Changeset 2124 for src/ASM

Timestamp:

Jun 27, 2012, 4:23:54 PM (9 years ago)

Author:

sacerdot

Message:

Much more shuffling around to proper places

Location:

src/ASM

Files:

• ASM.ma (modified) (4 diffs)
• Arithmetic.ma (modified) (3 diffs)
• AssemblyProof.ma (modified) (7 diffs)
• AssemblyProofSplit.ma (modified) (4 diffs)
• BitVector.ma (modified) (1 diff)
• Fetch.ma (modified) (1 diff)
• Interpret.ma (modified) (1 diff)
• StatusProofs.ma (modified) (1 diff)
• Util.ma (modified) (3 diffs)
• Vector.ma (modified) (2 diffs)

src/ASM/ASM.ma

@@ -28 +28 @@
 | ADDR11: Word11 → addressing_mode
 | ADDR16: Word → addressing_mode.
+
+definition eq_addressing_mode: addressing_mode → addressing_mode → bool ≝
+  λa, b: addressing_mode.
+  match a with
+  [ DIRECT d ⇒
+    match b with
+    [ DIRECT e ⇒ eq_bv ? d e
+    | _ ⇒ false
+    ]
+  | INDIRECT b' ⇒
+    match b with
+    [ INDIRECT e ⇒ eq_b b' e
+    | _ ⇒ false
+    ]
+  | EXT_INDIRECT b' ⇒
+    match b with
+    [ EXT_INDIRECT e ⇒ eq_b b' e
+    | _ ⇒ false
+    ]
+  | REGISTER bv ⇒
+    match b with
+    [ REGISTER bv' ⇒ eq_bv ? bv bv'
+    | _ ⇒ false
+    ]
+  | ACC_A ⇒ match b with [ ACC_A ⇒ true | _ ⇒ false ]
+  | ACC_B ⇒ match b with [ ACC_B ⇒ true | _ ⇒ false ]
+  | DPTR ⇒ match b with [ DPTR ⇒ true | _ ⇒ false ]
+  | DATA b' ⇒
+    match b with
+    [ DATA e ⇒ eq_bv ? b' e
+    | _ ⇒ false
+    ]
+  | DATA16 w ⇒ 
+    match b with
+    [ DATA16 e ⇒ eq_bv ? w e
+    | _ ⇒ false
+    ]
+  | ACC_DPTR ⇒ match b with [ ACC_DPTR ⇒ true | _ ⇒ false ]
+  | ACC_PC ⇒ match b with [ ACC_PC ⇒ true | _ ⇒ false ]
+  | EXT_INDIRECT_DPTR ⇒ match b with [ EXT_INDIRECT_DPTR ⇒ true | _ ⇒ false ]
+  | INDIRECT_DPTR ⇒ match b with [ INDIRECT_DPTR ⇒ true | _ ⇒ false ]
+  | CARRY ⇒ match b with [ CARRY ⇒ true | _ ⇒ false ]
+  | BIT_ADDR b' ⇒
+    match b with
+    [ BIT_ADDR e ⇒ eq_bv ? b' e
+    | _ ⇒ false
+    ]
+  | N_BIT_ADDR b' ⇒ 
+    match b with
+    [ N_BIT_ADDR e ⇒ eq_bv ? b' e
+    | _ ⇒ false
+    ]
+  | RELATIVE n ⇒
+    match b with
+    [ RELATIVE e ⇒ eq_bv ? n e
+    | _ ⇒ false
+    ]
+  | ADDR11 w ⇒
+    match b with
+    [ ADDR11 e ⇒ eq_bv ? w e
+    | _ ⇒ false
+    ]
+  | ADDR16 w ⇒
+    match b with
+    [ ADDR16 e ⇒ eq_bv ? w e
+    | _ ⇒ false
+    ]
+  ].
+
+lemma eq_addressing_mode_refl:
+  ∀a. eq_addressing_mode a a = true.
+  #a
+  cases a try #arg1 try #arg2
+  try @eq_bv_refl try @eq_b_refl
+  try normalize %
+qed.
 
 (* dpm: renamed register to registr to avoid clash with brian's types *)
@@ -161 +237 @@
   | VCons m he (tl: Vector addressing_mode_tag m) ⇒
      is_a he A ∨ is_in ? tl A ].
+
+definition is_in_cons_elim:
+ ∀len.∀hd,tl.∀m:addressing_mode
+  .is_in (S len) (hd:::tl) m →
+    (bool_to_Prop (is_a hd m)) ∨ (bool_to_Prop (is_in len tl m)).
+ #len #hd #tl #am #ISIN whd in match (is_in ???) in ISIN;
+ cases (is_a hd am) in ISIN; /2/
+qed.
 
 lemma is_a_to_mem_to_is_in:
@@ -425 +509 @@
 | NOP: preinstruction A.
 
+definition eq_preinstruction: preinstruction [[relative]] → preinstruction [[relative]] → bool ≝
+  λi, j.
+  match i with
+  [ ADD arg1 arg2 ⇒
+    match j with
+    [ ADD arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
+    | _ ⇒ false
+    ]
+  | ADDC arg1 arg2 ⇒
+    match j with
+    [ ADDC arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
+    | _ ⇒ false
+    ]
+  | SUBB arg1 arg2 ⇒
+    match j with
+    [ SUBB arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
+    | _ ⇒ false
+    ]
+  | INC arg ⇒
+    match j with
+    [ INC arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | DEC arg ⇒
+    match j with
+    [ DEC arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | MUL arg1 arg2 ⇒
+    match j with
+    [ MUL arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
+    | _ ⇒ false
+    ]
+  | DIV arg1 arg2 ⇒
+    match j with
+    [ DIV arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
+    | _ ⇒ false
+    ]
+  | DA arg ⇒
+    match j with
+    [ DA arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | JC arg ⇒
+    match j with
+    [ JC arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | JNC arg ⇒
+    match j with
+    [ JNC arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | JB arg1 arg2 ⇒
+    match j with
+    [ JB arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
+    | _ ⇒ false
+    ]
+  | JNB arg1 arg2 ⇒
+    match j with
+    [ JNB arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
+    | _ ⇒ false
+    ]
+  | JBC arg1 arg2 ⇒
+    match j with
+    [ JBC arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
+    | _ ⇒ false
+    ]
+  | JZ arg ⇒
+    match j with
+    [ JZ arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | JNZ arg ⇒
+    match j with
+    [ JNZ arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | CJNE arg1 arg2 ⇒
+    match j with
+    [ CJNE arg1' arg2' ⇒
+      let prod_eq_left ≝ eq_prod [[acc_a]] [[direct; data]] eq_addressing_mode eq_addressing_mode in
+      let prod_eq_right ≝ eq_prod [[registr; indirect]] [[data]] eq_addressing_mode eq_addressing_mode in
+      let arg1_eq ≝ eq_sum ? ? prod_eq_left prod_eq_right in
+        arg1_eq arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
+    | _ ⇒ false
+    ]
+  | DJNZ arg1 arg2 ⇒
+    match j with
+    [ DJNZ arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
+    | _ ⇒ false
+    ]
+  | CLR arg ⇒
+    match j with
+    [ CLR arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | CPL arg ⇒
+    match j with
+    [ CPL arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | RL arg ⇒
+    match j with
+    [ RL arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | RLC arg ⇒
+    match j with
+    [ RLC arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | RR arg ⇒
+    match j with
+    [ RR arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | RRC arg ⇒
+    match j with
+    [ RRC arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | SWAP arg ⇒
+    match j with
+    [ SWAP arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | SETB arg ⇒
+    match j with
+    [ SETB arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | PUSH arg ⇒
+    match j with
+    [ PUSH arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | POP arg ⇒
+    match j with
+    [ POP arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | XCH arg1 arg2 ⇒
+    match j with
+    [ XCH arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
+    | _ ⇒ false
+    ]
+  | XCHD arg1 arg2 ⇒
+    match j with
+    [ XCHD arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
+    | _ ⇒ false
+    ]
+  | RET ⇒ match j with [ RET ⇒ true | _ ⇒ false ]
+  | RETI ⇒ match j with [ RETI ⇒ true | _ ⇒ false ]
+  | NOP ⇒ match j with [ NOP ⇒ true | _ ⇒ false ]
+  | MOVX arg ⇒
+    match j with
+    [ MOVX arg' ⇒
+      let prod_eq_left ≝ eq_prod [[acc_a]] [[ext_indirect; ext_indirect_dptr]] eq_addressing_mode eq_addressing_mode in
+      let prod_eq_right ≝ eq_prod [[ext_indirect; ext_indirect_dptr]] [[acc_a]] eq_addressing_mode eq_addressing_mode in
+      let sum_eq ≝ eq_sum ? ? prod_eq_left prod_eq_right in
+        sum_eq arg arg'
+    | _ ⇒ false
+    ]
+  | XRL arg ⇒
+    match j with
+    [ XRL arg' ⇒
+      let prod_eq_left ≝ eq_prod [[acc_a]] [[ data ; registr ; direct ; indirect ]] eq_addressing_mode eq_addressing_mode in
+      let prod_eq_right ≝ eq_prod [[direct]] [[ acc_a ; data ]] eq_addressing_mode eq_addressing_mode in
+      let sum_eq ≝ eq_sum ? ? prod_eq_left prod_eq_right in
+        sum_eq arg arg'
+    | _ ⇒ false
+    ]
+  | ORL arg ⇒
+    match j with
+    [ ORL arg' ⇒
+      let prod_eq_left1 ≝ eq_prod [[acc_a]] [[ registr ; data ; direct ; indirect ]] eq_addressing_mode eq_addressing_mode in
+      let prod_eq_left2 ≝ eq_prod [[direct]] [[ acc_a; data ]] eq_addressing_mode eq_addressing_mode in
+      let prod_eq_left ≝ eq_sum ? ? prod_eq_left1 prod_eq_left2 in
+      let prod_eq_right ≝ eq_prod [[carry]] [[ bit_addr ; n_bit_addr]] eq_addressing_mode eq_addressing_mode in
+      let sum_eq ≝ eq_sum ? ? prod_eq_left prod_eq_right in
+        sum_eq arg arg'
+    | _ ⇒ false
+    ]
+  | ANL arg ⇒
+    match j with
+    [ ANL arg' ⇒
+      let prod_eq_left1 ≝ eq_prod [[acc_a]] [[ registr ; direct ; indirect ; data ]] eq_addressing_mode eq_addressing_mode in
+      let prod_eq_left2 ≝ eq_prod [[direct]] [[ acc_a; data ]] eq_addressing_mode eq_addressing_mode in
+      let prod_eq_left ≝ eq_sum ? ? prod_eq_left1 prod_eq_left2 in
+      let prod_eq_right ≝ eq_prod [[carry]] [[ bit_addr ; n_bit_addr]] eq_addressing_mode eq_addressing_mode in
+      let sum_eq ≝ eq_sum ? ? prod_eq_left prod_eq_right in
+        sum_eq arg arg'
+    | _ ⇒ false
+    ]
+  | MOV arg ⇒
+    match j with
+    [ MOV arg' ⇒
+      let prod_eq_6 ≝ eq_prod [[acc_a]] [[registr; direct; indirect; data]] eq_addressing_mode eq_addressing_mode in
+      let prod_eq_5 ≝ eq_prod [[registr; indirect]] [[acc_a; direct; data]] eq_addressing_mode eq_addressing_mode in
+      let prod_eq_4 ≝ eq_prod [[direct]] [[acc_a; registr; direct; indirect; data]] eq_addressing_mode eq_addressing_mode in
+      let prod_eq_3 ≝ eq_prod [[dptr]] [[data16]] eq_addressing_mode eq_addressing_mode in
+      let prod_eq_2 ≝ eq_prod [[carry]] [[bit_addr]] eq_addressing_mode eq_addressing_mode in
+      let prod_eq_1 ≝ eq_prod [[bit_addr]] [[carry]] eq_addressing_mode eq_addressing_mode in
+      let sum_eq_1 ≝ eq_sum ? ? prod_eq_6 prod_eq_5 in
+      let sum_eq_2 ≝ eq_sum ? ? sum_eq_1 prod_eq_4 in
+      let sum_eq_3 ≝ eq_sum ? ? sum_eq_2 prod_eq_3 in
+      let sum_eq_4 ≝ eq_sum ? ? sum_eq_3 prod_eq_2 in
+      let sum_eq_5 ≝ eq_sum ? ? sum_eq_4 prod_eq_1 in
+        sum_eq_5 arg arg'
+    | _ ⇒ false
+    ]
+  ].
+
+lemma eq_preinstruction_refl:
+  ∀i.
+    eq_preinstruction i i = true.
+  #i cases i try #arg1 try #arg2
+  try @eq_addressing_mode_refl
+  [1,2,3,4,5,6,7,8,10,16,17,18,19,20:
+    whd in ⊢ (??%?); try %
+    >eq_addressing_mode_refl
+    >eq_addressing_mode_refl %
+  |13,15:
+    whd in ⊢ (??%?);
+    cases arg1
+    [*:
+      #arg1_left normalize nodelta
+      >eq_prod_refl [*: try % #argr @eq_addressing_mode_refl]
+    ]
+  |11,12:
+    whd in ⊢ (??%?);
+    cases arg1
+    [1:
+      #arg1_left normalize nodelta 
+      >(eq_sum_refl …)
+      [1: % | 2,3: #arg @eq_prod_refl ]
+      @eq_addressing_mode_refl
+    |2:
+      #arg1_left normalize nodelta
+      @eq_prod_refl [*: @eq_addressing_mode_refl ]
+    |3:
+      #arg1_left normalize nodelta
+      >(eq_sum_refl …)
+      [1:
+        %
+      |2,3:
+        #arg @eq_prod_refl #arg @eq_addressing_mode_refl
+      ]
+    |4:
+      #arg1_left normalize nodelta
+      @eq_prod_refl [*: #arg @eq_addressing_mode_refl ]
+    ]
+  |14:
+    whd in ⊢ (??%?);
+    cases arg1
+    [1:
+      #arg1_left normalize nodelta
+      @eq_sum_refl
+      [1:
+        #arg @eq_sum_refl
+        [1:
+          #arg @eq_sum_refl
+          [1:
+            #arg @eq_sum_refl
+            [1:
+              #arg @eq_prod_refl
+              [*:
+                @eq_addressing_mode_refl
+              ]
+            |2:
+              #arg @eq_prod_refl
+              [*:
+                #arg @eq_addressing_mode_refl
+              ]
+            ]
+          |2:
+            #arg @eq_prod_refl
+            [*:
+              #arg @eq_addressing_mode_refl
+            ]
+          ]
+        |2:
+          #arg @eq_prod_refl
+          [*:
+            #arg @eq_addressing_mode_refl
+          ]
+        ]
+      |2:
+        #arg @eq_prod_refl
+        [*:
+          #arg @eq_addressing_mode_refl
+        ]
+      ]
+    |2:
+      #arg1_right normalize nodelta
+      @eq_prod_refl
+      [*:
+        #arg @eq_addressing_mode_refl
+      ]
+    ]
+  |*:
+    whd in ⊢ (??%?);
+    cases arg1
+    [*:
+      #arg1 >eq_sum_refl
+      [1,4:
+        @eq_addressing_mode_refl
+      |2,3,5,6:
+        #arg @eq_prod_refl
+        [*:
+          #arg @eq_addressing_mode_refl
+        ]
+      ]
+    ]
+  ]
+qed.
+
 inductive instruction: Type[0] ≝
   | ACALL: [[addr11]] → instruction
@@ -437 +839 @@
 coercion RealInstruction: ∀p: preinstruction [[ relative ]]. instruction ≝
   RealInstruction on _p: preinstruction ? to instruction.
+
+definition eq_instruction: instruction → instruction → bool ≝
+  λi, j.
+  match i with
+  [ ACALL arg ⇒
+    match j with
+    [ ACALL arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | LCALL arg ⇒
+    match j with
+    [ LCALL arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | AJMP arg ⇒ 
+    match j with
+    [ AJMP arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | LJMP arg ⇒
+    match j with
+    [ LJMP arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | SJMP arg ⇒ 
+    match j with
+    [ SJMP arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | JMP arg ⇒
+    match j with
+    [ JMP arg' ⇒ eq_addressing_mode arg arg'
+    | _ ⇒ false
+    ]
+  | MOVC arg1 arg2 ⇒
+    match j with
+    [ MOVC arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
+    | _ ⇒ false
+    ]
+  | RealInstruction instr ⇒
+    match j with
+    [ RealInstruction instr' ⇒ eq_preinstruction instr instr'
+    | _ ⇒ false
+    ]
+  ].
+  
+lemma eq_instruction_refl:
+  ∀i. eq_instruction i i = true.
+  #i cases i [*: #arg1 ]
+  try @eq_addressing_mode_refl
+  try @eq_preinstruction_refl
+  #arg2 whd in ⊢ (??%?);
+  >eq_addressing_mode_refl >eq_addressing_mode_refl %
+qed.
+
+lemma eq_instruction_to_eq:
+  ∀i1, i2: instruction.
+    eq_instruction i1 i2 = true → i1 ≃ i2.
+  #i1 #i2
+  cases i1 cases i2 cases daemon (* easy but tedious
+  [1,10,19,28,37,46:
+    #arg1 #arg2
+    whd in match (eq_instruction ??);
+    cases arg1 #subaddressing_mode
+    cases subaddressing_mode
+    try (#arg1' #arg2' normalize in ⊢ (% → ?); #absurd cases absurd @I)
+    try (#arg1' normalize in ⊢ (% → ?); #absurd cases absurd @I)
+    try (normalize in ⊢ (% → ?); #absurd cases absurd @I)
+    #word11 #irrelevant
+    cases arg2 #subaddressing_mode
+    cases subaddressing_mode
+    try (#arg1' #arg2' normalize in ⊢ (% → ?); #absurd cases absurd @I)
+    try (#arg1' normalize in ⊢ (% → ?); #absurd cases absurd @I)
+    try (normalize in ⊢ (% → ?); #absurd cases absurd @I)
+    #word11' #irrelevant normalize nodelta
+    #eq_bv_assm cases (eq_bv_eq … eq_bv_assm) % *)
+qed.
 
 inductive pseudo_instruction: Type[0] ≝

src/ASM/Arithmetic.ma

@@ -191 +191 @@
 
 axiom lt_nat_of_bitvector: ∀n.∀w. nat_of_bitvector n w < 2^n.
+
+axiom eq_bitvector_of_nat_to_eq:
+ ∀n,n1,n2.
+  n1 < 2^n → n2 < 2^n →
+   bitvector_of_nat n n1 = bitvector_of_nat n n2 → n1=n2.
 
 lemma nat_of_bitvector_aux_injective:
@@ -707 +712 @@
     add n (bitvector_of_nat ? p) (bitvector_of_nat ? q) = bitvector_of_nat ? (p+q).
     
+lemma add_bitvector_of_nat_Sm:
+  ∀n, m: nat.
+    add … (bitvector_of_nat … 1) (bitvector_of_nat … m) =
+      bitvector_of_nat n (S m).
+ #n #m @add_bitvector_of_nat_plus
+qed.
+
 definition sign_bit : ∀n. BitVector n → bool ≝
 λn,v. match v with [ VEmpty ⇒ false | VCons _ h _ ⇒ h ].
@@ -729 +741 @@
   ].
 
+example sub_minus_one_seven_eight:
+  ∀v: BitVector 7.
+  false ::: (\fst (sub_7_with_carry v (bitvector_of_nat ? 1) false)) =
+  \fst (sub_8_with_carry (false ::: v) (bitvector_of_nat ? 1) false).
+ cases daemon.
+qed.
+
+axiom sub16_with_carry_overflow:
+  ∀left, right, result: BitVector 16.
+  ∀flags: BitVector 3.
+  ∀upper: BitVector 9.
+  ∀lower: BitVector 7.
+    sub_16_with_carry left right false = 〈result, flags〉 →
+      vsplit bool 9 7 result = 〈upper, lower〉 →
+        get_index_v bool 3 flags 2 ? = true →
+          upper = [[true; true; true; true; true; true; true; true; true]].
+  //
+qed.
+
+axiom sub_16_to_add_16_8_0:
+ ∀v1,v2: BitVector 16. ∀v3: BitVector 7. ∀flags: BitVector 3.
+  get_index' ? 2 0 flags = false →
+  sub_16_with_carry v1 v2 false = 〈(zero 9)@@v3,flags〉 →
+   v1 = add ? v2 (sign_extension (false:::v3)).
+
+axiom sub_16_to_add_16_8_1:
+ ∀v1,v2: BitVector 16. ∀v3: BitVector 7. ∀flags: BitVector 3.
+  get_index' ? 2 0 flags = true →
+  sub_16_with_carry v1 v2 false = 〈[[true;true;true;true;true;true;true;true;true]]@@v3,flags〉 →
+   v1 = add ? v2 (sign_extension (true:::v3)).

src/ASM/AssemblyProof.ma

@@ -37 +37 @@
 qed.
 
-(*CSC: move elsewhere *)
-definition eq_addressing_mode: addressing_mode → addressing_mode → bool ≝
-  λa, b: addressing_mode.
-  match a with
-  [ DIRECT d ⇒
-    match b with
-    [ DIRECT e ⇒ eq_bv ? d e
-    | _ ⇒ false
-    ]
-  | INDIRECT b' ⇒
-    match b with
-    [ INDIRECT e ⇒ eq_b b' e
-    | _ ⇒ false
-    ]
-  | EXT_INDIRECT b' ⇒
-    match b with
-    [ EXT_INDIRECT e ⇒ eq_b b' e
-    | _ ⇒ false
-    ]
-  | REGISTER bv ⇒
-    match b with
-    [ REGISTER bv' ⇒ eq_bv ? bv bv'
-    | _ ⇒ false
-    ]
-  | ACC_A ⇒ match b with [ ACC_A ⇒ true | _ ⇒ false ]
-  | ACC_B ⇒ match b with [ ACC_B ⇒ true | _ ⇒ false ]
-  | DPTR ⇒ match b with [ DPTR ⇒ true | _ ⇒ false ]
-  | DATA b' ⇒
-    match b with
-    [ DATA e ⇒ eq_bv ? b' e
-    | _ ⇒ false
-    ]
-  | DATA16 w ⇒ 
-    match b with
-    [ DATA16 e ⇒ eq_bv ? w e
-    | _ ⇒ false
-    ]
-  | ACC_DPTR ⇒ match b with [ ACC_DPTR ⇒ true | _ ⇒ false ]
-  | ACC_PC ⇒ match b with [ ACC_PC ⇒ true | _ ⇒ false ]
-  | EXT_INDIRECT_DPTR ⇒ match b with [ EXT_INDIRECT_DPTR ⇒ true | _ ⇒ false ]
-  | INDIRECT_DPTR ⇒ match b with [ INDIRECT_DPTR ⇒ true | _ ⇒ false ]
-  | CARRY ⇒ match b with [ CARRY ⇒ true | _ ⇒ false ]
-  | BIT_ADDR b' ⇒
-    match b with
-    [ BIT_ADDR e ⇒ eq_bv ? b' e
-    | _ ⇒ false
-    ]
-  | N_BIT_ADDR b' ⇒ 
-    match b with
-    [ N_BIT_ADDR e ⇒ eq_bv ? b' e
-    | _ ⇒ false
-    ]
-  | RELATIVE n ⇒
-    match b with
-    [ RELATIVE e ⇒ eq_bv ? n e
-    | _ ⇒ false
-    ]
-  | ADDR11 w ⇒
-    match b with
-    [ ADDR11 e ⇒ eq_bv ? w e
-    | _ ⇒ false
-    ]
-  | ADDR16 w ⇒
-    match b with
-    [ ADDR16 e ⇒ eq_bv ? w e
-    | _ ⇒ false
-    ]
-  ].
-
-(*CSC: move elsewhere *)
-lemma eq_addressing_mode_refl:
-  ∀a. eq_addressing_mode a a = true.
-  #a
-  cases a try #arg1 try #arg2
-  try @eq_bv_refl try @eq_b_refl
-  try normalize %
-qed.
-  
-(*CSC: move elsewhere *)
-definition eq_sum:
-    ∀A, B. (A → A → bool) → (B → B → bool) → (A ⊎ B) → (A ⊎ B) → bool ≝
-  λlt, rt, leq, req, left, right.
-    match left with
-    [ inl l ⇒
-      match right with
-      [ inl l' ⇒ leq l l'
-      | _ ⇒ false
-      ]
-    | inr r ⇒
-      match right with
-      [ inr r' ⇒ req r r'
-      | _ ⇒ false
-      ]
-    ].
-
-(*CSC: move elsewhere *)
-definition eq_prod: ∀A, B. (A → A → bool) → (B → B → bool) → (A × B) → (A × B) → bool ≝
-  λlt, rt, leq, req, left, right.
-    let 〈l, r〉 ≝ left in
-    let 〈l', r'〉 ≝ right in
-      leq l l' ∧ req r r'.
-
-(*CSC: move elsewhere *)
-definition eq_preinstruction: preinstruction [[relative]] → preinstruction [[relative]] → bool ≝
-  λi, j.
-  match i with
-  [ ADD arg1 arg2 ⇒
-    match j with
-    [ ADD arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
-    | _ ⇒ false
-    ]
-  | ADDC arg1 arg2 ⇒
-    match j with
-    [ ADDC arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
-    | _ ⇒ false
-    ]
-  | SUBB arg1 arg2 ⇒
-    match j with
-    [ SUBB arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
-    | _ ⇒ false
-    ]
-  | INC arg ⇒
-    match j with
-    [ INC arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | DEC arg ⇒
-    match j with
-    [ DEC arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | MUL arg1 arg2 ⇒
-    match j with
-    [ MUL arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
-    | _ ⇒ false
-    ]
-  | DIV arg1 arg2 ⇒
-    match j with
-    [ DIV arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
-    | _ ⇒ false
-    ]
-  | DA arg ⇒
-    match j with
-    [ DA arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | JC arg ⇒
-    match j with
-    [ JC arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | JNC arg ⇒
-    match j with
-    [ JNC arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | JB arg1 arg2 ⇒
-    match j with
-    [ JB arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
-    | _ ⇒ false
-    ]
-  | JNB arg1 arg2 ⇒
-    match j with
-    [ JNB arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
-    | _ ⇒ false
-    ]
-  | JBC arg1 arg2 ⇒
-    match j with
-    [ JBC arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
-    | _ ⇒ false
-    ]
-  | JZ arg ⇒
-    match j with
-    [ JZ arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | JNZ arg ⇒
-    match j with
-    [ JNZ arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | CJNE arg1 arg2 ⇒
-    match j with
-    [ CJNE arg1' arg2' ⇒
-      let prod_eq_left ≝ eq_prod [[acc_a]] [[direct; data]] eq_addressing_mode eq_addressing_mode in
-      let prod_eq_right ≝ eq_prod [[registr; indirect]] [[data]] eq_addressing_mode eq_addressing_mode in
-      let arg1_eq ≝ eq_sum ? ? prod_eq_left prod_eq_right in
-        arg1_eq arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
-    | _ ⇒ false
-    ]
-  | DJNZ arg1 arg2 ⇒
-    match j with
-    [ DJNZ arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
-    | _ ⇒ false
-    ]
-  | CLR arg ⇒
-    match j with
-    [ CLR arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | CPL arg ⇒
-    match j with
-    [ CPL arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | RL arg ⇒
-    match j with
-    [ RL arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | RLC arg ⇒
-    match j with
-    [ RLC arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | RR arg ⇒
-    match j with
-    [ RR arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | RRC arg ⇒
-    match j with
-    [ RRC arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | SWAP arg ⇒
-    match j with
-    [ SWAP arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | SETB arg ⇒
-    match j with
-    [ SETB arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | PUSH arg ⇒
-    match j with
-    [ PUSH arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | POP arg ⇒
-    match j with
-    [ POP arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | XCH arg1 arg2 ⇒
-    match j with
-    [ XCH arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
-    | _ ⇒ false
-    ]
-  | XCHD arg1 arg2 ⇒
-    match j with
-    [ XCHD arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
-    | _ ⇒ false
-    ]
-  | RET ⇒ match j with [ RET ⇒ true | _ ⇒ false ]
-  | RETI ⇒ match j with [ RETI ⇒ true | _ ⇒ false ]
-  | NOP ⇒ match j with [ NOP ⇒ true | _ ⇒ false ]
-  | MOVX arg ⇒
-    match j with
-    [ MOVX arg' ⇒
-      let prod_eq_left ≝ eq_prod [[acc_a]] [[ext_indirect; ext_indirect_dptr]] eq_addressing_mode eq_addressing_mode in
-      let prod_eq_right ≝ eq_prod [[ext_indirect; ext_indirect_dptr]] [[acc_a]] eq_addressing_mode eq_addressing_mode in
-      let sum_eq ≝ eq_sum ? ? prod_eq_left prod_eq_right in
-        sum_eq arg arg'
-    | _ ⇒ false
-    ]
-  | XRL arg ⇒
-    match j with
-    [ XRL arg' ⇒
-      let prod_eq_left ≝ eq_prod [[acc_a]] [[ data ; registr ; direct ; indirect ]] eq_addressing_mode eq_addressing_mode in
-      let prod_eq_right ≝ eq_prod [[direct]] [[ acc_a ; data ]] eq_addressing_mode eq_addressing_mode in
-      let sum_eq ≝ eq_sum ? ? prod_eq_left prod_eq_right in
-        sum_eq arg arg'
-    | _ ⇒ false
-    ]
-  | ORL arg ⇒
-    match j with
-    [ ORL arg' ⇒
-      let prod_eq_left1 ≝ eq_prod [[acc_a]] [[ registr ; data ; direct ; indirect ]] eq_addressing_mode eq_addressing_mode in
-      let prod_eq_left2 ≝ eq_prod [[direct]] [[ acc_a; data ]] eq_addressing_mode eq_addressing_mode in
-      let prod_eq_left ≝ eq_sum ? ? prod_eq_left1 prod_eq_left2 in
-      let prod_eq_right ≝ eq_prod [[carry]] [[ bit_addr ; n_bit_addr]] eq_addressing_mode eq_addressing_mode in
-      let sum_eq ≝ eq_sum ? ? prod_eq_left prod_eq_right in
-        sum_eq arg arg'
-    | _ ⇒ false
-    ]
-  | ANL arg ⇒
-    match j with
-    [ ANL arg' ⇒
-      let prod_eq_left1 ≝ eq_prod [[acc_a]] [[ registr ; direct ; indirect ; data ]] eq_addressing_mode eq_addressing_mode in
-      let prod_eq_left2 ≝ eq_prod [[direct]] [[ acc_a; data ]] eq_addressing_mode eq_addressing_mode in
-      let prod_eq_left ≝ eq_sum ? ? prod_eq_left1 prod_eq_left2 in
-      let prod_eq_right ≝ eq_prod [[carry]] [[ bit_addr ; n_bit_addr]] eq_addressing_mode eq_addressing_mode in
-      let sum_eq ≝ eq_sum ? ? prod_eq_left prod_eq_right in
-        sum_eq arg arg'
-    | _ ⇒ false
-    ]
-  | MOV arg ⇒
-    match j with
-    [ MOV arg' ⇒
-      let prod_eq_6 ≝ eq_prod [[acc_a]] [[registr; direct; indirect; data]] eq_addressing_mode eq_addressing_mode in
-      let prod_eq_5 ≝ eq_prod [[registr; indirect]] [[acc_a; direct; data]] eq_addressing_mode eq_addressing_mode in
-      let prod_eq_4 ≝ eq_prod [[direct]] [[acc_a; registr; direct; indirect; data]] eq_addressing_mode eq_addressing_mode in
-      let prod_eq_3 ≝ eq_prod [[dptr]] [[data16]] eq_addressing_mode eq_addressing_mode in
-      let prod_eq_2 ≝ eq_prod [[carry]] [[bit_addr]] eq_addressing_mode eq_addressing_mode in
-      let prod_eq_1 ≝ eq_prod [[bit_addr]] [[carry]] eq_addressing_mode eq_addressing_mode in
-      let sum_eq_1 ≝ eq_sum ? ? prod_eq_6 prod_eq_5 in
-      let sum_eq_2 ≝ eq_sum ? ? sum_eq_1 prod_eq_4 in
-      let sum_eq_3 ≝ eq_sum ? ? sum_eq_2 prod_eq_3 in
-      let sum_eq_4 ≝ eq_sum ? ? sum_eq_3 prod_eq_2 in
-      let sum_eq_5 ≝ eq_sum ? ? sum_eq_4 prod_eq_1 in
-        sum_eq_5 arg arg'
-    | _ ⇒ false
-    ]
-  ].
-
-(*CSC: move elsewhere *)
-lemma eq_sum_refl:
-  ∀A, B: Type[0].
-  ∀leq, req.
-  ∀s.
-  ∀leq_refl: (∀t. leq t t = true).
-  ∀req_refl: (∀u. req u u = true).
-    eq_sum A B leq req s s = true.
-  #A #B #leq #req #s #leq_refl #req_refl
-  cases s assumption
-qed.
-
-(*CSC: move elsewhere *)
-lemma eq_prod_refl:
-  ∀A, B: Type[0].
-  ∀leq, req.
-  ∀s.
-  ∀leq_refl: (∀t. leq t t = true).
-  ∀req_refl: (∀u. req u u = true).
-    eq_prod A B leq req s s = true.
-  #A #B #leq #req #s #leq_refl #req_refl
-  cases s
-  whd in ⊢ (? → ? → ??%?);
-  #l #r
-  >leq_refl @req_refl
-qed.
-
-(*CSC: move elsewhere *)
-lemma eq_preinstruction_refl:
-  ∀i.
-    eq_preinstruction i i = true.
-  #i cases i try #arg1 try #arg2
-  try @eq_addressing_mode_refl
-  [1,2,3,4,5,6,7,8,10,16,17,18,19,20:
-    whd in ⊢ (??%?); try %
-    >eq_addressing_mode_refl
-    >eq_addressing_mode_refl %
-  |13,15:
-    whd in ⊢ (??%?);
-    cases arg1
-    [*:
-      #arg1_left normalize nodelta
-      >eq_prod_refl [*: try % #argr @eq_addressing_mode_refl]
-    ]
-  |11,12:
-    whd in ⊢ (??%?);
-    cases arg1
-    [1:
-      #arg1_left normalize nodelta 
-      >(eq_sum_refl …)
-      [1: % | 2,3: #arg @eq_prod_refl ]
-      @eq_addressing_mode_refl
-    |2:
-      #arg1_left normalize nodelta
-      @eq_prod_refl [*: @eq_addressing_mode_refl ]
-    |3:
-      #arg1_left normalize nodelta
-      >(eq_sum_refl …)
-      [1:
-        %
-      |2,3:
-        #arg @eq_prod_refl #arg @eq_addressing_mode_refl
-      ]
-    |4:
-      #arg1_left normalize nodelta
-      @eq_prod_refl [*: #arg @eq_addressing_mode_refl ]
-    ]
-  |14:
-    whd in ⊢ (??%?);
-    cases arg1
-    [1:
-      #arg1_left normalize nodelta
-      @eq_sum_refl
-      [1:
-        #arg @eq_sum_refl
-        [1:
-          #arg @eq_sum_refl
-          [1:
-            #arg @eq_sum_refl
-            [1:
-              #arg @eq_prod_refl
-              [*:
-                @eq_addressing_mode_refl
-              ]
-            |2:
-              #arg @eq_prod_refl
-              [*:
-                #arg @eq_addressing_mode_refl
-              ]
-            ]
-          |2:
-            #arg @eq_prod_refl
-            [*:
-              #arg @eq_addressing_mode_refl
-            ]
-          ]
-        |2:
-          #arg @eq_prod_refl
-          [*:
-            #arg @eq_addressing_mode_refl
-          ]
-        ]
-      |2:
-        #arg @eq_prod_refl
-        [*:
-          #arg @eq_addressing_mode_refl
-        ]
-      ]
-    |2:
-      #arg1_right normalize nodelta
-      @eq_prod_refl
-      [*:
-        #arg @eq_addressing_mode_refl
-      ]
-    ]
-  |*:
-    whd in ⊢ (??%?);
-    cases arg1
-    [*:
-      #arg1 >eq_sum_refl
-      [1,4:
-        @eq_addressing_mode_refl
-      |2,3,5,6:
-        #arg @eq_prod_refl
-        [*:
-          #arg @eq_addressing_mode_refl
-        ]
-      ]
-    ]
-  ]
-qed.
-
-(*CSC: move elsewhere *)
-definition eq_instruction: instruction → instruction → bool ≝
-  λi, j.
-  match i with
-  [ ACALL arg ⇒
-    match j with
-    [ ACALL arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | LCALL arg ⇒
-    match j with
-    [ LCALL arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | AJMP arg ⇒ 
-    match j with
-    [ AJMP arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | LJMP arg ⇒
-    match j with
-    [ LJMP arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | SJMP arg ⇒ 
-    match j with
-    [ SJMP arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | JMP arg ⇒
-    match j with
-    [ JMP arg' ⇒ eq_addressing_mode arg arg'
-    | _ ⇒ false
-    ]
-  | MOVC arg1 arg2 ⇒
-    match j with
-    [ MOVC arg1' arg2' ⇒ eq_addressing_mode arg1 arg1' ∧ eq_addressing_mode arg2 arg2'
-    | _ ⇒ false
-    ]
-  | RealInstruction instr ⇒
-    match j with
-    [ RealInstruction instr' ⇒ eq_preinstruction instr instr'
-    | _ ⇒ false
-    ]
-  ].
-  
-(*CSC: move elsewhere *)
-lemma eq_instruction_refl:
-  ∀i. eq_instruction i i = true.
-  #i cases i [*: #arg1 ]
-  try @eq_addressing_mode_refl
-  try @eq_preinstruction_refl
-  #arg2 whd in ⊢ (??%?);
-  >eq_addressing_mode_refl >eq_addressing_mode_refl %
-qed.
-
-(*CSC: in is_a_to_mem_to_is_in use vect_member in place of mem … *)
-definition vect_member ≝
- λA,n,eq,v,a. mem A eq (S n) v a.
-
-(*CSC: move elsewhere*)
-definition is_in_cons_elim:
- ∀len.∀hd,tl.∀m:addressing_mode
-  .is_in (S len) (hd:::tl) m →
-    (bool_to_Prop (is_a hd m)) ∨ (bool_to_Prop (is_in len tl m)).
- #len #hd #tl #am #ISIN whd in match (is_in ???) in ISIN;
- cases (is_a hd am) in ISIN; /2/
-qed.
-
-(*CSC: move elsewhere*)
-lemma prod_eq_left:
-  ∀A: Type[0].
-  ∀p, q, r: A.
-    p = q → 〈p, r〉 = 〈q, r〉.
-  #A #p #q #r #hyp
-  destruct %
-qed.
-
-(*CSC: move elsewhere*)
-lemma prod_eq_right:
-  ∀A: Type[0].
-  ∀p, q, r: A.
-    p = q → 〈r, p〉 = 〈r, q〉.
-  #A #p #q #r #hyp
-  destruct %
-qed.
-
 let rec encoding_check
   (code_memory: BitVectorTrie Byte 16) (pc: Word) (final_pc: Word)
@@ -583 +47 @@
       hd = byte ∧ encoding_check code_memory new_pc final_pc tl
   ].
-
-(*CSC: move elsewhere *)
-lemma add_bitvector_of_nat_Sm:
-  ∀n, m: nat.
-    add … (bitvector_of_nat … 1) (bitvector_of_nat … m) =
-      bitvector_of_nat n (S m).
- #n #m @add_bitvector_of_nat_plus
-qed.
 
 lemma encoding_check_append:
@@ -622 +78 @@
     ]
   ]
-qed.
-
-(*CSC: move elsewhere*)
-lemma destruct_bug_fix_1:
-  ∀n: nat.
-    S n = 0 → False.
-  #n #absurd destruct(absurd)
-qed.
-
-(*CSC: move elsewhere*)
-lemma destruct_bug_fix_2:
-  ∀m, n: nat.
-    S m = S n → m = n.
-  #m #n #refl destruct %
-qed.
-
-(*CSC: move elsewhere*)
-definition bitvector_3_cases:
-  ∀b: BitVector 3.
-    ∃l, c, r: bool.
-      b ≃ [[l; c; r]].
-  #b
-  @(Vector_inv_ind bool 3 b (λn: nat. λv: Vector bool n. ∃l:bool.∃c:bool.∃r:bool. v ≃ [[l; c; r]]))
-  [1:
-    #absurd @⊥ -b @(destruct_bug_fix_1 2)
-    >absurd %
-  |2:
-    #n #hd #tl #_ #size_refl #hd_tl_refl %{hd}
-    cut (n = 2)
-    [1:
-      @destruct_bug_fix_2
-      >size_refl %
-    |2:
-      #n_refl >n_refl in tl; #V
-      @(Vector_inv_ind bool 2 V (λn: nat. λv: Vector bool n. ∃c:bool. ∃r:bool. hd:::v ≃ [[hd; c; r]]))
-      [1:
-        #absurd @⊥ -V @(destruct_bug_fix_1 1)
-        >absurd %
-      |2:
-        #n' #hd' #tl' #_ #size_refl' #hd_tl_refl' %{hd'}
-        cut (n' = 1)
-        [1:
-          @destruct_bug_fix_2 >size_refl' %
-        |2:
-          #n_refl' >n_refl' in tl'; #V'
-          @(Vector_inv_ind bool 1 V' (λn: nat. λv: Vector bool n. ∃r: bool. hd:::hd':::v ≃ [[hd; hd'; r]]))
-          [1:
-            #absurd @⊥ -V' @(destruct_bug_fix_1 0)
-            >absurd %
-          |2:
-            #n'' #hd'' #tl'' #_ #size_refl'' #hd_tl_refl'' %{hd''}
-            cut (n'' = 0)
-            [1:
-              @destruct_bug_fix_2 >size_refl'' %
-            |2:
-              #n_refl'' >n_refl'' in tl''; #tl'''
-              >(Vector_O … tl''') %
-            ]
-          ]
-        ]
-      ]
-    ]
-  ]
-qed.
-
-(*CSC: move elsewhere*)
-lemma bitvector_3_elim_prop:
-  ∀P: BitVector 3 → Prop.
-    P [[false;false;false]] → P [[false;false;true]] → P [[false;true;false]] →
-    P [[false;true;true]] → P [[true;false;false]] → P [[true;false;true]] →
-    P [[true;true;false]] → P [[true;true;true]] → ∀v. P v.
-  #P #H1 #H2 #H3 #H4 #H5 #H6 #H7 #H8 #H9
-  cases (bitvector_3_cases … H9) #l #assm cases assm
-  -assm #c #assm cases assm
-  -assm #r #assm cases assm destruct
-  cases l cases c cases r assumption
 qed.
 
@@ -750 +130 @@
         fetch_many code_memory final_pc pc' tl)
   ].
-
-(*CSC: move elsewhere*)
-lemma option_destruct_Some:
-  ∀A: Type[0].
-  ∀a, b: A.
-    Some A a = Some A b → a = b.
-  #A #a #b #EQ
-  destruct %
-qed.
-
-(*CSC: move elsewhere*)
-lemma eq_instruction_to_eq:
-  ∀i1, i2: instruction.
-    eq_instruction i1 i2 = true → i1 ≃ i2.
-  #i1 #i2
-  cases i1 cases i2 cases daemon (* easy but tedious
-  [1,10,19,28,37,46:
-    #arg1 #arg2
-    whd in match (eq_instruction ??);
-    cases arg1 #subaddressing_mode
-    cases subaddressing_mode
-    try (#arg1' #arg2' normalize in ⊢ (% → ?); #absurd cases absurd @I)
-    try (#arg1' normalize in ⊢ (% → ?); #absurd cases absurd @I)
-    try (normalize in ⊢ (% → ?); #absurd cases absurd @I)
-    #word11 #irrelevant
-    cases arg2 #subaddressing_mode
-    cases subaddressing_mode
-    try (#arg1' #arg2' normalize in ⊢ (% → ?); #absurd cases absurd @I)
-    try (#arg1' normalize in ⊢ (% → ?); #absurd cases absurd @I)
-    try (normalize in ⊢ (% → ?); #absurd cases absurd @I)
-    #word11' #irrelevant normalize nodelta
-    #eq_bv_assm cases (eq_bv_eq … eq_bv_assm) % *)
-qed.
           
 lemma fetch_assembly_pseudo':
@@ -1429 +776 @@
      ticks_of0 program sigma policy ppc fetched.
 
-(*CSC: move elsewhere*)
-lemma eq_rect_Type1_r:
-  ∀A: Type[1].
-  ∀a: A.
-  ∀P: ∀x:A. eq ? x a → Type[1]. P a (refl A a) → ∀x: A.∀p:eq ? x a. P x p.
-  #A #a #P #H #x #p
-  generalize in match H;
-  generalize in match P;
-  cases p //
-qed.
-
 (*
 lemma blah:
@@ -1569 +905 @@
 *)
 
-(*CSC: move elsewhere*)
-lemma Some_Some_elim:
- ∀T:Type[0].∀x,y:T.∀P:Type[2]. (x=y → P) → Some T x = Some T y → P.
- #T #x #y #P #H #K @H @option_destruct_Some // 
-qed.
-
-(*CSC: move elsewhere*)
-lemma pair_destruct_right:
-  ∀A: Type[0].
-  ∀B: Type[0].
-  ∀a, c: A.
-  ∀b, d: B.
-    〈a, b〉 = 〈c, d〉 → b = d.
-  #A #B #a #b #c #d //
-qed.
-    
 (*CSC: ???*)
 (* XXX: we need a precondition here stating that the PPC is within the
@@ -1633 +953 @@
   @pair_elim #lbl #instr #nth_refl normalize nodelta
   #G cases (pair_destruct_right ?????? G) %
-qed.
-
-(*CSC: move elsewhere*)
-lemma pose: ∀A:Type[0].∀B:A → Type[0].∀a:A. (∀a':A. a'=a → B a') → B a.
-  /2/
 qed.
 

src/ASM/AssemblyProofSplit.ma

@@ -170 +170 @@
 qed.
 
-(*CSC: move elsewhere*)
-lemma pair_replace:
- ∀A,B,T:Type[0].∀P:T → Prop. ∀t. ∀a,b.∀c,c': A × B. c'=c → c ≃ 〈a,b〉 →
-  P (t a b) → P (let 〈a',b'〉 ≝ c' in t a' b').
- #A #B #T #P #t #a #b * #x #y * #x' #y' #H1 #H2 destruct //
-qed.
-
 lemma get_arg_8_set_program_counter:
   ∀M: Type[0].
@@ -327 +320 @@
 qed.
 
-(*CSC: move elsewhere*)
-lemma None_Some_elim: ∀P:Prop. ∀A,a. None A = Some A a → P.
- #P #A #a #abs destruct
-qed.
-
 (*
 lemma pi1_let_commute:
@@ -360 +348 @@
 include alias "basics/logic.ma".
 include alias "ASM/BitVectorTrie.ma".
-
-(*CSC: move elsewhere*)
-lemma jmpair_as_replace:
- ∀A,B,T:Type[0].∀P:T → Prop. ∀a:A. ∀b:B.∀c,c': A × B. ∀t: ∀a,b. c' ≃ 〈a, b〉 → T. ∀EQc: c'= c.
-  ∀EQ:c ≃ 〈a,b〉. 
-  P (t a b ?) → P ((let 〈a',b'〉 (*as H*) ≝ c' in λH. t a' b' H) (refl_jmeq ? c')).
-  [2:
-    >EQc @EQ 
-  |1:
-    #A #B #T #P #a #b
-    #c #c' #t #EQc >EQc in t; -c' normalize #f #EQ
-    letin eta ≝ (? : ∀ab:A × B.∀P:A × B → Type[0]. P ab → P 〈\fst ab,\snd ab〉) [2: * // ]
-    change with (eta 〈a,b〉 (λab.c ≃ ab) EQ) in match EQ;
-    @(jmeq_elim ?? (λab.λH.P (f (\fst ab) (\snd ab) ?) → ?) ?? EQ) normalize -eta
-    -EQ cases c in f; normalize //
-  ]
-qed.
-
-(*CSC: move elsewhere*)
-lemma if_then_else_replace:
-  ∀T: Type[0].
-  ∀P: T → Prop.
-  ∀t1, t2: T.
-  ∀c, c', c'': bool.
-    c' = c → c ≃ c'' → P (if c'' then t1 else t2) → P (if c' then t1 else t2).
-  #T #P #t1 #t2 #c #c' #c'' #c_refl #c_refl' destruct #assm
-  assumption
-qed.
 
 lemma fetch_many_singleton:
@@ -398 +358 @@
   #fetch_many_assm whd in fetch_many_assm;
   cases (eq_bv_eq … fetch_many_assm) assumption
-qed.
-
-(*CSC: move elsewhere*)
-lemma refl_to_jmrefl:
-  ∀a: Type[0].
-  ∀l, r: a.
-    l = r → l ≃ r.
-  #a #l #r #refl destruct %
 qed.
 

src/ASM/BitVector.ma

@@ -236 +236 @@
     String.
 
-example sub_minus_one_seven_eight:
-  ∀v: BitVector 7.
-  false ::: (\fst (sub_7_with_carry v (bitvector_of_nat ? 1) false)) =
-  \fst (sub_8_with_carry (false ::: v) (bitvector_of_nat ? 1) false).
- cases daemon.
-qed.
-
-axiom sub16_with_carry_overflow:
-  ∀left, right, result: BitVector 16.
-  ∀flags: BitVector 3.
-  ∀upper: BitVector 9.
-  ∀lower: BitVector 7.
-    sub_16_with_carry left right false = 〈result, flags〉 →
-      vsplit bool 9 7 result = 〈upper, lower〉 →
-        get_index_v bool 3 flags 2 ? = true →
-          upper = [[true; true; true; true; true; true; true; true; true]].
-  //
-qed.
-
-axiom sub_16_to_add_16_8_0:
- ∀v1,v2: BitVector 16. ∀v3: BitVector 7. ∀flags: BitVector 3.
-  get_index' ? 2 0 flags = false →
-  sub_16_with_carry v1 v2 false = 〈(zero 9)@@v3,flags〉 →
-   v1 = add ? v2 (sign_extension (false:::v3)).
-
-axiom sub_16_to_add_16_8_1:
- ∀v1,v2: BitVector 16. ∀v3: BitVector 7. ∀flags: BitVector 3.
-  get_index' ? 2 0 flags = true →
-  sub_16_with_carry v1 v2 false = 〈[[true;true;true;true;true;true;true;true;true]]@@v3,flags〉 →
-   v1 = add ? v2 (sign_extension (true:::v3)).
+definition bitvector_3_cases:
+  ∀b: BitVector 3.
+    ∃l, c, r: bool.
+      b ≃ [[l; c; r]].
+  #b
+  @(Vector_inv_ind bool 3 b (λn: nat. λv: Vector bool n. ∃l:bool.∃c:bool.∃r:bool. v ≃ [[l; c; r]]))
+  [1:
+    #absurd @⊥ -b @(destruct_bug_fix_1 2)
+    >absurd %
+  |2:
+    #n #hd #tl #_ #size_refl #hd_tl_refl %{hd}
+    cut (n = 2)
+    [1:
+      @destruct_bug_fix_2
+      >size_refl %
+    |2:
+      #n_refl >n_refl in tl; #V
+      @(Vector_inv_ind bool 2 V (λn: nat. λv: Vector bool n. ∃c:bool. ∃r:bool. hd:::v ≃ [[hd; c; r]]))
+      [1:
+        #absurd @⊥ -V @(destruct_bug_fix_1 1)
+        >absurd %
+      |2:
+        #n' #hd' #tl' #_ #size_refl' #hd_tl_refl' %{hd'}
+        cut (n' = 1)
+        [1:
+          @destruct_bug_fix_2 >size_refl' %
+        |2:
+          #n_refl' >n_refl' in tl'; #V'
+          @(Vector_inv_ind bool 1 V' (λn: nat. λv: Vector bool n. ∃r: bool. hd:::hd':::v ≃ [[hd; hd'; r]]))
+          [1:
+            #absurd @⊥ -V' @(destruct_bug_fix_1 0)
+            >absurd %
+          |2:
+            #n'' #hd'' #tl'' #_ #size_refl'' #hd_tl_refl'' %{hd''}
+            cut (n'' = 0)
+            [1:
+              @destruct_bug_fix_2 >size_refl'' %
+            |2:
+              #n_refl'' >n_refl'' in tl''; #tl'''
+              >(Vector_O … tl''') %
+            ]
+          ]
+        ]
+      ]
+    ]
+  ]
+qed.
+
+lemma bitvector_3_elim_prop:
+  ∀P: BitVector 3 → Prop.
+    P [[false;false;false]] → P [[false;false;true]] → P [[false;true;false]] →
+    P [[false;true;true]] → P [[true;false;false]] → P [[true;false;true]] →
+    P [[true;true;false]] → P [[true;true;true]] → ∀v. P v.
+  #P #H1 #H2 #H3 #H4 #H5 #H6 #H7 #H8 #H9
+  cases (bitvector_3_cases … H9) #l #assm cases assm
+  -assm #c #assm cases assm
+  -assm #r #assm cases assm destruct
+  cases l cases c cases r assumption
+qed.

src/ASM/Fetch.ma

@@ -17 +17 @@
   λpc: Word.
     〈add … pc (bitvector_of_nat 16 1), lookup … pc pmem (zero …)〉.
-
-(*CSC: move elsewhere *)
-axiom eq_bitvector_of_nat_to_eq:
- ∀n,n1,n2.
-  n1 < 2^n → n2 < 2^n →
-   bitvector_of_nat n n1 = bitvector_of_nat n n2 → n1=n2.
-
-discriminator Prod.
 
 definition load_code_memory0:

src/ASM/Interpret.ma

@@ -957 +957 @@
 qed.
 
-discriminator Prod.
-
 definition compute_target_of_unconditional_jump:
     ∀program_counter: Word.

src/ASM/StatusProofs.ma

@@ -344 +344 @@
    program_counter m cm (set_bit_addressable_sfr m cm s addr v) = program_counter m cm s.
 
-(* XXX: to be moved elsewhere *)
 lemma program_counter_set_arg_8:
   ∀m, cm, s, addr, v.

src/ASM/Util.ma

@@ -1478 +1478 @@
 qed.
 
+(*CSC: just a synonim, get rid of it!*)
+lemma Some_eq:
+ ∀T:Type[0].∀x,y:T. Some T x = Some T y → x = y ≝ option_destruct_Some.
+
 lemma pi1_eq: ∀A:Type[0].∀P:A->Prop.∀s1:Σa1:A.P a1.∀s2:Σa2:A.P a2.
   s1 = s2 → (pi1 ?? s1) = (pi1 ?? s2).
@@ -1483 +1487 @@
 qed.
 
-lemma Some_eq:
- ∀T:Type[0].∀x,y:T. Some T x = Some T y → x = y.
- #T #x #y #H @option_destruct_Some @H
-qed.
-
 lemma not_neq_None_to_eq : ∀A.∀a : option A.¬a≠None ? → a = None ?.
 #A * [2: #a] * // #ABS elim (ABS ?) % #ABS' destruct(ABS')
@@ -1494 +1493 @@
 coercion not_neq_None : ∀A.∀a : option A.∀prf : ¬a≠None ?.a = None ? ≝
   not_neq_None_to_eq on _prf : ¬?≠None ? to ? = None ?.
+
+lemma None_Some_elim: ∀P:Prop. ∀A,a. None A = Some A a → P.
+ #P #A #a #abs destruct
+qed.
+
+discriminator Prod.
+
+lemma pair_replace:
+ ∀A,B,T:Type[0].∀P:T → Prop. ∀t. ∀a,b.∀c,c': A × B. c'=c → c ≃ 〈a,b〉 →
+  P (t a b) → P (let 〈a',b'〉 ≝ c' in t a' b').
+ #A #B #T #P #t #a #b * #x #y * #x' #y' #H1 #H2 destruct //
+qed.
+
+lemma jmpair_as_replace:
+ ∀A,B,T:Type[0].∀P:T → Prop. ∀a:A. ∀b:B.∀c,c': A × B. ∀t: ∀a,b. c' ≃ 〈a, b〉 → T. ∀EQc: c'= c.
+  ∀EQ:c ≃ 〈a,b〉. 
+  P (t a b ?) → P ((let 〈a',b'〉 (*as H*) ≝ c' in λH. t a' b' H) (refl_jmeq ? c')).
+  [2:
+    >EQc @EQ 
+  |1:
+    #A #B #T #P #a #b
+    #c #c' #t #EQc >EQc in t; -c' normalize #f #EQ
+    letin eta ≝ (? : ∀ab:A × B.∀P:A × B → Type[0]. P ab → P 〈\fst ab,\snd ab〉) [2: * // ]
+    change with (eta 〈a,b〉 (λab.c ≃ ab) EQ) in match EQ;
+    @(jmeq_elim ?? (λab.λH.P (f (\fst ab) (\snd ab) ?) → ?) ?? EQ) normalize -eta
+    -EQ cases c in f; normalize //
+  ]
+qed.
+
+lemma if_then_else_replace:
+  ∀T: Type[0].
+  ∀P: T → Prop.
+  ∀t1, t2: T.
+  ∀c, c', c'': bool.
+    c' = c → c ≃ c'' → P (if c'' then t1 else t2) → P (if c' then t1 else t2).
+  #T #P #t1 #t2 #c #c' #c'' #c_refl #c_refl' destruct #assm
+  assumption
+qed.
+
+lemma refl_to_jmrefl:
+  ∀a: Type[0].
+  ∀l, r: a.
+    l = r → l ≃ r.
+  #a #l #r #refl destruct %
+qed.
+
+lemma prod_eq_left:
+  ∀A: Type[0].
+  ∀p, q, r: A.
+    p = q → 〈p, r〉 = 〈q, r〉.
+  #A #p #q #r #hyp
+  destruct %
+qed.
+
+lemma prod_eq_right:
+  ∀A: Type[0].
+  ∀p, q, r: A.
+    p = q → 〈r, p〉 = 〈r, q〉.
+  #A #p #q #r #hyp
+  destruct %
+qed.
+
+lemma destruct_bug_fix_1:
+  ∀n: nat.
+    S n = 0 → False.
+  #n #absurd destruct(absurd)
+qed.
+
+lemma destruct_bug_fix_2:
+  ∀m, n: nat.
+    S m = S n → m = n.
+  #m #n #refl destruct %
+qed.
+
+lemma eq_rect_Type1_r:
+  ∀A: Type[1].
+  ∀a: A.
+  ∀P: ∀x:A. eq ? x a → Type[1]. P a (refl A a) → ∀x: A.∀p:eq ? x a. P x p.
+  #A #a #P #H #x #p
+  generalize in match H;
+  generalize in match P;
+  cases p //
+qed.
+
+lemma Some_Some_elim:
+ ∀T:Type[0].∀x,y:T.∀P:Type[2]. (x=y → P) → Some T x = Some T y → P.
+ #T #x #y #P #H #K @H @option_destruct_Some // 
+qed.
+
+lemma pair_destruct_right:
+  ∀A: Type[0].
+  ∀B: Type[0].
+  ∀a, c: A.
+  ∀b, d: B.
+    〈a, b〉 = 〈c, d〉 → b = d.
+  #A #B #a #b #c #d //
+qed.
+
+lemma pose: ∀A:Type[0].∀B:A → Type[0].∀a:A. (∀a':A. a'=a → B a') → B a.
+  /2/
+qed.
+
+definition eq_sum:
+    ∀A, B. (A → A → bool) → (B → B → bool) → (A ⊎ B) → (A ⊎ B) → bool ≝
+  λlt, rt, leq, req, left, right.
+    match left with
+    [ inl l ⇒
+      match right with
+      [ inl l' ⇒ leq l l'
+      | _ ⇒ false
+      ]
+    | inr r ⇒
+      match right with
+      [ inr r' ⇒ req r r'
+      | _ ⇒ false
+      ]
+    ].
+
+lemma eq_sum_refl:
+  ∀A, B: Type[0].
+  ∀leq, req.
+  ∀s.
+  ∀leq_refl: (∀t. leq t t = true).
+  ∀req_refl: (∀u. req u u = true).
+    eq_sum A B leq req s s = true.
+  #A #B #leq #req #s #leq_refl #req_refl
+  cases s assumption
+qed.
+
+definition eq_prod: ∀A, B. (A → A → bool) → (B → B → bool) → (A × B) → (A × B) → bool ≝
+  λlt, rt, leq, req, left, right.
+    let 〈l, r〉 ≝ left in
+    let 〈l', r'〉 ≝ right in
+      leq l l' ∧ req r r'.
+
+lemma eq_prod_refl:
+  ∀A, B: Type[0].
+  ∀leq, req.
+  ∀s.
+  ∀leq_refl: (∀t. leq t t = true).
+  ∀req_refl: (∀u. req u u = true).
+    eq_prod A B leq req s s = true.
+  #A #B #leq #req #s #leq_refl #req_refl
+  cases s
+  whd in ⊢ (? → ? → ??%?);
+  #l #r
+  >leq_refl @req_refl
+qed.
   
 lemma geb_to_leb: ∀a,b:ℕ.geb a b = leb b a.

src/ASM/Vector.ma

@@ -223 +223 @@
  vsplit' A m n v.
 
-lemma vsplit_ok:
-  ∀A: Type[0].
-  ∀m, n: nat.
-  ∀v: Vector A (m + n).
-  ∀upper: Vector A m.
-  ∀lower: Vector A n.
-    〈upper, lower〉 = vsplit A m n v →
-      upper @@ lower = v.
-  #A #m #n #v #upper #lower
-  cases daemon
-qed.
-
 lemma vsplit_zero:
   ∀A,m.
@@ -376 +364 @@
     
 interpretation "Vector append" 'vappend v1 v2 = (append ??? v1 v2).
+
+
+lemma vsplit_ok:
+  ∀A: Type[0].
+  ∀m, n: nat.
+  ∀v: Vector A (m + n).
+  ∀upper: Vector A m.
+  ∀lower: Vector A n.
+    〈upper, lower〉 = vsplit A m n v →
+      upper @@ lower = v.
+  #A #m #n #v #upper #lower
+  cases daemon
+qed.
 
 lemma vector_append_zero: