source: src/ASM/Test.ma @ 2171

(**************************************************************************)
(*       ___                                                              *)
(*      ||M||                                                             *)
(*      ||A||       A project by Andrea Asperti                           *)
(*      ||T||                                                             *)
(*      ||I||       Developers:                                           *)
(*      ||T||         The HELM team.                                      *)
(*      ||A||         http://helm.cs.unibo.it                             *)
(*      \   /                                                             *)
(*       \ /        This file is distributed under the terms of the       *)
(*        v         GNU General Public License Version 2                  *)
(*                                                                        *)
(**************************************************************************)

include "ASM/Assembly.ma".
include "ASM/Interpret.ma".
include "ASM/StatusProofs.ma".
include alias "arithmetics/nat.ma".
include "ASM/AssemblyProof.ma".

lemma set_program_counter_status_of_pseudo_status:
  ∀M.
  ∀cm.
  ∀ps.
  ∀sigma.
  ∀policy.
  ∀new_ppc.
    set_program_counter (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program cm sigma policy)
      (status_of_pseudo_status M cm ps sigma policy)
      (sigma new_ppc) =
    status_of_pseudo_status M cm (set_program_counter … cm ps new_ppc) sigma policy.
  //
qed.

lemma set_p1_latch_status_of_pseudo_status:
  ∀M.
  ∀code_memory.
  ∀sigma.
  ∀policy.
  ∀s.
  ∀v.
    set_p1_latch (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
      (status_of_pseudo_status M code_memory s sigma policy) v =
    status_of_pseudo_status M code_memory
      (set_p1_latch pseudo_assembly_program code_memory s v) sigma policy.
  //
qed.

lemma set_p3_latch_status_of_pseudo_status:
  ∀M.
  ∀code_memory.
  ∀sigma.
  ∀policy.
  ∀s.
  ∀v.
    set_p3_latch (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
      (status_of_pseudo_status M code_memory s sigma policy) v =
    status_of_pseudo_status M code_memory
      (set_p3_latch pseudo_assembly_program code_memory s v) sigma policy.
  //
qed.

definition map_acc_a_using_internal_pseudo_address_map:
    ∀M: internal_pseudo_address_map. (Word → Word) → Byte → Byte ≝
  λM, sigma, v.
  match \snd M with
  [ data ⇒ v
  | address upper_lower word ⇒
    let mapped ≝ sigma word in
    let 〈high, low〉 ≝ vsplit bool 8 8 mapped in
      if eq_upper_lower upper_lower upper then
        high
      else
        low
  ].

(*CSC: Taken from AssemblyProofSplit.ma; there named map_lower_internal... *)
definition map_internal_ram_address_using_pseudo_address_map:
  ∀M: internal_pseudo_address_map. (Word → Word) → Byte → Byte → Byte ≝
  λM: internal_pseudo_address_map.
  λsigma: Word → Word.
  λaddress: Byte.
  λvalue: Byte.
  match assoc_list_lookup ?? address (eq_bv …) (\fst M) with
  [ None ⇒ value
  | Some upper_lower_word ⇒
    let 〈upper_lower, word〉 ≝ upper_lower_word in
    let 〈high, low〉 ≝ vsplit bool 8 8 (sigma word) in
      if eq_upper_lower upper_lower upper then
        high
      else
        low
  ].

definition map_address_using_internal_pseudo_address_map:
    ∀M: internal_pseudo_address_map. (Word → Word) → SFR8051 → Byte → Byte ≝
  λM, sigma, sfr, v.
  match sfr with
  [ SFR_ACC_A ⇒ map_acc_a_using_internal_pseudo_address_map M sigma v
  | _         ⇒ v
  ].

lemma set_index_set_index_overwrite:
  ∀A: Type[0].
  ∀n: nat.
  ∀v: Vector A n.
  ∀index: nat.
  ∀e, e': A.
  ∀proof.
  ∀proof'.
    set_index A n v index e proof =
      set_index A n (set_index A n v index e' proof') index e proof.
  #A #n #v elim v normalize
  [1:
    #index #e #e' #absurd cases (lt_to_not_zero … absurd)
  |2:
    #n' #hd #tl #inductive_hypothesis #index #e #e' cases index #proof #proof'
    normalize //
  ]
qed.

lemma set_index_set_index_commutation:
  ∀A: Type[0].
  ∀n: nat.
  ∀v: Vector A n.
  ∀m, o: nat.
  ∀m_lt_proof: m < n.
  ∀o_lt_proof: o < n.
  ∀e, f: A.
    m ≠ o →
      set_index A n (set_index A n v o f o_lt_proof) m e m_lt_proof =
        set_index A n (set_index A n v m e m_lt_proof) o f o_lt_proof.
  #A #n #v elim v
  [1:
    #m #o #m_lt_proof
    normalize in m_lt_proof; cases (lt_to_not_zero … m_lt_proof)
  |2:
    #n' #hd #tl #inductive_hypothesis
    #m #o
    cases m cases o
    [1:
      #m_lt_proof #o_lt_proof #e #f #absurd @⊥ cases absurd #relevant
      @relevant %
    |2,3:
      #o' normalize //
    |4:
      #m' #o' #m_lt_proof #o_lt_proof #e #f #o_neq_m_assm
      normalize @eq_f @inductive_hypothesis @nmk #relevant
      >relevant in o_neq_m_assm; #relevant @(absurd ?? relevant) %
    ]
  ]
qed.

(* XXX: move elsewhere *)
lemma get_index_v_set_index_miss:
  ∀a: Type[0].
  ∀n: nat.
  ∀v: Vector a n.
  ∀i, j: nat.
  ∀e: a.
  ∀i_proof: i < n.
  ∀j_proof: j < n.
    i ≠ j →
      get_index_v a n (set_index a n v i e i_proof) j j_proof =
        get_index_v a n v j j_proof.
  #a #n #v elim v
  [1:
    #i #j #e #i_proof
    cases (lt_to_not_zero … i_proof)
  |2:
    #n' #hd #tl #inductive_hypothesis #i #j
    cases i cases j
    [1:
      #e #i_proof #j_proof #neq_assm
      cases (absurd ? (refl … 0) neq_assm)
    |2,3:
      #i' #e #i_proof #j_proof #_ %
    |4:
      #i' #j' #e #i_proof #j_proof #neq_assm
      @inductive_hypothesis @nmk #eq_assm
      >eq_assm in neq_assm; #neq_assm
      cases (absurd ? (refl ??) neq_assm)
    ]
  ]
qed.

lemma set_index_status_of_pseudo_status:
  ∀M, code_memory, sigma, policy, s, sfr, v, v'.
    map_address_using_internal_pseudo_address_map M sigma sfr v = v' →
(set_index Byte 19
  (special_function_registers_8051 (BitVectorTrie Byte 16)
   (code_memory_of_pseudo_assembly_program code_memory sigma policy)
   (status_of_pseudo_status M code_memory s sigma policy))
  (sfr_8051_index sfr) v' (sfr8051_index_19 sfr)
  =sfr_8051_of_pseudo_sfr_8051 M
   (special_function_registers_8051 pseudo_assembly_program code_memory
    (set_8051_sfr pseudo_assembly_program code_memory s sfr v)) sigma).
  #M #code_memory #sigma #policy #s #sfr #v #v' #sfr_neq_acc_a_assm
  whd in match status_of_pseudo_status; normalize nodelta
  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
  inversion (\snd M) try (#upper_lower #address) #sndM_refl normalize nodelta
  [1:
    <sfr_neq_acc_a_assm cases sfr
    [18:
      whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
      whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
      >sndM_refl %
    ]
    %
  |2:
    @pair_elim #high #low #high_low_refl normalize nodelta
    inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
    <sfr_neq_acc_a_assm cases sfr
    [18,37:
      whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
      whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
      >sndM_refl normalize nodelta >high_low_refl normalize nodelta 
      >eq_upper_lower_refl normalize nodelta
      whd in match (set_8051_sfr ?????);
      [1:
        <set_index_set_index_overwrite in ⊢ (??%?);
        <set_index_set_index_overwrite in ⊢ (???%); %
      |2:
        <set_index_set_index_overwrite in ⊢ (??%?);
        <set_index_set_index_overwrite in ⊢ (???%); %
      ]
    ]
    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
    whd in match (set_8051_sfr ?????); @set_index_set_index_commutation normalize
    @nmk #absurd destruct(absurd)
  ]
qed.

lemma get_index_v_status_of_pseudo_status:
  ∀M, code_memory, sigma, policy, s, sfr.
    (get_index_v Byte 19
      (special_function_registers_8051 (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
      (status_of_pseudo_status M code_memory s sigma policy))
      (sfr_8051_index sfr) (sfr8051_index_19 sfr) =
    map_address_using_internal_pseudo_address_map M sigma sfr
      (get_index_v Byte 19
        (special_function_registers_8051 pseudo_assembly_program code_memory s)
        (sfr_8051_index sfr) (sfr8051_index_19 sfr))).
  #M #code_memory #sigma #policy #s #sfr
  whd in match status_of_pseudo_status; normalize nodelta
  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
  inversion (\snd M) try (#upper_lower #address) #sndM_refl normalize nodelta
 [1:
    cases sfr
    [18:
      whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
      whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
      >sndM_refl %
    ]
    %
  |2:
    @pair_elim #high #low #high_low_refl normalize nodelta
    inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
    cases sfr
    [18,37:
      whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
      whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
      >sndM_refl normalize nodelta >high_low_refl normalize nodelta 
      >eq_upper_lower_refl normalize nodelta
      whd in match (set_8051_sfr ?????); //
    ]
    @get_index_v_set_index_miss whd in ⊢ (?(??%%));
    @nmk #absurd destruct(absurd)
  ]
qed.

lemma set_8051_sfr_status_of_pseudo_status:
  ∀M, code_memory, sigma, policy, s, sfr, v,v'.
  map_address_using_internal_pseudo_address_map M sigma sfr v = v' →
(set_8051_sfr (BitVectorTrie Byte 16)
  (code_memory_of_pseudo_assembly_program code_memory sigma policy)
  (status_of_pseudo_status M code_memory s sigma policy) sfr v'
  =status_of_pseudo_status M code_memory
   (set_8051_sfr pseudo_assembly_program code_memory s sfr v) sigma policy).
  #M #code_memory #sigma #policy #s #sfr #v #v' #v_ok
  whd in ⊢ (??%%); @split_eq_status try % /2/
qed.

lemma get_8051_sfr_status_of_pseudo_status:
  ∀M, code_memory, sigma, policy, s, sfr.
  (get_8051_sfr (BitVectorTrie Byte 16)
    (code_memory_of_pseudo_assembly_program code_memory sigma policy)
    (status_of_pseudo_status M code_memory s sigma policy) sfr =
  map_address_using_internal_pseudo_address_map M sigma sfr
   (get_8051_sfr pseudo_assembly_program code_memory s sfr)).
  #M #code_memory #sigma #policy #s #sfr
  whd in match get_8051_sfr; normalize nodelta
  @get_index_v_status_of_pseudo_status
qed.

lemma get_8052_sfr_status_of_pseudo_status:
  ∀M, code_memory, sigma, policy, s, sfr.
  (get_8052_sfr (BitVectorTrie Byte 16)
    (code_memory_of_pseudo_assembly_program code_memory sigma policy)
    (status_of_pseudo_status M code_memory s sigma policy) sfr =
   (get_8052_sfr pseudo_assembly_program code_memory s sfr)).
  //
qed.

lemma set_8052_sfr_status_of_pseudo_status:
  ∀M, code_memory, sigma, policy, s, sfr, v.
(set_8052_sfr (BitVectorTrie Byte 16)
  (code_memory_of_pseudo_assembly_program code_memory sigma policy)
  (status_of_pseudo_status M code_memory s sigma policy) sfr v
  =status_of_pseudo_status M code_memory
   (set_8052_sfr pseudo_assembly_program code_memory s sfr v) sigma policy).
 //
qed.

definition sfr_of_Byte: Byte → option (SFR8051 + SFR8052) ≝
  λb: Byte.
    let address ≝ nat_of_bitvector … b in
      if (eqb address 128) then None ?
      else if (eqb address 144) then Some … (inl … SFR_P1)
      else if (eqb address 160) then None ?
      else if (eqb address 176) then Some … (inl … SFR_P3)
      else if (eqb address 153) then Some … (inl … SFR_SBUF)
      else if (eqb address 138) then Some … (inl … SFR_TL0)
      else if (eqb address 139) then Some … (inl … SFR_TL1)
      else if (eqb address 140) then Some … (inl … SFR_TH0)
      else if (eqb address 141) then Some … (inl … SFR_TH1)
      else if (eqb address 200) then Some … (inr … SFR_T2CON)
      else if (eqb address 202) then Some … (inr … SFR_RCAP2L)
      else if (eqb address 203) then Some … (inr … SFR_RCAP2H)
      else if (eqb address 204) then Some … (inr … SFR_TL2)
      else if (eqb address 205) then Some … (inr … SFR_TH2)
      else if (eqb address 135) then Some … (inl … SFR_PCON)
      else if (eqb address 136) then Some … (inl … SFR_TCON)
      else if (eqb address 137) then Some … (inl … SFR_TMOD)
      else if (eqb address 152) then Some … (inl … SFR_SCON)
      else if (eqb address 168) then Some … (inl … SFR_IE)
      else if (eqb address 184) then Some … (inl … SFR_IP)
      else if (eqb address 129) then Some … (inl … SFR_SP)
      else if (eqb address 130) then Some … (inl … SFR_DPL)
      else if (eqb address 131) then Some … (inl … SFR_DPH)
      else if (eqb address 208) then Some … (inl … SFR_PSW)
      else if (eqb address 224) then Some … (inl … SFR_ACC_A)
      else if (eqb address 240) then Some … (inl … SFR_ACC_B)
      else None ?.

definition set_bit_addressable_sfr:
    ∀M: Type[0]. ∀code_memory: M. ∀s: PreStatus M code_memory. Byte → Byte →
      PreStatus M code_memory ≝
  λM: Type[0].
  λcode_memory:M.
  λs: PreStatus M code_memory.
  λb: Byte.
  λv: Byte.
   match sfr_of_Byte b with
   [ None ⇒ match not_implemented in False with [ ]
   | Some sfr8051_8052 ⇒
      match sfr8051_8052 with
      [ inl sfr ⇒
         match sfr with
         [ SFR_P1 ⇒
           let status_1 ≝ set_8051_sfr ?? s SFR_P1 v in
           set_p1_latch ?? s v
         | SFR_P3 ⇒
           let status_1 ≝ set_8051_sfr ?? s SFR_P3 v in
           set_p3_latch ?? s v
         | _ ⇒ set_8051_sfr ?? s sfr v ]
      | inr sfr ⇒ set_8052_sfr ?? s sfr v ]].

definition map_address_Byte_using_internal_pseudo_address_map ≝
 λM,sigma,d,v.
  match sfr_of_Byte d with
  [ None ⇒ v
  | Some sfr8051_8052 ⇒
     match sfr8051_8052 with
     [ inl sfr ⇒
        map_address_using_internal_pseudo_address_map M sigma sfr v
     | inr _ ⇒ v ]].

lemma set_bit_addressable_sfr_status_of_pseudo_status':
      let M ≝ pseudo_assembly_program in ∀code_memory: M. ∀s: PreStatus M code_memory. ∀d: Byte. ∀v: Byte.
        Σp: PreStatus M code_memory. ∀M. ∀sigma. ∀policy. ∀v'.
  map_address_Byte_using_internal_pseudo_address_map M sigma d v = v' →
 (set_bit_addressable_sfr (BitVectorTrie Byte 16)
  (code_memory_of_pseudo_assembly_program code_memory sigma policy)
  (status_of_pseudo_status M code_memory s sigma policy) d v'
  =status_of_pseudo_status M code_memory
   (set_bit_addressable_sfr pseudo_assembly_program code_memory s d v) sigma policy).
  whd in match set_bit_addressable_sfr;
  whd in match map_address_Byte_using_internal_pseudo_address_map;
  normalize nodelta
  @(let M ≝ pseudo_assembly_program in
  λcode_memory:M.
  λs: PreStatus M code_memory.
  λb: Byte.
  λv: Byte.
   match sfr_of_Byte b with
   [ None ⇒ match not_implemented in False with [ ]
   | Some sfr8051_8052 ⇒
      match sfr8051_8052 with
      [ inl sfr ⇒
         match sfr with
         [ SFR_P1 ⇒
           let status_1 ≝ set_8051_sfr ?? s SFR_P1 v in
           set_p1_latch ?? s v
         | SFR_P3 ⇒
           let status_1 ≝ set_8051_sfr ?? s SFR_P3 v in
           set_p3_latch ?? s v
         | _ ⇒ set_8051_sfr ?? s sfr v ]
      | inr sfr ⇒ set_8052_sfr ?? s sfr v ]])
 normalize nodelta
 /2 by refl, set_8051_sfr_status_of_pseudo_status, set_8052_sfr_status_of_pseudo_status/
 whd in match map_address_using_internal_pseudo_address_map; normalize nodelta //
qed.

lemma set_bit_addressable_sfr_status_of_pseudo_status:
 ∀code_memory: pseudo_assembly_program. ∀s: PreStatus … code_memory. ∀d: Byte. ∀v: Byte.
  ∀M. ∀sigma. ∀policy. ∀v'.
  map_address_Byte_using_internal_pseudo_address_map M sigma d v = v' →
 (set_bit_addressable_sfr (BitVectorTrie Byte 16)
  (code_memory_of_pseudo_assembly_program code_memory sigma policy)
  (status_of_pseudo_status M code_memory s sigma policy) d v'
  =status_of_pseudo_status M code_memory
   (set_bit_addressable_sfr pseudo_assembly_program code_memory s d v) sigma policy).
 #code #s #d #v cases (set_bit_addressable_sfr_status_of_pseudo_status' code s d v) #_
 #H @H
qed.

lemma set_low_internal_ram_status_of_pseudo_status:
 ∀cm,sigma,policy,M,s,ram.
  set_low_internal_ram (BitVectorTrie Byte 16)
  (code_memory_of_pseudo_assembly_program cm sigma policy)
  (status_of_pseudo_status M cm s sigma policy)
  (low_internal_ram_of_pseudo_low_internal_ram M ram)
  = status_of_pseudo_status M cm
    (set_low_internal_ram pseudo_assembly_program cm s ram) sigma policy.
 //
qed.

(* Real axiom ATM *)
axiom insert_low_internal_ram_of_pseudo_low_internal_ram:
 ∀M,sigma,cm,s,addr,v,v'.
 map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v = v' →
  insert Byte 7 addr v'
  (low_internal_ram_of_pseudo_low_internal_ram M
   (low_internal_ram pseudo_assembly_program cm s))
  =low_internal_ram_of_pseudo_low_internal_ram M
   (insert Byte 7 addr v (low_internal_ram pseudo_assembly_program cm s)).
               
lemma insert_low_internal_ram_status_of_pseudo_status:
 ∀M,cm,sigma,policy,s,addr,v,v'.
 map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v = v' →
  insert Byte 7 addr v'
   (low_internal_ram (BitVectorTrie Byte 16)
    (code_memory_of_pseudo_assembly_program cm sigma policy)
    (status_of_pseudo_status M cm s sigma policy))
  = low_internal_ram_of_pseudo_low_internal_ram M
     (insert Byte 7 addr v
      (low_internal_ram pseudo_assembly_program cm s)).
 /2 by insert_low_internal_ram_of_pseudo_low_internal_ram/
qed.

(* Real axiom ATM *)
axiom insert_high_internal_ram_of_pseudo_high_internal_ram:
 ∀M,sigma,cm,s,addr,v,v'.
 map_internal_ram_address_using_pseudo_address_map M sigma (true:::addr) v = v' →
  insert Byte 7 addr v'
  (high_internal_ram_of_pseudo_high_internal_ram M
   (high_internal_ram pseudo_assembly_program cm s))
  =high_internal_ram_of_pseudo_high_internal_ram M
   (insert Byte 7 addr v (high_internal_ram pseudo_assembly_program cm s)).

lemma insert_high_internal_ram_status_of_pseudo_status:
 ∀M,cm,sigma,policy,s,addr,v,v'.
 map_internal_ram_address_using_pseudo_address_map M sigma (true:::addr) v = v' →
  insert Byte 7 addr v'
   (high_internal_ram (BitVectorTrie Byte 16)
    (code_memory_of_pseudo_assembly_program cm sigma policy)
    (status_of_pseudo_status M cm s sigma policy))
  = high_internal_ram_of_pseudo_high_internal_ram M
     (insert Byte 7 addr v
      (high_internal_ram pseudo_assembly_program cm s)).
 /2 by insert_high_internal_ram_of_pseudo_high_internal_ram/
qed.

lemma bit_address_of_register_status_of_pseudo_status:
 ∀M,cm,s,sigma,policy,r.
  bit_address_of_register …
  (code_memory_of_pseudo_assembly_program cm sigma policy)
  (status_of_pseudo_status M cm s sigma policy) r =
  bit_address_of_register … cm s r.
 #M #cm #s #sigma #policy #r whd in ⊢ (??%%);
 >get_8051_sfr_status_of_pseudo_status
 @pair_elim #un #ln #_
 @pair_elim #r1 #r0 #_ %
qed.

(*CSC: provable using the axiom in AssemblyProof, but this one seems more
  primitive *)
axiom lookup_low_internal_ram_of_pseudo_low_internal_ram:
 ∀M,sigma,cm,s,addr.
  lookup Byte 7 addr
  (low_internal_ram_of_pseudo_low_internal_ram M
   (low_internal_ram pseudo_assembly_program cm s)) (zero 8)
  =
  map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr)
  (lookup Byte 7 addr
   (low_internal_ram pseudo_assembly_program cm s) (zero 8)).

(*CSC: provable using the axiom in AssemblyProof, but this one seems more
  primitive *)
axiom lookup_high_internal_ram_of_pseudo_high_internal_ram:
 ∀M,sigma,cm,s,addr.
  lookup Byte 7 addr
  (high_internal_ram_of_pseudo_high_internal_ram M
   (high_internal_ram pseudo_assembly_program cm s)) (zero 8)
  =
  map_internal_ram_address_using_pseudo_address_map M sigma (true:::addr)
  (lookup Byte 7 addr
   (high_internal_ram pseudo_assembly_program cm s) (zero 8)).

lemma get_register_status_of_pseudo_status:
 ∀M,cm,sigma,policy,s,r.
  get_register …
   (code_memory_of_pseudo_assembly_program cm sigma policy)
   (status_of_pseudo_status M cm s sigma policy) r =
  map_internal_ram_address_using_pseudo_address_map M sigma (false:::bit_address_of_register pseudo_assembly_program cm s r)
   (get_register … cm s r).
 #M #cm #sigma #policy #s #r whd in match get_register; normalize nodelta
 whd in match status_of_pseudo_status; normalize nodelta
 >bit_address_of_register_status_of_pseudo_status
 @lookup_low_internal_ram_of_pseudo_low_internal_ram
qed.

lemma external_ram_status_of_pseudo_status:
 ∀M,cm,s,sigma,policy.
  external_ram …
   (code_memory_of_pseudo_assembly_program cm sigma policy)
   (status_of_pseudo_status M cm s sigma policy) =
  external_ram … cm s.
 //
qed.

lemma set_external_ram_status_of_pseudo_status:
  ∀M,cm,ps,sigma,policy,ram.
    set_external_ram …
      (code_memory_of_pseudo_assembly_program cm sigma policy)
      (status_of_pseudo_status M cm ps sigma policy)
      ram =
    status_of_pseudo_status M cm (set_external_ram … cm ps ram) sigma policy.
  //
qed.

lemma set_register_status_of_pseudo_status:
 ∀M,cm,s,sigma,policy,r,v,v'.
  map_internal_ram_address_using_pseudo_address_map M sigma
   (false:::bit_address_of_register pseudo_assembly_program cm s r) v =v' →
  set_register (BitVectorTrie Byte 16)
   (code_memory_of_pseudo_assembly_program cm sigma policy)
   (status_of_pseudo_status M cm s sigma policy) r v'
  = status_of_pseudo_status M cm (set_register pseudo_assembly_program cm s r v)
    sigma policy.
 #M #cm #s #sigma #policy #r #v #v' #v_ok
 whd in match set_register; normalize nodelta
 >bit_address_of_register_status_of_pseudo_status
 >(insert_low_internal_ram_status_of_pseudo_status … v_ok)
 @set_low_internal_ram_status_of_pseudo_status
qed.

definition map_address_mode_using_internal_pseudo_address_map_ok1 ≝
 λM:internal_pseudo_address_map.λcm.λs:PreStatus ? cm.λsigma. λaddr.
  match addr with
  [ INDIRECT i ⇒
     assoc_list_lookup ??
      (false:::bit_address_of_register pseudo_assembly_program cm s [[false; false; i]]) (eq_bv …) (\fst M) = None …
  | EXT_INDIRECT e ⇒
     assoc_list_lookup ??
      (false:::bit_address_of_register pseudo_assembly_program cm s [[false; false; e]]) (eq_bv …) (\fst M) = None …
  | ACC_DPTR ⇒
    (* XXX: \snd M = None plus in the very rare case when we are trying to dereference a null (O) pointer
            in the ACC_A *)
      map_acc_a_using_internal_pseudo_address_map M sigma (get_8051_sfr pseudo_assembly_program cm s SFR_ACC_A) =
        get_8051_sfr … cm s SFR_ACC_A
  | ACC_PC ⇒
      (* XXX: as above *)
      map_acc_a_using_internal_pseudo_address_map M sigma (get_8051_sfr pseudo_assembly_program cm s SFR_ACC_A) =
        get_8051_sfr … cm s SFR_ACC_A ∧ sigma (program_counter … s) = program_counter … s
  | _ ⇒ True ].

definition map_address_mode_using_internal_pseudo_address_map_ok2 ≝
 λT,M,sigma,cm.λs:PreStatus T cm.λaddr,v.
  match addr with
  [ DIRECT d ⇒
     let 〈 bit_one, seven_bits 〉 as vsplit_refl ≝ vsplit … 1 7 d in
     match head' … bit_one with
     [ true ⇒
      map_address_Byte_using_internal_pseudo_address_map M sigma (true:::seven_bits) v
     | false ⇒
      map_internal_ram_address_using_pseudo_address_map M sigma (false:::seven_bits) v ]
  | INDIRECT i ⇒
     let register ≝ get_register ?? s [[ false; false; i ]] in
     map_internal_ram_address_using_pseudo_address_map M sigma register v
  | REGISTER r ⇒
     map_internal_ram_address_using_pseudo_address_map M sigma
      (false:::bit_address_of_register … s r) v
  | ACC_A ⇒
     map_address_using_internal_pseudo_address_map M sigma SFR_ACC_A v
  | _ ⇒ v ].

definition set_arg_8: ∀M: Type[0]. ∀code_memory:M. ∀s:PreStatus M code_memory. ∀addr: [[ direct ; indirect ; registr ;
                                   acc_a ; acc_b ; ext_indirect ;
                                   ext_indirect_dptr ]]. Byte → PreStatus M code_memory ≝
  λm, cm, s, a, v.
    match a return λx. bool_to_Prop (is_in ? [[ direct ; indirect ; registr ;
                                                acc_a ; acc_b ; ext_indirect ;
                                                ext_indirect_dptr ]] x) →
                   PreStatus m cm
            with
      [ DIRECT d ⇒
        λdirect: True.
          let 〈 bit_one, seven_bits 〉 ≝ vsplit ? 1 7 d in
            match head' … bit_one with
              [ true ⇒ set_bit_addressable_sfr ?? s (true:::seven_bits) v
              | false ⇒
                let memory ≝ insert ? 7 seven_bits v (low_internal_ram ?? s) in
                  set_low_internal_ram ?? s memory
              ]
      | INDIRECT i ⇒
        λindirect: True.
          let register ≝ get_register ?? s [[ false; false; i ]] in
          let 〈bit_one, seven_bits〉 ≝ vsplit ? 1 7 register in
            match head' … bit_one with
              [ false ⇒
                let memory ≝ insert … seven_bits v (low_internal_ram ?? s) in
                  set_low_internal_ram ?? s memory
              | true ⇒ 
                let memory ≝ insert … seven_bits v (high_internal_ram ?? s) in
                  set_high_internal_ram ?? s memory
              ]
      | REGISTER r ⇒ λregister: True. set_register ?? s r v
      | ACC_A ⇒ λacc_a: True. set_8051_sfr ?? s SFR_ACC_A v
      | ACC_B ⇒ λacc_b: True. set_8051_sfr ?? s SFR_ACC_B v
      | EXT_INDIRECT e ⇒
        λext_indirect: True.
          let address ≝ get_register ?? s [[ false; false; e ]] in
          let padded_address ≝ pad 8 8 address in
          let memory ≝ insert ? 16 padded_address v (external_ram ?? s) in
            set_external_ram ?? s memory
      | EXT_INDIRECT_DPTR ⇒
        λext_indirect_dptr: True.
          let address ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
          let memory ≝ insert ? 16 address v (external_ram ?? s) in
            set_external_ram ?? s memory
      | _ ⇒ 
        λother: False.
          match other in False with [ ]
      ] (subaddressing_modein … a).

(*CSC: move elsewhere*)
lemma eq_head': ∀A,n,v. v = head' A n v ::: tail … v.
 #A #n #v inversion v in ⊢ ?;
 [ #abs @⊥ lapply (jmeq_to_eq ??? abs) /2/
 | #m #hd #tl #_ #EQ <(injective_S … EQ) in tl; #tl #EQ' >EQ' % ]
qed.

(*CSC: move elsewhere*)
lemma tail_singleton: ∀A,v. tail A 0 v = [[]].
 #A #v inversion v in ⊢ ?;
 [ #abs @⊥ lapply (jmeq_to_eq ??? abs) #H destruct(H)
 | #n #hd #tl #_ #EQ <(injective_S … EQ) in tl; #tl #EQ1 >EQ1 normalize
   /2 by jmeq_to_eq/
 ]
qed.

(*CSC: move elsewhere*)
lemma eq_cons_head_append:
 ∀A,n.∀hd: Vector A 1. ∀tl: Vector A n.
  head' A 0 hd:::tl = hd@@tl.
 #A #n #hd #tl >(eq_head' … hd) >tail_singleton %
qed.

lemma set_arg_8_status_of_pseudo_status:
  ∀cm.
  ∀ps.
  ∀addr:[[ direct ; indirect ; registr ; acc_a ; acc_b ; ext_indirect ; ext_indirect_dptr ]].
  ∀value. Σp: PreStatus ? cm. ∀M. ∀sigma. ∀policy. ∀value'.
   map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
   map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr value = value' →
    set_arg_8 (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program cm sigma policy)
      (status_of_pseudo_status M cm ps sigma policy)
      addr value' =
    status_of_pseudo_status M cm (set_arg_8 … cm ps addr value) sigma policy.
  whd in match set_arg_8; normalize nodelta
  @(let m ≝ pseudo_assembly_program in λcm, s. λa: [[ direct ; indirect ; registr ;
                                   acc_a ; acc_b ; ext_indirect ;
                                   ext_indirect_dptr ]]. λv.
    match a return λaddr. bool_to_Prop (is_in ? [[ direct ; indirect ; registr ;
                                                acc_a ; acc_b ; ext_indirect ;
                                                ext_indirect_dptr ]] addr) →
                   Σp.?
            with
      [ DIRECT d ⇒
        λdirect: True.
          deplet 〈 bit_one, seven_bits 〉 as vsplit_refl ≝ vsplit ? 1 7 d in
            match head' … bit_one with
              [ true ⇒ set_bit_addressable_sfr ?? s (true:::seven_bits) v
              | false ⇒
                let memory ≝ insert ? 7 seven_bits v (low_internal_ram ?? s) in
                  set_low_internal_ram ?? s memory
              ]
      | INDIRECT i ⇒
        λindirect: True.
          let register ≝ get_register ?? s [[ false; false; i ]] in
          let 〈bit_one, seven_bits〉 ≝ vsplit ? 1 7 register in
            match head' … bit_one with
              [ false ⇒
                let memory ≝ insert … seven_bits v (low_internal_ram ?? s) in
                  set_low_internal_ram ?? s memory
              | true ⇒ 
                let memory ≝ insert … seven_bits v (high_internal_ram ?? s) in
                  set_high_internal_ram ?? s memory
              ]
      | REGISTER r ⇒ λregister: True. set_register ?? s r v
      | ACC_A ⇒ λacc_a: True. set_8051_sfr ?? s SFR_ACC_A v
      | ACC_B ⇒ λacc_b: True. set_8051_sfr ?? s SFR_ACC_B v
      | EXT_INDIRECT e ⇒
        λext_indirect: True.
          let address ≝ get_register ?? s [[ false; false; e ]] in
          let padded_address ≝ pad 8 8 address in
          let memory ≝ insert ? 16 padded_address v (external_ram ?? s) in
            set_external_ram ?? s memory
      | EXT_INDIRECT_DPTR ⇒
        λext_indirect_dptr: True.
          let address ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
          let memory ≝ insert ? 16 address v (external_ram ?? s) in
            set_external_ram ?? s memory
      | _ ⇒ 
        λother: False.
          match other in False with [ ]
      ] (subaddressing_modein … a)) normalize nodelta
  #M #sigma #policy #v'
  whd in match map_address_mode_using_internal_pseudo_address_map_ok1; normalize nodelta
  whd in match map_address_mode_using_internal_pseudo_address_map_ok2; normalize nodelta
  [1,2:
    <vsplit_refl normalize nodelta >p normalize nodelta
    [ >(vsplit_ok … vsplit_refl) #_ @set_bit_addressable_sfr_status_of_pseudo_status
    | #_ #v_ok >(insert_low_internal_ram_status_of_pseudo_status … v) // ]
  |3,4: #EQ1 #EQ2 change with (get_register ????) in match register in p;
      >get_register_status_of_pseudo_status
      whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
      >EQ1 normalize nodelta >p normalize nodelta >p1 normalize nodelta
      [ >(insert_high_internal_ram_status_of_pseudo_status … v)
      | >(insert_low_internal_ram_status_of_pseudo_status … v) ]
      // <EQ2 @eq_f2 try % <(vsplit_ok … (sym_eq … p)) <eq_cons_head_append >p1 %
  |5: #EQ1 #EQ2 <EQ2 >get_register_status_of_pseudo_status
      whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
      >EQ1 normalize nodelta
      >external_ram_status_of_pseudo_status @set_external_ram_status_of_pseudo_status
  |6: #EQ1 #EQ2 <EQ2 /2 by set_register_status_of_pseudo_status/
  |7: #EQ1 #EQ2 <EQ2 /2 by set_8051_sfr_status_of_pseudo_status/
  |8: #_ #EQ <EQ @set_8051_sfr_status_of_pseudo_status %
  |9: #_ #EQ <EQ >get_8051_sfr_status_of_pseudo_status >get_8051_sfr_status_of_pseudo_status
      >external_ram_status_of_pseudo_status @set_external_ram_status_of_pseudo_status ]
qed.

definition get_bit_addressable_sfr:
    ∀M: Type[0]. ∀code_memory: M. ∀s: PreStatus M code_memory. Byte → bool → Byte ≝
  λM: Type[0].
  λcode_memory:M.
  λs: PreStatus M code_memory.
  λb: Byte.
  λl: bool.
  match sfr_of_Byte b with
  [ None ⇒ match not_implemented in False with [ ]
  | Some sfr8051_8052 ⇒
    match sfr8051_8052 with
    [ inl sfr ⇒
      match sfr with
      [ SFR_P1 ⇒
        if l then
          p1_latch … s
        else
          get_8051_sfr … s SFR_P1
      | SFR_P3 ⇒
        if l then
          p3_latch … s
        else
          get_8051_sfr … s SFR_P3
      | _ ⇒ get_8051_sfr … s sfr
      ]
    | inr sfr ⇒ get_8052_sfr M code_memory s sfr
    ]
  ].

definition get_arg_8: ∀M: Type[0]. ∀code_memory:M. PreStatus M code_memory → bool → [[ direct ; indirect ; registr ;
                                          acc_a ; acc_b ; data ; acc_dptr ;
                                          acc_pc ; ext_indirect ;
                                          ext_indirect_dptr ]] → Byte ≝
  λm, cm, s, l, a.
    match a return λx. bool_to_Prop (is_in ? [[ direct ; indirect ; registr ;
                                                acc_a ; acc_b ; data ; acc_dptr ;
                                                acc_pc ; ext_indirect ;
                                                ext_indirect_dptr ]] x) → ? with
      [ ACC_A ⇒ λacc_a: True. get_8051_sfr ?? s SFR_ACC_A
      | ACC_B ⇒ λacc_b: True. get_8051_sfr ?? s SFR_ACC_B
      | DATA d ⇒ λdata: True. d
      | REGISTER r ⇒ λregister: True. get_register ?? s r
      | EXT_INDIRECT_DPTR ⇒
        λext_indirect_dptr: True.
          let address ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
            lookup ? 16 address (external_ram ?? s) (zero 8)
      | EXT_INDIRECT e ⇒
        λext_indirect: True.
          let address ≝ get_register ?? s [[ false; false; e ]]  in
          let padded_address ≝ pad 8 8 address in
            lookup ? 16 padded_address (external_ram ?? s) (zero 8)
      | ACC_DPTR ⇒
        λacc_dptr: True.
          let dptr ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
          let padded_acc ≝ pad 8 8 (get_8051_sfr ?? s SFR_ACC_A) in
          let 〈carry, address〉 ≝ half_add 16 dptr padded_acc in
            lookup ? 16 address (external_ram ?? s) (zero 8)
      | ACC_PC ⇒
        λacc_pc: True.
          let padded_acc ≝ pad 8 8 (get_8051_sfr ?? s SFR_ACC_A) in
          let 〈 carry, address 〉 ≝ half_add 16 (program_counter ?? s) padded_acc in
            lookup ? 16 address (external_ram ?? s) (zero 8)
      | DIRECT d ⇒
        λdirect: True.
          let 〈hd, seven_bits〉 ≝ vsplit bool 1 7 d in
            match head' … hd with
            [ true ⇒ get_bit_addressable_sfr m cm s (true:::seven_bits) l
            | false ⇒ lookup ? 7 seven_bits (low_internal_ram … s) (zero …)
            ]
      | INDIRECT i ⇒
        λindirect: True.
          let 〈hd, seven_bits〉 ≝ vsplit bool 1 7 (get_register … s [[false;false;i]]) in
            match head' … hd with
            [ true ⇒ lookup ? 7 seven_bits (high_internal_ram … s) (zero …)
            | false ⇒ lookup ? 7 seven_bits (low_internal_ram … s) (zero …)
            ]
      | _ ⇒ λother.
        match other in False with [ ]
      ] (subaddressing_modein … a).

lemma p1_latch_status_of_pseudo_status:
    ∀M.
    ∀code_memory: pseudo_assembly_program.
    ∀s: PreStatus … code_memory.
    ∀sigma.
    ∀policy.
    (p1_latch (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
      (status_of_pseudo_status M code_memory s sigma policy) =
    (p1_latch pseudo_assembly_program code_memory s)).
  //
qed.

lemma p3_latch_status_of_pseudo_status:
    ∀M.
    ∀code_memory: pseudo_assembly_program.
    ∀s: PreStatus … code_memory.
    ∀sigma.
    ∀policy.
    (p3_latch (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
      (status_of_pseudo_status M code_memory s sigma policy) =
    (p3_latch pseudo_assembly_program code_memory s)).
  //
qed.

lemma get_bit_addressable_sfr_status_of_pseudo_status':
  let M ≝ pseudo_assembly_program in
    ∀code_memory: M.
    ∀s: PreStatus M code_memory.
    ∀d: Byte.
    ∀l: bool.
      Σp: Byte. ∀M. ∀sigma. ∀policy.
        (get_bit_addressable_sfr (BitVectorTrie Byte 16)
          (code_memory_of_pseudo_assembly_program code_memory sigma policy)
          (status_of_pseudo_status M code_memory s sigma policy) d l =
        map_address_Byte_using_internal_pseudo_address_map M sigma
         d (get_bit_addressable_sfr pseudo_assembly_program code_memory s d l)).
  whd in match get_bit_addressable_sfr;
  whd in match map_address_Byte_using_internal_pseudo_address_map;
  normalize nodelta
  @(let M ≝ pseudo_assembly_program in
    λcode_memory:M.
    λs: PreStatus M code_memory.
    λb: Byte.
    λl: bool.
    match sfr_of_Byte b with
    [ None ⇒ match not_implemented in False with [ ]
    | Some sfr8051_8052 ⇒
    match sfr8051_8052 with
    [ inl sfr ⇒
      match sfr with
      [ SFR_P1 ⇒
        if l then
          p1_latch … s
        else
          get_8051_sfr … s SFR_P1
      | SFR_P3 ⇒
        if l then
          p3_latch … s
        else
          get_8051_sfr … s SFR_P3
      | _ ⇒ get_8051_sfr … s sfr
      ]
    | inr sfr ⇒ get_8052_sfr M code_memory s sfr
    ]
    ])
  #M #sigma #policy normalize nodelta
  /by get_8051_sfr_status_of_pseudo_status, p1_latch_status_of_pseudo_status, p3_latch_status_of_pseudo_status/
qed.

lemma get_bit_addressable_sfr_status_of_pseudo_status:
  let M ≝ pseudo_assembly_program in
    ∀code_memory: M.
    ∀s: PreStatus M code_memory.
    ∀d: Byte.
    ∀l: bool.
    ∀M. ∀sigma. ∀policy.
        (get_bit_addressable_sfr (BitVectorTrie Byte 16)
          (code_memory_of_pseudo_assembly_program code_memory sigma policy)
          (status_of_pseudo_status M code_memory s sigma policy) d l =
        map_address_Byte_using_internal_pseudo_address_map M sigma
         d (get_bit_addressable_sfr pseudo_assembly_program code_memory s d l)).
 #code #s #d #v cases (get_bit_addressable_sfr_status_of_pseudo_status' code s d v) #_
 #H @H
qed.

lemma program_counter_status_of_pseudo_status:
    ∀code_memory: pseudo_assembly_program.
    ∀s: PreStatus ? code_memory.
    ∀M. ∀sigma. ∀policy.
      program_counter … (code_memory_of_pseudo_assembly_program code_memory sigma policy)
          (status_of_pseudo_status M code_memory s sigma policy) =
        sigma (program_counter … s).
  //
qed.

lemma get_cy_flag_status_of_pseudo_status:
  ∀M, cm, sigma, policy, s.
  (get_cy_flag (BitVectorTrie Byte 16)
    (code_memory_of_pseudo_assembly_program cm sigma policy)
    (status_of_pseudo_status M cm s sigma policy) =
  get_cy_flag pseudo_assembly_program cm s).
  #M #cm #sigma #policy #s
  whd in match get_cy_flag; normalize nodelta
  >get_index_v_status_of_pseudo_status %
qed.

lemma get_arg_8_status_of_pseudo_status:
  ∀cm.
  ∀ps.
  ∀l.
  ∀addr:[[ direct ; indirect ; registr ; acc_a ; acc_b ; data ; acc_dptr ; acc_pc ; ext_indirect ; ext_indirect_dptr ]].
    Σp: Byte. ∀M. ∀sigma. ∀policy.
      map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
      get_arg_8 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
      (status_of_pseudo_status M cm ps sigma policy) l addr =
      map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr (get_arg_8 … cm ps l addr).
  whd in match get_arg_8; normalize nodelta
  @(let m ≝ pseudo_assembly_program in
    λcm: m. λs: PreStatus m cm. λl: bool. λa: [[direct; indirect; registr; acc_a; acc_b; data; acc_dptr; acc_pc; ext_indirect; ext_indirect_dptr]].
    match a return λx. bool_to_Prop (is_in ? [[ direct; indirect; registr; acc_a; acc_b; data; acc_dptr; acc_pc; ext_indirect; ext_indirect_dptr ]] x) → Σp. ? with
      [ ACC_A ⇒ λacc_a: True. get_8051_sfr ?? s SFR_ACC_A
      | ACC_B ⇒ λacc_b: True. get_8051_sfr ?? s SFR_ACC_B
      | DATA d ⇒ λdata: True. d
      | REGISTER r ⇒ λregister: True. get_register ?? s r
      | EXT_INDIRECT_DPTR ⇒
        λext_indirect_dptr: True.
          let address ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
            lookup ? 16 address (external_ram ?? s) (zero 8)
      | EXT_INDIRECT e ⇒
        λext_indirect: True.
          let address ≝ get_register ?? s [[ false; false; e ]]  in
          let padded_address ≝ pad 8 8 address in
            lookup ? 16 padded_address (external_ram ?? s) (zero 8)
      | ACC_DPTR ⇒
        λacc_dptr: True.
          let dptr ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
          let padded_acc ≝ pad 8 8 (get_8051_sfr ?? s SFR_ACC_A) in
          let 〈carry, address〉 ≝ half_add 16 dptr padded_acc in
            lookup ? 16 address (external_ram ?? s) (zero 8)
      | ACC_PC ⇒
        λacc_pc: True.
          let padded_acc ≝ pad 8 8 (get_8051_sfr ?? s SFR_ACC_A) in
          let 〈 carry, address 〉 ≝ half_add 16 (program_counter ?? s) padded_acc in
            lookup ? 16 address (external_ram ?? s) (zero 8)
      | DIRECT d ⇒
        λdirect: True.
          let 〈hd, seven_bits〉 ≝ vsplit bool 1 7 d in
            match head' … hd with
            [ true ⇒ get_bit_addressable_sfr m cm s (true:::seven_bits) l
            | false ⇒ lookup ? 7 seven_bits (low_internal_ram … s) (zero …)
            ]
      | INDIRECT i ⇒
        λindirect: True.
          let 〈hd, seven_bits〉 ≝ vsplit bool 1 7 (get_register … s [[false;false;i]]) in
            match head' … hd with
            [ true ⇒ lookup ? 7 seven_bits (high_internal_ram … s) (zero …)
            | false ⇒ lookup ? 7 seven_bits (low_internal_ram … s) (zero …)
            ]
      | _ ⇒ λother: False.
        match other in False with [ ]
      ] (subaddressing_modein … a)) normalize nodelta
  #M #sigma #policy
  whd in match map_address_mode_using_internal_pseudo_address_map_ok1; normalize nodelta
  whd in match map_address_mode_using_internal_pseudo_address_map_ok2; normalize nodelta
  [1:
    #_ >p normalize nodelta >p1 normalize nodelta
    @get_bit_addressable_sfr_status_of_pseudo_status
  |2:
    #_>p normalize nodelta >p1 normalize nodelta
    @lookup_low_internal_ram_of_pseudo_low_internal_ram
  |3,4:
    #assoc_list_assm >get_register_status_of_pseudo_status
    whd in match map_internal_ram_address_using_pseudo_address_map in ⊢ (??%?); normalize nodelta
    >assoc_list_assm normalize nodelta >p normalize nodelta >p1 normalize nodelta
    [1:
      >(lookup_high_internal_ram_of_pseudo_high_internal_ram … sigma)
    |2:
      >(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma)
    ]
    @eq_f2 try % <(vsplit_ok … (sym_eq … p)) <eq_cons_head_append >p1 %
  |5:
    #assoc_list_assm >get_register_status_of_pseudo_status
    whd in match map_internal_ram_address_using_pseudo_address_map in ⊢ (??%?); normalize nodelta
    >assoc_list_assm normalize nodelta %
  |6,7,8,9:
    #_ /2/
  |10:
    #acc_a_assm >get_8051_sfr_status_of_pseudo_status >get_8051_sfr_status_of_pseudo_status
    >get_8051_sfr_status_of_pseudo_status
    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
    >acc_a_assm >p normalize nodelta //
  |11:
    * #map_acc_a_assm #sigma_assm >get_8051_sfr_status_of_pseudo_status >program_counter_status_of_pseudo_status
    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
    >sigma_assm >map_acc_a_assm >p normalize nodelta //
  |12:
    #_ >get_8051_sfr_status_of_pseudo_status >get_8051_sfr_status_of_pseudo_status
    >external_ram_status_of_pseudo_status //
  ]
qed.

lemma get_arg_16_status_of_pseudo_status:
  ∀cm.
  ∀ps.
  ∀addr: [[data16]].
  ∀M. ∀sigma. ∀policy.
      get_arg_16 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
      (status_of_pseudo_status M cm ps sigma policy) addr =
      (get_arg_16 … cm ps addr).
  //
qed.

lemma set_arg_16_status_of_pseudo_status:
  ∀cm.
  ∀ps.
  ∀addr: [[dptr]].
  ∀v: Word.
  ∀M. ∀sigma. ∀policy.
      set_arg_16 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
      (status_of_pseudo_status M cm ps sigma policy) v addr =
      status_of_pseudo_status M cm (set_arg_16 ? cm ps v addr) sigma policy.
  #cm #ps #addr #v #M #sigma #policy
  @(subaddressing_mode_elim … addr)
  whd in match set_arg_16; normalize nodelta
  whd in match set_arg_16'; normalize nodelta
  @(vsplit_elim bool ???) #bu #bl #bu_bl_refl normalize nodelta
  >(set_8051_sfr_status_of_pseudo_status … bu)
  [1: >(set_8051_sfr_status_of_pseudo_status … bl) ]
  //
qed.

definition get_arg_1: ∀M: Type[0]. ∀code_memory:M. PreStatus M code_memory → [[ bit_addr ; n_bit_addr ; carry ]] →
                       bool → bool ≝
  λm, cm, s, a, l.
    match a return λx. bool_to_Prop (is_in ? [[ bit_addr ;
                                                 n_bit_addr ;
                                                 carry ]] x) → ? with
      [ BIT_ADDR b ⇒
        λbit_addr: True.
        let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 b in
        match head' … bit_1 with
        [ true ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let d ≝ address ÷ 8 in
          let m ≝ address mod 8 in
          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
          let sfr ≝ get_bit_addressable_sfr ?? s trans l in
            get_index_v … sfr m ?
        | false ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
          let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
            get_index_v … t (modulus address 8) ? 
        ]
      | N_BIT_ADDR n ⇒
        λn_bit_addr: True.
        let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 n in
        match head' … bit_1 with
        [ true ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let d ≝ address ÷ 8 in
          let m ≝ address mod 8 in
          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
          let sfr ≝ get_bit_addressable_sfr ?? s trans l in
            ¬(get_index_v … sfr m ?)
        | false ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
          let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
            ¬(get_index_v … t (modulus address 8) ?)
        ]
      | CARRY ⇒ λcarry: True. get_cy_flag ?? s
      | _ ⇒ λother.
        match other in False with [ ]
      ] (subaddressing_modein … a).
      @modulus_less_than
qed.

definition map_bit_address_mode_using_internal_pseudo_address_map_get ≝
 λM:internal_pseudo_address_map.λcm: pseudo_assembly_program.λs:PreStatus ? cm.λsigma: Word → Word. λaddr. λl.
  match addr with
  [ BIT_ADDR b ⇒
    let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 b in
    match head' … bit_1 with
    [ true ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let d ≝ address ÷ 8 in
      let m ≝ address mod 8 in
      let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
        map_address_Byte_using_internal_pseudo_address_map M sigma trans (get_bit_addressable_sfr pseudo_assembly_program cm s trans l) = get_bit_addressable_sfr … cm s trans l
    | false ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
      let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
        map_internal_ram_address_using_pseudo_address_map M sigma
          (false:::address') t = t
    ]
  | N_BIT_ADDR b ⇒
    let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 b in
    match head' … bit_1 with
    [ true ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let d ≝ address ÷ 8 in
      let m ≝ address mod 8 in
      let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
        map_address_Byte_using_internal_pseudo_address_map M sigma trans (get_bit_addressable_sfr pseudo_assembly_program cm s trans l) = get_bit_addressable_sfr … cm s trans l
    | false ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
      let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
        map_internal_ram_address_using_pseudo_address_map M sigma
          (false:::address') t = t
    ]
  | _ ⇒ True ].

lemma get_arg_1_status_of_pseudo_status':
  ∀cm.
  ∀ps.
  ∀addr: [[bit_addr; n_bit_addr; carry]].
  ∀l.
    Σb: bool. ∀M. ∀sigma. ∀policy.
      map_bit_address_mode_using_internal_pseudo_address_map_get M cm ps sigma addr l →
      get_arg_1 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
      (status_of_pseudo_status M cm ps sigma policy) addr l =
      (get_arg_1 … cm ps addr l).
  whd in match get_arg_1; normalize nodelta
  @(let m ≝ pseudo_assembly_program in
    λcm: m. λs: PseudoStatus cm. λa:[[bit_addr; n_bit_addr; carry]]. λl.
    match a return λx. bool_to_Prop (is_in ? [[ bit_addr ;
                                                 n_bit_addr ;
                                                 carry ]] x) → Σb: bool. ? with
      [ BIT_ADDR b ⇒
        λbit_addr: True.
        let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 b in
        match head' … bit_1 with
        [ true ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let d ≝ address ÷ 8 in
          let m ≝ address mod 8 in
          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
          let sfr ≝ get_bit_addressable_sfr ?? s trans l in
            get_index_v … sfr m ?
        | false ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
          let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
            get_index_v … t (modulus address 8) ? 
        ]
      | N_BIT_ADDR n ⇒
        λn_bit_addr: True.
        let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 n in
        match head' … bit_1 with
        [ true ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let d ≝ address ÷ 8 in
          let m ≝ address mod 8 in
          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
          let sfr ≝ get_bit_addressable_sfr ?? s trans l in
            ¬(get_index_v … sfr m ?)
        | false ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
          let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
            ¬(get_index_v … t (modulus address 8) ?)
        ]
      | CARRY ⇒ λcarry: True. get_cy_flag ?? s
      | _ ⇒ λother.
        match other in False with [ ]
      ] (subaddressing_modein … a)) normalize nodelta
  try @modulus_less_than
  #M #sigma #policy
  [1:
    #_ @get_cy_flag_status_of_pseudo_status
  |2,4:
    whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta
    >get_bit_addressable_sfr_status_of_pseudo_status #map_address_assm
    >map_address_assm %
  |3,5:
    whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta
    whd in match status_of_pseudo_status; normalize nodelta
    >(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma)
    #map_address_assm >map_address_assm %
  ]
qed.

lemma get_arg_1_status_of_pseudo_status:
  ∀cm.
  ∀ps.
  ∀addr: [[bit_addr; n_bit_addr; carry]].
  ∀l.
  ∀M. ∀sigma. ∀policy.
      map_bit_address_mode_using_internal_pseudo_address_map_get M cm ps sigma addr l →
      get_arg_1 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
      (status_of_pseudo_status M cm ps sigma policy) addr l =
      (get_arg_1 … cm ps addr l).
  #cm #ps #addr #l
  cases (get_arg_1_status_of_pseudo_status' cm ps addr l) #_ #assm
  @assm
qed.

definition set_arg_1': ∀M: Type[0]. ∀code_memory:M. ∀s:PreStatus M code_memory. [[bit_addr; carry]] → Bit → Σs':PreStatus M code_memory. clock ? code_memory s = clock ? code_memory s' ≝
  λm: Type[0].
  λcm.
  λs: PreStatus m cm.
  λa: [[bit_addr; carry]].
  λv: Bit.
    match a return λx. bool_to_Prop (is_in ? [[bit_addr ; carry]] x) → Σs'. clock m cm s = clock m cm s' with
      [ BIT_ADDR b ⇒ λbit_addr: True.
        let 〈bit_1, seven_bits〉 ≝ vsplit bool 1 7 (get_8051_sfr … s SFR_PSW) in
        match head' … bit_1 with
        [ true ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let d ≝ address ÷ 8 in
          let m ≝ address mod 8 in
          let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
          let sfr ≝ get_bit_addressable_sfr … s t true in
          let new_sfr ≝ set_index … sfr m v ? in
            set_bit_addressable_sfr … s new_sfr t
        | false ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
          let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
          let n_bit ≝ set_index … t (modulus address 8) v ? in
          let memory ≝ insert ? 7 address' n_bit (low_internal_ram ?? s) in
            set_low_internal_ram … s memory
        ]
      | CARRY ⇒
        λcarry: True.
        let 〈ignore, seven_bits〉 ≝ vsplit bool 1 7 (get_8051_sfr … s SFR_PSW) in
        let new_psw ≝ v:::seven_bits in
          set_8051_sfr ?? s SFR_PSW new_psw
      | _ ⇒
        λother: False.
          match other in False with
            [ ]
      ] (subaddressing_modein … a).
  try (repeat @le_S_S @le_O_n)
  try @modulus_less_than
  /by/
  cases daemon (* XXX: russell type for preservation of clock on set_bit_addressable_sfr *)
qed.

definition set_arg_1:
    ∀M: Type[0]. ∀code_memory:M. PreStatus M code_memory → [[bit_addr; carry]] →
      Bit → PreStatus M code_memory ≝ set_arg_1'.

definition map_bit_address_mode_using_internal_pseudo_address_map_set_1 ≝
  λM: internal_pseudo_address_map.
  λcm: pseudo_assembly_program.
  λs: PreStatus ? cm.
  λsigma: Word → Word.
  λaddr: [[bit_addr; carry]].
  λv: Bit.
  match addr with
  [ BIT_ADDR b ⇒
    let 〈bit_1, seven_bits〉 ≝ vsplit bool 1 7 (get_8051_sfr … s SFR_PSW) in
    match head' … bit_1 with
    [ true ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let d ≝ address ÷ 8 in
      let m ≝ address mod 8 in
      let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
      let sfr ≝ get_bit_addressable_sfr … s t true in
        map_address_Byte_using_internal_pseudo_address_map M sigma t sfr = sfr
    | false ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
      let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
        map_internal_ram_address_using_pseudo_address_map M sigma
          (false:::address') t = t
    ]   
  | CARRY ⇒ True
  | _ ⇒ True
  ].

definition map_bit_address_mode_using_internal_pseudo_address_map_set_2 ≝
  λM: internal_pseudo_address_map.
  λcm: pseudo_assembly_program.
  λs: PreStatus ? cm.
  λsigma: Word → Word.
  λaddr: [[bit_addr; carry]].
  λv: Bit.
  match addr with
  [ BIT_ADDR b ⇒
    let 〈bit_1, seven_bits〉 ≝ vsplit bool 1 7 (get_8051_sfr … s SFR_PSW) in
    match head' … bit_1 with
    [ true ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let d ≝ address ÷ 8 in
      let m ≝ address mod 8 in
      let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
      let sfr ≝ get_bit_addressable_sfr … s t true in
      let new_sfr ≝ set_index … sfr m v ? in
        map_address_Byte_using_internal_pseudo_address_map M sigma new_sfr t = t
    | false ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
      let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
      let n_bit ≝ set_index … t (modulus address 8) v ? in
      let memory ≝ insert ? 7 address' n_bit (low_internal_ram ?? s) in
        map_internal_ram_address_using_pseudo_address_map M sigma
          (false:::address') n_bit = n_bit
    ]   
  | CARRY ⇒ True
  | _ ⇒ True
  ].
  @modulus_less_than
qed.

lemma set_arg_1_status_of_pseudo_status:
  ∀cm: pseudo_assembly_program.
  ∀ps: PreStatus pseudo_assembly_program cm.
  ∀addr: [[bit_addr; carry]].
  ∀b: Bit.
    Σp: PreStatus … cm. ∀M. ∀sigma. ∀policy.
      map_bit_address_mode_using_internal_pseudo_address_map_set_1 M cm ps sigma addr b →
      map_bit_address_mode_using_internal_pseudo_address_map_set_2 M cm ps sigma addr b →
        set_arg_1 (BitVectorTrie Byte 16)
          (code_memory_of_pseudo_assembly_program cm sigma policy)
          (status_of_pseudo_status M cm ps sigma policy) addr b =
        status_of_pseudo_status M cm (set_arg_1 … cm ps addr b) sigma policy.
  whd in match set_arg_1; normalize nodelta
  whd in match set_arg_1'; normalize nodelta
  whd in match map_bit_address_mode_using_internal_pseudo_address_map_set_1; normalize nodelta
  whd in match map_bit_address_mode_using_internal_pseudo_address_map_set_2; normalize nodelta
  @(let m ≝ pseudo_assembly_program in
    λcm.
    λs: PreStatus m cm.
    λa: [[bit_addr; carry]].
    λv: Bit.
    match a return λx. bool_to_Prop (is_in ? [[bit_addr ; carry]] x) → Σp. ? with
      [ BIT_ADDR b ⇒ λbit_addr: True.
        let 〈bit_1, seven_bits〉 ≝ vsplit bool 1 7 (get_8051_sfr … s SFR_PSW) in
        match head' … bit_1 with
        [ true ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let d ≝ address ÷ 8 in
          let m ≝ address mod 8 in
          let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
          let sfr ≝ get_bit_addressable_sfr … s t true in
          let new_sfr ≝ set_index … sfr m v ? in
            set_bit_addressable_sfr … s new_sfr t
        | false ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
          let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
          let n_bit ≝ set_index … t (modulus address 8) v ? in
          let memory ≝ insert ? 7 address' n_bit (low_internal_ram ?? s) in
            set_low_internal_ram … s memory
        ]
      | CARRY ⇒
        λcarry: True.
        let 〈ignore, seven_bits〉 ≝ vsplit bool 1 7 (get_8051_sfr … s SFR_PSW) in
        let new_psw ≝ v:::seven_bits in
          set_8051_sfr ?? s SFR_PSW new_psw
      | _ ⇒
        λother: False.
          match other in False with
            [ ]
      ] (subaddressing_modein … a)) normalize nodelta
  try @modulus_less_than #M #sigma #policy
  [1:
    #_ #_ >get_8051_sfr_status_of_pseudo_status
    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
    >p normalize nodelta @set_8051_sfr_status_of_pseudo_status %
  |2,3:
    >get_8051_sfr_status_of_pseudo_status
    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
    >p normalize nodelta >p1 normalize nodelta
    #map_bit_address_assm_1 #map_bit_address_assm_2
    [1:
      >get_bit_addressable_sfr_status_of_pseudo_status
      >map_bit_address_assm_1
      >(set_bit_addressable_sfr_status_of_pseudo_status cm s … map_bit_address_assm_2) %
    |2:
      whd in match status_of_pseudo_status in ⊢ (??(????%)?); normalize nodelta
      >(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma)
      >map_bit_address_assm_1
      >(insert_low_internal_ram_of_pseudo_low_internal_ram … map_bit_address_assm_2)
      >set_low_internal_ram_status_of_pseudo_status in ⊢ (??%?); %
    ]
  ]
qed.