Correctness of instruction selection for integer division
Require Import String.
Require Import Coqlib Maps.
Require Import AST Errors Integers Floats.
Require Import Values Memory Globalenvs Events Cminor Op CminorSel.
Require Import SelectOp SelectOpproof SplitLong.
Local Open Scope cminorsel_scope.
Local Open Scope string_scope.
Axiomatization of the helper functions
Definition external_implements
`{
external_calls_ops:
ExternalCallsOps}
(
name:
string) (
sg:
signature) (
vargs:
list val) (
vres:
val) :
Prop :=
forall F V (
ge:
Genv.t F V)
m,
external_call (
EF_runtime name sg)
ge vargs m E0 vres m.
Definition builtin_implements
`{
external_calls_ops:
ExternalCallsOps}
(
name:
string) (
sg:
signature) (
vargs:
list val) (
vres:
val) :
Prop :=
forall F V (
ge:
Genv.t F V)
m,
external_call (
EF_builtin name sg)
ge vargs m E0 vres m.
Class I64HelpersCorrect mem
`{
external_calls_ops:
ExternalCallsOps mem} :
Prop :=
{
i64_helpers_correct :
(
forall x z,
Val.longoffloat x =
Some z ->
external_implements "
__i64_dtos"
sig_f_l (
x::
nil)
z)
/\ (
forall x z,
Val.longuoffloat x =
Some z ->
external_implements "
__i64_dtou"
sig_f_l (
x::
nil)
z)
/\ (
forall x z,
Val.floatoflong x =
Some z ->
external_implements "
__i64_stod"
sig_l_f (
x::
nil)
z)
/\ (
forall x z,
Val.floatoflongu x =
Some z ->
external_implements "
__i64_utod"
sig_l_f (
x::
nil)
z)
/\ (
forall x z,
Val.singleoflong x =
Some z ->
external_implements "
__i64_stof"
sig_l_s (
x::
nil)
z)
/\ (
forall x z,
Val.singleoflongu x =
Some z ->
external_implements "
__i64_utof"
sig_l_s (
x::
nil)
z)
/\ (
forall x,
builtin_implements "
__builtin_negl"
sig_l_l (
x::
nil) (
Val.negl x))
/\ (
forall x y,
builtin_implements "
__builtin_addl"
sig_ll_l (
x::
y::
nil) (
Val.addl x y))
/\ (
forall x y,
builtin_implements "
__builtin_subl"
sig_ll_l (
x::
y::
nil) (
Val.subl x y))
/\ (
forall x y,
builtin_implements "
__builtin_mull"
sig_ii_l (
x::
y::
nil) (
Val.mull'
x y))
/\ (
forall x y z,
Val.divls x y =
Some z ->
external_implements "
__i64_sdiv"
sig_ll_l (
x::
y::
nil)
z)
/\ (
forall x y z,
Val.divlu x y =
Some z ->
external_implements "
__i64_udiv"
sig_ll_l (
x::
y::
nil)
z)
/\ (
forall x y z,
Val.modls x y =
Some z ->
external_implements "
__i64_smod"
sig_ll_l (
x::
y::
nil)
z)
/\ (
forall x y z,
Val.modlu x y =
Some z ->
external_implements "
__i64_umod"
sig_ll_l (
x::
y::
nil)
z)
/\ (
forall x y,
external_implements "
__i64_shl"
sig_li_l (
x::
y::
nil) (
Val.shll x y))
/\ (
forall x y,
external_implements "
__i64_shr"
sig_li_l (
x::
y::
nil) (
Val.shrlu x y))
/\ (
forall x y,
external_implements "
__i64_sar"
sig_li_l (
x::
y::
nil) (
Val.shrl x y))
/\ (
forall x y,
external_implements "
__i64_umulh"
sig_ll_l (
x::
y::
nil) (
Val.mullhu x y))
/\ (
forall x y,
external_implements "
__i64_smulh"
sig_ll_l (
x::
y::
nil) (
Val.mullhs x y))
}.
Definition helper_declared {
F V:
Type} (
p:
AST.program (
AST.fundef F)
V) (
id:
ident) (
name:
string) (
sg:
signature) :
Prop :=
(
prog_defmap p)!
id =
Some (
Gfun (
External (
EF_runtime name sg))).
Definition helper_functions_declared {
F V:
Type} (
p:
AST.program (
AST.fundef F)
V) (
hf:
helper_functions) :
Prop :=
helper_declared p i64_dtos "
__i64_dtos"
sig_f_l
/\
helper_declared p i64_dtou "
__i64_dtou"
sig_f_l
/\
helper_declared p i64_stod "
__i64_stod"
sig_l_f
/\
helper_declared p i64_utod "
__i64_utod"
sig_l_f
/\
helper_declared p i64_stof "
__i64_stof"
sig_l_s
/\
helper_declared p i64_utof "
__i64_utof"
sig_l_s
/\
helper_declared p i64_sdiv "
__i64_sdiv"
sig_ll_l
/\
helper_declared p i64_udiv "
__i64_udiv"
sig_ll_l
/\
helper_declared p i64_smod "
__i64_smod"
sig_ll_l
/\
helper_declared p i64_umod "
__i64_umod"
sig_ll_l
/\
helper_declared p i64_shl "
__i64_shl"
sig_li_l
/\
helper_declared p i64_shr "
__i64_shr"
sig_li_l
/\
helper_declared p i64_sar "
__i64_sar"
sig_li_l
/\
helper_declared p i64_umulh "
__i64_umulh"
sig_ll_l
/\
helper_declared p i64_smulh "
__i64_smulh"
sig_ll_l.
Correctness of the instruction selection functions for 64-bit operators
Section CMCONSTR.
Context mem `{
external_calls_prf:
ExternalCalls mem}.
Context `{
i64_helpers_correct_prf: !
I64HelpersCorrect mem}.
Variable prog:
program.
Variable hf:
helper_functions.
Hypothesis HELPERS:
helper_functions_declared prog hf.
Let ge :=
Genv.globalenv prog.
Variable sp:
val.
Variable e:
env.
Variable m:
mem.
Ltac UseHelper :=
decompose [
Logic.and]
i64_helpers_correct;
eauto.
Ltac DeclHelper :=
red in HELPERS;
decompose [
Logic.and]
HELPERS;
eauto.
Lemma eval_helper:
forall le id name sg args vargs vres,
eval_exprlist ge sp e m le args vargs ->
helper_declared prog id name sg ->
external_implements name sg vargs vres ->
eval_expr ge sp e m le (
Eexternal id sg args)
vres.
Proof.
Corollary eval_helper_1:
forall le id name sg arg1 varg1 vres,
eval_expr ge sp e m le arg1 varg1 ->
helper_declared prog id name sg ->
external_implements name sg (
varg1::
nil)
vres ->
eval_expr ge sp e m le (
Eexternal id sg (
arg1 :::
Enil))
vres.
Proof.
intros.
eapply eval_helper;
eauto.
constructor;
auto.
constructor.
Qed.
Corollary eval_helper_2:
forall le id name sg arg1 arg2 varg1 varg2 vres,
eval_expr ge sp e m le arg1 varg1 ->
eval_expr ge sp e m le arg2 varg2 ->
helper_declared prog id name sg ->
external_implements name sg (
varg1::
varg2::
nil)
vres ->
eval_expr ge sp e m le (
Eexternal id sg (
arg1 :::
arg2 :::
Enil))
vres.
Proof.
intros.
eapply eval_helper;
eauto.
constructor;
auto.
constructor;
auto.
constructor.
Qed.
Remark eval_builtin_1:
forall le id sg arg1 varg1 vres,
eval_expr ge sp e m le arg1 varg1 ->
builtin_implements id sg (
varg1::
nil)
vres ->
eval_expr ge sp e m le (
Ebuiltin (
EF_builtin id sg) (
arg1 :::
Enil))
vres.
Proof.
intros. econstructor. econstructor. eauto. constructor. apply H0.
auto.
Qed.
Remark eval_builtin_2:
forall le id sg arg1 arg2 varg1 varg2 vres,
eval_expr ge sp e m le arg1 varg1 ->
eval_expr ge sp e m le arg2 varg2 ->
builtin_implements id sg (
varg1::
varg2::
nil)
vres ->
eval_expr ge sp e m le (
Ebuiltin (
EF_builtin id sg) (
arg1 :::
arg2 :::
Enil))
vres.
Proof.
intros. econstructor. constructor; eauto. constructor; eauto. constructor. apply H1.
auto.
Qed.
Definition unary_constructor_sound (
cstr:
expr ->
expr) (
sem:
val ->
val) :
Prop :=
forall le a x,
eval_expr ge sp e m le a x ->
exists v,
eval_expr ge sp e m le (
cstr a)
v /\
Val.lessdef (
sem x)
v.
Definition binary_constructor_sound (
cstr:
expr ->
expr ->
expr) (
sem:
val ->
val ->
val) :
Prop :=
forall le a x b y,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
exists v,
eval_expr ge sp e m le (
cstr a b)
v /\
Val.lessdef (
sem x y)
v.
Ltac EvalOp :=
eauto;
match goal with
| [ |-
eval_exprlist _ _ _ _ _ Enil _ ] =>
constructor
| [ |-
eval_exprlist _ _ _ _ _ (
_:::
_)
_ ] =>
econstructor;
EvalOp
| [ |-
eval_expr _ _ _ _ _ (
Eletvar _)
_ ] =>
constructor;
simpl;
eauto
| [ |-
eval_expr _ _ _ _ _ (
Elet _ _)
_ ] =>
econstructor;
EvalOp
| [ |-
eval_expr _ _ _ _ _ (
lift _)
_ ] =>
apply eval_lift;
EvalOp
| [ |-
eval_expr _ _ _ _ _ _ _ ] =>
eapply eval_Eop; [
EvalOp |
simpl;
eauto]
|
_ =>
idtac
end.
Lemma eval_splitlong:
forall le a f v sem,
(
forall le a b x y,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
exists v,
eval_expr ge sp e m le (
f a b)
v /\
(
forall p q,
x =
Vint p ->
y =
Vint q ->
v =
sem (
Vlong (
Int64.ofwords p q)))) ->
match v with Vlong _ =>
True |
_ =>
sem v =
Vundef end ->
eval_expr ge sp e m le a v ->
exists v',
eval_expr ge sp e m le (
splitlong a f)
v' /\
Val.lessdef (
sem v)
v'.
Proof.
intros until sem;
intros EXEC UNDEF.
unfold splitlong.
case (
splitlong_match a);
intros.
-
InvEval;
subst.
exploit EXEC.
eexact H2.
eexact H3.
intros [
v' [
A B]].
exists v';
split.
auto.
destruct v1;
simpl in *;
try (
rewrite UNDEF;
auto).
destruct v0;
simpl in *;
try (
rewrite UNDEF;
auto).
erewrite B;
eauto.
-
exploit (
EXEC (
v ::
le) (
Eop Ohighlong (
Eletvar 0 :::
Enil)) (
Eop Olowlong (
Eletvar 0 :::
Enil))).
EvalOp.
EvalOp.
intros [
v' [
A B]].
exists v';
split.
econstructor;
eauto.
destruct v;
try (
rewrite UNDEF;
auto).
erewrite B;
simpl;
eauto.
rewrite Int64.ofwords_recompose.
auto.
Qed.
Lemma eval_splitlong_strict:
forall le a f va v,
eval_expr ge sp e m le a (
Vlong va) ->
(
forall le a1 a2,
eval_expr ge sp e m le a1 (
Vint (
Int64.hiword va)) ->
eval_expr ge sp e m le a2 (
Vint (
Int64.loword va)) ->
eval_expr ge sp e m le (
f a1 a2)
v) ->
eval_expr ge sp e m le (
splitlong a f)
v.
Proof.
Lemma eval_splitlong2:
forall le a b f va vb sem,
(
forall le a1 a2 b1 b2 x1 x2 y1 y2,
eval_expr ge sp e m le a1 x1 ->
eval_expr ge sp e m le a2 x2 ->
eval_expr ge sp e m le b1 y1 ->
eval_expr ge sp e m le b2 y2 ->
exists v,
eval_expr ge sp e m le (
f a1 a2 b1 b2)
v /\
(
forall p1 p2 q1 q2,
x1 =
Vint p1 ->
x2 =
Vint p2 ->
y1 =
Vint q1 ->
y2 =
Vint q2 ->
v =
sem (
Vlong (
Int64.ofwords p1 p2)) (
Vlong (
Int64.ofwords q1 q2)))) ->
match va,
vb with Vlong _,
Vlong _ =>
True |
_,
_ =>
sem va vb =
Vundef end ->
eval_expr ge sp e m le a va ->
eval_expr ge sp e m le b vb ->
exists v,
eval_expr ge sp e m le (
splitlong2 a b f)
v /\
Val.lessdef (
sem va vb)
v.
Proof.
intros until sem;
intros EXEC UNDEF.
unfold splitlong2.
case (
splitlong2_match a b);
intros.
-
InvEval;
subst.
exploit (
EXEC le h1 l1 h2 l2);
eauto.
intros [
v [
A B]].
exists v;
split;
auto.
destruct v1;
simpl in *;
try (
rewrite UNDEF;
auto).
destruct v0;
try (
rewrite UNDEF;
auto).
destruct v2;
simpl in *;
try (
rewrite UNDEF;
auto).
destruct v3;
try (
rewrite UNDEF;
auto).
erewrite B;
eauto.
-
InvEval;
subst.
exploit (
EXEC (
vb ::
le) (
lift h1) (
lift l1)
(
Eop Ohighlong (
Eletvar 0 :::
Enil)) (
Eop Olowlong (
Eletvar 0 :::
Enil))).
EvalOp.
EvalOp.
EvalOp.
EvalOp.
intros [
v [
A B]].
exists v;
split.
econstructor;
eauto.
destruct v1;
simpl in *;
try (
rewrite UNDEF;
auto).
destruct v0;
try (
rewrite UNDEF;
auto).
destruct vb;
try (
rewrite UNDEF;
auto).
erewrite B;
simpl;
eauto.
rewrite Int64.ofwords_recompose.
auto.
-
InvEval;
subst.
exploit (
EXEC (
va ::
le)
(
Eop Ohighlong (
Eletvar 0 :::
Enil)) (
Eop Olowlong (
Eletvar 0 :::
Enil))
(
lift h2) (
lift l2)).
EvalOp.
EvalOp.
EvalOp.
EvalOp.
intros [
v [
A B]].
exists v;
split.
econstructor;
eauto.
destruct va;
try (
rewrite UNDEF;
auto).
destruct v1;
simpl in *;
try (
rewrite UNDEF;
auto).
destruct v0;
try (
rewrite UNDEF;
auto).
erewrite B;
simpl;
eauto.
rewrite Int64.ofwords_recompose.
auto.
-
exploit (
EXEC (
vb ::
va ::
le)
(
Eop Ohighlong (
Eletvar 1 :::
Enil)) (
Eop Olowlong (
Eletvar 1 :::
Enil))
(
Eop Ohighlong (
Eletvar 0 :::
Enil)) (
Eop Olowlong (
Eletvar 0 :::
Enil))).
EvalOp.
EvalOp.
EvalOp.
EvalOp.
intros [
v [
A B]].
exists v;
split.
EvalOp.
destruct va;
try (
rewrite UNDEF;
auto);
destruct vb;
try (
rewrite UNDEF;
auto).
erewrite B;
simpl;
eauto.
rewrite !
Int64.ofwords_recompose;
auto.
Qed.
Lemma eval_splitlong2_strict:
forall le a b f va vb v,
eval_expr ge sp e m le a (
Vlong va) ->
eval_expr ge sp e m le b (
Vlong vb) ->
(
forall le a1 a2 b1 b2,
eval_expr ge sp e m le a1 (
Vint (
Int64.hiword va)) ->
eval_expr ge sp e m le a2 (
Vint (
Int64.loword va)) ->
eval_expr ge sp e m le b1 (
Vint (
Int64.hiword vb)) ->
eval_expr ge sp e m le b2 (
Vint (
Int64.loword vb)) ->
eval_expr ge sp e m le (
f a1 a2 b1 b2)
v) ->
eval_expr ge sp e m le (
splitlong2 a b f)
v.
Proof.
assert (
INV:
forall v1 v2 n,
Val.longofwords v1 v2 =
Vlong n ->
v1 =
Vint(
Int64.hiword n) /\
v2 =
Vint(
Int64.loword n)).
{
intros.
destruct v1;
simpl in H;
try discriminate.
destruct v2;
inv H.
rewrite Int64.hi_ofwords;
rewrite Int64.lo_ofwords;
auto.
}
intros until v.
unfold splitlong2.
case (
splitlong2_match a b);
intros.
-
InvEval.
exploit INV.
eexact H.
intros [
EQ1 EQ2].
exploit INV.
eexact H0.
intros [
EQ3 EQ4].
subst.
auto.
-
InvEval.
exploit INV;
eauto.
intros [
EQ1 EQ2].
subst.
econstructor.
eauto.
apply H1;
EvalOp.
-
InvEval.
exploit INV;
eauto.
intros [
EQ1 EQ2].
subst.
econstructor.
eauto.
apply H1;
EvalOp.
-
EvalOp.
apply H1;
EvalOp.
Qed.
Lemma is_longconst_sound:
forall le a x n,
is_longconst a =
Some n ->
eval_expr ge sp e m le a x ->
x =
Vlong n.
Proof.
unfold is_longconst;
intros until n;
intros LC.
destruct (
is_longconst_match a);
intros.
inv LC.
InvEval.
simpl in H5.
inv H5.
auto.
discriminate.
Qed.
Lemma is_longconst_zero_sound:
forall le a x,
is_longconst_zero a =
true ->
eval_expr ge sp e m le a x ->
x =
Vlong Int64.zero.
Proof.
Lemma eval_lowlong:
unary_constructor_sound lowlong Val.loword.
Proof.
unfold lowlong;
red.
intros until x.
destruct (
lowlong_match a);
intros.
InvEval;
subst.
exists v0;
split;
auto.
destruct v1;
simpl;
auto.
destruct v0;
simpl;
auto.
rewrite Int64.lo_ofwords.
auto.
exists (
Val.loword x);
split;
auto.
EvalOp.
Qed.
Lemma eval_highlong:
unary_constructor_sound highlong Val.hiword.
Proof.
unfold highlong;
red.
intros until x.
destruct (
highlong_match a);
intros.
InvEval;
subst.
exists v1;
split;
auto.
destruct v1;
simpl;
auto.
destruct v0;
simpl;
auto.
rewrite Int64.hi_ofwords.
auto.
exists (
Val.hiword x);
split;
auto.
EvalOp.
Qed.
Lemma eval_longconst:
forall le n,
eval_expr ge sp e m le (
longconst n) (
Vlong n).
Proof.
Theorem eval_intoflong:
unary_constructor_sound intoflong Val.loword.
Proof eval_lowlong.
Theorem eval_longofintu:
unary_constructor_sound longofintu Val.longofintu.
Proof.
Theorem eval_longofint:
unary_constructor_sound longofint Val.longofint.
Proof.
Theorem eval_negl:
unary_constructor_sound negl Val.negl.
Proof.
Theorem eval_notl:
unary_constructor_sound notl Val.notl.
Proof.
Theorem eval_longoffloat:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.longoffloat x =
Some y ->
exists v,
eval_expr ge sp e m le (
longoffloat a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_longuoffloat:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.longuoffloat x =
Some y ->
exists v,
eval_expr ge sp e m le (
longuoffloat a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_floatoflong:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.floatoflong x =
Some y ->
exists v,
eval_expr ge sp e m le (
floatoflong a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_floatoflongu:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.floatoflongu x =
Some y ->
exists v,
eval_expr ge sp e m le (
floatoflongu a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_longofsingle:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.longofsingle x =
Some y ->
exists v,
eval_expr ge sp e m le (
longofsingle a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_longuofsingle:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.longuofsingle x =
Some y ->
exists v,
eval_expr ge sp e m le (
longuofsingle a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_singleoflong:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.singleoflong x =
Some y ->
exists v,
eval_expr ge sp e m le (
singleoflong a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_singleoflongu:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.singleoflongu x =
Some y ->
exists v,
eval_expr ge sp e m le (
singleoflongu a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_andl:
binary_constructor_sound andl Val.andl.
Proof.
red;
intros.
unfold andl.
apply eval_splitlong2;
auto.
intros.
exploit eval_and.
eexact H1.
eexact H3.
intros [
va [
A B]].
exploit eval_and.
eexact H2.
eexact H4.
intros [
vb [
C D]].
exists (
Val.longofwords va vb);
split.
EvalOp.
intros;
subst.
simpl in B;
inv B.
simpl in D;
inv D.
simpl.
f_equal.
rewrite Int64.decompose_and.
auto.
destruct x;
auto.
destruct y;
auto.
Qed.
Theorem eval_orl:
binary_constructor_sound orl Val.orl.
Proof.
red;
intros.
unfold orl.
apply eval_splitlong2;
auto.
intros.
exploit eval_or.
eexact H1.
eexact H3.
intros [
va [
A B]].
exploit eval_or.
eexact H2.
eexact H4.
intros [
vb [
C D]].
exists (
Val.longofwords va vb);
split.
EvalOp.
intros;
subst.
simpl in B;
inv B.
simpl in D;
inv D.
simpl.
f_equal.
rewrite Int64.decompose_or.
auto.
destruct x;
auto.
destruct y;
auto.
Qed.
Theorem eval_xorl:
binary_constructor_sound xorl Val.xorl.
Proof.
red;
intros.
unfold xorl.
apply eval_splitlong2;
auto.
intros.
exploit eval_xor.
eexact H1.
eexact H3.
intros [
va [
A B]].
exploit eval_xor.
eexact H2.
eexact H4.
intros [
vb [
C D]].
exists (
Val.longofwords va vb);
split.
EvalOp.
intros;
subst.
simpl in B;
inv B.
simpl in D;
inv D.
simpl.
f_equal.
rewrite Int64.decompose_xor.
auto.
destruct x;
auto.
destruct y;
auto.
Qed.
Lemma is_intconst_sound:
forall le a x n,
is_intconst a =
Some n ->
eval_expr ge sp e m le a x ->
x =
Vint n.
Proof.
unfold is_intconst;
intros until n;
intros LC.
destruct a;
try discriminate.
destruct o;
try discriminate.
destruct e0;
try discriminate.
inv LC.
intros.
InvEval.
auto.
Qed.
Remark eval_shift_imm:
forall (
P:
expr ->
Prop)
n a0 a1 a2 a3,
(
n =
Int.zero ->
P a0) ->
(0 <=
Int.unsigned n <
Int.zwordsize ->
Int.ltu n Int.iwordsize =
true ->
Int.ltu (
Int.sub Int.iwordsize n)
Int.iwordsize =
true ->
Int.ltu n Int64.iwordsize' =
true ->
P a1) ->
(
Int.zwordsize <=
Int.unsigned n <
Int64.zwordsize ->
Int.ltu (
Int.sub n Int.iwordsize)
Int.iwordsize =
true ->
P a2) ->
P a3 ->
P (
if Int.eq n Int.zero then a0
else if Int.ltu n Int.iwordsize then a1
else if Int.ltu n Int64.iwordsize'
then a2
else a3).
Proof.
Lemma eval_shllimm:
forall n,
unary_constructor_sound (
fun e =>
shllimm e n) (
fun v =>
Val.shll v (
Vint n)).
Proof.
Theorem eval_shll:
binary_constructor_sound shll Val.shll.
Proof.
Lemma eval_shrluimm:
forall n,
unary_constructor_sound (
fun e =>
shrluimm e n) (
fun v =>
Val.shrlu v (
Vint n)).
Proof.
Theorem eval_shrlu:
binary_constructor_sound shrlu Val.shrlu.
Proof.
Lemma eval_shrlimm:
forall n,
unary_constructor_sound (
fun e =>
shrlimm e n) (
fun v =>
Val.shrl v (
Vint n)).
Proof.
Theorem eval_shrl:
binary_constructor_sound shrl Val.shrl.
Proof.
Theorem eval_addl:
Archi.ptr64 =
false ->
binary_constructor_sound addl Val.addl.
Proof.
Theorem eval_subl:
Archi.ptr64 =
false ->
binary_constructor_sound subl Val.subl.
Proof.
Lemma eval_mull_base:
binary_constructor_sound mull_base Val.mull.
Proof.
Lemma eval_mullimm:
forall n,
unary_constructor_sound (
mullimm n) (
fun v =>
Val.mull v (
Vlong n)).
Proof.
Theorem eval_mull:
binary_constructor_sound mull Val.mull.
Proof.
Theorem eval_mullhu:
forall n,
unary_constructor_sound (
fun a =>
mullhu a n) (
fun v =>
Val.mullhu v (
Vlong n)).
Proof.
Theorem eval_mullhs:
forall n,
unary_constructor_sound (
fun a =>
mullhs a n) (
fun v =>
Val.mullhs v (
Vlong n)).
Proof.
Theorem eval_shrxlimm:
forall le a n x z,
Archi.ptr64 =
false ->
eval_expr ge sp e m le a x ->
Val.shrxl x (
Vint n) =
Some z ->
exists v,
eval_expr ge sp e m le (
shrxlimm a n)
v /\
Val.lessdef z v.
Proof.
Theorem eval_divlu_base:
forall le a b x y z,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
Val.divlu x y =
Some z ->
exists v,
eval_expr ge sp e m le (
divlu_base a b)
v /\
Val.lessdef z v.
Proof.
Theorem eval_modlu_base:
forall le a b x y z,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
Val.modlu x y =
Some z ->
exists v,
eval_expr ge sp e m le (
modlu_base a b)
v /\
Val.lessdef z v.
Proof.
Theorem eval_divls_base:
forall le a b x y z,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
Val.divls x y =
Some z ->
exists v,
eval_expr ge sp e m le (
divls_base a b)
v /\
Val.lessdef z v.
Proof.
Theorem eval_modls_base:
forall le a b x y z,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
Val.modls x y =
Some z ->
exists v,
eval_expr ge sp e m le (
modls_base a b)
v /\
Val.lessdef z v.
Proof.
Remark decompose_cmpl_eq_zero:
forall h l,
Int64.eq (
Int64.ofwords h l)
Int64.zero =
Int.eq (
Int.or h l)
Int.zero.
Proof.
Lemma eval_cmpl_eq_zero:
forall le a x,
eval_expr ge sp e m le a (
Vlong x) ->
eval_expr ge sp e m le (
cmpl_eq_zero a) (
Val.of_bool (
Int64.eq x Int64.zero)).
Proof.
Lemma eval_cmpl_ne_zero:
forall le a x,
eval_expr ge sp e m le a (
Vlong x) ->
eval_expr ge sp e m le (
cmpl_ne_zero a) (
Val.of_bool (
negb (
Int64.eq x Int64.zero))).
Proof.
Lemma eval_cmplu_gen:
forall ch cl a b le x y,
eval_expr ge sp e m le a (
Vlong x) ->
eval_expr ge sp e m le b (
Vlong y) ->
eval_expr ge sp e m le (
cmplu_gen ch cl a b)
(
Val.of_bool (
if Int.eq (
Int64.hiword x) (
Int64.hiword y)
then Int.cmpu cl (
Int64.loword x) (
Int64.loword y)
else Int.cmpu ch (
Int64.hiword x) (
Int64.hiword y))).
Proof.
Remark int64_eq_xor:
forall p q,
Int64.eq p q =
Int64.eq (
Int64.xor p q)
Int64.zero.
Proof.
Theorem eval_cmplu:
forall c le a x b y v,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
Val.cmplu (
Mem.valid_pointer m)
c x y =
Some v ->
Archi.ptr64 =
false ->
eval_expr ge sp e m le (
cmplu c a b)
v.
Proof.
Lemma eval_cmpl_gen:
forall ch cl a b le x y,
eval_expr ge sp e m le a (
Vlong x) ->
eval_expr ge sp e m le b (
Vlong y) ->
eval_expr ge sp e m le (
cmpl_gen ch cl a b)
(
Val.of_bool (
if Int.eq (
Int64.hiword x) (
Int64.hiword y)
then Int.cmpu cl (
Int64.loword x) (
Int64.loword y)
else Int.cmp ch (
Int64.hiword x) (
Int64.hiword y))).
Proof.
Remark decompose_cmpl_lt_zero:
forall h l,
Int64.lt (
Int64.ofwords h l)
Int64.zero =
Int.lt h Int.zero.
Proof.
Theorem eval_cmpl:
forall c le a x b y v,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
Val.cmpl c x y =
Some v ->
eval_expr ge sp e m le (
cmpl c a b)
v.
Proof.
End CMCONSTR.