--- /dev/null
+(**************************************************************************)
+(* ___ *)
+(* ||M|| *)
+(* ||A|| A project by Andrea Asperti *)
+(* ||T|| *)
+(* ||I|| Developers: *)
+(* ||T|| The HELM team. *)
+(* ||A|| http://helm.cs.unibo.it *)
+(* \ / *)
+(* \ / This file is distributed under the terms of the *)
+(* v GNU General Public License Version 2 *)
+(* *)
+(**************************************************************************)
+
+(* ********************************************************************** *)
+(* Progetto FreeScale *)
+(* *)
+(* Sviluppato da: *)
+(* Cosimo Oliboni, oliboni@cs.unibo.it *)
+(* *)
+(* Questo materiale fa parte della tesi: *)
+(* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *)
+(* *)
+(* data ultima modifica 15/11/2007 *)
+(* ********************************************************************** *)
+
+include "freescale/medium_tests_lemmas.ma".
+
+(* ************************ *)
+(* HCS08GB60 String Reverse *)
+(* ************************ *)
+
+(* versione ridotta, in cui non si riazzerano gli elementi di counters *)
+definition dTest_HCS08_sReverse_source : word16 → (list byte8) ≝
+λelems:word16.
+let m ≝ HCS08 in source_to_byte8 m (
+(* BEFORE: A=0x00 H:X=0x0D4B SP=0x0D4A PC=0x18E0 Z=true *)
+
+(* static unsigned char dati[3072]={...};
+
+ void swap(unsigned char *a, unsigned char *b)
+ { unsigned char tmp=*a; *a=*b; *b=tmp; return; } *)
+
+(* [0x18C8] allineamento *) (compile m ? NOP maINH I) @
+
+(* argomenti: HX e [0x0D49-A], passaggio ibrido reg, stack *)
+(* [0x18C9] PSHX *) (compile m ? PSHX maINH I) @
+(* [0x18CA] PSHH *) (compile m ? PSHH maINH I) @
+(* [0x18CB] LDHX 5,SP *) (compile m ? LDHX (maSP1 〈x0,x5〉) I) @
+(* [0x18CE] LDA ,X *) (compile m ? LDA maIX0 I) @
+(* [0x18CF] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
+(* [0x18D2] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x18D3] LDA ,X *) (compile m ? LDA maIX0 I) @
+(* [0x18D4] LDHX 6,SP *) (compile m ? LDHX (maSP1 〈x0,x6〉) I) @
+(* [0x18D7] STA ,X *) (compile m ? STA maIX0 I) @
+(* [0x18D8] LDHX 2,SP *) (compile m ? LDHX (maSP1 〈x0,x2〉) I) @
+(* [0x18DB] PULA *) (compile m ? PULA maINH I) @
+(* [0x18DC] STA ,X *) (compile m ? STA maIX0 I) @
+(* [0x18DD] AIS #2 *) (compile m ? AIS (maIMM1 〈x0,x2〉) I) @
+(* [0x18DF] RTS *) (compile m ? RTS maINH I) @
+
+(* void main(void)
+ {
+ unsigned int pos=0,limit=0;
+
+ for(limit=3072;pos<(limit/2);pos++)
+ { swap(&dati[pos],&dati[limit-pos-1]); } *)
+
+(* [0x18E0] LDHX #elems *) (compile m ? LDHX (maIMM2 elems) I) @
+(* [0x18E3] STHX 4,SP *) (compile m ? STHX (maSP1 〈x0,x4〉) I) @
+(* [0x18E6] BRA *+52 ; 191A *) (compile m ? BRA (maIMM1 〈x3,x2〉) I) @
+(* [0x18E8] TSX *) (compile m ? TSX maINH I) @
+(* [0x18E9] LDA 2,X *) (compile m ? LDA (maIX1 〈x0,x2〉) I) @
+(* [0x18EB] ADD #0x00 *) (compile m ? ADD (maIMM1 〈x0,x0〉) I) @
+(* [0x18ED] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x18EE] LDA 1,X *) (compile m ? LDA (maIX1 〈x0,x1〉) I) @
+(* [0x18F0] ADC #0x01 *) (compile m ? ADC (maIMM1 〈x0,x1〉) I) @
+(* [0x18F2] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x18F3] LDA 4,X *) (compile m ? LDA (maIX1 〈x0,x4〉) I) @
+(* [0x18F5] SUB 2,X *) (compile m ? SUB (maIX1 〈x0,x2〉) I) @
+(* [0x18F7] STA ,X *) (compile m ? STA maIX0 I) @
+(* [0x18F8] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @
+(* [0x18FA] SBC 1,X *) (compile m ? SBC (maIX1 〈x0,x1〉) I) @
+(* [0x18FC] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x18FD] LDX ,X *) (compile m ? LDX maIX0 I) @
+(* [0x18FE] PULH *) (compile m ? PULH maINH I) @
+(* [0x18FF] AIX #-1 *) (compile m ? AIX (maIMM1 〈xF,xF〉) I) @
+(* [0x1901] TXA *) (compile m ? TXA maINH I) @
+(* [0x1902] ADD #0x00 *) (compile m ? ADD (maIMM1 〈x0,x0〉) I) @
+(* [0x1904] PSHH *) (compile m ? PSHH maINH I) @
+(* [0x1905] TSX *) (compile m ? TSX maINH I) @
+(* [0x1906] STA 3,X *) (compile m ? STA (maIX1 〈x0,x3〉) I) @
+(* [0x1908] PULA *) (compile m ? PULA maINH I) @
+(* [0x1909] ADC #0x01 *) (compile m ? ADC (maIMM1 〈x0,x1〉) I) @
+(* [0x190B] LDX 3,X *) (compile m ? LDX (maIX1 〈x0,x3〉) I) @
+(* [0x190D] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x190E] PULH *) (compile m ? PULH maINH I) @
+(* [0x190F] BSR *-70 ; 18C9 *) (compile m ? BSR (maIMM1 〈xB,x8〉) I) @
+(* [0x1911] AIS #2 *) (compile m ? AIS (maIMM1 〈x0,x2〉) I) @
+(* [0x1913] TSX *) (compile m ? TSX maINH I) @
+(* [0x1914] INC 2,X *) (compile m ? INC (maIX1 〈x0,x2〉) I) @
+(* [0x1916] BNE *+4 ; 191A *) (compile m ? BNE (maIMM1 〈x0,x2〉) I) @
+(* [0x1918] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @
+(* [0x191A] TSX *) (compile m ? TSX maINH I) @
+(* [0x191B] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @
+(* [0x191D] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x191E] PULH *) (compile m ? PULH maINH I) @
+(* [0x191F] LSRA *) (compile m ? LSR maINHA I) @
+(* [0x1920] TSX *) (compile m ? TSX maINH I) @
+(* [0x1921] LDX 4,X *) (compile m ? LDX (maIX1 〈x0,x4〉) I) @
+(* [0x1923] RORX *) (compile m ? ROR maINHX I) @
+(* [0x1924] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x1925] PULH *) (compile m ? PULH maINH I) @
+(* [0x1926] CPHX 2,SP *) (compile m ? CPHX (maSP1 〈x0,x2〉) I) @
+(* [0x1929] BHI *-65 ; 18E8 *) (compile m ? BHI (maIMM1 〈xB,xD〉) I)
+
+(* [0x192B] !FINE!
+ attraverso simulazione in CodeWarrior si puo' enunciare che dopo
+ 42+79*n+5*(n>>9) ci sara' il reverse di n byte (PARI) e
+ H:X=n/2 *)
+ ).
+
+(* creazione del processore+caricamento+impostazione registri *)
+definition dTest_HCS08_sReverse_status ≝
+λt:memory_impl.
+λA_op:byte8.
+λHX_op:word16.
+λelems:word16.
+λdata:list byte8.
+ set_acc_8_low_reg HCS08 t (* A<-A_op *)
+ (set_z_flag HCS08 t (* Z<-true *)
+ (setweak_sp_reg HCS08 t (* SP<-0x0D4A *)
+ (setweak_indX_16_reg HCS08 t (* H:X<-HX_op *)
+ (set_pc_reg HCS08 t (* PC<-0x18E0 *)
+ (start_of_mcu_version
+ MC9S08GB60 t
+ (load_from_source_at t (* carica data in RAM:dTest_HCS08_RAM *)
+ (load_from_source_at t (zero_memory t) (* carica source in ROM:dTest_HCS08_prog *)
+ (dTest_HCS08_sReverse_source elems) dTest_HCS08_prog)
+ data dTest_HCS08_RAM)
+ (build_memory_type_of_mcu_version MC9S08GB60 t)
+ (mk_byte8 x0 x0) (mk_byte8 x0 x0) (* non deterministici tutti a 0 *)
+ false false false false false false) (* non deterministici tutti a 0 *)
+ (mk_word16 (mk_byte8 x1 x8) (mk_byte8 xE x0)))
+ HX_op)
+ (mk_word16 (mk_byte8 x0 xD) (mk_byte8 x4 xA)))
+ true)
+ A_op.
+
+(* parametrizzazione dell'enunciato del teorema *)
+(* primo sbozzo: confronto esecuzione con hexdump... *)
+lemma dTest_HCS08_sReverse_dump_aux ≝
+λt:memory_impl.λstring:list byte8.
+ (* 1) la stringa deve avere una lunghezza ∈ [0,3072] *)
+ (byte8_bounded_strlen string 〈〈x0,xC〉:〈x0,x0〉〉) ∧
+ (* 2) la stringa deve avere lunghezza pari *)
+ ((and_b8 (w16l (byte8_strlen string)) 〈x0,x1〉) = 〈x0,x0〉) ∧
+ (* 3) match di esecuzione su tempo in forma di tempo esatto *)
+ (match execute HCS08 t
+ (* parametri IN: t,H:X,strlen(string),string *)
+ (TickOK ? (dTest_HCS08_sReverse_status t 〈x0,x0〉 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen string) string))
+ (* tempo di esecuzione 42+79*n+5*(n>>9) *)
+ (42+79*(byte8_strlen string)+5*((byte8_strlen string)/512)) with
+ [ TickERR s _ ⇒ None ?
+ (* azzeramento tutta RAM tranne dati *)
+ | TickSUSP s _ ⇒ None ?
+ | TickOK s ⇒ Some ? (byte8_hexdump t (get_mem_desc HCS08 t s) dTest_HCS08_RAM (byte8_strlen string))
+ ] =
+ Some ? (byte8_reverse string)).
+
+(* confronto esecuzione con hexdump... *)
+(*
+lemma dTest_HCS08_sReverse_dump :
+ dTest_HCS08_sReverse_dump_aux MEM_TREE dTest_random_32.
+ unfold dTest_HCS08_sReverse_dump_aux;
+ split;
+ [ split; [ normalize in ⊢ (%); autobatch ] reflexivity ]
+ reflexivity.
+qed.
+*)
+
+(* parametrizzazione dell'enunciato del teorema *)
+(* dimostrazione senza svolgimento degli stati *)
+lemma dTest_HCS08_sReverse_aux ≝
+λt:memory_impl.λstring:list byte8.
+ (* 1) la stringa deve avere una lunghezza ∈ [0,3072] *)
+ (byte8_bounded_strlen string 〈〈x0,xC〉:〈x0,x0〉〉) ∧
+ (* 2) la stringa deve avere lunghezza pari *)
+ ((and_b8 (w16l (byte8_strlen string)) 〈x0,x1〉) = 〈x0,x0〉) ∧
+ (* 3) match di esecuzione su tempo in forma di tempo esatto *)
+ (match execute HCS08 t
+ (* parametri IN: t,H:X,strlen(string),string *)
+ (TickOK ? (dTest_HCS08_sReverse_status t 〈x0,x0〉 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen string) string))
+ (* tempo di esecuzione 42+79*n+5*(n>>9) *)
+ (42+79*(byte8_strlen string)+5*((byte8_strlen string)/512)) with
+ [ TickERR s _ ⇒ None ?
+ (* azzeramento tutta RAM tranne dati *)
+ | TickSUSP s _ ⇒ None ?
+ | TickOK s ⇒ Some ? (set_mem_desc HCS08 t s (load_from_source_at t (get_mem_desc HCS08 t s) dTest_zeros 〈〈x0,xD〉:〈x0,x0〉〉))
+ ] =
+ Some ? (set_pc_reg HCS08 t
+ (dTest_HCS08_sReverse_status t (fst ?? (shr_b8 (w16h (byte8_strlen string)))) (fst ?? (shr_w16 (byte8_strlen string))) (byte8_strlen string) (byte8_reverse string))
+ (mk_word16 (mk_byte8 x1 x9) (mk_byte8 x2 xB)))).
+
+(*
+lemma dTest_HCS08_sReverse :
+ dTest_HCS08_sReverse_aux MEM_TREE dTest_random_32.
+ unfold dTest_HCS08_sReverse_aux;
+ split;
+ [ split; [ normalize in ⊢ (%); autobatch ] reflexivity ]
+
+ rewrite > (breakpoint HCS08 MEM_TREE (TickOK ? (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32)) 3 (39+79*byte8_strlen dTest_random_32+5*(byte8_strlen dTest_random_32/512))) in ⊢ (? ? match % in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?);
+ letin status0 ≝ (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32);
+ change in ⊢ (? ? match ? ? ? (? ? ? % ?) ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?) with
+ (TickOK ? status0);
+ rewrite > (execute_HCS08_LDHX_maIMM2 MEM_TREE status0 〈x0,x0〉 〈x2,x0〉) in ⊢ (? ? match ? ? ? % ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?);
+ [ 2,3,4,5: reflexivity; ]
+
+ letin status1 ≝ (set_pc_reg HCS08 MEM_TREE (setweak_v_flag HCS08 MEM_TREE (setweak_n_flag HCS08 MEM_TREE (set_z_flag HCS08 MEM_TREE (set_alu HCS08 MEM_TREE (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32) (set_indX_16_reg_HC08 (alu HCS08 MEM_TREE (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32)) 〈〈x0,x0〉:〈x2,x0〉〉)) (eq_w16 〈〈x0,x0〉:〈x2,x0〉〉 〈〈x0,x0〉:〈x0,x0〉〉)) (MSB_w16 〈〈x0,x0〉:〈x2,x0〉〉)) false) (filtered_plus_w16 HCS08 MEM_TREE (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32) (get_pc_reg HCS08 MEM_TREE (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32)) 3));
+ change in ⊢ (? ? match ? ? ? % ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?) with (TickOK ? status1);
+
+ rewrite > (breakpoint HCS08 MEM_TREE (TickOK ? status1) 5 (34+79*byte8_strlen dTest_random_32+5*(byte8_strlen dTest_random_32/512))) in ⊢ (? ? match % in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?);
+ change in ⊢ (? ? match ? ? ? (? ? ? % ?) ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?) with (TickOK ? status1);
+ rewrite > (execute_HCS08_STHX_maSP1 status1 〈x0,x4〉)
+ in ⊢ (? ? match ? ? ? % ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?);
+ [ 2,3,4,5,6,7: reflexivity; ]
+
+ elim daemon.
+
+qed.
+*)
+
+definition sReverseCalc ≝
+λstring:list byte8.
+ match execute HCS08 MEM_TREE
+ (TickOK ? (dTest_HCS08_sReverse_status MEM_TREE 〈x0,x0〉 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen string) string))
+ (42+79*(byte8_strlen string)+5*((byte8_strlen string)/512)) with
+ [ TickERR s _ ⇒ None ?
+ | TickSUSP s _ ⇒ None ?
+ | TickOK s ⇒ Some ? (set_mem_desc HCS08 MEM_TREE s (load_from_source_at MEM_TREE (get_mem_desc HCS08 MEM_TREE s) dTest_zeros 〈〈x0,xD〉:〈x0,x0〉〉))
+ ].
+
+definition sReverseNoCalc ≝
+λstring:list byte8.
+ Some ? (set_pc_reg HCS08 MEM_TREE
+ (dTest_HCS08_sReverse_status MEM_TREE (fst ?? (shr_b8 (w16h (byte8_strlen string))))
+ (fst ?? (shr_w16 (byte8_strlen string)))
+ (byte8_strlen string) (byte8_reverse string))
+ (mk_word16 (mk_byte8 x1 x9) (mk_byte8 x2 xB))).
+
+definition sReverseCalc32 ≝ sReverseCalc dTest_random_32.
+definition sReverseCalc64 ≝ sReverseCalc dTest_random_64.
+definition sReverseCalc128 ≝ sReverseCalc dTest_random_128.
+definition sReverseCalc256 ≝ sReverseCalc dTest_random_256.
+definition sReverseCalc512 ≝ sReverseCalc dTest_random_512.
+definition sReverseCalc1024 ≝ sReverseCalc dTest_random_1024.
+definition sReverseCalc2048 ≝ sReverseCalc dTest_random_2048.
+definition sReverseCalc3072 ≝ sReverseCalc dTest_random_3072.
+
+definition sReverseNoCalc32 ≝ sReverseNoCalc dTest_random_32.
+definition sReverseNoCalc64 ≝ sReverseNoCalc dTest_random_64.
+definition sReverseNoCalc128 ≝ sReverseNoCalc dTest_random_128.
+definition sReverseNoCalc256 ≝ sReverseNoCalc dTest_random_256.
+definition sReverseNoCalc512 ≝ sReverseNoCalc dTest_random_512.
+definition sReverseNoCalc1024 ≝ sReverseNoCalc dTest_random_1024.
+definition sReverseNoCalc2048 ≝ sReverseNoCalc dTest_random_2048.
+definition sReverseNoCalc3072 ≝ sReverseNoCalc dTest_random_3072.
+
+(* *********************** *)
+(* HCS08GB60 Counting Sort *)
+(* *********************** *)
+
+(* versione ridotta, in cui non si riazzerano gli elementi di counters *)
+definition dTest_HCS08_cSort_source : word16 → (list byte8) ≝
+λelems:word16.
+let m ≝ HCS08 in source_to_byte8 m (
+(* BEFORE: A=0x00 H:X=0x0F4C SP=0x0F4B PC=0x18C8 Z=true *)
+
+(* /* IPOTESI: INIT VARIABILI+ARRAY GIA' ESEGUITO */
+ static unsigned int counters[256]={ campitura di 0 };
+ static unsigned char dati[3072]={ dati random };
+
+ void CountingSort(void)
+ {
+ unsigned int index=0,position=0; *)
+
+(* /* TESI: CODICE DA ESEGUIRE
+
+ /* calcolo del # ripetizioni degli elementi byte */
+ for(;index<3072;index++)
+ { counters[dati[index]]++; } *)
+
+(* [0x18C8] BRA *+31;18E7 *) (compile m ? BRA (maIMM1 〈x1,xD〉) I) @
+(* [0x18CA] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
+(* [0x18CD] LDA 256,X *) (compile m ? LDA (maIX2 〈〈x0,x1〉:〈x0,x0〉〉) I) @
+(* [0x18D0] LSLA *) (compile m ? ASL maINHA I) @
+(* [0x18D1] CLRX *) (compile m ? CLR maINHX I) @
+(* [0x18D2] ROLX *) (compile m ? ROL maINHX I) @
+(* [0x18D3] ADD #0x00 *) (compile m ? ADD (maIMM1 〈x0,x0〉) I) @
+(* [0x18D5] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x18D6] TXA *) (compile m ? TXA maINH I) @
+(* [0x18D7] ADC #0x0D *) (compile m ? ADC (maIMM1 〈x0,xD〉) I) @
+(* [0x18D9] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x18DA] PULH *) (compile m ? PULH maINH I) @
+(* [0x18DB] PULX *) (compile m ? PULX maINH I) @
+(* [0x18DC] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @
+(* [0x18DE] BNE *+3 *) (compile m ? BNE (maIMM1 〈x0,x1〉) I) @
+(* [0x18E0] INC ,X *) (compile m ? INC maIX0 I) @
+(* [0x18E1] TSX *) (compile m ? TSX maINH I) @
+(* [0x18E2] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @
+(* [0x18E4] BNE *+3 *) (compile m ? BNE (maIMM1 〈x0,x1〉) I) @
+(* [0x18E6] INC ,X *) (compile m ? INC maIX0 I) @
+(* [0x18E7] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
+(* [0x18EA] CPHX #elems *) (compile m ? CPHX (maIMM2 elems) I) @ (* dimensione dei dati al massimo 0x0C00 *)
+(* [0x18ED] BCS *-35;18CA *) (compile m ? BCS (maIMM1 〈xD,xB〉) I) @
+
+(* /* sovrascrittura di dati per produrre la versione ordinata */
+ for(index=0;index<256;index++)
+ {
+ while(counters[index]--)
+ { dati[position++]=index; }
+ } *)
+
+(* [0x18EF] TSX *) (compile m ? TSX maINH I) @
+(* [0x18F0] CLR 1,X *) (compile m ? CLR (maIX1 〈x0,x1〉) I) @
+(* [0x18F2] CLR ,X *) (compile m ? CLR maIX0 I) @
+(* [0x18F3] BRA *+16 *) (compile m ? BRA (maIMM1 〈x0,xE〉) I) @
+(* [0x18F5] TSX *) (compile m ? TSX maINH I) @
+(* [0x18F6] LDA 1,X *) (compile m ? LDA (maIX1 〈x0,x1〉) I) @
+(* [0x18F8] LDHX 3,SP *) (compile m ? LDHX (maSP1 〈x0,x3〉) I) @
+(* [0x18FB] STA 256,X *) (compile m ? STA (maIX2 〈〈x0,x1〉:〈x0,x0〉〉) I) @
+(* [0x18FE] AIX #1 *) (compile m ? AIX (maIMM1 〈x0,x1〉) I) @
+(* [0x1900] STHX 3,SP *) (compile m ? STHX (maSP1 〈x0,x3〉) I) @
+(* [0x1903] TSX *) (compile m ? TSX maINH I) @
+(* [0x1904] LDX 1,X *) (compile m ? LDX (maIX1 〈x0,x1〉) I) @
+(* [0x1906] LSLX *) (compile m ? ASL maINHX I) @
+(* [0x1907] LDA 1,SP *) (compile m ? LDA (maSP1 〈x0,x1〉) I) @
+(* [0x190A] ROLA *) (compile m ? ROL maINHA I) @
+(* [0x190B] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x190C] PULH *) (compile m ? PULH maINH I) @
+(* [0x190D] PSHX *) (compile m ? PSHX maINH I) @
+(* [0x190E] LDHX 3328,X *) (compile m ? LDHX (maIX2 〈〈x0,xD〉:〈x0,x0〉〉) I) @
+(* [0x1912] PSHX *) (compile m ? PSHX maINH I) @
+(* [0x1913] PSHH *) (compile m ? PSHH maINH I) @
+(* [0x1914] AIX #-1 *) (compile m ? AIX (maIMM1 〈xF,xF〉) I) @
+(* [0x1916] PSHH *) (compile m ? PSHH maINH I) @
+(* [0x1917] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x1918] PULH *) (compile m ? PULH maINH I) @
+(* [0x1919] PSHX *) (compile m ? PSHX maINH I) @
+(* [0x191A] LDX 5,SP *) (compile m ? LDX (maSP1 〈x0,x5〉) I) @
+(* [0x191D] PULA *) (compile m ? PULA maINH I) @
+(* [0x191E] STA 3329,X *) (compile m ? STA (maIX2 〈〈x0,xD〉:〈x0,x1〉〉) I) @
+(* [0x1921] PULA *) (compile m ? PULA maINH I) @
+(* [0x1922] STA 3328,X *) (compile m ? STA (maIX2 〈〈x0,xD〉:〈x0,x0〉〉) I) @
+(* [0x1925] PULH *) (compile m ? PULH maINH I) @
+(* [0x1926] PULX *) (compile m ? PULX maINH I) @
+(* [0x1927] CPHX #0x0000 *) (compile m ? CPHX (maIMM2 〈〈x0,x0〉:〈x0,x0〉〉) I) @
+(* [0x192A] PULH *) (compile m ? PULH maINH I) @
+(* [0x192B] BNE *-54 *) (compile m ? BNE (maIMM1 〈xC,x8〉) I) @
+(* [0x192D] TSX *) (compile m ? TSX maINH I) @
+(* [0x192E] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @
+(* [0x1930] BNE *+3 *) (compile m ? BNE (maIMM1 〈x0,x1〉) I) @
+(* [0x1932] INC ,X *) (compile m ? INC maIX0 I) @
+(* [0x1933] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
+(* [0x1936] CPHX #0x0100 *) (compile m ? CPHX (maIMM2 〈〈x0,x1〉:〈x0,x0〉〉) I) @
+(* [0x1939] BNE *-54 *) (compile m ? BNE (maIMM1 〈xC,x8〉) I) @
+(* [0x193B] STOP *) (compile m ? STOP maINH I)
+
+(* [0x193C] !FINE!
+ attraverso simulazione in CodeWarrior si puo' enunciare che dopo
+ 25700+150n si sara' entrati in stato STOP corrispondente con ordinamento
+ di n byte, A=0xFF H:X=0x0100 *)
+ ).
+
+(* creazione del processore+caricamento+impostazione registri *)
+definition dTest_HCS08_cSort_status ≝
+λt:memory_impl.
+λI_op:bool.
+λA_op:byte8.
+λHX_op:word16.
+λelems:word16.
+λdata:list byte8.
+ setweak_i_flag HCS08 t (* I<-I_op *)
+ (set_acc_8_low_reg HCS08 t (* A<-A_op *)
+ (set_z_flag HCS08 t (* Z<-true *)
+ (setweak_sp_reg HCS08 t (* SP<-0x0F4B *)
+ (setweak_indX_16_reg HCS08 t (* H:X<-HX_op *)
+ (set_pc_reg HCS08 t (* PC<-dTest_HCS08_prog *)
+ (start_of_mcu_version
+ MC9S08GB60 t
+ (load_from_source_at t (* carica data in RAM:dTest_HCS08_RAM *)
+ (load_from_source_at t (zero_memory t) (* carica source in ROM:dTest_HCS08_prog *)
+ (dTest_HCS08_cSort_source elems) dTest_HCS08_prog)
+ data dTest_HCS08_RAM)
+ (build_memory_type_of_mcu_version MC9S08GB60 t)
+ (mk_byte8 x0 x0) (mk_byte8 x0 x0) (* non deterministici tutti a 0 *)
+ false false false false false false) (* non deterministici tutti a 0 *)
+ dTest_HCS08_prog)
+ HX_op)
+ (mk_word16 (mk_byte8 x0 xF) (mk_byte8 x4 xB)))
+ true)
+ A_op)
+ I_op.
+
+(* parametrizzazione dell'enunciato del teorema parziale *)
+lemma dTest_HCS08_cSort_aux ≝
+λt:memory_impl.λstring:list byte8.
+ (* 1) la stringa deve avere una lunghezza ∈ [0,3072] *)
+ (byte8_bounded_strlen string 〈〈x0,xC〉:〈x0,x0〉〉) ∧
+ (* 2) match di esecuzione su tempo in forma di upperbound *)
+ (match execute HCS08 t
+ (* parametri IN: t,A,H:X,strlen(string),string *)
+ (TickOK ? (dTest_HCS08_cSort_status t true 〈x0,x0〉 〈〈x0,xF〉:〈x4,xC〉〉 (byte8_strlen string) string))
+ (* tempo di esecuzione 25700+150*n *)
+ ((nat_of_word16 〈〈x6,x4〉:〈x6,x4〉〉)+(nat_of_byte8 〈x9,x6〉)*(nat_of_word16 (byte8_strlen string))) with
+ [ TickERR s _ ⇒ None ?
+ (* azzeramento tutta RAM tranne dati *)
+ | TickSUSP s _ ⇒ Some ? (set_mem_desc HCS08 t s (load_from_source_at t (get_mem_desc HCS08 t s) dTest_zeros 〈〈x0,xD〉:〈x0,x0〉〉))
+ | TickOK s ⇒ None ?
+ ] =
+ Some ? (set_pc_reg HCS08 t
+ (dTest_HCS08_cSort_status t false 〈xF,xF〉 〈〈x0,x1〉:〈x0,x0〉〉 (byte8_strlen string) (byte8_list_ordering string))
+ (mk_word16 (mk_byte8 x1 x9) (mk_byte8 x3 xC)))).
+
+(* dimostrazione senza svolgimento degli stati *)
+(*
+lemma dTest_HCS08_cSort :
+ dTest_HCS08_cSort_aux MEM_TREE dTest_random_32.
+ unfold dTest_HCS08_cSort_aux;
+ split;
+ [ normalize in ⊢ (%); autobatch ]
+ reflexivity.
+qed.
+*)
+
+definition cSortCalc ≝
+λstring:list byte8.
+ match execute HCS08 MEM_TREE
+ (TickOK ? (dTest_HCS08_cSort_status MEM_TREE true 〈x0,x0〉 〈〈x0,xF〉:〈x4,xC〉〉 (byte8_strlen string) string))
+ ((nat_of_word16 〈〈x6,x4〉:〈x6,x4〉〉)+(nat_of_byte8 〈x9,x6〉)*(nat_of_word16 (byte8_strlen string))) with
+ [ TickERR s _ ⇒ None ?
+ | TickSUSP s _ ⇒ Some ? (set_mem_desc HCS08 MEM_TREE s (load_from_source_at MEM_TREE (get_mem_desc HCS08 MEM_TREE s) dTest_zeros 〈〈x0,xD〉:〈x0,x0〉〉))
+ | TickOK s ⇒ None ?
+ ].
+
+definition cSortNoCalc ≝
+λstring:list byte8.
+ Some ? (set_pc_reg HCS08 MEM_TREE
+ (dTest_HCS08_cSort_status MEM_TREE false 〈xF,xF〉 〈〈x0,x1〉:〈x0,x0〉〉 (byte8_strlen string) (byte8_list_ordering string))
+ (mk_word16 (mk_byte8 x1 x9) (mk_byte8 x3 xC))).
+
+definition cSortCalc32 ≝ cSortCalc dTest_random_32.
+definition cSortCalc64 ≝ cSortCalc dTest_random_64.
+definition cSortCalc128 ≝ cSortCalc dTest_random_128.
+definition cSortCalc256 ≝ cSortCalc dTest_random_256.
+definition cSortCalc512 ≝ cSortCalc dTest_random_512.
+definition cSortCalc1024 ≝ cSortCalc dTest_random_1024.
+definition cSortCalc2048 ≝ cSortCalc dTest_random_2048.
+definition cSortCalc3072 ≝ cSortCalc dTest_random_3072.
+
+definition cSortNoCalc32 ≝ cSortNoCalc dTest_random_32.
+definition cSortNoCalc64 ≝ cSortNoCalc dTest_random_64.
+definition cSortNoCalc128 ≝ cSortNoCalc dTest_random_128.
+definition cSortNoCalc256 ≝ cSortNoCalc dTest_random_256.
+definition cSortNoCalc512 ≝ cSortNoCalc dTest_random_512.
+definition cSortNoCalc1024 ≝ cSortNoCalc dTest_random_1024.
+definition cSortNoCalc2048 ≝ cSortNoCalc dTest_random_2048.
+definition cSortNoCalc3072 ≝ cSortNoCalc dTest_random_3072.
+
+(* ********************** *)
+(* HCS08GB60 numeri aurei *)
+(* ********************** *)
+
+(* versione ridotta, in cui non si riazzerano gli elementi di counters *)
+definition dTest_HCS08_gNum_source : word16 → (list byte8) ≝
+λelems:word16.
+let m ≝ HCS08 in source_to_byte8 m (
+(* BEFORE: A=0x00 HX=0x1A00 PC=0x18BE SP=0x016F Z=1 (I=1) *)
+
+(*
+static unsigned int result[16]={ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
+word result[16] = 0x0100
+
+void goldenNumbers(void)
+{
+unsigned int res_pos=0,tested_num=0,divisor=0;
+unsigned long int acc=0;
+*)
+
+(* [0x18BE] AIS #-10 *) (compile m ? AIS (maIMM1 〈xF,x6〉) I) @
+(* [0x18C0] TSX *) (compile m ? TSX maINH I) @
+(* [0x18C1] CLR 9,x *) (compile m ? CLR (maIX1 〈x0,x9〉) I) @
+(* [0x18C3] CLR 8,X *) (compile m ? CLR (maIX1 〈x0,x8〉) I) @
+(* [0x18C5] CLR 1,X *) (compile m ? CLR (maIX1 〈x0,x1〉) I) @
+(* [0x18C7] CLR ,X *) (compile m ? CLR maIX0 I) @
+(* [0x18C8] CLR 3,X *) (compile m ? CLR (maIX1 〈x0,x3〉) I) @
+(* [0x18CA] CLR 2,X *) (compile m ? CLR (maIX1 〈x0,x2〉) I) @
+(* [0x18CC] JSR 0x1951 *) (compile m ? JSR (maIMM2 〈〈x1,x9〉:〈x5,x1〉〉) I) @
+
+(*
+for(tested_num=1;tested_num<2;tested_num++)
+ {
+*)
+
+(* [0x18CF] STHX 1,SP *) (compile m ? STHX (maSP1 〈x0,x1〉) I) @
+(* [0x18D2] BRA *+116 ; 0x1946 *) (compile m ? BRA (maIMM1 〈x7,x2〉) I) @
+(* [0x18D4] BSR *+125 ; 0x1951 *) (compile m ? BSR (maIMM1 〈x7,xB〉) I) @
+(* [0x18D6] STHX 3,SP *) (compile m ? STHX (maSP1 〈x0,x3〉) I) @
+
+(*
+ for(acc=0,divisor=1;divisor<tested_num;divisor++)
+ {
+ if(!(tested_num%divisor))
+ { acc+=divisor; }
+ }
+*)
+
+(* [0x18D9] BRA *+61 ; 0x1916 *) (compile m ? BRA (maIMM1 〈x3,xB〉) I) @
+(* [0x18DB] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
+(* [0x18DE] PSHX *) (compile m ? PSHX maINH I) @
+(* [0x18DF] PSHH *) (compile m ? PSHH maINH I) @
+(* [0x18E0] LDHX 5,SP *) (compile m ? LDHX (maSP1 〈x0,x5〉) I) @
+(* [0x18E3] JSR 0x1A1A *) (compile m ? JSR (maIMM2 〈〈x1,xA〉:〈x1,xA〉〉) I) @
+(* [0x18E6] AIS #2 *) (compile m ? AIS (maIMM1 〈x0,x2〉) I) @
+(* [0x18E8] CPHX #0x0000 *) (compile m ? CPHX (maIMM2 〈〈x0,x0〉:〈x0,x0〉〉) I) @
+(* [0x18EB] BNE *+33 ; 0x190C *) (compile m ? BNE (maIMM1 〈x1,xF〉) I) @
+(* [0x18ED] TSX *) (compile m ? TSX maINH I) @
+(* [0x18EE] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @
+(* [0x18F0] LDX 2,X *) (compile m ? LDX (maIX1 〈x0,x2〉) I) @
+(* [0x18F2] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x18F3] PSHX *) (compile m ? PSHX maINH I) @
+(* [0x18F4] CLRA *) (compile m ? CLR maINHA I) @
+(* [0x18F5] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x18F6] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x18F7] TSX *) (compile m ? TSX maINH I) @
+(* [0x18F8] PSHX *) (compile m ? PSHX maINH I) @
+(* [0x19F9] PSHH *) (compile m ? PSHH maINH I) @
+(* [0x18FA] AIX #8 *) (compile m ? AIX (maIMM1 〈x0,x8〉) I) @
+(* [0x18FC] PSHX *) (compile m ? PSHX maINH I) @
+(* [0x18FD] PSHH *) (compile m ? PSHH maINH I) @
+(* [0x18FE] LDHX 3,SP *) (compile m ? LDHX (maSP1 〈x0,x3〉) I) @
+(* [0x1901] JSR 0x1A2A *) (compile m ? JSR (maIMM2 〈〈x1,xA〉:〈x2,xA〉〉) I) @
+(* [0x1904] TSX *) (compile m ? TSX maINH I) @
+(* [0x1905] AIX #14 *) (compile m ? AIX (maIMM1 〈x0,xE〉) I) @
+(* [0x1907] JSR 0x1A30 *) (compile m ? JSR (maIMM2 〈〈x1,xA〉:〈x3,x0〉〉) I) @
+(* [0x190A] AIS #6 *) (compile m ? AIS (maIMM1 〈x0,x6〉) I) @
+(* [0x190C] STA 0x1800 !COP! *) (compile m ? STA (maDIR2 〈〈x0,xC〉:〈x0,x0〉〉) I) @
+(* [0x190F] TSX *) (compile m ? TSX maINH I) @
+(* [0x1910] INC 3,X *) (compile m ? INC (maIX1 〈x0,x3〉) I) @
+(* [0x1912] BNE *+4 ; 0x1916 *) (compile m ? BNE (maIMM1 〈x0,x2〉) I) @
+(* [0x1914] INC 2,X *) (compile m ? INC (maIX1 〈x0,x2〉) I) @
+(* [0x1916] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
+(* [0x1919] CPHX 3,SP *) (compile m ? CPHX (maSP1 〈x0,x3〉) I) @
+(* [0x191C] BHI *-65 ; 0x18DB *) (compile m ? BHI (maIMM1 〈xB,xD〉) I) @
+
+(*
+ if(acc==tested_num)
+ { result[res_pos++]=tested_num; }
+ }
+}
+*)
+
+(* [0x191E] CPHX 7,SP *) (compile m ? CPHX (maSP1 〈x0,x7〉) I) @
+(* [0x1921] BNE *+31 ; 0x1940 *) (compile m ? BNE (maIMM1 〈x1,xD〉) I) @
+(* [0x1923] LDHX 5,SP *) (compile m ? LDHX (maSP1 〈x0,x5〉) I) @
+(* [0x1926] BNE *+26 ; 0x1940 *) (compile m ? BNE (maIMM1 〈x1,x8〉) I) @
+(* [0x1928] LDHX 9,SP *) (compile m ? LDHX (maSP1 〈x0,x9〉) I) @
+(* [0x192B] PSHX *) (compile m ? PSHX maINH I) @
+(* [0x192C] AIX #1 *) (compile m ? AIX (maIMM1 〈x0,x1〉) I) @
+(* [0x192E] STHX 10,SP *) (compile m ? STHX (maSP1 〈x0,xA〉) I) @
+(* [0x1931] PULX *) (compile m ? PULX maINH I) @
+(* [0x1932] LSLX *) (compile m ? ASL maINHX I) @
+(* [0x1933] LDA 2,SP *) (compile m ? LDA (maSP1 〈x0,x2〉) I) @
+(* [0x1936] CLRH *) (compile m ? CLR maINHH I) @
+(* [0x1937] STA 257,X *) (compile m ? STA (maIX2 〈〈x0,x1〉:〈x0,x1〉〉) I) @
+(* [0x193A] LDA 1,SP *) (compile m ? LDA (maSP1 〈x0,x1〉) I) @
+(* [0x193D] STA 256,X *) (compile m ? STA (maIX2 〈〈x0,x1〉:〈x0,x0〉〉) I) @
+(* [0x1940] TSX *) (compile m ? TSX maINH I) @
+(* [0x1941] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @
+(* [0x1943] BNE *+3 ; 0x1946 *) (compile m ? BNE (maIMM1 〈x0,x1〉) I) @
+(* [0x1945] INC ,X *) (compile m ? INC maIX0 I) @
+(* [0x1946] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @
+(* [0x1949] CPHX #elems *) (compile m ? CPHX (maIMM2 elems) I) @
+(* [0x194C] BCS *-120 ; 0x18D4 *) (compile m ? BCS (maIMM1 〈x8,x6〉) I) @
+(* [0x194E] AIS #10 *) (compile m ? AIS (maIMM1 〈x0,xA〉) I) @
+(* [0x1950] STOP ->1951 !FINE! *) (compile m ? STOP maINH I) @
+(* [0x1951] CLRX *) (compile m ? CLR maINHX I) @
+(* [0x1952] CLRH *) (compile m ? CLR maINHH I) @
+(* [0x1953] STHX 9,SP *) (compile m ? STHX (maSP1 〈x0,x9〉) I) @
+(* [0x1956] CLRH *) (compile m ? CLR maINHH I) @
+(* [0x1957] STHX 7,SP *) (compile m ? STHX (maSP1 〈x0,x7〉) I) @
+(* [0x195A] INCX *) (compile m ? INC maINHX I) @
+(* [0x195B] RTS *) (compile m ? RTS maINH I) @
+
+(*
+static void _PUSH_ARGS_L(void) { ... }
+*)
+
+(* [0x195C] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @
+(* [0x195E] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x195F] LDA 2,X *) (compile m ? LDA (maIX1 〈x0,x2〉) I) @
+(* [0x1961] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x1962] LDHX ,X *) (compile m ? LDHX maIX0 I) @
+(* [0x1964] PSHX *) (compile m ? PSHX maINH I) @
+(* [0x1965] PSHH *) (compile m ? PSHH maINH I) @
+(* [0x1966] LDHX 7,SP *) (compile m ? LDHX (maSP1 〈x0,x7〉) I) @
+(* [0x1969] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @
+(* [0x196B] STA 17,SP *) (compile m ? STA (maSP1 〈x1,x1〉) I) @
+(* [0x196E] LDA 2,X *) (compile m ? LDA (maIX1 〈x0,x2〉) I) @
+(* [0x1970] STA 16,SP *) (compile m ? STA (maSP1 〈x1,x0〉) I) @
+(* [0x1973] LDHX ,X *) (compile m ? LDHX maIX0 I) @
+(* [0x1975] STHX 14,SP *) (compile m ? STHX (maSP1 〈x0,xE〉) I) @
+(* [0x1978] LDHX 5,SP *) (compile m ? LDHX (maSP1 〈x0,x5〉) I) @
+(* [0x197B] JMP ,X *) (compile m ? JMP maINHX0ADD I) @
+
+(*
+static void _ENTER_BINARY_L(void) { ... }
+*)
+
+(* [0x197C] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x197D] PSHX *) (compile m ? PSHX maINH I) @
+(* [0x197E] PSHH *) (compile m ? PSHH maINH I) @
+(* [0x197F] PSHX *) (compile m ? PSHX maINH I) @
+(* [0x1980] PSHH *) (compile m ? PSHH maINH I) @
+(* [0x1981] LDHX 6,SP *) (compile m ? LDHX (maSP1 〈x0,x6〉) I) @
+(* [0x1984] PSHX *) (compile m ? PSHX maINH I) @
+(* [0x1985] PSHH *) (compile m ? PSHH maINH I) @
+(* [0x1986] LDHX 10,SP *) (compile m ? LDHX (maSP1 〈x0,xA〉) I) @
+(* [0x1989] STHX 8,SP *) (compile m ? STHX (maSP1 〈x0,x8〉) I) @
+(* [0x198C] LDHX 12,SP *) (compile m ? LDHX (maSP1 〈x0,xC〉) I) @
+(* [0x198F] JMP 0x195C *) (compile m ? JMP (maIMM2 〈〈x1,x9〉:〈x5,xC〉〉) I) @
+
+(*
+static void _IDIVMOD (char dummy_sgn, int j, int dummy, int i, ...) { ... }
+*)
+
+(* [0x1992] TST 4,SP *) (compile m ? TST (maSP1 〈x0,x4〉) I) @
+(* [0x1995] BNE *+28 ; 0x19B1 *) (compile m ? BNE (maIMM1 〈x1,xA〉) I) @
+(* [0x1997] TSX *) (compile m ? TSX maINH I) @
+(* [0x1998] LDA 7,X *) (compile m ? LDA (maIX1 〈x0,x7〉) I) @
+(* [0x199A] LDX 4,X *) (compile m ? LDX (maIX1 〈x0,x4〉) I) @
+(* [0x199C] CLRH *) (compile m ? CLR maINHH I) @
+(* [0x199D] DIV *) (compile m ? DIV maINH I) @
+(* [0x199E] STA 4,SP *) (compile m ? STA (maSP1 〈x0,x4〉) I) @
+(* [0x19A1] LDA 9,SP *) (compile m ? LDA (maSP1 〈x0,x9〉) I) @
+(* [0x19A4] DIV *) (compile m ? DIV maINH I) @
+(* [0x19A5] STA 5,SP *) (compile m ? STA (maSP1 〈x0,x5〉) I) @
+(* [0x19A8] CLR 8,SP *) (compile m ? CLR (maSP1 〈x0,x8〉) I) @
+(* [0x19AB] PSHH *) (compile m ? PSHH maINH I) @
+(* [0x19AC] PULA *) (compile m ? PULA maINH I) @
+(* [0x19AD] STA 9,SP *) (compile m ? STA (maSP1 〈x0,x9〉) I) @
+(* [0x19B0] RTS *) (compile m ? RTS maINH I) @
+(* [0x19B1] CLRA *) (compile m ? CLR maINHA I) @
+(* [0x19B2] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x19B3] LDX #0x08 *) (compile m ? LDX (maIMM1 〈x0,x8〉) I) @
+(* [0x19B5] CLC *) (compile m ? CLC maINH I) @
+(* [0x19B6] ROL 10,SP *) (compile m ? ROL (maSP1 〈x0,xA〉) I) @
+(* [0x19B9] ROL 9,SP *) (compile m ? ROL (maSP1 〈x0,x9〉) I) @
+(* [0x19BC] ROL 1,SP *) (compile m ? ROL (maSP1 〈x0,x1〉) I) @
+(* [0x19BF] LDA 5,SP *) (compile m ? LDA (maSP1 〈x0,x5〉) I) @
+(* [0x19C2] CMP 1,SP *) (compile m ? CMP (maSP1 〈x0,x1〉) I) @
+(* [0x19C5] BHI *+31 ; 0x19E4 *) (compile m ? BHI (maIMM1 〈x1,xD〉) I) @
+(* [0x19C7] BNE *+10 ; 0x19D1 *) (compile m ? BNE (maIMM1 〈x0,x8〉) I) @
+(* [0x19C9] LDA 6,SP *) (compile m ? LDA (maSP1 〈x0,x6〉) I) @
+(* [0x19CC] CMP 9,SP *) (compile m ? CMP (maSP1 〈x0,x9〉) I) @
+(* [0x19CF] BHI *+21 ; 0x19E4 *) (compile m ? BHI (maIMM1 〈x1,x3〉) I) @
+(* [0x19D1] LDA 9,SP *) (compile m ? LDA (maSP1 〈x0,x9〉) I) @
+(* [0x19D4] SUB 6,SP *) (compile m ? SUB (maSP1 〈x0,x6〉) I) @
+(* [0x19D7] STA 9,SP *) (compile m ? STA (maSP1 〈x0,x9〉) I) @
+(* [0x19DA] LDA 1,SP *) (compile m ? LDA (maSP1 〈x0,x1〉) I) @
+(* [0x19DD] SBC 5,SP *) (compile m ? SBC (maSP1 〈x0,x5〉) I) @
+(* [0x19E0] STA 1,SP *) (compile m ? STA (maSP1 〈x0,x1〉) I) @
+(* [0x19E3] SEC *) (compile m ? SEC maINH I) @
+(* [0x19E4] DBNZX *-46 ; 0x19B6 *) (compile m ? DBNZ (maINHX_and_IMM1 〈xD,x0〉) I) @
+(* [0x19E6] LDA 10,SP *) (compile m ? LDA (maSP1 〈x0,xA〉) I) @
+(* [0x19E9] ROLA *) (compile m ? ROL maINHA I) @
+(* [0x19EA] STA 6,SP *) (compile m ? STA (maSP1 〈x0,x6〉) I) @
+(* [0x19ED] LDA 9,SP *) (compile m ? LDA (maSP1 〈x0,x9〉) I) @
+(* [0x19F0] STA 10,SP *) (compile m ? STA (maSP1 〈x0,xA〉) I) @
+(* [0x19F3] PULA *) (compile m ? PULA maINH I) @
+(* [0x19F4] STA 8,SP *) (compile m ? STA (maSP1 〈x0,x8〉) I) @
+(* [0x19F7] CLR 4,SP *) (compile m ? CLR (maSP1 〈x0,x4〉) I) @
+(* [0x19FA] RTS *) (compile m ? RTS maINH I) @
+
+(*
+static void _LADD_k_is_k_plus_j(_PARAM_BINARY_L) { ... }
+*)
+
+(* [0x19FB] TSX *) (compile m ? TSX maINH I) @
+(* [0x19FC] LDA 18,X *) (compile m ? LDA (maIX1 〈x1,x2〉) I) @
+(* [0x19FE] ADD 5,X *) (compile m ? ADD (maIX1 〈x0,x5〉) I) @
+(* [0x1A00] STA 18,X *) (compile m ? STA (maIX1 〈x1,x2〉) I) @
+(* [0x1A02] LDA 17,X *) (compile m ? LDA (maIX1 〈x1,x1〉) I) @
+(* [0x1A04] ADC 4,X *) (compile m ? ADC (maIX1 〈x0,x4〉) I) @
+(* [0x1A06] STA 17,X *) (compile m ? STA (maIX1 〈x1,x1〉) I) @
+(* [0x1A08] LDA 16,X *) (compile m ? LDA (maIX1 〈x1,x0〉) I) @
+(* [0x1A0A] ADC 3,X *) (compile m ? ADC (maIX1 〈x0,x3〉) I) @
+(* [0x1A0C] STA 16,X *) (compile m ? STA (maIX1 〈x1,x0〉) I) @
+(* [0x1A0E] LDA 15,X *) (compile m ? LDA (maIX1 〈x0,xF〉) I) @
+(* [0x1A10] ADC 2,X *) (compile m ? ADC (maIX1 〈x0,x2〉) I) @
+(* [0x1A12] STA 15,X *) (compile m ? STA (maIX1 〈x0,xF〉) I) @
+(* [0x1A14] AIS #10 *) (compile m ? AIS (maIMM1 〈x0,xA〉) I) @
+(* [0x1A16] PULH *) (compile m ? PULH maINH I) @
+(* [0x1A17] PULX *) (compile m ? PULX maINH I) @
+(* [0x1A18] PULA *) (compile m ? PULA maINH I) @
+(* [0x1A19] RTS *) (compile m ? RTS maINH I) @
+
+(*
+void _IMODU_STAR08(int i, ...) { ... }
+*)
+
+(* [0x1A1A] AIS #-2 *) (compile m ? AIS (maIMM1 〈xF,xE〉) I) @
+(* [0x1A1C] STHX 1,SP *) (compile m ? STHX (maSP1 〈x0,x1〉) I) @
+(* [0x1A1F] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x1A20] JSR 0x1992 *) (compile m ? JSR (maIMM2 〈〈x1,x9〉:〈x9,x2〉〉) I) @
+(* [0x1A23] PULA *) (compile m ? PULA maINH I) @
+(* [0x1A24] AIS #2 *) (compile m ? AIS (maIMM1 〈x0,x2〉) I) @
+(* [0x1A26] LDHX 3,SP *) (compile m ? LDHX (maSP1 〈x0,x3〉) I) @
+(* [0x1A29] RTS *) (compile m ? RTS maINH I) @
+
+(*
+void _LADD(void) { ... }
+*)
+
+(* [0x1A2A] JSR 0x197C *) (compile m ? JSR (maIMM2 〈〈x1,x9〉:〈x7,xC〉〉) I) @
+(* [0x1A2D] JSR 0x19FB *) (compile m ? JSR (maIMM2 〈〈x1,x9〉:〈xF,xB〉〉) I) @
+
+(*
+void _POP32(void) { ... }
+*)
+
+(* [0x1A30] PSHA *) (compile m ? PSHA maINH I) @
+(* [0x1A31] LDA 4,SP *) (compile m ? LDA (maSP1 〈x0,x4〉) I) @
+(* [0x1A34] STA ,X *) (compile m ? STA maIX0 I) @
+(* [0x1A35] LDA 5,SP *) (compile m ? LDA (maSP1 〈x0,x5〉) I) @
+(* [0x1A38] STA 1,X *) (compile m ? STA (maIX1 〈x0,x1〉) I) @
+(* [0x1A3A] LDA 6,SP *) (compile m ? LDA (maSP1 〈x0,x6〉) I) @
+(* [0x1A3D] STA 2,X *) (compile m ? STA (maIX1 〈x0,x2〉) I) @
+(* [0x1A3F] LDA 7,SP *) (compile m ? LDA (maSP1 〈x0,x7〉) I) @
+(* [0x1A42] STA 3,X *) (compile m ? STA (maIX1 〈x0,x3〉) I) @
+(* [0x1A44] PULA *) (compile m ? PULA maINH I) @
+(* [0x1A45] PULH *) (compile m ? PULH maINH I) @
+(* [0x1A46] PULX *) (compile m ? PULX maINH I) @
+(* [0x1A47] AIS #4 *) (compile m ? AIS (maIMM1 〈x0,x4〉) I) @
+(* [0x1A49] JMP ,X *) (compile m ? JMP maINHX0ADD I)
+
+(* attraverso simulazione in CodeWarrior si puo' enunciare che dopo
+ 80+(65*n*(n+1)*(n+2))/6 si sara' entrati in stato STOP corrispondente
+ AFTER: HX=num PC=0x1951 I=0 *)
+ ).
+
+(* creazione del processore+caricamento+impostazione registri *)
+definition dTest_HCS08_gNum_status ≝
+λt:memory_impl.
+λI_op:bool.
+λA_op:byte8.
+λHX_op:word16.
+λPC_op:word16.
+λaddr:word16.
+λelems:word16.
+λdata:list byte8.
+ setweak_i_flag HCS08 t (* I<-I_op *)
+ (set_acc_8_low_reg HCS08 t (* A<-A_op *)
+ (set_z_flag HCS08 t (* Z<-true *)
+ (setweak_sp_reg HCS08 t (* SP<-0x016F *)
+ (setweak_indX_16_reg HCS08 t (* H:X<-HX_op *)
+ (set_pc_reg HCS08 t (* PC<-PC_op *)
+ (start_of_mcu_version
+ MC9S08GB60 t
+ (load_from_source_at t (* carica data in RAM:dTest_HCS08_RAM *)
+ (load_from_source_at t (zero_memory t) (* carica source in ROM:addr *)
+ (dTest_HCS08_cSort_source elems) addr)
+ data dTest_HCS08_RAM)
+ (build_memory_type_of_mcu_version MC9S08GB60 t)
+ (mk_byte8 x0 x0) (mk_byte8 x0 x0) (* non deterministici tutti a 0 *)
+ false false false false false false) (* non deterministici tutti a 0 *)
+ PC_op)
+ HX_op)
+ (mk_word16 (mk_byte8 x0 x1) (mk_byte8 x6 xF)))
+ true)
+ A_op)
+ I_op.
+
+(* NUMERI AUREI: Somma divisori(x)=x, fino a 0xFFFF sono 6/28/496/8128 *)
+definition dTest_HCS08_gNum_aurei ≝
+λnum:word16.match gt_w16 num 〈〈x1,xF〉:〈xC,x0〉〉 with
+ [ true ⇒ [ 〈x0,x0〉 ; 〈x0,x6〉 ; 〈x0,x0〉 ; 〈x1,xC〉 ; 〈x0,x1〉 ; 〈xF,x0〉 ; 〈x1,xF〉 ; 〈xC,x0〉 ]
+ | false ⇒ match gt_w16 num 〈〈x0,x1〉:〈xF,x0〉〉 with
+ [ true ⇒ [ 〈x0,x0〉 ; 〈x0,x6〉 ; 〈x0,x0〉 ; 〈x1,xC〉 ; 〈x0,x1〉 ; 〈xF,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ]
+ | false ⇒ match gt_w16 num 〈〈x0,x0〉:〈x1,xC〉〉 with
+ [ true ⇒ [ 〈x0,x0〉 ; 〈x0,x6〉 ; 〈x0,x0〉 ; 〈x1,xC〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ]
+ | false ⇒ match gt_w16 num 〈〈x0,x0〉:〈x0,x6〉〉 with
+ [ true ⇒ [ 〈x0,x0〉 ; 〈x0,x6〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ]
+ | false ⇒ [ 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ]
+ ]
+ ]
+ ]
+ ] @ [ 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉
+ ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉
+ ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ].
+
+(* esecuzione execute k*(n+2) *)
+let rec dTest_HCS08_gNum_execute1 (m:mcu_type) (t:memory_impl) (s:tick_result (any_status m t)) (n,ntot:nat) on n ≝
+ match s with
+ [ TickERR s' error ⇒ TickERR ? s' error
+ | TickSUSP s' susp ⇒ TickSUSP ? s' susp
+ | TickOK s' ⇒ match n with
+ [ O ⇒ TickOK ? s'
+ | S n' ⇒ dTest_HCS08_gNum_execute1 m t (execute m t (TickOK ? s') (ntot+2)) n' ntot ]
+ ].
+
+(* esecuzione execute k*(n+1)*(n+2) *)
+let rec dTest_HCS08_gNum_execute2 (m:mcu_type) (t:memory_impl) (s:tick_result (any_status m t)) (n,ntot:nat) on n ≝
+ match s with
+ [ TickERR s' error ⇒ TickERR ? s' error
+ | TickSUSP s' susp ⇒ TickSUSP ? s' susp
+ | TickOK s' ⇒ match n with
+ [ O ⇒ TickOK ? s'
+ | S n' ⇒ dTest_HCS08_gNum_execute2 m t (dTest_HCS08_gNum_execute1 m t (TickOK ? s') (ntot+1) ntot) n' ntot ]
+ ].
+
+(* esecuzione execute k*n*(n+1)*(n+2) *)
+let rec dTest_HCS08_gNum_execute3 (m:mcu_type) (t:memory_impl) (s:tick_result (any_status m t)) (n,ntot:nat) on n ≝
+ match s with
+ [ TickERR s' error ⇒ TickERR ? s' error
+ | TickSUSP s' susp ⇒ TickSUSP ? s' susp
+ | TickOK s' ⇒ match n with
+ [ O ⇒ TickOK ? s'
+ | S n' ⇒ dTest_HCS08_gNum_execute3 m t (dTest_HCS08_gNum_execute2 m t (TickOK ? s') ntot ntot) n' ntot ]
+ ].
+
+(* esecuzione execute 80+11*n*(n+1)*(n+2) *)
+definition dTest_HCS08_gNum_execute4 ≝
+λm:mcu_type.λt:memory_impl.λs:tick_result (any_status m t).λntot:nat.
+ match s with
+ [ TickERR s' error ⇒ TickERR ? s' error
+ | TickSUSP s' susp ⇒ TickSUSP ? s' susp
+ | TickOK s' ⇒ execute m t (dTest_HCS08_gNum_execute3 m t (TickOK ? s') 11 ntot) 80
+ ].
+
+(* parametrizzazione dell'enunciato del teorema parziale *)
+lemma dTest_HCS08_gNum_aux ≝
+λt:memory_impl.λnum:word16.
+ (* 2) match di esecuzione su tempo in forma di upperbound *)
+ match dTest_HCS08_gNum_execute4 HCS08 t
+ (TickOK ? (dTest_HCS08_gNum_status t true 〈x0,x0〉 〈〈x1,xA〉:〈x0,x0〉〉 〈〈x1,x8〉:〈xB,xE〉〉 〈〈x1,x8〉:〈xB,xE〉〉 num dTest_zeros))
+ (* tempo di esecuzione 80+11*n*(n+1)*(n+2) *)
+ num with
+ [ TickERR s _ ⇒ None ?
+ (* azzeramento tutta RAM tranne dati *)
+ | TickSUSP s _ ⇒ Some ? (set_mem_desc HCS08 t s (load_from_source_at t (get_mem_desc HCS08 t s) dTest_zeros3K 〈〈x0,x1〉:〈x2,x0〉〉))
+ | TickOK s ⇒ None ?
+ ] =
+ Some ? (dTest_HCS08_gNum_status t false 〈x0,x0〉 num 〈〈x1,x9〉:〈x5,x1〉〉 〈〈x1,x8〉:〈xB,xE〉〉 num (dTest_HCS08_gNum_aurei num)).
+
+definition gNumCalc ≝
+λnum:word16.
+ match dTest_HCS08_gNum_execute4 HCS08 MEM_TREE
+ (TickOK ? (dTest_HCS08_gNum_status MEM_TREE true 〈x0,x0〉 〈〈x1,xA〉:〈x0,x0〉〉 〈〈x1,x8〉:〈xB,xE〉〉 〈〈x1,x8〉:〈xB,xE〉〉 num dTest_zeros))
+ num with
+ [ TickERR s _ ⇒ None ?
+ | TickSUSP s _ ⇒ Some ? (set_mem_desc HCS08 MEM_TREE s (load_from_source_at MEM_TREE (get_mem_desc HCS08 MEM_TREE s) dTest_zeros3K 〈〈x0,x1〉:〈x2,x0〉〉))
+ | TickOK s ⇒ None ?
+ ].
+
+definition gNumNoCalc ≝
+λnum:word16.
+ Some ? (dTest_HCS08_gNum_status MEM_TREE false 〈x0,x0〉 num 〈〈x1,x9〉:〈x5,x1〉〉 〈〈x1,x8〉:〈xB,xE〉〉 num (dTest_HCS08_gNum_aurei num)).
+
+definition gNumCalc1 ≝ gNumCalc 〈〈x0,x0〉:〈x0,x1〉〉.
+definition gNumCalc2 ≝ gNumCalc 〈〈x0,x0〉:〈x0,x2〉〉.
+definition gNumCalc5 ≝ gNumCalc 〈〈x0,x0〉:〈x0,x5〉〉.
+definition gNumCalc10 ≝ gNumCalc 〈〈x0,x0〉:〈x0,xA〉〉.
+definition gNumCalc20 ≝ gNumCalc 〈〈x0,x0〉:〈x1,x4〉〉.
+definition gNumCalc50 ≝ gNumCalc 〈〈x0,x0〉:〈x3,x2〉〉.
+definition gNumCalc100 ≝ gNumCalc 〈〈x0,x0〉:〈x6,x4〉〉.
+definition gNumCalc250 ≝ gNumCalc 〈〈x0,x0〉:〈xF,xA〉〉.
+definition gNumCalc500 ≝ gNumCalc 〈〈x0,x1〉:〈xF,x4〉〉.
+definition gNumCalc1000 ≝ gNumCalc 〈〈x0,x3〉:〈xE,x8〉〉.
+
+definition gNumNoCalc1 ≝ gNumNoCalc 〈〈x0,x0〉:〈x0,x1〉〉.
+definition gNumNoCalc2 ≝ gNumNoCalc 〈〈x0,x0〉:〈x0,x2〉〉.
+definition gNumNoCalc5 ≝ gNumNoCalc 〈〈x0,x0〉:〈x0,x5〉〉.
+definition gNumNoCalc10 ≝ gNumNoCalc 〈〈x0,x0〉:〈x0,xA〉〉.
+definition gNumNoCalc20 ≝ gNumNoCalc 〈〈x0,x0〉:〈x1,x4〉〉.
+definition gNumNoCalc50 ≝ gNumNoCalc 〈〈x0,x0〉:〈x3,x2〉〉.
+definition gNumNoCalc100 ≝ gNumNoCalc 〈〈x0,x0〉:〈x6,x4〉〉.
+definition gNumNoCalc250 ≝ gNumNoCalc 〈〈x0,x0〉:〈xF,xA〉〉.
+definition gNumNoCalc500 ≝ gNumNoCalc 〈〈x0,x1〉:〈xF,x4〉〉.
+definition gNumNoCalc1000 ≝ gNumNoCalc 〈〈x0,x3〉:〈xE,x8〉〉.
projects / helm.git / blobdiff