blob: 40bbef3567f3b17a1e263860c55dd447bc029a30 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
|
(*Generated by Lem from machine_word.lem.*)
open HolKernel Parse boolLib bossLib;
open lem_boolTheory lem_numTheory lem_basic_classesTheory lem_showTheory lem_functionTheory wordsTheory wordsLib bitstringTheory integer_wordTheory;
val _ = numLib.prefer_num();
val _ = new_theory "lem_machine_word"
(*open import Bool Num Basic_classes Show Function*)
(*open import {isabelle} `HOL-Word.Word`*)
(*open import {hol} `wordsTheory` `wordsLib` `bitstringTheory` `integer_wordTheory`*)
(*type mword 'a*)
(*class (Size 'a)
val size : nat
end*)
(*val native_size : forall 'a. nat*)
(*val ocaml_inject : forall 'a. nat * natural -> mword 'a*)
(* A singleton type family that can be used to carry a size as the type parameter *)
(*type itself 'a*)
(*val the_value : forall 'a. itself 'a*)
(*val size_itself : forall 'a. Size 'a => itself 'a -> nat*)
val _ = Define `
((size_itself:'a itself -> num) x= (dimindex (the_value : 'a itself)))`;
(*******************************************************************)
(* Fixed bitwidths extracted from Anthony's models. *)
(* *)
(* If you need a size N that is not included here, put the lines *)
(* *)
(* type tyN *)
(* instance (Size tyN) let size = N end *)
(* declare isabelle target_rep type tyN = `N` *)
(* declare hol target_rep type tyN = `N` *)
(* *)
(* in your project, replacing N in each line. *)
(*******************************************************************)
(*type ty1*)
(*type ty2*)
(*type ty3*)
(*type ty4*)
(*type ty5*)
(*type ty6*)
(*type ty7*)
(*type ty8*)
(*type ty9*)
(*type ty10*)
(*type ty11*)
(*type ty12*)
(*type ty13*)
(*type ty14*)
(*type ty15*)
(*type ty16*)
(*type ty17*)
(*type ty18*)
(*type ty19*)
(*type ty20*)
(*type ty21*)
(*type ty22*)
(*type ty23*)
(*type ty24*)
(*type ty25*)
(*type ty26*)
(*type ty27*)
(*type ty28*)
(*type ty29*)
(*type ty30*)
(*type ty31*)
(*type ty32*)
(*type ty33*)
(*type ty34*)
(*type ty35*)
(*type ty36*)
(*type ty37*)
(*type ty38*)
(*type ty39*)
(*type ty40*)
(*type ty41*)
(*type ty42*)
(*type ty43*)
(*type ty44*)
(*type ty45*)
(*type ty46*)
(*type ty47*)
(*type ty48*)
(*type ty49*)
(*type ty50*)
(*type ty51*)
(*type ty52*)
(*type ty53*)
(*type ty54*)
(*type ty55*)
(*type ty56*)
(*type ty57*)
(*type ty58*)
(*type ty59*)
(*type ty60*)
(*type ty61*)
(*type ty62*)
(*type ty63*)
(*type ty64*)
(*type ty65*)
(*type ty66*)
(*type ty67*)
(*type ty68*)
(*type ty69*)
(*type ty70*)
(*type ty71*)
(*type ty72*)
(*type ty73*)
(*type ty74*)
(*type ty75*)
(*type ty76*)
(*type ty77*)
(*type ty78*)
(*type ty79*)
(*type ty80*)
(*type ty81*)
(*type ty82*)
(*type ty83*)
(*type ty84*)
(*type ty85*)
(*type ty86*)
(*type ty87*)
(*type ty88*)
(*type ty89*)
(*type ty90*)
(*type ty91*)
(*type ty92*)
(*type ty93*)
(*type ty94*)
(*type ty95*)
(*type ty96*)
(*type ty97*)
(*type ty98*)
(*type ty99*)
(*type ty100*)
(*type ty101*)
(*type ty102*)
(*type ty103*)
(*type ty104*)
(*type ty105*)
(*type ty106*)
(*type ty107*)
(*type ty108*)
(*type ty109*)
(*type ty110*)
(*type ty111*)
(*type ty112*)
(*type ty113*)
(*type ty114*)
(*type ty115*)
(*type ty116*)
(*type ty117*)
(*type ty118*)
(*type ty119*)
(*type ty120*)
(*type ty121*)
(*type ty122*)
(*type ty123*)
(*type ty124*)
(*type ty125*)
(*type ty126*)
(*type ty127*)
(*type ty128*)
(*type ty129*)
(*type ty130*)
(*type ty131*)
(*type ty132*)
(*type ty133*)
(*type ty134*)
(*type ty135*)
(*type ty136*)
(*type ty137*)
(*type ty138*)
(*type ty139*)
(*type ty140*)
(*type ty141*)
(*type ty142*)
(*type ty143*)
(*type ty144*)
(*type ty145*)
(*type ty146*)
(*type ty147*)
(*type ty148*)
(*type ty149*)
(*type ty150*)
(*type ty151*)
(*type ty152*)
(*type ty153*)
(*type ty154*)
(*type ty155*)
(*type ty156*)
(*type ty157*)
(*type ty158*)
(*type ty159*)
(*type ty160*)
(*type ty161*)
(*type ty162*)
(*type ty163*)
(*type ty164*)
(*type ty165*)
(*type ty166*)
(*type ty167*)
(*type ty168*)
(*type ty169*)
(*type ty170*)
(*type ty171*)
(*type ty172*)
(*type ty173*)
(*type ty174*)
(*type ty175*)
(*type ty176*)
(*type ty177*)
(*type ty178*)
(*type ty179*)
(*type ty180*)
(*type ty181*)
(*type ty182*)
(*type ty183*)
(*type ty184*)
(*type ty185*)
(*type ty186*)
(*type ty187*)
(*type ty188*)
(*type ty189*)
(*type ty190*)
(*type ty191*)
(*type ty192*)
(*type ty193*)
(*type ty194*)
(*type ty195*)
(*type ty196*)
(*type ty197*)
(*type ty198*)
(*type ty199*)
(*type ty200*)
(*type ty201*)
(*type ty202*)
(*type ty203*)
(*type ty204*)
(*type ty205*)
(*type ty206*)
(*type ty207*)
(*type ty208*)
(*type ty209*)
(*type ty210*)
(*type ty211*)
(*type ty212*)
(*type ty213*)
(*type ty214*)
(*type ty215*)
(*type ty216*)
(*type ty217*)
(*type ty218*)
(*type ty219*)
(*type ty220*)
(*type ty221*)
(*type ty222*)
(*type ty223*)
(*type ty224*)
(*type ty225*)
(*type ty226*)
(*type ty227*)
(*type ty228*)
(*type ty229*)
(*type ty230*)
(*type ty231*)
(*type ty232*)
(*type ty233*)
(*type ty234*)
(*type ty235*)
(*type ty236*)
(*type ty237*)
(*type ty238*)
(*type ty239*)
(*type ty240*)
(*type ty241*)
(*type ty242*)
(*type ty243*)
(*type ty244*)
(*type ty245*)
(*type ty246*)
(*type ty247*)
(*type ty248*)
(*type ty249*)
(*type ty250*)
(*type ty251*)
(*type ty252*)
(*type ty253*)
(*type ty254*)
(*type ty255*)
(*type ty256*)
(*type ty257*)
(*val word_length : forall 'a. mword 'a -> nat*)
(******************************************************************)
(* Conversions *)
(******************************************************************)
(*val signedIntegerFromWord : forall 'a. mword 'a -> integer*)
(*val unsignedIntegerFromWord : forall 'a. mword 'a -> integer*)
(* Version without typeclass constraint so that we can derive operations
in Lem for one of the theorem provers without requiring it. *)
(*val proverWordFromInteger : forall 'a. integer -> mword 'a*)
(*val wordFromInteger : forall 'a. Size 'a => integer -> mword 'a*)
(* The OCaml version is defined after the arithmetic operations, below. *)
(*val naturalFromWord : forall 'a. mword 'a -> natural*)
(*val wordFromNatural : forall 'a. Size 'a => natural -> mword 'a*)
(*val wordToHex : forall 'a. mword 'a -> string*)
val _ = Define `
((instance_Show_Show_Machine_word_mword_dict:('a words$word)Show_class)= (<|
show_method := words$word_to_hex_string|>))`;
(*val wordFromBitlist : forall 'a. Size 'a => list bool -> mword 'a*)
(*val bitlistFromWord : forall 'a. mword 'a -> list bool*)
(*val size_test_fn : forall 'a. Size 'a => mword 'a -> nat*)
val _ = Define `
((size_test_fn:'a words$word -> num) _= (dimindex (the_value : 'a itself)))`;
(******************************************************************)
(* Comparisons *)
(******************************************************************)
(*val mwordEq : forall 'a. mword 'a -> mword 'a -> bool*)
(*val signedLess : forall 'a. mword 'a -> mword 'a -> bool*)
(*val signedLessEq : forall 'a. mword 'a -> mword 'a -> bool*)
(*val unsignedLess : forall 'a. mword 'a -> mword 'a -> bool*)
(*val unsignedLessEq : forall 'a. mword 'a -> mword 'a -> bool*)
(* Comparison tests are below, after the definition of wordFromInteger *)
(******************************************************************)
(* Appending, splitting and probing words *)
(******************************************************************)
(*val word_concat : forall 'a 'b 'c. mword 'a -> mword 'b -> mword 'c*)
(* Note that we assume the result type has the correct size, especially
for Isabelle. *)
(*val word_extract : forall 'a 'b. nat -> nat -> mword 'a -> mword 'b*)
(* Needs to be in the prover because we'd end up with unknown sizes in the
types in Lem.
*)
(*val word_update : forall 'a 'b. mword 'a -> nat -> nat -> mword 'b -> mword 'a*)
(*val setBit : forall 'a. mword 'a -> nat -> bool -> mword 'a*)
(*val getBit : forall 'a. mword 'a -> nat -> bool*)
(*val msb : forall 'a. mword 'a -> bool*)
(*val lsb : forall 'a. mword 'a -> bool*)
(******************************************************************)
(* Bitwise operations, shifts, etc. *)
(******************************************************************)
(*val shiftLeft : forall 'a. mword 'a -> nat -> mword 'a*)
(*val shiftRight : forall 'a. mword 'a -> nat -> mword 'a*)
(*val arithShiftRight : forall 'a. mword 'a -> nat -> mword 'a*)
(*val lAnd : forall 'a. mword 'a -> mword 'a -> mword 'a*)
(*val lOr : forall 'a. mword 'a -> mword 'a -> mword 'a*)
(*val lXor : forall 'a. mword 'a -> mword 'a -> mword 'a*)
(*val lNot : forall 'a. mword 'a -> mword 'a*)
(*val rotateRight : forall 'a. nat -> mword 'a -> mword 'a*)
(*val rotateLeft : forall 'a. nat -> mword 'a -> mword 'a*)
(*val zeroExtend : forall 'a 'b. Size 'b => mword 'a -> mword 'b*)
(*val signExtend : forall 'a 'b. Size 'b => mword 'a -> mword 'b*)
(* Sign extension tests are below, after the definition of wordFromInteger *)
(*****************************************************************)
(* Arithmetic *)
(*****************************************************************)
(*val plus : forall 'a. mword 'a -> mword 'a -> mword 'a*)
(*val minus : forall 'a. mword 'a -> mword 'a -> mword 'a*)
(*val uminus : forall 'a. mword 'a -> mword 'a*)
(*val times : forall 'a. mword 'a -> mword 'a -> mword 'a*)
(*val unsignedDivide : forall 'a. mword 'a -> mword 'a -> mword 'a*)
(*val signedDivide : forall 'a. mword 'a -> mword 'a -> mword 'a*)
(*val modulo : forall 'a. mword 'a -> mword 'a -> mword 'a*)
val _ = export_theory()
|
