Commit 4920bbf3 authored by MARCHE Claude's avatar MARCHE Claude
Browse files

example bitwalker: a version of 'peek' closer to SPARK-generated version

parent 735f4968
...@@ -63,8 +63,37 @@ module Bitwalker ...@@ -63,8 +63,37 @@ module Bitwalker
end end
end end
(** return [value] with the bit of index [left] from the left set to [flag] *)
(* version where [left] is an int and not a bitvector, which
is closer to the result of the SPARK translation from signed
integers *)
let poke_64bit (value : BV64.t) (left : int) (flag : bool) : BV64.t
requires { 0 <= left < 64 }
ensures { forall i. 0 <= i < 64 /\ i <> 63 - left ->
BV64.nth result i = BV64.nth value i }
ensures { flag = BV64.nth result (63 - left) }
=
let ghost left_bv = BV64.of_int left in
assert { BV64.ult left_bv (BV64.of_int 64) };
assert { (BV64.sub (BV64.of_int 63) left_bv) = BV64.of_int (63 - left) };
abstract
ensures { forall i:BV64.t. BV64.ule i (BV64.of_int 63) ->
i <> BV64.sub (BV64.of_int 63) left_bv ->
BV64.nth_bv result i = BV64.nth_bv value i }
ensures { flag = BV64.nth_bv result (BV64.sub (BV64.of_int 63) left_bv) }
let mask =
BV64.lsl_bv (BV64.int_check 1) (BV64.of_int (63 - left))
in
match flag with
| True -> BV64.bw_or value mask
| False -> BV64.bw_and value (BV64.bw_not mask)
end
end
(* return the bit of [byte] at position [left] starting from the
left *)
(* return the bit of [byte] at position [left] starting from the left *)
let peek_8bit_bv (byte : BV8.t) (left : BV32.t) : bool let peek_8bit_bv (byte : BV8.t) (left : BV32.t) : bool
requires { 0 <= BV32.to_uint left < 8 } requires { 0 <= BV32.to_uint left < 8 }
ensures { result = BV8.nth byte (7 - BV32.to_uint left) } ensures { result = BV8.nth byte (7 - BV32.to_uint left) }
......
This diff is collapsed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment