Context Navigation

← Previous Change
Next Change →

Changeset 2272 for src/ASM

Timestamp:

Jul 27, 2012, 5:53:25 PM (7 years ago)

Author:

mulligan

Message:

Changed proof strategy for main lemma after noticed that the current approach would not work with POP, RET, etc. Ported throughout the assembly proof and all the way up to Test.ma.

Location:

src/ASM

Files:

: 7 edited

AssemblyProof.ma (modified) (29 diffs)
AssemblyProofSplit.ma (modified) (7 diffs)
Interpret.ma (modified) (1 diff)
Status.ma (modified) (7 diffs)
StatusProofs.ma (modified) (7 diffs)
StatusProofsSplit.ma (modified) (6 diffs)
Test.ma (modified) (14 diffs)

Legend:

: Unmodified
: Added
: Removed

src/ASM/AssemblyProof.ma

-                      r2256
+                      r2272
 qed.
+inductive accumulator_address_map_entry: Type[0] ≝
+  | data: accumulator_address_map_entry
+  | address: upper_lower → Word → accumulator_address_map_entry.
+(* XXX: if upper then the byte in the entry is the least significant byte of the address and
+        the byte in the status is the most significant, otherwise if lower then the
+        other way around
+*)
+definition address_entry ≝ upper_lower × Byte.
 definition eq_accumulator_address_map_entry:
     accumulator_address_map_entry → accumulator_address_map_entry → bool ≝
   λleft: accumulator_address_map_entry.
   λright: accumulator_address_map_entry.
+    option address_entry → option address_entry → bool ≝
+  λleft.
+  λright.
     match left with
     [ data                     ⇒
+    [ None                   ⇒
       match right with
       [ data ⇒ true
+      [ None ⇒ true
       | _    ⇒ false
+      ]
+    | address upper_lower word ⇒
+    | Some upper_lower_addr ⇒
+      let 〈upper_lower, addr〉 ≝ upper_lower_addr in
       match right with
+      [ address upper_lower' word' ⇒
+          eq_upper_lower upper_lower upper_lower' ∧ eq_bv … word word'
+      [ Some upper_lower_addr' ⇒
+        let 〈upper_lower', addr'〉 ≝ upper_lower_addr' in
+          eq_upper_lower upper_lower upper_lower' ∧ eq_bv … addr addr'
       | _                          ⇒ false
+      ]
 …
 lemma eq_accumulator_address_map_entry_true_to_eq:
   ∀left: accumulator_address_map_entry.
   ∀right: accumulator_address_map_entry.
+  ∀left: option address_entry.
+  ∀right: option address_entry.
     eq_accumulator_address_map_entry left right = true → left = right.
   #left #right cases left cases right
 …
     #_ %
   |2,3:
     #upper_lower #word normalize #absurd destruct(absurd)
+    * * #word normalize #absurd destruct(absurd)
   |4:
+    #upper_lower #word #upper_lower' #word' normalize
+    cases upper_lower' normalize nodelta
+    cases upper_lower normalize
+    * * #word * * #word'
     [2,3:
       #absurd destruct(absurd)
+      #absurd normalize in absurd; destruct(absurd)
+    ]
+    change with (eq_bv 16 ?? = true → ?)
+    #relevant lapply (eq_bv_eq … relevant)
+    #word_refl >word_refl %
+    normalize change with (eq_bv 8 ?? = true → ?)
+    #relevant >(eq_bv_eq … relevant) %
+  ]
 qed.
 …
 lemma eq_accumulator_address_map_entry_false_to_neq:
   ∀left: accumulator_address_map_entry.
   ∀right: accumulator_address_map_entry.
+  ∀left: option address_entry.
+  ∀right: option address_entry.
     eq_accumulator_address_map_entry left right = false → left ≠ right.
   #left #right cases left cases right
 …
     normalize #absurd destruct(absurd)
   |2,3:
+    #upper_lower #word normalize #_
+    @nmk #absurd destruct(absurd)
+    * * #word normalize #_ % #absurd destruct(absurd)
   |4:
+    #upper_lower #word #upper_lower' #word' normalize
+    cases upper_lower' normalize nodelta
+    cases upper_lower normalize nodelta
+    * * #word * * #word' normalize
     [2,3:
       #_ @nmk #absurd destruct(absurd)
+      #_ % #absurd destruct(absurd)
+    ]
     change with (eq_bv ??? = false → ?)
     #eq_bv_false_assm lapply(eq_bv_false_to_neq … eq_bv_false_assm)
     #word_neq_assm @nmk #address_eq_assm cases word_neq_assm
+    #eq_bv_false_assm lapply (eq_bv_false_to_neq … eq_bv_false_assm)
+    #word_neq_assm % @Some_Some_elim #address_eq_assm cases word_neq_assm
     #word_eq_assm @word_eq_assm destruct(address_eq_assm) %
+  ]
 qed.
+qed.
 (* XXX: changed this type.  Bool specifies whether byte is first or second
 …
         A.
 *)
+definition internal_pseudo_address_map ≝ list (Byte × (upper_lower × Word)) × accumulator_address_map_entry.
+definition internal_pseudo_address_map ≝
+  (* low, high, acc *)
+  (BitVectorTrie address_entry 7) × (BitVectorTrie address_entry 7) × (option address_entry).
 include alias "ASM/BitVectorTrie.ma".
 …
 include "common/AssocList.ma".
+axiom low_internal_ram_of_pseudo_low_internal_ram:
+ ∀M:internal_pseudo_address_map.∀ram:BitVectorTrie Byte 7.BitVectorTrie Byte 7.
+axiom high_internal_ram_of_pseudo_high_internal_ram:
+ ∀M:internal_pseudo_address_map.∀ram:BitVectorTrie Byte 7.BitVectorTrie Byte 7.
+axiom bvt_map2:
+  ∀A, B, C: Type[0].
+  ∀n: nat.
+  ∀bvt_1: BitVectorTrie A n.
+  ∀bvt_2: BitVectorTrie B n.
+  ∀f: ∀a: option A. ∀b: option B. option C.
+    BitVectorTrie C n.
+axiom is_in_domain:
+  ∀A: Type[0].
+  ∀n: nat.
+  ∀bvt: BitVectorTrie A n.
+  ∀b: BitVector n.
+    Prop.
+axiom bvt_map2_function_extensionality:
+  ∀A, B, C: Type[0].
+  ∀n: nat.
+  ∀bvt_1: BitVectorTrie A n.
+  ∀bvt_2, bvt_2': BitVectorTrie B n.
+  ∀f: ∀a: option A. ∀b: option B. option C.
+    (∀addr.
+      is_in_domain … bvt_1 addr ∨ is_in_domain … bvt_2 addr ∨ is_in_domain … bvt_2' addr →
+        f (lookup_opt … addr bvt_1) (lookup_opt … addr bvt_2) = f (lookup_opt … addr bvt_1) (lookup_opt … addr bvt_2')) →
+          bvt_map2 … bvt_1 bvt_2 f = bvt_map2 … bvt_1 bvt_2' f.
+definition internal_ram_of_pseudo_internal_ram:
+    ∀sigma: Word → Word.
+    ∀ram: BitVectorTrie Byte 7.
+    ∀map: BitVectorTrie address_entry 7.
+      BitVectorTrie Byte 7 ≝
+  λsigma, ram, map.
+      bvt_map2 ??? ? ram map (λv. λul_addr.
+        match
+        match ul_addr with
+        [ None ⇒ v
+        | Some ul_addr' ⇒
+          let 〈ul, addr〉 ≝ ul_addr' in
+          let v ≝ match v with [ None ⇒ zero … | Some v ⇒ v ] in
+          match ul with
+          [ upper ⇒
+            let 〈high, low〉 ≝ vsplit bool 8 8 (sigma (v@@addr)) in
+              Some … high
+          | lower ⇒
+            let 〈high, low〉 ≝ vsplit bool 8 8 (sigma (addr@@v)) in
+              Some … low
+          ]
+        ] with
+        [ None ⇒ None …
+        | Some v ⇒
+          if eq_bv … v (zero …) then
+            None …
+          else
+            Some … v
+        ]).
+definition low_internal_ram_of_pseudo_low_internal_ram:
+    ∀M: internal_pseudo_address_map.
+    ∀sigma: Word → Word.
+    ∀ram: BitVectorTrie Byte 7.
+      BitVectorTrie Byte 7 ≝
+  λM, sigma, ram.
+    let 〈low, high, accA〉 ≝ M in
+      internal_ram_of_pseudo_internal_ram sigma ram low.
+definition high_internal_ram_of_pseudo_high_internal_ram:
+    ∀M: internal_pseudo_address_map.
+    ∀sigma: Word → Word.
+    ∀ram: BitVectorTrie Byte 7.
+      BitVectorTrie Byte 7 ≝
+  λM, sigma, ram.
+    let 〈low, high, accA〉 ≝ M in
+      internal_ram_of_pseudo_internal_ram sigma ram high.
+(*
 axiom low_internal_ram_of_pseudo_internal_ram_hit:
  ∀M:internal_pseudo_address_map.∀cm.∀s:PseudoStatus cm.∀sigma:Word → Word × bool.∀upper_lower: upper_lower. ∀points_to: Word. ∀addr:BitVector 7.
   assoc_list_lookup ?? (false:::addr) (eq_bv 8) (\fst M) = Some … 〈upper_lower, points_to〉  →
    let ram ≝ low_internal_ram_of_pseudo_low_internal_ram M (low_internal_ram … s) in
+ ∀M:internal_pseudo_address_map.∀cm.∀s:PseudoStatus cm.∀sigma:Word → Word.∀upper_lower: upper_lower. ∀points_to: Word. ∀addr:BitVector 7.
+  lookup_opt ?? (false:::addr) (eq_bv 8) (\fst M) = Some … 〈upper_lower, points_to〉  →
+   let ram ≝ low_internal_ram_of_pseudo_low_internal_ram M sigma (low_internal_ram … s) in
    let pbl ≝ lookup ? 7 addr (low_internal_ram … s) (zero 8) in
    let bl ≝ lookup ? 7 addr ram (zero 8) in
    let 〈lower, higher〉 ≝ vsplit ? 8 8 points_to in
    let 〈plower, phigher〉 ≝ vsplit ? 8 8 (\fst (sigma points_to)) in
+   let 〈plower, phigher〉 ≝ vsplit ? 8 8 (sigma points_to) in
      if eq_upper_lower upper_lower upper then
        (pbl = higher) ∧ (bl = phigher)
      else
        (pbl = lower) ∧ (bl = plower).
+*)
 (* changed from add to sub *)
 axiom low_internal_ram_of_pseudo_internal_ram_miss:
+ ∀T.∀M:internal_pseudo_address_map.∀cm.∀s:PreStatus T cm.∀addr:BitVector 7.
+  let ram ≝ low_internal_ram_of_pseudo_low_internal_ram M (low_internal_ram … s) in
+    assoc_list_exists ?? (false:::addr) (eq_bv 8) (\fst M) = false →
+      lookup ? 7 addr ram (zero ?) = lookup ? 7 addr (low_internal_ram … s) (zero ?).
+definition addressing_mode_ok ≝
+ ∀T.∀M:internal_pseudo_address_map.∀sigma. ∀cm.∀s:PreStatus T cm.∀addr:BitVector 7.
+  let ram ≝ low_internal_ram_of_pseudo_low_internal_ram M sigma (low_internal_ram … s) in
+    lookup_opt … addr (\fst (\fst M)) = None … →
+      lookup … addr ram (zero …) = lookup … addr (low_internal_ram … s) (zero ?).
+definition exists:
+    ∀A: Type[0].
+    ∀n: nat.
+    ∀v: BitVector n.
+    ∀bvt: BitVectorTrie A n.
+      bool ≝
+  λA, n, v, bvt.
+    match lookup_opt … v bvt with
+    [ None ⇒ false
+    | _    ⇒ true
+    ].
+definition data_or_address ≝
   λT.
   λM: internal_pseudo_address_map.
 …
   λs: PreStatus T cm.
   λaddr: addressing_mode.
+  match addr with
+  let 〈low, high, accA〉 ≝ M in
+  match addr return λx. option (option address_entry) with
     [ DIRECT d ⇒
+        if eq_bv … d (bitvector_of_nat … 224) then
+          ¬assoc_list_exists ?? d (eq_bv 8) (\fst M) ∧ eq_accumulator_address_map_entry (\snd M) data
+        else
+         ¬assoc_list_exists ?? d (eq_bv 8) (\fst M)
+       let 〈hd, seven_bits〉 ≝ vsplit bool 1 7 d in
+         match head' … hd with
+         [ true ⇒
+             if eq_bv … d (bitvector_of_nat … 224) then
+               Some … accA
+             else
+               Some … (None …)
+         | false ⇒ Some … (lookup_opt … seven_bits low)
+         ]
     | INDIRECT i ⇒
         let d ≝ get_register … s [[false;false;i]] in
         let address ≝ bit_address_of_register … s [[false;false;i]] in
+          ¬assoc_list_exists … (false:::address) (eq_bv 8) (\fst M) ∧
+            ¬assoc_list_exists ?? d (eq_bv 8) (\fst M)
+          if ¬exists … address low then
+            let 〈bit_one, seven_bits〉 ≝ vsplit bool 1 7 d in
+              if head' … 0 bit_one then
+                Some … (lookup_opt … seven_bits high)
+              else
+                Some … (lookup_opt … seven_bits low)
+          else
+            None ?
     | EXT_INDIRECT e ⇒
         let address ≝ bit_address_of_register … s [[false;false;e]] in
+          ¬assoc_list_exists … (false:::address) (eq_bv 8) (\fst M)
+          if ¬exists … address low then
+            Some … (None …)
+          else
+            None ?
     | REGISTER r ⇒
         let address ≝ bit_address_of_register … s r in
+          ¬assoc_list_exists … (false:::address) (eq_bv 8) (\fst M)
+    | ACC_A ⇒
+      match \snd M with
+      [ data ⇒ true
+      | _ ⇒ false
+      ]
+    | ACC_B ⇒ true
+    | DPTR ⇒ true
+    | DATA _ ⇒ true
+    | DATA16 _ ⇒ true
+    | ACC_DPTR ⇒ true
+    | ACC_PC ⇒ true
+    | EXT_INDIRECT_DPTR ⇒ true
+    | INDIRECT_DPTR ⇒ true
+    | CARRY ⇒ true
+          Some … (lookup_opt … address low)
+    | ACC_A ⇒ Some … accA
+    | ACC_B ⇒ Some … (None …)
+    | DPTR ⇒ Some … (None …)
+    | DATA _ ⇒ Some … (None …)
+    | DATA16 _ ⇒ Some … (None …)
+    | ACC_DPTR ⇒ Some … (None …)
+    | ACC_PC ⇒ Some … (None …)
+    | EXT_INDIRECT_DPTR ⇒ Some … (None …)
+    | INDIRECT_DPTR ⇒ Some … (None …)
+    | CARRY ⇒ Some … (None …)
     | BIT_ADDR b ⇒
       let 〈bit_one, seven_bits〉 ≝ vsplit bool 1 7 b in
+      let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
         if head' bool 0 bit_one then
+          eq_accumulator_address_map_entry (\snd M) data
+            if eq_bv … four_bits [[true; true; false; false]] then (* XXX: this is the accumulator apparently. *)
+              Some … accA
+            else
+              Some … (None …)
         else
+          let address ≝ nat_of_bitvector 7 seven_bits in
+          let address' ≝ bitvector_of_nat 7 ((address÷8)+32) in
+            ¬assoc_list_exists ?? (false:::address') (eq_bv 8) (\fst M)
+    | N_BIT_ADDR b ⇒ ¬true (* TO BE COMPLETED *)
+    | RELATIVE _ ⇒ true
+    | ADDR11 _ ⇒ true
+    | ADDR16 _ ⇒ true
+          let address' ≝ [[true; false; false]]@@four_bits in
+            Some … (lookup_opt … address' low)
+    | N_BIT_ADDR b ⇒
+      let 〈bit_one, seven_bits〉 ≝ vsplit bool 1 7 b in
+      let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+        if head' bool 0 bit_one then
+            if eq_bv … four_bits [[true; true; false; false]] then (* XXX: this is the accumulator apparently. *)
+              Some … accA
+            else
+              Some … (None …)
+        else
+          let address' ≝ [[true; false; false]]@@four_bits in
+            Some … (lookup_opt … address' low)
+    | RELATIVE _ ⇒ Some … (None …)
+    | ADDR11 _ ⇒ Some … (None …)
+    | ADDR16 _ ⇒ Some … (None …)
     ].
+definition assert_data ≝
+  λT.
+  λM: internal_pseudo_address_map.
+  λcm.
+  λs: PreStatus T cm.
+  λaddr: addressing_mode.
+    match data_or_address T M cm s addr with
+    [ None   ⇒ false
+    | Some s ⇒
+      match s with
+      [ None ⇒ true
+      | _    ⇒ false
+      ]
+    ].
+definition insert_into_internal_ram:
+  ∀addr: Byte.
+  ∀v: address_entry.
+  ∀M: internal_pseudo_address_map.
+    internal_pseudo_address_map ≝
+  λaddr, v, M.
+    let 〈low, high, accA〉 ≝ M in
+    let 〈bit_one, seven_bits〉 ≝ vsplit bool 1 7 addr in
+      if head' … bit_one then
+        〈insert … seven_bits v low, high, accA〉
+      else
+        〈low, insert … seven_bits v high, accA〉.
+axiom delete:
+  ∀A: Type[0].
+  ∀n: nat.
+  ∀b: BitVector n.
+    BitVectorTrie A n → BitVectorTrie A n.
+definition delete_from_internal_ram:
+    ∀addr: Byte.
+    ∀M: internal_pseudo_address_map.
+      internal_pseudo_address_map ≝
+  λaddr, M.
+    let 〈low, high, accA〉 ≝ M in
+    let 〈bit_one, seven_bits〉 ≝ vsplit bool 1 7 addr in
+      if head' … bit_one then
+        〈delete … seven_bits low, high, accA〉
+      else
+        〈low, delete … seven_bits high, accA〉.
+definition overwrite_or_delete_from_internal_ram:
+    ∀addr: Byte.
+    ∀v: option address_entry.
+    ∀M: internal_pseudo_address_map.
+      internal_pseudo_address_map ≝
+  λaddr, v, M.
+    let 〈low, high, accA〉 ≝ M in
+      match v with
+      [ None ⇒ delete_from_internal_ram addr M
+      | Some v' ⇒ insert_into_internal_ram addr v' M
+      ].
+definition lookup_from_internal_ram:
+    ∀addr: Byte.
+    ∀M: internal_pseudo_address_map.
+      option address_entry ≝
+  λaddr, M.
+    let 〈low, high, accA〉 ≝ M in
+    let 〈bit_one, seven_bits〉 ≝ vsplit bool 1 7 addr in
+      if head' … bit_one then
+        lookup_opt … seven_bits high
+      else
+        lookup_opt … seven_bits low.
 definition next_internal_pseudo_address_map0 ≝
 …
   λM: internal_pseudo_address_map.
   λs: PreStatus T cm.
+  let 〈low, high, accA〉 ≝ M in
    match fetched with
     [ Comment _ ⇒ Some ? M
 …
     | Call a ⇒
       let a' ≝ addr_of a s in
       let 〈callM, accM〉 ≝ M in
          Some … 〈〈(add 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 1)), 〈lower, a'〉〉::
                  〈(add 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 2)), 〈upper, a'〉〉::callM, accM〉
+      let 〈upA, lowA〉 ≝ vsplit bool 8 8 a' in
+        Some … (insert_into_internal_ram (add 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 1)) 〈lower, upA〉
+                (insert_into_internal_ram (add 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 2)) 〈upper, lowA〉 M))
     | Mov _ _ ⇒ Some … M
     | Instruction instr ⇒
       match instr return λx. option internal_pseudo_address_map with
        [ ADD addr1 addr2 ⇒
          if addressing_mode_ok T M … s addr1 ∧ addressing_mode_ok T M … s addr2 then
+         if assert_data T M … s addr1 ∧ assert_data T M … s addr2 then
            Some ? M
          else
            None ?
        | ADDC addr1 addr2 ⇒
          if addressing_mode_ok T M … s addr1 ∧ addressing_mode_ok T M … s addr2 then
+         if assert_data T M … s addr1 ∧ assert_data T M … s addr2 then
            Some ? M
          else
            None ?
        | SUBB addr1 addr2 ⇒
          if addressing_mode_ok T M … s addr1 ∧ addressing_mode_ok T M … s addr2 then
+         if assert_data T M … s addr1 ∧ assert_data T M … s addr2 then
            Some ? M
          else
            None ?
        | INC addr1 ⇒
          if addressing_mode_ok T M ? s addr1 then
+         if assert_data T M ? s addr1 then
            Some ? M
          else
            None ?
        | DEC addr1 ⇒
          if addressing_mode_ok T M … s addr1 then
+         if assert_data T M … s addr1 then
            Some ? M
          else
            None ?
        | MUL addr1 addr2 ⇒
          if addressing_mode_ok T M … s addr1 ∧ addressing_mode_ok T M … s addr2 then
+         if assert_data T M … s addr1 ∧ assert_data T M … s addr2 then
            Some ? M
          else
            None ?
        | DIV addr1 addr2 ⇒
          if addressing_mode_ok T M … s addr1 ∧ addressing_mode_ok T M … s addr2 then
+         if assert_data T M … s addr1 ∧ assert_data T M … s addr2 then
            Some ? M
          else
            None ?
        | DA addr1 ⇒
          if addressing_mode_ok T M … s addr1 then
+         if assert_data T M … s addr1 then
            Some ? M
          else
 …
          [ inl l ⇒
            let 〈left, right〉 ≝ l in
              if addressing_mode_ok T M … s left ∧ addressing_mode_ok T M … s right then
+             if assert_data T M … s left ∧ assert_data T M … s right then
                Some ? M
              else if ¬(addressing_mode_ok T M … s left) ∧ ¬(addressing_mode_ok T M … s right) then
+             else if ¬(assert_data T M … s left) ∧ ¬(assert_data T M … s right) then
                Some ? M
              else
 …
          | inr r ⇒
            let 〈left, right〉 ≝ r in
              if addressing_mode_ok T M … s left ∧ addressing_mode_ok T M … s right then
+             if assert_data T M … s left ∧ assert_data T M … s right then
                Some ? M
              else if ¬(addressing_mode_ok T M … s left) ∧ ¬(addressing_mode_ok T M … s right) then
+             else if ¬(assert_data T M … s left) ∧ ¬(assert_data T M … s right) then
                Some ? M
              else
 …
+         ]
        | DJNZ addr1 addr2 ⇒
          if addressing_mode_ok T M … s addr1 then
+         if assert_data T M … s addr1 then
            Some ? M
          else
            None ?
        | CLR addr1 ⇒
          if addressing_mode_ok T M … s addr1 then
+         if assert_data T M … s addr1 then
            Some ? M
          else
            None ?
        | CPL addr1 ⇒
          if addressing_mode_ok T M … s addr1 then
+         if assert_data T M … s addr1 then
            Some ? M
          else
            None ?
        | RL addr1 ⇒
          if addressing_mode_ok T M … s addr1 then
+         if assert_data T M … s addr1 then
            Some ? M
          else
            None ?
        | RLC addr1 ⇒
          if addressing_mode_ok T M … s addr1 then
+         if assert_data T M … s addr1 then
            Some ? M
          else
            None ?
        | RR addr1 ⇒
          if addressing_mode_ok T M … s addr1 then
+         if assert_data T M … s addr1 then
            Some ? M
          else
            None ?
        | RRC addr1 ⇒
          if addressing_mode_ok T M … s addr1 then
+         if assert_data T M … s addr1 then
            Some ? M
          else
            None ?
        | SWAP addr1 ⇒
          if addressing_mode_ok T M … s addr1 then
+         if assert_data T M … s addr1 then
            Some ? M
          else
            None ?
        | SETB addr1 ⇒
          if addressing_mode_ok T M … s addr1 then
+         if assert_data T M … s addr1 then
            Some ? M
          else
 …
        (* XXX: need to track addresses pushed and popped off the stack? *)
        | PUSH addr1 ⇒
-         let 〈callM, accM〉 ≝ M in
          match addr1 return λx. bool_to_Prop (is_in … [[direct]] x) → ? with
          [ DIRECT d ⇒ λproof.
+           let extended ≝ pad 8 8 d in
+             Some … 〈〈(add 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 1)), 〈lower, extended〉〉::callM, accM〉
+           let 〈bit_one, seven_bits〉 ≝ vsplit bool 1 7 d in
+             if head' … bit_one then
+               if eq_bv … seven_bits (bitvector_of_nat … 224) then
+                 Some … (overwrite_or_delete_from_internal_ram (add 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 1)) accA M)
+               else
+                 Some … (delete_from_internal_ram … (add 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 1)) M)
+             else
+               match lookup_from_internal_ram … d M with
+               [ None ⇒
+                   Some … (delete_from_internal_ram … (add 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 1)) M)
+               | Some ul_addr ⇒
+                   Some … (insert_into_internal_ram (add 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 1)) ul_addr M)
+               ]
          | _ ⇒ λother: False. ⊥
          ] (subaddressing_modein … addr1)
+       | POP addr1 ⇒ Some … M
+       | POP addr1 ⇒
+         let sp ≝ get_8051_sfr ?? s SFR_SP in
+         match addr1 return λx. bool_to_Prop (is_in … [[direct]] x) → ? with
+         [ DIRECT d ⇒ λproof.
+           let 〈bit_one, seven_bits〉 ≝ vsplit bool 1 7 d in
+             if head' … bit_one then
+               if eq_bv … d (bitvector_of_nat … 224) then
+                 Some … 〈low, high, lookup_from_internal_ram … sp M〉
+               else
+                 match lookup_from_internal_ram sp M with
+                 [ None ⇒ Some ? M
+                 | _    ⇒ None ?
+                 ]
+             else
+               Some … (overwrite_or_delete_from_internal_ram d (lookup_from_internal_ram … sp M) M)
+         | _ ⇒ λother: False. ⊥
+         ] (subaddressing_modein … addr1)
        | XCH addr1 addr2 ⇒
          if addressing_mode_ok T M … s addr1 ∧ addressing_mode_ok T M … s addr2 then
+         if assert_data T M … s addr1 ∧ assert_data T M … s addr2 then
            Some ? M
          else
            None ?
        | XCHD addr1 addr2 ⇒
          if addressing_mode_ok T M … s addr1 ∧ addressing_mode_ok T M … s addr2 then
+         if assert_data T M … s addr1 ∧ assert_data T M … s addr2 then
            Some ? M
          else
            None ?
       | RET ⇒
+        let 〈callM, accM〉 ≝ M in
+        let sp_plus_1 ≝ assoc_list_exists ?? (subtraction 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 1)) (eq_bv 8) callM in
+        let sp_plus_2 ≝ assoc_list_exists ?? (subtraction 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 2)) (eq_bv 8) callM in
+          if sp_plus_1 ∧ sp_plus_2 then
+            Some … M
+          else
+            None ?
+        let sp_minus_1 ≝ subtraction 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 1) in
+        let sp_minus_2 ≝ subtraction 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 2) in
+        match lookup_from_internal_ram sp_minus_1 M with
+        [ None ⇒ None …
+        | Some low_addr_high ⇒
+            match lookup_from_internal_ram sp_minus_2 M with
+            [ None ⇒ None …
+            | Some high_addr_low ⇒
+              let 〈low, addr_high〉 ≝ low_addr_high in
+              let 〈high, addr_low〉 ≝ high_addr_low in
+              let addr_low' ≝ read_from_internal_ram … s sp_minus_1 in
+              let addr_high' ≝ read_from_internal_ram … s sp_minus_2 in
+                if eq_upper_lower low lower ∧ eq_upper_lower high upper ∧ eq_bv … addr_low addr_low' ∧ eq_bv … addr_high addr_high' then
+                  Some ? M
+                else
+                  None ?
+            ]
+        ]
       | RETI ⇒
+        let 〈callM, accM〉 ≝ M in
+        let sp_plus_1 ≝ assoc_list_exists ?? (subtraction 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 1)) (eq_bv 8) callM in
+        let sp_plus_2 ≝ assoc_list_exists ?? (subtraction 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 2)) (eq_bv 8) callM in
+          if sp_plus_1 ∧ sp_plus_2 then
+            Some … M
+          else
+            None ?
+        let sp_minus_1 ≝ subtraction 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 1) in
+        let sp_minus_2 ≝ subtraction 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 2) in
+        match lookup_from_internal_ram (subtraction 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 1)) M with
+        [ None ⇒ None …
+        | Some low_addr_high ⇒
+            match lookup_from_internal_ram (subtraction 8 (get_8051_sfr ?? s SFR_SP) (bitvector_of_nat 8 2)) M with
+            [ None ⇒ None …
+            | Some high_addr_low ⇒
+              let 〈low, addr_high〉 ≝ low_addr_high in
+              let 〈high, addr_low〉 ≝ high_addr_low in
+              let addr_low' ≝ read_from_internal_ram … s sp_minus_1 in
+              let addr_high' ≝ read_from_internal_ram … s sp_minus_2 in
+                if eq_upper_lower low lower ∧ eq_upper_lower high upper ∧ eq_bv … addr_low addr_low' ∧ eq_bv … addr_high addr_high' then
+                  Some ? M
+                else
+                  None ?
+            ]
+        ]
       | NOP ⇒ Some … M
       | MOVX addr1 ⇒
         match addr1 with
         [ inl l ⇒
+          let 〈acc_a, others〉 ≝ l in
+          let acc_a_ok ≝ addressing_mode_ok T M … s acc_a in
+          let others_ok ≝ addressing_mode_ok T M … s others in
+            if acc_a_ok ∧ others_ok then
+              Some ? M
+            else
+              None ?
+            Some ? 〈low, high, None …〉
         | inr r ⇒
           let 〈others, acc_a〉 ≝ r in
+          let acc_a_ok ≝ addressing_mode_ok T M … s acc_a in
+          let others_ok ≝ addressing_mode_ok T M … s others in
+            if others_ok ∧ acc_a_ok then
+            if assert_data T M … s acc_a then
               Some ? M
             else
 …
         [ inl l ⇒
           let 〈acc_a, others〉 ≝ l in
           let acc_a_ok ≝ addressing_mode_ok T M … s acc_a in
           let others_ok ≝ addressing_mode_ok T M … s others in
+          let acc_a_ok ≝ assert_data T M … s acc_a in
+          let others_ok ≝ assert_data T M … s others in
           if acc_a_ok ∧ others_ok then
             Some ? M
 …
         | inr r ⇒
           let 〈direct, others〉 ≝ r in
           let direct_ok ≝ addressing_mode_ok T M … s direct in
           let others_ok ≝ addressing_mode_ok T M … s others in
+          let direct_ok ≝ assert_data T M … s direct in
+          let others_ok ≝ assert_data T M … s others in
           if direct_ok ∧ others_ok then
             Some ? M
 …
           [ inl l ⇒
             let 〈acc_a, others〉 ≝ l in
             let acc_a_ok ≝ addressing_mode_ok T M … s acc_a in
             let others_ok ≝ addressing_mode_ok T M … s others in
+            let acc_a_ok ≝ assert_data T M … s acc_a in
+            let others_ok ≝ assert_data T M … s others in
             if acc_a_ok ∧ others_ok then
               Some ? M
 …
           | inr r ⇒
             let 〈direct, others〉 ≝ r in
             let direct_ok ≝ addressing_mode_ok T M … s direct in
             let others_ok ≝ addressing_mode_ok T M … s others in
+            let direct_ok ≝ assert_data T M … s direct in
+            let others_ok ≝ assert_data T M … s others in
             if direct_ok ∧ others_ok then
               Some ? M
 …
         | inr r ⇒
           let 〈carry, others〉 ≝ r in
           let carry_ok ≝ addressing_mode_ok T M … s carry in
           let others_ok ≝ addressing_mode_ok T M … s others in
+          let carry_ok ≝ assert_data T M … s carry in
+          let others_ok ≝ assert_data T M … s others in
           if carry_ok ∧ others_ok then
             Some ? M
 …
           [ inl l ⇒
             let 〈acc_a, others〉 ≝ l in
             let acc_a_ok ≝ addressing_mode_ok T M … s acc_a in
             let others_ok ≝ addressing_mode_ok T M … s others in
+            let acc_a_ok ≝ assert_data T M … s acc_a in
+            let others_ok ≝ assert_data T M … s others in
             if acc_a_ok ∧ others_ok then
               Some ? M
 …
           | inr r ⇒
             let 〈direct, others〉 ≝ r in
             let direct_ok ≝ addressing_mode_ok T M … s direct in
             let others_ok ≝ addressing_mode_ok T M … s others in
+            let direct_ok ≝ assert_data T M … s direct in
+            let others_ok ≝ assert_data T M … s others in
             if direct_ok ∧ others_ok then
               Some ? M
 …
         | inr r ⇒
           let 〈carry, others〉 ≝ r in
           let carry_ok ≝ addressing_mode_ok T M … s carry in
           let others_ok ≝ addressing_mode_ok T M … s others in
+          let carry_ok ≝ assert_data T M … s carry in
+          let others_ok ≝ assert_data T M … s others in
           if carry_ok ∧ others_ok then
             Some ? M
 …
+        ]
       | MOV addr1 ⇒
+        (* XXX: wrong *)
         match addr1 with
         [ inl l ⇒
 …
                 [ inl l'''' ⇒
                   let 〈acc_a, others〉 ≝ l'''' in
+                  if addressing_mode_ok T M … s acc_a ∧ addressing_mode_ok T M … s others then
+                    Some ? M
+                  else
+                    None ?
+                    match data_or_address T M … s others with
+                    [ None ⇒ None ?
+                    | Some s ⇒
+                        Some … 〈low, high, s〉
+                    ]
                 | inr r ⇒
                   let 〈others, others'〉 ≝ r in
+                  if addressing_mode_ok T M … s others ∧ addressing_mode_ok T M … s others' then
+                    Some ? M
+                  else
+                    None ?
+                  let address ≝
+                    match others return λx. bool_to_Prop (is_in … [[ registr; indirect ]] x) → ? with
+                    [ REGISTER r ⇒ λproof. false:::bit_address_of_register … s r
+                    | INDIRECT i ⇒ λproof. get_register … s [[false; false; i]]
+                    | _ ⇒ λother: False. ⊥
+                    ] (subaddressing_modein … others)
+                  in
+                    match data_or_address T M … s others' with
+                    [ None ⇒ None ?
+                    | Some s ⇒
+                        Some … (overwrite_or_delete_from_internal_ram address s M)
+                    ]
+                ]
               | inr r ⇒
+                let 〈direct, others〉 ≝ r in
+                if addressing_mode_ok T M … s direct ∧ addressing_mode_ok T M … s others then
+                  Some ? M
+                else
+                  None ?
+                let 〈direct', others〉 ≝ r in
+                  match direct' return λx. bool_to_Prop (is_in … [[direct]] x) → ? with
+                  [ DIRECT d ⇒ λproof.
+                    match data_or_address T M … s others with
+                    [ None ⇒ None ?
+                    | Some s' ⇒
+                        let 〈bit_one, seven_bits〉 ≝ vsplit bool 1 7 d in
+                          if head' … bit_one then
+                            if eq_bv … d (bitvector_of_nat … 224) then
+                              Some … 〈low, high, s'〉
+                            else
+                              match s' with
+                              [ None ⇒ Some ? M
+                              | Some s'' ⇒ None ?
+                              ]
+                          else
+                            Some … (overwrite_or_delete_from_internal_ram d s' M)
+                    ]
+                  | _ ⇒ λother: False. ⊥
+                  ] (subaddressing_modein … direct')
+              ]
+            | inr r ⇒
+              let 〈dptr, data_16〉 ≝ r in
+              if addressing_mode_ok T M … s dptr ∧ addressing_mode_ok T M … s data_16 then
+                Some ? M
+              else
+                None ?
+            | inr r ⇒ Some … M
+            ]
           | inr r ⇒
             let 〈carry, bit_addr〉 ≝ r in
             if addressing_mode_ok T M … s carry ∧ addressing_mode_ok T M … s bit_addr then
+            if assert_data T M … s bit_addr then
               Some ? M
             else
 …
         | inr r ⇒
           let 〈bit_addr, carry〉 ≝ r in
           if addressing_mode_ok T M … s bit_addr ∧ addressing_mode_ok T M … s carry then
+          if assert_data T M … s bit_addr then
             Some ? M
           else
 …
   λsigma: Word → Word.
     match \snd M with
     [ data ⇒ sfrs
     | address upper_lower address ⇒
+    [ None ⇒ sfrs
+    | Some upper_lower_address ⇒
       let index ≝ sfr_8051_index SFR_ACC_A in
+      let 〈high, low〉 ≝ vsplit ? 8 8 (sigma address) in
+      let acc_a ≝ get_index_v … sfrs index ? in
+      let 〈upper_lower, address〉 ≝ upper_lower_address in
         if eq_upper_lower upper_lower upper then
+          set_index Byte 19 sfrs index high ?
+          let 〈high, low〉 ≝ vsplit ? 8 8 (sigma (acc_a@@address)) in
+            set_index Byte 19 sfrs index high ?
         else
+          set_index Byte 19 sfrs index low ?
+          let 〈high, low〉 ≝ vsplit ? 8 8 (sigma (address@@acc_a)) in
+            set_index Byte 19 sfrs index low ?
     ].
   //
 …
   let cm ≝ code_memory_of_pseudo_assembly_program … sigma policy in
   let pc ≝ sigma (program_counter … ps) in
   let lir ≝ low_internal_ram_of_pseudo_low_internal_ram M (low_internal_ram … ps) in
   let hir ≝ high_internal_ram_of_pseudo_high_internal_ram M (high_internal_ram … ps) in
+  let lir ≝ low_internal_ram_of_pseudo_low_internal_ram M sigma (low_internal_ram … ps) in
+  let hir ≝ high_internal_ram_of_pseudo_high_internal_ram M sigma (high_internal_ram … ps) in
      mk_PreStatus (BitVectorTrie Byte 16)
       cm
 …
   ∀arg: Byte.
   ∀b: bool.
     addressing_mode_ok m s (DIRECT arg) = true →
+    assert_data m s (DIRECT arg) = true →
       get_arg_8 ? (set_low_internal_ram ? s (low_internal_ram_of_pseudo_low_internal_ram m (low_internal_ram ? s))) b (DIRECT arg) =
       get_arg_8 ? s b (DIRECT arg).
 …
   get_arg_8 (internal_ram ...) (DIRECT arg)
 ((if addressing_mode_ok M ps ACC_A∧addressing_mode_ok M ps (DIRECT ARG2)
+((if assert_data M ps ACC_A∧assert_data M ps (DIRECT ARG2)
                      then Some internal_pseudo_address_map M
                      else None internal_pseudo_address_map )

src/ASM/AssemblyProofSplit.ma

-                      r2265
+                      r2272
 qed.
+lemma get_index_v_set_index_hit:
+  ∀A: Type[0].
+  ∀n: nat.
+  ∀v: Vector A n.
+  ∀i: nat.
+  ∀e: A.
+  ∀i_lt_n_proof: i < n.
+  ∀i_lt_n_proof': i < n.
+    get_index_v A n (set_index A n v i e i_lt_n_proof) i i_lt_n_proof' = e.
+  #A #n #v elim v
+  [1:
+    #i #e #i_lt_n_proof
+    cases (lt_to_not_zero … i_lt_n_proof)
+  |2:
+    #n' #hd #tl #inductive_hypothesis #i #e
+    cases i
+    [1:
+      #i_lt_n_proof #i_lt_n_proof' %
+    |2:
+      #i' #i_lt_n_proof' #i_lt_n_proof''
+      whd in ⊢ (??%?); @inductive_hypothesis
+    ]
+  ]
+qed.
+axiom insert_low_internal_ram_of_pseudo_low_internal_ram':
+  ∀M, M', sigma,cm,s,addr,v,v'.
+    (∀addr'.
+      ((false:::addr) = addr' →
+        map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v =
+        map_internal_ram_address_using_pseudo_address_map M' sigma (false:::addr) v') ∧
+      ((false:::addr) ≠ addr' →
+        let 〈callM, accM〉 ≝ M in
+        let 〈callM', accM'〉 ≝ M' in
+          accM = accM' ∧
+            assoc_list_lookup … addr' (eq_bv 8) … callM =
+              assoc_list_lookup … addr' (eq_bv 8) … callM')) →
+    insert Byte 7 addr v'
+      (low_internal_ram_of_pseudo_low_internal_ram M'
+      (low_internal_ram pseudo_assembly_program cm s)) =
+    low_internal_ram_of_pseudo_low_internal_ram M
+      (insert Byte 7 addr v (low_internal_ram pseudo_assembly_program cm s)).
-(*
 lemma write_at_stack_pointer_status_of_pseudo_status:
   ∀M, M'.
 …
   ∀s, s'.
   ∀new_b, new_b'.
+    M = M' →
+    map_internal_ram_address_using_pseudo_address_map M sigma new_b = new_b' →
+    map_internal_ram_address_using_pseudo_address_map M sigma (get_8051_sfr pseudo_assembly_program cm s SFR_SP) new_b = new_b' →
     status_of_pseudo_status M cm s sigma policy = s' →
     write_at_stack_pointer ?? s' new_b' =
     status_of_pseudo_status M cm (write_at_stack_pointer ? cm s new_b) sigma policy.
+    status_of_pseudo_status M' cm (write_at_stack_pointer ? cm s new_b) sigma policy.
   #M #M' #cm #sigma #policy #s #s' #new_b #new_b'
   #Mrefl #new_b_refl #s_refl <Mrefl <new_b_refl <s_refl
+  #new_b_refl #s_refl <new_b_refl <s_refl
   whd in match write_at_stack_pointer; normalize nodelta
   @pair_elim #nu #nl #nu_nl_refl normalize nodelta
 …
+    ]
   |2:
+    cases (get_index_v bool ????) normalize nodelta
+    whd in match status_of_pseudo_status; normalize nodelta
+    whd in match set_low_internal_ram; normalize nodelta
+    @split_eq_status try %
+    [1:
+      @(insert_low_internal_ram_of_pseudo_low_internal_ram … sigma)
+    |2:
+      @(insert_high_internal_ram_of_pseudo_high_internal_ram … sigma)
+    @if_then_else_status_of_pseudo_status try %
+    [2:
+      @sym_eq <set_low_internal_ram_status_of_pseudo_status
+      [1:
+        @eq_f2
+        [2:
+          @insert_low_internal_ram_of_pseudo_low_internal_ram'
+    @sym_eq
+    [2:
+      <set_low_internal_ram_status_of_pseudo_status
+      [1:
+        @eq_f2
+        [2:
+          @sym_eq
+          >(insert_low_internal_ram_of_pseudo_low_internal_ram … sigma … new_b')
+          [2:
+            >new_b_refl
+    ]
+  ]
+*)
+qed.
 lemma main_lemma_preinstruction:
 …
             let 〈result, flags〉 ≝ add_8_with_carry (get_arg_8 … s false addr1)
                                                    (get_arg_8 … s false addr2) false in
             let cy_flag ≝ get_index' ? O  ? flags in
+            let cy_flag ≝ get_index' ? O ? flags in
             let ac_flag ≝ get_index' ? 1 ? flags in
             let ov_flag ≝ get_index' ? 2 ? flags in
 …
   try (@(execute_1_technical … (subaddressing_modein …)) @I) (*66s*)
   whd in match execute_1_preinstruction; normalize nodelta
   [1,2: (* ADD and ADDC *)
+  [(*1,2: (* ADD and ADDC *)
     (* XXX: work on the right hand side *)
     (* XXX: switch to the left hand side *)
 …
+      ]
+    ]
+  |12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28: (* XXX: conditional jumps *)
+  |*)12: (* JC *)
+    >EQP -P normalize nodelta
+    whd in match expand_pseudo_instruction; normalize nodelta
+    whd in match expand_relative_jump; normalize nodelta
+    whd in match expand_relative_jump_internal; normalize nodelta
+    @pair_elim #sj_possible #disp #sj_possible_disp_refl
+    inversion sj_possible #sj_possible_refl normalize nodelta
+    [1:
+      #sigma_increment_commutation #maps_assm #fetch_many_assm %{1}
+      whd in maps_assm:(??%%);
+      lapply maps_assm @Some_Some_elim #Mrefl destruct(Mrefl)
+      whd in ⊢ (??%?); normalize nodelta
+      <(fetch_many_singleton … fetch_many_assm) -fetch_many_assm
+      whd in ⊢ (??%?);
+      @if_then_else_status_of_pseudo_status
+      >EQs >EQticks <instr_refl normalize nodelta
+      [1:
+        @(get_cy_flag_status_of_pseudo_status M') %
+      |2:
+        @sym_eq @set_program_counter_status_of_pseudo_status
+        [1:
+        |2:
+          @sym_eq @set_clock_status_of_pseudo_status try %
+          whd in match ticks_of0; normalize nodelta
+          @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+          [1:
+            @eq_f2 try %
+            >sigma_increment_commutation
+            lapply sigma_policy_witness whd in match sigma_policy_specification; normalize nodelta
+            * #sigma_zero_assm #relevant cases (relevant ppc ?)
+            [1:
+              -relevant
+              [2:
+                >EQcm assumption
+              |1:
+                #relevant #_ <EQppc >relevant @eq_f @eq_f @eq_f
+                >EQlookup_labels >EQcm >create_label_cost_refl @eq_f2
+              ]
+            |2:
+            ]
+          |2:
+            >sj_possible_refl %
+          ]
+        ]
+      |3:
+      ]
+    ]
     cases daemon
+  |29,30: (* ANL and ORL *)
+  |13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28: (* XXX: conditional jumps *)
+    cases daemon
+  |(*29,30: (* ANL and ORL *)
     inversion addr
     [1,3:
 …
       @(addressing_mode_ok_to_map_bit_address_mode_using_internal_pseudo_address_map_set_2 … ps ps … b … false (refl …) addressing_mode_ok_assm_1)
+    ]
   |42: (* PUSH *)
+  |*)42: (* PUSH *)
     >EQP -P normalize nodelta lapply instr_refl
     @(subaddressing_mode_elim … addr) #w #instr_refl normalize nodelta

src/ASM/Interpret.ma

r2264	r2272
727	727	let 〈carry, new_sp〉 ≝ half_add ? (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
728	728	let s ≝ set_8051_sfr … s SFR_SP new_sp in
729		write_at_stack_pointer ~~… s d~~
	729	write_at_stack_pointer ?? s (get_arg_8 ?? s false (DIRECT … d))
730	730	\| _ ⇒ λother: False. ⊥
731	731	] (subaddressing_modein … addr) (refl … (subaddressing_modeel … addr))

src/ASM/Status.ma

-                      r2270
+                      r2272
       set_low_internal_ram … s new_low_internal_ram.
+definition read_at_stack_pointer ≝
+  λM: Type[0].
+  λcode_memory:M.
+  λs: PreStatus M code_memory.
+    let 〈 nu, nl 〉 ≝ vsplit ? 4 4 (get_8051_sfr ?? s SFR_SP) in
+    let m ≝ get_index_v ?? nu O ? in
+    let r1 ≝ get_index_v ?? nu 1 ? in
+    let r2 ≝ get_index_v ?? nu 2 ? in
+    let r3 ≝ get_index_v ?? nu 3 ? in
+    let address ≝ [[ r1 ; r2 ; r3 ]] @@ nl in
+definition read_from_internal_ram ≝
+  λM: Type[0].
+  λcode_memory:M.
+  λs: PreStatus M code_memory.
+  λaddr: Byte.
+    let 〈bit_one, seven_bits〉 ≝ vsplit bool 1 7 addr in
     let memory ≝
       if m then
+      if head' … bit_one then
         (low_internal_ram ?? s)
       else
         (high_internal_ram ?? s)
     in
       lookup … address memory (zero 8).
+  [1,2,3,4:
+     normalize
      repeat (@ le_S_S)
      @ le_O_n
+  ]
 qed.
+      lookup … seven_bits memory (zero 8).
+definition read_at_stack_pointer ≝
+  λM: Type[0].
+  λcode_memory:M.
+  λs: PreStatus M code_memory.
+    read_from_internal_ram M code_memory s (get_8051_sfr ?? s SFR_SP).
 definition write_at_stack_pointer ≝
 …
   λs: PreStatus M code_memory.
   λv: Byte.
+    let 〈 nu, nl 〉 ≝ vsplit … 4 4 (get_8051_sfr ?? s SFR_SP) in
+    let bit_zero ≝ get_index_v ?? nu O ? in
+    let bit_1 ≝ get_index_v ?? nu 1 ? in
+    let bit_2 ≝ get_index_v ?? nu 2 ? in
+    let bit_3 ≝ get_index_v ?? nu 3 ? in
+      if bit_zero then
+        let memory ≝ insert … ([[ bit_1 ; bit_2 ; bit_3 ]] @@ nl)
+                              v (high_internal_ram ?? s) in
+    let 〈bit_one, seven_bits〉 ≝ vsplit bool 1 7 (get_8051_sfr ?? s SFR_SP) in
+      if head' … 0 bit_one then
+        let memory ≝ insert … seven_bits v (high_internal_ram ?? s) in
           set_high_internal_ram ?? s memory
       else
+        let memory ≝ insert … ([[ bit_1 ; bit_2 ; bit_3 ]] @@ nl)
+                              v (low_internal_ram ?? s) in
+        let memory ≝ insert … seven_bits v (low_internal_ram ?? s) in
           set_low_internal_ram ?? s memory.
-  [1,2,3,4:
-     normalize
-     repeat (@ le_S_S)
-     @ le_O_n
+  ]
-qed.
 definition set_arg_16': ∀M: Type[0]. ∀code_memory:M. ∀s:PreStatus M code_memory. Word → [[ dptr ]] → Σs':PreStatus M code_memory. clock ?? s = clock ?? s' ≝
 …
         match head' … bit_1 with
         [ true ⇒
+          let address ≝ nat_of_bitvector … seven_bits in
+          let d ≝ address ÷ 8 in
+          let m ≝ address mod 8 in
+          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let trans ≝ true:::four_bits @@ [[false; false; false]] in
           let sfr ≝ get_bit_addressable_sfr ?? s trans l in
             get_index_v … sfr m ?
+            get_index_v … sfr (nat_of_bitvector … three_bits) ?
         | false ⇒
           let address ≝ nat_of_bitvector … seven_bits in
           let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let address' ≝ [[true; false; false]]@@four_bits in
           let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
             get_index_v … t (modulus address 8) ?
+            get_index_v … t (nat_of_bitvector … three_bits) ?
+        ]
       | N_BIT_ADDR n ⇒
 …
         match head' … bit_1 with
         [ true ⇒
+          let address ≝ nat_of_bitvector … seven_bits in
+          let d ≝ address ÷ 8 in
+          let m ≝ address mod 8 in
+          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let trans ≝ true:::four_bits @@ [[false; false; false]] in
           let sfr ≝ get_bit_addressable_sfr ?? s trans l in
             ¬(get_index_v … sfr m ?)
+            ¬(get_index_v ?? sfr (nat_of_bitvector … three_bits) ?)
         | false ⇒
           let address ≝ nat_of_bitvector … seven_bits in
           let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let address' ≝ [[true; false; false]]@@four_bits in
           let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
             ¬(get_index_v … t (modulus address 8) ?)
+            ¬(get_index_v … t (nat_of_bitvector … three_bits) ?)
+        ]
       | CARRY ⇒ λcarry: True. get_cy_flag ?? s
 …
         match other in False with [ ]
       ] (subaddressing_modein … a).
       @modulus_less_than
+  //
 qed.
 …
         match head' … bit_1 with
         [ true ⇒
+          let address ≝ nat_of_bitvector … seven_bits in
+          let d ≝ address ÷ 8 in
+          let m ≝ address mod 8 in
+          let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
+          let sfr ≝ get_bit_addressable_sfr … s t true in
+          let new_sfr ≝ set_index … sfr m v ? in
+            set_bit_addressable_sfr … s new_sfr t
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let trans ≝ true:::four_bits @@ [[false; false; false]] in
+          let sfr ≝ get_bit_addressable_sfr … s trans true in
+          let new_sfr ≝ set_index … sfr (nat_of_bitvector … three_bits) v ? in
+            set_bit_addressable_sfr … s new_sfr trans
         | false ⇒
           let address ≝ nat_of_bitvector … seven_bits in
           let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let address' ≝ [[true; false; false]]@@four_bits in
           let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
           let n_bit ≝ set_index … t (modulus address 8) v ? in
+          let n_bit ≝ set_index … t (nat_of_bitvector … three_bits) v ? in
           let memory ≝ insert ? 7 address' n_bit (low_internal_ram ?? s) in
             set_low_internal_ram … s memory
 …
             [ ]
       ] (subaddressing_modein … a).
   @modulus_less_than
+  //
 qed.

src/ASM/StatusProofs.ma

-                      r2172
+                      r2272
   #m #s #v
   whd in match write_at_stack_pointer; normalize nodelta
   cases(vsplit … 4 4 ?) #nu #nl normalize nodelta
   cases(get_index_v … 4 nu 0 ?) //
+  cases(vsplit … 1 7 ?) #bit_one #seven_bits normalize nodelta
+  cases (head' bool ??) normalize nodelta //
 qed.
 …
   = special_function_registers_8051 T cm s.
  #T #cm #s #x whd in ⊢ (??(???%)?);
  cases (vsplit ????) #nu #nl normalize nodelta;
  cases (get_index_v bool ????) %
+ cases (vsplit ????) #bit_one #seven_bits normalize nodelta
+  cases (head' bool ??) normalize nodelta %
 qed.
 …
  ∀T,cm,s,x. external_ram T cm (write_at_stack_pointer T cm s x) = external_ram T cm s.
  #T #cm #s #x whd in ⊢ (??(???%)?);
  cases (vsplit ????) #nu #nl normalize nodelta;
  cases (get_index_v bool ????) %
+ cases (vsplit ????) #bit_one #seven_bits normalize nodelta
+ cases (head' bool ??) %
 qed.
 …
   = special_function_registers_8052 T cm s.
  #T #cm #s #x whd in ⊢ (??(???%)?);
  cases (vsplit ????) #nu #nl normalize nodelta;
  cases (get_index_v bool ????) %
+ cases (vsplit ????) #bit_one #seven_bits normalize nodelta
+ cases (head' bool ??) %
 qed.
 …
  ∀T,cm,s,x. p1_latch T cm (write_at_stack_pointer T cm s x) = p1_latch T cm s.
  #T #cm #s #x whd in ⊢ (??(???%)?);
  cases (vsplit ????) #nu #nl normalize nodelta;
  cases (get_index_v bool ????) %
+ cases (vsplit ????) #bit_one #seven_bits normalize nodelta
+ cases (head' bool ??) %
 qed.
 …
  ∀T,cm,s,x. p3_latch T cm (write_at_stack_pointer T cm s x) = p3_latch T cm s.
  #T #cm #s #x whd in ⊢ (??(???%)?);
  cases (vsplit ????) #nu #nl normalize nodelta;
  cases (get_index_v bool ????) %
+ cases (vsplit ????) #bit_one #seven_bits normalize nodelta
+ cases (head' bool ??) %
 qed.
 …
   #m #cm #s #v
   whd in match write_at_stack_pointer; normalize nodelta
   cases (vsplit bool 4 4 ?) #nu #nl normalize nodelta
   cases (get_index_v bool 4 nu ??) normalize nodelta /demod/ %
+ cases (vsplit ????) #bit_one #seven_bits normalize nodelta
+ cases (head' bool ??) %
 qed.

src/ASM/StatusProofsSplit.ma

-                      r2172
+                      r2272
   ∀cm: M.
   ∀s: PreStatus M cm.
-  ∀sfr: SFR8051.
   ∀pc: Word.
     get_8051_sfr M cm (set_program_counter M cm s pc) =
       get_8051_sfr M cm s.
   #M #cm #s #sfr #pc %
+  #M #cm #s #pc %
 qed.
 …
   ∀sigma: Word → Word.
   ∀policy: Word → bool.
     \snd M = data →
+    \snd M = None … →
       special_function_registers_8051 pseudo_assembly_program cm s =
         special_function_registers_8051 (BitVectorTrie Byte 16)
 …
   whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
   cases M #left #right cases right normalize nodelta try %
   -right * #address
+  -right * * #address normalize nodelta
   @pair_elim #high #low #high_low_refl normalize nodelta
   whd in match sfr_8051_index; normalize nodelta
 …
 include alias "ASM/BitVectorTrie.ma".
 *)
-lemma get_8051_sfr_status_of_pseudo_status:
-  ∀M.
-  ∀cm, ps, sigma, policy.
-  ∀sfr.
-    (sfr = SFR_ACC_A → \snd M = data) →
-    get_8051_sfr (BitVectorTrie Byte 16)
-      (code_memory_of_pseudo_assembly_program cm sigma policy)
-      (status_of_pseudo_status M cm ps sigma policy) sfr =
-    get_8051_sfr pseudo_assembly_program cm ps sfr.
-  #M #cm #ps #sigma #policy * cases M #fstM #sndM #relevant
-  [18:
-     >relevant %
+  ]
-  cases sndM try % * #address
-  whd in match get_8051_sfr;
-  whd in match status_of_pseudo_status; normalize nodelta
-  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
-  @pair_elim #upper #lower #upper_lower_refl
-  @get_index_v_set_index_miss @nmk #relevant
-  normalize in relevant; destruct(relevant)
-qed.
 lemma bitvector_cases_hd_tl:
 …
       special_function_registers_8051 M cm ps.
   //
-qed.
-lemma get_arg_8_pseudo_addressing_mode_ok:
-  ∀M: internal_pseudo_address_map.
-  ∀cm: pseudo_assembly_program.
-  ∀ps: PreStatus pseudo_assembly_program cm.
-  ∀sigma: Word → Word.
-  ∀policy: Word → bool.
-  ∀addr1: [[registr; direct]].
-    addressing_mode_ok pseudo_assembly_program M cm ps addr1 = true →
-      get_arg_8 (BitVectorTrie Byte 16)
-        (code_memory_of_pseudo_assembly_program cm sigma policy)
-        (status_of_pseudo_status M cm ps sigma policy) true addr1 =
-      get_arg_8 pseudo_assembly_program cm ps true addr1.
-  [2,3: /2 by is_in_subvector_is_in_supervector, subaddressing_modein, I/ ]
-  #M #cm #ps #sigma #policy #addr1
-  @(subaddressing_mode_elim … addr1) #arg whd in ⊢ (? → ???%);
-  [1:
-    whd in ⊢ (??%? → ??%?);
-    whd in match bit_address_of_register; normalize nodelta
-    @pair_elim #un #ln #un_ln_refl
-    lapply (refl_to_jmrefl ??? un_ln_refl) -un_ln_refl #un_ln_refl
-    @(pair_replace ?????????? un_ln_refl)
-    [1:
-      whd in match get_8051_sfr; normalize nodelta
-      whd in match sfr_8051_index; normalize nodelta
-      @eq_f <get_index_v_special_function_registers_8051_not_acc_a
-      try % #absurd destruct(absurd)
-    |2:
-      #assembly_mode_ok_refl
-      >low_internal_ram_of_pseudo_internal_ram_miss
-      [1:
+        %
-      |2:
-        cases (assoc_list_exists ?????) in assembly_mode_ok_refl; normalize nodelta
-        #absurd try % @sym_eq assumption
+      ]
+    ]
-  |2:
-    #addressing_mode_ok_refl whd in ⊢ (??%?);
-    @pair_elim #nu #nl #nu_nl_refl normalize nodelta cases daemon (*
-    @pair_elim #ignore #three_bits #ignore_three_bits_refl normalize nodelta
-    inversion (get_index_v bool ????) #get_index_v_refl normalize nodelta
-    [1:
-      whd in ⊢ (??%%); normalize nodelta
-      cases (eqb ??) normalize nodelta [1: % ]
-      cases (eqb ??) normalize nodelta [1: % ]
-      cases (eqb ??) normalize nodelta [1: % ]
-      cases (eqb ??) normalize nodelta [1: % ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1: % ]
-      cases (eqb ??) normalize nodelta [1: % ]
-      cases (eqb ??) normalize nodelta [1: % ]
-      cases (eqb ??) normalize nodelta [1: % ]
-      cases (eqb ??) normalize nodelta [1: % ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
+      ]
-      inversion (eqb ??) #eqb_refl normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status lapply addressing_mode_ok_refl
-        whd in ⊢ (??%? → ?); <(eqb_true_to_eq … eqb_refl)
-        >bitvector_of_nat_inverse_nat_of_bitvector >eq_bv_refl normalize nodelta
-        #assoc_list_assm cases (conjunction_true … assoc_list_assm) #_
-        #relevant #_ cases (eq_accumulator_address_map_entry_true_to_eq … relevant) %
+      ]
-      cases (eqb ??) normalize nodelta [1:
-        @get_8051_sfr_status_of_pseudo_status
-        #absurd destruct(absurd)
-      ] %
-    |2:
-      lapply addressing_mode_ok_refl whd in ⊢ (??%? → ?); #relevant
-      whd in match status_of_pseudo_status; normalize nodelta
-      >low_internal_ram_of_pseudo_internal_ram_miss try %
-      cut(arg = false:::(three_bits@@nl))
-      [1:
-        <get_index_v_refl
-        cut(nu=get_index_v bool 4 nu O (le_S_S O 3 (le_O_n 3)):::three_bits)
-        [1:
-          cut(ignore = [[get_index_v bool 4 nu 0 ?]])
-          [1:
-            @le_S_S @le_O_n
-          |2:
-            cut(ignore = \fst (vsplit bool 1 3 nu))
-            [1:
-              >ignore_three_bits_refl %
-            |2:
-              #ignore_refl >ignore_refl
-              cases (bitvector_cases_hd_tl … nu) #hd * #tl #nu_refl
-              >nu_refl %
+            ]
-          |3:
-            #ignore_refl >ignore_refl in ignore_three_bits_refl;
-            #relevant lapply (vsplit_ok ?????? (sym_eq … relevant))
-            #nu_refl <nu_refl %
+          ]
-        |2:
-          #nu_refl change with (? = (?:::three_bits)@@?) <nu_refl
-          @sym_eq @vsplit_ok >nu_nl_refl %
+        ]
-      |2:
-        #arg_refl <arg_refl cases (assoc_list_exists ?????) in relevant;
-        normalize nodelta
-        [1:
-          cases (eq_bv ???) normalize #absurd destruct(absurd)
-        |2:
-          #_ %
+        ]
+      ]
+    ]
-  ] *)
 qed.
 …
   #M #cm #ps #sigma #policy #sfr #result #sfr_neq_assm
   whd in match (set_8051_sfr ?????);
   cases M #callM * try % #upper_lower #address
+  cases M * #low #high * try % * *
   whd in match (special_function_registers_8051 ???);
   whd in match (sfr_8051_of_pseudo_sfr_8051 ???);
+  whd in match (sfr_8051_of_pseudo_sfr_8051 ???); normalize nodelta
   @pair_elim #high #low #high_low_refl normalize nodelta
   cases (eq_upper_lower ??) normalize nodelta

src/ASM/Test.ma

-                      r2258
+                      r2272
   λM, sigma, v.
   match \snd M with
+  [ data ⇒ v
+  | address upper_lower word ⇒
+    let mapped ≝ sigma word in
+    let 〈high, low〉 ≝ vsplit bool 8 8 mapped in
+  [ None ⇒ v
+  | Some upper_lower_addr ⇒
+    let 〈upper_lower, addr〉 ≝ upper_lower_addr in
       if eq_upper_lower upper_lower upper then
+        high
+        let 〈high, low〉 ≝ vsplit bool 8 8 (sigma (v@@addr)) in
+          high
       else
+        low
+        let 〈high, low〉 ≝ vsplit bool 8 8 (sigma (addr@@v)) in
+          low
   ].
 …
   λaddress: Byte.
   λvalue: Byte.
   match assoc_list_lookup ?? address (eq_bv …) (\fst M) with
+  match lookup_from_internal_ram … address M with
   [ None ⇒ value
   | Some upper_lower_word ⇒
     let 〈upper_lower, word〉 ≝ upper_lower_word in
-    let 〈high, low〉 ≝ vsplit bool 8 8 (sigma word) in
       if eq_upper_lower upper_lower upper then
+        high
+        let 〈high, low〉 ≝ vsplit bool 8 8 (sigma (value@@word)) in
+          high
       else
+        low
+        let 〈high, low〉 ≝ vsplit bool 8 8 (sigma (word@@value)) in
+          low
   ].
 …
 qed.
+lemma get_index_v_set_index_hit:
+  ∀A: Type[0].
+  ∀n: nat.
+  ∀v: Vector A n.
+  ∀i: nat.
+  ∀e: A.
+  ∀i_lt_n_proof: i < n.
+  ∀i_lt_n_proof': i < n.
+    get_index_v A n (set_index A n v i e i_lt_n_proof) i i_lt_n_proof' = e.
+  #A #n #v elim v
+  [1:
+    #i #e #i_lt_n_proof
+    cases (lt_to_not_zero … i_lt_n_proof)
+  |2:
+    #n' #hd #tl #inductive_hypothesis #i #e
+    cases i
+    [1:
+      #i_lt_n_proof #i_lt_n_proof' %
+    |2:
+      #i' #i_lt_n_proof' #i_lt_n_proof''
+      whd in ⊢ (??%?); @inductive_hypothesis
+    ]
+  ]
+qed.
 lemma set_index_status_of_pseudo_status:
   ∀M, code_memory, sigma, policy, s, sfr, v, v'.
 …
   whd in match status_of_pseudo_status; normalize nodelta
   whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
   inversion (\snd M) try (#upper_lower #address) #sndM_refl normalize nodelta
+  inversion (\snd M) try ( * #upper_lower #address) #sndM_refl normalize nodelta
   [1:
     <sfr_neq_acc_a_assm cases sfr
 …
+    %
   |2:
+    inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
     @pair_elim #high #low #high_low_refl normalize nodelta
+    inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
+    <sfr_neq_acc_a_assm cases sfr
+    whd in match set_8051_sfr; normalize nodelta
+    <sfr_neq_acc_a_assm
+    cases sfr in high_low_refl sfr_neq_acc_a_assm;
     [18,37:
+      @pair_elim #high' #low' #high_low_refl'
+      #high_low_refl
       whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
       whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
       >sndM_refl normalize nodelta >high_low_refl normalize nodelta
+      >sndM_refl normalize nodelta
       >eq_upper_lower_refl normalize nodelta
-      whd in match (set_8051_sfr ?????);
       [1:
+        #relevant >relevant
         <set_index_set_index_overwrite in ⊢ (??%?);
+        <set_index_set_index_overwrite in ⊢ (???%); %
+        <set_index_set_index_overwrite in ⊢ (???%);
+        >get_index_v_set_index_hit in high_low_refl';
+        #assm >assm in relevant; normalize nodelta * %
       |2:
+        #relevant >relevant
         <set_index_set_index_overwrite in ⊢ (??%?);
+        <set_index_set_index_overwrite in ⊢ (???%); %
+        <set_index_set_index_overwrite in ⊢ (???%);
+        >get_index_v_set_index_hit in high_low_refl';
+        #assm >assm in relevant; normalize nodelta * %
+      ]
+    ]
     whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
+    whd in match (set_8051_sfr ?????); @set_index_set_index_commutation normalize
+    @nmk #absurd destruct(absurd)
+    #relevant * >get_index_v_set_index_miss
+    try (% #absurd normalize in absurd; destruct(absurd))
+    >relevant normalize nodelta
+    @set_index_set_index_commutation % #absurd normalize in absurd; destruct(absurd)
+  ]
 qed.
+(*
 lemma get_index_v_status_of_pseudo_status:
   ∀M, code_memory, sigma, policy, s, s', sfr.
 …
+  ]
 qed.
+*)
 lemma set_8051_sfr_status_of_pseudo_status:
 …
 qed.
+(*
 lemma get_8051_sfr_status_of_pseudo_status:
   ∀M, code_memory, sigma, policy, s, s', s'', sfr.
 …
   whd in match get_8051_sfr; normalize nodelta
   @get_index_v_status_of_pseudo_status %
 qed.
+qed.*)
 lemma get_8052_sfr_status_of_pseudo_status:
 …
   (code_memory_of_pseudo_assembly_program cm sigma policy)
   s'
   (low_internal_ram_of_pseudo_low_internal_ram M ram)
+  (low_internal_ram_of_pseudo_low_internal_ram M sigma ram)
   = status_of_pseudo_status M cm
     (set_low_internal_ram pseudo_assembly_program cm s ram) sigma policy.
 …
  map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v = v' →
   insert Byte 7 addr v'
   (low_internal_ram_of_pseudo_low_internal_ram M
+  (low_internal_ram_of_pseudo_low_internal_ram M sigma
    (low_internal_ram pseudo_assembly_program cm s))
   =low_internal_ram_of_pseudo_low_internal_ram M
+  =low_internal_ram_of_pseudo_low_internal_ram M sigma
    (insert Byte 7 addr v (low_internal_ram pseudo_assembly_program cm s)).
 …
     (code_memory_of_pseudo_assembly_program cm sigma policy)
     (status_of_pseudo_status M cm s sigma policy))
   = low_internal_ram_of_pseudo_low_internal_ram M
+  = low_internal_ram_of_pseudo_low_internal_ram M sigma
      (insert Byte 7 addr v
       (low_internal_ram pseudo_assembly_program cm s)).
 …
  map_internal_ram_address_using_pseudo_address_map M sigma (true:::addr) v = v' →
   insert Byte 7 addr v'
   (high_internal_ram_of_pseudo_high_internal_ram M
+  (high_internal_ram_of_pseudo_high_internal_ram M sigma
    (high_internal_ram pseudo_assembly_program cm s))
   =high_internal_ram_of_pseudo_high_internal_ram M
+  =high_internal_ram_of_pseudo_high_internal_ram M sigma
    (insert Byte 7 addr v (high_internal_ram pseudo_assembly_program cm s)).
 …
     (code_memory_of_pseudo_assembly_program cm sigma policy)
     (status_of_pseudo_status M cm s sigma policy))
   = high_internal_ram_of_pseudo_high_internal_ram M
+  = high_internal_ram_of_pseudo_high_internal_ram M sigma
      (insert Byte 7 addr v
       (high_internal_ram pseudo_assembly_program cm s)).
 …
   >get_index_v_set_index_miss [2,4: /2/] %
 qed.
+lemma get_8051_sfr_status_of_pseudo_status:
+  ∀M.
+  ∀cm, ps, sigma, policy.
+  ∀sfr.
+    (sfr = SFR_ACC_A → \snd M = None …) →
+    get_8051_sfr (BitVectorTrie Byte 16)
+      (code_memory_of_pseudo_assembly_program cm sigma policy)
+      (status_of_pseudo_status M cm ps sigma policy) sfr =
+    get_8051_sfr pseudo_assembly_program cm ps sfr.
+  #M #cm #ps #sigma #policy * cases M #fstM #sndM #relevant
+  [18:
+     >relevant %
+  ]
+  cases sndM try % * #address
+  whd in match get_8051_sfr;
+  whd in match status_of_pseudo_status; normalize nodelta
+  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta #address
+  cases (eq_upper_lower ??) normalize nodelta
+  @pair_elim #upper #lower #upper_lower_refl
+  @get_index_v_set_index_miss @nmk #relevant
+  normalize in relevant; destruct(relevant)
+qed.
+lemma get_arg_8_pseudo_addressing_mode_ok:
+  ∀M: internal_pseudo_address_map.
+  ∀cm: pseudo_assembly_program.
+  ∀ps: PreStatus pseudo_assembly_program cm.
+  ∀sigma: Word → Word.
+  ∀policy: Word → bool.
+  ∀addr1: [[registr; direct]].
+    assert_data pseudo_assembly_program M cm ps addr1 = true →
+      get_arg_8 (BitVectorTrie Byte 16)
+        (code_memory_of_pseudo_assembly_program cm sigma policy)
+        (status_of_pseudo_status M cm ps sigma policy) true addr1 =
+      get_arg_8 pseudo_assembly_program cm ps true addr1.
+  [2,3: /2 by is_in_subvector_is_in_supervector, subaddressing_modein, I/ ]
+  #M #cm #ps #sigma #policy #addr1
+  @(subaddressing_mode_elim … addr1) #arg whd in ⊢ (? → ???%);
+  [1:
+    whd in ⊢ (??%? → ??%?);
+    whd in match bit_address_of_register; normalize nodelta
+    @pair_elim #un #ln #un_ln_refl
+    lapply (refl_to_jmrefl ??? un_ln_refl) -un_ln_refl #un_ln_refl
+    @(pair_replace ?????????? un_ln_refl)
+    [1:
+      whd in match get_8051_sfr; normalize nodelta
+      whd in match sfr_8051_index; normalize nodelta
+      @eq_f <get_index_v_special_function_registers_8051_not_acc_a
+      try % #absurd destruct(absurd)
+    |2:
+      #assembly_mode_ok_refl
+      >low_internal_ram_of_pseudo_internal_ram_miss
+      [1:
+        %
+      |2:
+        cases (data_or_address ?????) in assembly_mode_ok_refl; normalize nodelta
+        [1:
+          #absurd destruct(absurd)
+        |2:
+          * normalize nodelta
+          [1:
+          |2:
+            #_ #absurd destruct(absurd)
+          ]
+        #absurd try % @sym_eq assumption
+      ]
+    ]
+  |2:
+    #addressing_mode_ok_refl whd in ⊢ (??%?);
+    @pair_elim #nu #nl #nu_nl_refl normalize nodelta cases daemon (*
+    @pair_elim #ignore #three_bits #ignore_three_bits_refl normalize nodelta
+    inversion (get_index_v bool ????) #get_index_v_refl normalize nodelta
+    [1:
+      whd in ⊢ (??%%); normalize nodelta
+      cases (eqb ??) normalize nodelta [1: % ]
+      cases (eqb ??) normalize nodelta [1: % ]
+      cases (eqb ??) normalize nodelta [1: % ]
+      cases (eqb ??) normalize nodelta [1: % ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1: % ]
+      cases (eqb ??) normalize nodelta [1: % ]
+      cases (eqb ??) normalize nodelta [1: % ]
+      cases (eqb ??) normalize nodelta [1: % ]
+      cases (eqb ??) normalize nodelta [1: % ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ]
+      inversion (eqb ??) #eqb_refl normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status lapply addressing_mode_ok_refl
+        whd in ⊢ (??%? → ?); <(eqb_true_to_eq … eqb_refl)
+        >bitvector_of_nat_inverse_nat_of_bitvector >eq_bv_refl normalize nodelta
+        #assoc_list_assm cases (conjunction_true … assoc_list_assm) #_
+        #relevant #_ cases (eq_accumulator_address_map_entry_true_to_eq … relevant) %
+      ]
+      cases (eqb ??) normalize nodelta [1:
+        @get_8051_sfr_status_of_pseudo_status
+        #absurd destruct(absurd)
+      ] %
+    |2:
+      lapply addressing_mode_ok_refl whd in ⊢ (??%? → ?); #relevant
+      whd in match status_of_pseudo_status; normalize nodelta
+      >low_internal_ram_of_pseudo_internal_ram_miss try %
+      cut(arg = false:::(three_bits@@nl))
+      [1:
+        <get_index_v_refl
+        cut(nu=get_index_v bool 4 nu O (le_S_S O 3 (le_O_n 3)):::three_bits)
+        [1:
+          cut(ignore = [[get_index_v bool 4 nu 0 ?]])
+          [1:
+            @le_S_S @le_O_n
+          |2:
+            cut(ignore = \fst (vsplit bool 1 3 nu))
+            [1:
+              >ignore_three_bits_refl %
+            |2:
+              #ignore_refl >ignore_refl
+              cases (bitvector_cases_hd_tl … nu) #hd * #tl #nu_refl
+              >nu_refl %
+            ]
+          |3:
+            #ignore_refl >ignore_refl in ignore_three_bits_refl;
+            #relevant lapply (vsplit_ok ?????? (sym_eq … relevant))
+            #nu_refl <nu_refl %
+          ]
+        |2:
+          #nu_refl change with (? = (?:::three_bits)@@?) <nu_refl
+          @sym_eq @vsplit_ok >nu_nl_refl %
+        ]
+      |2:
+        #arg_refl <arg_refl cases (assoc_list_exists ?????) in relevant;
+        normalize nodelta
+        [1:
+          cases (eq_bv ???) normalize #absurd destruct(absurd)
+        |2:
+          #_ %
+        ]
+      ]
+    ]
+  ] *)
+qed.

Note: See TracChangeset for help on using the changeset viewer.