Context Navigation

Test.ma @ 2672

Last change on this file since 2672 was 2284, checked in by sacerdot, 8 years ago
PUSH finished
File size: 92.8 KB

Line
1	include "ASM/Assembly.ma".
2	include "ASM/Interpret.ma".
3	include "ASM/StatusProofs.ma".
4	include alias "arithmetics/nat.ma".
5	include "ASM/AssemblyProof.ma".
6
7	lemma let_pair_in_status_of_pseudo_status:
8	∀A, B, M, cm, sigma, policy. ∀c, c': A × B. ∀s, s'.
9	c' = c →
10	(∀left, right.
11	s' left right c' = status_of_pseudo_status M cm (s left right c') sigma policy) →
12	(let 〈left, right〉 ≝ c' in s' left right c') =
13	status_of_pseudo_status M cm (let 〈left, right〉 ≝ c in s left right c) sigma policy.
14	#A #B #M #cm #sigma #policy * #a #b * #a' #b' #s #s' normalize nodelta //
15	qed.
16
17	lemma let_pair_as_in_status_of_pseudo_status:
18	∀A, B, M, cm, sigma, policy. ∀c, c': A × B. ∀s, s'.
19	c' = c →
20	(∀left, right, H, H'. s' left right H' c' = status_of_pseudo_status M cm (s left right H c) sigma policy) →
21	(let 〈left, right〉 as H' ≝ c' in s' left right H' c') =
22	status_of_pseudo_status M cm (let 〈left, right〉 as H ≝ c in s left right H c) sigma policy.
23	#A #B #M #cm #sigma #policy * #a #b * #a' #b' #s #s' normalize nodelta #destruct_refl
24	destruct(destruct_refl) /2/
25	qed.
26
27	lemma if_then_else_status_of_pseudo_status:
28	∀M: internal_pseudo_address_map.
29	∀cm: pseudo_assembly_program.
30	∀sigma: Word → Word.
31	∀policy: Word → bool.
32	∀s, s', s'', s'''.
33	∀t, t': bool.
34	t = t' →
35	s' = status_of_pseudo_status M cm s sigma policy →
36	s''' = status_of_pseudo_status M cm s'' sigma policy →
37	if t then
38	s'
39	else
40	s''' =
41	status_of_pseudo_status M cm (if t' then s else s'') sigma policy.
42	#M #cm #sigma #policy #s #s' #s'' #s''' #t #t' #t_refl #s_refl
43	>t_refl normalize nodelta >s_refl cases t' normalize nodelta //
44	qed.
45
46	lemma set_program_counter_status_of_pseudo_status:
47	∀M.
48	∀cm.
49	∀sigma.
50	∀policy.
51	∀s, s'.
52	∀new_ppc, new_ppc'.
53	sigma new_ppc = new_ppc' →
54	s' = status_of_pseudo_status M cm s sigma policy →
55	set_program_counter (BitVectorTrie Byte 16)
56	(code_memory_of_pseudo_assembly_program cm sigma policy)
57	s' new_ppc' =
58	status_of_pseudo_status M cm (set_program_counter … cm s new_ppc) sigma policy.
59	#M #cm #sigma #policy #s #s' #new_ppc #new_ppc'
60	#new_ppc_refl #s_refl <new_ppc_refl >s_refl //
61	qed.
62
63	lemma set_p1_latch_status_of_pseudo_status:
64	∀M.
65	∀code_memory.
66	∀sigma.
67	∀policy.
68	∀s,s'.
69	∀v.
70	s' = status_of_pseudo_status M code_memory s sigma policy →
71	set_p1_latch (BitVectorTrie Byte 16)
72	(code_memory_of_pseudo_assembly_program code_memory sigma policy)
73	s' v =
74	status_of_pseudo_status M code_memory
75	(set_p1_latch pseudo_assembly_program code_memory s v) sigma policy.
76	#M #cm #sigma #policy #s #s' #new_ppc #s_refl >s_refl //
77	qed.
78
79	lemma set_p3_latch_status_of_pseudo_status:
80	∀M.
81	∀code_memory.
82	∀sigma.
83	∀policy.
84	∀s, s'.
85	∀v.
86	s' = status_of_pseudo_status M code_memory s sigma policy →
87	set_p3_latch (BitVectorTrie Byte 16)
88	(code_memory_of_pseudo_assembly_program code_memory sigma policy)
89	s' v =
90	status_of_pseudo_status M code_memory
91	(set_p3_latch pseudo_assembly_program code_memory s v) sigma policy.
92	#M #code_memory #sigma #policy #s #s' #v #s_refl >s_refl //
93	qed.
94
95	definition map_address_using_internal_pseudo_address_map:
96	∀M: internal_pseudo_address_map. (Word → Word) → SFR8051 → Byte → Byte ≝
97	λM, sigma, sfr, v.
98	match sfr with
99	[ SFR_ACC_A ⇒ map_acc_a_using_internal_pseudo_address_map M sigma v
100	\| _ ⇒ v
101	].
102
103	lemma set_index_set_index_overwrite:
104	∀A: Type[0].
105	∀n: nat.
106	∀v: Vector A n.
107	∀index: nat.
108	∀e, e': A.
109	∀proof.
110	∀proof'.
111	set_index A n v index e proof =
112	set_index A n (set_index A n v index e' proof') index e proof.
113	#A #n #v elim v normalize
114	[1:
115	#index #e #e' #absurd cases (lt_to_not_zero … absurd)
116	\|2:
117	#n' #hd #tl #inductive_hypothesis #index #e #e' cases index #proof #proof'
118	normalize //
119	]
120	qed.
121
122	lemma set_index_set_index_commutation:
123	∀A: Type[0].
124	∀n: nat.
125	∀v: Vector A n.
126	∀m, o: nat.
127	∀m_lt_proof: m < n.
128	∀o_lt_proof: o < n.
129	∀e, f: A.
130	m ≠ o →
131	set_index A n (set_index A n v o f o_lt_proof) m e m_lt_proof =
132	set_index A n (set_index A n v m e m_lt_proof) o f o_lt_proof.
133	#A #n #v elim v
134	[1:
135	#m #o #m_lt_proof
136	normalize in m_lt_proof; cases (lt_to_not_zero … m_lt_proof)
137	\|2:
138	#n' #hd #tl #inductive_hypothesis
139	#m #o
140	cases m cases o
141	[1:
142	#m_lt_proof #o_lt_proof #e #f #absurd @⊥ cases absurd #relevant
143	@relevant %
144	\|2,3:
145	#o' normalize //
146	\|4:
147	#m' #o' #m_lt_proof #o_lt_proof #e #f #o_neq_m_assm
148	normalize @eq_f @inductive_hypothesis @nmk #relevant
149	>relevant in o_neq_m_assm; #relevant @(absurd ?? relevant) %
150	]
151	]
152	qed.
153
154	(* XXX: move elsewhere *)
155	lemma get_index_v_set_index_miss:
156	∀a: Type[0].
157	∀n: nat.
158	∀v: Vector a n.
159	∀i, j: nat.
160	∀e: a.
161	∀i_proof: i < n.
162	∀j_proof: j < n.
163	i ≠ j →
164	get_index_v a n (set_index a n v i e i_proof) j j_proof =
165	get_index_v a n v j j_proof.
166	#a #n #v elim v
167	[1:
168	#i #j #e #i_proof
169	cases (lt_to_not_zero … i_proof)
170	\|2:
171	#n' #hd #tl #inductive_hypothesis #i #j
172	cases i cases j
173	[1:
174	#e #i_proof #j_proof #neq_assm
175	cases (absurd ? (refl … 0) neq_assm)
176	\|2,3:
177	#i' #e #i_proof #j_proof #_ %
178	\|4:
179	#i' #j' #e #i_proof #j_proof #neq_assm
180	@inductive_hypothesis @nmk #eq_assm
181	>eq_assm in neq_assm; #neq_assm
182	cases (absurd ? (refl ??) neq_assm)
183	]
184	]
185	qed.
186
187	lemma get_index_v_set_index_hit:
188	∀A: Type[0].
189	∀n: nat.
190	∀v: Vector A n.
191	∀i: nat.
192	∀e: A.
193	∀i_lt_n_proof: i < n.
194	∀i_lt_n_proof': i < n.
195	get_index_v A n (set_index A n v i e i_lt_n_proof) i i_lt_n_proof' = e.
196	#A #n #v elim v
197	[1:
198	#i #e #i_lt_n_proof
199	cases (lt_to_not_zero … i_lt_n_proof)
200	\|2:
201	#n' #hd #tl #inductive_hypothesis #i #e
202	cases i
203	[1:
204	#i_lt_n_proof #i_lt_n_proof' %
205	\|2:
206	#i' #i_lt_n_proof' #i_lt_n_proof''
207	whd in ⊢ (??%?); @inductive_hypothesis
208	]
209	]
210	qed.
211
212	lemma set_index_status_of_pseudo_status:
213	∀M, code_memory, sigma, policy, s, sfr, v, v'.
214	map_address_using_internal_pseudo_address_map M sigma sfr v = v' →
215	(set_index Byte 19
216	(special_function_registers_8051 (BitVectorTrie Byte 16)
217	(code_memory_of_pseudo_assembly_program code_memory sigma policy)
218	(status_of_pseudo_status M code_memory s sigma policy))
219	(sfr_8051_index sfr) v' (sfr8051_index_19 sfr)
220	=sfr_8051_of_pseudo_sfr_8051 M
221	(special_function_registers_8051 pseudo_assembly_program code_memory
222	(set_8051_sfr pseudo_assembly_program code_memory s sfr v)) sigma).
223	#M #code_memory #sigma #policy #s #sfr #v #v' #sfr_neq_acc_a_assm
224	whd in match status_of_pseudo_status; normalize nodelta
225	whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
226	inversion (\snd M) try ( * #upper_lower #address) #sndM_refl normalize nodelta
227	[1:
228	<sfr_neq_acc_a_assm cases sfr
229	[18:
230	whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
231	whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
232	>sndM_refl %
233	]
234	%
235	\|2:
236	inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
237	@pair_elim #high #low #high_low_refl normalize nodelta
238	whd in match set_8051_sfr; normalize nodelta
239	<sfr_neq_acc_a_assm
240	cases sfr in high_low_refl sfr_neq_acc_a_assm;
241	[18,37:
242	@pair_elim #high' #low' #high_low_refl'
243	#high_low_refl
244	whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
245	whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
246	>sndM_refl normalize nodelta whd in match map_value_using_opt_address_entry; normalize nodelta
247	>eq_upper_lower_refl normalize nodelta
248	[1:
249	#relevant >relevant
250	<set_index_set_index_overwrite in ⊢ (??%?);
251	<set_index_set_index_overwrite in ⊢ (???%);
252	>get_index_v_set_index_hit in high_low_refl';
253	#assm >assm in relevant; normalize nodelta * %
254	\|2:
255	#relevant >relevant
256	<set_index_set_index_overwrite in ⊢ (??%?);
257	<set_index_set_index_overwrite in ⊢ (???%);
258	>get_index_v_set_index_hit in high_low_refl';
259	#assm >assm in relevant; normalize nodelta * %
260	]
261	]
262	whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
263	#relevant * >get_index_v_set_index_miss
264	try (% #absurd normalize in absurd; destruct(absurd))
265	>relevant normalize nodelta
266	@set_index_set_index_commutation % #absurd normalize in absurd; destruct(absurd)
267	]
268	qed.
269
270	lemma get_index_v_status_of_pseudo_status:
271	∀M, code_memory, sigma, policy, s, s', sfr.
272	map_address_using_internal_pseudo_address_map M sigma sfr
273	(get_index_v Byte 19
274	(special_function_registers_8051 pseudo_assembly_program code_memory s)
275	(sfr_8051_index sfr) (sfr8051_index_19 sfr)) = s' →
276	get_index_v Byte 19
277	(special_function_registers_8051 (BitVectorTrie Byte 16)
278	(code_memory_of_pseudo_assembly_program code_memory sigma policy)
279	(status_of_pseudo_status M code_memory s sigma policy))
280	(sfr_8051_index sfr) (sfr8051_index_19 sfr) = s'.
281	#M #code_memory #sigma #policy #s #s' #sfr #s_refl <s_refl
282	whd in match status_of_pseudo_status; normalize nodelta
283	whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
284	inversion (\snd M) try ( * #upper_lower #address) #sndM_refl normalize nodelta
285	[1:
286	cases sfr
287	[18:
288	whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
289	whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
290	>sndM_refl %
291	]
292	%
293	\|2:
294	inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
295	@pair_elim #high #low #high_low_refl normalize nodelta
296	cases sfr
297	[18,37:
298	whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
299	whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
300	whd in match map_value_using_opt_address_entry; normalize nodelta
301	>sndM_refl normalize nodelta >high_low_refl normalize nodelta
302	>eq_upper_lower_refl normalize nodelta
303	whd in match (set_8051_sfr ?????); //
304	]
305	@get_index_v_set_index_miss whd in ⊢ (?(??%%));
306	@nmk #absurd destruct(absurd)
307	]
308	qed.
309
310	lemma set_8051_sfr_status_of_pseudo_status:
311	∀M, code_memory, sigma, policy, s, s', sfr, v,v'.
312	s' = status_of_pseudo_status M code_memory s sigma policy →
313	map_address_using_internal_pseudo_address_map M sigma sfr v = v' →
314	set_8051_sfr ? (code_memory_of_pseudo_assembly_program code_memory sigma policy) s' sfr v' =
315	status_of_pseudo_status M code_memory
316	(set_8051_sfr pseudo_assembly_program code_memory s sfr v) sigma policy.
317	#M #code_memory #sigma #policy #s #s' #sfr #v #v' #s_ok #v_ok
318	>s_ok whd in ⊢ (??%%); @split_eq_status try % /2 by set_index_status_of_pseudo_status/
319	qed.
320
321	(*lemma get_8051_sfr_status_of_pseudo_status:
322	∀M.
323	∀cm, ps, sigma, policy.
324	∀sfr.
325	(sfr = SFR_ACC_A → \snd M = None …) →
326	get_8051_sfr (BitVectorTrie Byte 16)
327	(code_memory_of_pseudo_assembly_program cm sigma policy)
328	(status_of_pseudo_status M cm ps sigma policy) sfr =
329	get_8051_sfr pseudo_assembly_program cm ps sfr.
330	#M #cm #ps #sigma #policy * cases M #fstM #sndM #relevant
331	[18: >relevant % ]
332	cases sndM try % * #address
333	whd in match get_8051_sfr;
334	whd in match status_of_pseudo_status; normalize nodelta
335	whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta #address
336	cases (eq_upper_lower ??) normalize nodelta
337	@pair_elim #upper #lower #upper_lower_refl
338	@get_index_v_set_index_miss @nmk #relevant
339	normalize in relevant; destruct(relevant)
340	qed.*)
341
342	lemma get_8051_sfr_status_of_pseudo_status:
343	∀M, code_memory, sigma, policy, s, s', s'', sfr.
344	s' = status_of_pseudo_status M code_memory s sigma policy →
345	map_address_using_internal_pseudo_address_map M sigma sfr
346	(get_8051_sfr pseudo_assembly_program code_memory s sfr) = s'' →
347	get_8051_sfr (BitVectorTrie Byte 16)
348	(code_memory_of_pseudo_assembly_program code_memory sigma policy)
349	s' sfr = s''.
350	#M #code_memory #sigma #policy #s #s' #s'' #sfr #s_refl #s_refl' >s_refl <s_refl'
351	whd in match get_8051_sfr; normalize nodelta
352	@get_index_v_status_of_pseudo_status %
353	qed.
354
355	lemma get_8052_sfr_status_of_pseudo_status:
356	∀M, code_memory, sigma, policy, s, s', sfr.
357	s' = status_of_pseudo_status M code_memory s sigma policy →
358	(get_8052_sfr (BitVectorTrie Byte 16)
359	(code_memory_of_pseudo_assembly_program code_memory sigma policy)
360	s' sfr =
361	(get_8052_sfr pseudo_assembly_program code_memory s sfr)).
362	#M #code_memory #sigma #policy #s #s' #sfr #s_refl >s_refl //
363	qed.
364
365	lemma set_8052_sfr_status_of_pseudo_status:
366	∀M, code_memory, sigma, policy, s, s', sfr, v.
367	s' = status_of_pseudo_status M code_memory s sigma policy →
368	(set_8052_sfr (BitVectorTrie Byte 16)
369	(code_memory_of_pseudo_assembly_program code_memory sigma policy) s' sfr v =
370	status_of_pseudo_status M code_memory
371	(set_8052_sfr pseudo_assembly_program code_memory s sfr v) sigma policy).
372	#M #code_memory #sigma #policy #s #s' #sfr #v #s_refl >s_refl //
373	qed.
374
375	definition map_address_Byte_using_internal_pseudo_address_map ≝
376	λM,sigma,d,v.
377	match sfr_of_Byte d with
378	[ None ⇒ v
379	\| Some sfr8051_8052 ⇒
380	match sfr8051_8052 with
381	[ inl sfr ⇒
382	map_address_using_internal_pseudo_address_map M sigma sfr v
383	\| inr _ ⇒ v
384	]
385	].
386
387	lemma set_bit_addressable_sfr_status_of_pseudo_status':
388	let M ≝ pseudo_assembly_program in
389	∀code_memory: M.
390	∀s: PreStatus M code_memory.
391	∀d: Byte.
392	∀v: Byte.
393	Σp: PreStatus M code_memory.
394	∀M.
395	∀sigma.
396	∀policy.
397	∀s'.
398	∀v'.
399	s' = status_of_pseudo_status M code_memory s sigma policy →
400	map_address_Byte_using_internal_pseudo_address_map M sigma d v = v' →
401	(set_bit_addressable_sfr (BitVectorTrie Byte 16)
402	(code_memory_of_pseudo_assembly_program code_memory sigma policy) s' d v' =
403	status_of_pseudo_status M code_memory
404	(set_bit_addressable_sfr pseudo_assembly_program code_memory s d v) sigma policy).
405	whd in match map_address_Byte_using_internal_pseudo_address_map;
406	whd in match set_bit_addressable_sfr;
407	normalize nodelta
408	@(let M ≝ pseudo_assembly_program in
409	λcode_memory:M.
410	λs: PreStatus M code_memory.
411	λb: Byte.
412	λv: Byte.
413	match sfr_of_Byte b with
414	[ None ⇒ match not_implemented in False with [ ]
415	\| Some sfr8051_8052 ⇒
416	match sfr8051_8052 with
417	[ inl sfr ⇒
418	match sfr with
419	[ SFR_P1 ⇒
420	let status_1 ≝ set_8051_sfr ?? s SFR_P1 v in
421	set_p1_latch ?? s v
422	\| SFR_P3 ⇒
423	let status_1 ≝ set_8051_sfr ?? s SFR_P3 v in
424	set_p3_latch ?? s v
425	\| _ ⇒ set_8051_sfr ?? s sfr v ]
426	\| inr sfr ⇒ set_8052_sfr ?? s sfr v ]])
427	normalize nodelta #M #sigma #policy #s' #v' #s_refl >s_refl
428	/2 by refl, set_8051_sfr_status_of_pseudo_status, set_8052_sfr_status_of_pseudo_status/
429	whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
430	#v_refl >v_refl //
431	qed.
432
433	lemma set_bit_addressable_sfr_status_of_pseudo_status:
434	∀code_memory: pseudo_assembly_program. ∀s: PreStatus … code_memory. ∀d: Byte. ∀v: Byte.
435	∀M. ∀sigma. ∀policy. ∀s': Status ?. ∀v'.
436	s' = status_of_pseudo_status M code_memory s sigma policy →
437	map_address_Byte_using_internal_pseudo_address_map M sigma d v = v' →
438	(set_bit_addressable_sfr (BitVectorTrie Byte 16)
439	(code_memory_of_pseudo_assembly_program code_memory sigma policy)
440	s' d v'
441	=status_of_pseudo_status M code_memory
442	(set_bit_addressable_sfr pseudo_assembly_program code_memory s d v) sigma policy).
443	#code #s #d #v cases (set_bit_addressable_sfr_status_of_pseudo_status' code s d v) #_
444	#H @H
445	qed.
446
447	(* Real axiom ATM *)
448	axiom insert_low_internal_ram_of_pseudo_low_internal_ram:
449	∀M,sigma,cm,s,addr,v,v'.
450	map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v = v' →
451	insert Byte 7 addr v'
452	(low_internal_ram_of_pseudo_low_internal_ram M sigma
453	(low_internal_ram pseudo_assembly_program cm s))
454	=low_internal_ram_of_pseudo_low_internal_ram M sigma
455	(insert Byte 7 addr v (low_internal_ram pseudo_assembly_program cm s)).
456
457	lemma insert_low_internal_ram_status_of_pseudo_status:
458	∀M,cm,sigma,policy,s,addr,v,v'.
459	map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v = v' →
460	insert Byte 7 addr v'
461	(low_internal_ram (BitVectorTrie Byte 16)
462	(code_memory_of_pseudo_assembly_program cm sigma policy)
463	(status_of_pseudo_status M cm s sigma policy))
464	= low_internal_ram_of_pseudo_low_internal_ram M sigma
465	(insert Byte 7 addr v
466	(low_internal_ram pseudo_assembly_program cm s)).
467	/2 by insert_low_internal_ram_of_pseudo_low_internal_ram/
468	qed.
469
470	(* Real axiom ATM *)
471	axiom insert_high_internal_ram_of_pseudo_high_internal_ram:
472	∀M,sigma,cm,s,addr,v,v'.
473	map_internal_ram_address_using_pseudo_address_map M sigma (true:::addr) v = v' →
474	insert Byte 7 addr v'
475	(high_internal_ram_of_pseudo_high_internal_ram M sigma
476	(high_internal_ram pseudo_assembly_program cm s))
477	=high_internal_ram_of_pseudo_high_internal_ram M sigma
478	(insert Byte 7 addr v (high_internal_ram pseudo_assembly_program cm s)).
479
480	lemma insert_high_internal_ram_status_of_pseudo_status:
481	∀M,cm,sigma,policy,s,addr,v,v'.
482	map_internal_ram_address_using_pseudo_address_map M sigma (true:::addr) v = v' →
483	insert Byte 7 addr v'
484	(high_internal_ram (BitVectorTrie Byte 16)
485	(code_memory_of_pseudo_assembly_program cm sigma policy)
486	(status_of_pseudo_status M cm s sigma policy))
487	= high_internal_ram_of_pseudo_high_internal_ram M sigma
488	(insert Byte 7 addr v
489	(high_internal_ram pseudo_assembly_program cm s)).
490	/2 by insert_high_internal_ram_of_pseudo_high_internal_ram/
491	qed.
492
493	lemma bit_address_of_register_status_of_pseudo_status:
494	∀M,cm,s,sigma,policy,r.
495	bit_address_of_register …
496	(code_memory_of_pseudo_assembly_program cm sigma policy)
497	(status_of_pseudo_status M cm s sigma policy) r =
498	bit_address_of_register … cm s r.
499	#M #cm #s #sigma #policy #r whd in ⊢ (??%%);
500	>(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
501	@pair_elim #un #ln #_
502	@pair_elim #r1 #r0 #_ %
503	qed.
504
505	(*CSC: provable using the axiom in AssemblyProof, but this one seems more
506	primitive *)
507	axiom lookup_low_internal_ram_of_pseudo_low_internal_ram:
508	∀M,sigma,cm,s,s',addr.
509	map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr)
510	(lookup Byte 7 addr
511	(low_internal_ram pseudo_assembly_program cm s) (zero 8)) = s' →
512	lookup Byte 7 addr
513	(low_internal_ram_of_pseudo_low_internal_ram M sigma
514	(low_internal_ram pseudo_assembly_program cm s)) (zero 8)
515	= s'.
516
517	(*CSC: provable using the axiom in AssemblyProof, but this one seems more
518	primitive *)
519	axiom lookup_high_internal_ram_of_pseudo_high_internal_ram:
520	∀M,sigma,cm,s,s',addr.
521	map_internal_ram_address_using_pseudo_address_map M sigma (true:::addr)
522	(lookup Byte 7 addr
523	(high_internal_ram pseudo_assembly_program cm s) (zero 8)) = s' →
524	lookup Byte 7 addr
525	(high_internal_ram_of_pseudo_high_internal_ram M sigma
526	(high_internal_ram pseudo_assembly_program cm s)) (zero 8)
527	= s'.
528
529	lemma get_register_status_of_pseudo_status:
530	∀M,cm,sigma,policy,s,s',s'',r.
531	status_of_pseudo_status M cm s sigma policy = s' →
532	map_internal_ram_address_using_pseudo_address_map M sigma (false:::bit_address_of_register pseudo_assembly_program cm s r)
533	(get_register … cm s r) = s'' →
534	get_register …
535	(code_memory_of_pseudo_assembly_program cm sigma policy)
536	s' r = s''.
537	#M #cm #sigma #policy #s #s' #s'' #r #s_refl #s_refl' <s_refl <s_refl'
538	whd in match get_register; normalize nodelta
539	whd in match status_of_pseudo_status; normalize nodelta
540	>bit_address_of_register_status_of_pseudo_status
541	@(lookup_low_internal_ram_of_pseudo_low_internal_ram … (refl …))
542	qed.
543
544	lemma external_ram_status_of_pseudo_status:
545	∀M,cm,s,sigma,policy.
546	external_ram …
547	(code_memory_of_pseudo_assembly_program cm sigma policy)
548	(status_of_pseudo_status M cm s sigma policy) =
549	external_ram … cm s.
550	//
551	qed.
552
553	lemma set_external_ram_status_of_pseudo_status:
554	∀M,cm,ps,sigma,policy,ram.
555	set_external_ram …
556	(code_memory_of_pseudo_assembly_program cm sigma policy)
557	(status_of_pseudo_status M cm ps sigma policy)
558	ram =
559	status_of_pseudo_status M cm (set_external_ram … cm ps ram) sigma policy.
560	//
561	qed.
562
563	definition internal_pseudo_address_map_equal_up_to_low ≝
564	λM,M': internal_pseudo_address_map. \snd M = \snd M' ∧ \snd (\fst M) = \snd (\fst M').
565
566	lemma set_low_internal_ram_status_of_pseudo_status2:
567	∀cm,sigma,policy,M,M',s,s',ram,ram'.
568	internal_pseudo_address_map_equal_up_to_low M M' →
569	s' = status_of_pseudo_status M' cm s sigma policy →
570	ram'=internal_ram_of_pseudo_internal_ram sigma ram (\fst (\fst M)) →
571	set_low_internal_ram (BitVectorTrie Byte 16)
572	(code_memory_of_pseudo_assembly_program cm sigma policy)
573	s'
574	ram'
575	= status_of_pseudo_status M cm
576	(set_low_internal_ram pseudo_assembly_program cm s ram) sigma policy.
577	#cm #sigma #policy #M #M' #s #s' #ram #ram' #M_refl #s_refl >s_refl #ram_refl >ram_refl
578	cases M' in M_refl; * #low' #high' #accA' cases M * #low #high #accA #H cases H
579	#accA_refl #high_refl destruct whd in ⊢ (??%%); @split_eq_status %
580	qed.
581
582	lemma set_low_internal_ram_status_of_pseudo_status:
583	∀cm,sigma,policy,M,s,s',ram,ram'.
584	s' = status_of_pseudo_status M cm s sigma policy →
585	ram'=internal_ram_of_pseudo_internal_ram sigma ram (\fst (\fst M)) →
586	set_low_internal_ram (BitVectorTrie Byte 16)
587	(code_memory_of_pseudo_assembly_program cm sigma policy)
588	s'
589	ram'
590	= status_of_pseudo_status M cm
591	(set_low_internal_ram pseudo_assembly_program cm s ram) sigma policy.
592	#cm #sigma #policy #M #s #s' #ram #ram' @set_low_internal_ram_status_of_pseudo_status2
593	% %
594	qed.
595
596	lemma set_register_status_of_pseudo_status:
597	∀M,sigma,policy,cm,s,s',r,v,v'.
598	s' = status_of_pseudo_status M cm s sigma policy →
599	map_internal_ram_address_using_pseudo_address_map M sigma
600	(false:::bit_address_of_register pseudo_assembly_program cm s r) v =v' →
601	set_register (BitVectorTrie Byte 16)
602	(code_memory_of_pseudo_assembly_program cm sigma policy)
603	s' r v'
604	= status_of_pseudo_status M cm (set_register pseudo_assembly_program cm s r v)
605	sigma policy.
606	#M #sigma #policy #cm #s #s' #r #v #v' #s_refl >s_refl #v_ok
607	whd in match set_register; normalize nodelta
608	>bit_address_of_register_status_of_pseudo_status
609	@set_low_internal_ram_status_of_pseudo_status try %
610	>(insert_low_internal_ram_status_of_pseudo_status … v_ok)
611	cases M * #low #high #accA %
612	qed.
613
614	definition map_address_mode_using_internal_pseudo_address_map_ok1 ≝
615	λM:internal_pseudo_address_map.λcm.λs:PreStatus ? cm.λsigma. λaddr.
616	let 〈low,high,accA〉 ≝ M in
617	match addr with
618	[ INDIRECT i ⇒
619	lookup_opt …
620	(bit_address_of_register pseudo_assembly_program cm s [[false; false; i]]) low = None …
621	\| EXT_INDIRECT e ⇒
622	lookup_opt …
623	(bit_address_of_register pseudo_assembly_program cm s [[false; false; e]]) low = None …
624	\| ACC_DPTR ⇒
625	(* XXX: \snd M = None plus in the very rare case when we are trying to dereference a null (O) pointer
626	in the ACC_A *)
627	map_acc_a_using_internal_pseudo_address_map M sigma (get_8051_sfr pseudo_assembly_program cm s SFR_ACC_A) =
628	get_8051_sfr … cm s SFR_ACC_A
629	\| ACC_PC ⇒
630	(* XXX: as above *)
631	map_acc_a_using_internal_pseudo_address_map M sigma (get_8051_sfr pseudo_assembly_program cm s SFR_ACC_A) =
632	get_8051_sfr … cm s SFR_ACC_A ∧ sigma (program_counter … s) = program_counter … s
633	\| _ ⇒ True ].
634
635	definition map_address_mode_using_internal_pseudo_address_map_ok2 ≝
636	λT,M,sigma,cm.λs:PreStatus T cm.λaddr,v.
637	match addr with
638	[ DIRECT d ⇒
639	let 〈 bit_one, seven_bits 〉 as vsplit_refl ≝ vsplit … 1 7 d in
640	match head' … bit_one with
641	[ true ⇒
642	map_address_Byte_using_internal_pseudo_address_map M sigma (true:::seven_bits) v
643	\| false ⇒
644	map_internal_ram_address_using_pseudo_address_map M sigma (false:::seven_bits) v ]
645	\| INDIRECT i ⇒
646	let register ≝ get_register ?? s [[ false; false; i ]] in
647	map_internal_ram_address_using_pseudo_address_map M sigma register v
648	\| REGISTER r ⇒
649	map_internal_ram_address_using_pseudo_address_map M sigma
650	(false:::bit_address_of_register … s r) v
651	\| ACC_A ⇒
652	map_address_using_internal_pseudo_address_map M sigma SFR_ACC_A v
653	\| _ ⇒ v ].
654
655	(CSC: move elsewhere)
656	lemma eq_head': ∀A,n,v. v = head' A n v ::: tail … v.
657	#A #n #v inversion v in ⊢ ?;
658	[ #abs @⊥ lapply (jmeq_to_eq ??? abs) /2/
659	\| #m #hd #tl #_ #EQ <(injective_S … EQ) in tl; #tl #EQ' >EQ' % ]
660	qed.
661
662	(CSC: move elsewhere)
663	lemma tail_singleton: ∀A,v. tail A 0 v = [[]].
664	#A #v inversion v in ⊢ ?;
665	[ #abs @⊥ lapply (jmeq_to_eq ??? abs) #H destruct(H)
666	\| #n #hd #tl #_ #EQ <(injective_S … EQ) in tl; #tl #EQ1 >EQ1 normalize
667	/2 by jmeq_to_eq/
668	]
669	qed.
670
671	(CSC: move elsewhere)
672	lemma eq_cons_head_append:
673	∀A,n.∀hd: Vector A 1. ∀tl: Vector A n.
674	head' A 0 hd:::tl = hd@@tl.
675	#A #n #hd #tl >(eq_head' … hd) >tail_singleton %
676	qed.
677
678	lemma set_arg_8_status_of_pseudo_status':
679	∀cm.
680	∀ps.
681	∀addr:[[ direct ; indirect ; registr ; acc_a ; acc_b ; ext_indirect ; ext_indirect_dptr ]].
682	∀value. Σp: PreStatus ? cm. ∀M. ∀sigma. ∀policy. ∀s'. ∀value'.
683	s' = status_of_pseudo_status M cm ps sigma policy →
684	map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
685	map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr value = value' →
686	set_arg_8 (BitVectorTrie Byte 16)
687	(code_memory_of_pseudo_assembly_program cm sigma policy)
688	s' addr value' =
689	status_of_pseudo_status M cm (set_arg_8 … cm ps addr value) sigma policy.
690	whd in match set_arg_8; normalize nodelta
691	@(let m ≝ pseudo_assembly_program in λcm, s. λa: [[ direct ; indirect ; registr ;
692	acc_a ; acc_b ; ext_indirect ;
693	ext_indirect_dptr ]]. λv.
694	match a return λaddr. bool_to_Prop (is_in ? [[ direct ; indirect ; registr ;
695	acc_a ; acc_b ; ext_indirect ;
696	ext_indirect_dptr ]] addr) →
697	Σp.?
698	with
699	[ DIRECT d ⇒
700	λdirect: True.
701	deplet 〈 bit_one, seven_bits 〉 as vsplit_refl ≝ vsplit ? 1 7 d in
702	match head' … bit_one with
703	[ true ⇒ set_bit_addressable_sfr ?? s (true:::seven_bits) v
704	\| false ⇒
705	let memory ≝ insert ? 7 seven_bits v (low_internal_ram ?? s) in
706	set_low_internal_ram ?? s memory
707	]
708
709	\| INDIRECT i ⇒
710	λindirect: True.
711	let register ≝ get_register ?? s [[ false; false; i ]] in
712	let 〈bit_one, seven_bits〉 ≝ vsplit ? 1 7 register in
713	match head' … bit_one with
714	[ false ⇒
715	let memory ≝ insert … seven_bits v (low_internal_ram ?? s) in
716	set_low_internal_ram ?? s memory
717	\| true ⇒
718	let memory ≝ insert … seven_bits v (high_internal_ram ?? s) in
719	set_high_internal_ram ?? s memory
720	]
721	\| REGISTER r ⇒ λregister: True. set_register ?? s r v
722	\| ACC_A ⇒ λacc_a: True. set_8051_sfr ?? s SFR_ACC_A v
723	\| ACC_B ⇒ λacc_b: True. set_8051_sfr ?? s SFR_ACC_B v
724	\| EXT_INDIRECT e ⇒
725	λext_indirect: True.
726	let address ≝ get_register ?? s [[ false; false; e ]] in
727	let padded_address ≝ pad 8 8 address in
728	let memory ≝ insert ? 16 padded_address v (external_ram ?? s) in
729	set_external_ram ?? s memory
730	\| EXT_INDIRECT_DPTR ⇒
731	λext_indirect_dptr: True.
732	let address ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
733	let memory ≝ insert ? 16 address v (external_ram ?? s) in
734	set_external_ram ?? s memory
735	\| _ ⇒
736	λother: False.
737	match other in False with [ ]
738	] (subaddressing_modein … a)) normalize nodelta
739	#M #sigma #policy #s' #v' #s_refl >s_refl
740	whd in match map_address_mode_using_internal_pseudo_address_map_ok1; normalize nodelta
741	whd in match map_address_mode_using_internal_pseudo_address_map_ok2; normalize nodelta
742	[1,2:
743	<vsplit_refl normalize nodelta >p normalize nodelta
744	[ >(vsplit_ok … vsplit_refl) #_ @set_bit_addressable_sfr_status_of_pseudo_status
745	\| #_ #v_ok >(insert_low_internal_ram_status_of_pseudo_status … v) // ]
746	\|3,4: cases M * -M #low #high #accA normalize nodelta
747	#EQ1 #EQ2 change with (get_register ????) in match register in p;
748	>(get_register_status_of_pseudo_status … (refl …) (refl …))
749	whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
750	whd in match (lookup_from_internal_ram ??);
751	>EQ1 normalize nodelta >p normalize nodelta >p1 normalize nodelta
752	[ >(insert_high_internal_ram_status_of_pseudo_status … v)
753	\| >(insert_low_internal_ram_status_of_pseudo_status … v) ]
754	// <EQ2 @eq_f2 try % <(vsplit_ok … (sym_eq … p)) <eq_cons_head_append >p1 %
755	\|5: cases M * -M #low #high #accA normalize nodelta
756	#EQ1 #EQ2 <EQ2 >(get_register_status_of_pseudo_status … (refl …) (refl …))
757	whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
758	whd in match lookup_from_internal_ram; normalize nodelta
759	>EQ1 normalize nodelta
760	>external_ram_status_of_pseudo_status @set_external_ram_status_of_pseudo_status
761	\|6: #EQ1 #EQ2 <EQ2 /2 by set_register_status_of_pseudo_status/
762	\|7: #EQ1 #EQ2 <EQ2 /2 by set_8051_sfr_status_of_pseudo_status/
763	\|8: #_ #EQ <EQ @set_8051_sfr_status_of_pseudo_status %
764	\|9: #_ #EQ <EQ >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
765	>(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
766	>external_ram_status_of_pseudo_status @set_external_ram_status_of_pseudo_status ] %
767	qed.
768
769	lemma set_arg_8_status_of_pseudo_status:
770	∀cm.
771	∀ps.
772	∀addr, addr':[[ direct ; indirect ; registr ; acc_a ; acc_b ; ext_indirect ; ext_indirect_dptr ]].
773	∀value.
774	∀M. ∀sigma. ∀policy. ∀s'. ∀value'.
775	addr = addr' →
776	s' = status_of_pseudo_status M cm ps sigma policy →
777	map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
778	map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr value = value' →
779	set_arg_8 (BitVectorTrie Byte 16)
780	(code_memory_of_pseudo_assembly_program cm sigma policy)
781	s' addr value' =
782	status_of_pseudo_status M cm (set_arg_8 … cm ps addr' value) sigma policy.
783	#cm #ps #addr #addr' #value
784	cases (set_arg_8_status_of_pseudo_status' cm ps addr value) #_ #relevant
785	#M #sigma #policy #s' #value' #addr_refl <addr_refl
786	@relevant
787	qed.
788
789	lemma p1_latch_status_of_pseudo_status:
790	∀M.
791	∀sigma.
792	∀policy.
793	∀code_memory: pseudo_assembly_program.
794	∀s: PreStatus … code_memory.
795	∀s'.
796	s' = status_of_pseudo_status M code_memory s sigma policy →
797	(p1_latch (BitVectorTrie Byte 16)
798	(code_memory_of_pseudo_assembly_program code_memory sigma policy)
799	s' =
800	(p1_latch pseudo_assembly_program code_memory s)).
801	#M #sigma #policy #code_memory #s #s' #s_refl >s_refl //
802	qed.
803
804	lemma p3_latch_status_of_pseudo_status:
805	∀M.
806	∀sigma.
807	∀policy.
808	∀code_memory: pseudo_assembly_program.
809	∀s: PreStatus … code_memory.
810	∀s'.
811	s' = status_of_pseudo_status M code_memory s sigma policy →
812	(p3_latch (BitVectorTrie Byte 16)
813	(code_memory_of_pseudo_assembly_program code_memory sigma policy)
814	(status_of_pseudo_status M code_memory s sigma policy) =
815	(p3_latch pseudo_assembly_program code_memory s)).
816	#M #sigma #policy #code_memory #s #s' #s_refl >s_refl //
817	qed.
818
819	lemma get_bit_addressable_sfr_status_of_pseudo_status':
820	let M ≝ pseudo_assembly_program in
821	∀code_memory: M.
822	∀s: PreStatus M code_memory.
823	∀d: Byte.
824	∀l: bool.
825	Σp: Byte. ∀M. ∀sigma. ∀policy. ∀s'.
826	s' = status_of_pseudo_status M code_memory s sigma policy →
827	(get_bit_addressable_sfr (BitVectorTrie Byte 16)
828	(code_memory_of_pseudo_assembly_program code_memory sigma policy)
829	s' d l =
830	map_address_Byte_using_internal_pseudo_address_map M sigma
831	d (get_bit_addressable_sfr pseudo_assembly_program code_memory s d l)).
832	whd in match get_bit_addressable_sfr;
833	whd in match map_address_Byte_using_internal_pseudo_address_map;
834	normalize nodelta
835	@(let M ≝ pseudo_assembly_program in
836	λcode_memory:M.
837	λs: PreStatus M code_memory.
838	λb: Byte.
839	λl: bool.
840	match sfr_of_Byte b with
841	[ None ⇒ match not_implemented in False with [ ]
842	\| Some sfr8051_8052 ⇒
843	match sfr8051_8052 with
844	[ inl sfr ⇒
845	match sfr with
846	[ SFR_P1 ⇒
847	if l then
848	p1_latch … s
849	else
850	get_8051_sfr … s SFR_P1
851	\| SFR_P3 ⇒
852	if l then
853	p3_latch … s
854	else
855	get_8051_sfr … s SFR_P3
856	\| _ ⇒ get_8051_sfr … s sfr
857	]
858	\| inr sfr ⇒ get_8052_sfr M code_memory s sfr
859	]
860	])
861	#M #sigma #policy #s' #s_refl >s_refl normalize nodelta
862	/2 by get_8051_sfr_status_of_pseudo_status, p1_latch_status_of_pseudo_status, p3_latch_status_of_pseudo_status/
863	qed.
864
865	lemma get_bit_addressable_sfr_status_of_pseudo_status:
866	let M ≝ pseudo_assembly_program in
867	∀code_memory: M.
868	∀s: PreStatus M code_memory.
869	∀d: Byte.
870	∀l: bool.
871	∀M. ∀sigma. ∀policy. ∀s'. ∀s''.
872	map_address_Byte_using_internal_pseudo_address_map M sigma
873	d (get_bit_addressable_sfr pseudo_assembly_program code_memory s d l) = s'' →
874	s' = status_of_pseudo_status M code_memory s sigma policy →
875	(get_bit_addressable_sfr (BitVectorTrie Byte 16)
876	(code_memory_of_pseudo_assembly_program code_memory sigma policy)
877	s' d l) = s''.
878	#code #s #d #v
879	cases (get_bit_addressable_sfr_status_of_pseudo_status' code s d v) #_ #relevant
880	#M #sigma #policy #s' #s'' #s_refl #s_refl' <s_refl >s_refl' @relevant %
881	qed.
882
883	lemma program_counter_status_of_pseudo_status:
884	∀M. ∀sigma: Word → Word. ∀policy.
885	∀code_memory: pseudo_assembly_program.
886	∀s: PreStatus ? code_memory.
887	∀s'.
888	∀s''.
889	sigma (program_counter … s) = s'' →
890	s' = status_of_pseudo_status M code_memory s sigma policy →
891	program_counter … (code_memory_of_pseudo_assembly_program code_memory sigma policy)
892	s' = s''.
893	#M #sigma #policy #code_memory #s #s' #s'' #s_refl #s_refl' <s_refl >s_refl' //
894	qed.
895
896	lemma get_cy_flag_status_of_pseudo_status:
897	∀M, cm, sigma, policy, s, s'.
898	s' = status_of_pseudo_status M cm s sigma policy →
899	(get_cy_flag (BitVectorTrie Byte 16)
900	(code_memory_of_pseudo_assembly_program cm sigma policy)
901	s' =
902	get_cy_flag pseudo_assembly_program cm s).
903	#M #cm #sigma #policy #s #s' #s_refl >s_refl
904	whd in match get_cy_flag; normalize nodelta
905	>(get_index_v_status_of_pseudo_status … (refl …)) %
906	qed.
907
908	lemma get_arg_8_status_of_pseudo_status':
909	∀cm.
910	∀ps.
911	∀l.
912	∀addr:[[ direct ; indirect ; registr ; acc_a ; acc_b ; data ; acc_dptr ; acc_pc ; ext_indirect ; ext_indirect_dptr ]].
913	Σp: Byte. ∀M. ∀sigma. ∀policy. ∀s'.
914	s' = status_of_pseudo_status M cm ps sigma policy →
915	map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
916	get_arg_8 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
917	s' l addr =
918	map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr (get_arg_8 … cm ps l addr).
919	whd in match get_arg_8; normalize nodelta
920	@(let m ≝ pseudo_assembly_program in
921	λcm: m. λs: PreStatus m cm. λl: bool. λa: [[direct; indirect; registr; acc_a; acc_b; data; acc_dptr; acc_pc; ext_indirect; ext_indirect_dptr]].
922	match a return λx. bool_to_Prop (is_in ? [[ direct; indirect; registr; acc_a; acc_b; data; acc_dptr; acc_pc; ext_indirect; ext_indirect_dptr ]] x) → Σp. ? with
923	[ ACC_A ⇒ λacc_a: True. get_8051_sfr ?? s SFR_ACC_A
924	\| ACC_B ⇒ λacc_b: True. get_8051_sfr ?? s SFR_ACC_B
925	\| DATA d ⇒ λdata: True. d
926	\| REGISTER r ⇒ λregister: True. get_register ?? s r
927	\| EXT_INDIRECT_DPTR ⇒
928	λext_indirect_dptr: True.
929	let address ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
930	lookup ? 16 address (external_ram ?? s) (zero 8)
931	\| EXT_INDIRECT e ⇒
932	λext_indirect: True.
933	let address ≝ get_register ?? s [[ false; false; e ]] in
934	let padded_address ≝ pad 8 8 address in
935	lookup ? 16 padded_address (external_ram ?? s) (zero 8)
936	\| ACC_DPTR ⇒
937	λacc_dptr: True.
938	let dptr ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
939	let padded_acc ≝ pad 8 8 (get_8051_sfr ?? s SFR_ACC_A) in
940	let 〈carry, address〉 ≝ half_add 16 dptr padded_acc in
941	lookup ? 16 address (external_ram ?? s) (zero 8)
942	\| ACC_PC ⇒
943	λacc_pc: True.
944	let padded_acc ≝ pad 8 8 (get_8051_sfr ?? s SFR_ACC_A) in
945	let 〈 carry, address 〉 ≝ half_add 16 (program_counter ?? s) padded_acc in
946	lookup ? 16 address (external_ram ?? s) (zero 8)
947	\| DIRECT d ⇒
948	λdirect: True.
949	let 〈hd, seven_bits〉 ≝ vsplit bool 1 7 d in
950	match head' … hd with
951	[ true ⇒ get_bit_addressable_sfr m cm s (true:::seven_bits) l
952	\| false ⇒ lookup ? 7 seven_bits (low_internal_ram … s) (zero …)
953	]
954	\| INDIRECT i ⇒
955	λindirect: True.
956	let 〈hd, seven_bits〉 ≝ vsplit bool 1 7 (get_register … s [[false;false;i]]) in
957	match head' … hd with
958	[ true ⇒ lookup ? 7 seven_bits (high_internal_ram … s) (zero …)
959	\| false ⇒ lookup ? 7 seven_bits (low_internal_ram … s) (zero …)
960	]
961	\| _ ⇒ λother: False.
962	match other in False with [ ]
963	] (subaddressing_modein … a)) normalize nodelta
964	#M #sigma #policy #s' #s_refl >s_refl
965	whd in match map_address_mode_using_internal_pseudo_address_map_ok1; normalize nodelta
966	whd in match map_address_mode_using_internal_pseudo_address_map_ok2; normalize nodelta
967	[1:
968	#_ >p normalize nodelta >p1 normalize nodelta
969	@(get_bit_addressable_sfr_status_of_pseudo_status … (refl …)) %
970	\|2:
971	#_>p normalize nodelta >p1 normalize nodelta
972	@(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma) %
973	\|3,4: cases M -M * #low #high #accA
974	#assoc_list_assm >(get_register_status_of_pseudo_status … (refl …) (refl …))
975	whd in match map_internal_ram_address_using_pseudo_address_map in ⊢ (??%?); normalize nodelta
976	whd in match lookup_from_internal_ram; normalize nodelta
977	>assoc_list_assm normalize nodelta >p normalize nodelta >p1 normalize nodelta
978	[1:
979	@(lookup_high_internal_ram_of_pseudo_high_internal_ram … 〈low,high,accA〉 sigma)
980	\|2:
981	@(lookup_low_internal_ram_of_pseudo_low_internal_ram … 〈low,high,accA〉 sigma)
982	]
983	@eq_f2 try % <(vsplit_ok … (sym_eq … p)) <eq_cons_head_append >p1 %
984	\|5: cases M -M * #low #high #accA
985	#assoc_list_assm >(get_register_status_of_pseudo_status … (refl …) (refl …))
986	whd in match map_internal_ram_address_using_pseudo_address_map in ⊢ (??%?); normalize nodelta
987	whd in match lookup_from_internal_ram; normalize nodelta
988	>assoc_list_assm normalize nodelta %
989	\|6,7,8,9:
990	#_ /2 by refl, get_register_status_of_pseudo_status, get_index_v_status_of_pseudo_status/
991	\|10: cases M -M * #low #high #accA
992	#acc_a_assm >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
993	>(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
994	>(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
995	whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
996	>acc_a_assm >p normalize nodelta //
997	\|11: cases M -M * #low #high #accA
998	* #map_acc_a_assm #sigma_assm >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
999	>(program_counter_status_of_pseudo_status … (refl …) (refl …))
1000	whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
1001	>sigma_assm >map_acc_a_assm >p normalize nodelta //
1002	\|12:
1003	#_ >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
1004	>(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
1005	>external_ram_status_of_pseudo_status //
1006	]
1007	qed.
1008
1009	lemma get_arg_8_status_of_pseudo_status:
1010	∀cm.
1011	∀ps.
1012	∀l.
1013	∀addr:[[ direct ; indirect ; registr ; acc_a ; acc_b ; data ; acc_dptr ; acc_pc ; ext_indirect ; ext_indirect_dptr ]].
1014	∀M. ∀sigma. ∀policy. ∀s', s''.
1015	s' = status_of_pseudo_status M cm ps sigma policy →
1016	map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr (get_arg_8 … cm ps l addr) = s'' →
1017	map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
1018	get_arg_8 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
1019	s' l addr = s''.
1020	#cm #ps #l #addr
1021	cases (get_arg_8_status_of_pseudo_status' cm ps l addr) #_ #relevant
1022	#M #sigma #policy #s' #s'' #s_refl #s_refl' <s_refl'
1023	@relevant assumption
1024	qed.
1025
1026	lemma get_arg_16_status_of_pseudo_status:
1027	∀cm.
1028	∀ps.
1029	∀addr: [[data16]].
1030	∀M. ∀sigma. ∀policy. ∀s'.
1031	s' = status_of_pseudo_status M cm ps sigma policy →
1032	get_arg_16 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
1033	s' addr =
1034	(get_arg_16 … cm ps addr).
1035	#cm #ps #addr #M #sigma #policy #s' #s_refl <s_refl //
1036	qed.
1037
1038	lemma set_arg_16_status_of_pseudo_status:
1039	∀cm.
1040	∀ps.
1041	∀addr,addr': [[dptr]].
1042	∀v,v': Word.
1043	∀M. ∀sigma. ∀policy. ∀s'.
1044	s' = status_of_pseudo_status M cm ps sigma policy →
1045	v=v' → addr=addr' →
1046	set_arg_16 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
1047	s' v' addr' =
1048	status_of_pseudo_status M cm (set_arg_16 ? cm ps v addr) sigma policy.
1049	#cm #ps #addr #addr' #v #v' #M #sigma #policy #s' #s_refl >s_refl #addr_refl
1050	<addr_refl #v_refl <v_refl
1051	@(subaddressing_mode_elim … addr)
1052	whd in match set_arg_16; normalize nodelta
1053	whd in match set_arg_16'; normalize nodelta
1054	@(vsplit_elim bool ???) #bu #bl #bu_bl_refl normalize nodelta
1055	@set_8051_sfr_status_of_pseudo_status try %
1056	@set_8051_sfr_status_of_pseudo_status %
1057	qed.
1058
1059	definition map_bit_address_mode_using_internal_pseudo_address_map_get ≝
1060	λM:internal_pseudo_address_map.λcm: pseudo_assembly_program.λs:PreStatus ? cm.λsigma: Word → Word. λaddr. λl.
1061	match addr with
1062	[ BIT_ADDR b ⇒
1063	let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 b in
1064	match head' … bit_1 with
1065	[ true ⇒
1066	let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
1067	let trans ≝ true:::four_bits @@ [[false; false; false]] in
1068	map_address_Byte_using_internal_pseudo_address_map M sigma trans (get_bit_addressable_sfr pseudo_assembly_program cm s trans l) = get_bit_addressable_sfr … cm s trans l
1069	\| false ⇒
1070	let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
1071	let address' ≝ [[true; false; false]]@@four_bits in
1072	let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
1073	map_internal_ram_address_using_pseudo_address_map M sigma
1074	(false:::address') t = t
1075	]
1076	\| N_BIT_ADDR b ⇒
1077	let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 b in
1078	match head' … bit_1 with
1079	[ true ⇒
1080	let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
1081	let trans ≝ true:::four_bits @@ [[false; false; false]] in
1082	map_address_Byte_using_internal_pseudo_address_map M sigma trans (get_bit_addressable_sfr pseudo_assembly_program cm s trans l) = get_bit_addressable_sfr … cm s trans l
1083	\| false ⇒
1084	let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
1085	let address' ≝ [[true; false; false]]@@four_bits in
1086	let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
1087	map_internal_ram_address_using_pseudo_address_map M sigma
1088	(false:::address') t = t
1089	]
1090	\| _ ⇒ True ].
1091
1092	lemma get_arg_1_status_of_pseudo_status':
1093	∀cm.
1094	∀ps.
1095	∀addr: [[bit_addr; n_bit_addr; carry]].
1096	∀l.
1097	Σb: bool. ∀M. ∀sigma. ∀policy. ∀s'.
1098	s' = status_of_pseudo_status M cm ps sigma policy →
1099	map_bit_address_mode_using_internal_pseudo_address_map_get M cm ps sigma addr l →
1100	get_arg_1 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
1101	s' addr l =
1102	(get_arg_1 … cm ps addr l).
1103	whd in match get_arg_1; normalize nodelta
1104	@(let m ≝ pseudo_assembly_program in
1105	λcm: m. λs: PseudoStatus cm. λa:[[bit_addr; n_bit_addr; carry]]. λl.
1106	match a return λx. bool_to_Prop (is_in ? [[ bit_addr ;
1107	n_bit_addr ;
1108	carry ]] x) → Σb: bool. ? with
1109	[ BIT_ADDR b ⇒
1110	λbit_addr: True.
1111	let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 b in
1112	match head' … bit_1 with
1113	[ true ⇒
1114	let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
1115	let trans ≝ true:::four_bits @@ [[false; false; false]] in
1116	let sfr ≝ get_bit_addressable_sfr ?? s trans l in
1117	get_index_v … sfr (nat_of_bitvector … three_bits) ?
1118	\| false ⇒
1119	let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
1120	let address' ≝ [[true; false; false]]@@four_bits in
1121	let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
1122	get_index_v … t (nat_of_bitvector … three_bits) ?
1123	]
1124	\| N_BIT_ADDR n ⇒
1125	λn_bit_addr: True.
1126	let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 n in
1127	match head' … bit_1 with
1128	[ true ⇒
1129	let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
1130	let trans ≝ true:::four_bits @@ [[false; false; false]] in
1131	let sfr ≝ get_bit_addressable_sfr ?? s trans l in
1132	¬(get_index_v ?? sfr (nat_of_bitvector … three_bits) ?)
1133	\| false ⇒
1134	let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
1135	let address' ≝ [[true; false; false]]@@four_bits in
1136	let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
1137	¬(get_index_v … t (nat_of_bitvector … three_bits) ?)
1138	]
1139	\| CARRY ⇒ λcarry: True. get_cy_flag ?? s
1140	\| _ ⇒ λother.
1141	match other in False with [ ]
1142	] (subaddressing_modein … a)) normalize nodelta
1143	[4,5,8,9: //]
1144	#M #sigma #policy #s' #s_refl >s_refl
1145	[1:
1146	#_ >(get_cy_flag_status_of_pseudo_status … (refl …)) %
1147	\|2,4:
1148	whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta destruct >p2
1149	normalize nodelta
1150	>(get_bit_addressable_sfr_status_of_pseudo_status … (refl …) (refl …)) #map_address_assm
1151	>map_address_assm %
1152	\|3,5:
1153	whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta
1154	whd in match status_of_pseudo_status; normalize nodelta destruct >p2 normalize nodelta
1155	>(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma … (refl …))
1156	#map_address_assm >map_address_assm %
1157	]
1158	qed.
1159
1160	lemma get_arg_1_status_of_pseudo_status:
1161	∀cm.
1162	∀ps.
1163	∀addr, addr': [[bit_addr; n_bit_addr; carry]].
1164	∀l.
1165	∀M. ∀sigma. ∀policy. ∀s'.
1166	addr = addr' →
1167	s' = status_of_pseudo_status M cm ps sigma policy →
1168	map_bit_address_mode_using_internal_pseudo_address_map_get M cm ps sigma addr l →
1169	get_arg_1 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
1170	s' addr l =
1171	(get_arg_1 … cm ps addr' l).
1172	#cm #ps #addr #addr' #l
1173	cases (get_arg_1_status_of_pseudo_status' cm ps addr l) #_ #assm
1174	#M #sigma #policy #s' #addr_refl <addr_refl
1175	@assm
1176	qed.
1177
1178	(*CSC: daemon
1179	definition map_bit_address_mode_using_internal_pseudo_address_map_set_1 ≝
1180	λM: internal_pseudo_address_map.
1181	λcm: pseudo_assembly_program.
1182	λs: PreStatus ? cm.
1183	λsigma: Word → Word.
1184	λaddr: [[bit_addr; carry]].
1185	λv: Bit.
1186	match addr with
1187	[ BIT_ADDR b ⇒
1188	let 〈bit_1, seven_bits〉 ≝ vsplit bool 1 7 b in
1189	match head' … bit_1 with
1190	[ true ⇒
1191	let address ≝ nat_of_bitvector … seven_bits in
1192	let d ≝ address ÷ 8 in
1193	let m ≝ address mod 8 in
1194	let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
1195	let sfr ≝ get_bit_addressable_sfr … s t true in
1196	map_address_Byte_using_internal_pseudo_address_map M sigma t sfr = sfr
1197	\| false ⇒
1198	let address ≝ nat_of_bitvector … seven_bits in
1199	let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
1200	let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
1201	map_internal_ram_address_using_pseudo_address_map M sigma
1202	(false:::address') t = t
1203	]
1204	\| CARRY ⇒ True
1205	\| _ ⇒ True
1206	].
1207
1208	definition map_bit_address_mode_using_internal_pseudo_address_map_set_2 ≝
1209	λM: internal_pseudo_address_map.
1210	λcm: pseudo_assembly_program.
1211	λs: PreStatus ? cm.
1212	λsigma: Word → Word.
1213	λaddr: [[bit_addr; carry]].
1214	λv: Bit.
1215	match addr with
1216	[ BIT_ADDR b ⇒
1217	let 〈bit_1, seven_bits〉 ≝ vsplit bool 1 7 b in
1218	match head' … bit_1 with
1219	[ true ⇒
1220	let address ≝ nat_of_bitvector … seven_bits in
1221	let d ≝ address ÷ 8 in
1222	let m ≝ address mod 8 in
1223	let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
1224	let sfr ≝ get_bit_addressable_sfr … s t true in
1225	let new_sfr ≝ set_index … sfr m v ? in
1226	map_address_Byte_using_internal_pseudo_address_map M sigma new_sfr t = t
1227	\| false ⇒
1228	let address ≝ nat_of_bitvector … seven_bits in
1229	let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
1230	let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
1231	let n_bit ≝ set_index … t (modulus address 8) v ? in
1232	let memory ≝ insert ? 7 address' n_bit (low_internal_ram ?? s) in
1233	map_internal_ram_address_using_pseudo_address_map M sigma
1234	(false:::address') n_bit = n_bit
1235	]
1236	\| CARRY ⇒ True
1237	\| _ ⇒ True
1238	].
1239	@modulus_less_than
1240	qed.
1241
1242	lemma set_arg_1_status_of_pseudo_status':
1243	∀cm: pseudo_assembly_program.
1244	∀ps: PreStatus pseudo_assembly_program cm.
1245	∀addr: [[bit_addr; carry]].
1246	∀b: Bit.
1247	Σp: PreStatus … cm. ∀M. ∀sigma. ∀policy. ∀s'. ∀b'.
1248	b = b' →
1249	status_of_pseudo_status M cm ps sigma policy = s' →
1250	map_bit_address_mode_using_internal_pseudo_address_map_set_1 M cm ps sigma addr b →
1251	map_bit_address_mode_using_internal_pseudo_address_map_set_2 M cm ps sigma addr b →
1252	set_arg_1 (BitVectorTrie Byte 16)
1253	(code_memory_of_pseudo_assembly_program cm sigma policy)
1254	s' addr b =
1255	status_of_pseudo_status M cm (set_arg_1 … cm ps addr b') sigma policy.
1256	whd in match set_arg_1; normalize nodelta
1257	whd in ⊢ (? → ? → ? → ? → ??(λx.? → ? → ? → ? → ? → ? → ? → %?????? → %?????? → ?));
1258	normalize nodelta
1259	@(let m ≝ pseudo_assembly_program in
1260	λcm.
1261	λs: PreStatus m cm.
1262	λa: [[bit_addr; carry]].
1263	λv: Bit.
1264	match a return λx. bool_to_Prop (is_in ? [[bit_addr ; carry]] x) → Σp. ? with
1265	[ BIT_ADDR b ⇒ λbit_addr: True.
1266	let 〈bit_1, seven_bits〉 ≝ vsplit bool 1 7 b in
1267	match head' … bit_1 with
1268	[ true ⇒
1269	let address ≝ nat_of_bitvector … seven_bits in
1270	let d ≝ address ÷ 8 in
1271	let m ≝ address mod 8 in
1272	let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
1273	let sfr ≝ get_bit_addressable_sfr … s t true in
1274	let new_sfr ≝ set_index … sfr m v ? in
1275	set_bit_addressable_sfr … s new_sfr t
1276	\| false ⇒
1277	let address ≝ nat_of_bitvector … seven_bits in
1278	let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
1279	let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
1280	let n_bit ≝ set_index … t (modulus address 8) v ? in
1281	let memory ≝ insert ? 7 address' n_bit (low_internal_ram ?? s) in
1282	set_low_internal_ram … s memory
1283	]
1284	\| CARRY ⇒
1285	λcarry: True.
1286	let 〈ignore, seven_bits〉 ≝ vsplit bool 1 7 (get_8051_sfr … s SFR_PSW) in
1287	let new_psw ≝ v:::seven_bits in
1288	set_8051_sfr ?? s SFR_PSW new_psw
1289	\| _ ⇒
1290	λother: False.
1291	match other in False with
1292	[ ]
1293	] (subaddressing_modein … a)) normalize nodelta
1294	try @modulus_less_than #M #sigma #policy #s' #b' #b_refl <b_refl #s_refl <s_refl
1295	[1:
1296	#_ #_ >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
1297	whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
1298	>p normalize nodelta @set_8051_sfr_status_of_pseudo_status %
1299	\|2,3:
1300	>p normalize nodelta >p1 normalize nodelta
1301	#map_bit_address_assm_1 #map_bit_address_assm_2
1302	[1:
1303	>(get_bit_addressable_sfr_status_of_pseudo_status … (refl …) (refl …))
1304	>map_bit_address_assm_1
1305	>(set_bit_addressable_sfr_status_of_pseudo_status cm s … map_bit_address_assm_2) %
1306	\|2:
1307	whd in match status_of_pseudo_status in ⊢ (??(????%)?); normalize nodelta
1308	>(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma … (refl …))
1309	>map_bit_address_assm_1
1310	>(insert_low_internal_ram_of_pseudo_low_internal_ram … map_bit_address_assm_2)
1311	>set_low_internal_ram_status_of_pseudo_status in ⊢ (??%?); %
1312	]
1313	]
1314	qed.
1315
1316	lemma set_arg_1_status_of_pseudo_status:
1317	∀cm: pseudo_assembly_program.
1318	∀ps: PreStatus pseudo_assembly_program cm.
1319	∀addr: [[bit_addr; carry]].
1320	∀b: Bit.
1321	∀M. ∀sigma. ∀policy. ∀s'. ∀b'.
1322	b = b' →
1323	status_of_pseudo_status M cm ps sigma policy = s' →
1324	map_bit_address_mode_using_internal_pseudo_address_map_set_1 M cm ps sigma addr b →
1325	map_bit_address_mode_using_internal_pseudo_address_map_set_2 M cm ps sigma addr b →
1326	set_arg_1 (BitVectorTrie Byte 16)
1327	(code_memory_of_pseudo_assembly_program cm sigma policy)
1328	s' addr b =
1329	status_of_pseudo_status M cm (set_arg_1 … cm ps addr b') sigma policy.
1330	#cm #ps #addr #b
1331	cases (set_arg_1_status_of_pseudo_status' cm ps addr b) #_ #relevant
1332	@relevant
1333	qed.*)
1334
1335	lemma clock_status_of_pseudo_status:
1336	∀M,cm,sigma,policy,s,s'.
1337	s' = status_of_pseudo_status M cm s sigma policy →
1338	clock …
1339	(code_memory_of_pseudo_assembly_program cm sigma policy)
1340	s'
1341	= clock … cm s.
1342	#M #cm #sigma #policy #s #s' #s_refl >s_refl //
1343	qed.
1344
1345	lemma set_clock_status_of_pseudo_status:
1346	∀M,cm,sigma,policy,s,s',v,v'.
1347	s' = status_of_pseudo_status M cm s sigma policy →
1348	v = v' →
1349	set_clock …
1350	(code_memory_of_pseudo_assembly_program cm sigma policy)
1351	s' v
1352	= status_of_pseudo_status M cm (set_clock … cm s v') sigma policy.
1353	#M #cm #sigma #policy #s #s' #v #v' #s_refl #v_refl >s_refl <v_refl //
1354	qed.
1355
1356	lemma set_flags_status_of_pseudo_status:
1357	∀M.
1358	∀sigma.
1359	∀policy.
1360	∀code_memory: pseudo_assembly_program.
1361	∀s: PreStatus ? code_memory.
1362	∀s'.
1363	∀b, b': Bit.
1364	∀opt, opt': option Bit.
1365	∀c, c': Bit.
1366	b = b' →
1367	opt = opt' →
1368	c = c' →
1369	s' = status_of_pseudo_status M code_memory s sigma policy →
1370	set_flags … s' b opt c =
1371	status_of_pseudo_status M code_memory (set_flags … code_memory s b' opt' c') sigma policy.
1372	** #low #high #accA #sigma #policy #code_memory #s #s' #b #b' #opt #opt' #c #c'
1373	#b_refl #opt_refl #c_refl <b_refl <opt_refl <c_refl #s_refl >s_refl
1374	whd in match set_flags; normalize nodelta
1375	@set_8051_sfr_status_of_pseudo_status try %
1376	whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
1377	@eq_f2 [ >(get_8051_sfr_status_of_pseudo_status … (refl …)) [2: % \| skip] %]
1378	@eq_f2 [ >(get_8051_sfr_status_of_pseudo_status … (refl …)) [2: % \| skip] %]
1379	@eq_f2 [ >(get_8051_sfr_status_of_pseudo_status … (refl …)) [2: % \| skip] %]
1380	@eq_f2 [ >(get_8051_sfr_status_of_pseudo_status … (refl …)) [2: % \| skip] %]
1381	@eq_f2 [ >(get_8051_sfr_status_of_pseudo_status … (refl …)) [2: % \| skip] %]
1382	@eq_f2 [ >(get_8051_sfr_status_of_pseudo_status … (refl …)) [2: % \| skip] %]
1383	@eq_f2 [ >(get_8051_sfr_status_of_pseudo_status … (refl …)) [2: % \| skip] %]
1384	@eq_f2 [ >(get_8051_sfr_status_of_pseudo_status … (refl …)) [2: % \| skip] %]
1385	%
1386	qed.
1387
1388	lemma get_ac_flag_status_of_pseudo_status:
1389	∀M: internal_pseudo_address_map.
1390	∀sigma: Word → Word.
1391	∀policy: Word → bool.
1392	∀code_memory: pseudo_assembly_program.
1393	∀s: PreStatus ? code_memory.
1394	∀s'.
1395	s' = status_of_pseudo_status M code_memory s sigma policy →
1396	get_ac_flag ?? s' = get_ac_flag ? code_memory s.
1397	#M #sigma #policy #code_memory #s #s' #s_refl >s_refl
1398	whd in match get_ac_flag; normalize nodelta
1399	whd in match status_of_pseudo_status; normalize nodelta
1400	whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
1401	cases (\snd M) try % normalize nodelta ** normalize nodelta
1402	#address
1403	@(vsplit_elim bool ???) #high #low #high_low_refl normalize nodelta
1404	whd in match sfr_8051_index; normalize nodelta
1405	>get_index_v_set_index_miss [2,4: /2/] %
1406	qed.
1407
1408	lemma get_ov_flag_status_of_pseudo_status:
1409	∀M: internal_pseudo_address_map.
1410	∀sigma: Word → Word.
1411	∀policy: Word → bool.
1412	∀code_memory: pseudo_assembly_program.
1413	∀s: PreStatus ? code_memory.
1414	∀s'.
1415	s' = status_of_pseudo_status M code_memory s sigma policy →
1416	get_ov_flag ?? s' = get_ov_flag ? code_memory s.
1417	#M #sigma #policy #code_memory #s #s' #s_refl >s_refl
1418	whd in match get_ov_flag; normalize nodelta
1419	whd in match status_of_pseudo_status; normalize nodelta
1420	whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
1421	cases (\snd M) try %
1422	** normalize nodelta #address
1423	@(vsplit_elim bool ???) #high #low #high_low_refl normalize nodelta
1424	whd in match sfr_8051_index; normalize nodelta
1425	>get_index_v_set_index_miss [2,4: /2/] %
1426	qed.
1427
1428	(*CSC: useless?
1429	lemma get_arg_8_pseudo_addressing_mode_ok:
1430	∀M: internal_pseudo_address_map.
1431	∀cm: pseudo_assembly_program.
1432	∀ps: PreStatus pseudo_assembly_program cm.
1433	∀sigma: Word → Word.
1434	∀policy: Word → bool.
1435	∀addr1: [[registr; direct]].
1436	assert_data pseudo_assembly_program M cm ps addr1 = true →
1437	get_arg_8 (BitVectorTrie Byte 16)
1438	(code_memory_of_pseudo_assembly_program cm sigma policy)
1439	(status_of_pseudo_status M cm ps sigma policy) true addr1 =
1440	get_arg_8 pseudo_assembly_program cm ps true addr1.
1441	[2,3: /2 by is_in_subvector_is_in_supervector, subaddressing_modein, I/ ]
1442	#M #cm #ps #sigma #policy #addr1
1443	@(subaddressing_mode_elim … addr1) #arg whd in ⊢ (? → ???%);
1444	[1:
1445	whd in ⊢ (??%? → ??%?);
1446	whd in match bit_address_of_register; normalize nodelta
1447	@pair_elim #un #ln #un_ln_refl
1448	lapply (refl_to_jmrefl ??? un_ln_refl) -un_ln_refl #un_ln_refl
1449	@(pair_replace ?????????? un_ln_refl)
1450	[1:
1451	whd in match get_8051_sfr; normalize nodelta
1452	whd in match sfr_8051_index; normalize nodelta
1453	@eq_f <get_index_v_special_function_registers_8051_not_acc_a
1454	try % #absurd destruct(absurd)
1455	\|2:
1456	#assembly_mode_ok_refl
1457	>low_internal_ram_of_pseudo_internal_ram_miss
1458	[1:
1459	%
1460	\|2:
1461	cases (data_or_address ?????) in assembly_mode_ok_refl; normalize nodelta
1462	[1:
1463	#absurd destruct(absurd)
1464	\|2:
1465	* normalize nodelta
1466	[1:
1467	\|2:
1468	#_ #absurd destruct(absurd)
1469	]
1470	#absurd try % @sym_eq assumption
1471	]
1472	]
1473	\|2:
1474	#addressing_mode_ok_refl whd in ⊢ (??%?);
1475	@pair_elim #nu #nl #nu_nl_refl normalize nodelta XXX cases daemon (*
1476	@pair_elim #ignore #three_bits #ignore_three_bits_refl normalize nodelta
1477	inversion (get_index_v bool ????) #get_index_v_refl normalize nodelta
1478	[1:
1479	whd in ⊢ (??%%); normalize nodelta
1480	cases (eqb ??) normalize nodelta [1: % ]
1481	cases (eqb ??) normalize nodelta [1: % ]
1482	cases (eqb ??) normalize nodelta [1: % ]
1483	cases (eqb ??) normalize nodelta [1: % ]
1484	cases (eqb ??) normalize nodelta [1:
1485	@get_8051_sfr_status_of_pseudo_status
1486	#absurd destruct(absurd)
1487	]
1488	cases (eqb ??) normalize nodelta [1:
1489	@get_8051_sfr_status_of_pseudo_status
1490	#absurd destruct(absurd)
1491	]
1492	cases (eqb ??) normalize nodelta [1:
1493	@get_8051_sfr_status_of_pseudo_status
1494	#absurd destruct(absurd)
1495	]
1496	cases (eqb ??) normalize nodelta [1:
1497	@get_8051_sfr_status_of_pseudo_status
1498	#absurd destruct(absurd)
1499	]
1500	cases (eqb ??) normalize nodelta [1:
1501	@get_8051_sfr_status_of_pseudo_status
1502	#absurd destruct(absurd)
1503	]
1504	cases (eqb ??) normalize nodelta [1: % ]
1505	cases (eqb ??) normalize nodelta [1: % ]
1506	cases (eqb ??) normalize nodelta [1: % ]
1507	cases (eqb ??) normalize nodelta [1: % ]
1508	cases (eqb ??) normalize nodelta [1: % ]
1509	cases (eqb ??) normalize nodelta [1:
1510	@get_8051_sfr_status_of_pseudo_status
1511	#absurd destruct(absurd)
1512	]
1513	cases (eqb ??) normalize nodelta [1:
1514	@get_8051_sfr_status_of_pseudo_status
1515	#absurd destruct(absurd)
1516	]
1517	cases (eqb ??) normalize nodelta [1:
1518	@get_8051_sfr_status_of_pseudo_status
1519	#absurd destruct(absurd)
1520	]
1521	cases (eqb ??) normalize nodelta [1:
1522	@get_8051_sfr_status_of_pseudo_status
1523	#absurd destruct(absurd)
1524	]
1525	cases (eqb ??) normalize nodelta [1:
1526	@get_8051_sfr_status_of_pseudo_status
1527	#absurd destruct(absurd)
1528	]
1529	cases (eqb ??) normalize nodelta [1:
1530	@get_8051_sfr_status_of_pseudo_status
1531	#absurd destruct(absurd)
1532	]
1533	cases (eqb ??) normalize nodelta [1:
1534	@get_8051_sfr_status_of_pseudo_status
1535	#absurd destruct(absurd)
1536	]
1537	cases (eqb ??) normalize nodelta [1:
1538	@get_8051_sfr_status_of_pseudo_status
1539	#absurd destruct(absurd)
1540	]
1541	cases (eqb ??) normalize nodelta [1:
1542	@get_8051_sfr_status_of_pseudo_status
1543	#absurd destruct(absurd)
1544	]
1545	cases (eqb ??) normalize nodelta [1:
1546	@get_8051_sfr_status_of_pseudo_status
1547	#absurd destruct(absurd)
1548	]
1549	inversion (eqb ??) #eqb_refl normalize nodelta [1:
1550	@get_8051_sfr_status_of_pseudo_status lapply addressing_mode_ok_refl
1551	whd in ⊢ (??%? → ?); <(eqb_true_to_eq … eqb_refl)
1552	>bitvector_of_nat_inverse_nat_of_bitvector >eq_bv_refl normalize nodelta
1553	#assoc_list_assm cases (conjunction_true … assoc_list_assm) #_
1554	#relevant #_ cases (eq_accumulator_address_map_entry_true_to_eq … relevant) %
1555	]
1556	cases (eqb ??) normalize nodelta [1:
1557	@get_8051_sfr_status_of_pseudo_status
1558	#absurd destruct(absurd)
1559	] %
1560	\|2:
1561	lapply addressing_mode_ok_refl whd in ⊢ (??%? → ?); #relevant
1562	whd in match status_of_pseudo_status; normalize nodelta
1563	>low_internal_ram_of_pseudo_internal_ram_miss try %
1564	cut(arg = false:::(three_bits@@nl))
1565	[1:
1566	<get_index_v_refl
1567	cut(nu=get_index_v bool 4 nu O (le_S_S O 3 (le_O_n 3)):::three_bits)
1568	[1:
1569	cut(ignore = [[get_index_v bool 4 nu 0 ?]])
1570	[1:
1571	@le_S_S @le_O_n
1572	\|2:
1573	cut(ignore = \fst (vsplit bool 1 3 nu))
1574	[1:
1575	>ignore_three_bits_refl %
1576	\|2:
1577	#ignore_refl >ignore_refl
1578	cases (bitvector_cases_hd_tl … nu) #hd * #tl #nu_refl
1579	>nu_refl %
1580	]
1581	\|3:
1582	#ignore_refl >ignore_refl in ignore_three_bits_refl;
1583	#relevant lapply (vsplit_ok ?????? (sym_eq … relevant))
1584	#nu_refl <nu_refl %
1585	]
1586	\|2:
1587	#nu_refl change with (? = (?:::three_bits)@@?) <nu_refl
1588	@sym_eq @vsplit_ok >nu_nl_refl %
1589	]
1590	\|2:
1591	#arg_refl <arg_refl cases (assoc_list_exists ?????) in relevant;
1592	normalize nodelta
1593	[1:
1594	cases (eq_bv ???) normalize #absurd destruct(absurd)
1595	\|2:
1596	#_ %
1597	]
1598	]
1599	]
1600	]
1601	qed.))
1602
1603	lemma addressing_mode_ok_to_map_address_using_internal_pseudo_address_map:
1604	∀M, cm, ps, sigma, x.
1605	∀addr1: [[acc_a]].
1606	assert_data pseudo_assembly_program M cm ps addr1=true →
1607	map_address_using_internal_pseudo_address_map M sigma SFR_ACC_A x = x.
1608	#M #cm #ps #sigma #x #addr1
1609	@(subaddressing_mode_elim … addr1)
1610	whd in ⊢ (??%? → ??%?); cases M -M * #low #high * [//]
1611	* #upper_lower #address normalize nodelta #absurd destruct(absurd)
1612	qed.
1613
1614	lemma addressing_mode_ok_to_snd_M_data:
1615	∀M, cm, ps.
1616	∀addr: [[acc_a]].
1617	assert_data pseudo_assembly_program M cm ps addr = true →
1618	\snd M = None ….
1619	#M #cm #ps #addr
1620	@(subaddressing_mode_elim … addr)
1621	whd in ⊢ (??%? → ?); cases M * #low #high * normalize nodelta
1622	[ #_ %
1623	\| #addr #abs destruct(abs) ]
1624	qed.
1625
1626	((CSC: move elsewhere*)
1627	lemma assoc_list_exists_true_to_assoc_list_lookup_Some:
1628	∀A, B: Type[0].
1629	∀e: A.
1630	∀the_list: list (A × B).
1631	∀eq_f: A → A → bool.
1632	assoc_list_exists A B e eq_f the_list = true →
1633	∃e'. assoc_list_lookup A B e eq_f the_list = Some … e'.
1634	#A #B #e #the_list #eq_f elim the_list
1635	[1:
1636	whd in ⊢ (??%? → ?); #absurd destruct(absurd)
1637	\|2:
1638	#hd #tl #inductive_hypothesis
1639	whd in ⊢ (??%? → ?); whd in match (assoc_list_lookup ?????);
1640	cases (eq_f (\fst hd) e) normalize nodelta
1641	[1:
1642	#_ %{(\snd hd)} %
1643	\|2:
1644	@inductive_hypothesis
1645	]
1646	]
1647	qed.
1648
1649	(CSC: move elsewhere)
1650	lemma assoc_list_exists_false_to_assoc_list_lookup_None:
1651	∀A, B: Type[0].
1652	∀e, e': A.
1653	∀the_list, the_list': list (A × B).
1654	∀eq_f: A → A → bool.
1655	e = e' →
1656	the_list = the_list' →
1657	assoc_list_exists A B e eq_f the_list = false →
1658	assoc_list_lookup A B e' eq_f the_list' = None ….
1659	#A #B #e #e' #the_list elim the_list
1660	[1:
1661	#the_list' #eq_f #e_refl <e_refl #the_list_refl <the_list_refl #_ %
1662	\|2:
1663	#hd #tl #inductive_hypothesis #the_list' #eq_f #e_refl #the_list_refl <the_list_refl
1664	whd in ⊢ (??%? → ??%?); <e_refl
1665	cases (eq_f (\fst hd) e) normalize nodelta
1666	[1:
1667	#absurd destruct(absurd)
1668	\|2:
1669	>e_refl in ⊢ (? → %); @inductive_hypothesis try % assumption
1670	]
1671	]
1672	qed.*)
1673
1674	lemma sfr_psw_eq_to_bit_address_of_register_eq:
1675	∀A: Type[0].
1676	∀code_memory: A.
1677	∀status, status', register_address.
1678	get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
1679	bit_address_of_register A code_memory status register_address = bit_address_of_register A code_memory status' register_address.
1680	#A #code_memory #status #status' #register_address #sfr_psw_refl
1681	whd in match bit_address_of_register; normalize nodelta
1682	<sfr_psw_refl %
1683	qed.
1684
1685	lemma sfr_psw_and_low_internal_ram_eq_to_get_register_eq:
1686	∀A: Type[0].
1687	∀code_memory: A.
1688	∀status, status', register_address.
1689	get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
1690	low_internal_ram A code_memory status = low_internal_ram A code_memory status' →
1691	get_register A code_memory status register_address = get_register A code_memory status' register_address.
1692	#A #code_memory #status #status' #register_address #sfr_psw_refl #low_internal_ram_refl
1693	whd in match get_register; normalize nodelta <low_internal_ram_refl
1694	>(sfr_psw_eq_to_bit_address_of_register_eq … status status') //
1695	qed.
1696
1697	lemma map_address_mode_using_internal_pseudo_address_map_ok1_addr:
1698	∀M, cm, status, status', sigma.
1699	∀addr1: [[acc_a; registr; direct; indirect; data; ext_indirect; ext_indirect_dptr]]. (* XXX: expand as needed *)
1700	get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
1701	assert_data pseudo_assembly_program M cm status addr1 = true →
1702	map_address_mode_using_internal_pseudo_address_map_ok1 M cm status' sigma addr1.
1703	* * #low #high #accA #cm #status #status' #sigma #addr1 #sfr_refl
1704	@(subaddressing_mode_elim … addr1) try (#w #_ @I) [1,4: #_ @I ] #w
1705	whd in ⊢ (??%? → %); whd in match (data_or_address ?????);
1706	whd in match exists; normalize nodelta
1707	<(sfr_psw_eq_to_bit_address_of_register_eq … status status') try assumption
1708	cases (lookup_opt ????); normalize nodelta #x try % #abs destruct(abs)
1709	qed.
1710
1711	lemma sfr8051_neq_acc_a_to_map_address_using_internal_pseudo_address_map:
1712	∀M.
1713	∀sigma.
1714	∀sfr8051.
1715	∀b.
1716	sfr8051 ≠ SFR_ACC_A →
1717	map_address_using_internal_pseudo_address_map M sigma sfr8051 b = b.
1718	#M #sigma * #b
1719	[18:
1720	#relevant cases (absurd … (refl ??) relevant)
1721	]
1722	#_ %
1723	qed.
1724
1725	lemma w_neq_224_to_map_address_Byte_using_internal_pseudo_address_map:
1726	∀M.
1727	∀sigma: Word → Word.
1728	∀w: BitVector 8.
1729	∀b.
1730	w ≠ bitvector_of_nat … 224 →
1731	map_address_Byte_using_internal_pseudo_address_map M sigma w b = b.
1732	#M #sigma #w #b #w_neq_assm
1733	whd in ⊢ (??%?); inversion (sfr_of_Byte ?)
1734	[1:
1735	#sfr_of_Byte_refl %
1736	\|2:
1737	* #sfr8051 #sfr_of_Byte_refl normalize nodelta try %
1738	@sfr8051_neq_acc_a_to_map_address_using_internal_pseudo_address_map %
1739	#relevant >relevant in sfr_of_Byte_refl; #sfr_of_Byte_refl
1740	@(absurd ?? w_neq_assm)
1741	lapply sfr_of_Byte_refl -b -sfr_of_Byte_refl -relevant -w_neq_assm -sfr8051 -sigma
1742	whd in match sfr_of_Byte; normalize nodelta
1743	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1744	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1745	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1746	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1747	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1748	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1749	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1750	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1751	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1752	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1753	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1754	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1755	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1756	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1757	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1758	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1759	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1760	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1761	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1762	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1763	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1764	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1765	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1766	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1767	@eqb_elim #eqb_refl normalize nodelta [1: #_ <eqb_refl >bitvector_of_nat_inverse_nat_of_bitvector % ]
1768	cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
1769	#absurd destruct(absurd)
1770	qed.
1771
1772	(*lemma assoc_list_exists_false_to_map_internal_ram_address_using_pseudo_address_map:
1773	∀M, sigma, w, b.
1774	assoc_list_exists Byte (upper_lower×Word) w (eq_bv 8) (\fst M) = false →
1775	map_internal_ram_address_using_pseudo_address_map M sigma w b = b.
1776	#M #sigma #w #b #assoc_list_exists_assm
1777	whd in ⊢ (??%?);
1778	>(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) … assoc_list_exists_assm) %
1779	qed.*)
1780
1781	lemma addressing_mode_ok_to_map_address_mode_using_internal_pseudo_address_map_ok2:
1782	∀M', cm.
1783	∀sigma, status, status', b, b'.
1784	∀addr1: [[acc_a; registr; direct; indirect; data; bit_addr; ext_indirect; ext_indirect_dptr]]. (* XXX: expand as needed *)
1785	get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
1786	low_internal_ram pseudo_assembly_program cm status = low_internal_ram pseudo_assembly_program cm status' →
1787	b = b' →
1788	assert_data pseudo_assembly_program M' cm status addr1 = true →
1789	map_address_mode_using_internal_pseudo_address_map_ok2 pseudo_assembly_program M' sigma cm status' addr1 b = b'.
1790	#M' #cm #sigma #status #status' #b #b' #addr1 #sfr_refl #low_internal_ram_refl #b_refl <b_refl
1791	@(subaddressing_mode_elim … addr1)
1792	[1:
1793	whd in ⊢ (??%? → ??%?); cases M' -M' * #low #high *
1794	[1:
1795	normalize nodelta #_ %
1796	\|2:
1797	* #upper_lower #address normalize nodelta #absurd destruct(absurd)
1798	]
1799	\|2: cases M' -M' * #low #high #accA
1800	#w whd in ⊢ (??%? → ??%?); whd in match (lookup_from_internal_ram ??);
1801	<(sfr_psw_eq_to_bit_address_of_register_eq … status status' w … sfr_refl)
1802	cases (lookup_opt ????); normalize nodelta #x try % #abs destruct(abs)
1803	\|4: cases M' -M' * #low #high #accA
1804	#w whd in ⊢ (??%? → ??%?); whd in match lookup_from_internal_ram;
1805	whd in match data_or_address; normalize nodelta whd in match exists; normalize nodelta
1806	whd in match get_register; normalize nodelta
1807	<(sfr_psw_eq_to_bit_address_of_register_eq … status status' … sfr_refl)
1808	cases (lookup_opt ????) normalize nodelta [2: #_ #abs destruct(abs)]
1809	<low_internal_ram_refl @vsplit_elim #one #seven #EQone_seven normalize nodelta
1810	cases (head' bool ??) normalize nodelta cases (lookup_opt ????) normalize nodelta
1811	#x try % #abs destruct(abs)
1812	\|3: cases M' -M' * #low #high #accA
1813	#w whd in ⊢ (??%? → ??%?); whd in match data_or_address; normalize nodelta
1814	@vsplit_elim #hd #tl #w_refl normalize nodelta
1815	lapply (eq_head' ?? … hd) >(Vector_O … (tail … hd))
1816	cases (head' bool ??) normalize nodelta
1817	[2: #_ whd in match (map_internal_ram_address_using_pseudo_address_map ????);
1818	whd in match (lookup_from_internal_ram ??); cases (lookup_opt ????);
1819	normalize nodelta // #x #abs destruct(abs) ] #EQhd
1820	>w_refl >EQhd @eq_bv_elim #eq_bv_refl normalize nodelta
1821	[1: cases accA normalize nodelta try (#x #abs destruct(abs)) #_
1822	normalize in eq_bv_refl; >eq_bv_refl %
1823	\|2: #_ @w_neq_224_to_map_address_Byte_using_internal_pseudo_address_map assumption ]
1824	\|5,6,7,8:
1825	#w try #w' %
1826	]
1827	qed.
1828
1829	(CSC: move elsewhere)
1830	lemma bv_append_eq_to_eq:
1831	∀A,n. ∀v1,v2: Vector A n. ∀m. ∀v3,v4: Vector A m.
1832	v1@@v3 = v2@@v4 → v1=v2 ∧ v3=v4.
1833	#A #n #v1 elim v1
1834	[ #v2 >(Vector_O … v2) #m #v3 #v4 normalize * %%
1835	\| #n' #hd1 #tl1 #IH #v2 cases (Vector_Sn … v2) #hd2 * #tl2 #EQ2 >EQ2
1836	#m #v3 #v4 #EQ normalize in EQ; destruct(EQ) cases (IH … e0) * * %% ]
1837	qed.
1838
1839	lemma addressing_mode_ok_to_map_bit_address_mode_using_internal_pseudo_address_map_get:
1840	∀M: internal_pseudo_address_map.
1841	∀cm: pseudo_assembly_program.
1842	∀s: PreStatus pseudo_assembly_program cm.
1843	∀sigma: Word → Word.
1844	∀addr: [[bit_addr]]. (* XXX: expand as needed *)
1845	∀f: bool.
1846	assert_data pseudo_assembly_program M cm s addr = true →
1847	map_bit_address_mode_using_internal_pseudo_address_map_get M cm s sigma addr f.
1848	** #low #high #accA #cm #s #sigma #addr #f
1849	@(subaddressing_mode_elim … addr) #w
1850	whd in ⊢ (??%? → %); whd in match data_or_address; normalize nodelta
1851	@vsplit_elim #bit_one #seven_bits #bit_one_seven_bits_refl normalize nodelta
1852	@vsplit_elim #four #three #four_three_refl normalize nodelta
1853	cases (head' bool ??) normalize nodelta
1854	[1: @eq_bv_elim normalize nodelta
1855	[1: #EQfour cases accA normalize nodelta #x [2: #abs destruct(abs)] >EQfour %
1856	\|2: #NEQ #_ >w_neq_224_to_map_address_Byte_using_internal_pseudo_address_map
1857	try % normalize #EQ @(absurd ?? NEQ)
1858	cases (bv_append_eq_to_eq … [[true]] [[true]] … EQ) #_ #EQ1
1859	cases (bv_append_eq_to_eq … four [[true;true;false;false]] … EQ1) // ]
1860	\|2: whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
1861	whd in match lookup_from_internal_ram; normalize nodelta
1862	cases (lookup_opt ????); normalize nodelta #x try % #abs destruct(abs) ]
1863	qed.
1864
1865	lemma special_function_registers_8051_sfr_8051_of_pseudo_sfr_8051:
1866	∀M: internal_pseudo_address_map.
1867	∀cm: pseudo_assembly_program.
1868	∀ps.
1869	∀sigma: Word → Word.
1870	∀policy: Word → bool.
1871	∀sfr.
1872	∀result: Byte.
1873	eqb (sfr_8051_index sfr) (sfr_8051_index SFR_ACC_A) = false →
1874	special_function_registers_8051 (BitVectorTrie Byte 16)
1875	(code_memory_of_pseudo_assembly_program cm sigma policy)
1876	(set_8051_sfr (BitVectorTrie Byte 16)
1877	(code_memory_of_pseudo_assembly_program cm sigma policy)
1878	(status_of_pseudo_status M cm ps sigma policy) sfr result) =
1879	sfr_8051_of_pseudo_sfr_8051 M
1880	(special_function_registers_8051 pseudo_assembly_program cm
1881	(set_8051_sfr pseudo_assembly_program cm ps sfr result)) sigma.
1882	** #low #high * [2: * #upper_lower #addr] #cm #ps #sigma #policy #sfr #result #sfr_neq_assm
1883	whd in match (set_8051_sfr ?????);
1884	whd in match (special_function_registers_8051 ???);
1885	whd in match (sfr_8051_of_pseudo_sfr_8051 ???); normalize nodelta try %
1886	cases upper_lower normalize nodelta whd in match (set_8051_sfr ?????);
1887	>get_index_v_set_index_miss [2,4: @eqb_false_to_not_eq assumption]
1888	@vsplit_elim #h #l #h_l_refl normalize nodelta
1889	@set_index_set_index_commutation @eqb_false_to_not_eq assumption
1890	qed.
1891
1892	(*
1893	lemma addressing_mode_ok_to_map_bit_address_mode_using_internal_pseudo_address_map_set_1:
1894	∀M: internal_pseudo_address_map.
1895	∀cm: pseudo_assembly_program.
1896	∀s, s': PreStatus pseudo_assembly_program cm.
1897	∀sigma: Word → Word.
1898	∀addr: [[bit_addr; carry]]. (* XXX: expand as needed *)
1899	∀f: bool.
1900	s = s' →
1901	addressing_mode_ok pseudo_assembly_program M cm s addr = true →
1902	map_bit_address_mode_using_internal_pseudo_address_map_set_1 M cm s' sigma addr f.
1903	#M #cm #s #s' #sigma #addr #f #s_refl <s_refl
1904	@(subaddressing_mode_elim … addr) [1: #w ]
1905	whd in ⊢ (??%? → %); [2: #_ @I ]
1906	inversion (vsplit bool 1 7 w) #bit_one #seven_bits #bit_one_seven_bits_refl normalize nodelta
1907	cases (head' bool ??) normalize nodelta
1908	[1:
1909	#eq_accumulator_assm whd in ⊢ (??%?);
1910	cases (sfr_of_Byte ?) try % * * try % normalize nodelta
1911	whd in ⊢ (??%?);
1912	>(eq_accumulator_address_map_entry_true_to_eq … eq_accumulator_assm) %
1913	\|2:
1914	#assoc_list_exists_assm whd in ⊢ (??%?);
1915	lapply (not_b_c_to_b_not_c ?? assoc_list_exists_assm) -assoc_list_exists_assm #assoc_list_exists_assm
1916	whd in assoc_list_exists_assm:(???%);
1917	>(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) assoc_list_exists_assm) %
1918	]
1919	qed.
1920
1921	lemma addressing_mode_ok_to_map_bit_address_mode_using_internal_pseudo_address_map_set_2:
1922	∀M: internal_pseudo_address_map.
1923	∀cm: pseudo_assembly_program.
1924	∀s, s': PreStatus pseudo_assembly_program cm.
1925	∀sigma: Word → Word.
1926	∀addr: [[bit_addr; carry]]. (* XXX: expand as needed *)
1927	∀f: bool.
1928	s = s' →
1929	addressing_mode_ok pseudo_assembly_program M cm s addr = true →
1930	map_bit_address_mode_using_internal_pseudo_address_map_set_2 M cm s' sigma addr f.
1931	#M #cm #s #s' #sigma #addr #f #s_refl <s_refl
1932	@(subaddressing_mode_elim … addr) [1: #w ]
1933	whd in ⊢ (??%? → %); [2: #_ @I ]
1934	inversion (vsplit bool 1 7 w) #bit_one #seven_bits #bit_one_seven_bits_refl normalize nodelta
1935	cases (head' bool ??) normalize nodelta
1936	[1:
1937	#eq_accumulator_assm whd in ⊢ (??%?);
1938	cases (sfr_of_Byte ?) try % * * try % normalize nodelta
1939	whd in ⊢ (??%?);
1940	>(eq_accumulator_address_map_entry_true_to_eq … eq_accumulator_assm) %
1941	\|2:
1942	#assoc_list_exists_assm whd in ⊢ (??%?);
1943	lapply (not_b_c_to_b_not_c ?? assoc_list_exists_assm) -assoc_list_exists_assm #assoc_list_exists_assm
1944	whd in assoc_list_exists_assm:(???%);
1945	>(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) assoc_list_exists_assm) %
1946	]
1947	qed.*)
1948
1949	(*
1950	axiom insert_low_internal_ram_of_pseudo_low_internal_ram':
1951	∀M, M', sigma,cm,s,addr,v,v'.
1952	(∀addr'.
1953	((false:::addr) = addr' →
1954	map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v =
1955	map_internal_ram_address_using_pseudo_address_map M' sigma (false:::addr) v') ∧
1956	((false:::addr) ≠ addr' →
1957	let 〈callM, accM〉 ≝ M in
1958	let 〈callM', accM'〉 ≝ M' in
1959	accM = accM' ∧
1960	assoc_list_lookup … addr' (eq_bv 8) … callM =
1961	assoc_list_lookup … addr' (eq_bv 8) … callM')) →
1962	insert Byte 7 addr v'
1963	(low_internal_ram_of_pseudo_low_internal_ram M'
1964	(low_internal_ram pseudo_assembly_program cm s)) =
1965	low_internal_ram_of_pseudo_low_internal_ram M
1966	(insert Byte 7 addr v (low_internal_ram pseudo_assembly_program cm s)).
1967	*)
1968
1969
1970	definition internal_pseudo_address_map_equal_up_to_high ≝
1971	λM,M': internal_pseudo_address_map. \snd M = \snd M' ∧ \fst (\fst M) = \fst (\fst M').
1972
1973	lemma set_high_internal_ram_status_of_pseudo_status:
1974	∀cm,sigma,policy,M,M',s,s',ram,ram'.
1975	internal_pseudo_address_map_equal_up_to_high M M' →
1976	s' = status_of_pseudo_status M' cm s sigma policy →
1977	ram'=internal_ram_of_pseudo_internal_ram sigma ram (\snd (\fst M)) →
1978	set_high_internal_ram (BitVectorTrie Byte 16)
1979	(code_memory_of_pseudo_assembly_program cm sigma policy)
1980	s'
1981	ram'
1982	= status_of_pseudo_status M cm
1983	(set_high_internal_ram pseudo_assembly_program cm s ram) sigma policy.
1984	#cm #sigma #policy #M #M' #s #s' #ram #ram' #M_refl #s_refl >s_refl #ram_refl >ram_refl
1985	cases M' in M_refl; * #low' #high' #accA' cases M * #low #high #accA #H cases H
1986	#accA_refl #high_refl destruct whd in ⊢ (??%%); @split_eq_status %
1987	qed.
1988
1989	definition internal_pseudo_address_map_equal_up_to_address ≝
1990	λM,M',sigma,addr,v,v'.
1991	let 〈low,high,accA〉 ≝ M in
1992	let 〈low',high',accA'〉 ≝ M' in
1993	let 〈bit_one,seven_bits〉 ≝ vsplit bool 1 7 addr in
1994	if head' … 0 bit_one then
1995	(internal_pseudo_address_map_equal_up_to_high M' M ∧
1996	internal_half_pseudo_address_map_equal_up_to_address high high' sigma
1997	seven_bits v v')
1998	else
1999	(internal_pseudo_address_map_equal_up_to_low M' M ∧
2000	internal_half_pseudo_address_map_equal_up_to_address low low' sigma
2001	seven_bits v v').
2002
2003	lemma write_at_stack_pointer_status_of_pseudo_status:
2004	∀M, M'.
2005	∀cm.
2006	∀sigma.
2007	∀policy.
2008	∀s, s'.
2009	∀v, v'.
2010	internal_pseudo_address_map_equal_up_to_address M M' sigma
2011	(get_8051_sfr ?? s SFR_SP) v v' →
2012	s' = status_of_pseudo_status M cm s sigma policy →
2013	write_at_stack_pointer ?? s' v' =
2014	status_of_pseudo_status M' cm (write_at_stack_pointer ? cm s v) sigma policy.
2015	#low #high #accA #low' #high' #accA'
2016	#cm #sigma #policy #s #s' #v #v' #H whd in H; #s_refl >s_refl
2017	whd in match write_at_stack_pointer; normalize nodelta
2018	>(get_8051_sfr_status_of_pseudo_status … (refl …) … (refl …)) lapply H; -H
2019	@vsplit_elim #bit_one #seven_bits cases (Vector_Sn … bit_one) #bitone * #tl
2020	>(Vector_O … tl) #EQbit_one >EQbit_one -bit_one normalize nodelta cases bitone
2021	#bit_one_seven_bits_refl normalize nodelta * #H1 #H2
2022	[ @(set_high_internal_ram_status_of_pseudo_status … 〈low',high',accA'〉 〈low,high,accA〉)
2023	try @refl try assumption
2024	whd in match status_of_pseudo_status; normalize nodelta
2025	whd in match high_internal_ram_of_pseudo_high_internal_ram; normalize nodelta
2026	@insert_internal_ram_of_pseudo_internal_ram assumption
2027	\| @(set_low_internal_ram_status_of_pseudo_status2 … 〈low',high',accA'〉 〈low,high,accA〉)
2028	try @refl try assumption
2029	whd in match status_of_pseudo_status; normalize nodelta
2030	whd in match low_internal_ram_of_pseudo_low_internal_ram; normalize nodelta
2031	@insert_internal_ram_of_pseudo_internal_ram assumption
2032	]
2033	qed.
2034
2035	(CSC: move elsewhere and generalize)
2036	axiom lookup_opt_delete_miss:
2037	∀n.∀M:BitVectorTrie address_entry n.∀addr,addr': BitVector n.
2038	addr' ≠ addr →
2039	lookup_opt address_entry n addr' (delete address_entry n addr M)
2040	= lookup_opt address_entry n addr' M.
2041
2042	(CSC: move elsewhere and generalize)
2043	axiom lookup_opt_delete_hit:
2044	∀n.∀M:BitVectorTrie address_entry n.∀addr: BitVector n.
2045	lookup_opt address_entry n addr (delete address_entry n addr M) = None ….
2046
2047	lemma internal_pseudo_address_map_equal_up_to_address_delete_from_internal_ram:
2048	∀M,sigma,addr,v1,v2.
2049	v2=v1 →
2050	internal_pseudo_address_map_equal_up_to_address M
2051	(delete_from_internal_ram addr M) sigma addr v1 v2.
2052	** #low #high #accA #sigma #addr #v1 #v2 * whd in match delete_from_internal_ram;
2053	normalize nodelta @vsplit_elim #bit_one #seven_bits
2054	cases (Vector_Sn … bit_one) ** #tl >(Vector_O … tl) #EQ >EQ #EQ2 normalize nodelta
2055	>EQ2 whd whd in match (tail ???); % % try %
2056	[2,4: #addr #addr' >lookup_opt_delete_miss try assumption %
2057	\|1,3: >lookup_opt_delete_hit % ]
2058	qed.
2059
2060	lemma internal_pseudo_address_map_equal_up_to_address_insert_into_internal_ram:
2061	∀M,sigma,addr,entry,v1,v2.
2062	v2=map_value_using_opt_address_entry sigma v1 (Some address_entry entry) →
2063	internal_pseudo_address_map_equal_up_to_address M
2064	(insert_into_internal_ram addr entry M) sigma addr v1 v2.
2065	** #low #high #accA #sigma #addr #entry #v1 #v2 #H whd in match insert_into_internal_ram;
2066	normalize nodelta whd in match internal_pseudo_address_map_equal_up_to_address;
2067	normalize nodelta @vsplit_elim #bit_one cases (Vector_Sn … bit_one) ** #tl
2068	>(Vector_O … tl) #EQ >EQ #seven_bits #EQ2 normalize nodelta >EQ2 % % try %
2069	[2,4: #addr' #NEQ >lookup_opt_insert_miss try % >eq_bv_false try % #EQ @(absurd … EQ NEQ)
2070	\|1,3: >lookup_opt_insert_hit assumption ]
2071	qed.
2072
2073	lemma internal_pseudo_address_map_equal_up_to_address_overwrite_or_delete_from_internal_ram:
2074	∀M,sigma,addr,v1,v2,entry.
2075	v2=map_value_using_opt_address_entry sigma v1 entry →
2076	internal_pseudo_address_map_equal_up_to_address M
2077	(overwrite_or_delete_from_internal_ram addr entry M) sigma addr v1 v2.
2078	** #low #high #accA #sigma #addr #v1 #v2 #entry
2079	whd in match overwrite_or_delete_from_internal_ram; normalize nodelta
2080	cases entry normalize nodelta
2081	[ @internal_pseudo_address_map_equal_up_to_address_delete_from_internal_ram
2082	\| #addr_entry @internal_pseudo_address_map_equal_up_to_address_insert_into_internal_ram ]
2083	qed.
2084
2085	lemma write_at_stack_pointer_status_of_pseudo_status_accA:
2086	∀M,cm,sigma,policy,ps,s,sp.
2087	let w ≝ bitvector_of_nat 8 224 in
2088	s=status_of_pseudo_status M cm ps sigma policy →
2089	sp=get_8051_sfr pseudo_assembly_program cm ps SFR_SP →
2090	write_at_stack_pointer …
2091	(code_memory_of_pseudo_assembly_program cm sigma policy) s
2092	(get_arg_8 … (code_memory_of_pseudo_assembly_program cm sigma policy) s false (DIRECT w))
2093	=status_of_pseudo_status
2094	(overwrite_or_delete_from_internal_ram sp (\snd M) M)
2095	cm
2096	(write_at_stack_pointer pseudo_assembly_program cm ps
2097	(get_arg_8 pseudo_assembly_program cm ps false (DIRECT w)))
2098	sigma policy.
2099	try %
2100	** #low #high #accA #cm #sigma #policy #ps #s #sp #EQs #EQsp >EQsp
2101	@(write_at_stack_pointer_status_of_pseudo_status … 〈low,high,accA〉) try assumption >EQs
2102	@internal_pseudo_address_map_equal_up_to_address_overwrite_or_delete_from_internal_ram
2103	inversion accA [2:#entry] #EQaccA [2:%] whd in match map_value_using_opt_address_entry; normalize nodelta
2104	whd in ⊢ (??%?); whd in match status_of_pseudo_status; normalize nodelta
2105	whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta cases entry *
2106	#addr normalize nodelta @pair_elim #h #l #_ normalize nodelta
2107	change with (get_index_v ??? 17 ? = ?) @get_index_v_set_index
2108	qed.
2109
2110	(CSC: move elsewhere)
2111	lemma eq_sfr_of_Byte_accA_to_eq:
2112	∀w. sfr_of_Byte w = Some … (inl … SFR_ACC_A) → w = bitvector_of_nat 8 224.
2113	#w whd in match sfr_of_Byte; normalize nodelta
2114	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2115	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2116	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2117	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2118	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2119	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2120	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2121	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2122	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2123	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2124	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2125	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2126	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2127	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2128	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2129	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2130	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2131	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2132	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2133	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2134	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2135	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2136	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2137	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ [#abs destruct(abs)]
2138	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta
2139	[ #EQB #_ <(eqb_true_to_eq … EQB) >bitvector_of_nat_inverse_nat_of_bitvector % ] #_
2140	inversion (eqb (nat_of_bitvector 8 w) ?) normalize nodelta #_ #abs destruct(abs)
2141	qed.
2142
2143	lemma write_at_stack_pointer_status_of_pseudo_status_sfr_not_accA:
2144	∀M,cm,sigma,policy,ps,s,sp,w.
2145	w ≠ bitvector_of_nat 7 224 →
2146	s=status_of_pseudo_status M cm ps sigma policy →
2147	sp=get_8051_sfr pseudo_assembly_program cm ps SFR_SP →
2148	write_at_stack_pointer …
2149	(code_memory_of_pseudo_assembly_program cm sigma policy) s
2150	(get_arg_8 … (code_memory_of_pseudo_assembly_program cm sigma policy) s false (DIRECT (true:::w)))
2151	=status_of_pseudo_status
2152	(delete_from_internal_ram sp M)
2153	cm
2154	(write_at_stack_pointer pseudo_assembly_program cm ps
2155	(get_arg_8 pseudo_assembly_program cm ps false (DIRECT (true:::w))))
2156	sigma policy.
2157	try %
2158	** #low #high #accA #cm #sigma #policy #ps #s #sp #w #NEQw #EQs #EQsp >EQsp
2159	@(write_at_stack_pointer_status_of_pseudo_status … 〈low,high,accA〉) try assumption >EQs
2160	@internal_pseudo_address_map_equal_up_to_address_delete_from_internal_ram
2161	whd in ⊢ (??%%); inversion (sfr_of_Byte ?) normalize nodelta
2162	[ cases not_implemented
2163	\| ** normalize nodelta #H
2164	try (@(get_8051_sfr_status_of_pseudo_status … (refl …)) %)
2165	try (@(get_8052_sfr_status_of_pseudo_status … (refl …)) %)
2166	@⊥ @(absurd ?? NEQw) lapply(eq_sfr_of_Byte_accA_to_eq … H) #K
2167	change with ([[true]]@@w=[[true]]@@bitvector_of_nat 7 224) in K;
2168	cases (bv_append_eq_to_eq … K) #_ #X @X
2169	qed.
2170
2171	lemma write_at_stack_pointer_status_of_pseudo_status_low:
2172	∀M,cm,sigma,policy,ps,s,sp,w.
2173	s=status_of_pseudo_status M cm ps sigma policy →
2174	sp=get_8051_sfr pseudo_assembly_program cm ps SFR_SP →
2175	write_at_stack_pointer …
2176	(code_memory_of_pseudo_assembly_program cm sigma policy) s
2177	(get_arg_8 … (code_memory_of_pseudo_assembly_program cm sigma policy) s false (DIRECT (false:::w)))
2178	=status_of_pseudo_status
2179	(overwrite_or_delete_from_internal_ram sp (lookup_from_internal_ram … (false:::w) M) M)
2180	cm
2181	(write_at_stack_pointer pseudo_assembly_program cm ps
2182	(get_arg_8 pseudo_assembly_program cm ps false (DIRECT (false:::w))))
2183	sigma policy.
2184	try %
2185	** #low #high #accA #cm #sigma #policy #ps #s #sp #w #EQs #EQsp >EQsp
2186	@(write_at_stack_pointer_status_of_pseudo_status … 〈low,high,accA〉) try assumption >EQs
2187	@internal_pseudo_address_map_equal_up_to_address_overwrite_or_delete_from_internal_ram
2188	whd in ⊢ (??%?); whd in match status_of_pseudo_status; normalize nodelta
2189	whd in match low_internal_ram_of_pseudo_low_internal_ram; normalize nodelta
2190	whd in match internal_ram_of_pseudo_internal_ram; normalize nodelta
2191	lapply (lookup_opt_bvt_map2 … (low_internal_ram pseudo_assembly_program cm ps) low
2192	(map_opt_value_using_opt_address_entry sigma) w)
2193	inversion (lookup_opt ????) [2:#x] #EQ1
2194	(CSC: Take lemmas out)
2195	[2: >(lookup_opt_lookup_miss … EQ1)
2196	whd in match map_opt_value_using_opt_address_entry; normalize nodelta
2197	inversion (eq_bv ???) normalize nodelta [2: #_ #abs destruct(abs)]
2198	#EQ2 #_ <(eq_bv_eq … EQ2) @eq_f2 try %
2199	whd in match get_arg_8; normalize nodelta
2200	inversion (lookup_opt ????) [2:#res] #EQ3
2201	[2: >(lookup_opt_lookup_miss … EQ3) % \| >(lookup_opt_lookup_hit … EQ3 (zero 8)) %]
2202	\| >(lookup_opt_lookup_hit … EQ1 (zero 8))
2203	whd in match map_opt_value_using_opt_address_entry; normalize nodelta
2204	inversion (eq_bv ???) normalize nodelta [#_ #abs destruct(abs)]
2205	#EQ2 @Some_Some_elim #EQ3 >EQ3 @eq_f2 try %
2206	whd in match get_arg_8; normalize nodelta
2207	inversion (lookup_opt ????) [2:#res] #EQ3
2208	[2: >(lookup_opt_lookup_miss … EQ3) % \| >(lookup_opt_lookup_hit … EQ3 (zero 8)) %]
2209	qed.

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format