generalize (addr_strength_reduction_correct ge approxs!!pc sp rs + MATCH addr args). + rewrite ASR; simpl. congruence. + intro. eapply exec_Iload; eauto. + (* Istore *) + split; [idtac| intros; TransfInstr]. + eapply exec_Istore; eauto. + rewrite (eval_addressing_preserved symbols_preserved). auto. + caseEq (addr_strength_reduction approxs!!pc addr args); + intros addr' args' ASR. + assert (eval_addressing tge sp addr' rs##args' = Some a). + rewrite (eval_addressing_preserved symbols_preserved). + generalize (addr_strength_reduction_correct ge approxs!!pc sp rs + MATCH addr args). + rewrite ASR; simpl. congruence. + intro. eapply exec_Istore; eauto. + (* Icall *) + assert (find_function tge ros rs = Some (transf_function f)). + generalize H0; unfold find_function; destruct ros. + apply functions_translated. + rewrite symbols_preserved. destruct (Genv.find_symbol ge i). + apply function_ptr_translated. congruence. + assert (sig = fn_sig (transf_function f)). + rewrite H1. unfold transf_function. destruct (analyze f); reflexivity. + split; [idtac| intros; TransfInstr]. + eapply exec_Icall; eauto. + set (ros' := + match ros with + | inl r => + match D.get r approxs !! pc with + | Novalue => ros + | Unknown => ros + | I _ => ros + | F _ => ros + | S symb ofs => if Int.eq ofs Int.zero then inr reg symb else ros + end + | inr _ => ros + end). + intros; eapply exec_Icall; eauto. + unfold ros'; destruct ros; auto. + caseEq (D.get r approxs!!pc); intros; auto. + generalize (Int.eq_spec i0 Int.zero); case (Int.eq i0 Int.zero); intros; auto. + generalize (MATCH r). rewrite H7. intros [b [A B]]. + rewrite <- symbols_preserved in A. + generalize H4. simpl. rewrite A. rewrite B. subst i0. + rewrite Genv.find_funct_find_funct_ptr. auto. + + (* Icond, true *) + split; [idtac| intros; TransfInstr]. + eapply exec_Icond_true; eauto. + caseEq (cond_strength_reduction approxs!!pc cond args); + intros cond' args' CSR. + assert (eval_condition cond' rs##args' = Some true). + generalize (cond_strength_reduction_correct + ge approxs!!pc rs MATCH cond args). + rewrite CSR. intro. congruence. + caseEq (eval_static_condition cond (approx_regs args approxs!!pc)). + intros b ESC. + generalize (eval_static_condition_correct ge cond _ _ _ + (approx_regs_val_list _ _ _ args MATCH) ESC); intro. + replace b with true. intro; eapply exec_Inop; eauto. congruence. + intros. eapply exec_Icond_true; eauto. + + (* Icond, false *) + split; [idtac| intros; TransfInstr]. + eapply exec_Icond_false; eauto. + caseEq (cond_strength_reduction approxs!!pc cond args); + intros cond' args' CSR. + assert (eval_condition cond' rs##args' = Some false). + generalize (cond_strength_reduction_correct + ge approxs!!pc rs MATCH cond args). + rewrite CSR. intro. congruence. + caseEq (eval_static_condition cond (approx_regs args approxs!!pc)). + intros b ESC. + generalize (eval_static_condition_correct ge cond _ _ _ + (approx_regs_val_list _ _ _ args MATCH) ESC); intro. + replace b with false. intro; eapply exec_Inop; eauto. congruence. + intros. eapply exec_Icond_false; eauto. + + (* refl *) + split. apply exec_refl. intros. apply exec_refl. + (* one *) + elim H0; intros. + split. apply exec_one; auto. + intros. apply exec_one. eapply H2; eauto. + (* trans *) + elim H0; intros. elim H2; intros. + split. + apply exec_trans with pc2 rs2 m2; auto. + intros; apply exec_trans with pc2 rs2 m2. + eapply H4; eauto. eapply H6; eauto. + eapply analyze_correct_2; eauto. + + (* function *) + elim H1; intros. + unfold transf_function. + caseEq (analyze f). + intros approxs ANL. + eapply exec_funct; simpl; eauto. + eapply H5. reflexivity. auto. + apply analyze_correct_3; auto. + TransfInstr; auto. + intros. eapply exec_funct; eauto. +Qed. + +(** The preservation of the observable behavior of the program then + follows. *) + +Theorem transf_program_correct: + forall (r: val), + exec_program prog r -> exec_program tprog r. +Proof. + intros r [b [f [m [SYMB [FIND [SIG EXEC]]]]]]. + red. exists b. exists (transf_function f). exists m. + split. change (prog_main tprog) with (prog_main prog). + rewrite symbols_preserved. auto. + split. apply function_ptr_translated; auto. + split. unfold transf_function. + rewrite <- SIG. destruct (analyze f); reflexivity. + apply transf_funct_correct. + unfold tprog, transf_program. rewrite Genv.init_mem_transf. + exact EXEC. +Qed. + +End PRESERVATION. diff --git a/backend/Conventions.v b/backend/Conventions.v new file mode 100644 index 00000000..99cc9338 --- /dev/null +++ b/backend/Conventions.v @@ -0,0 +1,690 @@ +(** Function calling conventions and other conventions regarding the use of + machine registers and stack slots. *) + +Require Import Coqlib. +Require Import AST. +Require Import Locations. + +(** * Classification of machine registers *) + +(** Machine registers (type [mreg] in module [Locations]) are divided in + the following groups: +- Temporaries used for spilling, reloading, and parallel move operations. +- Allocatable registers, that can be assigned to RTL pseudo-registers. + These are further divided into: +-- Callee-save registers, whose value is preserved across a function call. +-- Caller-save registers that can be modified during a function call. + + We follow the PowerPC application binary interface (ABI) in our choice + of callee- and caller-save registers. +*) + +Definition destroyed_at_call_regs := + R3 :: R4 :: R5 :: R6 :: R7 :: R8 :: R9 :: R10 :: + F1 :: F2 :: F3 :: F4 :: F5 :: F6 :: F7 :: F8 :: F9 :: F10 :: nil. + +Definition destroyed_at_call := + List.map R destroyed_at_call_regs. + +Definition int_callee_save_regs := + R13 :: R14 :: R15 :: R16 :: R17 :: R18 :: R19 :: R20 :: R21 :: R22 :: + R23 :: R24 :: R25 :: R26 :: R27 :: R28 :: R29 :: R30 :: R31 :: nil. + +Definition float_callee_save_regs := + F14 :: F15 :: F16 :: F17 :: F18 :: F19 :: F20 :: F21 :: F22 :: + F23 :: F24 :: F25 :: F26 :: F27 :: F28 :: F29 :: F30 :: F31 :: nil. + +Definition temporaries := + R IT1 :: R IT2 :: R IT3 :: R FT1 :: R FT2 :: R FT3 :: nil. + +(** The [index_int_callee_save] and [index_float_callee_save] associate + a unique positive integer to callee-save registers. This integer is + used in [Stacking] to determine where to save these registers in + the activation record if they are used by the current function. *) + +Definition index_int_callee_save (r: mreg) := + match r with + | R13 => 0 | R14 => 1 | R15 => 2 | R16 => 3 + | R17 => 4 | R18 => 5 | R19 => 6 | R20 => 7 + | R21 => 8 | R22 => 9 | R23 => 10 | R24 => 11 + | R25 => 12 | R26 => 13 | R27 => 14 | R28 => 15 + | R29 => 16 | R30 => 17 | R31 => 18 | _ => -1 + end. + +Definition index_float_callee_save (r: mreg) := + match r with + | F14 => 0 | F15 => 1 | F16 => 2 | F17 => 3 + | F18 => 4 | F19 => 5 | F20 => 6 | F21 => 7 + | F22 => 8 | F23 => 9 | F24 => 10 | F25 => 11 + | F26 => 12 | F27 => 13 | F28 => 14 | F29 => 15 + | F30 => 16 | F31 => 17 | _ => -1 + end. + +Ltac ElimOrEq := + match goal with + | |- (?x = ?y) \/ _ -> _ => + let H := fresh in + (intro H; elim H; clear H; + [intro H; rewrite <- H; clear H | ElimOrEq]) + | |- False -> _ => + let H := fresh in (intro H; contradiction) + end. + +Ltac OrEq := + match goal with + | |- (?x = ?x) \/ _ => left; reflexivity + | |- (?x = ?y) \/ _ => right; OrEq + | |- False => fail + end. + +Ltac NotOrEq := + match goal with + | |- (?x = ?y) \/ _ -> False => + let H := fresh in ( + intro H; elim H; clear H; [intro; discriminate | NotOrEq]) + | |- False -> False => + contradiction + end. + +Lemma index_int_callee_save_pos: + forall r, In r int_callee_save_regs -> index_int_callee_save r >= 0. +Proof. + intro r. simpl; ElimOrEq; unfold index_int_callee_save; omega. +Qed. + +Lemma index_float_callee_save_pos: + forall r, In r float_callee_save_regs -> index_float_callee_save r >= 0. +Proof. + intro r. simpl; ElimOrEq; unfold index_float_callee_save; omega. +Qed. + +Lemma index_int_callee_save_pos2: + forall r, index_int_callee_save r >= 0 -> In r int_callee_save_regs. +Proof. + destruct r; simpl; intro; omegaContradiction || OrEq. +Qed. + +Lemma index_float_callee_save_pos2: + forall r, index_float_callee_save r >= 0 -> In r float_callee_save_regs. +Proof. + destruct r; simpl; intro; omegaContradiction || OrEq. +Qed. + +Lemma index_int_callee_save_inj: + forall r1 r2, + In r1 int_callee_save_regs -> + In r2 int_callee_save_regs -> + r1 <> r2 -> + index_int_callee_save r1 <> index_int_callee_save r2. +Proof. + intros r1 r2. + simpl; ElimOrEq; ElimOrEq; unfold index_int_callee_save; + intros; congruence. +Qed. + +Lemma index_float_callee_save_inj: + forall r1 r2, + In r1 float_callee_save_regs -> + In r2 float_callee_save_regs -> + r1 <> r2 -> + index_float_callee_save r1 <> index_float_callee_save r2. +Proof. + intros r1 r2. + simpl; ElimOrEq; ElimOrEq; unfold index_float_callee_save; + intros; congruence. +Qed. + +(** The following lemmas show that + (temporaries, destroyed at call, integer callee-save, float callee-save) + is a partition of the set of machine registers. *) + +Lemma int_float_callee_save_disjoint: + list_disjoint int_callee_save_regs float_callee_save_regs. +Proof. + red; intros r1 r2. simpl; ElimOrEq; ElimOrEq; discriminate. +Qed. + +Lemma register_classification: + forall r, + (In (R r) temporaries \/ In (R r) destroyed_at_call) \/ + (In r int_callee_save_regs \/ In r float_callee_save_regs). +Proof. + destruct r; + try (left; left; simpl; OrEq); + try (left; right; simpl; OrEq); + try (right; left; simpl; OrEq); + try (right; right; simpl; OrEq). +Qed. + +Lemma int_callee_save_not_destroyed: + forall r, + In (R r) temporaries \/ In (R r) destroyed_at_call -> + ~(In r int_callee_save_regs). +Proof. + intros; red; intros. elim H. + generalize H0. simpl; ElimOrEq; NotOrEq. + generalize H0. simpl; ElimOrEq; NotOrEq. +Qed. + +Lemma float_callee_save_not_destroyed: + forall r, + In (R r) temporaries \/ In (R r) destroyed_at_call -> + ~(In r float_callee_save_regs). +Proof. + intros; red; intros. elim H. + generalize H0. simpl; ElimOrEq; NotOrEq. + generalize H0. simpl; ElimOrEq; NotOrEq. +Qed. + +Lemma int_callee_save_type: + forall r, In r int_callee_save_regs -> mreg_type r = Tint. +Proof. + intro. simpl; ElimOrEq; reflexivity. +Qed. + +Lemma float_callee_save_type: + forall r, In r float_callee_save_regs -> mreg_type r = Tfloat. +Proof. + intro. simpl; ElimOrEq; reflexivity. +Qed. + +Ltac NoRepet := + match goal with + | |- list_norepet nil => + apply list_norepet_nil + | |- list_norepet (?a :: ?b) => + apply list_norepet_cons; [simpl; intuition discriminate | NoRepet] + end. + +Lemma int_callee_save_norepet: + list_norepet int_callee_save_regs. +Proof. + unfold int_callee_save_regs; NoRepet. +Qed. + +Lemma float_callee_save_norepet: + list_norepet float_callee_save_regs. +Proof. + unfold float_callee_save_regs; NoRepet. +Qed. + +(** * Acceptable locations for register allocation *) + +(** The following predicate describes the locations that can be assigned + to an RTL pseudo-register during register allocation: a non-temporary + machine register or a [Local] stack slot are acceptable. *) + +Definition loc_acceptable (l: loc) : Prop := + match l with + | R r => ~(In l temporaries) + | S (Local ofs ty) => ofs >= 0 + | S (Incoming _ _) => False + | S (Outgoing _ _) => False + end. + +Definition locs_acceptable (ll: list loc) : Prop := + forall l, In l ll -> loc_acceptable l. + +Lemma temporaries_not_acceptable: + forall l, loc_acceptable l -> Loc.notin l temporaries. +Proof. + unfold loc_acceptable; destruct l. + simpl. intuition congruence. + destruct s; try contradiction. + intro. simpl. tauto. +Qed. +Hint Resolve temporaries_not_acceptable: locs. + +Lemma locs_acceptable_disj_temporaries: + forall ll, locs_acceptable ll -> Loc.disjoint ll temporaries. +Proof. + intros. apply Loc.notin_disjoint. intros. + apply temporaries_not_acceptable. auto. +Qed. + +(** * Function calling conventions *) + +(** The functions in this section determine the locations (machine registers + and stack slots) used to communicate arguments and results between the + caller and the callee during function calls. These locations are functions + of the signature of the function and of the call instruction. + Agreement between the caller and the callee on the locations to use + is guaranteed by our dynamic semantics for Cminor and RTL, which demand + that the signature of the call instruction is identical to that of the + called function. + + Calling conventions are largely arbitrary: they must respect the properties + proved in this section (such as no overlapping between the locations + of function arguments), but this leaves much liberty in choosing actual + locations. To ensure binary interoperability of code generated by our + compiler with libraries compiled by another PowerPC compiler, we + implement the standard conventions defined in the PowerPC application + binary interface. *) + +(** ** Location of function result *) + +(** The result value of a function is passed back to the caller in + registers [R3] or [F1], depending on the type of the returned value. + We treat a function without result as a function with one integer result. *) + +Definition loc_result (s: signature) : mreg := + match s.(sig_res) with + | None => R3 + | Some Tint => R3 + | Some Tfloat => F1 + end. + +(** The result location has the type stated in the signature. *) + +Lemma loc_result_type: + forall sig, + mreg_type (loc_result sig) = + match sig.(sig_res) with None => Tint | Some ty => ty end. +Proof. + intros; unfold loc_result. + destruct (sig_res sig). + destruct t; reflexivity. + reflexivity. +Qed. + +(** The result location is a caller-save register. *) + +Lemma loc_result_acceptable: + forall (s: signature), In (R (loc_result s)) destroyed_at_call. +Proof. + intros; unfold loc_result. + destruct (sig_res s). + destruct t; simpl; OrEq. + simpl; OrEq. +Qed. + +(** ** Location of function arguments *) + +(** The PowerPC ABI states the following convention for passing arguments + to a function: +- The first 8 integer arguments are passed in registers [R3] to [R10]. +- The first 10 float arguments are passed in registers [F1] to [F10]. +- Each float argument passed in a float register ``consumes'' two + integer arguments. +- Extra arguments are passed on the stack, in [Outgoing] slots, consecutively + assigned (1 word for an integer argument, 2 words for a float), + starting at word offset 6 (the bottom 24 bytes of the stack are reserved + for other purposes). +- Stack space is reserved (as unused [Outgoing] slots) for the arguments + that are passed in registers. + +These conventions are somewhat baroque, but they are mandated by the ABI. +*) + +Definition drop1 (x: list mreg) := + match x with nil => nil | hd :: tl => tl end. +Definition drop2 (x: list mreg) := + match x with nil => nil | hd :: nil => nil | hd1 :: hd2 :: tl => tl end. + +Fixpoint loc_arguments_rec + (tyl: list typ) (iregl: list mreg) (fregl: list mreg) + (ofs: Z) {struct tyl} : list loc := + match tyl with + | nil => nil + | Tint :: tys => + match iregl with + | nil => S (Outgoing ofs Tint) + | ireg :: _ => R ireg + end :: + loc_arguments_rec tys (drop1 iregl) fregl (ofs + 1) + | Tfloat :: tys => + match fregl with + | nil => S (Outgoing ofs Tfloat) + | freg :: _ => R freg + end :: + loc_arguments_rec tys (drop2 iregl) (drop1 fregl) (ofs + 2) + end. + +Definition int_param_regs := + R3 :: R4 :: R5 :: R6 :: R7 :: R8 :: R9 :: R10 :: nil. +Definition float_param_regs := + F1 :: F2 :: F3 :: F4 :: F5 :: F6 :: F7 :: F8 :: F9 :: F10 :: nil. + +(** [loc_arguments s] returns the list of locations where to store arguments + when calling a function with signature [s]. *) + +Definition loc_arguments (s: signature) : list loc := + loc_arguments_rec s.(sig_args) int_param_regs float_param_regs 6. + +(** [size_arguments s] returns the number of [Outgoing] slots used + to call a function with signature [s]. *) + +Fixpoint size_arguments_rec (tyl: list typ) : Z := + match tyl with + | nil => 6 + | Tint :: tys => 1 + size_arguments_rec tys + | Tfloat :: tys => 2 + size_arguments_rec tys + end. + +Definition size_arguments (s: signature) : Z := + size_arguments_rec s.(sig_args). + +(** Argument locations are either non-temporary registers or [Outgoing] + stack slots at offset 6 or more. *) + +Definition loc_argument_acceptable (l: loc) : Prop := + match l with + | R r => ~(In l temporaries) + | S (Outgoing ofs ty) => ofs >= 6 + | _ => False + end. + +Remark drop1_incl: + forall x l, In x (drop1 l) -> In x l. +Proof. + intros. destruct l. elim H. simpl in H. auto with coqlib. +Qed. +Remark drop2_incl: + forall x l, In x (drop2 l) -> In x l. +Proof. + intros. destruct l. elim H. destruct l. elim H. + simpl in H. auto with coqlib. +Qed. + +Remark loc_arguments_rec_charact: + forall tyl iregl fregl ofs l, + In l (loc_arguments_rec tyl iregl fregl ofs) -> + match l with + | R r => In r iregl \/ In r fregl + | S (Outgoing ofs' ty) => ofs' >= ofs + | S _ => False + end. +Proof. + induction tyl; simpl loc_arguments_rec; intros. + elim H. + destruct a; elim H; intros. + destruct iregl; subst l. omega. left; auto with coqlib. + generalize (IHtyl _ _ _ _ H0). + destruct l. intros [A|B]. left; apply drop1_incl; auto. tauto. + destruct s; try contradiction. omega. + destruct fregl; subst l. omega. right; auto with coqlib. + generalize (IHtyl _ _ _ _ H0). + destruct l. intros [A|B]. left; apply drop2_incl; auto. + right; apply drop1_incl; auto. + destruct s; try contradiction. omega. +Qed. + +Lemma loc_arguments_acceptable: + forall (s: signature) (r: loc), + In r (loc_arguments s) -> loc_argument_acceptable r. +Proof. + unfold loc_arguments; intros. + generalize (loc_arguments_rec_charact _ _ _ _ _ H). + destruct r. + intro H0; elim H0. simpl. unfold not. ElimOrEq; NotOrEq. + simpl. unfold not. ElimOrEq; NotOrEq. + destruct s0; try contradiction. + simpl. auto. +Qed. +Hint Resolve loc_arguments_acceptable: locs. + +(** Arguments are parwise disjoint (in the sense of [Loc.norepet]). *) + +Remark drop1_norepet: + forall l, list_norepet l -> list_norepet (drop1 l). +Proof. + intros. destruct l; simpl. constructor. inversion H. auto. +Qed. +Remark drop2_norepet: + forall l, list_norepet l -> list_norepet (drop2 l). +Proof. + intros. destruct l; simpl. constructor. + destruct l; simpl. constructor. inversion H. inversion H3. auto. +Qed. + +Remark loc_arguments_rec_notin_reg: + forall tyl iregl fregl ofs r, + ~(In r iregl) -> ~(In r fregl) -> + Loc.notin (R r) (loc_arguments_rec tyl iregl fregl ofs). +Proof. + induction tyl; simpl; intros. + auto. + destruct a; simpl; split. + destruct iregl. auto. red; intro; subst m. apply H. auto with coqlib. + apply IHtyl. red; intro. apply H. apply drop1_incl; auto. auto. + destruct fregl. auto. red; intro; subst m. apply H0. auto with coqlib. + apply IHtyl. red; intro. apply H. apply drop2_incl; auto. + red; intro. apply H0. apply drop1_incl; auto. +Qed. + +Remark loc_arguments_rec_notin_local: + forall tyl iregl fregl ofs ofs0 ty0, + Loc.notin (S (Local ofs0 ty0)) (loc_arguments_rec tyl iregl fregl ofs). +Proof. + induction tyl; simpl; intros. + auto. + destruct a; simpl; split. + destruct iregl. auto. auto. + apply IHtyl. + destruct fregl. auto. auto. + apply IHtyl. +Qed. + +Remark loc_arguments_rec_notin_outgoing: + forall tyl iregl fregl ofs ofs0 ty0, + ofs0 + typesize ty0 <= ofs -> + Loc.notin (S (Outgoing ofs0 ty0)) (loc_arguments_rec tyl iregl fregl ofs). +Proof. + induction tyl; simpl; intros. + auto. + destruct a; simpl; split. + destruct iregl. omega. auto. + apply IHtyl. omega. + destruct fregl. omega. auto. + apply IHtyl. omega. +Qed. + +Lemma loc_arguments_norepet: + forall (s: signature), Loc.norepet (loc_arguments s). +Proof. + assert (forall tyl iregl fregl ofs, + list_norepet iregl -> + list_norepet fregl -> + list_disjoint iregl fregl -> + Loc.norepet (loc_arguments_rec tyl iregl fregl ofs)). + induction tyl; simpl; intros. + constructor. + destruct a; constructor. + destruct iregl. + apply loc_arguments_rec_notin_outgoing. simpl; omega. + apply loc_arguments_rec_notin_reg. simpl. inversion H. auto. + apply list_disjoint_notin with (m :: iregl); auto with coqlib. + apply IHtyl. apply drop1_norepet; auto. auto. + red; intros. apply H1. apply drop1_incl; auto. auto. + destruct fregl. + apply loc_arguments_rec_notin_outgoing. simpl; omega. + apply loc_arguments_rec_notin_reg. simpl. + red; intro. apply (H1 m m). apply drop2_incl; auto. + auto with coqlib. auto. + simpl. inversion H0. auto. + apply IHtyl. apply drop2_norepet; auto. apply drop1_norepet; auto. + red; intros. apply H1. apply drop2_incl; auto. apply drop1_incl; auto. + + intro. unfold loc_arguments. apply H. + unfold int_param_regs. NoRepet. + unfold float_param_regs. NoRepet. + red; intros x y; simpl. ElimOrEq; ElimOrEq; discriminate. +Qed. + +(** The offsets of [Outgoing] arguments are below [size_arguments s]. *) + +Lemma loc_arguments_bounded: + forall (s: signature) (ofs: Z) (ty: typ), + In (S (Outgoing ofs ty)) (loc_arguments s) -> + ofs + typesize ty <= size_arguments s. +Proof. + intros. + assert (forall tyl, size_arguments_rec tyl >= 6). + induction tyl; unfold size_arguments_rec; fold size_arguments_rec; intros. + omega. + destruct a; omega. + assert (forall tyl iregl fregl ofs0, + In (S (Outgoing ofs ty)) (loc_arguments_rec tyl iregl fregl ofs0) -> + ofs + typesize ty <= size_arguments_rec tyl + ofs0 - 6). + induction tyl; simpl loc_arguments_rec; intros. + elim H1. + unfold size_arguments_rec; fold size_arguments_rec. + destruct a. + elim H1; intro. destruct iregl; simplify_eq H2; intros. + subst ty; subst ofs. generalize (H0 tyl). simpl typesize. omega. + generalize (IHtyl _ _ _ H2). omega. + elim H1; intro. destruct fregl; simplify_eq H2; intros. + subst ty; subst ofs. generalize (H0 tyl). simpl typesize. omega. + generalize (IHtyl _ _ _ H2). omega. + replace (size_arguments s) with (size_arguments s + 6 - 6). + unfold size_arguments. eapply H1. unfold loc_arguments in H. eauto. + omega. +Qed. + +(** Temporary registers do not overlap with argument locations. *) + +Lemma loc_arguments_not_temporaries: + forall sig, Loc.disjoint (loc_arguments sig) temporaries. +Proof. + intros; red; intros x1 x2 H. + generalize (loc_arguments_rec_charact _ _ _ _ _ H). + destruct x1. + intro H0; elim H0; simpl; (ElimOrEq; ElimOrEq; congruence). + destruct s; try contradiction. intro. + simpl; ElimOrEq; auto. +Qed. +Hint Resolve loc_arguments_not_temporaries: locs. + +(** Callee-save registers do not overlap with argument locations. *) + +Lemma arguments_not_preserved: + forall sig l, + Loc.notin l destroyed_at_call -> loc_acceptable l -> + Loc.notin l (loc_arguments sig). +Proof. + intros. unfold loc_arguments. destruct l. + apply loc_arguments_rec_notin_reg. + generalize (Loc.notin_not_in _ _ H). intro; red; intro. + apply H1. generalize H2. simpl. ElimOrEq; OrEq. + generalize (Loc.notin_not_in _ _ H). intro; red; intro. + apply H1. generalize H2. simpl. ElimOrEq; OrEq. + destruct s; simpl in H0; try contradiction. + apply loc_arguments_rec_notin_local. +Qed. +Hint Resolve arguments_not_preserved: locs. + +(** Argument locations agree in number with the function signature. *) + +Lemma loc_arguments_length: + forall sig, + List.length (loc_arguments sig) = List.length sig.(sig_args). +Proof. + assert (forall tyl iregl fregl ofs, + List.length (loc_arguments_rec tyl iregl fregl ofs) = List.length tyl). + induction tyl; simpl; intros. + auto. + destruct a; simpl; decEq; auto. + intros. unfold loc_arguments. auto. +Qed. + +(** Argument locations agree in types with the function signature. *) + +Lemma loc_arguments_type: + forall sig, List.map Loc.type (loc_arguments sig) = sig.(sig_args). +Proof. + assert (forall tyl iregl fregl ofs, + (forall r, In r iregl -> mreg_type r = Tint) -> + (forall r, In r fregl -> mreg_type r = Tfloat) -> + List.map Loc.type (loc_arguments_rec tyl iregl fregl ofs) = tyl). + induction tyl; simpl; intros. + auto. + destruct a; simpl; apply (f_equal2 (@cons typ)). + destruct iregl. reflexivity. simpl. apply H. auto with coqlib. + apply IHtyl. + intros. apply H. apply drop1_incl. auto. auto. + destruct fregl. reflexivity. simpl. apply H0. auto with coqlib. + apply IHtyl. + intros. apply H. apply drop2_incl. auto. + intros. apply H0. apply drop1_incl. auto. + + intros. unfold loc_arguments. apply H. + intro; simpl. ElimOrEq; reflexivity. + intro; simpl. ElimOrEq; reflexivity. +Qed. + +(** There is no partial overlap between an argument location and an + acceptable location: they are either identical or disjoint. *) + +Lemma no_overlap_arguments: + forall args sg, + locs_acceptable args -> + Loc.no_overlap args (loc_arguments sg). +Proof. + unfold Loc.no_overlap; intros. + generalize (H r H0). + generalize (loc_arguments_acceptable _ _ H1). + destruct s; destruct r; simpl. + intros. case (mreg_eq m0 m); intro. left; congruence. tauto. + intros. right; destruct s; auto. + intros. right. auto. + destruct s; try tauto. destruct s0; tauto. +Qed. + +(** ** Location of function parameters *) + +(** A function finds the values of its parameter in the same locations + where its caller stored them, except that the stack-allocated arguments, + viewed as [Outgoing] slots by the caller, are accessed via [Incoming] + slots (at the same offsets and types) in the callee. *) + +Definition parameter_of_argument (l: loc) : loc := + match l with + | S (Outgoing n ty) => S (Incoming n ty) + | _ => l + end. + +Definition loc_parameters (s: signature) := + List.map parameter_of_argument (loc_arguments s). + +Lemma loc_parameters_type: + forall sig, List.map Loc.type (loc_parameters sig) = sig.(sig_args). +Proof. + intros. unfold loc_parameters. + rewrite list_map_compose. + rewrite <- loc_arguments_type. + apply list_map_exten. + intros. destruct x; simpl. auto. + destruct s; reflexivity. +Qed. + +Lemma loc_parameters_not_temporaries: + forall sig, Loc.disjoint (loc_parameters sig) temporaries. +Proof. + intro; red; intros. + unfold loc_parameters in H. + elim (list_in_map_inv _ _ _ H). intros y [EQ IN]. + generalize (loc_arguments_not_temporaries sig y x2 IN H0). + subst x1. destruct x2. + destruct y; simpl. auto. destruct s; auto. + byContradiction. generalize H0. simpl. NotOrEq. +Qed. + +Lemma no_overlap_parameters: + forall params sg, + locs_acceptable params -> + Loc.no_overlap (loc_parameters sg) params. +Proof. + unfold Loc.no_overlap; intros. + unfold loc_parameters in H0. + elim (list_in_map_inv _ _ _ H0). intros t [EQ IN]. + rewrite EQ. + generalize (loc_arguments_acceptable _ _ IN). + generalize (H s H1). + destruct s; destruct t; simpl. + intros. case (mreg_eq m0 m); intro. left; congruence. tauto. + intros. right; destruct s; simpl; auto. + intros; right; auto. + destruct s; try tauto. destruct s0; try tauto. + intros; simpl. tauto. +Qed. + diff --git a/backend/Csharpminor.v b/backend/Csharpminor.v new file mode 100644 index 00000000..858d9454 --- /dev/null +++ b/backend/Csharpminor.v @@ -0,0 +1,511 @@ +(** Abstract syntax and semantics for the Csharpminor language. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. + +(** Abstract syntax *) + +(** Cminor is a low-level imperative language structured in expressions, + statements, functions and programs. Expressions include + reading and writing local variables, reading and writing store locations, + arithmetic operations, function calls, and conditional expressions + (similar to [e1 ? e2 : e3] in C). The [Elet] and [Eletvar] constructs + enable sharing the computations of subexpressions. De Bruijn notation + is used: [Eletvar n] refers to the value bound by then [n+1]-th enclosing + [Elet] construct. + + Unlike in Cminor (the next intermediate language of the back-end), + Csharpminor local variables reside in memory, and their address can + be taken using [Eaddrof] expressions. + + Another difference with Cminor is that Csharpminor is entirely + processor-neutral. In particular, Csharpminor uses a standard set of + operations: it does not reflect processor-specific operations nor + addressing modes. *) + +Inductive operation : Set := + | Ointconst: int -> operation (**r integer constant *) + | Ofloatconst: float -> operation (**r floating-point constant *) + | Ocast8unsigned: operation (**r 8-bit zero extension *) + | Ocast8signed: operation (**r 8-bit sign extension *) + | Ocast16unsigned: operation (**r 16-bit zero extension *) + | Ocast16signed: operation (**r 16-bit sign extension *) + | Onotint: operation (**r bitwise complement *) + | Oadd: operation (**r integer addition *) + | Osub: operation (**r integer subtraction *) + | Omul: operation (**r integer multiplication *) + | Odiv: operation (**r integer signed division *) + | Odivu: operation (**r integer unsigned division *) + | Omod: operation (**r integer signed modulus *) + | Omodu: operation (**r integer unsigned modulus *) + | Oand: operation (**r bitwise ``and'' *) + | Oor: operation (**r bitwise ``or'' *) + | Oxor: operation (**r bitwise ``xor'' *) + | Oshl: operation (**r left shift *) + | Oshr: operation (**r right signed shift *) + | Oshru: operation (**r right unsigned shift *) + | Onegf: operation (**r float opposite *) + | Oabsf: operation (**r float absolute value *) + | Oaddf: operation (**r float addition *) + | Osubf: operation (**r float subtraction *) + | Omulf: operation (**r float multiplication *) + | Odivf: operation (**r float division *) + | Osingleoffloat: operation (**r float truncation *) + | Ointoffloat: operation (**r integer to float *) + | Ofloatofint: operation (**r float to signed integer *) + | Ofloatofintu: operation (**r float to unsigned integer *) + | Ocmp: comparison -> operation (**r integer signed comparison *) + | Ocmpu: comparison -> operation (**r integer unsigned comparison *) + | Ocmpf: comparison -> operation. (**r float comparison *) + +Inductive expr : Set := + | Evar : ident -> expr (**r reading a scalar variable *) + | Eaddrof : ident -> expr (**r taking the address of a variable *) + | Eassign : ident -> expr -> expr (**r assignment to a scalar variable *) + | Eop : operation -> exprlist -> expr (**r arithmetic operation *) + | Eload : memory_chunk -> expr -> expr (**r memory read *) + | Estore : memory_chunk -> expr -> expr -> expr (**r memory write *) + | Ecall : signature -> expr -> exprlist -> expr (**r function call *) + | Econdition : expr -> expr -> expr -> expr (**r conditional expression *) + | Elet : expr -> expr -> expr (**r let binding *) + | Eletvar : nat -> expr (**r reference to a let-bound variable *) + +with exprlist : Set := + | Enil: exprlist + | Econs: expr -> exprlist -> exprlist. + +(** Statements include expression evaluation, an if/then/else conditional, + infinite loops, blocks and early block exits, and early function returns. + [Sexit n] terminates prematurely the execution of the [n+1] enclosing + [Sblock] statements. *) + +Inductive stmt : Set := + | Sexpr: expr -> stmt + | Sifthenelse: expr -> stmtlist -> stmtlist -> stmt + | Sloop: stmtlist -> stmt + | Sblock: stmtlist -> stmt + | Sexit: nat -> stmt + | Sreturn: option expr -> stmt + +with stmtlist : Set := + | Snil: stmtlist + | Scons: stmt -> stmtlist -> stmtlist. + +(** The local variables of a function can be either scalar variables + (whose type, size and signedness are given by a [memory_chunk] + or array variables (of the indicated sizes). The only operation + permitted on an array variable is taking its address. *) + +Inductive local_variable : Set := + | LVscalar: memory_chunk -> local_variable + | LVarray: Z -> local_variable. + +(** Functions are composed of a signature, a list of parameter names + with associated memory chunks (parameters must be scalar), a list of + local variables with associated [local_variable] description, and a + list of statements representing the function body. *) + +Record function : Set := mkfunction { + fn_sig: signature; + fn_params: list (ident * memory_chunk); + fn_vars: list (ident * local_variable); + fn_body: stmtlist +}. + +Definition program := AST.program function. + +(** * Operational semantics *) + +(** The operational semantics for Csharpminor is given in big-step operational + style. Expressions evaluate to values, and statements evaluate to + ``outcomes'' indicating how execution should proceed afterwards. *) + +Inductive outcome: Set := + | Out_normal: outcome (**r continue in sequence *) + | Out_exit: nat -> outcome (**r terminate [n+1] enclosing blocks *) + | Out_return: option val -> outcome. (**r return immediately to caller *) + +Definition outcome_result_value + (out: outcome) (ot: option typ) (v: val) : Prop := + match out, ot with + | Out_normal, None => v = Vundef + | Out_return None, None => v = Vundef + | Out_return (Some v'), Some ty => v = v' + | _, _ => False + end. + +Definition outcome_block (out: outcome) : outcome := + match out with + | Out_normal => Out_normal + | Out_exit O => Out_normal + | Out_exit (S n) => Out_exit n + | Out_return optv => Out_return optv + end. + +(** Three kinds of evaluation environments are involved: +- [genv]: global environments, define symbols and functions; +- [env]: local environments, map local variables to memory blocks; +- [lenv]: let environments, map de Bruijn indices to values. +*) +Definition genv := Genv.t function. +Definition env := PTree.t (block * local_variable). +Definition empty_env : env := PTree.empty (block * local_variable). +Definition letenv := list val. + +Definition sizeof (lv: local_variable) : Z := + match lv with + | LVscalar chunk => size_chunk chunk + | LVarray sz => Zmax 0 sz + end. + +Definition fn_variables (f: function) := + List.map + (fun id_chunk => (fst id_chunk, LVscalar (snd id_chunk))) f.(fn_params) + ++ f.(fn_vars). + +Definition fn_params_names (f: function) := + List.map (@fst ident memory_chunk) f.(fn_params). + +Definition fn_vars_names (f: function) := + List.map (@fst ident local_variable) f.(fn_vars). + + +(** Evaluation of operator applications. *) + +Definition eval_compare_null (c: comparison) (n: int) : option val := + if Int.eq n Int.zero + then match c with Ceq => Some Vfalse | Cne => Some Vtrue | _ => None end + else None. + +Definition eval_operation (op: operation) (vl: list val) (m: mem): option val := + match op, vl with + | Ointconst n, nil => Some (Vint n) + | Ofloatconst n, nil => Some (Vfloat n) + | Ocast8unsigned, Vint n1 :: nil => Some (Vint (Int.cast8unsigned n1)) + | Ocast8signed, Vint n1 :: nil => Some (Vint (Int.cast8signed n1)) + | Ocast16unsigned, Vint n1 :: nil => Some (Vint (Int.cast16unsigned n1)) + | Ocast16signed, Vint n1 :: nil => Some (Vint (Int.cast16signed n1)) + | Onotint, Vint n1 :: nil => Some (Vint (Int.not n1)) + | Oadd, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.add n1 n2)) + | Oadd, Vint n1 :: Vptr b2 n2 :: nil => Some (Vptr b2 (Int.add n2 n1)) + | Oadd, Vptr b1 n1 :: Vint n2 :: nil => Some (Vptr b1 (Int.add n1 n2)) + | Osub, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.sub n1 n2)) + | Osub, Vptr b1 n1 :: Vint n2 :: nil => Some (Vptr b1 (Int.sub n1 n2)) + | Osub, Vptr b1 n1 :: Vptr b2 n2 :: nil => + if eq_block b1 b2 then Some (Vint (Int.sub n1 n2)) else None + | Omul, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.mul n1 n2)) + | Odiv, Vint n1 :: Vint n2 :: nil => + if Int.eq n2 Int.zero then None else Some (Vint (Int.divs n1 n2)) + | Odivu, Vint n1 :: Vint n2 :: nil => + if Int.eq n2 Int.zero then None else Some (Vint (Int.divu n1 n2)) + | Omod, Vint n1 :: Vint n2 :: nil => + if Int.eq n2 Int.zero then None else Some (Vint (Int.mods n1 n2)) + | Omodu, Vint n1 :: Vint n2 :: nil => + if Int.eq n2 Int.zero then None else Some (Vint (Int.modu n1 n2)) + | Oand, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.and n1 n2)) + | Oor, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.or n1 n2)) + | Oxor, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.xor n1 n2)) + | Oshl, Vint n1 :: Vint n2 :: nil => + if Int.ltu n2 (Int.repr 32) then Some (Vint (Int.shl n1 n2)) else None + | Oshr, Vint n1 :: Vint n2 :: nil => + if Int.ltu n2 (Int.repr 32) then Some (Vint (Int.shr n1 n2)) else None + | Oshru, Vint n1 :: Vint n2 :: nil => + if Int.ltu n2 (Int.repr 32) then Some (Vint (Int.shru n1 n2)) else None + | Onegf, Vfloat f1 :: nil => Some (Vfloat (Float.neg f1)) + | Oabsf, Vfloat f1 :: nil => Some (Vfloat (Float.abs f1)) + | Oaddf, Vfloat f1 :: Vfloat f2 :: nil => Some (Vfloat (Float.add f1 f2)) + | Osubf, Vfloat f1 :: Vfloat f2 :: nil => Some (Vfloat (Float.sub f1 f2)) + | Omulf, Vfloat f1 :: Vfloat f2 :: nil => Some (Vfloat (Float.mul f1 f2)) + | Odivf, Vfloat f1 :: Vfloat f2 :: nil => Some (Vfloat (Float.div f1 f2)) + | Osingleoffloat, Vfloat f1 :: nil => + Some (Vfloat (Float.singleoffloat f1)) + | Ointoffloat, Vfloat f1 :: nil => + Some (Vint (Float.intoffloat f1)) + | Ofloatofint, Vint n1 :: nil => + Some (Vfloat (Float.floatofint n1)) + | Ofloatofintu, Vint n1 :: nil => + Some (Vfloat (Float.floatofintu n1)) + | Ocmp c, Vint n1 :: Vint n2 :: nil => + Some (Val.of_bool(Int.cmp c n1 n2)) + | Ocmp c, Vptr b1 n1 :: Vptr b2 n2 :: nil => + if valid_pointer m b1 (Int.signed n1) + && valid_pointer m b2 (Int.signed n2) then + if eq_block b1 b2 then Some(Val.of_bool(Int.cmp c n1 n2)) else None + else + None + | Ocmp c, Vptr b1 n1 :: Vint n2 :: nil => eval_compare_null c n2 + | Ocmp c, Vint n1 :: Vptr b2 n2 :: nil => eval_compare_null c n1 + | Ocmpu c, Vint n1 :: Vint n2 :: nil => + Some (Val.of_bool(Int.cmpu c n1 n2)) + | Ocmpf c, Vfloat f1 :: Vfloat f2 :: nil => + Some (Val.of_bool (Float.cmp c f1 f2)) + | _, _ => None + end. + +(** ``Casting'' a value to a memory chunk. The value is truncated and + zero- or sign-extended as dictated by the memory chunk. *) + +Definition cast (chunk: memory_chunk) (v: val) : option val := + match chunk, v with + | Mint8signed, Vint n => Some (Vint (Int.cast8signed n)) + | Mint8unsigned, Vint n => Some (Vint (Int.cast8unsigned n)) + | Mint16signed, Vint n => Some (Vint (Int.cast16signed n)) + | Mint16unsigned, Vint n => Some (Vint (Int.cast16unsigned n)) + | Mint32, Vint n => Some(Vint n) + | Mint32, Vptr b ofs => Some(Vptr b ofs) + | Mfloat32, Vfloat f => Some(Vfloat(Float.singleoffloat f)) + | Mfloat64, Vfloat f => Some(Vfloat f) + | _, _ => None + end. + +(** Allocation of local variables at function entry. Each variable is + bound to the reference to a fresh block of the appropriate size. *) + +Inductive alloc_variables: env -> mem -> + list (ident * local_variable) -> + env -> mem -> list block -> Prop := + | alloc_variables_nil: + forall e m, + alloc_variables e m nil e m nil + | alloc_variables_cons: + forall e m id lv vars m1 b1 m2 e2 lb, + Mem.alloc m 0 (sizeof lv) = (m1, b1) -> + alloc_variables (PTree.set id (b1, lv) e) m1 vars e2 m2 lb -> + alloc_variables e m ((id, lv) :: vars) e2 m2 (b1 :: lb). + +(** Initialization of local variables that are parameters. The value + of the corresponding argument is stored into the memory block + bound to the parameter. *) + +Inductive bind_parameters: env -> + mem -> list (ident * memory_chunk) -> list val -> + mem -> Prop := + | bind_parameters_nil: + forall e m, + bind_parameters e m nil nil m + | bind_parameters_cons: + forall e m id chunk params v1 v2 vl b m1 m2, + PTree.get id e = Some(b, LVscalar chunk) -> + cast chunk v1 = Some v2 -> + Mem.store chunk m b 0 v2 = Some m1 -> + bind_parameters e m1 params vl m2 -> + bind_parameters e m ((id, chunk) :: params) (v1 :: vl) m2. + +Section RELSEM. + +Variable ge: genv. + +(** Evaluation of an expression: [eval_expr ge le e m a m' v] states + that expression [a], in initial memory state [m], evaluates to value + [v]. [m'] is the final memory state, respectively, reflecting + memory stores possibly performed by [a]. [ge], [e] and [le] are the + global environment, local environment and let environment + respectively. They do not change during evaluation. *) + +Inductive eval_expr: + letenv -> env -> + mem -> expr -> mem -> val -> Prop := + | eval_Evar: + forall le e m id b chunk v, + PTree.get id e = Some (b, LVscalar chunk) -> + Mem.load chunk m b 0 = Some v -> + eval_expr le e m (Evar id) m v + | eval_Eassign: + forall le e m id a m1 b chunk v1 v2 m2, + eval_expr le e m a m1 v1 -> + PTree.get id e = Some (b, LVscalar chunk) -> + cast chunk v1 = Some v2 -> + Mem.store chunk m1 b 0 v2 = Some m2 -> + eval_expr le e m (Eassign id a) m2 v2 + | eval_Eaddrof_local: + forall le e m id b lv, + PTree.get id e = Some (b, lv) -> + eval_expr le e m (Eaddrof id) m (Vptr b Int.zero) + | eval_Eaddrof_global: + forall le e m id b, + PTree.get id e = None -> + Genv.find_symbol ge id = Some b -> + eval_expr le e m (Eaddrof id) m (Vptr b Int.zero) + | eval_Eop: + forall le e m op al m1 vl v, + eval_exprlist le e m al m1 vl -> + eval_operation op vl m1 = Some v -> + eval_expr le e m (Eop op al) m1 v + | eval_Eload: + forall le e m chunk a m1 v1 v, + eval_expr le e m a m1 v1 -> + Mem.loadv chunk m1 v1 = Some v -> + eval_expr le e m (Eload chunk a) m1 v + | eval_Estore: + forall le e m chunk a b m1 v1 m2 v2 m3 v3, + eval_expr le e m a m1 v1 -> + eval_expr le e m1 b m2 v2 -> + cast chunk v2 = Some v3 -> + Mem.storev chunk m2 v1 v3 = Some m3 -> + eval_expr le e m (Estore chunk a b) m3 v3 + | eval_Ecall: + forall le e m sig a bl m1 m2 m3 vf vargs vres f, + eval_expr le e m a m1 vf -> + eval_exprlist le e m1 bl m2 vargs -> + Genv.find_funct ge vf = Some f -> + f.(fn_sig) = sig -> + eval_funcall m2 f vargs m3 vres -> + eval_expr le e m (Ecall sig a bl) m3 vres + | eval_Econdition_true: + forall le e m a b c m1 v1 m2 v2, + eval_expr le e m a m1 v1 -> + Val.is_true v1 -> + eval_expr le e m1 b m2 v2 -> + eval_expr le e m (Econdition a b c) m2 v2 + | eval_Econdition_false: + forall le e m a b c m1 v1 m2 v2, + eval_expr le e m a m1 v1 -> + Val.is_false v1 -> + eval_expr le e m1 c m2 v2 -> + eval_expr le e m (Econdition a b c) m2 v2 + | eval_Elet: + forall le e m a b m1 v1 m2 v2, + eval_expr le e m a m1 v1 -> + eval_expr (v1::le) e m1 b m2 v2 -> + eval_expr le e m (Elet a b) m2 v2 + | eval_Eletvar: + forall le e m n v, + nth_error le n = Some v -> + eval_expr le e m (Eletvar n) m v + +(** Evaluation of a list of expressions: + [eval_exprlist ge le al m a m' vl] + states that the list [al] of expressions evaluate + to the list [vl] of values. + The other parameters are as in [eval_expr]. +*) + +with eval_exprlist: + letenv -> env -> + mem -> exprlist -> + mem -> list val -> Prop := + | eval_Enil: + forall le e m, + eval_exprlist le e m Enil m nil + | eval_Econs: + forall le e m a bl m1 v m2 vl, + eval_expr le e m a m1 v -> + eval_exprlist le e m1 bl m2 vl -> + eval_exprlist le e m (Econs a bl) m2 (v :: vl) + +(** Evaluation of a function invocation: [eval_funcall ge m f args m' res] + means that the function [f], applied to the arguments [args] in + memory state [m], returns the value [res] in modified memory state [m']. +*) +with eval_funcall: + mem -> function -> list val -> + mem -> val -> Prop := + | eval_funcall_intro: + forall m f vargs e m1 lb m2 m3 out vres, + list_norepet (fn_params_names f ++ fn_vars_names f) -> + alloc_variables empty_env m (fn_variables f) e m1 lb -> + bind_parameters e m1 f.(fn_params) vargs m2 -> + exec_stmtlist e m2 f.(fn_body) m3 out -> + outcome_result_value out f.(fn_sig).(sig_res) vres -> + eval_funcall m f vargs (Mem.free_list m3 lb) vres + +(** Execution of a statement: [exec_stmt ge e m s m' out] + means that statement [s] executes with outcome [out]. + The other parameters are as in [eval_expr]. *) + +with exec_stmt: + env -> + mem -> stmt -> + mem -> outcome -> Prop := + | exec_Sexpr: + forall e m a m1 v, + eval_expr nil e m a m1 v -> + exec_stmt e m (Sexpr a) m1 Out_normal + | exec_Sifthenelse_true: + forall e m a sl1 sl2 m1 v1 m2 out, + eval_expr nil e m a m1 v1 -> + Val.is_true v1 -> + exec_stmtlist e m1 sl1 m2 out -> + exec_stmt e m (Sifthenelse a sl1 sl2) m2 out + | exec_Sifthenelse_false: + forall e m a sl1 sl2 m1 v1 m2 out, + eval_expr nil e m a m1 v1 -> + Val.is_false v1 -> + exec_stmtlist e m1 sl2 m2 out -> + exec_stmt e m (Sifthenelse a sl1 sl2) m2 out + | exec_Sloop_loop: + forall e m sl m1 m2 out, + exec_stmtlist e m sl m1 Out_normal -> + exec_stmt e m1 (Sloop sl) m2 out -> + exec_stmt e m (Sloop sl) m2 out + | exec_Sloop_stop: + forall e m sl m1 out, + exec_stmtlist e m sl m1 out -> + out <> Out_normal -> + exec_stmt e m (Sloop sl) m1 out + | exec_Sblock: + forall e m sl m1 out, + exec_stmtlist e m sl m1 out -> + exec_stmt e m (Sblock sl) m1 (outcome_block out) + | exec_Sexit: + forall e m n, + exec_stmt e m (Sexit n) m (Out_exit n) + | exec_Sreturn_none: + forall e m, + exec_stmt e m (Sreturn None) m (Out_return None) + | exec_Sreturn_some: + forall e m a m1 v, + eval_expr nil e m a m1 v -> + exec_stmt e m (Sreturn (Some a)) m1 (Out_return (Some v)) + +(** Execution of a list of statements: [exec_stmtlist ge e m sl m' out] + means that the list [sl] of statements executes sequentially + with outcome [out]. Execution stops at the first statement that + leads an outcome different from [Out_normal]. + The other parameters are as in [eval_expr]. *) + +with exec_stmtlist: + env -> + mem -> stmtlist -> + mem -> outcome -> Prop := + | exec_Snil: + forall e m, + exec_stmtlist e m Snil m Out_normal + | exec_Scons_continue: + forall e m s sl m1 m2 out, + exec_stmt e m s m1 Out_normal -> + exec_stmtlist e m1 sl m2 out -> + exec_stmtlist e m (Scons s sl) m2 out + | exec_Scons_stop: + forall e m s sl m1 out, + exec_stmt e m s m1 out -> + out <> Out_normal -> + exec_stmtlist e m (Scons s sl) m1 out. + +Scheme eval_expr_ind5 := Minimality for eval_expr Sort Prop + with eval_exprlist_ind5 := Minimality for eval_exprlist Sort Prop + with eval_funcall_ind5 := Minimality for eval_funcall Sort Prop + with exec_stmt_ind5 := Minimality for exec_stmt Sort Prop + with exec_stmtlist_ind5 := Minimality for exec_stmtlist Sort Prop. + +End RELSEM. + +(** Execution of a whole program: [exec_program p r] + holds if the application of [p]'s main function to no arguments + in the initial memory state for [p] eventually returns value [r]. *) + +Definition exec_program (p: program) (r: val) : Prop := + let ge := Genv.globalenv p in + let m0 := Genv.init_mem p in + exists b, exists f, exists m, + Genv.find_symbol ge p.(prog_main) = Some b /\ + Genv.find_funct_ptr ge b = Some f /\ + f.(fn_sig) = mksignature nil (Some Tint) /\ + eval_funcall ge m0 f nil m r. + diff --git a/backend/Globalenvs.v b/backend/Globalenvs.v new file mode 100644 index 00000000..55afc353 --- /dev/null +++ b/backend/Globalenvs.v @@ -0,0 +1,587 @@ +(** Global environments are a component of the dynamic semantics of + all languages involved in the compiler. A global environment + maps symbol names (names of functions and of global variables) + to the corresponding memory addresses. It also maps memory addresses + of functions to the corresponding function descriptions. + + Global environments, along with the initial memory state at the beginning + of program execution, are built from the program of interest, as follows: +- A distinct memory address is assigned to each function of the program. + These function addresses use negative numbers to distinguish them from + addresses of memory blocks. The associations of function name to function + address and function address to function description are recorded in + the global environment. +- For each global variable, a memory block is allocated and associated to + the name of the variable. + + These operations reflect (at a high level of abstraction) what takes + place during program linking and program loading in a real operating + system. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Values. +Require Import Mem. + +Set Implicit Arguments. + +Module Type GENV. + +(** ** Types and operations *) + + Variable t: Set -> Set. + (** The type of global environments. The parameter [F] is the type + of function descriptions. *) + + Variable globalenv: forall (F: Set), program F -> t F. + (** Return the global environment for the given program. *) + + Variable init_mem: forall (F: Set), program F -> mem. + (** Return the initial memory state for the given program. *) + + Variable find_funct_ptr: forall (F: Set), t F -> block -> option F. + (** Return the function description associated with the given address, + if any. *) + + Variable find_funct: forall (F: Set), t F -> val -> option F. + (** Same as [find_funct_ptr] but the function address is given as + a value, which must be a pointer with offset 0. *) + + Variable find_symbol: forall (F: Set), t F -> ident -> option block. + (** Return the address of the given global symbol, if any. *) + +(** ** Properties of the operations. *) + + Hypothesis find_funct_inv: + forall (F: Set) (ge: t F) (v: val) (f: F), + find_funct ge v = Some f -> exists b, v = Vptr b Int.zero. + Hypothesis find_funct_find_funct_ptr: + forall (F: Set) (ge: t F) (b: block), + find_funct ge (Vptr b Int.zero) = find_funct_ptr ge b. + Hypothesis find_funct_ptr_prop: + forall (F: Set) (P: F -> Prop) (p: program F) (b: block) (f: F), + (forall id f, In (id, f) (prog_funct p) -> P f) -> + find_funct_ptr (globalenv p) b = Some f -> + P f. + Hypothesis find_funct_prop: + forall (F: Set) (P: F -> Prop) (p: program F) (v: val) (f: F), + (forall id f, In (id, f) (prog_funct p) -> P f) -> + find_funct (globalenv p) v = Some f -> + P f. + Hypothesis initmem_nullptr: + forall (F: Set) (p: program F), + let m := init_mem p in + valid_block m nullptr /\ + m.(blocks) nullptr = empty_block 0 0. + Hypothesis initmem_undef: + forall (F: Set) (p: program F) (b: block), + exists lo, exists hi, + (init_mem p).(blocks) b = empty_block lo hi. + Hypothesis find_funct_ptr_inv: + forall (F: Set) (p: program F) (b: block) (f: F), + find_funct_ptr (globalenv p) b = Some f -> b < 0. + Hypothesis find_symbol_inv: + forall (F: Set) (p: program F) (id: ident) (b: block), + find_symbol (globalenv p) id = Some b -> b < nextblock (init_mem p). + +(** Commutation properties between program transformations + and operations over global environments. *) + + Hypothesis find_funct_ptr_transf: + forall (A B: Set) (transf: A -> B) (p: program A) (b: block) (f: A), + find_funct_ptr (globalenv p) b = Some f -> + find_funct_ptr (globalenv (transform_program transf p)) b = Some (transf f). + Hypothesis find_funct_transf: + forall (A B: Set) (transf: A -> B) (p: program A) (v: val) (f: A), + find_funct (globalenv p) v = Some f -> + find_funct (globalenv (transform_program transf p)) v = Some (transf f). + Hypothesis find_symbol_transf: + forall (A B: Set) (transf: A -> B) (p: program A) (s: ident), + find_symbol (globalenv (transform_program transf p)) s = + find_symbol (globalenv p) s. + Hypothesis init_mem_transf: + forall (A B: Set) (transf: A -> B) (p: program A), + init_mem (transform_program transf p) = init_mem p. + +(** Commutation properties between partial program transformations + and operations over global environments. *) + + Hypothesis find_funct_ptr_transf_partial: + forall (A B: Set) (transf: A -> option B) + (p: program A) (p': program B), + transform_partial_program transf p = Some p' -> + forall (b: block) (f: A), + find_funct_ptr (globalenv p) b = Some f -> + find_funct_ptr (globalenv p') b = transf f /\ transf f <> None. + Hypothesis find_funct_transf_partial: + forall (A B: Set) (transf: A -> option B) + (p: program A) (p': program B), + transform_partial_program transf p = Some p' -> + forall (v: val) (f: A), + find_funct (globalenv p) v = Some f -> + find_funct (globalenv p') v = transf f /\ transf f <> None. + Hypothesis find_symbol_transf_partial: + forall (A B: Set) (transf: A -> option B) + (p: program A) (p': program B), + transform_partial_program transf p = Some p' -> + forall (s: ident), + find_symbol (globalenv p') s = find_symbol (globalenv p) s. + Hypothesis init_mem_transf_partial: + forall (A B: Set) (transf: A -> option B) + (p: program A) (p': program B), + transform_partial_program transf p = Some p' -> + init_mem p' = init_mem p. +End GENV. + +(** The rest of this library is a straightforward implementation of + the module signature above. *) + +Module Genv: GENV. + +Section GENV. + +Variable funct: Set. (* The type of functions *) + +Record genv : Set := mkgenv { + functions: ZMap.t (option funct); (* mapping function ptr -> function *) + nextfunction: Z; + symbols: PTree.t block (* mapping symbol -> block *) +}. + +Definition t := genv. + +Definition add_funct (name_fun: (ident * funct)) (g: genv) : genv := + let b := g.(nextfunction) in + mkgenv (ZMap.set b (Some (snd name_fun)) g.(functions)) + (Zpred b) + (PTree.set (fst name_fun) b g.(symbols)). + +Definition add_symbol (name: ident) (b: block) (g: genv) : genv := + mkgenv g.(functions) + g.(nextfunction) + (PTree.set name b g.(symbols)). + +Definition find_funct_ptr (g: genv) (b: block) : option funct := + ZMap.get b g.(functions). + +Definition find_funct (g: genv) (v: val) : option funct := + match v with + | Vptr b ofs => + if Int.eq ofs Int.zero then find_funct_ptr g b else None + | _ => + None + end. + +Definition find_symbol (g: genv) (symb: ident) : option block := + PTree.get symb g.(symbols). + +Lemma find_funct_inv: + forall (ge: t) (v: val) (f: funct), + find_funct ge v = Some f -> exists b, v = Vptr b Int.zero. +Proof. + intros until f. unfold find_funct. destruct v; try (intros; discriminate). + generalize (Int.eq_spec i Int.zero). case (Int.eq i Int.zero); intros. + exists b. congruence. + discriminate. +Qed. + +Lemma find_funct_find_funct_ptr: + forall (ge: t) (b: block), + find_funct ge (Vptr b Int.zero) = find_funct_ptr ge b. +Proof. + intros. simpl. + generalize (Int.eq_spec Int.zero Int.zero). + case (Int.eq Int.zero Int.zero); intros. + auto. tauto. +Qed. + +(* Construct environment and initial memory store *) + +Definition empty : genv := + mkgenv (ZMap.init None) (-1) (PTree.empty block). + +Definition add_functs (init: genv) (fns: list (ident * funct)) : genv := + List.fold_right add_funct init fns. + +Definition add_globals + (init: genv * mem) (vars: list (ident * Z)) : genv * mem := + List.fold_right + (fun (id_sz: ident * Z) (g_st: genv * mem) => + let (id, sz) := id_sz in + let (g, st) := g_st in + let (st', b) := Mem.alloc st 0 sz in + (add_symbol id b g, st')) + init vars. + +Definition globalenv_initmem (p: program funct) : (genv * mem) := + add_globals + (add_functs empty p.(prog_funct), Mem.empty) + p.(prog_vars). + +Definition globalenv (p: program funct) : genv := + fst (globalenv_initmem p). +Definition init_mem (p: program funct) : mem := + snd (globalenv_initmem p). + +Lemma functions_globalenv: + forall (p: program funct), + functions (globalenv p) = functions (add_functs empty p.(prog_funct)). +Proof. + assert (forall (init: genv * mem) (vars: list (ident * Z)), + functions (fst (add_globals init vars)) = functions (fst init)). + induction vars; simpl. + reflexivity. + destruct a. destruct (add_globals init vars). + simpl. exact IHvars. + + unfold add_globals; simpl. + intros. unfold globalenv; unfold globalenv_initmem. + rewrite H. reflexivity. +Qed. + +Lemma initmem_nullptr: + forall (p: program funct), + let m := init_mem p in + valid_block m nullptr /\ + m.(blocks) nullptr = mkblock 0 0 (fun y => Undef) (undef_undef_outside 0 0). +Proof. + assert + (forall (init: genv * mem), + let m1 := snd init in + 0 < m1.(nextblock) -> + m1.(blocks) nullptr = mkblock 0 0 (fun y => Undef) (undef_undef_outside 0 0) -> + forall (vars: list (ident * Z)), + let m2 := snd (add_globals init vars) in + 0 < m2.(nextblock) /\ + m2.(blocks) nullptr = mkblock 0 0 (fun y => Undef) (undef_undef_outside 0 0)). + induction vars; simpl; intros. + tauto. + destruct a. + caseEq (add_globals init vars). intros g m2 EQ. + rewrite EQ in IHvars. simpl in IHvars. elim IHvars; intros. + simpl. split. omega. + rewrite update_o. auto. apply sym_not_equal. apply Zlt_not_eq. exact H1. + + intro. unfold init_mem. unfold globalenv_initmem. + unfold valid_block. apply H. simpl. omega. reflexivity. +Qed. + +Lemma initmem_undef: + forall (p: program funct) (b: block), + exists lo, exists hi, + (init_mem p).(blocks) b = empty_block lo hi. +Proof. + assert (forall g0 vars g1 m b, + add_globals (g0, Mem.empty) vars = (g1, m) -> + exists lo, exists hi, + m.(blocks) b = empty_block lo hi). + induction vars; simpl. + intros. inversion H. unfold Mem.empty; simpl. + exists 0; exists 0. auto. + destruct a. caseEq (add_globals (g0, Mem.empty) vars). intros g1 m1 EQ. + intros g m b EQ1. injection EQ1; intros EQ2 EQ3; clear EQ1. + rewrite <- EQ2; simpl. unfold update. + case (zeq b (nextblock m1)); intro. + exists 0; exists z; auto. + eauto. + intros. caseEq (globalenv_initmem p). + intros g m EQ. unfold init_mem; rewrite EQ; simpl. + unfold globalenv_initmem in EQ. eauto. +Qed. + +Remark nextfunction_add_functs_neg: + forall fns, nextfunction (add_functs empty fns) < 0. +Proof. + induction fns; simpl; intros. omega. unfold Zpred. omega. +Qed. + +Theorem find_funct_ptr_inv: + forall (p: program funct) (b: block) (f: funct), + find_funct_ptr (globalenv p) b = Some f -> b < 0. +Proof. + intros until f. + assert (forall fns, ZMap.get b (functions (add_functs empty fns)) = Some f -> b < 0). + induction fns; simpl. + rewrite ZMap.gi. congruence. + rewrite ZMap.gsspec. case (ZIndexed.eq b (nextfunction (add_functs empty fns))); intro. + intro. rewrite e. apply nextfunction_add_functs_neg. + auto. + unfold find_funct_ptr. rewrite functions_globalenv. + intros. eauto. +Qed. + +Theorem find_symbol_inv: + forall (p: program funct) (id: ident) (b: block), + find_symbol (globalenv p) id = Some b -> b < nextblock (init_mem p). +Proof. + assert (forall fns s b, + (symbols (add_functs empty fns)) ! s = Some b -> b < 0). + induction fns; simpl; intros until b. + rewrite PTree.gempty. congruence. + rewrite PTree.gsspec. destruct a; simpl. case (peq s i); intro. + intro EQ; inversion EQ. apply nextfunction_add_functs_neg. + eauto. + assert (forall fns vars g m s b, + add_globals (add_functs empty fns, Mem.empty) vars = (g, m) -> + (symbols g)!s = Some b -> + b < nextblock m). + induction vars; simpl; intros until b. + intros. inversion H0. subst g m. simpl. + generalize (H fns s b H1). omega. + destruct a. caseEq (add_globals (add_functs empty fns, Mem.empty) vars). + intros g1 m1 ADG EQ. inversion EQ; subst g m; clear EQ. + unfold add_symbol; simpl. rewrite PTree.gsspec. case (peq s i); intro. + intro EQ; inversion EQ. omega. + intro. generalize (IHvars _ _ _ _ ADG H0). omega. + intros until b. unfold find_symbol, globalenv, init_mem, globalenv_initmem; simpl. + caseEq (add_globals (add_functs empty (prog_funct p), Mem.empty) + (prog_vars p)); intros g m EQ. + simpl; intros. eauto. +Qed. + +End GENV. + +(* Invariants on functions *) +Lemma find_funct_ptr_prop: + forall (F: Set) (P: F -> Prop) (p: program F) (b: block) (f: F), + (forall id f, In (id, f) (prog_funct p) -> P f) -> + find_funct_ptr (globalenv p) b = Some f -> + P f. +Proof. + intros until f. + unfold find_funct_ptr. rewrite functions_globalenv. + generalize (prog_funct p). induction l; simpl. + rewrite ZMap.gi. intros; discriminate. + rewrite ZMap.gsspec. + case (ZIndexed.eq b (nextfunction (add_functs (empty F) l))); intros. + apply H with (fst a). left. destruct a. simpl in *. congruence. + apply IHl. intros. apply H with id. right. auto. auto. +Qed. + +Lemma find_funct_prop: + forall (F: Set) (P: F -> Prop) (p: program F) (v: val) (f: F), + (forall id f, In (id, f) (prog_funct p) -> P f) -> + find_funct (globalenv p) v = Some f -> + P f. +Proof. + intros until f. unfold find_funct. + destruct v; try (intros; discriminate). + case (Int.eq i Int.zero); [idtac | intros; discriminate]. + intros. eapply find_funct_ptr_prop; eauto. +Qed. + +(* Global environments and program transformations. *) + +Section TRANSF_PROGRAM_PARTIAL. + +Variable A B: Set. +Variable transf: A -> option B. +Variable p: program A. +Variable p': program B. +Hypothesis transf_OK: transform_partial_program transf p = Some p'. + +Lemma add_functs_transf: + forall (fns: list (ident * A)) (tfns: list (ident * B)), + transf_partial_program transf fns = Some tfns -> + let r := add_functs (empty A) fns in + let tr := add_functs (empty B) tfns in + nextfunction tr = nextfunction r /\ + symbols tr = symbols r /\ + forall (b: block) (f: A), + ZMap.get b (functions r) = Some f -> + ZMap.get b (functions tr) = transf f /\ transf f <> None. +Proof. + induction fns; simpl. + + intros; injection H; intro; subst tfns. + simpl. split. reflexivity. split. reflexivity. + intros b f; repeat (rewrite ZMap.gi). intros; discriminate. + + intro tfns. destruct a. caseEq (transf a). intros a' TA. + caseEq (transf_partial_program transf fns). intros l TPP EQ. + injection EQ; intro; subst tfns. + clear EQ. simpl. + generalize (IHfns l TPP). + intros [HR1 [HR2 HR3]]. + rewrite HR1. rewrite HR2. + split. reflexivity. + split. reflexivity. + intros b f. + case (zeq b (nextfunction (add_functs (empty A) fns))); intro. + subst b. repeat (rewrite ZMap.gss). + intro EQ; injection EQ; intro; subst f; clear EQ. + rewrite TA. split. auto. discriminate. + repeat (rewrite ZMap.gso; auto). + + intros; discriminate. + intros; discriminate. +Qed. + +Lemma mem_add_globals_transf: + forall (g1: genv A) (g2: genv B) (m: mem) (vars: list (ident * Z)), + snd (add_globals (g1, m) vars) = snd (add_globals (g2, m) vars). +Proof. + induction vars; simpl. + reflexivity. + destruct a. destruct (add_globals (g1, m) vars). + destruct (add_globals (g2, m) vars). + simpl in IHvars. subst m1. reflexivity. +Qed. + +Lemma symbols_add_globals_transf: + forall (g1: genv A) (g2: genv B) (m: mem), + symbols g1 = symbols g2 -> + forall (vars: list (ident * Z)), + symbols (fst (add_globals (g1, m) vars)) = + symbols (fst (add_globals (g2, m) vars)). +Proof. + induction vars; simpl. + assumption. + generalize (mem_add_globals_transf g1 g2 m vars); intro. + destruct a. destruct (add_globals (g1, m) vars). + destruct (add_globals (g2, m) vars). + simpl. simpl in IHvars. simpl in H0. + rewrite H0; rewrite IHvars. reflexivity. +Qed. + +Lemma prog_funct_transf_OK: + transf_partial_program transf p.(prog_funct) = Some p'.(prog_funct). +Proof. + generalize transf_OK; unfold transform_partial_program. + case (transf_partial_program transf (prog_funct p)); simpl; intros. + injection transf_OK0; intros; subst p'. reflexivity. + discriminate. +Qed. + +Theorem find_funct_ptr_transf_partial: + forall (b: block) (f: A), + find_funct_ptr (globalenv p) b = Some f -> + find_funct_ptr (globalenv p') b = transf f /\ transf f <> None. +Proof. + intros until f. + generalize (add_functs_transf p.(prog_funct) prog_funct_transf_OK). + intros [X [Y Z]]. + unfold find_funct_ptr. + repeat (rewrite functions_globalenv). + apply Z. +Qed. + +Theorem find_funct_transf_partial: + forall (v: val) (f: A), + find_funct (globalenv p) v = Some f -> + find_funct (globalenv p') v = transf f /\ transf f <> None. +Proof. + intros until f. unfold find_funct. + case v; try (intros; discriminate). + intros b ofs. + case (Int.eq ofs Int.zero); try (intros; discriminate). + apply find_funct_ptr_transf_partial. +Qed. + +Lemma symbols_init_transf: + symbols (globalenv p') = symbols (globalenv p). +Proof. + unfold globalenv. unfold globalenv_initmem. + generalize (add_functs_transf p.(prog_funct) prog_funct_transf_OK). + intros [X [Y Z]]. + generalize transf_OK. + unfold transform_partial_program. + case (transf_partial_program transf (prog_funct p)). + intros. injection transf_OK0; intro; subst p'; simpl. + symmetry. apply symbols_add_globals_transf. + symmetry. exact Y. + intros; discriminate. +Qed. + +Theorem find_symbol_transf_partial: + forall (s: ident), + find_symbol (globalenv p') s = find_symbol (globalenv p) s. +Proof. + intros. unfold find_symbol. + rewrite symbols_init_transf. auto. +Qed. + +Theorem init_mem_transf_partial: + init_mem p' = init_mem p. +Proof. + unfold init_mem. unfold globalenv_initmem. + generalize transf_OK. + unfold transform_partial_program. + case (transf_partial_program transf (prog_funct p)). + intros. injection transf_OK0; intro; subst p'; simpl. + symmetry. apply mem_add_globals_transf. + intros; discriminate. +Qed. + +End TRANSF_PROGRAM_PARTIAL. + +Section TRANSF_PROGRAM. + +Variable A B: Set. +Variable transf: A -> B. +Variable p: program A. +Let tp := transform_program transf p. + +Definition transf_partial (x: A) : option B := Some (transf x). + +Lemma transf_program_transf_partial_program: + forall (fns: list (ident * A)), + transf_partial_program transf_partial fns = + Some (transf_program transf fns). +Proof. + induction fns; simpl. + reflexivity. + destruct a. rewrite IHfns. reflexivity. +Qed. + +Lemma transform_program_transform_partial_program: + transform_partial_program transf_partial p = Some tp. +Proof. + unfold tp. unfold transform_partial_program, transform_program. + rewrite transf_program_transf_partial_program. + reflexivity. +Qed. + +Theorem find_funct_ptr_transf: + forall (b: block) (f: A), + find_funct_ptr (globalenv p) b = Some f -> + find_funct_ptr (globalenv tp) b = Some (transf f). +Proof. + intros. + generalize (find_funct_ptr_transf_partial transf_partial p + transform_program_transform_partial_program). + intros. elim (H0 b f H). intros. exact H1. +Qed. + +Theorem find_funct_transf: + forall (v: val) (f: A), + find_funct (globalenv p) v = Some f -> + find_funct (globalenv tp) v = Some (transf f). +Proof. + intros. + generalize (find_funct_transf_partial transf_partial p + transform_program_transform_partial_program). + intros. elim (H0 v f H). intros. exact H1. +Qed. + +Theorem find_symbol_transf: + forall (s: ident), + find_symbol (globalenv tp) s = find_symbol (globalenv p) s. +Proof. + intros. + apply find_symbol_transf_partial with transf_partial. + apply transform_program_transform_partial_program. +Qed. + +Theorem init_mem_transf: + init_mem tp = init_mem p. +Proof. + apply init_mem_transf_partial with transf_partial. + apply transform_program_transform_partial_program. +Qed. + +End TRANSF_PROGRAM. + +End Genv. diff --git a/backend/InterfGraph.v b/backend/InterfGraph.v new file mode 100644 index 00000000..37248f58 --- /dev/null +++ b/backend/InterfGraph.v @@ -0,0 +1,310 @@ +(** Representation of interference graphs for register allocation. *) + +Require Import Coqlib. +Require Import FSet. +Require Import Maps. +Require Import Ordered. +Require Import Registers. +Require Import Locations. + +(** Interference graphs are undirected graphs with two kinds of nodes: +- RTL pseudo-registers; +- Machine registers. + +and four kind of edges: +- Conflict edges between two pseudo-registers. + (Meaning: these two pseudo-registers must not be assigned the same + location.) +- Conflict edges between a pseudo-register and a machine register + (Meaning: this pseudo-register must not be assigned this machine + register.) +- Preference edges between two pseudo-registers. + (Meaning: the generated code would be more efficient if those two + pseudo-registers were assigned the same location, but if this is not + possible, the generated code will still be correct.) +- Preference edges between a pseudo-register and a machine register + (Meaning: the generated code would be more efficient if this + pseudo-register was assigned this machine register, but if this is not + possible, the generated code will still be correct.) + +A graph is represented by four finite sets of edges (one of each kind +above). An edge is represented by a pair of two pseudo-registers or +a pair (pseudo-register, machine register). +In the case of two pseudo-registers ([r1], [r2]), we adopt the convention +that [r1] <= [r2], so as to reflect the undirected nature of the edge. +*) + +Module OrderedReg <: OrderedType with Definition t := reg := OrderedPositive. +Module OrderedRegReg := OrderedPair(OrderedReg)(OrderedReg). +Module OrderedMreg := OrderedIndexed(IndexedMreg). +Module OrderedRegMreg := OrderedPair(OrderedReg)(OrderedMreg). + +Module SetDepRegReg := FSetAVL.Make(OrderedRegReg). +Module SetRegReg := NodepOfDep(SetDepRegReg). +Module SetDepRegMreg := FSetAVL.Make(OrderedRegMreg). +Module SetRegMreg := NodepOfDep(SetDepRegMreg). + +Record graph: Set := mkgraph { + interf_reg_reg: SetRegReg.t; + interf_reg_mreg: SetRegMreg.t; + pref_reg_reg: SetRegReg.t; + pref_reg_mreg: SetRegMreg.t +}. + +Definition empty_graph := + mkgraph SetRegReg.empty SetRegMreg.empty + SetRegReg.empty SetRegMreg.empty. + +(** The following functions add a new edge (if not already present) + to the given graph. *) + +Definition ordered_pair (x y: reg) := + if plt x y then (x, y) else (y, x). + +Definition add_interf (x y: reg) (g: graph) := + mkgraph (SetRegReg.add (ordered_pair x y) g.(interf_reg_reg)) + g.(interf_reg_mreg) + g.(pref_reg_reg) + g.(pref_reg_mreg). + +Definition add_interf_mreg (x: reg) (y: mreg) (g: graph) := + mkgraph g.(interf_reg_reg) + (SetRegMreg.add (x, y) g.(interf_reg_mreg)) + g.(pref_reg_reg) + g.(pref_reg_mreg). + +Definition add_pref (x y: reg) (g: graph) := + mkgraph g.(interf_reg_reg) + g.(interf_reg_mreg) + (SetRegReg.add (ordered_pair x y) g.(pref_reg_reg)) + g.(pref_reg_mreg). + +Definition add_pref_mreg (x: reg) (y: mreg) (g: graph) := + mkgraph g.(interf_reg_reg) + g.(interf_reg_mreg) + g.(pref_reg_reg) + (SetRegMreg.add (x, y) g.(pref_reg_mreg)). + +(** [interfere x y g] holds iff there is a conflict edge in [g] + between the two pseudo-registers [x] and [y]. *) + +Definition interfere (x y: reg) (g: graph) : Prop := + SetRegReg.In (ordered_pair x y) g.(interf_reg_reg). + +(** [interfere_mreg x y g] holds iff there is a conflict edge in [g] + between the pseudo-register [x] and the machine register [y]. *) + +Definition interfere_mreg (x: reg) (y: mreg) (g: graph) : Prop := + SetRegMreg.In (x, y) g.(interf_reg_mreg). + +Lemma ordered_pair_charact: + forall x y, + ordered_pair x y = (x, y) \/ ordered_pair x y = (y, x). +Proof. + unfold ordered_pair; intros. + case (plt x y); intro; tauto. +Qed. + +Lemma ordered_pair_sym: + forall x y, ordered_pair y x = ordered_pair x y. +Proof. + unfold ordered_pair; intros. + case (plt x y); intro. + case (plt y x); intro. + unfold Plt in *; omegaContradiction. + auto. + case (plt y x); intro. + auto. + assert (Zpos x = Zpos y). unfold Plt in *. omega. + congruence. +Qed. + +Lemma interfere_sym: + forall x y g, interfere x y g -> interfere y x g. +Proof. + unfold interfere; intros. + rewrite ordered_pair_sym. auto. +Qed. + +(** [graph_incl g1 g2] holds if [g2] contains all the conflict edges of [g1] + and possibly more. *) + +Definition graph_incl (g1 g2: graph) : Prop := + (forall x y, interfere x y g1 -> interfere x y g2) /\ + (forall x y, interfere_mreg x y g1 -> interfere_mreg x y g2). + +Lemma graph_incl_trans: + forall g1 g2 g3, graph_incl g1 g2 -> graph_incl g2 g3 -> graph_incl g1 g3. +Proof. + unfold graph_incl; intros. + elim H0; elim H; intros. + split; eauto. +Qed. + +(** We show that the [add_] functions correctly record the desired + conflicts, and preserve whatever conflict edges were already present. *) + +Lemma add_interf_correct: + forall x y g, + interfere x y (add_interf x y g). +Proof. + intros. unfold interfere, add_interf; simpl. + apply SetRegReg.add_1. red. apply OrderedRegReg.eq_refl. +Qed. + +Lemma add_interf_incl: + forall a b g, graph_incl g (add_interf a b g). +Proof. + intros. split; intros. + unfold add_interf, interfere; simpl. + apply SetRegReg.add_2. exact H. + exact H. +Qed. + +Lemma add_interf_mreg_correct: + forall x y g, + interfere_mreg x y (add_interf_mreg x y g). +Proof. + intros. unfold interfere_mreg, add_interf_mreg; simpl. + apply SetRegMreg.add_1. red. apply OrderedRegMreg.eq_refl. +Qed. + +Lemma add_interf_mreg_incl: + forall a b g, graph_incl g (add_interf_mreg a b g). +Proof. + intros. split; intros. + exact H. + unfold add_interf_mreg, interfere_mreg; simpl. + apply SetRegMreg.add_2. exact H. +Qed. + +Lemma add_pref_incl: + forall a b g, graph_incl g (add_pref a b g). +Proof. + intros. split; intros. + exact H. + exact H. +Qed. + +Lemma add_pref_mreg_incl: + forall a b g, graph_incl g (add_pref_mreg a b g). +Proof. + intros. split; intros. + exact H. + exact H. +Qed. + +(** [all_interf_regs g] returns the set of pseudo-registers that + are nodes of [g]. *) + +Definition all_interf_regs (g: graph) : Regset.t := + SetRegReg.fold + (fun r1r2 u => Regset.add (fst r1r2) (Regset.add (snd r1r2) u)) + g.(interf_reg_reg) + (SetRegMreg.fold + (fun r1m2 u => Regset.add (fst r1m2) u) + g.(interf_reg_mreg) + Regset.empty). + +Lemma mem_add_tail: + forall r r' u, + Regset.mem r u = true -> Regset.mem r (Regset.add r' u) = true. +Proof. + intros. case (Reg.eq r r'); intro. + subst r'. apply Regset.mem_add_same. + rewrite Regset.mem_add_other; auto. +Qed. + +Lemma all_interf_regs_correct_aux_1: + forall l u r, + Regset.mem r u = true -> + Regset.mem r + (List.fold_right + (fun r1r2 u => Regset.add (fst r1r2) (Regset.add (snd r1r2) u)) + u l) = true. +Proof. + induction l; simpl; intros. + auto. + apply mem_add_tail. apply mem_add_tail. auto. +Qed. + +Lemma all_interf_regs_correct_aux_2: + forall l u r1 r2, + InList OrderedRegReg.eq (r1, r2) l -> + let u' := + List.fold_right + (fun r1r2 u => Regset.add (fst r1r2) (Regset.add (snd r1r2) u)) + u l in + Regset.mem r1 u' = true /\ Regset.mem r2 u' = true. +Proof. + induction l; simpl; intros. + inversion H. + inversion H. elim H1. simpl. unfold OrderedReg.eq. + intros; subst r1; subst r2. + split. apply Regset.mem_add_same. + apply mem_add_tail. apply Regset.mem_add_same. + generalize (IHl u r1 r2 H1). intros [A B]. + split; repeat rewrite mem_add_tail; auto. +Qed. + +Lemma all_interf_regs_correct_aux_3: + forall l u r1 r2, + InList OrderedRegMreg.eq (r1, r2) l -> + let u' := + List.fold_right + (fun r1r2 u => Regset.add (fst r1r2) u) + u l in + Regset.mem r1 u' = true. +Proof. + induction l; simpl; intros. + inversion H. + inversion H. elim H1. simpl. unfold OrderedReg.eq. + intros; subst r1. + apply Regset.mem_add_same. + apply mem_add_tail. apply IHl with r2. auto. +Qed. + +Lemma all_interf_regs_correct_1: + forall r1 r2 g, + SetRegReg.In (r1, r2) g.(interf_reg_reg) -> + Regset.mem r1 (all_interf_regs g) = true /\ + Regset.mem r2 (all_interf_regs g) = true. +Proof. + intros. unfold all_interf_regs. + generalize (SetRegReg.fold_1 + g.(interf_reg_reg) + (SetRegMreg.fold + (fun (r1m2 : SetDepRegMreg.elt) (u : Regset.t) => + Regset.add (fst r1m2) u) (interf_reg_mreg g) Regset.empty) + (fun (r1r2 : SetDepRegReg.elt) (u : Regset.t) => + Regset.add (fst r1r2) (Regset.add (snd r1r2) u))). + intros [l [UN [INEQ EQ]]]. + rewrite EQ. apply all_interf_regs_correct_aux_2. + elim (INEQ (r1, r2)); intros. auto. +Qed. + +Lemma all_interf_regs_correct_2: + forall r1 mr2 g, + SetRegMreg.In (r1, mr2) g.(interf_reg_mreg) -> + Regset.mem r1 (all_interf_regs g) = true. +Proof. + intros. unfold all_interf_regs. + generalize (SetRegReg.fold_1 + g.(interf_reg_reg) + (SetRegMreg.fold + (fun (r1m2 : SetDepRegMreg.elt) (u : Regset.t) => + Regset.add (fst r1m2) u) (interf_reg_mreg g) Regset.empty) + (fun (r1r2 : SetDepRegReg.elt) (u : Regset.t) => + Regset.add (fst r1r2) (Regset.add (snd r1r2) u))). + intros [l [UN [INEQ EQ]]]. + rewrite EQ. apply all_interf_regs_correct_aux_1. + generalize (SetRegMreg.fold_1 + g.(interf_reg_mreg) + Regset.empty + (fun (r1r2 : SetDepRegMreg.elt) (u : Regset.t) => + Regset.add (fst r1r2) u)). + change (PTree.t unit) with Regset.t. + intros [l' [UN' [INEQ' EQ']]]. + rewrite EQ'. apply all_interf_regs_correct_aux_3 with mr2. + elim (INEQ' (r1, mr2)); intros. auto. +Qed. diff --git a/backend/Kildall.v b/backend/Kildall.v new file mode 100644 index 00000000..10b2e1d9 --- /dev/null +++ b/backend/Kildall.v @@ -0,0 +1,1231 @@ +(** Solvers for dataflow inequations. *) + +Require Import Coqlib. +Require Import Maps. +Require Import Lattice. + +(** A forward dataflow problem is a set of inequations of the form +- [X(s) >= transf n X(n)] + if program point [s] is a successor of program point [n] +- [X(n) >= a] + if [(n, a)] belongs to a given list of (program points, approximations). + +The unknowns are the [X(n)], indexed by program points (e.g. nodes in the +CFG graph of a RTL function). They range over a given ordered set that +represents static approximations of the program state at each point. +The [transf] function is the abstract transfer function: it computes an +approximation [transf n X(n)] of the program state after executing instruction +at point [n], as a function of the approximation [X(n)] of the program state +before executing that instruction. + +Symmetrically, a backward dataflow problem is a set of inequations of the form +- [X(n) >= transf s X(s)] + if program point [s] is a successor of program point [n] +- [X(n) >= a] + if [(n, a)] belongs to a given list of (program points, approximations). + +The only difference with a forward dataflow problem is that the transfer +function [transf] now computes the approximation before a program point [s] +from the approximation [X(s)] after point [s]. + +This file defines three solvers for dataflow problems. The first two +solve (optimally) forward and backward problems using Kildall's worklist +algorithm. They assume that the unknowns range over a semi-lattice, that is, +an ordered type equipped with a least upper bound operation. + +The last solver corresponds to propagation over extended basic blocks: +it returns approximate solutions of forward problems where the unknowns +range over any ordered type having a greatest element [top]. It simply +sets [X(n) = top] for all merge points [n], that is, program points having +several predecessors. This solver is useful when least upper bounds of +approximations do not exist or are too expensive to compute. *) + +(** * Bounded iteration *) + +(** The three solvers proceed iteratively, increasing the value of one of + the unknowns [X(n)] at each iteration until a solution is reached. + This section defines the general form of iteration used. *) + +Section BOUNDED_ITERATION. + +Variables A B: Set. +Variable step: A -> B + A. + +(** The [step] parameter represents one step of the iteration. From a + current iteration state [a: A], it either returns a value of type [B], + meaning that iteration is over and that this [B] value is the final + result of the iteration, or a value [a' : A] which is the next state + of the iteration. + + The naive way to define the iteration is: +<< +Fixpoint iterate (a: A) : B := + match step a with + | inl b => b + | inr a' => iterate a' + end. +>> + However, this is a general recursion, not guaranteed to terminate, + and therefore not expressible in Coq. The standard way to work around + this difficulty is to use Noetherian recursion (Coq module [Wf]). + This requires that we equip the type [A] with a well-founded ordering [<] + (no infinite ascending chains) and we demand that [step] satisfies + [step a = inr a' -> a < a']. For the types [A] that are of interest to us + in this development, it is however very painful to define adequate + well-founded orderings, even though we know our iterations always + terminate. + + Instead, we choose to bound the number of iterations by an arbitrary + constant. [iterate] then becomes a function that can fail, + of type [A -> option B]. The [None] result denotes failure to reach + a result in the number of iterations prescribed, or, in other terms, + failure to find a solution to the dataflow problem. The compiler + passes that exploit dataflow analysis (the [Constprop], [CSE] and + [Allocation] passes) will, in this case, either fail ([Allocation]) + or turn off the optimization pass ([Constprop] and [CSE]). + + Since we know (informally) that our computations terminate, we can + take a very large constant as the maximal number of iterations. + Failure will therefore never happen in practice, but of + course our proofs also cover the failure case and show that + nothing bad happens in this hypothetical case either. *) + +Definition num_iterations := 1000000000000%positive. + +(** The simple definition of bounded iteration is: +<< +Fixpoint iterate (niter: nat) (a: A) {struct niter} : option B := + match niter with + | O => None + | S niter' => + match step a with + | inl b => b + | inr a' => iterate niter' a' + end + end. +>> + This function is structural recursive over the parameter [niter] + (number of iterations), represented here as a Peano integer (type [nat]). + However, we want to use very large values of [niter]. As Peano integers, + these values would be much too large to fit in memory. Therefore, + we must express iteration counts as a binary integer (type [positive]). + However, Peano induction over type [positive] is not structural recursion, + so we cannot define [iterate] as a Coq fixpoint and must use + Noetherian recursion instead. *) + +Definition iter_step (x: positive) + (next: forall y, Plt y x -> A -> option B) + (s: A) : option B := + match peq x xH with + | left EQ => None + | right NOTEQ => + match step s with + | inl res => Some res + | inr s' => next (Ppred x) (Ppred_Plt x NOTEQ) s' + end + end. + +Definition iterate: positive -> A -> option B := + Fix Plt_wf (fun _ => A -> option B) iter_step. + +(** We then prove the expected unrolling equations for [iterate]. *) + +Remark unroll_iterate: + forall x, iterate x = iter_step x (fun y _ => iterate y). +Proof. + unfold iterate; apply (Fix_eq Plt_wf (fun _ => A -> option B) iter_step). + intros. unfold iter_step. apply extensionality. intro s. + case (peq x xH); intro. auto. + rewrite H. auto. +Qed. + +Lemma iterate_base: + forall s, iterate 1%positive s = None. +Proof. + intro; rewrite unroll_iterate; unfold iter_step. + case (peq 1 1); congruence. +Qed. + +Lemma iterate_step: + forall x s, + iterate (Psucc x) s = + match step s with + | inl res => Some res + | inr s' => iterate x s' + end. +Proof. + intro; rewrite unroll_iterate; unfold iter_step; intros. + case (peq (Psucc x) 1); intro. + destruct x; simpl in e; discriminate. + rewrite Ppred_succ. auto. +Qed. + +End BOUNDED_ITERATION. + +(** * Solving forward dataflow problems using Kildall's algorithm *) + +(** A forward dataflow solver has the following generic interface. + Unknowns range over the type [L.t], which is equipped with + semi-lattice operations (see file [Lattice]). *) + +Module Type DATAFLOW_SOLVER. + + Declare Module L: SEMILATTICE. + + Variable fixpoint: + (positive -> list positive) -> + positive -> + (positive -> L.t -> L.t) -> + list (positive * L.t) -> + option (PMap.t L.t). + + (** [fixpoint successors topnode transf entrypoints] is the solver. + It returns either an error or a mapping from program points to + values of type [L.t] representing the solution. [successors] + is a function returning the list of successors of the given program + point. [topnode] is the maximal number of nodes considered. + [transf] is the transfer function, and [entrypoints] the additional + constraints imposed on the solution. *) + + Hypothesis fixpoint_solution: + forall successors topnode transf entrypoints res n s, + fixpoint successors topnode transf entrypoints = Some res -> + Plt n topnode -> In s (successors n) -> + L.ge res!!s (transf n res!!n). + + (** The [fixpoint_solution] theorem shows that the returned solution, + if any, satisfies the dataflow inequations. *) + + Hypothesis fixpoint_entry: + forall successors topnode transf entrypoints res n v, + fixpoint successors topnode transf entrypoints = Some res -> + In (n, v) entrypoints -> + L.ge res!!n v. + + (** The [fixpoint_entry] theorem shows that the returned solution, + if any, satisfies the additional constraints expressed + by [entrypoints]. *) + +End DATAFLOW_SOLVER. + +(** We now define a generic solver that works over + any semi-lattice structure. *) + +Module Dataflow_Solver (LAT: SEMILATTICE): + DATAFLOW_SOLVER with Module L := LAT. + +Module L := LAT. + +Section Kildall. + +Variable successors: positive -> list positive. +Variable topnode: positive. +Variable transf: positive -> L.t -> L.t. +Variable entrypoints: list (positive * L.t). + +(** The state of the iteration has two components: +- A mapping from program points to values of type [L.t] representing + the candidate solution found so far. +- A worklist of program points that remain to be considered. +*) + +Record state : Set := + mkstate { st_in: PMap.t L.t; st_wrk: list positive }. + +(** Kildall's algorithm, in pseudo-code, is as follows: +<< + while st_wrk is not empty, do + extract a node n from st_wrk + compute out = transf n st_in[n] + for each successor s of n: + compute in = lub st_in[s] out + if in <> st_in[s]: + st_in[s] := in + st_wrk := st_wrk union {n} + end if + end for + end while + return st_in +>> + +The initial state is built as follows: +- The initial mapping sets all program points to [L.bot], except + those mentioned in the [entrypoints] list, for which we take + the associated approximation as initial value. Since a program + point can be mentioned several times in [entrypoints], with different + approximations, we actually take the l.u.b. of these approximations. +- The initial worklist contains all the program points up to [topnode]. *) + +Fixpoint start_state_in (ep: list (positive * L.t)) : PMap.t L.t := + match ep with + | nil => + PMap.init L.bot + | (n, v) :: rem => + let m := start_state_in rem in PMap.set n (L.lub m!!n v) m + end. + +Definition start_state_wrk := + positive_rec (list positive) nil (@cons positive) topnode. + +Definition start_state := + mkstate (start_state_in entrypoints) start_state_wrk. + +(** The worklist is actually treated as a set: it is not useful + (and detrimental to performance) to put the same point twice in the + worklist. The following function adds a point to the worklist if + it was not already there. *) + +Definition add_to_worklist (n: positive) (wrk: list positive) := + if List.In_dec peq n wrk then wrk else n :: wrk. + +(** [propagate_succ] corresponds, in the pseudocode, + to the body of the [for] loop iterating over all successors. *) + +Definition propagate_succ (s: state) (out: L.t) (n: positive) := + let oldl := s.(st_in)!!n in + let newl := L.lub oldl out in + if L.eq oldl newl + then s + else mkstate (PMap.set n newl s.(st_in)) (add_to_worklist n s.(st_wrk)). + +(** [propagate_succ_list] corresponds, in the pseudocode, + to the [for] loop iterating over all successors. *) + +Fixpoint propagate_succ_list (s: state) (out: L.t) (succs: list positive) + {struct succs} : state := + match succs with + | nil => s + | n :: rem => propagate_succ_list (propagate_succ s out n) out rem + end. + +(** [step] corresponds to the body of the outer [while] loop in the + pseudocode. *) + +Definition step (s: state) : PMap.t L.t + state := + match s.(st_wrk) with + | nil => + inl _ s.(st_in) + | n :: rem => + inr _ (propagate_succ_list + (mkstate s.(st_in) rem) + (transf n s.(st_in)!!n) + (successors n)) + end. + +(** The whole fixpoint computation is the iteration of [step] from + the start state. *) + +Definition fixpoint : option (PMap.t L.t) := + iterate _ _ step num_iterations start_state. + +(** ** Monotonicity properties *) + +(** We first show that the [st_in] part of the state evolves monotonically: + at each step, the values of the [st_in[n]] either remain the same or + increase with respect to the [L.ge] ordering. *) + +Definition in_incr (in1 in2: PMap.t L.t) : Prop := + forall n, L.ge in2!!n in1!!n. + +Lemma in_incr_refl: + forall in1, in_incr in1 in1. +Proof. + unfold in_incr; intros. apply L.ge_refl. +Qed. + +Lemma in_incr_trans: + forall in1 in2 in3, in_incr in1 in2 -> in_incr in2 in3 -> in_incr in1 in3. +Proof. + unfold in_incr; intros. apply L.ge_trans with in2!!n; auto. +Qed. + +Lemma propagate_succ_incr: + forall st out n, + in_incr st.(st_in) (propagate_succ st out n).(st_in). +Proof. + unfold in_incr, propagate_succ; simpl; intros. + case (L.eq st.(st_in)!!n (L.lub st.(st_in)!!n out)); intro. + apply L.ge_refl. + simpl. case (peq n n0); intro. + subst n0. rewrite PMap.gss. apply L.ge_lub_left. + rewrite PMap.gso; auto. apply L.ge_refl. +Qed. + +Lemma propagate_succ_list_incr: + forall out succs st, + in_incr st.(st_in) (propagate_succ_list st out succs).(st_in). +Proof. + induction succs; simpl; intros. + apply in_incr_refl. + apply in_incr_trans with (propagate_succ st out a).(st_in). + apply propagate_succ_incr. auto. +Qed. + +Lemma iterate_incr: + forall n st res, + iterate _ _ step n st = Some res -> + in_incr st.(st_in) res. +Proof. + intro n; pattern n. apply positive_Peano_ind; intros until res. + rewrite iterate_base. congruence. + rewrite iterate_step. unfold step. + destruct st.(st_wrk); intros. + injection H0; intro; subst res. + red; intros; apply L.ge_refl. + apply in_incr_trans with + (propagate_succ_list (mkstate (st_in st) l) + (transf p (st_in st)!!p) + (successors p)).(st_in). + change (st_in st) with (st_in (mkstate (st_in st) l)). + apply propagate_succ_list_incr. + apply H. auto. +Qed. + +Lemma fixpoint_incr: + forall res, + fixpoint = Some res -> in_incr (start_state_in entrypoints) res. +Proof. + unfold fixpoint; intros. + change (start_state_in entrypoints) with start_state.(st_in). + apply iterate_incr with num_iterations; auto. +Qed. + +(** ** Correctness invariant *) + +(** The following invariant is preserved at each iteration of Kildall's + algorithm: for all program points [n] below [topnode], either + [n] is in the worklist, or the inequations associated with [n] + ([st_in[s] >= transf n st_in[n]] for all successors [s] of [n]) + hold. In other terms, the worklist contains all nodes that do not + yet satisfy their inequations. *) + +Definition good_state (st: state) : Prop := + forall n, + Plt n topnode -> + In n st.(st_wrk) \/ + (forall s, In s (successors n) -> + L.ge st.(st_in)!!s (transf n st.(st_in)!!n)). + +(** We show that the start state satisfies the invariant, and that + the [step] function preserves it. *) + +Lemma start_state_good: + good_state start_state. +Proof. + unfold good_state, start_state; intros. + left; simpl. unfold start_state_wrk. + generalize H. pattern topnode. apply positive_Peano_ind. + intro. compute in H0. destruct n; discriminate. + intros. rewrite positive_rec_succ. + elim (Plt_succ_inv _ _ H1); intro. + auto with coqlib. + subst x; auto with coqlib. +Qed. + +Lemma add_to_worklist_1: + forall n wkl, In n (add_to_worklist n wkl). +Proof. + intros. unfold add_to_worklist. + case (In_dec peq n wkl); auto with coqlib. +Qed. + +Lemma add_to_worklist_2: + forall n wkl n', In n' wkl -> In n' (add_to_worklist n wkl). +Proof. + intros. unfold add_to_worklist. + case (In_dec peq n wkl); auto with coqlib. +Qed. + +Lemma propagate_succ_charact: + forall st out n, + let st' := propagate_succ st out n in + L.ge st'.(st_in)!!n out /\ + (forall s, n <> s -> st'.(st_in)!!s = st.(st_in)!!s). +Proof. + unfold propagate_succ; intros; simpl. + case (L.eq (st_in st) !! n (L.lub (st_in st) !! n out)); intro. + split. rewrite e. rewrite L.lub_commut. apply L.ge_lub_left. + auto. + simpl. split. + rewrite PMap.gss. rewrite L.lub_commut. apply L.ge_lub_left. + intros. rewrite PMap.gso; auto. +Qed. + +Lemma propagate_succ_list_charact: + forall out succs st, + let st' := propagate_succ_list st out succs in + forall s, + (In s succs -> L.ge st'.(st_in)!!s out) /\ + (~(In s succs) -> st'.(st_in)!!s = st.(st_in)!!s). +Proof. + induction succs; simpl; intros. + tauto. + generalize (IHsuccs (propagate_succ st out a) s). intros [A B]. + generalize (propagate_succ_charact st out a). intros [C D]. + split; intros. + elim H; intro. + subst s. + apply L.ge_trans with (propagate_succ st out a).(st_in)!!a. + apply propagate_succ_list_incr. assumption. + apply A. auto. + transitivity (propagate_succ st out a).(st_in)!!s. + apply B. tauto. + apply D. tauto. +Qed. + +Lemma propagate_succ_incr_worklist: + forall st out n, + incl st.(st_wrk) (propagate_succ st out n).(st_wrk). +Proof. + intros. unfold propagate_succ. + case (L.eq (st_in st) !! n (L.lub (st_in st) !! n out)); intro. + apply incl_refl. + simpl. red; intros. apply add_to_worklist_2; auto. +Qed. + +Lemma propagate_succ_list_incr_worklist: + forall out succs st, + incl st.(st_wrk) (propagate_succ_list st out succs).(st_wrk). +Proof. + induction succs; simpl; intros. + apply incl_refl. + apply incl_tran with (propagate_succ st out a).(st_wrk). + apply propagate_succ_incr_worklist. + auto. +Qed. + +Lemma propagate_succ_records_changes: + forall st out n s, + let st' := propagate_succ st out n in + In s st'.(st_wrk) \/ st'.(st_in)!!s = st.(st_in)!!s. +Proof. + simpl. intros. unfold propagate_succ. + case (L.eq (st_in st) !! n (L.lub (st_in st) !! n out)); intro. + right; auto. + case (peq s n); intro. + subst s. left. simpl. apply add_to_worklist_1. + right. simpl. apply PMap.gso. auto. +Qed. + +Lemma propagate_succ_list_records_changes: + forall out succs st s, + let st' := propagate_succ_list st out succs in + In s st'.(st_wrk) \/ st'.(st_in)!!s = st.(st_in)!!s. +Proof. + induction succs; simpl; intros. + right; auto. + elim (propagate_succ_records_changes st out a s); intro. + left. apply propagate_succ_list_incr_worklist. auto. + rewrite <- H. auto. +Qed. + +Lemma step_state_good: + forall st n rem, + st.(st_wrk) = n :: rem -> + good_state st -> + good_state (propagate_succ_list (mkstate st.(st_in) rem) + (transf n st.(st_in)!!n) + (successors n)). +Proof. + unfold good_state. intros st n rem WKL GOOD x LTx. + set (out := transf n st.(st_in)!!n). + rewrite WKL in GOOD. + elim (propagate_succ_list_records_changes + out (successors n) (mkstate st.(st_in) rem) x). + intro; left; auto. + simpl; intro EQ. rewrite EQ. + (* Case 1: x = n *) + case (peq x n); intro. + subst x. fold out. + right; intros. + elim (propagate_succ_list_charact out (successors n) + (mkstate st.(st_in) rem) s); intros. + auto. + (* Case 2: x <> n *) + elim (GOOD x LTx); intro. + (* Case 2.1: x was already in worklist, still is *) + left. apply propagate_succ_list_incr_worklist. + simpl. elim H; intro. elim n0; auto. auto. + (* Case 2.2: x was not in worklist *) + right; intros. + case (In_dec peq s (successors n)); intro. + (* Case 2.2.1: s is a successor of n, it may have increased *) + apply L.ge_trans with st.(st_in)!!s. + change st.(st_in)!!s with (mkstate st.(st_in) rem).(st_in)!!s. + apply propagate_succ_list_incr. + auto. + (* Case 2.2.2: s is not a successor of n, it did not change *) + elim (propagate_succ_list_charact out (successors n) + (mkstate st.(st_in) rem) s); intros. + rewrite H2. simpl. auto. auto. +Qed. + +(** ** Correctness of the solution returned by [iterate]. *) + +(** As a consequence of the [good_state] invariant, the result of + [iterate], if defined, is a solution of the dataflow inequations, + since [st_wrk] is empty when [iterate] terminates. *) + +Lemma iterate_solution: + forall niter st res n s, + good_state st -> + iterate _ _ step niter st = Some res -> + Plt n topnode -> In s (successors n) -> + L.ge res!!s (transf n res!!n). +Proof. + intro niter; pattern niter; apply positive_Peano_ind; intros until s. + rewrite iterate_base. congruence. + intro GS. rewrite iterate_step. + unfold step; caseEq (st.(st_wrk)). + intros. injection H1; intros; subst res. + elim (GS n H2); intro. + rewrite H0 in H4. elim H4. + auto. + intros. apply H with + (propagate_succ_list (mkstate st.(st_in) l) + (transf p st.(st_in)!!p) (successors p)). + apply step_state_good; auto. + auto. auto. auto. +Qed. + +Theorem fixpoint_solution: + forall res n s, + fixpoint = Some res -> + Plt n topnode -> In s (successors n) -> + L.ge res!!s (transf n res!!n). +Proof. + unfold fixpoint. intros. + apply iterate_solution with num_iterations start_state. + apply start_state_good. + auto. auto. auto. +Qed. + +(** As a consequence of the monotonicity property, the result of + [fixpoint], if defined, is pointwise greater than or equal the + initial mapping. Therefore, it satisfies the additional constraints + stated in [entrypoints]. *) + +Lemma start_state_in_entry: + forall ep n v, + In (n, v) ep -> + L.ge (start_state_in ep)!!n v. +Proof. + induction ep; simpl; intros. + elim H. + elim H; intros. + subst a. rewrite PMap.gss. rewrite L.lub_commut. apply L.ge_lub_left. + destruct a. rewrite PMap.gsspec. case (peq n p); intro. + subst p. apply L.ge_trans with (start_state_in ep)!!n. + apply L.ge_lub_left. auto. + auto. +Qed. + +Theorem fixpoint_entry: + forall res n v, + fixpoint = Some res -> + In (n, v) entrypoints -> + L.ge res!!n v. +Proof. + intros. + apply L.ge_trans with (start_state_in entrypoints)!!n. + apply fixpoint_incr. auto. + apply start_state_in_entry. auto. +Qed. + +End Kildall. + +End Dataflow_Solver. + +(** * Solving backward dataflow problems using Kildall's algorithm *) + +(** A backward dataflow problem on a given flow graph is a forward + dataflow program on the reversed flow graph, where predecessors replace + successors. We exploit this observation to cheaply derive a backward + solver from the forward solver. *) + +(** ** Construction of the predecessor relation *) + +Section Predecessor. + +Variable successors: positive -> list positive. +Variable topnode: positive. + +Fixpoint add_successors (pred: PMap.t (list positive)) + (from: positive) (tolist: list positive) + {struct tolist} : PMap.t (list positive) := + match tolist with + | nil => pred + | to :: rem => + add_successors (PMap.set to (from :: pred!!to) pred) from rem + end. + +Lemma add_successors_correct: + forall tolist from pred n s, + In n pred!!s \/ (n = from /\ In s tolist) -> + In n (add_successors pred from tolist)!!s. +Proof. + induction tolist; simpl; intros. + tauto. + apply IHtolist. + rewrite PMap.gsspec. case (peq s a); intro. + subst a. elim H; intro. left; auto with coqlib. + elim H0; intros. subst n. left; auto with coqlib. + intuition. elim n0; auto. +Qed. + +Definition make_predecessors : PMap.t (list positive) := + positive_rec (PMap.t (list positive)) (PMap.init nil) + (fun n pred => add_successors pred n (successors n)) + topnode. + +Lemma make_predecessors_correct: + forall n s, + Plt n topnode -> + In s (successors n) -> + In n make_predecessors!!s. +Proof. + unfold make_predecessors. pattern topnode. + apply positive_Peano_ind; intros. + compute in H. destruct n; discriminate. + rewrite positive_rec_succ. + apply add_successors_correct. + elim (Plt_succ_inv _ _ H0); intro. + left; auto. + right. subst x. tauto. +Qed. + +End Predecessor. + +(** ** Solving backward dataflow problems *) + +(** The interface to a backward dataflow solver is as follows. *) + +Module Type BACKWARD_DATAFLOW_SOLVER. + + Declare Module L: SEMILATTICE. + + Variable fixpoint: + (positive -> list positive) -> + positive -> + (positive -> L.t -> L.t) -> + list (positive * L.t) -> + option (PMap.t L.t). + + Hypothesis fixpoint_solution: + forall successors topnode transf entrypoints res n s, + fixpoint successors topnode transf entrypoints = Some res -> + Plt n topnode -> Plt s topnode -> In s (successors n) -> + L.ge res!!n (transf s res!!s). + + Hypothesis fixpoint_entry: + forall successors topnode transf entrypoints res n v, + fixpoint successors topnode transf entrypoints = Some res -> + In (n, v) entrypoints -> + L.ge res!!n v. + +End BACKWARD_DATAFLOW_SOLVER. + +(** We construct a generic backward dataflow solver, working over any + semi-lattice structure, by applying the forward dataflow solver + with the predecessor relation instead of the successor relation. *) + +Module Backward_Dataflow_Solver (LAT: SEMILATTICE): + BACKWARD_DATAFLOW_SOLVER with Module L := LAT. + +Module L := LAT. + +Module DS := Dataflow_Solver L. + +Section Kildall. + +Variable successors: positive -> list positive. +Variable topnode: positive. +Variable transf: positive -> L.t -> L.t. +Variable entrypoints: list (positive * L.t). + +Definition fixpoint := + let pred := make_predecessors successors topnode in + DS.fixpoint (fun s => pred!!s) topnode transf entrypoints. + +Theorem fixpoint_solution: + forall res n s, + fixpoint = Some res -> + Plt n topnode -> Plt s topnode -> + In s (successors n) -> + L.ge res!!n (transf s res!!s). +Proof. + intros. apply DS.fixpoint_solution with + (fun s => (make_predecessors successors topnode)!!s) topnode entrypoints. + exact H. + assumption. + apply make_predecessors_correct; auto. +Qed. + +Theorem fixpoint_entry: + forall res n v, + fixpoint = Some res -> + In (n, v) entrypoints -> + L.ge res!!n v. +Proof. + intros. apply DS.fixpoint_entry with + (fun s => (make_predecessors successors topnode)!!s) topnode transf entrypoints. + exact H. auto. +Qed. + +End Kildall. + +End Backward_Dataflow_Solver. + +(** * Analysis on extended basic blocks *) + +(** We now define an approximate solver for forward dataflow problems + that proceeds by forward propagation over extended basic blocks. + In other terms, program points with multiple predecessors are mapped + to [L.top] (the greatest, or coarsest, approximation) and the other + program points are mapped to [transf p X[p]] where [p] is their unique + predecessor. + + This analysis applies to any type of approximations equipped with + an ordering and a greatest element. *) + +Module Type ORDERED_TYPE_WITH_TOP. + + Variable t: Set. + Variable ge: t -> t -> Prop. + Variable top: t. + Hypothesis top_ge: forall x, ge top x. + Hypothesis refl_ge: forall x, ge x x. + +End ORDERED_TYPE_WITH_TOP. + +(** The interface of the solver is similar to that of Kildall's forward + solver. We provide one additional theorem [fixpoint_invariant] + stating that any property preserved by the [transf] function + holds for the returned solution. *) + +Module Type BBLOCK_SOLVER. + + Declare Module L: ORDERED_TYPE_WITH_TOP. + + Variable fixpoint: + (positive -> list positive) -> + positive -> + (positive -> L.t -> L.t) -> + positive -> + option (PMap.t L.t). + + Hypothesis fixpoint_solution: + forall successors topnode transf entrypoint res n s, + fixpoint successors topnode transf entrypoint = Some res -> + Plt n topnode -> In s (successors n) -> + L.ge res!!s (transf n res!!n). + + Hypothesis fixpoint_entry: + forall successors topnode transf entrypoint res, + fixpoint successors topnode transf entrypoint = Some res -> + res!!entrypoint = L.top. + + Hypothesis fixpoint_invariant: + forall successors topnode transf entrypoint + (P: L.t -> Prop), + P L.top -> + (forall pc x, P x -> P (transf pc x)) -> + forall res pc, + fixpoint successors topnode transf entrypoint = Some res -> + P res!!pc. + +End BBLOCK_SOLVER. + +(** The implementation of the ``extended basic block'' solver is a + functor parameterized by any ordered type with a top element. *) + +Module BBlock_solver(LAT: ORDERED_TYPE_WITH_TOP): + BBLOCK_SOLVER with Module L := LAT. + +Module L := LAT. + +Section Solver. + +Variable successors: positive -> list positive. +Variable topnode: positive. +Variable transf: positive -> L.t -> L.t. +Variable entrypoint: positive. +Variable P: L.t -> Prop. +Hypothesis Ptop: P L.top. +Hypothesis Ptransf: forall pc x, P x -> P (transf pc x). + +Definition bbmap := positive -> bool. +Definition result := PMap.t L.t. + +(** As in Kildall's solver, the state of the iteration has two components: +- A mapping from program points to values of type [L.t] representing + the candidate solution found so far. +- A worklist of program points that remain to be considered. +*) + +Record state : Set := mkstate + { st_in: result; st_wrk: list positive }. + +(** The ``extended basic block'' algorithm, in pseudo-code, is as follows: +<< + st_wrk := the set of all points n having multiple predecessors + st_in := the mapping n -> L.top + + while st_wrk is not empty, do + extract a node n from st_wrk + compute out = transf n st_in[n] + for each successor s of n: + compute in = lub st_in[s] out + if s has only one predecessor (namely, n): + st_in[s] := in + st_wrk := st_wrk union {s} + end if + end for + end while + return st_in +>> +**) + +Fixpoint propagate_successors + (bb: bbmap) (succs: list positive) (l: L.t) (st: state) + {struct succs} : state := + match succs with + | nil => st + | s1 :: sl => + if bb s1 then + propagate_successors bb sl l st + else + propagate_successors bb sl l + (mkstate (PMap.set s1 l st.(st_in)) + (s1 :: st.(st_wrk))) + end. + +Definition step (bb: bbmap) (st: state) : result + state := + match st.(st_wrk) with + | nil => inl _ st.(st_in) + | pc :: rem => + if plt pc topnode then + inr _ (propagate_successors + bb (successors pc) + (transf pc st.(st_in)!!pc) + (mkstate st.(st_in) rem)) + else + inr _ (mkstate st.(st_in) rem) + end. + +(** Recognition of program points that have more than one predecessor. *) + +Definition is_basic_block_head + (preds: PMap.t (list positive)) (pc: positive) : bool := + match preds!!pc with + | nil => true + | s :: nil => + if peq s pc then true else + if peq pc entrypoint then true else false + | _ :: _ :: _ => true + end. + +Definition basic_block_map : bbmap := + is_basic_block_head (make_predecessors successors topnode). + +Definition basic_block_list (bb: bbmap) : list positive := + positive_rec (list positive) nil + (fun pc l => if bb pc then pc :: l else l) topnode. + +(** The computation of the approximate solution. *) + +Definition fixpoint : option result := + let bb := basic_block_map in + iterate _ _ (step bb) num_iterations + (mkstate (PMap.init L.top) (basic_block_list bb)). + +(** ** Properties of predecessors and multiple-predecessors nodes *) + +Definition predecessors := make_predecessors successors topnode. + +Lemma predecessors_correct: + forall n s, + Plt n topnode -> In s (successors n) -> In n predecessors!!s. +Proof. + intros. unfold predecessors. eapply make_predecessors_correct; eauto. +Qed. + +Lemma multiple_predecessors: + forall s n1 n2, + Plt n1 topnode -> In s (successors n1) -> + Plt n2 topnode -> In s (successors n2) -> + n1 <> n2 -> + basic_block_map s = true. +Proof. + intros. + assert (In n1 predecessors!!s). apply predecessors_correct; auto. + assert (In n2 predecessors!!s). apply predecessors_correct; auto. + unfold basic_block_map, is_basic_block_head. + fold predecessors. + destruct (predecessors!!s). + auto. + destruct l. + simpl in H4. simpl in H5. intuition congruence. + auto. +Qed. + +Lemma no_self_loop: + forall n, + Plt n topnode -> In n (successors n) -> basic_block_map n = true. +Proof. + intros. unfold basic_block_map, is_basic_block_head. + fold predecessors. + generalize (predecessors_correct n n H H0). intro. + destruct (predecessors!!n). auto. + destruct l. replace n with p. apply peq_true. simpl in H1. tauto. + auto. +Qed. + +(** ** Correctness invariant *) + +(** The invariant over the state is as follows: +- Points with several predecessors are mapped to [L.top] +- Points not in the worklist satisfy their inequations + (as in Kildall's algorithm). +*) + +Definition state_invariant (st: state) : Prop := + (forall n, basic_block_map n = true -> st.(st_in)!!n = L.top) +/\ + (forall n, Plt n topnode -> + In n st.(st_wrk) \/ + (forall s, In s (successors n) -> + L.ge st.(st_in)!!s (transf n st.(st_in)!!n))). + +Lemma propagate_successors_charact1: + forall bb succs l st, + incl st.(st_wrk) + (propagate_successors bb succs l st).(st_wrk). +Proof. + induction succs; simpl; intros. + apply incl_refl. + case (bb a). + auto. + apply incl_tran with (a :: st_wrk st). + apply incl_tl. apply incl_refl. + set (st1 := (mkstate (PMap.set a l (st_in st)) (a :: st_wrk st))). + change (a :: st_wrk st) with (st_wrk st1). + auto. +Qed. + +Lemma propagate_successors_charact2: + forall bb succs l st n, + let st' := propagate_successors bb succs l st in + (In n succs -> bb n = false -> In n st'.(st_wrk) /\ st'.(st_in)!!n = l) +/\ (~In n succs \/ bb n = true -> st'.(st_in)!!n = st.(st_in)!!n). +Proof. + induction succs; simpl; intros. + (* Base case *) + split. tauto. auto. + (* Inductive case *) + caseEq (bb a); intro. + elim (IHsuccs l st n); intros A B. + split; intros. apply A; auto. + elim H0; intro. subst a. congruence. auto. + apply B. tauto. + set (st1 := mkstate (PMap.set a l (st_in st)) (a :: st_wrk st)). + elim (IHsuccs l st1 n); intros A B. + split; intros. + elim H0; intros. + subst n. split. + apply propagate_successors_charact1. simpl. tauto. + case (In_dec peq a succs); intro. + elim (A i H1); auto. + rewrite B. unfold st1; simpl. apply PMap.gss. tauto. + apply A; auto. + rewrite B. unfold st1; simpl. apply PMap.gso. + red; intro; subst n. elim H0; intro. tauto. congruence. + tauto. +Qed. + +Lemma propagate_successors_invariant: + forall pc res rem, + Plt pc topnode -> + state_invariant (mkstate res (pc :: rem)) -> + state_invariant + (propagate_successors basic_block_map (successors pc) + (transf pc res!!pc) + (mkstate res rem)). +Proof. + intros until rem. intros PC [INV1 INV2]. simpl in INV1. simpl in INV2. + set (l := transf pc res!!pc). + generalize (propagate_successors_charact1 basic_block_map + (successors pc) l (mkstate res rem)). + generalize (propagate_successors_charact2 basic_block_map + (successors pc) l (mkstate res rem)). + set (st1 := propagate_successors basic_block_map + (successors pc) l (mkstate res rem)). + intros A B. + (* First part: BB entries remain at top *) + split; intros. + elim (A n); intros C D. rewrite D. simpl. apply INV1. auto. tauto. + (* Second part: monotonicity *) + (* Case 1: n = pc *) + case (peq pc n); intros. + subst n. right; intros. + elim (A s); intros C D. + replace (st1.(st_in)!!pc) with res!!pc. fold l. + caseEq (basic_block_map s); intro. + rewrite D. simpl. rewrite INV1. apply L.top_ge. auto. tauto. + elim (C H0 H1); intros. rewrite H3. apply L.refl_ge. + elim (A pc); intros E F. rewrite F. reflexivity. + case (In_dec peq pc (successors pc)); intro. + right. apply no_self_loop; auto. + left; auto. + (* Case 2: n <> pc *) + elim (INV2 n H); intro. + (* Case 2.1: n was already in worklist, still is *) + left. apply B. simpl. simpl in H0. tauto. + (* Case 2.2: n was not in worklist *) + assert (INV3: forall s, In s (successors n) -> st1.(st_in)!!s = res!!s). + (* Amazingly, successors of n do not change. The only way + they could change is if they were successors of pc as well, + but that gives them two different predecessors, so + they are basic block heads, and thus do not change! *) + intros. elim (A s); intros C D. rewrite D. reflexivity. + case (In_dec peq s (successors pc)); intro. + right. apply multiple_predecessors with n pc; auto. + left; auto. + case (In_dec peq n (successors pc)); intro. + (* Case 2.2.1: n is a successor of pc. Either it is in the + worklist or it did not change *) + caseEq (basic_block_map n); intro. + right; intros. + elim (A n); intros C D. rewrite D. simpl. + rewrite INV3; auto. + tauto. + left. elim (A n); intros C D. elim (C i H1); intros. auto. + (* Case 2.2.2: n is not a successor of pc. It did not change. *) + right; intros. + elim (A n); intros C D. rewrite D. simpl. + rewrite INV3; auto. + tauto. +Qed. + +Lemma discard_top_worklist_invariant: + forall pc res rem, + ~(Plt pc topnode) -> + state_invariant (mkstate res (pc :: rem)) -> + state_invariant (mkstate res rem). +Proof. + intros; red; intros. + elim H0; simpl; intros A B. + split. assumption. + intros. elim (B n H1); intros. + left. elim H2; intro. subst n. contradiction. auto. + right. assumption. +Qed. + +Lemma analyze_invariant: + forall res count st, + iterate _ _ (step basic_block_map) count st = Some res -> + state_invariant st -> + state_invariant (mkstate res nil). +Proof. + intros until count. pattern count. + apply positive_Peano_ind; intros until st. + rewrite iterate_base. congruence. + rewrite iterate_step. unfold step at 1. case st; intros r w; simpl. + case w. + intros. replace res with r. auto. congruence. + intros pc wl. case (plt pc topnode); intros. + eapply H. eauto. apply propagate_successors_invariant; auto. + eapply H. eauto. eapply discard_top_worklist_invariant; eauto. +Qed. + +Lemma initial_state_invariant: + state_invariant (mkstate (PMap.init L.top) (basic_block_list basic_block_map)). +Proof. + split; simpl; intros. + apply PMap.gi. + right. intros. repeat rewrite PMap.gi. apply L.top_ge. +Qed. + +(** ** Correctness of the returned solution *) + +Theorem fixpoint_solution: + forall res n s, + fixpoint = Some res -> + Plt n topnode -> In s (successors n) -> + L.ge res!!s (transf n res!!n). +Proof. + unfold fixpoint. + intros. + assert (state_invariant (mkstate res nil)). + eapply analyze_invariant; eauto. apply initial_state_invariant. + elim H2; simpl; intros. + elim (H4 n H0); intros. + contradiction. + auto. +Qed. + +Theorem fixpoint_entry: + forall res, + fixpoint = Some res -> + res!!entrypoint = L.top. +Proof. + unfold fixpoint. + intros. + assert (state_invariant (mkstate res nil)). + eapply analyze_invariant; eauto. apply initial_state_invariant. + elim H0; simpl; intros. + apply H1. unfold basic_block_map, is_basic_block_head. + fold predecessors. + destruct (predecessors!!entrypoint). auto. + destruct l. destruct (peq p entrypoint). auto. apply peq_true. + auto. +Qed. + +(** ** Preservation of a property over solutions *) + +Definition Pstate (st: state) : Prop := + forall pc, P st.(st_in)!!pc. + +Lemma propagate_successors_P: + forall bb l, + P l -> + forall succs st, + Pstate st -> + Pstate (propagate_successors bb succs l st). +Proof. + induction succs; simpl; intros. + auto. + case (bb a). auto. + apply IHsuccs. red; simpl; intros. + rewrite PMap.gsspec. case (peq pc a); intro. + auto. apply H0. +Qed. + +Lemma analyze_P: + forall bb res count st, + iterate _ _ (step bb) count st = Some res -> + Pstate st -> + (forall pc, P res!!pc). +Proof. + intros until count; pattern count; apply positive_Peano_ind; intros until st. + rewrite iterate_base. congruence. + rewrite iterate_step; unfold step at 1; destruct st.(st_wrk). + intros. inversion H0. apply H1. + destruct (plt p topnode). + intros. eapply H. eauto. + apply propagate_successors_P. apply Ptransf. apply H1. + red; intro; simpl. apply H1. + intros. eauto. +Qed. + +Theorem fixpoint_invariant: + forall res pc, fixpoint = Some res -> P res!!pc. +Proof. + intros. unfold fixpoint in H. eapply analyze_P; eauto. + red; intro; simpl. rewrite PMap.gi. apply Ptop. +Qed. + +End Solver. + +End BBlock_solver. + diff --git a/backend/LTL.v b/backend/LTL.v new file mode 100644 index 00000000..2c36cba9 --- /dev/null +++ b/backend/LTL.v @@ -0,0 +1,357 @@ +(** The LTL intermediate language: abstract syntax and semantics. + + LTL (``Location Transfer Language'') is the target language + for register allocation and the source language for linearization. *) + +Require Import Relations. +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. +Require Conventions. + +(** * Abstract syntax *) + +(** LTL is close to RTL, but uses locations instead of pseudo-registers, + and basic blocks instead of single instructions as nodes of its + control-flow graph. *) + +Definition node := positive. + +(** A basic block is a sequence of instructions terminated by + a [Bgoto], [Bcond] or [Breturn] instruction. (This invariant + is enforced by the following inductive type definition.) + The instructions behave like the similarly-named instructions + of RTL. They take machine registers (type [mreg]) as arguments + and results. Two new instructions are added: [Bgetstack] + and [Bsetstack], which are ``move'' instructions between + a machine register and a stack slot. *) + +Inductive block: Set := + | Bgetstack: slot -> mreg -> block -> block + | Bsetstack: mreg -> slot -> block -> block + | Bop: operation -> list mreg -> mreg -> block -> block + | Bload: memory_chunk -> addressing -> list mreg -> mreg -> block -> block + | Bstore: memory_chunk -> addressing -> list mreg -> mreg -> block -> block + | Bcall: signature -> mreg + ident -> block -> block + | Bgoto: node -> block + | Bcond: condition -> list mreg -> node -> node -> block + | Breturn: block. + +Definition code: Set := PTree.t block. + +(** Unlike in RTL, parameter passing (passing values of the arguments + to a function call to the parameters of the called function) is done + via conventional locations (machine registers and stack slots). + Consequently, the [Bcall] instruction has no list of argument registers, + and function descriptions have no list of parameter registers. *) + +Record function: Set := mkfunction { + fn_sig: signature; + fn_stacksize: Z; + fn_code: code; + fn_entrypoint: node; + fn_code_wf: + forall (pc: node), Plt pc (Psucc fn_entrypoint) \/ fn_code!pc = None +}. + +Definition program := AST.program function. + +(** * Operational semantics *) + +Definition genv := Genv.t function. +Definition locset := Locmap.t. + +Section RELSEM. + +(** Calling conventions are reflected at the level of location sets + (environments mapping locations to values) by the following two + functions. + + [call_regs caller] returns the location set at function entry, + as a function of the location set [caller] of the calling function. +- Machine registers have the same values as in the caller. +- Incoming stack slots (used for parameter passing) have the same + values as the corresponding outgoing stack slots (used for argument + passing) in the caller. +- Local and outgoing stack slots are initialized to undefined values. +*) + +Definition call_regs (caller: locset) : locset := + fun (l: loc) => + match l with + | R r => caller (R r) + | S (Local ofs ty) => Vundef + | S (Incoming ofs ty) => caller (S (Outgoing ofs ty)) + | S (Outgoing ofs ty) => Vundef + end. + +(** [return_regs caller callee] returns the location set after + a call instruction, as a function of the location set [caller] + of the caller before the call instruction and of the location + set [callee] of the callee at the return instruction. +- Callee-save machine registers have the same values as in the caller + before the call. +- Caller-save and temporary machine registers have the same values + as in the callee at the return point. +- Stack slots have the same values as in the caller before the call. +*) + +Definition return_regs (caller callee: locset) : locset := + fun (l: loc) => + match l with + | R r => + if In_dec Loc.eq (R r) Conventions.temporaries then + callee (R r) + else if In_dec Loc.eq (R r) Conventions.destroyed_at_call then + callee (R r) + else + caller (R r) + | S s => caller (S s) + end. + +Variable ge: genv. + +Definition find_function (ros: mreg + ident) (rs: locset) : option function := + match ros with + | inl r => Genv.find_funct ge (rs (R r)) + | inr symb => + match Genv.find_symbol ge symb with + | None => None + | Some b => Genv.find_funct_ptr ge b + end + end. + +Definition reglist (rl: list mreg) (rs: locset) : list val := + List.map (fun r => rs (R r)) rl. + +(** The dynamic semantics of LTL, like that of RTL, is a combination + of small-step transition semantics and big-step semantics. + Function calls are treated in big-step style so that they appear + as a single transition in the caller function. Other instructions + are treated in purely small-step style, as a single transition. + + The introduction of basic blocks increases the number of inductive + predicates needed to express the semantics: +- [exec_instr ge sp b ls m b' ls' m'] is the execution of the first + instruction of block [b]. [b'] is the remainder of the block. +- [exec_instrs ge sp b ls m b' ls' m'] is similar, but executes + zero, one or several instructions at the beginning of block [b]. +- [exec_block ge sp b ls m out ls' m'] executes all instructions + of block [b]. The outcome [out] is either [Cont s], indicating + that the block terminates by branching to block labeled [s], + or [Return], indicating that the block terminates by returning + from the current function. +- [exec_blocks ge code sp pc ls m out ls' m'] executes a sequence + of zero, one or several blocks, starting at the block labeled [pc]. + [code] is the control-flow graph for the current function. + The outcome [out] indicates how the last block in this sequence + terminates: by branching to another block or by returning from the + function. +- [exec_function ge f ls m ls' m'] executes the body of function [f], + from its entry point to the first [Lreturn] instruction encountered. + + In all these predicates, [ls] and [ls'] are the location sets + (values of locations) at the beginning and end of the transitions, + respectively. +*) + +Inductive outcome: Set := + | Cont: node -> outcome + | Return: outcome. + +Inductive exec_instr: val -> + block -> locset -> mem -> + block -> locset -> mem -> Prop := + | exec_Bgetstack: + forall sp sl r b rs m, + exec_instr sp (Bgetstack sl r b) rs m + b (Locmap.set (R r) (rs (S sl)) rs) m + | exec_Bsetstack: + forall sp r sl b rs m, + exec_instr sp (Bsetstack r sl b) rs m + b (Locmap.set (S sl) (rs (R r)) rs) m + | exec_Bop: + forall sp op args res b rs m v, + eval_operation ge sp op (reglist args rs) = Some v -> + exec_instr sp (Bop op args res b) rs m + b (Locmap.set (R res) v rs) m + | exec_Bload: + forall sp chunk addr args dst b rs m a v, + eval_addressing ge sp addr (reglist args rs) = Some a -> + loadv chunk m a = Some v -> + exec_instr sp (Bload chunk addr args dst b) rs m + b (Locmap.set (R dst) v rs) m + | exec_Bstore: + forall sp chunk addr args src b rs m m' a, + eval_addressing ge sp addr (reglist args rs) = Some a -> + storev chunk m a (rs (R src)) = Some m' -> + exec_instr sp (Bstore chunk addr args src b) rs m + b rs m' + | exec_Bcall: + forall sp sig ros b rs m f rs' m', + find_function ros rs = Some f -> + sig = f.(fn_sig) -> + exec_function f rs m rs' m' -> + exec_instr sp (Bcall sig ros b) rs m + b (return_regs rs rs') m' + +with exec_instrs: val -> + block -> locset -> mem -> + block -> locset -> mem -> Prop := + | exec_refl: + forall sp b rs m, + exec_instrs sp b rs m b rs m + | exec_one: + forall sp b1 rs1 m1 b2 rs2 m2, + exec_instr sp b1 rs1 m1 b2 rs2 m2 -> + exec_instrs sp b1 rs1 m1 b2 rs2 m2 + | exec_trans: + forall sp b1 rs1 m1 b2 rs2 m2 b3 rs3 m3, + exec_instrs sp b1 rs1 m1 b2 rs2 m2 -> + exec_instrs sp b2 rs2 m2 b3 rs3 m3 -> + exec_instrs sp b1 rs1 m1 b3 rs3 m3 + +with exec_block: val -> + block -> locset -> mem -> + outcome -> locset -> mem -> Prop := + | exec_Bgoto: + forall sp b rs m s rs' m', + exec_instrs sp b rs m (Bgoto s) rs' m' -> + exec_block sp b rs m (Cont s) rs' m' + | exec_Bcond_true: + forall sp b rs m cond args ifso ifnot rs' m', + exec_instrs sp b rs m (Bcond cond args ifso ifnot) rs' m' -> + eval_condition cond (reglist args rs') = Some true -> + exec_block sp b rs m (Cont ifso) rs' m' + | exec_Bcond_false: + forall sp b rs m cond args ifso ifnot rs' m', + exec_instrs sp b rs m (Bcond cond args ifso ifnot) rs' m' -> + eval_condition cond (reglist args rs') = Some false -> + exec_block sp b rs m (Cont ifnot) rs' m' + | exec_Breturn: + forall sp b rs m rs' m', + exec_instrs sp b rs m Breturn rs' m' -> + exec_block sp b rs m Return rs' m' + +with exec_blocks: code -> val -> + node -> locset -> mem -> + outcome -> locset -> mem -> Prop := + | exec_blocks_refl: + forall c sp pc rs m, + exec_blocks c sp pc rs m (Cont pc) rs m + | exec_blocks_one: + forall c sp pc b m rs out rs' m', + c!pc = Some b -> + exec_block sp b rs m out rs' m' -> + exec_blocks c sp pc rs m out rs' m' + | exec_blocks_trans: + forall c sp pc1 rs1 m1 pc2 rs2 m2 out rs3 m3, + exec_blocks c sp pc1 rs1 m1 (Cont pc2) rs2 m2 -> + exec_blocks c sp pc2 rs2 m2 out rs3 m3 -> + exec_blocks c sp pc1 rs1 m1 out rs3 m3 + +with exec_function: function -> locset -> mem -> + locset -> mem -> Prop := + | exec_funct: + forall f rs m m1 stk rs2 m2, + alloc m 0 f.(fn_stacksize) = (m1, stk) -> + exec_blocks f.(fn_code) (Vptr stk Int.zero) + f.(fn_entrypoint) (call_regs rs) m1 Return rs2 m2 -> + exec_function f rs m rs2 (free m2 stk). + +End RELSEM. + +(** Execution of a whole program boils down to invoking its main + function. The result of the program is the return value of the + main function, to be found in the machine register dictated + by the calling conventions. *) + +Definition exec_program (p: program) (r: val) : Prop := + let ge := Genv.globalenv p in + let m0 := Genv.init_mem p in + exists b, exists f, exists rs, exists m, + Genv.find_symbol ge p.(prog_main) = Some b /\ + Genv.find_funct_ptr ge b = Some f /\ + f.(fn_sig) = mksignature nil (Some Tint) /\ + exec_function ge f (Locmap.init Vundef) m0 rs m /\ + rs (R (Conventions.loc_result f.(fn_sig))) = r. + +(** We remark that the [exec_blocks] relation is stable if + the control-flow graph is extended by adding new basic blocks + at previously unused graph nodes. *) + +Section EXEC_BLOCKS_EXTENDS. + +Variable ge: genv. +Variable c1 c2: code. +Hypothesis EXT: forall pc, c2!pc = c1!pc \/ c1!pc = None. + +Lemma exec_blocks_extends: + forall sp pc1 rs1 m1 out rs2 m2, + exec_blocks ge c1 sp pc1 rs1 m1 out rs2 m2 -> + exec_blocks ge c2 sp pc1 rs1 m1 out rs2 m2. +Proof. + induction 1. + apply exec_blocks_refl. + apply exec_blocks_one with b. + elim (EXT pc); intro; congruence. assumption. + eapply exec_blocks_trans; eauto. +Qed. + +End EXEC_BLOCKS_EXTENDS. + +(** * Operations over LTL *) + +(** Computation of the possible successors of a basic block. + This is used for dataflow analyses. *) + +Fixpoint successors_aux (b: block) : list node := + match b with + | Bgetstack s r b => successors_aux b + | Bsetstack r s b => successors_aux b + | Bop op args res b => successors_aux b + | Bload chunk addr args dst b => successors_aux b + | Bstore chunk addr args src b => successors_aux b + | Bcall sig ros b => successors_aux b + | Bgoto n => n :: nil + | Bcond cond args ifso ifnot => ifso :: ifnot :: nil + | Breturn => nil + end. + +Definition successors (f: function) (pc: node) : list node := + match f.(fn_code)!pc with + | None => nil + | Some b => successors_aux b + end. + +Lemma successors_aux_invariant: + forall ge sp b rs m b' rs' m', + exec_instrs ge sp b rs m b' rs' m' -> + successors_aux b = successors_aux b'. +Proof. + induction 1; simpl; intros. + reflexivity. + inversion H; reflexivity. + transitivity (successors_aux b2); auto. +Qed. + +Lemma successors_correct: + forall ge f sp pc rs m pc' rs' m' b, + f.(fn_code)!pc = Some b -> + exec_block ge sp b rs m (Cont pc') rs' m' -> + In pc' (successors f pc). +Proof. + intros. unfold successors. rewrite H. inversion H0. + rewrite (successors_aux_invariant _ _ _ _ _ _ _ _ H6); simpl. + tauto. + rewrite (successors_aux_invariant _ _ _ _ _ _ _ _ H2); simpl. + tauto. + rewrite (successors_aux_invariant _ _ _ _ _ _ _ _ H2); simpl. + tauto. +Qed. diff --git a/backend/LTLtyping.v b/backend/LTLtyping.v new file mode 100644 index 00000000..3f13ac3c --- /dev/null +++ b/backend/LTLtyping.v @@ -0,0 +1,93 @@ +(** Typing rules for LTL. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Op. +Require Import RTL. +Require Import Locations. +Require Import LTL. +Require Import Conventions. + +(** The following predicates define a type system for LTL similar to that + of [RTL] (see file [RTLtyping]): it statically guarantees that operations + and addressing modes are applied to the right number of arguments + and that the arguments are of the correct types. Moreover, it also + enforces some correctness conditions on the offsets of stack slots + accessed through [Bgetstack] and [Bsetstack] LTL instructions. *) + +Section WT_BLOCK. + +Variable funct: function. + +Definition slot_bounded (s: slot) := + match s with + | Local ofs ty => 0 <= ofs + | Outgoing ofs ty => 6 <= ofs + | Incoming ofs ty => 6 <= ofs /\ ofs + typesize ty <= size_arguments funct.(fn_sig) + end. + +Inductive wt_block : block -> Prop := + | wt_Bgetstack: + forall s r b, + slot_type s = mreg_type r -> + slot_bounded s -> + wt_block b -> + wt_block (Bgetstack s r b) + | wt_Bsetstack: + forall r s b, + match s with Incoming _ _ => False | _ => True end -> + slot_type s = mreg_type r -> + slot_bounded s -> + wt_block b -> + wt_block (Bsetstack r s b) + | wt_Bopmove: + forall r1 r b, + mreg_type r1 = mreg_type r -> + wt_block b -> + wt_block (Bop Omove (r1 :: nil) r b) + | wt_Bopundef: + forall r b, + wt_block b -> + wt_block (Bop Oundef nil r b) + | wt_Bop: + forall op args res b, + op <> Omove -> op <> Oundef -> + (List.map mreg_type args, mreg_type res) = type_of_operation op -> + wt_block b -> + wt_block (Bop op args res b) + | wt_Bload: + forall chunk addr args dst b, + List.map mreg_type args = type_of_addressing addr -> + mreg_type dst = type_of_chunk chunk -> + wt_block b -> + wt_block (Bload chunk addr args dst b) + | wt_Bstore: + forall chunk addr args src b, + List.map mreg_type args = type_of_addressing addr -> + mreg_type src = type_of_chunk chunk -> + wt_block b -> + wt_block (Bstore chunk addr args src b) + | wt_Bcall: + forall sig ros b, + match ros with inl r => mreg_type r = Tint | _ => True end -> + wt_block b -> + wt_block (Bcall sig ros b) + | wt_Bgoto: + forall lbl, + wt_block (Bgoto lbl) + | wt_Bcond: + forall cond args ifso ifnot, + List.map mreg_type args = type_of_condition cond -> + wt_block (Bcond cond args ifso ifnot) + | wt_Breturn: + wt_block (Breturn). + +End WT_BLOCK. + +Definition wt_function (f: function) : Prop := + forall pc b, f.(fn_code)!pc = Some b -> wt_block f b. + +Definition wt_program (p: program) : Prop := + forall i f, In (i, f) (prog_funct p) -> wt_function f. + diff --git a/backend/Linear.v b/backend/Linear.v new file mode 100644 index 00000000..f4ed0454 --- /dev/null +++ b/backend/Linear.v @@ -0,0 +1,203 @@ +(** The Linear intermediate language: abstract syntax and semantcs *) + +(** The Linear language is a variant of LTL where control-flow is not + expressed as a graph of basic blocks, but as a linear list of + instructions with explicit labels and ``goto'' instructions. *) + +Require Import Relations. +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. +Require Import LTL. +Require Conventions. + +(** * Abstract syntax *) + +Definition label := positive. + +(** Linear instructions are similar to their LTL counterpart: + arguments and results are machine registers, except for the + [Lgetstack] and [Lsetstack] instructions which are register-stack moves. + Except the last three, these instructions continue in sequence + with the next instruction in the linear list of instructions. + Unconditional branches [Lgoto] and conditional branches [Lcond] + transfer control to the given code label. Labels are explicitly + inserted in the instruction list as pseudo-instructions [Llabel]. *) + +Inductive instruction: Set := + | Lgetstack: slot -> mreg -> instruction + | Lsetstack: mreg -> slot -> instruction + | Lop: operation -> list mreg -> mreg -> instruction + | Lload: memory_chunk -> addressing -> list mreg -> mreg -> instruction + | Lstore: memory_chunk -> addressing -> list mreg -> mreg -> instruction + | Lcall: signature -> mreg + ident -> instruction + | Llabel: label -> instruction + | Lgoto: label -> instruction + | Lcond: condition -> list mreg -> label -> instruction + | Lreturn: instruction. + +Definition code: Set := list instruction. + +Record function: Set := mkfunction { + fn_sig: signature; + fn_stacksize: Z; + fn_code: code +}. + +Definition program := AST.program function. + +Definition genv := Genv.t function. +Definition locset := Locmap.t. + +(** * Operational semantics *) + +(** Looking up labels in the instruction list. *) + +Definition is_label (lbl: label) (instr: instruction) : bool := + match instr with + | Llabel lbl' => if peq lbl lbl' then true else false + | _ => false + end. + +Lemma is_label_correct: + forall lbl instr, + if is_label lbl instr then instr = Llabel lbl else instr <> Llabel lbl. +Proof. + intros. destruct instr; simpl; try discriminate. + case (peq lbl l); intro; congruence. +Qed. + +(** [find_label lbl c] returns a list of instruction, suffix of the + code [c], that immediately follows the [Llabel lbl] pseudo-instruction. + If the label [lbl] is multiply-defined, the first occurrence is + retained. If the label [lbl] is not defined, [None] is returned. *) + +Fixpoint find_label (lbl: label) (c: code) {struct c} : option code := + match c with + | nil => None + | i1 :: il => if is_label lbl i1 then Some il else find_label lbl il + end. + +Section RELSEM. + +Variable ge: genv. + +Definition find_function (ros: mreg + ident) (rs: locset) : option function := + match ros with + | inl r => Genv.find_funct ge (rs (R r)) + | inr symb => + match Genv.find_symbol ge symb with + | None => None + | Some b => Genv.find_funct_ptr ge b + end + end. + +(** [exec_instr ge f sp c ls m c' ls' m'] represents the execution + of the first instruction in the code sequence [c]. [ls] and [m] + are the initial location set and memory state, respectively. + [c'] is the current code sequence after execution of the instruction: + it is the tail of [c] if the instruction falls through. + [ls'] and [m'] are the final location state and memory state. *) + +Inductive exec_instr: function -> val -> + code -> locset -> mem -> + code -> locset -> mem -> Prop := + | exec_Lgetstack: + forall f sp sl r b rs m, + exec_instr f sp (Lgetstack sl r :: b) rs m + b (Locmap.set (R r) (rs (S sl)) rs) m + | exec_Lsetstack: + forall f sp r sl b rs m, + exec_instr f sp (Lsetstack r sl :: b) rs m + b (Locmap.set (S sl) (rs (R r)) rs) m + | exec_Lop: + forall f sp op args res b rs m v, + eval_operation ge sp op (reglist args rs) = Some v -> + exec_instr f sp (Lop op args res :: b) rs m + b (Locmap.set (R res) v rs) m + | exec_Lload: + forall f sp chunk addr args dst b rs m a v, + eval_addressing ge sp addr (reglist args rs) = Some a -> + loadv chunk m a = Some v -> + exec_instr f sp (Lload chunk addr args dst :: b) rs m + b (Locmap.set (R dst) v rs) m + | exec_Lstore: + forall f sp chunk addr args src b rs m m' a, + eval_addressing ge sp addr (reglist args rs) = Some a -> + storev chunk m a (rs (R src)) = Some m' -> + exec_instr f sp (Lstore chunk addr args src :: b) rs m + b rs m' + | exec_Lcall: + forall f sp sig ros b rs m f' rs' m', + find_function ros rs = Some f' -> + sig = f'.(fn_sig) -> + exec_function f' rs m rs' m' -> + exec_instr f sp (Lcall sig ros :: b) rs m + b (return_regs rs rs') m' + | exec_Llabel: + forall f sp lbl b rs m, + exec_instr f sp (Llabel lbl :: b) rs m + b rs m + | exec_Lgoto: + forall f sp lbl b rs m b', + find_label lbl f.(fn_code) = Some b' -> + exec_instr f sp (Lgoto lbl :: b) rs m + b' rs m + | exec_Lcond_true: + forall f sp cond args lbl b rs m b', + eval_condition cond (reglist args rs) = Some true -> + find_label lbl f.(fn_code) = Some b' -> + exec_instr f sp (Lcond cond args lbl :: b) rs m + b' rs m + | exec_Lcond_false: + forall f sp cond args lbl b rs m, + eval_condition cond (reglist args rs) = Some false -> + exec_instr f sp (Lcond cond args lbl :: b) rs m + b rs m + +with exec_instrs: function -> val -> + code -> locset -> mem -> + code -> locset -> mem -> Prop := + | exec_refl: + forall f sp b rs m, + exec_instrs f sp b rs m b rs m + | exec_one: + forall f sp b1 rs1 m1 b2 rs2 m2, + exec_instr f sp b1 rs1 m1 b2 rs2 m2 -> + exec_instrs f sp b1 rs1 m1 b2 rs2 m2 + | exec_trans: + forall f sp b1 rs1 m1 b2 rs2 m2 b3 rs3 m3, + exec_instrs f sp b1 rs1 m1 b2 rs2 m2 -> + exec_instrs f sp b2 rs2 m2 b3 rs3 m3 -> + exec_instrs f sp b1 rs1 m1 b3 rs3 m3 + +with exec_function: function -> locset -> mem -> locset -> mem -> Prop := + | exec_funct: + forall f rs m m1 stk rs2 m2 b, + alloc m 0 f.(fn_stacksize) = (m1, stk) -> + exec_instrs f (Vptr stk Int.zero) + f.(fn_code) (call_regs rs) m1 (Lreturn :: b) rs2 m2 -> + exec_function f rs m rs2 (free m2 stk). + +Scheme exec_instr_ind3 := Minimality for exec_instr Sort Prop + with exec_instrs_ind3 := Minimality for exec_instrs Sort Prop + with exec_function_ind3 := Minimality for exec_function Sort Prop. + +End RELSEM. + +Definition exec_program (p: program) (r: val) : Prop := + let ge := Genv.globalenv p in + let m0 := Genv.init_mem p in + exists b, exists f, exists rs, exists m, + Genv.find_symbol ge p.(prog_main) = Some b /\ + Genv.find_funct_ptr ge b = Some f /\ + f.(fn_sig) = mksignature nil (Some Tint) /\ + exec_function ge f (Locmap.init Vundef) m0 rs m /\ + rs (R (Conventions.loc_result f.(fn_sig))) = r. + diff --git a/backend/Linearize.v b/backend/Linearize.v new file mode 100644 index 00000000..af70b0fd --- /dev/null +++ b/backend/Linearize.v @@ -0,0 +1,212 @@ +(** Linearization of the control-flow graph: + translation from LTL to Linear *) + +Require Import Coqlib. +Require Import Maps. +Require Import Sets. +Require Import AST. +Require Import Values. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. +Require Import LTL. +Require Import Linear. +Require Import Kildall. +Require Import Lattice. + +(** To translate from LTL to Linear, we must layout the basic blocks + of the LTL control-flow graph in some linear order, and insert + explicit branches and conditional branches to make sure that + each basic block jumps to its successors as prescribed by the + LTL control-flow graph. However, branches are not necessary + if the fall-through behaviour of Linear instructions already + implements the desired flow of control. For instance, + consider the two LTL basic blocks +<< + L1: Bop op args res (Bgoto L2) + L2: ... +>> + If the blocks [L1] and [L2] are laid out consecutively in the Linear + code, we can generate the following Linear code: +<< + L1: Lop op args res + L2: ... +>> + However, if this is not possible, an explicit [Lgoto] is needed: +<< + L1: Lop op args res + Lgoto L2 + ... + L2: ... +>> + The main challenge in code linearization is therefore to pick a + ``good'' order for the basic blocks that exploits well the + fall-through behavior. Many clever trace picking heuristics + have been developed for this purpose. + + In this file, we present linearization in a way that clearly + separates the heuristic part (choosing an order for the basic blocks) + from the actual code transformation parts. We proceed in three passes: +- Choosing an order for the basic blocks. This returns an enumeration + of CFG nodes stating that the basic blocks must be laid out in + the order shown in the list. +- Generate naive Linear code where each basic block branches explicitly + to its successors, even if one of these successors is the next basic + block. +- Simplify the naive Linear code, removing unconditional branches to + a label that immediately follows: +<< + ... ... + Igoto L1; becomes L1: ... + L1: ... +>> + The beauty of this approach is that correct code is generated + under surprisingly weak hypotheses on the enumeration of + CFG nodes: it suffices that every reachable basic block occurs + exactly once in the enumeration. While the enumeration heuristic we use + is quite trivial, it is easy to implement more sophisticated + trace picking heuristics: as long as they satisfy the property above, + we do not need to re-do the proof of semantic preservation. + The enumeration could even be performed by external, untrusted + Caml code, then verified (for the property above) by certified Coq code. +*) + +(** * Determination of the order of basic blocks *) + +(** We first compute a mapping from CFG nodes to booleans, + indicating whether a CFG basic block is reachable or not. + This computation is a trivial forward dataflow analysis + where the transfer function is the identity: the successors + of a reachable block are reachable, by the very + definition of reachability. *) + +Module DS := Dataflow_Solver(LBoolean). + +Definition reachable_aux (f: LTL.function) : option (PMap.t bool) := + DS.fixpoint + (successors f) + (Psucc f.(fn_entrypoint)) + (fun pc r => r) + ((f.(fn_entrypoint), true) :: nil). + +Definition reachable (f: LTL.function) : PMap.t bool := + match reachable_aux f with + | None => PMap.init true + | Some rs => rs + end. + +(** We then enumerate the nodes of reachable basic blocks. The heuristic + we take is trivial: nodes are enumerated in decreasing numerical + order. Remember that CFG nodes are positive integers, and that + the [RTLgen] pass allocated fresh nodes 1, 2, 3, ..., but generated + instructions in roughly reverse control-flow order: often, + a basic block at label [n] has [n-1] as its only successor. + Therefore, by enumerating reachable nodes in decreasing order, + we recover a reasonable layout of basic blocks that globally respects + the structure of the original Cminor code. *) + +Definition enumerate (f: LTL.function) : list node := + let reach := reachable f in + positive_rec (list node) nil + (fun pc nodes => if reach!!pc then pc :: nodes else nodes) + (Psucc f.(fn_entrypoint)). + +(** * Translation from LTL to Linear *) + +(** We now flatten the structure of the CFG graph, laying out + basic blocks consecutively in the order computed by [enumerate], + and inserting a branch at the end of every basic block. + + For blocks ending in a conditional branch [Bcond cond args s1 s2], + we have two possible translations: +<< + Lcond cond args s1; or Lcond (not cond) args s2; + Lgoto s2 Lgoto s1 +>> + We favour the first translation if [s2] is the label of the + next instruction, and the second if [s1] is the label of the + next instruction, thus exhibiting more opportunities for + fall-through optimization later. *) + +Fixpoint starts_with (lbl: label) (k: code) {struct k} : bool := + match k with + | Llabel lbl' :: k' => if peq lbl lbl' then true else starts_with lbl k' + | _ => false + end. + +Fixpoint linearize_block (b: block) (k: code) {struct b} : code := + match b with + | Bgetstack s r b => + Lgetstack s r :: linearize_block b k + | Bsetstack r s b => + Lsetstack r s :: linearize_block b k + | Bop op args res b => + Lop op args res :: linearize_block b k + | Bload chunk addr args dst b => + Lload chunk addr args dst :: linearize_block b k + | Bstore chunk addr args src b => + Lstore chunk addr args src :: linearize_block b k + | Bcall sig ros b => + Lcall sig ros :: linearize_block b k + | Bgoto s => + Lgoto s :: k + | Bcond cond args s1 s2 => + if starts_with s1 k then + Lcond (negate_condition cond) args s2 :: Lgoto s1 :: k + else + Lcond cond args s1 :: Lgoto s2 :: k + | Breturn => + Lreturn :: k + end. + +(* Linearize a function body according to an enumeration of its + nodes. *) + +Fixpoint linearize_body (f: LTL.function) (enum: list node) + {struct enum} : code := + match enum with + | nil => nil + | pc :: rem => + match f.(LTL.fn_code)!pc with + | None => linearize_body f rem + | Some b => Llabel pc :: linearize_block b (linearize_body f rem) + end + end. + +Definition linearize_function (f: LTL.function) : Linear.function := + mkfunction + (LTL.fn_sig f) + (LTL.fn_stacksize f) + (linearize_body f (enumerate f)). + +(** * Cleanup of the linearized code *) + +(** We now eliminate [Lgoto] instructions that branch to an + immediately following label: these are redundant, as the fall-through + behaviour obtained by removing the [Lgoto] instruction is + semantically equivalent. *) + +Fixpoint cleanup_code (c: code) {struct c} : code := + match c with + | nil => nil + | Lgoto lbl :: c' => + if starts_with lbl c' + then cleanup_code c' + else Lgoto lbl :: cleanup_code c' + | i :: c' => + i :: cleanup_code c' + end. + +Definition cleanup_function (f: Linear.function) : Linear.function := + mkfunction + (fn_sig f) + (fn_stacksize f) + (cleanup_code f.(fn_code)). + +(** * Entry points for code linearization *) + +Definition transf_function (f: LTL.function) : Linear.function := + cleanup_function (linearize_function f). + +Definition transf_program (p: LTL.program) : Linear.program := + transform_program transf_function p. diff --git a/backend/Linearizeproof.v b/backend/Linearizeproof.v new file mode 100644 index 00000000..b80acb4d --- /dev/null +++ b/backend/Linearizeproof.v @@ -0,0 +1,711 @@ +(** Correctness proof for code linearization *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. +Require Import LTL. +Require Import Linear. +Require Import Linearize. +Require Import Lattice. + +Section LINEARIZATION. + +Variable prog: LTL.program. +Let tprog := transf_program prog. + +Let ge := Genv.globalenv prog. +Let tge := Genv.globalenv tprog. + +Lemma functions_translated: + forall v f, + Genv.find_funct ge v = Some f -> + Genv.find_funct tge v = Some (transf_function f). +Proof (@Genv.find_funct_transf _ _ transf_function prog). + +Lemma function_ptr_translated: + forall v f, + Genv.find_funct_ptr ge v = Some f -> + Genv.find_funct_ptr tge v = Some (transf_function f). +Proof (@Genv.find_funct_ptr_transf _ _ transf_function prog). + +Lemma symbols_preserved: + forall id, + Genv.find_symbol tge id = Genv.find_symbol ge id. +Proof (@Genv.find_symbol_transf _ _ transf_function prog). + +(** * Correctness of reachability analysis *) + +(** The entry point of the function is reachable. *) + +Lemma reachable_entrypoint: + forall f, (reachable f)!!(f.(fn_entrypoint)) = true. +Proof. + intros. unfold reachable. + caseEq (reachable_aux f). + unfold reachable_aux; intros reach A. + assert (LBoolean.ge reach!!(f.(fn_entrypoint)) true). + eapply DS.fixpoint_entry. eexact A. auto with coqlib. + unfold LBoolean.ge in H. tauto. + intros. apply PMap.gi. +Qed. + +(** The successors of a reachable basic block are reachable. *) + +Lemma reachable_successors: + forall f pc pc', + f.(LTL.fn_code)!pc <> None -> + In pc' (successors f pc) -> + (reachable f)!!pc = true -> + (reachable f)!!pc' = true. +Proof. + intro f. unfold reachable. + caseEq (reachable_aux f). + unfold reachable_aux. intro reach; intros. + assert (LBoolean.ge reach!!pc' reach!!pc). + change (reach!!pc) with ((fun pc r => r) pc (reach!!pc)). + eapply DS.fixpoint_solution. eexact H. + elim (fn_code_wf f pc); intro. auto. contradiction. + auto. + elim H3; intro. congruence. auto. + intros. apply PMap.gi. +Qed. + +(* If we have a valid LTL transition from [pc] to [pc'], and + [pc] is reachable, then [pc'] is reachable. *) + +Lemma reachable_correct_1: + forall f sp pc rs m pc' rs' m' b, + f.(LTL.fn_code)!pc = Some b -> + exec_block ge sp b rs m (Cont pc') rs' m' -> + (reachable f)!!pc = true -> + (reachable f)!!pc' = true. +Proof. + intros. apply reachable_successors with pc; auto. + congruence. + eapply successors_correct; eauto. +Qed. + +Lemma reachable_correct_2: + forall c sp pc rs m out rs' m', + exec_blocks ge c sp pc rs m out rs' m' -> + forall f pc', + c = f.(LTL.fn_code) -> + out = Cont pc' -> + (reachable f)!!pc = true -> + (reachable f)!!pc' = true. +Proof. + induction 1; intros. + congruence. + eapply reachable_correct_1. rewrite <- H1; eauto. + subst out; eauto. auto. + auto. +Qed. + +(** * Properties of node enumeration *) + +(** An enumeration of CFG nodes is correct if the following conditions hold: +- All nodes for reachable basic blocks must be in the list. +- The function entry point is the first element in the list. +- The list is without repetition (so that no code duplication occurs). + +We prove that our [enumerate] function satisfies all three. *) + +Lemma enumerate_complete: + forall f pc i, + f.(LTL.fn_code)!pc = Some i -> + (reachable f)!!pc = true -> + In pc (enumerate f). +Proof. + intros. + assert (forall p, + Plt p (Psucc f.(fn_entrypoint)) -> + (reachable f)!!p = true -> + In p (enumerate f)). + unfold enumerate. pattern (Psucc (fn_entrypoint f)). + apply positive_Peano_ind. + intros. compute in H1. destruct p; discriminate. + intros. rewrite positive_rec_succ. elim (Plt_succ_inv _ _ H2); intro. + case (reachable f)!!x. apply in_cons. auto. auto. + subst x. rewrite H3. apply in_eq. + elim (LTL.fn_code_wf f pc); intro. auto. congruence. +Qed. + +Lemma enumerate_head: + forall f, exists l, enumerate f = f.(LTL.fn_entrypoint) :: l. +Proof. + intro. unfold enumerate. rewrite positive_rec_succ. + rewrite reachable_entrypoint. + exists (positive_rec (list node) nil + (fun (pc : positive) (nodes : list node) => + if (reachable f) !! pc then pc :: nodes else nodes) + (fn_entrypoint f) ). + auto. +Qed. + +Lemma enumerate_norepet: + forall f, list_norepet (enumerate f). +Proof. + intro. + unfold enumerate. pattern (Psucc (fn_entrypoint f)). + apply positive_Peano_ind. + rewrite positive_rec_base. constructor. + intros. rewrite positive_rec_succ. + case (reachable f)!!x. auto. + constructor. + assert (forall y, + In y (positive_rec + (list node) nil + (fun (pc : positive) (nodes : list node) => + if (reachable f) !! pc then pc :: nodes else nodes) x) -> + Plt y x). + pattern x. apply positive_Peano_ind. + rewrite positive_rec_base. intros. elim H0. + intros until y. rewrite positive_rec_succ. + case (reachable f)!!x0. + simpl. intros [A|B]. + subst x0. apply Plt_succ. + apply Plt_trans_succ. auto. + intro. apply Plt_trans_succ. auto. + red; intro. generalize (H0 x H1). exact (Plt_strict x). auto. + auto. +Qed. + +(** * Correctness of the cleanup pass *) + +(** If labels are globally unique and the Linear code [c] contains + a subsequence [Llabel lbl :: c1], [find_label lbl c] returns [c1]. +*) + +Fixpoint unique_labels (c: code) : Prop := + match c with + | nil => True + | Llabel lbl :: c => ~(In (Llabel lbl) c) /\ unique_labels c + | i :: c => unique_labels c + end. + +Inductive is_tail: code -> code -> Prop := + | is_tail_refl: + forall c, is_tail c c + | is_tail_cons: + forall i c1 c2, is_tail c1 c2 -> is_tail c1 (i :: c2). + +Lemma is_tail_in: + forall i c1 c2, is_tail (i :: c1) c2 -> In i c2. +Proof. + induction c2; simpl; intros. + inversion H. + inversion H. tauto. right; auto. +Qed. + +Lemma is_tail_cons_left: + forall i c1 c2, is_tail (i :: c1) c2 -> is_tail c1 c2. +Proof. + induction c2; intros; inversion H. + constructor. constructor. constructor. auto. +Qed. + +Lemma find_label_unique: + forall lbl c1 c2 c3, + is_tail (Llabel lbl :: c1) c2 -> + unique_labels c2 -> + find_label lbl c2 = Some c3 -> + c1 = c3. +Proof. + induction c2. + simpl; intros; discriminate. + intros c3 TAIL UNIQ. simpl. + generalize (is_label_correct lbl a). case (is_label lbl a); intro ISLBL. + subst a. intro. inversion TAIL. congruence. + elim UNIQ; intros. elim H4. apply is_tail_in with c1; auto. + inversion TAIL. congruence. apply IHc2. auto. + destruct a; simpl in UNIQ; tauto. +Qed. + +(** Correctness of the [starts_with] test. *) + +Lemma starts_with_correct: + forall lbl c1 c2 c3 f sp ls m, + is_tail c1 c2 -> + unique_labels c2 -> + starts_with lbl c1 = true -> + find_label lbl c2 = Some c3 -> + exec_instrs tge f sp (cleanup_code c1) ls m + (cleanup_code c3) ls m. +Proof. + induction c1. + simpl; intros; discriminate. + simpl starts_with. destruct a; try (intros; discriminate). + intros. apply exec_trans with (cleanup_code c1) ls m. + simpl. + constructor. constructor. + destruct (peq lbl l). + subst l. replace c3 with c1. constructor. + apply find_label_unique with lbl c2; auto. + apply IHc1 with c2; auto. eapply is_tail_cons_left; eauto. +Qed. + +(** Code cleanup preserves the labeling of the code. *) + +Lemma find_label_cleanup_code: + forall lbl c c', + find_label lbl c = Some c' -> + find_label lbl (cleanup_code c) = Some (cleanup_code c'). +Proof. + induction c. + simpl. intros; discriminate. + generalize (is_label_correct lbl a). + simpl find_label. case (is_label lbl a); intro. + subst a. intros. injection H; intros. subst c'. + simpl. rewrite peq_true. auto. + intros. destruct a; auto. + simpl. rewrite peq_false. auto. + congruence. + case (starts_with l c). auto. simpl. auto. +Qed. + +(** One transition in the original Linear code corresponds to zero + or one transitions in the cleaned-up code. *) + +Lemma cleanup_code_correct_1: + forall f sp c1 ls1 m1 c2 ls2 m2, + exec_instr tge f sp c1 ls1 m1 c2 ls2 m2 -> + is_tail c1 f.(fn_code) -> + unique_labels f.(fn_code) -> + exec_instrs tge (cleanup_function f) sp + (cleanup_code c1) ls1 m1 + (cleanup_code c2) ls2 m2. +Proof. + induction 1; simpl; intros; + try (apply exec_one; econstructor; eauto; fail). + (* goto *) + caseEq (starts_with lbl b); intro SW. + eapply starts_with_correct; eauto. + eapply is_tail_cons_left; eauto. + constructor. constructor. + unfold cleanup_function; simpl. + apply find_label_cleanup_code. auto. + (* cond, taken *) + constructor. apply exec_Lcond_true. auto. + unfold cleanup_function; simpl. + apply find_label_cleanup_code. auto. + (* cond, not taken *) + constructor. apply exec_Lcond_false. auto. +Qed. + +Lemma is_tail_find_label: + forall lbl c2 c1, + find_label lbl c1 = Some c2 -> is_tail c2 c1. +Proof. + induction c1; simpl. + intros; discriminate. + case (is_label lbl a). intro. injection H; intro. subst c2. + constructor. constructor. + intro. constructor. auto. +Qed. + +Lemma is_tail_exec_instr: + forall f sp c1 ls1 m1 c2 ls2 m2, + exec_instr tge f sp c1 ls1 m1 c2 ls2 m2 -> + is_tail c1 f.(fn_code) -> is_tail c2 f.(fn_code). +Proof. + induction 1; intros; + try (eapply is_tail_cons_left; eauto; fail). + eapply is_tail_find_label; eauto. + eapply is_tail_find_label; eauto. +Qed. + +Lemma is_tail_exec_instrs: + forall f sp c1 ls1 m1 c2 ls2 m2, + exec_instrs tge f sp c1 ls1 m1 c2 ls2 m2 -> + is_tail c1 f.(fn_code) -> is_tail c2 f.(fn_code). +Proof. + induction 1; intros. + auto. + eapply is_tail_exec_instr; eauto. + auto. +Qed. + +(** Zero, one or several transitions in the original Linear code correspond + to zero, one or several transitions in the cleaned-up code. *) + +Lemma cleanup_code_correct_2: + forall f sp c1 ls1 m1 c2 ls2 m2, + exec_instrs tge f sp c1 ls1 m1 c2 ls2 m2 -> + is_tail c1 f.(fn_code) -> + unique_labels f.(fn_code) -> + exec_instrs tge (cleanup_function f) sp + (cleanup_code c1) ls1 m1 + (cleanup_code c2) ls2 m2. +Proof. + induction 1; simpl; intros. + apply exec_refl. + eapply cleanup_code_correct_1; eauto. + apply exec_trans with (cleanup_code b2) rs2 m2. + auto. + apply IHexec_instrs2; auto. + eapply is_tail_exec_instrs; eauto. +Qed. + +Lemma cleanup_function_correct: + forall f ls1 m1 ls2 m2, + exec_function tge f ls1 m1 ls2 m2 -> + unique_labels f.(fn_code) -> + exec_function tge (cleanup_function f) ls1 m1 ls2 m2. +Proof. + induction 1; intro. + generalize (cleanup_code_correct_2 _ _ _ _ _ _ _ _ H0 (is_tail_refl _) H1). + simpl. intro. + econstructor; eauto. +Qed. + +(** * Properties of linearized code *) + +(** We now state useful properties of the Linear code generated by + the naive LTL-to-Linear translation. *) + +(** Connection between [find_label] and linearization. *) + +Lemma find_label_lin_block: + forall lbl k b, + find_label lbl (linearize_block b k) = find_label lbl k. +Proof. + induction b; simpl; auto. + case (starts_with n k); reflexivity. +Qed. + +Lemma find_label_lin_rec: + forall f enum pc b, + In pc enum -> + f.(LTL.fn_code)!pc = Some b -> + exists k, + find_label pc (linearize_body f enum) = Some (linearize_block b k). +Proof. + induction enum; intros. + elim H. + case (peq a pc); intro. + subst a. exists (linearize_body f enum). + simpl. rewrite H0. simpl. rewrite peq_true. auto. + assert (In pc enum). simpl in H. tauto. + elim (IHenum pc b H1 H0). intros k FIND. + exists k. simpl. destruct (LTL.fn_code f)!a. + simpl. rewrite peq_false. rewrite find_label_lin_block. auto. auto. + auto. +Qed. + +Lemma find_label_lin: + forall f pc b, + f.(LTL.fn_code)!pc = Some b -> + (reachable f)!!pc = true -> + exists k, + find_label pc (fn_code (linearize_function f)) = Some (linearize_block b k). +Proof. + intros. unfold linearize_function; simpl. apply find_label_lin_rec. + eapply enumerate_complete; eauto. auto. +Qed. + +(** Unique label property for linearized code. *) + +Lemma label_in_lin_block: + forall lbl k b, + In (Llabel lbl) (linearize_block b k) -> In (Llabel lbl) k. +Proof. + induction b; simpl; try (intuition congruence). + case (starts_with n k); simpl; intuition congruence. +Qed. + +Lemma label_in_lin_rec: + forall f lbl enum, + In (Llabel lbl) (linearize_body f enum) -> In lbl enum. +Proof. + induction enum. + simpl; auto. + simpl. destruct (LTL.fn_code f)!a. + simpl. intros [A|B]. left; congruence. + right. apply IHenum. eapply label_in_lin_block; eauto. + intro; right; auto. +Qed. + +Lemma unique_labels_lin_block: + forall k b, + unique_labels k -> unique_labels (linearize_block b k). +Proof. + induction b; simpl; auto. + case (starts_with n k); simpl; auto. +Qed. + +Lemma unique_labels_lin_rec: + forall f enum, + list_norepet enum -> + unique_labels (linearize_body f enum). +Proof. + induction enum. + simpl; auto. + intro. simpl. destruct (LTL.fn_code f)!a. + simpl. split. red. intro. inversion H. elim H3. + apply label_in_lin_rec with f. + apply label_in_lin_block with b. auto. + apply unique_labels_lin_block. apply IHenum. inversion H; auto. + apply IHenum. inversion H; auto. +Qed. + +Lemma unique_labels_lin_function: + forall f, + unique_labels (fn_code (linearize_function f)). +Proof. + intros. unfold linearize_function; simpl. + apply unique_labels_lin_rec. apply enumerate_norepet. +Qed. + +(** * Correctness of linearization *) + +(** The outcome of an LTL [exec_block] or [exec_blocks] execution + is valid if it corresponds to a reachable, existing basic block. + All outcomes occurring in an LTL program execution are actually + valid, but we will prove that along with the main simulation proof. *) + +Definition valid_outcome (f: LTL.function) (out: outcome) := + match out with + | Cont s => + (reachable f)!!s = true /\ exists b, f.(LTL.fn_code)!s = Some b + | Return => True + end. + +(** Auxiliary lemma used to establish the [valid_outcome] property. *) + +Lemma exec_blocks_valid_outcome: + forall c sp pc ls1 m1 out ls2 m2, + exec_blocks ge c sp pc ls1 m1 out ls2 m2 -> + forall f, + c = f.(LTL.fn_code) -> + (reachable f)!!pc = true -> + valid_outcome f out -> + valid_outcome f (Cont pc). +Proof. + induction 1. + auto. + intros. simpl. split. auto. exists b. congruence. + intros. apply IHexec_blocks1. auto. auto. + apply IHexec_blocks2. auto. + eapply reachable_correct_2. eexact H. auto. auto. auto. + auto. +Qed. + +(** Correspondence between an LTL outcome and a fragment of generated + Linear code. *) + +Inductive cont_for_outcome: LTL.function -> outcome -> code -> Prop := + | co_return: + forall f k, + cont_for_outcome f Return (Lreturn :: k) + | co_goto: + forall f s k, + find_label s (linearize_function f).(fn_code) = Some k -> + cont_for_outcome f (Cont s) k. + +(** The simulation properties used in the inductive proof. + They are parameterized by an LTL execution, and state + that a matching execution is possible in the generated Linear code. *) + +Definition exec_instr_prop + (sp: val) (b1: block) (ls1: locset) (m1: mem) + (b2: block) (ls2: locset) (m2: mem) : Prop := + forall f k, + exec_instr tge (linearize_function f) sp + (linearize_block b1 k) ls1 m1 + (linearize_block b2 k) ls2 m2. + +Definition exec_instrs_prop + (sp: val) (b1: block) (ls1: locset) (m1: mem) + (b2: block) (ls2: locset) (m2: mem) : Prop := + forall f k, + exec_instrs tge (linearize_function f) sp + (linearize_block b1 k) ls1 m1 + (linearize_block b2 k) ls2 m2. + +Definition exec_block_prop + (sp: val) (b: block) (ls1: locset) (m1: mem) + (out: outcome) (ls2: locset) (m2: mem): Prop := + forall f k, + valid_outcome f out -> + exists k', + exec_instrs tge (linearize_function f) sp + (linearize_block b k) ls1 m1 + k' ls2 m2 + /\ cont_for_outcome f out k'. + +Definition exec_blocks_prop + (c: LTL.code) (sp: val) (pc: node) (ls1: locset) (m1: mem) + (out: outcome) (ls2: locset) (m2: mem): Prop := + forall f k, + c = f.(LTL.fn_code) -> + (reachable f)!!pc = true -> + find_label pc (fn_code (linearize_function f)) = Some k -> + valid_outcome f out -> + exists k', + exec_instrs tge (linearize_function f) sp + k ls1 m1 + k' ls2 m2 + /\ cont_for_outcome f out k'. + +Definition exec_function_prop + (f: LTL.function) (ls1: locset) (m1: mem) (ls2: locset) (m2: mem): Prop := + exec_function tge (transf_function f) ls1 m1 ls2 m2. + +Scheme exec_instr_ind5 := Minimality for LTL.exec_instr Sort Prop + with exec_instrs_ind5 := Minimality for LTL.exec_instrs Sort Prop + with exec_block_ind5 := Minimality for LTL.exec_block Sort Prop + with exec_blocks_ind5 := Minimality for LTL.exec_blocks Sort Prop + with exec_function_ind5 := Minimality for LTL.exec_function Sort Prop. + +(** The obligatory proof by structural induction on the LTL evaluation + derivation. *) + +Lemma transf_function_correct: + forall f ls1 m1 ls2 m2, + LTL.exec_function ge f ls1 m1 ls2 m2 -> + exec_function_prop f ls1 m1 ls2 m2. +Proof. + apply (exec_function_ind5 ge + exec_instr_prop + exec_instrs_prop + exec_block_prop + exec_blocks_prop + exec_function_prop); + intros; red; intros; simpl. + (* getstack *) + constructor. + (* setstack *) + constructor. + (* op *) + constructor. rewrite <- H. apply eval_operation_preserved. + exact symbols_preserved. + (* load *) + apply exec_Lload with a. + rewrite <- H. apply eval_addressing_preserved. + exact symbols_preserved. + auto. + (* store *) + apply exec_Lstore with a. + rewrite <- H. apply eval_addressing_preserved. + exact symbols_preserved. + auto. + (* call *) + apply exec_Lcall with (transf_function f). + generalize H. destruct ros; simpl. + intro; apply functions_translated; auto. + rewrite symbols_preserved. destruct (Genv.find_symbol ge i). + intro; apply function_ptr_translated; auto. congruence. + rewrite H0; reflexivity. + apply H2. + (* instr_refl *) + apply exec_refl. + (* instr_one *) + apply exec_one. apply H0. + (* instr_trans *) + apply exec_trans with (linearize_block b2 k) rs2 m2. + apply H0. apply H2. + (* goto *) + elim H1. intros REACH [b2 AT2]. + generalize (H0 f k). simpl. intro. + elim (find_label_lin f s b2 AT2 REACH). intros k2 FIND. + exists (linearize_block b2 k2). + split. + eapply exec_trans. eexact H2. constructor. constructor. auto. + constructor. auto. + (* cond, true *) + elim H2. intros REACH [b2 AT2]. + elim (find_label_lin f ifso b2 AT2 REACH). intros k2 FIND. + exists (linearize_block b2 k2). + split. + generalize (H0 f k). simpl. + case (starts_with ifso k); intro. + eapply exec_trans. eexact H3. + eapply exec_trans. apply exec_one. apply exec_Lcond_false. + change false with (negb true). apply eval_negate_condition. auto. + apply exec_one. apply exec_Lgoto. auto. + eapply exec_trans. eexact H3. + apply exec_one. apply exec_Lcond_true. + auto. auto. + constructor; auto. + (* cond, false *) + elim H2. intros REACH [b2 AT2]. + elim (find_label_lin f ifnot b2 AT2 REACH). intros k2 FIND. + exists (linearize_block b2 k2). + split. + generalize (H0 f k). simpl. + case (starts_with ifso k); intro. + eapply exec_trans. eexact H3. + apply exec_one. apply exec_Lcond_true. + change true with (negb false). apply eval_negate_condition. auto. + auto. + eapply exec_trans. eexact H3. + eapply exec_trans. apply exec_one. apply exec_Lcond_false. auto. + apply exec_one. apply exec_Lgoto. auto. + constructor; auto. + (* return *) + exists (Lreturn :: k). split. + exact (H0 f k). constructor. + (* refl blocks *) + exists k. split. apply exec_refl. constructor. auto. + (* one blocks *) + subst c. elim (find_label_lin f pc b H H3). intros k' FIND. + assert (k = linearize_block b k'). congruence. subst k. + elim (H1 f k' H5). intros k'' [EXEC CFO]. + exists k''. tauto. + (* trans blocks *) + assert ((reachable f)!!pc2 = true). + eapply reachable_correct_2. eexact H. auto. auto. auto. + assert (valid_outcome f (Cont pc2)). + eapply exec_blocks_valid_outcome; eauto. + generalize (H0 f k H3 H4 H5 H8). intros [k1 [EX1 CFO2]]. + inversion CFO2. + generalize (H2 f k1 H3 H7 H11 H6). intros [k2 [EX2 CFO3]]. + exists k2. split. eapply exec_trans; eauto. auto. + (* function -- TA-DA! *) + assert (REACH0: (reachable f)!!(fn_entrypoint f) = true). + apply reachable_entrypoint. + assert (VO2: valid_outcome f Return). simpl; auto. + assert (VO1: valid_outcome f (Cont (fn_entrypoint f))). + eapply exec_blocks_valid_outcome; eauto. + assert (exists k, fn_code (linearize_function f) = Llabel f.(fn_entrypoint) :: k). + unfold linearize_function; simpl. + elim (enumerate_head f). intros tl EN. rewrite EN. + simpl. elim VO1. intros REACH [b EQ]. rewrite EQ. + exists (linearize_block b (linearize_body f tl)). auto. + elim H2; intros k EQ. + assert (find_label (fn_entrypoint f) (fn_code (linearize_function f)) = + Some k). + rewrite EQ. simpl. rewrite peq_true. auto. + generalize (H1 f k (refl_equal _) REACH0 H3 VO2). + intros [k' [EX CO]]. + inversion CO. subst k'. + unfold transf_function. apply cleanup_function_correct. + econstructor. eauto. rewrite EQ. eapply exec_trans. + apply exec_one. constructor. eauto. + apply unique_labels_lin_function. +Qed. + +End LINEARIZATION. + +Theorem transf_program_correct: + forall (p: LTL.program) (r: val), + LTL.exec_program p r -> + Linear.exec_program (transf_program p) r. +Proof. + intros p r [b [f [ls [m [FIND1 [FIND2 [SIG [EX RES]]]]]]]]. + red. exists b; exists (transf_function f); exists ls; exists m. + split. change (prog_main (transf_program p)) with (prog_main p). + rewrite symbols_preserved; auto. + split. apply function_ptr_translated. auto. + split. auto. + split. apply transf_function_correct. + unfold transf_program. rewrite Genv.init_mem_transf. auto. + exact RES. +Qed. + diff --git a/backend/Linearizetyping.v b/backend/Linearizetyping.v new file mode 100644 index 00000000..6cebca8d --- /dev/null +++ b/backend/Linearizetyping.v @@ -0,0 +1,340 @@ +(** Type preservation for the Linearize pass *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Op. +Require Import Locations. +Require Import LTL. +Require Import Linear. +Require Import Linearize. +Require Import LTLtyping. +Require Import Lineartyping. +Require Import Conventions. + +(** * Validity of resource bounds *) + +(** In this section, we show that the resource bounds computed by + [function_bounds] are valid: all references to callee-save registers + and stack slots in the code of the function are within those bounds. *) + +Section BOUNDS. + +Variable f: Linear.function. +Let b := function_bounds f. + +Lemma max_over_list_bound: + forall (A: Set) (valu: A -> Z) (l: list A) (x: A), + In x l -> valu x <= max_over_list A valu l. +Proof. + intros until x. unfold max_over_list. + assert (forall c z, + let f := fold_left (fun x y => Zmax x (valu y)) c z in + z <= f /\ (In x c -> valu x <= f)). + induction c; simpl; intros. + split. omega. tauto. + elim (IHc (Zmax z (valu a))); intros. + split. apply Zle_trans with (Zmax z (valu a)). apply Zmax1. auto. + intro H1; elim H1; intro. + subst a. apply Zle_trans with (Zmax z (valu x)). + apply Zmax2. auto. auto. + intro. elim (H l 0); intros. auto. +Qed. + +Lemma max_over_instrs_bound: + forall (valu: instruction -> Z) i, + In i f.(fn_code) -> valu i <= max_over_instrs f valu. +Proof. + intros. unfold max_over_instrs. apply max_over_list_bound; auto. +Qed. + +Lemma max_over_regs_of_funct_bound: + forall (valu: mreg -> Z) i r, + In i f.(fn_code) -> In r (regs_of_instr i) -> + valu r <= max_over_regs_of_funct f valu. +Proof. + intros. unfold max_over_regs_of_funct. + apply Zle_trans with (max_over_regs_of_instr valu i). + unfold max_over_regs_of_instr. apply max_over_list_bound. auto. + apply max_over_instrs_bound. auto. +Qed. + +Lemma max_over_slots_of_funct_bound: + forall (valu: slot -> Z) i s, + In i f.(fn_code) -> In s (slots_of_instr i) -> + valu s <= max_over_slots_of_funct f valu. +Proof. + intros. unfold max_over_slots_of_funct. + apply Zle_trans with (max_over_slots_of_instr valu i). + unfold max_over_slots_of_instr. apply max_over_list_bound. auto. + apply max_over_instrs_bound. auto. +Qed. + +Lemma int_callee_save_bound: + forall i r, + In i f.(fn_code) -> In r (regs_of_instr i) -> + index_int_callee_save r < bound_int_callee_save b. +Proof. + intros. apply Zlt_le_trans with (int_callee_save r). + unfold int_callee_save. omega. + unfold b, function_bounds, bound_int_callee_save. + eapply max_over_regs_of_funct_bound; eauto. +Qed. + +Lemma float_callee_save_bound: + forall i r, + In i f.(fn_code) -> In r (regs_of_instr i) -> + index_float_callee_save r < bound_float_callee_save b. +Proof. + intros. apply Zlt_le_trans with (float_callee_save r). + unfold float_callee_save. omega. + unfold b, function_bounds, bound_float_callee_save. + eapply max_over_regs_of_funct_bound; eauto. +Qed. + +Lemma int_local_slot_bound: + forall i ofs, + In i f.(fn_code) -> In (Local ofs Tint) (slots_of_instr i) -> + ofs < bound_int_local b. +Proof. + intros. apply Zlt_le_trans with (int_local (Local ofs Tint)). + unfold int_local. omega. + unfold b, function_bounds, bound_int_local. + eapply max_over_slots_of_funct_bound; eauto. +Qed. + +Lemma float_local_slot_bound: + forall i ofs, + In i f.(fn_code) -> In (Local ofs Tfloat) (slots_of_instr i) -> + ofs < bound_float_local b. +Proof. + intros. apply Zlt_le_trans with (float_local (Local ofs Tfloat)). + unfold float_local. omega. + unfold b, function_bounds, bound_float_local. + eapply max_over_slots_of_funct_bound; eauto. +Qed. + +Lemma outgoing_slot_bound: + forall i ofs ty, + In i f.(fn_code) -> In (Outgoing ofs ty) (slots_of_instr i) -> + ofs + typesize ty <= bound_outgoing b. +Proof. + intros. change (ofs + typesize ty) with (outgoing_slot (Outgoing ofs ty)). + unfold b, function_bounds, bound_outgoing. + apply Zmax_bound_r. apply Zmax_bound_r. + eapply max_over_slots_of_funct_bound; eauto. +Qed. + +Lemma size_arguments_bound: + forall sig ros, + In (Lcall sig ros) f.(fn_code) -> + size_arguments sig <= bound_outgoing b. +Proof. + intros. change (size_arguments sig) with (outgoing_space (Lcall sig ros)). + unfold b, function_bounds, bound_outgoing. + apply Zmax_bound_r. apply Zmax_bound_l. + apply max_over_instrs_bound; auto. +Qed. + +End BOUNDS. + +(** Consequently, all machine registers or stack slots mentioned by one + of the instructions of function [f] are within bounds. *) + +Lemma mreg_is_bounded: + forall f i r, + In i f.(fn_code) -> In r (regs_of_instr i) -> + mreg_bounded f r. +Proof. + intros. unfold mreg_bounded. + case (mreg_type r). + eapply int_callee_save_bound; eauto. + eapply float_callee_save_bound; eauto. +Qed. + +Lemma slot_is_bounded: + forall f i s, + In i (transf_function f).(fn_code) -> In s (slots_of_instr i) -> + LTLtyping.slot_bounded f s -> + slot_bounded (transf_function f) s. +Proof. + intros. unfold slot_bounded. + destruct s. + destruct t. + split. exact H1. eapply int_local_slot_bound; eauto. + split. exact H1. eapply float_local_slot_bound; eauto. + unfold linearize_function; simpl. exact H1. + split. exact H1. eapply outgoing_slot_bound; eauto. +Qed. + +(** * Conservation property of the cleanup pass *) + +(** We show that the cleanup pass only deletes some [Lgoto] instructions: + all other instructions present in the output of naive linearization + are in the cleaned-up code, and all instructions in the cleaned-up code + are in the output of naive linearization. *) + +Lemma cleanup_code_conservation: + forall i, + match i with Lgoto _ => False | _ => True end -> + forall c, + In i c -> In i (cleanup_code c). +Proof. + induction c; simpl. + auto. + intro. + assert (In i (a :: cleanup_code c)). + elim H0; intro. subst i. auto with coqlib. + apply in_cons. auto. + destruct a; auto. + assert (In i (cleanup_code c)). + elim H1; intro. subst i. contradiction. auto. + case (starts_with l c). auto. apply in_cons; auto. +Qed. + +Lemma cleanup_function_conservation: + forall f i, + In i (linearize_function f).(fn_code) -> + match i with Lgoto _ => False | _ => True end -> + In i (transf_function f).(fn_code). +Proof. + intros. unfold transf_function. unfold cleanup_function. + simpl. simpl in H0. eapply cleanup_code_conservation; eauto. +Qed. + +Lemma cleanup_code_conservation_2: + forall i c, In i (cleanup_code c) -> In i c. +Proof. + induction c; simpl. + auto. + assert (In i (a :: cleanup_code c) -> a = i \/ In i c). + intro. elim H; tauto. + destruct a; auto. + case (starts_with l c). auto. auto. +Qed. + +Lemma cleanup_function_conservation_2: + forall f i, + In i (transf_function f).(fn_code) -> + In i (linearize_function f).(fn_code). +Proof. + simpl. intros. eapply cleanup_code_conservation_2; eauto. +Qed. + +(** * Type preservation for the linearization pass *) + +Lemma linearize_block_incl: + forall k b, incl k (linearize_block b k). +Proof. + induction b; simpl; auto with coqlib. + case (starts_with n k); auto with coqlib. +Qed. + +Lemma wt_linearize_block: + forall f k, + (forall i, In i k -> wt_instr (transf_function f) i) -> + forall b i, + wt_block f b -> + incl (linearize_block b k) (linearize_function f).(fn_code) -> + In i (linearize_block b k) -> wt_instr (transf_function f) i. +Proof. + induction b; simpl; intros; + try (generalize (cleanup_function_conservation + _ _ (H1 _ (in_eq _ _)) I)); + inversion H0; + try (elim H2; intro; [subst i|eauto with coqlib]); + intros. + (* getstack *) + constructor. auto. eapply slot_is_bounded; eauto. + simpl; auto with coqlib. + eapply mreg_is_bounded; eauto. + simpl; auto with coqlib. + (* setstack *) + constructor. auto. auto. + eapply slot_is_bounded; eauto. + simpl; auto with coqlib. + (* move *) + subst o; subst l. constructor. auto. + eapply mreg_is_bounded; eauto. + simpl; auto with coqlib. + (* undef *) + subst o; subst l. constructor. + eapply mreg_is_bounded; eauto. + simpl; auto with coqlib. + (* other ops *) + constructor; auto. + eapply mreg_is_bounded; eauto. + simpl; auto with coqlib. + (* load *) + constructor; auto. + eapply mreg_is_bounded; eauto. + simpl; auto with coqlib. + (* store *) + constructor; auto. + (* call *) + constructor; auto. + eapply size_arguments_bound; eauto. + (* goto *) + constructor. + (* cond *) + destruct (starts_with n k). + elim H2; intro. + subst i. constructor. + rewrite H4. destruct c; reflexivity. + elim H8; intro. + subst i. constructor. + eauto with coqlib. + elim H2; intro. + subst i. constructor. auto. + elim H8; intro. + subst i. constructor. + eauto with coqlib. + (* return *) + constructor. +Qed. + +Lemma wt_linearize_body: + forall f, + LTLtyping.wt_function f -> + forall enum i, + incl (linearize_body f enum) (linearize_function f).(fn_code) -> + In i (linearize_body f enum) -> wt_instr (transf_function f) i. +Proof. + induction enum. + simpl; intros; contradiction. + intro i. simpl. + caseEq (LTL.fn_code f)!a. intros b EQ INCL IN. + elim IN; intro. subst i; constructor. + apply wt_linearize_block with (linearize_body f enum) b. + intros; apply IHenum. + apply incl_tran with (linearize_block b (linearize_body f enum)). + apply linearize_block_incl. + eauto with coqlib. + auto. + eapply H; eauto. + eauto with coqlib. auto. + auto. +Qed. + +Lemma wt_transf_function: + forall f, + LTLtyping.wt_function f -> + wt_function (transf_function f). +Proof. + intros; red; intros. + apply wt_linearize_body with (enumerate f); auto. + simpl. apply incl_refl. + apply cleanup_function_conservation_2; auto. +Qed. + +Lemma program_typing_preserved: + forall (p: LTL.program), + LTLtyping.wt_program p -> + Lineartyping.wt_program (transf_program p). +Proof. + intros; red; intros. + generalize (transform_program_function transf_function p i f H0). + intros [f0 [IN TR]]. + subst f. apply wt_transf_function; auto. + apply (H i f0 IN). +Qed. diff --git a/backend/Lineartyping.v b/backend/Lineartyping.v new file mode 100644 index 00000000..0b13b40a --- /dev/null +++ b/backend/Lineartyping.v @@ -0,0 +1,254 @@ +(** Typing rules and computation of stack bounds for Linear. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Op. +Require Import RTL. +Require Import Locations. +Require Import Linear. +Require Import Conventions. + +(** * Resource bounds for a function *) + +(** The [bounds] record capture how many local and outgoing stack slots + and callee-save registers are used by a function. *) + +Record bounds : Set := mkbounds { + bound_int_local: Z; + bound_float_local: Z; + bound_int_callee_save: Z; + bound_float_callee_save: Z; + bound_outgoing: Z +}. + +(** The resource bounds for a function are computed by a linear scan + of its instructions. *) + +Section BOUNDS. + +Variable f: function. + +Definition regs_of_instr (i: instruction) : list mreg := + match i with + | Lgetstack s r => r :: nil + | Lsetstack r s => r :: nil + | Lop op args res => res :: args + | Lload chunk addr args dst => dst :: args + | Lstore chunk addr args src => src :: args + | Lcall sig (inl fn) => fn :: nil + | Lcall sig (inr _) => nil + | Llabel lbl => nil + | Lgoto lbl => nil + | Lcond cond args lbl => args + | Lreturn => nil + end. + +Definition slots_of_instr (i: instruction) : list slot := + match i with + | Lgetstack s r => s :: nil + | Lsetstack r s => s :: nil + | _ => nil + end. + +Definition max_over_list (A: Set) (valu: A -> Z) (l: list A) : Z := + List.fold_left (fun m l => Zmax m (valu l)) l 0. + +Definition max_over_instrs (valu: instruction -> Z) : Z := + max_over_list instruction valu f.(fn_code). + +Definition max_over_regs_of_instr (valu: mreg -> Z) (i: instruction) : Z := + max_over_list mreg valu (regs_of_instr i). + +Definition max_over_slots_of_instr (valu: slot -> Z) (i: instruction) : Z := + max_over_list slot valu (slots_of_instr i). + +Definition max_over_regs_of_funct (valu: mreg -> Z) : Z := + max_over_instrs (max_over_regs_of_instr valu). + +Definition max_over_slots_of_funct (valu: slot -> Z) : Z := + max_over_instrs (max_over_slots_of_instr valu). + +Definition int_callee_save (r: mreg) := 1 + index_int_callee_save r. + +Definition float_callee_save (r: mreg) := 1 + index_float_callee_save r. + +Definition int_local (s: slot) := + match s with Local ofs Tint => 1 + ofs | _ => 0 end. + +Definition float_local (s: slot) := + match s with Local ofs Tfloat => 1 + ofs | _ => 0 end. + +Definition outgoing_slot (s: slot) := + match s with Outgoing ofs ty => ofs + typesize ty | _ => 0 end. + +Definition outgoing_space (i: instruction) := + match i with Lcall sig _ => size_arguments sig | _ => 0 end. + +Definition function_bounds := + mkbounds + (max_over_slots_of_funct int_local) + (max_over_slots_of_funct float_local) + (max_over_regs_of_funct int_callee_save) + (max_over_regs_of_funct float_callee_save) + (Zmax 6 + (Zmax (max_over_instrs outgoing_space) + (max_over_slots_of_funct outgoing_slot))). + +(** We show that bounds computed by [function_bounds] are all positive + or null, and moreiver [bound_outgoing] is greater or equal to 6. + These properties are used later to reason about the layout of + the activation record. *) + +Lemma max_over_list_pos: + forall (A: Set) (valu: A -> Z) (l: list A), + max_over_list A valu l >= 0. +Proof. + intros until valu. unfold max_over_list. + assert (forall l z, fold_left (fun x y => Zmax x (valu y)) l z >= z). + induction l; simpl; intros. + omega. apply Zge_trans with (Zmax z (valu a)). + auto. apply Zle_ge. apply Zmax1. auto. +Qed. + +Lemma max_over_slots_of_funct_pos: + forall (valu: slot -> Z), max_over_slots_of_funct valu >= 0. +Proof. + intros. unfold max_over_slots_of_funct. + unfold max_over_instrs. apply max_over_list_pos. +Qed. + +Lemma max_over_regs_of_funct_pos: + forall (valu: mreg -> Z), max_over_regs_of_funct valu >= 0. +Proof. + intros. unfold max_over_regs_of_funct. + unfold max_over_instrs. apply max_over_list_pos. +Qed. + +Lemma bound_int_local_pos: + bound_int_local function_bounds >= 0. +Proof. + simpl. apply max_over_slots_of_funct_pos. +Qed. + +Lemma bound_float_local_pos: + bound_float_local function_bounds >= 0. +Proof. + simpl. apply max_over_slots_of_funct_pos. +Qed. + +Lemma bound_int_callee_save_pos: + bound_int_callee_save function_bounds >= 0. +Proof. + simpl. apply max_over_regs_of_funct_pos. +Qed. + +Lemma bound_float_callee_save_pos: + bound_float_callee_save function_bounds >= 0. +Proof. + simpl. apply max_over_regs_of_funct_pos. +Qed. + +Lemma bound_outgoing_pos: + bound_outgoing function_bounds >= 6. +Proof. + simpl. apply Zle_ge. apply Zmax_bound_l. omega. +Qed. + +End BOUNDS. + +(** * Typing rules for Linear *) + +(** The typing rules for Linear are similar to those for LTL: we check + that instructions receive the right number of arguments, + and that the types of the argument and result registers agree + with what the instruction expects. Moreover, we state that references + to callee-save registers and to stack slots are within the bounds + computed by [function_bounds]. This is true by construction of + [function_bounds], and is proved in [Linearizetyping], but it + is convenient to integrate this property within the typing judgement. +*) + +Section WT_INSTR. + +Variable funct: function. +Let b := function_bounds funct. + +Definition mreg_bounded (r: mreg) := + match mreg_type r with + | Tint => index_int_callee_save r < bound_int_callee_save b + | Tfloat => index_float_callee_save r < bound_float_callee_save b + end. + +Definition slot_bounded (s: slot) := + match s with + | Local ofs Tint => 0 <= ofs < bound_int_local b + | Local ofs Tfloat => 0 <= ofs < bound_float_local b + | Outgoing ofs ty => 6 <= ofs /\ ofs + typesize ty <= bound_outgoing b + | Incoming ofs ty => 6 <= ofs /\ ofs + typesize ty <= size_arguments funct.(fn_sig) + end. + +Inductive wt_instr : instruction -> Prop := + | wt_Lgetstack: + forall s r, + slot_type s = mreg_type r -> + slot_bounded s -> mreg_bounded r -> + wt_instr (Lgetstack s r) + | wt_Lsetstack: + forall s r, + match s with Incoming _ _ => False | _ => True end -> + slot_type s = mreg_type r -> + slot_bounded s -> + wt_instr (Lsetstack r s) + | wt_Lopmove: + forall r1 r, + mreg_type r1 = mreg_type r -> + mreg_bounded r -> + wt_instr (Lop Omove (r1 :: nil) r) + | wt_Lopundef: + forall r, + mreg_bounded r -> + wt_instr (Lop Oundef nil r) + | wt_Lop: + forall op args res, + op <> Omove -> op <> Oundef -> + (List.map mreg_type args, mreg_type res) = type_of_operation op -> + mreg_bounded res -> + wt_instr (Lop op args res) + | wt_Lload: + forall chunk addr args dst, + List.map mreg_type args = type_of_addressing addr -> + mreg_type dst = type_of_chunk chunk -> + mreg_bounded dst -> + wt_instr (Lload chunk addr args dst) + | wt_Lstore: + forall chunk addr args src, + List.map mreg_type args = type_of_addressing addr -> + mreg_type src = type_of_chunk chunk -> + wt_instr (Lstore chunk addr args src) + | wt_Lcall: + forall sig ros, + size_arguments sig <= bound_outgoing b -> + match ros with inl r => mreg_type r = Tint | _ => True end -> + wt_instr (Lcall sig ros) + | wt_Llabel: + forall lbl, + wt_instr (Llabel lbl) + | wt_Lgoto: + forall lbl, + wt_instr (Lgoto lbl) + | wt_Lcond: + forall cond args lbl, + List.map mreg_type args = type_of_condition cond -> + wt_instr (Lcond cond args lbl) + | wt_Lreturn: + wt_instr (Lreturn). + +End WT_INSTR. + +Definition wt_function (f: function) : Prop := + forall instr, In instr f.(fn_code) -> wt_instr f instr. + +Definition wt_program (p: program) : Prop := + forall i f, In (i, f) (prog_funct p) -> wt_function f. + diff --git a/backend/Locations.v b/backend/Locations.v new file mode 100644 index 00000000..c97855ea --- /dev/null +++ b/backend/Locations.v @@ -0,0 +1,476 @@ +(** Locations are a refinement of RTL pseudo-registers, used to reflect + the results of register allocation (file [Allocation]). *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Values. + +(** * Representation of locations *) + +(** A location is either a processor register or (an abstract designation of) + a slot in the activation record of the current function. *) + +(** ** Machine registers *) + +(** The following type defines the machine registers that can be referenced + as locations. These include: +- Integer registers that can be allocated to RTL pseudo-registers ([Rxx]). +- Floating-point registers that can be allocated to RTL pseudo-registers + ([Fxx]). +- Three integer registers, not allocatable, reserved as temporaries for + spilling and reloading ([ITx]). +- Three float registers, not allocatable, reserved as temporaries for + spilling and reloading ([FTx]). + + The type [mreg] does not include special-purpose machine registers + such as the stack pointer and the condition codes. *) + +Inductive mreg: Set := + (** Allocatable integer regs *) + | R3: mreg | R4: mreg | R5: mreg | R6: mreg + | R7: mreg | R8: mreg | R9: mreg | R10: mreg + | R13: mreg | R14: mreg | R15: mreg | R16: mreg + | R17: mreg | R18: mreg | R19: mreg | R20: mreg + | R21: mreg | R22: mreg | R23: mreg | R24: mreg + | R25: mreg | R26: mreg | R27: mreg | R28: mreg + | R29: mreg | R30: mreg | R31: mreg + (** Allocatable float regs *) + | F1: mreg | F2: mreg | F3: mreg | F4: mreg + | F5: mreg | F6: mreg | F7: mreg | F8: mreg + | F9: mreg | F10: mreg | F14: mreg | F15: mreg + | F16: mreg | F17: mreg | F18: mreg | F19: mreg + | F20: mreg | F21: mreg | F22: mreg | F23: mreg + | F24: mreg | F25: mreg | F26: mreg | F27: mreg + | F28: mreg | F29: mreg | F30: mreg | F31: mreg + (** Integer temporaries *) + | IT1: mreg (* R11 *) | IT2: mreg (* R12 *) | IT3: mreg (* R0 *) + (** Float temporaries *) + | FT1: mreg (* F11 *) | FT2: mreg (* F12 *) | FT3: mreg (* F0 *). + +Lemma mreg_eq: forall (r1 r2: mreg), {r1 = r2} + {r1 <> r2}. +Proof. decide equality. Qed. + +Definition mreg_type (r: mreg): typ := + match r with + | R3 => Tint | R4 => Tint | R5 => Tint | R6 => Tint + | R7 => Tint | R8 => Tint | R9 => Tint | R10 => Tint + | R13 => Tint | R14 => Tint | R15 => Tint | R16 => Tint + | R17 => Tint | R18 => Tint | R19 => Tint | R20 => Tint + | R21 => Tint | R22 => Tint | R23 => Tint | R24 => Tint + | R25 => Tint | R26 => Tint | R27 => Tint | R28 => Tint + | R29 => Tint | R30 => Tint | R31 => Tint + | F1 => Tfloat | F2 => Tfloat | F3 => Tfloat | F4 => Tfloat + | F5 => Tfloat | F6 => Tfloat | F7 => Tfloat | F8 => Tfloat + | F9 => Tfloat | F10 => Tfloat | F14 => Tfloat | F15 => Tfloat + | F16 => Tfloat | F17 => Tfloat | F18 => Tfloat | F19 => Tfloat + | F20 => Tfloat | F21 => Tfloat | F22 => Tfloat | F23 => Tfloat + | F24 => Tfloat | F25 => Tfloat | F26 => Tfloat | F27 => Tfloat + | F28 => Tfloat | F29 => Tfloat | F30 => Tfloat | F31 => Tfloat + | IT1 => Tint | IT2 => Tint | IT3 => Tint + | FT1 => Tfloat | FT2 => Tfloat | FT3 => Tfloat + end. + +Open Scope positive_scope. + +Module IndexedMreg <: INDEXED_TYPE. + Definition t := mreg. + Definition eq := mreg_eq. + Definition index (r: mreg): positive := + match r with + | R3 => 1 | R4 => 2 | R5 => 3 | R6 => 4 + | R7 => 5 | R8 => 6 | R9 => 7 | R10 => 8 + | R13 => 9 | R14 => 10 | R15 => 11 | R16 => 12 + | R17 => 13 | R18 => 14 | R19 => 15 | R20 => 16 + | R21 => 17 | R22 => 18 | R23 => 19 | R24 => 20 + | R25 => 21 | R26 => 22 | R27 => 23 | R28 => 24 + | R29 => 25 | R30 => 26 | R31 => 27 + | F1 => 28 | F2 => 29 | F3 => 30 | F4 => 31 + | F5 => 32 | F6 => 33 | F7 => 34 | F8 => 35 + | F9 => 36 | F10 => 37 | F14 => 38 | F15 => 39 + | F16 => 40 | F17 => 41 | F18 => 42 | F19 => 43 + | F20 => 44 | F21 => 45 | F22 => 46 | F23 => 47 + | F24 => 48 | F25 => 49 | F26 => 50 | F27 => 51 + | F28 => 52 | F29 => 53 | F30 => 54 | F31 => 55 + | IT1 => 56 | IT2 => 57 | IT3 => 58 + | FT1 => 59 | FT2 => 60 | FT3 => 61 + end. + Lemma index_inj: + forall r1 r2, index r1 = index r2 -> r1 = r2. + Proof. + destruct r1; destruct r2; simpl; intro; discriminate || reflexivity. + Qed. +End IndexedMreg. + +(** ** Slots in activation records *) + +(** A slot in an activation record is designated abstractly by a kind, + a type and an integer offset. Three kinds are considered: +- [Local]: these are the slots used by register allocation for + pseudo-registers that cannot be assigned a hardware register. +- [Incoming]: used to store the parameters of the current function + that cannot reside in hardware registers, as determined by the + calling conventions. +- [Outgoing]: used to store arguments to called functions that + cannot reside in hardware registers, as determined by the + calling conventions. *) + +Inductive slot: Set := + | Local: Z -> typ -> slot + | Incoming: Z -> typ -> slot + | Outgoing: Z -> typ -> slot. + +(** Morally, the [Incoming] slots of a function are the [Outgoing] +slots of its caller function. + +The type of a slot indicates how it will be accessed later once mapped to +actual memory locations inside a memory-allocated activation record: +as 32-bit integers/pointers (type [Tint]) or as 64-bit floats (type [Tfloat]). + +The offset of a slot, combined with its type and its kind, identifies +uniquely the slot and will determine later where it resides within the +memory-allocated activation record. Offsets are always positive. + +Conceptually, slots will be mapped to four non-overlapping memory areas +within activation records: +- The area for [Local] slots of type [Tint]. The offset is interpreted + as a 4-byte word index. +- The area for [Local] slots of type [Tfloat]. The offset is interpreted + as a 8-byte word index. Thus, two [Local] slots always refer either + to the same memory chunk (if they have the same types and offsets) + or to non-overlapping memory chunks (if the types or offsets differ). +- The area for [Outgoing] slots. The offset is a 4-byte word index. + Unlike [Local] slots, the PowerPC calling conventions demand that + integer and float [Outgoing] slots reside in the same memory area. + Therefore, [Outgoing Tint 0] and [Outgoing Tfloat 0] refer to + overlapping memory chunks and cannot be used simultaneously: one will + lose its value when the other is assigned. We will reflect this + overlapping behaviour in the environments mapping locations to values + defined later in this file. +- The area for [Incoming] slots. Same structure as the [Outgoing] slots. +*) + +Definition slot_type (s: slot): typ := + match s with + | Local ofs ty => ty + | Incoming ofs ty => ty + | Outgoing ofs ty => ty + end. + +Lemma slot_eq: forall (p q: slot), {p = q} + {p <> q}. +Proof. + assert (typ_eq: forall (t1 t2: typ), {t1 = t2} + {t1 <> t2}). + decide equality. + generalize zeq; intro. + decide equality. +Qed. + +Open Scope Z_scope. + +Definition typesize (ty: typ) : Z := + match ty with Tint => 1 | Tfloat => 2 end. + +Lemma typesize_pos: + forall (ty: typ), typesize ty > 0. +Proof. + destruct ty; compute; auto. +Qed. + +(** ** Locations *) + +(** Locations are just the disjoint union of machine registers and + activation record slots. *) + +Inductive loc : Set := + | R: mreg -> loc + | S: slot -> loc. + +Module Loc. + + Definition type (l: loc) : typ := + match l with + | R r => mreg_type r + | S s => slot_type s + end. + + Lemma eq: forall (p q: loc), {p = q} + {p <> q}. + Proof. + decide equality. apply mreg_eq. apply slot_eq. + Qed. + +(** As mentioned previously, two locations can be different (in the sense + of the [<>] mathematical disequality), yet denote + overlapping memory chunks within the activation record. + Given two locations, three cases are possible: +- They are equal (in the sense of the [=] equality) +- They are different and non-overlapping. +- They are different but overlapping. + + The second case (different and non-overlapping) is characterized + by the following [Loc.diff] predicate. +*) + Definition diff (l1 l2: loc) : Prop := + match l1, l2 with + | R r1, R r2 => r1 <> r2 + | S (Local d1 t1), S (Local d2 t2) => + d1 <> d2 \/ t1 <> t2 + | S (Incoming d1 t1), S (Incoming d2 t2) => + d1 + typesize t1 <= d2 \/ d2 + typesize t2 <= d1 + | S (Outgoing d1 t1), S (Outgoing d2 t2) => + d1 + typesize t1 <= d2 \/ d2 + typesize t2 <= d1 + | _, _ => + True + end. + + Lemma same_not_diff: + forall l, ~(diff l l). + Proof. + destruct l; unfold diff; try tauto. + destruct s. + tauto. + generalize (typesize_pos t); omega. + generalize (typesize_pos t); omega. + Qed. + + Lemma diff_not_eq: + forall l1 l2, diff l1 l2 -> l1 <> l2. + Proof. + unfold not; intros. subst l2. elim (same_not_diff l1 H). + Qed. + + Lemma diff_sym: + forall l1 l2, diff l1 l2 -> diff l2 l1. + Proof. + destruct l1; destruct l2; unfold diff; auto. + destruct s; auto. + destruct s; destruct s0; intuition auto. + Qed. + +(** [Loc.overlap l1 l2] returns [false] if [l1] and [l2] are different and + non-overlapping, and [true] otherwise: either [l1 = l2] or they partially + overlap. *) + + Definition overlap_aux (t1: typ) (d1 d2: Z) : bool := + if zeq d1 d2 then true else + match t1 with + | Tint => false + | Tfloat => if zeq (d1 + 1) d2 then true else false + end. + + Definition overlap (l1 l2: loc) : bool := + match l1, l2 with + | S (Incoming d1 t1), S (Incoming d2 t2) => + overlap_aux t1 d1 d2 || overlap_aux t2 d2 d1 + | S (Outgoing d1 t1), S (Outgoing d2 t2) => + overlap_aux t1 d1 d2 || overlap_aux t2 d2 d1 + | _, _ => false + end. + + Lemma overlap_aux_true_1: + forall d1 t1 d2 t2, + overlap_aux t1 d1 d2 = true -> + ~(d1 + typesize t1 <= d2 \/ d2 + typesize t2 <= d1). + Proof. + intros until t2. + generalize (typesize_pos t1); intro. + generalize (typesize_pos t2); intro. + unfold overlap_aux. + case (zeq d1 d2). + intros. omega. + case t1. intros; discriminate. + case (zeq (d1 + 1) d2); intros. + subst d2. simpl. omega. + discriminate. + Qed. + + Lemma overlap_aux_true_2: + forall d1 t1 d2 t2, + overlap_aux t2 d2 d1 = true -> + ~(d1 + typesize t1 <= d2 \/ d2 + typesize t2 <= d1). + Proof. + intros. generalize (overlap_aux_true_1 d2 t2 d1 t1 H). + tauto. + Qed. + + Lemma overlap_not_diff: + forall l1 l2, overlap l1 l2 = true -> ~(diff l1 l2). + Proof. + unfold overlap, diff; destruct l1; destruct l2; intros; try discriminate. + destruct s; discriminate. + destruct s; destruct s0; try discriminate. + elim (orb_true_elim _ _ H); intro. + apply overlap_aux_true_1; auto. + apply overlap_aux_true_2; auto. + elim (orb_true_elim _ _ H); intro. + apply overlap_aux_true_1; auto. + apply overlap_aux_true_2; auto. + Qed. + + Lemma overlap_aux_false_1: + forall t1 d1 t2 d2, + overlap_aux t1 d1 d2 || overlap_aux t2 d2 d1 = false -> + d1 + typesize t1 <= d2 \/ d2 + typesize t2 <= d1. + Proof. + intros until d2. intro OV. + generalize (orb_false_elim _ _ OV). intro OV'. elim OV'. + unfold overlap_aux. + case (zeq d1 d2); intro. + intros; discriminate. + case (zeq d2 d1); intro. + intros; discriminate. + case t1; case t2; simpl. + intros; omega. + case (zeq (d2 + 1) d1); intros. discriminate. omega. + case (zeq (d1 + 1) d2); intros. discriminate. omega. + case (zeq (d1 + 1) d2); intros H1 H2. discriminate. + case (zeq (d2 + 1) d1); intros. discriminate. omega. + Qed. + + Lemma non_overlap_diff: + forall l1 l2, l1 <> l2 -> overlap l1 l2 = false -> diff l1 l2. + Proof. + intros. unfold diff; destruct l1; destruct l2. + congruence. + auto. + destruct s; auto. + destruct s; destruct s0; auto. + case (zeq z z0); intro. + compare t t0; intro. + congruence. tauto. tauto. + apply overlap_aux_false_1. exact H0. + apply overlap_aux_false_1. exact H0. + Qed. + +(** We now redefine some standard notions over lists, using the [Loc.diff] + predicate instead of standard disequality [<>]. + + [Loc.notin l ll] holds if the location [l] is different from all locations + in the list [ll]. *) + + Fixpoint notin (l: loc) (ll: list loc) {struct ll} : Prop := + match ll with + | nil => True + | l1 :: ls => diff l l1 /\ notin l ls + end. + + Lemma notin_not_in: + forall l ll, notin l ll -> ~(In l ll). + Proof. + unfold not; induction ll; simpl; intros. + auto. + elim H; intros. elim H0; intro. + subst l. exact (same_not_diff a H1). + auto. + Qed. + +(** [Loc.disjoint l1 l2] is true if the locations in list [l1] + are different from all locations in list [l2]. *) + + Definition disjoint (l1 l2: list loc) : Prop := + forall x1 x2, In x1 l1 -> In x2 l2 -> diff x1 x2. + + Lemma disjoint_cons_left: + forall a l1 l2, + disjoint (a :: l1) l2 -> disjoint l1 l2. + Proof. + unfold disjoint; intros. auto with coqlib. + Qed. + Lemma disjoint_cons_right: + forall a l1 l2, + disjoint l1 (a :: l2) -> disjoint l1 l2. + Proof. + unfold disjoint; intros. auto with coqlib. + Qed. + + Lemma disjoint_sym: + forall l1 l2, disjoint l1 l2 -> disjoint l2 l1. + Proof. + unfold disjoint; intros. apply diff_sym; auto. + Qed. + + Lemma in_notin_diff: + forall l1 l2 ll, notin l1 ll -> In l2 ll -> diff l1 l2. + Proof. + induction ll; simpl; intros. + elim H0. + elim H0; intro. subst a. tauto. apply IHll; tauto. + Qed. + + Lemma notin_disjoint: + forall l1 l2, + (forall x, In x l1 -> notin x l2) -> disjoint l1 l2. + Proof. + unfold disjoint; induction l1; intros. + elim H0. + elim H0; intro. + subst x1. eapply in_notin_diff. apply H. auto with coqlib. auto. + eapply IHl1; eauto. intros. apply H. auto with coqlib. + Qed. + + Lemma disjoint_notin: + forall l1 l2 x, disjoint l1 l2 -> In x l1 -> notin x l2. + Proof. + unfold disjoint; induction l2; simpl; intros. + auto. + split. apply H. auto. tauto. + apply IHl2. intros. apply H. auto. tauto. auto. + Qed. + +(** [Loc.norepet ll] holds if the locations in list [ll] are pairwise + different. *) + + Inductive norepet : list loc -> Prop := + | norepet_nil: + norepet nil + | norepet_cons: + forall hd tl, notin hd tl -> norepet tl -> norepet (hd :: tl). + + Definition no_overlap (l1 l2 : list loc) := + forall r, In r l1 -> forall s, In s l2 -> r = s \/ Loc.diff r s. + +End Loc. + +(** * Mappings from locations to values *) + +(** The [Locmap] module defines mappings from locations to values, + used as evaluation environments for the semantics of the [LTL] + and [Linear] intermediate languages. *) + +Set Implicit Arguments. + +Module Locmap. + + Definition t := loc -> val. + + Definition init (x: val) : t := fun (_: loc) => x. + + Definition get (l: loc) (m: t) : val := m l. + + (** The [set] operation over location mappings reflects the overlapping + properties of locations: changing the value of a location [l] + invalidates (sets to [Vundef]) the locations that partially overlap + with [l]. In other terms, the result of [set l v m] + maps location [l] to value [v], locations that overlap with [l] + to [Vundef], and locations that are different (and non-overlapping) + from [l] to their previous values in [m]. This is apparent in the + ``good variables'' properties [Locmap.gss] and [Locmap.gso]. *) + + Definition set (l: loc) (v: val) (m: t) : t := + fun (p: loc) => + if Loc.eq l p then v else if Loc.overlap l p then Vundef else m p. + + Lemma gss: forall l v m, (set l v m) l = v. + Proof. + intros. unfold set. case (Loc.eq l l); tauto. + Qed. + + Lemma gso: forall l v m p, Loc.diff l p -> (set l v m) p = m p. + Proof. + intros. unfold set. case (Loc.eq l p); intro. + subst p. elim (Loc.same_not_diff _ H). + caseEq (Loc.overlap l p); intro. + elim (Loc.overlap_not_diff _ _ H0 H). + auto. + Qed. + +End Locmap. diff --git a/backend/Mach.v b/backend/Mach.v new file mode 100644 index 00000000..f9537985 --- /dev/null +++ b/backend/Mach.v @@ -0,0 +1,295 @@ +(** The Mach intermediate language: abstract syntax and semantics. + + Mach is the last intermediate language before generation of assembly + code. +*) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. + +(** * Abstract syntax *) + +(** Like Linear, the Mach language is organized as lists of instructions + operating over machine registers, with default fall-through behaviour + and explicit labels and branch instructions. + + The main difference with Linear lies in the instructions used to + access the activation record. Mach has three such instructions: + [Mgetstack] and [Msetstack] to read and write within the activation + record for the current function, at a given word offset and with a + given type; and [Mgetparam], to read within the activation record of + the caller. + + These instructions implement a more concrete view of the activation + record than the the [Bgetstack] and [Bsetstack] instructions of + Linear: actual offsets are used instead of abstract stack slots; the + distinction between the caller's frame and the callee's frame is + made explicit. *) + +Definition label := positive. + +Inductive instruction: Set := + | Mgetstack: int -> typ -> mreg -> instruction + | Msetstack: mreg -> int -> typ -> instruction + | Mgetparam: int -> typ -> mreg -> instruction + | Mop: operation -> list mreg -> mreg -> instruction + | Mload: memory_chunk -> addressing -> list mreg -> mreg -> instruction + | Mstore: memory_chunk -> addressing -> list mreg -> mreg -> instruction + | Mcall: signature -> mreg + ident -> instruction + | Mlabel: label -> instruction + | Mgoto: label -> instruction + | Mcond: condition -> list mreg -> label -> instruction + | Mreturn: instruction. + +Definition code := list instruction. + +Record function: Set := mkfunction + { fn_sig: signature; + fn_code: code; + fn_stacksize: Z; + fn_framesize: Z }. + +Definition program := AST.program function. + +Definition genv := Genv.t function. + +(** * Dynamic semantics *) + +Module RegEq. + Definition t := mreg. + Definition eq := mreg_eq. +End RegEq. + +Module Regmap := EMap(RegEq). + +Definition regset := Regmap.t val. + +Notation "a ## b" := (List.map a b) (at level 1). +Notation "a # b <- c" := (Regmap.set b c a) (at level 1, b at next level). + +Definition is_label (lbl: label) (instr: instruction) : bool := + match instr with + | Mlabel lbl' => if peq lbl lbl' then true else false + | _ => false + end. + +Lemma is_label_correct: + forall lbl instr, + if is_label lbl instr then instr = Mlabel lbl else instr <> Mlabel lbl. +Proof. + intros. destruct instr; simpl; try discriminate. + case (peq lbl l); intro; congruence. +Qed. + +Fixpoint find_label (lbl: label) (c: code) {struct c} : option code := + match c with + | nil => None + | i1 :: il => if is_label lbl i1 then Some il else find_label lbl il + end. + +(** The three stack-related Mach instructions are interpreted as + memory accesses relative to the stack pointer. More precisely: +- [Mgetstack ofs ty r] is a memory load at offset [ofs * 4] relative + to the stack pointer. +- [Msetstack r ofs ty] is a memory store at offset [ofs * 4] relative + to the stack pointer. +- [Mgetparam ofs ty r] is a memory load at offset [ofs * 4] + relative to the pointer found at offset 0 from the stack pointer. + The semantics maintain a linked structure of activation records, + with the current record containing a pointer to the record of the + caller function at offset 0. *) + +Definition chunk_of_type (ty: typ) := + match ty with Tint => Mint32 | Tfloat => Mfloat64 end. + +Definition load_stack (m: mem) (sp: val) (ty: typ) (ofs: int) := + Mem.loadv (chunk_of_type ty) m (Val.add sp (Vint ofs)). + +Definition store_stack (m: mem) (sp: val) (ty: typ) (ofs: int) (v: val) := + Mem.storev (chunk_of_type ty) m (Val.add sp (Vint ofs)) v. + +Definition align_16_top (lo hi: Z) := + Zmax 0 (((hi - lo + 15) / 16) * 16 + lo). + +Section RELSEM. + +Variable ge: genv. + +Definition find_function (ros: mreg + ident) (rs: regset) : option function := + match ros with + | inl r => Genv.find_funct ge (rs r) + | inr symb => + match Genv.find_symbol ge symb with + | None => None + | Some b => Genv.find_funct_ptr ge b + end + end. + +(** [exec_instr ge f sp c rs m c' rs' m'] reflects the execution of + the first instruction in the current instruction sequence [c]. + [c'] is the current instruction sequence after this execution. + [rs] and [rs'] map machine registers to values, respectively + before and after instruction execution. [m] and [m'] are the + memory states before and after. *) + +Inductive exec_instr: + function -> val -> + code -> regset -> mem -> + code -> regset -> mem -> Prop := + | exec_Mlabel: + forall f sp lbl c rs m, + exec_instr f sp + (Mlabel lbl :: c) rs m + c rs m + | exec_Mgetstack: + forall f sp ofs ty dst c rs m v, + load_stack m sp ty ofs = Some v -> + exec_instr f sp + (Mgetstack ofs ty dst :: c) rs m + c (rs#dst <- v) m + | exec_Msetstack: + forall f sp src ofs ty c rs m m', + store_stack m sp ty ofs (rs src) = Some m' -> + exec_instr f sp + (Msetstack src ofs ty :: c) rs m + c rs m' + | exec_Mgetparam: + forall f sp parent ofs ty dst c rs m v, + load_stack m sp Tint (Int.repr 0) = Some parent -> + load_stack m parent ty ofs = Some v -> + exec_instr f sp + (Mgetparam ofs ty dst :: c) rs m + c (rs#dst <- v) m + | exec_Mop: + forall f sp op args res c rs m v, + eval_operation ge sp op rs##args = Some v -> + exec_instr f sp + (Mop op args res :: c) rs m + c (rs#res <- v) m + | exec_Mload: + forall f sp chunk addr args dst c rs m a v, + eval_addressing ge sp addr rs##args = Some a -> + Mem.loadv chunk m a = Some v -> + exec_instr f sp + (Mload chunk addr args dst :: c) rs m + c (rs#dst <- v) m + | exec_Mstore: + forall f sp chunk addr args src c rs m m' a, + eval_addressing ge sp addr rs##args = Some a -> + Mem.storev chunk m a (rs src) = Some m' -> + exec_instr f sp + (Mstore chunk addr args src :: c) rs m + c rs m' + | exec_Mcall: + forall f sp sig ros c rs m f' rs' m', + find_function ros rs = Some f' -> + exec_function f' sp rs m rs' m' -> + exec_instr f sp + (Mcall sig ros :: c) rs m + c rs' m' + | exec_Mgoto: + forall f sp lbl c rs m c', + find_label lbl f.(fn_code) = Some c' -> + exec_instr f sp + (Mgoto lbl :: c) rs m + c' rs m + | exec_Mcond_true: + forall f sp cond args lbl c rs m c', + eval_condition cond rs##args = Some true -> + find_label lbl f.(fn_code) = Some c' -> + exec_instr f sp + (Mcond cond args lbl :: c) rs m + c' rs m + | exec_Mcond_false: + forall f sp cond args lbl c rs m, + eval_condition cond rs##args = Some false -> + exec_instr f sp + (Mcond cond args lbl :: c) rs m + c rs m + +with exec_instrs: + function -> val -> + code -> regset -> mem -> + code -> regset -> mem -> Prop := + | exec_refl: + forall f sp c rs m, + exec_instrs f sp c rs m c rs m + | exec_one: + forall f sp c rs m c' rs' m', + exec_instr f sp c rs m c' rs' m' -> + exec_instrs f sp c rs m c' rs' m' + | exec_trans: + forall f sp c1 rs1 m1 c2 rs2 m2 c3 rs3 m3, + exec_instrs f sp c1 rs1 m1 c2 rs2 m2 -> + exec_instrs f sp c2 rs2 m2 c3 rs3 m3 -> + exec_instrs f sp c1 rs1 m1 c3 rs3 m3 + +(** In addition to reserving the word at offset 0 in the activation + record for maintaining the linking of activation records, + we need to reserve the word at offset 4 to store the return address + into the caller. However, the return address (a pointer within + the code of the caller) is not precisely known at this point: + it will be determined only after the final translation to PowerPC + assembly code. Therefore, we simply reserve that word in the strongest + sense of the word ``reserve'': we make sure that whatever pointer + is stored there at function entry keeps the same value until the + final return instruction, and that the return value and final memory + state are the same regardless of the return address. + This is captured in the evaluation rule [exec_function] + that quantifies universally over all possible values of the return + address, and pass this value to [exec_function_body]. In other + terms, the inference rule [exec_function] has an infinity of + premises, one for each possible return address. Such infinitely + branching inference rules are uncommon in operational semantics, + but cause no difficulties in Coq. *) + +with exec_function_body: + function -> val -> val -> + regset -> mem -> regset -> mem -> Prop := + | exec_funct_body: + forall f parent ra rs m rs' m1 m2 m3 m4 stk c, + Mem.alloc m (- f.(fn_framesize)) + (align_16_top (- f.(fn_framesize)) f.(fn_stacksize)) + = (m1, stk) -> + let sp := Vptr stk (Int.repr (-f.(fn_framesize))) in + store_stack m1 sp Tint (Int.repr 0) parent = Some m2 -> + store_stack m2 sp Tint (Int.repr 4) ra = Some m3 -> + exec_instrs f sp + f.(fn_code) rs m3 + (Mreturn :: c) rs' m4 -> + load_stack m4 sp Tint (Int.repr 0) = Some parent -> + load_stack m4 sp Tint (Int.repr 4) = Some ra -> + exec_function_body f parent ra rs m rs' (Mem.free m4 stk) + +with exec_function: + function -> val -> regset -> mem -> regset -> mem -> Prop := + | exec_funct: + forall f parent rs m rs' m', + (forall ra, + Val.has_type ra Tint -> + exec_function_body f parent ra rs m rs' m') -> + exec_function f parent rs m rs' m'. + +Scheme exec_instr_ind4 := Minimality for exec_instr Sort Prop + with exec_instrs_ind4 := Minimality for exec_instrs Sort Prop + with exec_function_body_ind4 := Minimality for exec_function_body Sort Prop + with exec_function_ind4 := Minimality for exec_function Sort Prop. + +End RELSEM. + +Definition exec_program (p: program) (r: val) : Prop := + let ge := Genv.globalenv p in + let m0 := Genv.init_mem p in + exists b, exists f, exists rs, exists m, + Genv.find_symbol ge p.(prog_main) = Some b /\ + Genv.find_funct_ptr ge b = Some f /\ + exec_function ge f (Vptr Mem.nullptr Int.zero) (Regmap.init Vundef) m0 rs m /\ + rs R3 = r. + diff --git a/backend/Machabstr.v b/backend/Machabstr.v new file mode 100644 index 00000000..25458dcc --- /dev/null +++ b/backend/Machabstr.v @@ -0,0 +1,371 @@ +(** Alternate semantics for the Mach intermediate language. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Mem. +Require Import Integers. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. +Require Conventions. +Require Import Mach. + +(** This file defines an alternate semantics for the Mach intermediate + language, which differ from the standard semantics given in file [Mach] + as follows: the stack access instructions [Mgetstack], [Msetstack] + and [Mgetparam] are interpreted not as memory accesses, but as + accesses in a frame environment, not resident in memory. The evaluation + relations take two such frame environments as parameters and results, + one for the current function and one for its caller. + + Not having the frame data in memory facilitates the proof of + the [Stacking] pass, which shows that the generated code executes + correctly with the alternate semantics. In file [Machabstr2mach], + we show an implication from this alternate semantics to + the standard semantics, thus establishing that the [Stacking] pass + generates code that behaves correctly against the standard [Mach] + semantics as well. *) + +(** * Structure of abstract stack frames *) + +(** A frame has the same structure as the contents of a memory block. *) + +Definition frame := block_contents. + +Definition empty_frame := empty_block 0 0. + +Definition mem_type (ty: typ) := + match ty with Tint => Size32 | Tfloat => Size64 end. + +(** [get_slot fr ty ofs v] holds if the frame [fr] contains value [v] + with type [ty] at word offset [ofs]. *) + +Inductive get_slot: frame -> typ -> Z -> val -> Prop := + | get_slot_intro: + forall fr ty ofs v, + 0 <= ofs -> + fr.(low) + ofs + 4 * typesize ty <= 0 -> + v = load_contents (mem_type ty) fr.(contents) (fr.(low) + ofs) -> + get_slot fr ty ofs v. + +Remark size_mem_type: + forall ty, size_mem (mem_type ty) = 4 * typesize ty. +Proof. + destruct ty; reflexivity. +Qed. + +Remark set_slot_undef_outside: + forall fr ty ofs v, + fr.(high) = 0 -> + 0 <= ofs -> + fr.(low) + ofs + 4 * typesize ty <= 0 -> + (forall x, x < fr.(low) \/ x >= fr.(high) -> fr.(contents) x = Undef) -> + (forall x, x < fr.(low) \/ x >= fr.(high) -> + store_contents (mem_type ty) fr.(contents) (fr.(low) + ofs) v x = Undef). +Proof. + intros. apply store_contents_undef_outside with fr.(low) fr.(high). + rewrite <- size_mem_type in H1. omega. assumption. assumption. +Qed. + +(** [set_slot fr ty ofs v fr'] holds if frame [fr'] is obtained from + frame [fr] by storing value [v] with type [ty] at word offset [ofs]. *) + +Inductive set_slot: frame -> typ -> Z -> val -> frame -> Prop := + | set_slot_intro: + forall fr ty ofs v + (A: fr.(high) = 0) + (B: 0 <= ofs) + (C: fr.(low) + ofs + 4 * typesize ty <= 0), + set_slot fr ty ofs v + (mkblock fr.(low) fr.(high) + (store_contents (mem_type ty) fr.(contents) (fr.(low) + ofs) v) + (set_slot_undef_outside fr ty ofs v A B C fr.(undef_outside))). + +Definition init_frame (f: function) := + empty_block (- f.(fn_framesize)) 0. + +Section RELSEM. + +Variable ge: genv. + +(** Execution of one instruction has the form + [exec_instr ge f sp parent c rs fr m c' rs' fr' m'], + where [parent] is the caller's frame (read-only) + and [fr], [fr'] are the current frame, before and after execution + of one instruction. The other parameters are as in the Mach semantics. *) + +Inductive exec_instr: + function -> val -> frame -> + code -> regset -> frame -> mem -> + code -> regset -> frame -> mem -> Prop := + | exec_Mlabel: + forall f sp parent lbl c rs fr m, + exec_instr f sp parent + (Mlabel lbl :: c) rs fr m + c rs fr m + | exec_Mgetstack: + forall f sp parent ofs ty dst c rs fr m v, + get_slot fr ty (Int.signed ofs) v -> + exec_instr f sp parent + (Mgetstack ofs ty dst :: c) rs fr m + c (rs#dst <- v) fr m + | exec_Msetstack: + forall f sp parent src ofs ty c rs fr m fr', + set_slot fr ty (Int.signed ofs) (rs src) fr' -> + exec_instr f sp parent + (Msetstack src ofs ty :: c) rs fr m + c rs fr' m + | exec_Mgetparam: + forall f sp parent ofs ty dst c rs fr m v, + get_slot parent ty (Int.signed ofs) v -> + exec_instr f sp parent + (Mgetparam ofs ty dst :: c) rs fr m + c (rs#dst <- v) fr m + | exec_Mop: + forall f sp parent op args res c rs fr m v, + eval_operation ge sp op rs##args = Some v -> + exec_instr f sp parent + (Mop op args res :: c) rs fr m + c (rs#res <- v) fr m + | exec_Mload: + forall f sp parent chunk addr args dst c rs fr m a v, + eval_addressing ge sp addr rs##args = Some a -> + Mem.loadv chunk m a = Some v -> + exec_instr f sp parent + (Mload chunk addr args dst :: c) rs fr m + c (rs#dst <- v) fr m + | exec_Mstore: + forall f sp parent chunk addr args src c rs fr m m' a, + eval_addressing ge sp addr rs##args = Some a -> + Mem.storev chunk m a (rs src) = Some m' -> + exec_instr f sp parent + (Mstore chunk addr args src :: c) rs fr m + c rs fr m' + | exec_Mcall: + forall f sp parent sig ros c rs fr m f' rs' m', + find_function ge ros rs = Some f' -> + exec_function f' fr rs m rs' m' -> + exec_instr f sp parent + (Mcall sig ros :: c) rs fr m + c rs' fr m' + | exec_Mgoto: + forall f sp parent lbl c rs fr m c', + find_label lbl f.(fn_code) = Some c' -> + exec_instr f sp parent + (Mgoto lbl :: c) rs fr m + c' rs fr m + | exec_Mcond_true: + forall f sp parent cond args lbl c rs fr m c', + eval_condition cond rs##args = Some true -> + find_label lbl f.(fn_code) = Some c' -> + exec_instr f sp parent + (Mcond cond args lbl :: c) rs fr m + c' rs fr m + | exec_Mcond_false: + forall f sp parent cond args lbl c rs fr m, + eval_condition cond rs##args = Some false -> + exec_instr f sp parent + (Mcond cond args lbl :: c) rs fr m + c rs fr m + +with exec_instrs: + function -> val -> frame -> + code -> regset -> frame -> mem -> + code -> regset -> frame -> mem -> Prop := + | exec_refl: + forall f sp parent c rs fr m, + exec_instrs f sp parent c rs fr m c rs fr m + | exec_one: + forall f sp parent c rs fr m c' rs' fr' m', + exec_instr f sp parent c rs fr m c' rs' fr' m' -> + exec_instrs f sp parent c rs fr m c' rs' fr' m' + | exec_trans: + forall f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2 c3 rs3 fr3 m3, + exec_instrs f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2 -> + exec_instrs f sp parent c2 rs2 fr2 m2 c3 rs3 fr3 m3 -> + exec_instrs f sp parent c1 rs1 fr1 m1 c3 rs3 fr3 m3 + +with exec_function_body: + function -> frame -> val -> val -> + regset -> mem -> regset -> mem -> Prop := + | exec_funct_body: + forall f parent link ra rs m rs' m1 m2 stk fr1 fr2 fr3 c, + Mem.alloc m 0 f.(fn_stacksize) = (m1, stk) -> + set_slot (init_frame f) Tint 0 link fr1 -> + set_slot fr1 Tint 4 ra fr2 -> + exec_instrs f (Vptr stk (Int.repr (-f.(fn_framesize)))) parent + f.(fn_code) rs fr2 m1 + (Mreturn :: c) rs' fr3 m2 -> + exec_function_body f parent link ra rs m rs' (Mem.free m2 stk) + +with exec_function: + function -> frame -> regset -> mem -> regset -> mem -> Prop := + | exec_funct: + forall f parent rs m rs' m', + (forall link ra, + Val.has_type link Tint -> + Val.has_type ra Tint -> + exec_function_body f parent link ra rs m rs' m') -> + exec_function f parent rs m rs' m'. + +Scheme exec_instr_ind4 := Minimality for exec_instr Sort Prop + with exec_instrs_ind4 := Minimality for exec_instrs Sort Prop + with exec_function_body_ind4 := Minimality for exec_function_body Sort Prop + with exec_function_ind4 := Minimality for exec_function Sort Prop. + +(** Ugly mutual induction principle over evaluation derivations. + Coq is not able to generate it directly, even though it is + an immediate consequence of the 4 induction principles generated + by the [Scheme] command above. *) + +Lemma exec_mutual_induction: + forall (P + P0 : function -> + val -> + frame -> + code -> + regset -> + frame -> mem -> code -> regset -> frame -> mem -> Prop) + (P1 : function -> + frame -> val -> val -> regset -> mem -> regset -> mem -> Prop) + (P2 : function -> frame -> regset -> mem -> regset -> mem -> Prop), + (forall (f : function) (sp : val) (parent : frame) (lbl : label) + (c : list instruction) (rs : regset) (fr : frame) (m : mem), + P f sp parent (Mlabel lbl :: c) rs fr m c rs fr m) -> + (forall (f : function) (sp : val) (parent : frame) (ofs : int) + (ty : typ) (dst : mreg) (c : list instruction) (rs : regset) + (fr : frame) (m : mem) (v : val), + get_slot fr ty (Int.signed ofs) v -> + P f sp parent (Mgetstack ofs ty dst :: c) rs fr m c rs # dst <- v fr + m) -> + (forall (f : function) (sp : val) (parent : frame) (src : mreg) + (ofs : int) (ty : typ) (c : list instruction) (rs : mreg -> val) + (fr : frame) (m : mem) (fr' : frame), + set_slot fr ty (Int.signed ofs) (rs src) fr' -> + P f sp parent (Msetstack src ofs ty :: c) rs fr m c rs fr' m) -> + (forall (f : function) (sp : val) (parent : frame) (ofs : int) + (ty : typ) (dst : mreg) (c : list instruction) (rs : regset) + (fr : frame) (m : mem) (v : val), + get_slot parent ty (Int.signed ofs) v -> + P f sp parent (Mgetparam ofs ty dst :: c) rs fr m c rs # dst <- v fr + m) -> + (forall (f : function) (sp : val) (parent : frame) (op : operation) + (args : list mreg) (res : mreg) (c : list instruction) + (rs : mreg -> val) (fr : frame) (m : mem) (v : val), + eval_operation ge sp op rs ## args = Some v -> + P f sp parent (Mop op args res :: c) rs fr m c rs # res <- v fr m) -> + (forall (f : function) (sp : val) (parent : frame) + (chunk : memory_chunk) (addr : addressing) (args : list mreg) + (dst : mreg) (c : list instruction) (rs : mreg -> val) (fr : frame) + (m : mem) (a v : val), + eval_addressing ge sp addr rs ## args = Some a -> + loadv chunk m a = Some v -> + P f sp parent (Mload chunk addr args dst :: c) rs fr m c + rs # dst <- v fr m) -> + (forall (f : function) (sp : val) (parent : frame) + (chunk : memory_chunk) (addr : addressing) (args : list mreg) + (src : mreg) (c : list instruction) (rs : mreg -> val) (fr : frame) + (m m' : mem) (a : val), + eval_addressing ge sp addr rs ## args = Some a -> + storev chunk m a (rs src) = Some m' -> + P f sp parent (Mstore chunk addr args src :: c) rs fr m c rs fr m') -> + (forall (f : function) (sp : val) (parent : frame) (sig : signature) + (ros : mreg + ident) (c : list instruction) (rs : regset) + (fr : frame) (m : mem) (f' : function) (rs' : regset) (m' : mem), + find_function ge ros rs = Some f' -> + exec_function f' fr rs m rs' m' -> + P2 f' fr rs m rs' m' -> + P f sp parent (Mcall sig ros :: c) rs fr m c rs' fr m') -> + (forall (f : function) (sp : val) (parent : frame) (lbl : label) + (c : list instruction) (rs : regset) (fr : frame) (m : mem) + (c' : code), + find_label lbl (fn_code f) = Some c' -> + P f sp parent (Mgoto lbl :: c) rs fr m c' rs fr m) -> + (forall (f : function) (sp : val) (parent : frame) + (cond : condition) (args : list mreg) (lbl : label) + (c : list instruction) (rs : mreg -> val) (fr : frame) (m : mem) + (c' : code), + eval_condition cond rs ## args = Some true -> + find_label lbl (fn_code f) = Some c' -> + P f sp parent (Mcond cond args lbl :: c) rs fr m c' rs fr m) -> + (forall (f : function) (sp : val) (parent : frame) + (cond : condition) (args : list mreg) (lbl : label) + (c : list instruction) (rs : mreg -> val) (fr : frame) (m : mem), + eval_condition cond rs ## args = Some false -> + P f sp parent (Mcond cond args lbl :: c) rs fr m c rs fr m) -> + (forall (f : function) (sp : val) (parent : frame) (c : code) + (rs : regset) (fr : frame) (m : mem), + P0 f sp parent c rs fr m c rs fr m) -> + (forall (f : function) (sp : val) (parent : frame) (c : code) + (rs : regset) (fr : frame) (m : mem) (c' : code) (rs' : regset) + (fr' : frame) (m' : mem), + exec_instr f sp parent c rs fr m c' rs' fr' m' -> + P f sp parent c rs fr m c' rs' fr' m' -> + P0 f sp parent c rs fr m c' rs' fr' m') -> + (forall (f : function) (sp : val) (parent : frame) (c1 : code) + (rs1 : regset) (fr1 : frame) (m1 : mem) (c2 : code) (rs2 : regset) + (fr2 : frame) (m2 : mem) (c3 : code) (rs3 : regset) (fr3 : frame) + (m3 : mem), + exec_instrs f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2 -> + P0 f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2 -> + exec_instrs f sp parent c2 rs2 fr2 m2 c3 rs3 fr3 m3 -> + P0 f sp parent c2 rs2 fr2 m2 c3 rs3 fr3 m3 -> + P0 f sp parent c1 rs1 fr1 m1 c3 rs3 fr3 m3) -> + (forall (f : function) (parent : frame) (link ra : val) (rs : regset) + (m : mem) (rs' : regset) (m1 m2 : mem) (stk : block) + (fr1 fr2 fr3 : frame) (c : list instruction), + alloc m 0 (fn_stacksize f) = (m1, stk) -> + set_slot (init_frame f) Tint 0 link fr1 -> + set_slot fr1 Tint 4 ra fr2 -> + exec_instrs f (Vptr stk (Int.repr (-f.(fn_framesize)))) parent (fn_code f) rs fr2 m1 (Mreturn :: c) rs' fr3 + m2 -> + P0 f (Vptr stk (Int.repr (-f.(fn_framesize)))) parent (fn_code f) rs fr2 m1 (Mreturn :: c) rs' fr3 m2 -> + P1 f parent link ra rs m rs' (free m2 stk)) -> + (forall (f : function) (parent : frame) (rs : regset) (m : mem) + (rs' : regset) (m' : mem), + (forall link ra : val, + Val.has_type link Tint -> + Val.has_type ra Tint -> + exec_function_body f parent link ra rs m rs' m') -> + (forall link ra : val, + Val.has_type link Tint -> + Val.has_type ra Tint -> P1 f parent link ra rs m rs' m') -> + P2 f parent rs m rs' m') -> + (forall (f15 : function) (sp : val) (f16 : frame) (c : code) + (r : regset) (f17 : frame) (m : mem) (c0 : code) (r0 : regset) + (f18 : frame) (m0 : mem), + exec_instr f15 sp f16 c r f17 m c0 r0 f18 m0 -> + P f15 sp f16 c r f17 m c0 r0 f18 m0) + /\ (forall (f15 : function) (sp : val) (f16 : frame) (c : code) + (r : regset) (f17 : frame) (m : mem) (c0 : code) (r0 : regset) + (f18 : frame) (m0 : mem), + exec_instrs f15 sp f16 c r f17 m c0 r0 f18 m0 -> + P0 f15 sp f16 c r f17 m c0 r0 f18 m0) + /\ (forall (f15 : function) (f16 : frame) (v1 v2 : val) (r : regset) (m : mem) + (r0 : regset) (m0 : mem), + exec_function_body f15 f16 v1 v2 r m r0 m0 -> P1 f15 f16 v1 v2 r m r0 m0) + /\ (forall (f15 : function) (f16 : frame) (r : regset) (m : mem) + (r0 : regset) (m0 : mem), + exec_function f15 f16 r m r0 m0 -> P2 f15 f16 r m r0 m0). +Proof. + intros. split. apply (exec_instr_ind4 P P0 P1 P2); assumption. + split. apply (exec_instrs_ind4 P P0 P1 P2); assumption. + split. apply (exec_function_body_ind4 P P0 P1 P2); assumption. + apply (exec_function_ind4 P P0 P1 P2); assumption. +Qed. + +End RELSEM. + +Definition exec_program (p: program) (r: val) : Prop := + let ge := Genv.globalenv p in + let m0 := Genv.init_mem p in + exists b, exists f, exists rs, exists m, + Genv.find_symbol ge p.(prog_main) = Some b /\ + Genv.find_funct_ptr ge b = Some f /\ + f.(fn_sig) = mksignature nil (Some Tint) /\ + exec_function ge f empty_frame (Regmap.init Vundef) m0 rs m /\ + rs (Conventions.loc_result f.(fn_sig)) = r. + diff --git a/backend/Machabstr2mach.v b/backend/Machabstr2mach.v new file mode 100644 index 00000000..8549cefc --- /dev/null +++ b/backend/Machabstr2mach.v @@ -0,0 +1,1120 @@ +(** Simulation between the two semantics for the Mach language. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. +Require Import Machabstr. +Require Import Mach. +Require Import Machtyping. +Require Import Stackingproof. + +(** Two semantics were defined for the Mach intermediate language: +- The concrete semantics (file [Mach]), where the whole activation + record resides in memory and the [Mgetstack], [Msetstack] and + [Mgetparent] are interpreted as [sp]-relative memory accesses. +- The abstract semantics (file [Machabstr]), where the activation + record is split in two parts: the Cminor stack data, resident in + memory, and the frame information, residing not in memory but + in additional evaluation environments. + + In this file, we show a simulation result between these + semantics: if a program executes to some result [r] in the + abstract semantics, it also executes to the same result in + the concrete semantics. This result bridges the correctness proof + in file [Stackingproof] (which uses the abstract Mach semantics + as output) and that in file [PPCgenproof] (which uses the concrete + Mach semantics as input). +*) + +Remark align_16_top_ge: + forall lo hi, + hi <= align_16_top lo hi. +Proof. + intros. unfold align_16_top. apply Zmax_bound_r. + assert (forall x, x <= (x + 15) / 16 * 16). + intro. assert (16 > 0). omega. + generalize (Z_div_mod_eq (x + 15) 16 H). intro. + replace ((x + 15) / 16 * 16) with ((x + 15) - (x + 15) mod 16). + generalize (Z_mod_lt (x + 15) 16 H). omega. + rewrite Zmult_comm. omega. + generalize (H (hi - lo)). omega. +Qed. + +Remark align_16_top_pos: + forall lo hi, + 0 <= align_16_top lo hi. +Proof. + intros. unfold align_16_top. apply Zmax_bound_l. omega. +Qed. + +Remark size_mem_pos: + forall sz, size_mem sz > 0. +Proof. + destruct sz; simpl; compute; auto. +Qed. + +Remark size_type_chunk: + forall ty, size_chunk (chunk_of_type ty) = 4 * typesize ty. +Proof. + destruct ty; reflexivity. +Qed. + +Remark mem_chunk_type: + forall ty, mem_chunk (chunk_of_type ty) = mem_type ty. +Proof. + destruct ty; reflexivity. +Qed. + +Remark size_mem_type: + forall ty, size_mem (mem_type ty) = 4 * typesize ty. +Proof. + destruct ty; reflexivity. +Qed. + +(** * Agreement between frames and memory-resident activation records *) + +(** ** Agreement for one frame *) + +(** The core idea of the simulation proof is that for all active + functions, the memory-allocated activation record, in the concrete + semantics, contains the same data as the Cminor stack block + (at positive offsets) and the frame of the function (at negative + offsets) in the abstract semantics. + + This intuition (activation record = Cminor stack data + frame) + is formalized by the following predicate [frame_match fr sp base mm ms]. + [fr] is a frame and [mm] the current memory state in the abstract + semantics. [ms] is the current memory state in the concrete semantics. + The stack pointer is [Vptr sp base] in both semantics. *) + +Inductive frame_match: frame -> block -> int -> mem -> mem -> Prop := + frame_match_intro: + forall fr sp base mm ms, + valid_block ms sp -> + low_bound mm sp = 0 -> + low_bound ms sp = fr.(low) -> + high_bound ms sp = align_16_top fr.(low) (high_bound mm sp) -> + fr.(low) <= 0 -> + Int.min_signed <= fr.(low) -> + base = Int.repr fr.(low) -> + block_contents_agree fr.(low) 0 fr (ms.(blocks) sp) -> + block_contents_agree 0 (high_bound ms sp) + (mm.(blocks) sp) (ms.(blocks) sp) -> + frame_match fr sp base mm ms. + +(** [frame_match], while presented as a relation for convenience, + is actually a function: it fully determines the contents of the + activation record [ms.(blocks) sp]. *) + +Lemma frame_match_exten: + forall fr sp base mm ms1 ms2, + frame_match fr sp base mm ms1 -> + frame_match fr sp base mm ms2 -> + ms1.(blocks) sp = ms2.(blocks) sp. +Proof. + intros. inversion H. inversion H0. + unfold low_bound, high_bound in *. + apply block_contents_exten. + congruence. + congruence. + hnf; intros. + elim H29. rewrite H3; rewrite H4; intros. + case (zlt ofs 0); intro. + assert (low fr <= ofs < 0). tauto. + transitivity (contents fr ofs). + symmetry. apply H8; auto. + apply H22; auto. + transitivity (contents (blocks mm sp) ofs). + symmetry. apply H9. rewrite H4. omega. + apply H23. rewrite H18. omega. +Qed. + +(** The following two innocuous-looking lemmas are the key results + showing that [sp]-relative memory accesses in the concrete + semantics behave like the direct frame accesses in the abstract + semantics. First, a value [v] that has type [ty] is preserved + when stored in memory with chunk [chunk_of_type ty], then read + back with the same chunk. The typing hypothesis is crucial here: + for instance, a float value reads back as [Vundef] when stored + and load with chunk [Mint32]. *) + +Lemma load_result_ty: + forall v ty, + Val.has_type v ty -> Val.load_result (chunk_of_type ty) v = v. +Proof. + destruct v; destruct ty; simpl; contradiction || reflexivity. +Qed. + +(** Second, computations of [sp]-relative offsets using machine + arithmetic (as done in the concrete semantics) never overflows + and behaves identically to the offset computations using exact + arithmetic (as done in the abstract semantics). *) + +Lemma int_add_no_overflow: + forall x y, + Int.min_signed <= Int.signed x + Int.signed y <= Int.max_signed -> + Int.signed (Int.add x y) = Int.signed x + Int.signed y. +Proof. + intros. rewrite Int.add_signed. rewrite Int.signed_repr. auto. auto. +Qed. + +(** Given matching frames and activation records, loading from the + activation record (in the concrete semantics) behaves identically + to reading the corresponding slot from the frame + (in the abstract semantics). *) + +Lemma frame_match_get_slot: + forall fr sp base mm ms ty ofs v, + frame_match fr sp base mm ms -> + get_slot fr ty (Int.signed ofs) v -> + Val.has_type v ty -> + load_stack ms (Vptr sp base) ty ofs = Some v. +Proof. + intros. inversion H. inversion H0. subst v. + unfold load_stack, Val.add, loadv. + assert (Int.signed base = low fr). + rewrite H8. apply Int.signed_repr. + split. auto. apply Zle_trans with 0. auto. compute; congruence. + assert (Int.signed (Int.add base ofs) = low fr + Int.signed ofs). + rewrite int_add_no_overflow. rewrite H18. auto. + rewrite H18. split. omega. apply Zle_trans with 0. + generalize (typesize_pos ty). omega. compute. congruence. + rewrite H23. + assert (BND1: low_bound ms sp <= low fr + Int.signed ofs). + omega. + assert (BND2: (low fr + Int.signed ofs) + size_chunk (chunk_of_type ty) <= high_bound ms sp). + rewrite size_type_chunk. apply Zle_trans with 0. + assumption. rewrite H5. apply align_16_top_pos. + generalize (load_in_bounds (chunk_of_type ty) ms sp (low fr + Int.signed ofs) H2 BND1 BND2). + intros [v' LOAD]. + generalize (load_inv _ _ _ _ _ LOAD). + intros [A [B [C D]]]. + rewrite LOAD. rewrite <- D. + decEq. rewrite mem_chunk_type. + rewrite <- size_mem_type in H17. + assert (low fr <= low fr + Int.signed ofs). omega. + generalize (load_contentmap_agree _ _ _ _ _ _ H9 H24 H17). + intro. rewrite H25. + apply load_result_ty. + assumption. +Qed. + +(** Loads from [sp], corresponding to accesses to Cminor stack data + in the abstract semantics, give the same results in the concrete + semantics. This is because the offset from [sp] must be positive or + null for the original load to succeed, and because the part + of the activation record at positive offsets matches the Cminor + stack data block. *) + +Lemma frame_match_load: + forall fr sp base mm ms chunk ofs v, + frame_match fr sp base mm ms -> + load chunk mm sp ofs = Some v -> + load chunk ms sp ofs = Some v. +Proof. + intros. inversion H. + generalize (load_inv _ _ _ _ _ H0). intros [A [B [C D]]]. + change (low (blocks mm sp)) with (low_bound mm sp) in B. + change (high (blocks mm sp)) with (high_bound mm sp) in C. + unfold load. rewrite zlt_true; auto. + rewrite in_bounds_holds. + rewrite <- D. decEq. decEq. eapply load_contentmap_agree. + red in H9. eexact H9. + omega. + unfold size_chunk in C. rewrite H4. + apply Zle_trans with (high_bound mm sp). auto. + apply align_16_top_ge. + change (low (blocks ms sp)) with (low_bound ms sp). + rewrite H3. omega. + change (high (blocks ms sp)) with (high_bound ms sp). + rewrite H4. apply Zle_trans with (high_bound mm sp). auto. + apply align_16_top_ge. +Qed. + +(** Assigning a value to a frame slot (in the abstract semantics) + corresponds to storing this value in the activation record + (in the concrete semantics). Moreover, agreement between frames + and activation records is preserved. *) + +Lemma frame_match_set_slot: + forall fr sp base mm ms ty ofs v fr', + frame_match fr sp base mm ms -> + set_slot fr ty (Int.signed ofs) v fr' -> + exists ms', + store_stack ms (Vptr sp base) ty ofs v = Some ms' /\ + frame_match fr' sp base mm ms'. +Proof. + intros. inversion H. inversion H0. subst ty0. + unfold store_stack, Val.add, storev. + assert (Int.signed base = low fr). + rewrite H7. apply Int.signed_repr. + split. auto. apply Zle_trans with 0. auto. compute; congruence. + assert (Int.signed (Int.add base ofs) = low fr + Int.signed ofs). + rewrite int_add_no_overflow. rewrite H16. auto. + rewrite H16. split. omega. apply Zle_trans with 0. + generalize (typesize_pos ty). omega. compute. congruence. + rewrite H20. + assert (BND1: low_bound ms sp <= low fr + Int.signed ofs). + omega. + assert (BND2: (low fr + Int.signed ofs) + size_chunk (chunk_of_type ty) <= high_bound ms sp). + rewrite size_type_chunk. rewrite H4. + apply Zle_trans with 0. subst ofs0. auto. apply align_16_top_pos. + generalize (store_in_bounds _ _ _ _ v H1 BND1 BND2). + intros [ms' STORE]. + generalize (store_inv _ _ _ _ _ _ STORE). intros [P [Q [R [S [x T]]]]]. + generalize (low_bound_store _ _ _ _ sp _ _ STORE). intro LB. + generalize (high_bound_store _ _ _ _ sp _ _ STORE). intro HB. + exists ms'. + split. exact STORE. + apply frame_match_intro; auto. + eapply valid_block_store; eauto. + rewrite LB. auto. + rewrite HB. auto. + red. rewrite T; rewrite update_s; simpl. + rewrite mem_chunk_type. + subst ofs0. eapply store_contentmap_agree; eauto. + rewrite HB; rewrite T; rewrite update_s. + red. simpl. apply store_contentmap_outside_agree. + assumption. left. rewrite mem_chunk_type. + rewrite size_mem_type. subst ofs0. auto. +Qed. + +(** Agreement is preserved by stores within blocks other than the + one pointed to by [sp]. *) + +Lemma frame_match_store_stack_other: + forall fr sp base mm ms sp' base' ty ofs v ms', + frame_match fr sp base mm ms -> + store_stack ms (Vptr sp' base') ty ofs v = Some ms' -> + sp <> sp' -> + frame_match fr sp base mm ms'. +Proof. + unfold store_stack, Val.add, storev. intros. inversion H. + generalize (store_inv _ _ _ _ _ _ H0). intros [P [Q [R [S [x T]]]]]. + generalize (low_bound_store _ _ _ _ sp _ _ H0). intro LB. + generalize (high_bound_store _ _ _ _ sp _ _ H0). intro HB. + apply frame_match_intro; auto. + eapply valid_block_store; eauto. + rewrite LB; auto. + rewrite HB; auto. + rewrite T; rewrite update_o; auto. + rewrite HB; rewrite T; rewrite update_o; auto. +Qed. + +(** Stores relative to [sp], corresponding to accesses to Cminor stack data + in the abstract semantics, give the same results in the concrete + semantics. Moreover, agreement between frames and activation + records is preserved. *) + +Lemma frame_match_store_ok: + forall fr sp base mm ms chunk ofs v mm', + frame_match fr sp base mm ms -> + store chunk mm sp ofs v = Some mm' -> + exists ms', store chunk ms sp ofs v = Some ms'. +Proof. + intros. inversion H. + generalize (store_inv _ _ _ _ _ _ H0). intros [P [Q [R [S [x T]]]]]. + change (low (blocks mm sp)) with (low_bound mm sp) in Q. + change (high (blocks mm sp)) with (high_bound mm sp) in R. + apply store_in_bounds. + auto. + omega. + apply Zle_trans with (high_bound mm sp). + auto. rewrite H4. apply align_16_top_ge. +Qed. + +Lemma frame_match_store: + forall fr sp base mm ms chunk b ofs v mm' ms', + frame_match fr sp base mm ms -> + store chunk mm b ofs v = Some mm' -> + store chunk ms b ofs v = Some ms' -> + frame_match fr sp base mm' ms'. +Proof. + intros. inversion H. + generalize (store_inv _ _ _ _ _ _ H1). intros [A [B [C [D [x1 E]]]]]. + generalize (store_inv _ _ _ _ _ _ H0). intros [I [J [K [L [x2 M]]]]]. + generalize (low_bound_store _ _ _ _ sp _ _ H0). intro LBm. + generalize (low_bound_store _ _ _ _ sp _ _ H1). intro LBs. + generalize (high_bound_store _ _ _ _ sp _ _ H0). intro HBm. + generalize (high_bound_store _ _ _ _ sp _ _ H1). intro HBs. + apply frame_match_intro; auto. + eapply valid_block_store; eauto. + congruence. congruence. congruence. + rewrite E. unfold update. case (zeq sp b); intro. + subst b. red; simpl. + apply store_contentmap_outside_agree; auto. + right. unfold low_bound in H3. omega. + assumption. + rewrite HBs; rewrite E; rewrite M; unfold update. + case (zeq sp b); intro. + subst b. red; simpl. + apply store_contentmap_agree; auto. + assumption. +Qed. + +(** Memory allocation of the Cminor stack data block (in the abstract + semantics) and of the whole activation record (in the concrete + semantics) return memory states that agree according to [frame_match]. + Moreover, [frame_match] relations over already allocated blocks + remain true. *) + +Lemma frame_match_new: + forall mm ms mm' ms' sp sp' f, + mm.(nextblock) = ms.(nextblock) -> + alloc mm 0 f.(fn_stacksize) = (mm', sp) -> + alloc ms (- f.(fn_framesize)) (align_16_top (- f.(fn_framesize)) f.(fn_stacksize)) = (ms', sp') -> + f.(fn_framesize) >= 0 -> + f.(fn_framesize) <= -Int.min_signed -> + frame_match (init_frame f) sp (Int.repr (-f.(fn_framesize))) mm' ms'. +Proof. + intros. + injection H0; intros. injection H1; intros. + assert (sp = sp'). congruence. rewrite <- H8 in H6. subst sp'. + generalize (low_bound_alloc _ _ sp _ _ _ H0). rewrite zeq_true. intro LBm. + generalize (low_bound_alloc _ _ sp _ _ _ H1). rewrite zeq_true. intro LBs. + generalize (high_bound_alloc _ _ sp _ _ _ H0). rewrite zeq_true. intro HBm. + generalize (high_bound_alloc _ _ sp _ _ _ H1). rewrite zeq_true. intro HBs. + apply frame_match_intro; auto. + eapply valid_new_block; eauto. + simpl. congruence. + simpl. omega. + simpl. omega. + rewrite <- H7. simpl. rewrite H6; simpl. rewrite update_s. + hnf; simpl; auto. + rewrite HBs; rewrite <- H5; simpl; rewrite H4; rewrite <- H7; simpl; rewrite H6; simpl; + repeat (rewrite update_s). + hnf; simpl; auto. +Qed. + +Lemma frame_match_alloc: + forall mm ms fr sp base lom him los his mm' ms' bm bs, + mm.(nextblock) = ms.(nextblock) -> + frame_match fr sp base mm ms -> + alloc mm lom him = (mm', bm) -> + alloc ms los his = (ms', bs) -> + frame_match fr sp base mm' ms'. +Proof. + intros. inversion H0. + assert (sp <> bm). + apply valid_not_valid_diff with mm. + red. rewrite H. exact H3. + eapply fresh_block_alloc; eauto. + assert (sp <> bs). + apply valid_not_valid_diff with ms. auto. + eapply fresh_block_alloc; eauto. + generalize (low_bound_alloc _ _ sp _ _ _ H1). + rewrite zeq_false; auto; intro LBm. + generalize (low_bound_alloc _ _ sp _ _ _ H2). + rewrite zeq_false; auto; intro LBs. + generalize (high_bound_alloc _ _ sp _ _ _ H1). + rewrite zeq_false; auto; intro HBm. + generalize (high_bound_alloc _ _ sp _ _ _ H2). + rewrite zeq_false; auto; intro HBs. + apply frame_match_intro. + eapply valid_block_alloc; eauto. + congruence. congruence. congruence. auto. auto. auto. + injection H2; intros. rewrite <- H20; simpl; rewrite H19; simpl. + rewrite update_o; auto. + rewrite HBs; + injection H2; intros. rewrite <- H20; simpl; rewrite H19; simpl. + injection H1; intros. rewrite <- H22; simpl; rewrite H21; simpl. + repeat (rewrite update_o; auto). +Qed. + +(** [frame_match] relations are preserved by freeing a block + other than the one pointed to by [sp]. *) + +Lemma frame_match_free: + forall fr sp base mm ms b, + frame_match fr sp base mm ms -> + sp <> b -> + frame_match fr sp base (free mm b) (free ms b). +Proof. + intros. inversion H. + generalize (low_bound_free mm _ _ H0); intro LBm. + generalize (low_bound_free ms _ _ H0); intro LBs. + generalize (high_bound_free mm _ _ H0); intro HBm. + generalize (high_bound_free ms _ _ H0); intro HBs. + apply frame_match_intro; auto. + congruence. congruence. congruence. + unfold free; simpl. rewrite update_o; auto. + rewrite HBs. + unfold free; simpl. repeat (rewrite update_o; auto). +Qed. + +(** ** Agreement for all the frames in a call stack *) + +(** We need to reason about all the frames and activation records + active at any given time during the executions: not just + about those for the currently executing function, but also + those for the callers. These collections of + active frames are called ``call stacks''. They are lists + of triples representing a frame and a stack pointer + (reference and offset) in the abstract semantics. *) + +Definition callstack : Set := list (frame * block * int). + +(** The correct linking of frames (each frame contains a pointer + to the frame of its caller at the lowest offset) is captured + by the following predicate. *) + +Inductive callstack_linked: callstack -> Prop := + | callstack_linked_nil: + callstack_linked nil + | callstack_linked_one: + forall fr1 sp1 base1, + callstack_linked ((fr1, sp1, base1) :: nil) + | callstack_linked_cons: + forall fr1 sp1 base1 fr2 base2 sp2 cs, + get_slot fr1 Tint 0 (Vptr sp2 base2) -> + callstack_linked ((fr2, sp2, base2) :: cs) -> + callstack_linked ((fr1, sp1, base1) :: (fr2, sp2, base2) :: cs). + +(** [callstack_dom cs b] (read: call stack [cs] is ``dominated'' + by block reference [b]) means that the stack pointers in [cs] + strictly decrease and are all below [b]. This ensures that + the stack block for a function was allocated after that for its + callers. A consequence is that no two active functions share + the same stack block. *) + +Inductive callstack_dom: callstack -> block -> Prop := + | callstack_dom_nil: + forall b, callstack_dom nil b + | callstack_dom_cons: + forall fr sp base cs b, + sp < b -> + callstack_dom cs sp -> + callstack_dom ((fr, sp, base) :: cs) b. + +Lemma callstack_dom_less: + forall cs b, callstack_dom cs b -> + forall fr sp base, In (fr, sp, base) cs -> sp < b. +Proof. + induction 1. simpl. tauto. + simpl. intros fr0 sp0 base0 [A|B]. + injection A; intros; subst fr0; subst sp0; subst base0. auto. + apply Zlt_trans with sp. eapply IHcallstack_dom; eauto. auto. +Qed. + +Lemma callstack_dom_diff: + forall cs b, callstack_dom cs b -> + forall fr sp base, In (fr, sp, base) cs -> sp <> b. +Proof. + intros. apply Zlt_not_eq. eapply callstack_dom_less; eauto. +Qed. + +Lemma callstack_dom_incr: + forall cs b, callstack_dom cs b -> + forall b', b < b' -> callstack_dom cs b'. +Proof. + induction 1; intros. + apply callstack_dom_nil. + apply callstack_dom_cons. omega. auto. +Qed. + +(** Every block reference is either ``in'' a call stack (that is, + refers to the stack block of one of the calls) or ``not in'' + a call stack (that is, differs from all the stack blocks). *) + +Inductive notin_callstack: block -> callstack -> Prop := + | notin_callstack_nil: + forall b, notin_callstack b nil + | notin_callstack_cons: + forall b fr sp base cs, + b <> sp -> + notin_callstack b cs -> + notin_callstack b ((fr, sp, base) :: cs). + +Lemma in_or_notin_callstack: + forall b cs, + (exists fr, exists base, In (fr, b, base) cs) \/ notin_callstack b cs. +Proof. + induction cs. + right; constructor. + elim IHcs. + intros [fr [base IN]]. left. exists fr; exists base; auto with coqlib. + intro NOTIN. destruct a. destruct p. case (eq_block b b0); intro. + left. exists f; exists i. subst b0. auto with coqlib. + right. apply notin_callstack_cons; auto. +Qed. + +(** [callstack_invariant cs mm ms] relates the memory state [mm] + from the abstract semantics with the memory state [ms] from the + concrete semantics, relative to the current call stack [cs]. + Five conditions are enforced: +- All frames in [cs] agree with the corresponding activation records + (in the sense of [frame_match]). +- The frames in the call stack are properly linked. +- Memory blocks that are not activation records for active function + calls are exactly identical in [mm] and [ms]. +- The allocation pointers are the same in [mm] and [ms]. +- The call stack [cs] is ``dominated'' by this allocation pointer, + implying that all activation records are valid, allocated blocks, + pairwise disjoint, and they were allocated in the order implied + by [cs]. *) + +Record callstack_invariant (cs: callstack) (mm ms: mem) : Prop := + mk_callstack_invariant { + cs_frame: + forall fr sp base, + In (fr, sp, base) cs -> frame_match fr sp base mm ms; + cs_linked: + callstack_linked cs; + cs_others: + forall b, notin_callstack b cs -> + mm.(blocks) b = ms.(blocks) b; + cs_next: + mm.(nextblock) = ms.(nextblock); + cs_dom: + callstack_dom cs ms.(nextblock) + }. + +(** Again, while [callstack_invariant] is presented as a relation, + it actually fully determines the concrete memory state [ms] + from the abstract memory state [mm] and the call stack [cs]. *) + +Lemma callstack_exten: + forall cs mm ms1 ms2, + callstack_invariant cs mm ms1 -> + callstack_invariant cs mm ms2 -> + ms1 = ms2. +Proof. + intros. inversion H; inversion H0. + apply mem_exten. + congruence. + intros. elim (in_or_notin_callstack b cs). + intros [fr [base FM]]. apply frame_match_exten with fr base mm; auto. + intro. transitivity (blocks mm b). + symmetry. auto. auto. +Qed. + +(** The following properties of [callstack_invariant] are the + building blocks for the proof of simulation. First, a [get_slot] + operation in the abstract semantics corresponds to a [sp]-relative + memory load in the concrete semantics. *) + +Lemma callstack_get_slot: + forall fr sp base cs mm ms ty ofs v, + callstack_invariant ((fr, sp, base) :: cs) mm ms -> + get_slot fr ty (Int.signed ofs) v -> + Val.has_type v ty -> + load_stack ms (Vptr sp base) ty ofs = Some v. +Proof. + intros. inversion H. + apply frame_match_get_slot with fr mm. + apply cs_frame0. apply in_eq. + auto. auto. +Qed. + +(** Similarly, a [get_parent] operation corresponds to loading + the back-link from the current activation record, then loading + from this back-link. *) + +Lemma callstack_get_parent: + forall fr1 sp1 base1 fr2 sp2 base2 cs mm ms ty ofs v, + callstack_invariant ((fr1, sp1, base1) :: (fr2, sp2, base2) :: cs) mm ms -> + get_slot fr2 ty (Int.signed ofs) v -> + Val.has_type v ty -> + load_stack ms (Vptr sp1 base1) Tint (Int.repr 0) = Some (Vptr sp2 base2) /\ + load_stack ms (Vptr sp2 base2) ty ofs = Some v. +Proof. + intros. inversion H. split. + inversion cs_linked0. + apply frame_match_get_slot with fr1 mm. + apply cs_frame0. auto with coqlib. + rewrite Int.signed_repr. auto. compute. intuition congruence. + exact I. + apply frame_match_get_slot with fr2 mm. + apply cs_frame0. auto with coqlib. + auto. auto. +Qed. + +(** A memory load valid in the abstract semantics can also be performed + in the concrete semantics. *) + +Lemma callstack_load: + forall cs chunk mm ms a v, + callstack_invariant cs mm ms -> + loadv chunk mm a = Some v -> + loadv chunk ms a = Some v. +Proof. + unfold loadv. intros. destruct a; try discriminate. + inversion H. + elim (in_or_notin_callstack b cs). + intros [fr [base IN]]. apply frame_match_load with fr base mm; auto. + intro. rewrite <- H0. unfold load. + rewrite (cs_others0 b H1). rewrite cs_next0. reflexivity. +Qed. + +(** A [set_slot] operation in the abstract semantics corresponds + to a [sp]-relative memory store in the concrete semantics. + Moreover, the property [callstack_invariant] still holds for + the final call stacks and memory states. *) + +Lemma callstack_set_slot: + forall fr sp base cs mm ms ty ofs v fr', + callstack_invariant ((fr, sp, base) :: cs) mm ms -> + set_slot fr ty (Int.signed ofs) v fr' -> + 4 <= Int.signed ofs -> + exists ms', + store_stack ms (Vptr sp base) ty ofs v = Some ms' /\ + callstack_invariant ((fr', sp, base) :: cs) mm ms'. +Proof. + intros. inversion H. + assert (frame_match fr sp base mm ms). apply cs_frame0. apply in_eq. + generalize (frame_match_set_slot _ _ _ _ _ _ _ _ _ H2 H0). + intros [ms' [SS FM]]. + generalize (store_inv _ _ _ _ _ _ SS). intros [A [B [C [D [x E]]]]]. + exists ms'. + split. auto. + constructor. + (* cs_frame *) + intros. elim H3; intros. + injection H4; intros; clear H4. + subst fr0; subst sp0; subst base0. auto. + apply frame_match_store_stack_other with ms sp base ty ofs v. + apply cs_frame0. auto with coqlib. auto. + apply callstack_dom_diff with cs fr0 base0. inversion cs_dom0; auto. auto. + (* cs_linked *) + inversion cs_linked0. apply callstack_linked_one. + apply callstack_linked_cons. + eapply slot_gso; eauto. + auto. + (* cs_others *) + intros. inversion H3. + rewrite E; simpl. rewrite update_o; auto. apply cs_others0. + constructor; auto. + (* cs_next *) + congruence. + (* cs_dom *) + inversion cs_dom0. constructor. rewrite D; auto. auto. +Qed. + +(** A memory store in the abstract semantics can also be performed + in the concrete semantics. Moreover, the property + [callstack_invariant] is preserved. *) + +Lemma callstack_store_aux: + forall cs mm ms chunk b ofs v mm' ms', + callstack_invariant cs mm ms -> + store chunk mm b ofs v = Some mm' -> + store chunk ms b ofs v = Some ms' -> + callstack_invariant cs mm' ms'. +Proof. + intros. inversion H. + generalize (store_inv _ _ _ _ _ _ H0). intros [A [B [C [D [x E]]]]]. + generalize (store_inv _ _ _ _ _ _ H1). intros [P [Q [R [S [y T]]]]]. + constructor; auto. + (* cs_frame *) + intros. eapply frame_match_store; eauto. + (* cs_others *) + intros. generalize (cs_others0 b0 H2); intro. + rewrite E; rewrite T; unfold update. + case (zeq b0 b); intro. + subst b0. + generalize x; generalize y. rewrite H3. + intros. replace y0 with x0. reflexivity. apply proof_irrelevance. + auto. + (* cs_nextblock *) + congruence. + (* cs_dom *) + rewrite S. auto. +Qed. + +Lemma callstack_store_ok: + forall cs mm ms chunk b ofs v mm', + callstack_invariant cs mm ms -> + store chunk mm b ofs v = Some mm' -> + exists ms', store chunk ms b ofs v = Some ms'. +Proof. + intros. inversion H. + elim (in_or_notin_callstack b cs). + intros [fr [base IN]]. + apply frame_match_store_ok with fr base mm mm'; auto. + intro. generalize (cs_others0 b H1). intro. + generalize (store_inv _ _ _ _ _ _ H0). + rewrite cs_next0; rewrite H2. intros [A [B [C [D [x E]]]]]. + apply store_in_bounds; auto. +Qed. + +Lemma callstack_store: + forall cs mm ms chunk a v mm', + callstack_invariant cs mm ms -> + storev chunk mm a v = Some mm' -> + exists ms', + storev chunk ms a v = Some ms' /\ + callstack_invariant cs mm' ms'. +Proof. + unfold storev; intros. destruct a; try discriminate. + generalize (callstack_store_ok _ _ _ _ _ _ _ _ H H0). + intros [ms' STORE]. + exists ms'. split. auto. eapply callstack_store_aux; eauto. +Qed. + +(** At function entry, a new frame is pushed on the call stack, + and memory blocks are allocated in both semantics. Moreover, + the back link to the caller's activation record is set up + in the concrete semantics. All this preserves [callstack_invariant]. *) + +Lemma callstack_function_entry: + forall fr0 sp0 base0 cs mm ms f fr mm' sp ms' sp', + callstack_invariant ((fr0, sp0, base0) :: cs) mm ms -> + alloc mm 0 f.(fn_stacksize) = (mm', sp) -> + alloc ms (- f.(fn_framesize)) (align_16_top (- f.(fn_framesize)) f.(fn_stacksize)) = (ms', sp') -> + f.(fn_framesize) >= 0 -> + f.(fn_framesize) <= -Int.min_signed -> + set_slot (init_frame f) Tint 0 (Vptr sp0 base0) fr -> + let base := Int.repr (-f.(fn_framesize)) in + exists ms'', + store_stack ms' (Vptr sp base) Tint (Int.repr 0) (Vptr sp0 base0) = Some ms'' + /\ callstack_invariant ((fr, sp, base) :: (fr0, sp0, base0) :: cs) mm' ms'' + /\ sp' = sp. +Proof. + assert (ZERO: 0 = Int.signed (Int.repr 0)). + rewrite Int.signed_repr. auto. compute; intuition congruence. + intros. inversion H. + injection H0; intros. injection H1; intros. + assert (sp' = sp). congruence. rewrite H9 in H7. subst sp'. + assert (frame_match (init_frame f) sp base mm' ms'). + unfold base. eapply frame_match_new; eauto. + rewrite ZERO in H4. + generalize (frame_match_set_slot _ _ _ _ _ _ _ _ _ H9 H4). + intros [ms'' [SS FM]]. + generalize (store_inv _ _ _ _ _ _ SS). + intros [A [B [C [D [x E]]]]]. + exists ms''. split; auto. split. + constructor. + (* cs_frame *) + intros. elim H10; intro. + injection H11; intros; clear H11. + subst fr1; subst sp1; subst base1. auto. + eapply frame_match_store_stack_other; eauto. + eapply frame_match_alloc; [idtac|idtac|eexact H0|eexact H1]. + congruence. eapply cs_frame; eauto with coqlib. + rewrite <- H7. eapply callstack_dom_diff; eauto with coqlib. + (* cs_linked *) + constructor. rewrite ZERO. eapply slot_gss; eauto. auto. + (* cs_others *) + intros. inversion H10. + rewrite E; rewrite update_o; auto. + rewrite <- H6; rewrite <- H8; simpl; rewrite H5; rewrite H7; simpl. + repeat (rewrite update_o; auto). + (* cs_next *) + rewrite D. rewrite <- H6; rewrite <- H8; simpl. congruence. + (* cs_dom *) + constructor. rewrite D; auto. rewrite <- H7. auto. + auto. +Qed. + +(** At function return, the memory blocks corresponding to Cminor + stack data and activation record for the function are freed. + This preserves [callstack_invariant]. *) + +Lemma callstack_function_return: + forall fr sp base cs mm ms, + callstack_invariant ((fr, sp, base) :: cs) mm ms -> + callstack_invariant cs (free mm sp) (free ms sp). +Proof. + intros. inversion H. inversion cs_dom0. + constructor. + (* cs_frame *) + intros. apply frame_match_free. apply cs_frame0; auto with coqlib. + apply callstack_dom_diff with cs fr1 base1. auto. auto. + (* cs_linked *) + inversion cs_linked0. apply callstack_linked_nil. auto. + (* cs_others *) + intros. + unfold free; simpl; unfold update. + case (zeq b0 sp); intro. + auto. + apply cs_others0. apply notin_callstack_cons; auto. + (* cs_nextblock *) + simpl. auto. + (* cs_dom *) + simpl. apply callstack_dom_incr with sp; auto. +Qed. + +(** Finally, [callstack_invariant] holds for the initial memory states + in the two semantics. *) + +Lemma callstack_init: + forall (p: program), + callstack_invariant ((empty_frame, nullptr, Int.zero) :: nil) + (Genv.init_mem p) (Genv.init_mem p). +Proof. + intros. + generalize (Genv.initmem_nullptr p). intros [A B]. + constructor. + (* cs_frame *) + intros. elim H; intro. + injection H0; intros; subst fr; subst sp; subst base. + constructor. + assumption. + unfold low_bound. rewrite B. reflexivity. + unfold low_bound, empty_frame. rewrite B. reflexivity. + unfold high_bound. rewrite B. reflexivity. + simpl. omega. + simpl. compute. intuition congruence. + reflexivity. + rewrite B. unfold empty_frame. simpl. hnf. auto. + rewrite B. hnf. auto. + elim H0. + (* cs_linked *) + apply callstack_linked_one. + (* cs_others *) + auto. + (* cs_nextblock *) + reflexivity. + (* cs_dom *) + constructor. exact A. constructor. +Qed. + +(** * The proof of simulation *) + +Section SIMULATION. + +Variable p: program. +Hypothesis wt_p: wt_program p. +Let ge := Genv.globalenv p. + +(** The proof of simulation relies on diagrams of the following form: +<< + sp, parent, c, rs, fr, mm ----------- sp, c, rs, ms + | | + | | + v v + sp, parent, c', rs', fr', mm' -------- sp, c', rs', ms' +>> + The left vertical arrow is a transition in the abstract semantics. + The right vertical arrow is a transition in the concrete semantics. + The precondition (top horizontal line) is the appropriate + [callstack_invariant] property between the initial memory states + [mm] and [ms] and any call stack with [fr] as top frame and + [parent] as second frame. In addition, well-typedness conditions + over the code [c], the register [rs] and the frame [fr] are demanded. + The postcondition (bottom horizontal line) is [callstack_invariant] + between the final memory states [mm'] and [ms'] and the final + call stack. +*) + +Definition exec_instr_prop + (f: function) (sp: val) (parent: frame) + (c: code) (rs: regset) (fr: frame) (mm: mem) + (c': code) (rs': regset) (fr': frame) (mm': mem) : Prop := + forall ms stk base pstk pbase cs + (WTF: wt_function f) + (INCL: incl c f.(fn_code)) + (WTRS: wt_regset rs) + (WTFR: wt_frame fr) + (WTPA: wt_frame parent) + (CSI: callstack_invariant ((fr, stk, base) :: (parent, pstk, pbase) :: cs) mm ms) + (SP: sp = Vptr stk base), + exists ms', + exec_instr ge f sp c rs ms c' rs' ms' /\ + callstack_invariant ((fr', stk, base) :: (parent, pstk, pbase) :: cs) mm' ms'. + +Definition exec_instrs_prop + (f: function) (sp: val) (parent: frame) + (c: code) (rs: regset) (fr: frame) (mm: mem) + (c': code) (rs': regset) (fr': frame) (mm': mem) : Prop := + forall ms stk base pstk pbase cs + (WTF: wt_function f) + (INCL: incl c f.(fn_code)) + (WTRS: wt_regset rs) + (WTFR: wt_frame fr) + (WTPA: wt_frame parent) + (CSI: callstack_invariant ((fr, stk, base) :: (parent, pstk, pbase) :: cs) mm ms) + (SP: sp = Vptr stk base), + exists ms', + exec_instrs ge f sp c rs ms c' rs' ms' /\ + callstack_invariant ((fr', stk, base) :: (parent, pstk, pbase) :: cs) mm' ms'. + +Definition exec_function_body_prop + (f: function) (parent: frame) (link ra: val) + (rs: regset) (mm: mem) + (rs': regset) (mm': mem) : Prop := + forall ms pstk pbase cs + (WTF: wt_function f) + (WTRS: wt_regset rs) + (WTPA: wt_frame parent) + (WTRA: Val.has_type ra Tint) + (LINK: link = Vptr pstk pbase) + (CSI: callstack_invariant ((parent, pstk, pbase) :: cs) mm ms), + exists ms', + exec_function_body ge f (Vptr pstk pbase) ra rs ms rs' ms' /\ + callstack_invariant ((parent, pstk, pbase) :: cs) mm' ms'. + +Definition exec_function_prop + (f: function) (parent: frame) + (rs: regset) (mm: mem) + (rs': regset) (mm': mem) : Prop := + forall ms pstk pbase cs + (WTF: wt_function f) + (WTRS: wt_regset rs) + (WTPA: wt_frame parent) + (CSI: callstack_invariant ((parent, pstk, pbase) :: cs) mm ms), + exists ms', + exec_function ge f (Vptr pstk pbase) rs ms rs' ms' /\ + callstack_invariant ((parent, pstk, pbase) :: cs) mm' ms'. + +Lemma exec_function_equiv: + forall f parent rs mm rs' mm', + Machabstr.exec_function ge f parent rs mm rs' mm' -> + exec_function_prop f parent rs mm rs' mm'. +Proof. + apply (Machabstr.exec_function_ind4 ge + exec_instr_prop + exec_instrs_prop + exec_function_body_prop + exec_function_prop); + intros; red; intros. + + (* Mlabel *) + exists ms. split. constructor. auto. + (* Mgetstack *) + exists ms. split. + constructor. rewrite SP. eapply callstack_get_slot; eauto. + apply wt_get_slot with fr (Int.signed ofs); auto. + auto. + (* Msetstack *) + generalize (wt_function_instrs f WTF _ (INCL _ (in_eq _ _))). + intro WTI. inversion WTI. + assert (4 <= Int.signed ofs). omega. + generalize (callstack_set_slot _ _ _ _ _ _ _ _ _ _ CSI H H5). + intros [ms' [STO CSI']]. + exists ms'. split. constructor. rewrite SP. auto. auto. + (* Mgetparam *) + exists ms. split. + assert (WTV: Val.has_type v ty). eapply wt_get_slot; eauto. + generalize (callstack_get_parent _ _ _ _ _ _ _ _ _ _ _ _ + CSI H WTV). + intros [L1 L2]. + eapply exec_Mgetparam. rewrite SP; eexact L1. eexact L2. + auto. + (* Mop *) + exists ms. split. constructor. auto. auto. + (* Mload *) + exists ms. split. econstructor. eauto. eapply callstack_load; eauto. + auto. + (* Mstore *) + generalize (callstack_store _ _ _ _ _ _ _ CSI H0). + intros [ms' [STO CSI']]. + exists ms'. split. econstructor. eauto. auto. + auto. + (* Mcall *) + red in H1. + assert (WTF': wt_function f'). + destruct ros; simpl in H. + apply (Genv.find_funct_prop wt_function wt_p H). + destruct (Genv.find_symbol ge i); try discriminate. + apply (Genv.find_funct_ptr_prop wt_function wt_p H). + generalize (H1 _ _ _ _ WTF' WTRS WTFR CSI). + intros [ms' [EXF CSI']]. + exists ms'. split. apply exec_Mcall with f'; auto. + rewrite SP. auto. + auto. + (* Mgoto *) + exists ms. split. constructor; auto. auto. + (* Mcond *) + exists ms. split. apply exec_Mcond_true; auto. auto. + exists ms. split. apply exec_Mcond_false; auto. auto. + + (* refl *) + exists ms. split. apply exec_refl. auto. + (* one *) + generalize (H0 _ _ _ _ _ _ WTF INCL WTRS WTFR WTPA CSI SP). + intros [ms' [EX CSI']]. + exists ms'. split. apply exec_one; auto. auto. + (* trans *) + generalize (subject_reduction_instrs p wt_p + _ _ _ _ _ _ _ _ _ _ _ H WTF INCL WTRS WTFR WTPA). + intros [INCL2 [WTRS2 WTFR2]]. + generalize (H0 _ _ _ _ _ _ WTF INCL WTRS WTFR WTPA CSI SP). + intros [ms1 [EX1 CSI1]]. + generalize (H2 _ _ _ _ _ _ WTF INCL2 WTRS2 WTFR2 WTPA CSI1 SP). + intros [ms2 [EX2 CSI2]]. + exists ms2. split. eapply exec_trans; eauto. auto. + + (* function body *) + caseEq (alloc ms (- f.(fn_framesize)) + (align_16_top (- f.(fn_framesize)) f.(fn_stacksize))). + intros ms1 stk1 ALL. + subst link. + assert (FS: f.(fn_framesize) >= 0). + generalize (wt_function_framesize f WTF). omega. + generalize (callstack_function_entry _ _ _ _ _ _ _ _ _ _ _ _ + CSI H ALL FS + (wt_function_no_overflow f WTF) H0). + intros [ms2 [STORELINK [CSI2 EQ]]]. + subst stk1. + assert (ZERO: Int.signed (Int.repr 0) = 0). reflexivity. + assert (FOUR: Int.signed (Int.repr 4) = 4). reflexivity. + assert (BND: 4 <= Int.signed (Int.repr 4)). + rewrite FOUR; omega. + rewrite <- FOUR in H1. + generalize (callstack_set_slot _ _ _ _ _ _ _ _ _ _ + CSI2 H1 BND). + intros [ms3 [STORERA CSI3]]. + assert (WTFR2: wt_frame fr2). + eapply wt_set_slot; eauto. eapply wt_set_slot; eauto. + red. intros. simpl. auto. + exact I. + red in H3. + generalize (H3 _ _ _ _ _ _ WTF (incl_refl _) WTRS WTFR2 WTPA + CSI3 (refl_equal _)). + intros [ms4 [EXEC CSI4]]. + generalize (exec_instrs_link_invariant _ _ _ _ _ _ _ _ _ _ _ _ + H2 WTF (incl_refl _)). + intros [INCL LINKINV]. + exists (free ms4 stk). split. + eapply exec_funct_body; eauto. + eapply callstack_get_slot. eexact CSI4. + apply LINKINV. rewrite ZERO. omega. + eapply slot_gso; eauto. rewrite ZERO. eapply slot_gss; eauto. + exact I. + eapply callstack_get_slot. eexact CSI4. + apply LINKINV. rewrite FOUR. omega. eapply slot_gss; eauto. auto. + eapply callstack_function_return; eauto. + + (* function *) + generalize (H0 (Vptr pstk pbase) Vzero I I + ms pstk pbase cs WTF WTRS WTPA I (refl_equal _) CSI). + intros [ms' [EXEC CSI']]. + exists ms'. split. constructor. intros. + generalize (H0 (Vptr pstk pbase) ra I H1 + ms pstk pbase cs WTF WTRS WTPA H1 (refl_equal _) CSI). + intros [ms1 [EXEC1 CSI1]]. + rewrite (callstack_exten _ _ _ _ CSI' CSI1). auto. + auto. +Qed. + +End SIMULATION. + +Theorem exec_program_equiv: + forall p r, + wt_program p -> + Machabstr.exec_program p r -> + Mach.exec_program p r. +Proof. + intros p r WTP [fptr [f [rs [mm [FINDPTR [FINDF [SIG [EXEC RES]]]]]]]]. + assert (WTF: wt_function f). + apply (Genv.find_funct_ptr_prop wt_function WTP FINDF). + assert (WTRS: wt_regset (Regmap.init Vundef)). + red; intros. rewrite Regmap.gi; simpl; auto. + assert (WTFR: wt_frame empty_frame). + red; intros. simpl. auto. + generalize (exec_function_equiv p WTP + f empty_frame + (Regmap.init Vundef) (Genv.init_mem p) rs mm + EXEC (Genv.init_mem p) nullptr Int.zero nil + WTF WTRS WTFR (callstack_init p)). + intros [ms' [EXEC' CSI]]. + red. exists fptr; exists f; exists rs; exists ms'. + intuition. rewrite SIG in RES. exact RES. +Qed. diff --git a/backend/Machtyping.v b/backend/Machtyping.v new file mode 100644 index 00000000..987269ba --- /dev/null +++ b/backend/Machtyping.v @@ -0,0 +1,367 @@ +(** Type system for the Mach intermediate language. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Mem. +Require Import Integers. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. +Require Conventions. +Require Import Mach. + +(** * Typing rules *) + +Inductive wt_instr : instruction -> Prop := + | wt_Mlabel: + forall lbl, + wt_instr (Mlabel lbl) + | wt_Mgetstack: + forall ofs ty r, + mreg_type r = ty -> + wt_instr (Mgetstack ofs ty r) + | wt_Msetstack: + forall ofs ty r, + mreg_type r = ty -> 24 <= Int.signed ofs -> + wt_instr (Msetstack r ofs ty) + | wt_Mgetparam: + forall ofs ty r, + mreg_type r = ty -> + wt_instr (Mgetparam ofs ty r) + | wt_Mopmove: + forall r1 r, + mreg_type r1 = mreg_type r -> + wt_instr (Mop Omove (r1 :: nil) r) + | wt_Mopundef: + forall r, + wt_instr (Mop Oundef nil r) + | wt_Mop: + forall op args res, + op <> Omove -> op <> Oundef -> + (List.map mreg_type args, mreg_type res) = type_of_operation op -> + wt_instr (Mop op args res) + | wt_Mload: + forall chunk addr args dst, + List.map mreg_type args = type_of_addressing addr -> + mreg_type dst = type_of_chunk chunk -> + wt_instr (Mload chunk addr args dst) + | wt_Mstore: + forall chunk addr args src, + List.map mreg_type args = type_of_addressing addr -> + mreg_type src = type_of_chunk chunk -> + wt_instr (Mstore chunk addr args src) + | wt_Mcall: + forall sig ros, + match ros with inl r => mreg_type r = Tint | inr s => True end -> + wt_instr (Mcall sig ros) + | wt_Mgoto: + forall lbl, + wt_instr (Mgoto lbl) + | wt_Mcond: + forall cond args lbl, + List.map mreg_type args = type_of_condition cond -> + wt_instr (Mcond cond args lbl) + | wt_Mreturn: + wt_instr Mreturn. + +Record wt_function (f: function) : Prop := mk_wt_function { + wt_function_instrs: + forall instr, In instr f.(fn_code) -> wt_instr instr; + wt_function_stacksize: + f.(fn_stacksize) >= 0; + wt_function_framesize: + f.(fn_framesize) >= 24; + wt_function_no_overflow: + f.(fn_framesize) <= -Int.min_signed +}. + +Definition wt_program (p: program) : Prop := + forall i f, In (i, f) (prog_funct p) -> wt_function f. + +(** * Type soundness *) + +Require Import Machabstr. + +(** We show a weak type soundness result for the alternate semantics + of Mach: for a well-typed Mach program, if a transition is taken + from a state where registers hold values of their static types, + registers in the final state hold values of their static types + as well. This is a progress theorem for our type system. + It is used in the proof of implcation from the abstract Mach + semantics to the concrete Mach semantics (file [Machabstr2mach]). +*) + +Definition wt_regset (rs: regset) : Prop := + forall r, Val.has_type (rs r) (mreg_type r). + +Definition wt_content (c: content) : Prop := + match c with + | Datum32 v => Val.has_type v Tint + | Datum64 v => Val.has_type v Tfloat + | _ => True + end. + +Definition wt_frame (fr: frame) : Prop := + forall ofs, wt_content (fr.(contents) ofs). + +Lemma wt_setreg: + forall (rs: regset) (r: mreg) (v: val), + Val.has_type v (mreg_type r) -> + wt_regset rs -> wt_regset (rs#r <- v). +Proof. + intros; red; intros. unfold Regmap.set. + case (RegEq.eq r0 r); intro. + subst r0; assumption. + apply H0. +Qed. + +Lemma wt_get_slot: + forall fr ty ofs v, + get_slot fr ty ofs v -> + wt_frame fr -> + Val.has_type v ty. +Proof. + induction 1; intro. subst v. + set (pos := low fr + ofs). + case ty; simpl. + unfold getN. case (check_cont 3 (pos + 1) (contents fr)). + generalize (H2 pos). unfold wt_content. + destruct (contents fr pos); simpl; tauto. + simpl; auto. + unfold getN. case (check_cont 7 (pos + 1) (contents fr)). + generalize (H2 pos). unfold wt_content. + destruct (contents fr pos); simpl; tauto. + simpl; auto. +Qed. + +Lemma wt_set_slot: + forall fr ty ofs v fr', + set_slot fr ty ofs v fr' -> + wt_frame fr -> + Val.has_type v ty -> + wt_frame fr'. +Proof. + intros. induction H. + set (i := low fr + ofs). + red; intro j; simpl. + assert (forall n ofs c, + let c' := set_cont n ofs c in + forall k, c' k = c k \/ c' k = Cont). + induction n; simpl; intros. + left; auto. + unfold update. case (zeq k ofs0); intro. + right; auto. + apply IHn. + destruct ty; simpl; unfold store_contents; unfold setN; + unfold update; case (zeq j i); intro. + red. assumption. + elim (H 3%nat (i + 1) (contents fr) j); intro; rewrite H2. + apply H0. red; auto. + red. assumption. + elim (H 7%nat (i + 1) (contents fr) j); intro; rewrite H2. + apply H0. red; auto. +Qed. + +Lemma wt_init_frame: + forall f, + wt_frame (init_frame f). +Proof. + intros. unfold init_frame. + red; intros. simpl. exact I. +Qed. + +Lemma incl_find_label: + forall lbl c c', find_label lbl c = Some c' -> incl c' c. +Proof. + induction c; simpl. + intros; discriminate. + case (is_label lbl a); intros. + injection H; intro; subst c'; apply incl_tl; apply incl_refl. + apply incl_tl; auto. +Qed. + +Section SUBJECT_REDUCTION. + +Variable p: program. +Hypothesis wt_p: wt_program p. +Let ge := Genv.globalenv p. + +Definition exec_instr_prop + (f: function) (sp: val) (parent: frame) + (c1: code) (rs1: regset) (fr1: frame) (m1: mem) + (c2: code) (rs2: regset) (fr2: frame) (m2: mem) := + forall (WTF: wt_function f) + (INCL: incl c1 f.(fn_code)) + (WTRS: wt_regset rs1) + (WTFR: wt_frame fr1) + (WTPA: wt_frame parent), + incl c2 f.(fn_code) /\ wt_regset rs2 /\ wt_frame fr2. +Definition exec_function_body_prop + (f: function) (parent: frame) (link ra: val) + (rs1: regset) (m1: mem) (rs2: regset) (m2: mem) := + forall (WTF: wt_function f) + (WTRS: wt_regset rs1) + (WTPA: wt_frame parent) + (WTLINK: Val.has_type link Tint) + (WTRA: Val.has_type ra Tint), + wt_regset rs2. +Definition exec_function_prop + (f: function) (parent: frame) + (rs1: regset) (m1: mem) (rs2: regset) (m2: mem) := + forall (WTF: wt_function f) + (WTRS: wt_regset rs1) + (WTPA: wt_frame parent), + wt_regset rs2. + +Lemma subject_reduction: + (forall f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2, + exec_instr ge f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2 -> + exec_instr_prop f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2) +/\ (forall f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2, + exec_instrs ge f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2 -> + exec_instr_prop f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2) +/\ (forall f parent link ra rs1 m1 rs2 m2, + exec_function_body ge f parent link ra rs1 m1 rs2 m2 -> + exec_function_body_prop f parent link ra rs1 m1 rs2 m2) +/\ (forall f parent rs1 m1 rs2 m2, + exec_function ge f parent rs1 m1 rs2 m2 -> + exec_function_prop f parent rs1 m1 rs2 m2). +Proof. + apply exec_mutual_induction; red; intros; + try (generalize (wt_function_instrs _ WTF _ (INCL _ (in_eq _ _))); intro; + intuition eauto with coqlib). + + apply wt_setreg; auto. + inversion H0. rewrite H2. apply wt_get_slot with fr (Int.signed ofs); auto. + + inversion H0. eapply wt_set_slot; eauto. + rewrite <- H3. apply WTRS. + + inversion H0. apply wt_setreg; auto. + rewrite H2. apply wt_get_slot with parent (Int.signed ofs); auto. + + apply wt_setreg; auto. inversion H0. + simpl. subst args; subst op. simpl in H. + rewrite <- H2. replace v with (rs r1). apply WTRS. congruence. + subst args; subst op. simpl in H. + replace v with Vundef. simpl; auto. congruence. + replace (mreg_type res) with (snd (type_of_operation op)). + apply type_of_operation_sound with function ge rs##args sp; auto. + rewrite <- H6; reflexivity. + + apply wt_setreg; auto. inversion H1. rewrite H7. + eapply type_of_chunk_correct; eauto. + + apply H1; auto. + destruct ros; simpl in H. + apply (Genv.find_funct_prop wt_function wt_p H). + destruct (Genv.find_symbol ge i). + apply (Genv.find_funct_ptr_prop wt_function wt_p H). + discriminate. + + apply incl_find_label with lbl; auto. + apply incl_find_label with lbl; auto. + + tauto. + apply H0; auto. + generalize (H0 WTF INCL WTRS WTFR WTPA). intros [A [B C]]. + apply H2; auto. + + assert (WTFR2: wt_frame fr2). + eapply wt_set_slot; eauto. + eapply wt_set_slot; eauto. + apply wt_init_frame. + generalize (H3 WTF (incl_refl _) WTRS WTFR2 WTPA). + tauto. + + apply (H0 Vzero Vzero). exact I. exact I. auto. auto. auto. + exact I. exact I. +Qed. + +Lemma subject_reduction_instr: + forall f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2, + exec_instr ge f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2 -> + exec_instr_prop f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2. +Proof (proj1 subject_reduction). + +Lemma subject_reduction_instrs: + forall f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2, + exec_instrs ge f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2 -> + exec_instr_prop f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2. +Proof (proj1 (proj2 subject_reduction)). + +Lemma subject_reduction_function: + forall f parent rs1 m1 rs2 m2, + exec_function ge f parent rs1 m1 rs2 m2 -> + exec_function_prop f parent rs1 m1 rs2 m2. +Proof (proj2 (proj2 (proj2 subject_reduction))). + +End SUBJECT_REDUCTION. + +(** * Preservation of the reserved frame slots during execution *) + +(** We now show another result useful for the proof of implication + between the two Mach semantics: well-typed functions do not + change the values of the back link and return address fields + of the frame slot (at offsets 0 and 4) during their execution. + Actually, we show that the whole reserved part of the frame + (between offsets 0 and 24) does not change. *) + +Definition link_invariant (fr1 fr2: frame) : Prop := + forall pos v, + 0 <= pos < 20 -> + get_slot fr1 Tint pos v -> get_slot fr2 Tint pos v. + +Remark link_invariant_refl: + forall fr, link_invariant fr fr. +Proof. + intros; red; auto. +Qed. + +Lemma set_slot_link_invariant: + forall fr ty ofs v fr', + set_slot fr ty ofs v fr' -> + 24 <= ofs -> + link_invariant fr fr'. +Proof. + induction 1. intros; red; intros. + inversion H1. constructor. auto. exact H3. + simpl contents. simpl low. symmetry. rewrite H4. + apply load_store_contents_other. simpl. simpl in H3. + omega. +Qed. + +Lemma exec_instr_link_invariant: + forall ge f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2, + exec_instr ge f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2 -> + wt_function f -> + incl c1 f.(fn_code) -> + incl c2 f.(fn_code) /\ link_invariant fr1 fr2. +Proof. + induction 1; intros; + (split; [eauto with coqlib | try (apply link_invariant_refl)]). + eapply set_slot_link_invariant; eauto. + generalize (wt_function_instrs _ H0 _ (H1 _ (in_eq _ _))); intro. + inversion H2. auto. + eapply incl_find_label; eauto. + eapply incl_find_label; eauto. +Qed. + +Lemma exec_instrs_link_invariant: + forall ge f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2, + exec_instrs ge f sp parent c1 rs1 fr1 m1 c2 rs2 fr2 m2 -> + wt_function f -> + incl c1 f.(fn_code) -> + incl c2 f.(fn_code) /\ link_invariant fr1 fr2. +Proof. + induction 1; intros. + split. auto. apply link_invariant_refl. + eapply exec_instr_link_invariant; eauto. + generalize (IHexec_instrs1 H1 H2); intros [A B]. + generalize (IHexec_instrs2 H1 A); intros [C D]. + split. auto. red; auto. +Qed. + diff --git a/backend/Main.v b/backend/Main.v new file mode 100644 index 00000000..6647e269 --- /dev/null +++ b/backend/Main.v @@ -0,0 +1,307 @@ +(** The compiler back-end and its proof of semantic preservation *) + +(** Libraries. *) +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Values. +(** Languages (syntax and semantics). *) +Require Csharpminor. +Require Cminor. +Require RTL. +Require LTL. +Require Linear. +Require Mach. +Require PPC. +(** Translation passes. *) +Require Cminorgen. +Require RTLgen. +Require Constprop. +Require CSE. +Require Allocation. +Require Tunneling. +Require Linearize. +Require Stacking. +Require PPCgen. +(** Type systems. *) +Require RTLtyping. +Require LTLtyping. +Require Lineartyping. +Require Machtyping. +(** Proofs of semantic preservation and typing preservation. *) +Require Cminorgenproof. +Require RTLgenproof. +Require Constpropproof. +Require CSEproof. +Require Allocproof. +Require Alloctyping. +Require Tunnelingproof. +Require Tunnelingtyping. +Require Linearizeproof. +Require Linearizetyping. +Require Stackingproof. +Require Stackingtyping. +Require Machabstr2mach. +Require PPCgenproof. + +(** * Composing the translation passes *) + +(** We first define useful monadic composition operators, + along with funny (but convenient) notations. *) + +Definition apply_total (A B: Set) (x: option A) (f: A -> B) : option B := + match x with None => None | Some x1 => Some (f x1) end. + +Definition apply_partial (A B: Set) + (x: option A) (f: A -> option B) : option B := + match x with None => None | Some x1 => f x1 end. + +Notation "a @@@ b" := + (apply_partial _ _ a b) (at level 50, left associativity). +Notation "a @@ b" := + (apply_total _ _ a b) (at level 50, left associativity). + +(** We define two translation functions for whole programs: one starting with + a Csharpminor program, the other with a Cminor program. Both + translations produce PPC programs ready for pretty-printing and + assembling. Some front-ends will prefer to generate Csharpminor + (e.g. a C front-end) while some others (e.g. an ML compiler) might + find it more convenient to generate Cminor directly, bypassing + Csharpminor. + + There are two ways to compose the compiler passes. The first translates + every function from the Cminor program from Cminor to RTL, then to LTL, etc, + all the way to PPC, and iterates this transformation for every function. + The second translates the whole Cminor program to a RTL program, then to + an LTL program, etc. We follow the first approach because it has lower + memory requirements. + + The translation of a Cminor function to a PPC function is as follows. *) + +Definition transf_cminor_function (f: Cminor.function) : option PPC.code := + Some f + @@@ RTLgen.transl_function + @@ Constprop.transf_function + @@ CSE.transf_function + @@@ Allocation.transf_function + @@ Tunneling.tunnel_function + @@ Linearize.transf_function + @@@ Stacking.transf_function + @@@ PPCgen.transf_function. + +(** And here is the translation for Csharpminor functions. *) + +Definition transf_csharpminor_function (f: Csharpminor.function) : option PPC.code := + Some f + @@@ Cminorgen.transl_function + @@@ transf_cminor_function. + +(** The corresponding translations for whole program follow. *) + +Definition transf_cminor_program (p: Cminor.program) : option PPC.program := + transform_partial_program transf_cminor_function p. + +Definition transf_csharpminor_program (p: Csharpminor.program) : option PPC.program := + transform_partial_program transf_csharpminor_function p. + +(** * Equivalence with whole program transformations *) + +(** To prove semantic preservation for the whole compiler, it is easier to reason + over the second way to compose the compiler pass: the one that translate + whole programs through each compiler pass. We now define this second translation + and prove that it produces the same PPC programs as the first translation. *) + +Definition transf_cminor_program2 (p: Cminor.program) : option PPC.program := + Some p + @@@ RTLgen.transl_program + @@ Constprop.transf_program + @@ CSE.transf_program + @@@ Allocation.transf_program + @@ Tunneling.tunnel_program + @@ Linearize.transf_program + @@@ Stacking.transf_program + @@@ PPCgen.transf_program. + +Definition transf_csharpminor_program2 (p: Csharpminor.program) : option PPC.program := + Some p + @@@ Cminorgen.transl_program + @@@ transf_cminor_program2. + +Lemma transf_partial_program_compose: + forall (A B C: Set) + (f1: A -> option B) (f2: B -> option C) + (p: list (ident * A)), + transf_partial_program f1 p @@@ transf_partial_program f2 = + transf_partial_program (fun f => f1 f @@@ f2) p. +Proof. + induction p. simpl. auto. + simpl. destruct a. destruct (f1 a). + simpl. simpl in IHp. destruct (transf_partial_program f1 p). + simpl. simpl in IHp. destruct (f2 b). + destruct (transf_partial_program f2 l). + rewrite <- IHp. auto. + rewrite <- IHp. auto. + auto. + simpl. rewrite <- IHp. simpl. destruct (f2 b); auto. + simpl. auto. +Qed. + +Lemma transform_partial_program_compose: + forall (A B C: Set) + (f1: A -> option B) (f2: B -> option C) + (p: program A), + transform_partial_program f1 p @@@ + (fun p' => transform_partial_program f2 p') = + transform_partial_program (fun f => f1 f @@@ f2) p. +Proof. + unfold transform_partial_program; intros. + rewrite <- transf_partial_program_compose. simpl. + destruct (transf_partial_program f1 (prog_funct p)); simpl. + auto. auto. +Qed. + +Lemma transf_program_partial_total: + forall (A B: Set) (f: A -> B) (l: list (ident * A)), + Some (AST.transf_program f l) = + AST.transf_partial_program (fun x => Some (f x)) l. +Proof. + induction l. simpl. auto. + simpl. destruct a. rewrite <- IHl. auto. +Qed. + +Lemma transform_program_partial_total: + forall (A B: Set) (f: A -> B) (p: program A), + Some (transform_program f p) = + transform_partial_program (fun x => Some (f x)) p. +Proof. + intros. unfold transform_program, transform_partial_program. + rewrite <- transf_program_partial_total. auto. +Qed. + +Lemma apply_total_transf_program: + forall (A B: Set) (f: A -> B) (x: option (program A)), + x @@ (fun p => transform_program f p) = + x @@@ (fun p => transform_partial_program (fun x => Some (f x)) p). +Proof. + intros. unfold apply_total, apply_partial. + destruct x. apply transform_program_partial_total. auto. +Qed. + +Lemma transf_cminor_program_equiv: + forall p, transf_cminor_program2 p = transf_cminor_program p. +Proof. + intro. unfold transf_cminor_program, transf_cminor_program2, transf_cminor_function. + simpl. + unfold RTLgen.transl_program, + Constprop.transf_program, RTL.program. + rewrite apply_total_transf_program. + rewrite transform_partial_program_compose. + unfold CSE.transf_program, RTL.program. + rewrite apply_total_transf_program. + rewrite transform_partial_program_compose. + unfold Allocation.transf_program, + LTL.program, RTL.program. + rewrite transform_partial_program_compose. + unfold Tunneling.tunnel_program, LTL.program. + rewrite apply_total_transf_program. + rewrite transform_partial_program_compose. + unfold Linearize.transf_program, LTL.program, Linear.program. + rewrite apply_total_transf_program. + rewrite transform_partial_program_compose. + unfold Stacking.transf_program, Linear.program, Mach.program. + rewrite transform_partial_program_compose. + unfold PPCgen.transf_program, Mach.program, PPC.program. + rewrite transform_partial_program_compose. + reflexivity. +Qed. + +Lemma transf_csharpminor_program_equiv: + forall p, transf_csharpminor_program2 p = transf_csharpminor_program p. +Proof. + intros. + unfold transf_csharpminor_program2, transf_csharpminor_program, transf_csharpminor_function. + simpl. + replace transf_cminor_program2 with transf_cminor_program. + unfold transf_cminor_program, Cminorgen.transl_program, Cminor.program, PPC.program. + apply transform_partial_program_compose. + symmetry. apply extensionality. exact transf_cminor_program_equiv. +Qed. + +(** * Semantic preservation *) + +(** We prove that the [transf_program2] translations preserve semantics. The proof + composes the semantic preservation results for each pass. *) + +Lemma transf_cminor_program2_correct: + forall p tp n, + transf_cminor_program2 p = Some tp -> + Cminor.exec_program p (Vint n) -> + PPC.exec_program tp (Vint n). +Proof. + intros until n. + unfold transf_cminor_program2. + simpl. caseEq (RTLgen.transl_program p). intros p1 EQ1. + simpl. set (p2 := CSE.transf_program (Constprop.transf_program p1)). + caseEq (Allocation.transf_program p2). intros p3 EQ3. + simpl. set (p4 := Tunneling.tunnel_program p3). + set (p5 := Linearize.transf_program p4). + caseEq (Stacking.transf_program p5). intros p6 EQ6. + simpl. intros EQTP EXEC. + assert (WT3 : LTLtyping.wt_program p3). + apply Alloctyping.program_typing_preserved with p2. auto. + assert (WT4 : LTLtyping.wt_program p4). + unfold p4. apply Tunnelingtyping.program_typing_preserved. auto. + assert (WT5 : Lineartyping.wt_program p5). + unfold p5. apply Linearizetyping.program_typing_preserved. auto. + assert (WT6: Machtyping.wt_program p6). + apply Stackingtyping.program_typing_preserved with p5. auto. auto. + apply PPCgenproof.transf_program_correct with p6; auto. + apply Machabstr2mach.exec_program_equiv; auto. + apply Stackingproof.transl_program_correct with p5; auto. + unfold p5; apply Linearizeproof.transf_program_correct. + unfold p4; apply Tunnelingproof.transf_program_correct. + apply Allocproof.transl_program_correct with p2; auto. + unfold p2; apply CSEproof.transf_program_correct; + apply Constpropproof.transf_program_correct. + apply RTLgenproof.transl_program_correct with p; auto. + simpl; intros; discriminate. + simpl; intros; discriminate. + simpl; intros; discriminate. +Qed. + +Lemma transf_csharpminor_program2_correct: + forall p tp n, + transf_csharpminor_program2 p = Some tp -> + Csharpminor.exec_program p (Vint n) -> + PPC.exec_program tp (Vint n). +Proof. + intros until n; unfold transf_csharpminor_program2; simpl. + caseEq (Cminorgen.transl_program p). + simpl; intros p1 EQ1 EQ2 EXEC. + apply transf_cminor_program2_correct with p1. auto. + apply Cminorgenproof.transl_program_correct with p. auto. + assumption. + simpl; intros; discriminate. +Qed. + +(** It follows that the whole compiler is semantic-preserving. *) + +Theorem transf_cminor_program_correct: + forall p tp n, + transf_cminor_program p = Some tp -> + Cminor.exec_program p (Vint n) -> + PPC.exec_program tp (Vint n). +Proof. + intros. apply transf_cminor_program2_correct with p. + rewrite transf_cminor_program_equiv. assumption. assumption. +Qed. + +Theorem transf_csharpminor_program_correct: + forall p tp n, + transf_csharpminor_program p = Some tp -> + Csharpminor.exec_program p (Vint n) -> + PPC.exec_program tp (Vint n). +Proof. + intros. apply transf_csharpminor_program2_correct with p. + rewrite transf_csharpminor_program_equiv. assumption. assumption. +Qed. diff --git a/backend/Mem.v b/backend/Mem.v new file mode 100644 index 00000000..26d4c499 --- /dev/null +++ b/backend/Mem.v @@ -0,0 +1,2253 @@ +(** This file develops the memory model that is used in the dynamic + semantics of all the languages of the compiler back-end. + It defines a type [mem] of memory states, the following 4 basic + operations over memory states, and their properties: +- [alloc]: allocate a fresh memory block; +- [free]: invalidate a memory block; +- [load]: read a memory chunk at a given address; +- [store]: store a memory chunk at a given address. +*) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. + +(** * Structure of memory states *) + +(** A memory state is organized in several disjoint blocks. Each block + has a low and a high bound that defines its size. Each block map + byte offsets to the contents of this byte. *) + +Definition update (A: Set) (x: Z) (v: A) (f: Z -> A) : Z -> A := + fun y => if zeq y x then v else f y. + +Implicit Arguments update [A]. + +Lemma update_s: + forall (A: Set) (x: Z) (v: A) (f: Z -> A), + update x v f x = v. +Proof. + intros; unfold update. apply zeq_true. +Qed. + +Lemma update_o: + forall (A: Set) (x: Z) (v: A) (f: Z -> A) (y: Z), + x <> y -> update x v f y = f y. +Proof. + intros; unfold update. apply zeq_false; auto. +Qed. + +(** The possible contents of a byte-sized memory cell. To give intuitions, + a 4-byte value [v] stored at offset [d] will be represented by + the content [Datum32 v] at offset [d] and [Cont] at offsets [d+1], + [d+2] and [d+3]. The [Cont] contents enable detecting future writes + that would overlap partially the 4-byte value. *) + +Inductive content : Set := + | Undef: content (**r undefined contents *) + | Datum8: val -> content (**r a value that fits in 1 byte *) + | Datum16: val -> content (**r first byte of a 2-byte value *) + | Datum32: val -> content (**r first byte of a 4-byte value *) + | Datum64: val -> content (**r first byte of a 8-byte value *) + | Cont: content. (**r continuation bytes for a multi-byte value *) + +Definition contentmap : Set := Z -> content. + +(** A memory block comprises the dimensions of the block (low and high bounds) + plus a mapping from byte offsets to contents. For technical reasons, + we also carry around a proof that the mapping is equal to [Undef] + outside the range of allowed byte offsets. *) + +Record block_contents : Set := mkblock { + low: Z; + high: Z; + contents: contentmap; + undef_outside: forall ofs, ofs < low \/ ofs >= high -> contents ofs = Undef +}. + +(** A memory state is a mapping from block addresses (represented by [Z] + integers) to blocks. We also maintain the address of the next + unallocated block, and a proof that this address is positive. *) + +Record mem : Set := mkmem { + blocks: Z -> block_contents; + nextblock: block; + nextblock_pos: nextblock > 0 +}. + +(** * Operations on memory stores *) + +(** Memory reads and writes are performed by quantities called memory chunks, + encoding the type, size and signedness of the chunk being addressed. + It is useful to extract only the size information as given by the + following [memory_size] type. *) + +Inductive memory_size : Set := + | Size8: memory_size + | Size16: memory_size + | Size32: memory_size + | Size64: memory_size. + +Definition size_mem (sz: memory_size) := + match sz with + | Size8 => 1 + | Size16 => 2 + | Size32 => 4 + | Size64 => 8 + end. + +Definition mem_chunk (chunk: memory_chunk) := + match chunk with + | Mint8signed => Size8 + | Mint8unsigned => Size8 + | Mint16signed => Size16 + | Mint16unsigned => Size16 + | Mint32 => Size32 + | Mfloat32 => Size32 + | Mfloat64 => Size64 + end. + +Definition size_chunk (chunk: memory_chunk) := size_mem (mem_chunk chunk). + +(** The initial store. *) + +Remark one_pos: 1 > 0. +Proof. omega. Qed. + +Remark undef_undef_outside: + forall lo hi ofs, ofs < lo \/ ofs >= hi -> (fun y => Undef) ofs = Undef. +Proof. + auto. +Qed. + +Definition empty_block (lo hi: Z) : block_contents := + mkblock lo hi (fun y => Undef) (undef_undef_outside lo hi). + +Definition empty: mem := + mkmem (fun x => empty_block 0 0) 1 one_pos. + +Definition nullptr: block := 0. + +(** Allocation of a fresh block with the given bounds. Return an updated + memory state and the address of the fresh block, which initially contains + undefined cells. Note that allocation never fails: we model an + infinite memory. *) + +Remark succ_nextblock_pos: + forall m, Zsucc m.(nextblock) > 0. +Proof. intro. generalize (nextblock_pos m). omega. Qed. + +Definition alloc (m: mem) (lo hi: Z) := + (mkmem (update m.(nextblock) + (empty_block lo hi) + m.(blocks)) + (Zsucc m.(nextblock)) + (succ_nextblock_pos m), + m.(nextblock)). + +(** Freeing a block. Return the updated memory state where the given + block address has been invalidated: future reads and writes to this + address will fail. Note that we make no attempt to return the block + to an allocation pool: the given block address will never be allocated + later. *) + +Definition free (m: mem) (b: block) := + mkmem (update b + (empty_block 0 0) + m.(blocks)) + m.(nextblock) + m.(nextblock_pos). + +(** Freeing of a list of blocks. *) + +Definition free_list (m:mem) (l:list block) := + List.fold_right (fun b m => free m b) m l. + +(** Return the low and high bounds for the given block address. + Those bounds are 0 for freed or not yet allocated address. *) + +Definition low_bound (m: mem) (b: block) := + low (m.(blocks) b). +Definition high_bound (m: mem) (b: block) := + high (m.(blocks) b). + +(** A block address is valid if it was previously allocated. It remains valid + even after being freed. *) + +Definition valid_block (m: mem) (b: block) := + b < m.(nextblock). + +(** Reading and writing [N] adjacent locations in a [contentmap]. + + We define two functions and prove some of their properties: + - [getN n ofs m] returns the datum at offset [ofs] in block contents [m] + after checking that the contents of offsets [ofs+1] to [ofs+n+1] + are [Cont]. + - [setN n ofs v m] updates the block contents [m], storing the content [v] + at offset [ofs] and the content [Cont] at offsets [ofs+1] to [ofs+n+1]. + *) + +Fixpoint check_cont (n: nat) (p: Z) (m: contentmap) {struct n} : bool := + match n with + | O => true + | S n1 => + match m p with + | Cont => check_cont n1 (p + 1) m + | _ => false + end + end. + +Definition getN (n: nat) (p: Z) (m: contentmap) : content := + if check_cont n (p + 1) m then m p else Undef. + +Fixpoint set_cont (n: nat) (p: Z) (m: contentmap) {struct n} : contentmap := + match n with + | O => m + | S n1 => update p Cont (set_cont n1 (p + 1) m) + end. + +Definition setN (n: nat) (p: Z) (v: content) (m: contentmap) : contentmap := + update p v (set_cont n (p + 1) m). + +Lemma check_cont_true: + forall n p m, + (forall q, p <= q < p + Z_of_nat n -> m q = Cont) -> + check_cont n p m = true. +Proof. + induction n; intros. + reflexivity. + simpl. rewrite H. apply IHn. + intros. apply H. rewrite inj_S. omega. + rewrite inj_S. omega. +Qed. + +Hint Resolve check_cont_true. + +Lemma check_cont_inv: + forall n p m, + check_cont n p m = true -> + (forall q, p <= q < p + Z_of_nat n -> m q = Cont). +Proof. + induction n; intros until m. + unfold Z_of_nat. intros. omegaContradiction. + unfold check_cont; fold check_cont. + caseEq (m p); intros; try discriminate. + assert (p = q \/ p + 1 <= q < (p + 1) + Z_of_nat n). + rewrite inj_S in H1. omega. + elim H2; intro. + subst q. auto. + apply IHn with (p + 1); auto. +Qed. + +Hint Resolve check_cont_inv. + +Lemma check_cont_false: + forall n p q m, + p <= q < p + Z_of_nat n -> + m q <> Cont -> + check_cont n p m = false. +Proof. + intros. caseEq (check_cont n p m); intro. + generalize (check_cont_inv _ _ _ H1 q H). intro. contradiction. + auto. +Qed. + +Hint Resolve check_cont_false. + +Lemma set_cont_inside: + forall n p m q, + p <= q < p + Z_of_nat n -> + (set_cont n p m) q = Cont. +Proof. + induction n; intros. + unfold Z_of_nat in H. omegaContradiction. + simpl. + assert (p = q \/ p + 1 <= q < (p + 1) + Z_of_nat n). + rewrite inj_S in H. omega. + elim H0; intro. + subst q. apply update_s. + rewrite update_o. apply IHn. auto. + red; intro; subst q. omega. +Qed. + +Hint Resolve set_cont_inside. + +Lemma set_cont_outside: + forall n p m q, + q < p \/ p + Z_of_nat n <= q -> + (set_cont n p m) q = m q. +Proof. + induction n; intros. + simpl. auto. + simpl. rewrite inj_S in H. + rewrite update_o. apply IHn. omega. omega. +Qed. + +Hint Resolve set_cont_outside. + +Lemma getN_setN_same: + forall n p v m, + getN n p (setN n p v m) = v. +Proof. + intros. unfold getN, setN. + rewrite check_cont_true. apply update_s. + intros. rewrite update_o. apply set_cont_inside. auto. + omega. +Qed. + +Hint Resolve getN_setN_same. + +Lemma getN_setN_other: + forall n1 n2 p1 p2 v m, + p1 + Z_of_nat n1 < p2 \/ p2 + Z_of_nat n2 < p1 -> + getN n2 p2 (setN n1 p1 v m) = getN n2 p2 m. +Proof. + intros. unfold getN, setN. + caseEq (check_cont n2 (p2 + 1) m); intro. + rewrite check_cont_true. rewrite update_o. + apply set_cont_outside. omega. omega. + intros. rewrite update_o. rewrite set_cont_outside. + eapply check_cont_inv. eauto. auto. + omega. omega. + caseEq (check_cont n2 (p2 + 1) (update p1 v (set_cont n1 (p1 + 1) m))); intros. + assert (check_cont n2 (p2 + 1) m = true). + apply check_cont_true. intros. + generalize (check_cont_inv _ _ _ H1 q H2). + rewrite update_o. rewrite set_cont_outside. auto. omega. omega. + rewrite H0 in H2; discriminate. + auto. +Qed. + +Hint Resolve getN_setN_other. + +Lemma getN_setN_overlap: + forall n1 n2 p1 p2 v m, + p1 <> p2 -> + p1 + Z_of_nat n1 >= p2 -> p2 + Z_of_nat n2 >= p1 -> + v <> Cont -> + getN n2 p2 (setN n1 p1 v m) = Cont \/ + getN n2 p2 (setN n1 p1 v m) = Undef. +Proof. + intros. unfold getN. + caseEq (check_cont n2 (p2 + 1) (setN n1 p1 v m)); intro. + case (zlt p2 p1); intro. + assert (p2 + 1 <= p1 < p2 + 1 + Z_of_nat n2). omega. + generalize (check_cont_inv _ _ _ H3 p1 H4). + unfold setN. rewrite update_s. intro. contradiction. + left. unfold setN. rewrite update_o. + apply set_cont_inside. omega. auto. + right; auto. +Qed. + +Hint Resolve getN_setN_overlap. + +Lemma getN_setN_mismatch: + forall n1 n2 p v m, + getN n2 p (setN n1 p v m) = v \/ getN n2 p (setN n1 p v m) = Undef. +Proof. + intros. unfold getN. + caseEq (check_cont n2 (p + 1) (setN n1 p v m)); intro. + left. unfold setN. apply update_s. + right. auto. +Qed. + +Hint Resolve getN_setN_mismatch. + +Lemma getN_init: + forall n p, + getN n p (fun y => Undef) = Undef. +Proof. + intros. unfold getN. + case (check_cont n (p + 1) (fun y => Undef)); auto. +Qed. + +Hint Resolve getN_init. + +(** The following function checks whether accessing the given memory chunk + at the given offset in the given block respects the bounds of the block. *) + +Definition in_bounds (chunk: memory_chunk) (ofs: Z) (c: block_contents) : + {c.(low) <= ofs /\ ofs + size_chunk chunk <= c.(high)} + + {c.(low) > ofs \/ ofs + size_chunk chunk > c.(high)} := + match zle c.(low) ofs, zle (ofs + size_chunk chunk) c.(high) with + | left P1, left P2 => left _ (conj P1 P2) + | left P1, right P2 => right _ (or_intror _ P2) + | right P1, _ => right _ (or_introl _ P1) + end. + +Lemma in_bounds_holds: + forall (chunk: memory_chunk) (ofs: Z) (c: block_contents) + (A: Set) (a b: A), + c.(low) <= ofs -> ofs + size_chunk chunk <= c.(high) -> + (if in_bounds chunk ofs c then a else b) = a. +Proof. + intros. case (in_bounds chunk ofs c); intro. + auto. + omegaContradiction. +Qed. + +Lemma in_bounds_exten: + forall (chunk: memory_chunk) (ofs: Z) (c: block_contents) (x: contentmap) P, + in_bounds chunk ofs (mkblock (low c) (high c) x P) = + in_bounds chunk ofs c. +Proof. + intros; reflexivity. +Qed. + +Hint Resolve in_bounds_holds in_bounds_exten. + +(** [valid_pointer] holds if the given block address is valid and the + given offset falls within the bounds of the corresponding block. *) + +Definition valid_pointer (m: mem) (b: block) (ofs: Z) : bool := + if zlt b m.(nextblock) then + (let c := m.(blocks) b in + if zle c.(low) ofs then if zlt ofs c.(high) then true else false + else false) + else false. + +(** Read a quantity of size [sz] at offset [ofs] in block contents [c]. + Return [Vundef] if the requested size does not match that of the + current contents, or if the following offsets do not contain [Cont]. + The first check captures a size mismatch between the read and the + latest write at this offset. The second check captures partial overwriting + of the latest write at this offset by a more recent write at a nearby + offset. *) + +Definition load_contents (sz: memory_size) (c: contentmap) (ofs: Z) : val := + match sz with + | Size8 => + match getN 0%nat ofs c with + | Datum8 n => n + | _ => Vundef + end + | Size16 => + match getN 1%nat ofs c with + | Datum16 n => n + | _ => Vundef + end + | Size32 => + match getN 3%nat ofs c with + | Datum32 n => n + | _ => Vundef + end + | Size64 => + match getN 7%nat ofs c with + | Datum64 n => n + | _ => Vundef + end + end. + +(** [load chunk m b ofs] perform a read in memory state [m], at address + [b] and offset [ofs]. [None] is returned if the address is invalid + or the memory access is out of bounds. *) + +Definition load (chunk: memory_chunk) (m: mem) (b: block) (ofs: Z) + : option val := + if zlt b m.(nextblock) then + (let c := m.(blocks) b in + if in_bounds chunk ofs c + then Some (Val.load_result chunk + (load_contents (mem_chunk chunk) c.(contents) ofs)) + else None) + else + None. + +(** [loadv chunk m addr] is similar, but the address and offset are given + as a single value [addr], which must be a pointer value. *) + +Definition loadv (chunk: memory_chunk) (m: mem) (addr: val) : option val := + match addr with + | Vptr b ofs => load chunk m b (Int.signed ofs) + | _ => None + end. + +Theorem load_in_bounds: + forall (chunk: memory_chunk) (m: mem) (b: block) (ofs: Z), + valid_block m b -> + low_bound m b <= ofs -> + ofs + size_chunk chunk <= high_bound m b -> + exists v, load chunk m b ofs = Some v. +Proof. + intros. unfold load. rewrite zlt_true; auto. + rewrite in_bounds_holds. + exists (Val.load_result chunk + (load_contents (mem_chunk chunk) + (contents (m.(blocks) b)) + ofs)). + auto. + exact H0. exact H1. +Qed. + +Lemma load_inv: + forall (chunk: memory_chunk) (m: mem) (b: block) (ofs: Z) (v: val), + load chunk m b ofs = Some v -> + let c := m.(blocks) b in + b < m.(nextblock) /\ + c.(low) <= ofs /\ + ofs + size_chunk chunk <= c.(high) /\ + Val.load_result chunk (load_contents (mem_chunk chunk) c.(contents) ofs) = v. +Proof. + intros until v; unfold load. + case (zlt b (nextblock m)); intro. + set (c := m.(blocks) b). + case (in_bounds chunk ofs c). + intuition congruence. + intros; discriminate. + intros; discriminate. +Qed. +Hint Resolve load_in_bounds load_inv. + +(* Write the value [v] with size [sz] at offset [ofs] in block contents [c]. + Return updated block contents. [Cont] contents are stored at the following + offsets. *) + +Definition store_contents (sz: memory_size) (c: contentmap) + (ofs: Z) (v: val) : contentmap := + match sz with + | Size8 => + setN 0%nat ofs (Datum8 v) c + | Size16 => + setN 1%nat ofs (Datum16 v) c + | Size32 => + setN 3%nat ofs (Datum32 v) c + | Size64 => + setN 7%nat ofs (Datum64 v) c + end. + +Remark store_contents_undef_outside: + forall sz c ofs v lo hi, + lo <= ofs /\ ofs + size_mem sz <= hi -> + (forall x, x < lo \/ x >= hi -> c x = Undef) -> + (forall x, x < lo \/ x >= hi -> + store_contents sz c ofs v x = Undef). +Proof. + intros until hi; intros [LO HI] UO. + assert (forall n d x, + ofs + (1 + Z_of_nat n) <= hi -> + x < lo \/ x >= hi -> + setN n ofs d c x = Undef). + intros. unfold setN. rewrite update_o. + transitivity (c x). apply set_cont_outside. omega. + apply UO. omega. omega. + unfold store_contents; destruct sz; unfold size_mem in HI; + intros; apply H; auto; simpl Z_of_nat; auto. +Qed. + +Definition unchecked_store + (chunk: memory_chunk) (m: mem) (b: block) + (ofs: Z) (v: val) + (P: (m.(blocks) b).(low) <= ofs /\ + ofs + size_chunk chunk <= (m.(blocks) b).(high)) : mem := + let c := m.(blocks) b in + mkmem + (update b + (mkblock c.(low) c.(high) + (store_contents (mem_chunk chunk) c.(contents) ofs v) + (store_contents_undef_outside (mem_chunk chunk) c.(contents) + ofs v _ _ P c.(undef_outside))) + m.(blocks)) + m.(nextblock) + m.(nextblock_pos). + +(** [store chunk m b ofs v] perform a write in memory state [m]. + Value [v] is stored at address [b] and offset [ofs]. + Return the updated memory store, or [None] if the address is invalid + or the memory access is out of bounds. *) + +Definition store (chunk: memory_chunk) (m: mem) (b: block) + (ofs: Z) (v: val) : option mem := + if zlt b m.(nextblock) then + match in_bounds chunk ofs (m.(blocks) b) with + | left P => Some(unchecked_store chunk m b ofs v P) + | right _ => None + end + else + None. + +(** [storev chunk m addr v] is similar, but the address and offset are given + as a single value [addr], which must be a pointer value. *) + +Definition storev (chunk: memory_chunk) (m: mem) (addr v: val) : option mem := + match addr with + | Vptr b ofs => store chunk m b (Int.signed ofs) v + | _ => None + end. + +Theorem store_in_bounds: + forall (chunk: memory_chunk) (m: mem) (b: block) (ofs: Z) (v: val), + valid_block m b -> + low_bound m b <= ofs -> + ofs + size_chunk chunk <= high_bound m b -> + exists m', store chunk m b ofs v = Some m'. +Proof. + intros. unfold store. + rewrite zlt_true; auto. + case (in_bounds chunk ofs (blocks m b)); intro P. + exists (unchecked_store chunk m b ofs v P). reflexivity. + unfold low_bound in H0. unfold high_bound in H1. omegaContradiction. +Qed. + +Lemma store_inv: + forall (chunk: memory_chunk) (m m': mem) (b: block) (ofs: Z) (v: val), + store chunk m b ofs v = Some m' -> + let c := m.(blocks) b in + b < m.(nextblock) /\ + c.(low) <= ofs /\ + ofs + size_chunk chunk <= c.(high) /\ + m'.(nextblock) = m.(nextblock) /\ + exists P, m'.(blocks) = + update b (mkblock c.(low) c.(high) + (store_contents (mem_chunk chunk) c.(contents) ofs v) P) + m.(blocks). +Proof. + intros until v; unfold store. + case (zlt b (nextblock m)); intro. + set (c := m.(blocks) b). + case (in_bounds chunk ofs c). + intros; injection H; intro; subst m'. simpl. + intuition. fold c. + exists (store_contents_undef_outside (mem_chunk chunk) + (contents c) ofs v (low c) (high c) a (undef_outside c)). + auto. + intros; discriminate. + intros; discriminate. +Qed. + +Hint Resolve store_in_bounds store_inv. + +(** * Properties of the memory operations *) + +(** ** Properties related to block validity *) + +Lemma valid_not_valid_diff: + forall m b b', valid_block m b -> ~(valid_block m b') -> b <> b'. +Proof. + intros; red; intros. subst b'. contradiction. +Qed. + +Theorem fresh_block_alloc: + forall (m1 m2: mem) (lo hi: Z) (b: block), + alloc m1 lo hi = (m2, b) -> ~(valid_block m1 b). +Proof. + intros. injection H; intros; subst b. + unfold valid_block. omega. +Qed. + +Theorem valid_new_block: + forall (m1 m2: mem) (lo hi: Z) (b: block), + alloc m1 lo hi = (m2, b) -> valid_block m2 b. +Proof. + unfold alloc, valid_block; intros. + injection H; intros. subst b; subst m2; simpl. omega. +Qed. + +Theorem valid_block_alloc: + forall (m1 m2: mem) (lo hi: Z) (b b': block), + alloc m1 lo hi = (m2, b') -> + valid_block m1 b -> valid_block m2 b. +Proof. + unfold alloc, valid_block; intros. + injection H; intros. subst m2; simpl. omega. +Qed. + +Theorem valid_block_store: + forall (chunk: memory_chunk) (m1 m2: mem) (b b': block) (ofs: Z) (v: val), + store chunk m1 b' ofs v = Some m2 -> + valid_block m1 b -> valid_block m2 b. +Proof. + intros. generalize (store_inv _ _ _ _ _ _ H). + intros [A [B [C [D [P E]]]]]. + red. rewrite D. exact H0. +Qed. + +Theorem valid_block_free: + forall (m: mem) (b b': block), + valid_block m b -> valid_block (free m b') b. +Proof. + unfold valid_block, free; intros. + simpl. auto. +Qed. + +(** ** Properties related to [alloc] *) + +Theorem load_alloc_other: + forall (chunk: memory_chunk) (m1 m2: mem) + (b b': block) (ofs lo hi: Z) (v: val), + alloc m1 lo hi = (m2, b') -> + load chunk m1 b ofs = Some v -> + load chunk m2 b ofs = Some v. +Proof. + unfold alloc; intros. + injection H; intros; subst m2; clear H. + generalize (load_inv _ _ _ _ _ H0). + intros (A, (B, (C, D))). + unfold load; simpl. + rewrite zlt_true. + repeat (rewrite update_o). + rewrite in_bounds_holds. congruence. auto. auto. + omega. omega. +Qed. + +Lemma load_contents_init: + forall (sz: memory_size) (ofs: Z), + load_contents sz (fun y => Undef) ofs = Vundef. +Proof. + intros. destruct sz; reflexivity. +Qed. + +Theorem load_alloc_same: + forall (chunk: memory_chunk) (m1 m2: mem) + (b b': block) (ofs lo hi: Z) (v: val), + alloc m1 lo hi = (m2, b') -> + load chunk m2 b' ofs = Some v -> + v = Vundef. +Proof. + unfold alloc; intros. + injection H; intros; subst m2; clear H. + generalize (load_inv _ _ _ _ _ H0). + simpl. rewrite H1. rewrite update_s. simpl. intros (A, (B, (C, D))). + rewrite <- D. rewrite load_contents_init. + destruct chunk; reflexivity. +Qed. + +Theorem low_bound_alloc: + forall (m1 m2: mem) (b b': block) (lo hi: Z), + alloc m1 lo hi = (m2, b') -> + low_bound m2 b = if zeq b b' then lo else low_bound m1 b. +Proof. + unfold alloc; intros. + injection H; intros; subst m2; clear H. + unfold low_bound; simpl. + unfold update. + subst b'. + case (zeq b (nextblock m1)); reflexivity. +Qed. + +Theorem high_bound_alloc: + forall (m1 m2: mem) (b b': block) (lo hi: Z), + alloc m1 lo hi = (m2, b') -> + high_bound m2 b = if zeq b b' then hi else high_bound m1 b. +Proof. + unfold alloc; intros. + injection H; intros; subst m2; clear H. + unfold high_bound; simpl. + unfold update. + subst b'. + case (zeq b (nextblock m1)); reflexivity. +Qed. + +Theorem store_alloc: + forall (chunk: memory_chunk) (m1 m2: mem) (b: block) (ofs lo hi: Z) (v: val), + alloc m1 lo hi = (m2, b) -> + lo <= ofs -> ofs + size_chunk chunk <= hi -> + exists m2', store chunk m2 b ofs v = Some m2'. +Proof. + unfold alloc; intros. + injection H; intros. + assert (A: b < m2.(nextblock)). + subst m2; subst b; simpl; omega. + assert (B: low_bound m2 b <= ofs). + subst m2; subst b. unfold low_bound; simpl. rewrite update_s. + simpl. assumption. + assert (C: ofs + size_chunk chunk <= high_bound m2 b). + subst m2; subst b. unfold high_bound; simpl. rewrite update_s. + simpl. assumption. + exact (store_in_bounds chunk m2 b ofs v A B C). +Qed. + +Hint Resolve store_alloc high_bound_alloc low_bound_alloc load_alloc_same +load_contents_init load_alloc_other. + +(** ** Properties related to [free] *) + +Theorem load_free: + forall (chunk: memory_chunk) (m: mem) (b bf: block) (ofs: Z), + b <> bf -> + load chunk (free m bf) b ofs = load chunk m b ofs. +Proof. + intros. unfold free, load; simpl. + case (zlt b (nextblock m)). + repeat (rewrite update_o; auto). + reflexivity. +Qed. + +Theorem low_bound_free: + forall (m: mem) (b bf: block), + b <> bf -> + low_bound (free m bf) b = low_bound m b. +Proof. + intros. unfold free, low_bound; simpl. + rewrite update_o; auto. +Qed. + +Theorem high_bound_free: + forall (m: mem) (b bf: block), + b <> bf -> + high_bound (free m bf) b = high_bound m b. +Proof. + intros. unfold free, high_bound; simpl. + rewrite update_o; auto. +Qed. +Hint Resolve load_free low_bound_free high_bound_free. + +(** ** Properties related to [store] *) + +Lemma store_is_in_bounds: + forall chunk m1 b ofs v m2, + store chunk m1 b ofs v = Some m2 -> + low_bound m1 b <= ofs /\ ofs + size_chunk chunk <= high_bound m1 b. +Proof. + intros. generalize (store_inv _ _ _ _ _ _ H). + intros [A [B [C [P D]]]]. + unfold low_bound, high_bound. tauto. +Qed. + +Lemma load_store_contents_same: + forall (sz: memory_size) (c: contentmap) (ofs: Z) (v: val), + load_contents sz (store_contents sz c ofs v) ofs = v. +Proof. + intros until v. + unfold load_contents, store_contents in |- *; case sz; + rewrite getN_setN_same; reflexivity. +Qed. + +Theorem load_store_same: + forall (chunk: memory_chunk) (m1 m2: mem) (b: block) (ofs: Z) (v: val), + store chunk m1 b ofs v = Some m2 -> + load chunk m2 b ofs = Some (Val.load_result chunk v). +Proof. + intros. + generalize (store_inv _ _ _ _ _ _ H). + intros (A, (B, (C, (D, (P, E))))). + unfold load. rewrite D. + rewrite zlt_true; auto. rewrite E. + repeat (rewrite update_s). simpl. + rewrite in_bounds_exten. rewrite in_bounds_holds; auto. + rewrite load_store_contents_same; auto. +Qed. + +Lemma load_store_contents_other: + forall (sz1 sz2: memory_size) (c: contentmap) + (ofs1 ofs2: Z) (v: val), + ofs2 + size_mem sz2 <= ofs1 \/ ofs1 + size_mem sz1 <= ofs2 -> + load_contents sz2 (store_contents sz1 c ofs1 v) ofs2 = + load_contents sz2 c ofs2. +Proof. + intros until v. + unfold size_mem, store_contents, load_contents; + case sz1; case sz2; intros; + (rewrite getN_setN_other; + [reflexivity | simpl Z_of_nat; omega]). +Qed. + +Theorem load_store_other: + forall (chunk1 chunk2: memory_chunk) (m1 m2: mem) + (b1 b2: block) (ofs1 ofs2: Z) (v: val), + store chunk1 m1 b1 ofs1 v = Some m2 -> + b1 <> b2 + \/ ofs2 + size_chunk chunk2 <= ofs1 + \/ ofs1 + size_chunk chunk1 <= ofs2 -> + load chunk2 m2 b2 ofs2 = load chunk2 m1 b2 ofs2. +Proof. + intros. + generalize (store_inv _ _ _ _ _ _ H). + intros (A, (B, (C, (D, (P, E))))). + unfold load. rewrite D. + case (zlt b2 (nextblock m1)); intro. + rewrite E; unfold update; case (zeq b2 b1); intro; simpl. + subst b2. rewrite in_bounds_exten. + rewrite load_store_contents_other. auto. + tauto. + reflexivity. + reflexivity. +Qed. + +Ltac LSCO := + match goal with + | |- (match getN ?sz2 ?ofs2 (setN ?sz1 ?ofs1 ?v ?c) with + | Undef => _ + | Datum8 _ => _ + | Datum16 _ => _ + | Datum32 _ => _ + | Datum64 _ => _ + | Cont => _ + end = _) => + elim (getN_setN_overlap sz1 sz2 ofs1 ofs2 v c); + [ let H := fresh in (intro H; rewrite H; reflexivity) + | let H := fresh in (intro H; rewrite H; reflexivity) + | assumption + | simpl Z_of_nat; omega + | simpl Z_of_nat; omega + | discriminate ] + end. + +Lemma load_store_contents_overlap: + forall (sz1 sz2: memory_size) (c: contentmap) + (ofs1 ofs2: Z) (v: val), + ofs1 <> ofs2 -> + ofs2 + size_mem sz2 > ofs1 -> ofs1 + size_mem sz1 > ofs2 -> + load_contents sz2 (store_contents sz1 c ofs1 v) ofs2 = Vundef. +Proof. + intros. + destruct sz1; destruct sz2; simpl in H0; simpl in H1; simpl; LSCO. +Qed. + +Ltac LSCM := + match goal with + | H:(?x <> ?x) |- _ => + elim H; reflexivity + | |- (match getN ?sz2 ?ofs (setN ?sz1 ?ofs ?v ?c) with + | Undef => _ + | Datum8 _ => _ + | Datum16 _ => _ + | Datum32 _ => _ + | Datum64 _ => _ + | Cont => _ + end = _) => + elim (getN_setN_mismatch sz1 sz2 ofs v c); + [ let H := fresh in (intro H; rewrite H; reflexivity) + | let H := fresh in (intro H; rewrite H; reflexivity) ] + end. + +Lemma load_store_contents_mismatch: + forall (sz1 sz2: memory_size) (c: contentmap) + (ofs: Z) (v: val), + sz1 <> sz2 -> + load_contents sz2 (store_contents sz1 c ofs v) ofs = Vundef. +Proof. + intros. + destruct sz1; destruct sz2; simpl; LSCM. +Qed. + +Theorem low_bound_store: + forall (chunk: memory_chunk) (m1 m2: mem) (b b': block) (ofs: Z) (v: val), + store chunk m1 b ofs v = Some m2 -> + low_bound m2 b' = low_bound m1 b'. +Proof. + intros. + generalize (store_inv _ _ _ _ _ _ H). + intros (A, (B, (C, (D, (P, E))))). + unfold low_bound. rewrite E; unfold update. + case (zeq b' b); intro. + subst b'. reflexivity. + reflexivity. +Qed. + +Theorem high_bound_store: + forall (chunk: memory_chunk) (m1 m2: mem) (b b': block) (ofs: Z) (v: val), + store chunk m1 b ofs v = Some m2 -> + high_bound m2 b' = high_bound m1 b'. +Proof. + intros. + generalize (store_inv _ _ _ _ _ _ H). + intros (A, (B, (C, (D, (P, E))))). + unfold high_bound. rewrite E; unfold update. + case (zeq b' b); intro. + subst b'. reflexivity. + reflexivity. +Qed. + +Hint Resolve high_bound_store low_bound_store load_store_contents_mismatch + load_store_contents_overlap load_store_other store_is_in_bounds + load_store_contents_same load_store_same load_store_contents_other. + +(** * Agreement between memory blocks. *) + +(** Two memory blocks [c1] and [c2] agree on a range [lo] to [hi] + if they associate the same contents to byte offsets in the range + [lo] (included) to [hi] (excluded). *) + +Definition contentmap_agree (lo hi: Z) (c1 c2: contentmap) := + forall (ofs: Z), + lo <= ofs < hi -> c1 ofs = c2 ofs. + +Definition block_contents_agree (lo hi: Z) (c1 c2: block_contents) := + contentmap_agree lo hi c1.(contents) c2.(contents). + +Definition block_agree (b: block) (lo hi: Z) (m1 m2: mem) := + block_contents_agree lo hi + (m1.(blocks) b) (m2.(blocks) b). + +Theorem block_agree_refl: + forall (m: mem) (b: block) (lo hi: Z), + block_agree b lo hi m m. +Proof. + intros. hnf. auto. +Qed. + +Theorem block_agree_sym: + forall (m1 m2: mem) (b: block) (lo hi: Z), + block_agree b lo hi m1 m2 -> + block_agree b lo hi m2 m1. +Proof. + intros. hnf. intros. symmetry. apply H. auto. +Qed. + +Theorem block_agree_trans: + forall (m1 m2 m3: mem) (b: block) (lo hi: Z), + block_agree b lo hi m1 m2 -> + block_agree b lo hi m2 m3 -> + block_agree b lo hi m1 m3. +Proof. + intros. hnf. intros. + transitivity (contents (blocks m2 b) ofs). + apply H; auto. apply H0; auto. +Qed. + +Lemma check_cont_agree: + forall (c1 c2: contentmap) (lo hi: Z), + contentmap_agree lo hi c1 c2 -> + forall (n: nat) (ofs: Z), + lo <= ofs -> ofs + Z_of_nat n <= hi -> + check_cont n ofs c2 = check_cont n ofs c1. +Proof. + induction n; intros; simpl. + auto. + rewrite inj_S in H1. + rewrite H. case (c2 ofs); intros; auto. + apply IHn; omega. + omega. +Qed. + +Lemma getN_agree: + forall (c1 c2: contentmap) (lo hi: Z), + contentmap_agree lo hi c1 c2 -> + forall (n: nat) (ofs: Z), + lo <= ofs -> ofs + Z_of_nat n < hi -> + getN n ofs c2 = getN n ofs c1. +Proof. + intros. unfold getN. + rewrite (check_cont_agree c1 c2 lo hi H n (ofs + 1)). + case (check_cont n (ofs + 1) c1). + symmetry. apply H. omega. auto. + omega. omega. +Qed. + +Lemma load_contentmap_agree: + forall (sz: memory_size) (c1 c2: contentmap) (lo hi ofs: Z), + contentmap_agree lo hi c1 c2 -> + lo <= ofs -> ofs + size_mem sz <= hi -> + load_contents sz c2 ofs = load_contents sz c1 ofs. +Proof. + intros sz c1 c2 lo hi ofs EX LO. + unfold load_contents, size_mem; case sz; intro HI; + rewrite (getN_agree c1 c2 lo hi EX); auto; simpl Z_of_nat; omega. +Qed. + +Lemma set_cont_agree: + forall (lo hi: Z) (n: nat) (c1 c2: contentmap) (ofs: Z), + contentmap_agree lo hi c1 c2 -> + contentmap_agree lo hi (set_cont n ofs c1) (set_cont n ofs c2). +Proof. + induction n; simpl; intros. + auto. + red. intros p B. + case (zeq p ofs); intro. + subst p. repeat (rewrite update_s). reflexivity. + repeat (rewrite update_o). apply IHn. assumption. + assumption. auto. auto. +Qed. + +Lemma setN_agree: + forall (lo hi: Z) (n: nat) (c1 c2: contentmap) (ofs: Z) (v: content), + contentmap_agree lo hi c1 c2 -> + contentmap_agree lo hi (setN n ofs v c1) (setN n ofs v c2). +Proof. + intros. unfold setN. red; intros p B. + case (zeq p ofs); intro. + subst p. repeat (rewrite update_s). reflexivity. + repeat (rewrite update_o; auto). + exact (set_cont_agree lo hi n c1 c2 (ofs + 1) H p B). +Qed. + +Lemma store_contentmap_agree: + forall (sz: memory_size) (c1 c2: contentmap) (lo hi ofs: Z) (v: val), + contentmap_agree lo hi c1 c2 -> + contentmap_agree lo hi + (store_contents sz c1 ofs v) (store_contents sz c2 ofs v). +Proof. + intros. unfold store_contents; case sz; apply setN_agree; auto. +Qed. + +Lemma set_cont_outside_agree: + forall (lo hi: Z) (n: nat) (c1 c2: contentmap) (ofs: Z), + contentmap_agree lo hi c1 c2 -> + ofs + Z_of_nat n <= lo \/ hi <= ofs -> + contentmap_agree lo hi c1 (set_cont n ofs c2). +Proof. + induction n; intros; simpl. + auto. + red; intros p R. rewrite inj_S in H0. + unfold update. case (zeq p ofs); intro. + subst p. omegaContradiction. + apply IHn. auto. omega. auto. +Qed. + +Lemma setN_outside_agree: + forall (lo hi: Z) (n: nat) (c1 c2: contentmap) (ofs: Z) (v: content), + contentmap_agree lo hi c1 c2 -> + ofs + Z_of_nat n < lo \/ hi <= ofs -> + contentmap_agree lo hi c1 (setN n ofs v c2). +Proof. + intros. unfold setN. red; intros p R. + unfold update. case (zeq p ofs); intro. + omegaContradiction. + apply (set_cont_outside_agree lo hi n c1 c2 (ofs + 1) H). + omega. auto. +Qed. + +Lemma store_contentmap_outside_agree: + forall (sz: memory_size) (c1 c2: contentmap) (lo hi ofs: Z) (v: val), + contentmap_agree lo hi c1 c2 -> + ofs + size_mem sz <= lo \/ hi <= ofs -> + contentmap_agree lo hi c1 (store_contents sz c2 ofs v). +Proof. + intros until v. + unfold store_contents; case sz; simpl; intros; + apply setN_outside_agree; auto; simpl Z_of_nat; omega. +Qed. + +Theorem load_agree: + forall (chunk: memory_chunk) (m1 m2: mem) + (b: block) (lo hi: Z) (ofs: Z) (v1 v2: val), + block_agree b lo hi m1 m2 -> + lo <= ofs -> ofs + size_chunk chunk <= hi -> + load chunk m1 b ofs = Some v1 -> + load chunk m2 b ofs = Some v2 -> + v1 = v2. +Proof. + intros. + generalize (load_inv _ _ _ _ _ H2). intros [K [L [M N]]]. + generalize (load_inv _ _ _ _ _ H3). intros [P [Q [R S]]]. + subst v1; subst v2. symmetry. + decEq. eapply load_contentmap_agree. + apply H. auto. auto. +Qed. + +Theorem store_agree: + forall (chunk: memory_chunk) (m1 m2 m1' m2': mem) + (b: block) (lo hi: Z) + (b': block) (ofs: Z) (v: val), + block_agree b lo hi m1 m2 -> + store chunk m1 b' ofs v = Some m1' -> + store chunk m2 b' ofs v = Some m2' -> + block_agree b lo hi m1' m2'. +Proof. + intros. + generalize (store_inv _ _ _ _ _ _ H0). + intros [I [J [K [L [x M]]]]]. + generalize (store_inv _ _ _ _ _ _ H1). + intros [P [Q [R [S [y T]]]]]. + red. red. + rewrite M; rewrite T; unfold update. + case (zeq b b'); intro; simpl. + subst b'. apply store_contentmap_agree. assumption. + apply H. +Qed. + +Theorem store_outside_agree: + forall (chunk: memory_chunk) (m1 m2 m2': mem) + (b: block) (lo hi: Z) + (b': block) (ofs: Z) (v: val), + block_agree b lo hi m1 m2 -> + b <> b' \/ ofs + size_chunk chunk <= lo \/ hi <= ofs -> + store chunk m2 b' ofs v = Some m2' -> + block_agree b lo hi m1 m2'. +Proof. + intros. + generalize (store_inv _ _ _ _ _ _ H1). + intros [I [J [K [L [x M]]]]]. + red. red. rewrite M; unfold update; + case (zeq b b'); intro; simpl. + subst b'. apply store_contentmap_outside_agree. + assumption. + elim H0; intro. tauto. exact H2. + apply H. +Qed. + +(** * Store extensions *) + +(** A store [m2] extends a store [m1] if [m2] can be obtained from [m1] + by increasing the sizes of the memory blocks of [m1] (decreasing + the low bounds, increasing the high bounds), while still keeping the + same contents for block offsets that are valid in [m1]. + This notion is used in the proof of semantic equivalence in + module [Machenv]. *) + +Definition block_contents_extends (c1 c2: block_contents) := + c2.(low) <= c1.(low) /\ c1.(high) <= c2.(high) /\ + contentmap_agree c1.(low) c1.(high) c1.(contents) c2.(contents). + +Definition extends (m1 m2: mem) := + m1.(nextblock) = m2.(nextblock) /\ + forall (b: block), + b < m1.(nextblock) -> + block_contents_extends (m1.(blocks) b) (m2.(blocks) b). + +Theorem extends_refl: + forall (m: mem), extends m m. +Proof. + intro. red. split. + reflexivity. + intros. red. + split. omega. split. omega. + red. intros. reflexivity. +Qed. + +Theorem alloc_extends: + forall (m1 m2 m1' m2': mem) (lo1 hi1 lo2 hi2: Z) (b1 b2: block), + extends m1 m2 -> + lo2 <= lo1 -> hi1 <= hi2 -> + alloc m1 lo1 hi1 = (m1', b1) -> + alloc m2 lo2 hi2 = (m2', b2) -> + b1 = b2 /\ extends m1' m2'. +Proof. + unfold extends, alloc; intros. + injection H2; intros; subst m1'; subst b1. + injection H3; intros; subst m2'; subst b2. + simpl. intuition. + rewrite <- H4. case (zeq b (nextblock m1)); intro. + subst b. repeat rewrite update_s. + red; simpl. intuition. + red; intros; reflexivity. + repeat rewrite update_o. apply H5. omega. + auto. auto. +Qed. + +Theorem free_extends: + forall (m1 m2: mem) (b: block), + extends m1 m2 -> + extends (free m1 b) (free m2 b). +Proof. + unfold extends, free; intros. + simpl. intuition. + red; intros; simpl. + case (zeq b0 b); intro. + subst b0; repeat (rewrite update_s). + simpl. split. omega. split. omega. + red. intros. omegaContradiction. + repeat (rewrite update_o). + exact (H1 b0 H). + auto. auto. +Qed. + +Theorem load_extends: + forall (chunk: memory_chunk) (m1 m2: mem) (b: block) (ofs: Z) (v: val), + extends m1 m2 -> + load chunk m1 b ofs = Some v -> + load chunk m2 b ofs = Some v. +Proof. + intros sz m1 m2 b ofs v (X, Y) L. + generalize (load_inv _ _ _ _ _ L). + intros (A, (B, (C, D))). + unfold load. rewrite <- X. rewrite zlt_true; auto. + generalize (Y b A); intros [M [P Q]]. + rewrite in_bounds_holds. + rewrite <- D. + decEq. decEq. + apply load_contentmap_agree with + (lo := low((blocks m1) b)) + (hi := high((blocks m1) b)); auto. + omega. omega. +Qed. + +Theorem store_within_extends: + forall (chunk: memory_chunk) (m1 m2 m1': mem) (b: block) (ofs: Z) (v: val), + extends m1 m2 -> + store chunk m1 b ofs v = Some m1' -> + exists m2', store chunk m2 b ofs v = Some m2' /\ extends m1' m2'. +Proof. + intros sz m1 m2 m1' b ofs v (X, Y) STORE. + generalize (store_inv _ _ _ _ _ _ STORE). + intros (A, (B, (C, (D, (x, E))))). + generalize (Y b A); intros [M [P Q]]. + unfold store. rewrite <- X. rewrite zlt_true; auto. + case (in_bounds sz ofs (blocks m2 b)); intro. + exists (unchecked_store sz m2 b ofs v a). + split. auto. + split. + unfold unchecked_store; simpl. congruence. + intros b' LT. + unfold block_contents_extends, unchecked_store, block_contents_agree. + rewrite E; unfold update; simpl. + case (zeq b' b); intro; simpl. + subst b'. split. omega. split. omega. + apply store_contentmap_agree. auto. + apply Y. rewrite <- D. auto. + omegaContradiction. +Qed. + +Theorem store_outside_extends: + forall (chunk: memory_chunk) (m1 m2 m2': mem) (b: block) (ofs: Z) (v: val), + extends m1 m2 -> + ofs + size_chunk chunk <= low_bound m1 b \/ high_bound m1 b <= ofs -> + store chunk m2 b ofs v = Some m2' -> + extends m1 m2'. +Proof. + intros sz m1 m2 m2' b ofs v (X, Y) BOUNDS STORE. + generalize (store_inv _ _ _ _ _ _ STORE). + intros (A, (B, (C, (D, (x, E))))). + split. + congruence. + intros b' LT. + rewrite E; unfold update; case (zeq b' b); intro. + subst b'. generalize (Y b LT). intros [M [P Q]]. + red; simpl. split. omega. split. omega. + apply store_contentmap_outside_agree. + assumption. exact BOUNDS. + auto. +Qed. + +(** * Memory extensionality properties *) + +Lemma block_contents_exten: + forall (c1 c2: block_contents), + c1.(low) = c2.(low) -> + c1.(high) = c2.(high) -> + block_contents_agree c1.(low) c1.(high) c1 c2 -> + c1 = c2. +Proof. + intros. caseEq c1; intros lo1 hi1 m1 UO1 EQ1. subst c1. + caseEq c2; intros lo2 hi2 m2 UO2 EQ2. subst c2. + simpl in *. subst lo2 hi2. + assert (m1 = m2). + unfold contentmap. apply extensionality. intro. + case (zlt x lo1); intro. + rewrite UO1. rewrite UO2. auto. tauto. tauto. + case (zlt x hi1); intro. + apply H1. omega. + rewrite UO1. rewrite UO2. auto. tauto. tauto. + subst m2. + assert (UO1 = UO2). + apply proof_irrelevance. + subst UO2. reflexivity. +Qed. + +Theorem mem_exten: + forall m1 m2, + m1.(nextblock) = m2.(nextblock) -> + (forall b, m1.(blocks) b = m2.(blocks) b) -> + m1 = m2. +Proof. + intros. destruct m1 as [map1 nb1 nextpos1]. destruct m2 as [map2 nb2 nextpos2]. + simpl in *. subst nb2. + assert (map1 = map2). apply extensionality. assumption. + assert (nextpos1 = nextpos2). apply proof_irrelevance. + congruence. +Qed. + +(** * Store injections *) + +(** A memory injection [f] is a function from addresses to either [None] + or [Some] of an address and an offset. It defines a correspondence + between the blocks of two memory states [m1] and [m2]: +- if [f b = None], the block [b] of [m1] has no equivalent in [m2]; +- if [f b = Some(b', ofs)], the block [b] of [m2] corresponds to + a sub-block at offset [ofs] of the block [b'] in [m2]. +*) + +Definition meminj := (block -> option (block * Z))%type. + +Section MEM_INJECT. + +Variable f: meminj. + +(** A memory injection defines a relation between values that is the + identity relation, except for pointer values which are shifted + as prescribed by the memory injection. *) + +Inductive val_inject: val -> val -> Prop := + | val_inject_int: + forall i, val_inject (Vint i) (Vint i) + | val_inject_float: + forall f, val_inject (Vfloat f) (Vfloat f) + | val_inject_ptr: + forall b1 ofs1 b2 ofs2 x, + f b1 = Some (b2, x) -> + ofs2 = Int.add ofs1 (Int.repr x) -> + val_inject (Vptr b1 ofs1) (Vptr b2 ofs2) + | val_inject_undef: forall v, + val_inject Vundef v. + +Hint Resolve val_inject_int val_inject_float val_inject_ptr +val_inject_undef. + +Inductive val_list_inject: list val -> list val-> Prop:= + | val_nil_inject : + val_list_inject nil nil + | val_cons_inject : forall v v' vl vl' , + val_inject v v' -> val_list_inject vl vl'-> + val_list_inject (v::vl) (v':: vl'). + +Inductive val_content_inject: memory_size -> val -> val -> Prop := + | val_content_inject_base: + forall sz v1 v2, + val_inject v1 v2 -> + val_content_inject sz v1 v2 + | val_content_inject_8: + forall n1 n2, + Int.cast8unsigned n1 = Int.cast8unsigned n2 -> + val_content_inject Size8 (Vint n1) (Vint n2) + | val_content_inject_16: + forall n1 n2, + Int.cast16unsigned n1 = Int.cast16unsigned n2 -> + val_content_inject Size16 (Vint n1) (Vint n2) + | val_content_inject_32: + forall f1 f2, + Float.singleoffloat f1 = Float.singleoffloat f2 -> + val_content_inject Size32 (Vfloat f1) (Vfloat f2). + +Hint Resolve val_content_inject_base. + +Inductive content_inject: content -> content -> Prop := + | content_inject_undef: + forall c, + content_inject Undef c + | content_inject_datum8: + forall v1 v2, + val_content_inject Size8 v1 v2 -> + content_inject (Datum8 v1) (Datum8 v2) + | content_inject_datum16: + forall v1 v2, + val_content_inject Size16 v1 v2 -> + content_inject (Datum16 v1) (Datum16 v2) + | content_inject_datum32: + forall v1 v2, + val_content_inject Size32 v1 v2 -> + content_inject (Datum32 v1) (Datum32 v2) + | content_inject_datum64: + forall v1 v2, + val_content_inject Size64 v1 v2 -> + content_inject (Datum64 v1) (Datum64 v2) + | content_inject_cont: + content_inject Cont Cont. + +Hint Resolve content_inject_undef content_inject_datum8 +content_inject_datum16 content_inject_datum32 content_inject_datum64 +content_inject_cont. + +Definition contentmap_inject (c1 c2: contentmap) (lo hi delta: Z) : Prop := + forall x, lo <= x < hi -> + content_inject (c1 x) (c2 (x + delta)). + +(** A block contents [c1] injects into another block content [c2] at + offset [delta] if the contents of [c1] at all valid offsets + correspond to the contents of [c2] at the same offsets shifted by [delta]. + Some additional conditions are imposed to guard against arithmetic + overflow in address computations. *) + +Record block_contents_inject (c1 c2: block_contents) (delta: Z) : Prop := + mk_block_contents_inject { + bci_range1: Int.min_signed <= delta <= Int.max_signed; + bci_range2: delta = 0 \/ + (Int.min_signed <= c2.(low) /\ c2.(high) <= Int.max_signed); + bci_lowhigh:forall x, c1.(low) <= x < c1.(high) -> + c2.(low) <= x+delta < c2.(high) ; + bci_contents: + contentmap_inject c1.(contents) c2.(contents) c1.(low) c1.(high) delta + }. + +(** A memory state [m1] injects into another memory state [m2] via the + memory injection [f] if the following conditions hold: +- unallocated blocks in [m1] must be mapped to [None] by [f]; +- if [f b = Some(b', delta)], [b'] must be valid in [m2] and + the contents of [b] in [m1] must inject into the contents of [b'] in [m2] + with offset [delta]; +- distinct blocks in [m1] cannot be mapped to overlapping sub-blocks in [m2]. +*) + +Record mem_inject (m1 m2: mem) : Prop := + mk_mem_inject { + mi_freeblocks: + forall b, b >= m1.(nextblock) -> f b = None; + mi_mappedblocks: + forall b b' delta, + f b = Some(b', delta) -> + b' < m2.(nextblock) /\ + block_contents_inject (m1.(blocks) b) + (m2.(blocks) b') + delta; + mi_no_overlap: + forall b1 b2 b1' b2' delta1 delta2, + b1 <> b2 -> + f b1 = Some (b1', delta1) -> + f b2 = Some (b2', delta2) -> + b1' <> b2' + \/ (forall x1 x2, low_bound m1 b1 <= x1 < high_bound m1 b1 -> + low_bound m1 b2 <= x2 < high_bound m1 b2 -> + x1+delta1 <> x2+delta2) + }. + +(** The following lemmas establish the absence of machine integer overflow + during address computations. *) + +Lemma size_mem_pos: forall sz, size_mem sz > 0. +Proof. destruct sz; simpl; omega. Qed. + +Lemma size_chunk_pos: forall chunk, size_chunk chunk > 0. +Proof. intros. unfold size_chunk. apply size_mem_pos. Qed. + +Lemma address_inject: + forall m1 m2 chunk b1 ofs1 b2 ofs2 x, + mem_inject m1 m2 -> + (m1.(blocks) b1).(low) <= Int.signed ofs1 -> + Int.signed ofs1 + size_chunk chunk <= (m1.(blocks) b1).(high) -> + f b1 = Some (b2, x) -> + ofs2 = Int.add ofs1 (Int.repr x) -> + Int.signed ofs2 = Int.signed ofs1 + x. +Proof. + intros. + generalize (size_chunk_pos chunk). intro. + generalize (mi_mappedblocks m1 m2 H _ _ _ H2). intros [C D]. + inversion D. + elim bci_range4 ; intro. + (**x=0**) + subst x . rewrite Zplus_0_r. rewrite Int.add_zero in H3. + subst ofs2 ; auto . + (**x<>0**) + rewrite H3. rewrite Int.add_signed. repeat rewrite Int.signed_repr. + auto. auto. + assert (low (blocks m1 b1) <= Int.signed ofs1 < high (blocks m1 b1)). + omega. + generalize (bci_lowhigh0 (Int.signed ofs1) H6). omega. + auto. +Qed. + +Lemma valid_pointer_inject_no_overflow: + forall m1 m2 b ofs b' x, + mem_inject m1 m2 -> + valid_pointer m1 b (Int.signed ofs) = true -> + f b = Some(b', x) -> + Int.min_signed <= Int.signed ofs + Int.signed (Int.repr x) <= Int.max_signed. +Proof. + intros. unfold valid_pointer in H0. + destruct (zlt b (nextblock m1)); try discriminate. + destruct (zle (low (blocks m1 b)) (Int.signed ofs)); try discriminate. + destruct (zlt (Int.signed ofs) (high (blocks m1 b))); try discriminate. + inversion H. generalize (mi_mappedblocks0 _ _ _ H1). + intros [A B]. inversion B. + elim bci_range4 ; intro. + (**x=0**) + rewrite Int.signed_repr ; auto. + subst x . rewrite Zplus_0_r. apply Int.signed_range . + (**x<>0**) + generalize (bci_lowhigh0 _ (conj z0 z1)). intro. + rewrite Int.signed_repr. omega. auto. +Qed. + +(** Relation between injections and loads. *) + +Lemma check_cont_inject: + forall c1 c2 lo hi delta, + contentmap_inject c1 c2 lo hi delta -> + forall n p, + lo <= p -> p + Z_of_nat n <= hi -> + check_cont n p c1 = true -> + check_cont n (p + delta) c2 = true. +Proof. + induction n. + intros. simpl. reflexivity. + simpl check_cont. rewrite inj_S. intros p H0 H1. + assert (lo <= p < hi). omega. + generalize (H p H2). intro. inversion H3; intros; try discriminate. + replace (p + delta + 1) with ((p + 1) + delta). + apply IHn. omega. omega. auto. + omega. +Qed. + +Hint Resolve check_cont_inject. + +Lemma getN_inject: + forall c1 c2 lo hi delta, + contentmap_inject c1 c2 lo hi delta -> + forall n p, + lo <= p -> p + Z_of_nat n < hi -> + content_inject (getN n p c1) (getN n (p + delta) c2). +Proof. + intros. simpl in H1. + assert (lo <= p < hi). omega. + unfold getN. + caseEq (check_cont n (p + 1) c1); intro. + replace (check_cont n (p + delta + 1) c2) with true. + apply H. assumption. + symmetry. replace (p + delta + 1) with ((p + 1) + delta). + eapply check_cont_inject; eauto. + omega. omega. omega. + constructor. +Qed. + +Hint Resolve getN_inject. + +Definition ztonat (z:Z): nat:= +match z with +| Z0 => O +| Zpos p => (nat_of_P p) +| Zneg p =>O +end. + +Lemma load_contents_inject: + forall sz c1 c2 lo hi delta p, + contentmap_inject c1 c2 lo hi delta -> + lo <= p -> p + size_mem sz <= hi -> + val_content_inject sz (load_contents sz c1 p) (load_contents sz c2 (p + delta)). +Proof. +intros. +assert (content_inject (getN (ztonat (size_mem sz)-1) p c1) +(getN (ztonat(size_mem sz)-1) (p + delta) c2)). +induction sz; assert (lo<= p< hi); simpl in H1; try omega; +apply getN_inject with lo hi; try assumption; simpl ; try omega. +induction sz ; simpl; inversion H2; auto. +Qed. + +Hint Resolve load_contents_inject. + +Lemma load_result_inject: + forall chunk v1 v2, + val_content_inject (mem_chunk chunk) v1 v2 -> + val_inject (Val.load_result chunk v1) (Val.load_result chunk v2). +Proof. +intros. +destruct chunk; simpl in H; inversion H; simpl; auto; +try (inversion H0; simpl; auto; fail). +replace (Int.cast8signed n2) with (Int.cast8signed n1). constructor. +apply Int.cast8_signed_equal_if_unsigned_equal; auto. +rewrite H0; constructor. +replace (Int.cast16signed n2) with (Int.cast16signed n1). constructor. +apply Int.cast16_signed_equal_if_unsigned_equal; auto. +rewrite H0; constructor. +inversion H0; simpl; auto. +apply val_inject_ptr with x; auto. +Qed. + +Lemma in_bounds_inject: + forall chunk c1 c2 delta p, + block_contents_inject c1 c2 delta -> + c1.(low) <= p /\ p + size_chunk chunk <= c1.(high) -> + c2.(low) <= p + delta /\ (p + delta) + size_chunk chunk <= c2.(high). +Proof. + intros. + inversion H. + generalize (size_chunk_pos chunk); intro. + assert (low c1 <= p + size_chunk chunk - 1 < high c1). + omega. + generalize (bci_lowhigh0 _ H2). intro. + assert (low c1 <= p < high c1). + omega. + generalize (bci_lowhigh0 _ H4). intro. + omega. +Qed. + +Lemma block_cont_val: +forall c1 c2 delta p sz, +block_contents_inject c1 c2 delta -> +c1.(low) <= p -> p + size_mem sz <= c1.(high) -> + val_content_inject sz (load_contents sz c1.(contents) p) + (load_contents sz c2.(contents) (p + delta)). +Proof. +intros. +inversion H . +apply load_contents_inject with c1.(low) c1.(high) ;assumption. +Qed. + +Lemma load_inject: + forall m1 m2 chunk b1 ofs b2 delta v1, + mem_inject m1 m2 -> + load chunk m1 b1 ofs = Some v1 -> + f b1 = Some (b2, delta) -> + exists v2, load chunk m2 b2 (ofs + delta) = Some v2 /\ val_inject v1 v2. +Proof. + intros. + generalize (load_inv _ _ _ _ _ H0). intros [A [B [C D]]]. + inversion H. + generalize (mi_mappedblocks0 _ _ _ H1). intros [U V]. + inversion V. + exists (Val.load_result chunk (load_contents (mem_chunk chunk) + (m2.(blocks) b2).(contents) (ofs+delta))). + split. + unfold load. + generalize (size_chunk_pos chunk); intro. + rewrite zlt_true. rewrite in_bounds_holds. auto. + assert (low (blocks m1 b1) <= ofs < high (blocks m1 b1)). + omega. + generalize (bci_lowhigh0 _ H3). tauto. + assert (low (blocks m1 b1) <= ofs + size_chunk chunk - 1 < high(blocks m1 b1)). + omega. + generalize (bci_lowhigh0 _ H3). omega. + assumption. + rewrite <- D. apply load_result_inject. + eapply load_contents_inject; eauto. +Qed. + +Lemma loadv_inject: + forall m1 m2 chunk a1 a2 v1, + mem_inject m1 m2 -> + loadv chunk m1 a1 = Some v1 -> + val_inject a1 a2 -> + exists v2, loadv chunk m2 a2 = Some v2 /\ val_inject v1 v2. +Proof. + intros. + induction H1 ; simpl in H0 ; try discriminate H0. + simpl. + replace (Int.signed ofs2) with (Int.signed ofs1 + x). + apply load_inject with m1 b1 ; assumption. + symmetry. generalize (load_inv _ _ _ _ _ H0). intros [A [B [C D]]]. + apply address_inject with m1 m2 chunk b1 b2; auto. +Qed. + +(** Relation between injections and stores. *) + +Lemma set_cont_inject: + forall c1 c2 lo hi delta, + contentmap_inject c1 c2 lo hi delta -> + forall n p, + lo <= p -> p + Z_of_nat n <= hi -> + contentmap_inject (set_cont n p c1) (set_cont n (p + delta) c2) lo hi delta. +Proof. +induction n. intros. simpl. assumption. +intros. simpl. unfold contentmap_inject. +intros p2 Hp2. unfold update. +case (zeq p2 p); intro. +subst p2. rewrite zeq_true. constructor. +rewrite zeq_false. replace (p + delta + 1) with ((p + 1) + delta). +apply IHn. omega. rewrite inj_S in H1. omega. assumption. +omega. omega. +Qed. + +Lemma setN_inject: + forall c1 c2 lo hi delta n p v1 v2, + contentmap_inject c1 c2 lo hi delta -> + content_inject v1 v2 -> + lo <= p -> p + Z_of_nat n < hi -> + contentmap_inject (setN n p v1 c1) (setN n (p + delta) v2 c2) + lo hi delta. +Proof. + intros. unfold setN. red; intros. + unfold update. + case (zeq x p); intro. + subst p. rewrite zeq_true. assumption. + rewrite zeq_false. + replace (p + delta + 1) with ((p + 1) + delta). + apply set_cont_inject with lo hi. + assumption. omega. omega. assumption. omega. + omega. +Qed. + +Lemma store_contents_inject: + forall c1 c2 lo hi delta sz p v1 v2, + contentmap_inject c1 c2 lo hi delta -> + val_content_inject sz v1 v2 -> + lo <= p -> p + size_mem sz <= hi -> + contentmap_inject (store_contents sz c1 p v1) + (store_contents sz c2 (p + delta) v2) + lo hi delta. +Proof. + intros. + destruct sz; simpl in *; apply setN_inject; auto; simpl; omega. +Qed. + +Lemma set_cont_outside1 : + forall n p m q , + (forall x , p <= x < p + Z_of_nat n -> x <> q) -> + (set_cont n p m) q = m q. +Proof. + induction n; intros; simpl. + auto. + rewrite inj_S in H. rewrite update_o. apply IHn. + intros. apply H. omega. + apply H. omega. +Qed. + +Lemma set_cont_outside_inject: + forall c1 c2 lo hi delta, + contentmap_inject c1 c2 lo hi delta -> + forall n p, + (forall x1 x2, p <= x1 < p + Z_of_nat n -> + lo <= x2 < hi -> + x1 <> x2 + delta) -> + contentmap_inject c1 (set_cont n p c2) lo hi delta. +Proof. + unfold contentmap_inject. intros. + rewrite set_cont_outside1. apply H. assumption. + intros. apply H0. auto. auto. +Qed. + +Lemma setN_outside_inject: + forall n c1 c2 lo hi delta p v, + contentmap_inject c1 c2 lo hi delta -> + (forall x1 x2, p <= x1 < p + Z_of_nat (S n) -> + lo <= x2 < hi -> + x1 <> x2 + delta) -> + contentmap_inject c1 (setN n p v c2) lo hi delta. +Proof. + intros. unfold setN. red; intros. rewrite update_o. + apply set_cont_outside_inject with lo hi. auto. + intros. apply H0. rewrite inj_S. omega. auto. auto. + apply H0. rewrite inj_S. omega. auto. +Qed. + +Lemma store_contents_outside_inject: + forall c1 c2 lo hi delta sz p v, + contentmap_inject c1 c2 lo hi delta -> + (forall x1 x2, p <= x1 < p + size_mem sz -> + lo <= x2 < hi -> + x1 <> x2 + delta)-> + contentmap_inject c1 (store_contents sz c2 p v) lo hi delta. +Proof. + intros c1 c2 lo hi delta sz. generalize (size_mem_pos sz) . intro . + induction sz ;intros ;simpl ; apply setN_outside_inject ; assumption . +Qed. + +Lemma store_mapped_inject_1: + forall chunk m1 b1 ofs v1 n1 m2 b2 delta v2, + mem_inject m1 m2 -> + store chunk m1 b1 ofs v1 = Some n1 -> + f b1 = Some (b2, delta) -> + val_content_inject (mem_chunk chunk) v1 v2 -> + exists n2, + store chunk m2 b2 (ofs + delta) v2 = Some n2 + /\ mem_inject n1 n2. +Proof. +intros. +generalize (size_chunk_pos chunk); intro SIZEPOS. +generalize (store_inv _ _ _ _ _ _ H0). +intros [A [B [C [D [P E]]]]]. +inversion H. +generalize (mi_mappedblocks0 _ _ _ H1). intros [U V]. +inversion V. +generalize (in_bounds_inject _ _ _ _ _ V (conj B C)). intro BND. +exists (unchecked_store chunk m2 b2 (ofs+delta) v2 BND). +split. unfold store. +rewrite zlt_true; auto. +case (in_bounds chunk (ofs + delta) (blocks m2 b2)); intro. +assert (a = BND). apply proof_irrelevance. congruence. +omegaContradiction. +constructor. +intros. apply mi_freeblocks0. rewrite <- D. assumption. +intros. generalize (mi_mappedblocks0 b b' delta0 H3). +intros [W Y]. split. simpl. auto. +rewrite E; simpl. unfold update. +(* Cas 1: memes blocs b = b1 b'= b2 *) +case (zeq b b1); intro. +subst b. assert (b'= b2). congruence. subst b'. +assert (delta0 = delta). congruence. subst delta0. +rewrite zeq_true. inversion Y. constructor; simpl; auto. +apply store_contents_inject; auto. +(* Cas 2: blocs differents dans m1 mais mappes sur le meme bloc de m2 *) +case (zeq b' b2); intro. +subst b'. +inversion Y. constructor; simpl; auto. +generalize (store_contents_outside_inject _ _ _ _ _ (mem_chunk chunk) + (ofs+delta) v2 bci_contents1). +intros. +apply H4. +elim (mi_no_overlap0 b b1 b2 b2 delta0 delta n H3 H1). +tauto. +unfold high_bound, low_bound. intros. +apply sym_not_equal. replace x1 with ((x1 - delta) + delta). +apply H5. assumption. unfold size_chunk in C. omega. omega. +(* Cas 3: blocs differents dans m1 et dans m2 *) +auto. + +unfold high_bound, low_bound. +rewrite E; simpl; intros. +unfold high_bound, low_bound in mi_no_overlap0. +unfold update. +case (zeq b0 b1). +intro. subst b1. simpl. +rewrite zeq_false; auto. +intro. case (zeq b3 b1); intro. +subst b3. simpl. auto. +auto. +Qed. + +Lemma store_mapped_inject: + forall chunk m1 b1 ofs v1 n1 m2 b2 delta v2, + mem_inject m1 m2 -> + store chunk m1 b1 ofs v1 = Some n1 -> + f b1 = Some (b2, delta) -> + val_inject v1 v2 -> + exists n2, + store chunk m2 b2 (ofs + delta) v2 = Some n2 + /\ mem_inject n1 n2. +Proof. + intros. eapply store_mapped_inject_1; eauto. +Qed. + +Lemma store_unmapped_inject: + forall chunk m1 b1 ofs v1 n1 m2, + mem_inject m1 m2 -> + store chunk m1 b1 ofs v1 = Some n1 -> + f b1 = None -> + mem_inject n1 m2. +Proof. +intros. +inversion H. +generalize (store_inv _ _ _ _ _ _ H0). +intros [A [B [C [D [P E]]]]]. +constructor. +rewrite D. assumption. +intros. elim (mi_mappedblocks0 _ _ _ H2); intros. +split. auto. +rewrite E; unfold update. +rewrite zeq_false. assumption. +congruence. +intros. +assert (forall b, low_bound n1 b = low_bound m1 b). + intros. unfold low_bound; rewrite E; unfold update. + case (zeq b b1); intros. subst b1; reflexivity. reflexivity. +assert (forall b, high_bound n1 b = high_bound m1 b). + intros. unfold high_bound; rewrite E; unfold update. + case (zeq b b1); intros. subst b1; reflexivity. reflexivity. +repeat rewrite H5. repeat rewrite H6. auto. +Qed. + +Lemma storev_mapped_inject_1: + forall chunk m1 a1 v1 n1 m2 a2 v2, + mem_inject m1 m2 -> + storev chunk m1 a1 v1 = Some n1 -> + val_inject a1 a2 -> + val_content_inject (mem_chunk chunk) v1 v2 -> + exists n2, + storev chunk m2 a2 v2 = Some n2 /\ mem_inject n1 n2. +Proof. + intros. destruct a1; simpl in H0; try discriminate. + inversion H1. subst b. + simpl. replace (Int.signed ofs2) with (Int.signed i + x). + eapply store_mapped_inject_1; eauto. + symmetry. generalize (store_inv _ _ _ _ _ _ H0). intros [A [B [C [D [P E]]]]]. + apply address_inject with m1 m2 chunk b1 b2; auto. +Qed. + +Lemma storev_mapped_inject: + forall chunk m1 a1 v1 n1 m2 a2 v2, + mem_inject m1 m2 -> + storev chunk m1 a1 v1 = Some n1 -> + val_inject a1 a2 -> + val_inject v1 v2 -> + exists n2, + storev chunk m2 a2 v2 = Some n2 /\ mem_inject n1 n2. +Proof. + intros. eapply storev_mapped_inject_1; eauto. +Qed. + +(** Relation between injections and [free] *) + +Lemma free_first_inject : + forall m1 m2 b, + mem_inject m1 m2 -> + mem_inject (free m1 b) m2. +Proof. + intros. inversion H. constructor . auto. + simpl. intros. + generalize (mi_mappedblocks0 b0 b' delta H0). + intros [A B] . split. assumption . unfold update. + case (zeq b0 b); intro. inversion B. constructor; simpl; auto. + intros. omega. + unfold contentmap_inject. + intros. omegaContradiction. + auto. intros. + unfold free . unfold low_bound , high_bound. simpl. unfold update. + case (zeq b1 b);intro. simpl. + right. intros. omegaContradiction. + case (zeq b2 b);intro. simpl. + right . intros. omegaContradiction. + unfold low_bound, high_bound in mi_no_overlap0. auto. +Qed. + +Lemma free_first_list_inject : + forall l m1 m2, + mem_inject m1 m2 -> + mem_inject (free_list m1 l) m2. +Proof. + induction l; simpl; intros. + auto. + apply free_first_inject. auto. +Qed. + +Lemma free_snd_inject: + forall m1 m2 b, + (forall b1 delta, f b1 = Some(b, delta) -> + low_bound m1 b1 >= high_bound m1 b1) -> + mem_inject m1 m2 -> + mem_inject m1 (free m2 b). +Proof. + intros. inversion H0. constructor. auto. + simpl. intros. + generalize (mi_mappedblocks0 b0 b' delta H1). + intros [A B] . split. assumption . + inversion B. unfold update. + case (zeq b' b); intro. + subst b'. generalize (H _ _ H1). unfold low_bound, high_bound; intro. + constructor. auto. elim bci_range4 ; intro. + (**delta=0**) + left ; auto . + (** delta<>0**) + right . + simpl. compute. split; intro; congruence. + intros. omegaContradiction. + red; intros. omegaContradiction. + auto. + auto. +Qed. + +Lemma bounds_free_block: + forall m1 b m1' , free m1 b = m1' -> + low_bound m1' b >= high_bound m1' b. +Proof. + intros. unfold free in H. + rewrite<- H . unfold low_bound , high_bound . + simpl . rewrite update_s. simpl. omega. +Qed. + +Lemma free_empty_bounds: + forall l m1 , + let m1' := free_list m1 l in + (forall b, In b l -> low_bound m1' b >= high_bound m1' b). +Proof. + induction l . intros . inversion H. + intros. + generalize (in_inv H). + intro . elim H0. intro . subst b. simpl in m1' . + generalize ( bounds_free_block + (fold_right (fun (b : block) (m : mem) => free m b) m1 l) a m1') . + intros. apply H1. auto . intros. simpl in m1'. unfold m1' . + unfold low_bound , high_bound . simpl . + unfold update; case (zeq b a); intro; simpl. + omega . + unfold low_bound , high_bound in IHl . auto. +Qed. + +Lemma free_inject: + forall m1 m2 l b, + (forall b1 delta, f b1 = Some(b, delta) -> In b1 l) -> + mem_inject m1 m2 -> + mem_inject (free_list m1 l) (free m2 b). +Proof. + intros. apply free_snd_inject. + intros. apply free_empty_bounds. apply H with delta. auto. + apply free_first_list_inject. auto. +Qed. + +End MEM_INJECT. + +Hint Resolve val_inject_int val_inject_float val_inject_ptr val_inject_undef. +Hint Resolve val_nil_inject val_cons_inject. + +(** Monotonicity properties of memory injections. *) + +Definition inject_incr (f1 f2: meminj) : Prop := + forall b, f1 b = f2 b \/ f1 b = None. + +Lemma inject_incr_refl : + forall f , inject_incr f f . +Proof. unfold inject_incr . intros. left . auto . Qed. + +Lemma inject_incr_trans : + forall f1 f2 f3 , + inject_incr f1 f2 -> inject_incr f2 f3 -> inject_incr f1 f3 . +Proof . + unfold inject_incr . intros . + generalize (H b) . intro . generalize (H0 b) . intro . + elim H1 ; elim H2 ; intros. + rewrite H3 in H4 . left . auto . + rewrite H3 in H4 . right . auto . + right ; auto . + right ; auto . +Qed. + +Lemma val_inject_incr: + forall f1 f2 v v', + inject_incr f1 f2 -> + val_inject f1 v v' -> + val_inject f2 v v'. +Proof. + intros. inversion H0. + constructor. + constructor. + elim (H b1); intro. + apply val_inject_ptr with x. congruence. auto. + congruence. + constructor. +Qed. + +Lemma val_list_inject_incr: + forall f1 f2 vl vl' , + inject_incr f1 f2 -> val_list_inject f1 vl vl' -> + val_list_inject f2 vl vl'. +Proof. + induction vl ; intros; inversion H0. auto . + subst a . generalize (val_inject_incr f1 f2 v v' H H3) . + intro . auto . +Qed. + +Hint Resolve inject_incr_refl val_inject_incr val_list_inject_incr. + +Section MEM_INJECT_INCR. + +Variable f1 f2: meminj. +Hypothesis INCR: inject_incr f1 f2. + +Lemma val_content_inject_incr: + forall chunk v v', + val_content_inject f1 chunk v v' -> + val_content_inject f2 chunk v v'. +Proof. + intros. inversion H. + apply val_content_inject_base. eapply val_inject_incr; eauto. + apply val_content_inject_8; auto. + apply val_content_inject_16; auto. + apply val_content_inject_32; auto. +Qed. + +Lemma content_inject_incr: + forall c c', content_inject f1 c c' -> content_inject f2 c c'. +Proof. + induction 1; constructor; eapply val_content_inject_incr; eauto. +Qed. + +Lemma contentmap_inject_incr: + forall c c' lo hi delta, + contentmap_inject f1 c c' lo hi delta -> + contentmap_inject f2 c c' lo hi delta. +Proof. + unfold contentmap_inject; intros. + apply content_inject_incr. auto. +Qed. + +Lemma block_contents_inject_incr: + forall c c' delta, + block_contents_inject f1 c c' delta -> + block_contents_inject f2 c c' delta. +Proof. + intros. inversion H. constructor; auto. + apply contentmap_inject_incr; auto. +Qed. + +End MEM_INJECT_INCR. + +(** Properties of injections and allocations. *) + +Definition extend_inject + (b: block) (x: option (block * Z)) (f: meminj) : meminj := + fun b' => if eq_block b' b then x else f b'. + +Lemma extend_inject_incr: + forall f b x, + f b = None -> + inject_incr f (extend_inject b x f). +Proof. + intros; red; intros. unfold extend_inject. + case (eq_block b0 b); intro. subst b0. right; auto. left; auto. +Qed. + +Lemma alloc_right_inject: + forall f m1 m2 lo hi m2' b, + mem_inject f m1 m2 -> + alloc m2 lo hi = (m2', b) -> + mem_inject f m1 m2'. +Proof. + intros. unfold alloc in H0. injection H0; intros A B; clear H0. + inversion H. + constructor. + assumption. + intros. generalize (mi_mappedblocks0 _ _ _ H0). intros [C D]. + rewrite <- B; simpl. split. omega. + rewrite update_o. auto. omega. + assumption. +Qed. + +Lemma alloc_unmapped_inject: + forall f m1 m2 lo hi m1' b, + mem_inject f m1 m2 -> + alloc m1 lo hi = (m1', b) -> + mem_inject (extend_inject b None f) m1' m2 /\ + inject_incr f (extend_inject b None f). +Proof. + intros. unfold alloc in H0. injection H0; intros; clear H0. + inversion H. + assert (inject_incr f (extend_inject b None f)). + apply extend_inject_incr. apply mi_freeblocks0. rewrite H1. omega. + split; auto. + constructor. + rewrite <- H2; simpl; intros. unfold extend_inject. + case (eq_block b0 b); intro. auto. apply mi_freeblocks0. omega. + intros until delta. unfold extend_inject at 1. case (eq_block b0 b); intro. + intros; discriminate. + intros. rewrite <- H2; simpl. rewrite H1. + rewrite update_o; auto. + elim (mi_mappedblocks0 _ _ _ H3). intros A B. + split. auto. apply block_contents_inject_incr with f. auto. auto. + intros until delta2. unfold extend_inject. + case (eq_block b1 b); intro. congruence. + case (eq_block b2 b); intro. congruence. + rewrite <- H2. unfold low_bound, high_bound; simpl. rewrite H1. + repeat rewrite update_o; auto. + exact (mi_no_overlap0 b1 b2 b1' b2' delta1 delta2). +Qed. + +Lemma alloc_mapped_inject: + forall f m1 m2 lo hi m1' b b' ofs, + mem_inject f m1 m2 -> + alloc m1 lo hi = (m1', b) -> + valid_block m2 b' -> + Int.min_signed <= ofs <= Int.max_signed -> + Int.min_signed <= low_bound m2 b' -> + high_bound m2 b' <= Int.max_signed -> + low_bound m2 b' <= lo + ofs -> + hi + ofs <= high_bound m2 b' -> + (forall b0 ofs0, + f b0 = Some (b', ofs0) -> + high_bound m1 b0 + ofs0 <= lo + ofs \/ + hi + ofs <= low_bound m1 b0 + ofs0) -> + mem_inject (extend_inject b (Some (b', ofs)) f) m1' m2 /\ + inject_incr f (extend_inject b (Some (b', ofs)) f). +Proof. + intros. + generalize (fun b' => low_bound_alloc _ _ b' _ _ _ H0). + intro LOW. + generalize (fun b' => high_bound_alloc _ _ b' _ _ _ H0). + intro HIGH. + unfold alloc in H0. injection H0; intros A B; clear H0. + inversion H. + (* inject_incr *) + assert (inject_incr f (extend_inject b (Some (b', ofs)) f)). + apply extend_inject_incr. apply mi_freeblocks0. rewrite A. omega. + split; auto. + constructor. + (* mi_freeblocks *) + rewrite <- B; simpl; intros. unfold extend_inject. + case (eq_block b0 b); intro. unfold block in *. omegaContradiction. + apply mi_freeblocks0. omega. + (* mi_mappedblocks *) + intros until delta. unfold extend_inject at 1. + case (eq_block b0 b); intro. + intros. subst b0. inversion H8. subst b'0; subst delta. + split. assumption. + rewrite <- B; simpl. rewrite A. rewrite update_s. + constructor; auto. + unfold empty_block. simpl. intros. unfold low_bound in H5. unfold high_bound in H6. omega. + simpl. red; intros. constructor. + intros. + generalize (mi_mappedblocks0 _ _ _ H8). intros [C D]. + split. auto. + rewrite <- B; simpl; rewrite A; rewrite update_o; auto. + apply block_contents_inject_incr with f; auto. + (* no overlap *) + intros until delta2. unfold extend_inject. + repeat rewrite LOW. repeat rewrite HIGH. unfold eq_block. + case (zeq b1 b); case (zeq b2 b); intros. + congruence. + inversion H9. subst b1'; subst delta1. + case (eq_block b' b2'); intro. + subst b2'. generalize (H7 _ _ H10). intro. + right. intros. omega. left. auto. + inversion H10. subst b2'; subst delta2. + case (eq_block b' b1'); intro. + subst b1'. generalize (H7 _ _ H9). intro. + right. intros. omega. left. auto. + apply mi_no_overlap0; auto. +Qed. diff --git a/backend/Op.v b/backend/Op.v new file mode 100644 index 00000000..e0dcfa46 --- /dev/null +++ b/backend/Op.v @@ -0,0 +1,691 @@ +(** Operators and addressing modes. The abstract syntax and dynamic + semantics for the Cminor, RTL, LTL and Mach languages depend on the + following types, defined in this library: +- [condition]: boolean conditions for conditional branches; +- [operation]: arithmetic and logical operations; +- [addressing]: addressing modes for load and store operations. + + These types are PowerPC-specific and correspond roughly to what the + processor can compute in one instruction. In other terms, these + types reflect the state of the program after instruction selection. + For a processor-independent set of operations, see the abstract + syntax and dynamic semantics of the Csharpminor input language. +*) + +Require Import Coqlib. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. + +Set Implicit Arguments. + +(** Conditions (boolean-valued operators). *) + +Inductive condition : Set := + | Ccomp: comparison -> condition (**r signed integer comparison *) + | Ccompu: comparison -> condition (**r unsigned integer comparison *) + | Ccompimm: comparison -> int -> condition (**r signed integer comparison with a constant *) + | Ccompuimm: comparison -> int -> condition (**r unsigned integer comparison with a constant *) + | Ccompf: comparison -> condition (**r floating-point comparison *) + | Cnotcompf: comparison -> condition (**r negation of a floating-point comparison *) + | Cmaskzero: int -> condition (**r test [(arg & constant) == 0] *) + | Cmasknotzero: int -> condition. (**r test [(arg & constant) != 0] *) + +(** Arithmetic and logical operations. In the descriptions, [rd] is the + result of the operation and [r1], [r2], etc, are the arguments. *) + +Inductive operation : Set := + | Omove: operation (**r [rd = r1] *) + | Ointconst: int -> operation (**r [rd] is set to the given integer constant *) + | Ofloatconst: float -> operation (**r [rd] is set to the given float constant *) + | Oaddrsymbol: ident -> int -> operation (**r [rd] is set to the the address of the symbol plus the offset *) + | Oaddrstack: int -> operation (**r [rd] is set to the stack pointer plus the given offset *) + | Oundef: operation (**r set [rd] to undefined value *) +(*c Integer arithmetic: *) + | Ocast8signed: operation (**r [rd] is 8-bit sign extension of [r1] *) + | Ocast16signed: operation (**r [rd] is 16-bit sign extension of [r1] *) + | Oadd: operation (**r [rd = r1 + r2] *) + | Oaddimm: int -> operation (**r [rd = r1 + n] *) + | Osub: operation (**r [rd = r1 - r2] *) + | Osubimm: int -> operation (**r [rd = n - r1] *) + | Omul: operation (**r [rd = r1 * r2] *) + | Omulimm: int -> operation (**r [rd = r1 * n] *) + | Odiv: operation (**r [rd = r1 / r2] (signed) *) + | Odivu: operation (**r [rd = r1 / r2] (unsigned) *) + | Oand: operation (**r [rd = r1 & r2] *) + | Oandimm: int -> operation (**r [rd = r1 & n] *) + | Oor: operation (**r [rd = r1 | r2] *) + | Oorimm: int -> operation (**r [rd = r1 | n] *) + | Oxor: operation (**r [rd = r1 ^ r2] *) + | Oxorimm: int -> operation (**r [rd = r1 ^ n] *) + | Onand: operation (**r [rd = ~(r1 & r2)] *) + | Onor: operation (**r [rd = ~(r1 | r2)] *) + | Onxor: operation (**r [rd = ~(r1 ^ r2)] *) + | Oshl: operation (**r [rd = r1 << r2] *) + | Oshr: operation (**r [rd = r1 >> r2] (signed) *) + | Oshrimm: int -> operation (**r [rd = r1 >> n] (signed) *) + | Oshrximm: int -> operation (**r [rd = r1 / 2^n] (signed) *) + | Oshru: operation (**r [rd = r1 >> r2] (unsigned) *) + | Orolm: int -> int -> operation (**r rotate left and mask *) +(*c Floating-point arithmetic: *) + | Onegf: operation (**r [rd = - r1] *) + | Oabsf: operation (**r [rd = abs(r1)] *) + | Oaddf: operation (**r [rd = r1 + r2] *) + | Osubf: operation (**r [rd = r1 - r2] *) + | Omulf: operation (**r [rd = r1 * r2] *) + | Odivf: operation (**r [rd = r1 / r2] *) + | Omuladdf: operation (**r [rd = r1 * r2 + r3] *) + | Omulsubf: operation (**r [rd = r1 * r2 - r3] *) + | Osingleoffloat: operation (**r [rd] is [r1] truncated to single-precision float *) +(*c Conversions between int and float: *) + | Ointoffloat: operation (**r [rd = int_of_float(r1)] *) + | Ofloatofint: operation (**r [rd = float_of_signed_int(r1)] *) + | Ofloatofintu: operation (**r [rd = float_of_unsigned_int(r1)] *) +(*c Boolean tests: *) + | Ocmp: condition -> operation. (**r [rd = 1] if condition holds, [rd = 0] otherwise. *) + +(** Addressing modes. [r1], [r2], etc, are the arguments to the + addressing. *) + +Inductive addressing: Set := + | Aindexed: int -> addressing (**r Address is [r1 + offset] *) + | Aindexed2: addressing (**r Address is [r1 + r2] *) + | Aglobal: ident -> int -> addressing (**r Address is [symbol + offset] *) + | Abased: ident -> int -> addressing (**r Address is [symbol + offset + r1] *) + | Ainstack: int -> addressing. (**r Address is [stack_pointer + offset] *) + +(** Evaluation of conditions, operators and addressing modes applied + to lists of values. Return [None] when the computation is undefined: + wrong number of arguments, arguments of the wrong types, undefined + operations such as division by zero. [eval_condition] returns a boolean, + [eval_operation] and [eval_addressing] return a value. *) + +Definition eval_compare_null (c: comparison) (n: int) : option bool := + if Int.eq n Int.zero + then match c with Ceq => Some false | Cne => Some true | _ => None end + else None. + +Definition eval_condition (cond: condition) (vl: list val) : option bool := + match cond, vl with + | Ccomp c, Vint n1 :: Vint n2 :: nil => + Some (Int.cmp c n1 n2) + | Ccomp c, Vptr b1 n1 :: Vptr b2 n2 :: nil => + if eq_block b1 b2 then Some (Int.cmp c n1 n2) else None + | Ccomp c, Vptr b1 n1 :: Vint n2 :: nil => + eval_compare_null c n2 + | Ccomp c, Vint n1 :: Vptr b2 n2 :: nil => + eval_compare_null c n1 + | Ccompu c, Vint n1 :: Vint n2 :: nil => + Some (Int.cmpu c n1 n2) + | Ccompu c, Vptr b1 n1 :: Vptr b2 n2 :: nil => + if eq_block b1 b2 then Some (Int.cmpu c n1 n2) else None + | Ccompu c, Vptr b1 n1 :: Vint n2 :: nil => + eval_compare_null c n2 + | Ccompu c, Vint n1 :: Vptr b2 n2 :: nil => + eval_compare_null c n1 + | Ccompimm c n, Vint n1 :: nil => + Some (Int.cmp c n1 n) + | Ccompimm c n, Vptr b1 n1 :: nil => + eval_compare_null c n + | Ccompuimm c n, Vint n1 :: nil => + Some (Int.cmpu c n1 n) + | Ccompuimm c n, Vptr b1 n1 :: nil => + eval_compare_null c n + | Ccompf c, Vfloat f1 :: Vfloat f2 :: nil => + Some (Float.cmp c f1 f2) + | Cnotcompf c, Vfloat f1 :: Vfloat f2 :: nil => + Some (negb (Float.cmp c f1 f2)) + | Cmaskzero n, Vint n1 :: nil => + Some (Int.eq (Int.and n1 n) Int.zero) + | Cmasknotzero n, Vint n1 :: nil => + Some (negb (Int.eq (Int.and n1 n) Int.zero)) + | _, _ => + None + end. + +Definition offset_sp (sp: val) (delta: int) : option val := + match sp with + | Vptr b n => Some (Vptr b (Int.add n delta)) + | _ => None + end. + +Definition eval_operation + (F: Set) (genv: Genv.t F) (sp: val) + (op: operation) (vl: list val) : option val := + match op, vl with + | Omove, v1::nil => Some v1 + | Ointconst n, nil => Some (Vint n) + | Ofloatconst n, nil => Some (Vfloat n) + | Oaddrsymbol s ofs, nil => + match Genv.find_symbol genv s with + | None => None + | Some b => Some (Vptr b ofs) + end + | Oaddrstack ofs, nil => offset_sp sp ofs + | Oundef, nil => Some Vundef + | Ocast8signed, Vint n1 :: nil => Some (Vint (Int.cast8signed n1)) + | Ocast16signed, Vint n1 :: nil => Some (Vint (Int.cast16signed n1)) + | Oadd, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.add n1 n2)) + | Oadd, Vint n1 :: Vptr b2 n2 :: nil => Some (Vptr b2 (Int.add n2 n1)) + | Oadd, Vptr b1 n1 :: Vint n2 :: nil => Some (Vptr b1 (Int.add n1 n2)) + | Oaddimm n, Vint n1 :: nil => Some (Vint (Int.add n1 n)) + | Oaddimm n, Vptr b1 n1 :: nil => Some (Vptr b1 (Int.add n1 n)) + | Osub, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.sub n1 n2)) + | Osub, Vptr b1 n1 :: Vint n2 :: nil => Some (Vptr b1 (Int.sub n1 n2)) + | Osub, Vptr b1 n1 :: Vptr b2 n2 :: nil => + if eq_block b1 b2 then Some (Vint (Int.sub n1 n2)) else None + | Osubimm n, Vint n1 :: nil => Some (Vint (Int.sub n n1)) + | Omul, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.mul n1 n2)) + | Omulimm n, Vint n1 :: nil => Some (Vint (Int.mul n1 n)) + | Odiv, Vint n1 :: Vint n2 :: nil => + if Int.eq n2 Int.zero then None else Some (Vint (Int.divs n1 n2)) + | Odivu, Vint n1 :: Vint n2 :: nil => + if Int.eq n2 Int.zero then None else Some (Vint (Int.divu n1 n2)) + | Oand, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.and n1 n2)) + | Oandimm n, Vint n1 :: nil => Some (Vint (Int.and n1 n)) + | Oor, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.or n1 n2)) + | Oorimm n, Vint n1 :: nil => Some (Vint (Int.or n1 n)) + | Oxor, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.xor n1 n2)) + | Oxorimm n, Vint n1 :: nil => Some (Vint (Int.xor n1 n)) + | Onand, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.not (Int.and n1 n2))) + | Onor, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.not (Int.or n1 n2))) + | Onxor, Vint n1 :: Vint n2 :: nil => Some (Vint (Int.not (Int.xor n1 n2))) + | Oshl, Vint n1 :: Vint n2 :: nil => + if Int.ltu n2 (Int.repr 32) then Some (Vint (Int.shl n1 n2)) else None + | Oshr, Vint n1 :: Vint n2 :: nil => + if Int.ltu n2 (Int.repr 32) then Some (Vint (Int.shr n1 n2)) else None + | Oshrimm n, Vint n1 :: nil => + if Int.ltu n (Int.repr 32) then Some (Vint (Int.shr n1 n)) else None + | Oshrximm n, Vint n1 :: nil => + if Int.ltu n (Int.repr 32) then Some (Vint (Int.shrx n1 n)) else None + | Oshru, Vint n1 :: Vint n2 :: nil => + if Int.ltu n2 (Int.repr 32) then Some (Vint (Int.shru n1 n2)) else None + | Orolm amount mask, Vint n1 :: nil => + Some (Vint (Int.rolm n1 amount mask)) + | Onegf, Vfloat f1 :: nil => Some (Vfloat (Float.neg f1)) + | Oabsf, Vfloat f1 :: nil => Some (Vfloat (Float.abs f1)) + | Oaddf, Vfloat f1 :: Vfloat f2 :: nil => Some (Vfloat (Float.add f1 f2)) + | Osubf, Vfloat f1 :: Vfloat f2 :: nil => Some (Vfloat (Float.sub f1 f2)) + | Omulf, Vfloat f1 :: Vfloat f2 :: nil => Some (Vfloat (Float.mul f1 f2)) + | Odivf, Vfloat f1 :: Vfloat f2 :: nil => Some (Vfloat (Float.div f1 f2)) + | Omuladdf, Vfloat f1 :: Vfloat f2 :: Vfloat f3 :: nil => + Some (Vfloat (Float.add (Float.mul f1 f2) f3)) + | Omulsubf, Vfloat f1 :: Vfloat f2 :: Vfloat f3 :: nil => + Some (Vfloat (Float.sub (Float.mul f1 f2) f3)) + | Osingleoffloat, Vfloat f1 :: nil => + Some (Vfloat (Float.singleoffloat f1)) + | Ointoffloat, Vfloat f1 :: nil => + Some (Vint (Float.intoffloat f1)) + | Ofloatofint, Vint n1 :: nil => + Some (Vfloat (Float.floatofint n1)) + | Ofloatofintu, Vint n1 :: nil => + Some (Vfloat (Float.floatofintu n1)) + | Ocmp c, _ => + match eval_condition c vl with + | None => None + | Some false => Some Vfalse + | Some true => Some Vtrue + end + | _, _ => None + end. + +Definition eval_addressing + (F: Set) (genv: Genv.t F) (sp: val) + (addr: addressing) (vl: list val) : option val := + match addr, vl with + | Aindexed n, Vptr b1 n1 :: nil => + Some (Vptr b1 (Int.add n1 n)) + | Aindexed2, Vptr b1 n1 :: Vint n2 :: nil => + Some (Vptr b1 (Int.add n1 n2)) + | Aindexed2, Vint n1 :: Vptr b2 n2 :: nil => + Some (Vptr b2 (Int.add n1 n2)) + | Aglobal s ofs, nil => + match Genv.find_symbol genv s with + | None => None + | Some b => Some (Vptr b ofs) + end + | Abased s ofs, Vint n1 :: nil => + match Genv.find_symbol genv s with + | None => None + | Some b => Some (Vptr b (Int.add ofs n1)) + end + | Ainstack ofs, nil => + offset_sp sp ofs + | _, _ => None + end. + +Definition negate_condition (cond: condition): condition := + match cond with + | Ccomp c => Ccomp(negate_comparison c) + | Ccompu c => Ccompu(negate_comparison c) + | Ccompimm c n => Ccompimm (negate_comparison c) n + | Ccompuimm c n => Ccompuimm (negate_comparison c) n + | Ccompf c => Cnotcompf c + | Cnotcompf c => Ccompf c + | Cmaskzero n => Cmasknotzero n + | Cmasknotzero n => Cmaskzero n + end. + +Ltac FuncInv := + match goal with + | H: (match ?x with nil => _ | _ :: _ => _ end = Some _) |- _ => + destruct x; simpl in H; try discriminate; FuncInv + | H: (match ?v with Vundef => _ | Vint _ => _ | Vfloat _ => _ | Vptr _ _ => _ end = Some _) |- _ => + destruct v; simpl in H; try discriminate; FuncInv + | H: (Some _ = Some _) |- _ => + injection H; intros; clear H; FuncInv + | _ => + idtac + end. + +Remark eval_negate_compare_null: + forall c n b, + eval_compare_null c n = Some b -> + eval_compare_null (negate_comparison c) n = Some (negb b). +Proof. + intros until b. unfold eval_compare_null. + case (Int.eq n Int.zero). + destruct c; intro EQ; simplify_eq EQ; intros; subst b; reflexivity. + intro; discriminate. +Qed. + +Lemma eval_negate_condition: + forall (cond: condition) (vl: list val) (b: bool), + eval_condition cond vl = Some b -> + eval_condition (negate_condition cond) vl = Some (negb b). +Proof. + intros. + destruct cond; simpl in H; FuncInv; try subst b; simpl. + rewrite Int.negate_cmp. auto. + apply eval_negate_compare_null; auto. + apply eval_negate_compare_null; auto. + destruct (eq_block b0 b1). rewrite Int.negate_cmp. congruence. + discriminate. + rewrite Int.negate_cmpu. auto. + apply eval_negate_compare_null; auto. + apply eval_negate_compare_null; auto. + destruct (eq_block b0 b1). rewrite Int.negate_cmpu. congruence. + discriminate. + rewrite Int.negate_cmp. auto. + apply eval_negate_compare_null; auto. + rewrite Int.negate_cmpu. auto. + apply eval_negate_compare_null; auto. + auto. + rewrite negb_elim. auto. + auto. + rewrite negb_elim. auto. +Qed. + +(** [eval_operation] and [eval_addressing] depend on a global environment + for resolving references to global symbols. We show that they give + the same results if a global environment is replaced by another that + assigns the same addresses to the same symbols. *) + +Section GENV_TRANSF. + +Variable F1 F2: Set. +Variable ge1: Genv.t F1. +Variable ge2: Genv.t F2. +Hypothesis agree_on_symbols: + forall (s: ident), Genv.find_symbol ge2 s = Genv.find_symbol ge1 s. + +Lemma eval_operation_preserved: + forall sp op vl, + eval_operation ge2 sp op vl = eval_operation ge1 sp op vl. +Proof. + intros. + unfold eval_operation; destruct op; try rewrite agree_on_symbols; + reflexivity. +Qed. + +Lemma eval_addressing_preserved: + forall sp addr vl, + eval_addressing ge2 sp addr vl = eval_addressing ge1 sp addr vl. +Proof. + intros. + unfold eval_addressing; destruct addr; try rewrite agree_on_symbols; + reflexivity. +Qed. + +End GENV_TRANSF. + +(** Recognition of move operations. *) + +Definition is_move_operation + (A: Set) (op: operation) (args: list A) : option A := + match op, args with + | Omove, arg :: nil => Some arg + | _, _ => None + end. + +Lemma is_move_operation_correct: + forall (A: Set) (op: operation) (args: list A) (a: A), + is_move_operation op args = Some a -> + op = Omove /\ args = a :: nil. +Proof. + intros until a. unfold is_move_operation; destruct op; + try (intros; discriminate). + destruct args. intros; discriminate. + destruct args. intros. intuition congruence. + intros; discriminate. +Qed. + +(** Static typing of conditions, operators and addressing modes. *) + +Definition type_of_condition (c: condition) : list typ := + match c with + | Ccomp _ => Tint :: Tint :: nil + | Ccompu _ => Tint :: Tint :: nil + | Ccompimm _ _ => Tint :: nil + | Ccompuimm _ _ => Tint :: nil + | Ccompf _ => Tfloat :: Tfloat :: nil + | Cnotcompf _ => Tfloat :: Tfloat :: nil + | Cmaskzero _ => Tint :: nil + | Cmasknotzero _ => Tint :: nil + end. + +Definition type_of_operation (op: operation) : list typ * typ := + match op with + | Omove => (nil, Tint) (* treated specially *) + | Ointconst _ => (nil, Tint) + | Ofloatconst _ => (nil, Tfloat) + | Oaddrsymbol _ _ => (nil, Tint) + | Oaddrstack _ => (nil, Tint) + | Oundef => (nil, Tint) (* treated specially *) + | Ocast8signed => (Tint :: nil, Tint) + | Ocast16signed => (Tint :: nil, Tint) + | Oadd => (Tint :: Tint :: nil, Tint) + | Oaddimm _ => (Tint :: nil, Tint) + | Osub => (Tint :: Tint :: nil, Tint) + | Osubimm _ => (Tint :: nil, Tint) + | Omul => (Tint :: Tint :: nil, Tint) + | Omulimm _ => (Tint :: nil, Tint) + | Odiv => (Tint :: Tint :: nil, Tint) + | Odivu => (Tint :: Tint :: nil, Tint) + | Oand => (Tint :: Tint :: nil, Tint) + | Oandimm _ => (Tint :: nil, Tint) + | Oor => (Tint :: Tint :: nil, Tint) + | Oorimm _ => (Tint :: nil, Tint) + | Oxor => (Tint :: Tint :: nil, Tint) + | Oxorimm _ => (Tint :: nil, Tint) + | Onand => (Tint :: Tint :: nil, Tint) + | Onor => (Tint :: Tint :: nil, Tint) + | Onxor => (Tint :: Tint :: nil, Tint) + | Oshl => (Tint :: Tint :: nil, Tint) + | Oshr => (Tint :: Tint :: nil, Tint) + | Oshrimm _ => (Tint :: nil, Tint) + | Oshrximm _ => (Tint :: nil, Tint) + | Oshru => (Tint :: Tint :: nil, Tint) + | Orolm _ _ => (Tint :: nil, Tint) + | Onegf => (Tfloat :: nil, Tfloat) + | Oabsf => (Tfloat :: nil, Tfloat) + | Oaddf => (Tfloat :: Tfloat :: nil, Tfloat) + | Osubf => (Tfloat :: Tfloat :: nil, Tfloat) + | Omulf => (Tfloat :: Tfloat :: nil, Tfloat) + | Odivf => (Tfloat :: Tfloat :: nil, Tfloat) + | Omuladdf => (Tfloat :: Tfloat :: Tfloat :: nil, Tfloat) + | Omulsubf => (Tfloat :: Tfloat :: Tfloat :: nil, Tfloat) + | Osingleoffloat => (Tfloat :: nil, Tfloat) + | Ointoffloat => (Tfloat :: nil, Tint) + | Ofloatofint => (Tint :: nil, Tfloat) + | Ofloatofintu => (Tint :: nil, Tfloat) + | Ocmp c => (type_of_condition c, Tint) + end. + +Definition type_of_addressing (addr: addressing) : list typ := + match addr with + | Aindexed _ => Tint :: nil + | Aindexed2 => Tint :: Tint :: nil + | Aglobal _ _ => nil + | Abased _ _ => Tint :: nil + | Ainstack _ => nil + end. + +Definition type_of_chunk (c: memory_chunk) : typ := + match c with + | Mint8signed => Tint + | Mint8unsigned => Tint + | Mint16signed => Tint + | Mint16unsigned => Tint + | Mint32 => Tint + | Mfloat32 => Tfloat + | Mfloat64 => Tfloat + end. + +(** Weak type soundness results for [eval_operation]: + the result values, when defined, are always of the type predicted + by [type_of_operation]. *) + +Section SOUNDNESS. + +Variable A: Set. +Variable genv: Genv.t A. + +Lemma type_of_operation_sound: + forall op vl sp v, + op <> Omove -> op <> Oundef -> + eval_operation genv sp op vl = Some v -> + Val.has_type v (snd (type_of_operation op)). +Proof. + intros. + destruct op; simpl in H1; FuncInv; try subst v; try exact I. + congruence. + destruct (Genv.find_symbol genv i); simplify_eq H1; intro; subst v; exact I. + simpl. unfold offset_sp in H1. destruct sp; try discriminate. + inversion H1. exact I. + destruct (eq_block b b0). injection H1; intro; subst v; exact I. + discriminate. + destruct (Int.eq i0 Int.zero). discriminate. + injection H1; intro; subst v; exact I. + destruct (Int.eq i0 Int.zero). discriminate. + injection H1; intro; subst v; exact I. + destruct (Int.ltu i0 (Int.repr 32)). + injection H1; intro; subst v; exact I. discriminate. + destruct (Int.ltu i0 (Int.repr 32)). + injection H1; intro; subst v; exact I. discriminate. + destruct (Int.ltu i (Int.repr 32)). + injection H1; intro; subst v; exact I. discriminate. + destruct (Int.ltu i (Int.repr 32)). + injection H1; intro; subst v; exact I. discriminate. + destruct (Int.ltu i0 (Int.repr 32)). + injection H1; intro; subst v; exact I. discriminate. + destruct (eval_condition c vl). + destruct b; injection H1; intro; subst v; exact I. + discriminate. +Qed. + +Lemma type_of_chunk_correct: + forall chunk m addr v, + Mem.loadv chunk m addr = Some v -> + Val.has_type v (type_of_chunk chunk). +Proof. + intro chunk. + assert (forall v, Val.has_type (Val.load_result chunk v) (type_of_chunk chunk)). + destruct v; destruct chunk; exact I. + intros until v. unfold Mem.loadv. + destruct addr; intros; try discriminate. + generalize (Mem.load_inv _ _ _ _ _ H0). + intros [X [Y [Z W]]]. subst v. apply H. +Qed. + +End SOUNDNESS. + +(** Alternate definition of [eval_condition], [eval_op], [eval_addressing] + as total functions that return [Vundef] when not applicable + (instead of [None]). Used in the proof of [PPCgen]. *) + +Section EVAL_OP_TOTAL. + +Variable F: Set. +Variable genv: Genv.t F. + +Definition find_symbol_offset (id: ident) (ofs: int) : val := + match Genv.find_symbol genv id with + | Some b => Vptr b ofs + | None => Vundef + end. + +Definition eval_condition_total (cond: condition) (vl: list val) : val := + match cond, vl with + | Ccomp c, v1::v2::nil => Val.cmp c v1 v2 + | Ccompu c, v1::v2::nil => Val.cmpu c v1 v2 + | Ccompimm c n, v1::nil => Val.cmp c v1 (Vint n) + | Ccompuimm c n, v1::nil => Val.cmpu c v1 (Vint n) + | Ccompf c, v1::v2::nil => Val.cmpf c v1 v2 + | Cnotcompf c, v1::v2::nil => Val.notbool(Val.cmpf c v1 v2) + | Cmaskzero n, v1::nil => Val.notbool (Val.and v1 (Vint n)) + | Cmasknotzero n, v1::nil => Val.notbool(Val.notbool (Val.and v1 (Vint n))) + | _, _ => Vundef + end. + +Definition eval_operation_total (sp: val) (op: operation) (vl: list val) : val := + match op, vl with + | Omove, v1::nil => v1 + | Ointconst n, nil => Vint n + | Ofloatconst n, nil => Vfloat n + | Oaddrsymbol s ofs, nil => find_symbol_offset s ofs + | Oaddrstack ofs, nil => Val.add sp (Vint ofs) + | Oundef, nil => Vundef + | Ocast8signed, v1::nil => Val.cast8signed v1 + | Ocast16signed, v1::nil => Val.cast16signed v1 + | Oadd, v1::v2::nil => Val.add v1 v2 + | Oaddimm n, v1::nil => Val.add v1 (Vint n) + | Osub, v1::v2::nil => Val.sub v1 v2 + | Osubimm n, v1::nil => Val.sub (Vint n) v1 + | Omul, v1::v2::nil => Val.mul v1 v2 + | Omulimm n, v1::nil => Val.mul v1 (Vint n) + | Odiv, v1::v2::nil => Val.divs v1 v2 + | Odivu, v1::v2::nil => Val.divu v1 v2 + | Oand, v1::v2::nil => Val.and v1 v2 + | Oandimm n, v1::nil => Val.and v1 (Vint n) + | Oor, v1::v2::nil => Val.or v1 v2 + | Oorimm n, v1::nil => Val.or v1 (Vint n) + | Oxor, v1::v2::nil => Val.xor v1 v2 + | Oxorimm n, v1::nil => Val.xor v1 (Vint n) + | Onand, v1::v2::nil => Val.notint(Val.and v1 v2) + | Onor, v1::v2::nil => Val.notint(Val.or v1 v2) + | Onxor, v1::v2::nil => Val.notint(Val.xor v1 v2) + | Oshl, v1::v2::nil => Val.shl v1 v2 + | Oshr, v1::v2::nil => Val.shr v1 v2 + | Oshrimm n, v1::nil => Val.shr v1 (Vint n) + | Oshrximm n, v1::nil => Val.shrx v1 (Vint n) + | Oshru, v1::v2::nil => Val.shru v1 v2 + | Orolm amount mask, v1::nil => Val.rolm v1 amount mask + | Onegf, v1::nil => Val.negf v1 + | Oabsf, v1::nil => Val.absf v1 + | Oaddf, v1::v2::nil => Val.addf v1 v2 + | Osubf, v1::v2::nil => Val.subf v1 v2 + | Omulf, v1::v2::nil => Val.mulf v1 v2 + | Odivf, v1::v2::nil => Val.divf v1 v2 + | Omuladdf, v1::v2::v3::nil => Val.addf (Val.mulf v1 v2) v3 + | Omulsubf, v1::v2::v3::nil => Val.subf (Val.mulf v1 v2) v3 + | Osingleoffloat, v1::nil => Val.singleoffloat v1 + | Ointoffloat, v1::nil => Val.intoffloat v1 + | Ofloatofint, v1::nil => Val.floatofint v1 + | Ofloatofintu, v1::nil => Val.floatofintu v1 + | Ocmp c, _ => eval_condition_total c vl + | _, _ => Vundef + end. + +Definition eval_addressing_total + (sp: val) (addr: addressing) (vl: list val) : val := + match addr, vl with + | Aindexed n, v1::nil => Val.add v1 (Vint n) + | Aindexed2, v1::v2::nil => Val.add v1 v2 + | Aglobal s ofs, nil => find_symbol_offset s ofs + | Abased s ofs, v1::nil => Val.add (find_symbol_offset s ofs) v1 + | Ainstack ofs, nil => Val.add sp (Vint ofs) + | _, _ => Vundef + end. + +Lemma eval_compare_null_weaken: + forall c i b, + eval_compare_null c i = Some b -> + (if Int.eq i Int.zero then Val.cmp_mismatch c else Vundef) = Val.of_bool b. +Proof. + unfold eval_compare_null. intros. + destruct (Int.eq i Int.zero); try discriminate. + destruct c; try discriminate; inversion H; reflexivity. +Qed. + +Lemma eval_condition_weaken: + forall c vl b, + eval_condition c vl = Some b -> + eval_condition_total c vl = Val.of_bool b. +Proof. + intros. + unfold eval_condition in H; destruct c; FuncInv; + try subst b; try reflexivity; simpl; + try (apply eval_compare_null_weaken; auto). + unfold eq_block in H. destruct (zeq b0 b1); congruence. + unfold eq_block in H. destruct (zeq b0 b1); congruence. + symmetry. apply Val.notbool_negb_1. + symmetry. apply Val.notbool_negb_1. +Qed. + +Lemma eval_operation_weaken: + forall sp op vl v, + eval_operation genv sp op vl = Some v -> + eval_operation_total sp op vl = v. +Proof. + intros. + unfold eval_operation in H; destruct op; FuncInv; + try subst v; try reflexivity; simpl. + unfold find_symbol_offset. + destruct (Genv.find_symbol genv i); try discriminate. + congruence. + unfold offset_sp in H. + destruct sp; try discriminate. simpl. congruence. + unfold eq_block in H. destruct (zeq b b0); congruence. + destruct (Int.eq i0 Int.zero); congruence. + destruct (Int.eq i0 Int.zero); congruence. + destruct (Int.ltu i0 (Int.repr 32)); congruence. + destruct (Int.ltu i0 (Int.repr 32)); congruence. + destruct (Int.ltu i (Int.repr 32)); congruence. + destruct (Int.ltu i (Int.repr 32)); congruence. + destruct (Int.ltu i0 (Int.repr 32)); congruence. + caseEq (eval_condition c vl); intros; rewrite H0 in H. + replace v with (Val.of_bool b). + apply eval_condition_weaken; auto. + destruct b; simpl; congruence. + discriminate. +Qed. + +Lemma eval_addressing_weaken: + forall sp addr vl v, + eval_addressing genv sp addr vl = Some v -> + eval_addressing_total sp addr vl = v. +Proof. + intros. + unfold eval_addressing in H; destruct addr; FuncInv; + try subst v; simpl; try reflexivity. + decEq. apply Int.add_commut. + unfold find_symbol_offset. + destruct (Genv.find_symbol genv i); congruence. + unfold find_symbol_offset. + destruct (Genv.find_symbol genv i); try congruence. + inversion H. reflexivity. + unfold offset_sp in H. destruct sp; simpl; congruence. +Qed. + +Lemma eval_condition_total_is_bool: + forall cond vl, Val.is_bool (eval_condition_total cond vl). +Proof. + intros; destruct cond; + destruct vl; try apply Val.undef_is_bool; + destruct vl; try apply Val.undef_is_bool; + try (destruct vl; try apply Val.undef_is_bool); simpl. + apply Val.cmp_is_bool. + apply Val.cmpu_is_bool. + apply Val.cmp_is_bool. + apply Val.cmpu_is_bool. + apply Val.cmpf_is_bool. + apply Val.notbool_is_bool. + apply Val.notbool_is_bool. + apply Val.notbool_is_bool. +Qed. + +End EVAL_OP_TOTAL. diff --git a/backend/PPC.v b/backend/PPC.v new file mode 100644 index 00000000..64bd90a8 --- /dev/null +++ b/backend/PPC.v @@ -0,0 +1,775 @@ +(** Abstract syntax and semantics for PowerPC assembly language *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. + +(** * Abstract syntax *) + +(** Integer registers, floating-point registers. *) + +Inductive ireg: Set := + | GPR0: ireg | GPR1: ireg | GPR2: ireg | GPR3: ireg + | GPR4: ireg | GPR5: ireg | GPR6: ireg | GPR7: ireg + | GPR8: ireg | GPR9: ireg | GPR10: ireg | GPR11: ireg + | GPR12: ireg | GPR13: ireg | GPR14: ireg | GPR15: ireg + | GPR16: ireg | GPR17: ireg | GPR18: ireg | GPR19: ireg + | GPR20: ireg | GPR21: ireg | GPR22: ireg | GPR23: ireg + | GPR24: ireg | GPR25: ireg | GPR26: ireg | GPR27: ireg + | GPR28: ireg | GPR29: ireg | GPR30: ireg | GPR31: ireg. + +Inductive freg: Set := + | FPR0: freg | FPR1: freg | FPR2: freg | FPR3: freg + | FPR4: freg | FPR5: freg | FPR6: freg | FPR7: freg + | FPR8: freg | FPR9: freg | FPR10: freg | FPR11: freg + | FPR12: freg | FPR13: freg | FPR14: freg | FPR15: freg + | FPR16: freg | FPR17: freg | FPR18: freg | FPR19: freg + | FPR20: freg | FPR21: freg | FPR22: freg | FPR23: freg + | FPR24: freg | FPR25: freg | FPR26: freg | FPR27: freg + | FPR28: freg | FPR29: freg | FPR30: freg | FPR31: freg. + +Lemma ireg_eq: forall (x y: ireg), {x=y} + {x<>y}. +Proof. decide equality. Defined. + +Lemma freg_eq: forall (x y: freg), {x=y} + {x<>y}. +Proof. decide equality. Defined. + +(** Symbolic constants. Immediate operands to an arithmetic instruction + or an indexed memory access can be either integer literals + or the low or high 16 bits of a symbolic reference (the address + of a symbol plus a displacement). These symbolic references are + resolved later by the linker. +*) + +Inductive constant: Set := + | Cint: int -> constant + | Csymbol_low_signed: ident -> int -> constant + | Csymbol_high_signed: ident -> int -> constant + | Csymbol_low_unsigned: ident -> int -> constant + | Csymbol_high_unsigned: ident -> int -> constant. + +(** A note on constants: while immediate operands to PowerPC + instructions must be representable in 16 bits (with + sign extension or left shift by 16 positions for some instructions), + we do not attempt to capture these restrictions in the + abstract syntax nor in the semantics. The assembler will + emit an error if immediate operands exceed the representable + range. Of course, our PPC generator (file [PPCgen]) is + careful to respect this range. *) + +(** Bits in the condition register. We are only interested in the + first 4 bits. *) + +Inductive crbit: Set := + | CRbit_0: crbit + | CRbit_1: crbit + | CRbit_2: crbit + | CRbit_3: crbit. + +(** The instruction set. Most instructions correspond exactly to + actual instructions of the PowerPC processor. See the PowerPC + reference manuals for more details. Some instructions, + described below, are pseudo-instructions: they expand to + canned instruction sequences during the printing of the assembly + code. *) + +Definition label := positive. + +Inductive instruction : Set := + | Padd: ireg -> ireg -> ireg -> instruction (**r integer addition *) + | Paddi: ireg -> ireg -> constant -> instruction (**r add immediate *) + | Paddis: ireg -> ireg -> constant -> instruction (**r add immediate high *) + | Paddze: ireg -> ireg -> instruction (**r add Carry bit *) + | Pallocframe: Z -> Z -> instruction (**r allocate new stack frame *) + | Pand_: ireg -> ireg -> ireg -> instruction (**r bitwise and *) + | Pandc: ireg -> ireg -> ireg -> instruction (**r bitwise and-complement *) + | Pandi_: ireg -> ireg -> constant -> instruction (**r and immediate and set conditions *) + | Pandis_: ireg -> ireg -> constant -> instruction (**r and immediate high and set conditions *) + | Pb: label -> instruction (**r unconditional branch *) + | Pbctr: instruction (**r branch to contents of register CTR *) + | Pbctrl: instruction (**r branch to contents of CTR and link *) + | Pbf: crbit -> label -> instruction (**r branch if false *) + | Pbl: ident -> instruction (**r branch and link *) + | Pblr: instruction (**r branch to contents: register LR *) + | Pbt: crbit -> label -> instruction (**r branch if true *) + | Pcmplw: ireg -> ireg -> instruction (**r unsigned integer comparison *) + | Pcmplwi: ireg -> constant -> instruction (**r same, with immediate argument *) + | Pcmpw: ireg -> ireg -> instruction (**r signed integer comparison *) + | Pcmpwi: ireg -> constant -> instruction (**r same, with immediate argument *) + | Pcror: crbit -> crbit -> crbit -> instruction (**r or between condition bits *) + | Pdivw: ireg -> ireg -> ireg -> instruction (**r signed division *) + | Pdivwu: ireg -> ireg -> ireg -> instruction (**r unsigned division *) + | Peqv: ireg -> ireg -> ireg -> instruction (**r bitwise not-xor *) + | Pextsb: ireg -> ireg -> instruction (**r 8-bit sign extension *) + | Pextsh: ireg -> ireg -> instruction (**r 16-bit sign extension *) + | Pfreeframe: instruction (**r deallocate stack frame and restore previous frame *) + | Pfabs: freg -> freg -> instruction (**r float absolute value *) + | Pfadd: freg -> freg -> freg -> instruction (**r float addition *) + | Pfcmpu: freg -> freg -> instruction (**r float comparison *) + | Pfcti: ireg -> freg -> instruction (**r float-to-int conversion *) + | Pfdiv: freg -> freg -> freg -> instruction (**r float division *) + | Pfmadd: freg -> freg -> freg -> freg -> instruction (**r float multiply-add *) + | Pfmr: freg -> freg -> instruction (**r float move *) + | Pfmsub: freg -> freg -> freg -> freg -> instruction (**r float multiply-sub *) + | Pfmul: freg -> freg -> freg -> instruction (**r float multiply *) + | Pfneg: freg -> freg -> instruction (**r float negation *) + | Pfrsp: freg -> freg -> instruction (**r float round to single precision *) + | Pfsub: freg -> freg -> freg -> instruction (**r float subtraction *) + | Pictf: freg -> ireg -> instruction (**r int-to-float conversion *) + | Piuctf: freg -> ireg -> instruction (**r unsigned int-to-float conversion *) + | Plbz: ireg -> constant -> ireg -> instruction (**r load 8-bit unsigned int *) + | Plbzx: ireg -> ireg -> ireg -> instruction (**r same, with 2 index regs *) + | Plfd: freg -> constant -> ireg -> instruction (**r load 64-bit float *) + | Plfdx: freg -> ireg -> ireg -> instruction (**r same, with 2 index regs *) + | Plfs: freg -> constant -> ireg -> instruction (**r load 32-bit float *) + | Plfsx: freg -> ireg -> ireg -> instruction (**r same, with 2 index regs *) + | Plha: ireg -> constant -> ireg -> instruction (**r load 16-bit signed int *) + | Plhax: ireg -> ireg -> ireg -> instruction (**r same, with 2 index regs *) + | Plhz: ireg -> constant -> ireg -> instruction (**r load 16-bit unsigned int *) + | Plhzx: ireg -> ireg -> ireg -> instruction (**r same, with 2 index regs *) + | Plfi: freg -> float -> instruction (**r load float constant *) + | Plwz: ireg -> constant -> ireg -> instruction (**r load 32-bit int *) + | Plwzx: ireg -> ireg -> ireg -> instruction (**r same, with 2 index regs *) + | Pmfcrbit: ireg -> crbit -> instruction (**r move condition bit to reg *) + | Pmflr: ireg -> instruction (**r move LR to reg *) + | Pmr: ireg -> ireg -> instruction (**r integer move *) + | Pmtctr: ireg -> instruction (**r move ireg to CTR *) + | Pmtlr: ireg -> instruction (**r move ireg to LR *) + | Pmulli: ireg -> ireg -> constant -> instruction (**r integer multiply immediate *) + | Pmullw: ireg -> ireg -> ireg -> instruction (**r integer multiply *) + | Pnand: ireg -> ireg -> ireg -> instruction (**r bitwise not-and *) + | Pnor: ireg -> ireg -> ireg -> instruction (**r bitwise not-or *) + | Por: ireg -> ireg -> ireg -> instruction (**r bitwise or *) + | Porc: ireg -> ireg -> ireg -> instruction (**r bitwise or-complement *) + | Pori: ireg -> ireg -> constant -> instruction (**r or with immediate *) + | Poris: ireg -> ireg -> constant -> instruction (**r or with immediate high *) + | Prlwinm: ireg -> ireg -> int -> int -> instruction (**r rotate and mask *) + | Pslw: ireg -> ireg -> ireg -> instruction (**r shift left *) + | Psraw: ireg -> ireg -> ireg -> instruction (**r shift right signed *) + | Psrawi: ireg -> ireg -> int -> instruction (**r shift right signed immediate *) + | Psrw: ireg -> ireg -> ireg -> instruction (**r shift right unsigned *) + | Pstb: ireg -> constant -> ireg -> instruction (**r store 8-bit int *) + | Pstbx: ireg -> ireg -> ireg -> instruction (**r same, with 2 index regs *) + | Pstfd: freg -> constant -> ireg -> instruction (**r store 64-bit float *) + | Pstfdx: freg -> ireg -> ireg -> instruction (**r same, with 2 index regs *) + | Pstfs: freg -> constant -> ireg -> instruction (**r store 32-bit float *) + | Pstfsx: freg -> ireg -> ireg -> instruction (**r same, with 2 index regs *) + | Psth: ireg -> constant -> ireg -> instruction (**r store 16-bit int *) + | Psthx: ireg -> ireg -> ireg -> instruction (**r same, with 2 index regs *) + | Pstw: ireg -> constant -> ireg -> instruction (**r store 32-bit int *) + | Pstwx: ireg -> ireg -> ireg -> instruction (**r same, with 2 index regs *) + | Psubfc: ireg -> ireg -> ireg -> instruction (**r reversed integer subtraction *) + | Psubfic: ireg -> ireg -> constant -> instruction (**r integer subtraction from immediate *) + | Pxor: ireg -> ireg -> ireg -> instruction (**r bitwise xor *) + | Pxori: ireg -> ireg -> constant -> instruction (**r bitwise xor with immediate *) + | Pxoris: ireg -> ireg -> constant -> instruction (**r bitwise xor with immediate high *) + | Piundef: ireg -> instruction (**r set int reg to [Vundef] *) + | Pfundef: freg -> instruction (**r set float reg to [Vundef] *) + | Plabel: label -> instruction. (**r define a code label *) + +(** The pseudo-instructions are the following: + +- [Plabel]: define a code label at the current program point + +- [Plfi]: load a floating-point constant in a float register. + Expands to a float load [lfd] from an address in the constant data section + initialized with the floating-point constant: +<< + addis r2, 0, ha16(lbl) + lfd rdst, lo16(lbl)(r2) + .const_data +lbl: .double floatcst + .text +>> + Initialized data in the constant data section are not modeled here, + which is why we use a pseudo-instruction for this purpose. + +- [Pfcti]: convert a float to an integer. This requires a transfer + via memory of a 32-bit integer from a float register to an int register, + which our memory model cannot express. Expands to: +<< + fctiwz f13, rsrc + stfdu f13, -8(r1) + lwz rdst, 4(r1) + addi r1, r1, 8 +>> + +- [Pictf]: convert a signed integer to a float. This requires complicated + bit-level manipulations of IEEE floats through mixed float and integer + arithmetic over a memory word, which our memory model and axiomatization + of floats cannot express. Expands to: +<< + addis r2, 0, 0x4330 + stwu r2, -8(r1) + addis r2, rsrc, 0x8000 + stw r2, 4(r1) + addis r2, 0, ha16(lbl) + lfd f13, lo16(lbl)(r2) + lfd rdst, 0(r1) + addi r1, r1, 8 + fsub rdst, rdst, f13 + .const_data +lbl: .long 0x43300000, 0x80000000 + .text +>> + (Don't worry if you do not understand this instruction sequence: intimate + knowledge of IEEE float arithmetic is necessary.) + +- [Piuctf]: convert an unsigned integer to a float. The expansion is close + to that [Pictf], and equally obscure. +<< + addis r2, 0, 0x4330 + stwu r2, -8(r1) + stw rsrc, 4(r1) + addis r2, 0, ha16(lbl) + lfd f13, lo16(lbl)(r2) + lfd rdst, 0(r1) + addi r1, r1, 8 + fsub rdst, rdst, f13 + .const_data +lbl: .long 0x43300000, 0x00000000 + .text +>> + +- [Pallocframe lo hi]: in the formal semantics, this pseudo-instruction + allocates a memory block with bounds [lo] and [hi], stores the value + of register [r1] (the stack pointer, by convention) at the bottom + of this block, and sets [r1] to a pointer to the bottom of this + block. In the printed PowerPC assembly code, this allocation + is just a store-decrement of register [r1]: +<< + stwu r1, (lo - hi)(r1) +>> + This cannot be expressed in our memory model, which does not reflect + the fact that stack frames are adjacent and allocated/freed + following a stack discipline. + +- [Pfreeframe]: in the formal semantics, this pseudo-instruction + reads the bottom word of the block pointed by [r1] (the stack pointer), + frees this block, and sets [r1] to the value of the bottom word. + In the printed PowerPC assembly code, this freeing + is just a load of register [r1] relative to [r1] itself: +<< + lwz r1, 0(r1) +>> + Again, our memory model cannot comprehend that this operation + frees (logically) the current stack frame. + +- [Piundef] and [Pfundef]: set an integer or float register (respectively) + to the [Vundef] value. Expand to nothing, as the PowerPC processor has + no notion of ``undefined value''. These two pseudo-instructions are used + to ensure that the generated PowerPC code computes exactly the same values + as predicted by the semantics of Cminor, which explicitly set uninitialized + local variables to the [Vundef] value. A general property of our semantics, + not yet formally proved, is that they are monotone with respect to the + partial ordering [Vundef <= v] over values. Consequently, if a program + evaluates to a non-[Vundef] result [r] from an initial state that contains + [Vundef] values, it will also evaluate to [r] if arbitrary values are put + in the initial state instead of the [Vundef] values. This justifies + treating [Piundef] and [Pfundef] as no-operations, leaving in the target + register whatever value was already there instead of setting it to [Vundef]. + The formal proof of this result remains to be done, however. +*) + +Definition code := list instruction. +Definition program := AST.program code. + +(** * Operational semantics *) + +(** The PowerPC has a great many registers, some general-purpose, some very + specific. We model only the following registers: *) + +Inductive preg: Set := + | IR: ireg -> preg (**r integer registers *) + | FR: freg -> preg (**r float registers *) + | PC: preg (**r program counter *) + | LR: preg (**r link register (return address) *) + | CTR: preg (**r count register, used for some branches *) + | CARRY: preg (**r carry bit of the status register *) + | CR0_0: preg (**r bit 0 of the condition register *) + | CR0_1: preg (**r bit 1 of the condition register *) + | CR0_2: preg (**r bit 2 of the condition register *) + | CR0_3: preg. (**r bit 3 of the condition register *) + +Coercion IR: ireg >-> preg. +Coercion FR: freg >-> preg. + +Lemma preg_eq: forall (x y: preg), {x=y} + {x<>y}. +Proof. decide equality. apply ireg_eq. apply freg_eq. Defined. + +Module PregEq. + Definition t := preg. + Definition eq := preg_eq. +End PregEq. + +Module Pregmap := EMap(PregEq). + +(** The semantics operates over a single mapping from registers + (type [preg]) to values. We maintain (but do not enforce) + the convention that integer registers are mapped to values of + type [Tint], float registers to values of type [Tfloat], + and boolean registers ([CARRY], [CR0_0], etc) to either + [Vzero] or [Vone]. *) + +Definition regset := Pregmap.t val. +Definition genv := Genv.t code. + +Notation "a # b" := (a b) (at level 1, only parsing). +Notation "a # b <- c" := (Pregmap.set b c a) (at level 1, b at next level). + +Section RELSEM. + +(** Looking up instructions in a code sequence by position. *) + +Fixpoint find_instr (pos: Z) (c: code) {struct c} : option instruction := + match c with + | nil => None + | i :: il => if zeq pos 0 then Some i else find_instr (pos - 1) il + end. + +(** Position corresponding to a label *) + +Definition is_label (lbl: label) (instr: instruction) : bool := + match instr with + | Plabel lbl' => if peq lbl lbl' then true else false + | _ => false + end. + +Lemma is_label_correct: + forall lbl instr, + if is_label lbl instr then instr = Plabel lbl else instr <> Plabel lbl. +Proof. + intros. destruct instr; simpl; try discriminate. + case (peq lbl l); intro; congruence. +Qed. + +Fixpoint label_pos (lbl: label) (pos: Z) (c: code) {struct c} : option Z := + match c with + | nil => None + | instr :: c' => + if is_label lbl instr then Some (pos + 1) else label_pos lbl (pos + 1) c' + end. + +(** Some PowerPC instructions treat register GPR0 as the integer literal 0 + when that register is used in argument position. *) + +Definition gpr_or_zero (rs: regset) (r: ireg) := + if ireg_eq r GPR0 then Vzero else rs#r. + +Variable ge: genv. + +(** The four functions below axiomatize how the linker processes + symbolic references [symbol + offset] and splits their + actual values into two 16-bit halves, the lower half + being either signed or unsigned. *) + +Parameter low_half_signed: val -> val. +Parameter high_half_signed: val -> val. +Parameter low_half_unsigned: val -> val. +Parameter high_half_unsigned: val -> val. + +(** The fundamental property of these operations is that their + results can be recombined by addition or logical ``or'', + and this recombination rebuilds the original value. *) + +Axiom low_high_half_signed: + forall v, Val.add (low_half_signed v) (high_half_signed v) = v. +Axiom low_high_half_unsigned: + forall v, Val.or (low_half_unsigned v) (high_half_unsigned v) = v. + +(** The other axioms we take is that the results of + the [low_half] and [high_half] functions are of type [Tint], + i.e. either integers, pointers or undefined values. *) + +Axiom low_half_signed_type: + forall v, Val.has_type (low_half_signed v) Tint. +Axiom high_half_signed_type: + forall v, Val.has_type (high_half_signed v) Tint. +Axiom low_half_unsigned_type: + forall v, Val.has_type (low_half_unsigned v) Tint. +Axiom high_half_unsigned_type: + forall v, Val.has_type (high_half_unsigned v) Tint. + +(** Armed with the [low_half] and [high_half] functions, + we can define the evaluation of a symbolic constant. + Note that for [const_high], integer constants + are shifted left by 16 bits, but not symbol addresses: + we assume (as in the [low_high_half] axioms above) + that the results of [high_half] are already shifted + (their 16 low bits are equal to 0). *) + +Definition symbol_offset (id: ident) (ofs: int) : val := + match Genv.find_symbol ge id with + | Some b => Vptr b ofs + | None => Vundef + end. + +Definition const_low (c: constant) := + match c with + | Cint n => Vint n + | Csymbol_low_signed id ofs => low_half_signed (symbol_offset id ofs) + | Csymbol_high_signed id ofs => Vundef + | Csymbol_low_unsigned id ofs => low_half_unsigned (symbol_offset id ofs) + | Csymbol_high_unsigned id ofs => Vundef + end. + +Definition const_high (c: constant) := + match c with + | Cint n => Vint (Int.shl n (Int.repr 16)) + | Csymbol_low_signed id ofs => Vundef + | Csymbol_high_signed id ofs => high_half_signed (symbol_offset id ofs) + | Csymbol_low_unsigned id ofs => Vundef + | Csymbol_high_unsigned id ofs => high_half_unsigned (symbol_offset id ofs) + end. + +(** The semantics is purely small-step and defined as a function + from the current state (a register set + a memory state) + to either [OK rs' m'] where [rs'] and [m'] are the updated register + set and memory state after execution of the instruction at [rs#PC], + or [Error] if the processor is stuck. *) + +Inductive outcome: Set := + | OK: regset -> mem -> outcome + | Error: outcome. + +(** Manipulations over the [PC] register: continuing with the next + instruction ([nextinstr]) or branching to a label ([goto_label]). *) + +Definition nextinstr (rs: regset) := + rs#PC <- (Val.add rs#PC Vone). + +Definition goto_label (c: code) (lbl: label) (rs: regset) (m: mem) := + match label_pos lbl 0 c with + | None => Error + | Some pos => + match rs#PC with + | Vptr b ofs => OK (rs#PC <- (Vptr b (Int.repr pos))) m + | _ => Error + end + end. + +(** Auxiliaries for memory accesses, in two forms: one operand + (plus constant offset) or two operands. *) + +Definition load1 (chunk: memory_chunk) (rd: preg) + (cst: constant) (r1: ireg) (rs: regset) (m: mem) := + match Mem.loadv chunk m (Val.add (gpr_or_zero rs r1) (const_low cst)) with + | None => Error + | Some v => OK (nextinstr (rs#rd <- v)) m + end. + +Definition load2 (chunk: memory_chunk) (rd: preg) (r1 r2: ireg) + (rs: regset) (m: mem) := + match Mem.loadv chunk m (Val.add rs#r1 rs#r2) with + | None => Error + | Some v => OK (nextinstr (rs#rd <- v)) m + end. + +Definition store1 (chunk: memory_chunk) (r: preg) + (cst: constant) (r1: ireg) (rs: regset) (m: mem) := + match Mem.storev chunk m (Val.add (gpr_or_zero rs r1) (const_low cst)) (rs#r) with + | None => Error + | Some m' => OK (nextinstr rs) m' + end. + +Definition store2 (chunk: memory_chunk) (r: preg) (r1 r2: ireg) + (rs: regset) (m: mem) := + match Mem.storev chunk m (Val.add rs#r1 rs#r2) (rs#r) with + | None => Error + | Some m' => OK (nextinstr rs) m' + end. + +(** Operations over condition bits. *) + +Definition reg_of_crbit (bit: crbit) := + match bit with + | CRbit_0 => CR0_0 + | CRbit_1 => CR0_1 + | CRbit_2 => CR0_2 + | CRbit_3 => CR0_3 + end. + +Definition compare_sint (rs: regset) (v1 v2: val) := + rs#CR0_0 <- (Val.cmp Clt v1 v2) + #CR0_1 <- (Val.cmp Cgt v1 v2) + #CR0_2 <- (Val.cmp Ceq v1 v2) + #CR0_3 <- Vundef. + +Definition compare_uint (rs: regset) (v1 v2: val) := + rs#CR0_0 <- (Val.cmpu Clt v1 v2) + #CR0_1 <- (Val.cmpu Cgt v1 v2) + #CR0_2 <- (Val.cmpu Ceq v1 v2) + #CR0_3 <- Vundef. + +Definition compare_float (rs: regset) (v1 v2: val) := + rs#CR0_0 <- (Val.cmpf Clt v1 v2) + #CR0_1 <- (Val.cmpf Cgt v1 v2) + #CR0_2 <- (Val.cmpf Ceq v1 v2) + #CR0_3 <- Vundef. + +Definition val_cond_reg (rs: regset) := + Val.or (Val.shl rs#CR0_0 (Vint (Int.repr 31))) + (Val.or (Val.shl rs#CR0_1 (Vint (Int.repr 30))) + (Val.or (Val.shl rs#CR0_2 (Vint (Int.repr 29))) + (Val.shl rs#CR0_3 (Vint (Int.repr 28))))). + +(** Execution of a single instruction [i] in initial state + [rs] and [m]. Return updated state. For instructions + that correspond to actual PowerPC instructions, the cases are + straightforward transliterations of the informal descriptions + given in the PowerPC reference manuals. For pseudo-instructions, + refer to the informal descriptions given above. Note that + we set to [Vundef] the registers used as temporaries by the + expansions of the pseudo-instructions, so that the PPC code + we generate cannot use those registers to hold values that + must survive the execution of the pseudo-instruction. +*) + +Definition exec_instr (c: code) (i: instruction) (rs: regset) (m: mem) : outcome := + match i with + | Padd rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.add rs#r1 rs#r2))) m + | Paddi rd r1 cst => + OK (nextinstr (rs#rd <- (Val.add (gpr_or_zero rs r1) (const_low cst)))) m + | Paddis rd r1 cst => + OK (nextinstr (rs#rd <- (Val.add (gpr_or_zero rs r1) (const_high cst)))) m + | Paddze rd r1 => + OK (nextinstr (rs#rd <- (Val.add rs#r1 rs#CARRY))) m + | Pallocframe lo hi => + let (m1, stk) := Mem.alloc m lo hi in + let sp := Vptr stk (Int.repr lo) in + match Mem.storev Mint32 m1 sp rs#GPR1 with + | None => Error + | Some m2 => OK (nextinstr (rs#GPR1 <- sp #GPR2 <- Vundef)) m2 + end + | Pand_ rd r1 r2 => + let v := Val.and rs#r1 rs#r2 in + OK (nextinstr (compare_sint (rs#rd <- v) v Vzero)) m + | Pandc rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.and rs#r1 (Val.notint rs#r2)))) m + | Pandi_ rd r1 cst => + let v := Val.and rs#r1 (const_low cst) in + OK (nextinstr (compare_sint (rs#rd <- v) v Vzero)) m + | Pandis_ rd r1 cst => + let v := Val.and rs#r1 (const_high cst) in + OK (nextinstr (compare_sint (rs#rd <- v) v Vzero)) m + | Pb lbl => + goto_label c lbl rs m + | Pbctr => + OK (rs#PC <- (rs#CTR)) m + | Pbctrl => + OK (rs#LR <- (Val.add rs#PC Vone) #PC <- (rs#CTR)) m + | Pbf bit lbl => + match rs#(reg_of_crbit bit) with + | Vint n => if Int.eq n Int.zero then goto_label c lbl rs m else OK (nextinstr rs) m + | _ => Error + end + | Pbl ident => + OK (rs#LR <- (Val.add rs#PC Vone) #PC <- (symbol_offset ident Int.zero)) m + | Pblr => + OK (rs#PC <- (rs#LR)) m + | Pbt bit lbl => + match rs#(reg_of_crbit bit) with + | Vint n => if Int.eq n Int.zero then OK (nextinstr rs) m else goto_label c lbl rs m + | _ => Error + end + | Pcmplw r1 r2 => + OK (nextinstr (compare_uint rs rs#r1 rs#r2)) m + | Pcmplwi r1 cst => + OK (nextinstr (compare_uint rs rs#r1 (const_low cst))) m + | Pcmpw r1 r2 => + OK (nextinstr (compare_sint rs rs#r1 rs#r2)) m + | Pcmpwi r1 cst => + OK (nextinstr (compare_sint rs rs#r1 (const_low cst))) m + | Pcror bd b1 b2 => + OK (nextinstr (rs#(reg_of_crbit bd) <- (Val.or rs#(reg_of_crbit b1) rs#(reg_of_crbit b2)))) m + | Pdivw rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.divs rs#r1 rs#r2))) m + | Pdivwu rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.divu rs#r1 rs#r2))) m + | Peqv rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.notint (Val.xor rs#r1 rs#r2)))) m + | Pextsb rd r1 => + OK (nextinstr (rs#rd <- (Val.cast8signed rs#r1))) m + | Pextsh rd r1 => + OK (nextinstr (rs#rd <- (Val.cast16signed rs#r1))) m + | Pfreeframe => + match Mem.loadv Mint32 m rs#GPR1 with + | None => Error + | Some v => + match rs#GPR1 with + | Vptr stk ofs => OK (nextinstr (rs#GPR1 <- v)) (Mem.free m stk) + | _ => Error + end + end + | Pfabs rd r1 => + OK (nextinstr (rs#rd <- (Val.absf rs#r1))) m + | Pfadd rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.addf rs#r1 rs#r2))) m + | Pfcmpu r1 r2 => + OK (nextinstr (compare_float rs rs#r1 rs#r2)) m + | Pfcti rd r1 => + OK (nextinstr (rs#rd <- (Val.intoffloat rs#r1) #FPR13 <- Vundef)) m + | Pfdiv rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.divf rs#r1 rs#r2))) m + | Pfmadd rd r1 r2 r3 => + OK (nextinstr (rs#rd <- (Val.addf (Val.mulf rs#r1 rs#r2) rs#r3))) m + | Pfmr rd r1 => + OK (nextinstr (rs#rd <- (rs#r1))) m + | Pfmsub rd r1 r2 r3 => + OK (nextinstr (rs#rd <- (Val.subf (Val.mulf rs#r1 rs#r2) rs#r3))) m + | Pfmul rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.mulf rs#r1 rs#r2))) m + | Pfneg rd r1 => + OK (nextinstr (rs#rd <- (Val.negf rs#r1))) m + | Pfrsp rd r1 => + OK (nextinstr (rs#rd <- (Val.singleoffloat rs#r1))) m + | Pfsub rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.subf rs#r1 rs#r2))) m + | Pictf rd r1 => + OK (nextinstr (rs#rd <- (Val.floatofint rs#r1) #GPR2 <- Vundef #FPR13 <- Vundef)) m + | Piuctf rd r1 => + OK (nextinstr (rs#rd <- (Val.floatofintu rs#r1) #GPR2 <- Vundef #FPR13 <- Vundef)) m + | Plbz rd cst r1 => + load1 Mint8unsigned rd cst r1 rs m + | Plbzx rd r1 r2 => + load2 Mint8unsigned rd r1 r2 rs m + | Plfd rd cst r1 => + load1 Mfloat64 rd cst r1 rs m + | Plfdx rd r1 r2 => + load2 Mfloat64 rd r1 r2 rs m + | Plfs rd cst r1 => + load1 Mfloat32 rd cst r1 rs m + | Plfsx rd r1 r2 => + load2 Mfloat32 rd r1 r2 rs m + | Plha rd cst r1 => + load1 Mint16signed rd cst r1 rs m + | Plhax rd r1 r2 => + load2 Mint16signed rd r1 r2 rs m + | Plhz rd cst r1 => + load1 Mint16unsigned rd cst r1 rs m + | Plhzx rd r1 r2 => + load2 Mint16unsigned rd r1 r2 rs m + | Plfi rd f => + OK (nextinstr (rs#rd <- (Vfloat f) #GPR2 <- Vundef)) m + | Plwz rd cst r1 => + load1 Mint32 rd cst r1 rs m + | Plwzx rd r1 r2 => + load2 Mint32 rd r1 r2 rs m + | Pmfcrbit rd bit => + OK (nextinstr (rs#rd <- (rs#(reg_of_crbit bit)))) m + | Pmflr rd => + OK (nextinstr (rs#rd <- (rs#LR))) m + | Pmr rd r1 => + OK (nextinstr (rs#rd <- (rs#r1))) m + | Pmtctr r1 => + OK (nextinstr (rs#CTR <- (rs#r1))) m + | Pmtlr r1 => + OK (nextinstr (rs#LR <- (rs#r1))) m + | Pmulli rd r1 cst => + OK (nextinstr (rs#rd <- (Val.mul rs#r1 (const_low cst)))) m + | Pmullw rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.mul rs#r1 rs#r2))) m + | Pnand rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.notint (Val.and rs#r1 rs#r2)))) m + | Pnor rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.notint (Val.or rs#r1 rs#r2)))) m + | Por rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.or rs#r1 rs#r2))) m + | Porc rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.or rs#r1 (Val.notint rs#r2)))) m + | Pori rd r1 cst => + OK (nextinstr (rs#rd <- (Val.or rs#r1 (const_low cst)))) m + | Poris rd r1 cst => + OK (nextinstr (rs#rd <- (Val.or rs#r1 (const_high cst)))) m + | Prlwinm rd r1 amount mask => + OK (nextinstr (rs#rd <- (Val.rolm rs#r1 amount mask))) m + | Pslw rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.shl rs#r1 rs#r2))) m + | Psraw rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.shr rs#r1 rs#r2) #CARRY <- (Val.shr_carry rs#r1 rs#r2))) m + | Psrawi rd r1 n => + OK (nextinstr (rs#rd <- (Val.shr rs#r1 (Vint n)) #CARRY <- (Val.shr_carry rs#r1 (Vint n)))) m + | Psrw rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.shru rs#r1 rs#r2))) m + | Pstb rd cst r1 => + store1 Mint8unsigned rd cst r1 rs m + | Pstbx rd r1 r2 => + store2 Mint8unsigned rd r1 r2 rs m + | Pstfd rd cst r1 => + store1 Mfloat64 rd cst r1 rs m + | Pstfdx rd r1 r2 => + store2 Mfloat64 rd r1 r2 rs m + | Pstfs rd cst r1 => + store1 Mfloat32 rd cst r1 rs m + | Pstfsx rd r1 r2 => + store2 Mfloat32 rd r1 r2 rs m + | Psth rd cst r1 => + store1 Mint16unsigned rd cst r1 rs m + | Psthx rd r1 r2 => + store2 Mint16unsigned rd r1 r2 rs m + | Pstw rd cst r1 => + store1 Mint32 rd cst r1 rs m + | Pstwx rd r1 r2 => + store2 Mint32 rd r1 r2 rs m + | Psubfc rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.sub rs#r2 rs#r1) #CARRY <- Vundef)) m + | Psubfic rd r1 cst => + OK (nextinstr (rs#rd <- (Val.sub (const_low cst) rs#r1) #CARRY <- Vundef)) m + | Pxor rd r1 r2 => + OK (nextinstr (rs#rd <- (Val.xor rs#r1 rs#r2))) m + | Pxori rd r1 cst => + OK (nextinstr (rs#rd <- (Val.xor rs#r1 (const_low cst)))) m + | Pxoris rd r1 cst => + OK (nextinstr (rs#rd <- (Val.xor rs#r1 (const_high cst)))) m + | Piundef rd => + OK (nextinstr (rs#rd <- Vundef)) m + | Pfundef rd => + OK (nextinstr (rs#rd <- Vundef)) m + | Plabel lbl => + OK (nextinstr rs) m + end. + +(** Execution of the instruction at [rs#PC]. *) + +Inductive exec_step: regset -> mem -> regset -> mem -> Prop := + | exec_step_intro: + forall b ofs c i rs m rs' m', + rs PC = Vptr b ofs -> + Genv.find_funct_ptr ge b = Some c -> + find_instr (Int.unsigned ofs) c = Some i -> + exec_instr c i rs m = OK rs' m' -> + exec_step rs m rs' m'. + +(** Execution of zero, one or several instructions starting at [rs#PC]. *) + +Inductive exec_steps: regset -> mem -> regset -> mem -> Prop := + | exec_refl: + forall rs m, + exec_steps rs m rs m + | exec_one: + forall rs m rs' m', + exec_step rs m rs' m' -> + exec_steps rs m rs' m' + | exec_trans: + forall rs1 m1 rs2 m2 rs3 m3, + exec_steps rs1 m1 rs2 m2 -> + exec_steps rs2 m2 rs3 m3 -> + exec_steps rs1 m1 rs3 m3. + +End RELSEM. + +Definition exec_program (p: program) (r: val) : Prop := + let ge := Genv.globalenv p in + let m0 := Genv.init_mem p in + let rs0 := + (Pregmap.init Vundef) # PC <- (symbol_offset ge p.(prog_main) Int.zero) + # LR <- Vzero + # GPR1 <- (Vptr Mem.nullptr Int.zero) in + exists rs, exists m, + exec_steps ge rs0 m0 rs m /\ rs#PC = Vzero /\ rs#GPR3 = r. diff --git a/backend/PPCgen.v b/backend/PPCgen.v new file mode 100644 index 00000000..dc8ed40f --- /dev/null +++ b/backend/PPCgen.v @@ -0,0 +1,514 @@ +(** Translation from Mach to PPC. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. +Require Import Mach. +Require Import PPC. + +(** Translation of the LTL/Linear/Mach view of machine registers + to the PPC view. PPC has two different types for registers + (integer and float) while LTL et al have only one. The + [ireg_of] and [freg_of] are therefore partial in principle. + To keep things simpler, we make them return nonsensical + results when applied to a LTL register of the wrong type. + The proof in [PPCgenproof] will show that this never happens. + + Note that no LTL register maps to [GPR2] nor [FPR13]. + These two registers are reserved as temporaries, to be used + by the generated PPC code. *) + +Definition ireg_of (r: mreg) : ireg := + match r with + | R3 => GPR3 | R4 => GPR4 | R5 => GPR5 | R6 => GPR6 + | R7 => GPR7 | R8 => GPR8 | R9 => GPR9 | R10 => GPR10 + | R13 => GPR13 | R14 => GPR14 | R15 => GPR15 | R16 => GPR16 + | R17 => GPR17 | R18 => GPR18 | R19 => GPR19 | R20 => GPR20 + | R21 => GPR21 | R22 => GPR22 | R23 => GPR23 | R24 => GPR24 + | R25 => GPR25 | R26 => GPR26 | R27 => GPR27 | R28 => GPR28 + | R29 => GPR29 | R30 => GPR30 | R31 => GPR31 + | IT1 => GPR11 | IT2 => GPR12 | IT3 => GPR0 + | _ => GPR0 (* should not happen *) + end. + +Definition freg_of (r: mreg) : freg := + match r with + | F1 => FPR1 | F2 => FPR2 | F3 => FPR3 | F4 => FPR4 + | F5 => FPR5 | F6 => FPR6 | F7 => FPR7 | F8 => FPR8 + | F9 => FPR9 | F10 => FPR10 | F14 => FPR14 | F15 => FPR15 + | F16 => FPR16 | F17 => FPR17 | F18 => FPR18 | F19 => FPR19 + | F20 => FPR20 | F21 => FPR21 | F22 => FPR22 | F23 => FPR23 + | F24 => FPR24 | F25 => FPR25 | F26 => FPR26 | F27 => FPR27 + | F28 => FPR28 | F29 => FPR29 | F30 => FPR30 | F31 => FPR31 + | FT1 => FPR0 | FT2 => FPR11 | FT3 => FPR12 + | _ => FPR0 (* should not happen *) + end. + +(** Decomposition of integer constants. As noted in file [PPC], + immediate arguments to PowerPC instructions must fit into 16 bits, + and are interpreted after zero extension, sign extension, or + left shift by 16 bits, depending on the instruction. Integer + constants that do not fit must be synthesized using two + processor instructions. The following functions decompose + arbitrary 32-bit integers into two 16-bit halves (high and low + halves). They satisfy the following properties: +- [low_u n] is an unsigned 16-bit integer; +- [low_s n] is a signed 16-bit integer; +- [(high_u n) << 16 | low_u n] equals [n]; +- [(high_s n) << 16 + low_s n] equals [n]. +*) + +Definition low_u (n: int) := Int.and n (Int.repr 65535). +Definition high_u (n: int) := Int.shru n (Int.repr 16). +Definition low_s (n: int) := Int.cast16signed n. +Definition high_s (n: int) := Int.shru (Int.sub n (low_s n)) (Int.repr 16). + +(** Smart constructors for arithmetic operations involving + a 32-bit integer constant. Depending on whether the + constant fits in 16 bits or not, one or several instructions + are generated as required to perform the operation + and prepended to the given instruction sequence [k]. *) + +Definition loadimm (r: ireg) (n: int) (k: code) := + if Int.eq (high_s n) Int.zero then + Paddi r GPR0 (Cint n) :: k + else if Int.eq (low_s n) Int.zero then + Paddis r GPR0 (Cint (high_s n)) :: k + else + Paddis r GPR0 (Cint (high_u n)) :: + Pori r r (Cint (low_u n)) :: k. + +Definition addimm_1 (r1 r2: ireg) (n: int) (k: code) := + if Int.eq (high_s n) Int.zero then + Paddi r1 r2 (Cint n) :: k + else if Int.eq (low_s n) Int.zero then + Paddis r1 r2 (Cint (high_s n)) :: k + else + Paddis r1 r2 (Cint (high_s n)) :: + Paddi r1 r1 (Cint (low_s n)) :: k. + +Definition addimm_2 (r1 r2: ireg) (n: int) (k: code) := + loadimm GPR2 n (Padd r1 r2 GPR2 :: k). + +Definition addimm (r1 r2: ireg) (n: int) (k: code) := + if ireg_eq r1 GPR0 then + addimm_2 r1 r2 n k + else if ireg_eq r2 GPR0 then + addimm_2 r1 r2 n k + else + addimm_1 r1 r2 n k. + +Definition andimm (r1 r2: ireg) (n: int) (k: code) := + if Int.eq (high_u n) Int.zero then + Pandi_ r1 r2 (Cint n) :: k + else if Int.eq (low_u n) Int.zero then + Pandis_ r1 r2 (Cint (high_u n)) :: k + else + loadimm GPR2 n (Pand_ r1 r2 GPR2 :: k). + +Definition orimm (r1 r2: ireg) (n: int) (k: code) := + if Int.eq (high_u n) Int.zero then + Pori r1 r2 (Cint n) :: k + else if Int.eq (low_u n) Int.zero then + Poris r1 r2 (Cint (high_u n)) :: k + else + Poris r1 r2 (Cint (high_u n)) :: + Pori r1 r1 (Cint (low_u n)) :: k. + +Definition xorimm (r1 r2: ireg) (n: int) (k: code) := + if Int.eq (high_u n) Int.zero then + Pxori r1 r2 (Cint n) :: k + else if Int.eq (low_u n) Int.zero then + Pxoris r1 r2 (Cint (high_u n)) :: k + else + Pxoris r1 r2 (Cint (high_u n)) :: + Pxori r1 r1 (Cint (low_u n)) :: k. + +(** Smart constructors for indexed loads and stores, + where the address is the contents of a register plus + an integer literal. *) + +Definition loadind_aux (base: ireg) (ofs: int) (ty: typ) (dst: mreg) := + match ty with + | Tint => Plwz (ireg_of dst) (Cint ofs) base + | Tfloat => Plfd (freg_of dst) (Cint ofs) base + end. + +Definition loadind (base: ireg) (ofs: int) (ty: typ) (dst: mreg) (k: code) := + if Int.eq (high_s ofs) Int.zero then + loadind_aux base ofs ty dst :: k + else + Paddis GPR2 base (Cint (high_s ofs)) :: + loadind_aux GPR2 (low_s ofs) ty dst :: k. + +Definition storeind_aux (src: mreg) (base: ireg) (ofs: int) (ty: typ) := + match ty with + | Tint => Pstw (ireg_of src) (Cint ofs) base + | Tfloat => Pstfd (freg_of src) (Cint ofs) base + end. + +Definition storeind (src: mreg) (base: ireg) (ofs: int) (ty: typ) (k: code) := + if Int.eq (high_s ofs) Int.zero then + storeind_aux src base ofs ty :: k + else + Paddis GPR2 base (Cint (high_s ofs)) :: + storeind_aux src GPR2 (low_s ofs) ty :: k. + +(** Constructor for a floating-point comparison. The PowerPC has + a single [fcmpu] instruction to compare floats, which sets + bits 0, 1 and 2 of the condition register to reflect ``less'', + ``greater'' and ``equal'' conditions, respectively. + The ``less or equal'' and ``greater or equal'' conditions must be + synthesized by a [cror] instruction that computes the logical ``or'' + of the corresponding two conditions. *) + +Definition floatcomp (cmp: comparison) (r1 r2: freg) (k: code) := + Pfcmpu r1 r2 :: + match cmp with + | Cle => Pcror CRbit_3 CRbit_2 CRbit_0 :: k + | Cge => Pcror CRbit_3 CRbit_2 CRbit_1 :: k + | _ => k + end. + +(** Translation of a condition. Prepends to [k] the instructions + that evaluate the condition and leave its boolean result in one of + the bits of the condition register. The bit in question is + determined by the [crbit_for_cond] function. *) + +Definition transl_cond + (cond: condition) (args: list mreg) (k: code) := + match cond, args with + | Ccomp c, a1 :: a2 :: nil => + Pcmpw (ireg_of a1) (ireg_of a2) :: k + | Ccompu c, a1 :: a2 :: nil => + Pcmplw (ireg_of a1) (ireg_of a2) :: k + | Ccompimm c n, a1 :: nil => + if Int.eq (high_s n) Int.zero then + Pcmpwi (ireg_of a1) (Cint n) :: k + else + loadimm GPR2 n (Pcmpw (ireg_of a1) GPR2 :: k) + | Ccompuimm c n, a1 :: nil => + if Int.eq (high_u n) Int.zero then + Pcmplwi (ireg_of a1) (Cint n) :: k + else + loadimm GPR2 n (Pcmplw (ireg_of a1) GPR2 :: k) + | Ccompf cmp, a1 :: a2 :: nil => + floatcomp cmp (freg_of a1) (freg_of a2) k + | Cnotcompf cmp, a1 :: a2 :: nil => + floatcomp cmp (freg_of a1) (freg_of a2) k + | Cmaskzero n, a1 :: nil => + andimm GPR2 (ireg_of a1) n k + | Cmasknotzero n, a1 :: nil => + andimm GPR2 (ireg_of a1) n k + | _, _ => + k (**r never happens for well-typed code *) + end. + +(* CRbit_0 = Less + CRbit_1 = Greater + CRbit_2 = Equal + CRbit_3 = Other *) + +Definition crbit_for_icmp (cmp: comparison) := + match cmp with + | Ceq => (CRbit_2, true) + | Cne => (CRbit_2, false) + | Clt => (CRbit_0, true) + | Cle => (CRbit_1, false) + | Cgt => (CRbit_1, true) + | Cge => (CRbit_0, false) + end. + +Definition crbit_for_fcmp (cmp: comparison) := + match cmp with + | Ceq => (CRbit_2, true) + | Cne => (CRbit_2, false) + | Clt => (CRbit_0, true) + | Cle => (CRbit_3, true) + | Cgt => (CRbit_1, true) + | Cge => (CRbit_3, true) + end. + +Definition crbit_for_cond (cond: condition) := + match cond with + | Ccomp cmp => crbit_for_icmp cmp + | Ccompu cmp => crbit_for_icmp cmp + | Ccompimm cmp n => crbit_for_icmp cmp + | Ccompuimm cmp n => crbit_for_icmp cmp + | Ccompf cmp => crbit_for_fcmp cmp + | Cnotcompf cmp => let p := crbit_for_fcmp cmp in (fst p, negb (snd p)) + | Cmaskzero n => (CRbit_2, true) + | Cmasknotzero n => (CRbit_2, false) + end. + +(** Translation of the arithmetic operation [r <- op(args)]. + The corresponding instructions are prepended to [k]. *) + +Definition transl_op + (op: operation) (args: list mreg) (r: mreg) (k: code) := + match op, args with + | Omove, a1 :: nil => + match mreg_type a1 with + | Tint => Pmr (ireg_of r) (ireg_of a1) :: k + | Tfloat => Pfmr (freg_of r) (freg_of a1) :: k + end + | Ointconst n, nil => + loadimm (ireg_of r) n k + | Ofloatconst f, nil => + Plfi (freg_of r) f :: k + | Oaddrsymbol s ofs, nil => + Paddis (ireg_of r) GPR0 (Csymbol_high_unsigned s ofs) :: + Pori (ireg_of r) (ireg_of r) (Csymbol_low_unsigned s ofs) :: k + | Oaddrstack n, nil => + addimm (ireg_of r) GPR1 n k + | Oundef, nil => + match mreg_type r with + | Tint => Piundef (ireg_of r) :: k + | Tfloat => Pfundef (freg_of r) :: k + end + | Ocast8signed, a1 :: nil => + Pextsb (ireg_of r) (ireg_of a1) :: k + | Ocast16signed, a1 :: nil => + Pextsh (ireg_of r) (ireg_of a1) :: k + | Oadd, a1 :: a2 :: nil => + Padd (ireg_of r) (ireg_of a1) (ireg_of a2) :: k + | Oaddimm n, a1 :: nil => + addimm (ireg_of r) (ireg_of a1) n k + | Osub, a1 :: a2 :: nil => + Psubfc (ireg_of r) (ireg_of a2) (ireg_of a1) :: k + | Osubimm n, a1 :: nil => + if Int.eq (high_s n) Int.zero then + Psubfic (ireg_of r) (ireg_of a1) (Cint n) :: k + else + loadimm GPR2 n (Psubfc (ireg_of r) (ireg_of a1) GPR2 :: k) + | Omul, a1 :: a2 :: nil => + Pmullw (ireg_of r) (ireg_of a1) (ireg_of a2) :: k + | Omulimm n, a1 :: nil => + if Int.eq (high_s n) Int.zero then + Pmulli (ireg_of r) (ireg_of a1) (Cint n) :: k + else + loadimm GPR2 n (Pmullw (ireg_of r) (ireg_of a1) GPR2 :: k) + | Odiv, a1 :: a2 :: nil => + Pdivw (ireg_of r) (ireg_of a1) (ireg_of a2) :: k + | Odivu, a1 :: a2 :: nil => + Pdivwu (ireg_of r) (ireg_of a1) (ireg_of a2) :: k + | Oand, a1 :: a2 :: nil => + Pand_ (ireg_of r) (ireg_of a1) (ireg_of a2) :: k + | Oandimm n, a1 :: nil => + andimm (ireg_of r) (ireg_of a1) n k + | Oor, a1 :: a2 :: nil => + Por (ireg_of r) (ireg_of a1) (ireg_of a2) :: k + | Oorimm n, a1 :: nil => + orimm (ireg_of r) (ireg_of a1) n k + | Oxor, a1 :: a2 :: nil => + Pxor (ireg_of r) (ireg_of a1) (ireg_of a2) :: k + | Oxorimm n, a1 :: nil => + xorimm (ireg_of r) (ireg_of a1) n k + | Onand, a1 :: a2 :: nil => + Pnand (ireg_of r) (ireg_of a1) (ireg_of a2) :: k + | Onor, a1 :: a2 :: nil => + Pnor (ireg_of r) (ireg_of a1) (ireg_of a2) :: k + | Onxor, a1 :: a2 :: nil => + Peqv (ireg_of r) (ireg_of a1) (ireg_of a2) :: k + | Oshl, a1 :: a2 :: nil => + Pslw (ireg_of r) (ireg_of a1) (ireg_of a2) :: k + | Oshr, a1 :: a2 :: nil => + Psraw (ireg_of r) (ireg_of a1) (ireg_of a2) :: k + | Oshrimm n, a1 :: nil => + Psrawi (ireg_of r) (ireg_of a1) n :: k + | Oshrximm n, a1 :: nil => + Psrawi (ireg_of r) (ireg_of a1) n :: + Paddze (ireg_of r) (ireg_of r) :: k + | Oshru, a1 :: a2 :: nil => + Psrw (ireg_of r) (ireg_of a1) (ireg_of a2) :: k + | Orolm amount mask, a1 :: nil => + Prlwinm (ireg_of r) (ireg_of a1) amount mask :: k + | Onegf, a1 :: nil => + Pfneg (freg_of r) (freg_of a1) :: k + | Oabsf, a1 :: nil => + Pfabs (freg_of r) (freg_of a1) :: k + | Oaddf, a1 :: a2 :: nil => + Pfadd (freg_of r) (freg_of a1) (freg_of a2) :: k + | Osubf, a1 :: a2 :: nil => + Pfsub (freg_of r) (freg_of a1) (freg_of a2) :: k + | Omulf, a1 :: a2 :: nil => + Pfmul (freg_of r) (freg_of a1) (freg_of a2) :: k + | Odivf, a1 :: a2 :: nil => + Pfdiv (freg_of r) (freg_of a1) (freg_of a2) :: k + | Omuladdf, a1 :: a2 :: a3 :: nil => + Pfmadd (freg_of r) (freg_of a1) (freg_of a2) (freg_of a3) :: k + | Omulsubf, a1 :: a2 :: a3 :: nil => + Pfmsub (freg_of r) (freg_of a1) (freg_of a2) (freg_of a3) :: k + | Osingleoffloat, a1 :: nil => + Pfrsp (freg_of r) (freg_of a1) :: k + | Ointoffloat, a1 :: nil => + Pfcti (ireg_of r) (freg_of a1) :: k + | Ofloatofint, a1 :: nil => + Pictf (freg_of r) (ireg_of a1) :: k + | Ofloatofintu, a1 :: nil => + Piuctf (freg_of r) (ireg_of a1) :: k + | Ocmp cmp, _ => + let p := crbit_for_cond cmp in + transl_cond cmp args + (Pmfcrbit (ireg_of r) (fst p) :: + if snd p + then k + else Pxori (ireg_of r) (ireg_of r) (Cint Int.one) :: k) + | _, _ => + k (**r never happens for well-typed code *) + end. + +(** Common code to translate [Mload] and [Mstore] instructions. *) + +Definition transl_load_store + (mk1: constant -> ireg -> instruction) + (mk2: ireg -> ireg -> instruction) + (addr: addressing) (args: list mreg) (k: code) := + match addr, args with + | Aindexed ofs, a1 :: nil => + if ireg_eq (ireg_of a1) GPR0 then + Pmr GPR2 (ireg_of a1) :: + Paddis GPR2 GPR2 (Cint (high_s ofs)) :: + mk1 (Cint (low_s ofs)) GPR2 :: k + else if Int.eq (high_s ofs) Int.zero then + mk1 (Cint ofs) (ireg_of a1) :: k + else + Paddis GPR2 (ireg_of a1) (Cint (high_s ofs)) :: + mk1 (Cint (low_s ofs)) GPR2 :: k + | Aindexed2, a1 :: a2 :: nil => + mk2 (ireg_of a1) (ireg_of a2) :: k + | Aglobal symb ofs, nil => + Paddis GPR2 GPR0 (Csymbol_high_signed symb ofs) :: + mk1 (Csymbol_low_signed symb ofs) GPR2 :: k + | Abased symb ofs, a1 :: nil => + if ireg_eq (ireg_of a1) GPR0 then + Pmr GPR2 (ireg_of a1) :: + Paddis GPR2 GPR2 (Csymbol_high_signed symb ofs) :: + mk1 (Csymbol_low_signed symb ofs) GPR2 :: k + else + Paddis GPR2 (ireg_of a1) (Csymbol_high_signed symb ofs) :: + mk1 (Csymbol_low_signed symb ofs) GPR2 :: k + | Ainstack ofs, nil => + if Int.eq (high_s ofs) Int.zero then + mk1 (Cint ofs) GPR1 :: k + else + Paddis GPR2 GPR1 (Cint (high_s ofs)) :: + mk1 (Cint (low_s ofs)) GPR2 :: k + | _, _ => + (* should not happen *) k + end. + +(** Translation of a Mach instruction. *) + +Definition transl_instr (i: Mach.instruction) (k: code) := + match i with + | Mgetstack ofs ty dst => + loadind GPR1 ofs ty dst k + | Msetstack src ofs ty => + storeind src GPR1 ofs ty k + | Mgetparam ofs ty dst => + Plwz GPR2 (Cint (Int.repr 0)) GPR1 :: loadind GPR2 ofs ty dst k + | Mop op args res => + transl_op op args res k + | Mload chunk addr args dst => + match chunk with + | Mint8signed => + transl_load_store + (Plbz (ireg_of dst)) (Plbzx (ireg_of dst)) addr args + (Pextsb (ireg_of dst) (ireg_of dst) :: k) + | Mint8unsigned => + transl_load_store + (Plbz (ireg_of dst)) (Plbzx (ireg_of dst)) addr args k + | Mint16signed => + transl_load_store + (Plha (ireg_of dst)) (Plhax (ireg_of dst)) addr args k + | Mint16unsigned => + transl_load_store + (Plhz (ireg_of dst)) (Plhzx (ireg_of dst)) addr args k + | Mint32 => + transl_load_store + (Plwz (ireg_of dst)) (Plwzx (ireg_of dst)) addr args k + | Mfloat32 => + transl_load_store + (Plfs (freg_of dst)) (Plfsx (freg_of dst)) addr args k + | Mfloat64 => + transl_load_store + (Plfd (freg_of dst)) (Plfdx (freg_of dst)) addr args k + end + | Mstore chunk addr args src => + match chunk with + | Mint8signed => + transl_load_store + (Pstb (ireg_of src)) (Pstbx (ireg_of src)) addr args k + | Mint8unsigned => + transl_load_store + (Pstb (ireg_of src)) (Pstbx (ireg_of src)) addr args k + | Mint16signed => + transl_load_store + (Psth (ireg_of src)) (Psthx (ireg_of src)) addr args k + | Mint16unsigned => + transl_load_store + (Psth (ireg_of src)) (Psthx (ireg_of src)) addr args k + | Mint32 => + transl_load_store + (Pstw (ireg_of src)) (Pstwx (ireg_of src)) addr args k + | Mfloat32 => + transl_load_store + (Pstfs (freg_of src)) (Pstfsx (freg_of src)) addr args k + | Mfloat64 => + transl_load_store + (Pstfd (freg_of src)) (Pstfdx (freg_of src)) addr args k + end + | Mcall sig (inl r) => + Pmtctr (ireg_of r) :: Pbctrl :: k + | Mcall sig (inr symb) => + Pbl symb :: k + | Mlabel lbl => + Plabel lbl :: k + | Mgoto lbl => + Pb lbl :: k + | Mcond cond args lbl => + let p := crbit_for_cond cond in + transl_cond cond args + (if (snd p) then Pbt (fst p) lbl :: k else Pbf (fst p) lbl :: k) + | Mreturn => + Plwz GPR2 (Cint (Int.repr 4)) GPR1 :: + Pmtlr GPR2 :: Pfreeframe :: Pblr :: k + end. + +Definition transl_code (il: list Mach.instruction) := + List.fold_right transl_instr nil il. + +(** Translation of a whole function. Note that we must check + that the generated code contains less than [2^32] instructions, + otherwise the offset part of the [PC] code pointer could wrap + around, leading to incorrect executions. *) + +Definition transl_function (f: Mach.function) := + Pallocframe (- f.(fn_framesize)) + (align_16_top (-f.(fn_framesize)) f.(fn_stacksize)) :: + Pmflr GPR2 :: + Pstw GPR2 (Cint (Int.repr 4)) GPR1 :: + transl_code f.(fn_code). + +Fixpoint code_size (c: code) : Z := + match c with + | nil => 0 + | instr :: c' => code_size c' + 1 + end. + +Definition transf_function (f: Mach.function) := + let c := transl_function f in + if zlt Int.max_unsigned (code_size c) + then None + else Some c. + +Definition transf_program (p: Mach.program) : option PPC.program := + transform_partial_program transf_function p. diff --git a/backend/PPCgenproof.v b/backend/PPCgenproof.v new file mode 100644 index 00000000..d89046fd --- /dev/null +++ b/backend/PPCgenproof.v @@ -0,0 +1,1242 @@ +(** Correctness proof for PPC generation: main proof. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. +Require Import Mach. +Require Import Machtyping. +Require Import PPC. +Require Import PPCgen. +Require Import PPCgenproof1. + +Section PRESERVATION. + +Variable prog: Mach.program. +Variable tprog: PPC.program. +Hypothesis TRANSF: transf_program prog = Some tprog. + +Let ge := Genv.globalenv prog. +Let tge := Genv.globalenv tprog. + +Lemma symbols_preserved: + forall id, Genv.find_symbol tge id = Genv.find_symbol ge id. +Proof. + intros. unfold ge, tge. + apply Genv.find_symbol_transf_partial with transf_function. + exact TRANSF. +Qed. + +Lemma functions_translated: + forall f b, + Genv.find_funct_ptr ge b = Some f -> + Genv.find_funct_ptr tge b = Some (transl_function f). +Proof. + intros. + generalize (Genv.find_funct_ptr_transf_partial + transf_function TRANSF H). + intros [A B]. + unfold tge. change code with (list instruction). rewrite A. + generalize B. unfold transf_function. + case (zlt Int.max_unsigned (code_size (transl_function f))); intro. + tauto. auto. +Qed. + +Lemma functions_translated_2: + forall f v, + Genv.find_funct ge v = Some f -> + Genv.find_funct tge v = Some (transl_function f). +Proof. + intros. + generalize (Genv.find_funct_transf_partial + transf_function TRANSF H). + intros [A B]. + unfold tge. change code with (list instruction). rewrite A. + generalize B. unfold transf_function. + case (zlt Int.max_unsigned (code_size (transl_function f))); intro. + tauto. auto. +Qed. + +Lemma functions_translated_no_overflow: + forall b f, + Genv.find_funct_ptr ge b = Some f -> + code_size (transl_function f) <= Int.max_unsigned. +Proof. + intros. + generalize (Genv.find_funct_ptr_transf_partial + transf_function TRANSF H). + intros [A B]. + generalize B. + unfold transf_function. + case (zlt Int.max_unsigned (code_size (transl_function f))); intro. + tauto. intro. omega. +Qed. + +(** * Properties of control flow *) + +Lemma find_instr_in: + forall c pos i, + find_instr pos c = Some i -> In i c. +Proof. + induction c; simpl. intros; discriminate. + intros until i. case (zeq pos 0); intros. + left; congruence. right; eauto. +Qed. + +(** The ``code tail'' of an instruction list [c] is the list of instructions + starting at PC [pos]. *) + +Fixpoint code_tail (pos: Z) (c: code) {struct c} : code := + match c with + | nil => nil + | i :: il => if zeq pos 0 then c else code_tail (pos - 1) il + end. +Proof. + +Lemma find_instr_tail: + forall c pos, + find_instr pos c = + match code_tail pos c with nil => None | i1 :: il => Some i1 end. +Proof. + induction c; simpl; intros. + auto. + case (zeq pos 0); auto. +Qed. + +Remark code_size_pos: + forall fn, code_size fn >= 0. +Proof. + induction fn; simpl; omega. +Qed. + +Remark code_tail_bounds: + forall fn ofs i c, + code_tail ofs fn = i :: c -> 0 <= ofs < code_size fn. +Proof. + induction fn; simpl. + intros; discriminate. + intros until c. case (zeq ofs 0); intros. + generalize (code_size_pos fn). omega. + generalize (IHfn _ _ _ H). omega. +Qed. + +Remark code_tail_unfold: + forall ofs i c, + ofs >= 0 -> + code_tail (ofs + 1) (i :: c) = code_tail ofs c. +Proof. + intros. simpl. case (zeq (ofs + 1) 0); intros. + omegaContradiction. + replace (ofs + 1 - 1) with ofs. auto. omega. +Qed. + +Remark code_tail_zero: + forall fn, code_tail 0 fn = fn. +Proof. + intros. destruct fn; simpl. auto. auto. +Qed. + +Lemma code_tail_next: + forall fn ofs i c, + code_tail ofs fn = i :: c -> + code_tail (ofs + 1) fn = c. +Proof. + induction fn. + simpl; intros; discriminate. + intros until c. case (zeq ofs 0); intro. + subst ofs. intros. rewrite code_tail_zero in H. injection H. + intros. subst c. rewrite code_tail_unfold. apply code_tail_zero. + omega. + intro; generalize (code_tail_bounds _ _ _ _ H); intros [A B]. + assert (ofs = (ofs - 1) + 1). omega. + rewrite H0 in H. rewrite code_tail_unfold in H. + rewrite code_tail_unfold. rewrite H0. eauto. + omega. omega. +Qed. + +Lemma code_tail_next_int: + forall fn ofs i c, + code_size fn <= Int.max_unsigned -> + code_tail (Int.unsigned ofs) fn = i :: c -> + code_tail (Int.unsigned (Int.add ofs Int.one)) fn = c. +Proof. + intros. rewrite Int.add_unsigned. unfold Int.one. + repeat rewrite Int.unsigned_repr. apply code_tail_next with i; auto. + compute; intuition congruence. + generalize (code_tail_bounds _ _ _ _ H0). omega. + compute; intuition congruence. +Qed. + +(** [transl_code_at_pc pc fn c] holds if the code pointer [pc] points + within the PPC code generated by translating Mach function [fn], + and [c] is the tail of the generated code at the position corresponding + to the code pointer [pc]. *) + +Inductive transl_code_at_pc: val -> Mach.function -> Mach.code -> Prop := + transl_code_at_pc_intro: + forall b ofs f c, + Genv.find_funct_ptr ge b = Some f -> + code_tail (Int.unsigned ofs) (transl_function f) = transl_code c -> + transl_code_at_pc (Vptr b ofs) f c. + +(** The following lemmas show that straight-line executions + (predicate [exec_straight]) correspond to correct PPC executions + (predicate [exec_steps]) under adequate [transl_code_at_pc] hypotheses. *) + +Lemma exec_straight_steps_1: + forall fn c rs m c' rs' m', + exec_straight tge fn c rs m c' rs' m' -> + code_size fn <= Int.max_unsigned -> + forall b ofs, + rs#PC = Vptr b ofs -> + Genv.find_funct_ptr tge b = Some fn -> + code_tail (Int.unsigned ofs) fn = c -> + exec_steps tge rs m rs' m'. +Proof. + induction 1. + intros. apply exec_refl. + intros. apply exec_trans with rs2 m2. + apply exec_one; econstructor; eauto. + rewrite find_instr_tail. rewrite H5. auto. + apply IHexec_straight with b (Int.add ofs Int.one). + auto. rewrite H0. rewrite H3. reflexivity. + auto. + apply code_tail_next_int with i; auto. +Qed. + +Lemma exec_straight_steps_2: + forall fn c rs m c' rs' m', + exec_straight tge fn c rs m c' rs' m' -> + code_size fn <= Int.max_unsigned -> + forall b ofs, + rs#PC = Vptr b ofs -> + Genv.find_funct_ptr tge b = Some fn -> + code_tail (Int.unsigned ofs) fn = c -> + exists ofs', + rs'#PC = Vptr b ofs' + /\ code_tail (Int.unsigned ofs') fn = c'. +Proof. + induction 1; intros. + exists ofs. split. auto. auto. + apply IHexec_straight with (Int.add ofs Int.one). + auto. rewrite H0. rewrite H3. reflexivity. auto. + apply code_tail_next_int with i; auto. +Qed. + +Lemma exec_straight_steps: + forall f c c' rs m rs' m', + transl_code_at_pc (rs PC) f c -> + exec_straight tge (transl_function f) + (transl_code c) rs m (transl_code c') rs' m' -> + exec_steps tge rs m rs' m' /\ transl_code_at_pc (rs' PC) f c'. +Proof. + intros. inversion H. + generalize (functions_translated_no_overflow _ _ H2). intro. + generalize (functions_translated _ _ H2). intro. + split. eapply exec_straight_steps_1; eauto. + generalize (exec_straight_steps_2 _ _ _ _ _ _ _ + H0 H6 _ _ (sym_equal H1) H7 H3). + intros [ofs' [PC' CT']]. + rewrite PC'. constructor; auto. +Qed. + +(** The [find_label] function returns the code tail starting at the + given label. A connection with [code_tail] is then established. *) + +Fixpoint find_label (lbl: label) (c: code) {struct c} : option code := + match c with + | nil => None + | instr :: c' => + if is_label lbl instr then Some c' else find_label lbl c' + end. + +Lemma label_pos_code_tail: + forall lbl c pos c', + find_label lbl c = Some c' -> + exists pos', + label_pos lbl pos c = Some pos' + /\ code_tail (pos' - pos) c = c' + /\ pos < pos' <= pos + code_size c. +Proof. + induction c. + simpl; intros. discriminate. + simpl; intros until c'. + case (is_label lbl a). + intro EQ; injection EQ; intro; subst c'. + exists (pos + 1). split. auto. split. + rewrite zeq_false. replace (pos + 1 - pos - 1) with 0. + apply code_tail_zero. omega. omega. + generalize (code_size_pos c). omega. + intros. generalize (IHc (pos + 1) c' H). intros [pos' [A [B C]]]. + exists pos'. split. auto. split. + rewrite zeq_false. replace (pos' - pos - 1) with (pos' - (pos + 1)). + auto. omega. omega. omega. +Qed. + +(** The following lemmas show that the translation from Mach to PPC + preserves labels, in the sense that the following diagram commutes: +<< + translation + Mach code ------------------------ PPC instr sequence + | | + | Mach.find_label lbl find_label lbl | + | | + v v + Mach code tail ------------------- PPC instr seq tail + translation +>> + The proof demands many boring lemmas showing that PPC constructor + functions do not introduce new labels. +*) + +Section TRANSL_LABEL. + +Variable lbl: label. + +Remark loadimm_label: + forall r n k, find_label lbl (loadimm r n k) = find_label lbl k. +Proof. + intros. unfold loadimm. + case (Int.eq (high_s n) Int.zero). reflexivity. + case (Int.eq (low_s n) Int.zero). reflexivity. + reflexivity. +Qed. +Hint Rewrite loadimm_label: labels. + +Remark addimm_1_label: + forall r1 r2 n k, find_label lbl (addimm_1 r1 r2 n k) = find_label lbl k. +Proof. + intros; unfold addimm_1. + case (Int.eq (high_s n) Int.zero). reflexivity. + case (Int.eq (low_s n) Int.zero). reflexivity. reflexivity. +Qed. +Remark addimm_2_label: + forall r1 r2 n k, find_label lbl (addimm_2 r1 r2 n k) = find_label lbl k. +Proof. + intros; unfold addimm_2. autorewrite with labels. reflexivity. +Qed. +Remark addimm_label: + forall r1 r2 n k, find_label lbl (addimm r1 r2 n k) = find_label lbl k. +Proof. + intros; unfold addimm. + case (ireg_eq r1 GPR0); intro. apply addimm_2_label. + case (ireg_eq r2 GPR0); intro. apply addimm_2_label. + apply addimm_1_label. +Qed. +Hint Rewrite addimm_label: labels. + +Remark andimm_label: + forall r1 r2 n k, find_label lbl (andimm r1 r2 n k) = find_label lbl k. +Proof. + intros; unfold andimm. + case (Int.eq (high_u n) Int.zero). reflexivity. + case (Int.eq (low_u n) Int.zero). reflexivity. + autorewrite with labels. reflexivity. +Qed. +Hint Rewrite andimm_label: labels. + +Remark orimm_label: + forall r1 r2 n k, find_label lbl (orimm r1 r2 n k) = find_label lbl k. +Proof. + intros; unfold orimm. + case (Int.eq (high_u n) Int.zero). reflexivity. + case (Int.eq (low_u n) Int.zero). reflexivity. reflexivity. +Qed. +Hint Rewrite orimm_label: labels. + +Remark xorimm_label: + forall r1 r2 n k, find_label lbl (xorimm r1 r2 n k) = find_label lbl k. +Proof. + intros; unfold xorimm. + case (Int.eq (high_u n) Int.zero). reflexivity. + case (Int.eq (low_u n) Int.zero). reflexivity. reflexivity. +Qed. +Hint Rewrite xorimm_label: labels. + +Remark loadind_aux_label: + forall base ofs ty dst k, find_label lbl (loadind_aux base ofs ty dst :: k) = find_label lbl k. +Proof. + intros; unfold loadind_aux. + case ty; reflexivity. +Qed. +Remark loadind_label: + forall base ofs ty dst k, find_label lbl (loadind base ofs ty dst k) = find_label lbl k. +Proof. + intros; unfold loadind. + case (Int.eq (high_s ofs) Int.zero). apply loadind_aux_label. + transitivity (find_label lbl (loadind_aux GPR2 (low_s ofs) ty dst :: k)). + reflexivity. apply loadind_aux_label. +Qed. +Hint Rewrite loadind_label: labels. +Remark storeind_aux_label: + forall base ofs ty dst k, find_label lbl (storeind_aux base ofs ty dst :: k) = find_label lbl k. +Proof. + intros; unfold storeind_aux. + case dst; reflexivity. +Qed. +Remark storeind_label: + forall base ofs ty src k, find_label lbl (storeind base src ofs ty k) = find_label lbl k. +Proof. + intros; unfold storeind. + case (Int.eq (high_s ofs) Int.zero). apply storeind_aux_label. + transitivity (find_label lbl (storeind_aux base GPR2 (low_s ofs) ty :: k)). + reflexivity. apply storeind_aux_label. +Qed. +Hint Rewrite storeind_label: labels. +Remark floatcomp_label: + forall cmp r1 r2 k, find_label lbl (floatcomp cmp r1 r2 k) = find_label lbl k. +Proof. + intros; unfold floatcomp. destruct cmp; reflexivity. +Qed. + +Remark transl_cond_label: + forall cond args k, find_label lbl (transl_cond cond args k) = find_label lbl k. +Proof. + intros; unfold transl_cond. + destruct cond; (destruct args; + [try reflexivity | destruct args; + [try reflexivity | destruct args; try reflexivity]]). + case (Int.eq (high_s i) Int.zero). reflexivity. + autorewrite with labels; reflexivity. + case (Int.eq (high_u i) Int.zero). reflexivity. + autorewrite with labels; reflexivity. + apply floatcomp_label. apply floatcomp_label. + apply andimm_label. apply andimm_label. +Qed. +Hint Rewrite transl_cond_label: labels. +Remark transl_op_label: + forall op args r k, find_label lbl (transl_op op args r k) = find_label lbl k. +Proof. + intros; unfold transl_op; + destruct op; destruct args; try (destruct args); try (destruct args); try (destruct args); + try reflexivity; autorewrite with labels; try reflexivity. + case (mreg_type m); reflexivity. + case (mreg_type r); reflexivity. + case (Int.eq (high_s i) Int.zero); autorewrite with labels; reflexivity. + case (Int.eq (high_s i) Int.zero); autorewrite with labels; reflexivity. + case (snd (crbit_for_cond c)); reflexivity. + case (snd (crbit_for_cond c)); reflexivity. + case (snd (crbit_for_cond c)); reflexivity. + case (snd (crbit_for_cond c)); reflexivity. + case (snd (crbit_for_cond c)); reflexivity. +Qed. +Hint Rewrite transl_op_label: labels. + +Remark transl_load_store_label: + forall (mk1: constant -> ireg -> instruction) (mk2: ireg -> ireg -> instruction) + addr args k, + (forall c r, is_label lbl (mk1 c r) = false) -> + (forall r1 r2, is_label lbl (mk2 r1 r2) = false) -> + find_label lbl (transl_load_store mk1 mk2 addr args k) = find_label lbl k. +Proof. + intros; unfold transl_load_store. + destruct addr; destruct args; try (destruct args); try (destruct args); + try reflexivity. + case (ireg_eq (ireg_of m) GPR0); intro. + simpl. rewrite H. auto. + case (Int.eq (high_s i) Int.zero). simpl; rewrite H; auto. + simpl; rewrite H; auto. + simpl; rewrite H0; auto. + simpl; rewrite H; auto. + case (ireg_eq (ireg_of m) GPR0); intro; simpl; rewrite H; auto. + case (Int.eq (high_s i) Int.zero); simpl; rewrite H; auto. +Qed. +Hint Rewrite transl_load_store_label: labels. + +Lemma transl_instr_label: + forall i k, + find_label lbl (transl_instr i k) = + if Mach.is_label lbl i then Some k else find_label lbl k. +Proof. + intros. generalize (Mach.is_label_correct lbl i). + case (Mach.is_label lbl i); intro. + subst i. simpl. rewrite peq_true. auto. + destruct i; simpl; autorewrite with labels; try reflexivity. + destruct m; rewrite transl_load_store_label; intros; reflexivity. + destruct m; rewrite transl_load_store_label; intros; reflexivity. + destruct s0; reflexivity. + rewrite peq_false. auto. congruence. + case (snd (crbit_for_cond c)); reflexivity. +Qed. + +Lemma transl_code_label: + forall c, + find_label lbl (transl_code c) = + option_map transl_code (Mach.find_label lbl c). +Proof. + induction c; simpl; intros. + auto. rewrite transl_instr_label. + case (Mach.is_label lbl a). reflexivity. + auto. +Qed. + +Lemma transl_find_label: + forall f, + find_label lbl (transl_function f) = + option_map transl_code (Mach.find_label lbl f.(fn_code)). +Proof. + intros. unfold transl_function. simpl. apply transl_code_label. +Qed. + +End TRANSL_LABEL. + +(** A valid branch in a piece of Mach code translates to a valid ``go to'' + transition in the generated PPC code. *) + +Lemma find_label_goto_label: + forall f lbl rs m c' b ofs, + Genv.find_funct_ptr ge b = Some f -> + rs PC = Vptr b ofs -> + Mach.find_label lbl f.(fn_code) = Some c' -> + exists rs', + goto_label (transl_function f) lbl rs m = OK rs' m + /\ transl_code_at_pc (rs' PC) f c' + /\ forall r, r <> PC -> rs'#r = rs#r. +Proof. + intros. + generalize (transl_find_label lbl f). + rewrite H1; simpl. intro. + generalize (label_pos_code_tail lbl (transl_function f) 0 + (transl_code c') H2). + intros [pos' [A [B C]]]. + exists (rs#PC <- (Vptr b (Int.repr pos'))). + split. unfold goto_label. rewrite A. rewrite H0. auto. + split. rewrite Pregmap.gss. constructor. auto. + rewrite Int.unsigned_repr. replace (pos' - 0) with pos' in B. + auto. omega. + generalize (functions_translated_no_overflow _ _ H). + omega. + intros. apply Pregmap.gso; auto. +Qed. + +(** * Memory properties *) + +(** The PowerPC has no instruction for ``load 8-bit signed integer''. + We show that it can be synthesized as a ``load 8-bit unsigned integer'' + followed by a sign extension. *) + +Lemma loadv_8_signed_unsigned: + forall m a, + Mem.loadv Mint8signed m a = + option_map Val.cast8signed (Mem.loadv Mint8unsigned m a). +Proof. + intros. unfold Mem.loadv. destruct a; try reflexivity. + unfold load. case (zlt b (nextblock m)); intro. + change (in_bounds Mint8unsigned (Int.signed i) (blocks m b)) + with (in_bounds Mint8signed (Int.signed i) (blocks m b)). + case (in_bounds Mint8signed (Int.signed i) (blocks m b)). + change (mem_chunk Mint8unsigned) with (mem_chunk Mint8signed). + set (v := (load_contents (mem_chunk Mint8signed) + (contents (blocks m b)) (Int.signed i))). + unfold Val.load_result. destruct v; try reflexivity. + simpl. rewrite Int.cast8_signed_unsigned. auto. + reflexivity. reflexivity. +Qed. + +(** Similarly, we show that signed 8- and 16-bit stores can be performed + like unsigned stores. *) + +Lemma storev_8_signed_unsigned: + forall m a v, + Mem.storev Mint8signed m a v = Mem.storev Mint8unsigned m a v. +Proof. + intros. reflexivity. +Qed. + +Lemma storev_16_signed_unsigned: + forall m a v, + Mem.storev Mint16signed m a v = Mem.storev Mint16unsigned m a v. +Proof. + intros. reflexivity. +Qed. + +(** * Proof of semantic preservation *) + +(** The invariants for the inductive proof of simulation are as follows. + The simulation diagrams are of the form: +<< + c1, ms1, m1 --------------------- rs1, m1 + | | + | | + v v + c2, ms2, m2 --------------------- rs2, m2 +>> + Left: execution of one Mach instruction. Right: execution of zero, one + or several instructions. Precondition (top): agreement between + the Mach register set [ms1] and the PPC register set [rs1]; moreover, + [rs1 PC] points to the translation of code [c1]. Postcondition (bottom): + similar. +*) + +Definition exec_instr_prop + (f: Mach.function) (sp: val) + (c1: Mach.code) (ms1: Mach.regset) (m1: mem) + (c2: Mach.code) (ms2: Mach.regset) (m2: mem) := + forall rs1 + (WTF: wt_function f) + (INCL: incl c1 f.(fn_code)) + (AT: transl_code_at_pc (rs1 PC) f c1) + (AG: agree ms1 sp rs1), + exists rs2, + agree ms2 sp rs2 + /\ exec_steps tge rs1 m1 rs2 m2 + /\ transl_code_at_pc (rs2 PC) f c2. + +Definition exec_function_body_prop + (f: Mach.function) (parent: val) (ra: val) + (ms1: Mach.regset) (m1: mem) + (ms2: Mach.regset) (m2: mem) := + forall rs1 + (WTRA: Val.has_type ra Tint) + (RALR: rs1 LR = ra) + (WTF: wt_function f) + (AT: Genv.find_funct ge (rs1 PC) = Some f) + (AG: agree ms1 parent rs1), + exists rs2, + agree ms2 parent rs2 + /\ exec_steps tge rs1 m1 rs2 m2 + /\ rs2 PC = rs1 LR. + +Definition exec_function_prop + (f: Mach.function) (parent: val) + (ms1: Mach.regset) (m1: mem) + (ms2: Mach.regset) (m2: mem) := + forall rs1 + (WTF: wt_function f) + (AT: Genv.find_funct ge (rs1 PC) = Some f) + (AG: agree ms1 parent rs1) + (WTRA: Val.has_type (rs1 LR) Tint), + exists rs2, + agree ms2 parent rs2 + /\ exec_steps tge rs1 m1 rs2 m2 + /\ rs2 PC = rs1 LR. + +(** We show each case of the inductive proof of simulation as a separate + lemma. *) + +Lemma exec_Mlabel_prop: + forall (f : function) (sp : val) (lbl : Mach.label) + (c : list Mach.instruction) (rs : Mach.regset) (m : mem), + exec_instr_prop f sp (Mlabel lbl :: c) rs m c rs m. +Proof. + intros; red; intros. + assert (exec_straight tge (transl_function f) + (transl_code (Mlabel lbl :: c)) rs1 m + (transl_code c) (nextinstr rs1) m). + simpl. apply exec_straight_one. reflexivity. reflexivity. + exists (nextinstr rs1). split. apply agree_nextinstr; auto. + eapply exec_straight_steps; eauto. +Qed. + +Lemma exec_Mgetstack_prop: + forall (f : function) (sp : val) (ofs : int) (ty : typ) (dst : mreg) + (c : list Mach.instruction) (ms : Mach.regset) (m : mem) (v : val), + load_stack m sp ty ofs = Some v -> + exec_instr_prop f sp (Mgetstack ofs ty dst :: c) ms m c (Regmap.set dst v ms) m. +Proof. + intros; red; intros. + unfold load_stack in H. + generalize (wt_function_instrs _ WTF _ (INCL _ (in_eq _ _))). + intro WTI. inversion WTI. + rewrite (sp_val _ _ _ AG) in H. + assert (NOTE: GPR1 <> GPR0). congruence. + generalize (loadind_correct tge (transl_function f) GPR1 ofs ty + dst (transl_code c) rs1 m v H H1 NOTE). + intros [rs2 [EX [RES OTH]]]. + exists rs2. split. + apply agree_exten_2 with (rs1#(preg_of dst) <- v). + auto with ppcgen. + intros. case (preg_eq r0 (preg_of dst)); intro. + subst r0. rewrite Pregmap.gss. auto. + rewrite Pregmap.gso; auto. + eapply exec_straight_steps; eauto. +Qed. + +Lemma exec_Msetstack_prop: + forall (f : function) (sp : val) (src : mreg) (ofs : int) (ty : typ) + (c : list Mach.instruction) (ms : mreg -> val) (m m' : mem), + store_stack m sp ty ofs (ms src) = Some m' -> + exec_instr_prop f sp (Msetstack src ofs ty :: c) ms m c ms m'. +Proof. + intros; red; intros. + unfold store_stack in H. + generalize (wt_function_instrs _ WTF _ (INCL _ (in_eq _ _))). + intro WTI. inversion WTI. + rewrite (sp_val _ _ _ AG) in H. + rewrite (preg_val ms sp rs1) in H; auto. + assert (NOTE: GPR1 <> GPR0). congruence. + generalize (storeind_correct tge (transl_function f) GPR1 ofs ty + src (transl_code c) rs1 m m' H H2 NOTE). + intros [rs2 [EX OTH]]. + exists rs2. split. + apply agree_exten_2 with rs1; auto. + eapply exec_straight_steps; eauto. +Qed. + +Lemma exec_Mgetparam_prop: + forall (f : function) (sp parent : val) (ofs : int) (ty : typ) + (dst : mreg) (c : list Mach.instruction) (ms : Mach.regset) + (m : mem) (v : val), + load_stack m sp Tint (Int.repr 0) = Some parent -> + load_stack m parent ty ofs = Some v -> + exec_instr_prop f sp (Mgetparam ofs ty dst :: c) ms m c (Regmap.set dst v ms) m. +Proof. + intros; red; intros. + set (rs2 := nextinstr (rs1#GPR2 <- parent)). + assert (EX1: exec_straight tge (transl_function f) + (transl_code (Mgetparam ofs ty dst :: c)) rs1 m + (loadind GPR2 ofs ty dst (transl_code c)) rs2 m). + simpl. apply exec_straight_one. + simpl. unfold load1. rewrite gpr_or_zero_not_zero; auto with ppcgen. + unfold const_low. rewrite <- (sp_val ms sp rs1); auto. + unfold load_stack in H. simpl chunk_of_type in H. + rewrite H. reflexivity. reflexivity. + generalize (wt_function_instrs _ WTF _ (INCL _ (in_eq _ _))). + intro WTI. inversion WTI. + unfold load_stack in H0. change parent with rs2#GPR2 in H0. + assert (NOTE: GPR2 <> GPR0). congruence. + generalize (loadind_correct tge (transl_function f) GPR2 ofs ty + dst (transl_code c) rs2 m v H0 H2 NOTE). + intros [rs3 [EX2 [RES OTH]]]. + exists rs3. split. + apply agree_exten_2 with (rs2#(preg_of dst) <- v). + unfold rs2; auto with ppcgen. + intros. case (preg_eq r0 (preg_of dst)); intro. + subst r0. rewrite Pregmap.gss. auto. + rewrite Pregmap.gso; auto. + eapply exec_straight_steps; eauto. + eapply exec_straight_trans; eauto. +Qed. + +Lemma exec_straight_exec_prop: + forall f sp c1 rs1 m1 c2 m2 ms', + transl_code_at_pc (rs1 PC) f c1 -> + (exists rs2, + exec_straight tge (transl_function f) + (transl_code c1) rs1 m1 + (transl_code c2) rs2 m2 + /\ agree ms' sp rs2) -> + (exists rs2, + agree ms' sp rs2 + /\ exec_steps tge rs1 m1 rs2 m2 + /\ transl_code_at_pc (rs2 PC) f c2). +Proof. + intros until ms'. intros TRANS1 [rs2 [EX AG]]. + exists rs2. split. assumption. + eapply exec_straight_steps; eauto. +Qed. + +Lemma exec_Mop_prop: + forall (f : function) (sp : val) (op : operation) (args : list mreg) + (res : mreg) (c : list Mach.instruction) (ms: Mach.regset) + (m : mem) (v: val), + eval_operation ge sp op ms ## args = Some v -> + exec_instr_prop f sp (Mop op args res :: c) ms m c (Regmap.set res v ms) m. +Proof. + intros; red; intros. + generalize (wt_function_instrs _ WTF _ (INCL _ (in_eq _ _))). + intro WTI. + eapply exec_straight_exec_prop; eauto. + simpl. eapply transl_op_correct; auto. + rewrite <- H. apply eval_operation_preserved. exact symbols_preserved. +Qed. + +Lemma exec_Mload_prop: + forall (f : function) (sp : val) (chunk : memory_chunk) + (addr : addressing) (args : list mreg) (dst : mreg) + (c : list Mach.instruction) (ms: Mach.regset) (m : mem) + (a v : val), + eval_addressing ge sp addr ms ## args = Some a -> + loadv chunk m a = Some v -> + exec_instr_prop f sp (Mload chunk addr args dst :: c) ms m c (Regmap.set dst v ms) m. +Proof. + intros; red; intros. + generalize (wt_function_instrs _ WTF _ (INCL _ (in_eq _ _))). + intro WTI; inversion WTI. + assert (eval_addressing tge sp addr ms##args = Some a). + rewrite <- H. apply eval_addressing_preserved. exact symbols_preserved. + eapply exec_straight_exec_prop; eauto. + destruct chunk; simpl; simpl in H6; + (* all cases but Mint8signed *) + try (eapply transl_load_correct; eauto; + intros; simpl; unfold preg_of; rewrite H6; auto). + (* Mint8signed *) + generalize (loadv_8_signed_unsigned m a). + rewrite H0. + caseEq (loadv Mint8unsigned m a); + [idtac | simpl;intros;discriminate]. + intros v' LOAD' EQ. simpl in EQ. injection EQ. intro EQ1. clear EQ. + assert (X1: forall (cst : constant) (r1 : ireg) (rs1 : regset), + exec_instr tge (transl_function f) (Plbz (ireg_of dst) cst r1) rs1 m = + load1 tge Mint8unsigned (preg_of dst) cst r1 rs1 m). + intros. unfold preg_of; rewrite H6. reflexivity. + assert (X2: forall (r1 r2 : ireg) (rs1 : regset), + exec_instr tge (transl_function f) (Plbzx (ireg_of dst) r1 r2) rs1 m = + load2 Mint8unsigned (preg_of dst) r1 r2 rs1 m). + intros. unfold preg_of; rewrite H6. reflexivity. + generalize (transl_load_correct tge (transl_function f) + (Plbz (ireg_of dst)) (Plbzx (ireg_of dst)) + Mint8unsigned addr args + (Pextsb (ireg_of dst) (ireg_of dst) :: transl_code c) + ms sp rs1 m dst a v' + X1 X2 AG H3 H7 LOAD'). + intros [rs2 [EX1 AG1]]. + exists (nextinstr (rs2#(ireg_of dst) <- v)). + split. eapply exec_straight_trans. eexact EX1. + apply exec_straight_one. simpl. + rewrite <- (ireg_val _ _ _ dst AG1);auto. rewrite Regmap.gss. + rewrite EQ1. reflexivity. reflexivity. + eauto with ppcgen. +Qed. + +Lemma exec_Mstore_prop: + forall (f : function) (sp : val) (chunk : memory_chunk) + (addr : addressing) (args : list mreg) (src : mreg) + (c : list Mach.instruction) (ms: Mach.regset) (m m' : mem) + (a : val), + eval_addressing ge sp addr ms ## args = Some a -> + storev chunk m a (ms src) = Some m' -> + exec_instr_prop f sp (Mstore chunk addr args src :: c) ms m c ms m'. +Proof. + intros; red; intros. + generalize (wt_function_instrs _ WTF _ (INCL _ (in_eq _ _))). + intro WTI; inversion WTI. + rewrite <- (eval_addressing_preserved symbols_preserved) in H. + eapply exec_straight_exec_prop; eauto. + destruct chunk; simpl; simpl in H6; + try (rewrite storev_8_signed_unsigned in H); + try (rewrite storev_16_signed_unsigned in H); + simpl; eapply transl_store_correct; eauto; + intros; unfold preg_of; rewrite H6; reflexivity. +Qed. + +Hypothesis wt_prog: wt_program prog. + +Lemma exec_Mcall_prop: + forall (f : function) (sp : val) (sig : signature) + (mos : mreg + ident) (c : list Mach.instruction) (ms : Mach.regset) + (m : mem) (f' : function) (ms' : Mach.regset) (m' : mem), + find_function ge mos ms = Some f' -> + exec_function ge f' sp ms m ms' m' -> + exec_function_prop f' sp ms m ms' m' -> + exec_instr_prop f sp (Mcall sig mos :: c) ms m c ms' m'. +Proof. + intros; red; intros. + generalize (wt_function_instrs _ WTF _ (INCL _ (in_eq _ _))). + intro WTI. inversion WTI. + inversion AT. + assert (WTF': wt_function f'). + destruct mos; simpl in H. + apply (Genv.find_funct_prop wt_function wt_prog H). + destruct (Genv.find_symbol ge i); try discriminate. + apply (Genv.find_funct_ptr_prop wt_function wt_prog H). + assert (NOOV: code_size (transl_function f) <= Int.max_unsigned). + eapply functions_translated_no_overflow; eauto. + destruct mos; simpl in H; simpl transl_code in H7. + (* Indirect call *) + generalize (code_tail_next_int _ _ _ _ NOOV H7). intro CT1. + generalize (code_tail_next_int _ _ _ _ NOOV CT1). intro CT2. + set (rs2 := nextinstr (rs1#CTR <- (ms m0))). + set (rs3 := rs2 #LR <- (Val.add rs2#PC Vone) #PC <- (ms m0)). + assert (TFIND: Genv.find_funct ge (rs3#PC) = Some f'). + unfold rs3. rewrite Pregmap.gss. auto. + assert (AG3: agree ms sp rs3). + unfold rs3, rs2; auto 8 with ppcgen. + assert (WTRA: Val.has_type rs3#LR Tint). + change rs3#LR with (Val.add (Val.add rs1#PC Vone) Vone). + rewrite <- H5. exact I. + generalize (H1 rs3 WTF' TFIND AG3 WTRA). + intros [rs4 [AG4 [EXF' PC4]]]. + exists rs4. split. auto. split. + apply exec_trans with rs2 m. apply exec_one. econstructor. + eauto. apply functions_translated. eexact H6. + rewrite find_instr_tail. rewrite H7. reflexivity. + simpl. rewrite <- (ireg_val ms sp rs1); auto. + apply exec_trans with rs3 m. apply exec_one. econstructor. + unfold rs2, nextinstr. rewrite Pregmap.gss. + rewrite Pregmap.gso. rewrite <- H5. simpl. reflexivity. + discriminate. apply functions_translated. eexact H6. + rewrite find_instr_tail. rewrite CT1. reflexivity. + simpl. replace (rs2 CTR) with (ms m0). reflexivity. + unfold rs2. rewrite nextinstr_inv. rewrite Pregmap.gss. + auto. discriminate. + exact EXF'. + rewrite PC4. unfold rs3. rewrite Pregmap.gso. rewrite Pregmap.gss. + unfold rs2, nextinstr. rewrite Pregmap.gss. rewrite Pregmap.gso. + rewrite <- H5. simpl. constructor. auto. auto. + discriminate. discriminate. + (* Direct call *) + caseEq (Genv.find_symbol ge i). intros fblock FINDS. + rewrite FINDS in H. + generalize (code_tail_next_int _ _ _ _ NOOV H7). intro CT1. + set (rs2 := rs1 #LR <- (Val.add rs1#PC Vone) #PC <- (symbol_offset tge i Int.zero)). + assert (TFIND: Genv.find_funct ge (rs2#PC) = Some f'). + unfold rs2. rewrite Pregmap.gss. + unfold symbol_offset. rewrite symbols_preserved. + rewrite FINDS. + rewrite Genv.find_funct_find_funct_ptr. assumption. + assert (AG2: agree ms sp rs2). + unfold rs2; auto 8 with ppcgen. + assert (WTRA: Val.has_type rs2#LR Tint). + change rs2#LR with (Val.add rs1#PC Vone). + rewrite <- H5. exact I. + generalize (H1 rs2 WTF' TFIND AG2 WTRA). + intros [rs3 [AG3 [EXF' PC3]]]. + exists rs3. split. auto. split. + apply exec_trans with rs2 m. apply exec_one. econstructor. + eauto. apply functions_translated. eexact H6. + rewrite find_instr_tail. rewrite H7. reflexivity. + simpl. reflexivity. + exact EXF'. + rewrite PC3. unfold rs2. rewrite Pregmap.gso. rewrite Pregmap.gss. + rewrite <- H5. simpl. constructor. auto. auto. + discriminate. + intro FINDS. rewrite FINDS in H. discriminate. +Qed. + +Lemma exec_Mgoto_prop: + forall (f : function) (sp : val) (lbl : Mach.label) + (c : list Mach.instruction) (ms : Mach.regset) (m : mem) + (c' : Mach.code), + Mach.find_label lbl (fn_code f) = Some c' -> + exec_instr_prop f sp (Mgoto lbl :: c) ms m c' ms m. +Proof. + intros; red; intros. + inversion AT. + generalize (find_label_goto_label f lbl rs1 m _ _ _ H1 (sym_equal H0) H). + intros [rs2 [GOTO [AT2 INV]]]. + exists rs2. split. apply agree_exten_2 with rs1; auto. + split. inversion AT. apply exec_one. econstructor; eauto. + apply functions_translated; eauto. + rewrite find_instr_tail. rewrite H7. simpl. reflexivity. + simpl. rewrite GOTO. auto. auto. +Qed. + +Lemma exec_Mcond_true_prop: + forall (f : function) (sp : val) (cond : condition) + (args : list mreg) (lbl : Mach.label) (c : list Mach.instruction) + (ms: Mach.regset) (m : mem) (c' : Mach.code), + eval_condition cond ms ## args = Some true -> + Mach.find_label lbl (fn_code f) = Some c' -> + exec_instr_prop f sp (Mcond cond args lbl :: c) ms m c' ms m. +Proof. + intros; red; intros. + generalize (wt_function_instrs _ WTF _ (INCL _ (in_eq _ _))). + intro WTI. inversion WTI. + pose (k1 := + if snd (crbit_for_cond cond) + then Pbt (fst (crbit_for_cond cond)) lbl :: transl_code c + else Pbf (fst (crbit_for_cond cond)) lbl :: transl_code c). + generalize (transl_cond_correct tge (transl_function f) + cond args k1 ms sp rs1 m true H2 AG H). + simpl. intros [rs2 [EX [RES AG2]]]. + inversion AT. + generalize (functions_translated _ _ H6); intro FN. + generalize (functions_translated_no_overflow _ _ H6); intro NOOV. + simpl in H7. + generalize (exec_straight_steps_2 _ _ _ _ _ _ _ EX + NOOV _ _ (sym_equal H5) FN H7). + intros [ofs' [PC2 CT2]]. + generalize (find_label_goto_label f lbl rs2 m _ _ _ H6 PC2 H0). + intros [rs3 [GOTO [AT3 INV3]]]. + exists rs3. split. + apply agree_exten_2 with rs2; auto. + split. eapply exec_trans. + eapply exec_straight_steps_1; eauto. + caseEq (snd (crbit_for_cond cond)); intro ISSET; rewrite ISSET in RES. + apply exec_one. econstructor; eauto. + rewrite find_instr_tail. rewrite CT2. unfold k1. rewrite ISSET. reflexivity. + simpl. rewrite RES. simpl. auto. + apply exec_one. econstructor; eauto. + rewrite find_instr_tail. rewrite CT2. unfold k1. rewrite ISSET. reflexivity. + simpl. rewrite RES. simpl. auto. + auto. +Qed. + +Lemma exec_Mcond_false_prop: + forall (f : function) (sp : val) (cond : condition) + (args : list mreg) (lbl : Mach.label) (c : list Mach.instruction) + (ms : Mach.regset) (m : mem), + eval_condition cond ms ## args = Some false -> + exec_instr_prop f sp (Mcond cond args lbl :: c) ms m c ms m. +Proof. + intros; red; intros. + generalize (wt_function_instrs _ WTF _ (INCL _ (in_eq _ _))). + intro WTI. inversion WTI. + pose (k1 := + if snd (crbit_for_cond cond) + then Pbt (fst (crbit_for_cond cond)) lbl :: transl_code c + else Pbf (fst (crbit_for_cond cond)) lbl :: transl_code c). + generalize (transl_cond_correct tge (transl_function f) + cond args k1 ms sp rs1 m false H1 AG H). + simpl. intros [rs2 [EX [RES AG2]]]. + exists (nextinstr rs2). + split. auto with ppcgen. + eapply exec_straight_steps; eauto. + eapply exec_straight_trans. eexact EX. + caseEq (snd (crbit_for_cond cond)); intro ISSET; rewrite ISSET in RES. + unfold k1; rewrite ISSET; apply exec_straight_one. + simpl. rewrite RES. reflexivity. + reflexivity. + unfold k1; rewrite ISSET; apply exec_straight_one. + simpl. rewrite RES. reflexivity. + reflexivity. +Qed. + +Lemma exec_instr_incl: + forall f sp c rs m c' rs' m', + Mach.exec_instr ge f sp c rs m c' rs' m' -> + incl c f.(fn_code) -> incl c' f.(fn_code). +Proof. + induction 1; intros; eauto with coqlib. + eapply incl_find_label; eauto. + eapply incl_find_label; eauto. +Qed. + +Lemma exec_instrs_incl: + forall f sp c rs m c' rs' m', + Mach.exec_instrs ge f sp c rs m c' rs' m' -> + incl c f.(fn_code) -> incl c' f.(fn_code). +Proof. + induction 1; intros. + auto. + eapply exec_instr_incl; eauto. + eauto. +Qed. + +Lemma exec_refl_prop: + forall (f : function) (sp : val) (c : Mach.code) (ms : Mach.regset) + (m : mem), exec_instr_prop f sp c ms m c ms m. +Proof. + intros; red; intros. + exists rs1. split. auto. split. apply exec_refl. auto. +Qed. + +Lemma exec_one_prop: + forall (f : function) (sp : val) (c : Mach.code) (ms : Mach.regset) + (m : mem) (c' : Mach.code) (ms' : Mach.regset) (m' : mem), + Mach.exec_instr ge f sp c ms m c' ms' m' -> + exec_instr_prop f sp c ms m c' ms' m' -> + exec_instr_prop f sp c ms m c' ms' m'. +Proof. + auto. +Qed. + +Lemma exec_trans_prop: + forall (f : function) (sp : val) (c1 : Mach.code) (ms1 : Mach.regset) + (m1 : mem) (c2 : Mach.code) (ms2 : Mach.regset) (m2 : mem) + (c3 : Mach.code) (ms3 : Mach.regset) (m3 : mem), + exec_instrs ge f sp c1 ms1 m1 c2 ms2 m2 -> + exec_instr_prop f sp c1 ms1 m1 c2 ms2 m2 -> + exec_instrs ge f sp c2 ms2 m2 c3 ms3 m3 -> + exec_instr_prop f sp c2 ms2 m2 c3 ms3 m3 -> + exec_instr_prop f sp c1 ms1 m1 c3 ms3 m3. +Proof. + intros; red; intros. + generalize (H0 rs1 WTF INCL AT AG). + intros [rs2 [AG2 [EX2 AT2]]]. + generalize (exec_instrs_incl _ _ _ _ _ _ _ _ H INCL). intro INCL2. + generalize (H2 rs2 WTF INCL2 AT2 AG2). + intros [rs3 [AG3 [EX3 AT3]]]. + exists rs3. split. auto. split. eapply exec_trans; eauto. auto. +Qed. + +Lemma exec_function_body_prop_: + forall (f : function) (parent ra : val) (ms : Mach.regset) (m : mem) + (ms' : Mach.regset) (m1 m2 m3 m4 : mem) (stk : block) + (c : list Mach.instruction), + alloc m (- fn_framesize f) + (align_16_top (- fn_framesize f) (fn_stacksize f)) = (m1, stk) -> + let sp := Vptr stk (Int.repr (- fn_framesize f)) in + store_stack m1 sp Tint (Int.repr 0) parent = Some m2 -> + store_stack m2 sp Tint (Int.repr 4) ra = Some m3 -> + exec_instrs ge f sp (fn_code f) ms m3 (Mreturn :: c) ms' m4 -> + exec_instr_prop f sp (fn_code f) ms m3 (Mreturn :: c) ms' m4 -> + load_stack m4 sp Tint (Int.repr 0) = Some parent -> + load_stack m4 sp Tint (Int.repr 4) = Some ra -> + exec_function_body_prop f parent ra ms m ms' (free m4 stk). +Proof. + intros; red; intros. + generalize (Genv.find_funct_inv AT). intros [b EQPC]. + generalize AT. rewrite EQPC. rewrite Genv.find_funct_find_funct_ptr. intro FN. + generalize (functions_translated_no_overflow _ _ FN); intro NOOV. + set (rs2 := nextinstr (rs1#GPR1 <- sp #GPR2 <- Vundef)). + set (rs3 := nextinstr (rs2#GPR2 <- ra)). + set (rs4 := nextinstr rs3). + assert (exec_straight tge (transl_function f) + (transl_function f) rs1 m + (transl_code (fn_code f)) rs4 m3). + unfold transl_function at 2. + apply exec_straight_three with rs2 m2 rs3 m2. + unfold exec_instr. rewrite H. fold sp. + generalize H0. unfold store_stack. change (Vint (Int.repr 0)) with Vzero. + replace (Val.add sp Vzero) with sp. simpl chunk_of_type. + rewrite (sp_val _ _ _ AG). intro. rewrite H6. clear H6. + reflexivity. unfold sp. simpl. rewrite Int.add_zero. reflexivity. + simpl. replace (rs2 LR) with ra. reflexivity. + simpl. unfold store1. rewrite gpr_or_zero_not_zero. + unfold const_low. replace (rs3 GPR1) with sp. replace (rs3 GPR2) with ra. + unfold store_stack in H1. simpl chunk_of_type in H1. rewrite H1. reflexivity. + reflexivity. reflexivity. discriminate. + reflexivity. reflexivity. reflexivity. + assert (AT2: transl_code_at_pc rs4#PC f f.(fn_code)). + change (rs4 PC) with (Val.add (Val.add (Val.add (rs1 PC) Vone) Vone) Vone). + rewrite EQPC. simpl. constructor. auto. + eapply code_tail_next_int; auto. + eapply code_tail_next_int; auto. + eapply code_tail_next_int; auto. + unfold Int.zero. rewrite Int.unsigned_repr. + rewrite code_tail_zero. unfold transl_function. reflexivity. + compute. intuition congruence. + assert (AG2: agree ms sp rs2). + split. reflexivity. + intros. unfold rs2. rewrite nextinstr_inv. + repeat (rewrite Pregmap.gso). elim AG; auto. + auto with ppcgen. auto with ppcgen. auto with ppcgen. + assert (AG4: agree ms sp rs4). + unfold rs4, rs3; auto with ppcgen. + generalize (H3 rs4 WTF (incl_refl _) AT2 AG4). + intros [rs5 [AG5 [EXB AT5]]]. + set (rs6 := nextinstr (rs5#GPR2 <- ra)). + set (rs7 := nextinstr (rs6#LR <- ra)). + set (rs8 := nextinstr (rs7#GPR1 <- parent)). + set (rs9 := rs8#PC <- ra). + assert (exec_straight tge (transl_function f) + (transl_code (Mreturn :: c)) rs5 m4 + (Pblr :: transl_code c) rs8 (free m4 stk)). + simpl. apply exec_straight_three with rs6 m4 rs7 m4. + simpl. unfold load1. rewrite gpr_or_zero_not_zero. unfold const_low. + unfold load_stack in H5. simpl in H5. + rewrite <- (sp_val _ _ _ AG5). simpl. rewrite H5. + reflexivity. discriminate. + unfold rs7. change ra with rs6#GPR2. reflexivity. + unfold exec_instr. generalize H4. unfold load_stack. + replace (Val.add sp (Vint (Int.repr 0))) with sp. + simpl chunk_of_type. intro. change rs7#GPR1 with rs5#GPR1. + rewrite <- (sp_val _ _ _ AG5). rewrite H7. + unfold sp. reflexivity. + unfold sp. simpl. rewrite Int.add_zero. reflexivity. + reflexivity. reflexivity. reflexivity. + exists rs9. split. + (* agreement *) + assert (AG7: agree ms' sp rs7). + unfold rs7, rs6; auto 10 with ppcgen. + assert (AG8: agree ms' parent rs8). + split. reflexivity. intros. unfold rs8. + rewrite nextinstr_inv. rewrite Pregmap.gso. + elim AG7; auto. auto with ppcgen. auto with ppcgen. + unfold rs9; auto with ppcgen. + (* execution *) + split. apply exec_trans with rs4 m3. + eapply exec_straight_steps_1; eauto. + apply functions_translated; auto. + apply exec_trans with rs5 m4. assumption. + inversion AT5. + apply exec_trans with rs8 (free m4 stk). + eapply exec_straight_steps_1; eauto. + apply functions_translated; auto. + apply exec_one. econstructor. + change rs8#PC with (Val.add (Val.add (Val.add rs5#PC Vone) Vone) Vone). + rewrite <- H8. simpl. reflexivity. + apply functions_translated; eauto. + assert (code_tail (Int.unsigned (Int.add (Int.add (Int.add ofs Int.one) Int.one) Int.one)) + (transl_function f) = Pblr :: transl_code c). + eapply code_tail_next_int; auto. + eapply code_tail_next_int; auto. + eapply code_tail_next_int; auto. + rewrite H10. simpl. reflexivity. + rewrite find_instr_tail. rewrite H13. + reflexivity. + reflexivity. + (* LR preservation *) + change rs9#PC with ra. auto. +Qed. + +Lemma exec_function_prop_: + forall (f : function) (parent : val) (ms : Mach.regset) (m : mem) + (ms' : Mach.regset) (m' : mem), + (forall ra : val, + Val.has_type ra Tint -> + exec_function_body ge f parent ra ms m ms' m') -> + (forall ra : val, Val.has_type ra Tint -> + exec_function_body_prop f parent ra ms m ms' m') -> + exec_function_prop f parent ms m ms' m'. +Proof. + intros; red; intros. + apply (H0 rs1#LR WTRA rs1 WTRA (refl_equal _) WTF AT AG). +Qed. + +(** We then conclude by induction on the structure of the Mach +execution derivation. *) + +Theorem transf_function_correct: + forall f parent ms m ms' m', + Mach.exec_function ge f parent ms m ms' m' -> + exec_function_prop f parent ms m ms' m'. +Proof + (Mach.exec_function_ind4 ge + exec_instr_prop exec_instr_prop + exec_function_body_prop exec_function_prop + + exec_Mlabel_prop + exec_Mgetstack_prop + exec_Msetstack_prop + exec_Mgetparam_prop + exec_Mop_prop + exec_Mload_prop + exec_Mstore_prop + exec_Mcall_prop + exec_Mgoto_prop + exec_Mcond_true_prop + exec_Mcond_false_prop + exec_refl_prop + exec_one_prop + exec_trans_prop + exec_function_body_prop_ + exec_function_prop_). + +End PRESERVATION. + +Theorem transf_program_correct: + forall (p: Mach.program) (tp: PPC.program) (r: val), + wt_program p -> + transf_program p = Some tp -> + Mach.exec_program p r -> + PPC.exec_program tp r. +Proof. + intros. + destruct H1 as [fptr [f [ms [m [FINDS [FINDF [EX RES]]]]]]]. + assert (WTF: wt_function f). + apply (Genv.find_funct_ptr_prop wt_function H FINDF). + set (ge := Genv.globalenv p) in *. + set (ms0 := Regmap.init Vundef) in *. + set (tge := Genv.globalenv tp). + set (rs0 := + (Pregmap.init Vundef) # PC <- (symbol_offset tge tp.(prog_main) Int.zero) + # LR <- Vzero + # GPR1 <- (Vptr Mem.nullptr Int.zero)). + assert (AT: Genv.find_funct ge (rs0 PC) = Some f). + change (rs0 PC) with (symbol_offset tge tp.(prog_main) Int.zero). + rewrite (transform_partial_program_main _ _ H0). + unfold symbol_offset. rewrite (symbols_preserved p tp H0). + fold ge. rewrite FINDS. + rewrite Genv.find_funct_find_funct_ptr. exact FINDF. + assert (AG: agree ms0 (Vptr Mem.nullptr Int.zero) rs0). + split. reflexivity. intros. unfold rs0. + repeat (rewrite Pregmap.gso; auto with ppcgen). + assert (WTRA: Val.has_type (rs0 LR) Tint). + exact I. + generalize (transf_function_correct p tp H0 H + _ _ _ _ _ _ EX rs0 WTF AT AG WTRA). + intros [rs [AG' [EX' RPC]]]. + red. exists rs; exists m. + split. rewrite (Genv.init_mem_transf_partial _ _ H0). exact EX'. + split. rewrite RPC. reflexivity. rewrite <- RES. + change (IR GPR3) with (preg_of R3). elim AG'; auto. +Qed. diff --git a/backend/PPCgenproof1.v b/backend/PPCgenproof1.v new file mode 100644 index 00000000..30eb3368 --- /dev/null +++ b/backend/PPCgenproof1.v @@ -0,0 +1,1566 @@ +(** Correctness proof for PPC generation: auxiliary results. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Floats. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. +Require Import Mach. +Require Import Machtyping. +Require Import PPC. +Require Import PPCgen. + +(** * Properties of low half/high half decomposition *) + +Lemma high_half_signed_zero: + forall v, Val.add (high_half_signed v) Vzero = high_half_signed v. +Proof. + intros. generalize (high_half_signed_type v). + rewrite Val.add_commut. + case (high_half_signed v); simpl; intros; try contradiction. + auto. + rewrite Int.add_commut; rewrite Int.add_zero; auto. + rewrite Int.add_zero; auto. +Qed. + +Lemma high_half_unsigned_zero: + forall v, Val.add (high_half_unsigned v) Vzero = high_half_unsigned v. +Proof. + intros. generalize (high_half_unsigned_type v). + rewrite Val.add_commut. + case (high_half_unsigned v); simpl; intros; try contradiction. + auto. + rewrite Int.add_commut; rewrite Int.add_zero; auto. + rewrite Int.add_zero; auto. +Qed. + +Lemma low_high_u: + forall n, Int.or (Int.shl (high_u n) (Int.repr 16)) (low_u n) = n. +Proof. + intros. unfold high_u, low_u. + rewrite Int.shl_rolm. rewrite Int.shru_rolm. + rewrite Int.rolm_rolm. + change (Int.modu (Int.add (Int.sub (Int.repr (Z_of_nat wordsize)) (Int.repr 16)) + (Int.repr 16)) + (Int.repr (Z_of_nat wordsize))) + with (Int.zero). + rewrite Int.rolm_zero. rewrite <- Int.and_or_distrib. + exact (Int.and_mone n). + reflexivity. reflexivity. +Qed. + +Lemma low_high_u_xor: + forall n, Int.xor (Int.shl (high_u n) (Int.repr 16)) (low_u n) = n. +Proof. + intros. unfold high_u, low_u. + rewrite Int.shl_rolm. rewrite Int.shru_rolm. + rewrite Int.rolm_rolm. + change (Int.modu (Int.add (Int.sub (Int.repr (Z_of_nat wordsize)) (Int.repr 16)) + (Int.repr 16)) + (Int.repr (Z_of_nat wordsize))) + with (Int.zero). + rewrite Int.rolm_zero. rewrite <- Int.and_xor_distrib. + exact (Int.and_mone n). + reflexivity. reflexivity. +Qed. + +Lemma low_high_s: + forall n, Int.add (Int.shl (high_s n) (Int.repr 16)) (low_s n) = n. +Proof. + intros. rewrite Int.shl_mul_two_p. + unfold high_s. + rewrite <- (Int.divu_pow2 (Int.sub n (low_s n)) (Int.repr 65536) (Int.repr 16)). + change (two_p (Int.unsigned (Int.repr 16))) with 65536. + + assert (forall x y, y > 0 -> (x - x mod y) mod y = 0). + intros. apply Zmod_unique with (x / y). + generalize (Z_div_mod_eq x y H). intro. rewrite Zmult_comm. omega. + omega. + + assert (Int.modu (Int.sub n (low_s n)) (Int.repr 65536) = Int.zero). + unfold Int.modu, Int.zero. decEq. + change (Int.unsigned (Int.repr 65536)) with 65536. + unfold Int.sub. + assert (forall a b, Int.eqm a b -> b mod 65536 = 0 -> a mod 65536 = 0). + intros a b [k EQ] H1. rewrite EQ. + change modulus with (65536 * 65536). + rewrite Zmult_assoc. rewrite Zplus_comm. rewrite Z_mod_plus. auto. + omega. + eapply H0. apply Int.eqm_sym. apply Int.eqm_unsigned_repr. + unfold low_s. unfold Int.cast16signed. + set (N := Int.unsigned n). + case (zlt (N mod 65536) 32768); intro. + apply H0 with (N - N mod 65536). auto with ints. + apply H. omega. + apply H0 with (N - (N mod 65536 - 65536)). auto with ints. + replace (N - (N mod 65536 - 65536)) + with ((N - N mod 65536) + 1 * 65536). + rewrite Z_mod_plus. apply H. omega. omega. ring. + + assert (Int.repr 65536 <> Int.zero). compute. congruence. + generalize (Int.modu_divu_Euclid (Int.sub n (low_s n)) (Int.repr 65536) H1). + rewrite H0. rewrite Int.add_zero. intro. rewrite <- H2. + rewrite Int.sub_add_opp. rewrite Int.add_assoc. + replace (Int.add (Int.neg (low_s n)) (low_s n)) with Int.zero. + apply Int.add_zero. symmetry. rewrite Int.add_commut. + rewrite <- Int.sub_add_opp. apply Int.sub_idem. + + reflexivity. +Qed. + +(** * Correspondence between Mach registers and PPC registers *) + +Hint Extern 2 (_ <> _) => discriminate: ppcgen. + +(** Mapping from Mach registers to PPC registers. *) + +Definition preg_of (r: mreg) := + match mreg_type r with + | Tint => IR (ireg_of r) + | Tfloat => FR (freg_of r) + end. + +Lemma preg_of_injective: + forall r1 r2, preg_of r1 = preg_of r2 -> r1 = r2. +Proof. + destruct r1; destruct r2; simpl; intros; reflexivity || discriminate. +Qed. + +(** Characterization of PPC registers that correspond to Mach registers. *) + +Definition is_data_reg (r: preg) : Prop := + match r with + | IR GPR2 => False + | FR FPR13 => False + | PC => False | LR => False | CTR => False + | CR0_0 => False | CR0_1 => False | CR0_2 => False | CR0_3 => False + | CARRY => False + | _ => True + end. + +Lemma ireg_of_is_data_reg: + forall (r: mreg), is_data_reg (ireg_of r). +Proof. + destruct r; exact I. +Qed. + +Lemma freg_of_is_data_reg: + forall (r: mreg), is_data_reg (ireg_of r). +Proof. + destruct r; exact I. +Qed. + +Lemma preg_of_is_data_reg: + forall (r: mreg), is_data_reg (preg_of r). +Proof. + destruct r; exact I. +Qed. + +Lemma ireg_of_not_GPR1: + forall r, ireg_of r <> GPR1. +Proof. + intro. case r; discriminate. +Qed. +Lemma ireg_of_not_GPR2: + forall r, ireg_of r <> GPR2. +Proof. + intro. case r; discriminate. +Qed. +Lemma freg_of_not_FPR13: + forall r, freg_of r <> FPR13. +Proof. + intro. case r; discriminate. +Qed. +Hint Resolve ireg_of_not_GPR1 ireg_of_not_GPR2 freg_of_not_FPR13: ppcgen. + +Lemma preg_of_not: + forall r1 r2, ~(is_data_reg r2) -> preg_of r1 <> r2. +Proof. + intros; red; intro. subst r2. elim H. apply preg_of_is_data_reg. +Qed. +Hint Resolve preg_of_not: ppcgen. + +Lemma preg_of_not_GPR1: + forall r, preg_of r <> GPR1. +Proof. + intro. case r; discriminate. +Qed. +Hint Resolve preg_of_not_GPR1: ppcgen. + +(** Agreement between Mach register sets and PPC register sets. *) + +Definition agree (ms: Mach.regset) (sp: val) (rs: PPC.regset) := + rs#GPR1 = sp /\ forall r: mreg, ms r = rs#(preg_of r). + +Lemma preg_val: + forall ms sp rs r, + agree ms sp rs -> ms r = rs#(preg_of r). +Proof. + intros. elim H. auto. +Qed. + +Lemma ireg_val: + forall ms sp rs r, + agree ms sp rs -> + mreg_type r = Tint -> + ms r = rs#(ireg_of r). +Proof. + intros. elim H; intros. + generalize (H2 r). unfold preg_of. rewrite H0. auto. +Qed. + +Lemma freg_val: + forall ms sp rs r, + agree ms sp rs -> + mreg_type r = Tfloat -> + ms r = rs#(freg_of r). +Proof. + intros. elim H; intros. + generalize (H2 r). unfold preg_of. rewrite H0. auto. +Qed. + +Lemma sp_val: + forall ms sp rs, + agree ms sp rs -> + sp = rs#GPR1. +Proof. + intros. elim H; auto. +Qed. + +Lemma agree_exten_1: + forall ms sp rs rs', + agree ms sp rs -> + (forall r, is_data_reg r -> rs'#r = rs#r) -> + agree ms sp rs'. +Proof. + unfold agree; intros. elim H; intros. + split. rewrite H0. auto. exact I. + intros. rewrite H0. auto. apply preg_of_is_data_reg. +Qed. + +Lemma agree_exten_2: + forall ms sp rs rs', + agree ms sp rs -> + (forall r, + r <> IR GPR2 -> r <> FR FPR13 -> + r <> PC -> r <> LR -> r <> CTR -> + r <> CR0_0 -> r <> CR0_1 -> r <> CR0_2 -> r <> CR0_3 -> + r <> CARRY -> + rs'#r = rs#r) -> + agree ms sp rs'. +Proof. + intros. apply agree_exten_1 with rs. auto. + intros. apply H0; (red; intro; subst r; elim H1). +Qed. + +(** Preservation of register agreement under various assignments. *) + +Lemma agree_set_mreg: + forall ms sp rs r v, + agree ms sp rs -> + agree (Regmap.set r v ms) sp (rs#(preg_of r) <- v). +Proof. + unfold agree; intros. elim H; intros; clear H. + split. rewrite Pregmap.gso. auto. apply sym_not_eq. apply preg_of_not_GPR1. + intros. unfold Regmap.set. case (RegEq.eq r0 r); intro. + subst r0. rewrite Pregmap.gss. auto. + rewrite Pregmap.gso. auto. red; intro. + elim n. apply preg_of_injective; auto. +Qed. +Hint Resolve agree_set_mreg: ppcgen. + +Lemma agree_set_mireg: + forall ms sp rs r v, + agree ms sp (rs#(preg_of r) <- v) -> + mreg_type r = Tint -> + agree ms sp (rs#(ireg_of r) <- v). +Proof. + intros. unfold preg_of in H. rewrite H0 in H. auto. +Qed. +Hint Resolve agree_set_mireg: ppcgen. + +Lemma agree_set_mfreg: + forall ms sp rs r v, + agree ms sp (rs#(preg_of r) <- v) -> + mreg_type r = Tfloat -> + agree ms sp (rs#(freg_of r) <- v). +Proof. + intros. unfold preg_of in H. rewrite H0 in H. auto. +Qed. +Hint Resolve agree_set_mfreg: ppcgen. + +Lemma agree_set_other: + forall ms sp rs r v, + agree ms sp rs -> + ~(is_data_reg r) -> + agree ms sp (rs#r <- v). +Proof. + intros. apply agree_exten_1 with rs. + auto. intros. apply Pregmap.gso. red; intro; subst r0; contradiction. +Qed. +Hint Resolve agree_set_other: ppcgen. + +Lemma agree_nextinstr: + forall ms sp rs, + agree ms sp rs -> agree ms sp (nextinstr rs). +Proof. + intros. unfold nextinstr. apply agree_set_other. auto. auto. +Qed. +Hint Resolve agree_nextinstr: ppcgen. + +Lemma agree_set_mireg_twice: + forall ms sp rs r v v', + agree ms sp rs -> + mreg_type r = Tint -> + agree (Regmap.set r v ms) sp (rs #(ireg_of r) <- v' #(ireg_of r) <- v). +Proof. + intros. replace (IR (ireg_of r)) with (preg_of r). elim H; intros. + split. repeat (rewrite Pregmap.gso; auto with ppcgen). + intros. case (mreg_eq r r0); intro. + subst r0. rewrite Regmap.gss. rewrite Pregmap.gss. auto. + assert (preg_of r <> preg_of r0). + red; intro. elim n. apply preg_of_injective. auto. + rewrite Regmap.gso; auto. + repeat (rewrite Pregmap.gso; auto). + unfold preg_of. rewrite H0. auto. +Qed. +Hint Resolve agree_set_mireg_twice: ppcgen. + +Lemma agree_set_twice_mireg: + forall ms sp rs r v v', + agree (Regmap.set r v' ms) sp rs -> + mreg_type r = Tint -> + agree (Regmap.set r v ms) sp (rs#(ireg_of r) <- v). +Proof. + intros. elim H; intros. + split. rewrite Pregmap.gso. auto. + generalize (ireg_of_not_GPR1 r); congruence. + intros. generalize (H2 r0). + case (mreg_eq r0 r); intro. + subst r0. repeat rewrite Regmap.gss. unfold preg_of; rewrite H0. + rewrite Pregmap.gss. auto. + repeat rewrite Regmap.gso; auto. + rewrite Pregmap.gso. auto. + replace (IR (ireg_of r)) with (preg_of r). + red; intros. elim n. apply preg_of_injective; auto. + unfold preg_of. rewrite H0. auto. +Qed. +Hint Resolve agree_set_twice_mireg: ppcgen. + +Lemma agree_set_commut: + forall ms sp rs r1 r2 v1 v2, + r1 <> r2 -> + agree ms sp ((rs#r2 <- v2)#r1 <- v1) -> + agree ms sp ((rs#r1 <- v1)#r2 <- v2). +Proof. + intros. apply agree_exten_1 with ((rs#r2 <- v2)#r1 <- v1). auto. + intros. + case (preg_eq r r1); intro. + subst r1. rewrite Pregmap.gss. rewrite Pregmap.gso. rewrite Pregmap.gss. + auto. auto. + case (preg_eq r r2); intro. + subst r2. rewrite Pregmap.gss. rewrite Pregmap.gso. rewrite Pregmap.gss. + auto. auto. + repeat (rewrite Pregmap.gso; auto). +Qed. +Hint Resolve agree_set_commut: ppcgen. + +Lemma agree_nextinstr_commut: + forall ms sp rs r v, + agree ms sp (rs#r <- v) -> + r <> PC -> + agree ms sp ((nextinstr rs)#r <- v). +Proof. + intros. unfold nextinstr. apply agree_set_commut. auto. + apply agree_set_other. auto. auto. +Qed. +Hint Resolve agree_nextinstr_commut: ppcgen. + +Lemma agree_set_mireg_exten: + forall ms sp rs r v (rs': regset), + agree ms sp rs -> + mreg_type r = Tint -> + rs'#(ireg_of r) = v -> + (forall r', + r' <> IR GPR2 -> r' <> FR FPR13 -> + r' <> PC -> r' <> LR -> r' <> CTR -> + r' <> CR0_0 -> r' <> CR0_1 -> r' <> CR0_2 -> r' <> CR0_3 -> + r' <> CARRY -> + r' <> IR (ireg_of r) -> rs'#r' = rs#r') -> + agree (Regmap.set r v ms) sp rs'. +Proof. + intros. apply agree_exten_2 with (rs#(ireg_of r) <- v). + auto with ppcgen. + intros. unfold Pregmap.set. case (PregEq.eq r0 (ireg_of r)); intro. + subst r0. auto. apply H2; auto. +Qed. + +(** Useful properties of the PC and GPR0 registers. *) + +Lemma nextinstr_inv: + forall r rs, r <> PC -> (nextinstr rs)#r = rs#r. +Proof. + intros. unfold nextinstr. apply Pregmap.gso. auto. +Qed. +Hint Resolve nextinstr_inv: ppcgen. + +Lemma nextinstr_set_preg: + forall rs m v, + (nextinstr (rs#(preg_of m) <- v))#PC = Val.add rs#PC Vone. +Proof. + intros. unfold nextinstr. rewrite Pregmap.gss. + rewrite Pregmap.gso. auto. apply sym_not_eq. auto with ppcgen. +Qed. +Hint Resolve nextinstr_set_preg: ppcgen. + +Lemma gpr_or_zero_not_zero: + forall rs r, r <> GPR0 -> gpr_or_zero rs r = rs#r. +Proof. + intros. unfold gpr_or_zero. case (ireg_eq r GPR0); tauto. +Qed. +Lemma gpr_or_zero_zero: + forall rs, gpr_or_zero rs GPR0 = Vzero. +Proof. + intros. reflexivity. +Qed. +Hint Resolve gpr_or_zero_not_zero gpr_or_zero_zero: ppcgen. + +(** * Execution of straight-line code *) + +Section STRAIGHTLINE. + +Variable ge: genv. +Variable fn: code. + +(** Straight-line code is composed of PPC instructions that execute + in sequence (no branches, no function calls and returns). + The following inductive predicate relates the machine states + before and after executing a straight-line sequence of instructions. + Instructions are taken from the first list instead of being fetched + from memory. *) + +Inductive exec_straight: code -> regset -> mem -> + code -> regset -> mem -> Prop := + | exec_straight_refl: + forall c rs m, + exec_straight c rs m c rs m + | exec_straight_step: + forall i c rs1 m1 rs2 m2 c' rs3 m3, + exec_instr ge fn i rs1 m1 = OK rs2 m2 -> + rs2#PC = Val.add rs1#PC Vone -> + exec_straight c rs2 m2 c' rs3 m3 -> + exec_straight (i :: c) rs1 m1 c' rs3 m3. + +Lemma exec_straight_trans: + forall c1 rs1 m1 c2 rs2 m2 c3 rs3 m3, + exec_straight c1 rs1 m1 c2 rs2 m2 -> + exec_straight c2 rs2 m2 c3 rs3 m3 -> + exec_straight c1 rs1 m1 c3 rs3 m3. +Proof. + induction 1. auto. + intro. apply exec_straight_step with rs2 m2; auto. +Qed. + +Lemma exec_straight_one: + forall i1 c rs1 m1 rs2 m2, + exec_instr ge fn i1 rs1 m1 = OK rs2 m2 -> + rs2#PC = Val.add rs1#PC Vone -> + exec_straight (i1 :: c) rs1 m1 c rs2 m2. +Proof. + intros. apply exec_straight_step with rs2 m2. auto. auto. + apply exec_straight_refl. +Qed. + +Lemma exec_straight_two: + forall i1 i2 c rs1 m1 rs2 m2 rs3 m3, + exec_instr ge fn i1 rs1 m1 = OK rs2 m2 -> + exec_instr ge fn i2 rs2 m2 = OK rs3 m3 -> + rs2#PC = Val.add rs1#PC Vone -> + rs3#PC = Val.add rs2#PC Vone -> + exec_straight (i1 :: i2 :: c) rs1 m1 c rs3 m3. +Proof. + intros. apply exec_straight_step with rs2 m2; auto. + apply exec_straight_one; auto. +Qed. + +Lemma exec_straight_three: + forall i1 i2 i3 c rs1 m1 rs2 m2 rs3 m3 rs4 m4, + exec_instr ge fn i1 rs1 m1 = OK rs2 m2 -> + exec_instr ge fn i2 rs2 m2 = OK rs3 m3 -> + exec_instr ge fn i3 rs3 m3 = OK rs4 m4 -> + rs2#PC = Val.add rs1#PC Vone -> + rs3#PC = Val.add rs2#PC Vone -> + rs4#PC = Val.add rs3#PC Vone -> + exec_straight (i1 :: i2 :: i3 :: c) rs1 m1 c rs4 m4. +Proof. + intros. apply exec_straight_step with rs2 m2; auto. + eapply exec_straight_two; eauto. +Qed. + +(** * Correctness of PowerPC constructor functions *) + +(** Properties of comparisons. *) + +Lemma compare_float_spec: + forall rs v1 v2, + let rs1 := nextinstr (compare_float rs v1 v2) in + rs1#CR0_0 = Val.cmpf Clt v1 v2 + /\ rs1#CR0_1 = Val.cmpf Cgt v1 v2 + /\ rs1#CR0_2 = Val.cmpf Ceq v1 v2 + /\ forall r', r' <> PC -> r' <> CR0_0 -> r' <> CR0_1 -> + r' <> CR0_2 -> r' <> CR0_3 -> rs1#r' = rs#r'. +Proof. + intros. unfold rs1. + split. reflexivity. + split. reflexivity. + split. reflexivity. + intros. rewrite nextinstr_inv; auto. + unfold compare_float. repeat (rewrite Pregmap.gso; auto). +Qed. + +Lemma compare_sint_spec: + forall rs v1 v2, + let rs1 := nextinstr (compare_sint rs v1 v2) in + rs1#CR0_0 = Val.cmp Clt v1 v2 + /\ rs1#CR0_1 = Val.cmp Cgt v1 v2 + /\ rs1#CR0_2 = Val.cmp Ceq v1 v2 + /\ forall r', r' <> PC -> r' <> CR0_0 -> r' <> CR0_1 -> + r' <> CR0_2 -> r' <> CR0_3 -> rs1#r' = rs#r'. +Proof. + intros. unfold rs1. + split. reflexivity. + split. reflexivity. + split. reflexivity. + intros. rewrite nextinstr_inv; auto. + unfold compare_sint. repeat (rewrite Pregmap.gso; auto). +Qed. + +Lemma compare_uint_spec: + forall rs v1 v2, + let rs1 := nextinstr (compare_uint rs v1 v2) in + rs1#CR0_0 = Val.cmpu Clt v1 v2 + /\ rs1#CR0_1 = Val.cmpu Cgt v1 v2 + /\ rs1#CR0_2 = Val.cmpu Ceq v1 v2 + /\ forall r', r' <> PC -> r' <> CR0_0 -> r' <> CR0_1 -> + r' <> CR0_2 -> r' <> CR0_3 -> rs1#r' = rs#r'. +Proof. + intros. unfold rs1. + split. reflexivity. + split. reflexivity. + split. reflexivity. + intros. rewrite nextinstr_inv; auto. + unfold compare_uint. repeat (rewrite Pregmap.gso; auto). +Qed. + +(** Loading a constant. *) + +Lemma loadimm_correct: + forall r n k rs m, + exists rs', + exec_straight (loadimm r n k) rs m k rs' m + /\ rs'#r = Vint n + /\ forall r': preg, r' <> r -> r' <> PC -> rs'#r' = rs#r'. +Proof. + intros. unfold loadimm. + case (Int.eq (high_s n) Int.zero). + (* addi *) + exists (nextinstr (rs#r <- (Vint n))). + split. apply exec_straight_one. + simpl. rewrite Int.add_commut. rewrite Int.add_zero. reflexivity. + reflexivity. + split. rewrite nextinstr_inv; auto with ppcgen. + apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. apply Pregmap.gso; auto. + (* addis *) + generalize (Int.eq_spec (low_s n) Int.zero); case (Int.eq (low_s n) Int.zero); intro. + exists (nextinstr (rs#r <- (Vint n))). + split. apply exec_straight_one. + simpl. rewrite Int.add_commut. + rewrite <- H. rewrite low_high_s. reflexivity. + reflexivity. + split. rewrite nextinstr_inv; auto with ppcgen. apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. apply Pregmap.gso; auto. + (* addis + ori *) + pose (rs1 := nextinstr (rs#r <- (Vint (Int.shl (high_u n) (Int.repr 16))))). + exists (nextinstr (rs1#r <- (Vint n))). + split. eapply exec_straight_two. + simpl. rewrite Int.add_commut. rewrite Int.add_zero. reflexivity. + simpl. rewrite nextinstr_inv; auto with ppcgen. rewrite Pregmap.gss. + unfold Val.or. rewrite low_high_u. reflexivity. + reflexivity. reflexivity. + split. rewrite nextinstr_inv; auto with ppcgen. apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. rewrite Pregmap.gso; auto. + unfold rs1. rewrite nextinstr_inv; auto. rewrite Pregmap.gso; auto. +Qed. + +(** Add integer immediate. *) + +Lemma addimm_1_correct: + forall r1 r2 n k rs m, + r1 <> GPR0 -> + r2 <> GPR0 -> + exists rs', + exec_straight (addimm_1 r1 r2 n k) rs m k rs' m + /\ rs'#r1 = Val.add rs#r2 (Vint n) + /\ forall r': preg, r' <> r1 -> r' <> PC -> rs'#r' = rs#r'. +Proof. + intros. unfold addimm_1. + (* addi *) + case (Int.eq (high_s n) Int.zero). + exists (nextinstr (rs#r1 <- (Val.add rs#r2 (Vint n)))). + split. apply exec_straight_one. + simpl. rewrite gpr_or_zero_not_zero; auto. + reflexivity. + split. rewrite nextinstr_inv; auto with ppcgen. apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. apply Pregmap.gso; auto. + (* addis *) + generalize (Int.eq_spec (low_s n) Int.zero); case (Int.eq (low_s n) Int.zero); intro. + exists (nextinstr (rs#r1 <- (Val.add rs#r2 (Vint n)))). + split. apply exec_straight_one. + simpl. rewrite gpr_or_zero_not_zero; auto. + generalize (low_high_s n). rewrite H1. rewrite Int.add_zero. intro. + rewrite H2. auto. + reflexivity. + split. rewrite nextinstr_inv; auto with ppcgen. apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. apply Pregmap.gso; auto. + (* addis + addi *) + pose (rs1 := nextinstr (rs#r1 <- (Val.add rs#r2 (Vint (Int.shl (high_s n) (Int.repr 16)))))). + exists (nextinstr (rs1#r1 <- (Val.add rs#r2 (Vint n)))). + split. apply exec_straight_two with rs1 m. + simpl. rewrite gpr_or_zero_not_zero; auto. + simpl. rewrite gpr_or_zero_not_zero; auto. + unfold rs1 at 1. rewrite nextinstr_inv; auto with ppcgen. rewrite Pregmap.gss. + rewrite Val.add_assoc. simpl. rewrite low_high_s. auto. + reflexivity. reflexivity. + split. rewrite nextinstr_inv; auto with ppcgen. apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. rewrite Pregmap.gso; auto. + unfold rs1. rewrite nextinstr_inv; auto. apply Pregmap.gso; auto. +Qed. + +Lemma addimm_2_correct: + forall r1 r2 n k rs m, + r2 <> GPR2 -> + exists rs', + exec_straight (addimm_2 r1 r2 n k) rs m k rs' m + /\ rs'#r1 = Val.add rs#r2 (Vint n) + /\ forall r': preg, r' <> r1 -> r' <> GPR2 -> r' <> PC -> rs'#r' = rs#r'. +Proof. + intros. unfold addimm_2. + generalize (loadimm_correct GPR2 n (Padd r1 r2 GPR2 :: k) rs m). + intros [rs1 [EX [RES OTHER]]]. + exists (nextinstr (rs1#r1 <- (Val.add rs#r2 (Vint n)))). + split. eapply exec_straight_trans. eexact EX. + apply exec_straight_one. simpl. rewrite RES. rewrite OTHER. + auto. congruence. discriminate. + reflexivity. + split. rewrite nextinstr_inv; auto with ppcgen. apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. rewrite Pregmap.gso; auto. +Qed. + +Lemma addimm_correct: + forall r1 r2 n k rs m, + r2 <> GPR2 -> + exists rs', + exec_straight (addimm r1 r2 n k) rs m k rs' m + /\ rs'#r1 = Val.add rs#r2 (Vint n) + /\ forall r': preg, r' <> r1 -> r' <> GPR2 -> r' <> PC -> rs'#r' = rs#r'. +Proof. + intros. unfold addimm. + case (ireg_eq r1 GPR0); intro. + apply addimm_2_correct; auto. + case (ireg_eq r2 GPR0); intro. + apply addimm_2_correct; auto. + generalize (addimm_1_correct r1 r2 n k rs m n0 n1). + intros [rs' [EX [RES OTH]]]. exists rs'. intuition. +Qed. + +(** And integer immediate. *) + +Lemma andimm_correct: + forall r1 r2 n k (rs : regset) m, + r2 <> GPR2 -> + let v := Val.and rs#r2 (Vint n) in + exists rs', + exec_straight (andimm r1 r2 n k) rs m k rs' m + /\ rs'#r1 = v + /\ rs'#CR0_2 = Val.cmp Ceq v Vzero + /\ forall r': preg, + r' <> r1 -> r' <> GPR2 -> r' <> PC -> + r' <> CR0_0 -> r' <> CR0_1 -> r' <> CR0_2 -> r' <> CR0_3 -> + rs'#r' = rs#r'. +Proof. + intros. unfold andimm. + case (Int.eq (high_u n) Int.zero). + (* andi *) + exists (nextinstr (compare_sint (rs#r1 <- v) v Vzero)). + generalize (compare_sint_spec (rs#r1 <- v) v Vzero). + intros [A [B [C D]]]. + split. apply exec_straight_one. reflexivity. reflexivity. + split. rewrite D; try discriminate. apply Pregmap.gss. + split. auto. + intros. rewrite D; auto. apply Pregmap.gso; auto. + (* andis *) + generalize (Int.eq_spec (low_u n) Int.zero); + case (Int.eq (low_u n) Int.zero); intro. + exists (nextinstr (compare_sint (rs#r1 <- v) v Vzero)). + generalize (compare_sint_spec (rs#r1 <- v) v Vzero). + intros [A [B [C D]]]. + split. apply exec_straight_one. simpl. + generalize (low_high_u n). rewrite H0. rewrite Int.or_zero. + intro. rewrite H1. reflexivity. reflexivity. + split. rewrite D; try discriminate. apply Pregmap.gss. + split. auto. + intros. rewrite D; auto. apply Pregmap.gso; auto. + (* loadimm + and *) + generalize (loadimm_correct GPR2 n (Pand_ r1 r2 GPR2 :: k) rs m). + intros [rs1 [EX1 [RES1 OTHER1]]]. + exists (nextinstr (compare_sint (rs1#r1 <- v) v Vzero)). + generalize (compare_sint_spec (rs1#r1 <- v) v Vzero). + intros [A [B [C D]]]. + split. eapply exec_straight_trans. eexact EX1. + apply exec_straight_one. simpl. rewrite RES1. + rewrite (OTHER1 r2). reflexivity. congruence. congruence. + reflexivity. + split. rewrite D; try discriminate. apply Pregmap.gss. + split. auto. + intros. rewrite D; auto. rewrite Pregmap.gso; auto. +Qed. + +(** Or integer immediate. *) + +Lemma orimm_correct: + forall r1 (r2: ireg) n k (rs : regset) m, + let v := Val.or rs#r2 (Vint n) in + exists rs', + exec_straight (orimm r1 r2 n k) rs m k rs' m + /\ rs'#r1 = v + /\ forall r': preg, r' <> r1 -> r' <> PC -> rs'#r' = rs#r'. +Proof. + intros. unfold orimm. + case (Int.eq (high_u n) Int.zero). + (* ori *) + exists (nextinstr (rs#r1 <- v)). + split. apply exec_straight_one. reflexivity. reflexivity. + split. rewrite nextinstr_inv; auto with ppcgen. apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. apply Pregmap.gso; auto. + (* oris *) + generalize (Int.eq_spec (low_u n) Int.zero); + case (Int.eq (low_u n) Int.zero); intro. + exists (nextinstr (rs#r1 <- v)). + split. apply exec_straight_one. simpl. + generalize (low_high_u n). rewrite H. rewrite Int.or_zero. + intro. rewrite H0. reflexivity. reflexivity. + split. rewrite nextinstr_inv; auto with ppcgen. apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. apply Pregmap.gso; auto. + (* oris + ori *) + pose (rs1 := nextinstr (rs#r1 <- (Val.or rs#r2 (Vint (Int.shl (high_u n) (Int.repr 16)))))). + exists (nextinstr (rs1#r1 <- v)). + split. apply exec_straight_two with rs1 m. + reflexivity. simpl. unfold rs1 at 1. + rewrite nextinstr_inv; auto with ppcgen. + rewrite Pregmap.gss. rewrite Val.or_assoc. simpl. + rewrite low_high_u. reflexivity. reflexivity. reflexivity. + split. rewrite nextinstr_inv; auto with ppcgen. apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. rewrite Pregmap.gso; auto. + unfold rs1. rewrite nextinstr_inv; auto. rewrite Pregmap.gso; auto. +Qed. + +(** Xor integer immediate. *) + +Lemma xorimm_correct: + forall r1 (r2: ireg) n k (rs : regset) m, + let v := Val.xor rs#r2 (Vint n) in + exists rs', + exec_straight (xorimm r1 r2 n k) rs m k rs' m + /\ rs'#r1 = v + /\ forall r': preg, r' <> r1 -> r' <> PC -> rs'#r' = rs#r'. +Proof. + intros. unfold xorimm. + case (Int.eq (high_u n) Int.zero). + (* xori *) + exists (nextinstr (rs#r1 <- v)). + split. apply exec_straight_one. reflexivity. reflexivity. + split. rewrite nextinstr_inv; auto with ppcgen. apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. apply Pregmap.gso; auto. + (* xoris *) + generalize (Int.eq_spec (low_u n) Int.zero); + case (Int.eq (low_u n) Int.zero); intro. + exists (nextinstr (rs#r1 <- v)). + split. apply exec_straight_one. simpl. + generalize (low_high_u_xor n). rewrite H. rewrite Int.xor_zero. + intro. rewrite H0. reflexivity. reflexivity. + split. rewrite nextinstr_inv; auto with ppcgen. apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. apply Pregmap.gso; auto. + (* xoris + xori *) + pose (rs1 := nextinstr (rs#r1 <- (Val.xor rs#r2 (Vint (Int.shl (high_u n) (Int.repr 16)))))). + exists (nextinstr (rs1#r1 <- v)). + split. apply exec_straight_two with rs1 m. + reflexivity. simpl. unfold rs1 at 1. + rewrite nextinstr_inv; try discriminate. + rewrite Pregmap.gss. rewrite Val.xor_assoc. simpl. + rewrite low_high_u_xor. reflexivity. reflexivity. reflexivity. + split. rewrite nextinstr_inv; auto with ppcgen. + apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. rewrite Pregmap.gso; auto. + unfold rs1. rewrite nextinstr_inv; auto. rewrite Pregmap.gso; auto. +Qed. + +(** Indexed memory loads. *) + +Lemma loadind_aux_correct: + forall (base: ireg) ofs ty dst (rs: regset) m v, + Mem.loadv (chunk_of_type ty) m (Val.add rs#base (Vint ofs)) = Some v -> + mreg_type dst = ty -> + base <> GPR0 -> + exec_instr ge fn (loadind_aux base ofs ty dst) rs m = + OK (nextinstr (rs#(preg_of dst) <- v)) m. +Proof. + intros. unfold loadind_aux. unfold preg_of. rewrite H0. destruct ty. + simpl. unfold load1. rewrite gpr_or_zero_not_zero; auto. + unfold const_low. simpl in H. rewrite H. auto. + simpl. unfold load1. rewrite gpr_or_zero_not_zero; auto. + unfold const_low. simpl in H. rewrite H. auto. +Qed. + +Lemma loadind_correct: + forall (base: ireg) ofs ty dst k (rs: regset) m v, + Mem.loadv (chunk_of_type ty) m (Val.add rs#base (Vint ofs)) = Some v -> + mreg_type dst = ty -> + base <> GPR0 -> + exists rs', + exec_straight (loadind base ofs ty dst k) rs m k rs' m + /\ rs'#(preg_of dst) = v + /\ forall r, r <> PC -> r <> GPR2 -> r <> preg_of dst -> rs'#r = rs#r. +Proof. + intros. unfold loadind. + assert (preg_of dst <> PC). + unfold preg_of. case (mreg_type dst); discriminate. + (* short offset *) + case (Int.eq (high_s ofs) Int.zero). + exists (nextinstr (rs#(preg_of dst) <- v)). + split. apply exec_straight_one. apply loadind_aux_correct; auto. + unfold nextinstr. rewrite Pregmap.gss. rewrite Pregmap.gso. auto. auto. + split. rewrite nextinstr_inv; auto. apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. apply Pregmap.gso; auto. + (* long offset *) + pose (rs1 := nextinstr (rs#GPR2 <- (Val.add rs#base (Vint (Int.shl (high_s ofs) (Int.repr 16)))))). + exists (nextinstr (rs1#(preg_of dst) <- v)). + split. apply exec_straight_two with rs1 m. + simpl. rewrite gpr_or_zero_not_zero; auto. + apply loadind_aux_correct. + unfold rs1. rewrite nextinstr_inv; auto with ppcgen. rewrite Pregmap.gss. + rewrite Val.add_assoc. simpl. rewrite low_high_s. assumption. + auto. discriminate. reflexivity. + unfold nextinstr. rewrite Pregmap.gss. rewrite Pregmap.gso. auto. auto. + split. rewrite nextinstr_inv; auto. apply Pregmap.gss. + intros. rewrite nextinstr_inv; auto. rewrite Pregmap.gso; auto. + unfold rs1. rewrite nextinstr_inv; auto. rewrite Pregmap.gso; auto. +Qed. + +(** Indexed memory stores. *) + +Lemma storeind_aux_correct: + forall (base: ireg) ofs ty src (rs: regset) m m', + Mem.storev (chunk_of_type ty) m (Val.add rs#base (Vint ofs)) (rs#(preg_of src)) = Some m' -> + mreg_type src = ty -> + base <> GPR0 -> + exec_instr ge fn (storeind_aux src base ofs ty) rs m = + OK (nextinstr rs) m'. +Proof. + intros. unfold storeind_aux. unfold preg_of in H. rewrite H0 in H. destruct ty. + simpl. unfold store1. rewrite gpr_or_zero_not_zero; auto. + unfold const_low. simpl in H. rewrite H. auto. + simpl. unfold store1. rewrite gpr_or_zero_not_zero; auto. + unfold const_low. simpl in H. rewrite H. auto. +Qed. + +Lemma storeind_correct: + forall (base: ireg) ofs ty src k (rs: regset) m m', + Mem.storev (chunk_of_type ty) m (Val.add rs#base (Vint ofs)) (rs#(preg_of src)) = Some m' -> + mreg_type src = ty -> + base <> GPR0 -> + exists rs', + exec_straight (storeind src base ofs ty k) rs m k rs' m' + /\ forall r, r <> PC -> r <> GPR2 -> rs'#r = rs#r. +Proof. + intros. unfold storeind. + (* short offset *) + case (Int.eq (high_s ofs) Int.zero). + exists (nextinstr rs). + split. apply exec_straight_one. apply storeind_aux_correct; auto. + reflexivity. + intros. rewrite nextinstr_inv; auto. + (* long offset *) + pose (rs1 := nextinstr (rs#GPR2 <- (Val.add rs#base (Vint (Int.shl (high_s ofs) (Int.repr 16)))))). + exists (nextinstr rs1). + split. apply exec_straight_two with rs1 m. + simpl. rewrite gpr_or_zero_not_zero; auto. + apply storeind_aux_correct; auto with ppcgen. + unfold rs1. rewrite nextinstr_inv; auto with ppcgen. rewrite Pregmap.gss. + rewrite nextinstr_inv; auto with ppcgen. + rewrite Pregmap.gso; auto with ppcgen. + rewrite Val.add_assoc. simpl. rewrite low_high_s. assumption. + reflexivity. reflexivity. + intros. rewrite nextinstr_inv; auto. + unfold rs1. rewrite nextinstr_inv; auto. rewrite Pregmap.gso; auto. +Qed. + +(** Float comparisons. *) + +Lemma floatcomp_correct: + forall cmp (r1 r2: freg) k rs m, + exists rs', + exec_straight (floatcomp cmp r1 r2 k) rs m k rs' m + /\ rs'#(reg_of_crbit (fst (crbit_for_fcmp cmp))) = + (if snd (crbit_for_fcmp cmp) + then Val.cmpf cmp rs#r1 rs#r2 + else Val.notbool (Val.cmpf cmp rs#r1 rs#r2)) + /\ forall r', + r' <> PC -> r' <> CR0_0 -> r' <> CR0_1 -> + r' <> CR0_2 -> r' <> CR0_3 -> rs'#r' = rs#r'. +Proof. + intros. + generalize (compare_float_spec rs rs#r1 rs#r2). + intros [A [B [C D]]]. + set (rs1 := nextinstr (compare_float rs rs#r1 rs#r2)) in *. + assert ((cmp = Ceq \/ cmp = Cne \/ cmp = Clt \/ cmp = Cgt) + \/ (cmp = Cle \/ cmp = Cge)). + case cmp; tauto. + unfold floatcomp. elim H; intro; clear H. + exists rs1. + split. generalize H0; intros [EQ|[EQ|[EQ|EQ]]]; subst cmp; + apply exec_straight_one; reflexivity. + split. + generalize H0; intros [EQ|[EQ|[EQ|EQ]]]; subst cmp; simpl; auto. + rewrite Val.negate_cmpf_eq. auto. + auto. + (* two instrs *) + exists (nextinstr (rs1#CR0_3 <- (Val.cmpf cmp rs#r1 rs#r2))). + split. elim H0; intro; subst cmp. + apply exec_straight_two with rs1 m. + reflexivity. simpl. + rewrite C; rewrite A. rewrite Val.or_commut. rewrite <- Val.cmpf_le. + reflexivity. reflexivity. reflexivity. + apply exec_straight_two with rs1 m. + reflexivity. simpl. + rewrite C; rewrite B. rewrite Val.or_commut. rewrite <- Val.cmpf_ge. + reflexivity. reflexivity. reflexivity. + split. elim H0; intro; subst cmp; simpl. + reflexivity. + reflexivity. + intros. rewrite nextinstr_inv; auto. rewrite Pregmap.gso; auto. +Qed. + +Ltac TypeInv := + match goal with + | H: (List.map ?f ?x = nil) |- _ => + destruct x; [clear H | simpl in H; discriminate] + | H: (List.map ?f ?x = ?hd :: ?tl) |- _ => + destruct x; simpl in H; + [ discriminate | + injection H; clear H; let T := fresh "T" in ( + intros H T; TypeInv) ] + | _ => idtac + end. + +(** Translation of conditions. *) + +Lemma transl_cond_correct_aux: + forall cond args k ms sp rs m, + map mreg_type args = type_of_condition cond -> + agree ms sp rs -> + exists rs', + exec_straight (transl_cond cond args k) rs m k rs' m + /\ rs'#(reg_of_crbit (fst (crbit_for_cond cond))) = + (if snd (crbit_for_cond cond) + then eval_condition_total cond (map ms args) + else Val.notbool (eval_condition_total cond (map ms args))) + /\ agree ms sp rs'. +Proof. + intros. destruct cond; simpl in H; TypeInv. + (* Ccomp *) + simpl. + generalize (compare_sint_spec rs ms#m0 ms#m1). + intros [A [B [C D]]]. + exists (nextinstr (compare_sint rs ms#m0 ms#m1)). + split. apply exec_straight_one. simpl. + repeat (rewrite <- (ireg_val ms sp rs); auto). + reflexivity. + split. + case c; simpl; auto; rewrite <- Val.negate_cmp; simpl; auto. + apply agree_exten_2 with rs; auto. + (* Ccompu *) + simpl. + generalize (compare_uint_spec rs ms#m0 ms#m1). + intros [A [B [C D]]]. + exists (nextinstr (compare_uint rs ms#m0 ms#m1)). + split. apply exec_straight_one. simpl. + repeat (rewrite <- (ireg_val ms sp rs); auto). + reflexivity. + split. + case c; simpl; auto; rewrite <- Val.negate_cmpu; simpl; auto. + apply agree_exten_2 with rs; auto. + (* Ccompimm *) + simpl. + case (Int.eq (high_s i) Int.zero). + generalize (compare_sint_spec rs ms#m0 (Vint i)). + intros [A [B [C D]]]. + exists (nextinstr (compare_sint rs ms#m0 (Vint i))). + split. apply exec_straight_one. simpl. + repeat (rewrite <- (ireg_val ms sp rs); auto). + reflexivity. + split. + case c; simpl; auto; rewrite <- Val.negate_cmp; simpl; auto. + apply agree_exten_2 with rs; auto. + generalize (loadimm_correct GPR2 i (Pcmpw (ireg_of m0) GPR2 :: k) rs m). + intros [rs1 [EX1 [RES1 OTH1]]]. + assert (agree ms sp rs1). apply agree_exten_2 with rs; auto. + generalize (compare_sint_spec rs1 ms#m0 (Vint i)). + intros [A [B [C D]]]. + exists (nextinstr (compare_sint rs1 ms#m0 (Vint i))). + split. eapply exec_straight_trans. eexact EX1. + apply exec_straight_one. simpl. + repeat (rewrite <- (ireg_val ms sp rs1); auto). rewrite RES1. + reflexivity. reflexivity. + split. + case c; simpl; auto; rewrite <- Val.negate_cmp; simpl; auto. + apply agree_exten_2 with rs1; auto. + (* Ccompuimm *) + simpl. + case (Int.eq (high_u i) Int.zero). + generalize (compare_uint_spec rs ms#m0 (Vint i)). + intros [A [B [C D]]]. + exists (nextinstr (compare_uint rs ms#m0 (Vint i))). + split. apply exec_straight_one. simpl. + repeat (rewrite <- (ireg_val ms sp rs); auto). + reflexivity. + split. + case c; simpl; auto; rewrite <- Val.negate_cmpu; simpl; auto. + apply agree_exten_2 with rs; auto. + generalize (loadimm_correct GPR2 i (Pcmplw (ireg_of m0) GPR2 :: k) rs m). + intros [rs1 [EX1 [RES1 OTH1]]]. + assert (agree ms sp rs1). apply agree_exten_2 with rs; auto. + generalize (compare_uint_spec rs1 ms#m0 (Vint i)). + intros [A [B [C D]]]. + exists (nextinstr (compare_uint rs1 ms#m0 (Vint i))). + split. eapply exec_straight_trans. eexact EX1. + apply exec_straight_one. simpl. + repeat (rewrite <- (ireg_val ms sp rs1); auto). rewrite RES1. + reflexivity. reflexivity. + split. + case c; simpl; auto; rewrite <- Val.negate_cmpu; simpl; auto. + apply agree_exten_2 with rs1; auto. + (* Ccompf *) + simpl. + generalize (floatcomp_correct c (freg_of m0) (freg_of m1) k rs m). + intros [rs' [EX [RES OTH]]]. + exists rs'. split. auto. + split. rewrite RES. repeat (rewrite <- (freg_val ms sp rs); auto). + apply agree_exten_2 with rs; auto. + (* Cnotcompf *) + simpl. + generalize (floatcomp_correct c (freg_of m0) (freg_of m1) k rs m). + intros [rs' [EX [RES OTH]]]. + exists rs'. split. auto. + split. rewrite RES. repeat (rewrite <- (freg_val ms sp rs); auto). + assert (forall v1 v2, Val.notbool (Val.notbool (Val.cmpf c v1 v2)) = Val.cmpf c v1 v2). + intros v1 v2; unfold Val.cmpf; destruct v1; destruct v2; auto. + apply Val.notbool_idem2. + rewrite H. + generalize RES. case (snd (crbit_for_fcmp c)); simpl; auto. + apply agree_exten_2 with rs; auto. + (* Cmaskzero *) + simpl. + generalize (andimm_correct GPR2 (ireg_of m0) i k rs m (ireg_of_not_GPR2 m0)). + intros [rs' [A [B [C D]]]]. + exists rs'. split. assumption. + split. rewrite C. rewrite <- (ireg_val ms sp rs); auto. + apply agree_exten_2 with rs; auto. + (* Cmasknotzero *) + simpl. + generalize (andimm_correct GPR2 (ireg_of m0) i k rs m (ireg_of_not_GPR2 m0)). + intros [rs' [A [B [C D]]]]. + exists rs'. split. assumption. + split. rewrite C. rewrite <- (ireg_val ms sp rs); auto. + rewrite Val.notbool_idem3. reflexivity. + apply agree_exten_2 with rs; auto. +Qed. + +Lemma transl_cond_correct: + forall cond args k ms sp rs m b, + map mreg_type args = type_of_condition cond -> + agree ms sp rs -> + eval_condition cond (map ms args) = Some b -> + exists rs', + exec_straight (transl_cond cond args k) rs m k rs' m + /\ rs'#(reg_of_crbit (fst (crbit_for_cond cond))) = + (if snd (crbit_for_cond cond) + then Val.of_bool b + else Val.notbool (Val.of_bool b)) + /\ agree ms sp rs'. +Proof. + intros. rewrite <- (eval_condition_weaken _ _ H1). + apply transl_cond_correct_aux; auto. +Qed. + +(** Translation of arithmetic operations. *) + +Ltac TranslOpSimpl := + match goal with + | |- exists rs' : regset, + exec_straight ?c ?rs ?m ?k rs' ?m /\ + agree (Regmap.set ?res ?v ?ms) ?sp rs' => + (exists (nextinstr (rs#(ireg_of res) <- v)); + split; + [ apply exec_straight_one; + [ repeat (rewrite (ireg_val ms sp rs); auto); reflexivity + | reflexivity ] + | auto with ppcgen ]) + || + (exists (nextinstr (rs#(freg_of res) <- v)); + split; + [ apply exec_straight_one; + [ repeat (rewrite (freg_val ms sp rs); auto); reflexivity + | reflexivity ] + | auto with ppcgen ]) + end. + +Lemma transl_op_correct: + forall op args res k ms sp rs m v, + wt_instr (Mop op args res) -> + agree ms sp rs -> + eval_operation ge sp op (map ms args) = Some v -> + exists rs', + exec_straight (transl_op op args res k) rs m k rs' m + /\ agree (Regmap.set res v ms) sp rs'. +Proof. + intros. rewrite <- (eval_operation_weaken _ _ _ _ H1). clear H1; clear v. + inversion H. + (* Omove *) + simpl. exists (nextinstr (rs#(preg_of res) <- (ms r1))). + split. caseEq (mreg_type r1); intro. + apply exec_straight_one. simpl. rewrite (ireg_val ms sp rs); auto. + simpl. unfold preg_of. rewrite <- H2. rewrite H5. reflexivity. + auto with ppcgen. + apply exec_straight_one. simpl. rewrite (freg_val ms sp rs); auto. + simpl. unfold preg_of. rewrite <- H2. rewrite H5. reflexivity. + auto with ppcgen. + auto with ppcgen. + (* Oundef *) + simpl. exists (nextinstr (rs#(preg_of res) <- Vundef)). + split. caseEq (mreg_type res); intro. + apply exec_straight_one. simpl. + unfold preg_of; rewrite H1. reflexivity. + auto with ppcgen. + apply exec_straight_one. simpl. + unfold preg_of; rewrite H1. reflexivity. + auto with ppcgen. + auto with ppcgen. + (* Other instructions *) + clear H1; clear H2; clear H3. + destruct op; simpl in H6; injection H6; clear H6; intros; + TypeInv; simpl; try (TranslOpSimpl). + (* Omove again *) + congruence. + (* Ointconst *) + generalize (loadimm_correct (ireg_of res) i k rs m). + intros [rs' [A [B C]]]. + exists rs'. split. auto. + apply agree_set_mireg_exten with rs; auto. + (* Ofloatconst *) + exists (nextinstr (rs#(freg_of res) <- (Vfloat f) #GPR2 <- Vundef)). + split. apply exec_straight_one. reflexivity. reflexivity. + auto with ppcgen. + (* Oaddrsymbol *) + set (v := find_symbol_offset ge i i0). + pose (rs1 := nextinstr (rs#(ireg_of res) <- (high_half_unsigned v))). + exists (nextinstr (rs1#(ireg_of res) <- v)). + split. apply exec_straight_two with rs1 m. + unfold exec_instr. rewrite gpr_or_zero_zero. + unfold const_high. rewrite Val.add_commut. + rewrite high_half_unsigned_zero. reflexivity. + simpl. unfold rs1 at 1. rewrite nextinstr_inv; auto with ppcgen. + rewrite Pregmap.gss. + fold v. rewrite Val.or_commut. rewrite low_high_half_unsigned. + reflexivity. reflexivity. reflexivity. + unfold rs1. auto with ppcgen. + (* Oaddrstack *) + assert (GPR1 <> GPR2). discriminate. + generalize (addimm_correct (ireg_of res) GPR1 i k rs m H2). + intros [rs' [EX [RES OTH]]]. + exists rs'. split. auto. + apply agree_set_mireg_exten with rs; auto. + rewrite (sp_val ms sp rs). auto. auto. + (* Oundef again *) + congruence. + (* Oaddimm *) + generalize (addimm_correct (ireg_of res) (ireg_of m0) i k rs m + (ireg_of_not_GPR2 m0)). + intros [rs' [A [B C]]]. + exists rs'. split. auto. + apply agree_set_mireg_exten with rs; auto. + rewrite (ireg_val ms sp rs); auto. + (* Osub *) + exists (nextinstr (rs#(ireg_of res) <- (Val.sub (ms m0) (ms m1)) #CARRY <- Vundef)). + split. apply exec_straight_one. repeat (rewrite (ireg_val ms sp rs); auto). + simpl. reflexivity. auto with ppcgen. + (* Osubimm *) + case (Int.eq (high_s i) Int.zero). + exists (nextinstr (rs#(ireg_of res) <- (Val.sub (Vint i) (ms m0)) #CARRY <- Vundef)). + split. apply exec_straight_one. rewrite (ireg_val ms sp rs); auto. + reflexivity. simpl. auto with ppcgen. + generalize (loadimm_correct GPR2 i (Psubfc (ireg_of res) (ireg_of m0) GPR2 :: k) rs m). + intros [rs1 [EX [RES OTH]]]. + assert (agree ms sp rs1). apply agree_exten_2 with rs; auto. + exists (nextinstr (rs1#(ireg_of res) <- (Val.sub (Vint i) (ms m0)) #CARRY <- Vundef)). + split. eapply exec_straight_trans. eexact EX. + apply exec_straight_one. repeat (rewrite (ireg_val ms sp rs); auto). + simpl. rewrite RES. rewrite OTH. reflexivity. + generalize (ireg_of_not_GPR2 m0); congruence. + discriminate. + reflexivity. simpl; auto with ppcgen. + (* Omulimm *) + case (Int.eq (high_s i) Int.zero). + exists (nextinstr (rs#(ireg_of res) <- (Val.mul (ms m0) (Vint i)))). + split. apply exec_straight_one. rewrite (ireg_val ms sp rs); auto. + reflexivity. auto with ppcgen. + generalize (loadimm_correct GPR2 i (Pmullw (ireg_of res) (ireg_of m0) GPR2 :: k) rs m). + intros [rs1 [EX [RES OTH]]]. + assert (agree ms sp rs1). apply agree_exten_2 with rs; auto. + exists (nextinstr (rs1#(ireg_of res) <- (Val.mul (ms m0) (Vint i)))). + split. eapply exec_straight_trans. eexact EX. + apply exec_straight_one. repeat (rewrite (ireg_val ms sp rs); auto). + simpl. rewrite RES. rewrite OTH. reflexivity. + generalize (ireg_of_not_GPR2 m0); congruence. + discriminate. + reflexivity. simpl; auto with ppcgen. + (* Oand *) + pose (v := Val.and (ms m0) (ms m1)). + pose (rs1 := rs#(ireg_of res) <- v). + generalize (compare_sint_spec rs1 v Vzero). + intros [A [B [C D]]]. + exists (nextinstr (compare_sint rs1 v Vzero)). + split. apply exec_straight_one. + unfold rs1, v. repeat (rewrite (ireg_val ms sp rs); auto). + reflexivity. + apply agree_exten_2 with rs1. unfold rs1, v; auto with ppcgen. + auto. + (* Oandimm *) + generalize (andimm_correct (ireg_of res) (ireg_of m0) i k rs m + (ireg_of_not_GPR2 m0)). + intros [rs' [A [B [C D]]]]. + exists rs'. split. auto. apply agree_set_mireg_exten with rs; auto. + rewrite (ireg_val ms sp rs); auto. + (* Oorimm *) + generalize (orimm_correct (ireg_of res) (ireg_of m0) i k rs m). + intros [rs' [A [B C]]]. + exists rs'. split. auto. apply agree_set_mireg_exten with rs; auto. + rewrite (ireg_val ms sp rs); auto. + (* Oxorimm *) + generalize (xorimm_correct (ireg_of res) (ireg_of m0) i k rs m). + intros [rs' [A [B C]]]. + exists rs'. split. auto. apply agree_set_mireg_exten with rs; auto. + rewrite (ireg_val ms sp rs); auto. + (* Oshr *) + exists (nextinstr (rs#(ireg_of res) <- (Val.shr (ms m0) (ms m1)) #CARRY <- (Val.shr_carry (ms m0) (ms m1)))). + split. apply exec_straight_one. repeat (rewrite (ireg_val ms sp rs); auto). + reflexivity. auto with ppcgen. + (* Oshrimm *) + exists (nextinstr (rs#(ireg_of res) <- (Val.shr (ms m0) (Vint i)) #CARRY <- (Val.shr_carry (ms m0) (Vint i)))). + split. apply exec_straight_one. repeat (rewrite (ireg_val ms sp rs); auto). + reflexivity. auto with ppcgen. + (* Oxhrximm *) + pose (rs1 := nextinstr (rs#(ireg_of res) <- (Val.shr (ms m0) (Vint i)) #CARRY <- (Val.shr_carry (ms m0) (Vint i)))). + exists (nextinstr (rs1#(ireg_of res) <- (Val.shrx (ms m0) (Vint i)))). + split. apply exec_straight_two with rs1 m. + unfold rs1; rewrite (ireg_val ms sp rs); auto. + simpl; unfold rs1; repeat rewrite <- (ireg_val ms sp rs); auto. + repeat (rewrite nextinstr_inv; try discriminate). + repeat rewrite Pregmap.gss. decEq. decEq. + apply (f_equal3 (@Pregmap.set val)); auto. + rewrite Pregmap.gso. rewrite Pregmap.gss. apply Val.shrx_carry. + discriminate. reflexivity. reflexivity. + apply agree_exten_2 with (rs#(ireg_of res) <- (Val.shrx (ms m0) (Vint i))). + auto with ppcgen. + intros. rewrite nextinstr_inv; auto. + case (preg_eq (ireg_of res) r); intro. + subst r. repeat rewrite Pregmap.gss. auto. + repeat rewrite Pregmap.gso; auto. + unfold rs1. rewrite nextinstr_inv; auto. + repeat rewrite Pregmap.gso; auto. + (* Ointoffloat *) + exists (nextinstr (rs#(ireg_of res) <- (Val.intoffloat (ms m0)) #FPR13 <- Vundef)). + split. apply exec_straight_one. + repeat (rewrite (freg_val ms sp rs); auto). + reflexivity. auto with ppcgen. + (* Ofloatofint *) + exists (nextinstr (rs#(freg_of res) <- (Val.floatofint (ms m0)) #GPR2 <- Vundef #FPR13 <- Vundef)). + split. apply exec_straight_one. + repeat (rewrite (ireg_val ms sp rs); auto). + reflexivity. auto 10 with ppcgen. + (* Ofloatofintu *) + exists (nextinstr (rs#(freg_of res) <- (Val.floatofintu (ms m0)) #GPR2 <- Vundef #FPR13 <- Vundef)). + split. apply exec_straight_one. + repeat (rewrite (ireg_val ms sp rs); auto). + reflexivity. auto 10 with ppcgen. + (* Ocmp *) + set (bit := fst (crbit_for_cond c)). + set (isset := snd (crbit_for_cond c)). + set (k1 := + Pmfcrbit (ireg_of res) bit :: + (if isset + then k + else Pxori (ireg_of res) (ireg_of res) (Cint Int.one) :: k)). + generalize (transl_cond_correct_aux c args k1 ms sp rs m H2 H0). + fold bit; fold isset. + intros [rs1 [EX1 [RES1 AG1]]]. + set (rs2 := nextinstr (rs1#(ireg_of res) <- (rs1#(reg_of_crbit bit)))). + destruct isset. + exists rs2. + split. apply exec_straight_trans with k1 rs1 m. assumption. + unfold k1. apply exec_straight_one. + reflexivity. reflexivity. + unfold rs2. rewrite RES1. auto with ppcgen. + exists (nextinstr (rs2#(ireg_of res) <- (eval_condition_total c ms##args))). + split. apply exec_straight_trans with k1 rs1 m. assumption. + unfold k1. apply exec_straight_two with rs2 m. + reflexivity. simpl. + replace (Val.xor (rs2 (ireg_of res)) (Vint Int.one)) + with (eval_condition_total c ms##args). + reflexivity. + unfold rs2. rewrite nextinstr_inv; auto with ppcgen. rewrite Pregmap.gss. + rewrite RES1. apply Val.notbool_xor. apply eval_condition_total_is_bool. + reflexivity. reflexivity. + unfold rs2. auto with ppcgen. +Qed. + +Lemma transl_load_store_correct: + forall (mk1: constant -> ireg -> instruction) (mk2: ireg -> ireg -> instruction) + addr args k ms sp rs m ms' m', + (forall cst (r1: ireg) (rs1: regset) k, + eval_addressing_total ge sp addr (map ms args) = Val.add rs1#r1 (const_low ge cst) -> + agree ms sp rs1 -> + r1 <> GPR0 -> + exists rs', + exec_straight (mk1 cst r1 :: k) rs1 m k rs' m' /\ + agree ms' sp rs') -> + (forall (r1 r2: ireg) (rs1: regset) k, + eval_addressing_total ge sp addr (map ms args) = Val.add rs1#r1 rs1#r2 -> + agree ms sp rs1 -> + exists rs', + exec_straight (mk2 r1 r2 :: k) rs1 m k rs' m' /\ + agree ms' sp rs') -> + agree ms sp rs -> + map mreg_type args = type_of_addressing addr -> + exists rs', + exec_straight (transl_load_store mk1 mk2 addr args k) rs m + k rs' m' + /\ agree ms' sp rs'. +Proof. + intros. destruct addr; simpl in H2; TypeInv; simpl. + (* Aindexed *) + case (ireg_eq (ireg_of t) GPR0); intro. + (* Aindexed from GPR0 *) + set (rs1 := nextinstr (rs#GPR2 <- (ms t))). + set (rs2 := nextinstr (rs1#GPR2 <- (Val.add (ms t) (Vint (Int.shl (high_s i) (Int.repr 16)))))). + assert (ADDR: eval_addressing_total ge sp (Aindexed i) ms##(t :: nil) = + Val.add rs2#GPR2 (const_low ge (Cint (low_s i)))). + simpl. unfold rs2. rewrite nextinstr_inv. rewrite Pregmap.gss. + rewrite Val.add_assoc. simpl. rewrite low_high_s. auto. + discriminate. + assert (AG: agree ms sp rs2). unfold rs2, rs1; auto 6 with ppcgen. + assert (NOT0: GPR2 <> GPR0). discriminate. + generalize (H _ _ _ k ADDR AG NOT0). + intros [rs' [EX' AG']]. + exists rs'. split. + apply exec_straight_trans with (mk1 (Cint (low_s i)) GPR2 :: k) rs2 m. + apply exec_straight_two with rs1 m. + unfold rs1. rewrite (ireg_val ms sp rs); auto. + unfold rs2. replace (ms t) with (rs1#GPR2). auto. + unfold rs1. rewrite nextinstr_inv. apply Pregmap.gss. discriminate. + reflexivity. reflexivity. + assumption. assumption. + (* Aindexed short *) + case (Int.eq (high_s i) Int.zero). + assert (ADDR: eval_addressing_total ge sp (Aindexed i) ms##(t :: nil) = + Val.add rs#(ireg_of t) (const_low ge (Cint i))). + simpl. rewrite (ireg_val ms sp rs); auto. + generalize (H _ _ _ k ADDR H1 n). intros [rs' [EX' AG']]. + exists rs'. split. auto. auto. + (* Aindexed long *) + set (rs1 := nextinstr (rs#GPR2 <- (Val.add (ms t) (Vint (Int.shl (high_s i) (Int.repr 16)))))). + assert (ADDR: eval_addressing_total ge sp (Aindexed i) ms##(t :: nil) = + Val.add rs1#GPR2 (const_low ge (Cint (low_s i)))). + simpl. unfold rs1. rewrite nextinstr_inv. rewrite Pregmap.gss. + rewrite Val.add_assoc. simpl. rewrite low_high_s. auto. + discriminate. + assert (AG: agree ms sp rs1). unfold rs1; auto with ppcgen. + assert (NOT0: GPR2 <> GPR0). discriminate. + generalize (H _ _ _ k ADDR AG NOT0). intros [rs' [EX' AG']]. + exists rs'. split. apply exec_straight_step with rs1 m. + simpl. rewrite gpr_or_zero_not_zero; auto. + rewrite <- (ireg_val ms sp rs); auto. reflexivity. + assumption. assumption. + (* Aindexed2 *) + apply H0. + simpl. repeat (rewrite (ireg_val ms sp rs); auto). auto. + (* Aglobal *) + set (rs1 := nextinstr (rs#GPR2 <- (const_high ge (Csymbol_high_signed i i0)))). + assert (ADDR: eval_addressing_total ge sp (Aglobal i i0) ms##nil = + Val.add rs1#GPR2 (const_low ge (Csymbol_low_signed i i0))). + simpl. unfold rs1. rewrite nextinstr_inv. rewrite Pregmap.gss. + unfold const_high, const_low. + set (v := symbol_offset ge i i0). + symmetry. rewrite Val.add_commut. apply low_high_half_signed. + discriminate. + assert (AG: agree ms sp rs1). unfold rs1; auto with ppcgen. + assert (NOT0: GPR2 <> GPR0). discriminate. + generalize (H _ _ _ k ADDR AG NOT0). intros [rs' [EX' AG']]. + exists rs'. split. apply exec_straight_step with rs1 m. + unfold exec_instr. rewrite gpr_or_zero_zero. + rewrite Val.add_commut. unfold const_high. + rewrite high_half_signed_zero. + reflexivity. reflexivity. + assumption. assumption. + (* Abased *) + assert (COMMON: + forall (rs1: regset) r, + r <> GPR0 -> + ms t = rs1#r -> + agree ms sp rs1 -> + exists rs', + exec_straight + (Paddis GPR2 r (Csymbol_high_signed i i0) + :: mk1 (Csymbol_low_signed i i0) GPR2 :: k) rs1 m k rs' m' + /\ agree ms' sp rs'). + intros. + set (rs2 := nextinstr (rs1#GPR2 <- (Val.add (ms t) (const_high ge (Csymbol_high_signed i i0))))). + assert (ADDR: eval_addressing_total ge sp (Abased i i0) ms##(t::nil) = + Val.add rs2#GPR2 (const_low ge (Csymbol_low_signed i i0))). + simpl. unfold rs2. rewrite nextinstr_inv. rewrite Pregmap.gss. + unfold const_high. + set (v := symbol_offset ge i i0). + rewrite Val.add_assoc. + rewrite (Val.add_commut (high_half_signed v)). + rewrite low_high_half_signed. apply Val.add_commut. + discriminate. + assert (AG: agree ms sp rs2). unfold rs2; auto with ppcgen. + assert (NOT0: GPR2 <> GPR0). discriminate. + generalize (H _ _ _ k ADDR AG NOT0). intros [rs' [EX' AG']]. + exists rs'. split. apply exec_straight_step with rs2 m. + unfold exec_instr. rewrite gpr_or_zero_not_zero; auto. + rewrite <- H3. reflexivity. reflexivity. + assumption. assumption. + case (ireg_eq (ireg_of t) GPR0); intro. + set (rs1 := nextinstr (rs#GPR2 <- (ms t))). + assert (R1: GPR2 <> GPR0). discriminate. + assert (R2: ms t = rs1 GPR2). + unfold rs1. rewrite nextinstr_inv. rewrite Pregmap.gss; auto. + discriminate. + assert (R3: agree ms sp rs1). unfold rs1; auto with ppcgen. + generalize (COMMON rs1 GPR2 R1 R2 R3). intros [rs' [EX' AG']]. + exists rs'. split. + apply exec_straight_step with rs1 m. + unfold rs1. rewrite (ireg_val ms sp rs); auto. reflexivity. + assumption. assumption. + apply COMMON; auto. eapply ireg_val; eauto. + (* Ainstack *) + case (Int.eq (high_s i) Int.zero). + apply H. simpl. rewrite (sp_val ms sp rs); auto. auto. + discriminate. + set (rs1 := nextinstr (rs#GPR2 <- (Val.add sp (Vint (Int.shl (high_s i) (Int.repr 16)))))). + assert (ADDR: eval_addressing_total ge sp (Ainstack i) ms##nil = + Val.add rs1#GPR2 (const_low ge (Cint (low_s i)))). + simpl. unfold rs1. rewrite nextinstr_inv. rewrite Pregmap.gss. + rewrite Val.add_assoc. decEq. simpl. rewrite low_high_s. auto. + discriminate. + assert (AG: agree ms sp rs1). unfold rs1; auto with ppcgen. + assert (NOT0: GPR2 <> GPR0). discriminate. + generalize (H _ _ _ k ADDR AG NOT0). intros [rs' [EX' AG']]. + exists rs'. split. apply exec_straight_step with rs1 m. + simpl. rewrite gpr_or_zero_not_zero. + unfold rs1. rewrite (sp_val ms sp rs). reflexivity. + auto. discriminate. reflexivity. assumption. assumption. +Qed. + +(** Translation of memory loads. *) + +Lemma transl_load_correct: + forall (mk1: constant -> ireg -> instruction) (mk2: ireg -> ireg -> instruction) + chunk addr args k ms sp rs m dst a v, + (forall cst (r1: ireg) (rs1: regset), + exec_instr ge fn (mk1 cst r1) rs1 m = + load1 ge chunk (preg_of dst) cst r1 rs1 m) -> + (forall (r1 r2: ireg) (rs1: regset), + exec_instr ge fn (mk2 r1 r2) rs1 m = + load2 chunk (preg_of dst) r1 r2 rs1 m) -> + agree ms sp rs -> + map mreg_type args = type_of_addressing addr -> + eval_addressing ge sp addr (map ms args) = Some a -> + Mem.loadv chunk m a = Some v -> + exists rs', + exec_straight (transl_load_store mk1 mk2 addr args k) rs m + k rs' m + /\ agree (Regmap.set dst v ms) sp rs'. +Proof. + intros. apply transl_load_store_correct with ms. + intros. exists (nextinstr (rs1#(preg_of dst) <- v)). + split. apply exec_straight_one. rewrite H. + unfold load1. rewrite gpr_or_zero_not_zero; auto. + rewrite <- (eval_addressing_weaken _ _ _ _ H3) in H4. + rewrite H5 in H4. rewrite H4. auto. + auto with ppcgen. auto with ppcgen. + intros. exists (nextinstr (rs1#(preg_of dst) <- v)). + split. apply exec_straight_one. rewrite H0. + unfold load2. + rewrite <- (eval_addressing_weaken _ _ _ _ H3) in H4. + rewrite H5 in H4. rewrite H4. auto. + auto with ppcgen. auto with ppcgen. + auto. auto. +Qed. + +(** Translation of memory stores. *) + +Lemma transl_store_correct: + forall (mk1: constant -> ireg -> instruction) (mk2: ireg -> ireg -> instruction) + chunk addr args k ms sp rs m src a m', + (forall cst (r1: ireg) (rs1: regset), + exec_instr ge fn (mk1 cst r1) rs1 m = + store1 ge chunk (preg_of src) cst r1 rs1 m) -> + (forall (r1 r2: ireg) (rs1: regset), + exec_instr ge fn (mk2 r1 r2) rs1 m = + store2 chunk (preg_of src) r1 r2 rs1 m) -> + agree ms sp rs -> + map mreg_type args = type_of_addressing addr -> + eval_addressing ge sp addr (map ms args) = Some a -> + Mem.storev chunk m a (ms src) = Some m' -> + exists rs', + exec_straight (transl_load_store mk1 mk2 addr args k) rs m + k rs' m' + /\ agree ms sp rs'. +Proof. + intros. apply transl_load_store_correct with ms. + intros. exists (nextinstr rs1). + split. apply exec_straight_one. rewrite H. + unfold store1. rewrite gpr_or_zero_not_zero; auto. + rewrite <- (eval_addressing_weaken _ _ _ _ H3) in H4. + rewrite H5 in H4. elim H6; intros. rewrite H9 in H4. + rewrite H4. auto. + auto with ppcgen. auto with ppcgen. + intros. exists (nextinstr rs1). + split. apply exec_straight_one. rewrite H0. + unfold store2. + rewrite <- (eval_addressing_weaken _ _ _ _ H3) in H4. + rewrite H5 in H4. elim H6; intros. rewrite H8 in H4. + rewrite H4. auto. + auto with ppcgen. auto with ppcgen. + auto. auto. +Qed. + +End STRAIGHTLINE. + diff --git a/backend/Parallelmove.v b/backend/Parallelmove.v new file mode 100644 index 00000000..f95416eb --- /dev/null +++ b/backend/Parallelmove.v @@ -0,0 +1,2529 @@ +(** Translation of parallel moves into sequences of individual moves *) + +(** The ``parallel move'' problem, also known as ``parallel assignment'', + is the following. We are given a list of (source, destination) pairs + of locations. The goal is to find a sequence of elementary + moves ([loc <- loc] assignments) such that, at the end of the sequence, + location [dst] contains the value of location [src] at the beginning of + the sequence, for each ([src], [dst]) pairs in the given problem. + Moreover, other locations should keep their values, except one register + of each type, which can be used as temporaries in the generated sequences. + + The parallel move problem is trivial if the sources and destinations do + not overlap. For instance, +<< + (R1, R2) <- (R3, R4) becomes R1 <- R3; R2 <- R4 +>> + However, arbitrary overlap is allowed between sources and destinations. + This requires some care in ordering the individual moves, as in +<< + (R1, R2) <- (R3, R1) becomes R2 <- R1; R1 <- R3 +>> + Worse, cycles (permutations) can require the use of temporaries, as in +<< + (R1, R2, R3) <- (R2, R3, R1) becomes T <- R1; R1 <- R2; R2 <- R3; R3 <- T; +>> + An amazing fact is that for any parallel move problem, at most one temporary + (or in our case one integer temporary and one float temporary) is needed. + + The development in this section was contributed by Laurence Rideau and + Bernard Serpette. It is described in their paper + ``Coq à la conquête des moulins'', JFLA 2005, + ## + http://www-sop.inria.fr/lemme/Laurence.Rideau/RideauSerpetteJFLA05.ps + ## +*) + +Require Omega. +Require Import Wf_nat. +Require Import Conventions. +Require Import Coqlib. +Require Import Bool_nat. +Require Import TheoryList. +Require Import Bool. +Require Import Arith. +Require Import Peano_dec. +Require Import EqNat. +Require Import Values. +Require Import LTL. +Require Import EqNat. +Require Import Locations. +Require Import AST. + +Section pmov. + +Ltac caseEq name := generalize (refl_equal name); pattern name at -1; case name. +Hint Resolve beq_nat_eq . + +Lemma neq_is_neq: forall (x y : nat), x <> y -> beq_nat x y = false. +Proof. +unfold not; intros. +caseEq (beq_nat x y); auto. +intro. +elim H; auto. +Qed. +Hint Resolve neq_is_neq . + +Lemma app_nil: forall (A : Set) (l : list A), l ++ nil = l. +Proof. +intros A l; induction l as [|a l Hrecl]; auto; simpl; rewrite Hrecl; auto. +Qed. + +Lemma app_cons: + forall (A : Set) (l1 l2 : list A) (a : A), (a :: l1) ++ l2 = a :: (l1 ++ l2). +Proof. +auto. +Qed. + +Lemma app_app: + forall (A : Set) (l1 l2 l3 : list A), l1 ++ (l2 ++ l3) = (l1 ++ l2) ++ l3. +Proof. +intros A l1; induction l1 as [|a l1 Hrecl1]; simpl; auto; intros; + rewrite Hrecl1; auto. +Qed. + +Lemma app_rewrite: + forall (A : Set) (l : list A) (x : A), + (exists y : A , exists r : list A , l ++ (x :: nil) = y :: r ). +Proof. +intros A l x; induction l as [|a l Hrecl]. +exists x; exists (nil (A:=A)); auto. +inversion Hrecl; inversion H. +exists a; exists (l ++ (x :: nil)); auto. +Qed. + +Lemma app_rewrite2: + forall (A : Set) (l l2 : list A) (x : A), + (exists y : A , exists r : list A , l ++ (x :: l2) = y :: r ). +Proof. +intros A l l2 x; induction l as [|a l Hrecl]. +exists x; exists l2; auto. +inversion Hrecl; inversion H. +exists a; exists (l ++ (x :: l2)); auto. +Qed. + +Lemma app_rewriter: + forall (A : Set) (l : list A) (x : A), + (exists y : A , exists r : list A , x :: l = r ++ (y :: nil) ). +Proof. +intros A l x; induction l as [|a l Hrecl]. +exists x; exists (nil (A:=A)); auto. +inversion Hrecl; inversion H. +generalize H0; case x1; simpl; intros; inversion H1. +exists a; exists (x0 :: nil); simpl; auto. +exists x0; exists (a0 :: (a :: l0)); simpl; auto. +Qed. +Hint Resolve app_rewriter . + +Definition Reg := loc. + +Definition T := + fun (r : loc) => + match Loc.type r with Tint => R IT2 | Tfloat => R FT2 end. + +Definition notemporary := fun (r : loc) => forall x, Loc.diff r (T x). + +Definition Move := (Reg * Reg)%type. + +Definition Moves := list Move. + +Definition State := ((Moves * Moves) * Moves)%type. + +Definition StateToMove (r : State) : Moves := + match r with ((t, b), l) => t end. + +Definition StateBeing (r : State) : Moves := + match r with ((t, b), l) => b end. + +Definition StateDone (r : State) : Moves := + match r with ((t, b), l) => l end. + +Fixpoint noRead (p : Moves) (r : Reg) {struct p} : Prop := + match p with + nil => True + | (s, d) :: l => Loc.diff s r /\ noRead l r + end. + +Lemma noRead_app: + forall (l1 l2 : Moves) (r : Reg), + noRead l1 r -> noRead l2 r -> noRead (l1 ++ l2) r. +Proof. +intros; induction l1 as [|a l1 Hrecl1]; simpl; auto. +destruct a. +elim H; intros; split; auto. +Qed. + +Inductive step : State -> State -> Prop := + step_nop: + forall (r : Reg) (t1 t2 l : Moves), + step (t1 ++ ((r, r) :: t2), nil, l) (t1 ++ t2, nil, l) + | step_start: + forall (t1 t2 l : Moves) (m : Move), + step (t1 ++ (m :: t2), nil, l) (t1 ++ t2, m :: nil, l) + | step_push: + forall (t1 t2 b l : Moves) (s d r : Reg), + step + (t1 ++ ((d, r) :: t2), (s, d) :: b, l) + (t1 ++ t2, (d, r) :: ((s, d) :: b), l) + | step_loop: + forall (t b l : Moves) (s d r0 r0ounon : Reg), + step + (t, (s, r0ounon) :: (b ++ ((r0, d) :: nil)), l) + (t, (s, r0ounon) :: (b ++ ((T r0, d) :: nil)), (r0, T r0) :: l) + | step_pop: + forall (t b l : Moves) (s0 d0 sn dn : Reg), + noRead t dn -> + Loc.diff dn s0 -> + step + (t, (sn, dn) :: (b ++ ((s0, d0) :: nil)), l) + (t, b ++ ((s0, d0) :: nil), (sn, dn) :: l) + | step_last: + forall (t l : Moves) (s d : Reg), + noRead t d -> step (t, (s, d) :: nil, l) (t, nil, (s, d) :: l) . +Hint Resolve step_nop step_start step_push step_loop step_pop step_last . + +Fixpoint path (l : Moves) : Prop := + match l with + nil => True + | (s, d) :: l => + match l with + nil => True + | (ss, dd) :: l2 => s = dd /\ path l + end + end. + +Lemma path_pop: forall (m : Move) (l : Moves), path (m :: l) -> path l. +Proof. +simpl; intros m l; destruct m as [ms md]; case l; auto. +intros m0; destruct m0; intros; inversion H; auto. +Qed. + +Fixpoint noWrite (p : Moves) (r : Reg) {struct p} : Prop := + match p with + nil => True + | (s, d) :: l => Loc.diff d r /\ noWrite l r + end. + +Lemma noWrite_pop: + forall (p1 p2 : Moves) (m : Move) (r : Reg), + noWrite (p1 ++ (m :: p2)) r -> noWrite (p1 ++ p2) r. +Proof. +intros; induction p1 as [|a p1 Hrecp1]. +generalize H; simpl; case m; intros; inversion H0; auto. +generalize H; rewrite app_cons; rewrite app_cons. +simpl; case a; intros. +inversion H0; split; auto. +Qed. + +Lemma noWrite_in: + forall (p1 p2 : Moves) (r0 r1 r2 : Reg), + noWrite (p1 ++ ((r1, r2) :: p2)) r0 -> Loc.diff r0 r2. +Proof. +intros; induction p1 as [|a p1 Hrecp1]; simpl; auto. +generalize H; simpl; intros; inversion H0; auto. +apply Loc.diff_sym; auto. +generalize H; rewrite app_cons; simpl; case a; intros. +apply Hrecp1; inversion H0; auto. +Qed. + +Lemma noWrite_swap: + forall (p : Moves) (m1 m2 : Move) (r : Reg), + noWrite (m1 :: (m2 :: p)) r -> noWrite (m2 :: (m1 :: p)) r. +Proof. +intros p m1 m2 r; simpl; case m1; case m2. +intros; inversion H; inversion H1; split; auto. +Qed. + +Lemma noWrite_movFront: + forall (p1 p2 : Moves) (m : Move) (r0 : Reg), + noWrite (p1 ++ (m :: p2)) r0 -> noWrite (m :: (p1 ++ p2)) r0. +Proof. +intros p1 p2 m r0; induction p1 as [|a p1 Hrecp1]; auto. +case a; intros r1 r2; rewrite app_cons; rewrite app_cons. +intros; apply noWrite_swap; rewrite <- app_cons. +simpl in H |-; inversion H; unfold noWrite; fold noWrite; auto. +Qed. + +Lemma noWrite_insert: + forall (p1 p2 : Moves) (m : Move) (r0 : Reg), + noWrite (m :: (p1 ++ p2)) r0 -> noWrite (p1 ++ (m :: p2)) r0. +Proof. +intros p1 p2 m r0; induction p1 as [|a p1 Hrecp1]. +simpl; auto. +destruct a; simpl. +destruct m. +intros [H1 [H2 H3]]; split; auto. +apply Hrecp1. +simpl; auto. +Qed. + +Lemma noWrite_tmpLast: + forall (t : Moves) (r s d : Reg), + noWrite (t ++ ((s, d) :: nil)) r -> + forall (x : Reg), noWrite (t ++ ((x, d) :: nil)) r. +Proof. +intros; induction t as [|a t Hrect]. +simpl; auto. +generalize H; simpl; case a; intros; inversion H0; split; auto. +Qed. + +Fixpoint simpleDest (p : Moves) : Prop := + match p with + nil => True + | (s, d) :: l => noWrite l d /\ simpleDest l + end. + +Lemma simpleDest_Pop: + forall (m : Move) (l1 l2 : Moves), + simpleDest (l1 ++ (m :: l2)) -> simpleDest (l1 ++ l2). +Proof. +intros; induction l1 as [|a l1 Hrecl1]. +generalize H; simpl; case m; intros; inversion H0; auto. +generalize H; rewrite app_cons; rewrite app_cons. +simpl; case a; intros; inversion H0; split; auto. +apply (noWrite_pop l1 l2 m); auto. +Qed. + +Lemma simpleDest_pop: + forall (m : Move) (l : Moves), simpleDest (m :: l) -> simpleDest l. +Proof. +intros m l; simpl; case m; intros _ r [X Y]; auto. +Qed. + +Lemma simpleDest_right: + forall (l1 l2 : Moves), simpleDest (l1 ++ l2) -> simpleDest l2. +Proof. +intros l1; induction l1 as [|a l1 Hrecl1]; auto. +intros l2; rewrite app_cons; intros; apply Hrecl1. +apply (simpleDest_pop a); auto. +Qed. + +Lemma simpleDest_swap: + forall (m1 m2 : Move) (l : Moves), + simpleDest (m1 :: (m2 :: l)) -> simpleDest (m2 :: (m1 :: l)). +Proof. +intros m1 m2 l; simpl; case m1; case m2. +intros _ r0 _ r2 [[X Y] [Z U]]; auto. +(repeat split); auto. +apply Loc.diff_sym; auto. +Qed. + +Lemma simpleDest_pop2: + forall (m1 m2 : Move) (l : Moves), + simpleDest (m1 :: (m2 :: l)) -> simpleDest (m1 :: l). +Proof. +intros; apply (simpleDest_pop m2); apply simpleDest_swap; auto. +Qed. + +Lemma simpleDest_movFront: + forall (p1 p2 : Moves) (m : Move), + simpleDest (p1 ++ (m :: p2)) -> simpleDest (m :: (p1 ++ p2)). +Proof. +intros p1 p2 m; induction p1 as [|a p1 Hrecp1]. +simpl; auto. +rewrite app_cons; rewrite app_cons. +case a; intros; simpl in H |-; inversion H. +apply simpleDest_swap; simpl; auto. +destruct m. +cut (noWrite ((r1, r2) :: (p1 ++ p2)) r0). +cut (simpleDest ((r1, r2) :: (p1 ++ p2))). +intro; (repeat split); elim H3; elim H2; intros; auto. +apply Hrecp1; auto. +apply noWrite_movFront; auto. +Qed. + +Lemma simpleDest_insert: + forall (p1 p2 : Moves) (m : Move), + simpleDest (m :: (p1 ++ p2)) -> simpleDest (p1 ++ (m :: p2)). +Proof. +intros p1 p2 m; induction p1 as [|a p1 Hrecp1]. +simpl; auto. +rewrite app_cons; intros. +simpl. +destruct a as [a1 a2]. +split. +destruct m; simpl in H |-. +apply noWrite_insert. +simpl; split; elim H; intros [H1 H2] [H3 H4]; auto. +apply Loc.diff_sym; auto. +apply Hrecp1. +apply simpleDest_pop2 with (a1, a2); auto. +Qed. + +Lemma simpleDest_movBack: + forall (p1 p2 : Moves) (m : Move), + simpleDest (p1 ++ (m :: p2)) -> simpleDest ((p1 ++ p2) ++ (m :: nil)). +Proof. +intros. +apply (simpleDest_insert (p1 ++ p2) nil m). +rewrite app_nil; apply simpleDest_movFront; auto. +Qed. + +Lemma simpleDest_swap_app: + forall (t1 t2 t3 : Moves) (m : Move), + simpleDest (t1 ++ (m :: (t2 ++ t3))) -> simpleDest ((t1 ++ t2) ++ (m :: t3)). +Proof. +intros. +apply (simpleDest_insert (t1 ++ t2) t3 m). +rewrite <- app_app. +apply simpleDest_movFront; auto. +Qed. + +Lemma simpleDest_tmpLast: + forall (t : Moves) (s d : Reg), + simpleDest (t ++ ((s, d) :: nil)) -> + forall (r : Reg), simpleDest (t ++ ((r, d) :: nil)). +Proof. +intros t s d; induction t as [|a t Hrect]. +simpl; auto. +simpl; case a; intros; inversion H; split; auto. +apply (noWrite_tmpLast t r0 s); auto. +Qed. + +Fixpoint noTmp (b : Moves) : Prop := + match b with + nil => True + | (s, d) :: l => + (forall r, Loc.diff s (T r)) /\ + ((forall r, Loc.diff d (T r)) /\ noTmp l) + end. + +Fixpoint noTmpLast (b : Moves) : Prop := + match b with + nil => True + | (s, d) :: nil => forall r, Loc.diff d (T r) + | (s, d) :: l => + (forall r, Loc.diff s (T r)) /\ + ((forall r, Loc.diff d (T r)) /\ noTmpLast l) + end. + +Lemma noTmp_app: + forall (l1 l2 : Moves) (m : Move), + noTmp l1 -> noTmpLast (m :: l2) -> noTmpLast (l1 ++ (m :: l2)). +Proof. +intros. +induction l1 as [|a l1 Hrecl1]. +simpl; auto. +simpl. +caseEq (l1 ++ (m :: l2)); intro. +destruct a. +elim H; intros; auto. +inversion H; auto. +elim H3; auto. +intros; destruct a as [a1 a2]. +elim H; intros H2 [H3 H4]; auto. +(repeat split); auto. +rewrite H1 in Hrecl1; apply Hrecl1; auto. +Qed. + +Lemma noTmpLast_popBack: + forall (t : Moves) (m : Move), noTmpLast (t ++ (m :: nil)) -> noTmp t. +Proof. +intros. +induction t as [|a t Hrect]. +simpl; auto. +destruct a as [a1 a2]. +rewrite app_cons in H. +simpl. +simpl in H |-. +generalize H; caseEq (t ++ (m :: nil)); intros. +destruct t; inversion H0. +elim H1. +intros H2 [H3 H4]; (repeat split); auto. +rewrite <- H0 in H4. +apply Hrect; auto. +Qed. + +Fixpoint getsrc (p : Moves) : list Reg := + match p with + nil => nil + | (s, d) :: l => s :: getsrc l + end. + +Fixpoint getdst (p : Moves) : list Reg := + match p with + nil => nil + | (s, d) :: l => d :: getdst l + end. + +Fixpoint noOverlap_aux (r : Reg) (l : list Reg) {struct l} : Prop := + match l with + nil => True + | b :: m => (b = r \/ Loc.diff b r) /\ noOverlap_aux r m + end. + +Definition noOverlap (p : Moves) : Prop := + forall l, In l (getsrc p) -> noOverlap_aux l (getdst p). + +Definition stepInv (r : State) : Prop := + path (StateBeing r) /\ + (simpleDest (StateToMove r ++ StateBeing r) /\ + (noOverlap (StateToMove r ++ StateBeing r) /\ + (noTmp (StateToMove r) /\ noTmpLast (StateBeing r)))). + +Definition Value := val. + +Definition Env := locset. + +Definition get (e : Env) (r : Reg) := Locmap.get r e. + +Definition update (e : Env) (r : Reg) (v : Value) : Env := Locmap.set r v e. + +Fixpoint sexec (p : Moves) (e : Env) {struct p} : Env := + match p with + nil => e + | (s, d) :: l => let e' := sexec l e in + update e' d (get e' s) + end. + +Fixpoint pexec (p : Moves) (e : Env) {struct p} : Env := + match p with + nil => e + | (s, d) :: l => update (pexec l e) d (get e s) + end. + +Lemma get_update: + forall (e : Env) (r1 r2 : Reg) (v : Value), + get (update e r1 v) r2 = + (if Loc.eq r1 r2 then v else if Loc.overlap r1 r2 then Vundef else get e r2). +Proof. +intros. +unfold update, get, Locmap.get, Locmap.set; trivial. +Qed. + +Lemma get_update_id: + forall (e : Env) (r1 : Reg) (v : Value), get (update e r1 v) r1 = v. +Proof. +intros e r1 v; rewrite (get_update e r1 r1); auto. +case (Loc.eq r1 r1); auto. +intros H; elim H; trivial. +Qed. + +Lemma get_update_diff: + forall (e : Env) (r1 r2 : Reg) (v : Value), + Loc.diff r1 r2 -> get (update e r1 v) r2 = get e r2. +Proof. +intros; unfold update, get, Locmap.get, Locmap.set. +case (Loc.eq r1 r2); intro. +absurd (r1 = r2); [apply Loc.diff_not_eq; trivial | trivial]. +caseEq (Loc.overlap r1 r2); intro; trivial. +absurd (Loc.diff r1 r2); [apply Loc.overlap_not_diff; assumption | assumption]. +Qed. + +Lemma get_update_ndiff: + forall (e : Env) (r1 r2 : Reg) (v : Value), + r1 <> r2 -> not (Loc.diff r1 r2) -> get (update e r1 v) r2 = Vundef. +Proof. +intros; unfold update, get, Locmap.get, Locmap.set. +case (Loc.eq r1 r2); intro. +absurd (r1 = r2); assumption. +caseEq (Loc.overlap r1 r2); intro; trivial. +absurd (Loc.diff r1 r2); (try assumption). +apply Loc.non_overlap_diff; assumption. +Qed. + +Lemma pexec_swap: + forall (m1 m2 : Move) (t : Moves), + simpleDest (m1 :: (m2 :: t)) -> + forall (e : Env) (r : Reg), + get (pexec (m1 :: (m2 :: t)) e) r = get (pexec (m2 :: (m1 :: t)) e) r. +Proof. +intros; destruct m1 as [m1s m1d]; destruct m2 as [m2s m2d]. +generalize H; simpl; intros [[NEQ NW] [NW2 HSD]]; clear H. +case (Loc.eq m1d r); case (Loc.eq m2d r); intros. +absurd (m1d = m2d); + [apply Loc.diff_not_eq; apply Loc.diff_sym; assumption | + rewrite e0; rewrite e1; trivial]. +caseEq (Loc.overlap m2d r); intro. +absurd (Loc.diff m2d m1d); [apply Loc.overlap_not_diff; rewrite e0 | idtac]; + (try assumption). +subst m1d; rewrite get_update_id; rewrite get_update_diff; + (try rewrite get_update_id); auto. +caseEq (Loc.overlap m1d r); intro. +absurd (Loc.diff m1d m2d); + [apply Loc.overlap_not_diff; rewrite e0 | apply Loc.diff_sym]; assumption. +subst m2d; (repeat rewrite get_update_id); rewrite get_update_diff; + [rewrite get_update_id; trivial | apply Loc.diff_sym; trivial]. +caseEq (Loc.overlap m1d r); caseEq (Loc.overlap m2d r); intros. +(repeat rewrite get_update_ndiff); + (try (apply Loc.overlap_not_diff; assumption)); trivial. +assert (~ Loc.diff m1d r); + [apply Loc.overlap_not_diff; assumption | + intros; rewrite get_update_ndiff; auto]. +rewrite get_update_diff; + [rewrite get_update_ndiff; auto | apply Loc.non_overlap_diff; auto]. +cut (~ Loc.diff m2d r); [idtac | apply Loc.overlap_not_diff; auto]. +cut (Loc.diff m1d r); [idtac | apply Loc.non_overlap_diff; auto]. +intros; rewrite get_update_diff; auto. +(repeat rewrite get_update_ndiff); auto. +cut (Loc.diff m1d r); [idtac | apply Loc.non_overlap_diff; auto]. +cut (Loc.diff m2d r); [idtac | apply Loc.non_overlap_diff; auto]. +intros; (repeat rewrite get_update_diff); auto. +Qed. + +Lemma pexec_add: + forall (t1 t2 : Moves) (r : Reg) (e : Env), + get (pexec t1 e) r = get (pexec t2 e) r -> + forall (a : Move), get (pexec (a :: t1) e) r = get (pexec (a :: t2) e) r. +Proof. +intros. +case a. +simpl. +intros a1 a2. +unfold get, update, Locmap.set, Locmap.get. +case (Loc.eq a2 r); case (Loc.overlap a2 r); auto. +Qed. + +Lemma pexec_movBack: + forall (t1 t2 : Moves) (m : Move), + simpleDest (m :: (t1 ++ t2)) -> + forall (e : Env) (r : Reg), + get (pexec (m :: (t1 ++ t2)) e) r = get (pexec (t1 ++ (m :: t2)) e) r. +Proof. +intros t1 t2 m; induction t1 as [|a t1 Hrect1]. +simpl; auto. +rewrite app_cons. +intros; rewrite pexec_swap; auto; rewrite app_cons; auto. +apply pexec_add. +apply Hrect1. +apply (simpleDest_pop2 m a); auto. +Qed. + +Lemma pexec_movFront: + forall (t1 t2 : Moves) (m : Move), + simpleDest (t1 ++ (m :: t2)) -> + forall (e : Env) (r : Reg), + get (pexec (t1 ++ (m :: t2)) e) r = get (pexec (m :: (t1 ++ t2)) e) r. +Proof. +intros; rewrite <- pexec_movBack; eauto. +apply simpleDest_movFront; auto. +Qed. + +Lemma pexec_mov: + forall (t1 t2 t3 : Moves) (m : Move), + simpleDest ((t1 ++ (m :: t2)) ++ t3) -> + forall (e : Env) (r : Reg), + get (pexec ((t1 ++ (m :: t2)) ++ t3) e) r = + get (pexec ((t1 ++ t2) ++ (m :: t3)) e) r. +Proof. +intros t1 t2 t3 m. +rewrite <- app_app. +rewrite app_cons. +intros. +rewrite pexec_movFront; auto. +cut (simpleDest (m :: (t1 ++ (t2 ++ t3)))). +rewrite app_app. +rewrite <- pexec_movFront; auto. +apply simpleDest_swap_app; auto. +apply simpleDest_movFront; auto. +Qed. + +Definition diff_dec: + forall (x y : Reg), ({ Loc.diff x y }) + ({ not (Loc.diff x y) }). +intros. +case (Loc.eq x y). +intros heq; right. +red; intro; absurd (x = y); auto. +apply Loc.diff_not_eq; auto. +intro; caseEq (Loc.overlap x y). +intro; right. +apply Loc.overlap_not_diff; auto. +intro; left; apply Loc.non_overlap_diff; auto. +Defined. + +Lemma get_pexec_id_noWrite: + forall (t : Moves) (d : Reg), + noWrite t d -> + forall (e : Env) (v : Value), v = get (pexec t (update e d v)) d. +Proof. +intros. +induction t as [|a t Hrect]. +simpl. +rewrite get_update_id; auto. +generalize H; destruct a as [a1 a2]; simpl; intros [NEQ R]. +rewrite get_update_diff; auto. +Qed. + +Lemma pexec_nop: + forall (t : Moves) (r : Reg) (e : Env) (x : Reg), + Loc.diff r x -> get (pexec ((r, r) :: t) e) x = get (pexec t e) x. +Proof. +intros. +simpl. +rewrite get_update_diff; auto. +Qed. + +Lemma sD_nW: forall t r s, simpleDest ((s, r) :: t) -> noWrite t r. +Proof. +induction t. +simpl; auto. +simpl. +destruct a. +intros r1 r2 H; split; [try assumption | idtac]. +elim H; + [intros H0 H1; elim H0; [intros H2 H3; (try clear H0 H); (try exact H2)]]. +elim H; + [intros H0 H1; elim H0; [intros H2 H3; (try clear H0 H); (try exact H3)]]. +Qed. + +Lemma sD_pexec: + forall (t : Moves) (s d : Reg), + simpleDest ((s, d) :: t) -> forall (e : Env), get (pexec t e) d = get e d. +Proof. +intros. +induction t as [|a t Hrect]; simpl; auto. +destruct a as [a1 a2]. +simpl in H |-; elim H; intros [H0 H1] [H2 H3]; clear H. +case (Loc.eq a2 d); intro. +absurd (a2 = d); [apply Loc.diff_not_eq | trivial]; assumption. +rewrite get_update_diff; (try assumption). +apply Hrect. +simpl; (split; assumption). +Qed. + +Lemma noOverlap_nil: noOverlap nil. +Proof. +unfold noOverlap, noOverlap_aux, getsrc, getdst; trivial. +Qed. + +Lemma getsrc_add: + forall (m : Move) (l1 l2 : Moves) (l : Reg), + In l (getsrc (l1 ++ l2)) -> In l (getsrc (l1 ++ (m :: l2))). +Proof. +intros m l1 l2 l; destruct m; induction l1; simpl; auto. +destruct a; simpl; intros. +elim H; intros H0; [left | right]; auto. +Qed. + +Lemma getdst_add: + forall (r1 r2 : Reg) (l1 l2 : Moves), + getdst (l1 ++ ((r1, r2) :: l2)) = getdst l1 ++ (r2 :: getdst l2). +Proof. +intros r1 r2 l1 l2; induction l1; simpl; auto. +destruct a; simpl; rewrite IHl1; auto. +Qed. + +Lemma getdst_app: + forall (l1 l2 : Moves), getdst (l1 ++ l2) = getdst l1 ++ getdst l2. +Proof. +intros; induction l1; simpl; auto. +destruct a; simpl; rewrite IHl1; auto. +Qed. + +Lemma noOverlap_auxpop: + forall (x r : Reg) (l : list Reg), + noOverlap_aux x (r :: l) -> noOverlap_aux x l. +Proof. +induction l; simpl; auto. +intros [H1 [H2 H3]]; split; auto. +Qed. + +Lemma noOverlap_auxPop: + forall (x r : Reg) (l1 l2 : list Reg), + noOverlap_aux x (l1 ++ (r :: l2)) -> noOverlap_aux x (l1 ++ l2). +Proof. +intros x r l1 l2; (try assumption). +induction l1 as [|a l1 Hrecl1]; simpl app. +intro; apply (noOverlap_auxpop x r); auto. +(repeat rewrite app_cons); simpl. +intros [H1 H2]; split; auto. +Qed. + +Lemma noOverlap_pop: + forall (m : Move) (l : Moves), noOverlap (m :: l) -> noOverlap l. +Proof. +induction l. +intro; apply noOverlap_nil. +unfold noOverlap; simpl; destruct m; destruct a; simpl; intros. +elim (H l0); intros; (try assumption). +elim H0; intros H1; right; [left | right]; assumption. +Qed. + +Lemma noOverlap_Pop: + forall (m : Move) (l1 l2 : Moves), + noOverlap (l1 ++ (m :: l2)) -> noOverlap (l1 ++ l2). +Proof. +intros m l1 l2; induction l1 as [|a l1 Hrecl1]; simpl. +simpl; apply noOverlap_pop. +(repeat rewrite app_cons); unfold noOverlap; destruct a; simpl. +intros H l H0; split. +elim (H l); [intros H1 H2 | idtac]; auto. +elim H0; [intros H3; left | intros H3; right; apply getsrc_add]; auto. +unfold noOverlap in Hrecl1 |-. +elim H0; intros H1; clear H0. +destruct m; rewrite getdst_app; apply noOverlap_auxPop with ( r := r2 ). +rewrite getdst_add in H. +elim H with ( l := l ); [intros H0 H2; (try clear H); (try exact H2) | idtac]. +left; (try assumption). +apply Hrecl1 with ( l := l ); auto. +intros l0 H0; (try assumption). +elim H with ( l := l0 ); [intros H2 H3; (try clear H); (try exact H3) | idtac]; + auto. +Qed. + +Lemma noOverlap_right: + forall (l1 l2 : Moves), noOverlap (l1 ++ l2) -> noOverlap l2. +Proof. +intros l1; induction l1 as [|a l1 Hrecl1]; auto. +intros l2; rewrite app_cons; intros; apply Hrecl1. +apply (noOverlap_pop a); auto. +Qed. + +Lemma pexec_update: + forall t e d r v, + Loc.diff d r -> + noRead t d -> get (pexec t (update e d v)) r = get (pexec t e) r. +Proof. +induction t; simpl. +intros; rewrite get_update_diff; auto. +destruct a as [a1 a2]; intros; case (Loc.eq a2 r); intro. +subst a2; (repeat rewrite get_update_id). +rewrite get_update_diff; auto; apply Loc.diff_sym; elim H0; auto. +case (diff_dec a2 r); intro. +(repeat rewrite get_update_diff); auto. +apply IHt; auto. +elim H0; auto. +(repeat rewrite get_update_ndiff); auto. +Qed. + +Lemma pexec_push: + forall (t l : Moves) (s d : Reg), + noRead t d -> + simpleDest ((s, d) :: t) -> + forall (e : Env) (r : Reg), + r = d \/ Loc.diff d r -> + get (pexec ((s, d) :: t) (sexec l e)) r = + get (pexec t (sexec ((s, d) :: l) e)) r. +Proof. +intros; simpl. +elim H1; intros e1. +rewrite e1; rewrite get_update_id; auto. +rewrite (sD_pexec t s d); auto; rewrite get_update_id; auto. +rewrite pexec_update; auto. +rewrite get_update_diff; auto. +Qed. + +Definition exec (s : State) (e : Env) := + pexec (StateToMove s ++ StateBeing s) (sexec (StateDone s) e). + +Definition sameEnv (e1 e2 : Env) := + forall (r : Reg), notemporary r -> get e1 r = get e2 r. + +Definition NoOverlap (r : Reg) (s : State) := + noOverlap ((r, r) :: (StateToMove s ++ StateBeing s)). + +Lemma noOverlapaux_swap2: + forall (l1 l2 : list Reg) (m l : Reg), + noOverlap_aux l (l1 ++ (m :: l2)) -> noOverlap_aux l (m :: (l1 ++ l2)). +Proof. +intros l1 l2 m l; induction l1; simpl noOverlap_aux; auto. +intros; elim H; intros H0 H1; (repeat split); auto. +simpl in IHl1 |-. +elim IHl1; [intros H2 H3; (try exact H2) | idtac]; auto. +apply (noOverlap_auxpop l m). +apply IHl1; auto. +Qed. + +Lemma noTmp_noReadTmp: forall t, noTmp t -> forall s, noRead t (T s). +Proof. +induction t; simpl; auto. +destruct a as [a1 a2]; intros. +split; [idtac | apply IHt]; elim H; intros H1 [H2 H3]; auto. +Qed. + +Lemma noRead_by_path: + forall (b t : Moves) (r0 r1 r7 r8 : Reg), + simpleDest ((r7, r8) :: (b ++ ((r0, r1) :: nil))) -> + path (b ++ ((r0, r1) :: nil)) -> Loc.diff r8 r0 -> noRead b r8. +Proof. +intros; induction b as [|a b Hrecb]; simpl; auto. +destruct a as [a1 a2]; generalize H H0; rewrite app_cons; intros; split. +simpl in H3 |-; caseEq (b ++ ((r0, r1) :: nil)); intro. +destruct b; inversion H4. +intros l H4. +rewrite H4 in H3. +destruct m. +rewrite H4 in H2; simpl in H2 |-. +elim H3; [intros H5 H6; (try clear H3); (try exact H5)]. +rewrite H5. +elim H2; intros [H3 [H7 H8]] [H9 [H10 H11]]; (try assumption). +apply Hrecb. +apply (simpleDest_pop (a1, a2)); apply simpleDest_swap; auto. +apply (path_pop (a1, a2)); auto. +Qed. + +Lemma noOverlap_swap: + forall (m1 m2 : Move) (l : Moves), + noOverlap (m1 :: (m2 :: l)) -> noOverlap (m2 :: (m1 :: l)). +Proof. +intros m1 m2 l; simpl; destruct m1 as [m1s m1d]; destruct m2 as [m2s m2d]. +unfold noOverlap; simpl; intros. +assert (m1s = l0 \/ (m2s = l0 \/ In l0 (getsrc l))). +elim H0; [intros H1 | intros [H1|H2]]. +right; left; (try assumption). +left; (try assumption). +right; right; (try assumption). +(repeat split); + (elim (H l0); [intros H2 H3; elim H3; [intros H4 H5] | idtac]; auto). +Qed. + +Lemma getsrc_add1: + forall (r1 r2 : Reg) (l1 l2 : Moves), + getsrc (l1 ++ ((r1, r2) :: l2)) = getsrc l1 ++ (r1 :: getsrc l2). +Proof. +intros r1 r2 l1 l2; induction l1; simpl; auto. +destruct a; simpl; rewrite IHl1; auto. +Qed. + +Lemma getsrc_app: + forall (l1 l2 : Moves), getsrc (l1 ++ l2) = getsrc l1 ++ getsrc l2. +Proof. +intros; induction l1; simpl; auto. +destruct a; simpl; rewrite IHl1; auto. +Qed. + +Lemma Ingetsrc_swap: + forall (m : Move) (l1 l2 : Moves) (l : Reg), + In l (getsrc (m :: (l1 ++ l2))) -> In l (getsrc (l1 ++ (m :: l2))). +Proof. +intros; destruct m as [m1 m2]; simpl; auto. +simpl in H |-. +elim H; intros H0; auto. +rewrite H0; rewrite getsrc_add1; auto. +apply (in_or_app (getsrc l1) (l :: getsrc l2)); auto. +right; apply in_eq; auto. +apply getsrc_add; auto. +Qed. + +Lemma noOverlap_movFront: + forall (p1 p2 : Moves) (m : Move), + noOverlap (p1 ++ (m :: p2)) -> noOverlap (m :: (p1 ++ p2)). +Proof. +intros p1 p2 m; unfold noOverlap. +destruct m; rewrite getdst_add; simpl getdst; rewrite getdst_app; intros. +apply noOverlapaux_swap2. +apply (H l); apply Ingetsrc_swap; auto. +Qed. + +Lemma step_inv_loop_aux: + forall (t l : Moves) (s d : Reg), + simpleDest (t ++ ((s, d) :: nil)) -> + noTmp t -> + forall (e : Env) (r : Reg), + notemporary r -> + d = r \/ Loc.diff d r -> + get (pexec (t ++ ((s, d) :: nil)) (sexec l e)) r = + get (pexec (t ++ ((T s, d) :: nil)) (sexec ((s, T s) :: l) e)) r. +Proof. +intros; (repeat rewrite pexec_movFront); auto. +(repeat rewrite app_nil); simpl; elim H2; intros e1. +subst d; (repeat rewrite get_update_id); auto. +(repeat rewrite get_update_diff); auto. +rewrite pexec_update; auto. +apply Loc.diff_sym; unfold notemporary in H1 |-; auto. +apply noTmp_noReadTmp; auto. +apply (simpleDest_tmpLast t s); auto. +Qed. + +Lemma step_inv_loop: + forall (t l : Moves) (s d : Reg), + simpleDest (t ++ ((s, d) :: nil)) -> + noTmpLast (t ++ ((s, d) :: nil)) -> + forall (e : Env) (r : Reg), + notemporary r -> + d = r \/ Loc.diff d r -> + get (pexec (t ++ ((s, d) :: nil)) (sexec l e)) r = + get (pexec (t ++ ((T s, d) :: nil)) (sexec ((s, T s) :: l) e)) r. +Proof. +intros; apply step_inv_loop_aux; auto. +apply (noTmpLast_popBack t (s, d)); auto. +Qed. + +Definition sameExec (s1 s2 : State) := + forall (e : Env) (r : Reg), + (let A := + getdst + ((StateToMove s1 ++ StateBeing s1) ++ (StateToMove s2 ++ StateBeing s2)) + in + notemporary r -> + (forall x, In x A -> r = x \/ Loc.diff r x) -> + get (exec s1 e) r = get (exec s2 e) r). + +Lemma get_noWrite: + forall (t : Moves) (d : Reg), + noWrite t d -> forall (e : Env), get e d = get (pexec t e) d. +Proof. +intros; induction t as [|a t Hrect]; simpl; auto. +generalize H; destruct a as [a1 a2]; simpl; intros [NEQ R]. +unfold get, Locmap.get, update, Locmap.set. +case (Loc.eq a2 d); intro; auto. +absurd (a2 = d); auto; apply Loc.diff_not_eq; (try assumption). +caseEq (Loc.overlap a2 d); intro. +absurd (Loc.diff a2 d); auto; apply Loc.overlap_not_diff; auto. +unfold get, Locmap.get in Hrect |-; apply Hrect; auto. +Qed. + +Lemma step_sameExec: + forall (r1 r2 : State), step r1 r2 -> stepInv r1 -> sameExec r1 r2. +Proof. +intros r1 r2 STEP; inversion STEP; + unfold stepInv, sameExec, NoOverlap, exec, StateToMove, StateBeing, StateDone; + (repeat rewrite app_nil); intros [P [SD [NO [TT TB]]]]; intros. +rewrite pexec_movFront; simpl; auto. +case (Loc.eq r r0); intros e0. +subst r0; rewrite get_update_id; apply get_noWrite; apply sD_nW with r; + apply simpleDest_movFront; auto. +elim H2 with ( x := r ); + [intros H3; absurd (r = r0); auto | + intros H3; rewrite get_update_diff; auto; apply Loc.diff_sym; auto | idtac]. +(repeat (rewrite getdst_app; simpl)); apply in_or_app; left; apply in_or_app; + right; simpl; auto. +(repeat rewrite pexec_movFront); auto. +rewrite app_nil; auto. +apply simpleDest_movBack; auto. +apply pexec_mov; auto. +repeat (rewrite <- app_cons; rewrite app_app). +apply step_inv_loop; auto. +repeat (rewrite <- app_app; rewrite app_cons; auto). +repeat (rewrite <- app_app; rewrite app_cons; auto). +apply noTmp_app; auto. +elim H2 with ( x := d ); + [intros H3; left; auto | intros H3; right; apply Loc.diff_sym; auto + | try clear H2]. +repeat (rewrite getdst_app; simpl). +apply in_or_app; left; apply in_or_app; right; simpl; right; apply in_or_app; + right; simpl; left; trivial. +rewrite pexec_movFront; auto; apply pexec_push; auto. +apply noRead_app; auto. +apply noRead_app. +apply (noRead_by_path b b s0 d0 sn dn); auto. +apply (simpleDest_right t); auto. +apply (path_pop (sn, dn)); auto. +simpl; split; [apply Loc.diff_sym | idtac]; auto. +apply simpleDest_movFront; auto. +elim H4 with ( x := dn ); [intros H5 | intros H5 | try clear H4]. +left; (try assumption). +right; apply Loc.diff_sym; (try assumption). +repeat (rewrite getdst_app; simpl). +apply in_or_app; left; apply in_or_app; right; simpl; left; trivial. +rewrite pexec_movFront; auto. +rewrite app_nil; auto. +apply pexec_push; auto. +rewrite <- (app_nil _ t). +apply simpleDest_movFront; auto. +elim (H3 d); (try intros H4). +left; (try assumption). +right; apply Loc.diff_sym; (try assumption). +(repeat rewrite getdst_app); simpl; apply in_or_app; left; apply in_or_app; + right; simpl; left; trivial. +Qed. + +Lemma path_tmpLast: + forall (s d : Reg) (l : Moves), + path (l ++ ((s, d) :: nil)) -> path (l ++ ((T s, d) :: nil)). +Proof. +intros; induction l as [|a l Hrecl]. +simpl; auto. +generalize H; (repeat rewrite app_cons). +case a; generalize Hrecl; case l; intros; auto. +destruct m; intros. +inversion H0; split; auto. +Qed. + +Lemma step_inv_path: + forall (r1 r2 : State), step r1 r2 -> stepInv r1 -> path (StateBeing r2). +Proof. +intros r1 r2 STEP; inversion_clear STEP; unfold stepInv; + unfold stepInv, sameExec, sameEnv, exec, StateToMove, StateBeing, StateDone; + intros [P [SD [TT TB]]]; (try (simpl; auto; fail)). +simpl; case m; auto. +generalize P; rewrite <- app_cons; rewrite <- app_cons. +apply (path_tmpLast r0). +generalize P; apply path_pop. +Qed. + +Lemma step_inv_simpleDest: + forall (r1 r2 : State), + step r1 r2 -> stepInv r1 -> simpleDest (StateToMove r2 ++ StateBeing r2). +Proof. +intros r1 r2 STEP; inversion_clear STEP; unfold stepInv; + unfold stepInv, sameExec, sameEnv, exec, StateToMove, StateBeing, StateDone; + (repeat rewrite app_nil); intros [P [SD [TT TB]]]. +apply (simpleDest_Pop (r, r)); assumption. +apply simpleDest_movBack; assumption. +apply simpleDest_insert; rewrite <- app_app; apply simpleDest_movFront. +rewrite <- app_cons; rewrite app_app; auto. +generalize SD; (repeat rewrite <- app_cons); (repeat rewrite app_app). +generalize (simpleDest_tmpLast (t ++ ((s, r0ounon) :: b)) r0 d); auto. +generalize SD; apply simpleDest_Pop. +rewrite <- (app_nil _ t); generalize SD; apply simpleDest_Pop. +Qed. + +Lemma noTmp_pop: + forall (m : Move) (l1 l2 : Moves), noTmp (l1 ++ (m :: l2)) -> noTmp (l1 ++ l2). +Proof. +intros; induction l1 as [|a l1 Hrecl1]; generalize H. +simpl; case m; intros; inversion H0; inversion H2; auto. +rewrite app_cons; rewrite app_cons; simpl; case a. +intros; inversion H0; inversion H2; auto. +Qed. + +Lemma step_inv_noTmp: + forall (r1 r2 : State), step r1 r2 -> stepInv r1 -> noTmp (StateToMove r2). +Proof. +intros r1 r2 STEP; inversion_clear STEP; unfold stepInv; + unfold stepInv, sameExec, sameEnv, exec, StateToMove, StateBeing, StateDone; + intros [P [SD [NO [TT TB]]]]; generalize TT; (try apply noTmp_pop); auto. +Qed. + +Lemma noTmp_noTmpLast: forall (l : Moves), noTmp l -> noTmpLast l. +Proof. +intros; induction l as [|a l Hrecl]; (try (simpl; auto; fail)). +generalize H; simpl; case a; generalize Hrecl; case l; + (intros; inversion H0; inversion H2; auto). +Qed. + +Lemma noTmpLast_pop: + forall (m : Move) (l : Moves), noTmpLast (m :: l) -> noTmpLast l. +Proof. +intros m l; simpl; case m; case l. +simpl; auto. +intros; inversion H; inversion H1; auto. +Qed. + +Lemma noTmpLast_Pop: + forall (m : Move) (l1 l2 : Moves), + noTmpLast (l1 ++ (m :: l2)) -> noTmpLast (l1 ++ l2). +Proof. +intros; induction l1 as [|a l1 Hrecl1]; generalize H. +simpl; case m; case l2. +simpl; auto. +intros. +elim H0; [intros H1 H2; elim H2; [intros H3 H4; (try exact H4)]]. +(repeat rewrite app_cons); simpl; case a. +generalize Hrecl1; case l1. +simpl; case m; case l2; intros; inversion H0; inversion H2; auto. +intros m0 l R r r0; rewrite app_cons; rewrite app_cons. +intros; inversion H0; inversion H2; auto. +Qed. + +Lemma noTmpLast_push: + forall (m : Move) (t1 t2 t3 : Moves), + noTmp (t1 ++ (m :: t2)) -> noTmpLast t3 -> noTmpLast (m :: t3). +Proof. +intros; induction t1 as [|a t1 Hrect1]; generalize H. +simpl; case m; intros r r0 [N1 [N2 NT]]; generalize H0; case t3; auto. +rewrite app_cons; intros; apply Hrect1. +generalize H1. +simpl; case m; case a; intros; inversion H2; inversion H4; auto. +Qed. + +Lemma noTmpLast_tmpLast: + forall (s d : Reg) (l : Moves), + noTmpLast (l ++ ((s, d) :: nil)) -> noTmpLast (l ++ ((T s, d) :: nil)). +Proof. +intros; induction l as [|a l Hrecl]. +simpl; auto. +generalize H; rewrite app_cons; rewrite app_cons; simpl. +case a; generalize Hrecl; case l. +simpl; auto. +intros m l0 REC r r0; generalize REC; rewrite app_cons; rewrite app_cons. +case m; intros; inversion H0; inversion H2; split; auto. +Qed. + +Lemma step_inv_noTmpLast: + forall (r1 r2 : State), step r1 r2 -> stepInv r1 -> noTmpLast (StateBeing r2). +Proof. +intros r1 r2 STEP; inversion_clear STEP; unfold stepInv; + unfold stepInv, sameExec, sameEnv, exec, StateToMove, StateBeing, StateDone; + intros [P [SD [NO [TT TB]]]]; auto. +apply (noTmpLast_push m t1 t2); auto. +apply (noTmpLast_push (d, r) t1 t2); auto. +generalize TB; rewrite <- app_cons; rewrite <- app_cons; apply noTmpLast_tmpLast. +apply (noTmpLast_pop (sn, dn)); auto. +Qed. + +Lemma noOverlapaux_insert: + forall (l1 l2 : list Reg) (r x : Reg), + noOverlap_aux x (r :: (l1 ++ l2)) -> noOverlap_aux x (l1 ++ (r :: l2)). +Proof. +simpl; intros; induction l1; simpl; split. +elim H; [intros H0 H1; (try exact H0)]. +elim H; [intros H0 H1; (try exact H1)]. +simpl in H |-. +elim H; + [intros H0 H1; elim H1; [intros H2 H3; (try clear H1 H); (try exact H2)]]. +apply IHl1. +split. +elim H; [intros H0 H1; (try exact H0)]. +rewrite app_cons in H. +apply noOverlap_auxpop with ( r := a ). +elim H; [intros H0 H1; (try exact H1)]. +Qed. + +Lemma Ingetsrc_swap2: + forall (m : Move) (l1 l2 : Moves) (l : Reg), + In l (getsrc (l1 ++ (m :: l2))) -> In l (getsrc (m :: (l1 ++ l2))). +Proof. +intros; destruct m as [m1 m2]; simpl; auto. +induction l1; simpl. +simpl in H |-; auto. +destruct a; simpl. +simpl in H |-. +elim H; [intros H0 | intros H0; (try exact H0)]. +right; left; (try assumption). +elim IHl1; intros; auto. +Qed. + +Lemma noOverlap_insert: + forall (p1 p2 : Moves) (m : Move), + noOverlap (m :: (p1 ++ p2)) -> noOverlap (p1 ++ (m :: p2)). +Proof. +unfold noOverlap; destruct m; rewrite getdst_add; simpl getdst; + rewrite getdst_app. +intros. +apply noOverlapaux_insert. +generalize (H l); intros H1; lapply H1; + [intros H2; (try clear H1); (try exact H2) | idtac]. +simpl getsrc. +generalize (Ingetsrc_swap2 (r, r0)); simpl; (intros; auto). +Qed. + +Lemma noOverlap_movBack: + forall (p1 p2 : Moves) (m : Move), + noOverlap (p1 ++ (m :: p2)) -> noOverlap ((p1 ++ p2) ++ (m :: nil)). +Proof. +intros. +apply (noOverlap_insert (p1 ++ p2) nil m). +rewrite app_nil; apply noOverlap_movFront; auto. +Qed. + +Lemma noOverlap_movBack0: + forall (t : Moves) (s d : Reg), + noOverlap ((s, d) :: t) -> noOverlap (t ++ ((s, d) :: nil)). +Proof. +intros t s d H; (try assumption). +apply noOverlap_insert. +rewrite app_nil; auto. +Qed. + +Lemma noOverlap_Front0: + forall (t : Moves) (s d : Reg), + noOverlap (t ++ ((s, d) :: nil)) -> noOverlap ((s, d) :: t). +Proof. +intros t s d H; (try assumption). +cut ((s, d) :: t = (s, d) :: (t ++ nil)). +intros e; rewrite e. +apply noOverlap_movFront; auto. +rewrite app_nil; auto. +Qed. + +Lemma noTmpL_diff: + forall (t : Moves) (s d : Reg), + noTmpLast (t ++ ((s, d) :: nil)) -> notemporary d. +Proof. +intros t s d; unfold notemporary; induction t; (try (simpl; intros; auto; fail)). +rewrite app_cons. +intros; apply IHt. +apply (noTmpLast_pop a); auto. +Qed. + +Lemma noOverlap_aux_app: + forall l1 l2 (r : Reg), + noOverlap_aux r l1 -> noOverlap_aux r l2 -> noOverlap_aux r (l1 ++ l2). +Proof. +induction l1; simpl; auto. +intros; split. +elim H; [intros H1 H2; (try clear H); (try exact H1)]. +apply IHl1; auto. +elim H; [intros H1 H2; (try clear H); (try exact H2)]. +Qed. + +Lemma noTmP_noOverlap_aux: + forall t (r : Reg), noTmp t -> noOverlap_aux (T r) (getdst t). +Proof. +induction t; simpl; auto. +destruct a; simpl; (intros; split). +elim H; intros; elim H1; intros. +right; apply H2. +apply IHt; auto. +elim H; + [intros H0 H1; elim H1; [intros H2 H3; (try clear H1 H); (try exact H3)]]. +Qed. + +Lemma noTmp_append: forall l1 l2, noTmp l1 -> noTmp l2 -> noTmp (l1 ++ l2). +Proof. +induction l1; simpl; auto. +destruct a. +intros l2 [H1 [H2 H3]] H4. +(repeat split); auto. +Qed. + +Lemma step_inv_noOverlap: + forall (r1 r2 : State), + step r1 r2 -> stepInv r1 -> noOverlap (StateToMove r2 ++ StateBeing r2). +Proof. +intros r1 r2 STEP; inversion_clear STEP; unfold stepInv; + unfold stepInv, sameExec, sameEnv, exec, StateToMove, StateBeing, StateDone; + (repeat rewrite app_nil); intros [P [SD [NO [TT TB]]]]; + (try (generalize NO; apply noOverlap_Pop; auto; fail)). +apply noOverlap_movBack; auto. +apply noOverlap_insert; rewrite <- app_app; apply noOverlap_movFront; + rewrite <- app_cons; rewrite app_app; auto. +generalize NO; (repeat rewrite <- app_cons); (repeat rewrite app_app); + (clear NO; intros NO); apply noOverlap_movBack0. +assert (noOverlap ((r0, d) :: (t ++ ((s, r0ounon) :: b)))); + [apply noOverlap_Front0; auto | idtac]. +generalize H; unfold noOverlap; simpl; clear H; intros. +elim H0; intros; [idtac | apply (H l0); (right; (try assumption))]. +split; [right; (try assumption) | idtac]. +generalize TB; simpl; caseEq (b ++ ((r0, d) :: nil)); intro. +elim (app_eq_nil b ((r0, d) :: nil)); intros; auto; inversion H4. +subst l0; intros; rewrite <- H1 in TB0. +elim TB0; [intros H2 H3; elim H3; [intros H4 H5; (try clear H3 TB0)]]. +generalize (noTmpL_diff b r0 d); unfold notemporary; intro; apply H3; auto. +rewrite <- H1; apply noTmP_noOverlap_aux; apply noTmp_append; auto; + rewrite <- app_cons in TB; apply noTmpLast_popBack with (r0, d); auto. +rewrite <- (app_nil _ t); apply (noOverlap_Pop (s, d)); assumption. +Qed. + +Lemma step_inv: forall (r1 r2 : State), step r1 r2 -> stepInv r1 -> stepInv r2. +Proof. +intros; unfold stepInv; (repeat split). +apply (step_inv_path r1 r2); auto. +apply (step_inv_simpleDest r1 r2); auto. +apply (step_inv_noOverlap r1 r2); auto. +apply (step_inv_noTmp r1 r2); auto. +apply (step_inv_noTmpLast r1 r2); auto. +Qed. + +Definition step_NF (r : State) : Prop := ~ (exists s : State , step r s ). + +Inductive stepp : State -> State -> Prop := + stepp_refl: forall (r : State), stepp r r + | stepp_trans: + forall (r1 r2 r3 : State), step r1 r2 -> stepp r2 r3 -> stepp r1 r3 . +Hint Resolve stepp_refl stepp_trans . + +Lemma stepp_transitive: + forall (r1 r2 r3 : State), stepp r1 r2 -> stepp r2 r3 -> stepp r1 r3. +Proof. +intros; induction H as [r|r1 r2 r0 H H1 HrecH]; eauto. +Qed. + +Lemma step_stepp: forall (s1 s2 : State), step s1 s2 -> stepp s1 s2. +Proof. +eauto. +Qed. + +Lemma stepp_inv: + forall (r1 r2 : State), stepp r1 r2 -> stepInv r1 -> stepInv r2. +Proof. +intros; induction H as [r|r1 r2 r3 H H1 HrecH]; auto. +apply HrecH; auto. +apply (step_inv r1 r2); auto. +Qed. + +Lemma noTmpLast_lastnoTmp: + forall l s d, noTmpLast (l ++ ((s, d) :: nil)) -> notemporary d. +Proof. +induction l. +simpl. +intros; unfold notemporary; auto. +destruct a as [a1 a2]; intros. +change (noTmpLast ((a1, a2) :: (l ++ ((s, d) :: nil)))) in H |-. +apply IHl with s. +apply noTmpLast_pop with (a1, a2); auto. +Qed. + +Lemma step_inv_NoOverlap: + forall (s1 s2 : State) r, + step s1 s2 -> notemporary r -> stepInv s1 -> NoOverlap r s1 -> NoOverlap r s2. +Proof. +intros s1 s2 r STEP notempr; inversion_clear STEP; unfold stepInv; + unfold stepInv, sameExec, sameEnv, exec, StateToMove, StateBeing, StateDone; + intros [P [SD [NO [TT TB]]]]; unfold NoOverlap; simpl. +simpl; (repeat rewrite app_nil); simpl; (repeat rewrite <- app_cons); intro; + apply noOverlap_Pop with ( m := (r0, r0) ); auto. +(repeat rewrite app_nil); simpl; rewrite app_ass; (repeat rewrite <- app_cons); + intro; rewrite ass_app; apply noOverlap_movBack; auto. +simpl; (repeat (rewrite app_ass; simpl)); (repeat rewrite <- app_cons); intro. +rewrite ass_app; apply noOverlap_insert; rewrite app_ass; + apply noOverlap_movFront; auto. +simpl; (repeat rewrite <- app_cons); intro; rewrite ass_app; + apply noOverlap_movBack0; auto. +generalize H; (repeat (rewrite app_ass; simpl)); intro. +assert (noOverlap ((r0, d) :: (((r, r) :: t) ++ ((s, r0ounon) :: b)))); + [apply noOverlap_Front0 | idtac]; auto. +generalize H0; (repeat (rewrite app_ass; simpl)); auto. +generalize H1; unfold noOverlap; simpl; intros. +elim H3; intros H4; clear H3. +split. +right; assert (notemporary d). +change (noTmpLast (((s, r0ounon) :: b) ++ ((r0, d) :: nil))) in TB |-; + apply (noTmpLast_lastnoTmp ((s, r0ounon) :: b) r0); auto. +rewrite <- H4; unfold notemporary in H3 |-; apply H3. +split. +right; rewrite <- H4; unfold notemporary in notempr |-; apply notempr. +rewrite <- H4; apply noTmP_noOverlap_aux; auto. +apply noTmp_append; auto. +change (noTmpLast (((s, r0ounon) :: b) ++ ((r0, d) :: nil))) in TB |-; + apply noTmpLast_popBack with ( m := (r0, d) ); auto. +apply (H2 l0). +elim H4; intros H3; right; [left | right]; assumption. +intro; + change (noOverlap (((r, r) :: t) ++ ((sn, dn) :: (b ++ ((s0, d0) :: nil))))) in + H1 |-. +change (noOverlap (((r, r) :: t) ++ (b ++ ((s0, d0) :: nil)))); + apply (noOverlap_Pop (sn, dn)); auto. +(repeat rewrite <- app_cons); apply noOverlap_Pop. +Qed. + +Lemma step_inv_getdst: + forall (s1 s2 : State) r, + step s1 s2 -> + In r (getdst (StateToMove s2 ++ StateBeing s2)) -> + In r (getdst (StateToMove s1 ++ StateBeing s1)). +Proof. +intros s1 s2 r STEP; inversion_clear STEP; + unfold StateToMove, StateBeing, StateDone. +(repeat rewrite getdst_app); simpl; (repeat rewrite app_nil); intro; + apply in_or_app. +elim (in_app_or (getdst t1) (getdst t2) r); auto. +intro; right; simpl; right; assumption. +(repeat rewrite getdst_app); destruct m as [m1 m2]; simpl; + (repeat rewrite app_nil); intro; apply in_or_app. +elim (in_app_or (getdst t1 ++ getdst t2) (m2 :: nil) r); auto; intro. +elim (in_app_or (getdst t1) (getdst t2) r); auto; intro. +right; simpl; right; assumption. +elim H0; intros H1; [right; simpl; left; (try assumption) | inversion H1]. +(repeat rewrite getdst_app); simpl; (repeat rewrite app_nil); intro; + apply in_or_app. +elim (in_app_or (getdst t1 ++ getdst t2) (r0 :: (d :: getdst b)) r); auto; + intro. +elim (in_app_or (getdst t1) (getdst t2) r); auto; intro. +left; apply in_or_app; left; assumption. +left; apply in_or_app; right; simpl; right; assumption. +elim H0; intro. +left; apply in_or_app; right; simpl; left; trivial. +elim H1; intro. +right; (simpl; left; trivial). +right; simpl; right; assumption. +(repeat (rewrite getdst_app; simpl)); trivial. +(repeat (rewrite getdst_app; simpl)); intro. +elim (in_app_or (getdst t) (getdst b ++ (d0 :: nil)) r); auto; intro; + apply in_or_app; auto. +elim (in_app_or (getdst b) (d0 :: nil) r); auto; intro. +right; simpl; right; apply in_or_app; auto. +elim H3; intro. +right; simpl; right; apply in_or_app; right; simpl; auto. +inversion H4. +rewrite app_nil; (repeat (rewrite getdst_app; simpl)); intro. +apply in_or_app; left; assumption. +Qed. + +Lemma stepp_sameExec: + forall (r1 r2 : State), stepp r1 r2 -> stepInv r1 -> sameExec r1 r2. +Proof. +intros; induction H as [r|r1 r2 r3 H H1 HrecH]. +unfold sameExec; intros; auto. +cut (sameExec r1 r2); [idtac | apply (step_sameExec r1); auto]. +unfold sameExec; unfold sameExec in HrecH |-; intros. +rewrite H2; auto. +rewrite HrecH; auto. +apply (step_inv r1); auto. +intros x H5; apply H4. +generalize H5; (repeat rewrite getdst_app); intros; apply in_or_app. +elim + (in_app_or + (getdst (StateToMove r2) ++ getdst (StateBeing r2)) + (getdst (StateToMove r3) ++ getdst (StateBeing r3)) x); auto; intro. +generalize (step_inv_getdst r1 r2 x); (repeat rewrite getdst_app); intro. +left; apply H8; auto. +intros x H5; apply H4. +generalize H5; (repeat rewrite getdst_app); intros; apply in_or_app. +elim + (in_app_or + (getdst (StateToMove r1) ++ getdst (StateBeing r1)) + (getdst (StateToMove r2) ++ getdst (StateBeing r2)) x); auto; intro. +generalize (step_inv_getdst r1 r2 x); (repeat rewrite getdst_app); intro. +left; apply H8; auto. +Qed. + +Inductive dstep : State -> State -> Prop := + dstep_nop: + forall (r : Reg) (t l : Moves), dstep ((r, r) :: t, nil, l) (t, nil, l) + | dstep_start: + forall (t l : Moves) (s d : Reg), + s <> d -> dstep ((s, d) :: t, nil, l) (t, (s, d) :: nil, l) + | dstep_push: + forall (t1 t2 b l : Moves) (s d r : Reg), + noRead t1 d -> + dstep + (t1 ++ ((d, r) :: t2), (s, d) :: b, l) + (t1 ++ t2, (d, r) :: ((s, d) :: b), l) + | dstep_pop_loop: + forall (t b l : Moves) (s d r0 : Reg), + noRead t r0 -> + dstep + (t, (s, r0) :: (b ++ ((r0, d) :: nil)), l) + (t, b ++ ((T r0, d) :: nil), (s, r0) :: ((r0, T r0) :: l)) + | dstep_pop: + forall (t b l : Moves) (s0 d0 sn dn : Reg), + noRead t dn -> + Loc.diff dn s0 -> + dstep + (t, (sn, dn) :: (b ++ ((s0, d0) :: nil)), l) + (t, b ++ ((s0, d0) :: nil), (sn, dn) :: l) + | dstep_last: + forall (t l : Moves) (s d : Reg), + noRead t d -> dstep (t, (s, d) :: nil, l) (t, nil, (s, d) :: l) . +Hint Resolve dstep_nop dstep_start dstep_push . +Hint Resolve dstep_pop_loop dstep_pop dstep_last . + +Lemma dstep_step: + forall (r1 r2 : State), dstep r1 r2 -> stepInv r1 -> stepp r1 r2. +Proof. +intros r1 r2 DS; inversion_clear DS; intros SI; eauto. +change (stepp (nil ++ ((r, r) :: t), nil, l) (t, nil, l)); apply step_stepp; + apply (step_nop r nil t). +change (stepp (nil ++ ((s, d) :: t), nil, l) (t, (s, d) :: nil, l)); + apply step_stepp; apply (step_start nil t l). +apply + (stepp_trans + (t, (s, r0) :: (b ++ ((r0, d) :: nil)), l) + (t, (s, r0) :: (b ++ ((T r0, d) :: nil)), (r0, T r0) :: l) + (t, b ++ ((T r0, d) :: nil), (s, r0) :: ((r0, T r0) :: l))); auto. +apply step_stepp; apply step_pop; auto. +unfold stepInv in SI |-; generalize SI; intros [X [Y [Z [U V]]]]. +generalize V; unfold StateBeing, noTmpLast. +case (b ++ ((r0, d) :: nil)); auto. +intros m l0 [R1 [OK PP]]; auto. +Qed. + +Lemma dstep_inv: + forall (r1 r2 : State), dstep r1 r2 -> stepInv r1 -> stepInv r2. +Proof. +intros. +apply (stepp_inv r1 r2); auto. +apply dstep_step; auto. +Qed. + +Inductive dstepp : State -> State -> Prop := + dstepp_refl: forall (r : State), dstepp r r + | dstepp_trans: + forall (r1 r2 r3 : State), dstep r1 r2 -> dstepp r2 r3 -> dstepp r1 r3 . +Hint Resolve dstepp_refl dstepp_trans . + +Lemma dstepp_stepp: + forall (s1 s2 : State), stepInv s1 -> dstepp s1 s2 -> stepp s1 s2. +Proof. +intros; induction H0 as [r|r1 r2 r3 H0 H1 HrecH0]; auto. +apply (stepp_transitive r1 r2 r3); auto. +apply dstep_step; auto. +apply HrecH0; auto. +apply (dstep_inv r1 r2); auto. +Qed. + +Lemma dstepp_sameExec: + forall (r1 r2 : State), dstepp r1 r2 -> stepInv r1 -> sameExec r1 r2. +Proof. +intros; apply stepp_sameExec; auto. +apply dstepp_stepp; auto. +Qed. + +End pmov. + +Fixpoint split_move' (m : Moves) (r : Reg) {struct m} : + option ((Moves * Reg) * Moves) := + match m with + (s, d) :: tail => + match diff_dec s r with + right _ => Some (nil, d, tail) + | left _ => + match split_move' tail r with + Some ((t1, r2, t2)) => Some ((s, d) :: t1, r2, t2) + | None => None + end + end + | nil => None + end. + +Fixpoint split_move (m : Moves) (r : Reg) {struct m} : + option ((Moves * Reg) * Moves) := + match m with + (s, d) :: tail => + match Loc.eq s r with + left _ => Some (nil, d, tail) + | right _ => + match split_move tail r with + Some ((t1, r2, t2)) => Some ((s, d) :: t1, r2, t2) + | None => None + end + end + | nil => None + end. + +Definition def : Move := (R IT1, R IT1). + +Fixpoint last (M : Moves) : Move := + match M with nil => def + | m :: nil => m + | m :: tail => last tail end. + +Fixpoint head_but_last (M : Moves) : Moves := + match M with + nil => nil + | m' :: nil => nil + | m' :: tail => m' :: head_but_last tail + end. + +Fixpoint replace_last_s (M : Moves) : Moves := + match M with + nil => nil + | m :: nil => + match m with (s, d) => (T s, d) :: nil end + | m :: tail => m :: replace_last_s tail + end. + +Ltac CaseEq name := generalize (refl_equal name); pattern name at -1; case name. + +Definition stepf' (S1 : State) : State := + match S1 with + (nil, nil, _) => S1 + | ((s, d) :: tl, nil, l) => + match diff_dec s d with + right _ => (tl, nil, l) + | left _ => (tl, (s, d) :: nil, l) + end + | (t, (s, d) :: b, l) => + match split_move t d with + Some ((t1, r, t2)) => + (t1 ++ t2, (d, r) :: ((s, d) :: b), l) + | None => + match b with + nil => (t, nil, (s, d) :: l) + | _ => + match diff_dec d (fst (last b)) with + right _ => + (t, replace_last_s b, (s, d) :: ((d, T d) :: l)) + | left _ => (t, b, (s, d) :: l) + end + end + end + end. + +Definition stepf (S1 : State) : State := + match S1 with + (nil, nil, _) => S1 + | ((s, d) :: tl, nil, l) => + match Loc.eq s d with + left _ => (tl, nil, l) + | right _ => (tl, (s, d) :: nil, l) + end + | (t, (s, d) :: b, l) => + match split_move t d with + Some ((t1, r, t2)) => + (t1 ++ t2, (d, r) :: ((s, d) :: b), l) + | None => + match b with + nil => (t, nil, (s, d) :: l) + | _ => + match Loc.eq d (fst (last b)) with + left _ => + (t, replace_last_s b, (s, d) :: ((d, T d) :: l)) + | right _ => (t, b, (s, d) :: l) + end + end + end + end. + +Lemma rebuild_l: + forall (l : Moves) (m : Move), + m :: l = head_but_last (m :: l) ++ (last (m :: l) :: nil). +Proof. +induction l; simpl; auto. +intros m; rewrite (IHl a); auto. +Qed. + +Lemma splitSome: + forall (l t1 t2 : Moves) (s d r : Reg), + noOverlap (l ++ ((r, s) :: nil)) -> + split_move l s = Some (t1, d, t2) -> noRead t1 s. +Proof. +induction l; simpl. +intros; discriminate. +destruct a as [a1 a2]. +intros t1 t2 s d r Hno; case (Loc.eq a1 s). +intros e H1; inversion H1. +simpl; auto. +CaseEq (split_move l s). +intros; (repeat destruct p). +inversion H0; auto. +simpl; split; auto. +change (noOverlap (((a1, a2) :: l) ++ ((r, s) :: nil))) in Hno |-. +assert (noOverlap ((r, s) :: ((a1, a2) :: l))). +apply noOverlap_Front0; auto. +unfold noOverlap in H1 |-; simpl in H1 |-. +elim H1 with ( l0 := a1 ); + [intros H5 H6; (try clear H1); (try exact H5) | idtac]. +elim H5; [intros H1; (try clear H5); (try exact H1) | intros H1; (try clear H5)]. +absurd (a1 = s); auto. +apply Loc.diff_sym; auto. +right; left; trivial. +apply (IHl m0 m s r0 r); auto. +apply (noOverlap_pop (a1, a2)); auto. +intros; discriminate. +Qed. + +Lemma unsplit_move: + forall (l t1 t2 : Moves) (s d r : Reg), + noOverlap (l ++ ((r, s) :: nil)) -> + split_move l s = Some (t1, d, t2) -> l = t1 ++ ((s, d) :: t2). +Proof. +induction l. +simpl; intros; discriminate. +intros t1 t2 s d r HnoO; destruct a as [a1 a2]; simpl; case (diff_dec a1 s); + intro. +case (Loc.eq a1 s); intro. +absurd (Loc.diff a1 s); auto. +rewrite e; apply Loc.same_not_diff. +CaseEq (split_move l s); intros; (try discriminate). +(repeat destruct p); inversion H0. +rewrite app_cons; subst t2; subst d; rewrite (IHl m0 m s r0 r); auto. +apply (noOverlap_pop (a1, a2)); auto. +case (Loc.eq a1 s); intros e H; inversion H; simpl. +rewrite e; auto. +cut (noOverlap_aux a1 (getdst ((r, s) :: nil))). +intros [[H5|H4] H0]; [try exact H5 | idtac]. +absurd (s = a1); auto. +absurd (Loc.diff a1 s); auto; apply Loc.diff_sym; auto. +generalize HnoO; rewrite app_cons; intro. +assert (noOverlap (l ++ ((a1, a2) :: ((r, s) :: nil)))); + (try (apply noOverlap_insert; assumption)). +assert (noOverlap ((a1, a2) :: ((r, s) :: nil))). +apply (noOverlap_right l); auto. +generalize H2; unfold noOverlap; simpl. +intros H5; elim (H5 a1); [idtac | left; trivial]. +intros H6 [[H7|H8] H9]. +absurd (s = a1); auto. +split; [right; (try assumption) | auto]. +Qed. + +Lemma cons_replace: + forall (a : Move) (l : Moves), + l <> nil -> replace_last_s (a :: l) = a :: replace_last_s l. +Proof. +intros; simpl. +CaseEq l. +intro; contradiction. +intros m l0 H0; auto. +Qed. + +Lemma last_replace: + forall (l : Moves) (s d : Reg), + replace_last_s (l ++ ((s, d) :: nil)) = l ++ ((T s, d) :: nil). +Proof. +induction l; (try (simpl; auto; fail)). +intros; (repeat rewrite <- app_comm_cons). +rewrite cons_replace. +rewrite IHl; auto. +red; intro. +elim (app_eq_nil l ((s, d) :: nil)); auto; intros; discriminate. +Qed. + +Lemma last_app: forall (l : Moves) (m : Move), last (l ++ (m :: nil)) = m. +Proof. +induction l; simpl; auto. +intros m; CaseEq (l ++ (m :: nil)). +intro; elim (app_eq_nil l (m :: nil)); auto; intros; discriminate. +intros m0 l0 H; (rewrite <- H; apply IHl). +Qed. + +Lemma last_cons: + forall (l : Moves) (m m0 : Move), last (m0 :: (m :: l)) = last (m :: l). +Proof. +intros; simpl; auto. +Qed. + +Lemma stepf_popLoop: + forall (t b l : Moves) (s d r0 : Reg), + split_move t d = None -> + stepf (t, (s, d) :: (b ++ ((d, r0) :: nil)), l) = + (t, b ++ ((T d, r0) :: nil), (s, d) :: ((d, T d) :: l)). +Proof. +intros; simpl; rewrite H; CaseEq (b ++ ((d, r0) :: nil)); intros. +destruct b; discriminate. +rewrite <- H0; rewrite last_app; simpl; rewrite last_replace. +case (Loc.eq d d); intro; intuition. +destruct t; (try destruct m0); simpl; auto. +Qed. + +Lemma stepf_pop: + forall (t b l : Moves) (s d r r0 : Reg), + split_move t d = None -> + d <> r -> + stepf (t, (s, d) :: (b ++ ((r, r0) :: nil)), l) = + (t, b ++ ((r, r0) :: nil), (s, d) :: l). +Proof. +intros; simpl; rewrite H; CaseEq (b ++ ((r, r0) :: nil)); intros. +destruct b; discriminate. +rewrite <- H1; rewrite last_app; simpl. +case (Loc.eq d r); intro. +absurd (d = r); auto. +destruct t; (try destruct m0); simpl; auto. +Qed. + +Lemma noOverlap_head: + forall l1 l2 m, noOverlap (l1 ++ (m :: l2)) -> noOverlap (l1 ++ (m :: nil)). +Proof. +induction l2; simpl; auto. +intros; apply IHl2. +cut (l1 ++ (m :: (a :: l2)) = (l1 ++ (m :: nil)) ++ (a :: l2)); + [idtac | rewrite app_ass; auto]. +intros e; rewrite e in H. +cut (l1 ++ (m :: l2) = (l1 ++ (m :: nil)) ++ l2); + [idtac | rewrite app_ass; auto]. +intros e'; rewrite e'; auto. +apply noOverlap_Pop with a; auto. +Qed. + +Lemma splitNone: + forall (l : Moves) (s d : Reg), + split_move l d = None -> noOverlap (l ++ ((s, d) :: nil)) -> noRead l d. +Proof. +induction l; intros s d; simpl; auto. +destruct a as [a1 a2]; case (Loc.eq a1 d); intro; (try (intro; discriminate)). +CaseEq (split_move l d); intros. +(repeat destruct p); discriminate. +split; (try assumption). +change (noOverlap (((a1, a2) :: l) ++ ((s, d) :: nil))) in H1 |-. +assert (noOverlap ((s, d) :: ((a1, a2) :: l))). +apply noOverlap_Front0; auto. +assert (noOverlap ((a1, a2) :: ((s, d) :: l))). +apply noOverlap_swap; auto. +unfold noOverlap in H3 |-; simpl in H3 |-. +elim H3 with ( l0 := a1 ); + [intros H5 H6; (try clear H1); (try exact H5) | idtac]. +elim H6; + [intros H1 H4; elim H1; + [intros H7; (try clear H1 H6); (try exact H7) | intros H7; (try clear H1 H6)]]. +absurd (a1 = d); auto. +apply Loc.diff_sym; auto. +left; trivial. +apply IHl with s; auto. +apply noOverlap_pop with (a1, a2); auto. +Qed. + +Lemma noO_diff: + forall l1 l2 s d r r0, + noOverlap (l1 ++ ((s, d) :: (l2 ++ ((r, r0) :: nil)))) -> + r = d \/ Loc.diff d r. +Proof. +intros. +assert (noOverlap ((s, d) :: (l2 ++ ((r, r0) :: nil)))); auto. +apply (noOverlap_right l1); auto. +assert (noOverlap ((l2 ++ ((r, r0) :: nil)) ++ ((s, d) :: nil))); auto. +apply (noOverlap_movBack0 (l2 ++ ((r, r0) :: nil))); auto. +assert + ((l2 ++ ((r, r0) :: nil)) ++ ((s, d) :: nil) = + l2 ++ (((r, r0) :: nil) ++ ((s, d) :: nil))); auto. +rewrite app_ass; auto. +rewrite H2 in H1. +simpl in H1 |-. +assert (noOverlap ((r, r0) :: ((s, d) :: nil))); auto. +apply (noOverlap_right l2); auto. +unfold noOverlap in H3 |-. +generalize (H3 r); simpl. +intros H4; elim H4; intros; [idtac | left; trivial]. +elim H6; intros [H9|H9] H10; [left | right]; auto. +Qed. + +Lemma f2ind: + forall (S1 S2 : State), + (forall (l : Moves), (S1 <> (nil, nil, l))) -> + noOverlap (StateToMove S1 ++ StateBeing S1) -> stepf S1 = S2 -> dstep S1 S2. +Proof. +intros S1 S2 Hneq HnoO; destruct S1 as [[t b] l]; destruct b. +destruct t. +elim (Hneq l); auto. +destruct m; simpl; case (Loc.eq r r0). +intros. +rewrite e; rewrite <- H; apply dstep_nop. +intros n H; rewrite <- H; generalize (dstep_start t l r r0); auto. +intros H; rewrite <- H; destruct m as [s d]. +CaseEq (split_move t d). +intros p H0; destruct p as [[t1 s0] t2]; simpl; rewrite H0; destruct t; simpl. +simpl in H0 |-; discriminate. +rewrite (unsplit_move (m :: t) t1 t2 d s0 s); auto. +destruct m; generalize dstep_push; intros H1; apply H1. +unfold StateToMove, StateBeing in HnoO |-. +apply (splitSome ((r, r0) :: t) t1 t2 d s0 s); auto. +apply noOverlap_head with b; auto. +unfold StateToMove, StateBeing in HnoO |-. +apply noOverlap_head with b; auto. +intros H0; destruct b. +simpl. +rewrite H0. +destruct t; (try destruct m); generalize dstep_last; intros H1; apply H1. +simpl; auto. +unfold StateToMove, StateBeing in HnoO |-. +apply splitNone with s; auto. +unfold StateToMove, StateBeing in HnoO |-. +generalize HnoO; clear HnoO; rewrite (rebuild_l b m); intros HnoO. +destruct (last (m :: b)). +case (Loc.eq d r). +intros e; rewrite <- e. +CaseEq (head_but_last (m :: b)); intros; [simpl | idtac]; + (try + (destruct t; (try destruct m0); rewrite H0; + (case (Loc.eq d d); intros h; (try (elim h; auto))))). +generalize (dstep_pop_loop nil nil); simpl; intros H3; apply H3; auto. +generalize (dstep_pop_loop ((r1, r2) :: t) nil); unfold T; simpl app; + intros H3; apply H3; clear H3; apply splitNone with s; (try assumption). +apply noOverlap_head with (head_but_last (m :: b) ++ ((r, r0) :: nil)); auto. +rewrite stepf_popLoop; auto. +generalize (dstep_pop_loop t (m0 :: l0)); simpl; intros H3; apply H3; clear H3; + apply splitNone with s; (try assumption). +apply noOverlap_head with (head_but_last (m :: b) ++ ((r, r0) :: nil)); auto. +intro; assert (Loc.diff d r). +assert (r = d \/ Loc.diff d r). +apply (noO_diff t (head_but_last (m :: b)) s d r r0); auto. +elim H1; [intros H2; absurd (d = r); auto | intros H2; auto]. +rewrite stepf_pop; auto. +generalize (dstep_pop t (head_but_last (m :: b))); intros H3; apply H3; auto. +clear H3; apply splitNone with s; (try assumption). +apply noOverlap_head with (head_but_last (m :: b) ++ ((r, r0) :: nil)); auto. +Qed. + +Lemma f2ind': + forall (S1 : State), + (forall (l : Moves), (S1 <> (nil, nil, l))) -> + noOverlap (StateToMove S1 ++ StateBeing S1) -> dstep S1 (stepf S1). +Proof. +intros S1 H noO; apply f2ind; auto. +Qed. + +Lemma appcons_length: + forall (l1 l2 : Moves) (m : Move), + length (l1 ++ (m :: l2)) = (length (l1 ++ l2) + 1%nat)%nat. +Proof. +induction l1; simpl; intros; [omega | idtac]. +rewrite IHl1; omega. +Qed. + +Definition mesure (S0 : State) : nat := + let (p, _) := S0 in let (t, b) := p in (2 * length t + length b)%nat. + +Lemma step_dec0: + forall (t1 t2 b1 b2 : Moves) (l1 l2 : Moves), + dstep (t1, b1, l1) (t2, b2, l2) -> + (2 * length t2 + length b2 < 2 * length t1 + length b1)%nat. +Proof. +intros t1 t2 b1 b2 l1 l2 H; inversion H; simpl; (try omega). +rewrite appcons_length; omega. +cut (length (b ++ ((T r0, d) :: nil)) = length (b ++ ((r0, d) :: nil))); + (try omega). +induction b; simpl; auto. +(repeat rewrite appcons_length); auto. +Qed. + +Lemma step_dec: + forall (S1 S2 : State), dstep S1 S2 -> (mesure S2 < mesure S1)%nat. +Proof. +unfold mesure; destruct S1 as [[t1 b1] l1]; destruct S2 as [[t2 b2] l2]. +intro; apply (step_dec0 t1 t2 b1 b2 l1 l2); trivial. +Qed. + +Lemma stepf_dec0: + forall (S1 S2 : State), + (forall (l : Moves), (S1 <> (nil, nil, l))) /\ + (S2 = stepf S1 /\ noOverlap (StateToMove S1 ++ StateBeing S1)) -> + (mesure S2 < mesure S1)%nat. +Proof. +intros S1 S2 [H1 [H2 H3]]; apply step_dec. +apply f2ind; trivial. +rewrite H2; reflexivity. +Qed. + +Lemma stepf_dec: + forall (S1 S2 : State), + S2 = stepf S1 /\ + ((forall (l : Moves), (S1 <> (nil, nil, l))) /\ + noOverlap (StateToMove S1 ++ StateBeing S1)) -> ltof _ mesure S2 S1. +Proof. +unfold ltof. +intros S1 S2 [H1 [H2 H3]]; apply step_dec. +apply f2ind; trivial. +rewrite H1; reflexivity. +Qed. + +Lemma replace_last_id: + forall l m m0, replace_last_s (m :: (m0 :: l)) = m :: replace_last_s (m0 :: l). +Proof. +intros; case l; simpl. +destruct m0; simpl; auto. +intros; case l0; auto. +Qed. + +Lemma length_replace: forall l, length (replace_last_s l) = length l. +Proof. +induction l; simpl; auto. +destruct l; destruct a; simpl; auto. +Qed. + +Lemma length_app: + forall (A : Set) (l1 l2 : list A), + (length (l1 ++ l2) = length l1 + length l2)%nat. +Proof. +intros A l1 l2; (try assumption). +induction l1; simpl; auto. +Qed. + +Lemma split_length: + forall (l t1 t2 : Moves) (s d : Reg), + split_move l s = Some (t1, d, t2) -> + (length l = (length t1 + length t2) + 1)%nat. +Proof. +induction l. +intros; discriminate. +intros t1 t2 s d; destruct a as [r r0]; simpl; case (Loc.eq r s); intro. +intros H; inversion H. +simpl; omega. +CaseEq (split_move l s); (try (intros; discriminate)). +(repeat destruct p); intros H H0; inversion H0. +rewrite H2; rewrite (IHl m0 m s r1); auto. +rewrite H4; rewrite <- H2; simpl; omega. +Qed. + +Lemma stepf_dec0': + forall (S1 : State), + (forall (l : Moves), (S1 <> (nil, nil, l))) -> + (mesure (stepf S1) < mesure S1)%nat. +Proof. +intros S1 H. +unfold mesure; destruct S1 as [[t1 b1] l1]. +destruct t1. +destruct b1. +generalize (H l1); intros H1; elim H1; auto. +destruct m; simpl. +destruct b1. +simpl; auto. +case (Loc.eq r0 (fst (last (m :: b1)))). +intros; rewrite length_replace; simpl; omega. +simpl; case b1; intros; simpl; omega. +destruct m. +destruct b1. +simpl. +case (Loc.eq r r0); intros; simpl; omega. +destruct m; simpl; case (Loc.eq r r2). +intros; simpl; omega. +CaseEq (split_move t1 r2); intros. +destruct p; destruct p; simpl. +rewrite (split_length t1 m0 m r2 r3); auto. +rewrite length_app; auto. +omega. +destruct b1. +simpl; omega. +case (Loc.eq r2 (fst (last (m :: b1)))); intros. +rewrite length_replace; simpl; omega. +simpl; omega. +Qed. + +Lemma stepf1_dec: + forall (S1 S2 : State), + (forall (l : Moves), (S1 <> (nil, nil, l))) -> + S2 = stepf S1 -> ltof _ mesure S2 S1. +Proof. +unfold ltof; intros S1 S2 H H0; rewrite H0. +apply stepf_dec0'; (try assumption). +Qed. + +Lemma disc1: + forall (a : Move) (l1 l2 l3 l4 : list Move), + ((a :: l1, l2, l3) <> (nil, nil, l4)). +Proof. +intros; discriminate. +Qed. + +Lemma disc2: + forall (a : Move) (l1 l2 l3 l4 : list Move), + ((l1, a :: l2, l3) <> (nil, nil, l4)). +Proof. +intros; discriminate. +Qed. +Hint Resolve disc1 disc2 . + +Lemma sameExec_reflexive: forall (r : State), sameExec r r. +Proof. +intros r; unfold sameExec, sameEnv, exec. +destruct r as [[t b] d]; trivial. +Qed. + +Definition base_case_Pmov_dec: + forall (s : State), + ({ exists l : list Move , s = (nil, nil, l) }) + + ({ forall l, (s <> (nil, nil, l)) }). +Proof. +destruct s as [[[|x tl] [|y tl']] l]; (try (right; intro; discriminate)). +left; exists l; auto. +Defined. + +Definition Pmov := + Fix + (well_founded_ltof _ mesure) (fun _ => State) + (fun (S1 : State) => + fun (Pmov : forall x, ltof _ mesure x S1 -> State) => + match base_case_Pmov_dec S1 with + left h => S1 + | right h => Pmov (stepf S1) (stepf_dec0' S1 h) end). + +Theorem Pmov_equation: forall S1, Pmov S1 = match S1 with + ((nil, nil), _) => S1 + | _ => Pmov (stepf S1) + end. +Proof. +intros S1; unfold Pmov at 1; + rewrite (Fix_eq + (well_founded_ltof _ mesure) (fun _ => State) + (fun (S1 : State) => + fun (Pmov : forall x, ltof _ mesure x S1 -> State) => + match base_case_Pmov_dec S1 with + left h => S1 + | right h => Pmov (stepf S1) (stepf_dec0' S1 h) end)). +fold Pmov. +destruct S1 as [[[|x tl] [|y tl']] l]; + match goal with + | |- match ?a with left _ => _ | right _ => _ end = _ => case a end; + (try (intros [l0 Heq]; discriminate Heq)); auto. +intros H; elim (H l); auto. +intros x f g Hfg_ext. +match goal with +| |- match ?a with left _ => _ | right _ => _ end = _ => case a end; auto. +Qed. + +Lemma sameExec_transitive: + forall (r1 r2 r3 : State), + (forall r, + In r (getdst (StateToMove r2 ++ StateBeing r2)) -> + In r (getdst (StateToMove r1 ++ StateBeing r1))) -> + (forall r, + In r (getdst (StateToMove r3 ++ StateBeing r3)) -> + In r (getdst (StateToMove r2 ++ StateBeing r2))) -> + sameExec r1 r2 -> sameExec r2 r3 -> sameExec r1 r3. +Proof. +intros r1 r2 r3; unfold sameExec, exec; (repeat rewrite getdst_app). +destruct r1 as [[t1 b1] d1]; destruct r2 as [[t2 b2] d2]; + destruct r3 as [[t3 b3] d3]; simpl. +intros Hin; intros. +rewrite H0; auto. +rewrite H1; auto. +intros. +apply (H3 x). +apply in_or_app; auto. +elim (in_app_or (getdst t2 ++ getdst b2) (getdst t3 ++ getdst b3) x); auto. +intros. +apply (H3 x). +apply in_or_app; auto. +elim (in_app_or (getdst t1 ++ getdst b1) (getdst t2 ++ getdst b2) x); auto. +Qed. + +Lemma dstep_inv_getdst: + forall (s1 s2 : State) r, + dstep s1 s2 -> + In r (getdst (StateToMove s2 ++ StateBeing s2)) -> + In r (getdst (StateToMove s1 ++ StateBeing s1)). +intros s1 s2 r STEP; inversion_clear STEP; + unfold StateToMove, StateBeing, StateDone; (repeat rewrite app_nil); + (repeat (rewrite getdst_app; simpl)); intro; auto. +Proof. +right; (try assumption). +elim (in_app_or (getdst t) (d :: nil) r); auto; (simpl; intros [H1|H1]); + [left; assumption | inversion H1]. +elim (in_app_or (getdst t1 ++ getdst t2) (r0 :: (d :: getdst b)) r); auto; + (simpl; intros). +elim (in_app_or (getdst t1) (getdst t2) r); auto; (simpl; intros). +apply in_or_app; left; apply in_or_app; left; assumption. +apply in_or_app; left; apply in_or_app; right; simpl; right; assumption. +elim H1; [intros H2 | intros [H2|H2]]. +apply in_or_app; left; apply in_or_app; right; simpl; left; auto. +apply in_or_app; right; simpl; left; auto. +apply in_or_app; right; simpl; right; assumption. +elim (in_app_or (getdst t) (getdst b ++ (d :: nil)) r); auto; (simpl; intros). +apply in_or_app; left; assumption. +elim (in_app_or (getdst b) (d :: nil) r); auto; (simpl; intros). +apply in_or_app; right; simpl; right; apply in_or_app; left; assumption. +elim H2; [intros H3 | intros H3; inversion H3]. +apply in_or_app; right; simpl; right; apply in_or_app; right; simpl; auto. +elim (in_app_or (getdst t) (getdst b ++ (d0 :: nil)) r); auto; (simpl; intros). +apply in_or_app; left; assumption. +elim (in_app_or (getdst b) (d0 :: nil) r); auto; simpl; + [intros H3 | intros [H3|H3]; [idtac | inversion H3]]. +apply in_or_app; right; simpl; right; apply in_or_app; left; assumption. +apply in_or_app; right; simpl; right; apply in_or_app; right; simpl; auto. +apply in_or_app; left; assumption. +Qed. + +Theorem STM_Pmov: forall (S1 : State), StateToMove (Pmov S1) = nil. +Proof. +intros S1; elim S1 using (well_founded_ind (Wf_nat.well_founded_ltof _ mesure)). +clear S1; intros S1; intros Hrec; destruct S1 as [[t b] d]; + rewrite Pmov_equation; destruct t. +destruct b; auto. +apply Hrec; apply stepf1_dec; auto. +apply Hrec; apply stepf1_dec; auto. +Qed. + +Theorem SB_Pmov: forall (S1 : State), StateBeing (Pmov S1) = nil. +Proof. +intros S1; elim S1 using (well_founded_ind (Wf_nat.well_founded_ltof _ mesure)). +clear S1; intros S1; intros Hrec; destruct S1 as [[t b] d]; + rewrite Pmov_equation; destruct t. +destruct b; auto. +apply Hrec; apply stepf1_dec; auto. +apply Hrec; apply stepf1_dec; auto. +Qed. + +Theorem Fpmov_correct: + forall (S1 : State), stepInv S1 -> sameExec S1 (Pmov S1). +Proof. +intros S1; elim S1 using (well_founded_ind (Wf_nat.well_founded_ltof _ mesure)). +clear S1; intros S1; intros Hrec Hinv; rewrite Pmov_equation; + destruct S1 as [[t b] d]. +assert + (forall (r : Reg) S1, + In r (getdst (StateToMove (Pmov (stepf S1)) ++ StateBeing (Pmov (stepf S1)))) -> + In r (getdst (StateToMove (stepf S1) ++ StateBeing (stepf S1)))). +intros r S1; rewrite (STM_Pmov (stepf S1)); rewrite SB_Pmov; simpl; intros. +inversion H. +destruct t. +destruct b. +apply sameExec_reflexive. +set (S1:=(nil (A:=Move), m :: b, d)). +assert (dstep S1 (stepf S1)); (try apply f2ind); unfold S1; auto. +elim Hinv; intros Hpath [SD [NO NT]]; assumption. +apply sameExec_transitive with (stepf S1); auto. +intros r; apply dstep_inv_getdst; auto. +apply dstepp_sameExec; auto; apply dstepp_trans with (stepf S1); auto. +apply dstepp_refl; auto. +apply Hrec; auto. +unfold ltof; apply step_dec; assumption. +apply (dstep_inv S1); assumption. +set (S1:=(m :: t, b, d)). +assert (dstep S1 (stepf S1)); (try apply f2ind); unfold S1; auto. +elim Hinv; intros Hpath [SD [NO NT]]; assumption. +apply sameExec_transitive with (stepf S1); auto. +intros r; apply dstep_inv_getdst; auto. +apply dstepp_sameExec; auto; apply dstepp_trans with (stepf S1); auto. +apply dstepp_refl; auto. +apply Hrec; auto. +unfold ltof; apply step_dec; assumption. +apply (dstep_inv S1); assumption. +Qed. + +Definition P_move := fun (p : Moves) => StateDone (Pmov (p, nil, nil)). + +Definition Sexec := sexec. + +Definition Get := get. + +Fixpoint listsLoc2Moves (src dst : list loc) {struct src} : Moves := + match src with + nil => nil + | s :: srcs => + match dst with + nil => nil + | d :: dsts => (s, d) :: listsLoc2Moves srcs dsts + end + end. + +Definition no_overlap (l1 l2 : list loc) := + forall r, In r l1 -> forall s, In s l2 -> r = s \/ Loc.diff r s. + +Definition no_overlap_state (S : State) := + no_overlap + (getsrc (StateToMove S ++ StateBeing S)) + (getdst (StateToMove S ++ StateBeing S)). + +Definition no_overlap_list := fun l => no_overlap (getsrc l) (getdst l). + +Lemma Indst_noOverlap_aux: + forall l1 l, + (forall (s : Reg), In s (getdst l1) -> l = s \/ Loc.diff l s) -> + noOverlap_aux l (getdst l1). +Proof. +intros; induction l1; simpl; auto. +destruct a as [a1 a2]; simpl; split. +elim (H a2); (try intros H0). +left; auto. +right; apply Loc.diff_sym; auto. +simpl; left; trivial. +apply IHl1; intros. +apply H; simpl; right; (try assumption). +Qed. + +Lemma no_overlap_noOverlap: + forall r, no_overlap_state r -> noOverlap (StateToMove r ++ StateBeing r). +Proof. +intros r; unfold noOverlap, no_overlap_state. +set (l1:=StateToMove r ++ StateBeing r). +unfold no_overlap; intros H l H0. +apply Indst_noOverlap_aux; intros; apply H; auto. +Qed. + +Theorem Fpmov_correctMoves: + forall p e r, + simpleDest p -> + no_overlap_list p -> + noTmp p -> + notemporary r -> + (forall (x : Reg), In x (getdst p) -> r = x \/ Loc.diff r x) -> + get (pexec p e) r = get (sexec (StateDone (Pmov (p, nil, nil))) e) r. +Proof. +intros p e r SD no_O notmp notempo. +generalize (Fpmov_correct (p, nil, nil)); unfold sameExec, exec; simpl; + rewrite SB_Pmov; rewrite STM_Pmov; simpl. +(repeat rewrite app_nil); intro. +apply H; auto. +unfold stepInv; simpl; (repeat split); (try (rewrite app_nil; assumption)); auto. +generalize (no_overlap_noOverlap (p, nil, nil)); simpl; intros; auto. +apply H0; auto; unfold no_overlap_list in H0 |-. +unfold no_overlap_state; simpl; (repeat rewrite app_nil); auto. +Qed. + +Theorem Fpmov_correct1: + forall (p : Moves) (e : Env) (r : Reg), + simpleDest p -> + no_overlap_list p -> + noTmp p -> + notemporary r -> + (forall (x : Reg), In x (getdst p) -> r = x \/ Loc.diff r x) -> + noWrite p r -> get e r = get (sexec (StateDone (Pmov (p, nil, nil))) e) r. +Proof. +intros p e r Hsd Hno_O HnoTmp Hrnotempo Hrno_Overlap Hnw. +rewrite <- (Fpmov_correctMoves p e); (try assumption). +destruct p; auto. +destruct m as [m1 m2]; simpl; case (Loc.eq m2 r); intros. +elim Hnw; intros; absurd (Loc.diff m2 r); auto. +rewrite e0; apply Loc.same_not_diff. +elim Hnw; intros H1 H2. +rewrite get_update_diff; (try assumption). +apply get_noWrite; (try assumption). +Qed. + +Lemma In_SD_diff: + forall (s d a1 a2 : Reg) (p : Moves), + In (s, d) p -> simpleDest ((a1, a2) :: p) -> Loc.diff a2 d. +Proof. +intros; induction p. +inversion H. +elim H; auto. +intro; subst a; elim H0; intros H1 H2; elim H1; intros; apply Loc.diff_sym; + assumption. +intro; apply IHp; auto. +apply simpleDest_pop2 with a; (try assumption). +Qed. + +Theorem pexec_correct: + forall (e : Env) (m : Move) (p : Moves), + In m p -> simpleDest p -> (let (s, d) := m in get (pexec p e) d = get e s). +Proof. +induction p; intros. +elim H. +destruct m. +elim (in_inv H); intro. +rewrite H1; simpl; rewrite get_update_id; auto. +destruct a as [a1 a2]; simpl. +rewrite get_update_diff. +apply IHp; auto. +apply (simpleDest_pop (a1, a2)); (try assumption). +apply (In_SD_diff r) with ( p := p ) ( a1 := a1 ); auto. +Qed. + +Lemma In_noTmp_notempo: + forall (s d : Reg) (p : Moves), In (s, d) p -> noTmp p -> notemporary d. +Proof. +intros; unfold notemporary; induction p. +inversion H. +elim H; intro. +subst a; elim H0; intros H1 [H3 H2]; (try assumption). +intro; apply IHp; auto. +destruct a; elim H0; intros _ [H2 H3]; (try assumption). +Qed. + +Lemma In_Indst: forall s d p, In (s, d) p -> In d (getdst p). +Proof. +intros; induction p; auto. +destruct a; simpl. +elim H; intro. +left; inversion H0; trivial. +right; apply IHp; auto. +Qed. + +Lemma In_SD_diff': + forall (d a1 a2 : Reg) (p : Moves), + In d (getdst p) -> simpleDest ((a1, a2) :: p) -> Loc.diff a2 d. +Proof. +intros d a1 a2 p H H0; induction p. +inversion H. +destruct a; elim H. +elim H0; simpl; intros. +subst r0. +elim H1; intros H3 H4; apply Loc.diff_sym; assumption. +intro; apply IHp; (try assumption). +apply simpleDest_pop2 with (r, r0); (try assumption). +Qed. + +Lemma In_SD_no_o: + forall (s d : Reg) (p : Moves), + In (s, d) p -> + simpleDest p -> forall (x : Reg), In x (getdst p) -> d = x \/ Loc.diff d x. +Proof. +intros s d p Hin Hsd; induction p. +inversion Hin. +destruct a as [a1 a2]; elim Hin; intros. +inversion H; subst d; subst s. +elim H0; intros H1; [left | right]; (try assumption). +apply (In_SD_diff' x a1 a2 p); auto. +elim H0. +intro; subst x. +right; apply Loc.diff_sym; apply (In_SD_diff s d a1 a2 p); auto. +intro; apply IHp; auto. +apply (simpleDest_pop (a1, a2)); assumption. +Qed. + +Lemma getdst_map: forall p, getdst p = map (fun x => snd x) p. +Proof. +induction p. +simpl; auto. +destruct a; simpl. +rewrite IHp; auto. +Qed. + +Lemma getsrc_map: forall p, getsrc p = map (fun x => fst x) p. +Proof. +induction p. +simpl; auto. +destruct a; simpl. +rewrite IHp; auto. +Qed. + +Theorem Fpmov_correct2: + forall (p : Moves) (e : Env) (m : Move), + In m p -> + simpleDest p -> + no_overlap_list p -> + noTmp p -> + (let (s, d) := m in get (sexec (StateDone (Pmov (p, nil, nil))) e) d = get e s). +Proof. +intros p e m Hin Hsd Hno_O HnoTmp; destruct m as [s d]; + generalize (Fpmov_correctMoves p e); intros. +rewrite <- H; auto. +apply pexec_correct with ( m := (s, d) ); auto. +apply (In_noTmp_notempo s d p); auto. +apply (In_SD_no_o s d p Hin Hsd). +Qed. + +Lemma notindst_nW: forall a p, Loc.notin a (getdst p) -> noWrite p a. +Proof. +induction p; simpl; auto. +destruct a0 as [a1 a2]. +simpl. +intros H; elim H; intro; split. +apply Loc.diff_sym; (try assumption). +apply IHp; auto. +Qed. + +Lemma disjoint_tmp__noTmp: + forall p, + Loc.disjoint (getsrc p) temporaries -> + Loc.disjoint (getdst p) temporaries -> noTmp p. +Proof. +induction p; simpl; auto. +destruct a as [a1 a2]; simpl getsrc; simpl getdst; unfold Loc.disjoint; intros; + (repeat split). +intro; unfold T; case (Loc.type r); apply H; (try (left; trivial; fail)). +right; left; trivial. +right; right; right; right; left; trivial. +intro; unfold T; case (Loc.type r); apply H0; (try (left; trivial; fail)). +right; left; trivial. +right; right; right; right; left; trivial. +apply IHp. +apply Loc.disjoint_cons_left with a1; auto. +apply Loc.disjoint_cons_left with a2; auto. +Qed. + +Theorem Fpmov_correct_IT3: + forall p rs, + simpleDest p -> + no_overlap_list p -> + Loc.disjoint (getsrc p) temporaries -> + Loc.disjoint (getdst p) temporaries -> + (sexec (StateDone (Pmov (p, nil, nil))) rs) (R IT3) = rs (R IT3). +Proof. +intros p rs Hsd Hno_O Hdistmpsrc Hdistmpdst. +generalize (Fpmov_correctMoves p rs); unfold get, Locmap.get; intros H2. +rewrite <- H2; auto. +generalize (get_noWrite p (R IT3)); unfold get, Locmap.get; intros. +rewrite <- H; auto. +apply notindst_nW. +apply (Loc.disjoint_notin temporaries). +apply Loc.disjoint_sym; auto. +right; right; left; trivial. +apply disjoint_tmp__noTmp; auto. +unfold notemporary, T. +intros x; case (Loc.type x); simpl; intro; discriminate. +intros x H; right; apply Loc.in_notin_diff with (getdst p); auto. +apply Loc.disjoint_notin with temporaries; auto. +apply Loc.disjoint_sym; auto. +right; right; left; trivial. +Qed. + +Theorem Fpmov_correct_map: + forall p rs, + simpleDest p -> + no_overlap_list p -> + Loc.disjoint (getsrc p) temporaries -> + Loc.disjoint (getdst p) temporaries -> + List.map (sexec (StateDone (Pmov (p, nil, nil))) rs) (getdst p) = + List.map rs (getsrc p). +Proof. +intros; rewrite getsrc_map; rewrite getdst_map; rewrite list_map_compose; + rewrite list_map_compose; apply list_map_exten; intros. +generalize (Fpmov_correct2 p rs x). +destruct x; simpl. +unfold get, Locmap.get; intros; auto. +rewrite H4; auto. +apply disjoint_tmp__noTmp; auto. +Qed. + +Theorem Fpmov_correct_ext: + forall p rs, + simpleDest p -> + no_overlap_list p -> + Loc.disjoint (getsrc p) temporaries -> + Loc.disjoint (getdst p) temporaries -> + forall l, + Loc.notin l (getdst p) -> + Loc.notin l temporaries -> + (sexec (StateDone (Pmov (p, nil, nil))) rs) l = rs l. +Proof. +intros; generalize (Fpmov_correct1 p rs l); unfold get, Locmap.get; intros. +rewrite <- H5; auto. +apply disjoint_tmp__noTmp; auto. +unfold notemporary; simpl in H4 |-; unfold T; intros x; case (Loc.type x). +elim H4; + [intros H6 H7; elim H7; [intros H8 H9; (try clear H7 H4); (try exact H8)]]. +elim H4; + [intros H6 H7; elim H7; + [intros H8 H9; elim H9; + [intros H10 H11; elim H11; + [intros H12 H13; elim H13; + [intros H14 H15; (try clear H13 H11 H9 H7 H4); (try exact H14)]]]]]. +unfold no_overlap_list, no_overlap in H0 |-; intros. +case (Loc.eq l x). +intros e; left; (try assumption). +intros n; right; (try assumption). +apply Loc.in_notin_diff with (getdst p); auto. +apply notindst_nW; auto. +Qed. diff --git a/backend/RTL.v b/backend/RTL.v new file mode 100644 index 00000000..ac9a4159 --- /dev/null +++ b/backend/RTL.v @@ -0,0 +1,349 @@ +(** The RTL intermediate language: abstract syntax and semantics. + + RTL (``Register Transfer Language'' is the first intermediate language + after Cminor. +*) + +Require Import Relations. +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Registers. + +(** * Abstract syntax *) + +(** RTL is organized as instructions, functions and programs. + Instructions correspond roughly to elementary instructions of the + target processor, but take their arguments and leave their results + in pseudo-registers (also called temporaries in textbooks). + Infinitely many pseudo-registers are available, and each function + has its own set of pseudo-registers, unaffected by function calls. + + Instructions are organized as a control-flow graph: a function is + a finite map from ``nodes'' (abstract program points) to instructions, + and each instruction lists explicitly the nodes of its successors. +*) + +Definition node := positive. + +Inductive instruction: Set := + | Inop: node -> instruction + (** No operation -- just branch to the successor. *) + | Iop: operation -> list reg -> reg -> node -> instruction + (** [Iop op args dest succ] performs the arithmetic operation [op] + over the values of registers [args], stores the result in [dest], + and branches to [succ]. *) + | Iload: memory_chunk -> addressing -> list reg -> reg -> node -> instruction + (** [Iload chunk addr args dest succ] loads a [chunk] quantity from + the address determined by the addressing mode [addr] and the + values of the [args] registers, stores the quantity just read + into [dest], and branches to [succ]. *) + | Istore: memory_chunk -> addressing -> list reg -> reg -> node -> instruction + (** [Istore chunk addr args src succ] stores the value of register + [src] in the [chunk] quantity at the + the address determined by the addressing mode [addr] and the + values of the [args] registers, then branches to [succ]. *) + | Icall: signature -> reg + ident -> list reg -> reg -> node -> instruction + (** [Icall sig fn args dest succ] invokes the function determined by + [fn] (either a function pointer found in a register or a + function name), giving it the values of registers [args] + as arguments. It stores the return value in [dest] and branches + to [succ]. *) + | Icond: condition -> list reg -> node -> node -> instruction + (** [Icond cond args ifso ifnot] evaluates the boolean condition + [cond] over the values of registers [args]. If the condition + is true, it transitions to [ifso]. If the condition is false, + it transitions to [ifnot]. *) + | Ireturn: option reg -> instruction. + (** [Ireturn] terminates the execution of the current function + (it has no successor). It returns the value of the given + register, or [Vundef] if none is given. *) + +Definition code: Set := PTree.t instruction. + +Record function: Set := mkfunction { + fn_sig: signature; + fn_params: list reg; + fn_stacksize: Z; + fn_code: code; + fn_entrypoint: node; + fn_nextpc: node; + fn_code_wf: forall (pc: node), Plt pc fn_nextpc \/ fn_code!pc = None +}. + +(** A function description comprises a control-flow graph (CFG) [fn_code] + (a partial finite mapping from nodes to instructions). As in Cminor, + [fn_sig] is the function signature and [fn_stacksize] the number of bytes + for its stack-allocated activation record. [fn_params] is the list + of registers that are bound to the values of arguments at call time. + [fn_entrypoint] is the node of the first instruction of the function + in the CFG. [fn_code_wf] asserts that all instructions of the function + have nodes no greater than [fn_nextpc]. *) + +Definition program := AST.program function. + +(** * Operational semantics *) + +Definition genv := Genv.t function. +Definition regset := Regmap.t val. + +Fixpoint init_regs (vl: list val) (rl: list reg) {struct rl} : regset := + match rl, vl with + | r1 :: rs, v1 :: vs => Regmap.set r1 v1 (init_regs vs rs) + | _, _ => Regmap.init Vundef + end. + +Section RELSEM. + +Variable ge: genv. + +Definition find_function (ros: reg + ident) (rs: regset) : option function := + match ros with + | inl r => Genv.find_funct ge rs#r + | inr symb => + match Genv.find_symbol ge symb with + | None => None + | Some b => Genv.find_funct_ptr ge b + end + end. + +(** The dynamic semantics of RTL is a combination of small-step (transition) + semantics and big-step semantics. Execution of an instruction performs + a single transition to the next instruction (small-step), except if + the instruction is a function call. In this case, the whole body of + the called function is executed at once and the transition terminates + on the instruction immediately following the call in the caller function. + Such ``mixed-step'' semantics is convenient for reasoning over + intra-procedural analyses and transformations. It also dispenses us + from making the call stack explicit in the semantics. + + The semantics is organized in three mutually inductive predicates. + The first is [exec_instr ge c sp pc rs m pc' rs' m']. [ge] is the + global environment (see module [Genv]), [c] the CFG for the current + function, and [sp] the pointer to the stack block for its + current activation (as in Cminor). [pc], [rs] and [m] is the + initial state of the transition: program point (CFG node) [pc], + register state (mapping of pseudo-registers to values) [rs], + and memory state [m]. The final state is [pc'], [rs'] and [m']. *) + +Inductive exec_instr: code -> val -> + node -> regset -> mem -> + node -> regset -> mem -> Prop := + | exec_Inop: + forall c sp pc rs m pc', + c!pc = Some(Inop pc') -> + exec_instr c sp pc rs m pc' rs m + | exec_Iop: + forall c sp pc rs m op args res pc' v, + c!pc = Some(Iop op args res pc') -> + eval_operation ge sp op rs##args = Some v -> + exec_instr c sp pc rs m pc' (rs#res <- v) m + | exec_Iload: + forall c sp pc rs m chunk addr args dst pc' a v, + c!pc = Some(Iload chunk addr args dst pc') -> + eval_addressing ge sp addr rs##args = Some a -> + Mem.loadv chunk m a = Some v -> + exec_instr c sp pc rs m pc' (rs#dst <- v) m + | exec_Istore: + forall c sp pc rs m chunk addr args src pc' a m', + c!pc = Some(Istore chunk addr args src pc') -> + eval_addressing ge sp addr rs##args = Some a -> + Mem.storev chunk m a rs#src = Some m' -> + exec_instr c sp pc rs m pc' rs m' + | exec_Icall: + forall c sp pc rs m sig ros args res pc' f vres m', + c!pc = Some(Icall sig ros args res pc') -> + find_function ros rs = Some f -> + sig = f.(fn_sig) -> + exec_function f rs##args m vres m' -> + exec_instr c sp pc rs m pc' (rs#res <- vres) m' + | exec_Icond_true: + forall c sp pc rs m cond args ifso ifnot, + c!pc = Some(Icond cond args ifso ifnot) -> + eval_condition cond rs##args = Some true -> + exec_instr c sp pc rs m ifso rs m + | exec_Icond_false: + forall c sp pc rs m cond args ifso ifnot, + c!pc = Some(Icond cond args ifso ifnot) -> + eval_condition cond rs##args = Some false -> + exec_instr c sp pc rs m ifnot rs m + +(** [exec_instrs ge c sp pc rs m pc' rs' m'] is the reflexive + transitive closure of [exec_instr]. It corresponds to the execution + of zero, one or finitely many transitions. *) + +with exec_instrs: code -> val -> + node -> regset -> mem -> + node -> regset -> mem -> Prop := + | exec_refl: + forall c sp pc rs m, + exec_instrs c sp pc rs m pc rs m + | exec_one: + forall c sp pc rs m pc' rs' m', + exec_instr c sp pc rs m pc' rs' m' -> + exec_instrs c sp pc rs m pc' rs' m' + | exec_trans: + forall c sp pc1 rs1 m1 pc2 rs2 m2 pc3 rs3 m3, + exec_instrs c sp pc1 rs1 m1 pc2 rs2 m2 -> + exec_instrs c sp pc2 rs2 m2 pc3 rs3 m3 -> + exec_instrs c sp pc1 rs1 m1 pc3 rs3 m3 + +(** [exec_function ge f args m res m'] executes a function application. + [f] is the called function, [args] the values of its arguments, + and [m] the memory state at the beginning of the call. [res] is + the returned value: the value of [r] if the function terminates with + a [Ireturn (Some r)], or [Vundef] if it terminates with [Ireturn None]. + Evaluation proceeds by executing transitions from the function's entry + point to the first [Ireturn] instruction encountered. It is preceeded + by the allocation of the stack activation block and the binding + of register parameters to the provided arguments. + (Non-parameter registers are initialized to [Vundef].) Before returning, + the stack activation block is freed. *) + +with exec_function: function -> list val -> mem -> + val -> mem -> Prop := + | exec_funct: + forall f m m1 stk args pc rs m2 or vres, + Mem.alloc m 0 f.(fn_stacksize) = (m1, stk) -> + exec_instrs f.(fn_code) (Vptr stk Int.zero) + f.(fn_entrypoint) (init_regs args f.(fn_params)) m1 + pc rs m2 -> + f.(fn_code)!pc = Some(Ireturn or) -> + vres = regmap_optget or Vundef rs -> + exec_function f args m vres (Mem.free m2 stk). + +Scheme exec_instr_ind_3 := Minimality for exec_instr Sort Prop + with exec_instrs_ind_3 := Minimality for exec_instrs Sort Prop + with exec_function_ind_3 := Minimality for exec_function Sort Prop. + +(** Some derived execution rules. *) + +Lemma exec_step: + forall c sp pc1 rs1 m1 pc2 rs2 m2 pc3 rs3 m3, + exec_instr c sp pc1 rs1 m1 pc2 rs2 m2 -> + exec_instrs c sp pc2 rs2 m2 pc3 rs3 m3 -> + exec_instrs c sp pc1 rs1 m1 pc3 rs3 m3. +Proof. + intros. eapply exec_trans. apply exec_one. eauto. eauto. +Qed. + +Lemma exec_Iop': + forall c sp pc rs m op args res pc' rs' v, + c!pc = Some(Iop op args res pc') -> + eval_operation ge sp op rs##args = Some v -> + rs' = (rs#res <- v) -> + exec_instr c sp pc rs m pc' rs' m. +Proof. + intros. subst rs'. eapply exec_Iop; eauto. +Qed. + +Lemma exec_Iload': + forall c sp pc rs m chunk addr args dst pc' rs' a v, + c!pc = Some(Iload chunk addr args dst pc') -> + eval_addressing ge sp addr rs##args = Some a -> + Mem.loadv chunk m a = Some v -> + rs' = (rs#dst <- v) -> + exec_instr c sp pc rs m pc' rs' m. +Proof. + intros. subst rs'. eapply exec_Iload; eauto. +Qed. + +(** If a transition can take place from [pc], the instruction at [pc] + is defined in the CFG. *) + +Lemma exec_instr_present: + forall c sp pc rs m pc' rs' m', + exec_instr c sp pc rs m pc' rs' m' -> + c!pc <> None. +Proof. + induction 1; congruence. +Qed. + +Lemma exec_instrs_present: + forall c sp pc rs m pc' rs' m', + exec_instrs c sp pc rs m pc' rs' m' -> + c!pc' <> None -> c!pc <> None. +Proof. + induction 1; intros. + auto. + eapply exec_instr_present; eauto. + eauto. +Qed. + +End RELSEM. + +(** Execution of whole programs. As in Cminor, we call the ``main'' function + with no arguments and observe its return value. *) + +Definition exec_program (p: program) (r: val) : Prop := + let ge := Genv.globalenv p in + let m0 := Genv.init_mem p in + exists b, exists f, exists m, + Genv.find_symbol ge p.(prog_main) = Some b /\ + Genv.find_funct_ptr ge b = Some f /\ + f.(fn_sig) = mksignature nil (Some Tint) /\ + exec_function ge f nil m0 r m. + +(** * Operations on RTL abstract syntax *) + +(** Computation of the possible successors of an instruction. + This is used in particular for dataflow analyses. *) + +Definition successors (f: function) (pc: node) : list node := + match f.(fn_code)!pc with + | None => nil + | Some i => + match i with + | Inop s => s :: nil + | Iop op args res s => s :: nil + | Iload chunk addr args dst s => s :: nil + | Istore chunk addr args src s => s :: nil + | Icall sig ros args res s => s :: nil + | Icond cond args ifso ifnot => ifso :: ifnot :: nil + | Ireturn optarg => nil + end + end. + +Lemma successors_correct: + forall ge f sp pc rs m pc' rs' m', + exec_instr ge f.(fn_code) sp pc rs m pc' rs' m' -> + In pc' (successors f pc). +Proof. + intros ge f. unfold successors. generalize (fn_code f). + induction 1; rewrite H; simpl; tauto. +Qed. + +(** Transformation of a RTL function instruction by instruction. + This applies a given transformation function to all instructions + of a function and constructs a transformed function from that. *) + +Section TRANSF. + +Variable transf: node -> instruction -> instruction. + +Lemma transf_code_wf: + forall (c: code) (nextpc: node), + (forall (pc: node), Plt pc nextpc \/ c!pc = None) -> + (forall (pc: node), Plt pc nextpc \/ (PTree.map transf c)!pc = None). +Proof. + intros. elim (H pc); intro. + left; assumption. + right. rewrite PTree.gmap. rewrite H0. reflexivity. +Qed. + +Definition transf_function (f: function) : function := + mkfunction + f.(fn_sig) + f.(fn_params) + f.(fn_stacksize) + (PTree.map transf f.(fn_code)) + f.(fn_entrypoint) + f.(fn_nextpc) + (transf_code_wf f.(fn_code) f.(fn_nextpc) f.(fn_code_wf)). + +End TRANSF. diff --git a/backend/RTLgen.v b/backend/RTLgen.v new file mode 100644 index 00000000..9dc9660d --- /dev/null +++ b/backend/RTLgen.v @@ -0,0 +1,473 @@ +(** Translation from Cminor to RTL. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Values. +Require Import Op. +Require Import Registers. +Require Import Cminor. +Require Import RTL. + +(** * Mutated variables *) + +(** The following functions compute the list of local Cminor variables + possibly modified during the evaluation of the given expression. + It is used in the [alloc_reg] function to avoid unnecessary + register-to-register moves in the generated RTL. *) + +Fixpoint mutated_expr (a: expr) : list ident := + match a with + | Evar id => nil + | Eassign id b => id :: mutated_expr b + | Eop op bl => mutated_exprlist bl + | Eload _ _ bl => mutated_exprlist bl + | Estore _ _ bl c => mutated_exprlist bl ++ mutated_expr c + | Ecall _ b cl => mutated_expr b ++ mutated_exprlist cl + | Econdition b c d => mutated_condexpr b ++ mutated_expr c ++ mutated_expr d + | Elet b c => mutated_expr b ++ mutated_expr c + | Eletvar n => nil + end + +with mutated_condexpr (a: condexpr) : list ident := + match a with + | CEtrue => nil + | CEfalse => nil + | CEcond cond bl => mutated_exprlist bl + | CEcondition b c d => + mutated_condexpr b ++ mutated_condexpr c ++ mutated_condexpr d + end + +with mutated_exprlist (l: exprlist) : list ident := + match l with + | Enil => nil + | Econs a bl => mutated_expr a ++ mutated_exprlist bl + end. + +(** * Translation environments and state *) + +(** The translation functions are parameterized by the following + compile-time environment, which maps Cminor local variables and + let-bound variables to RTL registers. The mapping for local variables + is computed from the Cminor variable declarations at the beginning of + the translation of a function, and does not change afterwards. + The mapping for let-bound variables is initially empty and updated + during translation of expressions, when crossing a [Elet] binding. *) + +Record mapping: Set := mkmapping { + map_vars: PTree.t reg; + map_letvars: list reg +}. + +(** The translation functions modify a global state, comprising the + current state of the control-flow graph for the function being translated, + as well as sources of fresh RTL registers and fresh CFG nodes. *) + +Record state: Set := mkstate { + st_nextreg: positive; + st_nextnode: positive; + st_code: code; + st_wf: forall (pc: positive), Plt pc st_nextnode \/ st_code!pc = None +}. + +(** ** The state and error monad *) + +(** The translation functions can fail to produce RTL code, for instance + if a non-declared variable is referenced. They must also modify + the global state, adding new nodes to the control-flow graph and + generating fresh temporary registers. In a language like ML or Java, + we would use exceptions to report errors and mutable data structures + to modify the global state. These luxuries are not available in Coq, + however. Instead, we use a monadic encoding of the translation: + translation functions take the current global state as argument, + and return either [Error] to denote an error, or [OK r s] to denote + success. [s] is the modified state, and [r] the result value of the + translation function. + + We now define this monadic encoding -- the ``state and error'' monad -- + as well as convenient syntax to express monadic computations. *) + +Set Implicit Arguments. + +Inductive res (A: Set) : Set := + | Error: res A + | OK: A -> state -> res A. + +Definition mon (A: Set) : Set := state -> res A. + +Definition ret (A: Set) (x: A) : mon A := fun (s: state) => OK x s. + +Definition error (A: Set) : mon A := fun (s: state) => Error A. + +Definition bind (A B: Set) (f: mon A) (g: A -> mon B) : mon B := + fun (s: state) => + match f s with + | Error => Error B + | OK a s' => g a s' + end. + +Definition bind2 (A B C: Set) (f: mon (A * B)) (g: A -> B -> mon C) : mon C := + bind f (fun xy => g (fst xy) (snd xy)). + +Notation "'do' X <- A ; B" := (bind A (fun X => B)) + (at level 200, X ident, A at level 100, B at level 200). +Notation "'do' ( X , Y ) <- A ; B" := (bind2 A (fun X Y => B)) + (at level 200, X ident, Y ident, A at level 100, B at level 200). + +(** ** Operations on state *) + +(** The initial state (empty CFG). *) + +Lemma init_state_wf: + forall pc, Plt pc 1%positive \/ (PTree.empty instruction)!pc = None. +Proof. intros; right; apply PTree.gempty. Qed. + +Definition init_state : state := + mkstate 1%positive 1%positive (PTree.empty instruction) init_state_wf. + +(** Adding a node with the given instruction to the CFG. Return the + label of the new node. *) + +Lemma add_instr_wf: + forall s i pc, + let n := s.(st_nextnode) in + Plt pc (Psucc n) \/ (PTree.set n i s.(st_code))!pc = None. +Proof. + intros. case (peq pc n); intro. + subst pc; left; apply Plt_succ. + rewrite PTree.gso; auto. + elim (st_wf s pc); intro. + left. apply Plt_trans_succ. exact H. + right; assumption. +Qed. + +Definition add_instr (i: instruction) : mon node := + fun s => + let n := s.(st_nextnode) in + OK n + (mkstate s.(st_nextreg) + (Psucc n) + (PTree.set n i s.(st_code)) + (add_instr_wf s i)). + +(** [add_instr] can be decomposed in two steps: reserving a fresh + CFG node, and filling it later with an instruction. This is needed + to compile loops. *) + +Lemma reserve_instr_wf: + forall s pc, + Plt pc (Psucc s.(st_nextnode)) \/ s.(st_code)!pc = None. +Proof. + intros. elim (st_wf s pc); intro. + left; apply Plt_trans_succ; auto. + right; auto. +Qed. + +Definition reserve_instr : mon node := + fun s => + let n := s.(st_nextnode) in + OK n (mkstate s.(st_nextreg) (Psucc n) s.(st_code) + (reserve_instr_wf s)). + +Lemma update_instr_wf: + forall s n i, + Plt n s.(st_nextnode) -> + forall pc, + Plt pc s.(st_nextnode) \/ (PTree.set n i s.(st_code))!pc = None. +Proof. + intros. + case (peq pc n); intro. + subst pc; left; assumption. + rewrite PTree.gso; auto. exact (st_wf s pc). +Qed. + +Definition update_instr (n: node) (i: instruction) : mon unit := + fun s => + match plt n s.(st_nextnode) with + | left PEQ => + OK tt (mkstate s.(st_nextreg) s.(st_nextnode) + (PTree.set n i s.(st_code)) + (@update_instr_wf s n i PEQ)) + | right _ => + Error unit + end. + +(** Generate a fresh RTL register. *) + +Definition new_reg : mon reg := + fun s => + OK s.(st_nextreg) + (mkstate (Psucc s.(st_nextreg)) + s.(st_nextnode) s.(st_code) s.(st_wf)). + +(** ** Operations on mappings *) + +Definition init_mapping : mapping := + mkmapping (PTree.empty reg) nil. + +Definition add_var (map: mapping) (name: ident) : mon (reg * mapping) := + do r <- new_reg; + ret (r, mkmapping (PTree.set name r map.(map_vars)) + map.(map_letvars)). + +Fixpoint add_vars (map: mapping) (names: list ident) + {struct names} : mon (list reg * mapping) := + match names with + | nil => ret (nil, map) + | n1 :: nl => + do (rl, map1) <- add_vars map nl; + do (r1, map2) <- add_var map1 n1; + ret (r1 :: rl, map2) + end. + +Definition find_var (map: mapping) (name: ident) : mon reg := + match PTree.get name map.(map_vars) with + | None => error reg + | Some r => ret r + end. + +Definition add_letvar (map: mapping) (r: reg) : mapping := + mkmapping map.(map_vars) (r :: map.(map_letvars)). + +Definition find_letvar (map: mapping) (idx: nat) : mon reg := + match List.nth_error map.(map_letvars) idx with + | None => error reg + | Some r => ret r + end. + +(** ** Optimized temporary generation *) + +(** [alloc_reg map mut a] returns the RTL register where the evaluation + of expression [a] should leave its result -- the ``target register'' + for evaluating [a]. In general, this is a + fresh temporary register. Exception: if [a] is a let-bound variable + or a non-mutated local variable, we return the RTL register associated + with that variable instead. Returning a fresh temporary in all cases + would be semantically correct, but would generate less efficient + RTL code. *) + +Definition alloc_reg (map: mapping) (mut: list ident) (a: expr) : mon reg := + match a with + | Evar id => + if In_dec ident_eq id mut + then new_reg + else find_var map id + | Eletvar n => + find_letvar map n + | _ => + new_reg + end. + +(** [alloc_regs] is similar, but for a list of expressions. *) + +Fixpoint alloc_regs (map: mapping) (mut:list ident) (al: exprlist) + {struct al}: mon (list reg) := + match al with + | Enil => + ret nil + | Econs a bl => + do rl <- alloc_regs map mut bl; + do r <- alloc_reg map mut a; + ret (r :: rl) + end. + +(** * RTL generation **) + +(** Insertion of a register-to-register move instruction. *) + +Definition add_move (rs rd: reg) (nd: node) : mon node := + if Reg.eq rs rd + then ret nd + else add_instr (Iop Omove (rs::nil) rd nd). + +(** Translation of an expression. [transl_expr map mut a rd nd] + enriches the current CFG with the RTL instructions necessary + to compute the value of Cminor expression [a], leave its result + in register [rd], and branch to node [nd]. It returns the node + of the first instruction in this sequence. [map] is the compile-time + translation environment, and [mut] is an over-approximation of + the set of local variables possibly modified during + the evaluation of [a]. *) + +Fixpoint transl_expr (map: mapping) (mut: list ident) + (a: expr) (rd: reg) (nd: node) + {struct a}: mon node := + match a with + | Evar v => + do r <- find_var map v; add_move r rd nd + | Eassign v b => + do r <- find_var map v; + do no <- add_move rd r nd; transl_expr map mut b rd no + | Eop op al => + do rl <- alloc_regs map mut al; + do no <- add_instr (Iop op rl rd nd); + transl_exprlist map mut al rl no + | Eload chunk addr al => + do rl <- alloc_regs map mut al; + do no <- add_instr (Iload chunk addr rl rd nd); + transl_exprlist map mut al rl no + | Estore chunk addr al b => + do rl <- alloc_regs map mut al; + do no <- add_instr (Istore chunk addr rl rd nd); + do ns <- transl_expr map mut b rd no; + transl_exprlist map mut al rl ns + | Ecall sig b cl => + do rf <- alloc_reg map mut b; + do rargs <- alloc_regs map mut cl; + do n1 <- add_instr (Icall sig (inl _ rf) rargs rd nd); + do n2 <- transl_exprlist map mut cl rargs n1; + transl_expr map mut b rf n2 + | Econdition b c d => + do nfalse <- transl_expr map mut d rd nd; + do ntrue <- transl_expr map mut c rd nd; + transl_condition map mut b ntrue nfalse + | Elet b c => + do r <- new_reg; + do nc <- transl_expr (add_letvar map r) mut c rd nd; + transl_expr map mut b r nc + | Eletvar n => + do r <- find_letvar map n; add_move r rd nd + end + +(** Translation of a conditional expression. Similar to [transl_expr], + but the expression is evaluated for its truth value, and the generated + code branches to one of two possible continuation nodes [ntrue] or + [nfalse] depending on the truth value of [a]. *) + +with transl_condition (map: mapping) (mut: list ident) + (a: condexpr) (ntrue nfalse: node) + {struct a}: mon node := + match a with + | CEtrue => + ret ntrue + | CEfalse => + ret nfalse + | CEcond cond bl => + do rl <- alloc_regs map mut bl; + do nt <- add_instr (Icond cond rl ntrue nfalse); + transl_exprlist map mut bl rl nt + | CEcondition b c d => + do nd <- transl_condition map mut d ntrue nfalse; + do nc <- transl_condition map mut c ntrue nfalse; + transl_condition map mut b nc nd + end + +(** Translation of a list of expressions. The expressions are evaluated + left-to-right, and their values left in the given list of registers. *) + +with transl_exprlist (map: mapping) (mut: list ident) + (al: exprlist) (rl: list reg) (nd: node) + {struct al} : mon node := + match al, rl with + | Enil, nil => + ret nd + | Econs b bs, r :: rs => + do no <- transl_exprlist map mut bs rs nd; transl_expr map mut b r no + | _, _ => + error node + end. + +(** Auxiliary for branch prediction. When compiling an if/then/else + statement, we have a choice between translating the ``then'' branch + first or the ``else'' branch first. Linearization of RTL control-flow + graph, performed later, will exploit this choice as a hint about + which branch is most frequently executed. However, this choice has + no impact on program correctness. We delegate the choice to an + external heuristic (written in OCaml), declared below. *) + +Parameter more_likely: condexpr -> stmtlist -> stmtlist -> bool. + +(** Translation of statements. [transl_stmt map s nd nexits nret rret] + enriches the current CFG with the RTL instructions necessary to + execute the Cminor statement [s], and returns the node of the first + instruction in this sequence. The generated instructions continue + at node [nd] if the statement terminates normally, at node [nret] + if it terminates by early return, and at the [n]-th node in the list + [nlist] if it terminates by an [exit n] construct. [rret] is the + register where the return value of the function must be stored, if any. *) + +Fixpoint transl_stmt (map: mapping) (s: stmt) (nd: node) + (nexits: list node) (nret: node) (rret: option reg) + {struct s} : mon node := + match s with + | Sexpr a => + let mut := mutated_expr a in + do r <- alloc_reg map mut a; transl_expr map mut a r nd + | Sifthenelse a strue sfalse => + let mut := mutated_condexpr a in + (if more_likely a strue sfalse then + do nfalse <- transl_stmtlist map sfalse nd nexits nret rret; + do ntrue <- transl_stmtlist map strue nd nexits nret rret; + transl_condition map mut a ntrue nfalse + else + do ntrue <- transl_stmtlist map strue nd nexits nret rret; + do nfalse <- transl_stmtlist map sfalse nd nexits nret rret; + transl_condition map mut a ntrue nfalse) + | Sloop sbody => + do nloop <- reserve_instr; + do nbody <- transl_stmtlist map sbody nloop nexits nret rret; + do x <- update_instr nloop (Inop nbody); + ret nbody + | Sblock sbody => + transl_stmtlist map sbody nd (nd :: nexits) nret rret + | Sexit n => + match nth_error nexits n with + | None => error node + | Some ne => ret ne + end + | Sreturn opt_a => + match opt_a, rret with + | None, None => ret nret + | Some a, Some r => transl_expr map (mutated_expr a) a r nret + | _, _ => error node + end + end + +(** Translation of lists of statements. *) + +with transl_stmtlist (map: mapping) (sl: stmtlist) (nd: node) + (nexits: list node) (nret: node) (rret: option reg) + {struct sl} : mon node := + match sl with + | Snil => ret nd + | Scons s1 ss => + do ns <- transl_stmtlist map ss nd nexits nret rret; + transl_stmt map s1 ns nexits nret rret + end. + +(** Translation of a Cminor function. *) + +Definition ret_reg (sig: signature) (rd: reg) : option reg := + match sig.(sig_res) with + | None => None + | Some ty => Some rd + end. + +Definition transl_fun (f: Cminor.function) : mon (node * list reg) := + do (rparams, map1) <- add_vars init_mapping f.(Cminor.fn_params); + do (rvars, map2) <- add_vars map1 f.(Cminor.fn_vars); + do rret <- new_reg; + let orret := ret_reg f.(Cminor.fn_sig) rret in + do nret <- add_instr (Ireturn orret); + do nentry <- transl_stmtlist map2 f.(Cminor.fn_body) nret nil nret orret; + ret (nentry, rparams). + +Definition transl_function (f: Cminor.function) : option RTL.function := + match transl_fun f init_state with + | Error => None + | OK (nentry, rparams) s => + Some (RTL.mkfunction + f.(Cminor.fn_sig) + rparams + f.(Cminor.fn_stackspace) + s.(st_code) + nentry + s.(st_nextnode) + s.(st_wf)) + end. + +(** Translation of a whole program. *) + +Definition transl_program (p: Cminor.program) : option RTL.program := + transform_partial_program transl_function p. diff --git a/backend/RTLgenproof.v b/backend/RTLgenproof.v new file mode 100644 index 00000000..98462d28 --- /dev/null +++ b/backend/RTLgenproof.v @@ -0,0 +1,1302 @@ +(** Correctness proof for RTL generation: main proof. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Registers. +Require Import Cminor. +Require Import RTL. +Require Import RTLgen. +Require Import RTLgenproof1. + +Section CORRECTNESS. + +Variable prog: Cminor.program. +Variable tprog: RTL.program. +Hypothesis TRANSL: transl_program prog = Some tprog. + +Let ge : Cminor.genv := Genv.globalenv prog. +Let tge : RTL.genv := Genv.globalenv tprog. + +(** Relationship between the global environments for the original + Cminor program and the generated RTL program. *) + +Lemma symbols_preserved: + forall (s: ident), Genv.find_symbol tge s = Genv.find_symbol ge s. +Proof. + intro. unfold ge, tge. + apply Genv.find_symbol_transf_partial with transl_function. + exact TRANSL. +Qed. + +Lemma function_ptr_translated: + forall (b: block) (f: Cminor.function), + Genv.find_funct_ptr ge b = Some f -> + exists tf, + Genv.find_funct_ptr tge b = Some tf /\ transl_function f = Some tf. +Proof. + intros. + generalize + (Genv.find_funct_ptr_transf_partial transl_function TRANSL H). + case (transl_function f). + intros tf [A B]. exists tf. tauto. + intros [A B]. elim B. reflexivity. +Qed. + +Lemma functions_translated: + forall (v: val) (f: Cminor.function), + Genv.find_funct ge v = Some f -> + exists tf, + Genv.find_funct tge v = Some tf /\ transl_function f = Some tf. +Proof. + intros. + generalize + (Genv.find_funct_transf_partial transl_function TRANSL H). + case (transl_function f). + intros tf [A B]. exists tf. tauto. + intros [A B]. elim B. reflexivity. +Qed. + +(** Correctness of the code generated by [add_move]. *) + +Lemma add_move_correct: + forall r1 r2 sp nd s ns s' rs m, + add_move r1 r2 nd s = OK ns s' -> + exists rs', + exec_instrs tge s'.(st_code) sp ns rs m nd rs' m /\ + rs'#r2 = rs#r1 /\ + (forall r, r <> r2 -> rs'#r = rs#r). +Proof. + intros until m. + unfold add_move. case (Reg.eq r1 r2); intro. + monadSimpl. subst s'; subst r2; subst ns. + exists rs. split. apply exec_refl. split. auto. auto. + intro. exists (rs#r2 <- (rs#r1)). + split. apply exec_one. eapply exec_Iop. eauto with rtlg. + reflexivity. + split. apply Regmap.gss. + intros. apply Regmap.gso; auto. +Qed. + +(** The proof of semantic preservation for the translation of expressions + is a simulation argument based on diagrams of the following form: +<< + I /\ P + e, m, a ------------- ns, rs, m + || | + || |* + || | + \/ v + e', m', v ----------- nd, rs', m' + I /\ Q +>> + where [transl_expr map mut a rd nd s = OK ns s']. + The left vertical arrow represents an evaluation of the expression [a] + (assumption). The right vertical arrow represents the execution of + zero, one or several instructions in the generated RTL flow graph + found in the final state [s'] (conclusion). + + The invariant [I] is the agreement between Cminor environments and + RTL register environment, as captured by [match_envs]. + + The preconditions [P] include the well-formedness of the compilation + environment [mut] and the validity of [rd] as a target register. + + The postconditions [Q] state that in the final register environment + [rs'], register [rd] contains value [v], and most other registers + valid in [s] are unchanged w.r.t. the initial register environment + [rs]. (See below for a precise specification of ``most other + registers''.) + + We formalize this simulation property by the following predicate + parameterized by the Cminor evaluation (left arrow). *) + +Definition transl_expr_correct + (sp: val) (le: letenv) (e: env) (m: mem) (a: expr) + (e': env) (m': mem) (v: val) : Prop := + forall map mut rd nd s ns s' rs + (MWF: map_wf map s) + (TE: transl_expr map mut a rd nd s = OK ns s') + (ME: match_env map e le rs) + (MUT: incl (mutated_expr a) mut) + (TRG: target_reg_ok s map mut a rd), + exists rs', + exec_instrs tge s'.(st_code) sp ns rs m nd rs' m' + /\ match_env map e' le rs' + /\ rs'#rd = v + /\ (forall r, + reg_valid r s -> ~(mutated_reg map mut r) -> + reg_in_map map r \/ r <> rd -> + rs'#r = rs#r). + +(** The simulation properties for lists of expressions and for + conditional expressions are similar. *) + +Definition transl_exprlist_correct + (sp: val) (le: letenv) (e: env) (m: mem) (al: exprlist) + (e': env) (m': mem) (vl: list val) : Prop := + forall map mut rl nd s ns s' rs + (MWF: map_wf map s) + (TE: transl_exprlist map mut al rl nd s = OK ns s') + (ME: match_env map e le rs) + (MUT: incl (mutated_exprlist al) mut) + (TRG: target_regs_ok s map mut al rl), + exists rs', + exec_instrs tge s'.(st_code) sp ns rs m nd rs' m' + /\ match_env map e' le rs' + /\ rs'##rl = vl + /\ (forall r, + reg_valid r s -> ~(mutated_reg map mut r) -> + reg_in_map map r \/ ~(In r rl) -> + rs'#r = rs#r). + +Definition transl_condition_correct + (sp: val) (le: letenv) (e: env) (m: mem) (a: condexpr) + (e': env) (m': mem) (vb: bool) : Prop := + forall map mut ntrue nfalse s ns s' rs + (MWF: map_wf map s) + (TE: transl_condition map mut a ntrue nfalse s = OK ns s') + (ME: match_env map e le rs) + (MUT: incl (mutated_condexpr a) mut), + exists rs', + exec_instrs tge s'.(st_code) sp ns rs m (if vb then ntrue else nfalse) rs' m' + /\ match_env map e' le rs' + /\ (forall r, + reg_valid r s -> ~(mutated_reg map mut r) -> + rs'#r = rs#r). + +(** For statements, we define the following auxiliary predicates + relating the outcome of the Cminor execution with the final node + and value of the return register in the RTL execution. *) + +Definition outcome_node + (out: outcome) + (ncont: node) (nexits: list node) (nret: node) (nd: node) : Prop := + match out with + | Out_normal => ncont = nd + | Out_exit n => nth_error nexits n = Some nd + | Out_return _ => nret = nd + end. + +Definition match_return_reg + (rs: regset) (rret: option reg) (v: val) : Prop := + match rret with + | None => True + | Some r => rs#r = v + end. + +Definition match_return_outcome + (out: outcome) (rret: option reg) (rs: regset) : Prop := + match out with + | Out_normal => True + | Out_exit n => True + | Out_return optv => + match rret, optv with + | None, None => True + | Some r, Some v => rs#r = v + | _, _ => False + end + end. + +(** The simulation diagram for the translation of statements and + lists of statements is of the following form: +<< + I /\ P + e, m, a ------------- ns, rs, m + || | + || |* + || | + \/ v + e', m', out --------- nd, rs', m' + I /\ Q +>> + where [transl_stmt map a ncont nexits nret rret s = OK ns s']. + The left vertical arrow represents an execution of the statement [a] + (assumption). The right vertical arrow represents the execution of + zero, one or several instructions in the generated RTL flow graph + found in the final state [s'] (conclusion). + + The invariant [I] is the agreement between Cminor environments and + RTL register environment, as captured by [match_envs]. + + The preconditions [P] include the well-formedness of the compilation + environment [mut] and the agreement between the outcome [out] + and the end node [nd]. + + The postcondition [Q] states agreement between the outcome [out] + and the value of the return register [rret]. *) + +Definition transl_stmt_correct + (sp: val) (e: env) (m: mem) (a: stmt) + (e': env) (m': mem) (out: outcome) : Prop := + forall map ncont nexits nret rret s ns s' nd rs + (MWF: map_wf map s) + (TE: transl_stmt map a ncont nexits nret rret s = OK ns s') + (ME: match_env map e nil rs) + (OUT: outcome_node out ncont nexits nret nd) + (RRG: return_reg_ok s map rret), + exists rs', + exec_instrs tge s'.(st_code) sp ns rs m nd rs' m' + /\ match_env map e' nil rs' + /\ match_return_outcome out rret rs'. + +Definition transl_stmtlist_correct + (sp: val) (e: env) (m: mem) (al: stmtlist) + (e': env) (m': mem) (out: outcome) : Prop := + forall map ncont nexits nret rret s ns s' nd rs + (MWF: map_wf map s) + (TE: transl_stmtlist map al ncont nexits nret rret s = OK ns s') + (ME: match_env map e nil rs) + (OUT: outcome_node out ncont nexits nret nd) + (RRG: return_reg_ok s map rret), + exists rs', + exec_instrs tge s'.(st_code) sp ns rs m nd rs' m' + /\ match_env map e' nil rs' + /\ match_return_outcome out rret rs'. + +(** Finally, the correctness condition for the translation of functions + is that the translated RTL function, when applied to the same arguments + as the original Cminor function, returns the same value and performs + the same modifications on the memory state. *) + +Definition transl_function_correct + (m: mem) (f: Cminor.function) (vargs: list val) + (m':mem) (vres: val) : Prop := + forall tf + (TE: transl_function f = Some tf), + exec_function tge tf vargs m vres m'. + +(** The correctness of the translation is a huge induction over + the Cminor evaluation derivation for the source program. To keep + the proof manageable, we put each case of the proof in a separate + lemma. There is one lemma for each Cminor evaluation rule. + It takes as hypotheses the premises of the Cminor evaluation rule, + plus the induction hypotheses, that is, the [transl_expr_correct], etc, + corresponding to the evaluations of sub-expressions or sub-statements. *) + +Lemma transl_expr_Evar_correct: + forall (sp: val) (le: letenv) (e: env) (m: mem) (id: ident) (v: val), + e!id = Some v -> + transl_expr_correct sp le e m (Evar id) e m v. +Proof. + intros; red; intros. monadInv TE. intro. + generalize EQ; unfold find_var. caseEq (map_vars map)!id. + intros r' MV; monadSimpl. subst s0; subst r'. + generalize (add_move_correct _ _ sp _ _ _ _ rs m TE0). + intros [rs1 [EX1 [RES1 OTHER1]]]. + exists rs1. +(* Exec *) + split. assumption. +(* Match-env *) + split. inversion TRG. + (* Optimized case rd = r *) + rewrite MV in H5; injection H5; intro; subst r. + apply match_env_exten with rs. + intros. case (Reg.eq r rd); intro. + subst r; assumption. apply OTHER1; assumption. + assumption. + (* General case rd is temp *) + apply match_env_invariant with rs. + assumption. intros. apply OTHER1. red; intro; subst r1. contradiction. +(* Result value *) + split. rewrite RES1. eauto with rtlg. +(* Other regs *) + intros. case (Reg.eq rd r0); intro. + subst r0. inversion TRG. + rewrite MV in H8; injection H8; intro; subst r. apply RES1. + byContradiction. tauto. + apply OTHER1; auto. + + intro; monadSimpl. +Qed. + +Lemma transl_expr_Eop_correct: + forall (sp: val) (le : letenv) (e : env) (m : mem) (op : operation) + (al : exprlist) (e1 : env) (m1 : mem) (vl : list val) + (v: val), + eval_exprlist ge sp le e m al e1 m1 vl -> + transl_exprlist_correct sp le e m al e1 m1 vl -> + eval_operation ge sp op vl = Some v -> + transl_expr_correct sp le e m (Eop op al) e1 m1 v. +Proof. + intros until v. intros EEL TEL EOP. red; intros. + simpl in TE. monadInv TE. intro EQ1. + simpl in MUT. + assert (TRG': target_regs_ok s1 map mut al l); eauto with rtlg. + assert (MWF': map_wf map s1). eauto with rtlg. + generalize (TEL _ _ _ _ _ _ _ _ MWF' EQ1 ME MUT TRG'). + intros [rs1 [EX1 [ME1 [RR1 RO1]]]]. + exists (rs1#rd <- v). +(* Exec *) + split. eapply exec_trans. eexact EX1. + apply exec_instrs_incr with s1. eauto with rtlg. + apply exec_one; eapply exec_Iop. eauto with rtlg. + subst vl. + rewrite (@eval_operation_preserved Cminor.function RTL.function ge tge). + eexact EOP. + exact symbols_preserved. +(* Match-env *) + split. inversion TRG. eauto with rtlg. +(* Result reg *) + split. apply Regmap.gss. +(* Other regs *) + intros. rewrite Regmap.gso. + apply RO1. eauto with rtlg. assumption. + case (In_dec Reg.eq r l); intro. + left. elim (alloc_regs_fresh_or_in_map _ _ _ _ _ _ MWF EQ r i); intro. + assumption. byContradiction; eauto with rtlg. + right; assumption. + red; intro; subst r. + elim H1; intro. inversion TRG. contradiction. + tauto. +Qed. + +Lemma transl_expr_Eassign_correct: + forall (sp: val) (le : letenv) (e : env) (m : mem) + (id : ident) (a : expr) (e1 : env) (m1 : mem) + (v : val), + eval_expr ge sp le e m a e1 m1 v -> + transl_expr_correct sp le e m a e1 m1 v -> + transl_expr_correct sp le e m (Eassign id a) (PTree.set id v e1) m1 v. +Proof. + intros; red; intros. + simpl in TE. monadInv TE. intro EQ1. + simpl in MUT. + assert (MWF0: map_wf map s1). eauto with rtlg. + assert (MUTa: incl (mutated_expr a) mut). + red. intros. apply MUT. simpl. tauto. + assert (TRGa: target_reg_ok s1 map mut a rd). + inversion TRG. apply target_reg_other; eauto with rtlg. + generalize (H0 _ _ _ _ _ _ _ _ MWF0 EQ1 ME MUTa TRGa). + intros [rs1 [EX1 [ME1 [RES1 OTHER1]]]]. + generalize (add_move_correct _ _ sp _ _ _ _ rs1 m1 EQ0). + intros [rs2 [EX2 [RES2 OTHER2]]]. + exists rs2. +(* Exec *) + split. eapply exec_trans. eexact EX1. + apply exec_instrs_incr with s1. eauto with rtlg. + exact EX2. +(* Match-env *) + split. + apply match_env_update_var with rs1 r s s0; auto. + congruence. +(* Result *) + split. case (Reg.eq rd r); intro. + subst r. congruence. + rewrite OTHER2; auto. +(* Other regs *) + intros. transitivity (rs1#r0). + apply OTHER2. red; intro; subst r0. + apply H2. red. exists id. split. apply MUT. red; tauto. + generalize EQ; unfold find_var. + destruct ((map_vars map)!id); monadSimpl. congruence. + apply OTHER1. eauto with rtlg. assumption. assumption. +Qed. + +Lemma transl_expr_Eload_correct: + forall (sp: val) (le : letenv) (e : env) (m : mem) + (chunk : memory_chunk) (addr : addressing) + (al : exprlist) (e1 : env) (m1 : mem) (v : val) + (vl : list val) (a: val), + eval_exprlist ge sp le e m al e1 m1 vl -> + transl_exprlist_correct sp le e m al e1 m1 vl -> + eval_addressing ge sp addr vl = Some a -> + Mem.loadv chunk m1 a = Some v -> + transl_expr_correct sp le e m (Eload chunk addr al) e1 m1 v. +Proof. + intros; red; intros. simpl in TE. monadInv TE. intro EQ1. clear TE. + simpl in MUT. + assert (MWF1: map_wf map s1). eauto with rtlg. + assert (TRG1: target_regs_ok s1 map mut al l). eauto with rtlg. + generalize (H0 _ _ _ _ _ _ _ _ MWF1 EQ1 ME MUT TRG1). + intros [rs1 [EX1 [ME1 [RES1 OTHER1]]]]. + exists (rs1#rd <- v). +(* Exec *) + split. eapply exec_trans. eexact EX1. + apply exec_instrs_incr with s1. eauto with rtlg. + apply exec_one. eapply exec_Iload. eauto with rtlg. + rewrite RES1. rewrite (@eval_addressing_preserved _ _ ge tge). + eexact H1. exact symbols_preserved. assumption. +(* Match-env *) + split. eapply match_env_update_temp. assumption. inversion TRG. assumption. +(* Result *) + split. apply Regmap.gss. +(* Other regs *) + intros. rewrite Regmap.gso. apply OTHER1. + eauto with rtlg. assumption. + case (In_dec Reg.eq r l); intro. + elim (alloc_regs_fresh_or_in_map _ _ _ _ _ _ MWF EQ r i); intro. + tauto. byContradiction. eauto with rtlg. + tauto. + red; intro; subst r. inversion TRG. tauto. +Qed. + +Lemma transl_expr_Estore_correct: + forall (sp: val) (le : letenv) (e : env) (m : mem) + (chunk : memory_chunk) (addr : addressing) + (al : exprlist) (b : expr) (e1 : env) (m1 : mem) + (vl : list val) (e2 : env) (m2 m3 : mem) + (v : val) (a: val), + eval_exprlist ge sp le e m al e1 m1 vl -> + transl_exprlist_correct sp le e m al e1 m1 vl -> + eval_expr ge sp le e1 m1 b e2 m2 v -> + transl_expr_correct sp le e1 m1 b e2 m2 v -> + eval_addressing ge sp addr vl = Some a -> + Mem.storev chunk m2 a v = Some m3 -> + transl_expr_correct sp le e m (Estore chunk addr al b) e2 m3 v. +Proof. + intros; red; intros. simpl in TE; monadInv TE. intro EQ2; clear TE. + simpl in MUT. + assert (MWF2: map_wf map s2). + apply map_wf_incr with s. + apply state_incr_trans2 with s0 s1; eauto with rtlg. + assumption. + assert (MUT2: incl (mutated_exprlist al) mut). eauto with coqlib. + assert (TRG2: target_regs_ok s2 map mut al l). + apply target_regs_ok_incr with s0; eauto with rtlg. + generalize (H0 _ _ _ _ _ _ _ _ MWF2 EQ2 ME MUT2 TRG2). + intros [rs1 [EX1 [ME1 [RES1 OTHER1]]]]. + assert (MWF1: map_wf map s1). eauto with rtlg. + assert (MUT1: incl (mutated_expr b) mut). eauto with coqlib. + assert (TRG1: target_reg_ok s1 map mut b rd). + inversion TRG. apply target_reg_other; eauto with rtlg. + generalize (H2 _ _ _ _ _ _ _ _ MWF1 EQ1 ME1 MUT1 TRG1). + intros [rs2 [EX2 [ME2 [RES2 OTHER2]]]]. + exists rs2. +(* Exec *) + split. eapply exec_trans. eexact EX1. + apply exec_instrs_incr with s2. eauto with rtlg. + eapply exec_trans. eexact EX2. + apply exec_instrs_incr with s1. eauto with rtlg. + apply exec_one. eapply exec_Istore. eauto with rtlg. + assert (rs2##l = rs1##l). + apply list_map_exten. intros r' IN. symmetry. apply OTHER2. + eauto with rtlg. eauto with rtlg. + elim (alloc_regs_fresh_or_in_map _ _ _ _ _ _ MWF EQ r' IN); intro. + tauto. right. apply sym_not_equal. + apply valid_fresh_different with s. inversion TRG; assumption. + assumption. + rewrite H5; rewrite RES1. + rewrite (@eval_addressing_preserved _ _ ge tge). + eexact H3. exact symbols_preserved. + rewrite RES2. assumption. +(* Match-env *) + split. assumption. +(* Result *) + split. assumption. +(* Other regs *) + intro r'; intros. transitivity (rs1#r'). + apply OTHER2. apply reg_valid_incr with s; eauto with rtlg. + assumption. assumption. + apply OTHER1. apply reg_valid_incr with s. + apply state_incr_trans2 with s0 s1; eauto with rtlg. assumption. + assumption. case (In_dec Reg.eq r' l); intro. + elim (alloc_regs_fresh_or_in_map _ _ _ _ _ _ MWF EQ r' i); intro. + tauto. byContradiction; eauto with rtlg. tauto. +Qed. + +Lemma transl_expr_Ecall_correct: + forall (sp: val) (le : letenv) (e : env) (m : mem) + (sig : signature) (a : expr) (bl : exprlist) + (e1 e2 : env) (m1 m2 m3 : mem) (vf : val) + (vargs : list val) (vres : val) (f : Cminor.function), + eval_expr ge sp le e m a e1 m1 vf -> + transl_expr_correct sp le e m a e1 m1 vf -> + eval_exprlist ge sp le e1 m1 bl e2 m2 vargs -> + transl_exprlist_correct sp le e1 m1 bl e2 m2 vargs -> + Genv.find_funct ge vf = Some f -> + Cminor.fn_sig f = sig -> + eval_funcall ge m2 f vargs m3 vres -> + transl_function_correct m2 f vargs m3 vres -> + transl_expr_correct sp le e m (Ecall sig a bl) e2 m3 vres. +Proof. + intros. red; simpl; intros. + monadInv TE. intro EQ3. clear TE. + assert (MUTa: incl (mutated_expr a) mut). eauto with coqlib. + assert (MUTbl: incl (mutated_exprlist bl) mut). eauto with coqlib. + assert (MWFa: map_wf map s3). + apply map_wf_incr with s. + apply state_incr_trans3 with s0 s1 s2; eauto with rtlg. + assumption. + assert (TRGr: target_reg_ok s3 map mut a r). + apply target_reg_ok_incr with s0. + apply state_incr_trans2 with s1 s2; eauto with rtlg. + eauto with rtlg. + generalize (H0 _ _ _ _ _ _ _ _ MWFa EQ3 ME MUTa TRGr). + intros [rs1 [EX1 [ME1 [RES1 OTHER1]]]]. + clear MUTa MWFa TRGr. + assert (MWFbl: map_wf map s2). + apply map_wf_incr with s. + apply state_incr_trans2 with s0 s1; eauto with rtlg. + assumption. + assert (TRGl: target_regs_ok s2 map mut bl l). + apply target_regs_ok_incr with s1; eauto with rtlg. + generalize (H2 _ _ _ _ _ _ _ _ MWFbl EQ2 ME1 MUTbl TRGl). + intros [rs2 [EX2 [ME2 [RES2 OTHER2]]]]. + clear MUTbl MWFbl TRGl. + + generalize (functions_translated vf f H3). intros [tf [TFIND TF]]. + generalize (H6 tf TF). intro EXF. + + assert (EX3: exec_instrs tge (st_code s2) sp n rs2 m2 + nd (rs2#rd <- vres) m3). + apply exec_one. eapply exec_Icall. + eauto with rtlg. simpl. replace (rs2#r) with vf. eexact TFIND. + rewrite <- RES1. symmetry. apply OTHER2. + apply reg_valid_incr with s0; eauto with rtlg. + apply target_reg_not_mutated with s0 a. + eauto with rtlg. eauto with rtlg. + assert (MWFs0: map_wf map s0). eauto with rtlg. + case (In_dec Reg.eq r l); intro. + elim (alloc_regs_fresh_or_in_map _ _ _ _ _ _ MWFs0 EQ0 r i); intro. + tauto. byContradiction. apply valid_fresh_absurd with r s0. + eauto with rtlg. assumption. + tauto. + generalize TF. unfold transl_function. + destruct (transl_fun f init_state). + intro; discriminate. destruct p. intros. injection TF0. intro. + rewrite <- H7; simpl. auto. + rewrite RES2. assumption. + + exists (rs2#rd <- vres). +(* Exec *) + split. eapply exec_trans. eexact EX1. + apply exec_instrs_incr with s3. eauto with rtlg. + eapply exec_trans. eexact EX2. + apply exec_instrs_incr with s2. eauto with rtlg. + exact EX3. +(* Match env *) + split. apply match_env_update_temp. assumption. + inversion TRG. assumption. +(* Result *) + split. apply Regmap.gss. +(* Other regs *) + intros. + rewrite Regmap.gso. transitivity (rs1#r0). + apply OTHER2. + apply reg_valid_incr with s. + apply state_incr_trans2 with s0 s1; eauto with rtlg. + assumption. + assumption. + assert (MWFs0: map_wf map s0). eauto with rtlg. + case (In_dec Reg.eq r0 l); intro. + elim (alloc_regs_fresh_or_in_map _ _ _ _ _ _ MWFs0 EQ0 r0 i); intro. + tauto. byContradiction. apply valid_fresh_absurd with r0 s0. + eauto with rtlg. assumption. + tauto. + apply OTHER1. + apply reg_valid_incr with s. + apply state_incr_trans3 with s0 s1 s2; eauto with rtlg. + assumption. + assumption. + case (Reg.eq r0 r); intro. + subst r0. + elim (alloc_reg_fresh_or_in_map _ _ _ _ _ _ MWF EQ); intro. + tauto. byContradiction; eauto with rtlg. + tauto. + red; intro; subst r0. + inversion TRG. tauto. +Qed. + +Lemma transl_expr_Econdition_correct: + forall (sp: val) (le : letenv) (e : env) (m : mem) + (a : condexpr) (b c : expr) (e1 : env) (m1 : mem) + (v1 : bool) (e2 : env) (m2 : mem) (v2 : val), + eval_condexpr ge sp le e m a e1 m1 v1 -> + transl_condition_correct sp le e m a e1 m1 v1 -> + eval_expr ge sp le e1 m1 (if v1 then b else c) e2 m2 v2 -> + transl_expr_correct sp le e1 m1 (if v1 then b else c) e2 m2 v2 -> + transl_expr_correct sp le e m (Econdition a b c) e2 m2 v2. +Proof. + intros; red; intros. simpl in TE; monadInv TE. intro EQ1; clear TE. + simpl in MUT. + + assert (MWF1: map_wf map s1). + apply map_wf_incr with s. eauto with rtlg. assumption. + assert (MUT1: incl (mutated_condexpr a) mut). eauto with coqlib. + generalize (H0 _ _ _ _ _ _ _ _ MWF1 EQ1 ME MUT1). + intros [rs1 [EX1 [ME1 OTHER1]]]. + destruct v1. + + assert (MWF0: map_wf map s0). eauto with rtlg. + assert (MUT0: incl (mutated_expr b) mut). eauto with coqlib. + assert (TRG0: target_reg_ok s0 map mut b rd). + inversion TRG. apply target_reg_other; eauto with rtlg. + generalize (H2 _ _ _ _ _ _ _ _ MWF0 EQ0 ME1 MUT0 TRG0). + intros [rs2 [EX2 [ME2 [RES2 OTHER2]]]]. + exists rs2. +(* Exec *) + split. eapply exec_trans. eexact EX1. + apply exec_instrs_incr with s1. eauto with rtlg. + exact EX2. +(* Match-env *) + split. assumption. +(* Result value *) + split. assumption. +(* Other regs *) + intros. transitivity (rs1#r). + apply OTHER2; auto. eauto with rtlg. + apply OTHER1; auto. apply reg_valid_incr with s. + apply state_incr_trans with s0; eauto with rtlg. assumption. + + assert (MUTc: incl (mutated_expr c) mut). eauto with coqlib. + assert (TRGc: target_reg_ok s map mut c rd). + inversion TRG. apply target_reg_other; auto. + generalize (H2 _ _ _ _ _ _ _ _ MWF EQ ME1 MUTc TRGc). + intros [rs2 [EX2 [ME2 [RES2 OTHER2]]]]. + exists rs2. +(* Exec *) + split. eapply exec_trans. eexact EX1. + apply exec_instrs_incr with s0. eauto with rtlg. + exact EX2. +(* Match-env *) + split. assumption. +(* Result value *) + split. assumption. +(* Other regs *) + intros. transitivity (rs1#r). + apply OTHER2; auto. eauto with rtlg. + apply OTHER1; auto. apply reg_valid_incr with s. + apply state_incr_trans2 with s0 s1; eauto with rtlg. assumption. +Qed. + +Lemma transl_expr_Elet_correct: + forall (sp: val) (le : letenv) (e : env) (m : mem) + (a b : expr) (e1 : env) (m1 : mem) (v1 : val) + (e2 : env) (m2 : mem) (v2 : val), + eval_expr ge sp le e m a e1 m1 v1 -> + transl_expr_correct sp le e m a e1 m1 v1 -> + eval_expr ge sp (v1 :: le) e1 m1 b e2 m2 v2 -> + transl_expr_correct sp (v1 :: le) e1 m1 b e2 m2 v2 -> + transl_expr_correct sp le e m (Elet a b) e2 m2 v2. +Proof. + intros; red; intros. + simpl in TE; monadInv TE. intro EQ1. + simpl in MUT. + assert (MWF1: map_wf map s1). eauto with rtlg. + assert (MUT1: incl (mutated_expr a) mut). eauto with coqlib. + assert (TRG1: target_reg_ok s1 map mut a r). + eapply target_reg_other; eauto with rtlg. + generalize (H0 _ _ _ _ _ _ _ _ MWF1 EQ1 ME MUT1 TRG1). + intros [rs1 [EX1 [ME1 [RES1 OTHER1]]]]. + assert (MWF2: map_wf (add_letvar map r) s0). + apply add_letvar_wf; eauto with rtlg. + assert (MUT2: incl (mutated_expr b) mut). eauto with coqlib. + assert (ME2: match_env (add_letvar map r) e1 (v1 :: le) rs1). + apply match_env_letvar; assumption. + assert (TRG2: target_reg_ok s0 (add_letvar map r) mut b rd). + inversion TRG. apply target_reg_other. + unfold reg_in_map, add_letvar; simpl. red; intro. + elim H10; intro. apply H3. left. assumption. + elim H11; intro. apply valid_fresh_absurd with rd s. + assumption. rewrite <- H12. eauto with rtlg. + apply H3. right. assumption. + eauto with rtlg. + generalize (H2 _ _ _ _ _ _ _ _ MWF2 EQ0 ME2 MUT2 TRG2). + intros [rs2 [EX2 [ME3 [RES2 OTHER2]]]]. + exists rs2. +(* Exec *) + split. eapply exec_trans. eexact EX1. + apply exec_instrs_incr with s1. eauto with rtlg. exact EX2. +(* Match-env *) + split. apply mk_match_env. exact (me_vars _ _ _ _ ME3). + generalize (me_letvars _ _ _ _ ME3). + unfold add_letvar; simpl. intro X; injection X; auto. +(* Result *) + split. assumption. +(* Other regs *) + intros. transitivity (rs1#r0). + apply OTHER2. eauto with rtlg. + unfold mutated_reg. unfold add_letvar; simpl. assumption. + elim H5; intro. left. + unfold reg_in_map, add_letvar; simpl. + unfold reg_in_map in H6; tauto. + tauto. + apply OTHER1. eauto with rtlg. + assumption. + right. red; intro. apply valid_fresh_absurd with r0 s. + assumption. rewrite H6. eauto with rtlg. +Qed. + +Lemma transl_expr_Eletvar_correct: + forall (sp: val) (le : list val) (e : env) + (m : mem) (n : nat) (v : val), + nth_error le n = Some v -> + transl_expr_correct sp le e m (Eletvar n) e m v. +Proof. + intros; red; intros. + simpl in TE; monadInv TE. intro EQ1. + generalize EQ. unfold find_letvar. + caseEq (nth_error (map_letvars map) n). + intros r0 NE; monadSimpl. subst s0; subst r0. + generalize (add_move_correct _ _ sp _ _ _ _ rs m EQ1). + intros [rs1 [EX1 [RES1 OTHER1]]]. + exists rs1. +(* Exec *) + split. exact EX1. +(* Match-env *) + split. inversion TRG. + assert (r = rd). congruence. + subst r. apply match_env_exten with rs. + intros. case (Reg.eq r rd); intro. subst r; auto. auto. auto. + apply match_env_invariant with rs. auto. + intros. apply OTHER1. red;intro;subst r1. contradiction. +(* Result *) + split. rewrite RES1. + generalize H. rewrite <- (me_letvars _ _ _ _ ME). + change positive with reg. + rewrite list_map_nth. rewrite NE. simpl. congruence. +(* Other regs *) + intros. inversion TRG. + assert (r = rd). congruence. subst r. + case (Reg.eq r0 rd); intro. subst r0; auto. auto. + apply OTHER1. red; intro; subst r0. tauto. + + intro; monadSimpl. +Qed. + +Lemma transl_condition_CEtrue_correct: + forall (sp: val) (le : letenv) (e : env) (m : mem), + transl_condition_correct sp le e m CEtrue e m true. +Proof. + intros; red; intros. simpl in TE; monadInv TE. subst ns. + exists rs. split. apply exec_refl. split. auto. auto. +Qed. + +Lemma transl_condition_CEfalse_correct: + forall (sp: val) (le : letenv) (e : env) (m : mem), + transl_condition_correct sp le e m CEfalse e m false. +Proof. + intros; red; intros. simpl in TE; monadInv TE. subst ns. + exists rs. split. apply exec_refl. split. auto. auto. +Qed. + +Lemma transl_condition_CEcond_correct: + forall (sp: val) (le : letenv) (e : env) (m : mem) + (cond : condition) (al : exprlist) (e1 : env) + (m1 : mem) (vl : list val) (b : bool), + eval_exprlist ge sp le e m al e1 m1 vl -> + transl_exprlist_correct sp le e m al e1 m1 vl -> + eval_condition cond vl = Some b -> + transl_condition_correct sp le e m (CEcond cond al) e1 m1 b. +Proof. + intros; red; intros. simpl in TE; monadInv TE. intro EQ1; clear TE. + assert (MWF1: map_wf map s1). eauto with rtlg. + simpl in MUT. + assert (TRG: target_regs_ok s1 map mut al l). + eauto with rtlg. + generalize (H0 _ _ _ _ _ _ _ _ MWF1 EQ1 ME MUT TRG). + intros [rs1 [EX1 [ME1 [RES1 OTHER1]]]]. + exists rs1. +(* Exec *) + split. eapply exec_trans. eexact EX1. + apply exec_instrs_incr with s1. eauto with rtlg. + apply exec_one. + destruct b. + eapply exec_Icond_true. eauto with rtlg. + rewrite RES1. assumption. + eapply exec_Icond_false. eauto with rtlg. + rewrite RES1. assumption. +(* Match-env *) + split. assumption. +(* Regs *) + intros. apply OTHER1. eauto with rtlg. assumption. + case (In_dec Reg.eq r l); intro. + elim (alloc_regs_fresh_or_in_map _ _ _ _ _ _ MWF EQ r i); intro. + tauto. byContradiction; eauto with rtlg. + tauto. +Qed. + +Lemma transl_condition_CEcondition_correct: + forall (sp: val) (le : letenv) (e : env) (m : mem) + (a b c : condexpr) (e1 : env) (m1 : mem) + (vb1 : bool) (e2 : env) (m2 : mem) (vb2 : bool), + eval_condexpr ge sp le e m a e1 m1 vb1 -> + transl_condition_correct sp le e m a e1 m1 vb1 -> + eval_condexpr ge sp le e1 m1 (if vb1 then b else c) e2 m2 vb2 -> + transl_condition_correct sp le e1 m1 (if vb1 then b else c) e2 m2 vb2 -> + transl_condition_correct sp le e m (CEcondition a b c) e2 m2 vb2. +Proof. + intros; red; intros. simpl in TE; monadInv TE. intro EQ1; clear TE. + simpl in MUT. + assert (MWF1: map_wf map s1). eauto with rtlg. + assert (MUTa: incl (mutated_condexpr a) mut). eauto with coqlib. + generalize (H0 _ _ _ _ _ _ _ _ MWF1 EQ1 ME MUTa). + intros [rs1 [EX1 [ME1 OTHER1]]]. + destruct vb1. + + assert (MWF0: map_wf map s0). eauto with rtlg. + assert (MUTb: incl (mutated_condexpr b) mut). eauto with coqlib. + generalize (H2 _ _ _ _ _ _ _ _ MWF0 EQ0 ME1 MUTb). + intros [rs2 [EX2 [ME2 OTHER2]]]. + exists rs2. + split. eapply exec_trans. eexact EX1. + apply exec_instrs_incr with s1. eauto with rtlg. + exact EX2. + split. assumption. + intros. transitivity (rs1#r). + apply OTHER2; eauto with rtlg. + apply OTHER1; eauto with rtlg. + + assert (MUTc: incl (mutated_condexpr c) mut). eauto with coqlib. + generalize (H2 _ _ _ _ _ _ _ _ MWF EQ ME1 MUTc). + intros [rs2 [EX2 [ME2 OTHER2]]]. + exists rs2. + split. eapply exec_trans. eexact EX1. + apply exec_instrs_incr with s0. eauto with rtlg. + exact EX2. + split. assumption. + intros. transitivity (rs1#r). + apply OTHER2; eauto with rtlg. + apply OTHER1; eauto with rtlg. +Qed. + +Lemma transl_exprlist_Enil_correct: + forall (sp: val) (le : letenv) (e : env) (m : mem), + transl_exprlist_correct sp le e m Enil e m nil. +Proof. + intros; red; intros. + generalize TE. simpl. destruct rl; monadSimpl. + subst s'; subst ns. exists rs. + split. apply exec_refl. + split. assumption. + split. reflexivity. + intros. reflexivity. +Qed. + +Lemma transl_exprlist_Econs_correct: + forall (sp: val) (le : letenv) (e : env) (m : mem) + (a : expr) (bl : exprlist) (e1 : env) (m1 : mem) + (v : val) (e2 : env) (m2 : mem) (vl : list val), + eval_expr ge sp le e m a e1 m1 v -> + transl_expr_correct sp le e m a e1 m1 v -> + eval_exprlist ge sp le e1 m1 bl e2 m2 vl -> + transl_exprlist_correct sp le e1 m1 bl e2 m2 vl -> + transl_exprlist_correct sp le e m (Econs a bl) e2 m2 (v :: vl). +Proof. + intros. red. intros. + inversion TRG. + rewrite <- H10 in TE. simpl in TE. monadInv TE. intro EQ1. + simpl in MUT. + assert (MUT1: incl (mutated_expr a) mut); eauto with coqlib. + assert (MUT2: incl (mutated_exprlist bl) mut); eauto with coqlib. + assert (MWF1: map_wf map s1); eauto with rtlg. + assert (TRG1: target_reg_ok s1 map mut a r); eauto with rtlg. + generalize (H0 _ _ _ _ _ _ _ _ MWF1 EQ1 ME MUT1 TRG1). + intros [rs1 [EX1 [ME1 [RES1 OTHER1]]]]. + generalize (H2 _ _ _ _ _ _ _ _ MWF EQ ME1 MUT2 H11). + intros [rs2 [EX2 [ME2 [RES2 OTHER2]]]]. + exists rs2. +(* Exec *) + split. eapply exec_trans. eexact EX1. + apply exec_instrs_incr with s1. eauto with rtlg. assumption. +(* Match-env *) + split. assumption. +(* Results *) + split. simpl. rewrite RES2. rewrite OTHER2. rewrite RES1. + reflexivity. + eauto with rtlg. + eauto with rtlg. + assumption. +(* Other regs *) + simpl. intros. + transitivity (rs1#r0). + apply OTHER2; auto. tauto. + apply OTHER1; auto. eauto with rtlg. + elim H14; intro. left; assumption. right; apply sym_not_equal; tauto. +Qed. + +Lemma transl_funcall_correct: + forall (m : mem) (f : Cminor.function) (vargs : list val) + (m1 : mem) (sp : block) (e e2 : env) (m2 : mem) + (out : outcome) (vres : val), + Mem.alloc m 0 (fn_stackspace f) = (m1, sp) -> + set_locals (Cminor.fn_vars f) (set_params vargs (Cminor.fn_params f)) = e -> + exec_stmtlist ge (Vptr sp Int.zero) e m1 (fn_body f) e2 m2 out -> + transl_stmtlist_correct (Vptr sp Int.zero) e m1 (fn_body f) e2 m2 out -> + outcome_result_value out f.(Cminor.fn_sig).(sig_res) vres -> + transl_function_correct m f vargs (Mem.free m2 sp) vres. +Proof. + intros; red; intros. + generalize TE. unfold transl_function. + caseEq (transl_fun f init_state). + intros; discriminate. + intros ns s. unfold transl_fun. monadSimpl. + subst ns. intros EQ4. injection EQ4; intro TF; clear EQ4. + subst s4. + + pose (rs := init_regs vargs x). + assert (ME: match_env y0 e nil rs). + rewrite <- H0. unfold rs. + eapply match_init_env_init_reg; eauto. + + assert (OUT: outcome_node out n nil n n). + red. generalize H3. unfold outcome_result_value. + destruct out; contradiction || auto. + + assert (MWF1: map_wf y0 s1). + eapply add_vars_wf. eexact EQ0. + eapply add_vars_wf. eexact EQ. + apply init_mapping_wf. + + assert (MWF: map_wf y0 s3). + apply map_wf_incr with s1. apply state_incr_trans with s2; eauto with rtlg. + assumption. + + assert (RRG: return_reg_ok s3 y0 (ret_reg (Cminor.fn_sig f) r)). + apply return_reg_ok_incr with s2. eauto with rtlg. + apply new_reg_return_ok with s1; assumption. + + generalize (H2 _ _ _ _ _ _ _ _ _ rs MWF EQ3 ME OUT RRG). + intros [rs1 [EX1 [ME1 MR1]]]. + + apply exec_funct with m1 n rs1 (ret_reg (Cminor.fn_sig f) r). + rewrite <- TF; simpl; assumption. + rewrite <- TF; simpl. exact EX1. + rewrite <- TF; simpl. apply instr_at_incr with s3. + eauto with rtlg. discriminate. eauto with rtlg. + generalize MR1. unfold match_return_outcome. + generalize H3. unfold outcome_result_value. + unfold ret_reg; destruct (sig_res (Cminor.fn_sig f)). + unfold regmap_optget. destruct out; try contradiction. + destruct o; try contradiction. intros; congruence. + unfold regmap_optget. destruct out; contradiction||auto. + destruct o; contradiction||auto. +Qed. + +Lemma transl_stmt_Sexpr_correct: + forall (sp: val) (e : env) (m : mem) (a : expr) + (e1 : env) (m1 : mem) (v : val), + eval_expr ge sp nil e m a e1 m1 v -> + transl_expr_correct sp nil e m a e1 m1 v -> + transl_stmt_correct sp e m (Sexpr a) e1 m1 Out_normal. +Proof. + intros; red; intros. + simpl in OUT. subst nd. + unfold transl_stmt in TE. monadInv TE. intro EQ1. + assert (MWF0: map_wf map s0). eauto with rtlg. + assert (TRG: target_reg_ok s0 map (mutated_expr a) a r). eauto with rtlg. + generalize (H0 _ _ _ _ _ _ _ _ MWF0 EQ1 ME (incl_refl (mutated_expr a)) TRG). + intros [rs1 [EX1 [ME1 [RES1 OTHER1]]]]. + exists rs1; simpl; tauto. +Qed. + +Lemma transl_stmt_Sifthenelse_correct: + forall (sp: val) (e : env) (m : mem) (a : condexpr) + (sl1 sl2 : stmtlist) (e1 : env) (m1 : mem) + (v1 : bool) (e2 : env) (m2 : mem) (out : outcome), + eval_condexpr ge sp nil e m a e1 m1 v1 -> + transl_condition_correct sp nil e m a e1 m1 v1 -> + exec_stmtlist ge sp e1 m1 (if v1 then sl1 else sl2) e2 m2 out -> + transl_stmtlist_correct sp e1 m1 (if v1 then sl1 else sl2) e2 m2 out -> + transl_stmt_correct sp e m (Sifthenelse a sl1 sl2) e2 m2 out. +Proof. + intros; red; intros until rs; intro MWF. + simpl. case (more_likely a sl1 sl2); monadSimpl; intro EQ2; intros. + assert (MWF1: map_wf map s1). eauto with rtlg. + generalize (H0 _ _ _ _ _ _ _ rs MWF1 EQ2 ME (incl_refl _)). + intros [rs1 [EX1 [ME1 OTHER1]]]. + destruct v1. + assert (MWF0: map_wf map s0). eauto with rtlg. + assert (RRG0: return_reg_ok s0 map rret). eauto with rtlg. + generalize (H2 _ _ _ _ _ _ _ _ _ _ MWF0 EQ0 ME1 OUT RRG0). + intros [rs2 [EX2 [ME2 MRE2]]]. + exists rs2. split. + eapply exec_trans. eexact EX1. apply exec_instrs_incr with s1. + eauto with rtlg. exact EX2. + tauto. + generalize (H2 _ _ _ _ _ _ _ _ _ _ MWF EQ ME1 OUT RRG). + intros [rs2 [EX2 [ME2 MRE2]]]. + exists rs2. split. + eapply exec_trans. eexact EX1. apply exec_instrs_incr with s0. + eauto with rtlg. exact EX2. + tauto. + + assert (MWF1: map_wf map s1). eauto with rtlg. + generalize (H0 _ _ _ _ _ _ _ rs MWF1 EQ2 ME (incl_refl _)). + intros [rs1 [EX1 [ME1 OTHER1]]]. + destruct v1. + generalize (H2 _ _ _ _ _ _ _ _ _ _ MWF EQ ME1 OUT RRG). + intros [rs2 [EX2 [ME2 MRE2]]]. + exists rs2. split. + eapply exec_trans. eexact EX1. apply exec_instrs_incr with s0. + eauto with rtlg. exact EX2. + tauto. + assert (MWF0: map_wf map s0). eauto with rtlg. + assert (RRG0: return_reg_ok s0 map rret). eauto with rtlg. + generalize (H2 _ _ _ _ _ _ _ _ _ _ MWF0 EQ0 ME1 OUT RRG0). + intros [rs2 [EX2 [ME2 MRE2]]]. + exists rs2. split. + eapply exec_trans. eexact EX1. apply exec_instrs_incr with s1. + eauto with rtlg. exact EX2. + tauto. +Qed. + +Lemma transl_stmt_Sloop_loop_correct: + forall (sp: val) (e : env) (m : mem) (sl : stmtlist) + (e1 : env) (m1 : mem) (e2 : env) (m2 : mem) + (out : outcome), + exec_stmtlist ge sp e m sl e1 m1 Out_normal -> + transl_stmtlist_correct sp e m sl e1 m1 Out_normal -> + exec_stmt ge sp e1 m1 (Sloop sl) e2 m2 out -> + transl_stmt_correct sp e1 m1 (Sloop sl) e2 m2 out -> + transl_stmt_correct sp e m (Sloop sl) e2 m2 out. +Proof. + intros; red; intros. + generalize TE. simpl. monadSimpl. subst s2; subst n0. intros. + assert (MWF0: map_wf map s0). apply map_wf_incr with s. + eapply reserve_instr_incr; eauto. + assumption. + assert (OUT0: outcome_node Out_normal n nexits nret n). + unfold outcome_node. auto. + assert (RRG0: return_reg_ok s0 map rret). + apply return_reg_ok_incr with s. + eapply reserve_instr_incr; eauto. + assumption. + generalize (H0 _ _ _ _ _ _ _ _ _ _ MWF0 EQ0 ME OUT0 RRG0). + intros [rs1 [EX1 [ME1 MR1]]]. + generalize (H2 _ _ _ _ _ _ _ _ _ _ MWF TE ME1 OUT RRG). + intros [rs2 [EX2 [ME2 MR2]]]. + exists rs2. + split. eapply exec_trans. + apply exec_instrs_extends with s1. + eapply update_instr_extends. + eexact EQ. eauto with rtlg. eexact EQ1. eexact EX1. + apply exec_trans with ns rs1 m1. + apply exec_one. apply exec_Inop. + generalize EQ1. unfold update_instr. + case (plt n (st_nextnode s1)); intro; monadSimpl. + rewrite <- H4. simpl. apply PTree.gss. + exact EX2. + tauto. +Qed. + +Lemma transl_stmt_Sloop_stop_correct: + forall (sp: val) (e : env) (m : mem) (sl : stmtlist) + (e1 : env) (m1 : mem) (out : outcome), + exec_stmtlist ge sp e m sl e1 m1 out -> + transl_stmtlist_correct sp e m sl e1 m1 out -> + out <> Out_normal -> + transl_stmt_correct sp e m (Sloop sl) e1 m1 out. +Proof. + intros; red; intros. + simpl in TE. monadInv TE. subst s2; subst n0. + assert (MWF0: map_wf map s0). apply map_wf_incr with s. + eapply reserve_instr_incr; eauto. assumption. + assert (OUT0: outcome_node out n nexits nret nd). + generalize OUT. unfold outcome_node. + destruct out; auto. elim H1; auto. + assert (RRG0: return_reg_ok s0 map rret). + apply return_reg_ok_incr with s. + eapply reserve_instr_incr; eauto. + assumption. + generalize (H0 _ _ _ _ _ _ _ _ _ _ MWF0 EQ0 ME OUT0 RRG0). + intros [rs1 [EX1 [ME1 MR1]]]. + exists rs1. split. + apply exec_instrs_extends with s1. + eapply update_instr_extends. + eexact EQ. eauto with rtlg. eexact EQ1. eexact EX1. + tauto. +Qed. + +Lemma transl_stmt_Sblock_correct: + forall (sp: val) (e : env) (m : mem) (sl : stmtlist) + (e1 : env) (m1 : mem) (out : outcome), + exec_stmtlist ge sp e m sl e1 m1 out -> + transl_stmtlist_correct sp e m sl e1 m1 out -> + transl_stmt_correct sp e m (Sblock sl) e1 m1 (outcome_block out). +Proof. + intros; red; intros. simpl in TE. + assert (OUT': outcome_node out ncont (ncont :: nexits) nret nd). + generalize OUT. unfold outcome_node, outcome_block. + destruct out. + auto. + destruct n. simpl. intro; unfold value; congruence. + simpl. auto. + auto. + generalize (H0 _ _ _ _ _ _ _ _ _ _ MWF TE ME OUT' RRG). + intros [rs1 [EX1 [ME1 MR1]]]. + exists rs1. + split. assumption. + split. assumption. + generalize MR1. unfold match_return_outcome, outcome_block. + destruct out; auto. + destruct n; simpl; auto. +Qed. + +Lemma transl_stmt_Sexit_correct: + forall (sp: val) (e : env) (m : mem) (n : nat), + transl_stmt_correct sp e m (Sexit n) e m (Out_exit n). +Proof. + intros; red; intros. + generalize TE. simpl. caseEq (nth_error nexits n). + intros n' NE. monadSimpl. subst n'. + simpl in OUT. assert (ns = nd). congruence. subst ns. + exists rs. intuition. apply exec_refl. + intro. monadSimpl. +Qed. + +Lemma transl_stmt_Sreturn_none_correct: + forall (sp: val) (e : env) (m : mem), + transl_stmt_correct sp e m (Sreturn None) e m (Out_return None). +Proof. + intros; red; intros. generalize TE. simpl. + destruct rret; monadSimpl. + simpl in OUT. subst ns; subst nret. + exists rs. intuition. apply exec_refl. +Qed. + +Lemma transl_stmt_Sreturn_some_correct: + forall (sp: val) (e : env) (m : mem) (a : expr) + (e1 : env) (m1 : mem) (v : val), + eval_expr ge sp nil e m a e1 m1 v -> + transl_expr_correct sp nil e m a e1 m1 v -> + transl_stmt_correct sp e m (Sreturn (Some a)) e1 m1 (Out_return (Some v)). +Proof. + intros; red; intros. generalize TE; simpl. + destruct rret. intro EQ. + assert (TRG: target_reg_ok s map (mutated_expr a) a r). + inversion RRG. apply target_reg_other; auto. + generalize (H0 _ _ _ _ _ _ _ _ MWF EQ ME (incl_refl _) TRG). + intros [rs1 [EX1 [ME1 [RES1 OTHER1]]]]. + simpl in OUT. subst nd. exists rs1. tauto. + + monadSimpl. +Qed. + +Lemma transl_stmtlist_Snil_correct: + forall (sp: val) (e : env) (m : mem), + transl_stmtlist_correct sp e m Snil e m Out_normal. +Proof. + intros; red; intros. simpl in TE. monadInv TE. + subst s'; subst ns. + simpl in OUT. subst ncont. + exists rs. simpl. intuition. apply exec_refl. +Qed. + +Lemma transl_stmtlist_Scons_continue_correct: + forall (sp: val) (e : env) (m : mem) (s : stmt) + (sl : stmtlist) (e1 : env) (m1 : mem) (e2 : env) + (m2 : mem) (out : outcome), + exec_stmt ge sp e m s e1 m1 Out_normal -> + transl_stmt_correct sp e m s e1 m1 Out_normal -> + exec_stmtlist ge sp e1 m1 sl e2 m2 out -> + transl_stmtlist_correct sp e1 m1 sl e2 m2 out -> + transl_stmtlist_correct sp e m (Scons s sl) e2 m2 out. +Proof. + intros; red; intros. simpl in TE; monadInv TE. intro EQ0. + assert (MWF1: map_wf map s1). eauto with rtlg. + assert (OUTs: outcome_node Out_normal n nexits nret n). + simpl. auto. + assert (RRG1: return_reg_ok s1 map rret). eauto with rtlg. + generalize (H0 _ _ _ _ _ _ _ _ _ _ MWF1 EQ0 ME OUTs RRG1). + intros [rs1 [EX1 [ME1 MR1]]]. + generalize (H2 _ _ _ _ _ _ _ _ _ _ MWF EQ ME1 OUT RRG). + intros [rs2 [EX2 [ME2 MR2]]]. + exists rs2. +(* Exec *) + split. eapply exec_trans. eexact EX1. + apply exec_instrs_incr with s1. eauto with rtlg. + exact EX2. +(* Match-env + return *) + tauto. +Qed. + +Lemma transl_stmtlist_Scons_stop_correct: + forall (sp: val) (e : env) (m : mem) (s : stmt) + (sl : stmtlist) (e1 : env) (m1 : mem) (out : outcome), + exec_stmt ge sp e m s e1 m1 out -> + transl_stmt_correct sp e m s e1 m1 out -> + out <> Out_normal -> + transl_stmtlist_correct sp e m (Scons s sl) e1 m1 out. +Proof. + intros; red; intros. + simpl in TE; monadInv TE. intro EQ0; clear TE. + assert (MWF1: map_wf map s1). eauto with rtlg. + assert (OUTs: outcome_node out n nexits nret nd). + destruct out; simpl; auto. tauto. + assert (RRG1: return_reg_ok s1 map rret). eauto with rtlg. + exact (H0 _ _ _ _ _ _ _ _ _ _ MWF1 EQ0 ME OUTs RRG1). +Qed. + +(** The correctness of the translation then follows by application + of the mutual induction principle for Cminor evaluation derivations + to the lemmas above. *) + +Scheme eval_expr_ind_6 := Minimality for eval_expr Sort Prop + with eval_condexpr_ind_6 := Minimality for eval_condexpr Sort Prop + with eval_exprlist_ind_6 := Minimality for eval_exprlist Sort Prop + with eval_funcall_ind_6 := Minimality for eval_funcall Sort Prop + with exec_stmt_ind_6 := Minimality for exec_stmt Sort Prop + with exec_stmtlist_ind_6 := Minimality for exec_stmtlist Sort Prop. + +Theorem transl_function_correctness: + forall m f vargs m' vres, + eval_funcall ge m f vargs m' vres -> + transl_function_correct m f vargs m' vres. +Proof + (eval_funcall_ind_6 ge + transl_expr_correct + transl_condition_correct + transl_exprlist_correct + transl_function_correct + transl_stmt_correct + transl_stmtlist_correct + + transl_expr_Evar_correct + transl_expr_Eassign_correct + transl_expr_Eop_correct + transl_expr_Eload_correct + transl_expr_Estore_correct + transl_expr_Ecall_correct + transl_expr_Econdition_correct + transl_expr_Elet_correct + transl_expr_Eletvar_correct + transl_condition_CEtrue_correct + transl_condition_CEfalse_correct + transl_condition_CEcond_correct + transl_condition_CEcondition_correct + transl_exprlist_Enil_correct + transl_exprlist_Econs_correct + transl_funcall_correct + transl_stmt_Sexpr_correct + transl_stmt_Sifthenelse_correct + transl_stmt_Sloop_loop_correct + transl_stmt_Sloop_stop_correct + transl_stmt_Sblock_correct + transl_stmt_Sexit_correct + transl_stmt_Sreturn_none_correct + transl_stmt_Sreturn_some_correct + transl_stmtlist_Snil_correct + transl_stmtlist_Scons_continue_correct + transl_stmtlist_Scons_stop_correct). + +Theorem transl_program_correct: + forall (r: val), + Cminor.exec_program prog r -> + RTL.exec_program tprog r. +Proof. + intros r [b [f [m [SYMB [FUNC [SIG EVAL]]]]]]. + generalize (function_ptr_translated _ _ FUNC). + intros [tf [TFIND TRANSLF]]. + red; exists b; exists tf; exists m. + split. rewrite symbols_preserved. + replace (prog_main tprog) with (prog_main prog). + assumption. + symmetry; apply transform_partial_program_main with transl_function. + exact TRANSL. + split. exact TFIND. + split. generalize TRANSLF. unfold transl_function. + destruct (transl_fun f init_state). + intro; discriminate. destruct p; intro EQ; injection EQ; intro EQ1. + rewrite <- EQ1. simpl. congruence. + rewrite (Genv.init_mem_transf_partial transl_function prog TRANSL). + exact (transl_function_correctness _ _ _ _ _ EVAL _ TRANSLF). +Qed. + +End CORRECTNESS. diff --git a/backend/RTLgenproof1.v b/backend/RTLgenproof1.v new file mode 100644 index 00000000..4a8ad43f --- /dev/null +++ b/backend/RTLgenproof1.v @@ -0,0 +1,1463 @@ +(** Correctness proof for RTL generation: auxiliary results. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Registers. +Require Import Cminor. +Require Import RTL. +Require Import RTLgen. + +(** * Reasoning about monadic computations *) + +(** The tactics below simplify hypotheses of the form [f ... = OK x s] + where [f] is a monadic computation. For instance, the hypothesis + [(do x <- a; b) s = OK y s'] will generate the additional witnesses + [x], [s1] and the additional hypotheses + [a s = OK x s1] and [b x s1 = OK y s'], reflecting the fact that + both monadic computations [a] and [b] succeeded. +*) + +Ltac monadSimpl1 := + match goal with + | [ |- (bind ?F ?G ?S = OK ?X ?S') -> _ ] => + unfold bind at 1; + generalize (refl_equal (F S)); + pattern (F S) at -1 in |- *; + case (F S); + [ intro; intro; discriminate + | (let s := fresh "s" in + (let EQ := fresh "EQ" in + (intro; intros s EQ; + try monadSimpl1))) ] + | [ |- (bind2 ?F ?G ?S = OK ?X ?S') -> _ ] => + unfold bind2 at 1; unfold bind at 1; + generalize (refl_equal (F S)); + pattern (F S) at -1 in |- *; + case (F S); + [ intro; intro; discriminate + | let xy := fresh "xy" in + (let x := fresh "x" in + (let y := fresh "y" in + (let s := fresh "s" in + (let EQ := fresh "EQ" in + (intros xy s EQ; destruct xy as [x y]; simpl; + try monadSimpl1))))) ] + | [ |- (error _ _ = OK _ _) -> _ ] => + unfold error; monadSimpl1 + | [ |- (ret _ _ = OK _ _) -> _ ] => + unfold ret; monadSimpl1 + | [ |- (Error _ = OK _ _) -> _ ] => + intro; discriminate + | [ |- (OK _ _ = OK _ _) -> _ ] => + let h := fresh "H" in + (intro h; injection h; intro; intro; clear h) + end. + +Ltac monadSimpl := + match goal with + | [ |- (bind ?F ?G ?S = OK ?X ?S') -> _ ] => monadSimpl1 + | [ |- (bind2 ?F ?G ?S = OK ?X ?S') -> _ ] => monadSimpl1 + | [ |- (error _ _ = OK _ _) -> _ ] => monadSimpl1 + | [ |- (ret _ _ = OK _ _) -> _ ] => monadSimpl1 + | [ |- (Error _ = OK _ _) -> _ ] => monadSimpl1 + | [ |- (OK _ _ = OK _ _) -> _ ] => monadSimpl1 + | [ |- (?F _ _ _ _ _ _ _ = OK _ _) -> _ ] => unfold F; monadSimpl1 + | [ |- (?F _ _ _ _ _ _ = OK _ _) -> _ ] => unfold F; monadSimpl1 + | [ |- (?F _ _ _ _ _ = OK _ _) -> _ ] => unfold F; monadSimpl1 + | [ |- (?F _ _ _ _ = OK _ _) -> _ ] => unfold F; monadSimpl1 + | [ |- (?F _ _ _ = OK _ _) -> _ ] => unfold F; monadSimpl1 + | [ |- (?F _ _ = OK _ _) -> _ ] => unfold F; monadSimpl1 + | [ |- (?F _ = OK _ _) -> _ ] => unfold F; monadSimpl1 + end. + +Ltac monadInv H := + generalize H; monadSimpl. + +(** * Monotonicity properties of the state *) + +(** Operations over the global state satisfy a crucial monotonicity property: + nodes are only added to the CFG, but never removed nor their instructions + changed; similarly, fresh nodes and fresh registers are only consumed, + but never reused. This property is captured by the following predicate + over states, which we show is a partial order. *) + +Inductive state_incr: state -> state -> Prop := + state_incr_intro: + forall (s1 s2: state), + Ple s1.(st_nextnode) s2.(st_nextnode) -> + Ple s1.(st_nextreg) s2.(st_nextreg) -> + (forall pc, Plt pc s1.(st_nextnode) -> s2.(st_code)!pc = s1.(st_code)!pc) -> + state_incr s1 s2. + +Lemma instr_at_incr: + forall s1 s2 n i, + s1.(st_code)!n = i -> i <> None -> state_incr s1 s2 -> + s2.(st_code)!n = i. +Proof. + intros. inversion H1. + rewrite <- H. apply H4. elim (st_wf s1 n); intro. + assumption. elim H0. congruence. +Qed. + +Lemma state_incr_refl: + forall s, state_incr s s. +Proof. + intros. apply state_incr_intro. + apply Ple_refl. apply Ple_refl. intros; auto. +Qed. +Hint Resolve state_incr_refl: rtlg. + +Lemma state_incr_trans: + forall s1 s2 s3, state_incr s1 s2 -> state_incr s2 s3 -> state_incr s1 s3. +Proof. + intros. inversion H. inversion H0. apply state_incr_intro. + apply Ple_trans with (st_nextnode s2); assumption. + apply Ple_trans with (st_nextreg s2); assumption. + intros. transitivity (s2.(st_code)!pc). + apply H8. apply Plt_Ple_trans with s1.(st_nextnode); auto. + apply H3; auto. +Qed. +Hint Resolve state_incr_trans: rtlg. + +Lemma state_incr_trans2: + forall s1 s2 s3 s4, + state_incr s1 s2 -> state_incr s2 s3 -> state_incr s3 s4 -> + state_incr s1 s4. +Proof. + intros; eauto with rtlg. +Qed. + +Lemma state_incr_trans3: + forall s1 s2 s3 s4 s5, + state_incr s1 s2 -> state_incr s2 s3 -> state_incr s3 s4 -> state_incr s4 s5 -> + state_incr s1 s5. +Proof. + intros; eauto with rtlg. +Qed. + +Lemma state_incr_trans4: + forall s1 s2 s3 s4 s5 s6, + state_incr s1 s2 -> state_incr s2 s3 -> state_incr s3 s4 -> + state_incr s4 s5 -> state_incr s5 s6 -> + state_incr s1 s6. +Proof. + intros; eauto with rtlg. +Qed. + +Lemma state_incr_trans5: + forall s1 s2 s3 s4 s5 s6 s7, + state_incr s1 s2 -> state_incr s2 s3 -> state_incr s3 s4 -> + state_incr s4 s5 -> state_incr s5 s6 -> state_incr s6 s7 -> + state_incr s1 s7. +Proof. + intros; eauto 6 with rtlg. +Qed. + +Lemma state_incr_trans6: + forall s1 s2 s3 s4 s5 s6 s7 s8, + state_incr s1 s2 -> state_incr s2 s3 -> state_incr s3 s4 -> + state_incr s4 s5 -> state_incr s5 s6 -> state_incr s6 s7 -> + state_incr s7 s8 -> state_incr s1 s8. +Proof. + intros; eauto 7 with rtlg. +Qed. + +(** The following relation between two states is a weaker version of + [state_incr]. It permits changing the contents at an already reserved + graph node, but only from [None] to [Some i]. *) + +Definition state_extends (s1 s2: state): Prop := + forall pc, + s1.(st_code)!pc = None \/ s2.(st_code)!pc = s1.(st_code)!pc. + +Lemma state_incr_extends: + forall s1 s2, + state_incr s1 s2 -> state_extends s1 s2. +Proof. + unfold state_extends; intros. inversion H. + case (plt pc s1.(st_nextnode)); intro. + right; apply H2; auto. + left. elim (s1.(st_wf) pc); intro. + elim (n H5). auto. +Qed. +Hint Resolve state_incr_extends. + +(** A crucial property of states is the following: if an RTL execution + is possible (does not get stuck) in the CFG of a given state [s1] + the same execution is possible and leads to the same results in + the CFG of any state [s2] that extends [s1] in the sense of the + [state_extends] predicate. *) + +Section EXEC_INSTR_EXTENDS. + +Variable s1 s2: state. +Hypothesis EXT: state_extends s1 s2. + +Lemma exec_instr_not_halt: + forall ge c sp pc rs m pc' rs' m', + exec_instr ge c sp pc rs m pc' rs' m' -> c!pc <> None. +Proof. + induction 1; rewrite H; discriminate. +Qed. + +Lemma exec_instr_in_s2: + forall ge sp pc rs m pc' rs' m', + exec_instr ge s1.(st_code) sp pc rs m pc' rs' m' -> + s2.(st_code)!pc = s1.(st_code)!pc. +Proof. + intros. + elim (EXT pc); intro. + elim (exec_instr_not_halt _ _ _ _ _ _ _ _ _ H H0). + assumption. +Qed. + +Lemma exec_instr_extends_rec: + forall ge c sp pc rs m pc' rs' m', + exec_instr ge c sp pc rs m pc' rs' m' -> + forall c', c!pc = c'!pc -> + exec_instr ge c' sp pc rs m pc' rs' m'. +Proof. + induction 1; intros. + apply exec_Inop. congruence. + apply exec_Iop with op args. congruence. auto. + apply exec_Iload with chunk addr args a. congruence. auto. auto. + apply exec_Istore with chunk addr args src a. + congruence. auto. auto. + apply exec_Icall with sig ros args f; auto. congruence. + apply exec_Icond_true with cond args ifnot; auto. congruence. + apply exec_Icond_false with cond args ifso; auto. congruence. +Qed. + +Lemma exec_instr_extends: + forall ge sp pc rs m pc' rs' m', + exec_instr ge s1.(st_code) sp pc rs m pc' rs' m' -> + exec_instr ge s2.(st_code) sp pc rs m pc' rs' m'. +Proof. + intros. + apply exec_instr_extends_rec with (st_code s1). + assumption. + symmetry. eapply exec_instr_in_s2. eexact H. +Qed. + +Lemma exec_instrs_extends_rec: + forall ge c sp pc rs m pc' rs' m', + exec_instrs ge c sp pc rs m pc' rs' m' -> + c = s1.(st_code) -> + exec_instrs ge s2.(st_code) sp pc rs m pc' rs' m'. +Proof. + induction 1; intros. + apply exec_refl. + apply exec_one. apply exec_instr_extends; auto. rewrite <- H0; auto. + apply exec_trans with pc2 rs2 m2; auto. +Qed. + +Lemma exec_instrs_extends: + forall ge sp pc rs m pc' rs' m', + exec_instrs ge s1.(st_code) sp pc rs m pc' rs' m' -> + exec_instrs ge s2.(st_code) sp pc rs m pc' rs' m'. +Proof. + intros. + apply exec_instrs_extends_rec with (st_code s1); auto. +Qed. + +End EXEC_INSTR_EXTENDS. + +(** Since [state_incr s1 s2] implies [state_extends s1 s2], we also have + that any RTL execution possible in the CFG of [s1] is also possible + in the CFG of [s2], provided that [state_incr s1 s2]. + In particular, any RTL execution that is possible in a partially + constructed CFG remains possible in the final CFG obtained at + the end of the translation of the current function. *) + +Section EXEC_INSTR_INCR. + +Variable s1 s2: state. +Hypothesis INCR: state_incr s1 s2. + +Lemma exec_instr_incr: + forall ge sp pc rs m pc' rs' m', + exec_instr ge s1.(st_code) sp pc rs m pc' rs' m' -> + exec_instr ge s2.(st_code) sp pc rs m pc' rs' m'. +Proof. + intros. + apply exec_instr_extends with s1. + apply state_incr_extends; auto. + auto. +Qed. + +Lemma exec_instrs_incr: + forall ge sp pc rs m pc' rs' m', + exec_instrs ge s1.(st_code) sp pc rs m pc' rs' m' -> + exec_instrs ge s2.(st_code) sp pc rs m pc' rs' m'. +Proof. + intros. + apply exec_instrs_extends with s1. + apply state_incr_extends; auto. + auto. +Qed. + +End EXEC_INSTR_INCR. + +(** * Validity and freshness of registers *) + +(** An RTL pseudo-register is valid in a given state if it was created + earlier, that is, it is less than the next fresh register of the state. + Otherwise, the pseudo-register is said to be fresh. *) + +Definition reg_valid (r: reg) (s: state) : Prop := + Plt r s.(st_nextreg). + +Definition reg_fresh (r: reg) (s: state) : Prop := + ~(Plt r s.(st_nextreg)). + +Lemma valid_fresh_absurd: + forall r s, reg_valid r s -> reg_fresh r s -> False. +Proof. + intros r s. unfold reg_valid, reg_fresh; case r; tauto. +Qed. +Hint Resolve valid_fresh_absurd: rtlg. + +Lemma valid_fresh_different: + forall r1 r2 s, reg_valid r1 s -> reg_fresh r2 s -> r1 <> r2. +Proof. + unfold not; intros. subst r2. eauto with rtlg. +Qed. +Hint Resolve valid_fresh_different: rtlg. + +Lemma reg_valid_incr: + forall r s1 s2, state_incr s1 s2 -> reg_valid r s1 -> reg_valid r s2. +Proof. + intros r s1 s2 INCR. + inversion INCR. + unfold reg_valid. intros; apply Plt_Ple_trans with (st_nextreg s1); auto. +Qed. +Hint Resolve reg_valid_incr: rtlg. + +Lemma reg_fresh_decr: + forall r s1 s2, state_incr s1 s2 -> reg_fresh r s2 -> reg_fresh r s1. +Proof. + intros r s1 s2 INCR. inversion INCR. + unfold reg_fresh; unfold not; intros. + apply H4. apply Plt_Ple_trans with (st_nextreg s1); auto. +Qed. +Hint Resolve reg_fresh_decr: rtlg. + +(** * Well-formedness of compilation environments *) + +(** A compilation environment (mapping) is well-formed in a given state if + the following properties hold: +- The registers associated with Cminor local variables and let-bound variables + are valid in the state. +- Two distinct Cminor local variables are mapped to distinct pseudo-registers. +- A Cminor local variable and a let-bound variable are mapped to + distinct pseudo-registers. +*) + +Record map_wf (m: mapping) (s: state) : Prop := + mk_map_wf { + map_wf_var_valid: + (forall id r, m.(map_vars)!id = Some r -> reg_valid r s); + map_wf_letvar_valid: + (forall r, In r m.(map_letvars) -> reg_valid r s); + map_wf_inj: + (forall id1 id2 r, + m.(map_vars)!id1 = Some r -> m.(map_vars)!id2 = Some r -> id1 = id2); + map_wf_disj: + (forall id r, + m.(map_vars)!id = Some r -> In r m.(map_letvars) -> False) + }. +Hint Resolve map_wf_var_valid + map_wf_letvar_valid + map_wf_inj map_wf_disj: rtlg. + +Lemma map_wf_incr: + forall s1 s2 m, + state_incr s1 s2 -> map_wf m s1 -> map_wf m s2. +Proof. + intros. apply mk_map_wf; intros; eauto with rtlg. +Qed. +Hint Resolve map_wf_incr: rtlg. + +(** A register is ``in'' a mapping if it is associated with a Cminor + local or let-bound variable. *) + +Definition reg_in_map (m: mapping) (r: reg) : Prop := + (exists id, m.(map_vars)!id = Some r) \/ In r m.(map_letvars). + +Lemma reg_in_map_valid: + forall m s r, + map_wf m s -> reg_in_map m r -> reg_valid r s. +Proof. + intros. elim H0. + intros [id EQ]. eauto with rtlg. + intro IN. eauto with rtlg. +Qed. +Hint Resolve reg_in_map_valid: rtlg. + +(** A register is mutated if it is associated with a Cminor local variable + that belongs to the given set of mutated variables. *) + +Definition mutated_reg (map: mapping) (mut: list ident) (r: reg) : Prop := + exists id, In id mut /\ map.(map_vars)!id = Some r. + +Lemma mutated_reg_in_map: + forall map mut r, mutated_reg map mut r -> reg_in_map map r. +Proof. + intros. elim H. intros id [IN EQ]. + left. exists id; auto. +Qed. +Hint Resolve mutated_reg_in_map: rtlg. + +(** * Properties of basic operations over the state *) + +(** Properties of [add_instr]. *) + +Lemma add_instr_incr: + forall s1 s2 i n, + add_instr i s1 = OK n s2 -> state_incr s1 s2. +Proof. + intros until n; monadSimpl. + subst s2; apply state_incr_intro; simpl. + apply Ple_succ. + apply Ple_refl. + intros. apply PTree.gso; apply Plt_ne; auto. +Qed. +Hint Resolve add_instr_incr: rtlg. + +Lemma add_instr_at: + forall s1 s2 i n, + add_instr i s1 = OK n s2 -> s2.(st_code)!n = Some i. +Proof. + intros until n; monadSimpl. + subst n; subst s2; simpl. apply PTree.gss. +Qed. +Hint Resolve add_instr_at. + +(** Properties of [reserve_instr] and [update_instr]. *) + +Lemma reserve_instr_incr: + forall s1 s2 n, + reserve_instr s1 = OK n s2 -> state_incr s1 s2. +Proof. + intros until n; monadSimpl. subst s2. + apply state_incr_intro; simpl. + apply Ple_succ. + apply Ple_refl. + auto. +Qed. + +Lemma update_instr_incr: + forall s1 s2 s3 s4 i n t, + reserve_instr s1 = OK n s2 -> + state_incr s2 s3 -> + update_instr n i s3 = OK t s4 -> + state_incr s1 s4. +Proof. + intros. + monadInv H. + generalize H1; unfold update_instr. + case (plt n (st_nextnode s3)); intro. + monadSimpl. inversion H0. + subst s4; apply state_incr_intro; simpl. + apply Plt_Ple. apply Plt_Ple_trans with (st_nextnode s2). + subst s2; simpl; apply Plt_succ. assumption. + rewrite <- H3 in H7; simpl in H7. assumption. + intros. rewrite PTree.gso. + rewrite <- H3 in H8; simpl in H8. apply H8. + apply Plt_trans_succ; assumption. + subst n; apply Plt_ne; assumption. + intros; discriminate. +Qed. + +Lemma update_instr_extends: + forall s1 s2 s3 s4 i n t, + reserve_instr s1 = OK n s2 -> + state_incr s2 s3 -> + update_instr n i s3 = OK t s4 -> + state_extends s3 s4. +Proof. + intros. + monadInv H. + red; intros. + case (peq pc n); intro. + subst pc. left. inversion H0. rewrite H6. + rewrite <- H3; simpl. + elim (s1.(st_wf) n); intro. + rewrite <- H4 in H9. elim (Plt_strict _ H9). + auto. + rewrite <- H4. rewrite <- H3; simpl. apply Plt_succ. + generalize H1; unfold update_instr. + case (plt n s3.(st_nextnode)); intro; monadSimpl. + right; rewrite <- H5; simpl. apply PTree.gso; auto. +Qed. + +(** Properties of [new_reg]. *) + +Lemma new_reg_incr: + forall s1 s2 r, new_reg s1 = OK r s2 -> state_incr s1 s2. +Proof. + intros until r. monadSimpl. + subst s2; apply state_incr_intro; simpl. + apply Ple_refl. apply Ple_succ. auto. +Qed. +Hint Resolve new_reg_incr: rtlg. + +Lemma new_reg_valid: + forall s1 s2 r, + new_reg s1 = OK r s2 -> reg_valid r s2. +Proof. + intros until r. monadSimpl. subst s2; subst r. + unfold reg_valid; unfold reg_valid; simpl. + apply Plt_succ. +Qed. +Hint Resolve new_reg_valid: rtlg. + +Lemma new_reg_fresh: + forall s1 s2 r, + new_reg s1 = OK r s2 -> reg_fresh r s1. +Proof. + intros until r. monadSimpl. subst s2; subst r. + unfold reg_fresh; simpl. + exact (Plt_strict _). +Qed. +Hint Resolve new_reg_fresh: rtlg. + +Lemma new_reg_not_in_map: + forall s1 s2 m r, + new_reg s1 = OK r s2 -> map_wf m s1 -> ~(reg_in_map m r). +Proof. + unfold not; intros; eauto with rtlg. +Qed. +Hint Resolve new_reg_not_in_map: rtlg. + +Lemma new_reg_not_mutated: + forall s1 s2 m mut r, + new_reg s1 = OK r s2 -> map_wf m s1 -> ~(mutated_reg m mut r). +Proof. + unfold not; intros. + generalize (mutated_reg_in_map _ _ _ H1); intro. + exact (new_reg_not_in_map _ _ _ _ H H0 H2). +Qed. +Hint Resolve new_reg_not_mutated: rtlg. + +(** * Properties of operations over compilation environments *) + +Lemma init_mapping_wf: + forall s, map_wf init_mapping s. +Proof. + intro. unfold init_mapping; apply mk_map_wf; simpl; intros. + rewrite PTree.gempty in H; discriminate. + contradiction. + rewrite PTree.gempty in H; discriminate. + tauto. +Qed. + +(** Properties of [find_var]. *) + +Lemma find_var_incr: + forall s1 s2 map name r, + find_var map name s1 = OK r s2 -> state_incr s1 s2. +Proof. + intros until r. unfold find_var. + case (map_vars map)!name. + intro; monadSimpl. subst s2; auto with rtlg. + monadSimpl. +Qed. +Hint Resolve find_var_incr: rtlg. + +Lemma find_var_in_map: + forall s1 s2 map name r, + find_var map name s1 = OK r s2 -> map_wf map s1 -> reg_in_map map r. +Proof. + intros until r. unfold find_var; caseEq (map.(map_vars)!name). + intros r0 eq. monadSimpl; intros. subst r0. + left. exists name; auto. + intro; monadSimpl. +Qed. +Hint Resolve find_var_in_map: rtlg. + +Lemma find_var_valid: + forall s1 s2 map name r, + find_var map name s1 = OK r s2 -> map_wf map s1 -> reg_valid r s1. +Proof. + eauto with rtlg. +Qed. +Hint Resolve find_var_valid: rtlg. + +Lemma find_var_not_mutated: + forall s1 s2 map name r mut, + find_var map name s1 = OK r s2 -> + map_wf map s1 -> + ~(In name mut) -> + ~(mutated_reg map mut r). +Proof. + intros until mut. unfold find_var; caseEq (map.(map_vars)!name). + intros r0 EQ. monadSimpl; intros; subst r0. + red; unfold mutated_reg; intros [id [IN EQ2]]. + assert (name = id). eauto with rtlg. + subst id. contradiction. + intro; monadSimpl. +Qed. +Hint Resolve find_var_not_mutated: rtlg. + +(** Properties of [find_letvar]. *) + +Lemma find_letvar_incr: + forall s1 s2 map idx r, + find_letvar map idx s1 = OK r s2 -> state_incr s1 s2. +Proof. + intros until r. unfold find_letvar. + case (nth_error (map_letvars map) idx). + intro; monadSimpl. subst s2; auto with rtlg. + monadSimpl. +Qed. +Hint Resolve find_letvar_incr: rtlg. + +Lemma find_letvar_in_map: + forall s1 s2 map idx r, + find_letvar map idx s1 = OK r s2 -> map_wf map s1 -> reg_in_map map r. +Proof. + intros until r. unfold find_letvar. + caseEq (nth_error (map_letvars map) idx). + intros r0 EQ; monadSimpl. intros. right. + subst r0; apply nth_error_in with idx; auto. + intro; monadSimpl. +Qed. +Hint Resolve find_letvar_in_map: rtlg. + +Lemma find_letvar_valid: + forall s1 s2 map idx r, + find_letvar map idx s1 = OK r s2 -> map_wf map s1 -> reg_valid r s1. +Proof. + eauto with rtlg. +Qed. +Hint Resolve find_letvar_valid: rtlg. + +Lemma find_letvar_not_mutated: + forall s1 s2 map idx mut r, + find_letvar map idx s1 = OK r s2 -> + map_wf map s1 -> + ~(mutated_reg map mut r). +Proof. + intros until r. unfold find_letvar. + caseEq (nth_error (map_letvars map) idx). + intros r' NTH. monadSimpl. unfold not; unfold mutated_reg. + intros MWF (id, (IN, MV)). subst r'. eauto with rtlg coqlib. + intro; monadSimpl. +Qed. +Hint Resolve find_letvar_not_mutated: rtlg. + +(** Properties of [add_var]. *) + +Lemma add_var_valid: + forall s1 s2 map1 map2 name r, + add_var map1 name s1 = OK (r, map2) s2 -> reg_valid r s2. +Proof. + intros until r. monadSimpl. intro. subst r0; subst s. + eauto with rtlg. +Qed. + +Lemma add_var_incr: + forall s1 s2 map name rm, + add_var map name s1 = OK rm s2 -> state_incr s1 s2. +Proof. + intros until rm; monadSimpl. subst s2. eauto with rtlg. +Qed. +Hint Resolve add_var_incr: rtlg. + +Lemma add_var_wf: + forall s1 s2 map name r map', + add_var map name s1 = OK (r,map') s2 -> map_wf map s1 -> map_wf map' s2. +Proof. + intros until map'; monadSimpl; intros. + subst r0; subst s; subst map'; apply mk_map_wf; simpl. + + intros id r'. rewrite PTree.gsspec. + case (peq id name); intros. + injection H; intros; subst r'. eauto with rtlg. + eauto with rtlg. + eauto with rtlg. + + intros id1 id2 r'. + repeat (rewrite PTree.gsspec). + case (peq id1 name); case (peq id2 name); intros. + congruence. + rewrite <- H in H0. byContradiction; eauto with rtlg. + rewrite <- H0 in H. byContradiction; eauto with rtlg. + eauto with rtlg. + + intros id r'. case (peq id name); intro. + subst id. rewrite PTree.gss. intro E; injection E; intro; subst r'. + intro; eauto with rtlg. + + rewrite PTree.gso; auto. eauto with rtlg. +Qed. +Hint Resolve add_var_wf: rtlg. + +Lemma add_var_find: + forall s1 s2 map name r map', + add_var map name s1 = OK (r,map') s2 -> map'.(map_vars)!name = Some r. +Proof. + intros until map'. + monadSimpl. + intro; subst r0. + subst map'; simpl in |- *. + apply PTree.gss. +Qed. + +Lemma add_vars_incr: + forall names s1 s2 map r, + add_vars map names s1 = OK r s2 -> state_incr s1 s2. +Proof. + induction names; simpl. + intros until r; monadSimpl; intros. subst s2; eauto with rtlg. + intros until r; monadSimpl; intros. + subst s0; eauto with rtlg. +Qed. + +Lemma add_vars_valid: + forall namel s1 s2 map1 map2 rl, + add_vars map1 namel s1 = OK (rl, map2) s2 -> + forall r, In r rl -> reg_valid r s2. +Proof. + induction namel; simpl; intros. + monadInv H. intro. subst rl. elim H0. + monadInv H. intro EQ1. subst rl; subst s0; subst y0. elim H0. + intro; subst r. eapply add_var_valid. eexact EQ0. + intro. apply reg_valid_incr with s. eauto with rtlg. + eauto. +Qed. + +Lemma add_vars_wf: + forall names s1 s2 map map' rl, + add_vars map names s1 = OK (rl,map') s2 -> + map_wf map s1 -> map_wf map' s2. +Proof. + induction names; simpl. + intros until rl; monadSimpl; intros. + subst s2; subst map'; assumption. + intros until rl; monadSimpl; intros. subst y0; subst s0. + eapply add_var_wf. eexact EQ0. + eapply IHnames. eexact EQ. auto. +Qed. +Hint Resolve add_vars_wf: rtlg. + +Lemma add_var_letenv: + forall map1 i s1 r map2 s2, + add_var map1 i s1 = OK (r, map2) s2 -> + map2.(map_letvars) = map1.(map_letvars). +Proof. + intros until s2. monadSimpl. intro. subst map2; reflexivity. +Qed. + +(** Properties of [add_letvar]. *) + +Lemma add_letvar_wf: + forall map s r, + map_wf map s -> + reg_valid r s -> + ~(reg_in_map map r) -> + map_wf (add_letvar map r) s. +Proof. + intros. unfold add_letvar; apply mk_map_wf; simpl. + exact (map_wf_var_valid map s H). + intros r' [EQ| IN]. + subst r'; assumption. + eapply map_wf_letvar_valid; eauto. + exact (map_wf_inj map s H). + intros. elim H3; intro. + subst r0. apply H1. left. exists id; auto. + eapply map_wf_disj; eauto. +Qed. + +(** * Properties of [alloc_reg] and [alloc_regs] *) + +Lemma alloc_reg_incr: + forall a s1 s2 map mut r, + alloc_reg map mut a s1 = OK r s2 -> state_incr s1 s2. +Proof. + intros until r. unfold alloc_reg. + case a; eauto with rtlg. + intro i; case (In_dec ident_eq i mut); eauto with rtlg. +Qed. +Hint Resolve alloc_reg_incr: rtlg. + +Lemma alloc_reg_valid: + forall a s1 s2 map mut r, + map_wf map s1 -> + alloc_reg map mut a s1 = OK r s2 -> reg_valid r s2. +Proof. + intros until r. unfold alloc_reg. + case a; eauto with rtlg. + intro i; case (In_dec ident_eq i mut); eauto with rtlg. +Qed. +Hint Resolve alloc_reg_valid: rtlg. + +Lemma alloc_reg_fresh_or_in_map: + forall map mut a s r s', + map_wf map s -> + alloc_reg map mut a s = OK r s' -> + reg_in_map map r \/ reg_fresh r s. +Proof. + intros until s'. unfold alloc_reg. + destruct a; try (right; eauto with rtlg; fail). + case (In_dec ident_eq i mut); intros. + right; eauto with rtlg. + left; eauto with rtlg. + intros; left; eauto with rtlg. +Qed. + +Lemma add_vars_letenv: + forall il map1 s1 rl map2 s2, + add_vars map1 il s1 = OK (rl, map2) s2 -> + map2.(map_letvars) = map1.(map_letvars). +Proof. + induction il; simpl; intros. + monadInv H. intro. subst map2; reflexivity. + monadInv H. intro EQ1. transitivity (map_letvars y). + subst y0. eapply add_var_letenv; eauto. + eauto. +Qed. + +(** A register is an adequate target for holding the value of an + expression if +- either the register is associated with a Cminor let-bound variable + or a Cminor local variable that is not modified; +- or the register is valid and not associated with any Cminor variable. *) + +Inductive target_reg_ok: state -> mapping -> list ident -> expr -> reg -> Prop := + | target_reg_immut_var: + forall s map mut id r, + ~(In id mut) -> map.(map_vars)!id = Some r -> + target_reg_ok s map mut (Evar id) r + | target_reg_letvar: + forall s map mut idx r, + nth_error map.(map_letvars) idx = Some r -> + target_reg_ok s map mut (Eletvar idx) r + | target_reg_other: + forall s map mut a r, + ~(reg_in_map map r) -> + reg_valid r s -> + target_reg_ok s map mut a r. + +Lemma target_reg_ok_incr: + forall s1 s2 map mut e r, + state_incr s1 s2 -> + target_reg_ok s1 map mut e r -> + target_reg_ok s2 map mut e r. +Proof. + intros. inversion H0. + apply target_reg_immut_var; auto. + apply target_reg_letvar; auto. + apply target_reg_other; eauto with rtlg. +Qed. +Hint Resolve target_reg_ok_incr: rtlg. + +Lemma target_reg_valid: + forall s map mut e r, + map_wf map s -> + target_reg_ok s map mut e r -> + reg_valid r s. +Proof. + intros. inversion H0; eauto with rtlg coqlib. +Qed. +Hint Resolve target_reg_valid: rtlg. + +Lemma target_reg_not_mutated: + forall s map mut e r, + map_wf map s -> + target_reg_ok s map mut e r -> + ~(mutated_reg map mut r). +Proof. + unfold not; unfold mutated_reg; intros until r. + intros MWF TRG [id [IN MV]]. + inversion TRG. + assert (id = id0); eauto with rtlg. subst id0. contradiction. + assert (In r (map_letvars map)). eauto with coqlib. eauto with rtlg. + apply H. red. left; exists id; assumption. +Qed. +Hint Resolve target_reg_not_mutated: rtlg. + +Lemma alloc_reg_target_ok: + forall a s1 s2 map mut r, + map_wf map s1 -> + alloc_reg map mut a s1 = OK r s2 -> + target_reg_ok s2 map mut a r. +Proof. + intros until r; intro MWF. unfold alloc_reg. + case a; intros; try (eapply target_reg_other; eauto with rtlg; fail). + generalize H; case (In_dec ident_eq i mut); intros. + apply target_reg_other; eauto with rtlg. + apply target_reg_immut_var; auto. + generalize H0; unfold find_var. + case (map_vars map)!i. + intro. monadSimpl. congruence. + monadSimpl. + apply target_reg_letvar. + generalize H. unfold find_letvar. + case (nth_error (map_letvars map) n). + intro; monadSimpl; congruence. + monadSimpl. +Qed. +Hint Resolve alloc_reg_target_ok: rtlg. + +Lemma alloc_regs_incr: + forall al s1 s2 map mut rl, + alloc_regs map mut al s1 = OK rl s2 -> state_incr s1 s2. +Proof. + induction al; simpl; intros. + monadInv H. subst s2. eauto with rtlg. + monadInv H. subst s2. eauto with rtlg. +Qed. +Hint Resolve alloc_regs_incr: rtlg. + +Lemma alloc_regs_valid: + forall al s1 s2 map mut rl, + map_wf map s1 -> + alloc_regs map mut al s1 = OK rl s2 -> + forall r, In r rl -> reg_valid r s2. +Proof. + induction al; simpl; intros. + monadInv H0. subst rl. elim H1. + monadInv H0. subst rl; subst s0. + elim H1; intro. + subst r0. eauto with rtlg. + eauto with rtlg. +Qed. +Hint Resolve alloc_regs_valid: rtlg. + +Lemma alloc_regs_fresh_or_in_map: + forall map mut al s rl s', + map_wf map s -> + alloc_regs map mut al s = OK rl s' -> + forall r, In r rl -> reg_in_map map r \/ reg_fresh r s. +Proof. + induction al; simpl; intros. + monadInv H0. subst rl. elim H1. + monadInv H0. subst rl. elim (in_inv H1); intro. + subst r. + assert (MWF: map_wf map s0). eauto with rtlg. + elim (alloc_reg_fresh_or_in_map map mut e s0 r0 s1 MWF EQ0); intro. + left; assumption. right; eauto with rtlg. + eauto with rtlg. +Qed. + +Inductive target_regs_ok: state -> mapping -> list ident -> exprlist -> list reg -> Prop := + | target_regs_nil: + forall s map mut, + target_regs_ok s map mut Enil nil + | target_regs_cons: + forall s map mut a r al rl, + reg_in_map map r \/ ~(In r rl) -> + target_reg_ok s map mut a r -> + target_regs_ok s map mut al rl -> + target_regs_ok s map mut (Econs a al) (r :: rl). + +Lemma target_regs_ok_incr: + forall s1 map mut al rl, + target_regs_ok s1 map mut al rl -> + forall s2, + state_incr s1 s2 -> + target_regs_ok s2 map mut al rl. +Proof. + induction 1; intros. + apply target_regs_nil. + apply target_regs_cons; eauto with rtlg. +Qed. +Hint Resolve target_regs_ok_incr: rtlg. + +Lemma target_regs_valid: + forall s map mut al rl, + target_regs_ok s map mut al rl -> + map_wf map s -> + forall r, In r rl -> reg_valid r s. +Proof. + induction 1; simpl; intros. + contradiction. + elim H3; intro. + subst r0. eauto with rtlg. + auto. +Qed. +Hint Resolve target_regs_valid: rtlg. + +Lemma target_regs_not_mutated: + forall s map mut el rl, + target_regs_ok s map mut el rl -> + map_wf map s -> + forall r, In r rl -> ~(mutated_reg map mut r). +Proof. + induction 1; simpl; intros. + contradiction. + elim H3; intro. subst r0. eauto with rtlg. + auto. +Qed. +Hint Resolve target_regs_not_mutated: rtlg. + +Lemma alloc_regs_target_ok: + forall al s1 s2 map mut rl, + map_wf map s1 -> + alloc_regs map mut al s1 = OK rl s2 -> + target_regs_ok s2 map mut al rl. +Proof. + induction al; simpl; intros. + monadInv H0. subst rl; apply target_regs_nil. + monadInv H0. subst s0; subst rl. + apply target_regs_cons; eauto 6 with rtlg. + assert (MWF: map_wf map s). eauto with rtlg. + elim (alloc_reg_fresh_or_in_map map mut e s r s2 MWF EQ0); intro. + left; assumption. right; red; intro; eauto with rtlg. +Qed. +Hint Resolve alloc_regs_target_ok: rtlg. + +(** The following predicate is a variant of [target_reg_ok] used + to characterize registers that are adequate for holding the return + value of a function. *) + +Inductive return_reg_ok: state -> mapping -> option reg -> Prop := + | return_reg_ok_none: + forall s map, + return_reg_ok s map None + | return_reg_ok_some: + forall s map r, + ~(reg_in_map map r) -> reg_valid r s -> + return_reg_ok s map (Some r). + +Lemma return_reg_ok_incr: + forall s1 s2 map or, + state_incr s1 s2 -> + return_reg_ok s1 map or -> + return_reg_ok s2 map or. +Proof. + intros. inversion H0; constructor. + assumption. eauto with rtlg. +Qed. +Hint Resolve return_reg_ok_incr: rtlg. + +Lemma new_reg_return_ok: + forall s1 r s2 map sig, + new_reg s1 = OK r s2 -> + map_wf map s1 -> + return_reg_ok s2 map (ret_reg sig r). +Proof. + intros. unfold ret_reg. destruct (sig_res sig); constructor. + eauto with rtlg. eauto with rtlg. +Qed. + +(** * Correspondence between Cminor environments and RTL register sets *) + +(** An RTL register environment matches a Cminor local environment and + let-environment if the value of every local or let-bound variable in + the Cminor environments is identical to the value of the + corresponding pseudo-register in the RTL register environment. *) + +Record match_env + (map: mapping) (e: Cminor.env) (le: Cminor.letenv) (rs: regset) : Prop := + mk_match_env { + me_vars: + (forall id v, + e!id = Some v -> exists r, map.(map_vars)!id = Some r /\ rs#r = v); + me_letvars: + rs##(map.(map_letvars)) = le + }. + +Lemma match_env_find_reg: + forall map id s1 s2 r e le rs v, + find_var map id s1 = OK r s2 -> + match_env map e le rs -> + e!id = Some v -> + rs#r = v. +Proof. + intros until v. + unfold find_var. caseEq (map.(map_vars)!id). + intros r' EQ. monadSimpl. subst r'. intros. + generalize (me_vars _ _ _ _ H _ _ H1). intros [r' [EQ' RS]]. + rewrite EQ' in EQ; injection EQ; intro; subst r'. + assumption. + intro; monadSimpl. +Qed. +Hint Resolve match_env_find_reg: rtlg. + +Lemma match_env_invariant: + forall map e le rs rs', + match_env map e le rs -> + (forall r, (reg_in_map map r) -> rs'#r = rs#r) -> + match_env map e le rs'. +Proof. + intros. apply mk_match_env. + intros id v' E. + generalize (me_vars _ _ _ _ H _ _ E). intros (r', (M, R)). + exists r'. split. auto. rewrite <- R. apply H0. + left. exists id. auto. + transitivity rs ## (map_letvars map). + apply list_map_exten. intros. + symmetry. apply H0. right. auto. + exact (me_letvars _ _ _ _ H). +Qed. + +(** Matching between environments is preserved when an unmapped register + (not corresponding to any Cminor variable) is assigned in the RTL + execution. *) + +Lemma match_env_update_temp: + forall map e le rs r v, + match_env map e le rs -> + ~(reg_in_map map r) -> + match_env map e le (rs#r <- v). +Proof. + intros. apply match_env_invariant with rs; auto. + intros. case (Reg.eq r r0); intro. + subst r0; contradiction. + apply Regmap.gso; auto. +Qed. +Hint Resolve match_env_update_temp: rtlg. + +(** Matching between environments is preserved by simultaneous + assignment to a Cminor local variable (in the Cminor environments) + and to the corresponding RTL pseudo-register (in the RTL register + environment). *) + +Lemma match_env_update_var: + forall map e le rs rs' id r v s s', + map_wf map s -> + find_var map id s = OK r s' -> + match_env map e le rs -> + rs'#r = v -> + (forall x, x <> r -> rs'#x = rs#x) -> + match_env map (PTree.set id v e) le rs'. +Proof. + intros until s'; intro MWF. + unfold find_var in |- *. caseEq (map_vars map)!id. + intros. monadInv H0. subst r0. apply mk_match_env. + intros id' v' E. case (peq id' id); intros. + subst id'. rewrite PTree.gss in E. injection E; intro; subst v'. + exists r. split. auto. auto. + rewrite PTree.gso in E; auto. + elim (me_vars _ _ _ _ H1 _ _ E). intros r' (M, R). + exists r'. split. assumption. rewrite <- R; apply H3; auto. + red in |- *; intro. subst r'. apply n. eauto with rtlg. + transitivity rs ## (map_letvars map). + apply list_map_exten. intros. symmetry. apply H3. + red in |- *; intro. subst x. eauto with rtlg. + exact (me_letvars _ _ _ _ H1). + intro; monadSimpl. +Qed. + +Lemma match_env_letvar: + forall map e le rs r v, + match_env map e le rs -> + rs#r = v -> + match_env (add_letvar map r) e (v :: le) rs. +Proof. + intros. unfold add_letvar in |- *; apply mk_match_env; simpl in |- *. + exact (me_vars _ _ _ _ H). + rewrite H0. rewrite (me_letvars _ _ _ _ H). auto. +Qed. + +Lemma match_env_exten: + forall map e le rs1 rs2, + (forall r, rs2#r = rs1#r) -> + match_env map e le rs1 -> + match_env map e le rs2. +Proof. + intros. apply mk_match_env. + intros. generalize (me_vars _ _ _ _ H0 _ _ H1). intros (r, (M1, M2)). + exists r. split. assumption. subst v. apply H. + transitivity rs1 ## (map_letvars map). + apply list_map_exten. intros. symmetry in |- *. apply H. + exact (me_letvars _ _ _ _ H0). +Qed. + +Lemma match_env_empty: + forall map, + map.(map_letvars) = nil -> + match_env map (PTree.empty val) nil (Regmap.init Vundef). +Proof. + intros. apply mk_match_env. + intros. rewrite PTree.gempty in H0. discriminate. + rewrite H. reflexivity. +Qed. + +(** The assignment of function arguments to local variables (on the Cminor + side) and pseudo-registers (on the RTL side) preserves matching + between environments. *) + +Lemma match_set_params_init_regs: + forall il rl s1 map2 s2 vl, + add_vars init_mapping il s1 = OK (rl, map2) s2 -> + match_env map2 (set_params vl il) nil (init_regs vl rl) + /\ (forall r, reg_fresh r s2 -> (init_regs vl rl)#r = Vundef). +Proof. + induction il; simpl in |- *; intros. + + monadInv H. intro; subst rl; simpl in |- *. + split. apply match_env_empty. subst map2; auto. + intros. apply Regmap.gi. + + monadInv H. intro EQ1; subst s0; subst y0; subst rl. clear H. + monadInv EQ0. intro EQ2. subst x0; subst s0. simpl. + + assert (LV : map_letvars map2 = nil). + transitivity (map_letvars y). + eapply add_var_letenv; eauto. + transitivity (map_letvars init_mapping). + eapply add_vars_letenv; eauto. + reflexivity. + + destruct vl. + (* vl = nil *) + generalize (IHil _ _ _ _ nil EQ). intros [ME UNDEF]. split. + constructor. intros id v. subst map2. simpl. + repeat rewrite PTree.gsspec; case (peq id a); intros. + exists r; split. auto. rewrite Regmap.gi. congruence. + destruct (me_vars _ _ _ _ ME id v H) as (r', (MV, IR)). + exists r'. split. auto. + replace (init_regs nil x) with (Regmap.init Vundef) in IR. auto. + destruct x; reflexivity. + rewrite LV; reflexivity. + intros. apply Regmap.gi. + (* vl = v :: vl *) + generalize (IHil _ _ _ _ vl EQ). intros [ME UNDEF]. split. + constructor. intros id v1. subst map2. simpl. + repeat rewrite PTree.gsspec; case (peq id a); intros. + exists r; split. auto. rewrite Regmap.gss. congruence. + destruct (me_vars _ _ _ _ ME id v1 H) as (r', (MV, IR)). + exists r'. split. auto. rewrite Regmap.gso. auto. + apply valid_fresh_different with s. + assert (MWF : map_wf y s). + eapply add_vars_wf; eauto. apply init_mapping_wf. + eauto with rtlg. eauto with rtlg. + rewrite LV; reflexivity. + intros. rewrite Regmap.gso. apply UNDEF. eauto with rtlg. + apply sym_not_equal. eauto with rtlg. +Qed. + +Lemma match_set_locals: + forall map1 s1, + map_wf map1 s1 -> + forall il rl map2 s2 e le rs, + match_env map1 e le rs -> + (forall r, reg_fresh r s1 -> rs#r = Vundef) -> + add_vars map1 il s1 = OK (rl, map2) s2 -> + match_env map2 (set_locals il e) le rs. +Proof. + induction il; simpl in *; intros. + + monadInv H2. intros; subst map2; auto. + + monadInv H2. intros. subst s0; subst y0. + assert (match_env y (set_locals il e) le rs). + eapply IHil; eauto. + monadInv EQ0. intro. subst s0; subst x0. rewrite <- H7. + constructor. + intros id v. simpl. repeat rewrite PTree.gsspec. + case (peq id a); intros. + exists r. split. auto. injection H5; intro; subst v. + apply H1. apply reg_fresh_decr with s. + eapply add_vars_incr; eauto. + eauto with rtlg. + eapply me_vars; eauto. + simpl. eapply me_letvars; eauto. +Qed. + +Lemma match_init_env_init_reg: + forall params s0 rparams map1 s1 vars rvars map2 s2 vparams, + add_vars init_mapping params s0 = OK (rparams, map1) s1 -> + add_vars map1 vars s1 = OK (rvars, map2) s2 -> + match_env map2 (set_locals vars (set_params vparams params)) + nil (init_regs vparams rparams). +Proof. + intros. + generalize (match_set_params_init_regs _ _ _ _ _ vparams H). + intros [A B]. + eapply match_set_locals; eauto. + eapply add_vars_wf; eauto. apply init_mapping_wf. +Qed. + +(** * Monotonicity properties of the state for the translation functions *) + +(** We show that the translation functions modify the state monotonically + (in the sense of the [state_incr] relation). *) + +Lemma add_move_incr: + forall r1 r2 nd s ns s', + add_move r1 r2 nd s = OK ns s' -> + state_incr s s'. +Proof. + intros until s'. unfold add_move. + case (Reg.eq r1 r2); intro. + monadSimpl. subst s'; auto with rtlg. + intro; eauto with rtlg. +Qed. +Hint Resolve add_move_incr: rtlg. + +Scheme expr_ind3 := Induction for expr Sort Prop + with condexpr_ind3 := Induction for condexpr Sort Prop + with exprlist_ind3 := Induction for exprlist Sort Prop. + +Lemma expr_condexpr_exprlist_ind: +forall (P : expr -> Prop) (P0 : condexpr -> Prop) + (P1 : exprlist -> Prop), + (forall i : ident, P (Evar i)) -> + (forall (i : ident) (e : expr), P e -> P (Eassign i e)) -> + (forall (o : operation) (e : exprlist), P1 e -> P (Eop o e)) -> + (forall (m : memory_chunk) (a : addressing) (e : exprlist), + P1 e -> P (Eload m a e)) -> + (forall (m : memory_chunk) (a : addressing) (e : exprlist), + P1 e -> forall e0 : expr, P e0 -> P (Estore m a e e0)) -> + (forall (s : signature) (e : expr), + P e -> forall e0 : exprlist, P1 e0 -> P (Ecall s e e0)) -> + (forall c : condexpr, + P0 c -> + forall e : expr, + P e -> forall e0 : expr, P e0 -> P (Econdition c e e0)) -> + (forall e : expr, P e -> forall e0 : expr, P e0 -> P (Elet e e0)) -> + (forall n : nat, P (Eletvar n)) -> + P0 CEtrue -> + P0 CEfalse -> + (forall (c : condition) (e : exprlist), P1 e -> P0 (CEcond c e)) -> + (forall c : condexpr, + P0 c -> + forall c0 : condexpr, + P0 c0 -> forall c1 : condexpr, P0 c1 -> P0 (CEcondition c c0 c1)) -> + P1 Enil -> + (forall e : expr, + P e -> forall e0 : exprlist, P1 e0 -> P1 (Econs e e0)) -> + (forall e : expr, P e) /\ + (forall ce : condexpr, P0 ce) /\ + (forall el : exprlist, P1 el). +Proof. + intros. split. apply (expr_ind3 P P0 P1); assumption. + split. apply (condexpr_ind3 P P0 P1); assumption. + apply (exprlist_ind3 P P0 P1); assumption. +Qed. + +Definition transl_expr_incr_pred (a: expr) : Prop := + forall map mut rd nd s ns s', + transl_expr map mut a rd nd s = OK ns s' -> state_incr s s'. +Definition transl_condition_incr_pred (c: condexpr) : Prop := + forall map mut ntrue nfalse s ns s', + transl_condition map mut c ntrue nfalse s = OK ns s' -> state_incr s s'. +Definition transl_exprlist_incr_pred (al: exprlist) : Prop := + forall map mut rl nd s ns s', + transl_exprlist map mut al rl nd s = OK ns s' -> state_incr s s'. + +Lemma transl_expr_condition_exprlist_incr: + (forall a, transl_expr_incr_pred a) /\ + (forall c, transl_condition_incr_pred c) /\ + (forall al, transl_exprlist_incr_pred al). +Proof. + apply expr_condexpr_exprlist_ind; + unfold transl_expr_incr_pred, + transl_condition_incr_pred, + transl_exprlist_incr_pred; + simpl; intros; + try (monadInv H); try (monadInv H0); + try (monadInv H1); try (monadInv H2); + eauto 6 with rtlg. + + intro EQ2. + apply state_incr_trans3 with s0 s1 s2; eauto with rtlg. + + intro EQ4. + apply state_incr_trans4 with s1 s2 s3 s4; eauto with rtlg. + + subst s'; auto with rtlg. + subst s'; auto with rtlg. + destruct rl; monadInv H. subst s'; auto with rtlg. + destruct rl; monadInv H1. eauto with rtlg. +Qed. + +Lemma transl_expr_incr: + forall a map mut rd nd s ns s', + transl_expr map mut a rd nd s = OK ns s' -> state_incr s s'. +Proof (proj1 transl_expr_condition_exprlist_incr). + +Lemma transl_condition_incr: + forall a map mut ntrue nfalse s ns s', + transl_condition map mut a ntrue nfalse s = OK ns s' -> state_incr s s'. +Proof (proj1 (proj2 transl_expr_condition_exprlist_incr)). + +Lemma transl_exprlist_incr: + forall al map mut rl nd s ns s', + transl_exprlist map mut al rl nd s = OK ns s' -> state_incr s s'. +Proof (proj2 (proj2 transl_expr_condition_exprlist_incr)). + +Hint Resolve transl_expr_incr transl_condition_incr transl_exprlist_incr: rtlg. + +Scheme stmt_ind2 := Induction for stmt Sort Prop + with stmtlist_ind2 := Induction for stmtlist Sort Prop. + +Lemma stmt_stmtlist_ind: +forall (P : stmt -> Prop) (P0 : stmtlist -> Prop), + (forall e : expr, P (Sexpr e)) -> + (forall (c : condexpr) (s : stmtlist), + P0 s -> forall s0 : stmtlist, P0 s0 -> P (Sifthenelse c s s0)) -> + (forall s : stmtlist, P0 s -> P (Sloop s)) -> + (forall s : stmtlist, P0 s -> P (Sblock s)) -> + (forall n : nat, P (Sexit n)) -> + (forall o : option expr, P (Sreturn o)) -> + P0 Snil -> + (forall s : stmt, + P s -> forall s0 : stmtlist, P0 s0 -> P0 (Scons s s0)) -> + (forall s : stmt, P s) /\ + (forall sl : stmtlist, P0 sl). +Proof. + intros. split. apply (stmt_ind2 P P0); assumption. + apply (stmtlist_ind2 P P0); assumption. +Qed. + +Definition transl_stmt_incr_pred (a: stmt) : Prop := + forall map nd nexits nret rret s ns s', + transl_stmt map a nd nexits nret rret s = OK ns s' -> + state_incr s s'. +Definition transl_stmtlist_incr_pred (al: stmtlist) : Prop := + forall map nd nexits nret rret s ns s', + transl_stmtlist map al nd nexits nret rret s = OK ns s' -> + state_incr s s'. + +Lemma transl_stmt_stmtlist_incr: + (forall a, transl_stmt_incr_pred a) /\ + (forall al, transl_stmtlist_incr_pred al). +Proof. + apply stmt_stmtlist_ind; + unfold transl_stmt_incr_pred, + transl_stmtlist_incr_pred; + simpl; intros; + try (monadInv H); try (monadInv H0); + try (monadInv H1); try (monadInv H2); + eauto 6 with rtlg. + + generalize H1. case (more_likely c s s0); monadSimpl; eauto 6 with rtlg. + + subst s'. apply update_instr_incr with s1 s2 (Inop n0) n u; + eauto with rtlg. + + generalize H; destruct (nth_error nexits n); monadSimpl. + subst s'; auto with rtlg. + + generalize H. destruct o; destruct rret; try monadSimpl. + eauto with rtlg. + subst s'; auto with rtlg. + subst s'; auto with rtlg. +Qed. + +Lemma transl_stmt_incr: + forall a map nd nexits nret rret s ns s', + transl_stmt map a nd nexits nret rret s = OK ns s' -> + state_incr s s'. +Proof (proj1 transl_stmt_stmtlist_incr). + +Lemma transl_stmtlist_incr: + forall al map nd nexits nret rret s ns s', + transl_stmtlist map al nd nexits nret rret s = OK ns s' -> + state_incr s s'. +Proof (proj2 transl_stmt_stmtlist_incr). + +Hint Resolve transl_stmt_incr transl_stmtlist_incr: rtlg. + diff --git a/backend/RTLtyping.v b/backend/RTLtyping.v new file mode 100644 index 00000000..d15dbb88 --- /dev/null +++ b/backend/RTLtyping.v @@ -0,0 +1,1277 @@ +(** Typing rules and a type inference algorithm for RTL. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Op. +Require Import Registers. +Require Import RTL. +Require Import union_find. + +(** * The type system *) + +(** Like Cminor and all intermediate languages, RTL can be equipped with + a simple type system that statically guarantees that operations + and addressing modes are applied to the right number of arguments + and that the arguments are of the correct types. The type algebra + is trivial, consisting of the two types [Tint] (for integers and pointers) + and [Tfloat] (for floats). + + Additionally, we impose that each pseudo-register has the same type + throughout the function. This requirement helps with register allocation, + enabling each pseudo-register to be mapped to a single hardware register + or stack location of the correct type. + + + The typing judgement for instructions is of the form [wt_instr f env instr], + where [f] is the current function (used to type-check [Ireturn] + instructions) and [env] is a typing environment associating types to + pseudo-registers. Since pseudo-registers have unique types throughout + the function, the typing environment does not change during type-checking + of individual instructions. One point to note is that we have two + polymorphic operators, [Omove] and [Oundef], which can work both + over integers and floats. +*) + +Definition regenv := reg -> typ. + +Section WT_INSTR. + +Variable env: regenv. +Variable funct: function. + +Inductive wt_instr : instruction -> Prop := + | wt_Inop: + forall s, + wt_instr (Inop s) + | wt_Iopmove: + forall r1 r s, + env r1 = env r -> + wt_instr (Iop Omove (r1 :: nil) r s) + | wt_Iopundef: + forall r s, + wt_instr (Iop Oundef nil r s) + | wt_Iop: + forall op args res s, + op <> Omove -> op <> Oundef -> + (List.map env args, env res) = type_of_operation op -> + wt_instr (Iop op args res s) + | wt_Iload: + forall chunk addr args dst s, + List.map env args = type_of_addressing addr -> + env dst = type_of_chunk chunk -> + wt_instr (Iload chunk addr args dst s) + | wt_Istore: + forall chunk addr args src s, + List.map env args = type_of_addressing addr -> + env src = type_of_chunk chunk -> + wt_instr (Istore chunk addr args src s) + | wt_Icall: + forall sig ros args res s, + match ros with inl r => env r = Tint | inr s => True end -> + List.map env args = sig.(sig_args) -> + env res = match sig.(sig_res) with None => Tint | Some ty => ty end -> + wt_instr (Icall sig ros args res s) + | wt_Icond: + forall cond args s1 s2, + List.map env args = type_of_condition cond -> + wt_instr (Icond cond args s1 s2) + | wt_Ireturn: + forall optres, + option_map env optres = funct.(fn_sig).(sig_res) -> + wt_instr (Ireturn optres). + +End WT_INSTR. + +(** A function [f] is well-typed w.r.t. a typing environment [env], + written [wt_function env f], if all instructions are well-typed, + parameters agree in types with the function signature, and + names of parameters are pairwise distinct. *) + +Record wt_function (env: regenv) (f: function) : Prop := + mk_wt_function { + wt_params: + List.map env f.(fn_params) = f.(fn_sig).(sig_args); + wt_norepet: + list_norepet f.(fn_params); + wt_instrs: + forall pc instr, f.(fn_code)!pc = Some instr -> wt_instr env f instr + }. + +(** * Type inference *) + +(** There are several ways to ensure that RTL code is well-typed and + to obtain the typing environment (type assignment for pseudo-registers) + needed for register allocation. One is to start with well-typed Cminor + code and show type preservation for RTL generation and RTL optimizations. + Another is to start with untyped RTL and run a type inference algorithm + that reconstructs the typing environment, determining the type of + each pseudo-register from its uses in the code. We follow the second + approach. + + The algorithm and its correctness proof in this section were + contributed by Damien Doligez. *) + +(** ** Type inference algorithm *) + +Set Implicit Arguments. + +(** Type inference for RTL is similar to that for simply-typed + lambda-calculus: we use type variables to represent the types + of registers that have not yet been determined to be [Tint] or [Tfloat] + based on their uses. We need exactly one type variable per pseudo-register, + therefore type variables can be conveniently equated with registers. + The type of a register during inference is therefore either + [tTy t] (with [t = Tint] or [t = Tfloat]) for a known type, + or [tReg r] to mean ``the same type as that of register [r]''. *) + +Inductive myT : Set := + | tTy : typ -> myT + | tReg : reg -> myT. + +(** The algorithm proceeds by unification of the currently inferred + type for a pseudo-register with the type dictated by its uses. + Unification builds on a ``union-find'' data structure representing + equivalence classes of types (see module [Union_find]). +*) + +Module myreg. + Definition T := myT. + Definition eq : forall (x y : T), {x=y}+{x<>y}. + Proof. + destruct x; destruct y; auto; + try (apply right; discriminate); try (apply left; discriminate). + destruct t; destruct t0; + try (apply right; congruence); try (apply left; congruence). + elim (peq r r0); intros. + rewrite a; apply left; apply refl_equal. + apply right; congruence. + Defined. +End myreg. + +Module mymap. + Definition elt := myreg.T. + Definition encode (t : myreg.T) : positive := + match t with + | tTy Tint => xH + | tTy Tfloat => xI xH + | tReg r => xO r + end. + Definition decode (p : positive) : elt := + match p with + | xH => tTy Tint + | xI _ => tTy Tfloat + | xO r => tReg r + end. + + Lemma encode_decode : forall x : myreg.T, decode (encode x) = x. + Proof. + destruct x; try destruct t; simpl; auto. + Qed. + + Lemma encode_injective : + forall (x y : myreg.T), encode x = encode y -> x = y. + Proof. + intros. + unfold encode in H. destruct x; destruct y; try congruence; + try destruct t; try destruct t0; congruence. + Qed. + + Definition T := PTree.t positive. + Definition empty := PTree.empty positive. + Definition get (adr : elt) (t : T) := + option_map decode (PTree.get (encode adr) t). + Definition add (adr dat : elt) (t : T) := + PTree.set (encode adr) (encode dat) t. + + Theorem get_empty : forall (x : elt), get x empty = None. + Proof. + intro. + unfold get. unfold empty. + rewrite PTree.gempty. + simpl; auto. + Qed. + Theorem get_add_1 : + forall (x y : elt) (m : T), get x (add x y m) = Some y. + Proof. + intros. + unfold add. unfold get. + rewrite PTree.gss. + simpl; rewrite encode_decode; auto. + Qed. + Theorem get_add_2 : + forall (x y z : elt) (m : T), z <> x -> get z (add x y m) = get z m. + Proof. + intros. + unfold get. unfold add. + rewrite PTree.gso; auto. + intro. apply H. apply encode_injective. auto. + Qed. +End mymap. + +Module Uf := Unionfind (myreg) (mymap). + +Definition error := Uf.identify Uf.empty (tTy Tint) (tTy Tfloat). + +Fixpoint fold2 (A B : Set) (f : Uf.T -> A -> B -> Uf.T) + (init : Uf.T) (la : list A) (lb : list B) {struct la} + : Uf.T := + match la, lb with + | ha::ta, hb::tb => fold2 f (f init ha hb) ta tb + | nil, nil => init + | _, _ => error + end. + +Definition option_fold2 (A B : Set) (f : Uf.T -> A -> B -> Uf.T) + (init : Uf.T) (oa : option A) (ob : option B) + : Uf.T := + match oa, ob with + | Some a, Some b => f init a b + | None, None => init + | _, _ => error + end. + +Definition teq (ty1 ty2 : typ) : bool := + match ty1, ty2 with + | Tint, Tint => true + | Tfloat, Tfloat => true + | _, _ => false + end. + +Definition type_rtl_arg (u : Uf.T) (r : reg) (t : typ) := + Uf.identify u (tReg r) (tTy t). + +Definition type_rtl_ros (u : Uf.T) (ros : reg+ident) := + match ros with + | inl r => Uf.identify u (tReg r) (tTy Tint) + | inr s => u + end. + +Definition type_of_sig_res (sig : signature) := + match sig.(sig_res) with None => Tint | Some ty => ty end. + +(** This is the core type inference function. The [u] argument is + the current substitution / equivalence classes between types. + An updated set of equivalence classes, reflecting unifications + possibly performed during the type-checking of [i], is returned. + Note that [type_rtl_instr] never fails explicitly. However, + in case of type error (e.g. applying the [Oadd] integer operation + to float registers), the equivalence relation returned will + put [tTy Tint] and [tTy Tfloat] in the same equivalence class. + This fact will propagate through type inference for other instructions, + and be detected at the end of type inference, indicating a typing failure. +*) + +Definition type_rtl_instr (rtyp : option typ) + (u : Uf.T) (_ : positive) (i : instruction) := + match i with + | Inop _ => u + | Iop Omove (r1 :: nil) r0 _ => Uf.identify u (tReg r0) (tReg r1) + | Iop Omove _ _ _ => error + | Iop Oundef nil _ _ => u + | Iop Oundef _ _ _ => error + | Iop op args r0 _ => + let (argtyp, restyp) := type_of_operation op in + let u1 := type_rtl_arg u r0 restyp in + fold2 type_rtl_arg u1 args argtyp + | Iload chunk addr args r0 _ => + let u1 := type_rtl_arg u r0 (type_of_chunk chunk) in + fold2 type_rtl_arg u1 args (type_of_addressing addr) + | Istore chunk addr args r0 _ => + let u1 := type_rtl_arg u r0 (type_of_chunk chunk) in + fold2 type_rtl_arg u1 args (type_of_addressing addr) + | Icall sign ros args r0 _ => + let u1 := type_rtl_ros u ros in + let u2 := type_rtl_arg u1 r0 (type_of_sig_res sign) in + fold2 type_rtl_arg u2 args sign.(sig_args) + | Icond cond args _ _ => + fold2 type_rtl_arg u args (type_of_condition cond) + | Ireturn o => option_fold2 type_rtl_arg u o rtyp + end. + +Definition mk_env (u : Uf.T) (r : reg) := + if myreg.eq (Uf.repr u (tReg r)) (Uf.repr u (tTy Tfloat)) + then Tfloat + else Tint. + +Fixpoint member (x : reg) (l : list reg) {struct l} : bool := + match l with + | nil => false + | y :: rest => if peq x y then true else member x rest + end. + +Fixpoint repet (l : list reg) : bool := + match l with + | nil => false + | x :: rest => member x rest || repet rest + end. + +Definition type_rtl_function (f : function) := + let u1 := PTree.fold (type_rtl_instr f.(fn_sig).(sig_res)) + f.(fn_code) Uf.empty in + let u2 := fold2 type_rtl_arg u1 f.(fn_params) f.(fn_sig).(sig_args) in + if repet f.(fn_params) then + None + else + if myreg.eq (Uf.repr u2 (tTy Tint)) (Uf.repr u2 (tTy Tfloat)) + then None + else Some (mk_env u2). + +Unset Implicit Arguments. + +(** ** Correctness proof for type inference *) + +(** General properties of the type equivalence relation. *) + +Definition consistent (u : Uf.T) := + Uf.repr u (tTy Tint) <> Uf.repr u (tTy Tfloat). + +Lemma consistent_not_eq : forall (u : Uf.T) (A : Type) (x y : A), + consistent u -> + (if myreg.eq (Uf.repr u (tTy Tint)) (Uf.repr u (tTy Tfloat)) then x else y) + = y. + Proof. + intros. + unfold consistent in H. + destruct (myreg.eq (Uf.repr u (tTy Tint)) (Uf.repr u (tTy Tfloat))); + congruence. + Qed. + +Lemma equal_eq : forall (t : myT) (A : Type) (x y : A), + (if myreg.eq t t then x else y) = x. + Proof. + intros. + destruct (myreg.eq t t); congruence. + Qed. + +Lemma error_inconsistent : forall (A : Prop), consistent error -> A. + Proof. + intros. + absurd (consistent error); auto. + intro. + unfold error in H. unfold consistent in H. + rewrite Uf.sameclass_identify_1 in H. + congruence. + Qed. + +Lemma teq_correct : forall (t1 t2 : typ), teq t1 t2 = true -> t1 = t2. + Proof. + intros; destruct t1; destruct t2; try simpl in H; congruence. + Qed. + +Definition included (u1 u2 : Uf.T) : Prop := + forall (e1 e2: myT), + Uf.repr u1 e1 = Uf.repr u1 e2 -> Uf.repr u2 e1 = Uf.repr u2 e2. + +Lemma included_refl : + forall (e : Uf.T), included e e. + Proof. + unfold included. auto. + Qed. + +Lemma included_trans : + forall (e1 e2 e3 : Uf.T), + included e3 e2 -> included e2 e1 -> included e3 e1. + Proof. + unfold included. auto. + Qed. + +Lemma included_consistent : + forall (u1 u2 : Uf.T), + included u1 u2 -> consistent u2 -> consistent u1. + Proof. + unfold consistent. unfold included. + intros. + intro. apply H0. apply H. + auto. + Qed. + +Lemma included_identify : + forall (u : Uf.T) (t1 t2 : myT), included u (Uf.identify u t1 t2). + Proof. + unfold included. + intros. + apply Uf.sameclass_identify_2; auto. + Qed. + +Lemma type_arg_correct_1 : + forall (u : Uf.T) (r : reg) (t : typ), + consistent (type_rtl_arg u r t) + -> Uf.repr (type_rtl_arg u r t) (tReg r) + = Uf.repr (type_rtl_arg u r t) (tTy t). + Proof. + intros. + unfold type_rtl_arg. + rewrite Uf.sameclass_identify_1. + auto. + Qed. + +Lemma type_arg_correct : + forall (u : Uf.T) (r : reg) (t : typ), + consistent (type_rtl_arg u r t) -> mk_env (type_rtl_arg u r t) r = t. + Proof. + intros. + unfold mk_env. + rewrite type_arg_correct_1. + destruct t. + apply consistent_not_eq; auto. + destruct (myreg.eq (Uf.repr (type_rtl_arg u r Tfloat) (tTy Tfloat))); + congruence. + auto. + Qed. + +Lemma type_arg_included : + forall (u : Uf.T) (r : reg) (t : typ), included u (type_rtl_arg u r t). + Proof. + intros. + unfold type_rtl_arg. + apply included_identify. + Qed. + +Lemma type_arg_extends : + forall (u : Uf.T) (r : reg) (t : typ), + consistent (type_rtl_arg u r t) -> consistent u. + Proof. + intros. + apply included_consistent with (u2 := type_rtl_arg u r t). + apply type_arg_included. + auto. + Qed. + +Lemma type_args_included : + forall (l1 : list reg) (l2 : list typ) (u : Uf.T), + consistent (fold2 type_rtl_arg u l1 l2) + -> included u (fold2 type_rtl_arg u l1 l2). + Proof. + induction l1; intros; destruct l2. + simpl in H; simpl; apply included_refl. + simpl in H. apply error_inconsistent. auto. + simpl in H. apply error_inconsistent. auto. + simpl. + simpl in H. + apply included_trans with (e2 := type_rtl_arg u a t). + apply type_arg_included. + apply IHl1. + auto. + Qed. + +Lemma type_args_extends : + forall (l1 : list reg) (l2 : list typ) (u : Uf.T), + consistent (fold2 type_rtl_arg u l1 l2) -> consistent u. + Proof. + intros. + apply (included_consistent _ _ (type_args_included l1 l2 u H)). + auto. + Qed. + +Lemma type_args_correct : + forall (l1 : list reg) (l2 : list typ) (u : Uf.T), + consistent (fold2 type_rtl_arg u l1 l2) + -> map (mk_env (fold2 type_rtl_arg u l1 l2)) l1 = l2. + Proof. + induction l1. + intros. + destruct l2. + unfold map; simpl; auto. + simpl in H; apply error_inconsistent; auto. + intros. + destruct l2. + simpl in H; apply error_inconsistent; auto. + simpl. + simpl in H. + rewrite (IHl1 l2 (type_rtl_arg u a t) H). + unfold mk_env. + destruct t. + rewrite (type_args_included _ _ _ H (tReg a) (tTy Tint)). + rewrite consistent_not_eq; auto. + apply type_arg_correct_1. + apply type_args_extends with (l1 := l1) (l2 := l2); auto. + rewrite (type_args_included _ _ _ H (tReg a) (tTy Tfloat)). + rewrite equal_eq; auto. + apply type_arg_correct_1. + apply type_args_extends with (l1 := l1) (l2 := l2); auto. + Qed. + +(** Correctness of [wt_params]. *) + +Lemma type_rtl_function_params : + forall (f: function) (env: regenv), + type_rtl_function f = Some env + -> List.map env f.(fn_params) = f.(fn_sig).(sig_args). + Proof. + destruct f; unfold type_rtl_function; simpl. + destruct (repet fn_params); simpl; intros; try congruence. + pose (u := PTree.fold (type_rtl_instr (sig_res fn_sig)) fn_code Uf.empty). + fold u in H. + cut (consistent (fold2 type_rtl_arg u fn_params (sig_args fn_sig))). + intro. + pose (R := Uf.repr (fold2 type_rtl_arg u fn_params (sig_args fn_sig))). + fold R in H. + destruct (myreg.eq (R (tTy Tint)) (R (tTy Tfloat))). + congruence. + injection H. + intro. + rewrite <- H1. + apply type_args_correct. + auto. + intro. + rewrite H0 in H. + rewrite equal_eq in H. + congruence. + Qed. + +(** Correctness of [wt_norepet]. *) + +Lemma member_correct : + forall (l : list reg) (a : reg), member a l = false -> ~In a l. + Proof. + induction l; simpl; intros; try tauto. + destruct (peq a0 a); simpl; try congruence. + intro. destruct H0; try congruence. + generalize H0; apply IHl; auto. + Qed. + +Lemma repet_correct : + forall (l : list reg), repet l = false -> list_norepet l. + Proof. + induction l; simpl; intros. + exact (list_norepet_nil reg). + elim (orb_false_elim (member a l) (repet l) H); intros. + apply list_norepet_cons. + apply member_correct; auto. + apply IHl; auto. + Qed. + +Lemma type_rtl_function_norepet : + forall (f: function) (env: regenv), + type_rtl_function f = Some env + -> list_norepet f.(fn_params). + Proof. + destruct f; unfold type_rtl_function; simpl. + intros. cut (repet fn_params = false). + intro. apply repet_correct. auto. + destruct (repet fn_params); congruence. + Qed. + +(** Correctness of [wt_instrs]. *) + +Lemma step1 : + forall (f : function) (env : regenv), + type_rtl_function f = Some env + -> exists u2 : Uf.T, + included (PTree.fold (type_rtl_instr f.(fn_sig).(sig_res)) + f.(fn_code) Uf.empty) + u2 + /\ env = mk_env u2 + /\ consistent u2. + Proof. + intros f env. + pose (u1 := (PTree.fold (type_rtl_instr f.(fn_sig).(sig_res)) + f.(fn_code) Uf.empty)). + fold u1. + unfold type_rtl_function. + intros. + destruct (repet f.(fn_params)). + congruence. + fold u1 in H. + pose (u2 := (fold2 type_rtl_arg u1 f.(fn_params) f.(fn_sig).(sig_args))). + fold u2 in H. + exists u2. + caseEq (myreg.eq (Uf.repr u2 (tTy Tint)) (Uf.repr u2 (tTy Tfloat))). + intros. + rewrite e in H. + rewrite equal_eq in H. + congruence. + intros. + rewrite consistent_not_eq in H. + apply conj. + unfold u2. + apply type_args_included. + auto. + apply conj; auto. + congruence. + auto. + Qed. + +Lemma let_fold_args_res : + forall (u : Uf.T) (l : list reg) (r : reg) (e : list typ * typ), + (let (argtyp, restyp) := e in + fold2 type_rtl_arg (type_rtl_arg u r restyp) l argtyp) + = fold2 type_rtl_arg (type_rtl_arg u r (snd e)) l (fst e). + Proof. + intros. rewrite (surjective_pairing e). simpl. auto. + Qed. + +Lemma type_args_res_included : + forall (l1 : list reg) (l2 : list typ) (u : Uf.T) (r : reg) (t : typ), + consistent (fold2 type_rtl_arg (type_rtl_arg u r t) l1 l2) + -> included u (fold2 type_rtl_arg (type_rtl_arg u r t) l1 l2). + Proof. + intros. + apply included_trans with (e2 := type_rtl_arg u r t). + apply type_arg_included. + apply type_args_included; auto. + Qed. + +Lemma type_args_res_ros_included : + forall (l1 : list reg) (l2 : list typ) (u : Uf.T) (r : reg) (t : typ) + (ros : reg+ident), + consistent (fold2 type_rtl_arg (type_rtl_arg (type_rtl_ros u ros) r t) l1 l2) + -> included u (fold2 type_rtl_arg (type_rtl_arg (type_rtl_ros u ros) r t) l1 l2). +Proof. + intros. + apply included_trans with (e2 := type_rtl_ros u ros). + unfold type_rtl_ros; destruct ros. + apply included_identify. + apply included_refl. + apply type_args_res_included; auto. +Qed. + +Lemma type_instr_included : + forall (p : positive) (i : instruction) (u : Uf.T) (res_ty : option typ), + consistent (type_rtl_instr res_ty u p i) + -> included u (type_rtl_instr res_ty u p i). + Proof. + intros. + destruct i; simpl; simpl in H; try apply type_args_res_included; auto. + apply included_refl; auto. + destruct o; simpl; simpl in H; try apply type_args_res_included; auto. + destruct l; simpl; simpl in H; auto. + apply error_inconsistent; auto. + destruct l; simpl; simpl in H; auto. + apply included_identify. + apply error_inconsistent; auto. + destruct l; simpl; simpl in H; auto. + apply included_refl. + apply error_inconsistent; auto. + apply type_args_res_ros_included; auto. + apply type_args_included; auto. + destruct res_ty; destruct o; simpl; simpl in H; + try (apply error_inconsistent; auto; fail). + apply type_arg_included. + apply included_refl. + Qed. + +Lemma type_instrs_extends : + forall (l : list (positive * instruction)) (u : Uf.T) (res_ty : option typ), + consistent + (fold_left (fun v p => type_rtl_instr res_ty v (fst p) (snd p)) l u) + -> consistent u. +Proof. + induction l; simpl; intros. + auto. + apply included_consistent + with (u2 := (type_rtl_instr res_ty u (fst a) (snd a))). + apply type_instr_included. + apply IHl with (res_ty := res_ty); auto. + apply IHl with (res_ty := res_ty); auto. +Qed. + +Lemma type_instrs_included : + forall (l : list (positive * instruction)) (u : Uf.T) (res_ty : option typ), + consistent + (fold_left (fun v p => type_rtl_instr res_ty v (fst p) (snd p)) l u) + -> included u + (fold_left (fun v p => type_rtl_instr res_ty v (fst p) (snd p)) l u). + Proof. + induction l; simpl; intros. + apply included_refl; auto. + apply included_trans with (e2 := (type_rtl_instr res_ty u (fst a) (snd a))). + apply type_instr_included. + apply type_instrs_extends with (res_ty := res_ty) (l := l); auto. + apply IHl; auto. + Qed. + +Lemma step2 : + forall (res_ty : option typ) (c : code) (u0 : Uf.T), + consistent (PTree.fold (type_rtl_instr res_ty) c u0) -> + forall (pc : positive) (i : instruction), + c!pc = Some i + -> exists u : Uf.T, + consistent (type_rtl_instr res_ty u pc i) + /\ included (type_rtl_instr res_ty u pc i) + (PTree.fold (type_rtl_instr res_ty) c u0). + Proof. + intros. + rewrite PTree.fold_spec. + rewrite PTree.fold_spec in H. + pose (H1 := PTree.elements_correct _ _ H0). + generalize H. clear H. + generalize u0. clear u0. + generalize H1. clear H1. + induction (PTree.elements c). + intros. + absurd (In (pc, i) nil). + apply in_nil. + auto. + intros. + simpl in H. + elim H1. + intro. + rewrite H2 in H. + simpl in H. + rewrite H2. simpl. + exists u0. + apply conj. + apply type_instrs_extends with (res_ty := res_ty) (l := l). + auto. + apply type_instrs_included. + auto. + intro. + simpl. + apply IHl. + auto. + auto. + Qed. + +Definition mapped (u : Uf.T) (r : reg) := + Uf.repr u (tReg r) = Uf.repr u (tTy Tfloat) + \/ Uf.repr u (tReg r) = Uf.repr u (tTy Tint). + +Definition definite (u : Uf.T) (i : instruction) := + match i with + | Inop _ => True + | Iop Omove (r1 :: nil) r0 _ => Uf.repr u (tReg r1) = Uf.repr u (tReg r0) + | Iop Oundef _ _ _ => True + | Iop _ args r0 _ => + mapped u r0 /\ forall r : reg, In r args -> mapped u r + | Iload _ _ args r0 _ => + mapped u r0 /\ forall r : reg, In r args -> mapped u r + | Istore _ _ args r0 _ => + mapped u r0 /\ forall r : reg, In r args -> mapped u r + | Icall _ ros args r0 _ => + match ros with inl r => mapped u r | _ => True end + /\ mapped u r0 /\ forall r : reg, In r args -> mapped u r + | Icond _ args _ _ => + forall r : reg, In r args -> mapped u r + | Ireturn None => True + | Ireturn (Some r) => mapped u r + end. + +Lemma type_arg_complete : + forall (u : Uf.T) (r : reg) (t : typ), + mapped (type_rtl_arg u r t) r. +Proof. + intros. + unfold type_rtl_arg. + unfold mapped. + destruct t. + right; apply Uf.sameclass_identify_1. + left; apply Uf.sameclass_identify_1. +Qed. + +Lemma type_arg_mapped : + forall (u : Uf.T) (r r0 : reg) (t : typ), + mapped u r0 -> mapped (type_rtl_arg u r t) r0. +Proof. + unfold mapped. + unfold type_rtl_arg. + intros. + elim H; intros. + left; apply Uf.sameclass_identify_2; auto. + right; apply Uf.sameclass_identify_2; auto. +Qed. + +Lemma type_args_mapped : + forall (lr : list reg) (lt : list typ) (u : Uf.T) (r : reg), + consistent (fold2 type_rtl_arg u lr lt) -> + mapped u r -> + mapped (fold2 type_rtl_arg u lr lt) r. +Proof. + induction lr; simpl; intros. + destruct lt; simpl; auto; try (apply error_inconsistent; auto; fail). + destruct lt; simpl; auto; try (apply error_inconsistent; auto; fail). + apply IHlr. + auto. + apply type_arg_mapped; auto. +Qed. + +Lemma type_args_complete : + forall (lr : list reg) (lt : list typ) (u : Uf.T), + consistent (fold2 type_rtl_arg u lr lt) + -> forall r, (In r lr -> mapped (fold2 type_rtl_arg u lr lt) r). +Proof. + induction lr; simpl; intros. + destruct lt; simpl; try tauto. + destruct lt; simpl. + apply error_inconsistent; auto. + elim H0; intros. + rewrite H1. + rewrite H1 in H. + apply type_args_mapped; auto. + apply type_arg_complete. + apply IHlr; auto. +Qed. + +Lemma type_res_complete : + forall (u : Uf.T) (lr : list reg) (lt : list typ) (r : reg) (t : typ), + consistent (fold2 type_rtl_arg (type_rtl_arg u r t) lr lt) + -> mapped (fold2 type_rtl_arg (type_rtl_arg u r t) lr lt) r. +Proof. + intros. + apply type_args_mapped; auto. + apply type_arg_complete. +Qed. + +Lemma type_args_res_complete : + forall (u : Uf.T) (lr : list reg) (lt : list typ) (r : reg) (t : typ), + consistent (fold2 type_rtl_arg (type_rtl_arg u r t) lr lt) + -> mapped (fold2 type_rtl_arg (type_rtl_arg u r t) lr lt) r + /\ forall rr, (In rr lr -> mapped (fold2 type_rtl_arg (type_rtl_arg u r t) + lr lt) + rr). +Proof. + intros. + apply conj. + apply type_res_complete; auto. + apply type_args_complete; auto. +Qed. + +Lemma type_ros_complete : + forall (u : Uf.T) (lr : list reg) (lt : list typ) (r r1 : reg) (t : typ), + consistent (fold2 type_rtl_arg (type_rtl_arg + (type_rtl_ros u (inl ident r1)) r t) lr lt) + -> + mapped (fold2 type_rtl_arg (type_rtl_arg + (type_rtl_ros u (inl ident r1)) r t) lr lt) r1. +Proof. + intros. + apply type_args_mapped; auto. + apply type_arg_mapped. + unfold type_rtl_ros. + unfold mapped. + right. + apply Uf.sameclass_identify_1; auto. +Qed. + +Lemma type_res_correct : + forall (u : Uf.T) (lr : list reg) (lt : list typ) (r : reg) (t : typ), + consistent (fold2 type_rtl_arg (type_rtl_arg u r t) lr lt) + -> mk_env (fold2 type_rtl_arg (type_rtl_arg u r t) lr lt) r = t. +Proof. + intros. + unfold mk_env. + rewrite (type_args_included _ _ _ H (tReg r) (tTy t)). + destruct t. + apply consistent_not_eq; auto. + apply equal_eq; auto. + unfold type_rtl_arg; apply Uf.sameclass_identify_1; auto. +Qed. + +Lemma type_ros_correct : + forall (u : Uf.T) (lr : list reg) (lt : list typ) (r r1 : reg) (t : typ), + consistent (fold2 type_rtl_arg (type_rtl_arg + (type_rtl_ros u (inl ident r1)) r t) lr lt) + -> + mk_env (fold2 type_rtl_arg (type_rtl_arg + (type_rtl_ros u (inl ident r1)) r t) lr lt) r1 + = Tint. +Proof. + intros. + unfold mk_env. + rewrite (type_args_included _ _ _ H (tReg r1) (tTy Tint)). + apply consistent_not_eq; auto. + rewrite (type_arg_included (type_rtl_ros u (inl ident r1)) r t (tReg r1) (tTy Tint)). + auto. + simpl. + apply Uf.sameclass_identify_1; auto. +Qed. + +Lemma step3 : + forall (u : Uf.T) (f : function) (c : code) (i : instruction) (pc : positive), + c!pc = Some i -> + consistent (type_rtl_instr f.(fn_sig).(sig_res) u pc i) + -> wt_instr (mk_env (type_rtl_instr f.(fn_sig).(sig_res) u pc i)) f i + /\ definite (type_rtl_instr f.(fn_sig).(sig_res) u pc i) i. + Proof. + Opaque type_rtl_arg. + intros. + destruct i; simpl in H0; simpl. + (* Inop *) + apply conj; auto. apply wt_Inop. + (* Iop *) + destruct o; + try (apply conj; [ + apply wt_Iop; try congruence; simpl; + rewrite (type_args_correct _ _ _ H0); + rewrite (type_res_correct _ _ _ _ _ H0); + auto + |apply (type_args_res_complete _ _ _ _ _ H0)]). + (* Omove *) + destruct l; [apply error_inconsistent; auto | idtac]. + destruct l; [idtac | apply error_inconsistent; auto]. + apply conj. + apply wt_Iopmove. + simpl. + unfold mk_env. + rewrite Uf.sameclass_identify_1. + congruence. + simpl. + rewrite Uf.sameclass_identify_1; congruence. + (* Oundef *) + destruct l; [idtac | apply error_inconsistent; auto]. + apply conj. apply wt_Iopundef. + unfold definite. auto. + (* Iload *) + apply conj. + apply wt_Iload. + rewrite (type_args_correct _ _ _ H0); auto. + rewrite (type_res_correct _ _ _ _ _ H0); auto. + simpl; apply (type_args_res_complete _ _ _ _ _ H0). + (* IStore *) + apply conj. + apply wt_Istore. + rewrite (type_args_correct _ _ _ H0); auto. + rewrite (type_res_correct _ _ _ _ _ H0); auto. + simpl; apply (type_args_res_complete _ _ _ _ _ H0). + (* Icall *) + apply conj. + apply wt_Icall. + destruct s0; auto. apply type_ros_correct. auto. + apply type_args_correct. auto. + fold (type_of_sig_res s). apply type_res_correct. auto. + destruct s0. + apply conj. + apply type_ros_complete. auto. + apply type_args_res_complete. auto. + apply conj; auto. + apply type_args_res_complete. auto. + (* Icond *) + apply conj. + apply wt_Icond. + apply (type_args_correct _ _ _ H0). + simpl; apply (type_args_complete _ _ _ H0). + (* Ireturn *) + destruct o; simpl. + apply conj. + apply wt_Ireturn. + destruct f.(fn_sig).(sig_res); simpl; simpl in H0. + rewrite type_arg_correct; auto. + apply error_inconsistent; auto. + destruct f.(fn_sig).(sig_res); simpl; simpl in H0. + apply type_arg_complete. + apply error_inconsistent; auto. + apply conj; auto. apply wt_Ireturn. + destruct f.(fn_sig).(sig_res); simpl; simpl in H0. + apply error_inconsistent; auto. + congruence. + Transparent type_rtl_arg. + Qed. + +Lemma mapped_included_consistent : + forall (u1 u2 : Uf.T) (r : reg), + mapped u1 r -> + included u1 u2 -> + consistent u2 -> + mk_env u2 r = mk_env u1 r. +Proof. + intros. + unfold mk_env. + unfold mapped in H. + elim H; intros; rewrite H2; rewrite (H0 _ _ H2). + rewrite equal_eq; rewrite equal_eq; auto. + rewrite (consistent_not_eq u2). + rewrite (consistent_not_eq u1). + auto. + apply included_consistent with (u2 := u2). + auto. + auto. + auto. +Qed. + +Lemma mapped_list_included : + forall (u1 u2 : Uf.T) (lr : list reg), + (forall r, In r lr -> mapped u1 r) -> + included u1 u2 -> + consistent u2 -> + map (mk_env u2) lr = map (mk_env u1) lr. +Proof. + induction lr; simpl; intros. + auto. + rewrite (mapped_included_consistent u1 u2 a). + rewrite IHlr; auto. + apply (H a); intros. + left; auto. + auto. + auto. +Qed. + +Lemma included_mapped : + forall (u1 u2 : Uf.T) (r : reg), + included u1 u2 -> + mapped u1 r -> + mapped u2 r. +Proof. + unfold mapped. + intros. + elim H0; intros. + left; rewrite (H _ _ H1); auto. + right; rewrite (H _ _ H1); auto. +Qed. + +Lemma included_mapped_forall : + forall (u1 u2 : Uf.T) (r : reg) (l : list reg), + included u1 u2 -> + mapped u1 r /\ (forall r, In r l -> mapped u1 r) -> + mapped u2 r /\ (forall r, In r l -> mapped u2 r). +Proof. + intros. + elim H0; intros. + apply conj. + apply (included_mapped _ _ r H); auto. + intros. + apply (included_mapped _ _ r0 H). + apply H2; auto. +Qed. + +Lemma definite_included : + forall (u1 u2 : Uf.T) (i : instruction), + included u1 u2 -> definite u1 i -> definite u2 i. +Proof. + unfold definite. + intros. + destruct i; try apply (included_mapped_forall _ _ _ _ H H0); auto. + destruct o; try apply (included_mapped_forall _ _ _ _ H H0); auto. + destruct l; auto. + apply (included_mapped_forall _ _ _ _ H H0). + destruct l; auto. + apply (included_mapped_forall _ _ _ _ H H0). + destruct s0; auto. + elim H0; intros. + apply conj. + apply (included_mapped _ _ _ H H1). + apply (included_mapped_forall _ _ _ _ H H2). + elim H0; intros. + apply conj; auto. + apply (included_mapped_forall _ _ _ _ H H2). + intros. + apply (included_mapped _ _ _ H (H0 r H1)). + destruct o; auto. + apply (included_mapped _ _ _ H H0). +Qed. + +Lemma step4 : + forall (f : function) (u1 u3 : Uf.T) (i : instruction), + included u3 u1 -> + wt_instr (mk_env u3) f i -> + definite u3 i -> + consistent u1 -> + wt_instr (mk_env u1) f i. + Proof. + intros f u1 u3 i H1 H H0 X. + destruct H; try simpl in H0; try (elim H0; intros). + apply wt_Inop. + apply wt_Iopmove. unfold mk_env. rewrite (H1 _ _ H0). auto. + apply wt_Iopundef. + apply wt_Iop; auto. + destruct op; try congruence; simpl; simpl in H3; + simpl in H0; elim H0; intros; rewrite (mapped_included_consistent _ _ _ H4 H1 X); + rewrite (mapped_list_included _ _ _ H5 H1); auto. + apply wt_Iload. + rewrite (mapped_list_included _ _ _ H4 H1); auto. + rewrite (mapped_included_consistent _ _ _ H3 H1 X). auto. + apply wt_Istore. + rewrite (mapped_list_included _ _ _ H4 H1); auto. + rewrite (mapped_included_consistent _ _ _ H3 H1 X). auto. + elim H5; intros; destruct ros; apply wt_Icall. + rewrite (mapped_included_consistent _ _ _ H4 H1 X); auto. + rewrite (mapped_list_included _ _ _ H7 H1); auto. + rewrite (mapped_included_consistent _ _ _ H6 H1 X); auto. + auto. + rewrite (mapped_list_included _ _ _ H7 H1); auto. + rewrite (mapped_included_consistent _ _ _ H6 H1 X); auto. + apply wt_Icond. rewrite (mapped_list_included _ _ _ H0 H1); auto. + apply wt_Ireturn. + destruct optres; destruct f.(fn_sig).(sig_res); + simpl in H; simpl; try congruence. + rewrite (mapped_included_consistent _ _ _ H0 H1 X); auto. + Qed. + +Lemma type_rtl_function_instrs : + forall (f: function) (env: regenv), + type_rtl_function f = Some env + -> forall pc i, f.(fn_code)!pc = Some i -> wt_instr env f i. + Proof. + intros. + elim (step1 _ _ H). + intros. + elim H1. + intros. + elim H3. + intros. + rewrite H4. + elim (step2 _ _ _ (included_consistent _ _ H2 H5) _ _ H0). + intros. + elim H6. intros. + elim (step3 x0 f _ _ _ H0); auto. intros. + apply (step4 f _ _ i H2); auto. + apply (step4 _ _ _ _ H8 H9 H10). + apply (included_consistent _ _ H2); auto. + apply (definite_included _ _ _ H8 H10); auto. + Qed. + +(** Combining the sub-proofs. *) + +Theorem type_rtl_function_correct: + forall (f: function) (env: regenv), + type_rtl_function f = Some env -> wt_function env f. + Proof. + intros. + exact (mk_wt_function env f (type_rtl_function_params f _ H) + (type_rtl_function_norepet f _ H) + (type_rtl_function_instrs f _ H)). + Qed. + +Definition wt_program (p: program) : Prop := + forall i f, In (i, f) (prog_funct p) -> type_rtl_function f <> None. + +(** * Type preservation during evaluation *) + +(** The type system for RTL is not sound in that it does not guarantee + progress: well-typed instructions such as [Icall] can fail because + of run-time type tests (such as the equality between calle and caller's + signatures). However, the type system guarantees a type preservation + property: if the execution does not fail because of a failed run-time + test, the result values and register states match the static + typing assumptions. This preservation property will be useful + later for the proof of semantic equivalence between [Machabstr] and [Mach]. + Even though we do not need it for [RTL], we show preservation for [RTL] + here, as a warm-up exercise and because some of the lemmas will be + useful later. *) + +Require Import Globalenvs. +Require Import Values. +Require Import Mem. +Require Import Integers. + +Definition wt_regset (env: regenv) (rs: regset) : Prop := + forall r, Val.has_type (rs#r) (env r). + +Lemma wt_regset_assign: + forall env rs v r, + wt_regset env rs -> + Val.has_type v (env r) -> + wt_regset env (rs#r <- v). +Proof. + intros; red; intros. + rewrite Regmap.gsspec. + case (peq r0 r); intro. + subst r0. assumption. + apply H. +Qed. + +Lemma wt_regset_list: + forall env rs, + wt_regset env rs -> + forall rl, Val.has_type_list (rs##rl) (List.map env rl). +Proof. + induction rl; simpl. + auto. + split. apply H. apply IHrl. +Qed. + +Lemma wt_init_regs: + forall env rl args, + Val.has_type_list args (List.map env rl) -> + wt_regset env (init_regs args rl). +Proof. + induction rl; destruct args; simpl; intuition. + red; intros. rewrite Regmap.gi. simpl; auto. + apply wt_regset_assign; auto. +Qed. + +Section SUBJECT_REDUCTION. + +Variable p: program. + +Hypothesis wt_p: wt_program p. + +Let ge := Genv.globalenv p. + +Definition exec_instr_subject_reduction + (c: code) (sp: val) + (pc: node) (rs: regset) (m: mem) + (pc': node) (rs': regset) (m': mem) : Prop := + forall env f + (CODE: c = fn_code f) + (WT_FN: wt_function env f) + (WT_RS: wt_regset env rs), + wt_regset env rs'. + +Definition exec_function_subject_reduction + (f: function) (args: list val) (m: mem) (res: val) (m': mem) : Prop := + forall env, + wt_function env f -> + Val.has_type_list args f.(fn_sig).(sig_args) -> + Val.has_type res + (match f.(fn_sig).(sig_res) with None => Tint | Some ty => ty end). + +Lemma subject_reduction: + forall f args m res m', + exec_function ge f args m res m' -> + exec_function_subject_reduction f args m res m'. +Proof. + apply (exec_function_ind_3 ge + exec_instr_subject_reduction + exec_instr_subject_reduction + exec_function_subject_reduction); + intros; red; intros; + try (rewrite CODE in H; + generalize (wt_instrs env _ WT_FN pc _ H); + intro WT_INSTR; + inversion WT_INSTR). + + assumption. + + apply wt_regset_assign. auto. + subst op. subst args. simpl in H0. injection H0; intro. + subst v. rewrite <- H2. apply WT_RS. + + apply wt_regset_assign. auto. + subst op; subst args; simpl in H0. injection H0; intro; subst v. + simpl; auto. + + apply wt_regset_assign. auto. + replace (env res) with (snd (type_of_operation op)). + apply type_of_operation_sound with function ge rs##args sp; auto. + rewrite <- H7. reflexivity. + + apply wt_regset_assign. auto. rewrite H8. + eapply type_of_chunk_correct; eauto. + + assumption. + + apply wt_regset_assign. auto. rewrite H11. rewrite H1. + assert (type_rtl_function f <> None). + destruct ros; simpl in H0. + pattern f. apply Genv.find_funct_prop with function p (rs#r). + exact wt_p. exact H0. + caseEq (Genv.find_symbol ge i); intros; rewrite H12 in H0. + pattern f. apply Genv.find_funct_ptr_prop with function p b. + exact wt_p. exact H0. + discriminate. + assert (exists env1, wt_function env1 f). + caseEq (type_rtl_function f); intros; try congruence. + exists t. apply type_rtl_function_correct; auto. + elim H13; intros env1 WT_FN1. + eapply H3. eexact WT_FN1. rewrite <- H1. rewrite <- H10. + apply wt_regset_list; auto. + + assumption. + assumption. + assumption. + eauto. + eauto. + + assert (WT_INIT: wt_regset env (init_regs args (fn_params f))). + apply wt_init_regs. rewrite (wt_params env f H4). assumption. + generalize (H1 env f (refl_equal (fn_code f)) H4 WT_INIT). + intro WT_RS. + generalize (wt_instrs env _ H4 pc _ H2). + intro WT_INSTR; inversion WT_INSTR. + destruct or; simpl in H3; simpl in H7; rewrite <- H7. + rewrite H3. apply WT_RS. + rewrite H3. simpl; auto. +Qed. + +End SUBJECT_REDUCTION. diff --git a/backend/Registers.v b/backend/Registers.v new file mode 100644 index 00000000..30935893 --- /dev/null +++ b/backend/Registers.v @@ -0,0 +1,49 @@ +(** Pseudo-registers and register states. + + This library defines the type of pseudo-registers used in the RTL + intermediate language, and of mappings from pseudo-registers to + values as used in the dynamic semantics of RTL. *) + +Require Import Bool. +Require Import Coqlib. +Require Import AST. +Require Import Maps. +Require Import Sets. + +Definition reg: Set := positive. + +Module Reg. + +Definition eq := peq. + +Definition typenv := PMap.t typ. + +End Reg. + +(** Mappings from registers to some type. *) + +Module Regmap := PMap. + +Set Implicit Arguments. + +Definition regmap_optget + (A: Set) (or: option reg) (dfl: A) (rs: Regmap.t A) : A := + match or with + | None => dfl + | Some r => Regmap.get r rs + end. + +Definition regmap_optset + (A: Set) (or: option reg) (v: A) (rs: Regmap.t A) : Regmap.t A := + match or with + | None => rs + | Some r => Regmap.set r v rs + end. + +Notation "a # b" := (Regmap.get b a) (at level 1). +Notation "a ## b" := (List.map (fun r => Regmap.get r a) b) (at level 1). +Notation "a # b <- c" := (Regmap.set b c a) (at level 1, b at next level). + +(** Sets of registers *) + +Module Regset := MakeSet(PTree). diff --git a/backend/Stacking.v b/backend/Stacking.v new file mode 100644 index 00000000..1f0c4542 --- /dev/null +++ b/backend/Stacking.v @@ -0,0 +1,226 @@ +(** Layout of activation records; translation from Linear to Mach. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Op. +Require Import RTL. +Require Import Locations. +Require Import Linear. +Require Import Lineartyping. +Require Import Mach. +Require Import Conventions. + +(** * Layout of activation records *) + +(** The general shape of activation records is as follows, + from bottom (lowest offsets) to top: +- 24 reserved bytes. The first 4 bytes hold the back pointer to the + activation record of the caller. The next 4 bytes will be used + to store the return address. The remaining 16 bytes are unused + but reserved in accordance with the PowerPC application binary interface. +- Space for outgoing arguments to function calls. +- Local stack slots of integer type. +- Saved values of integer callee-save registers used by the function. +- One word of padding, if necessary to align the following data + on a 8-byte boundary. +- Local stack slots of float type. +- Saved values of float callee-save registers used by the function. +- Space for the stack-allocated data declared in Cminor. + +To facilitate some of the proofs, the Cminor stack-allocated data +starts at offset 0; the preceding areas in the activation record +therefore have negative offsets. This part (with negative offsets) +is called the ``frame'' (see the [Machabstr] semantics for the Mach +language), by opposition with the ``Cminor stack data'' which is the part +with positive offsets. + +The [frame_env] compilation environment records the positions of +the boundaries between areas in the frame part. +*) + +Record frame_env : Set := mk_frame_env { + fe_size: Z; + fe_ofs_int_local: Z; + fe_ofs_int_callee_save: Z; + fe_num_int_callee_save: Z; + fe_ofs_float_local: Z; + fe_ofs_float_callee_save: Z; + fe_num_float_callee_save: Z +}. + +(** Computation of the frame environment from the bounds of the current + function. *) + +Definition make_env (b: bounds) := + let oil := 4 * b.(bound_outgoing) in (* integer locals *) + let oics := oil + 4 * b.(bound_int_local) in (* integer callee-saves *) + let oendi := oics + 4 * b.(bound_int_callee_save) in + let ofl := align oendi 8 in (* float locals *) + let ofcs := ofl + 8 * b.(bound_float_local) in (* float callee-saves *) + let sz := ofcs + 8 * b.(bound_float_callee_save) in (* total frame size *) + mk_frame_env sz oil oics b.(bound_int_callee_save) + ofl ofcs b.(bound_float_callee_save). + +(** Computation the frame offset for the given component of the frame. + The component is expressed by the following [frame_index] sum type. *) + +Inductive frame_index: Set := + | FI_local: Z -> typ -> frame_index + | FI_arg: Z -> typ -> frame_index + | FI_saved_int: Z -> frame_index + | FI_saved_float: Z -> frame_index. + +Definition offset_of_index (fe: frame_env) (idx: frame_index) := + match idx with + | FI_local x Tint => fe.(fe_ofs_int_local) + 4 * x + | FI_local x Tfloat => fe.(fe_ofs_float_local) + 8 * x + | FI_arg x ty => 4 * x + | FI_saved_int x => fe.(fe_ofs_int_callee_save) + 4 * x + | FI_saved_float x => fe.(fe_ofs_float_callee_save) + 8 * x + end. + +(** * Saving and restoring callee-save registers *) + +(** [save_callee_save fe k] adds before [k] the instructions that + store in the frame the values of callee-save registers used by the + current function. *) + +Definition save_int_callee_save (fe: frame_env) (cs: mreg) (k: Mach.code) := + let i := index_int_callee_save cs in + if zlt i fe.(fe_num_int_callee_save) + then Msetstack cs (Int.repr (offset_of_index fe (FI_saved_int i))) Tint :: k + else k. + +Definition save_float_callee_save (fe: frame_env) (cs: mreg) (k: Mach.code) := + let i := index_float_callee_save cs in + if zlt i fe.(fe_num_float_callee_save) + then Msetstack cs (Int.repr (offset_of_index fe (FI_saved_float i))) Tfloat :: k + else k. + +Definition save_callee_save (fe: frame_env) (k: Mach.code) := + List.fold_right (save_int_callee_save fe) + (List.fold_right (save_float_callee_save fe) k float_callee_save_regs) + int_callee_save_regs. + +(** [restore_callee_save fe k] adds before [k] the instructions that + re-load from the frame the values of callee-save registers used by the + current function, restoring these registers to their initial values. *) + +Definition restore_int_callee_save (fe: frame_env) (cs: mreg) (k: Mach.code) := + let i := index_int_callee_save cs in + if zlt i fe.(fe_num_int_callee_save) + then Mgetstack (Int.repr (offset_of_index fe (FI_saved_int i))) Tint cs :: k + else k. + +Definition restore_float_callee_save (fe: frame_env) (cs: mreg) (k: Mach.code) := + let i := index_float_callee_save cs in + if zlt i fe.(fe_num_float_callee_save) + then Mgetstack (Int.repr (offset_of_index fe (FI_saved_float i))) Tfloat cs :: k + else k. + +Definition restore_callee_save (fe: frame_env) (k: Mach.code) := + List.fold_right (restore_int_callee_save fe) + (List.fold_right (restore_float_callee_save fe) k float_callee_save_regs) + int_callee_save_regs. + +(** * Code transformation. *) + +(** Translation of operations and addressing mode. + In Linear, the stack pointer has offset 0, i.e. points to the + beginning of the Cminor stack data block. In Mach, the stack + pointer points to the bottom of the activation record, + at offset [- fe.(fe_size)] where [fe] is the frame environment. + Operations and addressing mode that are relative to the stack pointer + must therefore be offset by [fe.(fe_size)] to preserve their + behaviour. *) + +Definition transl_op (fe: frame_env) (op: operation) := + match op with + | Oaddrstack ofs => Oaddrstack (Int.add (Int.repr fe.(fe_size)) ofs) + | _ => op + end. + +Definition transl_addr (fe: frame_env) (addr: addressing) := + match addr with + | Ainstack ofs => Ainstack (Int.add (Int.repr fe.(fe_size)) ofs) + | _ => addr + end. + +(** Translation of a Linear instruction. Prepends the corresponding + Mach instructions to the given list of instructions. + [Lgetstack] and [Lsetstack] moves between registers and stack slots + are turned into [Mgetstack], [Mgetparent] or [Msetstack] instructions + at offsets determined by the frame environment. + Instructions and addressing modes are modified as described previously. + Code to restore the values of callee-save registers is inserted + before the function returns. *) + +Definition transl_instr + (fe: frame_env) (i: Linear.instruction) (k: Mach.code) : Mach.code := + match i with + | Lgetstack s r => + match s with + | Local ofs ty => + Mgetstack (Int.repr (offset_of_index fe (FI_local ofs ty))) ty r :: k + | Incoming ofs ty => + Mgetparam (Int.repr (offset_of_index fe (FI_arg ofs ty))) ty r :: k + | Outgoing ofs ty => + Mgetstack (Int.repr (offset_of_index fe (FI_arg ofs ty))) ty r :: k + end + | Lsetstack r s => + match s with + | Local ofs ty => + Msetstack r (Int.repr (offset_of_index fe (FI_local ofs ty))) ty :: k + | Incoming ofs ty => + k (* should not happen *) + | Outgoing ofs ty => + Msetstack r (Int.repr (offset_of_index fe (FI_arg ofs ty))) ty :: k + end + | Lop op args res => + Mop (transl_op fe op) args res :: k + | Lload chunk addr args dst => + Mload chunk (transl_addr fe addr) args dst :: k + | Lstore chunk addr args src => + Mstore chunk (transl_addr fe addr) args src :: k + | Lcall sig ros => + Mcall sig ros :: k + | Llabel lbl => + Mlabel lbl :: k + | Lgoto lbl => + Mgoto lbl :: k + | Lcond cond args lbl => + Mcond cond args lbl :: k + | Lreturn => + restore_callee_save fe (Mreturn :: k) + end. + +(** Translation of a function. Code that saves the values of used + callee-save registers is inserted at function entry, followed + by the translation of the function body. + + Subtle point: the compiler must check that the frame is no + larger than [- Int.min_signed] bytes, otherwise arithmetic overflows + could occur during frame accesses using signed machine integers as + offsets. *) + +Definition transl_code + (fe: frame_env) (il: list Linear.instruction) : Mach.code := + List.fold_right (transl_instr fe) nil il. + +Definition transl_body (f: Linear.function) (fe: frame_env) := + save_callee_save fe (transl_code fe f.(Linear.fn_code)). + +Definition transf_function (f: Linear.function) : option Mach.function := + let fe := make_env (function_bounds f) in + if zlt f.(Linear.fn_stacksize) 0 then None else + if zlt (- Int.min_signed) fe.(fe_size) then None else + Some (Mach.mkfunction + f.(Linear.fn_sig) + (transl_body f fe) + f.(Linear.fn_stacksize) + fe.(fe_size)). + +Definition transf_program (p: Linear.program) : option Mach.program := + transform_partial_program transf_function p. diff --git a/backend/Stackingproof.v b/backend/Stackingproof.v new file mode 100644 index 00000000..002ca8d5 --- /dev/null +++ b/backend/Stackingproof.v @@ -0,0 +1,1610 @@ +(** Correctness proof for the translation from Linear to Mach. *) + +(** This file proves semantic preservation for the [Stacking] pass. + For the target language Mach, we use the alternate semantics + given in file [Machabstr], where a part of the activation record + is not resident in memory. Combined with the semantic equivalence + result between the two Mach semantics (see file [Machabstr2mach]), + the proof in this file also shows semantic preservation with + respect to the standard Mach semantics. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Integers. +Require Import Values. +Require Import Op. +Require Import Mem. +Require Import Globalenvs. +Require Import Locations. +Require Import Mach. +Require Import Machabstr. +Require Import Linear. +Require Import Lineartyping. +Require Import Conventions. +Require Import Stacking. + +(** * Properties of frames and frame accesses *) + +(** ``Good variable'' properties for frame accesses. *) + +Lemma get_slot_ok: + forall fr ty ofs, + 0 <= ofs -> fr.(low) + ofs + 4 * typesize ty <= 0 -> + exists v, get_slot fr ty ofs v. +Proof. + intros. exists (load_contents (mem_type ty) fr.(contents) (fr.(low) + ofs)). + constructor; auto. +Qed. + +Lemma set_slot_ok: + forall fr ty ofs v, + fr.(high) = 0 -> 0 <= ofs -> fr.(low) + ofs + 4 * typesize ty <= 0 -> + exists fr', set_slot fr ty ofs v fr'. +Proof. + intros. + exists (mkblock fr.(low) fr.(high) + (store_contents (mem_type ty) fr.(contents) (fr.(low) + ofs) v) + (set_slot_undef_outside fr ty ofs v H H0 H1 fr.(undef_outside))). + constructor; auto. +Qed. + +Lemma slot_gss: + forall fr1 ty ofs v fr2, + set_slot fr1 ty ofs v fr2 -> + get_slot fr2 ty ofs v. +Proof. + intros. induction H. + constructor. + auto. simpl. auto. + simpl. symmetry. apply load_store_contents_same. +Qed. + +Lemma slot_gso: + forall fr1 ty ofs v fr2 ty' ofs' v', + set_slot fr1 ty ofs v fr2 -> + get_slot fr1 ty' ofs' v' -> + ofs' + 4 * typesize ty' <= ofs \/ ofs + 4 * typesize ty <= ofs' -> + get_slot fr2 ty' ofs' v'. +Proof. + intros. induction H; inversion H0. + constructor. + auto. simpl low. auto. + simpl. rewrite H3. symmetry. apply load_store_contents_other. + repeat (rewrite size_mem_type). omega. +Qed. + +Lemma slot_gi: + forall f ofs ty, + 0 <= ofs -> (init_frame f).(low) + ofs + 4 * typesize ty <= 0 -> + get_slot (init_frame f) ty ofs Vundef. +Proof. + intros. constructor. + auto. auto. + symmetry. apply load_contents_init. +Qed. + +Section PRESERVATION. + +Variable prog: Linear.program. +Variable tprog: Mach.program. +Hypothesis TRANSF: transf_program prog = Some tprog. +Let ge := Genv.globalenv prog. +Let tge := Genv.globalenv tprog. + +Section FRAME_PROPERTIES. + +Variable f: Linear.function. +Let b := function_bounds f. +Let fe := make_env b. +Variable tf: Mach.function. +Hypothesis TRANSF_F: transf_function f = Some tf. + +Lemma unfold_transf_function: + tf = Mach.mkfunction + f.(Linear.fn_sig) + (transl_body f fe) + f.(Linear.fn_stacksize) + fe.(fe_size). +Proof. + generalize TRANSF_F. unfold transf_function. + case (zlt (fn_stacksize f) 0). intros; discriminate. + case (zlt (- Int.min_signed) (fe_size (make_env (function_bounds f)))). + intros; discriminate. + intros. unfold fe. unfold b. congruence. +Qed. + +Lemma size_no_overflow: fe.(fe_size) <= -Int.min_signed. +Proof. + generalize TRANSF_F. unfold transf_function. + case (zlt (fn_stacksize f) 0). intros; discriminate. + case (zlt (- Int.min_signed) (fe_size (make_env (function_bounds f)))). + intros; discriminate. + intros. unfold fe, b. omega. +Qed. + +(** A frame index is valid if it lies within the resource bounds + of the current function. *) + +Definition index_valid (idx: frame_index) := + match idx with + | FI_local x Tint => 0 <= x < b.(bound_int_local) + | FI_local x Tfloat => 0 <= x < b.(bound_float_local) + | FI_arg x ty => 6 <= x /\ x + typesize ty <= b.(bound_outgoing) + | FI_saved_int x => 0 <= x < b.(bound_int_callee_save) + | FI_saved_float x => 0 <= x < b.(bound_float_callee_save) + end. + +Definition type_of_index (idx: frame_index) := + match idx with + | FI_local x ty => ty + | FI_arg x ty => ty + | FI_saved_int x => Tint + | FI_saved_float x => Tfloat + end. + +(** Non-overlap between the memory areas corresponding to two + frame indices. *) + +Definition index_diff (idx1 idx2: frame_index) : Prop := + match idx1, idx2 with + | FI_local x1 ty1, FI_local x2 ty2 => + x1 <> x2 \/ ty1 <> ty2 + | FI_arg x1 ty1, FI_arg x2 ty2 => + x1 + typesize ty1 <= x2 \/ x2 + typesize ty2 <= x1 + | FI_saved_int x1, FI_saved_int x2 => x1 <> x2 + | FI_saved_float x1, FI_saved_float x2 => x1 <> x2 + | _, _ => True + end. + +Remark align_float_part: + 4 * bound_outgoing b + 4 * bound_int_local b + 4 * bound_int_callee_save b <= + align (4 * bound_outgoing b + 4 * bound_int_local b + 4 * bound_int_callee_save b) 8. +Proof. + apply align_le. omega. +Qed. + +Ltac AddPosProps := + assert (bound_int_local b >= 0); + [unfold b; apply bound_int_local_pos | + assert (bound_float_local b >= 0); + [unfold b; apply bound_float_local_pos | + assert (bound_int_callee_save b >= 0); + [unfold b; apply bound_int_callee_save_pos | + assert (bound_float_callee_save b >= 0); + [unfold b; apply bound_float_callee_save_pos | + assert (bound_outgoing b >= 6); + [unfold b; apply bound_outgoing_pos | + generalize align_float_part; intro]]]]]. + +Lemma size_pos: fe.(fe_size) >= 24. +Proof. + AddPosProps. + unfold fe, make_env, fe_size. omega. +Qed. + +Opaque function_bounds. + +Lemma offset_of_index_disj: + forall idx1 idx2, + index_valid idx1 -> index_valid idx2 -> + index_diff idx1 idx2 -> + offset_of_index fe idx1 + 4 * typesize (type_of_index idx1) <= offset_of_index fe idx2 \/ + offset_of_index fe idx2 + 4 * typesize (type_of_index idx2) <= offset_of_index fe idx1. +Proof. + AddPosProps. + intros. + destruct idx1; destruct idx2; + try (destruct t); try (destruct t0); + unfold offset_of_index, fe, make_env, + fe_size, fe_ofs_int_local, fe_ofs_int_callee_save, + fe_ofs_float_local, fe_ofs_float_callee_save, + type_of_index, typesize; + simpl in H5; simpl in H6; simpl in H7; + try omega. + assert (z <> z0). intuition auto. omega. + assert (z <> z0). intuition auto. omega. +Qed. + +(** The following lemmas give sufficient conditions for indices + of various kinds to be valid. *) + +Lemma index_local_valid: + forall ofs ty, + slot_bounded f (Local ofs ty) -> + index_valid (FI_local ofs ty). +Proof. + unfold slot_bounded, index_valid. auto. +Qed. + +Lemma index_arg_valid: + forall ofs ty, + slot_bounded f (Outgoing ofs ty) -> + index_valid (FI_arg ofs ty). +Proof. + unfold slot_bounded, index_valid, b. auto. +Qed. + +Lemma index_saved_int_valid: + forall r, + In r int_callee_save_regs -> + index_int_callee_save r < b.(bound_int_callee_save) -> + index_valid (FI_saved_int (index_int_callee_save r)). +Proof. + intros. red. split. + apply Zge_le. apply index_int_callee_save_pos; auto. + auto. +Qed. + +Lemma index_saved_float_valid: + forall r, + In r float_callee_save_regs -> + index_float_callee_save r < b.(bound_float_callee_save) -> + index_valid (FI_saved_float (index_float_callee_save r)). +Proof. + intros. red. split. + apply Zge_le. apply index_float_callee_save_pos; auto. + auto. +Qed. + +Hint Resolve index_local_valid index_arg_valid + index_saved_int_valid index_saved_float_valid: stacking. + +(** The offset of a valid index lies within the bounds of the frame. *) + +Lemma offset_of_index_valid: + forall idx, + index_valid idx -> + 24 <= offset_of_index fe idx /\ + offset_of_index fe idx + 4 * typesize (type_of_index idx) <= fe.(fe_size). +Proof. + AddPosProps. + intros. + destruct idx; try destruct t; + unfold offset_of_index, fe, make_env, + fe_size, fe_ofs_int_local, fe_ofs_int_callee_save, + fe_ofs_float_local, fe_ofs_float_callee_save, + type_of_index, typesize; + simpl in H5; + omega. +Qed. + +(** Offsets for valid index are representable as signed machine integers + without loss of precision. *) + +Lemma offset_of_index_no_overflow: + forall idx, + index_valid idx -> + Int.signed (Int.repr (offset_of_index fe idx)) = offset_of_index fe idx. +Proof. + intros. + generalize (offset_of_index_valid idx H). intros [A B]. +(* omega falls flat on its face... *) + apply Int.signed_repr. + split. apply Zle_trans with 24. compute; intro; discriminate. + auto. + assert (offset_of_index fe idx < fe_size fe). + generalize (typesize_pos (type_of_index idx)); intro. omega. + apply Zlt_succ_le. + change (Zsucc Int.max_signed) with (- Int.min_signed). + generalize size_no_overflow. omega. +Qed. + +(** Admissible evaluation rules for the [Mgetstack] and [Msetstack] + instructions, in case the offset is computed with [offset_of_index]. *) + +Lemma exec_Mgetstack': + forall sp parent idx ty c rs fr dst m v, + index_valid idx -> + get_slot fr ty (offset_of_index fe idx) v -> + Machabstr.exec_instrs tge tf sp parent + (Mgetstack (Int.repr (offset_of_index fe idx)) ty dst :: c) rs fr m + c (rs#dst <- v) fr m. +Proof. + intros. apply Machabstr.exec_one. apply Machabstr.exec_Mgetstack. + rewrite offset_of_index_no_overflow. auto. auto. +Qed. + +Lemma exec_Msetstack': + forall sp parent idx ty c rs fr src m fr', + index_valid idx -> + set_slot fr ty (offset_of_index fe idx) (rs src) fr' -> + Machabstr.exec_instrs tge tf sp parent + (Msetstack src (Int.repr (offset_of_index fe idx)) ty :: c) rs fr m + c rs fr' m. +Proof. + intros. apply Machabstr.exec_one. apply Machabstr.exec_Msetstack. + rewrite offset_of_index_no_overflow. auto. auto. +Qed. + +(** An alternate characterization of the [get_slot] and [set_slot] + operations in terms of the following [index_val] frame access + function. *) + +Definition index_val (idx: frame_index) (fr: frame) := + load_contents (mem_type (type_of_index idx)) + fr.(contents) + (fr.(low) + offset_of_index fe idx). + +Lemma get_slot_index: + forall fr idx ty v, + index_valid idx -> + fr.(low) = - fe.(fe_size) -> + ty = type_of_index idx -> + v = index_val idx fr -> + get_slot fr ty (offset_of_index fe idx) v. +Proof. + intros. subst v; subst ty. + generalize (offset_of_index_valid idx H); intros [A B]. + unfold index_val. apply get_slot_intro. omega. + rewrite H0. omega. auto. +Qed. + +Lemma set_slot_index: + forall fr idx v, + index_valid idx -> + fr.(high) = 0 -> + fr.(low) = - fe.(fe_size) -> + exists fr', set_slot fr (type_of_index idx) (offset_of_index fe idx) v fr'. +Proof. + intros. + generalize (offset_of_index_valid idx H); intros [A B]. + apply set_slot_ok. auto. omega. rewrite H1; omega. +Qed. + +(** Alternate ``good variable'' properties for [get_slot] and [set_slot]. *) +Lemma slot_iss: + forall fr idx v fr', + set_slot fr (type_of_index idx) (offset_of_index fe idx) v fr' -> + index_val idx fr' = v. +Proof. + intros. inversion H. subst ofs ty. + unfold index_val; simpl. apply load_store_contents_same. +Qed. + +Lemma slot_iso: + forall fr idx v fr' idx', + set_slot fr (type_of_index idx) (offset_of_index fe idx) v fr' -> + index_diff idx idx' -> + index_valid idx -> index_valid idx' -> + index_val idx' fr' = index_val idx' fr. +Proof. + intros. generalize (offset_of_index_disj idx idx' H1 H2 H0). intro. + unfold index_val. inversion H. subst ofs ty. simpl. + apply load_store_contents_other. + repeat rewrite size_mem_type. omega. +Qed. + +(** * Agreement between location sets and Mach environments *) + +(** The following [agree] predicate expresses semantic agreement between + a location set on the Linear side and, on the Mach side, + a register set, plus the current and parent frames, plus the register + set [rs0] at function entry. *) + +Record agree (ls: locset) (rs: regset) (fr parent: frame) (rs0: regset) : Prop := + mk_agree { + (** Machine registers have the same values on the Linear and Mach sides. *) + agree_reg: + forall r, ls (R r) = rs r; + + (** Machine registers outside the bounds of the current function + have the same values they had at function entry. In other terms, + these registers are never assigned. *) + agree_unused_reg: + forall r, ~(mreg_bounded f r) -> rs r = rs0 r; + + (** The bounds of the current frame are [[- fe.(fe_size), 0]]. *) + agree_high: + fr.(high) = 0; + agree_size: + fr.(low) = - fe.(fe_size); + + (** Local and outgoing stack slots (on the Linear side) have + the same values as the one loaded from the current Mach frame + at the corresponding offsets. *) + + agree_locals: + forall ofs ty, + slot_bounded f (Local ofs ty) -> + ls (S (Local ofs ty)) = index_val (FI_local ofs ty) fr; + agree_outgoing: + forall ofs ty, + slot_bounded f (Outgoing ofs ty) -> + ls (S (Outgoing ofs ty)) = index_val (FI_arg ofs ty) fr; + + (** Incoming stack slots (on the Linear side) have + the same values as the one loaded from the parent Mach frame + at the corresponding offsets. *) + agree_incoming: + forall ofs ty, + slot_bounded f (Incoming ofs ty) -> + get_slot parent ty (Int.signed (Int.repr (4 * ofs))) (ls (S (Incoming ofs ty))); + + (** The areas of the frame reserved for saving used callee-save + registers always contain the values that those registers had + on function entry. *) + agree_saved_int: + forall r, + In r int_callee_save_regs -> + index_int_callee_save r < b.(bound_int_callee_save) -> + index_val (FI_saved_int (index_int_callee_save r)) fr = rs0 r; + agree_saved_float: + forall r, + In r float_callee_save_regs -> + index_float_callee_save r < b.(bound_float_callee_save) -> + index_val (FI_saved_float (index_float_callee_save r)) fr = rs0 r + }. + +Hint Resolve agree_reg agree_unused_reg agree_size agree_high + agree_locals agree_outgoing agree_incoming + agree_saved_int agree_saved_float: stacking. + +(** Values of registers and register lists. *) + +Lemma agree_eval_reg: + forall ls rs fr parent rs0 r, + agree ls rs fr parent rs0 -> rs r = ls (R r). +Proof. + intros. symmetry. eauto with stacking. +Qed. + +Lemma agree_eval_regs: + forall ls rs fr parent rs0 rl, + agree ls rs fr parent rs0 -> rs##rl = LTL.reglist rl ls. +Proof. + induction rl; simpl; intros. + auto. apply (f_equal2 (@cons val)). + eapply agree_eval_reg; eauto. + auto. +Qed. + +Hint Resolve agree_eval_reg agree_eval_regs: stacking. + +(** Preservation of agreement under various assignments: + of machine registers, of local slots, of outgoing slots. *) + +Lemma agree_set_reg: + forall ls rs fr parent rs0 r v, + agree ls rs fr parent rs0 -> + mreg_bounded f r -> + agree (Locmap.set (R r) v ls) (Regmap.set r v rs) fr parent rs0. +Proof. + intros. constructor; eauto with stacking. + intros. case (mreg_eq r r0); intro. + subst r0. rewrite Locmap.gss; rewrite Regmap.gss; auto. + rewrite Locmap.gso. rewrite Regmap.gso. eauto with stacking. + auto. red. auto. + intros. rewrite Regmap.gso. eauto with stacking. + red; intro; subst r0. contradiction. + intros. rewrite Locmap.gso. eauto with stacking. red. auto. + intros. rewrite Locmap.gso. eauto with stacking. red. auto. + intros. rewrite Locmap.gso. eauto with stacking. red. auto. +Qed. + +Lemma agree_set_local: + forall ls rs fr parent rs0 v ofs ty, + agree ls rs fr parent rs0 -> + slot_bounded f (Local ofs ty) -> + exists fr', + set_slot fr ty (offset_of_index fe (FI_local ofs ty)) v fr' /\ + agree (Locmap.set (S (Local ofs ty)) v ls) rs fr' parent rs0. +Proof. + intros. + generalize (set_slot_index fr _ v (index_local_valid _ _ H0) + (agree_high _ _ _ _ _ H) + (agree_size _ _ _ _ _ H)). + intros [fr' SET]. + exists fr'. split. auto. constructor; eauto with stacking. + (* agree_reg *) + intros. rewrite Locmap.gso. eauto with stacking. red; auto. + (* agree_high *) + inversion SET. simpl high. eauto with stacking. + (* agree_size *) + inversion SET. simpl low. eauto with stacking. + (* agree_local *) + intros. case (slot_eq (Local ofs ty) (Local ofs0 ty0)); intro. + rewrite <- e. rewrite Locmap.gss. + replace (FI_local ofs0 ty0) with (FI_local ofs ty). + symmetry. eapply slot_iss; eauto. congruence. + assert (ofs <> ofs0 \/ ty <> ty0). + case (zeq ofs ofs0); intro. compare ty ty0; intro. + congruence. tauto. tauto. + rewrite Locmap.gso. transitivity (index_val (FI_local ofs0 ty0) fr). + eauto with stacking. symmetry. eapply slot_iso; eauto. + simpl. auto. + (* agree_outgoing *) + intros. rewrite Locmap.gso. transitivity (index_val (FI_arg ofs0 ty0) fr). + eauto with stacking. symmetry. eapply slot_iso; eauto. + red; auto. red; auto. + (* agree_incoming *) + intros. rewrite Locmap.gso. eauto with stacking. red. auto. + (* agree_saved_int *) + intros. rewrite <- (agree_saved_int _ _ _ _ _ H r H1 H2). + eapply slot_iso; eauto with stacking. red; auto. + (* agree_saved_float *) + intros. rewrite <- (agree_saved_float _ _ _ _ _ H r H1 H2). + eapply slot_iso; eauto with stacking. red; auto. +Qed. + +Lemma agree_set_outgoing: + forall ls rs fr parent rs0 v ofs ty, + agree ls rs fr parent rs0 -> + slot_bounded f (Outgoing ofs ty) -> + exists fr', + set_slot fr ty (offset_of_index fe (FI_arg ofs ty)) v fr' /\ + agree (Locmap.set (S (Outgoing ofs ty)) v ls) rs fr' parent rs0. +Proof. + intros. + generalize (set_slot_index fr _ v (index_arg_valid _ _ H0) + (agree_high _ _ _ _ _ H) + (agree_size _ _ _ _ _ H)). + intros [fr' SET]. + exists fr'. split. exact SET. constructor; eauto with stacking. + (* agree_reg *) + intros. rewrite Locmap.gso. eauto with stacking. red; auto. + (* agree_high *) + inversion SET. simpl high. eauto with stacking. + (* agree_size *) + inversion SET. simpl low. eauto with stacking. + (* agree_local *) + intros. rewrite Locmap.gso. + transitivity (index_val (FI_local ofs0 ty0) fr). + eauto with stacking. symmetry. eapply slot_iso; eauto. + red; auto. red; auto. + (* agree_outgoing *) + intros. unfold Locmap.set. + case (Loc.eq (S (Outgoing ofs ty)) (S (Outgoing ofs0 ty0))); intro. + (* same location *) + replace ofs0 with ofs. replace ty0 with ty. + symmetry. eapply slot_iss; eauto. + congruence. congruence. + (* overlapping locations *) + caseEq (Loc.overlap (S (Outgoing ofs ty)) (S (Outgoing ofs0 ty0))); intros. + inversion SET. subst ofs1 ty1. + unfold index_val, type_of_index, offset_of_index. + set (ofs4 := 4 * ofs). set (ofs04 := 4 * ofs0). simpl. + unfold ofs4, ofs04. symmetry. + case (zeq ofs ofs0); intro. + subst ofs0. apply load_store_contents_mismatch. + destruct ty; destruct ty0; simpl; congruence. + generalize (Loc.overlap_not_diff _ _ H2). intro. simpl in H4. + apply load_store_contents_overlap. + omega. + rewrite size_mem_type. omega. + rewrite size_mem_type. omega. + (* different locations *) + transitivity (index_val (FI_arg ofs0 ty0) fr). + eauto with stacking. + symmetry. eapply slot_iso; eauto. + simpl. eapply Loc.overlap_aux_false_1; eauto. + (* agree_incoming *) + intros. rewrite Locmap.gso. eauto with stacking. red. auto. + (* saved ints *) + intros. rewrite <- (agree_saved_int _ _ _ _ _ H r H1 H2). + eapply slot_iso; eauto with stacking. red; auto. + (* saved floats *) + intros. rewrite <- (agree_saved_float _ _ _ _ _ H r H1 H2). + eapply slot_iso; eauto with stacking. red; auto. +Qed. + +Lemma agree_return_regs: + forall ls rs fr parent rs0 ls' rs', + agree ls rs fr parent rs0 -> + (forall r, + In (R r) temporaries \/ In (R r) destroyed_at_call -> + rs' r = ls' (R r)) -> + (forall r, + In r int_callee_save_regs \/ In r float_callee_save_regs -> + rs' r = rs r) -> + agree (LTL.return_regs ls ls') rs' fr parent rs0. +Proof. + intros. constructor; unfold LTL.return_regs; eauto with stacking. + (* agree_reg *) + intros. case (In_dec Loc.eq (R r) temporaries); intro. + symmetry. apply H0. tauto. + case (In_dec Loc.eq (R r) destroyed_at_call); intro. + symmetry. apply H0. tauto. + rewrite H1. eauto with stacking. + generalize (register_classification r); tauto. + (* agree_unused_reg *) + intros. rewrite H1. eauto with stacking. + generalize H2; unfold mreg_bounded; case (mreg_type r); intro. + left. apply index_int_callee_save_pos2. + generalize (bound_int_callee_save_pos f); intro. omega. + right. apply index_float_callee_save_pos2. + generalize (bound_float_callee_save_pos f); intro. omega. +Qed. + +(** * Correctness of saving and restoring of callee-save registers *) + +(** The following lemmas show the correctness of the register saving + code generated by [save_callee_save]: after this code has executed, + the register save areas of the current frame do contain the + values of the callee-save registers used by the function. *) + +Lemma save_int_callee_save_correct_rec: + forall l k sp parent rs fr m, + incl l int_callee_save_regs -> + list_norepet l -> + fr.(high) = 0 -> + fr.(low) = -fe.(fe_size) -> + exists fr', + Machabstr.exec_instrs tge tf sp parent + (List.fold_right (save_int_callee_save fe) k l) rs fr m + k rs fr' m + /\ fr'.(high) = 0 + /\ fr'.(low) = -fe.(fe_size) + /\ (forall r, + In r l -> index_int_callee_save r < bound_int_callee_save b -> + index_val (FI_saved_int (index_int_callee_save r)) fr' = rs r) + /\ (forall idx, + index_valid idx -> + (forall r, + In r l -> index_int_callee_save r < bound_int_callee_save b -> + idx <> FI_saved_int (index_int_callee_save r)) -> + index_val idx fr' = index_val idx fr). +Proof. + induction l. + (* base case *) + intros. simpl fold_right. exists fr. + split. apply Machabstr.exec_refl. split. auto. split. auto. + split. intros. elim H3. auto. + (* inductive case *) + intros. simpl fold_right. + set (k1 := fold_right (save_int_callee_save fe) k l) in *. + assert (R1: incl l int_callee_save_regs). eauto with coqlib. + assert (R2: list_norepet l). inversion H0; auto. + unfold save_int_callee_save. + case (zlt (index_int_callee_save a) (fe_num_int_callee_save fe)); + intro; + unfold fe_num_int_callee_save, fe, make_env in z. + (* a store takes place *) + assert (IDX: index_valid (FI_saved_int (index_int_callee_save a))). + apply index_saved_int_valid. eauto with coqlib. auto. + generalize (set_slot_index _ _ (rs a) IDX H1 H2). + intros [fr1 SET]. + assert (R3: high fr1 = 0). inversion SET. simpl high. auto. + assert (R4: low fr1 = -fe_size fe). inversion SET. simpl low. auto. + generalize (IHl k sp parent rs fr1 m R1 R2 R3 R4). + intros [fr' [A [B [C [D E]]]]]. + exists fr'. + split. eapply Machabstr.exec_trans. apply exec_Msetstack'; eauto with stacking. + exact A. + split. auto. + split. auto. + split. intros. elim H3; intros. subst r. + rewrite E. eapply slot_iss; eauto. auto. + intros. decEq. apply index_int_callee_save_inj; auto with coqlib. + inversion H0. red; intro; subst r; contradiction. + apply D; auto. + intros. transitivity (index_val idx fr1). + apply E; auto. + intros. apply H4; eauto with coqlib. + eapply slot_iso; eauto. + destruct idx; simpl; auto. + generalize (H4 a (in_eq _ _) z). congruence. + (* no store takes place *) + generalize (IHl k sp parent rs fr m R1 R2 H1 H2). + intros [fr' [A [B [C [D E]]]]]. + exists fr'. split. exact A. split. exact B. split. exact C. + split. intros. elim H3; intros. subst r. omegaContradiction. + apply D; auto. + intros. apply E; auto. + intros. apply H4; auto with coqlib. +Qed. + +Lemma save_int_callee_save_correct: + forall k sp parent rs fr m, + fr.(high) = 0 -> + fr.(low) = -fe.(fe_size) -> + exists fr', + Machabstr.exec_instrs tge tf sp parent + (List.fold_right (save_int_callee_save fe) k int_callee_save_regs) rs fr m + k rs fr' m + /\ fr'.(high) = 0 + /\ fr'.(low) = -fe.(fe_size) + /\ (forall r, + In r int_callee_save_regs -> + index_int_callee_save r < bound_int_callee_save b -> + index_val (FI_saved_int (index_int_callee_save r)) fr' = rs r) + /\ (forall idx, + index_valid idx -> + match idx with FI_saved_int _ => False | _ => True end -> + index_val idx fr' = index_val idx fr). +Proof. + intros. + generalize (save_int_callee_save_correct_rec + int_callee_save_regs k sp parent rs fr m + (incl_refl _) int_callee_save_norepet H H0). + intros [fr' [A [B [C [D E]]]]]. + exists fr'. + split. assumption. split. assumption. split. assumption. + split. apply D. intros. apply E. auto. + intros. red; intros; subst idx. contradiction. +Qed. + +Lemma save_float_callee_save_correct_rec: + forall l k sp parent rs fr m, + incl l float_callee_save_regs -> + list_norepet l -> + fr.(high) = 0 -> + fr.(low) = -fe.(fe_size) -> + exists fr', + Machabstr.exec_instrs tge tf sp parent + (List.fold_right (save_float_callee_save fe) k l) rs fr m + k rs fr' m + /\ fr'.(high) = 0 + /\ fr'.(low) = -fe.(fe_size) + /\ (forall r, + In r l -> index_float_callee_save r < bound_float_callee_save b -> + index_val (FI_saved_float (index_float_callee_save r)) fr' = rs r) + /\ (forall idx, + index_valid idx -> + (forall r, + In r l -> index_float_callee_save r < bound_float_callee_save b -> + idx <> FI_saved_float (index_float_callee_save r)) -> + index_val idx fr' = index_val idx fr). +Proof. + induction l. + (* base case *) + intros. simpl fold_right. exists fr. + split. apply Machabstr.exec_refl. split. auto. split. auto. + split. intros. elim H3. auto. + (* inductive case *) + intros. simpl fold_right. + set (k1 := fold_right (save_float_callee_save fe) k l) in *. + assert (R1: incl l float_callee_save_regs). eauto with coqlib. + assert (R2: list_norepet l). inversion H0; auto. + unfold save_float_callee_save. + case (zlt (index_float_callee_save a) (fe_num_float_callee_save fe)); + intro; + unfold fe_num_float_callee_save, fe, make_env in z. + (* a store takes place *) + assert (IDX: index_valid (FI_saved_float (index_float_callee_save a))). + apply index_saved_float_valid. eauto with coqlib. auto. + generalize (set_slot_index _ _ (rs a) IDX H1 H2). + intros [fr1 SET]. + assert (R3: high fr1 = 0). inversion SET. simpl high. auto. + assert (R4: low fr1 = -fe_size fe). inversion SET. simpl low. auto. + generalize (IHl k sp parent rs fr1 m R1 R2 R3 R4). + intros [fr' [A [B [C [D E]]]]]. + exists fr'. + split. eapply Machabstr.exec_trans. apply exec_Msetstack'; eauto with stacking. + exact A. + split. auto. + split. auto. + split. intros. elim H3; intros. subst r. + rewrite E. eapply slot_iss; eauto. auto. + intros. decEq. apply index_float_callee_save_inj; auto with coqlib. + inversion H0. red; intro; subst r; contradiction. + apply D; auto. + intros. transitivity (index_val idx fr1). + apply E; auto. + intros. apply H4; eauto with coqlib. + eapply slot_iso; eauto. + destruct idx; simpl; auto. + generalize (H4 a (in_eq _ _) z). congruence. + (* no store takes place *) + generalize (IHl k sp parent rs fr m R1 R2 H1 H2). + intros [fr' [A [B [C [D E]]]]]. + exists fr'. split. exact A. split. exact B. split. exact C. + split. intros. elim H3; intros. subst r. omegaContradiction. + apply D; auto. + intros. apply E; auto. + intros. apply H4; auto with coqlib. +Qed. + +Lemma save_float_callee_save_correct: + forall k sp parent rs fr m, + fr.(high) = 0 -> + fr.(low) = -fe.(fe_size) -> + exists fr', + Machabstr.exec_instrs tge tf sp parent + (List.fold_right (save_float_callee_save fe) k float_callee_save_regs) rs fr m + k rs fr' m + /\ fr'.(high) = 0 + /\ fr'.(low) = -fe.(fe_size) + /\ (forall r, + In r float_callee_save_regs -> + index_float_callee_save r < bound_float_callee_save b -> + index_val (FI_saved_float (index_float_callee_save r)) fr' = rs r) + /\ (forall idx, + index_valid idx -> + match idx with FI_saved_float _ => False | _ => True end -> + index_val idx fr' = index_val idx fr). +Proof. + intros. + generalize (save_float_callee_save_correct_rec + float_callee_save_regs k sp parent rs fr m + (incl_refl _) float_callee_save_norepet H H0). + intros [fr' [A [B [C [D E]]]]]. + exists fr'. split. assumption. split. assumption. split. assumption. + split. apply D. intros. apply E. auto. + intros. red; intros; subst idx. contradiction. +Qed. + +Lemma index_val_init_frame: + forall idx, + index_valid idx -> + index_val idx (init_frame tf) = Vundef. +Proof. + intros. unfold index_val, init_frame. simpl contents. + apply load_contents_init. +Qed. + +Lemma save_callee_save_correct: + forall sp parent k rs fr m ls, + (forall r, rs r = ls (R r)) -> + (forall ofs ty, + 6 <= ofs -> + ofs + typesize ty <= size_arguments f.(fn_sig) -> + get_slot parent ty (Int.signed (Int.repr (4 * ofs))) (ls (S (Outgoing ofs ty)))) -> + high fr = 0 -> + low fr = -fe.(fe_size) -> + (forall idx, index_valid idx -> index_val idx fr = Vundef) -> + exists fr', + Machabstr.exec_instrs tge tf sp parent + (save_callee_save fe k) rs fr m + k rs fr' m + /\ agree (LTL.call_regs ls) rs fr' parent rs. +Proof. + intros. unfold save_callee_save. + generalize (save_int_callee_save_correct + (fold_right (save_float_callee_save fe) k float_callee_save_regs) + sp parent rs fr m H1 H2). + intros [fr1 [A1 [B1 [C1 [D1 E1]]]]]. + generalize (save_float_callee_save_correct k sp parent rs fr1 m B1 C1). + intros [fr2 [A2 [B2 [C2 [D2 E2]]]]]. + exists fr2. + split. eapply Machabstr.exec_trans. eexact A1. eexact A2. + constructor; unfold LTL.call_regs; auto. + (* agree_local *) + intros. rewrite E2; auto with stacking. + rewrite E1; auto with stacking. + symmetry. auto with stacking. + (* agree_outgoing *) + intros. rewrite E2; auto with stacking. + rewrite E1; auto with stacking. + symmetry. auto with stacking. + (* agree_incoming *) + intros. simpl in H4. apply H0. tauto. tauto. + (* agree_saved_int *) + intros. rewrite E2; auto with stacking. +Qed. + +(** The following lemmas show the correctness of the register reloading + code generated by [reload_callee_save]: after this code has executed, + all callee-save registers contain the same values they had at + function entry. *) + +Lemma restore_int_callee_save_correct_rec: + forall sp parent k fr m rs0 l ls rs, + incl l int_callee_save_regs -> + list_norepet l -> + agree ls rs fr parent rs0 -> + exists ls', exists rs', + Machabstr.exec_instrs tge tf sp parent + (List.fold_right (restore_int_callee_save fe) k l) rs fr m + k rs' fr m + /\ (forall r, In r l -> rs' r = rs0 r) + /\ (forall r, ~(In r l) -> rs' r = rs r) + /\ agree ls' rs' fr parent rs0. +Proof. + induction l. + (* base case *) + intros. simpl fold_right. exists ls. exists rs. + split. apply Machabstr.exec_refl. + split. intros. elim H2. + split. auto. auto. + (* inductive case *) + intros. simpl fold_right. + set (k1 := fold_right (restore_int_callee_save fe) k l) in *. + assert (R0: In a int_callee_save_regs). apply H; auto with coqlib. + assert (R1: incl l int_callee_save_regs). eauto with coqlib. + assert (R2: list_norepet l). inversion H0; auto. + unfold restore_int_callee_save. + case (zlt (index_int_callee_save a) (fe_num_int_callee_save fe)); + intro; + unfold fe_num_int_callee_save, fe, make_env in z. + set (ls1 := Locmap.set (R a) (rs0 a) ls). + set (rs1 := Regmap.set a (rs0 a) rs). + assert (R3: agree ls1 rs1 fr parent rs0). + unfold ls1, rs1. apply agree_set_reg. auto. + red. rewrite int_callee_save_type. exact z. + apply H. auto with coqlib. + generalize (IHl ls1 rs1 R1 R2 R3). + intros [ls' [rs' [A [B [C D]]]]]. + exists ls'. exists rs'. + split. apply Machabstr.exec_trans with k1 rs1 fr m. + unfold rs1; apply exec_Mgetstack'; eauto with stacking. + apply get_slot_index; eauto with stacking. + symmetry. eauto with stacking. + eauto with stacking. + split. intros. elim H2; intros. + subst r. rewrite C. unfold rs1. apply Regmap.gss. inversion H0; auto. + auto. + split. intros. simpl in H2. rewrite C. unfold rs1. apply Regmap.gso. + apply sym_not_eq; tauto. tauto. + assumption. + (* no load takes place *) + generalize (IHl ls rs R1 R2 H1). + intros [ls' [rs' [A [B [C D]]]]]. + exists ls'; exists rs'. split. assumption. + split. intros. elim H2; intros. + subst r. apply (agree_unused_reg _ _ _ _ _ D). + unfold mreg_bounded. rewrite int_callee_save_type; auto. + auto. + split. intros. simpl in H2. apply C. tauto. + assumption. +Qed. + +Lemma restore_int_callee_save_correct: + forall sp parent k fr m rs0 ls rs, + agree ls rs fr parent rs0 -> + exists ls', exists rs', + Machabstr.exec_instrs tge tf sp parent + (List.fold_right (restore_int_callee_save fe) k int_callee_save_regs) rs fr m + k rs' fr m + /\ (forall r, In r int_callee_save_regs -> rs' r = rs0 r) + /\ (forall r, ~(In r int_callee_save_regs) -> rs' r = rs r) + /\ agree ls' rs' fr parent rs0. +Proof. + intros. apply restore_int_callee_save_correct_rec with ls. + apply incl_refl. apply int_callee_save_norepet. auto. +Qed. + +Lemma restore_float_callee_save_correct_rec: + forall sp parent k fr m rs0 l ls rs, + incl l float_callee_save_regs -> + list_norepet l -> + agree ls rs fr parent rs0 -> + exists ls', exists rs', + Machabstr.exec_instrs tge tf sp parent + (List.fold_right (restore_float_callee_save fe) k l) rs fr m + k rs' fr m + /\ (forall r, In r l -> rs' r = rs0 r) + /\ (forall r, ~(In r l) -> rs' r = rs r) + /\ agree ls' rs' fr parent rs0. +Proof. + induction l. + (* base case *) + intros. simpl fold_right. exists ls. exists rs. + split. apply Machabstr.exec_refl. + split. intros. elim H2. + split. auto. auto. + (* inductive case *) + intros. simpl fold_right. + set (k1 := fold_right (restore_float_callee_save fe) k l) in *. + assert (R0: In a float_callee_save_regs). apply H; auto with coqlib. + assert (R1: incl l float_callee_save_regs). eauto with coqlib. + assert (R2: list_norepet l). inversion H0; auto. + unfold restore_float_callee_save. + case (zlt (index_float_callee_save a) (fe_num_float_callee_save fe)); + intro; + unfold fe_num_float_callee_save, fe, make_env in z. + set (ls1 := Locmap.set (R a) (rs0 a) ls). + set (rs1 := Regmap.set a (rs0 a) rs). + assert (R3: agree ls1 rs1 fr parent rs0). + unfold ls1, rs1. apply agree_set_reg. auto. + red. rewrite float_callee_save_type. exact z. + apply H. auto with coqlib. + generalize (IHl ls1 rs1 R1 R2 R3). + intros [ls' [rs' [A [B [C D]]]]]. + exists ls'. exists rs'. + split. apply Machabstr.exec_trans with k1 rs1 fr m. + unfold rs1; apply exec_Mgetstack'; eauto with stacking. + apply get_slot_index; eauto with stacking. + symmetry. eauto with stacking. + exact A. + split. intros. elim H2; intros. + subst r. rewrite C. unfold rs1. apply Regmap.gss. inversion H0; auto. + auto. + split. intros. simpl in H2. rewrite C. unfold rs1. apply Regmap.gso. + apply sym_not_eq; tauto. tauto. + assumption. + (* no load takes place *) + generalize (IHl ls rs R1 R2 H1). + intros [ls' [rs' [A [B [C D]]]]]. + exists ls'; exists rs'. split. assumption. + split. intros. elim H2; intros. + subst r. apply (agree_unused_reg _ _ _ _ _ D). + unfold mreg_bounded. rewrite float_callee_save_type; auto. + auto. + split. intros. simpl in H2. apply C. tauto. + assumption. +Qed. + +Lemma restore_float_callee_save_correct: + forall sp parent k fr m rs0 ls rs, + agree ls rs fr parent rs0 -> + exists ls', exists rs', + Machabstr.exec_instrs tge tf sp parent + (List.fold_right (restore_float_callee_save fe) k float_callee_save_regs) rs fr m + k rs' fr m + /\ (forall r, In r float_callee_save_regs -> rs' r = rs0 r) + /\ (forall r, ~(In r float_callee_save_regs) -> rs' r = rs r) + /\ agree ls' rs' fr parent rs0. +Proof. + intros. apply restore_float_callee_save_correct_rec with ls. + apply incl_refl. apply float_callee_save_norepet. auto. +Qed. + +Lemma restore_callee_save_correct: + forall sp parent k fr m rs0 ls rs, + agree ls rs fr parent rs0 -> + exists rs', + Machabstr.exec_instrs tge tf sp parent + (restore_callee_save fe k) rs fr m + k rs' fr m + /\ (forall r, + In r int_callee_save_regs \/ In r float_callee_save_regs -> + rs' r = rs0 r) + /\ (forall r, + ~(In r int_callee_save_regs) -> + ~(In r float_callee_save_regs) -> + rs' r = rs r). +Proof. + intros. unfold restore_callee_save. + generalize (restore_int_callee_save_correct sp parent + (fold_right (restore_float_callee_save fe) k float_callee_save_regs) + fr m rs0 ls rs H). + intros [ls1 [rs1 [A [B [C D]]]]]. + generalize (restore_float_callee_save_correct sp parent + k fr m rs0 ls1 rs1 D). + intros [ls2 [rs2 [P [Q [R S]]]]]. + exists rs2. split. eapply Machabstr.exec_trans. eexact A. exact P. + split. intros. elim H0; intros. + rewrite R. apply B. auto. apply list_disjoint_notin with int_callee_save_regs. + apply int_float_callee_save_disjoint. auto. + apply Q. auto. + intros. rewrite R. apply C. auto. auto. +Qed. + +End FRAME_PROPERTIES. + +(** * Semantic preservation *) + +(** Preservation of code labels through the translation. *) + +Section LABELS. + +Remark find_label_fold_right: + forall (A: Set) (fn: A -> Mach.code -> Mach.code) lbl, + (forall x k, Mach.find_label lbl (fn x k) = Mach.find_label lbl k) -> forall (args: list A) k, + Mach.find_label lbl (List.fold_right fn k args) = Mach.find_label lbl k. +Proof. + induction args; simpl. auto. + intros. rewrite H. auto. +Qed. + +Remark find_label_save_callee_save: + forall fe lbl k, + Mach.find_label lbl (save_callee_save fe k) = Mach.find_label lbl k. +Proof. + intros. unfold save_callee_save. + repeat rewrite find_label_fold_right. reflexivity. + intros. unfold save_float_callee_save. + case (zlt (index_float_callee_save x) (fe_num_float_callee_save fe)); + intro; reflexivity. + intros. unfold save_int_callee_save. + case (zlt (index_int_callee_save x) (fe_num_int_callee_save fe)); + intro; reflexivity. +Qed. + +Remark find_label_restore_callee_save: + forall fe lbl k, + Mach.find_label lbl (restore_callee_save fe k) = Mach.find_label lbl k. +Proof. + intros. unfold restore_callee_save. + repeat rewrite find_label_fold_right. reflexivity. + intros. unfold restore_float_callee_save. + case (zlt (index_float_callee_save x) (fe_num_float_callee_save fe)); + intro; reflexivity. + intros. unfold restore_int_callee_save. + case (zlt (index_int_callee_save x) (fe_num_int_callee_save fe)); + intro; reflexivity. +Qed. + +Lemma find_label_transl_code: + forall fe lbl c, + Mach.find_label lbl (transl_code fe c) = + option_map (transl_code fe) (Linear.find_label lbl c). +Proof. + induction c; simpl; intros. + auto. + destruct a; unfold transl_instr; auto. + destruct s; simpl; auto. + destruct s; simpl; auto. + simpl. case (peq lbl l); intro. reflexivity. auto. + rewrite find_label_restore_callee_save. auto. +Qed. + +Lemma transl_find_label: + forall f tf lbl c, + transf_function f = Some tf -> + Linear.find_label lbl f.(Linear.fn_code) = Some c -> + Mach.find_label lbl tf.(Mach.fn_code) = + Some (transl_code (make_env (function_bounds f)) c). +Proof. + intros. rewrite (unfold_transf_function _ _ H). simpl. + unfold transl_body. rewrite find_label_save_callee_save. + rewrite find_label_transl_code. rewrite H0. reflexivity. +Qed. + +End LABELS. + +(** Code inclusion property for Linear executions. *) + +Lemma find_label_incl: + forall lbl c c', + Linear.find_label lbl c = Some c' -> incl c' c. +Proof. + induction c; simpl. + intros; discriminate. + intro c'. case (is_label lbl a); intros. + injection H; intro; subst c'. red; intros; auto with coqlib. + apply incl_tl. auto. +Qed. + +Lemma exec_instr_incl: + forall f sp c1 ls1 m1 c2 ls2 m2, + Linear.exec_instr ge f sp c1 ls1 m1 c2 ls2 m2 -> + incl c1 f.(fn_code) -> + incl c2 f.(fn_code). +Proof. + induction 1; intros; eauto with coqlib. + eapply find_label_incl; eauto. + eapply find_label_incl; eauto. +Qed. + +Lemma exec_instrs_incl: + forall f sp c1 ls1 m1 c2 ls2 m2, + Linear.exec_instrs ge f sp c1 ls1 m1 c2 ls2 m2 -> + incl c1 f.(fn_code) -> + incl c2 f.(fn_code). +Proof. + induction 1; intros; auto. + eapply exec_instr_incl; eauto. +Qed. + +(** Preservation / translation of global symbols and functions. *) + +Lemma symbols_preserved: + forall id, Genv.find_symbol tge id = Genv.find_symbol ge id. +Proof. + intros. unfold ge, tge. + apply Genv.find_symbol_transf_partial with transf_function. + exact TRANSF. +Qed. + +Lemma functions_translated: + forall f v, + Genv.find_funct ge v = Some f -> + exists tf, + Genv.find_funct tge v = Some tf /\ transf_function f = Some tf. +Proof. + intros. + generalize (Genv.find_funct_transf_partial transf_function TRANSF H). + case (transf_function f). + intros tf [A B]. exists tf. tauto. + intros. tauto. +Qed. + +Lemma function_ptr_translated: + forall f v, + Genv.find_funct_ptr ge v = Some f -> + exists tf, + Genv.find_funct_ptr tge v = Some tf /\ transf_function f = Some tf. +Proof. + intros. + generalize (Genv.find_funct_ptr_transf_partial transf_function TRANSF H). + case (transf_function f). + intros tf [A B]. exists tf. tauto. + intros. tauto. +Qed. + +(** Correctness of stack pointer relocation in operations and + addressing modes. *) + +Definition shift_sp (tf: Mach.function) (sp: val) := + Val.add sp (Vint (Int.repr (-tf.(fn_framesize)))). + +Remark shift_offset_sp: + forall f tf sp n v, + transf_function f = Some tf -> + offset_sp sp n = Some v -> + offset_sp (shift_sp tf sp) + (Int.add (Int.repr (fe_size (make_env (function_bounds f)))) n) = Some v. +Proof. + intros. destruct sp; try discriminate. + unfold offset_sp in *. + unfold shift_sp. + rewrite (unfold_transf_function _ _ H). unfold fn_framesize. + unfold Val.add. rewrite <- Int.neg_repr. + set (p := Int.repr (fe_size (make_env (function_bounds f)))). + inversion H0. decEq. decEq. + rewrite Int.add_assoc. decEq. + rewrite <- Int.add_assoc. + rewrite (Int.add_commut (Int.neg p) p). rewrite Int.add_neg_zero. + rewrite Int.add_commut. apply Int.add_zero. +Qed. + +Lemma shift_eval_operation: + forall f tf sp op args v, + transf_function f = Some tf -> + eval_operation ge sp op args = Some v -> + eval_operation tge (shift_sp tf sp) + (transl_op (make_env (function_bounds f)) op) args = + Some v. +Proof. + intros until v. destruct op; intros; auto. + simpl in *. rewrite symbols_preserved. auto. + destruct args; auto. unfold eval_operation in *. unfold transl_op. + apply shift_offset_sp; auto. +Qed. + +Lemma shift_eval_addressing: + forall f tf sp addr args v, + transf_function f = Some tf -> + eval_addressing ge sp addr args = Some v -> + eval_addressing tge (shift_sp tf sp) + (transl_addr (make_env (function_bounds f)) addr) args = + Some v. +Proof. + intros. destruct addr; auto. + simpl. rewrite symbols_preserved. auto. + simpl. rewrite symbols_preserved. auto. + unfold transl_addr, eval_addressing in *. + destruct args; try discriminate. + apply shift_offset_sp; auto. +Qed. + +(** The proof of semantic preservation relies on simulation diagrams + of the following form: +<< + c, ls, m ------------------- T(c), rs, fr, m + | | + | | + v v + c', ls', m' ---------------- T(c'), rs', fr', m' +>> + The left vertical arrow represents a transition in the + original Linear code. The top horizontal bar captures three preconditions: +- Agreement between [ls] on the Linear side and [rs], [fr], [rs0] + on the Mach side. +- Inclusion between [c] and the code of the function [f] being + translated. +- Well-typedness of [f]. + + In conclusion, we want to prove the existence of [rs'], [fr'], [m'] + that satisfies the right arrow (zero, one or several transitions in + the generated Mach code) and the postcondition (agreement between + [ls'] and [rs'], [fr'], [rs0]). + + As usual, we capture these diagrams as predicates parameterized + by the transition in the original Linear code. *) + +Definition exec_instr_prop + (f: function) (sp: val) + (c: code) (ls: locset) (m: mem) + (c': code) (ls': locset) (m': mem) := + forall tf rs fr parent rs0 + (TRANSL: transf_function f = Some tf) + (WTF: wt_function f) + (AG: agree f ls rs fr parent rs0) + (INCL: incl c f.(fn_code)), + exists rs', exists fr', + Machabstr.exec_instrs tge tf (shift_sp tf sp) parent + (transl_code (make_env (function_bounds f)) c) rs fr m + (transl_code (make_env (function_bounds f)) c') rs' fr' m' + /\ agree f ls' rs' fr' parent rs0. + +(** The simulation property for function calls has different preconditions + (a slightly weaker notion of agreement between [ls] and the initial + register values [rs] and caller's frame [parent]) and different + postconditions (preservation of callee-save registers). *) + +Definition exec_function_prop + (f: function) + (ls: locset) (m: mem) + (ls': locset) (m': mem) := + forall tf rs parent + (TRANSL: transf_function f = Some tf) + (WTF: wt_function f) + (AG1: forall r, rs r = ls (R r)) + (AG2: forall ofs ty, + 6 <= ofs -> + ofs + typesize ty <= size_arguments f.(fn_sig) -> + get_slot parent ty (Int.signed (Int.repr (4 * ofs))) (ls (S (Outgoing ofs ty)))), + exists rs', + Machabstr.exec_function tge tf parent rs m rs' m' + /\ (forall r, + In (R r) temporaries \/ In (R r) destroyed_at_call -> + rs' r = ls' (R r)) + /\ (forall r, + In r int_callee_save_regs \/ In r float_callee_save_regs -> + rs' r = rs r). + +Hypothesis wt_prog: wt_program prog. + +Lemma transf_function_correct: + forall f ls m ls' m', + Linear.exec_function ge f ls m ls' m' -> + exec_function_prop f ls m ls' m'. +Proof. + assert (RED: forall f i c, + transl_code (make_env (function_bounds f)) (i :: c) = + transl_instr (make_env (function_bounds f)) i + (transl_code (make_env (function_bounds f)) c)). + intros. reflexivity. + apply (Linear.exec_function_ind3 ge exec_instr_prop + exec_instr_prop exec_function_prop); + intros; red; intros; + try rewrite RED; + try (generalize (WTF _ (INCL _ (in_eq _ _))); intro WTI); + unfold transl_instr. + + (* Lgetstack *) + inversion WTI. exists (rs0#r <- (rs (S sl))); exists fr. + split. destruct sl. + (* Lgetstack, local *) + apply exec_Mgetstack'; auto. + apply get_slot_index. apply index_local_valid. auto. + eapply agree_size; eauto. reflexivity. + eapply agree_locals; eauto. + (* Lgetstack, incoming *) + apply Machabstr.exec_one; constructor. + unfold offset_of_index. eapply agree_incoming; eauto. + (* Lgetstack, outgoing *) + apply exec_Mgetstack'; auto. + apply get_slot_index. apply index_arg_valid. auto. + eapply agree_size; eauto. reflexivity. + eapply agree_outgoing; eauto. + (* Lgetstack, common *) + apply agree_set_reg; auto. + + (* Lsetstack *) + inversion WTI. destruct sl. + (* Lsetstack, local *) + generalize (agree_set_local _ _ _ _ _ _ (rs0 r) _ _ AG H3). + intros [fr' [SET AG']]. + exists rs0; exists fr'. split. + apply exec_Msetstack'; auto. + replace (rs (R r)) with (rs0 r). auto. + symmetry. eapply agree_reg; eauto. + (* Lsetstack, incoming *) + contradiction. + (* Lsetstack, outgoing *) + generalize (agree_set_outgoing _ _ _ _ _ _ (rs0 r) _ _ AG H3). + intros [fr' [SET AG']]. + exists rs0; exists fr'. split. + apply exec_Msetstack'; auto. + replace (rs (R r)) with (rs0 r). auto. + symmetry. eapply agree_reg; eauto. + + (* Lop *) + assert (mreg_bounded f res). inversion WTI; auto. + exists (rs0#res <- v); exists fr. split. + apply Machabstr.exec_one. constructor. + apply shift_eval_operation. auto. + change mreg with RegEq.t. + rewrite (agree_eval_regs _ _ _ _ _ _ args AG). auto. + apply agree_set_reg; auto. + + (* Lload *) + inversion WTI. exists (rs0#dst <- v); exists fr. split. + apply Machabstr.exec_one; econstructor. + apply shift_eval_addressing; auto. + change mreg with RegEq.t. + rewrite (agree_eval_regs _ _ _ _ _ _ args AG). eauto. + auto. + apply agree_set_reg; auto. + + (* Lstore *) + exists rs0; exists fr. split. + apply Machabstr.exec_one; econstructor. + apply shift_eval_addressing; auto. + change mreg with RegEq.t. + rewrite (agree_eval_regs _ _ _ _ _ _ args AG). eauto. + rewrite (agree_eval_reg _ _ _ _ _ _ src AG). auto. + auto. + + (* Lcall *) + inversion WTI. + assert (WTF': wt_function f'). + destruct ros; simpl in H. + apply (Genv.find_funct_prop wt_function wt_prog H). + destruct (Genv.find_symbol ge i); try discriminate. + apply (Genv.find_funct_ptr_prop wt_function wt_prog H). + assert (TR: exists tf', Mach.find_function tge ros rs0 = Some tf' + /\ transf_function f' = Some tf'). + destruct ros; simpl in H; simpl. + eapply functions_translated. + rewrite (agree_eval_reg _ _ _ _ _ _ m0 AG). auto. + rewrite symbols_preserved. + destruct (Genv.find_symbol ge i); try discriminate. + apply function_ptr_translated; auto. + elim TR; intros tf' [FIND' TRANSL']; clear TR. + assert (AG1: forall r, rs0 r = rs (R r)). + intro. symmetry. eapply agree_reg; eauto. + assert (AG2: forall ofs ty, + 6 <= ofs -> + ofs + typesize ty <= size_arguments f'.(fn_sig) -> + get_slot fr ty (Int.signed (Int.repr (4 * ofs))) (rs (S (Outgoing ofs ty)))). + intros. + assert (slot_bounded f (Outgoing ofs ty)). + red. rewrite <- H0 in H8. omega. + change (4 * ofs) with (offset_of_index (make_env (function_bounds f)) (FI_arg ofs ty)). + rewrite (offset_of_index_no_overflow f tf); auto. + apply get_slot_index. apply index_arg_valid. auto. + eapply agree_size; eauto. reflexivity. + eapply agree_outgoing; eauto. + generalize (H2 tf' rs0 fr TRANSL' WTF' AG1 AG2). + intros [rs2 [EXF [REGS1 REGS2]]]. + exists rs2; exists fr. split. + apply Machabstr.exec_one; apply Machabstr.exec_Mcall with tf'; auto. + apply agree_return_regs with rs0; auto. + + (* Llabel *) + exists rs0; exists fr. split. + apply Machabstr.exec_one; apply Machabstr.exec_Mlabel. + auto. + + (* Lgoto *) + exists rs0; exists fr. split. + apply Machabstr.exec_one; apply Machabstr.exec_Mgoto. + apply transl_find_label; auto. + auto. + + (* Lcond, true *) + exists rs0; exists fr. split. + apply Machabstr.exec_one; apply Machabstr.exec_Mcond_true. + rewrite <- (agree_eval_regs _ _ _ _ _ _ args AG) in H; auto. + apply transl_find_label; auto. + auto. + + (* Lcond, false *) + exists rs0; exists fr. split. + apply Machabstr.exec_one; apply Machabstr.exec_Mcond_false. + rewrite <- (agree_eval_regs _ _ _ _ _ _ args AG) in H; auto. + auto. + + (* refl *) + exists rs0; exists fr. split. apply Machabstr.exec_refl. auto. + + (* one *) + apply H0; auto. + + (* trans *) + generalize (H0 tf rs fr parent rs0 TRANSL WTF AG INCL). + intros [rs' [fr' [A B]]]. + assert (INCL': incl b2 (fn_code f)). eapply exec_instrs_incl; eauto. + generalize (H2 tf rs' fr' parent rs0 TRANSL WTF B INCL'). + intros [rs'' [fr'' [C D]]]. + exists rs''; exists fr''. split. + eapply Machabstr.exec_trans. eexact A. eexact C. + auto. + + (* function *) + assert (X: forall link ra, + exists rs' : regset, + Machabstr.exec_function_body tge tf parent link ra rs0 m rs' (free m2 stk) /\ + (forall r : mreg, + In (R r) temporaries \/ In (R r) destroyed_at_call -> rs' r = rs2 (R r)) /\ + (forall r : mreg, + In r int_callee_save_regs \/ In r float_callee_save_regs -> rs' r = rs0 r)). + intros. + set (sp := Vptr stk Int.zero) in *. + set (tsp := shift_sp tf sp). + set (fe := make_env (function_bounds f)). + assert (low (init_frame tf) = -fe.(fe_size)). + simpl low. rewrite (unfold_transf_function _ _ TRANSL). + reflexivity. + assert (exists fr1, set_slot (init_frame tf) Tint 0 link fr1). + apply set_slot_ok. reflexivity. omega. rewrite H2. generalize (size_pos f). + unfold fe. simpl typesize. omega. + elim H3; intros fr1 SET1; clear H3. + assert (high fr1 = 0). + inversion SET1. reflexivity. + assert (low fr1 = -fe.(fe_size)). + inversion SET1. rewrite <- H2. reflexivity. + assert (exists fr2, set_slot fr1 Tint 4 ra fr2). + apply set_slot_ok. auto. omega. rewrite H4. generalize (size_pos f). + unfold fe. simpl typesize. omega. + elim H5; intros fr2 SET2; clear H5. + assert (high fr2 = 0). + inversion SET2. simpl. auto. + assert (low fr2 = -fe.(fe_size)). + inversion SET2. rewrite <- H4. reflexivity. + assert (UNDEF: forall idx, index_valid f idx -> index_val f idx fr2 = Vundef). + intros. + assert (get_slot fr2 (type_of_index idx) (offset_of_index fe idx) Vundef). + generalize (offset_of_index_valid _ _ H7). fold fe. intros [XX YY]. + eapply slot_gso; eauto. + eapply slot_gso; eauto. + apply slot_gi. omega. omega. + simpl typesize. omega. simpl typesize. omega. + inversion H8. symmetry. exact H11. + generalize (save_callee_save_correct f tf TRANSL + tsp parent + (transl_code (make_env (function_bounds f)) f.(fn_code)) + rs0 fr2 m1 rs AG1 AG2 H5 H6 UNDEF). + intros [fr [EXP AG]]. + generalize (H1 tf rs0 fr parent rs0 TRANSL WTF AG (incl_refl _)). + intros [rs' [fr' [EXB AG']]]. + generalize (restore_callee_save_correct f tf TRANSL tsp parent + (Mreturn :: transl_code (make_env (function_bounds f)) b) + fr' m2 rs0 rs2 rs' AG'). + intros [rs'' [EXX [REGS1 REGS2]]]. + exists rs''. split. eapply Machabstr.exec_funct_body. + rewrite (unfold_transf_function f tf TRANSL); eexact H. + eexact SET1. eexact SET2. + replace (Mach.fn_code tf) with + (transl_body f (make_env (function_bounds f))). + replace (Vptr stk (Int.repr (- fn_framesize tf))) with tsp. + eapply Machabstr.exec_trans. eexact EXP. + eapply Machabstr.exec_trans. eexact EXB. eexact EXX. + unfold tsp, shift_sp, sp. unfold Val.add. + rewrite Int.add_commut. rewrite Int.add_zero. auto. + rewrite (unfold_transf_function f tf TRANSL). simpl. auto. + split. intros. rewrite REGS2. symmetry; eapply agree_reg; eauto. + apply int_callee_save_not_destroyed; auto. + apply float_callee_save_not_destroyed; auto. + auto. + generalize (X Vzero Vzero). intros [rs' [EX [REGS1 REGS2]]]. + exists rs'. split. + constructor. intros. + generalize (X link ra). intros [rs'' [EX' [REGS1' REGS2']]]. + assert (rs' = rs''). + apply (@Regmap.exten val). intro r. + elim (register_classification r); intro. + rewrite REGS1'. apply REGS1. auto. auto. + rewrite REGS2'. apply REGS2. auto. auto. + rewrite H4. auto. + split; auto. +Qed. + +End PRESERVATION. + +Theorem transl_program_correct: + forall (p: Linear.program) (tp: Mach.program) (r: val), + wt_program p -> + transf_program p = Some tp -> + Linear.exec_program p r -> + Machabstr.exec_program tp r. +Proof. + intros p tp r WTP TRANSF + [fptr [f [ls' [m [FINDSYMB [FINDFUNC [SIG [EXEC RES]]]]]]]]. + assert (WTF: wt_function f). + apply (Genv.find_funct_ptr_prop wt_function WTP FINDFUNC). + set (ls := Locmap.init Vundef) in *. + set (rs := Regmap.init Vundef). + set (fr := empty_frame). + assert (AG1: forall r, rs r = ls (R r)). + intros; reflexivity. + assert (AG2: forall ofs ty, + 6 <= ofs -> + ofs + typesize ty <= size_arguments f.(fn_sig) -> + get_slot fr ty (Int.signed (Int.repr (4 * ofs))) (ls (S (Outgoing ofs ty)))). + rewrite SIG. unfold size_arguments, sig_args, size_arguments_rec. + intros. generalize (typesize_pos ty). + intro. omegaContradiction. + generalize (function_ptr_translated p tp TRANSF f _ FINDFUNC). + intros [tf [TFIND TRANSL]]. + generalize (transf_function_correct p tp TRANSF WTP _ _ _ _ _ EXEC + tf rs fr TRANSL WTF AG1 AG2). + intros [rs' [A [B C]]]. + red. exists fptr; exists tf; exists rs'; exists m. + split. rewrite (symbols_preserved p tp TRANSF). + rewrite (transform_partial_program_main transf_function p TRANSF). + assumption. + split. assumption. + split. rewrite (unfold_transf_function f tf TRANSL); simpl. + assumption. + split. replace (Genv.init_mem tp) with (Genv.init_mem p). + exact A. symmetry. apply Genv.init_mem_transf_partial with transf_function. + exact TRANSF. + rewrite <- RES. rewrite (unfold_transf_function f tf TRANSL); simpl. + apply B. right. apply loc_result_acceptable. +Qed. diff --git a/backend/Stackingtyping.v b/backend/Stackingtyping.v new file mode 100644 index 00000000..85d19229 --- /dev/null +++ b/backend/Stackingtyping.v @@ -0,0 +1,222 @@ +(** Type preservation for the [Stacking] pass. *) + +Require Import Coqlib. +Require Import Maps. +Require Import Integers. +Require Import AST. +Require Import Op. +Require Import Locations. +Require Import Conventions. +Require Import Linear. +Require Import Lineartyping. +Require Import Mach. +Require Import Machtyping. +Require Import Stacking. +Require Import Stackingproof. + +(** We show that the Mach code generated by the [Stacking] pass + is well-typed if the original Linear code is. *) + +Definition wt_instrs (k: Mach.code) : Prop := + forall i, In i k -> wt_instr i. + +Lemma wt_instrs_cons: + forall i k, + wt_instr i -> wt_instrs k -> wt_instrs (i :: k). +Proof. + unfold wt_instrs; intros. elim H1; intro. + subst i0; auto. auto. +Qed. + +Section TRANSL_FUNCTION. + +Variable f: Linear.function. +Let fe := make_env (function_bounds f). +Variable tf: Mach.function. +Hypothesis TRANSF_F: transf_function f = Some tf. + +Lemma wt_Msetstack': + forall idx ty r, + mreg_type r = ty -> index_valid f idx -> + wt_instr (Msetstack r (Int.repr (offset_of_index fe idx)) ty). +Proof. + intros. constructor. auto. + unfold fe. rewrite (offset_of_index_no_overflow f tf TRANSF_F); auto. + generalize (offset_of_index_valid f idx H0). tauto. +Qed. + +Lemma wt_fold_right: + forall (A: Set) (f: A -> code -> code) (k: code) (l: list A), + (forall x k', In x l -> wt_instrs k' -> wt_instrs (f x k')) -> + wt_instrs k -> + wt_instrs (List.fold_right f k l). +Proof. + induction l; intros; simpl. + auto. + apply H. apply in_eq. apply IHl. + intros. apply H. auto with coqlib. auto. + auto. +Qed. + +Lemma wt_save_int_callee_save: + forall cs k, + In cs int_callee_save_regs -> wt_instrs k -> + wt_instrs (save_int_callee_save fe cs k). +Proof. + intros. unfold save_int_callee_save. + case (zlt (index_int_callee_save cs) (fe_num_int_callee_save fe)); intro. + apply wt_instrs_cons; auto. + apply wt_Msetstack'. apply int_callee_save_type; auto. + apply index_saved_int_valid. auto. exact z. + auto. +Qed. + +Lemma wt_save_float_callee_save: + forall cs k, + In cs float_callee_save_regs -> wt_instrs k -> + wt_instrs (save_float_callee_save fe cs k). +Proof. + intros. unfold save_float_callee_save. + case (zlt (index_float_callee_save cs) (fe_num_float_callee_save fe)); intro. + apply wt_instrs_cons; auto. + apply wt_Msetstack'. apply float_callee_save_type; auto. + apply index_saved_float_valid. auto. exact z. + auto. +Qed. + +Lemma wt_restore_int_callee_save: + forall cs k, + In cs int_callee_save_regs -> wt_instrs k -> + wt_instrs (restore_int_callee_save fe cs k). +Proof. + intros. unfold restore_int_callee_save. + case (zlt (index_int_callee_save cs) (fe_num_int_callee_save fe)); intro. + apply wt_instrs_cons; auto. + constructor. apply int_callee_save_type; auto. + auto. +Qed. + +Lemma wt_restore_float_callee_save: + forall cs k, + In cs float_callee_save_regs -> wt_instrs k -> + wt_instrs (restore_float_callee_save fe cs k). +Proof. + intros. unfold restore_float_callee_save. + case (zlt (index_float_callee_save cs) (fe_num_float_callee_save fe)); intro. + apply wt_instrs_cons; auto. + constructor. apply float_callee_save_type; auto. + auto. +Qed. + +Lemma wt_save_callee_save: + forall k, + wt_instrs k -> wt_instrs (save_callee_save fe k). +Proof. + intros. unfold save_callee_save. + apply wt_fold_right. exact wt_save_int_callee_save. + apply wt_fold_right. exact wt_save_float_callee_save. + auto. +Qed. + +Lemma wt_restore_callee_save: + forall k, + wt_instrs k -> wt_instrs (restore_callee_save fe k). +Proof. + intros. unfold restore_callee_save. + apply wt_fold_right. exact wt_restore_int_callee_save. + apply wt_fold_right. exact wt_restore_float_callee_save. + auto. +Qed. + +Lemma wt_transl_instr: + forall instr k, + Lineartyping.wt_instr f instr -> + wt_instrs k -> + wt_instrs (transl_instr fe instr k). +Proof. + intros. destruct instr; unfold transl_instr; inversion H. + (* getstack *) + destruct s; simpl in H3; apply wt_instrs_cons; auto; + constructor; auto. + (* setstack *) + destruct s; simpl in H3; simpl in H4. + apply wt_instrs_cons; auto. apply wt_Msetstack'. auto. + apply index_local_valid. auto. + auto. + apply wt_instrs_cons; auto. apply wt_Msetstack'. auto. + apply index_arg_valid. auto. + (* op, move *) + simpl. apply wt_instrs_cons. constructor; auto. auto. + (* op, undef *) + simpl. apply wt_instrs_cons. constructor. auto. + (* op, others *) + apply wt_instrs_cons; auto. + constructor. + destruct o; simpl; congruence. + destruct o; simpl; congruence. + rewrite H6. destruct o; reflexivity || congruence. + (* load *) + apply wt_instrs_cons; auto. + constructor; auto. + rewrite H4. destruct a; reflexivity. + (* store *) + apply wt_instrs_cons; auto. + constructor; auto. + rewrite H3. destruct a; reflexivity. + (* call *) + apply wt_instrs_cons; auto. + constructor; auto. + (* label *) + apply wt_instrs_cons; auto. + constructor. + (* goto *) + apply wt_instrs_cons; auto. + constructor; auto. + (* cond *) + apply wt_instrs_cons; auto. + constructor; auto. + (* return *) + apply wt_restore_callee_save. apply wt_instrs_cons. constructor. auto. +Qed. + +End TRANSL_FUNCTION. + +Lemma wt_transf_function: + forall f tf, + transf_function f = Some tf -> + Lineartyping.wt_function f -> + wt_function tf. +Proof. + intros. + generalize H; unfold transf_function. + case (zlt (Linear.fn_stacksize f) 0); intro. + intros; discriminate. + case (zlt (- Int.min_signed) (fe_size (make_env (function_bounds f)))); intro. + intros; discriminate. intro EQ. + generalize (unfold_transf_function f tf H); intro. + assert (fn_framesize tf = fe_size (make_env (function_bounds f))). + subst tf; reflexivity. + constructor. + change (wt_instrs (fn_code tf)). + rewrite H1; simpl; unfold transl_body. + apply wt_save_callee_save with tf; auto. + unfold transl_code. apply wt_fold_right. + intros. eapply wt_transl_instr; eauto. + red; intros. elim H3. + subst tf; simpl; auto. + rewrite H2. eapply size_pos; eauto. + rewrite H2. eapply size_no_overflow; eauto. +Qed. + +Lemma program_typing_preserved: + forall (p: Linear.program) (tp: Mach.program), + transf_program p = Some tp -> + Lineartyping.wt_program p -> + Machtyping.wt_program tp. +Proof. + intros; red; intros. + generalize (transform_partial_program_function transf_function p i f H H1). + intros [f0 [IN TRANSF]]. + apply wt_transf_function with f0; auto. + eapply H0; eauto. +Qed. diff --git a/backend/Tunneling.v b/backend/Tunneling.v new file mode 100644 index 00000000..9c3e82c4 --- /dev/null +++ b/backend/Tunneling.v @@ -0,0 +1,131 @@ +(** Branch tunneling (optimization of branches to branches). *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Values. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. +Require Import LTL. + +(** Branch tunneling shortens sequences of branches (with no intervening + computations) by rewriting the branch and conditional branch instructions + so that they jump directly to the end of the branch sequence. + For example: +<< + L1: goto L2; L1: goto L3; + L2; goto L3; becomes L2: goto L3; + L3: instr; L3: instr; + L4: if (cond) goto L1; L4: if (cond) goto L3; +>> + This optimization can be applied to several of our intermediate + languages. We choose to perform it on the [LTL] language, + after register allocation but before code linearization. + Register allocation can delete instructions (such as dead + computations or useless moves), therefore there are more + opportunities for tunneling after allocation than before. + Symmetrically, prior tunneling helps linearization to produce + better code, e.g. by revealing that some [goto] instructions are + dead code (as the "goto L3" in the example above). +*) + +Definition is_goto_block (b: option block) : option node := + match b with Some (Bgoto s) => Some s | _ => None end. + +(** [branch_target f pc] returns the node of the CFG that is at + the end of the branch sequence starting at [pc]. If the instruction + at [pc] is not a [goto], [pc] itself is returned. + The naive definition of [branch_target] is: +<< + branch_target f pc = branch_target f pc' if f(pc) = goto pc' + = pc otherwise +>> + However, this definition can fail to terminate if + the program can contain loops consisting only of branches, as in +<< + L1: goto L1; +>> + or +<< L1: goto L2; + L2: goto L1; +>> + Coq warns us of this fact by not accepting the definition + of [branch_target] above. + + The proper way to handle this problem is to detect [goto] cycles + in the control-flow graph. For simplicity, we just bound arbitrarily + the number of iterations performed by [branch_target], + never chasing more than 10 [goto] instructions. (This many + consecutive branches is rarely, if even, encountered.) + + For a sequence of more than 10 [goto] instructions, we can return + (as branch target) any of the labels of the [goto] instructions. + This is semantically correct in any case. However, the proof + is simpler if we return the label of the first [goto] in the sequence. +*) + +Fixpoint branch_target_rec (f: LTL.function) (pc: node) (count: nat) + {struct count} : option node := + match count with + | Datatypes.O => None + | Datatypes.S count' => + match is_goto_block f.(fn_code)!pc with + | Some s => branch_target_rec f s count' + | None => Some pc + end + end. + +Definition branch_target (f: LTL.function) (pc: node) := + match branch_target_rec f pc 10%nat with + | Some pc' => pc' + | None => pc + end. + +(** The tunneling optimization simply rewrites all LTL basic blocks, + replacing the destinations of the [Bgoto] and [Bcond] instructions + with their final target, as computed by [branch_target]. *) + +Fixpoint tunnel_block (f: LTL.function) (b: block) {struct b} : block := + match b with + | Bgetstack s r b => + Bgetstack s r (tunnel_block f b) + | Bsetstack r s b => + Bsetstack r s (tunnel_block f b) + | Bop op args res b => + Bop op args res (tunnel_block f b) + | Bload chunk addr args dst b => + Bload chunk addr args dst (tunnel_block f b) + | Bstore chunk addr args src b => + Bstore chunk addr args src (tunnel_block f b) + | Bcall sig ros b => + Bcall sig ros (tunnel_block f b) + | Bgoto s => + Bgoto (branch_target f s) + | Bcond cond args s1 s2 => + Bcond cond args (branch_target f s1) (branch_target f s2) + | Breturn => + Breturn + end. + +Lemma wf_tunneled_code: + forall (f: LTL.function), + let tc := PTree.map (fun pc b => tunnel_block f b) (fn_code f) in + forall (pc: node), Plt pc (Psucc (fn_entrypoint f)) \/ tc!pc = None. +Proof. + intros. elim (fn_code_wf f pc); intro. + left; auto. right; unfold tc. + rewrite PTree.gmap; unfold option_map; rewrite H; auto. +Qed. + +Definition tunnel_function (f: LTL.function) : LTL.function := + mkfunction + (fn_sig f) + (fn_stacksize f) + (PTree.map (fun pc b => tunnel_block f b) (fn_code f)) + (fn_entrypoint f) + (wf_tunneled_code f). + +Definition tunnel_program (p: LTL.program) : LTL.program := + transform_program tunnel_function p. + diff --git a/backend/Tunnelingproof.v b/backend/Tunnelingproof.v new file mode 100644 index 00000000..111d1d83 --- /dev/null +++ b/backend/Tunnelingproof.v @@ -0,0 +1,311 @@ +(** Correctness proof for the branch tunneling optimization. *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. +Require Import LTL. +Require Import Tunneling. + +(** * Properties of branch target computation *) + +Lemma is_goto_block_correct: + forall b s, + is_goto_block b = Some s -> b = Some (Bgoto s). +Proof. + unfold is_goto_block; intros. + destruct b. destruct b; discriminate || congruence. + discriminate. +Qed. + +Lemma branch_target_rec_1: + forall f pc n, + branch_target_rec f pc n = Some pc + \/ branch_target_rec f pc n = None + \/ exists pc', f.(fn_code)!pc = Some(Bgoto pc'). +Proof. + intros. destruct n; simpl. + right; left; auto. + caseEq (is_goto_block f.(fn_code)!pc); intros. + right; right. exists n0. apply is_goto_block_correct; auto. + left; auto. +Qed. + +Lemma branch_target_rec_2: + forall f n pc1 pc2 pc3, + f.(fn_code)!pc1 = Some (Bgoto pc2) -> + branch_target_rec f pc1 n = Some pc3 -> + branch_target_rec f pc2 n = Some pc3. +Proof. + induction n. + simpl. intros; discriminate. + intros pc1 pc2 pc3 ATpc1 H. simpl in H. + unfold is_goto_block in H; rewrite ATpc1 in H. + simpl. caseEq (is_goto_block f.(fn_code)!pc2); intros. + apply IHn with pc2. apply is_goto_block_correct; auto. auto. + destruct n; simpl in H. discriminate. rewrite H0 in H. auto. +Qed. + +(** The following lemma captures the property of [branch_target] + on which the proof of semantic preservation relies. *) + +Lemma branch_target_characterization: + forall f pc, + branch_target f pc = pc \/ + (exists pc', f.(fn_code)!pc = Some(Bgoto pc') + /\ branch_target f pc' = branch_target f pc). +Proof. + intros. unfold branch_target. + generalize (branch_target_rec_1 f pc 10%nat). + intros [A|[A|[pc' AT]]]. + rewrite A. left; auto. + rewrite A. left; auto. + caseEq (branch_target_rec f pc 10%nat). intros pcx BT. + right. exists pc'. split. auto. + rewrite (branch_target_rec_2 _ _ _ _ _ AT BT). auto. + intro. left; auto. +Qed. + +(** * Preservation of semantics *) + +Section PRESERVATION. + +Variable p: program. +Let tp := tunnel_program p. +Let ge := Genv.globalenv p. +Let tge := Genv.globalenv tp. + +Lemma functions_translated: + forall v f, + Genv.find_funct ge v = Some f -> + Genv.find_funct tge v = Some (tunnel_function f). +Proof (@Genv.find_funct_transf _ _ tunnel_function p). + +Lemma function_ptr_translated: + forall v f, + Genv.find_funct_ptr ge v = Some f -> + Genv.find_funct_ptr tge v = Some (tunnel_function f). +Proof (@Genv.find_funct_ptr_transf _ _ tunnel_function p). + +Lemma symbols_preserved: + forall id, + Genv.find_symbol tge id = Genv.find_symbol ge id. +Proof (@Genv.find_symbol_transf _ _ tunnel_function p). + +(** These are inversion lemmas, characterizing what happens in the LTL + semantics when executing [Bgoto] instructions or basic blocks. *) + +Lemma exec_instrs_Bgoto_inv: + forall sp b1 ls1 m1 b2 ls2 m2, + exec_instrs ge sp b1 ls1 m1 b2 ls2 m2 -> + forall s1, + b1 = Bgoto s1 -> b2 = b1 /\ ls2 = ls1 /\ m2 = m1. +Proof. + induction 1. + intros. tauto. + intros. subst b1. inversion H. + intros. generalize (IHexec_instrs1 s1 H1). intros [A [B C]]. + subst b2; subst rs2; subst m2. eauto. +Qed. + +Lemma exec_block_Bgoto_inv: + forall sp s ls1 m1 out ls2 m2, + exec_block ge sp (Bgoto s) ls1 m1 out ls2 m2 -> + out = Cont s /\ ls2 = ls1 /\ m2 = m1. +Proof. + intros. inversion H; + generalize (exec_instrs_Bgoto_inv _ _ _ _ _ _ _ H0 s (refl_equal _)); + intros [A [B C]]. + split. congruence. tauto. + discriminate. + discriminate. + discriminate. +Qed. + +Lemma exec_blocks_Bgoto_inv: + forall c sp pc1 ls1 m1 out ls2 m2 s, + exec_blocks ge c sp pc1 ls1 m1 out ls2 m2 -> + c!pc1 = Some (Bgoto s) -> + (out = Cont pc1 /\ ls2 = ls1 /\ m2 = m1) + \/ exec_blocks ge c sp s ls1 m1 out ls2 m2. +Proof. + induction 1; intros. + left; tauto. + assert (b = Bgoto s). congruence. subst b. + generalize (exec_block_Bgoto_inv _ _ _ _ _ _ _ H0). + intros [A [B C]]. subst out; subst rs'; subst m'. + right. apply exec_blocks_refl. + elim (IHexec_blocks1 H1). + intros [A [B C]]. + assert (pc2 = pc1). congruence. subst rs2; subst m2; subst pc2. + apply IHexec_blocks2; auto. + intro. right. apply exec_blocks_trans with pc2 rs2 m2; auto. +Qed. + +(** The following [exec_*_prop] predicates state the correctness + of the tunneling transformation: for each LTL execution + in the original code (of an instruction, a sequence of instructions, + a basic block, a sequence of basic blocks, etc), there exists + a similar LTL execution in the tunneled code. + + Note that only the control-flow is changed: the values of locations + and the memory states are identical in the original and transformed + codes. *) + +Definition tunnel_outcome (f: function) (out: outcome) := + match out with + | Cont pc => Cont (branch_target f pc) + | Return => Return + end. + +Definition exec_instr_prop + (sp: val) (b1: block) (ls1: locset) (m1: mem) + (b2: block) (ls2: locset) (m2: mem) : Prop := + forall f, + exec_instr tge sp (tunnel_block f b1) ls1 m1 + (tunnel_block f b2) ls2 m2. + +Definition exec_instrs_prop + (sp: val) (b1: block) (ls1: locset) (m1: mem) + (b2: block) (ls2: locset) (m2: mem) : Prop := + forall f, + exec_instrs tge sp (tunnel_block f b1) ls1 m1 + (tunnel_block f b2) ls2 m2. + +Definition exec_block_prop + (sp: val) (b1: block) (ls1: locset) (m1: mem) + (out: outcome) (ls2: locset) (m2: mem) : Prop := + forall f, + exec_block tge sp (tunnel_block f b1) ls1 m1 + (tunnel_outcome f out) ls2 m2. + +Definition tunneled_code (f: function) := + PTree.map (fun pc b => tunnel_block f b) (fn_code f). + +Definition exec_blocks_prop + (c: code) (sp: val) + (pc: node) (ls1: locset) (m1: mem) + (out: outcome) (ls2: locset) (m2: mem) : Prop := + forall f, + f.(fn_code) = c -> + exec_blocks tge (tunneled_code f) sp + (branch_target f pc) ls1 m1 + (tunnel_outcome f out) ls2 m2. + +Definition exec_function_prop + (f: function) (ls1: locset) (m1: mem) + (ls2: locset) (m2: mem) : Prop := + exec_function tge (tunnel_function f) ls1 m1 ls2 m2. + +Scheme exec_instr_ind5 := Minimality for LTL.exec_instr Sort Prop + with exec_instrs_ind5 := Minimality for LTL.exec_instrs Sort Prop + with exec_block_ind5 := Minimality for LTL.exec_block Sort Prop + with exec_blocks_ind5 := Minimality for LTL.exec_blocks Sort Prop + with exec_function_ind5 := Minimality for LTL.exec_function Sort Prop. + +(** The proof of semantic preservation is a structural induction + over the LTL evaluation derivation of the original program, + using the [exec_*_prop] predicates above as induction hypotheses. *) + +Lemma tunnel_function_correct: + forall f ls1 m1 ls2 m2, + exec_function ge f ls1 m1 ls2 m2 -> + exec_function_prop f ls1 m1 ls2 m2. +Proof. + apply (exec_function_ind5 ge + exec_instr_prop + exec_instrs_prop + exec_block_prop + exec_blocks_prop + exec_function_prop); + intros; red; intros; simpl. + (* getstack *) + constructor. + (* setstack *) + constructor. + (* op *) + constructor. rewrite <- H. apply eval_operation_preserved. + exact symbols_preserved. + (* load *) + apply exec_Bload with a. rewrite <- H. + apply eval_addressing_preserved. exact symbols_preserved. + auto. + (* store *) + apply exec_Bstore with a. rewrite <- H. + apply eval_addressing_preserved. exact symbols_preserved. + auto. + (* call *) + apply exec_Bcall with (tunnel_function f). + generalize H; unfold find_function; destruct ros. + intro. apply functions_translated; auto. + rewrite symbols_preserved. destruct (Genv.find_symbol ge i). + intro. apply function_ptr_translated; auto. congruence. + rewrite H0; reflexivity. + apply H2. + (* instr_refl *) + apply exec_refl. + (* instr_one *) + apply exec_one. apply H0. + (* instr_trans *) + apply exec_trans with (tunnel_block f b2) rs2 m2; auto. + (* goto *) + apply exec_Bgoto. red in H0. simpl in H0. apply H0. + (* cond, true *) + eapply exec_Bcond_true. red in H0. simpl in H0. apply H0. auto. + (* cond, false *) + eapply exec_Bcond_false. red in H0. simpl in H0. apply H0. auto. + (* return *) + apply exec_Breturn. red in H0. simpl in H0. apply H0. + (* block_refl *) + apply exec_blocks_refl. + (* block_one *) + red in H1. + elim (branch_target_characterization f pc). + intro. rewrite H3. apply exec_blocks_one with (tunnel_block f b). + unfold tunneled_code. rewrite PTree.gmap. rewrite H2; rewrite H. + reflexivity. apply H1. + intros [pc' [ATpc BTS]]. + assert (b = Bgoto pc'). congruence. subst b. + generalize (exec_block_Bgoto_inv _ _ _ _ _ _ _ H0). + intros [A [B C]]. subst out; subst rs'; subst m'. + simpl. rewrite BTS. apply exec_blocks_refl. + (* blocks_trans *) + apply exec_blocks_trans with (branch_target f pc2) rs2 m2. + exact (H0 f H3). exact (H2 f H3). + (* function *) + econstructor. eexact H. + change (fn_code (tunnel_function f)) with (tunneled_code f). + simpl. + elim (branch_target_characterization f (fn_entrypoint f)). + intro BT. rewrite <- BT. exact (H1 f (refl_equal _)). + intros [pc [ATpc BT]]. + apply exec_blocks_trans with + (branch_target f (fn_entrypoint f)) (call_regs rs) m1. + eapply exec_blocks_one. + unfold tunneled_code. rewrite PTree.gmap. rewrite ATpc. + simpl. reflexivity. + apply exec_Bgoto. rewrite BT. apply exec_refl. + exact (H1 f (refl_equal _)). +Qed. + +End PRESERVATION. + +Theorem transf_program_correct: + forall (p: program) (r: val), + exec_program p r -> + exec_program (tunnel_program p) r. +Proof. + intros p r [b [f [ls [m [FIND1 [FIND2 [SIG [EX RES]]]]]]]]. + red. exists b; exists (tunnel_function f); exists ls; exists m. + split. change (prog_main (tunnel_program p)) with (prog_main p). + rewrite <- FIND1. apply symbols_preserved. + split. apply function_ptr_translated. assumption. + split. rewrite <- SIG. reflexivity. + split. apply tunnel_function_correct. + unfold tunnel_program. rewrite Genv.init_mem_transf. auto. + exact RES. +Qed. diff --git a/backend/Tunnelingtyping.v b/backend/Tunnelingtyping.v new file mode 100644 index 00000000..29b74f12 --- /dev/null +++ b/backend/Tunnelingtyping.v @@ -0,0 +1,44 @@ +(** Type preservation for the Tunneling pass *) + +Require Import Coqlib. +Require Import Maps. +Require Import AST. +Require Import Values. +Require Import Mem. +Require Import Globalenvs. +Require Import Op. +Require Import Locations. +Require Import LTL. +Require Import LTLtyping. +Require Import Tunneling. + +(** Tunneling preserves typing. *) + +Lemma wt_tunnel_block: + forall f b, + wt_block f b -> + wt_block (tunnel_function f) (tunnel_block f b). +Proof. + induction 1; simpl; econstructor; eauto. +Qed. + +Lemma wt_tunnel_function: + forall f, wt_function f -> wt_function (tunnel_function f). +Proof. + unfold wt_function; intros until b. + simpl. rewrite PTree.gmap. unfold option_map. + caseEq (fn_code f)!pc. intros b0 AT EQ. + injection EQ; intros; subst b. + apply wt_tunnel_block. eauto. + intros; discriminate. +Qed. + +Lemma program_typing_preserved: + forall (p: LTL.program), + wt_program p -> wt_program (tunnel_program p). +Proof. + intros; red; intros. + generalize (transform_program_function tunnel_function p i f H0). + intros [f0 [IN TRANSF]]. + subst f. apply wt_tunnel_function. eauto. +Qed. diff --git a/backend/Values.v b/backend/Values.v new file mode 100644 index 00000000..aa59e045 --- /dev/null +++ b/backend/Values.v @@ -0,0 +1,888 @@ +(** This module defines the type of values that is used in the dynamic + semantics of all our intermediate languages. *) + +Require Import Coqlib. +Require Import AST. +Require Import Integers. +Require Import Floats. + +Definition block : Set := Z. +Definition eq_block := zeq. + +(** A value is either: +- a machine integer; +- a floating-point number; +- a pointer: a pair of a memory address and an integer offset with respect + to this address; +- the [Vundef] value denoting an arbitrary bit pattern, such as the + value of an uninitialized variable. +*) + +Inductive val: Set := + | Vundef: val + | Vint: int -> val + | Vfloat: float -> val + | Vptr: block -> int -> val. + +Definition Vzero: val := Vint Int.zero. +Definition Vone: val := Vint Int.one. +Definition Vmone: val := Vint Int.mone. + +Definition Vtrue: val := Vint Int.one. +Definition Vfalse: val := Vint Int.zero. + +(** The module [Val] defines a number of arithmetic and logical operations + over type [val]. Most of these operations are straightforward extensions + of the corresponding integer or floating-point operations. *) + +Module Val. + +Definition of_bool (b: bool): val := if b then Vtrue else Vfalse. + +Definition has_type (v: val) (t: typ) : Prop := + match v, t with + | Vundef, _ => True + | Vint _, Tint => True + | Vfloat _, Tfloat => True + | Vptr _ _, Tint => True + | _, _ => False + end. + +Fixpoint has_type_list (vl: list val) (tl: list typ) {struct vl} : Prop := + match vl, tl with + | nil, nil => True + | v1 :: vs, t1 :: ts => has_type v1 t1 /\ has_type_list vs ts + | _, _ => False + end. + +(** Truth values. Pointers and non-zero integers are treated as [True]. + The integer 0 (also used to represent the null pointer) is [False]. + [Vundef] and floats are neither true nor false. *) + +Definition is_true (v: val) : Prop := + match v with + | Vint n => n <> Int.zero + | Vptr b ofs => True + | _ => False + end. + +Definition is_false (v: val) : Prop := + match v with + | Vint n => n = Int.zero + | _ => False + end. + +Inductive bool_of_val: val -> bool -> Prop := + | bool_of_val_int_true: + forall n, n <> Int.zero -> bool_of_val (Vint n) true + | bool_of_val_int_false: + bool_of_val (Vint Int.zero) false + | bool_of_val_ptr: + forall b ofs, bool_of_val (Vptr b ofs) true. + +Definition neg (v: val) : val := + match v with + | Vint n => Vint (Int.neg n) + | _ => Vundef + end. + +Definition negf (v: val) : val := + match v with + | Vfloat f => Vfloat (Float.neg f) + | _ => Vundef + end. + +Definition absf (v: val) : val := + match v with + | Vfloat f => Vfloat (Float.abs f) + | _ => Vundef + end. + +Definition intoffloat (v: val) : val := + match v with + | Vfloat f => Vint (Float.intoffloat f) + | _ => Vundef + end. + +Definition floatofint (v: val) : val := + match v with + | Vint n => Vfloat (Float.floatofint n) + | _ => Vundef + end. + +Definition floatofintu (v: val) : val := + match v with + | Vint n => Vfloat (Float.floatofintu n) + | _ => Vundef + end. + +Definition notint (v: val) : val := + match v with + | Vint n => Vint (Int.xor n Int.mone) + | _ => Vundef + end. + +Definition notbool (v: val) : val := + match v with + | Vint n => of_bool (Int.eq n Int.zero) + | Vptr b ofs => Vfalse + | _ => Vundef + end. + +Definition cast8signed (v: val) : val := + match v with + | Vint n => Vint(Int.cast8signed n) + | _ => Vundef + end. + +Definition cast8unsigned (v: val) : val := + match v with + | Vint n => Vint(Int.cast8unsigned n) + | _ => Vundef + end. + +Definition cast16signed (v: val) : val := + match v with + | Vint n => Vint(Int.cast16signed n) + | _ => Vundef + end. + +Definition cast16unsigned (v: val) : val := + match v with + | Vint n => Vint(Int.cast16unsigned n) + | _ => Vundef + end. + +Definition singleoffloat (v: val) : val := + match v with + | Vfloat f => Vfloat(Float.singleoffloat f) + | _ => Vundef + end. + +Definition add (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => Vint(Int.add n1 n2) + | Vptr b1 ofs1, Vint n2 => Vptr b1 (Int.add ofs1 n2) + | Vint n1, Vptr b2 ofs2 => Vptr b2 (Int.add ofs2 n1) + | _, _ => Vundef + end. + +Definition sub (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => Vint(Int.sub n1 n2) + | Vptr b1 ofs1, Vint n2 => Vptr b1 (Int.sub ofs1 n2) + | Vptr b1 ofs1, Vptr b2 ofs2 => + if zeq b1 b2 then Vint(Int.sub ofs1 ofs2) else Vundef + | _, _ => Vundef + end. + +Definition mul (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => Vint(Int.mul n1 n2) + | _, _ => Vundef + end. + +Definition divs (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => + if Int.eq n2 Int.zero then Vundef else Vint(Int.divs n1 n2) + | _, _ => Vundef + end. + +Definition mods (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => + if Int.eq n2 Int.zero then Vundef else Vint(Int.mods n1 n2) + | _, _ => Vundef + end. + +Definition divu (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => + if Int.eq n2 Int.zero then Vundef else Vint(Int.divu n1 n2) + | _, _ => Vundef + end. + +Definition modu (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => + if Int.eq n2 Int.zero then Vundef else Vint(Int.modu n1 n2) + | _, _ => Vundef + end. + +Definition and (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => Vint(Int.and n1 n2) + | _, _ => Vundef + end. + +Definition or (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => Vint(Int.or n1 n2) + | _, _ => Vundef + end. + +Definition xor (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => Vint(Int.xor n1 n2) + | _, _ => Vundef + end. + +Definition shl (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => + if Int.ltu n2 (Int.repr 32) + then Vint(Int.shl n1 n2) + else Vundef + | _, _ => Vundef + end. + +Definition shr (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => + if Int.ltu n2 (Int.repr 32) + then Vint(Int.shr n1 n2) + else Vundef + | _, _ => Vundef + end. + +Definition shr_carry (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => + if Int.ltu n2 (Int.repr 32) + then Vint(Int.shr_carry n1 n2) + else Vundef + | _, _ => Vundef + end. + +Definition shrx (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => + if Int.ltu n2 (Int.repr 32) + then Vint(Int.shrx n1 n2) + else Vundef + | _, _ => Vundef + end. + +Definition shru (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => + if Int.ltu n2 (Int.repr 32) + then Vint(Int.shru n1 n2) + else Vundef + | _, _ => Vundef + end. + +Definition rolm (v: val) (amount mask: int): val := + match v with + | Vint n => Vint(Int.rolm n amount mask) + | _ => Vundef + end. + +Definition addf (v1 v2: val): val := + match v1, v2 with + | Vfloat f1, Vfloat f2 => Vfloat(Float.add f1 f2) + | _, _ => Vundef + end. + +Definition subf (v1 v2: val): val := + match v1, v2 with + | Vfloat f1, Vfloat f2 => Vfloat(Float.sub f1 f2) + | _, _ => Vundef + end. + +Definition mulf (v1 v2: val): val := + match v1, v2 with + | Vfloat f1, Vfloat f2 => Vfloat(Float.mul f1 f2) + | _, _ => Vundef + end. + +Definition divf (v1 v2: val): val := + match v1, v2 with + | Vfloat f1, Vfloat f2 => Vfloat(Float.div f1 f2) + | _, _ => Vundef + end. + +Definition cmp_mismatch (c: comparison): val := + match c with + | Ceq => Vfalse + | Cne => Vtrue + | _ => Vundef + end. + +Definition cmp (c: comparison) (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => of_bool (Int.cmp c n1 n2) + | Vint n1, Vptr b2 ofs2 => + if Int.eq n1 Int.zero then cmp_mismatch c else Vundef + | Vptr b1 ofs1, Vptr b2 ofs2 => + if zeq b1 b2 + then of_bool (Int.cmp c ofs1 ofs2) + else cmp_mismatch c + | Vptr b1 ofs1, Vint n2 => + if Int.eq n2 Int.zero then cmp_mismatch c else Vundef + | _, _ => Vundef + end. + +Definition cmpu (c: comparison) (v1 v2: val): val := + match v1, v2 with + | Vint n1, Vint n2 => + of_bool (Int.cmpu c n1 n2) + | Vint n1, Vptr b2 ofs2 => + if Int.eq n1 Int.zero then cmp_mismatch c else Vundef + | Vptr b1 ofs1, Vptr b2 ofs2 => + if zeq b1 b2 + then of_bool (Int.cmpu c ofs1 ofs2) + else cmp_mismatch c + | Vptr b1 ofs1, Vint n2 => + if Int.eq n2 Int.zero then cmp_mismatch c else Vundef + | _, _ => Vundef + end. + +Definition cmpf (c: comparison) (v1 v2: val): val := + match v1, v2 with + | Vfloat f1, Vfloat f2 => of_bool (Float.cmp c f1 f2) + | _, _ => Vundef + end. + +(** [load_result] is used in the memory model (library [Mem]) + to post-process the results of a memory read. For instance, + consider storing the integer value [0xFFF] on 1 byte at a + given address, and reading it back. If it is read back with + chunk [Mint8unsigned], zero-extension must be performed, resulting + in [0xFF]. If it is read back as a [Mint8signed], sign-extension + is performed and [0xFFFFFFFF] is returned. Type mismatches + (e.g. reading back a float as a [Mint32]) read back as [Vundef]. *) + +Definition load_result (chunk: memory_chunk) (v: val) := + match chunk, v with + | Mint8signed, Vint n => Vint (Int.cast8signed n) + | Mint8unsigned, Vint n => Vint (Int.cast8unsigned n) + | Mint16signed, Vint n => Vint (Int.cast16signed n) + | Mint16unsigned, Vint n => Vint (Int.cast16unsigned n) + | Mint32, Vint n => Vint n + | Mint32, Vptr b ofs => Vptr b ofs + | Mfloat32, Vfloat f => Vfloat(Float.singleoffloat f) + | Mfloat64, Vfloat f => Vfloat f + | _, _ => Vundef + end. + +(** Theorems on arithmetic operations. *) + +Theorem cast8unsigned_and: + forall x, cast8unsigned x = and x (Vint(Int.repr 255)). +Proof. + destruct x; simpl; auto. decEq. apply Int.cast8unsigned_and. +Qed. + +Theorem cast16unsigned_and: + forall x, cast16unsigned x = and x (Vint(Int.repr 65535)). +Proof. + destruct x; simpl; auto. decEq. apply Int.cast16unsigned_and. +Qed. + +Theorem istrue_not_isfalse: + forall v, is_false v -> is_true (notbool v). +Proof. + destruct v; simpl; try contradiction. + intros. subst i. simpl. discriminate. +Qed. + +Theorem isfalse_not_istrue: + forall v, is_true v -> is_false (notbool v). +Proof. + destruct v; simpl; try contradiction. + intros. generalize (Int.eq_spec i Int.zero). + case (Int.eq i Int.zero); intro. + contradiction. simpl. auto. + auto. +Qed. + +Theorem bool_of_true_val: + forall v, is_true v -> bool_of_val v true. +Proof. + intro. destruct v; simpl; intros; try contradiction. + constructor; auto. constructor. +Qed. + +Theorem bool_of_true_val2: + forall v, bool_of_val v true -> is_true v. +Proof. + intros. inversion H; simpl; auto. +Qed. + +Theorem bool_of_true_val_inv: + forall v b, is_true v -> bool_of_val v b -> b = true. +Proof. + intros. inversion H0; subst v b; simpl in H; auto. +Qed. + +Theorem bool_of_false_val: + forall v, is_false v -> bool_of_val v false. +Proof. + intro. destruct v; simpl; intros; try contradiction. + subst i; constructor. +Qed. + +Theorem bool_of_false_val2: + forall v, bool_of_val v false -> is_false v. +Proof. + intros. inversion H; simpl; auto. +Qed. + +Theorem bool_of_false_val_inv: + forall v b, is_false v -> bool_of_val v b -> b = false. +Proof. + intros. inversion H0; subst v b; simpl in H. + congruence. auto. contradiction. +Qed. + +Theorem notbool_negb_1: + forall b, of_bool (negb b) = notbool (of_bool b). +Proof. + destruct b; reflexivity. +Qed. + +Theorem notbool_negb_2: + forall b, of_bool b = notbool (of_bool (negb b)). +Proof. + destruct b; reflexivity. +Qed. + +Theorem notbool_idem2: + forall b, notbool(notbool(of_bool b)) = of_bool b. +Proof. + destruct b; reflexivity. +Qed. + +Theorem notbool_idem3: + forall x, notbool(notbool(notbool x)) = notbool x. +Proof. + destruct x; simpl; auto. + case (Int.eq i Int.zero); reflexivity. +Qed. + +Theorem add_commut: forall x y, add x y = add y x. +Proof. + destruct x; destruct y; simpl; auto. + decEq. apply Int.add_commut. +Qed. + +Theorem add_assoc: forall x y z, add (add x y) z = add x (add y z). +Proof. + destruct x; destruct y; destruct z; simpl; auto. + rewrite Int.add_assoc; auto. + rewrite Int.add_assoc; auto. + decEq. decEq. apply Int.add_commut. + decEq. rewrite Int.add_commut. rewrite <- Int.add_assoc. + decEq. apply Int.add_commut. + decEq. rewrite Int.add_assoc. auto. +Qed. + +Theorem add_permut: forall x y z, add x (add y z) = add y (add x z). +Proof. + intros. rewrite (add_commut y z). rewrite <- add_assoc. apply add_commut. +Qed. + +Theorem add_permut_4: + forall x y z t, add (add x y) (add z t) = add (add x z) (add y t). +Proof. + intros. rewrite add_permut. rewrite add_assoc. + rewrite add_permut. symmetry. apply add_assoc. +Qed. + +Theorem neg_zero: neg Vzero = Vzero. +Proof. + reflexivity. +Qed. + +Theorem neg_add_distr: forall x y, neg(add x y) = add (neg x) (neg y). +Proof. + destruct x; destruct y; simpl; auto. decEq. apply Int.neg_add_distr. +Qed. + +Theorem sub_zero_r: forall x, sub Vzero x = neg x. +Proof. + destruct x; simpl; auto. +Qed. + +Theorem sub_add_opp: forall x y, sub x (Vint y) = add x (Vint (Int.neg y)). +Proof. + destruct x; intro y; simpl; auto; rewrite Int.sub_add_opp; auto. +Qed. + +Theorem sub_add_l: + forall v1 v2 i, sub (add v1 (Vint i)) v2 = add (sub v1 v2) (Vint i). +Proof. + destruct v1; destruct v2; intros; simpl; auto. + rewrite Int.sub_add_l. auto. + rewrite Int.sub_add_l. auto. + case (zeq b b0); intro. rewrite Int.sub_add_l. auto. reflexivity. +Qed. + +Theorem sub_add_r: + forall v1 v2 i, sub v1 (add v2 (Vint i)) = add (sub v1 v2) (Vint (Int.neg i)). +Proof. + destruct v1; destruct v2; intros; simpl; auto. + rewrite Int.sub_add_r. auto. + repeat rewrite Int.sub_add_opp. decEq. + repeat rewrite Int.add_assoc. decEq. apply Int.add_commut. + decEq. repeat rewrite Int.sub_add_opp. + rewrite Int.add_assoc. decEq. apply Int.neg_add_distr. + case (zeq b b0); intro. simpl. decEq. + repeat rewrite Int.sub_add_opp. rewrite Int.add_assoc. decEq. + apply Int.neg_add_distr. + reflexivity. +Qed. + +Theorem mul_commut: forall x y, mul x y = mul y x. +Proof. + destruct x; destruct y; simpl; auto. decEq. apply Int.mul_commut. +Qed. + +Theorem mul_assoc: forall x y z, mul (mul x y) z = mul x (mul y z). +Proof. + destruct x; destruct y; destruct z; simpl; auto. + decEq. apply Int.mul_assoc. +Qed. + +Theorem mul_add_distr_l: + forall x y z, mul (add x y) z = add (mul x z) (mul y z). +Proof. + destruct x; destruct y; destruct z; simpl; auto. + decEq. apply Int.mul_add_distr_l. +Qed. + + +Theorem mul_add_distr_r: + forall x y z, mul x (add y z) = add (mul x y) (mul x z). +Proof. + destruct x; destruct y; destruct z; simpl; auto. + decEq. apply Int.mul_add_distr_r. +Qed. + +Theorem mul_pow2: + forall x n logn, + Int.is_power2 n = Some logn -> + mul x (Vint n) = shl x (Vint logn). +Proof. + intros; destruct x; simpl; auto. + change 32 with (Z_of_nat wordsize). + rewrite (Int.is_power2_range _ _ H). decEq. apply Int.mul_pow2. auto. +Qed. + +Theorem mods_divs: + forall x y, mods x y = sub x (mul (divs x y) y). +Proof. + destruct x; destruct y; simpl; auto. + case (Int.eq i0 Int.zero); simpl. auto. decEq. apply Int.mods_divs. +Qed. + +Theorem modu_divu: + forall x y, modu x y = sub x (mul (divu x y) y). +Proof. + destruct x; destruct y; simpl; auto. + generalize (Int.eq_spec i0 Int.zero); + case (Int.eq i0 Int.zero); simpl. auto. + intro. decEq. apply Int.modu_divu. auto. +Qed. + +Theorem divs_pow2: + forall x n logn, + Int.is_power2 n = Some logn -> + divs x (Vint n) = shrx x (Vint logn). +Proof. + intros; destruct x; simpl; auto. + change 32 with (Z_of_nat wordsize). + rewrite (Int.is_power2_range _ _ H). + generalize (Int.eq_spec n Int.zero); + case (Int.eq n Int.zero); intro. + subst n. compute in H. discriminate. + decEq. apply Int.divs_pow2. auto. +Qed. + +Theorem divu_pow2: + forall x n logn, + Int.is_power2 n = Some logn -> + divu x (Vint n) = shru x (Vint logn). +Proof. + intros; destruct x; simpl; auto. + change 32 with (Z_of_nat wordsize). + rewrite (Int.is_power2_range _ _ H). + generalize (Int.eq_spec n Int.zero); + case (Int.eq n Int.zero); intro. + subst n. compute in H. discriminate. + decEq. apply Int.divu_pow2. auto. +Qed. + +Theorem modu_pow2: + forall x n logn, + Int.is_power2 n = Some logn -> + modu x (Vint n) = and x (Vint (Int.sub n Int.one)). +Proof. + intros; destruct x; simpl; auto. + generalize (Int.eq_spec n Int.zero); + case (Int.eq n Int.zero); intro. + subst n. compute in H. discriminate. + decEq. eapply Int.modu_and; eauto. +Qed. + +Theorem and_commut: forall x y, and x y = and y x. +Proof. + destruct x; destruct y; simpl; auto. decEq. apply Int.and_commut. +Qed. + +Theorem and_assoc: forall x y z, and (and x y) z = and x (and y z). +Proof. + destruct x; destruct y; destruct z; simpl; auto. + decEq. apply Int.and_assoc. +Qed. + +Theorem or_commut: forall x y, or x y = or y x. +Proof. + destruct x; destruct y; simpl; auto. decEq. apply Int.or_commut. +Qed. + +Theorem or_assoc: forall x y z, or (or x y) z = or x (or y z). +Proof. + destruct x; destruct y; destruct z; simpl; auto. + decEq. apply Int.or_assoc. +Qed. + +Theorem xor_commut: forall x y, xor x y = xor y x. +Proof. + destruct x; destruct y; simpl; auto. decEq. apply Int.xor_commut. +Qed. + +Theorem xor_assoc: forall x y z, xor (xor x y) z = xor x (xor y z). +Proof. + destruct x; destruct y; destruct z; simpl; auto. + decEq. apply Int.xor_assoc. +Qed. + +Theorem shl_mul: forall x y, Val.mul x (Val.shl Vone y) = Val.shl x y. +Proof. + destruct x; destruct y; simpl; auto. + case (Int.ltu i0 (Int.repr 32)); auto. + decEq. symmetry. apply Int.shl_mul. +Qed. + +Theorem shl_rolm: + forall x n, + Int.ltu n (Int.repr 32) = true -> + shl x (Vint n) = rolm x n (Int.shl Int.mone n). +Proof. + intros; destruct x; simpl; auto. + rewrite H. decEq. apply Int.shl_rolm. exact H. +Qed. + +Theorem shru_rolm: + forall x n, + Int.ltu n (Int.repr 32) = true -> + shru x (Vint n) = rolm x (Int.sub (Int.repr 32) n) (Int.shru Int.mone n). +Proof. + intros; destruct x; simpl; auto. + rewrite H. decEq. apply Int.shru_rolm. exact H. +Qed. + +Theorem shrx_carry: + forall x y, + add (shr x y) (shr_carry x y) = shrx x y. +Proof. + destruct x; destruct y; simpl; auto. + case (Int.ltu i0 (Int.repr 32)); auto. + simpl. decEq. apply Int.shrx_carry. +Qed. + +Theorem or_rolm: + forall x n m1 m2, + or (rolm x n m1) (rolm x n m2) = rolm x n (Int.or m1 m2). +Proof. + intros; destruct x; simpl; auto. + decEq. apply Int.or_rolm. +Qed. + +Theorem rolm_rolm: + forall x n1 m1 n2 m2, + rolm (rolm x n1 m1) n2 m2 = + rolm x (Int.and (Int.add n1 n2) (Int.repr 31)) + (Int.and (Int.rol m1 n2) m2). +Proof. + intros; destruct x; simpl; auto. + decEq. + replace (Int.and (Int.add n1 n2) (Int.repr 31)) + with (Int.modu (Int.add n1 n2) (Int.repr 32)). + apply Int.rolm_rolm. + change (Int.repr 31) with (Int.sub (Int.repr 32) Int.one). + apply Int.modu_and with (Int.repr 5). reflexivity. +Qed. + +Theorem rolm_zero: + forall x m, + rolm x Int.zero m = and x (Vint m). +Proof. + intros; destruct x; simpl; auto. decEq. apply Int.rolm_zero. +Qed. + +Theorem addf_commut: forall x y, addf x y = addf y x. +Proof. + destruct x; destruct y; simpl; auto. decEq. apply Float.addf_commut. +Qed. + +Lemma negate_cmp_mismatch: + forall c, + cmp_mismatch (negate_comparison c) = notbool(cmp_mismatch c). +Proof. + destruct c; reflexivity. +Qed. + +Theorem negate_cmp: + forall c x y, + cmp (negate_comparison c) x y = notbool (cmp c x y). +Proof. + destruct x; destruct y; simpl; auto. + rewrite Int.negate_cmp. apply notbool_negb_1. + case (Int.eq i Int.zero). apply negate_cmp_mismatch. reflexivity. + case (Int.eq i0 Int.zero). apply negate_cmp_mismatch. reflexivity. + case (zeq b b0); intro. + rewrite Int.negate_cmp. apply notbool_negb_1. + apply negate_cmp_mismatch. +Qed. + +Theorem negate_cmpu: + forall c x y, + cmpu (negate_comparison c) x y = notbool (cmpu c x y). +Proof. + destruct x; destruct y; simpl; auto. + rewrite Int.negate_cmpu. apply notbool_negb_1. + case (Int.eq i Int.zero). apply negate_cmp_mismatch. reflexivity. + case (Int.eq i0 Int.zero). apply negate_cmp_mismatch. reflexivity. + case (zeq b b0); intro. + rewrite Int.negate_cmpu. apply notbool_negb_1. + apply negate_cmp_mismatch. +Qed. + +Lemma swap_cmp_mismatch: + forall c, cmp_mismatch (swap_comparison c) = cmp_mismatch c. +Proof. + destruct c; reflexivity. +Qed. + +Theorem swap_cmp: + forall c x y, + cmp (swap_comparison c) x y = cmp c y x. +Proof. + destruct x; destruct y; simpl; auto. + rewrite Int.swap_cmp. auto. + case (Int.eq i Int.zero). apply swap_cmp_mismatch. auto. + case (Int.eq i0 Int.zero). apply swap_cmp_mismatch. auto. + case (zeq b b0); intro. + subst b0. rewrite zeq_true. rewrite Int.swap_cmp. auto. + rewrite zeq_false. apply swap_cmp_mismatch. auto. +Qed. + +Theorem swap_cmpu: + forall c x y, + cmpu (swap_comparison c) x y = cmpu c y x. +Proof. + destruct x; destruct y; simpl; auto. + rewrite Int.swap_cmpu. auto. + case (Int.eq i Int.zero). apply swap_cmp_mismatch. auto. + case (Int.eq i0 Int.zero). apply swap_cmp_mismatch. auto. + case (zeq b b0); intro. + subst b0. rewrite zeq_true. rewrite Int.swap_cmpu. auto. + rewrite zeq_false. apply swap_cmp_mismatch. auto. +Qed. + +Theorem negate_cmpf_eq: + forall v1 v2, notbool (cmpf Cne v1 v2) = cmpf Ceq v1 v2. +Proof. + destruct v1; destruct v2; simpl; auto. + rewrite Float.cmp_ne_eq. rewrite notbool_negb_1. + apply notbool_idem2. +Qed. + +Lemma or_of_bool: + forall b1 b2, or (of_bool b1) (of_bool b2) = of_bool (b1 || b2). +Proof. + destruct b1; destruct b2; reflexivity. +Qed. + +Theorem cmpf_le: + forall v1 v2, cmpf Cle v1 v2 = or (cmpf Clt v1 v2) (cmpf Ceq v1 v2). +Proof. + destruct v1; destruct v2; simpl; auto. + rewrite or_of_bool. decEq. apply Float.cmp_le_lt_eq. +Qed. + +Theorem cmpf_ge: + forall v1 v2, cmpf Cge v1 v2 = or (cmpf Cgt v1 v2) (cmpf Ceq v1 v2). +Proof. + destruct v1; destruct v2; simpl; auto. + rewrite or_of_bool. decEq. apply Float.cmp_ge_gt_eq. +Qed. + +Definition is_bool (v: val) := + v = Vundef \/ v = Vtrue \/ v = Vfalse. + +Lemma of_bool_is_bool: + forall b, is_bool (of_bool b). +Proof. + destruct b; unfold is_bool; simpl; tauto. +Qed. + +Lemma undef_is_bool: is_bool Vundef. +Proof. + unfold is_bool; tauto. +Qed. + +Lemma cmp_mismatch_is_bool: + forall c, is_bool (cmp_mismatch c). +Proof. + destruct c; simpl; unfold is_bool; tauto. +Qed. + +Lemma cmp_is_bool: + forall c v1 v2, is_bool (cmp c v1 v2). +Proof. + destruct v1; destruct v2; simpl; try apply undef_is_bool. + apply of_bool_is_bool. + case (Int.eq i Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool. + case (Int.eq i0 Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool. + case (zeq b b0); intro. apply of_bool_is_bool. apply cmp_mismatch_is_bool. +Qed. + +Lemma cmpu_is_bool: + forall c v1 v2, is_bool (cmpu c v1 v2). +Proof. + destruct v1; destruct v2; simpl; try apply undef_is_bool. + apply of_bool_is_bool. + case (Int.eq i Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool. + case (Int.eq i0 Int.zero). apply cmp_mismatch_is_bool. apply undef_is_bool. + case (zeq b b0); intro. apply of_bool_is_bool. apply cmp_mismatch_is_bool. +Qed. + +Lemma cmpf_is_bool: + forall c v1 v2, is_bool (cmpf c v1 v2). +Proof. + destruct v1; destruct v2; simpl; + apply undef_is_bool || apply of_bool_is_bool. +Qed. + +Lemma notbool_is_bool: + forall v, is_bool (notbool v). +Proof. + destruct v; simpl. + apply undef_is_bool. apply of_bool_is_bool. + apply undef_is_bool. unfold is_bool; tauto. +Qed. + +Lemma notbool_xor: + forall v, is_bool v -> v = xor (notbool v) Vone. +Proof. + intros. elim H; intro. + subst v. reflexivity. + elim H0; intro; subst v; reflexivity. +Qed. + +End Val. diff --git a/caml/Allocationaux.ml b/caml/Allocationaux.ml new file mode 100644 index 00000000..8e4f3284 --- /dev/null +++ b/caml/Allocationaux.ml @@ -0,0 +1,39 @@ +open Camlcoq +open Datatypes +open List +open AST +open Locations + +type status = To_move | Being_moved | Moved + +let parallel_move_order lsrc ldst = + let src = array_of_coqlist lsrc + and dst = array_of_coqlist ldst in + let n = Array.length src in + let status = Array.make n To_move in + let moves = ref Coq_nil in + let rec move_one i = + if src.(i) <> dst.(i) then begin + status.(i) <- Being_moved; + for j = 0 to n - 1 do + if src.(j) = dst.(i) then + match status.(j) with + To_move -> + move_one j + | Being_moved -> + let tmp = + match Loc.coq_type src.(j) with + | Tint -> R IT2 + | Tfloat -> R FT2 in + moves := Coq_cons (Coq_pair(src.(j), tmp), !moves); + src.(j) <- tmp + | Moved -> + () + done; + moves := Coq_cons(Coq_pair(src.(i), dst.(i)), !moves); + status.(i) <- Moved + end in + for i = 0 to n - 1 do + if status.(i) = To_move then move_one i + done; + List.rev !moves diff --git a/caml/Allocationaux.mli b/caml/Allocationaux.mli new file mode 100644 index 00000000..0cf3b944 --- /dev/null +++ b/caml/Allocationaux.mli @@ -0,0 +1,5 @@ +open Datatypes +open List +open Locations + +val parallel_move_order: loc list -> loc list -> (loc, loc) prod list diff --git a/caml/CMlexer.mli b/caml/CMlexer.mli new file mode 100644 index 00000000..573c5305 --- /dev/null +++ b/caml/CMlexer.mli @@ -0,0 +1,4 @@ +(* $Id: CMlexer.mli,v 1.1 2005/01/21 13:11:07 xleroy Exp $ *) + +val token: Lexing.lexbuf -> CMparser.token +exception Error of string diff --git a/caml/CMlexer.mll b/caml/CMlexer.mll new file mode 100644 index 00000000..b8d3ae74 --- /dev/null +++ b/caml/CMlexer.mll @@ -0,0 +1,112 @@ +(* $Id: CMlexer.mll,v 1.3 2005/03/21 15:53:00 xleroy Exp $ *) + +{ +open Camlcoq +open CMparser +exception Error of string +} + +let blank = [' ' '\009' '\012' '\010' '\013'] +let floatlit = + ['0'-'9'] ['0'-'9' '_']* + ('.' ['0'-'9' '_']* )? + (['e' 'E'] ['+' '-']? ['0'-'9'] ['0'-'9' '_']*)? +let ident = ['A'-'Z' 'a'-'z' '_'] ['A'-'Z' 'a'-'z' '_' '0'-'9']* +let intlit = "-"? ( ['0'-'9']+ | "0x" ['0'-'9' 'a'-'f' 'A'-'F']+ + | "0o" ['0'-'7']+ | "0b" ['0'-'1']+ ) +let stringlit = "\"" [ ^ '"' ] * '"' + +rule token = parse + | blank + { token lexbuf } + | "/*" { comment lexbuf; token lexbuf } + | "absf" { ABSF } + | "&" { AMPERSAND } + | "&&" { AMPERSANDAMPERSAND } + | "!" { BANG } + | "!=" { BANGEQUAL } + | "!=f" { BANGEQUALF } + | "!=u" { BANGEQUALU } + | "|" { BAR } + | "||" { BARBAR } + | "^" { CARET } + | ":" { COLON } + | "," { COMMA } + | "$" { DOLLAR } + | "else" { ELSE } + | "=" { EQUAL } + | "==" { EQUALEQUAL } + | "==f" { EQUALEQUALF } + | "==u" { EQUALEQUALU } + | "exit" { EXIT } + | "float" { FLOAT } + | "float32" { FLOAT32 } + | "float64" { FLOAT64 } + | "floatofint" { FLOATOFINT } + | "floatofintu" { FLOATOFINTU } + | ">" { GREATER } + | ">f" { GREATERF } + | ">u" { GREATERU } + | ">=" { GREATEREQUAL } + | ">=f" { GREATEREQUALF } + | ">=u" { GREATEREQUALU } + | ">>" { GREATERGREATER } + | ">>u" { GREATERGREATERU } + | "if" { IF } + | "in" { IN } + | "int" { INT } + | "int16s" { INT16S } + | "int16u" { INT16U } + | "int32" { INT32 } + | "int8s" { INT8S } + | "int8u" { INT8U } + | "intoffloat" { INTOFFLOAT } + | "{" { LBRACE } + | "{{" { LBRACELBRACE } + | "[" { LBRACKET } + | "<" { LESS } + | "" { MINUSGREATER } + | "-f" { MINUSF } + | "%" { PERCENT } + | "%u" { PERCENTU } + | "+" { PLUS } + | "+f" { PLUSF } + | "?" { QUESTION } + | "}" { RBRACE } + | "}}" { RBRACERBRACE } + | "]" { RBRACKET } + | "return" { RETURN } + | ")" { RPAREN } + | ";" { SEMICOLON } + | "/" { SLASH } + | "/f" { SLASHF } + | "/u" { SLASHU } + | "stack" { STACK } + | "*" { STAR } + | "*f" { STARF } + | "switch" { SWITCH } + | "~" { TILDE } + | "var" { VAR } + | "void" { VOID } + + | intlit { INTLIT(Int32.of_string(Lexing.lexeme lexbuf)) } + | floatlit { FLOATLIT(float_of_string(Lexing.lexeme lexbuf)) } + | stringlit { let s = Lexing.lexeme lexbuf in + STRINGLIT(intern_string(String.sub s 1 (String.length s - 2))) } + | ident { IDENT(intern_string(Lexing.lexeme lexbuf)) } + | eof { EOF } + | _ { raise(Error("illegal character `" ^ Char.escaped (Lexing.lexeme_char lexbuf 0) ^ "'")) } + +and comment = parse + "*/" { () } + | eof { raise(Error "unterminated comment") } + | _ { comment lexbuf } diff --git a/caml/CMparser.mly b/caml/CMparser.mly new file mode 100644 index 00000000..0b19bce9 --- /dev/null +++ b/caml/CMparser.mly @@ -0,0 +1,327 @@ +/* $Id: CMparser.mly,v 1.2 2005/03/21 15:53:00 xleroy Exp $ */ + +%{ +open Datatypes +open List +open Camlcoq +open BinPos +open BinInt +open Integers +open AST +open Op +open Cminor + +let intconst n = + Eop(Ointconst(coqint_of_camlint n), Enil) + +let andbool e1 e2 = + Cmconstr.conditionalexpr e1 e2 (intconst 0l) +let orbool e1 e2 = + Cmconstr.conditionalexpr e1 (intconst 1l) e2 + +%} + +%token ABSF +%token AMPERSAND +%token AMPERSANDAMPERSAND +%token BANG +%token BANGEQUAL +%token BANGEQUALF +%token BANGEQUALU +%token BAR +%token BARBAR +%token CARET +%token COLON +%token COMMA +%token DOLLAR +%token ELSE +%token EQUAL +%token EQUALEQUAL +%token EQUALEQUALF +%token EQUALEQUALU +%token EOF +%token EXIT +%token FLOAT +%token FLOAT32 +%token FLOAT64 +%token FLOATLIT +%token FLOATOFINT +%token FLOATOFINTU +%token GREATER +%token GREATERF +%token GREATERU +%token GREATEREQUAL +%token GREATEREQUALF +%token GREATEREQUALU +%token GREATERGREATER +%token GREATERGREATERU +%token IDENT +%token IF +%token IN +%token INT +%token INT16S +%token INT16U +%token INT32 +%token INT8S +%token INT8U +%token INTLIT +%token INTOFFLOAT +%token LBRACE +%token LBRACELBRACE +%token LBRACKET +%token LESS +%token LESSU +%token LESSF +%token LESSEQUAL +%token LESSEQUALU +%token LESSEQUALF +%token LESSLESS +%token LET +%token LOOP +%token LPAREN +%token MINUS +%token MINUSF +%token MINUSGREATER +%token PERCENT +%token PERCENTU +%token PLUS +%token PLUSF +%token QUESTION +%token RBRACE +%token RBRACERBRACE +%token RBRACKET +%token RETURN +%token RPAREN +%token SEMICOLON +%token SLASH +%token SLASHF +%token SLASHU +%token STACK +%token STAR +%token STARF +%token STRINGLIT +%token SWITCH +%token TILDE +%token VAR +%token VOID + +/* Precedences from low to high */ + +%left COMMA +%left p_let +%right EQUAL +%right QUESTION COLON +%left BARBAR +%left AMPERSANDAMPERSAND +%left BAR +%left CARET +%left AMPERSAND +%left EQUALEQUAL BANGEQUAL LESS LESSEQUAL GREATER GREATEREQUAL EQUALEQUALU BANGEQUALU LESSU LESSEQUALU GREATERU GREATEREQUALU EQUALEQUALF BANGEQUALF LESSF LESSEQUALF GREATERF GREATEREQUALF +%left LESSLESS GREATERGREATER GREATERGREATERU +%left PLUS PLUSF MINUS MINUSF +%left STAR SLASH PERCENT STARF SLASHF SLASHU PERCENTU +%nonassoc BANG TILDE p_uminus ABSF INTOFFLOAT FLOATOFINT FLOATOFINTU INT8S INT8U INT16S INT16U FLOAT32 +%left LPAREN + +/* Entry point */ + +%start prog +%type prog + +%% + +/* Programs */ + +prog: + global_declarations proc_list EOF + { { prog_funct = List.rev $2; + prog_main = intern_string "main"; + prog_vars = List.rev $1; } } +; + +global_declarations: + /* empty */ { Coq_nil } + | global_declarations global_declaration { Coq_cons($2, $1) } +; + +global_declaration: + VAR STRINGLIT LBRACKET INTLIT RBRACKET { Coq_pair($2, z_of_camlint $4) } +; + +proc_list: + /* empty */ { Coq_nil } + | proc_list proc { Coq_cons($2, $1) } +; + +/* Procedures */ + +proc: + STRINGLIT LPAREN parameters RPAREN COLON signature + LBRACE + stack_declaration + var_declarations + stmt_list + RBRACE + { Coq_pair($1, + { fn_sig = $6; + fn_params = List.rev $3; + fn_vars = List.rev $9; + fn_stackspace = $8; + fn_body = $10 }) } +; + +signature: + type_ + { {sig_args = Coq_nil; sig_res = Some $1} } + | VOID + { {sig_args = Coq_nil; sig_res = None} } + | type_ MINUSGREATER signature + { let s = $3 in {s with sig_args = Coq_cons($1, s.sig_args)} } +; + +parameters: + /* empty */ { Coq_nil } + | parameter_list { $1 } +; + +parameter_list: + IDENT { Coq_cons($1, Coq_nil) } + | parameter_list COMMA IDENT { Coq_cons($3, $1) } +; + +stack_declaration: + /* empty */ { Z0 } + | STACK INTLIT { z_of_camlint $2 } +; + +var_declarations: + /* empty */ { Coq_nil } + | var_declarations var_declaration { List.app $2 $1 } +; + +var_declaration: + VAR parameter_list SEMICOLON { $2 } +; + +/* Statements */ + +stmt: + expr SEMICOLON { Sexpr $1 } + | IF LPAREN expr RPAREN stmts ELSE stmts { Cmconstr.ifthenelse $3 $5 $7 } + | IF LPAREN expr RPAREN stmts { Cmconstr.ifthenelse $3 $5 Snil } + | LOOP stmts { Sloop($2) } + | LBRACELBRACE stmts RBRACERBRACE { Sblock($2) } + | EXIT SEMICOLON { Sexit O } + | EXIT INTLIT SEMICOLON { Sexit (nat_of_camlint(Int32.pred $2)) } + | RETURN SEMICOLON { Sreturn None } + | RETURN expr SEMICOLON { Sreturn (Some $2) } +; + +stmts: + LBRACE stmt_list RBRACE { $2 } + | stmt { Scons($1, Snil) } +; + +stmt_list: + /* empty */ { Snil } + | stmt stmt_list { Scons($1, $2) } +; + +/* Expressions */ + +expr: + LPAREN expr RPAREN { $2 } + | IDENT { Evar $1 } + | IDENT EQUAL expr { Eassign($1, $3) } + | INTLIT { intconst $1 } + | FLOATLIT { Eop(Ofloatconst $1, Enil) } + | STRINGLIT { Eop(Oaddrsymbol($1, Int.zero), Enil) } + | AMPERSAND INTLIT { Eop(Oaddrstack(coqint_of_camlint $2), Enil) } + | MINUS expr %prec p_uminus { Cmconstr.negint $2 } + | MINUSF expr %prec p_uminus { Cmconstr.negfloat $2 } + | ABSF expr { Cmconstr.absfloat $2 } + | INTOFFLOAT expr { Cmconstr.intoffloat $2 } + | FLOATOFINT expr { Cmconstr.floatofint $2 } + | FLOATOFINTU expr { Cmconstr.floatofintu $2 } + | TILDE expr { Cmconstr.notint $2 } + | BANG expr { Cmconstr.notbool $2 } + | INT8S expr { Cmconstr.cast8signed $2 } + | INT8U expr { Cmconstr.cast8unsigned $2 } + | INT16S expr { Cmconstr.cast16signed $2 } + | INT16U expr { Cmconstr.cast16unsigned $2 } + | FLOAT32 expr { Cmconstr.singleoffloat $2 } + | expr PLUS expr { Cmconstr.add $1 $3 } + | expr MINUS expr { Cmconstr.sub $1 $3 } + | expr STAR expr { Cmconstr.mul $1 $3 } + | expr SLASH expr { Cmconstr.divs $1 $3 } + | expr PERCENT expr { Cmconstr.mods $1 $3 } + | expr SLASHU expr { Cmconstr.divu $1 $3 } + | expr PERCENTU expr { Cmconstr.modu $1 $3 } + | expr AMPERSAND expr { Cmconstr.coq_and $1 $3 } + | expr BAR expr { Cmconstr.coq_or $1 $3 } + | expr CARET expr { Cmconstr.xor $1 $3 } + | expr LESSLESS expr { Cmconstr.shl $1 $3 } + | expr GREATERGREATER expr { Cmconstr.shr $1 $3 } + | expr GREATERGREATERU expr { Cmconstr.shru $1 $3 } + | expr PLUSF expr { Cmconstr.addf $1 $3 } + | expr MINUSF expr { Cmconstr.subf $1 $3 } + | expr STARF expr { Cmconstr.mulf $1 $3 } + | expr SLASHF expr { Cmconstr.divf $1 $3 } + | expr EQUALEQUAL expr { Cmconstr.cmp Ceq $1 $3 } + | expr BANGEQUAL expr { Cmconstr.cmp Cne $1 $3 } + | expr LESS expr { Cmconstr.cmp Clt $1 $3 } + | expr LESSEQUAL expr { Cmconstr.cmp Cle $1 $3 } + | expr GREATER expr { Cmconstr.cmp Cgt $1 $3 } + | expr GREATEREQUAL expr { Cmconstr.cmp Cge $1 $3 } + | expr EQUALEQUALU expr { Cmconstr.cmpu Ceq $1 $3 } + | expr BANGEQUALU expr { Cmconstr.cmpu Cne $1 $3 } + | expr LESSU expr { Cmconstr.cmpu Clt $1 $3 } + | expr LESSEQUALU expr { Cmconstr.cmpu Cle $1 $3 } + | expr GREATERU expr { Cmconstr.cmpu Cgt $1 $3 } + | expr GREATEREQUALU expr { Cmconstr.cmpu Cge $1 $3 } + | expr EQUALEQUALF expr { Cmconstr.cmpf Ceq $1 $3 } + | expr BANGEQUALF expr { Cmconstr.cmpf Cne $1 $3 } + | expr LESSF expr { Cmconstr.cmpf Clt $1 $3 } + | expr LESSEQUALF expr { Cmconstr.cmpf Cle $1 $3 } + | expr GREATERF expr { Cmconstr.cmpf Cgt $1 $3 } + | expr GREATEREQUALF expr { Cmconstr.cmpf Cge $1 $3 } + | memory_chunk LBRACKET expr RBRACKET { Cmconstr.load $1 $3 } + | memory_chunk LBRACKET expr RBRACKET EQUAL expr + { Cmconstr.store $1 $3 $6 } + | expr LPAREN expr_list RPAREN COLON signature + { Ecall($6, $1, $3) } + | expr AMPERSANDAMPERSAND expr { andbool $1 $3 } + | expr BARBAR expr { orbool $1 $3 } + | expr QUESTION expr COLON expr { Cmconstr.conditionalexpr $1 $3 $5 } + | LET expr IN expr %prec p_let { Elet($2, $4) } + | DOLLAR INTLIT { Eletvar (nat_of_camlint $2) } +; + +expr_list: + /* empty */ { Enil } + | expr_list_1 { $1 } +; + +expr_list_1: + expr %prec COMMA { Econs($1, Enil) } + | expr COMMA expr_list_1 { Econs($1, $3) } +; + +memory_chunk: + INT8S { Mint8signed } + | INT8U { Mint8unsigned } + | INT16S { Mint16signed } + | INT16U { Mint16unsigned } + | INT32 { Mint32 } + | INT { Mint32 } + | FLOAT32 { Mfloat32 } + | FLOAT64 { Mfloat64 } + | FLOAT { Mfloat64 } +; + +/* Types */ + +type_: + INT { Tint } + | FLOAT { Tfloat } +; diff --git a/caml/Camlcoq.ml b/caml/Camlcoq.ml new file mode 100644 index 00000000..c3d96658 --- /dev/null +++ b/caml/Camlcoq.ml @@ -0,0 +1,98 @@ +(* Library of useful Caml <-> Coq conversions *) + +open Datatypes +open List +open BinPos +open BinInt + +(* Integers *) + +let rec camlint_of_positive = function + | Coq_xI p -> Int32.add (Int32.shift_left (camlint_of_positive p) 1) 1l + | Coq_xO p -> Int32.shift_left (camlint_of_positive p) 1 + | Coq_xH -> 1l + +let camlint_of_z = function + | Z0 -> 0l + | Zpos p -> camlint_of_positive p + | Zneg p -> Int32.neg (camlint_of_positive p) + +let camlint_of_coqint : Integers.int -> int32 = camlint_of_z + +let rec nat_of_camlint n = + assert (n >= 0l); + if n = 0l then O else S (nat_of_camlint (Int32.sub n 1l)) + +let rec positive_of_camlint n = + if n = 0l then assert false else + if n = 1l then Coq_xH else + if Int32.logand n 1l = 0l + then Coq_xO (positive_of_camlint (Int32.shift_right n 1)) + else Coq_xI (positive_of_camlint (Int32.shift_right n 1)) + +let z_of_camlint n = + if n = 0l then Z0 else + if n > 0l then Zpos (positive_of_camlint n) + else Zneg (positive_of_camlint (Int32.neg n)) + +let coqint_of_camlint : int32 -> Integers.int = z_of_camlint + +(* Strings *) + +let atom_of_string = (Hashtbl.create 17 : (string, positive) Hashtbl.t) +let string_of_atom = (Hashtbl.create 17 : (positive, string) Hashtbl.t) +let next_atom = ref Coq_xH + +let intern_string s = + try + Hashtbl.find atom_of_string s + with Not_found -> + let a = !next_atom in + next_atom := coq_Psucc !next_atom; + Hashtbl.add atom_of_string s a; + Hashtbl.add string_of_atom a s; + a + +let extern_atom a = + try + Hashtbl.find string_of_atom a + with Not_found -> + "" + +(* Lists *) + +let rec coqlist_iter f = function + Coq_nil -> () + | Coq_cons(a,l) -> f a; coqlist_iter f l + +(* Helpers *) + +let rec list_iter f = function + [] -> () + | a::l -> f a; list_iter f l + +let rec list_memq x = function + [] -> false + | a::l -> a == x || list_memq x l + +let rec list_exists p = function + [] -> false + | a::l -> p a || list_exists p l + +let rec list_filter p = function + [] -> [] + | x :: l -> if p x then x :: list_filter p l else list_filter p l + +let rec length_coqlist = function + | Coq_nil -> 0 + | Coq_cons (x, l) -> 1 + length_coqlist l + +let array_of_coqlist = function + | Coq_nil -> [||] + | Coq_cons(hd, tl) as l -> + let a = Array.create (length_coqlist l) hd in + let rec fill i = function + | Coq_nil -> a + | Coq_cons(hd, tl) -> a.(i) <- hd; fill (i + 1) tl in + fill 1 tl + diff --git a/caml/Coloringaux.ml b/caml/Coloringaux.ml new file mode 100644 index 00000000..f4f4bcd3 --- /dev/null +++ b/caml/Coloringaux.ml @@ -0,0 +1,615 @@ +open Camlcoq +open Datatypes +open BinPos +open BinInt +open AST +open Maps +open Registers +open Locations +open RTL +open RTLtyping +open InterfGraph +open Conventions + +(* George-Appel graph coloring *) + +(* \subsection{Internal representation of the interference graph} *) + +(* To implement George-Appel coloring, we first transform the representation + of the interference graph, switching to the following + imperative representation that is well suited to the coloring algorithm. *) + +(* Each node of the graph (i.e. each pseudo-register) is represented as + follows. *) + +type node = + { ident: reg; (*r register identifier *) + typ: typ; (*r its type *) + regclass: int; (*r identifier of register class *) + spillcost: float; (*r estimated cost of spilling *) + mutable adjlist: node list; (*r all nodes it interferes with *) + mutable degree: int; (*r number of adjacent nodes *) + mutable movelist: move list; (*r list of moves it is involved in *) + mutable alias: node option; (*r [Some n] if coalesced with [n] *) + mutable color: loc option; (*r chosen color *) + mutable nstate: nodestate; (*r in which set of nodes it is *) + mutable nprev: node; (*r for double linking *) + mutable nnext: node (*r for double linking *) + } + +(* These are the possible states for nodes. *) + +and nodestate = + | Colored + | Initial + | SimplifyWorklist + | FreezeWorklist + | SpillWorklist + | CoalescedNodes + | SelectStack + +(* Each move (i.e. wish to be put in the same location) is represented + as follows. *) + +and move = + { src: node; (*r source of the move *) + dst: node; (*r destination of the move *) + mutable mstate: movestate; (*r in which set of moves it is *) + mutable mprev: move; (*r for double linking *) + mutable mnext: move (*r for double linking *) + } + +(* These are the possible states for moves *) + +and movestate = + | CoalescedMoves + | ConstrainedMoves + | FrozenMoves + | WorklistMoves + | ActiveMoves + +(* The algorithm manipulates partitions of the nodes and of the moves + according to their states, frequently moving a node or a move from + a state to another, and frequently enumerating all nodes or all moves + of a given state. To support these operations efficiently, + nodes or moves having the same state are put into imperative doubly-linked + lists, allowing for constant-time insertion and removal, and linear-time + scanning. We now define the operations over these doubly-linked lists. *) + +module DLinkNode = struct + type t = node + let make state = + let rec empty = + { ident = Coq_xH; typ = Tint; regclass = 0; + adjlist = []; degree = 0; spillcost = 0.0; + movelist = []; alias = None; color = None; + nstate = state; nprev = empty; nnext = empty } + in empty + let dummy = make Colored + let clear dl = dl.nnext <- dl; dl.nprev <- dl + let notempty dl = dl.nnext != dl + let insert n dl = + n.nstate <- dl.nstate; + n.nnext <- dl.nnext; n.nprev <- dl; + dl.nnext.nprev <- n; dl.nnext <- n + let remove n dl = + assert (n.nstate = dl.nstate); + n.nnext.nprev <- n.nprev; n.nprev.nnext <- n.nnext + let move n dl1 dl2 = + remove n dl1; insert n dl2 + let pick dl = + let n = dl.nnext in remove n dl; n + let iter f dl = + let rec iter n = if n != dl then (f n; iter n.nnext) + in iter dl.nnext + let fold f dl accu = + let rec fold n accu = if n == dl then accu else fold n.nnext (f n accu) + in fold dl.nnext accu +end + +module DLinkMove = struct + type t = move + let make state = + let rec empty = + { src = DLinkNode.dummy; dst = DLinkNode.dummy; + mstate = state; mprev = empty; mnext = empty } + in empty + let dummy = make CoalescedMoves + let clear dl = dl.mnext <- dl; dl.mprev <- dl + let notempty dl = dl.mnext != dl + let insert m dl = + m.mstate <- dl.mstate; + m.mnext <- dl.mnext; m.mprev <- dl; + dl.mnext.mprev <- m; dl.mnext <- m + let remove m dl = + assert (m.mstate = dl.mstate); + m.mnext.mprev <- m.mprev; m.mprev.mnext <- m.mnext + let move m dl1 dl2 = + remove m dl1; insert m dl2 + let pick dl = + let m = dl.mnext in remove m dl; m + let iter f dl = + let rec iter m = if m != dl then (f m; iter m.mnext) + in iter dl.mnext + let fold f dl accu = + let rec fold m accu = if m == dl then accu else fold m.mnext (f m accu) + in fold dl.mnext accu +end + +(* \subsection{The George-Appel algorithm} *) + +(* Below is a straigthforward translation of the pseudo-code at the end + of the TOPLAS article by George and Appel. Two bugs were fixed + and are marked as such. Please refer to the article for explanations. *) + +(* Low-degree, non-move-related nodes *) +let simplifyWorklist = DLinkNode.make SimplifyWorklist + +(* Low-degree, move-related nodes *) +let freezeWorklist = DLinkNode.make FreezeWorklist + +(* High-degree nodes *) +let spillWorklist = DLinkNode.make SpillWorklist + +(* Nodes that have been coalesced *) +let coalescedNodes = DLinkNode.make CoalescedNodes + +(* Moves that have been coalesced *) +let coalescedMoves = DLinkMove.make CoalescedMoves + +(* Moves whose source and destination interfere *) +let constrainedMoves = DLinkMove.make ConstrainedMoves + +(* Moves that will no longer be considered for coalescing *) +let frozenMoves = DLinkMove.make FrozenMoves + +(* Moves enabled for possible coalescing *) +let worklistMoves = DLinkMove.make WorklistMoves + +(* Moves not yet ready for coalescing *) +let activeMoves = DLinkMove.make ActiveMoves + +(* Initialization of all global data structures *) + +let init() = + DLinkNode.clear simplifyWorklist; + DLinkNode.clear freezeWorklist; + DLinkNode.clear spillWorklist; + DLinkNode.clear coalescedNodes; + DLinkMove.clear coalescedMoves; + DLinkMove.clear frozenMoves; + DLinkMove.clear worklistMoves; + DLinkMove.clear activeMoves + +(* Determine if two nodes interfere *) + +let interfere n1 n2 = + if n1.degree < n2.degree + then list_memq n2 n1.adjlist + else list_memq n1 n2.adjlist + +(* Add an edge to the graph. Assume edge is not in graph already *) + +let addEdge n1 n2 = + n1.adjlist <- n2 :: n1.adjlist; + n1.degree <- 1 + n1.degree; + n2.adjlist <- n1 :: n2.adjlist; + n2.degree <- 1 + n2.degree + +(* Apply the given function to the relevant adjacent nodes of a node *) + +let iterAdjacent f n = + list_iter + (fun n -> + match n.nstate with + | SelectStack | CoalescedNodes -> () + | _ -> f n) + n.adjlist + +(* Determine the moves affecting a node *) + +let moveIsActiveOrWorklist m = + match m.mstate with + | ActiveMoves | WorklistMoves -> true + | _ -> false + +let nodeMoves n = + list_filter moveIsActiveOrWorklist n.movelist + +(* Determine whether a node is involved in a move *) + +let moveRelated n = + list_exists moveIsActiveOrWorklist n.movelist + +(*i +(* Check invariants *) + +let degreeInvariant n = + let c = ref 0 in + iterAdjacent (fun n -> incr c) n; + if !c <> n.degree then + fatal_error("degree invariant violated by " ^ name_of_node n) + +let simplifyWorklistInvariant n = + if n.degree < num_available_registers.(n.regclass) + && not (moveRelated n) + then () + else fatal_error("simplify worklist invariant violated by " ^ name_of_node n) + +let freezeWorklistInvariant n = + if n.degree < num_available_registers.(n.regclass) + && moveRelated n + then () + else fatal_error("freeze worklist invariant violated by " ^ name_of_node n) + +let spillWorklistInvariant n = + if n.degree >= num_available_registers.(n.regclass) + then () + else fatal_error("spill worklist invariant violated by " ^ name_of_node n) + +let checkInvariants () = + DLinkNode.iter + (fun n -> degreeInvariant n; simplifyWorklistInvariant n) + simplifyWorklist; + DLinkNode.iter + (fun n -> degreeInvariant n; freezeWorklistInvariant n) + freezeWorklist; + DLinkNode.iter + (fun n -> degreeInvariant n; spillWorklistInvariant n) + spillWorklist +i*) + +(* Register classes *) + +let class_of_type = function Tint -> 0 | Tfloat -> 1 + +let num_register_classes = 2 + +let caller_save_registers = [| + [| R3; R4; R5; R6; R7; R8; R9; R10 |]; + [| F1; F2; F3; F4; F5; F6; F7; F8; F9; F10 |] +|] + +let callee_save_registers = [| + [| R13; R14; R15; R16; R17; R18; R19; R20; R21; R22; + R23; R24; R25; R26; R27; R28; R29; R30; R31 |]; + [| F14; F15; F16; F17; F18; F19; F20; F21; F22; + F23; F24; F25; F26; F27; F28; F29; F30; F31 |] +|] + +let num_available_registers = + [| Array.length caller_save_registers.(0) + + Array.length callee_save_registers.(0); + Array.length caller_save_registers.(1) + + Array.length callee_save_registers.(1) |] + +(* Build the internal representation of the graph *) + +let nodeOfReg r typenv spillcosts = + let ty = typenv r in + { ident = r; typ = ty; regclass = class_of_type ty; + spillcost = (try float(Hashtbl.find spillcosts r) with Not_found -> 0.0); + adjlist = []; degree = 0; movelist = []; alias = None; + color = None; + nstate = Initial; + nprev = DLinkNode.dummy; nnext = DLinkNode.dummy } + +let nodeOfMreg mr = + let ty = mreg_type mr in + { ident = Coq_xH; typ = ty; regclass = class_of_type ty; + spillcost = 0.0; + adjlist = []; degree = 0; movelist = []; alias = None; + color = Some (R mr); + nstate = Colored; + nprev = DLinkNode.dummy; nnext = DLinkNode.dummy } + +let build g typenv spillcosts = + (* Associate an internal node to each pseudo-register and each location *) + let reg_mapping = Hashtbl.create 27 + and mreg_mapping = Hashtbl.create 27 in + let find_reg_node r = + try + Hashtbl.find reg_mapping r + with Not_found -> + let n = nodeOfReg r typenv spillcosts in + Hashtbl.add reg_mapping r n; + n + and find_mreg_node mr = + try + Hashtbl.find mreg_mapping mr + with Not_found -> + let n = nodeOfMreg mr in + Hashtbl.add mreg_mapping mr n; + n in + (* Fill the adjacency lists and compute the degrees. *) + SetRegReg.fold + (fun (Coq_pair(r1, r2)) () -> + addEdge (find_reg_node r1) (find_reg_node r2)) + g.interf_reg_reg (); + SetRegMreg.fold + (fun (Coq_pair(r1, mr2)) () -> + addEdge (find_reg_node r1) (find_mreg_node mr2)) + g.interf_reg_mreg (); + (* Process the moves and insert them in worklistMoves *) + let add_move n1 n2 = + let m = + { src = n1; dst = n2; mstate = WorklistMoves; + mnext = DLinkMove.dummy; mprev = DLinkMove.dummy } in + n1.movelist <- m :: n1.movelist; + n2.movelist <- m :: n2.movelist; + DLinkMove.insert m worklistMoves in + SetRegReg.fold + (fun (Coq_pair(r1, r2)) () -> + add_move (find_reg_node r1) (find_reg_node r2)) + g.pref_reg_reg (); + SetRegMreg.fold + (fun (Coq_pair(r1, mr2)) () -> + add_move (find_reg_node r1) (find_mreg_node mr2)) + g.pref_reg_mreg (); + (* Initial partition of nodes into spill / freeze / simplify *) + Hashtbl.iter + (fun r n -> + assert (n.nstate = Initial); + let k = num_available_registers.(n.regclass) in + if n.degree >= k then + DLinkNode.insert n spillWorklist + else if moveRelated n then + DLinkNode.insert n freezeWorklist + else + DLinkNode.insert n simplifyWorklist) + reg_mapping; + reg_mapping + +(* Enable moves that have become low-degree related *) + +let enableMoves n = + list_iter + (fun m -> + if m.mstate = ActiveMoves + then DLinkMove.move m activeMoves worklistMoves) + (nodeMoves n) + +(* Simulate the removal of a node from the graph *) + +let decrementDegree n = + let k = num_available_registers.(n.regclass) in + let d = n.degree in + n.degree <- d - 1; + if d = k then begin + enableMoves n; + iterAdjacent enableMoves n; + if n.nstate <> Colored then begin + if moveRelated n + then DLinkNode.move n spillWorklist freezeWorklist + else DLinkNode.move n spillWorklist simplifyWorklist + end + end + +(* Simulate the effect of combining nodes [n1] and [n3] on [n2], + where [n2] is a node adjacent to [n3]. *) + +let combineEdge n1 n2 = + assert (n1 != n2); + if interfere n1 n2 then begin + decrementDegree n2 + end else begin + n1.adjlist <- n2 :: n1.adjlist; + n2.adjlist <- n1 :: n2.adjlist; + n1.degree <- n1.degree + 1 + end + +(* Simplification of a low-degree node *) + +let simplify () = + let n = DLinkNode.pick simplifyWorklist in + (*i Printf.printf "Simplifying %s\n" (name_of_node n); i*) + n.nstate <- SelectStack; + iterAdjacent decrementDegree n; + n + +(* Briggs' conservative coalescing criterion *) + +let canConservativelyCoalesce n1 n2 = + let seen = ref Regset.empty in + let k = num_available_registers.(n1.regclass) in + let c = ref 0 in + let consider n = + if not (Regset.mem n.ident !seen) then begin + seen := Regset.add n.ident !seen; + if n.degree >= k then incr c + end in + iterAdjacent consider n1; + iterAdjacent consider n2; + !c < k + +(* Update worklists after a move was processed *) + +let addWorkList u = + if (not (u.nstate = Colored)) + && u.degree < num_available_registers.(u.regclass) + && (not (moveRelated u)) + then DLinkNode.move u freezeWorklist simplifyWorklist + +(* Return the canonical representative of a possibly coalesced node *) + +let rec getAlias n = + match n.alias with None -> n | Some n' -> getAlias n' + +(* Combine two nodes *) + +let combine u v = + (*i Printf.printf "Combining %s and %s\n" (name_of_node u) (name_of_node v); i*) + if v.nstate = FreezeWorklist + then DLinkNode.move v freezeWorklist coalescedNodes + else DLinkNode.move v spillWorklist coalescedNodes; + v.alias <- Some u; + u.movelist <- u.movelist @ v.movelist; + iterAdjacent (combineEdge u) v; (*r original code using [decrementDegree] is buggy *) + enableMoves v; (*r added as per Appel's book erratum *) + if u.degree >= num_available_registers.(u.regclass) + && u.nstate = FreezeWorklist + then DLinkNode.move u freezeWorklist spillWorklist + +(* Attempt coalescing *) + +let coalesce () = + let m = DLinkMove.pick worklistMoves in + let x = getAlias m.src and y = getAlias m.dst in + let (u, v) = if y.nstate = Colored then (y, x) else (x, y) in + if u == v then begin + DLinkMove.insert m coalescedMoves; + addWorkList u + end else if v.nstate = Colored || interfere u v then begin + DLinkMove.insert m constrainedMoves; + addWorkList u; + addWorkList v + end else if canConservativelyCoalesce u v then begin + DLinkMove.insert m coalescedMoves; + combine u v; + addWorkList u + end else begin + DLinkMove.insert m activeMoves + end + +(* Freeze moves associated with node [u] *) + +let freezeMoves u = + let au = getAlias u in + let freeze m = + let y = getAlias m.src in + let v = if y == au then getAlias m.dst else y in + DLinkMove.move m activeMoves frozenMoves; + if not (moveRelated v) + && v.degree < num_available_registers.(v.regclass) + && v.nstate <> Colored + then DLinkNode.move v freezeWorklist simplifyWorklist in + list_iter freeze (nodeMoves u) + +(* Pick a move and freeze it *) + +let freeze () = + let u = DLinkNode.pick freezeWorklist in + (*i Printf.printf "Freezing %s\n" (name_of_node u); i*) + DLinkNode.insert u simplifyWorklist; + freezeMoves u + +(* Chaitin's cost measure *) + +let spillCost n = n.spillcost /. float n.degree + +(* Spill a node *) + +let selectSpill () = + (* Find a spillable node of minimal cost *) + let (n, cost) = + DLinkNode.fold + (fun n (best_node, best_cost as best) -> + let cost = spillCost n in + if cost < best_cost then (n, cost) else best) + spillWorklist (DLinkNode.dummy, infinity) in + assert (n != DLinkNode.dummy); + DLinkNode.remove n spillWorklist; + (*i Printf.printf "Spilling %s\n" (name_of_node n); i*) + freezeMoves n; + n.nstate <- SelectStack; + iterAdjacent decrementDegree n; + n + +(* Produce the order of nodes that we'll use for coloring *) + +let rec nodeOrder stack = + (*i checkInvariants(); i*) + if DLinkNode.notempty simplifyWorklist then + (let n = simplify() in nodeOrder (n :: stack)) + else if DLinkMove.notempty worklistMoves then + (coalesce(); nodeOrder stack) + else if DLinkNode.notempty freezeWorklist then + (freeze(); nodeOrder stack) + else if DLinkNode.notempty spillWorklist then + (let n = selectSpill() in nodeOrder (n :: stack)) + else + stack + +(* Assign a color (i.e. a hardware register or a stack location) + to a node. The color is chosen among the colors that are not + assigned to nodes with which this node interferes. The choice + is guided by the following heuristics: consider first caller-save + hardware register of the correct type; second, callee-save registers; + third, a stack location. Callee-save registers and stack locations + are ``expensive'' resources, so we try to minimize their number + by picking the smallest available callee-save register or stack location. + In contrast, caller-save registers are ``free'', so we pick an + available one pseudo-randomly. *) + +module Locset = + Set.Make(struct type t = loc let compare = compare end) + +let start_points = Array.make num_register_classes 0 + +let find_reg conflicts regclass = + let rec find avail curr last = + if curr >= last then None else begin + let l = R avail.(curr) in + if Locset.mem l conflicts + then find avail (curr + 1) last + else Some l + end in + let caller_save = caller_save_registers.(regclass) + and callee_save = callee_save_registers.(regclass) + and start = start_points.(regclass) in + match find caller_save start (Array.length caller_save) with + | Some _ as res -> + start_points.(regclass) <- + (if start + 1 < Array.length caller_save then start + 1 else 0); + res + | None -> + match find caller_save 0 start with + | Some _ as res -> + start_points.(regclass) <- + (if start + 1 < Array.length caller_save then start + 1 else 0); + res + | None -> + find callee_save 0 (Array.length callee_save) + +let find_slot conflicts typ = + let rec find curr = + let l = S(Local(curr, typ)) in + if Locset.mem l conflicts then find (coq_Zsucc curr) else l + in find Z0 + +let assign_color n = + let conflicts = ref Locset.empty in + list_iter + (fun n' -> + match (getAlias n').color with + | None -> () + | Some l -> conflicts := Locset.add l !conflicts) + n.adjlist; + match find_reg !conflicts n.regclass with + | Some loc -> + n.color <- Some loc + | None -> + n.color <- Some (find_slot !conflicts n.typ) + +(* Extract the location of a node *) + +let location_of_node n = + match n.color with + | None -> assert false + | Some loc -> loc + +(* Estimate spilling costs - TODO *) + +let spill_costs f = Hashtbl.create 7 + +(* This is the entry point for graph coloring. *) + +let graph_coloring (f: coq_function) (g: graph) (env: regenv) (regs: Regset.t) + : (reg -> loc) = + init(); + Array.fill start_points 0 num_register_classes 0; + let mapping = build g env (spill_costs f) in + list_iter assign_color (nodeOrder []); + fun r -> + try location_of_node (getAlias (Hashtbl.find mapping r)) + with Not_found -> R IT1 (* any location *) diff --git a/caml/Coloringaux.mli b/caml/Coloringaux.mli new file mode 100644 index 00000000..ff4cfeaa --- /dev/null +++ b/caml/Coloringaux.mli @@ -0,0 +1,8 @@ +open Registers +open Locations +open RTL +open RTLtyping +open InterfGraph + +val graph_coloring: + coq_function -> graph -> regenv -> Regset.t -> (reg -> loc) diff --git a/caml/Floataux.ml b/caml/Floataux.ml new file mode 100644 index 00000000..f43efa27 --- /dev/null +++ b/caml/Floataux.ml @@ -0,0 +1,23 @@ +open Camlcoq + +let singleoffloat f = + Int32.float_of_bits (Int32.bits_of_float f) + +let intoffloat f = + coqint_of_camlint (Int32.of_float f) + +let floatofint i = + Int32.to_float (camlint_of_coqint i) + +let floatofintu i = + Int64.to_float (Int64.logand (Int64.of_int32 (camlint_of_coqint i)) + 0xFFFFFFFFL) + +let cmp c (x: float) (y: float) = + match c with + | AST.Ceq -> x = y + | AST.Cne -> x <> y + | AST.Clt -> x < y + | AST.Cle -> x <= y + | AST.Cgt -> x > y + | AST.Cge -> x >= y diff --git a/caml/Main2.ml b/caml/Main2.ml new file mode 100644 index 00000000..b7014193 --- /dev/null +++ b/caml/Main2.ml @@ -0,0 +1,34 @@ +open Printf +open Datatypes + +let process_cminor_file sourcename = + let targetname = Filename.chop_suffix sourcename ".cm" ^ ".s" in + let ic = open_in sourcename in + let lb = Lexing.from_channel ic in + try + match Main.transf_cminor_program (CMparser.prog CMlexer.token lb) with + | None -> + eprintf "Compiler failure\n"; + exit 2 + | Some p -> + let oc = open_out targetname in + PrintPPC.print_program oc p; + close_out oc + with Parsing.Parse_error -> + eprintf "File %s, character %d: Syntax error\n" + sourcename (Lexing.lexeme_start lb); + exit 2 + | CMlexer.Error msg -> + eprintf "File %s, character %d: %s\n" + sourcename (Lexing.lexeme_start lb) msg; + exit 2 + +let process_file filename = + if Filename.check_suffix filename ".cm" then + process_cminor_file filename + else + raise (Arg.Bad ("unknown file type " ^ filename)) + +let _ = + Arg.parse [] process_file + "Usage: ccomp \nOptions are:" diff --git a/caml/PrintPPC.ml b/caml/PrintPPC.ml new file mode 100644 index 00000000..3edcb2ba --- /dev/null +++ b/caml/PrintPPC.ml @@ -0,0 +1,336 @@ +(* $Id: PrintPPC.ml,v 1.2 2005/01/22 11:28:46 xleroy Exp $ *) + +(* Printing PPC assembly code in asm syntax *) + +open Printf +open Datatypes +open List +open Camlcoq +open AST +open PPC + +(* On-the-fly label renaming *) + +let next_label = ref 100 + +let new_label() = + let lbl = !next_label in incr next_label; lbl + +let current_function_labels = (Hashtbl.create 39 : (label, int) Hashtbl.t) + +let label_for_label lbl = + try + Hashtbl.find current_function_labels lbl + with Not_found -> + let lbl' = new_label() in + Hashtbl.add current_function_labels lbl lbl'; + lbl' + +(* Basic printing functions *) + +let print_symb oc symb = + fprintf oc "_%s" (extern_atom symb) + +let print_label oc lbl = + fprintf oc "L%d" (label_for_label lbl) + +let print_symb_ofs oc (symb, ofs) = + print_symb oc symb; + if ofs <> 0l then fprintf oc " + %ld" ofs + +let print_constant oc = function + | Cint n -> + fprintf oc "%ld" (camlint_of_coqint n) + | Csymbol_low_signed(s, n) -> + fprintf oc "lo16(%a)" print_symb_ofs (s, camlint_of_coqint n) + | Csymbol_high_signed(s, n) -> + fprintf oc "ha16(%a)" print_symb_ofs (s, camlint_of_coqint n) + | Csymbol_low_unsigned(s, n) -> + fprintf oc "lo16(%a)" print_symb_ofs (s, camlint_of_coqint n) + | Csymbol_high_unsigned(s, n) -> + fprintf oc "hi16(%a)" print_symb_ofs (s, camlint_of_coqint n) + +let num_crbit = function + | CRbit_0 -> 0 + | CRbit_1 -> 1 + | CRbit_2 -> 2 + | CRbit_3 -> 3 + +let print_crbit oc bit = + fprintf oc "%d" (num_crbit bit) + +let print_coqint oc n = + fprintf oc "%ld" (camlint_of_coqint n) + +let int_reg_name = function + | GPR0 -> "r0" | GPR1 -> "r1" | GPR2 -> "r2" | GPR3 -> "r3" + | GPR4 -> "r4" | GPR5 -> "r5" | GPR6 -> "r6" | GPR7 -> "r7" + | GPR8 -> "r8" | GPR9 -> "r9" | GPR10 -> "r10" | GPR11 -> "r11" + | GPR12 -> "r12" | GPR13 -> "r13" | GPR14 -> "r14" | GPR15 -> "r15" + | GPR16 -> "r16" | GPR17 -> "r17" | GPR18 -> "r18" | GPR19 -> "r19" + | GPR20 -> "r20" | GPR21 -> "r21" | GPR22 -> "r22" | GPR23 -> "r23" + | GPR24 -> "r24" | GPR25 -> "r25" | GPR26 -> "r26" | GPR27 -> "r27" + | GPR28 -> "r28" | GPR29 -> "r29" | GPR30 -> "r30" | GPR31 -> "r31" + +let float_reg_name = function + | FPR0 -> "f0" | FPR1 -> "f1" | FPR2 -> "f2" | FPR3 -> "f3" + | FPR4 -> "f4" | FPR5 -> "f5" | FPR6 -> "f6" | FPR7 -> "f7" + | FPR8 -> "f8" | FPR9 -> "f9" | FPR10 -> "f10" | FPR11 -> "f11" + | FPR12 -> "f12" | FPR13 -> "f13" | FPR14 -> "f14" | FPR15 -> "f15" + | FPR16 -> "f16" | FPR17 -> "f17" | FPR18 -> "f18" | FPR19 -> "f19" + | FPR20 -> "f20" | FPR21 -> "f21" | FPR22 -> "f22" | FPR23 -> "f23" + | FPR24 -> "f24" | FPR25 -> "f25" | FPR26 -> "f26" | FPR27 -> "f27" + | FPR28 -> "f28" | FPR29 -> "f29" | FPR30 -> "f30" | FPR31 -> "f31" + +let ireg oc r = output_string oc (int_reg_name r) +let ireg_or_zero oc r = if r = GPR0 then output_string oc "0" else ireg oc r +let freg oc r = output_string oc (float_reg_name r) + +(* Printing of instructions *) + +module Labelset = Set.Make(struct type t = label let compare = compare end) + +let print_instruction oc labels = function + | Padd(r1, r2, r3) -> + fprintf oc " add %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Paddi(r1, r2, c) -> + fprintf oc " addi %a, %a, %a\n" ireg r1 ireg_or_zero r2 print_constant c + | Paddis(r1, r2, c) -> + fprintf oc " addis %a, %a, %a\n" ireg r1 ireg_or_zero r2 print_constant c + | Paddze(r1, r2) -> + fprintf oc " addze %a, %a\n" ireg r1 ireg r2 + | Pallocframe(lo, hi) -> + let lo = camlint_of_coqint lo + and hi = camlint_of_coqint hi in + let nsz = Int32.neg (Int32.sub hi lo) in + fprintf oc " stwu r1, %ld(r1)\n" nsz + | Pand_(r1, r2, r3) -> + fprintf oc " and. %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Pandc(r1, r2, r3) -> + fprintf oc " andc %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Pandi_(r1, r2, c) -> + fprintf oc " andi. %a, %a, %a\n" ireg r1 ireg r2 print_constant c + | Pandis_(r1, r2, c) -> + fprintf oc " andis. %a, %a, %a\n" ireg r1 ireg r2 print_constant c + | Pb lbl -> + fprintf oc " b %a\n" print_label lbl + | Pbctr -> + fprintf oc " bctr\n" + | Pbctrl -> + fprintf oc " bctrl\n" + | Pbf(bit, lbl) -> + fprintf oc " bf %a, %a\n" print_crbit bit print_label lbl + | Pbl s -> + fprintf oc " bl %a\n" print_symb s + | Pblr -> + fprintf oc " blr\n" + | Pbt(bit, lbl) -> + fprintf oc " bt %a, %a\n" print_crbit bit print_label lbl + | Pcmplw(r1, r2) -> + fprintf oc " cmplw cr0, %a, %a\n" ireg r1 ireg r2 + | Pcmplwi(r1, c) -> + fprintf oc " cmplwi cr0, %a, %a\n" ireg r1 print_constant c + | Pcmpw(r1, r2) -> + fprintf oc " cmpw cr0, %a, %a\n" ireg r1 ireg r2 + | Pcmpwi(r1, c) -> + fprintf oc " cmpwi cr0, %a, %a\n" ireg r1 print_constant c + | Pcror(c1, c2, c3) -> + fprintf oc " cror %a, %a, %a\n" print_crbit c1 print_crbit c2 print_crbit c3 + | Pdivw(r1, r2, r3) -> + fprintf oc " divw %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Pdivwu(r1, r2, r3) -> + fprintf oc " divwu %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Peqv(r1, r2, r3) -> + fprintf oc " eqv %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Pextsb(r1, r2) -> + fprintf oc " extsb %a, %a\n" ireg r1 ireg r2 + | Pextsh(r1, r2) -> + fprintf oc " extsh %a, %a\n" ireg r1 ireg r2 + | Pfreeframe -> + fprintf oc " lwz r1, 0(r1)\n" + | Pfabs(r1, r2) -> + fprintf oc " fabs %a, %a\n" freg r1 freg r2 + | Pfadd(r1, r2, r3) -> + fprintf oc " fadd %a, %a, %a\n" freg r1 freg r2 freg r3 + | Pfcmpu(r1, r2) -> + fprintf oc " fcmpu cr0, %a, %a\n" freg r1 freg r2 + | Pfcti(r1, r2) -> + fprintf oc " fctiwz f13, %a\n" freg r2; + fprintf oc " stfdu f13, -8(r1)\n"; + fprintf oc " lwz %a, 4(r1)\n" ireg r1; + fprintf oc " addi r1, r1, 8\n" + | Pfdiv(r1, r2, r3) -> + fprintf oc " fdiv %a, %a, %a\n" freg r1 freg r2 freg r3 + | Pfmadd(r1, r2, r3, r4) -> + fprintf oc " fmadd %a, %a, %a, %a\n" freg r1 freg r2 freg r3 freg r4 + | Pfmr(r1, r2) -> + fprintf oc " fmr %a, %a\n" freg r1 freg r2 + | Pfmsub(r1, r2, r3, r4) -> + fprintf oc " fmsub %a, %a, %a, %a\n" freg r1 freg r2 freg r3 freg r4 + | Pfmul(r1, r2, r3) -> + fprintf oc " fmul %a, %a, %a\n" freg r1 freg r2 freg r3 + | Pfneg(r1, r2) -> + fprintf oc " fneg %a, %a\n" freg r1 freg r2 + | Pfrsp(r1, r2) -> + fprintf oc " frsp %a, %a\n" freg r1 freg r2 + | Pfsub(r1, r2, r3) -> + fprintf oc " fsub %a, %a, %a\n" freg r1 freg r2 freg r3 + | Pictf(r1, r2) -> + let lbl = new_label() in + fprintf oc " addis r2, 0, 0x4330\n"; + fprintf oc " stwu r2, -8(r1)\n"; + fprintf oc " addis r2, %a, 0x8000\n" ireg r2; + fprintf oc " stw r2, 4(r1)\n"; + fprintf oc " addis r2, 0, ha16(L%d)\n" lbl; + fprintf oc " lfd f13, lo16(L%d)(r2)\n" lbl; + fprintf oc " lfd %a, 0(r1)\n" freg r1; + fprintf oc " addi r1, r1, 8\n"; + fprintf oc " fsub %a, %a, f13\n" freg r1 freg r1; + fprintf oc " .const_data\n"; + fprintf oc "L%d: .long 0x43300000, 0x80000000\n" lbl; + fprintf oc " .text\n" + | Piuctf(r1, r2) -> + let lbl = new_label() in + fprintf oc " addis r2, 0, 0x4330\n"; + fprintf oc " stwu r2, -8(r1)\n"; + fprintf oc " stw %a, 4(r1)\n" ireg r2; + fprintf oc " addis r2, 0, ha16(L%d)\n" lbl; + fprintf oc " lfd f13, lo16(L%d)(r2)\n" lbl; + fprintf oc " lfd %a, 0(r1)\n" freg r1; + fprintf oc " addi r1, r1, 8\n"; + fprintf oc " fsub %a, %a, f12\n" freg r1 freg r1; + fprintf oc " .const_data\n"; + fprintf oc "L%d: .long 0x43300000, 0x00000000\n" lbl; + fprintf oc " .text\n" + | Plbz(r1, c, r2) -> + fprintf oc " lbz %a, %a(%a)\n" ireg r1 print_constant c ireg r2 + | Plbzx(r1, r2, r3) -> + fprintf oc " lbzx %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Plfd(r1, c, r2) -> + fprintf oc " lfd %a, %a(%a)\n" freg r1 print_constant c ireg r2 + | Plfdx(r1, r2, r3) -> + fprintf oc " lfdx %a, %a, %a\n" freg r1 ireg r2 ireg r3 + | Plfi(r1, c) -> + let lbl = new_label() in + fprintf oc " addis r2, 0, ha16(L%d)\n" lbl; + fprintf oc " lfd %a, lo16(L%d)(r2)\n" freg r1 lbl; + fprintf oc " .const_data\n"; + let n = Int64.bits_of_float c in + let nlo = Int64.to_int32 n + and nhi = Int64.to_int32(Int64.shift_right_logical n 32) in + fprintf oc "L%d: .long 0x%lx, 0x%lx ; %f\n" lbl nhi nlo c; + fprintf oc " .text\n" + | Plfs(r1, c, r2) -> + fprintf oc " lfs %a, %a(%a)\n" freg r1 print_constant c ireg r2 + | Plfsx(r1, r2, r3) -> + fprintf oc " lfsx %a, %a, %a\n" freg r1 ireg r2 ireg r3 + | Plha(r1, c, r2) -> + fprintf oc " lha %a, %a(%a)\n" ireg r1 print_constant c ireg r2 + | Plhax(r1, r2, r3) -> + fprintf oc " lhax %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Plhz(r1, c, r2) -> + fprintf oc " lhz %a, %a(%a)\n" ireg r1 print_constant c ireg r2 + | Plhzx(r1, r2, r3) -> + fprintf oc " lhzx %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Plwz(r1, c, r2) -> + fprintf oc " lwz %a, %a(%a)\n" ireg r1 print_constant c ireg r2 + | Plwzx(r1, r2, r3) -> + fprintf oc " lwzx %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Pmfcrbit(r1, bit) -> + fprintf oc " mfcr r2\n"; + fprintf oc " rlwinm %a, r2, %d, 1\n" ireg r1 (1 + num_crbit bit) + | Pmflr(r1) -> + fprintf oc " mflr %a\n" ireg r1 + | Pmr(r1, r2) -> + fprintf oc " mr %a, %a\n" ireg r1 ireg r2 + | Pmtctr(r1) -> + fprintf oc " mtctr %a\n" ireg r1 + | Pmtlr(r1) -> + fprintf oc " mtlr %a\n" ireg r1 + | Pmulli(r1, r2, c) -> + fprintf oc " mulli %a, %a, %a\n" ireg r1 ireg r2 print_constant c + | Pmullw(r1, r2, r3) -> + fprintf oc " mullw %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Pnand(r1, r2, r3) -> + fprintf oc " nand %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Pnor(r1, r2, r3) -> + fprintf oc " nor %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Por(r1, r2, r3) -> + fprintf oc " or %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Porc(r1, r2, r3) -> + fprintf oc " orc %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Pori(r1, r2, c) -> + fprintf oc " ori %a, %a, %a\n" ireg r1 ireg r2 print_constant c + | Poris(r1, r2, c) -> + fprintf oc " oris %a, %a, %a\n" ireg r1 ireg r2 print_constant c + | Prlwinm(r1, r2, c1, c2) -> + fprintf oc " rlwinm %a, %a, %ld, 0x%lx\n" + ireg r1 ireg r2 (camlint_of_coqint c1) (camlint_of_coqint c2) + | Pslw(r1, r2, r3) -> + fprintf oc " slw %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Psraw(r1, r2, r3) -> + fprintf oc " sraw %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Psrawi(r1, r2, c) -> + fprintf oc " srawi %a, %a, %ld\n" ireg r1 ireg r2 (camlint_of_coqint c) + | Psrw(r1, r2, r3) -> + fprintf oc " srw %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Pstb(r1, c, r2) -> + fprintf oc " stb %a, %a(%a)\n" ireg r1 print_constant c ireg r2 + | Pstbx(r1, r2, r3) -> + fprintf oc " stbx %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Pstfd(r1, c, r2) -> + fprintf oc " stfd %a, %a(%a)\n" freg r1 print_constant c ireg r2 + | Pstfdx(r1, r2, r3) -> + fprintf oc " stfdx %a, %a, %a\n" freg r1 ireg r2 ireg r3 + | Pstfs(r1, c, r2) -> + fprintf oc " stfs %a, %a(%a)\n" freg r1 print_constant c ireg r2 + | Pstfsx(r1, r2, r3) -> + fprintf oc " stfsx %a, %a, %a\n" freg r1 ireg r2 ireg r3 + | Psth(r1, c, r2) -> + fprintf oc " sth %a, %a(%a)\n" ireg r1 print_constant c ireg r2 + | Psthx(r1, r2, r3) -> + fprintf oc " sthx %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Pstw(r1, c, r2) -> + fprintf oc " stw %a, %a(%a)\n" ireg r1 print_constant c ireg r2 + | Pstwx(r1, r2, r3) -> + fprintf oc " stwx %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Psubfc(r1, r2, r3) -> + fprintf oc " subfc %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Psubfic(r1, r2, c) -> + fprintf oc " subfic %a, %a, %a\n" ireg r1 ireg r2 print_constant c + | Pxor(r1, r2, r3) -> + fprintf oc " xor %a, %a, %a\n" ireg r1 ireg r2 ireg r3 + | Pxori(r1, r2, c) -> + fprintf oc " xori %a, %a, %a\n" ireg r1 ireg r2 print_constant c + | Pxoris(r1, r2, c) -> + fprintf oc " xoris %a, %a, %a\n" ireg r1 ireg r2 print_constant c + | Plabel lbl -> + if Labelset.mem lbl labels then fprintf oc "%a:\n" print_label lbl + | Piundef r -> + fprintf oc " # undef %a\n" ireg r + | Pfundef r -> + fprintf oc " # undef %a\n" freg r + +let rec labels_of_code = function + | Coq_nil -> Labelset.empty + | Coq_cons((Pb lbl | Pbf(_, lbl) | Pbt(_, lbl)), c) -> + Labelset.add lbl (labels_of_code c) + | Coq_cons(_, c) -> labels_of_code c + +let print_function oc (Coq_pair(name, code)) = + Hashtbl.clear current_function_labels; + fprintf oc " .text\n"; + fprintf oc " .align 2\n"; + fprintf oc " .globl %a\n" print_symb name; + fprintf oc "%a:\n" print_symb name; + coqlist_iter (print_instruction oc (labels_of_code code)) code + +let print_var oc (Coq_pair(name, size)) = + fprintf oc " .globl %a\n" print_symb name; + fprintf oc "%a:\n" print_symb name; + fprintf oc " .space %ld\n" (camlint_of_z size) + +let print_program oc p = + coqlist_iter (print_var oc) p.prog_vars; + coqlist_iter (print_function oc) p.prog_funct + diff --git a/caml/PrintPPC.mli b/caml/PrintPPC.mli new file mode 100644 index 00000000..fbd40045 --- /dev/null +++ b/caml/PrintPPC.mli @@ -0,0 +1 @@ +val print_program: out_channel -> PPC.program -> unit diff --git a/caml/RTLgenaux.ml b/caml/RTLgenaux.ml new file mode 100644 index 00000000..3e6ca3d3 --- /dev/null +++ b/caml/RTLgenaux.ml @@ -0,0 +1,3 @@ +open Cminor + +let more_likely (c: condexpr) (ifso: stmtlist) (ifnot: stmtlist) = false diff --git a/ccomp b/ccomp new file mode 100755 index 00000000..1613e9b6 Binary files /dev/null and b/ccomp differ diff --git a/doc/compcert.html b/doc/compcert.html new file mode 100644 index 00000000..c778632d --- /dev/null +++ b/doc/compcert.html @@ -0,0 +1,250 @@ + + + +The Compcert certified compiler back-end + + + + + + + + +

The Compcert certified compiler back-end

+

Commented Coq development

+

Version 0.2, 2006-01-07

+ +

Introduction

+ +

The Compcert back-end is a compiler that generates PowerPC assembly +code from a low-level intermediate language called Cminor and a +slightly more expressive intermediate language called Csharpminor. +The particularity of this compiler is that it is written mostly within +the specification language of the Coq proof assistant, and its +correctness --- the fact that the generated assembly code is +semantically equivalent to its source program --- was entirely proved +within the Coq proof assistant.

+ +

A high-level overview of the Compcert back-end and its proof of +correctness can be found in the following paper:

+Xavier Leroy, Formal +certification of a compiler back-end, or: programming a compiler with +a proof assistant. Proceedings of the POPL 2006 symposium. + +

This Web site gives a commented listing of the underlying Coq +specifications and proofs. Proof scripts and the parts of the +compiler written directly in Caml are omitted. This development is a +work in progress; some parts may have changed since the overview paper +above was written.

+ +

This document and all Coq source files referenced from it are +copyright 2005, 2006 Institut National de Recherche en Informatique et +en Automatique (INRIA) and distributed under the terms of the GNU General Public +License version 2.

+ +

Table of contents

+ +

Libraries, algorithms, data structures

+ +
    +
  • Coqlib: addendum to the Coq standard library. + (Coq source file with proofs: + Coqlib.v.) +
  • Maps: finite maps. + (Coq source file with proofs: + Maps.v.) +
  • Sets: finite sets. +
  • Union-find: representation of +equivalence classes. + (Coq source file with proofs: + union_find.v.) +
  • Inclusion: tactics to prove list inclusions. +
  • AST: identifiers, whole programs and other +common elements of abstract syntaxes. + (Coq source file with proofs: + AST.v.) +
  • Integers: machine integers. + (Coq source file with proofs: + Integers.v.) +
  • Floats: machine floating-point numbers. +
  • Mem: the memory model. +
  • Globalenvs: global execution environments. +
  • Op: operators, addressing modes and their +semantics. +
  • Ordered: construction of +ordered types. +
  • Lattice: construction of +semi-lattices. +
  • Kildall: resolution of dataflow +inequations by fixpoint iteration. +
+ +

Source, intermediate and target languages: syntax and semantics

+ +
    +
  • Csharpminor: low-level structured language. +
  • Cminor: low-level structured +language, with explicit stack allocation of certain local variables. +
  • RTL: register transfer language (3-address +code, control-flow graph, infinitely many pseudo-registers).
    +See also: Registers (representation of +pseudo-registers). +
  • LTL: location transfer language (3-address +code, control-flow graph, finitely many physical registers, infinitely +many stack slots).
    +See also: Locations (representation of +locations). +
  • Linear: like LTL, but the CFG is +replaced by a linear list of instructions with explicit branches and labels. +
  • Mach: like Linear, with a more concrete +view of the activation record.
    +See also: an alternate semantics for the same +syntax is given in Machabstr.
    +
  • PPC: abstract syntax for PowerPC assembly +code. +
+ +

Compiler passes

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
PassSource & targetCompiler codeCorrectness proof
Recognition of operators and addressing modesCsharpminor to CminorCmconstrCmconstrproof
Stack allocation of local variables
whose address is taken		Csharpminor to CminorCminorgenCminorgenproof
Construction of the CFG,
3-address code generation		Cminor to RTLRTLgenRTLgenproof1
+ RTLgenproof
Constant propagationRTL to RTLConstpropConstpropproof
Common subexpression eliminationRTL to RTLCSECSEproof
Register allocation by coloring
of an interference graph		RTL to LTLConventions
+ InterfGraph
+ Coloring
+ Parallelmove
+ Allocation
+
+ Coloringproof
+ Allocproof_aux
+ Allocproof
Branch tunnelingLTL to LTLTunnelingTunnelingproof
Linearization of the CFGLTL to LinearLinearizeLinearizeproof
Laying out the activation recordsLinear to MachStackingStackingproof
Storing the activation records in memoryMach to Mach(none) + Machabstr2mach
Emission of PowerPC assemblyMach to PPCPPCgenPPCgenproof1
+ PPCgenproof
+ +

Type systems

+ +Trivial type systems are used to statically capture well-formedness +conditions on the intermediate languages. + +Proofs that compiler passes are type-preserving: + + +

All together

+ +
    +
  • Main: composing the passes together; the +final semantic preservation theorems. +
+ +
+
Xavier.Leroy@inria.fr
+
+ + + diff --git a/doc/index.html b/doc/index.html new file mode 100644 index 00000000..33afe85e --- /dev/null +++ b/doc/index.html @@ -0,0 +1,8295 @@ + + +Index + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Global IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(3806 entries)
Axiom IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(39 entries)
Lemma IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(1753 entries)
Constructor IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(700 entries)
Inductive IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(155 entries)
Definition IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(1017 entries)
Module IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(78 entries)
Library IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(64 entries)
+
+

Global Index

+

A

+a [inductive, in backend.Op]
+a [inductive, in backend.Op]
+Abased [constructor, in backend.Op]
+abs [axiom, in lib.Floats]
+absf [definition, in backend.Values]
+absfloat [definition, in backend.Cmconstr]
+add [axiom, in lib.Floats]
+add [definition, in backend.Values]
+add [definition, in lib.Sets]
+add [definition, in backend.Cmconstr]
+add [definition, in backend.RTLtyping]
+add [definition, in lib.Integers]
+addf [definition, in backend.Cmconstr]
+addf [definition, in backend.Values]
+addf_cases [inductive, in backend.Cmconstr]
+addf_case1 [constructor, in backend.Cmconstr]
+addf_case2 [constructor, in backend.Cmconstr]
+addf_commut [axiom, in lib.Floats]
+addf_commut [lemma, in backend.Values]
+addf_default [constructor, in backend.Cmconstr]
+addf_match [definition, in backend.Cmconstr]
+addf_match_aux [definition, in backend.Cmconstr]
+addimm [definition, in backend.PPCgen]
+addimm [definition, in backend.Cmconstr]
+addimm_cases [inductive, in backend.Cmconstr]
+addimm_case1 [constructor, in backend.Cmconstr]
+addimm_case2 [constructor, in backend.Cmconstr]
+addimm_case3 [constructor, in backend.Cmconstr]
+addimm_case4 [constructor, in backend.Cmconstr]
+addimm_correct [lemma, in backend.PPCgenproof1]
+addimm_default [constructor, in backend.Cmconstr]
+addimm_match [definition, in backend.Cmconstr]
+addimm_1 [definition, in backend.PPCgen]
+addimm_1_correct [lemma, in backend.PPCgenproof1]
+addimm_2 [definition, in backend.PPCgen]
+addimm_2_correct [lemma, in backend.PPCgenproof1]
+addressing [definition, in backend.Cmconstr]
+addressing [inductive, in backend.Op]
+addressing_cases [inductive, in backend.Cmconstr]
+addressing_case1 [constructor, in backend.Cmconstr]
+addressing_case2 [constructor, in backend.Cmconstr]
+addressing_case3 [constructor, in backend.Cmconstr]
+addressing_case4 [constructor, in backend.Cmconstr]
+addressing_case5 [constructor, in backend.Cmconstr]
+addressing_default [constructor, in backend.Cmconstr]
+addressing_match [definition, in backend.Cmconstr]
+address_inject [lemma, in backend.Mem]
+addr_strength_reduction [definition, in backend.Constprop]
+addr_strength_reduction_cases [inductive, in backend.Constprop]
+addr_strength_reduction_case1 [constructor, in backend.Constprop]
+addr_strength_reduction_case2 [constructor, in backend.Constprop]
+addr_strength_reduction_case3 [constructor, in backend.Constprop]
+addr_strength_reduction_correct [lemma, in backend.Constpropproof]
+addr_strength_reduction_default [constructor, in backend.Constprop]
+addr_strength_reduction_match [definition, in backend.Constprop]
+addr_taken_expr [definition, in backend.Cminorgen]
+addr_taken_stmt [definition, in backend.Cminorgen]
+add_and [lemma, in lib.Integers]
+add_assoc [lemma, in lib.Integers]
+add_assoc [lemma, in backend.Values]
+add_call [definition, in backend.Allocation]
+add_call_correct [lemma, in backend.Allocproof]
+add_cases [inductive, in backend.Cmconstr]
+add_case1 [constructor, in backend.Cmconstr]
+add_case2 [constructor, in backend.Cmconstr]
+add_case3 [constructor, in backend.Cmconstr]
+add_case4 [constructor, in backend.Cmconstr]
+add_case5 [constructor, in backend.Cmconstr]
+add_commut [lemma, in lib.Integers]
+add_commut [lemma, in backend.Values]
+add_cond [definition, in backend.Allocation]
+add_cond_correct [lemma, in backend.Allocproof]
+add_default [constructor, in backend.Cmconstr]
+add_edges_instr [definition, in backend.Coloring]
+add_edges_instrs [definition, in backend.Coloring]
+add_edges_instrs_correct [lemma, in backend.Coloringproof]
+add_edges_instrs_correct_aux [lemma, in backend.Coloringproof]
+add_edges_instrs_incl_aux [lemma, in backend.Coloringproof]
+add_edges_instr_correct [lemma, in backend.Coloringproof]
+add_edges_instr_incl [lemma, in backend.Coloringproof]
+add_entry [definition, in backend.Allocation]
+add_entry_correct [lemma, in backend.Allocproof]
+add_funct [definition, in backend.Globalenvs]
+add_functs [definition, in backend.Globalenvs]
+add_functs_transf [lemma, in backend.Globalenvs]
+add_globals [definition, in backend.Globalenvs]
+add_instr [definition, in backend.RTLgen]
+add_instr_at [lemma, in backend.RTLgenproof1]
+add_instr_incr [lemma, in backend.RTLgenproof1]
+add_instr_wf [lemma, in backend.RTLgen]
+add_interf [definition, in backend.InterfGraph]
+add_interf_call [definition, in backend.Coloring]
+add_interf_call_correct [lemma, in backend.Coloringproof]
+add_interf_call_correct_aux_1 [lemma, in backend.Coloringproof]
+add_interf_call_correct_aux_2 [lemma, in backend.Coloringproof]
+add_interf_call_incl [lemma, in backend.Coloringproof]
+add_interf_call_incl_aux_1 [lemma, in backend.Coloringproof]
+add_interf_call_incl_aux_2 [lemma, in backend.Coloringproof]
+add_interf_correct [lemma, in backend.InterfGraph]
+add_interf_entry [definition, in backend.Coloring]
+add_interf_entry_correct [lemma, in backend.Coloringproof]
+add_interf_entry_incl [lemma, in backend.Coloringproof]
+add_interf_incl [lemma, in backend.InterfGraph]
+add_interf_live [definition, in backend.Coloring]
+add_interf_live_correct [lemma, in backend.Coloringproof]
+add_interf_live_correct_aux [lemma, in backend.Coloringproof]
+add_interf_live_incl [lemma, in backend.Coloringproof]
+add_interf_live_incl_aux [lemma, in backend.Coloringproof]
+add_interf_move [definition, in backend.Coloring]
+add_interf_move_correct [lemma, in backend.Coloringproof]
+add_interf_move_incl [lemma, in backend.Coloringproof]
+add_interf_mreg [definition, in backend.InterfGraph]
+add_interf_mreg_correct [lemma, in backend.InterfGraph]
+add_interf_mreg_incl [lemma, in backend.InterfGraph]
+add_interf_op [definition, in backend.Coloring]
+add_interf_op_correct [lemma, in backend.Coloringproof]
+add_interf_op_incl [lemma, in backend.Coloringproof]
+add_interf_params [definition, in backend.Coloring]
+add_interf_params_correct [lemma, in backend.Coloringproof]
+add_interf_params_correct_aux [lemma, in backend.Coloringproof]
+add_interf_params_incl [lemma, in backend.Coloringproof]
+add_interf_params_incl_aux [lemma, in backend.Coloringproof]
+add_letvar [definition, in backend.RTLgen]
+add_letvar_wf [lemma, in backend.RTLgenproof1]
+add_load [definition, in backend.CSE]
+add_load [definition, in backend.Allocation]
+add_load_correct [lemma, in backend.Allocproof]
+add_load_satisfiable [lemma, in backend.CSEproof]
+add_match [definition, in backend.Cmconstr]
+add_match_aux [definition, in backend.Cmconstr]
+add_move [definition, in backend.RTLgen]
+add_move [definition, in backend.Allocation]
+add_move_correct [lemma, in backend.RTLgenproof]
+add_move_correct [lemma, in backend.Allocproof]
+add_move_incr [lemma, in backend.RTLgenproof1]
+add_neg_zero [lemma, in lib.Integers]
+add_op [definition, in backend.Allocation]
+add_op [definition, in backend.CSE]
+add_op_correct [lemma, in backend.Allocproof]
+add_op_satisfiable [lemma, in backend.CSEproof]
+add_permut [lemma, in backend.Values]
+add_permut [lemma, in lib.Integers]
+add_permut_4 [lemma, in backend.Values]
+add_pref [definition, in backend.InterfGraph]
+add_prefs_call [definition, in backend.Coloring]
+add_prefs_call_incl [lemma, in backend.Coloringproof]
+add_pref_incl [lemma, in backend.InterfGraph]
+add_pref_mreg [definition, in backend.InterfGraph]
+add_pref_mreg_incl [lemma, in backend.InterfGraph]
+add_reload [definition, in backend.Allocation]
+add_reloads [definition, in backend.Allocation]
+add_reloads_correct [lemma, in backend.Allocproof]
+add_reloads_correct_rec [lemma, in backend.Allocproof]
+add_reload_correct [lemma, in backend.Allocproof]
+add_return [definition, in backend.Allocation]
+add_return_correct [lemma, in backend.Allocproof]
+add_rhs [definition, in backend.CSE]
+add_rhs_satisfiable [lemma, in backend.CSEproof]
+add_signed [lemma, in lib.Integers]
+add_spill [definition, in backend.Allocation]
+add_spill_correct [lemma, in backend.Allocproof]
+add_store [definition, in backend.Allocation]
+add_store_correct [lemma, in backend.Allocproof]
+add_successors [definition, in backend.Kildall]
+add_successors_correct [lemma, in backend.Kildall]
+add_symbol [definition, in backend.Globalenvs]
+add_to_worklist [definition, in backend.Kildall]
+add_to_worklist_1 [lemma, in backend.Kildall]
+add_to_worklist_2 [lemma, in backend.Kildall]
+add_undefs [definition, in backend.Allocation]
+add_undefs_correct [lemma, in backend.Allocproof]
+add_unsigned [lemma, in lib.Integers]
+add_var [definition, in backend.RTLgen]
+add_vars [definition, in backend.RTLgen]
+add_vars_incr [lemma, in backend.RTLgenproof1]
+add_vars_letenv [lemma, in backend.RTLgenproof1]
+add_vars_valid [lemma, in backend.RTLgenproof1]
+add_vars_wf [lemma, in backend.RTLgenproof1]
+add_var_find [lemma, in backend.RTLgenproof1]
+add_var_incr [lemma, in backend.RTLgenproof1]
+add_var_letenv [lemma, in backend.RTLgenproof1]
+add_var_valid [lemma, in backend.RTLgenproof1]
+add_var_wf [lemma, in backend.RTLgenproof1]
+add_zero [lemma, in lib.Integers]
+Aglobal [constructor, in backend.Op]
+agree [inductive, in backend.Stackingproof]
+agree [definition, in backend.Allocproof]
+agree [definition, in backend.PPCgenproof1]
+agree_assign_dead [lemma, in backend.Allocproof]
+agree_assign_live [lemma, in backend.Allocproof]
+agree_call [lemma, in backend.Allocproof]
+agree_eval_reg [lemma, in backend.Stackingproof]
+agree_eval_reg [lemma, in backend.Allocproof]
+agree_eval_regs [lemma, in backend.Stackingproof]
+agree_eval_regs [lemma, in backend.Allocproof]
+agree_exten [lemma, in backend.Allocproof]
+agree_exten_1 [lemma, in backend.PPCgenproof1]
+agree_exten_2 [lemma, in backend.PPCgenproof1]
+agree_increasing [lemma, in backend.Allocproof]
+agree_init_regs [lemma, in backend.Allocproof]
+agree_move_live [lemma, in backend.Allocproof]
+agree_nextinstr [lemma, in backend.PPCgenproof1]
+agree_nextinstr_commut [lemma, in backend.PPCgenproof1]
+agree_parameters [lemma, in backend.Allocproof]
+agree_reg_list_live [lemma, in backend.Allocproof]
+agree_reg_live [lemma, in backend.Allocproof]
+agree_reg_sum_live [lemma, in backend.Allocproof]
+agree_return_regs [lemma, in backend.Stackingproof]
+agree_set_commut [lemma, in backend.PPCgenproof1]
+agree_set_local [lemma, in backend.Stackingproof]
+agree_set_mfreg [lemma, in backend.PPCgenproof1]
+agree_set_mireg [lemma, in backend.PPCgenproof1]
+agree_set_mireg_exten [lemma, in backend.PPCgenproof1]
+agree_set_mireg_twice [lemma, in backend.PPCgenproof1]
+agree_set_mreg [lemma, in backend.PPCgenproof1]
+agree_set_other [lemma, in backend.PPCgenproof1]
+agree_set_outgoing [lemma, in backend.Stackingproof]
+agree_set_reg [lemma, in backend.Stackingproof]
+agree_set_twice_mireg [lemma, in backend.PPCgenproof1]
+Aindexed [constructor, in backend.Op]
+Aindexed2 [constructor, in backend.Op]
+Ainstack [constructor, in backend.Op]
+align [definition, in lib.Coqlib]
+align_le [lemma, in lib.Coqlib]
+align_16_top [definition, in backend.Mach]
+alloc [definition, in backend.Mem]
+Allocation [library]
+Allocproof [library]
+Allocproof_aux [library]
+allocs_write_ok [lemma, in backend.Alloctyping]
+Alloctyping [library]
+Alloctyping_aux [library]
+alloc_extends [lemma, in backend.Mem]
+alloc_mapped_inject [lemma, in backend.Mem]
+alloc_of_coloring [definition, in backend.Coloring]
+alloc_of_coloring_correct_1 [lemma, in backend.Coloringproof]
+alloc_of_coloring_correct_2 [lemma, in backend.Coloringproof]
+alloc_of_coloring_correct_3 [lemma, in backend.Coloringproof]
+alloc_of_coloring_correct_4 [lemma, in backend.Coloringproof]
+alloc_reg [definition, in backend.RTLgen]
+alloc_regs [definition, in backend.RTLgen]
+alloc_regs_fresh_or_in_map [lemma, in backend.RTLgenproof1]
+alloc_regs_incr [lemma, in backend.RTLgenproof1]
+alloc_regs_target_ok [lemma, in backend.RTLgenproof1]
+alloc_regs_valid [lemma, in backend.RTLgenproof1]
+alloc_reg_fresh_or_in_map [lemma, in backend.RTLgenproof1]
+alloc_reg_incr [lemma, in backend.RTLgenproof1]
+alloc_reg_target_ok [lemma, in backend.RTLgenproof1]
+alloc_reg_valid [lemma, in backend.RTLgenproof1]
+alloc_right_inject [lemma, in backend.Mem]
+alloc_type [lemma, in backend.Alloctyping]
+alloc_types [lemma, in backend.Alloctyping]
+alloc_unmapped_inject [lemma, in backend.Mem]
+alloc_variables [inductive, in backend.Csharpminor]
+alloc_variables_cons [constructor, in backend.Csharpminor]
+alloc_variables_list_block [lemma, in backend.Cminorgenproof]
+alloc_variables_nextblock_incr [lemma, in backend.Cminorgenproof]
+alloc_variables_nil [constructor, in backend.Csharpminor]
+alloc_write_ok [lemma, in backend.Alloctyping]
+all_interf_regs [definition, in backend.InterfGraph]
+all_interf_regs_correct_aux_1 [lemma, in backend.InterfGraph]
+all_interf_regs_correct_aux_2 [lemma, in backend.InterfGraph]
+all_interf_regs_correct_aux_3 [lemma, in backend.InterfGraph]
+all_interf_regs_correct_1 [lemma, in backend.InterfGraph]
+all_interf_regs_correct_2 [lemma, in backend.InterfGraph]
+analysis_correct_entry [lemma, in backend.CSEproof]
+analysis_correct_N [lemma, in backend.CSEproof]
+analysis_correct_1 [lemma, in backend.CSEproof]
+analyze [definition, in backend.Allocation]
+analyze [definition, in backend.Constprop]
+analyze [definition, in backend.CSE]
+analyze_correct [lemma, in backend.Allocproof]
+analyze_correct_1 [lemma, in backend.Constpropproof]
+analyze_correct_2 [lemma, in backend.Constpropproof]
+analyze_correct_3 [lemma, in backend.Constpropproof]
+analyze_invariant [lemma, in backend.Kildall]
+analyze_P [lemma, in backend.Kildall]
+and [definition, in lib.Integers]
+and [definition, in backend.Cmconstr]
+and [definition, in backend.Values]
+andimm [definition, in backend.Cmconstr]
+andimm [definition, in backend.PPCgen]
+andimm_correct [lemma, in backend.PPCgenproof1]
+and_assoc [lemma, in backend.Values]
+and_assoc [lemma, in lib.Integers]
+and_commut [lemma, in lib.Integers]
+and_commut [lemma, in backend.Values]
+and_idem [lemma, in lib.Integers]
+and_mone [lemma, in lib.Integers]
+and_or_distrib [lemma, in lib.Integers]
+and_shl [lemma, in lib.Integers]
+and_shru [lemma, in lib.Integers]
+and_xor_distrib [lemma, in lib.Integers]
+and_zero [lemma, in lib.Integers]
+appcons_length [lemma, in backend.Parallelmove]
+append [definition, in lib.Maps]
+append_assoc_0 [lemma, in lib.Maps]
+append_assoc_1 [lemma, in lib.Maps]
+append_injective [lemma, in lib.Maps]
+append_neutral_l [lemma, in lib.Maps]
+append_neutral_r [lemma, in lib.Maps]
+apply_partial [definition, in backend.Main]
+apply_total [definition, in backend.Main]
+apply_total_transf_program [lemma, in backend.Main]
+approx [inductive, in backend.Constprop]
+Approx [module, in backend.Constprop]
+approx_regs [definition, in backend.Constprop]
+approx_regs_val_list [lemma, in backend.Constpropproof]
+app_app [lemma, in backend.Parallelmove]
+app_cons [lemma, in backend.Parallelmove]
+app_nil [lemma, in backend.Parallelmove]
+app_rewrite [lemma, in backend.Parallelmove]
+app_rewriter [lemma, in backend.Parallelmove]
+app_rewrite2 [lemma, in backend.Parallelmove]
+arguments_not_preserved [lemma, in backend.Conventions]
+assign_variable [definition, in backend.Cminorgen]
+assign_variables [definition, in backend.Cminorgen]
+AST [library]
+

B

+BACKWARD_DATAFLOW_SOLVER [module, in backend.Kildall]
+Backward_Dataflow_Solver [module, in backend.Kildall]
+base_case_Pmov_dec [definition, in backend.Parallelmove]
+basic_block_list [definition, in backend.Kildall]
+basic_block_map [definition, in backend.Kildall]
+BBlock_solver [module, in backend.Kildall]
+BBLOCK_SOLVER [module, in backend.Kildall]
+bbmap [definition, in backend.Kildall]
+Bcall [constructor, in backend.LTL]
+Bcond [constructor, in backend.LTL]
+Bgetstack [constructor, in backend.LTL]
+Bgoto [constructor, in backend.LTL]
+bin [inductive, in lib.Inclusion]
+bind [definition, in backend.RTLgen]
+bind [definition, in backend.Cminorgen]
+bind2 [definition, in backend.RTLgen]
+bind_parameters [inductive, in backend.Csharpminor]
+bind_parameters_cons [constructor, in backend.Csharpminor]
+bind_parameters_length [lemma, in backend.Cminorgenproof]
+bind_parameters_nil [constructor, in backend.Csharpminor]
+bin_A [definition, in lib.Inclusion]
+bits_of_Z [definition, in lib.Integers]
+bits_of_Z_above [lemma, in lib.Integers]
+bits_of_Z_below [lemma, in lib.Integers]
+bits_of_Z_mone [lemma, in lib.Integers]
+bits_of_Z_of_bits [lemma, in lib.Integers]
+bits_of_Z_zero [lemma, in lib.Integers]
+bitwise_binop [definition, in lib.Integers]
+bitwise_binop_assoc [lemma, in lib.Integers]
+bitwise_binop_commut [lemma, in lib.Integers]
+bitwise_binop_idem [lemma, in lib.Integers]
+bitwise_binop_rol [lemma, in lib.Integers]
+bitwise_binop_shl [lemma, in lib.Integers]
+bitwise_binop_shru [lemma, in lib.Integers]
+Bload [constructor, in backend.LTL]
+block [inductive, in backend.LTL]
+block [definition, in backend.Values]
+block_agree [definition, in backend.Mem]
+block_agree_refl [lemma, in backend.Mem]
+block_agree_sym [lemma, in backend.Mem]
+block_agree_trans [lemma, in backend.Mem]
+block_contents [inductive, in backend.Mem]
+block_contents_agree [definition, in backend.Mem]
+block_contents_exten [lemma, in backend.Mem]
+block_contents_extends [definition, in backend.Mem]
+block_contents_inject [inductive, in backend.Mem]
+block_contents_inject_incr [lemma, in backend.Mem]
+block_cont_val [lemma, in backend.Mem]
+bool_of_false_val [lemma, in backend.Values]
+bool_of_false_val2 [lemma, in backend.Values]
+bool_of_false_val_inv [lemma, in backend.Values]
+bool_of_true_val [lemma, in backend.Values]
+bool_of_true_val2 [lemma, in backend.Values]
+bool_of_true_val_inv [lemma, in backend.Values]
+bool_of_val [inductive, in backend.Values]
+bool_of_val_int_true [constructor, in backend.Values]
+Bop [constructor, in backend.LTL]
+bot [definition, in lib.Lattice]
+Bot [constructor, in lib.Lattice]
+bot [definition, in lib.Lattice]
+bot [definition, in backend.Constprop]
+bot [definition, in lib.Sets]
+bot [definition, in lib.Lattice]
+Bot_except [constructor, in lib.Lattice]
+bounds [inductive, in backend.Lineartyping]
+bounds_free_block [lemma, in backend.Mem]
+bound_float_callee_save_pos [lemma, in backend.Lineartyping]
+bound_float_local_pos [lemma, in backend.Lineartyping]
+bound_int_callee_save_pos [lemma, in backend.Lineartyping]
+bound_int_local_pos [lemma, in backend.Lineartyping]
+bound_outgoing_pos [lemma, in backend.Lineartyping]
+branch_target [definition, in backend.Tunneling]
+branch_target_characterization [lemma, in backend.Tunnelingproof]
+branch_target_rec [definition, in backend.Tunneling]
+branch_target_rec_1 [lemma, in backend.Tunnelingproof]
+branch_target_rec_2 [lemma, in backend.Tunnelingproof]
+Breturn [constructor, in backend.LTL]
+Bsetstack [constructor, in backend.LTL]
+Bstore [constructor, in backend.LTL]
+build_compilenv [definition, in backend.Cminorgen]
+

C

+callstack [definition, in backend.Machabstr2mach]
+callstack [definition, in backend.Cminorgenproof]
+callstack_dom [inductive, in backend.Machabstr2mach]
+callstack_dom_cons [constructor, in backend.Machabstr2mach]
+callstack_dom_diff [lemma, in backend.Machabstr2mach]
+callstack_dom_incr [lemma, in backend.Machabstr2mach]
+callstack_dom_less [lemma, in backend.Machabstr2mach]
+callstack_dom_nil [constructor, in backend.Machabstr2mach]
+callstack_exten [lemma, in backend.Machabstr2mach]
+callstack_function_entry [lemma, in backend.Machabstr2mach]
+callstack_function_return [lemma, in backend.Machabstr2mach]
+callstack_get_parent [lemma, in backend.Machabstr2mach]
+callstack_get_slot [lemma, in backend.Machabstr2mach]
+callstack_init [lemma, in backend.Machabstr2mach]
+callstack_invariant [inductive, in backend.Machabstr2mach]
+callstack_linked [inductive, in backend.Machabstr2mach]
+callstack_linked_cons [constructor, in backend.Machabstr2mach]
+callstack_linked_nil [constructor, in backend.Machabstr2mach]
+callstack_linked_one [constructor, in backend.Machabstr2mach]
+callstack_load [lemma, in backend.Machabstr2mach]
+callstack_set_slot [lemma, in backend.Machabstr2mach]
+callstack_store [lemma, in backend.Machabstr2mach]
+callstack_store_aux [lemma, in backend.Machabstr2mach]
+callstack_store_ok [lemma, in backend.Machabstr2mach]
+call_regs [definition, in backend.LTL]
+call_regs_param_of_arg [lemma, in backend.Allocproof]
+CARRY [constructor, in backend.PPC]
+cast [definition, in backend.Csharpminor]
+cast16signed [definition, in lib.Integers]
+cast16signed [definition, in backend.Values]
+cast16signed [definition, in backend.Cmconstr]
+cast16unsigned [definition, in backend.Cmconstr]
+cast16unsigned [definition, in backend.Values]
+cast16unsigned [definition, in lib.Integers]
+cast16unsigned_and [lemma, in lib.Integers]
+cast16unsigned_and [lemma, in backend.Values]
+cast16_signed_equal_if_unsigned_equal [lemma, in lib.Integers]
+cast16_signed_idem [lemma, in lib.Integers]
+cast16_unsigned_idem [lemma, in lib.Integers]
+cast16_unsigned_signed [lemma, in lib.Integers]
+cast8signed [definition, in backend.Cmconstr]
+cast8signed [definition, in lib.Integers]
+cast8signed [definition, in backend.Values]
+cast8unsigned [definition, in backend.Cmconstr]
+cast8unsigned [definition, in backend.Values]
+cast8unsigned [definition, in lib.Integers]
+cast8unsigned_and [lemma, in lib.Integers]
+cast8unsigned_and [lemma, in backend.Values]
+cast8_signed_equal_if_unsigned_equal [lemma, in lib.Integers]
+cast8_signed_idem [lemma, in lib.Integers]
+cast8_signed_unsigned [lemma, in lib.Integers]
+cast8_unsigned_idem [lemma, in lib.Integers]
+cast8_unsigned_signed [lemma, in lib.Integers]
+Ccomp [constructor, in backend.Op]
+Ccompf [constructor, in backend.Op]
+Ccompimm [constructor, in backend.Op]
+Ccompu [constructor, in backend.Op]
+Ccompuimm [constructor, in backend.Op]
+CEcond [constructor, in backend.Cminor]
+CEcondition [constructor, in backend.Cminor]
+CEfalse [constructor, in backend.Cminor]
+Ceq [constructor, in backend.AST]
+CEtrue [constructor, in backend.Cminor]
+Cge [constructor, in backend.AST]
+Cgt [constructor, in backend.AST]
+check_all_leaves [definition, in lib.Inclusion]
+check_all_leaves_sound [lemma, in lib.Inclusion]
+check_coloring [definition, in backend.Coloring]
+check_coloring_1 [definition, in backend.Coloring]
+check_coloring_1_correct [lemma, in backend.Coloringproof]
+check_coloring_2 [definition, in backend.Coloring]
+check_coloring_2_correct [lemma, in backend.Coloringproof]
+check_coloring_3 [definition, in backend.Coloring]
+check_coloring_3_correct [lemma, in backend.Coloringproof]
+check_cont [definition, in backend.Mem]
+check_cont_agree [lemma, in backend.Mem]
+check_cont_false [lemma, in backend.Mem]
+check_cont_inject [lemma, in backend.Mem]
+check_cont_inv [lemma, in backend.Mem]
+check_cont_true [lemma, in backend.Mem]
+check_equal_on_range [definition, in lib.Integers]
+check_equal_on_range_correct [lemma, in lib.Integers]
+chunk_of_type [definition, in backend.Mach]
+Cint [constructor, in backend.PPC]
+Cle [constructor, in backend.AST]
+cleanup_code [definition, in backend.Linearize]
+cleanup_code_conservation [lemma, in backend.Linearizetyping]
+cleanup_code_conservation_2 [lemma, in backend.Linearizetyping]
+cleanup_code_correct_1 [lemma, in backend.Linearizeproof]
+cleanup_code_correct_2 [lemma, in backend.Linearizeproof]
+cleanup_function [definition, in backend.Linearize]
+cleanup_function_conservation [lemma, in backend.Linearizetyping]
+cleanup_function_conservation_2 [lemma, in backend.Linearizetyping]
+cleanup_function_correct [lemma, in backend.Linearizeproof]
+Clt [constructor, in backend.AST]
+Cmasknotzero [constructor, in backend.Op]
+Cmaskzero [constructor, in backend.Op]
+Cmconstr [library]
+Cmconstrproof [library]
+Cminor [library]
+Cminorgen [library]
+Cminorgenproof [library]
+cmp [axiom, in lib.Floats]
+cmp [definition, in backend.Cmconstr]
+cmp [definition, in backend.Values]
+cmp [definition, in lib.Integers]
+cmpf [definition, in backend.Cmconstr]
+cmpf [definition, in backend.Values]
+cmpf_ge [lemma, in backend.Values]
+cmpf_is_bool [lemma, in backend.Values]
+cmpf_le [lemma, in backend.Values]
+cmpu [definition, in backend.Values]
+cmpu [definition, in backend.Cmconstr]
+cmpu [definition, in lib.Integers]
+cmpu_is_bool [lemma, in backend.Values]
+cmp_ge_gt_eq [axiom, in lib.Floats]
+cmp_is_bool [lemma, in backend.Values]
+cmp_le_lt_eq [axiom, in lib.Floats]
+cmp_mismatch [definition, in backend.Values]
+cmp_mismatch_is_bool [lemma, in backend.Values]
+cmp_ne_eq [axiom, in lib.Floats]
+Cne [constructor, in backend.AST]
+Cnotcompf [constructor, in backend.Op]
+code [definition, in backend.LTL]
+code [definition, in backend.PPC]
+code [definition, in backend.RTL]
+code [definition, in backend.Linear]
+code [definition, in backend.Mach]
+code_size [definition, in backend.PPCgen]
+code_tail [definition, in backend.PPCgenproof]
+code_tail_next [lemma, in backend.PPCgenproof]
+code_tail_next_int [lemma, in backend.PPCgenproof]
+Coloring [library]
+Coloringproof [library]
+combine [definition, in lib.Maps]
+combine_commut [lemma, in lib.Maps]
+compare [lemma, in lib.Ordered]
+compare [lemma, in lib.Ordered]
+compare [lemma, in lib.Ordered]
+compare_float [definition, in backend.PPC]
+compare_float_spec [lemma, in backend.PPCgenproof1]
+compare_sint [definition, in backend.PPC]
+compare_sint_spec [lemma, in backend.PPCgenproof1]
+compare_uint [definition, in backend.PPC]
+compare_uint_spec [lemma, in backend.PPCgenproof1]
+comparison [inductive, in backend.AST]
+compilenv [definition, in backend.Cminorgen]
+condexpr [inductive, in backend.Cminor]
+condexpr_of_expr [definition, in backend.Cmconstr]
+condition [inductive, in backend.Op]
+conditionalexpr [definition, in backend.Cmconstr]
+cond_strength_reduction [definition, in backend.Constprop]
+cond_strength_reduction_cases [inductive, in backend.Constprop]
+cond_strength_reduction_correct [lemma, in backend.Constpropproof]
+cond_strength_reduction_match [definition, in backend.Constprop]
+consistent [definition, in backend.RTLtyping]
+consistent_not_eq [lemma, in backend.RTLtyping]
+constant [inductive, in backend.PPC]
+Constprop [library]
+Constpropproof [library]
+const_high [definition, in backend.PPC]
+const_low [definition, in backend.PPC]
+cons_replace [lemma, in backend.Parallelmove]
+Cont [constructor, in backend.LTL]
+Cont [constructor, in backend.Mem]
+content [inductive, in backend.Mem]
+contentmap [definition, in backend.Mem]
+contentmap_agree [definition, in backend.Mem]
+contentmap_inject [definition, in backend.Mem]
+contentmap_inject_incr [lemma, in backend.Mem]
+content_inject [inductive, in backend.Mem]
+content_inject_cont [constructor, in backend.Mem]
+content_inject_datum16 [constructor, in backend.Mem]
+content_inject_datum32 [constructor, in backend.Mem]
+content_inject_datum64 [constructor, in backend.Mem]
+content_inject_datum8 [constructor, in backend.Mem]
+content_inject_incr [lemma, in backend.Mem]
+content_inject_undef [constructor, in backend.Mem]
+cont_for_outcome [inductive, in backend.Linearizeproof]
+Conventions [library]
+Coqlib [library]
+correct_alloc_instr [definition, in backend.Coloringproof]
+correct_interf_alloc_instr [lemma, in backend.Coloringproof]
+correct_interf_instr [definition, in backend.Coloringproof]
+correct_interf_instr_incl [lemma, in backend.Coloringproof]
+crbit [inductive, in backend.PPC]
+crbit_for_cond [definition, in backend.PPCgen]
+crbit_for_fcmp [definition, in backend.PPCgen]
+crbit_for_icmp [definition, in backend.PPCgen]
+CRbit_0 [constructor, in backend.PPC]
+CRbit_1 [constructor, in backend.PPC]
+CRbit_2 [constructor, in backend.PPC]
+CRbit_3 [constructor, in backend.PPC]
+CR0_0 [constructor, in backend.PPC]
+CR0_1 [constructor, in backend.PPC]
+CR0_2 [constructor, in backend.PPC]
+CR0_3 [constructor, in backend.PPC]
+CSE [library]
+CSEproof [library]
+Csharpminor [library]
+csr_case1 [constructor, in backend.Constprop]
+csr_case2 [constructor, in backend.Constprop]
+csr_default [constructor, in backend.Constprop]
+Csymbol_high_signed [constructor, in backend.PPC]
+Csymbol_high_unsigned [constructor, in backend.PPC]
+Csymbol_low_signed [constructor, in backend.PPC]
+Csymbol_low_unsigned [constructor, in backend.PPC]
+CTR [constructor, in backend.PPC]
+

D

+D [module, in backend.Constprop]
+Dataflow_Solver [module, in backend.Kildall]
+DATAFLOW_SOLVER [module, in backend.Kildall]
+Datum16 [constructor, in backend.Mem]
+Datum32 [constructor, in backend.Mem]
+Datum64 [constructor, in backend.Mem]
+Datum8 [constructor, in backend.Mem]
+decode [definition, in backend.RTLtyping]
+def [definition, in backend.Parallelmove]
+definite [definition, in backend.RTLtyping]
+definite_included [lemma, in backend.RTLtyping]
+destroyed_at_call [definition, in backend.Conventions]
+destroyed_at_call_regs [definition, in backend.Conventions]
+diff [definition, in backend.Locations]
+diff_dec [definition, in backend.Parallelmove]
+diff_not_eq [lemma, in backend.Locations]
+diff_sym [lemma, in backend.Locations]
+discard_top_worklist_invariant [lemma, in backend.Kildall]
+disc1 [lemma, in backend.Parallelmove]
+disc2 [lemma, in backend.Parallelmove]
+disjoint [definition, in backend.Locations]
+disjoint_cons_left [lemma, in backend.Locations]
+disjoint_cons_right [lemma, in backend.Locations]
+disjoint_notin [lemma, in backend.Locations]
+disjoint_sym [lemma, in backend.Locations]
+disjoint_tmp__noTmp [lemma, in backend.Parallelmove]
+dis_dsttmp1_pnilnil [lemma, in backend.Allocproof_aux]
+dis_srctmp1_pnilnil [lemma, in backend.Allocproof_aux]
+div [axiom, in lib.Floats]
+divf [definition, in backend.Values]
+divf [definition, in backend.Cmconstr]
+divs [definition, in backend.Cmconstr]
+divs [definition, in lib.Integers]
+divs [definition, in backend.Values]
+divs_pow2 [lemma, in lib.Integers]
+divs_pow2 [lemma, in backend.Values]
+divu [definition, in backend.Cmconstr]
+divu [definition, in backend.Values]
+divu [definition, in lib.Integers]
+divu_cases [inductive, in backend.Cmconstr]
+divu_case1 [constructor, in backend.Cmconstr]
+divu_default [constructor, in backend.Cmconstr]
+divu_match [definition, in backend.Cmconstr]
+divu_pow2 [lemma, in backend.Values]
+divu_pow2 [lemma, in lib.Integers]
+Done_notmp1src_inv [lemma, in backend.Allocproof_aux]
+Done_notmp1src_invf [lemma, in backend.Allocproof_aux]
+Done_notmp1src_invpp [lemma, in backend.Allocproof_aux]
+Done_notmp1src_res [lemma, in backend.Allocproof_aux]
+Done_notmp1_inv [lemma, in backend.Allocproof_aux]
+Done_notmp1_invf [lemma, in backend.Allocproof_aux]
+Done_notmp1_invpp [lemma, in backend.Allocproof_aux]
+Done_notmp1_res [lemma, in backend.Allocproof_aux]
+Done_notmp3_inv [lemma, in backend.Allocproof_aux]
+Done_notmp3_invf [lemma, in backend.Allocproof_aux]
+Done_notmp3_invpp [lemma, in backend.Allocproof_aux]
+Done_notmp3_res [lemma, in backend.Allocproof_aux]
+Done_well_formed [definition, in backend.Allocproof_aux]
+drop1 [definition, in backend.Conventions]
+drop2 [definition, in backend.Conventions]
+DS [module, in backend.Kildall]
+DS [module, in backend.Constprop]
+DS [module, in backend.Linearize]
+DS [module, in backend.Allocation]
+dstep [inductive, in backend.Parallelmove]
+dstepp [inductive, in backend.Parallelmove]
+dstepp_refl [constructor, in backend.Parallelmove]
+dstepp_sameExec [lemma, in backend.Parallelmove]
+dstepp_stepp [lemma, in backend.Parallelmove]
+dstepp_trans [constructor, in backend.Parallelmove]
+dstep_inv [lemma, in backend.Parallelmove]
+dstep_inv_getdst [lemma, in backend.Parallelmove]
+dstep_nop [constructor, in backend.Parallelmove]
+dstep_pop [constructor, in backend.Parallelmove]
+dstep_pop_loop [constructor, in backend.Parallelmove]
+dstep_push [constructor, in backend.Parallelmove]
+dstep_start [constructor, in backend.Parallelmove]
+dstep_step [lemma, in backend.Parallelmove]
+dst_tmp2_res [lemma, in backend.Allocproof_aux]
+dst_tmp2_step [lemma, in backend.Allocproof_aux]
+dst_tmp2_stepf [lemma, in backend.Allocproof_aux]
+dst_tmp2_stepp [lemma, in backend.Allocproof_aux]
+

E

+Eaddrof [constructor, in backend.Csharpminor]
+Eassign [constructor, in backend.Cminor]
+Eassign [constructor, in backend.Csharpminor]
+Ecall [constructor, in backend.Csharpminor]
+Ecall [constructor, in backend.Cminor]
+Econdition [constructor, in backend.Csharpminor]
+Econdition [constructor, in backend.Cminor]
+Econs [constructor, in backend.Cminor]
+Econs [constructor, in backend.Csharpminor]
+ELEMENT [module, in lib.union_find]
+elements [definition, in lib.Sets]
+elements [definition, in lib.Maps]
+elements_complete [lemma, in lib.Maps]
+elements_complete [lemma, in lib.Sets]
+elements_correct [lemma, in lib.Maps]
+elements_correct [lemma, in lib.Sets]
+elements_keys_norepet [lemma, in lib.Maps]
+Elet [constructor, in backend.Csharpminor]
+Elet [constructor, in backend.Cminor]
+Eletvar [constructor, in backend.Cminor]
+Eletvar [constructor, in backend.Csharpminor]
+Eload [constructor, in backend.Cminor]
+Eload [constructor, in backend.Csharpminor]
+elt [definition, in lib.Maps]
+elt [definition, in backend.RTLtyping]
+elt [definition, in lib.Sets]
+elt [definition, in lib.union_find]
+elt [definition, in lib.union_find]
+elt [definition, in lib.union_find]
+elt [definition, in lib.Maps]
+elt [definition, in lib.Maps]
+elt [definition, in lib.Maps]
+elt_eq [definition, in lib.Maps]
+elt_eq [definition, in lib.Maps]
+elt_eq [definition, in lib.Maps]
+elt_eq [definition, in lib.Maps]
+EMap [module, in lib.Maps]
+empty [definition, in lib.Sets]
+empty [definition, in lib.Maps]
+empty [definition, in lib.union_find]
+empty [definition, in backend.RTLtyping]
+empty [definition, in backend.Globalenvs]
+empty [definition, in backend.Mem]
+empty_block [definition, in backend.Mem]
+empty_env [definition, in backend.Csharpminor]
+empty_frame [definition, in backend.Machabstr]
+empty_graph [definition, in backend.InterfGraph]
+empty_numbering [definition, in backend.CSE]
+empty_numbering_satisfiable [lemma, in backend.CSE]
+encode [definition, in backend.RTLtyping]
+encode_decode [lemma, in backend.RTLtyping]
+encode_injective [lemma, in backend.RTLtyping]
+Enil [constructor, in backend.Csharpminor]
+Enil [constructor, in backend.Cminor]
+entrypoint_function_translated [lemma, in backend.Allocproof]
+enumerate [definition, in backend.Linearize]
+enumerate_complete [lemma, in backend.Linearizeproof]
+enumerate_head [lemma, in backend.Linearizeproof]
+enumerate_norepet [lemma, in backend.Linearizeproof]
+env [definition, in backend.Csharpminor]
+Env [definition, in backend.Parallelmove]
+env [definition, in backend.Cminor]
+Eop [constructor, in backend.Csharpminor]
+Eop [constructor, in backend.Cminor]
+eq [lemma, in backend.Constprop]
+eq [definition, in backend.Mach]
+eq [definition, in lib.Ordered]
+eq [definition, in backend.RTLtyping]
+eq [lemma, in lib.Lattice]
+eq [lemma, in lib.Sets]
+eq [definition, in backend.CSEproof]
+eq [lemma, in lib.Lattice]
+eq [lemma, in lib.Lattice]
+eq [lemma, in backend.Locations]
+eq [definition, in lib.Maps]
+eq [lemma, in lib.Maps]
+eq [definition, in backend.Locations]
+eq [definition, in lib.Ordered]
+eq [definition, in backend.Registers]
+eq [lemma, in lib.Maps]
+eq [definition, in lib.Ordered]
+eq [definition, in backend.PPC]
+eq [definition, in lib.Integers]
+eqm [definition, in lib.Integers]
+eqmod [definition, in lib.Integers]
+eqmod_add [lemma, in lib.Integers]
+eqmod_mod [lemma, in lib.Integers]
+eqmod_mod_eq [lemma, in lib.Integers]
+eqmod_mult [lemma, in lib.Integers]
+eqmod_neg [lemma, in lib.Integers]
+eqmod_refl [lemma, in lib.Integers]
+eqmod_refl2 [lemma, in lib.Integers]
+eqmod_small_eq [lemma, in lib.Integers]
+eqmod_sub [lemma, in lib.Integers]
+eqmod_sym [lemma, in lib.Integers]
+eqmod_trans [lemma, in lib.Integers]
+eqmod_256_unsigned_repr [lemma, in lib.Integers]
+eqmod_65536_unsigned_repr [lemma, in lib.Integers]
+eqm_add [lemma, in lib.Integers]
+eqm_mult [lemma, in lib.Integers]
+eqm_neg [lemma, in lib.Integers]
+eqm_refl [lemma, in lib.Integers]
+eqm_refl2 [lemma, in lib.Integers]
+eqm_samerepr [lemma, in lib.Integers]
+eqm_signed_unsigned [lemma, in lib.Integers]
+eqm_small_eq [lemma, in lib.Integers]
+eqm_sub [lemma, in lib.Integers]
+eqm_sym [lemma, in lib.Integers]
+eqm_trans [lemma, in lib.Integers]
+eqm_unsigned_repr [lemma, in lib.Integers]
+eqm_unsigned_repr_l [lemma, in lib.Integers]
+eqm_unsigned_repr_r [lemma, in lib.Integers]
+EQUALITY_TYPE [module, in lib.Maps]
+equal_eq [lemma, in backend.RTLtyping]
+equal_on_range [lemma, in lib.Integers]
+equation_evals_to_holds_1 [lemma, in backend.CSEproof]
+equation_evals_to_holds_2 [lemma, in backend.CSEproof]
+equation_holds [definition, in backend.CSE]
+eq_block [definition, in backend.Values]
+eq_dec [lemma, in lib.Integers]
+eq_dec [axiom, in lib.Floats]
+eq_false [lemma, in lib.Integers]
+eq_list_valnum [definition, in backend.CSE]
+eq_refl [lemma, in lib.Ordered]
+eq_refl [lemma, in lib.Ordered]
+eq_refl [lemma, in lib.Ordered]
+eq_rhs [definition, in backend.CSE]
+eq_spec [lemma, in lib.Integers]
+eq_sym [lemma, in lib.Ordered]
+eq_sym [lemma, in lib.Ordered]
+eq_sym [lemma, in lib.Integers]
+eq_sym [lemma, in lib.Ordered]
+eq_trans [lemma, in lib.Ordered]
+eq_trans [lemma, in lib.Ordered]
+eq_trans [lemma, in lib.Ordered]
+eq_true [lemma, in lib.Integers]
+eq_valnum [definition, in backend.CSE]
+eq_zero_false [axiom, in lib.Floats]
+eq_zero_true [axiom, in lib.Floats]
+Error [constructor, in backend.RTLgen]
+error [definition, in backend.RTLtyping]
+error [definition, in backend.RTLgen]
+Error [constructor, in backend.PPC]
+error_inconsistent [lemma, in backend.RTLtyping]
+Estore [constructor, in backend.Cminor]
+Estore [constructor, in backend.Csharpminor]
+eval_absfloat [lemma, in backend.Cmconstrproof]
+eval_add [lemma, in backend.Cmconstrproof]
+eval_addf [lemma, in backend.Cmconstrproof]
+eval_addimm [lemma, in backend.Cmconstrproof]
+eval_addimm_ptr [lemma, in backend.Cmconstrproof]
+eval_addressing [lemma, in backend.Cmconstrproof]
+eval_addressing [definition, in backend.Op]
+eval_addressing_preserved [lemma, in backend.Op]
+eval_addressing_total [definition, in backend.Op]
+eval_addressing_weaken [lemma, in backend.Op]
+eval_add_ptr [lemma, in backend.Cmconstrproof]
+eval_add_ptr_2 [lemma, in backend.Cmconstrproof]
+eval_and [lemma, in backend.Cmconstrproof]
+eval_andimm [lemma, in backend.Cmconstrproof]
+eval_base_condition_of_expr [lemma, in backend.Cmconstrproof]
+eval_cast16signed [lemma, in backend.Cmconstrproof]
+eval_cast16unsigned [lemma, in backend.Cmconstrproof]
+eval_cast8signed [lemma, in backend.Cmconstrproof]
+eval_cast8unsigned [lemma, in backend.Cmconstrproof]
+eval_cmp [lemma, in backend.Cmconstrproof]
+eval_cmpf [lemma, in backend.Cmconstrproof]
+eval_cmpu [lemma, in backend.Cmconstrproof]
+eval_cmp_null_l [lemma, in backend.Cmconstrproof]
+eval_cmp_null_r [lemma, in backend.Cmconstrproof]
+eval_cmp_ptr [lemma, in backend.Cmconstrproof]
+eval_compare_null [definition, in backend.Op]
+eval_compare_null [definition, in backend.Csharpminor]
+eval_compare_null_weaken [lemma, in backend.Op]
+eval_condition [definition, in backend.Op]
+eval_conditionalexpr_false [lemma, in backend.Cmconstrproof]
+eval_conditionalexpr_true [lemma, in backend.Cmconstrproof]
+eval_condition_of_expr [lemma, in backend.Cmconstrproof]
+eval_condition_total [definition, in backend.Op]
+eval_condition_total_is_bool [lemma, in backend.Op]
+eval_condition_weaken [lemma, in backend.Op]
+eval_divf [lemma, in backend.Cmconstrproof]
+eval_divs [lemma, in backend.Cmconstrproof]
+eval_divu [lemma, in backend.Cmconstrproof]
+eval_divu_base [lemma, in backend.Cmconstrproof]
+eval_Evar [constructor, in backend.Csharpminor]
+eval_Evar [constructor, in backend.Cminor]
+eval_expr [inductive, in backend.Csharpminor]
+eval_expr [inductive, in backend.Cminor]
+eval_exprlist_prop [definition, in backend.Cminorgenproof]
+eval_expr_prop [definition, in backend.Cminorgenproof]
+eval_floatofint [lemma, in backend.Cmconstrproof]
+eval_floatofintu [lemma, in backend.Cmconstrproof]
+eval_funcall_prop [definition, in backend.Cminorgenproof]
+eval_intoffloat [lemma, in backend.Cmconstrproof]
+eval_lift [lemma, in backend.Cmconstrproof]
+eval_lift_expr [lemma, in backend.Cmconstrproof]
+eval_load [lemma, in backend.Cmconstrproof]
+eval_mods [lemma, in backend.Cmconstrproof]
+eval_modu [lemma, in backend.Cmconstrproof]
+eval_mod_aux [lemma, in backend.Cmconstrproof]
+eval_mul [lemma, in backend.Cmconstrproof]
+eval_mulf [lemma, in backend.Cmconstrproof]
+eval_mulimm [lemma, in backend.Cmconstrproof]
+eval_mulimm_base [lemma, in backend.Cmconstrproof]
+eval_negate_condition [lemma, in backend.Op]
+eval_negfloat [lemma, in backend.Cmconstrproof]
+eval_negint [lemma, in backend.Cmconstrproof]
+eval_notbool [lemma, in backend.Cmconstrproof]
+eval_notbool_base [lemma, in backend.Cmconstrproof]
+eval_notint [lemma, in backend.Cmconstrproof]
+eval_operation [definition, in backend.Op]
+eval_operation [definition, in backend.Csharpminor]
+eval_operation_preserved [lemma, in backend.Op]
+eval_operation_total [definition, in backend.Op]
+eval_operation_weaken [lemma, in backend.Op]
+eval_or [lemma, in backend.Cmconstrproof]
+eval_rolm [lemma, in backend.Cmconstrproof]
+eval_shl [lemma, in backend.Cmconstrproof]
+eval_shlimm [lemma, in backend.Cmconstrproof]
+eval_shr [lemma, in backend.Cmconstrproof]
+eval_shru [lemma, in backend.Cmconstrproof]
+eval_shruimm [lemma, in backend.Cmconstrproof]
+eval_singleoffloat [lemma, in backend.Cmconstrproof]
+eval_static_condition [definition, in backend.Constprop]
+eval_static_condition_cases [inductive, in backend.Constprop]
+eval_static_condition_case1 [constructor, in backend.Constprop]
+eval_static_condition_case2 [constructor, in backend.Constprop]
+eval_static_condition_case3 [constructor, in backend.Constprop]
+eval_static_condition_case4 [constructor, in backend.Constprop]
+eval_static_condition_case5 [constructor, in backend.Constprop]
+eval_static_condition_case6 [constructor, in backend.Constprop]
+eval_static_condition_case7 [constructor, in backend.Constprop]
+eval_static_condition_case8 [constructor, in backend.Constprop]
+eval_static_condition_correct [lemma, in backend.Constpropproof]
+eval_static_condition_default [constructor, in backend.Constprop]
+eval_static_condition_match [definition, in backend.Constprop]
+eval_static_operation [definition, in backend.Constprop]
+eval_static_operation_cases [inductive, in backend.Constprop]
+eval_static_operation_case1 [constructor, in backend.Constprop]
+eval_static_operation_case11 [constructor, in backend.Constprop]
+eval_static_operation_case12 [constructor, in backend.Constprop]
+eval_static_operation_case13 [constructor, in backend.Constprop]
+eval_static_operation_case14 [constructor, in backend.Constprop]
+eval_static_operation_case15 [constructor, in backend.Constprop]
+eval_static_operation_case16 [constructor, in backend.Constprop]
+eval_static_operation_case17 [constructor, in backend.Constprop]
+eval_static_operation_case18 [constructor, in backend.Constprop]
+eval_static_operation_case19 [constructor, in backend.Constprop]
+eval_static_operation_case2 [constructor, in backend.Constprop]
+eval_static_operation_case20 [constructor, in backend.Constprop]
+eval_static_operation_case21 [constructor, in backend.Constprop]
+eval_static_operation_case22 [constructor, in backend.Constprop]
+eval_static_operation_case23 [constructor, in backend.Constprop]
+eval_static_operation_case24 [constructor, in backend.Constprop]
+eval_static_operation_case25 [constructor, in backend.Constprop]
+eval_static_operation_case26 [constructor, in backend.Constprop]
+eval_static_operation_case27 [constructor, in backend.Constprop]
+eval_static_operation_case28 [constructor, in backend.Constprop]
+eval_static_operation_case29 [constructor, in backend.Constprop]
+eval_static_operation_case3 [constructor, in backend.Constprop]
+eval_static_operation_case30 [constructor, in backend.Constprop]
+eval_static_operation_case31 [constructor, in backend.Constprop]
+eval_static_operation_case32 [constructor, in backend.Constprop]
+eval_static_operation_case33 [constructor, in backend.Constprop]
+eval_static_operation_case34 [constructor, in backend.Constprop]
+eval_static_operation_case35 [constructor, in backend.Constprop]
+eval_static_operation_case36 [constructor, in backend.Constprop]
+eval_static_operation_case37 [constructor, in backend.Constprop]
+eval_static_operation_case38 [constructor, in backend.Constprop]
+eval_static_operation_case39 [constructor, in backend.Constprop]
+eval_static_operation_case4 [constructor, in backend.Constprop]
+eval_static_operation_case40 [constructor, in backend.Constprop]
+eval_static_operation_case41 [constructor, in backend.Constprop]
+eval_static_operation_case42 [constructor, in backend.Constprop]
+eval_static_operation_case43 [constructor, in backend.Constprop]
+eval_static_operation_case44 [constructor, in backend.Constprop]
+eval_static_operation_case45 [constructor, in backend.Constprop]
+eval_static_operation_case46 [constructor, in backend.Constprop]
+eval_static_operation_case47 [constructor, in backend.Constprop]
+eval_static_operation_case6 [constructor, in backend.Constprop]
+eval_static_operation_case7 [constructor, in backend.Constprop]
+eval_static_operation_case8 [constructor, in backend.Constprop]
+eval_static_operation_case9 [constructor, in backend.Constprop]
+eval_static_operation_correct [lemma, in backend.Constpropproof]
+eval_static_operation_default [constructor, in backend.Constprop]
+eval_static_operation_match [definition, in backend.Constprop]
+eval_store [lemma, in backend.Cmconstrproof]
+eval_sub [lemma, in backend.Cmconstrproof]
+eval_subf [lemma, in backend.Cmconstrproof]
+eval_sub_ptr_int [lemma, in backend.Cmconstrproof]
+eval_sub_ptr_ptr [lemma, in backend.Cmconstrproof]
+eval_xor [lemma, in backend.Cmconstrproof]
+Evar [constructor, in backend.Cminor]
+Evar [constructor, in backend.Csharpminor]
+exec [definition, in backend.Parallelmove]
+exec_Bgetstack [constructor, in backend.LTL]
+exec_blocks_Bgoto_inv [lemma, in backend.Tunnelingproof]
+exec_blocks_extends [lemma, in backend.LTL]
+exec_blocks_prop [definition, in backend.Linearizeproof]
+exec_blocks_prop [definition, in backend.Tunnelingproof]
+exec_blocks_valid_outcome [lemma, in backend.Linearizeproof]
+exec_block_Bgoto_inv [lemma, in backend.Tunnelingproof]
+exec_block_prop [definition, in backend.Linearizeproof]
+exec_block_prop [definition, in backend.Tunnelingproof]
+exec_function_body_prop [definition, in backend.Machabstr2mach]
+exec_function_body_prop [definition, in backend.PPCgenproof]
+exec_function_body_prop [definition, in backend.Machtyping]
+exec_function_body_prop_ [lemma, in backend.PPCgenproof]
+exec_function_equiv [lemma, in backend.Machabstr2mach]
+exec_function_prop [definition, in backend.Stackingproof]
+exec_function_prop [definition, in backend.Machtyping]
+exec_function_prop [definition, in backend.PPCgenproof]
+exec_function_prop [definition, in backend.Constpropproof]
+exec_function_prop [definition, in backend.Linearizeproof]
+exec_function_prop [definition, in backend.Machabstr2mach]
+exec_function_prop [definition, in backend.CSEproof]
+exec_function_prop [definition, in backend.Tunnelingproof]
+exec_function_prop [definition, in backend.Allocproof]
+exec_function_prop_ [lemma, in backend.PPCgenproof]
+exec_function_subject_reduction [definition, in backend.RTLtyping]
+exec_ifthenelse_false [lemma, in backend.Cmconstrproof]
+exec_ifthenelse_true [lemma, in backend.Cmconstrproof]
+exec_Iload [constructor, in backend.RTL]
+exec_Iload' [lemma, in backend.RTL]
+exec_Inop [constructor, in backend.RTL]
+exec_instr [inductive, in backend.Machabstr]
+exec_instr [inductive, in backend.RTL]
+exec_instr [inductive, in backend.LTL]
+exec_instr [inductive, in backend.Linear]
+exec_instr [inductive, in backend.Mach]
+exec_instr [definition, in backend.PPC]
+exec_instrs_Bgoto_inv [lemma, in backend.Tunnelingproof]
+exec_instrs_extends [lemma, in backend.RTLgenproof1]
+exec_instrs_extends_rec [lemma, in backend.RTLgenproof1]
+exec_instrs_incl [lemma, in backend.Stackingproof]
+exec_instrs_incl [lemma, in backend.PPCgenproof]
+exec_instrs_incr [lemma, in backend.RTLgenproof1]
+exec_instrs_link_invariant [lemma, in backend.Machtyping]
+exec_instrs_pmov [lemma, in backend.Allocproof_aux]
+exec_instrs_present [lemma, in backend.RTL]
+exec_instrs_prop [definition, in backend.Allocproof]
+exec_instrs_prop [definition, in backend.Tunnelingproof]
+exec_instrs_prop [definition, in backend.Machabstr2mach]
+exec_instrs_prop [definition, in backend.CSEproof]
+exec_instrs_prop [definition, in backend.Constpropproof]
+exec_instrs_prop [definition, in backend.Linearizeproof]
+exec_instr_extends [lemma, in backend.RTLgenproof1]
+exec_instr_extends_rec [lemma, in backend.RTLgenproof1]
+exec_instr_incl [lemma, in backend.PPCgenproof]
+exec_instr_incl [lemma, in backend.Stackingproof]
+exec_instr_incr [lemma, in backend.RTLgenproof1]
+exec_instr_in_s2 [lemma, in backend.RTLgenproof1]
+exec_instr_link_invariant [lemma, in backend.Machtyping]
+exec_instr_not_halt [lemma, in backend.RTLgenproof1]
+exec_instr_present [lemma, in backend.RTL]
+exec_instr_prop [definition, in backend.Allocproof]
+exec_instr_prop [definition, in backend.Machabstr2mach]
+exec_instr_prop [definition, in backend.Machtyping]
+exec_instr_prop [definition, in backend.Constpropproof]
+exec_instr_prop [definition, in backend.CSEproof]
+exec_instr_prop [definition, in backend.Tunnelingproof]
+exec_instr_prop [definition, in backend.Stackingproof]
+exec_instr_prop [definition, in backend.Linearizeproof]
+exec_instr_prop [definition, in backend.PPCgenproof]
+exec_instr_subject_reduction [definition, in backend.RTLtyping]
+exec_instr_update [lemma, in backend.Allocproof_aux]
+exec_Iop [constructor, in backend.RTL]
+exec_Iop' [lemma, in backend.RTL]
+exec_Lgetstack [constructor, in backend.Linear]
+exec_Mcall_prop [lemma, in backend.PPCgenproof]
+exec_Mcond_false_prop [lemma, in backend.PPCgenproof]
+exec_Mcond_true_prop [lemma, in backend.PPCgenproof]
+exec_Mgetparam [constructor, in backend.Mach]
+exec_Mgetparam_prop [lemma, in backend.PPCgenproof]
+exec_Mgetstack [constructor, in backend.Mach]
+exec_Mgetstack [constructor, in backend.Machabstr]
+exec_Mgetstack' [lemma, in backend.Stackingproof]
+exec_Mgetstack_prop [lemma, in backend.PPCgenproof]
+exec_Mgoto_prop [lemma, in backend.PPCgenproof]
+exec_Mlabel [constructor, in backend.Mach]
+exec_Mlabel [constructor, in backend.Machabstr]
+exec_Mlabel_prop [lemma, in backend.PPCgenproof]
+exec_Mload_prop [lemma, in backend.PPCgenproof]
+exec_Mop_prop [lemma, in backend.PPCgenproof]
+exec_Msetstack [constructor, in backend.Mach]
+exec_Msetstack' [lemma, in backend.Stackingproof]
+exec_Msetstack_prop [lemma, in backend.PPCgenproof]
+exec_Mstore_prop [lemma, in backend.PPCgenproof]
+exec_mutual_induction [lemma, in backend.Machabstr]
+exec_one [constructor, in backend.PPC]
+exec_one_prop [lemma, in backend.PPCgenproof]
+exec_program [definition, in backend.Csharpminor]
+exec_program [definition, in backend.LTL]
+exec_program [definition, in backend.Cminor]
+exec_program [definition, in backend.RTL]
+exec_program [definition, in backend.Mach]
+exec_program [definition, in backend.Machabstr]
+exec_program [definition, in backend.Linear]
+exec_program [definition, in backend.PPC]
+exec_program_equiv [lemma, in backend.Machabstr2mach]
+exec_refl [constructor, in backend.PPC]
+exec_refl_prop [lemma, in backend.PPCgenproof]
+exec_step [lemma, in backend.RTL]
+exec_step [inductive, in backend.PPC]
+exec_steps [inductive, in backend.PPC]
+exec_step_intro [constructor, in backend.PPC]
+exec_stmtlist_prop [definition, in backend.Cminorgenproof]
+exec_stmt_prop [definition, in backend.Cminorgenproof]
+exec_straight [inductive, in backend.PPCgenproof1]
+exec_straight_exec_prop [lemma, in backend.PPCgenproof]
+exec_straight_one [lemma, in backend.PPCgenproof1]
+exec_straight_refl [constructor, in backend.PPCgenproof1]
+exec_straight_step [constructor, in backend.PPCgenproof1]
+exec_straight_steps [lemma, in backend.PPCgenproof]
+exec_straight_steps_1 [lemma, in backend.PPCgenproof]
+exec_straight_steps_2 [lemma, in backend.PPCgenproof]
+exec_straight_three [lemma, in backend.PPCgenproof1]
+exec_straight_trans [lemma, in backend.PPCgenproof1]
+exec_straight_two [lemma, in backend.PPCgenproof1]
+exec_trans [constructor, in backend.PPC]
+exec_trans_prop [lemma, in backend.PPCgenproof]
+expr [inductive, in backend.Csharpminor]
+expr [inductive, in backend.Cminor]
+exprlist [inductive, in backend.Csharpminor]
+exprlist [inductive, in backend.Cminor]
+expr_condexpr_exprlist_ind [lemma, in backend.RTLgenproof1]
+exten [lemma, in lib.Maps]
+extends [definition, in backend.Mem]
+extends_refl [lemma, in backend.Mem]
+extend_inject [definition, in backend.Mem]
+extend_inject_incr [lemma, in backend.Mem]
+extensionality [axiom, in lib.Coqlib]
+

F

+find_funct [definition, in backend.Globalenvs]
+find_function [definition, in backend.LTL]
+find_function [definition, in backend.Mach]
+find_function [definition, in backend.RTL]
+find_function [definition, in backend.Linear]
+find_function2 [definition, in backend.Allocproof]
+find_funct_find_funct_ptr [lemma, in backend.Globalenvs]
+find_funct_inv [lemma, in backend.Globalenvs]
+find_funct_prop [lemma, in backend.Globalenvs]
+find_funct_ptr [definition, in backend.Globalenvs]
+find_funct_ptr_inv [lemma, in backend.Globalenvs]
+find_funct_ptr_prop [lemma, in backend.Globalenvs]
+find_funct_ptr_transf [lemma, in backend.Globalenvs]
+find_funct_ptr_transf_partial [lemma, in backend.Globalenvs]
+find_funct_transf [lemma, in backend.Globalenvs]
+find_funct_transf_partial [lemma, in backend.Globalenvs]
+find_instr [definition, in backend.PPC]
+find_instr_in [lemma, in backend.PPCgenproof]
+find_instr_tail [lemma, in backend.PPCgenproof]
+find_label [definition, in backend.Mach]
+find_label [definition, in backend.PPCgenproof]
+find_label [definition, in backend.Linear]
+find_label_cleanup_code [lemma, in backend.Linearizeproof]
+find_label_goto_label [lemma, in backend.PPCgenproof]
+find_label_incl [lemma, in backend.Stackingproof]
+find_label_lin [lemma, in backend.Linearizeproof]
+find_label_lin_block [lemma, in backend.Linearizeproof]
+find_label_lin_rec [lemma, in backend.Linearizeproof]
+find_label_transl_code [lemma, in backend.Stackingproof]
+find_label_unique [lemma, in backend.Linearizeproof]
+find_letvar [definition, in backend.RTLgen]
+find_letvar_incr [lemma, in backend.RTLgenproof1]
+find_letvar_in_map [lemma, in backend.RTLgenproof1]
+find_letvar_not_mutated [lemma, in backend.RTLgenproof1]
+find_letvar_valid [lemma, in backend.RTLgenproof1]
+find_load [definition, in backend.CSE]
+find_load_correct [lemma, in backend.CSEproof]
+find_op [definition, in backend.CSE]
+find_op_correct [lemma, in backend.CSEproof]
+find_rhs [definition, in backend.CSE]
+find_rhs_correct [lemma, in backend.CSEproof]
+find_symbol [definition, in backend.Globalenvs]
+find_symbol_inv [lemma, in backend.Globalenvs]
+find_symbol_offset [definition, in backend.Op]
+find_symbol_transf [lemma, in backend.Globalenvs]
+find_symbol_transf_partial [lemma, in backend.Globalenvs]
+find_valnum_rhs [definition, in backend.CSE]
+find_valnum_rhs_correct [lemma, in backend.CSEproof]
+find_var [definition, in backend.RTLgen]
+find_var_incr [lemma, in backend.RTLgenproof1]
+find_var_in_map [lemma, in backend.RTLgenproof1]
+find_var_not_mutated [lemma, in backend.RTLgenproof1]
+find_var_valid [lemma, in backend.RTLgenproof1]
+fixpoint [definition, in backend.Kildall]
+fixpoint [definition, in backend.Kildall]
+fixpoint [definition, in backend.Kildall]
+fixpoint_entry [lemma, in backend.Kildall]
+fixpoint_entry [lemma, in backend.Kildall]
+fixpoint_entry [lemma, in backend.Kildall]
+fixpoint_incr [lemma, in backend.Kildall]
+fixpoint_invariant [lemma, in backend.Kildall]
+fixpoint_solution [lemma, in backend.Kildall]
+fixpoint_solution [lemma, in backend.Kildall]
+fixpoint_solution [lemma, in backend.Kildall]
+FI_arg [constructor, in backend.Stacking]
+FI_local [constructor, in backend.Stacking]
+FI_saved_float [constructor, in backend.Stacking]
+FI_saved_int [constructor, in backend.Stacking]
+flatten [definition, in lib.Inclusion]
+flatten_aux [definition, in lib.Inclusion]
+flatten_aux_valid_A [lemma, in lib.Inclusion]
+flatten_valid_A [lemma, in lib.Inclusion]
+float [axiom, in lib.Floats]
+Float [module, in lib.Floats]
+floatcomp [definition, in backend.PPCgen]
+floatcomp_correct [lemma, in backend.PPCgenproof1]
+floatofint [definition, in backend.Values]
+floatofint [axiom, in lib.Floats]
+floatofint [definition, in backend.Cmconstr]
+floatofintu [definition, in backend.Cmconstr]
+floatofintu [definition, in backend.Values]
+floatofintu [axiom, in lib.Floats]
+Floats [library]
+float_callee_save [definition, in backend.Lineartyping]
+float_callee_save_bound [lemma, in backend.Linearizetyping]
+float_callee_save_norepet [lemma, in backend.Conventions]
+float_callee_save_not_destroyed [lemma, in backend.Conventions]
+float_callee_save_regs [definition, in backend.Conventions]
+float_callee_save_type [lemma, in backend.Conventions]
+float_local [definition, in backend.Lineartyping]
+float_local_slot_bound [lemma, in backend.Linearizetyping]
+float_param_regs [definition, in backend.Conventions]
+fn_params_names [definition, in backend.Csharpminor]
+fn_variables [definition, in backend.Csharpminor]
+fn_vars_names [definition, in backend.Csharpminor]
+fold [definition, in lib.Sets]
+fold [definition, in lib.Maps]
+fold2 [definition, in backend.RTLtyping]
+fold_spec [lemma, in lib.Maps]
+fold_spec [lemma, in lib.Sets]
+for_all [definition, in lib.Sets]
+for_all_spec [lemma, in lib.Sets]
+Fpmov_correct [lemma, in backend.Parallelmove]
+Fpmov_correctMoves [lemma, in backend.Parallelmove]
+Fpmov_correct1 [lemma, in backend.Parallelmove]
+Fpmov_correct2 [lemma, in backend.Parallelmove]
+Fpmov_correct_ext [lemma, in backend.Parallelmove]
+Fpmov_correct_IT3 [lemma, in backend.Parallelmove]
+Fpmov_correct_map [lemma, in backend.Parallelmove]
+FPR0 [constructor, in backend.PPC]
+FPR1 [constructor, in backend.PPC]
+FPR10 [constructor, in backend.PPC]
+FPR11 [constructor, in backend.PPC]
+FPR12 [constructor, in backend.PPC]
+FPR13 [constructor, in backend.PPC]
+FPR14 [constructor, in backend.PPC]
+FPR15 [constructor, in backend.PPC]
+FPR16 [constructor, in backend.PPC]
+FPR17 [constructor, in backend.PPC]
+FPR18 [constructor, in backend.PPC]
+FPR19 [constructor, in backend.PPC]
+FPR2 [constructor, in backend.PPC]
+FPR20 [constructor, in backend.PPC]
+FPR21 [constructor, in backend.PPC]
+FPR22 [constructor, in backend.PPC]
+FPR23 [constructor, in backend.PPC]
+FPR24 [constructor, in backend.PPC]
+FPR25 [constructor, in backend.PPC]
+FPR26 [constructor, in backend.PPC]
+FPR27 [constructor, in backend.PPC]
+FPR28 [constructor, in backend.PPC]
+FPR29 [constructor, in backend.PPC]
+FPR3 [constructor, in backend.PPC]
+FPR30 [constructor, in backend.PPC]
+FPR31 [constructor, in backend.PPC]
+FPR4 [constructor, in backend.PPC]
+FPR5 [constructor, in backend.PPC]
+FPR6 [constructor, in backend.PPC]
+FPR7 [constructor, in backend.PPC]
+FPR8 [constructor, in backend.PPC]
+FPR9 [constructor, in backend.PPC]
+FR [constructor, in backend.PPC]
+frame [inductive, in backend.Cminorgenproof]
+frame [definition, in backend.Machabstr]
+frame_env [inductive, in backend.Stacking]
+frame_index [inductive, in backend.Stacking]
+frame_match [inductive, in backend.Machabstr2mach]
+frame_match_alloc [lemma, in backend.Machabstr2mach]
+frame_match_exten [lemma, in backend.Machabstr2mach]
+frame_match_free [lemma, in backend.Machabstr2mach]
+frame_match_get_slot [lemma, in backend.Machabstr2mach]
+frame_match_intro [constructor, in backend.Machabstr2mach]
+frame_match_load [lemma, in backend.Machabstr2mach]
+frame_match_new [lemma, in backend.Machabstr2mach]
+frame_match_set_slot [lemma, in backend.Machabstr2mach]
+frame_match_store [lemma, in backend.Machabstr2mach]
+frame_match_store_ok [lemma, in backend.Machabstr2mach]
+frame_match_store_stack_other [lemma, in backend.Machabstr2mach]
+free [definition, in backend.Mem]
+free_empty_bounds [lemma, in backend.Mem]
+free_extends [lemma, in backend.Mem]
+free_first_inject [lemma, in backend.Mem]
+free_first_list_inject [lemma, in backend.Mem]
+free_inject [lemma, in backend.Mem]
+free_list [definition, in backend.Mem]
+free_snd_inject [lemma, in backend.Mem]
+freg [inductive, in backend.PPC]
+freg_eq [lemma, in backend.PPC]
+freg_of [definition, in backend.PPCgen]
+freg_of_is_data_reg [lemma, in backend.PPCgenproof1]
+freg_of_not_FPR13 [lemma, in backend.PPCgenproof1]
+freg_val [lemma, in backend.PPCgenproof1]
+fresh_block_alloc [lemma, in backend.Mem]
+FT1 [constructor, in backend.Locations]
+FT2 [constructor, in backend.Locations]
+FT3 [constructor, in backend.Locations]
+function [inductive, in backend.Mach]
+function [inductive, in backend.Csharpminor]
+function [inductive, in backend.RTL]
+function [inductive, in backend.LTL]
+function [inductive, in backend.Cminor]
+function [inductive, in backend.Linear]
+functions_globalenv [lemma, in backend.Globalenvs]
+functions_translated [lemma, in backend.Constpropproof]
+functions_translated [lemma, in backend.Tunnelingproof]
+functions_translated [lemma, in backend.PPCgenproof]
+functions_translated [lemma, in backend.Allocproof]
+functions_translated [lemma, in backend.Linearizeproof]
+functions_translated [lemma, in backend.Stackingproof]
+functions_translated [lemma, in backend.CSEproof]
+functions_translated [lemma, in backend.Cminorgenproof]
+functions_translated [lemma, in backend.RTLgenproof]
+functions_translated_no_overflow [lemma, in backend.PPCgenproof]
+functions_translated_2 [lemma, in backend.PPCgenproof]
+function_bounds [definition, in backend.Lineartyping]
+function_entry_ok [lemma, in backend.Cminorgenproof]
+function_ptr_translated [lemma, in backend.Linearizeproof]
+function_ptr_translated [lemma, in backend.Allocproof]
+function_ptr_translated [lemma, in backend.Stackingproof]
+function_ptr_translated [lemma, in backend.Cminorgenproof]
+function_ptr_translated [lemma, in backend.RTLgenproof]
+function_ptr_translated [lemma, in backend.Constpropproof]
+function_ptr_translated [lemma, in backend.Tunnelingproof]
+funct_ptr_translated [lemma, in backend.CSEproof]
+F1 [constructor, in backend.Locations]
+F10 [constructor, in backend.Locations]
+F14 [constructor, in backend.Locations]
+F15 [constructor, in backend.Locations]
+F16 [constructor, in backend.Locations]
+F17 [constructor, in backend.Locations]
+F18 [constructor, in backend.Locations]
+F19 [constructor, in backend.Locations]
+F2 [constructor, in backend.Locations]
+f2ind [lemma, in backend.Parallelmove]
+f2ind' [lemma, in backend.Parallelmove]
+F20 [constructor, in backend.Locations]
+F21 [constructor, in backend.Locations]
+F22 [constructor, in backend.Locations]
+F23 [constructor, in backend.Locations]
+F24 [constructor, in backend.Locations]
+F25 [constructor, in backend.Locations]
+F26 [constructor, in backend.Locations]
+F27 [constructor, in backend.Locations]
+F28 [constructor, in backend.Locations]
+F29 [constructor, in backend.Locations]
+F3 [constructor, in backend.Locations]
+F30 [constructor, in backend.Locations]
+F31 [constructor, in backend.Locations]
+F4 [constructor, in backend.Locations]
+F5 [constructor, in backend.Locations]
+F6 [constructor, in backend.Locations]
+F7 [constructor, in backend.Locations]
+F8 [constructor, in backend.Locations]
+F9 [constructor, in backend.Locations]
+

G

+gcombine [lemma, in lib.Maps]
+ge [definition, in lib.Lattice]
+ge [definition, in backend.CSE]
+ge [definition, in lib.Lattice]
+ge [definition, in backend.Constprop]
+ge [definition, in lib.Lattice]
+ge [definition, in lib.Sets]
+gempty [lemma, in lib.Maps]
+genv [definition, in backend.Cminor]
+genv [definition, in backend.LTL]
+Genv [module, in backend.Globalenvs]
+genv [definition, in backend.PPC]
+GENV [module, in backend.Globalenvs]
+genv [definition, in backend.Csharpminor]
+genv [inductive, in backend.Globalenvs]
+genv [definition, in backend.RTL]
+genv [definition, in backend.Mach]
+genv [definition, in backend.Linear]
+get [definition, in lib.Maps]
+get [definition, in lib.Maps]
+get [definition, in lib.Maps]
+Get [definition, in backend.Parallelmove]
+get [definition, in backend.Locations]
+get [definition, in lib.Lattice]
+get [definition, in lib.Maps]
+get [definition, in backend.Parallelmove]
+get [definition, in backend.RTLtyping]
+getdst [definition, in backend.Parallelmove]
+getdst_add [lemma, in backend.Parallelmove]
+getdst_app [lemma, in backend.Parallelmove]
+getdst_f [lemma, in backend.Alloctyping_aux]
+getdst_lists2moves [lemma, in backend.Allocproof_aux]
+getdst_map [lemma, in backend.Parallelmove]
+getN [definition, in backend.Mem]
+getN_agree [lemma, in backend.Mem]
+getN_init [lemma, in backend.Mem]
+getN_inject [lemma, in backend.Mem]
+getN_setN_mismatch [lemma, in backend.Mem]
+getN_setN_other [lemma, in backend.Mem]
+getN_setN_overlap [lemma, in backend.Mem]
+getN_setN_same [lemma, in backend.Mem]
+getsrc [definition, in backend.Parallelmove]
+getsrcdst_app [lemma, in backend.Allocproof_aux]
+getsrc_add [lemma, in backend.Parallelmove]
+getsrc_add1 [lemma, in backend.Parallelmove]
+getsrc_app [lemma, in backend.Parallelmove]
+getsrc_f [lemma, in backend.Alloctyping_aux]
+getsrc_map [lemma, in backend.Parallelmove]
+get_add_1 [lemma, in backend.RTLtyping]
+get_add_2 [lemma, in backend.RTLtyping]
+get_bot [lemma, in lib.Lattice]
+get_empty [lemma, in backend.RTLtyping]
+get_noWrite [lemma, in backend.Parallelmove]
+get_pexec_id_noWrite [lemma, in backend.Parallelmove]
+get_slot [inductive, in backend.Machabstr]
+get_slot_index [lemma, in backend.Stackingproof]
+get_slot_intro [constructor, in backend.Machabstr]
+get_slot_ok [lemma, in backend.Stackingproof]
+get_top [lemma, in lib.Lattice]
+get_update [lemma, in backend.Parallelmove]
+get_update_diff [lemma, in backend.Parallelmove]
+get_update_id [lemma, in backend.Parallelmove]
+get_update_ndiff [lemma, in backend.Parallelmove]
+get_xget_h [lemma, in lib.Maps]
+ge_bot [lemma, in lib.Lattice]
+ge_bot [lemma, in lib.Lattice]
+ge_bot [lemma, in lib.Sets]
+ge_bot [lemma, in lib.Lattice]
+ge_bot [lemma, in backend.Constprop]
+ge_lub_left [lemma, in lib.Lattice]
+ge_lub_left [lemma, in lib.Sets]
+ge_lub_left [lemma, in backend.Constprop]
+ge_lub_left [lemma, in lib.Lattice]
+ge_lub_left [lemma, in lib.Lattice]
+ge_lub_right [lemma, in lib.Sets]
+ge_refl [lemma, in lib.Lattice]
+ge_refl [lemma, in lib.Sets]
+ge_refl [lemma, in lib.Lattice]
+ge_refl [lemma, in lib.Lattice]
+ge_refl [lemma, in backend.Constprop]
+ge_top [lemma, in lib.Lattice]
+ge_top [lemma, in backend.Constprop]
+ge_top [lemma, in lib.Lattice]
+ge_top [lemma, in lib.Lattice]
+ge_trans [lemma, in lib.Lattice]
+ge_trans [lemma, in backend.Constprop]
+ge_trans [lemma, in lib.Sets]
+ge_trans [lemma, in lib.Lattice]
+ge_trans [lemma, in lib.Lattice]
+gi [lemma, in lib.Maps]
+gi [lemma, in lib.Maps]
+gi [lemma, in lib.Maps]
+gleaf [lemma, in lib.Maps]
+globalenv [definition, in backend.Globalenvs]
+Globalenvs [library]
+globalenv_initmem [definition, in backend.Globalenvs]
+gmap [lemma, in lib.Maps]
+gmap [lemma, in lib.Maps]
+gmap [lemma, in lib.Maps]
+gmap [lemma, in lib.Maps]
+good_state [definition, in backend.Kildall]
+goto_label [definition, in backend.PPC]
+GPR0 [constructor, in backend.PPC]
+GPR1 [constructor, in backend.PPC]
+GPR10 [constructor, in backend.PPC]
+GPR11 [constructor, in backend.PPC]
+GPR12 [constructor, in backend.PPC]
+GPR13 [constructor, in backend.PPC]
+GPR14 [constructor, in backend.PPC]
+GPR15 [constructor, in backend.PPC]
+GPR16 [constructor, in backend.PPC]
+GPR17 [constructor, in backend.PPC]
+GPR18 [constructor, in backend.PPC]
+GPR19 [constructor, in backend.PPC]
+GPR2 [constructor, in backend.PPC]
+GPR20 [constructor, in backend.PPC]
+GPR21 [constructor, in backend.PPC]
+GPR22 [constructor, in backend.PPC]
+GPR23 [constructor, in backend.PPC]
+GPR24 [constructor, in backend.PPC]
+GPR25 [constructor, in backend.PPC]
+GPR26 [constructor, in backend.PPC]
+GPR27 [constructor, in backend.PPC]
+GPR28 [constructor, in backend.PPC]
+GPR29 [constructor, in backend.PPC]
+GPR3 [constructor, in backend.PPC]
+GPR30 [constructor, in backend.PPC]
+GPR31 [constructor, in backend.PPC]
+GPR4 [constructor, in backend.PPC]
+GPR5 [constructor, in backend.PPC]
+GPR6 [constructor, in backend.PPC]
+GPR7 [constructor, in backend.PPC]
+GPR8 [constructor, in backend.PPC]
+GPR9 [constructor, in backend.PPC]
+gpr_or_zero [definition, in backend.PPC]
+gpr_or_zero_not_zero [lemma, in backend.PPCgenproof1]
+gpr_or_zero_zero [lemma, in backend.PPCgenproof1]
+graph [inductive, in backend.InterfGraph]
+graph_coloring [axiom, in backend.Coloring]
+graph_incl [definition, in backend.InterfGraph]
+graph_incl_refl [lemma, in backend.Coloringproof]
+graph_incl_trans [lemma, in backend.InterfGraph]
+gro [lemma, in lib.Maps]
+grs [lemma, in lib.Maps]
+gsident [lemma, in lib.Maps]
+gsident [lemma, in lib.Maps]
+gsident [lemma, in lib.Maps]
+gso [lemma, in lib.Maps]
+gso [lemma, in backend.Locations]
+gso [lemma, in lib.Maps]
+gso [lemma, in lib.Maps]
+gso [lemma, in lib.Lattice]
+gso [lemma, in lib.Maps]
+gss [lemma, in lib.Maps]
+gss [lemma, in lib.Maps]
+gss [lemma, in backend.Locations]
+gss [lemma, in lib.Maps]
+gss [lemma, in lib.Lattice]
+gss [lemma, in lib.Maps]
+gsspec [lemma, in lib.Maps]
+gsspec [lemma, in lib.Maps]
+gsspec [lemma, in lib.Maps]
+gsspec [lemma, in lib.Maps]
+

H

+half_modulus [definition, in lib.Integers]
+has_type [definition, in backend.Values]
+has_type_list [definition, in backend.Values]
+head_but_last [definition, in backend.Parallelmove]
+high_bound [definition, in backend.Mem]
+high_bound_alloc [lemma, in backend.Mem]
+high_bound_free [lemma, in backend.Mem]
+high_bound_store [lemma, in backend.Mem]
+high_half_signed [axiom, in backend.PPC]
+high_half_signed_type [axiom, in backend.PPC]
+high_half_signed_zero [lemma, in backend.PPCgenproof1]
+high_half_unsigned [axiom, in backend.PPC]
+high_half_unsigned_type [axiom, in backend.PPC]
+high_half_unsigned_zero [lemma, in backend.PPCgenproof1]
+high_s [definition, in backend.PPCgen]
+high_u [definition, in backend.PPCgen]
+

I

+ident [definition, in backend.AST]
+identify [definition, in lib.union_find]
+identify_aux_decomp [lemma, in lib.union_find]
+identify_base [definition, in lib.union_find]
+identify_base_a_maps_to_b [lemma, in lib.union_find]
+identify_base_b_canon [lemma, in lib.union_find]
+identify_base_order_wf [lemma, in lib.union_find]
+identify_base_repr [lemma, in lib.union_find]
+identify_base_repr_order [lemma, in lib.union_find]
+identify_base_sameclass_1 [lemma, in lib.union_find]
+identify_base_sameclass_2 [lemma, in lib.union_find]
+Identset [module, in backend.Cminorgen]
+ident_eq [definition, in backend.AST]
+ifthenelse [definition, in backend.Cmconstr]
+IMap [module, in lib.Maps]
+immediate [inductive, in backend.PPC]
+immediate [inductive, in backend.PPC]
+immediate [inductive, in backend.PPC]
+immediate [inductive, in backend.PPC]
+immediate [inductive, in backend.PPC]
+immediate [inductive, in backend.PPC]
+included [definition, in backend.RTLtyping]
+included_consistent [lemma, in backend.RTLtyping]
+included_identify [lemma, in backend.RTLtyping]
+included_mapped [lemma, in backend.RTLtyping]
+included_mapped_forall [lemma, in backend.RTLtyping]
+included_refl [lemma, in backend.RTLtyping]
+included_trans [lemma, in backend.RTLtyping]
+Inclusion [library]
+inclusion_theorem [lemma, in lib.Inclusion]
+incl_app_inv_l [lemma, in lib.Coqlib]
+incl_app_inv_r [lemma, in lib.Coqlib]
+incl_cons_inv [lemma, in lib.Coqlib]
+incl_dst [lemma, in backend.Alloctyping_aux]
+incl_find_label [lemma, in backend.Machtyping]
+incl_nil [lemma, in backend.Alloctyping_aux]
+incl_same_head [lemma, in lib.Coqlib]
+incl_src [lemma, in backend.Alloctyping_aux]
+Incoming [constructor, in backend.Locations]
+Incoming [inductive, in backend.LTLtyping]
+Incoming [inductive, in backend.Lineartyping]
+index [definition, in backend.Locations]
+index [definition, in lib.Maps]
+index [definition, in lib.Maps]
+IndexedMreg [module, in backend.Locations]
+INDEXED_TYPE [module, in lib.Maps]
+index_arg_valid [lemma, in backend.Stackingproof]
+index_diff [definition, in backend.Stackingproof]
+index_float_callee_save [definition, in backend.Conventions]
+index_float_callee_save_inj [lemma, in backend.Conventions]
+index_float_callee_save_pos [lemma, in backend.Conventions]
+index_float_callee_save_pos2 [lemma, in backend.Conventions]
+index_inj [lemma, in lib.Maps]
+index_inj [lemma, in backend.Locations]
+index_inj [lemma, in lib.Maps]
+index_int_callee_save [definition, in backend.Conventions]
+index_int_callee_save_inj [lemma, in backend.Conventions]
+index_int_callee_save_pos [lemma, in backend.Conventions]
+index_int_callee_save_pos2 [lemma, in backend.Conventions]
+index_local_valid [lemma, in backend.Stackingproof]
+index_saved_float_valid [lemma, in backend.Stackingproof]
+index_saved_int_valid [lemma, in backend.Stackingproof]
+index_val [definition, in backend.Stackingproof]
+index_valid [definition, in backend.Stackingproof]
+index_val_init_frame [lemma, in backend.Stackingproof]
+Indst_noOverlap_aux [lemma, in backend.Parallelmove]
+Ingetsrc_swap [lemma, in backend.Parallelmove]
+Ingetsrc_swap2 [lemma, in backend.Parallelmove]
+init [definition, in lib.Maps]
+init [definition, in backend.Locations]
+init [definition, in lib.Maps]
+init [definition, in lib.Maps]
+initial_state_invariant [lemma, in backend.Kildall]
+initmem_nullptr [lemma, in backend.Globalenvs]
+initmem_undef [lemma, in backend.Globalenvs]
+init_frame [definition, in backend.Machabstr]
+init_mapping [definition, in backend.RTLgen]
+init_mapping_wf [lemma, in backend.RTLgenproof1]
+init_mem [definition, in backend.Globalenvs]
+init_mem_transf [lemma, in backend.Globalenvs]
+init_mem_transf_partial [lemma, in backend.Globalenvs]
+init_regs [definition, in backend.RTL]
+init_state [definition, in backend.RTLgen]
+init_state_wf [lemma, in backend.RTLgen]
+Inj [constructor, in lib.Lattice]
+inject_incr [definition, in backend.Mem]
+inject_incr_refl [lemma, in backend.Mem]
+inject_incr_trans [lemma, in backend.Mem]
+Inop [constructor, in backend.RTL]
+insert_bin [definition, in lib.Inclusion]
+insert_bin_included [lemma, in lib.Inclusion]
+insert_lenv [inductive, in backend.Cmconstrproof]
+insert_lenv_lookup1 [lemma, in backend.Cmconstrproof]
+insert_lenv_lookup2 [lemma, in backend.Cmconstrproof]
+insert_lenv_S [constructor, in backend.Cmconstrproof]
+insert_lenv_0 [constructor, in backend.Cmconstrproof]
+instruction [inductive, in backend.Linear]
+instruction [inductive, in backend.PPC]
+instruction [inductive, in backend.RTL]
+instruction [inductive, in backend.Mach]
+instr_at_incr [lemma, in backend.RTLgenproof1]
+int [inductive, in lib.Integers]
+Int [module, in lib.Integers]
+Integers [library]
+interfere [definition, in backend.InterfGraph]
+interfere_incl [lemma, in backend.Coloringproof]
+interfere_mreg [definition, in backend.InterfGraph]
+interfere_mreg_incl [lemma, in backend.Coloringproof]
+interfere_sym [lemma, in backend.InterfGraph]
+InterfGraph [library]
+interf_graph [definition, in backend.Coloring]
+interf_graph_correct_1 [lemma, in backend.Coloringproof]
+interf_graph_correct_2 [lemma, in backend.Coloringproof]
+interf_graph_correct_3 [lemma, in backend.Coloringproof]
+intoffloat [definition, in backend.Cmconstr]
+intoffloat [axiom, in lib.Floats]
+intoffloat [definition, in backend.Values]
+intval [definition, in backend.Constprop]
+intval_correct [lemma, in backend.Constpropproof]
+int_add_no_overflow [lemma, in backend.Machabstr2mach]
+int_callee_save [definition, in backend.Lineartyping]
+int_callee_save_bound [lemma, in backend.Linearizetyping]
+int_callee_save_norepet [lemma, in backend.Conventions]
+int_callee_save_not_destroyed [lemma, in backend.Conventions]
+int_callee_save_regs [definition, in backend.Conventions]
+int_callee_save_type [lemma, in backend.Conventions]
+int_float_callee_save_disjoint [lemma, in backend.Conventions]
+int_local [definition, in backend.Lineartyping]
+int_local_slot_bound [lemma, in backend.Linearizetyping]
+int_of_one_bits [definition, in lib.Integers]
+int_param_regs [definition, in backend.Conventions]
+inv_eval_Eop_0 [lemma, in backend.Cmconstrproof]
+inv_eval_Eop_1 [lemma, in backend.Cmconstrproof]
+inv_eval_Eop_2 [lemma, in backend.Cmconstrproof]
+in_bounds [definition, in backend.Mem]
+in_bounds_exten [lemma, in backend.Mem]
+in_bounds_holds [lemma, in backend.Mem]
+in_bounds_inject [lemma, in backend.Mem]
+in_cons_noteq [lemma, in backend.Allocproof_aux]
+in_incr [definition, in backend.Kildall]
+in_incr_refl [lemma, in backend.Kildall]
+in_incr_trans [lemma, in backend.Kildall]
+In_Indst [lemma, in backend.Parallelmove]
+in_move__in_srcdst [lemma, in backend.Alloctyping_aux]
+In_norepet [lemma, in backend.Allocproof_aux]
+in_notin_diff [lemma, in backend.Locations]
+In_noTmp_notempo [lemma, in backend.Parallelmove]
+in_or_insert_bin [lemma, in lib.Inclusion]
+in_or_notin_callstack [lemma, in backend.Machabstr2mach]
+In_permute_app_head [lemma, in lib.Inclusion]
+in_range [definition, in lib.Integers]
+in_range_range [lemma, in lib.Integers]
+in_remove_head [lemma, in lib.Inclusion]
+In_SD_diff [lemma, in backend.Parallelmove]
+In_SD_diff' [lemma, in backend.Parallelmove]
+In_SD_no_o [lemma, in backend.Parallelmove]
+in_split_move [lemma, in backend.Alloctyping_aux]
+in_xelements [lemma, in lib.Maps]
+in_xkeys [lemma, in lib.Maps]
+IR [constructor, in backend.PPC]
+ireg [inductive, in backend.PPC]
+ireg_eq [lemma, in backend.PPC]
+ireg_of [definition, in backend.PPCgen]
+ireg_of_is_data_reg [lemma, in backend.PPCgenproof1]
+ireg_of_not_GPR1 [lemma, in backend.PPCgenproof1]
+ireg_of_not_GPR2 [lemma, in backend.PPCgenproof1]
+ireg_val [lemma, in backend.PPCgenproof1]
+isfalse_not_istrue [lemma, in backend.Values]
+istrue_not_isfalse [lemma, in backend.Values]
+is_basic_block_head [definition, in backend.Kildall]
+is_bool [definition, in backend.Values]
+is_data_reg [definition, in backend.PPCgenproof1]
+is_false [definition, in lib.Integers]
+is_false [definition, in backend.Values]
+is_goto_block [definition, in backend.Tunneling]
+is_goto_block_correct [lemma, in backend.Tunnelingproof]
+is_label [definition, in backend.PPC]
+is_label [definition, in backend.Mach]
+is_label [definition, in backend.Linear]
+is_label_correct [lemma, in backend.PPC]
+is_label_correct [lemma, in backend.Mach]
+is_label_correct [lemma, in backend.Linear]
+is_move_operation [definition, in backend.Op]
+is_move_operation_correct [lemma, in backend.Op]
+is_power2 [definition, in lib.Integers]
+is_power2_correct [lemma, in lib.Integers]
+is_power2_range [lemma, in lib.Integers]
+is_power2_rng [lemma, in lib.Integers]
+is_rlw_mask [definition, in lib.Integers]
+is_rlw_mask_rec [definition, in lib.Integers]
+is_tail [inductive, in backend.Linearizeproof]
+is_tail_cons [constructor, in backend.Linearizeproof]
+is_tail_cons_left [lemma, in backend.Linearizeproof]
+is_tail_exec_instr [lemma, in backend.Linearizeproof]
+is_tail_exec_instrs [lemma, in backend.Linearizeproof]
+is_tail_find_label [lemma, in backend.Linearizeproof]
+is_tail_in [lemma, in backend.Linearizeproof]
+is_tail_refl [constructor, in backend.Linearizeproof]
+is_trivial_op [definition, in backend.CSE]
+is_true [definition, in lib.Integers]
+is_true [definition, in backend.Values]
+iterate [definition, in backend.Kildall]
+iterate_base [lemma, in backend.Kildall]
+iterate_incr [lemma, in backend.Kildall]
+iterate_solution [lemma, in backend.Kildall]
+iterate_step [lemma, in backend.Kildall]
+iter_step [definition, in backend.Kildall]
+IT1 [constructor, in backend.Locations]
+IT2 [constructor, in backend.Locations]
+IT3 [constructor, in backend.Locations]
+

K

+Kildall [library]
+kill_loads [definition, in backend.CSE]
+kill_load_eqs [definition, in backend.CSE]
+kill_load_eqs_incl [lemma, in backend.CSEproof]
+kill_load_eqs_ops [lemma, in backend.CSEproof]
+kill_load_satisfiable [lemma, in backend.CSEproof]
+

L

+L [module, in backend.Kildall]
+L [module, in backend.Kildall]
+L [module, in backend.Kildall]
+L [module, in backend.Kildall]
+L [module, in backend.Kildall]
+L [module, in backend.Kildall]
+L [module, in backend.Kildall]
+L [module, in backend.Kildall]
+L [module, in backend.Kildall]
+label [definition, in backend.Linear]
+label [definition, in backend.PPC]
+label [definition, in backend.Mach]
+label_in_lin_block [lemma, in backend.Linearizeproof]
+label_in_lin_rec [lemma, in backend.Linearizeproof]
+label_pos [definition, in backend.PPC]
+label_pos_code_tail [lemma, in backend.PPCgenproof]
+last [definition, in backend.Parallelmove]
+last_app [lemma, in backend.Parallelmove]
+last_cons [lemma, in backend.Parallelmove]
+last_replace [lemma, in backend.Parallelmove]
+Lattice [library]
+lbl [definition, in backend.Linearize]
+lbl [definition, in backend.Linearize]
+LBoolean [module, in lib.Lattice]
+Lcall [constructor, in backend.Linear]
+Lcond [constructor, in backend.Linear]
+Leaf [constructor, in lib.Maps]
+leaf [definition, in lib.Inclusion]
+leaf [constructor, in lib.Inclusion]
+leaf [definition, in lib.Inclusion]
+leaf [definition, in lib.Inclusion]
+length_addr_args [lemma, in backend.Allocproof]
+length_app [lemma, in backend.Parallelmove]
+length_cond_args [lemma, in backend.Allocproof]
+length_op_args [lemma, in backend.Allocproof]
+length_replace [lemma, in backend.Parallelmove]
+letenv [definition, in backend.Cminor]
+letenv [definition, in backend.Csharpminor]
+let_fold_args_res [lemma, in backend.RTLtyping]
+LFlat [module, in lib.Lattice]
+Lgetstack [constructor, in backend.Linear]
+Lgoto [constructor, in backend.Linear]
+lift [definition, in backend.Cmconstr]
+lift_condexpr [definition, in backend.Cmconstr]
+lift_expr [definition, in backend.Cmconstr]
+lift_exprlist [definition, in backend.Cmconstr]
+Linear [library]
+Linearize [library]
+Linearizeproof [library]
+Linearizetyping [library]
+linearize_block [definition, in backend.Linearize]
+linearize_block_incl [lemma, in backend.Linearizetyping]
+linearize_body [definition, in backend.Linearize]
+linearize_function [definition, in backend.Linearize]
+Lineartyping [library]
+link_invariant [definition, in backend.Machtyping]
+listsLoc2Moves [definition, in backend.Parallelmove]
+listsLoc2Moves [definition, in backend.Allocation]
+list_append_map [lemma, in lib.Coqlib]
+list_disjoint [definition, in lib.Coqlib]
+list_disjoint_cons_left [lemma, in lib.Coqlib]
+list_disjoint_cons_right [lemma, in lib.Coqlib]
+list_disjoint_notin [lemma, in lib.Coqlib]
+list_disjoint_sym [lemma, in lib.Coqlib]
+list_forall2 [inductive, in lib.Coqlib]
+list_forall2_cons [constructor, in lib.Coqlib]
+list_forall2_imply [lemma, in lib.Coqlib]
+list_forall2_nil [constructor, in lib.Coqlib]
+list_in_map_inv [lemma, in lib.Coqlib]
+list_length_map [lemma, in lib.Coqlib]
+list_map_compose [lemma, in lib.Coqlib]
+list_map_exten [lemma, in lib.Coqlib]
+list_map_norepet [lemma, in lib.Coqlib]
+list_map_nth [lemma, in lib.Coqlib]
+list_norepet [inductive, in lib.Coqlib]
+list_norepet_append [lemma, in lib.Coqlib]
+list_norepet_append_left [lemma, in lib.Coqlib]
+list_norepet_append_right [lemma, in lib.Coqlib]
+list_norepet_cons [constructor, in lib.Coqlib]
+list_norepet_dec [lemma, in lib.Coqlib]
+list_norepet_nil [constructor, in lib.Coqlib]
+live0 [definition, in backend.Allocproof]
+Llabel [constructor, in backend.Linear]
+Lload [constructor, in backend.Linear]
+load [definition, in backend.Mem]
+load [definition, in backend.Cmconstr]
+Load [constructor, in backend.CSE]
+loadimm [definition, in backend.PPCgen]
+loadimm_correct [lemma, in backend.PPCgenproof1]
+loadind [definition, in backend.PPCgen]
+loadind_aux [definition, in backend.PPCgen]
+loadind_aux_correct [lemma, in backend.PPCgenproof1]
+loadind_correct [lemma, in backend.PPCgenproof1]
+loadv [definition, in backend.Mem]
+loadv_inject [lemma, in backend.Mem]
+loadv_8_signed_unsigned [lemma, in backend.PPCgenproof]
+load1 [definition, in backend.PPC]
+load2 [definition, in backend.PPC]
+load_agree [lemma, in backend.Mem]
+load_alloc_other [lemma, in backend.Mem]
+load_alloc_same [lemma, in backend.Mem]
+load_contentmap_agree [lemma, in backend.Mem]
+load_contents [definition, in backend.Mem]
+load_contents_init [lemma, in backend.Mem]
+load_contents_inject [lemma, in backend.Mem]
+load_extends [lemma, in backend.Mem]
+load_free [lemma, in backend.Mem]
+load_freelist [lemma, in backend.Cminorgenproof]
+load_from_alloc_is_undef [lemma, in backend.Cminorgenproof]
+load_inject [lemma, in backend.Mem]
+load_inv [lemma, in backend.Mem]
+load_in_bounds [lemma, in backend.Mem]
+load_result [definition, in backend.Values]
+load_result_idem [lemma, in backend.Cminorgenproof]
+load_result_inject [lemma, in backend.Mem]
+load_result_normalized [lemma, in backend.Cminorgenproof]
+load_result_ty [lemma, in backend.Machabstr2mach]
+load_stack [definition, in backend.Mach]
+load_store_contents_mismatch [lemma, in backend.Mem]
+load_store_contents_other [lemma, in backend.Mem]
+load_store_contents_overlap [lemma, in backend.Mem]
+load_store_contents_same [lemma, in backend.Mem]
+load_store_other [lemma, in backend.Mem]
+load_store_same [lemma, in backend.Mem]
+loc [inductive, in backend.Locations]
+Loc [module, in backend.Locations]
+Local [constructor, in backend.Locations]
+local_variable [inductive, in backend.Csharpminor]
+Locations [library]
+Locmap [module, in backend.Locations]
+locset [definition, in backend.LTL]
+locset [definition, in backend.Linear]
+locs_acceptable [definition, in backend.Conventions]
+locs_acceptable_disj_temporaries [lemma, in backend.Conventions]
+locs_read_ok [definition, in backend.Alloctyping]
+locs_write_ok [definition, in backend.Alloctyping]
+loc_acceptable [definition, in backend.Conventions]
+loc_acceptable_noteq_diff [lemma, in backend.Allocproof]
+loc_acceptable_notin_notin [lemma, in backend.Allocproof]
+loc_arguments [definition, in backend.Conventions]
+loc_arguments_acceptable [lemma, in backend.Conventions]
+loc_arguments_bounded [lemma, in backend.Conventions]
+loc_arguments_length [lemma, in backend.Conventions]
+loc_arguments_norepet [lemma, in backend.Conventions]
+loc_arguments_not_temporaries [lemma, in backend.Conventions]
+loc_arguments_rec [definition, in backend.Conventions]
+loc_arguments_type [lemma, in backend.Conventions]
+loc_argument_acceptable [definition, in backend.Conventions]
+loc_is_acceptable [definition, in backend.Coloring]
+loc_is_acceptable_correct [lemma, in backend.Coloringproof]
+loc_parameters [definition, in backend.Conventions]
+loc_parameters_not_temporaries [lemma, in backend.Conventions]
+loc_parameters_type [lemma, in backend.Conventions]
+loc_read_ok [definition, in backend.Alloctyping]
+loc_result [definition, in backend.Conventions]
+loc_result_acceptable [lemma, in backend.Conventions]
+loc_result_type [lemma, in backend.Conventions]
+loc_write_ok [definition, in backend.Alloctyping]
+Lop [constructor, in backend.Linear]
+low_bound [definition, in backend.Mem]
+low_bound_alloc [lemma, in backend.Mem]
+low_bound_free [lemma, in backend.Mem]
+low_bound_store [lemma, in backend.Mem]
+low_half_signed [axiom, in backend.PPC]
+low_half_signed_type [axiom, in backend.PPC]
+low_half_unsigned [axiom, in backend.PPC]
+low_half_unsigned_type [axiom, in backend.PPC]
+low_high_half_signed [axiom, in backend.PPC]
+low_high_half_unsigned [axiom, in backend.PPC]
+low_high_s [lemma, in backend.PPCgenproof1]
+low_high_u [lemma, in backend.PPCgenproof1]
+low_high_u_xor [lemma, in backend.PPCgenproof1]
+low_s [definition, in backend.PPCgen]
+low_u [definition, in backend.PPCgen]
+LPMap [module, in lib.Lattice]
+LR [constructor, in backend.PPC]
+Lreturn [constructor, in backend.Linear]
+Lsetstack [constructor, in backend.Linear]
+Lstore [constructor, in backend.Linear]
+lt [definition, in lib.Integers]
+lt [definition, in lib.Ordered]
+lt [definition, in lib.Ordered]
+lt [definition, in lib.Ordered]
+LTL [library]
+LTLtyping [library]
+ltu [definition, in lib.Integers]
+lt_not_eq [lemma, in lib.Ordered]
+lt_not_eq [lemma, in lib.Ordered]
+lt_not_eq [lemma, in lib.Ordered]
+lt_trans [lemma, in lib.Ordered]
+lt_trans [lemma, in lib.Ordered]
+lt_trans [lemma, in lib.Ordered]
+lub [definition, in lib.Lattice]
+lub [definition, in lib.Lattice]
+lub [definition, in lib.Sets]
+lub [definition, in lib.Lattice]
+lub [definition, in backend.Constprop]
+lub_commut [lemma, in lib.Lattice]
+lub_commut [lemma, in backend.Constprop]
+lub_commut [lemma, in lib.Lattice]
+lub_commut [lemma, in lib.Sets]
+lub_commut [lemma, in lib.Lattice]
+LVarray [constructor, in backend.Csharpminor]
+LVscalar [constructor, in backend.Csharpminor]
+

M

+Mach [library]
+Machabstr [library]
+Machabstr2mach [library]
+Machtyping [library]
+Main [library]
+MakeSet [module, in lib.Sets]
+make_addimm [definition, in backend.Constprop]
+make_addimm_correct [lemma, in backend.Constpropproof]
+make_andimm [definition, in backend.Constprop]
+make_andimm_correct [lemma, in backend.Constpropproof]
+make_cast [definition, in backend.Cminorgen]
+make_cast_correct [lemma, in backend.Cminorgenproof]
+make_env [definition, in backend.Stacking]
+make_load [definition, in backend.Cminorgen]
+make_load_correct [lemma, in backend.Cminorgenproof]
+make_mulimm [definition, in backend.Constprop]
+make_mulimm_correct [lemma, in backend.Constpropproof]
+make_op [definition, in backend.Cminorgen]
+make_op_correct [lemma, in backend.Cminorgenproof]
+make_orimm [definition, in backend.Constprop]
+make_orimm_correct [lemma, in backend.Constpropproof]
+make_predecessors [definition, in backend.Kildall]
+make_predecessors_correct [lemma, in backend.Kildall]
+make_shlimm [definition, in backend.Constprop]
+make_shlimm_correct [lemma, in backend.Constpropproof]
+make_shrimm [definition, in backend.Constprop]
+make_shrimm_correct [lemma, in backend.Constpropproof]
+make_shruimm [definition, in backend.Constprop]
+make_shruimm_correct [lemma, in backend.Constpropproof]
+make_stackaddr [definition, in backend.Cminorgen]
+make_stackaddr_correct [lemma, in backend.Cminorgenproof]
+make_store [definition, in backend.Cminorgen]
+make_store_correct [lemma, in backend.Cminorgenproof]
+make_xorimm [definition, in backend.Constprop]
+make_xorimm_correct [lemma, in backend.Constpropproof]
+map [definition, in lib.Maps]
+map [definition, in lib.Maps]
+map [definition, in lib.Maps]
+map [definition, in lib.Maps]
+MAP [module, in lib.Maps]
+MAP [module, in lib.union_find]
+mapped [definition, in backend.RTLtyping]
+mapped_included_consistent [lemma, in backend.RTLtyping]
+mapped_list_included [lemma, in backend.RTLtyping]
+mapping [inductive, in backend.RTLgen]
+Maps [library]
+map_f_getsrc_getdst [lemma, in backend.Alloctyping_aux]
+map_inv [lemma, in backend.Allocproof_aux]
+map_wf [inductive, in backend.RTLgenproof1]
+map_wf_incr [lemma, in backend.RTLgenproof1]
+match_callstack [inductive, in backend.Cminorgenproof]
+match_callstack_alloc_left [lemma, in backend.Cminorgenproof]
+match_callstack_alloc_other [lemma, in backend.Cminorgenproof]
+match_callstack_alloc_right [lemma, in backend.Cminorgenproof]
+match_callstack_alloc_variables [lemma, in backend.Cminorgenproof]
+match_callstack_alloc_variables_rec [lemma, in backend.Cminorgenproof]
+match_callstack_freelist [lemma, in backend.Cminorgenproof]
+match_callstack_freelist_rec [lemma, in backend.Cminorgenproof]
+match_callstack_incr_bound [lemma, in backend.Cminorgenproof]
+match_callstack_mapped [lemma, in backend.Cminorgenproof]
+match_callstack_match_globalenvs [lemma, in backend.Cminorgenproof]
+match_callstack_store_above [lemma, in backend.Cminorgenproof]
+match_callstack_store_local [lemma, in backend.Cminorgenproof]
+match_callstack_store_local_unchanged [lemma, in backend.Cminorgenproof]
+match_env [inductive, in backend.Cminorgenproof]
+match_env [inductive, in backend.RTLgenproof1]
+match_env_alloc_other [lemma, in backend.Cminorgenproof]
+match_env_alloc_same [lemma, in backend.Cminorgenproof]
+match_env_empty [lemma, in backend.RTLgenproof1]
+match_env_exten [lemma, in backend.RTLgenproof1]
+match_env_extensional [lemma, in backend.Cminorgenproof]
+match_env_find_reg [lemma, in backend.RTLgenproof1]
+match_env_freelist [lemma, in backend.Cminorgenproof]
+match_env_invariant [lemma, in backend.RTLgenproof1]
+match_env_letvar [lemma, in backend.RTLgenproof1]
+match_env_store_above [lemma, in backend.Cminorgenproof]
+match_env_store_local [lemma, in backend.Cminorgenproof]
+match_env_store_mapped [lemma, in backend.Cminorgenproof]
+match_env_update_temp [lemma, in backend.RTLgenproof1]
+match_env_update_var [lemma, in backend.RTLgenproof1]
+match_globalenvs [inductive, in backend.Cminorgenproof]
+match_globalenvs_init [lemma, in backend.Cminorgenproof]
+match_init_env_init_reg [lemma, in backend.RTLgenproof1]
+match_return_outcome [definition, in backend.RTLgenproof]
+match_return_reg [definition, in backend.RTLgenproof]
+match_set_locals [lemma, in backend.RTLgenproof1]
+match_set_params_init_regs [lemma, in backend.RTLgenproof1]
+match_var [inductive, in backend.Cminorgenproof]
+max_over_instrs [definition, in backend.Lineartyping]
+max_over_instrs_bound [lemma, in backend.Linearizetyping]
+max_over_list [definition, in backend.Lineartyping]
+max_over_list_bound [lemma, in backend.Linearizetyping]
+max_over_list_pos [lemma, in backend.Lineartyping]
+max_over_regs_of_funct [definition, in backend.Lineartyping]
+max_over_regs_of_funct_bound [lemma, in backend.Linearizetyping]
+max_over_regs_of_funct_pos [lemma, in backend.Lineartyping]
+max_over_regs_of_instr [definition, in backend.Lineartyping]
+max_over_slots_of_funct [definition, in backend.Lineartyping]
+max_over_slots_of_funct_bound [lemma, in backend.Linearizetyping]
+max_over_slots_of_funct_pos [lemma, in backend.Lineartyping]
+max_over_slots_of_instr [definition, in backend.Lineartyping]
+max_signed [definition, in lib.Integers]
+max_unsigned [definition, in lib.Integers]
+Mcall [constructor, in backend.Mach]
+Mcond [constructor, in backend.Mach]
+mcs_cons [constructor, in backend.Cminorgenproof]
+mcs_nil [constructor, in backend.Cminorgenproof]
+mem [inductive, in backend.Mem]
+mem [definition, in lib.Sets]
+Mem [library]
+member [definition, in backend.RTLtyping]
+member_correct [lemma, in backend.RTLtyping]
+meminj [definition, in backend.Mem]
+memory_chunk [inductive, in backend.AST]
+memory_size [inductive, in backend.Mem]
+mem_add_globals_transf [lemma, in backend.Globalenvs]
+mem_add_other [lemma, in lib.Sets]
+mem_add_same [lemma, in lib.Sets]
+mem_add_tail [lemma, in backend.InterfGraph]
+mem_chunk [definition, in backend.Mem]
+mem_empty [lemma, in lib.Sets]
+mem_exten [lemma, in backend.Mem]
+mem_inject [inductive, in backend.Mem]
+mem_remove_other [lemma, in lib.Sets]
+mem_remove_same [lemma, in lib.Sets]
+mem_type [definition, in backend.Machabstr]
+mem_union [lemma, in lib.Sets]
+mesure [definition, in backend.Parallelmove]
+Mfloat32 [constructor, in backend.AST]
+Mfloat64 [constructor, in backend.AST]
+Mgetparam [constructor, in backend.Mach]
+Mgetstack [constructor, in backend.Mach]
+Mgoto [constructor, in backend.Mach]
+Mint16signed [constructor, in backend.AST]
+Mint16unsigned [constructor, in backend.AST]
+Mint32 [constructor, in backend.AST]
+Mint8signed [constructor, in backend.AST]
+Mint8unsigned [constructor, in backend.AST]
+min_signed [definition, in lib.Integers]
+mkint_eq [lemma, in lib.Integers]
+mk_env [definition, in backend.RTLtyping]
+Mlabel [constructor, in backend.Mach]
+Mload [constructor, in backend.Mach]
+mods [definition, in lib.Integers]
+mods [definition, in backend.Cmconstr]
+mods [definition, in backend.Values]
+mods_divs [lemma, in lib.Integers]
+mods_divs [lemma, in backend.Values]
+modu [definition, in lib.Integers]
+modu [definition, in backend.Values]
+modu [definition, in backend.Cmconstr]
+modulus [definition, in lib.Integers]
+modulus_pos [lemma, in lib.Integers]
+modu_and [lemma, in lib.Integers]
+modu_divu [lemma, in lib.Integers]
+modu_divu [lemma, in backend.Values]
+modu_divu_Euclid [lemma, in lib.Integers]
+modu_pow2 [lemma, in backend.Values]
+mod_aux [definition, in backend.Cmconstr]
+mod_in_range [lemma, in lib.Integers]
+mon [definition, in backend.RTLgen]
+mone [definition, in lib.Integers]
+mone_max_unsigned [lemma, in lib.Integers]
+Mop [constructor, in backend.Mach]
+more_likely [axiom, in backend.RTLgen]
+Move [definition, in backend.Parallelmove]
+Moves [definition, in backend.Parallelmove]
+move_types_res [lemma, in backend.Alloctyping_aux]
+move_types_stepf [lemma, in backend.Alloctyping_aux]
+mreg [inductive, in backend.Locations]
+mreg_bounded [definition, in backend.Lineartyping]
+mreg_eq [lemma, in backend.Locations]
+mreg_is_bounded [lemma, in backend.Linearizetyping]
+mreg_type [definition, in backend.Locations]
+Mreturn [constructor, in backend.Mach]
+Msetstack [constructor, in backend.Mach]
+Mstore [constructor, in backend.Mach]
+mul [axiom, in lib.Floats]
+mul [definition, in lib.Integers]
+mul [definition, in backend.Cmconstr]
+mul [definition, in backend.Values]
+mulf [definition, in backend.Cmconstr]
+mulf [definition, in backend.Values]
+mulimm [definition, in backend.Cmconstr]
+mulimm_base [definition, in backend.Cmconstr]
+mulimm_cases [inductive, in backend.Cmconstr]
+mulimm_case1 [constructor, in backend.Cmconstr]
+mulimm_case2 [constructor, in backend.Cmconstr]
+mulimm_default [constructor, in backend.Cmconstr]
+mulimm_match [definition, in backend.Cmconstr]
+multiple_predecessors [lemma, in backend.Kildall]
+mul_add_distr_l [lemma, in lib.Integers]
+mul_add_distr_l [lemma, in backend.Values]
+mul_add_distr_r [lemma, in lib.Integers]
+mul_add_distr_r [lemma, in backend.Values]
+mul_assoc [lemma, in lib.Integers]
+mul_assoc [lemma, in backend.Values]
+mul_cases [inductive, in backend.Cmconstr]
+mul_case1 [constructor, in backend.Cmconstr]
+mul_case2 [constructor, in backend.Cmconstr]
+mul_commut [lemma, in backend.Values]
+mul_commut [lemma, in lib.Integers]
+mul_default [constructor, in backend.Cmconstr]
+mul_match [definition, in backend.Cmconstr]
+mul_match_aux [definition, in backend.Cmconstr]
+mul_one [lemma, in lib.Integers]
+mul_pow2 [lemma, in lib.Integers]
+mul_pow2 [lemma, in backend.Values]
+mul_zero [lemma, in lib.Integers]
+mutated_condexpr [definition, in backend.RTLgen]
+mutated_expr [definition, in backend.RTLgen]
+mutated_exprlist [definition, in backend.RTLgen]
+mutated_reg [definition, in backend.RTLgenproof1]
+mutated_reg_in_map [lemma, in backend.RTLgenproof1]
+mymap [module, in backend.RTLtyping]
+myreg [module, in backend.RTLtyping]
+myT [inductive, in backend.RTLtyping]
+

N

+n [constructor, in backend.Op]
+nat_le_bool [definition, in lib.Inclusion]
+neg [definition, in backend.Values]
+neg [definition, in lib.Integers]
+neg [axiom, in lib.Floats]
+negate_cmp [lemma, in backend.Values]
+negate_cmp [lemma, in lib.Integers]
+negate_cmpf_eq [lemma, in backend.Values]
+negate_cmpu [lemma, in lib.Integers]
+negate_cmpu [lemma, in backend.Values]
+negate_cmp_mismatch [lemma, in backend.Values]
+negate_comparison [definition, in backend.AST]
+negate_condition [definition, in backend.Op]
+negf [definition, in backend.Values]
+negfloat [definition, in backend.Cmconstr]
+negint [definition, in backend.Cmconstr]
+neg_add_distr [lemma, in backend.Values]
+neg_add_distr [lemma, in lib.Integers]
+neg_mul_distr_l [axiom, in lib.Integers]
+neg_mul_distr_r [axiom, in lib.Integers]
+neg_repr [lemma, in lib.Integers]
+neg_zero [lemma, in lib.Integers]
+neg_zero [lemma, in backend.Values]
+neq_is_neq [lemma, in backend.Parallelmove]
+new_reg [definition, in backend.RTLgen]
+new_reg_fresh [lemma, in backend.RTLgenproof1]
+new_reg_incr [lemma, in backend.RTLgenproof1]
+new_reg_not_in_map [lemma, in backend.RTLgenproof1]
+new_reg_not_mutated [lemma, in backend.RTLgenproof1]
+new_reg_return_ok [lemma, in backend.RTLgenproof1]
+new_reg_valid [lemma, in backend.RTLgenproof1]
+nextinstr [definition, in backend.PPC]
+nextinstr_inv [lemma, in backend.PPCgenproof1]
+nextinstr_set_preg [lemma, in backend.PPCgenproof1]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Allocproof_aux]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+nil [definition, in backend.Parallelmove]
+NIndexed [module, in lib.Maps]
+NMap [module, in lib.Maps]
+Node [constructor, in lib.Maps]
+node [definition, in backend.RTL]
+node [definition, in backend.LTL]
+node [constructor, in lib.Inclusion]
+non_overlap_diff [lemma, in backend.Locations]
+NoOverlap [definition, in backend.Parallelmove]
+noOverlap [definition, in backend.Parallelmove]
+noOverlapaux_insert [lemma, in backend.Parallelmove]
+noOverlapaux_swap2 [lemma, in backend.Parallelmove]
+noOverlap_aux [definition, in backend.Parallelmove]
+noOverlap_auxpop [lemma, in backend.Parallelmove]
+noOverlap_auxPop [lemma, in backend.Parallelmove]
+noOverlap_aux_app [lemma, in backend.Parallelmove]
+noOverlap_Front0 [lemma, in backend.Parallelmove]
+noOverlap_head [lemma, in backend.Parallelmove]
+noOverlap_insert [lemma, in backend.Parallelmove]
+noOverlap_movBack [lemma, in backend.Parallelmove]
+noOverlap_movBack0 [lemma, in backend.Parallelmove]
+noOverlap_movFront [lemma, in backend.Parallelmove]
+noOverlap_nil [lemma, in backend.Parallelmove]
+noOverlap_Pop [lemma, in backend.Parallelmove]
+noOverlap_pop [lemma, in backend.Parallelmove]
+noOverlap_right [lemma, in backend.Parallelmove]
+noOverlap_swap [lemma, in backend.Parallelmove]
+noO_diff [lemma, in backend.Parallelmove]
+noO_list_pnilnil [lemma, in backend.Allocproof_aux]
+noRead [definition, in backend.Parallelmove]
+noRead_app [lemma, in backend.Parallelmove]
+noRead_by_path [lemma, in backend.Parallelmove]
+norepet [inductive, in backend.Locations]
+norepet_cons [constructor, in backend.Locations]
+norepet_nil [constructor, in backend.Locations]
+norepet_SD [lemma, in backend.Allocproof_aux]
+not [definition, in lib.Integers]
+notbool [definition, in backend.Values]
+notbool [definition, in backend.Cmconstr]
+notbool [definition, in lib.Integers]
+notbool_base [definition, in backend.Cmconstr]
+notbool_idem2 [lemma, in backend.Values]
+notbool_idem3 [lemma, in backend.Values]
+notbool_isfalse_istrue [lemma, in lib.Integers]
+notbool_istrue_isfalse [lemma, in lib.Integers]
+notbool_is_bool [lemma, in backend.Values]
+notbool_negb_1 [lemma, in backend.Values]
+notbool_negb_2 [lemma, in backend.Values]
+notbool_xor [lemma, in backend.Values]
+notemporary [definition, in backend.Parallelmove]
+notin [definition, in backend.Locations]
+notindst_nW [lemma, in backend.Parallelmove]
+notint [definition, in backend.Values]
+notint [definition, in backend.Cmconstr]
+notint_cases [inductive, in backend.Cmconstr]
+notint_case1 [constructor, in backend.Cmconstr]
+notint_case2 [constructor, in backend.Cmconstr]
+notint_case3 [constructor, in backend.Cmconstr]
+notint_default [constructor, in backend.Cmconstr]
+notint_match [definition, in backend.Cmconstr]
+notin_callstack [inductive, in backend.Machabstr2mach]
+notin_callstack_cons [constructor, in backend.Machabstr2mach]
+notin_callstack_nil [constructor, in backend.Machabstr2mach]
+notin_disjoint [lemma, in backend.Locations]
+notin_not_in [lemma, in backend.Locations]
+noTmp [definition, in backend.Parallelmove]
+noTmpLast [definition, in backend.Parallelmove]
+noTmpLast_lastnoTmp [lemma, in backend.Parallelmove]
+noTmpLast_Pop [lemma, in backend.Parallelmove]
+noTmpLast_pop [lemma, in backend.Parallelmove]
+noTmpLast_popBack [lemma, in backend.Parallelmove]
+noTmpLast_push [lemma, in backend.Parallelmove]
+noTmpLast_tmpLast [lemma, in backend.Parallelmove]
+noTmpL_diff [lemma, in backend.Parallelmove]
+noTmp_app [lemma, in backend.Parallelmove]
+noTmp_append [lemma, in backend.Parallelmove]
+noTmP_noOverlap_aux [lemma, in backend.Parallelmove]
+noTmp_noReadTmp [lemma, in backend.Parallelmove]
+noTmp_noTmpLast [lemma, in backend.Parallelmove]
+noTmp_pop [lemma, in backend.Parallelmove]
+Novalue [constructor, in backend.Constprop]
+noWrite [definition, in backend.Parallelmove]
+noWrite_in [lemma, in backend.Parallelmove]
+noWrite_insert [lemma, in backend.Parallelmove]
+noWrite_movFront [lemma, in backend.Parallelmove]
+noWrite_pop [lemma, in backend.Parallelmove]
+noWrite_swap [lemma, in backend.Parallelmove]
+noWrite_tmpLast [lemma, in backend.Parallelmove]
+no_overlap [definition, in backend.Parallelmove]
+no_overlap [definition, in backend.Locations]
+no_overlapD_inv [lemma, in backend.Allocproof_aux]
+no_overlapD_invf [lemma, in backend.Allocproof_aux]
+no_overlapD_invpp [lemma, in backend.Allocproof_aux]
+no_overlapD_res [lemma, in backend.Allocproof_aux]
+no_overlap_arguments [lemma, in backend.Conventions]
+no_overlap_list [definition, in backend.Parallelmove]
+no_overlap_list_pop [lemma, in backend.Allocproof_aux]
+no_overlap_noOverlap [lemma, in backend.Parallelmove]
+no_overlap_parameters [lemma, in backend.Conventions]
+no_overlap_state [definition, in backend.Parallelmove]
+no_overlap_stateD [definition, in backend.Allocproof_aux]
+no_overlap_temp [lemma, in backend.Allocproof_aux]
+no_self_loop [lemma, in backend.Kildall]
+no_tmp13_state [definition, in backend.Allocproof_aux]
+nth_error_in [lemma, in lib.Coqlib]
+nth_error_nil [lemma, in lib.Coqlib]
+nullptr [definition, in backend.Mem]
+Numbering [module, in backend.CSE]
+numbering [inductive, in backend.CSE]
+numbering_holds [definition, in backend.CSE]
+numbering_holds_exten [lemma, in backend.CSEproof]
+numbering_satisfiable [definition, in backend.CSE]
+num_iterations [definition, in backend.Kildall]
+

O

+Oabsf [constructor, in backend.Op]
+Oabsf [constructor, in backend.Csharpminor]
+Oadd [constructor, in backend.Csharpminor]
+Oadd [constructor, in backend.Op]
+Oaddf [constructor, in backend.Csharpminor]
+Oaddf [constructor, in backend.Op]
+Oaddimm [constructor, in backend.Op]
+Oaddrstack [constructor, in backend.Op]
+Oaddrsymbol [constructor, in backend.Op]
+Oand [constructor, in backend.Op]
+Oand [constructor, in backend.Csharpminor]
+Oandimm [constructor, in backend.Op]
+Ocast16signed [constructor, in backend.Csharpminor]
+Ocast16signed [constructor, in backend.Op]
+Ocast16unsigned [constructor, in backend.Csharpminor]
+Ocast8signed [constructor, in backend.Csharpminor]
+Ocast8signed [constructor, in backend.Op]
+Ocast8unsigned [constructor, in backend.Csharpminor]
+Ocmp [constructor, in backend.Op]
+Ocmp [constructor, in backend.Csharpminor]
+Ocmpf [constructor, in backend.Csharpminor]
+Ocmpu [constructor, in backend.Csharpminor]
+Odiv [constructor, in backend.Op]
+Odiv [constructor, in backend.Csharpminor]
+Odivf [constructor, in backend.Op]
+Odivf [constructor, in backend.Csharpminor]
+Odivu [constructor, in backend.Csharpminor]
+Odivu [constructor, in backend.Op]
+offset_of_index [definition, in backend.Stacking]
+offset_of_index_disj [lemma, in backend.Stackingproof]
+offset_of_index_no_overflow [lemma, in backend.Stackingproof]
+offset_of_index_valid [lemma, in backend.Stackingproof]
+offset_sp [definition, in backend.Op]
+Ofloatconst [constructor, in backend.Op]
+Ofloatconst [constructor, in backend.Csharpminor]
+Ofloatofint [constructor, in backend.Op]
+Ofloatofint [constructor, in backend.Csharpminor]
+Ofloatofintu [constructor, in backend.Csharpminor]
+Ofloatofintu [constructor, in backend.Op]
+of_bool [definition, in backend.Values]
+of_bool_is_bool [lemma, in backend.Values]
+Ointconst [constructor, in backend.Csharpminor]
+Ointconst [constructor, in backend.Op]
+Ointoffloat [constructor, in backend.Csharpminor]
+Ointoffloat [constructor, in backend.Op]
+OK [constructor, in backend.RTLgen]
+OK [constructor, in backend.PPC]
+Omod [constructor, in backend.Csharpminor]
+Omodu [constructor, in backend.Csharpminor]
+Omove [constructor, in backend.Op]
+Omul [constructor, in backend.Csharpminor]
+Omul [constructor, in backend.Op]
+Omuladdf [constructor, in backend.Op]
+Omulf [constructor, in backend.Op]
+Omulf [constructor, in backend.Csharpminor]
+Omulimm [constructor, in backend.Op]
+Omulsubf [constructor, in backend.Op]
+Onand [constructor, in backend.Op]
+one [definition, in lib.Integers]
+one [axiom, in lib.Floats]
+Onegf [constructor, in backend.Csharpminor]
+Onegf [constructor, in backend.Op]
+one_bits [definition, in lib.Integers]
+one_bits_decomp [lemma, in lib.Integers]
+one_bits_range [lemma, in lib.Integers]
+one_not_zero [lemma, in lib.Integers]
+Onor [constructor, in backend.Op]
+Onotint [constructor, in backend.Csharpminor]
+Onxor [constructor, in backend.Op]
+Oor [constructor, in backend.Op]
+Oor [constructor, in backend.Csharpminor]
+Oorimm [constructor, in backend.Op]
+Op [constructor, in backend.CSE]
+Op [library]
+operation [inductive, in backend.Csharpminor]
+operation [inductive, in backend.Op]
+option_fold2 [definition, in backend.RTLtyping]
+option_map [definition, in lib.Coqlib]
+option_sum [lemma, in lib.union_find]
+op_strength_reduction [definition, in backend.Constprop]
+op_strength_reduction_cases [inductive, in backend.Constprop]
+op_strength_reduction_case1 [constructor, in backend.Constprop]
+op_strength_reduction_case10 [constructor, in backend.Constprop]
+op_strength_reduction_case11 [constructor, in backend.Constprop]
+op_strength_reduction_case12 [constructor, in backend.Constprop]
+op_strength_reduction_case2 [constructor, in backend.Constprop]
+op_strength_reduction_case3 [constructor, in backend.Constprop]
+op_strength_reduction_case4 [constructor, in backend.Constprop]
+op_strength_reduction_case5 [constructor, in backend.Constprop]
+op_strength_reduction_case6 [constructor, in backend.Constprop]
+op_strength_reduction_case7 [constructor, in backend.Constprop]
+op_strength_reduction_case8 [constructor, in backend.Constprop]
+op_strength_reduction_case9 [constructor, in backend.Constprop]
+op_strength_reduction_correct [lemma, in backend.Constpropproof]
+op_strength_reduction_default [constructor, in backend.Constprop]
+op_strength_reduction_match [definition, in backend.Constprop]
+or [definition, in lib.Integers]
+or [definition, in backend.Values]
+or [definition, in backend.Cmconstr]
+Ordered [library]
+OrderedIndexed [module, in lib.Ordered]
+OrderedMreg [module, in backend.InterfGraph]
+OrderedPair [module, in lib.Ordered]
+OrderedPositive [module, in lib.Ordered]
+OrderedReg [module, in backend.InterfGraph]
+OrderedRegMreg [module, in backend.InterfGraph]
+OrderedRegReg [module, in backend.InterfGraph]
+ordered_pair [definition, in backend.InterfGraph]
+ordered_pair_charact [lemma, in backend.InterfGraph]
+ordered_pair_sym [lemma, in backend.InterfGraph]
+ORDERED_TYPE_WITH_TOP [module, in backend.Kildall]
+orimm [definition, in backend.PPCgen]
+orimm_correct [lemma, in backend.PPCgenproof1]
+Orolm [constructor, in backend.Op]
+or_assoc [lemma, in lib.Integers]
+or_assoc [lemma, in backend.Values]
+or_cases [inductive, in backend.Cmconstr]
+or_case1 [constructor, in backend.Cmconstr]
+or_commut [lemma, in lib.Integers]
+or_commut [lemma, in backend.Values]
+or_default [constructor, in backend.Cmconstr]
+or_idem [lemma, in lib.Integers]
+or_match [definition, in backend.Cmconstr]
+or_mone [lemma, in lib.Integers]
+or_of_bool [lemma, in backend.Values]
+or_rolm [lemma, in lib.Integers]
+or_rolm [lemma, in backend.Values]
+or_zero [lemma, in lib.Integers]
+Oshl [constructor, in backend.Csharpminor]
+Oshl [constructor, in backend.Op]
+Oshr [constructor, in backend.Op]
+Oshr [constructor, in backend.Csharpminor]
+Oshrimm [constructor, in backend.Op]
+Oshru [constructor, in backend.Op]
+Oshru [constructor, in backend.Csharpminor]
+Oshrximm [constructor, in backend.Op]
+Osingleoffloat [constructor, in backend.Op]
+Osingleoffloat [constructor, in backend.Csharpminor]
+Osub [constructor, in backend.Csharpminor]
+Osub [constructor, in backend.Op]
+Osubf [constructor, in backend.Csharpminor]
+Osubf [constructor, in backend.Op]
+Osubimm [constructor, in backend.Op]
+Oundef [constructor, in backend.Op]
+outcome [inductive, in backend.Cminor]
+outcome [inductive, in backend.LTL]
+outcome [inductive, in backend.PPC]
+outcome [inductive, in backend.Csharpminor]
+outcome_block [definition, in backend.Csharpminor]
+outcome_block [definition, in backend.Cminor]
+outcome_inject [inductive, in backend.Cminorgenproof]
+outcome_node [definition, in backend.RTLgenproof]
+outcome_result_value [definition, in backend.Cminor]
+outcome_result_value [definition, in backend.Csharpminor]
+Outgoing [constructor, in backend.Locations]
+outgoing_slot [definition, in backend.Lineartyping]
+outgoing_slot_bound [lemma, in backend.Linearizetyping]
+outgoing_space [definition, in backend.Lineartyping]
+Out_exit [constructor, in backend.Csharpminor]
+Out_exit [constructor, in backend.Cminor]
+Out_normal [constructor, in backend.Cminor]
+Out_normal [constructor, in backend.Csharpminor]
+Out_return [constructor, in backend.Cminor]
+Out_return [constructor, in backend.Csharpminor]
+overlap [definition, in backend.Locations]
+overlap_aux [definition, in backend.Locations]
+overlap_aux_false_1 [lemma, in backend.Locations]
+overlap_aux_true_1 [lemma, in backend.Locations]
+overlap_aux_true_2 [lemma, in backend.Locations]
+overlap_not_diff [lemma, in backend.Locations]
+Oxor [constructor, in backend.Op]
+Oxor [constructor, in backend.Csharpminor]
+Oxorimm [constructor, in backend.Op]
+

P

+Padd [constructor, in backend.PPC]
+Paddi [constructor, in backend.PPC]
+Paddis [constructor, in backend.PPC]
+Paddze [constructor, in backend.PPC]
+Pallocframe [constructor, in backend.PPC]
+Pandc [constructor, in backend.PPC]
+Pandis_ [constructor, in backend.PPC]
+Pandi_ [constructor, in backend.PPC]
+Pand_ [constructor, in backend.PPC]
+Parallelmove [library]
+parallel_move [definition, in backend.Allocation]
+parallel_move_correct [lemma, in backend.Allocproof]
+parallel_move_correctX [lemma, in backend.Allocproof_aux]
+parallel_move_correct' [lemma, in backend.Allocproof_aux]
+parallel_move_order [definition, in backend.Allocation]
+parameter_of_argument [definition, in backend.Conventions]
+path [definition, in backend.Parallelmove]
+path_pop [lemma, in backend.Parallelmove]
+path_tmpLast [lemma, in backend.Parallelmove]
+Pb [constructor, in backend.PPC]
+Pbctr [constructor, in backend.PPC]
+Pbctrl [constructor, in backend.PPC]
+Pbf [constructor, in backend.PPC]
+Pbl [constructor, in backend.PPC]
+Pblr [constructor, in backend.PPC]
+Pbt [constructor, in backend.PPC]
+PC [constructor, in backend.PPC]
+Pcmplw [constructor, in backend.PPC]
+Pcmplwi [constructor, in backend.PPC]
+Pcmpw [constructor, in backend.PPC]
+Pcmpwi [constructor, in backend.PPC]
+Pcror [constructor, in backend.PPC]
+Pdivw [constructor, in backend.PPC]
+Pdivwu [constructor, in backend.PPC]
+peq [definition, in lib.Coqlib]
+Peqv [constructor, in backend.PPC]
+peq_false [lemma, in lib.Coqlib]
+peq_true [lemma, in lib.Coqlib]
+pexec [definition, in backend.Parallelmove]
+pexec_add [lemma, in backend.Parallelmove]
+pexec_correct [lemma, in backend.Parallelmove]
+pexec_mov [lemma, in backend.Parallelmove]
+pexec_movBack [lemma, in backend.Parallelmove]
+pexec_movFront [lemma, in backend.Parallelmove]
+pexec_nop [lemma, in backend.Parallelmove]
+pexec_push [lemma, in backend.Parallelmove]
+pexec_swap [lemma, in backend.Parallelmove]
+pexec_update [lemma, in backend.Parallelmove]
+Pextsb [constructor, in backend.PPC]
+Pextsh [constructor, in backend.PPC]
+Pfabs [constructor, in backend.PPC]
+Pfadd [constructor, in backend.PPC]
+Pfcmpu [constructor, in backend.PPC]
+Pfcti [constructor, in backend.PPC]
+Pfdiv [constructor, in backend.PPC]
+Pfmadd [constructor, in backend.PPC]
+Pfmr [constructor, in backend.PPC]
+Pfmsub [constructor, in backend.PPC]
+Pfmul [constructor, in backend.PPC]
+Pfneg [constructor, in backend.PPC]
+Pfreeframe [constructor, in backend.PPC]
+Pfrsp [constructor, in backend.PPC]
+Pfsub [constructor, in backend.PPC]
+Pfundef [constructor, in backend.PPC]
+Pictf [constructor, in backend.PPC]
+Piuctf [constructor, in backend.PPC]
+Piundef [constructor, in backend.PPC]
+Plabel [constructor, in backend.PPC]
+Plbz [constructor, in backend.PPC]
+Plbzx [constructor, in backend.PPC]
+Ple [definition, in lib.Coqlib]
+Ple_refl [lemma, in lib.Coqlib]
+Ple_succ [lemma, in lib.Coqlib]
+Ple_trans [lemma, in lib.Coqlib]
+Plfd [constructor, in backend.PPC]
+Plfdx [constructor, in backend.PPC]
+Plfi [constructor, in backend.PPC]
+Plfs [constructor, in backend.PPC]
+Plfsx [constructor, in backend.PPC]
+Plha [constructor, in backend.PPC]
+Plhax [constructor, in backend.PPC]
+Plhz [constructor, in backend.PPC]
+Plhzx [constructor, in backend.PPC]
+Plt [definition, in lib.Coqlib]
+plt [definition, in lib.Coqlib]
+Plt_ne [lemma, in lib.Coqlib]
+Plt_Ple [lemma, in lib.Coqlib]
+Plt_Ple_trans [lemma, in lib.Coqlib]
+Plt_strict [lemma, in lib.Coqlib]
+Plt_succ [lemma, in lib.Coqlib]
+Plt_succ_inv [lemma, in lib.Coqlib]
+Plt_trans [lemma, in lib.Coqlib]
+Plt_trans_succ [lemma, in lib.Coqlib]
+Plt_wf [lemma, in lib.Coqlib]
+Plwz [constructor, in backend.PPC]
+Plwzx [constructor, in backend.PPC]
+PMap [module, in lib.Maps]
+Pmfcrbit [constructor, in backend.PPC]
+Pmflr [constructor, in backend.PPC]
+Pmov [definition, in backend.Parallelmove]
+Pmov_equation [lemma, in backend.Parallelmove]
+Pmr [constructor, in backend.PPC]
+Pmtctr [constructor, in backend.PPC]
+Pmtlr [constructor, in backend.PPC]
+Pmulli [constructor, in backend.PPC]
+Pmullw [constructor, in backend.PPC]
+Pnand [constructor, in backend.PPC]
+Pnor [constructor, in backend.PPC]
+Por [constructor, in backend.PPC]
+Porc [constructor, in backend.PPC]
+Pori [constructor, in backend.PPC]
+Poris [constructor, in backend.PPC]
+positive_Peano_ind [lemma, in lib.Coqlib]
+positive_rec [definition, in lib.Coqlib]
+positive_rec_base [lemma, in lib.Coqlib]
+positive_rec_succ [lemma, in lib.Coqlib]
+powerserie [definition, in lib.Integers]
+PPC [library]
+PPCgen [library]
+PPCgenproof [library]
+PPCgenproof1 [library]
+Ppred_Plt [lemma, in lib.Coqlib]
+predecessors [definition, in backend.Kildall]
+predecessors_correct [lemma, in backend.Kildall]
+preg [inductive, in backend.PPC]
+PregEq [module, in backend.PPC]
+Pregmap [module, in backend.PPC]
+preg_eq [lemma, in backend.PPC]
+preg_of [definition, in backend.PPCgenproof1]
+preg_of_injective [lemma, in backend.PPCgenproof1]
+preg_of_is_data_reg [lemma, in backend.PPCgenproof1]
+preg_of_not [lemma, in backend.PPCgenproof1]
+preg_of_not_GPR1 [lemma, in backend.PPCgenproof1]
+preg_val [lemma, in backend.PPCgenproof1]
+Prlwinm [constructor, in backend.PPC]
+program [definition, in backend.LTL]
+program [definition, in backend.Cminor]
+program [definition, in backend.Linear]
+program [inductive, in backend.AST]
+program [definition, in backend.RTL]
+program [definition, in backend.Csharpminor]
+program [definition, in backend.PPC]
+program [definition, in backend.Mach]
+program_typing_preserved [lemma, in backend.Tunnelingtyping]
+program_typing_preserved [lemma, in backend.Linearizetyping]
+program_typing_preserved [lemma, in backend.Alloctyping]
+program_typing_preserved [lemma, in backend.Stackingtyping]
+prog_funct_transf_OK [lemma, in backend.Globalenvs]
+proof_irrelevance [axiom, in lib.Coqlib]
+propagate_succ [definition, in backend.Kildall]
+propagate_successors [definition, in backend.Kildall]
+propagate_successors_charact1 [lemma, in backend.Kildall]
+propagate_successors_charact2 [lemma, in backend.Kildall]
+propagate_successors_invariant [lemma, in backend.Kildall]
+propagate_successors_P [lemma, in backend.Kildall]
+propagate_succ_charact [lemma, in backend.Kildall]
+propagate_succ_incr [lemma, in backend.Kildall]
+propagate_succ_incr_worklist [lemma, in backend.Kildall]
+propagate_succ_list [definition, in backend.Kildall]
+propagate_succ_list_charact [lemma, in backend.Kildall]
+propagate_succ_list_incr [lemma, in backend.Kildall]
+propagate_succ_list_incr_worklist [lemma, in backend.Kildall]
+propagate_succ_list_records_changes [lemma, in backend.Kildall]
+propagate_succ_records_changes [lemma, in backend.Kildall]
+Pslw [constructor, in backend.PPC]
+Psraw [constructor, in backend.PPC]
+Psrawi [constructor, in backend.PPC]
+Psrw [constructor, in backend.PPC]
+Pstate [definition, in backend.Kildall]
+Pstb [constructor, in backend.PPC]
+Pstbx [constructor, in backend.PPC]
+Pstfd [constructor, in backend.PPC]
+Pstfdx [constructor, in backend.PPC]
+Pstfs [constructor, in backend.PPC]
+Pstfsx [constructor, in backend.PPC]
+Psth [constructor, in backend.PPC]
+Psthx [constructor, in backend.PPC]
+Pstw [constructor, in backend.PPC]
+Pstwx [constructor, in backend.PPC]
+Psubfc [constructor, in backend.PPC]
+Psubfic [constructor, in backend.PPC]
+PTree [module, in lib.Maps]
+Pxor [constructor, in backend.PPC]
+Pxori [constructor, in backend.PPC]
+Pxoris [constructor, in backend.PPC]
+p_move [definition, in backend.Allocproof_aux]
+P_move [definition, in backend.Parallelmove]
+

R

+R [constructor, in backend.Locations]
+R [definition, in backend.Coloring]
+reachable [definition, in backend.Linearize]
+reachable_aux [definition, in backend.Linearize]
+reachable_correct_1 [lemma, in backend.Linearizeproof]
+reachable_correct_2 [lemma, in backend.Linearizeproof]
+reachable_entrypoint [lemma, in backend.Linearizeproof]
+reachable_successors [lemma, in backend.Linearizeproof]
+rebuild_l [lemma, in backend.Parallelmove]
+refl_ge [lemma, in backend.CSE]
+Reg [module, in backend.Registers]
+reg [definition, in backend.Registers]
+Reg [definition, in backend.Parallelmove]
+regalloc [definition, in backend.Coloring]
+regalloc_acceptable [lemma, in backend.Coloringproof]
+regalloc_correct_1 [lemma, in backend.Coloringproof]
+regalloc_correct_2 [lemma, in backend.Coloringproof]
+regalloc_correct_3 [lemma, in backend.Coloringproof]
+regalloc_disj_temporaries [lemma, in backend.Allocproof]
+regalloc_norepet_norepet [lemma, in backend.Allocproof]
+regalloc_noteq_diff [lemma, in backend.Allocproof]
+regalloc_notin_notin [lemma, in backend.Allocproof]
+regalloc_not_temporary [lemma, in backend.Allocproof]
+regalloc_ok [lemma, in backend.Coloringproof]
+regalloc_preserves_types [lemma, in backend.Coloringproof]
+regenv [definition, in backend.RTLtyping]
+RegEq [module, in backend.Mach]
+Registers [library]
+register_classification [lemma, in backend.Conventions]
+reglist [definition, in backend.LTL]
+Regmap [module, in backend.Mach]
+Regmap [module, in backend.Registers]
+regmap_optget [definition, in backend.Registers]
+regmap_optset [definition, in backend.Registers]
+regsalloc_acceptable [lemma, in backend.Coloringproof]
+regset [definition, in backend.Mach]
+regset [definition, in backend.RTL]
+regset [definition, in backend.PPC]
+Regset [module, in backend.Registers]
+regs_for [definition, in backend.Allocation]
+regs_for_rec [definition, in backend.Allocation]
+regs_match_approx [definition, in backend.Constpropproof]
+regs_match_approx_increasing [lemma, in backend.Constpropproof]
+regs_match_approx_update [lemma, in backend.Constpropproof]
+regs_of_instr [definition, in backend.Lineartyping]
+reg_for [definition, in backend.Allocation]
+reg_for_spec [lemma, in backend.Allocproof]
+reg_fresh [definition, in backend.RTLgenproof1]
+reg_fresh_decr [lemma, in backend.RTLgenproof1]
+reg_in_map [definition, in backend.RTLgenproof1]
+reg_in_map_valid [lemma, in backend.RTLgenproof1]
+reg_list_dead [definition, in backend.Allocation]
+reg_list_live [definition, in backend.Allocation]
+reg_of_crbit [definition, in backend.PPC]
+reg_option_live [definition, in backend.Allocation]
+reg_sum_live [definition, in backend.Allocation]
+reg_valid [definition, in backend.RTLgenproof1]
+reg_valid_incr [lemma, in backend.RTLgenproof1]
+reg_valnum [definition, in backend.CSE]
+reg_valnum_correct [lemma, in backend.CSEproof]
+remove [definition, in lib.Sets]
+remove [definition, in lib.Maps]
+remove_all_leaves [definition, in lib.Inclusion]
+remove_all_leaves_sound [lemma, in lib.Inclusion]
+repet [definition, in backend.RTLtyping]
+repet_correct [lemma, in backend.RTLtyping]
+replace_last_id [lemma, in backend.Parallelmove]
+replace_last_s [definition, in backend.Parallelmove]
+repr [definition, in lib.union_find]
+repr [definition, in lib.Integers]
+repr_aux [definition, in lib.union_find]
+repr_aux_canon [lemma, in lib.union_find]
+repr_aux_none [lemma, in lib.union_find]
+repr_aux_some [lemma, in lib.union_find]
+repr_empty [lemma, in lib.union_find]
+repr_order [definition, in lib.union_find]
+repr_rec [definition, in lib.union_find]
+repr_rec_ext [lemma, in lib.union_find]
+repr_repr [lemma, in lib.union_find]
+repr_signed [lemma, in lib.Integers]
+repr_unsigned [lemma, in lib.Integers]
+res [inductive, in backend.RTLgen]
+reserve_instr [definition, in backend.RTLgen]
+reserve_instr_incr [lemma, in backend.RTLgenproof1]
+reserve_instr_wf [lemma, in backend.RTLgen]
+restore_callee_save [definition, in backend.Stacking]
+restore_callee_save_correct [lemma, in backend.Stackingproof]
+restore_float_callee_save [definition, in backend.Stacking]
+restore_float_callee_save_correct [lemma, in backend.Stackingproof]
+restore_float_callee_save_correct_rec [lemma, in backend.Stackingproof]
+restore_int_callee_save [definition, in backend.Stacking]
+restore_int_callee_save_correct [lemma, in backend.Stackingproof]
+restore_int_callee_save_correct_rec [lemma, in backend.Stackingproof]
+result [definition, in backend.Kildall]
+reswellFormed [definition, in backend.Allocproof_aux]
+ret [definition, in backend.RTLgen]
+Return [constructor, in backend.LTL]
+return_regs [definition, in backend.LTL]
+return_regs_not_destroyed [lemma, in backend.Allocproof]
+return_regs_result [lemma, in backend.Allocproof]
+return_reg_ok [inductive, in backend.RTLgenproof1]
+return_reg_ok_incr [lemma, in backend.RTLgenproof1]
+return_reg_ok_none [constructor, in backend.RTLgenproof1]
+return_reg_ok_some [constructor, in backend.RTLgenproof1]
+ret_reg [definition, in backend.RTLgen]
+rhs [inductive, in backend.CSE]
+rhs_evals_to [definition, in backend.CSEproof]
+right [definition, in backend.Parallelmove]
+rleaf [lemma, in lib.Maps]
+rlw_accepting [definition, in lib.Integers]
+RLW_Sbad [constructor, in lib.Integers]
+rlw_state [inductive, in lib.Integers]
+RLW_S0 [constructor, in lib.Integers]
+RLW_S1 [constructor, in lib.Integers]
+RLW_S2 [constructor, in lib.Integers]
+RLW_S3 [constructor, in lib.Integers]
+RLW_S4 [constructor, in lib.Integers]
+RLW_S5 [constructor, in lib.Integers]
+RLW_S6 [constructor, in lib.Integers]
+rlw_transition [definition, in lib.Integers]
+rol [definition, in lib.Integers]
+rolm [definition, in backend.Values]
+rolm [definition, in backend.Cmconstr]
+rolm [definition, in lib.Integers]
+rolm_cases [inductive, in backend.Cmconstr]
+rolm_case1 [constructor, in backend.Cmconstr]
+rolm_case2 [constructor, in backend.Cmconstr]
+rolm_default [constructor, in backend.Cmconstr]
+rolm_match [definition, in backend.Cmconstr]
+rolm_rolm [lemma, in lib.Integers]
+rolm_rolm [lemma, in backend.Values]
+rolm_zero [lemma, in lib.Integers]
+rolm_zero [lemma, in backend.Values]
+rol_and [lemma, in lib.Integers]
+rol_or [lemma, in lib.Integers]
+rol_rol [lemma, in lib.Integers]
+rol_zero [lemma, in lib.Integers]
+RTL [library]
+RTLgen [library]
+RTLgenproof [library]
+RTLgenproof1 [library]
+RTLtyping [library]
+R10 [constructor, in backend.Locations]
+R13 [constructor, in backend.Locations]
+R14 [constructor, in backend.Locations]
+R15 [constructor, in backend.Locations]
+R16 [constructor, in backend.Locations]
+R17 [constructor, in backend.Locations]
+R18 [constructor, in backend.Locations]
+R19 [constructor, in backend.Locations]
+r2 [constructor, in backend.Op]
+r2 [constructor, in backend.Op]
+R20 [constructor, in backend.Locations]
+R21 [constructor, in backend.Locations]
+R22 [constructor, in backend.Locations]
+R23 [constructor, in backend.Locations]
+R24 [constructor, in backend.Locations]
+R25 [constructor, in backend.Locations]
+R26 [constructor, in backend.Locations]
+R27 [constructor, in backend.Locations]
+R28 [constructor, in backend.Locations]
+R29 [constructor, in backend.Locations]
+R3 [constructor, in backend.Locations]
+R30 [constructor, in backend.Locations]
+R31 [constructor, in backend.Locations]
+R4 [constructor, in backend.Locations]
+R5 [constructor, in backend.Locations]
+R6 [constructor, in backend.Locations]
+R7 [constructor, in backend.Locations]
+R8 [constructor, in backend.Locations]
+R9 [constructor, in backend.Locations]
+

S

+S [constructor, in backend.Locations]
+sameclass [definition, in lib.union_find]
+sameclass [definition, in lib.union_find]
+sameclass_empty [lemma, in lib.union_find]
+sameclass_identify_1 [lemma, in lib.union_find]
+sameclass_identify_2 [lemma, in lib.union_find]
+sameclass_refl [lemma, in lib.union_find]
+sameclass_repr [lemma, in lib.union_find]
+sameclass_sym [lemma, in lib.union_find]
+sameclass_trans [lemma, in lib.union_find]
+sameEnv [definition, in backend.Parallelmove]
+sameExec [definition, in backend.Parallelmove]
+sameExec_reflexive [lemma, in backend.Parallelmove]
+sameExec_transitive [lemma, in backend.Parallelmove]
+same_expr_pure [definition, in backend.Cmconstr]
+same_not_diff [lemma, in backend.Locations]
+same_typ [definition, in backend.Coloring]
+same_typ_correct [lemma, in backend.Coloringproof]
+save_callee_save [definition, in backend.Stacking]
+save_callee_save_correct [lemma, in backend.Stackingproof]
+save_float_callee_save [definition, in backend.Stacking]
+save_float_callee_save_correct [lemma, in backend.Stackingproof]
+save_float_callee_save_correct_rec [lemma, in backend.Stackingproof]
+save_int_callee_save [definition, in backend.Stacking]
+save_int_callee_save_correct [lemma, in backend.Stackingproof]
+save_int_callee_save_correct_rec [lemma, in backend.Stackingproof]
+Sblock [constructor, in backend.Cminor]
+Sblock [constructor, in backend.Csharpminor]
+SB_Pmov [lemma, in backend.Parallelmove]
+Scons [constructor, in backend.Cminor]
+Scons [constructor, in backend.Csharpminor]
+SDone_Pmov [lemma, in backend.Allocproof_aux]
+SDone_stepf [lemma, in backend.Allocproof_aux]
+sD_nW [lemma, in backend.Parallelmove]
+sD_pexec [lemma, in backend.Parallelmove]
+SEMILATTICE [module, in lib.Lattice]
+SEMILATTICE_WITH_TOP [module, in lib.Lattice]
+set [definition, in lib.Maps]
+set [definition, in backend.Locations]
+set [definition, in lib.Maps]
+set [definition, in lib.Maps]
+set [definition, in lib.Lattice]
+set [definition, in lib.Maps]
+SetDepRegMreg [module, in backend.InterfGraph]
+SetDepRegReg [module, in backend.InterfGraph]
+setN [definition, in backend.Mem]
+setN_agree [lemma, in backend.Mem]
+setN_inject [lemma, in backend.Mem]
+setN_outside_agree [lemma, in backend.Mem]
+setN_outside_inject [lemma, in backend.Mem]
+SetRegMreg [module, in backend.InterfGraph]
+SetRegReg [module, in backend.InterfGraph]
+Sets [library]
+set_cont [definition, in backend.Mem]
+set_cont_agree [lemma, in backend.Mem]
+set_cont_inject [lemma, in backend.Mem]
+set_cont_inside [lemma, in backend.Mem]
+set_cont_outside [lemma, in backend.Mem]
+set_cont_outside1 [lemma, in backend.Mem]
+set_cont_outside_agree [lemma, in backend.Mem]
+set_cont_outside_inject [lemma, in backend.Mem]
+set_locals [definition, in backend.Cminor]
+set_locals_defined [lemma, in backend.Cminorgenproof]
+set_locals_params_defined [lemma, in backend.Cminorgenproof]
+set_params [definition, in backend.Cminor]
+set_params_defined [lemma, in backend.Cminorgenproof]
+set_slot [inductive, in backend.Machabstr]
+set_slot_index [lemma, in backend.Stackingproof]
+set_slot_intro [constructor, in backend.Machabstr]
+set_slot_link_invariant [lemma, in backend.Machtyping]
+set_slot_ok [lemma, in backend.Stackingproof]
+Sexec [definition, in backend.Parallelmove]
+sexec [definition, in backend.Parallelmove]
+Sexit [constructor, in backend.Cminor]
+Sexit [constructor, in backend.Csharpminor]
+Sexpr [constructor, in backend.Cminor]
+Sexpr [constructor, in backend.Csharpminor]
+shift_cases [inductive, in backend.Cmconstr]
+shift_case1 [constructor, in backend.Cmconstr]
+shift_default [constructor, in backend.Cmconstr]
+shift_eval_addressing [lemma, in backend.Stackingproof]
+shift_eval_operation [lemma, in backend.Stackingproof]
+shift_match [definition, in backend.Cmconstr]
+shift_sp [definition, in backend.Stackingproof]
+shl [definition, in lib.Integers]
+shl [definition, in backend.Cmconstr]
+shl [definition, in backend.Values]
+shlimm [definition, in backend.Cmconstr]
+shl_mul [lemma, in backend.Values]
+shl_mul [lemma, in lib.Integers]
+shl_mul_two_p [lemma, in lib.Integers]
+shl_rolm [lemma, in lib.Integers]
+shl_rolm [lemma, in backend.Values]
+shl_zero [lemma, in lib.Integers]
+shr [definition, in lib.Integers]
+shr [definition, in backend.Cmconstr]
+shr [definition, in backend.Values]
+shru [definition, in backend.Cmconstr]
+shru [definition, in lib.Integers]
+shru [definition, in backend.Values]
+shruimm [definition, in backend.Cmconstr]
+shru_div_two_p [lemma, in lib.Integers]
+shru_rolm [lemma, in backend.Values]
+shru_rolm [lemma, in lib.Integers]
+shru_zero [lemma, in lib.Integers]
+shrx [definition, in lib.Integers]
+shrx [definition, in backend.Values]
+shrx_carry [lemma, in backend.Values]
+shrx_carry [lemma, in lib.Integers]
+shr_carry [definition, in backend.Values]
+shr_carry [definition, in lib.Integers]
+shr_zero [lemma, in lib.Integers]
+Sifthenelse [constructor, in backend.Csharpminor]
+Sifthenelse [constructor, in backend.Cminor]
+signature [inductive, in backend.AST]
+signed [definition, in lib.Integers]
+signed_range [lemma, in lib.Integers]
+signed_repr [lemma, in lib.Integers]
+sig_function_translated [lemma, in backend.Allocproof]
+sig_transl_function [lemma, in backend.Cminorgenproof]
+simpleDest [definition, in backend.Parallelmove]
+simpleDest_insert [lemma, in backend.Parallelmove]
+simpleDest_movBack [lemma, in backend.Parallelmove]
+simpleDest_movFront [lemma, in backend.Parallelmove]
+simpleDest_Pop [lemma, in backend.Parallelmove]
+simpleDest_pop [lemma, in backend.Parallelmove]
+simpleDest_pop2 [lemma, in backend.Parallelmove]
+simpleDest_right [lemma, in backend.Parallelmove]
+simpleDest_swap [lemma, in backend.Parallelmove]
+simpleDest_swap_app [lemma, in backend.Parallelmove]
+simpleDest_tmpLast [lemma, in backend.Parallelmove]
+singleoffloat [definition, in backend.Values]
+singleoffloat [definition, in backend.Cmconstr]
+singleoffloat [axiom, in lib.Floats]
+singleoffloat_idem [axiom, in lib.Floats]
+sizeof [definition, in backend.Csharpminor]
+Size16 [constructor, in backend.Mem]
+Size32 [constructor, in backend.Mem]
+Size64 [constructor, in backend.Mem]
+Size8 [constructor, in backend.Mem]
+size_arguments [definition, in backend.Conventions]
+size_arguments_bound [lemma, in backend.Linearizetyping]
+size_arguments_rec [definition, in backend.Conventions]
+size_chunk [definition, in backend.Mem]
+size_chunk_pos [lemma, in backend.Mem]
+size_mem [definition, in backend.Mem]
+size_mem_pos [lemma, in backend.Mem]
+size_no_overflow [lemma, in backend.Stackingproof]
+size_pos [lemma, in backend.Stackingproof]
+Sloop [constructor, in backend.Csharpminor]
+Sloop [constructor, in backend.Cminor]
+slot [inductive, in backend.Locations]
+slots_of_instr [definition, in backend.Lineartyping]
+slot_bounded [definition, in backend.Lineartyping]
+slot_bounded [definition, in backend.LTLtyping]
+slot_eq [lemma, in backend.Locations]
+slot_gi [lemma, in backend.Stackingproof]
+slot_gso [lemma, in backend.Stackingproof]
+slot_gss [lemma, in backend.Stackingproof]
+slot_iso [lemma, in backend.Stackingproof]
+slot_iss [lemma, in backend.Stackingproof]
+slot_is_bounded [lemma, in backend.Linearizetyping]
+slot_type [definition, in backend.Locations]
+Snil [constructor, in backend.Csharpminor]
+Snil [constructor, in backend.Cminor]
+Solver [module, in backend.CSE]
+Some [definition, in backend.Parallelmove]
+sort_bin [definition, in lib.Inclusion]
+sort_included [lemma, in lib.Inclusion]
+sort_included2 [lemma, in lib.Inclusion]
+splitNone [lemma, in backend.Parallelmove]
+splitSome [lemma, in backend.Parallelmove]
+split_length [lemma, in backend.Parallelmove]
+split_move [definition, in backend.Parallelmove]
+split_move' [definition, in backend.Parallelmove]
+split_move_incl [lemma, in backend.Alloctyping_aux]
+sp_val [lemma, in backend.PPCgenproof1]
+srcdst_tmp2_stepf [lemma, in backend.Alloctyping_aux]
+src_tmp2_res [lemma, in backend.Alloctyping_aux]
+Sreturn [constructor, in backend.Csharpminor]
+Sreturn [constructor, in backend.Cminor]
+Stacking [library]
+Stackingproof [library]
+Stackingtyping [library]
+starts_with [definition, in backend.Linearize]
+starts_with_correct [lemma, in backend.Linearizeproof]
+start_state [definition, in backend.Kildall]
+start_state_good [lemma, in backend.Kildall]
+start_state_in [definition, in backend.Kildall]
+start_state_in_entry [lemma, in backend.Kildall]
+start_state_wrk [definition, in backend.Kildall]
+state [inductive, in backend.Kildall]
+State [definition, in backend.Parallelmove]
+state [inductive, in backend.RTLgen]
+state [inductive, in backend.Kildall]
+StateBeing [definition, in backend.Parallelmove]
+StateDone [definition, in backend.Parallelmove]
+StateToMove [definition, in backend.Parallelmove]
+state_extends [definition, in backend.RTLgenproof1]
+state_incr [inductive, in backend.RTLgenproof1]
+state_incr_extends [lemma, in backend.RTLgenproof1]
+state_incr_intro [constructor, in backend.RTLgenproof1]
+state_incr_refl [lemma, in backend.RTLgenproof1]
+state_incr_trans [lemma, in backend.RTLgenproof1]
+state_incr_trans2 [lemma, in backend.RTLgenproof1]
+state_incr_trans3 [lemma, in backend.RTLgenproof1]
+state_incr_trans4 [lemma, in backend.RTLgenproof1]
+state_incr_trans5 [lemma, in backend.RTLgenproof1]
+state_incr_trans6 [lemma, in backend.RTLgenproof1]
+state_invariant [definition, in backend.Kildall]
+step [definition, in backend.Kildall]
+step [inductive, in backend.Parallelmove]
+step [definition, in backend.Kildall]
+stepf [definition, in backend.Parallelmove]
+stepf' [definition, in backend.Parallelmove]
+stepf1_dec [lemma, in backend.Parallelmove]
+stepf_dec [lemma, in backend.Parallelmove]
+stepf_dec0 [lemma, in backend.Parallelmove]
+stepf_dec0' [lemma, in backend.Parallelmove]
+stepf_pop [lemma, in backend.Parallelmove]
+stepf_popLoop [lemma, in backend.Parallelmove]
+stepInv [definition, in backend.Parallelmove]
+stepInv_pnilnil [lemma, in backend.Allocproof_aux]
+stepp [inductive, in backend.Parallelmove]
+stepp_inv [lemma, in backend.Parallelmove]
+stepp_refl [constructor, in backend.Parallelmove]
+stepp_sameExec [lemma, in backend.Parallelmove]
+stepp_trans [constructor, in backend.Parallelmove]
+stepp_transitive [lemma, in backend.Parallelmove]
+step1 [lemma, in backend.RTLtyping]
+step2 [lemma, in backend.RTLtyping]
+step3 [lemma, in backend.RTLtyping]
+step4 [lemma, in backend.RTLtyping]
+step_dec [lemma, in backend.Parallelmove]
+step_dec0 [lemma, in backend.Parallelmove]
+step_inv [lemma, in backend.Parallelmove]
+step_inv_getdst [lemma, in backend.Parallelmove]
+step_inv_loop [lemma, in backend.Parallelmove]
+step_inv_loop_aux [lemma, in backend.Parallelmove]
+step_inv_noOverlap [lemma, in backend.Parallelmove]
+step_inv_NoOverlap [lemma, in backend.Parallelmove]
+step_inv_noTmp [lemma, in backend.Parallelmove]
+step_inv_noTmpLast [lemma, in backend.Parallelmove]
+step_inv_path [lemma, in backend.Parallelmove]
+step_inv_simpleDest [lemma, in backend.Parallelmove]
+step_loop [constructor, in backend.Parallelmove]
+step_NF [definition, in backend.Parallelmove]
+step_nop [constructor, in backend.Parallelmove]
+step_pop [constructor, in backend.Parallelmove]
+step_push [constructor, in backend.Parallelmove]
+step_sameExec [lemma, in backend.Parallelmove]
+step_start [constructor, in backend.Parallelmove]
+step_state_good [lemma, in backend.Kildall]
+step_stepp [lemma, in backend.Parallelmove]
+stmt [inductive, in backend.Csharpminor]
+stmt [inductive, in backend.Cminor]
+stmtlist [inductive, in backend.Csharpminor]
+stmtlist [inductive, in backend.Cminor]
+stmt_stmtlist_ind [lemma, in backend.RTLgenproof1]
+STM_Pmov [lemma, in backend.Parallelmove]
+store [definition, in backend.Cmconstr]
+store [definition, in backend.Mem]
+storeind [definition, in backend.PPCgen]
+storeind_aux [definition, in backend.PPCgen]
+storeind_aux_correct [lemma, in backend.PPCgenproof1]
+storeind_correct [lemma, in backend.PPCgenproof1]
+storev [definition, in backend.Mem]
+storev_mapped_inject [lemma, in backend.Mem]
+storev_mapped_inject_1 [lemma, in backend.Mem]
+storev_16_signed_unsigned [lemma, in backend.PPCgenproof]
+storev_8_signed_unsigned [lemma, in backend.PPCgenproof]
+store1 [definition, in backend.PPC]
+store2 [definition, in backend.PPC]
+store_agree [lemma, in backend.Mem]
+store_alloc [lemma, in backend.Mem]
+store_contentmap_agree [lemma, in backend.Mem]
+store_contentmap_outside_agree [lemma, in backend.Mem]
+store_contents [definition, in backend.Mem]
+store_contents_inject [lemma, in backend.Mem]
+store_contents_outside_inject [lemma, in backend.Mem]
+store_inv [lemma, in backend.Mem]
+store_in_bounds [lemma, in backend.Mem]
+store_is_in_bounds [lemma, in backend.Mem]
+store_mapped_inject [lemma, in backend.Mem]
+store_mapped_inject_1 [lemma, in backend.Mem]
+store_outside_agree [lemma, in backend.Mem]
+store_outside_extends [lemma, in backend.Mem]
+store_parameters [definition, in backend.Cminorgen]
+store_parameters_correct [lemma, in backend.Cminorgenproof]
+store_stack [definition, in backend.Mach]
+store_unmapped_inject [lemma, in backend.Mem]
+store_within_extends [lemma, in backend.Mem]
+sub [axiom, in lib.Floats]
+sub [definition, in backend.Values]
+sub [definition, in lib.Integers]
+sub [definition, in backend.Cmconstr]
+subf [definition, in backend.Values]
+subf [definition, in backend.Cmconstr]
+subf_addf_opp [axiom, in lib.Floats]
+subf_cases [inductive, in backend.Cmconstr]
+subf_case1 [constructor, in backend.Cmconstr]
+subf_default [constructor, in backend.Cmconstr]
+subf_match [definition, in backend.Cmconstr]
+subject_reduction [lemma, in backend.Machtyping]
+subject_reduction [lemma, in backend.RTLtyping]
+subject_reduction_function [lemma, in backend.Machtyping]
+subject_reduction_instr [lemma, in backend.Machtyping]
+subject_reduction_instrs [lemma, in backend.Machtyping]
+sub_add_l [lemma, in backend.Values]
+sub_add_l [lemma, in lib.Integers]
+sub_add_opp [lemma, in lib.Integers]
+sub_add_opp [lemma, in backend.Values]
+sub_add_r [lemma, in backend.Values]
+sub_add_r [lemma, in lib.Integers]
+sub_cases [inductive, in backend.Cmconstr]
+sub_case1 [constructor, in backend.Cmconstr]
+sub_case2 [constructor, in backend.Cmconstr]
+sub_case3 [constructor, in backend.Cmconstr]
+sub_case4 [constructor, in backend.Cmconstr]
+sub_default [constructor, in backend.Cmconstr]
+sub_idem [lemma, in lib.Integers]
+sub_match [definition, in backend.Cmconstr]
+sub_match_aux [definition, in backend.Cmconstr]
+sub_shifted [lemma, in lib.Integers]
+sub_zero_l [lemma, in lib.Integers]
+sub_zero_r [lemma, in backend.Values]
+sub_zero_r [lemma, in lib.Integers]
+successors [definition, in backend.LTL]
+successors [definition, in backend.RTL]
+successors_aux [definition, in backend.LTL]
+successors_aux_invariant [lemma, in backend.LTL]
+successors_correct [lemma, in backend.LTL]
+successors_correct [lemma, in backend.RTL]
+sum_left_map [definition, in lib.Coqlib]
+swap_cmp [lemma, in lib.Integers]
+swap_cmp [lemma, in backend.Values]
+swap_cmpu [lemma, in backend.Values]
+swap_cmpu [lemma, in lib.Integers]
+swap_cmp_mismatch [lemma, in backend.Values]
+swap_comparison [definition, in backend.AST]
+symbols_add_globals_transf [lemma, in backend.Globalenvs]
+symbols_init_transf [lemma, in backend.Globalenvs]
+symbols_preserved [lemma, in backend.Tunnelingproof]
+symbols_preserved [lemma, in backend.Allocproof]
+symbols_preserved [lemma, in backend.Cminorgenproof]
+symbols_preserved [lemma, in backend.Constpropproof]
+symbols_preserved [lemma, in backend.PPCgenproof]
+symbols_preserved [lemma, in backend.RTLgenproof]
+symbols_preserved [lemma, in backend.Linearizeproof]
+symbols_preserved [lemma, in backend.CSEproof]
+symbols_preserved [lemma, in backend.Stackingproof]
+symbol_offset [definition, in backend.PPC]
+s1 [definition, in backend.Linearize]
+

T

+t [definition, in backend.PPC]
+t [definition, in lib.Ordered]
+t [definition, in lib.Maps]
+t [definition, in lib.Maps]
+t [definition, in lib.Lattice]
+t [definition, in backend.Locations]
+t [definition, in backend.Constprop]
+t [definition, in lib.Ordered]
+t [definition, in backend.Globalenvs]
+t [definition, in lib.Lattice]
+T [definition, in backend.RTLtyping]
+T [definition, in lib.union_find]
+t [definition, in backend.CSEproof]
+t [definition, in backend.Locations]
+t [definition, in lib.Maps]
+T [definition, in backend.Parallelmove]
+t [definition, in lib.Maps]
+T [definition, in backend.RTLtyping]
+t [definition, in backend.InterfGraph]
+t [definition, in lib.Maps]
+t [definition, in lib.Ordered]
+t [definition, in lib.Lattice]
+t [definition, in backend.Mach]
+t [definition, in lib.Sets]
+t [definition, in lib.Maps]
+t [definition, in backend.CSE]
+target_regs_cons [constructor, in backend.RTLgenproof1]
+target_regs_nil [constructor, in backend.RTLgenproof1]
+target_regs_not_mutated [lemma, in backend.RTLgenproof1]
+target_regs_ok [inductive, in backend.RTLgenproof1]
+target_regs_ok_incr [lemma, in backend.RTLgenproof1]
+target_regs_valid [lemma, in backend.RTLgenproof1]
+target_reg_immut_var [constructor, in backend.RTLgenproof1]
+target_reg_not_mutated [lemma, in backend.RTLgenproof1]
+target_reg_ok [inductive, in backend.RTLgenproof1]
+target_reg_ok_incr [lemma, in backend.RTLgenproof1]
+target_reg_valid [lemma, in backend.RTLgenproof1]
+temporaries [definition, in backend.Conventions]
+temporaries1 [definition, in backend.Allocproof_aux]
+temporaries1_3 [definition, in backend.Allocproof_aux]
+temporaries2 [definition, in backend.Allocproof_aux]
+temporaries_not_acceptable [lemma, in backend.Conventions]
+teq [definition, in backend.RTLtyping]
+teq_correct [lemma, in backend.RTLtyping]
+test_inclusion [definition, in lib.Inclusion]
+test_inclusion_sound [lemma, in lib.Inclusion]
+Tfloat [constructor, in backend.AST]
+Tint [definition, in backend.Allocation]
+Tint [constructor, in backend.AST]
+top [definition, in lib.Lattice]
+top [definition, in lib.Lattice]
+top [definition, in backend.CSE]
+top [definition, in backend.Constprop]
+top [definition, in lib.Lattice]
+top_ge [lemma, in backend.CSE]
+transfer [definition, in backend.Allocation]
+transfer [definition, in backend.Constprop]
+transfer [definition, in backend.CSE]
+transfer_correct [lemma, in backend.Constpropproof]
+transfer_correct [lemma, in backend.CSEproof]
+transform_partial_program [definition, in backend.AST]
+transform_partial_program_compose [lemma, in backend.Main]
+transform_partial_program_function [lemma, in backend.AST]
+transform_partial_program_main [lemma, in backend.AST]
+transform_program [definition, in backend.AST]
+transform_program_function [lemma, in backend.AST]
+transform_program_partial_total [lemma, in backend.Main]
+transform_program_transform_partial_program [lemma, in backend.Globalenvs]
+transf_cminor_function [definition, in backend.Main]
+transf_cminor_program [definition, in backend.Main]
+transf_cminor_program2 [definition, in backend.Main]
+transf_cminor_program2_correct [lemma, in backend.Main]
+transf_cminor_program_correct [lemma, in backend.Main]
+transf_cminor_program_equiv [lemma, in backend.Main]
+transf_code [definition, in backend.Constprop]
+transf_code [definition, in backend.CSE]
+transf_code_wf [lemma, in backend.CSE]
+transf_code_wf [lemma, in backend.Constprop]
+transf_code_wf [lemma, in backend.RTL]
+transf_csharpminor_function [definition, in backend.Main]
+transf_csharpminor_program [definition, in backend.Main]
+transf_csharpminor_program2 [definition, in backend.Main]
+transf_csharpminor_program2_correct [lemma, in backend.Main]
+transf_csharpminor_program_correct [lemma, in backend.Main]
+transf_csharpminor_program_equiv [lemma, in backend.Main]
+transf_entrypoint [definition, in backend.Allocation]
+transf_entrypoint_correct [lemma, in backend.Allocproof]
+transf_entrypoint_wf [lemma, in backend.Allocation]
+transf_function [definition, in backend.Linearize]
+transf_function [definition, in backend.Allocation]
+transf_function [definition, in backend.CSE]
+transf_function [definition, in backend.RTL]
+transf_function [definition, in backend.PPCgen]
+transf_function [definition, in backend.Stacking]
+transf_function [definition, in backend.Constprop]
+transf_function_correct [lemma, in backend.Linearizeproof]
+transf_function_correct [lemma, in backend.PPCgenproof]
+transf_function_correct [lemma, in backend.Stackingproof]
+transf_function_correct [lemma, in backend.CSEproof]
+transf_funct_correct [lemma, in backend.Constpropproof]
+transf_instr [definition, in backend.Allocation]
+transf_instr [definition, in backend.Constprop]
+transf_instr [definition, in backend.CSE]
+transf_partial [definition, in backend.Globalenvs]
+transf_partial_program [definition, in backend.AST]
+transf_partial_program_compose [lemma, in backend.Main]
+transf_program [definition, in backend.CSE]
+transf_program [definition, in backend.PPCgen]
+transf_program [definition, in backend.Stacking]
+transf_program [definition, in backend.Constprop]
+transf_program [definition, in backend.Allocation]
+transf_program [definition, in backend.Linearize]
+transf_program [definition, in backend.AST]
+transf_program_correct [lemma, in backend.Linearizeproof]
+transf_program_correct [lemma, in backend.Tunnelingproof]
+transf_program_correct [lemma, in backend.Constpropproof]
+transf_program_correct [lemma, in backend.PPCgenproof]
+transf_program_correct [lemma, in backend.CSEproof]
+transf_program_partial_total [lemma, in backend.Main]
+transf_program_transf_partial_program [lemma, in backend.Globalenvs]
+translate_cmp [lemma, in lib.Integers]
+translate_eq [lemma, in lib.Integers]
+translate_lt [lemma, in lib.Integers]
+transl_addr [definition, in backend.Stacking]
+transl_body [definition, in backend.Stacking]
+transl_code [definition, in backend.PPCgen]
+transl_code [definition, in backend.Stacking]
+transl_code_at_pc [inductive, in backend.PPCgenproof]
+transl_code_label [lemma, in backend.PPCgenproof]
+transl_cond [definition, in backend.PPCgen]
+transl_condition_CEcondition_correct [lemma, in backend.RTLgenproof]
+transl_condition_CEcond_correct [lemma, in backend.RTLgenproof]
+transl_condition_CEfalse_correct [lemma, in backend.RTLgenproof]
+transl_condition_CEtrue_correct [lemma, in backend.RTLgenproof]
+transl_condition_correct [definition, in backend.RTLgenproof]
+transl_condition_incr [lemma, in backend.RTLgenproof1]
+transl_condition_incr_pred [definition, in backend.RTLgenproof1]
+transl_cond_correct [lemma, in backend.PPCgenproof1]
+transl_cond_correct_aux [lemma, in backend.PPCgenproof1]
+transl_expr [definition, in backend.RTLgen]
+transl_expr [definition, in backend.Cminorgen]
+transl_exprlist_correct [definition, in backend.RTLgenproof]
+transl_exprlist_Econs_correct [lemma, in backend.Cminorgenproof]
+transl_exprlist_Econs_correct [lemma, in backend.RTLgenproof]
+transl_exprlist_Enil_correct [lemma, in backend.RTLgenproof]
+transl_exprlist_Enil_correct [lemma, in backend.Cminorgenproof]
+transl_exprlist_incr [lemma, in backend.RTLgenproof1]
+transl_exprlist_incr_pred [definition, in backend.RTLgenproof1]
+transl_expr_condition_exprlist_incr [lemma, in backend.RTLgenproof1]
+transl_expr_correct [definition, in backend.RTLgenproof]
+transl_expr_Eaddrof_global_correct [lemma, in backend.Cminorgenproof]
+transl_expr_Eaddrof_local_correct [lemma, in backend.Cminorgenproof]
+transl_expr_Eassign_correct [lemma, in backend.Cminorgenproof]
+transl_expr_Eassign_correct [lemma, in backend.RTLgenproof]
+transl_expr_Ecall_correct [lemma, in backend.RTLgenproof]
+transl_expr_Ecall_correct [lemma, in backend.Cminorgenproof]
+transl_expr_Econdition_correct [lemma, in backend.RTLgenproof]
+transl_expr_Econdition_false_correct [lemma, in backend.Cminorgenproof]
+transl_expr_Econdition_true_correct [lemma, in backend.Cminorgenproof]
+transl_expr_Eletvar_correct [lemma, in backend.RTLgenproof]
+transl_expr_Eletvar_correct [lemma, in backend.Cminorgenproof]
+transl_expr_Elet_correct [lemma, in backend.Cminorgenproof]
+transl_expr_Elet_correct [lemma, in backend.RTLgenproof]
+transl_expr_Eload_correct [lemma, in backend.RTLgenproof]
+transl_expr_Eload_correct [lemma, in backend.Cminorgenproof]
+transl_expr_Eop_correct [lemma, in backend.RTLgenproof]
+transl_expr_Eop_correct [lemma, in backend.Cminorgenproof]
+transl_expr_Estore_correct [lemma, in backend.RTLgenproof]
+transl_expr_Estore_correct [lemma, in backend.Cminorgenproof]
+transl_expr_Evar_correct [lemma, in backend.Cminorgenproof]
+transl_expr_Evar_correct [lemma, in backend.RTLgenproof]
+transl_expr_incr [lemma, in backend.RTLgenproof1]
+transl_expr_incr_pred [definition, in backend.RTLgenproof1]
+transl_find_label [lemma, in backend.PPCgenproof]
+transl_find_label [lemma, in backend.Stackingproof]
+transl_fun [definition, in backend.RTLgen]
+transl_funcall_correct [lemma, in backend.Cminorgenproof]
+transl_funcall_correct [lemma, in backend.RTLgenproof]
+transl_function [definition, in backend.Cminorgen]
+transl_function [definition, in backend.PPCgen]
+transl_function [definition, in backend.RTLgen]
+transl_function_correct [definition, in backend.RTLgenproof]
+transl_function_correct [lemma, in backend.Allocproof]
+transl_function_correct [lemma, in backend.Cminorgenproof]
+transl_function_correctness [lemma, in backend.Allocproof]
+transl_function_correctness [lemma, in backend.RTLgenproof]
+transl_Icall_correct [lemma, in backend.Allocproof]
+transl_Icond_false_correct [lemma, in backend.Allocproof]
+transl_Icond_true_correct [lemma, in backend.Allocproof]
+transl_Iload_correct [lemma, in backend.Allocproof]
+transl_Inop_correct [lemma, in backend.Allocproof]
+transl_instr [definition, in backend.PPCgen]
+transl_instr [definition, in backend.Stacking]
+transl_instr_label [lemma, in backend.PPCgenproof]
+transl_Iop_correct [lemma, in backend.Allocproof]
+transl_Istore_correct [lemma, in backend.Allocproof]
+transl_load_correct [lemma, in backend.PPCgenproof1]
+transl_load_store [definition, in backend.PPCgen]
+transl_load_store_correct [lemma, in backend.PPCgenproof1]
+transl_one_correct [lemma, in backend.Allocproof]
+transl_op [definition, in backend.Stacking]
+transl_op [definition, in backend.PPCgen]
+transl_op_correct [lemma, in backend.PPCgenproof1]
+transl_program [definition, in backend.RTLgen]
+transl_program [definition, in backend.Cminorgen]
+transl_program_correct [lemma, in backend.RTLgenproof]
+transl_program_correct [lemma, in backend.Stackingproof]
+transl_program_correct [lemma, in backend.Allocproof]
+transl_program_correct [lemma, in backend.Cminorgenproof]
+transl_refl_correct [lemma, in backend.Allocproof]
+transl_stmt [definition, in backend.Cminorgen]
+transl_stmt [definition, in backend.RTLgen]
+transl_stmtlist_correct [definition, in backend.RTLgenproof]
+transl_stmtlist_incr [lemma, in backend.RTLgenproof1]
+transl_stmtlist_incr_pred [definition, in backend.RTLgenproof1]
+transl_stmtlist_Scons_continue_correct [lemma, in backend.RTLgenproof]
+transl_stmtlist_Scons_stop_correct [lemma, in backend.RTLgenproof]
+transl_stmtlist_Scons_1_correct [lemma, in backend.Cminorgenproof]
+transl_stmtlist_Scons_2_correct [lemma, in backend.Cminorgenproof]
+transl_stmtlist_Snil_correct [lemma, in backend.RTLgenproof]
+transl_stmtlist_Snil_correct [lemma, in backend.Cminorgenproof]
+transl_stmt_correct [definition, in backend.RTLgenproof]
+transl_stmt_incr [lemma, in backend.RTLgenproof1]
+transl_stmt_incr_pred [definition, in backend.RTLgenproof1]
+transl_stmt_Sblock_correct [lemma, in backend.RTLgenproof]
+transl_stmt_Sblock_correct [lemma, in backend.Cminorgenproof]
+transl_stmt_Sexit_correct [lemma, in backend.RTLgenproof]
+transl_stmt_Sexit_correct [lemma, in backend.Cminorgenproof]
+transl_stmt_Sexpr_correct [lemma, in backend.RTLgenproof]
+transl_stmt_Sexpr_correct [lemma, in backend.Cminorgenproof]
+transl_stmt_Sifthenelse_correct [lemma, in backend.RTLgenproof]
+transl_stmt_Sifthenelse_false_correct [lemma, in backend.Cminorgenproof]
+transl_stmt_Sifthenelse_true_correct [lemma, in backend.Cminorgenproof]
+transl_stmt_Sloop_exit_correct [lemma, in backend.Cminorgenproof]
+transl_stmt_Sloop_loop_correct [lemma, in backend.Cminorgenproof]
+transl_stmt_Sloop_loop_correct [lemma, in backend.RTLgenproof]
+transl_stmt_Sloop_stop_correct [lemma, in backend.RTLgenproof]
+transl_stmt_Sreturn_none_correct [lemma, in backend.Cminorgenproof]
+transl_stmt_Sreturn_none_correct [lemma, in backend.RTLgenproof]
+transl_stmt_Sreturn_some_correct [lemma, in backend.RTLgenproof]
+transl_stmt_Sreturn_some_correct [lemma, in backend.Cminorgenproof]
+transl_stmt_stmtlist_incr [lemma, in backend.RTLgenproof1]
+transl_store_correct [lemma, in backend.PPCgenproof1]
+transl_trans_correct [lemma, in backend.Allocproof]
+tree [inductive, in lib.Maps]
+TREE [module, in lib.Maps]
+tReg [constructor, in backend.RTLtyping]
+tTy [constructor, in backend.RTLtyping]
+tunneled_code [definition, in backend.Tunnelingproof]
+Tunneling [library]
+Tunnelingproof [library]
+Tunnelingtyping [library]
+tunnel_block [definition, in backend.Tunneling]
+tunnel_function [definition, in backend.Tunneling]
+tunnel_function_correct [lemma, in backend.Tunnelingproof]
+tunnel_outcome [definition, in backend.Tunnelingproof]
+tunnel_program [definition, in backend.Tunneling]
+two_power_nat_O [lemma, in lib.Coqlib]
+two_power_nat_pos [lemma, in lib.Coqlib]
+typ [inductive, in backend.AST]
+type [definition, in backend.Locations]
+typenv [definition, in backend.Registers]
+typesize [definition, in backend.AST]
+typesize [definition, in backend.Locations]
+typesize_pos [lemma, in backend.Locations]
+type_args_complete [lemma, in backend.RTLtyping]
+type_args_correct [lemma, in backend.RTLtyping]
+type_args_extends [lemma, in backend.RTLtyping]
+type_args_included [lemma, in backend.RTLtyping]
+type_args_mapped [lemma, in backend.RTLtyping]
+type_args_res_complete [lemma, in backend.RTLtyping]
+type_args_res_included [lemma, in backend.RTLtyping]
+type_args_res_ros_included [lemma, in backend.RTLtyping]
+type_arg_complete [lemma, in backend.RTLtyping]
+type_arg_correct [lemma, in backend.RTLtyping]
+type_arg_correct_1 [lemma, in backend.RTLtyping]
+type_arg_extends [lemma, in backend.RTLtyping]
+type_arg_included [lemma, in backend.RTLtyping]
+type_arg_mapped [lemma, in backend.RTLtyping]
+type_instrs_extends [lemma, in backend.RTLtyping]
+type_instrs_included [lemma, in backend.RTLtyping]
+type_instr_included [lemma, in backend.RTLtyping]
+type_of_addressing [definition, in backend.Op]
+type_of_chunk [definition, in backend.Op]
+type_of_chunk_correct [lemma, in backend.Op]
+type_of_condition [definition, in backend.Op]
+type_of_index [definition, in backend.Stackingproof]
+type_of_operation [definition, in backend.Op]
+type_of_operation_sound [lemma, in backend.Op]
+type_of_sig_res [definition, in backend.RTLtyping]
+type_res_complete [lemma, in backend.RTLtyping]
+type_res_correct [lemma, in backend.RTLtyping]
+type_ros_complete [lemma, in backend.RTLtyping]
+type_ros_correct [lemma, in backend.RTLtyping]
+type_rtl_arg [definition, in backend.RTLtyping]
+type_rtl_function [definition, in backend.RTLtyping]
+type_rtl_function_correct [lemma, in backend.RTLtyping]
+type_rtl_function_instrs [lemma, in backend.RTLtyping]
+type_rtl_function_norepet [lemma, in backend.RTLtyping]
+type_rtl_function_params [lemma, in backend.RTLtyping]
+type_rtl_instr [definition, in backend.RTLtyping]
+type_rtl_ros [definition, in backend.RTLtyping]
+t_ [inductive, in lib.Lattice]
+t_ [inductive, in lib.Lattice]
+T_type [lemma, in backend.Alloctyping_aux]
+

U

+Uf [module, in backend.RTLtyping]
+unchecked_store [definition, in backend.Mem]
+Undef [constructor, in backend.Mem]
+undef_is_bool [lemma, in backend.Values]
+unfold_transf_function [lemma, in backend.Stackingproof]
+union [definition, in lib.Sets]
+UNIONFIND [module, in lib.union_find]
+unionfind [inductive, in lib.union_find]
+Unionfind [module, in lib.union_find]
+union_find [library]
+unique_labels [definition, in backend.Linearizeproof]
+unique_labels_lin_block [lemma, in backend.Linearizeproof]
+unique_labels_lin_function [lemma, in backend.Linearizeproof]
+unique_labels_lin_rec [lemma, in backend.Linearizeproof]
+unroll_positive_rec [lemma, in lib.Coqlib]
+unsigned [definition, in lib.Integers]
+unsigned_range [lemma, in lib.Integers]
+unsigned_range_2 [lemma, in lib.Integers]
+unsigned_repr [lemma, in lib.Integers]
+unsplit_move [lemma, in backend.Parallelmove]
+update [definition, in backend.Mem]
+update [definition, in backend.Parallelmove]
+update_instr [definition, in backend.RTLgen]
+update_instr_extends [lemma, in backend.RTLgenproof1]
+update_instr_incr [lemma, in backend.RTLgenproof1]
+update_instr_wf [lemma, in backend.RTLgen]
+update_o [lemma, in backend.Mem]
+update_s [lemma, in backend.Mem]
+

V

+Val [module, in backend.Values]
+val [inductive, in backend.Values]
+valid_block [definition, in backend.Mem]
+valid_block_alloc [lemma, in backend.Mem]
+valid_block_free [lemma, in backend.Mem]
+valid_block_store [lemma, in backend.Mem]
+valid_fresh_absurd [lemma, in backend.RTLgenproof1]
+valid_fresh_different [lemma, in backend.RTLgenproof1]
+valid_new_block [lemma, in backend.Mem]
+valid_not_valid_diff [lemma, in backend.Mem]
+valid_outcome [definition, in backend.Linearizeproof]
+valid_pointer [definition, in backend.Mem]
+valid_pointer_inject_no_overflow [lemma, in backend.Mem]
+valnum [definition, in backend.CSE]
+ValnumEq [module, in backend.CSEproof]
+valnum_reg [definition, in backend.CSE]
+valnum_regs [definition, in backend.CSE]
+valnum_regs_holds [lemma, in backend.CSEproof]
+valnum_reg_holds [lemma, in backend.CSEproof]
+Value [definition, in backend.Parallelmove]
+Values [library]
+valu_agree [definition, in backend.CSEproof]
+valu_agree_list [lemma, in backend.CSEproof]
+valu_agree_refl [lemma, in backend.CSEproof]
+valu_agree_trans [lemma, in backend.CSEproof]
+val_cond_reg [definition, in backend.PPC]
+val_cons_inject [constructor, in backend.Mem]
+val_content_inject [inductive, in backend.Mem]
+val_content_inject_base [constructor, in backend.Mem]
+val_content_inject_cast [lemma, in backend.Cminorgenproof]
+val_content_inject_incr [lemma, in backend.Mem]
+val_content_inject_8 [constructor, in backend.Mem]
+val_inject [inductive, in backend.Mem]
+val_inject_float [constructor, in backend.Mem]
+val_inject_incr [lemma, in backend.Mem]
+val_inject_int [constructor, in backend.Mem]
+val_inject_ptr [constructor, in backend.Mem]
+val_list_inject [inductive, in backend.Mem]
+val_list_inject_incr [lemma, in backend.Mem]
+val_list_match_approx [inductive, in backend.Constpropproof]
+val_match_approx [definition, in backend.Constpropproof]
+val_match_approx_increasing [lemma, in backend.Constpropproof]
+val_nil_inject [constructor, in backend.Mem]
+val_normalized [definition, in backend.Cminorgenproof]
+vars_vals_cons [constructor, in backend.Cminorgenproof]
+vars_vals_match [inductive, in backend.Cminorgenproof]
+vars_vals_match_extensional [lemma, in backend.Cminorgenproof]
+vars_vals_match_holds [lemma, in backend.Cminorgenproof]
+vars_vals_match_holds_1 [lemma, in backend.Cminorgenproof]
+vars_vals_nil [constructor, in backend.Cminorgenproof]
+var_addr [definition, in backend.Cminorgen]
+var_addr_global_correct [lemma, in backend.Cminorgenproof]
+var_addr_local_correct [lemma, in backend.Cminorgenproof]
+var_get [definition, in backend.Cminorgen]
+var_get_correct [lemma, in backend.Cminorgenproof]
+Var_global [constructor, in backend.Cminorgen]
+var_info [inductive, in backend.Cminorgen]
+Var_local [constructor, in backend.Cminorgen]
+var_set [definition, in backend.Cminorgen]
+var_set_correct [lemma, in backend.Cminorgenproof]
+Var_stack_array [constructor, in backend.Cminorgen]
+Var_stack_scalar [constructor, in backend.Cminorgen]
+Vfalse [definition, in backend.Values]
+Vfloat [constructor, in backend.Values]
+Vint [constructor, in backend.Values]
+vlma_cons [constructor, in backend.Constpropproof]
+vlma_nil [constructor, in backend.Constpropproof]
+VMap [module, in backend.CSEproof]
+Vmone [definition, in backend.Values]
+Vone [definition, in backend.Values]
+Vptr [constructor, in backend.Values]
+Vtrue [definition, in backend.Values]
+Vundef [constructor, in backend.Values]
+Vzero [definition, in backend.Values]
+

W

+wf_add_load [lemma, in backend.CSEproof]
+wf_add_op [lemma, in backend.CSEproof]
+wf_add_rhs [lemma, in backend.CSEproof]
+wf_analyze [lemma, in backend.CSEproof]
+wf_empty [lemma, in lib.union_find]
+wf_empty_numbering [lemma, in backend.CSEproof]
+wf_equation [definition, in backend.CSEproof]
+wf_equation_increasing [lemma, in backend.CSEproof]
+wf_kill_loads [lemma, in backend.CSEproof]
+wf_numbering [definition, in backend.CSEproof]
+wf_rhs [definition, in backend.CSEproof]
+wf_rhs_increasing [lemma, in backend.CSEproof]
+wf_transfer [lemma, in backend.CSEproof]
+wf_tunneled_code [lemma, in backend.Tunneling]
+wf_valnum_reg [lemma, in backend.CSEproof]
+wf_valnum_regs [lemma, in backend.CSEproof]
+wordsize [definition, in lib.Integers]
+wt_add_call [lemma, in backend.Alloctyping]
+wt_add_cond [lemma, in backend.Alloctyping]
+wt_add_entry [lemma, in backend.Alloctyping]
+wt_add_load [lemma, in backend.Alloctyping]
+wt_add_move [lemma, in backend.Alloctyping]
+wt_add_moves [lemma, in backend.Alloctyping_aux]
+wt_add_op_move [lemma, in backend.Alloctyping]
+wt_add_op_others [lemma, in backend.Alloctyping]
+wt_add_op_undef [lemma, in backend.Alloctyping]
+wt_add_reload [lemma, in backend.Alloctyping]
+wt_add_reloads [lemma, in backend.Alloctyping]
+wt_add_return [lemma, in backend.Alloctyping]
+wt_add_spill [lemma, in backend.Alloctyping]
+wt_add_store [lemma, in backend.Alloctyping]
+wt_add_undefs [lemma, in backend.Alloctyping]
+wt_Bgetstack [constructor, in backend.LTLtyping]
+wt_block [inductive, in backend.LTLtyping]
+wt_Bop [constructor, in backend.LTLtyping]
+wt_Bopmove [constructor, in backend.LTLtyping]
+wt_Bopundef [constructor, in backend.LTLtyping]
+wt_Bsetstack [constructor, in backend.LTLtyping]
+wt_content [definition, in backend.Machtyping]
+wt_fold_right [lemma, in backend.Stackingtyping]
+wt_frame [definition, in backend.Machtyping]
+wt_function [inductive, in backend.RTLtyping]
+wt_function [inductive, in backend.Machtyping]
+wt_function [definition, in backend.LTLtyping]
+wt_function [definition, in backend.Lineartyping]
+wt_get_slot [lemma, in backend.Machtyping]
+wt_init_frame [lemma, in backend.Machtyping]
+wt_init_regs [lemma, in backend.RTLtyping]
+wt_Inop [constructor, in backend.RTLtyping]
+wt_instr [inductive, in backend.Lineartyping]
+wt_instr [inductive, in backend.Machtyping]
+wt_instr [inductive, in backend.RTLtyping]
+wt_instrs [definition, in backend.Stackingtyping]
+wt_instrs_cons [lemma, in backend.Stackingtyping]
+wt_Iop [constructor, in backend.RTLtyping]
+wt_Iopmove [constructor, in backend.RTLtyping]
+wt_Iopundef [constructor, in backend.RTLtyping]
+wt_Lgetstack [constructor, in backend.Lineartyping]
+wt_linearize_block [lemma, in backend.Linearizetyping]
+wt_linearize_body [lemma, in backend.Linearizetyping]
+wt_Lop [constructor, in backend.Lineartyping]
+wt_Lopmove [constructor, in backend.Lineartyping]
+wt_Lopundef [constructor, in backend.Lineartyping]
+wt_Lsetstack [constructor, in backend.Lineartyping]
+wt_Mgetstack [constructor, in backend.Machtyping]
+wt_Mlabel [constructor, in backend.Machtyping]
+wt_Msetstack [constructor, in backend.Machtyping]
+wt_Msetstack' [lemma, in backend.Stackingtyping]
+wt_parallel_move [lemma, in backend.Alloctyping]
+wt_parallel_moveX [lemma, in backend.Alloctyping_aux]
+wt_parallel_move' [lemma, in backend.Alloctyping_aux]
+wt_program [definition, in backend.Lineartyping]
+wt_program [definition, in backend.RTLtyping]
+wt_program [definition, in backend.LTLtyping]
+wt_program [definition, in backend.Machtyping]
+wt_regset [definition, in backend.RTLtyping]
+wt_regset [definition, in backend.Machtyping]
+wt_regset_assign [lemma, in backend.RTLtyping]
+wt_regset_list [lemma, in backend.RTLtyping]
+wt_regs_for [lemma, in backend.Alloctyping]
+wt_regs_for_rec [lemma, in backend.Alloctyping]
+wt_reg_for [lemma, in backend.Alloctyping]
+wt_restore_callee_save [lemma, in backend.Stackingtyping]
+wt_restore_float_callee_save [lemma, in backend.Stackingtyping]
+wt_restore_int_callee_save [lemma, in backend.Stackingtyping]
+wt_rtl_function [lemma, in backend.Alloctyping]
+wt_save_callee_save [lemma, in backend.Stackingtyping]
+wt_save_float_callee_save [lemma, in backend.Stackingtyping]
+wt_save_int_callee_save [lemma, in backend.Stackingtyping]
+wt_setreg [lemma, in backend.Machtyping]
+wt_set_slot [lemma, in backend.Machtyping]
+wt_transf_entrypoint [lemma, in backend.Alloctyping]
+wt_transf_function [lemma, in backend.Stackingtyping]
+wt_transf_function [lemma, in backend.Alloctyping]
+wt_transf_function [lemma, in backend.Linearizetyping]
+wt_transf_instr [lemma, in backend.Alloctyping]
+wt_transf_instrs [lemma, in backend.Alloctyping]
+wt_transl_instr [lemma, in backend.Stackingtyping]
+wt_tunnel_block [lemma, in backend.Tunnelingtyping]
+wt_tunnel_function [lemma, in backend.Tunnelingtyping]
+

X

+xcombine_l [definition, in lib.Maps]
+xcombine_lr [lemma, in lib.Maps]
+xcombine_r [definition, in lib.Maps]
+xelements [definition, in lib.Maps]
+xelements_complete [lemma, in lib.Maps]
+xelements_correct [lemma, in lib.Maps]
+xelements_hi [lemma, in lib.Maps]
+xelements_ho [lemma, in lib.Maps]
+xelements_ih [lemma, in lib.Maps]
+xelements_ii [lemma, in lib.Maps]
+xelements_io [lemma, in lib.Maps]
+xelements_keys_norepet [lemma, in lib.Maps]
+xelements_oh [lemma, in lib.Maps]
+xelements_oi [lemma, in lib.Maps]
+xelements_oo [lemma, in lib.Maps]
+xgcombine [lemma, in lib.Maps]
+xgcombine_l [lemma, in lib.Maps]
+xgcombine_r [lemma, in lib.Maps]
+xget [definition, in lib.Maps]
+xget_left [lemma, in lib.Maps]
+xgmap [lemma, in lib.Maps]
+xkeys [definition, in lib.Maps]
+xmap [definition, in lib.Maps]
+xor [definition, in backend.Cmconstr]
+xor [definition, in backend.Values]
+xor [definition, in lib.Integers]
+xorimm [definition, in backend.PPCgen]
+xorimm_correct [lemma, in backend.PPCgenproof1]
+xor_assoc [lemma, in lib.Integers]
+xor_assoc [lemma, in backend.Values]
+xor_commut [lemma, in backend.Values]
+xor_commut [lemma, in lib.Integers]
+xor_one_one [lemma, in lib.Integers]
+xor_zero [lemma, in lib.Integers]
+xor_zero_one [lemma, in lib.Integers]
+

Z

+Zdiv_round [definition, in lib.Integers]
+Zdiv_small [lemma, in lib.Coqlib]
+Zdiv_unique [lemma, in lib.Coqlib]
+zeq [definition, in lib.Coqlib]
+zeq_false [lemma, in lib.Coqlib]
+zeq_true [lemma, in lib.Coqlib]
+zero [definition, in lib.Integers]
+zero [axiom, in lib.Floats]
+ZIndexed [module, in lib.Maps]
+zle [definition, in lib.Coqlib]
+zle_false [lemma, in lib.Coqlib]
+zle_true [lemma, in lib.Coqlib]
+zlt [definition, in lib.Coqlib]
+zlt_false [lemma, in lib.Coqlib]
+zlt_true [lemma, in lib.Coqlib]
+ZMap [module, in lib.Maps]
+Zmax_bound_l [lemma, in lib.Coqlib]
+Zmax_bound_r [lemma, in lib.Coqlib]
+Zmax_spec [lemma, in lib.Coqlib]
+Zmin_spec [lemma, in lib.Coqlib]
+Zmod_round [definition, in lib.Integers]
+Zmod_small [lemma, in lib.Coqlib]
+Zmod_unique [lemma, in lib.Coqlib]
+ztonat [definition, in backend.Mem]
+Z_bin_decomp [definition, in lib.Integers]
+Z_bin_decomp_range [lemma, in lib.Integers]
+Z_bin_decomp_shift_add [lemma, in lib.Integers]
+Z_of_bits [definition, in lib.Integers]
+Z_of_bits_excl [lemma, in lib.Integers]
+Z_of_bits_exten [lemma, in lib.Integers]
+Z_of_bits_of_Z [lemma, in lib.Integers]
+Z_of_bits_range [lemma, in lib.Integers]
+Z_of_bits_range_2 [lemma, in lib.Integers]
+Z_of_bits_shift [lemma, in lib.Integers]
+Z_of_bits_shifts [lemma, in lib.Integers]
+Z_of_bits_shifts_rev [lemma, in lib.Integers]
+Z_of_bits_shift_rev [lemma, in lib.Integers]
+Z_one_bits [definition, in lib.Integers]
+Z_one_bits_powerserie [lemma, in lib.Integers]
+Z_one_bits_range [lemma, in lib.Integers]
+Z_shift_add [definition, in lib.Integers]
+Z_shift_add_bin_decomp [lemma, in lib.Integers]
+Z_shift_add_inj [lemma, in lib.Integers]
+

_

+_ [constructor, in backend.Lineartyping]
+_ [constructor, in backend.LTLtyping]
+

+

Axiom Index

+

A

+abs [in lib.Floats]
+add [in lib.Floats]
+addf_commut [in lib.Floats]
+

C

+cmp [in lib.Floats]
+cmp_ge_gt_eq [in lib.Floats]
+cmp_le_lt_eq [in lib.Floats]
+cmp_ne_eq [in lib.Floats]
+

D

+div [in lib.Floats]
+

E

+eq_dec [in lib.Floats]
+eq_zero_false [in lib.Floats]
+eq_zero_true [in lib.Floats]
+extensionality [in lib.Coqlib]
+

F

+float [in lib.Floats]
+floatofint [in lib.Floats]
+floatofintu [in lib.Floats]
+

G

+graph_coloring [in backend.Coloring]
+

H

+high_half_signed [in backend.PPC]
+high_half_signed_type [in backend.PPC]
+high_half_unsigned [in backend.PPC]
+high_half_unsigned_type [in backend.PPC]
+

I

+intoffloat [in lib.Floats]
+

L

+low_half_signed [in backend.PPC]
+low_half_signed_type [in backend.PPC]
+low_half_unsigned [in backend.PPC]
+low_half_unsigned_type [in backend.PPC]
+low_high_half_signed [in backend.PPC]
+low_high_half_unsigned [in backend.PPC]
+

M

+more_likely [in backend.RTLgen]
+mul [in lib.Floats]
+

N

+neg [in lib.Floats]
+neg_mul_distr_l [in lib.Integers]
+neg_mul_distr_r [in lib.Integers]
+

O

+one [in lib.Floats]
+

P

+proof_irrelevance [in lib.Coqlib]
+

S

+singleoffloat [in lib.Floats]
+singleoffloat_idem [in lib.Floats]
+sub [in lib.Floats]
+subf_addf_opp [in lib.Floats]
+

Z

+zero [in lib.Floats]
+

+

Lemma Index

+

A

+addf_commut [in backend.Values]
+addimm_correct [in backend.PPCgenproof1]
+addimm_1_correct [in backend.PPCgenproof1]
+addimm_2_correct [in backend.PPCgenproof1]
+address_inject [in backend.Mem]
+addr_strength_reduction_correct [in backend.Constpropproof]
+add_and [in lib.Integers]
+add_assoc [in lib.Integers]
+add_assoc [in backend.Values]
+add_call_correct [in backend.Allocproof]
+add_commut [in lib.Integers]
+add_commut [in backend.Values]
+add_cond_correct [in backend.Allocproof]
+add_edges_instrs_correct [in backend.Coloringproof]
+add_edges_instrs_correct_aux [in backend.Coloringproof]
+add_edges_instrs_incl_aux [in backend.Coloringproof]
+add_edges_instr_correct [in backend.Coloringproof]
+add_edges_instr_incl [in backend.Coloringproof]
+add_entry_correct [in backend.Allocproof]
+add_functs_transf [in backend.Globalenvs]
+add_instr_at [in backend.RTLgenproof1]
+add_instr_incr [in backend.RTLgenproof1]
+add_instr_wf [in backend.RTLgen]
+add_interf_call_correct [in backend.Coloringproof]
+add_interf_call_correct_aux_1 [in backend.Coloringproof]
+add_interf_call_correct_aux_2 [in backend.Coloringproof]
+add_interf_call_incl [in backend.Coloringproof]
+add_interf_call_incl_aux_1 [in backend.Coloringproof]
+add_interf_call_incl_aux_2 [in backend.Coloringproof]
+add_interf_correct [in backend.InterfGraph]
+add_interf_entry_correct [in backend.Coloringproof]
+add_interf_entry_incl [in backend.Coloringproof]
+add_interf_incl [in backend.InterfGraph]
+add_interf_live_correct [in backend.Coloringproof]
+add_interf_live_correct_aux [in backend.Coloringproof]
+add_interf_live_incl [in backend.Coloringproof]
+add_interf_live_incl_aux [in backend.Coloringproof]
+add_interf_move_correct [in backend.Coloringproof]
+add_interf_move_incl [in backend.Coloringproof]
+add_interf_mreg_correct [in backend.InterfGraph]
+add_interf_mreg_incl [in backend.InterfGraph]
+add_interf_op_correct [in backend.Coloringproof]
+add_interf_op_incl [in backend.Coloringproof]
+add_interf_params_correct [in backend.Coloringproof]
+add_interf_params_correct_aux [in backend.Coloringproof]
+add_interf_params_incl [in backend.Coloringproof]
+add_interf_params_incl_aux [in backend.Coloringproof]
+add_letvar_wf [in backend.RTLgenproof1]
+add_load_correct [in backend.Allocproof]
+add_load_satisfiable [in backend.CSEproof]
+add_move_correct [in backend.RTLgenproof]
+add_move_correct [in backend.Allocproof]
+add_move_incr [in backend.RTLgenproof1]
+add_neg_zero [in lib.Integers]
+add_op_correct [in backend.Allocproof]
+add_op_satisfiable [in backend.CSEproof]
+add_permut [in backend.Values]
+add_permut [in lib.Integers]
+add_permut_4 [in backend.Values]
+add_prefs_call_incl [in backend.Coloringproof]
+add_pref_incl [in backend.InterfGraph]
+add_pref_mreg_incl [in backend.InterfGraph]
+add_reloads_correct [in backend.Allocproof]
+add_reloads_correct_rec [in backend.Allocproof]
+add_reload_correct [in backend.Allocproof]
+add_return_correct [in backend.Allocproof]
+add_rhs_satisfiable [in backend.CSEproof]
+add_signed [in lib.Integers]
+add_spill_correct [in backend.Allocproof]
+add_store_correct [in backend.Allocproof]
+add_successors_correct [in backend.Kildall]
+add_to_worklist_1 [in backend.Kildall]
+add_to_worklist_2 [in backend.Kildall]
+add_undefs_correct [in backend.Allocproof]
+add_unsigned [in lib.Integers]
+add_vars_incr [in backend.RTLgenproof1]
+add_vars_letenv [in backend.RTLgenproof1]
+add_vars_valid [in backend.RTLgenproof1]
+add_vars_wf [in backend.RTLgenproof1]
+add_var_find [in backend.RTLgenproof1]
+add_var_incr [in backend.RTLgenproof1]
+add_var_letenv [in backend.RTLgenproof1]
+add_var_valid [in backend.RTLgenproof1]
+add_var_wf [in backend.RTLgenproof1]
+add_zero [in lib.Integers]
+agree_assign_dead [in backend.Allocproof]
+agree_assign_live [in backend.Allocproof]
+agree_call [in backend.Allocproof]
+agree_eval_reg [in backend.Stackingproof]
+agree_eval_reg [in backend.Allocproof]
+agree_eval_regs [in backend.Stackingproof]
+agree_eval_regs [in backend.Allocproof]
+agree_exten [in backend.Allocproof]
+agree_exten_1 [in backend.PPCgenproof1]
+agree_exten_2 [in backend.PPCgenproof1]
+agree_increasing [in backend.Allocproof]
+agree_init_regs [in backend.Allocproof]
+agree_move_live [in backend.Allocproof]
+agree_nextinstr [in backend.PPCgenproof1]
+agree_nextinstr_commut [in backend.PPCgenproof1]
+agree_parameters [in backend.Allocproof]
+agree_reg_list_live [in backend.Allocproof]
+agree_reg_live [in backend.Allocproof]
+agree_reg_sum_live [in backend.Allocproof]
+agree_return_regs [in backend.Stackingproof]
+agree_set_commut [in backend.PPCgenproof1]
+agree_set_local [in backend.Stackingproof]
+agree_set_mfreg [in backend.PPCgenproof1]
+agree_set_mireg [in backend.PPCgenproof1]
+agree_set_mireg_exten [in backend.PPCgenproof1]
+agree_set_mireg_twice [in backend.PPCgenproof1]
+agree_set_mreg [in backend.PPCgenproof1]
+agree_set_other [in backend.PPCgenproof1]
+agree_set_outgoing [in backend.Stackingproof]
+agree_set_reg [in backend.Stackingproof]
+agree_set_twice_mireg [in backend.PPCgenproof1]
+align_le [in lib.Coqlib]
+allocs_write_ok [in backend.Alloctyping]
+alloc_extends [in backend.Mem]
+alloc_mapped_inject [in backend.Mem]
+alloc_of_coloring_correct_1 [in backend.Coloringproof]
+alloc_of_coloring_correct_2 [in backend.Coloringproof]
+alloc_of_coloring_correct_3 [in backend.Coloringproof]
+alloc_of_coloring_correct_4 [in backend.Coloringproof]
+alloc_regs_fresh_or_in_map [in backend.RTLgenproof1]
+alloc_regs_incr [in backend.RTLgenproof1]
+alloc_regs_target_ok [in backend.RTLgenproof1]
+alloc_regs_valid [in backend.RTLgenproof1]
+alloc_reg_fresh_or_in_map [in backend.RTLgenproof1]
+alloc_reg_incr [in backend.RTLgenproof1]
+alloc_reg_target_ok [in backend.RTLgenproof1]
+alloc_reg_valid [in backend.RTLgenproof1]
+alloc_right_inject [in backend.Mem]
+alloc_type [in backend.Alloctyping]
+alloc_types [in backend.Alloctyping]
+alloc_unmapped_inject [in backend.Mem]
+alloc_variables_list_block [in backend.Cminorgenproof]
+alloc_variables_nextblock_incr [in backend.Cminorgenproof]
+alloc_write_ok [in backend.Alloctyping]
+all_interf_regs_correct_aux_1 [in backend.InterfGraph]
+all_interf_regs_correct_aux_2 [in backend.InterfGraph]
+all_interf_regs_correct_aux_3 [in backend.InterfGraph]
+all_interf_regs_correct_1 [in backend.InterfGraph]
+all_interf_regs_correct_2 [in backend.InterfGraph]
+analysis_correct_entry [in backend.CSEproof]
+analysis_correct_N [in backend.CSEproof]
+analysis_correct_1 [in backend.CSEproof]
+analyze_correct [in backend.Allocproof]
+analyze_correct_1 [in backend.Constpropproof]
+analyze_correct_2 [in backend.Constpropproof]
+analyze_correct_3 [in backend.Constpropproof]
+analyze_invariant [in backend.Kildall]
+analyze_P [in backend.Kildall]
+andimm_correct [in backend.PPCgenproof1]
+and_assoc [in backend.Values]
+and_assoc [in lib.Integers]
+and_commut [in lib.Integers]
+and_commut [in backend.Values]
+and_idem [in lib.Integers]
+and_mone [in lib.Integers]
+and_or_distrib [in lib.Integers]
+and_shl [in lib.Integers]
+and_shru [in lib.Integers]
+and_xor_distrib [in lib.Integers]
+and_zero [in lib.Integers]
+appcons_length [in backend.Parallelmove]
+append_assoc_0 [in lib.Maps]
+append_assoc_1 [in lib.Maps]
+append_injective [in lib.Maps]
+append_neutral_l [in lib.Maps]
+append_neutral_r [in lib.Maps]
+apply_total_transf_program [in backend.Main]
+approx_regs_val_list [in backend.Constpropproof]
+app_app [in backend.Parallelmove]
+app_cons [in backend.Parallelmove]
+app_nil [in backend.Parallelmove]
+app_rewrite [in backend.Parallelmove]
+app_rewriter [in backend.Parallelmove]
+app_rewrite2 [in backend.Parallelmove]
+arguments_not_preserved [in backend.Conventions]
+

B

+bind_parameters_length [in backend.Cminorgenproof]
+bits_of_Z_above [in lib.Integers]
+bits_of_Z_below [in lib.Integers]
+bits_of_Z_mone [in lib.Integers]
+bits_of_Z_of_bits [in lib.Integers]
+bits_of_Z_zero [in lib.Integers]
+bitwise_binop_assoc [in lib.Integers]
+bitwise_binop_commut [in lib.Integers]
+bitwise_binop_idem [in lib.Integers]
+bitwise_binop_rol [in lib.Integers]
+bitwise_binop_shl [in lib.Integers]
+bitwise_binop_shru [in lib.Integers]
+block_agree_refl [in backend.Mem]
+block_agree_sym [in backend.Mem]
+block_agree_trans [in backend.Mem]
+block_contents_exten [in backend.Mem]
+block_contents_inject_incr [in backend.Mem]
+block_cont_val [in backend.Mem]
+bool_of_false_val [in backend.Values]
+bool_of_false_val2 [in backend.Values]
+bool_of_false_val_inv [in backend.Values]
+bool_of_true_val [in backend.Values]
+bool_of_true_val2 [in backend.Values]
+bool_of_true_val_inv [in backend.Values]
+bounds_free_block [in backend.Mem]
+bound_float_callee_save_pos [in backend.Lineartyping]
+bound_float_local_pos [in backend.Lineartyping]
+bound_int_callee_save_pos [in backend.Lineartyping]
+bound_int_local_pos [in backend.Lineartyping]
+bound_outgoing_pos [in backend.Lineartyping]
+branch_target_characterization [in backend.Tunnelingproof]
+branch_target_rec_1 [in backend.Tunnelingproof]
+branch_target_rec_2 [in backend.Tunnelingproof]
+

C

+callstack_dom_diff [in backend.Machabstr2mach]
+callstack_dom_incr [in backend.Machabstr2mach]
+callstack_dom_less [in backend.Machabstr2mach]
+callstack_exten [in backend.Machabstr2mach]
+callstack_function_entry [in backend.Machabstr2mach]
+callstack_function_return [in backend.Machabstr2mach]
+callstack_get_parent [in backend.Machabstr2mach]
+callstack_get_slot [in backend.Machabstr2mach]
+callstack_init [in backend.Machabstr2mach]
+callstack_load [in backend.Machabstr2mach]
+callstack_set_slot [in backend.Machabstr2mach]
+callstack_store [in backend.Machabstr2mach]
+callstack_store_aux [in backend.Machabstr2mach]
+callstack_store_ok [in backend.Machabstr2mach]
+call_regs_param_of_arg [in backend.Allocproof]
+cast16unsigned_and [in lib.Integers]
+cast16unsigned_and [in backend.Values]
+cast16_signed_equal_if_unsigned_equal [in lib.Integers]
+cast16_signed_idem [in lib.Integers]
+cast16_unsigned_idem [in lib.Integers]
+cast16_unsigned_signed [in lib.Integers]
+cast8unsigned_and [in lib.Integers]
+cast8unsigned_and [in backend.Values]
+cast8_signed_equal_if_unsigned_equal [in lib.Integers]
+cast8_signed_idem [in lib.Integers]
+cast8_signed_unsigned [in lib.Integers]
+cast8_unsigned_idem [in lib.Integers]
+cast8_unsigned_signed [in lib.Integers]
+check_all_leaves_sound [in lib.Inclusion]
+check_coloring_1_correct [in backend.Coloringproof]
+check_coloring_2_correct [in backend.Coloringproof]
+check_coloring_3_correct [in backend.Coloringproof]
+check_cont_agree [in backend.Mem]
+check_cont_false [in backend.Mem]
+check_cont_inject [in backend.Mem]
+check_cont_inv [in backend.Mem]
+check_cont_true [in backend.Mem]
+check_equal_on_range_correct [in lib.Integers]
+cleanup_code_conservation [in backend.Linearizetyping]
+cleanup_code_conservation_2 [in backend.Linearizetyping]
+cleanup_code_correct_1 [in backend.Linearizeproof]
+cleanup_code_correct_2 [in backend.Linearizeproof]
+cleanup_function_conservation [in backend.Linearizetyping]
+cleanup_function_conservation_2 [in backend.Linearizetyping]
+cleanup_function_correct [in backend.Linearizeproof]
+cmpf_ge [in backend.Values]
+cmpf_is_bool [in backend.Values]
+cmpf_le [in backend.Values]
+cmpu_is_bool [in backend.Values]
+cmp_is_bool [in backend.Values]
+cmp_mismatch_is_bool [in backend.Values]
+code_tail_next [in backend.PPCgenproof]
+code_tail_next_int [in backend.PPCgenproof]
+combine_commut [in lib.Maps]
+compare [in lib.Ordered]
+compare [in lib.Ordered]
+compare [in lib.Ordered]
+compare_float_spec [in backend.PPCgenproof1]
+compare_sint_spec [in backend.PPCgenproof1]
+compare_uint_spec [in backend.PPCgenproof1]
+cond_strength_reduction_correct [in backend.Constpropproof]
+consistent_not_eq [in backend.RTLtyping]
+cons_replace [in backend.Parallelmove]
+contentmap_inject_incr [in backend.Mem]
+content_inject_incr [in backend.Mem]
+correct_interf_alloc_instr [in backend.Coloringproof]
+correct_interf_instr_incl [in backend.Coloringproof]
+

D

+definite_included [in backend.RTLtyping]
+diff_not_eq [in backend.Locations]
+diff_sym [in backend.Locations]
+discard_top_worklist_invariant [in backend.Kildall]
+disc1 [in backend.Parallelmove]
+disc2 [in backend.Parallelmove]
+disjoint_cons_left [in backend.Locations]
+disjoint_cons_right [in backend.Locations]
+disjoint_notin [in backend.Locations]
+disjoint_sym [in backend.Locations]
+disjoint_tmp__noTmp [in backend.Parallelmove]
+dis_dsttmp1_pnilnil [in backend.Allocproof_aux]
+dis_srctmp1_pnilnil [in backend.Allocproof_aux]
+divs_pow2 [in lib.Integers]
+divs_pow2 [in backend.Values]
+divu_pow2 [in backend.Values]
+divu_pow2 [in lib.Integers]
+Done_notmp1src_inv [in backend.Allocproof_aux]
+Done_notmp1src_invf [in backend.Allocproof_aux]
+Done_notmp1src_invpp [in backend.Allocproof_aux]
+Done_notmp1src_res [in backend.Allocproof_aux]
+Done_notmp1_inv [in backend.Allocproof_aux]
+Done_notmp1_invf [in backend.Allocproof_aux]
+Done_notmp1_invpp [in backend.Allocproof_aux]
+Done_notmp1_res [in backend.Allocproof_aux]
+Done_notmp3_inv [in backend.Allocproof_aux]
+Done_notmp3_invf [in backend.Allocproof_aux]
+Done_notmp3_invpp [in backend.Allocproof_aux]
+Done_notmp3_res [in backend.Allocproof_aux]
+dstepp_sameExec [in backend.Parallelmove]
+dstepp_stepp [in backend.Parallelmove]
+dstep_inv [in backend.Parallelmove]
+dstep_inv_getdst [in backend.Parallelmove]
+dstep_step [in backend.Parallelmove]
+dst_tmp2_res [in backend.Allocproof_aux]
+dst_tmp2_step [in backend.Allocproof_aux]
+dst_tmp2_stepf [in backend.Allocproof_aux]
+dst_tmp2_stepp [in backend.Allocproof_aux]
+

E

+elements_complete [in lib.Maps]
+elements_complete [in lib.Sets]
+elements_correct [in lib.Maps]
+elements_correct [in lib.Sets]
+elements_keys_norepet [in lib.Maps]
+empty_numbering_satisfiable [in backend.CSE]
+encode_decode [in backend.RTLtyping]
+encode_injective [in backend.RTLtyping]
+entrypoint_function_translated [in backend.Allocproof]
+enumerate_complete [in backend.Linearizeproof]
+enumerate_head [in backend.Linearizeproof]
+enumerate_norepet [in backend.Linearizeproof]
+eq [in backend.Constprop]
+eq [in lib.Lattice]
+eq [in lib.Sets]
+eq [in lib.Lattice]
+eq [in lib.Lattice]
+eq [in backend.Locations]
+eq [in lib.Maps]
+eq [in lib.Maps]
+eqmod_add [in lib.Integers]
+eqmod_mod [in lib.Integers]
+eqmod_mod_eq [in lib.Integers]
+eqmod_mult [in lib.Integers]
+eqmod_neg [in lib.Integers]
+eqmod_refl [in lib.Integers]
+eqmod_refl2 [in lib.Integers]
+eqmod_small_eq [in lib.Integers]
+eqmod_sub [in lib.Integers]
+eqmod_sym [in lib.Integers]
+eqmod_trans [in lib.Integers]
+eqmod_256_unsigned_repr [in lib.Integers]
+eqmod_65536_unsigned_repr [in lib.Integers]
+eqm_add [in lib.Integers]
+eqm_mult [in lib.Integers]
+eqm_neg [in lib.Integers]
+eqm_refl [in lib.Integers]
+eqm_refl2 [in lib.Integers]
+eqm_samerepr [in lib.Integers]
+eqm_signed_unsigned [in lib.Integers]
+eqm_small_eq [in lib.Integers]
+eqm_sub [in lib.Integers]
+eqm_sym [in lib.Integers]
+eqm_trans [in lib.Integers]
+eqm_unsigned_repr [in lib.Integers]
+eqm_unsigned_repr_l [in lib.Integers]
+eqm_unsigned_repr_r [in lib.Integers]
+equal_eq [in backend.RTLtyping]
+equal_on_range [in lib.Integers]
+equation_evals_to_holds_1 [in backend.CSEproof]
+equation_evals_to_holds_2 [in backend.CSEproof]
+eq_dec [in lib.Integers]
+eq_false [in lib.Integers]
+eq_refl [in lib.Ordered]
+eq_refl [in lib.Ordered]
+eq_refl [in lib.Ordered]
+eq_spec [in lib.Integers]
+eq_sym [in lib.Ordered]
+eq_sym [in lib.Ordered]
+eq_sym [in lib.Integers]
+eq_sym [in lib.Ordered]
+eq_trans [in lib.Ordered]
+eq_trans [in lib.Ordered]
+eq_trans [in lib.Ordered]
+eq_true [in lib.Integers]
+error_inconsistent [in backend.RTLtyping]
+eval_absfloat [in backend.Cmconstrproof]
+eval_add [in backend.Cmconstrproof]
+eval_addf [in backend.Cmconstrproof]
+eval_addimm [in backend.Cmconstrproof]
+eval_addimm_ptr [in backend.Cmconstrproof]
+eval_addressing [in backend.Cmconstrproof]
+eval_addressing_preserved [in backend.Op]
+eval_addressing_weaken [in backend.Op]
+eval_add_ptr [in backend.Cmconstrproof]
+eval_add_ptr_2 [in backend.Cmconstrproof]
+eval_and [in backend.Cmconstrproof]
+eval_andimm [in backend.Cmconstrproof]
+eval_base_condition_of_expr [in backend.Cmconstrproof]
+eval_cast16signed [in backend.Cmconstrproof]
+eval_cast16unsigned [in backend.Cmconstrproof]
+eval_cast8signed [in backend.Cmconstrproof]
+eval_cast8unsigned [in backend.Cmconstrproof]
+eval_cmp [in backend.Cmconstrproof]
+eval_cmpf [in backend.Cmconstrproof]
+eval_cmpu [in backend.Cmconstrproof]
+eval_cmp_null_l [in backend.Cmconstrproof]
+eval_cmp_null_r [in backend.Cmconstrproof]
+eval_cmp_ptr [in backend.Cmconstrproof]
+eval_compare_null_weaken [in backend.Op]
+eval_conditionalexpr_false [in backend.Cmconstrproof]
+eval_conditionalexpr_true [in backend.Cmconstrproof]
+eval_condition_of_expr [in backend.Cmconstrproof]
+eval_condition_total_is_bool [in backend.Op]
+eval_condition_weaken [in backend.Op]
+eval_divf [in backend.Cmconstrproof]
+eval_divs [in backend.Cmconstrproof]
+eval_divu [in backend.Cmconstrproof]
+eval_divu_base [in backend.Cmconstrproof]
+eval_floatofint [in backend.Cmconstrproof]
+eval_floatofintu [in backend.Cmconstrproof]
+eval_intoffloat [in backend.Cmconstrproof]
+eval_lift [in backend.Cmconstrproof]
+eval_lift_expr [in backend.Cmconstrproof]
+eval_load [in backend.Cmconstrproof]
+eval_mods [in backend.Cmconstrproof]
+eval_modu [in backend.Cmconstrproof]
+eval_mod_aux [in backend.Cmconstrproof]
+eval_mul [in backend.Cmconstrproof]
+eval_mulf [in backend.Cmconstrproof]
+eval_mulimm [in backend.Cmconstrproof]
+eval_mulimm_base [in backend.Cmconstrproof]
+eval_negate_condition [in backend.Op]
+eval_negfloat [in backend.Cmconstrproof]
+eval_negint [in backend.Cmconstrproof]
+eval_notbool [in backend.Cmconstrproof]
+eval_notbool_base [in backend.Cmconstrproof]
+eval_notint [in backend.Cmconstrproof]
+eval_operation_preserved [in backend.Op]
+eval_operation_weaken [in backend.Op]
+eval_or [in backend.Cmconstrproof]
+eval_rolm [in backend.Cmconstrproof]
+eval_shl [in backend.Cmconstrproof]
+eval_shlimm [in backend.Cmconstrproof]
+eval_shr [in backend.Cmconstrproof]
+eval_shru [in backend.Cmconstrproof]
+eval_shruimm [in backend.Cmconstrproof]
+eval_singleoffloat [in backend.Cmconstrproof]
+eval_static_condition_correct [in backend.Constpropproof]
+eval_static_operation_correct [in backend.Constpropproof]
+eval_store [in backend.Cmconstrproof]
+eval_sub [in backend.Cmconstrproof]
+eval_subf [in backend.Cmconstrproof]
+eval_sub_ptr_int [in backend.Cmconstrproof]
+eval_sub_ptr_ptr [in backend.Cmconstrproof]
+eval_xor [in backend.Cmconstrproof]
+exec_blocks_Bgoto_inv [in backend.Tunnelingproof]
+exec_blocks_extends [in backend.LTL]
+exec_blocks_valid_outcome [in backend.Linearizeproof]
+exec_block_Bgoto_inv [in backend.Tunnelingproof]
+exec_function_body_prop_ [in backend.PPCgenproof]
+exec_function_equiv [in backend.Machabstr2mach]
+exec_function_prop_ [in backend.PPCgenproof]
+exec_ifthenelse_false [in backend.Cmconstrproof]
+exec_ifthenelse_true [in backend.Cmconstrproof]
+exec_Iload' [in backend.RTL]
+exec_instrs_Bgoto_inv [in backend.Tunnelingproof]
+exec_instrs_extends [in backend.RTLgenproof1]
+exec_instrs_extends_rec [in backend.RTLgenproof1]
+exec_instrs_incl [in backend.Stackingproof]
+exec_instrs_incl [in backend.PPCgenproof]
+exec_instrs_incr [in backend.RTLgenproof1]
+exec_instrs_link_invariant [in backend.Machtyping]
+exec_instrs_pmov [in backend.Allocproof_aux]
+exec_instrs_present [in backend.RTL]
+exec_instr_extends [in backend.RTLgenproof1]
+exec_instr_extends_rec [in backend.RTLgenproof1]
+exec_instr_incl [in backend.PPCgenproof]
+exec_instr_incl [in backend.Stackingproof]
+exec_instr_incr [in backend.RTLgenproof1]
+exec_instr_in_s2 [in backend.RTLgenproof1]
+exec_instr_link_invariant [in backend.Machtyping]
+exec_instr_not_halt [in backend.RTLgenproof1]
+exec_instr_present [in backend.RTL]
+exec_instr_update [in backend.Allocproof_aux]
+exec_Iop' [in backend.RTL]
+exec_Mcall_prop [in backend.PPCgenproof]
+exec_Mcond_false_prop [in backend.PPCgenproof]
+exec_Mcond_true_prop [in backend.PPCgenproof]
+exec_Mgetparam_prop [in backend.PPCgenproof]
+exec_Mgetstack' [in backend.Stackingproof]
+exec_Mgetstack_prop [in backend.PPCgenproof]
+exec_Mgoto_prop [in backend.PPCgenproof]
+exec_Mlabel_prop [in backend.PPCgenproof]
+exec_Mload_prop [in backend.PPCgenproof]
+exec_Mop_prop [in backend.PPCgenproof]
+exec_Msetstack' [in backend.Stackingproof]
+exec_Msetstack_prop [in backend.PPCgenproof]
+exec_Mstore_prop [in backend.PPCgenproof]
+exec_mutual_induction [in backend.Machabstr]
+exec_one_prop [in backend.PPCgenproof]
+exec_program_equiv [in backend.Machabstr2mach]
+exec_refl_prop [in backend.PPCgenproof]
+exec_step [in backend.RTL]
+exec_straight_exec_prop [in backend.PPCgenproof]
+exec_straight_one [in backend.PPCgenproof1]
+exec_straight_steps [in backend.PPCgenproof]
+exec_straight_steps_1 [in backend.PPCgenproof]
+exec_straight_steps_2 [in backend.PPCgenproof]
+exec_straight_three [in backend.PPCgenproof1]
+exec_straight_trans [in backend.PPCgenproof1]
+exec_straight_two [in backend.PPCgenproof1]
+exec_trans_prop [in backend.PPCgenproof]
+expr_condexpr_exprlist_ind [in backend.RTLgenproof1]
+exten [in lib.Maps]
+extends_refl [in backend.Mem]
+extend_inject_incr [in backend.Mem]
+

F

+find_funct_find_funct_ptr [in backend.Globalenvs]
+find_funct_inv [in backend.Globalenvs]
+find_funct_prop [in backend.Globalenvs]
+find_funct_ptr_inv [in backend.Globalenvs]
+find_funct_ptr_prop [in backend.Globalenvs]
+find_funct_ptr_transf [in backend.Globalenvs]
+find_funct_ptr_transf_partial [in backend.Globalenvs]
+find_funct_transf [in backend.Globalenvs]
+find_funct_transf_partial [in backend.Globalenvs]
+find_instr_in [in backend.PPCgenproof]
+find_instr_tail [in backend.PPCgenproof]
+find_label_cleanup_code [in backend.Linearizeproof]
+find_label_goto_label [in backend.PPCgenproof]
+find_label_incl [in backend.Stackingproof]
+find_label_lin [in backend.Linearizeproof]
+find_label_lin_block [in backend.Linearizeproof]
+find_label_lin_rec [in backend.Linearizeproof]
+find_label_transl_code [in backend.Stackingproof]
+find_label_unique [in backend.Linearizeproof]
+find_letvar_incr [in backend.RTLgenproof1]
+find_letvar_in_map [in backend.RTLgenproof1]
+find_letvar_not_mutated [in backend.RTLgenproof1]
+find_letvar_valid [in backend.RTLgenproof1]
+find_load_correct [in backend.CSEproof]
+find_op_correct [in backend.CSEproof]
+find_rhs_correct [in backend.CSEproof]
+find_symbol_inv [in backend.Globalenvs]
+find_symbol_transf [in backend.Globalenvs]
+find_symbol_transf_partial [in backend.Globalenvs]
+find_valnum_rhs_correct [in backend.CSEproof]
+find_var_incr [in backend.RTLgenproof1]
+find_var_in_map [in backend.RTLgenproof1]
+find_var_not_mutated [in backend.RTLgenproof1]
+find_var_valid [in backend.RTLgenproof1]
+fixpoint_entry [in backend.Kildall]
+fixpoint_entry [in backend.Kildall]
+fixpoint_entry [in backend.Kildall]
+fixpoint_incr [in backend.Kildall]
+fixpoint_invariant [in backend.Kildall]
+fixpoint_solution [in backend.Kildall]
+fixpoint_solution [in backend.Kildall]
+fixpoint_solution [in backend.Kildall]
+flatten_aux_valid_A [in lib.Inclusion]
+flatten_valid_A [in lib.Inclusion]
+floatcomp_correct [in backend.PPCgenproof1]
+float_callee_save_bound [in backend.Linearizetyping]
+float_callee_save_norepet [in backend.Conventions]
+float_callee_save_not_destroyed [in backend.Conventions]
+float_callee_save_type [in backend.Conventions]
+float_local_slot_bound [in backend.Linearizetyping]
+fold_spec [in lib.Maps]
+fold_spec [in lib.Sets]
+for_all_spec [in lib.Sets]
+Fpmov_correct [in backend.Parallelmove]
+Fpmov_correctMoves [in backend.Parallelmove]
+Fpmov_correct1 [in backend.Parallelmove]
+Fpmov_correct2 [in backend.Parallelmove]
+Fpmov_correct_ext [in backend.Parallelmove]
+Fpmov_correct_IT3 [in backend.Parallelmove]
+Fpmov_correct_map [in backend.Parallelmove]
+frame_match_alloc [in backend.Machabstr2mach]
+frame_match_exten [in backend.Machabstr2mach]
+frame_match_free [in backend.Machabstr2mach]
+frame_match_get_slot [in backend.Machabstr2mach]
+frame_match_load [in backend.Machabstr2mach]
+frame_match_new [in backend.Machabstr2mach]
+frame_match_set_slot [in backend.Machabstr2mach]
+frame_match_store [in backend.Machabstr2mach]
+frame_match_store_ok [in backend.Machabstr2mach]
+frame_match_store_stack_other [in backend.Machabstr2mach]
+free_empty_bounds [in backend.Mem]
+free_extends [in backend.Mem]
+free_first_inject [in backend.Mem]
+free_first_list_inject [in backend.Mem]
+free_inject [in backend.Mem]
+free_snd_inject [in backend.Mem]
+freg_eq [in backend.PPC]
+freg_of_is_data_reg [in backend.PPCgenproof1]
+freg_of_not_FPR13 [in backend.PPCgenproof1]
+freg_val [in backend.PPCgenproof1]
+fresh_block_alloc [in backend.Mem]
+functions_globalenv [in backend.Globalenvs]
+functions_translated [in backend.Constpropproof]
+functions_translated [in backend.Tunnelingproof]
+functions_translated [in backend.PPCgenproof]
+functions_translated [in backend.Allocproof]
+functions_translated [in backend.Linearizeproof]
+functions_translated [in backend.Stackingproof]
+functions_translated [in backend.CSEproof]
+functions_translated [in backend.Cminorgenproof]
+functions_translated [in backend.RTLgenproof]
+functions_translated_no_overflow [in backend.PPCgenproof]
+functions_translated_2 [in backend.PPCgenproof]
+function_entry_ok [in backend.Cminorgenproof]
+function_ptr_translated [in backend.Linearizeproof]
+function_ptr_translated [in backend.Allocproof]
+function_ptr_translated [in backend.Stackingproof]
+function_ptr_translated [in backend.Cminorgenproof]
+function_ptr_translated [in backend.RTLgenproof]
+function_ptr_translated [in backend.Constpropproof]
+function_ptr_translated [in backend.Tunnelingproof]
+funct_ptr_translated [in backend.CSEproof]
+f2ind [in backend.Parallelmove]
+f2ind' [in backend.Parallelmove]
+

G

+gcombine [in lib.Maps]
+gempty [in lib.Maps]
+getdst_add [in backend.Parallelmove]
+getdst_app [in backend.Parallelmove]
+getdst_f [in backend.Alloctyping_aux]
+getdst_lists2moves [in backend.Allocproof_aux]
+getdst_map [in backend.Parallelmove]
+getN_agree [in backend.Mem]
+getN_init [in backend.Mem]
+getN_inject [in backend.Mem]
+getN_setN_mismatch [in backend.Mem]
+getN_setN_other [in backend.Mem]
+getN_setN_overlap [in backend.Mem]
+getN_setN_same [in backend.Mem]
+getsrcdst_app [in backend.Allocproof_aux]
+getsrc_add [in backend.Parallelmove]
+getsrc_add1 [in backend.Parallelmove]
+getsrc_app [in backend.Parallelmove]
+getsrc_f [in backend.Alloctyping_aux]
+getsrc_map [in backend.Parallelmove]
+get_add_1 [in backend.RTLtyping]
+get_add_2 [in backend.RTLtyping]
+get_bot [in lib.Lattice]
+get_empty [in backend.RTLtyping]
+get_noWrite [in backend.Parallelmove]
+get_pexec_id_noWrite [in backend.Parallelmove]
+get_slot_index [in backend.Stackingproof]
+get_slot_ok [in backend.Stackingproof]
+get_top [in lib.Lattice]
+get_update [in backend.Parallelmove]
+get_update_diff [in backend.Parallelmove]
+get_update_id [in backend.Parallelmove]
+get_update_ndiff [in backend.Parallelmove]
+get_xget_h [in lib.Maps]
+ge_bot [in lib.Lattice]
+ge_bot [in lib.Lattice]
+ge_bot [in lib.Sets]
+ge_bot [in lib.Lattice]
+ge_bot [in backend.Constprop]
+ge_lub_left [in lib.Lattice]
+ge_lub_left [in lib.Sets]
+ge_lub_left [in backend.Constprop]
+ge_lub_left [in lib.Lattice]
+ge_lub_left [in lib.Lattice]
+ge_lub_right [in lib.Sets]
+ge_refl [in lib.Lattice]
+ge_refl [in lib.Sets]
+ge_refl [in lib.Lattice]
+ge_refl [in lib.Lattice]
+ge_refl [in backend.Constprop]
+ge_top [in lib.Lattice]
+ge_top [in backend.Constprop]
+ge_top [in lib.Lattice]
+ge_top [in lib.Lattice]
+ge_trans [in lib.Lattice]
+ge_trans [in backend.Constprop]
+ge_trans [in lib.Sets]
+ge_trans [in lib.Lattice]
+ge_trans [in lib.Lattice]
+gi [in lib.Maps]
+gi [in lib.Maps]
+gi [in lib.Maps]
+gleaf [in lib.Maps]
+gmap [in lib.Maps]
+gmap [in lib.Maps]
+gmap [in lib.Maps]
+gmap [in lib.Maps]
+gpr_or_zero_not_zero [in backend.PPCgenproof1]
+gpr_or_zero_zero [in backend.PPCgenproof1]
+graph_incl_refl [in backend.Coloringproof]
+graph_incl_trans [in backend.InterfGraph]
+gro [in lib.Maps]
+grs [in lib.Maps]
+gsident [in lib.Maps]
+gsident [in lib.Maps]
+gsident [in lib.Maps]
+gso [in lib.Maps]
+gso [in backend.Locations]
+gso [in lib.Maps]
+gso [in lib.Maps]
+gso [in lib.Lattice]
+gso [in lib.Maps]
+gss [in lib.Maps]
+gss [in lib.Maps]
+gss [in backend.Locations]
+gss [in lib.Maps]
+gss [in lib.Lattice]
+gss [in lib.Maps]
+gsspec [in lib.Maps]
+gsspec [in lib.Maps]
+gsspec [in lib.Maps]
+gsspec [in lib.Maps]
+

H

+high_bound_alloc [in backend.Mem]
+high_bound_free [in backend.Mem]
+high_bound_store [in backend.Mem]
+high_half_signed_zero [in backend.PPCgenproof1]
+high_half_unsigned_zero [in backend.PPCgenproof1]
+

I

+identify_aux_decomp [in lib.union_find]
+identify_base_a_maps_to_b [in lib.union_find]
+identify_base_b_canon [in lib.union_find]
+identify_base_order_wf [in lib.union_find]
+identify_base_repr [in lib.union_find]
+identify_base_repr_order [in lib.union_find]
+identify_base_sameclass_1 [in lib.union_find]
+identify_base_sameclass_2 [in lib.union_find]
+included_consistent [in backend.RTLtyping]
+included_identify [in backend.RTLtyping]
+included_mapped [in backend.RTLtyping]
+included_mapped_forall [in backend.RTLtyping]
+included_refl [in backend.RTLtyping]
+included_trans [in backend.RTLtyping]
+inclusion_theorem [in lib.Inclusion]
+incl_app_inv_l [in lib.Coqlib]
+incl_app_inv_r [in lib.Coqlib]
+incl_cons_inv [in lib.Coqlib]
+incl_dst [in backend.Alloctyping_aux]
+incl_find_label [in backend.Machtyping]
+incl_nil [in backend.Alloctyping_aux]
+incl_same_head [in lib.Coqlib]
+incl_src [in backend.Alloctyping_aux]
+index_arg_valid [in backend.Stackingproof]
+index_float_callee_save_inj [in backend.Conventions]
+index_float_callee_save_pos [in backend.Conventions]
+index_float_callee_save_pos2 [in backend.Conventions]
+index_inj [in lib.Maps]
+index_inj [in backend.Locations]
+index_inj [in lib.Maps]
+index_int_callee_save_inj [in backend.Conventions]
+index_int_callee_save_pos [in backend.Conventions]
+index_int_callee_save_pos2 [in backend.Conventions]
+index_local_valid [in backend.Stackingproof]
+index_saved_float_valid [in backend.Stackingproof]
+index_saved_int_valid [in backend.Stackingproof]
+index_val_init_frame [in backend.Stackingproof]
+Indst_noOverlap_aux [in backend.Parallelmove]
+Ingetsrc_swap [in backend.Parallelmove]
+Ingetsrc_swap2 [in backend.Parallelmove]
+initial_state_invariant [in backend.Kildall]
+initmem_nullptr [in backend.Globalenvs]
+initmem_undef [in backend.Globalenvs]
+init_mapping_wf [in backend.RTLgenproof1]
+init_mem_transf [in backend.Globalenvs]
+init_mem_transf_partial [in backend.Globalenvs]
+init_state_wf [in backend.RTLgen]
+inject_incr_refl [in backend.Mem]
+inject_incr_trans [in backend.Mem]
+insert_bin_included [in lib.Inclusion]
+insert_lenv_lookup1 [in backend.Cmconstrproof]
+insert_lenv_lookup2 [in backend.Cmconstrproof]
+instr_at_incr [in backend.RTLgenproof1]
+interfere_incl [in backend.Coloringproof]
+interfere_mreg_incl [in backend.Coloringproof]
+interfere_sym [in backend.InterfGraph]
+interf_graph_correct_1 [in backend.Coloringproof]
+interf_graph_correct_2 [in backend.Coloringproof]
+interf_graph_correct_3 [in backend.Coloringproof]
+intval_correct [in backend.Constpropproof]
+int_add_no_overflow [in backend.Machabstr2mach]
+int_callee_save_bound [in backend.Linearizetyping]
+int_callee_save_norepet [in backend.Conventions]
+int_callee_save_not_destroyed [in backend.Conventions]
+int_callee_save_type [in backend.Conventions]
+int_float_callee_save_disjoint [in backend.Conventions]
+int_local_slot_bound [in backend.Linearizetyping]
+inv_eval_Eop_0 [in backend.Cmconstrproof]
+inv_eval_Eop_1 [in backend.Cmconstrproof]
+inv_eval_Eop_2 [in backend.Cmconstrproof]
+in_bounds_exten [in backend.Mem]
+in_bounds_holds [in backend.Mem]
+in_bounds_inject [in backend.Mem]
+in_cons_noteq [in backend.Allocproof_aux]
+in_incr_refl [in backend.Kildall]
+in_incr_trans [in backend.Kildall]
+In_Indst [in backend.Parallelmove]
+in_move__in_srcdst [in backend.Alloctyping_aux]
+In_norepet [in backend.Allocproof_aux]
+in_notin_diff [in backend.Locations]
+In_noTmp_notempo [in backend.Parallelmove]
+in_or_insert_bin [in lib.Inclusion]
+in_or_notin_callstack [in backend.Machabstr2mach]
+In_permute_app_head [in lib.Inclusion]
+in_range_range [in lib.Integers]
+in_remove_head [in lib.Inclusion]
+In_SD_diff [in backend.Parallelmove]
+In_SD_diff' [in backend.Parallelmove]
+In_SD_no_o [in backend.Parallelmove]
+in_split_move [in backend.Alloctyping_aux]
+in_xelements [in lib.Maps]
+in_xkeys [in lib.Maps]
+ireg_eq [in backend.PPC]
+ireg_of_is_data_reg [in backend.PPCgenproof1]
+ireg_of_not_GPR1 [in backend.PPCgenproof1]
+ireg_of_not_GPR2 [in backend.PPCgenproof1]
+ireg_val [in backend.PPCgenproof1]
+isfalse_not_istrue [in backend.Values]
+istrue_not_isfalse [in backend.Values]
+is_goto_block_correct [in backend.Tunnelingproof]
+is_label_correct [in backend.PPC]
+is_label_correct [in backend.Mach]
+is_label_correct [in backend.Linear]
+is_move_operation_correct [in backend.Op]
+is_power2_correct [in lib.Integers]
+is_power2_range [in lib.Integers]
+is_power2_rng [in lib.Integers]
+is_tail_cons_left [in backend.Linearizeproof]
+is_tail_exec_instr [in backend.Linearizeproof]
+is_tail_exec_instrs [in backend.Linearizeproof]
+is_tail_find_label [in backend.Linearizeproof]
+is_tail_in [in backend.Linearizeproof]
+iterate_base [in backend.Kildall]
+iterate_incr [in backend.Kildall]
+iterate_solution [in backend.Kildall]
+iterate_step [in backend.Kildall]
+

K

+kill_load_eqs_incl [in backend.CSEproof]
+kill_load_eqs_ops [in backend.CSEproof]
+kill_load_satisfiable [in backend.CSEproof]
+

L

+label_in_lin_block [in backend.Linearizeproof]
+label_in_lin_rec [in backend.Linearizeproof]
+label_pos_code_tail [in backend.PPCgenproof]
+last_app [in backend.Parallelmove]
+last_cons [in backend.Parallelmove]
+last_replace [in backend.Parallelmove]
+length_addr_args [in backend.Allocproof]
+length_app [in backend.Parallelmove]
+length_cond_args [in backend.Allocproof]
+length_op_args [in backend.Allocproof]
+length_replace [in backend.Parallelmove]
+let_fold_args_res [in backend.RTLtyping]
+linearize_block_incl [in backend.Linearizetyping]
+list_append_map [in lib.Coqlib]
+list_disjoint_cons_left [in lib.Coqlib]
+list_disjoint_cons_right [in lib.Coqlib]
+list_disjoint_notin [in lib.Coqlib]
+list_disjoint_sym [in lib.Coqlib]
+list_forall2_imply [in lib.Coqlib]
+list_in_map_inv [in lib.Coqlib]
+list_length_map [in lib.Coqlib]
+list_map_compose [in lib.Coqlib]
+list_map_exten [in lib.Coqlib]
+list_map_norepet [in lib.Coqlib]
+list_map_nth [in lib.Coqlib]
+list_norepet_append [in lib.Coqlib]
+list_norepet_append_left [in lib.Coqlib]
+list_norepet_append_right [in lib.Coqlib]
+list_norepet_dec [in lib.Coqlib]
+loadimm_correct [in backend.PPCgenproof1]
+loadind_aux_correct [in backend.PPCgenproof1]
+loadind_correct [in backend.PPCgenproof1]
+loadv_inject [in backend.Mem]
+loadv_8_signed_unsigned [in backend.PPCgenproof]
+load_agree [in backend.Mem]
+load_alloc_other [in backend.Mem]
+load_alloc_same [in backend.Mem]
+load_contentmap_agree [in backend.Mem]
+load_contents_init [in backend.Mem]
+load_contents_inject [in backend.Mem]
+load_extends [in backend.Mem]
+load_free [in backend.Mem]
+load_freelist [in backend.Cminorgenproof]
+load_from_alloc_is_undef [in backend.Cminorgenproof]
+load_inject [in backend.Mem]
+load_inv [in backend.Mem]
+load_in_bounds [in backend.Mem]
+load_result_idem [in backend.Cminorgenproof]
+load_result_inject [in backend.Mem]
+load_result_normalized [in backend.Cminorgenproof]
+load_result_ty [in backend.Machabstr2mach]
+load_store_contents_mismatch [in backend.Mem]
+load_store_contents_other [in backend.Mem]
+load_store_contents_overlap [in backend.Mem]
+load_store_contents_same [in backend.Mem]
+load_store_other [in backend.Mem]
+load_store_same [in backend.Mem]
+locs_acceptable_disj_temporaries [in backend.Conventions]
+loc_acceptable_noteq_diff [in backend.Allocproof]
+loc_acceptable_notin_notin [in backend.Allocproof]
+loc_arguments_acceptable [in backend.Conventions]
+loc_arguments_bounded [in backend.Conventions]
+loc_arguments_length [in backend.Conventions]
+loc_arguments_norepet [in backend.Conventions]
+loc_arguments_not_temporaries [in backend.Conventions]
+loc_arguments_type [in backend.Conventions]
+loc_is_acceptable_correct [in backend.Coloringproof]
+loc_parameters_not_temporaries [in backend.Conventions]
+loc_parameters_type [in backend.Conventions]
+loc_result_acceptable [in backend.Conventions]
+loc_result_type [in backend.Conventions]
+low_bound_alloc [in backend.Mem]
+low_bound_free [in backend.Mem]
+low_bound_store [in backend.Mem]
+low_high_s [in backend.PPCgenproof1]
+low_high_u [in backend.PPCgenproof1]
+low_high_u_xor [in backend.PPCgenproof1]
+lt_not_eq [in lib.Ordered]
+lt_not_eq [in lib.Ordered]
+lt_not_eq [in lib.Ordered]
+lt_trans [in lib.Ordered]
+lt_trans [in lib.Ordered]
+lt_trans [in lib.Ordered]
+lub_commut [in lib.Lattice]
+lub_commut [in backend.Constprop]
+lub_commut [in lib.Lattice]
+lub_commut [in lib.Sets]
+lub_commut [in lib.Lattice]
+

M

+make_addimm_correct [in backend.Constpropproof]
+make_andimm_correct [in backend.Constpropproof]
+make_cast_correct [in backend.Cminorgenproof]
+make_load_correct [in backend.Cminorgenproof]
+make_mulimm_correct [in backend.Constpropproof]
+make_op_correct [in backend.Cminorgenproof]
+make_orimm_correct [in backend.Constpropproof]
+make_predecessors_correct [in backend.Kildall]
+make_shlimm_correct [in backend.Constpropproof]
+make_shrimm_correct [in backend.Constpropproof]
+make_shruimm_correct [in backend.Constpropproof]
+make_stackaddr_correct [in backend.Cminorgenproof]
+make_store_correct [in backend.Cminorgenproof]
+make_xorimm_correct [in backend.Constpropproof]
+mapped_included_consistent [in backend.RTLtyping]
+mapped_list_included [in backend.RTLtyping]
+map_f_getsrc_getdst [in backend.Alloctyping_aux]
+map_inv [in backend.Allocproof_aux]
+map_wf_incr [in backend.RTLgenproof1]
+match_callstack_alloc_left [in backend.Cminorgenproof]
+match_callstack_alloc_other [in backend.Cminorgenproof]
+match_callstack_alloc_right [in backend.Cminorgenproof]
+match_callstack_alloc_variables [in backend.Cminorgenproof]
+match_callstack_alloc_variables_rec [in backend.Cminorgenproof]
+match_callstack_freelist [in backend.Cminorgenproof]
+match_callstack_freelist_rec [in backend.Cminorgenproof]
+match_callstack_incr_bound [in backend.Cminorgenproof]
+match_callstack_mapped [in backend.Cminorgenproof]
+match_callstack_match_globalenvs [in backend.Cminorgenproof]
+match_callstack_store_above [in backend.Cminorgenproof]
+match_callstack_store_local [in backend.Cminorgenproof]
+match_callstack_store_local_unchanged [in backend.Cminorgenproof]
+match_env_alloc_other [in backend.Cminorgenproof]
+match_env_alloc_same [in backend.Cminorgenproof]
+match_env_empty [in backend.RTLgenproof1]
+match_env_exten [in backend.RTLgenproof1]
+match_env_extensional [in backend.Cminorgenproof]
+match_env_find_reg [in backend.RTLgenproof1]
+match_env_freelist [in backend.Cminorgenproof]
+match_env_invariant [in backend.RTLgenproof1]
+match_env_letvar [in backend.RTLgenproof1]
+match_env_store_above [in backend.Cminorgenproof]
+match_env_store_local [in backend.Cminorgenproof]
+match_env_store_mapped [in backend.Cminorgenproof]
+match_env_update_temp [in backend.RTLgenproof1]
+match_env_update_var [in backend.RTLgenproof1]
+match_globalenvs_init [in backend.Cminorgenproof]
+match_init_env_init_reg [in backend.RTLgenproof1]
+match_set_locals [in backend.RTLgenproof1]
+match_set_params_init_regs [in backend.RTLgenproof1]
+max_over_instrs_bound [in backend.Linearizetyping]
+max_over_list_bound [in backend.Linearizetyping]
+max_over_list_pos [in backend.Lineartyping]
+max_over_regs_of_funct_bound [in backend.Linearizetyping]
+max_over_regs_of_funct_pos [in backend.Lineartyping]
+max_over_slots_of_funct_bound [in backend.Linearizetyping]
+max_over_slots_of_funct_pos [in backend.Lineartyping]
+member_correct [in backend.RTLtyping]
+mem_add_globals_transf [in backend.Globalenvs]
+mem_add_other [in lib.Sets]
+mem_add_same [in lib.Sets]
+mem_add_tail [in backend.InterfGraph]
+mem_empty [in lib.Sets]
+mem_exten [in backend.Mem]
+mem_remove_other [in lib.Sets]
+mem_remove_same [in lib.Sets]
+mem_union [in lib.Sets]
+mkint_eq [in lib.Integers]
+mods_divs [in lib.Integers]
+mods_divs [in backend.Values]
+modulus_pos [in lib.Integers]
+modu_and [in lib.Integers]
+modu_divu [in lib.Integers]
+modu_divu [in backend.Values]
+modu_divu_Euclid [in lib.Integers]
+modu_pow2 [in backend.Values]
+mod_in_range [in lib.Integers]
+mone_max_unsigned [in lib.Integers]
+move_types_res [in backend.Alloctyping_aux]
+move_types_stepf [in backend.Alloctyping_aux]
+mreg_eq [in backend.Locations]
+mreg_is_bounded [in backend.Linearizetyping]
+multiple_predecessors [in backend.Kildall]
+mul_add_distr_l [in lib.Integers]
+mul_add_distr_l [in backend.Values]
+mul_add_distr_r [in lib.Integers]
+mul_add_distr_r [in backend.Values]
+mul_assoc [in lib.Integers]
+mul_assoc [in backend.Values]
+mul_commut [in backend.Values]
+mul_commut [in lib.Integers]
+mul_one [in lib.Integers]
+mul_pow2 [in lib.Integers]
+mul_pow2 [in backend.Values]
+mul_zero [in lib.Integers]
+mutated_reg_in_map [in backend.RTLgenproof1]
+

N

+negate_cmp [in backend.Values]
+negate_cmp [in lib.Integers]
+negate_cmpf_eq [in backend.Values]
+negate_cmpu [in lib.Integers]
+negate_cmpu [in backend.Values]
+negate_cmp_mismatch [in backend.Values]
+neg_add_distr [in backend.Values]
+neg_add_distr [in lib.Integers]
+neg_repr [in lib.Integers]
+neg_zero [in lib.Integers]
+neg_zero [in backend.Values]
+neq_is_neq [in backend.Parallelmove]
+new_reg_fresh [in backend.RTLgenproof1]
+new_reg_incr [in backend.RTLgenproof1]
+new_reg_not_in_map [in backend.RTLgenproof1]
+new_reg_not_mutated [in backend.RTLgenproof1]
+new_reg_return_ok [in backend.RTLgenproof1]
+new_reg_valid [in backend.RTLgenproof1]
+nextinstr_inv [in backend.PPCgenproof1]
+nextinstr_set_preg [in backend.PPCgenproof1]
+non_overlap_diff [in backend.Locations]
+noOverlapaux_insert [in backend.Parallelmove]
+noOverlapaux_swap2 [in backend.Parallelmove]
+noOverlap_auxpop [in backend.Parallelmove]
+noOverlap_auxPop [in backend.Parallelmove]
+noOverlap_aux_app [in backend.Parallelmove]
+noOverlap_Front0 [in backend.Parallelmove]
+noOverlap_head [in backend.Parallelmove]
+noOverlap_insert [in backend.Parallelmove]
+noOverlap_movBack [in backend.Parallelmove]
+noOverlap_movBack0 [in backend.Parallelmove]
+noOverlap_movFront [in backend.Parallelmove]
+noOverlap_nil [in backend.Parallelmove]
+noOverlap_Pop [in backend.Parallelmove]
+noOverlap_pop [in backend.Parallelmove]
+noOverlap_right [in backend.Parallelmove]
+noOverlap_swap [in backend.Parallelmove]
+noO_diff [in backend.Parallelmove]
+noO_list_pnilnil [in backend.Allocproof_aux]
+noRead_app [in backend.Parallelmove]
+noRead_by_path [in backend.Parallelmove]
+norepet_SD [in backend.Allocproof_aux]
+notbool_idem2 [in backend.Values]
+notbool_idem3 [in backend.Values]
+notbool_isfalse_istrue [in lib.Integers]
+notbool_istrue_isfalse [in lib.Integers]
+notbool_is_bool [in backend.Values]
+notbool_negb_1 [in backend.Values]
+notbool_negb_2 [in backend.Values]
+notbool_xor [in backend.Values]
+notindst_nW [in backend.Parallelmove]
+notin_disjoint [in backend.Locations]
+notin_not_in [in backend.Locations]
+noTmpLast_lastnoTmp [in backend.Parallelmove]
+noTmpLast_Pop [in backend.Parallelmove]
+noTmpLast_pop [in backend.Parallelmove]
+noTmpLast_popBack [in backend.Parallelmove]
+noTmpLast_push [in backend.Parallelmove]
+noTmpLast_tmpLast [in backend.Parallelmove]
+noTmpL_diff [in backend.Parallelmove]
+noTmp_app [in backend.Parallelmove]
+noTmp_append [in backend.Parallelmove]
+noTmP_noOverlap_aux [in backend.Parallelmove]
+noTmp_noReadTmp [in backend.Parallelmove]
+noTmp_noTmpLast [in backend.Parallelmove]
+noTmp_pop [in backend.Parallelmove]
+noWrite_in [in backend.Parallelmove]
+noWrite_insert [in backend.Parallelmove]
+noWrite_movFront [in backend.Parallelmove]
+noWrite_pop [in backend.Parallelmove]
+noWrite_swap [in backend.Parallelmove]
+noWrite_tmpLast [in backend.Parallelmove]
+no_overlapD_inv [in backend.Allocproof_aux]
+no_overlapD_invf [in backend.Allocproof_aux]
+no_overlapD_invpp [in backend.Allocproof_aux]
+no_overlapD_res [in backend.Allocproof_aux]
+no_overlap_arguments [in backend.Conventions]
+no_overlap_list_pop [in backend.Allocproof_aux]
+no_overlap_noOverlap [in backend.Parallelmove]
+no_overlap_parameters [in backend.Conventions]
+no_overlap_temp [in backend.Allocproof_aux]
+no_self_loop [in backend.Kildall]
+nth_error_in [in lib.Coqlib]
+nth_error_nil [in lib.Coqlib]
+numbering_holds_exten [in backend.CSEproof]
+

O

+offset_of_index_disj [in backend.Stackingproof]
+offset_of_index_no_overflow [in backend.Stackingproof]
+offset_of_index_valid [in backend.Stackingproof]
+of_bool_is_bool [in backend.Values]
+one_bits_decomp [in lib.Integers]
+one_bits_range [in lib.Integers]
+one_not_zero [in lib.Integers]
+option_sum [in lib.union_find]
+op_strength_reduction_correct [in backend.Constpropproof]
+ordered_pair_charact [in backend.InterfGraph]
+ordered_pair_sym [in backend.InterfGraph]
+orimm_correct [in backend.PPCgenproof1]
+or_assoc [in lib.Integers]
+or_assoc [in backend.Values]
+or_commut [in lib.Integers]
+or_commut [in backend.Values]
+or_idem [in lib.Integers]
+or_mone [in lib.Integers]
+or_of_bool [in backend.Values]
+or_rolm [in lib.Integers]
+or_rolm [in backend.Values]
+or_zero [in lib.Integers]
+outgoing_slot_bound [in backend.Linearizetyping]
+overlap_aux_false_1 [in backend.Locations]
+overlap_aux_true_1 [in backend.Locations]
+overlap_aux_true_2 [in backend.Locations]
+overlap_not_diff [in backend.Locations]
+

P

+parallel_move_correct [in backend.Allocproof]
+parallel_move_correctX [in backend.Allocproof_aux]
+parallel_move_correct' [in backend.Allocproof_aux]
+path_pop [in backend.Parallelmove]
+path_tmpLast [in backend.Parallelmove]
+peq_false [in lib.Coqlib]
+peq_true [in lib.Coqlib]
+pexec_add [in backend.Parallelmove]
+pexec_correct [in backend.Parallelmove]
+pexec_mov [in backend.Parallelmove]
+pexec_movBack [in backend.Parallelmove]
+pexec_movFront [in backend.Parallelmove]
+pexec_nop [in backend.Parallelmove]
+pexec_push [in backend.Parallelmove]
+pexec_swap [in backend.Parallelmove]
+pexec_update [in backend.Parallelmove]
+Ple_refl [in lib.Coqlib]
+Ple_succ [in lib.Coqlib]
+Ple_trans [in lib.Coqlib]
+Plt_ne [in lib.Coqlib]
+Plt_Ple [in lib.Coqlib]
+Plt_Ple_trans [in lib.Coqlib]
+Plt_strict [in lib.Coqlib]
+Plt_succ [in lib.Coqlib]
+Plt_succ_inv [in lib.Coqlib]
+Plt_trans [in lib.Coqlib]
+Plt_trans_succ [in lib.Coqlib]
+Plt_wf [in lib.Coqlib]
+Pmov_equation [in backend.Parallelmove]
+positive_Peano_ind [in lib.Coqlib]
+positive_rec_base [in lib.Coqlib]
+positive_rec_succ [in lib.Coqlib]
+Ppred_Plt [in lib.Coqlib]
+predecessors_correct [in backend.Kildall]
+preg_eq [in backend.PPC]
+preg_of_injective [in backend.PPCgenproof1]
+preg_of_is_data_reg [in backend.PPCgenproof1]
+preg_of_not [in backend.PPCgenproof1]
+preg_of_not_GPR1 [in backend.PPCgenproof1]
+preg_val [in backend.PPCgenproof1]
+program_typing_preserved [in backend.Tunnelingtyping]
+program_typing_preserved [in backend.Linearizetyping]
+program_typing_preserved [in backend.Alloctyping]
+program_typing_preserved [in backend.Stackingtyping]
+prog_funct_transf_OK [in backend.Globalenvs]
+propagate_successors_charact1 [in backend.Kildall]
+propagate_successors_charact2 [in backend.Kildall]
+propagate_successors_invariant [in backend.Kildall]
+propagate_successors_P [in backend.Kildall]
+propagate_succ_charact [in backend.Kildall]
+propagate_succ_incr [in backend.Kildall]
+propagate_succ_incr_worklist [in backend.Kildall]
+propagate_succ_list_charact [in backend.Kildall]
+propagate_succ_list_incr [in backend.Kildall]
+propagate_succ_list_incr_worklist [in backend.Kildall]
+propagate_succ_list_records_changes [in backend.Kildall]
+propagate_succ_records_changes [in backend.Kildall]
+

R

+reachable_correct_1 [in backend.Linearizeproof]
+reachable_correct_2 [in backend.Linearizeproof]
+reachable_entrypoint [in backend.Linearizeproof]
+reachable_successors [in backend.Linearizeproof]
+rebuild_l [in backend.Parallelmove]
+refl_ge [in backend.CSE]
+regalloc_acceptable [in backend.Coloringproof]
+regalloc_correct_1 [in backend.Coloringproof]
+regalloc_correct_2 [in backend.Coloringproof]
+regalloc_correct_3 [in backend.Coloringproof]
+regalloc_disj_temporaries [in backend.Allocproof]
+regalloc_norepet_norepet [in backend.Allocproof]
+regalloc_noteq_diff [in backend.Allocproof]
+regalloc_notin_notin [in backend.Allocproof]
+regalloc_not_temporary [in backend.Allocproof]
+regalloc_ok [in backend.Coloringproof]
+regalloc_preserves_types [in backend.Coloringproof]
+register_classification [in backend.Conventions]
+regsalloc_acceptable [in backend.Coloringproof]
+regs_match_approx_increasing [in backend.Constpropproof]
+regs_match_approx_update [in backend.Constpropproof]
+reg_for_spec [in backend.Allocproof]
+reg_fresh_decr [in backend.RTLgenproof1]
+reg_in_map_valid [in backend.RTLgenproof1]
+reg_valid_incr [in backend.RTLgenproof1]
+reg_valnum_correct [in backend.CSEproof]
+remove_all_leaves_sound [in lib.Inclusion]
+repet_correct [in backend.RTLtyping]
+replace_last_id [in backend.Parallelmove]
+repr_aux_canon [in lib.union_find]
+repr_aux_none [in lib.union_find]
+repr_aux_some [in lib.union_find]
+repr_empty [in lib.union_find]
+repr_rec_ext [in lib.union_find]
+repr_repr [in lib.union_find]
+repr_signed [in lib.Integers]
+repr_unsigned [in lib.Integers]
+reserve_instr_incr [in backend.RTLgenproof1]
+reserve_instr_wf [in backend.RTLgen]
+restore_callee_save_correct [in backend.Stackingproof]
+restore_float_callee_save_correct [in backend.Stackingproof]
+restore_float_callee_save_correct_rec [in backend.Stackingproof]
+restore_int_callee_save_correct [in backend.Stackingproof]
+restore_int_callee_save_correct_rec [in backend.Stackingproof]
+return_regs_not_destroyed [in backend.Allocproof]
+return_regs_result [in backend.Allocproof]
+return_reg_ok_incr [in backend.RTLgenproof1]
+rleaf [in lib.Maps]
+rolm_rolm [in lib.Integers]
+rolm_rolm [in backend.Values]
+rolm_zero [in lib.Integers]
+rolm_zero [in backend.Values]
+rol_and [in lib.Integers]
+rol_or [in lib.Integers]
+rol_rol [in lib.Integers]
+rol_zero [in lib.Integers]
+

S

+sameclass_empty [in lib.union_find]
+sameclass_identify_1 [in lib.union_find]
+sameclass_identify_2 [in lib.union_find]
+sameclass_refl [in lib.union_find]
+sameclass_repr [in lib.union_find]
+sameclass_sym [in lib.union_find]
+sameclass_trans [in lib.union_find]
+sameExec_reflexive [in backend.Parallelmove]
+sameExec_transitive [in backend.Parallelmove]
+same_not_diff [in backend.Locations]
+same_typ_correct [in backend.Coloringproof]
+save_callee_save_correct [in backend.Stackingproof]
+save_float_callee_save_correct [in backend.Stackingproof]
+save_float_callee_save_correct_rec [in backend.Stackingproof]
+save_int_callee_save_correct [in backend.Stackingproof]
+save_int_callee_save_correct_rec [in backend.Stackingproof]
+SB_Pmov [in backend.Parallelmove]
+SDone_Pmov [in backend.Allocproof_aux]
+SDone_stepf [in backend.Allocproof_aux]
+sD_nW [in backend.Parallelmove]
+sD_pexec [in backend.Parallelmove]
+setN_agree [in backend.Mem]
+setN_inject [in backend.Mem]
+setN_outside_agree [in backend.Mem]
+setN_outside_inject [in backend.Mem]
+set_cont_agree [in backend.Mem]
+set_cont_inject [in backend.Mem]
+set_cont_inside [in backend.Mem]
+set_cont_outside [in backend.Mem]
+set_cont_outside1 [in backend.Mem]
+set_cont_outside_agree [in backend.Mem]
+set_cont_outside_inject [in backend.Mem]
+set_locals_defined [in backend.Cminorgenproof]
+set_locals_params_defined [in backend.Cminorgenproof]
+set_params_defined [in backend.Cminorgenproof]
+set_slot_index [in backend.Stackingproof]
+set_slot_link_invariant [in backend.Machtyping]
+set_slot_ok [in backend.Stackingproof]
+shift_eval_addressing [in backend.Stackingproof]
+shift_eval_operation [in backend.Stackingproof]
+shl_mul [in backend.Values]
+shl_mul [in lib.Integers]
+shl_mul_two_p [in lib.Integers]
+shl_rolm [in lib.Integers]
+shl_rolm [in backend.Values]
+shl_zero [in lib.Integers]
+shru_div_two_p [in lib.Integers]
+shru_rolm [in backend.Values]
+shru_rolm [in lib.Integers]
+shru_zero [in lib.Integers]
+shrx_carry [in backend.Values]
+shrx_carry [in lib.Integers]
+shr_zero [in lib.Integers]
+signed_range [in lib.Integers]
+signed_repr [in lib.Integers]
+sig_function_translated [in backend.Allocproof]
+sig_transl_function [in backend.Cminorgenproof]
+simpleDest_insert [in backend.Parallelmove]
+simpleDest_movBack [in backend.Parallelmove]
+simpleDest_movFront [in backend.Parallelmove]
+simpleDest_Pop [in backend.Parallelmove]
+simpleDest_pop [in backend.Parallelmove]
+simpleDest_pop2 [in backend.Parallelmove]
+simpleDest_right [in backend.Parallelmove]
+simpleDest_swap [in backend.Parallelmove]
+simpleDest_swap_app [in backend.Parallelmove]
+simpleDest_tmpLast [in backend.Parallelmove]
+size_arguments_bound [in backend.Linearizetyping]
+size_chunk_pos [in backend.Mem]
+size_mem_pos [in backend.Mem]
+size_no_overflow [in backend.Stackingproof]
+size_pos [in backend.Stackingproof]
+slot_eq [in backend.Locations]
+slot_gi [in backend.Stackingproof]
+slot_gso [in backend.Stackingproof]
+slot_gss [in backend.Stackingproof]
+slot_iso [in backend.Stackingproof]
+slot_iss [in backend.Stackingproof]
+slot_is_bounded [in backend.Linearizetyping]
+sort_included [in lib.Inclusion]
+sort_included2 [in lib.Inclusion]
+splitNone [in backend.Parallelmove]
+splitSome [in backend.Parallelmove]
+split_length [in backend.Parallelmove]
+split_move_incl [in backend.Alloctyping_aux]
+sp_val [in backend.PPCgenproof1]
+srcdst_tmp2_stepf [in backend.Alloctyping_aux]
+src_tmp2_res [in backend.Alloctyping_aux]
+starts_with_correct [in backend.Linearizeproof]
+start_state_good [in backend.Kildall]
+start_state_in_entry [in backend.Kildall]
+state_incr_extends [in backend.RTLgenproof1]
+state_incr_refl [in backend.RTLgenproof1]
+state_incr_trans [in backend.RTLgenproof1]
+state_incr_trans2 [in backend.RTLgenproof1]
+state_incr_trans3 [in backend.RTLgenproof1]
+state_incr_trans4 [in backend.RTLgenproof1]
+state_incr_trans5 [in backend.RTLgenproof1]
+state_incr_trans6 [in backend.RTLgenproof1]
+stepf1_dec [in backend.Parallelmove]
+stepf_dec [in backend.Parallelmove]
+stepf_dec0 [in backend.Parallelmove]
+stepf_dec0' [in backend.Parallelmove]
+stepf_pop [in backend.Parallelmove]
+stepf_popLoop [in backend.Parallelmove]
+stepInv_pnilnil [in backend.Allocproof_aux]
+stepp_inv [in backend.Parallelmove]
+stepp_sameExec [in backend.Parallelmove]
+stepp_transitive [in backend.Parallelmove]
+step1 [in backend.RTLtyping]
+step2 [in backend.RTLtyping]
+step3 [in backend.RTLtyping]
+step4 [in backend.RTLtyping]
+step_dec [in backend.Parallelmove]
+step_dec0 [in backend.Parallelmove]
+step_inv [in backend.Parallelmove]
+step_inv_getdst [in backend.Parallelmove]
+step_inv_loop [in backend.Parallelmove]
+step_inv_loop_aux [in backend.Parallelmove]
+step_inv_noOverlap [in backend.Parallelmove]
+step_inv_NoOverlap [in backend.Parallelmove]
+step_inv_noTmp [in backend.Parallelmove]
+step_inv_noTmpLast [in backend.Parallelmove]
+step_inv_path [in backend.Parallelmove]
+step_inv_simpleDest [in backend.Parallelmove]
+step_sameExec [in backend.Parallelmove]
+step_state_good [in backend.Kildall]
+step_stepp [in backend.Parallelmove]
+stmt_stmtlist_ind [in backend.RTLgenproof1]
+STM_Pmov [in backend.Parallelmove]
+storeind_aux_correct [in backend.PPCgenproof1]
+storeind_correct [in backend.PPCgenproof1]
+storev_mapped_inject [in backend.Mem]
+storev_mapped_inject_1 [in backend.Mem]
+storev_16_signed_unsigned [in backend.PPCgenproof]
+storev_8_signed_unsigned [in backend.PPCgenproof]
+store_agree [in backend.Mem]
+store_alloc [in backend.Mem]
+store_contentmap_agree [in backend.Mem]
+store_contentmap_outside_agree [in backend.Mem]
+store_contents_inject [in backend.Mem]
+store_contents_outside_inject [in backend.Mem]
+store_inv [in backend.Mem]
+store_in_bounds [in backend.Mem]
+store_is_in_bounds [in backend.Mem]
+store_mapped_inject [in backend.Mem]
+store_mapped_inject_1 [in backend.Mem]
+store_outside_agree [in backend.Mem]
+store_outside_extends [in backend.Mem]
+store_parameters_correct [in backend.Cminorgenproof]
+store_unmapped_inject [in backend.Mem]
+store_within_extends [in backend.Mem]
+subject_reduction [in backend.Machtyping]
+subject_reduction [in backend.RTLtyping]
+subject_reduction_function [in backend.Machtyping]
+subject_reduction_instr [in backend.Machtyping]
+subject_reduction_instrs [in backend.Machtyping]
+sub_add_l [in backend.Values]
+sub_add_l [in lib.Integers]
+sub_add_opp [in lib.Integers]
+sub_add_opp [in backend.Values]
+sub_add_r [in backend.Values]
+sub_add_r [in lib.Integers]
+sub_idem [in lib.Integers]
+sub_shifted [in lib.Integers]
+sub_zero_l [in lib.Integers]
+sub_zero_r [in backend.Values]
+sub_zero_r [in lib.Integers]
+successors_aux_invariant [in backend.LTL]
+successors_correct [in backend.LTL]
+successors_correct [in backend.RTL]
+swap_cmp [in lib.Integers]
+swap_cmp [in backend.Values]
+swap_cmpu [in backend.Values]
+swap_cmpu [in lib.Integers]
+swap_cmp_mismatch [in backend.Values]
+symbols_add_globals_transf [in backend.Globalenvs]
+symbols_init_transf [in backend.Globalenvs]
+symbols_preserved [in backend.Tunnelingproof]
+symbols_preserved [in backend.Allocproof]
+symbols_preserved [in backend.Cminorgenproof]
+symbols_preserved [in backend.Constpropproof]
+symbols_preserved [in backend.PPCgenproof]
+symbols_preserved [in backend.RTLgenproof]
+symbols_preserved [in backend.Linearizeproof]
+symbols_preserved [in backend.CSEproof]
+symbols_preserved [in backend.Stackingproof]
+

T

+target_regs_not_mutated [in backend.RTLgenproof1]
+target_regs_ok_incr [in backend.RTLgenproof1]
+target_regs_valid [in backend.RTLgenproof1]
+target_reg_not_mutated [in backend.RTLgenproof1]
+target_reg_ok_incr [in backend.RTLgenproof1]
+target_reg_valid [in backend.RTLgenproof1]
+temporaries_not_acceptable [in backend.Conventions]
+teq_correct [in backend.RTLtyping]
+test_inclusion_sound [in lib.Inclusion]
+top_ge [in backend.CSE]
+transfer_correct [in backend.Constpropproof]
+transfer_correct [in backend.CSEproof]
+transform_partial_program_compose [in backend.Main]
+transform_partial_program_function [in backend.AST]
+transform_partial_program_main [in backend.AST]
+transform_program_function [in backend.AST]
+transform_program_partial_total [in backend.Main]
+transform_program_transform_partial_program [in backend.Globalenvs]
+transf_cminor_program2_correct [in backend.Main]
+transf_cminor_program_correct [in backend.Main]
+transf_cminor_program_equiv [in backend.Main]
+transf_code_wf [in backend.CSE]
+transf_code_wf [in backend.Constprop]
+transf_code_wf [in backend.RTL]
+transf_csharpminor_program2_correct [in backend.Main]
+transf_csharpminor_program_correct [in backend.Main]
+transf_csharpminor_program_equiv [in backend.Main]
+transf_entrypoint_correct [in backend.Allocproof]
+transf_entrypoint_wf [in backend.Allocation]
+transf_function_correct [in backend.Linearizeproof]
+transf_function_correct [in backend.PPCgenproof]
+transf_function_correct [in backend.Stackingproof]
+transf_function_correct [in backend.CSEproof]
+transf_funct_correct [in backend.Constpropproof]
+transf_partial_program_compose [in backend.Main]
+transf_program_correct [in backend.Linearizeproof]
+transf_program_correct [in backend.Tunnelingproof]
+transf_program_correct [in backend.Constpropproof]
+transf_program_correct [in backend.PPCgenproof]
+transf_program_correct [in backend.CSEproof]
+transf_program_partial_total [in backend.Main]
+transf_program_transf_partial_program [in backend.Globalenvs]
+translate_cmp [in lib.Integers]
+translate_eq [in lib.Integers]
+translate_lt [in lib.Integers]
+transl_code_label [in backend.PPCgenproof]
+transl_condition_CEcondition_correct [in backend.RTLgenproof]
+transl_condition_CEcond_correct [in backend.RTLgenproof]
+transl_condition_CEfalse_correct [in backend.RTLgenproof]
+transl_condition_CEtrue_correct [in backend.RTLgenproof]
+transl_condition_incr [in backend.RTLgenproof1]
+transl_cond_correct [in backend.PPCgenproof1]
+transl_cond_correct_aux [in backend.PPCgenproof1]
+transl_exprlist_Econs_correct [in backend.Cminorgenproof]
+transl_exprlist_Econs_correct [in backend.RTLgenproof]
+transl_exprlist_Enil_correct [in backend.RTLgenproof]
+transl_exprlist_Enil_correct [in backend.Cminorgenproof]
+transl_exprlist_incr [in backend.RTLgenproof1]
+transl_expr_condition_exprlist_incr [in backend.RTLgenproof1]
+transl_expr_Eaddrof_global_correct [in backend.Cminorgenproof]
+transl_expr_Eaddrof_local_correct [in backend.Cminorgenproof]
+transl_expr_Eassign_correct [in backend.Cminorgenproof]
+transl_expr_Eassign_correct [in backend.RTLgenproof]
+transl_expr_Ecall_correct [in backend.RTLgenproof]
+transl_expr_Ecall_correct [in backend.Cminorgenproof]
+transl_expr_Econdition_correct [in backend.RTLgenproof]
+transl_expr_Econdition_false_correct [in backend.Cminorgenproof]
+transl_expr_Econdition_true_correct [in backend.Cminorgenproof]
+transl_expr_Eletvar_correct [in backend.RTLgenproof]
+transl_expr_Eletvar_correct [in backend.Cminorgenproof]
+transl_expr_Elet_correct [in backend.Cminorgenproof]
+transl_expr_Elet_correct [in backend.RTLgenproof]
+transl_expr_Eload_correct [in backend.RTLgenproof]
+transl_expr_Eload_correct [in backend.Cminorgenproof]
+transl_expr_Eop_correct [in backend.RTLgenproof]
+transl_expr_Eop_correct [in backend.Cminorgenproof]
+transl_expr_Estore_correct [in backend.RTLgenproof]
+transl_expr_Estore_correct [in backend.Cminorgenproof]
+transl_expr_Evar_correct [in backend.Cminorgenproof]
+transl_expr_Evar_correct [in backend.RTLgenproof]
+transl_expr_incr [in backend.RTLgenproof1]
+transl_find_label [in backend.PPCgenproof]
+transl_find_label [in backend.Stackingproof]
+transl_funcall_correct [in backend.Cminorgenproof]
+transl_funcall_correct [in backend.RTLgenproof]
+transl_function_correct [in backend.Allocproof]
+transl_function_correct [in backend.Cminorgenproof]
+transl_function_correctness [in backend.Allocproof]
+transl_function_correctness [in backend.RTLgenproof]
+transl_Icall_correct [in backend.Allocproof]
+transl_Icond_false_correct [in backend.Allocproof]
+transl_Icond_true_correct [in backend.Allocproof]
+transl_Iload_correct [in backend.Allocproof]
+transl_Inop_correct [in backend.Allocproof]
+transl_instr_label [in backend.PPCgenproof]
+transl_Iop_correct [in backend.Allocproof]
+transl_Istore_correct [in backend.Allocproof]
+transl_load_correct [in backend.PPCgenproof1]
+transl_load_store_correct [in backend.PPCgenproof1]
+transl_one_correct [in backend.Allocproof]
+transl_op_correct [in backend.PPCgenproof1]
+transl_program_correct [in backend.RTLgenproof]
+transl_program_correct [in backend.Stackingproof]
+transl_program_correct [in backend.Allocproof]
+transl_program_correct [in backend.Cminorgenproof]
+transl_refl_correct [in backend.Allocproof]
+transl_stmtlist_incr [in backend.RTLgenproof1]
+transl_stmtlist_Scons_continue_correct [in backend.RTLgenproof]
+transl_stmtlist_Scons_stop_correct [in backend.RTLgenproof]
+transl_stmtlist_Scons_1_correct [in backend.Cminorgenproof]
+transl_stmtlist_Scons_2_correct [in backend.Cminorgenproof]
+transl_stmtlist_Snil_correct [in backend.RTLgenproof]
+transl_stmtlist_Snil_correct [in backend.Cminorgenproof]
+transl_stmt_incr [in backend.RTLgenproof1]
+transl_stmt_Sblock_correct [in backend.RTLgenproof]
+transl_stmt_Sblock_correct [in backend.Cminorgenproof]
+transl_stmt_Sexit_correct [in backend.RTLgenproof]
+transl_stmt_Sexit_correct [in backend.Cminorgenproof]
+transl_stmt_Sexpr_correct [in backend.RTLgenproof]
+transl_stmt_Sexpr_correct [in backend.Cminorgenproof]
+transl_stmt_Sifthenelse_correct [in backend.RTLgenproof]
+transl_stmt_Sifthenelse_false_correct [in backend.Cminorgenproof]
+transl_stmt_Sifthenelse_true_correct [in backend.Cminorgenproof]
+transl_stmt_Sloop_exit_correct [in backend.Cminorgenproof]
+transl_stmt_Sloop_loop_correct [in backend.Cminorgenproof]
+transl_stmt_Sloop_loop_correct [in backend.RTLgenproof]
+transl_stmt_Sloop_stop_correct [in backend.RTLgenproof]
+transl_stmt_Sreturn_none_correct [in backend.Cminorgenproof]
+transl_stmt_Sreturn_none_correct [in backend.RTLgenproof]
+transl_stmt_Sreturn_some_correct [in backend.RTLgenproof]
+transl_stmt_Sreturn_some_correct [in backend.Cminorgenproof]
+transl_stmt_stmtlist_incr [in backend.RTLgenproof1]
+transl_store_correct [in backend.PPCgenproof1]
+transl_trans_correct [in backend.Allocproof]
+tunnel_function_correct [in backend.Tunnelingproof]
+two_power_nat_O [in lib.Coqlib]
+two_power_nat_pos [in lib.Coqlib]
+typesize_pos [in backend.Locations]
+type_args_complete [in backend.RTLtyping]
+type_args_correct [in backend.RTLtyping]
+type_args_extends [in backend.RTLtyping]
+type_args_included [in backend.RTLtyping]
+type_args_mapped [in backend.RTLtyping]
+type_args_res_complete [in backend.RTLtyping]
+type_args_res_included [in backend.RTLtyping]
+type_args_res_ros_included [in backend.RTLtyping]
+type_arg_complete [in backend.RTLtyping]
+type_arg_correct [in backend.RTLtyping]
+type_arg_correct_1 [in backend.RTLtyping]
+type_arg_extends [in backend.RTLtyping]
+type_arg_included [in backend.RTLtyping]
+type_arg_mapped [in backend.RTLtyping]
+type_instrs_extends [in backend.RTLtyping]
+type_instrs_included [in backend.RTLtyping]
+type_instr_included [in backend.RTLtyping]
+type_of_chunk_correct [in backend.Op]
+type_of_operation_sound [in backend.Op]
+type_res_complete [in backend.RTLtyping]
+type_res_correct [in backend.RTLtyping]
+type_ros_complete [in backend.RTLtyping]
+type_ros_correct [in backend.RTLtyping]
+type_rtl_function_correct [in backend.RTLtyping]
+type_rtl_function_instrs [in backend.RTLtyping]
+type_rtl_function_norepet [in backend.RTLtyping]
+type_rtl_function_params [in backend.RTLtyping]
+T_type [in backend.Alloctyping_aux]
+

U

+undef_is_bool [in backend.Values]
+unfold_transf_function [in backend.Stackingproof]
+unique_labels_lin_block [in backend.Linearizeproof]
+unique_labels_lin_function [in backend.Linearizeproof]
+unique_labels_lin_rec [in backend.Linearizeproof]
+unroll_positive_rec [in lib.Coqlib]
+unsigned_range [in lib.Integers]
+unsigned_range_2 [in lib.Integers]
+unsigned_repr [in lib.Integers]
+unsplit_move [in backend.Parallelmove]
+update_instr_extends [in backend.RTLgenproof1]
+update_instr_incr [in backend.RTLgenproof1]
+update_instr_wf [in backend.RTLgen]
+update_o [in backend.Mem]
+update_s [in backend.Mem]
+

V

+valid_block_alloc [in backend.Mem]
+valid_block_free [in backend.Mem]
+valid_block_store [in backend.Mem]
+valid_fresh_absurd [in backend.RTLgenproof1]
+valid_fresh_different [in backend.RTLgenproof1]
+valid_new_block [in backend.Mem]
+valid_not_valid_diff [in backend.Mem]
+valid_pointer_inject_no_overflow [in backend.Mem]
+valnum_regs_holds [in backend.CSEproof]
+valnum_reg_holds [in backend.CSEproof]
+valu_agree_list [in backend.CSEproof]
+valu_agree_refl [in backend.CSEproof]
+valu_agree_trans [in backend.CSEproof]
+val_content_inject_cast [in backend.Cminorgenproof]
+val_content_inject_incr [in backend.Mem]
+val_inject_incr [in backend.Mem]
+val_list_inject_incr [in backend.Mem]
+val_match_approx_increasing [in backend.Constpropproof]
+vars_vals_match_extensional [in backend.Cminorgenproof]
+vars_vals_match_holds [in backend.Cminorgenproof]
+vars_vals_match_holds_1 [in backend.Cminorgenproof]
+var_addr_global_correct [in backend.Cminorgenproof]
+var_addr_local_correct [in backend.Cminorgenproof]
+var_get_correct [in backend.Cminorgenproof]
+var_set_correct [in backend.Cminorgenproof]
+

W

+wf_add_load [in backend.CSEproof]
+wf_add_op [in backend.CSEproof]
+wf_add_rhs [in backend.CSEproof]
+wf_analyze [in backend.CSEproof]
+wf_empty [in lib.union_find]
+wf_empty_numbering [in backend.CSEproof]
+wf_equation_increasing [in backend.CSEproof]
+wf_kill_loads [in backend.CSEproof]
+wf_rhs_increasing [in backend.CSEproof]
+wf_transfer [in backend.CSEproof]
+wf_tunneled_code [in backend.Tunneling]
+wf_valnum_reg [in backend.CSEproof]
+wf_valnum_regs [in backend.CSEproof]
+wt_add_call [in backend.Alloctyping]
+wt_add_cond [in backend.Alloctyping]
+wt_add_entry [in backend.Alloctyping]
+wt_add_load [in backend.Alloctyping]
+wt_add_move [in backend.Alloctyping]
+wt_add_moves [in backend.Alloctyping_aux]
+wt_add_op_move [in backend.Alloctyping]
+wt_add_op_others [in backend.Alloctyping]
+wt_add_op_undef [in backend.Alloctyping]
+wt_add_reload [in backend.Alloctyping]
+wt_add_reloads [in backend.Alloctyping]
+wt_add_return [in backend.Alloctyping]
+wt_add_spill [in backend.Alloctyping]
+wt_add_store [in backend.Alloctyping]
+wt_add_undefs [in backend.Alloctyping]
+wt_fold_right [in backend.Stackingtyping]
+wt_get_slot [in backend.Machtyping]
+wt_init_frame [in backend.Machtyping]
+wt_init_regs [in backend.RTLtyping]
+wt_instrs_cons [in backend.Stackingtyping]
+wt_linearize_block [in backend.Linearizetyping]
+wt_linearize_body [in backend.Linearizetyping]
+wt_Msetstack' [in backend.Stackingtyping]
+wt_parallel_move [in backend.Alloctyping]
+wt_parallel_moveX [in backend.Alloctyping_aux]
+wt_parallel_move' [in backend.Alloctyping_aux]
+wt_regset_assign [in backend.RTLtyping]
+wt_regset_list [in backend.RTLtyping]
+wt_regs_for [in backend.Alloctyping]
+wt_regs_for_rec [in backend.Alloctyping]
+wt_reg_for [in backend.Alloctyping]
+wt_restore_callee_save [in backend.Stackingtyping]
+wt_restore_float_callee_save [in backend.Stackingtyping]
+wt_restore_int_callee_save [in backend.Stackingtyping]
+wt_rtl_function [in backend.Alloctyping]
+wt_save_callee_save [in backend.Stackingtyping]
+wt_save_float_callee_save [in backend.Stackingtyping]
+wt_save_int_callee_save [in backend.Stackingtyping]
+wt_setreg [in backend.Machtyping]
+wt_set_slot [in backend.Machtyping]
+wt_transf_entrypoint [in backend.Alloctyping]
+wt_transf_function [in backend.Stackingtyping]
+wt_transf_function [in backend.Alloctyping]
+wt_transf_function [in backend.Linearizetyping]
+wt_transf_instr [in backend.Alloctyping]
+wt_transf_instrs [in backend.Alloctyping]
+wt_transl_instr [in backend.Stackingtyping]
+wt_tunnel_block [in backend.Tunnelingtyping]
+wt_tunnel_function [in backend.Tunnelingtyping]
+

X

+xcombine_lr [in lib.Maps]
+xelements_complete [in lib.Maps]
+xelements_correct [in lib.Maps]
+xelements_hi [in lib.Maps]
+xelements_ho [in lib.Maps]
+xelements_ih [in lib.Maps]
+xelements_ii [in lib.Maps]
+xelements_io [in lib.Maps]
+xelements_keys_norepet [in lib.Maps]
+xelements_oh [in lib.Maps]
+xelements_oi [in lib.Maps]
+xelements_oo [in lib.Maps]
+xgcombine [in lib.Maps]
+xgcombine_l [in lib.Maps]
+xgcombine_r [in lib.Maps]
+xget_left [in lib.Maps]
+xgmap [in lib.Maps]
+xorimm_correct [in backend.PPCgenproof1]
+xor_assoc [in lib.Integers]
+xor_assoc [in backend.Values]
+xor_commut [in backend.Values]
+xor_commut [in lib.Integers]
+xor_one_one [in lib.Integers]
+xor_zero [in lib.Integers]
+xor_zero_one [in lib.Integers]
+

Z

+Zdiv_small [in lib.Coqlib]
+Zdiv_unique [in lib.Coqlib]
+zeq_false [in lib.Coqlib]
+zeq_true [in lib.Coqlib]
+zle_false [in lib.Coqlib]
+zle_true [in lib.Coqlib]
+zlt_false [in lib.Coqlib]
+zlt_true [in lib.Coqlib]
+Zmax_bound_l [in lib.Coqlib]
+Zmax_bound_r [in lib.Coqlib]
+Zmax_spec [in lib.Coqlib]
+Zmin_spec [in lib.Coqlib]
+Zmod_small [in lib.Coqlib]
+Zmod_unique [in lib.Coqlib]
+Z_bin_decomp_range [in lib.Integers]
+Z_bin_decomp_shift_add [in lib.Integers]
+Z_of_bits_excl [in lib.Integers]
+Z_of_bits_exten [in lib.Integers]
+Z_of_bits_of_Z [in lib.Integers]
+Z_of_bits_range [in lib.Integers]
+Z_of_bits_range_2 [in lib.Integers]
+Z_of_bits_shift [in lib.Integers]
+Z_of_bits_shifts [in lib.Integers]
+Z_of_bits_shifts_rev [in lib.Integers]
+Z_of_bits_shift_rev [in lib.Integers]
+Z_one_bits_powerserie [in lib.Integers]
+Z_one_bits_range [in lib.Integers]
+Z_shift_add_bin_decomp [in lib.Integers]
+Z_shift_add_inj [in lib.Integers]
+

+

Constructor Index

+

A

+Abased [in backend.Op]
+addf_case1 [in backend.Cmconstr]
+addf_case2 [in backend.Cmconstr]
+addf_default [in backend.Cmconstr]
+addimm_case1 [in backend.Cmconstr]
+addimm_case2 [in backend.Cmconstr]
+addimm_case3 [in backend.Cmconstr]
+addimm_case4 [in backend.Cmconstr]
+addimm_default [in backend.Cmconstr]
+addressing_case1 [in backend.Cmconstr]
+addressing_case2 [in backend.Cmconstr]
+addressing_case3 [in backend.Cmconstr]
+addressing_case4 [in backend.Cmconstr]
+addressing_case5 [in backend.Cmconstr]
+addressing_default [in backend.Cmconstr]
+addr_strength_reduction_case1 [in backend.Constprop]
+addr_strength_reduction_case2 [in backend.Constprop]
+addr_strength_reduction_case3 [in backend.Constprop]
+addr_strength_reduction_default [in backend.Constprop]
+add_case1 [in backend.Cmconstr]
+add_case2 [in backend.Cmconstr]
+add_case3 [in backend.Cmconstr]
+add_case4 [in backend.Cmconstr]
+add_case5 [in backend.Cmconstr]
+add_default [in backend.Cmconstr]
+Aglobal [in backend.Op]
+Aindexed [in backend.Op]
+Aindexed2 [in backend.Op]
+Ainstack [in backend.Op]
+alloc_variables_cons [in backend.Csharpminor]
+alloc_variables_nil [in backend.Csharpminor]
+

B

+Bcall [in backend.LTL]
+Bcond [in backend.LTL]
+Bgetstack [in backend.LTL]
+Bgoto [in backend.LTL]
+bind_parameters_cons [in backend.Csharpminor]
+bind_parameters_nil [in backend.Csharpminor]
+Bload [in backend.LTL]
+bool_of_val_int_true [in backend.Values]
+Bop [in backend.LTL]
+Bot [in lib.Lattice]
+Bot_except [in lib.Lattice]
+Breturn [in backend.LTL]
+Bsetstack [in backend.LTL]
+Bstore [in backend.LTL]
+

C

+callstack_dom_cons [in backend.Machabstr2mach]
+callstack_dom_nil [in backend.Machabstr2mach]
+callstack_linked_cons [in backend.Machabstr2mach]
+callstack_linked_nil [in backend.Machabstr2mach]
+callstack_linked_one [in backend.Machabstr2mach]
+CARRY [in backend.PPC]
+Ccomp [in backend.Op]
+Ccompf [in backend.Op]
+Ccompimm [in backend.Op]
+Ccompu [in backend.Op]
+Ccompuimm [in backend.Op]
+CEcond [in backend.Cminor]
+CEcondition [in backend.Cminor]
+CEfalse [in backend.Cminor]
+Ceq [in backend.AST]
+CEtrue [in backend.Cminor]
+Cge [in backend.AST]
+Cgt [in backend.AST]
+Cint [in backend.PPC]
+Cle [in backend.AST]
+Clt [in backend.AST]
+Cmasknotzero [in backend.Op]
+Cmaskzero [in backend.Op]
+Cne [in backend.AST]
+Cnotcompf [in backend.Op]
+Cont [in backend.LTL]
+Cont [in backend.Mem]
+content_inject_cont [in backend.Mem]
+content_inject_datum16 [in backend.Mem]
+content_inject_datum32 [in backend.Mem]
+content_inject_datum64 [in backend.Mem]
+content_inject_datum8 [in backend.Mem]
+content_inject_undef [in backend.Mem]
+CRbit_0 [in backend.PPC]
+CRbit_1 [in backend.PPC]
+CRbit_2 [in backend.PPC]
+CRbit_3 [in backend.PPC]
+CR0_0 [in backend.PPC]
+CR0_1 [in backend.PPC]
+CR0_2 [in backend.PPC]
+CR0_3 [in backend.PPC]
+csr_case1 [in backend.Constprop]
+csr_case2 [in backend.Constprop]
+csr_default [in backend.Constprop]
+Csymbol_high_signed [in backend.PPC]
+Csymbol_high_unsigned [in backend.PPC]
+Csymbol_low_signed [in backend.PPC]
+Csymbol_low_unsigned [in backend.PPC]
+CTR [in backend.PPC]
+

D

+Datum16 [in backend.Mem]
+Datum32 [in backend.Mem]
+Datum64 [in backend.Mem]
+Datum8 [in backend.Mem]
+divu_case1 [in backend.Cmconstr]
+divu_default [in backend.Cmconstr]
+dstepp_refl [in backend.Parallelmove]
+dstepp_trans [in backend.Parallelmove]
+dstep_nop [in backend.Parallelmove]
+dstep_pop [in backend.Parallelmove]
+dstep_pop_loop [in backend.Parallelmove]
+dstep_push [in backend.Parallelmove]
+dstep_start [in backend.Parallelmove]
+

E

+Eaddrof [in backend.Csharpminor]
+Eassign [in backend.Cminor]
+Eassign [in backend.Csharpminor]
+Ecall [in backend.Csharpminor]
+Ecall [in backend.Cminor]
+Econdition [in backend.Csharpminor]
+Econdition [in backend.Cminor]
+Econs [in backend.Cminor]
+Econs [in backend.Csharpminor]
+Elet [in backend.Csharpminor]
+Elet [in backend.Cminor]
+Eletvar [in backend.Cminor]
+Eletvar [in backend.Csharpminor]
+Eload [in backend.Cminor]
+Eload [in backend.Csharpminor]
+Enil [in backend.Csharpminor]
+Enil [in backend.Cminor]
+Eop [in backend.Csharpminor]
+Eop [in backend.Cminor]
+Error [in backend.RTLgen]
+Error [in backend.PPC]
+Estore [in backend.Cminor]
+Estore [in backend.Csharpminor]
+eval_Evar [in backend.Csharpminor]
+eval_Evar [in backend.Cminor]
+eval_static_condition_case1 [in backend.Constprop]
+eval_static_condition_case2 [in backend.Constprop]
+eval_static_condition_case3 [in backend.Constprop]
+eval_static_condition_case4 [in backend.Constprop]
+eval_static_condition_case5 [in backend.Constprop]
+eval_static_condition_case6 [in backend.Constprop]
+eval_static_condition_case7 [in backend.Constprop]
+eval_static_condition_case8 [in backend.Constprop]
+eval_static_condition_default [in backend.Constprop]
+eval_static_operation_case1 [in backend.Constprop]
+eval_static_operation_case11 [in backend.Constprop]
+eval_static_operation_case12 [in backend.Constprop]
+eval_static_operation_case13 [in backend.Constprop]
+eval_static_operation_case14 [in backend.Constprop]
+eval_static_operation_case15 [in backend.Constprop]
+eval_static_operation_case16 [in backend.Constprop]
+eval_static_operation_case17 [in backend.Constprop]
+eval_static_operation_case18 [in backend.Constprop]
+eval_static_operation_case19 [in backend.Constprop]
+eval_static_operation_case2 [in backend.Constprop]
+eval_static_operation_case20 [in backend.Constprop]
+eval_static_operation_case21 [in backend.Constprop]
+eval_static_operation_case22 [in backend.Constprop]
+eval_static_operation_case23 [in backend.Constprop]
+eval_static_operation_case24 [in backend.Constprop]
+eval_static_operation_case25 [in backend.Constprop]
+eval_static_operation_case26 [in backend.Constprop]
+eval_static_operation_case27 [in backend.Constprop]
+eval_static_operation_case28 [in backend.Constprop]
+eval_static_operation_case29 [in backend.Constprop]
+eval_static_operation_case3 [in backend.Constprop]
+eval_static_operation_case30 [in backend.Constprop]
+eval_static_operation_case31 [in backend.Constprop]
+eval_static_operation_case32 [in backend.Constprop]
+eval_static_operation_case33 [in backend.Constprop]
+eval_static_operation_case34 [in backend.Constprop]
+eval_static_operation_case35 [in backend.Constprop]
+eval_static_operation_case36 [in backend.Constprop]
+eval_static_operation_case37 [in backend.Constprop]
+eval_static_operation_case38 [in backend.Constprop]
+eval_static_operation_case39 [in backend.Constprop]
+eval_static_operation_case4 [in backend.Constprop]
+eval_static_operation_case40 [in backend.Constprop]
+eval_static_operation_case41 [in backend.Constprop]
+eval_static_operation_case42 [in backend.Constprop]
+eval_static_operation_case43 [in backend.Constprop]
+eval_static_operation_case44 [in backend.Constprop]
+eval_static_operation_case45 [in backend.Constprop]
+eval_static_operation_case46 [in backend.Constprop]
+eval_static_operation_case47 [in backend.Constprop]
+eval_static_operation_case6 [in backend.Constprop]
+eval_static_operation_case7 [in backend.Constprop]
+eval_static_operation_case8 [in backend.Constprop]
+eval_static_operation_case9 [in backend.Constprop]
+eval_static_operation_default [in backend.Constprop]
+Evar [in backend.Cminor]
+Evar [in backend.Csharpminor]
+exec_Bgetstack [in backend.LTL]
+exec_Iload [in backend.RTL]
+exec_Inop [in backend.RTL]
+exec_Iop [in backend.RTL]
+exec_Lgetstack [in backend.Linear]
+exec_Mgetparam [in backend.Mach]
+exec_Mgetstack [in backend.Mach]
+exec_Mgetstack [in backend.Machabstr]
+exec_Mlabel [in backend.Mach]
+exec_Mlabel [in backend.Machabstr]
+exec_Msetstack [in backend.Mach]
+exec_one [in backend.PPC]
+exec_refl [in backend.PPC]
+exec_step_intro [in backend.PPC]
+exec_straight_refl [in backend.PPCgenproof1]
+exec_straight_step [in backend.PPCgenproof1]
+exec_trans [in backend.PPC]
+

F

+FI_arg [in backend.Stacking]
+FI_local [in backend.Stacking]
+FI_saved_float [in backend.Stacking]
+FI_saved_int [in backend.Stacking]
+FPR0 [in backend.PPC]
+FPR1 [in backend.PPC]
+FPR10 [in backend.PPC]
+FPR11 [in backend.PPC]
+FPR12 [in backend.PPC]
+FPR13 [in backend.PPC]
+FPR14 [in backend.PPC]
+FPR15 [in backend.PPC]
+FPR16 [in backend.PPC]
+FPR17 [in backend.PPC]
+FPR18 [in backend.PPC]
+FPR19 [in backend.PPC]
+FPR2 [in backend.PPC]
+FPR20 [in backend.PPC]
+FPR21 [in backend.PPC]
+FPR22 [in backend.PPC]
+FPR23 [in backend.PPC]
+FPR24 [in backend.PPC]
+FPR25 [in backend.PPC]
+FPR26 [in backend.PPC]
+FPR27 [in backend.PPC]
+FPR28 [in backend.PPC]
+FPR29 [in backend.PPC]
+FPR3 [in backend.PPC]
+FPR30 [in backend.PPC]
+FPR31 [in backend.PPC]
+FPR4 [in backend.PPC]
+FPR5 [in backend.PPC]
+FPR6 [in backend.PPC]
+FPR7 [in backend.PPC]
+FPR8 [in backend.PPC]
+FPR9 [in backend.PPC]
+FR [in backend.PPC]
+frame_match_intro [in backend.Machabstr2mach]
+FT1 [in backend.Locations]
+FT2 [in backend.Locations]
+FT3 [in backend.Locations]
+F1 [in backend.Locations]
+F10 [in backend.Locations]
+F14 [in backend.Locations]
+F15 [in backend.Locations]
+F16 [in backend.Locations]
+F17 [in backend.Locations]
+F18 [in backend.Locations]
+F19 [in backend.Locations]
+F2 [in backend.Locations]
+F20 [in backend.Locations]
+F21 [in backend.Locations]
+F22 [in backend.Locations]
+F23 [in backend.Locations]
+F24 [in backend.Locations]
+F25 [in backend.Locations]
+F26 [in backend.Locations]
+F27 [in backend.Locations]
+F28 [in backend.Locations]
+F29 [in backend.Locations]
+F3 [in backend.Locations]
+F30 [in backend.Locations]
+F31 [in backend.Locations]
+F4 [in backend.Locations]
+F5 [in backend.Locations]
+F6 [in backend.Locations]
+F7 [in backend.Locations]
+F8 [in backend.Locations]
+F9 [in backend.Locations]
+

G

+get_slot_intro [in backend.Machabstr]
+GPR0 [in backend.PPC]
+GPR1 [in backend.PPC]
+GPR10 [in backend.PPC]
+GPR11 [in backend.PPC]
+GPR12 [in backend.PPC]
+GPR13 [in backend.PPC]
+GPR14 [in backend.PPC]
+GPR15 [in backend.PPC]
+GPR16 [in backend.PPC]
+GPR17 [in backend.PPC]
+GPR18 [in backend.PPC]
+GPR19 [in backend.PPC]
+GPR2 [in backend.PPC]
+GPR20 [in backend.PPC]
+GPR21 [in backend.PPC]
+GPR22 [in backend.PPC]
+GPR23 [in backend.PPC]
+GPR24 [in backend.PPC]
+GPR25 [in backend.PPC]
+GPR26 [in backend.PPC]
+GPR27 [in backend.PPC]
+GPR28 [in backend.PPC]
+GPR29 [in backend.PPC]
+GPR3 [in backend.PPC]
+GPR30 [in backend.PPC]
+GPR31 [in backend.PPC]
+GPR4 [in backend.PPC]
+GPR5 [in backend.PPC]
+GPR6 [in backend.PPC]
+GPR7 [in backend.PPC]
+GPR8 [in backend.PPC]
+GPR9 [in backend.PPC]
+

I

+Incoming [in backend.Locations]
+Inj [in lib.Lattice]
+Inop [in backend.RTL]
+insert_lenv_S [in backend.Cmconstrproof]
+insert_lenv_0 [in backend.Cmconstrproof]
+IR [in backend.PPC]
+is_tail_cons [in backend.Linearizeproof]
+is_tail_refl [in backend.Linearizeproof]
+IT1 [in backend.Locations]
+IT2 [in backend.Locations]
+IT3 [in backend.Locations]
+

L

+Lcall [in backend.Linear]
+Lcond [in backend.Linear]
+Leaf [in lib.Maps]
+leaf [in lib.Inclusion]
+Lgetstack [in backend.Linear]
+Lgoto [in backend.Linear]
+list_forall2_cons [in lib.Coqlib]
+list_forall2_nil [in lib.Coqlib]
+list_norepet_cons [in lib.Coqlib]
+list_norepet_nil [in lib.Coqlib]
+Llabel [in backend.Linear]
+Lload [in backend.Linear]
+Load [in backend.CSE]
+Local [in backend.Locations]
+Lop [in backend.Linear]
+LR [in backend.PPC]
+Lreturn [in backend.Linear]
+Lsetstack [in backend.Linear]
+Lstore [in backend.Linear]
+LVarray [in backend.Csharpminor]
+LVscalar [in backend.Csharpminor]
+

M

+Mcall [in backend.Mach]
+Mcond [in backend.Mach]
+mcs_cons [in backend.Cminorgenproof]
+mcs_nil [in backend.Cminorgenproof]
+Mfloat32 [in backend.AST]
+Mfloat64 [in backend.AST]
+Mgetparam [in backend.Mach]
+Mgetstack [in backend.Mach]
+Mgoto [in backend.Mach]
+Mint16signed [in backend.AST]
+Mint16unsigned [in backend.AST]
+Mint32 [in backend.AST]
+Mint8signed [in backend.AST]
+Mint8unsigned [in backend.AST]
+Mlabel [in backend.Mach]
+Mload [in backend.Mach]
+Mop [in backend.Mach]
+Mreturn [in backend.Mach]
+Msetstack [in backend.Mach]
+Mstore [in backend.Mach]
+mulimm_case1 [in backend.Cmconstr]
+mulimm_case2 [in backend.Cmconstr]
+mulimm_default [in backend.Cmconstr]
+mul_case1 [in backend.Cmconstr]
+mul_case2 [in backend.Cmconstr]
+mul_default [in backend.Cmconstr]
+

N

+n [in backend.Op]
+Node [in lib.Maps]
+node [in lib.Inclusion]
+norepet_cons [in backend.Locations]
+norepet_nil [in backend.Locations]
+notint_case1 [in backend.Cmconstr]
+notint_case2 [in backend.Cmconstr]
+notint_case3 [in backend.Cmconstr]
+notint_default [in backend.Cmconstr]
+notin_callstack_cons [in backend.Machabstr2mach]
+notin_callstack_nil [in backend.Machabstr2mach]
+Novalue [in backend.Constprop]
+

O

+Oabsf [in backend.Op]
+Oabsf [in backend.Csharpminor]
+Oadd [in backend.Csharpminor]
+Oadd [in backend.Op]
+Oaddf [in backend.Csharpminor]
+Oaddf [in backend.Op]
+Oaddimm [in backend.Op]
+Oaddrstack [in backend.Op]
+Oaddrsymbol [in backend.Op]
+Oand [in backend.Op]
+Oand [in backend.Csharpminor]
+Oandimm [in backend.Op]
+Ocast16signed [in backend.Csharpminor]
+Ocast16signed [in backend.Op]
+Ocast16unsigned [in backend.Csharpminor]
+Ocast8signed [in backend.Csharpminor]
+Ocast8signed [in backend.Op]
+Ocast8unsigned [in backend.Csharpminor]
+Ocmp [in backend.Op]
+Ocmp [in backend.Csharpminor]
+Ocmpf [in backend.Csharpminor]
+Ocmpu [in backend.Csharpminor]
+Odiv [in backend.Op]
+Odiv [in backend.Csharpminor]
+Odivf [in backend.Op]
+Odivf [in backend.Csharpminor]
+Odivu [in backend.Csharpminor]
+Odivu [in backend.Op]
+Ofloatconst [in backend.Op]
+Ofloatconst [in backend.Csharpminor]
+Ofloatofint [in backend.Op]
+Ofloatofint [in backend.Csharpminor]
+Ofloatofintu [in backend.Csharpminor]
+Ofloatofintu [in backend.Op]
+Ointconst [in backend.Csharpminor]
+Ointconst [in backend.Op]
+Ointoffloat [in backend.Csharpminor]
+Ointoffloat [in backend.Op]
+OK [in backend.RTLgen]
+OK [in backend.PPC]
+Omod [in backend.Csharpminor]
+Omodu [in backend.Csharpminor]
+Omove [in backend.Op]
+Omul [in backend.Csharpminor]
+Omul [in backend.Op]
+Omuladdf [in backend.Op]
+Omulf [in backend.Op]
+Omulf [in backend.Csharpminor]
+Omulimm [in backend.Op]
+Omulsubf [in backend.Op]
+Onand [in backend.Op]
+Onegf [in backend.Csharpminor]
+Onegf [in backend.Op]
+Onor [in backend.Op]
+Onotint [in backend.Csharpminor]
+Onxor [in backend.Op]
+Oor [in backend.Op]
+Oor [in backend.Csharpminor]
+Oorimm [in backend.Op]
+Op [in backend.CSE]
+op_strength_reduction_case1 [in backend.Constprop]
+op_strength_reduction_case10 [in backend.Constprop]
+op_strength_reduction_case11 [in backend.Constprop]
+op_strength_reduction_case12 [in backend.Constprop]
+op_strength_reduction_case2 [in backend.Constprop]
+op_strength_reduction_case3 [in backend.Constprop]
+op_strength_reduction_case4 [in backend.Constprop]
+op_strength_reduction_case5 [in backend.Constprop]
+op_strength_reduction_case6 [in backend.Constprop]
+op_strength_reduction_case7 [in backend.Constprop]
+op_strength_reduction_case8 [in backend.Constprop]
+op_strength_reduction_case9 [in backend.Constprop]
+op_strength_reduction_default [in backend.Constprop]
+Orolm [in backend.Op]
+or_case1 [in backend.Cmconstr]
+or_default [in backend.Cmconstr]
+Oshl [in backend.Csharpminor]
+Oshl [in backend.Op]
+Oshr [in backend.Op]
+Oshr [in backend.Csharpminor]
+Oshrimm [in backend.Op]
+Oshru [in backend.Op]
+Oshru [in backend.Csharpminor]
+Oshrximm [in backend.Op]
+Osingleoffloat [in backend.Op]
+Osingleoffloat [in backend.Csharpminor]
+Osub [in backend.Csharpminor]
+Osub [in backend.Op]
+Osubf [in backend.Csharpminor]
+Osubf [in backend.Op]
+Osubimm [in backend.Op]
+Oundef [in backend.Op]
+Outgoing [in backend.Locations]
+Out_exit [in backend.Csharpminor]
+Out_exit [in backend.Cminor]
+Out_normal [in backend.Cminor]
+Out_normal [in backend.Csharpminor]
+Out_return [in backend.Cminor]
+Out_return [in backend.Csharpminor]
+Oxor [in backend.Op]
+Oxor [in backend.Csharpminor]
+Oxorimm [in backend.Op]
+

P

+Padd [in backend.PPC]
+Paddi [in backend.PPC]
+Paddis [in backend.PPC]
+Paddze [in backend.PPC]
+Pallocframe [in backend.PPC]
+Pandc [in backend.PPC]
+Pandis_ [in backend.PPC]
+Pandi_ [in backend.PPC]
+Pand_ [in backend.PPC]
+Pb [in backend.PPC]
+Pbctr [in backend.PPC]
+Pbctrl [in backend.PPC]
+Pbf [in backend.PPC]
+Pbl [in backend.PPC]
+Pblr [in backend.PPC]
+Pbt [in backend.PPC]
+PC [in backend.PPC]
+Pcmplw [in backend.PPC]
+Pcmplwi [in backend.PPC]
+Pcmpw [in backend.PPC]
+Pcmpwi [in backend.PPC]
+Pcror [in backend.PPC]
+Pdivw [in backend.PPC]
+Pdivwu [in backend.PPC]
+Peqv [in backend.PPC]
+Pextsb [in backend.PPC]
+Pextsh [in backend.PPC]
+Pfabs [in backend.PPC]
+Pfadd [in backend.PPC]
+Pfcmpu [in backend.PPC]
+Pfcti [in backend.PPC]
+Pfdiv [in backend.PPC]
+Pfmadd [in backend.PPC]
+Pfmr [in backend.PPC]
+Pfmsub [in backend.PPC]
+Pfmul [in backend.PPC]
+Pfneg [in backend.PPC]
+Pfreeframe [in backend.PPC]
+Pfrsp [in backend.PPC]
+Pfsub [in backend.PPC]
+Pfundef [in backend.PPC]
+Pictf [in backend.PPC]
+Piuctf [in backend.PPC]
+Piundef [in backend.PPC]
+Plabel [in backend.PPC]
+Plbz [in backend.PPC]
+Plbzx [in backend.PPC]
+Plfd [in backend.PPC]
+Plfdx [in backend.PPC]
+Plfi [in backend.PPC]
+Plfs [in backend.PPC]
+Plfsx [in backend.PPC]
+Plha [in backend.PPC]
+Plhax [in backend.PPC]
+Plhz [in backend.PPC]
+Plhzx [in backend.PPC]
+Plwz [in backend.PPC]
+Plwzx [in backend.PPC]
+Pmfcrbit [in backend.PPC]
+Pmflr [in backend.PPC]
+Pmr [in backend.PPC]
+Pmtctr [in backend.PPC]
+Pmtlr [in backend.PPC]
+Pmulli [in backend.PPC]
+Pmullw [in backend.PPC]
+Pnand [in backend.PPC]
+Pnor [in backend.PPC]
+Por [in backend.PPC]
+Porc [in backend.PPC]
+Pori [in backend.PPC]
+Poris [in backend.PPC]
+Prlwinm [in backend.PPC]
+Pslw [in backend.PPC]
+Psraw [in backend.PPC]
+Psrawi [in backend.PPC]
+Psrw [in backend.PPC]
+Pstb [in backend.PPC]
+Pstbx [in backend.PPC]
+Pstfd [in backend.PPC]
+Pstfdx [in backend.PPC]
+Pstfs [in backend.PPC]
+Pstfsx [in backend.PPC]
+Psth [in backend.PPC]
+Psthx [in backend.PPC]
+Pstw [in backend.PPC]
+Pstwx [in backend.PPC]
+Psubfc [in backend.PPC]
+Psubfic [in backend.PPC]
+Pxor [in backend.PPC]
+Pxori [in backend.PPC]
+Pxoris [in backend.PPC]
+

R

+R [in backend.Locations]
+Return [in backend.LTL]
+return_reg_ok_none [in backend.RTLgenproof1]
+return_reg_ok_some [in backend.RTLgenproof1]
+RLW_Sbad [in lib.Integers]
+RLW_S0 [in lib.Integers]
+RLW_S1 [in lib.Integers]
+RLW_S2 [in lib.Integers]
+RLW_S3 [in lib.Integers]
+RLW_S4 [in lib.Integers]
+RLW_S5 [in lib.Integers]
+RLW_S6 [in lib.Integers]
+rolm_case1 [in backend.Cmconstr]
+rolm_case2 [in backend.Cmconstr]
+rolm_default [in backend.Cmconstr]
+R10 [in backend.Locations]
+R13 [in backend.Locations]
+R14 [in backend.Locations]
+R15 [in backend.Locations]
+R16 [in backend.Locations]
+R17 [in backend.Locations]
+R18 [in backend.Locations]
+R19 [in backend.Locations]
+r2 [in backend.Op]
+r2 [in backend.Op]
+R20 [in backend.Locations]
+R21 [in backend.Locations]
+R22 [in backend.Locations]
+R23 [in backend.Locations]
+R24 [in backend.Locations]
+R25 [in backend.Locations]
+R26 [in backend.Locations]
+R27 [in backend.Locations]
+R28 [in backend.Locations]
+R29 [in backend.Locations]
+R3 [in backend.Locations]
+R30 [in backend.Locations]
+R31 [in backend.Locations]
+R4 [in backend.Locations]
+R5 [in backend.Locations]
+R6 [in backend.Locations]
+R7 [in backend.Locations]
+R8 [in backend.Locations]
+R9 [in backend.Locations]
+

S

+S [in backend.Locations]
+Sblock [in backend.Cminor]
+Sblock [in backend.Csharpminor]
+Scons [in backend.Cminor]
+Scons [in backend.Csharpminor]
+set_slot_intro [in backend.Machabstr]
+Sexit [in backend.Cminor]
+Sexit [in backend.Csharpminor]
+Sexpr [in backend.Cminor]
+Sexpr [in backend.Csharpminor]
+shift_case1 [in backend.Cmconstr]
+shift_default [in backend.Cmconstr]
+Sifthenelse [in backend.Csharpminor]
+Sifthenelse [in backend.Cminor]
+Size16 [in backend.Mem]
+Size32 [in backend.Mem]
+Size64 [in backend.Mem]
+Size8 [in backend.Mem]
+Sloop [in backend.Csharpminor]
+Sloop [in backend.Cminor]
+Snil [in backend.Csharpminor]
+Snil [in backend.Cminor]
+Sreturn [in backend.Csharpminor]
+Sreturn [in backend.Cminor]
+state_incr_intro [in backend.RTLgenproof1]
+stepp_refl [in backend.Parallelmove]
+stepp_trans [in backend.Parallelmove]
+step_loop [in backend.Parallelmove]
+step_nop [in backend.Parallelmove]
+step_pop [in backend.Parallelmove]
+step_push [in backend.Parallelmove]
+step_start [in backend.Parallelmove]
+subf_case1 [in backend.Cmconstr]
+subf_default [in backend.Cmconstr]
+sub_case1 [in backend.Cmconstr]
+sub_case2 [in backend.Cmconstr]
+sub_case3 [in backend.Cmconstr]
+sub_case4 [in backend.Cmconstr]
+sub_default [in backend.Cmconstr]
+

T

+target_regs_cons [in backend.RTLgenproof1]
+target_regs_nil [in backend.RTLgenproof1]
+target_reg_immut_var [in backend.RTLgenproof1]
+Tfloat [in backend.AST]
+Tint [in backend.AST]
+tReg [in backend.RTLtyping]
+tTy [in backend.RTLtyping]
+

U

+Undef [in backend.Mem]
+

V

+val_cons_inject [in backend.Mem]
+val_content_inject_base [in backend.Mem]
+val_content_inject_8 [in backend.Mem]
+val_inject_float [in backend.Mem]
+val_inject_int [in backend.Mem]
+val_inject_ptr [in backend.Mem]
+val_nil_inject [in backend.Mem]
+vars_vals_cons [in backend.Cminorgenproof]
+vars_vals_nil [in backend.Cminorgenproof]
+Var_global [in backend.Cminorgen]
+Var_local [in backend.Cminorgen]
+Var_stack_array [in backend.Cminorgen]
+Var_stack_scalar [in backend.Cminorgen]
+Vfloat [in backend.Values]
+Vint [in backend.Values]
+vlma_cons [in backend.Constpropproof]
+vlma_nil [in backend.Constpropproof]
+Vptr [in backend.Values]
+Vundef [in backend.Values]
+

W

+wt_Bgetstack [in backend.LTLtyping]
+wt_Bop [in backend.LTLtyping]
+wt_Bopmove [in backend.LTLtyping]
+wt_Bopundef [in backend.LTLtyping]
+wt_Bsetstack [in backend.LTLtyping]
+wt_Inop [in backend.RTLtyping]
+wt_Iop [in backend.RTLtyping]
+wt_Iopmove [in backend.RTLtyping]
+wt_Iopundef [in backend.RTLtyping]
+wt_Lgetstack [in backend.Lineartyping]
+wt_Lop [in backend.Lineartyping]
+wt_Lopmove [in backend.Lineartyping]
+wt_Lopundef [in backend.Lineartyping]
+wt_Lsetstack [in backend.Lineartyping]
+wt_Mgetstack [in backend.Machtyping]
+wt_Mlabel [in backend.Machtyping]
+wt_Msetstack [in backend.Machtyping]
+

_

+_ [in backend.Lineartyping]
+_ [in backend.LTLtyping]
+

+

Inductive Index

+

A

+a [in backend.Op]
+a [in backend.Op]
+addf_cases [in backend.Cmconstr]
+addimm_cases [in backend.Cmconstr]
+addressing [in backend.Op]
+addressing_cases [in backend.Cmconstr]
+addr_strength_reduction_cases [in backend.Constprop]
+add_cases [in backend.Cmconstr]
+agree [in backend.Stackingproof]
+alloc_variables [in backend.Csharpminor]
+approx [in backend.Constprop]
+

B

+bin [in lib.Inclusion]
+bind_parameters [in backend.Csharpminor]
+block [in backend.LTL]
+block_contents [in backend.Mem]
+block_contents_inject [in backend.Mem]
+bool_of_val [in backend.Values]
+bounds [in backend.Lineartyping]
+

C

+callstack_dom [in backend.Machabstr2mach]
+callstack_invariant [in backend.Machabstr2mach]
+callstack_linked [in backend.Machabstr2mach]
+comparison [in backend.AST]
+condexpr [in backend.Cminor]
+condition [in backend.Op]
+cond_strength_reduction_cases [in backend.Constprop]
+constant [in backend.PPC]
+content [in backend.Mem]
+content_inject [in backend.Mem]
+cont_for_outcome [in backend.Linearizeproof]
+crbit [in backend.PPC]
+

D

+divu_cases [in backend.Cmconstr]
+dstep [in backend.Parallelmove]
+dstepp [in backend.Parallelmove]
+

E

+eval_expr [in backend.Csharpminor]
+eval_expr [in backend.Cminor]
+eval_static_condition_cases [in backend.Constprop]
+eval_static_operation_cases [in backend.Constprop]
+exec_instr [in backend.Machabstr]
+exec_instr [in backend.RTL]
+exec_instr [in backend.LTL]
+exec_instr [in backend.Linear]
+exec_instr [in backend.Mach]
+exec_step [in backend.PPC]
+exec_steps [in backend.PPC]
+exec_straight [in backend.PPCgenproof1]
+expr [in backend.Csharpminor]
+expr [in backend.Cminor]
+exprlist [in backend.Csharpminor]
+exprlist [in backend.Cminor]
+

F

+frame [in backend.Cminorgenproof]
+frame_env [in backend.Stacking]
+frame_index [in backend.Stacking]
+frame_match [in backend.Machabstr2mach]
+freg [in backend.PPC]
+function [in backend.Mach]
+function [in backend.Csharpminor]
+function [in backend.RTL]
+function [in backend.LTL]
+function [in backend.Cminor]
+function [in backend.Linear]
+

G

+genv [in backend.Globalenvs]
+get_slot [in backend.Machabstr]
+graph [in backend.InterfGraph]
+

I

+immediate [in backend.PPC]
+immediate [in backend.PPC]
+immediate [in backend.PPC]
+immediate [in backend.PPC]
+immediate [in backend.PPC]
+immediate [in backend.PPC]
+Incoming [in backend.LTLtyping]
+Incoming [in backend.Lineartyping]
+insert_lenv [in backend.Cmconstrproof]
+instruction [in backend.Linear]
+instruction [in backend.PPC]
+instruction [in backend.RTL]
+instruction [in backend.Mach]
+int [in lib.Integers]
+ireg [in backend.PPC]
+is_tail [in backend.Linearizeproof]
+

L

+list_forall2 [in lib.Coqlib]
+list_norepet [in lib.Coqlib]
+loc [in backend.Locations]
+local_variable [in backend.Csharpminor]
+

M

+mapping [in backend.RTLgen]
+map_wf [in backend.RTLgenproof1]
+match_callstack [in backend.Cminorgenproof]
+match_env [in backend.Cminorgenproof]
+match_env [in backend.RTLgenproof1]
+match_globalenvs [in backend.Cminorgenproof]
+match_var [in backend.Cminorgenproof]
+mem [in backend.Mem]
+memory_chunk [in backend.AST]
+memory_size [in backend.Mem]
+mem_inject [in backend.Mem]
+mreg [in backend.Locations]
+mulimm_cases [in backend.Cmconstr]
+mul_cases [in backend.Cmconstr]
+myT [in backend.RTLtyping]
+

N

+norepet [in backend.Locations]
+notint_cases [in backend.Cmconstr]
+notin_callstack [in backend.Machabstr2mach]
+numbering [in backend.CSE]
+

O

+operation [in backend.Csharpminor]
+operation [in backend.Op]
+op_strength_reduction_cases [in backend.Constprop]
+or_cases [in backend.Cmconstr]
+outcome [in backend.Cminor]
+outcome [in backend.LTL]
+outcome [in backend.PPC]
+outcome [in backend.Csharpminor]
+outcome_inject [in backend.Cminorgenproof]
+

P

+preg [in backend.PPC]
+program [in backend.AST]
+

R

+res [in backend.RTLgen]
+return_reg_ok [in backend.RTLgenproof1]
+rhs [in backend.CSE]
+rlw_state [in lib.Integers]
+rolm_cases [in backend.Cmconstr]
+

S

+set_slot [in backend.Machabstr]
+shift_cases [in backend.Cmconstr]
+signature [in backend.AST]
+slot [in backend.Locations]
+state [in backend.Kildall]
+state [in backend.RTLgen]
+state [in backend.Kildall]
+state_incr [in backend.RTLgenproof1]
+step [in backend.Parallelmove]
+stepp [in backend.Parallelmove]
+stmt [in backend.Csharpminor]
+stmt [in backend.Cminor]
+stmtlist [in backend.Csharpminor]
+stmtlist [in backend.Cminor]
+subf_cases [in backend.Cmconstr]
+sub_cases [in backend.Cmconstr]
+

T

+target_regs_ok [in backend.RTLgenproof1]
+target_reg_ok [in backend.RTLgenproof1]
+transl_code_at_pc [in backend.PPCgenproof]
+tree [in lib.Maps]
+typ [in backend.AST]
+t_ [in lib.Lattice]
+t_ [in lib.Lattice]
+

U

+unionfind [in lib.union_find]
+

V

+val [in backend.Values]
+val_content_inject [in backend.Mem]
+val_inject [in backend.Mem]
+val_list_inject [in backend.Mem]
+val_list_match_approx [in backend.Constpropproof]
+vars_vals_match [in backend.Cminorgenproof]
+var_info [in backend.Cminorgen]
+

W

+wt_block [in backend.LTLtyping]
+wt_function [in backend.RTLtyping]
+wt_function [in backend.Machtyping]
+wt_instr [in backend.Lineartyping]
+wt_instr [in backend.Machtyping]
+wt_instr [in backend.RTLtyping]
+

+

Definition Index

+

A

+absf [in backend.Values]
+absfloat [in backend.Cmconstr]
+add [in backend.Values]
+add [in lib.Sets]
+add [in backend.Cmconstr]
+add [in backend.RTLtyping]
+add [in lib.Integers]
+addf [in backend.Cmconstr]
+addf [in backend.Values]
+addf_match [in backend.Cmconstr]
+addf_match_aux [in backend.Cmconstr]
+addimm [in backend.PPCgen]
+addimm [in backend.Cmconstr]
+addimm_match [in backend.Cmconstr]
+addimm_1 [in backend.PPCgen]
+addimm_2 [in backend.PPCgen]
+addressing [in backend.Cmconstr]
+addressing_match [in backend.Cmconstr]
+addr_strength_reduction [in backend.Constprop]
+addr_strength_reduction_match [in backend.Constprop]
+addr_taken_expr [in backend.Cminorgen]
+addr_taken_stmt [in backend.Cminorgen]
+add_call [in backend.Allocation]
+add_cond [in backend.Allocation]
+add_edges_instr [in backend.Coloring]
+add_edges_instrs [in backend.Coloring]
+add_entry [in backend.Allocation]
+add_funct [in backend.Globalenvs]
+add_functs [in backend.Globalenvs]
+add_globals [in backend.Globalenvs]
+add_instr [in backend.RTLgen]
+add_interf [in backend.InterfGraph]
+add_interf_call [in backend.Coloring]
+add_interf_entry [in backend.Coloring]
+add_interf_live [in backend.Coloring]
+add_interf_move [in backend.Coloring]
+add_interf_mreg [in backend.InterfGraph]
+add_interf_op [in backend.Coloring]
+add_interf_params [in backend.Coloring]
+add_letvar [in backend.RTLgen]
+add_load [in backend.CSE]
+add_load [in backend.Allocation]
+add_match [in backend.Cmconstr]
+add_match_aux [in backend.Cmconstr]
+add_move [in backend.RTLgen]
+add_move [in backend.Allocation]
+add_op [in backend.Allocation]
+add_op [in backend.CSE]
+add_pref [in backend.InterfGraph]
+add_prefs_call [in backend.Coloring]
+add_pref_mreg [in backend.InterfGraph]
+add_reload [in backend.Allocation]
+add_reloads [in backend.Allocation]
+add_return [in backend.Allocation]
+add_rhs [in backend.CSE]
+add_spill [in backend.Allocation]
+add_store [in backend.Allocation]
+add_successors [in backend.Kildall]
+add_symbol [in backend.Globalenvs]
+add_to_worklist [in backend.Kildall]
+add_undefs [in backend.Allocation]
+add_var [in backend.RTLgen]
+add_vars [in backend.RTLgen]
+agree [in backend.Allocproof]
+agree [in backend.PPCgenproof1]
+align [in lib.Coqlib]
+align_16_top [in backend.Mach]
+alloc [in backend.Mem]
+alloc_of_coloring [in backend.Coloring]
+alloc_reg [in backend.RTLgen]
+alloc_regs [in backend.RTLgen]
+all_interf_regs [in backend.InterfGraph]
+analyze [in backend.Allocation]
+analyze [in backend.Constprop]
+analyze [in backend.CSE]
+and [in lib.Integers]
+and [in backend.Cmconstr]
+and [in backend.Values]
+andimm [in backend.Cmconstr]
+andimm [in backend.PPCgen]
+append [in lib.Maps]
+apply_partial [in backend.Main]
+apply_total [in backend.Main]
+approx_regs [in backend.Constprop]
+assign_variable [in backend.Cminorgen]
+assign_variables [in backend.Cminorgen]
+

B

+base_case_Pmov_dec [in backend.Parallelmove]
+basic_block_list [in backend.Kildall]
+basic_block_map [in backend.Kildall]
+bbmap [in backend.Kildall]
+bind [in backend.RTLgen]
+bind [in backend.Cminorgen]
+bind2 [in backend.RTLgen]
+bin_A [in lib.Inclusion]
+bits_of_Z [in lib.Integers]
+bitwise_binop [in lib.Integers]
+block [in backend.Values]
+block_agree [in backend.Mem]
+block_contents_agree [in backend.Mem]
+block_contents_extends [in backend.Mem]
+bot [in lib.Lattice]
+bot [in lib.Lattice]
+bot [in backend.Constprop]
+bot [in lib.Sets]
+bot [in lib.Lattice]
+branch_target [in backend.Tunneling]
+branch_target_rec [in backend.Tunneling]
+build_compilenv [in backend.Cminorgen]
+

C

+callstack [in backend.Machabstr2mach]
+callstack [in backend.Cminorgenproof]
+call_regs [in backend.LTL]
+cast [in backend.Csharpminor]
+cast16signed [in lib.Integers]
+cast16signed [in backend.Values]
+cast16signed [in backend.Cmconstr]
+cast16unsigned [in backend.Cmconstr]
+cast16unsigned [in backend.Values]
+cast16unsigned [in lib.Integers]
+cast8signed [in backend.Cmconstr]
+cast8signed [in lib.Integers]
+cast8signed [in backend.Values]
+cast8unsigned [in backend.Cmconstr]
+cast8unsigned [in backend.Values]
+cast8unsigned [in lib.Integers]
+check_all_leaves [in lib.Inclusion]
+check_coloring [in backend.Coloring]
+check_coloring_1 [in backend.Coloring]
+check_coloring_2 [in backend.Coloring]
+check_coloring_3 [in backend.Coloring]
+check_cont [in backend.Mem]
+check_equal_on_range [in lib.Integers]
+chunk_of_type [in backend.Mach]
+cleanup_code [in backend.Linearize]
+cleanup_function [in backend.Linearize]
+cmp [in backend.Cmconstr]
+cmp [in backend.Values]
+cmp [in lib.Integers]
+cmpf [in backend.Cmconstr]
+cmpf [in backend.Values]
+cmpu [in backend.Values]
+cmpu [in backend.Cmconstr]
+cmpu [in lib.Integers]
+cmp_mismatch [in backend.Values]
+code [in backend.LTL]
+code [in backend.PPC]
+code [in backend.RTL]
+code [in backend.Linear]
+code [in backend.Mach]
+code_size [in backend.PPCgen]
+code_tail [in backend.PPCgenproof]
+combine [in lib.Maps]
+compare_float [in backend.PPC]
+compare_sint [in backend.PPC]
+compare_uint [in backend.PPC]
+compilenv [in backend.Cminorgen]
+condexpr_of_expr [in backend.Cmconstr]
+conditionalexpr [in backend.Cmconstr]
+cond_strength_reduction [in backend.Constprop]
+cond_strength_reduction_match [in backend.Constprop]
+consistent [in backend.RTLtyping]
+const_high [in backend.PPC]
+const_low [in backend.PPC]
+contentmap [in backend.Mem]
+contentmap_agree [in backend.Mem]
+contentmap_inject [in backend.Mem]
+correct_alloc_instr [in backend.Coloringproof]
+correct_interf_instr [in backend.Coloringproof]
+crbit_for_cond [in backend.PPCgen]
+crbit_for_fcmp [in backend.PPCgen]
+crbit_for_icmp [in backend.PPCgen]
+

D

+decode [in backend.RTLtyping]
+def [in backend.Parallelmove]
+definite [in backend.RTLtyping]
+destroyed_at_call [in backend.Conventions]
+destroyed_at_call_regs [in backend.Conventions]
+diff [in backend.Locations]
+diff_dec [in backend.Parallelmove]
+disjoint [in backend.Locations]
+divf [in backend.Values]
+divf [in backend.Cmconstr]
+divs [in backend.Cmconstr]
+divs [in lib.Integers]
+divs [in backend.Values]
+divu [in backend.Cmconstr]
+divu [in backend.Values]
+divu [in lib.Integers]
+divu_match [in backend.Cmconstr]
+Done_well_formed [in backend.Allocproof_aux]
+drop1 [in backend.Conventions]
+drop2 [in backend.Conventions]
+

E

+elements [in lib.Sets]
+elements [in lib.Maps]
+elt [in lib.Maps]
+elt [in backend.RTLtyping]
+elt [in lib.Sets]
+elt [in lib.union_find]
+elt [in lib.union_find]
+elt [in lib.union_find]
+elt [in lib.Maps]
+elt [in lib.Maps]
+elt [in lib.Maps]
+elt_eq [in lib.Maps]
+elt_eq [in lib.Maps]
+elt_eq [in lib.Maps]
+elt_eq [in lib.Maps]
+empty [in lib.Sets]
+empty [in lib.Maps]
+empty [in lib.union_find]
+empty [in backend.RTLtyping]
+empty [in backend.Globalenvs]
+empty [in backend.Mem]
+empty_block [in backend.Mem]
+empty_env [in backend.Csharpminor]
+empty_frame [in backend.Machabstr]
+empty_graph [in backend.InterfGraph]
+empty_numbering [in backend.CSE]
+encode [in backend.RTLtyping]
+enumerate [in backend.Linearize]
+env [in backend.Csharpminor]
+Env [in backend.Parallelmove]
+env [in backend.Cminor]
+eq [in backend.Mach]
+eq [in lib.Ordered]
+eq [in backend.RTLtyping]
+eq [in backend.CSEproof]
+eq [in lib.Maps]
+eq [in backend.Locations]
+eq [in lib.Ordered]
+eq [in backend.Registers]
+eq [in lib.Ordered]
+eq [in backend.PPC]
+eq [in lib.Integers]
+eqm [in lib.Integers]
+eqmod [in lib.Integers]
+equation_holds [in backend.CSE]
+eq_block [in backend.Values]
+eq_list_valnum [in backend.CSE]
+eq_rhs [in backend.CSE]
+eq_valnum [in backend.CSE]
+error [in backend.RTLtyping]
+error [in backend.RTLgen]
+eval_addressing [in backend.Op]
+eval_addressing_total [in backend.Op]
+eval_compare_null [in backend.Op]
+eval_compare_null [in backend.Csharpminor]
+eval_condition [in backend.Op]
+eval_condition_total [in backend.Op]
+eval_exprlist_prop [in backend.Cminorgenproof]
+eval_expr_prop [in backend.Cminorgenproof]
+eval_funcall_prop [in backend.Cminorgenproof]
+eval_operation [in backend.Op]
+eval_operation [in backend.Csharpminor]
+eval_operation_total [in backend.Op]
+eval_static_condition [in backend.Constprop]
+eval_static_condition_match [in backend.Constprop]
+eval_static_operation [in backend.Constprop]
+eval_static_operation_match [in backend.Constprop]
+exec [in backend.Parallelmove]
+exec_blocks_prop [in backend.Linearizeproof]
+exec_blocks_prop [in backend.Tunnelingproof]
+exec_block_prop [in backend.Linearizeproof]
+exec_block_prop [in backend.Tunnelingproof]
+exec_function_body_prop [in backend.Machabstr2mach]
+exec_function_body_prop [in backend.PPCgenproof]
+exec_function_body_prop [in backend.Machtyping]
+exec_function_prop [in backend.Stackingproof]
+exec_function_prop [in backend.Machtyping]
+exec_function_prop [in backend.PPCgenproof]
+exec_function_prop [in backend.Constpropproof]
+exec_function_prop [in backend.Linearizeproof]
+exec_function_prop [in backend.Machabstr2mach]
+exec_function_prop [in backend.CSEproof]
+exec_function_prop [in backend.Tunnelingproof]
+exec_function_prop [in backend.Allocproof]
+exec_function_subject_reduction [in backend.RTLtyping]
+exec_instr [in backend.PPC]
+exec_instrs_prop [in backend.Allocproof]
+exec_instrs_prop [in backend.Tunnelingproof]
+exec_instrs_prop [in backend.Machabstr2mach]
+exec_instrs_prop [in backend.CSEproof]
+exec_instrs_prop [in backend.Constpropproof]
+exec_instrs_prop [in backend.Linearizeproof]
+exec_instr_prop [in backend.Allocproof]
+exec_instr_prop [in backend.Machabstr2mach]
+exec_instr_prop [in backend.Machtyping]
+exec_instr_prop [in backend.Constpropproof]
+exec_instr_prop [in backend.CSEproof]
+exec_instr_prop [in backend.Tunnelingproof]
+exec_instr_prop [in backend.Stackingproof]
+exec_instr_prop [in backend.Linearizeproof]
+exec_instr_prop [in backend.PPCgenproof]
+exec_instr_subject_reduction [in backend.RTLtyping]
+exec_program [in backend.Csharpminor]
+exec_program [in backend.LTL]
+exec_program [in backend.Cminor]
+exec_program [in backend.RTL]
+exec_program [in backend.Mach]
+exec_program [in backend.Machabstr]
+exec_program [in backend.Linear]
+exec_program [in backend.PPC]
+exec_stmtlist_prop [in backend.Cminorgenproof]
+exec_stmt_prop [in backend.Cminorgenproof]
+extends [in backend.Mem]
+extend_inject [in backend.Mem]
+

F

+find_funct [in backend.Globalenvs]
+find_function [in backend.LTL]
+find_function [in backend.Mach]
+find_function [in backend.RTL]
+find_function [in backend.Linear]
+find_function2 [in backend.Allocproof]
+find_funct_ptr [in backend.Globalenvs]
+find_instr [in backend.PPC]
+find_label [in backend.Mach]
+find_label [in backend.PPCgenproof]
+find_label [in backend.Linear]
+find_letvar [in backend.RTLgen]
+find_load [in backend.CSE]
+find_op [in backend.CSE]
+find_rhs [in backend.CSE]
+find_symbol [in backend.Globalenvs]
+find_symbol_offset [in backend.Op]
+find_valnum_rhs [in backend.CSE]
+find_var [in backend.RTLgen]
+fixpoint [in backend.Kildall]
+fixpoint [in backend.Kildall]
+fixpoint [in backend.Kildall]
+flatten [in lib.Inclusion]
+flatten_aux [in lib.Inclusion]
+floatcomp [in backend.PPCgen]
+floatofint [in backend.Values]
+floatofint [in backend.Cmconstr]
+floatofintu [in backend.Cmconstr]
+floatofintu [in backend.Values]
+float_callee_save [in backend.Lineartyping]
+float_callee_save_regs [in backend.Conventions]
+float_local [in backend.Lineartyping]
+float_param_regs [in backend.Conventions]
+fn_params_names [in backend.Csharpminor]
+fn_variables [in backend.Csharpminor]
+fn_vars_names [in backend.Csharpminor]
+fold [in lib.Sets]
+fold [in lib.Maps]
+fold2 [in backend.RTLtyping]
+for_all [in lib.Sets]
+frame [in backend.Machabstr]
+free [in backend.Mem]
+free_list [in backend.Mem]
+freg_of [in backend.PPCgen]
+function_bounds [in backend.Lineartyping]
+

G

+ge [in lib.Lattice]
+ge [in backend.CSE]
+ge [in lib.Lattice]
+ge [in backend.Constprop]
+ge [in lib.Lattice]
+ge [in lib.Sets]
+genv [in backend.Cminor]
+genv [in backend.LTL]
+genv [in backend.PPC]
+genv [in backend.Csharpminor]
+genv [in backend.RTL]
+genv [in backend.Mach]
+genv [in backend.Linear]
+get [in lib.Maps]
+get [in lib.Maps]
+get [in lib.Maps]
+Get [in backend.Parallelmove]
+get [in backend.Locations]
+get [in lib.Lattice]
+get [in lib.Maps]
+get [in backend.Parallelmove]
+get [in backend.RTLtyping]
+getdst [in backend.Parallelmove]
+getN [in backend.Mem]
+getsrc [in backend.Parallelmove]
+globalenv [in backend.Globalenvs]
+globalenv_initmem [in backend.Globalenvs]
+good_state [in backend.Kildall]
+goto_label [in backend.PPC]
+gpr_or_zero [in backend.PPC]
+graph_incl [in backend.InterfGraph]
+

H

+half_modulus [in lib.Integers]
+has_type [in backend.Values]
+has_type_list [in backend.Values]
+head_but_last [in backend.Parallelmove]
+high_bound [in backend.Mem]
+high_s [in backend.PPCgen]
+high_u [in backend.PPCgen]
+

I

+ident [in backend.AST]
+identify [in lib.union_find]
+identify_base [in lib.union_find]
+ident_eq [in backend.AST]
+ifthenelse [in backend.Cmconstr]
+included [in backend.RTLtyping]
+index [in backend.Locations]
+index [in lib.Maps]
+index [in lib.Maps]
+index_diff [in backend.Stackingproof]
+index_float_callee_save [in backend.Conventions]
+index_int_callee_save [in backend.Conventions]
+index_val [in backend.Stackingproof]
+index_valid [in backend.Stackingproof]
+init [in lib.Maps]
+init [in backend.Locations]
+init [in lib.Maps]
+init [in lib.Maps]
+init_frame [in backend.Machabstr]
+init_mapping [in backend.RTLgen]
+init_mem [in backend.Globalenvs]
+init_regs [in backend.RTL]
+init_state [in backend.RTLgen]
+inject_incr [in backend.Mem]
+insert_bin [in lib.Inclusion]
+interfere [in backend.InterfGraph]
+interfere_mreg [in backend.InterfGraph]
+interf_graph [in backend.Coloring]
+intoffloat [in backend.Cmconstr]
+intoffloat [in backend.Values]
+intval [in backend.Constprop]
+int_callee_save [in backend.Lineartyping]
+int_callee_save_regs [in backend.Conventions]
+int_local [in backend.Lineartyping]
+int_of_one_bits [in lib.Integers]
+int_param_regs [in backend.Conventions]
+in_bounds [in backend.Mem]
+in_incr [in backend.Kildall]
+in_range [in lib.Integers]
+ireg_of [in backend.PPCgen]
+is_basic_block_head [in backend.Kildall]
+is_bool [in backend.Values]
+is_data_reg [in backend.PPCgenproof1]
+is_false [in lib.Integers]
+is_false [in backend.Values]
+is_goto_block [in backend.Tunneling]
+is_label [in backend.PPC]
+is_label [in backend.Mach]
+is_label [in backend.Linear]
+is_move_operation [in backend.Op]
+is_power2 [in lib.Integers]
+is_rlw_mask [in lib.Integers]
+is_rlw_mask_rec [in lib.Integers]
+is_trivial_op [in backend.CSE]
+is_true [in lib.Integers]
+is_true [in backend.Values]
+iterate [in backend.Kildall]
+iter_step [in backend.Kildall]
+

K

+kill_loads [in backend.CSE]
+kill_load_eqs [in backend.CSE]
+

L

+label [in backend.Linear]
+label [in backend.PPC]
+label [in backend.Mach]
+label_pos [in backend.PPC]
+last [in backend.Parallelmove]
+lbl [in backend.Linearize]
+lbl [in backend.Linearize]
+leaf [in lib.Inclusion]
+leaf [in lib.Inclusion]
+leaf [in lib.Inclusion]
+letenv [in backend.Cminor]
+letenv [in backend.Csharpminor]
+lift [in backend.Cmconstr]
+lift_condexpr [in backend.Cmconstr]
+lift_expr [in backend.Cmconstr]
+lift_exprlist [in backend.Cmconstr]
+linearize_block [in backend.Linearize]
+linearize_body [in backend.Linearize]
+linearize_function [in backend.Linearize]
+link_invariant [in backend.Machtyping]
+listsLoc2Moves [in backend.Parallelmove]
+listsLoc2Moves [in backend.Allocation]
+list_disjoint [in lib.Coqlib]
+live0 [in backend.Allocproof]
+load [in backend.Mem]
+load [in backend.Cmconstr]
+loadimm [in backend.PPCgen]
+loadind [in backend.PPCgen]
+loadind_aux [in backend.PPCgen]
+loadv [in backend.Mem]
+load1 [in backend.PPC]
+load2 [in backend.PPC]
+load_contents [in backend.Mem]
+load_result [in backend.Values]
+load_stack [in backend.Mach]
+locset [in backend.LTL]
+locset [in backend.Linear]
+locs_acceptable [in backend.Conventions]
+locs_read_ok [in backend.Alloctyping]
+locs_write_ok [in backend.Alloctyping]
+loc_acceptable [in backend.Conventions]
+loc_arguments [in backend.Conventions]
+loc_arguments_rec [in backend.Conventions]
+loc_argument_acceptable [in backend.Conventions]
+loc_is_acceptable [in backend.Coloring]
+loc_parameters [in backend.Conventions]
+loc_read_ok [in backend.Alloctyping]
+loc_result [in backend.Conventions]
+loc_write_ok [in backend.Alloctyping]
+low_bound [in backend.Mem]
+low_s [in backend.PPCgen]
+low_u [in backend.PPCgen]
+lt [in lib.Integers]
+lt [in lib.Ordered]
+lt [in lib.Ordered]
+lt [in lib.Ordered]
+ltu [in lib.Integers]
+lub [in lib.Lattice]
+lub [in lib.Lattice]
+lub [in lib.Sets]
+lub [in lib.Lattice]
+lub [in backend.Constprop]
+

M

+make_addimm [in backend.Constprop]
+make_andimm [in backend.Constprop]
+make_cast [in backend.Cminorgen]
+make_env [in backend.Stacking]
+make_load [in backend.Cminorgen]
+make_mulimm [in backend.Constprop]
+make_op [in backend.Cminorgen]
+make_orimm [in backend.Constprop]
+make_predecessors [in backend.Kildall]
+make_shlimm [in backend.Constprop]
+make_shrimm [in backend.Constprop]
+make_shruimm [in backend.Constprop]
+make_stackaddr [in backend.Cminorgen]
+make_store [in backend.Cminorgen]
+make_xorimm [in backend.Constprop]
+map [in lib.Maps]
+map [in lib.Maps]
+map [in lib.Maps]
+map [in lib.Maps]
+mapped [in backend.RTLtyping]
+match_return_outcome [in backend.RTLgenproof]
+match_return_reg [in backend.RTLgenproof]
+max_over_instrs [in backend.Lineartyping]
+max_over_list [in backend.Lineartyping]
+max_over_regs_of_funct [in backend.Lineartyping]
+max_over_regs_of_instr [in backend.Lineartyping]
+max_over_slots_of_funct [in backend.Lineartyping]
+max_over_slots_of_instr [in backend.Lineartyping]
+max_signed [in lib.Integers]
+max_unsigned [in lib.Integers]
+mem [in lib.Sets]
+member [in backend.RTLtyping]
+meminj [in backend.Mem]
+mem_chunk [in backend.Mem]
+mem_type [in backend.Machabstr]
+mesure [in backend.Parallelmove]
+min_signed [in lib.Integers]
+mk_env [in backend.RTLtyping]
+mods [in lib.Integers]
+mods [in backend.Cmconstr]
+mods [in backend.Values]
+modu [in lib.Integers]
+modu [in backend.Values]
+modu [in backend.Cmconstr]
+modulus [in lib.Integers]
+mod_aux [in backend.Cmconstr]
+mon [in backend.RTLgen]
+mone [in lib.Integers]
+Move [in backend.Parallelmove]
+Moves [in backend.Parallelmove]
+mreg_bounded [in backend.Lineartyping]
+mreg_type [in backend.Locations]
+mul [in lib.Integers]
+mul [in backend.Cmconstr]
+mul [in backend.Values]
+mulf [in backend.Cmconstr]
+mulf [in backend.Values]
+mulimm [in backend.Cmconstr]
+mulimm_base [in backend.Cmconstr]
+mulimm_match [in backend.Cmconstr]
+mul_match [in backend.Cmconstr]
+mul_match_aux [in backend.Cmconstr]
+mutated_condexpr [in backend.RTLgen]
+mutated_expr [in backend.RTLgen]
+mutated_exprlist [in backend.RTLgen]
+mutated_reg [in backend.RTLgenproof1]
+

N

+nat_le_bool [in lib.Inclusion]
+neg [in backend.Values]
+neg [in lib.Integers]
+negate_comparison [in backend.AST]
+negate_condition [in backend.Op]
+negf [in backend.Values]
+negfloat [in backend.Cmconstr]
+negint [in backend.Cmconstr]
+new_reg [in backend.RTLgen]
+nextinstr [in backend.PPC]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Allocproof_aux]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+nil [in backend.Parallelmove]
+node [in backend.RTL]
+node [in backend.LTL]
+NoOverlap [in backend.Parallelmove]
+noOverlap [in backend.Parallelmove]
+noOverlap_aux [in backend.Parallelmove]
+noRead [in backend.Parallelmove]
+not [in lib.Integers]
+notbool [in backend.Values]
+notbool [in backend.Cmconstr]
+notbool [in lib.Integers]
+notbool_base [in backend.Cmconstr]
+notemporary [in backend.Parallelmove]
+notin [in backend.Locations]
+notint [in backend.Values]
+notint [in backend.Cmconstr]
+notint_match [in backend.Cmconstr]
+noTmp [in backend.Parallelmove]
+noTmpLast [in backend.Parallelmove]
+noWrite [in backend.Parallelmove]
+no_overlap [in backend.Parallelmove]
+no_overlap [in backend.Locations]
+no_overlap_list [in backend.Parallelmove]
+no_overlap_state [in backend.Parallelmove]
+no_overlap_stateD [in backend.Allocproof_aux]
+no_tmp13_state [in backend.Allocproof_aux]
+nullptr [in backend.Mem]
+numbering_holds [in backend.CSE]
+numbering_satisfiable [in backend.CSE]
+num_iterations [in backend.Kildall]
+

O

+offset_of_index [in backend.Stacking]
+offset_sp [in backend.Op]
+of_bool [in backend.Values]
+one [in lib.Integers]
+one_bits [in lib.Integers]
+option_fold2 [in backend.RTLtyping]
+option_map [in lib.Coqlib]
+op_strength_reduction [in backend.Constprop]
+op_strength_reduction_match [in backend.Constprop]
+or [in lib.Integers]
+or [in backend.Values]
+or [in backend.Cmconstr]
+ordered_pair [in backend.InterfGraph]
+orimm [in backend.PPCgen]
+or_match [in backend.Cmconstr]
+outcome_block [in backend.Csharpminor]
+outcome_block [in backend.Cminor]
+outcome_node [in backend.RTLgenproof]
+outcome_result_value [in backend.Cminor]
+outcome_result_value [in backend.Csharpminor]
+outgoing_slot [in backend.Lineartyping]
+outgoing_space [in backend.Lineartyping]
+overlap [in backend.Locations]
+overlap_aux [in backend.Locations]
+

P

+parallel_move [in backend.Allocation]
+parallel_move_order [in backend.Allocation]
+parameter_of_argument [in backend.Conventions]
+path [in backend.Parallelmove]
+peq [in lib.Coqlib]
+pexec [in backend.Parallelmove]
+Ple [in lib.Coqlib]
+Plt [in lib.Coqlib]
+plt [in lib.Coqlib]
+Pmov [in backend.Parallelmove]
+positive_rec [in lib.Coqlib]
+powerserie [in lib.Integers]
+predecessors [in backend.Kildall]
+preg_of [in backend.PPCgenproof1]
+program [in backend.LTL]
+program [in backend.Cminor]
+program [in backend.Linear]
+program [in backend.RTL]
+program [in backend.Csharpminor]
+program [in backend.PPC]
+program [in backend.Mach]
+propagate_succ [in backend.Kildall]
+propagate_successors [in backend.Kildall]
+propagate_succ_list [in backend.Kildall]
+Pstate [in backend.Kildall]
+p_move [in backend.Allocproof_aux]
+P_move [in backend.Parallelmove]
+

R

+R [in backend.Coloring]
+reachable [in backend.Linearize]
+reachable_aux [in backend.Linearize]
+reg [in backend.Registers]
+Reg [in backend.Parallelmove]
+regalloc [in backend.Coloring]
+regenv [in backend.RTLtyping]
+reglist [in backend.LTL]
+regmap_optget [in backend.Registers]
+regmap_optset [in backend.Registers]
+regset [in backend.Mach]
+regset [in backend.RTL]
+regset [in backend.PPC]
+regs_for [in backend.Allocation]
+regs_for_rec [in backend.Allocation]
+regs_match_approx [in backend.Constpropproof]
+regs_of_instr [in backend.Lineartyping]
+reg_for [in backend.Allocation]
+reg_fresh [in backend.RTLgenproof1]
+reg_in_map [in backend.RTLgenproof1]
+reg_list_dead [in backend.Allocation]
+reg_list_live [in backend.Allocation]
+reg_of_crbit [in backend.PPC]
+reg_option_live [in backend.Allocation]
+reg_sum_live [in backend.Allocation]
+reg_valid [in backend.RTLgenproof1]
+reg_valnum [in backend.CSE]
+remove [in lib.Sets]
+remove [in lib.Maps]
+remove_all_leaves [in lib.Inclusion]
+repet [in backend.RTLtyping]
+replace_last_s [in backend.Parallelmove]
+repr [in lib.union_find]
+repr [in lib.Integers]
+repr_aux [in lib.union_find]
+repr_order [in lib.union_find]
+repr_rec [in lib.union_find]
+reserve_instr [in backend.RTLgen]
+restore_callee_save [in backend.Stacking]
+restore_float_callee_save [in backend.Stacking]
+restore_int_callee_save [in backend.Stacking]
+result [in backend.Kildall]
+reswellFormed [in backend.Allocproof_aux]
+ret [in backend.RTLgen]
+return_regs [in backend.LTL]
+ret_reg [in backend.RTLgen]
+rhs_evals_to [in backend.CSEproof]
+right [in backend.Parallelmove]
+rlw_accepting [in lib.Integers]
+rlw_transition [in lib.Integers]
+rol [in lib.Integers]
+rolm [in backend.Values]
+rolm [in backend.Cmconstr]
+rolm [in lib.Integers]
+rolm_match [in backend.Cmconstr]
+

S

+sameclass [in lib.union_find]
+sameclass [in lib.union_find]
+sameEnv [in backend.Parallelmove]
+sameExec [in backend.Parallelmove]
+same_expr_pure [in backend.Cmconstr]
+same_typ [in backend.Coloring]
+save_callee_save [in backend.Stacking]
+save_float_callee_save [in backend.Stacking]
+save_int_callee_save [in backend.Stacking]
+set [in lib.Maps]
+set [in backend.Locations]
+set [in lib.Maps]
+set [in lib.Maps]
+set [in lib.Lattice]
+set [in lib.Maps]
+setN [in backend.Mem]
+set_cont [in backend.Mem]
+set_locals [in backend.Cminor]
+set_params [in backend.Cminor]
+Sexec [in backend.Parallelmove]
+sexec [in backend.Parallelmove]
+shift_match [in backend.Cmconstr]
+shift_sp [in backend.Stackingproof]
+shl [in lib.Integers]
+shl [in backend.Cmconstr]
+shl [in backend.Values]
+shlimm [in backend.Cmconstr]
+shr [in lib.Integers]
+shr [in backend.Cmconstr]
+shr [in backend.Values]
+shru [in backend.Cmconstr]
+shru [in lib.Integers]
+shru [in backend.Values]
+shruimm [in backend.Cmconstr]
+shrx [in lib.Integers]
+shrx [in backend.Values]
+shr_carry [in backend.Values]
+shr_carry [in lib.Integers]
+signed [in lib.Integers]
+simpleDest [in backend.Parallelmove]
+singleoffloat [in backend.Values]
+singleoffloat [in backend.Cmconstr]
+sizeof [in backend.Csharpminor]
+size_arguments [in backend.Conventions]
+size_arguments_rec [in backend.Conventions]
+size_chunk [in backend.Mem]
+size_mem [in backend.Mem]
+slots_of_instr [in backend.Lineartyping]
+slot_bounded [in backend.Lineartyping]
+slot_bounded [in backend.LTLtyping]
+slot_type [in backend.Locations]
+Some [in backend.Parallelmove]
+sort_bin [in lib.Inclusion]
+split_move [in backend.Parallelmove]
+split_move' [in backend.Parallelmove]
+starts_with [in backend.Linearize]
+start_state [in backend.Kildall]
+start_state_in [in backend.Kildall]
+start_state_wrk [in backend.Kildall]
+State [in backend.Parallelmove]
+StateBeing [in backend.Parallelmove]
+StateDone [in backend.Parallelmove]
+StateToMove [in backend.Parallelmove]
+state_extends [in backend.RTLgenproof1]
+state_invariant [in backend.Kildall]
+step [in backend.Kildall]
+step [in backend.Kildall]
+stepf [in backend.Parallelmove]
+stepf' [in backend.Parallelmove]
+stepInv [in backend.Parallelmove]
+step_NF [in backend.Parallelmove]
+store [in backend.Cmconstr]
+store [in backend.Mem]
+storeind [in backend.PPCgen]
+storeind_aux [in backend.PPCgen]
+storev [in backend.Mem]
+store1 [in backend.PPC]
+store2 [in backend.PPC]
+store_contents [in backend.Mem]
+store_parameters [in backend.Cminorgen]
+store_stack [in backend.Mach]
+sub [in backend.Values]
+sub [in lib.Integers]
+sub [in backend.Cmconstr]
+subf [in backend.Values]
+subf [in backend.Cmconstr]
+subf_match [in backend.Cmconstr]
+sub_match [in backend.Cmconstr]
+sub_match_aux [in backend.Cmconstr]
+successors [in backend.LTL]
+successors [in backend.RTL]
+successors_aux [in backend.LTL]
+sum_left_map [in lib.Coqlib]
+swap_comparison [in backend.AST]
+symbol_offset [in backend.PPC]
+s1 [in backend.Linearize]
+

T

+t [in backend.PPC]
+t [in lib.Ordered]
+t [in lib.Maps]
+t [in lib.Maps]
+t [in lib.Lattice]
+t [in backend.Locations]
+t [in backend.Constprop]
+t [in lib.Ordered]
+t [in backend.Globalenvs]
+t [in lib.Lattice]
+T [in backend.RTLtyping]
+T [in lib.union_find]
+t [in backend.CSEproof]
+t [in backend.Locations]
+t [in lib.Maps]
+T [in backend.Parallelmove]
+t [in lib.Maps]
+T [in backend.RTLtyping]
+t [in backend.InterfGraph]
+t [in lib.Maps]
+t [in lib.Ordered]
+t [in lib.Lattice]
+t [in backend.Mach]
+t [in lib.Sets]
+t [in lib.Maps]
+t [in backend.CSE]
+temporaries [in backend.Conventions]
+temporaries1 [in backend.Allocproof_aux]
+temporaries1_3 [in backend.Allocproof_aux]
+temporaries2 [in backend.Allocproof_aux]
+teq [in backend.RTLtyping]
+test_inclusion [in lib.Inclusion]
+Tint [in backend.Allocation]
+top [in lib.Lattice]
+top [in lib.Lattice]
+top [in backend.CSE]
+top [in backend.Constprop]
+top [in lib.Lattice]
+transfer [in backend.Allocation]
+transfer [in backend.Constprop]
+transfer [in backend.CSE]
+transform_partial_program [in backend.AST]
+transform_program [in backend.AST]
+transf_cminor_function [in backend.Main]
+transf_cminor_program [in backend.Main]
+transf_cminor_program2 [in backend.Main]
+transf_code [in backend.Constprop]
+transf_code [in backend.CSE]
+transf_csharpminor_function [in backend.Main]
+transf_csharpminor_program [in backend.Main]
+transf_csharpminor_program2 [in backend.Main]
+transf_entrypoint [in backend.Allocation]
+transf_function [in backend.Linearize]
+transf_function [in backend.Allocation]
+transf_function [in backend.CSE]
+transf_function [in backend.RTL]
+transf_function [in backend.PPCgen]
+transf_function [in backend.Stacking]
+transf_function [in backend.Constprop]
+transf_instr [in backend.Allocation]
+transf_instr [in backend.Constprop]
+transf_instr [in backend.CSE]
+transf_partial [in backend.Globalenvs]
+transf_partial_program [in backend.AST]
+transf_program [in backend.CSE]
+transf_program [in backend.PPCgen]
+transf_program [in backend.Stacking]
+transf_program [in backend.Constprop]
+transf_program [in backend.Allocation]
+transf_program [in backend.Linearize]
+transf_program [in backend.AST]
+transl_addr [in backend.Stacking]
+transl_body [in backend.Stacking]
+transl_code [in backend.PPCgen]
+transl_code [in backend.Stacking]
+transl_cond [in backend.PPCgen]
+transl_condition_correct [in backend.RTLgenproof]
+transl_condition_incr_pred [in backend.RTLgenproof1]
+transl_expr [in backend.RTLgen]
+transl_expr [in backend.Cminorgen]
+transl_exprlist_correct [in backend.RTLgenproof]
+transl_exprlist_incr_pred [in backend.RTLgenproof1]
+transl_expr_correct [in backend.RTLgenproof]
+transl_expr_incr_pred [in backend.RTLgenproof1]
+transl_fun [in backend.RTLgen]
+transl_function [in backend.Cminorgen]
+transl_function [in backend.PPCgen]
+transl_function [in backend.RTLgen]
+transl_function_correct [in backend.RTLgenproof]
+transl_instr [in backend.PPCgen]
+transl_instr [in backend.Stacking]
+transl_load_store [in backend.PPCgen]
+transl_op [in backend.Stacking]
+transl_op [in backend.PPCgen]
+transl_program [in backend.RTLgen]
+transl_program [in backend.Cminorgen]
+transl_stmt [in backend.Cminorgen]
+transl_stmt [in backend.RTLgen]
+transl_stmtlist_correct [in backend.RTLgenproof]
+transl_stmtlist_incr_pred [in backend.RTLgenproof1]
+transl_stmt_correct [in backend.RTLgenproof]
+transl_stmt_incr_pred [in backend.RTLgenproof1]
+tunneled_code [in backend.Tunnelingproof]
+tunnel_block [in backend.Tunneling]
+tunnel_function [in backend.Tunneling]
+tunnel_outcome [in backend.Tunnelingproof]
+tunnel_program [in backend.Tunneling]
+type [in backend.Locations]
+typenv [in backend.Registers]
+typesize [in backend.AST]
+typesize [in backend.Locations]
+type_of_addressing [in backend.Op]
+type_of_chunk [in backend.Op]
+type_of_condition [in backend.Op]
+type_of_index [in backend.Stackingproof]
+type_of_operation [in backend.Op]
+type_of_sig_res [in backend.RTLtyping]
+type_rtl_arg [in backend.RTLtyping]
+type_rtl_function [in backend.RTLtyping]
+type_rtl_instr [in backend.RTLtyping]
+type_rtl_ros [in backend.RTLtyping]
+

U

+unchecked_store [in backend.Mem]
+union [in lib.Sets]
+unique_labels [in backend.Linearizeproof]
+unsigned [in lib.Integers]
+update [in backend.Mem]
+update [in backend.Parallelmove]
+update_instr [in backend.RTLgen]
+

V

+valid_block [in backend.Mem]
+valid_outcome [in backend.Linearizeproof]
+valid_pointer [in backend.Mem]
+valnum [in backend.CSE]
+valnum_reg [in backend.CSE]
+valnum_regs [in backend.CSE]
+Value [in backend.Parallelmove]
+valu_agree [in backend.CSEproof]
+val_cond_reg [in backend.PPC]
+val_match_approx [in backend.Constpropproof]
+val_normalized [in backend.Cminorgenproof]
+var_addr [in backend.Cminorgen]
+var_get [in backend.Cminorgen]
+var_set [in backend.Cminorgen]
+Vfalse [in backend.Values]
+Vmone [in backend.Values]
+Vone [in backend.Values]
+Vtrue [in backend.Values]
+Vzero [in backend.Values]
+

W

+wf_equation [in backend.CSEproof]
+wf_numbering [in backend.CSEproof]
+wf_rhs [in backend.CSEproof]
+wordsize [in lib.Integers]
+wt_content [in backend.Machtyping]
+wt_frame [in backend.Machtyping]
+wt_function [in backend.LTLtyping]
+wt_function [in backend.Lineartyping]
+wt_instrs [in backend.Stackingtyping]
+wt_program [in backend.Lineartyping]
+wt_program [in backend.RTLtyping]
+wt_program [in backend.LTLtyping]
+wt_program [in backend.Machtyping]
+wt_regset [in backend.RTLtyping]
+wt_regset [in backend.Machtyping]
+

X

+xcombine_l [in lib.Maps]
+xcombine_r [in lib.Maps]
+xelements [in lib.Maps]
+xget [in lib.Maps]
+xkeys [in lib.Maps]
+xmap [in lib.Maps]
+xor [in backend.Cmconstr]
+xor [in backend.Values]
+xor [in lib.Integers]
+xorimm [in backend.PPCgen]
+

Z

+Zdiv_round [in lib.Integers]
+zeq [in lib.Coqlib]
+zero [in lib.Integers]
+zle [in lib.Coqlib]
+zlt [in lib.Coqlib]
+Zmod_round [in lib.Integers]
+ztonat [in backend.Mem]
+Z_bin_decomp [in lib.Integers]
+Z_of_bits [in lib.Integers]
+Z_one_bits [in lib.Integers]
+Z_shift_add [in lib.Integers]
+

+

Module Index

+

A

+Approx [in backend.Constprop]
+

B

+BACKWARD_DATAFLOW_SOLVER [in backend.Kildall]
+Backward_Dataflow_Solver [in backend.Kildall]
+BBlock_solver [in backend.Kildall]
+BBLOCK_SOLVER [in backend.Kildall]
+

D

+D [in backend.Constprop]
+Dataflow_Solver [in backend.Kildall]
+DATAFLOW_SOLVER [in backend.Kildall]
+DS [in backend.Kildall]
+DS [in backend.Constprop]
+DS [in backend.Linearize]
+DS [in backend.Allocation]
+

E

+ELEMENT [in lib.union_find]
+EMap [in lib.Maps]
+EQUALITY_TYPE [in lib.Maps]
+

F

+Float [in lib.Floats]
+

G

+Genv [in backend.Globalenvs]
+GENV [in backend.Globalenvs]
+

I

+Identset [in backend.Cminorgen]
+IMap [in lib.Maps]
+IndexedMreg [in backend.Locations]
+INDEXED_TYPE [in lib.Maps]
+Int [in lib.Integers]
+

L

+L [in backend.Kildall]
+L [in backend.Kildall]
+L [in backend.Kildall]
+L [in backend.Kildall]
+L [in backend.Kildall]
+L [in backend.Kildall]
+L [in backend.Kildall]
+L [in backend.Kildall]
+L [in backend.Kildall]
+LBoolean [in lib.Lattice]
+LFlat [in lib.Lattice]
+Loc [in backend.Locations]
+Locmap [in backend.Locations]
+LPMap [in lib.Lattice]
+

M

+MakeSet [in lib.Sets]
+MAP [in lib.Maps]
+MAP [in lib.union_find]
+mymap [in backend.RTLtyping]
+myreg [in backend.RTLtyping]
+

N

+NIndexed [in lib.Maps]
+NMap [in lib.Maps]
+Numbering [in backend.CSE]
+

O

+OrderedIndexed [in lib.Ordered]
+OrderedMreg [in backend.InterfGraph]
+OrderedPair [in lib.Ordered]
+OrderedPositive [in lib.Ordered]
+OrderedReg [in backend.InterfGraph]
+OrderedRegMreg [in backend.InterfGraph]
+OrderedRegReg [in backend.InterfGraph]
+ORDERED_TYPE_WITH_TOP [in backend.Kildall]
+

P

+PMap [in lib.Maps]
+PregEq [in backend.PPC]
+Pregmap [in backend.PPC]
+PTree [in lib.Maps]
+

R

+Reg [in backend.Registers]
+RegEq [in backend.Mach]
+Regmap [in backend.Mach]
+Regmap [in backend.Registers]
+Regset [in backend.Registers]
+

S

+SEMILATTICE [in lib.Lattice]
+SEMILATTICE_WITH_TOP [in lib.Lattice]
+SetDepRegMreg [in backend.InterfGraph]
+SetDepRegReg [in backend.InterfGraph]
+SetRegMreg [in backend.InterfGraph]
+SetRegReg [in backend.InterfGraph]
+Solver [in backend.CSE]
+

T

+TREE [in lib.Maps]
+

U

+Uf [in backend.RTLtyping]
+UNIONFIND [in lib.union_find]
+Unionfind [in lib.union_find]
+

V

+Val [in backend.Values]
+ValnumEq [in backend.CSEproof]
+VMap [in backend.CSEproof]
+

Z

+ZIndexed [in lib.Maps]
+ZMap [in lib.Maps]
+

+

Library Index

+

A

+Allocation
+Allocproof
+Allocproof_aux
+Alloctyping
+Alloctyping_aux
+AST
+

C

+Cmconstr
+Cmconstrproof
+Cminor
+Cminorgen
+Cminorgenproof
+Coloring
+Coloringproof
+Constprop
+Constpropproof
+Conventions
+Coqlib
+CSE
+CSEproof
+Csharpminor
+

F

+Floats
+

G

+Globalenvs
+

I

+Inclusion
+Integers
+InterfGraph
+

K

+Kildall
+

L

+Lattice
+Linear
+Linearize
+Linearizeproof
+Linearizetyping
+Lineartyping
+Locations
+LTL
+LTLtyping
+

M

+Mach
+Machabstr
+Machabstr2mach
+Machtyping
+Main
+Maps
+Mem
+

O

+Op
+Ordered
+

P

+Parallelmove
+PPC
+PPCgen
+PPCgenproof
+PPCgenproof1
+

R

+Registers
+RTL
+RTLgen
+RTLgenproof
+RTLgenproof1
+RTLtyping
+

S

+Sets
+Stacking
+Stackingproof
+Stackingtyping
+

T

+Tunneling
+Tunnelingproof
+Tunnelingtyping
+

U

+union_find
+

V

+Values
+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Global IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(3806 entries)
Axiom IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(39 entries)
Lemma IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(1753 entries)
Constructor IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(700 entries)
Inductive IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(155 entries)
Definition IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(1017 entries)
Module IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(78 entries)
Library IndexABCDEFGHIJKLMNOPQRSTUVWXYZ_(64 entries)
+
This page has been generated by coqdoc + + \ No newline at end of file diff --git a/doc/removeproofs b/doc/removeproofs new file mode 100755 index 00000000..0ebe3a8b --- /dev/null +++ b/doc/removeproofs @@ -0,0 +1,8 @@ +#!/bin/sh + +for i in $*; do + mv $i $i.bak + sed -e '/Proof<\/code>\./,/Qed<\/code>\./d' $i.bak > $i + rm $i.bak +done + diff --git a/doc/style.css b/doc/style.css new file mode 100644 index 00000000..9c1eb491 --- /dev/null +++ b/doc/style.css @@ -0,0 +1,32 @@ +a:visited {color : #416DFF; text-decoration : none; } +a:link {color : #416DFF; text-decoration : none; font-weight : bold} +a:hover {color : Red; text-decoration : underline; } +a:active {color : Red; text-decoration : underline; } +.keyword { font-weight : bold ; color : Red } +.keywordsign { color : #C04600 } +.superscript { font-size : 4 } +.subscript { font-size : 4 } +.comment { color : Green } +.constructor { color : Blue } +.string { color : Maroon } +.warning { color : Red ; font-weight : bold } +.info { margin-left : 3em; margin-right : 3em } +#.title1 { font-size : 20pt ; background-color : #416DFF } +#.title2 { font-size : 20pt ; background-color : #418DFF } +#.title3 { font-size : 20pt ; background-color : #41ADFF } +#.title4 { font-size : 20pt ; background-color : #41CDFF } +#.title5 { font-size : 20pt ; background-color : #41EDFF } +#.title6 { font-size : 20pt ; background-color : #41FFFF } +body { + color: black; background: white; + margin-left: 10%; margin-right: 5%; +} +tr { background-color : White } +# .doc { background-color :#aaeeff } +# .doc { background-color :#66ff66 } +.doc { margin-left: -5%; } +.docright { margin-left: 40%; } +h1 { margin-left: -10%; text-align: right; } +h2 { margin-left: -5%; } +h3,h4,h5,h6 { margin-left: -3%; } +hr { margin-left: -10%; margin-right:-10%; } diff --git a/extraction/.depend b/extraction/.depend new file mode 100644 index 00000000..1067a0a7 --- /dev/null +++ b/extraction/.depend @@ -0,0 +1,395 @@ +../caml/Allocationaux.cmi: Locations.cmi List.cmi Datatypes.cmi +../caml/CMlexer.cmi: ../caml/CMparser.cmi +../caml/CMparser.cmi: Cminor.cmi AST.cmi +../caml/Coloringaux.cmi: Registers.cmi RTLtyping.cmi RTL.cmi Locations.cmi \ + InterfGraph.cmi +../caml/PrintPPC.cmi: PPC.cmi +../caml/Allocationaux.cmo: Locations.cmi List.cmi Datatypes.cmi \ + ../caml/Camlcoq.cmo AST.cmi ../caml/Allocationaux.cmi +../caml/Allocationaux.cmx: Locations.cmx List.cmx Datatypes.cmx \ + ../caml/Camlcoq.cmx AST.cmx ../caml/Allocationaux.cmi +../caml/Camlcoq.cmo: List.cmi Integers.cmi Datatypes.cmi BinPos.cmi \ + BinInt.cmi +../caml/Camlcoq.cmx: List.cmx Integers.cmx Datatypes.cmx BinPos.cmx \ + BinInt.cmx +../caml/CMlexer.cmo: ../caml/Camlcoq.cmo ../caml/CMparser.cmi \ + ../caml/CMlexer.cmi +../caml/CMlexer.cmx: ../caml/Camlcoq.cmx ../caml/CMparser.cmx \ + ../caml/CMlexer.cmi +../caml/CMparser.cmo: Op.cmi List.cmi Integers.cmi Datatypes.cmi Cminor.cmi \ + Cmconstr.cmi ../caml/Camlcoq.cmo BinPos.cmi BinInt.cmi AST.cmi \ + ../caml/CMparser.cmi +../caml/CMparser.cmx: Op.cmx List.cmx Integers.cmx Datatypes.cmx Cminor.cmx \ + Cmconstr.cmx ../caml/Camlcoq.cmx BinPos.cmx BinInt.cmx AST.cmx \ + ../caml/CMparser.cmi +../caml/Coloringaux.cmo: Registers.cmi RTLtyping.cmi RTL.cmi Maps.cmi \ + Locations.cmi InterfGraph.cmi Datatypes.cmi Conventions.cmi \ + ../caml/Camlcoq.cmo BinPos.cmi BinInt.cmi AST.cmi ../caml/Coloringaux.cmi +../caml/Coloringaux.cmx: Registers.cmx RTLtyping.cmx RTL.cmx Maps.cmx \ + Locations.cmx InterfGraph.cmx Datatypes.cmx Conventions.cmx \ + ../caml/Camlcoq.cmx BinPos.cmx BinInt.cmx AST.cmx ../caml/Coloringaux.cmi +../caml/Floataux.cmo: ../caml/Camlcoq.cmo AST.cmi +../caml/Floataux.cmx: ../caml/Camlcoq.cmx AST.cmx +../caml/Main2.cmo: ../caml/PrintPPC.cmi Main.cmi Datatypes.cmi \ + ../caml/CMparser.cmi ../caml/CMlexer.cmi +../caml/Main2.cmx: ../caml/PrintPPC.cmx Main.cmx Datatypes.cmx \ + ../caml/CMparser.cmx ../caml/CMlexer.cmx +../caml/PrintPPC.cmo: PPC.cmi List.cmi Datatypes.cmi ../caml/Camlcoq.cmo \ + AST.cmi ../caml/PrintPPC.cmi +../caml/PrintPPC.cmx: PPC.cmx List.cmx Datatypes.cmx ../caml/Camlcoq.cmx \ + AST.cmx ../caml/PrintPPC.cmi +../caml/RTLgenaux.cmo: Cminor.cmi +../caml/RTLgenaux.cmx: Cminor.cmx +Allocation.cmi: Specif.cmi Registers.cmi RTLtyping.cmi RTL.cmi \ + Parallelmove.cmi Op.cmi Maps.cmi Locations.cmi List.cmi LTL.cmi \ + Datatypes.cmi Conventions.cmi Coloring.cmi BinPos.cmi AST.cmi +AST.cmi: Specif.cmi List.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi BinInt.cmi +BinInt.cmi: Datatypes.cmi BinPos.cmi BinNat.cmi +BinNat.cmi: Datatypes.cmi BinPos.cmi +BinPos.cmi: Peano.cmi Datatypes.cmi +Bool.cmi: Specif.cmi Datatypes.cmi +Cmconstr.cmi: Specif.cmi Op.cmi List.cmi Integers.cmi Datatypes.cmi \ + Compare_dec.cmi Cminor.cmi BinPos.cmi BinInt.cmi AST.cmi +Cminorgen.cmi: Zmin.cmi Specif.cmi Op.cmi Mem.cmi Maps.cmi List.cmi \ + Integers.cmi Datatypes.cmi Csharpminor.cmi Coqlib.cmi Cminor.cmi \ + Cmconstr.cmi BinPos.cmi BinInt.cmi AST.cmi +Cminor.cmi: Values.cmi Op.cmi Maps.cmi List.cmi Globalenvs.cmi Datatypes.cmi \ + BinInt.cmi AST.cmi +Coloring.cmi: Specif.cmi Registers.cmi RTLtyping.cmi RTL.cmi Op.cmi Maps.cmi \ + Locations.cmi List.cmi InterfGraph.cmi Datatypes.cmi Coqlib.cmi \ + Conventions.cmi BinInt.cmi AST.cmi +Compare_dec.cmi: Specif.cmi Datatypes.cmi +Constprop.cmi: Specif.cmi Registers.cmi RTL.cmi Op.cmi Maps.cmi List.cmi \ + Integers.cmi Floats.cmi Datatypes.cmi Bool.cmi BinPos.cmi BinInt.cmi \ + AST.cmi +Conventions.cmi: Locations.cmi List.cmi Datatypes.cmi BinPos.cmi BinInt.cmi \ + AST.cmi +Coqlib.cmi: Zdiv.cmi ZArith_dec.cmi Wf.cmi Specif.cmi List.cmi Datatypes.cmi \ + BinPos.cmi BinInt.cmi +CSE.cmi: Specif.cmi Registers.cmi RTL.cmi Op.cmi Maps.cmi List.cmi \ + Integers.cmi Floats.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi AST.cmi +Csharpminor.cmi: Zmin.cmi Values.cmi Specif.cmi Mem.cmi Maps.cmi List.cmi \ + Integers.cmi Globalenvs.cmi Floats.cmi Datatypes.cmi BinPos.cmi \ + BinInt.cmi AST.cmi +Floats.cmi: Specif.cmi Integers.cmi Datatypes.cmi AST.cmi +FSetAVL.cmi: ZArith_dec.cmi Wf.cmi Specif.cmi Peano.cmi List.cmi \ + FSetInterface.cmi Datatypes.cmi BinPos.cmi BinInt.cmi +FSetBridge.cmi: Specif.cmi List.cmi FSetInterface.cmi Datatypes.cmi +FSetInterface.cmi: Specif.cmi List.cmi Datatypes.cmi +FSetList.cmi: Specif.cmi List.cmi FSetInterface.cmi Datatypes.cmi +Globalenvs.cmi: Values.cmi Mem.cmi Maps.cmi List.cmi Integers.cmi \ + Datatypes.cmi BinPos.cmi BinInt.cmi AST.cmi +Integers.cmi: Zpower.cmi Zdiv.cmi Specif.cmi List.cmi Datatypes.cmi \ + Coqlib.cmi Bool.cmi BinPos.cmi BinInt.cmi AST.cmi +InterfGraph.cmi: Specif.cmi Registers.cmi Locations.cmi List.cmi \ + FSetInterface.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi BinInt.cmi +Kildall.cmi: Wf.cmi Specif.cmi Maps.cmi List.cmi Lattice.cmi Datatypes.cmi \ + Coqlib.cmi BinPos.cmi +Lattice.cmi: Specif.cmi Maps.cmi Datatypes.cmi BinPos.cmi +Linearize.cmi: Specif.cmi Op.cmi Maps.cmi List.cmi Linear.cmi Lattice.cmi \ + LTL.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi AST.cmi +Linear.cmi: Values.cmi Specif.cmi Op.cmi Locations.cmi List.cmi Integers.cmi \ + Globalenvs.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi BinInt.cmi AST.cmi +Lineartyping.cmi: Zmin.cmi Locations.cmi List.cmi Linear.cmi Datatypes.cmi \ + Conventions.cmi BinPos.cmi BinInt.cmi AST.cmi +List.cmi: Specif.cmi Datatypes.cmi +Locations.cmi: Values.cmi Specif.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi \ + BinInt.cmi AST.cmi +LTL.cmi: Values.cmi Specif.cmi Op.cmi Maps.cmi Locations.cmi List.cmi \ + Integers.cmi Globalenvs.cmi Datatypes.cmi Conventions.cmi BinPos.cmi \ + BinInt.cmi AST.cmi +Mach.cmi: Zmin.cmi Zdiv.cmi Values.cmi Specif.cmi Op.cmi Mem.cmi \ + Locations.cmi List.cmi Integers.cmi Globalenvs.cmi Datatypes.cmi \ + Coqlib.cmi BinPos.cmi BinInt.cmi AST.cmi +Main.cmi: Tunneling.cmi Stacking.cmi RTLgen.cmi PPCgen.cmi PPC.cmi \ + Linearize.cmi Datatypes.cmi Csharpminor.cmi Constprop.cmi Cminorgen.cmi \ + Cminor.cmi CSE.cmi Allocation.cmi AST.cmi +Maps.cmi: Specif.cmi List.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi BinNat.cmi \ + BinInt.cmi +Mem.cmi: Values.cmi Specif.cmi List.cmi Integers.cmi Datatypes.cmi Coqlib.cmi \ + BinPos.cmi BinInt.cmi AST.cmi +Op.cmi: Values.cmi Specif.cmi List.cmi Integers.cmi Globalenvs.cmi Floats.cmi \ + Datatypes.cmi Bool.cmi BinPos.cmi BinInt.cmi AST.cmi +Ordered.cmi: Specif.cmi Maps.cmi FSetInterface.cmi Datatypes.cmi Coqlib.cmi \ + BinPos.cmi +Parallelmove.cmi: Wf.cmi Values.cmi Specif.cmi Peano.cmi Locations.cmi \ + List.cmi LTL.cmi Datatypes.cmi AST.cmi +Peano.cmi: Datatypes.cmi +PPCgen.cmi: Specif.cmi PPC.cmi Op.cmi Mach.cmi Locations.cmi List.cmi \ + Integers.cmi Datatypes.cmi Coqlib.cmi Bool.cmi BinPos.cmi BinInt.cmi \ + AST.cmi +PPC.cmi: Values.cmi Specif.cmi Mem.cmi List.cmi Integers.cmi Globalenvs.cmi \ + Floats.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi BinInt.cmi AST.cmi +Registers.cmi: Specif.cmi Maps.cmi List.cmi Datatypes.cmi Coqlib.cmi \ + BinPos.cmi AST.cmi +RTLgen.cmi: Specif.cmi Registers.cmi RTL.cmi Op.cmi Maps.cmi List.cmi \ + Datatypes.cmi Coqlib.cmi Cminor.cmi BinPos.cmi AST.cmi +RTL.cmi: Values.cmi Registers.cmi Op.cmi Maps.cmi List.cmi Integers.cmi \ + Globalenvs.cmi Datatypes.cmi BinPos.cmi BinInt.cmi AST.cmi +RTLtyping.cmi: Specif.cmi Registers.cmi RTL.cmi Op.cmi Maps.cmi List.cmi \ + Datatypes.cmi Coqlib.cmi BinPos.cmi AST.cmi +Sets.cmi: Specif.cmi Maps.cmi List.cmi Datatypes.cmi +Specif.cmi: Datatypes.cmi +Stacking.cmi: Specif.cmi Op.cmi Mach.cmi Locations.cmi List.cmi \ + Lineartyping.cmi Linear.cmi Integers.cmi Datatypes.cmi Coqlib.cmi \ + Conventions.cmi BinPos.cmi BinInt.cmi AST.cmi +Sumbool.cmi: Specif.cmi Datatypes.cmi +Tunneling.cmi: Maps.cmi List.cmi LTL.cmi Datatypes.cmi AST.cmi +union_find.cmi: Wf.cmi Specif.cmi Datatypes.cmi +Values.cmi: Specif.cmi Integers.cmi Floats.cmi Datatypes.cmi Coqlib.cmi \ + BinPos.cmi BinInt.cmi AST.cmi +ZArith_dec.cmi: Sumbool.cmi Specif.cmi Datatypes.cmi BinInt.cmi +Zbool.cmi: Zeven.cmi ZArith_dec.cmi Sumbool.cmi Specif.cmi Datatypes.cmi \ + BinInt.cmi +Zdiv.cmi: Zbool.cmi ZArith_dec.cmi Specif.cmi Datatypes.cmi BinPos.cmi \ + BinInt.cmi +Zeven.cmi: Specif.cmi Datatypes.cmi BinPos.cmi BinInt.cmi +Zmin.cmi: Datatypes.cmi BinInt.cmi +Zmisc.cmi: Datatypes.cmi BinPos.cmi BinInt.cmi +Zpower.cmi: Zmisc.cmi Datatypes.cmi BinPos.cmi BinInt.cmi +Allocation.cmo: Specif.cmi Registers.cmi RTLtyping.cmi RTL.cmi \ + Parallelmove.cmi Op.cmi Maps.cmi Locations.cmi List.cmi LTL.cmi \ + Kildall.cmi Datatypes.cmi Conventions.cmi Coloring.cmi BinPos.cmi AST.cmi \ + Allocation.cmi +Allocation.cmx: Specif.cmx Registers.cmx RTLtyping.cmx RTL.cmx \ + Parallelmove.cmx Op.cmx Maps.cmx Locations.cmx List.cmx LTL.cmx \ + Kildall.cmx Datatypes.cmx Conventions.cmx Coloring.cmx BinPos.cmx AST.cmx \ + Allocation.cmi +AST.cmo: Specif.cmi List.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi BinInt.cmi \ + AST.cmi +AST.cmx: Specif.cmx List.cmx Datatypes.cmx Coqlib.cmx BinPos.cmx BinInt.cmx \ + AST.cmi +BinInt.cmo: Datatypes.cmi BinPos.cmi BinNat.cmi BinInt.cmi +BinInt.cmx: Datatypes.cmx BinPos.cmx BinNat.cmx BinInt.cmi +BinNat.cmo: Datatypes.cmi BinPos.cmi BinNat.cmi +BinNat.cmx: Datatypes.cmx BinPos.cmx BinNat.cmi +BinPos.cmo: Peano.cmi Datatypes.cmi BinPos.cmi +BinPos.cmx: Peano.cmx Datatypes.cmx BinPos.cmi +Bool.cmo: Specif.cmi Datatypes.cmi Bool.cmi +Bool.cmx: Specif.cmx Datatypes.cmx Bool.cmi +Cmconstr.cmo: Specif.cmi Op.cmi List.cmi Integers.cmi Datatypes.cmi \ + Compare_dec.cmi Cminor.cmi BinPos.cmi BinInt.cmi AST.cmi Cmconstr.cmi +Cmconstr.cmx: Specif.cmx Op.cmx List.cmx Integers.cmx Datatypes.cmx \ + Compare_dec.cmx Cminor.cmx BinPos.cmx BinInt.cmx AST.cmx Cmconstr.cmi +Cminorgen.cmo: Zmin.cmi Specif.cmi Sets.cmi Op.cmi Mem.cmi Maps.cmi List.cmi \ + Integers.cmi Datatypes.cmi Csharpminor.cmi Coqlib.cmi Cminor.cmi \ + Cmconstr.cmi BinPos.cmi BinInt.cmi AST.cmi Cminorgen.cmi +Cminorgen.cmx: Zmin.cmx Specif.cmx Sets.cmx Op.cmx Mem.cmx Maps.cmx List.cmx \ + Integers.cmx Datatypes.cmx Csharpminor.cmx Coqlib.cmx Cminor.cmx \ + Cmconstr.cmx BinPos.cmx BinInt.cmx AST.cmx Cminorgen.cmi +Cminor.cmo: Values.cmi Op.cmi Maps.cmi List.cmi Globalenvs.cmi Datatypes.cmi \ + BinInt.cmi AST.cmi Cminor.cmi +Cminor.cmx: Values.cmx Op.cmx Maps.cmx List.cmx Globalenvs.cmx Datatypes.cmx \ + BinInt.cmx AST.cmx Cminor.cmi +Coloring.cmo: Specif.cmi Registers.cmi RTLtyping.cmi RTL.cmi Op.cmi Maps.cmi \ + Locations.cmi List.cmi InterfGraph.cmi Datatypes.cmi Coqlib.cmi \ + Conventions.cmi ../caml/Coloringaux.cmi BinInt.cmi AST.cmi Coloring.cmi +Coloring.cmx: Specif.cmx Registers.cmx RTLtyping.cmx RTL.cmx Op.cmx Maps.cmx \ + Locations.cmx List.cmx InterfGraph.cmx Datatypes.cmx Coqlib.cmx \ + Conventions.cmx ../caml/Coloringaux.cmx BinInt.cmx AST.cmx Coloring.cmi +Compare_dec.cmo: Specif.cmi Datatypes.cmi Compare_dec.cmi +Compare_dec.cmx: Specif.cmx Datatypes.cmx Compare_dec.cmi +Constprop.cmo: Specif.cmi Registers.cmi RTL.cmi Op.cmi Maps.cmi List.cmi \ + Lattice.cmi Kildall.cmi Integers.cmi Floats.cmi Datatypes.cmi Bool.cmi \ + BinPos.cmi BinInt.cmi AST.cmi Constprop.cmi +Constprop.cmx: Specif.cmx Registers.cmx RTL.cmx Op.cmx Maps.cmx List.cmx \ + Lattice.cmx Kildall.cmx Integers.cmx Floats.cmx Datatypes.cmx Bool.cmx \ + BinPos.cmx BinInt.cmx AST.cmx Constprop.cmi +Conventions.cmo: Locations.cmi List.cmi Datatypes.cmi BinPos.cmi BinInt.cmi \ + AST.cmi Conventions.cmi +Conventions.cmx: Locations.cmx List.cmx Datatypes.cmx BinPos.cmx BinInt.cmx \ + AST.cmx Conventions.cmi +Coqlib.cmo: Zdiv.cmi ZArith_dec.cmi Wf.cmi Specif.cmi List.cmi Datatypes.cmi \ + BinPos.cmi BinInt.cmi Coqlib.cmi +Coqlib.cmx: Zdiv.cmx ZArith_dec.cmx Wf.cmx Specif.cmx List.cmx Datatypes.cmx \ + BinPos.cmx BinInt.cmx Coqlib.cmi +CSE.cmo: Specif.cmi Registers.cmi RTL.cmi Op.cmi Maps.cmi List.cmi \ + Kildall.cmi Integers.cmi Floats.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi \ + AST.cmi CSE.cmi +CSE.cmx: Specif.cmx Registers.cmx RTL.cmx Op.cmx Maps.cmx List.cmx \ + Kildall.cmx Integers.cmx Floats.cmx Datatypes.cmx Coqlib.cmx BinPos.cmx \ + AST.cmx CSE.cmi +Csharpminor.cmo: Zmin.cmi Values.cmi Specif.cmi Mem.cmi Maps.cmi List.cmi \ + Integers.cmi Globalenvs.cmi Floats.cmi Datatypes.cmi BinPos.cmi \ + BinInt.cmi AST.cmi Csharpminor.cmi +Csharpminor.cmx: Zmin.cmx Values.cmx Specif.cmx Mem.cmx Maps.cmx List.cmx \ + Integers.cmx Globalenvs.cmx Floats.cmx Datatypes.cmx BinPos.cmx \ + BinInt.cmx AST.cmx Csharpminor.cmi +Datatypes.cmo: Datatypes.cmi +Datatypes.cmx: Datatypes.cmi +Floats.cmo: Specif.cmi Integers.cmi ../caml/Floataux.cmo Datatypes.cmi \ + AST.cmi Floats.cmi +Floats.cmx: Specif.cmx Integers.cmx ../caml/Floataux.cmx Datatypes.cmx \ + AST.cmx Floats.cmi +FSetAVL.cmo: ZArith_dec.cmi Wf.cmi Specif.cmi Peano.cmi List.cmi FSetList.cmi \ + FSetInterface.cmi Datatypes.cmi BinPos.cmi BinInt.cmi FSetAVL.cmi +FSetAVL.cmx: ZArith_dec.cmx Wf.cmx Specif.cmx Peano.cmx List.cmx FSetList.cmx \ + FSetInterface.cmx Datatypes.cmx BinPos.cmx BinInt.cmx FSetAVL.cmi +FSetBridge.cmo: Specif.cmi List.cmi FSetInterface.cmi Datatypes.cmi \ + FSetBridge.cmi +FSetBridge.cmx: Specif.cmx List.cmx FSetInterface.cmx Datatypes.cmx \ + FSetBridge.cmi +FSetInterface.cmo: Specif.cmi List.cmi Datatypes.cmi FSetInterface.cmi +FSetInterface.cmx: Specif.cmx List.cmx Datatypes.cmx FSetInterface.cmi +FSetList.cmo: Specif.cmi List.cmi FSetInterface.cmi Datatypes.cmi \ + FSetList.cmi +FSetList.cmx: Specif.cmx List.cmx FSetInterface.cmx Datatypes.cmx \ + FSetList.cmi +Globalenvs.cmo: Values.cmi Mem.cmi Maps.cmi List.cmi Integers.cmi \ + Datatypes.cmi BinPos.cmi BinInt.cmi AST.cmi Globalenvs.cmi +Globalenvs.cmx: Values.cmx Mem.cmx Maps.cmx List.cmx Integers.cmx \ + Datatypes.cmx BinPos.cmx BinInt.cmx AST.cmx Globalenvs.cmi +Integers.cmo: Zpower.cmi Zdiv.cmi Specif.cmi List.cmi Datatypes.cmi \ + Coqlib.cmi Bool.cmi BinPos.cmi BinInt.cmi AST.cmi Integers.cmi +Integers.cmx: Zpower.cmx Zdiv.cmx Specif.cmx List.cmx Datatypes.cmx \ + Coqlib.cmx Bool.cmx BinPos.cmx BinInt.cmx AST.cmx Integers.cmi +InterfGraph.cmo: Specif.cmi Registers.cmi Ordered.cmi Locations.cmi List.cmi \ + FSetInterface.cmi FSetBridge.cmi FSetAVL.cmi Datatypes.cmi Coqlib.cmi \ + BinPos.cmi BinInt.cmi InterfGraph.cmi +InterfGraph.cmx: Specif.cmx Registers.cmx Ordered.cmx Locations.cmx List.cmx \ + FSetInterface.cmx FSetBridge.cmx FSetAVL.cmx Datatypes.cmx Coqlib.cmx \ + BinPos.cmx BinInt.cmx InterfGraph.cmi +Kildall.cmo: Wf.cmi Specif.cmi Maps.cmi List.cmi Lattice.cmi Datatypes.cmi \ + Coqlib.cmi BinPos.cmi Kildall.cmi +Kildall.cmx: Wf.cmx Specif.cmx Maps.cmx List.cmx Lattice.cmx Datatypes.cmx \ + Coqlib.cmx BinPos.cmx Kildall.cmi +Lattice.cmo: Specif.cmi Maps.cmi Datatypes.cmi BinPos.cmi Lattice.cmi +Lattice.cmx: Specif.cmx Maps.cmx Datatypes.cmx BinPos.cmx Lattice.cmi +Linearize.cmo: Specif.cmi Op.cmi Maps.cmi List.cmi Linear.cmi Lattice.cmi \ + LTL.cmi Kildall.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi AST.cmi \ + Linearize.cmi +Linearize.cmx: Specif.cmx Op.cmx Maps.cmx List.cmx Linear.cmx Lattice.cmx \ + LTL.cmx Kildall.cmx Datatypes.cmx Coqlib.cmx BinPos.cmx AST.cmx \ + Linearize.cmi +Linear.cmo: Values.cmi Specif.cmi Op.cmi Locations.cmi List.cmi Integers.cmi \ + Globalenvs.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi BinInt.cmi AST.cmi \ + Linear.cmi +Linear.cmx: Values.cmx Specif.cmx Op.cmx Locations.cmx List.cmx Integers.cmx \ + Globalenvs.cmx Datatypes.cmx Coqlib.cmx BinPos.cmx BinInt.cmx AST.cmx \ + Linear.cmi +Lineartyping.cmo: Zmin.cmi Locations.cmi List.cmi Linear.cmi Datatypes.cmi \ + Conventions.cmi BinPos.cmi BinInt.cmi AST.cmi Lineartyping.cmi +Lineartyping.cmx: Zmin.cmx Locations.cmx List.cmx Linear.cmx Datatypes.cmx \ + Conventions.cmx BinPos.cmx BinInt.cmx AST.cmx Lineartyping.cmi +List.cmo: Specif.cmi Datatypes.cmi List.cmi +List.cmx: Specif.cmx Datatypes.cmx List.cmi +Locations.cmo: Values.cmi Specif.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi \ + BinInt.cmi AST.cmi Locations.cmi +Locations.cmx: Values.cmx Specif.cmx Datatypes.cmx Coqlib.cmx BinPos.cmx \ + BinInt.cmx AST.cmx Locations.cmi +Logic.cmo: Logic.cmi +Logic.cmx: Logic.cmi +LTL.cmo: Values.cmi Specif.cmi Op.cmi Maps.cmi Locations.cmi List.cmi \ + Integers.cmi Globalenvs.cmi Datatypes.cmi Conventions.cmi BinPos.cmi \ + BinInt.cmi AST.cmi LTL.cmi +LTL.cmx: Values.cmx Specif.cmx Op.cmx Maps.cmx Locations.cmx List.cmx \ + Integers.cmx Globalenvs.cmx Datatypes.cmx Conventions.cmx BinPos.cmx \ + BinInt.cmx AST.cmx LTL.cmi +Mach.cmo: Zmin.cmi Zdiv.cmi Values.cmi Specif.cmi Op.cmi Mem.cmi Maps.cmi \ + Locations.cmi List.cmi Integers.cmi Globalenvs.cmi Datatypes.cmi \ + Coqlib.cmi BinPos.cmi BinInt.cmi AST.cmi Mach.cmi +Mach.cmx: Zmin.cmx Zdiv.cmx Values.cmx Specif.cmx Op.cmx Mem.cmx Maps.cmx \ + Locations.cmx List.cmx Integers.cmx Globalenvs.cmx Datatypes.cmx \ + Coqlib.cmx BinPos.cmx BinInt.cmx AST.cmx Mach.cmi +Main.cmo: Tunneling.cmi Stacking.cmi RTLgen.cmi PPCgen.cmi PPC.cmi \ + Linearize.cmi Datatypes.cmi Csharpminor.cmi Constprop.cmi Cminorgen.cmi \ + Cminor.cmi CSE.cmi Allocation.cmi AST.cmi Main.cmi +Main.cmx: Tunneling.cmx Stacking.cmx RTLgen.cmx PPCgen.cmx PPC.cmx \ + Linearize.cmx Datatypes.cmx Csharpminor.cmx Constprop.cmx Cminorgen.cmx \ + Cminor.cmx CSE.cmx Allocation.cmx AST.cmx Main.cmi +Maps.cmo: Specif.cmi List.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi BinNat.cmi \ + BinInt.cmi Maps.cmi +Maps.cmx: Specif.cmx List.cmx Datatypes.cmx Coqlib.cmx BinPos.cmx BinNat.cmx \ + BinInt.cmx Maps.cmi +Mem.cmo: Values.cmi Specif.cmi List.cmi Integers.cmi Datatypes.cmi Coqlib.cmi \ + BinPos.cmi BinInt.cmi AST.cmi Mem.cmi +Mem.cmx: Values.cmx Specif.cmx List.cmx Integers.cmx Datatypes.cmx Coqlib.cmx \ + BinPos.cmx BinInt.cmx AST.cmx Mem.cmi +Op.cmo: Values.cmi Specif.cmi List.cmi Integers.cmi Globalenvs.cmi Floats.cmi \ + Datatypes.cmi Bool.cmi BinPos.cmi BinInt.cmi AST.cmi Op.cmi +Op.cmx: Values.cmx Specif.cmx List.cmx Integers.cmx Globalenvs.cmx Floats.cmx \ + Datatypes.cmx Bool.cmx BinPos.cmx BinInt.cmx AST.cmx Op.cmi +Ordered.cmo: Specif.cmi Maps.cmi FSetInterface.cmi Datatypes.cmi Coqlib.cmi \ + BinPos.cmi Ordered.cmi +Ordered.cmx: Specif.cmx Maps.cmx FSetInterface.cmx Datatypes.cmx Coqlib.cmx \ + BinPos.cmx Ordered.cmi +Parallelmove.cmo: Wf.cmi Values.cmi Specif.cmi Peano.cmi Locations.cmi \ + List.cmi LTL.cmi Datatypes.cmi AST.cmi Parallelmove.cmi +Parallelmove.cmx: Wf.cmx Values.cmx Specif.cmx Peano.cmx Locations.cmx \ + List.cmx LTL.cmx Datatypes.cmx AST.cmx Parallelmove.cmi +Peano.cmo: Datatypes.cmi Peano.cmi +Peano.cmx: Datatypes.cmx Peano.cmi +PPCgen.cmo: Specif.cmi PPC.cmi Op.cmi Mach.cmi Locations.cmi List.cmi \ + Integers.cmi Datatypes.cmi Coqlib.cmi Bool.cmi BinPos.cmi BinInt.cmi \ + AST.cmi PPCgen.cmi +PPCgen.cmx: Specif.cmx PPC.cmx Op.cmx Mach.cmx Locations.cmx List.cmx \ + Integers.cmx Datatypes.cmx Coqlib.cmx Bool.cmx BinPos.cmx BinInt.cmx \ + AST.cmx PPCgen.cmi +PPC.cmo: Values.cmi Specif.cmi Mem.cmi Maps.cmi List.cmi Integers.cmi \ + Globalenvs.cmi Floats.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi BinInt.cmi \ + AST.cmi PPC.cmi +PPC.cmx: Values.cmx Specif.cmx Mem.cmx Maps.cmx List.cmx Integers.cmx \ + Globalenvs.cmx Floats.cmx Datatypes.cmx Coqlib.cmx BinPos.cmx BinInt.cmx \ + AST.cmx PPC.cmi +Registers.cmo: Specif.cmi Sets.cmi Maps.cmi List.cmi Datatypes.cmi Coqlib.cmi \ + BinPos.cmi AST.cmi Registers.cmi +Registers.cmx: Specif.cmx Sets.cmx Maps.cmx List.cmx Datatypes.cmx Coqlib.cmx \ + BinPos.cmx AST.cmx Registers.cmi +RTLgen.cmo: Specif.cmi Registers.cmi ../caml/RTLgenaux.cmo RTL.cmi Op.cmi \ + Maps.cmi List.cmi Datatypes.cmi Coqlib.cmi Cminor.cmi BinPos.cmi AST.cmi \ + RTLgen.cmi +RTLgen.cmx: Specif.cmx Registers.cmx ../caml/RTLgenaux.cmx RTL.cmx Op.cmx \ + Maps.cmx List.cmx Datatypes.cmx Coqlib.cmx Cminor.cmx BinPos.cmx AST.cmx \ + RTLgen.cmi +RTL.cmo: Values.cmi Registers.cmi Op.cmi Maps.cmi List.cmi Integers.cmi \ + Globalenvs.cmi Datatypes.cmi BinPos.cmi BinInt.cmi AST.cmi RTL.cmi +RTL.cmx: Values.cmx Registers.cmx Op.cmx Maps.cmx List.cmx Integers.cmx \ + Globalenvs.cmx Datatypes.cmx BinPos.cmx BinInt.cmx AST.cmx RTL.cmi +RTLtyping.cmo: union_find.cmi Specif.cmi Registers.cmi RTL.cmi Op.cmi \ + Maps.cmi List.cmi Datatypes.cmi Coqlib.cmi BinPos.cmi AST.cmi \ + RTLtyping.cmi +RTLtyping.cmx: union_find.cmx Specif.cmx Registers.cmx RTL.cmx Op.cmx \ + Maps.cmx List.cmx Datatypes.cmx Coqlib.cmx BinPos.cmx AST.cmx \ + RTLtyping.cmi +Sets.cmo: Specif.cmi Maps.cmi List.cmi Datatypes.cmi Sets.cmi +Sets.cmx: Specif.cmx Maps.cmx List.cmx Datatypes.cmx Sets.cmi +Specif.cmo: Datatypes.cmi Specif.cmi +Specif.cmx: Datatypes.cmx Specif.cmi +Stacking.cmo: Specif.cmi Op.cmi Mach.cmi Locations.cmi List.cmi \ + Lineartyping.cmi Linear.cmi Integers.cmi Datatypes.cmi Coqlib.cmi \ + Conventions.cmi BinPos.cmi BinInt.cmi AST.cmi Stacking.cmi +Stacking.cmx: Specif.cmx Op.cmx Mach.cmx Locations.cmx List.cmx \ + Lineartyping.cmx Linear.cmx Integers.cmx Datatypes.cmx Coqlib.cmx \ + Conventions.cmx BinPos.cmx BinInt.cmx AST.cmx Stacking.cmi +Sumbool.cmo: Specif.cmi Datatypes.cmi Sumbool.cmi +Sumbool.cmx: Specif.cmx Datatypes.cmx Sumbool.cmi +Tunneling.cmo: Maps.cmi List.cmi LTL.cmi Datatypes.cmi AST.cmi Tunneling.cmi +Tunneling.cmx: Maps.cmx List.cmx LTL.cmx Datatypes.cmx AST.cmx Tunneling.cmi +union_find.cmo: Wf.cmi Specif.cmi Datatypes.cmi union_find.cmi +union_find.cmx: Wf.cmx Specif.cmx Datatypes.cmx union_find.cmi +Values.cmo: Specif.cmi Integers.cmi Floats.cmi Datatypes.cmi Coqlib.cmi \ + BinPos.cmi BinInt.cmi AST.cmi Values.cmi +Values.cmx: Specif.cmx Integers.cmx Floats.cmx Datatypes.cmx Coqlib.cmx \ + BinPos.cmx BinInt.cmx AST.cmx Values.cmi +Wf.cmo: Wf.cmi +Wf.cmx: Wf.cmi +ZArith_dec.cmo: Sumbool.cmi Specif.cmi Datatypes.cmi BinInt.cmi \ + ZArith_dec.cmi +ZArith_dec.cmx: Sumbool.cmx Specif.cmx Datatypes.cmx BinInt.cmx \ + ZArith_dec.cmi +Zbool.cmo: Zeven.cmi ZArith_dec.cmi Sumbool.cmi Specif.cmi Datatypes.cmi \ + BinInt.cmi Zbool.cmi +Zbool.cmx: Zeven.cmx ZArith_dec.cmx Sumbool.cmx Specif.cmx Datatypes.cmx \ + BinInt.cmx Zbool.cmi +Zdiv.cmo: Zbool.cmi ZArith_dec.cmi Specif.cmi Datatypes.cmi BinPos.cmi \ + BinInt.cmi Zdiv.cmi +Zdiv.cmx: Zbool.cmx ZArith_dec.cmx Specif.cmx Datatypes.cmx BinPos.cmx \ + BinInt.cmx Zdiv.cmi +Zeven.cmo: Specif.cmi Datatypes.cmi BinPos.cmi BinInt.cmi Zeven.cmi +Zeven.cmx: Specif.cmx Datatypes.cmx BinPos.cmx BinInt.cmx Zeven.cmi +Zmin.cmo: Datatypes.cmi BinInt.cmi Zmin.cmi +Zmin.cmx: Datatypes.cmx BinInt.cmx Zmin.cmi +Zmisc.cmo: Datatypes.cmi BinPos.cmi BinInt.cmi Zmisc.cmi +Zmisc.cmx: Datatypes.cmx BinPos.cmx BinInt.cmx Zmisc.cmi +Zpower.cmo: Zmisc.cmi Datatypes.cmi BinPos.cmi BinInt.cmi Zpower.cmi +Zpower.cmx: Zmisc.cmx Datatypes.cmx BinPos.cmx BinInt.cmx Zpower.cmi diff --git a/extraction/Kildall.ml.patch b/extraction/Kildall.ml.patch new file mode 100644 index 00000000..a091385d --- /dev/null +++ b/extraction/Kildall.ml.patch @@ -0,0 +1,22 @@ +*** Kildall.ml.orig 2006-02-09 11:47:52.000000000 +0100 +--- Kildall.ml 2006-02-09 13:42:35.103321691 +0100 +*************** +*** 191,199 **** + Maps.PMap.t option **) + + let fixpoint successors topnode transf entrypoints = +! DS.fixpoint (fun s -> +! Maps.PMap.get s (make_predecessors successors topnode)) topnode transf +! entrypoints + end + + module type ORDERED_TYPE_WITH_TOP = +--- 191,198 ---- + Maps.PMap.t option **) + + let fixpoint successors topnode transf entrypoints = +! let pred = make_predecessors successors topnode in +! DS.fixpoint (fun s -> Maps.PMap.get s pred) topnode transf entrypoints + end + + module type ORDERED_TYPE_WITH_TOP = diff --git a/extraction/Linearize.ml.patch b/extraction/Linearize.ml.patch new file mode 100644 index 00000000..47b6cc9b --- /dev/null +++ b/extraction/Linearize.ml.patch @@ -0,0 +1,22 @@ +*** Linearize.ml.orig 2006-02-09 11:47:55.000000000 +0100 +--- Linearize.ml 2006-02-09 11:58:42.000000000 +0100 +*************** +*** 28,35 **** + (** val enumerate : LTL.coq_function -> node list **) + + let enumerate f = + positive_rec Coq_nil (fun pc nodes -> +! match Maps.PMap.get pc (reachable f) with + | true -> Coq_cons (pc, nodes) + | false -> nodes) (coq_Psucc f.fn_entrypoint) + +--- 28,36 ---- + (** val enumerate : LTL.coq_function -> node list **) + + let enumerate f = ++ let reach = reachable f in + positive_rec Coq_nil (fun pc nodes -> +! match Maps.PMap.get pc reach with + | true -> Coq_cons (pc, nodes) + | false -> nodes) (coq_Psucc f.fn_entrypoint) + diff --git a/extraction/Makefile b/extraction/Makefile new file mode 100644 index 00000000..038b3d00 --- /dev/null +++ b/extraction/Makefile @@ -0,0 +1,91 @@ +FILES=\ + Datatypes.ml Logic.ml Wf.ml Peano.ml Specif.ml Compare_dec.ml \ + Bool.ml List.ml Sumbool.ml BinPos.ml BinNat.ml BinInt.ml \ + ZArith_dec.ml Zeven.ml Zmin.ml Zmisc.ml Zbool.ml Zpower.ml Zdiv.ml \ + FSetInterface.ml FSetBridge.ml FSetList.ml FSetAVL.ml \ + Coqlib.ml Maps.ml Sets.ml union_find.ml AST.ml Integers.ml \ + ../caml/Camlcoq.ml ../caml/Floataux.ml Floats.ml Values.ml \ + Mem.ml Globalenvs.ml \ + Op.ml Cminor.ml Cmconstr.ml \ + Csharpminor.ml Cminorgen.ml \ + Registers.ml RTL.ml \ + ../caml/RTLgenaux.ml RTLgen.ml \ + RTLtyping.ml \ + Lattice.ml Kildall.ml \ + Constprop.ml CSE.ml \ + Locations.ml Conventions.ml LTL.ml \ + Ordered.ml InterfGraph.ml ../caml/Coloringaux.ml Coloring.ml \ + Parallelmove.ml Allocation.ml \ + Tunneling.ml Linear.ml Lineartyping.ml Linearize.ml \ + Mach.ml Stacking.ml \ + PPC.ml PPCgen.ml \ + Main.ml \ + ../caml/CMparser.ml ../caml/CMlexer.ml \ + ../caml/PrintPPC.ml ../caml/Main2.ml + +EXTRACTEDFILES:=$(filter-out ../caml/%, $(FILES)) +GENFILES:=$(EXTRACTEDFILES) $(EXTRACTEDFILES:.ml=.mli) + +CAMLINCL=-I ../caml +OCAMLC=ocamlc -g $(CAMLINCL) +OCAMLOPT=ocamlopt $(CAMLINCL) +OCAMLDEP=ocamldep $(CAMLINCL) + +COQINCL=-I ../lib -I ../backend +COQEXEC=coqtop $(COQINCL) -batch -load-vernac-source + +../ccomp: $(FILES:.ml=.cmo) + $(OCAMLC) -o ../ccomp $(FILES:.ml=.cmo) + +../ccomp.opt: Pack.cmx + $(OCAMLOPT) -o ../ccomp.opt Pack.cmx + +Pack.cmx: $(FILES:.ml=.cmx) + $(OCAMLOPT) -pack -o Pack.cmx $(FILES:.ml=.cmx) + +extraction: + @rm -f $(GENFILES) + $(COQEXEC) extraction.v + @echo "Fixing file names..." + @for i in $(GENFILES); do \ + j=`./uncapitalize $$i`; \ + test -f $$i || (test -f $$j && mv $$j $$i); \ + done + @echo "Patching files..." + @for i in *.patch; do patch < $$i; done + +../caml/CMparser.ml ../caml/CMparser.mli: ../caml/CMparser.mly + ocamlyacc -v ../caml/CMparser.mly + +beforedepend:: ../caml/CMparser.ml ../caml/CMparser.mli +clean:: + rm -f ../caml/CMparser.ml ../caml/CMparser.mli ../caml/CMparser.output + +../caml/CMlexer.ml: ../caml/CMlexer.mll + ocamllex ../caml/CMlexer.mll + +beforedepend:: ../caml/CMlexer.ml +clean:: + rm -f ../caml/CMlexer.ml + +.SUFFIXES: .ml .mli .cmo .cmi .cmx + +.mli.cmi: + $(OCAMLC) -c $*.mli +.ml.cmo: + $(OCAMLC) -c $*.ml +.ml.cmx: + $(OCAMLOPT) -c $*.ml + +clean:: + rm -f $(GENFILES) + rm -f *.cm? *.o + cd ../caml && rm -f *.cm? *.o + rm -f ccomp + +depend: beforedepend + $(OCAMLDEP) ../caml/*.mli ../caml/*.ml *.mli *.ml > .depend + +include .depend + + diff --git a/extraction/extraction.v b/extraction/extraction.v new file mode 100644 index 00000000..17178822 --- /dev/null +++ b/extraction/extraction.v @@ -0,0 +1,53 @@ +Require Floats. +Require Kildall. +Require RTLgen. +Require Coloring. +Require Allocation. +Require Cmconstr. +Require Main. + +(* Standard lib *) +Extract Inductive unit => "unit" [ "()" ]. +Extract Inductive bool => "bool" [ "true" "false" ]. +Extract Inductive sumbool => "bool" [ "true" "false" ]. + +(* Float *) +Extract Inlined Constant Floats.float => "float". +Extract Constant Floats.Float.zero => "0.". +Extract Constant Floats.Float.one => "1.". +Extract Constant Floats.Float.neg => "( ~-. )". +Extract Constant Floats.Float.abs => "abs_float". +Extract Constant Floats.Float.singleoffloat => "Floataux.singleoffloat". +Extract Constant Floats.Float.intoffloat => "Floataux.intoffloat". +Extract Constant Floats.Float.floatofint => "Floataux.floatofint". +Extract Constant Floats.Float.floatofintu => "Floataux.floatofintu". +Extract Constant Floats.Float.add => "( +. )". +Extract Constant Floats.Float.sub => "( -. )". +Extract Constant Floats.Float.mul => "( *. )". +Extract Constant Floats.Float.div => "( /. )". +Extract Constant Floats.Float.cmp => "Floataux.cmp". +Extract Constant Floats.Float.eq_dec => "fun (x: float) (y: float) -> x = y". + +(* RTLgen *) +Extract Constant RTLgen.more_likely => "RTLgenaux.more_likely". + +(* Coloring *) +Extract Constant Coloring.graph_coloring => "Coloringaux.graph_coloring". + +(* PPC *) +Extract Constant PPC.low_half_signed => "fun _ -> assert false". +Extract Constant PPC.high_half_signed => "fun _ -> assert false". +Extract Constant PPC.low_half_unsigned => "fun _ -> assert false". +Extract Constant PPC.high_half_unsigned => "fun _ -> assert false". + +(* Suppression of stupidly big equality functions *) +Extract Constant CSE.eq_rhs => "fun (x: rhs) (y: rhs) -> x = y". +Extract Constant Locations.mreg_eq => "fun (x: mreg) (y: mreg) -> x = y". +Extract Constant PPC.ireg_eq => "fun (x: ireg) (y: ireg) -> x = y". +Extract Constant PPC.freg_eq => "fun (x: freg) (y: freg) -> x = y". +Extract Constant PPC.preg_eq => "fun (x: preg) (y: preg) -> x = y". + +(* Go! *) +Recursive Extraction Library Main. +(*Extraction Library Compare_dec. + Extraction Library Cmconstr.*) diff --git a/extraction/uncapitalize b/extraction/uncapitalize new file mode 100755 index 00000000..d724b8fd --- /dev/null +++ b/extraction/uncapitalize @@ -0,0 +1,6 @@ +#!/bin/sh +echo $1 | sed -e 'h +s/\(.\).*/\1/ +y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ +G +s/\n.//' diff --git a/lib/Coqlib.v b/lib/Coqlib.v new file mode 100644 index 00000000..039dd03b --- /dev/null +++ b/lib/Coqlib.v @@ -0,0 +1,709 @@ +(** This file collects a number of definitions and theorems that are + used throughout the development. It complements the Coq standard + library. *) + +Require Export ZArith. +Require Export List. +Require Import Wf_nat. + +(** * Logical axioms *) + +(** We use two logical axioms that are not provable in Coq but consistent + with the logic: function extensionality and proof irrelevance. + These are used in the memory model to show that two memory states + that have identical contents are equal. *) + +Axiom extensionality: + forall (A B: Set) (f g : A -> B), + (forall x, f x = g x) -> f = g. + +Axiom proof_irrelevance: + forall (P: Prop) (p1 p2: P), p1 = p2. + +(** * Useful tactics *) + +Ltac predSpec pred predspec x y := + generalize (predspec x y); case (pred x y); intro. + +Ltac caseEq name := + generalize (refl_equal name); pattern name at -1 in |- *; case name. + +Ltac destructEq name := + generalize (refl_equal name); pattern name at -1 in |- *; destruct name; intro. + +Ltac decEq := + match goal with + | [ |- (_, _) = (_, _) ] => + apply injective_projections; unfold fst,snd; try reflexivity + | [ |- (@Some ?T _ = @Some ?T _) ] => + apply (f_equal (@Some T)); try reflexivity + | [ |- (?X _ _ _ _ _ = ?X _ _ _ _ _) ] => + apply (f_equal5 X); try reflexivity + | [ |- (?X _ _ _ _ = ?X _ _ _ _) ] => + apply (f_equal4 X); try reflexivity + | [ |- (?X _ _ _ = ?X _ _ _) ] => + apply (f_equal3 X); try reflexivity + | [ |- (?X _ _ = ?X _ _) ] => + apply (f_equal2 X); try reflexivity + | [ |- (?X _ = ?X _) ] => + apply (f_equal X); try reflexivity + | [ |- (?X ?A <> ?X ?B) ] => + cut (A <> B); [intro; congruence | try discriminate] + end. + +Ltac byContradiction := + cut False; [contradiction|idtac]. + +Ltac omegaContradiction := + cut False; [contradiction|omega]. + +(** * Definitions and theorems over the type [positive] *) + +Definition peq (x y: positive): {x = y} + {x <> y}. +Proof. + intros. caseEq (Pcompare x y Eq). + intro. left. apply Pcompare_Eq_eq; auto. + intro. right. red. intro. subst y. rewrite (Pcompare_refl x) in H. discriminate. + intro. right. red. intro. subst y. rewrite (Pcompare_refl x) in H. discriminate. +Qed. + +Lemma peq_true: + forall (A: Set) (x: positive) (a b: A), (if peq x x then a else b) = a. +Proof. + intros. case (peq x x); intros. + auto. + elim n; auto. +Qed. + +Lemma peq_false: + forall (A: Set) (x y: positive) (a b: A), x <> y -> (if peq x y then a else b) = b. +Proof. + intros. case (peq x y); intros. + elim H; auto. + auto. +Qed. + +Definition Plt (x y: positive): Prop := Zlt (Zpos x) (Zpos y). + +Lemma Plt_ne: + forall (x y: positive), Plt x y -> x <> y. +Proof. + unfold Plt; intros. red; intro. subst y. omega. +Qed. +Hint Resolve Plt_ne: coqlib. + +Lemma Plt_trans: + forall (x y z: positive), Plt x y -> Plt y z -> Plt x z. +Proof. + unfold Plt; intros; omega. +Qed. + +Remark Psucc_Zsucc: + forall (x: positive), Zpos (Psucc x) = Zsucc (Zpos x). +Proof. + intros. rewrite Pplus_one_succ_r. + reflexivity. +Qed. + +Lemma Plt_succ: + forall (x: positive), Plt x (Psucc x). +Proof. + intro. unfold Plt. rewrite Psucc_Zsucc. omega. +Qed. +Hint Resolve Plt_succ: coqlib. + +Lemma Plt_trans_succ: + forall (x y: positive), Plt x y -> Plt x (Psucc y). +Proof. + intros. apply Plt_trans with y. assumption. apply Plt_succ. +Qed. +Hint Resolve Plt_succ: coqlib. + +Lemma Plt_succ_inv: + forall (x y: positive), Plt x (Psucc y) -> Plt x y \/ x = y. +Proof. + intros x y. unfold Plt. rewrite Psucc_Zsucc. + intro. assert (A: (Zpos x < Zpos y)%Z \/ Zpos x = Zpos y). omega. + elim A; intro. left; auto. right; injection H0; auto. +Qed. + +Definition plt (x y: positive) : {Plt x y} + {~ Plt x y}. +Proof. + intros. unfold Plt. apply Z_lt_dec. +Qed. + +Definition Ple (p q: positive) := Zle (Zpos p) (Zpos q). + +Lemma Ple_refl: forall (p: positive), Ple p p. +Proof. + unfold Ple; intros; omega. +Qed. + +Lemma Ple_trans: forall (p q r: positive), Ple p q -> Ple q r -> Ple p r. +Proof. + unfold Ple; intros; omega. +Qed. + +Lemma Plt_Ple: forall (p q: positive), Plt p q -> Ple p q. +Proof. + unfold Plt, Ple; intros; omega. +Qed. + +Lemma Ple_succ: forall (p: positive), Ple p (Psucc p). +Proof. + intros. apply Plt_Ple. apply Plt_succ. +Qed. + +Lemma Plt_Ple_trans: + forall (p q r: positive), Plt p q -> Ple q r -> Plt p r. +Proof. + unfold Plt, Ple; intros; omega. +Qed. + +Lemma Plt_strict: forall p, ~ Plt p p. +Proof. + unfold Plt; intros. omega. +Qed. + +Hint Resolve Ple_refl Plt_Ple Ple_succ Plt_strict: coqlib. + +(** Peano recursion over positive numbers. *) + +Section POSITIVE_ITERATION. + +Lemma Plt_wf: well_founded Plt. +Proof. + apply well_founded_lt_compat with nat_of_P. + intros. apply nat_of_P_lt_Lt_compare_morphism. exact H. +Qed. + +Variable A: Set. +Variable v1: A. +Variable f: positive -> A -> A. + +Lemma Ppred_Plt: + forall x, x <> xH -> Plt (Ppred x) x. +Proof. + intros. elim (Psucc_pred x); intro. contradiction. + set (y := Ppred x) in *. rewrite <- H0. apply Plt_succ. +Qed. + +Let iter (x: positive) (P: forall y, Plt y x -> A) : A := + match peq x xH with + | left EQ => v1 + | right NOTEQ => f (Ppred x) (P (Ppred x) (Ppred_Plt x NOTEQ)) + end. + +Definition positive_rec : positive -> A := + Fix Plt_wf (fun _ => A) iter. + +Lemma unroll_positive_rec: + forall x, + positive_rec x = iter x (fun y _ => positive_rec y). +Proof. + unfold positive_rec. apply (Fix_eq Plt_wf (fun _ => A) iter). + intros. unfold iter. case (peq x 1); intro. auto. decEq. apply H. +Qed. + +Lemma positive_rec_base: + positive_rec 1%positive = v1. +Proof. + rewrite unroll_positive_rec. unfold iter. case (peq 1 1); intro. + auto. elim n; auto. +Qed. + +Lemma positive_rec_succ: + forall x, positive_rec (Psucc x) = f x (positive_rec x). +Proof. + intro. rewrite unroll_positive_rec. unfold iter. + case (peq (Psucc x) 1); intro. + destruct x; simpl in e; discriminate. + rewrite Ppred_succ. auto. +Qed. + +Lemma positive_Peano_ind: + forall (P: positive -> Prop), + P xH -> + (forall x, P x -> P (Psucc x)) -> + forall x, P x. +Proof. + intros. + apply (well_founded_ind Plt_wf P). + intros. + case (peq x0 xH); intro. + subst x0; auto. + elim (Psucc_pred x0); intro. contradiction. rewrite <- H2. + apply H0. apply H1. apply Ppred_Plt. auto. +Qed. + +End POSITIVE_ITERATION. + +(** * Definitions and theorems over the type [Z] *) + +Definition zeq: forall (x y: Z), {x = y} + {x <> y} := Z_eq_dec. + +Lemma zeq_true: + forall (A: Set) (x: Z) (a b: A), (if zeq x x then a else b) = a. +Proof. + intros. case (zeq x x); intros. + auto. + elim n; auto. +Qed. + +Lemma zeq_false: + forall (A: Set) (x y: Z) (a b: A), x <> y -> (if zeq x y then a else b) = b. +Proof. + intros. case (zeq x y); intros. + elim H; auto. + auto. +Qed. + +Open Scope Z_scope. + +Definition zlt: forall (x y: Z), {x < y} + {x >= y} := Z_lt_ge_dec. + +Lemma zlt_true: + forall (A: Set) (x y: Z) (a b: A), + x < y -> (if zlt x y then a else b) = a. +Proof. + intros. case (zlt x y); intros. + auto. + omegaContradiction. +Qed. + +Lemma zlt_false: + forall (A: Set) (x y: Z) (a b: A), + x >= y -> (if zlt x y then a else b) = b. +Proof. + intros. case (zlt x y); intros. + omegaContradiction. + auto. +Qed. + +Definition zle: forall (x y: Z), {x <= y} + {x > y} := Z_le_gt_dec. + +Lemma zle_true: + forall (A: Set) (x y: Z) (a b: A), + x <= y -> (if zle x y then a else b) = a. +Proof. + intros. case (zle x y); intros. + auto. + omegaContradiction. +Qed. + +Lemma zle_false: + forall (A: Set) (x y: Z) (a b: A), + x > y -> (if zle x y then a else b) = b. +Proof. + intros. case (zle x y); intros. + omegaContradiction. + auto. +Qed. + +(** Properties of powers of two. *) + +Lemma two_power_nat_O : two_power_nat O = 1. +Proof. reflexivity. Qed. + +Lemma two_power_nat_pos : forall n : nat, two_power_nat n > 0. +Proof. + induction n. rewrite two_power_nat_O. omega. + rewrite two_power_nat_S. omega. +Qed. + +(** Properties of [Zmin] and [Zmax] *) + +Lemma Zmin_spec: + forall x y, Zmin x y = if zlt x y then x else y. +Proof. + intros. case (zlt x y); unfold Zlt, Zge; intros. + unfold Zmin. rewrite z. auto. + unfold Zmin. caseEq (x ?= y); intro. + apply Zcompare_Eq_eq. auto. + contradiction. + reflexivity. +Qed. + +Lemma Zmax_spec: + forall x y, Zmax x y = if zlt y x then x else y. +Proof. + intros. case (zlt y x); unfold Zlt, Zge; intros. + unfold Zmax. rewrite <- (Zcompare_antisym y x). + rewrite z. simpl. auto. + unfold Zmax. rewrite <- (Zcompare_antisym y x). + caseEq (y ?= x); intro; simpl. + symmetry. apply Zcompare_Eq_eq. auto. + contradiction. reflexivity. +Qed. + +Lemma Zmax_bound_l: + forall x y z, x <= y -> x <= Zmax y z. +Proof. + intros. generalize (Zmax1 y z). omega. +Qed. +Lemma Zmax_bound_r: + forall x y z, x <= z -> x <= Zmax y z. +Proof. + intros. generalize (Zmax2 y z). omega. +Qed. + +(** Properties of Euclidean division and modulus. *) + +Lemma Zdiv_small: + forall x y, 0 <= x < y -> x / y = 0. +Proof. + intros. assert (y > 0). omega. + assert (forall a b, + 0 <= a < y -> + 0 <= y * b + a < y -> + b = 0). + intros. + assert (b = 0 \/ b > 0 \/ (-b) > 0). omega. + elim H3; intro. + auto. + elim H4; intro. + assert (y * b >= y * 1). apply Zmult_ge_compat_l. omega. omega. + omegaContradiction. + assert (y * (-b) >= y * 1). apply Zmult_ge_compat_l. omega. omega. + rewrite <- Zopp_mult_distr_r in H6. omegaContradiction. + apply H1 with (x mod y). + apply Z_mod_lt. auto. + rewrite <- Z_div_mod_eq. auto. auto. +Qed. + +Lemma Zmod_small: + forall x y, 0 <= x < y -> x mod y = x. +Proof. + intros. assert (y > 0). omega. + generalize (Z_div_mod_eq x y H0). + rewrite (Zdiv_small x y H). omega. +Qed. + +Lemma Zmod_unique: + forall x y a b, + x = a * y + b -> 0 <= b < y -> x mod y = b. +Proof. + intros. subst x. rewrite Zplus_comm. + rewrite Z_mod_plus. apply Zmod_small. auto. omega. +Qed. + +Lemma Zdiv_unique: + forall x y a b, + x = a * y + b -> 0 <= b < y -> x / y = a. +Proof. + intros. subst x. rewrite Zplus_comm. + rewrite Z_div_plus. rewrite (Zdiv_small b y H0). omega. omega. +Qed. + +(** Alignment: [align n amount] returns the smallest multiple of [amount] + greater than or equal to [n]. *) + +Definition align (n: Z) (amount: Z) := + ((n + amount - 1) / amount) * amount. + +Lemma align_le: forall x y, y > 0 -> x <= align x y. +Proof. + intros. unfold align. + generalize (Z_div_mod_eq (x + y - 1) y H). intro. + replace ((x + y - 1) / y * y) + with ((x + y - 1) - (x + y - 1) mod y). + generalize (Z_mod_lt (x + y - 1) y H). omega. + rewrite Zmult_comm. omega. +Qed. + +(** * Definitions and theorems on the data types [option], [sum] and [list] *) + +Set Implicit Arguments. + +(** Mapping a function over an option type. *) + +Definition option_map (A B: Set) (f: A -> B) (x: option A) : option B := + match x with + | None => None + | Some y => Some (f y) + end. + +(** Mapping a function over a sum type. *) + +Definition sum_left_map (A B C: Set) (f: A -> B) (x: A + C) : B + C := + match x with + | inl y => inl C (f y) + | inr z => inr B z + end. + +(** Properties of [List.nth] (n-th element of a list). *) + +Hint Resolve in_eq in_cons: coqlib. + +Lemma nth_error_in: + forall (A: Set) (n: nat) (l: list A) (x: A), + List.nth_error l n = Some x -> In x l. +Proof. + induction n; simpl. + destruct l; intros. + discriminate. + injection H; intro; subst a. apply in_eq. + destruct l; intros. + discriminate. + apply in_cons. auto. +Qed. +Hint Resolve nth_error_in: coqlib. + +Lemma nth_error_nil: + forall (A: Set) (idx: nat), nth_error (@nil A) idx = None. +Proof. + induction idx; simpl; intros; reflexivity. +Qed. +Hint Resolve nth_error_nil: coqlib. + +(** Properties of [List.incl] (list inclusion). *) + +Lemma incl_cons_inv: + forall (A: Set) (a: A) (b c: list A), + incl (a :: b) c -> incl b c. +Proof. + unfold incl; intros. apply H. apply in_cons. auto. +Qed. +Hint Resolve incl_cons_inv: coqlib. + +Lemma incl_app_inv_l: + forall (A: Set) (l1 l2 m: list A), + incl (l1 ++ l2) m -> incl l1 m. +Proof. + unfold incl; intros. apply H. apply in_or_app. left; assumption. +Qed. + +Lemma incl_app_inv_r: + forall (A: Set) (l1 l2 m: list A), + incl (l1 ++ l2) m -> incl l2 m. +Proof. + unfold incl; intros. apply H. apply in_or_app. right; assumption. +Qed. + +Hint Resolve incl_tl incl_refl incl_app_inv_l incl_app_inv_r: coqlib. + +Lemma incl_same_head: + forall (A: Set) (x: A) (l1 l2: list A), + incl l1 l2 -> incl (x::l1) (x::l2). +Proof. + intros; red; simpl; intros. intuition. +Qed. + +(** Properties of [List.map] (mapping a function over a list). *) + +Lemma list_map_exten: + forall (A B: Set) (f f': A -> B) (l: list A), + (forall x, In x l -> f x = f' x) -> + List.map f' l = List.map f l. +Proof. + induction l; simpl; intros. + reflexivity. + rewrite <- H. rewrite IHl. reflexivity. + intros. apply H. tauto. + tauto. +Qed. + +Lemma list_map_compose: + forall (A B C: Set) (f: A -> B) (g: B -> C) (l: list A), + List.map g (List.map f l) = List.map (fun x => g(f x)) l. +Proof. + induction l; simpl. reflexivity. rewrite IHl; reflexivity. +Qed. + +Lemma list_map_nth: + forall (A B: Set) (f: A -> B) (l: list A) (n: nat), + nth_error (List.map f l) n = option_map f (nth_error l n). +Proof. + induction l; simpl; intros. + repeat rewrite nth_error_nil. reflexivity. + destruct n; simpl. reflexivity. auto. +Qed. + +Lemma list_length_map: + forall (A B: Set) (f: A -> B) (l: list A), + List.length (List.map f l) = List.length l. +Proof. + induction l; simpl; congruence. +Qed. + +Lemma list_in_map_inv: + forall (A B: Set) (f: A -> B) (l: list A) (y: B), + In y (List.map f l) -> exists x:A, y = f x /\ In x l. +Proof. + induction l; simpl; intros. + contradiction. + elim H; intro. + exists a; intuition auto. + generalize (IHl y H0). intros [x [EQ IN]]. + exists x; tauto. +Qed. + +Lemma list_append_map: + forall (A B: Set) (f: A -> B) (l1 l2: list A), + List.map f (l1 ++ l2) = List.map f l1 ++ List.map f l2. +Proof. + induction l1; simpl; intros. + auto. rewrite IHl1. auto. +Qed. + +(** [list_disjoint l1 l2] holds iff [l1] and [l2] have no elements + in common. *) + +Definition list_disjoint (A: Set) (l1 l2: list A) : Prop := + forall (x y: A), In x l1 -> In y l2 -> x <> y. + +Lemma list_disjoint_cons_left: + forall (A: Set) (a: A) (l1 l2: list A), + list_disjoint (a :: l1) l2 -> list_disjoint l1 l2. +Proof. + unfold list_disjoint; simpl; intros. apply H; tauto. +Qed. + +Lemma list_disjoint_cons_right: + forall (A: Set) (a: A) (l1 l2: list A), + list_disjoint l1 (a :: l2) -> list_disjoint l1 l2. +Proof. + unfold list_disjoint; simpl; intros. apply H; tauto. +Qed. + +Lemma list_disjoint_notin: + forall (A: Set) (l1 l2: list A) (a: A), + list_disjoint l1 l2 -> In a l1 -> ~(In a l2). +Proof. + unfold list_disjoint; intros; red; intros. + apply H with a a; auto. +Qed. + +Lemma list_disjoint_sym: + forall (A: Set) (l1 l2: list A), + list_disjoint l1 l2 -> list_disjoint l2 l1. +Proof. + unfold list_disjoint; intros. + apply sym_not_equal. apply H; auto. +Qed. + +(** [list_norepet l] holds iff the list [l] contains no repetitions, + i.e. no element occurs twice. *) + +Inductive list_norepet (A: Set) : list A -> Prop := + | list_norepet_nil: + list_norepet nil + | list_norepet_cons: + forall hd tl, + ~(In hd tl) -> list_norepet tl -> list_norepet (hd :: tl). + +Lemma list_norepet_dec: + forall (A: Set) (eqA_dec: forall (x y: A), {x=y} + {x<>y}) (l: list A), + {list_norepet l} + {~list_norepet l}. +Proof. + induction l. + left; constructor. + destruct IHl. + case (In_dec eqA_dec a l); intro. + right. red; intro. inversion H. contradiction. + left. constructor; auto. + right. red; intro. inversion H. contradiction. +Qed. + +Lemma list_map_norepet: + forall (A B: Set) (f: A -> B) (l: list A), + list_norepet l -> + (forall x y, In x l -> In y l -> x <> y -> f x <> f y) -> + list_norepet (List.map f l). +Proof. + induction 1; simpl; intros. + constructor. + constructor. + red; intro. generalize (list_in_map_inv f _ _ H2). + intros [x [EQ IN]]. generalize EQ. change (f hd <> f x). + apply H1. tauto. tauto. + red; intro; subst x. contradiction. + apply IHlist_norepet. intros. apply H1. tauto. tauto. auto. +Qed. + +Remark list_norepet_append_commut: + forall (A: Set) (a b: list A), + list_norepet (a ++ b) -> list_norepet (b ++ a). +Proof. + intro A. + assert (forall (x: A) (b: list A) (a: list A), + list_norepet (a ++ b) -> ~(In x a) -> ~(In x b) -> + list_norepet (a ++ x :: b)). + induction a; simpl; intros. + constructor; auto. + inversion H. constructor. red; intro. + elim (in_app_or _ _ _ H6); intro. + elim H4. apply in_or_app. tauto. + elim H7; intro. subst a. elim H0. left. auto. + elim H4. apply in_or_app. tauto. + auto. + induction a; simpl; intros. + rewrite <- app_nil_end. auto. + inversion H0. apply H. auto. + red; intro; elim H3. apply in_or_app. tauto. + red; intro; elim H3. apply in_or_app. tauto. +Qed. + +Lemma list_norepet_append: + forall (A: Set) (l1 l2: list A), + list_norepet l1 -> list_norepet l2 -> list_disjoint l1 l2 -> + list_norepet (l1 ++ l2). +Proof. + induction l1; simpl; intros. + auto. + inversion H. subst hd tl. + constructor. red; intro. apply (H1 a a). auto with coqlib. + elim (in_app_or _ _ _ H2); tauto. auto. + apply IHl1. auto. auto. + red; intros; apply H1; auto with coqlib. +Qed. + +Lemma list_norepet_append_right: + forall (A: Set) (l1 l2: list A), + list_norepet (l1 ++ l2) -> list_norepet l2. +Proof. + induction l1; intros. + assumption. + simpl in H. inversion H. eauto. +Qed. + +Lemma list_norepet_append_left: + forall (A: Set) (l1 l2: list A), + list_norepet (l1 ++ l2) -> list_norepet l1. +Proof. + intros. apply list_norepet_append_right with l2. + apply list_norepet_append_commut. auto. +Qed. + +(** [list_forall2 P [x1 ... xN] [y1 ... yM] holds iff [N = M] and + [P xi yi] holds for all [i]. *) + +Section FORALL2. + +Variable A: Set. +Variable B: Set. +Variable P: A -> B -> Prop. + +Inductive list_forall2: list A -> list B -> Prop := + | list_forall2_nil: + list_forall2 nil nil + | list_forall2_cons: + forall a1 al b1 bl, + P a1 b1 -> + list_forall2 al bl -> + list_forall2 (a1 :: al) (b1 :: bl). + +End FORALL2. + +Lemma list_forall2_imply: + forall (A B: Set) (P1: A -> B -> Prop) (l1: list A) (l2: list B), + list_forall2 P1 l1 l2 -> + forall (P2: A -> B -> Prop), + (forall v1 v2, In v1 l1 -> In v2 l2 -> P1 v1 v2 -> P2 v1 v2) -> + list_forall2 P2 l1 l2. +Proof. + induction 1; intros. + constructor. + constructor. auto with coqlib. apply IHlist_forall2; auto. + intros. auto with coqlib. +Qed. diff --git a/lib/Floats.v b/lib/Floats.v new file mode 100644 index 00000000..b95789e6 --- /dev/null +++ b/lib/Floats.v @@ -0,0 +1,55 @@ +(** Axiomatization of floating-point numbers. *) + +(** In contrast with what we do with machine integers, we do not bother + to formalize precisely IEEE floating-point arithmetic. Instead, we + simply axiomatize a type [float] for IEEE double-precision floats + and the associated operations. *) + +Require Import Bool. +Require Import AST. +Require Import Integers. + +Parameter float: Set. + +Module Float. + +Parameter zero: float. +Parameter one: float. + +Parameter neg: float -> float. +Parameter abs: float -> float. +Parameter singleoffloat: float -> float. +Parameter intoffloat: float -> int. +Parameter floatofint: int -> float. +Parameter floatofintu: int -> float. + +Parameter add: float -> float -> float. +Parameter sub: float -> float -> float. +Parameter mul: float -> float -> float. +Parameter div: float -> float -> float. + +Parameter cmp: comparison -> float -> float -> bool. + +Axiom eq_dec: forall (f1 f2: float), {f1 = f2} + {f1 <> f2}. + +(** Below are the only properties of floating-point arithmetic that we + rely on in the compiler proof. *) + +Axiom addf_commut: forall f1 f2, add f1 f2 = add f2 f1. + +Axiom subf_addf_opp: forall f1 f2, sub f1 f2 = add f1 (neg f2). + +Axiom singleoffloat_idem: + forall f, singleoffloat (singleoffloat f) = singleoffloat f. + +Axiom cmp_ne_eq: + forall f1 f2, cmp Cne f1 f2 = negb (cmp Ceq f1 f2). +Axiom cmp_le_lt_eq: + forall f1 f2, cmp Cle f1 f2 = cmp Clt f1 f2 || cmp Ceq f1 f2. +Axiom cmp_ge_gt_eq: + forall f1 f2, cmp Cge f1 f2 = cmp Cgt f1 f2 || cmp Ceq f1 f2. + +Axiom eq_zero_true: cmp Ceq zero zero = true. +Axiom eq_zero_false: forall f, f <> zero -> cmp Ceq f zero = false. + +End Float. diff --git a/lib/Inclusion.v b/lib/Inclusion.v new file mode 100644 index 00000000..1df7517f --- /dev/null +++ b/lib/Inclusion.v @@ -0,0 +1,367 @@ +(** Tactics to reason about list inclusion. *) + +(** This file (contributed by Laurence Rideau) defines a tactic [in_tac] + to reason over list inclusion. It expects goals of the following form: +<< + id : In x l1 + ============================ + In x l2 +>> +and succeeds if it can prove that [l1] is included in [l2]. +The lists [l1] and [l2] must belong to the following sub-language [L] +<< + L ::= L++L | E | E::L +>> +The tactic uses no extra fact. + +A second tactic, [incl_tac], handles goals of the form +<< + ============================= + incl l1 l2 +>> +*) + +Require Import List. +Require Import ArithRing. + +Ltac all_app e := + match e with + | cons ?x nil => constr:(cons x nil) + | cons ?x ?tl => + let v := all_app tl in constr:(app (cons x nil) v) + | app ?e1 ?e2 => + let v1 := all_app e1 with v2 := all_app e2 in + constr:(app v1 v2) + | _ => e + end. + +(** This data type, [flatten], [insert_bin], [sort_bin] and a few theorem + are taken from the CoqArt book, chapt. 16. *) + +Inductive bin : Set := node : bin->bin->bin | leaf : nat->bin. + +Fixpoint flatten_aux (t fin:bin){struct t} : bin := + match t with + | node t1 t2 => flatten_aux t1 (flatten_aux t2 fin) + | x => node x fin + end. + +Fixpoint flatten (t:bin) : bin := + match t with + | node t1 t2 => flatten_aux t1 (flatten t2) + | x => x + end. + +Fixpoint nat_le_bool (n m:nat){struct m} : bool := + match n, m with + | O, _ => true + | S _, O => false + | S n, S m => nat_le_bool n m + end. + +Fixpoint insert_bin (n:nat)(t:bin){struct t} : bin := + match t with + | leaf m => + if nat_le_bool n m then + node (leaf n)(leaf m) + else + node (leaf m)(leaf n) + | node (leaf m) t' => + if nat_le_bool n m then node (leaf n) t else node (leaf m)(insert_bin n t') + | t => node (leaf n) t + end. + +Fixpoint sort_bin (t:bin) : bin := + match t with + | node (leaf n) t' => insert_bin n (sort_bin t') + | t => t + end. + +Section assoc_eq. + Variables (A : Set)(f : A->A->A). + Hypothesis assoc : forall x y z:A, f x (f y z) = f (f x y) z. + + Fixpoint bin_A (l:list A)(def:A)(t:bin){struct t} : A := + match t with + | node t1 t2 => f (bin_A l def t1)(bin_A l def t2) + | leaf n => nth n l def + end. + + Theorem flatten_aux_valid_A : + forall (l:list A)(def:A)(t t':bin), + f (bin_A l def t)(bin_A l def t') = bin_A l def (flatten_aux t t'). + Proof. + intros l def t; elim t; simpl; auto. + intros t1 IHt1 t2 IHt2 t'; rewrite <- IHt1; rewrite <- IHt2. + symmetry; apply assoc. + Qed. + + Theorem flatten_valid_A : + forall (l:list A)(def:A)(t:bin), + bin_A l def t = bin_A l def (flatten t). + Proof. + intros l def t; elim t; simpl; trivial. + intros t1 IHt1 t2 IHt2; rewrite <- flatten_aux_valid_A; rewrite <- IHt2. + trivial. + Qed. + +End assoc_eq. + +Ltac compute_rank l n v := + match l with + | (cons ?X1 ?X2) => + let tl := constr:X2 in + match constr:(X1 = v) with + | (?X1 = ?X1) => n + | _ => compute_rank tl (S n) v + end + end. + +Ltac term_list_app l v := + match v with + | (app ?X1 ?X2) => + let l1 := term_list_app l X2 in term_list_app l1 X1 + | ?X1 => constr:(cons X1 l) + end. + +Ltac model_aux_app l v := + match v with + | (app ?X1 ?X2) => + let r1 := model_aux_app l X1 with r2 := model_aux_app l X2 in + constr:(node r1 r2) + | ?X1 => let n := compute_rank l 0 X1 in constr:(leaf n) + | _ => constr:(leaf 0) + end. + +Theorem In_permute_app_head : + forall A:Set, forall r:A, forall x y l:list A, + In r (x++y++l) -> In r (y++x++l). +intros A r x y l; generalize r; change (incl (x++y++l)(y++x++l)). +repeat rewrite ass_app; auto with datatypes. +Qed. + +Theorem insert_bin_included : + forall x:nat, forall t2:bin, + forall (A:Set) (r:A) (l:list (list A))(def:list A), + In r (bin_A (list A) (app (A:=A)) l def (insert_bin x t2)) -> + In r (bin_A (list A) (app (A:=A)) l def (node (leaf x) t2)). +intros x t2; induction t2. +intros A r l def. +destruct t2_1 as [t2_11 t2_12|y]. +simpl. +repeat rewrite app_ass. +auto. +simpl; repeat rewrite app_ass. +simpl; case (nat_le_bool x y); simpl. +auto. +intros H; apply In_permute_app_head. +elim in_app_or with (1:= H); clear H; intros H. +apply in_or_app; left; assumption. +apply in_or_app; right;apply (IHt2_2 A r l);assumption. +intros A r l def; simpl. +case (nat_le_bool x n); simpl. +auto. +intros H. +rewrite (app_nil_end (nth x l def)) in H. +rewrite (app_nil_end (nth n l def)). +apply In_permute_app_head; assumption. +Qed. + +Theorem in_or_insert_bin : + forall (n:nat) (t2:bin) (A:Set)(r:A)(l:list (list A)) (def:list A), + In r (nth n l def) \/ In r (bin_A (list A)(app (A:=A)) l def t2) -> + In r (bin_A (list A)(app (A:=A)) l def (insert_bin n t2)). +intros n t2 A r l def; induction t2. +destruct t2_1 as [t2_11 t2_12| y]. +simpl; apply in_or_app. +simpl; case (nat_le_bool n y); simpl. +intros H. +apply in_or_app. +exact H. +intros [H|H]. +apply in_or_app; right; apply IHt2_2; auto. +elim in_app_or with (1:= H);clear H; intros H; apply in_or_app; auto. +simpl; intros [H|H]; case (nat_le_bool n n0); simpl; apply in_or_app; auto. +Qed. + +Theorem sort_included : + forall t:bin, forall (A:Set)(r:A)(l:list(list A))(def:list A), + In r (bin_A (list A) (app (A:=A)) l def (sort_bin t)) -> + In r (bin_A (list A) (app (A:=A)) l def t). +induction t. +destruct t1. +simpl;intros; assumption. +intros A r l def H; simpl in H; apply insert_bin_included. +generalize (insert_bin_included _ _ _ _ _ _ H); clear H; intros H. +simpl in H. +elim in_app_or with (1 := H);clear H; intros H; +apply in_or_insert_bin; auto. +simpl;intros;assumption. +Qed. + +Theorem sort_included2 : + forall t:bin, forall (A:Set)(r:A)(l:list(list A))(def:list A), + In r (bin_A (list A) (app (A:=A)) l def t) -> + In r (bin_A (list A) (app (A:=A)) l def (sort_bin t)). +induction t. +destruct t1. +simpl; intros; assumption. +intros A r l def H; simpl in H. +simpl; apply in_or_insert_bin. +elim in_app_or with (1:= H); auto. +simpl; auto. +Qed. + +Theorem in_remove_head : + forall (A:Set)(x:A)(l1 l2 l3:list A), + In x (l1++l2) -> (In x l2 -> In x l3) -> In x (l1++l3). +intros A x l1 l2 l3 H H1. +elim in_app_or with (1:= H);clear H; intros H; apply in_or_app; auto. +Qed. + +Fixpoint check_all_leaves (n:nat)(t:bin) {struct t} : bool := + match t with + leaf n1 => nateq n n1 + | node t1 t2 => andb (check_all_leaves n t1)(check_all_leaves n t2) + end. + +Fixpoint remove_all_leaves (n:nat)(t:bin){struct t} : bin := + match t with + leaf n => leaf n + | node (leaf n1) t2 => + if nateq n n1 then remove_all_leaves n t2 else t + | _ => t + end. + +Fixpoint test_inclusion (t1 t2:bin) {struct t1} : bool := + match t1 with + leaf n => check_all_leaves n t2 + | node (leaf n1) t1' => + check_all_leaves n1 t2 || test_inclusion t1' (remove_all_leaves n1 t2) + | _ => false + end. + +Theorem check_all_leaves_sound : + forall x t2, + check_all_leaves x t2 = true -> + forall (A:Set)(r:A)(l:list(list A))(def:list A), + In r (bin_A (list A) (app (A:=A)) l def t2) -> + In r (nth x l def). +intros x t2; induction t2; simpl. +destruct (check_all_leaves x t2_1); +destruct (check_all_leaves x t2_2); simpl; intros Heq; try discriminate. +intros A r l def H; elim in_app_or with (1:= H); clear H; intros H; auto. +intros Heq A r l def; rewrite (nateq_prop x n); auto. +rewrite Heq; unfold Is_true; auto. +Qed. + +Theorem remove_all_leaves_sound : + forall x t2, + forall (A:Set)(r:A)(l:list(list A))(def:list A), + In r (bin_A (list A) (app(A:=A)) l def t2) -> + In r (bin_A (list A) (app(A:=A)) l def (remove_all_leaves x t2)) \/ + In r (nth x l def). +intros x t2; induction t2; simpl. +destruct t2_1. +simpl; auto. +intros A r l def. +generalize (refl_equal (nateq x n)); pattern (nateq x n) at -1; + case (nateq x n); simpl; auto. +intros Heq_nateq. +assert (Heq_xn : x=n). +apply nateq_prop; rewrite Heq_nateq;unfold Is_true;auto. +rewrite Heq_xn. +intros H; elim in_app_or with (1:= H); auto. +clear H; intros H. +rewrite Heq_xn in IHt2_2; auto. +auto. +Qed. + +Theorem test_inclusion_sound : + forall t1 t2:bin, + test_inclusion t1 t2 = true -> + forall (A:Set)(r:A)(l:list(list A))(def:list A), + In r (bin_A (list A)(app(A:=A)) l def t2) -> + In r (bin_A (list A)(app(A:=A)) l def t1). +intros t1; induction t1. +destruct t1_1 as [t1_11 t1_12|x]. +simpl; intros; discriminate. +simpl; intros t2 Heq A r l def H. +assert + (check_all_leaves x t2 = true \/ + test_inclusion t1_2 (remove_all_leaves x t2) = true). +destruct (check_all_leaves x t2); +destruct (test_inclusion t1_2 (remove_all_leaves x t2)); +simpl in Heq; try discriminate Heq; auto. +elim H0; clear H0; intros H0. +apply in_or_app; left; apply check_all_leaves_sound with (1:= H0); auto. +elim remove_all_leaves_sound with (x:=x)(1:= H); intros H'. +apply in_or_app; right; apply IHt1_2 with (1:= H0); auto. +apply in_or_app; auto. +simpl; apply check_all_leaves_sound. +Qed. + +Theorem inclusion_theorem : + forall t1 t2 : bin, + test_inclusion (sort_bin (flatten t1)) (sort_bin (flatten t2)) = true -> + forall (A:Set)(r:A)(l:list(list A))(def:list A), + In r (bin_A (list A) (app(A:=A)) l def t2) -> + In r (bin_A (list A) (app(A:=A)) l def t1). +intros t1 t2 Heq A r l def H. +rewrite flatten_valid_A with (t:= t1)(1:= (ass_app (A:= A))). +apply sort_included. +apply test_inclusion_sound with (t2 := sort_bin (flatten t2)). +assumption. +apply sort_included2. +rewrite <- flatten_valid_A with (1:= (ass_app (A:= A))). +assumption. +Qed. + +Ltac in_tac := + match goal with + | id : In ?x nil |- _ => elim id + | id : In ?x ?l1 |- In ?x ?l2 => + let t := type of x in + let v1 := all_app l1 in + let v2 := all_app l2 in + (let l := term_list_app (nil (A:=list t)) v2 in + let term1 := model_aux_app l v1 with + term2 := model_aux_app l v2 in + (change (In x (bin_A (list t) (app(A:=t)) l (nil(A:=t)) term2)); + apply inclusion_theorem with (t2:= term1);[apply refl_equal|exact id])) + end. + +Ltac incl_tac := + match goal with + |- incl _ _ => intro; intro; in_tac + end. + +(* Usage examples. + +Theorem ex1 : forall x y z:nat, forall l1 l2 : list nat, + In x (y::l1++l2) -> In x (l2++z::l1++(y::nil)). +intros. +in_tac. +Qed. + +Fixpoint mklist (f:nat->nat)(n:nat){struct n} : list nat := + match n with 0 => nil | S p => mklist f p++(f p::nil) end. + +(* At the time of writing these lines, this example takes about 5 seconds + for 40 elements and 22 seconds for 60 elements. + A variant to the example is to replace mklist f p++(f p::nil) with + f p::mklist f p, in this case the time is 6 seconds for 40 elements and + 35 seconds for 60 elements. *) + +Theorem ex2 : + forall x : nat, In x (mklist (fun y => y) 40) -> + In x (mklist (fun y => (40 - 1) - y) 40). +lazy beta iota zeta delta [mklist minus]. +intros. +in_tac. +Qed. + +(* The tactic could be made more efficient by using binary trees and + numbers of type positive instead of lists and natural numbers. *) + +*) diff --git a/lib/Integers.v b/lib/Integers.v new file mode 100644 index 00000000..6b605bd7 --- /dev/null +++ b/lib/Integers.v @@ -0,0 +1,2184 @@ +(** Formalizations of integers modulo $2^32$ #232#. *) + +Require Import Coqlib. +Require Import AST. + +Definition wordsize : nat := 32%nat. +Definition modulus : Z := two_power_nat wordsize. +Definition half_modulus : Z := modulus / 2. + +(** * Representation of machine integers *) + +(** A machine integer (type [int]) is represented as a Coq arbitrary-precision + integer (type [Z]) plus a proof that it is in the range 0 (included) to + [modulus] (excluded. *) + +Definition in_range (x: Z) := + match x ?= 0 with + | Lt => False + | _ => + match x ?= modulus with + | Lt => True + | _ => False + end + end. + +Record int: Set := mkint { intval: Z; intrange: in_range intval }. + +Module Int. + +Definition max_unsigned : Z := modulus - 1. +Definition max_signed : Z := half_modulus - 1. +Definition min_signed : Z := - half_modulus. + +(** The [unsigned] and [signed] functions return the Coq integer corresponding + to the given machine integer, interpreted as unsigned or signed + respectively. *) + +Definition unsigned (n: int) : Z := intval n. + +Definition signed (n: int) : Z := + if zlt (unsigned n) half_modulus + then unsigned n + else unsigned n - modulus. + +Lemma mod_in_range: + forall x, in_range (Zmod x modulus). +Proof. + intro. + generalize (Z_mod_lt x modulus (two_power_nat_pos wordsize)). + intros [A B]. + assert (C: x mod modulus >= 0). omega. + red. red in C. red in B. + rewrite B. destruct (x mod modulus ?= 0); auto. +Qed. + +(** Conversely, [repr] takes a Coq integer and returns the corresponding + machine integer. The argument is treated modulo [modulus]. *) + +Definition repr (x: Z) : int := + mkint (Zmod x modulus) (mod_in_range x). + +Definition zero := repr 0. +Definition one := repr 1. +Definition mone := repr (-1). + +Lemma mkint_eq: + forall x y Px Py, x = y -> mkint x Px = mkint y Py. +Proof. + intros. subst y. + generalize (proof_irrelevance _ Px Py); intro. + subst Py. reflexivity. +Qed. + +Lemma eq_dec: forall (x y: int), {x = y} + {x <> y}. +Proof. + intros. destruct x; destruct y. case (zeq intval0 intval1); intro. + left. apply mkint_eq. auto. + right. red; intro. injection H. exact n. +Qed. + +(** * Arithmetic and logical operations over machine integers *) + +Definition eq (x y: int) : bool := + if zeq (unsigned x) (unsigned y) then true else false. +Definition lt (x y: int) : bool := + if zlt (signed x) (signed y) then true else false. +Definition ltu (x y: int) : bool := + if zlt (unsigned x) (unsigned y) then true else false. + +Definition neg (x: int) : int := repr (- unsigned x). +Definition cast8signed (x: int) : int := + let y := Zmod (unsigned x) 256 in + if zlt y 128 then repr y else repr (y - 256). +Definition cast8unsigned (x: int) : int := + repr (Zmod (unsigned x) 256). +Definition cast16signed (x: int) : int := + let y := Zmod (unsigned x) 65536 in + if zlt y 32768 then repr y else repr (y - 65536). +Definition cast16unsigned (x: int) : int := + repr (Zmod (unsigned x) 65536). + +Definition add (x y: int) : int := + repr (unsigned x + unsigned y). +Definition sub (x y: int) : int := + repr (unsigned x - unsigned y). +Definition mul (x y: int) : int := + repr (unsigned x * unsigned y). + +Definition Zdiv_round (x y: Z) : Z := + if zlt x 0 then + if zlt y 0 then (-x) / (-y) else - ((-x) / y) + else + if zlt y 0 then -(x / (-y)) else x / y. + +Definition Zmod_round (x y: Z) : Z := + x - (Zdiv_round x y) * y. + +Definition divs (x y: int) : int := + repr (Zdiv_round (signed x) (signed y)). +Definition mods (x y: int) : int := + repr (Zmod_round (signed x) (signed y)). +Definition divu (x y: int) : int := + repr (unsigned x / unsigned y). +Definition modu (x y: int) : int := + repr (Zmod (unsigned x) (unsigned y)). + +(** For bitwise operations, we need to convert between Coq integers [Z] + and their bit-level representations. Bit-level representations are + represented as characteristic functions, that is, functions [f] + of type [nat -> bool] such that [f i] is the value of the [i]-th bit + of the number. The values of characteristic functions for [i] greater + than 32 are ignored. *) + +Definition Z_shift_add (b: bool) (x: Z) := + if b then 2 * x + 1 else 2 * x. + +Definition Z_bin_decomp (x: Z) : bool * Z := + match x with + | Z0 => (false, 0) + | Zpos p => + match p with + | xI q => (true, Zpos q) + | xO q => (false, Zpos q) + | xH => (true, 0) + end + | Zneg p => + match p with + | xI q => (true, Zneg q - 1) + | xO q => (false, Zneg q) + | xH => (true, -1) + end + end. + +Fixpoint bits_of_Z (n: nat) (x: Z) {struct n}: Z -> bool := + match n with + | O => + (fun i: Z => false) + | S m => + let (b, y) := Z_bin_decomp x in + let f := bits_of_Z m y in + (fun i: Z => if zeq i 0 then b else f (i - 1)) + end. + +Fixpoint Z_of_bits (n: nat) (f: Z -> bool) {struct n}: Z := + match n with + | O => 0 + | S m => Z_shift_add (f 0) (Z_of_bits m (fun i => f (i + 1))) + end. + +(** Bitwise logical ``and'', ``or'' and ``xor'' operations. *) + +Definition bitwise_binop (f: bool -> bool -> bool) (x y: int) := + let fx := bits_of_Z wordsize (unsigned x) in + let fy := bits_of_Z wordsize (unsigned y) in + repr (Z_of_bits wordsize (fun i => f (fx i) (fy i))). + +Definition and (x y: int): int := bitwise_binop andb x y. +Definition or (x y: int): int := bitwise_binop orb x y. +Definition xor (x y: int) : int := bitwise_binop xorb x y. + +Definition not (x: int) : int := xor x mone. + +(** Shifts and rotates. *) + +Definition shl (x y: int): int := + let fx := bits_of_Z wordsize (unsigned x) in + let vy := unsigned y in + repr (Z_of_bits wordsize (fun i => fx (i - vy))). + +Definition shru (x y: int): int := + let fx := bits_of_Z wordsize (unsigned x) in + let vy := unsigned y in + repr (Z_of_bits wordsize (fun i => fx (i + vy))). + +(** Arithmetic right shift is defined as signed division by a power of two. + Two such shifts are defined: [shr] rounds towards minus infinity + (standard behaviour for arithmetic right shift) and + [shrx] rounds towards zero. *) + +Definition shr (x y: int): int := + repr (signed x / two_p (unsigned y)). +Definition shrx (x y: int): int := + divs x (shl one y). + +Definition shr_carry (x y: int) := + sub (shrx x y) (shr x y). + +Definition rol (x y: int) : int := + let fx := bits_of_Z wordsize (unsigned x) in + let vy := unsigned y in + repr (Z_of_bits wordsize + (fun i => fx (Zmod (i - vy) (Z_of_nat wordsize)))). + +Definition rolm (x a m: int): int := and (rol x a) m. + +(** Decomposition of a number as a sum of powers of two. *) + +Fixpoint Z_one_bits (n: nat) (x: Z) (i: Z) {struct n}: list Z := + match n with + | O => nil + | S m => + let (b, y) := Z_bin_decomp x in + if b then i :: Z_one_bits m y (i+1) else Z_one_bits m y (i+1) + end. + +Definition one_bits (x: int) : list int := + List.map repr (Z_one_bits wordsize (unsigned x) 0). + +(** Recognition of powers of two. *) + +Definition is_power2 (x: int) : option int := + match Z_one_bits wordsize (unsigned x) 0 with + | i :: nil => Some (repr i) + | _ => None + end. + +(** Recognition of integers that are acceptable as immediate operands + to the [rlwim] PowerPC instruction. These integers are of the form + [000011110000] or [111100001111], that is, a run of one bits + surrounded by zero bits, or conversely. We recognize these integers by + running the following automaton on the bits. The accepting states are + 2, 3, 4, 5, and 6. +<< + 0 1 0 + / \ / \ / \ + \ / \ / \ / + -0--> [1] --1--> [2] --0--> [3] + / + [0] + \ + -1--> [4] --0--> [5] --1--> [6] + / \ / \ / \ + \ / \ / \ / + 1 0 1 +>> +*) + +Inductive rlw_state: Set := + | RLW_S0 : rlw_state + | RLW_S1 : rlw_state + | RLW_S2 : rlw_state + | RLW_S3 : rlw_state + | RLW_S4 : rlw_state + | RLW_S5 : rlw_state + | RLW_S6 : rlw_state + | RLW_Sbad : rlw_state. + +Definition rlw_transition (s: rlw_state) (b: bool) : rlw_state := + match s, b with + | RLW_S0, false => RLW_S1 + | RLW_S0, true => RLW_S4 + | RLW_S1, false => RLW_S1 + | RLW_S1, true => RLW_S2 + | RLW_S2, false => RLW_S3 + | RLW_S2, true => RLW_S2 + | RLW_S3, false => RLW_S3 + | RLW_S3, true => RLW_Sbad + | RLW_S4, false => RLW_S5 + | RLW_S4, true => RLW_S4 + | RLW_S5, false => RLW_S5 + | RLW_S5, true => RLW_S6 + | RLW_S6, false => RLW_Sbad + | RLW_S6, true => RLW_S6 + | RLW_Sbad, _ => RLW_Sbad + end. + +Definition rlw_accepting (s: rlw_state) : bool := + match s with + | RLW_S0 => false + | RLW_S1 => false + | RLW_S2 => true + | RLW_S3 => true + | RLW_S4 => true + | RLW_S5 => true + | RLW_S6 => true + | RLW_Sbad => false + end. + +Fixpoint is_rlw_mask_rec (n: nat) (s: rlw_state) (x: Z) {struct n} : bool := + match n with + | O => + rlw_accepting s + | S m => + let (b, y) := Z_bin_decomp x in + is_rlw_mask_rec m (rlw_transition s b) y + end. + +Definition is_rlw_mask (x: int) : bool := + is_rlw_mask_rec wordsize RLW_S0 (unsigned x). + +(** Comparisons. *) + +Definition cmp (c: comparison) (x y: int) : bool := + match c with + | Ceq => eq x y + | Cne => negb (eq x y) + | Clt => lt x y + | Cle => negb (lt y x) + | Cgt => lt y x + | Cge => negb (lt x y) + end. + +Definition cmpu (c: comparison) (x y: int) : bool := + match c with + | Ceq => eq x y + | Cne => negb (eq x y) + | Clt => ltu x y + | Cle => negb (ltu y x) + | Cgt => ltu y x + | Cge => negb (ltu x y) + end. + +Definition is_false (x: int) : Prop := x = zero. +Definition is_true (x: int) : Prop := x <> zero. +Definition notbool (x: int) : int := if eq x zero then one else zero. + +(** * Properties of integers and integer arithmetic *) + +(** ** Properties of equality *) + +Theorem one_not_zero: Int.one <> Int.zero. +Proof. + compute. congruence. +Qed. + +Theorem eq_sym: + forall x y, eq x y = eq y x. +Proof. + intros; unfold eq. case (zeq (unsigned x) (unsigned y)); intro. + rewrite e. rewrite zeq_true. auto. + rewrite zeq_false. auto. auto. +Qed. + +Theorem eq_spec: forall (x y: int), if eq x y then x = y else x <> y. +Proof. + intros; unfold eq. case (eq_dec x y); intro. + subst y. rewrite zeq_true. auto. + rewrite zeq_false. auto. + destruct x; destruct y. + simpl. red; intro. elim n. apply mkint_eq. auto. +Qed. + +Theorem eq_true: forall x, eq x x = true. +Proof. + intros. generalize (eq_spec x x); case (eq x x); intros; congruence. +Qed. + +Theorem eq_false: forall x y, x <> y -> eq x y = false. +Proof. + intros. generalize (eq_spec x y); case (eq x y); intros; congruence. +Qed. + +(** ** Modulo arithmetic *) + +(** We define and state properties of equality and arithmetic modulo a + positive integer. *) + +Section EQ_MODULO. + +Variable modul: Z. +Hypothesis modul_pos: modul > 0. + +Definition eqmod (x y: Z) : Prop := exists k, x = k * modul + y. + +Lemma eqmod_refl: forall x, eqmod x x. +Proof. + intros; red. exists 0. omega. +Qed. + +Lemma eqmod_refl2: forall x y, x = y -> eqmod x y. +Proof. + intros. subst y. apply eqmod_refl. +Qed. + +Lemma eqmod_sym: forall x y, eqmod x y -> eqmod y x. +Proof. + intros x y [k EQ]; red. exists (-k). subst x. ring. +Qed. + +Lemma eqmod_trans: forall x y z, eqmod x y -> eqmod y z -> eqmod x z. +Proof. + intros x y z [k1 EQ1] [k2 EQ2]; red. + exists (k1 + k2). subst x; subst y. ring. +Qed. + +Lemma eqmod_small_eq: + forall x y, eqmod x y -> 0 <= x < modul -> 0 <= y < modul -> x = y. +Proof. + intros x y [k EQ] I1 I2. + generalize (Zdiv_unique _ _ _ _ EQ I2). intro. + rewrite (Zdiv_small x modul I1) in H. subst k. omega. +Qed. + +Lemma eqmod_mod_eq: + forall x y, eqmod x y -> x mod modul = y mod modul. +Proof. + intros x y [k EQ]. subst x. + rewrite Zplus_comm. apply Z_mod_plus. auto. +Qed. + +Lemma eqmod_mod: + forall x, eqmod x (x mod modul). +Proof. + intros; red. exists (x / modul). + rewrite Zmult_comm. apply Z_div_mod_eq. auto. +Qed. + +Lemma eqmod_add: + forall a b c d, eqmod a b -> eqmod c d -> eqmod (a + c) (b + d). +Proof. + intros a b c d [k1 EQ1] [k2 EQ2]; red. + subst a; subst c. exists (k1 + k2). ring. +Qed. + +Lemma eqmod_neg: + forall x y, eqmod x y -> eqmod (-x) (-y). +Proof. + intros x y [k EQ]; red. exists (-k). rewrite EQ. ring. +Qed. + +Lemma eqmod_sub: + forall a b c d, eqmod a b -> eqmod c d -> eqmod (a - c) (b - d). +Proof. + intros a b c d [k1 EQ1] [k2 EQ2]; red. + subst a; subst c. exists (k1 - k2). ring. +Qed. + +Lemma eqmod_mult: + forall a b c d, eqmod a c -> eqmod b d -> eqmod (a * b) (c * d). +Proof. + intros a b c d [k1 EQ1] [k2 EQ2]; red. + subst a; subst b. + exists (k1 * k2 * modul + c * k2 + k1 * d). + ring. +Qed. + +End EQ_MODULO. + +(** We then specialize these definitions to equality modulo + $2^32$ #232#. *) + +Lemma modulus_pos: + modulus > 0. +Proof. + unfold modulus. apply two_power_nat_pos. +Qed. +Hint Resolve modulus_pos: ints. + +Definition eqm := eqmod modulus. + +Lemma eqm_refl: forall x, eqm x x. +Proof (eqmod_refl modulus). +Hint Resolve eqm_refl: ints. + +Lemma eqm_refl2: + forall x y, x = y -> eqm x y. +Proof (eqmod_refl2 modulus). +Hint Resolve eqm_refl2: ints. + +Lemma eqm_sym: forall x y, eqm x y -> eqm y x. +Proof (eqmod_sym modulus). +Hint Resolve eqm_sym: ints. + +Lemma eqm_trans: forall x y z, eqm x y -> eqm y z -> eqm x z. +Proof (eqmod_trans modulus). +Hint Resolve eqm_trans: ints. + +Lemma eqm_samerepr: forall x y, eqm x y -> repr x = repr y. +Proof. + intros. unfold repr. apply mkint_eq. + apply eqmod_mod_eq. auto with ints. exact H. +Qed. + +Lemma eqm_small_eq: + forall x y, eqm x y -> 0 <= x < modulus -> 0 <= y < modulus -> x = y. +Proof (eqmod_small_eq modulus). +Hint Resolve eqm_small_eq: ints. + +Lemma eqm_add: + forall a b c d, eqm a b -> eqm c d -> eqm (a + c) (b + d). +Proof (eqmod_add modulus). +Hint Resolve eqm_add: ints. + +Lemma eqm_neg: + forall x y, eqm x y -> eqm (-x) (-y). +Proof (eqmod_neg modulus). +Hint Resolve eqm_neg: ints. + +Lemma eqm_sub: + forall a b c d, eqm a b -> eqm c d -> eqm (a - c) (b - d). +Proof (eqmod_sub modulus). +Hint Resolve eqm_sub: ints. + +Lemma eqm_mult: + forall a b c d, eqm a c -> eqm b d -> eqm (a * b) (c * d). +Proof (eqmod_mult modulus). +Hint Resolve eqm_mult: ints. + +(** ** Properties of the coercions between [Z] and [int] *) + +Lemma eqm_unsigned_repr: + forall z, eqm z (unsigned (repr z)). +Proof. + unfold eqm, repr, unsigned; intros; simpl. + apply eqmod_mod. auto with ints. +Qed. +Hint Resolve eqm_unsigned_repr: ints. + +Lemma eqm_unsigned_repr_l: + forall a b, eqm a b -> eqm (unsigned (repr a)) b. +Proof. + intros. apply eqm_trans with a. + apply eqm_sym. apply eqm_unsigned_repr. auto. +Qed. +Hint Resolve eqm_unsigned_repr_l: ints. + +Lemma eqm_unsigned_repr_r: + forall a b, eqm a b -> eqm a (unsigned (repr b)). +Proof. + intros. apply eqm_trans with b. auto. + apply eqm_unsigned_repr. +Qed. +Hint Resolve eqm_unsigned_repr_r: ints. + +Lemma eqm_signed_unsigned: + forall x, eqm (signed x) (unsigned x). +Proof. + intro; red; unfold signed. set (y := unsigned x). + case (zlt y half_modulus); intro. + apply eqmod_refl. red; exists (-1); ring. +Qed. + +Lemma in_range_range: + forall z, in_range z -> 0 <= z < modulus. +Proof. + intros. + assert (z >= 0 /\ z < modulus). + generalize H. unfold in_range, Zge, Zlt. + destruct (z ?= 0). + destruct (z ?= modulus); try contradiction. + intuition congruence. + contradiction. + destruct (z ?= modulus); try contradiction. + intuition congruence. + omega. +Qed. + +Theorem unsigned_range: + forall i, 0 <= unsigned i < modulus. +Proof. + destruct i; simpl. + apply in_range_range. auto. +Qed. +Hint Resolve unsigned_range: ints. + +Theorem unsigned_range_2: + forall i, 0 <= unsigned i <= max_unsigned. +Proof. + intro; unfold max_unsigned. + generalize (unsigned_range i). omega. +Qed. +Hint Resolve unsigned_range_2: ints. + +Theorem signed_range: + forall i, min_signed <= signed i <= max_signed. +Proof. + intros. unfold signed. + generalize (unsigned_range i). set (n := unsigned i). intros. + case (zlt n half_modulus); intro. + unfold max_signed. assert (min_signed < 0). compute. auto. + omega. + unfold min_signed, max_signed. change modulus with (2 * half_modulus). + change modulus with (2 * half_modulus) in H. omega. +Qed. + +Theorem repr_unsigned: + forall i, repr (unsigned i) = i. +Proof. + destruct i; simpl. unfold repr. apply mkint_eq. + apply Zmod_small. apply in_range_range; auto. +Qed. +Hint Resolve repr_unsigned: ints. + +Lemma repr_signed: + forall i, repr (signed i) = i. +Proof. + intros. transitivity (repr (unsigned i)). + apply eqm_samerepr. apply eqm_signed_unsigned. auto with ints. +Qed. +Hint Resolve repr_unsigned: ints. + +Theorem unsigned_repr: + forall z, 0 <= z <= max_unsigned -> unsigned (repr z) = z. +Proof. + intros. unfold repr, unsigned; simpl. + apply Zmod_small. unfold max_unsigned in H. omega. +Qed. +Hint Resolve unsigned_repr: ints. + +Theorem signed_repr: + forall z, min_signed <= z <= max_signed -> signed (repr z) = z. +Proof. + intros. unfold signed. case (zle 0 z); intro. + replace (unsigned (repr z)) with z. + rewrite zlt_true. auto. unfold max_signed in H. omega. + symmetry. apply unsigned_repr. + split. auto. apply Zle_trans with max_signed. tauto. + compute; intro; discriminate. + pose (z' := z + modulus). + replace (repr z) with (repr z'). + replace (unsigned (repr z')) with z'. + rewrite zlt_false. unfold z'. omega. + unfold z'. unfold min_signed in H. + change modulus with (half_modulus + half_modulus). omega. + symmetry. apply unsigned_repr. + unfold z', max_unsigned. unfold min_signed, max_signed in H. + change modulus with (half_modulus + half_modulus). + omega. + apply eqm_samerepr. unfold z'; red. exists 1. omega. +Qed. + +(** ** Properties of addition *) + +Theorem add_unsigned: forall x y, add x y = repr (unsigned x + unsigned y). +Proof. intros; reflexivity. +Qed. + +Theorem add_signed: forall x y, add x y = repr (signed x + signed y). +Proof. + intros. rewrite add_unsigned. apply eqm_samerepr. + apply eqm_add; apply eqm_sym; apply eqm_signed_unsigned. +Qed. + +Theorem add_commut: forall x y, add x y = add y x. +Proof. intros; unfold add. decEq. omega. Qed. + +Theorem add_zero: forall x, add x zero = x. +Proof. + intros; unfold add, zero. change (unsigned (repr 0)) with 0. + rewrite Zplus_0_r. apply repr_unsigned. +Qed. + +Theorem add_assoc: forall x y z, add (add x y) z = add x (add y z). +Proof. + intros; unfold add. + set (x' := unsigned x). + set (y' := unsigned y). + set (z' := unsigned z). + apply eqm_samerepr. + apply eqm_trans with ((x' + y') + z'). + auto with ints. + rewrite <- Zplus_assoc. auto with ints. +Qed. + +Theorem add_permut: forall x y z, add x (add y z) = add y (add x z). +Proof. + intros. rewrite (add_commut y z). rewrite <- add_assoc. apply add_commut. +Qed. + +Theorem add_neg_zero: forall x, add x (neg x) = zero. +Proof. + intros; unfold add, neg, zero. apply eqm_samerepr. + replace 0 with (unsigned x + (- (unsigned x))). + auto with ints. omega. +Qed. + +(** ** Properties of negation *) + +Theorem neg_repr: forall z, neg (repr z) = repr (-z). +Proof. + intros; unfold neg. apply eqm_samerepr. auto with ints. +Qed. + +Theorem neg_zero: neg zero = zero. +Proof. + unfold neg, zero. compute. apply mkint_eq. auto. +Qed. + +Theorem neg_add_distr: forall x y, neg(add x y) = add (neg x) (neg y). +Proof. + intros; unfold neg, add. apply eqm_samerepr. + apply eqm_trans with (- (unsigned x + unsigned y)). + auto with ints. + replace (- (unsigned x + unsigned y)) + with ((- unsigned x) + (- unsigned y)). + auto with ints. omega. +Qed. + +(** ** Properties of subtraction *) + +Theorem sub_zero_l: forall x, sub x zero = x. +Proof. + intros; unfold sub. change (unsigned zero) with 0. + replace (unsigned x - 0) with (unsigned x). apply repr_unsigned. + omega. +Qed. + +Theorem sub_zero_r: forall x, sub zero x = neg x. +Proof. + intros; unfold sub, neg. change (unsigned zero) with 0. + replace (0 - unsigned x) with (- unsigned x). auto. + omega. +Qed. + +Theorem sub_add_opp: forall x y, sub x y = add x (neg y). +Proof. + intros; unfold sub, add, neg. + replace (unsigned x - unsigned y) + with (unsigned x + (- unsigned y)). + apply eqm_samerepr. auto with ints. omega. +Qed. + +Theorem sub_idem: forall x, sub x x = zero. +Proof. + intros; unfold sub. replace (unsigned x - unsigned x) with 0. + reflexivity. omega. +Qed. + +Theorem sub_add_l: forall x y z, sub (add x y) z = add (sub x z) y. +Proof. + intros. repeat rewrite sub_add_opp. + repeat rewrite add_assoc. decEq. apply add_commut. +Qed. + +Theorem sub_add_r: forall x y z, sub x (add y z) = add (sub x z) (neg y). +Proof. + intros. repeat rewrite sub_add_opp. + rewrite neg_add_distr. rewrite add_permut. apply add_commut. +Qed. + +Theorem sub_shifted: + forall x y z, + sub (add x z) (add y z) = sub x y. +Proof. + intros. rewrite sub_add_opp. rewrite neg_add_distr. + rewrite add_assoc. + rewrite (add_commut (neg y) (neg z)). + rewrite <- (add_assoc z). rewrite add_neg_zero. + rewrite (add_commut zero). rewrite add_zero. + symmetry. apply sub_add_opp. +Qed. + +(** ** Properties of multiplication *) + +Theorem mul_commut: forall x y, mul x y = mul y x. +Proof. + intros; unfold mul. decEq. ring. +Qed. + +Theorem mul_zero: forall x, mul x zero = zero. +Proof. + intros; unfold mul. change (unsigned zero) with 0. + unfold zero. decEq. ring. +Qed. + +Theorem mul_one: forall x, mul x one = x. +Proof. + intros; unfold mul. change (unsigned one) with 1. + transitivity (repr (unsigned x)). decEq. ring. + apply repr_unsigned. +Qed. + +Theorem mul_assoc: forall x y z, mul (mul x y) z = mul x (mul y z). +Proof. + intros; unfold mul. + set (x' := unsigned x). + set (y' := unsigned y). + set (z' := unsigned z). + apply eqm_samerepr. apply eqm_trans with ((x' * y') * z'). + auto with ints. + rewrite <- Zmult_assoc. auto with ints. +Qed. + +Theorem mul_add_distr_l: + forall x y z, mul (add x y) z = add (mul x z) (mul y z). +Proof. + intros; unfold mul, add. + apply eqm_samerepr. + set (x' := unsigned x). + set (y' := unsigned y). + set (z' := unsigned z). + apply eqm_trans with ((x' + y') * z'). + auto with ints. + replace ((x' + y') * z') with (x' * z' + y' * z'). + auto with ints. + ring. +Qed. + +Theorem mul_add_distr_r: + forall x y z, mul x (add y z) = add (mul x y) (mul x z). +Proof. + intros. rewrite mul_commut. rewrite mul_add_distr_l. + decEq; apply mul_commut. +Qed. + +Axiom neg_mul_distr_l: forall x y, neg(mul x y) = mul (neg x) y. +Axiom neg_mul_distr_r: forall x y, neg(mul x y) = mul x (neg y). + +(** ** Properties of binary decompositions *) + +Lemma Z_shift_add_bin_decomp: + forall x, + Z_shift_add (fst (Z_bin_decomp x)) (snd (Z_bin_decomp x)) = x. +Proof. + destruct x; simpl. + auto. + destruct p; reflexivity. + destruct p; try reflexivity. simpl. + assert (forall z, 2 * (z + 1) - 1 = 2 * z + 1). intro; omega. + generalize (H (Zpos p)); simpl. congruence. +Qed. + +Lemma Z_shift_add_inj: + forall b1 x1 b2 x2, + Z_shift_add b1 x1 = Z_shift_add b2 x2 -> b1 = b2 /\ x1 = x2. +Proof. + intros until x2. + unfold Z_shift_add. + destruct b1; destruct b2; intros; + ((split; [reflexivity|omega]) || omegaContradiction). +Qed. + +Lemma Z_of_bits_exten: + forall n f1 f2, + (forall z, 0 <= z < Z_of_nat n -> f1 z = f2 z) -> + Z_of_bits n f1 = Z_of_bits n f2. +Proof. + induction n; intros. + reflexivity. + simpl. rewrite inj_S in H. decEq. apply H. omega. + apply IHn. intros; apply H. omega. +Qed. + +Opaque Zmult. + +Lemma Z_of_bits_of_Z: + forall x, eqm (Z_of_bits wordsize (bits_of_Z wordsize x)) x. +Proof. + assert (forall n x, exists k, + Z_of_bits n (bits_of_Z n x) = k * two_power_nat n + x). + induction n; intros. + rewrite two_power_nat_O. simpl. exists (-x). omega. + rewrite two_power_nat_S. simpl. + caseEq (Z_bin_decomp x). intros b y ZBD. simpl. + replace (Z_of_bits n (fun i => if zeq (i + 1) 0 then b else bits_of_Z n y (i + 1 - 1))) + with (Z_of_bits n (bits_of_Z n y)). + elim (IHn y). intros k1 EQ1. rewrite EQ1. + rewrite <- (Z_shift_add_bin_decomp x). + rewrite ZBD. simpl. + exists k1. + case b; unfold Z_shift_add; ring. + apply Z_of_bits_exten. intros. + rewrite zeq_false. decEq. omega. omega. + intro. exact (H wordsize x). +Qed. + +Lemma bits_of_Z_zero: + forall n x, bits_of_Z n 0 x = false. +Proof. + induction n; simpl; intros. + auto. + case (zeq x 0); intro. auto. auto. +Qed. + +Remark Z_bin_decomp_2xm1: + forall x, Z_bin_decomp (2 * x - 1) = (true, x - 1). +Proof. + intros. caseEq (Z_bin_decomp (2 * x - 1)). intros b y EQ. + generalize (Z_shift_add_bin_decomp (2 * x - 1)). + rewrite EQ; simpl. + replace (2 * x - 1) with (Z_shift_add true (x - 1)). + intro. elim (Z_shift_add_inj _ _ _ _ H); intros. + congruence. unfold Z_shift_add. omega. +Qed. + +Lemma bits_of_Z_mone: + forall n x, + 0 <= x < Z_of_nat n -> + bits_of_Z n (two_power_nat n - 1) x = true. +Proof. + induction n; intros. + simpl in H. omegaContradiction. + unfold bits_of_Z; fold bits_of_Z. + rewrite two_power_nat_S. rewrite Z_bin_decomp_2xm1. + rewrite inj_S in H. case (zeq x 0); intro. auto. + apply IHn. omega. +Qed. + +Lemma Z_bin_decomp_shift_add: + forall b x, Z_bin_decomp (Z_shift_add b x) = (b, x). +Proof. + intros. caseEq (Z_bin_decomp (Z_shift_add b x)); intros b' x' EQ. + generalize (Z_shift_add_bin_decomp (Z_shift_add b x)). + rewrite EQ; simpl fst; simpl snd. intro. + elim (Z_shift_add_inj _ _ _ _ H); intros. + congruence. +Qed. + +Lemma bits_of_Z_of_bits: + forall n f i, + 0 <= i < Z_of_nat n -> + bits_of_Z n (Z_of_bits n f) i = f i. +Proof. + induction n; intros; simpl. + simpl in H. omegaContradiction. + rewrite Z_bin_decomp_shift_add. + case (zeq i 0); intro. + congruence. + rewrite IHn. decEq. omega. rewrite inj_S in H. omega. +Qed. + +Lemma Z_of_bits_range: + forall f, 0 <= Z_of_bits wordsize f < modulus. +Proof. + unfold max_unsigned, modulus. + generalize wordsize. induction n; simpl; intros. + rewrite two_power_nat_O. omega. + rewrite two_power_nat_S. generalize (IHn (fun i => f (i + 1))). + set (x := Z_of_bits n (fun i => f (i + 1))). + intro. destruct (f 0); unfold Z_shift_add; omega. +Qed. +Hint Resolve Z_of_bits_range: ints. + +Lemma Z_of_bits_range_2: + forall f, 0 <= Z_of_bits wordsize f <= max_unsigned. +Proof. + intros. unfold max_unsigned. + generalize (Z_of_bits_range f). omega. +Qed. +Hint Resolve Z_of_bits_range_2: ints. + +Lemma bits_of_Z_below: + forall n x i, i < 0 -> bits_of_Z n x i = false. +Proof. + induction n; simpl; intros. + reflexivity. + destruct (Z_bin_decomp x). rewrite zeq_false. apply IHn. + omega. omega. +Qed. + +Lemma bits_of_Z_above: + forall n x i, i >= Z_of_nat n -> bits_of_Z n x i = false. +Proof. + induction n; intros; simpl. + reflexivity. + destruct (Z_bin_decomp x). rewrite zeq_false. apply IHn. + rewrite inj_S in H. omega. rewrite inj_S in H. omega. +Qed. + +Opaque Zmult. + +Lemma Z_of_bits_excl: + forall n f g h, + (forall i, 0 <= i < Z_of_nat n -> f i && g i = false) -> + (forall i, 0 <= i < Z_of_nat n -> f i || g i = h i) -> + Z_of_bits n f + Z_of_bits n g = Z_of_bits n h. +Proof. + induction n. + intros; reflexivity. + intros. simpl. rewrite inj_S in H. rewrite inj_S in H0. + rewrite <- (IHn (fun i => f(i+1)) (fun i => g(i+1)) (fun i => h(i+1))). + assert (0 <= 0 < Zsucc(Z_of_nat n)). omega. + unfold Z_shift_add. + rewrite <- H0; auto. + set (F := Z_of_bits n (fun i => f(i + 1))). + set (G := Z_of_bits n (fun i => g(i + 1))). + caseEq (f 0); intros; caseEq (g 0); intros; simpl. + generalize (H 0 H1). rewrite H2; rewrite H3. simpl. intros; discriminate. + omega. omega. omega. + intros; apply H. omega. + intros; apply H0. omega. +Qed. + +(** ** Properties of bitwise and, or, xor *) + +Lemma bitwise_binop_commut: + forall f, + (forall a b, f a b = f b a) -> + forall x y, + bitwise_binop f x y = bitwise_binop f y x. +Proof. + unfold bitwise_binop; intros. + decEq. apply Z_of_bits_exten; intros. auto. +Qed. + +Lemma bitwise_binop_assoc: + forall f, + (forall a b c, f a (f b c) = f (f a b) c) -> + forall x y z, + bitwise_binop f (bitwise_binop f x y) z = + bitwise_binop f x (bitwise_binop f y z). +Proof. + unfold bitwise_binop; intros. + repeat rewrite unsigned_repr; auto with ints. + decEq. apply Z_of_bits_exten; intros. + repeat (rewrite bits_of_Z_of_bits; auto). +Qed. + +Lemma bitwise_binop_idem: + forall f, + (forall a, f a a = a) -> + forall x, + bitwise_binop f x x = x. +Proof. + unfold bitwise_binop; intros. + transitivity (repr (Z_of_bits wordsize (bits_of_Z wordsize (unsigned x)))). + decEq. apply Z_of_bits_exten; intros. auto. + transitivity (repr (unsigned x)). + apply eqm_samerepr. apply Z_of_bits_of_Z. apply repr_unsigned. +Qed. + +Theorem and_commut: forall x y, and x y = and y x. +Proof (bitwise_binop_commut andb andb_comm). + +Theorem and_assoc: forall x y z, and (and x y) z = and x (and y z). +Proof (bitwise_binop_assoc andb andb_assoc). + +Theorem and_zero: forall x, and x zero = zero. +Proof. + unfold and, bitwise_binop, zero; intros. + transitivity (repr (Z_of_bits wordsize (bits_of_Z wordsize 0))). + decEq. apply Z_of_bits_exten. intros. + change (unsigned (repr 0)) with 0. + rewrite bits_of_Z_zero. apply andb_b_false. + auto with ints. +Qed. + +Lemma mone_max_unsigned: + mone = repr max_unsigned. +Proof. + unfold mone. apply eqm_samerepr. exists (-1). + unfold max_unsigned. omega. +Qed. + +Theorem and_mone: forall x, and x mone = x. +Proof. + unfold and, bitwise_binop; intros. + rewrite mone_max_unsigned. unfold max_unsigned, modulus. + transitivity (repr (Z_of_bits wordsize (bits_of_Z wordsize (unsigned x)))). + decEq. apply Z_of_bits_exten. intros. + rewrite unsigned_repr. rewrite bits_of_Z_mone. + apply andb_b_true. omega. compute. intuition congruence. + transitivity (repr (unsigned x)). + apply eqm_samerepr. apply Z_of_bits_of_Z. + apply repr_unsigned. +Qed. + +Theorem and_idem: forall x, and x x = x. +Proof. + assert (forall b, b && b = b). + destruct b; reflexivity. + exact (bitwise_binop_idem andb H). +Qed. + +Theorem or_commut: forall x y, or x y = or y x. +Proof (bitwise_binop_commut orb orb_comm). + +Theorem or_assoc: forall x y z, or (or x y) z = or x (or y z). +Proof (bitwise_binop_assoc orb orb_assoc). + +Theorem or_zero: forall x, or x zero = x. +Proof. + unfold or, bitwise_binop, zero; intros. + transitivity (repr (Z_of_bits wordsize (bits_of_Z wordsize (unsigned x)))). + decEq. apply Z_of_bits_exten. intros. + change (unsigned (repr 0)) with 0. + rewrite bits_of_Z_zero. apply orb_b_false. + transitivity (repr (unsigned x)); auto with ints. + apply eqm_samerepr. apply Z_of_bits_of_Z. +Qed. + +Theorem or_mone: forall x, or x mone = mone. +Proof. + rewrite mone_max_unsigned. + unfold or, bitwise_binop; intros. + decEq. + transitivity (Z_of_bits wordsize (bits_of_Z wordsize max_unsigned)). + apply Z_of_bits_exten. intros. + change (unsigned (repr max_unsigned)) with max_unsigned. + unfold max_unsigned, modulus. rewrite bits_of_Z_mone; auto. + apply orb_b_true. + apply eqm_small_eq; auto with ints. compute; intuition congruence. +Qed. + +Theorem or_idem: forall x, or x x = x. +Proof. + assert (forall b, b || b = b). + destruct b; reflexivity. + exact (bitwise_binop_idem orb H). +Qed. + +Theorem and_or_distrib: + forall x y z, + and x (or y z) = or (and x y) (and x z). +Proof. + intros; unfold and, or, bitwise_binop. + decEq. repeat rewrite unsigned_repr; auto with ints. + apply Z_of_bits_exten; intros. + repeat rewrite bits_of_Z_of_bits; auto. + apply demorgan1. +Qed. + +Theorem xor_commut: forall x y, xor x y = xor y x. +Proof (bitwise_binop_commut xorb xorb_comm). + +Theorem xor_assoc: forall x y z, xor (xor x y) z = xor x (xor y z). +Proof. + assert (forall a b c, xorb a (xorb b c) = xorb (xorb a b) c). + symmetry. apply xorb_assoc. + exact (bitwise_binop_assoc xorb H). +Qed. + +Theorem xor_zero: forall x, xor x zero = x. +Proof. + unfold xor, bitwise_binop, zero; intros. + transitivity (repr (Z_of_bits wordsize (bits_of_Z wordsize (unsigned x)))). + decEq. apply Z_of_bits_exten. intros. + change (unsigned (repr 0)) with 0. + rewrite bits_of_Z_zero. apply xorb_false. + transitivity (repr (unsigned x)); auto with ints. + apply eqm_samerepr. apply Z_of_bits_of_Z. +Qed. + +Theorem xor_zero_one: xor zero one = one. +Proof. reflexivity. Qed. + +Theorem xor_one_one: xor one one = zero. +Proof. reflexivity. Qed. + +Theorem and_xor_distrib: + forall x y z, + and x (xor y z) = xor (and x y) (and x z). +Proof. + intros; unfold and, xor, bitwise_binop. + decEq. repeat rewrite unsigned_repr; auto with ints. + apply Z_of_bits_exten; intros. + repeat rewrite bits_of_Z_of_bits; auto. + assert (forall a b c, a && (xorb b c) = xorb (a && b) (a && c)). + destruct a; destruct b; destruct c; reflexivity. + auto. +Qed. + +(** ** Properties of shifts and rotates *) + +Lemma Z_of_bits_shift: + forall n f, + exists k, + Z_of_bits n (fun i => f (i - 1)) = + k * two_power_nat n + Z_shift_add (f (-1)) (Z_of_bits n f). +Proof. + induction n; intros. + simpl. rewrite two_power_nat_O. unfold Z_shift_add. + exists (if f (-1) then (-1) else 0). + destruct (f (-1)); omega. + rewrite two_power_nat_S. simpl. + elim (IHn (fun i => f (i + 1))). intros k' EQ. + replace (Z_of_bits n (fun i => f (i - 1 + 1))) + with (Z_of_bits n (fun i => f (i + 1 - 1))) in EQ. + rewrite EQ. + change (-1 + 1) with 0. + exists k'. + unfold Z_shift_add; destruct (f (-1)); destruct (f 0); ring. + apply Z_of_bits_exten; intros. + decEq. omega. +Qed. + +Lemma Z_of_bits_shifts: + forall m f, + 0 <= m -> + (forall i, i < 0 -> f i = false) -> + eqm (Z_of_bits wordsize (fun i => f (i - m))) + (two_p m * Z_of_bits wordsize f). +Proof. + intros. pattern m. apply natlike_ind. + apply eqm_refl2. transitivity (Z_of_bits wordsize f). + apply Z_of_bits_exten; intros. decEq. omega. + simpl two_p. omega. + intros. rewrite two_p_S; auto. + set (f' := fun i => f (i - x)). + apply eqm_trans with (Z_of_bits wordsize (fun i => f' (i - 1))). + apply eqm_refl2. apply Z_of_bits_exten; intros. + unfold f'. decEq. omega. + apply eqm_trans with (Z_shift_add (f' (-1)) (Z_of_bits wordsize f')). + exact (Z_of_bits_shift wordsize f'). + unfold f'. unfold Z_shift_add. rewrite H0. + rewrite <- Zmult_assoc. apply eqm_mult. apply eqm_refl. + apply H2. omega. assumption. +Qed. + +Lemma shl_mul_two_p: + forall x y, + shl x y = mul x (repr (two_p (unsigned y))). +Proof. + intros. unfold shl, mul. + apply eqm_samerepr. + eapply eqm_trans. + apply Z_of_bits_shifts. + generalize (unsigned_range y). omega. + intros; apply bits_of_Z_below; auto. + rewrite Zmult_comm. apply eqm_mult. + apply Z_of_bits_of_Z. apply eqm_unsigned_repr. +Qed. + +Theorem shl_zero: forall x, shl x zero = x. +Proof. + intros. rewrite shl_mul_two_p. + change (repr (two_p (unsigned zero))) with one. + apply mul_one. +Qed. + +Theorem shl_mul: + forall x y, + shl x y = mul x (shl one y). +Proof. + intros. + assert (shl one y = repr (two_p (unsigned y))). + rewrite shl_mul_two_p. rewrite mul_commut. rewrite mul_one. auto. + rewrite H. apply shl_mul_two_p. +Qed. + +Theorem shl_rolm: + forall x n, + ltu n (repr (Z_of_nat wordsize)) = true -> + shl x n = rolm x n (shl mone n). +Proof. + intros x n. unfold ltu. + rewrite unsigned_repr. case (zlt (unsigned n) (Z_of_nat wordsize)); intros LT XX. + unfold shl, rolm, rol, and, bitwise_binop. + decEq. apply Z_of_bits_exten; intros. + repeat rewrite unsigned_repr; auto with ints. + repeat rewrite bits_of_Z_of_bits; auto. + case (zlt z (unsigned n)); intro LT2. + assert (z - unsigned n < 0). omega. + rewrite (bits_of_Z_below wordsize (unsigned x) _ H0). + rewrite (bits_of_Z_below wordsize (unsigned mone) _ H0). + symmetry. apply andb_b_false. + assert (z - unsigned n < Z_of_nat wordsize). + generalize (unsigned_range n). omega. + replace (unsigned mone) with (two_power_nat wordsize - 1). + rewrite bits_of_Z_mone. rewrite andb_b_true. decEq. + rewrite Zmod_small. auto. omega. omega. + rewrite mone_max_unsigned. reflexivity. + discriminate. + compute; intuition congruence. +Qed. + +Lemma bitwise_binop_shl: + forall f x y n, + f false false = false -> + bitwise_binop f (shl x n) (shl y n) = shl (bitwise_binop f x y) n. +Proof. + intros. unfold bitwise_binop, shl. + decEq. repeat rewrite unsigned_repr; auto with ints. + apply Z_of_bits_exten; intros. + case (zlt (z - unsigned n) 0); intro. + transitivity false. repeat rewrite bits_of_Z_of_bits; auto. + repeat rewrite bits_of_Z_below; auto. + rewrite bits_of_Z_below; auto. + repeat rewrite bits_of_Z_of_bits; auto. + generalize (unsigned_range n). omega. +Qed. + +Lemma and_shl: + forall x y n, + and (shl x n) (shl y n) = shl (and x y) n. +Proof. + unfold and; intros. apply bitwise_binop_shl. reflexivity. +Qed. + +Theorem shru_rolm: + forall x n, + ltu n (repr (Z_of_nat wordsize)) = true -> + shru x n = rolm x (sub (repr (Z_of_nat wordsize)) n) (shru mone n). +Proof. + intros x n. unfold ltu. + rewrite unsigned_repr. + case (zlt (unsigned n) (Z_of_nat wordsize)); intros LT XX. + unfold shru, rolm, rol, and, bitwise_binop. + decEq. apply Z_of_bits_exten; intros. + repeat rewrite unsigned_repr; auto with ints. + repeat rewrite bits_of_Z_of_bits; auto. + unfold sub. + change (unsigned (repr (Z_of_nat wordsize))) + with (Z_of_nat wordsize). + rewrite unsigned_repr. + case (zlt (z + unsigned n) (Z_of_nat wordsize)); intro LT2. + replace (unsigned mone) with (two_power_nat wordsize - 1). + rewrite bits_of_Z_mone. rewrite andb_b_true. + decEq. + replace (z - (Z_of_nat wordsize - unsigned n)) + with ((z + unsigned n) + (-1) * Z_of_nat wordsize). + rewrite Z_mod_plus. symmetry. apply Zmod_small. + generalize (unsigned_range n). omega. omega. omega. + generalize (unsigned_range n). omega. + reflexivity. + rewrite (bits_of_Z_above wordsize (unsigned x) _ LT2). + rewrite (bits_of_Z_above wordsize (unsigned mone) _ LT2). + symmetry. apply andb_b_false. + split. omega. apply Zle_trans with (Z_of_nat wordsize). + generalize (unsigned_range n); omega. compute; intuition congruence. + discriminate. + split. omega. compute; intuition congruence. +Qed. + +Lemma bitwise_binop_shru: + forall f x y n, + f false false = false -> + bitwise_binop f (shru x n) (shru y n) = shru (bitwise_binop f x y) n. +Proof. + intros. unfold bitwise_binop, shru. + decEq. repeat rewrite unsigned_repr; auto with ints. + apply Z_of_bits_exten; intros. + case (zlt (z + unsigned n) (Z_of_nat wordsize)); intro. + repeat rewrite bits_of_Z_of_bits; auto. + generalize (unsigned_range n); omega. + transitivity false. repeat rewrite bits_of_Z_of_bits; auto. + repeat rewrite bits_of_Z_above; auto. + rewrite bits_of_Z_above; auto. +Qed. + +Lemma and_shru: + forall x y n, + and (shru x n) (shru y n) = shru (and x y) n. +Proof. + unfold and; intros. apply bitwise_binop_shru. reflexivity. +Qed. + +Theorem rol_zero: + forall x, + rol x zero = x. +Proof. + intros. unfold rol. transitivity (repr (Z_of_bits wordsize (bits_of_Z wordsize (unsigned x)))). + decEq. + transitivity (repr (unsigned x)). + decEq. apply eqm_small_eq. apply Z_of_bits_of_Z. + auto with ints. auto with ints. auto with ints. +Qed. + +Lemma bitwise_binop_rol: + forall f x y n, + bitwise_binop f (rol x n) (rol y n) = rol (bitwise_binop f x y) n. +Proof. + intros. unfold bitwise_binop, rol. + decEq. repeat (rewrite unsigned_repr; auto with ints). + apply Z_of_bits_exten; intros. + repeat rewrite bits_of_Z_of_bits; auto. + apply Z_mod_lt. compute. auto. +Qed. + +Theorem rol_and: + forall x y n, + rol (and x y) n = and (rol x n) (rol y n). +Proof. + intros. symmetry. unfold and. apply bitwise_binop_rol. +Qed. + +Theorem rol_rol: + forall x n m, + rol (rol x n) m = rol x (modu (add n m) (repr (Z_of_nat wordsize))). +Proof. + intros. unfold rol. decEq. + repeat (rewrite unsigned_repr; auto with ints). + apply Z_of_bits_exten; intros. + repeat rewrite bits_of_Z_of_bits; auto. + decEq. unfold modu, add. + set (W := Z_of_nat wordsize). + set (M := unsigned m); set (N := unsigned n). + assert (W > 0). compute; auto. + assert (forall a, eqmod W a (unsigned (repr a))). + intro. elim (eqm_unsigned_repr a). intros k EQ. + red. exists (k * (modulus / W)). + replace (k * (modulus / W) * W) with (k * modulus). auto. + rewrite <- Zmult_assoc. reflexivity. + apply eqmod_mod_eq. auto. + change (unsigned (repr W)) with W. + apply eqmod_trans with (z - (N + M) mod W). + apply eqmod_trans with ((z - M) - N). + apply eqmod_sub. apply eqmod_sym. apply eqmod_mod. auto. + apply eqmod_refl. + replace (z - M - N) with (z - (N + M)). + apply eqmod_sub. apply eqmod_refl. apply eqmod_mod. auto. + omega. + apply eqmod_sub. apply eqmod_refl. + eapply eqmod_trans; [idtac|apply H1]. + eapply eqmod_trans; [idtac|apply eqmod_mod]. + apply eqmod_sym. eapply eqmod_trans; [idtac|apply eqmod_mod]. + apply eqmod_sym. apply H1. auto. auto. + apply Z_mod_lt. compute; auto. +Qed. + +Theorem rolm_zero: + forall x m, + rolm x zero m = and x m. +Proof. + intros. unfold rolm. rewrite rol_zero. auto. +Qed. + +Theorem rolm_rolm: + forall x n1 m1 n2 m2, + rolm (rolm x n1 m1) n2 m2 = + rolm x (modu (add n1 n2) (repr (Z_of_nat wordsize))) + (and (rol m1 n2) m2). +Proof. + intros. + unfold rolm. rewrite rol_and. rewrite and_assoc. + rewrite rol_rol. reflexivity. +Qed. + +Theorem rol_or: + forall x y n, + rol (or x y) n = or (rol x n) (rol y n). +Proof. + intros. symmetry. unfold or. apply bitwise_binop_rol. +Qed. + +Theorem or_rolm: + forall x n m1 m2, + or (rolm x n m1) (rolm x n m2) = rolm x n (or m1 m2). +Proof. + intros; unfold rolm. symmetry. apply and_or_distrib. +Qed. + +(** ** Relation between shifts and powers of 2 *) + +Fixpoint powerserie (l: list Z): Z := + match l with + | nil => 0 + | x :: xs => two_p x + powerserie xs + end. + +Lemma Z_bin_decomp_range: + forall x n, + 0 <= x < 2 * n -> 0 <= snd (Z_bin_decomp x) < n. +Proof. + intros. rewrite <- (Z_shift_add_bin_decomp x) in H. + unfold Z_shift_add in H. destruct (fst (Z_bin_decomp x)); omega. +Qed. + +Lemma Z_one_bits_powerserie: + forall x, 0 <= x < modulus -> x = powerserie (Z_one_bits wordsize x 0). +Proof. + assert (forall n x i, + 0 <= i -> + 0 <= x < two_power_nat n -> + x * two_p i = powerserie (Z_one_bits n x i)). + induction n; intros. + simpl. rewrite two_power_nat_O in H0. + assert (x = 0). omega. subst x. omega. + rewrite two_power_nat_S in H0. simpl Z_one_bits. + generalize (Z_shift_add_bin_decomp x). + generalize (Z_bin_decomp_range x _ H0). + case (Z_bin_decomp x). simpl. intros b y RANGE SHADD. + subst x. unfold Z_shift_add. + destruct b. simpl powerserie. rewrite <- IHn. + rewrite two_p_is_exp. change (two_p 1) with 2. ring. + auto. omega. omega. auto. + rewrite <- IHn. + rewrite two_p_is_exp. change (two_p 1) with 2. ring. + auto. omega. omega. auto. + intros. rewrite <- H. change (two_p 0) with 1. omega. + omega. exact H0. +Qed. + +Lemma Z_one_bits_range: + forall x i, In i (Z_one_bits wordsize x 0) -> 0 <= i < Z_of_nat wordsize. +Proof. + assert (forall n x i j, + In j (Z_one_bits n x i) -> i <= j < i + Z_of_nat n). + induction n; simpl In. + intros; elim H. + intros x i j. destruct (Z_bin_decomp x). case b. + rewrite inj_S. simpl. intros [A|B]. subst j. omega. + generalize (IHn _ _ _ B). omega. + intros B. rewrite inj_S. generalize (IHn _ _ _ B). omega. + intros. generalize (H wordsize x 0 i H0). omega. +Qed. + +Lemma is_power2_rng: + forall n logn, + is_power2 n = Some logn -> + 0 <= unsigned logn < Z_of_nat wordsize. +Proof. + intros n logn. unfold is_power2. + generalize (Z_one_bits_range (unsigned n)). + destruct (Z_one_bits wordsize (unsigned n) 0). + intros; discriminate. + destruct l. + intros. injection H0; intro; subst logn; clear H0. + assert (0 <= z < Z_of_nat wordsize). + apply H. auto with coqlib. + rewrite unsigned_repr. auto. + assert (Z_of_nat wordsize < max_unsigned). compute. auto. + omega. + intros; discriminate. +Qed. + +Theorem is_power2_range: + forall n logn, + is_power2 n = Some logn -> ltu logn (repr (Z_of_nat wordsize)) = true. +Proof. + intros. unfold ltu. + change (unsigned (repr (Z_of_nat wordsize))) with (Z_of_nat wordsize). + generalize (is_power2_rng _ _ H). + case (zlt (unsigned logn) (Z_of_nat wordsize)); intros. + auto. omegaContradiction. +Qed. + +Lemma is_power2_correct: + forall n logn, + is_power2 n = Some logn -> + unsigned n = two_p (unsigned logn). +Proof. + intros n logn. unfold is_power2. + generalize (Z_one_bits_powerserie (unsigned n) (unsigned_range n)). + generalize (Z_one_bits_range (unsigned n)). + destruct (Z_one_bits wordsize (unsigned n) 0). + intros; discriminate. + destruct l. + intros. simpl in H0. injection H1; intros; subst logn; clear H1. + rewrite unsigned_repr. replace (two_p z) with (two_p z + 0). + auto. omega. elim (H z); intros. + assert (Z_of_nat wordsize < max_unsigned). compute; auto. + omega. auto with coqlib. + intros; discriminate. +Qed. + +Theorem mul_pow2: + forall x n logn, + is_power2 n = Some logn -> + mul x n = shl x logn. +Proof. + intros. generalize (is_power2_correct n logn H); intro. + rewrite shl_mul_two_p. rewrite <- H0. rewrite repr_unsigned. + auto. +Qed. + +Lemma Z_of_bits_shift_rev: + forall n f, + (forall i, i >= Z_of_nat n -> f i = false) -> + Z_of_bits n f = Z_shift_add (f 0) (Z_of_bits n (fun i => f(i + 1))). +Proof. + induction n; intros. + simpl. rewrite H. reflexivity. unfold Z_of_nat. omega. + simpl. rewrite (IHn (fun i => f (i + 1))). + reflexivity. + intros. apply H. rewrite inj_S. omega. +Qed. + +Lemma Z_of_bits_shifts_rev: + forall m f, + 0 <= m -> + (forall i, i >= Z_of_nat wordsize -> f i = false) -> + exists k, + Z_of_bits wordsize f = k + two_p m * Z_of_bits wordsize (fun i => f(i + m)) + /\ 0 <= k < two_p m. +Proof. + intros. pattern m. apply natlike_ind. + exists 0. change (two_p 0) with 1. split. + transitivity (Z_of_bits wordsize (fun i => f (i + 0))). + apply Z_of_bits_exten. intros. decEq. omega. + omega. omega. + intros x POSx [k [EQ1 RANGE1]]. + set (f' := fun i => f (i + x)) in *. + assert (forall i, i >= Z_of_nat wordsize -> f' i = false). + intros. unfold f'. apply H0. omega. + generalize (Z_of_bits_shift_rev wordsize f' H1). intro. + rewrite EQ1. rewrite H2. + set (z := Z_of_bits wordsize (fun i => f (i + Zsucc x))). + replace (Z_of_bits wordsize (fun i => f' (i + 1))) with z. + rewrite two_p_S. + case (f' 0); unfold Z_shift_add. + exists (k + two_p x). split. ring. omega. + exists k. split. ring. omega. + auto. + unfold z. apply Z_of_bits_exten; intros. unfold f'. + decEq. omega. + auto. +Qed. + +Lemma shru_div_two_p: + forall x y, + shru x y = repr (unsigned x / two_p (unsigned y)). +Proof. + intros. unfold shru. + set (x' := unsigned x). set (y' := unsigned y). + elim (Z_of_bits_shifts_rev y' (bits_of_Z wordsize x')). + intros k [EQ RANGE]. + replace (Z_of_bits wordsize (bits_of_Z wordsize x')) with x' in EQ. + rewrite Zplus_comm in EQ. rewrite Zmult_comm in EQ. + generalize (Zdiv_unique _ _ _ _ EQ RANGE). intros. + rewrite H. auto. + apply eqm_small_eq. apply eqm_sym. apply Z_of_bits_of_Z. + unfold x'. apply unsigned_range. + auto with ints. + generalize (unsigned_range y). unfold y'. omega. + intros. apply bits_of_Z_above. auto. +Qed. + +Theorem shru_zero: + forall x, shru x zero = x. +Proof. + intros. rewrite shru_div_two_p. change (two_p (unsigned zero)) with 1. + transitivity (repr (unsigned x)). decEq. apply Zdiv_unique with 0. + omega. omega. auto with ints. +Qed. + +Theorem shr_zero: + forall x, shr x zero = x. +Proof. + intros. unfold shr. change (two_p (unsigned zero)) with 1. + replace (signed x / 1) with (signed x). + apply repr_signed. + symmetry. apply Zdiv_unique with 0. omega. omega. +Qed. + +Theorem divu_pow2: + forall x n logn, + is_power2 n = Some logn -> + divu x n = shru x logn. +Proof. + intros. generalize (is_power2_correct n logn H). intro. + symmetry. unfold divu. rewrite H0. apply shru_div_two_p. +Qed. + +Lemma modu_divu_Euclid: + forall x y, y <> zero -> x = add (mul (divu x y) y) (modu x y). +Proof. + intros. unfold add, mul, divu, modu. + transitivity (repr (unsigned x)). auto with ints. + apply eqm_samerepr. + set (x' := unsigned x). set (y' := unsigned y). + apply eqm_trans with ((x' / y') * y' + x' mod y'). + apply eqm_refl2. rewrite Zmult_comm. apply Z_div_mod_eq. + generalize (unsigned_range y); intro. + assert (unsigned y <> 0). red; intro. + elim H. rewrite <- (repr_unsigned y). unfold zero. congruence. + unfold y'. omega. + auto with ints. +Qed. + +Theorem modu_divu: + forall x y, y <> zero -> modu x y = sub x (mul (divu x y) y). +Proof. + intros. + assert (forall a b c, a = add b c -> c = sub a b). + intros. subst a. rewrite sub_add_l. rewrite sub_idem. + rewrite add_commut. rewrite add_zero. auto. + apply H0. apply modu_divu_Euclid. auto. +Qed. + +Theorem mods_divs: + forall x y, mods x y = sub x (mul (divs x y) y). +Proof. + intros; unfold mods, sub, mul, divs. + apply eqm_samerepr. + unfold Zmod_round. + apply eqm_sub. apply eqm_signed_unsigned. + apply eqm_unsigned_repr_r. + apply eqm_mult. auto with ints. apply eqm_signed_unsigned. +Qed. + +Theorem divs_pow2: + forall x n logn, + is_power2 n = Some logn -> + divs x n = shrx x logn. +Proof. + intros. generalize (is_power2_correct _ _ H); intro. + unfold shrx. rewrite shl_mul_two_p. + rewrite mul_commut. rewrite mul_one. + rewrite <- H0. rewrite repr_unsigned. auto. +Qed. + +Theorem shrx_carry: + forall x y, + add (shr x y) (shr_carry x y) = shrx x y. +Proof. + intros. unfold shr_carry. + rewrite sub_add_opp. rewrite add_permut. + rewrite add_neg_zero. apply add_zero. +Qed. + +Lemma add_and: + forall x y z, + and y z = zero -> + or y z = mone -> + add (and x y) (and x z) = x. +Proof. + intros. unfold add. transitivity (repr (unsigned x)); auto with ints. + decEq. unfold and, bitwise_binop. + repeat rewrite unsigned_repr; auto with ints. + transitivity (Z_of_bits wordsize (bits_of_Z wordsize (unsigned x))). + apply Z_of_bits_excl. intros. + assert (forall a b c, a && b && (a && c) = a && (b && c)). + destruct a; destruct b; destruct c; reflexivity. + rewrite H2. + replace (bits_of_Z wordsize (unsigned y) i && + bits_of_Z wordsize (unsigned z) i) + with (bits_of_Z wordsize (unsigned (and y z)) i). + rewrite H. change (unsigned zero) with 0. + rewrite bits_of_Z_zero. apply andb_b_false. + unfold and, bitwise_binop. + rewrite unsigned_repr; auto with ints. rewrite bits_of_Z_of_bits. + reflexivity. auto. + intros. rewrite <- demorgan1. + replace (bits_of_Z wordsize (unsigned y) i || + bits_of_Z wordsize (unsigned z) i) + with (bits_of_Z wordsize (unsigned (or y z)) i). + rewrite H0. change (unsigned mone) with (two_power_nat wordsize - 1). + rewrite bits_of_Z_mone; auto. apply andb_b_true. + unfold or, bitwise_binop. + rewrite unsigned_repr; auto with ints. rewrite bits_of_Z_of_bits; auto. + apply eqm_small_eq; auto with ints. apply Z_of_bits_of_Z. +Qed. + +(** To prove equalities involving modulus and bitwise ``and'', we need to + show complicated integer equalities involving one integer variable + that ranges between 0 and 31. Rather than proving these equalities, + we ask Coq to check them by computing the 32 values of the + left and right-hand sides and checking that they are equal. + This is an instance of proving by reflection. *) + +Section REFLECTION. + +Variables (f g: int -> int). + +Fixpoint check_equal_on_range (n: nat) : bool := + match n with + | O => true + | S n => if eq (f (repr (Z_of_nat n))) (g (repr (Z_of_nat n))) + then check_equal_on_range n + else false + end. + +Lemma check_equal_on_range_correct: + forall n, + check_equal_on_range n = true -> + forall z, 0 <= z < Z_of_nat n -> f (repr z) = g (repr z). +Proof. + induction n. + simpl; intros; omegaContradiction. + simpl check_equal_on_range. + set (fn := f (repr (Z_of_nat n))). + set (gn := g (repr (Z_of_nat n))). + generalize (eq_spec fn gn). + case (eq fn gn); intros. + rewrite inj_S in H1. + assert (0 <= z < Z_of_nat n \/ z = Z_of_nat n). omega. + elim H2; intro. + apply IHn. auto. auto. + subst z; auto. + discriminate. +Qed. + +Lemma equal_on_range: + check_equal_on_range wordsize = true -> + forall n, 0 <= unsigned n < Z_of_nat wordsize -> + f n = g n. +Proof. + intros. replace n with (repr (unsigned n)). + apply check_equal_on_range_correct with wordsize; auto. + apply repr_unsigned. +Qed. + +End REFLECTION. + +(** Here are the three equalities that we prove by reflection. *) + +Remark modu_and_masks_1: + forall logn, 0 <= unsigned logn < Z_of_nat wordsize -> + rol (shru mone logn) logn = shl mone logn. +Proof (equal_on_range + (fun l => rol (shru mone l) l) + (fun l => shl mone l) + (refl_equal true)). +Remark modu_and_masks_2: + forall logn, 0 <= unsigned logn < Z_of_nat wordsize -> + and (shl mone logn) (sub (repr (two_p (unsigned logn))) one) = zero. +Proof (equal_on_range + (fun l => and (shl mone l) + (sub (repr (two_p (unsigned l))) one)) + (fun l => zero) + (refl_equal true)). +Remark modu_and_masks_3: + forall logn, 0 <= unsigned logn < Z_of_nat wordsize -> + or (shl mone logn) (sub (repr (two_p (unsigned logn))) one) = mone. +Proof (equal_on_range + (fun l => or (shl mone l) + (sub (repr (two_p (unsigned l))) one)) + (fun l => mone) + (refl_equal true)). + +Theorem modu_and: + forall x n logn, + is_power2 n = Some logn -> + modu x n = and x (sub n one). +Proof. + intros. generalize (is_power2_correct _ _ H); intro. + generalize (is_power2_rng _ _ H); intro. + assert (n <> zero). + red; intro. subst n. change (unsigned zero) with 0 in H0. + assert (two_p (unsigned logn) > 0). apply two_p_gt_ZERO. omega. + omegaContradiction. + generalize (modu_divu_Euclid x n H2); intro. + assert (forall a b c, add a b = add a c -> b = c). + intros. assert (sub (add a b) a = sub (add a c) a). congruence. + repeat rewrite sub_add_l in H5. repeat rewrite sub_idem in H5. + rewrite add_commut in H5; rewrite add_zero in H5. + rewrite add_commut in H5; rewrite add_zero in H5. + auto. + apply H4 with (mul (divu x n) n). + rewrite <- H3. + rewrite (divu_pow2 x n logn H). + rewrite (mul_pow2 (shru x logn) n logn H). + rewrite shru_rolm. rewrite shl_rolm. rewrite rolm_rolm. + rewrite sub_add_opp. rewrite add_assoc. + replace (add (neg logn) logn) with zero. + rewrite add_zero. + change (modu (repr (Z_of_nat wordsize)) (repr (Z_of_nat wordsize))) + with zero. + rewrite rolm_zero. + symmetry. + replace n with (repr (two_p (unsigned logn))). + rewrite modu_and_masks_1; auto. + rewrite and_idem. + apply add_and. apply modu_and_masks_2; auto. apply modu_and_masks_3; auto. + transitivity (repr (unsigned n)). decEq. auto. auto with ints. + rewrite add_commut. rewrite add_neg_zero. auto. + unfold ltu. apply zlt_true. + change (unsigned (repr (Z_of_nat wordsize))) with (Z_of_nat wordsize). + omega. + unfold ltu. apply zlt_true. + change (unsigned (repr (Z_of_nat wordsize))) with (Z_of_nat wordsize). + omega. +Qed. + +(** ** Properties of integer zero extension and sign extension. *) + +Theorem cast8unsigned_and: + forall x, cast8unsigned x = and x (repr 255). +Proof. + intros; unfold cast8unsigned. + change (repr (unsigned x mod 256)) with (modu x (repr 256)). + change (repr 255) with (sub (repr 256) one). + apply modu_and with (repr 8). reflexivity. +Qed. + +Theorem cast16unsigned_and: + forall x, cast16unsigned x = and x (repr 65535). +Proof. + intros; unfold cast16unsigned. + change (repr (unsigned x mod 65536)) with (modu x (repr 65536)). + change (repr 65535) with (sub (repr 65536) one). + apply modu_and with (repr 16). reflexivity. +Qed. + +Lemma eqmod_256_unsigned_repr: + forall a, eqmod 256 a (unsigned (repr a)). +Proof. + intros. generalize (eqm_unsigned_repr a). unfold eqm, eqmod. + intros [k EQ]. exists (k * (modulus / 256)). + replace (k * (modulus / 256) * 256) + with (k * ((modulus / 256) * 256)). + exact EQ. ring. +Qed. + +Lemma eqmod_65536_unsigned_repr: + forall a, eqmod 65536 a (unsigned (repr a)). +Proof. + intros. generalize (eqm_unsigned_repr a). unfold eqm, eqmod. + intros [k EQ]. exists (k * (modulus / 65536)). + replace (k * (modulus / 65536) * 65536) + with (k * ((modulus / 65536) * 65536)). + exact EQ. ring. +Qed. + +Theorem cast8_signed_unsigned: + forall n, cast8signed (cast8unsigned n) = cast8signed n. +Proof. + intros; unfold cast8signed, cast8unsigned. + set (N := unsigned n). + rewrite unsigned_repr. + replace ((N mod 256) mod 256) with (N mod 256). + auto. + symmetry. apply Zmod_small. apply Z_mod_lt. omega. + assert (0 <= N mod 256 < 256). apply Z_mod_lt. omega. + assert (256 < max_unsigned). compute; auto. + omega. +Qed. + +Theorem cast8_unsigned_signed: + forall n, cast8unsigned (cast8signed n) = cast8unsigned n. +Proof. + intros; unfold cast8signed, cast8unsigned. + set (N := unsigned n mod 256). + assert (0 <= N < 256). unfold N; apply Z_mod_lt. omega. + assert (N mod 256 = N). apply Zmod_small. auto. + assert (256 <= max_unsigned). compute; congruence. + decEq. + case (zlt N 128); intro. + rewrite unsigned_repr. auto. omega. + transitivity (N mod 256); auto. + apply eqmod_mod_eq. omega. + apply eqmod_trans with (N - 256). apply eqmod_sym. apply eqmod_256_unsigned_repr. + assert (eqmod 256 (N - 256) (N - 0)). + apply eqmod_sub. apply eqmod_refl. + red. exists 1; reflexivity. + replace (N - 0) with N in H2. auto. omega. +Qed. + +Theorem cast16_unsigned_signed: + forall n, cast16unsigned (cast16signed n) = cast16unsigned n. +Proof. + intros; unfold cast16signed, cast16unsigned. + set (N := unsigned n mod 65536). + assert (0 <= N < 65536). unfold N; apply Z_mod_lt. omega. + assert (N mod 65536 = N). apply Zmod_small. auto. + assert (65536 <= max_unsigned). compute; congruence. + decEq. + case (zlt N 32768); intro. + rewrite unsigned_repr. auto. omega. + transitivity (N mod 65536); auto. + apply eqmod_mod_eq. omega. + apply eqmod_trans with (N - 65536). apply eqmod_sym. apply eqmod_65536_unsigned_repr. + assert (eqmod 65536 (N - 65536) (N - 0)). + apply eqmod_sub. apply eqmod_refl. + red. exists 1; reflexivity. + replace (N - 0) with N in H2. auto. omega. +Qed. + +Theorem cast8_unsigned_idem: + forall n, cast8unsigned (cast8unsigned n) = cast8unsigned n. +Proof. + intros. repeat rewrite cast8unsigned_and. + rewrite and_assoc. reflexivity. +Qed. + +Theorem cast16_unsigned_idem: + forall n, cast16unsigned (cast16unsigned n) = cast16unsigned n. +Proof. + intros. repeat rewrite cast16unsigned_and. + rewrite and_assoc. reflexivity. +Qed. + +Theorem cast8_signed_idem: + forall n, cast8signed (cast8signed n) = cast8signed n. +Proof. + intros; unfold cast8signed. + set (N := unsigned n mod 256). + assert (256 < max_unsigned). compute; auto. + assert (0 <= N < 256). unfold N. apply Z_mod_lt. omega. + case (zlt N 128); intro. + assert (unsigned (repr N) = N). + apply unsigned_repr. omega. + rewrite H1. + replace (N mod 256) with N. apply zlt_true. auto. + symmetry. apply Zmod_small. auto. + set (M := (unsigned (repr (N - 256)) mod 256)). + assert (M = N). + unfold M, N. apply eqmod_mod_eq. omega. + apply eqmod_trans with (unsigned n mod 256 - 256). + apply eqmod_sym. apply eqmod_256_unsigned_repr. + apply eqmod_trans with (unsigned n - 0). + apply eqmod_sub. + apply eqmod_sym. apply eqmod_mod. omega. + unfold eqmod. exists 1; omega. + apply eqmod_refl2. omega. + rewrite H1. rewrite zlt_false; auto. +Qed. + +Theorem cast16_signed_idem: + forall n, cast16signed (cast16signed n) = cast16signed n. +Proof. + intros; unfold cast16signed. + set (N := unsigned n mod 65536). + assert (65536 < max_unsigned). compute; auto. + assert (0 <= N < 65536). unfold N. apply Z_mod_lt. omega. + case (zlt N 32768); intro. + assert (unsigned (repr N) = N). + apply unsigned_repr. omega. + rewrite H1. + replace (N mod 65536) with N. apply zlt_true. auto. + symmetry. apply Zmod_small. auto. + set (M := (unsigned (repr (N - 65536)) mod 65536)). + assert (M = N). + unfold M, N. apply eqmod_mod_eq. omega. + apply eqmod_trans with (unsigned n mod 65536 - 65536). + apply eqmod_sym. apply eqmod_65536_unsigned_repr. + apply eqmod_trans with (unsigned n - 0). + apply eqmod_sub. + apply eqmod_sym. apply eqmod_mod. omega. + unfold eqmod. exists 1; omega. + apply eqmod_refl2. omega. + rewrite H1. rewrite zlt_false; auto. +Qed. + +Theorem cast8_signed_equal_if_unsigned_equal: + forall x y, + cast8unsigned x = cast8unsigned y -> + cast8signed x = cast8signed y. +Proof. + unfold cast8unsigned, cast8signed; intros until y. + set (x' := unsigned x mod 256). + set (y' := unsigned y mod 256). + intro. + assert (eqm x' y'). + apply eqm_trans with (unsigned (repr x')). apply eqm_unsigned_repr. + rewrite H. apply eqm_sym. apply eqm_unsigned_repr. + assert (forall z, 0 <= z mod 256 < modulus). + intros. + assert (0 <= z mod 256 < 256). apply Z_mod_lt. omega. + assert (256 <= modulus). compute. congruence. + omega. + assert (x' = y'). + apply eqm_small_eq; unfold x', y'; auto. + rewrite H2. auto. +Qed. + +Theorem cast16_signed_equal_if_unsigned_equal: + forall x y, + cast16unsigned x = cast16unsigned y -> + cast16signed x = cast16signed y. +Proof. + unfold cast16unsigned, cast16signed; intros until y. + set (x' := unsigned x mod 65536). + set (y' := unsigned y mod 65536). + intro. + assert (eqm x' y'). + apply eqm_trans with (unsigned (repr x')). apply eqm_unsigned_repr. + rewrite H. apply eqm_sym. apply eqm_unsigned_repr. + assert (forall z, 0 <= z mod 65536 < modulus). + intros. + assert (0 <= z mod 65536 < 65536). apply Z_mod_lt. omega. + assert (65536 <= modulus). compute. congruence. + omega. + assert (x' = y'). + apply eqm_small_eq; unfold x', y'; auto. + rewrite H2. auto. +Qed. + +(** ** Properties of [one_bits] (decomposition in sum of powers of two) *) + +Opaque Z_one_bits. (* Otherwise, next Qed blows up! *) + +Theorem one_bits_range: + forall x i, In i (one_bits x) -> ltu i (repr (Z_of_nat wordsize)) = true. +Proof. + intros. unfold one_bits in H. + elim (list_in_map_inv _ _ _ H). intros i0 [EQ IN]. + subst i. unfold ltu. apply zlt_true. + generalize (Z_one_bits_range _ _ IN). intros. + assert (0 <= Z_of_nat wordsize <= max_unsigned). + compute. intuition congruence. + repeat rewrite unsigned_repr; omega. +Qed. + +Fixpoint int_of_one_bits (l: list int) : int := + match l with + | nil => zero + | a :: b => add (shl one a) (int_of_one_bits b) + end. + +Theorem one_bits_decomp: + forall x, x = int_of_one_bits (one_bits x). +Proof. + intros. + transitivity (repr (powerserie (Z_one_bits wordsize (unsigned x) 0))). + transitivity (repr (unsigned x)). + auto with ints. decEq. apply Z_one_bits_powerserie. + auto with ints. + unfold one_bits. + generalize (Z_one_bits_range (unsigned x)). + generalize (Z_one_bits wordsize (unsigned x) 0). + induction l. + intros; reflexivity. + intros; simpl. rewrite <- IHl. unfold add. apply eqm_samerepr. + apply eqm_add. rewrite shl_mul_two_p. rewrite mul_commut. + rewrite mul_one. apply eqm_unsigned_repr_r. + rewrite unsigned_repr. auto with ints. + generalize (H a (in_eq _ _)). + assert (Z_of_nat wordsize < max_unsigned). compute; auto. omega. + auto with ints. + intros; apply H; auto with coqlib. +Qed. + +(** ** Properties of comparisons *) + +Theorem negate_cmp: + forall c x y, cmp (negate_comparison c) x y = negb (cmp c x y). +Proof. + intros. destruct c; simpl; try rewrite negb_elim; auto. +Qed. + +Theorem negate_cmpu: + forall c x y, cmpu (negate_comparison c) x y = negb (cmpu c x y). +Proof. + intros. destruct c; simpl; try rewrite negb_elim; auto. +Qed. + +Theorem swap_cmp: + forall c x y, cmp (swap_comparison c) x y = cmp c y x. +Proof. + intros. destruct c; simpl; auto. apply eq_sym. decEq. apply eq_sym. +Qed. + +Theorem swap_cmpu: + forall c x y, cmpu (swap_comparison c) x y = cmpu c y x. +Proof. + intros. destruct c; simpl; auto. apply eq_sym. decEq. apply eq_sym. +Qed. + +Lemma translate_eq: + forall x y d, + eq (add x d) (add y d) = eq x y. +Proof. + intros. unfold eq. case (zeq (unsigned x) (unsigned y)); intro. + unfold add. rewrite e. apply zeq_true. + apply zeq_false. unfold add. red; intro. apply n. + apply eqm_small_eq; auto with ints. + replace (unsigned x) with ((unsigned x + unsigned d) - unsigned d). + replace (unsigned y) with ((unsigned y + unsigned d) - unsigned d). + apply eqm_sub. apply eqm_trans with (unsigned (repr (unsigned x + unsigned d))). + eauto with ints. apply eqm_trans with (unsigned (repr (unsigned y + unsigned d))). + eauto with ints. eauto with ints. eauto with ints. + omega. omega. +Qed. + +Lemma translate_lt: + forall x y d, + min_signed <= signed x + signed d <= max_signed -> + min_signed <= signed y + signed d <= max_signed -> + lt (add x d) (add y d) = lt x y. +Proof. + intros. repeat rewrite add_signed. unfold lt. + repeat rewrite signed_repr; auto. case (zlt (signed x) (signed y)); intro. + apply zlt_true. omega. + apply zlt_false. omega. +Qed. + +Theorem translate_cmp: + forall c x y d, + min_signed <= signed x + signed d <= max_signed -> + min_signed <= signed y + signed d <= max_signed -> + cmp c (add x d) (add y d) = cmp c x y. +Proof. + intros. unfold cmp. + rewrite translate_eq. repeat rewrite translate_lt; auto. +Qed. + +Theorem notbool_isfalse_istrue: + forall x, is_false x -> is_true (notbool x). +Proof. + unfold is_false, is_true, notbool; intros; subst x. + simpl. discriminate. +Qed. + +Theorem notbool_istrue_isfalse: + forall x, is_true x -> is_false (notbool x). +Proof. + unfold is_false, is_true, notbool; intros. + generalize (eq_spec x zero). case (eq x zero); intro. + contradiction. auto. +Qed. + +End Int. diff --git a/lib/Lattice.v b/lib/Lattice.v new file mode 100644 index 00000000..7adcffba --- /dev/null +++ b/lib/Lattice.v @@ -0,0 +1,331 @@ +(** Constructions of semi-lattices. *) + +Require Import Coqlib. +Require Import Maps. + +(** * Signatures of semi-lattices *) + +(** A semi-lattice is a type [t] equipped with a decidable equality [eq], + a partial order [ge], a smallest element [bot], and an upper + bound operation [lub]. Note that we do not demand that [lub] computes + the least upper bound. *) + +Module Type SEMILATTICE. + + Variable t: Set. + Variable eq: forall (x y: t), {x=y} + {x<>y}. + Variable ge: t -> t -> Prop. + Hypothesis ge_refl: forall x, ge x x. + Hypothesis ge_trans: forall x y z, ge x y -> ge y z -> ge x z. + Variable bot: t. + Hypothesis ge_bot: forall x, ge x bot. + Variable lub: t -> t -> t. + Hypothesis lub_commut: forall x y, lub x y = lub y x. + Hypothesis ge_lub_left: forall x y, ge (lub x y) x. + +End SEMILATTICE. + +(** A semi-lattice ``with top'' is similar, but also has a greatest + element [top]. *) + +Module Type SEMILATTICE_WITH_TOP. + + Variable t: Set. + Variable eq: forall (x y: t), {x=y} + {x<>y}. + Variable ge: t -> t -> Prop. + Hypothesis ge_refl: forall x, ge x x. + Hypothesis ge_trans: forall x y z, ge x y -> ge y z -> ge x z. + Variable bot: t. + Hypothesis ge_bot: forall x, ge x bot. + Variable top: t. + Hypothesis ge_top: forall x, ge top x. + Variable lub: t -> t -> t. + Hypothesis lub_commut: forall x y, lub x y = lub y x. + Hypothesis ge_lub_left: forall x y, ge (lub x y) x. + +End SEMILATTICE_WITH_TOP. + +(** * Semi-lattice over maps *) + +(** Given a semi-lattice with top [L], the following functor implements + a semi-lattice structure over finite maps from positive numbers to [L.t]. + The default value for these maps is either [L.top] or [L.bot]. *) + +Module LPMap(L: SEMILATTICE_WITH_TOP) <: SEMILATTICE_WITH_TOP. + +Inductive t_ : Set := + | Bot_except: PTree.t L.t -> t_ + | Top_except: PTree.t L.t -> t_. + +Definition t: Set := t_. + +Lemma eq: forall (x y: t), {x=y} + {x<>y}. +Proof. + assert (forall m1 m2: PTree.t L.t, {m1=m2} + {m1<>m2}). + apply PTree.eq. exact L.eq. + decide equality. +Qed. + +Definition get (p: positive) (x: t) : L.t := + match x with + | Bot_except m => + match m!p with None => L.bot | Some x => x end + | Top_except m => + match m!p with None => L.top | Some x => x end + end. + +Definition set (p: positive) (v: L.t) (x: t) : t := + match x with + | Bot_except m => + Bot_except (PTree.set p v m) + | Top_except m => + Top_except (PTree.set p v m) + end. + +Lemma gss: + forall p v x, + get p (set p v x) = v. +Proof. + intros. destruct x; simpl; rewrite PTree.gss; auto. +Qed. + +Lemma gso: + forall p q v x, + p <> q -> get p (set q v x) = get p x. +Proof. + intros. destruct x; simpl; rewrite PTree.gso; auto. +Qed. + +Definition ge (x y: t) : Prop := + forall p, L.ge (get p x) (get p y). + +Lemma ge_refl: forall x, ge x x. +Proof. + unfold ge; intros. apply L.ge_refl. +Qed. + +Lemma ge_trans: forall x y z, ge x y -> ge y z -> ge x z. +Proof. + unfold ge; intros. apply L.ge_trans with (get p y); auto. +Qed. + +Definition bot := Bot_except (PTree.empty L.t). + +Lemma get_bot: forall p, get p bot = L.bot. +Proof. + unfold bot; intros; simpl. rewrite PTree.gempty. auto. +Qed. + +Lemma ge_bot: forall x, ge x bot. +Proof. + unfold ge; intros. rewrite get_bot. apply L.ge_bot. +Qed. + +Definition top := Top_except (PTree.empty L.t). + +Lemma get_top: forall p, get p top = L.top. +Proof. + unfold top; intros; simpl. rewrite PTree.gempty. auto. +Qed. + +Lemma ge_top: forall x, ge top x. +Proof. + unfold ge; intros. rewrite get_top. apply L.ge_top. +Qed. + +Definition lub (x y: t) : t := + match x, y with + | Bot_except m, Bot_except n => + Bot_except + (PTree.combine + (fun a b => + match a, b with + | Some u, Some v => Some (L.lub u v) + | None, _ => b + | _, None => a + end) + m n) + | Bot_except m, Top_except n => + Top_except + (PTree.combine + (fun a b => + match a, b with + | Some u, Some v => Some (L.lub u v) + | None, _ => b + | _, None => None + end) + m n) + | Top_except m, Bot_except n => + Top_except + (PTree.combine + (fun a b => + match a, b with + | Some u, Some v => Some (L.lub u v) + | None, _ => None + | _, None => a + end) + m n) + | Top_except m, Top_except n => + Top_except + (PTree.combine + (fun a b => + match a, b with + | Some u, Some v => Some (L.lub u v) + | _, _ => None + end) + m n) + end. + +Lemma lub_commut: + forall x y, lub x y = lub y x. +Proof. + destruct x; destruct y; unfold lub; decEq; + apply PTree.combine_commut; intros; + (destruct i; destruct j; auto; decEq; apply L.lub_commut). +Qed. + +Lemma ge_lub_left: + forall x y, ge (lub x y) x. +Proof. + unfold ge, get, lub; intros; destruct x; destruct y. + + rewrite PTree.gcombine. + destruct t0!p. destruct t1!p. apply L.ge_lub_left. + apply L.ge_refl. destruct t1!p. apply L.ge_bot. apply L.ge_refl. + auto. + + rewrite PTree.gcombine. + destruct t0!p. destruct t1!p. apply L.ge_lub_left. + apply L.ge_top. destruct t1!p. apply L.ge_bot. apply L.ge_bot. + auto. + + rewrite PTree.gcombine. + destruct t0!p. destruct t1!p. apply L.ge_lub_left. + apply L.ge_refl. apply L.ge_refl. auto. + + rewrite PTree.gcombine. + destruct t0!p. destruct t1!p. apply L.ge_lub_left. + apply L.ge_top. apply L.ge_refl. + auto. +Qed. + +End LPMap. + +(** * Flat semi-lattice *) + +(** Given a type with decidable equality [X], the following functor + returns a semi-lattice structure over [X.t] complemented with + a top and a bottom element. The ordering is the flat ordering + [Bot < Inj x < Top]. *) + +Module LFlat(X: EQUALITY_TYPE) <: SEMILATTICE_WITH_TOP. + +Inductive t_ : Set := + | Bot: t_ + | Inj: X.t -> t_ + | Top: t_. + +Definition t : Set := t_. + +Lemma eq: forall (x y: t), {x=y} + {x<>y}. +Proof. + decide equality. apply X.eq. +Qed. + +Definition ge (x y: t) : Prop := + match x, y with + | Top, _ => True + | _, Bot => True + | Inj a, Inj b => a = b + | _, _ => False + end. + +Lemma ge_refl: forall x, ge x x. +Proof. + unfold ge; destruct x; auto. +Qed. + +Lemma ge_trans: forall x y z, ge x y -> ge y z -> ge x z. +Proof. + unfold ge; destruct x; destruct y; try destruct z; intuition. + transitivity t1; auto. +Qed. + +Definition bot: t := Bot. + +Lemma ge_bot: forall x, ge x bot. +Proof. + destruct x; simpl; auto. +Qed. + +Definition top: t := Top. + +Lemma ge_top: forall x, ge top x. +Proof. + destruct x; simpl; auto. +Qed. + +Definition lub (x y: t) : t := + match x, y with + | Bot, _ => y + | _, Bot => x + | Top, _ => Top + | _, Top => Top + | Inj a, Inj b => if X.eq a b then Inj a else Top + end. + +Lemma lub_commut: forall x y, lub x y = lub y x. +Proof. + destruct x; destruct y; simpl; auto. + case (X.eq t0 t1); case (X.eq t1 t0); intros; congruence. +Qed. + +Lemma ge_lub_left: forall x y, ge (lub x y) x. +Proof. + destruct x; destruct y; simpl; auto. + case (X.eq t0 t1); simpl; auto. +Qed. + +End LFlat. + +(** * Boolean semi-lattice *) + +(** This semi-lattice has only two elements, [bot] and [top], trivially + ordered. *) + +Module LBoolean <: SEMILATTICE_WITH_TOP. + +Definition t := bool. + +Lemma eq: forall (x y: t), {x=y} + {x<>y}. +Proof. decide equality. Qed. + +Definition ge (x y: t) : Prop := x = y \/ x = true. + +Lemma ge_refl: forall x, ge x x. +Proof. unfold ge; tauto. Qed. + +Lemma ge_trans: forall x y z, ge x y -> ge y z -> ge x z. +Proof. unfold ge; intuition congruence. Qed. + +Definition bot := false. + +Lemma ge_bot: forall x, ge x bot. +Proof. destruct x; compute; tauto. Qed. + +Definition top := true. + +Lemma ge_top: forall x, ge top x. +Proof. unfold ge, top; tauto. Qed. + +Definition lub (x y: t) := x || y. + +Lemma lub_commut: forall x y, lub x y = lub y x. +Proof. intros; unfold lub. apply orb_comm. Qed. + +Lemma ge_lub_left: forall x y, ge (lub x y) x. +Proof. destruct x; destruct y; compute; tauto. Qed. + +End LBoolean. + + diff --git a/lib/Maps.v b/lib/Maps.v new file mode 100644 index 00000000..69690918 --- /dev/null +++ b/lib/Maps.v @@ -0,0 +1,1034 @@ +(** Applicative finite maps are the main data structure used in this + project. A finite map associates data to keys. The two main operations + are [set k d m], which returns a map identical to [m] except that [d] + is associated to [k], and [get k m] which returns the data associated + to key [k] in map [m]. In this library, we distinguish two kinds of maps: +- Trees: the [get] operation returns an option type, either [None] + if no data is associated to the key, or [Some d] otherwise. +- Maps: the [get] operation always returns a data. If no data was explicitly + associated with the key, a default data provided at map initialization time + is returned. + + In this library, we provide efficient implementations of trees and + maps whose keys range over the type [positive] of binary positive + integers or any type that can be injected into [positive]. The + implementation is based on radix-2 search trees (uncompressed + Patricia trees) and guarantees logarithmic-time operations. An + inefficient implementation of maps as functions is also provided. +*) + +Require Import Coqlib. + +Set Implicit Arguments. + +(** * The abstract signatures of trees *) + +Module Type TREE. + Variable elt: Set. + Variable elt_eq: forall (a b: elt), {a = b} + {a <> b}. + Variable t: Set -> Set. + Variable eq: forall (A: Set), (forall (x y: A), {x=y} + {x<>y}) -> + forall (a b: t A), {a = b} + {a <> b}. + Variable empty: forall (A: Set), t A. + Variable get: forall (A: Set), elt -> t A -> option A. + Variable set: forall (A: Set), elt -> A -> t A -> t A. + Variable remove: forall (A: Set), elt -> t A -> t A. + + (** The ``good variables'' properties for trees, expressing + commutations between [get], [set] and [remove]. *) + Hypothesis gempty: + forall (A: Set) (i: elt), get i (empty A) = None. + Hypothesis gss: + forall (A: Set) (i: elt) (x: A) (m: t A), get i (set i x m) = Some x. + Hypothesis gso: + forall (A: Set) (i j: elt) (x: A) (m: t A), + i <> j -> get i (set j x m) = get i m. + Hypothesis gsspec: + forall (A: Set) (i j: elt) (x: A) (m: t A), + get i (set j x m) = if elt_eq i j then Some x else get i m. + Hypothesis gsident: + forall (A: Set) (i: elt) (m: t A) (v: A), + get i m = Some v -> set i v m = m. + (* We could implement the following, but it's not needed for the moment. + Hypothesis grident: + forall (A: Set) (i: elt) (m: t A) (v: A), + get i m = None -> remove i m = m. + *) + Hypothesis grs: + forall (A: Set) (i: elt) (m: t A), get i (remove i m) = None. + Hypothesis gro: + forall (A: Set) (i j: elt) (m: t A), + i <> j -> get i (remove j m) = get i m. + + (** Applying a function to all data of a tree. *) + Variable map: + forall (A B: Set), (elt -> A -> B) -> t A -> t B. + Hypothesis gmap: + forall (A B: Set) (f: elt -> A -> B) (i: elt) (m: t A), + get i (map f m) = option_map (f i) (get i m). + + (** Applying a function pairwise to all data of two trees. *) + Variable combine: + forall (A: Set), (option A -> option A -> option A) -> t A -> t A -> t A. + Hypothesis gcombine: + forall (A: Set) (f: option A -> option A -> option A) + (m1 m2: t A) (i: elt), + f None None = None -> + get i (combine f m1 m2) = f (get i m1) (get i m2). + Hypothesis combine_commut: + forall (A: Set) (f g: option A -> option A -> option A), + (forall (i j: option A), f i j = g j i) -> + forall (m1 m2: t A), + combine f m1 m2 = combine g m2 m1. + + (** Enumerating the bindings of a tree. *) + Variable elements: + forall (A: Set), t A -> list (elt * A). + Hypothesis elements_correct: + forall (A: Set) (m: t A) (i: elt) (v: A), + get i m = Some v -> In (i, v) (elements m). + Hypothesis elements_complete: + forall (A: Set) (m: t A) (i: elt) (v: A), + In (i, v) (elements m) -> get i m = Some v. + Hypothesis elements_keys_norepet: + forall (A: Set) (m: t A), + list_norepet (List.map (@fst elt A) (elements m)). + + (** Folding a function over all bindings of a tree. *) + Variable fold: + forall (A B: Set), (B -> elt -> A -> B) -> t A -> B -> B. + Hypothesis fold_spec: + forall (A B: Set) (f: B -> elt -> A -> B) (v: B) (m: t A), + fold f m v = + List.fold_left (fun a p => f a (fst p) (snd p)) (elements m) v. +End TREE. + +(** * The abstract signatures of maps *) + +Module Type MAP. + Variable elt: Set. + Variable elt_eq: forall (a b: elt), {a = b} + {a <> b}. + Variable t: Set -> Set. + Variable init: forall (A: Set), A -> t A. + Variable get: forall (A: Set), elt -> t A -> A. + Variable set: forall (A: Set), elt -> A -> t A -> t A. + Hypothesis gi: + forall (A: Set) (i: elt) (x: A), get i (init x) = x. + Hypothesis gss: + forall (A: Set) (i: elt) (x: A) (m: t A), get i (set i x m) = x. + Hypothesis gso: + forall (A: Set) (i j: elt) (x: A) (m: t A), + i <> j -> get i (set j x m) = get i m. + Hypothesis gsspec: + forall (A: Set) (i j: elt) (x: A) (m: t A), + get i (set j x m) = if elt_eq i j then x else get i m. + Hypothesis gsident: + forall (A: Set) (i j: elt) (m: t A), get j (set i (get i m) m) = get j m. + Variable map: forall (A B: Set), (A -> B) -> t A -> t B. + Hypothesis gmap: + forall (A B: Set) (f: A -> B) (i: elt) (m: t A), + get i (map f m) = f(get i m). +End MAP. + +(** * An implementation of trees over type [positive] *) + +Module PTree <: TREE. + Definition elt := positive. + Definition elt_eq := peq. + + Inductive tree (A : Set) : Set := + | Leaf : tree A + | Node : tree A -> option A -> tree A -> tree A + . + Implicit Arguments Leaf [A]. + Implicit Arguments Node [A]. + + Definition t := tree. + + Theorem eq : forall (A : Set), + (forall (x y: A), {x=y} + {x<>y}) -> + forall (a b : t A), {a = b} + {a <> b}. + Proof. + intros A eqA. + decide equality. + generalize o o0; decide equality. + Qed. + + Definition empty (A : Set) := (Leaf : t A). + + Fixpoint get (A : Set) (i : positive) (m : t A) {struct i} : option A := + match m with + | Leaf => None + | Node l o r => + match i with + | xH => o + | xO ii => get ii l + | xI ii => get ii r + end + end. + + Fixpoint set (A : Set) (i : positive) (v : A) (m : t A) {struct i} : t A := + match m with + | Leaf => + match i with + | xH => Node Leaf (Some v) Leaf + | xO ii => Node (set ii v Leaf) None Leaf + | xI ii => Node Leaf None (set ii v Leaf) + end + | Node l o r => + match i with + | xH => Node l (Some v) r + | xO ii => Node (set ii v l) o r + | xI ii => Node l o (set ii v r) + end + end. + + Fixpoint remove (A : Set) (i : positive) (m : t A) {struct i} : t A := + match i with + | xH => + match m with + | Leaf => Leaf + | Node Leaf o Leaf => Leaf + | Node l o r => Node l None r + end + | xO ii => + match m with + | Leaf => Leaf + | Node l None Leaf => + match remove ii l with + | Leaf => Leaf + | mm => Node mm None Leaf + end + | Node l o r => Node (remove ii l) o r + end + | xI ii => + match m with + | Leaf => Leaf + | Node Leaf None r => + match remove ii r with + | Leaf => Leaf + | mm => Node Leaf None mm + end + | Node l o r => Node l o (remove ii r) + end + end. + + Theorem gempty: + forall (A: Set) (i: positive), get i (empty A) = None. + Proof. + induction i; simpl; auto. + Qed. + + Theorem gss: + forall (A: Set) (i: positive) (x: A) (m: t A), get i (set i x m) = Some x. + Proof. + induction i; destruct m; simpl; auto. + Qed. + + Lemma gleaf : forall (A : Set) (i : positive), get i (Leaf : t A) = None. + Proof. exact gempty. Qed. + + Theorem gso: + forall (A: Set) (i j: positive) (x: A) (m: t A), + i <> j -> get i (set j x m) = get i m. + Proof. + induction i; intros; destruct j; destruct m; simpl; + try rewrite <- (gleaf A i); auto; try apply IHi; congruence. + Qed. + + Theorem gsspec: + forall (A: Set) (i j: positive) (x: A) (m: t A), + get i (set j x m) = if peq i j then Some x else get i m. + Proof. + intros. + destruct (peq i j); [ rewrite e; apply gss | apply gso; auto ]. + Qed. + + Theorem gsident: + forall (A: Set) (i: positive) (m: t A) (v: A), + get i m = Some v -> set i v m = m. + Proof. + induction i; intros; destruct m; simpl; simpl in H; try congruence. + rewrite (IHi m2 v H); congruence. + rewrite (IHi m1 v H); congruence. + Qed. + + Lemma rleaf : forall (A : Set) (i : positive), remove i (Leaf : t A) = Leaf. + Proof. destruct i; simpl; auto. Qed. + + Theorem grs: + forall (A: Set) (i: positive) (m: t A), get i (remove i m) = None. + Proof. + induction i; destruct m. + simpl; auto. + destruct m1; destruct o; destruct m2 as [ | ll oo rr]; simpl; auto. + rewrite (rleaf A i); auto. + cut (get i (remove i (Node ll oo rr)) = None). + destruct (remove i (Node ll oo rr)); auto; apply IHi. + apply IHi. + simpl; auto. + destruct m1 as [ | ll oo rr]; destruct o; destruct m2; simpl; auto. + rewrite (rleaf A i); auto. + cut (get i (remove i (Node ll oo rr)) = None). + destruct (remove i (Node ll oo rr)); auto; apply IHi. + apply IHi. + simpl; auto. + destruct m1; destruct m2; simpl; auto. + Qed. + + Theorem gro: + forall (A: Set) (i j: positive) (m: t A), + i <> j -> get i (remove j m) = get i m. + Proof. + induction i; intros; destruct j; destruct m; + try rewrite (rleaf A (xI j)); + try rewrite (rleaf A (xO j)); + try rewrite (rleaf A 1); auto; + destruct m1; destruct o; destruct m2; + simpl; + try apply IHi; try congruence; + try rewrite (rleaf A j); auto; + try rewrite (gleaf A i); auto. + cut (get i (remove j (Node m2_1 o m2_2)) = get i (Node m2_1 o m2_2)); + [ destruct (remove j (Node m2_1 o m2_2)); try rewrite (gleaf A i); auto + | apply IHi; congruence ]. + destruct (remove j (Node m1_1 o0 m1_2)); simpl; try rewrite (gleaf A i); + auto. + destruct (remove j (Node m2_1 o m2_2)); simpl; try rewrite (gleaf A i); + auto. + cut (get i (remove j (Node m1_1 o0 m1_2)) = get i (Node m1_1 o0 m1_2)); + [ destruct (remove j (Node m1_1 o0 m1_2)); try rewrite (gleaf A i); auto + | apply IHi; congruence ]. + destruct (remove j (Node m2_1 o m2_2)); simpl; try rewrite (gleaf A i); + auto. + destruct (remove j (Node m1_1 o0 m1_2)); simpl; try rewrite (gleaf A i); + auto. + Qed. + + Fixpoint append (i j : positive) {struct i} : positive := + match i with + | xH => j + | xI ii => xI (append ii j) + | xO ii => xO (append ii j) + end. + + Lemma append_assoc_0 : forall (i j : positive), + append i (xO j) = append (append i (xO xH)) j. + Proof. + induction i; intros; destruct j; simpl; + try rewrite (IHi (xI j)); + try rewrite (IHi (xO j)); + try rewrite <- (IHi xH); + auto. + Qed. + + Lemma append_assoc_1 : forall (i j : positive), + append i (xI j) = append (append i (xI xH)) j. + Proof. + induction i; intros; destruct j; simpl; + try rewrite (IHi (xI j)); + try rewrite (IHi (xO j)); + try rewrite <- (IHi xH); + auto. + Qed. + + Lemma append_neutral_r : forall (i : positive), append i xH = i. + Proof. + induction i; simpl; congruence. + Qed. + + Lemma append_neutral_l : forall (i : positive), append xH i = i. + Proof. + simpl; auto. + Qed. + + Fixpoint xmap (A B : Set) (f : positive -> A -> B) (m : t A) (i : positive) + {struct m} : t B := + match m with + | Leaf => Leaf + | Node l o r => Node (xmap f l (append i (xO xH))) + (option_map (f i) o) + (xmap f r (append i (xI xH))) + end. + + Definition map (A B : Set) (f : positive -> A -> B) m := xmap f m xH. + + Lemma xgmap: + forall (A B: Set) (f: positive -> A -> B) (i j : positive) (m: t A), + get i (xmap f m j) = option_map (f (append j i)) (get i m). + Proof. + induction i; intros; destruct m; simpl; auto. + rewrite (append_assoc_1 j i); apply IHi. + rewrite (append_assoc_0 j i); apply IHi. + rewrite (append_neutral_r j); auto. + Qed. + + Theorem gmap: + forall (A B: Set) (f: positive -> A -> B) (i: positive) (m: t A), + get i (map f m) = option_map (f i) (get i m). + Proof. + intros. + unfold map. + replace (f i) with (f (append xH i)). + apply xgmap. + rewrite append_neutral_l; auto. + Qed. + + Fixpoint xcombine_l (A : Set) (f : option A -> option A -> option A) + (m : t A) {struct m} : t A := + match m with + | Leaf => Leaf + | Node l o r => Node (xcombine_l f l) (f o None) (xcombine_l f r) + end. + + Lemma xgcombine_l : + forall (A : Set) (f : option A -> option A -> option A) + (i : positive) (m : t A), + f None None = None -> get i (xcombine_l f m) = f (get i m) None. + Proof. + induction i; intros; destruct m; simpl; auto. + Qed. + + Fixpoint xcombine_r (A : Set) (f : option A -> option A -> option A) + (m : t A) {struct m} : t A := + match m with + | Leaf => Leaf + | Node l o r => Node (xcombine_r f l) (f None o) (xcombine_r f r) + end. + + Lemma xgcombine_r : + forall (A : Set) (f : option A -> option A -> option A) + (i : positive) (m : t A), + f None None = None -> get i (xcombine_r f m) = f None (get i m). + Proof. + induction i; intros; destruct m; simpl; auto. + Qed. + + Fixpoint combine (A : Set) (f : option A -> option A -> option A) + (m1 m2 : t A) {struct m1} : t A := + match m1 with + | Leaf => xcombine_r f m2 + | Node l1 o1 r1 => + match m2 with + | Leaf => xcombine_l f m1 + | Node l2 o2 r2 => Node (combine f l1 l2) (f o1 o2) (combine f r1 r2) + end + end. + + Lemma xgcombine: + forall (A: Set) (f: option A -> option A -> option A) (i: positive) + (m1 m2: t A), + f None None = None -> + get i (combine f m1 m2) = f (get i m1) (get i m2). + Proof. + induction i; intros; destruct m1; destruct m2; simpl; auto; + try apply xgcombine_r; try apply xgcombine_l; auto. + Qed. + + Theorem gcombine: + forall (A: Set) (f: option A -> option A -> option A) + (m1 m2: t A) (i: positive), + f None None = None -> + get i (combine f m1 m2) = f (get i m1) (get i m2). + Proof. + intros A f m1 m2 i H; exact (xgcombine f i m1 m2 H). + Qed. + + Lemma xcombine_lr : + forall (A : Set) (f g : option A -> option A -> option A) (m : t A), + (forall (i j : option A), f i j = g j i) -> + xcombine_l f m = xcombine_r g m. + Proof. + induction m; intros; simpl; auto. + rewrite IHm1; auto. + rewrite IHm2; auto. + rewrite H; auto. + Qed. + + Theorem combine_commut: + forall (A: Set) (f g: option A -> option A -> option A), + (forall (i j: option A), f i j = g j i) -> + forall (m1 m2: t A), + combine f m1 m2 = combine g m2 m1. + Proof. + intros A f g EQ1. + assert (EQ2: forall (i j: option A), g i j = f j i). + intros; auto. + induction m1; intros; destruct m2; simpl; + try rewrite EQ1; + repeat rewrite (xcombine_lr f g); + repeat rewrite (xcombine_lr g f); + auto. + rewrite IHm1_1. + rewrite IHm1_2. + auto. + Qed. + + Fixpoint xelements (A : Set) (m : t A) (i : positive) {struct m} + : list (positive * A) := + match m with + | Leaf => nil + | Node l None r => + (xelements l (append i (xO xH))) ++ (xelements r (append i (xI xH))) + | Node l (Some x) r => + (xelements l (append i (xO xH))) + ++ ((i, x) :: xelements r (append i (xI xH))) + end. + + (* Note: function [xelements] above is inefficient. We should apply + deforestation to it, but that makes the proofs even harder. *) + + Definition elements A (m : t A) := xelements m xH. + + Lemma xelements_correct: + forall (A: Set) (m: t A) (i j : positive) (v: A), + get i m = Some v -> In (append j i, v) (xelements m j). + Proof. + induction m; intros. + rewrite (gleaf A i) in H; congruence. + destruct o; destruct i; simpl; simpl in H. + rewrite append_assoc_1; apply in_or_app; right; apply in_cons; + apply IHm2; auto. + rewrite append_assoc_0; apply in_or_app; left; apply IHm1; auto. + rewrite append_neutral_r; apply in_or_app; injection H; + intro EQ; rewrite EQ; right; apply in_eq. + rewrite append_assoc_1; apply in_or_app; right; apply IHm2; auto. + rewrite append_assoc_0; apply in_or_app; left; apply IHm1; auto. + congruence. + Qed. + + Theorem elements_correct: + forall (A: Set) (m: t A) (i: positive) (v: A), + get i m = Some v -> In (i, v) (elements m). + Proof. + intros A m i v H. + exact (xelements_correct m i xH H). + Qed. + + Fixpoint xget (A : Set) (i j : positive) (m : t A) {struct j} : option A := + match i, j with + | _, xH => get i m + | xO ii, xO jj => xget ii jj m + | xI ii, xI jj => xget ii jj m + | _, _ => None + end. + + Lemma xget_left : + forall (A : Set) (j i : positive) (m1 m2 : t A) (o : option A) (v : A), + xget i (append j (xO xH)) m1 = Some v -> xget i j (Node m1 o m2) = Some v. + Proof. + induction j; intros; destruct i; simpl; simpl in H; auto; try congruence. + destruct i; congruence. + Qed. + + Lemma xelements_ii : + forall (A: Set) (m: t A) (i j : positive) (v: A), + In (xI i, v) (xelements m (xI j)) -> In (i, v) (xelements m j). + Proof. + induction m. + simpl; auto. + intros; destruct o; simpl; simpl in H; destruct (in_app_or _ _ _ H); + apply in_or_app. + left; apply IHm1; auto. + right; destruct (in_inv H0). + injection H1; intros EQ1 EQ2; rewrite EQ1; rewrite EQ2; apply in_eq. + apply in_cons; apply IHm2; auto. + left; apply IHm1; auto. + right; apply IHm2; auto. + Qed. + + Lemma xelements_io : + forall (A: Set) (m: t A) (i j : positive) (v: A), + ~In (xI i, v) (xelements m (xO j)). + Proof. + induction m. + simpl; auto. + intros; destruct o; simpl; intro H; destruct (in_app_or _ _ _ H). + apply (IHm1 _ _ _ H0). + destruct (in_inv H0). + congruence. + apply (IHm2 _ _ _ H1). + apply (IHm1 _ _ _ H0). + apply (IHm2 _ _ _ H0). + Qed. + + Lemma xelements_oo : + forall (A: Set) (m: t A) (i j : positive) (v: A), + In (xO i, v) (xelements m (xO j)) -> In (i, v) (xelements m j). + Proof. + induction m. + simpl; auto. + intros; destruct o; simpl; simpl in H; destruct (in_app_or _ _ _ H); + apply in_or_app. + left; apply IHm1; auto. + right; destruct (in_inv H0). + injection H1; intros EQ1 EQ2; rewrite EQ1; rewrite EQ2; apply in_eq. + apply in_cons; apply IHm2; auto. + left; apply IHm1; auto. + right; apply IHm2; auto. + Qed. + + Lemma xelements_oi : + forall (A: Set) (m: t A) (i j : positive) (v: A), + ~In (xO i, v) (xelements m (xI j)). + Proof. + induction m. + simpl; auto. + intros; destruct o; simpl; intro H; destruct (in_app_or _ _ _ H). + apply (IHm1 _ _ _ H0). + destruct (in_inv H0). + congruence. + apply (IHm2 _ _ _ H1). + apply (IHm1 _ _ _ H0). + apply (IHm2 _ _ _ H0). + Qed. + + Lemma xelements_ih : + forall (A: Set) (m1 m2: t A) (o: option A) (i : positive) (v: A), + In (xI i, v) (xelements (Node m1 o m2) xH) -> In (i, v) (xelements m2 xH). + Proof. + destruct o; simpl; intros; destruct (in_app_or _ _ _ H). + absurd (In (xI i, v) (xelements m1 2)); auto; apply xelements_io; auto. + destruct (in_inv H0). + congruence. + apply xelements_ii; auto. + absurd (In (xI i, v) (xelements m1 2)); auto; apply xelements_io; auto. + apply xelements_ii; auto. + Qed. + + Lemma xelements_oh : + forall (A: Set) (m1 m2: t A) (o: option A) (i : positive) (v: A), + In (xO i, v) (xelements (Node m1 o m2) xH) -> In (i, v) (xelements m1 xH). + Proof. + destruct o; simpl; intros; destruct (in_app_or _ _ _ H). + apply xelements_oo; auto. + destruct (in_inv H0). + congruence. + absurd (In (xO i, v) (xelements m2 3)); auto; apply xelements_oi; auto. + apply xelements_oo; auto. + absurd (In (xO i, v) (xelements m2 3)); auto; apply xelements_oi; auto. + Qed. + + Lemma xelements_hi : + forall (A: Set) (m: t A) (i : positive) (v: A), + ~In (xH, v) (xelements m (xI i)). + Proof. + induction m; intros. + simpl; auto. + destruct o; simpl; intro H; destruct (in_app_or _ _ _ H). + generalize H0; apply IHm1; auto. + destruct (in_inv H0). + congruence. + generalize H1; apply IHm2; auto. + generalize H0; apply IHm1; auto. + generalize H0; apply IHm2; auto. + Qed. + + Lemma xelements_ho : + forall (A: Set) (m: t A) (i : positive) (v: A), + ~In (xH, v) (xelements m (xO i)). + Proof. + induction m; intros. + simpl; auto. + destruct o; simpl; intro H; destruct (in_app_or _ _ _ H). + generalize H0; apply IHm1; auto. + destruct (in_inv H0). + congruence. + generalize H1; apply IHm2; auto. + generalize H0; apply IHm1; auto. + generalize H0; apply IHm2; auto. + Qed. + + Lemma get_xget_h : + forall (A: Set) (m: t A) (i: positive), get i m = xget i xH m. + Proof. + destruct i; simpl; auto. + Qed. + + Lemma xelements_complete: + forall (A: Set) (i j : positive) (m: t A) (v: A), + In (i, v) (xelements m j) -> xget i j m = Some v. + Proof. + induction i; simpl; intros; destruct j; simpl. + apply IHi; apply xelements_ii; auto. + absurd (In (xI i, v) (xelements m (xO j))); auto; apply xelements_io. + destruct m. + simpl in H; tauto. + rewrite get_xget_h. apply IHi. apply (xelements_ih _ _ _ _ _ H). + absurd (In (xO i, v) (xelements m (xI j))); auto; apply xelements_oi. + apply IHi; apply xelements_oo; auto. + destruct m. + simpl in H; tauto. + rewrite get_xget_h. apply IHi. apply (xelements_oh _ _ _ _ _ H). + absurd (In (xH, v) (xelements m (xI j))); auto; apply xelements_hi. + absurd (In (xH, v) (xelements m (xO j))); auto; apply xelements_ho. + destruct m. + simpl in H; tauto. + destruct o; simpl in H; destruct (in_app_or _ _ _ H). + absurd (In (xH, v) (xelements m1 (xO xH))); auto; apply xelements_ho. + destruct (in_inv H0). + congruence. + absurd (In (xH, v) (xelements m2 (xI xH))); auto; apply xelements_hi. + absurd (In (xH, v) (xelements m1 (xO xH))); auto; apply xelements_ho. + absurd (In (xH, v) (xelements m2 (xI xH))); auto; apply xelements_hi. + Qed. + + Theorem elements_complete: + forall (A: Set) (m: t A) (i: positive) (v: A), + In (i, v) (elements m) -> get i m = Some v. + Proof. + intros A m i v H. + unfold elements in H. + rewrite get_xget_h. + exact (xelements_complete i xH m v H). + Qed. + + Lemma in_xelements: + forall (A: Set) (m: t A) (i k: positive) (v: A), + In (k, v) (xelements m i) -> + exists j, k = append i j. + Proof. + induction m; simpl; intros. + tauto. + assert (k = i \/ In (k, v) (xelements m1 (append i 2)) + \/ In (k, v) (xelements m2 (append i 3))). + destruct o. + elim (in_app_or _ _ _ H); simpl; intuition. + replace k with i. tauto. congruence. + elim (in_app_or _ _ _ H); simpl; intuition. + elim H0; intro. + exists xH. rewrite append_neutral_r. auto. + elim H1; intro. + elim (IHm1 _ _ _ H2). intros k1 EQ. rewrite EQ. + rewrite <- append_assoc_0. exists (xO k1); auto. + elim (IHm2 _ _ _ H2). intros k1 EQ. rewrite EQ. + rewrite <- append_assoc_1. exists (xI k1); auto. + Qed. + + Definition xkeys (A: Set) (m: t A) (i: positive) := + List.map (@fst positive A) (xelements m i). + + Lemma in_xkeys: + forall (A: Set) (m: t A) (i k: positive), + In k (xkeys m i) -> + exists j, k = append i j. + Proof. + unfold xkeys; intros. + elim (list_in_map_inv _ _ _ H). intros [k1 v1] [EQ IN]. + simpl in EQ; subst k1. apply in_xelements with A m v1. auto. + Qed. + + Remark list_append_cons_norepet: + forall (A: Set) (l1 l2: list A) (x: A), + list_norepet l1 -> list_norepet l2 -> list_disjoint l1 l2 -> + ~In x l1 -> ~In x l2 -> + list_norepet (l1 ++ x :: l2). + Proof. + intros. apply list_norepet_append_commut. simpl; constructor. + red; intros. elim (in_app_or _ _ _ H4); intro; tauto. + apply list_norepet_append; auto. + apply list_disjoint_sym; auto. + Qed. + + Lemma append_injective: + forall i j1 j2, append i j1 = append i j2 -> j1 = j2. + Proof. + induction i; simpl; intros. + apply IHi. congruence. + apply IHi. congruence. + auto. + Qed. + + Lemma xelements_keys_norepet: + forall (A: Set) (m: t A) (i: positive), + list_norepet (xkeys m i). + Proof. + induction m; unfold xkeys; simpl; fold xkeys; intros. + constructor. + assert (list_disjoint (xkeys m1 (append i 2)) (xkeys m2 (append i 3))). + red; intros; red; intro. subst y. + elim (in_xkeys _ _ _ H); intros j1 EQ1. + elim (in_xkeys _ _ _ H0); intros j2 EQ2. + rewrite EQ1 in EQ2. + rewrite <- append_assoc_0 in EQ2. + rewrite <- append_assoc_1 in EQ2. + generalize (append_injective _ _ _ EQ2). congruence. + assert (forall (m: t A) j, + j = 2%positive \/ j = 3%positive -> + ~In i (xkeys m (append i j))). + intros; red; intros. + elim (in_xkeys _ _ _ H1); intros k EQ. + assert (EQ1: append i xH = append (append i j) k). + rewrite append_neutral_r. auto. + elim H0; intro; subst j; + try (rewrite <- append_assoc_0 in EQ1); + try (rewrite <- append_assoc_1 in EQ1); + generalize (append_injective _ _ _ EQ1); congruence. + destruct o; rewrite list_append_map; simpl; + change (List.map (@fst positive A) (xelements m1 (append i 2))) + with (xkeys m1 (append i 2)); + change (List.map (@fst positive A) (xelements m2 (append i 3))) + with (xkeys m2 (append i 3)). + apply list_append_cons_norepet; auto. + apply list_norepet_append; auto. + Qed. + + Theorem elements_keys_norepet: + forall (A: Set) (m: t A), + list_norepet (List.map (@fst elt A) (elements m)). + Proof. + intros. change (list_norepet (xkeys m 1)). apply xelements_keys_norepet. + Qed. + + Definition fold (A B : Set) (f: B -> positive -> A -> B) (tr: t A) (v: B) := + List.fold_left (fun a p => f a (fst p) (snd p)) (elements tr) v. + + Theorem fold_spec: + forall (A B: Set) (f: B -> positive -> A -> B) (v: B) (m: t A), + fold f m v = + List.fold_left (fun a p => f a (fst p) (snd p)) (elements m) v. + Proof. + intros; unfold fold; auto. + Qed. + +End PTree. + +(** * An implementation of maps over type [positive] *) + +Module PMap <: MAP. + Definition elt := positive. + Definition elt_eq := peq. + + Definition t (A : Set) : Set := (A * PTree.t A)%type. + + Definition init (A : Set) (x : A) := + (x, PTree.empty A). + + Definition get (A : Set) (i : positive) (m : t A) := + match PTree.get i (snd m) with + | Some x => x + | None => fst m + end. + + Definition set (A : Set) (i : positive) (x : A) (m : t A) := + (fst m, PTree.set i x (snd m)). + + Theorem gi: + forall (A: Set) (i: positive) (x: A), get i (init x) = x. + Proof. + intros. unfold init. unfold get. simpl. rewrite PTree.gempty. auto. + Qed. + + Theorem gss: + forall (A: Set) (i: positive) (x: A) (m: t A), get i (set i x m) = x. + Proof. + intros. unfold get. unfold set. simpl. rewrite PTree.gss. auto. + Qed. + + Theorem gso: + forall (A: Set) (i j: positive) (x: A) (m: t A), + i <> j -> get i (set j x m) = get i m. + Proof. + intros. unfold get. unfold set. simpl. rewrite PTree.gso; auto. + Qed. + + Theorem gsspec: + forall (A: Set) (i j: positive) (x: A) (m: t A), + get i (set j x m) = if peq i j then x else get i m. + Proof. + intros. destruct (peq i j). + rewrite e. apply gss. auto. + apply gso. auto. + Qed. + + Theorem gsident: + forall (A: Set) (i j: positive) (m: t A), + get j (set i (get i m) m) = get j m. + Proof. + intros. destruct (peq i j). + rewrite e. rewrite gss. auto. + rewrite gso; auto. + Qed. + + Definition map (A B : Set) (f : A -> B) (m : t A) : t B := + (f (fst m), PTree.map (fun _ => f) (snd m)). + + Theorem gmap: + forall (A B: Set) (f: A -> B) (i: positive) (m: t A), + get i (map f m) = f(get i m). + Proof. + intros. unfold map. unfold get. simpl. rewrite PTree.gmap. + unfold option_map. destruct (PTree.get i (snd m)); auto. + Qed. + +End PMap. + +(** * An implementation of maps over any type that injects into type [positive] *) + +Module Type INDEXED_TYPE. + Variable t: Set. + Variable index: t -> positive. + Hypothesis index_inj: forall (x y: t), index x = index y -> x = y. + Variable eq: forall (x y: t), {x = y} + {x <> y}. +End INDEXED_TYPE. + +Module IMap(X: INDEXED_TYPE). + + Definition elt := X.t. + Definition elt_eq := X.eq. + Definition t : Set -> Set := PMap.t. + Definition init (A: Set) (x: A) := PMap.init x. + Definition get (A: Set) (i: X.t) (m: t A) := PMap.get (X.index i) m. + Definition set (A: Set) (i: X.t) (v: A) (m: t A) := PMap.set (X.index i) v m. + Definition map (A B: Set) (f: A -> B) (m: t A) : t B := PMap.map f m. + + Lemma gi: + forall (A: Set) (x: A) (i: X.t), get i (init x) = x. + Proof. + intros. unfold get, init. apply PMap.gi. + Qed. + + Lemma gss: + forall (A: Set) (i: X.t) (x: A) (m: t A), get i (set i x m) = x. + Proof. + intros. unfold get, set. apply PMap.gss. + Qed. + + Lemma gso: + forall (A: Set) (i j: X.t) (x: A) (m: t A), + i <> j -> get i (set j x m) = get i m. + Proof. + intros. unfold get, set. apply PMap.gso. + red. intro. apply H. apply X.index_inj; auto. + Qed. + + Lemma gsspec: + forall (A: Set) (i j: X.t) (x: A) (m: t A), + get i (set j x m) = if X.eq i j then x else get i m. + Proof. + intros. unfold get, set. + rewrite PMap.gsspec. + case (X.eq i j); intro. + subst j. rewrite peq_true. reflexivity. + rewrite peq_false. reflexivity. + red; intro. elim n. apply X.index_inj; auto. + Qed. + + Lemma gmap: + forall (A B: Set) (f: A -> B) (i: X.t) (m: t A), + get i (map f m) = f(get i m). + Proof. + intros. unfold map, get. apply PMap.gmap. + Qed. + +End IMap. + +Module ZIndexed. + Definition t := Z. + Definition index (z: Z): positive := + match z with + | Z0 => xH + | Zpos p => xO p + | Zneg p => xI p + end. + Lemma index_inj: forall (x y: Z), index x = index y -> x = y. + Proof. + unfold index; destruct x; destruct y; intros; + try discriminate; try reflexivity. + congruence. + congruence. + Qed. + Definition eq := zeq. +End ZIndexed. + +Module ZMap := IMap(ZIndexed). + +Module NIndexed. + Definition t := N. + Definition index (n: N): positive := + match n with + | N0 => xH + | Npos p => xO p + end. + Lemma index_inj: forall (x y: N), index x = index y -> x = y. + Proof. + unfold index; destruct x; destruct y; intros; + try discriminate; try reflexivity. + congruence. + Qed. + Lemma eq: forall (x y: N), {x = y} + {x <> y}. + Proof. + decide equality. apply peq. + Qed. +End NIndexed. + +Module NMap := IMap(NIndexed). + +(** * An implementation of maps over any type with decidable equality *) + +Module Type EQUALITY_TYPE. + Variable t: Set. + Variable eq: forall (x y: t), {x = y} + {x <> y}. +End EQUALITY_TYPE. + +Module EMap(X: EQUALITY_TYPE) <: MAP. + + Definition elt := X.t. + Definition elt_eq := X.eq. + Definition t (A: Set) := X.t -> A. + Definition init (A: Set) (v: A) := fun (_: X.t) => v. + Definition get (A: Set) (x: X.t) (m: t A) := m x. + Definition set (A: Set) (x: X.t) (v: A) (m: t A) := + fun (y: X.t) => if X.eq y x then v else m y. + Lemma gi: + forall (A: Set) (i: elt) (x: A), init x i = x. + Proof. + intros. reflexivity. + Qed. + Lemma gss: + forall (A: Set) (i: elt) (x: A) (m: t A), (set i x m) i = x. + Proof. + intros. unfold set. case (X.eq i i); intro. + reflexivity. tauto. + Qed. + Lemma gso: + forall (A: Set) (i j: elt) (x: A) (m: t A), + i <> j -> (set j x m) i = m i. + Proof. + intros. unfold set. case (X.eq i j); intro. + congruence. reflexivity. + Qed. + Lemma gsspec: + forall (A: Set) (i j: elt) (x: A) (m: t A), + get i (set j x m) = if elt_eq i j then x else get i m. + Proof. + intros. unfold get, set, elt_eq. reflexivity. + Qed. + Lemma gsident: + forall (A: Set) (i j: elt) (m: t A), get j (set i (get i m) m) = get j m. + Proof. + intros. unfold get, set. case (X.eq j i); intro. + congruence. reflexivity. + Qed. + Definition map (A B: Set) (f: A -> B) (m: t A) := + fun (x: X.t) => f(m x). + Lemma gmap: + forall (A B: Set) (f: A -> B) (i: elt) (m: t A), + get i (map f m) = f(get i m). + Proof. + intros. unfold get, map. reflexivity. + Qed. + Lemma exten: + forall (A: Set) (m1 m2: t A), + (forall x: X.t, m1 x = m2 x) -> m1 = m2. + Proof. + intros. unfold t. apply extensionality. assumption. + Qed. +End EMap. + +(** * Useful notations *) + +Notation "a ! b" := (PTree.get b a) (at level 1). +Notation "a !! b" := (PMap.get b a) (at level 1). + +(* $Id: Maps.v,v 1.12.4.4 2006/01/07 11:46:55 xleroy Exp $ *) diff --git a/lib/Ordered.v b/lib/Ordered.v new file mode 100644 index 00000000..1747bbb9 --- /dev/null +++ b/lib/Ordered.v @@ -0,0 +1,156 @@ +(** Constructions of ordered types, for use with the [FSet] functors + for finite sets. *) + +Require Import FSet. +Require Import Coqlib. +Require Import Maps. + +(** The ordered type of positive numbers *) + +Module OrderedPositive <: OrderedType. + +Definition t := positive. +Definition eq (x y: t) := x = y. +Definition lt := Plt. + +Lemma eq_refl : forall x : t, eq x x. +Proof (@refl_equal t). +Lemma eq_sym : forall x y : t, eq x y -> eq y x. +Proof (@sym_equal t). +Lemma eq_trans : forall x y z : t, eq x y -> eq y z -> eq x z. +Proof (@trans_equal t). +Lemma lt_trans : forall x y z : t, lt x y -> lt y z -> lt x z. +Proof Plt_trans. +Lemma lt_not_eq : forall x y : t, lt x y -> ~ eq x y. +Proof Plt_ne. +Lemma compare : forall x y : t, Compare lt eq x y. +Proof. + intros. case (plt x y); intro. + apply Lt. auto. + case (peq x y); intro. + apply Eq. auto. + apply Gt. red; unfold Plt in *. + assert (Zpos x <> Zpos y). congruence. omega. +Qed. + +End OrderedPositive. + +(** Indexed types (those that inject into [positive]) are ordered. *) + +Module OrderedIndexed(A: INDEXED_TYPE) <: OrderedType. + +Definition t := A.t. +Definition eq (x y: t) := x = y. +Definition lt (x y: t) := Plt (A.index x) (A.index y). + +Lemma eq_refl : forall x : t, eq x x. +Proof (@refl_equal t). +Lemma eq_sym : forall x y : t, eq x y -> eq y x. +Proof (@sym_equal t). +Lemma eq_trans : forall x y z : t, eq x y -> eq y z -> eq x z. +Proof (@trans_equal t). + +Lemma lt_trans : forall x y z : t, lt x y -> lt y z -> lt x z. +Proof. + unfold lt; intros. eapply Plt_trans; eauto. +Qed. + +Lemma lt_not_eq : forall x y : t, lt x y -> ~ eq x y. +Proof. + unfold lt; unfold eq; intros. + red; intro. subst y. apply Plt_strict with (A.index x). auto. +Qed. + +Lemma compare : forall x y : t, Compare lt eq x y. +Proof. + intros. case (OrderedPositive.compare (A.index x) (A.index y)); intro. + apply Lt. exact l. + apply Eq. red; red in e. apply A.index_inj; auto. + apply Gt. exact l. +Qed. + +End OrderedIndexed. + +(** The product of two ordered types is ordered. *) + +Module OrderedPair (A B: OrderedType) <: OrderedType. + +Definition t := (A.t * B.t)%type. + +Definition eq (x y: t) := + A.eq (fst x) (fst y) /\ B.eq (snd x) (snd y). + +Lemma eq_refl : forall x : t, eq x x. +Proof. + intros; split; auto. +Qed. + +Lemma eq_sym : forall x y : t, eq x y -> eq y x. +Proof. + unfold eq; intros. intuition auto. +Qed. + +Lemma eq_trans : forall x y z : t, eq x y -> eq y z -> eq x z. +Proof. + unfold eq; intros. intuition eauto. +Qed. + +Definition lt (x y: t) := + A.lt (fst x) (fst y) \/ + (A.eq (fst x) (fst y) /\ B.lt (snd x) (snd y)). + +Lemma lt_trans : forall x y z : t, lt x y -> lt y z -> lt x z. +Proof. + unfold lt; intros. + elim H; elim H0; intros. + + left. apply A.lt_trans with (fst y); auto. + + left. elim H1; intros. + case (A.compare (fst x) (fst z)); intro. + assumption. + generalize (A.lt_not_eq H2); intro. elim H5. + apply A.eq_trans with (fst z). auto. auto. + generalize (@A.lt_not_eq (fst z) (fst y)); intro. + elim H5. apply A.lt_trans with (fst x); auto. + apply A.eq_sym; auto. + + left. elim H2; intros. + case (A.compare (fst x) (fst z)); intro. + assumption. + generalize (A.lt_not_eq H1); intro. elim H5. + apply A.eq_trans with (fst x). + apply A.eq_sym. auto. auto. + generalize (@A.lt_not_eq (fst y) (fst x)); intro. + elim H5. apply A.lt_trans with (fst z); auto. + apply A.eq_sym; auto. + + right. elim H1; elim H2; intros. + split. apply A.eq_trans with (fst y); auto. + apply B.lt_trans with (snd y); auto. +Qed. + +Lemma lt_not_eq : forall x y : t, lt x y -> ~ eq x y. +Proof. + unfold lt, eq, not; intros. + elim H0; intros. + elim H; intro. + apply (@A.lt_not_eq _ _ H3 H1). + elim H3; intros. + apply (@B.lt_not_eq _ _ H5 H2). +Qed. + +Lemma compare : forall x y : t, Compare lt eq x y. +Proof. + intros. + case (A.compare (fst x) (fst y)); intro. + apply Lt. red. left. auto. + case (B.compare (snd x) (snd y)); intro. + apply Lt. red. right. tauto. + apply Eq. red. tauto. + apply Gt. red. right. split. apply A.eq_sym. auto. auto. + apply Gt. red. left. auto. +Qed. + +End OrderedPair. + diff --git a/lib/Sets.v b/lib/Sets.v new file mode 100644 index 00000000..bfc49b11 --- /dev/null +++ b/lib/Sets.v @@ -0,0 +1,190 @@ +(** Finite sets. This module implements finite sets over any type + that is equipped with a tree (partial finite mapping) structure. + The set structure forms a semi-lattice, ordered by set inclusion. + + It would have been better to use the [FSet] library, which provides + sets over any totally ordered type. However, there are technical + mismatches between the [FSet] export signature and our signature for + semi-lattices. For now, we keep this somewhat redundant + implementation of sets. +*) + +Require Import Relations. +Require Import Coqlib. +Require Import Maps. +Require Import Lattice. + +Set Implicit Arguments. + +Module MakeSet (P: TREE) <: SEMILATTICE. + +(** Sets of elements of type [P.elt] are implemented as a partial mapping + from [P.elt] to the one-element type [unit]. *) + + Definition elt := P.elt. + + Definition t := P.t unit. + + Lemma eq: forall (a b: t), {a=b} + {a<>b}. + Proof. + unfold t; intros. apply P.eq. + intros. left. destruct x; destruct y; auto. + Qed. + + Definition empty := P.empty unit. + + Definition mem (r: elt) (s: t) := + match P.get r s with None => false | Some _ => true end. + + Definition add (r: elt) (s: t) := P.set r tt s. + + Definition remove (r: elt) (s: t) := P.remove r s. + + Definition union (s1 s2: t) := + P.combine + (fun e1 e2 => + match e1, e2 with + | None, None => None + | _, _ => Some tt + end) + s1 s2. + + Lemma mem_empty: + forall r, mem r empty = false. + Proof. + intro; unfold mem, empty. rewrite P.gempty. auto. + Qed. + + Lemma mem_add_same: + forall r s, mem r (add r s) = true. + Proof. + intros; unfold mem, add. rewrite P.gss. auto. + Qed. + + Lemma mem_add_other: + forall r r' s, r <> r' -> mem r' (add r s) = mem r' s. + Proof. + intros; unfold mem, add. rewrite P.gso; auto. + Qed. + + Lemma mem_remove_same: + forall r s, mem r (remove r s) = false. + Proof. + intros; unfold mem, remove. rewrite P.grs; auto. + Qed. + + Lemma mem_remove_other: + forall r r' s, r <> r' -> mem r' (remove r s) = mem r' s. + Proof. + intros; unfold mem, remove. rewrite P.gro; auto. + Qed. + + Lemma mem_union: + forall r s1 s2, mem r (union s1 s2) = (mem r s1 || mem r s2). + Proof. + intros; unfold union, mem. rewrite P.gcombine. + case (P.get r s1); case (P.get r s2); auto. + auto. + Qed. + + Definition elements (s: t) := + List.map (@fst elt unit) (P.elements s). + + Lemma elements_correct: + forall r s, mem r s = true -> In r (elements s). + Proof. + intros until s. unfold mem, elements. caseEq (P.get r s). + intros. change r with (fst (r, u)). apply in_map. + apply P.elements_correct. auto. + intros; discriminate. + Qed. + + Lemma elements_complete: + forall r s, In r (elements s) -> mem r s = true. + Proof. + unfold mem, elements. intros. + generalize (list_in_map_inv _ _ _ H). + intros [p [EQ IN]]. + destruct p. simpl in EQ. subst r. + rewrite (P.elements_complete _ _ _ IN). auto. + Qed. + + Definition fold (A: Set) (f: A -> elt -> A) (s: t) (x: A) := + P.fold (fun (x: A) (r: elt) (z: unit) => f x r) s x. + + Lemma fold_spec: + forall (A: Set) (f: A -> elt -> A) (s: t) (x: A), + fold f s x = List.fold_left f (elements s) x. + Proof. + intros. unfold fold. rewrite P.fold_spec. + unfold elements. generalize x; generalize (P.elements s). + induction l; simpl; auto. + Qed. + + Definition for_all (f: elt -> bool) (s: t) := + fold (fun b x => andb b (f x)) s true. + + Lemma for_all_spec: + forall f s x, + for_all f s = true -> mem x s = true -> f x = true. + Proof. + intros until x. unfold for_all. rewrite fold_spec. + assert (forall l b0, + fold_left (fun (b : bool) (x : elt) => b && f x) l b0 = true -> + b0 = true). + induction l; simpl; intros. + auto. + generalize (IHl _ H). intro. + elim (andb_prop _ _ H0); intros. auto. + assert (forall l, + fold_left (fun (b : bool) (x : elt) => b && f x) l true = true -> + In x l -> f x = true). + induction l; simpl; intros. + elim H1. + generalize (H _ _ H0); intro. + elim H1; intros. + subst x. auto. + apply IHl. rewrite H2 in H0; auto. auto. + intros. eapply H0; eauto. + apply elements_correct. auto. + Qed. + + Definition ge (s1 s2: t) : Prop := + forall r, mem r s2 = true -> mem r s1 = true. + + Lemma ge_refl: forall x, ge x x. + Proof. + unfold ge; intros. auto. + Qed. + + Lemma ge_trans: forall x y z, ge x y -> ge y z -> ge x z. + Proof. + unfold ge; intros. auto. + Qed. + + Definition bot := empty. + Definition lub := union. + + Lemma ge_bot: forall (x:t), ge x bot. + Proof. + unfold ge; intros. rewrite mem_empty in H. discriminate. + Qed. + + Lemma lub_commut: forall (x y: t), lub x y = lub y x. + Proof. + intros. unfold lub; unfold union. apply P.combine_commut. + intros; case i; case j; auto. + Qed. + + Lemma ge_lub_left: forall (x y: t), ge (lub x y) x. + Proof. + unfold ge, lub; intros. + rewrite mem_union. rewrite H. reflexivity. + Qed. + + Lemma ge_lub_right: forall (x y: t), ge (lub x y) y. + Proof. + intros. rewrite lub_commut. apply ge_lub_left. + Qed. + +End MakeSet. diff --git a/lib/union_find.v b/lib/union_find.v new file mode 100644 index 00000000..61817d76 --- /dev/null +++ b/lib/union_find.v @@ -0,0 +1,537 @@ +(** A purely functional union-find algorithm *) + +Require Import Wf. + +(** The ``union-find'' algorithm is used to represent equivalence classes + over a given type. It maintains a data structure representing a partition + of the type into equivalence classes. Three operations are provided: +- [empty], which returns the finest partition: each element of the type + is equivalent to itself only. +- [repr part x] returns a canonical representative for the equivalence + class of element [x] in partition [part]. Two elements [x] and [y] + are in the same equivalence class if and only if + [repr part x = repr part y]. +- [identify part x y] returns a new partition where the equivalence + classes of [x] and [y] are merged, and all equivalences valid in [part] + are still valid. + + The partitions are represented by partial mappings from elements + to elements. If [part] maps [x] to [y], this means that [x] and [y] + are in the same equivalence class. The canonical representative + of the class of [x] is obtained by iteratively following these mappings + until an element not mapped to anything is reached; this element is the + canonical representative, as returned by [repr]. + + In algorithm textbooks, the mapping is maintained imperatively by + storing pointers within elements. Here, we give a purely functional + presentation where the mapping is a separate functional data structure. +*) + +Ltac CaseEq name := + generalize (refl_equal name); pattern name at -1 in |- *; case name. + +Ltac IntroElim := + match goal with + | |- (forall id : exists x : _, _, _) => + intro id; elim id; clear id; IntroElim + | |- (forall id : _ /\ _, _) => intro id; elim id; clear id; IntroElim + | |- (forall id : _ \/ _, _) => intro id; elim id; clear id; IntroElim + | |- (_ -> _) => intro; IntroElim + | _ => idtac + end. + +Ltac MyElim n := elim n; IntroElim. + +(** The elements of equivalence classes are represented by the following + signature: a type with a decidable equality. *) + +Module Type ELEMENT. + Variable T: Set. + Variable eq: forall (a b: T), {a = b} + {a <> b}. +End ELEMENT. + +(** The mapping structure over elements is represented by the following + signature. *) + +Module Type MAP. + Variable elt: Set. + Variable T: Set. + Variable empty: T. + Variable get: elt -> T -> option elt. + Variable add: elt -> elt -> T -> T. + + Hypothesis get_empty: forall (x: elt), get x empty = None. + Hypothesis get_add_1: + forall (x y: elt) (m: T), get x (add x y m) = Some y. + Hypothesis get_add_2: + forall (x y z: elt) (m: T), z <> x -> get z (add x y m) = get z m. +End MAP. + +(** Our implementation of union-find is a functor, parameterized by + a structure for elements and a structure for maps. It returns a + module with the following structure. *) + +Module Type UNIONFIND. + Variable elt: Set. + (** The type of partitions. *) + Variable T: Set. + + (** The operations over partitions. *) + Variable empty: T. + Variable repr: T -> elt -> elt. + Variable identify: T -> elt -> elt -> T. + + (** The relation implied by the partition [m]. *) + Definition sameclass (m: T) (x y: elt) : Prop := repr m x = repr m y. + + (* [sameclass] is an equivalence relation *) + Hypothesis sameclass_refl: + forall (m: T) (x: elt), sameclass m x x. + Hypothesis sameclass_sym: + forall (m: T) (x y: elt), sameclass m x y -> sameclass m y x. + Hypothesis sameclass_trans: + forall (m: T) (x y z: elt), + sameclass m x y -> sameclass m y z -> sameclass m x z. + + (* [repr m x] is a canonical representative of the equivalence class + of [x] in partition [m]. *) + Hypothesis repr_repr: + forall (m: T) (x: elt), repr m (repr m x) = repr m x. + Hypothesis sameclass_repr: + forall (m: T) (x: elt), sameclass m x (repr m x). + + (* [empty] is the finest partition *) + Hypothesis repr_empty: + forall (x: elt), repr empty x = x. + Hypothesis sameclass_empty: + forall (x y: elt), sameclass empty x y -> x = y. + + (* [identify] preserves existing equivalences and adds an equivalence + between the two elements provided. *) + Hypothesis sameclass_identify_1: + forall (m: T) (x y: elt), sameclass (identify m x y) x y. + Hypothesis sameclass_identify_2: + forall (m: T) (x y u v: elt), + sameclass m u v -> sameclass (identify m x y) u v. + +End UNIONFIND. + +(** Implementation of the union-find algorithm. *) + +Module Unionfind (E: ELEMENT) (M: MAP with Definition elt := E.T) + <: UNIONFIND with Definition elt := E.T. + +Definition elt := E.T. + +(* A set of equivalence classes over [elt] is represented by a map [m]. +- [M.get a m = Some a'] means that [a] is in the same class as [a']. +- [M.get a m = None] means that [a] is the canonical representative + for its equivalence class. +*) + +(** Such a map induces an ordering over type [elt]: + [repr_order m a a'] if and only if [M.get a' m = Some a]. + This ordering must be well founded (no cycles). *) + +Definition repr_order (m: M.T) (a a': elt) : Prop := + M.get a' m = Some a. + +(** The canonical representative of an element. + Needs Noetherian recursion. *) + +Lemma option_sum: + forall (x: option elt), {y: elt | x = Some y} + {x = None}. +Proof. + intro x. case x. + left. exists e. auto. + right. auto. +Qed. + +Definition repr_rec + (m: M.T) (a: elt) (rec: forall b: elt, repr_order m b a -> elt) := + match option_sum (M.get a m) with + | inleft (exist b P) => rec b P + | inright _ => a + end. + +Definition repr_aux + (m: M.T) (wf: well_founded (repr_order m)) (a: elt) : elt := + Fix wf (fun (_: elt) => elt) (repr_rec m) a. + +Lemma repr_rec_ext: + forall (m: M.T) (x: elt) (f g: forall y:elt, repr_order m y x -> elt), + (forall (y: elt) (p: repr_order m y x), f y p = g y p) -> + repr_rec m x f = repr_rec m x g. +Proof. + intros. unfold repr_rec. + case (option_sum (M.get x m)). + intros. elim s; intros. apply H. + intros. auto. +Qed. + +Lemma repr_aux_none: + forall (m: M.T) (wf: well_founded (repr_order m)) (a: elt), + M.get a m = None -> + repr_aux m wf a = a. +Proof. + intros. + generalize (Fix_eq wf (fun (_:elt) => elt) (repr_rec m) (repr_rec_ext m) a). + intro. unfold repr_aux. rewrite H0. + unfold repr_rec. + case (option_sum (M.get a m)). + intro s; elim s; intros. + rewrite H in p; discriminate. + intros. auto. +Qed. + +Lemma repr_aux_some: + forall (m: M.T) (wf: well_founded (repr_order m)) (a a': elt), + M.get a m = Some a' -> + repr_aux m wf a = repr_aux m wf a'. +Proof. + intros. + generalize (Fix_eq wf (fun (_:elt) => elt) (repr_rec m) (repr_rec_ext m) a). + intro. unfold repr_aux. rewrite H0. unfold repr_rec. + case (option_sum (M.get a m)). + intro s; elim s; intros. + rewrite H in p. injection p; intros. rewrite H1. auto. + intros. rewrite H in e. discriminate. +Qed. + +Lemma repr_aux_canon: + forall (m: M.T) (wf: well_founded (repr_order m)) (a: elt), + M.get (repr_aux m wf a) m = None. +Proof. + intros. + apply (well_founded_ind wf (fun (a: elt) => M.get (repr_aux m wf a) m = None)). + intros. + generalize (Fix_eq wf (fun (_:elt) => elt) (repr_rec m) (repr_rec_ext m) x). + intro. unfold repr_aux. rewrite H0. + unfold repr_rec. + case (option_sum (M.get x m)). + intro s; elim s; intros. + unfold repr_aux in H. apply H. + unfold repr_order. auto. + intro. auto. +Qed. + +(** The empty partition (each element in its own class) is well founded. *) + +Lemma wf_empty: + well_founded (repr_order M.empty). +Proof. + red. intro. apply Acc_intro. + intros b RO. + red in RO. + rewrite M.get_empty in RO. + discriminate. +Qed. + +(** Merging two equivalence classes. *) + +Section IDENTIFY. + +Variable m: M.T. +Hypothesis mwf: well_founded (repr_order m). +Variable a b: elt. +Hypothesis a_diff_b: a <> b. +Hypothesis a_canon: M.get a m = None. +Hypothesis b_canon: M.get b m = None. + +(** Identifying two distinct canonical representatives [a] and [b] + is achieved by mapping one to the other. *) + +Definition identify_base: M.T := M.add a b m. + +Lemma identify_base_b_canon: + M.get b identify_base = None. +Proof. + unfold identify_base. + rewrite M.get_add_2. + auto. + apply sym_not_eq. auto. +Qed. + +Lemma identify_base_a_maps_to_b: + M.get a identify_base = Some b. +Proof. + unfold identify_base. rewrite M.get_add_1. auto. +Qed. + +Lemma identify_base_repr_order: + forall (x y: elt), + repr_order identify_base x y -> + repr_order m x y \/ (y = a /\ x = b). +Proof. + intros x y. unfold identify_base. + unfold repr_order. + case (E.eq a y); intro. + rewrite e. rewrite M.get_add_1. + intro. injection H. intro. rewrite H0. tauto. + rewrite M.get_add_2; auto. +Qed. + +(** [identify_base] preserves well foundation. *) + +Lemma identify_base_order_wf: + well_founded (repr_order identify_base). +Proof. + red. + cut (forall (x: elt), Acc (repr_order m) x -> Acc (repr_order identify_base) x). + intro CUT. intro x. apply CUT. apply mwf. + + induction 1. + apply Acc_intro. intros. + MyElim (identify_base_repr_order y x H1). + apply H0; auto. + rewrite H3. + apply Acc_intro. + intros z H4. + red in H4. rewrite identify_base_b_canon in H4. discriminate. +Qed. + +Lemma identify_aux_decomp: + forall (x: elt), + (M.get x m = None /\ M.get x identify_base = None) + \/ (x = a /\ M.get x m = None /\ M.get x identify_base = Some b) + \/ (exists y, M.get x m = Some y /\ M.get x identify_base = Some y). +Proof. + intro x. + unfold identify_base. + case (E.eq a x); intro. + rewrite <- e. rewrite M.get_add_1. + tauto. + rewrite M.get_add_2; auto. + case (M.get x m); intros. + right; right; exists e; tauto. + tauto. +Qed. + +Lemma identify_base_repr: + forall (x: elt), + repr_aux identify_base identify_base_order_wf x = + (if E.eq (repr_aux m mwf x) a then b else repr_aux m mwf x). +Proof. + intro x0. + apply (well_founded_ind mwf + (fun (x: elt) => + repr_aux identify_base identify_base_order_wf x = + (if E.eq (repr_aux m mwf x) a then b else repr_aux m mwf x))); + intros. + MyElim (identify_aux_decomp x). + + rewrite (repr_aux_none identify_base). + rewrite (repr_aux_none m mwf x). + case (E.eq x a); intro. + subst x. + rewrite identify_base_a_maps_to_b in H1. + discriminate. + auto. auto. auto. + + subst x. rewrite (repr_aux_none m mwf a); auto. + case (E.eq a a); intro. + rewrite (repr_aux_some identify_base identify_base_order_wf a b). + rewrite (repr_aux_none identify_base identify_base_order_wf b). + auto. apply identify_base_b_canon. auto. + tauto. + + rewrite (repr_aux_some identify_base identify_base_order_wf x x1); auto. + rewrite (repr_aux_some m mwf x x1); auto. +Qed. + +Lemma identify_base_sameclass_1: + forall (x y: elt), + repr_aux m mwf x = repr_aux m mwf y -> + repr_aux identify_base identify_base_order_wf x = + repr_aux identify_base identify_base_order_wf y. +Proof. + intros. + rewrite identify_base_repr. + rewrite identify_base_repr. + rewrite H. + auto. +Qed. + +Lemma identify_base_sameclass_2: + forall (x y: elt), + repr_aux m mwf x = a -> + repr_aux m mwf y = b -> + repr_aux identify_base identify_base_order_wf x = + repr_aux identify_base identify_base_order_wf y. +Proof. + intros. + rewrite identify_base_repr. + rewrite identify_base_repr. + rewrite H. + case (E.eq a a); intro. + case (E.eq (repr_aux m mwf y) a); auto. + tauto. +Qed. + +End IDENTIFY. + +(** The union-find data structure is a record encapsulating a mapping + and a proof of well foundation. *) + +Record unionfind : Set := mkunionfind + { map: M.T; wf: well_founded (repr_order map) }. + +Definition T := unionfind. + +Definition repr (uf: unionfind) (a: elt) : elt := + repr_aux (map uf) (wf uf) a. + +Lemma repr_repr: + forall (uf: unionfind) (a: elt), repr uf (repr uf a) = repr uf a. +Proof. + intros. + unfold repr. + rewrite (repr_aux_none (map uf) (wf uf) (repr_aux (map uf) (wf uf) a)). + auto. + apply repr_aux_canon. +Qed. + +Definition empty := mkunionfind M.empty wf_empty. + +(** [identify] computes canonical representatives for the two elements + and adds a mapping from one to the other, unless they are already + equal. *) + +Definition identify (uf: unionfind) (a b: elt) : unionfind := + match E.eq (repr uf a) (repr uf b) with + | left EQ => + uf + | right NOTEQ => + mkunionfind + (identify_base (map uf) (repr uf a) (repr uf b)) + (identify_base_order_wf (map uf) (wf uf) + (repr uf a) (repr uf b) + NOTEQ + (repr_aux_canon (map uf) (wf uf) b)) + end. + +Definition sameclass (uf: unionfind) (a b: elt) : Prop := + repr uf a = repr uf b. + +Lemma sameclass_refl: + forall (uf: unionfind) (a: elt), sameclass uf a a. +Proof. + intros. red. auto. +Qed. + +Lemma sameclass_sym: + forall (uf: unionfind) (a b: elt), sameclass uf a b -> sameclass uf b a. +Proof. + intros. red. symmetry. exact H. +Qed. + +Lemma sameclass_trans: + forall (uf: unionfind) (a b c: elt), + sameclass uf a b -> sameclass uf b c -> sameclass uf a c. +Proof. + intros. red. transitivity (repr uf b). exact H. exact H0. +Qed. + +Lemma sameclass_repr: + forall (uf: unionfind) (a: elt), sameclass uf a (repr uf a). +Proof. + intros. red. symmetry. rewrite repr_repr. auto. +Qed. + +Lemma repr_empty: + forall (a: elt), repr empty a = a. +Proof. + intro a. unfold repr; unfold empty. + simpl. + apply repr_aux_none. + apply M.get_empty. +Qed. + +Lemma sameclass_empty: + forall (a b: elt), sameclass empty a b -> a = b. +Proof. + intros. red in H. rewrite repr_empty in H. + rewrite repr_empty in H. auto. +Qed. + +Lemma sameclass_identify_2: + forall (uf: unionfind) (a b x y: elt), + sameclass uf x y -> sameclass (identify uf a b) x y. +Proof. + intros. + unfold identify. + case (E.eq (repr uf a) (repr uf b)). + intro. auto. + intros; red; unfold repr; simpl. + apply identify_base_sameclass_1. + apply repr_aux_canon. + exact H. +Qed. + +Lemma sameclass_identify_1: + forall (uf: unionfind) (a b: elt), + sameclass (identify uf a b) a b. +Proof. + intros. + unfold identify. + case (E.eq (repr uf a) (repr uf b)). + intro. auto. + intros. + red; unfold repr; simpl. + apply identify_base_sameclass_2. + apply repr_aux_canon. + auto. + auto. +Qed. + +End Unionfind. + +(* Example of use 1: with association lists *) + +(* + +Require Import List. + +Module AListMap(E: ELEMENT) : MAP. + +Definition elt := E.T. +Definition T := list (elt * elt). +Definition empty : T := nil. +Fixpoint get (x: elt) (m: T) {struct m} : option elt := + match m with + | nil => None + | (a,b) :: t => + match E.eq x a with + | left _ => Some b + | right _ => get x t + end + end. +Definition add (x y: elt) (m: T) := (x,y) :: m. + +Lemma get_empty: forall (x: elt), get x empty = None. +Proof. + intro. unfold empty. simpl. auto. +Qed. + +Lemma get_add_1: + forall (x y: elt) (m: T), get x (add x y m) = Some y. +Proof. + intros. unfold add. simpl. + case (E.eq x x); intro. + auto. + tauto. +Qed. + +Lemma get_add_2: + forall (x y z: elt) (m: T), z <> x -> get z (add x y m) = get z m. +Proof. + intros. unfold add. simpl. + case (E.eq z x); intro. + subst z; tauto. + auto. +Qed. + +End AListMap. + +*) + diff --git a/test/cminor/Makefile b/test/cminor/Makefile new file mode 100644 index 00000000..35d3e074 --- /dev/null +++ b/test/cminor/Makefile @@ -0,0 +1,76 @@ +CCOMP=../../ccomp +CPP=cpp -P +CC=gcc +CFLAGS=-g +VPATH=../harness ../lib + +PROGS=fib integr qsort fft sha1 aes almabench manyargs + +all_s: $(PROGS:%=%.s) + +all: $(PROGS) + +$(PROGS:%=%.s): $(CCOMP) + +fib: fib.o mainfib.o + $(CC) $(CFLAGS) -o fib fib.o mainfib.o +clean:: + rm -f fib + +integr: integr.o mainintegr.o + $(CC) $(CFLAGS) -o integr integr.o mainintegr.o +clean:: + rm -f integr + +qsort: qsort.o mainqsort.o + $(CC) $(CFLAGS) -o qsort qsort.o mainqsort.o +clean:: + rm -f qsort + +fft: fft.o mainfft.o staticlib.o + $(CC) $(CFLAGS) -o fft fft.o mainfft.o staticlib.o -lm +clean:: + rm -f fft + +sha1: sha1.o mainsha1.o staticlib.o + $(CC) $(CFLAGS) -o sha1 sha1.o mainsha1.o staticlib.o +clean:: + rm -f sha1 sha1.cm + +aes: aes.o mainaes.o + $(CC) $(CFLAGS) -o aes aes.o mainaes.o +clean:: + rm -f aes aes.cm + +almabench: almabench.o mainalmabench.o staticlib.o + $(CC) $(CFLAGS) -o almabench almabench.o mainalmabench.o staticlib.o -lm +clean:: + rm -f almabench almabench.cm + +manyargs: manyargs.o mainmanyargs.o + $(CC) $(CFLAGS) -o manyargs manyargs.o mainmanyargs.o +clean:: + rm -f manyargs + +.SUFFIXES: + +.SUFFIXES: .cmp .cm .s .o .c .S + +.cmp.s: + $(CPP) $*.cmp > $*.cm + $(CCOMP) $(FLAGS) $*.cm + +.cm.s: + $(CCOMP) $(FLAGS) $*.cm + +.c.o: + $(CC) $(CFLAGS) -c $< + +.s.o: + $(AS) $(ASFLAGS) -o $*.o $< + +.S.o: + $(AS) $(ASFLAGS) -o $*.o $< + +clean:: + rm -f *.s *.o *~ diff --git a/test/cminor/aes.cmp b/test/cminor/aes.cmp new file mode 100644 index 00000000..35eabc48 --- /dev/null +++ b/test/cminor/aes.cmp @@ -0,0 +1,364 @@ +/* AES cipher. To be preprocessed with cpp -P. */ + +#define GETU32(pt) int32[pt] +#define PUTU32(ct,st) int32[ct] = st + +#define rk(n) int32[rk_ + (n) * 4] +#define Te0(n) int32["Te0" + (n) * 4] +#define Te1(n) int32["Te1" + (n) * 4] +#define Te2(n) int32["Te2" + (n) * 4] +#define Te3(n) int32["Te3" + (n) * 4] +#define Te4(n) int32["Te4" + (n) * 4] +#define Td0(n) int32["Td0" + (n) * 4] +#define Td1(n) int32["Td1" + (n) * 4] +#define Td2(n) int32["Td2" + (n) * 4] +#define Td3(n) int32["Td3" + (n) * 4] +#define Td4(n) int32["Td4" + (n) * 4] +#define rcon(n) int32["rcon" + (n) * 4] + +/** + * Expand the cipher key into the encryption key schedule. + * + * @return the number of rounds for the given cipher key size. + */ +"rijndaelKeySetupEnc"(rk_, cipherKey, keyBits) : int -> int -> int -> int +{ + var i, temp; + i = 0; + + rk(0) = GETU32(cipherKey ); + rk(1) = GETU32(cipherKey + 4); + rk(2) = GETU32(cipherKey + 8); + rk(3) = GETU32(cipherKey + 12); + if (keyBits == 128) { + {{ loop { + temp = rk(3); + rk(4) = rk(0) ^ + (Te4((temp >>u 16) & 0xff) & 0xff000000) ^ + (Te4((temp >>u 8) & 0xff) & 0x00ff0000) ^ + (Te4((temp ) & 0xff) & 0x0000ff00) ^ + (Te4((temp >>u 24) ) & 0x000000ff) ^ + rcon(i); + rk(5) = rk(1) ^ rk(4); + rk(6) = rk(2) ^ rk(5); + rk(7) = rk(3) ^ rk(6); + if ((i = i + 1) == 10) { + return 10; + } + rk_ = rk_ + 4 * 4; + } }} + } + rk(4) = GETU32(cipherKey + 16); + rk(5) = GETU32(cipherKey + 20); + if (keyBits == 192) { + {{ loop { + temp = rk( 5); + rk( 6) = rk( 0) ^ + (Te4((temp >>u 16) & 0xff) & 0xff000000) ^ + (Te4((temp >>u 8) & 0xff) & 0x00ff0000) ^ + (Te4((temp ) & 0xff) & 0x0000ff00) ^ + (Te4((temp >>u 24) ) & 0x000000ff) ^ + rcon(i); + rk( 7) = rk( 1) ^ rk( 6); + rk( 8) = rk( 2) ^ rk( 7); + rk( 9) = rk( 3) ^ rk( 8); + if ((i = i + 1) == 8) { + return 12; + } + rk(10) = rk( 4) ^ rk( 9); + rk(11) = rk( 5) ^ rk(10); + rk_ = rk_ + 6 * 4; + } }} + } + rk(6) = GETU32(cipherKey + 24); + rk(7) = GETU32(cipherKey + 28); + if (keyBits == 256) { + {{ loop { + temp = rk( 7); + rk( 8) = rk( 0) ^ + (Te4((temp >>u 16) & 0xff) & 0xff000000) ^ + (Te4((temp >>u 8) & 0xff) & 0x00ff0000) ^ + (Te4((temp ) & 0xff) & 0x0000ff00) ^ + (Te4((temp >>u 24) ) & 0x000000ff) ^ + rcon(i); + rk( 9) = rk( 1) ^ rk( 8); + rk(10) = rk( 2) ^ rk( 9); + rk(11) = rk( 3) ^ rk(10); + if ((i = i + 1) == 7) { + return 14; + } + temp = rk(11); + rk(12) = rk( 4) ^ + (Te4((temp >>u 24) ) & 0xff000000) ^ + (Te4((temp >>u 16) & 0xff) & 0x00ff0000) ^ + (Te4((temp >>u 8) & 0xff) & 0x0000ff00) ^ + (Te4((temp ) & 0xff) & 0x000000ff); + rk(13) = rk( 5) ^ rk(12); + rk(14) = rk( 6) ^ rk(13); + rk(15) = rk( 7) ^ rk(14); + + rk_ = rk_ + 8 * 4; + } }} + } + return 0; +} + +/** + * Expand the cipher key into the decryption key schedule. + * + * @return the number of rounds for the given cipher key size. + */ +"rijndaelKeySetupDec"(rk_, cipherKey, keyBits) : int -> int -> int -> int +{ + var Nr, i, j, temp; + + /* expand the cipher key: */ + Nr = "rijndaelKeySetupEnc"(rk_, cipherKey, keyBits) : int -> int -> int -> int; + /* invert the order of the round keys: */ + i = 0; j = 4 * Nr; + {{ loop { + if (! (i < j)) exit; + temp = rk(i ); rk(i ) = rk(j ); rk(j ) = temp; + temp = rk(i + 1); rk(i + 1) = rk(j + 1); rk(j + 1) = temp; + temp = rk(i + 2); rk(i + 2) = rk(j + 2); rk(j + 2) = temp; + temp = rk(i + 3); rk(i + 3) = rk(j + 3); rk(j + 3) = temp; + i = i + 4; + j = j - 4; + } }} + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ + i = 1; + {{ loop { + if (! (i < Nr)) exit; + rk_ = rk_ + 4 * 4; + rk(0) = + Td0(Te4((rk(0) >>u 24) ) & 0xff) ^ + Td1(Te4((rk(0) >>u 16) & 0xff) & 0xff) ^ + Td2(Te4((rk(0) >>u 8) & 0xff) & 0xff) ^ + Td3(Te4((rk(0) ) & 0xff) & 0xff); + rk(1) = + Td0(Te4((rk(1) >>u 24) ) & 0xff) ^ + Td1(Te4((rk(1) >>u 16) & 0xff) & 0xff) ^ + Td2(Te4((rk(1) >>u 8) & 0xff) & 0xff) ^ + Td3(Te4((rk(1) ) & 0xff) & 0xff); + rk(2) = + Td0(Te4((rk(2) >>u 24) ) & 0xff) ^ + Td1(Te4((rk(2) >>u 16) & 0xff) & 0xff) ^ + Td2(Te4((rk(2) >>u 8) & 0xff) & 0xff) ^ + Td3(Te4((rk(2) ) & 0xff) & 0xff); + rk(3) = + Td0(Te4((rk(3) >>u 24) ) & 0xff) ^ + Td1(Te4((rk(3) >>u 16) & 0xff) & 0xff) ^ + Td2(Te4((rk(3) >>u 8) & 0xff) & 0xff) ^ + Td3(Te4((rk(3) ) & 0xff) & 0xff); + i = i + 1; + } }} + return Nr; +} + +"rijndaelEncrypt"(rk_, Nr, pt, ct): int -> int -> int -> int -> void +{ + var s0, s1, s2, s3, t0, t1, t2, t3, r; + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(pt ) ^ rk(0); + s1 = GETU32(pt + 4) ^ rk(1); + s2 = GETU32(pt + 8) ^ rk(2); + s3 = GETU32(pt + 12) ^ rk(3); + /* + * Nr - 1 full rounds: + */ + r = Nr >>u 1; + {{ loop { + t0 = + Te0((s0 >>u 24) ) ^ + Te1((s1 >>u 16) & 0xff) ^ + Te2((s2 >>u 8) & 0xff) ^ + Te3((s3 ) & 0xff) ^ + rk(4); + t1 = + Te0((s1 >>u 24) ) ^ + Te1((s2 >>u 16) & 0xff) ^ + Te2((s3 >>u 8) & 0xff) ^ + Te3((s0 ) & 0xff) ^ + rk(5); + t2 = + Te0((s2 >>u 24) ) ^ + Te1((s3 >>u 16) & 0xff) ^ + Te2((s0 >>u 8) & 0xff) ^ + Te3((s1 ) & 0xff) ^ + rk(6); + t3 = + Te0((s3 >>u 24) ) ^ + Te1((s0 >>u 16) & 0xff) ^ + Te2((s1 >>u 8) & 0xff) ^ + Te3((s2 ) & 0xff) ^ + rk(7); + + rk_ = rk_ + 8 * 4; + if ((r = r - 1) == 0) exit; + + s0 = + Te0((t0 >>u 24) ) ^ + Te1((t1 >>u 16) & 0xff) ^ + Te2((t2 >>u 8) & 0xff) ^ + Te3((t3 ) & 0xff) ^ + rk(0); + s1 = + Te0((t1 >>u 24) ) ^ + Te1((t2 >>u 16) & 0xff) ^ + Te2((t3 >>u 8) & 0xff) ^ + Te3((t0 ) & 0xff) ^ + rk(1); + s2 = + Te0((t2 >>u 24) ) ^ + Te1((t3 >>u 16) & 0xff) ^ + Te2((t0 >>u 8) & 0xff) ^ + Te3((t1 ) & 0xff) ^ + rk(2); + s3 = + Te0((t3 >>u 24) ) ^ + Te1((t0 >>u 16) & 0xff) ^ + Te2((t1 >>u 8) & 0xff) ^ + Te3((t2 ) & 0xff) ^ + rk(3); + } }} + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Te4((t0 >>u 24) ) & 0xff000000) ^ + (Te4((t1 >>u 16) & 0xff) & 0x00ff0000) ^ + (Te4((t2 >>u 8) & 0xff) & 0x0000ff00) ^ + (Te4((t3 ) & 0xff) & 0x000000ff) ^ + rk(0); + PUTU32(ct , s0); + s1 = + (Te4((t1 >>u 24) ) & 0xff000000) ^ + (Te4((t2 >>u 16) & 0xff) & 0x00ff0000) ^ + (Te4((t3 >>u 8) & 0xff) & 0x0000ff00) ^ + (Te4((t0 ) & 0xff) & 0x000000ff) ^ + rk(1); + PUTU32(ct + 4, s1); + s2 = + (Te4((t2 >>u 24) ) & 0xff000000) ^ + (Te4((t3 >>u 16) & 0xff) & 0x00ff0000) ^ + (Te4((t0 >>u 8) & 0xff) & 0x0000ff00) ^ + (Te4((t1 ) & 0xff) & 0x000000ff) ^ + rk(2); + PUTU32(ct + 8, s2); + s3 = + (Te4((t3 >>u 24) ) & 0xff000000) ^ + (Te4((t0 >>u 16) & 0xff) & 0x00ff0000) ^ + (Te4((t1 >>u 8) & 0xff) & 0x0000ff00) ^ + (Te4((t2 ) & 0xff) & 0x000000ff) ^ + rk(3); + PUTU32(ct + 12, s3); +} + +"rijndaelDecrypt"(rk_, Nr, ct, pt) : int -> int -> int -> int -> void +{ + var s0, s1, s2, s3, t0, t1, t2, t3, r; + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(ct ) ^ rk(0); + s1 = GETU32(ct + 4) ^ rk(1); + s2 = GETU32(ct + 8) ^ rk(2); + s3 = GETU32(ct + 12) ^ rk(3); + /* + * Nr - 1 full rounds: + */ + r = Nr >>u 1; + {{ loop { + t0 = + Td0((s0 >>u 24) ) ^ + Td1((s3 >>u 16) & 0xff) ^ + Td2((s2 >>u 8) & 0xff) ^ + Td3((s1 ) & 0xff) ^ + rk(4); + t1 = + Td0((s1 >>u 24) ) ^ + Td1((s0 >>u 16) & 0xff) ^ + Td2((s3 >>u 8) & 0xff) ^ + Td3((s2 ) & 0xff) ^ + rk(5); + t2 = + Td0((s2 >>u 24) ) ^ + Td1((s1 >>u 16) & 0xff) ^ + Td2((s0 >>u 8) & 0xff) ^ + Td3((s3 ) & 0xff) ^ + rk(6); + t3 = + Td0((s3 >>u 24) ) ^ + Td1((s2 >>u 16) & 0xff) ^ + Td2((s1 >>u 8) & 0xff) ^ + Td3((s0 ) & 0xff) ^ + rk(7); + + rk_ = rk_ + 8 * 4; + if ((r = r - 1) == 0) exit; + + s0 = + Td0((t0 >>u 24) ) ^ + Td1((t3 >>u 16) & 0xff) ^ + Td2((t2 >>u 8) & 0xff) ^ + Td3((t1 ) & 0xff) ^ + rk(0); + s1 = + Td0((t1 >>u 24) ) ^ + Td1((t0 >>u 16) & 0xff) ^ + Td2((t3 >>u 8) & 0xff) ^ + Td3((t2 ) & 0xff) ^ + rk(1); + s2 = + Td0((t2 >>u 24) ) ^ + Td1((t1 >>u 16) & 0xff) ^ + Td2((t0 >>u 8) & 0xff) ^ + Td3((t3 ) & 0xff) ^ + rk(2); + s3 = + Td0((t3 >>u 24) ) ^ + Td1((t2 >>u 16) & 0xff) ^ + Td2((t1 >>u 8) & 0xff) ^ + Td3((t0 ) & 0xff) ^ + rk(3); + } }} + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Td4((t0 >>u 24) ) & 0xff000000) ^ + (Td4((t3 >>u 16) & 0xff) & 0x00ff0000) ^ + (Td4((t2 >>u 8) & 0xff) & 0x0000ff00) ^ + (Td4((t1 ) & 0xff) & 0x000000ff) ^ + rk(0); + PUTU32(pt , s0); + s1 = + (Td4((t1 >>u 24) ) & 0xff000000) ^ + (Td4((t0 >>u 16) & 0xff) & 0x00ff0000) ^ + (Td4((t3 >>u 8) & 0xff) & 0x0000ff00) ^ + (Td4((t2 ) & 0xff) & 0x000000ff) ^ + rk(1); + PUTU32(pt + 4, s1); + s2 = + (Td4((t2 >>u 24) ) & 0xff000000) ^ + (Td4((t1 >>u 16) & 0xff) & 0x00ff0000) ^ + (Td4((t0 >>u 8) & 0xff) & 0x0000ff00) ^ + (Td4((t3 ) & 0xff) & 0x000000ff) ^ + rk(2); + PUTU32(pt + 8, s2); + s3 = + (Td4((t3 >>u 24) ) & 0xff000000) ^ + (Td4((t2 >>u 16) & 0xff) & 0x00ff0000) ^ + (Td4((t1 >>u 8) & 0xff) & 0x0000ff00) ^ + (Td4((t0 ) & 0xff) & 0x000000ff) ^ + rk(3); + PUTU32(pt + 12, s3); +} diff --git a/test/cminor/almabench.cmp b/test/cminor/almabench.cmp new file mode 100644 index 00000000..e9e83921 --- /dev/null +++ b/test/cminor/almabench.cmp @@ -0,0 +1,159 @@ +#define PI 3.14159265358979323846 +#define J2000 2451545.0 +#define JCENTURY 36525.0 +#define JMILLENIA 365250.0 +#define TWOPI (2.0 *f PI) +#define A2R (PI /f 648000.0) +#define R2H (12.0 /f PI) +#define R2D (180.0 /f PI) +#define GAUSSK 0.01720209895 +#define TEST_LOOPS 20 +#define TEST_LENGTH 36525 +#define sineps 0.3977771559319137 +#define coseps 0.9174820620691818 + +/* Access to tables */ +#define amas(n) float64["amas" + (n) * 8] +#define a(x,y) float64["a" + ((x) * 24 + (y) * 8)] +#define dlm(x,y) float64["dlm" + ((x) * 24 + (y) * 8)] +#define e(x,y) float64["e" + ((x) * 24 + (y) * 8)] +#define pi(x,y) float64["pi" + ((x) * 24 + (y) * 8)] +#define dinc(x,y) float64["dinc" + ((x) * 24 + (y) * 8)] +#define omega(x,y) float64["omega" + ((x) * 24 + (y) * 8)] +#define kp(x,y) float64["kp" + ((x) * 72 + (y) * 8)] +#define ca(x,y) float64["ca" + ((x) * 72 + (y) * 8)] +#define sa(x,y) float64["sa" + ((x) * 72 + (y) * 8)] +#define kq(x,y) float64["kq" + ((x) * 80 + (y) * 8)] +#define cl(x,y) float64["cl" + ((x) * 80 + (y) * 8)] +#define sl(x,y) float64["sl" + ((x) * 80 + (y) * 8)] + +/* Function calls */ +#define cos(x) ("cos_static"(x): float -> float) +#define sin(x) ("sin_static"(x): float -> float) +#define atan2(x,y) ("atan2_static"(x,y): float -> float -> float) +#define asin(x) ("asin_static"(x): float -> float) +#define sqrt(x) ("sqrt_static"(x): float -> float) +#define fmod(x,y) ("fmod_static"(x,y): float -> float -> float) +#define anpm(x) ("anpm"(x) : float -> float) + +"anpm"(a): float -> float +{ + var w; + w = fmod(a,TWOPI); + if (absf(w) >=f PI) + w = w -f ((a int -> int -> void +{ +#define epoch(x) float64[epoch_ + (x) * 8] +#define pv(x,y) float64[pv_ + (x) * 24 + (y) * 8] + + var i, j, k; + var t, da, dl, de, dp, di; + var doh, dmu, arga, argl, am; + var ae, dae, ae2, at, r, v; + var si2, xq, xp, tl, xsw; + var xcw, xm2, xf, ci2, xms, xmc; + var xpxq2, x, y, z; + + t = ((epoch(0) -f J2000) +f epoch(1)) /f JMILLENIA; + + da = a(np,0) +f (a(np,1) +f a(np,2) *f t ) *f t; + dl = (3600.0 *f dlm(np,0) +f (dlm(np,1) +f dlm(np,2) *f t ) *f t ) *f A2R; + de = e(np,0) +f (e(np,1) +f e(np,2) *f t ) *f t; + dp = anpm((3600.0 *f pi(np,0) +f (pi(np,1) +f pi(np,2) *f t ) *f t ) *f A2R ); + di = (3600.0 *f dinc(np,0) +f (dinc(np,1) +f dinc(np,2) *f t ) *f t ) *f A2R; + doh = anpm((3600.0 *f omega(np,0) +f (omega(np,1) +f omega(np,2) *f t ) *f t ) *f A2R ); + + dmu = 0.35953620 *f t; + + k = 0; + {{ loop { + if (! (k < 8)) exit; + arga = kp(np,k) *f dmu; + argl = kq(np,k) *f dmu; + da = da +f (ca(np,k) *f cos(arga) +f sa(np,k) *f sin(arga)) *f 0.0000001; + dl = dl +f (cl(np,k) *f cos(argl) +f sl(np,k) *f sin(argl)) *f 0.0000001; + k = k + 1; + } }} + + arga = kp(np,8) *f dmu; + da = da +f t *f (ca(np,8) *f cos(arga) +f sa(np,8) *f sin(arga)) *f 0.0000001; + + k = 8; + {{ loop { + if (! (k <= 9)) exit; + argl = kq(np,k) *f dmu; + dl = dl +f t *f ( cl(np,k) *f cos(argl) +f sl(np,k) *f sin(argl) ) *f 0.0000001; + k = k + 1; + } }} + + dl = "fmod_static"(dl,TWOPI) : float -> float -> float; + + am = dl -f dp; + ae = am +f de *f sin(am); + k = 0; + + {{ loop { + dae = (am -f ae +f de *f sin(ae)) /f (1.0 -f de *f cos(ae)); + ae = ae +f dae; + k = k + 1; + + if ((k >= 10) || (absf(dae) int -> void +{ +#define state(x,y) float64[state_ + (x) * 24 + (y) * 8] +#define rdd(x) float64[rdd_ + (x) * 8] + + rdd(2) = sqrt(state(0,0) *f state(0,0) +f state(0,1) *f state(0,1) +f state(0,2) *f state(0,2)); + rdd(0) = atan2(state(0,1), state(0,0)) *f R2H; + if (rdd(0) int /*float ptr*/ -> int -> int +{ + var px, py, /*float ptr*/ + i, j, k, m, n, i0, i1, i2, i3, is, id, n1, n2, n4, a, e, a3, /*int*/ + cc1, ss1, cc3, ss3, r1, r2, s1, s2, s3, xt, tpi /*float*/; + + px = x - 8; + py = y - 8; + i = 2; + m = 1; + + {{ loop { + if (! (i < np)) exit; + i = i+i; + m = m+1; + } }} + + n = i; + + if (n != np) + { + i = np + 1; + {{ loop { + if (! (i <= n)) exit; + float64[px + i*8] = 0.0; + float64[py + i*8] = 0.0; + i = i + 1; + } }} + } + + n2 = n+n; + tpi = 2.0 *f 3.14159265358979323846; + k = 1; + {{ loop { + if (! (k <= m - 1)) exit; + n2 = n2 / 2; + n4 = n2 / 4; + e = tpi /f floatofint(n2); + a = 0.0; + + j = 1; + {{ loop { + if (! (j <= n4)) exit; + cc1 = "cos_static"(a) : float -> float; + ss1 = "sin_static"(a) : float -> float; + a3 = 3.0 *f a; + cc3 = "cos_static"(a3) : float -> float; + ss3 = "sin_static"(a3) : float -> float; + a = e *f floatofint(j); + is = j; + id = 2 * n2; + + {{ loop { + if (! ( is < n )) exit; + i0 = is; + {{ loop { + /* DEBUG "trace"(); */ + if (! (i0 <= n - 1)) exit; + i1 = i0 + n4; /*DEBUG "print_int"(i1); */ + i2 = i1 + n4; /*DEBUG "print_int"(i2); */ + i3 = i2 + n4; /*DEBUG "print_int"(i3); */ + r1 = float64[px+i0*8] -f float64[px+i2*8]; + /* DEBUG "print_float"(r1); */ + float64[px+i0*8] = float64[px+i0*8] +f float64[px+i2*8]; + r2 = float64[px+i1*8] -f float64[px+i3*8]; + /* DEBUG "print_float"(r2); */ + float64[px+i1*8] = float64[px+i1*8] +f float64[px+i3*8]; + s1 = float64[py+i0*8] -f float64[py+i2*8]; + /* DEBUG "print_float"(s1); */ + float64[py+i0*8] = float64[py+i0*8] +f float64[py+i2*8]; + s2 = float64[py+i1*8] -f float64[py+i3*8]; + /* DEBUG "print_float"(s2); */ + float64[py+i1*8] = float64[py+i1*8] +f float64[py+i3*8]; + s3 = r1 -f s2; r1 = r1 +f s2; + s2 = r2 -f s1; r2 = r2 +f s1; + float64[px+i2*8] = (r1 *f cc1) -f (s2 *f ss1); + float64[py+i2*8] = (-f s2 *f cc1) -f (r1 *f ss1); + float64[px+i3*8] = (s3 *f cc3) +f (r2 *f ss3); + float64[py+i3*8] = (r2 *f cc3) -f (s3 *f ss3); + i0 = i0 + id; + } }} + is = 2 * id - n2 + j; + id = 4 * id; + } }} + j = j + 1; + } }} + k = k + 1; + } }} + +/************************************/ +/* Last stage, length=2 butterfly */ +/************************************/ + is = 1; + id = 4; + + {{ loop { + if (! ( is < n)) exit; + i0 = is; + {{ loop { + if (! (i0 <= n)) exit; + i1 = i0 + 1; + r1 = float64[px+i0*8]; + float64[px+i0*8] = r1 +f float64[px+i1*8]; + float64[px+i1*8] = r1 -f float64[px+i1*8]; + r1 = float64[py+i0*8]; + float64[py+i0*8] = r1 +f float64[py+i1*8]; + float64[py+i1*8] = r1 -f float64[py+i1*8]; + i0 = i0 + id; + } }} + is = 2*id - 1; + id = 4 * id; + } }} + +/*************************/ +/* Bit reverse counter */ +/*************************/ + j = 1; + n1 = n - 1; + + i = 1; + {{ loop { + if (! (i <= n1)) exit; + if (i < j) { + xt = float64[px+j*8]; + float64[px+j*8] = float64[px+i*8]; + float64[px+i*8] = xt; + xt = float64[py+j*8]; + float64[py+j*8] = float64[py+i*8]; + float64[py+i*8] = xt; + } + k = n / 2; + {{ loop { + if (! (k < j)) exit; + j = j - k; + k = k / 2; + } }} + j = j + k; + i = i + 1; + } }} + + return(n); +} diff --git a/test/cminor/fib.cm b/test/cminor/fib.cm new file mode 100644 index 00000000..42fbdd6e --- /dev/null +++ b/test/cminor/fib.cm @@ -0,0 +1,7 @@ +"fib"(n): int -> int +{ + if (n < 2) + return 1; + else + return "fib"(n - 1) : int -> int + "fib"(n - 2) : int -> int; +} diff --git a/test/cminor/integr.cm b/test/cminor/integr.cm new file mode 100644 index 00000000..28f0a1de --- /dev/null +++ b/test/cminor/integr.cm @@ -0,0 +1,25 @@ +"square" (x): float -> float +{ + return x *f x; +} + +"integr"(f, low, high, n): int -> float -> float -> int -> float +{ + var h, x, s, i; + h = (high -f low) /f floatofint n; + x = low; + s = 0.0; + i = n; + {{ loop { + if (! (i > 0)) exit; + s = s +f (f(x): float -> float); + x = x +f h; + i = i - 1; + } }} + return s *f h; +} + +"test"(n) : int -> float +{ + return "integr"("square", 0.0, 1.0, n): int -> float -> float -> int -> float; +} diff --git a/test/cminor/manyargs.cm b/test/cminor/manyargs.cm new file mode 100644 index 00000000..97b16626 --- /dev/null +++ b/test/cminor/manyargs.cm @@ -0,0 +1,53 @@ +"f" (i1, i2, i3, i4, i5, + i6, i7, i8, i9, i10, + f1, f2, f3, f4, f5, + f6, f7, f8, f9, f10, + f11, f12, f13, f14, f15): + int -> int -> int -> int -> int -> + int -> int -> int -> int -> int -> + float -> float -> float -> float -> float -> + float -> float -> float -> float -> float -> + float -> float -> float -> float -> float -> void +{ + "print_int"(i1): int -> void; + "print_int"(i2): int -> void; + "print_int"(i3): int -> void; + "print_int"(i4): int -> void; + "print_int"(i5): int -> void; + "print_int"(i6): int -> void; + "print_int"(i7): int -> void; + "print_int"(i8): int -> void; + "print_int"(i9): int -> void; + "print_int"(i10): int -> void; + "print_float"(f1): float -> void; + "print_float"(f2): float -> void; + "print_float"(f3): float -> void; + "print_float"(f4): float -> void; + "print_float"(f5): float -> void; + "print_float"(f6): float -> void; + "print_float"(f7): float -> void; + "print_float"(f8): float -> void; + "print_float"(f9): float -> void; + "print_float"(f10): float -> void; + "print_float"(f11): float -> void; + "print_float"(f12): float -> void; + "print_float"(f13): float -> void; + "print_float"(f14): float -> void; + "print_float"(f15): float -> void; +} + +"g" (i1, i2, i3, i4, i5, + f1, f2, f3, f4, f5): + int -> int -> int -> int -> int -> + float -> float -> float -> float -> float -> void +{ + "f"(i1,i2,i3,i4,i5, i1,i2,i3,i4,i5, + f1,f2,f3,f4,f5, f1,f2,f3,f4,f5, f1,f2,f3,f4,f5): + int -> int -> int -> int -> int -> + int -> int -> int -> int -> int -> + float -> float -> float -> float -> float -> + float -> float -> float -> float -> float -> + float -> float -> float -> float -> float -> void; + +} + diff --git a/test/cminor/qsort.cm b/test/cminor/qsort.cm new file mode 100644 index 00000000..004f8cd7 --- /dev/null +++ b/test/cminor/qsort.cm @@ -0,0 +1,30 @@ +"quicksort"(lo, hi, a): int -> int -> int -> void +{ + var i, j, pivot, temp; + + if (! (lo < hi)) return; + i = lo; + j = hi; + pivot = int32[a + hi * 4]; + {{ loop { + if (! (i < j)) exit; + {{ loop { + if (i >= hi || int32[a + i * 4] > pivot) exit; + i = i + 1; + } }} + {{ loop { + if (j <= lo || int32[a + j * 4] < pivot) exit; + j = j - 1; + } }} + if (i < j) { + temp = int32[a + i * 4]; + int32[a + i * 4] = int32[a + j * 4]; + int32[a + j * 4] = temp; + } + } }} + temp = int32[a + i * 4]; + int32[a + i * 4] = int32[a + hi * 4]; + int32[a + hi * 4] = temp; + "quicksort"(lo, i - 1, a) : int -> int -> int -> void; + "quicksort"(i + 1, hi, a) : int -> int -> int -> void; +} diff --git a/test/cminor/sha1.cmp b/test/cminor/sha1.cmp new file mode 100644 index 00000000..9a588e49 --- /dev/null +++ b/test/cminor/sha1.cmp @@ -0,0 +1,189 @@ +/* SHA-1 cryptographic hash function */ +/* Ref: Handbook of Applied Cryptography, section 9.4.2, algorithm 9.53 */ + +/* To be preprocessed by cpp -P */ + +#define ARCH_BIG_ENDIAN + +#define rol1(x) (((x) << 1) | ((x) >>u 31)) +#define rol5(x) (((x) << 5) | ((x) >>u 27)) +#define rol30(x) (((x) << 30) | ((x) >>u 2)) + +"SHA1_copy_and_swap"(src, dst, numwords) : int -> int -> int -> void +{ +#ifdef ARCH_BIG_ENDIAN + "memcpy_static"(dst, src, numwords * 4) : int -> int -> int -> void; +#else + var s, d, a, b; + s = src; + d = dst; + {{ loop { + if (numwords <= 0) exit; + a = int8u[s]; + b = int8u[s + 1]; + int8u[d] = int8u[s + 3]; + int8u[d + 1] = int8u[s + 2]; + int8u[d + 2] = b; + int8u[d + 3] = a; + s = s + 4; + d = d + 4; + numwords = numwords - 1; + } }} +#endif +} + +#define F(x,y,z) ( z ^ (x & (y ^ z) ) ) +#define G(x,y,z) ( (x & y) | (z & (x | y) ) ) +#define H(x,y,z) ( x ^ y ^ z ) + +#define Y1 0x5A827999 +#define Y2 0x6ED9EBA1 +#define Y3 0x8F1BBCDC +#define Y4 0xCA62C1D6 + +#define context_state(ctx,n) int32[ctx + n * 4] +#define context_length(ctx) ctx + 20 +#define context_length_hi(ctx) int32[ctx + 20] +#define context_length_lo(ctx) int32[ctx + 24] +#define context_numbytes(ctx) int32[ctx + 28] +#define context_buffer(ctx) (ctx + 32) +#define context_size 96 + +"SHA1_transform"(ctx) : int -> void +{ + stack 320 + var i, p, a, b, c, d, e, t; + + /* Convert buffer data to 16 big-endian integers */ + "SHA1_copy_and_swap"(context_buffer(ctx), &0, 16) : int -> int -> int -> void; + /* Expand into 80 integers */ + i = 16; + {{ loop { + if (! (i < 80)) exit; + p = &0 + i * 4; + t = int32[p - 12] ^ int32[p - 32] ^ int32[p - 56] ^ int32[p - 64]; + int32[p] = rol1(t); + i = i + 1; + } }} + + /* Initialize working variables */ + a = context_state(ctx, 0); + b = context_state(ctx, 1); + c = context_state(ctx, 2); + d = context_state(ctx, 3); + e = context_state(ctx, 4); + + /* Perform rounds */ + i = 0; + {{ loop { + if (! (i < 20)) exit; + t = F(b, c, d) + Y1 + rol5(a) + e + int32[&0 + i * 4]; + e = d; d = c; c = rol30(b); b = a; a = t; + i = i + 1; + } }} + {{ loop { + if (! (i < 40)) exit; + t = H(b, c, d) + Y2 + rol5(a) + e + int32[&0 + i * 4]; + e = d; d = c; c = rol30(b); b = a; a = t; + i = i + 1; + } }} + {{ loop { + if (! (i < 60)) exit; + t = G(b, c, d) + Y3 + rol5(a) + e + int32[&0 + i * 4]; + e = d; d = c; c = rol30(b); b = a; a = t; + i = i + 1; + } }} + {{ loop { + if (! (i < 80)) exit; + t = H(b, c, d) + Y4 + rol5(a) + e + int32[&0 + i * 4]; + e = d; d = c; c = rol30(b); b = a; a = t; + i = i + 1; + } }} + + /* Update chaining values */ + context_state(ctx, 0) = context_state(ctx, 0) + a; + context_state(ctx, 1) = context_state(ctx, 1) + b; + context_state(ctx, 2) = context_state(ctx, 2) + c; + context_state(ctx, 3) = context_state(ctx, 3) + d; + context_state(ctx, 4) = context_state(ctx, 4) + e; +} + +"SHA1_init"(ctx) : int -> void +{ + context_state(ctx, 0) = 0x67452301; + context_state(ctx, 1) = 0xEFCDAB89; + context_state(ctx, 2) = 0x98BADCFE; + context_state(ctx, 3) = 0x10325476; + context_state(ctx, 4) = 0xC3D2E1F0; + context_numbytes(ctx) = 0; + context_length_lo(ctx) = 0; + context_length_hi(ctx) = 0; +} + +"SHA1_add_data"(ctx, data, len) : int -> int -> int -> void +{ + var t; + + /* Update length */ + t = context_length_lo(ctx); + if ((context_length_lo(ctx) = t + (len << 3)) >u 29); + + /* If data was left in buffer, pad it with fresh data and munge block */ + if (context_numbytes(ctx) != 0) { + t = 64 - context_numbytes(ctx); + if (len int -> int -> void; + context_numbytes(ctx) = context_numbytes(ctx) + len; + return; + } + "memcpy_static"(context_buffer(ctx) + context_numbytes(ctx), data, t) + : int -> int -> int -> void; + "SHA1_transform"(ctx) : int -> void; + data = data + t; + len = len - t; + } + /* Munge data in 64-byte chunks */ + {{ loop { + if (! (len >=u 64)) exit; + "memcpy_static"(context_buffer(ctx), data, 64) + : int -> int -> int -> void; + "SHA1_transform"(ctx) : int -> void; + data = data + 64; + len = len - 64; + } }} + /* Save remaining data */ + "memcpy_static"(context_buffer(ctx), data, len) + : int -> int -> int -> void; + context_numbytes(ctx) = len; +} + +"SHA1_finish"(ctx, output) : int -> int -> void +{ + var i; + i = context_numbytes(ctx); + /* Set first char of padding to 0x80. There is always room. */ + int8u[context_buffer(ctx) + i] = 0x80; + i = i + 1; + /* If we do not have room for the length (8 bytes), pad to 64 bytes + with zeroes and munge the data block */ + if (i > 56) { + "memset_static"(context_buffer(ctx) + i, 0, 64 - i) + : int -> int -> int -> void; + "SHA1_transform"(ctx) : int -> void; + i = 0; + } + /* Pad to byte 56 with zeroes */ + "memset_static"(context_buffer(ctx) + i, 0, 56 - i) + : int -> int -> int -> void; + /* Add length in big-endian */ + "SHA1_copy_and_swap"(context_length(ctx), context_buffer(ctx) + 56, 2) + : int -> int -> int -> void; + /* Munge the final block */ + "SHA1_transform"(ctx) : int -> void; + /* Final hash value is in ctx->state modulo big-endian conversion */ + "SHA1_copy_and_swap"(ctx, output, 5) + : int -> int -> int -> void; +} diff --git a/test/harness/mainaes.c b/test/harness/mainaes.c new file mode 100644 index 00000000..82c9c0d7 --- /dev/null +++ b/test/harness/mainaes.c @@ -0,0 +1,739 @@ +#include +#include +#include + +typedef unsigned char u8; +typedef unsigned short u16; +typedef unsigned int u32; +#define MAXNR 14 + +extern int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits); +extern int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits); +extern void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]); +extern void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]); + +const u32 Te0[256] = { + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, + 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, + 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, + 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, + 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, + 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, + 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, + 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, + 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, + 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, + 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, + 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, + 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, + 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, + 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, + 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, + 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, + 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, + 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, + 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, + 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, + 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, + 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, + 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, + 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, + 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, + 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, + 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, + 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, + 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, + 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, + 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, + 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, + 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, + 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, + 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, + 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, + 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, + 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, + 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, + 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, + 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, + 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, + 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, + 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, + 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, + 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, + 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, + 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, + 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, + 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, + 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, + 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, + 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, + 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, + 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, + 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, + 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, + 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, + 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, + 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, + 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, + 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, + 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, +}; +const u32 Te1[256] = { + 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, + 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, + 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, + 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, + 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, + 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, + 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, + 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, + 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, + 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, + 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, + 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, + 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, + 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, + 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, + 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, + 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, + 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, + 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, + 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, + 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, + 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, + 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, + 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, + 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, + 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, + 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, + 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, + 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, + 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, + 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, + 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, + 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, + 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, + 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, + 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, + 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, + 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, + 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, + 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, + 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, + 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, + 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, + 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, + 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, + 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, + 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, + 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, + 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, + 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, + 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, + 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, + 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, + 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, + 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, + 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, + 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, + 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, + 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, + 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, + 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, + 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, + 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, + 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, +}; +const u32 Te2[256] = { + 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, + 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, + 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, + 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, + 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, + 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, + 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, + 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, + 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, + 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, + 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, + 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, + 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, + 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, + 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, + 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, + 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, + 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, + 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, + 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, + 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, + 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, + 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, + 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, + 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, + 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, + 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, + 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, + 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, + 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, + 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, + 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, + 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, + 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, + 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, + 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, + 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, + 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, + 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, + 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, + 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, + 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, + 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, + 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, + 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, + 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, + 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, + 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, + 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, + 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, + 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, + 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, + 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, + 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, + 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, + 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, + 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, + 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, + 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, + 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, + 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, + 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, + 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, + 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, +}; +const u32 Te3[256] = { + + 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, + 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, + 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, + 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, + 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, + 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, + 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, + 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, + 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, + 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, + 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, + 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, + 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, + 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, + 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, + 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, + 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, + 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, + 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, + 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, + 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, + 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, + 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, + 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, + 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, + 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, + 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, + 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, + 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, + 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, + 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, + 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, + 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, + 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, + 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, + 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, + 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, + 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, + 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, + 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, + 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, + 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, + 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, + 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, + 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, + 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, + 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, + 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, + 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, + 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, + 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, + 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, + 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, + 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, + 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, + 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, + 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, + 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, + 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, + 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, + 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, + 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, + 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, +}; +const u32 Te4[256] = { + 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, + 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, + 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, + 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, + 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, + 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, + 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, + 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, + 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, + 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, + 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, + 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, + 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, + 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, + 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, + 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, + 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, + 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, + 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, + 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, + 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, + 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, + 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, + 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, + 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, + 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, + 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, + 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, + 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, + 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, + 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, + 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, + 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, + 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, + 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, + 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, + 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, + 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, + 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, + 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, + 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, + 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, + 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, + 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, + 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, + 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, + 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, + 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, + 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, + 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, + 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, + 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, + 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, + 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, + 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, + 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, + 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, + 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, + 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, + 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, + 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, + 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, + 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, + 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, +}; +const u32 Td0[256] = { + 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, + 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, + 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, + 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, + 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, + 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, + 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, + 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, + 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, + 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, + 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, + 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, + 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, + 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, + 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, + 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, + 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, + 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, + 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, + 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, + 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, + 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, + 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, + 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, + 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, + 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, + 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, + 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, + 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, + 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, + 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, + 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, + 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, + 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, + 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, + 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, + 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, + 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, + 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, + 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, + 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, + 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, + 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, + 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, + 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, + 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, + 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, + 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, + 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, + 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, + 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, + 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, + 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, + 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, + 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, + 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, + 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, + 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, + 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, + 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, + 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, + 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, + 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, + 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, +}; +const u32 Td1[256] = { + 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, + 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, + 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, + 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, + 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, + 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, + 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, + 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, + 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, + 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, + 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, + 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, + 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, + 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, + 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, + 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, + 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, + 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, + 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, + 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, + 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, + 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, + 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, + 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, + 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, + 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, + 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, + 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, + 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, + 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, + 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, + 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, + 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, + 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, + 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, + 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, + 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, + 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, + 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, + 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, + 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, + 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, + 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, + 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, + 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, + 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, + 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, + 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, + 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, + 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, + 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, + 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, + 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, + 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, + 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, + 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, + 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, + 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, + 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, + 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, + 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, + 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, + 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, + 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, +}; +const u32 Td2[256] = { + 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, + 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, + 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, + 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, + 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, + 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, + 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, + 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, + 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, + 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, + 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, + 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, + 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, + 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, + 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, + 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, + 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, + 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, + 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, + 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, + + 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, + 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, + 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, + 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, + 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, + 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, + 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, + 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, + 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, + 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, + 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, + 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, + 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, + 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, + 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, + 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, + 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, + 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, + 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, + 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, + 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, + 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, + 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, + 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, + 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, + 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, + 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, + 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, + 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, + 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, + 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, + 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, + 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, + 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, + 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, + 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, + 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, + 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, + 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, + 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, + 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, + 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, + 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, + 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, +}; +const u32 Td3[256] = { + 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, + 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, + 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, + 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, + 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, + 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, + 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, + 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, + 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, + 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, + 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, + 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, + 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, + 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, + 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, + 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, + 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, + 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, + 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, + 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, + 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, + 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, + 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, + 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, + 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, + 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, + 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, + 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, + 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, + 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, + 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, + 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, + 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, + 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, + 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, + 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, + 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, + 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, + 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, + 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, + 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, + 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, + 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, + 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, + 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, + 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, + 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, + 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, + 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, + 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, + 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, + 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, + 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, + 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, + 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, + 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, + 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, + 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, + 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, + 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, + 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, + 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, + 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, + 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, +}; +const u32 Td4[256] = { + 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, + 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, + 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, + 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, + 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, + 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, + 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, + 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, + 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, + 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, + 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, + 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, + 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, + 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, + 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, + 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, + 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, + 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, + 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, + 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, + 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, + 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, + 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, + 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, + 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, + 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, + 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, + 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, + 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, + 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, + 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, + 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, + 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, + 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, + 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, + 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, + 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, + 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, + 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, + 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, + 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, + 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, + 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, + 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, + 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, + 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, + 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, + 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, + 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, + 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, + 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, + 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, + 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, + 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, + 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, + 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, + 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, + 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, + 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, + 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, + 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, + 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, + 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, + 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, +}; +const u32 rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ +}; + +static void do_test(int keybits, u8 * key, + u8 plain[16], u8 cipher[16], + int testno1, int testno2) +{ + u32 ckey[4 * (MAXNR + 1)]; + u8 temp[16]; + int nr; + int ok; + + nr = rijndaelKeySetupEnc(ckey, key, keybits); + rijndaelEncrypt(ckey, nr, plain, temp); + ok = memcmp(temp, cipher, 16) == 0; + printf("Encryption test %d %s\n", testno1, ok ? "passed" : "FAILED"); + nr = rijndaelKeySetupDec(ckey, key, keybits); + rijndaelDecrypt(ckey, nr, cipher, temp); + ok = memcmp(temp, plain, 16) == 0; + printf("Decryption test %d %s\n", testno2, ok ? "passed" : "FAILED"); +} + +static void do_bench(int nblocks) +{ + u32 ckey[4 * (MAXNR + 1)]; + u8 temp[16]; + int nr; + + nr = rijndaelKeySetupEnc(ckey, "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", 128); + for (; nblocks > 0; nblocks--) + rijndaelEncrypt(ckey, nr, temp, temp); +} + +int main(int argc, char ** argv) +{ + if (argc < 2) { + do_test(128, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF", + "\x69\xC4\xE0\xD8\x6A\x7B\x04\x30\xD8\xCD\xB7\x80\x70\xB4\xC5\x5A", + 1, 2); + do_test(192, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17", + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF", + "\xDD\xA9\x7C\xA4\x86\x4C\xDF\xE0\x6E\xAF\x70\xA0\xEC\x0D\x71\x91", + 3, 4); + do_test(256, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F", + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF", + "\x8E\xA2\xB7\xCA\x51\x67\x45\xBF\xEA\xFC\x49\x90\x4B\x49\x60\x89", + 5, 6); + } else { + do_bench(atoi(argv[1])); + } + return 0; +} + + + + diff --git a/test/harness/mainalmabench.c b/test/harness/mainalmabench.c new file mode 100644 index 00000000..c514ccae --- /dev/null +++ b/test/harness/mainalmabench.c @@ -0,0 +1,185 @@ +#include +#include +#include + +static const double J2000 = 2451545.0; +static const int TEST_LENGTH = 36525; + +const double amas [8] = { 6023600.0, 408523.5, 328900.5, 3098710.0, 1047.355, 3498.5, 22869.0, 19314.0 }; + +const double a [8][3] = + { { 0.3870983098, 0, 0 }, + { 0.7233298200, 0, 0 }, + { 1.0000010178, 0, 0 }, + { 1.5236793419, 3e-10, 0 }, + { 5.2026032092, 19132e-10, -39e-10 }, + { 9.5549091915, -0.0000213896, 444e-10 }, + { 19.2184460618, -3716e-10, 979e-10 }, + { 30.1103868694, -16635e-10, 686e-10 } }; + +const double dlm[8][3] = + { { 252.25090552, 5381016286.88982, -1.92789 }, + { 181.97980085, 2106641364.33548, 0.59381 }, + { 100.46645683, 1295977422.83429, -2.04411 }, + { 355.43299958, 689050774.93988, 0.94264 }, + { 34.35151874, 109256603.77991, -30.60378 }, + { 50.07744430, 43996098.55732, 75.61614 }, + { 314.05500511, 15424811.93933, -1.75083 }, + { 304.34866548, 7865503.20744, 0.21103 } }; + +const double e[8][3] = + { { 0.2056317526, 0.0002040653, -28349e-10 }, + { 0.0067719164, -0.0004776521, 98127e-10 }, + { 0.0167086342, -0.0004203654, -0.0000126734 }, + { 0.0934006477, 0.0009048438, -80641e-10 }, + { 0.0484979255, 0.0016322542, -0.0000471366 }, + { 0.0555481426, -0.0034664062, -0.0000643639 }, + { 0.0463812221, -0.0002729293, 0.0000078913 }, + { 0.0094557470, 0.0000603263, 0 } }; + +const double pi[8][3] = + { { 77.45611904, 5719.11590, -4.83016 }, + { 131.56370300, 175.48640, -498.48184 }, + { 102.93734808, 11612.35290, 53.27577 }, + { 336.06023395, 15980.45908, -62.32800 }, + { 14.33120687, 7758.75163, 259.95938 }, + { 93.05723748, 20395.49439, 190.25952 }, + { 173.00529106, 3215.56238, -34.09288 }, + { 48.12027554, 1050.71912, 27.39717 } }; + +const double dinc[8][3] = + { { 7.00498625, -214.25629, 0.28977 }, + { 3.39466189, -30.84437, -11.67836 }, + { 0, 469.97289, -3.35053 }, + { 1.84972648, -293.31722, -8.11830 }, + { 1.30326698, -71.55890, 11.95297 }, + { 2.48887878, 91.85195, -17.66225 }, + { 0.77319689, -60.72723, 1.25759 }, + { 1.76995259, 8.12333, 0.08135 } }; + +const double omega[8][3] = + { { 48.33089304, -4515.21727, -31.79892 }, + { 76.67992019, -10008.48154, -51.32614 }, + { 174.87317577, -8679.27034, 15.34191 }, + { 49.55809321, -10620.90088, -230.57416 }, + { 100.46440702, 6362.03561, 326.52178 }, + { 113.66550252, -9240.19942, -66.23743 }, + { 74.00595701, 2669.15033, 145.93964 }, + { 131.78405702, -221.94322, -0.78728 } }; + +const double kp[8][9] = + { { 69613.0, 75645.0, 88306.0, 59899.0, 15746.0, 71087.0, 142173.0, 3086.0, 0.0 }, + { 21863.0, 32794.0, 26934.0, 10931.0, 26250.0, 43725.0, 53867.0, 28939.0, 0.0 }, + { 16002.0, 21863.0, 32004.0, 10931.0, 14529.0, 16368.0, 15318.0, 32794.0, 0.0 }, + { 6345.0, 7818.0, 15636.0, 7077.0, 8184.0, 14163.0, 1107.0, 4872.0, 0.0 }, + { 1760.0, 1454.0, 1167.0, 880.0, 287.0, 2640.0, 19.0, 2047.0, 1454.0 }, + { 574.0, 0.0, 880.0, 287.0, 19.0, 1760.0, 1167.0, 306.0, 574.0 }, + { 204.0, 0.0, 177.0, 1265.0, 4.0, 385.0, 200.0, 208.0, 204.0 }, + { 0.0, 102.0, 106.0, 4.0, 98.0, 1367.0, 487.0, 204.0, 0.0 } }; + +const double ca[8][9] = + { { 4.0, -13.0, 11.0, -9.0, -9.0, -3.0, -1.0, 4.0, 0.0 }, + { -156.0, 59.0, -42.0, 6.0, 19.0, -20.0, -10.0, -12.0, 0.0 }, + { 64.0, -152.0, 62.0, -8.0, 32.0, -41.0, 19.0, -11.0, 0.0 }, + { 124.0, 621.0, -145.0, 208.0, 54.0, -57.0, 30.0, 15.0, 0.0 }, + { -23437.0, -2634.0, 6601.0, 6259.0, -1507.0, -1821.0, 2620.0, -2115.0,-1489.0 }, + { 62911.0,-119919.0, 79336.0, 17814.0,-24241.0, 12068.0, 8306.0, -4893.0, 8902.0 }, + { 389061.0,-262125.0,-44088.0, 8387.0,-22976.0, -2093.0, -615.0, -9720.0, 6633.0 }, + { -412235.0,-157046.0,-31430.0, 37817.0, -9740.0, -13.0, -7449.0, 9644.0, 0.0 } }; + +const double sa[8][9] = + { { -29.0, -1.0, 9.0, 6.0, -6.0, 5.0, 4.0, 0.0, 0.0 }, + { -48.0, -125.0, -26.0, -37.0, 18.0, -13.0, -20.0, -2.0, 0.0 }, + { -150.0, -46.0, 68.0, 54.0, 14.0, 24.0, -28.0, 22.0, 0.0 }, + { -621.0, 532.0, -694.0, -20.0, 192.0, -94.0, 71.0, -73.0, 0.0 }, + { -14614.0,-19828.0, -5869.0, 1881.0, -4372.0, -2255.0, 782.0, 930.0, 913.0 }, + { 139737.0, 0.0, 24667.0, 51123.0, -5102.0, 7429.0, -4095.0, -1976.0,-9566.0 }, + { -138081.0, 0.0, 37205.0,-49039.0,-41901.0,-33872.0,-27037.0,-12474.0,18797.0 }, + { 0.0, 28492.0,133236.0, 69654.0, 52322.0,-49577.0,-26430.0, -3593.0, 0.0 } }; + +const double kq[8][10] = + { { 3086.0, 15746.0, 69613.0, 59899.0, 75645.0, 88306.0, 12661.0, 2658.0, 0.0, 0.0 }, + { 21863.0, 32794.0, 10931.0, 73.0, 4387.0, 26934.0, 1473.0, 2157.0, 0.0, 0.0 }, + { 10.0, 16002.0, 21863.0, 10931.0, 1473.0, 32004.0, 4387.0, 73.0, 0.0, 0.0 }, + { 10.0, 6345.0, 7818.0, 1107.0, 15636.0, 7077.0, 8184.0, 532.0, 10.0, 0.0 }, + { 19.0, 1760.0, 1454.0, 287.0, 1167.0, 880.0, 574.0, 2640.0, 19.0,1454.0 }, + { 19.0, 574.0, 287.0, 306.0, 1760.0, 12.0, 31.0, 38.0, 19.0, 574.0 }, + { 4.0, 204.0, 177.0, 8.0, 31.0, 200.0, 1265.0, 102.0, 4.0, 204.0 }, + { 4.0, 102.0, 106.0, 8.0, 98.0, 1367.0, 487.0, 204.0, 4.0, 102.0 } }; + +const double cl[8][10] = + { { 21.0, -95.0, -157.0, 41.0, -5.0, 42.0, 23.0, 30.0, 0.0, 0.0 }, + { -160.0, -313.0, -235.0, 60.0, -74.0, -76.0, -27.0, 34.0, 0.0, 0.0 }, + { -325.0, -322.0, -79.0, 232.0, -52.0, 97.0, 55.0, -41.0, 0.0, 0.0 }, + { 2268.0, -979.0, 802.0, 602.0, -668.0, -33.0, 345.0, 201.0, -55.0, 0.0 }, + { 7610.0, -4997.0,-7689.0,-5841.0,-2617.0, 1115.0, -748.0, -607.0, 6074.0, 354.0 }, + { -18549.0, 30125.0,20012.0, -730.0, 824.0, 23.0, 1289.0, -352.0,-14767.0,-2062.0 }, + { -135245.0,-14594.0, 4197.0,-4030.0,-5630.0,-2898.0, 2540.0, -306.0, 2939.0, 1986.0 }, + { 89948.0, 2103.0, 8963.0, 2695.0, 3682.0, 1648.0, 866.0, -154.0, -1963.0, -283.0 } }; + +const double sl[8][10] = + { { -342.0, 136.0, -23.0, 62.0, 66.0, -52.0, -33.0, 17.0, 0.0, 0.0 }, + { 524.0, -149.0, -35.0, 117.0, 151.0, 122.0, -71.0, -62.0, 0.0, 0.0 }, + { -105.0, -137.0, 258.0, 35.0, -116.0, -88.0, -112.0, -80.0, 0.0, 0.0 }, + { 854.0, -205.0, -936.0, -240.0, 140.0, -341.0, -97.0, -232.0, 536.0, 0.0 }, + { -56980.0, 8016.0, 1012.0, 1448.0,-3024.0,-3710.0, 318.0, 503.0, 3767.0, 577.0 }, + { 138606.0,-13478.0,-4964.0, 1441.0,-1319.0,-1482.0, 427.0, 1236.0, -9167.0,-1918.0 }, + { 71234.0,-41116.0, 5334.0,-4935.0,-1848.0, 66.0, 434.0,-1748.0, 3780.0, -701.0 }, + { -47645.0, 11647.0, 2166.0, 3194.0, 679.0, 0.0, -244.0, -419.0, -2531.0, 48.0 } }; + +extern void planetpv (double epoch[2], int np, double pv[2][3]); +extern void radecdist(double state[2][3], double rdd[3]); + +static void test(void) +{ + int p; + double jd[2]; + double pv[2][3]; + double position[3]; + + jd[0] = J2000; + jd[1] = 0.0; + for (p = 0; p < 8; ++p) + { + planetpv(jd,p,pv); + radecdist(pv,position); + printf("p = %d position[0] = %g position[1] = %g\n", + p, position[0], position[1]); + } +} + + +static void bench(int nloops) +{ + int i, n, p; + double jd[2]; + double pv[2][3]; + double position[3]; + + for (i = 0; i < nloops; ++i) + { + jd[0] = J2000; + jd[1] = 0.0; + + for (n = 0; n < TEST_LENGTH; ++n) + { + jd[0] += 1.0; + + for (p = 0; p < 8; ++p) + { + planetpv(jd,p,pv); + radecdist(pv,position); + } + } + } +} + +int main(int argc, char ** argv) +{ + if (argc >= 2) + bench(atoi(argv[1])); + else + test(); + return 0; +} + diff --git a/test/harness/mainfft.c b/test/harness/mainfft.c new file mode 100644 index 00000000..ce75062c --- /dev/null +++ b/test/harness/mainfft.c @@ -0,0 +1,72 @@ +#undef DEBUG +#include +#include +#include + +#define PI 3.14159265358979323846 + +extern void dfft(double * xr, double * xi, int np); + +double * xr, * xi; + +#ifdef DEBUG +void trace() +{ + int i; + for (i=0; i<=15; i++) printf("%d %g %g\n",i,xr[i],xi[i]); + printf("-----------\n"); +} +void print_int(int n) { printf("%d\n", n); } +void print_float(double x) { printf("%g\n", x); } +#endif + +int main(int argc, char ** argv) +{ + int n, np, npm, n2, i, j; + double enp, t, y, z, zr, zi, zm, a; + double * pxr, * pxi; + + if (argc >= 2) n = atoi(argv[1]); else n = 12; + np = 1 << n; + enp = np; + npm = np / 2 - 1; + t = PI / enp; + xr = calloc(np, sizeof(double)); + xi = calloc(np, sizeof(double)); + pxr = xr; + pxi = xi; + *pxr = (enp - 1.0) * 0.5; + *pxi = 0.0; + n2 = np / 2; + *(pxr+n2) = -0.5; + *(pxi+n2) = 0.0; + for (i = 1; i <= npm; i++) { + j = np - i; + *(pxr+i) = -0.5; + *(pxr+j) = -0.5; + z = t * (double)i; + y = -0.5*(cos(z)/sin(z)); + *(pxi+i) = y; + *(pxi+j) = -y; + } +#ifdef DEBUG + trace(); +#endif + dfft(xr,xi,np); +#ifdef DEBUG + trace(); +#endif + zr = 0.0; + zi = 0.0; + npm = np-1; + for (i = 0; i <= npm; i++ ) { + a = fabs(pxr[i] - i); + if (zr < a) zr = a; + a = fabs(pxi[i]); + if (zi < a) zi = a; + } + zm = zr; + if (zr < zi) zm = zi; + printf("%d points, error %g\n", np, zm); + return 0; +} diff --git a/test/harness/mainfib.c b/test/harness/mainfib.c new file mode 100644 index 00000000..a736d70b --- /dev/null +++ b/test/harness/mainfib.c @@ -0,0 +1,13 @@ +#include +#include + +extern int fib(int); + +int main(int argc, char ** argv) +{ + int n, r; + if (argc >= 2) n = atoi(argv[1]); else n = 30; + r = fib(n); + printf("fib(%d) = %d\n", n, r); + return 0; +} diff --git a/test/harness/mainintegr.c b/test/harness/mainintegr.c new file mode 100644 index 00000000..5f5bdfe0 --- /dev/null +++ b/test/harness/mainintegr.c @@ -0,0 +1,13 @@ +#include +#include + +extern double test(int); + +int main(int argc, char ** argv) +{ + int n; double r; + if (argc >= 2) n = atoi(argv[1]); else n = 10000; + r = test(n); + printf("integr(square, 0.0, 1.0, %d) = %g\n", n, r); + return 0; +} diff --git a/test/harness/mainmanyargs.c b/test/harness/mainmanyargs.c new file mode 100644 index 00000000..36bcf762 --- /dev/null +++ b/test/harness/mainmanyargs.c @@ -0,0 +1,13 @@ +#include + +void print_int(int n) { printf("%d\n", n); } +void print_float(double n) { printf("%g\n", n); } + +extern void g(int,int,int,int,int, + double,double,double,double,double); + +int main() +{ + g(1,2,3,4,5, 0.1,0.2,0.3,0.4,0.5); + return 0; +} diff --git a/test/harness/mainqsort.c b/test/harness/mainqsort.c new file mode 100644 index 00000000..63a76143 --- /dev/null +++ b/test/harness/mainqsort.c @@ -0,0 +1,36 @@ +#include +#include +#include + +extern void quicksort(int lo, int hi, long * data); + +int cmplong(const void * i, const void * j) +{ + long vi = *((long *) i); + long vj = *((long *) j); + if (vi == vj) return 0; + if (vi < vj) return -1; + return 1; +} + +int main(int argc, char ** argv) +{ + int n, i; + long * a, * b; + int bench = 0; + + if (argc >= 2) n = atoi(argv[1]); else n = 1000; + if (argc >= 3) bench = 1; + a = malloc(n * sizeof(long)); + b = malloc(n * sizeof(long)); + for (i = 0; i < n; i++) b[i] = a[i] = rand() & 0xFFFF; + quicksort(0, n - 1, a); + if (!bench) { + qsort(b, n, sizeof(long), cmplong); + for (i = 0; i < n; i++) { + if (a[i] != b[i]) { printf("Bug!\n"); return 2; } + } + printf("OK\n"); + } + return 0; +} diff --git a/test/harness/mainsha1.c b/test/harness/mainsha1.c new file mode 100644 index 00000000..2364076e --- /dev/null +++ b/test/harness/mainsha1.c @@ -0,0 +1,75 @@ +#include +#include +#include + +typedef unsigned int u32; + +struct SHA1Context { + u32 state[5]; + u32 length[2]; + int numbytes; + unsigned char buffer[64]; +}; + +extern void SHA1_init(struct SHA1Context * ctx); +extern void SHA1_add_data(struct SHA1Context * ctx, unsigned char * data, + unsigned long len); +extern void SHA1_finish(struct SHA1Context * ctx, unsigned char output[20]); + +static void do_test(unsigned char * txt, unsigned char * expected_output) +{ + struct SHA1Context ctx; + unsigned char output[20]; + int ok; + + SHA1_init(&ctx); + SHA1_add_data(&ctx, txt, strlen((char *) txt)); + SHA1_finish(&ctx, output); + ok = memcmp(output, expected_output, 20) == 0; + printf("Test `%s': %s\n", + (char *) txt, (ok ? "passed" : "FAILED")); +} + +/* Test vectors: + * + * "abc" + * A999 3E36 4706 816A BA3E 2571 7850 C26C 9CD0 D89D + * + * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + * 8498 3E44 1C3B D26E BAAE 4AA1 F951 29E5 E546 70F1 + */ + +unsigned char * test_input_1 = "abc"; +unsigned char test_output_1[20] = +{ 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E , + 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D }; + +unsigned char * test_input_2 = + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; +unsigned char test_output_2[20] = +{ 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE, + 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 }; + + +static void do_bench(int nblocks) +{ + struct SHA1Context ctx; + unsigned char output[20]; + unsigned char data[64]; + + SHA1_init(&ctx); + for (; nblocks > 0; nblocks--) + SHA1_add_data(&ctx, data, 64); + SHA1_finish(&ctx, output); +} + +int main(int argc, char ** argv) +{ + if (argc < 2) { + do_test(test_input_1, test_output_1); + do_test(test_input_2, test_output_2); + } else { + do_bench(atoi(argv[1])); + } + return 0; +} diff --git a/test/lib/staticlib.S b/test/lib/staticlib.S new file mode 100644 index 00000000..b093e7c8 --- /dev/null +++ b/test/lib/staticlib.S @@ -0,0 +1,26 @@ +/* Work around MacOX shared-library lossage. + (No static version of the C library.) */ + +.macro GLUE + .text + .globl _$0_static +_$0_static: + addis r11, 0, ha16(L$0) + lwz r11, lo16(L$0)(r11) + mtctr r11 + bctr + .non_lazy_symbol_pointer +L$0: + .indirect_symbol _$0 + .long 0 +.endmacro + + GLUE cos + GLUE sin + GLUE atan2 + GLUE asin + GLUE sqrt + GLUE fmod + GLUE memcpy + GLUE memset + \ No newline at end of file -- cgit