src/ASM/PolicyFront.ma
λprefix:list labelled_instruction.λsigma:ppc_pc_map.
∀i:ℕ.i < |prefix| →
¬is_jump (\snd (nth i ? prefix 〈None ?, Comment EmptyString〉)) →
\snd (bvt_lookup … (bitvector_of_nat ? i) (\snd sigma) 〈0,short_jump〉) = short_jump.

[ None ⇒ False
 Some x1 ⇒ let 〈pc1,j1〉 ≝ x1 in
pc1 = pc + instruction_size_jmplen j (\snd (nth n ? prefix 〈None ?, Comment EmptyString〉))
].

(λppc.bitvector_of_nat ? (\fst (bvt_lookup ?? ppc (\snd sigma) 〈0,short_jump〉)))
(λppc.jmpeqb long_jump (\snd (bvt_lookup ?? ppc (\snd sigma) 〈0,short_jump〉)))
(bitvector_of_nat ? n) (\snd (nth n ? program 〈None ?, Comment EmptyString〉))

λprefix:list labelled_instruction.λsigma:ppc_pc_map.
∀i.i < |prefix| →
let 〈label,instr〉 ≝ nth i ? prefix 〈None ?, Comment EmptyString〉 in
(\snd (bvt_lookup … (bitvector_of_nat ? i) (\snd sigma) 〈0,short_jump〉) = short_jump →
bool_to_Prop (¬is_call instr)) ∧

definition nec_plus_ultra ≝
λprogram:list labelled_instruction.λp:ppc_pc_map.
¬(∀i.i < |program| → is_jump (\snd (nth i ? program 〈None ?, Comment EmptyString〉)) →
\snd (bvt_lookup … (bitvector_of_nat 16 i) (\snd p) 〈0,short_jump〉) = long_jump).

cut (instruction_size_jmplen jl
(\snd (nth i ? program 〈None ?, Comment EmptyString〉)) =
instruction_size … (bitvector_of_nat ? i)
(\snd (nth i ? program 〈None ?, Comment EmptyString〉)))
[6: #H <H @Hcp_unsafe
5: whd in match (instruction_size_jmplen ??);
whd in match (assembly_1_pseudoinstruction …);
whd in match (expand_pseudo_instruction …);
normalize nodelta inversion (nth i ? program 〈None ?,Comment EmptyString〉) in Hsafe;
#lbl #instr cases instr
[1: #pi normalize nodelta cases pi

[1,5,9,13,17,21,25,29,33,37,41:
whd in match fetch_pseudo_instruction; normalize nodelta
>(nth_safe_nth … 〈None ?, Comment EmptyString〉) >nat_of_bitvector_bitvector_of_nat_inverse
[1: >Hnth_eq in ⊢ (??%?);
3: >Hnth_eq in ⊢ (??%?);
