1 (**************************************************************************)
4 (* ||A|| A project by Andrea Asperti *)
6 (* ||I|| Developers: *)
7 (* ||T|| The HELM team. *)
8 (* ||A|| http://helm.cs.unibo.it *)
10 (* \ / This file is distributed under the terms of the *)
11 (* v GNU General Public License Version 2 *)
13 (**************************************************************************)
15 (* ********************************************************************** *)
16 (* Progetto FreeScale *)
19 (* Cosimo Oliboni, oliboni@cs.unibo.it *)
21 (* Questo materiale fa parte della tesi: *)
22 (* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *)
24 (* data ultima modifica 15/11/2007 *)
25 (* ********************************************************************** *)
27 include "freescale/medium_tests_lemmas.ma".
29 (* ************************ *)
30 (* HCS08GB60 String Reverse *)
31 (* ************************ *)
33 (* versione ridotta, in cui non si riazzerano gli elementi di counters *)
34 definition dTest_HCS08_sReverse_source : word16 → (list byte8) ≝
36 let m ≝ HCS08 in source_to_byte8 m (
37 (* BEFORE: A=0x00 H:X=0x0D4B SP=0x0D4A PC=0x18E0 Z=true *)
39 (* static unsigned char dati[3072]={...};
41 void swap(unsigned char *a, unsigned char *b)
42 { unsigned char tmp=*a; *a=*b; *b=tmp; return; } *)
44 (* [0x18C8] allineamento *) (compile m ? NOP maINH I) @
46 (* argomenti: HX e [0x0D49-A], passaggio ibrido reg, stack *)
47 (* [0x18C9] PSHX *) (compile m ? PSHX maINH I) @
48 (* [0x18CA] PSHH *) (compile m ? PSHH maINH I) @
49 (* [0x18CB] LDHX 5,SP *) (compile m ? LDHX (maSP1 〈x0,x5〉) I) @
50 (* [0x18CE] LDA ,X *) (compile m ? LDA maIX0 I) @
51 (* [0x18CF] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
52 (* [0x18D2] PSHA *) (compile m ? PSHA maINH I) @
53 (* [0x18D3] LDA ,X *) (compile m ? LDA maIX0 I) @
54 (* [0x18D4] LDHX 6,SP *) (compile m ? LDHX (maSP1 〈x0,x6〉) I) @
55 (* [0x18D7] STA ,X *) (compile m ? STA maIX0 I) @
56 (* [0x18D8] LDHX 2,SP *) (compile m ? LDHX (maSP1 〈x0,x2〉) I) @
57 (* [0x18DB] PULA *) (compile m ? PULA maINH I) @
58 (* [0x18DC] STA ,X *) (compile m ? STA maIX0 I) @
59 (* [0x18DD] AIS #2 *) (compile m ? AIS (maIMM1 〈x0,x2〉) I) @
60 (* [0x18DF] RTS *) (compile m ? RTS maINH I) @
64 unsigned int pos=0,limit=0;
66 for(limit=3072;pos<(limit/2);pos++)
67 { swap(&dati[pos],&dati[limit-pos-1]); } *)
69 (* [0x18E0] LDHX #elems *) (compile m ? LDHX (maIMM2 elems) I) @
70 (* [0x18E3] STHX 4,SP *) (compile m ? STHX (maSP1 〈x0,x4〉) I) @
71 (* [0x18E6] BRA *+52 ; 191A *) (compile m ? BRA (maIMM1 〈x3,x2〉) I) @
72 (* [0x18E8] TSX *) (compile m ? TSX maINH I) @
73 (* [0x18E9] LDA 2,X *) (compile m ? LDA (maIX1 〈x0,x2〉) I) @
74 (* [0x18EB] ADD #0x00 *) (compile m ? ADD (maIMM1 〈x0,x0〉) I) @
75 (* [0x18ED] PSHA *) (compile m ? PSHA maINH I) @
76 (* [0x18EE] LDA 1,X *) (compile m ? LDA (maIX1 〈x0,x1〉) I) @
77 (* [0x18F0] ADC #0x01 *) (compile m ? ADC (maIMM1 〈x0,x1〉) I) @
78 (* [0x18F2] PSHA *) (compile m ? PSHA maINH I) @
79 (* [0x18F3] LDA 4,X *) (compile m ? LDA (maIX1 〈x0,x4〉) I) @
80 (* [0x18F5] SUB 2,X *) (compile m ? SUB (maIX1 〈x0,x2〉) I) @
81 (* [0x18F7] STA ,X *) (compile m ? STA maIX0 I) @
82 (* [0x18F8] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @
83 (* [0x18FA] SBC 1,X *) (compile m ? SBC (maIX1 〈x0,x1〉) I) @
84 (* [0x18FC] PSHA *) (compile m ? PSHA maINH I) @
85 (* [0x18FD] LDX ,X *) (compile m ? LDX maIX0 I) @
86 (* [0x18FE] PULH *) (compile m ? PULH maINH I) @
87 (* [0x18FF] AIX #-1 *) (compile m ? AIX (maIMM1 〈xF,xF〉) I) @
88 (* [0x1901] TXA *) (compile m ? TXA maINH I) @
89 (* [0x1902] ADD #0x00 *) (compile m ? ADD (maIMM1 〈x0,x0〉) I) @
90 (* [0x1904] PSHH *) (compile m ? PSHH maINH I) @
91 (* [0x1905] TSX *) (compile m ? TSX maINH I) @
92 (* [0x1906] STA 3,X *) (compile m ? STA (maIX1 〈x0,x3〉) I) @
93 (* [0x1908] PULA *) (compile m ? PULA maINH I) @
94 (* [0x1909] ADC #0x01 *) (compile m ? ADC (maIMM1 〈x0,x1〉) I) @
95 (* [0x190B] LDX 3,X *) (compile m ? LDX (maIX1 〈x0,x3〉) I) @
96 (* [0x190D] PSHA *) (compile m ? PSHA maINH I) @
97 (* [0x190E] PULH *) (compile m ? PULH maINH I) @
98 (* [0x190F] BSR *-70 ; 18C9 *) (compile m ? BSR (maIMM1 〈xB,x8〉) I) @
99 (* [0x1911] AIS #2 *) (compile m ? AIS (maIMM1 〈x0,x2〉) I) @
100 (* [0x1913] TSX *) (compile m ? TSX maINH I) @
101 (* [0x1914] INC 2,X *) (compile m ? INC (maIX1 〈x0,x2〉) I) @
102 (* [0x1916] BNE *+4 ; 191A *) (compile m ? BNE (maIMM1 〈x0,x2〉) I) @
103 (* [0x1918] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @
104 (* [0x191A] TSX *) (compile m ? TSX maINH I) @
105 (* [0x191B] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @
106 (* [0x191D] PSHA *) (compile m ? PSHA maINH I) @
107 (* [0x191E] PULH *) (compile m ? PULH maINH I) @
108 (* [0x191F] LSRA *) (compile m ? LSR maINHA I) @
109 (* [0x1920] TSX *) (compile m ? TSX maINH I) @
110 (* [0x1921] LDX 4,X *) (compile m ? LDX (maIX1 〈x0,x4〉) I) @
111 (* [0x1923] RORX *) (compile m ? ROR maINHX I) @
112 (* [0x1924] PSHA *) (compile m ? PSHA maINH I) @
113 (* [0x1925] PULH *) (compile m ? PULH maINH I) @
114 (* [0x1926] CPHX 2,SP *) (compile m ? CPHX (maSP1 〈x0,x2〉) I) @
115 (* [0x1929] BHI *-65 ; 18E8 *) (compile m ? BHI (maIMM1 〈xB,xD〉) I)
118 attraverso simulazione in CodeWarrior si puo' enunciare che dopo
119 42+79*n+5*(n>>9) ci sara' il reverse di n byte (PARI) e
123 (* creazione del processore+caricamento+impostazione registri *)
124 definition dTest_HCS08_sReverse_status ≝
130 set_acc_8_low_reg HCS08 t (* A<-A_op *)
131 (set_z_flag HCS08 t (* Z<-true *)
132 (setweak_sp_reg HCS08 t (* SP<-0x0D4A *)
133 (setweak_indX_16_reg HCS08 t (* H:X<-HX_op *)
134 (set_pc_reg HCS08 t (* PC<-0x18E0 *)
135 (start_of_mcu_version
137 (load_from_source_at t (* carica data in RAM:dTest_HCS08_RAM *)
138 (load_from_source_at t (zero_memory t) (* carica source in ROM:dTest_HCS08_prog *)
139 (dTest_HCS08_sReverse_source elems) dTest_HCS08_prog)
140 data dTest_HCS08_RAM)
141 (build_memory_type_of_mcu_version MC9S08GB60 t)
142 (mk_byte8 x0 x0) (mk_byte8 x0 x0) (* non deterministici tutti a 0 *)
143 false false false false false false) (* non deterministici tutti a 0 *)
144 (mk_word16 (mk_byte8 x1 x8) (mk_byte8 xE x0)))
146 (mk_word16 (mk_byte8 x0 xD) (mk_byte8 x4 xA)))
150 (* parametrizzazione dell'enunciato del teorema *)
151 (* primo sbozzo: confronto esecuzione con hexdump... *)
152 lemma dTest_HCS08_sReverse_dump_aux ≝
153 λt:memory_impl.λstring:list byte8.
154 (* 1) la stringa deve avere una lunghezza ∈ [0,3072] *)
155 (byte8_bounded_strlen string 〈〈x0,xC〉:〈x0,x0〉〉) ∧
156 (* 2) la stringa deve avere lunghezza pari *)
157 ((and_b8 (w16l (byte8_strlen string)) 〈x0,x1〉) = 〈x0,x0〉) ∧
158 (* 3) match di esecuzione su tempo in forma di tempo esatto *)
159 (match execute HCS08 t
160 (* parametri IN: t,H:X,strlen(string),string *)
161 (TickOK ? (dTest_HCS08_sReverse_status t 〈x0,x0〉 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen string) string))
162 (* tempo di esecuzione 42+79*n+5*(n>>9) *)
163 (42+79*(byte8_strlen string)+5*((byte8_strlen string)/512)) with
164 [ TickERR s _ ⇒ None ?
165 (* azzeramento tutta RAM tranne dati *)
166 | TickSUSP s _ ⇒ None ?
167 | TickOK s ⇒ Some ? (byte8_hexdump t (get_mem_desc HCS08 t s) dTest_HCS08_RAM (byte8_strlen string))
169 Some ? (byte8_reverse string)).
171 (* confronto esecuzione con hexdump... *)
173 lemma dTest_HCS08_sReverse_dump :
174 dTest_HCS08_sReverse_dump_aux MEM_TREE dTest_random_32.
175 unfold dTest_HCS08_sReverse_dump_aux;
177 [ split; [ normalize in ⊢ (%); autobatch ] reflexivity ]
182 (* parametrizzazione dell'enunciato del teorema *)
183 (* dimostrazione senza svolgimento degli stati *)
184 lemma dTest_HCS08_sReverse_aux ≝
185 λt:memory_impl.λstring:list byte8.
186 (* 1) la stringa deve avere una lunghezza ∈ [0,3072] *)
187 (byte8_bounded_strlen string 〈〈x0,xC〉:〈x0,x0〉〉) ∧
188 (* 2) la stringa deve avere lunghezza pari *)
189 ((and_b8 (w16l (byte8_strlen string)) 〈x0,x1〉) = 〈x0,x0〉) ∧
190 (* 3) match di esecuzione su tempo in forma di tempo esatto *)
191 (match execute HCS08 t
192 (* parametri IN: t,H:X,strlen(string),string *)
193 (TickOK ? (dTest_HCS08_sReverse_status t 〈x0,x0〉 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen string) string))
194 (* tempo di esecuzione 42+79*n+5*(n>>9) *)
195 (42+79*(byte8_strlen string)+5*((byte8_strlen string)/512)) with
196 [ TickERR s _ ⇒ None ?
197 (* azzeramento tutta RAM tranne dati *)
198 | TickSUSP s _ ⇒ None ?
199 | TickOK s ⇒ Some ? (set_mem_desc HCS08 t s (load_from_source_at t (get_mem_desc HCS08 t s) dTest_zeros 〈〈x0,xD〉:〈x0,x0〉〉))
201 Some ? (set_pc_reg HCS08 t
202 (dTest_HCS08_sReverse_status t (fst ?? (shr_b8 (w16h (byte8_strlen string)))) (fst ?? (shr_w16 (byte8_strlen string))) (byte8_strlen string) (byte8_reverse string))
203 (mk_word16 (mk_byte8 x1 x9) (mk_byte8 x2 xB)))).
206 lemma dTest_HCS08_sReverse :
207 dTest_HCS08_sReverse_aux MEM_TREE dTest_random_32.
208 unfold dTest_HCS08_sReverse_aux;
210 [ split; [ normalize in ⊢ (%); autobatch ] reflexivity ]
212 rewrite > (breakpoint HCS08 MEM_TREE (TickOK ? (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32)) 3 (39+79*byte8_strlen dTest_random_32+5*(byte8_strlen dTest_random_32/512))) in ⊢ (? ? match % in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?);
213 letin status0 ≝ (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32);
214 change in ⊢ (? ? match ? ? ? (? ? ? % ?) ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?) with
216 rewrite > (execute_HCS08_LDHX_maIMM2 MEM_TREE status0 〈x0,x0〉 〈x2,x0〉) in ⊢ (? ? match ? ? ? % ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?);
217 [ 2,3,4,5: reflexivity; ]
219 letin status1 ≝ (set_pc_reg HCS08 MEM_TREE (setweak_v_flag HCS08 MEM_TREE (setweak_n_flag HCS08 MEM_TREE (set_z_flag HCS08 MEM_TREE (set_alu HCS08 MEM_TREE (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32) (set_indX_16_reg_HC08 (alu HCS08 MEM_TREE (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32)) 〈〈x0,x0〉:〈x2,x0〉〉)) (eq_w16 〈〈x0,x0〉:〈x2,x0〉〉 〈〈x0,x0〉:〈x0,x0〉〉)) (MSB_w16 〈〈x0,x0〉:〈x2,x0〉〉)) false) (filtered_plus_w16 HCS08 MEM_TREE (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32) (get_pc_reg HCS08 MEM_TREE (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32)) 3));
220 change in ⊢ (? ? match ? ? ? % ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?) with (TickOK ? status1);
222 rewrite > (breakpoint HCS08 MEM_TREE (TickOK ? status1) 5 (34+79*byte8_strlen dTest_random_32+5*(byte8_strlen dTest_random_32/512))) in ⊢ (? ? match % in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?);
223 change in ⊢ (? ? match ? ? ? (? ? ? % ?) ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?) with (TickOK ? status1);
224 rewrite > (execute_HCS08_STHX_maSP1 status1 〈x0,x4〉)
225 in ⊢ (? ? match ? ? ? % ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?);
226 [ 2,3,4,5,6,7: reflexivity; ]
233 definition sReverseCalc ≝
235 match execute HCS08 MEM_TREE
236 (TickOK ? (dTest_HCS08_sReverse_status MEM_TREE 〈x0,x0〉 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen string) string))
237 (42+79*(byte8_strlen string)+5*((byte8_strlen string)/512)) with
238 [ TickERR s _ ⇒ None ?
239 | TickSUSP s _ ⇒ None ?
240 | TickOK s ⇒ Some ? (set_mem_desc HCS08 MEM_TREE s (load_from_source_at MEM_TREE (get_mem_desc HCS08 MEM_TREE s) dTest_zeros 〈〈x0,xD〉:〈x0,x0〉〉))
243 definition sReverseNoCalc ≝
245 Some ? (set_pc_reg HCS08 MEM_TREE
246 (dTest_HCS08_sReverse_status MEM_TREE (fst ?? (shr_b8 (w16h (byte8_strlen string))))
247 (fst ?? (shr_w16 (byte8_strlen string)))
248 (byte8_strlen string) (byte8_reverse string))
249 (mk_word16 (mk_byte8 x1 x9) (mk_byte8 x2 xB))).
251 definition sReverseCalc32 ≝ sReverseCalc dTest_random_32.
252 definition sReverseCalc64 ≝ sReverseCalc dTest_random_64.
253 definition sReverseCalc128 ≝ sReverseCalc dTest_random_128.
254 definition sReverseCalc256 ≝ sReverseCalc dTest_random_256.
255 definition sReverseCalc512 ≝ sReverseCalc dTest_random_512.
256 definition sReverseCalc1024 ≝ sReverseCalc dTest_random_1024.
257 definition sReverseCalc2048 ≝ sReverseCalc dTest_random_2048.
258 definition sReverseCalc3072 ≝ sReverseCalc dTest_random_3072.
260 definition sReverseNoCalc32 ≝ sReverseNoCalc dTest_random_32.
261 definition sReverseNoCalc64 ≝ sReverseNoCalc dTest_random_64.
262 definition sReverseNoCalc128 ≝ sReverseNoCalc dTest_random_128.
263 definition sReverseNoCalc256 ≝ sReverseNoCalc dTest_random_256.
264 definition sReverseNoCalc512 ≝ sReverseNoCalc dTest_random_512.
265 definition sReverseNoCalc1024 ≝ sReverseNoCalc dTest_random_1024.
266 definition sReverseNoCalc2048 ≝ sReverseNoCalc dTest_random_2048.
267 definition sReverseNoCalc3072 ≝ sReverseNoCalc dTest_random_3072.
269 (* *********************** *)
270 (* HCS08GB60 Counting Sort *)
271 (* *********************** *)
273 (* versione ridotta, in cui non si riazzerano gli elementi di counters *)
274 definition dTest_HCS08_cSort_source : word16 → (list byte8) ≝
276 let m ≝ HCS08 in source_to_byte8 m (
277 (* BEFORE: A=0x00 H:X=0x0F4C SP=0x0F4B PC=0x18C8 Z=true *)
279 (* /* IPOTESI: INIT VARIABILI+ARRAY GIA' ESEGUITO */
280 static unsigned int counters[256]={ campitura di 0 };
281 static unsigned char dati[3072]={ dati random };
283 void CountingSort(void)
285 unsigned int index=0,position=0; *)
287 (* /* TESI: CODICE DA ESEGUIRE
289 /* calcolo del # ripetizioni degli elementi byte */
290 for(;index<3072;index++)
291 { counters[dati[index]]++; } *)
293 (* [0x18C8] BRA *+31;18E7 *) (compile m ? BRA (maIMM1 〈x1,xD〉) I) @
294 (* [0x18CA] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
295 (* [0x18CD] LDA 256,X *) (compile m ? LDA (maIX2 〈〈x0,x1〉:〈x0,x0〉〉) I) @
296 (* [0x18D0] LSLA *) (compile m ? ASL maINHA I) @
297 (* [0x18D1] CLRX *) (compile m ? CLR maINHX I) @
298 (* [0x18D2] ROLX *) (compile m ? ROL maINHX I) @
299 (* [0x18D3] ADD #0x00 *) (compile m ? ADD (maIMM1 〈x0,x0〉) I) @
300 (* [0x18D5] PSHA *) (compile m ? PSHA maINH I) @
301 (* [0x18D6] TXA *) (compile m ? TXA maINH I) @
302 (* [0x18D7] ADC #0x0D *) (compile m ? ADC (maIMM1 〈x0,xD〉) I) @
303 (* [0x18D9] PSHA *) (compile m ? PSHA maINH I) @
304 (* [0x18DA] PULH *) (compile m ? PULH maINH I) @
305 (* [0x18DB] PULX *) (compile m ? PULX maINH I) @
306 (* [0x18DC] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @
307 (* [0x18DE] BNE *+3 *) (compile m ? BNE (maIMM1 〈x0,x1〉) I) @
308 (* [0x18E0] INC ,X *) (compile m ? INC maIX0 I) @
309 (* [0x18E1] TSX *) (compile m ? TSX maINH I) @
310 (* [0x18E2] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @
311 (* [0x18E4] BNE *+3 *) (compile m ? BNE (maIMM1 〈x0,x1〉) I) @
312 (* [0x18E6] INC ,X *) (compile m ? INC maIX0 I) @
313 (* [0x18E7] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
314 (* [0x18EA] CPHX #elems *) (compile m ? CPHX (maIMM2 elems) I) @ (* dimensione dei dati al massimo 0x0C00 *)
315 (* [0x18ED] BCS *-35;18CA *) (compile m ? BCS (maIMM1 〈xD,xB〉) I) @
317 (* /* sovrascrittura di dati per produrre la versione ordinata */
318 for(index=0;index<256;index++)
320 while(counters[index]--)
321 { dati[position++]=index; }
324 (* [0x18EF] TSX *) (compile m ? TSX maINH I) @
325 (* [0x18F0] CLR 1,X *) (compile m ? CLR (maIX1 〈x0,x1〉) I) @
326 (* [0x18F2] CLR ,X *) (compile m ? CLR maIX0 I) @
327 (* [0x18F3] BRA *+16 *) (compile m ? BRA (maIMM1 〈x0,xE〉) I) @
328 (* [0x18F5] TSX *) (compile m ? TSX maINH I) @
329 (* [0x18F6] LDA 1,X *) (compile m ? LDA (maIX1 〈x0,x1〉) I) @
330 (* [0x18F8] LDHX 3,SP *) (compile m ? LDHX (maSP1 〈x0,x3〉) I) @
331 (* [0x18FB] STA 256,X *) (compile m ? STA (maIX2 〈〈x0,x1〉:〈x0,x0〉〉) I) @
332 (* [0x18FE] AIX #1 *) (compile m ? AIX (maIMM1 〈x0,x1〉) I) @
333 (* [0x1900] STHX 3,SP *) (compile m ? STHX (maSP1 〈x0,x3〉) I) @
334 (* [0x1903] TSX *) (compile m ? TSX maINH I) @
335 (* [0x1904] LDX 1,X *) (compile m ? LDX (maIX1 〈x0,x1〉) I) @
336 (* [0x1906] LSLX *) (compile m ? ASL maINHX I) @
337 (* [0x1907] LDA 1,SP *) (compile m ? LDA (maSP1 〈x0,x1〉) I) @
338 (* [0x190A] ROLA *) (compile m ? ROL maINHA I) @
339 (* [0x190B] PSHA *) (compile m ? PSHA maINH I) @
340 (* [0x190C] PULH *) (compile m ? PULH maINH I) @
341 (* [0x190D] PSHX *) (compile m ? PSHX maINH I) @
342 (* [0x190E] LDHX 3328,X *) (compile m ? LDHX (maIX2 〈〈x0,xD〉:〈x0,x0〉〉) I) @
343 (* [0x1912] PSHX *) (compile m ? PSHX maINH I) @
344 (* [0x1913] PSHH *) (compile m ? PSHH maINH I) @
345 (* [0x1914] AIX #-1 *) (compile m ? AIX (maIMM1 〈xF,xF〉) I) @
346 (* [0x1916] PSHH *) (compile m ? PSHH maINH I) @
347 (* [0x1917] PSHA *) (compile m ? PSHA maINH I) @
348 (* [0x1918] PULH *) (compile m ? PULH maINH I) @
349 (* [0x1919] PSHX *) (compile m ? PSHX maINH I) @
350 (* [0x191A] LDX 5,SP *) (compile m ? LDX (maSP1 〈x0,x5〉) I) @
351 (* [0x191D] PULA *) (compile m ? PULA maINH I) @
352 (* [0x191E] STA 3329,X *) (compile m ? STA (maIX2 〈〈x0,xD〉:〈x0,x1〉〉) I) @
353 (* [0x1921] PULA *) (compile m ? PULA maINH I) @
354 (* [0x1922] STA 3328,X *) (compile m ? STA (maIX2 〈〈x0,xD〉:〈x0,x0〉〉) I) @
355 (* [0x1925] PULH *) (compile m ? PULH maINH I) @
356 (* [0x1926] PULX *) (compile m ? PULX maINH I) @
357 (* [0x1927] CPHX #0x0000 *) (compile m ? CPHX (maIMM2 〈〈x0,x0〉:〈x0,x0〉〉) I) @
358 (* [0x192A] PULH *) (compile m ? PULH maINH I) @
359 (* [0x192B] BNE *-54 *) (compile m ? BNE (maIMM1 〈xC,x8〉) I) @
360 (* [0x192D] TSX *) (compile m ? TSX maINH I) @
361 (* [0x192E] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @
362 (* [0x1930] BNE *+3 *) (compile m ? BNE (maIMM1 〈x0,x1〉) I) @
363 (* [0x1932] INC ,X *) (compile m ? INC maIX0 I) @
364 (* [0x1933] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
365 (* [0x1936] CPHX #0x0100 *) (compile m ? CPHX (maIMM2 〈〈x0,x1〉:〈x0,x0〉〉) I) @
366 (* [0x1939] BNE *-54 *) (compile m ? BNE (maIMM1 〈xC,x8〉) I) @
367 (* [0x193B] STOP *) (compile m ? STOP maINH I)
370 attraverso simulazione in CodeWarrior si puo' enunciare che dopo
371 25700+150n si sara' entrati in stato STOP corrispondente con ordinamento
372 di n byte, A=0xFF H:X=0x0100 *)
375 (* creazione del processore+caricamento+impostazione registri *)
376 definition dTest_HCS08_cSort_status ≝
383 setweak_i_flag HCS08 t (* I<-I_op *)
384 (set_acc_8_low_reg HCS08 t (* A<-A_op *)
385 (set_z_flag HCS08 t (* Z<-true *)
386 (setweak_sp_reg HCS08 t (* SP<-0x0F4B *)
387 (setweak_indX_16_reg HCS08 t (* H:X<-HX_op *)
388 (set_pc_reg HCS08 t (* PC<-dTest_HCS08_prog *)
389 (start_of_mcu_version
391 (load_from_source_at t (* carica data in RAM:dTest_HCS08_RAM *)
392 (load_from_source_at t (zero_memory t) (* carica source in ROM:dTest_HCS08_prog *)
393 (dTest_HCS08_cSort_source elems) dTest_HCS08_prog)
394 data dTest_HCS08_RAM)
395 (build_memory_type_of_mcu_version MC9S08GB60 t)
396 (mk_byte8 x0 x0) (mk_byte8 x0 x0) (* non deterministici tutti a 0 *)
397 false false false false false false) (* non deterministici tutti a 0 *)
400 (mk_word16 (mk_byte8 x0 xF) (mk_byte8 x4 xB)))
405 (* parametrizzazione dell'enunciato del teorema parziale *)
406 lemma dTest_HCS08_cSort_aux ≝
407 λt:memory_impl.λstring:list byte8.
408 (* 1) la stringa deve avere una lunghezza ∈ [0,3072] *)
409 (byte8_bounded_strlen string 〈〈x0,xC〉:〈x0,x0〉〉) ∧
410 (* 2) match di esecuzione su tempo in forma di upperbound *)
411 (match execute HCS08 t
412 (* parametri IN: t,A,H:X,strlen(string),string *)
413 (TickOK ? (dTest_HCS08_cSort_status t true 〈x0,x0〉 〈〈x0,xF〉:〈x4,xC〉〉 (byte8_strlen string) string))
414 (* tempo di esecuzione 25700+150*n *)
415 ((nat_of_word16 〈〈x6,x4〉:〈x6,x4〉〉)+(nat_of_byte8 〈x9,x6〉)*(nat_of_word16 (byte8_strlen string))) with
416 [ TickERR s _ ⇒ None ?
417 (* azzeramento tutta RAM tranne dati *)
418 | TickSUSP s _ ⇒ Some ? (set_mem_desc HCS08 t s (load_from_source_at t (get_mem_desc HCS08 t s) dTest_zeros 〈〈x0,xD〉:〈x0,x0〉〉))
421 Some ? (set_pc_reg HCS08 t
422 (dTest_HCS08_cSort_status t false 〈xF,xF〉 〈〈x0,x1〉:〈x0,x0〉〉 (byte8_strlen string) (byte8_list_ordering string))
423 (mk_word16 (mk_byte8 x1 x9) (mk_byte8 x3 xC)))).
425 (* dimostrazione senza svolgimento degli stati *)
427 lemma dTest_HCS08_cSort :
428 dTest_HCS08_cSort_aux MEM_TREE dTest_random_32.
429 unfold dTest_HCS08_cSort_aux;
431 [ normalize in ⊢ (%); autobatch ]
436 definition cSortCalc ≝
438 match execute HCS08 MEM_TREE
439 (TickOK ? (dTest_HCS08_cSort_status MEM_TREE true 〈x0,x0〉 〈〈x0,xF〉:〈x4,xC〉〉 (byte8_strlen string) string))
440 ((nat_of_word16 〈〈x6,x4〉:〈x6,x4〉〉)+(nat_of_byte8 〈x9,x6〉)*(nat_of_word16 (byte8_strlen string))) with
441 [ TickERR s _ ⇒ None ?
442 | TickSUSP s _ ⇒ Some ? (set_mem_desc HCS08 MEM_TREE s (load_from_source_at MEM_TREE (get_mem_desc HCS08 MEM_TREE s) dTest_zeros 〈〈x0,xD〉:〈x0,x0〉〉))
446 definition cSortNoCalc ≝
448 Some ? (set_pc_reg HCS08 MEM_TREE
449 (dTest_HCS08_cSort_status MEM_TREE false 〈xF,xF〉 〈〈x0,x1〉:〈x0,x0〉〉 (byte8_strlen string) (byte8_list_ordering string))
450 (mk_word16 (mk_byte8 x1 x9) (mk_byte8 x3 xC))).
452 definition cSortCalc32 ≝ cSortCalc dTest_random_32.
453 definition cSortCalc64 ≝ cSortCalc dTest_random_64.
454 definition cSortCalc128 ≝ cSortCalc dTest_random_128.
455 definition cSortCalc256 ≝ cSortCalc dTest_random_256.
456 definition cSortCalc512 ≝ cSortCalc dTest_random_512.
457 definition cSortCalc1024 ≝ cSortCalc dTest_random_1024.
458 definition cSortCalc2048 ≝ cSortCalc dTest_random_2048.
459 definition cSortCalc3072 ≝ cSortCalc dTest_random_3072.
461 definition cSortNoCalc32 ≝ cSortNoCalc dTest_random_32.
462 definition cSortNoCalc64 ≝ cSortNoCalc dTest_random_64.
463 definition cSortNoCalc128 ≝ cSortNoCalc dTest_random_128.
464 definition cSortNoCalc256 ≝ cSortNoCalc dTest_random_256.
465 definition cSortNoCalc512 ≝ cSortNoCalc dTest_random_512.
466 definition cSortNoCalc1024 ≝ cSortNoCalc dTest_random_1024.
467 definition cSortNoCalc2048 ≝ cSortNoCalc dTest_random_2048.
468 definition cSortNoCalc3072 ≝ cSortNoCalc dTest_random_3072.
470 (* ********************** *)
471 (* HCS08GB60 numeri aurei *)
472 (* ********************** *)
474 (* versione ridotta, in cui non si riazzerano gli elementi di counters *)
475 definition dTest_HCS08_gNum_source : word16 → (list byte8) ≝
477 let m ≝ HCS08 in source_to_byte8 m (
478 (* BEFORE: A=0x00 HX=0x1A00 PC=0x18BE SP=0x016F Z=1 (I=1) *)
481 static unsigned int result[16]={ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
482 word result[16] = 0x0100
484 void goldenNumbers(void)
486 unsigned int res_pos=0,tested_num=0,divisor=0;
487 unsigned long int acc=0;
490 (* [0x18BE] AIS #-10 *) (compile m ? AIS (maIMM1 〈xF,x6〉) I) @
491 (* [0x18C0] TSX *) (compile m ? TSX maINH I) @
492 (* [0x18C1] CLR 9,x *) (compile m ? CLR (maIX1 〈x0,x9〉) I) @
493 (* [0x18C3] CLR 8,X *) (compile m ? CLR (maIX1 〈x0,x8〉) I) @
494 (* [0x18C5] CLR 1,X *) (compile m ? CLR (maIX1 〈x0,x1〉) I) @
495 (* [0x18C7] CLR ,X *) (compile m ? CLR maIX0 I) @
496 (* [0x18C8] CLR 3,X *) (compile m ? CLR (maIX1 〈x0,x3〉) I) @
497 (* [0x18CA] CLR 2,X *) (compile m ? CLR (maIX1 〈x0,x2〉) I) @
498 (* [0x18CC] JSR 0x1951 *) (compile m ? JSR (maIMM2 〈〈x1,x9〉:〈x5,x1〉〉) I) @
501 for(tested_num=1;tested_num<2;tested_num++)
505 (* [0x18CF] STHX 1,SP *) (compile m ? STHX (maSP1 〈x0,x1〉) I) @
506 (* [0x18D2] BRA *+116 ; 0x1946 *) (compile m ? BRA (maIMM1 〈x7,x2〉) I) @
507 (* [0x18D4] BSR *+125 ; 0x1951 *) (compile m ? BSR (maIMM1 〈x7,xB〉) I) @
508 (* [0x18D6] STHX 3,SP *) (compile m ? STHX (maSP1 〈x0,x3〉) I) @
511 for(acc=0,divisor=1;divisor<tested_num;divisor++)
513 if(!(tested_num%divisor))
518 (* [0x18D9] BRA *+61 ; 0x1916 *) (compile m ? BRA (maIMM1 〈x3,xB〉) I) @
519 (* [0x18DB] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
520 (* [0x18DE] PSHX *) (compile m ? PSHX maINH I) @
521 (* [0x18DF] PSHH *) (compile m ? PSHH maINH I) @
522 (* [0x18E0] LDHX 5,SP *) (compile m ? LDHX (maSP1 〈x0,x5〉) I) @
523 (* [0x18E3] JSR 0x1A1A *) (compile m ? JSR (maIMM2 〈〈x1,xA〉:〈x1,xA〉〉) I) @
524 (* [0x18E6] AIS #2 *) (compile m ? AIS (maIMM1 〈x0,x2〉) I) @
525 (* [0x18E8] CPHX #0x0000 *) (compile m ? CPHX (maIMM2 〈〈x0,x0〉:〈x0,x0〉〉) I) @
526 (* [0x18EB] BNE *+33 ; 0x190C *) (compile m ? BNE (maIMM1 〈x1,xF〉) I) @
527 (* [0x18ED] TSX *) (compile m ? TSX maINH I) @
528 (* [0x18EE] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @
529 (* [0x18F0] LDX 2,X *) (compile m ? LDX (maIX1 〈x0,x2〉) I) @
530 (* [0x18F2] PSHA *) (compile m ? PSHA maINH I) @
531 (* [0x18F3] PSHX *) (compile m ? PSHX maINH I) @
532 (* [0x18F4] CLRA *) (compile m ? CLR maINHA I) @
533 (* [0x18F5] PSHA *) (compile m ? PSHA maINH I) @
534 (* [0x18F6] PSHA *) (compile m ? PSHA maINH I) @
535 (* [0x18F7] TSX *) (compile m ? TSX maINH I) @
536 (* [0x18F8] PSHX *) (compile m ? PSHX maINH I) @
537 (* [0x19F9] PSHH *) (compile m ? PSHH maINH I) @
538 (* [0x18FA] AIX #8 *) (compile m ? AIX (maIMM1 〈x0,x8〉) I) @
539 (* [0x18FC] PSHX *) (compile m ? PSHX maINH I) @
540 (* [0x18FD] PSHH *) (compile m ? PSHH maINH I) @
541 (* [0x18FE] LDHX 3,SP *) (compile m ? LDHX (maSP1 〈x0,x3〉) I) @
542 (* [0x1901] JSR 0x1A2A *) (compile m ? JSR (maIMM2 〈〈x1,xA〉:〈x2,xA〉〉) I) @
543 (* [0x1904] TSX *) (compile m ? TSX maINH I) @
544 (* [0x1905] AIX #14 *) (compile m ? AIX (maIMM1 〈x0,xE〉) I) @
545 (* [0x1907] JSR 0x1A30 *) (compile m ? JSR (maIMM2 〈〈x1,xA〉:〈x3,x0〉〉) I) @
546 (* [0x190A] AIS #6 *) (compile m ? AIS (maIMM1 〈x0,x6〉) I) @
547 (* [0x190C] STA 0x1800 !COP! *) (compile m ? STA (maDIR2 〈〈x0,xC〉:〈x0,x0〉〉) I) @
548 (* [0x190F] TSX *) (compile m ? TSX maINH I) @
549 (* [0x1910] INC 3,X *) (compile m ? INC (maIX1 〈x0,x3〉) I) @
550 (* [0x1912] BNE *+4 ; 0x1916 *) (compile m ? BNE (maIMM1 〈x0,x2〉) I) @
551 (* [0x1914] INC 2,X *) (compile m ? INC (maIX1 〈x0,x2〉) I) @
552 (* [0x1916] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
553 (* [0x1919] CPHX 3,SP *) (compile m ? CPHX (maSP1 〈x0,x3〉) I) @
554 (* [0x191C] BHI *-65 ; 0x18DB *) (compile m ? BHI (maIMM1 〈xB,xD〉) I) @
558 { result[res_pos++]=tested_num; }
563 (* [0x191E] CPHX 7,SP *) (compile m ? CPHX (maSP1 〈x0,x7〉) I) @
564 (* [0x1921] BNE *+31 ; 0x1940 *) (compile m ? BNE (maIMM1 〈x1,xD〉) I) @
565 (* [0x1923] LDHX 5,SP *) (compile m ? LDHX (maSP1 〈x0,x5〉) I) @
566 (* [0x1926] BNE *+26 ; 0x1940 *) (compile m ? BNE (maIMM1 〈x1,x8〉) I) @
567 (* [0x1928] LDHX 9,SP *) (compile m ? LDHX (maSP1 〈x0,x9〉) I) @
568 (* [0x192B] PSHX *) (compile m ? PSHX maINH I) @
569 (* [0x192C] AIX #1 *) (compile m ? AIX (maIMM1 〈x0,x1〉) I) @
570 (* [0x192E] STHX 10,SP *) (compile m ? STHX (maSP1 〈x0,xA〉) I) @
571 (* [0x1931] PULX *) (compile m ? PULX maINH I) @
572 (* [0x1932] LSLX *) (compile m ? ASL maINHX I) @
573 (* [0x1933] LDA 2,SP *) (compile m ? LDA (maSP1 〈x0,x2〉) I) @
574 (* [0x1936] CLRH *) (compile m ? CLR maINHH I) @
575 (* [0x1937] STA 257,X *) (compile m ? STA (maIX2 〈〈x0,x1〉:〈x0,x1〉〉) I) @
576 (* [0x193A] LDA 1,SP *) (compile m ? LDA (maSP1 〈x0,x1〉) I) @
577 (* [0x193D] STA 256,X *) (compile m ? STA (maIX2 〈〈x0,x1〉:〈x0,x0〉〉) I) @
578 (* [0x1940] TSX *) (compile m ? TSX maINH I) @
579 (* [0x1941] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @
580 (* [0x1943] BNE *+3 ; 0x1946 *) (compile m ? BNE (maIMM1 〈x0,x1〉) I) @
581 (* [0x1945] INC ,X *) (compile m ? INC maIX0 I) @
582 (* [0x1946] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
583 (* [0x1949] CPHX #elems *) (compile m ? CPHX (maIMM2 elems) I) @
584 (* [0x194C] BCS *-120 ; 0x18D4 *) (compile m ? BCS (maIMM1 〈x8,x6〉) I) @
585 (* [0x194E] AIS #10 *) (compile m ? AIS (maIMM1 〈x0,xA〉) I) @
586 (* [0x1950] STOP ->1951 !FINE! *) (compile m ? STOP maINH I) @
587 (* [0x1951] CLRX *) (compile m ? CLR maINHX I) @
588 (* [0x1952] CLRH *) (compile m ? CLR maINHH I) @
589 (* [0x1953] STHX 9,SP *) (compile m ? STHX (maSP1 〈x0,x9〉) I) @
590 (* [0x1956] CLRH *) (compile m ? CLR maINHH I) @
591 (* [0x1957] STHX 7,SP *) (compile m ? STHX (maSP1 〈x0,x7〉) I) @
592 (* [0x195A] INCX *) (compile m ? INC maINHX I) @
593 (* [0x195B] RTS *) (compile m ? RTS maINH I) @
596 static void _PUSH_ARGS_L(void) { ... }
599 (* [0x195C] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @
600 (* [0x195E] PSHA *) (compile m ? PSHA maINH I) @
601 (* [0x195F] LDA 2,X *) (compile m ? LDA (maIX1 〈x0,x2〉) I) @
602 (* [0x1961] PSHA *) (compile m ? PSHA maINH I) @
603 (* [0x1962] LDHX ,X *) (compile m ? LDHX maIX0 I) @
604 (* [0x1964] PSHX *) (compile m ? PSHX maINH I) @
605 (* [0x1965] PSHH *) (compile m ? PSHH maINH I) @
606 (* [0x1966] LDHX 7,SP *) (compile m ? LDHX (maSP1 〈x0,x7〉) I) @
607 (* [0x1969] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @
608 (* [0x196B] STA 17,SP *) (compile m ? STA (maSP1 〈x1,x1〉) I) @
609 (* [0x196E] LDA 2,X *) (compile m ? LDA (maIX1 〈x0,x2〉) I) @
610 (* [0x1970] STA 16,SP *) (compile m ? STA (maSP1 〈x1,x0〉) I) @
611 (* [0x1973] LDHX ,X *) (compile m ? LDHX maIX0 I) @
612 (* [0x1975] STHX 14,SP *) (compile m ? STHX (maSP1 〈x0,xE〉) I) @
613 (* [0x1978] LDHX 5,SP *) (compile m ? LDHX (maSP1 〈x0,x5〉) I) @
614 (* [0x197B] JMP ,X *) (compile m ? JMP maINHX0ADD I) @
617 static void _ENTER_BINARY_L(void) { ... }
620 (* [0x197C] PSHA *) (compile m ? PSHA maINH I) @
621 (* [0x197D] PSHX *) (compile m ? PSHX maINH I) @
622 (* [0x197E] PSHH *) (compile m ? PSHH maINH I) @
623 (* [0x197F] PSHX *) (compile m ? PSHX maINH I) @
624 (* [0x1980] PSHH *) (compile m ? PSHH maINH I) @
625 (* [0x1981] LDHX 6,SP *) (compile m ? LDHX (maSP1 〈x0,x6〉) I) @
626 (* [0x1984] PSHX *) (compile m ? PSHX maINH I) @
627 (* [0x1985] PSHH *) (compile m ? PSHH maINH I) @
628 (* [0x1986] LDHX 10,SP *) (compile m ? LDHX (maSP1 〈x0,xA〉) I) @
629 (* [0x1989] STHX 8,SP *) (compile m ? STHX (maSP1 〈x0,x8〉) I) @
630 (* [0x198C] LDHX 12,SP *) (compile m ? LDHX (maSP1 〈x0,xC〉) I) @
631 (* [0x198F] JMP 0x195C *) (compile m ? JMP (maIMM2 〈〈x1,x9〉:〈x5,xC〉〉) I) @
634 static void _IDIVMOD (char dummy_sgn, int j, int dummy, int i, ...) { ... }
637 (* [0x1992] TST 4,SP *) (compile m ? TST (maSP1 〈x0,x4〉) I) @
638 (* [0x1995] BNE *+28 ; 0x19B1 *) (compile m ? BNE (maIMM1 〈x1,xA〉) I) @
639 (* [0x1997] TSX *) (compile m ? TSX maINH I) @
640 (* [0x1998] LDA 7,X *) (compile m ? LDA (maIX1 〈x0,x7〉) I) @
641 (* [0x199A] LDX 4,X *) (compile m ? LDX (maIX1 〈x0,x4〉) I) @
642 (* [0x199C] CLRH *) (compile m ? CLR maINHH I) @
643 (* [0x199D] DIV *) (compile m ? DIV maINH I) @
644 (* [0x199E] STA 4,SP *) (compile m ? STA (maSP1 〈x0,x4〉) I) @
645 (* [0x19A1] LDA 9,SP *) (compile m ? LDA (maSP1 〈x0,x9〉) I) @
646 (* [0x19A4] DIV *) (compile m ? DIV maINH I) @
647 (* [0x19A5] STA 5,SP *) (compile m ? STA (maSP1 〈x0,x5〉) I) @
648 (* [0x19A8] CLR 8,SP *) (compile m ? CLR (maSP1 〈x0,x8〉) I) @
649 (* [0x19AB] PSHH *) (compile m ? PSHH maINH I) @
650 (* [0x19AC] PULA *) (compile m ? PULA maINH I) @
651 (* [0x19AD] STA 9,SP *) (compile m ? STA (maSP1 〈x0,x9〉) I) @
652 (* [0x19B0] RTS *) (compile m ? RTS maINH I) @
653 (* [0x19B1] CLRA *) (compile m ? CLR maINHA I) @
654 (* [0x19B2] PSHA *) (compile m ? PSHA maINH I) @
655 (* [0x19B3] LDX #0x08 *) (compile m ? LDX (maIMM1 〈x0,x8〉) I) @
656 (* [0x19B5] CLC *) (compile m ? CLC maINH I) @
657 (* [0x19B6] ROL 10,SP *) (compile m ? ROL (maSP1 〈x0,xA〉) I) @
658 (* [0x19B9] ROL 9,SP *) (compile m ? ROL (maSP1 〈x0,x9〉) I) @
659 (* [0x19BC] ROL 1,SP *) (compile m ? ROL (maSP1 〈x0,x1〉) I) @
660 (* [0x19BF] LDA 5,SP *) (compile m ? LDA (maSP1 〈x0,x5〉) I) @
661 (* [0x19C2] CMP 1,SP *) (compile m ? CMP (maSP1 〈x0,x1〉) I) @
662 (* [0x19C5] BHI *+31 ; 0x19E4 *) (compile m ? BHI (maIMM1 〈x1,xD〉) I) @
663 (* [0x19C7] BNE *+10 ; 0x19D1 *) (compile m ? BNE (maIMM1 〈x0,x8〉) I) @
664 (* [0x19C9] LDA 6,SP *) (compile m ? LDA (maSP1 〈x0,x6〉) I) @
665 (* [0x19CC] CMP 9,SP *) (compile m ? CMP (maSP1 〈x0,x9〉) I) @
666 (* [0x19CF] BHI *+21 ; 0x19E4 *) (compile m ? BHI (maIMM1 〈x1,x3〉) I) @
667 (* [0x19D1] LDA 9,SP *) (compile m ? LDA (maSP1 〈x0,x9〉) I) @
668 (* [0x19D4] SUB 6,SP *) (compile m ? SUB (maSP1 〈x0,x6〉) I) @
669 (* [0x19D7] STA 9,SP *) (compile m ? STA (maSP1 〈x0,x9〉) I) @
670 (* [0x19DA] LDA 1,SP *) (compile m ? LDA (maSP1 〈x0,x1〉) I) @
671 (* [0x19DD] SBC 5,SP *) (compile m ? SBC (maSP1 〈x0,x5〉) I) @
672 (* [0x19E0] STA 1,SP *) (compile m ? STA (maSP1 〈x0,x1〉) I) @
673 (* [0x19E3] SEC *) (compile m ? SEC maINH I) @
674 (* [0x19E4] DBNZX *-46 ; 0x19B6 *) (compile m ? DBNZ (maINHX_and_IMM1 〈xD,x0〉) I) @
675 (* [0x19E6] LDA 10,SP *) (compile m ? LDA (maSP1 〈x0,xA〉) I) @
676 (* [0x19E9] ROLA *) (compile m ? ROL maINHA I) @
677 (* [0x19EA] STA 6,SP *) (compile m ? STA (maSP1 〈x0,x6〉) I) @
678 (* [0x19ED] LDA 9,SP *) (compile m ? LDA (maSP1 〈x0,x9〉) I) @
679 (* [0x19F0] STA 10,SP *) (compile m ? STA (maSP1 〈x0,xA〉) I) @
680 (* [0x19F3] PULA *) (compile m ? PULA maINH I) @
681 (* [0x19F4] STA 8,SP *) (compile m ? STA (maSP1 〈x0,x8〉) I) @
682 (* [0x19F7] CLR 4,SP *) (compile m ? CLR (maSP1 〈x0,x4〉) I) @
683 (* [0x19FA] RTS *) (compile m ? RTS maINH I) @
686 static void _LADD_k_is_k_plus_j(_PARAM_BINARY_L) { ... }
689 (* [0x19FB] TSX *) (compile m ? TSX maINH I) @
690 (* [0x19FC] LDA 18,X *) (compile m ? LDA (maIX1 〈x1,x2〉) I) @
691 (* [0x19FE] ADD 5,X *) (compile m ? ADD (maIX1 〈x0,x5〉) I) @
692 (* [0x1A00] STA 18,X *) (compile m ? STA (maIX1 〈x1,x2〉) I) @
693 (* [0x1A02] LDA 17,X *) (compile m ? LDA (maIX1 〈x1,x1〉) I) @
694 (* [0x1A04] ADC 4,X *) (compile m ? ADC (maIX1 〈x0,x4〉) I) @
695 (* [0x1A06] STA 17,X *) (compile m ? STA (maIX1 〈x1,x1〉) I) @
696 (* [0x1A08] LDA 16,X *) (compile m ? LDA (maIX1 〈x1,x0〉) I) @
697 (* [0x1A0A] ADC 3,X *) (compile m ? ADC (maIX1 〈x0,x3〉) I) @
698 (* [0x1A0C] STA 16,X *) (compile m ? STA (maIX1 〈x1,x0〉) I) @
699 (* [0x1A0E] LDA 15,X *) (compile m ? LDA (maIX1 〈x0,xF〉) I) @
700 (* [0x1A10] ADC 2,X *) (compile m ? ADC (maIX1 〈x0,x2〉) I) @
701 (* [0x1A12] STA 15,X *) (compile m ? STA (maIX1 〈x0,xF〉) I) @
702 (* [0x1A14] AIS #10 *) (compile m ? AIS (maIMM1 〈x0,xA〉) I) @
703 (* [0x1A16] PULH *) (compile m ? PULH maINH I) @
704 (* [0x1A17] PULX *) (compile m ? PULX maINH I) @
705 (* [0x1A18] PULA *) (compile m ? PULA maINH I) @
706 (* [0x1A19] RTS *) (compile m ? RTS maINH I) @
709 void _IMODU_STAR08(int i, ...) { ... }
712 (* [0x1A1A] AIS #-2 *) (compile m ? AIS (maIMM1 〈xF,xE〉) I) @
713 (* [0x1A1C] STHX 1,SP *) (compile m ? STHX (maSP1 〈x0,x1〉) I) @
714 (* [0x1A1F] PSHA *) (compile m ? PSHA maINH I) @
715 (* [0x1A20] JSR 0x1992 *) (compile m ? JSR (maIMM2 〈〈x1,x9〉:〈x9,x2〉〉) I) @
716 (* [0x1A23] PULA *) (compile m ? PULA maINH I) @
717 (* [0x1A24] AIS #2 *) (compile m ? AIS (maIMM1 〈x0,x2〉) I) @
718 (* [0x1A26] LDHX 3,SP *) (compile m ? LDHX (maSP1 〈x0,x3〉) I) @
719 (* [0x1A29] RTS *) (compile m ? RTS maINH I) @
722 void _LADD(void) { ... }
725 (* [0x1A2A] JSR 0x197C *) (compile m ? JSR (maIMM2 〈〈x1,x9〉:〈x7,xC〉〉) I) @
726 (* [0x1A2D] JSR 0x19FB *) (compile m ? JSR (maIMM2 〈〈x1,x9〉:〈xF,xB〉〉) I) @
729 void _POP32(void) { ... }
732 (* [0x1A30] PSHA *) (compile m ? PSHA maINH I) @
733 (* [0x1A31] LDA 4,SP *) (compile m ? LDA (maSP1 〈x0,x4〉) I) @
734 (* [0x1A34] STA ,X *) (compile m ? STA maIX0 I) @
735 (* [0x1A35] LDA 5,SP *) (compile m ? LDA (maSP1 〈x0,x5〉) I) @
736 (* [0x1A38] STA 1,X *) (compile m ? STA (maIX1 〈x0,x1〉) I) @
737 (* [0x1A3A] LDA 6,SP *) (compile m ? LDA (maSP1 〈x0,x6〉) I) @
738 (* [0x1A3D] STA 2,X *) (compile m ? STA (maIX1 〈x0,x2〉) I) @
739 (* [0x1A3F] LDA 7,SP *) (compile m ? LDA (maSP1 〈x0,x7〉) I) @
740 (* [0x1A42] STA 3,X *) (compile m ? STA (maIX1 〈x0,x3〉) I) @
741 (* [0x1A44] PULA *) (compile m ? PULA maINH I) @
742 (* [0x1A45] PULH *) (compile m ? PULH maINH I) @
743 (* [0x1A46] PULX *) (compile m ? PULX maINH I) @
744 (* [0x1A47] AIS #4 *) (compile m ? AIS (maIMM1 〈x0,x4〉) I) @
745 (* [0x1A49] JMP ,X *) (compile m ? JMP maINHX0ADD I)
747 (* attraverso simulazione in CodeWarrior si puo' enunciare che dopo
748 80+(65*n*(n+1)*(n+2))/6 si sara' entrati in stato STOP corrispondente
749 AFTER: HX=num PC=0x1951 I=0 *)
752 (* creazione del processore+caricamento+impostazione registri *)
753 definition dTest_HCS08_gNum_status ≝
762 setweak_i_flag HCS08 t (* I<-I_op *)
763 (set_acc_8_low_reg HCS08 t (* A<-A_op *)
764 (set_z_flag HCS08 t (* Z<-true *)
765 (setweak_sp_reg HCS08 t (* SP<-0x016F *)
766 (setweak_indX_16_reg HCS08 t (* H:X<-HX_op *)
767 (set_pc_reg HCS08 t (* PC<-PC_op *)
768 (start_of_mcu_version
770 (load_from_source_at t (* carica data in RAM:dTest_HCS08_RAM *)
771 (load_from_source_at t (zero_memory t) (* carica source in ROM:addr *)
772 (dTest_HCS08_cSort_source elems) addr)
773 data dTest_HCS08_RAM)
774 (build_memory_type_of_mcu_version MC9S08GB60 t)
775 (mk_byte8 x0 x0) (mk_byte8 x0 x0) (* non deterministici tutti a 0 *)
776 false false false false false false) (* non deterministici tutti a 0 *)
779 (mk_word16 (mk_byte8 x0 x1) (mk_byte8 x6 xF)))
784 (* NUMERI AUREI: Somma divisori(x)=x, fino a 0xFFFF sono 6/28/496/8128 *)
785 definition dTest_HCS08_gNum_aurei ≝
786 λnum:word16.match gt_w16 num 〈〈x1,xF〉:〈xC,x0〉〉 with
787 [ true ⇒ [ 〈x0,x0〉 ; 〈x0,x6〉 ; 〈x0,x0〉 ; 〈x1,xC〉 ; 〈x0,x1〉 ; 〈xF,x0〉 ; 〈x1,xF〉 ; 〈xC,x0〉 ]
788 | false ⇒ match gt_w16 num 〈〈x0,x1〉:〈xF,x0〉〉 with
789 [ true ⇒ [ 〈x0,x0〉 ; 〈x0,x6〉 ; 〈x0,x0〉 ; 〈x1,xC〉 ; 〈x0,x1〉 ; 〈xF,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ]
790 | false ⇒ match gt_w16 num 〈〈x0,x0〉:〈x1,xC〉〉 with
791 [ true ⇒ [ 〈x0,x0〉 ; 〈x0,x6〉 ; 〈x0,x0〉 ; 〈x1,xC〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ]
792 | false ⇒ match gt_w16 num 〈〈x0,x0〉:〈x0,x6〉〉 with
793 [ true ⇒ [ 〈x0,x0〉 ; 〈x0,x6〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ]
794 | false ⇒ [ 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ]
798 ] @ [ 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉
799 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉
800 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ].
802 (* esecuzione execute k*(n+2) *)
803 let rec dTest_HCS08_gNum_execute1 (m:mcu_type) (t:memory_impl) (s:tick_result (any_status m t)) (n,ntot:nat) on n ≝
805 [ TickERR s' error ⇒ TickERR ? s' error
806 | TickSUSP s' susp ⇒ TickSUSP ? s' susp
807 | TickOK s' ⇒ match n with
809 | S n' ⇒ dTest_HCS08_gNum_execute1 m t (execute m t (TickOK ? s') (ntot+2)) n' ntot ]
812 (* esecuzione execute k*(n+1)*(n+2) *)
813 let rec dTest_HCS08_gNum_execute2 (m:mcu_type) (t:memory_impl) (s:tick_result (any_status m t)) (n,ntot:nat) on n ≝
815 [ TickERR s' error ⇒ TickERR ? s' error
816 | TickSUSP s' susp ⇒ TickSUSP ? s' susp
817 | TickOK s' ⇒ match n with
819 | S n' ⇒ dTest_HCS08_gNum_execute2 m t (dTest_HCS08_gNum_execute1 m t (TickOK ? s') (ntot+1) ntot) n' ntot ]
822 (* esecuzione execute k*n*(n+1)*(n+2) *)
823 let rec dTest_HCS08_gNum_execute3 (m:mcu_type) (t:memory_impl) (s:tick_result (any_status m t)) (n,ntot:nat) on n ≝
825 [ TickERR s' error ⇒ TickERR ? s' error
826 | TickSUSP s' susp ⇒ TickSUSP ? s' susp
827 | TickOK s' ⇒ match n with
829 | S n' ⇒ dTest_HCS08_gNum_execute3 m t (dTest_HCS08_gNum_execute2 m t (TickOK ? s') ntot ntot) n' ntot ]
832 (* esecuzione execute 80+11*n*(n+1)*(n+2) *)
833 definition dTest_HCS08_gNum_execute4 ≝
834 λm:mcu_type.λt:memory_impl.λs:tick_result (any_status m t).λntot:nat.
836 [ TickERR s' error ⇒ TickERR ? s' error
837 | TickSUSP s' susp ⇒ TickSUSP ? s' susp
838 | TickOK s' ⇒ execute m t (dTest_HCS08_gNum_execute3 m t (TickOK ? s') 11 ntot) 80
841 (* parametrizzazione dell'enunciato del teorema parziale *)
842 lemma dTest_HCS08_gNum_aux ≝
843 λt:memory_impl.λnum:word16.
844 (* 2) match di esecuzione su tempo in forma di upperbound *)
845 match dTest_HCS08_gNum_execute4 HCS08 t
846 (TickOK ? (dTest_HCS08_gNum_status t true 〈x0,x0〉 〈〈x1,xA〉:〈x0,x0〉〉 〈〈x1,x8〉:〈xB,xE〉〉 〈〈x1,x8〉:〈xB,xE〉〉 num dTest_zeros))
847 (* tempo di esecuzione 80+11*n*(n+1)*(n+2) *)
849 [ TickERR s _ ⇒ None ?
850 (* azzeramento tutta RAM tranne dati *)
851 | TickSUSP s _ ⇒ Some ? (set_mem_desc HCS08 t s (load_from_source_at t (get_mem_desc HCS08 t s) dTest_zeros3K 〈〈x0,x1〉:〈x2,x0〉〉))
854 Some ? (dTest_HCS08_gNum_status t false 〈x0,x0〉 num 〈〈x1,x9〉:〈x5,x1〉〉 〈〈x1,x8〉:〈xB,xE〉〉 num (dTest_HCS08_gNum_aurei num)).
856 definition gNumCalc ≝
858 match dTest_HCS08_gNum_execute4 HCS08 MEM_TREE
859 (TickOK ? (dTest_HCS08_gNum_status MEM_TREE true 〈x0,x0〉 〈〈x1,xA〉:〈x0,x0〉〉 〈〈x1,x8〉:〈xB,xE〉〉 〈〈x1,x8〉:〈xB,xE〉〉 num dTest_zeros))
861 [ TickERR s _ ⇒ None ?
862 | TickSUSP s _ ⇒ Some ? (set_mem_desc HCS08 MEM_TREE s (load_from_source_at MEM_TREE (get_mem_desc HCS08 MEM_TREE s) dTest_zeros3K 〈〈x0,x1〉:〈x2,x0〉〉))
866 definition gNumNoCalc ≝
868 Some ? (dTest_HCS08_gNum_status MEM_TREE false 〈x0,x0〉 num 〈〈x1,x9〉:〈x5,x1〉〉 〈〈x1,x8〉:〈xB,xE〉〉 num (dTest_HCS08_gNum_aurei num)).
870 definition gNumCalc1 ≝ gNumCalc 〈〈x0,x0〉:〈x0,x1〉〉.
871 definition gNumCalc2 ≝ gNumCalc 〈〈x0,x0〉:〈x0,x2〉〉.
872 definition gNumCalc5 ≝ gNumCalc 〈〈x0,x0〉:〈x0,x5〉〉.
873 definition gNumCalc10 ≝ gNumCalc 〈〈x0,x0〉:〈x0,xA〉〉.
874 definition gNumCalc20 ≝ gNumCalc 〈〈x0,x0〉:〈x1,x4〉〉.
875 definition gNumCalc50 ≝ gNumCalc 〈〈x0,x0〉:〈x3,x2〉〉.
876 definition gNumCalc100 ≝ gNumCalc 〈〈x0,x0〉:〈x6,x4〉〉.
877 definition gNumCalc250 ≝ gNumCalc 〈〈x0,x0〉:〈xF,xA〉〉.
878 definition gNumCalc500 ≝ gNumCalc 〈〈x0,x1〉:〈xF,x4〉〉.
879 definition gNumCalc1000 ≝ gNumCalc 〈〈x0,x3〉:〈xE,x8〉〉.
881 definition gNumNoCalc1 ≝ gNumNoCalc 〈〈x0,x0〉:〈x0,x1〉〉.
882 definition gNumNoCalc2 ≝ gNumNoCalc 〈〈x0,x0〉:〈x0,x2〉〉.
883 definition gNumNoCalc5 ≝ gNumNoCalc 〈〈x0,x0〉:〈x0,x5〉〉.
884 definition gNumNoCalc10 ≝ gNumNoCalc 〈〈x0,x0〉:〈x0,xA〉〉.
885 definition gNumNoCalc20 ≝ gNumNoCalc 〈〈x0,x0〉:〈x1,x4〉〉.
886 definition gNumNoCalc50 ≝ gNumNoCalc 〈〈x0,x0〉:〈x3,x2〉〉.
887 definition gNumNoCalc100 ≝ gNumNoCalc 〈〈x0,x0〉:〈x6,x4〉〉.
888 definition gNumNoCalc250 ≝ gNumNoCalc 〈〈x0,x0〉:〈xF,xA〉〉.
889 definition gNumNoCalc500 ≝ gNumNoCalc 〈〈x0,x1〉:〈xF,x4〉〉.
890 definition gNumNoCalc1000 ≝ gNumNoCalc 〈〈x0,x3〉:〈xE,x8〉〉.