Changeset 2047 for src/ASM/AssemblyProofSplit.ma

Timestamp:

Jun 12, 2012, 2:18:16 PM (8 years ago)

Author:

mulligan

Message:

Big bugs in policy calculations found. Waiting for Jaap's commit.

File:

• src/ASM/AssemblyProofSplit.ma (modified) (8 diffs)

src/ASM/AssemblyProofSplit.ma

@@ -170 +170 @@
 qed.
 
+lemma pair_replace:
+ ∀A,B,T:Type[0].∀P:T → Prop. ∀t. ∀a,b.∀c,c': A × B. c'=c → c ≃ 〈a,b〉 →
+  P (t a b) → P (let 〈a',b'〉 ≝ c' in t a' b').
+ #A #B #T #P #t #a #b * #x #y * #x' #y' #H1 #H2 destruct //
+qed.
+
 lemma get_arg_8_set_program_counter:
   ∀M: Type[0].
@@ -187 +193 @@
   try (#addr1 #addr2) try #addr1
   normalize nodelta try %
-  >external_ram_set_program_counter
-  >program_counter_set_program_counter
   cases daemon (* XXX: rewrite not working but provable *)
 qed.
@@ -354 +358 @@
 include alias "basics/logic.ma".
 include alias "ASM/BitVectorTrie.ma".
-
-lemma pair_replace:
- ∀A,B,T:Type[0].∀P:T → Prop. ∀t. ∀a,b.∀c,c': A × B. c'=c → c ≃ 〈a,b〉 →
-  P (t a b) → P (let 〈a',b'〉 ≝ c' in t a' b').
- #A #B #T #P #t #a #b * #x #y * #x' #y' #H1 #H2 destruct //
-qed.
 
 lemma jmpair_as_replace:
@@ -407 +405 @@
 include alias "ASM/Vector.ma".
 
+axiom main_lemma_preinstruction:
+  ∀M, M': internal_pseudo_address_map.
+  ∀preamble: preamble.
+  ∀instr_list: list labelled_instruction.
+  ∀cm: pseudo_assembly_program.
+  ∀EQcm: cm = 〈preamble, instr_list〉.
+  ∀sigma: Word → Word.
+  ∀policy: Word → bool.
+  ∀sigma_policy_witness: sigma_policy_specification cm sigma policy.
+  ∀ps: PseudoStatus cm.
+  ∀ppc: Word.
+  ∀EQppc: ppc = program_counter pseudo_assembly_program cm ps.
+  ∀labels: label_map.
+  ∀costs: BitVectorTrie costlabel 16.
+  ∀create_label_cost_refl: create_label_cost_map instr_list = 〈labels, costs〉.
+  ∀newppc: Word.
+  ∀lookup_labels: Identifier → Word.
+  ∀EQlookup_labels: lookup_labels = (λx:Identifier. address_of_word_labels_code_mem instr_list x).
+  ∀lookup_datalabels: Identifier → Word.
+  ∀EQlookup_datalabels: lookup_datalabels = (λx.lookup_def ASMTag Word (construct_datalabels preamble) x (zero 16)).
+  ∀EQnewppc: newppc = add 16 ppc (bitvector_of_nat 16 1).
+  ∀instr: preinstruction Identifier.
+  ∀ticks: nat × nat.
+  ∀EQticks: ticks = ticks_of0 〈preamble, instr_list〉 sigma policy ppc (Instruction instr).
+  ∀addr_of: Identifier → PreStatus pseudo_assembly_program cm → BitVector 16.
+  ∀EQaddr_of: addr_of = (λx:Identifier. λy:PreStatus pseudo_assembly_program cm. address_of_word_labels cm x).
+  ∀s: PreStatus pseudo_assembly_program cm.
+  ∀EQs: s = (set_program_counter pseudo_assembly_program cm ps (add 16 ppc (bitvector_of_nat 16 1))).
+  ∀P: preinstruction Identifier → PseudoStatus cm → Prop.
+  ∀EQP: P = (λinstr, s. sigma (add 16 ppc (bitvector_of_nat 16 1)) = add 16 (sigma ppc)
+              (bitvector_of_nat 16 (\fst (assembly_1_pseudoinstruction lookup_labels sigma policy ppc
+                  lookup_datalabels (Instruction instr)))) →
+              next_internal_pseudo_address_map0 pseudo_assembly_program (Instruction instr) M cm ps = Some internal_pseudo_address_map M' →
+                fetch_many (load_code_memory (\fst (pi1 … (assembly cm sigma policy)))) (sigma (add 16 ppc (bitvector_of_nat 16 1))) (sigma (program_counter pseudo_assembly_program cm ps))
+                  (expand_pseudo_instruction lookup_labels sigma policy (program_counter pseudo_assembly_program cm ps) lookup_datalabels (Instruction instr)) →
+                    ∃n: nat. execute n (code_memory_of_pseudo_assembly_program cm sigma policy) (status_of_pseudo_status M cm ps sigma policy) =
+                      status_of_pseudo_status M' cm s sigma policy).
+    P instr (execute_1_preinstruction ticks Identifier pseudo_assembly_program cm addr_of instr s).
+
+(*
 lemma main_lemma_preinstruction:
   ∀M, M': internal_pseudo_address_map.
@@ -878 +916 @@
     @(pair_replace ?????????? p) normalize nodelta
     [1,3:
+      >get_arg_8_set_program_counter
       cases daemon
     ]
@@ -900 +939 @@
       >EQstatus_after_1 in ⊢ (???%);
       whd in ⊢ (???%);
-      [1:
+      [1:exists_labelled_instruction id instr_list →
         <fetch_refl in ⊢ (???%);
       |2:
@@ -917 +956 @@
         change with (add ???) in match (\snd (half_add ???));
         >set_arg_8_set_program_counter in ⊢ (???%);
-        [2,4,6,8: cases daemon ]
+        [2,4,6,8: /2/ ]
         >program_counter_set_program_counter in ⊢ (???%);
         >(?: add ? intermediate_pc (sign_extension (bitvector_of_nat ? 2)) = intermediate_pc')
@@ -1392 +1431 @@
   ]
 qed.
-
-(*  
-    *
-    [1,2,3: (* ADD, ADDC, SUBB *)
-    @list_addressing_mode_tags_elim_prop try % whd
-    @list_addressing_mode_tags_elim_prop try % whd #arg
-    (* XXX: we first work on sigma_increment_commutation *)
-    #sigma_increment_commutation
-    normalize in match (assembly_1_pseudoinstruction ??????) in sigma_increment_commutation;
-    (* XXX: we work on the maps *)
-    whd in ⊢ (??%? → ?);
-    try (change with (if ? then ? else ? = ? → ?)
-         cases (addressing_mode_ok ????? ∧ addressing_mode_ok ?????) normalize nodelta)
-    #H try @(None_Some_elim ??? H) @(Some_Some_elim ????? H) #map_refl_assm <map_refl_assm
-    (* XXX: we assume the fetch_many hypothesis *)
-    #fetch_many_assm
-    (* XXX: we give the existential *)
-    %{1}
-    whd in match (execute_1_pseudo_instruction0 ?????);
-    (* XXX: work on the left hand side of the equality *)
-    whd in ⊢ (??%?); whd in match (program_counter ???); <EQppc
-    (* XXX: execute fetches some more *)
-    whd in match code_memory_of_pseudo_assembly_program; normalize nodelta
-    whd in fetch_many_assm;
-    >EQassembled in fetch_many_assm;
-    cases (fetch ??) * #instr #newpc #ticks normalize nodelta * *
-    #eq_instr #EQticks whd in EQticks:(???%); >EQticks
-    #fetch_many_assm whd in fetch_many_assm;
-    lapply (eq_bv_eq … fetch_many_assm) -fetch_many_assm #EQnewpc
-    >(eq_instruction_to_eq … eq_instr) -instr
-    [ @(pose … (pi1 … (execute_1_preinstruction' …))) #lhs #EQlhs
-      @(pose …
-        (λlhs. status_of_pseudo_status M 〈preamble,instr_list〉 lhs sigma policy))
-      #Pl #EQPl
-      cut (∀A,B:Type[0].∀f,f':A → B.∀x. f=f' → f x = f' x) [2: #eq_f_g_to_eq
-      lapply (λy.eq_f_g_to_eq ???? y EQPl) #XX <(XX lhs) -XX >EQlhs -lhs
-      whd in ⊢ (??%?); whd in ⊢ (??(???%)(?(???%)));
-      @pair_elim
-      >tech_pi1_let_as_commute
-    
-    
-    whd in ⊢ (??%?);
-    [ @(pose … (execute_1_preinstruction' ???????))
-      #lhs whd in ⊢ (???% → ?); #EQlhs
-      @(pose … (execute_1_preinstruction' ???????))
-      #rhs whd in ⊢ (???% → ?); #EQrhs
-
-
-      CSC: delirium
-      
-      >EQlhs -EQlhs >EQrhs -EQrhs
-      cases (add_8_with_carry ???) #bits1 #bits2 whd in ⊢ (??%%);
-      
-     lapply (refl ? (execute_1_preinstruction' ???????));
-    [ whd in match (execute_1_preinstruction' ???????);
-
-    whd in ⊢ (??%?);
-    [ whd in ⊢ (??(???%)%);
-      whd in match (execute_1_preinstruction' ???????);
-      cases (add_8_with_carry ???) #bits1 #bits2 whd in ⊢ (??%?);
-      @pair_elim #result #flags #Heq1
-    whd in match execute_1_preinstruction'; normalize nodelta
-    (* XXX: now we start to work on the mk_PreStatus equality *)
-    whd in ⊢ (??%?);
-  
-  
-  
-    [1,2,3: (* ADD, ADDC, SUBB *) #arg1 #arg2
-    (* XXX: we take up the hypotheses *)
-    #sigma_increment_commutation #next_map_assm #fetch_many_assm
-    (* XXX: we give the existential *)
-    %{1}
-    whd in match (execute_1_pseudo_instruction0 ?????);
-    whd in ⊢ (??%?); whd in match (program_counter ???); <EQppc
-    whd in match code_memory_of_pseudo_assembly_program; normalize nodelta
-    (* XXX: fetching of the instruction *)
-    whd in fetch_many_assm;
-    >EQassembled in fetch_many_assm;
-    cases (fetch ??) * #instr #newpc #ticks normalize nodelta * *
-    #eq_instr #EQticks whd in EQticks:(???%); >EQticks
-    #fetch_many_assm whd in fetch_many_assm;
-    lapply (eq_bv_eq … fetch_many_assm) -fetch_many_assm #EQnewpc
-    >(eq_instruction_to_eq … eq_instr) -instr
-    (* XXX: now we start to work on the mk_PreStatus equality *)
-    whd in ⊢ (??%?);
-    check execute_1_preinstruction
-    
-    
-     #MAP #H1 #H2 #EQ %[1,3,5:@1]
-       normalize in H1; generalize in match (option_destruct_Some ??? H1) #K1 >K1 in H2; whd in ⊢ (% → ?)
-       change in ⊢ (? → ??%?) with (execute_1_0 ??)
-       cases (fetch (load_code_memory assembled) (sigma 〈preamble,instr_list〉 pol (program_counter … ps))) * #instr #newppc' #ticks normalize nodelta;
-       * * #H2a #H2b whd in ⊢ (% → ?) #H2c
-       >H2b >(eq_instruction_to_eq … H2a)
-       generalize in match EQ; -EQ; whd in ⊢ (???% → ??%?); generalize in match MAP; -MAP;
-       @(list_addressing_mode_tags_elim_prop … arg1) whd try % -arg1;
-       @(list_addressing_mode_tags_elim_prop … arg2) whd try % -arg2; #ARG2
-       normalize nodelta; #MAP;
-       [1: change in ⊢ (? → %) with
-        ((let 〈result,flags〉 ≝
-          add_8_with_carry
-           (get_arg_8 ? ps false ACC_A)
-           (get_arg_8 ?
-             (set_low_internal_ram ? ps (low_internal_ram_of_pseudo_low_internal_ram M (low_internal_ram … ps)))
-             false (DIRECT ARG2))
-           ? in ?) = ?)
-        [2,3: %]
-        change in ⊢ (???% → ?) with
-         (let 〈result,flags〉 ≝ add_8_with_carry ?(*(get_arg_8 ? ps false ACC_A)*) ?? in ?)
-        >get_arg_8_set_clock
-       [1,2: cases (addressing_mode_ok ???? ∧ addressing_mode_ok ????) in MAP ⊢ ?
-         [2,4: #abs @⊥ normalize in abs; destruct (abs)
-         |*:whd in ⊢ (??%? → ?) #H <(option_destruct_Some ??? H)]
-       [ change in ⊢ (? → %) with
-        ((let 〈result,flags〉 ≝
-          add_8_with_carry
-           (get_arg_8 ? ps false ACC_A)
-           (get_arg_8 ?
-             (set_low_internal_ram ? ps (low_internal_ram_of_pseudo_low_internal_ram M (low_internal_ram … ps)))
-             false (DIRECT ARG2))
-           ? in ?) = ?)
-          >get_arg_8_set_low_internal_ram
-       
-        cases (add_8_with_carry ???)
-         
-        [1,2,3,4,5,6,7,8: cases (add_8_with_carry ???) |*: cases (sub_8_with_carry ???)]
-       #result #flags
-       #EQ >EQ -EQ; normalize nodelta; >(eq_bv_eq … H2c) %
-
-
-  |4: (* Jmp *) #label whd in ⊢ (??%? → ???% → ?);
-   @Some_Some_elim #MAP cases (pol ?) normalize nodelta
-       [3: (* long *) #EQ3 @(Some_Some_elim ????? EQ3) #EQ3'
-         whd in match eject normalize nodelta >EQ3' in ⊢ (% → ?) whd in ⊢ (% → ?)
-         @pair_elim' * #instr #newppc' #ticks #EQ4       
-         * * #H2a #H2b whd in ⊢ (% → ?) #H2
-         >H2b >(eq_instruction_to_eq … H2a)
-         #EQ %[@1]
-         <MAP >(eq_bv_eq … H2) >EQ
-         whd in ⊢ (??%?) >EQ4 whd in ⊢ (??%?)
-         cases ps in EQ4; #A1 #A2 #A3 #A4 #A5 #A6 #A7 #A8 #A9 #A10 #XXX >XXX %
-         whd in ⊢ (??%?)
-         whd in ⊢ (??(match ?%? with [_ ⇒ ?])?)
-         cases ps in EQ0 ⊢ %; #A1 #A2 #A3 #A4 #A5 #A6 #A7 #A8 #A9 #A10 #XXXX >XXXX %
-  |5: (* Call *) #label #MAP
-      generalize in match (option_destruct_Some ??? MAP) -MAP; #MAP <MAP -MAP;
-      whd in ⊢ (???% → ?) cases (pol ?) normalize nodelta;
-       [ (* short *) #abs @⊥ destruct (abs)
-       |3: (* long *) #H1 #H2 #EQ %[@1]
-           (* normalize in H1; !!!*) generalize in match (option_destruct_Some ??? H1) #K1 >K1 in H2; whd in ⊢ (% → ?)
-           change in ⊢ (? → ??%?) with (execute_1_0 ??)
-           cases (fetch (load_code_memory assembled) (sigma 〈preamble,instr_list〉 pol (program_counter … ps))) * #instr #newppc' #ticks normalize nodelta;
-           * * #H2a #H2b whd in ⊢ (% → ?) #H2c
-           >H2b >(eq_instruction_to_eq … H2a)
-           generalize in match EQ; -EQ;
-           whd in ⊢ (???% → ??%?);
-           generalize in match (refl … (half_add 8 (get_8051_sfr ? ps SFR_SP) (bitvector_of_nat ? 1))) cases (half_add ???) in ⊢ (??%? → %) #carry #new_sp #EQ1 normalize nodelta;
-           >(eq_bv_eq … H2c)
-           change with
-            ((?=let 〈ppc_bu,ppc_bl〉 ≝ vsplit bool 8 8 newppc in ?) →
-                (let 〈pc_bu,pc_bl〉 ≝ vsplit bool 8 8 (sigma 〈preamble,instr_list〉 pol newppc) in ?)=?)
-           generalize in match (refl … (vsplit … 8 8 newppc)) cases (vsplit bool 8 8 newppc) in ⊢ (??%? → %) #ppc_bu #ppc_bl #EQppc
-           generalize in match (refl … (vsplit … 8 8 (sigma 〈preamble,instr_list〉 pol newppc))) cases (vsplit bool 8 8 (sigma 〈preamble,instr_list〉 pol newppc)) in ⊢ (??%? → %) #pc_bu #pc_bl #EQpc normalize nodelta;
-           >get_8051_sfr_write_at_stack_pointer >get_8051_sfr_write_at_stack_pointer
-           >get_8051_sfr_set_8051_sfr >get_8051_sfr_set_8051_sfr
-           generalize in match (refl … (half_add ? new_sp (bitvector_of_nat ? 1))) cases (half_add ???) in ⊢ (??%? → %) #carry' #new_sp' #EQ2 normalize nodelta;
-           #EQ >EQ -EQ; normalize nodelta; >(eq_bv_eq … H2c)
-           @split_eq_status;
-            [ >code_memory_write_at_stack_pointer whd in ⊢ (??%?)
-              >code_memory_write_at_stack_pointer %
-            | >set_program_counter_set_low_internal_ram
-              >set_clock_set_low_internal_ram
-              @low_internal_ram_write_at_stack_pointer
-               [ >EQ0 @pol | % | %
-               | @(  … EQ1)
-               | @(pair_destruct_2 … EQ2)
-               | >(pair_destruct_1 ????? EQpc)
-                 >(pair_destruct_2 ????? EQpc)
-                 @vsplit_elim #x #y #H <H -x y H;
-                 >(pair_destruct_1 ????? EQppc)
-                 >(pair_destruct_2 ????? EQppc)
-                 @vsplit_elim #x #y #H <H -x y H;
-                 >EQ0 % ]
-            | >set_low_internal_ram_set_high_internal_ram
-              >set_program_counter_set_high_internal_ram
-              >set_clock_set_high_internal_ram
-              @high_internal_ram_write_at_stack_pointer
-               [ >EQ0 @pol | % | %
-               | @(pair_destruct_2 … EQ1)
-               | @(pair_destruct_2 … EQ2)
-               | >(pair_destruct_1 ????? EQpc)
-                 >(pair_destruct_2 ????? EQpc)
-                 @vsplit_elim #x #y #H <H -x y H;
-                 >(pair_destruct_1 ????? EQppc)
-                 >(pair_destruct_2 ????? EQppc)
-                 @vsplit_elim #x #y #H <H -x y H;
-                 >EQ0 % ]            
-            | >external_ram_write_at_stack_pointer whd in ⊢ (??%?)
-              >external_ram_write_at_stack_pointer whd in ⊢ (???%)
-              >external_ram_write_at_stack_pointer whd in ⊢ (???%)
-              >external_ram_write_at_stack_pointer %
-            | change with (? = sigma ?? (address_of_word_labels_code_mem (\snd (code_memory ? ps)) ?))
-              >EQ0 % 
-            | >special_function_registers_8051_write_at_stack_pointer whd in ⊢ (??%?)
-              >special_function_registers_8051_write_at_stack_pointer whd in ⊢ (???%)
-              >special_function_registers_8051_write_at_stack_pointer whd in ⊢ (???%)
-              >special_function_registers_8051_write_at_stack_pointer %
-            | >special_function_registers_8052_write_at_stack_pointer whd in ⊢ (??%?)
-              >special_function_registers_8052_write_at_stack_pointer whd in ⊢ (???%)
-              >special_function_registers_8052_write_at_stack_pointer whd in ⊢ (???%)
-              >special_function_registers_8052_write_at_stack_pointer %
-            | >p1_latch_write_at_stack_pointer whd in ⊢ (??%?)
-              >p1_latch_write_at_stack_pointer whd in ⊢ (???%)
-              >p1_latch_write_at_stack_pointer whd in ⊢ (???%)
-              >p1_latch_write_at_stack_pointer %
-            | >p3_latch_write_at_stack_pointer whd in ⊢ (??%?)
-              >p3_latch_write_at_stack_pointer whd in ⊢ (???%)
-              >p3_latch_write_at_stack_pointer whd in ⊢ (???%)
-              >p3_latch_write_at_stack_pointer %
-            | >clock_write_at_stack_pointer whd in ⊢ (??%?)
-              >clock_write_at_stack_pointer whd in ⊢ (???%)
-              >clock_write_at_stack_pointer whd in ⊢ (???%)
-              >clock_write_at_stack_pointer %]
-       (*| (* medium *)  #H1 #H2 #EQ %[@1] generalize in match H1; -H1;
-         @pair_elim' #fst_5_addr #rest_addr #EQ1
-         @pair_elim' #fst_5_pc #rest_pc #EQ2
-         generalize in match (refl … (eq_bv … fst_5_addr fst_5_pc))
-         cases (eq_bv ???) in ⊢ (??%? → %) normalize nodelta; #EQ3 #TEQ [2: destruct (TEQ)]
-         generalize in match (option_destruct_Some ??? TEQ) -TEQ; #K1 >K1 in H2; whd in ⊢ (% → ?)
-         change in ⊢ (? →??%?) with (execute_1_0 ??)
-         @pair_elim' * #instr #newppc' #ticks #EQn
-          * * #H2a #H2b whd in ⊢ (% → ?) #H2c >H2b >(eq_instruction_to_eq … H2a) whd in ⊢ (??%?)
-          generalize in match EQ; -EQ; normalize nodelta; >(eq_bv_eq … H2c)
-          @pair_elim' #carry #new_sp change with (half_add ? (get_8051_sfr ? ps ?) ? = ? → ?) #EQ4
-          @vsplit_elim' #pc_bu #pc_bl >program_counter_set_8051_sfr XXX change with (newppc = ?) #EQ5
-          @pair_elim' #carry' #new_sp' #EQ6 normalize nodelta; #EQx >EQx -EQx;
-          change in ⊢ (??(match ????% with [_ ⇒ ?])?) with (sigma … newppc)
-          @vsplit_elim' #pc_bu' #pc_bl' #EQ7 change with (newppc' = ? → ?)
-          >get_8051_sfr_set_8051_sfr
-          
-          whd in EQ:(???%) ⊢ ? >EQ -EQ; normalize nodelta; >(eq_bv_eq … H2c) whd in ⊢ (??%?)
-           change with ((let 〈pc_bu,pc_bl〉 ≝ vsplit bool 8 8 (sigma 〈preamble,instr_list〉 newppc) in ?)=?)
-           generalize in match (refl … (vsplit bool 8 8 (sigma 〈preamble,instr_list〉 newppc)))
-           cases (vsplit ????) in ⊢ (??%? → %) #pc_bu #pc_bl normalize nodelta; #EQ4
-           generalize in match (refl … (vsplit bool 4 4 pc_bu))
-           cases (vsplit ????) in ⊢ (??%? → %) #nu #nl normalize nodelta; #EQ5
-           generalize in match (refl … (vsplit bool 3 8 rest_addr))
-           cases (vsplit ????) in ⊢ (??%? → %) #relevant1 #relevant2 normalize nodelta; #EQ6
-           change with ((let 〈carry,new_pc〉 ≝ half_add ? (sigma … newppc) ? in ?) = ?)
-           generalize in match
-            (refl …
-             (half_add 16 (sigma 〈preamble,instr_list〉 newppc)
-             ((nu@@get_index' bool 0 3 nl:::relevant1)@@relevant2)))
-           cases (half_add ???) in ⊢ (??%? → %) #carry #new_pc normalize nodelta; #EQ7
-           @split_eq_status try %
-            [ change with (? = sigma ? (address_of_word_labels ps label))
-              (* ARITHMETICS, BUT THE GOAL SEEMS FALSE *)
-            | whd in ⊢ (??%%) whd in ⊢ (??(?%?)?) whd in ⊢ (??(?(match ?(?%)? with [_ ⇒ ?])?)?) 
-              @(bitvector_3_elim_prop … (\fst (vsplit bool 3 8 rest_addr))) %]] *)]
-  |4: (* Jmp *) #label #MAP
-      generalize in match (option_destruct_Some ??? MAP) -MAP; #MAP >MAP -MAP;
-      whd in ⊢ (???% → ?) cases (pol ?) normalize nodelta;
-       [3: (* long *) #H1 #H2 #EQ %[@1]
-           (* normalize in H1; !!!*) generalize in match (option_destruct_Some ??? H1) #K1 >K1 in H2; whd in ⊢ (% → ?)
-           change in ⊢ (? → ??%?) with (execute_1_0 ??)
-           cases (fetch (load_code_memory assembled) (sigma 〈preamble,instr_list〉 pol (program_counter … ps))) * #instr #newppc' #ticks normalize nodelta;
-           * * #H2a #H2b whd in ⊢ (% → ?) #H2c
-           >H2b >(eq_instruction_to_eq … H2a)
-           generalize in match EQ; -EQ;
-           #EQ >EQ -EQ; normalize nodelta; >(eq_bv_eq … H2c)
-           cases ps in EQ0 ⊢ %; #A1 #A2 #A3 #A4 #A5 #A6 #A7 #A8 #A9 #A10 #XXXX >XXXX %
-       |1: (* short *) #H1 #H2 #EQ %[@1] generalize in match H1; -H1;
-           generalize in match
-            (refl ?
-             (sub_16_with_carry
-              (sigma 〈preamble,instr_list〉 pol (program_counter … ps))
-              (sigma 〈preamble,instr_list〉 pol (address_of_word_labels_code_mem instr_list label))
-              false))
-           cases (sub_16_with_carry ???) in ⊢ (??%? → %); #results #flags normalize nodelta;
-           generalize in match (refl … (vsplit … 8 8 results)) cases (vsplit ????) in ⊢ (??%? → %) #upper #lower normalize nodelta;
-           generalize in match (refl … (eq_bv … upper (zero 8))) cases (eq_bv ???) in ⊢ (??%? → %) normalize nodelta;
-           #EQ1 #EQ2 #EQ3 #H1 [2: @⊥ destruct (H1)]
-           generalize in match (option_destruct_Some ??? H1) #K1 >K1 in H2; whd in ⊢ (% → ?)
-           change in ⊢ (? → ??%?) with (execute_1_0 ??)
-           cases (fetch (load_code_memory assembled) (sigma 〈preamble,instr_list〉 pol (program_counter … ps))) * #instr #newppc' #ticks normalize nodelta;
-           * * #H2a #H2b whd in ⊢ (% → ?) #H2c
-           >H2b >(eq_instruction_to_eq … H2a)
-           generalize in match EQ; -EQ;
-           whd in ⊢ (???% → ?);
-           #EQ >EQ -EQ; normalize nodelta; >(eq_bv_eq … H2c)
-           change with ((let 〈carry,new_pc〉 ≝ half_add ? (sigma ???) ? in ?) = ?)
-           generalize in match (refl … (half_add 16 (sigma 〈preamble,instr_list〉 pol newppc) (sign_extension lower)))
-           cases (half_add ???) in ⊢ (??%? → %) #carry #newpc normalize nodelta #EQ4
-           @split_eq_status try % change with (newpc = sigma ?? (address_of_word_labels ps label))
-           (* ARITHMETICS, BUT THE GOAL SEEMS FALSE *)
-       | (* medium *)  #H1 #H2 #EQ %[@1] generalize in match H1; -H1;
-         generalize in match
-          (refl …
-            (vsplit … 5 11 (sigma 〈preamble,instr_list〉 pol (address_of_word_labels_code_mem instr_list label))))
-         cases (vsplit ????) in ⊢ (??%? → %) #fst_5_addr #rest_addr normalize nodelta; #EQ1
-         generalize in match
-          (refl …
-            (vsplit … 5 11 (sigma 〈preamble,instr_list〉 pol (program_counter … ps))))
-         cases (vsplit ????) in ⊢ (??%? → %) #fst_5_pc #rest_pc normalize nodelta; #EQ2
-         generalize in match (refl … (eq_bv … fst_5_addr fst_5_pc))
-         cases (eq_bv ???) in ⊢ (??%? → %) normalize nodelta; #EQ3 #TEQ [2: destruct (TEQ)]
-         generalize in match (option_destruct_Some ??? TEQ) -TEQ; #K1 >K1 in H2; whd in ⊢ (% → ?)
-         change in ⊢ (? →??%?) with (execute_1_0 ??)
-           cases (fetch (load_code_memory assembled) (sigma 〈preamble,instr_list〉 pol (program_counter … ps))) * #instr #newppc' #ticks normalize nodelta;
-           * * #H2a #H2b whd in ⊢ (% → ?) #H2c
-           >H2b >(eq_instruction_to_eq … H2a)
-           generalize in match EQ; -EQ;
-           whd in ⊢ (???% → ?);
-           #EQ >EQ -EQ; normalize nodelta; >(eq_bv_eq … H2c) whd in ⊢ (??%?)
-           change with ((let 〈pc_bu,pc_bl〉 ≝ vsplit bool 8 8 (sigma 〈preamble,instr_list〉 pol newppc) in ?)=?)
-           generalize in match (refl … (vsplit bool 8 8 (sigma 〈preamble,instr_list〉 pol newppc)))
-           cases (vsplit ????) in ⊢ (??%? → %) #pc_bu #pc_bl normalize nodelta; #EQ4
-           generalize in match (refl … (vsplit bool 4 4 pc_bu))
-           cases (vsplit ????) in ⊢ (??%? → %) #nu #nl normalize nodelta; #EQ5
-           generalize in match (refl … (vsplit bool 3 8 rest_addr))
-           cases (vsplit ????) in ⊢ (??%? → %) #relevant1 #relevant2 normalize nodelta; #EQ6
-           change with ((let 〈carry,new_pc〉 ≝ half_add ? (sigma … newppc) ? in ?) = ?)
-           generalize in match
-            (refl …
-             (half_add 16 (sigma 〈preamble,instr_list〉 pol newppc)
-             ((nu@@get_index' bool 0 3 nl:::relevant1)@@relevant2)))
-           cases (half_add ???) in ⊢ (??%? → %) #carry #new_pc normalize nodelta; #EQ7    
-           @split_eq_status try %
-            [ change with (? = sigma ?? (address_of_word_labels ps label))
-              (* ARITHMETICS, BUT THE GOAL SEEMS FALSE *)
-            | whd in ⊢ (??%%) whd in ⊢ (??(?%?)?) whd in ⊢ (??(?(match ?(?%)? with [_ ⇒ ?])?)?) 
-              @(bitvector_3_elim_prop … (\fst (vsplit bool 3 8 rest_addr))) %]]
-  | (* Instruction *) -pi;  whd in ⊢ (? → ??%? → ?) *; normalize nodelta;
-    [1,2,3: (* ADD, ADDC, SUBB *) #arg1 #arg2 #MAP #H1 #H2 #EQ %[1,3,5:@1]
-       normalize in H1; generalize in match (option_destruct_Some ??? H1) #K1 >K1 in H2; whd in ⊢ (% → ?)
-       change in ⊢ (? → ??%?) with (execute_1_0 ??)
-       cases (fetch (load_code_memory assembled) (sigma 〈preamble,instr_list〉 pol (program_counter … ps))) * #instr #newppc' #ticks normalize nodelta;
-       * * #H2a #H2b whd in ⊢ (% → ?) #H2c
-       >H2b >(eq_instruction_to_eq … H2a)
-       generalize in match EQ; -EQ; whd in ⊢ (???% → ??%?); generalize in match MAP; -MAP;
-       @(list_addressing_mode_tags_elim_prop … arg1) whd try % -arg1;
-       @(list_addressing_mode_tags_elim_prop … arg2) whd try % -arg2; #ARG2
-       normalize nodelta; #MAP;
-       [1: change in ⊢ (? → %) with
-        ((let 〈result,flags〉 ≝
-          add_8_with_carry
-           (get_arg_8 ? ps false ACC_A)
-           (get_arg_8 ?
-             (set_low_internal_ram ? ps (low_internal_ram_of_pseudo_low_internal_ram M (low_internal_ram … ps)))
-             false (DIRECT ARG2))
-           ? in ?) = ?)
-        [2,3: %]
-        change in ⊢ (???% → ?) with
-         (let 〈result,flags〉 ≝ add_8_with_carry ?(*(get_arg_8 ? ps false ACC_A)*) ?? in ?)
-        >get_arg_8_set_clock
-       [1,2: cases (addressing_mode_ok ???? ∧ addressing_mode_ok ????) in MAP ⊢ ?
-         [2,4: #abs @⊥ normalize in abs; destruct (abs)
-         |*:whd in ⊢ (??%? → ?) #H <(option_destruct_Some ??? H)]
-       [ change in ⊢ (? → %) with
-        ((let 〈result,flags〉 ≝
-          add_8_with_carry
-           (get_arg_8 ? ps false ACC_A)
-           (get_arg_8 ?
-             (set_low_internal_ram ? ps (low_internal_ram_of_pseudo_low_internal_ram M (low_internal_ram … ps)))
-             false (DIRECT ARG2))
-           ? in ?) = ?)
-          >get_arg_8_set_low_internal_ram
-       
-        cases (add_8_with_carry ???)
-         
-        [1,2,3,4,5,6,7,8: cases (add_8_with_carry ???) |*: cases (sub_8_with_carry ???)]
-       #result #flags
-       #EQ >EQ -EQ; normalize nodelta; >(eq_bv_eq … H2c) %
-    | (* INC *) #arg1 #H1 #H2 #EQ %[@1]
-       normalize in H1; generalize in match (option_destruct_Some ??? H1) #K1 >K1 in H2; whd in ⊢ (% → ?)
-       change in ⊢ (? → ??%?) with (execute_1_0 ??)
-       cases (fetch (load_code_memory assembled) (sigma 〈preamble,instr_list〉 (program_counter … ps))) * #instr #newppc' #ticks normalize nodelta;
-       * * #H2a #H2b whd in ⊢ (% → ?) #H2c
-       >H2b >(eq_instruction_to_eq … H2a)
-       generalize in match EQ; -EQ; whd in ⊢ (???% → ??%?);
-       @(list_addressing_mode_tags_elim_prop … arg1) whd try % -arg1; normalize nodelta; [1,2,3: #ARG]
-       [1,2,3,4: cases (half_add ???) #carry #result
-       | cases (half_add ???) #carry #bl normalize nodelta;
-         cases (full_add ????) #carry' #bu normalize nodelta ]
-        #EQ >EQ -EQ; normalize nodelta; >(eq_bv_eq … H2c) -newppc';
-        [5: %
-        |1: <(set_arg_8_set_code_memory 0 [[direct]] ? ? ? (set_clock pseudo_assembly_program
-      (set_program_counter pseudo_assembly_program ps newppc)
-      (\fst  (ticks_of0 〈preamble,instr_list〉
-                   (program_counter pseudo_assembly_program ps)
-                   (Instruction (INC Identifier (DIRECT ARG))))
-       +clock pseudo_assembly_program
-        (set_program_counter pseudo_assembly_program ps newppc))) (load_code_memory assembled) result (DIRECT ARG))
-        [2,3: // ]
-            <(set_arg_8_set_program_counter 0 [[direct]] ? ? ? ? ?) [2://]
-            whd in ⊢ (??%%)
-            cases (vsplit bool 4 4 ARG)
-            #nu' #nl'
-            normalize nodelta
-            cases (vsplit bool 1 3 nu')
-            #bit_1' #ignore'
-            normalize nodelta
-            cases (get_index_v bool 4 nu' ? ?)
-            [ normalize nodelta (* HERE *) whd in ⊢ (??%%) %
-            |
-            ]
-cases daemon (* EASY CASES TO BE COMPLETED *)
-qed.
 *)