Context Navigation

← Previous Changeset
Next Changeset →

Changeset 2273

Timestamp:

Jul 30, 2012, 12:46:19 AM (7 years ago)

Author:

sacerdot

Message:

lemmas moved from all files to Test.ma
most of the lemmas in Test.ma repaired. A few are commented out. Several needs to be slightly generalized.

Location:

src/ASM

Files:

: 4 edited

AssemblyProofSplit.ma (modified) (3 diffs)
AssemblyProofSplitSplit.ma (modified) (1 diff)
PolicyFront.ma (modified) (1 diff)
Test.ma (modified) (28 diffs)

Legend:

: Unmodified
: Added
: Removed

src/ASM/AssemblyProofSplit.ma

-                      r2272
+                      r2273
 include "ASM/Test.ma".
+lemma addressing_mode_ok_to_map_address_using_internal_pseudo_address_map:
+  ∀M, cm, ps, sigma, x.
+  ∀addr1: [[acc_a]].
+    addressing_mode_ok pseudo_assembly_program M cm ps addr1=true →
+      map_address_using_internal_pseudo_address_map M sigma SFR_ACC_A x = x.
+  #M #cm #ps #sigma #x #addr1
+  @(subaddressing_mode_elim … addr1)
+  whd in ⊢ (??%? → ??%?);
+  cases (\snd M)
+  [1:
+    //
+  |2:
+    #upper_lower #address normalize nodelta #absurd
+    destruct(absurd)
+  ]
+qed.
+lemma addressing_mode_ok_to_snd_M_data:
+  ∀M, cm, ps.
+  ∀addr: [[acc_a]].
+  addressing_mode_ok pseudo_assembly_program M cm ps addr = true →
+    \snd M = data.
+  #M #addr #ps #addr
+  @(subaddressing_mode_elim … addr)
+  whd in ⊢ (??%? → ?);
+  cases (\snd M) normalize nodelta
+  [2:
+    * #address #absurd destruct(absurd)
+  ]
+  #_ %
+qed.
+lemma assoc_list_exists_true_to_assoc_list_lookup_Some:
+  ∀A, B: Type[0].
+  ∀e: A.
+  ∀the_list: list (A × B).
+  ∀eq_f: A → A → bool.
+    assoc_list_exists A B e eq_f the_list = true →
+      ∃e'. assoc_list_lookup A B e eq_f the_list = Some … e'.
+  #A #B #e #the_list #eq_f elim the_list
+  [1:
+    whd in ⊢ (??%? → ?); #absurd destruct(absurd)
+  |2:
+    #hd #tl #inductive_hypothesis
+    whd in ⊢ (??%? → ?); whd in match (assoc_list_lookup ?????);
+    cases (eq_f (\fst hd) e) normalize nodelta
+    [1:
+      #_ %{(\snd hd)} %
+    |2:
+      @inductive_hypothesis
+    ]
+  ]
+qed.
+lemma assoc_list_exists_false_to_assoc_list_lookup_None:
+  ∀A, B: Type[0].
+  ∀e, e': A.
+  ∀the_list, the_list': list (A × B).
+  ∀eq_f: A → A → bool.
+    e = e' →
+    the_list = the_list' →
+      assoc_list_exists A B e eq_f the_list = false →
+        assoc_list_lookup A B e' eq_f the_list' = None ….
+  #A #B #e #e' #the_list elim the_list
+  [1:
+    #the_list' #eq_f #e_refl <e_refl #the_list_refl <the_list_refl #_ %
+  |2:
+    #hd #tl #inductive_hypothesis #the_list' #eq_f #e_refl #the_list_refl <the_list_refl
+    whd in ⊢ (??%? → ??%?); <e_refl
+    cases (eq_f (\fst hd) e) normalize nodelta
+    [1:
+      #absurd destruct(absurd)
+    |2:
+      >e_refl in ⊢ (? → %); @inductive_hypothesis try % assumption
+    ]
+  ]
+qed.
+lemma sfr_psw_eq_to_bit_address_of_register_eq:
+  ∀A: Type[0].
+  ∀code_memory: A.
+  ∀status, status', register_address.
+    get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
+      bit_address_of_register A code_memory status register_address = bit_address_of_register A code_memory status' register_address.
+  #A #code_memory #status #status' #register_address #sfr_psw_refl
+  whd in match bit_address_of_register; normalize nodelta
+  <sfr_psw_refl %
+qed.
+lemma sfr_psw_and_low_internal_ram_eq_to_get_register_eq:
+  ∀A: Type[0].
+  ∀code_memory: A.
+  ∀status, status', register_address.
+    get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
+      low_internal_ram A code_memory status = low_internal_ram A code_memory status' →
+        get_register A code_memory status register_address = get_register A code_memory status' register_address.
+  #A #code_memory #status #status' #register_address #sfr_psw_refl #low_internal_ram_refl
+  whd in match get_register; normalize nodelta <low_internal_ram_refl
+  >(sfr_psw_eq_to_bit_address_of_register_eq … status status') //
+qed.
+lemma map_address_mode_using_internal_pseudo_address_map_ok1_addr:
+  ∀M', cm, status, status', sigma.
+  ∀addr1: [[acc_a; registr; direct; indirect; data; ext_indirect; ext_indirect_dptr]]. (* XXX: expand as needed *)
+    get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
+    addressing_mode_ok pseudo_assembly_program M' cm status addr1 = true →
+    map_address_mode_using_internal_pseudo_address_map_ok1 M' cm status' sigma addr1.
+  #M' #cm #status #status' #sigma #addr1 #sfr_refl
+  @(subaddressing_mode_elim … addr1) try (#w #_ @I)
+  [1,4: #_ @I ] #w
+  whd in ⊢ (??%? → %);
+  inversion (assoc_list_exists ?????) #assoc_list_exists_refl normalize nodelta
+  [1,3:
+    #absurd destruct(absurd)
+  |2,4:
+    #_
+    @(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) … assoc_list_exists_refl)
+    <(sfr_psw_eq_to_bit_address_of_register_eq … status status') try % assumption
+  ]
+qed.
+(*CSC: move elsewhere*)
 lemma not_b_c_to_b_not_c:
   ∀b, c: bool.
     (¬b) = c → b = (¬c).
   //
-qed.
-(* XXX: move above elsewhere *)
-lemma sfr8051_neq_acc_a_to_map_address_using_internal_pseudo_address_map:
-  ∀M.
-  ∀sigma.
-  ∀sfr8051.
-  ∀b.
-    sfr8051 ≠ SFR_ACC_A →
-      map_address_using_internal_pseudo_address_map M sigma sfr8051 b = b.
-  #M #sigma * #b
-  [18:
-    #relevant cases (absurd … (refl ??) relevant)
+  ]
-  #_ %
-qed.
-lemma w_neq_224_to_map_address_Byte_using_internal_pseudo_address_map:
-  ∀M.
-  ∀sigma: Word → Word.
-  ∀w: BitVector 8.
-  ∀b.
-    w ≠ bitvector_of_nat … 224 →
-      map_address_Byte_using_internal_pseudo_address_map M sigma w b = b.
-  #M #sigma #w #b #w_neq_assm
-  whd in ⊢ (??%?); inversion (sfr_of_Byte ?)
-  [1:
-    #sfr_of_Byte_refl %
-  |2:
-    * #sfr8051 #sfr_of_Byte_refl normalize nodelta try %
-    @sfr8051_neq_acc_a_to_map_address_using_internal_pseudo_address_map %
-    #relevant >relevant in sfr_of_Byte_refl; #sfr_of_Byte_refl
-    @(absurd ?? w_neq_assm)
-    lapply sfr_of_Byte_refl -b -sfr_of_Byte_refl -relevant -w_neq_assm -sfr8051 -sigma
-    whd in match sfr_of_Byte; normalize nodelta
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    @eqb_elim #eqb_refl normalize nodelta [1: #_ <eqb_refl >bitvector_of_nat_inverse_nat_of_bitvector % ]
-    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
-    #absurd destruct(absurd)
-qed.
-lemma assoc_list_exists_false_to_map_internal_ram_address_using_pseudo_address_map:
-  ∀M, sigma, w, b.
-    assoc_list_exists Byte (upper_lower×Word) w (eq_bv 8) (\fst  M) = false →
-      map_internal_ram_address_using_pseudo_address_map M sigma w b = b.
-  #M #sigma #w #b #assoc_list_exists_assm
-  whd in ⊢ (??%?);
-  >(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) … assoc_list_exists_assm) %
-qed.
-lemma addressing_mode_ok_to_map_address_mode_using_internal_pseudo_address_map_ok2:
-  ∀M', cm.
-  ∀sigma, status, status', b, b'.
-  ∀addr1: [[acc_a; registr; direct; indirect; data; bit_addr; ext_indirect; ext_indirect_dptr]]. (* XXX: expand as needed *)
-    get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
-    low_internal_ram pseudo_assembly_program cm status = low_internal_ram pseudo_assembly_program cm status' →
-    b = b' →
-    addressing_mode_ok pseudo_assembly_program M' cm status addr1 = true →
-      map_address_mode_using_internal_pseudo_address_map_ok2 pseudo_assembly_program M' sigma cm status' addr1 b = b'.
-  #M' #cm #sigma #status #status' #b #b' #addr1 #sfr_refl #low_internal_ram_refl #b_refl <b_refl
-  @(subaddressing_mode_elim … addr1)
-  [1:
-    whd in ⊢ (??%? → ??%?); cases (\snd M')
-    [1:
-      normalize nodelta #_ %
-    |2:
-      * #address normalize nodelta #absurd destruct(absurd)
+    ]
-  |2,4:
-    #w whd in ⊢ (??%? → ??%?);
-    inversion (assoc_list_exists ?????) #assoc_list_exists_refl normalize nodelta
-    [1,3:
-      #absurd destruct(absurd)
-    |2:
-      #_
-      <(sfr_psw_eq_to_bit_address_of_register_eq … status status' w … sfr_refl)
-      >(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) … assoc_list_exists_refl)
-      normalize nodelta %
-    |4:
-      #assoc_list_exists_assm lapply (not_b_c_to_b_not_c … assoc_list_exists_assm)
-      -assoc_list_exists_assm #assoc_list_exists_assm
-      <(sfr_psw_and_low_internal_ram_eq_to_get_register_eq … status status' [[false; false; w]] … sfr_refl low_internal_ram_refl)
-      >(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) … assoc_list_exists_assm)
-      normalize nodelta %
+    ]
-  |3:
-    #w whd in ⊢ (??%? → ??%?);
-    @eq_bv_elim #eq_bv_refl normalize nodelta
-    [1:
-      #assoc_list_exists_assm cases (conjunction_true … assoc_list_exists_assm)
-      #assoc_list_exists_refl #eq_accumulator_refl
-      >eq_bv_refl change with (map_address_Byte_using_internal_pseudo_address_map M' sigma (bitvector_of_nat 8 224) b = b)
-      whd in ⊢ (??%?); >(eq_accumulator_address_map_entry_true_to_eq … eq_accumulator_refl)
+      %
-    |2:
-      #assoc_list_exists_assm
-      @(vsplit_elim bool ???) #bit_one #seven_bits #bit_one_seven_bits_refl normalize nodelta
-      cases (Vector_Sn … bit_one) #bit * #tl >(Vector_O … tl) #bit_one_refl >bit_one_refl
-      <head_head' inversion bit #bit_refl normalize nodelta
-      >bit_one_refl in bit_one_seven_bits_refl; >bit_refl #w_refl normalize in w_refl;
-      [1:
-        @w_neq_224_to_map_address_Byte_using_internal_pseudo_address_map <w_refl assumption
-      |2:
-        @assoc_list_exists_false_to_map_internal_ram_address_using_pseudo_address_map
-        <w_refl @(not_b_c_to_b_not_c … assoc_list_exists_assm)
+      ]
+    ]
-  |5,6,7,8:
-    #w try #w' %
+  ]
-qed.
-lemma addressing_mode_ok_to_map_bit_address_mode_using_internal_pseudo_address_map_get:
-  ∀M: internal_pseudo_address_map.
-  ∀cm: pseudo_assembly_program.
-  ∀s: PreStatus pseudo_assembly_program cm.
-  ∀sigma: Word → Word.
-  ∀addr: [[bit_addr]]. (* XXX: expand as needed *)
-  ∀f: bool.
-  addressing_mode_ok pseudo_assembly_program M cm s addr = true →
-    map_bit_address_mode_using_internal_pseudo_address_map_get M cm s sigma addr f.
-  #M #cm #s #sigma #addr #f
-  @(subaddressing_mode_elim … addr) #w
-  whd in ⊢ (??%? → %);
-  @(vsplit_elim bool ???) #bit_one #seven_bits #bit_one_seven_bits_refl normalize nodelta
-  cases (head' bool ??) normalize nodelta
-  [1:
-    #eq_accumulator_assm whd in ⊢ (??%?);
-    cases (sfr_of_Byte ?) try %
-    * * normalize nodelta try %
-    whd in ⊢ (??%?);
-    >(eq_accumulator_address_map_entry_true_to_eq … eq_accumulator_assm) %
-  |2:
-    #assoc_list_exists_assm whd in ⊢ (??%?);
-    >(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) (not_b_c_to_b_not_c … assoc_list_exists_assm)) %
+  ]
-qed.
-lemma addressing_mode_ok_to_map_bit_address_mode_using_internal_pseudo_address_map_set_1:
-  ∀M: internal_pseudo_address_map.
-  ∀cm: pseudo_assembly_program.
-  ∀s, s': PreStatus pseudo_assembly_program cm.
-  ∀sigma: Word → Word.
-  ∀addr: [[bit_addr; carry]]. (* XXX: expand as needed *)
-  ∀f: bool.
-  s = s' →
-  addressing_mode_ok pseudo_assembly_program M cm s addr = true →
-    map_bit_address_mode_using_internal_pseudo_address_map_set_1 M cm s' sigma addr f.
-  #M #cm #s #s' #sigma #addr #f #s_refl <s_refl
-  @(subaddressing_mode_elim … addr) [1: #w ]
-  whd in ⊢ (??%? → %); [2: #_ @I ]
-  inversion (vsplit bool 1 7 w) #bit_one #seven_bits #bit_one_seven_bits_refl normalize nodelta
-  cases (head' bool ??) normalize nodelta
-  [1:
-    #eq_accumulator_assm whd in ⊢ (??%?);
-    cases (sfr_of_Byte ?) try % * * try % normalize nodelta
-    whd in ⊢ (??%?);
-    >(eq_accumulator_address_map_entry_true_to_eq … eq_accumulator_assm) %
-  |2:
-    #assoc_list_exists_assm whd in ⊢ (??%?);
-    lapply (not_b_c_to_b_not_c ?? assoc_list_exists_assm) -assoc_list_exists_assm #assoc_list_exists_assm
-    whd in assoc_list_exists_assm:(???%);
-    >(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) assoc_list_exists_assm) %
+  ]
-qed.
-lemma addressing_mode_ok_to_map_bit_address_mode_using_internal_pseudo_address_map_set_2:
-  ∀M: internal_pseudo_address_map.
-  ∀cm: pseudo_assembly_program.
-  ∀s, s': PreStatus pseudo_assembly_program cm.
-  ∀sigma: Word → Word.
-  ∀addr: [[bit_addr; carry]]. (* XXX: expand as needed *)
-  ∀f: bool.
-  s = s' →
-  addressing_mode_ok pseudo_assembly_program M cm s addr = true →
-    map_bit_address_mode_using_internal_pseudo_address_map_set_2 M cm s' sigma addr f.
-  #M #cm #s #s' #sigma #addr #f #s_refl <s_refl
-  @(subaddressing_mode_elim … addr) [1: #w ]
-  whd in ⊢ (??%? → %); [2: #_ @I ]
-  inversion (vsplit bool 1 7 w) #bit_one #seven_bits #bit_one_seven_bits_refl normalize nodelta
-  cases (head' bool ??) normalize nodelta
-  [1:
-    #eq_accumulator_assm whd in ⊢ (??%?);
-    cases (sfr_of_Byte ?) try % * * try % normalize nodelta
-    whd in ⊢ (??%?);
-    >(eq_accumulator_address_map_entry_true_to_eq … eq_accumulator_assm) %
-  |2:
-    #assoc_list_exists_assm whd in ⊢ (??%?);
-    lapply (not_b_c_to_b_not_c ?? assoc_list_exists_assm) -assoc_list_exists_assm #assoc_list_exists_assm
-    whd in assoc_list_exists_assm:(???%);
-    >(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) assoc_list_exists_assm) %
+  ]
 qed.
 …
 qed.
+(*CSC: move elsewhere*)
 lemma conjunction_split:
   ∀l, l', r, r': bool.
 …
   #n_refl #s_refl #s_refl' <n_refl <s_refl
   cases n normalize nodelta try % #n' <(s_refl' n') %
-qed.
-axiom insert_low_internal_ram_of_pseudo_low_internal_ram':
-  ∀M, M', sigma,cm,s,addr,v,v'.
-    (∀addr'.
-      ((false:::addr) = addr' →
-        map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v =
-        map_internal_ram_address_using_pseudo_address_map M' sigma (false:::addr) v') ∧
-      ((false:::addr) ≠ addr' →
-        let 〈callM, accM〉 ≝ M in
-        let 〈callM', accM'〉 ≝ M' in
-          accM = accM' ∧
-            assoc_list_lookup … addr' (eq_bv 8) … callM =
-              assoc_list_lookup … addr' (eq_bv 8) … callM')) →
-    insert Byte 7 addr v'
-      (low_internal_ram_of_pseudo_low_internal_ram M'
-      (low_internal_ram pseudo_assembly_program cm s)) =
-    low_internal_ram_of_pseudo_low_internal_ram M
-      (insert Byte 7 addr v (low_internal_ram pseudo_assembly_program cm s)).
-lemma write_at_stack_pointer_status_of_pseudo_status:
-  ∀M, M'.
-  ∀cm.
-  ∀sigma.
-  ∀policy.
-  ∀s, s'.
-  ∀new_b, new_b'.
-    map_internal_ram_address_using_pseudo_address_map M sigma (get_8051_sfr pseudo_assembly_program cm s SFR_SP) new_b = new_b' →
-    status_of_pseudo_status M cm s sigma policy = s' →
-    write_at_stack_pointer ?? s' new_b' =
-    status_of_pseudo_status M' cm (write_at_stack_pointer ? cm s new_b) sigma policy.
-  #M #M' #cm #sigma #policy #s #s' #new_b #new_b'
-  #new_b_refl #s_refl <new_b_refl <s_refl
-  whd in match write_at_stack_pointer; normalize nodelta
-  @pair_elim #nu #nl #nu_nl_refl normalize nodelta
-  @(pair_replace ?????????? (eq_to_jmeq … nu_nl_refl))
-  [1:
-    @eq_f
-    whd in match get_8051_sfr; normalize nodelta
-    whd in match sfr_8051_index; normalize nodelta
-    whd in match status_of_pseudo_status; normalize nodelta
-    whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
-    cases (\snd M) [2: * #address ] normalize nodelta
-    [1,2:
-      cases (vsplit bool ???) #high #low normalize nodelta
-      whd in match sfr_8051_index; normalize nodelta
-      >get_index_v_set_index_miss %
-      #absurd destruct(absurd)
-    |3:
+      %
+    ]
-  |2:
-    @if_then_else_status_of_pseudo_status try %
-    [2:
-      @sym_eq <set_low_internal_ram_status_of_pseudo_status
-      [1:
-        @eq_f2
-        [2:
-          @insert_low_internal_ram_of_pseudo_low_internal_ram'
-    @sym_eq
-    [2:
-      <set_low_internal_ram_status_of_pseudo_status
-      [1:
-        @eq_f2
-        [2:
-          @sym_eq
-          >(insert_low_internal_ram_of_pseudo_low_internal_ram … sigma … new_b')
-          [2:
-            >new_b_refl
+    ]
+  ]
 qed.

src/ASM/AssemblyProofSplitSplit.ma

-                      r2269
+                      r2273
 qed.
-(*CSC: move elsewhere*)
-lemma bv_append_eq_to_eq:
- ∀A,n. ∀v1,v2: Vector A n. ∀m. ∀v3,v4: Vector A m.
-  v1@@v3 = v2@@v4 → v1=v2 ∧ v3=v4.
- #A #n #v1 elim v1
- [ #v2 >(Vector_O … v2) #m #v3 #v4 normalize * %%
- | #n' #hd1 #tl1 #IH #v2 cases (Vector_Sn … v2) #hd2 * #tl2 #EQ2 >EQ2
-   #m #v3 #v4 #EQ normalize in EQ; destruct(EQ) cases (IH … e0) * * %% ]
-qed.
 theorem main_thm:
   ∀M, M': internal_pseudo_address_map.

src/ASM/PolicyFront.ma

r2264	r2273
238	238	]
239	239	].
240
	240
241	241	(* new safety condition: sigma corresponds to program and resulting program is compact *)
242	242	definition sigma_compact ≝

src/ASM/Test.ma

-                      r2272
+                      r2273
 qed.
-(*
 lemma get_index_v_status_of_pseudo_status:
   ∀M, code_memory, sigma, policy, s, s', sfr.
 …
   whd in match status_of_pseudo_status; normalize nodelta
   whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
   inversion (\snd M) try (#upper_lower #address) #sndM_refl normalize nodelta
+  inversion (\snd M) try ( * #upper_lower #address) #sndM_refl normalize nodelta
  [1:
     cases sfr
 …
+    %
   |2:
+   inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
     @pair_elim #high #low #high_low_refl normalize nodelta
-    inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
     cases sfr
     [18,37:
 …
+  ]
 qed.
-*)
 lemma set_8051_sfr_status_of_pseudo_status:
 …
         (set_8051_sfr pseudo_assembly_program code_memory s sfr v) sigma policy.
   #M #code_memory #sigma #policy #s #s' #sfr #v #v' #s_ok #v_ok
+  <s_ok whd in ⊢ (??%%); @split_eq_status try % /2/
+qed.
+(*
+  <s_ok whd in ⊢ (??%%); @split_eq_status try % /2 by set_index_status_of_pseudo_status/
+qed.
+(*lemma get_8051_sfr_status_of_pseudo_status:
+  ∀M.
+  ∀cm, ps, sigma, policy.
+  ∀sfr.
+    (sfr = SFR_ACC_A → \snd M = None …) →
+    get_8051_sfr (BitVectorTrie Byte 16)
+      (code_memory_of_pseudo_assembly_program cm sigma policy)
+      (status_of_pseudo_status M cm ps sigma policy) sfr =
+    get_8051_sfr pseudo_assembly_program cm ps sfr.
+  #M #cm #ps #sigma #policy * cases M #fstM #sndM #relevant
+  [18: >relevant % ]
+  cases sndM try % * #address
+  whd in match get_8051_sfr;
+  whd in match status_of_pseudo_status; normalize nodelta
+  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta #address
+  cases (eq_upper_lower ??) normalize nodelta
+  @pair_elim #upper #lower #upper_lower_refl
+  @get_index_v_set_index_miss @nmk #relevant
+  normalize in relevant; destruct(relevant)
+qed.*)
 lemma get_8051_sfr_status_of_pseudo_status:
   ∀M, code_memory, sigma, policy, s, s', s'', sfr.
 …
   whd in match get_8051_sfr; normalize nodelta
   @get_index_v_status_of_pseudo_status %
 qed.*)
+qed.
 lemma get_8052_sfr_status_of_pseudo_status:
 …
    (low_internal_ram pseudo_assembly_program cm s) (zero 8)) = s' →
   lookup Byte 7 addr
   (low_internal_ram_of_pseudo_low_internal_ram M
+  (low_internal_ram_of_pseudo_low_internal_ram M sigma
    (low_internal_ram pseudo_assembly_program cm s)) (zero 8)
   = s'.
 …
    (high_internal_ram pseudo_assembly_program cm s) (zero 8)) = s' →
   lookup Byte 7 addr
   (high_internal_ram_of_pseudo_high_internal_ram M
+  (high_internal_ram_of_pseudo_high_internal_ram M sigma
    (high_internal_ram pseudo_assembly_program cm s)) (zero 8)
   = s'.
 …
 definition map_address_mode_using_internal_pseudo_address_map_ok1 ≝
  λM:internal_pseudo_address_map.λcm.λs:PreStatus ? cm.λsigma. λaddr.
+  let 〈low,high,accA〉 ≝ M in
   match addr with
   [ INDIRECT i ⇒
      assoc_list_lookup ??
       (false:::bit_address_of_register pseudo_assembly_program cm s [[false; false; i]]) (eq_bv …) (\fst M) = None …
+     lookup_opt …
+      (bit_address_of_register pseudo_assembly_program cm s [[false; false; i]]) low = None …
   | EXT_INDIRECT e ⇒
      assoc_list_lookup ??
       (false:::bit_address_of_register pseudo_assembly_program cm s [[false; false; e]]) (eq_bv …) (\fst M) = None …
+     lookup_opt …
+      (bit_address_of_register pseudo_assembly_program cm s [[false; false; e]]) low = None …
   | ACC_DPTR ⇒
     (* XXX: \snd M = None plus in the very rare case when we are trying to dereference a null (O) pointer
 …
                   set_low_internal_ram ?? s memory
+              ]
       | INDIRECT i ⇒
         λindirect: True.
 …
     [ >(vsplit_ok … vsplit_refl) #_ @set_bit_addressable_sfr_status_of_pseudo_status
     | #_ #v_ok >(insert_low_internal_ram_status_of_pseudo_status … v) // ]
+  |3,4: #EQ1 #EQ2 change with (get_register ????) in match register in p;
+  |3,4: cases M * -M #low #high #accA normalize nodelta
+      #EQ1 #EQ2 change with (get_register ????) in match register in p;
       >(get_register_status_of_pseudo_status … (refl …) (refl …))
       whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
+      whd in match (lookup_from_internal_ram ??);
       >EQ1 normalize nodelta >p normalize nodelta >p1 normalize nodelta
       [ >(insert_high_internal_ram_status_of_pseudo_status … v)
       | >(insert_low_internal_ram_status_of_pseudo_status … v) ]
       // <EQ2 @eq_f2 try % <(vsplit_ok … (sym_eq … p)) <eq_cons_head_append >p1 %
+  |5: #EQ1 #EQ2 <EQ2 >(get_register_status_of_pseudo_status … (refl …) (refl …))
+  |5: cases M * -M #low #high #accA normalize nodelta
+      #EQ1 #EQ2 <EQ2 >(get_register_status_of_pseudo_status … (refl …) (refl …))
       whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
+      whd in match lookup_from_internal_ram; normalize nodelta
       >EQ1 normalize nodelta
       >external_ram_status_of_pseudo_status @set_external_ram_status_of_pseudo_status
 …
     #_>p normalize nodelta >p1 normalize nodelta
     @(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma) %
   |3,4:
+  |3,4: cases M -M * #low #high #accA
     #assoc_list_assm >(get_register_status_of_pseudo_status … (refl …) (refl …))
     whd in match map_internal_ram_address_using_pseudo_address_map in ⊢ (??%?); normalize nodelta
+    whd in match lookup_from_internal_ram; normalize nodelta
     >assoc_list_assm normalize nodelta >p normalize nodelta >p1 normalize nodelta
     [1:
       @(lookup_high_internal_ram_of_pseudo_high_internal_ram … sigma)
+      @(lookup_high_internal_ram_of_pseudo_high_internal_ram … 〈low,high,accA〉 sigma)
     |2:
       @(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma)
+      @(lookup_low_internal_ram_of_pseudo_low_internal_ram … 〈low,high,accA〉 sigma)
+    ]
     @eq_f2 try % <(vsplit_ok … (sym_eq … p)) <eq_cons_head_append >p1 %
   |5:
+  |5: cases M -M * #low #high #accA
     #assoc_list_assm >(get_register_status_of_pseudo_status … (refl …) (refl …))
     whd in match map_internal_ram_address_using_pseudo_address_map in ⊢ (??%?); normalize nodelta
+    whd in match lookup_from_internal_ram; normalize nodelta
     >assoc_list_assm normalize nodelta %
   |6,7,8,9:
     #_ /2 by refl, get_register_status_of_pseudo_status, get_index_v_status_of_pseudo_status/
   |10:
+  |10: cases M -M * #low #high #accA
     #acc_a_assm >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
     >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
 …
     whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
     >acc_a_assm >p normalize nodelta //
   |11:
+  |11: cases M -M * #low #high #accA
     * #map_acc_a_assm #sigma_assm >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
     >(program_counter_status_of_pseudo_status … (refl …) (refl …))
 …
     match head' … bit_1 with
     [ true ⇒
+      let address ≝ nat_of_bitvector … seven_bits in
+      let d ≝ address ÷ 8 in
+      let m ≝ address mod 8 in
+      let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
+      let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+      let trans ≝ true:::four_bits @@ [[false; false; false]] in
         map_address_Byte_using_internal_pseudo_address_map M sigma trans (get_bit_addressable_sfr pseudo_assembly_program cm s trans l) = get_bit_addressable_sfr … cm s trans l
     | false ⇒
       let address ≝ nat_of_bitvector … seven_bits in
       let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
+      let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+      let address' ≝ [[true; false; false]]@@four_bits in
       let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
         map_internal_ram_address_using_pseudo_address_map M sigma
+      map_internal_ram_address_using_pseudo_address_map M sigma
           (false:::address') t = t
+    ]
 …
     match head' … bit_1 with
     [ true ⇒
+      let address ≝ nat_of_bitvector … seven_bits in
+      let d ≝ address ÷ 8 in
+      let m ≝ address mod 8 in
+      let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
+      let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+      let trans ≝ true:::four_bits @@ [[false; false; false]] in
         map_address_Byte_using_internal_pseudo_address_map M sigma trans (get_bit_addressable_sfr pseudo_assembly_program cm s trans l) = get_bit_addressable_sfr … cm s trans l
     | false ⇒
       let address ≝ nat_of_bitvector … seven_bits in
       let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
+      let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+      let address' ≝ [[true; false; false]]@@four_bits in
       let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
         map_internal_ram_address_using_pseudo_address_map M sigma
+      map_internal_ram_address_using_pseudo_address_map M sigma
           (false:::address') t = t
+    ]
 …
         match head' … bit_1 with
         [ true ⇒
+          let address ≝ nat_of_bitvector … seven_bits in
+          let d ≝ address ÷ 8 in
+          let m ≝ address mod 8 in
+          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let trans ≝ true:::four_bits @@ [[false; false; false]] in
           let sfr ≝ get_bit_addressable_sfr ?? s trans l in
             get_index_v … sfr m ?
+            get_index_v … sfr (nat_of_bitvector … three_bits) ?
         | false ⇒
           let address ≝ nat_of_bitvector … seven_bits in
           let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let address' ≝ [[true; false; false]]@@four_bits in
           let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
             get_index_v … t (modulus address 8) ?
+            get_index_v … t (nat_of_bitvector … three_bits) ?
+        ]
       | N_BIT_ADDR n ⇒
 …
         match head' … bit_1 with
         [ true ⇒
+          let address ≝ nat_of_bitvector … seven_bits in
+          let d ≝ address ÷ 8 in
+          let m ≝ address mod 8 in
+          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let trans ≝ true:::four_bits @@ [[false; false; false]] in
           let sfr ≝ get_bit_addressable_sfr ?? s trans l in
             ¬(get_index_v … sfr m ?)
+            ¬(get_index_v ?? sfr (nat_of_bitvector … three_bits) ?)
         | false ⇒
           let address ≝ nat_of_bitvector … seven_bits in
           let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let address' ≝ [[true; false; false]]@@four_bits in
           let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
             ¬(get_index_v … t (modulus address 8) ?)
+            ¬(get_index_v … t (nat_of_bitvector … three_bits) ?)
+        ]
       | CARRY ⇒ λcarry: True. get_cy_flag ?? s
 …
         match other in False with [ ]
       ] (subaddressing_modein … a)) normalize nodelta
   try @modulus_less_than
+  [4,5,8,9: //]
   #M #sigma #policy #s' #s_refl <s_refl
   [1:
     #_ >(get_cy_flag_status_of_pseudo_status … (refl …)) %
   |2,4:
+    whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta
+    whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta destruct >p2
+    normalize nodelta
     >(get_bit_addressable_sfr_status_of_pseudo_status … (refl …) (refl …)) #map_address_assm
     >map_address_assm %
   |3,5:
     whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta
     whd in match status_of_pseudo_status; normalize nodelta
+    whd in match status_of_pseudo_status; normalize nodelta destruct >p2 normalize nodelta
     >(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma … (refl …))
     #map_address_assm >map_address_assm %
 …
 qed.
+(*CSC: daemon
 definition map_bit_address_mode_using_internal_pseudo_address_map_set_1 ≝
   λM: internal_pseudo_address_map.
 …
   cases (set_arg_1_status_of_pseudo_status' cm ps addr b) #_ #relevant
   @relevant
 qed.
+qed.*)
 lemma clock_status_of_pseudo_status:
 …
 qed.
+(*CSC: daemon
 lemma set_flags_status_of_pseudo_status:
   ∀M.
 …
   [1:
     normalize nodelta %
+  |2:
+    * #address normalize nodelta
+  |2: ** #address normalize nodelta
     @(vsplit_elim bool ???) #high #low #high_low_refl normalize nodelta
     whd in ⊢ (??%%); cases opt try #opt' normalize nodelta
 …
     cases daemon
+  ]
 qed.
+qed.*)
 lemma get_ac_flag_status_of_pseudo_status:
 …
   whd in match status_of_pseudo_status; normalize nodelta
   whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
   cases (\snd M) try %
   * normalize nodelta #address
+  cases (\snd M) try % normalize nodelta ** normalize nodelta
+  #address
   @(vsplit_elim bool ???) #high #low #high_low_refl normalize nodelta
   whd in match sfr_8051_index; normalize nodelta
 …
   whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
   cases (\snd M) try %
   * normalize nodelta #address
+  ** normalize nodelta #address
   @(vsplit_elim bool ???) #high #low #high_low_refl normalize nodelta
   whd in match sfr_8051_index; normalize nodelta
 …
 qed.
+lemma get_8051_sfr_status_of_pseudo_status:
+  ∀M.
+  ∀cm, ps, sigma, policy.
+  ∀sfr.
+    (sfr = SFR_ACC_A → \snd M = None …) →
+    get_8051_sfr (BitVectorTrie Byte 16)
+      (code_memory_of_pseudo_assembly_program cm sigma policy)
+      (status_of_pseudo_status M cm ps sigma policy) sfr =
+    get_8051_sfr pseudo_assembly_program cm ps sfr.
+  #M #cm #ps #sigma #policy * cases M #fstM #sndM #relevant
+  [18:
+     >relevant %
+  ]
+  cases sndM try % * #address
+  whd in match get_8051_sfr;
+  whd in match status_of_pseudo_status; normalize nodelta
+  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta #address
+  cases (eq_upper_lower ??) normalize nodelta
+  @pair_elim #upper #lower #upper_lower_refl
+  @get_index_v_set_index_miss @nmk #relevant
+  normalize in relevant; destruct(relevant)
+qed.
+(*CSC: useless?
 lemma get_arg_8_pseudo_addressing_mode_ok:
   ∀M: internal_pseudo_address_map.
 …
   |2:
     #addressing_mode_ok_refl whd in ⊢ (??%?);
     @pair_elim #nu #nl #nu_nl_refl normalize nodelta cases daemon (*
+    @pair_elim #nu #nl #nu_nl_refl normalize nodelta XXX cases daemon (*
     @pair_elim #ignore #three_bits #ignore_three_bits_refl normalize nodelta
     inversion (get_index_v bool ????) #get_index_v_refl normalize nodelta
 …
+      ]
+    ]
+  ] *)
+qed.
+  ]
+qed.*)*)
+lemma addressing_mode_ok_to_map_address_using_internal_pseudo_address_map:
+  ∀M, cm, ps, sigma, x.
+  ∀addr1: [[acc_a]].
+    assert_data pseudo_assembly_program M cm ps addr1=true →
+      map_address_using_internal_pseudo_address_map M sigma SFR_ACC_A x = x.
+  #M #cm #ps #sigma #x #addr1
+  @(subaddressing_mode_elim … addr1)
+  whd in ⊢ (??%? → ??%?); cases M -M * #low #high * [//]
+  * #upper_lower #address normalize nodelta #absurd destruct(absurd)
+qed.
+lemma addressing_mode_ok_to_snd_M_data:
+  ∀M, cm, ps.
+  ∀addr: [[acc_a]].
+  assert_data pseudo_assembly_program M cm ps addr = true →
+    \snd M = None ….
+  #M #cm #ps #addr
+  @(subaddressing_mode_elim … addr)
+  whd in ⊢ (??%? → ?); cases M * #low #high * normalize nodelta
+  [ #_ %
+  | #addr #abs destruct(abs) ]
+qed.
+(*(*CSC: move elsewhere*)
+lemma assoc_list_exists_true_to_assoc_list_lookup_Some:
+  ∀A, B: Type[0].
+  ∀e: A.
+  ∀the_list: list (A × B).
+  ∀eq_f: A → A → bool.
+    assoc_list_exists A B e eq_f the_list = true →
+      ∃e'. assoc_list_lookup A B e eq_f the_list = Some … e'.
+  #A #B #e #the_list #eq_f elim the_list
+  [1:
+    whd in ⊢ (??%? → ?); #absurd destruct(absurd)
+  |2:
+    #hd #tl #inductive_hypothesis
+    whd in ⊢ (??%? → ?); whd in match (assoc_list_lookup ?????);
+    cases (eq_f (\fst hd) e) normalize nodelta
+    [1:
+      #_ %{(\snd hd)} %
+    |2:
+      @inductive_hypothesis
+    ]
+  ]
+qed.
+(*CSC: move elsewhere*)
+lemma assoc_list_exists_false_to_assoc_list_lookup_None:
+  ∀A, B: Type[0].
+  ∀e, e': A.
+  ∀the_list, the_list': list (A × B).
+  ∀eq_f: A → A → bool.
+    e = e' →
+    the_list = the_list' →
+      assoc_list_exists A B e eq_f the_list = false →
+        assoc_list_lookup A B e' eq_f the_list' = None ….
+  #A #B #e #e' #the_list elim the_list
+  [1:
+    #the_list' #eq_f #e_refl <e_refl #the_list_refl <the_list_refl #_ %
+  |2:
+    #hd #tl #inductive_hypothesis #the_list' #eq_f #e_refl #the_list_refl <the_list_refl
+    whd in ⊢ (??%? → ??%?); <e_refl
+    cases (eq_f (\fst hd) e) normalize nodelta
+    [1:
+      #absurd destruct(absurd)
+    |2:
+      >e_refl in ⊢ (? → %); @inductive_hypothesis try % assumption
+    ]
+  ]
+qed.*)
+lemma sfr_psw_eq_to_bit_address_of_register_eq:
+  ∀A: Type[0].
+  ∀code_memory: A.
+  ∀status, status', register_address.
+    get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
+      bit_address_of_register A code_memory status register_address = bit_address_of_register A code_memory status' register_address.
+  #A #code_memory #status #status' #register_address #sfr_psw_refl
+  whd in match bit_address_of_register; normalize nodelta
+  <sfr_psw_refl %
+qed.
+lemma sfr_psw_and_low_internal_ram_eq_to_get_register_eq:
+  ∀A: Type[0].
+  ∀code_memory: A.
+  ∀status, status', register_address.
+    get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
+      low_internal_ram A code_memory status = low_internal_ram A code_memory status' →
+        get_register A code_memory status register_address = get_register A code_memory status' register_address.
+  #A #code_memory #status #status' #register_address #sfr_psw_refl #low_internal_ram_refl
+  whd in match get_register; normalize nodelta <low_internal_ram_refl
+  >(sfr_psw_eq_to_bit_address_of_register_eq … status status') //
+qed.
+lemma map_address_mode_using_internal_pseudo_address_map_ok1_addr:
+  ∀M, cm, status, status', sigma.
+  ∀addr1: [[acc_a; registr; direct; indirect; data; ext_indirect; ext_indirect_dptr]]. (* XXX: expand as needed *)
+    get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
+    assert_data pseudo_assembly_program M cm status addr1 = true →
+    map_address_mode_using_internal_pseudo_address_map_ok1 M cm status' sigma addr1.
+  * * #low #high #accA #cm #status #status' #sigma #addr1 #sfr_refl
+  @(subaddressing_mode_elim … addr1) try (#w #_ @I) [1,4: #_ @I ] #w
+  whd in ⊢ (??%? → %); whd in match (data_or_address ?????);
+  whd in match exists; normalize nodelta
+  <(sfr_psw_eq_to_bit_address_of_register_eq … status status') try assumption
+  cases (lookup_opt ????); normalize nodelta #x try % #abs destruct(abs)
+qed.
+lemma sfr8051_neq_acc_a_to_map_address_using_internal_pseudo_address_map:
+  ∀M.
+  ∀sigma.
+  ∀sfr8051.
+  ∀b.
+    sfr8051 ≠ SFR_ACC_A →
+      map_address_using_internal_pseudo_address_map M sigma sfr8051 b = b.
+  #M #sigma * #b
+  [18:
+    #relevant cases (absurd … (refl ??) relevant)
+  ]
+  #_ %
+qed.
+lemma w_neq_224_to_map_address_Byte_using_internal_pseudo_address_map:
+  ∀M.
+  ∀sigma: Word → Word.
+  ∀w: BitVector 8.
+  ∀b.
+    w ≠ bitvector_of_nat … 224 →
+      map_address_Byte_using_internal_pseudo_address_map M sigma w b = b.
+  #M #sigma #w #b #w_neq_assm
+  whd in ⊢ (??%?); inversion (sfr_of_Byte ?)
+  [1:
+    #sfr_of_Byte_refl %
+  |2:
+    * #sfr8051 #sfr_of_Byte_refl normalize nodelta try %
+    @sfr8051_neq_acc_a_to_map_address_using_internal_pseudo_address_map %
+    #relevant >relevant in sfr_of_Byte_refl; #sfr_of_Byte_refl
+    @(absurd ?? w_neq_assm)
+    lapply sfr_of_Byte_refl -b -sfr_of_Byte_refl -relevant -w_neq_assm -sfr8051 -sigma
+    whd in match sfr_of_Byte; normalize nodelta
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    @eqb_elim #eqb_refl normalize nodelta [1: #_ <eqb_refl >bitvector_of_nat_inverse_nat_of_bitvector % ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    #absurd destruct(absurd)
+qed.
+(*lemma assoc_list_exists_false_to_map_internal_ram_address_using_pseudo_address_map:
+  ∀M, sigma, w, b.
+    assoc_list_exists Byte (upper_lower×Word) w (eq_bv 8) (\fst  M) = false →
+      map_internal_ram_address_using_pseudo_address_map M sigma w b = b.
+  #M #sigma #w #b #assoc_list_exists_assm
+  whd in ⊢ (??%?);
+  >(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) … assoc_list_exists_assm) %
+qed.*)
+lemma addressing_mode_ok_to_map_address_mode_using_internal_pseudo_address_map_ok2:
+  ∀M', cm.
+  ∀sigma, status, status', b, b'.
+  ∀addr1: [[acc_a; registr; direct; indirect; data; bit_addr; ext_indirect; ext_indirect_dptr]]. (* XXX: expand as needed *)
+    get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
+    low_internal_ram pseudo_assembly_program cm status = low_internal_ram pseudo_assembly_program cm status' →
+    b = b' →
+    assert_data pseudo_assembly_program M' cm status addr1 = true →
+      map_address_mode_using_internal_pseudo_address_map_ok2 pseudo_assembly_program M' sigma cm status' addr1 b = b'.
+  #M' #cm #sigma #status #status' #b #b' #addr1 #sfr_refl #low_internal_ram_refl #b_refl <b_refl
+  @(subaddressing_mode_elim … addr1)
+  [1:
+    whd in ⊢ (??%? → ??%?); cases M' -M' * #low #high *
+    [1:
+      normalize nodelta #_ %
+    |2:
+      * #upper_lower #address normalize nodelta #absurd destruct(absurd)
+    ]
+  |2: cases M' -M' * #low #high #accA
+    #w whd in ⊢ (??%? → ??%?); whd in match (lookup_from_internal_ram ??);
+    <(sfr_psw_eq_to_bit_address_of_register_eq … status status' w … sfr_refl)
+    cases (lookup_opt ????); normalize nodelta #x try % #abs destruct(abs)
+  |4: cases M' -M' * #low #high #accA
+    #w whd in ⊢ (??%? → ??%?); whd in match lookup_from_internal_ram;
+    whd in match data_or_address; normalize nodelta whd in match exists; normalize nodelta
+    whd in match get_register; normalize nodelta
+    <(sfr_psw_eq_to_bit_address_of_register_eq … status status' … sfr_refl)
+    cases (lookup_opt ????) normalize nodelta [2: #_ #abs destruct(abs)]
+    <low_internal_ram_refl @vsplit_elim #one #seven #EQone_seven normalize nodelta
+    cases (head' bool ??) normalize nodelta cases (lookup_opt ????) normalize nodelta
+    #x try % #abs destruct(abs)
+  |3: cases M' -M' * #low #high #accA
+    #w whd in ⊢ (??%? → ??%?); whd in match data_or_address; normalize nodelta
+    @vsplit_elim #hd #tl #w_refl normalize nodelta
+    lapply (eq_head' ?? … hd) >(Vector_O … (tail … hd))
+    cases (head' bool ??) normalize nodelta
+    [2: #_ whd in match (map_internal_ram_address_using_pseudo_address_map ????);
+        whd in match (lookup_from_internal_ram ??); cases (lookup_opt ????);
+        normalize nodelta // #x #abs destruct(abs) ] #EQhd
+    >w_refl >EQhd @eq_bv_elim #eq_bv_refl normalize nodelta
+    [1: cases accA normalize nodelta try (#x #abs destruct(abs)) #_
+        normalize in eq_bv_refl; >eq_bv_refl %
+    |2: #_ @w_neq_224_to_map_address_Byte_using_internal_pseudo_address_map assumption ]
+  |5,6,7,8:
+    #w try #w' %
+  ]
+qed.
+(*CSC: move elsewhere*)
+lemma bv_append_eq_to_eq:
+ ∀A,n. ∀v1,v2: Vector A n. ∀m. ∀v3,v4: Vector A m.
+  v1@@v3 = v2@@v4 → v1=v2 ∧ v3=v4.
+ #A #n #v1 elim v1
+ [ #v2 >(Vector_O … v2) #m #v3 #v4 normalize * %%
+ | #n' #hd1 #tl1 #IH #v2 cases (Vector_Sn … v2) #hd2 * #tl2 #EQ2 >EQ2
+   #m #v3 #v4 #EQ normalize in EQ; destruct(EQ) cases (IH … e0) * * %% ]
+qed.
+lemma addressing_mode_ok_to_map_bit_address_mode_using_internal_pseudo_address_map_get:
+  ∀M: internal_pseudo_address_map.
+  ∀cm: pseudo_assembly_program.
+  ∀s: PreStatus pseudo_assembly_program cm.
+  ∀sigma: Word → Word.
+  ∀addr: [[bit_addr]]. (* XXX: expand as needed *)
+  ∀f: bool.
+  assert_data pseudo_assembly_program M cm s addr = true →
+    map_bit_address_mode_using_internal_pseudo_address_map_get M cm s sigma addr f.
+  ** #low #high #accA #cm #s #sigma #addr #f
+  @(subaddressing_mode_elim … addr) #w
+  whd in ⊢ (??%? → %); whd in match data_or_address; normalize nodelta
+  @vsplit_elim #bit_one #seven_bits #bit_one_seven_bits_refl normalize nodelta
+  @vsplit_elim #four #three #four_three_refl normalize nodelta
+  cases (head' bool ??) normalize nodelta
+  [1: @eq_bv_elim normalize nodelta
+      [1: #EQfour cases accA normalize nodelta #x [2: #abs destruct(abs)] >EQfour %
+      |2: #NEQ #_ >w_neq_224_to_map_address_Byte_using_internal_pseudo_address_map
+          try % normalize #EQ @(absurd ?? NEQ)
+          cases (bv_append_eq_to_eq … [[true]] [[true]] … EQ) #_ #EQ1
+          cases (bv_append_eq_to_eq … four [[true;true;false;false]] … EQ1) // ]
+  |2: whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
+      whd in match lookup_from_internal_ram; normalize nodelta
+      cases (lookup_opt ????); normalize nodelta #x try % #abs destruct(abs) ]
+qed.
+(*
+lemma addressing_mode_ok_to_map_bit_address_mode_using_internal_pseudo_address_map_set_1:
+  ∀M: internal_pseudo_address_map.
+  ∀cm: pseudo_assembly_program.
+  ∀s, s': PreStatus pseudo_assembly_program cm.
+  ∀sigma: Word → Word.
+  ∀addr: [[bit_addr; carry]]. (* XXX: expand as needed *)
+  ∀f: bool.
+  s = s' →
+  addressing_mode_ok pseudo_assembly_program M cm s addr = true →
+    map_bit_address_mode_using_internal_pseudo_address_map_set_1 M cm s' sigma addr f.
+  #M #cm #s #s' #sigma #addr #f #s_refl <s_refl
+  @(subaddressing_mode_elim … addr) [1: #w ]
+  whd in ⊢ (??%? → %); [2: #_ @I ]
+  inversion (vsplit bool 1 7 w) #bit_one #seven_bits #bit_one_seven_bits_refl normalize nodelta
+  cases (head' bool ??) normalize nodelta
+  [1:
+    #eq_accumulator_assm whd in ⊢ (??%?);
+    cases (sfr_of_Byte ?) try % * * try % normalize nodelta
+    whd in ⊢ (??%?);
+    >(eq_accumulator_address_map_entry_true_to_eq … eq_accumulator_assm) %
+  |2:
+    #assoc_list_exists_assm whd in ⊢ (??%?);
+    lapply (not_b_c_to_b_not_c ?? assoc_list_exists_assm) -assoc_list_exists_assm #assoc_list_exists_assm
+    whd in assoc_list_exists_assm:(???%);
+    >(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) assoc_list_exists_assm) %
+  ]
+qed.
+lemma addressing_mode_ok_to_map_bit_address_mode_using_internal_pseudo_address_map_set_2:
+  ∀M: internal_pseudo_address_map.
+  ∀cm: pseudo_assembly_program.
+  ∀s, s': PreStatus pseudo_assembly_program cm.
+  ∀sigma: Word → Word.
+  ∀addr: [[bit_addr; carry]]. (* XXX: expand as needed *)
+  ∀f: bool.
+  s = s' →
+  addressing_mode_ok pseudo_assembly_program M cm s addr = true →
+    map_bit_address_mode_using_internal_pseudo_address_map_set_2 M cm s' sigma addr f.
+  #M #cm #s #s' #sigma #addr #f #s_refl <s_refl
+  @(subaddressing_mode_elim … addr) [1: #w ]
+  whd in ⊢ (??%? → %); [2: #_ @I ]
+  inversion (vsplit bool 1 7 w) #bit_one #seven_bits #bit_one_seven_bits_refl normalize nodelta
+  cases (head' bool ??) normalize nodelta
+  [1:
+    #eq_accumulator_assm whd in ⊢ (??%?);
+    cases (sfr_of_Byte ?) try % * * try % normalize nodelta
+    whd in ⊢ (??%?);
+    >(eq_accumulator_address_map_entry_true_to_eq … eq_accumulator_assm) %
+  |2:
+    #assoc_list_exists_assm whd in ⊢ (??%?);
+    lapply (not_b_c_to_b_not_c ?? assoc_list_exists_assm) -assoc_list_exists_assm #assoc_list_exists_assm
+    whd in assoc_list_exists_assm:(???%);
+    >(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) assoc_list_exists_assm) %
+  ]
+qed.*)
+(*
+axiom insert_low_internal_ram_of_pseudo_low_internal_ram':
+  ∀M, M', sigma,cm,s,addr,v,v'.
+    (∀addr'.
+      ((false:::addr) = addr' →
+        map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v =
+        map_internal_ram_address_using_pseudo_address_map M' sigma (false:::addr) v') ∧
+      ((false:::addr) ≠ addr' →
+        let 〈callM, accM〉 ≝ M in
+        let 〈callM', accM'〉 ≝ M' in
+          accM = accM' ∧
+            assoc_list_lookup … addr' (eq_bv 8) … callM =
+              assoc_list_lookup … addr' (eq_bv 8) … callM')) →
+    insert Byte 7 addr v'
+      (low_internal_ram_of_pseudo_low_internal_ram M'
+      (low_internal_ram pseudo_assembly_program cm s)) =
+    low_internal_ram_of_pseudo_low_internal_ram M
+      (insert Byte 7 addr v (low_internal_ram pseudo_assembly_program cm s)).
+*)
+(*
+lemma write_at_stack_pointer_status_of_pseudo_status:
+  ∀M, M'.
+  ∀cm.
+  ∀sigma.
+  ∀policy.
+  ∀s, s'.
+  ∀new_b, new_b'.
+    map_internal_ram_address_using_pseudo_address_map M sigma (get_8051_sfr pseudo_assembly_program cm s SFR_SP) new_b = new_b' →
+    status_of_pseudo_status M cm s sigma policy = s' →
+    write_at_stack_pointer ?? s' new_b' =
+    status_of_pseudo_status M' cm (write_at_stack_pointer ? cm s new_b) sigma policy.
+  #M #M' #cm #sigma #policy #s #s' #new_b #new_b'
+  #new_b_refl #s_refl <new_b_refl <s_refl
+  whd in match write_at_stack_pointer; normalize nodelta
+  @pair_elim #nu #nl #nu_nl_refl normalize nodelta
+  @(pair_replace ?????????? (eq_to_jmeq … nu_nl_refl))
+  [1:
+    @eq_f
+    whd in match get_8051_sfr; normalize nodelta
+    whd in match sfr_8051_index; normalize nodelta
+    whd in match status_of_pseudo_status; normalize nodelta
+    whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
+    cases (\snd M) [2: * #address ] normalize nodelta
+    [1,2:
+      cases (vsplit bool ???) #high #low normalize nodelta
+      whd in match sfr_8051_index; normalize nodelta
+      >get_index_v_set_index_miss %
+      #absurd destruct(absurd)
+    |3:
+      %
+    ]
+  |2:
+    @if_then_else_status_of_pseudo_status try %
+    [2:
+      @sym_eq <set_low_internal_ram_status_of_pseudo_status
+      [1:
+        @eq_f2
+        [2:
+          @insert_low_internal_ram_of_pseudo_low_internal_ram'
+    @sym_eq
+    [2:
+      <set_low_internal_ram_status_of_pseudo_status
+      [1:
+        @eq_f2
+        [2:
+          @sym_eq
+          >(insert_low_internal_ram_of_pseudo_low_internal_ram … sigma … new_b')
+          [2:
+            >new_b_refl
+    ]
+  ]
+qed.*)

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 2273

Legend:

src/ASM/AssemblyProofSplit.ma

src/ASM/AssemblyProofSplitSplit.ma

src/ASM/PolicyFront.ma

src/ASM/Test.ma

Download in other formats: