

@1622

9 years 
mulligan 
to avoid conflicts, bug in typechecker?



@1621

9 years 
mulligan 
to prevent conflicts



@1620

9 years 
sacerdot 
One of the mutual cases of the open proof is practically finished.



@1619

9 years 
sacerdot 
Major advancement.



@1616

9 years 
sacerdot 
Partially ported to new Matita syntax.
Because of some changes in …



@1615

9 years 
sacerdot 
Policy now depends on Assembly and not the other way around.



@1614

9 years 
boender 
 split policy from assembly



@1613

9 years 
sacerdot 
Coercion moved to Matita standard lib.



@1609

9 years 
boender 
 added alias to ASM/BitVectorTrie
 removed double include from …



@1607

9 years 
sacerdot 
Porting to new library.



@1606

9 years 
sacerdot 
Porting to last library of Matita.



@1604

9 years 
mulligan 
for jaap



@1602

9 years 
mulligan 
giving up on fetch proofs for time being



@1600

9 years 
sacerdot 
utilities and ASM ported to the new standard library



@1599

9 years 
sacerdot 
Start of merging of stuff into the standard library of Matita.



@1598

9 years 
mulligan 
changes over the last couple of days



@1597

9 years 
mulligan 
fixed fetch for jaap



@1593

9 years 
boender 
 cleaned up Assembly, moved some definitions elsewhere



@1592

9 years 
boender 
 updated definitions to work with programs of maximum 2^{16 instructions}



@1591

9 years 
mulligan 
work from today



@1588

9 years 
sacerdot 
All goals generated by Russell for execute_1* are now closed, mostly …



@1587

9 years 
mulligan 
changes from today, including removing indexing of problematic …



@1582

9 years 
mulligan 
more added to the proof of execute_1_preinstruction  ~260 cases now …



@1581

9 years 
mulligan 
Dangling de Bruijn pointer when trying to propagate russell to set_arg_1



@1579

9 years 
mulligan 
Finished proof with simpler statement, making everything a lot nicer



@1578

9 years 
boender 
 proof of termination of policy completed (needs some cleanup work …



@1577

9 years 
mulligan 
A lot more cases added to the proof at the bottom of …



@1576

9 years 
mulligan 
big changes to proofs, just two small cases remain and a few …



@1575

9 years 
mulligan 
Changes to specifications on execute functions



@1573

9 years 
mulligan 
more complicated than it appears :(



@1571

9 years 
mulligan 
small changes



@1570

9 years 
sacerdot 
Dependent type crazyness.



@1567

9 years 
mulligan 
more work on big proof, 2.5 cases left



@1564

9 years 
sacerdot 
Commit where we use a dependently typed version of bigops.
I am now …



@1562

9 years 
mulligan 
new version of assembly, fixed conflict in positivemap.ma, changed …



@1561

9 years 
sacerdot 
More dependent types to accomodate the statement.



@1560

9 years 
sacerdot 
Complete reimplementation that:
1) assumes no code before the first …



@1558

9 years 
sacerdot 
Snapshot before moving things to ASMCosts.ma.



@1557

9 years 
sacerdot 
Byte => costlabel



@1556

9 years 
mulligan 
submitting to avoid conflicts



@1555

9 years 
boender 
 changes to assembly
 added lookup to PositiveMap?
 lightly changed …



@1554

9 years 
sacerdot 
Major progress in the proof.



@1553

9 years 
boender 
 added lookup_opt_lookup lemma



@1550

9 years 
sacerdot 
Repaired after use of Russell for execute_1.



@1549

9 years 
mulligan 
removed cruft from costsproof.ma file so claudio can work in parallel



@1548

9 years 
sacerdot 
…



@1547

9 years 
sacerdot 
Invariant on cost of one execution step strengthened.



@1544

9 years 
sacerdot 
StructuredTraces? inhabited for object code.



@1541

9 years 
mulligan 
interpret.ma now compiles



@1540

9 years 
mulligan 
changes to proof in interrupt.ma



@1538

9 years 
mulligan 
changes to execute_1_0 proof



@1534

9 years 
mulligan 
committing my changes to interpret to prevent any further conflicts



@1533

9 years 
sacerdot 
Proof of execute_1 with Russell completed (up to some daemon used before).



@1530

9 years 
campbell 
Update due to Russell changes.



@1528

9 years 
campbell 
Update most of Assembly.ma with new syntax and identifier maps.
Change …



@1527

9 years 
sacerdot 
More on Russell.



@1526

9 years 
sacerdot 
Using Russell to prove some properties.



@1524

9 years 
boender 
 adapted files to new Matita syntax



@1522

9 years 
mulligan 
changes to preamble and lin to asm pass, resolved conflict in interpret



@1521

9 years 
sacerdot 
Syntax change in Matita: change what where => change where what.



@1519

9 years 
campbell 
More syntax updates.



@1518

9 years 
campbell 
Update to new syntax.



@1516

9 years 
sacerdot 
Ported to syntax of Matita 0.99.1.



@1515

9 years 
campbell 
Add type of maps on positive binary numbers, and use them for …



@1514

9 years 
mulligan 
changes from today. matita keeps dieing



@1511

9 years 
mulligan 
proofs, added, changes to execute_1_0 function therefore required to …



@1509

9 years 
mulligan 
i hate subtraction over the nats



@1506

9 years 
mulligan 
changes to costs proof over weekend



@1503

9 years 
mulligan 
inductive type complete



@1502

9 years 
mulligan 
changes to inductive defn



@1501

9 years 
sacerdot 
We must take in account the labelled_p predicate.



@1500

9 years 
sacerdot 
Proof sketch for one of the two main proofs.



@1499

9 years 
mulligan 
part way through main statement transcription



@1498

9 years 
mulligan 
added new file for proof that costs are preserved at asm level



@1497

9 years 
mulligan 
a bit of tidying up, removing dead code, etc.



@1496

9 years 
mulligan 
problem fixed with tactics missing a semicolon to stop greedy parsing



@1495

9 years 
mulligan 
proper calculation of costs



@1494

9 years 
mulligan 
changes to get everything compiling again



@1493

9 years 
mulligan 
finished well labeled check, up to injectivity of the label map



@1487

9 years 
mulligan 
committing some code for well labelling



@1486

9 years 
mulligan 
finished asm costs



@1485

9 years 
sacerdot 
Less nice definitiion of add_with_carries that avoids a quadratic …



@1484

9 years 
sacerdot 
…



@1482

9 years 
sacerdot 
1. very long standing conflict committed (but don't ask me what the …



@1479

9 years 
boender 
 added insert_lookup_opt
 assembly compiles now



@1478

9 years 
sacerdot 
Almost completed (up to is_finals).



@1476

9 years 
sacerdot 
…



@1475

9 years 
sacerdot 
Towards the two fullexec transition systems that represent …



@1474

9 years 
mulligan 
adding missing asmcosts file for computing the costs of an assembly …



@1463

9 years 
mulligan 
added erasure for lin



@1461

9 years 
mulligan 
rewrote erasure for assembly programs



@1460

9 years 
mulligan 
most of cost label erasure for assembly language complete, with one …



@1459

9 years 
boender 
 moved stronger occurs_exactly_once lemma to its proper place in …



@1426

9 years 
boender 
removed axiom



@1424

9 years 
sacerdot 
1. fold function over BitVectorTries? moved from ERTLToLTL to …



@1417

9 years 
boender 
 proved that jumps always increase  this should make termination easy



@1416

9 years 
sacerdot 
Maps from hardware registers to beval now implemented in ASM/I8051 (in …



@1415

9 years 
sacerdot 
1. hwreg_store/retrieve no longer returns a res (but it is still …



@1404

9 years 
boender 
 reworked + added
 added an axiom to arithmetic, but should be provable



@1393

9 years 
boender 
 added invariant for policy trie to assembly
 change (syntax only) …


