

@2053

9 years 
mulligan 
Introduction changed, with many paragraphs deleted.



@2052

9 years 
mulligan 
Initial commit of proposed CPP 2012 paper on the proof of correctness …



@2051

9 years 
mulligan 
Finished the Jmp case in the main theorem.



@2049

9 years 
boender 
 progress



@2048

9 years 
boender 
 factorised jump decisions



@2047

9 years 
mulligan 
Big bugs in policy calculations found. Waiting for Jaap's commit.



@2046

9 years 
boender 
 removed old paper directory



@2045

9 years 
boender 
 renamed paper directory



@2040

9 years 
sacerdot 
Repaired using new /demod/ that allows to specify the rules to be used.



@2039

9 years 
sacerdot 
New, better interface for subaddressing_mode_elim



@2038

9 years 
sacerdot 
split => vsplit



@2037

9 years 
sacerdot 
flatten is now part of stdlib



@2036

9 years 
sacerdot 
New daemon inserted because /demod/ got worst :(



@2034

9 years 
boender 
 split Policy into three separate files for ease (and indeed …



@2032

9 years 
sacerdot 
!! BEWARE: major commit !!
1) [affects everybody]
split for …



@2028

9 years 
boender 
 bugfix to Assembly (forgotten sigma)
 added …



@2027

9 years 
mulligan 
Got the main lemma to apply in the proof of main theorem again and …



@2026

9 years 
mulligan 
Added a new file to house the main theorem as the type checking time …



@2024

9 years 
mulligan 
Updated AssemblyProof? to fix mismatch in definition of lookup_labels …



@2023

9 years 
mulligan 
Closed main lemma modulo closing trivial subgoals about commutations …



@2022

9 years 
boender 
 corrected jump calculation algorithm



@2021

9 years 
sacerdot 
Proof skeleton in place. Several daemons to be closed adding invariants.



@2020

9 years 
mulligan 
CJNE case complete, DJNZ case almost complete



@2018

9 years 
mulligan 
CJNE case a complete mess.



@2017

9 years 
mulligan 
Large swathes of proof of main lemma added.



@2015

9 years 
mulligan 
Changes following a conversation with Jaap: as it stands computation …



@2014

9 years 
mulligan 
Fixed problem in James' email message.



@2008

9 years 
boender 
 substantial closing of holes in proof



@2006

9 years 
boender 
 added alias for bitvector zero
 changed extralib bounded …



@2005

9 years 
boender 
 minor changes to make things compile with a clean checkout



@2001

9 years 
campbell 
Get the compiler to output more.



@1996

9 years 
campbell 
Work on correctness from yesterday.



@1987

9 years 
campbell 
Move BEValues to common to reflect their use in the memory model for …



@1985

9 years 
mulligan 
A single `false' case for unconditional jumps completed.



@1984

9 years 
mulligan 
Most proof obligations closed in main_lemma apart from those of the …



@1983

9 years 
mulligan 
Changes to simplify the simpler cases of the main_lemma.



@1979

9 years 
sacerdot 
Very very very tricky lemma closed. A dreadful mix of JM equality …



@1978

9 years 
sacerdot 
Two more cases completed.



@1977

9 years 
sacerdot 
Unblocked: let ... as hides two different terms, one that uses Leibniz …



@1976

9 years 
tranquil 
* monads: just changed some defs, which had to be propagated in some …



@1975

9 years 
mulligan 
Work from today on closing main_thm.



@1973

9 years 
boender 
 removed superfluous match
 displaced 'cases daemon'



@1972

9 years 
mulligan 
Simple lemma with strangely complex proof complete.



@1971

9 years 
sacerdot 
1. Interpret.ma:
we need to prove
\sigma (execute_preinstruction …



@1969

9 years 
sacerdot 
Some more progress, but now we must prove something on a Russell …



@1967

9 years 
sacerdot 
Mov case completed.



@1966

9 years 
mulligan 
Progress made on main_thm proof: trying to find a pattern to use …



@1965

9 years 
boender 
 further completed proof, changed jump_expansion' to reflect new type …



@1964

9 years 
tranquil 
introduced as_label_of_cost and adapted accordingly. Equality of cost …



@1963

9 years 
sacerdot 
More progress in restoring the original proof.



@1962

9 years 
sacerdot 
More examples are now indexed.



@1961

9 years 
sacerdot 
No more interaction required.



@1959

9 years 
mulligan 
Commented out diverging application of demodulation and closed goals …



@1958

9 years 
mulligan 
Marked divergence in StatusProofs?.ma



@1957

9 years 
mulligan 
Stitching proofs back together after slight change in statement of …



@1956

9 years 
boender 
 finished proof of lemma (where auto does strange things again)



@1955

9 years 
mulligan 
Completed proof of snd_assembly_1_pseudoinstruction_ok, modulo some …



@1953

9 years 
mulligan 
Commit to avoid conflicts.



@1952

9 years 
sacerdot 
AssemblyProof? splitted.



@1951

9 years 
sacerdot 
Bug with overloaded names in the context.



@1950

9 years 
boender 
 advances in policy



@1948

9 years 
mulligan 
Weakened statements of ASM/Assembly.ma and ASM/AssemblyProof.ma, so …



@1947

9 years 
sacerdot 
Failure of automation/demod investigated a little bit.



@1946

9 years 
sacerdot 
\snd half_add => add everywhere



@1945

9 years 
sacerdot 
All proof statements repaired.



@1944

9 years 
sacerdot 
common/StructuredTraces no longer depends on ASM/AbstractStatus (again)



@1943

9 years 
boender 
 changed 'labels okay' part of create_label_cost_map



@1942

9 years 
mulligan 
Work on showing the equivalence of two methods of looking up from the maps.



@1941

9 years 
mulligan 
Changes to the AssemblyProof? with a few more (large) axioms closed.



@1940

9 years 
boender 
 committed new version of final invariant



@1939

9 years 
mulligan 
Changes to get things to compile and to avoid the dependency …



@1938

9 years 
sacerdot 
Definitions moved to the right places, now everything compiles again.



@1937

9 years 
boender 
 filled in some of the gaps in the proof of Policy
 reverted …



@1936

9 years 
mulligan 
Some holes filled in AssemblyProof?.ma.



@1935

9 years 
mulligan 
Generalized some lemma in ASM/CostsProof.ma to work on abstract …



@1934

9 years 
boender 
 various & sundry moves of lemmas to better places
 integrated …



@1933

9 years 
boender 
 slight revamp



@1932

9 years 
boender 
 added some more dependent types (we love 'em)



@1931

9 years 
boender 
 added latest bvt alias
 temporary "cases daemon" commit of new …



@1929

9 years 
mulligan 
Simplified proof by removing most of the invariants on the statements …



@1928

9 years 
mulligan 
Moved code from in ASM/ASMCosts*.ma and ASM/CostsProof.ma that should …



@1927

9 years 
mulligan 
Reduced complexity of good_program predicate, ported to new notion of …



@1925

9 years 
boender 
 readded jump_lenggh



@1924

9 years 
mulligan 
Added comment



@1923

9 years 
mulligan 
Small change, closing daemon that went under the RADAR



@1921

9 years 
mulligan 
Horror proof mostly finished (compiles all way until end of CostsProof?.ma).



@1919

9 years 
mulligan 
Fixes to get everything compiling again



@1916

9 years 
mulligan 
Closed remaining daemons in block_cost'. Rest of file now typechecks …



@1913

9 years 
mulligan 
Got the rest of the file to typecheck as before.



@1912

9 years 
mulligan 
Patches to get block_cost' and dependencies working again after change …



@1911

9 years 
mulligan 
Changed statement of block_cost' to start on new termination argument



@1910

9 years 
mulligan 
Finished proof modulo termination argument



@1909

9 years 
mulligan 
Ported new statements to remainder of Interpret.ma file.



@1908

9 years 
fguidi 
notation fixup following last commit of matita
we shifted the levels …



@1907

9 years 
mulligan 
Fixes to get file to compile



@1906

9 years 
mulligan 
Statements simplified in block_cost and dependencies



@1905

9 years 
boender 
 plugging gap in assembly proof



@1904

9 years 
mulligan 
Problem with proof fixed by noting that problem is actually irrelevant



@1903

9 years 
mulligan 
Small changes prior to experiment



@1902

9 years 
mulligan 
Reverted needless changes to StructuredTraces?


