Commit 54e2d69c by Marc Schoolderman

checked the result with alt-ergo 0.99.1, removing reliance on buggy 1.01-1.30 range,

`to validate that the result of the original paper is still solid`
 ... @@ -18,7 +18,7 @@ https://gitlab.science.ru.nl/sovereign/why3-avr/tree/master ... @@ -18,7 +18,7 @@ https://gitlab.science.ru.nl/sovereign/why3-avr/tree/master The proofs were developed using Why3 0.87.3; as well as the following theorem provers: The proofs were developed using Why3 0.87.3; as well as the following theorem provers: * Alt-Ergo 1.01 * Alt-Ergo 0.99.1 * CVC3 2.4.1 * CVC3 2.4.1 * CVC4 1.4 * CVC4 1.4 * Eprover 1.8 * Eprover 1.8 ... ...
 ... @@ -2,12 +2,12 @@ ... @@ -2,12 +2,12 @@ "http://why3.lri.fr/why3session.dtd"> ... @@ -99,10 +99,10 @@ ... @@ -99,10 +99,10 @@ ... ...
 ... @@ -3,17 +3,17 @@ ... @@ -3,17 +3,17 @@ "http://why3.lri.fr/why3session.dtd"> "http://why3.lri.fr/why3session.dtd"> ... @@ -37,40 +37,40 @@ ... @@ -37,40 +37,40 @@ ... @@ -79,33 +79,33 @@ ... @@ -79,33 +79,33 @@ ... @@ -116,8 +116,8 @@ ... @@ -116,8 +116,8 @@ ... ...
 ... @@ -1428,6 +1428,8 @@ let mul (dst src: register): unit ... @@ -1428,6 +1428,8 @@ let mul (dst src: register): unit ensures { let p = old (reg[src]*reg[dst]) in ?cf = div p (pow2 15) } ensures { let p = old (reg[src]*reg[dst]) in ?cf = div p (pow2 15) } = let prod = BV8.to_uint (M.get reg.data dst)*BV8.to_uint (M.get reg.data src) in = let prod = BV8.to_uint (M.get reg.data dst)*BV8.to_uint (M.get reg.data src) in reg.data <- M.set (M.set reg.data 0 (BV8.of_int (mod prod 256))) 1 (BV8.of_int (div prod 256)); reg.data <- M.set (M.set reg.data 0 (BV8.of_int (mod prod 256))) 1 (BV8.of_int (div prod 256)); assert { prod < 0x10000 }; assert { div prod (pow2 15) = 0 \/ div prod (pow2 15) = 1 }; cf.value <- (div prod (pow2 15) <> 0); cf.value <- (div prod (pow2 15) <> 0); () () ... ...
