Changeset 1014 for src/ASM/AssemblyProof.ma

Timestamp:

Jun 21, 2011, 2:02:37 AM (10 years ago)

Author:

sacerdot

Message:

The main theorem is completely broken (again).

File:

• src/ASM/AssemblyProof.ma (modified) (17 diffs)

src/ASM/AssemblyProof.ma

@@ -1 +1 @@
 include "ASM/Assembly.ma".
 include "ASM/Interpret.ma".
+include "ASM/StatusProofs.ma".
 
 definition bit_elim_prop: ∀P: bool → Prop. Prop ≝
@@ -1227 +1228 @@
    let pc ≝ ? in
    let pi ≝  \fst  (fetch_pseudo_instruction (\snd  program) ppc) in
-   let instructions ≝ expand_pseudo_instruction program pol ppc lookup_labels lookup_datalabels pc pi (refl …) (refl …) (refl …) (refl …) in
+   let instructions ≝ expand_pseudo_instruction program pol ppc lookup_labels lookup_datalabels pc (refl …) (refl …) (refl …) in
    let 〈len,assembled〉 ≝ assembly_1_pseudoinstruction program pol ppc lookup_labels lookup_datalabels pi (refl …) (refl …) (refl …) in
      encoding_check code_memory pc (bitvector_of_nat … (nat_of_bitvector ? pc + len)) assembled →
@@ -1239 +1240 @@
  letin pc ≝ (sigma program pol ppc)
  letin pi ≝ (\fst  (fetch_pseudo_instruction (\snd  program) ppc))
- letin instructions ≝ (expand_pseudo_instruction program pol ppc lookup_labels lookup_datalabels pc pi (refl …) (refl …) (refl …) (refl …))
+ letin instructions ≝ (expand_pseudo_instruction program pol ppc lookup_labels lookup_datalabels pc (refl …) (refl …) (refl …))
  @pair_elim' #len #assembled #EQ1 #H
  generalize in match
@@ -1259 +1260 @@
   let lookup_labels ≝ λx. sigma program pol (address_of_word_labels_code_mem (\snd program) x) in
   let lookup_datalabels ≝ λx. lookup ?? x datalabels (zero ?) in
-   ∀ppc,pi,newppc.
-   ∀prf:〈pi,newppc〉 = fetch_pseudo_instruction (\snd program) ppc.
+  ∀ppc.
+  let pi_newppc ≝ fetch_pseudo_instruction (\snd program) ppc in
    ∀len,assembledi.
-     〈len,assembledi〉 = assembly_1_pseudoinstruction program pol ppc lookup_labels lookup_datalabels pi (refl …) (refl …) ? →
+     〈len,assembledi〉 = assembly_1_pseudoinstruction program pol ppc lookup_labels lookup_datalabels (\fst pi_newppc) (refl …) (refl …) (refl …) →
       encoding_check code_memory (sigma program pol ppc) (bitvector_of_nat … (nat_of_bitvector … (sigma program pol ppc) + len)) assembledi ∧
-       sigma program pol newppc = bitvector_of_nat … (nat_of_bitvector … (sigma program pol ppc) + len).
- <(pair_destruct_1 ????? prf) %
-qed.
-
-(*
+       sigma program pol (\snd pi_newppc) = bitvector_of_nat … (nat_of_bitvector … (sigma program pol ppc) + len).
+
 axiom assembly_ok_to_expand_pseudo_instruction_ok:
  ∀program,pol,assembled,costs.
@@ -1281 +1279 @@
     let 〈pi,newppc〉 ≝ fetch_pseudo_instruction (\snd program) ppc in
      ∃instructions.
-      Some ? instructions = expand_pseudo_instruction lookup_labels lookup_datalabels (sigma program pol ppc) expansion pi.
-*)
-
-lemma fetch_assembly_pseudo2:
- ∀program,pol,assembled.
+      Some ? instructions = expand_pseudo_instruction_safe lookup_labels lookup_datalabels (sigma program pol ppc) expansion pi.
+
+(*CSC: repair me!*)
+axiom fetch_assembly_pseudo2:
+ ∀program,pol,ppc.
   let 〈labels,costs〉 ≝ build_maps program pol in
-  〈assembled,costs〉 = assembly program pol →
-   ∀ppc,pi,newppc.
-    let code_memory ≝ load_code_memory assembled in
-    let preamble ≝ \fst program in
-    let data_labels ≝ construct_datalabels preamble in
-    let lookup_labels ≝ λx. sigma program pol (address_of_word_labels_code_mem (\snd program) x) in
-    let lookup_datalabels ≝ λx. lookup ? ? x data_labels (zero ?) in
-    ∀prf:〈pi,newppc〉 = fetch_pseudo_instruction (\snd program) ppc.
-    let instructions ≝ expand_pseudo_instruction program pol ppc lookup_labels lookup_datalabels (sigma program pol ppc) pi (refl …) (refl …) ? (refl …) in
-     fetch_many code_memory (sigma program pol newppc) (sigma program pol ppc) instructions.
- [2: <(pair_destruct_1 ????? prf) %]
+  let assembled ≝ \fst (assembly program pol) in
+  let code_memory ≝ load_code_memory assembled in
+  let data_labels ≝ construct_datalabels (\fst program) in
+  let lookup_labels ≝ λx. sigma program pol (address_of_word_labels_code_mem (\snd program) x) in
+  let lookup_datalabels ≝ λx. lookup ? ? x data_labels (zero ?) in
+  let 〈pi,newppc〉 ≝ fetch_pseudo_instruction (\snd program) ppc in
+  let instructions ≝ expand_pseudo_instruction program pol ppc lookup_labels lookup_datalabels (sigma program pol ppc) (refl …) (refl …) (refl …) in
+   fetch_many code_memory (sigma program pol newppc) (sigma program pol ppc) instructions.
+(*
  #program #pol #assembled generalize in match (assembly_ok program pol assembled)
  @pair_elim' #labels #costs #BUILD_MAPS
@@ -1306 +1302 @@
  letin lookup_labels ≝ (λx. sigma program pol (address_of_word_labels_code_mem (\snd program) x))
  letin lookup_datalabels ≝ (λx. lookup ? ? x data_labels (zero ?))
- normalize nodelta #EQ generalize in match (H ASSEMBLY ppc … EQ) -H;
+ normalize nodelta #EQ generalize in match (H ASSEMBLY ppc) -H;
  generalize in match (fetch_assembly_pseudo program pol ppc code_memory) in ⊢ ? normalize nodelta
- @pair_elim' #len #assembledi #ASSEMBLE1 
+ @pair_elim' #len #assembledi #ASSEMBLE1 #H1 #H2
+ generalize in match (H1 ?) [2: cases (H2 len assembledi (refl …)) #H1 #_ @H1]
+ >bitvector_of_nat_nat_of_bitvector
+  #K
+ 
  
  cases
@@ -1333 +1333 @@
   [ #K3 % [2: % [% | @K3]] | @K1 ]
 qed.
-
-
+*)
+
+(*
 lemma fetch_assembly_pseudo2:
  ∀program,pol,assembled.
   let 〈labels,costs〉 ≝ build_maps program pol in
-  Some … 〈assembled,costs〉 = assembly program pol →
+  〈assembled,costs〉 = assembly program pol →
    ∀ppc.
     let code_memory ≝ load_code_memory assembled in
@@ -1348 +1349 @@
     let 〈pi,newppc〉 ≝ fetch_pseudo_instruction (\snd program) ppc in
      ∃instructions.
-      Some ? instructions = expand_pseudo_instruction lookup_labels lookup_datalabels (sigma program pol ppc) expansion pi ∧
+      Some ? instructions = expand_pseudo_instruction_safe lookup_labels lookup_datalabels (sigma program pol ppc) expansion pi ∧
        fetch_many code_memory (sigma program pol newppc) (sigma program pol ppc) instructions.
  #program #pol #assembled @pair_elim' #labels #costs #BUILD_MAPS #ASSEMBLY #ppc
@@ -1360 +1361 @@
  cases (fetch_pseudo_instruction (\snd program) ppc) #pi #newppc
  generalize in match (fetch_assembly_pseudo program pol ppc
-  (λx. sigma program pol (address_of_word_labels_code_mem (\snd program) x)) (λx. lookup ?? x data_labels (zero ?)) pi
+  (λx. sigma program pol (address_of_word_labels_code_mem (\snd program) x)) (λx. lookup ?? x data_labels (zero ?))
   (load_code_memory assembled));
  whd in ⊢ ((∀_.∀_.∀_.∀_.%) → (∀_.∀_.%) → % → %) #H1 #H2 * #instructions #EXPAND
@@ -1373 +1374 @@
   [ #K3 % [2: % [% | @K3]] | @K1 ]
 qed.
+*)
 
 (* OLD?
@@ -1520 +1522 @@
     
 definition status_of_pseudo_status:
- internal_pseudo_address_map → ∀ps:PseudoStatus. policy (code_memory … ps) → option Status ≝
+ internal_pseudo_address_map → ∀ps:PseudoStatus. policy (code_memory … ps) → Status ≝
  λM,ps,pol.
   let pap ≝ code_memory … ps in
-   match assembly pap pol with
-    [ None ⇒ None …
-    | Some p ⇒
-       let cm ≝ load_code_memory (\fst p) in
-       let pc ≝ sigma pap pol (program_counter ? ps) in
-       let lir ≝ low_internal_ram_of_pseudo_low_internal_ram M (low_internal_ram … ps) in
-       let hir ≝ high_internal_ram_of_pseudo_high_internal_ram M (high_internal_ram … ps) in
-        Some …
-         (mk_PreStatus (BitVectorTrie Byte 16)
-           cm
-           lir
-           hir
-           (external_ram … ps)
-           pc
-           (special_function_registers_8051 … ps)
-           (special_function_registers_8052 … ps)
-           (p1_latch … ps)
-           (p3_latch … ps)
-           (clock … ps)) ].
+  let p ≝ assembly pap pol in
+  let cm ≝ load_code_memory (\fst p) in
+  let pc ≝ sigma pap pol (program_counter ? ps) in
+  let lir ≝ low_internal_ram_of_pseudo_low_internal_ram M (low_internal_ram … ps) in
+  let hir ≝ high_internal_ram_of_pseudo_high_internal_ram M (high_internal_ram … ps) in
+     mk_PreStatus (BitVectorTrie Byte 16)
+      cm
+      lir
+      hir
+      (external_ram … ps)
+      pc
+      (special_function_registers_8051 … ps)
+      (special_function_registers_8052 … ps)
+      (p1_latch … ps)
+      (p3_latch … ps)
+      (clock … ps).
 
 (*
@@ -1640 +1639 @@
 *)
 
+(* DEAD CODE?
 lemma status_of_pseudo_status_failure_depends_only_on_code_memory:
  ∀M:internal_pseudo_address_map.
@@ -1657 +1657 @@
   | #x #K whd whd in ⊢ (?? (λ_.??%?)) <H >K % [2: % ] ]
 qed.
+*)
 
 definition ticks_of0: ∀p:pseudo_assembly_program. policy p → Word → ? → nat × nat ≝
@@ -1820 +1821 @@
      ticks_of0 program pol ppc fetched.
 
-lemma get_register_set_program_counter:
- ∀T,s,pc. get_register T (set_program_counter … s pc) = get_register … s.
- #T #s #pc %
-qed.
-
-lemma get_8051_sfr_set_program_counter:
- ∀T,s,pc. get_8051_sfr T (set_program_counter … s pc) = get_8051_sfr … s.
- #T #s #pc %
-qed.
-
-lemma get_bit_addressable_sfr_set_program_counter:
- ∀T,s,pc. get_bit_addressable_sfr T (set_program_counter … s pc) = get_bit_addressable_sfr … s.
- #T #s #pc %
-qed.
-
-lemma low_internal_ram_set_program_counter:
- ∀T,s,pc. low_internal_ram T (set_program_counter … s pc) = low_internal_ram … s.
- #T #s #pc %
-qed.
-
-lemma get_arg_8_set_program_counter:
- ∀n.∀l:Vector addressing_mode_tag (S n). ¬(is_in ? l ACC_PC) →
-  ∀T,s,pc,b.∀arg:l.
-   get_arg_8 T (set_program_counter … s pc) b arg = get_arg_8 … s b arg.
- [2,3: cases arg; *; normalize //]
- #n #l #H #T #s #pc #b * *; [11: #NH @⊥ //] #X try #Y %
-qed.
-
-lemma set_bit_addressable_sfr_set_code_memory:
-  ∀T, U: Type[0].
-  ∀ps: PreStatus ?.
-  ∀code_mem.
-  ∀x.
-  ∀val.
-  set_bit_addressable_sfr ? (set_code_memory T U ps code_mem) x val =
-  set_code_memory T U (set_bit_addressable_sfr ? ps x val) code_mem.
-  #T #U #ps #code_mem #x #val
-  whd in ⊢ (??%?)
-  whd in ⊢ (???(???%?))
-  cases (eqb ? 128) [ normalize nodelta cases not_implemented
-  | normalize nodelta
-  cases (eqb (nat_of_bitvector 8 x) ?) [ normalize nodelta cases not_implemented
-  | normalize nodelta
-  cases (eqb (nat_of_bitvector 8 x) ?) [ normalize nodelta cases not_implemented
-  | normalize nodelta
-  cases (eqb ? 176) [ normalize nodelta %
-  | normalize nodelta
-  cases (eqb ? 153) [ normalize nodelta %
-  | normalize nodelta
-  cases (eqb ? 138) [ normalize nodelta %
-  | normalize nodelta
-  cases (eqb ? 139) [ normalize nodelta %
-  | normalize nodelta
-  cases (eqb ? 140) [ normalize nodelta %
-  | normalize nodelta
-  cases (eqb ? 141) [ normalize nodelta %
-  | normalize nodelta
-  cases (eqb ? 200) [ normalize nodelta %
-  | normalize nodelta
-  cases (eqb ? 202) [ normalize nodelta %
-  | normalize nodelta
-  cases (eqb ? 203) [ normalize nodelta %
-  | normalize nodelta
-  cases (eqb ? 204) [ normalize nodelta % 
-  | normalize nodelta
-  cases (eqb ? 205) [ normalize nodelta % 
-  | normalize nodelta
-  cases (eqb ? 135) [ normalize nodelta % 
-  | normalize nodelta
-  cases (eqb ? 136) [ normalize nodelta % 
-  | normalize nodelta
-  cases (eqb ? 137) [ normalize nodelta % 
-  | normalize nodelta
-  cases (eqb ? 152) [ normalize nodelta % 
-  | normalize nodelta
-  cases (eqb ? 168) [ normalize nodelta % 
-  | normalize nodelta
-  cases (eqb ? 184) [ normalize nodelta % 
-  | normalize nodelta
-  cases (eqb ? 129) [ normalize nodelta % 
-  | normalize nodelta
-  cases (eqb ? 130) [ normalize nodelta % 
-  | normalize nodelta
-  cases (eqb ? 131) [ normalize nodelta % 
-  | normalize nodelta
-  cases (eqb ? 208) [ normalize nodelta %
-  | normalize nodelta
-  cases (eqb ? 224) [ normalize nodelta % 
-  | normalize nodelta
-  cases (eqb ? 240) [ normalize nodelta % 
-  | normalize nodelta
-    cases not_implemented
-  ]]]]]]]]]]]]]]]]]]]]]]]]]]
-qed.
-
-lemma set_arg_8_set_code_memory:
-  ∀n:nat.
-  ∀l:Vector addressing_mode_tag (S n).
-    ¬(is_in ? l ACC_PC) →
-    ∀T: Type[0].
-    ∀U: Type[0].
-    ∀ps: PreStatus ?.
-    ∀code_mem.
-    ∀val.
-    ∀b: l.
-  set_arg_8 ? (set_code_memory T U ps code_mem) b val =
-  set_code_memory T U (set_arg_8 ? ps b val) code_mem.
-  [2,3: cases b; *; normalize //]
-  #n #l #prf #T #U #ps #code_mem #val * *;
-  [*:
-    [1,2,3,4,8,9,15,16,17,18,19: #x]
-    try #y whd in ⊢ (??(%)?)
-    whd in ⊢ (???(???(%)?))
-    [1,2:
-      cases (split bool 4 4 ?)
-      #nu' #nl'
-      normalize nodelta
-      cases (split bool 1 3 nu')
-      #bit1' #ignore'
-      normalize nodelta
-      cases (get_index_v bool 4 nu' 0 ?)
-      [1,2,3,4:
-        normalize nodelta
-        try %
-        try (@(set_bit_addressable_sfr_set_code_memory T U ps code_mem x val))
-        try (normalize in ⊢ (???(???%?)))
-      ]
-    |3,4: %
-    |*:
-       try normalize nodelta
-       normalize cases (not_implemented)
-    ]
- ]
- 
-
-qed.
-
-axiom set_arg_8_set_program_counter:
-  ∀n:nat.
-  ∀l:Vector addressing_mode_tag (S n).
-    ¬(is_in ? l ACC_PC) →
-    ∀T: Type[0].
-    ∀ps: PreStatus ?.
-    ∀pc.
-    ∀val.
-    ∀b: l.
-  set_arg_8 ? (set_program_counter T ps pc) b val =
-  set_program_counter T (set_arg_8 ? ps b val) pc.
-  [1,2: cases b; *; normalize //]
-qed.
-  
-
-lemma get_arg_8_set_code_memory:
- ∀T1,T2,s,code_mem,b,arg.
-   get_arg_8 T1 (set_code_memory T2 T1 s code_mem) b arg = get_arg_8 … s b arg.
- #T1 #T2 #s #code_mem #b #arg %
-qed.
-
-lemma set_code_memory_set_flags:
- ∀T1,T2,s,f1,f2,f3,code_mem.
-  set_code_memory T1 T2 (set_flags T1 s f1 f2 f3) code_mem =
-   set_flags … (set_code_memory … s code_mem) f1 f2 f3.
- #T1 #T2 #s #f1 #f2 #f3 #code_mem %
-qed.
-
-lemma set_program_counter_set_flags:
- ∀T1,s,f1,f2,f3,pc.
-  set_program_counter T1 (set_flags T1 s f1 f2 f3) pc =
-   set_flags … (set_program_counter … s pc) f1 f2 f3.
- #T1 #s #f1 #f2 #f3 #pc  %
-qed.
-
-lemma program_counter_set_flags:
- ∀T1,s,f1,f2,f3.
-  program_counter T1 (set_flags T1 s f1 f2 f3) = program_counter … s.
- #T1 #s #f1 #f2 #f3 %
-qed.
-
-lemma special_function_registers_8051_write_at_stack_pointer:
- ∀T,s,x.
-    special_function_registers_8051 T (write_at_stack_pointer T s x)
-  = special_function_registers_8051 T s.
- #T #s #x whd in ⊢ (??(??%)?)
- cases (split ????) #nu #nl normalize nodelta;
- cases (get_index_v bool ????) %
-qed.
-
-lemma get_8051_sfr_write_at_stack_pointer:
- ∀T,s,x,y. get_8051_sfr T (write_at_stack_pointer T s x) y = get_8051_sfr T s y.
- #T #s #x #y whd in ⊢ (??%%) //
-qed.
-
-lemma code_memory_write_at_stack_pointer:
- ∀T,s,x. code_memory T (write_at_stack_pointer T s x) = code_memory T s.
- #T #s #x whd in ⊢ (??(??%)?)
- cases (split ????) #nu #nl normalize nodelta;
- cases (get_index_v bool ????) %
-qed.
-
-axiom low_internal_ram_write_at_stack_pointer:
- ∀T1,T2,M,s1,s2,s3.∀pol.∀pbu,pbl,bu,bl,sp1,sp2:BitVector 8.
-  get_8051_sfr ? s2 SFR_SP = get_8051_sfr ? s3 SFR_SP →
-  low_internal_ram ? s2 = low_internal_ram T2 s3 →
-  sp1 = \snd (half_add ? (get_8051_sfr ? s1 SFR_SP) (bitvector_of_nat 8 1)) →
-  sp2 = \snd (half_add ? sp1 (bitvector_of_nat 8 1)) →
-  bu@@bl = sigma (code_memory … s2) pol (pbu@@pbl) →
-   low_internal_ram T1
-     (write_at_stack_pointer ?
-       (set_8051_sfr ?
-         (write_at_stack_pointer ?
-           (set_8051_sfr ?
-             (set_low_internal_ram ? s1
-               (low_internal_ram_of_pseudo_low_internal_ram M (low_internal_ram ? s2)))
-             SFR_SP sp1)
-          bl)
-        SFR_SP sp2)
-      bu)
-   = low_internal_ram_of_pseudo_low_internal_ram (sp1::M)
-      (low_internal_ram ?
-       (write_at_stack_pointer ?
-         (set_8051_sfr ?
-           (write_at_stack_pointer ? (set_8051_sfr ? s3 SFR_SP sp1) pbl)
-          SFR_SP sp2)
-        pbu)).
-        
-axiom high_internal_ram_write_at_stack_pointer:
- ∀T1,T2,M,s1,s2,s3,pol.∀pbu,pbl,bu,bl,sp1,sp2:BitVector 8.
-  get_8051_sfr ? s2 SFR_SP = get_8051_sfr ? s3 SFR_SP →
-  high_internal_ram ? s2 = high_internal_ram T2 s3 →
-  sp1 = \snd (half_add ? (get_8051_sfr ? s1 SFR_SP) (bitvector_of_nat 8 1)) →
-  sp2 = \snd (half_add ? sp1 (bitvector_of_nat 8 1)) →
-  bu@@bl = sigma (code_memory … s2) pol (pbu@@pbl) →
-   high_internal_ram T1
-     (write_at_stack_pointer ?
-       (set_8051_sfr ?
-         (write_at_stack_pointer ?
-           (set_8051_sfr ?
-             (set_high_internal_ram ? s1
-               (high_internal_ram_of_pseudo_high_internal_ram M (high_internal_ram ? s2)))
-             SFR_SP sp1)
-          bl)
-        SFR_SP sp2)
-      bu)
-   = high_internal_ram_of_pseudo_high_internal_ram (sp1::M)
-      (high_internal_ram ?
-       (write_at_stack_pointer ?
-         (set_8051_sfr ?
-           (write_at_stack_pointer ? (set_8051_sfr ? s3 SFR_SP sp1) pbl)
-          SFR_SP sp2)
-        pbu)).
-
-lemma set_program_counter_set_low_internal_ram:
- ∀T,s,x,y.
-  set_program_counter T (set_low_internal_ram … s x) y =
-   set_low_internal_ram … (set_program_counter … s y) x.
- //
-qed.
-
-lemma set_clock_set_low_internal_ram:
- ∀T,s,x,y.
-  set_clock T (set_low_internal_ram … s x) y =
-   set_low_internal_ram … (set_clock … s y) x.
- //
-qed.
-
-lemma set_program_counter_set_high_internal_ram:
- ∀T,s,x,y.
-  set_program_counter T (set_high_internal_ram … s x) y =
-   set_high_internal_ram … (set_program_counter … s y) x.
- //
-qed.
-
-lemma set_clock_set_high_internal_ram:
- ∀T,s,x,y.
-  set_clock T (set_high_internal_ram … s x) y =
-   set_high_internal_ram … (set_clock … s y) x.
- //
-qed.
-
-lemma set_low_internal_ram_set_high_internal_ram:
- ∀T,s,x,y.
-  set_low_internal_ram T (set_high_internal_ram … s x) y =
-   set_high_internal_ram … (set_low_internal_ram … s y) x.
- //
-qed.
-
-lemma external_ram_write_at_stack_pointer:
- ∀T,s,x. external_ram T (write_at_stack_pointer T s x) = external_ram T s.
- #T #s #x whd in ⊢ (??(??%)?)
- cases (split ????) #nu #nl normalize nodelta;
- cases (get_index_v bool ????) %
-qed.
-
-lemma special_function_registers_8052_write_at_stack_pointer:
- ∀T,s,x.
-    special_function_registers_8052 T (write_at_stack_pointer T s x)
-  = special_function_registers_8052 T s.
- #T #s #x whd in ⊢ (??(??%)?)
- cases (split ????) #nu #nl normalize nodelta;
- cases (get_index_v bool ????) %
-qed.
-
-lemma p1_latch_write_at_stack_pointer:
- ∀T,s,x. p1_latch T (write_at_stack_pointer T s x) = p1_latch T s.
- #T #s #x whd in ⊢ (??(??%)?)
- cases (split ????) #nu #nl normalize nodelta;
- cases (get_index_v bool ????) %
-qed.
-
-lemma p3_latch_write_at_stack_pointer:
- ∀T,s,x. p3_latch T (write_at_stack_pointer T s x) = p3_latch T s.
- #T #s #x whd in ⊢ (??(??%)?)
- cases (split ????) #nu #nl normalize nodelta;
- cases (get_index_v bool ????) %
-qed.
-
-lemma clock_write_at_stack_pointer:
- ∀T,s,x. clock T (write_at_stack_pointer T s x) = clock T s.
- #T #s #x whd in ⊢ (??(??%)?)
- cases (split ????) #nu #nl normalize nodelta;
- cases (get_index_v bool ????) %
-qed.
-
-axiom get_index_v_set_index:
- ∀T,n,x,m,p,y. get_index_v T n (set_index T n x m y p) m p = y.
-
-lemma get_8051_sfr_set_8051_sfr:
- ∀T,s,x,y. get_8051_sfr T (set_8051_sfr ? s x y) x = y.
- #T *; #A #B #C #D #E #F #G #H #I #J *; #y whd in ⊢ (??(??%?)?)
- whd in match get_8051_sfr; normalize nodelta @get_index_v_set_index
-qed.
-
-lemma program_counter_set_8051_sfr:
- ∀T,s,x,y. program_counter T (set_8051_sfr ? s x y) = program_counter ? s.
- //
-qed.
-
-axiom get_arg_8_set_low_internal_ram:
- ∀M,s,x,b,z. get_arg_8 M (set_low_internal_ram ? s x) b z = get_arg_8 ? s b z.
-
 lemma eq_rect_Type1_r:
   ∀A: Type[1].
@@ -2169 +1830 @@
   cases p
   //
-qed.
-
-lemma split_eq_status:
- ∀T.
- ∀A1,A2,A3,A4,A5,A6,A7,A8,A9,A10.
- ∀B1,B2,B3,B4,B5,B6,B7,B8,B9,B10.
-  A1=B1 → A2=B2 → A3=B3 → A4=B4 → A5=B5 → A6=B6 → A7=B7 → A8=B8 → A9=B9 → A10=B10 →
-   mk_PreStatus T A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 =
-   mk_PreStatus T B1 B2 B3 B4 B5 B6 B7 B8 B9 B10.
- //
 qed.
 
@@ -2277 +1928 @@
 *)
 
-lemma main_thm:
+axiom low_internal_ram_write_at_stack_pointer:
+ ∀T1,T2,M,s1,s2,s3.∀pol.∀pbu,pbl,bu,bl,sp1,sp2:BitVector 8.
+  get_8051_sfr ? s2 SFR_SP = get_8051_sfr ? s3 SFR_SP →
+  low_internal_ram ? s2 = low_internal_ram T2 s3 →
+  sp1 = \snd (half_add ? (get_8051_sfr ? s1 SFR_SP) (bitvector_of_nat 8 1)) →
+  sp2 = \snd (half_add ? sp1 (bitvector_of_nat 8 1)) →
+  bu@@bl = sigma (code_memory … s2) pol (pbu@@pbl) →
+   low_internal_ram T1
+     (write_at_stack_pointer ?
+       (set_8051_sfr ?
+         (write_at_stack_pointer ?
+           (set_8051_sfr ?
+             (set_low_internal_ram ? s1
+               (low_internal_ram_of_pseudo_low_internal_ram M (low_internal_ram ? s2)))
+             SFR_SP sp1)
+          bl)
+        SFR_SP sp2)
+      bu)
+   = low_internal_ram_of_pseudo_low_internal_ram (sp1::M)
+      (low_internal_ram ?
+       (write_at_stack_pointer ?
+         (set_8051_sfr ?
+           (write_at_stack_pointer ? (set_8051_sfr ? s3 SFR_SP sp1) pbl)
+          SFR_SP sp2)
+        pbu)).
+
+axiom high_internal_ram_write_at_stack_pointer:
+ ∀T1,T2,M,s1,s2,s3,pol.∀pbu,pbl,bu,bl,sp1,sp2:BitVector 8.
+  get_8051_sfr ? s2 SFR_SP = get_8051_sfr ? s3 SFR_SP →
+  high_internal_ram ? s2 = high_internal_ram T2 s3 →
+  sp1 = \snd (half_add ? (get_8051_sfr ? s1 SFR_SP) (bitvector_of_nat 8 1)) →
+  sp2 = \snd (half_add ? sp1 (bitvector_of_nat 8 1)) →
+  bu@@bl = sigma (code_memory … s2) pol (pbu@@pbl) →
+   high_internal_ram T1
+     (write_at_stack_pointer ?
+       (set_8051_sfr ?
+         (write_at_stack_pointer ?
+           (set_8051_sfr ?
+             (set_high_internal_ram ? s1
+               (high_internal_ram_of_pseudo_high_internal_ram M (high_internal_ram ? s2)))
+             SFR_SP sp1)
+          bl)
+        SFR_SP sp2)
+      bu)
+   = high_internal_ram_of_pseudo_high_internal_ram (sp1::M)
+      (high_internal_ram ?
+       (write_at_stack_pointer ?
+         (set_8051_sfr ?
+           (write_at_stack_pointer ? (set_8051_sfr ? s3 SFR_SP sp1) pbl)
+          SFR_SP sp2)
+        pbu)).
+
+lemma main_thm0:
  ∀M,M',ps,s,s'',pol.
   next_internal_pseudo_address_map M ps = Some … M' →
-  status_of_pseudo_status M ps pol = Some … s →
-  status_of_pseudo_status M' (execute_1_pseudo_instruction (ticks_of (code_memory … ps) pol) ps) ? = Some … s'' →
+  status_of_pseudo_status M ps pol = s →
+  status_of_pseudo_status M' (execute_1_pseudo_instruction (ticks_of (code_memory … ps) pol) ps) ? = s'' →
    ∃n. execute n s = s''.
  [2: >execute_1_pseudo_instruction_preserves_code_memory @pol]
  #M #M' #ps #s #s'' #pol
  generalize in match (fetch_assembly_pseudo2 (code_memory … ps) pol)
+ >execute_1_pseudo_instruction_preserves_code_memory
+ generalize in match (refl … (assembly (code_memory … ps) pol))
+ generalize in match (assembly (code_memory … ps) pol) in ⊢ (??%? → ?) #ASS #K <K generalize in match K; -K;
+ 
+ 
  whd in ⊢ (? → ? → ??%? → ??%? → ?)
  >execute_1_pseudo_instruction_preserves_code_memory
  generalize in match (refl … (assembly (code_memory … ps) pol))
+ generalize in match (assembly (code_memory … ps) pol) in ⊢ (??%? → ?) #ASS #K <K generalize in match K; -K;
+ whd in ⊢ (???% → ?)
+ cases (build_maps (code_memory … ps) pol)
+ #labels #costs change in ⊢ (? → ? → ??%? → ?) with (next_internal_pseudo_address_map0 ? ? ? ?)
+ cases (code_memory … ps) in pol ⊢ %;
+ generalize in match pol; -pol;
+ @(match code_memory … ps return λx. ∀e:code_memory … ps = x.? with [pair preamble instr_list ⇒ ?]) [%]
+ #EQ0 #pol normalize nodelta;
+
+
+
+lemma main_thm0:
+ ∀M,M',ps,ps',pol.
+  next_internal_pseudo_address_map M ps = Some … M' →
+  ∀H:ps' = execute_1_pseudo_instruction (ticks_of (code_memory … ps) pol) ps.
+   ∃n.
+      execute n (status_of_pseudo_status M ps pol)
+    = status_of_pseudo_status M' ps' ?.
+ [2: >H >execute_1_pseudo_instruction_preserves_code_memory @pol]
+ #M #M' #ps #ps' #pol
+ change with (next_internal_pseudo_address_map0 ???? = ? → ?)
+ generalize in match (fetch_assembly_pseudo2 (code_memory … ps) pol (program_counter … ps))
+ @pair_elim' #labels #costs #EQ1 normalize nodelta
+ whd in match execute_1_pseudo_instruction
+ @pair_elim' #pi #newppc #EQ2 normalize nodelta
+ cases pi in EQ2; normalize nodelta
+  [2: #ARG #MAP #H1 #H2 #EQ >MAP in EQ;
+ 
+ 
+ cases (execute_1_pseudo_instruction_preserves_code_memory ??) XX
+ cases (assembly ??) #assembled #costs normalize nodelta
+ cases (build_maps (code_memory … ps) pol) * #labels #costs whd in match eject; normalize nodelta;
+ cases ps in pol ⊢ %; #code_mem #lir #hir #er #pc #sfr1 #sfr2 #p1l #p3l #clock #pol
+ #MAP
+ cases (fetch_pseudo_instruction (\snd code_mem) ppc)
+
+ change with
+  (? → ∃n.
+    execute n
+     (set_low_internal_ram ?
+       (set_high_internal_ram ?
+         (set_program_counter ?
+           (set_code_memory ?? ps (load_code_memory ?))
+          (sigma ? pol (program_counter ? ps)))
+        (high_internal_ram_of_pseudo_high_internal_ram M ?))
+      (low_internal_ram_of_pseudo_low_internal_ram M ?))
+   = set_low_internal_ram ?
+      (set_high_internal_ram ?
+        (set_program_counter ?
+          (set_code_memory ?? (execute_1_pseudo_instruction ? ps) (load_code_memory ?))
+         (sigma ???))
+       ?)
+     ?)
+ change with (next_internal_pseudo_address_map0 ???? = ? → ?)
+ generalize in match (fetch_assembly_pseudo2 (code_memory … ps) pol (program_counter … ps))
+ @pair_elim' #labels #costs #EQ1 normalize nodelta
+ @pair_elim' #pi #newppc #EQ2
+ >execute_1_pseudo_instruction_preserves_code_memory
+ cases (assembly ??) #assembled #costs normalize nodelta
+ cases (build_maps (code_memory … ps) pol) * #labels #costs whd in match eject; normalize nodelta;
+ cases ps in pol ⊢ %; #code_mem #lir #hir #er #pc #sfr1 #sfr2 #p1l #p3l #clock #pol
+ #MAP
+ cases (fetch_pseudo_instruction (\snd code_mem) ppc)
+ 
+ 
+ (code_memory pseudo_assembly_program ps)
+ #MAP 
+
+ 
+ 
+ whd in ⊢ (? → ? → ??%? → ??%? → ?)
  generalize in match (assembly (code_memory … ps) pol) in ⊢ (??%? → %) #ASS whd in ⊢ (???% → ?)
  cases (build_maps (code_memory … ps) pol)
@@ -2614 +2393 @@
             |
             ] *)
+
+lemma main_thm:
+ ∀M,M',ps,pol.
+  next_internal_pseudo_address_map M ps = Some … M' →
+   ∃n.
+      execute n (status_of_pseudo_status M ps pol)
+    = status_of_pseudo_status M' (execute_1_pseudo_instruction (ticks_of (code_memory … ps) pol) ps) ?.
+ [2: >execute_1_pseudo_instruction_preserves_code_memory @pol]