Changeset 2283 for src/ASM

Timestamp:

Jul 31, 2012, 6:11:27 PM (9 years ago)

Author:

mulligan

Message:

Work from today.

Location:

src/ASM

Files:

• AssemblyProofSplit.ma (modified) (3 diffs)
• Interpret.ma (modified) (13 diffs)

src/ASM/AssemblyProofSplit.ma

@@ -18 +18 @@
 include alias "ASM/Vector.ma".
 include "ASM/Test.ma".
-include "ASM/Test2.ma".
+(*include "ASM/Test2.ma".*)
 
 (*CSC: move elsewhere*)
@@ -90 +90 @@
   <(eq_bv_eq … relevant)
   >(vsplit_ok … (sym_eq … vsplit_refl)) %
+qed.
+
+lemma set_clock_set_clock:
+  ∀M, cm, s, t, t'.
+    set_clock M cm (set_clock … cm s t) t' = set_clock … cm s t'.
+  #M #cm #s #t #t' %
 qed.
 
@@ -1215 +1221 @@
       whd in ⊢ (% → ?); * #jc_fetch_refl * #sjmp_fetch_refl * #ljmp_fetch_refl
       whd in ⊢ (% → ?); #ppc_eq_bv_refl %{2}
-      @(if_then_else_replace ???????? p) try % normalize nodelta
-      change with (execute_1 ?? = ?) destruct
-      whd in ⊢ (??%?); >EQs >EQticks <instr_refl
-      change with (set_program_counter ???? = ?)
-    ]
-    cases daemon
-  |13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28: (* XXX: conditional jumps *)
+      change with (execute 1 ?? = ?)
+      whd in match execute_1; normalize nodelta
+      whd in match execute_1'; normalize nodelta
+      <jc_fetch_refl whd in match execute_1_0; normalize nodelta
+      whd in match execute_1_preinstruction; normalize nodelta
+      @(if_then_else_replace ???????? p) normalize nodelta
+      [1:
+        >EQs
+        whd in match get_cy_flag; normalize nodelta
+        >special_function_registers_8051_set_program_counter
+        <(get_index_v_special_function_registers_8051_not_acc_a … 〈low, high, accA〉 … sigma policy) try %
+        normalize #absurd destruct(absurd)
+      |2:
+        @(if_then_else_replace ???????? p) normalize nodelta try %
+        change with (execute_1 ?? = ?) 
+        whd in match execute_1; normalize nodelta
+        whd in match execute_1'; normalize nodelta
+        >program_counter_set_program_counter
+        whd in match addr_of_relative; normalize nodelta
+        >set_clock_set_program_counter >program_counter_set_program_counter
+        <ljmp_fetch_refl
+        change with (set_program_counter ???? = ?)
+        >set_clock_set_program_counter >set_clock_set_program_counter >set_clock_set_program_counter
+        >set_program_counter_set_program_counter >set_program_counter_set_program_counter >set_program_counter_set_program_counter
+        >EQs >EQticks <instr_refl
+        >set_clock_set_program_counter >set_program_counter_set_program_counter in ⊢ (???%);
+        @set_program_counter_status_of_pseudo_status
+        [1:
+          >program_counter_set_program_counter
+          whd in match compute_target_of_unconditional_jump; normalize nodelta
+          >EQaddr_of normalize nodelta >EQlookup_labels %
+        |2:
+          >set_clock_set_clock
+          @set_clock_status_of_pseudo_status try %
+          /demod nohyps/
+          whd in match ticks_of0; normalize nodelta
+          @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+          [1:
+            >EQppc %
+          |2:
+            >sj_possible_refl %
+          ]
+        ]
+      ]
+    ]
+  |13: (* JC *)
+    >EQP -P normalize nodelta
+    whd in match assembly_1_pseudoinstruction; normalize nodelta
+    whd in match expand_pseudo_instruction; normalize nodelta
+    whd in match expand_relative_jump; normalize nodelta
+    whd in match expand_relative_jump_internal; normalize nodelta
+    >EQppc in ⊢ (% → ?);
+    @pair_elim #sj_possible #disp #sj_possible_disp_refl
+    inversion sj_possible #sj_possible_refl normalize nodelta
+    [1:
+      #sigma_increment_commutation #maps_assm #fetch_many_assm %{1}
+      whd in maps_assm:(??%%);
+      lapply maps_assm @Some_Some_elim #Mrefl destruct(Mrefl)
+      whd in ⊢ (??%?); normalize nodelta
+      <(fetch_many_singleton … fetch_many_assm) -fetch_many_assm
+      whd in ⊢ (??%?);
+      @if_then_else_status_of_pseudo_status
+      >EQs >EQticks <instr_refl normalize nodelta
+      [1:
+        @(get_cy_flag_status_of_pseudo_status 〈low, high, accA〉) %
+      |2:
+        @set_program_counter_status_of_pseudo_status
+        [1:
+          >EQaddr_of normalize nodelta
+          whd in match addr_of_relative; normalize nodelta
+          @(short_jump_cond_ok … sj_possible … (sym_eq ??? sj_possible_disp_refl))
+          [1:
+            @sym_eq whd in ⊢ (??%?); >EQppc %
+          |2:
+            >EQlookup_labels %
+          |3:
+            >sj_possible_refl @I
+          ]
+        |2:
+          @set_clock_status_of_pseudo_status try %
+          whd in match ticks_of0; normalize nodelta
+          @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+          [1:
+            >EQppc %
+          |2:
+            >sj_possible_refl %
+          ]
+        ]
+      |3:
+        @set_clock_status_of_pseudo_status try % @eq_f2 try %
+        whd in match ticks_of0; normalize nodelta
+        @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+        [1:
+          >EQppc %
+        |2:
+          >sj_possible_refl %
+        ]
+      ]
+    |2:
+      #sigma_increment_commutation #maps_assm
+      whd in maps_assm:(??%?); lapply maps_assm @Some_Some_elim #Mrefl destruct(Mrefl)
+      whd in ⊢ (% → ?); * #jc_fetch_refl * #sjmp_fetch_refl * #ljmp_fetch_refl
+      whd in ⊢ (% → ?); #ppc_eq_bv_refl %{2}
+      change with (execute 1 ?? = ?)
+      whd in match execute_1; normalize nodelta
+      whd in match execute_1'; normalize nodelta
+      <jc_fetch_refl whd in match execute_1_0; normalize nodelta
+      whd in match execute_1_preinstruction; normalize nodelta
+      @(if_then_else_replace ???????? p) normalize nodelta
+      [1:
+        >EQs
+        whd in match get_cy_flag; normalize nodelta
+        >special_function_registers_8051_set_program_counter
+        <(get_index_v_special_function_registers_8051_not_acc_a … 〈low, high, accA〉 … sigma policy) try %
+        normalize #absurd destruct(absurd)
+      |2:
+        @(if_then_else_replace ???????? p) normalize nodelta try %
+        change with (execute_1 ?? = ?) 
+        whd in match execute_1; normalize nodelta
+        whd in match execute_1'; normalize nodelta
+        
+        >set_clock_set_program_counter
+        >program_counter_set_program_counter
+        <sjmp_fetch_refl
+        change with (set_program_counter ???? = ?)
+        >set_clock_set_program_counter >set_clock_set_program_counter
+        >set_program_counter_set_program_counter >set_program_counter_set_program_counter
+        >EQs >EQticks <instr_refl
+        >set_clock_set_program_counter >set_clock_set_clock
+        @set_program_counter_status_of_pseudo_status
+        [1:
+          >program_counter_set_program_counter
+          whd in match compute_target_of_unconditional_jump; normalize nodelta
+          <(eq_bv_eq … ppc_eq_bv_refl) %
+        |2:
+          @set_clock_status_of_pseudo_status try % /demod nohyps/
+          whd in match ticks_of0; normalize nodelta
+          @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+          [1:
+            >EQppc %
+          |2:
+            >sj_possible_refl %
+          ]
+        ]
+      ]
+    ]
+  |14: (* JNC *)
+    >EQP -P normalize nodelta
+    whd in match assembly_1_pseudoinstruction; normalize nodelta
+    whd in match expand_pseudo_instruction; normalize nodelta
+    whd in match expand_relative_jump; normalize nodelta
+    whd in match expand_relative_jump_internal; normalize nodelta
+    >EQppc in ⊢ (% → ?);
+    @pair_elim #sj_possible #disp #sj_possible_disp_refl
+    inversion sj_possible #sj_possible_refl normalize nodelta
+    [1:
+      #sigma_increment_commutation #maps_assm #fetch_many_assm %{1}
+      whd in maps_assm:(??%%);
+      lapply maps_assm @Some_Some_elim #Mrefl destruct(Mrefl)
+      whd in ⊢ (??%?); normalize nodelta
+      <(fetch_many_singleton … fetch_many_assm) -fetch_many_assm
+      whd in ⊢ (??%?);
+      @if_then_else_status_of_pseudo_status
+      >EQs >EQticks <instr_refl normalize nodelta
+      [1:
+        @eq_f @(get_cy_flag_status_of_pseudo_status 〈low, high, accA〉) %
+      |2:
+        @set_program_counter_status_of_pseudo_status
+        [1:
+          >EQaddr_of normalize nodelta
+          whd in match addr_of_relative; normalize nodelta
+          @(short_jump_cond_ok … sj_possible … (sym_eq ??? sj_possible_disp_refl))
+          [1:
+            @sym_eq whd in ⊢ (??%?); >EQppc %
+          |2:
+            >EQlookup_labels %
+          |3:
+            >sj_possible_refl @I
+          ]
+        |2:
+          @set_clock_status_of_pseudo_status try %
+          whd in match ticks_of0; normalize nodelta
+          @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+          [1:
+            >EQppc %
+          |2:
+            >sj_possible_refl %
+          ]
+        ]
+      |3:
+        @set_clock_status_of_pseudo_status try % @eq_f2 try %
+        whd in match ticks_of0; normalize nodelta
+        @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+        [1:
+          >EQppc %
+        |2:
+          >sj_possible_refl %
+        ]
+      ]
+    |2:
+      #sigma_increment_commutation #maps_assm
+      whd in maps_assm:(??%?); lapply maps_assm @Some_Some_elim #Mrefl destruct(Mrefl)
+      whd in ⊢ (% → ?); * #jc_fetch_refl * #sjmp_fetch_refl * #ljmp_fetch_refl
+      whd in ⊢ (% → ?); #ppc_eq_bv_refl %{2}
+      change with (execute 1 ?? = ?)
+      whd in match execute_1; normalize nodelta
+      whd in match execute_1'; normalize nodelta
+      <jc_fetch_refl whd in match execute_1_0; normalize nodelta
+      whd in match execute_1_preinstruction; normalize nodelta
+      @(if_then_else_replace ???????? p) normalize nodelta
+      [1:
+        @eq_f >EQs
+        whd in match get_cy_flag; normalize nodelta
+        >special_function_registers_8051_set_program_counter
+        <(get_index_v_special_function_registers_8051_not_acc_a … 〈low, high, accA〉 … sigma policy) try %
+        normalize #absurd destruct(absurd)
+      |2:
+        @(if_then_else_replace ???????? p) normalize nodelta try %
+        change with (execute_1 ?? = ?) 
+        whd in match execute_1; normalize nodelta
+        whd in match execute_1'; normalize nodelta
+        >program_counter_set_program_counter
+        whd in match addr_of_relative; normalize nodelta
+        >set_clock_set_program_counter >program_counter_set_program_counter
+        <ljmp_fetch_refl
+        change with (set_program_counter ???? = ?)
+        >set_clock_set_program_counter >set_clock_set_program_counter >set_clock_set_program_counter
+        >set_program_counter_set_program_counter >set_program_counter_set_program_counter >set_program_counter_set_program_counter
+        >EQs >EQticks <instr_refl
+        >set_clock_set_program_counter >set_program_counter_set_program_counter in ⊢ (???%);
+        @set_program_counter_status_of_pseudo_status
+        [1:
+          >program_counter_set_program_counter
+          whd in match compute_target_of_unconditional_jump; normalize nodelta
+          >EQaddr_of normalize nodelta >EQlookup_labels %
+        |2:
+          >set_clock_set_clock
+          @set_clock_status_of_pseudo_status try %
+          /demod nohyps/
+          whd in match ticks_of0; normalize nodelta
+          @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+          [1:
+            >EQppc %
+          |2:
+            >sj_possible_refl %
+          ]
+        ]
+      ]
+    ]
+  |15: (* JNC *)
+    >EQP -P normalize nodelta
+    whd in match assembly_1_pseudoinstruction; normalize nodelta
+    whd in match expand_pseudo_instruction; normalize nodelta
+    whd in match expand_relative_jump; normalize nodelta
+    whd in match expand_relative_jump_internal; normalize nodelta
+    >EQppc in ⊢ (% → ?);
+    @pair_elim #sj_possible #disp #sj_possible_disp_refl
+    inversion sj_possible #sj_possible_refl normalize nodelta
+    [1:
+      #sigma_increment_commutation #maps_assm #fetch_many_assm %{1}
+      whd in maps_assm:(??%%);
+      lapply maps_assm @Some_Some_elim #Mrefl destruct(Mrefl)
+      whd in ⊢ (??%?); normalize nodelta
+      <(fetch_many_singleton … fetch_many_assm) -fetch_many_assm
+      whd in ⊢ (??%?);
+      @if_then_else_status_of_pseudo_status
+      >EQs >EQticks <instr_refl normalize nodelta
+      [1:
+        @eq_f @(get_cy_flag_status_of_pseudo_status 〈low, high, accA〉) %
+      |2:
+        @set_program_counter_status_of_pseudo_status
+        [1:
+          >EQaddr_of normalize nodelta
+          whd in match addr_of_relative; normalize nodelta
+          @(short_jump_cond_ok … sj_possible … (sym_eq ??? sj_possible_disp_refl))
+          [1:
+            @sym_eq whd in ⊢ (??%?); >EQppc %
+          |2:
+            >EQlookup_labels %
+          |3:
+            >sj_possible_refl @I
+          ]
+        |2:
+          @set_clock_status_of_pseudo_status try %
+          whd in match ticks_of0; normalize nodelta
+          @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+          [1:
+            >EQppc %
+          |2:
+            >sj_possible_refl %
+          ]
+        ]
+      |3:
+        @set_clock_status_of_pseudo_status try % @eq_f2 try %
+        whd in match ticks_of0; normalize nodelta
+        @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+        [1:
+          >EQppc %
+        |2:
+          >sj_possible_refl %
+        ]
+      ]
+    |2:
+      #sigma_increment_commutation #maps_assm
+      whd in maps_assm:(??%?); lapply maps_assm @Some_Some_elim #Mrefl destruct(Mrefl)
+      whd in ⊢ (% → ?); * #jc_fetch_refl * #sjmp_fetch_refl * #ljmp_fetch_refl
+      whd in ⊢ (% → ?); #ppc_eq_bv_refl %{2}
+      change with (execute 1 ?? = ?)
+      whd in match execute_1; normalize nodelta
+      whd in match execute_1'; normalize nodelta
+      <jc_fetch_refl whd in match execute_1_0; normalize nodelta
+      whd in match execute_1_preinstruction; normalize nodelta
+      @(if_then_else_replace ???????? p) normalize nodelta
+      [1:
+        @eq_f >EQs
+        whd in match get_cy_flag; normalize nodelta
+        >special_function_registers_8051_set_program_counter
+        <(get_index_v_special_function_registers_8051_not_acc_a … 〈low, high, accA〉 … sigma policy) try %
+        normalize #absurd destruct(absurd)
+      |2:
+        @(if_then_else_replace ???????? p) normalize nodelta try %
+        change with (execute_1 ?? = ?) 
+        whd in match execute_1; normalize nodelta
+        whd in match execute_1'; normalize nodelta
+        
+        >set_clock_set_program_counter
+        >program_counter_set_program_counter
+        <sjmp_fetch_refl
+        change with (set_program_counter ???? = ?)
+        >set_clock_set_program_counter >set_clock_set_program_counter
+        >set_program_counter_set_program_counter >set_program_counter_set_program_counter
+        >EQs >EQticks <instr_refl
+        >set_clock_set_program_counter >set_clock_set_clock
+        @set_program_counter_status_of_pseudo_status
+        [1:
+          >program_counter_set_program_counter
+          whd in match compute_target_of_unconditional_jump; normalize nodelta
+          <(eq_bv_eq … ppc_eq_bv_refl) %
+        |2:
+          @set_clock_status_of_pseudo_status try % /demod nohyps/
+          whd in match ticks_of0; normalize nodelta
+          @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+          [1:
+            >EQppc %
+          |2:
+            >sj_possible_refl %
+          ]
+        ]
+      ]
+    ]
+  |16: (* JB *)
+    >EQP -P normalize nodelta
+    whd in match assembly_1_pseudoinstruction; normalize nodelta
+    whd in match expand_pseudo_instruction; normalize nodelta
+    whd in match expand_relative_jump; normalize nodelta
+    whd in match expand_relative_jump_internal; normalize nodelta
+    >EQppc in ⊢ (% → ?);
+    @pair_elim #sj_possible #disp #sj_possible_disp_refl
+    inversion sj_possible #sj_possible_refl normalize nodelta
+    [1:
+      #sigma_increment_commutation #maps_assm #fetch_many_assm %{1}
+      whd in maps_assm:(??%%);
+      lapply maps_assm @Some_Some_elim #Mrefl destruct(Mrefl)
+      whd in ⊢ (??%?); normalize nodelta
+      <(fetch_many_singleton … fetch_many_assm) -fetch_many_assm
+      whd in ⊢ (??%?);
+      @if_then_else_status_of_pseudo_status
+      >EQs >EQticks <instr_refl normalize nodelta
+      [1:
+        @(get_arg_1_status_of_pseudo_status … 〈low, high, accA〉) try %
+        @(subaddressing_mode_elim … addr1) #w whd
+      |2:
+        @set_program_counter_status_of_pseudo_status
+        [1:
+          >EQaddr_of normalize nodelta
+          whd in match addr_of_relative; normalize nodelta
+          @(short_jump_cond_ok … sj_possible … (sym_eq ??? sj_possible_disp_refl))
+          [1:
+            @sym_eq whd in ⊢ (??%?); >EQppc %
+          |2:
+            >EQlookup_labels %
+          |3:
+            >sj_possible_refl @I
+          ]
+        |2:
+          @set_clock_status_of_pseudo_status try %
+          whd in match ticks_of0; normalize nodelta
+          @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+          [1:
+            >EQppc %
+          |2:
+            >sj_possible_refl %
+          ]
+        ]
+      |3:
+        @set_clock_status_of_pseudo_status try % @eq_f2 try %
+        whd in match ticks_of0; normalize nodelta
+        @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+        [1:
+          >EQppc %
+        |2:
+          >sj_possible_refl %
+        ]
+      ]
+    |2:
+      #sigma_increment_commutation #maps_assm
+      whd in maps_assm:(??%?); lapply maps_assm @Some_Some_elim #Mrefl destruct(Mrefl)
+      whd in ⊢ (% → ?); * #jc_fetch_refl * #sjmp_fetch_refl * #ljmp_fetch_refl
+      whd in ⊢ (% → ?); #ppc_eq_bv_refl %{2}
+      change with (execute 1 ?? = ?)
+      whd in match execute_1; normalize nodelta
+      whd in match execute_1'; normalize nodelta
+      <jc_fetch_refl whd in match execute_1_0; normalize nodelta
+      whd in match execute_1_preinstruction; normalize nodelta
+      @(if_then_else_replace ???????? p) normalize nodelta
+      [1:
+        @eq_f >EQs
+        whd in match get_cy_flag; normalize nodelta
+        >special_function_registers_8051_set_program_counter
+        <(get_index_v_special_function_registers_8051_not_acc_a … 〈low, high, accA〉 … sigma policy) try %
+        normalize #absurd destruct(absurd)
+      |2:
+        @(if_then_else_replace ???????? p) normalize nodelta try %
+        change with (execute_1 ?? = ?) 
+        whd in match execute_1; normalize nodelta
+        whd in match execute_1'; normalize nodelta
+        >program_counter_set_program_counter
+        whd in match addr_of_relative; normalize nodelta
+        >set_clock_set_program_counter >program_counter_set_program_counter
+        <ljmp_fetch_refl
+        change with (set_program_counter ???? = ?)
+        >set_clock_set_program_counter >set_clock_set_program_counter >set_clock_set_program_counter
+        >set_program_counter_set_program_counter >set_program_counter_set_program_counter >set_program_counter_set_program_counter
+        >EQs >EQticks <instr_refl
+        >set_clock_set_program_counter >set_program_counter_set_program_counter in ⊢ (???%);
+        @set_program_counter_status_of_pseudo_status
+        [1:
+          >program_counter_set_program_counter
+          whd in match compute_target_of_unconditional_jump; normalize nodelta
+          >EQaddr_of normalize nodelta >EQlookup_labels %
+        |2:
+          >set_clock_set_clock
+          @set_clock_status_of_pseudo_status try %
+          /demod nohyps/
+          whd in match ticks_of0; normalize nodelta
+          @(pair_replace ?????????? (eq_to_jmeq … sj_possible_disp_refl))
+          [1:
+            >EQppc %
+          |2:
+            >sj_possible_refl %
+          ]
+        ]
+      ]
+    ]
+  |16,17,18,19,20,21,22,23,24,25,26,27,28: (* XXX: conditional jumps *)
     cases daemon
   |(*29,30: (* ANL and ORL *)

src/ASM/Interpret.ma

@@ -162 +162 @@
               [ ACC_A ⇒ λacc_a: True.
                 let s' ≝ add_ticks1 s in
-                let 〈 carry, result 〉 ≝ half_add ? (get_arg_8 … s' true ACC_A) (bitvector_of_nat 8 1) in
+                let result ≝ add … (get_arg_8 … s' true ACC_A) (bitvector_of_nat 8 1) in
                  set_arg_8 … s' ACC_A result
               | REGISTER r ⇒ λregister: True.
                 let s' ≝ add_ticks1 s in
-                let 〈 carry, result 〉 ≝ half_add ? (get_arg_8 … s' true (REGISTER r)) (bitvector_of_nat 8 1) in
+                let result ≝ add … (get_arg_8 … s' true (REGISTER r)) (bitvector_of_nat 8 1) in
                  set_arg_8 … s' (REGISTER r) result
               | DIRECT d ⇒ λdirect: True.
                 let s' ≝ add_ticks1 s in
-                let 〈 carry, result 〉 ≝ half_add ? (get_arg_8 … s' true (DIRECT d)) (bitvector_of_nat 8 1) in
+                let result ≝ add … (get_arg_8 … s' true (DIRECT d)) (bitvector_of_nat 8 1) in
                  set_arg_8 … s' (DIRECT d) result
               | INDIRECT i ⇒ λindirect: True.
                 let s' ≝ add_ticks1 s in
-                let 〈 carry, result 〉 ≝ half_add ? (get_arg_8 … s' true (INDIRECT i)) (bitvector_of_nat 8 1) in
+                let result ≝ add … (get_arg_8 … s' true (INDIRECT i)) (bitvector_of_nat 8 1) in
                  set_arg_8 … s' (INDIRECT i) result
               | DPTR ⇒ λdptr: True.
                 let s' ≝ add_ticks1 s in
-                let 〈 carry, bl 〉 ≝ half_add ? (get_8051_sfr … s' SFR_DPL) (bitvector_of_nat 8 1) in
-                let 〈 carry, bu 〉 ≝ full_add ? (get_8051_sfr … s' SFR_DPH) (zero 8) carry in
+                let 〈carry, bl〉 ≝ half_add … (get_8051_sfr … s' SFR_DPL) (bitvector_of_nat 8 1) in
+                let 〈carry, bu〉 ≝ full_add ? (get_8051_sfr … s' SFR_DPH) (zero 8) carry in
                 let s ≝ set_8051_sfr … s' SFR_DPL bl in
                  set_8051_sfr … s' SFR_DPH bu
@@ -222 +222 @@
                 let 〈acc_nu', acc_nl'〉 ≝ vsplit ? 4 4 result in
                   if (gtb (nat_of_bitvector ? acc_nu') 9) ∨ cy_flag then
-                    let 〈 carry, nu 〉 ≝ half_add ? acc_nu' (bitvector_of_nat 4 6) in
+                    let nu ≝ add … acc_nu' (bitvector_of_nat 4 6) in
                     let new_acc ≝ nu @@ acc_nl' in
                     let s ≝ set_8051_sfr … s SFR_ACC_A new_acc in
@@ -582 +582 @@
               [ ACC_A ⇒ λacc_a: True. λEQaddr.
                 let s' ≝ add_ticks1 s in
-                let 〈 carry, result 〉 ≝ half_add ? (get_arg_8 … s' true ACC_A) (bitvector_of_nat 8 1) in
+                let result ≝ add … (get_arg_8 … s' true ACC_A) (bitvector_of_nat 8 1) in
                  set_arg_8 … s' ACC_A result
               | REGISTER r ⇒ λregister: True. λEQaddr.
                 let s' ≝ add_ticks1 s in
-                let 〈 carry, result 〉 ≝ half_add ? (get_arg_8 … s' true (REGISTER r)) (bitvector_of_nat 8 1) in
+                let result ≝ add … (get_arg_8 … s' true (REGISTER r)) (bitvector_of_nat 8 1) in
                  set_arg_8 … s' (REGISTER r) result
               | DIRECT d ⇒ λdirect: True. λEQaddr.
                 let s' ≝ add_ticks1 s in
-                let 〈 carry, result 〉 ≝ half_add ? (get_arg_8 … s' true (DIRECT d)) (bitvector_of_nat 8 1) in
+                let result ≝ add … (get_arg_8 … s' true (DIRECT d)) (bitvector_of_nat 8 1) in
                  set_arg_8 … s' (DIRECT d) result
               | INDIRECT i ⇒ λindirect: True. λEQaddr.
                 let s' ≝ add_ticks1 s in
-                let 〈 carry, result 〉 ≝ half_add ? (get_arg_8 … s' true (INDIRECT i)) (bitvector_of_nat 8 1) in
+                let result ≝ add … (get_arg_8 … s' true (INDIRECT i)) (bitvector_of_nat 8 1) in
                  set_arg_8 … s' (INDIRECT i) result
               | DPTR ⇒ λdptr: True. λEQaddr.
                 let s' ≝ add_ticks1 s in
-                let 〈 carry, bl 〉 ≝ half_add ? (get_8051_sfr … s' SFR_DPL) (bitvector_of_nat 8 1) in
-                let 〈 carry, bu 〉 ≝ full_add ? (get_8051_sfr … s' SFR_DPH) (zero 8) carry in
+                let 〈carry, bl〉 ≝ half_add … (get_8051_sfr … s' SFR_DPL) (bitvector_of_nat 8 1) in
+                let 〈carry, bu〉 ≝ full_add ? (get_8051_sfr … s' SFR_DPH) (zero 8) carry in
                 let s ≝ set_8051_sfr … s' SFR_DPL bl in
                  set_8051_sfr … s' SFR_DPH bu
@@ -642 +642 @@
                 let 〈acc_nu', acc_nl'〉 ≝ vsplit ? 4 4 result in
                   if (gtb (nat_of_bitvector ? acc_nu') 9) ∨ cy_flag then
-                    let 〈 carry, nu 〉 ≝ half_add ? acc_nu' (bitvector_of_nat 4 6) in
+                    let nu ≝ add … acc_nu' (bitvector_of_nat 4 6) in
                     let new_acc ≝ nu @@ acc_nl' in
                     let s ≝ set_8051_sfr … s SFR_ACC_A new_acc in
@@ -721 +721 @@
               [ DIRECT d ⇒ λdirect: True. λEQaddr.
                 let s ≝ add_ticks1 s in
-                let 〈carry, new_sp〉 ≝ half_add ? (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
+                let new_sp ≝ add … (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
                 let s ≝ set_8051_sfr … s SFR_SP new_sp in
                   write_at_stack_pointer ?? s (get_arg_8 ?? s false (DIRECT … d))
@@ -969 +969 @@
         match addr return λx. bool_to_Prop (is_in … [[ relative ]] x) → Σs':?.? with
         [ RELATIVE r ⇒ λrelative: True.
-          let 〈carry, new_pc〉 ≝ half_add ? program_counter (sign_extension r) in
-            new_pc
+            add … program_counter (sign_extension r)
         | _ ⇒ λother: False. ⊥
         ] (subaddressing_modein … addr)
@@ -1034 +1033 @@
               let big_acc ≝ (zero 8) @@ (get_8051_sfr … s SFR_ACC_A) in
               let dptr ≝ (get_8051_sfr … s SFR_DPH) @@ (get_8051_sfr … s SFR_DPL) in
-              let 〈carry, new_addr〉 ≝ half_add ? dptr big_acc in
+              let new_addr ≝ add … dptr big_acc in
               let result ≝ lookup ? ? new_addr cm (zero ?) in
                 set_8051_sfr … s SFR_ACC_A result
@@ -1041 +1040 @@
               (* DPM: Under specified: does the carry from PC incrementation affect the *)
               (*      addition of the PC with the DPTR? At the moment, no.              *)
-              let 〈carry, new_addr〉 ≝ half_add ? (program_counter … s) big_acc in
+              let new_addr ≝ add … (program_counter … s) big_acc in
               let result ≝ lookup ? ? new_addr cm (zero ?) in
                 set_8051_sfr … s SFR_ACC_A result
@@ -1050 +1049 @@
           let dptr ≝ (get_8051_sfr … s SFR_DPH) @@ (get_8051_sfr … s SFR_DPL) in
           let big_acc ≝ (zero 8) @@ (get_8051_sfr … s SFR_ACC_A) in
-          let 〈carry, jmp_addr〉 ≝ half_add ? big_acc dptr in
-          let 〈carry, new_pc〉 ≝ half_add ? (program_counter … s) jmp_addr in
+          let jmp_addr ≝ add … big_acc dptr in
+          let new_pc ≝ add … (program_counter … s) jmp_addr in
             set_program_counter … s new_pc
       | LJMP addr ⇒ λinstr_refl.
@@ -1069 +1068 @@
           match addr return λx. bool_to_Prop (is_in … [[ addr11 ]] x) → Σs':?. ? with
             [ ADDR11 a ⇒ λaddr11: True.
-              «let 〈carry, new_sp〉 ≝ half_add ? (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
+              «let new_sp ≝ add … (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
               let s ≝ set_8051_sfr … s SFR_SP new_sp in
               let 〈pc_bu, pc_bl〉 ≝ vsplit ? 8 8 (program_counter … s) in
               let s ≝ write_at_stack_pointer … s pc_bl in
-              let 〈carry, new_sp〉 ≝ half_add ? (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
+              let new_sp ≝ add … (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
               let s ≝ set_8051_sfr … s SFR_SP new_sp in
               let s ≝ write_at_stack_pointer … s pc_bu in
@@ -1087 +1086 @@
             [ ADDR16 a ⇒ λaddr16: True.
               «
-              let 〈carry, new_sp〉 ≝ half_add ? (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
+              let new_sp ≝ add … (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
               let s ≝ set_8051_sfr … s SFR_SP new_sp in
               let 〈pc_bu, pc_bl〉 ≝ vsplit ? 8 8 (program_counter … s) in
               let s ≝ write_at_stack_pointer … s pc_bl in
-              let 〈carry, new_sp〉 ≝ half_add ? (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
+              let new_sp ≝ add … (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
               let s ≝ set_8051_sfr … s SFR_SP new_sp in
               let s ≝ write_at_stack_pointer … s pc_bu in
@@ -1105 +1104 @@
     try (#absurd normalize in absurd; try destruct(absurd) try %)
     @pair_elim #carry #new_sp #carry_new_sp_refl
-    @pair_elim #pc_bu #pc_bl #pc_bu_bl_refl
-    @pair_elim #carry' #new_sp' #carry_new_sp_refl'
     [2:
       /demod nohyps/ %
@@ -1196 +1193 @@
       let s ≝ set_clock ?? s (\fst ticks + clock … s) in
       let a ≝ address_of_word_labels (\snd cm) call in
-      let 〈carry, new_sp〉 ≝ half_add ? (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
+      let new_sp ≝ add … (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
       let s ≝ set_8051_sfr … s SFR_SP new_sp in
       let 〈pc_bu, pc_bl〉 ≝ vsplit ? 8 8 (program_counter … s) in
       let s ≝ write_at_stack_pointer … s pc_bl in
-      let 〈carry, new_sp〉 ≝ half_add ? (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
+      let new_sp ≝ add … (get_8051_sfr … s SFR_SP) (bitvector_of_nat 8 1) in
       let s ≝ set_8051_sfr … s SFR_SP new_sp in
       let s ≝ write_at_stack_pointer … s pc_bu in