

@2899

7 years 
sacerdot 
1. some renaming ASM_xxx to OC_xxx
2. ASM_pre_classified_system …



@2516

7 years 
mckinna 
removed typedefs; restored older versions; moved typedefs to …



@2498

7 years 
mckinna 
Refactor:
Typedefs object_code and costlabel_map lifted out from …



@2284

7 years 
sacerdot 
PUSH finished



@2282

7 years 
sacerdot 
PUSH case almost finished



@2279

7 years 
sacerdot 
1. Bug fixed in the semantics of PUSH (no indirection performed)
2. …



@2276

7 years 
sacerdot 
…



@2272

7 years 
mulligan 
Changed proof strategy for main lemma after noticed that the current …



@2256

7 years 
mulligan 
MOV and MOVX cases complete



@2247

7 years 
mulligan 
Work on the MOV instruction from today and bug fixes in set_arg_1.



@2209

7 years 
mulligan 
Closed major daemons in the supporting lemmas of the main lemma.



@2197

7 years 
sacerdot 
Main lemmas all closed.



@2195

7 years 
mulligan 
Got AssemblyProof?.ma compiling again using daemons.



@2194

7 years 
sacerdot 
1. monotone moved to Assembly
2. some easier daemons, one shows an …



@2160

7 years 
mulligan 
Added a new scratch file Test.ma for working on lemmas that are needed …



@2157

7 years 
sacerdot 
Anticipating a proof needed before.



@2151

7 years 
sacerdot 
1. Lemmas from AssemblyProof? anticipated to Assembly.ma
2. Jaap's …



@2149

7 years 
sacerdot 
Code shuffling to proper places.



@2148

7 years 
sacerdot 
1. specification made more userfriendly for AssemblyProof?
2. no more …



@2147

7 years 
sacerdot 
Theorem closed (up to one more lemma on overflow), but new proof …



@2146

7 years 
sacerdot 
1. specification fixed again
2. the proof in AssemblyProof? is now …



@2144

7 years 
sacerdot 
1. Policy specification fixed
2. Proof of monotonicity of sigma



@2143

7 years 
mulligan 
Changes to the subaddressing mode elim functions moved into their …



@2142

7 years 
sacerdot 
Down to one daemon that requires one lemma (monotonicity of sigma).



@2138

7 years 
sacerdot 
Invariant exported from proof of assembly_ok.



@2136

7 years 
sacerdot 
…



@2135

7 years 
sacerdot 
One complex daemon changed to two simpler ones.



@2132

7 years 
sacerdot 
Two more daemons closed, one left.



@2131

7 years 
sacerdot 
No more need for functional extensionality.



@2129

7 years 
mulligan 
Large changes from today trying to complete the main theorem. Again :(



@2128

7 years 
sacerdot 
Final shuffling around



@2124

7 years 
sacerdot 
Much more shuffling around to proper places



@2122

7 years 
sacerdot 
More stuff moved around in proper places



@2121

7 years 
sacerdot 
More functions moved to the places they belong to



@2119

7 years 
sacerdot 
load_code_memory moved to Fetch.ma and proved correct w.r.t. next …



@2115

7 years 
sacerdot 
Old commented out code removed



@2113

7 years 
sacerdot 
Proof by cases repaired; dead code removed.



@2112

7 years 
sacerdot 
WARNING: this commit may break some code.
 dead/useless code removed



@2111

7 years 
sacerdot 
Cleanup: lemmas/theorems/axioms moved to the right places.



@2110

7 years 
sacerdot 
…



@2108

7 years 
mulligan 
Various axioms closed and others moved around. Uncommented main lemma …



@2078

7 years 
sacerdot 
sigma_policy_specification has been
1) strengthened
2) made nicer to …



@2075

7 years 
mulligan 
Solved conflict in AssemblyProof?



@2057

7 years 
sacerdot 
Repaired (was broken by fetch_pseudo_instruction now taking a proof …



@2032

7 years 
sacerdot 
!! BEWARE: major commit !!
1) [affects everybody]
split for …



@2024

7 years 
mulligan 
Updated AssemblyProof? to fix mismatch in definition of lookup_labels …



@2021

7 years 
sacerdot 
Proof skeleton in place. Several daemons to be closed adding invariants.



@1984

8 years 
mulligan 
Most proof obligations closed in main_lemma apart from those of the …



@1983

8 years 
mulligan 
Changes to simplify the simpler cases of the main_lemma.



@1975

8 years 
mulligan 
Work from today on closing main_thm.



@1972

8 years 
mulligan 
Simple lemma with strangely complex proof complete.



@1966

8 years 
mulligan 
Progress made on main_thm proof: trying to find a pattern to use …



@1957

8 years 
mulligan 
Stitching proofs back together after slight change in statement of …



@1955

8 years 
mulligan 
Completed proof of snd_assembly_1_pseudoinstruction_ok, modulo some …



@1953

8 years 
mulligan 
Commit to avoid conflicts.



@1952

8 years 
sacerdot 
AssemblyProof? splitted.



@1948

8 years 
mulligan 
Weakened statements of ASM/Assembly.ma and ASM/AssemblyProof.ma, so …



@1947

8 years 
sacerdot 
Failure of automation/demod investigated a little bit.



@1946

8 years 
sacerdot 
\snd half_add => add everywhere



@1945

8 years 
sacerdot 
All proof statements repaired.



@1941

8 years 
mulligan 
Changes to the AssemblyProof? with a few more (large) axioms closed.



@1939

8 years 
mulligan 
Changes to get things to compile and to avoid the dependency …



@1936

8 years 
mulligan 
Some holes filled in AssemblyProof?.ma.



@1668

8 years 
boender 
 split build_maps into build_maps and build_maps_ok
 work with CSC …



@1667

8 years 
sacerdot 
Main lemma for the main_thm of AssemblyProof? redeclared as an axiom …



@1666

8 years 
sacerdot 
PreStatus? datatype change: the code_memory field is not a left …



@1649

8 years 
boender 
 changes to Assembly for integration with Policy and easier use of …



@1616

8 years 
sacerdot 
Partially ported to new Matita syntax.
Because of some changes in …



@1607

8 years 
sacerdot 
Porting to new library.



@1484

8 years 
sacerdot 
…



@1333

8 years 
sacerdot 
Avoid using the name of the construction of jmeq.



@1045

8 years 
mulligan 
resolved conflict in rtlabs



@1043

8 years 
sacerdot 
Axiom commented out.



@1042

8 years 
sacerdot 
Dead code removed.
Slow code uncommented.



@1041

8 years 
sacerdot 
fetch_assembly is still working after bug fix



@1039

8 years 
sacerdot 
fetch_assembly_pseudo2 repaired from dependent type madness



@1037

8 years 
sacerdot 
Main theorem: comments are working again.



@1036

8 years 
sacerdot 
…



@1035

8 years 
sacerdot 
Main theorem (broken because of dependent types) almost restored.



@1015

8 years 
sacerdot 
One intermediate version of main_thm0 close to be repaired.



@1014

8 years 
sacerdot 
The main theorem is completely broken (again).



@998

8 years 
sacerdot 
Half repaired, half broken. Most functions no longer return option …



@994

8 years 
mulligan 
small changes



@993

8 years 
sacerdot 
More Russell everywhere; getting closer to the goal.



@992

8 years 
mulligan 
a few more axioms closed



@991

8 years 
mulligan 
loads of axioms related to equality on instructions closed



@989

8 years 
sacerdot 
Type of build_maps strengthened.



@988

8 years 
sacerdot 
Proof restored.



@987

8 years 
sacerdot 
Real parameterization over the policy.



@985

8 years 
sacerdot 
1) Major refactoring: proofs moved where they should be.
2) New …



@982

8 years 
boender 
 this should work (see previous commit)



@979

8 years 
sacerdot 
…



@977

8 years 
sacerdot 
#$%@#$@#$



@975

8 years 
sacerdot 
…



@972

8 years 
sacerdot 
…



@971

8 years 
sacerdot 
…



@959

8 years 
sacerdot 
…



@951

8 years 
sacerdot 
long call case completed



@950

8 years 
sacerdot 
Horrible subproof finished :)



@949

8 years 
mulligan 
resolved conflict, work from today


