|
|
|---|
|
|
|
|---|
Single-step execution.
We make no change if the error flag is set. Otherwise, we read the program counter, we read the 32-bit encoding of the instruction from there, we decode it, and, if we obtain an instruction, we run the semantic function of the instruction; if decoding fails, we set the error flag instead.
Function:
(defun step (stat feat) (declare (xargs :guard (and (statp stat) (featp feat)))) (declare (xargs :guard (stat-validp stat feat))) (let ((__function__ 'step)) (declare (ignorable __function__)) (b* (((when (errorp stat feat)) (stat-fix stat)) (pc (read-pc stat feat)) (enc (read-instruction pc stat feat)) (instr? (decode enc feat)) ((unless instr?) (error stat feat))) (exec-instr instr? pc stat feat))))
Theorem:
(defthm statp-of-step (b* ((new-stat (step stat feat))) (statp new-stat)) :rule-classes :rewrite)
Theorem:
(defthm stat-validp-of-step (implies (stat-validp stat feat) (b* ((?new-stat (step stat feat))) (stat-validp new-stat feat))))
Theorem:
(defthm step-of-stat-fix-stat (equal (step (stat-fix stat) feat) (step stat feat)))
Theorem:
(defthm step-stat-equiv-congruence-on-stat (implies (stat-equiv stat stat-equiv) (equal (step stat feat) (step stat-equiv feat))) :rule-classes :congruence)
Theorem:
(defthm step-of-feat-fix-feat (equal (step stat (feat-fix feat)) (step stat feat)))
Theorem:
(defthm step-feat-equiv-congruence-on-feat (implies (feat-equiv feat feat-equiv) (equal (step stat feat) (step stat feat-equiv))) :rule-classes :congruence)