

@2241

8 years 
boender 
 merged changes by Claudio



@2240

8 years 
sacerdot 
All "interesting" technical lemmas singled out, proofs to be uncommented.



@2239

8 years 
sacerdot 
One more lemma polished.



@2238

8 years 
sacerdot 
Taken out lemma integrated.



@2237

8 years 
sacerdot 
Even shorter version.



@2236

8 years 
sacerdot 
One subproof made shorter.



@2235

8 years 
sacerdot 
Towards smaller proofs.



@2234

8 years 
garnier 
Progress on proving semantics preservation under memory injections.



@2233

8 years 
tranquil 
* completed update of ERTL semantics
* some minor changes in joint …



@2232

8 years 
campbell 
Remove unused block structure in Cminor.



@2231

8 years 
garnier 
Various tiny lemmas used in at least two files in the forntend.



@2230

8 years 
sacerdot 
Glue proof maximally simplified or sort of.



@2229

8 years 
sacerdot 
More cleaning up, ready for more aggressive factorization.



@2228

8 years 
sacerdot 
Further proof reduction.



@2227

8 years 
garnier 
* New version of the switch removal algorithm, described at the top of …



@2226

8 years 
campbell 
Whole program proof.



@2225

8 years 
sacerdot 
Minor and major improvements everywhere, shortened proofs.



@2224

8 years 
campbell 
Proper whole program result in RTLabs/Traces



@2223

8 years 
campbell 
Simplify RTLabs structure traces proofs by getting rid of wrong …



@2222

8 years 
sacerdot 
More robust to possible future changes to the "in match" semantics …



@2221

8 years 
boender 
 removed cases daemon from PolicyFront?



@2220

8 years 
sacerdot 
Some minor speed up and daemonuncommenting.



@2219

8 years 
campbell 
Speed up cast simplification proof checking a bit.



@2218

8 years 
campbell 
Separate out cost properties required of RTLabs programs from the …



@2217

8 years 
tranquil 
* collapsed step_params, unserialized_params, funct_params and …



@2216

8 years 
mulligan 
More work on the big lemma. Nearly there now.



@2215

8 years 
sacerdot 
Some speed up.



@2214

8 years 
tranquil 
* changed order of parameters of joint_internal_function and genv in …



@2213

8 years 
boender 
 removed one cases daemon



@2212

8 years 
mulligan 
More work on the INC case



@2211

8 years 
boender 
 finished proof of sigma specification
 added some stuff to Util, as …



@2210

8 years 
mulligan 
XOR case completely finished.



@2209

8 years 
mulligan 
Closed major daemons in the supporting lemmas of the main lemma.



@2208

8 years 
tranquil 
* moving some code around
* changed immediates to hold beval in …



@2207

8 years 
mulligan 
Improvements and corrections to the main lemma proof in …



@2206

8 years 
campbell 
Add note about cost maps to simulation definition.



@2205

8 years 
campbell 
Get correctness.ma type checking again.



@2204

8 years 
sacerdot 
Shuffling around, suggestions, improvements.



@2203

8 years 
campbell 
A general result about simulations of executions.



@2202

8 years 
campbell 
Start defining equivalent executions.



@2201

8 years 
campbell 
Forgotten comment update.



@2200

8 years 
tranquil 
* updated joint semantics: generation of linear and graph semantics
* …



@2199

8 years 
sacerdot 
No longer used lemma containing the last daemon removed.
The proof is …



@2198

8 years 
mulligan 
Work from today.



@2197

8 years 
sacerdot 
Main lemmas all closed.



@2196

8 years 
sacerdot 
Speed up using patterns.



@2195

8 years 
mulligan 
Got AssemblyProof?.ma compiling again using daemons.



@2194

8 years 
sacerdot 
1. monotone moved to Assembly
2. some easier daemons, one shows an …



@2193

8 years 
sacerdot 
Statement cleanup.



@2192

8 years 
sacerdot 
Shuffling around.



@2191

8 years 
sacerdot 
Only one daemon left.



@2190

8 years 
sacerdot 
Two daemons left.



@2189

8 years 
sacerdot 
Proof very close to completion.



@2188

8 years 
sacerdot 
1. Policy specification generalized
2. All invariants but the main one …



@2187

8 years 
mulligan 
Work from today on the big proof.



@2186

8 years 
tranquil 
updated joint semantics



@2185

8 years 
campbell 
Use bitvectors for offsets.



@2184

8 years 
campbell 
Minor fix ups.



@2183

8 years 
mulligan 
More progress on main lemma proof.



@2182

8 years 
tranquil 
updated linearisation pass



@2181

8 years 
mulligan 
Work from the last week on the new formulation of the main lemma for …



@2180

8 years 
campbell 
Fix offbyone error in GenMem?.ma.



@2179

8 years 
campbell 
Dependent pair monad binding notation.



@2178

8 years 
campbell 
Shift some notation into utilities.



@2177

8 years 
campbell 
Tidy up multiplication.



@2176

8 years 
campbell 
Remove memory spaces other than XData and Code; simplify pointers as a …



@2175

8 years 
tranquil 
corrected small bug



@2174

8 years 
tranquil 
* factored out script for (axiomatised) fixpoint computation
* ERTL → …



@2173

8 years 
mulligan 
MUL case of main lemma nearly complete (subject to two small holes …



@2172

8 years 
mulligan 
Moved new versions of get_ / set_arg_* into Status.ma. Commented out …



@2171

8 years 
mulligan 
Finished the commutations



@2170

8 years 
sacerdot 
Splitted from AssemblyProofSplit?.ma



@2169

8 years 
tranquil 
corrected bug where definition of carry bit by MUL and DIV (which …



@2168

8 years 
sacerdot 
No more daemons left! All axioms are real axioms.



@2167

8 years 
sacerdot 
Only one daemon left.



@2166

8 years 
sacerdot 
1. less daemons
2. more easily usable statement



@2165

8 years 
sacerdot 
Only three daemons left.



@2164

8 years 
sacerdot 
More steady progress.



@2163

8 years 
sacerdot 
Steady progress.



@2162

8 years 
tranquil 
* yet another correction to joint
* added functions adding prologues …



@2161

8 years 
sacerdot 
Most of the old proof restored.



@2160

8 years 
mulligan 
Added a new scratch file Test.ma for working on lemmas that are needed …



@2159

8 years 
sacerdot 
One daemon left, back to original proof.



@2158

8 years 
sacerdot 
One less daemon.



@2157

8 years 
sacerdot 
Anticipating a proof needed before.



@2156

8 years 
sacerdot 
One more invariant, one less daemon.



@2155

8 years 
tranquil 
updates to blocks and RTLabs to RTL translation (which sidesteps …



@2154

8 years 
sacerdot 
Code shuffled around.



@2153

8 years 
boender 
 updated the proof some more



@2152

8 years 
boender 
 this should compile



@2151

8 years 
sacerdot 
1. Lemmas from AssemblyProof? anticipated to Assembly.ma
2. Jaap's …



@2150

8 years 
campbell 
Add labelling result to the correctness file.



@2149

8 years 
sacerdot 
Code shuffling to proper places.



@2148

8 years 
sacerdot 
1. specification made more userfriendly for AssemblyProof?
2. no more …



@2147

8 years 
sacerdot 
Theorem closed (up to one more lemma on overflow), but new proof …



@2146

8 years 
sacerdot 
1. specification fixed again
2. the proof in AssemblyProof? is now …



@2145

8 years 
campbell 
Cost labelling doesn't affect interaction.



@2144

8 years 
sacerdot 
1. Policy specification fixed
2. Proof of monotonicity of sigma



@2143

8 years 
mulligan 
Changes to the subaddressing mode elim functions moved into their …



@2142

8 years 
sacerdot 
Down to one daemon that requires one lemma (monotonicity of sigma).


