X-Git-Url: http://matita.cs.unibo.it/gitweb/?p=helm.git;a=blobdiff_plain;f=matita%2Fcontribs%2Fassembly%2Ffreescale%2Fmedium_tests.ma;fp=matita%2Fcontribs%2Fassembly%2Ffreescale%2Fmedium_tests.ma;h=90762c5fb3e45634921cd99ab44fed8814279523;hp=0000000000000000000000000000000000000000;hb=f61af501fb4608cc4fb062a0864c774e677f0d76;hpb=58ae1809c352e71e7b5530dc41e2bfc834e1aef1 diff --git a/matita/contribs/assembly/freescale/medium_tests.ma b/matita/contribs/assembly/freescale/medium_tests.ma new file mode 100644 index 000000000..90762c5fb --- /dev/null +++ b/matita/contribs/assembly/freescale/medium_tests.ma @@ -0,0 +1,890 @@ +(**************************************************************************) +(* ___ *) +(* ||M|| *) +(* ||A|| A project by Andrea Asperti *) +(* ||T|| *) +(* ||I|| Developers: *) +(* ||T|| The HELM team. *) +(* ||A|| http://helm.cs.unibo.it *) +(* \ / *) +(* \ / This file is distributed under the terms of the *) +(* v GNU General Public License Version 2 *) +(* *) +(**************************************************************************) + +(* ********************************************************************** *) +(* Progetto FreeScale *) +(* *) +(* Sviluppato da: *) +(* Cosimo Oliboni, oliboni@cs.unibo.it *) +(* *) +(* Questo materiale fa parte della tesi: *) +(* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *) +(* *) +(* data ultima modifica 15/11/2007 *) +(* ********************************************************************** *) + +include "freescale/medium_tests_lemmas.ma". + +(* ************************ *) +(* HCS08GB60 String Reverse *) +(* ************************ *) + +(* versione ridotta, in cui non si riazzerano gli elementi di counters *) +definition dTest_HCS08_sReverse_source : word16 → (list byte8) ≝ +λelems:word16. +let m ≝ HCS08 in source_to_byte8 m ( +(* BEFORE: A=0x00 H:X=0x0D4B SP=0x0D4A PC=0x18E0 Z=true *) + +(* static unsigned char dati[3072]={...}; + + void swap(unsigned char *a, unsigned char *b) + { unsigned char tmp=*a; *a=*b; *b=tmp; return; } *) + +(* [0x18C8] allineamento *) (compile m ? NOP maINH I) @ + +(* argomenti: HX e [0x0D49-A], passaggio ibrido reg, stack *) +(* [0x18C9] PSHX *) (compile m ? PSHX maINH I) @ +(* [0x18CA] PSHH *) (compile m ? PSHH maINH I) @ +(* [0x18CB] LDHX 5,SP *) (compile m ? LDHX (maSP1 〈x0,x5〉) I) @ +(* [0x18CE] LDA ,X *) (compile m ? LDA maIX0 I) @ +(* [0x18CF] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @ +(* [0x18D2] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x18D3] LDA ,X *) (compile m ? LDA maIX0 I) @ +(* [0x18D4] LDHX 6,SP *) (compile m ? LDHX (maSP1 〈x0,x6〉) I) @ +(* [0x18D7] STA ,X *) (compile m ? STA maIX0 I) @ +(* [0x18D8] LDHX 2,SP *) (compile m ? LDHX (maSP1 〈x0,x2〉) I) @ +(* [0x18DB] PULA *) (compile m ? PULA maINH I) @ +(* [0x18DC] STA ,X *) (compile m ? STA maIX0 I) @ +(* [0x18DD] AIS #2 *) (compile m ? AIS (maIMM1 〈x0,x2〉) I) @ +(* [0x18DF] RTS *) (compile m ? RTS maINH I) @ + +(* void main(void) + { + unsigned int pos=0,limit=0; + + for(limit=3072;pos<(limit/2);pos++) + { swap(&dati[pos],&dati[limit-pos-1]); } *) + +(* [0x18E0] LDHX #elems *) (compile m ? LDHX (maIMM2 elems) I) @ +(* [0x18E3] STHX 4,SP *) (compile m ? STHX (maSP1 〈x0,x4〉) I) @ +(* [0x18E6] BRA *+52 ; 191A *) (compile m ? BRA (maIMM1 〈x3,x2〉) I) @ +(* [0x18E8] TSX *) (compile m ? TSX maINH I) @ +(* [0x18E9] LDA 2,X *) (compile m ? LDA (maIX1 〈x0,x2〉) I) @ +(* [0x18EB] ADD #0x00 *) (compile m ? ADD (maIMM1 〈x0,x0〉) I) @ +(* [0x18ED] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x18EE] LDA 1,X *) (compile m ? LDA (maIX1 〈x0,x1〉) I) @ +(* [0x18F0] ADC #0x01 *) (compile m ? ADC (maIMM1 〈x0,x1〉) I) @ +(* [0x18F2] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x18F3] LDA 4,X *) (compile m ? LDA (maIX1 〈x0,x4〉) I) @ +(* [0x18F5] SUB 2,X *) (compile m ? SUB (maIX1 〈x0,x2〉) I) @ +(* [0x18F7] STA ,X *) (compile m ? STA maIX0 I) @ +(* [0x18F8] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @ +(* [0x18FA] SBC 1,X *) (compile m ? SBC (maIX1 〈x0,x1〉) I) @ +(* [0x18FC] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x18FD] LDX ,X *) (compile m ? LDX maIX0 I) @ +(* [0x18FE] PULH *) (compile m ? PULH maINH I) @ +(* [0x18FF] AIX #-1 *) (compile m ? AIX (maIMM1 〈xF,xF〉) I) @ +(* [0x1901] TXA *) (compile m ? TXA maINH I) @ +(* [0x1902] ADD #0x00 *) (compile m ? ADD (maIMM1 〈x0,x0〉) I) @ +(* [0x1904] PSHH *) (compile m ? PSHH maINH I) @ +(* [0x1905] TSX *) (compile m ? TSX maINH I) @ +(* [0x1906] STA 3,X *) (compile m ? STA (maIX1 〈x0,x3〉) I) @ +(* [0x1908] PULA *) (compile m ? PULA maINH I) @ +(* [0x1909] ADC #0x01 *) (compile m ? ADC (maIMM1 〈x0,x1〉) I) @ +(* [0x190B] LDX 3,X *) (compile m ? LDX (maIX1 〈x0,x3〉) I) @ +(* [0x190D] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x190E] PULH *) (compile m ? PULH maINH I) @ +(* [0x190F] BSR *-70 ; 18C9 *) (compile m ? BSR (maIMM1 〈xB,x8〉) I) @ +(* [0x1911] AIS #2 *) (compile m ? AIS (maIMM1 〈x0,x2〉) I) @ +(* [0x1913] TSX *) (compile m ? TSX maINH I) @ +(* [0x1914] INC 2,X *) (compile m ? INC (maIX1 〈x0,x2〉) I) @ +(* [0x1916] BNE *+4 ; 191A *) (compile m ? BNE (maIMM1 〈x0,x2〉) I) @ +(* [0x1918] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @ +(* [0x191A] TSX *) (compile m ? TSX maINH I) @ +(* [0x191B] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @ +(* [0x191D] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x191E] PULH *) (compile m ? PULH maINH I) @ +(* [0x191F] LSRA *) (compile m ? LSR maINHA I) @ +(* [0x1920] TSX *) (compile m ? TSX maINH I) @ +(* [0x1921] LDX 4,X *) (compile m ? LDX (maIX1 〈x0,x4〉) I) @ +(* [0x1923] RORX *) (compile m ? ROR maINHX I) @ +(* [0x1924] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x1925] PULH *) (compile m ? PULH maINH I) @ +(* [0x1926] CPHX 2,SP *) (compile m ? CPHX (maSP1 〈x0,x2〉) I) @ +(* [0x1929] BHI *-65 ; 18E8 *) (compile m ? BHI (maIMM1 〈xB,xD〉) I) + +(* [0x192B] !FINE! + attraverso simulazione in CodeWarrior si puo' enunciare che dopo + 42+79*n+5*(n>>9) ci sara' il reverse di n byte (PARI) e + H:X=n/2 *) + ). + +(* creazione del processore+caricamento+impostazione registri *) +definition dTest_HCS08_sReverse_status ≝ +λt:memory_impl. +λA_op:byte8. +λHX_op:word16. +λelems:word16. +λdata:list byte8. + set_acc_8_low_reg HCS08 t (* A<-A_op *) + (set_z_flag HCS08 t (* Z<-true *) + (setweak_sp_reg HCS08 t (* SP<-0x0D4A *) + (setweak_indX_16_reg HCS08 t (* H:X<-HX_op *) + (set_pc_reg HCS08 t (* PC<-0x18E0 *) + (start_of_mcu_version + MC9S08GB60 t + (load_from_source_at t (* carica data in RAM:dTest_HCS08_RAM *) + (load_from_source_at t (zero_memory t) (* carica source in ROM:dTest_HCS08_prog *) + (dTest_HCS08_sReverse_source elems) dTest_HCS08_prog) + data dTest_HCS08_RAM) + (build_memory_type_of_mcu_version MC9S08GB60 t) + (mk_byte8 x0 x0) (mk_byte8 x0 x0) (* non deterministici tutti a 0 *) + false false false false false false) (* non deterministici tutti a 0 *) + (mk_word16 (mk_byte8 x1 x8) (mk_byte8 xE x0))) + HX_op) + (mk_word16 (mk_byte8 x0 xD) (mk_byte8 x4 xA))) + true) + A_op. + +(* parametrizzazione dell'enunciato del teorema *) +(* primo sbozzo: confronto esecuzione con hexdump... *) +lemma dTest_HCS08_sReverse_dump_aux ≝ +λt:memory_impl.λstring:list byte8. + (* 1) la stringa deve avere una lunghezza ∈ [0,3072] *) + (byte8_bounded_strlen string 〈〈x0,xC〉:〈x0,x0〉〉) ∧ + (* 2) la stringa deve avere lunghezza pari *) + ((and_b8 (w16l (byte8_strlen string)) 〈x0,x1〉) = 〈x0,x0〉) ∧ + (* 3) match di esecuzione su tempo in forma di tempo esatto *) + (match execute HCS08 t + (* parametri IN: t,H:X,strlen(string),string *) + (TickOK ? (dTest_HCS08_sReverse_status t 〈x0,x0〉 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen string) string)) + (* tempo di esecuzione 42+79*n+5*(n>>9) *) + (42+79*(byte8_strlen string)+5*((byte8_strlen string)/512)) with + [ TickERR s _ ⇒ None ? + (* azzeramento tutta RAM tranne dati *) + | TickSUSP s _ ⇒ None ? + | TickOK s ⇒ Some ? (byte8_hexdump t (get_mem_desc HCS08 t s) dTest_HCS08_RAM (byte8_strlen string)) + ] = + Some ? (byte8_reverse string)). + +(* confronto esecuzione con hexdump... *) +(* +lemma dTest_HCS08_sReverse_dump : + dTest_HCS08_sReverse_dump_aux MEM_TREE dTest_random_32. + unfold dTest_HCS08_sReverse_dump_aux; + split; + [ split; [ normalize in ⊢ (%); autobatch ] reflexivity ] + reflexivity. +qed. +*) + +(* parametrizzazione dell'enunciato del teorema *) +(* dimostrazione senza svolgimento degli stati *) +lemma dTest_HCS08_sReverse_aux ≝ +λt:memory_impl.λstring:list byte8. + (* 1) la stringa deve avere una lunghezza ∈ [0,3072] *) + (byte8_bounded_strlen string 〈〈x0,xC〉:〈x0,x0〉〉) ∧ + (* 2) la stringa deve avere lunghezza pari *) + ((and_b8 (w16l (byte8_strlen string)) 〈x0,x1〉) = 〈x0,x0〉) ∧ + (* 3) match di esecuzione su tempo in forma di tempo esatto *) + (match execute HCS08 t + (* parametri IN: t,H:X,strlen(string),string *) + (TickOK ? (dTest_HCS08_sReverse_status t 〈x0,x0〉 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen string) string)) + (* tempo di esecuzione 42+79*n+5*(n>>9) *) + (42+79*(byte8_strlen string)+5*((byte8_strlen string)/512)) with + [ TickERR s _ ⇒ None ? + (* azzeramento tutta RAM tranne dati *) + | TickSUSP s _ ⇒ None ? + | TickOK s ⇒ Some ? (set_mem_desc HCS08 t s (load_from_source_at t (get_mem_desc HCS08 t s) dTest_zeros 〈〈x0,xD〉:〈x0,x0〉〉)) + ] = + Some ? (set_pc_reg HCS08 t + (dTest_HCS08_sReverse_status t (fst ?? (shr_b8 (w16h (byte8_strlen string)))) (fst ?? (shr_w16 (byte8_strlen string))) (byte8_strlen string) (byte8_reverse string)) + (mk_word16 (mk_byte8 x1 x9) (mk_byte8 x2 xB)))). + +(* +lemma dTest_HCS08_sReverse : + dTest_HCS08_sReverse_aux MEM_TREE dTest_random_32. + unfold dTest_HCS08_sReverse_aux; + split; + [ split; [ normalize in ⊢ (%); autobatch ] reflexivity ] + + rewrite > (breakpoint HCS08 MEM_TREE (TickOK ? (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32)) 3 (39+79*byte8_strlen dTest_random_32+5*(byte8_strlen dTest_random_32/512))) in ⊢ (? ? match % in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?); + letin status0 ≝ (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32); + change in ⊢ (? ? match ? ? ? (? ? ? % ?) ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?) with + (TickOK ? status0); + rewrite > (execute_HCS08_LDHX_maIMM2 MEM_TREE status0 〈x0,x0〉 〈x2,x0〉) in ⊢ (? ? match ? ? ? % ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?); + [ 2,3,4,5: reflexivity; ] + + letin status1 ≝ (set_pc_reg HCS08 MEM_TREE (setweak_v_flag HCS08 MEM_TREE (setweak_n_flag HCS08 MEM_TREE (set_z_flag HCS08 MEM_TREE (set_alu HCS08 MEM_TREE (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32) (set_indX_16_reg_HC08 (alu HCS08 MEM_TREE (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32)) 〈〈x0,x0〉:〈x2,x0〉〉)) (eq_w16 〈〈x0,x0〉:〈x2,x0〉〉 〈〈x0,x0〉:〈x0,x0〉〉)) (MSB_w16 〈〈x0,x0〉:〈x2,x0〉〉)) false) (filtered_plus_w16 HCS08 MEM_TREE (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32) (get_pc_reg HCS08 MEM_TREE (dTest_HCS08_sReverse_status MEM_TREE 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen dTest_random_32) dTest_random_32)) 3)); + change in ⊢ (? ? match ? ? ? % ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?) with (TickOK ? status1); + + rewrite > (breakpoint HCS08 MEM_TREE (TickOK ? status1) 5 (34+79*byte8_strlen dTest_random_32+5*(byte8_strlen dTest_random_32/512))) in ⊢ (? ? match % in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?); + change in ⊢ (? ? match ? ? ? (? ? ? % ?) ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?) with (TickOK ? status1); + rewrite > (execute_HCS08_STHX_maSP1 status1 〈x0,x4〉) + in ⊢ (? ? match ? ? ? % ? in tick_result return ? with [TickERR⇒?|TickSUSP⇒?|TickOK⇒?] ?); + [ 2,3,4,5,6,7: reflexivity; ] + + elim daemon. + +qed. +*) + +definition sReverseCalc ≝ +λstring:list byte8. + match execute HCS08 MEM_TREE + (TickOK ? (dTest_HCS08_sReverse_status MEM_TREE 〈x0,x0〉 〈〈x0,xD〉:〈x4,xB〉〉 (byte8_strlen string) string)) + (42+79*(byte8_strlen string)+5*((byte8_strlen string)/512)) with + [ TickERR s _ ⇒ None ? + | TickSUSP s _ ⇒ None ? + | TickOK s ⇒ Some ? (set_mem_desc HCS08 MEM_TREE s (load_from_source_at MEM_TREE (get_mem_desc HCS08 MEM_TREE s) dTest_zeros 〈〈x0,xD〉:〈x0,x0〉〉)) + ]. + +definition sReverseNoCalc ≝ +λstring:list byte8. + Some ? (set_pc_reg HCS08 MEM_TREE + (dTest_HCS08_sReverse_status MEM_TREE (fst ?? (shr_b8 (w16h (byte8_strlen string)))) + (fst ?? (shr_w16 (byte8_strlen string))) + (byte8_strlen string) (byte8_reverse string)) + (mk_word16 (mk_byte8 x1 x9) (mk_byte8 x2 xB))). + +definition sReverseCalc32 ≝ sReverseCalc dTest_random_32. +definition sReverseCalc64 ≝ sReverseCalc dTest_random_64. +definition sReverseCalc128 ≝ sReverseCalc dTest_random_128. +definition sReverseCalc256 ≝ sReverseCalc dTest_random_256. +definition sReverseCalc512 ≝ sReverseCalc dTest_random_512. +definition sReverseCalc1024 ≝ sReverseCalc dTest_random_1024. +definition sReverseCalc2048 ≝ sReverseCalc dTest_random_2048. +definition sReverseCalc3072 ≝ sReverseCalc dTest_random_3072. + +definition sReverseNoCalc32 ≝ sReverseNoCalc dTest_random_32. +definition sReverseNoCalc64 ≝ sReverseNoCalc dTest_random_64. +definition sReverseNoCalc128 ≝ sReverseNoCalc dTest_random_128. +definition sReverseNoCalc256 ≝ sReverseNoCalc dTest_random_256. +definition sReverseNoCalc512 ≝ sReverseNoCalc dTest_random_512. +definition sReverseNoCalc1024 ≝ sReverseNoCalc dTest_random_1024. +definition sReverseNoCalc2048 ≝ sReverseNoCalc dTest_random_2048. +definition sReverseNoCalc3072 ≝ sReverseNoCalc dTest_random_3072. + +(* *********************** *) +(* HCS08GB60 Counting Sort *) +(* *********************** *) + +(* versione ridotta, in cui non si riazzerano gli elementi di counters *) +definition dTest_HCS08_cSort_source : word16 → (list byte8) ≝ +λelems:word16. +let m ≝ HCS08 in source_to_byte8 m ( +(* BEFORE: A=0x00 H:X=0x0F4C SP=0x0F4B PC=0x18C8 Z=true *) + +(* /* IPOTESI: INIT VARIABILI+ARRAY GIA' ESEGUITO */ + static unsigned int counters[256]={ campitura di 0 }; + static unsigned char dati[3072]={ dati random }; + + void CountingSort(void) + { + unsigned int index=0,position=0; *) + +(* /* TESI: CODICE DA ESEGUIRE + + /* calcolo del # ripetizioni degli elementi byte */ + for(;index<3072;index++) + { counters[dati[index]]++; } *) + +(* [0x18C8] BRA *+31;18E7 *) (compile m ? BRA (maIMM1 〈x1,xD〉) I) @ +(* [0x18CA] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @ +(* [0x18CD] LDA 256,X *) (compile m ? LDA (maIX2 〈〈x0,x1〉:〈x0,x0〉〉) I) @ +(* [0x18D0] LSLA *) (compile m ? ASL maINHA I) @ +(* [0x18D1] CLRX *) (compile m ? CLR maINHX I) @ +(* [0x18D2] ROLX *) (compile m ? ROL maINHX I) @ +(* [0x18D3] ADD #0x00 *) (compile m ? ADD (maIMM1 〈x0,x0〉) I) @ +(* [0x18D5] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x18D6] TXA *) (compile m ? TXA maINH I) @ +(* [0x18D7] ADC #0x0D *) (compile m ? ADC (maIMM1 〈x0,xD〉) I) @ +(* [0x18D9] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x18DA] PULH *) (compile m ? PULH maINH I) @ +(* [0x18DB] PULX *) (compile m ? PULX maINH I) @ +(* [0x18DC] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @ +(* [0x18DE] BNE *+3 *) (compile m ? BNE (maIMM1 〈x0,x1〉) I) @ +(* [0x18E0] INC ,X *) (compile m ? INC maIX0 I) @ +(* [0x18E1] TSX *) (compile m ? TSX maINH I) @ +(* [0x18E2] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @ +(* [0x18E4] BNE *+3 *) (compile m ? BNE (maIMM1 〈x0,x1〉) I) @ +(* [0x18E6] INC ,X *) (compile m ? INC maIX0 I) @ +(* [0x18E7] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @ +(* [0x18EA] CPHX #elems *) (compile m ? CPHX (maIMM2 elems) I) @ (* dimensione dei dati al massimo 0x0C00 *) +(* [0x18ED] BCS *-35;18CA *) (compile m ? BCS (maIMM1 〈xD,xB〉) I) @ + +(* /* sovrascrittura di dati per produrre la versione ordinata */ + for(index=0;index<256;index++) + { + while(counters[index]--) + { dati[position++]=index; } + } *) + +(* [0x18EF] TSX *) (compile m ? TSX maINH I) @ +(* [0x18F0] CLR 1,X *) (compile m ? CLR (maIX1 〈x0,x1〉) I) @ +(* [0x18F2] CLR ,X *) (compile m ? CLR maIX0 I) @ +(* [0x18F3] BRA *+16 *) (compile m ? BRA (maIMM1 〈x0,xE〉) I) @ +(* [0x18F5] TSX *) (compile m ? TSX maINH I) @ +(* [0x18F6] LDA 1,X *) (compile m ? LDA (maIX1 〈x0,x1〉) I) @ +(* [0x18F8] LDHX 3,SP *) (compile m ? LDHX (maSP1 〈x0,x3〉) I) @ +(* [0x18FB] STA 256,X *) (compile m ? STA (maIX2 〈〈x0,x1〉:〈x0,x0〉〉) I) @ +(* [0x18FE] AIX #1 *) (compile m ? AIX (maIMM1 〈x0,x1〉) I) @ +(* [0x1900] STHX 3,SP *) (compile m ? STHX (maSP1 〈x0,x3〉) I) @ +(* [0x1903] TSX *) (compile m ? TSX maINH I) @ +(* [0x1904] LDX 1,X *) (compile m ? LDX (maIX1 〈x0,x1〉) I) @ +(* [0x1906] LSLX *) (compile m ? ASL maINHX I) @ +(* [0x1907] LDA 1,SP *) (compile m ? LDA (maSP1 〈x0,x1〉) I) @ +(* [0x190A] ROLA *) (compile m ? ROL maINHA I) @ +(* [0x190B] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x190C] PULH *) (compile m ? PULH maINH I) @ +(* [0x190D] PSHX *) (compile m ? PSHX maINH I) @ +(* [0x190E] LDHX 3328,X *) (compile m ? LDHX (maIX2 〈〈x0,xD〉:〈x0,x0〉〉) I) @ +(* [0x1912] PSHX *) (compile m ? PSHX maINH I) @ +(* [0x1913] PSHH *) (compile m ? PSHH maINH I) @ +(* [0x1914] AIX #-1 *) (compile m ? AIX (maIMM1 〈xF,xF〉) I) @ +(* [0x1916] PSHH *) (compile m ? PSHH maINH I) @ +(* [0x1917] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x1918] PULH *) (compile m ? PULH maINH I) @ +(* [0x1919] PSHX *) (compile m ? PSHX maINH I) @ +(* [0x191A] LDX 5,SP *) (compile m ? LDX (maSP1 〈x0,x5〉) I) @ +(* [0x191D] PULA *) (compile m ? PULA maINH I) @ +(* [0x191E] STA 3329,X *) (compile m ? STA (maIX2 〈〈x0,xD〉:〈x0,x1〉〉) I) @ +(* [0x1921] PULA *) (compile m ? PULA maINH I) @ +(* [0x1922] STA 3328,X *) (compile m ? STA (maIX2 〈〈x0,xD〉:〈x0,x0〉〉) I) @ +(* [0x1925] PULH *) (compile m ? PULH maINH I) @ +(* [0x1926] PULX *) (compile m ? PULX maINH I) @ +(* [0x1927] CPHX #0x0000 *) (compile m ? CPHX (maIMM2 〈〈x0,x0〉:〈x0,x0〉〉) I) @ +(* [0x192A] PULH *) (compile m ? PULH maINH I) @ +(* [0x192B] BNE *-54 *) (compile m ? BNE (maIMM1 〈xC,x8〉) I) @ +(* [0x192D] TSX *) (compile m ? TSX maINH I) @ +(* [0x192E] INC 1,X *) (compile m ? INC (maIX1 〈x0,x1〉) I) @ +(* [0x1930] BNE *+3 *) (compile m ? BNE (maIMM1 〈x0,x1〉) I) @ +(* [0x1932] INC ,X *) (compile m ? INC maIX0 I) @ +(* [0x1933] LDHX 1,SP *) (compile m ? LDHX (maSP1 〈x0,x1〉) I) @ +(* [0x1936] CPHX #0x0100 *) (compile m ? CPHX (maIMM2 〈〈x0,x1〉:〈x0,x0〉〉) I) @ +(* [0x1939] BNE *-54 *) (compile m ? BNE (maIMM1 〈xC,x8〉) I) @ +(* [0x193B] STOP *) (compile m ? STOP maINH I) + +(* [0x193C] !FINE! + attraverso simulazione in CodeWarrior si puo' enunciare che dopo + 25700+150n si sara' entrati in stato STOP corrispondente con ordinamento + di n byte, A=0xFF H:X=0x0100 *) + ). + +(* creazione del processore+caricamento+impostazione registri *) +definition dTest_HCS08_cSort_status ≝ +λt:memory_impl. +λI_op:bool. +λA_op:byte8. +λHX_op:word16. +λelems:word16. +λdata:list byte8. + setweak_i_flag HCS08 t (* I<-I_op *) + (set_acc_8_low_reg HCS08 t (* A<-A_op *) + (set_z_flag HCS08 t (* Z<-true *) + (setweak_sp_reg HCS08 t (* SP<-0x0F4B *) + (setweak_indX_16_reg HCS08 t (* H:X<-HX_op *) + (set_pc_reg HCS08 t (* PC<-dTest_HCS08_prog *) + (start_of_mcu_version + MC9S08GB60 t + (load_from_source_at t (* carica data in RAM:dTest_HCS08_RAM *) + (load_from_source_at t (zero_memory t) (* carica source in ROM:dTest_HCS08_prog *) + (dTest_HCS08_cSort_source elems) dTest_HCS08_prog) + data dTest_HCS08_RAM) + (build_memory_type_of_mcu_version MC9S08GB60 t) + (mk_byte8 x0 x0) (mk_byte8 x0 x0) (* non deterministici tutti a 0 *) + false false false false false false) (* non deterministici tutti a 0 *) + dTest_HCS08_prog) + HX_op) + (mk_word16 (mk_byte8 x0 xF) (mk_byte8 x4 xB))) + true) + A_op) + I_op. + +(* parametrizzazione dell'enunciato del teorema parziale *) +lemma dTest_HCS08_cSort_aux ≝ +λt:memory_impl.λstring:list byte8. + (* 1) la stringa deve avere una lunghezza ∈ [0,3072] *) + (byte8_bounded_strlen string 〈〈x0,xC〉:〈x0,x0〉〉) ∧ + (* 2) match di esecuzione su tempo in forma di upperbound *) + (match execute HCS08 t + (* parametri IN: t,A,H:X,strlen(string),string *) + (TickOK ? (dTest_HCS08_cSort_status t true 〈x0,x0〉 〈〈x0,xF〉:〈x4,xC〉〉 (byte8_strlen string) string)) + (* tempo di esecuzione 25700+150*n *) + ((nat_of_word16 〈〈x6,x4〉:〈x6,x4〉〉)+(nat_of_byte8 〈x9,x6〉)*(nat_of_word16 (byte8_strlen string))) with + [ TickERR s _ ⇒ None ? + (* azzeramento tutta RAM tranne dati *) + | TickSUSP s _ ⇒ Some ? (set_mem_desc HCS08 t s (load_from_source_at t (get_mem_desc HCS08 t s) dTest_zeros 〈〈x0,xD〉:〈x0,x0〉〉)) + | TickOK s ⇒ None ? + ] = + Some ? (set_pc_reg HCS08 t + (dTest_HCS08_cSort_status t false 〈xF,xF〉 〈〈x0,x1〉:〈x0,x0〉〉 (byte8_strlen string) (byte8_list_ordering string)) + (mk_word16 (mk_byte8 x1 x9) (mk_byte8 x3 xC)))). + +(* dimostrazione senza svolgimento degli stati *) +(* +lemma dTest_HCS08_cSort : + dTest_HCS08_cSort_aux MEM_TREE dTest_random_32. + unfold dTest_HCS08_cSort_aux; + split; + [ normalize in ⊢ (%); autobatch ] + reflexivity. +qed. +*) + +definition cSortCalc ≝ +λstring:list byte8. + match execute HCS08 MEM_TREE + (TickOK ? (dTest_HCS08_cSort_status MEM_TREE true 〈x0,x0〉 〈〈x0,xF〉:〈x4,xC〉〉 (byte8_strlen string) string)) + ((nat_of_word16 〈〈x6,x4〉:〈x6,x4〉〉)+(nat_of_byte8 〈x9,x6〉)*(nat_of_word16 (byte8_strlen string))) with + [ TickERR s _ ⇒ None ? + | TickSUSP s _ ⇒ Some ? (set_mem_desc HCS08 MEM_TREE s (load_from_source_at MEM_TREE (get_mem_desc HCS08 MEM_TREE s) dTest_zeros 〈〈x0,xD〉:〈x0,x0〉〉)) + | TickOK s ⇒ None ? + ]. + +definition cSortNoCalc ≝ +λstring:list byte8. + Some ? (set_pc_reg HCS08 MEM_TREE + (dTest_HCS08_cSort_status MEM_TREE false 〈xF,xF〉 〈〈x0,x1〉:〈x0,x0〉〉 (byte8_strlen string) (byte8_list_ordering string)) + (mk_word16 (mk_byte8 x1 x9) (mk_byte8 x3 xC))). + +definition cSortCalc32 ≝ cSortCalc dTest_random_32. +definition cSortCalc64 ≝ cSortCalc dTest_random_64. +definition cSortCalc128 ≝ cSortCalc dTest_random_128. +definition cSortCalc256 ≝ cSortCalc dTest_random_256. +definition cSortCalc512 ≝ cSortCalc dTest_random_512. +definition cSortCalc1024 ≝ cSortCalc dTest_random_1024. +definition cSortCalc2048 ≝ cSortCalc dTest_random_2048. +definition cSortCalc3072 ≝ cSortCalc dTest_random_3072. + +definition cSortNoCalc32 ≝ cSortNoCalc dTest_random_32. +definition cSortNoCalc64 ≝ cSortNoCalc dTest_random_64. +definition cSortNoCalc128 ≝ cSortNoCalc dTest_random_128. +definition cSortNoCalc256 ≝ cSortNoCalc dTest_random_256. +definition cSortNoCalc512 ≝ cSortNoCalc dTest_random_512. +definition cSortNoCalc1024 ≝ cSortNoCalc dTest_random_1024. +definition cSortNoCalc2048 ≝ cSortNoCalc dTest_random_2048. +definition cSortNoCalc3072 ≝ cSortNoCalc dTest_random_3072. + +(* ********************** *) +(* HCS08GB60 numeri aurei *) +(* ********************** *) + +(* versione ridotta, in cui non si riazzerano gli elementi di counters *) +definition dTest_HCS08_gNum_source : word16 → (list byte8) ≝ +λelems:word16. +let m ≝ HCS08 in source_to_byte8 m ( +(* BEFORE: A=0x00 HX=0x1A00 PC=0x18BE SP=0x016F Z=1 (I=1) *) + +(* +static unsigned int result[16]={ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }; +word result[16] = 0x0100 + +void goldenNumbers(void) +{ +unsigned int res_pos=0,tested_num=0,divisor=0; +unsigned long int acc=0; +*) + +(* [0x18BE] AIS #-10 *) (compile m ? AIS (maIMM1 〈xF,x6〉) I) @ +(* [0x18C0] TSX *) (compile m ? TSX maINH I) @ +(* [0x18C1] CLR 9,x *) (compile m ? CLR (maIX1 〈x0,x9〉) I) @ +(* [0x18C3] CLR 8,X *) (compile m ? CLR (maIX1 〈x0,x8〉) I) @ +(* [0x18C5] CLR 1,X *) (compile m ? CLR (maIX1 〈x0,x1〉) I) @ +(* [0x18C7] CLR ,X *) (compile m ? CLR maIX0 I) @ +(* [0x18C8] CLR 3,X *) (compile m ? CLR (maIX1 〈x0,x3〉) I) @ +(* [0x18CA] CLR 2,X *) (compile m ? CLR (maIX1 〈x0,x2〉) I) @ +(* [0x18CC] JSR 0x1951 *) (compile m ? JSR (maIMM2 〈〈x1,x9〉:〈x5,x1〉〉) I) @ + +(* +for(tested_num=1;tested_num<2;tested_num++) + { +*) + +(* [0x18CF] STHX 1,SP *) (compile m ? STHX (maSP1 〈x0,x1〉) I) @ +(* [0x18D2] BRA *+116 ; 0x1946 *) (compile m ? BRA (maIMM1 〈x7,x2〉) I) @ +(* [0x18D4] BSR *+125 ; 0x1951 *) (compile m ? BSR (maIMM1 〈x7,xB〉) I) @ +(* [0x18D6] STHX 3,SP *) (compile m ? STHX (maSP1 〈x0,x3〉) I) @ + +(* + for(acc=0,divisor=1;divisor1951 !FINE! *) (compile m ? STOP maINH I) @ +(* [0x1951] CLRX *) (compile m ? CLR maINHX I) @ +(* [0x1952] CLRH *) (compile m ? CLR maINHH I) @ +(* [0x1953] STHX 9,SP *) (compile m ? STHX (maSP1 〈x0,x9〉) I) @ +(* [0x1956] CLRH *) (compile m ? CLR maINHH I) @ +(* [0x1957] STHX 7,SP *) (compile m ? STHX (maSP1 〈x0,x7〉) I) @ +(* [0x195A] INCX *) (compile m ? INC maINHX I) @ +(* [0x195B] RTS *) (compile m ? RTS maINH I) @ + +(* +static void _PUSH_ARGS_L(void) { ... } +*) + +(* [0x195C] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @ +(* [0x195E] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x195F] LDA 2,X *) (compile m ? LDA (maIX1 〈x0,x2〉) I) @ +(* [0x1961] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x1962] LDHX ,X *) (compile m ? LDHX maIX0 I) @ +(* [0x1964] PSHX *) (compile m ? PSHX maINH I) @ +(* [0x1965] PSHH *) (compile m ? PSHH maINH I) @ +(* [0x1966] LDHX 7,SP *) (compile m ? LDHX (maSP1 〈x0,x7〉) I) @ +(* [0x1969] LDA 3,X *) (compile m ? LDA (maIX1 〈x0,x3〉) I) @ +(* [0x196B] STA 17,SP *) (compile m ? STA (maSP1 〈x1,x1〉) I) @ +(* [0x196E] LDA 2,X *) (compile m ? LDA (maIX1 〈x0,x2〉) I) @ +(* [0x1970] STA 16,SP *) (compile m ? STA (maSP1 〈x1,x0〉) I) @ +(* [0x1973] LDHX ,X *) (compile m ? LDHX maIX0 I) @ +(* [0x1975] STHX 14,SP *) (compile m ? STHX (maSP1 〈x0,xE〉) I) @ +(* [0x1978] LDHX 5,SP *) (compile m ? LDHX (maSP1 〈x0,x5〉) I) @ +(* [0x197B] JMP ,X *) (compile m ? JMP maINHX0ADD I) @ + +(* +static void _ENTER_BINARY_L(void) { ... } +*) + +(* [0x197C] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x197D] PSHX *) (compile m ? PSHX maINH I) @ +(* [0x197E] PSHH *) (compile m ? PSHH maINH I) @ +(* [0x197F] PSHX *) (compile m ? PSHX maINH I) @ +(* [0x1980] PSHH *) (compile m ? PSHH maINH I) @ +(* [0x1981] LDHX 6,SP *) (compile m ? LDHX (maSP1 〈x0,x6〉) I) @ +(* [0x1984] PSHX *) (compile m ? PSHX maINH I) @ +(* [0x1985] PSHH *) (compile m ? PSHH maINH I) @ +(* [0x1986] LDHX 10,SP *) (compile m ? LDHX (maSP1 〈x0,xA〉) I) @ +(* [0x1989] STHX 8,SP *) (compile m ? STHX (maSP1 〈x0,x8〉) I) @ +(* [0x198C] LDHX 12,SP *) (compile m ? LDHX (maSP1 〈x0,xC〉) I) @ +(* [0x198F] JMP 0x195C *) (compile m ? JMP (maIMM2 〈〈x1,x9〉:〈x5,xC〉〉) I) @ + +(* +static void _IDIVMOD (char dummy_sgn, int j, int dummy, int i, ...) { ... } +*) + +(* [0x1992] TST 4,SP *) (compile m ? TST (maSP1 〈x0,x4〉) I) @ +(* [0x1995] BNE *+28 ; 0x19B1 *) (compile m ? BNE (maIMM1 〈x1,xA〉) I) @ +(* [0x1997] TSX *) (compile m ? TSX maINH I) @ +(* [0x1998] LDA 7,X *) (compile m ? LDA (maIX1 〈x0,x7〉) I) @ +(* [0x199A] LDX 4,X *) (compile m ? LDX (maIX1 〈x0,x4〉) I) @ +(* [0x199C] CLRH *) (compile m ? CLR maINHH I) @ +(* [0x199D] DIV *) (compile m ? DIV maINH I) @ +(* [0x199E] STA 4,SP *) (compile m ? STA (maSP1 〈x0,x4〉) I) @ +(* [0x19A1] LDA 9,SP *) (compile m ? LDA (maSP1 〈x0,x9〉) I) @ +(* [0x19A4] DIV *) (compile m ? DIV maINH I) @ +(* [0x19A5] STA 5,SP *) (compile m ? STA (maSP1 〈x0,x5〉) I) @ +(* [0x19A8] CLR 8,SP *) (compile m ? CLR (maSP1 〈x0,x8〉) I) @ +(* [0x19AB] PSHH *) (compile m ? PSHH maINH I) @ +(* [0x19AC] PULA *) (compile m ? PULA maINH I) @ +(* [0x19AD] STA 9,SP *) (compile m ? STA (maSP1 〈x0,x9〉) I) @ +(* [0x19B0] RTS *) (compile m ? RTS maINH I) @ +(* [0x19B1] CLRA *) (compile m ? CLR maINHA I) @ +(* [0x19B2] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x19B3] LDX #0x08 *) (compile m ? LDX (maIMM1 〈x0,x8〉) I) @ +(* [0x19B5] CLC *) (compile m ? CLC maINH I) @ +(* [0x19B6] ROL 10,SP *) (compile m ? ROL (maSP1 〈x0,xA〉) I) @ +(* [0x19B9] ROL 9,SP *) (compile m ? ROL (maSP1 〈x0,x9〉) I) @ +(* [0x19BC] ROL 1,SP *) (compile m ? ROL (maSP1 〈x0,x1〉) I) @ +(* [0x19BF] LDA 5,SP *) (compile m ? LDA (maSP1 〈x0,x5〉) I) @ +(* [0x19C2] CMP 1,SP *) (compile m ? CMP (maSP1 〈x0,x1〉) I) @ +(* [0x19C5] BHI *+31 ; 0x19E4 *) (compile m ? BHI (maIMM1 〈x1,xD〉) I) @ +(* [0x19C7] BNE *+10 ; 0x19D1 *) (compile m ? BNE (maIMM1 〈x0,x8〉) I) @ +(* [0x19C9] LDA 6,SP *) (compile m ? LDA (maSP1 〈x0,x6〉) I) @ +(* [0x19CC] CMP 9,SP *) (compile m ? CMP (maSP1 〈x0,x9〉) I) @ +(* [0x19CF] BHI *+21 ; 0x19E4 *) (compile m ? BHI (maIMM1 〈x1,x3〉) I) @ +(* [0x19D1] LDA 9,SP *) (compile m ? LDA (maSP1 〈x0,x9〉) I) @ +(* [0x19D4] SUB 6,SP *) (compile m ? SUB (maSP1 〈x0,x6〉) I) @ +(* [0x19D7] STA 9,SP *) (compile m ? STA (maSP1 〈x0,x9〉) I) @ +(* [0x19DA] LDA 1,SP *) (compile m ? LDA (maSP1 〈x0,x1〉) I) @ +(* [0x19DD] SBC 5,SP *) (compile m ? SBC (maSP1 〈x0,x5〉) I) @ +(* [0x19E0] STA 1,SP *) (compile m ? STA (maSP1 〈x0,x1〉) I) @ +(* [0x19E3] SEC *) (compile m ? SEC maINH I) @ +(* [0x19E4] DBNZX *-46 ; 0x19B6 *) (compile m ? DBNZ (maINHX_and_IMM1 〈xD,x0〉) I) @ +(* [0x19E6] LDA 10,SP *) (compile m ? LDA (maSP1 〈x0,xA〉) I) @ +(* [0x19E9] ROLA *) (compile m ? ROL maINHA I) @ +(* [0x19EA] STA 6,SP *) (compile m ? STA (maSP1 〈x0,x6〉) I) @ +(* [0x19ED] LDA 9,SP *) (compile m ? LDA (maSP1 〈x0,x9〉) I) @ +(* [0x19F0] STA 10,SP *) (compile m ? STA (maSP1 〈x0,xA〉) I) @ +(* [0x19F3] PULA *) (compile m ? PULA maINH I) @ +(* [0x19F4] STA 8,SP *) (compile m ? STA (maSP1 〈x0,x8〉) I) @ +(* [0x19F7] CLR 4,SP *) (compile m ? CLR (maSP1 〈x0,x4〉) I) @ +(* [0x19FA] RTS *) (compile m ? RTS maINH I) @ + +(* +static void _LADD_k_is_k_plus_j(_PARAM_BINARY_L) { ... } +*) + +(* [0x19FB] TSX *) (compile m ? TSX maINH I) @ +(* [0x19FC] LDA 18,X *) (compile m ? LDA (maIX1 〈x1,x2〉) I) @ +(* [0x19FE] ADD 5,X *) (compile m ? ADD (maIX1 〈x0,x5〉) I) @ +(* [0x1A00] STA 18,X *) (compile m ? STA (maIX1 〈x1,x2〉) I) @ +(* [0x1A02] LDA 17,X *) (compile m ? LDA (maIX1 〈x1,x1〉) I) @ +(* [0x1A04] ADC 4,X *) (compile m ? ADC (maIX1 〈x0,x4〉) I) @ +(* [0x1A06] STA 17,X *) (compile m ? STA (maIX1 〈x1,x1〉) I) @ +(* [0x1A08] LDA 16,X *) (compile m ? LDA (maIX1 〈x1,x0〉) I) @ +(* [0x1A0A] ADC 3,X *) (compile m ? ADC (maIX1 〈x0,x3〉) I) @ +(* [0x1A0C] STA 16,X *) (compile m ? STA (maIX1 〈x1,x0〉) I) @ +(* [0x1A0E] LDA 15,X *) (compile m ? LDA (maIX1 〈x0,xF〉) I) @ +(* [0x1A10] ADC 2,X *) (compile m ? ADC (maIX1 〈x0,x2〉) I) @ +(* [0x1A12] STA 15,X *) (compile m ? STA (maIX1 〈x0,xF〉) I) @ +(* [0x1A14] AIS #10 *) (compile m ? AIS (maIMM1 〈x0,xA〉) I) @ +(* [0x1A16] PULH *) (compile m ? PULH maINH I) @ +(* [0x1A17] PULX *) (compile m ? PULX maINH I) @ +(* [0x1A18] PULA *) (compile m ? PULA maINH I) @ +(* [0x1A19] RTS *) (compile m ? RTS maINH I) @ + +(* +void _IMODU_STAR08(int i, ...) { ... } +*) + +(* [0x1A1A] AIS #-2 *) (compile m ? AIS (maIMM1 〈xF,xE〉) I) @ +(* [0x1A1C] STHX 1,SP *) (compile m ? STHX (maSP1 〈x0,x1〉) I) @ +(* [0x1A1F] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x1A20] JSR 0x1992 *) (compile m ? JSR (maIMM2 〈〈x1,x9〉:〈x9,x2〉〉) I) @ +(* [0x1A23] PULA *) (compile m ? PULA maINH I) @ +(* [0x1A24] AIS #2 *) (compile m ? AIS (maIMM1 〈x0,x2〉) I) @ +(* [0x1A26] LDHX 3,SP *) (compile m ? LDHX (maSP1 〈x0,x3〉) I) @ +(* [0x1A29] RTS *) (compile m ? RTS maINH I) @ + +(* +void _LADD(void) { ... } +*) + +(* [0x1A2A] JSR 0x197C *) (compile m ? JSR (maIMM2 〈〈x1,x9〉:〈x7,xC〉〉) I) @ +(* [0x1A2D] JSR 0x19FB *) (compile m ? JSR (maIMM2 〈〈x1,x9〉:〈xF,xB〉〉) I) @ + +(* +void _POP32(void) { ... } +*) + +(* [0x1A30] PSHA *) (compile m ? PSHA maINH I) @ +(* [0x1A31] LDA 4,SP *) (compile m ? LDA (maSP1 〈x0,x4〉) I) @ +(* [0x1A34] STA ,X *) (compile m ? STA maIX0 I) @ +(* [0x1A35] LDA 5,SP *) (compile m ? LDA (maSP1 〈x0,x5〉) I) @ +(* [0x1A38] STA 1,X *) (compile m ? STA (maIX1 〈x0,x1〉) I) @ +(* [0x1A3A] LDA 6,SP *) (compile m ? LDA (maSP1 〈x0,x6〉) I) @ +(* [0x1A3D] STA 2,X *) (compile m ? STA (maIX1 〈x0,x2〉) I) @ +(* [0x1A3F] LDA 7,SP *) (compile m ? LDA (maSP1 〈x0,x7〉) I) @ +(* [0x1A42] STA 3,X *) (compile m ? STA (maIX1 〈x0,x3〉) I) @ +(* [0x1A44] PULA *) (compile m ? PULA maINH I) @ +(* [0x1A45] PULH *) (compile m ? PULH maINH I) @ +(* [0x1A46] PULX *) (compile m ? PULX maINH I) @ +(* [0x1A47] AIS #4 *) (compile m ? AIS (maIMM1 〈x0,x4〉) I) @ +(* [0x1A49] JMP ,X *) (compile m ? JMP maINHX0ADD I) + +(* attraverso simulazione in CodeWarrior si puo' enunciare che dopo + 80+(65*n*(n+1)*(n+2))/6 si sara' entrati in stato STOP corrispondente + AFTER: HX=num PC=0x1951 I=0 *) + ). + +(* creazione del processore+caricamento+impostazione registri *) +definition dTest_HCS08_gNum_status ≝ +λt:memory_impl. +λI_op:bool. +λA_op:byte8. +λHX_op:word16. +λPC_op:word16. +λaddr:word16. +λelems:word16. +λdata:list byte8. + setweak_i_flag HCS08 t (* I<-I_op *) + (set_acc_8_low_reg HCS08 t (* A<-A_op *) + (set_z_flag HCS08 t (* Z<-true *) + (setweak_sp_reg HCS08 t (* SP<-0x016F *) + (setweak_indX_16_reg HCS08 t (* H:X<-HX_op *) + (set_pc_reg HCS08 t (* PC<-PC_op *) + (start_of_mcu_version + MC9S08GB60 t + (load_from_source_at t (* carica data in RAM:dTest_HCS08_RAM *) + (load_from_source_at t (zero_memory t) (* carica source in ROM:addr *) + (dTest_HCS08_cSort_source elems) addr) + data dTest_HCS08_RAM) + (build_memory_type_of_mcu_version MC9S08GB60 t) + (mk_byte8 x0 x0) (mk_byte8 x0 x0) (* non deterministici tutti a 0 *) + false false false false false false) (* non deterministici tutti a 0 *) + PC_op) + HX_op) + (mk_word16 (mk_byte8 x0 x1) (mk_byte8 x6 xF))) + true) + A_op) + I_op. + +(* NUMERI AUREI: Somma divisori(x)=x, fino a 0xFFFF sono 6/28/496/8128 *) +definition dTest_HCS08_gNum_aurei ≝ +λnum:word16.match gt_w16 num 〈〈x1,xF〉:〈xC,x0〉〉 with + [ true ⇒ [ 〈x0,x0〉 ; 〈x0,x6〉 ; 〈x0,x0〉 ; 〈x1,xC〉 ; 〈x0,x1〉 ; 〈xF,x0〉 ; 〈x1,xF〉 ; 〈xC,x0〉 ] + | false ⇒ match gt_w16 num 〈〈x0,x1〉:〈xF,x0〉〉 with + [ true ⇒ [ 〈x0,x0〉 ; 〈x0,x6〉 ; 〈x0,x0〉 ; 〈x1,xC〉 ; 〈x0,x1〉 ; 〈xF,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ] + | false ⇒ match gt_w16 num 〈〈x0,x0〉:〈x1,xC〉〉 with + [ true ⇒ [ 〈x0,x0〉 ; 〈x0,x6〉 ; 〈x0,x0〉 ; 〈x1,xC〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ] + | false ⇒ match gt_w16 num 〈〈x0,x0〉:〈x0,x6〉〉 with + [ true ⇒ [ 〈x0,x0〉 ; 〈x0,x6〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ] + | false ⇒ [ 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ] + ] + ] + ] + ] @ [ 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 + ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 + ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ; 〈x0,x0〉 ]. + +(* esecuzione execute k*(n+2) *) +let rec dTest_HCS08_gNum_execute1 (m:mcu_type) (t:memory_impl) (s:tick_result (any_status m t)) (n,ntot:nat) on n ≝ + match s with + [ TickERR s' error ⇒ TickERR ? s' error + | TickSUSP s' susp ⇒ TickSUSP ? s' susp + | TickOK s' ⇒ match n with + [ O ⇒ TickOK ? s' + | S n' ⇒ dTest_HCS08_gNum_execute1 m t (execute m t (TickOK ? s') (ntot+2)) n' ntot ] + ]. + +(* esecuzione execute k*(n+1)*(n+2) *) +let rec dTest_HCS08_gNum_execute2 (m:mcu_type) (t:memory_impl) (s:tick_result (any_status m t)) (n,ntot:nat) on n ≝ + match s with + [ TickERR s' error ⇒ TickERR ? s' error + | TickSUSP s' susp ⇒ TickSUSP ? s' susp + | TickOK s' ⇒ match n with + [ O ⇒ TickOK ? s' + | S n' ⇒ dTest_HCS08_gNum_execute2 m t (dTest_HCS08_gNum_execute1 m t (TickOK ? s') (ntot+1) ntot) n' ntot ] + ]. + +(* esecuzione execute k*n*(n+1)*(n+2) *) +let rec dTest_HCS08_gNum_execute3 (m:mcu_type) (t:memory_impl) (s:tick_result (any_status m t)) (n,ntot:nat) on n ≝ + match s with + [ TickERR s' error ⇒ TickERR ? s' error + | TickSUSP s' susp ⇒ TickSUSP ? s' susp + | TickOK s' ⇒ match n with + [ O ⇒ TickOK ? s' + | S n' ⇒ dTest_HCS08_gNum_execute3 m t (dTest_HCS08_gNum_execute2 m t (TickOK ? s') ntot ntot) n' ntot ] + ]. + +(* esecuzione execute 80+11*n*(n+1)*(n+2) *) +definition dTest_HCS08_gNum_execute4 ≝ +λm:mcu_type.λt:memory_impl.λs:tick_result (any_status m t).λntot:nat. + match s with + [ TickERR s' error ⇒ TickERR ? s' error + | TickSUSP s' susp ⇒ TickSUSP ? s' susp + | TickOK s' ⇒ execute m t (dTest_HCS08_gNum_execute3 m t (TickOK ? s') 11 ntot) 80 + ]. + +(* parametrizzazione dell'enunciato del teorema parziale *) +lemma dTest_HCS08_gNum_aux ≝ +λt:memory_impl.λnum:word16. + (* 2) match di esecuzione su tempo in forma di upperbound *) + match dTest_HCS08_gNum_execute4 HCS08 t + (TickOK ? (dTest_HCS08_gNum_status t true 〈x0,x0〉 〈〈x1,xA〉:〈x0,x0〉〉 〈〈x1,x8〉:〈xB,xE〉〉 〈〈x1,x8〉:〈xB,xE〉〉 num dTest_zeros)) + (* tempo di esecuzione 80+11*n*(n+1)*(n+2) *) + num with + [ TickERR s _ ⇒ None ? + (* azzeramento tutta RAM tranne dati *) + | TickSUSP s _ ⇒ Some ? (set_mem_desc HCS08 t s (load_from_source_at t (get_mem_desc HCS08 t s) dTest_zeros3K 〈〈x0,x1〉:〈x2,x0〉〉)) + | TickOK s ⇒ None ? + ] = + Some ? (dTest_HCS08_gNum_status t false 〈x0,x0〉 num 〈〈x1,x9〉:〈x5,x1〉〉 〈〈x1,x8〉:〈xB,xE〉〉 num (dTest_HCS08_gNum_aurei num)). + +definition gNumCalc ≝ +λnum:word16. + match dTest_HCS08_gNum_execute4 HCS08 MEM_TREE + (TickOK ? (dTest_HCS08_gNum_status MEM_TREE true 〈x0,x0〉 〈〈x1,xA〉:〈x0,x0〉〉 〈〈x1,x8〉:〈xB,xE〉〉 〈〈x1,x8〉:〈xB,xE〉〉 num dTest_zeros)) + num with + [ TickERR s _ ⇒ None ? + | TickSUSP s _ ⇒ Some ? (set_mem_desc HCS08 MEM_TREE s (load_from_source_at MEM_TREE (get_mem_desc HCS08 MEM_TREE s) dTest_zeros3K 〈〈x0,x1〉:〈x2,x0〉〉)) + | TickOK s ⇒ None ? + ]. + +definition gNumNoCalc ≝ +λnum:word16. + Some ? (dTest_HCS08_gNum_status MEM_TREE false 〈x0,x0〉 num 〈〈x1,x9〉:〈x5,x1〉〉 〈〈x1,x8〉:〈xB,xE〉〉 num (dTest_HCS08_gNum_aurei num)). + +definition gNumCalc1 ≝ gNumCalc 〈〈x0,x0〉:〈x0,x1〉〉. +definition gNumCalc2 ≝ gNumCalc 〈〈x0,x0〉:〈x0,x2〉〉. +definition gNumCalc5 ≝ gNumCalc 〈〈x0,x0〉:〈x0,x5〉〉. +definition gNumCalc10 ≝ gNumCalc 〈〈x0,x0〉:〈x0,xA〉〉. +definition gNumCalc20 ≝ gNumCalc 〈〈x0,x0〉:〈x1,x4〉〉. +definition gNumCalc50 ≝ gNumCalc 〈〈x0,x0〉:〈x3,x2〉〉. +definition gNumCalc100 ≝ gNumCalc 〈〈x0,x0〉:〈x6,x4〉〉. +definition gNumCalc250 ≝ gNumCalc 〈〈x0,x0〉:〈xF,xA〉〉. +definition gNumCalc500 ≝ gNumCalc 〈〈x0,x1〉:〈xF,x4〉〉. +definition gNumCalc1000 ≝ gNumCalc 〈〈x0,x3〉:〈xE,x8〉〉. + +definition gNumNoCalc1 ≝ gNumNoCalc 〈〈x0,x0〉:〈x0,x1〉〉. +definition gNumNoCalc2 ≝ gNumNoCalc 〈〈x0,x0〉:〈x0,x2〉〉. +definition gNumNoCalc5 ≝ gNumNoCalc 〈〈x0,x0〉:〈x0,x5〉〉. +definition gNumNoCalc10 ≝ gNumNoCalc 〈〈x0,x0〉:〈x0,xA〉〉. +definition gNumNoCalc20 ≝ gNumNoCalc 〈〈x0,x0〉:〈x1,x4〉〉. +definition gNumNoCalc50 ≝ gNumNoCalc 〈〈x0,x0〉:〈x3,x2〉〉. +definition gNumNoCalc100 ≝ gNumNoCalc 〈〈x0,x0〉:〈x6,x4〉〉. +definition gNumNoCalc250 ≝ gNumNoCalc 〈〈x0,x0〉:〈xF,xA〉〉. +definition gNumNoCalc500 ≝ gNumNoCalc 〈〈x0,x1〉:〈xF,x4〉〉. +definition gNumNoCalc1000 ≝ gNumNoCalc 〈〈x0,x3〉:〈xE,x8〉〉.