Correctness of instruction selection for integer division
Require Import String.
Require Import Coqlib.
Require Import AST.
Require Import Errors.
Require Import Integers.
Require Import Floats.
Require Import Values.
Require Import Memory.
Require Import Globalenvs.
Require Import Events.
Require Import Cminor.
Require Import Op.
Require Import CminorSel.
Require Import SelectOp.
Require Import SelectOpproof.
Require Import SelectLong.
Open Local Scope cminorsel_scope.
Open Local Scope string_scope.
Axiomatization of the helper functions
Definition external_implements (
name:
string) (
sg:
signature) (
vargs:
list val) (
vres:
val) :
Prop :=
forall F V (
ge:
Genv.t F V)
m,
external_call (
EF_external name sg)
ge vargs m E0 vres m.
Definition builtin_implements (
name:
string) (
sg:
signature) (
vargs:
list val) (
vres:
val) :
Prop :=
forall F V (
ge:
Genv.t F V)
m,
external_call (
EF_builtin name sg)
ge vargs m E0 vres m.
Axiom i64_helpers_correct :
(
forall x z,
Val.longoffloat x =
Some z ->
external_implements "
__i64_dtos"
sig_f_l (
x::
nil)
z)
/\ (
forall x z,
Val.longuoffloat x =
Some z ->
external_implements "
__i64_dtou"
sig_f_l (
x::
nil)
z)
/\ (
forall x z,
Val.floatoflong x =
Some z ->
external_implements "
__i64_stod"
sig_l_f (
x::
nil)
z)
/\ (
forall x z,
Val.floatoflongu x =
Some z ->
external_implements "
__i64_utod"
sig_l_f (
x::
nil)
z)
/\ (
forall x z,
Val.singleoflong x =
Some z ->
external_implements "
__i64_stof"
sig_l_s (
x::
nil)
z)
/\ (
forall x z,
Val.singleoflongu x =
Some z ->
external_implements "
__i64_utof"
sig_l_s (
x::
nil)
z)
/\ (
forall x,
builtin_implements "
__builtin_negl"
sig_l_l (
x::
nil) (
Val.negl x))
/\ (
forall x y,
builtin_implements "
__builtin_addl"
sig_ll_l (
x::
y::
nil) (
Val.addl x y))
/\ (
forall x y,
builtin_implements "
__builtin_subl"
sig_ll_l (
x::
y::
nil) (
Val.subl x y))
/\ (
forall x y,
builtin_implements "
__builtin_mull"
sig_ii_l (
x::
y::
nil) (
Val.mull'
x y))
/\ (
forall x y z,
Val.divls x y =
Some z ->
external_implements "
__i64_sdiv"
sig_ll_l (
x::
y::
nil)
z)
/\ (
forall x y z,
Val.divlu x y =
Some z ->
external_implements "
__i64_udiv"
sig_ll_l (
x::
y::
nil)
z)
/\ (
forall x y z,
Val.modls x y =
Some z ->
external_implements "
__i64_smod"
sig_ll_l (
x::
y::
nil)
z)
/\ (
forall x y z,
Val.modlu x y =
Some z ->
external_implements "
__i64_umod"
sig_ll_l (
x::
y::
nil)
z)
/\ (
forall x y,
external_implements "
__i64_shl"
sig_li_l (
x::
y::
nil) (
Val.shll x y))
/\ (
forall x y,
external_implements "
__i64_shr"
sig_li_l (
x::
y::
nil) (
Val.shrlu x y))
/\ (
forall x y,
external_implements "
__i64_sar"
sig_li_l (
x::
y::
nil) (
Val.shrl x y)).
Definition helper_declared {
F V:
Type} (
ge:
Genv.t (
AST.fundef F)
V) (
id:
ident) (
name:
string) (
sg:
signature) :
Prop :=
exists b,
Genv.find_symbol ge id =
Some b
/\
Genv.find_funct_ptr ge b =
Some (
External (
EF_external name sg)).
Definition helper_functions_declared {
F V:
Type} (
ge:
Genv.t (
AST.fundef F)
V) (
hf:
helper_functions) :
Prop :=
helper_declared ge hf.(
i64_dtos) "
__i64_dtos"
sig_f_l
/\
helper_declared ge hf.(
i64_dtou) "
__i64_dtou"
sig_f_l
/\
helper_declared ge hf.(
i64_stod) "
__i64_stod"
sig_l_f
/\
helper_declared ge hf.(
i64_utod) "
__i64_utod"
sig_l_f
/\
helper_declared ge hf.(
i64_stof) "
__i64_stof"
sig_l_s
/\
helper_declared ge hf.(
i64_utof) "
__i64_utof"
sig_l_s
/\
helper_declared ge hf.(
i64_sdiv) "
__i64_sdiv"
sig_ll_l
/\
helper_declared ge hf.(
i64_udiv) "
__i64_udiv"
sig_ll_l
/\
helper_declared ge hf.(
i64_smod) "
__i64_smod"
sig_ll_l
/\
helper_declared ge hf.(
i64_umod) "
__i64_umod"
sig_ll_l
/\
helper_declared ge hf.(
i64_shl) "
__i64_shl"
sig_li_l
/\
helper_declared ge hf.(
i64_shr) "
__i64_shr"
sig_li_l
/\
helper_declared ge hf.(
i64_sar) "
__i64_sar"
sig_li_l.
Correctness of the instruction selection functions for 64-bit operators
Section CMCONSTR.
Variable ge:
genv.
Variable hf:
helper_functions.
Hypothesis HELPERS:
helper_functions_declared ge hf.
Variable sp:
val.
Variable e:
env.
Variable m:
mem.
Ltac UseHelper :=
decompose [
Logic.and]
i64_helpers_correct;
eauto.
Ltac DeclHelper :=
red in HELPERS;
decompose [
Logic.and]
HELPERS;
eauto.
Lemma eval_helper:
forall le id name sg args vargs vres,
eval_exprlist ge sp e m le args vargs ->
helper_declared ge id name sg ->
external_implements name sg vargs vres ->
eval_expr ge sp e m le (
Eexternal id sg args)
vres.
Proof.
intros. destruct H0 as (b & P & Q). econstructor; eauto.
Qed.
Corollary eval_helper_1:
forall le id name sg arg1 varg1 vres,
eval_expr ge sp e m le arg1 varg1 ->
helper_declared ge id name sg ->
external_implements name sg (
varg1::
nil)
vres ->
eval_expr ge sp e m le (
Eexternal id sg (
arg1 :::
Enil))
vres.
Proof.
intros.
eapply eval_helper;
eauto.
constructor;
auto.
constructor.
Qed.
Corollary eval_helper_2:
forall le id name sg arg1 arg2 varg1 varg2 vres,
eval_expr ge sp e m le arg1 varg1 ->
eval_expr ge sp e m le arg2 varg2 ->
helper_declared ge id name sg ->
external_implements name sg (
varg1::
varg2::
nil)
vres ->
eval_expr ge sp e m le (
Eexternal id sg (
arg1 :::
arg2 :::
Enil))
vres.
Proof.
intros.
eapply eval_helper;
eauto.
constructor;
auto.
constructor;
auto.
constructor.
Qed.
Remark eval_builtin_1:
forall le id sg arg1 varg1 vres,
eval_expr ge sp e m le arg1 varg1 ->
builtin_implements id sg (
varg1::
nil)
vres ->
eval_expr ge sp e m le (
Ebuiltin (
EF_builtin id sg) (
arg1 :::
Enil))
vres.
Proof.
intros. econstructor. econstructor. eauto. constructor. apply H0.
Qed.
Remark eval_builtin_2:
forall le id sg arg1 arg2 varg1 varg2 vres,
eval_expr ge sp e m le arg1 varg1 ->
eval_expr ge sp e m le arg2 varg2 ->
builtin_implements id sg (
varg1::
varg2::
nil)
vres ->
eval_expr ge sp e m le (
Ebuiltin (
EF_builtin id sg) (
arg1 :::
arg2 :::
Enil))
vres.
Proof.
intros. econstructor. constructor; eauto. constructor; eauto. constructor. apply H1.
Qed.
Definition unary_constructor_sound (
cstr:
expr ->
expr) (
sem:
val ->
val) :
Prop :=
forall le a x,
eval_expr ge sp e m le a x ->
exists v,
eval_expr ge sp e m le (
cstr a)
v /\
Val.lessdef (
sem x)
v.
Definition binary_constructor_sound (
cstr:
expr ->
expr ->
expr) (
sem:
val ->
val ->
val) :
Prop :=
forall le a x b y,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
exists v,
eval_expr ge sp e m le (
cstr a b)
v /\
Val.lessdef (
sem x y)
v.
Ltac EvalOp :=
eauto;
match goal with
| [ |-
eval_exprlist _ _ _ _ _ Enil _ ] =>
constructor
| [ |-
eval_exprlist _ _ _ _ _ (
_:::
_)
_ ] =>
econstructor;
EvalOp
| [ |-
eval_expr _ _ _ _ _ (
Eletvar _)
_ ] =>
constructor;
simpl;
eauto
| [ |-
eval_expr _ _ _ _ _ (
Elet _ _)
_ ] =>
econstructor;
EvalOp
| [ |-
eval_expr _ _ _ _ _ (
lift _)
_ ] =>
apply eval_lift;
EvalOp
| [ |-
eval_expr _ _ _ _ _ _ _ ] =>
eapply eval_Eop; [
EvalOp |
simpl;
eauto]
|
_ =>
idtac
end.
Lemma eval_splitlong:
forall le a f v sem,
(
forall le a b x y,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
exists v,
eval_expr ge sp e m le (
f a b)
v /\
(
forall p q,
x =
Vint p ->
y =
Vint q ->
v =
sem (
Vlong (
Int64.ofwords p q)))) ->
match v with Vlong _ =>
True |
_ =>
sem v =
Vundef end ->
eval_expr ge sp e m le a v ->
exists v',
eval_expr ge sp e m le (
splitlong a f)
v' /\
Val.lessdef (
sem v)
v'.
Proof.
intros until sem;
intros EXEC UNDEF.
unfold splitlong.
case (
splitlong_match a);
intros.
-
InvEval.
subst v.
exploit EXEC.
eexact H2.
eexact H3.
intros [
v' [
A B]].
exists v';
split.
auto.
destruct v1;
simpl in *;
try (
rewrite UNDEF;
auto).
destruct v0;
simpl in *;
try (
rewrite UNDEF;
auto).
erewrite B;
eauto.
-
exploit (
EXEC (
v ::
le) (
Eop Ohighlong (
Eletvar 0 :::
Enil)) (
Eop Olowlong (
Eletvar 0 :::
Enil))).
EvalOp.
EvalOp.
intros [
v' [
A B]].
exists v';
split.
econstructor;
eauto.
destruct v;
try (
rewrite UNDEF;
auto).
erewrite B;
simpl;
eauto.
rewrite Int64.ofwords_recompose.
auto.
Qed.
Lemma eval_splitlong_strict:
forall le a f va v,
eval_expr ge sp e m le a (
Vlong va) ->
(
forall le a1 a2,
eval_expr ge sp e m le a1 (
Vint (
Int64.hiword va)) ->
eval_expr ge sp e m le a2 (
Vint (
Int64.loword va)) ->
eval_expr ge sp e m le (
f a1 a2)
v) ->
eval_expr ge sp e m le (
splitlong a f)
v.
Proof.
Lemma eval_splitlong2:
forall le a b f va vb sem,
(
forall le a1 a2 b1 b2 x1 x2 y1 y2,
eval_expr ge sp e m le a1 x1 ->
eval_expr ge sp e m le a2 x2 ->
eval_expr ge sp e m le b1 y1 ->
eval_expr ge sp e m le b2 y2 ->
exists v,
eval_expr ge sp e m le (
f a1 a2 b1 b2)
v /\
(
forall p1 p2 q1 q2,
x1 =
Vint p1 ->
x2 =
Vint p2 ->
y1 =
Vint q1 ->
y2 =
Vint q2 ->
v =
sem (
Vlong (
Int64.ofwords p1 p2)) (
Vlong (
Int64.ofwords q1 q2)))) ->
match va,
vb with Vlong _,
Vlong _ =>
True |
_,
_ =>
sem va vb =
Vundef end ->
eval_expr ge sp e m le a va ->
eval_expr ge sp e m le b vb ->
exists v,
eval_expr ge sp e m le (
splitlong2 a b f)
v /\
Val.lessdef (
sem va vb)
v.
Proof.
intros until sem;
intros EXEC UNDEF.
unfold splitlong2.
case (
splitlong2_match a b);
intros.
-
InvEval.
subst va vb.
exploit (
EXEC le h1 l1 h2 l2);
eauto.
intros [
v [
A B]].
exists v;
split;
auto.
destruct v1;
simpl in *;
try (
rewrite UNDEF;
auto).
destruct v0;
try (
rewrite UNDEF;
auto).
destruct v2;
simpl in *;
try (
rewrite UNDEF;
auto).
destruct v3;
try (
rewrite UNDEF;
auto).
erewrite B;
eauto.
-
InvEval.
subst va.
exploit (
EXEC (
vb ::
le) (
lift h1) (
lift l1)
(
Eop Ohighlong (
Eletvar 0 :::
Enil)) (
Eop Olowlong (
Eletvar 0 :::
Enil))).
EvalOp.
EvalOp.
EvalOp.
EvalOp.
intros [
v [
A B]].
exists v;
split.
econstructor;
eauto.
destruct v1;
simpl in *;
try (
rewrite UNDEF;
auto).
destruct v0;
try (
rewrite UNDEF;
auto).
destruct vb;
try (
rewrite UNDEF;
auto).
erewrite B;
simpl;
eauto.
rewrite Int64.ofwords_recompose.
auto.
-
InvEval.
subst vb.
exploit (
EXEC (
va ::
le)
(
Eop Ohighlong (
Eletvar 0 :::
Enil)) (
Eop Olowlong (
Eletvar 0 :::
Enil))
(
lift h2) (
lift l2)).
EvalOp.
EvalOp.
EvalOp.
EvalOp.
intros [
v [
A B]].
exists v;
split.
econstructor;
eauto.
destruct va;
try (
rewrite UNDEF;
auto).
destruct v1;
simpl in *;
try (
rewrite UNDEF;
auto).
destruct v0;
try (
rewrite UNDEF;
auto).
erewrite B;
simpl;
eauto.
rewrite Int64.ofwords_recompose.
auto.
-
exploit (
EXEC (
vb ::
va ::
le)
(
Eop Ohighlong (
Eletvar 1 :::
Enil)) (
Eop Olowlong (
Eletvar 1 :::
Enil))
(
Eop Ohighlong (
Eletvar 0 :::
Enil)) (
Eop Olowlong (
Eletvar 0 :::
Enil))).
EvalOp.
EvalOp.
EvalOp.
EvalOp.
intros [
v [
A B]].
exists v;
split.
EvalOp.
destruct va;
try (
rewrite UNDEF;
auto);
destruct vb;
try (
rewrite UNDEF;
auto).
erewrite B;
simpl;
eauto.
rewrite !
Int64.ofwords_recompose;
auto.
Qed.
Lemma eval_splitlong2_strict:
forall le a b f va vb v,
eval_expr ge sp e m le a (
Vlong va) ->
eval_expr ge sp e m le b (
Vlong vb) ->
(
forall le a1 a2 b1 b2,
eval_expr ge sp e m le a1 (
Vint (
Int64.hiword va)) ->
eval_expr ge sp e m le a2 (
Vint (
Int64.loword va)) ->
eval_expr ge sp e m le b1 (
Vint (
Int64.hiword vb)) ->
eval_expr ge sp e m le b2 (
Vint (
Int64.loword vb)) ->
eval_expr ge sp e m le (
f a1 a2 b1 b2)
v) ->
eval_expr ge sp e m le (
splitlong2 a b f)
v.
Proof.
assert (
INV:
forall v1 v2 n,
Val.longofwords v1 v2 =
Vlong n ->
v1 =
Vint(
Int64.hiword n) /\
v2 =
Vint(
Int64.loword n)).
{
intros.
destruct v1;
simpl in H;
try discriminate.
destruct v2;
inv H.
rewrite Int64.hi_ofwords;
rewrite Int64.lo_ofwords;
auto.
}
intros until v.
unfold splitlong2.
case (
splitlong2_match a b);
intros.
-
InvEval.
exploit INV.
eexact H.
intros [
EQ1 EQ2].
exploit INV.
eexact H0.
intros [
EQ3 EQ4].
subst.
auto.
-
InvEval.
exploit INV;
eauto.
intros [
EQ1 EQ2].
subst.
econstructor.
eauto.
apply H1;
EvalOp.
-
InvEval.
exploit INV;
eauto.
intros [
EQ1 EQ2].
subst.
econstructor.
eauto.
apply H1;
EvalOp.
-
EvalOp.
apply H1;
EvalOp.
Qed.
Lemma is_longconst_sound:
forall le a x n,
is_longconst a =
Some n ->
eval_expr ge sp e m le a x ->
x =
Vlong n.
Proof.
unfold is_longconst;
intros until n;
intros LC.
destruct (
is_longconst_match a);
intros.
inv LC.
InvEval.
simpl in H5.
inv H5.
auto.
discriminate.
Qed.
Lemma is_longconst_zero_sound:
forall le a x,
is_longconst_zero a =
true ->
eval_expr ge sp e m le a x ->
x =
Vlong Int64.zero.
Proof.
Lemma eval_lowlong:
unary_constructor_sound lowlong Val.loword.
Proof.
unfold lowlong;
red.
intros until x.
destruct (
lowlong_match a);
intros.
InvEval.
subst x.
exists v0;
split;
auto.
destruct v1;
simpl;
auto.
destruct v0;
simpl;
auto.
rewrite Int64.lo_ofwords.
auto.
exists (
Val.loword x);
split;
auto.
EvalOp.
Qed.
Lemma eval_highlong:
unary_constructor_sound highlong Val.hiword.
Proof.
unfold highlong;
red.
intros until x.
destruct (
highlong_match a);
intros.
InvEval.
subst x.
exists v1;
split;
auto.
destruct v1;
simpl;
auto.
destruct v0;
simpl;
auto.
rewrite Int64.hi_ofwords.
auto.
exists (
Val.hiword x);
split;
auto.
EvalOp.
Qed.
Lemma eval_longconst:
forall le n,
eval_expr ge sp e m le (
longconst n) (
Vlong n).
Proof.
Theorem eval_intoflong:
unary_constructor_sound intoflong Val.loword.
Proof eval_lowlong.
Theorem eval_longofintu:
unary_constructor_sound longofintu Val.longofintu.
Proof.
Theorem eval_longofint:
unary_constructor_sound longofint Val.longofint.
Proof.
Theorem eval_negl:
unary_constructor_sound negl Val.negl.
Proof.
Theorem eval_notl:
unary_constructor_sound notl Val.notl.
Proof.
Theorem eval_longoffloat:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.longoffloat x =
Some y ->
exists v,
eval_expr ge sp e m le (
longoffloat hf a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_longuoffloat:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.longuoffloat x =
Some y ->
exists v,
eval_expr ge sp e m le (
longuoffloat hf a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_floatoflong:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.floatoflong x =
Some y ->
exists v,
eval_expr ge sp e m le (
floatoflong hf a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_floatoflongu:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.floatoflongu x =
Some y ->
exists v,
eval_expr ge sp e m le (
floatoflongu hf a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_longofsingle:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.longofsingle x =
Some y ->
exists v,
eval_expr ge sp e m le (
longofsingle hf a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_longuofsingle:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.longuofsingle x =
Some y ->
exists v,
eval_expr ge sp e m le (
longuofsingle hf a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_singleoflong:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.singleoflong x =
Some y ->
exists v,
eval_expr ge sp e m le (
singleoflong hf a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_singleoflongu:
forall le a x y,
eval_expr ge sp e m le a x ->
Val.singleoflongu x =
Some y ->
exists v,
eval_expr ge sp e m le (
singleoflongu hf a)
v /\
Val.lessdef y v.
Proof.
Theorem eval_andl:
binary_constructor_sound andl Val.andl.
Proof.
red;
intros.
unfold andl.
apply eval_splitlong2;
auto.
intros.
exploit eval_and.
eexact H1.
eexact H3.
intros [
va [
A B]].
exploit eval_and.
eexact H2.
eexact H4.
intros [
vb [
C D]].
exists (
Val.longofwords va vb);
split.
EvalOp.
intros;
subst.
simpl in B;
inv B.
simpl in D;
inv D.
simpl.
f_equal.
rewrite Int64.decompose_and.
auto.
destruct x;
auto.
destruct y;
auto.
Qed.
Theorem eval_orl:
binary_constructor_sound orl Val.orl.
Proof.
red;
intros.
unfold orl.
apply eval_splitlong2;
auto.
intros.
exploit eval_or.
eexact H1.
eexact H3.
intros [
va [
A B]].
exploit eval_or.
eexact H2.
eexact H4.
intros [
vb [
C D]].
exists (
Val.longofwords va vb);
split.
EvalOp.
intros;
subst.
simpl in B;
inv B.
simpl in D;
inv D.
simpl.
f_equal.
rewrite Int64.decompose_or.
auto.
destruct x;
auto.
destruct y;
auto.
Qed.
Theorem eval_xorl:
binary_constructor_sound xorl Val.xorl.
Proof.
red;
intros.
unfold xorl.
apply eval_splitlong2;
auto.
intros.
exploit eval_xor.
eexact H1.
eexact H3.
intros [
va [
A B]].
exploit eval_xor.
eexact H2.
eexact H4.
intros [
vb [
C D]].
exists (
Val.longofwords va vb);
split.
EvalOp.
intros;
subst.
simpl in B;
inv B.
simpl in D;
inv D.
simpl.
f_equal.
rewrite Int64.decompose_xor.
auto.
destruct x;
auto.
destruct y;
auto.
Qed.
Lemma is_intconst_sound:
forall le a x n,
is_intconst a =
Some n ->
eval_expr ge sp e m le a x ->
x =
Vint n.
Proof.
unfold is_intconst;
intros until n;
intros LC.
destruct a;
try discriminate.
destruct o;
try discriminate.
destruct e0;
try discriminate.
inv LC.
intros.
InvEval.
auto.
Qed.
Remark eval_shift_imm:
forall (
P:
expr ->
Prop)
n a0 a1 a2 a3,
(
n =
Int.zero ->
P a0) ->
(0 <=
Int.unsigned n <
Int.zwordsize ->
Int.ltu n Int.iwordsize =
true ->
Int.ltu (
Int.sub Int.iwordsize n)
Int.iwordsize =
true ->
Int.ltu n Int64.iwordsize' =
true ->
P a1) ->
(
Int.zwordsize <=
Int.unsigned n <
Int64.zwordsize ->
Int.ltu (
Int.sub n Int.iwordsize)
Int.iwordsize =
true ->
P a2) ->
P a3 ->
P (
if Int.eq n Int.zero then a0
else if Int.ltu n Int.iwordsize then a1
else if Int.ltu n Int64.iwordsize'
then a2
else a3).
Proof.
Lemma eval_shllimm:
forall n,
unary_constructor_sound (
fun e =>
shllimm hf e n) (
fun v =>
Val.shll v (
Vint n)).
Proof.
Theorem eval_shll:
binary_constructor_sound (
shll hf)
Val.shll.
Proof.
Lemma eval_shrluimm:
forall n,
unary_constructor_sound (
fun e =>
shrluimm hf e n) (
fun v =>
Val.shrlu v (
Vint n)).
Proof.
Theorem eval_shrlu:
binary_constructor_sound (
shrlu hf)
Val.shrlu.
Proof.
Lemma eval_shrlimm:
forall n,
unary_constructor_sound (
fun e =>
shrlimm hf e n) (
fun v =>
Val.shrl v (
Vint n)).
Proof.
Theorem eval_shrl:
binary_constructor_sound (
shrl hf)
Val.shrl.
Proof.
Theorem eval_addl:
binary_constructor_sound addl Val.addl.
Proof.
Theorem eval_subl:
binary_constructor_sound subl Val.subl.
Proof.
Lemma eval_mull_base:
binary_constructor_sound mull_base Val.mull.
Proof.
Lemma eval_mullimm:
forall n,
unary_constructor_sound (
fun a =>
mullimm hf a n) (
fun v =>
Val.mull v (
Vlong n)).
Proof.
Theorem eval_mull:
binary_constructor_sound (
mull hf)
Val.mull.
Proof.
Lemma eval_binop_long:
forall id name sem le a b x y z,
(
forall p q,
x =
Vlong p ->
y =
Vlong q ->
z =
Vlong (
sem p q)) ->
helper_declared ge id name sig_ll_l ->
external_implements name sig_ll_l (
x::
y::
nil)
z ->
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
exists v,
eval_expr ge sp e m le (
binop_long id sem a b)
v /\
Val.lessdef z v.
Proof.
Theorem eval_divl:
forall le a b x y z,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
Val.divls x y =
Some z ->
exists v,
eval_expr ge sp e m le (
divl hf a b)
v /\
Val.lessdef z v.
Proof.
Theorem eval_modl:
forall le a b x y z,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
Val.modls x y =
Some z ->
exists v,
eval_expr ge sp e m le (
modl hf a b)
v /\
Val.lessdef z v.
Proof.
Theorem eval_divlu:
forall le a b x y z,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
Val.divlu x y =
Some z ->
exists v,
eval_expr ge sp e m le (
divlu hf a b)
v /\
Val.lessdef z v.
Proof.
Theorem eval_modlu:
forall le a b x y z,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
Val.modlu x y =
Some z ->
exists v,
eval_expr ge sp e m le (
modlu hf a b)
v /\
Val.lessdef z v.
Proof.
Remark decompose_cmpl_eq_zero:
forall h l,
Int64.eq (
Int64.ofwords h l)
Int64.zero =
Int.eq (
Int.or h l)
Int.zero.
Proof.
Lemma eval_cmpl_eq_zero:
forall le a x,
eval_expr ge sp e m le a (
Vlong x) ->
eval_expr ge sp e m le (
cmpl_eq_zero a) (
Val.of_bool (
Int64.eq x Int64.zero)).
Proof.
Lemma eval_cmpl_ne_zero:
forall le a x,
eval_expr ge sp e m le a (
Vlong x) ->
eval_expr ge sp e m le (
cmpl_ne_zero a) (
Val.of_bool (
negb (
Int64.eq x Int64.zero))).
Proof.
Lemma eval_cmplu_gen:
forall ch cl a b le x y,
eval_expr ge sp e m le a (
Vlong x) ->
eval_expr ge sp e m le b (
Vlong y) ->
eval_expr ge sp e m le (
cmplu_gen ch cl a b)
(
Val.of_bool (
if Int.eq (
Int64.hiword x) (
Int64.hiword y)
then Int.cmpu cl (
Int64.loword x) (
Int64.loword y)
else Int.cmpu ch (
Int64.hiword x) (
Int64.hiword y))).
Proof.
Remark int64_eq_xor:
forall p q,
Int64.eq p q =
Int64.eq (
Int64.xor p q)
Int64.zero.
Proof.
Theorem eval_cmplu:
forall c le a x b y v,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
Val.cmplu c x y =
Some v ->
eval_expr ge sp e m le (
cmplu c a b)
v.
Proof.
Lemma eval_cmpl_gen:
forall ch cl a b le x y,
eval_expr ge sp e m le a (
Vlong x) ->
eval_expr ge sp e m le b (
Vlong y) ->
eval_expr ge sp e m le (
cmpl_gen ch cl a b)
(
Val.of_bool (
if Int.eq (
Int64.hiword x) (
Int64.hiword y)
then Int.cmpu cl (
Int64.loword x) (
Int64.loword y)
else Int.cmp ch (
Int64.hiword x) (
Int64.hiword y))).
Proof.
Remark decompose_cmpl_lt_zero:
forall h l,
Int64.lt (
Int64.ofwords h l)
Int64.zero =
Int.lt h Int.zero.
Proof.
Theorem eval_cmpl:
forall c le a x b y v,
eval_expr ge sp e m le a x ->
eval_expr ge sp e m le b y ->
Val.cmpl c x y =
Some v ->
eval_expr ge sp e m le (
cmpl c a b)
v.
Proof.
End CMCONSTR.