├── C
├── .gitignore
├── fixed-point
│ ├── coarse
│ │ ├── benchmarks
│ │ │ ├── encoding
│ │ │ │ ├── Makefile
│ │ │ │ ├── encode-all.sh
│ │ │ │ ├── check-against.sh
│ │ │ │ └── README.md
│ │ │ ├── README.md
│ │ │ ├── global-decoding
│ │ │ │ ├── Makefile
│ │ │ │ ├── decode-all.sh
│ │ │ │ ├── check-decoding.sh
│ │ │ │ └── check-against.sh
│ │ │ └── local-decoding
│ │ │ │ ├── Makefile
│ │ │ │ ├── decode-all.sh
│ │ │ │ ├── check-decoding.sh
│ │ │ │ └── check-against.sh
│ │ ├── Makefile
│ │ ├── README.md
│ │ └── cpr.h
│ ├── intent
│ │ ├── benchmarks
│ │ │ ├── encoding
│ │ │ │ ├── Makefile
│ │ │ │ ├── encode-all.sh
│ │ │ │ ├── check-against.sh
│ │ │ │ └── README.md
│ │ │ ├── local-decoding
│ │ │ │ ├── Makefile
│ │ │ │ ├── decode-all.sh
│ │ │ │ ├── check-decoding.sh
│ │ │ │ └── check-against.sh
│ │ │ └── README.md
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── cpr.h
│ │ └── cpr.c
│ ├── airborne
│ │ ├── benchmarks
│ │ │ ├── README.md
│ │ │ ├── encoding
│ │ │ │ ├── Makefile
│ │ │ │ ├── run.sh
│ │ │ │ └── README.md
│ │ │ ├── global-decoding
│ │ │ │ ├── Makefile
│ │ │ │ ├── decode-all.sh
│ │ │ │ ├── check-decoding.sh
│ │ │ │ └── check-against.sh
│ │ │ └── local-decoding
│ │ │ │ ├── Makefile
│ │ │ │ ├── decode-all.sh
│ │ │ │ ├── check-decoding.sh
│ │ │ │ └── check-against.sh
│ │ ├── Makefile
│ │ ├── README.md
│ │ └── cpr.h
│ ├── surface
│ │ ├── benchmarks
│ │ │ ├── README.md
│ │ │ ├── global-decoding
│ │ │ │ ├── Makefile
│ │ │ │ ├── decode-all.sh
│ │ │ │ ├── check-decoding.sh
│ │ │ │ └── check-against.sh
│ │ │ ├── local-decoding
│ │ │ │ ├── Makefile
│ │ │ │ ├── decode-all.sh
│ │ │ │ ├── check-decoding.sh
│ │ │ │ └── check-against.sh
│ │ │ └── encoding
│ │ │ │ ├── Makefile
│ │ │ │ ├── run.sh
│ │ │ │ └── README.md
│ │ ├── Makefile
│ │ ├── README.md
│ │ └── cpr.h
│ └── README.md
└── floating-point
│ ├── benchmarks
│ ├── local-decoding
│ │ ├── Makefile
│ │ ├── run.sh
│ │ └── README.md
│ └── global-decoding
│ │ ├── Makefile
│ │ ├── run.sh
│ │ └── README.md
│ ├── Makefile
│ ├── global_rLonNL1.c
│ ├── local_rLonNL1.c
│ ├── local_rLat.c
│ ├── local_rLat-greater-2-30.c
│ ├── xz-alt-NL1.c
│ ├── cpr.h
│ ├── local_rLon.c
│ ├── README.md
│ └── yz-alt.c
├── LICENSES
└── 19679 CPR_NOSA 1.3.pdf
├── PVS
├── framac_wp
│ ├── top.pvs
│ ├── creal.pvs
│ ├── README.md
│ ├── creal.prf
│ ├── memory.pvs
│ ├── cmath.pvs
│ └── cint.pvs
├── vc_nb_12
│ ├── nl_awb_post_PVS.prf
│ ├── encoding_post_PVS.prf
│ ├── local_zone_post_PVS.prf
│ ├── nl_awb_nn_post_PVS.prf
│ ├── north_lat_post_PVS.prf
│ ├── nl_awb_call_nl_awb_nn_pre_PVS.prf
│ ├── closest_mult_div_shift_post_PVS.prf
│ ├── nl_awb_call_nl_awb_nn_pre_2_PVS.prf
│ ├── rlat_int_post_PVS.prf
│ ├── global_zone_post_PVS.prf
│ ├── local_decode_post_PVS.prf
│ ├── global_decode_post_PVS.prf
│ ├── README.md
│ ├── A_params.pvs
│ ├── A_utils.pvs
│ ├── top.pvs
│ ├── A_uint32_operations.pvs
│ ├── encoding_post_PVS.pvs
│ ├── nl_awb_call_nl_awb_nn_pre_PVS.pvs
│ ├── nl_awb_call_nl_awb_nn_pre_2_PVS.pvs
│ ├── nl_awb_post_PVS.pvs
│ ├── interface.pvs
│ ├── closest_mult_div_shift_post_PVS.pvs
│ ├── A_local_decoding.pvs
│ ├── local_zone_post_PVS.pvs
│ ├── A_encode.pvs
│ ├── north_lat_post_PVS.pvs
│ ├── rlat_int_post_PVS.pvs
│ ├── global_zone_post_PVS.pvs
│ ├── local_decode_post_PVS.pvs
│ ├── A_global_decoding.pvs
│ └── global_decode_post_PVS.pvs
├── vc_nb_14
│ ├── nl_awb_post_PVS.prf
│ ├── encoding_post_PVS.prf
│ ├── local_zone_post_PVS.prf
│ ├── nl_awb_nn_post_PVS.prf
│ ├── north_lat_post_PVS.prf
│ ├── nl_awb_call_nl_awb_nn_pre_PVS.prf
│ ├── closest_mult_div_shift_post_PVS.prf
│ ├── nl_awb_call_nl_awb_nn_pre_2_PVS.prf
│ ├── rlat_int_post_PVS.prf
│ ├── global_zone_post_PVS.prf
│ ├── local_decode_post_PVS.prf
│ ├── global_decode_post_PVS.prf
│ ├── README.md
│ ├── A_params.pvs
│ ├── A_utils.pvs
│ ├── top.pvs
│ ├── A_uint32_operations.pvs
│ ├── encoding_post_PVS.pvs
│ ├── nl_awb_call_nl_awb_nn_pre_PVS.pvs
│ ├── nl_awb_call_nl_awb_nn_pre_2_PVS.pvs
│ ├── nl_awb_post_PVS.pvs
│ ├── interface.pvs
│ ├── closest_mult_div_shift_post_PVS.pvs
│ ├── A_local_decoding.pvs
│ ├── local_zone_post_PVS.pvs
│ ├── A_encode.pvs
│ ├── north_lat_post_PVS.pvs
│ ├── rlat_int_post_PVS.pvs
│ ├── global_zone_post_PVS.pvs
│ ├── local_decode_post_PVS.pvs
│ ├── A_global_decoding.pvs
│ └── global_decode_post_PVS.pvs
├── vc_nb_17
│ ├── nl_awb_post_PVS.prf
│ ├── encoding_post_PVS.prf
│ ├── local_zone_post_PVS.prf
│ ├── nl_awb_nn_post_PVS.prf
│ ├── north_lat_post_PVS.prf
│ ├── nl_awb_call_nl_awb_nn_pre_PVS.prf
│ ├── closest_mult_div_shift_post_PVS.prf
│ ├── nl_awb_call_nl_awb_nn_pre_2_PVS.prf
│ ├── rlat_int_post_PVS.prf
│ ├── global_zone_post_PVS.prf
│ ├── local_decode_post_PVS.prf
│ ├── global_decode_post_PVS.prf
│ ├── README.md
│ ├── A_params.pvs
│ ├── A_utils.pvs
│ ├── top.pvs
│ ├── A_uint32_operations.pvs
│ ├── encoding_post_PVS.pvs
│ ├── nl_awb_call_nl_awb_nn_pre_PVS.pvs
│ ├── nl_awb_call_nl_awb_nn_pre_2_PVS.pvs
│ ├── nl_awb_post_PVS.pvs
│ ├── interface.pvs
│ ├── closest_mult_div_shift_post_PVS.pvs
│ ├── A_local_decoding.pvs
│ ├── local_zone_post_PVS.pvs
│ ├── A_encode.pvs
│ ├── north_lat_post_PVS.pvs
│ ├── rlat_int_post_PVS.pvs
│ ├── global_zone_post_PVS.pvs
│ ├── local_decode_post_PVS.pvs
│ ├── A_global_decoding.pvs
│ └── global_decode_post_PVS.pvs
├── vc_nb_19
│ ├── nl_awb_post_PVS.prf
│ ├── encoding_post_PVS.prf
│ ├── local_zone_post_PVS.prf
│ ├── nl_awb_nn_post_PVS.prf
│ ├── north_lat_post_PVS.prf
│ ├── nl_awb_call_nl_awb_nn_pre_PVS.prf
│ ├── closest_mult_div_shift_post_PVS.prf
│ ├── nl_awb_call_nl_awb_nn_pre_2_PVS.prf
│ ├── rlat_int_post_PVS.prf
│ ├── global_zone_post_PVS.prf
│ ├── local_decode_post_PVS.prf
│ ├── README.md
│ ├── A_params.pvs
│ ├── A_utils.pvs
│ ├── top.pvs
│ ├── A_uint32_operations.pvs
│ ├── nl_awb_call_nl_awb_nn_pre_PVS.pvs
│ ├── nl_awb_call_nl_awb_nn_pre_2_PVS.pvs
│ ├── encoding_post_PVS.pvs
│ ├── nl_awb_post_PVS.pvs
│ ├── closest_mult_div_shift_post_PVS.pvs
│ ├── interface.pvs
│ ├── local_zone_post_PVS.pvs
│ ├── A_local_decoding.pvs
│ ├── A_encode.pvs
│ ├── north_lat_post_PVS.pvs
│ ├── rlat_int_post_PVS.pvs
│ ├── local_decode_post_PVS.pvs
│ ├── global_zone_post_PVS.pvs
│ ├── A_global_decoding.pvs
│ └── global_decode_post_PVS.pvs
├── CPR_fp
│ ├── cpr_funs.prf
│ ├── README.md
│ ├── AWB.pvs
│ ├── simplifications.pvs
│ ├── alt_encoding.pvs
│ ├── pvsio_defs.pvs
│ ├── rlat_spec.pvs
│ ├── top.pvs
│ ├── encoding.pvs
│ ├── basic_defs.pvs
│ ├── cpr_nl_funs.pvs
│ ├── cpr_funs.pvs
│ └── cpr_defs.pvs
├── CPR
│ ├── cpr_defs.pvs
│ ├── top.pvs
│ ├── README.md
│ ├── simple_props.pvs
│ ├── compute_atan.pvs
│ └── awb32.pvs
├── .gitignore
├── all-theories
├── summaries
│ ├── vc_shared.summary
│ └── framac_wp.summary
└── all-theories.grandtotals
└── Gappa
├── global_lon
├── global_rLonNL1.g
├── global_rLon_Hp1.g
├── global_rLon_Hp2.g
└── global_rLon.g
├── global_lat
├── global_rLat_Hp1.g
├── global_rLat_Hp2.g
└── global_rLat.g
├── yz
├── yz_hp2.g
├── yz_hp1.g
└── yz.g
├── xz
├── xz_hp2.g
├── xz_hp1.g
├── xz_hp3.g
└── xz.g
├── local_lon
├── local_rLonNL1.g
└── local_rLon.g
└── local_lat
└── local_rLat.g
/C/.gitignore:
--------------------------------------------------------------------------------
1 | *.o
2 | *.bak
3 |
--------------------------------------------------------------------------------
/LICENSES/19679 CPR_NOSA 1.3.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nasa/cpr/master/LICENSES/19679 CPR_NOSA 1.3.pdf
--------------------------------------------------------------------------------
/PVS/framac_wp/top.pvs:
--------------------------------------------------------------------------------
1 | top : THEORY
2 | BEGIN
3 |
4 | IMPORTING memory,cmath,creal,cfloat,cint
5 |
6 | END top
7 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/nl_awb_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_post
2 | (goal 0 (goal-1 nil 3771691294 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/nl_awb_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_post
2 | (goal 0 (goal-1 nil 3771691921 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/nl_awb_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_post
2 | (goal 0 (goal-1 nil 3771693267 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/nl_awb_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_post
2 | (goal 0 (goal-1 nil 3771693712 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/encoding_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (encoding_post
2 | (goal 0 (goal-1 nil 3771691294 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/local_zone_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (local_zone_post
2 | (goal 0 (goal-1 nil 3771691294 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/nl_awb_nn_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_nn_post
2 | (goal 0 (goal-1 nil 3771691294 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/north_lat_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (north_lat_post
2 | (goal 0 (goal-1 nil 3771691294 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/encoding_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (encoding_post
2 | (goal 0 (goal-1 nil 3771691921 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/local_zone_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (local_zone_post
2 | (goal 0 (goal-1 nil 3771691921 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/nl_awb_nn_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_nn_post
2 | (goal 0 (goal-1 nil 3771691921 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/north_lat_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (north_lat_post
2 | (goal 0 (goal-1 nil 3771691922 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/encoding_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (encoding_post
2 | (goal 0 (goal-1 nil 3771693267 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/local_zone_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (local_zone_post
2 | (goal 0 (goal-1 nil 3771693267 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/nl_awb_nn_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_nn_post
2 | (goal 0 (goal-1 nil 3771693267 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/north_lat_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (north_lat_post
2 | (goal 0 (goal-1 nil 3771693267 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/encoding_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (encoding_post
2 | (goal 0 (goal-1 nil 3771693712 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/local_zone_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (local_zone_post
2 | (goal 0 (goal-1 nil 3771693712 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/nl_awb_nn_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_nn_post
2 | (goal 0 (goal-1 nil 3771693712 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/north_lat_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (north_lat_post
2 | (goal 0 (goal-1 nil 3771693712 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/CPR_fp/cpr_funs.prf:
--------------------------------------------------------------------------------
1 | (cpr_funs
2 | (cpr_sqrt_TCC1 0
3 | (cpr_sqrt_TCC1-1 nil 3667667986 ("" (subtype-tcc) nil nil) nil nil)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/CPR/cpr_defs.pvs:
--------------------------------------------------------------------------------
1 | cpr_defs: THEORY
2 | BEGIN
3 |
4 | NumBins: TYPE = {nn:posnat | nn=12 OR nn=14 OR nn=17 OR nn=19}
5 |
6 | END cpr_defs
7 |
--------------------------------------------------------------------------------
/PVS/.gitignore:
--------------------------------------------------------------------------------
1 | pvsbin/
2 | orphaned-proofs.prf
3 | *.tptp
4 | *.dep
5 | .pvscontext
6 | *.bin
7 | *.log
8 | *.summary
9 | *.dump
10 | *.out
11 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/nl_awb_call_nl_awb_nn_pre_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_call_nl_awb_nn_pre
2 | (goal 0 (goal-1 nil 3771691294 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/nl_awb_call_nl_awb_nn_pre_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_call_nl_awb_nn_pre
2 | (goal 0 (goal-1 nil 3771691921 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/nl_awb_call_nl_awb_nn_pre_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_call_nl_awb_nn_pre
2 | (goal 0 (goal-1 nil 3771693267 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/nl_awb_call_nl_awb_nn_pre_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_call_nl_awb_nn_pre
2 | (goal 0 (goal-1 nil 3771693712 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/closest_mult_div_shift_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (closest_mult_div_shift_post
2 | (goal 0 (goal-1 nil 3771691294 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/nl_awb_call_nl_awb_nn_pre_2_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_call_nl_awb_nn_pre_2
2 | (goal 0 (goal-1 nil 3771691294 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/closest_mult_div_shift_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (closest_mult_div_shift_post
2 | (goal 0 (goal-1 nil 3771691922 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/nl_awb_call_nl_awb_nn_pre_2_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_call_nl_awb_nn_pre_2
2 | (goal 0 (goal-1 nil 3771691921 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/closest_mult_div_shift_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (closest_mult_div_shift_post
2 | (goal 0 (goal-1 nil 3771693267 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/nl_awb_call_nl_awb_nn_pre_2_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_call_nl_awb_nn_pre_2
2 | (goal 0 (goal-1 nil 3771693267 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/closest_mult_div_shift_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (closest_mult_div_shift_post
2 | (goal 0 (goal-1 nil 3771693712 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/nl_awb_call_nl_awb_nn_pre_2_PVS.prf:
--------------------------------------------------------------------------------
1 | (nl_awb_call_nl_awb_nn_pre_2
2 | (goal 0 (goal-1 nil 3771693712 ("" (prove-vc) nil) nil shostak)))
3 |
4 |
--------------------------------------------------------------------------------
/PVS/framac_wp/creal.pvs:
--------------------------------------------------------------------------------
1 | creal: THEORY
2 | BEGIN
3 |
4 | rdiv(x,y: real): real
5 | = IF y /= 0 THEN x/y ELSE choose({x:real | TRUE}) ENDIF
6 |
7 | END creal
8 |
--------------------------------------------------------------------------------
/PVS/all-theories:
--------------------------------------------------------------------------------
1 | : --log --dir summaries
2 | CPR_fp
3 | CPR
4 | framac_wp
5 | vc_nb_12 # NB = 12
6 | vc_nb_14 # NB = 14
7 | vc_nb_17 # NB = 17
8 | vc_nb_19 # NB = 19
9 |
--------------------------------------------------------------------------------
/C/fixed-point/coarse/benchmarks/encoding/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | coarse:
5 | $(CC) -o encode encode.c -L../.. -lcoarse $(FLAGS)
6 |
7 | clean:
8 | $(RM) encode
--------------------------------------------------------------------------------
/C/fixed-point/intent/benchmarks/encoding/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | intent:
5 | $(CC) -o encode encode.c -L../.. -lintent $(FLAGS)
6 |
7 | clean:
8 | $(RM) encode
--------------------------------------------------------------------------------
/PVS/vc_nb_12/rlat_int_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (rlat_int_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771691293 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771691294 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/rlat_int_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (rlat_int_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771691920 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771691921 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/rlat_int_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (rlat_int_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771693266 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771693267 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/rlat_int_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (rlat_int_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771693710 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771693712 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/global_zone_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (global_zone_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771691293 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771691294 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/local_decode_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (local_decode_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771691293 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771691294 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/global_zone_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (global_zone_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771691920 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771691921 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/local_decode_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (local_decode_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771691920 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771691921 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/global_zone_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (global_zone_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771693266 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771693267 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/local_decode_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (local_decode_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771693266 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771693267 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/global_zone_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (global_zone_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771693711 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771693712 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/local_decode_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (local_decode_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771693710 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771693712 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/global_decode_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (global_decode_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771691293 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771691294 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/global_decode_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (global_decode_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771691920 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771691922 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/global_decode_post_PVS.prf:
--------------------------------------------------------------------------------
1 | (global_decode_post
2 | (goal_TCC1 0 (goal_TCC1-1 nil 3771693266 ("" (prove-vc) nil) nil nil))
3 | (goal 0 (goal-1 nil 3771693267 ("" (prove-vc) nil) nil shostak)))
4 |
5 |
--------------------------------------------------------------------------------
/C/fixed-point/airborne/benchmarks/README.md:
--------------------------------------------------------------------------------
1 | This directory contains examples of use for each CPR operation under the **airborne** format: the [`encoding`](encoding) and both modalities for decoding [`global-decoding`](global-decoding) and [`local-decoding`](local-decoding).
2 |
3 |
--------------------------------------------------------------------------------
/C/fixed-point/coarse/benchmarks/README.md:
--------------------------------------------------------------------------------
1 | This directory contains examples of use for each CPR operation under the **coarse** format: the [`encoding`](encoding) and both modalities for decoding [`global-decoding`](global-decoding) and [`local-decoding`](local-decoding).
2 |
3 |
--------------------------------------------------------------------------------
/C/fixed-point/surface/benchmarks/README.md:
--------------------------------------------------------------------------------
1 | This directory contains examples of use for each CPR operation under the **surface** format: the [`encoding`](encoding) and both modalities for decoding [`global-decoding`](global-decoding) and [`local-decoding`](local-decoding).
2 |
3 |
--------------------------------------------------------------------------------
/PVS/CPR_fp/README.md:
--------------------------------------------------------------------------------
1 | # CPR_fp
2 |
3 | # Contributors
4 | * Mariano M. Moscato, NIA, USA
5 |
6 | ## Maintainer
7 | * [César Muñoz](http://shemesh.larc.nasa.gov/people/cam), NASA, USA
8 |
9 | # Dependencies
10 |
11 | 
12 |
--------------------------------------------------------------------------------
/PVS/CPR/top.pvs:
--------------------------------------------------------------------------------
1 | top : THEORY
2 |
3 | BEGIN
4 |
5 | IMPORTING
6 | abstract_cpr,
7 | awb32,
8 | compute_atan,
9 | cpr_real,
10 | cpr_int,
11 | nl,
12 | rlat_spec,
13 | simple_props,
14 | trans_eval,
15 | uint32
16 |
17 |
18 |
19 | END top
20 |
--------------------------------------------------------------------------------
/PVS/framac_wp/README.md:
--------------------------------------------------------------------------------
1 | # framac_wp
2 |
3 | # Contributors
4 | * Mariano M. Moscato, NIA, USA
5 |
6 | ## Maintainer
7 | * [César Muñoz](http://shemesh.larc.nasa.gov/people/cam), NASA, USA
8 |
9 | # Dependencies
10 |
11 | 
12 |
--------------------------------------------------------------------------------
/C/fixed-point/airborne/benchmarks/encoding/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | all: airborne check
5 |
6 | airborne:
7 | $(CC) -o encode encode.c -L../.. -lairborne $(FLAGS)
8 |
9 | check:
10 | $(CC) -o check-encoding check-encoding.c $(FLAGS)
11 |
12 | clean:
13 | $(RM) encode check-encoding
--------------------------------------------------------------------------------
/C/fixed-point/coarse/benchmarks/global-decoding/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | all: coarse check
5 |
6 | coarse:
7 | $(CC) -o decode decode.c -L../.. -lcoarse $(FLAGS)
8 |
9 | check:
10 | $(CC) -o check-decoding check-decoding.c ../../nl_int.o $(FLAGS)
11 |
12 | clean:
13 | $(RM) decode
--------------------------------------------------------------------------------
/C/floating-point/benchmarks/local-decoding/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | all: airborne check
5 |
6 | airborne:
7 | $(CC) -o decode decode.c -L../.. -lairborne $(FLAGS)
8 |
9 | check:
10 | $(CC) -o check-decoding check-decoding.c $(FLAGS)
11 |
12 | clean:
13 | $(RM) decode check-decoding
--------------------------------------------------------------------------------
/C/fixed-point/surface/benchmarks/global-decoding/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | all: surface check
5 |
6 | surface:
7 | $(CC) -o decode decode.c -L../.. -lsurface $(FLAGS)
8 |
9 | check:
10 | $(CC) -o check-decoding check-decoding.c ../../nl_int.o $(FLAGS)
11 |
12 | clean:
13 | $(RM) decode
--------------------------------------------------------------------------------
/C/floating-point/benchmarks/global-decoding/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | all: airborne check
5 |
6 | airborne:
7 | $(CC) -o decode decode.c -L../.. -lairborne $(FLAGS)
8 |
9 | check:
10 | $(CC) -o check-decoding check-decoding.c $(FLAGS)
11 |
12 | clean:
13 | $(RM) decode check-decoding
--------------------------------------------------------------------------------
/PVS/vc_nb_12/README.md:
--------------------------------------------------------------------------------
1 | # vc_nb_12
2 |
3 | # Contributors
4 | * Aaron Dutle, NASA, USA
5 | * Mariano M. Moscato, NIA, USA
6 |
7 | ## Maintainer
8 | * [César Muñoz](http://shemesh.larc.nasa.gov/people/cam), NASA, USA
9 |
10 | # Dependencies
11 |
12 | 
13 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/README.md:
--------------------------------------------------------------------------------
1 | # vc_nb_14
2 |
3 | # Contributors
4 | * Aaron Dutle, NASA, USA
5 | * Mariano M. Moscato, NIA, USA
6 |
7 | ## Maintainer
8 | * [César Muñoz](http://shemesh.larc.nasa.gov/people/cam), NASA, USA
9 |
10 | # Dependencies
11 |
12 | 
13 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/README.md:
--------------------------------------------------------------------------------
1 | # vc_nb_17
2 |
3 | # Contributors
4 | * Aaron Dutle, NASA, USA
5 | * Mariano M. Moscato, NIA, USA
6 |
7 | ## Maintainer
8 | * [César Muñoz](http://shemesh.larc.nasa.gov/people/cam), NASA, USA
9 |
10 | # Dependencies
11 |
12 | 
13 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/README.md:
--------------------------------------------------------------------------------
1 | # vc_nb_19
2 |
3 | # Contributors
4 | * Aaron Dutle, NASA, USA
5 | * Mariano M. Moscato, NIA, USA
6 |
7 | ## Maintainer
8 | * [César Muñoz](http://shemesh.larc.nasa.gov/people/cam), NASA, USA
9 |
10 | # Dependencies
11 |
12 | 
13 |
--------------------------------------------------------------------------------
/PVS/framac_wp/creal.prf:
--------------------------------------------------------------------------------
1 | (creal
2 | (rdiv_TCC1 0
3 | (rdiv_TCC1-1 nil 3735998866 ("" (subtype-tcc) nil nil)
4 | ((/= const-decl "boolean" notequal nil)
5 | (member const-decl "bool" sets nil)
6 | (empty? const-decl "bool" sets nil)
7 | (nonempty? const-decl "bool" sets nil))
8 | nil)))
9 |
10 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/A_params.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'params'
3 | % --------------------------------------------------
4 |
5 | A_params: THEORY
6 | BEGIN
7 |
8 | L_nb : int
9 |
10 | Q_nb_def: AXIOM 12 = (L_nb)
11 | END A_params
12 |
13 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/A_params.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'params'
3 | % --------------------------------------------------
4 |
5 | A_params: THEORY
6 | BEGIN
7 |
8 | L_nb : int
9 |
10 | Q_nb_def: AXIOM 14 = (L_nb)
11 | END A_params
12 |
13 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/A_params.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'params'
3 | % --------------------------------------------------
4 |
5 | A_params: THEORY
6 | BEGIN
7 |
8 | L_nb : int
9 |
10 | Q_nb_def: AXIOM 17 = (L_nb)
11 | END A_params
12 |
13 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/A_params.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'params'
3 | % --------------------------------------------------
4 |
5 | A_params: THEORY
6 | BEGIN
7 |
8 | L_nb : int
9 |
10 | Q_nb_def: AXIOM 19 = (L_nb)
11 | END A_params
12 |
13 |
--------------------------------------------------------------------------------
/C/fixed-point/airborne/benchmarks/global-decoding/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | all: airborne check
5 |
6 | airborne:
7 | $(CC) -o decode decode.c -L../.. -lairborne $(FLAGS)
8 |
9 | check:
10 | $(CC) -o check-decoding check-decoding.c ../../nl_int.o $(FLAGS)
11 |
12 | clean:
13 | $(RM) decode check-decoding
--------------------------------------------------------------------------------
/C/fixed-point/coarse/benchmarks/local-decoding/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | all: coarse check
5 |
6 | coarse:
7 | $(CC) -o decode decode.c -L../.. -lcoarse $(FLAGS)
8 |
9 | check:
10 | $(CC) -o check-decoding check-decoding.c ../../nl_int.o ../../cpr_int.o $(FLAGS)
11 |
12 | clean:
13 | $(RM) decode check-decoding
--------------------------------------------------------------------------------
/C/fixed-point/intent/benchmarks/local-decoding/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | all: intent check
5 |
6 | intent:
7 | $(CC) -o decode decode.c -L../.. -lintent $(FLAGS)
8 |
9 | check:
10 | $(CC) -o check-decoding check-decoding.c ../../nl_int.o ../../cpr_int.o $(FLAGS)
11 |
12 | clean:
13 | $(RM) decode check-decoding
--------------------------------------------------------------------------------
/C/fixed-point/intent/benchmarks/README.md:
--------------------------------------------------------------------------------
1 | This directory contains examples of use for each CPR operation under the **intent** format: the [`encoding`](encoding) and the [`local-decoding`](local-decoding).
2 | Recall that intent messages are always calculated using the _even_ format, and hence only the local decoding is used on them.
3 |
4 |
--------------------------------------------------------------------------------
/C/fixed-point/surface/benchmarks/local-decoding/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | all: surface check
5 |
6 | surface:
7 | $(CC) -o decode decode.c -L../.. -lsurface $(FLAGS)
8 |
9 | check:
10 | $(CC) -o check-decoding check-decoding.c ../../nl_int.o ../../cpr_int.o $(FLAGS)
11 |
12 | clean:
13 | $(RM) decode check-decoding
--------------------------------------------------------------------------------
/C/fixed-point/airborne/benchmarks/local-decoding/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | all: airborne check
5 |
6 | airborne:
7 | $(CC) -o decode decode.c -L../.. -lairborne $(FLAGS)
8 |
9 | check:
10 | $(CC) -o check-decoding check-decoding.c ../../nl_int.o ../../cpr_int.o $(FLAGS)
11 |
12 | clean:
13 | $(RM) decode check-decoding
--------------------------------------------------------------------------------
/PVS/summaries/vc_shared.summary:
--------------------------------------------------------------------------------
1 | ***
2 | *** Processing vc_shared (15:58:58 11/25/2020)
3 | *** Generated by proveit 7.1.0 (Nov 05, 2020)
4 | *** Trusted Oracles
5 | *** metit: Try (help metit)
6 | ***
7 |
8 | "Cannot find theory A_params
9 | In file acsl_logic_defs_eq (line 6, col 12)"
10 |
11 |
--------------------------------------------------------------------------------
/C/fixed-point/airborne/benchmarks/global-decoding/decode-all.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./decode $csvfile > $csvfile.out
7 |
8 | echo "$csvfile decoded into $csvfile.out"
9 | else
10 | echo 'Warning: No *.csv file found in the current directory.'
11 | fi
12 | done
--------------------------------------------------------------------------------
/C/fixed-point/airborne/benchmarks/local-decoding/decode-all.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./decode $csvfile > $csvfile.out
7 |
8 | echo "$csvfile decoded into $csvfile.out"
9 | else
10 | echo 'Warning: No *.csv file found in the current directory.'
11 | fi
12 | done
--------------------------------------------------------------------------------
/C/fixed-point/coarse/benchmarks/encoding/encode-all.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./encode $csvfile > $csvfile.out
7 |
8 | echo "$csvfile encoded into $csvfile.out"
9 | else
10 | echo 'Warning: No *.csv file found in the current directory.'
11 | fi
12 | done
13 |
--------------------------------------------------------------------------------
/C/fixed-point/coarse/benchmarks/global-decoding/decode-all.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./decode $csvfile > $csvfile.out
7 |
8 | echo "$csvfile decoded into $csvfile.out"
9 | else
10 | echo 'Warning: No *.csv file found in the current directory.'
11 | fi
12 | done
--------------------------------------------------------------------------------
/C/fixed-point/coarse/benchmarks/local-decoding/decode-all.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./decode $csvfile > $csvfile.out
7 |
8 | echo "$csvfile decoded into $csvfile.out"
9 | else
10 | echo 'Warning: No *.csv file found in the current directory.'
11 | fi
12 | done
--------------------------------------------------------------------------------
/C/fixed-point/intent/benchmarks/encoding/encode-all.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./encode $csvfile > $csvfile.out
7 |
8 | echo "$csvfile encoded into $csvfile.out"
9 | else
10 | echo 'Warning: No *.csv file found in the current directory.'
11 | fi
12 | done
13 |
--------------------------------------------------------------------------------
/C/fixed-point/intent/benchmarks/local-decoding/decode-all.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./decode $csvfile > $csvfile.out
7 |
8 | echo "$csvfile decoded into $csvfile.out"
9 | else
10 | echo 'Warning: No *.csv file found in the current directory.'
11 | fi
12 | done
--------------------------------------------------------------------------------
/C/fixed-point/surface/benchmarks/global-decoding/decode-all.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./decode $csvfile > $csvfile.out
7 |
8 | echo "$csvfile decoded into $csvfile.out"
9 | else
10 | echo 'Warning: No *.csv file found in the current directory.'
11 | fi
12 | done
--------------------------------------------------------------------------------
/C/fixed-point/surface/benchmarks/local-decoding/decode-all.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./decode $csvfile > $csvfile.out
7 |
8 | echo "$csvfile decoded into $csvfile.out"
9 | else
10 | echo 'Warning: No *.csv file found in the current directory.'
11 | fi
12 | done
--------------------------------------------------------------------------------
/Gappa/global_lon/global_rLonNL1.g:
--------------------------------------------------------------------------------
1 | # Longitude Global Decoding (when NL=1)
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | xz = floor(xz_); # i is an integer
7 |
8 | rLonr = 360 * (xz/0x1.0p+17);
9 | rLonf rnd = 360 * (xz/0x1.0p+17);
10 |
11 | { (xz in [0,131072] -> rLonf - rLonr in [-0.000046,0.000046])}
12 |
13 | rLonf - rLonr $ xz;
14 |
--------------------------------------------------------------------------------
/PVS/CPR/README.md:
--------------------------------------------------------------------------------
1 | # CPR
2 |
3 | # Contributors
4 | * Aaron Dutle, NASA, USA
5 | * Gregory Anderson, NASA Intern from Univeristy of Virginia, USA
6 | * Mariano M. Moscato, NIA, USA
7 |
8 | ## Maintainer
9 | * [César Muñoz](http://shemesh.larc.nasa.gov/people/cam), NASA, USA
10 |
11 | # Dependencies
12 |
13 | 
14 |
--------------------------------------------------------------------------------
/C/fixed-point/airborne/benchmarks/local-decoding/check-decoding.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./check-decoding $csvfile.out
7 |
8 | retVal=$?
9 | if [ $retVal -eq 0 ]; then
10 | echo "$csvfile decoded as expected."
11 | fi
12 | else
13 | echo 'Warning: No *.csv file found in the current directory.'
14 | fi
15 | done
--------------------------------------------------------------------------------
/C/fixed-point/coarse/benchmarks/global-decoding/check-decoding.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./check-decoding $csvfile.out
7 |
8 | retVal=$?
9 | if [ $retVal -eq 0 ]; then
10 | echo "$csvfile decoded as expected."
11 | fi
12 | else
13 | echo 'Warning: No *.csv file found in the current directory.'
14 | fi
15 | done
--------------------------------------------------------------------------------
/C/fixed-point/coarse/benchmarks/local-decoding/check-decoding.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./check-decoding $csvfile.out
7 |
8 | retVal=$?
9 | if [ $retVal -eq 0 ]; then
10 | echo "$csvfile decoded as expected."
11 | fi
12 | else
13 | echo 'Warning: No *.csv file found in the current directory.'
14 | fi
15 | done
--------------------------------------------------------------------------------
/C/fixed-point/intent/benchmarks/local-decoding/check-decoding.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./check-decoding $csvfile.out
7 |
8 | retVal=$?
9 | if [ $retVal -eq 0 ]; then
10 | echo "$csvfile decoded as expected."
11 | fi
12 | else
13 | echo 'Warning: No *.csv file found in the current directory.'
14 | fi
15 | done
--------------------------------------------------------------------------------
/C/fixed-point/surface/benchmarks/global-decoding/check-decoding.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./check-decoding $csvfile.out
7 |
8 | retVal=$?
9 | if [ $retVal -eq 0 ]; then
10 | echo "$csvfile decoded as expected."
11 | fi
12 | else
13 | echo 'Warning: No *.csv file found in the current directory.'
14 | fi
15 | done
--------------------------------------------------------------------------------
/C/fixed-point/surface/benchmarks/local-decoding/check-decoding.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./check-decoding $csvfile.out
7 |
8 | retVal=$?
9 | if [ $retVal -eq 0 ]; then
10 | echo "$csvfile decoded as expected."
11 | fi
12 | else
13 | echo 'Warning: No *.csv file found in the current directory.'
14 | fi
15 | done
--------------------------------------------------------------------------------
/C/fixed-point/airborne/benchmarks/global-decoding/check-decoding.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./check-decoding $csvfile.out
7 |
8 | retVal=$?
9 | if [ $retVal -eq 0 ]; then
10 | echo "$csvfile decoded as expected."
11 | fi
12 | else
13 | echo 'Warning: No *.csv file found in the current directory.'
14 | fi
15 | done
--------------------------------------------------------------------------------
/Gappa/global_lon/global_rLon_Hp1.g:
--------------------------------------------------------------------------------
1 | # Hypotesis 1:
2 | # rLon11f - rLon11r -> 0 is valid because of
3 |
4 | @rnd = float;
5 | @floor = int;
6 |
7 | x = floor(x_); # x is an integer
8 | y = floor(y_); # x is an integer
9 |
10 | r = x/y;
11 | f rnd= x/y;
12 |
13 | { ( x in [-60,59] /\ y in [1,59] -> floor(f) - floor(r) in [0,0] ) }
14 | floor(f) - floor(r) $ x,y;
15 |
16 |
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/C/fixed-point/surface/benchmarks/encoding/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | all: surface check verify
5 |
6 | surface:
7 | $(CC) -o encode encode.c -L../.. -lsurface $(FLAGS)
8 |
9 | check:
10 | $(CC) -o check-encoding check-encoding.c $(FLAGS)
11 |
12 | verify:
13 | $(CC) -o verify-lat-trans-points verify-lat-trans-points.c -L../.. -lsurface $(FLAGS)
14 |
15 | clean:
16 | $(RM) encode check-encoding verify-lat-trans-points
--------------------------------------------------------------------------------
/C/floating-point/benchmarks/global-decoding/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./decode $csvfile > $csvfile.out
7 |
8 | ./check-decoding $csvfile.out
9 |
10 | retVal=$?
11 | if [ $retVal -eq 0 ]; then
12 | echo "$csvfile decoded as expected."
13 | fi
14 | else
15 | echo 'Warning: No *.csv file found in the current directory.'
16 | fi
17 | done
--------------------------------------------------------------------------------
/C/floating-point/benchmarks/local-decoding/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./decode $csvfile > $csvfile.out
7 |
8 | ./check-decoding $csvfile.out
9 |
10 | retVal=$?
11 | if [ $retVal -eq 0 ]; then
12 | echo "$csvfile decoded as expected."
13 | fi
14 | else
15 | echo 'Warning: No *.csv file found in the current directory.'
16 | fi
17 | done
--------------------------------------------------------------------------------
/C/fixed-point/coarse/benchmarks/encoding/check-against.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | DIFF=$(diff $csvfile $csvfile.out)
7 | if [ "$DIFF" != "" ]
8 | then
9 | echo "Error in $csvfile"
10 | else
11 | echo "$csvfile encoded as expected."
12 | fi
13 | else
14 | echo 'Warning: No *.csv file found in the current directory.'
15 | fi
16 | done
--------------------------------------------------------------------------------
/C/fixed-point/intent/benchmarks/encoding/check-against.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | DIFF=$(diff $csvfile $csvfile.out)
7 | if [ "$DIFF" != "" ]
8 | then
9 | echo "Error in $csvfile"
10 | else
11 | echo "$csvfile encoded as expected."
12 | fi
13 | else
14 | echo 'Warning: No *.csv file found in the current directory.'
15 | fi
16 | done
--------------------------------------------------------------------------------
/C/fixed-point/airborne/benchmarks/encoding/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./encode $csvfile > $csvfile.out
7 |
8 | ./check-encoding $csvfile $csvfile.out
9 |
10 | retVal=$?
11 | if [ $retVal -eq 0 ]; then
12 | echo "$csvfile encoded as expected."
13 | fi
14 | else
15 | echo 'Warning: No *.csv file found in the current directory.'
16 | fi
17 | done
--------------------------------------------------------------------------------
/C/fixed-point/airborne/benchmarks/global-decoding/check-against.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | DIFF=$(diff $csvfile $csvfile.out)
7 | if [ "$DIFF" != "" ]
8 | then
9 | echo "Error in $csvfile"
10 | else
11 | echo "$csvfile encoded as expected."
12 | fi
13 | else
14 | echo 'Warning: No *.csv file found in the current directory.'
15 | fi
16 | done
--------------------------------------------------------------------------------
/C/fixed-point/airborne/benchmarks/local-decoding/check-against.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | DIFF=$(diff $csvfile $csvfile.out)
7 | if [ "$DIFF" != "" ]
8 | then
9 | echo "Error in $csvfile"
10 | else
11 | echo "$csvfile encoded as expected."
12 | fi
13 | else
14 | echo 'Warning: No *.csv file found in the current directory.'
15 | fi
16 | done
--------------------------------------------------------------------------------
/C/fixed-point/coarse/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | coarse:
5 | $(CC) -c -o nl_int.o nl_int.c $(CFLAGS)
6 | $(CC) -c -o cpr_int.o cpr_int.c $(CFLAGS)
7 | $(CC) -c -o coarse.o cpr.c $(CFLAGS)
8 | ar -cr libcoarse.a coarse.o cpr_int.o nl_int.o
9 |
10 | clean:
11 | $(RM) *.o *.a
12 |
13 | clean-all: clean
14 | $(MAKE) clean -C benchmarks/encoding
15 | $(MAKE) clean -C benchmarks/local-decoding
16 | $(MAKE) clean -C benchmarks/global-decoding
17 |
--------------------------------------------------------------------------------
/C/fixed-point/coarse/benchmarks/global-decoding/check-against.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | DIFF=$(diff $csvfile $csvfile.out)
7 | if [ "$DIFF" != "" ]
8 | then
9 | echo "Error in $csvfile"
10 | else
11 | echo "$csvfile encoded as expected."
12 | fi
13 | else
14 | echo 'Warning: No *.csv file found in the current directory.'
15 | fi
16 | done
--------------------------------------------------------------------------------
/C/fixed-point/coarse/benchmarks/local-decoding/check-against.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | DIFF=$(diff $csvfile $csvfile.out)
7 | if [ "$DIFF" != "" ]
8 | then
9 | echo "Error in $csvfile"
10 | else
11 | echo "$csvfile encoded as expected."
12 | fi
13 | else
14 | echo 'Warning: No *.csv file found in the current directory.'
15 | fi
16 | done
--------------------------------------------------------------------------------
/C/fixed-point/intent/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | intent:
5 | $(CC) -c -o nl_int.o nl_int.c $(CFLAGS)
6 | $(CC) -c -o cpr_int.o cpr_int.c $(CFLAGS)
7 | $(CC) -c -o intent.o cpr.c $(CFLAGS)
8 | ar -cr libintent.a intent.o cpr_int.o nl_int.o
9 |
10 | clean:
11 | $(RM) *.o *.a
12 |
13 | clean-all: clean
14 | $(MAKE) clean -C benchmarks/encoding
15 | $(MAKE) clean -C benchmarks/local-decoding
16 | $(MAKE) clean -C benchmarks/global-decoding
17 |
--------------------------------------------------------------------------------
/C/fixed-point/intent/benchmarks/local-decoding/check-against.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | DIFF=$(diff $csvfile $csvfile.out)
7 | if [ "$DIFF" != "" ]
8 | then
9 | echo "Error in $csvfile"
10 | else
11 | echo "$csvfile encoded as expected."
12 | fi
13 | else
14 | echo 'Warning: No *.csv file found in the current directory.'
15 | fi
16 | done
--------------------------------------------------------------------------------
/C/fixed-point/surface/benchmarks/encoding/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | ./encode $csvfile > $csvfile.out
7 |
8 | ./check-encoding $csvfile $csvfile.out
9 |
10 | retVal=$?
11 | if [ $retVal -eq 0 ]; then
12 | echo "$csvfile encoded as expected."
13 | fi
14 | else
15 | echo 'Warning: No *.csv file found in the current directory.'
16 | fi
17 | done
--------------------------------------------------------------------------------
/C/fixed-point/surface/benchmarks/global-decoding/check-against.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | DIFF=$(diff $csvfile $csvfile.out)
7 | if [ "$DIFF" != "" ]
8 | then
9 | echo "Error in $csvfile"
10 | else
11 | echo "$csvfile encoded as expected."
12 | fi
13 | else
14 | echo 'Warning: No *.csv file found in the current directory.'
15 | fi
16 | done
--------------------------------------------------------------------------------
/C/fixed-point/surface/benchmarks/local-decoding/check-against.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for csvfile in *.csv
4 | do
5 | if [ -e "$csvfile" ]; then
6 | DIFF=$(diff $csvfile $csvfile.out)
7 | if [ "$DIFF" != "" ]
8 | then
9 | echo "Error in $csvfile"
10 | else
11 | echo "$csvfile encoded as expected."
12 | fi
13 | else
14 | echo 'Warning: No *.csv file found in the current directory.'
15 | fi
16 | done
--------------------------------------------------------------------------------
/C/fixed-point/airborne/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | airborne:
5 | $(CC) -c -o nl_int.o nl_int.c $(CFLAGS)
6 | $(CC) -c -o cpr_int.o cpr_int.c $(CFLAGS)
7 | $(CC) -c -o airborne.o cpr.c $(CFLAGS)
8 | ar -cr libairborne.a airborne.o cpr_int.o nl_int.o
9 |
10 | clean:
11 | $(RM) *.o *.a
12 |
13 | clean-all: clean
14 | $(MAKE) clean -C benchmarks/encoding
15 | $(MAKE) clean -C benchmarks/local-decoding
16 | $(MAKE) clean -C benchmarks/global-decoding
17 |
--------------------------------------------------------------------------------
/C/fixed-point/surface/Makefile:
--------------------------------------------------------------------------------
1 | CC=gcc
2 | CFLAGS=-Wall
3 |
4 | surface:
5 | $(CC) -c -o nl_int.o nl_int.c $(CFLAGS)
6 | $(CC) -c -o cpr_int.o cpr_int.c $(CFLAGS)
7 | $(CC) -c -o surface.o cpr.c $(CFLAGS)
8 | ar -cr libsurface.a surface.o cpr_int.o nl_int.o
9 |
10 | clean:
11 | $(RM) *.o *.a
12 |
13 | clean-all: clean
14 | $(MAKE) clean -C benchmarks/encoding
15 | $(MAKE) clean -C benchmarks/local-decoding
16 | $(MAKE) clean -C benchmarks/global-decoding
17 |
--------------------------------------------------------------------------------
/Gappa/global_lat/global_rLat_Hp1.g:
--------------------------------------------------------------------------------
1 | # Hypothesis 1: floor(j_60_i_f) - floor(j_60_i_r) -> 0;
2 | #
3 | # The argument is that j_60_i_f = j_60_i_r, which can be stated as valid since:
4 |
5 | @rnd = float;
6 | @floor = int;
7 |
8 | x = floor(x_); # x is an integer
9 | y = floor(y_); # y is an integer
10 |
11 | r = x/y;
12 | f rnd = x/y;
13 |
14 | { ( x in [-60,59] /\ y in [59,60] -> floor(f) - floor(r) in [0,0] ) }
15 | floor(f) - floor(r) $ y,x;
16 |
--------------------------------------------------------------------------------
/C/fixed-point/README.md:
--------------------------------------------------------------------------------
1 | # Formally verified fixed-point implementation of the CPR encoding/decoding functions
2 |
3 | An implementation of each possible message type defined in the standard can be found in the corresponding directory: [`coarse`](coarse) (Nb=12), [`intent`](intent) (Nb=14), [`airborne`](airborne) (Nb=17), and [`surface`](surface) (Nb=19).
4 |
5 | For usage examples, please see the subdirectory [`benchmarks`](benchmarks) located inside of each of the aforementioned folders.
6 |
--------------------------------------------------------------------------------
/C/floating-point/Makefile:
--------------------------------------------------------------------------------
1 | CC := gcc
2 | CFLAGS := -Wall
3 |
4 | airborne: cpr.o nl.o global_rLat_i0.o global_rLat_i1.o global_rLon_i0.o global_rLon_i1.o global_rLonNL1.o local_rLat-greater-2-30.o local_rLat.o local_rLon.o local_rLonNL1.o
5 | ar -cr libairborne.a cpr.o nl.o global_rLat_i0.o global_rLat_i1.o global_rLon_i0.o global_rLon_i1.o global_rLonNL1.o local_rLat-greater-2-30.o local_rLat.o local_rLon.o local_rLonNL1.o
6 |
7 | %.o: %.c
8 | $(CC) -c -o $@ $< $(CFLAGS)
9 |
10 | clean:
11 | $(RM) *.o *.a
--------------------------------------------------------------------------------
/PVS/CPR_fp/AWB.pvs:
--------------------------------------------------------------------------------
1 | AWB[ bits: above(1) ]
2 | : THEORY
3 |
4 | BEGIN
5 |
6 | IMPORTING cpr_defs
7 |
8 | res: real = 360/2^bits
9 |
10 | LatAWB: TYPE = {x:nat | x<=2^(bits-2) OR (x<2^bits AND x>=3*2^(bits-2))}
11 |
12 | LonAWB: TYPE = {x:nat | x<2^bits}
13 |
14 | AWB2lat(lat_bin: LatAWB): Latitude =
15 | IF lat_bin<=2^(bits-2)
16 | THEN lat_bin*res
17 | ELSE lat_bin*res - 360
18 | ENDIF
19 |
20 | AWB2lon(lon_bin: LonAWB): Longitude =
21 | res*lon_bin
22 |
23 | END AWB
24 |
--------------------------------------------------------------------------------
/PVS/framac_wp/memory.pvs:
--------------------------------------------------------------------------------
1 | memory: THEORY BEGIN
2 |
3 | % stub memory model
4 |
5 | % See frama-c/src/plugins/wp/MemTyped.ml for details.
6 |
7 | addr: DATATYPE
8 | BEGIN
9 | mk_addr(base: int, offset: int): addr?
10 | END addr
11 |
12 | shift(p: addr, k: int): addr
13 | = mk_addr(base(p), offset(p)+k)
14 |
15 | region: [int->int]
16 |
17 | linked(t:ARRAY[int->int]): bool = TRUE
18 |
19 | valid_rw(allocation_table:ARRAY[int->int], a: addr, offset: int): bool
20 | = TRUE
21 |
22 | END memory
23 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/A_utils.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'utils'
3 | % --------------------------------------------------
4 |
5 | A_utils: THEORY
6 | BEGIN
7 | IMPORTING A_uint32_operations
8 | IMPORTING framac_wp@cint
9 |
10 | L_closest_mult_div_shift(a : int, x : int) : int =
11 | L_add_u32(L_mul_u32(x, lsr(a, 15)),
12 | lsr(L_add_u32(lsr(L_mul_u32(L_mul_u32(2, x), L_mod_u32(a, 32768)), 15),
13 | 1), 1))
14 | END A_utils
15 |
16 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/A_utils.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'utils'
3 | % --------------------------------------------------
4 |
5 | A_utils: THEORY
6 | BEGIN
7 | IMPORTING A_uint32_operations
8 | IMPORTING framac_wp@cint
9 |
10 | L_closest_mult_div_shift(a : int, x : int) : int =
11 | L_add_u32(L_mul_u32(x, lsr(a, 13)),
12 | lsr(L_add_u32(lsr(L_mul_u32(L_mul_u32(2, x), L_mod_u32(a, 8192)), 13),
13 | 1), 1))
14 | END A_utils
15 |
16 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/A_utils.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'utils'
3 | % --------------------------------------------------
4 |
5 | A_utils: THEORY
6 | BEGIN
7 | IMPORTING A_uint32_operations
8 | IMPORTING framac_wp@cint
9 |
10 | L_closest_mult_div_shift(a : int, x : int) : int =
11 | L_add_u32(L_mul_u32(x, lsr(a, 18)),
12 | lsr(L_add_u32(lsr(L_mul_u32(L_mul_u32(2, x), L_mod_u32(a, 262144)), 18),
13 | 1), 1))
14 | END A_utils
15 |
16 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/A_utils.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'utils'
3 | % --------------------------------------------------
4 |
5 | A_utils: THEORY
6 | BEGIN
7 | IMPORTING A_uint32_operations
8 | IMPORTING framac_wp@cint
9 |
10 | L_closest_mult_div_shift(a : int, x : int) : int =
11 | L_add_u32(L_mul_u32(x, lsr(a, 20)),
12 | lsr(L_add_u32(lsr(L_mul_u32(L_mul_u32(2, x), L_mod_u32(a, 1048576)),
13 | 20), 1), 1))
14 | END A_utils
15 |
16 |
--------------------------------------------------------------------------------
/PVS/CPR_fp/simplifications.pvs:
--------------------------------------------------------------------------------
1 | simplifications: THEORY
2 | BEGIN
3 |
4 | IMPORTING cpr_defs
5 |
6 | mod_div_simp: LEMMA
7 | FORALL (a:real, b:posreal):
8 | mod(a,b)/b = a/b-floor(a/b)
9 |
10 | floor_plus_mod_simp: LEMMA
11 | FORALL (a, other: real, b:posreal):
12 | floor(a/b) + floor(mod(a,b)/b + other) =
13 | floor(a/b + other)
14 |
15 | nl_table_simp: LEMMA
16 | FORALL (nl: subrange(2,59)):
17 | sqrt((1-cos(pi/(2*NZ)))/(1-cos(2*pi/nl))) =
18 | sin(pi/(4*NZ))/sin(pi/nl)
19 |
20 | END simplifications
21 |
--------------------------------------------------------------------------------
/PVS/CPR/simple_props.pvs:
--------------------------------------------------------------------------------
1 | simple_props : THEORY
2 | BEGIN
3 |
4 | IMPORTING trig@trig_ineq
5 |
6 | NZ: real = 15
7 |
8 | abs_diff: LEMMA FORALL (a,b:real, c:nnreal):
9 | abs(a-b);
4 | @floor = int;
5 |
6 | n = floor(n_); # n is an integer
7 | i = floor(i_); # i is an integer
8 |
9 | dlr = 60 - i;
10 | dlf rnd = 60 - i;
11 | tmp1r = (n * dlr + 0x1.0p+14)*0x1.0p-15;
12 | tmp1f rnd = (n * dlf + 0x1.0p+14)*0x1.0p-15;
13 | tmp2r = (n * dlr)*0x1.0p-32;
14 | tmp2f rnd = (n * dlf)*0x1.0p-32;
15 | yzr1 = floor(tmp1r) - 0x1.0p+17 * floor(tmp2r) ;
16 | yzf1 rnd = floor(tmp1f) - 0x1.0p+17 * floor(tmp2f) ;
17 | yzr17 = yzr1 * 0x1.0p-17;
18 | yzf17 rnd = yzf1 * 0x1.0p-17;
19 |
20 | # Hypothesis 2
21 | { (i in [0,1] /\ n in [0,4294967296] -> yzf17 - yzr17 in [0,0]) }
22 | yzf1 - yzr1 -> 0; # Hypotesis 1
23 |
--------------------------------------------------------------------------------
/Gappa/xz/xz_hp2.g:
--------------------------------------------------------------------------------
1 | # Longitude encoding function
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | n = floor(n_); # n is an integer
7 | i = floor(i_); # i is an integer
8 | nl = floor(nl_); # nl is an integer
9 |
10 | nlir = nl - i;
11 | nlif rnd = nl - i;
12 | tmp1r = (n * nlir + 0x1.0p+14)*0x1.0p-15;
13 | tmp1f rnd = (n * nlif + 0x1.0p+14)*0x1.0p-15;
14 | tmp2r = (n * nlir)*0x1.0p-32;
15 | tmp2f rnd = (n * nlif)*0x1.0p-32;
16 | xzr1 = floor(tmp1r) - 0x1.0p+17 * floor(tmp2r) ;
17 | xzf1 rnd = floor(tmp1f) - 0x1.0p+17 * floor(tmp2f) ;
18 |
19 |
20 | # Hypothesis 2
21 | { (i in [0,1] /\ n in [0,4294967296] /\ nl in [1,59] -> xzf1*0x1.0p-17 - xzr1*0x1.0p-17 in [0,0])}
22 | xzf1 - xzr1 -> 0; # Hypotesis 1
23 |
--------------------------------------------------------------------------------
/C/fixed-point/coarse/README.md:
--------------------------------------------------------------------------------
1 | This directory contains a formally verified fixed-point implementation of the CPR encoding/decoding functions for the **coarse** format (Nb=12).
2 |
3 | * `cpr`: entry-point for encoding/decoding features.
4 | * `cpr_int`: (formally verified) core encoding/decoding functions.
5 | * `nl_int`: (formally verified) precomputed NL table.
6 |
7 | For examples of use, please see the directory [`benchmarks`](benchmarks).
8 |
9 | The included `Makefile` can be used to generate the static library `libcoarse.a`.
10 |
11 | ```shell
12 | $ make
13 | gcc -c -o nl_int.o nl_int.c -Wall
14 | gcc -c -o cpr_int.o cpr_int.c -Wall
15 | gcc -c -o coarse.o cpr.c -Wall
16 | ar -cr libcoarse.a coarse.o cpr_int.o nl_int.o
17 | ```
18 |
--------------------------------------------------------------------------------
/C/fixed-point/intent/README.md:
--------------------------------------------------------------------------------
1 | This directory contains a formally verified fixed-point implementation of the CPR encoding/decoding functions for the **intent** format (Nb=14).
2 |
3 | * `cpr`: entry-point for encoding/decoding features.
4 | * `cpr_int`: (formally verified) core encoding/decoding functions.
5 | * `nl_int`: (formally verified) precomputed NL table.
6 |
7 | For examples of use, please see the directory [`benchmarks`](benchmarks).
8 |
9 | The included `Makefile` can be used to generate the static library `libintent.a`.
10 |
11 | ```shell
12 | $ make
13 | gcc -c -o nl_int.o nl_int.c -Wall
14 | gcc -c -o cpr_int.o cpr_int.c -Wall
15 | gcc -c -o intent.o cpr.c -Wall
16 | ar -cr libintent.a intent.o cpr_int.o nl_int.o
17 | ```
18 |
--------------------------------------------------------------------------------
/C/fixed-point/surface/README.md:
--------------------------------------------------------------------------------
1 | This directory contains a formally verified fixed-point implementation of the CPR encoding/decoding functions for the **surface** format (Nb=19).
2 |
3 | * `cpr`: entry-point for encoding/decoding features.
4 | * `cpr_int`: (formally verified) core encoding/decoding functions.
5 | * `nl_int`: (formally verified) precomputed NL table.
6 |
7 | For examples of use, please see the directory [`benchmarks`](benchmarks).
8 |
9 | The included `Makefile` can be used to generate the static library `libsurface.a`.
10 |
11 | ```shell
12 | $ make
13 | gcc -c -o nl_int.o nl_int.c -Wall
14 | gcc -c -o cpr_int.o cpr_int.c -Wall
15 | gcc -c -o surface.o cpr.c -Wall
16 | ar -cr libsurface.a surface.o cpr_int.o nl_int.o
17 | ```
18 |
--------------------------------------------------------------------------------
/C/fixed-point/airborne/README.md:
--------------------------------------------------------------------------------
1 | This directory contains a formally verified fixed-point implementation of the CPR encoding/decoding functions for the **airborne** format (Nb=17).
2 |
3 | * `cpr`: entry-point for encoding/decoding features.
4 | * `cpr_int`: (formally verified) core encoding/decoding functions.
5 | * `nl_int`: (formally verified) precomputed NL table.
6 |
7 | For examples of use, please see the directory [`benchmarks`](benchmarks).
8 |
9 | The included `Makefile` can be used to generate the static library `libairborne.a`.
10 |
11 | ```shell
12 | $ make
13 | gcc -c -o nl_int.o nl_int.c -Wall
14 | gcc -c -o cpr_int.o cpr_int.c -Wall
15 | gcc -c -o airborne.o cpr.c -Wall
16 | ar -cr libairborne.a airborne.o cpr_int.o nl_int.o
17 | ```
18 |
--------------------------------------------------------------------------------
/PVS/CPR/compute_atan.pvs:
--------------------------------------------------------------------------------
1 | compute_atan: THEORY
2 | BEGIN
3 |
4 | IMPORTING
5 | exact_real_arith@top
6 |
7 | RInterval: TYPE = {I : Interval | rational_pred(I`lb) and rational_pred(I`ub)}
8 | x: VAR real
9 | a, b: VAR rat
10 | n: VAR nat
11 |
12 | atan_comp: LEMMA
13 | x ## [|a, b|] IMPLIES
14 | (cauchy_atan(computable_rat.cauchy_rat(a))(n) - 1)/2^n < atan(x)
15 | AND
16 | atan(x) < (cauchy_atan(computable_rat.cauchy_rat(b))(n) + 1)/2^n
17 |
18 | atan_int(x:real, (ab: RInterval | x ## ab ), n:nat):
19 | {AB: Interval | atan(x) ## AB} =
20 | LET den = 2^n IN
21 | (# lb:= (cauchy_atan(computable_rat.cauchy_rat(ab`lb))(n) - 1)/den,
22 | ub := (cauchy_atan(computable_rat.cauchy_rat(ab`ub))(n) + 1)/den #)
23 |
24 | END compute_atan
25 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/top.pvs:
--------------------------------------------------------------------------------
1 | top: THEORY
2 | BEGIN
3 |
4 | IMPORTING acsl_logic_defs_eq,
5 | interface,
6 |
7 | A_utils,
8 | A_params,
9 | A_uint32_operations,
10 |
11 | A_encode,
12 | encoding_post,
13 |
14 | A_nl,
15 | nl_awb_post,
16 | nl_awb_nn_post,
17 | nl_awb_call_nl_awb_nn_pre,
18 | nl_awb_call_nl_awb_nn_pre_2,
19 |
20 | A_local_decoding,
21 | local_zone_post,
22 | local_decode_post,
23 | rlat_int_post,
24 |
25 | A_global_decoding,
26 | global_zone_post,
27 | global_decode_post,
28 | north_lat_post,
29 |
30 | closest_mult_div_shift_post
31 |
32 | END top
33 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/top.pvs:
--------------------------------------------------------------------------------
1 | top: THEORY
2 | BEGIN
3 |
4 | IMPORTING acsl_logic_defs_eq,
5 | interface,
6 |
7 | A_utils,
8 | A_params,
9 | A_uint32_operations,
10 |
11 | A_encode,
12 | encoding_post,
13 |
14 | A_nl,
15 | nl_awb_post,
16 | nl_awb_nn_post,
17 | nl_awb_call_nl_awb_nn_pre,
18 | nl_awb_call_nl_awb_nn_pre_2,
19 |
20 | A_local_decoding,
21 | local_zone_post,
22 | local_decode_post,
23 | rlat_int_post,
24 |
25 | A_global_decoding,
26 | global_zone_post,
27 | global_decode_post,
28 | north_lat_post,
29 |
30 | closest_mult_div_shift_post
31 |
32 | END top
33 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/top.pvs:
--------------------------------------------------------------------------------
1 | top: THEORY
2 | BEGIN
3 |
4 | IMPORTING acsl_logic_defs_eq,
5 | interface,
6 |
7 | A_utils,
8 | A_params,
9 | A_uint32_operations,
10 |
11 | A_encode,
12 | encoding_post,
13 |
14 | A_nl,
15 | nl_awb_post,
16 | nl_awb_nn_post,
17 | nl_awb_call_nl_awb_nn_pre,
18 | nl_awb_call_nl_awb_nn_pre_2,
19 |
20 | A_local_decoding,
21 | local_zone_post,
22 | local_decode_post,
23 | rlat_int_post,
24 |
25 | A_global_decoding,
26 | global_zone_post,
27 | global_decode_post,
28 | north_lat_post,
29 |
30 | closest_mult_div_shift_post
31 |
32 | END top
33 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/top.pvs:
--------------------------------------------------------------------------------
1 | top: THEORY
2 | BEGIN
3 |
4 | IMPORTING acsl_logic_defs_eq,
5 | interface,
6 |
7 | A_utils,
8 | A_params,
9 | A_uint32_operations,
10 |
11 | A_encode,
12 | encoding_post,
13 |
14 | A_nl,
15 | nl_awb_post,
16 | nl_awb_nn_post,
17 | nl_awb_call_nl_awb_nn_pre,
18 | nl_awb_call_nl_awb_nn_pre_2,
19 |
20 | A_local_decoding,
21 | local_zone_post,
22 | local_decode_post,
23 | rlat_int_post,
24 |
25 | A_global_decoding,
26 | global_zone_post,
27 | global_decode_post,
28 | north_lat_post,
29 |
30 | closest_mult_div_shift_post
31 |
32 | END top
33 |
--------------------------------------------------------------------------------
/Gappa/local_lon/local_rLonNL1.g:
--------------------------------------------------------------------------------
1 | # Longitude Local Decoding (NL=1)
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | xz = floor(xz_); # i is an integer
7 | awb_lons = floor(awb_lons_); # awb_lons is an integer
8 | i = floor(i_);
9 |
10 | m1r = ((awb_lons - (xz + 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32;
11 | m1f rnd = ((awb_lons - (xz + 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32;
12 | rLonr = 360 * (floor (m1r) + xz*0x1.0p-17);
13 | rLonf rnd = 360 * (floor (m1f) + xz*0x1.0p-17);
14 |
15 | # Main property
16 | { (i in [0,1] /\ xz in [0,131072] /\ awb_lons in [0,4294967295] ->
17 | (m1f - m1r in [0,0]
18 | /\
19 | (floor(m1f) - floor(m1r) in [0,0] -> rLonf - rLonr in [-0.000046,0.000046])))}
20 |
21 | # complete the coq certificate with the proof of
22 | # forall x,y: x = y -> floor(x) = floor(y)
23 |
--------------------------------------------------------------------------------
/Gappa/global_lat/global_rLat_Hp2.g:
--------------------------------------------------------------------------------
1 | # Latitude Global Decoding
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | i = floor(i_); # i is an integer
7 | yz0 = floor(yz0_); # yz0 is an integer
8 | yz1 = floor(yz1_); # yz1 is an integer
9 |
10 | dLatr = 360 / (60 - i);
11 | dLatf rnd = 360 / (60 - i);
12 |
13 | jar = (59 * yz0 - 60 * yz1 + 0x1.0p+16) *0x1.0p-17;
14 | jaf rnd = (59 * yz0 - 60 * yz1 + 0x1.0p+16) *0x1.0p-17;
15 | jr = floor(jar);
16 | jf rnd = floor(jaf);
17 |
18 | # Hypothesis 2
19 | { (i in [0,1] /\ yz0 in [0,131071] /\ yz1 in [0,131071] ->
20 | (jaf - jar in [0,0]
21 | /\
22 | (floor(jaf) - floor(jar) in [0,0] -> jf - jr in [0,0]))) }
23 |
24 |
25 | # complete the coq certificate with the proof of
26 | # forall x,y: x = y -> floor(x) = floor(y)
27 |
28 |
29 |
--------------------------------------------------------------------------------
/Gappa/global_lon/global_rLon_Hp2.g:
--------------------------------------------------------------------------------
1 | # Longitude Global Decoding (NL>1)
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | i = floor(i_); # integer
7 | xz0 = floor(xz0_); # integer
8 | xz1 = floor(xz1_); # integer
9 | nl = floor(nl_); # integer
10 |
11 | dLonr = 360 / (nl - i);
12 | dLonf rnd = 360 / (nl - i);
13 |
14 | m1r = ((nl - 1) * xz0 - nl * xz1 + 0x1.0p+16)*0x1.0p-17;
15 | m1f rnd = ((nl - 1) * xz0 - nl * xz1 + 0x1.0p+16)*0x1.0p-17;
16 | mr = floor(m1r);
17 | mf rnd = floor(m1f);
18 |
19 | # Main property
20 | { (i in [0,1] /\ nl in [2,59] /\ xz0 in [0,131071] /\ xz1 in [0,131071] ->
21 | (m1f - m1r in [0,0]
22 | /\
23 | (floor(m1f) - floor(m1r) in [0,0] -> mf - mr in [-0.000046,0.000046])))}
24 |
25 | # complete the coq certificate with the proof of
26 | # forall x,y: x = y -> floor(x) = floor(y)
27 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/A_uint32_operations.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'uint32_operations'
3 | % --------------------------------------------------
4 |
5 | A_uint32_operations: THEORY
6 | BEGIN
7 |
8 | L_add_u32(a : int, b : int) : int = mod(a + b, 4294967296)
9 |
10 | L_inv_u32(a : int) : int = 4294967296 - a
11 |
12 | L_sub_u32(a : int, b : int) : int = mod(a - b, 4294967296)
13 |
14 | L_mul_u32(a : int, b : int) : int = mod(a * b, 4294967296)
15 | IMPORTING framac_wp@creal
16 | IMPORTING framac_wp@cmath
17 |
18 | L_shr_u32(a : int, n : int) : int = floor(((a)) / (pow((2.0 * 1.0), (n))))
19 |
20 | L_div_u32(a : int, b : int) : int =
21 | IF (0 = b) THEN 0 ELSE (floor((div(a, b)))) ENDIF
22 |
23 | L_mod_u32(a : int, b : int) : int = IF (0 = b) THEN 0 ELSE (mod(a, b)) ENDIF
24 | END A_uint32_operations
25 |
26 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/A_uint32_operations.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'uint32_operations'
3 | % --------------------------------------------------
4 |
5 | A_uint32_operations: THEORY
6 | BEGIN
7 |
8 | L_add_u32(a : int, b : int) : int = mod(a + b, 4294967296)
9 |
10 | L_inv_u32(a : int) : int = 4294967296 - a
11 |
12 | L_sub_u32(a : int, b : int) : int = mod(a - b, 4294967296)
13 |
14 | L_mul_u32(a : int, b : int) : int = mod(a * b, 4294967296)
15 | IMPORTING framac_wp@creal
16 | IMPORTING framac_wp@cmath
17 |
18 | L_shr_u32(a : int, n : int) : int = floor(((a)) / (pow((2.0 * 1.0), (n))))
19 |
20 | L_div_u32(a : int, b : int) : int =
21 | IF (0 = b) THEN 0 ELSE (floor((div(a, b)))) ENDIF
22 |
23 | L_mod_u32(a : int, b : int) : int = IF (0 = b) THEN 0 ELSE (mod(a, b)) ENDIF
24 | END A_uint32_operations
25 |
26 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/A_uint32_operations.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'uint32_operations'
3 | % --------------------------------------------------
4 |
5 | A_uint32_operations: THEORY
6 | BEGIN
7 |
8 | L_add_u32(a : int, b : int) : int = mod(a + b, 4294967296)
9 |
10 | L_inv_u32(a : int) : int = 4294967296 - a
11 |
12 | L_sub_u32(a : int, b : int) : int = mod(a - b, 4294967296)
13 |
14 | L_mul_u32(a : int, b : int) : int = mod(a * b, 4294967296)
15 | IMPORTING framac_wp@creal
16 | IMPORTING framac_wp@cmath
17 |
18 | L_shr_u32(a : int, n : int) : int = floor(((a)) / (pow((2.0 * 1.0), (n))))
19 |
20 | L_div_u32(a : int, b : int) : int =
21 | IF (0 = b) THEN 0 ELSE (floor((div(a, b)))) ENDIF
22 |
23 | L_mod_u32(a : int, b : int) : int = IF (0 = b) THEN 0 ELSE (mod(a, b)) ENDIF
24 | END A_uint32_operations
25 |
26 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/A_uint32_operations.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'uint32_operations'
3 | % --------------------------------------------------
4 |
5 | A_uint32_operations: THEORY
6 | BEGIN
7 |
8 | L_add_u32(a : int, b : int) : int = mod(a + b, 4294967296)
9 |
10 | L_inv_u32(a : int) : int = 4294967296 - a
11 |
12 | L_sub_u32(a : int, b : int) : int = mod(a - b, 4294967296)
13 |
14 | L_mul_u32(a : int, b : int) : int = mod(a * b, 4294967296)
15 | IMPORTING framac_wp@creal
16 | IMPORTING framac_wp@cmath
17 |
18 | L_shr_u32(a : int, n : int) : int = floor(((a)) / (pow((2.0 * 1.0), (n))))
19 |
20 | L_div_u32(a : int, b : int) : int =
21 | IF (0 = b) THEN 0 ELSE (floor((div(a, b)))) ENDIF
22 |
23 | L_mod_u32(a : int, b : int) : int = IF (0 = b) THEN 0 ELSE (mod(a, b)) ENDIF
24 | END A_uint32_operations
25 |
26 |
--------------------------------------------------------------------------------
/PVS/framac_wp/cmath.pvs:
--------------------------------------------------------------------------------
1 | cmath: THEORY
2 | BEGIN
3 |
4 | IMPORTING cint
5 |
6 | % Operations
7 |
8 | abs_int(x:int) : MACRO nat = abs(x)
9 |
10 | % logical shift right (corresponding to the ACSL operator on integers: >>)
11 | % represents i >> n
12 | lsr(i: int, n: nat): int = floor(i / 2^n)
13 |
14 | IMPORTING ints@div
15 |
16 | error_value: MACRO int = choose({x: int | TRUE})
17 |
18 | cdiv(n,m: int): int
19 | = IF m /= 0 THEN div(n,m) ELSE error_value ENDIF
20 |
21 | abs_real(x:real) : MACRO nnreal = abs(x)
22 |
23 | % pow_int(x:int,y:int | x /= 0 OR y >= 0) : MACRO rat = x^y
24 | IMPORTING power@real_expt
25 | pow(x:real,y:real) : real = IF NOT (x /= 0 OR y >= 0) THEN error_value
26 | ELSIF (x >= 0) THEN x^y
27 | ELSE (-x)^y ENDIF
28 |
29 | truncate(x:real) : int = if x < 0 then floor(x) + 1 else floor(x) endif;
30 |
31 | END cmath
32 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/encoding_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | encoding_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 66) in 'encoding'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_encode
15 | IMPORTING A_params
16 |
17 | % --- Verification condition ---
18 |
19 | goal: LEMMA
20 | FORALL (i_1, i:int):
21 | LET x = lsr(to_uint32(524288 + (to_uint32(i * i_1))), 20) IN
22 | ((is_uint32(i)) IMPLIES
23 | ((is_uint32(i_1)) IMPLIES
24 | ((is_uint32(x)) IMPLIES
25 | ((L_encoding(i, i_1, L_nb)) = x))));
26 |
27 | %|- * : PROOF
28 | %|- (prove-vc)
29 | %|- QED
30 |
31 | END encoding_post
32 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/nl_awb_call_nl_awb_nn_pre_PVS.pvs:
--------------------------------------------------------------------------------
1 | nl_awb_call_nl_awb_nn_pre: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Instance of 'Pre-condition (file nl_int.c, line 72) in 'nl_awb_nn'' in 'nl_awb' at call 'nl_awb_nn' (file nl_int.c, line 142)
5 |
6 | % --------------------------------------------------
7 |
8 | % --- Importings requested by the user ---
9 | IMPORTING interface
10 |
11 | % --- Qed-related importings and axioms ---
12 | IMPORTING framac_wp@creal
13 | IMPORTING framac_wp@cint
14 |
15 | % --- Verification condition ---
16 |
17 | goal: LEMMA
18 | FORALL (i:int):
19 | ((0 <= i) IMPLIES
20 | ((i <= 2147483647) IMPLIES
21 | ((i <= 4294967296) IMPLIES
22 | ((is_uint32(i)) IMPLIES
23 | (i <= 2147483648)))));
24 |
25 | %|- * : PROOF
26 | %|- (prove-vc)
27 | %|- QED
28 |
29 | END nl_awb_call_nl_awb_nn_pre
30 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/encoding_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | encoding_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 66) in 'encoding'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_encode
15 | IMPORTING A_params
16 |
17 | % --- Verification condition ---
18 |
19 | goal: LEMMA
20 | FORALL (i_1, i:int):
21 | LET x = lsr(to_uint32(131072 + (to_uint32(i * i_1))), 18) IN
22 | ((is_uint32(i)) IMPLIES
23 | ((is_uint32(i_1)) IMPLIES
24 | ((is_uint32(x)) IMPLIES
25 | ((L_encoding(i, i_1, L_nb)) = x))));
26 |
27 | %|- * : PROOF
28 | %|- (prove-vc)
29 | %|- QED
30 |
31 | END encoding_post
32 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/nl_awb_call_nl_awb_nn_pre_PVS.pvs:
--------------------------------------------------------------------------------
1 | nl_awb_call_nl_awb_nn_pre: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Instance of 'Pre-condition (file nl_int.c, line 72) in 'nl_awb_nn'' in 'nl_awb' at call 'nl_awb_nn' (file nl_int.c, line 142)
5 |
6 | % --------------------------------------------------
7 |
8 | % --- Importings requested by the user ---
9 | IMPORTING interface
10 |
11 | % --- Qed-related importings and axioms ---
12 | IMPORTING framac_wp@creal
13 | IMPORTING framac_wp@cint
14 |
15 | % --- Verification condition ---
16 |
17 | goal: LEMMA
18 | FORALL (i:int):
19 | ((0 <= i) IMPLIES
20 | ((i <= 2147483647) IMPLIES
21 | ((i <= 4294967296) IMPLIES
22 | ((is_uint32(i)) IMPLIES
23 | (i <= 2147483648)))));
24 |
25 | %|- * : PROOF
26 | %|- (prove-vc)
27 | %|- QED
28 |
29 | END nl_awb_call_nl_awb_nn_pre
30 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/encoding_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | encoding_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 66) in 'encoding'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_encode
15 | IMPORTING A_params
16 |
17 | % --- Verification condition ---
18 |
19 | goal: LEMMA
20 | FORALL (i_1, i:int):
21 | LET x = lsr(to_uint32(16384 + (to_uint32(i * i_1))), 15) IN
22 | ((is_uint32(i)) IMPLIES
23 | ((is_uint32(i_1)) IMPLIES
24 | ((is_uint32(x)) IMPLIES
25 | ((L_encoding(i, i_1, L_nb)) = x))));
26 |
27 | %|- * : PROOF
28 | %|- (prove-vc)
29 | %|- QED
30 |
31 | END encoding_post
32 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/nl_awb_call_nl_awb_nn_pre_PVS.pvs:
--------------------------------------------------------------------------------
1 | nl_awb_call_nl_awb_nn_pre: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Instance of 'Pre-condition (file nl_int.c, line 72) in 'nl_awb_nn'' in 'nl_awb' at call 'nl_awb_nn' (file nl_int.c, line 142)
5 |
6 | % --------------------------------------------------
7 |
8 | % --- Importings requested by the user ---
9 | IMPORTING interface
10 |
11 | % --- Qed-related importings and axioms ---
12 | IMPORTING framac_wp@creal
13 | IMPORTING framac_wp@cint
14 |
15 | % --- Verification condition ---
16 |
17 | goal: LEMMA
18 | FORALL (i:int):
19 | ((0 <= i) IMPLIES
20 | ((i <= 2147483647) IMPLIES
21 | ((i <= 4294967296) IMPLIES
22 | ((is_uint32(i)) IMPLIES
23 | (i <= 2147483648)))));
24 |
25 | %|- * : PROOF
26 | %|- (prove-vc)
27 | %|- QED
28 |
29 | END nl_awb_call_nl_awb_nn_pre
30 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/nl_awb_call_nl_awb_nn_pre_PVS.pvs:
--------------------------------------------------------------------------------
1 | nl_awb_call_nl_awb_nn_pre: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Instance of 'Pre-condition (file nl_int.c, line 72) in 'nl_awb_nn'' in 'nl_awb' at call 'nl_awb_nn' (file nl_int.c, line 142)
5 |
6 | % --------------------------------------------------
7 |
8 | % --- Importings requested by the user ---
9 | IMPORTING interface
10 |
11 | % --- Qed-related importings and axioms ---
12 | IMPORTING framac_wp@creal
13 | IMPORTING framac_wp@cint
14 |
15 | % --- Verification condition ---
16 |
17 | goal: LEMMA
18 | FORALL (i:int):
19 | ((0 <= i) IMPLIES
20 | ((i <= 2147483647) IMPLIES
21 | ((i <= 4294967296) IMPLIES
22 | ((is_uint32(i)) IMPLIES
23 | (i <= 2147483648)))));
24 |
25 | %|- * : PROOF
26 | %|- (prove-vc)
27 | %|- QED
28 |
29 | END nl_awb_call_nl_awb_nn_pre
30 |
--------------------------------------------------------------------------------
/PVS/CPR/awb32.pvs:
--------------------------------------------------------------------------------
1 | awb32: THEORY
2 | BEGIN
3 |
4 | IMPORTING
5 | rlat_spec
6 |
7 | resolution: real = 360/2^32
8 |
9 | LatAWB: TYPE = {x:nat | x<=2^(30) OR (x<2^32 AND x>=3*2^(30))}
10 |
11 | LonAWB: TYPE = {x:nat | x<2^32}
12 |
13 | AWB2lat(lat_bin: LatAWB): Latitude =
14 | IF lat_bin<=2^(30)
15 | THEN lat_bin*resolution
16 | ELSE lat_bin*resolution - 360
17 | ENDIF
18 |
19 | AWB2lon(lon_bin: LonAWB): {x:real | x>=0 and x<360} =
20 | resolution*lon_bin
21 |
22 | lat2AWB(lat: Latitude): LatAWB =
23 | mod(floor((2^32/360)*mod(lat, 360) +1/2), 2^32)
24 |
25 | lon2AWB(lon: real): LonAWB =
26 | mod(floor((lon/360)*2^32 +1/2), 2^32)
27 |
28 | lat_awb_inverse: LEMMA
29 | FORALL (awb: LatAWB):
30 | lat2AWB(AWB2lat(awb)) = awb
31 |
32 | lon_awb_inverse: LEMMA
33 | FORALL (awb: LonAWB):
34 | lon2AWB(AWB2lon(awb)) = awb
35 |
36 | END awb32
37 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/nl_awb_call_nl_awb_nn_pre_2_PVS.pvs:
--------------------------------------------------------------------------------
1 | nl_awb_call_nl_awb_nn_pre_2: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Instance of 'Pre-condition (file nl_int.c, line 72) in 'nl_awb_nn'' in 'nl_awb' at call 'nl_awb_nn' (file nl_int.c, line 142)
5 |
6 | % --------------------------------------------------
7 |
8 | % --- Importings requested by the user ---
9 | IMPORTING interface
10 |
11 | % --- Qed-related importings and axioms ---
12 | IMPORTING framac_wp@creal
13 | IMPORTING framac_wp@cint
14 |
15 | % --- Verification condition ---
16 |
17 | goal: LEMMA
18 | FORALL (i:int):
19 | ((0 <= i) IMPLIES
20 | ((2147483648 <= i) IMPLIES
21 | ((i <= 4294967296) IMPLIES
22 | ((is_uint32(i)) IMPLIES
23 | ((to_uint32(-i)) <= 2147483648)))));
24 |
25 | %|- * : PROOF
26 | %|- (prove-vc)
27 | %|- QED
28 |
29 | END nl_awb_call_nl_awb_nn_pre_2
30 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/nl_awb_call_nl_awb_nn_pre_2_PVS.pvs:
--------------------------------------------------------------------------------
1 | nl_awb_call_nl_awb_nn_pre_2: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Instance of 'Pre-condition (file nl_int.c, line 72) in 'nl_awb_nn'' in 'nl_awb' at call 'nl_awb_nn' (file nl_int.c, line 142)
5 |
6 | % --------------------------------------------------
7 |
8 | % --- Importings requested by the user ---
9 | IMPORTING interface
10 |
11 | % --- Qed-related importings and axioms ---
12 | IMPORTING framac_wp@creal
13 | IMPORTING framac_wp@cint
14 |
15 | % --- Verification condition ---
16 |
17 | goal: LEMMA
18 | FORALL (i:int):
19 | ((0 <= i) IMPLIES
20 | ((2147483648 <= i) IMPLIES
21 | ((i <= 4294967296) IMPLIES
22 | ((is_uint32(i)) IMPLIES
23 | ((to_uint32(-i)) <= 2147483648)))));
24 |
25 | %|- * : PROOF
26 | %|- (prove-vc)
27 | %|- QED
28 |
29 | END nl_awb_call_nl_awb_nn_pre_2
30 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/nl_awb_call_nl_awb_nn_pre_2_PVS.pvs:
--------------------------------------------------------------------------------
1 | nl_awb_call_nl_awb_nn_pre_2: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Instance of 'Pre-condition (file nl_int.c, line 72) in 'nl_awb_nn'' in 'nl_awb' at call 'nl_awb_nn' (file nl_int.c, line 142)
5 |
6 | % --------------------------------------------------
7 |
8 | % --- Importings requested by the user ---
9 | IMPORTING interface
10 |
11 | % --- Qed-related importings and axioms ---
12 | IMPORTING framac_wp@creal
13 | IMPORTING framac_wp@cint
14 |
15 | % --- Verification condition ---
16 |
17 | goal: LEMMA
18 | FORALL (i:int):
19 | ((0 <= i) IMPLIES
20 | ((2147483648 <= i) IMPLIES
21 | ((i <= 4294967296) IMPLIES
22 | ((is_uint32(i)) IMPLIES
23 | ((to_uint32(-i)) <= 2147483648)))));
24 |
25 | %|- * : PROOF
26 | %|- (prove-vc)
27 | %|- QED
28 |
29 | END nl_awb_call_nl_awb_nn_pre_2
30 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/nl_awb_call_nl_awb_nn_pre_2_PVS.pvs:
--------------------------------------------------------------------------------
1 | nl_awb_call_nl_awb_nn_pre_2: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Instance of 'Pre-condition (file nl_int.c, line 72) in 'nl_awb_nn'' in 'nl_awb' at call 'nl_awb_nn' (file nl_int.c, line 142)
5 |
6 | % --------------------------------------------------
7 |
8 | % --- Importings requested by the user ---
9 | IMPORTING interface
10 |
11 | % --- Qed-related importings and axioms ---
12 | IMPORTING framac_wp@creal
13 | IMPORTING framac_wp@cint
14 |
15 | % --- Verification condition ---
16 |
17 | goal: LEMMA
18 | FORALL (i:int):
19 | ((0 <= i) IMPLIES
20 | ((2147483648 <= i) IMPLIES
21 | ((i <= 4294967296) IMPLIES
22 | ((is_uint32(i)) IMPLIES
23 | ((to_uint32(-i)) <= 2147483648)))));
24 |
25 | %|- * : PROOF
26 | %|- (prove-vc)
27 | %|- QED
28 |
29 | END nl_awb_call_nl_awb_nn_pre_2
30 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/encoding_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | encoding_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 66) in 'encoding'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_encode
15 | IMPORTING A_params
16 |
17 | % --- Verification condition ---
18 |
19 | goal: LEMMA
20 | FORALL (i_1, i:int):
21 | LET x = lsr(to_uint32(4096 + (to_uint32(i * i_1))), 13) IN
22 | ((is_uint32(i)) IMPLIES
23 | ((is_uint32(i_1)) IMPLIES
24 | ((is_uint32(x)) IMPLIES
25 | ((L_encoding(i, i_1, L_nb)) = (to_uint32(mod(x, 131072)))))));
26 |
27 | %|- * : PROOF
28 | %|- (prove-vc)
29 | %|- QED
30 |
31 | END encoding_post
32 |
--------------------------------------------------------------------------------
/Gappa/local_lat/local_rLat.g:
--------------------------------------------------------------------------------
1 | # Latitude Local Decoding (NL>1)
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | i = floor(i_); # i is an integer
7 | yz = floor(yz_); # i is an integer
8 | awb_lats = floor(awb_lats_); # awb_lats is an integer
9 |
10 | dLatr = 360 / (60 - i);
11 | dLatf rnd = 360 / (60 - i);
12 | j1r = ((awb_lats * (60 - i) - (yz + 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32;
13 | j1f rnd = ((awb_lats * (60 - i) - (yz + 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32;
14 | jr = floor(j1r);
15 | jf rnd = floor(j1f);
16 | rLatr = dLatr * (jr + yz*0x1.0p-17);
17 | rLatf rnd = dLatf * (jf + yz*0x1.0p-17);
18 |
19 | { (i in [0,1] /\ yz in [0,131072] /\ awb_lats in [0,4294967295] ->
20 | (j1f - j1r in [0,0] /\
21 | (floor(j1f) - floor(j1r) in [0,0] -> rLatf - rLatr in [-0.000046,0.000046])))
22 | }
23 |
24 | # complete the coq certificate with the proof of
25 | # forall x,y: x = y -> floor(x) = floor(y)
--------------------------------------------------------------------------------
/Gappa/yz/yz_hp1.g:
--------------------------------------------------------------------------------
1 | # Latitude encoding function
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | n = floor(n_); # n is an integer
7 | i = floor(i_); # i is an integer
8 |
9 | dlr = 60 - i;
10 | dlf rnd = 60 - i;
11 | tmp1r = (n * dlr + 0x1.0p+14)*0x1.0p-15;
12 | tmp1f rnd = (n * dlf + 0x1.0p+14)*0x1.0p-15;
13 | tmp2r = (n * dlr)*0x1.0p-32;
14 | tmp2f rnd = (n * dlf)*0x1.0p-32;
15 | yzr1 = floor(tmp1r) - 0x1.0p+17 * floor(tmp2r) ;
16 | yzf1 rnd = floor(tmp1f) - 0x1.0p+17 * floor(tmp2f) ;
17 |
18 | ## Hypothesis 1
19 | { (i in [0,1] /\ n in [0,4294967296] ->
20 | (
21 | tmp1f - tmp1r in [0,0]
22 | /\
23 | tmp2f - tmp2r in [0,0]
24 | /\
25 | ((floor(tmp1f) - floor(tmp1r) in [0,0] /\ floor(tmp2f) - floor(tmp2r) in [0,0]) -> yzf1 - yzr1 in [0,0])
26 | ))
27 | }
28 |
29 | # complete the coq certificate with the proof of
30 | # forall x,y: x = y -> floor(x) = floor(y)
31 |
32 |
--------------------------------------------------------------------------------
/Gappa/global_lat/global_rLat.g:
--------------------------------------------------------------------------------
1 | # Latitude Global Decoding
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | i = floor(i_); # i is an integer
7 | yz0 = floor(yz0_); # yz0 is an integer
8 | yz1 = floor(yz1_); # yz1 is an integer
9 |
10 | dLatr = 360 / (60 - i);
11 | dLatf rnd = 360 / (60 - i);
12 |
13 | jar = (59 * yz0 - 60 * yz1 + 0x1.0p+16) *0x1.0p-17;
14 | jaf rnd = (59 * yz0 - 60 * yz1 + 0x1.0p+16) *0x1.0p-17;
15 | jr = floor(jar);
16 | jf rnd = floor(jaf);
17 |
18 | j_60_i_r = jr/(60 - i);
19 | j_60_i_f rnd = jf/(60 - i);
20 |
21 | rLatr = dLatr * ((jr - (60 - i)*(floor (j_60_i_r))) + yz0*0x1.0p-17);
22 | rLatf rnd = dLatf * ((jf - (60 - i)*(floor (j_60_i_f))) + yz0*0x1.0p-17);
23 |
24 | # Main property
25 | { (i in [0,1] /\ yz0 in [0,131071] /\ yz1 in [0,131071] -> rLatf - rLatr in [-0.000046,0.000046])}
26 | floor(j_60_i_f) - floor(j_60_i_r) -> 0; # Hypothesis 1
27 | jf - jr -> 0; # Hypothesis 2
28 |
--------------------------------------------------------------------------------
/Gappa/local_lon/local_rLon.g:
--------------------------------------------------------------------------------
1 | # Longitude Local Decoding (NL>1)
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | i = floor(i_); # i is an integer
7 | xz = floor(xz_); # i is an integer
8 | nl = floor(nl_); # nl is an integer
9 | awb_lons = floor(awb_lons_); # awb_lons is an integer
10 |
11 | dLonr = 360 / (nl - i);
12 | dLonf rnd = 360 / (nl - i);
13 | m1r = ((awb_lons * (nl - i) - (xz + 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32;
14 | m1f rnd = ((awb_lons * (nl - i) - (xz + 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32;
15 | rLonr = dLonr * (floor (m1r) + xz*0x1.0p-17);
16 | rLonf rnd = dLonf * (floor (m1f) + xz*0x1.0p-17);
17 |
18 | # Main property
19 | { (i in [0,1] /\ nl in [2,59] /\ xz in [0,131072] /\ awb_lons in [0,4294967295] ->
20 | (m1f - m1r in [0,0]
21 | /\
22 | (floor(m1f) - floor(m1r) in [0,0] -> rLonf - rLonr in [-0.000046,0.000046])))}
23 |
24 | # complete the coq certificate with the proof of
25 | # forall x,y: x = y -> floor(x) = floor(y)
26 |
--------------------------------------------------------------------------------
/Gappa/xz/xz_hp1.g:
--------------------------------------------------------------------------------
1 | # Longitude encoding function
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | n = floor(n_); # n is an integer
7 | i = floor(i_); # i is an integer
8 | nl = floor(nl_); # nl is an integer
9 |
10 | nlir = nl - i;
11 | nlif rnd = nl - i;
12 | tmp1r = (n * nlir + 0x1.0p+14)*0x1.0p-15;
13 | tmp1f rnd = (n * nlif + 0x1.0p+14)*0x1.0p-15;
14 | tmp2r = (n * nlir)*0x1.0p-32;
15 | tmp2f rnd = (n * nlif)*0x1.0p-32;
16 | xzr1 = floor(tmp1r) - 0x1.0p+17 * floor(tmp2r) ;
17 | xzf1 rnd = floor(tmp1f) - 0x1.0p+17 * floor(tmp2f) ;
18 |
19 |
20 | ## Hypothesis 1
21 | { (i in [0,1] /\ nl in [1,59] /\ n in [0,4294967296] ->
22 | (
23 | tmp1f - tmp1r in [0,0]
24 | /\
25 | tmp2f - tmp2r in [0,0]
26 | /\
27 | ((floor(tmp1f) - floor(tmp1r) in [0,0] /\ floor(tmp2f) - floor(tmp2r) in [0,0]) -> xzf1 - xzr1 in [0,0])
28 | ))
29 | }
30 |
31 | # complete the coq certificate with the proof of
32 | # forall x,y: x = y -> floor(x) = floor(y)
33 |
--------------------------------------------------------------------------------
/Gappa/yz/yz.g:
--------------------------------------------------------------------------------
1 | # Latitude encoding function
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | n = floor(n_); # n is an integer
7 | i = floor(i_); # i is an integer
8 |
9 | dlr = 60 - i;
10 | dlf rnd = 60 - i;
11 | tmp1r = (n * dlr + 0x1.0p+14)*0x1.0p-15;
12 | tmp1f rnd = (n * dlf + 0x1.0p+14)*0x1.0p-15;
13 | tmp2r = (n * dlr)*0x1.0p-32;
14 | tmp2f rnd = (n * dlf)*0x1.0p-32;
15 | yzr1 = floor(tmp1r) - 0x1.0p+17 * floor(tmp2r) ;
16 | yzf1 rnd = floor(tmp1f) - 0x1.0p+17 * floor(tmp2f) ;
17 | yzr17 = yzr1 * 0x1.0p-17;
18 | yzf17 rnd = yzf1 * 0x1.0p-17;
19 | yzr = yzr1 - 0x1.0p+17 * floor(yzr17);
20 | yzf rnd = yzf1 - 0x1.0p+17 * floor(yzf17);
21 |
22 | ## Main Property
23 | { (i in [0,1] /\ n in [0,4294967296] -> yzf - yzr in [0,0])}
24 | yzf1 - yzr1 -> 0; # Hypothesis 1
25 | floor(yzf17) - floor(yzr17) -> 0; # Hypothesis 2
26 |
27 | # complete the coq certificate with the proof of
28 | # forall x,y: x = y -> floor(x) = floor(y)
29 | # yz_hp1 and yz_hp2
30 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/nl_awb_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | nl_awb_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file nl_int.c, line 139) in 'nl_awb'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_nl
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_1, i:int):
20 | LET x = to_uint32(-i_1) IN
21 | ((0 <= i_1) IMPLIES
22 | ((i_1 <= 4294967296) IMPLIES
23 | ((is_uint32(i)) IMPLIES
24 | ((is_uint32(i_1)) IMPLIES
25 | ((IF (i_1 <= 2147483647)
26 | THEN (((i = (L_nl_awb_nn(i_1))) AND (i_1 <= 2147483648)))
27 | ELSE (((i = (L_nl_awb_nn(x))) AND (x <= 2147483648))) ENDIF) IMPLIES
28 | (i = (L_nl_awb(i_1))))))));
29 |
30 | %|- * : PROOF
31 | %|- (prove-vc)
32 | %|- QED
33 |
34 | END nl_awb_post
35 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/nl_awb_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | nl_awb_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file nl_int.c, line 139) in 'nl_awb'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_nl
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_1, i:int):
20 | LET x = to_uint32(-i_1) IN
21 | ((0 <= i_1) IMPLIES
22 | ((i_1 <= 4294967296) IMPLIES
23 | ((is_uint32(i)) IMPLIES
24 | ((is_uint32(i_1)) IMPLIES
25 | ((IF (i_1 <= 2147483647)
26 | THEN (((i = (L_nl_awb_nn(i_1))) AND (i_1 <= 2147483648)))
27 | ELSE (((i = (L_nl_awb_nn(x))) AND (x <= 2147483648))) ENDIF) IMPLIES
28 | (i = (L_nl_awb(i_1))))))));
29 |
30 | %|- * : PROOF
31 | %|- (prove-vc)
32 | %|- QED
33 |
34 | END nl_awb_post
35 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/nl_awb_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | nl_awb_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file nl_int.c, line 139) in 'nl_awb'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_nl
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_1, i:int):
20 | LET x = to_uint32(-i_1) IN
21 | ((0 <= i_1) IMPLIES
22 | ((i_1 <= 4294967296) IMPLIES
23 | ((is_uint32(i)) IMPLIES
24 | ((is_uint32(i_1)) IMPLIES
25 | ((IF (i_1 <= 2147483647)
26 | THEN (((i = (L_nl_awb_nn(i_1))) AND (i_1 <= 2147483648)))
27 | ELSE (((i = (L_nl_awb_nn(x))) AND (x <= 2147483648))) ENDIF) IMPLIES
28 | (i = (L_nl_awb(i_1))))))));
29 |
30 | %|- * : PROOF
31 | %|- (prove-vc)
32 | %|- QED
33 |
34 | END nl_awb_post
35 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/nl_awb_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | nl_awb_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file nl_int.c, line 139) in 'nl_awb'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_nl
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_1, i:int):
20 | LET x = to_uint32(-i_1) IN
21 | ((0 <= i_1) IMPLIES
22 | ((i_1 <= 4294967296) IMPLIES
23 | ((is_uint32(i)) IMPLIES
24 | ((is_uint32(i_1)) IMPLIES
25 | ((IF (i_1 <= 2147483647)
26 | THEN (((i = (L_nl_awb_nn(i_1))) AND (i_1 <= 2147483648)))
27 | ELSE (((i = (L_nl_awb_nn(x))) AND (x <= 2147483648))) ENDIF) IMPLIES
28 | (i = (L_nl_awb(i_1))))))));
29 |
30 | %|- * : PROOF
31 | %|- (prove-vc)
32 | %|- QED
33 |
34 | END nl_awb_post
35 |
--------------------------------------------------------------------------------
/Gappa/xz/xz_hp3.g:
--------------------------------------------------------------------------------
1 | # Longitude encoding function
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | n = floor(n_); # n is an integer
7 | i = floor(i_); # i is an integer
8 | nl = floor(nl_); # nl is an integer
9 |
10 | nlir = nl - i;
11 | nlif rnd = nl - i;
12 | tmp1r = (n * nlir + 0x1.0p+14)*0x1.0p-15;
13 | tmp1f rnd = (n * nlif + 0x1.0p+14)*0x1.0p-15;
14 | tmp2r = (n * nlir)*0x1.0p-32;
15 | tmp2f rnd = (n * nlif)*0x1.0p-32;
16 | xzr1 = floor(tmp1r) - 0x1.0p+17 * floor(tmp2r) ;
17 | xzf1 rnd = floor(tmp1f) - 0x1.0p+17 * floor(tmp2f) ;
18 |
19 | xzr1a = floor(xzr1*0x1.0p-17);
20 | xzf1a rnd = floor(xzf1*0x1.0p-17);
21 |
22 | xzr2 = 0x1.0p+17 * xzr1a;
23 | xzf2 rnd = 0x1.0p+17 * xzf1a;
24 |
25 | # Main Property
26 | { (i in [0,1] /\ n in [0,4294967296] /\ nl in [1,59] -> xzf2 - xzr2 in [0,0])}
27 | xzf1 - xzr1 -> 0; # Hypothesis 1
28 | xzf1a - xzr1a -> 0; # Hypothesis 2
29 |
30 | # complete the coq certificate with the proof of
31 | # forall x,y: x = y -> floor(x) = floor(y)
32 | # xz_hp1 and xz_hp2
33 |
--------------------------------------------------------------------------------
/PVS/CPR_fp/pvsio_defs.pvs:
--------------------------------------------------------------------------------
1 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
2 | % %
3 | % Definitions to control the pvsio evaluation of the algorithms. %
4 | % %
5 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6 | pvsio_defs: THEORY
7 | BEGIN
8 |
9 | % The type "OperationMode" determines the minimum precision used in the
10 | % computation of the numeric operations.
11 | OperationMode: TYPE = { DoublePrecision,
12 | SinglePrecision,
13 | Rational,
14 | FastApprox }
15 |
16 | to_str(opm: OperationMode): string =
17 | IF opm = DoublePrecision THEN "Double Precision"
18 | ELSIF opm = SinglePrecision THEN "Single Precision"
19 | ELSIF opm = Rational THEN "Rational"
20 | ELSE "Fast Approximation" ENDIF
21 |
22 | END pvsio_defs
23 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/interface.pvs:
--------------------------------------------------------------------------------
1 | interface: THEORY
2 | BEGIN
3 |
4 | IMPORTING A_uint32_operations
5 | IMPORTING framac_wp@cmath
6 | IMPORTING ints@div_nat
7 |
8 | add_u32_def
9 | : LEMMA
10 | FORALL(a,b: int): L_add_u32(a,b) = to_uint32(a + b)
11 |
12 | sub_u32_def
13 | : LEMMA
14 | FORALL(a,b: int): L_sub_u32(a,b) = to_uint32(a - b)
15 |
16 | mul_u32_def
17 | : LEMMA
18 | FORALL(a,b: int): L_mul_u32(a,b) = to_uint32(a * b)
19 |
20 | div_u32_def
21 | : LEMMA
22 | FORALL(a,b: (is_uint32)): NOT b=0 IMPLIES L_div_u32(a,b) = to_uint32(div(a,b))
23 |
24 | mod_u32_def
25 | : LEMMA
26 | FORALL(a,b: (is_uint32)): NOT b=0 IMPLIES L_mod_u32(a,b) = to_uint32(mod(a,b))
27 |
28 | lsr_u32_def
29 | : LEMMA
30 | FORALL(a: (is_uint32), n: nat): lsr(a,n) = to_uint32(lsr(a,n))
31 |
32 | mod_u32_prop
33 | : LEMMA
34 | FORALL(a,b: (is_uint32)): NOT b=0 IMPLIES to_uint32(mod(a,b)) = mod(a,b)
35 |
36 | shr_u32_def
37 | : LEMMA
38 | FORALL(a: (is_uint32),n: nat)
39 | : L_shr_u32(a,n) = lsr(a,n)
40 |
41 | END interface
42 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/interface.pvs:
--------------------------------------------------------------------------------
1 | interface: THEORY
2 | BEGIN
3 |
4 | IMPORTING A_uint32_operations
5 | IMPORTING framac_wp@cmath
6 | IMPORTING ints@div_nat
7 |
8 | add_u32_def
9 | : LEMMA
10 | FORALL(a,b: int): L_add_u32(a,b) = to_uint32(a + b)
11 |
12 | sub_u32_def
13 | : LEMMA
14 | FORALL(a,b: int): L_sub_u32(a,b) = to_uint32(a - b)
15 |
16 | mul_u32_def
17 | : LEMMA
18 | FORALL(a,b: int): L_mul_u32(a,b) = to_uint32(a * b)
19 |
20 | div_u32_def
21 | : LEMMA
22 | FORALL(a,b: (is_uint32)): NOT b=0 IMPLIES L_div_u32(a,b) = to_uint32(div(a,b))
23 |
24 | mod_u32_def
25 | : LEMMA
26 | FORALL(a,b: (is_uint32)): NOT b=0 IMPLIES L_mod_u32(a,b) = to_uint32(mod(a,b))
27 |
28 | lsr_u32_def
29 | : LEMMA
30 | FORALL(a: (is_uint32), n: nat): lsr(a,n) = to_uint32(lsr(a,n))
31 |
32 | mod_u32_prop
33 | : LEMMA
34 | FORALL(a,b: (is_uint32)): NOT b=0 IMPLIES to_uint32(mod(a,b)) = mod(a,b)
35 |
36 | shr_u32_def
37 | : LEMMA
38 | FORALL(a: (is_uint32),n: nat)
39 | : L_shr_u32(a,n) = lsr(a,n)
40 |
41 | END interface
42 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/interface.pvs:
--------------------------------------------------------------------------------
1 | interface: THEORY
2 | BEGIN
3 |
4 | IMPORTING A_uint32_operations
5 | IMPORTING framac_wp@cmath
6 | IMPORTING ints@div_nat
7 |
8 | add_u32_def
9 | : LEMMA
10 | FORALL(a,b: int): L_add_u32(a,b) = to_uint32(a + b)
11 |
12 | sub_u32_def
13 | : LEMMA
14 | FORALL(a,b: int): L_sub_u32(a,b) = to_uint32(a - b)
15 |
16 | mul_u32_def
17 | : LEMMA
18 | FORALL(a,b: int): L_mul_u32(a,b) = to_uint32(a * b)
19 |
20 | div_u32_def
21 | : LEMMA
22 | FORALL(a,b: (is_uint32)): NOT b=0 IMPLIES L_div_u32(a,b) = to_uint32(div(a,b))
23 |
24 | mod_u32_def
25 | : LEMMA
26 | FORALL(a,b: (is_uint32)): NOT b=0 IMPLIES L_mod_u32(a,b) = to_uint32(mod(a,b))
27 |
28 | lsr_u32_def
29 | : LEMMA
30 | FORALL(a: (is_uint32), n: nat): lsr(a,n) = to_uint32(lsr(a,n))
31 |
32 | mod_u32_prop
33 | : LEMMA
34 | FORALL(a,b: (is_uint32)): NOT b=0 IMPLIES to_uint32(mod(a,b)) = mod(a,b)
35 |
36 | shr_u32_def
37 | : LEMMA
38 | FORALL(a: (is_uint32),n: nat)
39 | : L_shr_u32(a,n) = lsr(a,n)
40 |
41 | END interface
42 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/closest_mult_div_shift_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | closest_mult_div_shift_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 19) in 'closest_mult_div_shift'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_utils
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_1, i:int):
20 | LET x = lsr(to_uint32(1
21 | + (lsr(to_uint32((to_uint32(2 * i)) *
22 | (to_uint32(mod(i_1, 8192)))), 13))), 1) IN
23 | ((is_uint32(i)) IMPLIES
24 | ((is_uint32(i_1)) IMPLIES
25 | ((is_uint32(x)) IMPLIES
26 | ((L_closest_mult_div_shift(i_1, i))
27 | = (to_uint32((to_uint32(i * (lsr(i_1, 13)))) + x))))));
28 |
29 | %|- * : PROOF
30 | %|- (prove-vc)
31 | %|- QED
32 |
33 | END closest_mult_div_shift_post
34 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/interface.pvs:
--------------------------------------------------------------------------------
1 | interface: THEORY
2 | BEGIN
3 |
4 | IMPORTING A_uint32_operations
5 | IMPORTING framac_wp@cmath
6 | IMPORTING ints@div_nat
7 |
8 | add_u32_def
9 | : LEMMA
10 | FORALL(a,b: int): L_add_u32(a,b) = to_uint32(a + b)
11 |
12 | sub_u32_def
13 | : LEMMA
14 | FORALL(a,b: int): L_sub_u32(a,b) = to_uint32(a - b)
15 |
16 | mul_u32_def
17 | : LEMMA
18 | FORALL(a,b: int): L_mul_u32(a,b) = to_uint32(a * b)
19 |
20 | div_u32_def
21 | : LEMMA
22 | FORALL(a,b: (is_uint32)): NOT b=0 IMPLIES L_div_u32(a,b) = to_uint32(div(a,b))
23 |
24 | mod_u32_def
25 | : LEMMA
26 | FORALL(a,b: (is_uint32)): NOT b=0 IMPLIES L_mod_u32(a,b) = to_uint32(mod(a,b))
27 |
28 | lsr_u32_def
29 | : LEMMA
30 | FORALL(a: (is_uint32), n: nat): lsr(a,n) = to_uint32(lsr(a,n))
31 |
32 | mod_u32_prop
33 | : LEMMA
34 | FORALL(a,b: (is_uint32)): NOT b=0 IMPLIES to_uint32(mod(a,b)) = mod(a,b)
35 |
36 | shr_u32_def
37 | : LEMMA
38 | FORALL(a: (is_uint32),n: nat)
39 | : L_shr_u32(a,n) = lsr(a,n)
40 |
41 | END interface
42 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/closest_mult_div_shift_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | closest_mult_div_shift_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 19) in 'closest_mult_div_shift'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_utils
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_1, i:int):
20 | LET x = lsr(to_uint32(1
21 | + (lsr(to_uint32((to_uint32(2 * i)) *
22 | (to_uint32(mod(i_1, 1048576)))), 20))), 1) IN
23 | ((is_uint32(i)) IMPLIES
24 | ((is_uint32(i_1)) IMPLIES
25 | ((is_uint32(x)) IMPLIES
26 | ((L_closest_mult_div_shift(i_1, i))
27 | = (to_uint32((to_uint32(i * (lsr(i_1, 20)))) + x))))));
28 |
29 | %|- * : PROOF
30 | %|- (prove-vc)
31 | %|- QED
32 |
33 | END closest_mult_div_shift_post
34 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/closest_mult_div_shift_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | closest_mult_div_shift_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 19) in 'closest_mult_div_shift'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_utils
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_1, i:int):
20 | LET x = lsr(to_uint32(1
21 | + (lsr(to_uint32((to_uint32(2 * i)) *
22 | (to_uint32(mod(i_1, 262144)))), 18))), 1) IN
23 | ((is_uint32(i)) IMPLIES
24 | ((is_uint32(i_1)) IMPLIES
25 | ((is_uint32(x)) IMPLIES
26 | ((L_closest_mult_div_shift(i_1, i))
27 | = (to_uint32((to_uint32(i * (lsr(i_1, 18)))) + x))))));
28 |
29 | %|- * : PROOF
30 | %|- (prove-vc)
31 | %|- QED
32 |
33 | END closest_mult_div_shift_post
34 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/closest_mult_div_shift_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | closest_mult_div_shift_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 19) in 'closest_mult_div_shift'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_utils
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_1, i:int):
20 | LET x = lsr(to_uint32(1
21 | + (lsr(to_uint32((to_uint32(2 * i)) *
22 | (to_uint32(mod(i_1, 32768)))), 15))), 1) IN
23 | ((is_uint32(i)) IMPLIES
24 | ((is_uint32(i_1)) IMPLIES
25 | ((is_uint32(x)) IMPLIES
26 | ((L_closest_mult_div_shift(i_1, i))
27 | = (to_uint32((to_uint32(i * (lsr(i_1, 15)))) + x))))));
28 |
29 | %|- * : PROOF
30 | %|- (prove-vc)
31 | %|- QED
32 |
33 | END closest_mult_div_shift_post
34 |
--------------------------------------------------------------------------------
/Gappa/xz/xz.g:
--------------------------------------------------------------------------------
1 | # Longitude encoding function
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | n = floor(n_); # n is an integer
7 | i = floor(i_); # i is an integer
8 | nl = floor(nl_); # nl is an integer
9 |
10 | nlir = nl - i;
11 | nlif rnd = nl - i;
12 | tmp1r = (n * nlir + 0x1.0p+14)*0x1.0p-15;
13 | tmp1f rnd = (n * nlif + 0x1.0p+14)*0x1.0p-15;
14 | tmp2r = (n * nlir)*0x1.0p-32;
15 | tmp2f rnd = (n * nlif)*0x1.0p-32;
16 | xzr1 = floor(tmp1r) - 0x1.0p+17 * floor(tmp2r) ;
17 | xzf1 rnd = floor(tmp1f) - 0x1.0p+17 * floor(tmp2f) ;
18 |
19 | xzr2 = 0x1.0p+17 * floor(xzr1*0x1.0p-17);
20 | xzf2 rnd = 0x1.0p+17 * floor(xzf1*0x1.0p-17);
21 |
22 | xzr = xzr1 - xzr2;
23 | xzf rnd = xzf1 - xzf2;
24 |
25 |
26 | # Main Property
27 | { (i in [0,1] /\ n in [0,4294967296] /\ nl in [1,59] -> xzf - xzr in [0,0])}
28 | xzf1 - xzr1 -> 0; # Hypothesis 1
29 | floor(xzf1*0x1.0p-17) - floor(xzr1*0x1.0p-17) -> 0; # Hypothesis 2
30 | xzf2 - xzr2 -> 0; # Hypothesis 3
31 |
32 | # complete the coq certificate with the proof of
33 | # forall x,y: x = y -> floor(x) = floor(y)
34 | # xz_hp1 and xz_hp2
35 |
--------------------------------------------------------------------------------
/C/floating-point/global_rLonNL1.c:
--------------------------------------------------------------------------------
1 | /*
2 | * global_rLonNL1.c
3 | *
4 | * Contact: Cesar Munoz
5 | * Organization: NASA/Langley Research Center
6 | *
7 | * This software may be used, reproduced, and provided to others only as
8 | * permitted under the terms of the agreement under which it was acquired from
9 | * the U.S. Government. Neither title to, nor ownership of, the software is
10 | * hereby transferred. This notice shall remain on all copies of the software.
11 | *
12 | * Copyright 2019 United States Government as represented by the Administrator
13 | * of the National Aeronautics and Space Administration. All Rights Reserved.
14 | *
15 | */
16 | #include
17 | #include
18 | #include
19 | #include
20 |
21 | typedef double fp;
22 |
23 | /*@
24 | axiomatic real_function {
25 | logic real rLonr (int xz) = 360 * (xz/0x1.0p+17);
26 | }
27 | @*/
28 |
29 | /*@
30 | requires 0 <= xz <= 131071;
31 | ensures \abs(\result - rLonr(xz)) <= 0.000022888;
32 | @*/
33 | fp g_rLonf_nl_1 (int xz) {
34 | return 360 * (xz/0x1.0p+17);
35 | }
--------------------------------------------------------------------------------
/PVS/CPR_fp/rlat_spec.pvs:
--------------------------------------------------------------------------------
1 | rlat_spec : THEORY
2 |
3 | BEGIN
4 |
5 | IMPORTING cpr_defs, encoding, global_decoding
6 |
7 | nb: VAR NB
8 | i: VAR CPRFormat
9 | lat_real, lat_reale, lat_realo: VAR real
10 | lat, late, lato: VAR Latitude
11 | lone, lono: VAR Longitude
12 |
13 | RLAT(nb, i)(lat_real): bool = EXISTS (k:int, (m:nat|m<=2^nb)): lat_real = dlat(i)*(k+m/2^nb)
14 |
15 | rlat_idem: LEMMA
16 | RLAT(nb, i)(lat) IMPLIES rlat(nb, i)(lat) = lat
17 |
18 | rlate_global: LEMMA
19 | LET ence = encode(nb,0)(late,lone),
20 | enco = encode(nb,1)(lato, lono),
21 | rlate = rlat0(nb)(ence`elat,enco`elat)
22 | IN RLAT(nb, 0)(rlate)
23 |
24 | rlato_global: LEMMA
25 | LET ence = encode(nb,0)(late,lone),
26 | enco = encode(nb,1)(lato, lono),
27 | rlato = rlat1(nb)(ence`elat,enco`elat)
28 | IN RLAT(nb, 1)(rlato)
29 |
30 | rlat_pre: LEMMA
31 | RLAT(nb,i)(rlat(nb,i)(lat))
32 |
33 | closest_rlat: LEMMA
34 | RLAT(nb,i)(lat_reale) AND RLAT(nb,i)(lat_realo) AND
35 | abs(lat-lat_reale)<=dlat(i)/2^(nb+1) AND abs(lat-lat_realo)1)
2 |
3 | @rnd = float;
4 | @floor = int;
5 |
6 | i = floor(i_); # integer
7 | xz0 = floor(xz0_); # integer
8 | xz1 = floor(xz1_); # integer
9 | nl = floor(nl_); # integer
10 |
11 | dLonr = 360 / (nl - i);
12 | dLonf rnd = 360 / (nl - i);
13 |
14 | m1r = ((nl - 1) * xz0 - nl * xz1 + 0x1.0p+16)*0x1.0p-17;
15 | m1f rnd = ((nl - 1) * xz0 - nl * xz1 + 0x1.0p+16)*0x1.0p-17;
16 | mr = floor(m1r);
17 | mf rnd = floor(m1f);
18 |
19 |
20 | mf_nlir = mr/(nl-i);
21 | mf_nlif = mf/(nl-i);
22 |
23 | rLonr = dLonr * ((mr - (nl - i) * (floor(mf_nlir))) + xz0*0x1.0p-17);
24 | rLonf rnd = dLonf * ((mf - (nl - i) * (floor(mf_nlif))) + xz0*0x1.0p-17);
25 |
26 | # Main property
27 | { (i in [0,1] /\ nl in [2,59] /\ xz0 in [0,131071] /\ xz1 in [0,131071] ->
28 | (m1f - m1r in [0,0]
29 | /\
30 | (floor(m1f) - floor(m1r) in [0,0] -> rLonf - rLonr in [-0.000046,0.000046])))}
31 | floor(mf_nlif) - floor(mf_nlir) -> 0; # Hypothesis 1
32 | mf - mr -> 0; # Hypothesis 2
33 | rLonf - rLonr $ i, nl, xz0, xz1;
34 |
35 |
36 | # complete the coq certificate with the proof of
37 | # forall x,y: x = y -> floor(x) = floor(y)
38 | # hypothesis 1
39 |
40 |
41 |
42 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/local_zone_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | local_zone_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 109) in 'local_zone'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_local_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_3, i_2, i_1, i:int):
20 | LET x = to_uint32(4 * i_1) IN
21 | LET x_1 = lsr(to_uint32(x * (to_uint32(mod(i, 8192)))), 13) IN
22 | LET x_2 = to_uint32(262144
23 | + (to_uint32((to_uint32((lsr(i, 13)) * x)) + x_1))) IN
24 | LET x_3 = to_uint32(4 * i_2) IN
25 | ((i_1 <= 63) IMPLIES
26 | ((i_2 <= 131071) IMPLIES
27 | ((is_uint32(i)) IMPLIES
28 | ((is_uint32(i_1)) IMPLIES
29 | ((is_uint32(i_2)) IMPLIES
30 | ((is_uint32(i_3)) IMPLIES
31 | ((is_uint32(x_1)) IMPLIES
32 | ((IF (x_2 < x_3) THEN (i_3 = (to_uint32(x - 1)))
33 | ELSE (i_3 = (lsr(to_uint32(x_2 - x_3), 19))) ENDIF) IMPLIES
34 | (i_3 = (L_local_zone(i_1, i, i_2)))))))))));
35 |
36 | %|- * : PROOF
37 | %|- (prove-vc)
38 | %|- QED
39 |
40 | END local_zone_post
41 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/A_local_decoding.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'local_decoding'
3 | % --------------------------------------------------
4 |
5 | A_local_decoding: THEORY
6 | BEGIN
7 | IMPORTING A_uint32_operations
8 | IMPORTING framac_wp@cint
9 |
10 | L_local_zone(nz_0 : int, ref_0 : int, mes_0 : int) : int =
11 | LET x = L_mul_u32(4, nz_0) IN
12 | LET x_1 = L_add_u32(262144,
13 | L_add_u32(L_mul_u32(x, lsr(ref_0, 13)),
14 | lsr(L_mul_u32(x, L_mod_u32(ref_0, 8192)), 13))) IN
15 | LET x_2 = L_mul_u32(4, mes_0) IN
16 | IF (x_1 < x_2) THEN (L_sub_u32(x, 1))
17 | ELSE (lsr(L_sub_u32(x_1, x_2), 19)) ENDIF
18 |
19 | L_local_decode(nz_0 : int, ref_0 : int, mes_0 : int) : int =
20 | LET x = L_mul_u32(4, nz_0) IN
21 | LET x_1 = L_add_u32(L_mul_u32(524288, L_local_zone(nz_0, ref_0, mes_0)),
22 | L_mul_u32(4, mes_0)) IN
23 | IF (0 = nz_0) THEN 0
24 | ELSE (IF (1 = x) THEN (L_mul_u32(8192, x_1))
25 | ELSE (L_add_u32(L_mul_u32(8192, L_div_u32(x_1, x)),
26 | L_div_u32(L_add_u32(L_div_u32(L_mul_u32(16384,
27 | L_mod_u32(x_1, x)), x),
28 | 1), 2))) ENDIF) ENDIF
29 | END A_local_decoding
30 |
31 |
--------------------------------------------------------------------------------
/C/fixed-point/coarse/cpr.h:
--------------------------------------------------------------------------------
1 | /*
2 | * cpr.h
3 | *
4 | * Contact: Cesar Munoz
5 | * Organization: NASA/Langley Research Center
6 | *
7 | * This software may be used, reproduced, and provided to others only as
8 | * permitted under the terms of the agreement under which it was acquired from
9 | * the U.S. Government. Neither title to, nor ownership of, the software is
10 | * hereby transferred. This notice shall remain on all copies of the software.
11 | *
12 | * Copyright 2019 United States Government as represented by the Administrator
13 | * of the National Aeronautics and Space Administration. All Rights Reserved.
14 | *
15 | */
16 | #ifndef CPR__H
17 | #define CPR__H
18 |
19 | #include "cpr_int.h"
20 |
21 | struct message {
22 | int format; // even (0) or odd (1)
23 | int_type yz; // encoded latitude
24 | int_type xz; // encoded longitude
25 | };
26 |
27 | struct recovered_position {
28 | int valid; // (0) if invalid, (1) if valid
29 | int_type lat_awb; // recovered latitude
30 | int_type lon_awb; // recovered longitude
31 | };
32 |
33 | struct message encode(int i, int_type awb_lat, int_type awb_lon);
34 | struct recovered_position local_dec(int i, int_type reference_lat, int_type reference_longitude, struct message msg);
35 | struct recovered_position global_dec(int i, struct message msg0, struct message msg1);
36 |
37 | #endif // CPR__H
38 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/A_encode.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'encode'
3 | % --------------------------------------------------
4 |
5 | A_encode: THEORY
6 | BEGIN
7 | IMPORTING A_uint32_operations
8 |
9 | L_encoding(nz_0 : int, awb_lat_0 : int, b : int) : int =
10 | LET x = L_shr_u32(L_add_u32(L_mul_u32(nz_0, awb_lat_0),
11 | IF (12 = b) THEN 524288
12 | ELSE (IF (14 = b) THEN 131072
13 | ELSE (IF (17 = b) THEN 16384
14 | ELSE (IF (19 = b) THEN 4096
15 | ELSE (-1) ENDIF) ENDIF) ENDIF) ENDIF),
16 | 32 - b) IN IF (19 = b) THEN (L_mod_u32(x, 131072)) ELSE x ENDIF
17 |
18 | IMPORTING A_utils
19 |
20 | L_rlat_int(i : int, awb_lat_0 : int) : int =
21 | LET x = L_closest_mult_div_shift(awb_lat_0,
22 | IF (0 = i) THEN 60 ELSE 59 ENDIF) IN
23 | L_add_u32(L_mul_u32(262144,
24 | L_div_u32(x, IF (0 = i) THEN 60 ELSE 59 ENDIF)),
25 | L_div_u32(L_add_u32(L_div_u32(L_mul_u32(524288,
26 | L_mod_u32(x,
27 | IF (0 = i) THEN 60 ELSE 59 ENDIF)),
28 | IF (0 = i) THEN 60 ELSE 59 ENDIF), 1), 2))
29 | END A_encode
30 |
31 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/A_encode.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'encode'
3 | % --------------------------------------------------
4 |
5 | A_encode: THEORY
6 | BEGIN
7 | IMPORTING A_uint32_operations
8 |
9 | L_encoding(nz_0 : int, awb_lat_0 : int, b : int) : int =
10 | LET x = L_shr_u32(L_add_u32(L_mul_u32(nz_0, awb_lat_0),
11 | IF (12 = b) THEN 524288
12 | ELSE (IF (14 = b) THEN 131072
13 | ELSE (IF (17 = b) THEN 16384
14 | ELSE (IF (19 = b) THEN 4096
15 | ELSE (-1) ENDIF) ENDIF) ENDIF) ENDIF),
16 | 32 - b) IN IF (19 = b) THEN (L_mod_u32(x, 131072)) ELSE x ENDIF
17 |
18 | IMPORTING A_utils
19 |
20 | L_rlat_int(i : int, awb_lat_0 : int) : int =
21 | LET x = L_closest_mult_div_shift(awb_lat_0,
22 | IF (0 = i) THEN 60 ELSE 59 ENDIF) IN
23 | L_add_u32(L_mul_u32(32768,
24 | L_div_u32(x, IF (0 = i) THEN 60 ELSE 59 ENDIF)),
25 | L_div_u32(L_add_u32(L_div_u32(L_mul_u32(65536,
26 | L_mod_u32(x,
27 | IF (0 = i) THEN 60 ELSE 59 ENDIF)),
28 | IF (0 = i) THEN 60 ELSE 59 ENDIF), 1), 2))
29 | END A_encode
30 |
31 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/A_encode.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'encode'
3 | % --------------------------------------------------
4 |
5 | A_encode: THEORY
6 | BEGIN
7 | IMPORTING A_uint32_operations
8 |
9 | L_encoding(nz_0 : int, awb_lat_0 : int, b : int) : int =
10 | LET x = L_shr_u32(L_add_u32(L_mul_u32(nz_0, awb_lat_0),
11 | IF (12 = b) THEN 524288
12 | ELSE (IF (14 = b) THEN 131072
13 | ELSE (IF (17 = b) THEN 16384
14 | ELSE (IF (19 = b) THEN 4096
15 | ELSE (-1) ENDIF) ENDIF) ENDIF) ENDIF),
16 | 32 - b) IN IF (19 = b) THEN (L_mod_u32(x, 131072)) ELSE x ENDIF
17 |
18 | IMPORTING A_utils
19 |
20 | L_rlat_int(i : int, awb_lat_0 : int) : int =
21 | LET x = L_closest_mult_div_shift(awb_lat_0,
22 | IF (0 = i) THEN 60 ELSE 59 ENDIF) IN
23 | L_add_u32(L_mul_u32(8192,
24 | L_div_u32(x, IF (0 = i) THEN 60 ELSE 59 ENDIF)),
25 | L_div_u32(L_add_u32(L_div_u32(L_mul_u32(16384,
26 | L_mod_u32(x,
27 | IF (0 = i) THEN 60 ELSE 59 ENDIF)),
28 | IF (0 = i) THEN 60 ELSE 59 ENDIF), 1), 2))
29 | END A_encode
30 |
31 |
--------------------------------------------------------------------------------
/C/fixed-point/airborne/cpr.h:
--------------------------------------------------------------------------------
1 | /*
2 | * cpr.h
3 | *
4 | * Contact: Cesar Munoz
5 | * Organization: NASA/Langley Research Center
6 | *
7 | * This software may be used, reproduced, and provided to others only as
8 | * permitted under the terms of the agreement under which it was acquired from
9 | * the U.S. Government. Neither title to, nor ownership of, the software is
10 | * hereby transferred. This notice shall remain on all copies of the software.
11 | *
12 | * Copyright 2019 United States Government as represented by the Administrator
13 | * of the National Aeronautics and Space Administration. All Rights Reserved.
14 | *
15 | */
16 | #ifndef CPR__H
17 | #define CPR__H
18 |
19 | #include "cpr_int.h"
20 |
21 | struct message {
22 | int format; // even (0) or odd (1)
23 | int_type yz; // encoded latitude
24 | int_type xz; // encoded longitude
25 | };
26 |
27 | struct recovered_position {
28 | int valid; // (0) if invalid, (1) if valid
29 | int_type lat_awb; // recovered latitude
30 | int_type lon_awb; // recovered longitude
31 | };
32 |
33 | struct message encode(int i, int_type awb_lat, int_type awb_lon);
34 | struct recovered_position local_dec(int i, int_type reference_lat, int_type reference_longitude, struct message msg);
35 | struct recovered_position global_dec(int i, struct message msg0, struct message msg1);
36 |
37 | #endif // CPR__H
38 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/A_encode.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'encode'
3 | % --------------------------------------------------
4 |
5 | A_encode: THEORY
6 | BEGIN
7 | IMPORTING A_uint32_operations
8 |
9 | L_encoding(nz_0 : int, awb_lat_0 : int, b : int) : int =
10 | LET x = L_shr_u32(L_add_u32(L_mul_u32(nz_0, awb_lat_0),
11 | IF (12 = b) THEN 524288
12 | ELSE (IF (14 = b) THEN 131072
13 | ELSE (IF (17 = b) THEN 16384
14 | ELSE (IF (19 = b) THEN 4096
15 | ELSE (-1) ENDIF) ENDIF) ENDIF) ENDIF),
16 | 32 - b) IN IF (19 = b) THEN (L_mod_u32(x, 131072)) ELSE x ENDIF
17 |
18 | IMPORTING A_utils
19 |
20 | L_rlat_int(i : int, awb_lat_0 : int) : int =
21 | LET x = L_closest_mult_div_shift(awb_lat_0,
22 | IF (0 = i) THEN 60 ELSE 59 ENDIF) IN
23 | L_add_u32(L_mul_u32(1048576,
24 | L_div_u32(x, IF (0 = i) THEN 60 ELSE 59 ENDIF)),
25 | L_div_u32(L_add_u32(L_div_u32(L_mul_u32(2097152,
26 | L_mod_u32(x,
27 | IF (0 = i) THEN 60 ELSE 59 ENDIF)),
28 | IF (0 = i) THEN 60 ELSE 59 ENDIF), 1), 2))
29 | END A_encode
30 |
31 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/north_lat_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | north_lat_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 207) in 'north_lat'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_global_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_4, i_3, i_2, i_1, i:int):
20 | LET x = L_global_decode(60, i_3, i_2, i_4) IN
21 | LET x_1 = to_uint32(x - i_1) IN
22 | ((0 <= i_4) IMPLIES
23 | ((i_4 <= 1) IMPLIES
24 | ((i_2 <= 131071) IMPLIES
25 | ((i_3 <= 131071) IMPLIES
26 | ((is_uint32(i_1)) IMPLIES
27 | ((is_uint32(i_2)) IMPLIES
28 | ((is_uint32(i_3)) IMPLIES
29 | ((is_uint32(i_4)) IMPLIES
30 | ((is_sint32(i)) IMPLIES
31 | ((is_uint32(x)) IMPLIES
32 | ((IF (x_1 <= 357913941) THEN (1 = i)
33 | ELSE (IF (3937053355 <= x_1) THEN (1 = i) ELSE (0 = i) ENDIF) ENDIF) IMPLIES
34 | ((((i_1 <= 1073741824) OR
35 | (((3221225472 <= i_1) AND (i_1 <= 4294967295))))) IMPLIES
36 | ((0 /= i) IFF (P_north_lat(i_4, i_3, i_2, i_1)))))))))))))));
37 |
38 | %|- * : PROOF
39 | %|- (prove-vc)
40 | %|- QED
41 |
42 | END north_lat_post
43 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/north_lat_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | north_lat_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 207) in 'north_lat'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_global_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | LET x = min(4096, 131072) IN
20 | FORALL (i_4, i_3, i_2, i_1, i:int):
21 | LET x_1 = L_global_decode(60, i_3, i_2, i_4) IN
22 | LET x_2 = to_uint32(x_1 - i_1) IN
23 | ((0 <= i_4) IMPLIES
24 | ((i_2 < x) IMPLIES
25 | ((i_3 < x) IMPLIES
26 | ((i_4 <= 1) IMPLIES
27 | ((is_uint32(i_1)) IMPLIES
28 | ((is_uint32(i_2)) IMPLIES
29 | ((is_uint32(i_3)) IMPLIES
30 | ((is_uint32(i_4)) IMPLIES
31 | ((is_sint32(i)) IMPLIES
32 | ((is_uint32(x_1)) IMPLIES
33 | ((IF (x_2 <= 357913941) THEN (1 = i)
34 | ELSE (IF (3937053355 <= x_2) THEN (1 = i) ELSE (0 = i) ENDIF) ENDIF) IMPLIES
35 | ((((i_1 <= 1073741824) OR
36 | (((3221225472 <= i_1) AND (i_1 <= 4294967295))))) IMPLIES
37 | ((0 /= i) IFF (P_north_lat(i_4, i_3, i_2, i_1)))))))))))))));
38 |
39 | %|- * : PROOF
40 | %|- (prove-vc)
41 | %|- QED
42 |
43 | END north_lat_post
44 |
--------------------------------------------------------------------------------
/C/fixed-point/surface/cpr.h:
--------------------------------------------------------------------------------
1 | /*
2 | * cpr.h
3 | *
4 | * Contact: Cesar Munoz
5 | * Organization: NASA/Langley Research Center
6 | *
7 | * This software may be used, reproduced, and provided to others only as
8 | * permitted under the terms of the agreement under which it was acquired from
9 | * the U.S. Government. Neither title to, nor ownership of, the software is
10 | * hereby transferred. This notice shall remain on all copies of the software.
11 | *
12 | * Copyright 2019 United States Government as represented by the Administrator
13 | * of the National Aeronautics and Space Administration. All Rights Reserved.
14 | *
15 | */
16 | #ifndef CPR__H
17 | #define CPR__H
18 |
19 | #include "cpr_int.h"
20 |
21 | struct message {
22 | int format; // even (0) or odd (1)
23 | int_type yz; // encoded latitude
24 | int_type xz; // encoded longitude
25 | };
26 |
27 | struct recovered_position {
28 | int valid; // (0) if invalid, (1) if valid
29 | int_type lat_awb; // recovered latitude
30 | int_type lon_awb; // recovered longitude
31 | };
32 |
33 | struct message encode(int i, int_type awb_lat, int_type awb_lon);
34 |
35 | struct recovered_position local_dec(int i, int_type reference_lat, int_type reference_longitude, struct message msg);
36 |
37 | struct recovered_position global_dec(int i, struct message msg0, struct message msg1, int_type own_lat_awb);
38 |
39 | #endif // CPR__H
40 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/north_lat_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | north_lat_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 207) in 'north_lat'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_global_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | LET x = min(16384, 131072) IN
20 | FORALL (i_4, i_3, i_2, i_1, i:int):
21 | LET x_1 = L_global_decode(60, i_3, i_2, i_4) IN
22 | LET x_2 = to_uint32(x_1 - i_1) IN
23 | ((0 <= i_4) IMPLIES
24 | ((i_2 < x) IMPLIES
25 | ((i_3 < x) IMPLIES
26 | ((i_4 <= 1) IMPLIES
27 | ((is_uint32(i_1)) IMPLIES
28 | ((is_uint32(i_2)) IMPLIES
29 | ((is_uint32(i_3)) IMPLIES
30 | ((is_uint32(i_4)) IMPLIES
31 | ((is_sint32(i)) IMPLIES
32 | ((is_uint32(x_1)) IMPLIES
33 | ((IF (x_2 <= 357913941) THEN (1 = i)
34 | ELSE (IF (3937053355 <= x_2) THEN (1 = i) ELSE (0 = i) ENDIF) ENDIF) IMPLIES
35 | ((((i_1 <= 1073741824) OR
36 | (((3221225472 <= i_1) AND (i_1 <= 4294967295))))) IMPLIES
37 | ((0 /= i) IFF (P_north_lat(i_4, i_3, i_2, i_1)))))))))))))));
38 |
39 | %|- * : PROOF
40 | %|- (prove-vc)
41 | %|- QED
42 |
43 | END north_lat_post
44 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/north_lat_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | north_lat_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 207) in 'north_lat'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_global_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | LET x = min(131072, 524288) IN
20 | FORALL (i_4, i_3, i_2, i_1, i:int):
21 | LET x_1 = L_global_decode(60, i_3, i_2, i_4) IN
22 | LET x_2 = to_uint32(x_1 - i_1) IN
23 | ((0 <= i_4) IMPLIES
24 | ((i_2 < x) IMPLIES
25 | ((i_3 < x) IMPLIES
26 | ((i_4 <= 1) IMPLIES
27 | ((is_uint32(i_1)) IMPLIES
28 | ((is_uint32(i_2)) IMPLIES
29 | ((is_uint32(i_3)) IMPLIES
30 | ((is_uint32(i_4)) IMPLIES
31 | ((is_sint32(i)) IMPLIES
32 | ((is_uint32(x_1)) IMPLIES
33 | ((IF (x_2 <= 357913941) THEN (1 = i)
34 | ELSE (IF (3937053355 <= x_2) THEN (1 = i) ELSE (0 = i) ENDIF) ENDIF) IMPLIES
35 | ((((i_1 <= 1073741824) OR
36 | (((3221225472 <= i_1) AND (i_1 <= 4294967295))))) IMPLIES
37 | ((0 /= i) IFF (P_north_lat(i_4, i_3, i_2, i_1)))))))))))))));
38 |
39 | %|- * : PROOF
40 | %|- (prove-vc)
41 | %|- QED
42 |
43 | END north_lat_post
44 |
--------------------------------------------------------------------------------
/C/fixed-point/intent/cpr.h:
--------------------------------------------------------------------------------
1 | /*
2 | * cpr.h
3 | *
4 | * Contact: Cesar Munoz
5 | * Organization: NASA/Langley Research Center
6 | *
7 | * This software may be used, reproduced, and provided to others only as
8 | * permitted under the terms of the agreement under which it was acquired from
9 | * the U.S. Government. Neither title to, nor ownership of, the software is
10 | * hereby transferred. This notice shall remain on all copies of the software.
11 | *
12 | * Copyright 2019 United States Government as represented by the Administrator
13 | * of the National Aeronautics and Space Administration. All Rights Reserved.
14 | *
15 | */
16 | #ifndef CPR__H
17 | #define CPR__H
18 |
19 | #include "cpr_int.h"
20 |
21 | #define I 0 // in intent messages, the only used format is even (i=0).
22 |
23 | struct message {
24 | int format; // even (0) or odd (1)
25 | int_type yz; // encoded latitude
26 | int_type xz; // encoded longitude
27 | };
28 |
29 | struct recovered_position {
30 | int valid; // (0) if invalid, (1) if valid
31 | int_type lat_awb; // recovered latitude
32 | int_type lon_awb; // recovered longitude
33 | };
34 |
35 | struct message encode(int_type awb_lat, int_type awb_lon);
36 | struct recovered_position local_dec(int_type reference_lat, int_type reference_longitude, struct message msg);
37 |
38 | // Global decoding is not applicable in intent messages.
39 |
40 | #endif // CPR__H
41 |
--------------------------------------------------------------------------------
/PVS/CPR_fp/top.pvs:
--------------------------------------------------------------------------------
1 | top: THEORY
2 | BEGIN
3 |
4 | IMPORTING
5 |
6 | cpr_funs, % stubs
7 | cpr_nl_funs, % stubs
8 | basic_defs, % elementary definitions
9 |
10 | % exact calculation
11 | nl, % NL calculation
12 | cpr_defs, % CPR aux functions
13 | encoding, % encoding procedure
14 | local_decoding, % local decoding procedure
15 | global_decoding, % global decoding procedure
16 | alt_encoding,
17 | rlat_spec,
18 |
19 | % correctness
20 | local_correctness,
21 | global_correctness,
22 | simplifications,
23 |
24 | % real-valued counterexample
25 | AWB, % Angular weighted binary
26 | counterexample,
27 |
28 | % single-precision counterexample
29 | global_single_precision_counterexample,
30 |
31 | % animation
32 | nl_table_printer, % NL-table printer
33 | pvsio_defs, % pvsio related declarations
34 | nl_table_dp, % generated table (double precision)
35 | nl_table_fa20, % generated table (fast_approx-prec:20)
36 |
37 | % Frama-C logic definitions
38 | framac_logic_definitions
39 | END top
40 |
--------------------------------------------------------------------------------
/PVS/CPR_fp/encoding.pvs:
--------------------------------------------------------------------------------
1 | encoding: THEORY
2 | BEGIN
3 |
4 | IMPORTING cpr_defs, reals@reals_mod
5 |
6 | lat: VAR Latitude
7 | lon: VAR Longitude
8 | Nb : VAR NB
9 | i : VAR CPRFormat
10 |
11 | % Dloni: longitude angular zone width (in degrees of longitude)
12 | Dloni(Nb,i)(lat): Longitude = dlon(Nb,i)(rlat(Nb,i)(lat))
13 |
14 | % Eq 7 --------------------------------------------------------------------- %
15 | % Encoding of the longitude
16 | XZi(Nb,i)(lat,lon): int =
17 | LET f10101 = Dloni(Nb,i)(lat),
18 | f1010 = cpr_mod(lon,f10101),
19 | f101 = cpr_div(f1010,f10101),
20 | f100 = F2pNb(Nb),
21 | f10 = cpr_mul(f100, f101),
22 | f1 = cpr_add(f10,F1d2)
23 | IN cpr_floor(f1)
24 |
25 | XZ_ub: LEMMA
26 | FORALL (lat: Latitude, lon:Longitude, nb:NB, i:CPRFormat):
27 | XZi(nb, i)(lat,lon)<=2^nb
28 |
29 | XZ_lb: LEMMA
30 | FORALL (lat: Latitude, lon:Longitude, nb:NB, i:CPRFormat):
31 | 0<=XZi(nb,i)(lat,lon)
32 |
33 | % End of Eq 7 -------------------------------------------------------------- %
34 |
35 | encode: EncodingFun = LAMBDA(Nb,i)(lat,lon):
36 | LET f0 = YZ(Nb,i)(lat),
37 | f11 = data_field_size(Nb),
38 | f1 = cpr_exp(2,f11),
39 | f2 = XZi(Nb,i)(lat,lon)
40 | IN (# elat := cpr_mod(f0,f1), elon := cpr_mod(f2,f1) #)
41 |
42 | encode_lat_bounds: LEMMA
43 | LET enc = encode(Nb,i)(lat, lon) IN
44 | 0<= enc`elat AND enc`elat<=2^Nb-1
45 |
46 | encode_lon_bounds: LEMMA
47 | LET enc = encode(Nb,i)(lat, lon) IN
48 | 0<= enc`elon AND enc`elon<=2^Nb-1
49 |
50 | END encoding
51 |
--------------------------------------------------------------------------------
/C/floating-point/local_rLonNL1.c:
--------------------------------------------------------------------------------
1 | /*
2 | * local_rLonNL1.c
3 | *
4 | * Contact: Cesar Munoz
5 | * Organization: NASA/Langley Research Center
6 | *
7 | * This software may be used, reproduced, and provided to others only as
8 | * permitted under the terms of the agreement under which it was acquired from
9 | * the U.S. Government. Neither title to, nor ownership of, the software is
10 | * hereby transferred. This notice shall remain on all copies of the software.
11 | *
12 | * Copyright 2019 United States Government as represented by the Administrator
13 | * of the National Aeronautics and Space Administration. All Rights Reserved.
14 | *
15 | */
16 | #include
17 | #include
18 | #include
19 | #include
20 |
21 | typedef double fp;
22 |
23 | /*@
24 | axiomatic real_function {
25 | logic real rLonr (int awb_lons, int xz) =
26 | \let m1r = ((awb_lons - (xz - 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32;
27 | \let mr = \floor (m1r);
28 | 360.0 * (mr + xz*0x1.0p-17);
29 | }
30 | @*/
31 |
32 | /*@
33 | requires 0 <= awb_lons <= 4294967295;
34 | requires 0 <= xz <= 131072;
35 | requires \floor(awb_lons) == awb_lons;
36 | requires \floor(xz) == xz;
37 | ensures \abs(\result - rLonr(awb_lons,xz)) <= 0.000022888;
38 | @*/
39 | fp rLonf_nl_1 (unsigned int awb_lons, int xz) {
40 | fp m1f = ((awb_lons - (xz - 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32;
41 | /*@ assert m1f:
42 | m1f == ((awb_lons - (xz - 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32; @*/
43 | fp mf = floor (m1f);
44 | return 360.0 * (mf + xz*0x1.0p-17);
45 | }
--------------------------------------------------------------------------------
/PVS/CPR_fp/basic_defs.pvs:
--------------------------------------------------------------------------------
1 | basic_defs: THEORY
2 | BEGIN
3 |
4 | NZ: int = 15
5 |
6 | % Latitude
7 | % "Latitude is expressed over a range of 180°".
8 | % "The input latitude can be any real number between -90° and +90°."
9 | Latitude: TYPE = {l:real | l>=-90 AND l<=90 }
10 |
11 | % "Longitude is expressed over a range of 360°".
12 | Longitude: TYPE = real
13 |
14 | lat: VAR Latitude
15 |
16 | NB: TYPE = { Nb:nat| % airborne
17 | Nb = 17
18 | % surface
19 | OR Nb = 19
20 | % coarse TIS-B
21 | OR Nb = 12 }
22 |
23 | nb: VAR NB
24 |
25 | % Index numbers for the bins inside a zone.
26 | BinIndex(nb): TYPE = subrange(0, 2^nb-1)
27 |
28 | % Size of the data field (where lat and lon are transmitted) in bits.
29 | data_field_size(nb): nat = min(17,nb)
30 |
31 | DataField(nb): TYPE+ = subrange(0,2^data_field_size(nb)-1) CONTAINING 0
32 |
33 | % Relationship between BinIndex and DataField
34 | df_is_bi: LEMMA
35 | FORALL(df: DataField(nb)): 0 <= df AND df <= 2^nb-1
36 |
37 | % CPR Format: odd (0) or even (1).
38 | CPRFormat: TYPE+ = {i:int|i=0 OR i=1} CONTAINING 0
39 |
40 | i: VAR CPRFormat
41 |
42 | inv(i): CPRFormat = IF i=0 THEN 1 ELSE 0 ENDIF
43 |
44 | % Zone Indeces.
45 | % There are 60 even latitude zones and 59 odd latitude zones
46 | ZoneIndex(i): TYPE = {z: nat | 0 <= z AND z < 4*NZ - i}
47 |
48 |
49 | % Interface for encoding function
50 | EncodingRes(nb) : TYPE = [# elat, elon: DataField(nb) #]
51 | EncodingFun : TYPE = [Nb:NB,CPRFormat->[[Latitude,Longitude->EncodingRes(Nb)]]]
52 |
53 | End basic_defs
54 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/rlat_int_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | rlat_int_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 76) in 'rlat_int'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_utils
15 | IMPORTING A_encode
16 |
17 | % --- Verification condition ---
18 |
19 | goal: LEMMA
20 | FORALL (i_3, i_2, i_1, i:int):
21 | LET x = to_uint32(i) IN
22 | LET x_1 = L_closest_mult_div_shift(i_3, x) IN
23 | ((is_uint32(i_1)) IMPLIES
24 | ((is_uint32(i_2)) IMPLIES
25 | ((is_uint32(i_3)) IMPLIES
26 | ((is_sint32(i)) IMPLIES
27 | ((is_uint32(x_1)) IMPLIES
28 | ((IF (0 = i_2) THEN (60 = i) ELSE (59 = i) ENDIF) IMPLIES
29 | ((IF (1 = x)
30 | THEN (i_1 = (to_uint32(32768 * (L_closest_mult_div_shift(i_3, 1)))))
31 | ELSE (i_1
32 | = (to_uint32((to_uint32(32768 * (to_uint32(div(x_1, x)))))
33 | + (to_uint32(div(to_uint32(1
34 | + (to_uint32(div(to_uint32(65536
35 | * (to_uint32(
36 | mod(x_1, x)))),
37 | x)))), 2)))))) ENDIF) IMPLIES
38 | ((((0 = i_2) OR (1 = i_2))) IMPLIES
39 | (i_1 = (L_rlat_int(i_2, i_3)))))))))));
40 |
41 | %|- * : PROOF
42 | %|- (prove-vc)
43 | %|- QED
44 |
45 | END rlat_int_post
46 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/rlat_int_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | rlat_int_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 76) in 'rlat_int'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_utils
15 | IMPORTING A_encode
16 |
17 | % --- Verification condition ---
18 |
19 | goal: LEMMA
20 | FORALL (i_3, i_2, i_1, i:int):
21 | LET x = to_uint32(i) IN
22 | LET x_1 = L_closest_mult_div_shift(i_3, x) IN
23 | ((is_uint32(i_1)) IMPLIES
24 | ((is_uint32(i_2)) IMPLIES
25 | ((is_uint32(i_3)) IMPLIES
26 | ((is_sint32(i)) IMPLIES
27 | ((is_uint32(x_1)) IMPLIES
28 | ((IF (0 = i_2) THEN (60 = i) ELSE (59 = i) ENDIF) IMPLIES
29 | ((IF (1 = x)
30 | THEN (i_1 = (to_uint32(8192 * (L_closest_mult_div_shift(i_3, 1)))))
31 | ELSE (i_1
32 | = (to_uint32((to_uint32(8192 * (to_uint32(div(x_1, x)))))
33 | + (to_uint32(div(to_uint32(1
34 | + (to_uint32(div(to_uint32(16384
35 | * (to_uint32(
36 | mod(x_1, x)))),
37 | x)))), 2)))))) ENDIF) IMPLIES
38 | ((((0 = i_2) OR (1 = i_2))) IMPLIES
39 | (i_1 = (L_rlat_int(i_2, i_3)))))))))));
40 |
41 | %|- * : PROOF
42 | %|- (prove-vc)
43 | %|- QED
44 |
45 | END rlat_int_post
46 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/rlat_int_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | rlat_int_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 76) in 'rlat_int'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_utils
15 | IMPORTING A_encode
16 |
17 | % --- Verification condition ---
18 |
19 | goal: LEMMA
20 | FORALL (i_3, i_2, i_1, i:int):
21 | LET x = to_uint32(i) IN
22 | LET x_1 = L_closest_mult_div_shift(i_3, x) IN
23 | ((is_uint32(i_1)) IMPLIES
24 | ((is_uint32(i_2)) IMPLIES
25 | ((is_uint32(i_3)) IMPLIES
26 | ((is_sint32(i)) IMPLIES
27 | ((is_uint32(x_1)) IMPLIES
28 | ((IF (0 = i_2) THEN (60 = i) ELSE (59 = i) ENDIF) IMPLIES
29 | ((IF (1 = x)
30 | THEN (i_1 = (to_uint32(1048576 * (L_closest_mult_div_shift(i_3, 1)))))
31 | ELSE (i_1
32 | = (to_uint32((to_uint32(1048576 * (to_uint32(div(x_1, x)))))
33 | + (to_uint32(div(to_uint32(1
34 | + (to_uint32(div(to_uint32(2097152
35 | * (to_uint32(
36 | mod(x_1, x)))),
37 | x)))), 2)))))) ENDIF) IMPLIES
38 | ((((0 = i_2) OR (1 = i_2))) IMPLIES
39 | (i_1 = (L_rlat_int(i_2, i_3)))))))))));
40 |
41 | %|- * : PROOF
42 | %|- (prove-vc)
43 | %|- QED
44 |
45 | END rlat_int_post
46 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/rlat_int_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | rlat_int_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 76) in 'rlat_int'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_utils
15 | IMPORTING A_encode
16 |
17 | % --- Verification condition ---
18 |
19 | goal: LEMMA
20 | FORALL (i_3, i_2, i_1, i:int):
21 | LET x = to_uint32(i) IN
22 | LET x_1 = L_closest_mult_div_shift(i_3, x) IN
23 | ((is_uint32(i_1)) IMPLIES
24 | ((is_uint32(i_2)) IMPLIES
25 | ((is_uint32(i_3)) IMPLIES
26 | ((is_sint32(i)) IMPLIES
27 | ((is_uint32(x_1)) IMPLIES
28 | ((IF (0 = i_2) THEN (60 = i) ELSE (59 = i) ENDIF) IMPLIES
29 | ((IF (1 = x)
30 | THEN (i_1 = (to_uint32(262144 * (L_closest_mult_div_shift(i_3, 1)))))
31 | ELSE (i_1
32 | = (to_uint32((to_uint32(262144 * (to_uint32(div(x_1, x)))))
33 | + (to_uint32(div(to_uint32(1
34 | + (to_uint32(div(to_uint32(524288
35 | * (to_uint32(
36 | mod(x_1, x)))),
37 | x)))), 2)))))) ENDIF) IMPLIES
38 | ((((0 = i_2) OR (1 = i_2))) IMPLIES
39 | (i_1 = (L_rlat_int(i_2, i_3)))))))))));
40 |
41 | %|- * : PROOF
42 | %|- (prove-vc)
43 | %|- QED
44 |
45 | END rlat_int_post
46 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/global_zone_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | global_zone_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 174) in 'global_zone'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_global_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_4, i_3, i_2, i_1, i:int):
20 | LET x = to_uint32(i - i_3) IN
21 | ((0 < i) IMPLIES
22 | ((0 <= i_3) IMPLIES
23 | ((i_3 <= 1) IMPLIES
24 | ((i <= 63) IMPLIES
25 | ((i_1 <= 131071) IMPLIES
26 | ((i_2 <= 131071) IMPLIES
27 | ((is_uint32(i)) IMPLIES
28 | ((is_uint32(i_1)) IMPLIES
29 | ((is_uint32(i_2)) IMPLIES
30 | ((is_uint32(i_3)) IMPLIES
31 | ((is_uint32(i_4)) IMPLIES
32 | ((IF (2 <= i)
33 | THEN (i_4
34 | = (to_uint32(mod(lsr(to_uint32((to_uint32((to_uint32(262144
35 | * x))
36 | + (to_uint32(65536
37 | + (to_uint32(i_2 *
38 | (to_uint32(i - 1))))))))
39 | - (to_uint32(i * i_1))), 17), x))))
40 | ELSE (0 = i_4) ENDIF) IMPLIES
41 | (i_4 = (L_global_zone(i, i_2, i_1, i_3)))))))))))))));
42 |
43 | %|- * : PROOF
44 | %|- (prove-vc)
45 | %|- QED
46 |
47 | END global_zone_post
48 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/local_decode_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | local_decode_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 123) in 'local_decode'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_local_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_3, i_2, i_1, i:int):
20 | LET x = L_local_zone(i_1, i, i_2) IN
21 | LET x_1 = to_uint32(4 * i_1) IN
22 | LET x_2 = to_uint32((to_uint32(4 * i_2)) + (to_uint32(524288 * x))) IN
23 | ((0 < i_1) IMPLIES
24 | ((i_1 <= 63) IMPLIES
25 | ((i_2 <= 131071) IMPLIES
26 | ((is_uint32(i)) IMPLIES
27 | ((is_uint32(i_1)) IMPLIES
28 | ((is_uint32(i_2)) IMPLIES
29 | ((is_uint32(i_3)) IMPLIES
30 | ((is_uint32(x)) IMPLIES
31 | ((IF (1 = x_1) THEN (i_3 = (to_uint32(8192 * x_2)))
32 | ELSE (i_3
33 | = (to_uint32((to_uint32(8192 * (to_uint32(div(x_2, x_1)))))
34 | + (to_uint32(div(to_uint32(1
35 | + (to_uint32(div(to_uint32(16384
36 | * (to_uint32(
37 | mod(x_2, x_1)))),
38 | x_1)))), 2)))))) ENDIF) IMPLIES
39 | (i_3 = (L_local_decode(i_1, i, i_2))))))))))));
40 |
41 | %|- * : PROOF
42 | %|- (prove-vc)
43 | %|- QED
44 |
45 | END local_decode_post
46 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/global_zone_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | global_zone_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 174) in 'global_zone'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_global_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | LET x = min(4096, 131072) IN
20 | FORALL (i_4, i_3, i_2, i_1, i:int):
21 | LET x_1 = to_uint32(i - i_3) IN
22 | ((0 < i) IMPLIES
23 | ((0 <= i_3) IMPLIES
24 | ((i_1 < x) IMPLIES
25 | ((i_2 < x) IMPLIES
26 | ((i_3 <= 1) IMPLIES
27 | ((i <= 63) IMPLIES
28 | ((is_uint32(i)) IMPLIES
29 | ((is_uint32(i_1)) IMPLIES
30 | ((is_uint32(i_2)) IMPLIES
31 | ((is_uint32(i_3)) IMPLIES
32 | ((is_uint32(i_4)) IMPLIES
33 | ((IF (2 <= i)
34 | THEN (i_4
35 | = (to_uint32(mod(lsr(to_uint32((to_uint32((to_uint32(262144
36 | * x_1))
37 | + (to_uint32(2048
38 | + (to_uint32(i_2 *
39 | (to_uint32(i - 1))))))))
40 | - (to_uint32(i * i_1))), 12), x_1))))
41 | ELSE (0 = i_4) ENDIF) IMPLIES
42 | (i_4 = (L_global_zone(i, i_2, i_1, i_3)))))))))))))));
43 |
44 | %|- * : PROOF
45 | %|- (prove-vc)
46 | %|- QED
47 |
48 | END global_zone_post
49 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/global_zone_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | global_zone_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 174) in 'global_zone'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_global_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | LET x = min(16384, 131072) IN
20 | FORALL (i_4, i_3, i_2, i_1, i:int):
21 | LET x_1 = to_uint32(i - i_3) IN
22 | ((0 < i) IMPLIES
23 | ((0 <= i_3) IMPLIES
24 | ((i_1 < x) IMPLIES
25 | ((i_2 < x) IMPLIES
26 | ((i_3 <= 1) IMPLIES
27 | ((i <= 63) IMPLIES
28 | ((is_uint32(i)) IMPLIES
29 | ((is_uint32(i_1)) IMPLIES
30 | ((is_uint32(i_2)) IMPLIES
31 | ((is_uint32(i_3)) IMPLIES
32 | ((is_uint32(i_4)) IMPLIES
33 | ((IF (2 <= i)
34 | THEN (i_4
35 | = (to_uint32(mod(lsr(to_uint32((to_uint32((to_uint32(262144
36 | * x_1))
37 | + (to_uint32(8192
38 | + (to_uint32(i_2 *
39 | (to_uint32(i - 1))))))))
40 | - (to_uint32(i * i_1))), 14), x_1))))
41 | ELSE (0 = i_4) ENDIF) IMPLIES
42 | (i_4 = (L_global_zone(i, i_2, i_1, i_3)))))))))))))));
43 |
44 | %|- * : PROOF
45 | %|- (prove-vc)
46 | %|- QED
47 |
48 | END global_zone_post
49 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/global_zone_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | global_zone_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 174) in 'global_zone'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_global_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | LET x = min(131072, 524288) IN
20 | FORALL (i_4, i_3, i_2, i_1, i:int):
21 | LET x_1 = to_uint32(i - i_3) IN
22 | ((0 < i) IMPLIES
23 | ((0 <= i_3) IMPLIES
24 | ((i_1 < x) IMPLIES
25 | ((i_2 < x) IMPLIES
26 | ((i_3 <= 1) IMPLIES
27 | ((i <= 63) IMPLIES
28 | ((is_uint32(i)) IMPLIES
29 | ((is_uint32(i_1)) IMPLIES
30 | ((is_uint32(i_2)) IMPLIES
31 | ((is_uint32(i_3)) IMPLIES
32 | ((is_uint32(i_4)) IMPLIES
33 | ((IF (2 <= i)
34 | THEN (i_4
35 | = (to_uint32(mod(lsr(to_uint32((to_uint32((to_uint32(262144
36 | * x_1))
37 | + (to_uint32(65536
38 | + (to_uint32(i_2 *
39 | (to_uint32(i - 1))))))))
40 | - (to_uint32(i * i_1))), 17), x_1))))
41 | ELSE (0 = i_4) ENDIF) IMPLIES
42 | (i_4 = (L_global_zone(i, i_2, i_1, i_3)))))))))))))));
43 |
44 | %|- * : PROOF
45 | %|- (prove-vc)
46 | %|- QED
47 |
48 | END global_zone_post
49 |
--------------------------------------------------------------------------------
/PVS/framac_wp/cint.pvs:
--------------------------------------------------------------------------------
1 | cint: THEORY
2 | BEGIN
3 |
4 | % Conversions
5 |
6 | max_uint8 : MACRO int = 256
7 | max_sint8 : MACRO int = 128
8 | max_uint16 : MACRO int = 65536
9 | max_sint16 : MACRO int = 32768
10 | max_uint32 : MACRO int = 4294967296
11 | max_sint32 : MACRO int = 2147483648
12 | max_uint64 : MACRO int = 18446744073709551616
13 | max_sint64 : MACRO int = 9223372036854775808
14 |
15 |
16 | is_uint8(x:int) : bool = 0 <= x AND x < max_uint8
17 | is_sint8(x:int) : bool = (- max_sint8) <= x AND x < max_sint8
18 | is_uint16(x:int) : bool = 0 <= x AND x < max_uint16
19 | is_sint16(x:int) : bool = (- max_sint16) <= x AND x < max_sint16
20 | is_uint32(x:int) : bool = 0 <= x AND x < max_uint32
21 | is_sint32(x:int) : bool = (- max_sint32) <= x AND x < max_sint32
22 | is_uint64(x:int) : bool = 0 <= x AND x < max_uint64
23 | is_sint64(x:int) : bool = (- max_sint64) <= x AND x < max_sint64
24 |
25 | to_range(a: int, b: int | a < b)
26 | (z: int)
27 | : MACRO {r: int | a <= r AND r < b}
28 | = a + mod(z-a,b-a)
29 |
30 | to_range_id
31 | : LEMMA
32 | FORALL(a: int, b: int | a < b, z: int)
33 | : a <= z AND z < b IMPLIES to_range(a,b)(z) = z
34 |
35 | to_sint32(x:int) : (is_sint32) = to_range(-max_sint32,max_sint32)(x)
36 | to_sint64(x:int) : (is_sint64) = to_range(-max_sint64,max_sint64)(x)
37 | of_sint32(x:(is_sint32)) : int = x
38 | of_sint64(x:(is_sint64)) : int = x
39 | to_uint32(x:int) : (is_uint32) = to_range(0,max_uint32)(x)
40 | to_uint64(x:int) : (is_uint64) = to_range(0,max_uint64)(x)
41 | of_uint32(x:(is_uint32)) : int = x
42 | of_uint64(x:(is_uint64)) : int = x
43 |
44 | to_uint32_id
45 | : LEMMA
46 | FORALL(z: nat)
47 | : z < max_uint32 IMPLIES to_uint32(z) = z
48 |
49 | END cint
50 |
--------------------------------------------------------------------------------
/PVS/summaries/framac_wp.summary:
--------------------------------------------------------------------------------
1 | ***
2 | *** Processing framac_wp (14:9:9 11/30/2020)
3 | *** Generated by proveit 7.1.0 (Nov 05, 2020)
4 | *** Trusted Oracles
5 | *** metit: Try (help metit)
6 | ***
7 | Proof summary for theory top
8 | Theory totals: 0 formulas, 0 attempted, 0 succeeded (0.00 s)
9 |
10 | Proof summary for theory memory
11 | Theory totals: 0 formulas, 0 attempted, 0 succeeded (0.00 s)
12 |
13 | Proof summary for theory cmath
14 | error_value_TCC1......................proved - complete [shostak](0.03 s)
15 | pow_TCC1..............................proved - complete [shostak](0.08 s)
16 | pow_TCC2..............................proved - complete [shostak](0.02 s)
17 | pow_TCC3..............................proved - complete [shostak](0.01 s)
18 | Theory totals: 4 formulas, 4 attempted, 4 succeeded (0.14 s)
19 |
20 | Proof summary for theory cint
21 | to_range_TCC1.........................proved - complete [shostak](0.01 s)
22 | to_range_TCC2.........................proved - complete [shostak](0.16 s)
23 | to_range_id...........................proved - complete [shostak](0.07 s)
24 | to_uint32_id..........................proved - complete [shostak](0.07 s)
25 | Theory totals: 4 formulas, 4 attempted, 4 succeeded (0.31 s)
26 |
27 | Proof summary for theory creal
28 | rdiv_TCC1.............................proved - complete [shostak](0.01 s)
29 | Theory totals: 1 formulas, 1 attempted, 1 succeeded (0.01 s)
30 |
31 | Proof summary for theory cfloat
32 | div_float64_TCC1......................proved - incomplete [shostak](0.13 s)
33 | Theory totals: 1 formulas, 1 attempted, 1 succeeded (0.13 s)
34 |
35 | Grand Totals: 10 proofs, 10 attempted, 10 succeeded (0.59 s)
36 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/local_decode_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | local_decode_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 123) in 'local_decode'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_local_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_3, i_2, i_1, i:int):
20 | LET x = L_local_zone(i_1, i, i_2) IN
21 | LET x_1 = to_uint32(i_2 + (to_uint32(131072 * x))) IN
22 | ((0 < i_1) IMPLIES
23 | ((i_1 <= 63) IMPLIES
24 | ((i_2 <= 131071) IMPLIES
25 | ((is_uint32(i)) IMPLIES
26 | ((is_uint32(i_1)) IMPLIES
27 | ((is_uint32(i_2)) IMPLIES
28 | ((is_uint32(i_3)) IMPLIES
29 | ((is_uint32(x)) IMPLIES
30 | ((IF (1 = i_1)
31 | THEN (i_3
32 | = (to_uint32(32768
33 | * (to_uint32(i_2
34 | + (to_uint32(131072 * (L_local_zone(1, i, i_2)))))))))
35 | ELSE (i_3
36 | = (to_uint32((to_uint32(32768 * (to_uint32(div(x_1, i_1)))))
37 | + (to_uint32(div(to_uint32(1
38 | + (to_uint32(div(to_uint32(65536
39 | * (to_uint32(
40 | mod(x_1, i_1)))),
41 | i_1)))), 2)))))) ENDIF) IMPLIES
42 | (i_3 = (L_local_decode(i_1, i, i_2))))))))))));
43 |
44 | %|- * : PROOF
45 | %|- (prove-vc)
46 | %|- QED
47 |
48 | END local_decode_post
49 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/local_decode_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | local_decode_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 123) in 'local_decode'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_local_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_3, i_2, i_1, i:int):
20 | LET x = L_local_zone(i_1, i, i_2) IN
21 | LET x_1 = to_uint32(i_2 + (to_uint32(4096 * x))) IN
22 | ((0 < i_1) IMPLIES
23 | ((i_1 <= 63) IMPLIES
24 | ((i_2 <= 131071) IMPLIES
25 | ((is_uint32(i)) IMPLIES
26 | ((is_uint32(i_1)) IMPLIES
27 | ((is_uint32(i_2)) IMPLIES
28 | ((is_uint32(i_3)) IMPLIES
29 | ((is_uint32(x)) IMPLIES
30 | ((IF (1 = i_1)
31 | THEN (i_3
32 | = (to_uint32(1048576
33 | * (to_uint32(i_2
34 | + (to_uint32(4096 * (L_local_zone(1, i, i_2)))))))))
35 | ELSE (i_3
36 | = (to_uint32((to_uint32(1048576 * (to_uint32(div(x_1, i_1)))))
37 | + (to_uint32(div(to_uint32(1
38 | + (to_uint32(div(to_uint32(2097152
39 | * (to_uint32(
40 | mod(x_1, i_1)))),
41 | i_1)))), 2)))))) ENDIF) IMPLIES
42 | (i_3 = (L_local_decode(i_1, i, i_2))))))))))));
43 |
44 | %|- * : PROOF
45 | %|- (prove-vc)
46 | %|- QED
47 |
48 | END local_decode_post
49 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/local_decode_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | local_decode_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 123) in 'local_decode'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_local_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_3, i_2, i_1, i:int):
20 | LET x = L_local_zone(i_1, i, i_2) IN
21 | LET x_1 = to_uint32(i_2 + (to_uint32(16384 * x))) IN
22 | ((0 < i_1) IMPLIES
23 | ((i_1 <= 63) IMPLIES
24 | ((i_2 <= 131071) IMPLIES
25 | ((is_uint32(i)) IMPLIES
26 | ((is_uint32(i_1)) IMPLIES
27 | ((is_uint32(i_2)) IMPLIES
28 | ((is_uint32(i_3)) IMPLIES
29 | ((is_uint32(x)) IMPLIES
30 | ((IF (1 = i_1)
31 | THEN (i_3
32 | = (to_uint32(262144
33 | * (to_uint32(i_2
34 | + (to_uint32(16384 * (L_local_zone(1, i, i_2)))))))))
35 | ELSE (i_3
36 | = (to_uint32((to_uint32(262144 * (to_uint32(div(x_1, i_1)))))
37 | + (to_uint32(div(to_uint32(1
38 | + (to_uint32(div(to_uint32(524288
39 | * (to_uint32(
40 | mod(x_1, i_1)))),
41 | i_1)))), 2)))))) ENDIF) IMPLIES
42 | (i_3 = (L_local_decode(i_1, i, i_2))))))))))));
43 |
44 | %|- * : PROOF
45 | %|- (prove-vc)
46 | %|- QED
47 |
48 | END local_decode_post
49 |
--------------------------------------------------------------------------------
/C/fixed-point/intent/cpr.c:
--------------------------------------------------------------------------------
1 | /*
2 | * cpr.c
3 | *
4 | * Contact: Cesar Munoz
5 | * Organization: NASA/Langley Research Center
6 | *
7 | * This software may be used, reproduced, and provided to others only as
8 | * permitted under the terms of the agreement under which it was acquired from
9 | * the U.S. Government. Neither title to, nor ownership of, the software is
10 | * hereby transferred. This notice shall remain on all copies of the software.
11 | *
12 | * Copyright 2019 United States Government as represented by the Administrator
13 | * of the National Aeronautics and Space Administration. All Rights Reserved.
14 | *
15 | */
16 | #include "cpr_int.h"
17 | #include "cpr.h"
18 |
19 | /* ======================================================== */
20 | /* ================== Encoding ============================ */
21 | /* ======================================================== */
22 |
23 | struct message encode(int_type awb_lat, int_type awb_lon) {
24 | int_type nz = max(nl_awb(rlat_int(I,awb_lat))-I, 1);
25 | struct message result = { I , encoding(60-I, awb_lat) , encoding(nz, awb_lon) };
26 | return result;
27 | }
28 | /* ======================================================== */
29 | /* ==================== Local Decoding ==================== */
30 | /* ======================================================== */
31 |
32 | struct recovered_position local_dec(int_type reference_lat, int_type reference_longitude, struct message msg){
33 | int_type r_lat = local_decode(60-I, reference_lat, msg.yz);
34 | int_type r_lon = local_decode(max(nl_awb(r_lat)-I, 1), reference_longitude, msg.xz);
35 | struct recovered_position result = {1, r_lat, r_lon};
36 | return result;
37 | }
38 |
39 | // Global decoding is not applicable in intent messages.
40 |
--------------------------------------------------------------------------------
/C/floating-point/local_rLat.c:
--------------------------------------------------------------------------------
1 | /*
2 | * local_rLat.c
3 | *
4 | * Contact: Cesar Munoz
5 | * Organization: NASA/Langley Research Center
6 | *
7 | * This software may be used, reproduced, and provided to others only as
8 | * permitted under the terms of the agreement under which it was acquired from
9 | * the U.S. Government. Neither title to, nor ownership of, the software is
10 | * hereby transferred. This notice shall remain on all copies of the software.
11 | *
12 | * Copyright 2019 United States Government as represented by the Administrator
13 | * of the National Aeronautics and Space Administration. All Rights Reserved.
14 | *
15 | */
16 | #include
17 | #include
18 | #include
19 | #include
20 |
21 | typedef double fp;
22 |
23 | /*@
24 | axiomatic real_function {
25 | logic real rLatr (int i, int awb_lats, int yz) =
26 | \let dLatr = 360. / (60. - i);
27 | \let j1r = ((awb_lats * (60 - i) - (yz - 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32;
28 | \let jr = \floor(j1r);
29 | dLatr * (yz*0x1.0p-17 + jr);
30 | }
31 | @*/
32 |
33 | /*@
34 | requires 0 <= i <= 1;
35 | requires 0 <= awb_lats <= 1073741824;
36 | requires 0 <= yz <= 131071;
37 | requires \floor(awb_lats) == awb_lats;
38 | requires \floor(yz) == yz;
39 | requires \floor(i) == i;
40 | ensures \abs(\result - rLatr(i,awb_lats,yz)) <= 0.000022888;
41 | @*/
42 | fp rLatf (int i, unsigned int awb_lats, int yz) {
43 | fp dLatf = 360.0 / (60.0 - i);
44 | fp j1f = ((awb_lats * (60.0 - i) - (yz - 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32;
45 | fp jf = floor(j1f);
46 | /*@ assert j1f:
47 | j1f == ((awb_lats * (60 - i) - (yz - 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32; @*/
48 | return dLatf * (yz*0x1.0p-17 + jf);
49 | }
--------------------------------------------------------------------------------
/PVS/all-theories.grandtotals:
--------------------------------------------------------------------------------
1 | Processing CPR_fp. Writing output to file summaries/CPR_fp.summary
2 | Logging PVS information in summaries/CPR_fp.log
3 | Grand Totals: 281 proofs, 281 attempted, 281 succeeded (385.19 s)
4 |
5 | Processing CPR. Writing output to file summaries/CPR.summary
6 | Logging PVS information in summaries/CPR.log
7 | Grand Totals: 290 proofs, 290 attempted, 290 succeeded (1915.77 s)
8 |
9 | Processing framac_wp. Writing output to file summaries/framac_wp.summary
10 | Logging PVS information in summaries/framac_wp.log
11 | Grand Totals: 10 proofs, 10 attempted, 10 succeeded (0.59 s)
12 |
13 | Processing vc_nb_12. Writing output to file summaries/vc_nb_12.summary
14 | Logging PVS information in summaries/vc_nb_12.log
15 | Grand Totals: 80 proofs, 80 attempted, 80 succeeded (48.79 s)
16 |
17 | Processing vc_nb_14. Writing output to file summaries/vc_nb_14.summary
18 | Logging PVS information in summaries/vc_nb_14.log
19 | Grand Totals: 80 proofs, 80 attempted, 80 succeeded (48.83 s)
20 |
21 | Processing vc_nb_17. Writing output to file summaries/vc_nb_17.summary
22 | Logging PVS information in summaries/vc_nb_17.log
23 | Grand Totals: 80 proofs, 80 attempted, 80 succeeded (49.72 s)
24 |
25 | Processing vc_nb_19. Writing output to file summaries/vc_nb_19.summary
26 | Logging PVS information in summaries/vc_nb_19.log
27 | Grand Totals: 80 proofs, 80 attempted, 80 succeeded (64.27 s)
28 |
29 | CPR_fp [OK: 281 proofs]
30 | CPR [OK: 290 proofs]
31 | framac_wp [OK: 10 proofs]
32 | vc_nb_12 [OK: 80 proofs]
33 | vc_nb_14 [OK: 80 proofs]
34 | vc_nb_17 [OK: 80 proofs]
35 | vc_nb_19 [OK: 80 proofs]
36 |
37 | *** Grand Totals: 901 proofs / 901 formulas. Missed: 0 formulas.
38 | *** Number of libraries: 7
39 |
--------------------------------------------------------------------------------
/C/floating-point/local_rLat-greater-2-30.c:
--------------------------------------------------------------------------------
1 | /*
2 | * local_rLat-greater-2-30.c
3 | *
4 | * Contact: Cesar Munoz
5 | * Organization: NASA/Langley Research Center
6 | *
7 | * This software may be used, reproduced, and provided to others only as
8 | * permitted under the terms of the agreement under which it was acquired from
9 | * the U.S. Government. Neither title to, nor ownership of, the software is
10 | * hereby transferred. This notice shall remain on all copies of the software.
11 | *
12 | * Copyright 2019 United States Government as represented by the Administrator
13 | * of the National Aeronautics and Space Administration. All Rights Reserved.
14 | *
15 | */
16 | #include
17 | #include
18 | #include
19 | #include
20 |
21 | typedef double fp;
22 |
23 | /*@
24 | axiomatic real_function {
25 | logic real rLatr (int i, int awb_lats, int yz) =
26 | \let dLatr = 360.0 / (60.0 - i);
27 | \let j1r = ((awb_lats - 0x1.0p+32) * (60 - i) - (yz - 0x1.0p+16)*0x1.0p+15) * 0x1.0p-32;
28 | \let jr = \floor(j1r);
29 | dLatr * (yz*0x1.0p-17 + jr);
30 | }
31 | @*/
32 |
33 | /*@
34 | requires 0 <= i <= 1;
35 | requires 1073741824 < awb_lats <= 4294967295;
36 | requires 0 <= yz <= 131071;
37 | requires \floor(awb_lats) == awb_lats;
38 | requires \floor(yz) == yz;
39 | requires \floor(i) == i;
40 | ensures \abs(\result - rLatr(i,awb_lats,yz)) <= 0.000022888;
41 | @*/
42 | fp rLatf_g_2_30 (int i, unsigned int awb_lats, int yz) {
43 | fp dLatf = 360.0 / (60.0 - i);
44 | fp j1f = ((awb_lats - 0x1.0p+32) * (60.0 - i) - (yz - 0x1.0p+16)*0x1.0p+15) * 0x1.0p-32;
45 | fp jf = floor(j1f);
46 | /*@ assert j1f:
47 | j1f == ((awb_lats - 0x1.0p+32) * (60 - i) - (yz - 0x1.0p+16)*0x1.0p+15) * 0x1.0p-32; @*/
48 | return dLatf * (yz*0x1.0p-17 + jf);
49 | }
--------------------------------------------------------------------------------
/PVS/vc_nb_12/A_global_decoding.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'global_decoding'
3 | % --------------------------------------------------
4 |
5 | A_global_decoding: THEORY
6 | BEGIN
7 |
8 | L_global_zone : [int, int, int, int -> int]
9 |
10 | IMPORTING A_uint32_operations
11 |
12 | L_global_decode(nz_0 : int, mes0_0 : int, mes1_0 : int, i : int) : int =
13 | LET x = max(1, L_sub_u32(nz_0, i)) IN
14 | LET x_1 = L_add_u32(L_mul_u32(4096,
15 | L_global_zone(nz_0, mes0_0, mes1_0, i)),
16 | IF (0 = i) THEN mes0_0 ELSE mes1_0 ENDIF) IN
17 | IF (1 = x) THEN (L_mul_u32(1048576, x_1))
18 | ELSE (L_add_u32(L_mul_u32(1048576, L_div_u32(x_1, x)),
19 | L_div_u32(L_add_u32(L_div_u32(L_mul_u32(2097152,
20 | L_mod_u32(x_1, x)), x), 1), 2))) ENDIF
21 |
22 | P_north_lat(i : int, mes0_0 : int, mes1_0 : int, own_0 : int) : bool =
23 | LET x = L_sub_u32(L_global_decode(60, mes0_0, mes1_0, i), own_0) IN
24 | ((x <= 357913941) OR (3937053355 <= x))
25 |
26 | Q_global_zone__def_0: AXIOM FORALL (i_2, i_1, i:int): ((0 <= i) IMPLIES
27 | ((i <= 1) IMPLIES (0 = (L_global_zone(1, i_2, i_1, i)))))
28 | IMPORTING framac_wp@cint
29 |
30 | Q_global_zone__def_1: AXIOM FORALL (i_3, i_2, i_1, i:int):
31 | LET x = L_sub_u32(i_3, i) IN ((0 <= i) IMPLIES ((i <= 1) IMPLIES
32 | ((2 <= i_3) IMPLIES ((i_3 <= 63) IMPLIES
33 | ((L_global_zone(i_3, i_2, i_1, i))
34 | = (L_mod_u32(lsr(L_sub_u32(L_add_u32(L_add_u32(L_mul_u32(L_sub_u32(i_3,
35 | 1), i_2),
36 | 2048), L_mul_u32(x, 262144)),
37 | L_mul_u32(i_3, i_1)), 12), x)))))))
38 | END A_global_decoding
39 |
40 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/A_global_decoding.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'global_decoding'
3 | % --------------------------------------------------
4 |
5 | A_global_decoding: THEORY
6 | BEGIN
7 |
8 | L_global_zone : [int, int, int, int -> int]
9 |
10 | IMPORTING A_uint32_operations
11 |
12 | L_global_decode(nz_0 : int, mes0_0 : int, mes1_0 : int, i : int) : int =
13 | LET x = max(1, L_sub_u32(nz_0, i)) IN
14 | LET x_1 = L_add_u32(L_mul_u32(16384,
15 | L_global_zone(nz_0, mes0_0, mes1_0, i)),
16 | IF (0 = i) THEN mes0_0 ELSE mes1_0 ENDIF) IN
17 | IF (1 = x) THEN (L_mul_u32(262144, x_1))
18 | ELSE (L_add_u32(L_mul_u32(262144, L_div_u32(x_1, x)),
19 | L_div_u32(L_add_u32(L_div_u32(L_mul_u32(524288,
20 | L_mod_u32(x_1, x)), x), 1), 2))) ENDIF
21 |
22 | P_north_lat(i : int, mes0_0 : int, mes1_0 : int, own_0 : int) : bool =
23 | LET x = L_sub_u32(L_global_decode(60, mes0_0, mes1_0, i), own_0) IN
24 | ((x <= 357913941) OR (3937053355 <= x))
25 |
26 | Q_global_zone__def_0: AXIOM FORALL (i_2, i_1, i:int): ((0 <= i) IMPLIES
27 | ((i <= 1) IMPLIES (0 = (L_global_zone(1, i_2, i_1, i)))))
28 | IMPORTING framac_wp@cint
29 |
30 | Q_global_zone__def_1: AXIOM FORALL (i_3, i_2, i_1, i:int):
31 | LET x = L_sub_u32(i_3, i) IN ((0 <= i) IMPLIES ((i <= 1) IMPLIES
32 | ((2 <= i_3) IMPLIES ((i_3 <= 63) IMPLIES
33 | ((L_global_zone(i_3, i_2, i_1, i))
34 | = (L_mod_u32(lsr(L_sub_u32(L_add_u32(L_add_u32(L_mul_u32(L_sub_u32(i_3,
35 | 1), i_2),
36 | 8192), L_mul_u32(x, 262144)),
37 | L_mul_u32(i_3, i_1)), 14), x)))))))
38 | END A_global_decoding
39 |
40 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/A_global_decoding.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'global_decoding'
3 | % --------------------------------------------------
4 |
5 | A_global_decoding: THEORY
6 | BEGIN
7 |
8 | L_global_zone : [int, int, int, int -> int]
9 |
10 | IMPORTING A_uint32_operations
11 |
12 | L_global_decode(nz_0 : int, mes0_0 : int, mes1_0 : int, i : int) : int =
13 | LET x = max(1, L_sub_u32(nz_0, i)) IN
14 | LET x_1 = L_add_u32(L_mul_u32(131072,
15 | L_global_zone(nz_0, mes0_0, mes1_0, i)),
16 | IF (0 = i) THEN mes0_0 ELSE mes1_0 ENDIF) IN
17 | IF (1 = x) THEN (L_mul_u32(32768, x_1))
18 | ELSE (L_add_u32(L_mul_u32(32768, L_div_u32(x_1, x)),
19 | L_div_u32(L_add_u32(L_div_u32(L_mul_u32(65536,
20 | L_mod_u32(x_1, x)), x), 1), 2))) ENDIF
21 |
22 | P_north_lat(i : int, mes0_0 : int, mes1_0 : int, own_0 : int) : bool =
23 | LET x = L_sub_u32(L_global_decode(60, mes0_0, mes1_0, i), own_0) IN
24 | ((x <= 357913941) OR (3937053355 <= x))
25 |
26 | Q_global_zone__def_0: AXIOM FORALL (i_2, i_1, i:int): ((0 <= i) IMPLIES
27 | ((i <= 1) IMPLIES (0 = (L_global_zone(1, i_2, i_1, i)))))
28 | IMPORTING framac_wp@cint
29 |
30 | Q_global_zone__def_1: AXIOM FORALL (i_3, i_2, i_1, i:int):
31 | LET x = L_sub_u32(i_3, i) IN ((0 <= i) IMPLIES ((i <= 1) IMPLIES
32 | ((2 <= i_3) IMPLIES ((i_3 <= 63) IMPLIES
33 | ((L_global_zone(i_3, i_2, i_1, i))
34 | = (L_mod_u32(lsr(L_sub_u32(L_add_u32(L_add_u32(L_mul_u32(L_sub_u32(i_3,
35 | 1), i_2),
36 | 65536), L_mul_u32(x, 262144)),
37 | L_mul_u32(i_3, i_1)), 17), x)))))))
38 | END A_global_decoding
39 |
40 |
--------------------------------------------------------------------------------
/PVS/CPR_fp/cpr_nl_funs.pvs:
--------------------------------------------------------------------------------
1 | %
2 | % Stub functions for the CPR algorithms dedicated to the calculation of the NL
3 | % table. These stub functions allow a fine-grained control on the semantic
4 | % attachments to arithmetic and trigonometric operations.
5 | %
6 | cpr_nl_funs: THEORY
7 | BEGIN
8 |
9 | IMPORTING reals@reals_mod,
10 | trig@acos,
11 | trig@sincos_def,
12 | fast_approx@fast_approx,
13 | pvsio_defs
14 |
15 | % Mode of computation to be used to evaluate algebraic operations: addition,
16 | % subtraction, multiplication, division, square root, modulo, and floor.
17 | AlgebOpMode: Global[OperationMode,DoublePrecision]
18 |
19 | % Mode of computation to be used to evaluate transcendental operations:
20 | % trigonometric, exponentiation.
21 | TransOpMode: Global[OperationMode,DoublePrecision]
22 |
23 | % Precision to be used when working with the fast-approximation library.
24 | FastAppPrec: Global[posint,5]
25 |
26 | % Functions used in the definition of CPR algorithms. Defined here as aliases
27 | % for real-valued functions
28 |
29 | nl_sqrt(x:nonneg_real):nonneg_real = sqrt(x)
30 | AUTO_REWRITE+ nl_sqrt
31 |
32 | nl_cos(x:real):real = cos(x)
33 | AUTO_REWRITE+ nl_cos
34 |
35 | nl_acos(x:real_abs_le1):real = acos(x)
36 | AUTO_REWRITE+ nl_acos
37 |
38 | nl_mod(i:real,j:nonzero_real): {k:real| abs(k) < abs(j)} = mod(i,j)
39 | AUTO_REWRITE+ nl_mod
40 |
41 | nl_pi: real = pi
42 | AUTO_REWRITE+ nl_pi
43 |
44 | nl_exp(r: real, i:{i:int | r /= 0 OR i >= 0}):real = r^i
45 | AUTO_REWRITE+ nl_exp
46 |
47 | nl_sub(x,y:real):real = x-y
48 | AUTO_REWRITE+ nl_sub
49 |
50 | nl_add(x,y:real):real = x+y
51 | AUTO_REWRITE+ nl_add
52 |
53 | nl_mul(x,y:real):real = x*y
54 | AUTO_REWRITE+ nl_mul
55 |
56 | nl_div(x:real,y:nonzero_real):real = x/y
57 | AUTO_REWRITE+ nl_div
58 |
59 | END cpr_nl_funs
60 |
--------------------------------------------------------------------------------
/C/floating-point/xz-alt-NL1.c:
--------------------------------------------------------------------------------
1 | /*
2 | * xz-alt-NL1.c
3 | *
4 | * Contact: Cesar Munoz
5 | * Organization: NASA/Langley Research Center
6 | *
7 | * This software may be used, reproduced, and provided to others only as
8 | * permitted under the terms of the agreement under which it was acquired from
9 | * the U.S. Government. Neither title to, nor ownership of, the software is
10 | * hereby transferred. This notice shall remain on all copies of the software.
11 | *
12 | * Copyright 2019 United States Government as represented by the Administrator
13 | * of the National Aeronautics and Space Administration. All Rights Reserved.
14 | *
15 | */
16 | #include
17 | #include
18 | #include
19 | #include
20 |
21 | typedef double fp;
22 |
23 | /*@
24 | axiomatic real_function {
25 | logic real xzr(int awb_lon) =
26 | \let tmp1r = (awb_lon + 0x1.0p+14) * 0x1.0p-15;
27 | \let tmp2r = (awb_lon + 0x1.0p+14) * 0x1.0p-32;
28 | \let tmp3r = 0x1.0p+17 * \floor(tmp2r);
29 | \floor(tmp1r) - tmp3r;
30 | }
31 | @*/
32 |
33 | /*@
34 | requires awb_lon >= 0 && awb_lon <= 4294967296;
35 | requires \floor(awb_lon) == awb_lon;
36 | ensures \result == xzr(awb_lon) ;
37 | @*/
38 | fp xzf (unsigned int awb_lon) {
39 | fp tmp1f = (awb_lon + 0x1.0p+14) * 0x1.0p-15;
40 | /*@ assert tmp1f:
41 | tmp1f == (awb_lon + 0x1.0p+14) * 0x1.0p-15;
42 | @*/
43 | fp tmp2f = (awb_lon + 0x1.0p+14) * 0x1.0p-32;
44 | /*@ assert tmp2f:
45 | tmp2f == (awb_lon + 0x1.0p+14) * 0x1.0p-32;
46 | @*/
47 | fp tmp3f = 0x1.0p+17 * floor(tmp2f);
48 | /*@ assert tmp3f:
49 | \let tmp2r = (awb_lon + 0x1.0p+14) * 0x1.0p-32;
50 | tmp3f == 0x1.0p+17 * \floor(tmp2r);
51 | @*/
52 | /*@ assert tmp3f_is_int:
53 | tmp3f == \floor(tmp3f);
54 | @*/
55 | return floor(tmp1f) - tmp3f;
56 | }
57 |
58 | int main () { return 0; }
59 |
--------------------------------------------------------------------------------
/C/floating-point/cpr.h:
--------------------------------------------------------------------------------
1 | /*
2 | * cpr.h
3 | *
4 | * Contact: Cesar Munoz
5 | * Organization: NASA/Langley Research Center
6 | *
7 | * This software may be used, reproduced, and provided to others only as
8 | * permitted under the terms of the agreement under which it was acquired from
9 | * the U.S. Government. Neither title to, nor ownership of, the software is
10 | * hereby transferred. This notice shall remain on all copies of the software.
11 | *
12 | * Copyright 2019 United States Government as represented by the Administrator
13 | * of the National Aeronautics and Space Administration. All Rights Reserved.
14 | *
15 | */
16 | #ifndef CPR__H
17 | #define CPR__H
18 |
19 | #define int_type unsigned int
20 |
21 | struct message {
22 | int format; // even (0) or odd (1)
23 | unsigned int yz; // encoded latitude
24 | unsigned int xz; // encoded longitude
25 | };
26 |
27 | struct recovered_position {
28 | double lat; // recovered latitude
29 | double lon; // recovered longitude
30 | };
31 |
32 | typedef double fp;
33 |
34 | /* Core functions */
35 | // Global decoding
36 | fp g_rLatf_i_0 (int yz0, int yz1);
37 | fp g_rLatf_i_1 (int yz0, int yz1);
38 | fp g_rLonf_i_0 (int xz0, int xz1, int nl);
39 | fp g_rLonf_i_1 (int xz0, int xz1, int nl);
40 | fp g_rLonf_nl_1 (int xz);
41 | // Local decoding
42 | fp rLatf (int i, unsigned int awb_lats, int yz);
43 | fp rLatf_g_2_30 (int i, unsigned int awb_lats, int yz);
44 | fp rLonf_nl_1 (unsigned int awb_lons, int xz);
45 | fp rLonf (int i, int nl, unsigned int awb_lons, int xz);
46 |
47 | /* Precomputed NL table */
48 | int nl_double(double lat);
49 |
50 | /* Interface */
51 |
52 | struct recovered_position local_dec(int i, unsigned int reference_lat, unsigned int reference_longitude, struct message msg);
53 | struct recovered_position global_dec(int i, struct message msg0, struct message msg1);
54 |
55 | #endif // CPR__H
--------------------------------------------------------------------------------
/PVS/CPR_fp/cpr_funs.pvs:
--------------------------------------------------------------------------------
1 | %
2 | % Stub functions for CPR functions. They allow a fine-grained control on the
3 | % semantic attachments to arithmetic and trigonometric operations.
4 | %
5 | cpr_funs: THEORY
6 | BEGIN
7 |
8 | IMPORTING reals@reals_mod,
9 | trig@acos,
10 | trig@sincos_def,
11 | fast_approx@fast_approx,
12 | pvsio_defs
13 |
14 | % Mode of computation to be used to evaluate algebraic operations: addition,
15 | % subtraction, multiplication, division, square root, modulo, and floor.
16 | AlgebOpMode: Global[OperationMode,DoublePrecision]
17 |
18 | % Mode of computation to be used to evaluate transcendental operations:
19 | % trigonometric, exponentiation.
20 | TransOpMode: Global[OperationMode,DoublePrecision]
21 |
22 | % Precision to be used when working with the fast-approximation library.
23 | FastAppPrec: Global[posint,5]
24 |
25 | % Functions used in the definition of CPR algorithms. Defined here as aliases
26 | % for real-valued functions
27 |
28 | cpr_sqrt(x:nonneg_real):nonneg_real = sqrt(x)
29 | AUTO_REWRITE+ cpr_sqrt
30 |
31 | cpr_cos(x:real):real = cos(x)
32 | AUTO_REWRITE+ cpr_cos
33 |
34 | cpr_acos(x:real_abs_le1):real = acos(x)
35 | AUTO_REWRITE+ cpr_acos
36 |
37 | cpr_mod(i:real,j:nonzero_real): {k:real| abs(k) < abs(j)} = mod(i,j)
38 | AUTO_REWRITE+ cpr_mod
39 |
40 | cpr_pi: real = pi
41 | AUTO_REWRITE+ cpr_pi
42 |
43 | cpr_exp(r: real, i:{i:int | r /= 0 OR i >= 0}):real = r^i
44 | AUTO_REWRITE+ cpr_exp
45 |
46 | cpr_sub(x,y:real):real = x-y
47 | AUTO_REWRITE+ cpr_sub
48 |
49 | cpr_add(x,y:real):real = x+y
50 | AUTO_REWRITE+ cpr_add
51 |
52 | cpr_mul(x,y:real):real = x*y
53 | AUTO_REWRITE+ cpr_mul
54 |
55 | cpr_div(x:real,y:nonzero_real):real = x/y
56 | AUTO_REWRITE+ cpr_div
57 |
58 | cpr_floor(x:real):real = floor(x)
59 | AUTO_REWRITE+ cpr_floor
60 |
61 | END cpr_funs
62 |
--------------------------------------------------------------------------------
/C/floating-point/local_rLon.c:
--------------------------------------------------------------------------------
1 | /*
2 | * local_rLon.c
3 | *
4 | * Contact: Cesar Munoz
5 | * Organization: NASA/Langley Research Center
6 | *
7 | * This software may be used, reproduced, and provided to others only as
8 | * permitted under the terms of the agreement under which it was acquired from
9 | * the U.S. Government. Neither title to, nor ownership of, the software is
10 | * hereby transferred. This notice shall remain on all copies of the software.
11 | *
12 | * Copyright 2019 United States Government as represented by the Administrator
13 | * of the National Aeronautics and Space Administration. All Rights Reserved.
14 | *
15 | */
16 | #include
17 | #include
18 | #include
19 | #include
20 |
21 | typedef double fp;
22 |
23 | /*@
24 | axiomatic real_function {
25 | logic real rLonr (int i, int nl, int awb_lons, int xz) =
26 | \let dLonr = 360.0 / (nl - i);
27 | \let m1r = ((awb_lons * (nl - i) - (xz - 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32;
28 | \let mr = \floor (m1r);
29 | dLonr * (mr + xz*0x1.0p-17);
30 | }
31 | @*/
32 |
33 | /*@
34 | requires 0 <= i <= 1;
35 | requires 0 <= awb_lons <= 4294967295;
36 | requires 0 <= xz <= 131072;
37 | requires 2 <= nl <= 59;
38 | requires \floor(awb_lons) == awb_lons;
39 | requires \floor(xz) == xz;
40 | requires \floor(nl) == nl;
41 | requires \floor(i) == i;
42 | ensures \abs(\result - rLonr(i,nl,awb_lons,xz)) <= 0.000022888;
43 | @*/
44 | fp rLonf (int i, int nl, unsigned int awb_lons, int xz) {
45 | fp dLonf = 360.0 / ((fp) nl - (fp) i);
46 | fp m1f = ((awb_lons * ((fp) nl - (fp) i) - (xz - 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32;
47 | /*@ assert m1f:
48 | m1f == ((awb_lons * (nl - i) - (xz - 0x1.0p+16)*0x1.0p+15)) * 0x1.0p-32; @*/
49 | fp mf = floor(m1f);
50 | return dLonf * (mf + xz*0x1.0p-17);
51 | }
--------------------------------------------------------------------------------
/PVS/vc_nb_19/A_global_decoding.pvs:
--------------------------------------------------------------------------------
1 | % --------------------------------------------------
2 | % Axiomatic 'global_decoding'
3 | % --------------------------------------------------
4 |
5 | A_global_decoding: THEORY
6 | BEGIN
7 |
8 | L_global_zone : [int, int, int, int -> int]
9 |
10 | IMPORTING A_uint32_operations
11 |
12 | L_global_decode(nz_0 : int, mes0_0 : int, mes1_0 : int, i : int) : int =
13 | LET x = L_mul_u32(4, max(1, L_sub_u32(nz_0, i))) IN
14 | LET x_1 = L_add_u32(L_mul_u32(524288,
15 | L_global_zone(nz_0, mes0_0, mes1_0, i)),
16 | L_mul_u32(4, IF (0 = i) THEN mes0_0 ELSE mes1_0 ENDIF)) IN
17 | IF (1 = x) THEN (L_mul_u32(8192, x_1))
18 | ELSE (L_add_u32(L_mul_u32(8192, L_div_u32(x_1, x)),
19 | L_div_u32(L_add_u32(L_div_u32(L_mul_u32(16384,
20 | L_mod_u32(x_1, x)), x), 1), 2))) ENDIF
21 |
22 | P_north_lat(i : int, mes0_0 : int, mes1_0 : int, own_0 : int) : bool =
23 | LET x = L_sub_u32(L_global_decode(60, mes0_0, mes1_0, i), own_0) IN
24 | ((x <= 357913941) OR (3937053355 <= x))
25 |
26 | Q_global_zone__def_0: AXIOM FORALL (i_2, i_1, i:int): ((0 <= i) IMPLIES
27 | ((i <= 1) IMPLIES (0 = (L_global_zone(1, i_2, i_1, i)))))
28 | IMPORTING framac_wp@cint
29 |
30 | Q_global_zone__def_1: AXIOM FORALL (i_3, i_2, i_1, i:int):
31 | LET x = L_sub_u32(i_3, i) IN ((0 <= i) IMPLIES ((i <= 1) IMPLIES
32 | ((2 <= i_3) IMPLIES ((i_3 <= 63) IMPLIES
33 | ((L_global_zone(i_3, i_2, i_1, i))
34 | = (L_mod_u32(lsr(L_sub_u32(L_add_u32(L_add_u32(L_mul_u32(L_sub_u32(i_3,
35 | 1), i_2),
36 | 65536), L_mul_u32(x, 262144)),
37 | L_mul_u32(i_3, i_1)), 17), x)))))))
38 | END A_global_decoding
39 |
40 |
--------------------------------------------------------------------------------
/PVS/CPR_fp/cpr_defs.pvs:
--------------------------------------------------------------------------------
1 | cpr_defs: THEORY
2 | BEGIN
3 |
4 | IMPORTING nl,
5 | cpr_funs
6 |
7 | lat: VAR Latitude
8 | nb: VAR NB
9 | i: VAR CPRFormat
10 |
11 | % Constants.
12 | F2pNb(nb): real = cpr_exp(2,nb)
13 | AUTO_REWRITE+ F2pNb
14 | F1d2: real = cpr_div(1,2)
15 | AUTO_REWRITE F1d2
16 |
17 | % Arithmetic simplification aimed to reduce the accumulated error in the
18 | % calculations defined in the rest of the formalization.
19 | % Idea: mod(a, b)/b = a/b-floor(a/b)
20 | cpr_mod_div(a:real,b:nzreal): MACRO {r:real|r=cpr_div(cpr_mod(a,b),b)} =
21 | LET g110 = cpr_div(a,b),
22 | g11 = cpr_floor( g110 ) IN
23 | cpr_sub( g110 , g11 )
24 |
25 | % Eq 1
26 | dlat(i): posreal = cpr_div(360, cpr_sub(cpr_mul(4,NZ),i))
27 |
28 | YZ_f0(nb,i)(lat): MACRO real = cpr_mod(lat, dlat(i))
29 |
30 | % Eq 5 (pg. T-13)
31 | YZ(nb,i)(lat): int =
32 | LET f0 = YZ_f0(nb,i)(lat),
33 | f1 = cpr_div(f0, dlat(i)),
34 | f2 = cpr_mul(F2pNb(nb),f1),
35 | f3 = cpr_add(f2, F1d2)
36 | IN cpr_floor(f3)
37 |
38 | YZ_lb: LEMMA
39 | YZ(nb,i)(lat) >= 0
40 |
41 | YZ_ub: LEMMA
42 | YZ(nb,i)(lat) <= 2^nb
43 |
44 | YZ_val: LEMMA FORALL (M:posnat, k:nat, x:real, y:posreal):
45 | floor(1/2 + M*fractional(x/y)) = k
46 | IFF
47 | ((k-1/2)/M<= fractional(x/y) AND fractional(x/y)< (k+1/2)/M)
48 |
49 | % Eq 6
50 | rlat(nb,i)(lat): Latitude =
51 | cpr_mul(
52 | dlat(i),
53 | cpr_add(
54 | cpr_div( YZ(nb,i)(lat), cpr_exp(2,nb) ),
55 | floor(cpr_div(lat,dlat(i)))))
56 |
57 | % ---------------------------------------------------------------------------%
58 | % Dloni: longitude angular zone width (in degrees of longitude)
59 | dlon(nb,i)(lat_real:real): { x: real | 0 < x AND x <= 360 } =
60 | LET nl = cpr_sub(NL(lat_real),i) IN
61 | IF nl = 0 THEN 360 ELSE cpr_div(360,nl) ENDIF
62 |
63 | END cpr_defs
64 |
--------------------------------------------------------------------------------
/C/fixed-point/surface/benchmarks/encoding/README.md:
--------------------------------------------------------------------------------
1 | # Example of use of the encode functionality of CPR.
2 |
3 | The program in `encode.c` reads the information needed to encode a CPR message and prints the encoding.
4 | It is expected for the information to be provided in a CSV file in
5 | which every line starts with the following fields:
6 |
7 | 1) message format [i] (int), (0 for even encoding, 1 for odd encoding)
8 | 2) current latitude as AWB (unsigned int),
9 | 3) current longitude as AWB (unsigned int).
10 |
11 | The program expects as argument the name of the input CSV file.
12 | It prints on the standard output the following data:
13 |
14 | 1) message format [i] (int),
15 | 2) current latitude as AWB (unsigned int),
16 | 3) current longitude as AWB (unsigned int),
17 | 4) message latitude [YZ] (unsigned int),
18 | 5) message longitude [XZ] (unsigned int).
19 |
20 | All the integer values (AWB and encodings) are expected and output in hexadecimal with no prefixes (ie, "FF02" instead of "0xFF02", for example).
21 |
22 | ## Building
23 |
24 | For convenience, a `Makefile` is provided to build the program.
25 | ```shell
26 | $ make
27 | gcc -o encode encode.c -L../.. -lsurface
28 | ```
29 |
30 | This program uses the surface library (`libsurface.a`).
31 | To build the library, the user may invoke `make` in the [`surface`](`../../`) directory (see [`surface/README.md`](`../../README.md`) for details).
32 |
33 | ## Running
34 |
35 | A bash script ([`run.sh`](run.sh)) aimed to automate the execution of the program on multiple files is also provided.
36 | It assumes that the CSV file contains not only the required input data (in the order explained above) but also the expected result of the encoding.
37 | The script iterates over all the CSV files in the directory and executes `encode` on them.
38 | Every result is stored in an `.out` file and compared with the input.
39 | The standard output is used to report discrepancies of the results w.r.t. the given input.
--------------------------------------------------------------------------------
/C/fixed-point/airborne/benchmarks/encoding/README.md:
--------------------------------------------------------------------------------
1 | # Example of use of the encode functionality of CPR.
2 |
3 | The program in `encode.c` reads the information needed to encode a CPR message and prints the encoding.
4 | It is expected for the information to be provided in a CSV file in
5 | which every line starts with the following fields:
6 |
7 | 1) message format [i] (int), (0 for even encoding, 1 for odd encoding)
8 | 2) current latitude as AWB (unsigned int),
9 | 3) current longitude as AWB (unsigned int).
10 |
11 | The program expects as argument the name of the input CSV file.
12 | It prints on the standard output the following data:
13 |
14 | 1) message format [i] (int),
15 | 2) current latitude as AWB (unsigned int),
16 | 3) current longitude as AWB (unsigned int),
17 | 4) message latitude [YZ] (unsigned int),
18 | 5) message longitude [XZ] (unsigned int).
19 |
20 | All the integer values (AWB and encodings) are expected and output in hexadecimal with no prefixes (ie, "FF02" instead of "0xFF02", for example).
21 |
22 | ## Building
23 |
24 | For convenience, a `Makefile` is provided to build the program.
25 | ```shell
26 | $ make
27 | gcc -o encode encode.c -L../.. -lairborne
28 | ```
29 |
30 | This program uses the airborne library (`libairborne.a`).
31 | To build the library, the user may invoke `make` in the [`airborne`](`../../`) directory (see [`airborne/README.md`](`../../README.md`) for details).
32 |
33 | ## Running
34 |
35 | A bash script ([`run.sh`](run.sh)) aimed to automate the execution of the program on multiple files is also provided.
36 | It assumes that the CSV file contains not only the required input data (in the order explained above) but also the expected result of the encoding.
37 | The script iterates over all the CSV files in the directory and executes `encode` on them.
38 | Every result is stored in an `.out` file and compared with the input.
39 | The standard output is used to report discrepancies of the results w.r.t. the given input.
--------------------------------------------------------------------------------
/C/floating-point/README.md:
--------------------------------------------------------------------------------
1 | This directory contains a C floating-point implementation of the CPR decoding functions for the **airborne** format (Nb=17).
2 |
3 | Source files:
4 | * Encoding functions
5 | * `yz-alt-greater-2-30.c` : (formally verified) latitude encoding functions (case lat>2^30)
6 | * `yz-alt.c` : (formally verified) latitude encoding functions (case lat<=2^30)
7 | * `xz-alt-NL1.c` : (formally verified) longitude encoding function (case NL=1)
8 | * `xz-alt.c` : (formally verified) longitude encoding function (case NL>1)
9 | * Global Decoding
10 | * `global_rLat_i0.c` : (formally verified) latitude decoding functions (case i=0)
11 | * `global_rLat_i1.c` : (formally verified) latitude decoding functions (case i=1)
12 | * `global_rLonNL1.c` : (formally verified) longitude decoding functions (case NL=1)
13 | * `global_rLon_i0.c` : (formally verified) longitude decoding functions (case NL>1 and i=0)
14 | * `global_rLon_i1.c` : (formally verified) longitude decoding functions (case NL>1 and i=1)
15 | * Local Decoding
16 | * `local_rLat-greater-2-30.c` : (formally verified) latitude decoding functions (case reference_lat>2^30)
17 | * `local_rLat.c` : (formally verified) latitude decoding functions (case reference_lat<=2^30)
18 | * `local_rLonNL1.c` : (formally verified) longitude decoding functions (case NL=1)
19 | * `local_rLon.c` : (formally verified) longitude decoding functions (case NL>1)
20 | * Helper functions
21 | * `cpr.c`: entry-point for CPR functions.
22 | * `nl.c`: precomputed NL table.
23 |
24 | For examples of use, please see the directory [`benchmarks`](benchmarks).
25 |
26 | The included `Makefile` can be used to generate the static library `libairborne.a`.
27 |
28 | ```shell
29 | $ make
30 | gcc -c -o cpr.o cpr.c -Wall
31 | ar -cr libairborne.a cpr.o nl.o global_rLat_i0.o global_rLat_i1.o global_rLon_i0.o global_rLon_i1.o global_rLonNL1.o local_rLat-greater-2-30.o local_rLat.o local_rLon.o local_rLonNL1.o
32 | ```
33 |
--------------------------------------------------------------------------------
/C/floating-point/benchmarks/global-decoding/README.md:
--------------------------------------------------------------------------------
1 | Example of use of the decoding functionality of CPR.
2 |
3 | The program in `decode.c` reads the information needed to (globally) decode a CPR message and prints the recovered position.
4 | It is expected for the information to be provided in a CSV file in which every line starts with the following fields:
5 | ```
6 | , , ,
7 | ````
8 | where __ can take the value 0 (even message) or 1 (odd message), the first pair of __ and __ represents a position encoded in even format (i=0) and the second pair represents a position encoded using an odd format (i=1).
9 | The program expects as argument the name of the input CSV file.
10 | It prints on the standard output the input data followed by the recovered position (latitude and longitude, in that order).
11 | ```
12 | , , , , ,
13 | ````
14 | For convenience, a `Makefile` is provided to build the program.
15 | ```shell
16 | $ make
17 | gcc -o decode decode.c -L../.. -lairborne
18 | ```
19 |
20 | This program uses the airborne library (`libairborne.a`).
21 | To build the library, the user may invoke `make` in the [`airborne`](`../../`) directory (see [`airborne/README.md`](`../../README.md`) for details).
22 |
23 | A bash script ([`run.sh`](run.sh)) aimed to automate the execution of the program on multiple files is also provided.
24 | It assumes that the CSV file contains not only the required input data (in the order explained above) but also the expected result of the decoding.
25 | The script iterates over all the CSV files in the directory and executes `decode` on them.
26 | Every result is stored in an `.out` file and compared with the input.
27 | The standard output is used to report discrepancies of the results w.r.t. the given input.
28 |
--------------------------------------------------------------------------------
/PVS/vc_nb_17/global_decode_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | global_decode_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 191) in 'global_decode'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_global_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | FORALL (i_6, i_5, i_4, i_3, i_2, i_1, i:int):
20 | LET x = L_global_zone(i, i_4, i_3, IF (0 = i_5) THEN 0 ELSE 1 ENDIF) IN
21 | LET x_1 = to_uint32(i - i_5) IN
22 | LET x_2 = to_uint32(i_2 + (to_uint32(131072 * x))) IN
23 | ((0 < i) IMPLIES
24 | ((0 <= i_5) IMPLIES
25 | ((i_5 <= 1) IMPLIES
26 | ((i <= 63) IMPLIES
27 | ((i_3 <= 131071) IMPLIES
28 | ((i_4 <= 131071) IMPLIES
29 | ((is_uint32(i)) IMPLIES
30 | ((is_uint32(i_1)) IMPLIES
31 | ((is_uint32(i_2)) IMPLIES
32 | ((is_uint32(i_3)) IMPLIES
33 | ((is_uint32(i_4)) IMPLIES
34 | ((is_uint32(i_5)) IMPLIES
35 | ((is_uint32(i_6)) IMPLIES
36 | ((is_uint32(x)) IMPLIES
37 | ((IF (0 = i_5) THEN (i_2 = i_4) ELSE (i_2 = i_3) ENDIF) IMPLIES
38 | ((IF (0 < x_1) THEN (i_1 = x_1) ELSE (1 = i_1) ENDIF) IMPLIES
39 | ((IF (1 = i_1) THEN (i_6 = (to_uint32(32768 * x_2)))
40 | ELSE (i_6
41 | = (to_uint32((to_uint32(32768 * (to_uint32(div(x_2, i_1)))))
42 | + (to_uint32(div(to_uint32(1
43 | + (to_uint32(div(to_uint32(65536
44 | * (to_uint32(
45 | mod(x_2, i_1)))),
46 | i_1)))), 2)))))) ENDIF) IMPLIES
47 | (i_6 = (L_global_decode(i, i_4, i_3, i_5))))))))))))))))))));
48 |
49 | %|- * : PROOF
50 | %|- (prove-vc)
51 | %|- QED
52 |
53 | END global_decode_post
54 |
--------------------------------------------------------------------------------
/PVS/vc_nb_12/global_decode_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | global_decode_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 191) in 'global_decode'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_global_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | LET x = min(4096, 131072) IN
20 | FORALL (i_6, i_5, i_4, i_3, i_2, i_1, i:int):
21 | LET x_1 = L_global_zone(i, i_4, i_3, IF (0 = i_5) THEN 0 ELSE 1 ENDIF) IN
22 | LET x_2 = to_uint32(i - i_5) IN
23 | LET x_3 = to_uint32(i_2 + (to_uint32(4096 * x_1))) IN
24 | ((0 < i) IMPLIES
25 | ((0 <= i_5) IMPLIES
26 | ((i_3 < x) IMPLIES
27 | ((i_4 < x) IMPLIES
28 | ((i_5 <= 1) IMPLIES
29 | ((i <= 63) IMPLIES
30 | ((is_uint32(i)) IMPLIES
31 | ((is_uint32(i_1)) IMPLIES
32 | ((is_uint32(i_2)) IMPLIES
33 | ((is_uint32(i_3)) IMPLIES
34 | ((is_uint32(i_4)) IMPLIES
35 | ((is_uint32(i_5)) IMPLIES
36 | ((is_uint32(i_6)) IMPLIES
37 | ((is_uint32(x_1)) IMPLIES
38 | ((IF (0 = i_5) THEN (i_2 = i_4) ELSE (i_2 = i_3) ENDIF) IMPLIES
39 | ((IF (0 < x_2) THEN (i_1 = x_2) ELSE (1 = i_1) ENDIF) IMPLIES
40 | ((IF (1 = i_1) THEN (i_6 = (to_uint32(1048576 * x_3)))
41 | ELSE (i_6
42 | = (to_uint32((to_uint32(1048576 * (to_uint32(div(x_3, i_1)))))
43 | + (to_uint32(div(to_uint32(1
44 | + (to_uint32(div(to_uint32(2097152
45 | * (to_uint32(
46 | mod(x_3, i_1)))),
47 | i_1)))), 2)))))) ENDIF) IMPLIES
48 | (i_6 = (L_global_decode(i, i_4, i_3, i_5))))))))))))))))))));
49 |
50 | %|- * : PROOF
51 | %|- (prove-vc)
52 | %|- QED
53 |
54 | END global_decode_post
55 |
--------------------------------------------------------------------------------
/PVS/vc_nb_14/global_decode_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | global_decode_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 191) in 'global_decode'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_global_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | LET x = min(16384, 131072) IN
20 | FORALL (i_6, i_5, i_4, i_3, i_2, i_1, i:int):
21 | LET x_1 = L_global_zone(i, i_4, i_3, IF (0 = i_5) THEN 0 ELSE 1 ENDIF) IN
22 | LET x_2 = to_uint32(i - i_5) IN
23 | LET x_3 = to_uint32(i_2 + (to_uint32(16384 * x_1))) IN
24 | ((0 < i) IMPLIES
25 | ((0 <= i_5) IMPLIES
26 | ((i_3 < x) IMPLIES
27 | ((i_4 < x) IMPLIES
28 | ((i_5 <= 1) IMPLIES
29 | ((i <= 63) IMPLIES
30 | ((is_uint32(i)) IMPLIES
31 | ((is_uint32(i_1)) IMPLIES
32 | ((is_uint32(i_2)) IMPLIES
33 | ((is_uint32(i_3)) IMPLIES
34 | ((is_uint32(i_4)) IMPLIES
35 | ((is_uint32(i_5)) IMPLIES
36 | ((is_uint32(i_6)) IMPLIES
37 | ((is_uint32(x_1)) IMPLIES
38 | ((IF (0 = i_5) THEN (i_2 = i_4) ELSE (i_2 = i_3) ENDIF) IMPLIES
39 | ((IF (0 < x_2) THEN (i_1 = x_2) ELSE (1 = i_1) ENDIF) IMPLIES
40 | ((IF (1 = i_1) THEN (i_6 = (to_uint32(262144 * x_3)))
41 | ELSE (i_6
42 | = (to_uint32((to_uint32(262144 * (to_uint32(div(x_3, i_1)))))
43 | + (to_uint32(div(to_uint32(1
44 | + (to_uint32(div(to_uint32(524288
45 | * (to_uint32(
46 | mod(x_3, i_1)))),
47 | i_1)))), 2)))))) ENDIF) IMPLIES
48 | (i_6 = (L_global_decode(i, i_4, i_3, i_5))))))))))))))))))));
49 |
50 | %|- * : PROOF
51 | %|- (prove-vc)
52 | %|- QED
53 |
54 | END global_decode_post
55 |
--------------------------------------------------------------------------------
/C/floating-point/benchmarks/local-decoding/README.md:
--------------------------------------------------------------------------------
1 | Example of use of the decoding functionality of CPR.
2 |
3 | The program in `decode.c` reads the information needed to (locally) decode a CPR message and prints the recovered position.
4 | It is expected for the information to be provided in a CSV file in which every line starts with the following fields:
5 | ```
6 | , , , ,
7 | ````
8 | where __ can take the value 0 (even message) or 1 (odd message), __ and __ represent the reference position (given as a pair of AWB integers representing latitude and longitude resp.), and the last two fields represents the encoded latitude and longitude transmitted in a CPR message.
9 | The program expects as argument the name of the input CSV file.
10 | It prints on the standard output the input data followed by the recovered position (latitude and longitude, in that order).
11 | ```
12 | , , , , , ,
13 | ````
14 | For convenience, a `Makefile` is provided to build the program.
15 | ```shell
16 | $ make
17 | gcc -o decode decode.c -L../.. -lairborne
18 | ```
19 |
20 | This program uses the airborne library (`libairborne.a`).
21 | To build the library, the user may invoke `make` in the [`airborne`](`../../`) directory (see [`airborne/README.md`](`../../README.md`) for details).
22 |
23 | A bash script ([`run.sh`](run.sh)) aimed to automate the execution of the program on multiple files is also provided.
24 | It assumes that the CSV file contains not only the required input data (in the order explained above) but also the expected result of the decoding.
25 | The script iterates over all the CSV files in the directory and executes `decode` on them.
26 | Every result is stored in an `.out` file and compared with the input.
27 | The standard output is used to report discrepancies of the results w.r.t. the given input.
28 |
--------------------------------------------------------------------------------
/C/fixed-point/intent/benchmarks/encoding/README.md:
--------------------------------------------------------------------------------
1 | # Example of use of the encode functionality of CPR.
2 |
3 | The program in `encode.c` reads the information needed to encode a CPR message and prints the encoding.
4 | It is expected for the information to be provided in a CSV file in
5 | which every line starts with the following fields:
6 |
7 | 1) current latitude as AWB (unsigned int),
8 | 2) current longitude as AWB (unsigned int).
9 |
10 | The program expects as argument the name of the input CSV file.
11 | It prints on the standard output the following data:
12 |
13 | 1) current latitude as AWB (unsigned int),
14 | 2) current longitude as AWB (unsigned int),
15 | 3) message latitude [YZ] (unsigned int),
16 | 4) message longitude [XZ] (unsigned int).
17 |
18 | All the integer values (AWB and encodings) are expected and output in hexadecimal with no prefixes (ie, "FF02" instead of "0xFF02", for example).
19 |
20 | ## Building
21 |
22 | For convenience, a `Makefile` is provided to build the program.
23 | ```shell
24 | $ make
25 | gcc -o encode encode.c -L../.. -lintent
26 | ```
27 |
28 | This program uses the intent library (`libintent.a`).
29 | To build the library, the user may invoke `make` in the [`intent`](`../../`) directory (see [`intent/README.md`](`../../README.md`) for details).
30 |
31 | A bash script ([`encode-all.sh`](encode-all.sh)) aimed to automate the
32 | execution of the program on multiple files is also provided.
33 | It executes `encode` on every `.csv` file in the current directory and prints the results in corresponding `.out` files.
34 |
35 | ## Checking the results
36 |
37 | A script aimed to check the produced encodings is provided. This
38 | script assumes that `encode-all.sh` has already been run, and so every
39 | .csv file has a corresponding .csv.out file associated to it.
40 |
41 | * `check-against.sh` assumes that every `.csv` file contains not only the required input data (in the order explained above) but also the expected encoding result. The script simply compares every `.csv` file with its corresponding `.csv.out` file. The standard output is used to report discrepancies.
42 |
--------------------------------------------------------------------------------
/PVS/vc_nb_19/global_decode_post_PVS.pvs:
--------------------------------------------------------------------------------
1 | global_decode_post: THEORY
2 | BEGIN
3 | % --------------------------------------------------
4 | % Post-condition (file cpr_int.c, line 191) in 'global_decode'
5 | % --------------------------------------------------
6 |
7 | % --- Importings requested by the user ---
8 | IMPORTING interface
9 |
10 | % --- Qed-related importings and axioms ---
11 | IMPORTING framac_wp@creal
12 | IMPORTING framac_wp@cint
13 |
14 | IMPORTING A_global_decoding
15 |
16 | % --- Verification condition ---
17 |
18 | goal: LEMMA
19 | LET x = min(131072, 524288) IN
20 | FORALL (i_6, i_5, i_4, i_3, i_2, i_1, i:int):
21 | LET x_1 = L_global_zone(i_1, i_3, i_2, IF (0 = i_5) THEN 0 ELSE 1 ENDIF) IN
22 | LET x_2 = to_uint32(i_1 - i_5) IN
23 | LET x_3 = to_uint32(4 * i) IN
24 | LET x_4 = to_uint32((to_uint32(4 * i_4)) + (to_uint32(524288 * x_1))) IN
25 | ((0 < i_1) IMPLIES
26 | ((0 <= i_5) IMPLIES
27 | ((i_2 < x) IMPLIES
28 | ((i_3 < x) IMPLIES
29 | ((i_5 <= 1) IMPLIES
30 | ((i_1 <= 63) IMPLIES
31 | ((is_uint32(i)) IMPLIES
32 | ((is_uint32(i_1)) IMPLIES
33 | ((is_uint32(i_2)) IMPLIES
34 | ((is_uint32(i_3)) IMPLIES
35 | ((is_uint32(i_4)) IMPLIES
36 | ((is_uint32(i_5)) IMPLIES
37 | ((is_uint32(i_6)) IMPLIES
38 | ((is_uint32(x_1)) IMPLIES
39 | ((IF (0 = i_5) THEN (i_3 = i_4) ELSE (i_2 = i_4) ENDIF) IMPLIES
40 | ((IF (0 < x_2) THEN (i = x_2) ELSE (1 = i) ENDIF) IMPLIES
41 | ((IF (1 = x_3) THEN (i_6 = (to_uint32(8192 * x_4)))
42 | ELSE (i_6
43 | = (to_uint32((to_uint32(8192 * (to_uint32(div(x_4, x_3)))))
44 | + (to_uint32(div(to_uint32(1
45 | + (to_uint32(div(to_uint32(16384
46 | * (to_uint32(
47 | mod(x_4, x_3)))),
48 | x_3)))), 2)))))) ENDIF) IMPLIES
49 | (i_6 = (L_global_decode(i_1, i_3, i_2, i_5))))))))))))))))))));
50 |
51 | %|- * : PROOF
52 | %|- (prove-vc)
53 | %|- QED
54 |
55 | END global_decode_post
56 |
--------------------------------------------------------------------------------
/C/floating-point/yz-alt.c:
--------------------------------------------------------------------------------
1 | /*
2 | * yz-alt.c
3 | *
4 | * Contact: Cesar Munoz
5 | * Organization: NASA/Langley Research Center
6 | *
7 | * This software may be used, reproduced, and provided to others only as
8 | * permitted under the terms of the agreement under which it was acquired from
9 | * the U.S. Government. Neither title to, nor ownership of, the software is
10 | * hereby transferred. This notice shall remain on all copies of the software.
11 | *
12 | * Copyright 2019 United States Government as represented by the Administrator
13 | * of the National Aeronautics and Space Administration. All Rights Reserved.
14 | *
15 | */
16 | #include
17 | #include
18 | #include
19 | #include
20 |
21 | typedef double fp;
22 |
23 | /*@
24 | axiomatic real_function {
25 | logic real yzr(int i, int awb_lat) =
26 | \let xr = 60.0 - i;
27 | \let tmp1r = ((awb_lat * xr) + 0x1.0p+14) * 0x1.0p-15;
28 | \let tmp2r = (awb_lat * xr + 0x1.0p+14) * 0x1.0p-32;
29 | \let tmp3r = 0x1.0p+17 * \floor(tmp2r);
30 | \floor(tmp1r) - tmp3r;
31 | }
32 | @*/
33 |
34 | /*@
35 | requires 0 <= i <= 1;
36 | requires awb_lat >= 0 && awb_lat <= 1073741824;
37 | requires \floor(i) == i;
38 | requires \floor(awb_lat) == awb_lat;
39 | ensures \result == yzr(i, awb_lat) ;
40 | @*/
41 | fp yzf (int i, unsigned int awb_lat) {
42 | fp xf = 60.0 - i;
43 | /*@ assert xf:
44 | xf == (60.0 - i);
45 | @*/
46 | fp tmp1f = ((awb_lat * xf) + 0x1.0p+14) * 0x1.0p-15;
47 | /*@ assert tmp1f:
48 | \let xr = (60.0 - i);
49 | tmp1f == ((awb_lat * xr) + 0x1.0p+14) * 0x1.0p-15;
50 | @*/
51 | fp tmp2f = (awb_lat * xf + 0x1.0p+14) * 0x1.0p-32;
52 | /*@ assert tmp2f:
53 | \let xr = (60.0 - i);
54 | tmp2f == (awb_lat * xr + 0x1.0p+14) * 0x1.0p-32;
55 | @*/
56 | fp tmp3f = 0x1.0p+17 * floor(tmp2f);
57 | /*@ assert tmp3f:
58 | \let xr = (60.0 - i);
59 | \let tmp2r = (awb_lat * xr + 0x1.0p+14) * 0x1.0p-32;
60 | tmp3f == 0x1.0p+17 * \floor(tmp2r);
61 | @*/
62 | /*@ assert tmp3f_is_int:
63 | tmp3f == \floor(tmp3f);
64 | @*/
65 | return floor(tmp1f) - tmp3f;
66 | }
67 |
68 | int main () { return 0; }
69 |
--------------------------------------------------------------------------------
/C/fixed-point/coarse/benchmarks/encoding/README.md:
--------------------------------------------------------------------------------
1 | #Example of use of the encode functionality of CPR.
2 |
3 | The program in `encode.c` reads the information needed to encode a CPR message and prints the encoding.
4 | It is expected for the information to be provided in a CSV file in
5 | which every line starts with the following fields:
6 |
7 | 1) message format [i] (int), (0 for even encoding, 1 for odd encoding)
8 | 2) current latitude as AWB (unsigned int),
9 | 3) current longitude as AWB (unsigned int).
10 |
11 | The program expects as argument the name of the input CSV file.
12 | It prints on the standard output the following data:
13 |
14 | 1) message format [i] (int),
15 | 2) current latitude as AWB (unsigned int),
16 | 3) current longitude as AWB (unsigned int),
17 | 4) message latitude [YZ] (unsigned int),
18 | 5) message longitude [XZ] (unsigned int).
19 |
20 | All the integer values (AWB and encodings) are expected and output in hexadecimal with no prefixes (ie, "FF02" instead of "0xFF02", for example).
21 |
22 | ## Building
23 |
24 | For convenience, a `Makefile` is provided to build the program.
25 | ```shell
26 | $ make
27 | gcc -o encode encode.c -L../.. -lcoarse
28 | ```
29 |
30 | This program uses the coarse library (`libcoarse.a`).
31 | To build the library, the user may invoke `make` in the [`coarse`](`../../`) directory (see [`coarse/README.md`](`../../README.md`) for details).
32 |
33 | A bash script ([`encode-all.sh`](encode-all.sh)) aimed to automate the
34 | execution of the program on multiple files is also provided.
35 | It executes `encode` on every `.csv` file in the current directory and prints the results in corresponding `.out` files.
36 |
37 | ## Checking the results
38 |
39 | A script aimed to check the produced encodings is provided. This
40 | script assumes that `encode-all.sh` has already been run, and so every
41 | .csv file has a corresponding .csv.out file associated to it.
42 |
43 | * `check-against.sh` assumes that every `.csv` file contains not only the required input data (in the order explained above) but also the expected encoding result. The script simply compares every `.csv` file with its corresponding `.csv.out` file. The standard output is used to report discrepancies.
44 |
--------------------------------------------------------------------------------