source: src/ASM/Test.ma @ 2183

Last change on this file since 2183 was 2183, checked in by mulligan, 8 years ago

More progress on main lemma proof.

File size: 53.7 KB
Line 
1include "ASM/Assembly.ma".
2include "ASM/Interpret.ma".
3include "ASM/StatusProofs.ma".
4include alias "arithmetics/nat.ma".
5include "ASM/AssemblyProof.ma".
6
7lemma set_program_counter_status_of_pseudo_status:
8  ∀M.
9  ∀cm.
10  ∀sigma.
11  ∀policy.
12  ∀s, s'.
13  ∀new_ppc, new_ppc'.
14    sigma new_ppc = new_ppc' →
15    status_of_pseudo_status M cm s sigma policy = s' →
16    set_program_counter (BitVectorTrie Byte 16)
17      (code_memory_of_pseudo_assembly_program cm sigma policy)
18      s' new_ppc' =
19    status_of_pseudo_status M cm (set_program_counter … cm s new_ppc) sigma policy.
20  #M #cm #sigma #policy #s #s' #new_ppc #new_ppc'
21  #new_ppc_refl #s_refl <new_ppc_refl <s_refl //
22qed.
23
24lemma if_then_else_status_of_pseudo_status_true:
25  ∀M: internal_pseudo_address_map.
26  ∀cm: pseudo_assembly_program.
27  ∀sigma: Word → Word.
28  ∀policy: Word → bool.
29  ∀s, s', s'', s'''.
30  ∀t: bool.
31    t = true →
32    status_of_pseudo_status M cm s sigma policy = s' →
33      if t then
34        s'
35      else
36        s'' =
37      status_of_pseudo_status M cm (if t then s else s''') sigma policy.
38  #M #cm #sigma #policy #s #s' #s'' #s''' #t #t_refl #s_refl
39  >t_refl normalize nodelta >s_refl %
40qed.
41
42lemma if_then_else_status_of_pseudo_status_false:
43  ∀M: internal_pseudo_address_map.
44  ∀cm: pseudo_assembly_program.
45  ∀sigma: Word → Word.
46  ∀policy: Word → bool.
47  ∀s, s', s'', s'''.
48  ∀t: bool.
49    t = false →
50    status_of_pseudo_status M cm s sigma policy = s' →
51      if t then
52        s''
53      else
54        s' =
55      status_of_pseudo_status M cm (if t then s''' else s) sigma policy.
56  #M #cm #sigma #policy #s #s' #s'' #s''' #t #t_refl #s_refl
57  >t_refl normalize nodelta >s_refl %
58qed.
59
60lemma set_p1_latch_status_of_pseudo_status:
61  ∀M.
62  ∀code_memory.
63  ∀sigma.
64  ∀policy.
65  ∀s,s'.
66  ∀v.
67   status_of_pseudo_status M code_memory s sigma policy = s' →
68    set_p1_latch (BitVectorTrie Byte 16)
69      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
70      s' v =
71    status_of_pseudo_status M code_memory
72      (set_p1_latch pseudo_assembly_program code_memory s v) sigma policy.
73  #M #cm #sigma #policy #s #s' #new_ppc #s_refl <s_refl //
74qed.
75
76lemma set_p3_latch_status_of_pseudo_status:
77  ∀M.
78  ∀code_memory.
79  ∀sigma.
80  ∀policy.
81  ∀s, s'.
82  ∀v.
83  status_of_pseudo_status M code_memory s sigma policy = s' →
84    set_p3_latch (BitVectorTrie Byte 16)
85      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
86      s' v =
87    status_of_pseudo_status M code_memory
88      (set_p3_latch pseudo_assembly_program code_memory s v) sigma policy.
89  #M #code_memory #sigma #policy #s #s' #v #s_refl <s_refl //
90qed.
91
92definition map_acc_a_using_internal_pseudo_address_map:
93    ∀M: internal_pseudo_address_map. (Word → Word) → Byte → Byte ≝
94  λM, sigma, v.
95  match \snd M with
96  [ data ⇒ v
97  | address upper_lower word ⇒
98    let mapped ≝ sigma word in
99    let 〈high, low〉 ≝ vsplit bool 8 8 mapped in
100      if eq_upper_lower upper_lower upper then
101        high
102      else
103        low
104  ].
105
106(*CSC: Taken from AssemblyProofSplit.ma; there named map_lower_internal... *)
107definition map_internal_ram_address_using_pseudo_address_map:
108  ∀M: internal_pseudo_address_map. (Word → Word) → Byte → Byte → Byte ≝
109  λM: internal_pseudo_address_map.
110  λsigma: Word → Word.
111  λaddress: Byte.
112  λvalue: Byte.
113  match assoc_list_lookup ?? address (eq_bv …) (\fst M) with
114  [ None ⇒ value
115  | Some upper_lower_word ⇒
116    let 〈upper_lower, word〉 ≝ upper_lower_word in
117    let 〈high, low〉 ≝ vsplit bool 8 8 (sigma word) in
118      if eq_upper_lower upper_lower upper then
119        high
120      else
121        low
122  ].
123
124definition map_address_using_internal_pseudo_address_map:
125    ∀M: internal_pseudo_address_map. (Word → Word) → SFR8051 → Byte → Byte ≝
126  λM, sigma, sfr, v.
127  match sfr with
128  [ SFR_ACC_A ⇒ map_acc_a_using_internal_pseudo_address_map M sigma v
129  | _         ⇒ v
130  ].
131
132lemma set_index_set_index_overwrite:
133  ∀A: Type[0].
134  ∀n: nat.
135  ∀v: Vector A n.
136  ∀index: nat.
137  ∀e, e': A.
138  ∀proof.
139  ∀proof'.
140    set_index A n v index e proof =
141      set_index A n (set_index A n v index e' proof') index e proof.
142  #A #n #v elim v normalize
143  [1:
144    #index #e #e' #absurd cases (lt_to_not_zero … absurd)
145  |2:
146    #n' #hd #tl #inductive_hypothesis #index #e #e' cases index #proof #proof'
147    normalize //
148  ]
149qed.
150
151lemma set_index_set_index_commutation:
152  ∀A: Type[0].
153  ∀n: nat.
154  ∀v: Vector A n.
155  ∀m, o: nat.
156  ∀m_lt_proof: m < n.
157  ∀o_lt_proof: o < n.
158  ∀e, f: A.
159    m ≠ o →
160      set_index A n (set_index A n v o f o_lt_proof) m e m_lt_proof =
161        set_index A n (set_index A n v m e m_lt_proof) o f o_lt_proof.
162  #A #n #v elim v
163  [1:
164    #m #o #m_lt_proof
165    normalize in m_lt_proof; cases (lt_to_not_zero … m_lt_proof)
166  |2:
167    #n' #hd #tl #inductive_hypothesis
168    #m #o
169    cases m cases o
170    [1:
171      #m_lt_proof #o_lt_proof #e #f #absurd @⊥ cases absurd #relevant
172      @relevant %
173    |2,3:
174      #o' normalize //
175    |4:
176      #m' #o' #m_lt_proof #o_lt_proof #e #f #o_neq_m_assm
177      normalize @eq_f @inductive_hypothesis @nmk #relevant
178      >relevant in o_neq_m_assm; #relevant @(absurd ?? relevant) %
179    ]
180  ]
181qed.
182
183(* XXX: move elsewhere *)
184lemma get_index_v_set_index_miss:
185  ∀a: Type[0].
186  ∀n: nat.
187  ∀v: Vector a n.
188  ∀i, j: nat.
189  ∀e: a.
190  ∀i_proof: i < n.
191  ∀j_proof: j < n.
192    i ≠ j →
193      get_index_v a n (set_index a n v i e i_proof) j j_proof =
194        get_index_v a n v j j_proof.
195  #a #n #v elim v
196  [1:
197    #i #j #e #i_proof
198    cases (lt_to_not_zero … i_proof)
199  |2:
200    #n' #hd #tl #inductive_hypothesis #i #j
201    cases i cases j
202    [1:
203      #e #i_proof #j_proof #neq_assm
204      cases (absurd ? (refl … 0) neq_assm)
205    |2,3:
206      #i' #e #i_proof #j_proof #_ %
207    |4:
208      #i' #j' #e #i_proof #j_proof #neq_assm
209      @inductive_hypothesis @nmk #eq_assm
210      >eq_assm in neq_assm; #neq_assm
211      cases (absurd ? (refl ??) neq_assm)
212    ]
213  ]
214qed.
215
216lemma set_index_status_of_pseudo_status:
217  ∀M, code_memory, sigma, policy, s, sfr, v, v'.
218    map_address_using_internal_pseudo_address_map M sigma sfr v = v' →
219(set_index Byte 19
220  (special_function_registers_8051 (BitVectorTrie Byte 16)
221   (code_memory_of_pseudo_assembly_program code_memory sigma policy)
222   (status_of_pseudo_status M code_memory s sigma policy))
223  (sfr_8051_index sfr) v' (sfr8051_index_19 sfr)
224  =sfr_8051_of_pseudo_sfr_8051 M
225   (special_function_registers_8051 pseudo_assembly_program code_memory
226    (set_8051_sfr pseudo_assembly_program code_memory s sfr v)) sigma).
227  #M #code_memory #sigma #policy #s #sfr #v #v' #sfr_neq_acc_a_assm
228  whd in match status_of_pseudo_status; normalize nodelta
229  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
230  inversion (\snd M) try (#upper_lower #address) #sndM_refl normalize nodelta
231  [1:
232    <sfr_neq_acc_a_assm cases sfr
233    [18:
234      whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
235      whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
236      >sndM_refl %
237    ]
238    %
239  |2:
240    @pair_elim #high #low #high_low_refl normalize nodelta
241    inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
242    <sfr_neq_acc_a_assm cases sfr
243    [18,37:
244      whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
245      whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
246      >sndM_refl normalize nodelta >high_low_refl normalize nodelta
247      >eq_upper_lower_refl normalize nodelta
248      whd in match (set_8051_sfr ?????);
249      [1:
250        <set_index_set_index_overwrite in ⊢ (??%?);
251        <set_index_set_index_overwrite in ⊢ (???%); %
252      |2:
253        <set_index_set_index_overwrite in ⊢ (??%?);
254        <set_index_set_index_overwrite in ⊢ (???%); %
255      ]
256    ]
257    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
258    whd in match (set_8051_sfr ?????); @set_index_set_index_commutation normalize
259    @nmk #absurd destruct(absurd)
260  ]
261qed.
262
263lemma get_index_v_status_of_pseudo_status:
264  ∀M, code_memory, sigma, policy, s, s', sfr.
265    map_address_using_internal_pseudo_address_map M sigma sfr
266      (get_index_v Byte 19
267        (special_function_registers_8051 pseudo_assembly_program code_memory s)
268        (sfr_8051_index sfr) (sfr8051_index_19 sfr)) = s' →
269    get_index_v Byte 19
270      (special_function_registers_8051 (BitVectorTrie Byte 16)
271      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
272      (status_of_pseudo_status M code_memory s sigma policy))
273      (sfr_8051_index sfr) (sfr8051_index_19 sfr) = s'.
274  #M #code_memory #sigma #policy #s #s' #sfr #s_refl <s_refl
275  whd in match status_of_pseudo_status; normalize nodelta
276  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
277  inversion (\snd M) try (#upper_lower #address) #sndM_refl normalize nodelta
278 [1:
279    cases sfr
280    [18:
281      whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
282      whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
283      >sndM_refl %
284    ]
285    %
286  |2:
287    @pair_elim #high #low #high_low_refl normalize nodelta
288    inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
289    cases sfr
290    [18,37:
291      whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
292      whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
293      >sndM_refl normalize nodelta >high_low_refl normalize nodelta
294      >eq_upper_lower_refl normalize nodelta
295      whd in match (set_8051_sfr ?????); //
296    ]
297    @get_index_v_set_index_miss whd in ⊢ (?(??%%));
298    @nmk #absurd destruct(absurd)
299  ]
300qed.
301
302lemma set_8051_sfr_status_of_pseudo_status:
303  ∀M, code_memory, sigma, policy, s, s', sfr, v,v'.
304    status_of_pseudo_status M code_memory s sigma policy = s' →
305    map_address_using_internal_pseudo_address_map M sigma sfr v = v' →
306      set_8051_sfr ? (code_memory_of_pseudo_assembly_program code_memory sigma policy) s' sfr v' =
307      status_of_pseudo_status M code_memory
308        (set_8051_sfr pseudo_assembly_program code_memory s sfr v) sigma policy.
309  #M #code_memory #sigma #policy #s #s' #sfr #v #v' #s_ok #v_ok
310  <s_ok whd in ⊢ (??%%); @split_eq_status try % /2/
311qed.
312
313lemma get_8051_sfr_status_of_pseudo_status:
314  ∀M, code_memory, sigma, policy, s, s', s'', sfr.
315    status_of_pseudo_status M code_memory s sigma policy = s' →
316    map_address_using_internal_pseudo_address_map M sigma sfr
317     (get_8051_sfr pseudo_assembly_program code_memory s sfr) = s'' →
318  get_8051_sfr (BitVectorTrie Byte 16)
319    (code_memory_of_pseudo_assembly_program code_memory sigma policy)
320     s' sfr = s''.
321  #M #code_memory #sigma #policy #s #s' #s'' #sfr #s_refl #s_refl' <s_refl <s_refl'
322  whd in match get_8051_sfr; normalize nodelta
323  @get_index_v_status_of_pseudo_status %
324qed.
325
326lemma get_8052_sfr_status_of_pseudo_status:
327  ∀M, code_memory, sigma, policy, s, s', sfr.
328  status_of_pseudo_status M code_memory s sigma policy = s' →
329  (get_8052_sfr (BitVectorTrie Byte 16)
330    (code_memory_of_pseudo_assembly_program code_memory sigma policy)
331    s' sfr =
332   (get_8052_sfr pseudo_assembly_program code_memory s sfr)).
333  #M #code_memory #sigma #policy #s #s' #sfr #s_refl <s_refl //
334qed.
335
336lemma set_8052_sfr_status_of_pseudo_status:
337  ∀M, code_memory, sigma, policy, s, s', sfr, v.
338  status_of_pseudo_status M code_memory s sigma policy = s' →
339    (set_8052_sfr (BitVectorTrie Byte 16)
340      (code_memory_of_pseudo_assembly_program code_memory sigma policy) s' sfr v =
341    status_of_pseudo_status M code_memory
342     (set_8052_sfr pseudo_assembly_program code_memory s sfr v) sigma policy).
343  #M #code_memory #sigma #policy #s #s' #sfr #v #s_refl <s_refl //
344qed.
345 
346definition map_address_Byte_using_internal_pseudo_address_map ≝
347 λM,sigma,d,v.
348  match sfr_of_Byte d with
349  [ None ⇒ v
350  | Some sfr8051_8052 ⇒
351    match sfr8051_8052 with
352    [ inl sfr ⇒
353      map_address_using_internal_pseudo_address_map M sigma sfr v
354    | inr _ ⇒ v
355    ]
356  ].
357
358lemma set_bit_addressable_sfr_status_of_pseudo_status':
359  let M ≝ pseudo_assembly_program in
360    ∀code_memory: M.
361    ∀s: PreStatus M code_memory.
362    ∀d: Byte.
363    ∀v: Byte.
364      Σp: PreStatus M code_memory.
365        ∀M.
366        ∀sigma.
367        ∀policy.
368        ∀s'.
369        ∀v'.
370          status_of_pseudo_status M code_memory s sigma policy = s' →
371            map_address_Byte_using_internal_pseudo_address_map M sigma d v = v' →
372              (set_bit_addressable_sfr (BitVectorTrie Byte 16)
373                (code_memory_of_pseudo_assembly_program code_memory sigma policy) s' d v' =
374              status_of_pseudo_status M code_memory
375                (set_bit_addressable_sfr pseudo_assembly_program code_memory s d v) sigma policy).
376  whd in match map_address_Byte_using_internal_pseudo_address_map;
377  whd in match set_bit_addressable_sfr;
378  normalize nodelta
379  @(let M ≝ pseudo_assembly_program in
380  λcode_memory:M.
381  λs: PreStatus M code_memory.
382  λb: Byte.
383  λv: Byte.
384   match sfr_of_Byte b with
385   [ None ⇒ match not_implemented in False with [ ]
386   | Some sfr8051_8052 ⇒
387      match sfr8051_8052 with
388      [ inl sfr ⇒
389         match sfr with
390         [ SFR_P1 ⇒
391           let status_1 ≝ set_8051_sfr ?? s SFR_P1 v in
392           set_p1_latch ?? s v
393         | SFR_P3 ⇒
394           let status_1 ≝ set_8051_sfr ?? s SFR_P3 v in
395           set_p3_latch ?? s v
396         | _ ⇒ set_8051_sfr ?? s sfr v ]
397      | inr sfr ⇒ set_8052_sfr ?? s sfr v ]])
398  normalize nodelta #M #sigma #policy #s' #v' #s_refl <s_refl
399  /2 by refl, set_8051_sfr_status_of_pseudo_status, set_8052_sfr_status_of_pseudo_status/
400  whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
401  #v_refl >v_refl //
402qed.
403
404lemma set_bit_addressable_sfr_status_of_pseudo_status:
405 ∀code_memory: pseudo_assembly_program. ∀s: PreStatus … code_memory. ∀d: Byte. ∀v: Byte.
406  ∀M. ∀sigma. ∀policy. ∀s': Status ?. ∀v'.
407  status_of_pseudo_status M code_memory s sigma policy = s' →
408  map_address_Byte_using_internal_pseudo_address_map M sigma d v = v' →
409 (set_bit_addressable_sfr (BitVectorTrie Byte 16)
410  (code_memory_of_pseudo_assembly_program code_memory sigma policy)
411  s' d v'
412  =status_of_pseudo_status M code_memory
413   (set_bit_addressable_sfr pseudo_assembly_program code_memory s d v) sigma policy).
414 #code #s #d #v cases (set_bit_addressable_sfr_status_of_pseudo_status' code s d v) #_
415 #H @H
416qed.
417
418lemma set_low_internal_ram_status_of_pseudo_status:
419 ∀cm,sigma,policy,M,s,s',ram.
420  status_of_pseudo_status M cm s sigma policy = s' →
421  set_low_internal_ram (BitVectorTrie Byte 16)
422  (code_memory_of_pseudo_assembly_program cm sigma policy)
423  s'
424  (low_internal_ram_of_pseudo_low_internal_ram M ram)
425  = status_of_pseudo_status M cm
426    (set_low_internal_ram pseudo_assembly_program cm s ram) sigma policy.
427  #cm #sigma #policy #M #s #s' #ram #s_refl <s_refl //
428qed.
429
430(* Real axiom ATM *)
431axiom insert_low_internal_ram_of_pseudo_low_internal_ram:
432 ∀M,sigma,cm,s,addr,v,v'.
433 map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v = v' →
434  insert Byte 7 addr v'
435  (low_internal_ram_of_pseudo_low_internal_ram M
436   (low_internal_ram pseudo_assembly_program cm s))
437  =low_internal_ram_of_pseudo_low_internal_ram M
438   (insert Byte 7 addr v (low_internal_ram pseudo_assembly_program cm s)).
439               
440lemma insert_low_internal_ram_status_of_pseudo_status:
441 ∀M,cm,sigma,policy,s,addr,v,v'.
442 map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v = v' →
443  insert Byte 7 addr v'
444   (low_internal_ram (BitVectorTrie Byte 16)
445    (code_memory_of_pseudo_assembly_program cm sigma policy)
446    (status_of_pseudo_status M cm s sigma policy))
447  = low_internal_ram_of_pseudo_low_internal_ram M
448     (insert Byte 7 addr v
449      (low_internal_ram pseudo_assembly_program cm s)).
450 /2 by insert_low_internal_ram_of_pseudo_low_internal_ram/
451qed.
452
453(* Real axiom ATM *)
454axiom insert_high_internal_ram_of_pseudo_high_internal_ram:
455 ∀M,sigma,cm,s,addr,v,v'.
456 map_internal_ram_address_using_pseudo_address_map M sigma (true:::addr) v = v' →
457  insert Byte 7 addr v'
458  (high_internal_ram_of_pseudo_high_internal_ram M
459   (high_internal_ram pseudo_assembly_program cm s))
460  =high_internal_ram_of_pseudo_high_internal_ram M
461   (insert Byte 7 addr v (high_internal_ram pseudo_assembly_program cm s)).
462
463lemma insert_high_internal_ram_status_of_pseudo_status:
464 ∀M,cm,sigma,policy,s,addr,v,v'.
465 map_internal_ram_address_using_pseudo_address_map M sigma (true:::addr) v = v' →
466  insert Byte 7 addr v'
467   (high_internal_ram (BitVectorTrie Byte 16)
468    (code_memory_of_pseudo_assembly_program cm sigma policy)
469    (status_of_pseudo_status M cm s sigma policy))
470  = high_internal_ram_of_pseudo_high_internal_ram M
471     (insert Byte 7 addr v
472      (high_internal_ram pseudo_assembly_program cm s)).
473 /2 by insert_high_internal_ram_of_pseudo_high_internal_ram/
474qed.
475
476lemma bit_address_of_register_status_of_pseudo_status:
477 ∀M,cm,s,sigma,policy,r.
478  bit_address_of_register …
479  (code_memory_of_pseudo_assembly_program cm sigma policy)
480  (status_of_pseudo_status M cm s sigma policy) r =
481  bit_address_of_register … cm s r.
482 #M #cm #s #sigma #policy #r whd in ⊢ (??%%);
483 >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
484 @pair_elim #un #ln #_
485 @pair_elim #r1 #r0 #_ %
486qed.
487
488(*CSC: provable using the axiom in AssemblyProof, but this one seems more
489  primitive *)
490axiom lookup_low_internal_ram_of_pseudo_low_internal_ram:
491 ∀M,sigma,cm,s,s',addr.
492  map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr)
493  (lookup Byte 7 addr
494   (low_internal_ram pseudo_assembly_program cm s) (zero 8)) = s' →
495  lookup Byte 7 addr
496  (low_internal_ram_of_pseudo_low_internal_ram M
497   (low_internal_ram pseudo_assembly_program cm s)) (zero 8)
498  = s'.
499
500(*CSC: provable using the axiom in AssemblyProof, but this one seems more
501  primitive *)
502axiom lookup_high_internal_ram_of_pseudo_high_internal_ram:
503 ∀M,sigma,cm,s,s',addr.
504  map_internal_ram_address_using_pseudo_address_map M sigma (true:::addr)
505  (lookup Byte 7 addr
506   (high_internal_ram pseudo_assembly_program cm s) (zero 8)) = s' →
507  lookup Byte 7 addr
508  (high_internal_ram_of_pseudo_high_internal_ram M
509   (high_internal_ram pseudo_assembly_program cm s)) (zero 8)
510  = s'.
511
512lemma get_register_status_of_pseudo_status:
513 ∀M,cm,sigma,policy,s,s',s'',r.
514  status_of_pseudo_status M cm s sigma policy = s' →
515  map_internal_ram_address_using_pseudo_address_map M sigma (false:::bit_address_of_register pseudo_assembly_program cm s r)
516   (get_register … cm s r) = s'' →
517  get_register …
518   (code_memory_of_pseudo_assembly_program cm sigma policy)
519   s' r = s''.
520 #M #cm #sigma #policy #s #s' #s'' #r #s_refl #s_refl' <s_refl <s_refl'
521 whd in match get_register; normalize nodelta
522 whd in match status_of_pseudo_status; normalize nodelta
523 >bit_address_of_register_status_of_pseudo_status
524 @(lookup_low_internal_ram_of_pseudo_low_internal_ram … (refl …))
525qed.
526
527lemma external_ram_status_of_pseudo_status:
528 ∀M,cm,s,sigma,policy.
529  external_ram …
530   (code_memory_of_pseudo_assembly_program cm sigma policy)
531   (status_of_pseudo_status M cm s sigma policy) =
532  external_ram … cm s.
533 //
534qed.
535
536lemma set_external_ram_status_of_pseudo_status:
537  ∀M,cm,ps,sigma,policy,ram.
538    set_external_ram …
539      (code_memory_of_pseudo_assembly_program cm sigma policy)
540      (status_of_pseudo_status M cm ps sigma policy)
541      ram =
542    status_of_pseudo_status M cm (set_external_ram … cm ps ram) sigma policy.
543  //
544qed.
545
546lemma set_register_status_of_pseudo_status:
547 ∀M,sigma,policy,cm,s,s',r,v,v'.
548  status_of_pseudo_status M cm s sigma policy = s' →
549  map_internal_ram_address_using_pseudo_address_map M sigma
550   (false:::bit_address_of_register pseudo_assembly_program cm s r) v =v' →
551  set_register (BitVectorTrie Byte 16)
552   (code_memory_of_pseudo_assembly_program cm sigma policy)
553   s' r v'
554  = status_of_pseudo_status M cm (set_register pseudo_assembly_program cm s r v)
555    sigma policy.
556  #M #sigma #policy #cm #s #s' #r #v #v' #s_refl <s_refl #v_ok
557 whd in match set_register; normalize nodelta
558 >bit_address_of_register_status_of_pseudo_status
559 >(insert_low_internal_ram_status_of_pseudo_status … v_ok)
560 @set_low_internal_ram_status_of_pseudo_status %
561qed.
562
563definition map_address_mode_using_internal_pseudo_address_map_ok1 ≝
564 λM:internal_pseudo_address_map.λcm.λs:PreStatus ? cm.λsigma. λaddr.
565  match addr with
566  [ INDIRECT i ⇒
567     assoc_list_lookup ??
568      (false:::bit_address_of_register pseudo_assembly_program cm s [[false; false; i]]) (eq_bv …) (\fst M) = None …
569  | EXT_INDIRECT e ⇒
570     assoc_list_lookup ??
571      (false:::bit_address_of_register pseudo_assembly_program cm s [[false; false; e]]) (eq_bv …) (\fst M) = None …
572  | ACC_DPTR ⇒
573    (* XXX: \snd M = None plus in the very rare case when we are trying to dereference a null (O) pointer
574            in the ACC_A *)
575      map_acc_a_using_internal_pseudo_address_map M sigma (get_8051_sfr pseudo_assembly_program cm s SFR_ACC_A) =
576        get_8051_sfr … cm s SFR_ACC_A
577  | ACC_PC ⇒
578      (* XXX: as above *)
579      map_acc_a_using_internal_pseudo_address_map M sigma (get_8051_sfr pseudo_assembly_program cm s SFR_ACC_A) =
580        get_8051_sfr … cm s SFR_ACC_A ∧ sigma (program_counter … s) = program_counter … s
581  | _ ⇒ True ].
582
583definition map_address_mode_using_internal_pseudo_address_map_ok2 ≝
584 λT,M,sigma,cm.λs:PreStatus T cm.λaddr,v.
585  match addr with
586  [ DIRECT d ⇒
587     let 〈 bit_one, seven_bits 〉 as vsplit_refl ≝ vsplit … 1 7 d in
588     match head' … bit_one with
589     [ true ⇒
590      map_address_Byte_using_internal_pseudo_address_map M sigma (true:::seven_bits) v
591     | false ⇒
592      map_internal_ram_address_using_pseudo_address_map M sigma (false:::seven_bits) v ]
593  | INDIRECT i ⇒
594     let register ≝ get_register ?? s [[ false; false; i ]] in
595     map_internal_ram_address_using_pseudo_address_map M sigma register v
596  | REGISTER r ⇒
597     map_internal_ram_address_using_pseudo_address_map M sigma
598      (false:::bit_address_of_register … s r) v
599  | ACC_A ⇒
600     map_address_using_internal_pseudo_address_map M sigma SFR_ACC_A v
601  | _ ⇒ v ].
602
603(*CSC: move elsewhere*)
604lemma eq_head': ∀A,n,v. v = head' A n v ::: tail … v.
605 #A #n #v inversion v in ⊢ ?;
606 [ #abs @⊥ lapply (jmeq_to_eq ??? abs) /2/
607 | #m #hd #tl #_ #EQ <(injective_S … EQ) in tl; #tl #EQ' >EQ' % ]
608qed.
609
610(*CSC: move elsewhere*)
611lemma tail_singleton: ∀A,v. tail A 0 v = [[]].
612 #A #v inversion v in ⊢ ?;
613 [ #abs @⊥ lapply (jmeq_to_eq ??? abs) #H destruct(H)
614 | #n #hd #tl #_ #EQ <(injective_S … EQ) in tl; #tl #EQ1 >EQ1 normalize
615   /2 by jmeq_to_eq/
616 ]
617qed.
618
619(*CSC: move elsewhere*)
620lemma eq_cons_head_append:
621 ∀A,n.∀hd: Vector A 1. ∀tl: Vector A n.
622  head' A 0 hd:::tl = hd@@tl.
623 #A #n #hd #tl >(eq_head' … hd) >tail_singleton %
624qed.
625
626lemma set_arg_8_status_of_pseudo_status':
627  ∀cm.
628  ∀ps.
629  ∀addr:[[ direct ; indirect ; registr ; acc_a ; acc_b ; ext_indirect ; ext_indirect_dptr ]].
630  ∀value. Σp: PreStatus ? cm. ∀M. ∀sigma. ∀policy. ∀s'. ∀value'.
631   status_of_pseudo_status M cm ps sigma policy = s' →
632   map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
633   map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr value = value' →
634    set_arg_8 (BitVectorTrie Byte 16)
635      (code_memory_of_pseudo_assembly_program cm sigma policy)
636      s' addr value' =
637    status_of_pseudo_status M cm (set_arg_8 … cm ps addr value) sigma policy.
638  whd in match set_arg_8; normalize nodelta
639  @(let m ≝ pseudo_assembly_program in λcm, s. λa: [[ direct ; indirect ; registr ;
640                                   acc_a ; acc_b ; ext_indirect ;
641                                   ext_indirect_dptr ]]. λv.
642    match a return λaddr. bool_to_Prop (is_in ? [[ direct ; indirect ; registr ;
643                                                acc_a ; acc_b ; ext_indirect ;
644                                                ext_indirect_dptr ]] addr) →
645                   Σp.?
646            with
647      [ DIRECT d ⇒
648        λdirect: True.
649          deplet 〈 bit_one, seven_bits 〉 as vsplit_refl ≝ vsplit ? 1 7 d in
650            match head' … bit_one with
651              [ true ⇒ set_bit_addressable_sfr ?? s (true:::seven_bits) v
652              | false ⇒
653                let memory ≝ insert ? 7 seven_bits v (low_internal_ram ?? s) in
654                  set_low_internal_ram ?? s memory
655              ]
656      | INDIRECT i ⇒
657        λindirect: True.
658          let register ≝ get_register ?? s [[ false; false; i ]] in
659          let 〈bit_one, seven_bits〉 ≝ vsplit ? 1 7 register in
660            match head' … bit_one with
661              [ false ⇒
662                let memory ≝ insert … seven_bits v (low_internal_ram ?? s) in
663                  set_low_internal_ram ?? s memory
664              | true ⇒
665                let memory ≝ insert … seven_bits v (high_internal_ram ?? s) in
666                  set_high_internal_ram ?? s memory
667              ]
668      | REGISTER r ⇒ λregister: True. set_register ?? s r v
669      | ACC_A ⇒ λacc_a: True. set_8051_sfr ?? s SFR_ACC_A v
670      | ACC_B ⇒ λacc_b: True. set_8051_sfr ?? s SFR_ACC_B v
671      | EXT_INDIRECT e ⇒
672        λext_indirect: True.
673          let address ≝ get_register ?? s [[ false; false; e ]] in
674          let padded_address ≝ pad 8 8 address in
675          let memory ≝ insert ? 16 padded_address v (external_ram ?? s) in
676            set_external_ram ?? s memory
677      | EXT_INDIRECT_DPTR ⇒
678        λext_indirect_dptr: True.
679          let address ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
680          let memory ≝ insert ? 16 address v (external_ram ?? s) in
681            set_external_ram ?? s memory
682      | _ ⇒
683        λother: False.
684          match other in False with [ ]
685      ] (subaddressing_modein … a)) normalize nodelta
686  #M #sigma #policy #s' #v' #s_refl <s_refl
687  whd in match map_address_mode_using_internal_pseudo_address_map_ok1; normalize nodelta
688  whd in match map_address_mode_using_internal_pseudo_address_map_ok2; normalize nodelta
689  [1,2:
690    <vsplit_refl normalize nodelta >p normalize nodelta
691    [ >(vsplit_ok … vsplit_refl) #_ @set_bit_addressable_sfr_status_of_pseudo_status
692    | #_ #v_ok >(insert_low_internal_ram_status_of_pseudo_status … v) // ]
693  |3,4: #EQ1 #EQ2 change with (get_register ????) in match register in p;
694      >(get_register_status_of_pseudo_status … (refl …) (refl …))
695      whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
696      >EQ1 normalize nodelta >p normalize nodelta >p1 normalize nodelta
697      [ >(insert_high_internal_ram_status_of_pseudo_status … v)
698      | >(insert_low_internal_ram_status_of_pseudo_status … v) ]
699      // <EQ2 @eq_f2 try % <(vsplit_ok … (sym_eq … p)) <eq_cons_head_append >p1 %
700  |5: #EQ1 #EQ2 <EQ2 >(get_register_status_of_pseudo_status … (refl …) (refl …))
701      whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
702      >EQ1 normalize nodelta
703      >external_ram_status_of_pseudo_status @set_external_ram_status_of_pseudo_status
704  |6: #EQ1 #EQ2 <EQ2 /2 by set_register_status_of_pseudo_status/
705  |7: #EQ1 #EQ2 <EQ2 /2 by set_8051_sfr_status_of_pseudo_status/
706  |8: #_ #EQ <EQ @set_8051_sfr_status_of_pseudo_status %
707  |9: #_ #EQ <EQ >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
708      >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
709      >external_ram_status_of_pseudo_status @set_external_ram_status_of_pseudo_status ] %
710qed.
711
712lemma set_arg_8_status_of_pseudo_status:
713  ∀cm.
714  ∀ps.
715  ∀addr:[[ direct ; indirect ; registr ; acc_a ; acc_b ; ext_indirect ; ext_indirect_dptr ]].
716  ∀value.
717  ∀M. ∀sigma. ∀policy. ∀s'. ∀value'.
718   status_of_pseudo_status M cm ps sigma policy = s' →
719   map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
720   map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr value = value' →
721    set_arg_8 (BitVectorTrie Byte 16)
722      (code_memory_of_pseudo_assembly_program cm sigma policy)
723      s' addr value' =
724    status_of_pseudo_status M cm (set_arg_8 … cm ps addr value) sigma policy.
725  #cm #ps #addr #value
726  cases (set_arg_8_status_of_pseudo_status' cm ps addr value) #_ #relevant
727  @relevant
728qed.
729
730lemma p1_latch_status_of_pseudo_status:
731    ∀M.
732    ∀sigma.
733    ∀policy.
734    ∀code_memory: pseudo_assembly_program.
735    ∀s: PreStatus … code_memory.
736    ∀s'.
737    (status_of_pseudo_status M code_memory s sigma policy) = s' →
738    (p1_latch (BitVectorTrie Byte 16)
739      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
740      s' =
741    (p1_latch pseudo_assembly_program code_memory s)).
742  #M #sigma #policy #code_memory #s #s' #s_refl <s_refl //
743qed.
744
745lemma p3_latch_status_of_pseudo_status:
746    ∀M.
747    ∀sigma.
748    ∀policy.
749    ∀code_memory: pseudo_assembly_program.
750    ∀s: PreStatus … code_memory.
751    ∀s'.
752    (status_of_pseudo_status M code_memory s sigma policy) = s' →
753    (p3_latch (BitVectorTrie Byte 16)
754      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
755      (status_of_pseudo_status M code_memory s sigma policy) =
756    (p3_latch pseudo_assembly_program code_memory s)).
757  #M #sigma #policy #code_memory #s #s' #s_refl <s_refl //
758qed.
759
760lemma get_bit_addressable_sfr_status_of_pseudo_status':
761  let M ≝ pseudo_assembly_program in
762    ∀code_memory: M.
763    ∀s: PreStatus M code_memory.
764    ∀d: Byte.
765    ∀l: bool.
766      Σp: Byte. ∀M. ∀sigma. ∀policy. ∀s'.
767        status_of_pseudo_status M code_memory s sigma policy = s' →
768        (get_bit_addressable_sfr (BitVectorTrie Byte 16)
769          (code_memory_of_pseudo_assembly_program code_memory sigma policy)
770          s' d l =
771        map_address_Byte_using_internal_pseudo_address_map M sigma
772         d (get_bit_addressable_sfr pseudo_assembly_program code_memory s d l)).
773  whd in match get_bit_addressable_sfr;
774  whd in match map_address_Byte_using_internal_pseudo_address_map;
775  normalize nodelta
776  @(let M ≝ pseudo_assembly_program in
777    λcode_memory:M.
778    λs: PreStatus M code_memory.
779    λb: Byte.
780    λl: bool.
781    match sfr_of_Byte b with
782    [ None ⇒ match not_implemented in False with [ ]
783    | Some sfr8051_8052 ⇒
784    match sfr8051_8052 with
785    [ inl sfr ⇒
786      match sfr with
787      [ SFR_P1 ⇒
788        if l then
789          p1_latch … s
790        else
791          get_8051_sfr … s SFR_P1
792      | SFR_P3 ⇒
793        if l then
794          p3_latch … s
795        else
796          get_8051_sfr … s SFR_P3
797      | _ ⇒ get_8051_sfr … s sfr
798      ]
799    | inr sfr ⇒ get_8052_sfr M code_memory s sfr
800    ]
801    ])
802  #M #sigma #policy #s' #s_refl <s_refl normalize nodelta
803  /2 by get_8051_sfr_status_of_pseudo_status, p1_latch_status_of_pseudo_status, p3_latch_status_of_pseudo_status/
804qed.
805
806lemma get_bit_addressable_sfr_status_of_pseudo_status:
807  let M ≝ pseudo_assembly_program in
808    ∀code_memory: M.
809    ∀s: PreStatus M code_memory.
810    ∀d: Byte.
811    ∀l: bool.
812    ∀M. ∀sigma. ∀policy. ∀s'. ∀s''.
813      map_address_Byte_using_internal_pseudo_address_map M sigma
814         d (get_bit_addressable_sfr pseudo_assembly_program code_memory s d l) = s'' →
815      (status_of_pseudo_status M code_memory s sigma policy) = s' →
816        (get_bit_addressable_sfr (BitVectorTrie Byte 16)
817          (code_memory_of_pseudo_assembly_program code_memory sigma policy)
818          s' d l) = s''.
819 #code #s #d #v
820 cases (get_bit_addressable_sfr_status_of_pseudo_status' code s d v) #_ #relevant
821 #M #sigma #policy #s' #s'' #s_refl #s_refl' <s_refl <s_refl' @relevant %
822qed.
823
824lemma program_counter_status_of_pseudo_status:
825    ∀M. ∀sigma: Word → Word. ∀policy.
826    ∀code_memory: pseudo_assembly_program.
827    ∀s: PreStatus ? code_memory.
828    ∀s'.
829    ∀s''.
830    sigma (program_counter … s) = s'' →
831    (status_of_pseudo_status M code_memory s sigma policy) = s' →
832      program_counter … (code_memory_of_pseudo_assembly_program code_memory sigma policy)
833        s' = s''.
834  #M #sigma #policy #code_memory #s #s' #s'' #s_refl #s_refl' <s_refl <s_refl' //
835qed.
836
837lemma get_cy_flag_status_of_pseudo_status:
838  ∀M, cm, sigma, policy, s, s'.
839  (status_of_pseudo_status M cm s sigma policy) = s' →
840  (get_cy_flag (BitVectorTrie Byte 16)
841    (code_memory_of_pseudo_assembly_program cm sigma policy)
842    s' =
843  get_cy_flag pseudo_assembly_program cm s).
844  #M #cm #sigma #policy #s #s' #s_refl <s_refl
845  whd in match get_cy_flag; normalize nodelta
846  >(get_index_v_status_of_pseudo_status … (refl …)) %
847qed.
848
849lemma get_arg_8_status_of_pseudo_status':
850  ∀cm.
851  ∀ps.
852  ∀l.
853  ∀addr:[[ direct ; indirect ; registr ; acc_a ; acc_b ; data ; acc_dptr ; acc_pc ; ext_indirect ; ext_indirect_dptr ]].
854    Σp: Byte. ∀M. ∀sigma. ∀policy. ∀s'.
855      (status_of_pseudo_status M cm ps sigma policy) = s' →
856      map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
857      get_arg_8 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
858      s' l addr =
859      map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr (get_arg_8 … cm ps l addr).
860  whd in match get_arg_8; normalize nodelta
861  @(let m ≝ pseudo_assembly_program in
862    λcm: m. λs: PreStatus m cm. λl: bool. λa: [[direct; indirect; registr; acc_a; acc_b; data; acc_dptr; acc_pc; ext_indirect; ext_indirect_dptr]].
863    match a return λx. bool_to_Prop (is_in ? [[ direct; indirect; registr; acc_a; acc_b; data; acc_dptr; acc_pc; ext_indirect; ext_indirect_dptr ]] x) → Σp. ? with
864      [ ACC_A ⇒ λacc_a: True. get_8051_sfr ?? s SFR_ACC_A
865      | ACC_B ⇒ λacc_b: True. get_8051_sfr ?? s SFR_ACC_B
866      | DATA d ⇒ λdata: True. d
867      | REGISTER r ⇒ λregister: True. get_register ?? s r
868      | EXT_INDIRECT_DPTR ⇒
869        λext_indirect_dptr: True.
870          let address ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
871            lookup ? 16 address (external_ram ?? s) (zero 8)
872      | EXT_INDIRECT e ⇒
873        λext_indirect: True.
874          let address ≝ get_register ?? s [[ false; false; e ]]  in
875          let padded_address ≝ pad 8 8 address in
876            lookup ? 16 padded_address (external_ram ?? s) (zero 8)
877      | ACC_DPTR ⇒
878        λacc_dptr: True.
879          let dptr ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
880          let padded_acc ≝ pad 8 8 (get_8051_sfr ?? s SFR_ACC_A) in
881          let 〈carry, address〉 ≝ half_add 16 dptr padded_acc in
882            lookup ? 16 address (external_ram ?? s) (zero 8)
883      | ACC_PC ⇒
884        λacc_pc: True.
885          let padded_acc ≝ pad 8 8 (get_8051_sfr ?? s SFR_ACC_A) in
886          let 〈 carry, address 〉 ≝ half_add 16 (program_counter ?? s) padded_acc in
887            lookup ? 16 address (external_ram ?? s) (zero 8)
888      | DIRECT d ⇒
889        λdirect: True.
890          let 〈hd, seven_bits〉 ≝ vsplit bool 1 7 d in
891            match head' … hd with
892            [ true ⇒ get_bit_addressable_sfr m cm s (true:::seven_bits) l
893            | false ⇒ lookup ? 7 seven_bits (low_internal_ram … s) (zero …)
894            ]
895      | INDIRECT i ⇒
896        λindirect: True.
897          let 〈hd, seven_bits〉 ≝ vsplit bool 1 7 (get_register … s [[false;false;i]]) in
898            match head' … hd with
899            [ true ⇒ lookup ? 7 seven_bits (high_internal_ram … s) (zero …)
900            | false ⇒ lookup ? 7 seven_bits (low_internal_ram … s) (zero …)
901            ]
902      | _ ⇒ λother: False.
903        match other in False with [ ]
904      ] (subaddressing_modein … a)) normalize nodelta
905  #M #sigma #policy #s' #s_refl <s_refl
906  whd in match map_address_mode_using_internal_pseudo_address_map_ok1; normalize nodelta
907  whd in match map_address_mode_using_internal_pseudo_address_map_ok2; normalize nodelta
908  [1:
909    #_ >p normalize nodelta >p1 normalize nodelta
910    @(get_bit_addressable_sfr_status_of_pseudo_status … (refl …)) %
911  |2:
912    #_>p normalize nodelta >p1 normalize nodelta
913    @(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma) %
914  |3,4:
915    #assoc_list_assm >(get_register_status_of_pseudo_status … (refl …) (refl …))
916    whd in match map_internal_ram_address_using_pseudo_address_map in ⊢ (??%?); normalize nodelta
917    >assoc_list_assm normalize nodelta >p normalize nodelta >p1 normalize nodelta
918    [1:
919      @(lookup_high_internal_ram_of_pseudo_high_internal_ram … sigma)
920    |2:
921      @(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma)
922    ]
923    @eq_f2 try % <(vsplit_ok … (sym_eq … p)) <eq_cons_head_append >p1 %
924  |5:
925    #assoc_list_assm >(get_register_status_of_pseudo_status … (refl …) (refl …))
926    whd in match map_internal_ram_address_using_pseudo_address_map in ⊢ (??%?); normalize nodelta
927    >assoc_list_assm normalize nodelta %
928  |6,7,8,9:
929    #_ /2 by refl, get_register_status_of_pseudo_status, get_index_v_status_of_pseudo_status/
930  |10:
931    #acc_a_assm >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
932    >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
933    >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
934    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
935    >acc_a_assm >p normalize nodelta //
936  |11:
937    * #map_acc_a_assm #sigma_assm >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
938    >(program_counter_status_of_pseudo_status … (refl …) (refl …))
939    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
940    >sigma_assm >map_acc_a_assm >p normalize nodelta //
941  |12:
942    #_ >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
943    >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
944    >external_ram_status_of_pseudo_status //
945  ]
946qed.
947
948lemma get_arg_8_status_of_pseudo_status:
949  ∀cm.
950  ∀ps.
951  ∀l.
952  ∀addr:[[ direct ; indirect ; registr ; acc_a ; acc_b ; data ; acc_dptr ; acc_pc ; ext_indirect ; ext_indirect_dptr ]].
953  ∀M. ∀sigma. ∀policy. ∀s', s''.
954      (status_of_pseudo_status M cm ps sigma policy) = s' →
955      map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr (get_arg_8 … cm ps l addr) = s'' →
956      map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
957      get_arg_8 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
958      s' l addr = s''.
959  #cm #ps #l #addr
960  cases (get_arg_8_status_of_pseudo_status' cm ps l addr) #_ #relevant
961  #M #sigma #policy #s' #s'' #s_refl #s_refl' <s_refl'
962  @relevant assumption
963qed.
964
965lemma get_arg_16_status_of_pseudo_status:
966  ∀cm.
967  ∀ps.
968  ∀addr: [[data16]].
969  ∀M. ∀sigma. ∀policy. ∀s'.
970    status_of_pseudo_status M cm ps sigma policy = s' →
971      get_arg_16 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
972      s' addr =
973      (get_arg_16 … cm ps addr).
974  #cm #ps #addr #M #sigma #policy #s' #s_refl <s_refl //
975qed.
976
977lemma set_arg_16_status_of_pseudo_status:
978  ∀cm.
979  ∀ps.
980  ∀addr: [[dptr]].
981  ∀v: Word.
982  ∀M. ∀sigma. ∀policy. ∀s'.
983    status_of_pseudo_status M cm ps sigma policy = s' →
984      set_arg_16 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
985      s' v addr =
986      status_of_pseudo_status M cm (set_arg_16 ? cm ps v addr) sigma policy.
987  #cm #ps #addr #v #M #sigma #policy #s' #s_refl <s_refl
988  @(subaddressing_mode_elim … addr)
989  whd in match set_arg_16; normalize nodelta
990  whd in match set_arg_16'; normalize nodelta
991  @(vsplit_elim bool ???) #bu #bl #bu_bl_refl normalize nodelta
992  @set_8051_sfr_status_of_pseudo_status try % @sym_eq
993  @set_8051_sfr_status_of_pseudo_status %
994qed.
995
996definition map_bit_address_mode_using_internal_pseudo_address_map_get ≝
997 λM:internal_pseudo_address_map.λcm: pseudo_assembly_program.λs:PreStatus ? cm.λsigma: Word → Word. λaddr. λl.
998  match addr with
999  [ BIT_ADDR b ⇒
1000    let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 b in
1001    match head' … bit_1 with
1002    [ true ⇒
1003      let address ≝ nat_of_bitvector … seven_bits in
1004      let d ≝ address ÷ 8 in
1005      let m ≝ address mod 8 in
1006      let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
1007        map_address_Byte_using_internal_pseudo_address_map M sigma trans (get_bit_addressable_sfr pseudo_assembly_program cm s trans l) = get_bit_addressable_sfr … cm s trans l
1008    | false ⇒
1009      let address ≝ nat_of_bitvector … seven_bits in
1010      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
1011      let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
1012        map_internal_ram_address_using_pseudo_address_map M sigma
1013          (false:::address') t = t
1014    ]
1015  | N_BIT_ADDR b ⇒
1016    let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 b in
1017    match head' … bit_1 with
1018    [ true ⇒
1019      let address ≝ nat_of_bitvector … seven_bits in
1020      let d ≝ address ÷ 8 in
1021      let m ≝ address mod 8 in
1022      let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
1023        map_address_Byte_using_internal_pseudo_address_map M sigma trans (get_bit_addressable_sfr pseudo_assembly_program cm s trans l) = get_bit_addressable_sfr … cm s trans l
1024    | false ⇒
1025      let address ≝ nat_of_bitvector … seven_bits in
1026      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
1027      let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
1028        map_internal_ram_address_using_pseudo_address_map M sigma
1029          (false:::address') t = t
1030    ]
1031  | _ ⇒ True ].
1032
1033lemma get_arg_1_status_of_pseudo_status':
1034  ∀cm.
1035  ∀ps.
1036  ∀addr: [[bit_addr; n_bit_addr; carry]].
1037  ∀l.
1038    Σb: bool. ∀M. ∀sigma. ∀policy. ∀s'.
1039      status_of_pseudo_status M cm ps sigma policy = s' →
1040      map_bit_address_mode_using_internal_pseudo_address_map_get M cm ps sigma addr l →
1041      get_arg_1 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
1042      s' addr l =
1043      (get_arg_1 … cm ps addr l).
1044  whd in match get_arg_1; normalize nodelta
1045  @(let m ≝ pseudo_assembly_program in
1046    λcm: m. λs: PseudoStatus cm. λa:[[bit_addr; n_bit_addr; carry]]. λl.
1047    match a return λx. bool_to_Prop (is_in ? [[ bit_addr ;
1048                                                 n_bit_addr ;
1049                                                 carry ]] x) → Σb: bool. ? with
1050      [ BIT_ADDR b ⇒
1051        λbit_addr: True.
1052        let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 b in
1053        match head' … bit_1 with
1054        [ true ⇒
1055          let address ≝ nat_of_bitvector … seven_bits in
1056          let d ≝ address ÷ 8 in
1057          let m ≝ address mod 8 in
1058          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
1059          let sfr ≝ get_bit_addressable_sfr ?? s trans l in
1060            get_index_v … sfr m ?
1061        | false ⇒
1062          let address ≝ nat_of_bitvector … seven_bits in
1063          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
1064          let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
1065            get_index_v … t (modulus address 8) ?
1066        ]
1067      | N_BIT_ADDR n ⇒
1068        λn_bit_addr: True.
1069        let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 n in
1070        match head' … bit_1 with
1071        [ true ⇒
1072          let address ≝ nat_of_bitvector … seven_bits in
1073          let d ≝ address ÷ 8 in
1074          let m ≝ address mod 8 in
1075          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
1076          let sfr ≝ get_bit_addressable_sfr ?? s trans l in
1077            ¬(get_index_v … sfr m ?)
1078        | false ⇒
1079          let address ≝ nat_of_bitvector … seven_bits in
1080          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
1081          let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
1082            ¬(get_index_v … t (modulus address 8) ?)
1083        ]
1084      | CARRY ⇒ λcarry: True. get_cy_flag ?? s
1085      | _ ⇒ λother.
1086        match other in False with [ ]
1087      ] (subaddressing_modein … a)) normalize nodelta
1088  try @modulus_less_than
1089  #M #sigma #policy #s' #s_refl <s_refl
1090  [1:
1091    #_ >(get_cy_flag_status_of_pseudo_status … (refl …)) %
1092  |2,4:
1093    whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta
1094    >(get_bit_addressable_sfr_status_of_pseudo_status … (refl …) (refl …)) #map_address_assm
1095    >map_address_assm %
1096  |3,5:
1097    whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta
1098    whd in match status_of_pseudo_status; normalize nodelta
1099    >(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma … (refl …))
1100    #map_address_assm >map_address_assm %
1101  ]
1102qed.
1103
1104lemma get_arg_1_status_of_pseudo_status:
1105  ∀cm.
1106  ∀ps.
1107  ∀addr: [[bit_addr; n_bit_addr; carry]].
1108  ∀l.
1109  ∀M. ∀sigma. ∀policy. ∀s'.
1110    status_of_pseudo_status M cm ps sigma policy = s' →
1111      map_bit_address_mode_using_internal_pseudo_address_map_get M cm ps sigma addr l →
1112      get_arg_1 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
1113      s' addr l =
1114      (get_arg_1 … cm ps addr l).
1115  #cm #ps #addr #l
1116  cases (get_arg_1_status_of_pseudo_status' cm ps addr l) #_ #assm
1117  @assm
1118qed.
1119
1120definition map_bit_address_mode_using_internal_pseudo_address_map_set_1 ≝
1121  λM: internal_pseudo_address_map.
1122  λcm: pseudo_assembly_program.
1123  λs: PreStatus ? cm.
1124  λsigma: Word → Word.
1125  λaddr: [[bit_addr; carry]].
1126  λv: Bit.
1127  match addr with
1128  [ BIT_ADDR b ⇒
1129    let 〈bit_1, seven_bits〉 ≝ vsplit bool 1 7 (get_8051_sfr … s SFR_PSW) in
1130    match head' … bit_1 with
1131    [ true ⇒
1132      let address ≝ nat_of_bitvector … seven_bits in
1133      let d ≝ address ÷ 8 in
1134      let m ≝ address mod 8 in
1135      let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
1136      let sfr ≝ get_bit_addressable_sfr … s t true in
1137        map_address_Byte_using_internal_pseudo_address_map M sigma t sfr = sfr
1138    | false ⇒
1139      let address ≝ nat_of_bitvector … seven_bits in
1140      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
1141      let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
1142        map_internal_ram_address_using_pseudo_address_map M sigma
1143          (false:::address') t = t
1144    ]   
1145  | CARRY ⇒ True
1146  | _ ⇒ True
1147  ].
1148
1149definition map_bit_address_mode_using_internal_pseudo_address_map_set_2 ≝
1150  λM: internal_pseudo_address_map.
1151  λcm: pseudo_assembly_program.
1152  λs: PreStatus ? cm.
1153  λsigma: Word → Word.
1154  λaddr: [[bit_addr; carry]].
1155  λv: Bit.
1156  match addr with
1157  [ BIT_ADDR b ⇒
1158    let 〈bit_1, seven_bits〉 ≝ vsplit bool 1 7 (get_8051_sfr … s SFR_PSW) in
1159    match head' … bit_1 with
1160    [ true ⇒
1161      let address ≝ nat_of_bitvector … seven_bits in
1162      let d ≝ address ÷ 8 in
1163      let m ≝ address mod 8 in
1164      let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
1165      let sfr ≝ get_bit_addressable_sfr … s t true in
1166      let new_sfr ≝ set_index … sfr m v ? in
1167        map_address_Byte_using_internal_pseudo_address_map M sigma new_sfr t = t
1168    | false ⇒
1169      let address ≝ nat_of_bitvector … seven_bits in
1170      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
1171      let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
1172      let n_bit ≝ set_index … t (modulus address 8) v ? in
1173      let memory ≝ insert ? 7 address' n_bit (low_internal_ram ?? s) in
1174        map_internal_ram_address_using_pseudo_address_map M sigma
1175          (false:::address') n_bit = n_bit
1176    ]   
1177  | CARRY ⇒ True
1178  | _ ⇒ True
1179  ].
1180  @modulus_less_than
1181qed.
1182
1183lemma set_arg_1_status_of_pseudo_status':
1184  ∀cm: pseudo_assembly_program.
1185  ∀ps: PreStatus pseudo_assembly_program cm.
1186  ∀addr: [[bit_addr; carry]].
1187  ∀b: Bit.
1188    Σp: PreStatus … cm. ∀M. ∀sigma. ∀policy. ∀s'. ∀b'.
1189      b = b' →
1190      status_of_pseudo_status M cm ps sigma policy = s' →
1191      map_bit_address_mode_using_internal_pseudo_address_map_set_1 M cm ps sigma addr b →
1192      map_bit_address_mode_using_internal_pseudo_address_map_set_2 M cm ps sigma addr b →
1193        set_arg_1 (BitVectorTrie Byte 16)
1194          (code_memory_of_pseudo_assembly_program cm sigma policy)
1195          s' addr b =
1196        status_of_pseudo_status M cm (set_arg_1 … cm ps addr b') sigma policy.
1197  whd in match set_arg_1; normalize nodelta
1198  whd in match map_bit_address_mode_using_internal_pseudo_address_map_set_1; normalize nodelta
1199  whd in match map_bit_address_mode_using_internal_pseudo_address_map_set_2; normalize nodelta
1200  @(let m ≝ pseudo_assembly_program in
1201    λcm.
1202    λs: PreStatus m cm.
1203    λa: [[bit_addr; carry]].
1204    λv: Bit.
1205    match a return λx. bool_to_Prop (is_in ? [[bit_addr ; carry]] x) → Σp. ? with
1206      [ BIT_ADDR b ⇒ λbit_addr: True.
1207        let 〈bit_1, seven_bits〉 ≝ vsplit bool 1 7 (get_8051_sfr … s SFR_PSW) in
1208        match head' … bit_1 with
1209        [ true ⇒
1210          let address ≝ nat_of_bitvector … seven_bits in
1211          let d ≝ address ÷ 8 in
1212          let m ≝ address mod 8 in
1213          let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
1214          let sfr ≝ get_bit_addressable_sfr … s t true in
1215          let new_sfr ≝ set_index … sfr m v ? in
1216            set_bit_addressable_sfr … s new_sfr t
1217        | false ⇒
1218          let address ≝ nat_of_bitvector … seven_bits in
1219          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
1220          let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
1221          let n_bit ≝ set_index … t (modulus address 8) v ? in
1222          let memory ≝ insert ? 7 address' n_bit (low_internal_ram ?? s) in
1223            set_low_internal_ram … s memory
1224        ]
1225      | CARRY ⇒
1226        λcarry: True.
1227        let 〈ignore, seven_bits〉 ≝ vsplit bool 1 7 (get_8051_sfr … s SFR_PSW) in
1228        let new_psw ≝ v:::seven_bits in
1229          set_8051_sfr ?? s SFR_PSW new_psw
1230      | _ ⇒
1231        λother: False.
1232          match other in False with
1233            [ ]
1234      ] (subaddressing_modein … a)) normalize nodelta
1235  try @modulus_less_than #M #sigma #policy #s' #b' #b_refl <b_refl #s_refl <s_refl
1236  [1:
1237    #_ #_ >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
1238    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
1239    >p normalize nodelta @set_8051_sfr_status_of_pseudo_status %
1240  |2,3:
1241    >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
1242    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
1243    >p normalize nodelta >p1 normalize nodelta
1244    #map_bit_address_assm_1 #map_bit_address_assm_2
1245    [1:
1246      >(get_bit_addressable_sfr_status_of_pseudo_status … (refl …) (refl …))
1247      >map_bit_address_assm_1
1248      >(set_bit_addressable_sfr_status_of_pseudo_status cm s … map_bit_address_assm_2) %
1249    |2:
1250      whd in match status_of_pseudo_status in ⊢ (??(????%)?); normalize nodelta
1251      >(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma … (refl …))
1252      >map_bit_address_assm_1
1253      >(insert_low_internal_ram_of_pseudo_low_internal_ram … map_bit_address_assm_2)
1254      >set_low_internal_ram_status_of_pseudo_status in ⊢ (??%?); %
1255    ]
1256  ]
1257qed.
1258
1259lemma set_arg_1_status_of_pseudo_status:
1260  ∀cm: pseudo_assembly_program.
1261  ∀ps: PreStatus pseudo_assembly_program cm.
1262  ∀addr: [[bit_addr; carry]].
1263  ∀b: Bit.
1264  ∀M. ∀sigma. ∀policy. ∀s'. ∀b'.
1265      b = b' →
1266      status_of_pseudo_status M cm ps sigma policy = s' →
1267      map_bit_address_mode_using_internal_pseudo_address_map_set_1 M cm ps sigma addr b →
1268      map_bit_address_mode_using_internal_pseudo_address_map_set_2 M cm ps sigma addr b →
1269        set_arg_1 (BitVectorTrie Byte 16)
1270          (code_memory_of_pseudo_assembly_program cm sigma policy)
1271          s' addr b =
1272        status_of_pseudo_status M cm (set_arg_1 … cm ps addr b') sigma policy.
1273  #cm #ps #addr #b
1274  cases (set_arg_1_status_of_pseudo_status' cm ps addr b) #_ #relevant
1275  @relevant
1276qed.
1277
1278lemma clock_status_of_pseudo_status:
1279 ∀M,cm,sigma,policy,s,s'.
1280  (status_of_pseudo_status M cm s sigma policy) = s' →
1281  clock …
1282   (code_memory_of_pseudo_assembly_program cm sigma policy)
1283   s'
1284  = clock … cm s.
1285  #M #cm #sigma #policy #s #s' #s_refl <s_refl //
1286qed.
1287
1288lemma set_clock_status_of_pseudo_status:
1289 ∀M,cm,sigma,policy,s,s',v,v'.
1290 status_of_pseudo_status M cm s sigma policy = s' →
1291 v = v' →
1292  set_clock …
1293   (code_memory_of_pseudo_assembly_program cm sigma policy)
1294   s' v
1295  = status_of_pseudo_status M cm (set_clock … cm s v') sigma policy.
1296  #M #cm #sigma #policy #s #s' #v #v' #s_refl #v_refl <s_refl <v_refl //
1297qed.
1298
1299lemma let_pair_in_status_of_pseudo_status:
1300  ∀A, B, M, cm, sigma, policy. ∀c, c': A × B. ∀s, s'.
1301    c = c' →
1302    (∀left, right. status_of_pseudo_status M cm (s left right c') sigma policy = s' left right c') →
1303    let 〈left, right〉 ≝ c' in s' left right c' =
1304    status_of_pseudo_status M cm (let 〈left, right〉 ≝ c in s left right c) sigma policy.
1305  #A #B #M #cm #sigma #policy * #a #b * #a' #b' #s #s' normalize nodelta //
1306qed.
1307
1308lemma let_pair_as_in_status_of_pseudo_status:
1309  ∀A, B, M, cm, sigma, policy. ∀c, c': A × B. ∀s, s'.
1310  ∀c_refl: c = c'.
1311    (∀left, right, H. status_of_pseudo_status M cm (s left right H c') sigma policy = s' left right H c) →
1312    let 〈left, right〉 as H ≝ c' in s' left right H c =
1313    status_of_pseudo_status M cm (let 〈left, right〉 as H' ≝ c in s left right ? c) sigma policy.
1314  [2: >H' assumption ]
1315  #A #B #M #cm #sigma #policy * #a #b * #a' #b' #s #s'
1316  #destruct_assm destruct(destruct_assm) normalize nodelta
1317  #status_of_pseudo_status_assm >status_of_pseudo_status_assm //
1318qed.
1319
1320lemma if_then_else_status_of_pseudo_status:
1321  ∀M: internal_pseudo_address_map.
1322  ∀cm: pseudo_assembly_program.
1323  ∀sigma: Word → Word.
1324  ∀policy: Word → bool.
1325  ∀s, s', s'', s'''.
1326  ∀t, t': bool.
1327    t = t' →
1328    status_of_pseudo_status M cm s sigma policy = s' →
1329    status_of_pseudo_status M cm s'' sigma policy = s''' →
1330      if t then
1331        s'
1332      else
1333        s''' =
1334      status_of_pseudo_status M cm (if t' then s else s'') sigma policy.
1335  #M #cm #sigma #policy #s #s' #s'' #s''' #t #t' #t_refl #s_refl
1336  >t_refl normalize nodelta >s_refl cases t' normalize nodelta //
1337qed.
Note: See TracBrowser for help on using the repository browser.