|
|
|---|
|
|
|
|---|
Declarative definition of instruction decoding.
(decode enc feat) → instr?
If there is some valid instruction whose encoding is
Since encode is injective (as proved elsewhere), there is in fact at most one such instruction. However, this uniqueness is unnecessary for defining the decoder here.
The encoder is left inverse of the decoder over valid encodings. This follows from the same property of the witness function of encoding-validp, which is proved there.
Function:
(defun decode (enc feat) (declare (xargs :guard (and (ubyte32p enc) (featp feat)))) (let ((__function__ 'decode)) (declare (ignorable __function__)) (if (encoding-validp enc feat) (encoding-valid-witness (ubyte32-fix enc) (feat-fix feat)) nil)))
Theorem:
(defthm instr-optionp-of-decode (b* ((instr? (decode enc feat))) (instr-optionp instr?)) :rule-classes :rewrite)
Theorem:
(defthm decode-of-ubyte32-fix-enc (equal (decode (ubyte32-fix enc) feat) (decode enc feat)))
Theorem:
(defthm decode-ubyte32-equiv-congruence-on-enc (implies (acl2::ubyte32-equiv enc enc-equiv) (equal (decode enc feat) (decode enc-equiv feat))) :rule-classes :congruence)
Theorem:
(defthm decode-of-feat-fix-feat (equal (decode enc (feat-fix feat)) (decode enc feat)))
Theorem:
(defthm decode-feat-equiv-congruence-on-feat (implies (feat-equiv feat feat-equiv) (equal (decode enc feat) (decode enc feat-equiv))) :rule-classes :congruence)
Theorem:
(defthm instrp-of-decode (implies (encoding-validp enc feat) (b* ((?instr? (decode enc feat))) (instrp instr?))))
Theorem:
(defthm instr-validp-of-decode (implies (encoding-validp enc feat) (b* ((?instr? (decode enc feat))) (instr-validp instr? feat))))
Theorem:
(defthm encode-of-decode (implies (encoding-validp enc feat) (equal (encode (decode enc feat) feat) (ubyte32-fix enc))))
Theorem:
(defthm decode-iff-encoding-validp (iff (decode enc feat) (encoding-validp enc feat)))