Commit c25c68c1 authored by Marc Schoolderman's avatar Marc Schoolderman
Browse files

a version based on range types; this produces larger smt2 input but seems to...

a version based on range types; this produces larger smt2 input but seems to perform quite okay on schoolbook
parent a7386507
This diff is collapsed.
...@@ -26,8 +26,10 @@ use map.Map ...@@ -26,8 +26,10 @@ use map.Map
use int.EuclideanDivision use int.EuclideanDivision
use bv.Pow2int use bv.Pow2int
(*
lemma register_file_invariant_strengthen: lemma register_file_invariant_strengthen:
forall m: map int int. (forall i. 0 <= m[i] < 256) -> (forall i j. 0 <= m[i]*m[j] <= 255*255) forall m: map int int. (forall i. 0 <= m[i] < 256) -> (forall i j. 0 <= m[i]*m[j] <= 255*255)
*)
lemma pow_split: forall k. k >= 0 -> pow2 (2*k) = pow2 k*pow2 k lemma pow_split: forall k. k >= 0 -> pow2 (2*k) = pow2 k*pow2 k
...@@ -38,10 +40,14 @@ module KaratAvr ...@@ -38,10 +40,14 @@ module KaratAvr
use int.Int use int.Int
use int.EuclideanDivision use int.EuclideanDivision
use bv.Pow2int use bv.Pow2int
use avrmodel.AVRint use avrmodel_alt.AVRbyte
use AvrModelLemmas use AvrModelLemmas
use BV_asr_Lemmas use BV_asr_Lemmas
(*WIP: this replaces the above in case avrmodel_rng is used *)
lemma register_file_invariant_strengthen:
forall m: map int byte. (forall i j. 0 <= m[i]*m[j] <= 255*255)
let mul8 (): unit let mul8 (): unit
ensures { uint 2 reg 12 = old(uint 1 reg 3 * uint 1 reg 8) } ensures { uint 2 reg 12 = old(uint 1 reg 3 * uint 1 reg 8) }
= mul r3 r8; = mul r3 r8;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment