

@2157

8 years 
sacerdot 
Anticipating a proof needed before.



@2151

8 years 
sacerdot 
1. Lemmas from AssemblyProof? anticipated to Assembly.ma
2. Jaap's …



@2149

8 years 
sacerdot 
Code shuffling to proper places.



@2148

8 years 
sacerdot 
1. specification made more userfriendly for AssemblyProof?
2. no more …



@2147

8 years 
sacerdot 
Theorem closed (up to one more lemma on overflow), but new proof …



@2146

8 years 
sacerdot 
1. specification fixed again
2. the proof in AssemblyProof? is now …



@2144

8 years 
sacerdot 
1. Policy specification fixed
2. Proof of monotonicity of sigma



@2143

8 years 
mulligan 
Changes to the subaddressing mode elim functions moved into their …



@2142

8 years 
sacerdot 
Down to one daemon that requires one lemma (monotonicity of sigma).



@2138

8 years 
sacerdot 
Invariant exported from proof of assembly_ok.



@2136

8 years 
sacerdot 
…



@2135

8 years 
sacerdot 
One complex daemon changed to two simpler ones.



@2132

8 years 
sacerdot 
Two more daemons closed, one left.



@2131

8 years 
sacerdot 
No more need for functional extensionality.



@2129

8 years 
mulligan 
Large changes from today trying to complete the main theorem. Again :(



@2128

8 years 
sacerdot 
Final shuffling around



@2124

8 years 
sacerdot 
Much more shuffling around to proper places



@2122

8 years 
sacerdot 
More stuff moved around in proper places



@2121

8 years 
sacerdot 
More functions moved to the places they belong to



@2119

8 years 
sacerdot 
load_code_memory moved to Fetch.ma and proved correct w.r.t. next …



@2115

8 years 
sacerdot 
Old commented out code removed



@2113

8 years 
sacerdot 
Proof by cases repaired; dead code removed.



@2112

8 years 
sacerdot 
WARNING: this commit may break some code.
 dead/useless code removed



@2111

8 years 
sacerdot 
Cleanup: lemmas/theorems/axioms moved to the right places.



@2110

8 years 
sacerdot 
…



@2108

8 years 
mulligan 
Various axioms closed and others moved around. Uncommented main lemma …



@2078

8 years 
sacerdot 
sigma_policy_specification has been
1) strengthened
2) made nicer to …



@2075

8 years 
mulligan 
Solved conflict in AssemblyProof?



@2057

8 years 
sacerdot 
Repaired (was broken by fetch_pseudo_instruction now taking a proof …



@2032

8 years 
sacerdot 
!! BEWARE: major commit !!
1) [affects everybody]
split for …



@2024

8 years 
mulligan 
Updated AssemblyProof? to fix mismatch in definition of lookup_labels …



@2021

8 years 
sacerdot 
Proof skeleton in place. Several daemons to be closed adding invariants.



@1984

8 years 
mulligan 
Most proof obligations closed in main_lemma apart from those of the …



@1983

8 years 
mulligan 
Changes to simplify the simpler cases of the main_lemma.



@1975

8 years 
mulligan 
Work from today on closing main_thm.



@1972

8 years 
mulligan 
Simple lemma with strangely complex proof complete.



@1966

8 years 
mulligan 
Progress made on main_thm proof: trying to find a pattern to use …



@1957

8 years 
mulligan 
Stitching proofs back together after slight change in statement of …



@1955

8 years 
mulligan 
Completed proof of snd_assembly_1_pseudoinstruction_ok, modulo some …



@1953

8 years 
mulligan 
Commit to avoid conflicts.



@1952

8 years 
sacerdot 
AssemblyProof? splitted.



@1948

8 years 
mulligan 
Weakened statements of ASM/Assembly.ma and ASM/AssemblyProof.ma, so …



@1947

8 years 
sacerdot 
Failure of automation/demod investigated a little bit.



@1946

8 years 
sacerdot 
\snd half_add => add everywhere



@1945

8 years 
sacerdot 
All proof statements repaired.



@1941

8 years 
mulligan 
Changes to the AssemblyProof? with a few more (large) axioms closed.



@1939

8 years 
mulligan 
Changes to get things to compile and to avoid the dependency …



@1936

8 years 
mulligan 
Some holes filled in AssemblyProof?.ma.



@1668

9 years 
boender 
 split build_maps into build_maps and build_maps_ok
 work with CSC …



@1667

9 years 
sacerdot 
Main lemma for the main_thm of AssemblyProof? redeclared as an axiom …



@1666

9 years 
sacerdot 
PreStatus? datatype change: the code_memory field is not a left …



@1649

9 years 
boender 
 changes to Assembly for integration with Policy and easier use of …



@1616

9 years 
sacerdot 
Partially ported to new Matita syntax.
Because of some changes in …



@1607

9 years 
sacerdot 
Porting to new library.



@1484

9 years 
sacerdot 
…



@1333

9 years 
sacerdot 
Avoid using the name of the construction of jmeq.



@1045

9 years 
mulligan 
resolved conflict in rtlabs



@1043

9 years 
sacerdot 
Axiom commented out.



@1042

9 years 
sacerdot 
Dead code removed.
Slow code uncommented.



@1041

9 years 
sacerdot 
fetch_assembly is still working after bug fix



@1039

9 years 
sacerdot 
fetch_assembly_pseudo2 repaired from dependent type madness



@1037

9 years 
sacerdot 
Main theorem: comments are working again.



@1036

9 years 
sacerdot 
…



@1035

9 years 
sacerdot 
Main theorem (broken because of dependent types) almost restored.



@1015

9 years 
sacerdot 
One intermediate version of main_thm0 close to be repaired.



@1014

9 years 
sacerdot 
The main theorem is completely broken (again).



@998

9 years 
sacerdot 
Half repaired, half broken. Most functions no longer return option …



@994

9 years 
mulligan 
small changes



@993

9 years 
sacerdot 
More Russell everywhere; getting closer to the goal.



@992

9 years 
mulligan 
a few more axioms closed



@991

9 years 
mulligan 
loads of axioms related to equality on instructions closed



@989

9 years 
sacerdot 
Type of build_maps strengthened.



@988

9 years 
sacerdot 
Proof restored.



@987

9 years 
sacerdot 
Real parameterization over the policy.



@985

9 years 
sacerdot 
1) Major refactoring: proofs moved where they should be.
2) New …



@982

9 years 
boender 
 this should work (see previous commit)



@979

9 years 
sacerdot 
…



@977

9 years 
sacerdot 
#$%@#$@#$



@975

9 years 
sacerdot 
…



@972

9 years 
sacerdot 
…



@971

9 years 
sacerdot 
…



@959

9 years 
sacerdot 
…



@951

9 years 
sacerdot 
long call case completed



@950

9 years 
sacerdot 
Horrible subproof finished :)



@949

9 years 
mulligan 
resolved conflict, work from today



@948

9 years 
sacerdot 
Some progress on the Call case.



@946

9 years 
sacerdot 
Jmp case repaired after addition of MAP hypothesis.



@945

9 years 
mulligan 
more small changes to proof of main thrm



@944

9 years 
mulligan 
split definition



@943

9 years 
sacerdot 
…



@942

9 years 
sacerdot 
New invariant for the main theorem.
The new invariant is much more …



@941

9 years 
sacerdot 
Jmp case finished up to arithmetical properties.



@940

9 years 
mulligan 
more changes to inc case of main theorem



@939

9 years 
sacerdot 
Long Jmp case finished.



@938

9 years 
sacerdot 
…



@937

9 years 
mulligan 
resolved conflict in assembly_proof, more lemmas added



@936

9 years 
sacerdot 
Ticks are now handled correctly everywhere and the main proof takes …



@935

9 years 
mulligan 
changes to status and assembly proof



@934

9 years 
sacerdot 
…



@933

9 years 
sacerdot 
New proof strategy.


