Changeset 2273 for src/ASM/Test.ma

Timestamp:

Jul 30, 2012, 12:46:19 AM (8 years ago)

Author:

sacerdot

Message:

1. lemmas moved from all files to Test.ma
2. most of the lemmas in Test.ma repaired. A few are commented out. Several needs to be slightly generalized.

File:

• src/ASM/Test.ma (modified) (28 diffs)

src/ASM/Test.ma

@@ -301 +301 @@
 qed.
 
-(*
 lemma get_index_v_status_of_pseudo_status:
   ∀M, code_memory, sigma, policy, s, s', sfr.
@@ -316 +315 @@
   whd in match status_of_pseudo_status; normalize nodelta
   whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
-  inversion (\snd M) try (#upper_lower #address) #sndM_refl normalize nodelta
+  inversion (\snd M) try ( * #upper_lower #address) #sndM_refl normalize nodelta
  [1:
     cases sfr
@@ -326 +325 @@
     %
   |2:
+   inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
     @pair_elim #high #low #high_low_refl normalize nodelta
-    inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
     cases sfr
     [18,37:
@@ -340 +339 @@
   ]
 qed.
-*)
 
 lemma set_8051_sfr_status_of_pseudo_status:
@@ -350 +348 @@
         (set_8051_sfr pseudo_assembly_program code_memory s sfr v) sigma policy.
   #M #code_memory #sigma #policy #s #s' #sfr #v #v' #s_ok #v_ok
-  <s_ok whd in ⊢ (??%%); @split_eq_status try % /2/
-qed.
-
-(*
+  <s_ok whd in ⊢ (??%%); @split_eq_status try % /2 by set_index_status_of_pseudo_status/
+qed.
+
+(*lemma get_8051_sfr_status_of_pseudo_status:
+  ∀M.
+  ∀cm, ps, sigma, policy.
+  ∀sfr.
+    (sfr = SFR_ACC_A → \snd M = None …) →
+    get_8051_sfr (BitVectorTrie Byte 16)
+      (code_memory_of_pseudo_assembly_program cm sigma policy)
+      (status_of_pseudo_status M cm ps sigma policy) sfr =
+    get_8051_sfr pseudo_assembly_program cm ps sfr.
+  #M #cm #ps #sigma #policy * cases M #fstM #sndM #relevant
+  [18: >relevant % ]
+  cases sndM try % * #address
+  whd in match get_8051_sfr;
+  whd in match status_of_pseudo_status; normalize nodelta
+  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta #address
+  cases (eq_upper_lower ??) normalize nodelta
+  @pair_elim #upper #lower #upper_lower_refl
+  @get_index_v_set_index_miss @nmk #relevant
+  normalize in relevant; destruct(relevant)
+qed.*)
+
 lemma get_8051_sfr_status_of_pseudo_status:
   ∀M, code_memory, sigma, policy, s, s', s'', sfr.
@@ -365 +383 @@
   whd in match get_8051_sfr; normalize nodelta
   @get_index_v_status_of_pseudo_status %
-qed.*)
+qed.
 
 lemma get_8052_sfr_status_of_pseudo_status:
@@ -537 +555 @@
    (low_internal_ram pseudo_assembly_program cm s) (zero 8)) = s' →
   lookup Byte 7 addr
-  (low_internal_ram_of_pseudo_low_internal_ram M
+  (low_internal_ram_of_pseudo_low_internal_ram M sigma
    (low_internal_ram pseudo_assembly_program cm s)) (zero 8)
   = s'.
@@ -549 +567 @@
    (high_internal_ram pseudo_assembly_program cm s) (zero 8)) = s' →
   lookup Byte 7 addr
-  (high_internal_ram_of_pseudo_high_internal_ram M
+  (high_internal_ram_of_pseudo_high_internal_ram M sigma
    (high_internal_ram pseudo_assembly_program cm s)) (zero 8)
   = s'.
@@ -606 +624 @@
 definition map_address_mode_using_internal_pseudo_address_map_ok1 ≝
  λM:internal_pseudo_address_map.λcm.λs:PreStatus ? cm.λsigma. λaddr.
+  let 〈low,high,accA〉 ≝ M in
   match addr with
   [ INDIRECT i ⇒
-     assoc_list_lookup ??
-      (false:::bit_address_of_register pseudo_assembly_program cm s [[false; false; i]]) (eq_bv …) (\fst M) = None …
+     lookup_opt …
+      (bit_address_of_register pseudo_assembly_program cm s [[false; false; i]]) low = None …
   | EXT_INDIRECT e ⇒
-     assoc_list_lookup ??
-      (false:::bit_address_of_register pseudo_assembly_program cm s [[false; false; e]]) (eq_bv …) (\fst M) = None …
+     lookup_opt …
+      (bit_address_of_register pseudo_assembly_program cm s [[false; false; e]]) low = None …
   | ACC_DPTR ⇒
     (* XXX: \snd M = None plus in the very rare case when we are trying to dereference a null (O) pointer
@@ -697 +716 @@
                   set_low_internal_ram ?? s memory
               ]
+              
       | INDIRECT i ⇒
         λindirect: True.
@@ -734 +754 @@
     [ >(vsplit_ok … vsplit_refl) #_ @set_bit_addressable_sfr_status_of_pseudo_status
     | #_ #v_ok >(insert_low_internal_ram_status_of_pseudo_status … v) // ]
-  |3,4: #EQ1 #EQ2 change with (get_register ????) in match register in p;
+  |3,4: cases M * -M #low #high #accA normalize nodelta
+      #EQ1 #EQ2 change with (get_register ????) in match register in p;
       >(get_register_status_of_pseudo_status … (refl …) (refl …))
       whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
+      whd in match (lookup_from_internal_ram ??);
       >EQ1 normalize nodelta >p normalize nodelta >p1 normalize nodelta
       [ >(insert_high_internal_ram_status_of_pseudo_status … v)
       | >(insert_low_internal_ram_status_of_pseudo_status … v) ]
       // <EQ2 @eq_f2 try % <(vsplit_ok … (sym_eq … p)) <eq_cons_head_append >p1 %
-  |5: #EQ1 #EQ2 <EQ2 >(get_register_status_of_pseudo_status … (refl …) (refl …))
+  |5: cases M * -M #low #high #accA normalize nodelta
+      #EQ1 #EQ2 <EQ2 >(get_register_status_of_pseudo_status … (refl …) (refl …))
       whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
+      whd in match lookup_from_internal_ram; normalize nodelta
       >EQ1 normalize nodelta
       >external_ram_status_of_pseudo_status @set_external_ram_status_of_pseudo_status
@@ -957 +981 @@
     #_>p normalize nodelta >p1 normalize nodelta
     @(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma) %
-  |3,4:
+  |3,4: cases M -M * #low #high #accA
     #assoc_list_assm >(get_register_status_of_pseudo_status … (refl …) (refl …))
     whd in match map_internal_ram_address_using_pseudo_address_map in ⊢ (??%?); normalize nodelta
+    whd in match lookup_from_internal_ram; normalize nodelta
     >assoc_list_assm normalize nodelta >p normalize nodelta >p1 normalize nodelta
     [1:
-      @(lookup_high_internal_ram_of_pseudo_high_internal_ram … sigma)
+      @(lookup_high_internal_ram_of_pseudo_high_internal_ram … 〈low,high,accA〉 sigma)
     |2:
-      @(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma)
+      @(lookup_low_internal_ram_of_pseudo_low_internal_ram … 〈low,high,accA〉 sigma)
     ]
     @eq_f2 try % <(vsplit_ok … (sym_eq … p)) <eq_cons_head_append >p1 %
-  |5:
+  |5: cases M -M * #low #high #accA
     #assoc_list_assm >(get_register_status_of_pseudo_status … (refl …) (refl …))
     whd in match map_internal_ram_address_using_pseudo_address_map in ⊢ (??%?); normalize nodelta
+    whd in match lookup_from_internal_ram; normalize nodelta
     >assoc_list_assm normalize nodelta %
   |6,7,8,9:
     #_ /2 by refl, get_register_status_of_pseudo_status, get_index_v_status_of_pseudo_status/
-  |10:
+  |10: cases M -M * #low #high #accA
     #acc_a_assm >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
     >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
@@ -979 +1005 @@
     whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
     >acc_a_assm >p normalize nodelta //
-  |11:
+  |11: cases M -M * #low #high #accA
     * #map_acc_a_assm #sigma_assm >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
     >(program_counter_status_of_pseudo_status … (refl …) (refl …))
@@ -1048 +1074 @@
     match head' … bit_1 with
     [ true ⇒
-      let address ≝ nat_of_bitvector … seven_bits in
-      let d ≝ address ÷ 8 in
-      let m ≝ address mod 8 in
-      let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
+      let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+      let trans ≝ true:::four_bits @@ [[false; false; false]] in
         map_address_Byte_using_internal_pseudo_address_map M sigma trans (get_bit_addressable_sfr pseudo_assembly_program cm s trans l) = get_bit_addressable_sfr … cm s trans l
     | false ⇒
-      let address ≝ nat_of_bitvector … seven_bits in
-      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
+      let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+      let address' ≝ [[true; false; false]]@@four_bits in
       let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
-        map_internal_ram_address_using_pseudo_address_map M sigma
+      map_internal_ram_address_using_pseudo_address_map M sigma
           (false:::address') t = t
     ]
@@ -1064 +1088 @@
     match head' … bit_1 with
     [ true ⇒
-      let address ≝ nat_of_bitvector … seven_bits in
-      let d ≝ address ÷ 8 in
-      let m ≝ address mod 8 in
-      let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
+      let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+      let trans ≝ true:::four_bits @@ [[false; false; false]] in
         map_address_Byte_using_internal_pseudo_address_map M sigma trans (get_bit_addressable_sfr pseudo_assembly_program cm s trans l) = get_bit_addressable_sfr … cm s trans l
     | false ⇒
-      let address ≝ nat_of_bitvector … seven_bits in
-      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
+      let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+      let address' ≝ [[true; false; false]]@@four_bits in
       let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
-        map_internal_ram_address_using_pseudo_address_map M sigma
+      map_internal_ram_address_using_pseudo_address_map M sigma
           (false:::address') t = t
     ]
@@ -1100 +1122 @@
         match head' … bit_1 with
         [ true ⇒
-          let address ≝ nat_of_bitvector … seven_bits in
-          let d ≝ address ÷ 8 in
-          let m ≝ address mod 8 in
-          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let trans ≝ true:::four_bits @@ [[false; false; false]] in
           let sfr ≝ get_bit_addressable_sfr ?? s trans l in
-            get_index_v … sfr m ?
+            get_index_v … sfr (nat_of_bitvector … three_bits) ?
         | false ⇒
-          let address ≝ nat_of_bitvector … seven_bits in
-          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let address' ≝ [[true; false; false]]@@four_bits in
           let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
-            get_index_v … t (modulus address 8) ? 
+            get_index_v … t (nat_of_bitvector … three_bits) ?
         ]
       | N_BIT_ADDR n ⇒
@@ -1117 +1137 @@
         match head' … bit_1 with
         [ true ⇒
-          let address ≝ nat_of_bitvector … seven_bits in
-          let d ≝ address ÷ 8 in
-          let m ≝ address mod 8 in
-          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let trans ≝ true:::four_bits @@ [[false; false; false]] in
           let sfr ≝ get_bit_addressable_sfr ?? s trans l in
-            ¬(get_index_v … sfr m ?)
+            ¬(get_index_v ?? sfr (nat_of_bitvector … three_bits) ?)
         | false ⇒
-          let address ≝ nat_of_bitvector … seven_bits in
-          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
+          let 〈four_bits, three_bits〉 ≝ vsplit bool 4 3 seven_bits in
+          let address' ≝ [[true; false; false]]@@four_bits in
           let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
-            ¬(get_index_v … t (modulus address 8) ?)
+            ¬(get_index_v … t (nat_of_bitvector … three_bits) ?)
         ]
       | CARRY ⇒ λcarry: True. get_cy_flag ?? s
@@ -1133 +1151 @@
         match other in False with [ ]
       ] (subaddressing_modein … a)) normalize nodelta
-  try @modulus_less_than
+  [4,5,8,9: //]
   #M #sigma #policy #s' #s_refl <s_refl
   [1:
     #_ >(get_cy_flag_status_of_pseudo_status … (refl …)) %
   |2,4:
-    whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta
+    whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta destruct >p2
+    normalize nodelta
     >(get_bit_addressable_sfr_status_of_pseudo_status … (refl …) (refl …)) #map_address_assm
     >map_address_assm %
   |3,5:
     whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta
-    whd in match status_of_pseudo_status; normalize nodelta
+    whd in match status_of_pseudo_status; normalize nodelta destruct >p2 normalize nodelta
     >(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma … (refl …))
     #map_address_assm >map_address_assm %
@@ -1167 +1186 @@
 qed.
 
+(*CSC: daemon
 definition map_bit_address_mode_using_internal_pseudo_address_map_set_1 ≝
   λM: internal_pseudo_address_map.
@@ -1321 +1341 @@
   cases (set_arg_1_status_of_pseudo_status' cm ps addr b) #_ #relevant
   @relevant
-qed.
+qed.*)
 
 lemma clock_status_of_pseudo_status:
@@ -1344 +1364 @@
 qed.
 
+(*CSC: daemon
 lemma set_flags_status_of_pseudo_status:
   ∀M.
@@ -1367 +1388 @@
   [1:
     normalize nodelta %
-  |2:
-    * #address normalize nodelta
+  |2: ** #address normalize nodelta
     @(vsplit_elim bool ???) #high #low #high_low_refl normalize nodelta
     whd in ⊢ (??%%); cases opt try #opt' normalize nodelta
@@ -1374 +1394 @@
     cases daemon
   ]
-qed.
+qed.*)
 
 lemma get_ac_flag_status_of_pseudo_status:
@@ -1389 +1409 @@
   whd in match status_of_pseudo_status; normalize nodelta
   whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
-  cases (\snd M) try %
-  * normalize nodelta #address
+  cases (\snd M) try % normalize nodelta ** normalize nodelta
+  #address
   @(vsplit_elim bool ???) #high #low #high_low_refl normalize nodelta
   whd in match sfr_8051_index; normalize nodelta
@@ -1410 +1430 @@
   whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
   cases (\snd M) try %
-  * normalize nodelta #address
+  ** normalize nodelta #address
   @(vsplit_elim bool ???) #high #low #high_low_refl normalize nodelta
   whd in match sfr_8051_index; normalize nodelta
@@ -1416 +1436 @@
 qed.
 
-lemma get_8051_sfr_status_of_pseudo_status:
-  ∀M.
-  ∀cm, ps, sigma, policy.
-  ∀sfr.
-    (sfr = SFR_ACC_A → \snd M = None …) →
-    get_8051_sfr (BitVectorTrie Byte 16)
-      (code_memory_of_pseudo_assembly_program cm sigma policy)
-      (status_of_pseudo_status M cm ps sigma policy) sfr =
-    get_8051_sfr pseudo_assembly_program cm ps sfr.
-  #M #cm #ps #sigma #policy * cases M #fstM #sndM #relevant
-  [18:
-     >relevant %
-  ]
-  cases sndM try % * #address
-  whd in match get_8051_sfr;
-  whd in match status_of_pseudo_status; normalize nodelta
-  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta #address
-  cases (eq_upper_lower ??) normalize nodelta
-  @pair_elim #upper #lower #upper_lower_refl
-  @get_index_v_set_index_miss @nmk #relevant
-  normalize in relevant; destruct(relevant)
-qed.
-
+(*CSC: useless?
 lemma get_arg_8_pseudo_addressing_mode_ok:
   ∀M: internal_pseudo_address_map.
@@ -1485 +1483 @@
   |2:
     #addressing_mode_ok_refl whd in ⊢ (??%?);
-    @pair_elim #nu #nl #nu_nl_refl normalize nodelta cases daemon (*
+    @pair_elim #nu #nl #nu_nl_refl normalize nodelta XXX cases daemon (*
     @pair_elim #ignore #three_bits #ignore_three_bits_refl normalize nodelta
     inversion (get_index_v bool ????) #get_index_v_refl normalize nodelta
@@ -1610 +1608 @@
       ]
     ]
-  ] *)
-qed.
+  ]
+qed.*)*)
+
+lemma addressing_mode_ok_to_map_address_using_internal_pseudo_address_map:
+  ∀M, cm, ps, sigma, x.
+  ∀addr1: [[acc_a]].
+    assert_data pseudo_assembly_program M cm ps addr1=true → 
+      map_address_using_internal_pseudo_address_map M sigma SFR_ACC_A x = x.
+  #M #cm #ps #sigma #x #addr1
+  @(subaddressing_mode_elim … addr1)
+  whd in ⊢ (??%? → ??%?); cases M -M * #low #high * [//]
+  * #upper_lower #address normalize nodelta #absurd destruct(absurd) 
+qed.
+
+lemma addressing_mode_ok_to_snd_M_data:
+  ∀M, cm, ps.
+  ∀addr: [[acc_a]].
+  assert_data pseudo_assembly_program M cm ps addr = true →
+    \snd M = None ….
+  #M #cm #ps #addr
+  @(subaddressing_mode_elim … addr)
+  whd in ⊢ (??%? → ?); cases M * #low #high * normalize nodelta
+  [ #_ %
+  | #addr #abs destruct(abs) ]
+qed.
+
+(*(*CSC: move elsewhere*)
+lemma assoc_list_exists_true_to_assoc_list_lookup_Some:
+  ∀A, B: Type[0].
+  ∀e: A.
+  ∀the_list: list (A × B).
+  ∀eq_f: A → A → bool.
+    assoc_list_exists A B e eq_f the_list = true →
+      ∃e'. assoc_list_lookup A B e eq_f the_list = Some … e'.
+  #A #B #e #the_list #eq_f elim the_list
+  [1:
+    whd in ⊢ (??%? → ?); #absurd destruct(absurd)
+  |2:
+    #hd #tl #inductive_hypothesis
+    whd in ⊢ (??%? → ?); whd in match (assoc_list_lookup ?????);
+    cases (eq_f (\fst hd) e) normalize nodelta
+    [1:
+      #_ %{(\snd hd)} %
+    |2:
+      @inductive_hypothesis
+    ]
+  ]
+qed.
+
+(*CSC: move elsewhere*)
+lemma assoc_list_exists_false_to_assoc_list_lookup_None:
+  ∀A, B: Type[0].
+  ∀e, e': A.
+  ∀the_list, the_list': list (A × B).
+  ∀eq_f: A → A → bool.
+    e = e' →
+    the_list = the_list' →
+      assoc_list_exists A B e eq_f the_list = false →
+        assoc_list_lookup A B e' eq_f the_list' = None ….
+  #A #B #e #e' #the_list elim the_list
+  [1:
+    #the_list' #eq_f #e_refl <e_refl #the_list_refl <the_list_refl #_ %
+  |2:
+    #hd #tl #inductive_hypothesis #the_list' #eq_f #e_refl #the_list_refl <the_list_refl
+    whd in ⊢ (??%? → ??%?); <e_refl
+    cases (eq_f (\fst hd) e) normalize nodelta
+    [1:
+      #absurd destruct(absurd)
+    |2:
+      >e_refl in ⊢ (? → %); @inductive_hypothesis try % assumption
+    ]
+  ]
+qed.*)
+
+lemma sfr_psw_eq_to_bit_address_of_register_eq:
+  ∀A: Type[0].
+  ∀code_memory: A.
+  ∀status, status', register_address.
+    get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
+      bit_address_of_register A code_memory status register_address = bit_address_of_register A code_memory status' register_address.
+  #A #code_memory #status #status' #register_address #sfr_psw_refl
+  whd in match bit_address_of_register; normalize nodelta
+  <sfr_psw_refl %
+qed.
+
+lemma sfr_psw_and_low_internal_ram_eq_to_get_register_eq:
+  ∀A: Type[0].
+  ∀code_memory: A.
+  ∀status, status', register_address.
+    get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
+      low_internal_ram A code_memory status = low_internal_ram A code_memory status' →
+        get_register A code_memory status register_address = get_register A code_memory status' register_address.
+  #A #code_memory #status #status' #register_address #sfr_psw_refl #low_internal_ram_refl
+  whd in match get_register; normalize nodelta <low_internal_ram_refl
+  >(sfr_psw_eq_to_bit_address_of_register_eq … status status') //
+qed.
+
+lemma map_address_mode_using_internal_pseudo_address_map_ok1_addr:
+  ∀M, cm, status, status', sigma.
+  ∀addr1: [[acc_a; registr; direct; indirect; data; ext_indirect; ext_indirect_dptr]]. (* XXX: expand as needed *)
+    get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
+    assert_data pseudo_assembly_program M cm status addr1 = true →
+    map_address_mode_using_internal_pseudo_address_map_ok1 M cm status' sigma addr1.
+  * * #low #high #accA #cm #status #status' #sigma #addr1 #sfr_refl
+  @(subaddressing_mode_elim … addr1) try (#w #_ @I) [1,4: #_ @I ] #w
+  whd in ⊢ (??%? → %); whd in match (data_or_address ?????);
+  whd in match exists; normalize nodelta
+  <(sfr_psw_eq_to_bit_address_of_register_eq … status status') try assumption
+  cases (lookup_opt ????); normalize nodelta #x try % #abs destruct(abs)
+qed.
+
+lemma sfr8051_neq_acc_a_to_map_address_using_internal_pseudo_address_map:
+  ∀M.
+  ∀sigma.
+  ∀sfr8051.
+  ∀b.
+    sfr8051 ≠ SFR_ACC_A →
+      map_address_using_internal_pseudo_address_map M sigma sfr8051 b = b.
+  #M #sigma * #b
+  [18:
+    #relevant cases (absurd … (refl ??) relevant)
+  ]
+  #_ %
+qed.
+
+lemma w_neq_224_to_map_address_Byte_using_internal_pseudo_address_map:
+  ∀M.
+  ∀sigma: Word → Word.
+  ∀w: BitVector 8.
+  ∀b.
+    w ≠ bitvector_of_nat … 224 →
+      map_address_Byte_using_internal_pseudo_address_map M sigma w b = b.
+  #M #sigma #w #b #w_neq_assm
+  whd in ⊢ (??%?); inversion (sfr_of_Byte ?)
+  [1:
+    #sfr_of_Byte_refl %
+  |2:
+    * #sfr8051 #sfr_of_Byte_refl normalize nodelta try %
+    @sfr8051_neq_acc_a_to_map_address_using_internal_pseudo_address_map %
+    #relevant >relevant in sfr_of_Byte_refl; #sfr_of_Byte_refl
+    @(absurd ?? w_neq_assm)
+    lapply sfr_of_Byte_refl -b -sfr_of_Byte_refl -relevant -w_neq_assm -sfr8051 -sigma
+    whd in match sfr_of_Byte; normalize nodelta
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    @eqb_elim #eqb_refl normalize nodelta [1: #_ <eqb_refl >bitvector_of_nat_inverse_nat_of_bitvector % ]
+    cases (eqb ??) normalize nodelta [1: #absurd destruct(absurd) ]
+    #absurd destruct(absurd)
+qed.
+
+(*lemma assoc_list_exists_false_to_map_internal_ram_address_using_pseudo_address_map:
+  ∀M, sigma, w, b.
+    assoc_list_exists Byte (upper_lower×Word) w (eq_bv 8) (\fst  M) = false →
+      map_internal_ram_address_using_pseudo_address_map M sigma w b = b.
+  #M #sigma #w #b #assoc_list_exists_assm
+  whd in ⊢ (??%?);
+  >(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) … assoc_list_exists_assm) %
+qed.*)
+    
+lemma addressing_mode_ok_to_map_address_mode_using_internal_pseudo_address_map_ok2:
+  ∀M', cm.
+  ∀sigma, status, status', b, b'.
+  ∀addr1: [[acc_a; registr; direct; indirect; data; bit_addr; ext_indirect; ext_indirect_dptr]]. (* XXX: expand as needed *)
+    get_8051_sfr … status SFR_PSW = get_8051_sfr … status' SFR_PSW →
+    low_internal_ram pseudo_assembly_program cm status = low_internal_ram pseudo_assembly_program cm status' →
+    b = b' →
+    assert_data pseudo_assembly_program M' cm status addr1 = true →
+      map_address_mode_using_internal_pseudo_address_map_ok2 pseudo_assembly_program M' sigma cm status' addr1 b = b'.
+  #M' #cm #sigma #status #status' #b #b' #addr1 #sfr_refl #low_internal_ram_refl #b_refl <b_refl
+  @(subaddressing_mode_elim … addr1)
+  [1:
+    whd in ⊢ (??%? → ??%?); cases M' -M' * #low #high *
+    [1:
+      normalize nodelta #_ %
+    |2:
+      * #upper_lower #address normalize nodelta #absurd destruct(absurd)
+    ]
+  |2: cases M' -M' * #low #high #accA
+    #w whd in ⊢ (??%? → ??%?); whd in match (lookup_from_internal_ram ??);
+    <(sfr_psw_eq_to_bit_address_of_register_eq … status status' w … sfr_refl)
+    cases (lookup_opt ????); normalize nodelta #x try % #abs destruct(abs)
+  |4: cases M' -M' * #low #high #accA
+    #w whd in ⊢ (??%? → ??%?); whd in match lookup_from_internal_ram;
+    whd in match data_or_address; normalize nodelta whd in match exists; normalize nodelta
+    whd in match get_register; normalize nodelta
+    <(sfr_psw_eq_to_bit_address_of_register_eq … status status' … sfr_refl)
+    cases (lookup_opt ????) normalize nodelta [2: #_ #abs destruct(abs)]
+    <low_internal_ram_refl @vsplit_elim #one #seven #EQone_seven normalize nodelta
+    cases (head' bool ??) normalize nodelta cases (lookup_opt ????) normalize nodelta
+    #x try % #abs destruct(abs)
+  |3: cases M' -M' * #low #high #accA
+    #w whd in ⊢ (??%? → ??%?); whd in match data_or_address; normalize nodelta
+    @vsplit_elim #hd #tl #w_refl normalize nodelta
+    lapply (eq_head' ?? … hd) >(Vector_O … (tail … hd))
+    cases (head' bool ??) normalize nodelta
+    [2: #_ whd in match (map_internal_ram_address_using_pseudo_address_map ????);
+        whd in match (lookup_from_internal_ram ??); cases (lookup_opt ????);
+        normalize nodelta // #x #abs destruct(abs) ] #EQhd
+    >w_refl >EQhd @eq_bv_elim #eq_bv_refl normalize nodelta
+    [1: cases accA normalize nodelta try (#x #abs destruct(abs)) #_
+        normalize in eq_bv_refl; >eq_bv_refl %
+    |2: #_ @w_neq_224_to_map_address_Byte_using_internal_pseudo_address_map assumption ]
+  |5,6,7,8:
+    #w try #w' %
+  ]
+qed.
+
+(*CSC: move elsewhere*)
+lemma bv_append_eq_to_eq:
+ ∀A,n. ∀v1,v2: Vector A n. ∀m. ∀v3,v4: Vector A m.
+  v1@@v3 = v2@@v4 → v1=v2 ∧ v3=v4.
+ #A #n #v1 elim v1
+ [ #v2 >(Vector_O … v2) #m #v3 #v4 normalize * %%
+ | #n' #hd1 #tl1 #IH #v2 cases (Vector_Sn … v2) #hd2 * #tl2 #EQ2 >EQ2
+   #m #v3 #v4 #EQ normalize in EQ; destruct(EQ) cases (IH … e0) * * %% ]
+qed.
+
+lemma addressing_mode_ok_to_map_bit_address_mode_using_internal_pseudo_address_map_get:
+  ∀M: internal_pseudo_address_map.
+  ∀cm: pseudo_assembly_program.
+  ∀s: PreStatus pseudo_assembly_program cm.
+  ∀sigma: Word → Word.
+  ∀addr: [[bit_addr]]. (* XXX: expand as needed *)
+  ∀f: bool.
+  assert_data pseudo_assembly_program M cm s addr = true →
+    map_bit_address_mode_using_internal_pseudo_address_map_get M cm s sigma addr f.
+  ** #low #high #accA #cm #s #sigma #addr #f
+  @(subaddressing_mode_elim … addr) #w
+  whd in ⊢ (??%? → %); whd in match data_or_address; normalize nodelta
+  @vsplit_elim #bit_one #seven_bits #bit_one_seven_bits_refl normalize nodelta
+  @vsplit_elim #four #three #four_three_refl normalize nodelta
+  cases (head' bool ??) normalize nodelta
+  [1: @eq_bv_elim normalize nodelta
+      [1: #EQfour cases accA normalize nodelta #x [2: #abs destruct(abs)] >EQfour %
+      |2: #NEQ #_ >w_neq_224_to_map_address_Byte_using_internal_pseudo_address_map
+          try % normalize #EQ @(absurd ?? NEQ)
+          cases (bv_append_eq_to_eq … [[true]] [[true]] … EQ) #_ #EQ1
+          cases (bv_append_eq_to_eq … four [[true;true;false;false]] … EQ1) // ]
+  |2: whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
+      whd in match lookup_from_internal_ram; normalize nodelta
+      cases (lookup_opt ????); normalize nodelta #x try % #abs destruct(abs) ]
+qed.
+
+(*
+lemma addressing_mode_ok_to_map_bit_address_mode_using_internal_pseudo_address_map_set_1:
+  ∀M: internal_pseudo_address_map.
+  ∀cm: pseudo_assembly_program.
+  ∀s, s': PreStatus pseudo_assembly_program cm.
+  ∀sigma: Word → Word.
+  ∀addr: [[bit_addr; carry]]. (* XXX: expand as needed *)
+  ∀f: bool.
+  s = s' →
+  addressing_mode_ok pseudo_assembly_program M cm s addr = true →
+    map_bit_address_mode_using_internal_pseudo_address_map_set_1 M cm s' sigma addr f.
+  #M #cm #s #s' #sigma #addr #f #s_refl <s_refl
+  @(subaddressing_mode_elim … addr) [1: #w ]
+  whd in ⊢ (??%? → %); [2: #_ @I ]
+  inversion (vsplit bool 1 7 w) #bit_one #seven_bits #bit_one_seven_bits_refl normalize nodelta
+  cases (head' bool ??) normalize nodelta
+  [1:
+    #eq_accumulator_assm whd in ⊢ (??%?);
+    cases (sfr_of_Byte ?) try % * * try % normalize nodelta
+    whd in ⊢ (??%?);
+    >(eq_accumulator_address_map_entry_true_to_eq … eq_accumulator_assm) %
+  |2:
+    #assoc_list_exists_assm whd in ⊢ (??%?);
+    lapply (not_b_c_to_b_not_c ?? assoc_list_exists_assm) -assoc_list_exists_assm #assoc_list_exists_assm
+    whd in assoc_list_exists_assm:(???%);
+    >(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) assoc_list_exists_assm) %
+  ]
+qed.
+
+lemma addressing_mode_ok_to_map_bit_address_mode_using_internal_pseudo_address_map_set_2:
+  ∀M: internal_pseudo_address_map.
+  ∀cm: pseudo_assembly_program.
+  ∀s, s': PreStatus pseudo_assembly_program cm.
+  ∀sigma: Word → Word.
+  ∀addr: [[bit_addr; carry]]. (* XXX: expand as needed *)
+  ∀f: bool.
+  s = s' →
+  addressing_mode_ok pseudo_assembly_program M cm s addr = true →
+    map_bit_address_mode_using_internal_pseudo_address_map_set_2 M cm s' sigma addr f.
+  #M #cm #s #s' #sigma #addr #f #s_refl <s_refl
+  @(subaddressing_mode_elim … addr) [1: #w ]
+  whd in ⊢ (??%? → %); [2: #_ @I ]
+  inversion (vsplit bool 1 7 w) #bit_one #seven_bits #bit_one_seven_bits_refl normalize nodelta
+  cases (head' bool ??) normalize nodelta
+  [1:
+    #eq_accumulator_assm whd in ⊢ (??%?);
+    cases (sfr_of_Byte ?) try % * * try % normalize nodelta
+    whd in ⊢ (??%?);
+    >(eq_accumulator_address_map_entry_true_to_eq … eq_accumulator_assm) %
+  |2:
+    #assoc_list_exists_assm whd in ⊢ (??%?);
+    lapply (not_b_c_to_b_not_c ?? assoc_list_exists_assm) -assoc_list_exists_assm #assoc_list_exists_assm
+    whd in assoc_list_exists_assm:(???%);
+    >(assoc_list_exists_false_to_assoc_list_lookup_None … (refl …) assoc_list_exists_assm) %
+  ]
+qed.*)
+
+(*
+axiom insert_low_internal_ram_of_pseudo_low_internal_ram':
+  ∀M, M', sigma,cm,s,addr,v,v'.
+    (∀addr'.
+      ((false:::addr) = addr' →
+        map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v =
+        map_internal_ram_address_using_pseudo_address_map M' sigma (false:::addr) v') ∧
+      ((false:::addr) ≠ addr' →
+        let 〈callM, accM〉 ≝ M in
+        let 〈callM', accM'〉 ≝ M' in
+          accM = accM' ∧
+            assoc_list_lookup … addr' (eq_bv 8) … callM =
+              assoc_list_lookup … addr' (eq_bv 8) … callM')) →
+    insert Byte 7 addr v'
+      (low_internal_ram_of_pseudo_low_internal_ram M'
+      (low_internal_ram pseudo_assembly_program cm s)) =
+    low_internal_ram_of_pseudo_low_internal_ram M
+      (insert Byte 7 addr v (low_internal_ram pseudo_assembly_program cm s)).
+*)
+
+(*
+lemma write_at_stack_pointer_status_of_pseudo_status:
+  ∀M, M'.
+  ∀cm.
+  ∀sigma.
+  ∀policy.
+  ∀s, s'.
+  ∀new_b, new_b'.
+    map_internal_ram_address_using_pseudo_address_map M sigma (get_8051_sfr pseudo_assembly_program cm s SFR_SP) new_b = new_b' →
+    status_of_pseudo_status M cm s sigma policy = s' →
+    write_at_stack_pointer ?? s' new_b' =
+    status_of_pseudo_status M' cm (write_at_stack_pointer ? cm s new_b) sigma policy.
+  #M #M' #cm #sigma #policy #s #s' #new_b #new_b'
+  #new_b_refl #s_refl <new_b_refl <s_refl
+  whd in match write_at_stack_pointer; normalize nodelta
+  @pair_elim #nu #nl #nu_nl_refl normalize nodelta
+  @(pair_replace ?????????? (eq_to_jmeq … nu_nl_refl))
+  [1:
+    @eq_f
+    whd in match get_8051_sfr; normalize nodelta
+    whd in match sfr_8051_index; normalize nodelta
+    whd in match status_of_pseudo_status; normalize nodelta
+    whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
+    cases (\snd M) [2: * #address ] normalize nodelta
+    [1,2:
+      cases (vsplit bool ???) #high #low normalize nodelta
+      whd in match sfr_8051_index; normalize nodelta
+      >get_index_v_set_index_miss %
+      #absurd destruct(absurd)
+    |3:
+      %
+    ]
+  |2:
+    @if_then_else_status_of_pseudo_status try %
+    [2:
+      @sym_eq <set_low_internal_ram_status_of_pseudo_status
+      [1:
+        @eq_f2
+        [2:
+          @insert_low_internal_ram_of_pseudo_low_internal_ram'
+    @sym_eq
+    [2:
+      <set_low_internal_ram_status_of_pseudo_status
+      [1:
+        @eq_f2
+        [2:
+          @sym_eq
+          >(insert_low_internal_ram_of_pseudo_low_internal_ram … sigma … new_b')
+          [2:
+            >new_b_refl
+    ]
+  ]
+qed.*)