(rml16 lin-addr r-x x86) → (mv * * x86)
Theorem:
(defthm rb-and-rvm16 (implies (and (app-view x86) (canonical-address-p lin-addr) (canonical-address-p (1+ lin-addr)) (x86p x86)) (equal (rvm16 lin-addr x86) (rb 2 lin-addr r-x x86))))
Function:
(defun rml16 (lin-addr r-x x86) (declare (xargs :stobjs (x86))) (declare (type (signed-byte 48) lin-addr) (type (member :r :x) r-x)) (declare (xargs :guard (canonical-address-p lin-addr))) (let ((__function__ 'rml16)) (declare (ignorable __function__)) (let* ((1+lin-addr (the (signed-byte 49) (1+ (the (signed-byte 48) lin-addr))))) (if (mbe :logic (canonical-address-p 1+lin-addr) :exec (< (the (signed-byte 49) 1+lin-addr) 140737488355328)) (mbe :logic (rb 2 lin-addr r-x x86) :exec (if (app-view x86) (rvm16 lin-addr x86) (b* (((mv flag (the (unsigned-byte 52) p-addr0) x86) (la-to-pa lin-addr r-x x86)) ((when flag) (mv flag 0 x86)) (1+lin-addr (the (signed-byte 49) (1+ (the (signed-byte 48) lin-addr)))) ((mv flag (the (unsigned-byte 52) ?p-addr1) x86) (la-to-pa 1+lin-addr r-x x86)) ((when flag) (mv flag 0 x86)) (byte0 (the (unsigned-byte 8) (memi p-addr0 x86))) (byte1 (the (unsigned-byte 8) (memi p-addr1 x86))) (word (the (unsigned-byte 16) (logior (the (unsigned-byte 16) (ash byte1 8)) byte0)))) (mv nil word x86)))) (mv 'rml16 0 x86)))))
Theorem:
(defthm n16p-mv-nth-1-rml16 (unsigned-byte-p 16 (mv-nth 1 (rml16 lin-addr r-x x86))) :rule-classes (:rewrite (:type-prescription :corollary (natp (mv-nth 1 (rml16 lin-addr r-x x86))) :hints (("Goal" :in-theory '(unsigned-byte-p integer-range-p natp)))) (:linear :corollary (and (<= 0 (mv-nth 1 (rml16 lin-addr r-x x86))) (< (mv-nth 1 (rml16 lin-addr r-x x86)) 65536)) :hints (("Goal" :in-theory '(unsigned-byte-p integer-range-p (:e expt)))))))
Theorem:
(defthm x86p-rml16 (implies (force (x86p x86)) (x86p (mv-nth 2 (rml16 lin-addr r-x x86)))) :rule-classes (:rewrite :type-prescription))
Theorem:
(defthm rml16-value-when-error (implies (mv-nth 0 (rml16 lin-addr r-x x86)) (equal (mv-nth 1 (rml16 lin-addr r-x x86)) 0)))
Theorem:
(defthm rml16-x86-unmodified-in-app-view (implies (app-view x86) (equal (mv-nth 2 (rml16 lin-addr r-x x86)) x86)))
Theorem:
(defthm xr-rml16-state-sys-view (implies (and (not (equal fld :mem)) (not (equal fld :fault)) (not (equal fld :tlb))) (equal (xr fld index (mv-nth 2 (rml16 lin-addr r-x x86))) (xr fld index x86))))
Theorem:
(defthm rml16-xw-app-view (implies (and (app-view x86) (not (equal fld :mem)) (not (equal fld :app-view))) (and (equal (mv-nth 0 (rml16 lin-addr r-x (xw fld index value x86))) (mv-nth 0 (rml16 lin-addr r-x x86))) (equal (mv-nth 1 (rml16 lin-addr r-x (xw fld index value x86))) (mv-nth 1 (rml16 lin-addr r-x x86))))))
Theorem:
(defthm rml16-xw-sys-view (implies (and (not (app-view x86)) (not (equal fld :fault)) (not (equal fld :seg-visible)) (not (equal fld :seg-hidden-base)) (not (equal fld :seg-hidden-limit)) (not (equal fld :seg-hidden-attr)) (not (equal fld :mem)) (not (equal fld :ctr)) (not (equal fld :msr)) (not (equal fld :rflags)) (not (equal fld :app-view)) (not (equal fld :marking-view)) (not (equal fld :tlb)) (not (equal fld :implicit-supervisor-access)) (member-equal fld *x86-field-names-as-keywords*)) (and (equal (mv-nth 0 (rml16 lin-addr r-x (xw fld index value x86))) (mv-nth 0 (rml16 lin-addr r-x x86))) (equal (mv-nth 1 (rml16 lin-addr r-x (xw fld index value x86))) (mv-nth 1 (rml16 lin-addr r-x x86))) (equal (mv-nth 2 (rml16 lin-addr r-x (xw fld index value x86))) (xw fld index value (mv-nth 2 (rml16 lin-addr r-x x86)))))))
Theorem:
(defthm rml16-xw-sys-view-rflags-not-ac (implies (and (not (app-view x86)) (equal (rflagsbits->ac value) (rflagsbits->ac (rflags x86)))) (and (equal (mv-nth 0 (rml16 lin-addr r-x (xw :rflags nil value x86))) (mv-nth 0 (rml16 lin-addr r-x x86))) (equal (mv-nth 1 (rml16 lin-addr r-x (xw :rflags nil value x86))) (mv-nth 1 (rml16 lin-addr r-x x86))) (equal (mv-nth 2 (rml16 lin-addr r-x (xw :rflags nil value x86))) (xw :rflags nil value (mv-nth 2 (rml16 lin-addr r-x x86)))))))