include "ASM/Assembly.ma".
include "ASM/Interpret.ma".
include "ASM/StatusProofs.ma".
include alias "arithmetics/nat.ma".
include "ASM/AssemblyProof.ma".

lemma let_pair_in_status_of_pseudo_status:
  ∀A, B, M, cm, sigma, policy. ∀c, c': A × B. ∀s, s'.
    c = c' →
    (∀left, right. status_of_pseudo_status M cm (s left right c') sigma policy = s' left right c') →
    (let 〈left, right〉 ≝ c' in s' left right c') =
    status_of_pseudo_status M cm (let 〈left, right〉 ≝ c in s left right c) sigma policy.
  #A #B #M #cm #sigma #policy * #a #b * #a' #b' #s #s' normalize nodelta //
qed.

lemma let_pair_as_in_status_of_pseudo_status:
  ∀A, B, M, cm, sigma, policy. ∀c, c': A × B. ∀s, s'.
    c = c' →
    (∀left, right, H, H'. status_of_pseudo_status M cm (s left right H c) sigma policy = s' left right H' c') →
    (let 〈left, right〉 as H' ≝ c' in s' left right H' c') =
    status_of_pseudo_status M cm (let 〈left, right〉 as H ≝ c in s left right H c) sigma policy.
  #A #B #M #cm #sigma #policy * #a #b * #a' #b' #s #s' normalize nodelta #destruct_refl
  destruct(destruct_refl) /2/
qed.

lemma if_then_else_status_of_pseudo_status:
  ∀M: internal_pseudo_address_map.
  ∀cm: pseudo_assembly_program.
  ∀sigma: Word → Word.
  ∀policy: Word → bool.
  ∀s, s', s'', s'''.
  ∀t, t': bool.
    t = t' →
    status_of_pseudo_status M cm s sigma policy = s' →
    status_of_pseudo_status M cm s'' sigma policy = s''' →
      if t then
        s'
      else
        s''' =
      status_of_pseudo_status M cm (if t' then s else s'') sigma policy.
  #M #cm #sigma #policy #s #s' #s'' #s''' #t #t' #t_refl #s_refl
  >t_refl normalize nodelta >s_refl cases t' normalize nodelta //
qed.

lemma set_program_counter_status_of_pseudo_status:
  ∀M.
  ∀cm.
  ∀sigma.
  ∀policy.
  ∀s, s'.
  ∀new_ppc, new_ppc'.
    sigma new_ppc = new_ppc' →
    status_of_pseudo_status M cm s sigma policy = s' →
    set_program_counter (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program cm sigma policy)
      s' new_ppc' =
    status_of_pseudo_status M cm (set_program_counter … cm s new_ppc) sigma policy.
  #M #cm #sigma #policy #s #s' #new_ppc #new_ppc'
  #new_ppc_refl #s_refl <new_ppc_refl <s_refl //
qed.

lemma set_p1_latch_status_of_pseudo_status:
  ∀M.
  ∀code_memory.
  ∀sigma.
  ∀policy.
  ∀s,s'.
  ∀v.
   status_of_pseudo_status M code_memory s sigma policy = s' →
    set_p1_latch (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
      s' v =
    status_of_pseudo_status M code_memory
      (set_p1_latch pseudo_assembly_program code_memory s v) sigma policy.
  #M #cm #sigma #policy #s #s' #new_ppc #s_refl <s_refl //
qed.

lemma set_p3_latch_status_of_pseudo_status:
  ∀M.
  ∀code_memory.
  ∀sigma.
  ∀policy.
  ∀s, s'.
  ∀v.
  status_of_pseudo_status M code_memory s sigma policy = s' →
    set_p3_latch (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
      s' v =
    status_of_pseudo_status M code_memory
      (set_p3_latch pseudo_assembly_program code_memory s v) sigma policy.
  #M #code_memory #sigma #policy #s #s' #v #s_refl <s_refl //
qed.

definition map_acc_a_using_internal_pseudo_address_map:
    ∀M: internal_pseudo_address_map. (Word → Word) → Byte → Byte ≝
  λM, sigma, v.
  match \snd M with
  [ data ⇒ v
  | address upper_lower word ⇒
    let mapped ≝ sigma word in
    let 〈high, low〉 ≝ vsplit bool 8 8 mapped in
      if eq_upper_lower upper_lower upper then
        high
      else
        low
  ].

(*CSC: Taken from AssemblyProofSplit.ma; there named map_lower_internal... *)
definition map_internal_ram_address_using_pseudo_address_map:
  ∀M: internal_pseudo_address_map. (Word → Word) → Byte → Byte → Byte ≝
  λM: internal_pseudo_address_map.
  λsigma: Word → Word.
  λaddress: Byte.
  λvalue: Byte.
  match assoc_list_lookup ?? address (eq_bv …) (\fst M) with
  [ None ⇒ value
  | Some upper_lower_word ⇒
    let 〈upper_lower, word〉 ≝ upper_lower_word in
    let 〈high, low〉 ≝ vsplit bool 8 8 (sigma word) in
      if eq_upper_lower upper_lower upper then
        high
      else
        low
  ].

definition map_address_using_internal_pseudo_address_map:
    ∀M: internal_pseudo_address_map. (Word → Word) → SFR8051 → Byte → Byte ≝
  λM, sigma, sfr, v.
  match sfr with
  [ SFR_ACC_A ⇒ map_acc_a_using_internal_pseudo_address_map M sigma v
  | _         ⇒ v
  ].

lemma set_index_set_index_overwrite:
  ∀A: Type[0].
  ∀n: nat.
  ∀v: Vector A n.
  ∀index: nat.
  ∀e, e': A.
  ∀proof.
  ∀proof'.
    set_index A n v index e proof =
      set_index A n (set_index A n v index e' proof') index e proof.
  #A #n #v elim v normalize
  [1:
    #index #e #e' #absurd cases (lt_to_not_zero … absurd)
  |2:
    #n' #hd #tl #inductive_hypothesis #index #e #e' cases index #proof #proof'
    normalize //
  ]
qed.

lemma set_index_set_index_commutation:
  ∀A: Type[0].
  ∀n: nat.
  ∀v: Vector A n.
  ∀m, o: nat.
  ∀m_lt_proof: m < n.
  ∀o_lt_proof: o < n.
  ∀e, f: A.
    m ≠ o →
      set_index A n (set_index A n v o f o_lt_proof) m e m_lt_proof =
        set_index A n (set_index A n v m e m_lt_proof) o f o_lt_proof.
  #A #n #v elim v
  [1:
    #m #o #m_lt_proof
    normalize in m_lt_proof; cases (lt_to_not_zero … m_lt_proof)
  |2:
    #n' #hd #tl #inductive_hypothesis
    #m #o
    cases m cases o
    [1:
      #m_lt_proof #o_lt_proof #e #f #absurd @⊥ cases absurd #relevant
      @relevant %
    |2,3:
      #o' normalize //
    |4:
      #m' #o' #m_lt_proof #o_lt_proof #e #f #o_neq_m_assm
      normalize @eq_f @inductive_hypothesis @nmk #relevant
      >relevant in o_neq_m_assm; #relevant @(absurd ?? relevant) %
    ]
  ]
qed.

(* XXX: move elsewhere *)
lemma get_index_v_set_index_miss:
  ∀a: Type[0].
  ∀n: nat.
  ∀v: Vector a n.
  ∀i, j: nat.
  ∀e: a.
  ∀i_proof: i < n.
  ∀j_proof: j < n.
    i ≠ j →
      get_index_v a n (set_index a n v i e i_proof) j j_proof =
        get_index_v a n v j j_proof.
  #a #n #v elim v
  [1:
    #i #j #e #i_proof
    cases (lt_to_not_zero … i_proof)
  |2:
    #n' #hd #tl #inductive_hypothesis #i #j
    cases i cases j
    [1:
      #e #i_proof #j_proof #neq_assm
      cases (absurd ? (refl … 0) neq_assm)
    |2,3:
      #i' #e #i_proof #j_proof #_ %
    |4:
      #i' #j' #e #i_proof #j_proof #neq_assm
      @inductive_hypothesis @nmk #eq_assm
      >eq_assm in neq_assm; #neq_assm
      cases (absurd ? (refl ??) neq_assm)
    ]
  ]
qed.

lemma set_index_status_of_pseudo_status:
  ∀M, code_memory, sigma, policy, s, sfr, v, v'.
    map_address_using_internal_pseudo_address_map M sigma sfr v = v' →
(set_index Byte 19
  (special_function_registers_8051 (BitVectorTrie Byte 16)
   (code_memory_of_pseudo_assembly_program code_memory sigma policy)
   (status_of_pseudo_status M code_memory s sigma policy))
  (sfr_8051_index sfr) v' (sfr8051_index_19 sfr)
  =sfr_8051_of_pseudo_sfr_8051 M
   (special_function_registers_8051 pseudo_assembly_program code_memory
    (set_8051_sfr pseudo_assembly_program code_memory s sfr v)) sigma).
  #M #code_memory #sigma #policy #s #sfr #v #v' #sfr_neq_acc_a_assm
  whd in match status_of_pseudo_status; normalize nodelta
  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
  inversion (\snd M) try (#upper_lower #address) #sndM_refl normalize nodelta
  [1:
    <sfr_neq_acc_a_assm cases sfr
    [18:
      whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
      whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
      >sndM_refl %
    ]
    %
  |2:
    @pair_elim #high #low #high_low_refl normalize nodelta
    inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
    <sfr_neq_acc_a_assm cases sfr
    [18,37:
      whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
      whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
      >sndM_refl normalize nodelta >high_low_refl normalize nodelta 
      >eq_upper_lower_refl normalize nodelta
      whd in match (set_8051_sfr ?????);
      [1:
        <set_index_set_index_overwrite in ⊢ (??%?);
        <set_index_set_index_overwrite in ⊢ (???%); %
      |2:
        <set_index_set_index_overwrite in ⊢ (??%?);
        <set_index_set_index_overwrite in ⊢ (???%); %
      ]
    ]
    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
    whd in match (set_8051_sfr ?????); @set_index_set_index_commutation normalize
    @nmk #absurd destruct(absurd)
  ]
qed.

lemma get_index_v_status_of_pseudo_status:
  ∀M, code_memory, sigma, policy, s, s', sfr.
    map_address_using_internal_pseudo_address_map M sigma sfr
      (get_index_v Byte 19
        (special_function_registers_8051 pseudo_assembly_program code_memory s)
        (sfr_8051_index sfr) (sfr8051_index_19 sfr)) = s' →
    get_index_v Byte 19
      (special_function_registers_8051 (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
      (status_of_pseudo_status M code_memory s sigma policy))
      (sfr_8051_index sfr) (sfr8051_index_19 sfr) = s'.
  #M #code_memory #sigma #policy #s #s' #sfr #s_refl <s_refl
  whd in match status_of_pseudo_status; normalize nodelta
  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
  inversion (\snd M) try (#upper_lower #address) #sndM_refl normalize nodelta
 [1:
    cases sfr
    [18:
      whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
      whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
      >sndM_refl %
    ]
    %
  |2:
    @pair_elim #high #low #high_low_refl normalize nodelta
    inversion (eq_upper_lower upper_lower upper) #eq_upper_lower_refl normalize nodelta
    cases sfr
    [18,37:
      whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
      whd in match map_acc_a_using_internal_pseudo_address_map; normalize nodelta
      >sndM_refl normalize nodelta >high_low_refl normalize nodelta 
      >eq_upper_lower_refl normalize nodelta
      whd in match (set_8051_sfr ?????); //
    ]
    @get_index_v_set_index_miss whd in ⊢ (?(??%%));
    @nmk #absurd destruct(absurd)
  ]
qed.

lemma set_8051_sfr_status_of_pseudo_status:
  ∀M, code_memory, sigma, policy, s, s', sfr, v,v'.
    status_of_pseudo_status M code_memory s sigma policy = s' →
    map_address_using_internal_pseudo_address_map M sigma sfr v = v' →
      set_8051_sfr ? (code_memory_of_pseudo_assembly_program code_memory sigma policy) s' sfr v' =
      status_of_pseudo_status M code_memory
        (set_8051_sfr pseudo_assembly_program code_memory s sfr v) sigma policy.
  #M #code_memory #sigma #policy #s #s' #sfr #v #v' #s_ok #v_ok
  <s_ok whd in ⊢ (??%%); @split_eq_status try % /2/
qed.

lemma get_8051_sfr_status_of_pseudo_status:
  ∀M, code_memory, sigma, policy, s, s', s'', sfr.
    status_of_pseudo_status M code_memory s sigma policy = s' →
    map_address_using_internal_pseudo_address_map M sigma sfr
     (get_8051_sfr pseudo_assembly_program code_memory s sfr) = s'' →
  get_8051_sfr (BitVectorTrie Byte 16)
    (code_memory_of_pseudo_assembly_program code_memory sigma policy)
     s' sfr = s''.
  #M #code_memory #sigma #policy #s #s' #s'' #sfr #s_refl #s_refl' <s_refl <s_refl'
  whd in match get_8051_sfr; normalize nodelta
  @get_index_v_status_of_pseudo_status %
qed.

lemma get_8052_sfr_status_of_pseudo_status:
  ∀M, code_memory, sigma, policy, s, s', sfr.
  status_of_pseudo_status M code_memory s sigma policy = s' →
  (get_8052_sfr (BitVectorTrie Byte 16)
    (code_memory_of_pseudo_assembly_program code_memory sigma policy)
    s' sfr =
   (get_8052_sfr pseudo_assembly_program code_memory s sfr)).
  #M #code_memory #sigma #policy #s #s' #sfr #s_refl <s_refl //
qed.

lemma set_8052_sfr_status_of_pseudo_status:
  ∀M, code_memory, sigma, policy, s, s', sfr, v.
  status_of_pseudo_status M code_memory s sigma policy = s' →
    (set_8052_sfr (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program code_memory sigma policy) s' sfr v =
    status_of_pseudo_status M code_memory
     (set_8052_sfr pseudo_assembly_program code_memory s sfr v) sigma policy).
  #M #code_memory #sigma #policy #s #s' #sfr #v #s_refl <s_refl //
qed.
  
definition map_address_Byte_using_internal_pseudo_address_map ≝
 λM,sigma,d,v.
  match sfr_of_Byte d with
  [ None ⇒ v
  | Some sfr8051_8052 ⇒
    match sfr8051_8052 with
    [ inl sfr ⇒
      map_address_using_internal_pseudo_address_map M sigma sfr v
    | inr _ ⇒ v
    ]
  ].

lemma set_bit_addressable_sfr_status_of_pseudo_status':
  let M ≝ pseudo_assembly_program in
    ∀code_memory: M.
    ∀s: PreStatus M code_memory.
    ∀d: Byte.
    ∀v: Byte.
      Σp: PreStatus M code_memory.
        ∀M.
        ∀sigma.
        ∀policy.
        ∀s'.
        ∀v'.
          status_of_pseudo_status M code_memory s sigma policy = s' →
            map_address_Byte_using_internal_pseudo_address_map M sigma d v = v' →
              (set_bit_addressable_sfr (BitVectorTrie Byte 16)
                (code_memory_of_pseudo_assembly_program code_memory sigma policy) s' d v' =
              status_of_pseudo_status M code_memory
                (set_bit_addressable_sfr pseudo_assembly_program code_memory s d v) sigma policy).
  whd in match map_address_Byte_using_internal_pseudo_address_map;
  whd in match set_bit_addressable_sfr;
  normalize nodelta
  @(let M ≝ pseudo_assembly_program in
  λcode_memory:M.
  λs: PreStatus M code_memory.
  λb: Byte.
  λv: Byte.
   match sfr_of_Byte b with
   [ None ⇒ match not_implemented in False with [ ]
   | Some sfr8051_8052 ⇒
      match sfr8051_8052 with
      [ inl sfr ⇒
         match sfr with
         [ SFR_P1 ⇒
           let status_1 ≝ set_8051_sfr ?? s SFR_P1 v in
           set_p1_latch ?? s v
         | SFR_P3 ⇒
           let status_1 ≝ set_8051_sfr ?? s SFR_P3 v in
           set_p3_latch ?? s v
         | _ ⇒ set_8051_sfr ?? s sfr v ]
      | inr sfr ⇒ set_8052_sfr ?? s sfr v ]])
  normalize nodelta #M #sigma #policy #s' #v' #s_refl <s_refl
  /2 by refl, set_8051_sfr_status_of_pseudo_status, set_8052_sfr_status_of_pseudo_status/
  whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
  #v_refl >v_refl //
qed.

lemma set_bit_addressable_sfr_status_of_pseudo_status:
 ∀code_memory: pseudo_assembly_program. ∀s: PreStatus … code_memory. ∀d: Byte. ∀v: Byte.
  ∀M. ∀sigma. ∀policy. ∀s': Status ?. ∀v'.
  status_of_pseudo_status M code_memory s sigma policy = s' →
  map_address_Byte_using_internal_pseudo_address_map M sigma d v = v' →
 (set_bit_addressable_sfr (BitVectorTrie Byte 16)
  (code_memory_of_pseudo_assembly_program code_memory sigma policy)
  s' d v'
  =status_of_pseudo_status M code_memory
   (set_bit_addressable_sfr pseudo_assembly_program code_memory s d v) sigma policy).
 #code #s #d #v cases (set_bit_addressable_sfr_status_of_pseudo_status' code s d v) #_
 #H @H
qed.

lemma set_low_internal_ram_status_of_pseudo_status:
 ∀cm,sigma,policy,M,s,s',ram.
  status_of_pseudo_status M cm s sigma policy = s' →
  set_low_internal_ram (BitVectorTrie Byte 16)
  (code_memory_of_pseudo_assembly_program cm sigma policy)
  s'
  (low_internal_ram_of_pseudo_low_internal_ram M ram)
  = status_of_pseudo_status M cm
    (set_low_internal_ram pseudo_assembly_program cm s ram) sigma policy.
  #cm #sigma #policy #M #s #s' #ram #s_refl <s_refl //
qed.

(* Real axiom ATM *)
axiom insert_low_internal_ram_of_pseudo_low_internal_ram:
 ∀M,sigma,cm,s,addr,v,v'.
 map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v = v' →
  insert Byte 7 addr v'
  (low_internal_ram_of_pseudo_low_internal_ram M
   (low_internal_ram pseudo_assembly_program cm s))
  =low_internal_ram_of_pseudo_low_internal_ram M
   (insert Byte 7 addr v (low_internal_ram pseudo_assembly_program cm s)).
               
lemma insert_low_internal_ram_status_of_pseudo_status:
 ∀M,cm,sigma,policy,s,addr,v,v'.
 map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr) v = v' →
  insert Byte 7 addr v'
   (low_internal_ram (BitVectorTrie Byte 16)
    (code_memory_of_pseudo_assembly_program cm sigma policy)
    (status_of_pseudo_status M cm s sigma policy))
  = low_internal_ram_of_pseudo_low_internal_ram M
     (insert Byte 7 addr v
      (low_internal_ram pseudo_assembly_program cm s)).
 /2 by insert_low_internal_ram_of_pseudo_low_internal_ram/
qed.

(* Real axiom ATM *)
axiom insert_high_internal_ram_of_pseudo_high_internal_ram:
 ∀M,sigma,cm,s,addr,v,v'.
 map_internal_ram_address_using_pseudo_address_map M sigma (true:::addr) v = v' →
  insert Byte 7 addr v'
  (high_internal_ram_of_pseudo_high_internal_ram M
   (high_internal_ram pseudo_assembly_program cm s))
  =high_internal_ram_of_pseudo_high_internal_ram M
   (insert Byte 7 addr v (high_internal_ram pseudo_assembly_program cm s)).

lemma insert_high_internal_ram_status_of_pseudo_status:
 ∀M,cm,sigma,policy,s,addr,v,v'.
 map_internal_ram_address_using_pseudo_address_map M sigma (true:::addr) v = v' →
  insert Byte 7 addr v'
   (high_internal_ram (BitVectorTrie Byte 16)
    (code_memory_of_pseudo_assembly_program cm sigma policy)
    (status_of_pseudo_status M cm s sigma policy))
  = high_internal_ram_of_pseudo_high_internal_ram M
     (insert Byte 7 addr v
      (high_internal_ram pseudo_assembly_program cm s)).
 /2 by insert_high_internal_ram_of_pseudo_high_internal_ram/
qed.

lemma bit_address_of_register_status_of_pseudo_status:
 ∀M,cm,s,sigma,policy,r.
  bit_address_of_register …
  (code_memory_of_pseudo_assembly_program cm sigma policy)
  (status_of_pseudo_status M cm s sigma policy) r =
  bit_address_of_register … cm s r.
 #M #cm #s #sigma #policy #r whd in ⊢ (??%%);
 >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
 @pair_elim #un #ln #_
 @pair_elim #r1 #r0 #_ %
qed.

(*CSC: provable using the axiom in AssemblyProof, but this one seems more
  primitive *)
axiom lookup_low_internal_ram_of_pseudo_low_internal_ram:
 ∀M,sigma,cm,s,s',addr.
  map_internal_ram_address_using_pseudo_address_map M sigma (false:::addr)
  (lookup Byte 7 addr
   (low_internal_ram pseudo_assembly_program cm s) (zero 8)) = s' →
  lookup Byte 7 addr
  (low_internal_ram_of_pseudo_low_internal_ram M
   (low_internal_ram pseudo_assembly_program cm s)) (zero 8)
  = s'.

(*CSC: provable using the axiom in AssemblyProof, but this one seems more
  primitive *)
axiom lookup_high_internal_ram_of_pseudo_high_internal_ram:
 ∀M,sigma,cm,s,s',addr.
  map_internal_ram_address_using_pseudo_address_map M sigma (true:::addr)
  (lookup Byte 7 addr
   (high_internal_ram pseudo_assembly_program cm s) (zero 8)) = s' →
  lookup Byte 7 addr
  (high_internal_ram_of_pseudo_high_internal_ram M
   (high_internal_ram pseudo_assembly_program cm s)) (zero 8)
  = s'.

lemma get_register_status_of_pseudo_status:
 ∀M,cm,sigma,policy,s,s',s'',r.
  status_of_pseudo_status M cm s sigma policy = s' →
  map_internal_ram_address_using_pseudo_address_map M sigma (false:::bit_address_of_register pseudo_assembly_program cm s r)
   (get_register … cm s r) = s'' →
  get_register …
   (code_memory_of_pseudo_assembly_program cm sigma policy)
   s' r = s''.
 #M #cm #sigma #policy #s #s' #s'' #r #s_refl #s_refl' <s_refl <s_refl'
 whd in match get_register; normalize nodelta
 whd in match status_of_pseudo_status; normalize nodelta
 >bit_address_of_register_status_of_pseudo_status
 @(lookup_low_internal_ram_of_pseudo_low_internal_ram … (refl …))
qed.

lemma external_ram_status_of_pseudo_status:
 ∀M,cm,s,sigma,policy.
  external_ram …
   (code_memory_of_pseudo_assembly_program cm sigma policy)
   (status_of_pseudo_status M cm s sigma policy) =
  external_ram … cm s.
 //
qed.

lemma set_external_ram_status_of_pseudo_status:
  ∀M,cm,ps,sigma,policy,ram.
    set_external_ram …
      (code_memory_of_pseudo_assembly_program cm sigma policy)
      (status_of_pseudo_status M cm ps sigma policy)
      ram =
    status_of_pseudo_status M cm (set_external_ram … cm ps ram) sigma policy.
  //
qed.

lemma set_register_status_of_pseudo_status:
 ∀M,sigma,policy,cm,s,s',r,v,v'.
  status_of_pseudo_status M cm s sigma policy = s' →
  map_internal_ram_address_using_pseudo_address_map M sigma
   (false:::bit_address_of_register pseudo_assembly_program cm s r) v =v' →
  set_register (BitVectorTrie Byte 16)
   (code_memory_of_pseudo_assembly_program cm sigma policy)
   s' r v'
  = status_of_pseudo_status M cm (set_register pseudo_assembly_program cm s r v)
    sigma policy.
  #M #sigma #policy #cm #s #s' #r #v #v' #s_refl <s_refl #v_ok
 whd in match set_register; normalize nodelta
 >bit_address_of_register_status_of_pseudo_status
 >(insert_low_internal_ram_status_of_pseudo_status … v_ok)
 @set_low_internal_ram_status_of_pseudo_status %
qed.

definition map_address_mode_using_internal_pseudo_address_map_ok1 ≝
 λM:internal_pseudo_address_map.λcm.λs:PreStatus ? cm.λsigma. λaddr.
  match addr with
  [ INDIRECT i ⇒
     assoc_list_lookup ??
      (false:::bit_address_of_register pseudo_assembly_program cm s [[false; false; i]]) (eq_bv …) (\fst M) = None …
  | EXT_INDIRECT e ⇒
     assoc_list_lookup ??
      (false:::bit_address_of_register pseudo_assembly_program cm s [[false; false; e]]) (eq_bv …) (\fst M) = None …
  | ACC_DPTR ⇒
    (* XXX: \snd M = None plus in the very rare case when we are trying to dereference a null (O) pointer
            in the ACC_A *)
      map_acc_a_using_internal_pseudo_address_map M sigma (get_8051_sfr pseudo_assembly_program cm s SFR_ACC_A) =
        get_8051_sfr … cm s SFR_ACC_A
  | ACC_PC ⇒
      (* XXX: as above *)
      map_acc_a_using_internal_pseudo_address_map M sigma (get_8051_sfr pseudo_assembly_program cm s SFR_ACC_A) =
        get_8051_sfr … cm s SFR_ACC_A ∧ sigma (program_counter … s) = program_counter … s
  | _ ⇒ True ].

definition map_address_mode_using_internal_pseudo_address_map_ok2 ≝
 λT,M,sigma,cm.λs:PreStatus T cm.λaddr,v.
  match addr with
  [ DIRECT d ⇒
     let 〈 bit_one, seven_bits 〉 as vsplit_refl ≝ vsplit … 1 7 d in
     match head' … bit_one with
     [ true ⇒
      map_address_Byte_using_internal_pseudo_address_map M sigma (true:::seven_bits) v
     | false ⇒
      map_internal_ram_address_using_pseudo_address_map M sigma (false:::seven_bits) v ]
  | INDIRECT i ⇒
     let register ≝ get_register ?? s [[ false; false; i ]] in
     map_internal_ram_address_using_pseudo_address_map M sigma register v
  | REGISTER r ⇒
     map_internal_ram_address_using_pseudo_address_map M sigma
      (false:::bit_address_of_register … s r) v
  | ACC_A ⇒
     map_address_using_internal_pseudo_address_map M sigma SFR_ACC_A v
  | _ ⇒ v ].

(*CSC: move elsewhere*)
lemma eq_head': ∀A,n,v. v = head' A n v ::: tail … v.
 #A #n #v inversion v in ⊢ ?;
 [ #abs @⊥ lapply (jmeq_to_eq ??? abs) /2/
 | #m #hd #tl #_ #EQ <(injective_S … EQ) in tl; #tl #EQ' >EQ' % ]
qed.

(*CSC: move elsewhere*)
lemma tail_singleton: ∀A,v. tail A 0 v = [[]].
 #A #v inversion v in ⊢ ?;
 [ #abs @⊥ lapply (jmeq_to_eq ??? abs) #H destruct(H)
 | #n #hd #tl #_ #EQ <(injective_S … EQ) in tl; #tl #EQ1 >EQ1 normalize
   /2 by jmeq_to_eq/
 ]
qed.

(*CSC: move elsewhere*)
lemma eq_cons_head_append:
 ∀A,n.∀hd: Vector A 1. ∀tl: Vector A n.
  head' A 0 hd:::tl = hd@@tl.
 #A #n #hd #tl >(eq_head' … hd) >tail_singleton %
qed.

lemma set_arg_8_status_of_pseudo_status':
  ∀cm.
  ∀ps.
  ∀addr:[[ direct ; indirect ; registr ; acc_a ; acc_b ; ext_indirect ; ext_indirect_dptr ]].
  ∀value. Σp: PreStatus ? cm. ∀M. ∀sigma. ∀policy. ∀s'. ∀value'.
   status_of_pseudo_status M cm ps sigma policy = s' →
   map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
   map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr value = value' →
    set_arg_8 (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program cm sigma policy)
      s' addr value' =
    status_of_pseudo_status M cm (set_arg_8 … cm ps addr value) sigma policy.
  whd in match set_arg_8; normalize nodelta
  @(let m ≝ pseudo_assembly_program in λcm, s. λa: [[ direct ; indirect ; registr ;
                                   acc_a ; acc_b ; ext_indirect ;
                                   ext_indirect_dptr ]]. λv.
    match a return λaddr. bool_to_Prop (is_in ? [[ direct ; indirect ; registr ;
                                                acc_a ; acc_b ; ext_indirect ;
                                                ext_indirect_dptr ]] addr) →
                   Σp.?
            with
      [ DIRECT d ⇒
        λdirect: True.
          deplet 〈 bit_one, seven_bits 〉 as vsplit_refl ≝ vsplit ? 1 7 d in
            match head' … bit_one with
              [ true ⇒ set_bit_addressable_sfr ?? s (true:::seven_bits) v
              | false ⇒
                let memory ≝ insert ? 7 seven_bits v (low_internal_ram ?? s) in
                  set_low_internal_ram ?? s memory
              ]
      | INDIRECT i ⇒
        λindirect: True.
          let register ≝ get_register ?? s [[ false; false; i ]] in
          let 〈bit_one, seven_bits〉 ≝ vsplit ? 1 7 register in
            match head' … bit_one with
              [ false ⇒
                let memory ≝ insert … seven_bits v (low_internal_ram ?? s) in
                  set_low_internal_ram ?? s memory
              | true ⇒ 
                let memory ≝ insert … seven_bits v (high_internal_ram ?? s) in
                  set_high_internal_ram ?? s memory
              ]
      | REGISTER r ⇒ λregister: True. set_register ?? s r v
      | ACC_A ⇒ λacc_a: True. set_8051_sfr ?? s SFR_ACC_A v
      | ACC_B ⇒ λacc_b: True. set_8051_sfr ?? s SFR_ACC_B v
      | EXT_INDIRECT e ⇒
        λext_indirect: True.
          let address ≝ get_register ?? s [[ false; false; e ]] in
          let padded_address ≝ pad 8 8 address in
          let memory ≝ insert ? 16 padded_address v (external_ram ?? s) in
            set_external_ram ?? s memory
      | EXT_INDIRECT_DPTR ⇒
        λext_indirect_dptr: True.
          let address ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
          let memory ≝ insert ? 16 address v (external_ram ?? s) in
            set_external_ram ?? s memory
      | _ ⇒ 
        λother: False.
          match other in False with [ ]
      ] (subaddressing_modein … a)) normalize nodelta
  #M #sigma #policy #s' #v' #s_refl <s_refl
  whd in match map_address_mode_using_internal_pseudo_address_map_ok1; normalize nodelta
  whd in match map_address_mode_using_internal_pseudo_address_map_ok2; normalize nodelta
  [1,2:
    <vsplit_refl normalize nodelta >p normalize nodelta
    [ >(vsplit_ok … vsplit_refl) #_ @set_bit_addressable_sfr_status_of_pseudo_status
    | #_ #v_ok >(insert_low_internal_ram_status_of_pseudo_status … v) // ]
  |3,4: #EQ1 #EQ2 change with (get_register ????) in match register in p;
      >(get_register_status_of_pseudo_status … (refl …) (refl …))
      whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
      >EQ1 normalize nodelta >p normalize nodelta >p1 normalize nodelta
      [ >(insert_high_internal_ram_status_of_pseudo_status … v)
      | >(insert_low_internal_ram_status_of_pseudo_status … v) ]
      // <EQ2 @eq_f2 try % <(vsplit_ok … (sym_eq … p)) <eq_cons_head_append >p1 %
  |5: #EQ1 #EQ2 <EQ2 >(get_register_status_of_pseudo_status … (refl …) (refl …))
      whd in match map_internal_ram_address_using_pseudo_address_map; normalize nodelta
      >EQ1 normalize nodelta
      >external_ram_status_of_pseudo_status @set_external_ram_status_of_pseudo_status
  |6: #EQ1 #EQ2 <EQ2 /2 by set_register_status_of_pseudo_status/
  |7: #EQ1 #EQ2 <EQ2 /2 by set_8051_sfr_status_of_pseudo_status/
  |8: #_ #EQ <EQ @set_8051_sfr_status_of_pseudo_status %
  |9: #_ #EQ <EQ >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
      >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
      >external_ram_status_of_pseudo_status @set_external_ram_status_of_pseudo_status ] %
qed.

lemma set_arg_8_status_of_pseudo_status:
  ∀cm.
  ∀ps.
  ∀addr, addr':[[ direct ; indirect ; registr ; acc_a ; acc_b ; ext_indirect ; ext_indirect_dptr ]].
  ∀value.
  ∀M. ∀sigma. ∀policy. ∀s'. ∀value'.
   addr = addr' →
   status_of_pseudo_status M cm ps sigma policy = s' →
   map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
   map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr value = value' →
    set_arg_8 (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program cm sigma policy)
      s' addr value' =
    status_of_pseudo_status M cm (set_arg_8 … cm ps addr' value) sigma policy.
  #cm #ps #addr #addr' #value
  cases (set_arg_8_status_of_pseudo_status' cm ps addr value) #_ #relevant
  #M #sigma #policy #s' #value' #addr_refl <addr_refl
  @relevant
qed.

lemma p1_latch_status_of_pseudo_status:
    ∀M.
    ∀sigma.
    ∀policy.
    ∀code_memory: pseudo_assembly_program.
    ∀s: PreStatus … code_memory.
    ∀s'.
    (status_of_pseudo_status M code_memory s sigma policy) = s' →
    (p1_latch (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
      s' =
    (p1_latch pseudo_assembly_program code_memory s)).
  #M #sigma #policy #code_memory #s #s' #s_refl <s_refl //
qed.

lemma p3_latch_status_of_pseudo_status:
    ∀M.
    ∀sigma.
    ∀policy.
    ∀code_memory: pseudo_assembly_program.
    ∀s: PreStatus … code_memory.
    ∀s'.
    (status_of_pseudo_status M code_memory s sigma policy) = s' →
    (p3_latch (BitVectorTrie Byte 16)
      (code_memory_of_pseudo_assembly_program code_memory sigma policy)
      (status_of_pseudo_status M code_memory s sigma policy) =
    (p3_latch pseudo_assembly_program code_memory s)).
  #M #sigma #policy #code_memory #s #s' #s_refl <s_refl //
qed.

lemma get_bit_addressable_sfr_status_of_pseudo_status':
  let M ≝ pseudo_assembly_program in
    ∀code_memory: M.
    ∀s: PreStatus M code_memory.
    ∀d: Byte.
    ∀l: bool.
      Σp: Byte. ∀M. ∀sigma. ∀policy. ∀s'.
        status_of_pseudo_status M code_memory s sigma policy = s' →
        (get_bit_addressable_sfr (BitVectorTrie Byte 16)
          (code_memory_of_pseudo_assembly_program code_memory sigma policy)
          s' d l =
        map_address_Byte_using_internal_pseudo_address_map M sigma
         d (get_bit_addressable_sfr pseudo_assembly_program code_memory s d l)).
  whd in match get_bit_addressable_sfr;
  whd in match map_address_Byte_using_internal_pseudo_address_map;
  normalize nodelta
  @(let M ≝ pseudo_assembly_program in
    λcode_memory:M.
    λs: PreStatus M code_memory.
    λb: Byte.
    λl: bool.
    match sfr_of_Byte b with
    [ None ⇒ match not_implemented in False with [ ]
    | Some sfr8051_8052 ⇒
    match sfr8051_8052 with
    [ inl sfr ⇒
      match sfr with
      [ SFR_P1 ⇒
        if l then
          p1_latch … s
        else
          get_8051_sfr … s SFR_P1
      | SFR_P3 ⇒
        if l then
          p3_latch … s
        else
          get_8051_sfr … s SFR_P3
      | _ ⇒ get_8051_sfr … s sfr
      ]
    | inr sfr ⇒ get_8052_sfr M code_memory s sfr
    ]
    ])
  #M #sigma #policy #s' #s_refl <s_refl normalize nodelta
  /2 by get_8051_sfr_status_of_pseudo_status, p1_latch_status_of_pseudo_status, p3_latch_status_of_pseudo_status/
qed.

lemma get_bit_addressable_sfr_status_of_pseudo_status:
  let M ≝ pseudo_assembly_program in
    ∀code_memory: M.
    ∀s: PreStatus M code_memory.
    ∀d: Byte.
    ∀l: bool.
    ∀M. ∀sigma. ∀policy. ∀s'. ∀s''.
      map_address_Byte_using_internal_pseudo_address_map M sigma
         d (get_bit_addressable_sfr pseudo_assembly_program code_memory s d l) = s'' →
      (status_of_pseudo_status M code_memory s sigma policy) = s' →
        (get_bit_addressable_sfr (BitVectorTrie Byte 16)
          (code_memory_of_pseudo_assembly_program code_memory sigma policy)
          s' d l) = s''.
 #code #s #d #v
 cases (get_bit_addressable_sfr_status_of_pseudo_status' code s d v) #_ #relevant
 #M #sigma #policy #s' #s'' #s_refl #s_refl' <s_refl <s_refl' @relevant %
qed.

lemma program_counter_status_of_pseudo_status:
    ∀M. ∀sigma: Word → Word. ∀policy.
    ∀code_memory: pseudo_assembly_program.
    ∀s: PreStatus ? code_memory.
    ∀s'.
    ∀s''.
    sigma (program_counter … s) = s'' →
    (status_of_pseudo_status M code_memory s sigma policy) = s' →
      program_counter … (code_memory_of_pseudo_assembly_program code_memory sigma policy)
        s' = s''.
  #M #sigma #policy #code_memory #s #s' #s'' #s_refl #s_refl' <s_refl <s_refl' //
qed.

lemma get_cy_flag_status_of_pseudo_status:
  ∀M, cm, sigma, policy, s, s'.
  (status_of_pseudo_status M cm s sigma policy) = s' →
  (get_cy_flag (BitVectorTrie Byte 16)
    (code_memory_of_pseudo_assembly_program cm sigma policy)
    s' =
  get_cy_flag pseudo_assembly_program cm s).
  #M #cm #sigma #policy #s #s' #s_refl <s_refl
  whd in match get_cy_flag; normalize nodelta
  >(get_index_v_status_of_pseudo_status … (refl …)) %
qed.

lemma get_arg_8_status_of_pseudo_status':
  ∀cm.
  ∀ps.
  ∀l.
  ∀addr:[[ direct ; indirect ; registr ; acc_a ; acc_b ; data ; acc_dptr ; acc_pc ; ext_indirect ; ext_indirect_dptr ]].
    Σp: Byte. ∀M. ∀sigma. ∀policy. ∀s'.
      (status_of_pseudo_status M cm ps sigma policy) = s' →
      map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
      get_arg_8 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
      s' l addr =
      map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr (get_arg_8 … cm ps l addr).
  whd in match get_arg_8; normalize nodelta
  @(let m ≝ pseudo_assembly_program in
    λcm: m. λs: PreStatus m cm. λl: bool. λa: [[direct; indirect; registr; acc_a; acc_b; data; acc_dptr; acc_pc; ext_indirect; ext_indirect_dptr]].
    match a return λx. bool_to_Prop (is_in ? [[ direct; indirect; registr; acc_a; acc_b; data; acc_dptr; acc_pc; ext_indirect; ext_indirect_dptr ]] x) → Σp. ? with
      [ ACC_A ⇒ λacc_a: True. get_8051_sfr ?? s SFR_ACC_A
      | ACC_B ⇒ λacc_b: True. get_8051_sfr ?? s SFR_ACC_B
      | DATA d ⇒ λdata: True. d
      | REGISTER r ⇒ λregister: True. get_register ?? s r
      | EXT_INDIRECT_DPTR ⇒
        λext_indirect_dptr: True.
          let address ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
            lookup ? 16 address (external_ram ?? s) (zero 8)
      | EXT_INDIRECT e ⇒
        λext_indirect: True.
          let address ≝ get_register ?? s [[ false; false; e ]]  in
          let padded_address ≝ pad 8 8 address in
            lookup ? 16 padded_address (external_ram ?? s) (zero 8)
      | ACC_DPTR ⇒
        λacc_dptr: True.
          let dptr ≝ (get_8051_sfr ?? s SFR_DPH) @@ (get_8051_sfr ?? s SFR_DPL) in
          let padded_acc ≝ pad 8 8 (get_8051_sfr ?? s SFR_ACC_A) in
          let 〈carry, address〉 ≝ half_add 16 dptr padded_acc in
            lookup ? 16 address (external_ram ?? s) (zero 8)
      | ACC_PC ⇒
        λacc_pc: True.
          let padded_acc ≝ pad 8 8 (get_8051_sfr ?? s SFR_ACC_A) in
          let 〈 carry, address 〉 ≝ half_add 16 (program_counter ?? s) padded_acc in
            lookup ? 16 address (external_ram ?? s) (zero 8)
      | DIRECT d ⇒
        λdirect: True.
          let 〈hd, seven_bits〉 ≝ vsplit bool 1 7 d in
            match head' … hd with
            [ true ⇒ get_bit_addressable_sfr m cm s (true:::seven_bits) l
            | false ⇒ lookup ? 7 seven_bits (low_internal_ram … s) (zero …)
            ]
      | INDIRECT i ⇒
        λindirect: True.
          let 〈hd, seven_bits〉 ≝ vsplit bool 1 7 (get_register … s [[false;false;i]]) in
            match head' … hd with
            [ true ⇒ lookup ? 7 seven_bits (high_internal_ram … s) (zero …)
            | false ⇒ lookup ? 7 seven_bits (low_internal_ram … s) (zero …)
            ]
      | _ ⇒ λother: False.
        match other in False with [ ]
      ] (subaddressing_modein … a)) normalize nodelta
  #M #sigma #policy #s' #s_refl <s_refl
  whd in match map_address_mode_using_internal_pseudo_address_map_ok1; normalize nodelta
  whd in match map_address_mode_using_internal_pseudo_address_map_ok2; normalize nodelta
  [1:
    #_ >p normalize nodelta >p1 normalize nodelta
    @(get_bit_addressable_sfr_status_of_pseudo_status … (refl …)) %
  |2:
    #_>p normalize nodelta >p1 normalize nodelta
    @(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma) %
  |3,4:
    #assoc_list_assm >(get_register_status_of_pseudo_status … (refl …) (refl …))
    whd in match map_internal_ram_address_using_pseudo_address_map in ⊢ (??%?); normalize nodelta
    >assoc_list_assm normalize nodelta >p normalize nodelta >p1 normalize nodelta
    [1:
      @(lookup_high_internal_ram_of_pseudo_high_internal_ram … sigma)
    |2:
      @(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma)
    ]
    @eq_f2 try % <(vsplit_ok … (sym_eq … p)) <eq_cons_head_append >p1 %
  |5:
    #assoc_list_assm >(get_register_status_of_pseudo_status … (refl …) (refl …))
    whd in match map_internal_ram_address_using_pseudo_address_map in ⊢ (??%?); normalize nodelta
    >assoc_list_assm normalize nodelta %
  |6,7,8,9:
    #_ /2 by refl, get_register_status_of_pseudo_status, get_index_v_status_of_pseudo_status/
  |10:
    #acc_a_assm >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
    >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
    >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
    >acc_a_assm >p normalize nodelta //
  |11:
    * #map_acc_a_assm #sigma_assm >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
    >(program_counter_status_of_pseudo_status … (refl …) (refl …))
    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
    >sigma_assm >map_acc_a_assm >p normalize nodelta //
  |12:
    #_ >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
    >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
    >external_ram_status_of_pseudo_status //
  ]
qed.

lemma get_arg_8_status_of_pseudo_status:
  ∀cm.
  ∀ps.
  ∀l.
  ∀addr:[[ direct ; indirect ; registr ; acc_a ; acc_b ; data ; acc_dptr ; acc_pc ; ext_indirect ; ext_indirect_dptr ]].
  ∀M. ∀sigma. ∀policy. ∀s', s''.
      (status_of_pseudo_status M cm ps sigma policy) = s' →
      map_address_mode_using_internal_pseudo_address_map_ok2 … M sigma cm ps addr (get_arg_8 … cm ps l addr) = s'' →
      map_address_mode_using_internal_pseudo_address_map_ok1 M cm ps sigma addr →
      get_arg_8 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
      s' l addr = s''.
  #cm #ps #l #addr
  cases (get_arg_8_status_of_pseudo_status' cm ps l addr) #_ #relevant
  #M #sigma #policy #s' #s'' #s_refl #s_refl' <s_refl'
  @relevant assumption
qed.

lemma get_arg_16_status_of_pseudo_status:
  ∀cm.
  ∀ps.
  ∀addr: [[data16]].
  ∀M. ∀sigma. ∀policy. ∀s'.
    status_of_pseudo_status M cm ps sigma policy = s' →
      get_arg_16 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
      s' addr =
      (get_arg_16 … cm ps addr).
  #cm #ps #addr #M #sigma #policy #s' #s_refl <s_refl //
qed.

lemma set_arg_16_status_of_pseudo_status:
  ∀cm.
  ∀ps.
  ∀addr: [[dptr]].
  ∀v: Word.
  ∀M. ∀sigma. ∀policy. ∀s'.
    status_of_pseudo_status M cm ps sigma policy = s' →
      set_arg_16 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
      s' v addr =
      status_of_pseudo_status M cm (set_arg_16 ? cm ps v addr) sigma policy.
  #cm #ps #addr #v #M #sigma #policy #s' #s_refl <s_refl
  @(subaddressing_mode_elim … addr)
  whd in match set_arg_16; normalize nodelta
  whd in match set_arg_16'; normalize nodelta
  @(vsplit_elim bool ???) #bu #bl #bu_bl_refl normalize nodelta
  @set_8051_sfr_status_of_pseudo_status try % @sym_eq
  @set_8051_sfr_status_of_pseudo_status %
qed.

definition map_bit_address_mode_using_internal_pseudo_address_map_get ≝
 λM:internal_pseudo_address_map.λcm: pseudo_assembly_program.λs:PreStatus ? cm.λsigma: Word → Word. λaddr. λl.
  match addr with
  [ BIT_ADDR b ⇒
    let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 b in
    match head' … bit_1 with
    [ true ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let d ≝ address ÷ 8 in
      let m ≝ address mod 8 in
      let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
        map_address_Byte_using_internal_pseudo_address_map M sigma trans (get_bit_addressable_sfr pseudo_assembly_program cm s trans l) = get_bit_addressable_sfr … cm s trans l
    | false ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
      let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
        map_internal_ram_address_using_pseudo_address_map M sigma
          (false:::address') t = t
    ]
  | N_BIT_ADDR b ⇒
    let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 b in
    match head' … bit_1 with
    [ true ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let d ≝ address ÷ 8 in
      let m ≝ address mod 8 in
      let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
        map_address_Byte_using_internal_pseudo_address_map M sigma trans (get_bit_addressable_sfr pseudo_assembly_program cm s trans l) = get_bit_addressable_sfr … cm s trans l
    | false ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
      let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
        map_internal_ram_address_using_pseudo_address_map M sigma
          (false:::address') t = t
    ]
  | _ ⇒ True ].

lemma get_arg_1_status_of_pseudo_status':
  ∀cm.
  ∀ps.
  ∀addr: [[bit_addr; n_bit_addr; carry]].
  ∀l.
    Σb: bool. ∀M. ∀sigma. ∀policy. ∀s'.
      status_of_pseudo_status M cm ps sigma policy = s' →
      map_bit_address_mode_using_internal_pseudo_address_map_get M cm ps sigma addr l →
      get_arg_1 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
      s' addr l =
      (get_arg_1 … cm ps addr l).
  whd in match get_arg_1; normalize nodelta
  @(let m ≝ pseudo_assembly_program in
    λcm: m. λs: PseudoStatus cm. λa:[[bit_addr; n_bit_addr; carry]]. λl.
    match a return λx. bool_to_Prop (is_in ? [[ bit_addr ;
                                                 n_bit_addr ;
                                                 carry ]] x) → Σb: bool. ? with
      [ BIT_ADDR b ⇒
        λbit_addr: True.
        let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 b in
        match head' … bit_1 with
        [ true ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let d ≝ address ÷ 8 in
          let m ≝ address mod 8 in
          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
          let sfr ≝ get_bit_addressable_sfr ?? s trans l in
            get_index_v … sfr m ?
        | false ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
          let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
            get_index_v … t (modulus address 8) ? 
        ]
      | N_BIT_ADDR n ⇒
        λn_bit_addr: True.
        let 〈bit_1, seven_bits〉 ≝ vsplit … 1 7 n in
        match head' … bit_1 with
        [ true ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let d ≝ address ÷ 8 in
          let m ≝ address mod 8 in
          let trans ≝ bitvector_of_nat 8 ((d * 8) + 128) in
          let sfr ≝ get_bit_addressable_sfr ?? s trans l in
            ¬(get_index_v … sfr m ?)
        | false ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
          let t ≝ lookup … 7 address' (low_internal_ram ?? s) (zero 8) in
            ¬(get_index_v … t (modulus address 8) ?)
        ]
      | CARRY ⇒ λcarry: True. get_cy_flag ?? s
      | _ ⇒ λother.
        match other in False with [ ]
      ] (subaddressing_modein … a)) normalize nodelta
  try @modulus_less_than
  #M #sigma #policy #s' #s_refl <s_refl
  [1:
    #_ >(get_cy_flag_status_of_pseudo_status … (refl …)) %
  |2,4:
    whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta
    >(get_bit_addressable_sfr_status_of_pseudo_status … (refl …) (refl …)) #map_address_assm
    >map_address_assm %
  |3,5:
    whd in ⊢ (% → ?); >p normalize nodelta >p1 normalize nodelta
    whd in match status_of_pseudo_status; normalize nodelta
    >(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma … (refl …))
    #map_address_assm >map_address_assm %
  ]
qed.

lemma get_arg_1_status_of_pseudo_status:
  ∀cm.
  ∀ps.
  ∀addr, addr': [[bit_addr; n_bit_addr; carry]].
  ∀l.
  ∀M. ∀sigma. ∀policy. ∀s'.
    addr = addr' →
    status_of_pseudo_status M cm ps sigma policy = s' →
      map_bit_address_mode_using_internal_pseudo_address_map_get M cm ps sigma addr l →
      get_arg_1 (BitVectorTrie Byte 16) (code_memory_of_pseudo_assembly_program cm sigma policy)
      s' addr l =
      (get_arg_1 … cm ps addr' l).
  #cm #ps #addr #addr' #l
  cases (get_arg_1_status_of_pseudo_status' cm ps addr l) #_ #assm
  #M #sigma #policy #s' #addr_refl <addr_refl
  @assm
qed.

definition map_bit_address_mode_using_internal_pseudo_address_map_set_1 ≝
  λM: internal_pseudo_address_map.
  λcm: pseudo_assembly_program.
  λs: PreStatus ? cm.
  λsigma: Word → Word.
  λaddr: [[bit_addr; carry]].
  λv: Bit.
  match addr with
  [ BIT_ADDR b ⇒
    let 〈bit_1, seven_bits〉 ≝ vsplit bool 1 7 b in
    match head' … bit_1 with
    [ true ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let d ≝ address ÷ 8 in
      let m ≝ address mod 8 in
      let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
      let sfr ≝ get_bit_addressable_sfr … s t true in
        map_address_Byte_using_internal_pseudo_address_map M sigma t sfr = sfr
    | false ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
      let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
        map_internal_ram_address_using_pseudo_address_map M sigma
          (false:::address') t = t
    ]   
  | CARRY ⇒ True
  | _ ⇒ True
  ].

definition map_bit_address_mode_using_internal_pseudo_address_map_set_2 ≝
  λM: internal_pseudo_address_map.
  λcm: pseudo_assembly_program.
  λs: PreStatus ? cm.
  λsigma: Word → Word.
  λaddr: [[bit_addr; carry]].
  λv: Bit.
  match addr with
  [ BIT_ADDR b ⇒
    let 〈bit_1, seven_bits〉 ≝ vsplit bool 1 7 b in
    match head' … bit_1 with
    [ true ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let d ≝ address ÷ 8 in
      let m ≝ address mod 8 in
      let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
      let sfr ≝ get_bit_addressable_sfr … s t true in
      let new_sfr ≝ set_index … sfr m v ? in
        map_address_Byte_using_internal_pseudo_address_map M sigma new_sfr t = t
    | false ⇒
      let address ≝ nat_of_bitvector … seven_bits in
      let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
      let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
      let n_bit ≝ set_index … t (modulus address 8) v ? in
      let memory ≝ insert ? 7 address' n_bit (low_internal_ram ?? s) in
        map_internal_ram_address_using_pseudo_address_map M sigma
          (false:::address') n_bit = n_bit
    ]   
  | CARRY ⇒ True
  | _ ⇒ True
  ].
  @modulus_less_than
qed.

lemma set_arg_1_status_of_pseudo_status':
  ∀cm: pseudo_assembly_program.
  ∀ps: PreStatus pseudo_assembly_program cm.
  ∀addr: [[bit_addr; carry]].
  ∀b: Bit.
    Σp: PreStatus … cm. ∀M. ∀sigma. ∀policy. ∀s'. ∀b'.
      b = b' →
      status_of_pseudo_status M cm ps sigma policy = s' →
      map_bit_address_mode_using_internal_pseudo_address_map_set_1 M cm ps sigma addr b →
      map_bit_address_mode_using_internal_pseudo_address_map_set_2 M cm ps sigma addr b →
        set_arg_1 (BitVectorTrie Byte 16)
          (code_memory_of_pseudo_assembly_program cm sigma policy)
          s' addr b =
        status_of_pseudo_status M cm (set_arg_1 … cm ps addr b') sigma policy.
  whd in match set_arg_1; normalize nodelta
  whd in ⊢ (? → ? → ? → ? → ??(λx.? → ? → ? → ? → ? → ? → ? → %?????? → %?????? → ?));
  normalize nodelta
  @(let m ≝ pseudo_assembly_program in
    λcm.
    λs: PreStatus m cm.
    λa: [[bit_addr; carry]].
    λv: Bit.
    match a return λx. bool_to_Prop (is_in ? [[bit_addr ; carry]] x) → Σp. ? with
      [ BIT_ADDR b ⇒ λbit_addr: True.
        let 〈bit_1, seven_bits〉 ≝ vsplit bool 1 7 b in
        match head' … bit_1 with
        [ true ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let d ≝ address ÷ 8 in
          let m ≝ address mod 8 in
          let t ≝ bitvector_of_nat 8 ((d * 8) + 128) in
          let sfr ≝ get_bit_addressable_sfr … s t true in
          let new_sfr ≝ set_index … sfr m v ? in
            set_bit_addressable_sfr … s new_sfr t
        | false ⇒
          let address ≝ nat_of_bitvector … seven_bits in
          let address' ≝ bitvector_of_nat 7 ((address ÷ 8) + 32) in
          let t ≝ lookup ? 7 address' (low_internal_ram ?? s) (zero 8) in
          let n_bit ≝ set_index … t (modulus address 8) v ? in
          let memory ≝ insert ? 7 address' n_bit (low_internal_ram ?? s) in
            set_low_internal_ram … s memory
        ]
      | CARRY ⇒
        λcarry: True.
        let 〈ignore, seven_bits〉 ≝ vsplit bool 1 7 (get_8051_sfr … s SFR_PSW) in
        let new_psw ≝ v:::seven_bits in
          set_8051_sfr ?? s SFR_PSW new_psw
      | _ ⇒
        λother: False.
          match other in False with
            [ ]
      ] (subaddressing_modein … a)) normalize nodelta
  try @modulus_less_than #M #sigma #policy #s' #b' #b_refl <b_refl #s_refl <s_refl
  [1:
    #_ #_ >(get_8051_sfr_status_of_pseudo_status … (refl …) (refl …))
    whd in match map_address_using_internal_pseudo_address_map; normalize nodelta
    >p normalize nodelta @set_8051_sfr_status_of_pseudo_status %
  |2,3:
    >p normalize nodelta >p1 normalize nodelta
    #map_bit_address_assm_1 #map_bit_address_assm_2
    [1:
      >(get_bit_addressable_sfr_status_of_pseudo_status … (refl …) (refl …))
      >map_bit_address_assm_1
      >(set_bit_addressable_sfr_status_of_pseudo_status cm s … map_bit_address_assm_2) %
    |2:
      whd in match status_of_pseudo_status in ⊢ (??(????%)?); normalize nodelta
      >(lookup_low_internal_ram_of_pseudo_low_internal_ram … sigma … (refl …))
      >map_bit_address_assm_1
      >(insert_low_internal_ram_of_pseudo_low_internal_ram … map_bit_address_assm_2)
      >set_low_internal_ram_status_of_pseudo_status in ⊢ (??%?); %
    ]
  ]
qed.

lemma set_arg_1_status_of_pseudo_status:
  ∀cm: pseudo_assembly_program.
  ∀ps: PreStatus pseudo_assembly_program cm.
  ∀addr: [[bit_addr; carry]].
  ∀b: Bit.
  ∀M. ∀sigma. ∀policy. ∀s'. ∀b'.
      b = b' →
      status_of_pseudo_status M cm ps sigma policy = s' →
      map_bit_address_mode_using_internal_pseudo_address_map_set_1 M cm ps sigma addr b →
      map_bit_address_mode_using_internal_pseudo_address_map_set_2 M cm ps sigma addr b →
        set_arg_1 (BitVectorTrie Byte 16)
          (code_memory_of_pseudo_assembly_program cm sigma policy)
          s' addr b =
        status_of_pseudo_status M cm (set_arg_1 … cm ps addr b') sigma policy.
  #cm #ps #addr #b
  cases (set_arg_1_status_of_pseudo_status' cm ps addr b) #_ #relevant
  @relevant
qed.

lemma clock_status_of_pseudo_status:
 ∀M,cm,sigma,policy,s,s'.
  (status_of_pseudo_status M cm s sigma policy) = s' →
  clock …
   (code_memory_of_pseudo_assembly_program cm sigma policy)
   s'
  = clock … cm s.
  #M #cm #sigma #policy #s #s' #s_refl <s_refl //
qed.

lemma set_clock_status_of_pseudo_status:
 ∀M,cm,sigma,policy,s,s',v,v'.
 status_of_pseudo_status M cm s sigma policy = s' →
 v = v' →
  set_clock …
   (code_memory_of_pseudo_assembly_program cm sigma policy)
   s' v
  = status_of_pseudo_status M cm (set_clock … cm s v') sigma policy.
  #M #cm #sigma #policy #s #s' #v #v' #s_refl #v_refl <s_refl <v_refl //
qed.

lemma set_flags_status_of_pseudo_status:
  ∀M.
  ∀sigma.
  ∀policy.
  ∀code_memory: pseudo_assembly_program.
  ∀s: PreStatus ? code_memory.
  ∀s'.
  ∀b, b': Bit.
  ∀opt, opt': option Bit.
  ∀c, c': Bit.
    b = b' →
    opt = opt' →
    c = c' →
    status_of_pseudo_status M code_memory s sigma policy = s' →
      set_flags … s' b opt c =
        status_of_pseudo_status M code_memory (set_flags … code_memory s b' opt' c') sigma policy.
  #M #sigma #policy #code_memory #s #s' #b #b' #opt #opt' #c #c'
  #b_refl #opt_refl #c_refl <b_refl <opt_refl <c_refl #s_refl <s_refl
  whd in match status_of_pseudo_status; normalize nodelta
  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
  cases (\snd M)
  [1:
    normalize nodelta %
  |2:
    * #address normalize nodelta
    @(vsplit_elim bool ???) #high #low #high_low_refl normalize nodelta
    whd in ⊢ (??%%); cases opt try #opt' normalize nodelta
    @split_eq_status try % whd in match (sfr_8051_index ?);
    cases daemon
  ]
qed.

lemma get_ac_flag_status_of_pseudo_status:
  ∀M: internal_pseudo_address_map.
  ∀sigma: Word → Word.
  ∀policy: Word → bool.
  ∀code_memory: pseudo_assembly_program.
  ∀s: PreStatus ? code_memory.
  ∀s'.
    status_of_pseudo_status M code_memory s sigma policy = s' →
      get_ac_flag ?? s' = get_ac_flag ? code_memory s.
  #M #sigma #policy #code_memory #s #s' #s_refl <s_refl
  whd in match get_ac_flag; normalize nodelta
  whd in match status_of_pseudo_status; normalize nodelta
  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
  cases (\snd M) try %
  * normalize nodelta #address
  @(vsplit_elim bool ???) #high #low #high_low_refl normalize nodelta
  whd in match sfr_8051_index; normalize nodelta
  >get_index_v_set_index_miss [2,4: /2/] %
qed.

lemma get_ov_flag_status_of_pseudo_status:
  ∀M: internal_pseudo_address_map.
  ∀sigma: Word → Word.
  ∀policy: Word → bool.
  ∀code_memory: pseudo_assembly_program.
  ∀s: PreStatus ? code_memory.
  ∀s'.
    status_of_pseudo_status M code_memory s sigma policy = s' →
      get_ov_flag ?? s' = get_ov_flag ? code_memory s.
  #M #sigma #policy #code_memory #s #s' #s_refl <s_refl
  whd in match get_ov_flag; normalize nodelta
  whd in match status_of_pseudo_status; normalize nodelta
  whd in match sfr_8051_of_pseudo_sfr_8051; normalize nodelta
  cases (\snd M) try %
  * normalize nodelta #address
  @(vsplit_elim bool ???) #high #low #high_low_refl normalize nodelta
  whd in match sfr_8051_index; normalize nodelta
  >get_index_v_set_index_miss [2,4: /2/] %
qed.