Context Navigation

← Previous Change
Next Change →

ERTLtoERTLptrOK.ma

Timestamp:

Jan 24, 2013, 7:52:38 PM (8 years ago)

Author:

piccolo

Message:

added monad machineary for ERTL to ERTLptr translation
eval_seq_no_pc case in place in ERTLptr translation

File:

: 1 edited

src/ERTLptr/ERTLtoERTLptrOK.ma (modified) (19 diffs)

Legend:

: Unmodified
: Added
: Removed

src/ERTLptr/ERTLtoERTLptrOK.ma

-                      r2570
+                      r2590
 (**************************************************************************)
 (*       ___                                                              *)
 …
 include "common/ExtraMonads.ma".
+axiom getLocalsFromId : ident → list register.
 definition ERTL_status ≝
 λprog : ertl_program.λstack_sizes.
 …
 joint_abstract_status (mk_prog_params ERTLptr_semantics prog stack_sizes).
 definition sigma_map ≝ λ prog : ertl_program.
 joint_closed_internal_function ERTL (prog_var_names … prog) → label → option label.
+definition sigma_map ≝ λ prog : ertlptr_program.
+joint_closed_internal_function ERTLptr (prog_var_names … prog) → label → option label.
 definition sigma_pc_opt :
 ∀ prog : ertl_program.
+∀ prog : ertlptr_program.
 sigma_map prog → program_counter → option program_counter ≝
 λprog,sigma,pc.
 …
     ERTLptr_semantics (pc_block pc) ertl_ptr_point.
+definition well_formed_pc ≝
+λprog,sigma,pc.sigma_pc_opt prog sigma pc ≠ None ?.
+definition sigma_pc ≝
+λprog,sigma,pc.λprf : well_formed_pc prog sigma pc. opt_safe … prf.
 definition sigma_beval_opt :
  ∀prog : ertl_program.
+definition sigma_stored_pc ≝
+λprog,sigma,pc. match sigma_pc_opt prog sigma pc with
+      [None ⇒ null_pc | Some x ⇒ x].
+definition sigma_beval :
+ ∀prog : ertlptr_program.
   sigma_map prog →
   beval → option beval ≝
+  beval → beval ≝
 λprog,sigma,bv.
 match bv with
+[ BVpc pc prt ⇒ ! pc' ← sigma_pc_opt prog sigma pc ; return BVpc pc' prt
+| _ ⇒ return bv
+[ BVpc pc prt ⇒ match sigma_pc_opt prog sigma pc with
+                 [None ⇒ BVundef | Some x ⇒ BVpc x prt]
+| _ ⇒ bv
 ].
+(*
 definition sigma_beval :
  ∀prog,sigma,bv.
  sigma_beval_opt prog sigma bv ≠ None ? → beval ≝
  λprog,sigma,bv.opt_safe ….
 definition sigma_is_opt :
  ∀prog : ertl_program.
+*)
+definition sigma_is :
+ ∀prog : ertlptr_program.
   sigma_map prog →
   internal_stack → option internal_stack ≝
+  internal_stack → internal_stack ≝
 λprog,sigma,is.
 match is with
 [ empty_is ⇒ return empty_is
 | one_is bv ⇒ ! bv' ← sigma_beval_opt … sigma bv ; return one_is bv'
+[ empty_is ⇒ empty_is
+| one_is bv ⇒ one_is (sigma_beval prog sigma bv)
 | both_is bv1 bv2 ⇒
+  ! bv1' ← sigma_beval_opt … sigma bv1 ;
+  ! bv2' ← sigma_beval_opt … sigma bv2 ;
+  return both_is bv1' bv2'
+  both_is (sigma_beval prog sigma bv1) (sigma_beval prog sigma bv2)
 ].
+definition sigma_is :
+ ∀prog,sigma,is.
+ sigma_is_opt prog sigma is ≠ None ? → internal_stack ≝
+ λprog,sigma,is.opt_safe ….
+lemma sigma_is_empty : ∀prog,sigma.
+  sigma_is prog sigma empty_is = empty_is.
+#prog #sigma %
+qed.
+(*
+lemma sigma_is_pop_commute :
+ ∀prog,sigma,is,bv,is'.
+ is_pop (sigma_is prog sigma is) =
+       return 〈sigma_beval prog sigma bv,sigma_is prog sigma is'〉 →
+ is_pop is = return 〈bv,is'〉.
+lemma sigma_is_empty : ∀prog,sigma.
+  ∀prf.sigma_is prog sigma empty_is prf = empty_is.
+#prog #sigma #prf whd in match sigma_is; normalize nodelta
+@opt_safe_elim #is' whd in ⊢ (??%%→?); #EQ destruct(EQ) % qed.
+lemma sigma_is_pop_commute :
+ ∀prog,sigma,is.
  ∀prf : sigma_is_opt prog sigma is ≠ None ?.
  res_preserve …
 …
 ∀b,z.block_id b < nextblock m → low_bound m b ≤ z → z < high_bound m b →
   sigma_beval_opt prog sigma (contents (blocks m b) z) ≠ None ?.
+*)
 definition sigma_mem :
+ ∀prog,sigma,m.
+ well_formed_mem prog sigma m →
+ bemem ≝
+ λprog,sigma,m,prf.
+ ∀prog : ertlptr_program . sigma_map prog → bemem → bemem ≝
+ λprog,sigma,m.
  mk_mem
   (λb.
 …
       mk_block_contents l h
       (λz.If Zleb l z ∧ Zltb z h then with prf'' do
         sigma_beval prog sigma (contents (blocks m b) z) ?
+        sigma_beval prog sigma (contents (blocks m b) z)
       else BVundef)
     else empty_block OZ OZ)
   (nextblock m)
   (nextblock_pos m).
+(*
 @hide_prf
 lapply prf'' lapply prf' -prf' -prf''
 …
 #zh #zl * @(prf … bid_ok zl zh)
 qed.
+*)
 (*DOPPIONI DEI CORRISPONDENTI LEMMI IN LINEARISE_PROOF.MA *)
 lemma andb_false : ∀b1,b2.andb b1 b2 = false → b1 = false ∨ b2 = false.
+(*lemma andb_false : ∀b1,b2.andb b1 b2 = false → b1 = false ∨ b2 = false.
 ** /2 by or_introl, or_intror/ normalize #ABS destruct(ABS) qed.
+*)
 axiom mem_ext_eq :
 …
       ∀z.contents bc1 z = contents bc2 z) →
   nextblock m1 = nextblock m2 → m1 = m2.
+(*
 lemma beloadv_sigma_commute:
 …
 qed.
+lemma ext_map_inf_eq : ∀A , B : Type[0].
+  ∀ m : positive_map A.
+  ∀ F, F' :  (∀a:A.(Σp:Pos. lookup_opt A p m = Some ? a) → B).
+  (∀a',id',id'',prf,prf'. F a' «id',prf» = F' a' «id'',prf'») →
+  map_inf A B m F = map_inf A B m F'.
+#A #B #m elim m [#F #F' #eqFF' %] * [2:#a] normalize nodelta #l #r #Hl #Hr #F #F'
+#eqFF' normalize [>(eqFF' a one one (refl ? (Some A a)) (refl ? (Some A a)))]
+@eq_f2 [1,3: @Hl |*: @Hr] #a' #id' #id'' #prf' #prf'' @eqFF'
+qed.
+lemma map_inf_add : ∀ A, B : Type[0].
+  ∀tag : String.
+  ∀m: identifier_map tag A.
+  ∀F :(∀a:A.(Σid. lookup tag A m id = Some A a) → B).
+  ∀a,id.
+  let m' ≝ (add tag A m id a) in
+  ∀F' :(∀a:A.(Σid. lookup tag A m' id = Some A a) → B).
+  (∀a',id',id'',prf,prf'. F a' «id',prf» = F' a' «id'',prf'») →
+  ∃ prf.
+  map_inf1 A B tag m' F' =
+  add tag B (map_inf1 A B tag m F) id (F' a «id,prf»).
+#A #B #tag #m #F #a #id normalize nodelta #F' #eqFF' %
+[@hide_prf @(lookup_add_hit tag A m ? ?)]
+lapply eqFF' -eqFF' lapply F' -F' lapply id -id lapply a -a lapply F -F
+cases m -m #m elim m
+[ #F #a * #id elim id [#F' #eqFF' %] #x #Hx #F' #eqFF' whd in ⊢ (??%%);
+  normalize nodelta @eq_f whd in match insert; normalize nodelta
+  whd in ⊢ (??%%); normalize nodelta @eq_f2 try %
+  lapply(Hx ??)
+    [2,5: #a1 ** #id1 #prf1 @F' [1,3: @a1]
+          [%{(an_identifier tag (p1 id1))} |%{(an_identifier tag (p0 id1))}] @prf1
+    |1,4: #a' * #id' * #id'' #prf #prf' normalize nodelta @eqFF'
+    |*: normalize nodelta whd in ⊢ (??%% → ?); normalize nodelta #EQ destruct(EQ)
+      lapply e0 -e0 whd in ⊢ (??%% → ?); normalize nodelta normalize in ⊢ (??(???%?)? → ?);
+      #EQ <EQ %
+    ]
+|  #opt_a #l1 #r1 #Hl1 #Hr1 #F #a ** [|*: #x] #F' #eqFF'
+  [ normalize @eq_f @eq_f2 @ext_map_inf_eq #a' #id' #id'' #prf' #prf'' >eqFF' [1,4:%|*:]
+  |*: normalize @eq_f lapply eqFF' -eqFF' lapply F' -F' lapply F -F cases opt_a
+      [2,4: #a1] normalize nodelta #F #F' #eqFF'
+      [3,4: @eq_f2|*: >(eqFF' a1 (an_identifier tag one) (an_identifier tag one)
+                     (refl (option A) (Some A a1)) (refl (option A) (Some A a1)))
+                    @eq_f2]
+          [1,4,5,8: @ext_map_inf_eq #a' #id' #id'' #prf' #prf'' >eqFF' [1,4,7,10:%|*:]
+          |2,6: lapply (Hr1 ? a (an_identifier tag x) ? ?)
+          |*: lapply (Hl1 ? a (an_identifier tag x) ? ?)
+          ]
+          [2,3,6,7,10,11,14,15: #a ** #id #prf [2,4,6,8: @F |*: @F'] try @a %
+                   [1,3,9,11: % @(p1 id) |5,7,13,15: % @(p0 id) |*: @hide_prf <prf %]
+          |1,5,9,13: #a * #id' * #id'' #prf #prf' normalize nodelta @eqFF'
+          |*: normalize in ⊢ (%→ ?); #EQ destruct(EQ) >e0 %
+          ]
+  ]
+]
+qed.
+*)
 inductive id_is_in (A : Type[0]) : Pos →  positive_map A → Prop ≝
 | is_in_root : ∀l,r,opt_a. id_is_in A (one) (pm_node … opt_a l r)
 …
                               [an_id_map p ⇒ id_is_in A x p]
      ].
+(*
 lemma lookup_map : ∀A,B : Type[0].
   ∀tag : String.
 …
 qed.*)
+*)
 lemma lookup_eq : ∀ A : Type[0].
 …
 qed.
+lemma update_lookup_previous : ∀ A : Type[0].
+include alias "common/Identifiers.ma".
+include alias "common/PositiveMap.ma".
+lemma p0_neq_one : ∀x: Pos. p0 x ≠ one.
+#x /3/
+qed.
+lemma p1_neq_one : ∀x: Pos. p1 x ≠ one.
+#x /3/
+qed.
+lemma lookup_ok_to_update : ∀ A : Type[0].
 ∀ tag : String.
 ∀m,m' : identifier_map tag A. ∀id,a.
+update tag A m id a = return m' ↔
+(lookup tag A m' id = Some ? a) ∧ lookup tag A m id ≠ None ? ∧
+(lookup tag A m' id = Some ? a)  → lookup tag A m id ≠ None ? →
 (∀ id'. id ≠ id' → (lookup tag A m id' = lookup tag A m' id') ∧
+     (id_is_in A tag m id' ↔ id_is_in A tag m' id')).
+#A #tag * #m * #m' * #id #a %
+  [ whd in ⊢ (??%% →  ?); inversion(update A ???) normalize nodelta [#_ #ABS destruct]
+    #m1 #m1_spec #EQ destruct % [%]
+    [  normalize @(update_lookup_opt_same … m1_spec)
+    |3: * #id' * #id_spec' normalize %
+        [@(update_lookup_opt_other … m1_spec ??) % #EQ @id_spec' >EQ %]
+        lapply id_spec' lapply m1_spec -id_spec' -m1_spec
+        (*cases id [|*:#x] -id normalize*) lapply m' -m' lapply id lapply id' -id -id'
+        elim m [#id' #id #m' cases id [|*: #x] normalize #EQ destruct]
+        #opt_a #l #r #Hl #Hr #id' #id #m' cases id [|*:#x] -id normalize
+        [ cases opt_a [2:#a] normalize #EQ destruct cases id' [#H @⊥ @H %]
+          #x #_ normalize % #H [1,2: %3 |*: %2]
+          inversion H #l1 #r1 #opt_a1
+          [1,4,7,10: #EQ lapply(jmeq_to_eq ??? EQ) #EQ1 @⊥
+                     [1,2: cut(p1 x ≠ one) [1,3: @(pos_elim … x) /3/]
+                     |*:   cut(p0 x ≠ one) [1,3: @(pos_elim … x) /3/]
+                     ]
+                     * #H @H >EQ1 //
+          |*:        #pos #H1 #_ #EQ lapply(jmeq_to_eq ??? EQ) #EQ1 destruct(EQ1)
+                     #EQ lapply(jmeq_to_eq ??? EQ) #EQ1 destruct(EQ1) #_ assumption
+          ]
+        |*: inversion(update A x a ?) normalize [1,3: #_ #EQ destruct] #pos_map
+            #pos_map_spec #EQ destruct #id_spec' % #H
+            inversion H #l1 #l2 #opt_a1
+            [1,4,7,10: #EQ lapply(jmeq_to_eq ??? EQ) -EQ #EQ
+                       #EQ1 lapply(jmeq_to_eq ??? EQ1) -EQ1 #EQ1 destruct(EQ1)
+                       #H1 %
+            |*: #pos #H1 #_ #EQ lapply(jmeq_to_eq ??? EQ) -EQ #EQ
+                #EQ1 lapply(jmeq_to_eq ??? EQ1) -EQ1 #EQ1 destruct(EQ1)
+                #H2 try %2 try %3 try assumption
+                [ @(proj1 … (Hr ? ? pos_map pos_map_spec ?)) [#EQ1 destruct @id_spec' %]
+                | @(proj2 … (Hr ? ? l2 pos_map_spec ?)) [#EQ1 destruct @id_spec' %]
+                | @(proj1 … (Hl ? ? pos_map pos_map_spec ?)) [#EQ1 destruct @id_spec' %]
+                | @(proj2 … (Hl ? ? l1 pos_map_spec ?)) [#EQ1 destruct @id_spec' %]
+                ]
+                assumption
+            ]
+         ]
+    | % normalize lapply m1_spec lapply id lapply m' -id -m' elim m
+      [#m' * [|*: #x] normalize #EQ destruct] #opt_a #l #r #Hl #Hr #m' * [|*: #x]
+      normalize [ cases opt_a [2:#a] normalize #EQ1 #EQ2 destruct]
+      inversion (update A x a ?) [1,3: #_ normalize #EQ destruct]
+      #pos_map #EQpos_map normalize #EQ destruct [@Hr|@Hl] assumption
+    ]
+  | ** normalize in ⊢ (%→%→?); lapply id -id lapply m' -m' elim m
+     (id_is_in A tag m id' ↔ id_is_in A tag m' id')) →
+update tag A m id a = return m'.
+#A #tag * #m * #m' * #id #a
+normalize in ⊢ (%→%→?); lapply id -id lapply m' -m' elim m
     [ #m' #id #m_spec' normalize in ⊢ (% → ?); * #EQ @⊥ @EQ %] #opt_a #l #r #Hl #Hr
     #m' * [|*: #x] normalize in ⊢ (%→%→?); #m_spec'
 …
+            ]
+      ]
+   ]
+qed.
+qed.
+lemma update_ok_to_lookup : ∀ A : Type[0].
+∀ tag : String.
+∀m,m' : identifier_map tag A. ∀id,a.
+update tag A m id a = return m' →
+(lookup tag A m' id = Some ? a) ∧ lookup tag A m id ≠ None ? ∧
+(∀ id'. id ≠ id' → (lookup tag A m id' = lookup tag A m' id') ∧
+     (id_is_in A tag m id' ↔ id_is_in A tag m' id')).
+#A #tag * #m * #m' * #id #a
+whd in ⊢ (??%% →  ?); inversion(update A ???) normalize nodelta [#_ #ABS destruct]
+    #m1 #m1_spec #EQ destruct % [%]
+    [  normalize @(update_lookup_opt_same … m1_spec)
+    |3: * #id' * #id_spec' normalize %
+        [@(update_lookup_opt_other … m1_spec ??) % #EQ @id_spec' >EQ %]
+        lapply id_spec' lapply m1_spec -id_spec' -m1_spec
+        (*cases id [|*:#x] -id normalize*) lapply m' -m' lapply id lapply id' -id -id'
+        elim m [#id' #id #m' cases id [|*: #x] normalize #EQ destruct]
+        #opt_a #l #r #Hl #Hr #id' #id #m' cases id [|*:#x] -id normalize
+        [ cases opt_a [2:#a] normalize #EQ destruct cases id' [#H @⊥ @H %]
+          #x #_ normalize % #H [1,2: %3 |*: %2]
+          inversion H #l1 #r1 #opt_a1
+          [1,4,7,10: #EQ lapply(jmeq_to_eq ??? EQ) #EQ1 @⊥
+                     [1,2: cut(p1 x ≠ one) [1,3: @(pos_elim … x) /3/]
+                     |*:   cut(p0 x ≠ one) [1,3: @(pos_elim … x) /3/]
+                     ]
+                     * #H @H >EQ1 //
+          |*:        #pos #H1 #_ #EQ lapply(jmeq_to_eq ??? EQ) #EQ1 destruct(EQ1)
+                     #EQ lapply(jmeq_to_eq ??? EQ) #EQ1 destruct(EQ1) #_ assumption
+          ]
+        |*: inversion(update A x a ?) normalize [1,3: #_ #EQ destruct] #pos_map
+            #pos_map_spec #EQ destruct #id_spec' % #H
+            inversion H #l1 #l2 #opt_a1
+            [1,4,7,10: #EQ lapply(jmeq_to_eq ??? EQ) -EQ #EQ
+                       #EQ1 lapply(jmeq_to_eq ??? EQ1) -EQ1 #EQ1 destruct(EQ1)
+                       #H1 %
+            |*: #pos #H1 #_ #EQ lapply(jmeq_to_eq ??? EQ) -EQ #EQ
+                #EQ1 lapply(jmeq_to_eq ??? EQ1) -EQ1 #EQ1 destruct(EQ1)
+                #H2 try %2 try %3 try assumption
+                [ @(proj1 … (Hr ? ? pos_map pos_map_spec ?)) [#EQ1 destruct @id_spec' %]
+                | @(proj2 … (Hr ? ? l2 pos_map_spec ?)) [#EQ1 destruct @id_spec' %]
+                | @(proj1 … (Hl ? ? pos_map pos_map_spec ?)) [#EQ1 destruct @id_spec' %]
+                | @(proj2 … (Hl ? ? l1 pos_map_spec ?)) [#EQ1 destruct @id_spec' %]
+                ]
+                assumption
+            ]
+         ]
+    | % normalize lapply m1_spec lapply id lapply m' -id -m' elim m
+      [#m' * [|*: #x] normalize #EQ destruct] #opt_a #l #r #Hl #Hr #m' * [|*: #x]
+      normalize [ cases opt_a [2:#a] normalize #EQ1 #EQ2 destruct]
+      inversion (update A x a ?) [1,3: #_ normalize #EQ destruct]
+      #pos_map #EQpos_map normalize #EQ destruct [@Hr|@Hl] assumption
+    ]
+qed.
+(*
-(*
-       -EQ
-      lapply H -H
-      [ lapply l1 -l1 elim l
-        [#l1 #H lapply (H (an_identifier tag (p0 one)) ?) [% #EQ destruct] *
-         normalize in ⊢ (%→?); cases l1 normalize [#_ #_ %] #opt_a #l2 #r2
-         #EQ <EQ * #H1 #H2 lapply (H2 ?) [%2 %] #h inversion h #l3 #r3 #opt_a3
-         [  #EQ lapply(jmeq_to_eq ??? EQ) #EQ1 @⊥ cut(p0 one ≠ one) [@(pos_elim … one) /3/]
-         * #H @H >EQ1 //
-         |*: #pos #H1 #_ #EQ lapply(jmeq_to_eq ??? EQ) #EQ1 destruct(EQ1)
-              #EQ lapply(jmeq_to_eq ??? EQ) -EQ #EQ1 -H destruct(EQ1) #_
-              -h -H2 inversion H1 #l4 #r4 #opt_a4
-              [ #_ #EQ1 lapply(jmeq_to_eq ??? EQ1) -EQ1 #EQ1 destruct(EQ1)
-              |*: #pos #H2 #_ #_ #EQ1 lapply(jmeq_to_eq ??? EQ1) -EQ1 #EQ1
-                  destruct(EQ1)
+              ]
+         ]
+      |
-             -EQ1 #EQ1
-      [ #_ %
-      |#opt_a2 #r2 #l2 #H lapply
-qed.
-*)
 lemma update_lookup_after : ∀ A : Type[0].
 ∀ tag : String.
 …
 qed.
+(*
 definition well_formed_register_env :
 ∀prog : ertl_program .∀sigma : (sigma_map prog).
 …
 λprog,sigma,psd_reg.∀id,bv. lookup ?? psd_reg id = Some ? bv →
 sigma_beval_opt prog sigma bv ≠ None ?.
+*)
+*)
+definition map : ∀tag,A,B. identifier_map tag A → (A → B) → identifier_map tag B ≝
+λtag,A,B,m,f.match m with
+[an_id_map p ⇒ an_id_map … (map ?? f p)].
+lemma lookup_map : ∀A,B : Type[0].
+  ∀tag : String.
+  ∀m : identifier_map tag A.
+  ∀ f:A → B.
+  ∀ id.
+lookup tag B (map tag A B m f) id =
+! a ← lookup tag A m id; return f a.
+#A #B #tag * #m #f * #id normalize >lookup_opt_map %
+qed.
+lemma update_leaf_fail: ∀tag,A,i,v.
+ update tag A (empty_map ??) i v = Error ? [MSG MissingId; CTX … i].
+#ta #A ** [|*: #x] #v normalize %
+qed.
+lemma update_def : ∀tag,A,m,i,v.
+  update tag A m i v =
+  match lookup tag A m i with
+  [ Some _ ⇒ OK ? (add tag A m i v)
+  | None ⇒ Error ? [MSG MissingId; CTX … i]
+  ].
+#tag #A #m #i #v inversion(update tag A m i v)
+[ #m' #EQm' cases(update_ok_to_lookup ?????? EQm') * #_
+ #H #_ elim H cases(lookup tag A m i) [#H @⊥ @H %]
+ #x #_ normalize <EQm' lapply EQm' cases i cases m cases m' -m -m' -i
+ normalize #m' #m #i inversion(update A i v m) normalize [#_ #ABS destruct]
+ #m'' #EQm'' #EQ destruct(EQ) @eq_f @eq_f lapply EQm'' -EQm'' lapply i -i
+ lapply m' -m' elim m [#m' * [2,3: #z] normalize #EQ destruct]
+ #opt_a #l #r #Hl #Hr #m' * [2,3: #z] normalize
+ [3: cases opt_a normalize [2: #y] #EQ destruct %
+ |*: inversion(update A z v ?) [2,4: #m'']  #EQm'' normalize #EQ destruct
+     [<(Hr … EQm'') | <(Hl … EQm'')] %
+ ]
+| #err cases m -m cases i -i #i #m normalize inversion(update A i v m) [2:#m']
+  #EQerr normalize #EQ destruct lapply EQerr lapply i elim m
+  [ normalize #x #_ %] #opt_a #l #r #Hl #Hr * [2,3:#z] normalize
+ [3: cases opt_a [2:#w] normalize #EQ destruct %
+ |*: inversion(update A z v ?) [2,4: #m'] #EQm' normalize #EQ destruct
+     [lapply(Hr … EQm') | lapply(Hl … EQm')] cases(lookup_opt A z ?) [2,4: #a]
+     normalize #EQ destruct %
+ ]
+]
+qed.
+lemma map_add : ∀tag : String.∀A,B : Type[0].∀ f: A → B.∀m,id,v.
+map tag A B (add tag A m id v) f = add tag B (map tag A B m f) id (f v).
+#tag #A #B #f * #m * #id #v normalize @eq_f lapply v -v lapply id -id elim m
+[ #id elim id [#v %] #x #IH #id normalize >IH %
+| #opt_a #l #r #Hl #Hr * [2,3: #x| #v normalize @eq_f2 %] #v normalize @eq_f2
+  try % [@Hr|@Hl]
+]
+qed.
+definition restrict : ∀tag.∀A,B.
+identifier_map tag A → identifier_map tag B → identifier_map tag A ≝
+λtag,A,B,m1,m2.an_id_map …
+           (merge A B A (λo,o'.match o' with [None ⇒ None ? | Some _ ⇒ o])
+                  (match m1 with [an_id_map p1 ⇒ p1])
+                  (match m2 with [an_id_map p2 ⇒ p2])).
+interpretation "identifier map restriction" 'intersects a b = (restrict ??? a b).
+unification hint 0 ≔ tag ; R ≟ identifier tag ⊢ list R ≡ list (identifier tag).
+lemma map_update_commute : ∀tag : String.∀A,B : Type[0].∀f : A → B. ∀m,id,v.
+update tag B (map tag A B m f) id (f v) =
+!m' ← update tag A m id v; return map tag A B m' f.
+#tag #A #B #f #m #id #v >update_def >update_def >lookup_map
+cases (lookup tag A m id) [%] #a >m_return_bind >m_return_bind normalize nodelta
+whd in ⊢ (???%); @eq_f @sym_eq @map_add
+qed.
+definition is_leaf ≝ λA.λpm : positive_map A.
+match pm with [ pm_leaf ⇒ true | _ ⇒ false ].
+(*
+let rec pm_clean A (pm : positive_map A) on pm : positive_map A ≝
+match pm with
+[ pm_leaf ⇒ pm_leaf ?
+| pm_node o l r ⇒
+  let l' ≝ pm_clean … l in
+  let r' ≝ pm_clean … r in
+  match o with
+  [ Some _ ⇒ pm_node … o l' r'
+  | None ⇒
+    if is_leaf … l' ∧ is_leaf … r' then pm_leaf ? else
+    pm_node … o l' r'
+  ]
+].
+definition clean ≝ λtag,A.λm : identifier_map tag A.
+  match m with [ an_id_map pm ⇒ an_id_map tag A (pm_clean … pm) ].
+*)
 definition sigma_register_env :
+∀prog : ertl_program.∀sigma : (sigma_map prog).
+∀psd_env : register_env beval.
+well_formed_register_env prog sigma psd_env → register_env beval ≝
+λprog,sigma,psd_env,prf.
+map_inf1 ?? ?  psd_env (λbv,prf1.sigma_beval prog sigma bv ?).
+@hide_prf @prf cases prf1 #pi1 #H assumption
+qed.
+∀prog : ertlptr_program.∀sigma : (sigma_map prog).
+register_env beval → list register →  register_env beval ≝
+λprog,sigma,psd_env,ids.
+let m' ≝  map ??? psd_env (λbv.sigma_beval prog sigma bv) in
+m' ∩ ids.
+(*
 definition well_formed_ertl_psd_env :
 ∀prog : ertl_program. ∀sigma : (sigma_map prog).
 ertl_psd_env → Prop≝
 λprog,sigma,psd_env.well_formed_register_env prog sigma (psd_regs psd_env).
+definition sigma_ertl_psd_env :
+∀prog : ertl_program. ∀ sigma : (sigma_map prog).
+∀psd : ertl_psd_env.
+well_formed_ertl_psd_env prog sigma psd → ertl_psd_env ≝
+λprog,sigma,psd_env,prf.
+mk_ertl_psd_env
+  (sigma_register_env …  prf)
+  (need_spilled_no psd_env).
+*)
+(*
 let rec well_formed_frames
 (prog : ertl_program) (sigma : (sigma_map prog))
 …
   | cons a tl ⇒ well_formed_ertl_psd_env prog sigma a ∧
                well_formed_frames prog sigma tl
+  ].
+let rec sigma_frames (prog : ertl_program) (sigma : (sigma_map prog))
+(l : list ertl_psd_env) (prf : well_formed_frames prog sigma l)
+on l : list ertl_psd_env ≝
+(match l with
+  [nil ⇒ λ_ : (l = nil ?) .nil ?
+  |cons a tl ⇒
+     λx : (l = cons ? a tl).
+       (sigma_ertl_psd_env prog sigma a ?)::
+                                   (sigma_frames prog sigma tl ?)
+  ]) (refl ? l).
+@hide_prf >x in prf; whd in match (well_formed_frames ???); * //
+qed.
+  ].
+*)
+lemma lookup_restrict : ∀tag,A,B.∀a : identifier_map tag A.∀b : identifier_map tag B.
+∀i.lookup ?? (a ∩ b) i = if i ∈ b then lookup … a i else None ?.
+#tag #A #B * #a * #b * #i normalize >lookup_opt_merge [2: %] cases (lookup_opt B i b)
+[2: #b] normalize % qed.
+(*
+lemma clean_add : ∀tag,A,m,i,v.clean … (add tag A m i v) = add tag A (clean … m) i v.
+#tag #A * #m * #i #v normalize @eq_f
+lapply m -m
+elim i -i
+[ * [%]
+  * [2: #x] #l #r [%] normalize
+  cases (pm_clean A l) normalize // cases (pm_clean A r) //
+|*: #i #IH * normalize
+  [1,3: >IH cases i // ]
+  * [2,4: #x] #l #r normalize
+  [1,2: >IH % ]
+  >IH cases i cases (pm_clean A l) cases (pm_clean A r) normalize //
+]
+qed.
+lemma clean_lookup : ∀tag,A,m,i.lookup … (clean tag A m) i = lookup … m i.
+#tag #A * #m * #i normalize lapply i -i elim m
+[#i %] * [2: #a] #l #r #Hl #Hr * [2,3,5,6: #x] normalize in ⊢ (???%);
+[1,3:<Hr|2,4:<Hl] normalize try % [3: @if_elim #_ %]
+cases(pm_clean A l) in Hl; normalize
+[2: #opt_a1 #l1 #r1 #_ %
+|3: #H cases(pm_clean A r) normalize //
+| #H cases(pm_clean A r) in Hr; normalize //
+| #opt_a1 #l1 #r1 #H cases x normalize //
+]
+qed.
+lemma clean_update : ∀tag,A,m,i,v.
+! m' ← update tag A m i v; return clean … m' =
+update tag A (clean … m) i v.
+#tag #A #m #i #v
+>update_def >update_def >clean_lookup cases (lookup tag A m i)
+[ % ]
+#m' >m_return_bind normalize nodelta >clean_add %
+qed.
+*)
+lemma lookup_eq_id_map : ∀tag : String. ∀ A : Type[0].
+∀m,m' : identifier_map tag A.
+(∀id. lookup … m id = lookup … m' id
+      ∧ (id_is_in A tag m id ↔ id_is_in A tag m' id)) → m=m'.
+#tag #A * #m * #m' #H @eq_f @lookup_eq #id lapply(H (an_identifier tag id))
+* #H1 #H2 % // assumption
+qed.
+(*
+lemma clean_leaf : ∀tag : String . ∀ A : Type[0].
+∀m : identifier_map tag A. (∀ id. lookup … m id = None ?) →
+clean ?? m = empty_map ??.
+#tag #A * #m elim m [#_ %] #opt_a #l #r #Hl #Hr #H normalize @eq_f
+lapply(H (an_identifier tag one)) normalize #EQ >EQ -EQ normalize
+lapply(Hl ?) [2: lapply(Hr ?)]
+  [1,3: * #id [lapply(H (an_identifier tag (p1 id))) | lapply(H (an_identifier tag (p0 id)))]
+       #H assumption
+  | normalize #EQ #EQ1 destruct >e0 >e1 normalize %
+  ]
+qed.
+*)
+lemma id_is_in_lookup : ∀tag,A,m,id,v.
+ lookup tag A m id = Some ? v → id_is_in A tag m id.
+#tag #A * #m * #id #a normalize lapply m -m elim id
+[|*: #x #IH] * normalize [1,3,5: #EQ destruct] #opt_a #l #r [ #_ %] #H [%3 |%2]
+@IH assumption
+qed.
+(*
+lemma pm_clean_leaf : ∀ A : Type[0].
+∀m : positive_map A. (∀ id. lookup_opt … id m = None ?) →
+pm_clean ? m = pm_leaf ….
+#A #m elim m [ #id %] #opt_a #l #r #Hl #Hr #H normalize lapply(H one) normalize
+#EQ >EQ normalize >Hl [normalize >Hr [ %]] #id [@(H (p1 id))|@(H (p0 id))]
+qed.
+lemma pm_clean_canonic : ∀A,m,n.(∀i.lookup_opt A i m = lookup_opt A i n) →
+  pm_clean ? m = pm_clean ? n.
+#A #m #n lapply m -m elim n
+[ @pm_clean_leaf ]
+* [2: #x] #l #r #IHl #IHr *
+  [1,3: #H @sym_eq @pm_clean_leaf #id @sym_eq @H ] #opt #l' #r' #H
+ lapply (H one) normalize in ⊢ (%→?); #EQ destruct
+ whd in ⊢ (??%%);
+ >(IHl l') [1,3: >(IHr r') [1,3 : % ]] #i
+ [1,2: @(H (p1 i)) |*: @(H (p0 i)) ] qed.
+lemma clean_canonic : ∀tag,A,m,n.(∀i.lookup tag A m i = lookup tag A n i) →
+  clean ?? m = clean ?? n.
+#tag #A * #m * #n #H normalize @eq_f @pm_clean_canonic #i
+lapply(H (an_identifier tag i))
+normalize //
+qed.
+*)
+lemma update_fail_lookup : ∀tag,A,m,i,v,e.update tag A m i v = Error … e →
+  e = [MSG MissingId; CTX … i] ∧ lookup … m i = None ?.
+#tag #A #m #i #v #errmsg >update_def cases(lookup tag A m i) [2: #a] normalize
+#EQ destruct % //
+qed.
+lemma lookup_hit_update : ∀tag,A,m,i,v.i ∈ m →
+  ∃m'.update tag A m i v = OK ? m'.
+#tag #A #m #i #v #H % [2: >update_def lapply(in_map_domain … m i) >H * #v #EQ >EQ
+normalize %|]
+qed.
+lemma lookup_miss_update : ∀tag,A,m,i,v.lookup tag A m i = None ? →
+  update … m i v = Error … [MSG MissingId; CTX … i].
+#tag #A #m #i #v #EQ >update_def >EQ normalize %
+qed.
+lemma update_ok_old_lookup : ∀tag,A,m,i,v,m'.update tag A m i v = OK ? m' →
+  i ∈ m.
+#tag #A #m #i #v #m' >update_def inversion(lookup tag A m i) [2: #a] #EQ normalize
+#EQ destruct >EQ normalize @I
+qed.
+lemma lookup_update_ok : ∀tag,A,m,i,v,m',i'.update tag A m i v = OK ? m' →
+  lookup … m' i' = if eq_identifier ? i' i then Some ? v else lookup … m i'.
+#tag #A #m #i #v #m' #i' >update_def inversion(lookup tag A m i) [2: #a] #EQ
+normalize nodelta #EQ1 destruct @eq_identifier_elim
+[ #H normalize nodelta >H @lookup_add_hit
+| #H normalize nodelta @lookup_add_miss assumption
+]
+qed.
+lemma mem_set_restrict : ∀tag,A,B.∀a : identifier_map tag A.∀b : identifier_map tag B.
+∀i.i ∈ a ∩ b = (i ∈ a ∧ i ∈ b).
+#tag #A #B * #a * #b  * #i normalize >lookup_opt_merge [2: %] cases(lookup_opt B i b)
+[2: #a1] normalize [2: @if_elim #_ %] cases(lookup_opt A i a) [2: #a2] normalize %
+qed.
+(*
+lemma merge_eq : ∀A.∀p : positive_map A.∀choice. merge
+*)
+lemma add_restrict : ∀tag,A,B.∀a : identifier_map tag A. ∀b : identifier_map tag B.
+∀i,v.i∈b → add tag A (a ∩ b) i v = (add tag A a i v) ∩ b.
+#tag #A #B * #a * #b * #i #v normalize inversion(lookup_opt B i b) normalize [#_ *]
+#v1 #EQv1 * @eq_f lapply EQv1 lapply v1 lapply a lapply b -a -b -v1 elim i normalize
+[ * normalize [#b #v #EQ destruct] #opt_a #l #r *
+  [#v #EQ destruct normalize %] #opt_b #l1 #r1 #v #EQ destruct normalize cases opt_b
+  normalize [2: #x %] cases(merge A B A ? l1 l) normalize [2: #opt_a2 #l2 #r2 %]
+  cases(merge A B A ? r1 r) //
+|*: #x #IH * [2,4: #opt_b #l1 #r1] #p1 normalize [3,4: #i #EQ destruct] cases p1 -p1
+    [2,4: #opt_a #l2 #r2] normalize #v #H cases opt_b [2,4,6,8: #b] normalize
+    [1,2,5,6: <IH try assumption [1,2: cases opt_a [2,4: #a] normalize try %]
+     cases(merge A B A ? l2 l1) normalize // lapply H [1,4: cases r1 |*: cases l1]
+     normalize [1,3,5,7,9,11: #EQ destruct] #opt_b4 #l4 #r4 cases x normalize
+     [1,4,7,10,13,16: #EQ destruct normalize // cases(merge A B A ? ? ?) normalize //]
+     #x #H normalize cases(merge A B A ? ? ?) normalize //
+    |*: <IH try assumption
+       [1,3: cases(map_opt ? ? ? l1) normalize // lapply H cases r1 normalize
+            [1,3: #EQ destruct] #opt_b2 #l2 #r2 cases x [1,4: //] #x normalize //
+       |*: lapply H cases x normalize [2,3,5,6: #y] cases l1 normalize
+          [1,3,5,7,9,11: #EQ destruct] #opt_b2 #l2 #r2 #H //
+       ]
+   ]
+]
+qed.
+lemma update_restrict : ∀tag,A,B.∀a : identifier_map tag A.∀b : identifier_map tag B.
+∀i,v.i ∈ b → update ?? (a ∩ b) i v =
+  ! a' ← update ?? a i v ; return a' ∩ b.
+#tag #A #B #a #b #id #v #H
+lapply (in_map_domain … b id) >H * #ignore #EQ_lookup_b
+(*<clean_update*)
+inversion (update tag A a id v)
+[2: #e #EQ cases (update_fail_lookup ?????? EQ) #EQ1 #EQ2 destruct
+  >lookup_miss_update [%]
+  >lookup_restrict >H assumption ]
+#m' #EQ >m_return_bind
+cases (lookup_hit_update ?? (a∩b) id v ?)
+[2: >mem_set_restrict >H >(update_ok_old_lookup ?????? EQ) % ]
+#m'' >update_def >update_def in EQ; >lookup_restrict >H normalize nodelta
+cases(lookup tag A a id) normalize nodelta [#ABS destruct] #v1 #EQ #EQ'' destruct
+whd in ⊢ (??%%); @eq_f @add_restrict assumption
+qed.
+definition sigma_frames : ∀prog : ertlptr_program.sigma_map prog →
+list (register_env beval × ident) → list (register_env beval × ident) ≝
+λprog,sigma,frms.map ??
+(λx.〈sigma_register_env prog sigma (\fst x) (getLocalsFromId (\snd x)),\snd x〉) frms.
+(*
 lemma sigma_empty_frames_commute :
 ∀prog : ertl_program. ∀ sigma : (sigma_map prog).
 …
 hw_register_env → Prop ≝
 λprog,sigma,regs.sigma_bit_vector_trie_opt prog sigma 6 (reg_env … regs) ≠ None ?.
+*)
+include "common/BitVectorTrieMap.ma".
 definition sigma_hw_register_env :
+∀prog: ertl_program. ∀sigma : (sigma_map prog).
+∀h_reg : hw_register_env. well_formed_hw_register_env prog sigma h_reg →
+hw_register_env ≝
+λprog,sigma,h_reg,prf.mk_hw_register_env
+(opt_safe … prf) (other_bit … h_reg).
+definition well_formed_regs :
+∀prog : ertl_program. ∀ sigma : (sigma_map prog).
+ertl_psd_env×hw_register_env → Prop ≝
+λprog,sigma,regs. let 〈x,y〉 ≝ regs in
+well_formed_ertl_psd_env prog sigma x ∧ well_formed_hw_register_env prog sigma y.
+∀prog: ertlptr_program. ∀sigma : (sigma_map prog).
+hw_register_env → hw_register_env ≝
+λprog,sigma,h_reg.mk_hw_register_env
+(map ? ? (sigma_beval prog sigma) 6 (reg_env … h_reg)) (other_bit … h_reg).
 definition sigma_regs :
+∀prog : ertl_program. ∀sigma : (sigma_map prog).
+∀regs: ertl_psd_env×hw_register_env.well_formed_regs prog sigma regs →
+ertl_psd_env×hw_register_env ≝
+λprog,sigma,regs.let 〈x,y〉≝ regs in
+λprf : well_formed_regs prog sigma 〈x,y〉.
+      〈sigma_ertl_psd_env prog sigma x (proj1 … prf),
+       sigma_hw_register_env prog sigma y (proj2 … prf)〉.
+∀prog : ertlptr_program. ∀sigma : (sigma_map prog).
+(register_env beval)×hw_register_env→ list register →
+(register_env beval)×hw_register_env ≝
+λprog,sigma,regs,ids.let 〈x,y〉≝ regs in
+      〈sigma_register_env prog sigma x ids,
+       sigma_hw_register_env prog sigma y〉.
+(*
 lemma sigma_empty_regsT_commute :
 ∀prog : ertl_program. ∀sigma : (sigma_map prog).
 …
 well_formed_regs prog sigma (regs … st) ∧
 well_formed_mem prog sigma (m … st).
+*)
 definition sigma_state :
  ∀prog : ertl_program.
+ ∀prog : ertlptr_program.
  ∀sigma : sigma_map prog.
+ ∀st : state ERTL_semantics.
+ well_formed_state prog sigma st →
+ state ERTLptr_semantics ≝
+λprog,sigma,st,prf.
+mk_state …
+  (sigma_frames prog sigma (st_frms … st) ?)
+  (sigma_is prog sigma (istack … st) ?)
+ state ERTLptr_semantics → list register →
+ state ERTL_semantics ≝
+λprog,sigma,st,ids.
+mk_state ?
+  (sigma_frames prog sigma (st_frms … st))
+  (sigma_is prog sigma (istack … st))
   (carry … st)
   (sigma_regs prog sigma (regs … st) ?)
   (sigma_mem prog sigma (m … st) ?).
+@hide_prf cases prf ** //
+qed.
+definition well_formed_state_pc :
 ∀prog : ertl_program .∀ sigma : sigma_map prog.
+  state_pc ERTL_semantics → Prop ≝
  λprog,sigma,st.
+ well_formed_pc prog sigma (last_pop … st) ∧
+ well_formed_state prog sigma st.
+  (sigma_regs prog sigma (regs … st) ids)
+  (sigma_mem prog sigma (m … st)).
+definition dummy_state : state ERTL_semantics ≝
+mk_state ERTL_semantics
+   [ ] empty_is BBundef 〈empty_map ? ?,mk_hw_register_env … (Stub …) BBundef〉 empty.
+definition dummy_state_pc : state_pc ERTL_semantics ≝
+mk_state_pc ? dummy_state null_pc null_pc.
+check fetch_internal_function
 definition sigma_state_pc :
+∀prog : ertl_program. ∀sigma : sigma_map prog.
+∀ st : state_pc ERTL_semantics. well_formed_state_pc prog sigma st →
+state_pc ERTLptr_semantics ≝
+λprog,sigma,st,prf.
+mk_state_pc ? (sigma_state … (proj2 … prf)) (pc … st)
+              (sigma_pc … (proj1 … prf)).
+∀prog : ertl_program.
+let trans_prog ≝ ertl_to_ertlptr prog in
+∀sigma : sigma_map trans_prog.
+state_pc ERTLptr_semantics →
+ state_pc ERTL_semantics ≝
+λprog,sigma,st.
+  let trans_prog ≝ ertl_to_ertlptr prog in
+  let ge ≝ globalenv_noinit … prog in
+  if eqZb       (block_id (pc_block (pc … st))) (-1) then (* check for dummy pc *)
+    dummy_state_pc
+  else
+  match    (fetch_internal_function (joint_closed_internal_function ERTL
+                (prog_var_names (joint_function ERTL) ℕ prog)) ge (pc_block (pc … st))) with
+   [OK x ⇒ let 〈i,fd〉 ≝ x in
+      mk_state_pc ? (sigma_state trans_prog sigma st (joint_if_locals … fd))
+       (pc … st) (sigma_stored_pc trans_prog sigma (last_pop … st))
+   |Error msg ⇒ dummy_state_pc].
+(*
 lemma reg_store_sigma_commute :
 ∀ prog : ertl_program. ∀sigma : (sigma_map prog).
 …
 qed.
+lemma ertl_allocate_local_commute : ∀prog : ertl_program.
+∀sigma : sigma_map prog.∀reg,regs,prf1. ∃ prf2.
+ertl_allocate_local reg (sigma_regs prog sigma regs prf1) =
+sigma_regs prog sigma (ertl_allocate_local reg regs) prf2.
+#prog #sigma * #r ** #psd_r #sp #hw_regs #prf1 %
+whd in match ertl_allocate_local; normalize nodelta
+[ @hide_prf % [2: cases prf1 #_ #x assumption] ]
+whd in match set_psd_regs; normalize nodelta
+[ whd in match well_formed_ertl_psd_env; whd in match well_formed_register_env;
+  normalize nodelta * #id #bv cases(decidable_eq_pos id r)
+  [ #EQ >EQ >lookup_add_hit #EQ1 destruct(EQ1) normalize % #EQ2 destruct
+  | * #EQ
+  >(lookup_add_miss ?? (psd_r) (an_identifier ? id) (an_identifier RegisterTag r) BVundef ?)
+   [2: % #EQ1 @EQ destruct %] cases prf1 whd in match well_formed_ertl_psd_env;
+   whd in match well_formed_register_env; normalize nodelta #H1 #_ #H @H1
+   [% @id|assumption]
+  ]
+| whd in match sigma_regs; whd in match sigma_ertl_psd_env; normalize nodelta
+ @eq_f2 [2: %] @eq_f2 [2: %] whd in match sigma_register_env; normalize nodelta
+ cases(map_inf_add beval beval RegisterTag psd_r ? BVundef (an_identifier ? r) ? ?)
+ [ #prf2 #EQ >EQ @eq_f % ||
+ | #bv #id' #id'' #prf #prf' %
+ ]
+]
+qed.
+lemma is_push_sigma_commute :
+∀ prog : ertl_program. ∀ sigma : sigma_map prog.
+preserving2 … res_preserve …
+  (sigma_is prog sigma)
+  (sigma_beval prog sigma)
+  (sigma_is prog sigma)
+  is_push
+  is_push.
+#prog #sigma *
+[ | #bv1 | #bv1 #bv2 ] #val #prf1 #prf2 #is'
+whd in ⊢ (??%%→?); #EQ destruct(EQ)
+whd in match sigma_beval; normalize nodelta
+@opt_safe_elim #val' #EQsigma_val
+%
+[1,3: @hide_prf %
+|*: whd in match sigma_is in ⊢ (???%); normalize nodelta
+  @opt_safe_elim #is''
+] whd in match sigma_is_opt; normalize nodelta
+[2,4:
+  inversion (sigma_beval_opt ???)
+  [1,3: #EQ whd in prf1 : (?(??%?)); @⊥ >EQ in prf1;
+    normalize nodelta * #H @H % ]
+  #bv1' #EQ_bv1' >m_return_bind ]
+>EQsigma_val
+whd in ⊢ (??%%→?); #EQ destruct(EQ)
+whd in match sigma_is; normalize nodelta
+@opt_safe_elim #is1
+whd in match sigma_is_opt; normalize nodelta
+[ #H @('bind_inversion H) #bv1''
+  >EQ_bv1' #EQ destruct(EQ) ]
+whd in ⊢ (??%%→?); #EQ destruct(EQ) %
+qed.
+check internal_stack
+check BVpc
+definition sigma_is_not_head_opt : ∀ prog : ertl_program.
+sigma_map prog → internal_stack → option internal_stack ≝
+λprog,sigma,is.
+     match is with
+[ empty_is ⇒ return empty_is
+| one_is bv ⇒ return one_is bv
+| both_is bv1 bv2 ⇒
+  ! bv2' ← sigma_beval_opt … sigma bv2 ;
+  return both_is bv1 bv2'
+].
+lemma ertlptr_save_frame_commute : ∀prog: ertl_program.
+∀sigma : sigma_map prog. ∀kind.
+    preserving … res_preserve …
+         (sigma_state_pc prog sigma)
+         (sigma_state prog sigma)
+         (ertl_save_frame kind it)
+         (ertlptr_save_frame kind it).
+#prog #sigma * whd in match ertl_save_frame; whd in match ertlptr_save_frame;
+normalize nodelta * #st #pc #lp * #wf_lp #wf_st
+  [2: @mfr_bind
+    [3: whd in match push_ra; normalize nodelta @mfr_bind
+      [3: whd in match sigma_state_pc; whd in match push; whd in match sigma_state;
+          normalize nodelta @mfr_bind
+        [#is @(sigma_is_not_head_opt prog sigma is ≠ None ?)
+        |#is #prf @(opt_safe … prf)
+        |
+  #x #x_spec @mfr_bind
+[ @(λ_.True) | #st * @(sigma_state prog sigma st) |
+  [3: cases kind normalize nodelta whd in match push_ra; normalize nodelta
+    [ whd in match sigma_state_pc; normalize nodelta #st #st_spec
+*)
 definition ERTLptrStatusSimulation :
 ∀ prog : ertl_program.
 let trans_prog ≝ ertl_to_ertlptr prog in
 ∀stack_sizes.
 sigma_map prog →
+sigma_map trans_prog →
 status_rel (ERTL_status prog stack_sizes) (ERTLptr_status trans_prog stack_sizes) ≝
+λprog,stack_sizes,sigma.mk_status_rel …
+    (* sem_rel ≝ *) (λ
+λprog,stack_sizes,sigma.let trans_prog ≝ ertl_to_ertlptr prog in mk_status_rel ??
+    (* sem_rel ≝ *) (λs1:ERTL_status prog stack_sizes
+       .λs2:ERTLptr_status trans_prog stack_sizes
+        .s1=sigma_state_pc prog sigma s2)
+    (* call_rel ≝ *)  (λs1:Σs:ERTL_status prog stack_sizes
+               .as_classifier (ERTL_status prog stack_sizes) s cl_call
+       .λs2:Σs:ERTLptr_status trans_prog stack_sizes
+                .as_classifier (ERTLptr_status trans_prog stack_sizes) s cl_call
+        .pc (mk_prog_params ERTL_semantics prog stack_sizes) s1
+         =sigma_stored_pc trans_prog sigma
+          (pc
+           (mk_prog_params ERTLptr_semantics (ertl_to_ertlptr prog) stack_sizes)
+           s2))
+    (* sim_final ≝ *) ?.
+cases daemon
+qed.
+lemma fetch_function_no_minus_one :
+  ∀F,V,i,p,bl.
+  block_id (pi1 … bl) = -1 →
+  fetch_function … (globalenv (λvars.fundef (F vars)) V i p)
+    bl = Error … [MSG BadFunction].
+ #F#V#i#p ** #r #id #EQ1 #EQ2 destruct
+  whd in match fetch_function; normalize nodelta
+  >globalenv_no_minus_one
+  cases (symbol_for_block ???) normalize //
+qed.
+lemma fetch_function_no_zero :
+ ∀F,V,i,p,bl.
+  block_id (pi1 … bl) = 0 →
+  fetch_function … (globalenv (λvars.fundef (F vars)) V i p)
+    bl = Error … [MSG BadFunction].
+ #F#V#i#p ** #r #id #EQ1 #EQ2 destruct
+  whd in match fetch_function; normalize nodelta
+  >globalenv_no_zero
+  cases (symbol_for_block ???) normalize //
+qed.
+(*DOPPIONI dei LEMMI in LINEARISE_PROOF*)
+lemma symbol_for_block_match:
+    ∀M:matching.∀initV,initW.
+     (∀v,w. match_var_entry M v w →
+      size_init_data_list (initV (\snd v)) = size_init_data_list (initW (\snd w))) →
+    ∀p: program (m_A M) (m_V M). ∀p': program (m_B M) (m_W M).
+    ∀MATCH:match_program … M p p'.
+    ∀b: block.
+    symbol_for_block … (globalenv … initW p') b =
+    symbol_for_block … (globalenv … initV p) b.
+* #A #B #V #W #match_fn #match_var #initV #initW #H
+#p #p' * #Mvars #Mfn #Mmain
+#b
+whd in match symbol_for_block; normalize nodelta
+whd in match globalenv in ⊢ (???%); normalize nodelta
+whd in match (globalenv_allocmem ????);
+change with (add_globals ?????) in match (foldl ?????);
+>(proj1 … (add_globals_match … initW … Mvars))
+[ % |*:]
+[ * #idr #v * #idr' #w #MVE %
+  [ inversion MVE
+    #H1 #H2 #H3 #H4 #H5 #H6 #H7 #H8 destruct %
+  | @(H … MVE)
+  ]
+| @(matching_fns_get_same_blocks … Mfn)
+  #f #g @match_funct_entry_id
+]
+qed.
+lemma symbol_for_block_transf :
+ ∀A,B,V,init.∀prog_in : program A V.
+ ∀trans : ∀vars.A vars → B vars.
+ let prog_out ≝ transform_program … prog_in trans in
+ ∀bl.
+ symbol_for_block … (globalenv … init prog_out) bl =
+ symbol_for_block … (globalenv … init prog_in) bl.
+#A #B #V #iV #p #tf @(symbol_for_block_match … (transform_program_match … tf ?))
+#v0 #w0 * //
+qed.
+lemma fetch_function_transf :
+ ∀A,B,V,init.∀prog_in : program A V.
+ ∀trans : ∀vars.A vars → B vars.
+ let prog_out ≝ transform_program … prog_in trans in
+ ∀bl,i,f.
+ fetch_function … (globalenv … init prog_in) bl =
+  return 〈i, f〉
+→ fetch_function … (globalenv … init prog_out) bl =
+  return 〈i, trans … f〉.
+#A #B #V #init #prog_in #trans #bl #i #f
+ whd in match fetch_function; normalize nodelta
+ #H lapply (opt_eq_from_res ???? H) -H
+ #H @('bind_inversion H) -H #id #eq_symbol_for_block
+ #H @('bind_inversion H) -H #fd #eq_find_funct
+ whd in ⊢ (??%?→?); #EQ destruct(EQ)
+ >(symbol_for_block_transf … trans) >eq_symbol_for_block >m_return_bind
+ >(find_funct_ptr_transf A B …  eq_find_funct) %
+qed.
+lemma fetch_internal_function_transf :
+ ∀A,B.∀prog_in : program (λvars.fundef (A vars)) ℕ.
+ ∀trans : ∀vars.A vars → B vars.
+ let prog_out ≝ transform_program … prog_in (λvars.transf_fundef … (trans vars)) in
+ ∀bl,i,f.
+ fetch_internal_function … (globalenv_noinit … prog_in) bl =
+  return 〈i, f〉
+→ fetch_internal_function … (globalenv_noinit … prog_out) bl =
+  return 〈i, trans … f〉.
+#A #B #prog #trans #bl #i #f
+ whd in match fetch_internal_function; normalize nodelta
+ #H @('bind_inversion H) * #id * #fd normalize nodelta #EQfetch
+ whd in ⊢ (??%%→?); #EQ destruct(EQ)
+ >(fetch_function_transf … EQfetch) %
+qed.
+(*
+definition good_local_sigma :
+  ∀globals.
+  ∀g:codeT ERTLptr globals.
+  (Σl.bool_to_Prop (code_has_label … g l)) →
+  codeT ERTL globals →
+  (label → option label) → Prop ≝
+  λglobals,g,c,sigma.
+    ∀l,l'.sigma l = Some ? l' →
+      ∃s. stmt_at … g l = Some ? s ∧
+          All ? (λl.sigma l ≠ None ?) (stmt_labels … s) ∧
+          (match s with
+           [ sequential s' nxt ⇒
+             match s' with
+             [ step_seq _ ⇒
+               (stmt_at … c n = Some ? (sequential … s' it)) ∧
+                  ((sigma nxt = Some ? (S n)) ∨
+                   (stmt_at … c (S n) = Some ? (GOTO … nxt)))
+             | COND a ltrue ⇒
+               (stmt_at … c n = Some ? (sequential … s' it) ∧ sigma nxt = Some ? (S n)) ∨
+               (stmt_at … c n = Some ? (FCOND … I a ltrue nxt))
+             ]
+           | final s' ⇒
+             stmt_at … c n = Some ? (final … s')
+           | FCOND abs _ _ _ ⇒ Ⓧabs
+           ]).
+*)
+lemma ps_reg_retrieve_ok :  ∀prog : ertlptr_program.
+∀sigma : sigma_map prog. ∀r,restr.
+preserving1 ?? res_preserve1 …
+     (λregs.sigma_regs prog sigma regs restr)
+     (sigma_beval prog sigma)
+     (λregs.ps_reg_retrieve regs r)
+     (λregs.ps_reg_retrieve regs r).
+#prog #sigma #r #restr * #psd_r #hw_r whd in match ps_reg_retrieve;
+whd in match reg_retrieve; normalize nodelta @opt_to_res_preserve1
+whd in match sigma_regs; whd in match sigma_register_env; normalize nodelta
+>lookup_restrict @if_elim [2: #_ @opt_preserve_none1] #id_r_in
+>(lookup_map ?? RegisterTag ???) #bv #H @('bind_inversion H) -H #bv1
+#bv1_spec whd in ⊢ (??%? → ?); #EQ destruct %{bv1} % // >bv1_spec %
+qed.
+lemma hw_reg_retrieve_ok : ∀prog : ertlptr_program.
+∀sigma : sigma_map prog. ∀r,restr.
+preserving1 ?? res_preserve1 …
+    (λregs.sigma_regs prog sigma regs restr)
+    (sigma_beval prog sigma)
+    (λregs.hw_reg_retrieve regs r)
+    (λregs.hw_reg_retrieve regs r).
+#prog #sigma #r #restr * #psd_r * #hw_r #b whd in match hw_reg_retrieve;
+whd in match hwreg_retrieve; normalize nodelta whd in match sigma_regs;
+whd in match sigma_hw_register_env; normalize nodelta
+change with (sigma_beval prog sigma BVundef) in ⊢ (???????(??(?????%))?);
+#bv >lookup_map whd in ⊢ (???% → ?); #EQ destruct
+%{(lookup beval 6 (bitvector_of_register r) hw_r BVundef)}
+% //
+qed.
+lemma ps_reg_store_ok : ∀prog : ertlptr_program.
+∀sigma : sigma_map prog. ∀r,restr.
+preserving21 ?? res_preserve1 …
+   (sigma_beval prog sigma)
+   (λregs.sigma_regs prog sigma regs restr)
+   (λregs.sigma_regs prog sigma regs restr)
+   (ps_reg_store r)
+   (ps_reg_store r).
+#prog #sigma #r #restr whd in match ps_reg_store; normalize nodelta
+#bv * #psd_r #hw_r @mfr_bind1
+[ @(λr.sigma_register_env prog sigma r restr)
+| whd in match reg_store; whd in match sigma_regs; normalize nodelta
+  #x #x_spec lapply(update_ok_to_lookup ?????? x_spec) * * #_ #EQpsd #_
+  lapply x_spec -x_spec lapply EQpsd -EQpsd whd in match sigma_register_env;
+  normalize nodelta >lookup_restrict @if_elim [2: #_ * #H @⊥ @H %]
+  #id_in #_ >update_restrict [2: assumption] #H @('bind_inversion H) -H
+  #x0 >map_update_commute #H @('bind_inversion H) -H #x1 #x1_spec
+  whd in ⊢ (??%% → ??%% → ?); #EQ1 #EQ2 destruct %{x1} % //
+| #x * #psd_r' #hw_r' whd in match sigma_regs; normalize nodelta
+  whd in ⊢ (???% → ?); #EQ destruct %{〈x,hw_r〉} % //
+]
+qed.
+lemma hw_reg_store_ok : ∀prog : ertlptr_program.
+∀sigma : sigma_map prog. ∀r,restr.
+preserving21 ?? res_preserve1 …
+   (sigma_beval prog sigma)
+   (λregs.sigma_regs prog sigma regs restr)
+   (λregs.sigma_regs prog sigma regs restr)
+   (hw_reg_store r)
+   (hw_reg_store r).
+#prog #sigma #r #restr whd in match hw_reg_store; normalize nodelta
+#bv * #psd_r * #hw_r #b whd in match hwreg_store; whd in match sigma_regs; normalize nodelta
+whd in match sigma_hw_register_env; normalize nodelta <insert_map * #psd_r'
+* #hw_r' #b' whd in ⊢ (???% → ?); #EQ destruct % [2: % [%] % |]
+qed.
+lemma ertl_eval_move_ok : ∀prog : ertlptr_program.
+∀sigma : sigma_map prog. ∀ restr,pm.
+preserving1 ?? res_preserve1 …
+     (λregs.sigma_regs prog sigma regs restr)
+     (λregs.sigma_regs prog sigma regs restr)
+     (λregs.ertl_eval_move regs pm)
+     (λregs.ertl_eval_move regs pm).
+#prog #sigma #restr * #mv_dst #arg_dst #pm whd in match ertl_eval_move;
+normalize nodelta @mfr_bind1 [@(sigma_beval prog sigma)
+| cases arg_dst normalize nodelta
+  [2: #b change with (return sigma_beval prog sigma (BVByte b)) in ⊢ (???????%?);
+      @mfr_return1]
+  * #r normalize nodelta [@ps_reg_retrieve_ok| @hw_reg_retrieve_ok]
+| #bv cases mv_dst #r normalize nodelta [@ps_reg_store_ok | @hw_reg_store_ok]
+]
+qed.
+lemma ps_arg_retrieve_ok : ∀prog : ertlptr_program.
+∀sigma : sigma_map prog. ∀a,restr.
+preserving1 ?? res_preserve1 …
+    (λregs.sigma_regs prog sigma regs restr)
+    (sigma_beval prog sigma)
+    (λregs.ps_arg_retrieve regs a)
+    (λregs.ps_arg_retrieve regs a).
+#prog #sigma #a #restr whd in match ps_arg_retrieve; normalize nodelta cases a -a
+normalize nodelta [#r | #b ] #regs
+[ @ps_reg_retrieve_ok
+| change with (return sigma_beval prog sigma (BVByte b)) in ⊢ (???????%?);
+  @mfr_return1
+]
+qed.
+lemma pop_ok :
+∀prog : ertl_program.
+  let trans_prog ≝ ertl_to_ertlptr prog in
+∀sigma : sigma_map trans_prog.
+∀stack_size.
+∀fn : (joint_closed_internal_function ERTL (globals (mk_prog_params ERTL_semantics prog stack_size))).
+preserving1 ?? res_preserve1 ????
+   (λst.sigma_state trans_prog sigma st (joint_if_locals ERTL ? fn))
+   (λx.let 〈bv,st〉 ≝ x in
+      〈sigma_beval trans_prog sigma bv,
+       sigma_state trans_prog sigma st (joint_if_locals ERTL ? fn) 〉)
+   (pop ERTL_semantics)
+   (pop ERTLptr_semantics).
+#prog #sigma #stack_size #fn whd in match pop; normalize nodelta #st @mfr_bind1
+[@(λx.let 〈bv,is〉 ≝ x in
+     〈sigma_beval (ertl_to_ertlptr prog) sigma bv,
+      sigma_is (ertl_to_ertlptr prog) sigma is 〉)
+| whd in match is_pop; normalize nodelta whd in match sigma_state; normalize nodelta
+  cases(istack ? st) normalize nodelta
+  [@res_preserve_error1
+  |2,3: #bv1 [2: #bv2] * #bv3 #is1 whd in ⊢ (??%% → ?); #EQ destruct
+        % [2,4: % [1,3: %|*: %] |*:]
+  ]
+| * #bv #is * #bv1 #st whd in ⊢ (??%% → ?); #EQ destruct % [2: % [%] %|]
+]
+qed.
+lemma push_ok :
+∀prog : ertl_program.
+  let trans_prog ≝ ertl_to_ertlptr prog in
+∀sigma : sigma_map trans_prog.
+∀stack_size.
+∀fn : (joint_closed_internal_function ERTL (globals (mk_prog_params ERTL_semantics prog stack_size))).
+preserving21 ?? res_preserve1 …
+     (λst.sigma_state trans_prog sigma st (joint_if_locals ERTL ? fn))
+     (sigma_beval trans_prog sigma)
+     (λst.sigma_state trans_prog sigma st (joint_if_locals ERTL ? fn))
+     (push ERTL_semantics)
+     (push ERTLptr_semantics).
+cases daemon
+qed.
+lemma be_opaccs_ok :
+∀prog : ertlptr_program. ∀sigma : sigma_map prog.
+∀ op.
+preserving21 ?? res_preserve1 ??????
+    (sigma_beval prog sigma)
+    (sigma_beval prog sigma)
+    (λx.let 〈bv1,bv2〉 ≝ x in
+           〈sigma_beval prog sigma bv1,
+            sigma_beval prog sigma bv2〉)
+    (be_opaccs op)
+    (be_opaccs op).
+cases daemon
+qed.
+lemma be_op1_ok : ∀prog : ertlptr_program. ∀sigma : sigma_map prog.
+∀ op.
+preserving1 ?? res_preserve1 …
+     (sigma_beval prog sigma)
+     (sigma_beval prog sigma)
+     (be_op1 op)
+     (be_op1 op).
+cases daemon
+qed.
+lemma be_op2_ok : ∀prog : ertlptr_program. ∀sigma : sigma_map prog.
+∀ b,op.
+preserving21 ?? res_preserve1 …
+     (sigma_beval prog sigma)
+     (sigma_beval prog sigma)
+     (λx.let 〈bv,b〉≝ x in 〈sigma_beval prog sigma bv,b〉)
+     (be_op2 b op)
+     (be_op2 b op).
+cases daemon
+qed.
+lemma pointer_of_address_ok : ∀prog : ertlptr_program. ∀sigma : sigma_map prog.
+preserving1 … res_preserve1 …
+     (λx.let 〈bv1,bv2〉 ≝ x in〈sigma_beval prog sigma bv1,
+           sigma_beval prog sigma bv2〉)
+     (λx.x)
+     pointer_of_address pointer_of_address.
+cases daemon
+qed.
+lemma beloadv_ok : ∀prog : ertlptr_program. ∀sigma : sigma_map prog.
+∀ptr.
+preserving1 … opt_preserve1 …
+     (sigma_mem prog sigma)
+     (sigma_beval prog sigma)
+     (λm.beloadv m ptr)
+     (λm.beloadv m ptr).
+cases daemon
+qed.
+lemma bestorev_ok : ∀prog : ertlptr_program.∀sigma : sigma_map prog.
+∀ptr.
+preserving21 … opt_preserve1 …
+    (sigma_mem prog sigma)
+    (sigma_beval prog sigma)
+    (sigma_mem prog sigma)
+    (λm.bestorev m ptr)
+    (λm.bestorev m ptr).
+cases daemon
+qed.
+lemma eval_seq_no_pc_no_call_ok :
+∀prog : ertl_program.
+  let trans_prog ≝ ertl_to_ertlptr prog in
+∀stack_size.∀sigma : sigma_map trans_prog.
+∀id. ∀fn : (joint_closed_internal_function ??) .∀seq.
+   preserving1 ?? res_preserve1 ????
+      (λst.sigma_state trans_prog sigma st (joint_if_locals ERTL ? fn))
+      (λst.sigma_state trans_prog sigma st (joint_if_locals ERTL ? fn))
+      (eval_seq_no_pc (mk_prog_params ERTL_semantics prog stack_size)
+             (globals (mk_prog_params ERTL_semantics prog stack_size))
+             (ev_genv (mk_prog_params ERTL_semantics prog stack_size)) id fn seq)
+      (eval_seq_no_pc (mk_prog_params ERTLptr_semantics trans_prog stack_size)
+  (globals (mk_prog_params ERTLptr_semantics trans_prog stack_size))
+  (ev_genv (mk_prog_params ERTLptr_semantics trans_prog stack_size)) id (translate_internal … fn) (translate_step_seq … seq)).
+#prog #stack_size #sigma #f #fn *
+whd in match eval_seq_no_pc; normalize nodelta
+[ #c #st @mfr_return1
+| #c #st @mfr_return1
+| #pm #st whd in match pair_reg_move; normalize nodelta
+  @mfr_bind1
+  [ @(λregs.sigma_regs (ertl_to_ertlptr prog) sigma regs (joint_if_locals ERTL ? fn))
+  | change with (ertl_eval_move ??) in ⊢ (???????%%); @ertl_eval_move_ok
+  | #regs #st whd in ⊢ (??%% → ?); #EQ destruct % [2: % [%] % |]
+  ]
+| #r #st @mfr_bind1
+  [@(λx.let 〈bv,st〉 ≝ x in
+      〈sigma_beval (ertl_to_ertlptr prog) sigma bv,
+       sigma_state (ertl_to_ertlptr prog) sigma st (joint_if_locals ERTL ? fn) 〉)
+  | @pop_ok
+  | * #bv #st whd in match acca_store; normalize nodelta @mfr_bind1
+    [@(λregs.sigma_regs (ertl_to_ertlptr prog) sigma regs (joint_if_locals ERTL ? fn))
+    | @ps_reg_store_ok
+    | #regs #x whd in ⊢ (??%% → ?); #EQ destruct % [2: % [%] % |]
+    ]
+  ]
+| #r #st @mfr_bind1
+  [@(λbv.sigma_beval (ertl_to_ertlptr prog) sigma bv)
+  | whd in match acca_arg_retrieve; normalize nodelta @ps_arg_retrieve_ok
+  | #bv @push_ok
+  ]
+| #i
+  change with (member ? ? ? (((prog_var_names (joint_function ERTL)) ℕ prog)) → ?)
+  #i_spec
+  change with ((dpl_reg ERTL) → ?)
+  #dpl
+  change with ((dph_reg ERTL) → ?)
+  #dph #st @mfr_bind1
+  [@(λst.sigma_state (ertl_to_ertlptr prog) sigma st (joint_if_locals ERTL ? fn))
+  | whd in match dpl_store; normalize nodelta @mfr_bind1
+    [ @(λregs.sigma_regs (ertl_to_ertlptr prog) sigma regs (joint_if_locals ERTL ? fn))
+    | @opt_safe_elim #bl #EQbl
+      @opt_safe_elim #bl'
+       >(find_symbol_transf …
+          (λvars.transf_fundef … (λfn.(translate_internal … fn))) prog i) in ⊢ (%→?);
+       >EQbl #EQ destruct whd in match sigma_state; normalize nodelta
+       change with (sigma_beval (ertl_to_ertlptr prog) sigma (BVptr …))
+                                               in ⊢ (???????(?????%?)?);
+       @ps_reg_store_ok
+    | #regs #st1 whd in match set_regs; whd in match sigma_state; normalize nodelta;
+      whd in ⊢(??%% → ?); #EQ destruct % [2: % [%] %|]
+    ]
+  | #st1 @opt_safe_elim #bl #EQbl @opt_safe_elim #bl'
+    >(find_symbol_transf …
+          (λvars.transf_fundef … (λfn.(translate_internal … fn))) prog i) in ⊢ (%→?);
+    >EQbl #EQ destruct whd in match dph_store; normalize nodelta @mfr_bind1
+    [ @(λregs.sigma_regs (ertl_to_ertlptr prog) sigma regs (joint_if_locals ERTL ? fn))
+    | whd in match sigma_state; normalize nodelta
+      change with (sigma_beval (ertl_to_ertlptr prog) sigma (BVptr …))
+                                               in ⊢ (???????(?????%?)?);
+      @ps_reg_store_ok
+    | #regs #st1 whd in match set_regs; whd in match sigma_state; normalize nodelta;
+      whd in ⊢(??%% → ?); #EQ destruct % [2: % [%] %|]
+    ]
+  ]
+| #op #a #b #arg1 #arg2 #st @mfr_bind1
+  [@(sigma_beval (ertl_to_ertlptr prog) sigma)
+  | whd in match acca_arg_retrieve; whd in match sigma_state; normalize nodelta
+    @ps_arg_retrieve_ok
+  | #bv1 @mfr_bind1
+   [ @(sigma_beval (ertl_to_ertlptr prog) sigma)
+   | whd in match accb_arg_retrieve; whd in match sigma_state; normalize nodelta
+     @ps_arg_retrieve_ok
+   | #bv2 @mfr_bind1
+     [@(λx.let 〈bv1,bv2〉 ≝ x in
+           〈sigma_beval (ertl_to_ertlptr prog) sigma bv1,
+            sigma_beval (ertl_to_ertlptr prog) sigma bv2〉)
+     | @be_opaccs_ok
+     | * #bv3 #bv4 normalize nodelta @mfr_bind1
+       [ @(λst.sigma_state (ertl_to_ertlptr prog) sigma st (joint_if_locals ERTL ? fn))
+       | whd in match acca_store; normalize nodelta @mfr_bind1
+         [  @(λregs.sigma_regs (ertl_to_ertlptr prog) sigma regs (joint_if_locals ERTL ? fn))
+         | @ps_reg_store_ok
+         | #regs #st1 whd in match set_regs; whd in match sigma_state; normalize nodelta;
+            whd in ⊢(??%% → ?); #EQ destruct % [2: % [%] %|]
+         ]
+       | #st1 whd in match accb_store; normalize nodelta @mfr_bind1
+         [  @(λregs.sigma_regs (ertl_to_ertlptr prog) sigma regs (joint_if_locals ERTL ? fn))
+         |  whd in match sigma_state; normalize nodelta
+            @ps_reg_store_ok
+         | #regs #st1 whd in match set_regs; whd in match sigma_state; normalize nodelta;
+            whd in ⊢(??%% → ?); #EQ destruct % [2: % [%] %|]
+         ]
+       ]
+     ]
+   ]
+  ]
+| #op #r1 #r2 #st @mfr_bind1
+  [ @(sigma_beval (ertl_to_ertlptr prog) sigma)
+  | whd in match acca_retrieve; normalize nodelta @ps_reg_retrieve_ok
+  | #bv1 @mfr_bind1
+    [ @(sigma_beval (ertl_to_ertlptr prog) sigma)
+    | @be_op1_ok
+    | #bv2 whd in match acca_store; normalize nodelta @mfr_bind1
+      [ @(λregs.sigma_regs (ertl_to_ertlptr prog) sigma regs (joint_if_locals ERTL ? fn))
+      | whd in match sigma_state; normalize nodelta @ps_reg_store_ok
+      | #regs #st1 whd in match set_regs; whd in match sigma_state; normalize nodelta;
+            whd in ⊢(??%% → ?); #EQ destruct % [2: % [%] %|]
+      ]
+    ]
+  ]
+| #op2 #r1 #r2 #arg #st @mfr_bind1
+  [ @(sigma_beval (ertl_to_ertlptr prog) sigma)
+  | whd in match acca_arg_retrieve; normalize nodelta @ps_arg_retrieve_ok
+  | #bv @mfr_bind1
+    [ @(sigma_beval (ertl_to_ertlptr prog) sigma)
+    | whd in match snd_arg_retrieve; normalize nodelta @ps_arg_retrieve_ok
+    | #bv1 @mfr_bind1
+      [@(λx.let 〈bv,b〉≝ x in 〈sigma_beval (ertl_to_ertlptr prog) sigma bv,b〉)
+      | @be_op2_ok
+      | * #bv2 #b @mfr_bind1
+        [ @(λst.sigma_state (ertl_to_ertlptr prog) sigma st (joint_if_locals ERTL ? fn))
+        | whd in match acca_store; normalize nodelta @mfr_bind1
+          [  @(λregs.sigma_regs (ertl_to_ertlptr prog) sigma regs (joint_if_locals ERTL ? fn))
+          | whd in match sigma_state; normalize nodelta @ps_reg_store_ok
+          | #regs #st1 whd in match set_regs; whd in match sigma_state; normalize nodelta;
+            whd in ⊢(??%% → ?); #EQ destruct % [2: % [%] %|]
+          ]
+        | #st1 #st2 whd in match set_carry; whd in match sigma_state; normalize nodelta
+           whd in ⊢ (??%% → ?); #EQ destruct % [2: % [%] % |]
+        ]
+      ]
+    ]
+  ]
+| #st whd in match set_carry; whd in match sigma_state; normalize nodelta
+  #st1 whd in ⊢ (??%% → ?); #EQ destruct % [2: % [%] % |]
+| #st #st1 whd in match set_carry; whd in match sigma_state; normalize nodelta
+   whd in ⊢ (??%% → ?); #EQ destruct % [2: % [%] % |]
+| #r1 #dpl #dph #st @mfr_bind1
+  [ @(sigma_beval (ertl_to_ertlptr prog) sigma)
+  | whd in match dph_arg_retrieve; normalize nodelta @ps_arg_retrieve_ok
+  | #bv @mfr_bind1
+    [ @(sigma_beval (ertl_to_ertlptr prog) sigma)
+    | whd in match dpl_arg_retrieve; normalize nodelta @ps_arg_retrieve_ok
+    | #bv1 @mfr_bind1
+      [ @(λx.x)
+      | @(pointer_of_address_ok ? sigma 〈bv1,bv〉)
+      | #ptr @mfr_bind1
+        [ @(sigma_beval (ertl_to_ertlptr prog) sigma)
+        | @opt_to_res_preserve1 @beloadv_ok
+        | #bv2 whd in match acca_store; normalize nodelta @mfr_bind1
+          [ @(λregs.sigma_regs (ertl_to_ertlptr prog) sigma regs (joint_if_locals ERTL ? fn))
+          |  whd in match sigma_state; normalize nodelta @ps_reg_store_ok
+          | #regs #st1 whd in match set_regs; whd in match sigma_state; normalize nodelta;
+            whd in ⊢(??%% → ?); #EQ destruct % [2: % [%] %|]
+          ]
+        ]
+      ]
+    ]
+  ]
+| #dpl #dph #r #st @mfr_bind1
+  [  @(sigma_beval (ertl_to_ertlptr prog) sigma)
+  | whd in match dph_arg_retrieve; normalize nodelta @ps_arg_retrieve_ok
+  | #bv @mfr_bind1
+    [ @(sigma_beval (ertl_to_ertlptr prog) sigma)
+    |  whd in match dpl_arg_retrieve; normalize nodelta @ps_arg_retrieve_ok
+    | #bv1 @mfr_bind1
+      [ @(λx.x)
+      |  @(pointer_of_address_ok ? sigma 〈bv1,bv〉)
+      | #ptr @mfr_bind1
+        [ @(sigma_beval (ertl_to_ertlptr prog) sigma)
+        | whd in match acca_arg_retrieve; normalize nodelta @ps_arg_retrieve_ok
+        | #bv2 @mfr_bind1
+          [ @(sigma_mem (ertl_to_ertlptr prog) sigma)
+          | @opt_to_res_preserve1 @bestorev_ok
+          | #m #st1 whd in ⊢ (??%% → ?); whd in match set_m; whd in match sigma_state;
+            normalize nodelta #EQ destruct % [2: % [%] %|]
+          ]
+        ]
+      ]
+    ]
+  ]
+| #ext #st cases daemon
+]
+qed.
+inductive ex_Type1 (A:Type[1]) (P:A → Prop) : Prop ≝
+    ex1_intro: ∀ x:A. P x →  ex_Type1 A P.
+(*interpretation "exists in Type[1]" 'exists x = (ex_Type1 ? x).*)
+lemma linearise_ok:
+ ∀prog.
+  let trans_prog ≝ ertl_to_ertlptr prog in
+ ∀stack_sizes. sigma_map trans_prog →
+   ex_Type1 … (λR.
+   status_simulation
+    (ERTL_status prog stack_sizes) (ERTLptr_status trans_prog stack_sizes) R).
+#prog #stack_size #sigma % [@ERTLptrStatusSimulation assumption]
+whd in match status_simulation; normalize nodelta
+whd in match ERTL_status; whd in match ERTLptr_status; normalize nodelta
+whd in ⊢ (% → % → % → % → ?); #st1 #st1' #st2
+whd in match eval_state; normalize nodelta @('bind_inversion) ** #id #fn #stmt
+#H lapply (err_eq_from_io ????? H) -H #EQfetch @('bind_inversion) #st #EQst
+#EQst1' whd in match ERTLptrStatusSimulation; normalize nodelta
+#EQsim whd in match joint_abstract_status in ⊢ (match % with [ _ ⇒ ? | _ ⇒ ? ]);
+normalize nodelta whd in match joint_classify; normalize nodelta >EQfetch
+>m_return_bind cases stmt in EQst EQst1'; -stmt normalize nodelta
+[ * [#called #c_arg #c_dest | #reg #lbl | #seq ] #succ_pc | #fin_step | (*FCOND absurd*) cases daemon]
+[3: whd in match joint_classify_step; normalize nodelta whd in match eval_statement_no_pc;
+   normalize nodelta #H1 whd in match eval_statement_advance; normalize nodelta
+   whd in match set_no_pc; whd in match next; whd in match set_pc; normalize nodelta
+   #EQtobdest >EQsim in H1; #H1 cases(eval_seq_no_pc_no_call_ok ????????? H1)
+     [2: cases daemon (*TODO*)] #st' * #st_spec' #st_sim %
+         [% [ @st'| @(pc … st1') | @(last_pop … st1')]]
+         check taa_base
+         %{(taaf_step ???? (taa_base … st2) ? ?)}
+          [(*dalla commutazione del fetch TODO*) cases daemon
+          | whd in match (as_execute ???); whd in match eval_state; normalize nodelta
+           cases daemon (*dalla commutazione del fetch + st_spec' TODO *)
+          ] normalize nodelta % [% // cases daemon (*facile TODO *)] whd in match label_rel;
+           normalize nodelta (*specifica di sigma TODO *) cases daemon
+|
+>EQsim in EQfetch; whd in match sigma_state_pc in ⊢ (%→ ?);
+whd in match fetch_statement; normalize nodelta #H @('bind_inversion H) -H
+* #id1 #fn1 whd in match fetch_internal_function; normalize nodelta
+#H @('bind_inversion H) -H * #id2 #fn2 @if_elim #block_st2_spec
+[whd in match dummy_state_pc; whd in match null_pc; normalize nodelta
+ lapply(fetch_function_no_zero ??????)
+ [2: @(«mk_block Code OZ,refl region Code»)|%|@prog|7: #EQ >EQ |*:]
+ whd in ⊢ (???% → ?); #ABS destruct]
+ inversion(fetch_function
+          (fundef
+           (joint_closed_internal_function ERTLptr
+            (prog_var_names (joint_function ERTLptr) ℕ (ertl_to_ertlptr prog))))
+          (globalenv_noinit (joint_function ERTLptr) (ertl_to_ertlptr prog))
+          (pc_block (pc ERTLptr_semantics st2)))
+[2: #err #_ normalize nodelta whd in match dummy_state_pc; whd in match null_pc; normalize nodelta
+ lapply(fetch_function_no_zero ??????)
+ [2: @(«mk_block Code OZ,refl region Code»)|%|@prog|7: #EQ >EQ |*:]
+ whd in ⊢ (???% → ?); #ABS destruct] * #id3 #fn3 #EQ  lapply(jmeq_to_eq ??? EQ) -EQ
+ #EQffst2 >m_return_bind cases fn3 in EQffst2; -fn3 [2: #ext #_ normalize nodelta
+ whd in match dummy_state_pc; whd in match null_pc; normalize nodelta
+ lapply(fetch_function_no_zero ??????)
+ [2: @(«mk_block Code OZ,refl region Code»)|%|@prog|7: #EQ >EQ |*:]
+ whd in ⊢ (???% → ?); #ABS destruct] #fn3 #fn3_spec normalize nodelta
+ #fn2_spec >(fetch_function_transf ??????????) in fn3_spec; [2: @fn2_spec|*:]
+ cases fn2 in fn2_spec; -fn2 #fn2 #fn2_spec whd in match transf_fundef;
+ normalize nodelta whd in ⊢ (??%? → ?); #EQ destruct whd in ⊢ (??%% → ?); #EQ destruct
+ #H @('bind_inversion H) -H #stmt1 #H lapply(opt_eq_from_res ???? H) -H #stmt1_spec
+ whd in ⊢ (??%% → ?); #EQ destruct cases stmt in stmt1_spec EQst1' EQst; -stmt
+ [* [#called #c_arg #c_dest | #reg #lbl | #seq ] #succ_pc | #fin_step | (*FCOND absurd*) cases daemon]
+ #stmt_spec whd in match eval_statement_advance; normalize nodelta whd in match eval_call;
+ normalize nodelta #EQst1' whd in match eval_statement_no_pc; normalize nodelta
+[3: #H cases(eval_seq_no_pc_no_call_ok ????????? H) [2: whd in match fetch_internal_function;
+    normalize nodelta whd in match sigma_state_pc; normalize nodelta @if_elim
+    [ #H1 >H1 in block_st2_spec; *] #_ whd in match fetch_internal_function; normalize nodelta
+    >(fetch_function_transf ??????????) [2: @fn2_spec |*: ] whd in match transf_fundef;
+    normalize nodelta >fn2_spec >m_return_bind %] #st3 * #st3_spec #sem_rel
+    % [ % [ @st3 | @(pc … st1') | @(last_pop … st2)]] % [%2 [2: %1|1:|4: whd in match as_classifier; normalize nodelta whd in match (as_classify ??); normalize nodelta
+    %{(taaf_step … (taa_base …) …) I}
+ [1,2,4: whd in ⊢ (??%% → ?); #EQ destruct
+ |3: whd in EQst1' : (??%%); whd in match set_no_pc in EQst1'; normalize nodelta in EQst1';
+    whd in match sigma_state_pc in EQst1'; normalize nodelta in EQst1';
+    >block_st2_spec in EQst1'; @if_elim [ #H >H in block_st2_spec; *] #_
+    whd in match fetch_internal_function; normalize nodelta >(fetch_function_transf ??????????) [2: @fn2_spec|*:]
+    >m_return_bind whd in match transf_fundef; normalize nodelta whd in match next;
+    normalize nodelta whd in match set_pc; normalize nodelta #EQ destruct #H
+    whd ;in match  in EQst1';
+    destruct #EQst
+ #EQst normalize nodelta
+ [ whd in match joint_classify_step; normalize nodelta
+ lapply(fetch_function_no_zero ??????) [2: @(«mk_block Code OZ,refl region Code»)
+ |2: % | %|7: #EQ >EQ *: try assumption
+ normalize in ⊢ (%→ ?);
+normalize in as_ex;

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 2590 for src/ERTLptr/ERTLtoERTLptrOK.ma

Legend:

src/ERTLptr/ERTLtoERTLptrOK.ma

Download in other formats: