freescale/option.ma freescale/bool.ma
freescale/exadecim.ma freescale/bool.ma freescale/nat.ma freescale/prod.ma
+freescale/memory_struct.ma freescale/aux_bases.ma freescale/byte8.ma
freescale/prod.ma freescale/bool.ma
+freescale/status_lemmas.ma freescale/opcode_base_lemmas1.ma freescale/option_lemmas.ma freescale/prod_lemmas.ma freescale/status.ma freescale/word16_lemmas.ma
freescale/prod_lemmas.ma freescale/bool_lemmas.ma freescale/prod.ma
freescale/exadecim_lemmas.ma freescale/bool_lemmas.ma freescale/exadecim.ma
+freescale/memory_bits.ma freescale/memory_trees.ma
freescale/opcode.ma freescale/opcode_base.ma
freescale/aux_bases_lemmas.ma freescale/aux_bases.ma freescale/bool_lemmas.ma
+freescale/memory_abs.ma freescale/memory_bits.ma freescale/memory_func.ma freescale/memory_trees.ma
freescale/bool_lemmas.ma freescale/bool.ma freescale/theory.ma
freescale/table_RS08.ma freescale/opcode.ma
freescale/word32_lemmas.ma freescale/word16_lemmas.ma freescale/word32.ma
freescale/opcode_base.ma freescale/aux_bases.ma freescale/theory.ma freescale/word16.ma
freescale/nat_lemmas.ma freescale/bool_lemmas.ma freescale/nat.ma
+freescale/memory_trees.ma freescale/memory_struct.ma freescale/option.ma freescale/theory.ma freescale/word16.ma
freescale/table_HC05_tests.ma freescale/table_HC05.ma
-freescale/aux_bases.ma freescale/bool.ma freescale/nat.ma
+freescale/aux_bases.ma freescale/byte8.ma freescale/nat.ma
freescale/word16_lemmas.ma freescale/byte8_lemmas.ma freescale/word16.ma
freescale/table_HCS08.ma freescale/opcode.ma
freescale/table_HC08_tests.ma freescale/table_HC08.ma
freescale/opcode_base_lemmas_instrmode2.ma freescale/opcode_base_lemmas_instrmode1.ma
freescale/table_HCS08_tests.ma freescale/table_HCS08.ma
freescale/opcode_base_lemmas_opcode2.ma freescale/opcode_base_lemmas_opcode1.ma
+freescale/status.ma freescale/memory_abs.ma freescale/opcode_base.ma freescale/prod.ma
+freescale/option_lemmas.ma freescale/bool_lemmas.ma freescale/option.ma
freescale/table_HC05.ma freescale/opcode.ma
freescale/opcode_base_lemmas.ma freescale/bool_lemmas.ma freescale/opcode_base.ma
-freescale/option_lemmas.ma freescale/bool_lemmas.ma freescale/option.ma
freescale/word16.ma freescale/byte8.ma
+freescale/model.ma freescale/status.ma
+freescale/multivm.ma freescale/load_write.ma
+freescale/bool.ma freescale/pts.ma
freescale/nat.ma freescale/bool.ma freescale/pts.ma
freescale/table_HC08.ma freescale/opcode.ma
-freescale/bool.ma freescale/pts.ma
freescale/theory.ma freescale/pts.ma
freescale/byte8_lemmas.ma freescale/byte8.ma freescale/exadecim_lemmas.ma
freescale/pts.ma
+freescale/load_write.ma freescale/model.ma freescale/translation.ma
freescale/opcode_base_lemmas1.ma freescale/opcode_base_lemmas_instrmode2.ma freescale/opcode_base_lemmas_opcode2.ma freescale/word16_lemmas.ma
freescale/byte8.ma freescale/exadecim.ma
+freescale/translation.ma freescale/option.ma freescale/table_HC05.ma freescale/table_HC08.ma freescale/table_HCS08.ma freescale/table_RS08.ma
freescale/word32.ma freescale/word16.ma
+freescale/memory_func.ma freescale/memory_struct.ma freescale/option.ma freescale/theory.ma freescale/word16.ma
(* data ultima modifica 15/11/2007 *)
(* ********************************************************************** *)
-include "freescale/bool.ma".
+include "freescale/byte8.ma".
include "freescale/nat.ma".
(* ****** *)
| t10 ⇒ 16 | t11 ⇒ 17 | t12 ⇒ 18 | t13 ⇒ 19 | t14 ⇒ 20 | t15 ⇒ 21 | t16 ⇒ 22 | t17 ⇒ 23
| t18 ⇒ 24 | t19 ⇒ 25 | t1A ⇒ 26 | t1B ⇒ 27 | t1C ⇒ 28 | t1D ⇒ 29 | t1E ⇒ 30 | t1F ⇒ 31 ].
+ndefinition byte8_of_bitrigesim ≝
+λt:bitrigesim.
+ match t with
+ [ t00 ⇒ 〈x0,x0〉 | t01 ⇒ 〈x0,x1〉 | t02 ⇒ 〈x0,x2〉 | t03 ⇒ 〈x0,x3〉
+ | t04 ⇒ 〈x0,x4〉 | t05 ⇒ 〈x0,x5〉 | t06 ⇒ 〈x0,x6〉 | t07 ⇒ 〈x0,x7〉
+ | t08 ⇒ 〈x0,x8〉 | t09 ⇒ 〈x0,x9〉 | t0A ⇒ 〈x0,xA〉 | t0B ⇒ 〈x0,xB〉
+ | t0C ⇒ 〈x0,xC〉 | t0D ⇒ 〈x0,xD〉 | t0E ⇒ 〈x0,xE〉 | t0F ⇒ 〈x0,xF〉
+ | t10 ⇒ 〈x1,x0〉 | t11 ⇒ 〈x1,x1〉 | t12 ⇒ 〈x1,x2〉 | t13 ⇒ 〈x1,x3〉
+ | t14 ⇒ 〈x1,x4〉 | t15 ⇒ 〈x1,x5〉 | t16 ⇒ 〈x1,x6〉 | t17 ⇒ 〈x1,x7〉
+ | t18 ⇒ 〈x1,x8〉 | t19 ⇒ 〈x1,x9〉 | t1A ⇒ 〈x1,xA〉 | t1B ⇒ 〈x1,xB〉
+ | t1C ⇒ 〈x1,xC〉 | t1D ⇒ 〈x1,xD〉 | t1E ⇒ 〈x1,xE〉 | t1F ⇒ 〈x1,xF〉 ].
+
(* iteratore sui bitrigesimali *)
ndefinition forall_bitrigesim ≝ λP.
P t00 ⊗ P t01 ⊗ P t02 ⊗ P t03 ⊗ P t04 ⊗ P t05 ⊗ P t06 ⊗ P t07 ⊗
--- /dev/null
+(**************************************************************************)
+(* ___ *)
+(* ||M|| *)
+(* ||A|| A project by Andrea Asperti *)
+(* ||T|| *)
+(* ||I|| Developers: *)
+(* ||T|| The HELM team. *)
+(* ||A|| http://helm.cs.unibo.it *)
+(* \ / *)
+(* \ / This file is distributed under the terms of the *)
+(* v GNU General Public License Version 2 *)
+(* *)
+(**************************************************************************)
+
+(* ********************************************************************** *)
+(* Progetto FreeScale *)
+(* *)
+(* Sviluppato da: *)
+(* Cosimo Oliboni, oliboni@cs.unibo.it *)
+(* *)
+(* Questo materiale fa parte della tesi: *)
+(* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *)
+(* *)
+(* data ultima modifica 15/11/2007 *)
+(* ********************************************************************** *)
+
+include "freescale/model.ma".
+include "freescale/translation.ma".
+
+(* errori possibili nel fetch *)
+ninductive error_type : Type ≝
+ ILL_OP: error_type
+| ILL_FETCH_AD: error_type
+| ILL_EX_AD: error_type.
+
+ndefinition error_type_ind : ΠP:error_type → Prop.P ILL_OP → P ILL_FETCH_AD → P ILL_EX_AD → Πe:error_type.P e ≝
+λP:error_type → Prop.λp:P ILL_OP.λp1:P ILL_FETCH_AD.λp2:P ILL_EX_AD.λe:error_type.
+ match e with [ ILL_OP ⇒ p | ILL_FETCH_AD ⇒ p1 | ILL_EX_AD ⇒ p2 ].
+
+ndefinition error_type_rec : ΠP:error_type → Set.P ILL_OP → P ILL_FETCH_AD → P ILL_EX_AD → Πe:error_type.P e ≝
+λP:error_type → Set.λp:P ILL_OP.λp1:P ILL_FETCH_AD.λp2:P ILL_EX_AD.λe:error_type.
+ match e with [ ILL_OP ⇒ p | ILL_FETCH_AD ⇒ p1 | ILL_EX_AD ⇒ p2 ].
+
+ndefinition error_type_rect : ΠP:error_type → Type.P ILL_OP → P ILL_FETCH_AD → P ILL_EX_AD → Πe:error_type.P e ≝
+λP:error_type → Type.λp:P ILL_OP.λp1:P ILL_FETCH_AD.λp2:P ILL_EX_AD.λe:error_type.
+ match e with [ ILL_OP ⇒ p | ILL_FETCH_AD ⇒ p1 | ILL_EX_AD ⇒ p2 ].
+
+(* un tipo opzione ad hoc
+ - errore: interessa solo l'errore
+ - ok: interessa info e il nuovo pc
+*)
+ninductive fetch_result (A:Type) : Type ≝
+ FetchERR : error_type → fetch_result A
+| FetchOK : A → word16 → fetch_result A.
+
+ndefinition fetch_result_ind
+ : ΠA:Type.ΠP:fetch_result A → Prop.(Πn:error_type.P (FetchERR A n)) →
+ (Πa:A.Πn:word16.P (FetchOK A a n)) → Πf:fetch_result A.P f ≝
+λA:Type.λP:fetch_result A → Prop.λf:Πn:error_type.P (FetchERR A n).
+λf1:Πa:A.Πn:word16.P (FetchOK A a n).λf2:fetch_result A.
+ match f2 with [ FetchERR n ⇒ f n | FetchOK a n ⇒ f1 a n ].
+
+ndefinition fetch_result_rec
+ : ΠA:Type.ΠP:fetch_result A → Set.(Πn:error_type.P (FetchERR A n)) →
+ (Πa:A.Πn:word16.P (FetchOK A a n)) → Πf:fetch_result A.P f ≝
+λA:Type.λP:fetch_result A → Set.λf:Πn:error_type.P (FetchERR A n).
+λf1:Πa:A.Πn:word16.P (FetchOK A a n).λf2:fetch_result A.
+ match f2 with [ FetchERR n ⇒ f n | FetchOK a n ⇒ f1 a n ].
+
+ndefinition fetch_result_rect
+ : ΠA:Type.ΠP:fetch_result A → Type.(Πn:error_type.P (FetchERR A n)) →
+ (Πa:A.Πn:word16.P (FetchOK A a n)) → Πf:fetch_result A.P f ≝
+λA:Type.λP:fetch_result A → Type.λf:Πn:error_type.P (FetchERR A n).
+λf1:Πa:A.Πn:word16.P (FetchOK A a n).λf2:fetch_result A.
+ match f2 with [ FetchERR n ⇒ f n | FetchOK a n ⇒ f1 a n ].
+
+(* **************************** *)
+(* FETCH E ACCESSO ALLA MEMORIA *)
+(* **************************** *)
+
+(* ausialiaria per RS08 read *)
+(* come anticipato in status, nell'RS08 ci sono 2 registri importanti
+ memory mapped, quindi bisona intercettare la lettura.
+ NB: fare molta attenzione alle note sulle combinazioni possibili perche'
+ il comportamento della memoria nell'RS08 e' strano e ci sono
+ precise condizioni che impediscono una semantica circolare dell'accesso
+ (divergenza=assenza di definizione) *)
+ndefinition RS08_memory_filter_read_aux ≝
+λt:memory_impl.λs:any_status RS08 t.λaddr:word16.
+λT:Type.λfREG:byte8 → option T.λfMEM:aux_mem_type t → aux_chk_type t → word16 → option T.
+match s with
+ [ mk_any_status alu mem chk _ ⇒ match alu with
+ [ mk_alu_RS08 _ _ _ _ xm psm _ _ ⇒
+(*
+ possibili accessi al registro X
+ 1) addr=000F: diretto
+ 2) addr=000E (X =0F): indiretto
+ 3) addr=00CF (PS=00): paging
+
+ [NB] altre combinazioni non funzionano perche' la MCU non e' un oggetto reattivo:
+ non si possono combinare due effetti contemporaneamente!
+ per esempio accesso addr=00CE (PS=00,X=0F) non puo' produrre 2 indirezioni
+*)
+ match eq_w16 addr 〈〈x0,x0〉:〈x0,xF〉〉 ⊕
+ (eq_w16 addr 〈〈x0,x0〉:〈x0,xE〉〉 ⊗ eq_b8 xm 〈x0,xF〉) ⊕
+ (eq_w16 addr 〈〈x0,x0〉:〈xC,xF〉〉 ⊗ eq_b8 psm 〈x0,x0〉) with
+ [ true ⇒ fREG xm
+ | false ⇒
+(*
+ possibili accessi al registro PS
+ 1) addr=001F: diretto
+ 2) addr=000E (X =1F): indiretto
+ 3) addr=00DF (PS=00): paging
+*)
+ match eq_w16 addr 〈〈x0,x0〉:〈x1,xF〉〉 ⊕
+ (eq_w16 addr 〈〈x0,x0〉:〈x0,xE〉〉 ⊗ eq_b8 xm 〈x1,xF〉) ⊕
+ (eq_w16 addr 〈〈x0,x0〉:〈xD,xF〉〉 ⊗ eq_b8 psm 〈x0,x0〉) with
+ [ true ⇒ fREG psm
+ | false ⇒
+(*
+ accesso a D[X]: se accede a [00C0-00FF] e' la RAM fisica, non il paging
+ altrimenti sarebbero 2 indirezioni
+*)
+ match eq_w16 addr 〈〈x0,x0〉:〈x0,xE〉〉 with
+ [ true ⇒ fMEM mem chk 〈〈x0,x0〉:xm〉
+ | false ⇒
+(*
+ accesso al paging: [00pp pppp ppxx xxxx] con p=PS x=addr
+*)
+ match in_range addr 〈〈x0,x0〉:〈xC,x0〉〉 〈〈x0,x0〉:〈xF,xF〉〉 with
+ [ true ⇒ fMEM mem chk (or_w16 (fst ?? (shr_w16 (fst ?? (shr_w16 〈psm:〈x0,x0〉〉))))
+ (and_w16 addr 〈〈x0,x0〉:〈x3,xF〉〉))
+(*
+ accesso normale
+*)
+ | false ⇒ fMEM mem chk addr ]]]]]].
+
+(* lettura RS08 di un byte *)
+ndefinition RS08_memory_filter_read ≝
+λt:memory_impl.λs:any_status RS08 t.λaddr:word16.
+ RS08_memory_filter_read_aux t s addr byte8
+ (λb.Some byte8 b)
+ (λm:aux_mem_type t.λc:aux_chk_type t.λa:word16.mem_read t m c a).
+
+(* lettura RS08 di un bit *)
+ndefinition RS08_memory_filter_read_bit ≝
+λt:memory_impl.λs:any_status RS08 t.λaddr:word16.λsub:oct.
+ RS08_memory_filter_read_aux t s addr bool
+ (λb.Some bool (getn_array8T sub bool (bits_of_byte8 b)))
+ (λm:aux_mem_type t.λc:aux_chk_type t.λa:word16.mem_read_bit t m c a sub).
+
+(* in caso di RS08 si dirotta sul filtro, altrimenti si legge direttamente *)
+ndefinition memory_filter_read ≝
+λm:mcu_type.λt:memory_impl.match m return λm:mcu_type.any_status m t → word16 → option byte8 with
+ [ HC05 ⇒ λs:any_status HC05 t.λaddr:word16.
+ mem_read t (get_mem_desc ? t s) (get_chk_desc ? t s) addr
+ | HC08 ⇒ λs:any_status HC08 t.λaddr:word16.
+ mem_read t (get_mem_desc ? t s) (get_chk_desc ? t s) addr
+ | HCS08 ⇒ λs:any_status HCS08 t.λaddr:word16.
+ mem_read t (get_mem_desc ? t s) (get_chk_desc ? t s) addr
+ | RS08 ⇒ λs:any_status RS08 t.λaddr:word16.
+ RS08_memory_filter_read t s addr
+ ].
+
+ndefinition memory_filter_read_bit ≝
+λm:mcu_type.λt:memory_impl.match m return λm:mcu_type.any_status m t → word16 → oct → option bool with
+ [ HC05 ⇒ λs:any_status HC05 t.λaddr:word16.λsub:oct.
+ mem_read_bit t (get_mem_desc ? t s) (get_chk_desc ? t s) addr sub
+ | HC08 ⇒ λs:any_status HC08 t.λaddr:word16.λsub:oct.
+ mem_read_bit t (get_mem_desc ? t s) (get_chk_desc ? t s) addr sub
+ | HCS08 ⇒ λs:any_status HCS08 t.λaddr:word16.λsub:oct.
+ mem_read_bit t (get_mem_desc ? t s) (get_chk_desc ? t s) addr sub
+ | RS08 ⇒ λs:any_status RS08 t.λaddr:word16.λsub:oct.
+ RS08_memory_filter_read_bit t s addr sub
+ ].
+
+(* ausialiaria per RS08 write *)
+(* come anticipato in status, nell'RS08 ci sono 2 registri importanti
+ memory mapped, quindi bisona intercettare la scrittura.
+ NB: fare molta attenzione alle note sulle combinazioni possibili perche'
+ il comportamento della memoria nell'RS08 e' strano e ci sono
+ precise condizioni che impediscono una semantica circolare dell'accesso
+ (divergenza=assenza di definizione) *)
+ndefinition RS08_memory_filter_write_aux ≝
+λt:memory_impl.λs:any_status RS08 t.λaddr:word16.
+λfREG:byte8 → byte8.λfMEM:aux_mem_type t → aux_chk_type t → word16 → option (aux_mem_type t).
+match s with
+ [ mk_any_status alu mem chk clk ⇒ match alu with
+ [ mk_alu_RS08 acclow pc pcm spc xm psm zfl cfl ⇒
+(*
+ possibili accessi al registro X
+ 1) addr=000F: diretto
+ 2) addr=000E (X =0F): indiretto
+ 3) addr=00CF (PS=00): paging
+
+ [NB] altre combinazioni non funzionano perche' la MCU non e' un oggetto reattivo:
+ non si possono combinare due effetti contemporaneamente!
+ per esempio accesso addr=00CE (PS=00,X=0F) non puo' produrre 2 indirezioni
+*)
+ match eq_w16 addr 〈〈x0,x0〉:〈x0,xF〉〉 ⊕
+ (eq_w16 addr 〈〈x0,x0〉:〈x0,xE〉〉 ⊗ eq_b8 xm 〈x0,xF〉) ⊕
+ (eq_w16 addr 〈〈x0,x0〉:〈xC,xF〉〉 ⊗ eq_b8 psm 〈x0,x0〉) with
+ [ true ⇒ Some ? (mk_any_status RS08 t (mk_alu_RS08 acclow pc pcm spc (fREG xm) psm zfl cfl) mem chk clk)
+ | false ⇒
+(*
+ possibili accessi al registro PS
+ 1) addr=001F: diretto
+ 2) addr=000E (X =1F): indiretto
+ 3) addr=00DF (PS=00): paging
+*)
+ match eq_w16 addr 〈〈x0,x0〉:〈x1,xF〉〉 ⊕
+ (eq_w16 addr 〈〈x0,x0〉:〈x0,xE〉〉 ⊗ eq_b8 xm 〈x1,xF〉) ⊕
+ (eq_w16 addr 〈〈x0,x0〉:〈xD,xF〉〉 ⊗ eq_b8 psm 〈x0,x0〉) with
+ [ true ⇒ Some ? (mk_any_status RS08 t (mk_alu_RS08 acclow pc pcm spc xm (fREG psm) zfl cfl) mem chk clk)
+ | false ⇒
+(*
+ accesso a D[X]: se accede a [00C0-00FF] e' la RAM fisica, non il paging
+ altrimenti sarebbero 2 indirezioni
+*)
+ match eq_w16 addr 〈〈x0,x0〉:〈x0,xE〉〉 with
+ [ true ⇒ opt_map ?? (fMEM mem chk 〈〈x0,x0〉:xm〉)
+ (λmem'.Some ? (mk_any_status RS08 t (mk_alu_RS08 acclow pc pcm spc xm psm zfl cfl) mem' chk clk))
+
+ | false ⇒
+(*
+ accesso al paging: [00pp pppp ppxx xxxx] con p=PS x=addr
+*)
+ match in_range addr 〈〈x0,x0〉:〈xC,x0〉〉 〈〈x0,x0〉:〈xF,xF〉〉 with
+ [ true ⇒ opt_map ?? (fMEM mem chk (or_w16 (fst ?? (shr_w16 (fst ?? (shr_w16 〈psm:〈x0,x0〉〉))))
+ (and_w16 addr 〈〈x0,x0〉:〈x3,xF〉〉)))
+ (λmem'.Some ? (mk_any_status RS08 t (mk_alu_RS08 acclow pc pcm spc xm psm zfl cfl) mem' chk clk))
+(*
+ accesso normale
+*)
+ | false ⇒ opt_map ?? (fMEM mem chk addr)
+ (λmem'.Some ? (mk_any_status RS08 t (mk_alu_RS08 acclow pc pcm spc xm psm zfl cfl) mem' chk clk)) ]]]]]].
+
+(* scrittura RS08 di un byte *)
+ndefinition RS08_memory_filter_write ≝
+λt:memory_impl.λs:any_status RS08 t.λaddr:word16.λval:byte8.
+ RS08_memory_filter_write_aux t s addr
+ (λb.val)
+ (λm:aux_mem_type t.λc:aux_chk_type t.λa:word16.mem_update t m c a val).
+
+(* scrittura RS08 di un bit *)
+ndefinition RS08_memory_filter_write_bit ≝
+λt:memory_impl.λs:any_status RS08 t.λaddr:word16.λsub:oct.λval:bool.
+ RS08_memory_filter_write_aux t s addr
+ (λb.byte8_of_bits (setn_array8T sub bool (bits_of_byte8 b) val))
+ (λm:aux_mem_type t.λc:aux_chk_type t.λa:word16.mem_update_bit t m c a sub val).
+
+(* in caso di RS08 si dirotta sul filtro, altrimenti si scrive direttamente *)
+ndefinition memory_filter_write ≝
+λm:mcu_type.λt:memory_impl.match m
+ return λm:mcu_type.any_status m t → word16 → byte8 → option (any_status m t) with
+ [ HC05 ⇒ λs:any_status HC05 t.λaddr:word16.λval:byte8.
+ opt_map ?? (mem_update t (get_mem_desc ? t s) (get_chk_desc ? t s) addr val)
+ (λmem.Some ? (set_mem_desc ? t s mem))
+ | HC08 ⇒ λs:any_status HC08 t.λaddr:word16.λval:byte8.
+ opt_map ?? (mem_update t (get_mem_desc ? t s) (get_chk_desc ? t s) addr val)
+ (λmem.Some ? (set_mem_desc ? t s mem))
+ | HCS08 ⇒ λs:any_status HCS08 t.λaddr:word16.λval:byte8.
+ opt_map ?? (mem_update t (get_mem_desc ? t s) (get_chk_desc ? t s) addr val)
+ (λmem.Some ? (set_mem_desc ? t s mem))
+ | RS08 ⇒ λs:any_status RS08 t.λaddr:word16.λval:byte8.
+ RS08_memory_filter_write t s addr val
+ ].
+
+ndefinition memory_filter_write_bit ≝
+λm:mcu_type.λt:memory_impl.match m
+ return λm:mcu_type.any_status m t → word16 → oct → bool → option (any_status m t) with
+ [ HC05 ⇒ λs:any_status HC05 t.λaddr:word16.λsub:oct.λval:bool.
+ opt_map ?? (mem_update_bit t (get_mem_desc ? t s) (get_chk_desc ? t s) addr sub val)
+ (λmem.Some ? (set_mem_desc ? t s mem))
+ | HC08 ⇒ λs:any_status HC08 t.λaddr:word16.λsub:oct.λval:bool.
+ opt_map ?? (mem_update_bit t (get_mem_desc ? t s) (get_chk_desc ? t s) addr sub val)
+ (λmem.Some ? (set_mem_desc ? t s mem))
+ | HCS08 ⇒ λs:any_status HCS08 t.λaddr:word16.λsub:oct.λval:bool.
+ opt_map ?? (mem_update_bit t (get_mem_desc ? t s) (get_chk_desc ? t s) addr sub val)
+ (λmem.Some ? (set_mem_desc ? t s mem))
+ | RS08 ⇒ λs:any_status RS08 t.λaddr:word16.λsub:oct.λval:bool.
+ RS08_memory_filter_write_bit t s addr sub val
+ ].
+
+(*
+ Da utilizzarsi solo per gli aggiornamenti di PC (per il fetch),
+ NON per il caricamento degli indiretti.
+ - il caricamento degli immediati spetta al fetcher
+ (incremento progressivo di PC ciclo per ciclo, e riempimento del prefetch
+ che a questo punto DEVE poter indirizzare qualsiasi locazione puntata da PC)
+ - il caricamento degli indiretti non spetta al fetcher
+*)
+ndefinition filtered_inc_w16 ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λw:word16.
+ get_pc_reg m t (set_pc_reg m t s (succ_w16 w)).
+
+nlet rec filtered_plus_w16 (m:mcu_type) (t:memory_impl) (s:any_status m t) (w:word16) (n:nat) on n ≝
+ match n with
+ [ O ⇒ w
+ | S n' ⇒ filtered_plus_w16 m t s (filtered_inc_w16 m t s w) n' ].
+
+(*
+ errore1: non esiste traduzione ILL_OP
+ errore2: non e' riuscito a leggere ILL_FETCH_AD
+ altrimenti OK=info+new_pc
+*)
+ndefinition fetch ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ let pc ≝ get_pc_reg m t s in
+ let pc_next1 ≝ filtered_inc_w16 m t s pc in
+ let pc_next2 ≝ filtered_inc_w16 m t s pc_next1 in
+ match memory_filter_read m t s pc with
+ [ None ⇒ FetchERR ? ILL_FETCH_AD
+ | Some bh ⇒ match full_info_of_word16 m (Byte bh) with
+ (* non ha trovato una traduzione con 1 byte *)
+ [ None ⇒ match m with
+ (* HC05 non esistono op a 2 byte *)
+ [ HC05 ⇒ FetchERR ? ILL_OP
+ | HC08 ⇒ match eq_b8 bh 〈x9,xE〉 with
+ (* HC08 se il primo byte e' 0x9E il secondo puo' avere senso *)
+ [ true ⇒ match memory_filter_read m t s pc_next1 with
+ [ None ⇒ FetchERR ? ILL_FETCH_AD | Some bl ⇒ match full_info_of_word16 m (Word (mk_word16 bh bl)) with
+ [ None ⇒ FetchERR ? ILL_OP | Some info ⇒ FetchOK ? info pc_next2 ]]
+ (* HC08 se il primo byte non e' 0x9E il secondo non puo' avere senso *)
+ | false ⇒ FetchERR ? ILL_OP
+ ]
+ | HCS08 ⇒ match eq_b8 bh 〈x9,xE〉 with
+ (* HCS08 se il primo byte e' 0x9E il secondo puo' avere senso *)
+ [ true ⇒ match memory_filter_read m t s pc_next1 with
+ [ None ⇒ FetchERR ? ILL_FETCH_AD | Some bl ⇒ match full_info_of_word16 m (Word (mk_word16 bh bl)) with
+ [ None ⇒ FetchERR ? ILL_OP | Some info ⇒ FetchOK ? info pc_next2 ]]
+ (* HCS08 se il primo byte non e' 0x9E il secondo non puo' avere senso *)
+ | false ⇒ FetchERR ? ILL_OP
+ ]
+ (* RS08 non esistono op a 2 byte *)
+ | RS08 ⇒ FetchERR ? ILL_OP
+ ]
+ (* ha trovato una traduzione con 1 byte *)
+ | Some info ⇒ FetchOK ? info pc_next1 ]].
+
+(* ************************ *)
+(* MODALITA' INDIRIZZAMENTO *)
+(* ************************ *)
+
+(* mattoni base *)
+(* - incrementano l'indirizzo normalmente *)
+(* - incrementano PC attraverso il filtro *)
+
+(* lettura byte da addr *)
+ndefinition loadb_from ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λaddr:word16.λcur_pc:word16.λfetched:nat.
+ opt_map ?? (memory_filter_read m t s addr)
+ (λb.Some ? (triple ??? s b (filtered_plus_w16 m t s cur_pc fetched))).
+
+(* lettura bit da addr *)
+ndefinition loadbit_from ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λaddr:word16.λsub:oct.λcur_pc:word16.λfetched:nat.
+ opt_map ?? (memory_filter_read_bit m t s addr sub)
+ (λb.Some ? (triple ??? s b (filtered_plus_w16 m t s cur_pc fetched))).
+
+(* lettura word da addr *)
+ndefinition loadw_from ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λaddr:word16.λcur_pc:word16.λfetched:nat.
+ opt_map ?? (memory_filter_read m t s addr)
+ (λbh.opt_map ?? (memory_filter_read m t s (succ_w16 addr))
+ (λbl.Some ? (triple ??? s (mk_word16 bh bl) (filtered_plus_w16 m t s cur_pc fetched)))).
+
+(* scrittura byte su addr *)
+ndefinition writeb_to ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λaddr:word16.λcur_pc:word16.λfetched:nat.λwriteb:byte8.
+ opt_map ?? (memory_filter_write m t s addr writeb)
+ (λtmps.Some ? (pair ?? tmps (filtered_plus_w16 m t s cur_pc fetched))).
+
+(* scrittura bit su addr *)
+ndefinition writebit_to ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λaddr:word16.λsub:oct.λcur_pc:word16.λfetched:nat.λwriteb:bool.
+ opt_map ?? (memory_filter_write_bit m t s addr sub writeb)
+ (λtmps.Some ? (pair ?? tmps (filtered_plus_w16 m t s cur_pc fetched))).
+
+(* scrittura word su addr *)
+ndefinition writew_to ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λaddr:word16.λcur_pc:word16.λfetched:nat.λwritew:word16.
+ opt_map ?? (memory_filter_write m t s addr (w16h writew))
+ (λtmps1.opt_map ?? (memory_filter_write m t tmps1 (succ_w16 addr) (w16l writew))
+ (λtmps2.Some ? (pair ?? tmps2 (filtered_plus_w16 m t tmps2 cur_pc fetched)))).
+
+(* ausiliari per definire i tipi e la lettura/scrittura *)
+
+(* ausiliaria per definire il tipo di aux_load *)
+ndefinition aux_load_typing ≝
+λm:mcu_type.λt:memory_impl.λbyteflag:bool.
+ any_status m t → word16 → word16 → nat →
+ option (Prod3T (any_status m t) match byteflag with [ true ⇒ byte8 | false ⇒ word16 ] word16).
+
+(* per non dover ramificare i vari load in byte/word *)
+ndefinition aux_load ≝
+λm:mcu_type.λt:memory_impl.λbyteflag:bool.match byteflag return aux_load_typing m t with
+ [ true ⇒ loadb_from m t | false ⇒ loadw_from m t ].
+
+(* ausiliaria per definire il tipo di aux_write *)
+ndefinition aux_write_typing ≝
+λm:mcu_type.λt:memory_impl.λbyteflag:bool.
+ any_status m t → word16 → word16 → nat →
+ match byteflag with [ true ⇒ byte8 | false ⇒ word16 ] →
+ option (ProdT (any_status m t) word16).
+
+(* per non dover ramificare i vari load in byte/word *)
+ndefinition aux_write ≝
+λm:mcu_type.λt:memory_impl.λbyteflag:bool.match byteflag return aux_write_typing m t with
+ [ true ⇒ writeb_to m t | false ⇒ writew_to m t ].
+
+(* modalita' vere e proprie *)
+
+(* lettura da [curpc]: IMM1 comportamento asimmetrico, quindi non si appoggia a loadb *)
+ndefinition mode_IMM1_load ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+ opt_map ?? (memory_filter_read m t s cur_pc)
+ (λb.Some ? (triple ??? s b (filtered_inc_w16 m t s cur_pc))).
+
+(* lettura da [curpc]: IMM1 + estensione a word *)
+ndefinition mode_IMM1EXT_load ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+ opt_map ?? (memory_filter_read m t s cur_pc)
+ (λb.Some ? (triple ??? s 〈〈x0,x0〉:b〉 (filtered_inc_w16 m t s cur_pc))).
+
+(* lettura da [curpc]: IMM2 comportamento asimmetrico, quindi non si appoggia a loadw *)
+ndefinition mode_IMM2_load ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+ opt_map ?? (memory_filter_read m t s cur_pc)
+ (λbh.opt_map ?? (memory_filter_read m t s (filtered_inc_w16 m t s cur_pc))
+ (λbl.Some ? (triple ??? s (mk_word16 bh bl) (filtered_plus_w16 m t s cur_pc 2)))).
+
+(* lettura da [byte [curpc]]: true=DIR1 loadb, false=DIR1 loadw *)
+ndefinition mode_DIR1_load ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+ opt_map ?? (memory_filter_read m t s cur_pc)
+ (λaddr.(aux_load m t byteflag) s 〈〈x0,x0〉:addr〉 cur_pc 1).
+
+(* lettura da [byte [curpc]]: loadbit *)
+ndefinition mode_DIR1n_load ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.λsub:oct.
+ opt_map ?? (memory_filter_read m t s cur_pc)
+ (λaddr.loadbit_from m t s 〈〈x0,x0〉:addr〉 sub cur_pc 1).
+
+(* scrittura su [byte [curpc]]: true=DIR1 writeb, false=DIR1 writew *)
+ndefinition mode_DIR1_write ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+λwritebw:match byteflag with [ true ⇒ byte8 | false ⇒ word16 ].
+ opt_map ?? (memory_filter_read m t s cur_pc)
+ (λaddr.(aux_write m t byteflag) s 〈〈x0,x0〉:addr〉 cur_pc 1 writebw).
+
+(* scrittura su [byte [curpc]]: writebit *)
+ndefinition mode_DIR1n_write ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.λsub:oct.λwriteb:bool.
+ opt_map ?? (memory_filter_read m t s cur_pc)
+ (λaddr.writebit_to m t s 〈〈x0,x0〉:addr〉 sub cur_pc 1 writeb).
+
+(* lettura da [word [curpc]]: true=DIR2 loadb, false=DIR2 loadw *)
+ndefinition mode_DIR2_load ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+ opt_map ?? (memory_filter_read m t s cur_pc)
+ (λaddrh.opt_map ?? (memory_filter_read m t s (filtered_inc_w16 m t s cur_pc))
+ (λaddrl.(aux_load m t byteflag) s 〈addrh:addrl〉 cur_pc 2)).
+
+(* scrittura su [word [curpc]]: true=DIR2 writeb, false=DIR2 writew *)
+ndefinition mode_DIR2_write ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+λwritebw:match byteflag with [ true ⇒ byte8 | false ⇒ word16 ].
+ opt_map ?? (memory_filter_read m t s cur_pc)
+ (λaddrh.opt_map ?? (memory_filter_read m t s (filtered_inc_w16 m t s cur_pc))
+ (λaddrl.(aux_write m t byteflag) s 〈addrh:addrl〉 cur_pc 2 writebw)).
+
+ndefinition get_IX ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m with
+ [ HC05 ⇒ opt_map ?? (get_indX_8_low_reg m t s) (λindx.Some ? 〈〈x0,x0〉:indx〉)
+ | HC08 ⇒ opt_map ?? (get_indX_16_reg m t s) (λindx.Some ? indx)
+ | HCS08 ⇒ opt_map ?? (get_indX_16_reg m t s) (λindx.Some ? indx)
+ | RS08 ⇒ None ? ].
+
+(* lettura da [IX]: true=IX0 loadb, false=IX0 loadw *)
+ndefinition mode_IX0_load ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+ opt_map ?? (get_IX m t s)
+ (λaddr.(aux_load m t byteflag) s addr cur_pc 0).
+
+(* scrittura su [IX]: true=IX0 writeb, false=IX0 writew *)
+ndefinition mode_IX0_write ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+λwritebw:match byteflag with [ true ⇒ byte8 | false ⇒ word16 ].
+ opt_map ?? (get_IX m t s)
+ (λaddr.(aux_write m t byteflag) s addr cur_pc 0 writebw).
+
+(* lettura da [IX+byte [pc]]: true=IX1 loadb, false=IX1 loadw *)
+ndefinition mode_IX1_load ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+ opt_map ?? (get_IX m t s)
+ (λaddr.opt_map ?? (memory_filter_read m t s cur_pc)
+ (λoffs.(aux_load m t byteflag) s (plus_w16_d_d addr 〈〈x0,x0〉:offs〉) cur_pc 1)).
+
+(* lettura da X+[byte curpc] *)
+ndefinition mode_IX1ADD_load ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+ opt_map ?? (memory_filter_read m t s cur_pc)
+ (λb.opt_map ?? (get_IX m t s)
+ (λaddr.Some ? (triple ??? s (plus_w16_d_d addr 〈〈x0,x0〉:b〉) (filtered_inc_w16 m t s cur_pc)))).
+
+(* scrittura su [IX+byte [pc]]: true=IX1 writeb, false=IX1 writew *)
+ndefinition mode_IX1_write ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+λwritebw:match byteflag with [ true ⇒ byte8 | false ⇒ word16 ].
+ opt_map ?? (get_IX m t s)
+ (λaddr.opt_map ?? (memory_filter_read m t s cur_pc)
+ (λoffs.(aux_write m t byteflag) s (plus_w16_d_d addr 〈〈x0,x0〉:offs〉) cur_pc 1 writebw)).
+
+(* lettura da [IX+word [pc]]: true=IX2 loadb, false=IX2 loadw *)
+ndefinition mode_IX2_load ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+ opt_map ?? (get_IX m t s)
+ (λaddr.opt_map ?? (memory_filter_read m t s cur_pc)
+ (λoffsh.opt_map ?? (memory_filter_read m t s (filtered_inc_w16 m t s cur_pc))
+ (λoffsl.(aux_load m t byteflag) s (plus_w16_d_d addr 〈offsh:offsl〉) cur_pc 2))).
+
+(* lettura da X+[word curpc] *)
+ndefinition mode_IX2ADD_load ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+ opt_map ?? (memory_filter_read m t s cur_pc)
+ (λbh.opt_map ?? (memory_filter_read m t s (filtered_inc_w16 m t s cur_pc))
+ (λbl.opt_map ?? (get_IX m t s)
+ (λaddr.Some ? (triple ??? s (plus_w16_d_d addr 〈bh:bl〉) (filtered_plus_w16 m t s cur_pc 2))))).
+
+(* scrittura su [IX+word [pc]]: true=IX2 writeb, false=IX2 writew *)
+ndefinition mode_IX2_write ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+λwritebw:match byteflag with [ true ⇒ byte8 | false ⇒ word16 ].
+ opt_map ?? (get_IX m t s)
+ (λaddr.opt_map ?? (memory_filter_read m t s cur_pc)
+ (λoffsh.opt_map ?? (memory_filter_read m t s (filtered_inc_w16 m t s cur_pc))
+ (λoffsl.(aux_write m t byteflag) s (plus_w16_d_d addr 〈offsh:offsl〉) cur_pc 2 writebw))).
+
+(* lettura da [SP+byte [pc]]: true=SP1 loadb, false=SP1 loadw *)
+ndefinition mode_SP1_load ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+ opt_map ?? (get_sp_reg m t s)
+ (λaddr.opt_map ?? (memory_filter_read m t s cur_pc)
+ (λoffs.(aux_load m t byteflag) s (plus_w16_d_d addr 〈〈x0,x0〉:offs〉) cur_pc 1)).
+
+(* scrittura su [SP+byte [pc]]: true=SP1 writeb, false=SP1 writew *)
+ndefinition mode_SP1_write ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+λwritebw:match byteflag with [ true ⇒ byte8 | false ⇒ word16 ].
+ opt_map ?? (get_sp_reg m t s)
+ (λaddr.opt_map ?? (memory_filter_read m t s cur_pc)
+ (λoffs.(aux_write m t byteflag) s (plus_w16_d_d addr 〈〈x0,x0〉:offs〉) cur_pc 1 writebw)).
+
+(* lettura da [SP+word [pc]]: true=SP2 loadb, false=SP2 loadw *)
+ndefinition mode_SP2_load ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+ opt_map ?? (get_sp_reg m t s)
+ (λaddr.opt_map ?? (memory_filter_read m t s cur_pc)
+ (λoffsh.opt_map ?? (memory_filter_read m t s (filtered_inc_w16 m t s cur_pc))
+ (λoffsl.(aux_load m t byteflag) s (plus_w16_d_d addr 〈offsh:offsl〉) cur_pc 2))).
+
+(* scrittura su [SP+word [pc]]: true=SP2 writeb, false=SP2 writew *)
+ndefinition mode_SP2_write ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.
+λwritebw:match byteflag with [ true ⇒ byte8 | false ⇒ word16 ].
+ opt_map ?? (get_sp_reg m t s)
+ (λaddr.opt_map ?? (memory_filter_read m t s cur_pc)
+ (λoffsh.opt_map ?? (memory_filter_read m t s (filtered_inc_w16 m t s cur_pc))
+ (λoffsl.(aux_write m t byteflag) s (plus_w16_d_d addr 〈offsh:offsl〉) cur_pc 2 writebw))).
+
+(* ************************************** *)
+(* raccordo di tutte le possibili letture *)
+(* ************************************** *)
+
+(* H:X++ *)
+ndefinition aux_inc_indX_16 ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ opt_map ?? (get_indX_16_reg m t s)
+ (λX_op.opt_map ?? (set_indX_16_reg m t s (succ_w16 X_op))
+ (λs_tmp.Some ? s_tmp)).
+
+(* tutte le modalita' di lettura: false=loadb true=loadw *)
+ndefinition multi_mode_load ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.
+ match byteflag
+ return λbyteflag:bool.any_status m t → word16 → instr_mode →
+ option (Prod3T (any_status m t) match byteflag with [ true ⇒ byte8 | false ⇒ word16 ] word16)
+ with
+ (* lettura di un byte *)
+ [ true ⇒ λs:any_status m t.λcur_pc:word16.λi:instr_mode.match i with
+(* NO: non ci sono indicazioni *)
+ [ MODE_INH ⇒ None ?
+(* restituisce A *)
+ | MODE_INHA ⇒ Some ? (triple ??? s (get_acc_8_low_reg m t s) cur_pc)
+(* restituisce X *)
+ | MODE_INHX ⇒ opt_map ?? (get_indX_8_low_reg m t s)
+ (λindx.Some ? (triple ??? s indx cur_pc))
+(* restituisce H *)
+ | MODE_INHH ⇒ opt_map ?? (get_indX_8_high_reg m t s)
+ (λindx.Some ? (triple ??? s indx cur_pc))
+
+(* NO: solo lettura word *)
+ | MODE_INHX0ADD ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_INHX1ADD ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_INHX2ADD ⇒ None ?
+
+(* preleva 1 byte immediato *)
+ | MODE_IMM1 ⇒ mode_IMM1_load m t s cur_pc
+(* NO: solo lettura word *)
+ | MODE_IMM1EXT ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_IMM2 ⇒ None ?
+(* preleva 1 byte da indirizzo diretto 1 byte *)
+ | MODE_DIR1 ⇒ mode_DIR1_load true m t s cur_pc
+(* preleva 1 byte da indirizzo diretto 1 word *)
+ | MODE_DIR2 ⇒ mode_DIR2_load true m t s cur_pc
+(* preleva 1 byte da H:X *)
+ | MODE_IX0 ⇒ mode_IX0_load true m t s cur_pc
+(* preleva 1 byte da H:X+1 byte offset *)
+ | MODE_IX1 ⇒ mode_IX1_load true m t s cur_pc
+(* preleva 1 byte da H:X+1 word offset *)
+ | MODE_IX2 ⇒ mode_IX2_load true m t s cur_pc
+(* preleva 1 byte da SP+1 byte offset *)
+ | MODE_SP1 ⇒ mode_SP1_load true m t s cur_pc
+(* preleva 1 byte da SP+1 word offset *)
+ | MODE_SP2 ⇒ mode_SP2_load true m t s cur_pc
+
+(* come DIR1, chiamare scrittura per passo2: scrittura su DIR1 *)
+ | MODE_DIR1_to_DIR1 ⇒ mode_DIR1_load true m t s cur_pc
+(* come IMM1, chiamare scrittura per passo2: scrittura su DIR1 *)
+ | MODE_IMM1_to_DIR1 ⇒ mode_IMM1_load m t s cur_pc
+(* come IX0, chiamare scrittura per passo2: scrittura su DIR1 e X++ *)
+ | MODE_IX0p_to_DIR1 ⇒ mode_IX0_load true m t s cur_pc
+(* come DIR1, chiamare scrittura per passo2: scrittura su IX0 e X++ *)
+ | MODE_DIR1_to_IX0p ⇒ mode_DIR1_load true m t s cur_pc
+
+(* NO: solo lettura word/scrittura byte *)
+ | MODE_INHA_and_IMM1 ⇒ None ?
+(* NO: solo lettura word/scrittura byte *)
+ | MODE_INHX_and_IMM1 ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_IMM1_and_IMM1 ⇒ None ?
+(* NO: solo lettura word/scrittura byte *)
+ | MODE_DIR1_and_IMM1 ⇒ None ?
+(* NO: solo lettura word/scrittura byte *)
+ | MODE_IX0_and_IMM1 ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_IX0p_and_IMM1 ⇒ None ?
+(* NO: solo lettura word/scrittura byte *)
+ | MODE_IX1_and_IMM1 ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_IX1p_and_IMM1 ⇒ None ?
+(* NO: solo lettura word/scrittura byte *)
+ | MODE_SP1_and_IMM1 ⇒ None ?
+
+(* NO: solo scrittura byte *)
+ | MODE_DIRn _ ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_DIRn_and_IMM1 _ ⇒ None ?
+(* preleva 1 byte da 0000 0000 0000 xxxxb *)
+ | MODE_TNY e ⇒ opt_map ?? (memory_filter_read m t s 〈〈x0,x0〉:〈x0,e〉〉)
+ (λb.Some ? (triple ??? s b cur_pc))
+(* preleva 1 byte da 0000 0000 000x xxxxb *)
+ | MODE_SRT e ⇒ opt_map ?? (memory_filter_read m t s 〈〈x0,x0〉:(byte8_of_bitrigesim e)〉)
+ (λb.Some ? (triple ??? s b cur_pc))
+ ]
+(* lettura di una word *)
+ | false ⇒ λs:any_status m t.λcur_pc:word16.λi:instr_mode.match i with
+(* NO: non ci sono indicazioni *)
+ [ MODE_INH ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_INHA ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_INHX ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_INHH ⇒ None ?
+
+(* preleva 1 word immediato *)
+ | MODE_INHX0ADD ⇒ opt_map ?? (get_IX m t s)
+ (λw.Some ? (triple ??? s w cur_pc))
+(* preleva 1 word immediato *)
+ | MODE_INHX1ADD ⇒ mode_IX1ADD_load m t s cur_pc
+(* preleva 1 word immediato *)
+ | MODE_INHX2ADD ⇒ mode_IX2ADD_load m t s cur_pc
+
+(* NO: solo lettura byte *)
+ | MODE_IMM1 ⇒ None ?
+(* preleva 1 word immediato *)
+ | MODE_IMM1EXT ⇒ mode_IMM1EXT_load m t s cur_pc
+(* preleva 1 word immediato *)
+ | MODE_IMM2 ⇒ mode_IMM2_load m t s cur_pc
+(* preleva 1 word da indirizzo diretto 1 byte *)
+ | MODE_DIR1 ⇒ mode_DIR1_load false m t s cur_pc
+(* preleva 1 word da indirizzo diretto 1 word *)
+ | MODE_DIR2 ⇒ mode_DIR2_load false m t s cur_pc
+(* preleva 1 word da H:X *)
+ | MODE_IX0 ⇒ mode_IX0_load false m t s cur_pc
+(* preleva 1 word da H:X+1 byte offset *)
+ | MODE_IX1 ⇒ mode_IX1_load false m t s cur_pc
+(* preleva 1 word da H:X+1 word offset *)
+ | MODE_IX2 ⇒ mode_IX2_load false m t s cur_pc
+(* preleva 1 word da SP+1 byte offset *)
+ | MODE_SP1 ⇒ mode_SP1_load false m t s cur_pc
+(* preleva 1 word da SP+1 word offset *)
+ | MODE_SP2 ⇒ mode_SP2_load false m t s cur_pc
+
+(* NO: solo lettura/scrittura byte *)
+ | MODE_DIR1_to_DIR1 ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_IMM1_to_DIR1 ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_IX0p_to_DIR1 ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_DIR1_to_IX0p ⇒ None ?
+
+(* preleva 2 byte, possibilita' modificare Io argomento *)
+ | MODE_INHA_and_IMM1 ⇒ opt_map ?? (mode_IMM1_load m t s cur_pc)
+ (λS_immb_and_PC.match S_immb_and_PC with
+ [ triple _ immb cur_pc' ⇒
+ Some ? (triple ??? s 〈(get_acc_8_low_reg m t s):immb〉 cur_pc')])
+(* preleva 2 byte, possibilita' modificare Io argomento *)
+ | MODE_INHX_and_IMM1 ⇒ opt_map ?? (get_indX_8_low_reg m t s)
+ (λX_op.opt_map ?? (mode_IMM1_load m t s cur_pc)
+ (λS_immb_and_PC.match S_immb_and_PC with
+ [ triple _ immb cur_pc' ⇒
+ Some ? (triple ??? s 〈X_op:immb〉 cur_pc')]))
+(* preleva 2 byte, NO possibilita' modificare Io argomento *)
+ | MODE_IMM1_and_IMM1 ⇒ opt_map ?? (mode_IMM1_load m t s cur_pc)
+ (λS_immb1_and_PC.match S_immb1_and_PC with
+ [ triple _ immb1 cur_pc' ⇒
+ opt_map ?? (mode_IMM1_load m t s cur_pc')
+ (λS_immb2_and_PC.match S_immb2_and_PC with
+ [ triple _ immb2 cur_pc'' ⇒
+ Some ? (triple ??? s 〈immb1:immb2〉 cur_pc'')])])
+(* preleva 2 byte, possibilita' modificare Io argomento *)
+ | MODE_DIR1_and_IMM1 ⇒ opt_map ?? (mode_DIR1_load true m t s cur_pc)
+ (λS_dirb_and_PC.match S_dirb_and_PC with
+ [ triple _ dirb cur_pc' ⇒
+ opt_map ?? (mode_IMM1_load m t s cur_pc')
+ (λS_immb_and_PC.match S_immb_and_PC with
+ [ triple _ immb cur_pc'' ⇒
+ Some ? (triple ??? s 〈dirb:immb〉 cur_pc'')])])
+(* preleva 2 byte, possibilita' modificare Io argomento *)
+ | MODE_IX0_and_IMM1 ⇒ opt_map ?? (mode_IX0_load true m t s cur_pc)
+ (λS_ixb_and_PC.match S_ixb_and_PC with
+ [ triple _ ixb cur_pc' ⇒
+ opt_map ?? (mode_IMM1_load m t s cur_pc')
+ (λS_immb_and_PC.match S_immb_and_PC with
+ [ triple _ immb cur_pc'' ⇒
+ Some ? (triple ??? s 〈ixb:immb〉 cur_pc'')])])
+(* preleva 2 byte, H:X++, NO possibilita' modificare Io argomento *)
+ | MODE_IX0p_and_IMM1 ⇒ opt_map ?? (mode_IX0_load true m t s cur_pc)
+ (λS_ixb_and_PC.match S_ixb_and_PC with
+ [ triple _ ixb cur_pc' ⇒
+ opt_map ?? (mode_IMM1_load m t s cur_pc')
+ (λS_immb_and_PC.match S_immb_and_PC with
+ [ triple _ immb cur_pc'' ⇒
+ (* H:X++ *)
+ opt_map ?? (aux_inc_indX_16 m t s)
+ (λs'.Some ? (triple ??? s' 〈ixb:immb〉 cur_pc''))])])
+(* preleva 2 byte, possibilita' modificare Io argomento *)
+ | MODE_IX1_and_IMM1 ⇒ opt_map ?? (mode_IX1_load true m t s cur_pc)
+ (λS_ixb_and_PC.match S_ixb_and_PC with
+ [ triple _ ixb cur_pc' ⇒
+ opt_map ?? (mode_IMM1_load m t s cur_pc')
+ (λS_immb_and_PC.match S_immb_and_PC with
+ [ triple _ immb cur_pc'' ⇒
+ Some ? (triple ??? s 〈ixb:immb〉 cur_pc'')])])
+(* preleva 2 byte, H:X++, NO possibilita' modificare Io argomento *)
+ | MODE_IX1p_and_IMM1 ⇒ opt_map ?? (mode_IX1_load true m t s cur_pc)
+ (λS_ixb_and_PC.match S_ixb_and_PC with
+ [ triple _ ixb cur_pc' ⇒
+ opt_map ?? (mode_IMM1_load m t s cur_pc')
+ (λS_immb_and_PC.match S_immb_and_PC with
+ [ triple _ immb cur_pc'' ⇒
+ (* H:X++ *)
+ opt_map ?? (aux_inc_indX_16 m t s)
+ (λs'.Some ? (triple ??? s' 〈ixb:immb〉 cur_pc''))])])
+(* preleva 2 byte, possibilita' modificare Io argomento *)
+ | MODE_SP1_and_IMM1 ⇒ opt_map ?? (mode_SP1_load true m t s cur_pc)
+ (λS_spb_and_PC.match S_spb_and_PC with
+ [ triple _ spb cur_pc' ⇒
+ opt_map ?? (mode_IMM1_load m t s cur_pc')
+ (λS_immb_and_PC.match S_immb_and_PC with
+ [ triple _ immb cur_pc'' ⇒
+ Some ? (triple ??? s 〈spb:immb〉 cur_pc'')])])
+
+(* NO: solo scrittura byte *)
+ | MODE_DIRn _ ⇒ None ?
+(* preleva 2 byte, il primo e' filtrato per azzerare tutti i bit tranne n-simo *)
+ | MODE_DIRn_and_IMM1 msk ⇒ opt_map ?? (mode_DIR1n_load m t s cur_pc msk)
+ (λS_dirbn_and_PC.match S_dirbn_and_PC with
+ [ triple _ dirbn cur_pc' ⇒
+ opt_map ?? (mode_IMM1_load m t s cur_pc')
+ (λS_immb_and_PC.match S_immb_and_PC with
+ [ triple _ immb cur_pc'' ⇒
+ Some ? (triple ??? s 〈〈x0,match dirbn with [ true ⇒ x1 | false ⇒ x0 ]〉:immb〉 cur_pc'') ])])
+(* NO: solo lettura/scrittura byte *)
+ | MODE_TNY _ ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_SRT _ ⇒ None ?
+ ]
+ ].
+
+(* **************************************** *)
+(* raccordo di tutte le possibili scritture *)
+(* **************************************** *)
+
+(* tutte le modalita' di scrittura: true=writeb, false=writew *)
+ndefinition multi_mode_write ≝
+λbyteflag:bool.λm:mcu_type.λt:memory_impl.match byteflag
+ return λbyteflag:bool.any_status m t → word16 → instr_mode →
+ match byteflag with [ true ⇒ byte8 | false ⇒ word16 ] →
+ option (ProdT (any_status m t) word16) with
+ (* scrittura di un byte *)
+ [ true ⇒ λs:any_status m t.λcur_pc:word16.λi:instr_mode.λwriteb:byte8.match i with
+(* NO: non ci sono indicazioni *)
+ [ MODE_INH ⇒ None ?
+(* scrive A *)
+ | MODE_INHA ⇒ Some ? (pair ?? (set_acc_8_low_reg m t s writeb) cur_pc)
+(* scrive X *)
+ | MODE_INHX ⇒ opt_map ?? (set_indX_8_low_reg m t s writeb)
+ (λtmps.Some ? (pair ?? tmps cur_pc))
+(* scrive H *)
+ | MODE_INHH ⇒ opt_map ?? (set_indX_8_high_reg m t s writeb)
+ (λtmps.Some ? (pair ?? tmps cur_pc))
+
+(* NO: solo lettura word *)
+ | MODE_INHX0ADD ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_INHX1ADD ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_INHX2ADD ⇒ None ?
+
+(* NO: solo lettura byte *)
+ | MODE_IMM1 ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_IMM1EXT ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_IMM2 ⇒ None ?
+(* scrive 1 byte su indirizzo diretto 1 byte *)
+ | MODE_DIR1 ⇒ mode_DIR1_write true m t s cur_pc writeb
+(* scrive 1 byte su indirizzo diretto 1 word *)
+ | MODE_DIR2 ⇒ mode_DIR2_write true m t s cur_pc writeb
+(* scrive 1 byte su H:X *)
+ | MODE_IX0 ⇒ mode_IX0_write true m t s cur_pc writeb
+(* scrive 1 byte su H:X+1 byte offset *)
+ | MODE_IX1 ⇒ mode_IX1_write true m t s cur_pc writeb
+(* scrive 1 byte su H:X+1 word offset *)
+ | MODE_IX2 ⇒ mode_IX2_write true m t s cur_pc writeb
+(* scrive 1 byte su SP+1 byte offset *)
+ | MODE_SP1 ⇒ mode_SP1_write true m t s cur_pc writeb
+(* scrive 1 byte su SP+1 word offset *)
+ | MODE_SP2 ⇒ mode_SP2_write true m t s cur_pc writeb
+
+(* passo2: scrittura su DIR1, passo1: lettura da DIR1 *)
+ | MODE_DIR1_to_DIR1 ⇒ mode_DIR1_write true m t s cur_pc writeb
+(* passo2: scrittura su DIR1, passo1: lettura da IMM1 *)
+ | MODE_IMM1_to_DIR1 ⇒ mode_DIR1_write true m t s cur_pc writeb
+(* passo2: scrittura su DIR1 e X++, passo1: lettura da IX0 *)
+ | MODE_IX0p_to_DIR1 ⇒ opt_map ?? (mode_DIR1_write true m t s cur_pc writeb)
+ (λS_and_PC.match S_and_PC with [ pair S_op PC_op ⇒
+ (* H:X++ *)
+ opt_map ?? (aux_inc_indX_16 m t S_op)
+ (λS_op'.Some ? (pair ?? S_op' PC_op))])
+(* passo2: scrittura su IX0 e X++, passo1: lettura da DIR1 *)
+ | MODE_DIR1_to_IX0p ⇒ opt_map ?? (mode_IX0_write true m t s cur_pc writeb)
+ (λS_and_PC.match S_and_PC with [ pair S_op PC_op ⇒
+ (* H:X++ *)
+ opt_map ?? (aux_inc_indX_16 m t S_op)
+ (λS_op'.Some ? (pair ?? S_op' PC_op))])
+
+(* dopo aver prelevato 2 byte la possibilita' modificare Io argomento = INHA *)
+ | MODE_INHA_and_IMM1 ⇒ Some ? (pair ?? (set_acc_8_low_reg m t s writeb) cur_pc)
+(* dopo aver prelevato 2 byte la possibilita' modificare Io argomento = INHX *)
+ | MODE_INHX_and_IMM1 ⇒ opt_map ?? (set_indX_8_low_reg m t s writeb)
+ (λtmps.Some ? (pair ?? tmps cur_pc))
+(* NO: solo lettura word *)
+ | MODE_IMM1_and_IMM1 ⇒ None ?
+(* dopo aver prelevato 2 byte la possibilita' modificare Io argomento = DIR1 *)
+ | MODE_DIR1_and_IMM1 ⇒ mode_DIR1_write true m t s cur_pc writeb
+(* dopo aver prelevato 2 byte la possibilita' modificare Io argomento = IX0 *)
+ | MODE_IX0_and_IMM1 ⇒ mode_IX0_write true m t s cur_pc writeb
+(* NO: solo lettura word *)
+ | MODE_IX0p_and_IMM1 ⇒ None ?
+(* dopo aver prelevato 2 byte la possibilita' modificare Io argomento = IX1 *)
+ | MODE_IX1_and_IMM1 ⇒ mode_IX1_write true m t s cur_pc writeb
+(* NO: solo lettura word *)
+ | MODE_IX1p_and_IMM1 ⇒ None ?
+(* dopo aver prelevato 2 byte la possibilita' modificare Io argomento = SP1 *)
+ | MODE_SP1_and_IMM1 ⇒ mode_SP1_write true m t s cur_pc writeb
+
+(* scrive 1 byte, ma la scrittura avviene solo per n-simo bit = leggi/modifica bit/scrivi *)
+ | MODE_DIRn msk ⇒ mode_DIR1n_write m t s cur_pc msk (getn_array8T msk bool (bits_of_byte8 writeb))
+(* NO: solo lettura word *)
+ | MODE_DIRn_and_IMM1 _ ⇒ None ?
+(* scrive 1 byte su 0000 0000 0000 xxxxb *)
+ | MODE_TNY e ⇒ opt_map ?? (memory_filter_write m t s 〈〈x0,x0〉:〈x0,e〉〉 writeb)
+ (λtmps.Some ? (pair ?? tmps cur_pc))
+(* scrive 1 byte su 0000 0000 000x xxxxb *)
+ | MODE_SRT e ⇒ opt_map ?? (memory_filter_write m t s 〈〈x0,x0〉:(byte8_of_bitrigesim e)〉 writeb)
+ (λtmps.Some ? (pair ?? tmps cur_pc)) ]
+ (* scrittura di una word *)
+ | false ⇒ λs:any_status m t.λcur_pc:word16.λi:instr_mode.λwritew:word16.match i with
+(* NO: non ci sono indicazioni *)
+ [ MODE_INH ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_INHA ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_INHX ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_INHH ⇒ None ?
+
+(* NO: solo lettura word *)
+ | MODE_INHX0ADD ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_INHX1ADD ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_INHX2ADD ⇒ None ?
+
+(* NO: solo lettura byte *)
+ | MODE_IMM1 ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_IMM1EXT ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_IMM2 ⇒ None ?
+(* scrive 1 word su indirizzo diretto 1 byte *)
+ | MODE_DIR1 ⇒ mode_DIR1_write false m t s cur_pc writew
+(* scrive 1 word su indirizzo diretto 1 word *)
+ | MODE_DIR2 ⇒ mode_DIR2_write false m t s cur_pc writew
+(* scrive 1 word su H:X *)
+ | MODE_IX0 ⇒ mode_IX0_write false m t s cur_pc writew
+(* scrive 1 word su H:X+1 byte offset *)
+ | MODE_IX1 ⇒ mode_IX1_write false m t s cur_pc writew
+(* scrive 1 word su H:X+1 word offset *)
+ | MODE_IX2 ⇒ mode_IX2_write false m t s cur_pc writew
+(* scrive 1 word su SP+1 byte offset *)
+ | MODE_SP1 ⇒ mode_SP1_write false m t s cur_pc writew
+(* scrive 1 word su SP+1 word offset *)
+ | MODE_SP2 ⇒ mode_SP2_write false m t s cur_pc writew
+
+(* NO: solo lettura/scrittura byte *)
+ | MODE_DIR1_to_DIR1 ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_IMM1_to_DIR1 ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_IX0p_to_DIR1 ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_DIR1_to_IX0p ⇒ None ?
+
+(* NO: solo lettura word/scrittura byte *)
+ | MODE_INHA_and_IMM1 ⇒ None ?
+(* NO: solo lettura word/scrittura byte *)
+ | MODE_INHX_and_IMM1 ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_IMM1_and_IMM1 ⇒ None ?
+(* NO: solo lettura word/scrittura byte *)
+ | MODE_DIR1_and_IMM1 ⇒ None ?
+(* NO: solo lettura word/scrittura byte *)
+ | MODE_IX0_and_IMM1 ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_IX0p_and_IMM1 ⇒ None ?
+(* NO: solo lettura word/scrittura byte *)
+ | MODE_IX1_and_IMM1 ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_IX1p_and_IMM1 ⇒ None ?
+(* NO: solo lettura word/scrittura byte *)
+ | MODE_SP1_and_IMM1 ⇒ None ?
+
+(* NO: solo scrittura byte *)
+ | MODE_DIRn _ ⇒ None ?
+(* NO: solo lettura word *)
+ | MODE_DIRn_and_IMM1 _ ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_TNY _ ⇒ None ?
+(* NO: solo lettura/scrittura byte *)
+ | MODE_SRT _ ⇒ None ?
+ ]
+ ].
--- /dev/null
+(**************************************************************************)
+(* ___ *)
+(* ||M|| *)
+(* ||A|| A project by Andrea Asperti *)
+(* ||T|| *)
+(* ||I|| Developers: *)
+(* ||T|| The HELM team. *)
+(* ||A|| http://helm.cs.unibo.it *)
+(* \ / *)
+(* \ / This file is distributed under the terms of the *)
+(* v GNU General Public License Version 2 *)
+(* *)
+(**************************************************************************)
+
+(* ********************************************************************** *)
+(* Progetto FreeScale *)
+(* *)
+(* Sviluppato da: *)
+(* Cosimo Oliboni, oliboni@cs.unibo.it *)
+(* *)
+(* Questo materiale fa parte della tesi: *)
+(* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *)
+(* *)
+(* data ultima modifica 15/11/2007 *)
+(* ********************************************************************** *)
+
+include "freescale/memory_func.ma".
+include "freescale/memory_trees.ma".
+include "freescale/memory_bits.ma".
+
+(* ********************************************* *)
+(* ASTRAZIONE DALL'IMPLEMENTAZIONE DELLA MEMORIA *)
+(* ********************************************* *)
+
+(* tipi di implementazione della memoria *)
+ninductive memory_impl : Type ≝
+ MEM_FUNC: memory_impl
+| MEM_TREE: memory_impl
+| MEM_BITS: memory_impl.
+
+ndefinition memory_impl_ind : ΠP:memory_impl → Prop.P MEM_FUNC → P MEM_TREE → P MEM_BITS → Πm:memory_impl.P m ≝
+λP:memory_impl → Prop.λp:P MEM_FUNC.λp1:P MEM_TREE.λp2:P MEM_BITS.λm:memory_impl.
+ match m with [ MEM_FUNC ⇒ p | MEM_TREE ⇒ p1 | MEM_BITS ⇒ p2 ].
+
+ndefinition memory_impl_rec : ΠP:memory_impl → Set.P MEM_FUNC → P MEM_TREE → P MEM_BITS → Πm:memory_impl.P m ≝
+λP:memory_impl → Set.λp:P MEM_FUNC.λp1:P MEM_TREE.λp2:P MEM_BITS.λm:memory_impl.
+ match m with [ MEM_FUNC ⇒ p | MEM_TREE ⇒ p1 | MEM_BITS ⇒ p2 ].
+
+ndefinition memory_impl_rect : ΠP:memory_impl → Type.P MEM_FUNC → P MEM_TREE → P MEM_BITS → Πm:memory_impl.P m ≝
+λP:memory_impl → Type.λp:P MEM_FUNC.λp1:P MEM_TREE.λp2:P MEM_BITS.λm:memory_impl.
+ match m with [ MEM_FUNC ⇒ p | MEM_TREE ⇒ p1 | MEM_BITS ⇒ p2 ].
+
+(* ausiliario per il tipo della memoria *)
+ndefinition aux_mem_type ≝
+λt:memory_impl.match t with
+ [ MEM_FUNC ⇒ word16 → byte8
+ | MEM_TREE ⇒ Array16T (Array16T (Array16T (Array16T byte8)))
+ | MEM_BITS ⇒ Array16T (Array16T (Array16T (Array16T (Array8T bool))))
+ ].
+
+(* ausiliario per il tipo del checker *)
+ndefinition aux_chk_type ≝
+λt:memory_impl.match t with
+ [ MEM_FUNC ⇒ word16 → memory_type
+ | MEM_TREE ⇒ Array16T (Array16T (Array16T (Array16T memory_type)))
+ | MEM_BITS ⇒ Array16T (Array16T (Array16T (Array16T (Array8T memory_type))))
+ ].
+
+(* unificazione di out_of_bound_memory *)
+ndefinition out_of_bound_memory ≝
+λt:memory_impl.
+ match t
+ return λt.aux_chk_type t
+ with
+ [ MEM_FUNC ⇒ mf_out_of_bound_memory
+ | MEM_TREE ⇒ mt_out_of_bound_memory
+ | MEM_BITS ⇒ mb_out_of_bound_memory
+ ].
+
+(* unificazione di zero_memory *)
+ndefinition zero_memory ≝
+λt:memory_impl.
+ match t
+ return λt.aux_mem_type t
+ with
+ [ MEM_FUNC ⇒ mf_zero_memory
+ | MEM_TREE ⇒ mt_zero_memory
+ | MEM_BITS ⇒ mb_zero_memory
+ ].
+
+(* unificazione della lettura senza chk: mem_read_abs mem addr *)
+ndefinition mem_read_abs ≝
+λt:memory_impl.
+ match t
+ return λt.aux_mem_type t → word16 → byte8
+ with
+ [ MEM_FUNC ⇒ λm:aux_mem_type MEM_FUNC.
+ λaddr:word16.
+ m addr
+ | MEM_TREE ⇒ λm:aux_mem_type MEM_TREE.
+ λaddr:word16.
+ mt_visit byte8 m addr
+ | MEM_BITS ⇒ λm:aux_mem_type MEM_BITS.
+ λaddr:word16.
+ byte8_of_bits (mt_visit (Array8T bool) m addr)
+ ].
+
+(* unificazione del chk *)
+ndefinition chk_get ≝
+λt:memory_impl.λc:aux_chk_type t.λaddr:word16.
+ match t
+ return λt.aux_chk_type t → word16 → Array8T memory_type
+ with
+ [ MEM_FUNC ⇒ mf_chk_get
+ | MEM_TREE ⇒ mt_chk_get
+ | MEM_BITS ⇒ mb_chk_get
+ ] c addr.
+
+(* unificazione della lettura con chk: mem_read mem chk addr *)
+ndefinition mem_read ≝
+λt:memory_impl.λm:aux_mem_type t.λc:aux_chk_type t.λaddr:word16.
+ match t
+ return λt.aux_mem_type t → aux_chk_type t → word16 → option byte8
+ with
+ [ MEM_FUNC ⇒ mf_mem_read
+ | MEM_TREE ⇒ mt_mem_read
+ | MEM_BITS ⇒ mb_mem_read
+ ] m c addr.
+
+(* unificazione della lettura di bit con chk: mem_read mem chk addr sub *)
+ndefinition mem_read_bit ≝
+λt:memory_impl.
+ match t
+ return λt.aux_mem_type t → aux_chk_type t → word16 → oct → option bool
+ with
+ [ MEM_FUNC ⇒ λm:aux_mem_type MEM_FUNC.
+ λc:aux_chk_type MEM_FUNC.
+ λaddr:word16.
+ λo:oct.
+ opt_map ?? (mf_mem_read m c addr)
+ (λb.Some ? (getn_array8T o bool (bits_of_byte8 b)))
+ | MEM_TREE ⇒ λm:aux_mem_type MEM_TREE.
+ λc:aux_chk_type MEM_TREE.
+ λaddr:word16.
+ λo:oct.
+ opt_map ?? (mt_mem_read m c addr)
+ (λb.Some ? (getn_array8T o bool (bits_of_byte8 b)))
+ | MEM_BITS ⇒ λm:aux_mem_type MEM_BITS.
+ λc:aux_chk_type MEM_BITS.
+ λaddr:word16.
+ λo:oct.
+ mb_mem_read_bit m c addr o
+ ].
+
+(* unificazione della scrittura con chk: mem_update mem chk addr val *)
+ndefinition mem_update ≝
+λt:memory_impl.λm:aux_mem_type t.λc:aux_chk_type t.λaddr:word16.λv:byte8.
+ match t
+ return λt.aux_mem_type t → Array8T memory_type → word16 → byte8 → option (aux_mem_type t)
+ with
+ [ MEM_FUNC ⇒ mf_mem_update
+ | MEM_TREE ⇒ mt_mem_update
+ | MEM_BITS ⇒ mb_mem_update
+ ] m (chk_get t c addr) addr v.
+
+(* unificazione della scrittura di bit con chk: mem_update mem chk addr sub val *)
+ndefinition mem_update_bit ≝
+λt:memory_impl.
+ match t
+ return λt.aux_mem_type t → aux_chk_type t → word16 → oct → bool → option (aux_mem_type t)
+ with
+ [ MEM_FUNC ⇒ λm:aux_mem_type MEM_FUNC.
+ λc:aux_chk_type MEM_FUNC.
+ λaddr:word16.
+ λo:oct.
+ λv:bool.
+ opt_map ?? (mf_mem_read m c addr)
+ (λb.mf_mem_update m (chk_get MEM_FUNC c addr) addr (byte8_of_bits (setn_array8T o bool (bits_of_byte8 b) v)))
+ | MEM_TREE ⇒ λm:aux_mem_type MEM_TREE.
+ λc:aux_chk_type MEM_TREE.
+ λaddr:word16.
+ λo:oct.
+ λv:bool.
+ opt_map ?? (mt_mem_read m c addr)
+ (λb.mt_mem_update m (chk_get MEM_TREE c addr) addr (byte8_of_bits (setn_array8T o bool (bits_of_byte8 b) v)))
+ | MEM_BITS ⇒ λm:aux_mem_type MEM_BITS.
+ λc:aux_chk_type MEM_BITS.
+ λaddr:word16.
+ λo:oct.
+ λv:bool.
+ mb_mem_update_bit m c addr o v
+ ].
+
+(* unificazione del caricamento: load_from_source_at old_mem source addr *)
+ndefinition load_from_source_at ≝
+λt:memory_impl.λm:aux_mem_type t.λl:list byte8.λaddr:word16.
+ match t
+ return λt.aux_mem_type t → list byte8 → word16 → aux_mem_type t
+ with
+ [ MEM_FUNC ⇒ mf_load_from_source_at
+ | MEM_TREE ⇒ mt_load_from_source_at
+ | MEM_BITS ⇒ mb_load_from_source_at
+ ] m l addr.
+
+(* unificazione dell'impostazione della memoria: chk_update_ranged chk inf sup v *)
+ndefinition check_update_ranged ≝
+λt:memory_impl.
+ match t
+ return λt.aux_chk_type t → word16 → word16 → memory_type → aux_chk_type t
+ with
+ [ MEM_FUNC ⇒ λc:aux_chk_type MEM_FUNC.
+ λinf,sup:word16.
+ λv:memory_type.
+ mf_check_update_ranged c inf sup v
+ | MEM_TREE ⇒ λc:aux_chk_type MEM_TREE.
+ λinf,sup:word16.
+ λv:memory_type.
+ mt_update_ranged memory_type c inf sup v
+ | MEM_BITS ⇒ λc:aux_chk_type MEM_BITS.
+ λinf,sup:word16.
+ λv:memory_type.
+ mt_update_ranged (Array8T memory_type) c inf sup (array_8T memory_type v v v v v v v v)
+ ].
+
+(* unificazione dell'impostazione dei bit: chk_update_bit chk addr sub v *)
+(* NB: dove non esiste la granularita' del bit, lascio inalterato *)
+ndefinition check_update_bit ≝
+λt:memory_impl.
+ match t
+ return λt.aux_chk_type t → word16 → oct → memory_type → aux_chk_type t
+ with
+ [ MEM_FUNC ⇒ λc:aux_chk_type MEM_FUNC.
+ λaddr:word16.
+ λo:oct.
+ λv:memory_type.
+ c
+ | MEM_TREE ⇒ λc:aux_chk_type MEM_TREE.
+ λaddr:word16.
+ λo:oct.
+ λv:memory_type.
+ c
+ | MEM_BITS ⇒ λc:aux_chk_type MEM_BITS.
+ λaddr:word16.
+ λo:oct.
+ λv:memory_type.
+ mb_chk_update_bit c addr o v
+ ].
--- /dev/null
+(**************************************************************************)
+(* ___ *)
+(* ||M|| *)
+(* ||A|| A project by Andrea Asperti *)
+(* ||T|| *)
+(* ||I|| Developers: *)
+(* ||T|| The HELM team. *)
+(* ||A|| http://helm.cs.unibo.it *)
+(* \ / *)
+(* \ / This file is distributed under the terms of the *)
+(* v GNU General Public License Version 2 *)
+(* *)
+(**************************************************************************)
+
+(* ********************************************************************** *)
+(* Progetto FreeScale *)
+(* *)
+(* Sviluppato da: *)
+(* Cosimo Oliboni, oliboni@cs.unibo.it *)
+(* *)
+(* Questo materiale fa parte della tesi: *)
+(* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *)
+(* *)
+(* data ultima modifica 15/11/2007 *)
+(* ********************************************************************** *)
+
+include "freescale/memory_trees.ma".
+
+(* ********************* *)
+(* MEMORIA E DESCRITTORE *)
+(* ********************* *)
+
+(* tutta la memoria non installata *)
+ndefinition mb_out_of_bound_memory ≝
+let base ≝ array_8T memory_type MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND
+ MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND in
+let lev4 ≝ array_16T ?
+ base base base base base base base base
+ base base base base base base base base
+ in
+let lev3 ≝ array_16T ?
+ lev4 lev4 lev4 lev4 lev4 lev4 lev4 lev4
+ lev4 lev4 lev4 lev4 lev4 lev4 lev4 lev4
+ in
+let lev2 ≝ array_16T ?
+ lev3 lev3 lev3 lev3 lev3 lev3 lev3 lev3
+ lev3 lev3 lev3 lev3 lev3 lev3 lev3 lev3
+ in
+let lev1 ≝ array_16T ?
+ lev2 lev2 lev2 lev2 lev2 lev2 lev2 lev2
+ lev2 lev2 lev2 lev2 lev2 lev2 lev2 lev2
+ in
+lev1.
+
+(* tutta la memoria a 0 *)
+ndefinition mb_zero_memory ≝
+let base ≝ array_8T bool false false false false false false false false in
+let lev4 ≝ array_16T ?
+ base base base base base base base base
+ base base base base base base base base
+ in
+let lev3 ≝ array_16T ?
+ lev4 lev4 lev4 lev4 lev4 lev4 lev4 lev4
+ lev4 lev4 lev4 lev4 lev4 lev4 lev4 lev4
+ in
+let lev2 ≝ array_16T ?
+ lev3 lev3 lev3 lev3 lev3 lev3 lev3 lev3
+ lev3 lev3 lev3 lev3 lev3 lev3 lev3 lev3
+ in
+let lev1 ≝ array_16T ?
+ lev2 lev2 lev2 lev2 lev2 lev2 lev2 lev2
+ lev2 lev2 lev2 lev2 lev2 lev2 lev2 lev2
+ in
+lev1.
+
+(* scrivi bit controllando il tipo di memoria *)
+ndefinition mb_mem_update_bit ≝
+λmem:Array16T (Array16T (Array16T (Array16T (Array8T bool)))).
+λchk:Array16T (Array16T (Array16T (Array16T (Array8T memory_type)))).
+λaddr:word16.λsub:oct.λv:bool.
+ match getn_array8T sub memory_type (mt_visit (Array8T memory_type) chk addr) with
+ (* ROM? ok, ma il valore viene perso *)
+ [ MEM_READ_ONLY ⇒ Some ? mem
+ (* RAM? ok *)
+ | MEM_READ_WRITE ⇒ Some ? (mt_update (Array8T bool) mem addr (setn_array8T sub bool (mt_visit (Array8T bool) mem addr) v))
+ (* NON INSTALLATA? no *)
+ | MEM_OUT_OF_BOUND ⇒ None ? ].
+
+(* scrivi tipo di bit *)
+ndefinition mb_chk_update_bit ≝
+λchk:Array16T (Array16T (Array16T (Array16T (Array8T memory_type)))).
+λaddr:word16.λsub:oct.λv:memory_type.
+ mt_update (Array8T memory_type) chk addr (setn_array8T sub memory_type (mt_visit (Array8T memory_type) chk addr) v).
+
+(* leggi bit controllando il tipo di memoria *)
+ndefinition mb_mem_read_bit ≝
+λmem:Array16T (Array16T (Array16T (Array16T (Array8T bool)))).
+λchk:Array16T (Array16T (Array16T (Array16T (Array8T memory_type)))).
+λaddr:word16.λsub:oct.
+ match getn_array8T sub memory_type (mt_visit (Array8T memory_type) chk addr) with
+ (* ROM? ok, ma il valore viene perso *)
+ [ MEM_READ_ONLY ⇒ Some ? (getn_array8T sub bool (mt_visit (Array8T bool) mem addr))
+ (* RAM? ok *)
+ | MEM_READ_WRITE ⇒ Some ? (getn_array8T sub bool (mt_visit (Array8T bool) mem addr))
+ (* NON INSTALLATA? no *)
+ | MEM_OUT_OF_BOUND ⇒ None ? ].
+
+ndefinition mb_chk_get ≝
+λchk:Array16T (Array16T (Array16T (Array16T (Array8T memory_type)))).λaddr:word16.
+let c ≝ mt_visit (Array8T memory_type) chk addr in
+array_8T ? (getn_array8T o7 ? c) (getn_array8T o6 ? c)
+ (getn_array8T o5 ? c) (getn_array8T o4 ? c)
+ (getn_array8T o3 ? c) (getn_array8T o2 ? c)
+ (getn_array8T o1 ? c) (getn_array8T o0 ? c).
+
+(* scrivi controllando il tipo di memoria *)
+(* NB: devono esistere tutti i bit *)
+ndefinition mb_mem_update ≝
+λmem:Array16T (Array16T (Array16T (Array16T (Array8T bool)))).
+λchk:Array8T memory_type.
+λaddr:word16.λv:byte8.
+let old_value ≝ mt_visit (Array8T bool) mem addr in
+let new_value ≝ bits_of_byte8 v in
+let newbit0 ≝ match getn_array8T o0 memory_type chk with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o0 bool old_value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o0 bool new_value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit1 ≝ match getn_array8T o1 memory_type chk with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o1 bool old_value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o1 bool new_value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit2 ≝ match getn_array8T o2 memory_type chk with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o2 bool old_value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o2 bool new_value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit3 ≝ match getn_array8T o3 memory_type chk with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o3 bool old_value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o3 bool new_value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit4 ≝ match getn_array8T o4 memory_type chk with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o4 bool old_value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o4 bool new_value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit5 ≝ match getn_array8T o5 memory_type chk with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o5 bool old_value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o5 bool new_value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit6 ≝ match getn_array8T o6 memory_type chk with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o6 bool old_value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o6 bool new_value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit7 ≝ match getn_array8T o7 memory_type chk with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o7 bool old_value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o7 bool new_value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+ opt_map ?? newbit0
+ (λnb0.opt_map ?? newbit1
+ (λnb1.opt_map ?? newbit2
+ (λnb2.opt_map ?? newbit3
+ (λnb3.opt_map ?? newbit4
+ (λnb4.opt_map ?? newbit5
+ (λnb5.opt_map ?? newbit6
+ (λnb6.opt_map ?? newbit7
+ (λnb7.Some ? (mt_update (Array8T bool) mem addr (array_8T bool nb7 nb6 nb5 nb4 nb3 nb2 nb1 nb0)))))))))).
+
+(* leggi controllando il tipo di memoria *)
+(* NB: devono esistere tutti i bit *)
+ndefinition mb_mem_read ≝
+λmem:Array16T (Array16T (Array16T (Array16T (Array8T bool)))).
+λchk:Array16T (Array16T (Array16T (Array16T (Array8T memory_type)))).
+λaddr:word16.
+let bit_types ≝ mt_visit (Array8T memory_type) chk addr in
+let value ≝ mt_visit (Array8T bool) mem addr in
+let newbit0 ≝ match getn_array8T o0 memory_type bit_types with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o0 bool value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o0 bool value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit1 ≝ match getn_array8T o1 memory_type bit_types with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o1 bool value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o1 bool value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit2 ≝ match getn_array8T o2 memory_type bit_types with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o2 bool value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o2 bool value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit3 ≝ match getn_array8T o3 memory_type bit_types with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o3 bool value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o3 bool value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit4 ≝ match getn_array8T o4 memory_type bit_types with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o4 bool value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o4 bool value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit5 ≝ match getn_array8T o5 memory_type bit_types with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o5 bool value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o5 bool value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit6 ≝ match getn_array8T o6 memory_type bit_types with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o6 bool value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o6 bool value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+let newbit7 ≝ match getn_array8T o7 memory_type bit_types with
+ [ MEM_READ_ONLY ⇒ Some bool (getn_array8T o7 bool value)
+ | MEM_READ_WRITE ⇒ Some bool (getn_array8T o7 bool value)
+ | MEM_OUT_OF_BOUND ⇒ None bool ] in
+ opt_map ?? newbit0
+ (λnb0.opt_map ?? newbit1
+ (λnb1.opt_map ?? newbit2
+ (λnb2.opt_map ?? newbit3
+ (λnb3.opt_map ?? newbit4
+ (λnb4.opt_map ?? newbit5
+ (λnb5.opt_map ?? newbit6
+ (λnb6.opt_map ?? newbit7
+ (λnb7.Some ? (byte8_of_bits (array_8T bool nb7 nb6 nb5 nb4 nb3 nb2 nb1 nb0)))))))))).
+
+(* ************************** *)
+(* CARICAMENTO PROGRAMMA/DATI *)
+(* ************************** *)
+
+(* carica a paratire da addr, scartando source (pescando da old_mem) se si supera 0xFFFF... *)
+nlet rec mb_load_from_source_at (old_mem:Array16T (Array16T (Array16T (Array16T (Array8T bool)))))
+ (source:list byte8) (addr:word16) on source ≝
+match source with
+ (* fine di source: carica da old_mem *)
+ [ nil ⇒ old_mem
+ | cons hd tl ⇒ match lt_w16 addr 〈〈xF,xF〉:〈xF,xF〉〉 with
+ (* non supera 0xFFFF, ricorsione *)
+ [ true ⇒ mb_load_from_source_at (mt_update ? old_mem addr (bits_of_byte8 hd)) tl (plus_w16_d_d addr 〈〈x0,x0〉:〈x0,x1〉〉)
+ (* supera 0xFFFF, niente ricorsione *)
+ | false ⇒ mt_update ? old_mem addr (bits_of_byte8 hd)
+ ]].
--- /dev/null
+(**************************************************************************)
+(* ___ *)
+(* ||M|| *)
+(* ||A|| A project by Andrea Asperti *)
+(* ||T|| *)
+(* ||I|| Developers: *)
+(* ||T|| The HELM team. *)
+(* ||A|| http://helm.cs.unibo.it *)
+(* \ / *)
+(* \ / This file is distributed under the terms of the *)
+(* v GNU General Public License Version 2 *)
+(* *)
+(**************************************************************************)
+
+(* ********************************************************************** *)
+(* Progetto FreeScale *)
+(* *)
+(* Sviluppato da: *)
+(* Cosimo Oliboni, oliboni@cs.unibo.it *)
+(* *)
+(* Questo materiale fa parte della tesi: *)
+(* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *)
+(* *)
+(* data ultima modifica 15/11/2007 *)
+(* ********************************************************************** *)
+
+include "freescale/memory_struct.ma".
+include "freescale/word16.ma".
+include "freescale/option.ma".
+include "freescale/theory.ma".
+
+(* ********************* *)
+(* MEMORIA E DESCRITTORE *)
+(* ********************* *)
+
+(* (mf_check_update_ranged chk inf sup mode) = setta tipo memoria *)
+ndefinition mf_check_update_ranged ≝
+λf:word16 → memory_type.λi.λs.λv.
+ λx.match in_range x i s with
+ [ true ⇒ v
+ | false ⇒ f x ].
+
+(* tutta la memoria non installata *)
+ndefinition mf_out_of_bound_memory ≝ λ_:word16.MEM_OUT_OF_BOUND.
+
+ndefinition mf_chk_get ≝
+λc:word16 → memory_type.λa:word16.
+ match c a with
+ [ MEM_READ_ONLY ⇒ array_8T ? MEM_READ_ONLY MEM_READ_ONLY MEM_READ_ONLY MEM_READ_ONLY MEM_READ_ONLY MEM_READ_ONLY MEM_READ_ONLY MEM_READ_ONLY
+ | MEM_READ_WRITE ⇒ array_8T ? MEM_READ_WRITE MEM_READ_WRITE MEM_READ_WRITE MEM_READ_WRITE MEM_READ_WRITE MEM_READ_WRITE MEM_READ_WRITE MEM_READ_WRITE
+ | MEM_OUT_OF_BOUND ⇒ array_8T ? MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND
+ ].
+
+(* (mf_mem_update mem checked addr val) = scrivi controllando il tipo di memoria *)
+ndefinition mf_mem_update ≝
+λf:word16 → byte8.λc:Array8T memory_type.λa:word16.λv:byte8.
+ match getn_array8T o0 ? c with
+ (* ROM? ok, ma il valore viene perso *)
+ [ MEM_READ_ONLY ⇒ Some ? f
+ (* RAM? ok *)
+ | MEM_READ_WRITE ⇒ Some ? (λx.match eq_w16 x a with [ true ⇒ v | false ⇒ f x ])
+ (* NON INSTALLATA? no *)
+ | MEM_OUT_OF_BOUND ⇒ None ? ].
+
+(* tutta la memoria a 0 *)
+ndefinition mf_zero_memory ≝ λ_:word16.〈x0,x0〉.
+
+(* (mf_mem_read mem check addr) = leggi controllando il tipo di memoria *)
+ndefinition mf_mem_read ≝
+λf:word16 → byte8.λc:word16 → memory_type.λa.
+ match c a with
+ [ MEM_READ_ONLY ⇒ Some ? (f a)
+ | MEM_READ_WRITE ⇒ Some ? (f a)
+ | MEM_OUT_OF_BOUND ⇒ None ? ].
+
+(* ************************** *)
+(* CARICAMENTO PROGRAMMA/DATI *)
+(* ************************** *)
+
+(* carica a paratire da addr, scartando source (pescando da old_mem) se si supera 0xFFFF... *)
+nlet rec mf_load_from_source_at (old_mem:word16 → byte8) (source:list byte8) (addr:word16) on source ≝
+match source with
+ (* fine di source: carica da old_mem *)
+ [ nil ⇒ old_mem
+ | cons hd tl ⇒ λx:word16.match lt_w16 x addr with
+ (* e' prima di source: carica da old_mem *)
+ [ true ⇒ old_mem x
+ | false ⇒ match eq_w16 x addr with
+ (* la locazione corrisponde al punto corrente di source *)
+ [ true ⇒ hd
+ (* la locazione e' piu' avanti: ricorsione *)
+ | false ⇒ (mf_load_from_source_at old_mem tl (plus_w16_d_d addr 〈〈x0,x0〉:〈x0,x1〉〉)) x
+ ]
+ ]
+ ].
--- /dev/null
+(**************************************************************************)
+(* ___ *)
+(* ||M|| *)
+(* ||A|| A project by Andrea Asperti *)
+(* ||T|| *)
+(* ||I|| Developers: *)
+(* ||T|| The HELM team. *)
+(* ||A|| http://helm.cs.unibo.it *)
+(* \ / *)
+(* \ / This file is distributed under the terms of the *)
+(* v GNU General Public License Version 2 *)
+(* *)
+(**************************************************************************)
+
+(* ********************************************************************** *)
+(* Progetto FreeScale *)
+(* *)
+(* Sviluppato da: *)
+(* Cosimo Oliboni, oliboni@cs.unibo.it *)
+(* *)
+(* Questo materiale fa parte della tesi: *)
+(* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *)
+(* *)
+(* data ultima modifica 15/11/2007 *)
+(* ********************************************************************** *)
+
+include "freescale/aux_bases.ma".
+include "freescale/byte8.ma".
+
+(* **************************** *)
+(* TIPI PER I MODULI DI MEMORIA *)
+(* **************************** *)
+
+(* tipi di memoria:RAM/ROM/non installata *)
+ninductive memory_type : Type ≝
+ MEM_READ_ONLY: memory_type
+| MEM_READ_WRITE: memory_type
+| MEM_OUT_OF_BOUND: memory_type.
+
+ndefinition memory_type_ind : ΠP:memory_type → Prop.P MEM_READ_ONLY → P MEM_READ_WRITE → P MEM_OUT_OF_BOUND → Πm:memory_type.P m ≝
+λP:memory_type → Prop.λp:P MEM_READ_ONLY.λp1:P MEM_READ_WRITE.λp2:P MEM_OUT_OF_BOUND.λm:memory_type.
+ match m with [ MEM_READ_ONLY ⇒ p | MEM_READ_WRITE ⇒ p1 | MEM_OUT_OF_BOUND ⇒ p2 ].
+
+ndefinition memory_type_rec : ΠP:memory_type → Set.P MEM_READ_ONLY → P MEM_READ_WRITE → P MEM_OUT_OF_BOUND → Πm:memory_type.P m ≝
+λP:memory_type → Set.λp:P MEM_READ_ONLY.λp1:P MEM_READ_WRITE.λp2:P MEM_OUT_OF_BOUND.λm:memory_type.
+ match m with [ MEM_READ_ONLY ⇒ p | MEM_READ_WRITE ⇒ p1 | MEM_OUT_OF_BOUND ⇒ p2 ].
+
+ndefinition memory_type_rect : ΠP:memory_type → Type.P MEM_READ_ONLY → P MEM_READ_WRITE → P MEM_OUT_OF_BOUND → Πm:memory_type.P m ≝
+λP:memory_type → Type.λp:P MEM_READ_ONLY.λp1:P MEM_READ_WRITE.λp2:P MEM_OUT_OF_BOUND.λm:memory_type.
+ match m with [ MEM_READ_ONLY ⇒ p | MEM_READ_WRITE ⇒ p1 | MEM_OUT_OF_BOUND ⇒ p2 ].
+
+(* **************** *)
+(* TIPO ARRAY DA 16 *)
+(* **************** *)
+
+(* definizione di un array omogeneo di dimensione 16 *)
+ninductive Array16T (T:Type) : Type ≝
+array_16T : T → T → T → T → T → T → T → T →
+ T → T → T → T → T → T → T → T →
+ Array16T T.
+
+ndefinition Array16T_ind
+ : ΠT:Type.ΠP:Array16T T → Prop.
+ (Πt,t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15.P (array_16T T t t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15)) → Πa:Array16T T.P a ≝
+λT:Type.λP:Array16T T → Prop.
+λf:Πt,t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15.P (array_16T T t t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15).λa:Array16T T.
+ match a with [ array_16T t t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15 ⇒ f t t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15 ].
+
+ndefinition Array16T_rec
+ : ΠT:Type.ΠP:Array16T T → Set.
+ (Πt,t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15.P (array_16T T t t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15)) → Πa:Array16T T.P a ≝
+λT:Type.λP:Array16T T → Set.
+λf:Πt,t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15.P (array_16T T t t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15).λa:Array16T T.
+ match a with [ array_16T t t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15 ⇒ f t t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15 ].
+
+ndefinition Array16T_rect
+ : ΠT:Type.ΠP:Array16T T → Type.
+ (Πt,t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15.P (array_16T T t t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15)) → Πa:Array16T T.P a ≝
+λT:Type.λP:Array16T T → Type.
+λf:Πt,t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15.P (array_16T T t t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15).λa:Array16T T.
+ match a with [ array_16T t t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15 ⇒ f t t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15 ].
+
+(* abbiamo gia' gli esadecimali come tipo induttivo quindi: *)
+(* posso definire un getter a matrice sull'array *)
+ndefinition getn_array16T ≝
+λn:exadecim.λT:Type.λp:Array16T T.
+ match p with
+ [ array_16T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15 ⇒
+ match n with
+ [ x0 ⇒ e00 | x1 ⇒ e01 | x2 ⇒ e02 | x3 ⇒ e03 | x4 ⇒ e04 | x5 ⇒ e05 | x6 ⇒ e06 | x7 ⇒ e07
+ | x8 ⇒ e08 | x9 ⇒ e09 | xA ⇒ e10 | xB ⇒ e11 | xC ⇒ e12 | xD ⇒ e13 | xE ⇒ e14 | xF ⇒ e15
+ ]].
+
+(* abbiamo gia' gli esadecimali come tipo induttivo quindi: *)
+(* posso definire un setter a matrice sull'array *)
+ndefinition setn_array16T ≝
+λn:exadecim.λT:Type.λp:Array16T T.λv:T.
+ match p with
+ [ array_16T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15 ⇒
+ match n with
+ [ x0 ⇒ array_16T T v e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x1 ⇒ array_16T T e00 v e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x2 ⇒ array_16T T e00 e01 v e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x3 ⇒ array_16T T e00 e01 e02 v e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x4 ⇒ array_16T T e00 e01 e02 e03 v e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x5 ⇒ array_16T T e00 e01 e02 e03 e04 v e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x6 ⇒ array_16T T e00 e01 e02 e03 e04 e05 v e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x7 ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 v e08 e09 e10 e11 e12 e13 e14 e15
+ | x8 ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 v e09 e10 e11 e12 e13 e14 e15
+ | x9 ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 v e10 e11 e12 e13 e14 e15
+ | xA ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 v e11 e12 e13 e14 e15
+ | xB ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 v e12 e13 e14 e15
+ | xC ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 v e13 e14 e15
+ | xD ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 v e14 e15
+ | xE ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 v e15
+ | xF ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 v
+ ]].
+
+(* abbiamo gia' gli esadecimali come tipo induttivo quindi: *)
+(* posso definire un setter multiplo [m,n] a matrice sull'array *)
+ndefinition setmn_array16T ≝
+λm,n:exadecim.λT:Type.λp:Array16T T.λv:T.
+ match p with
+ [ array_16T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15 ⇒
+ match m with
+ [ x0 ⇒ match n with
+ [ x0 ⇒ array_16T T v e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x1 ⇒ array_16T T v v e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x2 ⇒ array_16T T v v v e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x3 ⇒ array_16T T v v v v e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x4 ⇒ array_16T T v v v v v e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x5 ⇒ array_16T T v v v v v v e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x6 ⇒ array_16T T v v v v v v v e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x7 ⇒ array_16T T v v v v v v v v e08 e09 e10 e11 e12 e13 e14 e15
+ | x8 ⇒ array_16T T v v v v v v v v v e09 e10 e11 e12 e13 e14 e15
+ | x9 ⇒ array_16T T v v v v v v v v v v e10 e11 e12 e13 e14 e15
+ | xA ⇒ array_16T T v v v v v v v v v v v e11 e12 e13 e14 e15
+ | xB ⇒ array_16T T v v v v v v v v v v v v e12 e13 e14 e15
+ | xC ⇒ array_16T T v v v v v v v v v v v v v e13 e14 e15
+ | xD ⇒ array_16T T v v v v v v v v v v v v v v e14 e15
+ | xE ⇒ array_16T T v v v v v v v v v v v v v v v e15
+ | xF ⇒ array_16T T v v v v v v v v v v v v v v v v ]
+ | x1 ⇒ match n with
+ [ x0 ⇒ p
+ | x1 ⇒ array_16T T e00 v e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x2 ⇒ array_16T T e00 v v e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x3 ⇒ array_16T T e00 v v v e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x4 ⇒ array_16T T e00 v v v v e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x5 ⇒ array_16T T e00 v v v v v e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x6 ⇒ array_16T T e00 v v v v v v e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x7 ⇒ array_16T T e00 v v v v v v v e08 e09 e10 e11 e12 e13 e14 e15
+ | x8 ⇒ array_16T T e00 v v v v v v v v e09 e10 e11 e12 e13 e14 e15
+ | x9 ⇒ array_16T T e00 v v v v v v v v v e10 e11 e12 e13 e14 e15
+ | xA ⇒ array_16T T e00 v v v v v v v v v v e11 e12 e13 e14 e15
+ | xB ⇒ array_16T T e00 v v v v v v v v v v v e12 e13 e14 e15
+ | xC ⇒ array_16T T e00 v v v v v v v v v v v v e13 e14 e15
+ | xD ⇒ array_16T T e00 v v v v v v v v v v v v v e14 e15
+ | xE ⇒ array_16T T e00 v v v v v v v v v v v v v v e15
+ | xF ⇒ array_16T T e00 v v v v v v v v v v v v v v v ]
+ | x2 ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p
+ | x2 ⇒ array_16T T e00 e01 v e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x3 ⇒ array_16T T e00 e01 v v e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x4 ⇒ array_16T T e00 e01 v v v e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x5 ⇒ array_16T T e00 e01 v v v v e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x6 ⇒ array_16T T e00 e01 v v v v v e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x7 ⇒ array_16T T e00 e01 v v v v v v e08 e09 e10 e11 e12 e13 e14 e15
+ | x8 ⇒ array_16T T e00 e01 v v v v v v v e09 e10 e11 e12 e13 e14 e15
+ | x9 ⇒ array_16T T e00 e01 v v v v v v v v e10 e11 e12 e13 e14 e15
+ | xA ⇒ array_16T T e00 e01 v v v v v v v v v e11 e12 e13 e14 e15
+ | xB ⇒ array_16T T e00 e01 v v v v v v v v v v e12 e13 e14 e15
+ | xC ⇒ array_16T T e00 e01 v v v v v v v v v v v e13 e14 e15
+ | xD ⇒ array_16T T e00 e01 v v v v v v v v v v v v e14 e15
+ | xE ⇒ array_16T T e00 e01 v v v v v v v v v v v v v e15
+ | xF ⇒ array_16T T e00 e01 v v v v v v v v v v v v v v ]
+ | x3 ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p | x2 ⇒ p
+ | x3 ⇒ array_16T T e00 e01 e02 v e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x4 ⇒ array_16T T e00 e01 e02 v v e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x5 ⇒ array_16T T e00 e01 e02 v v v e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x6 ⇒ array_16T T e00 e01 e02 v v v v e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x7 ⇒ array_16T T e00 e01 e02 v v v v v e08 e09 e10 e11 e12 e13 e14 e15
+ | x8 ⇒ array_16T T e00 e01 e02 v v v v v v e09 e10 e11 e12 e13 e14 e15
+ | x9 ⇒ array_16T T e00 e01 e02 v v v v v v v e10 e11 e12 e13 e14 e15
+ | xA ⇒ array_16T T e00 e01 e02 v v v v v v v v e11 e12 e13 e14 e15
+ | xB ⇒ array_16T T e00 e01 e02 v v v v v v v v v e12 e13 e14 e15
+ | xC ⇒ array_16T T e00 e01 e02 v v v v v v v v v v e13 e14 e15
+ | xD ⇒ array_16T T e00 e01 e02 v v v v v v v v v v v e14 e15
+ | xE ⇒ array_16T T e00 e01 e02 v v v v v v v v v v v v e15
+ | xF ⇒ array_16T T e00 e01 e02 v v v v v v v v v v v v v ]
+ | x4 ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p | x2 ⇒ p | x3 ⇒ p
+ | x4 ⇒ array_16T T e00 e01 e02 e03 v e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x5 ⇒ array_16T T e00 e01 e02 e03 v v e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x6 ⇒ array_16T T e00 e01 e02 e03 v v v e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x7 ⇒ array_16T T e00 e01 e02 e03 v v v v e08 e09 e10 e11 e12 e13 e14 e15
+ | x8 ⇒ array_16T T e00 e01 e02 e03 v v v v v e09 e10 e11 e12 e13 e14 e15
+ | x9 ⇒ array_16T T e00 e01 e02 e03 v v v v v v e10 e11 e12 e13 e14 e15
+ | xA ⇒ array_16T T e00 e01 e02 e03 v v v v v v v e11 e12 e13 e14 e15
+ | xB ⇒ array_16T T e00 e01 e02 e03 v v v v v v v v e12 e13 e14 e15
+ | xC ⇒ array_16T T e00 e01 e02 e03 v v v v v v v v v e13 e14 e15
+ | xD ⇒ array_16T T e00 e01 e02 e03 v v v v v v v v v v e14 e15
+ | xE ⇒ array_16T T e00 e01 e02 e03 v v v v v v v v v v v e15
+ | xF ⇒ array_16T T e00 e01 e02 e03 v v v v v v v v v v v v ]
+ | x5 ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p | x2 ⇒ p | x3 ⇒ p | x4 ⇒ p
+ | x5 ⇒ array_16T T e00 e01 e02 e03 e04 v e06 e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x6 ⇒ array_16T T e00 e01 e02 e03 e04 v v e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x7 ⇒ array_16T T e00 e01 e02 e03 e04 v v v e08 e09 e10 e11 e12 e13 e14 e15
+ | x8 ⇒ array_16T T e00 e01 e02 e03 e04 v v v v e09 e10 e11 e12 e13 e14 e15
+ | x9 ⇒ array_16T T e00 e01 e02 e03 e04 v v v v v e10 e11 e12 e13 e14 e15
+ | xA ⇒ array_16T T e00 e01 e02 e03 e04 v v v v v v e11 e12 e13 e14 e15
+ | xB ⇒ array_16T T e00 e01 e02 e03 e04 v v v v v v v e12 e13 e14 e15
+ | xC ⇒ array_16T T e00 e01 e02 e03 e04 v v v v v v v v e13 e14 e15
+ | xD ⇒ array_16T T e00 e01 e02 e03 e04 v v v v v v v v v e14 e15
+ | xE ⇒ array_16T T e00 e01 e02 e03 e04 v v v v v v v v v v e15
+ | xF ⇒ array_16T T e00 e01 e02 e03 e04 v v v v v v v v v v v ]
+ | x6 ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p | x2 ⇒ p | x3 ⇒ p | x4 ⇒ p | x5 ⇒ p
+ | x6 ⇒ array_16T T e00 e01 e02 e03 e04 e05 v e07 e08 e09 e10 e11 e12 e13 e14 e15
+ | x7 ⇒ array_16T T e00 e01 e02 e03 e04 e05 v v e08 e09 e10 e11 e12 e13 e14 e15
+ | x8 ⇒ array_16T T e00 e01 e02 e03 e04 e05 v v v e09 e10 e11 e12 e13 e14 e15
+ | x9 ⇒ array_16T T e00 e01 e02 e03 e04 e05 v v v v e10 e11 e12 e13 e14 e15
+ | xA ⇒ array_16T T e00 e01 e02 e03 e04 e05 v v v v v e11 e12 e13 e14 e15
+ | xB ⇒ array_16T T e00 e01 e02 e03 e04 e05 v v v v v v e12 e13 e14 e15
+ | xC ⇒ array_16T T e00 e01 e02 e03 e04 e05 v v v v v v v e13 e14 e15
+ | xD ⇒ array_16T T e00 e01 e02 e03 e04 e05 v v v v v v v v e14 e15
+ | xE ⇒ array_16T T e00 e01 e02 e03 e04 e05 v v v v v v v v v e15
+ | xF ⇒ array_16T T e00 e01 e02 e03 e04 e05 v v v v v v v v v v ]
+ | x7 ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p | x2 ⇒ p | x3 ⇒ p | x4 ⇒ p | x5 ⇒ p | x6 ⇒ p
+ | x7 ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 v e08 e09 e10 e11 e12 e13 e14 e15
+ | x8 ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 v v e09 e10 e11 e12 e13 e14 e15
+ | x9 ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 v v v e10 e11 e12 e13 e14 e15
+ | xA ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 v v v v e11 e12 e13 e14 e15
+ | xB ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 v v v v v e12 e13 e14 e15
+ | xC ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 v v v v v v e13 e14 e15
+ | xD ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 v v v v v v v e14 e15
+ | xE ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 v v v v v v v v e15
+ | xF ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 v v v v v v v v v ]
+ | x8 ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p | x2 ⇒ p | x3 ⇒ p | x4 ⇒ p | x5 ⇒ p | x6 ⇒ p | x7 ⇒ p
+ | x8 ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 v e09 e10 e11 e12 e13 e14 e15
+ | x9 ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 v v e10 e11 e12 e13 e14 e15
+ | xA ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 v v v e11 e12 e13 e14 e15
+ | xB ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 v v v v e12 e13 e14 e15
+ | xC ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 v v v v v e13 e14 e15
+ | xD ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 v v v v v v e14 e15
+ | xE ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 v v v v v v v e15
+ | xF ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 v v v v v v v v ]
+ | x9 ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p | x2 ⇒ p | x3 ⇒ p | x4 ⇒ p | x5 ⇒ p | x6 ⇒ p | x7 ⇒ p
+ | x8 ⇒ p
+ | x9 ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 v e10 e11 e12 e13 e14 e15
+ | xA ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 v v e11 e12 e13 e14 e15
+ | xB ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 v v v e12 e13 e14 e15
+ | xC ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 v v v v e13 e14 e15
+ | xD ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 v v v v v e14 e15
+ | xE ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 v v v v v v e15
+ | xF ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 v v v v v v v ]
+ | xA ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p | x2 ⇒ p | x3 ⇒ p | x4 ⇒ p | x5 ⇒ p | x6 ⇒ p | x7 ⇒ p
+ | x8 ⇒ p | x9 ⇒ p
+ | xA ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 v e11 e12 e13 e14 e15
+ | xB ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 v v e12 e13 e14 e15
+ | xC ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 v v v e13 e14 e15
+ | xD ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 v v v v e14 e15
+ | xE ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 v v v v v e15
+ | xF ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 v v v v v v ]
+ | xB ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p | x2 ⇒ p | x3 ⇒ p | x4 ⇒ p | x5 ⇒ p | x6 ⇒ p | x7 ⇒ p
+ | x8 ⇒ p | x9 ⇒ p | xA ⇒ p
+ | xB ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 v e12 e13 e14 e15
+ | xC ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 v v e13 e14 e15
+ | xD ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 v v v e14 e15
+ | xE ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 v v v v e15
+ | xF ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 v v v v v ]
+ | xC ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p | x2 ⇒ p | x3 ⇒ p | x4 ⇒ p | x5 ⇒ p | x6 ⇒ p | x7 ⇒ p
+ | x8 ⇒ p | x9 ⇒ p | xA ⇒ p | xB ⇒ p
+ | xC ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 v e13 e14 e15
+ | xD ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 v v e14 e15
+ | xE ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 v v v e15
+ | xF ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 v v v v ]
+ | xD ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p | x2 ⇒ p | x3 ⇒ p | x4 ⇒ p | x5 ⇒ p | x6 ⇒ p | x7 ⇒ p
+ | x8 ⇒ p | x9 ⇒ p | xA ⇒ p | xB ⇒ p | xC ⇒ p
+ | xD ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 v e14 e15
+ | xE ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 v v e15
+ | xF ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 v v v ]
+ | xE ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p | x2 ⇒ p | x3 ⇒ p | x4 ⇒ p | x5 ⇒ p | x6 ⇒ p | x7 ⇒ p
+ | x8 ⇒ p | x9 ⇒ p | xA ⇒ p | xB ⇒ p | xC ⇒ p | xD ⇒ p
+ | xE ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 v e15
+ | xF ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 v v ]
+ | xF ⇒ match n with
+ [ x0 ⇒ p | x1 ⇒ p | x2 ⇒ p | x3 ⇒ p | x4 ⇒ p | x5 ⇒ p | x6 ⇒ p | x7 ⇒ p
+ | x8 ⇒ p | x9 ⇒ p | xA ⇒ p | xB ⇒ p | xC ⇒ p | xD ⇒ p | xE ⇒ p
+ | xF ⇒ array_16T T e00 e01 e02 e03 e04 e05 e06 e07 e08 e09 e10 e11 e12 e13 e14 v ]
+ ]].
+
+(* abbiamo gia' gli esadecimali come tipo induttivo quindi: *)
+(* posso definire un setter composto [m+1,n-1] a matrice sull'array *)
+(* NB: obbiettivo evitare l'overflow *)
+ndefinition setmn_array16T_succ_pred ≝
+λm,n:exadecim.λT:Type.λp:Array16T T.λv:T.
+ match lt_ex m xF with
+ [ true ⇒ match gt_ex n x0 with
+ [ true ⇒ setmn_array16T (succ_ex m) (pred_ex n) T p v
+ | false ⇒ p
+ ]
+ | false ⇒ p
+ ].
+
+(* abbiamo gia' gli esadecimali come tipo induttivo quindi: *)
+(* posso definire un setter composto [m+1,F] a matrice sull'array *)
+(* NB: obbiettivo evitare l'overflow *)
+ndefinition setmn_array16T_succ ≝
+λm:exadecim.λT:Type.λp:Array16T T.λv:T.
+ match lt_ex m xF with
+ [ true ⇒ setmn_array16T (succ_ex m) xF T p v
+ | false ⇒ p
+ ].
+
+(* abbiamo gia' gli esadecimali come tipo induttivo quindi: *)
+(* posso definire un setter composto [0,n-1] a matrice sull'array *)
+(* NB: obbiettivo evitare l'overflow *)
+ndefinition setmn_array16T_pred ≝
+λn:exadecim.λT:Type.λp:Array16T T.λv:T.
+ match gt_ex n x0 with
+ [ true ⇒ setmn_array16T x0 (pred_ex n) T p v
+ | false ⇒ p
+ ].
+
+(* ************************** *)
+(* TIPO BYTE COME INSIEME BIT *)
+(* ************************** *)
+
+(* definizione di un byte come 8 bit *)
+ninductive Array8T (T:Type) : Type ≝
+array_8T : T → T → T → T → T → T → T → T →
+ Array8T T.
+
+ndefinition Array8T_ind
+ : ΠT:Type.ΠP:Array8T T → Prop.
+ (Πt,t1,t2,t3,t4,t5,t6,t7.P (array_8T T t t1 t2 t3 t4 t5 t6 t7)) → Πa:Array8T T.P a ≝
+λT:Type.λP:Array8T T → Prop.
+λf:Πt,t1,t2,t3,t4,t5,t6,t7.P (array_8T T t t1 t2 t3 t4 t5 t6 t7).λa:Array8T T.
+ match a with [ array_8T t t1 t2 t3 t4 t5 t6 t7 ⇒ f t t1 t2 t3 t4 t5 t6 t7 ].
+
+ndefinition Array8T_rec
+ : ΠT:Type.ΠP:Array8T T → Set.
+ (Πt,t1,t2,t3,t4,t5,t6,t7.P (array_8T T t t1 t2 t3 t4 t5 t6 t7)) → Πa:Array8T T.P a ≝
+λT:Type.λP:Array8T T → Set.
+λf:Πt,t1,t2,t3,t4,t5,t6,t7.P (array_8T T t t1 t2 t3 t4 t5 t6 t7).λa:Array8T T.
+ match a with [ array_8T t t1 t2 t3 t4 t5 t6 t7 ⇒ f t t1 t2 t3 t4 t5 t6 t7 ].
+
+ndefinition Array8T_rect
+ : ΠT:Type.ΠP:Array8T T → Type.
+ (Πt,t1,t2,t3,t4,t5,t6,t7.P (array_8T T t t1 t2 t3 t4 t5 t6 t7)) → Πa:Array8T T.P a ≝
+λT:Type.λP:Array8T T → Type.
+λf:Πt,t1,t2,t3,t4,t5,t6,t7.P (array_8T T t t1 t2 t3 t4 t5 t6 t7).λa:Array8T T.
+ match a with [ array_8T t t1 t2 t3 t4 t5 t6 t7 ⇒ f t t1 t2 t3 t4 t5 t6 t7 ].
+
+(* abbiamo gia' gli ottali come tipo induttivo quindi: *)
+(* posso definire un getter a matrice sull'array *)
+ndefinition getn_array8T ≝
+λn:oct.λT:Type.λp:Array8T T.
+ match p with
+ [ array_8T e07 e06 e05 e04 e03 e02 e01 e00 ⇒
+ match n with
+ [ o0 ⇒ e00 | o1 ⇒ e01 | o2 ⇒ e02 | o3 ⇒ e03 | o4 ⇒ e04 | o5 ⇒ e05 | o6 ⇒ e06 | o7 ⇒ e07 ]].
+
+(* abbiamo gia' gli ottali come tipo induttivo quindi: *)
+(* posso definire un setter a matrice sull'array *)
+ndefinition setn_array8T ≝
+λn:oct.λT:Type.λp:Array8T T.λv:T.
+ match p with
+ [ array_8T e07 e06 e05 e04 e03 e02 e01 e00 ⇒
+ match n with
+ [ o0 ⇒ array_8T T e07 e06 e05 e04 e03 e02 e01 v
+ | o1 ⇒ array_8T T e07 e06 e05 e04 e03 e02 v e00
+ | o2 ⇒ array_8T T e07 e06 e05 e04 e03 v e01 e00
+ | o3 ⇒ array_8T T e07 e06 e05 e04 v e02 e01 e00
+ | o4 ⇒ array_8T T e07 e06 e05 v e03 e02 e01 e00
+ | o5 ⇒ array_8T T e07 e06 v e04 e03 e02 e01 e00
+ | o6 ⇒ array_8T T e07 v e05 e04 e03 e02 e01 e00
+ | o7 ⇒ array_8T T v e06 e05 e04 e03 e02 e01 e00
+ ]].
+
+(* lettura byte *)
+ndefinition byte8_of_bits ≝
+λp:Array8T bool.
+ match p with
+ [ array_8T e07 e06 e05 e04 e03 e02 e01 e00 ⇒
+ mk_byte8
+ (or_ex (match e07 with [ true ⇒ x8 | false ⇒ x0 ])
+ (or_ex (match e06 with [ true ⇒ x4 | false ⇒ x0 ])
+ (or_ex (match e05 with [ true ⇒ x2 | false ⇒ x0 ])
+ (match e04 with [ true ⇒ x1 | false ⇒ x0 ]))))
+ (or_ex (match e03 with [ true ⇒ x8 | false ⇒ x0 ])
+ (or_ex (match e02 with [ true ⇒ x4 | false ⇒ x0 ])
+ (or_ex (match e01 with [ true ⇒ x2 | false ⇒ x0 ])
+ (match e00 with [ true ⇒ x1 | false ⇒ x0 ])))) ].
+
+(* scrittura byte *)
+ndefinition bits_of_byte8 ≝
+λp:byte8.
+ match b8h p with
+ [ x0 ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool false false false false false false false false
+ | x1 ⇒ array_8T bool false false false false false false false true
+ | x2 ⇒ array_8T bool false false false false false false true false
+ | x3 ⇒ array_8T bool false false false false false false true true
+ | x4 ⇒ array_8T bool false false false false false true false false
+ | x5 ⇒ array_8T bool false false false false false true false true
+ | x6 ⇒ array_8T bool false false false false false true true false
+ | x7 ⇒ array_8T bool false false false false false true true true
+ | x8 ⇒ array_8T bool false false false false true false false false
+ | x9 ⇒ array_8T bool false false false false true false false true
+ | xA ⇒ array_8T bool false false false false true false true false
+ | xB ⇒ array_8T bool false false false false true false true true
+ | xC ⇒ array_8T bool false false false false true true false false
+ | xD ⇒ array_8T bool false false false false true true false true
+ | xE ⇒ array_8T bool false false false false true true true false
+ | xF ⇒ array_8T bool false false false false true true true true ]
+ | x1 ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool false false false true false false false false
+ | x1 ⇒ array_8T bool false false false true false false false true
+ | x2 ⇒ array_8T bool false false false true false false true false
+ | x3 ⇒ array_8T bool false false false true false false true true
+ | x4 ⇒ array_8T bool false false false true false true false false
+ | x5 ⇒ array_8T bool false false false true false true false true
+ | x6 ⇒ array_8T bool false false false true false true true false
+ | x7 ⇒ array_8T bool false false false true false true true true
+ | x8 ⇒ array_8T bool false false false true true false false false
+ | x9 ⇒ array_8T bool false false false true true false false true
+ | xA ⇒ array_8T bool false false false true true false true false
+ | xB ⇒ array_8T bool false false false true true false true true
+ | xC ⇒ array_8T bool false false false true true true false false
+ | xD ⇒ array_8T bool false false false true true true false true
+ | xE ⇒ array_8T bool false false false true true true true false
+ | xF ⇒ array_8T bool false false false true true true true true ]
+ | x2 ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool false false true false false false false false
+ | x1 ⇒ array_8T bool false false true false false false false true
+ | x2 ⇒ array_8T bool false false true false false false true false
+ | x3 ⇒ array_8T bool false false true false false false true true
+ | x4 ⇒ array_8T bool false false true false false true false false
+ | x5 ⇒ array_8T bool false false true false false true false true
+ | x6 ⇒ array_8T bool false false true false false true true false
+ | x7 ⇒ array_8T bool false false true false false true true true
+ | x8 ⇒ array_8T bool false false true false true false false false
+ | x9 ⇒ array_8T bool false false true false true false false true
+ | xA ⇒ array_8T bool false false true false true false true false
+ | xB ⇒ array_8T bool false false true false true false true true
+ | xC ⇒ array_8T bool false false true false true true false false
+ | xD ⇒ array_8T bool false false true false true true false true
+ | xE ⇒ array_8T bool false false true false true true true false
+ | xF ⇒ array_8T bool false false true false true true true true ]
+ | x3 ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool false false true true false false false false
+ | x1 ⇒ array_8T bool false false true true false false false true
+ | x2 ⇒ array_8T bool false false true true false false true false
+ | x3 ⇒ array_8T bool false false true true false false true true
+ | x4 ⇒ array_8T bool false false true true false true false false
+ | x5 ⇒ array_8T bool false false true true false true false true
+ | x6 ⇒ array_8T bool false false true true false true true false
+ | x7 ⇒ array_8T bool false false true true false true true true
+ | x8 ⇒ array_8T bool false false true true true false false false
+ | x9 ⇒ array_8T bool false false true true true false false true
+ | xA ⇒ array_8T bool false false true true true false true false
+ | xB ⇒ array_8T bool false false true true true false true true
+ | xC ⇒ array_8T bool false false true true true true false false
+ | xD ⇒ array_8T bool false false true true true true false true
+ | xE ⇒ array_8T bool false false true true true true true false
+ | xF ⇒ array_8T bool false false true true true true true true ]
+ | x4 ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool false true false false false false false false
+ | x1 ⇒ array_8T bool false true false false false false false true
+ | x2 ⇒ array_8T bool false true false false false false true false
+ | x3 ⇒ array_8T bool false true false false false false true true
+ | x4 ⇒ array_8T bool false true false false false true false false
+ | x5 ⇒ array_8T bool false true false false false true false true
+ | x6 ⇒ array_8T bool false true false false false true true false
+ | x7 ⇒ array_8T bool false true false false false true true true
+ | x8 ⇒ array_8T bool false true false false true false false false
+ | x9 ⇒ array_8T bool false true false false true false false true
+ | xA ⇒ array_8T bool false true false false true false true false
+ | xB ⇒ array_8T bool false true false false true false true true
+ | xC ⇒ array_8T bool false true false false true true false false
+ | xD ⇒ array_8T bool false true false false true true false true
+ | xE ⇒ array_8T bool false true false false true true true false
+ | xF ⇒ array_8T bool false true false false true true true true ]
+ | x5 ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool false true false true false false false false
+ | x1 ⇒ array_8T bool false true false true false false false true
+ | x2 ⇒ array_8T bool false true false true false false true false
+ | x3 ⇒ array_8T bool false true false true false false true true
+ | x4 ⇒ array_8T bool false true false true false true false false
+ | x5 ⇒ array_8T bool false true false true false true false true
+ | x6 ⇒ array_8T bool false true false true false true true false
+ | x7 ⇒ array_8T bool false true false true false true true true
+ | x8 ⇒ array_8T bool false true false true true false false false
+ | x9 ⇒ array_8T bool false true false true true false false true
+ | xA ⇒ array_8T bool false true false true true false true false
+ | xB ⇒ array_8T bool false true false true true false true true
+ | xC ⇒ array_8T bool false true false true true true false false
+ | xD ⇒ array_8T bool false true false true true true false true
+ | xE ⇒ array_8T bool false true false true true true true false
+ | xF ⇒ array_8T bool false true false true true true true true ]
+ | x6 ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool false true true false false false false false
+ | x1 ⇒ array_8T bool false true true false false false false true
+ | x2 ⇒ array_8T bool false true true false false false true false
+ | x3 ⇒ array_8T bool false true true false false false true true
+ | x4 ⇒ array_8T bool false true true false false true false false
+ | x5 ⇒ array_8T bool false true true false false true false true
+ | x6 ⇒ array_8T bool false true true false false true true false
+ | x7 ⇒ array_8T bool false true true false false true true true
+ | x8 ⇒ array_8T bool false true true false true false false false
+ | x9 ⇒ array_8T bool false true true false true false false true
+ | xA ⇒ array_8T bool false true true false true false true false
+ | xB ⇒ array_8T bool false true true false true false true true
+ | xC ⇒ array_8T bool false true true false true true false false
+ | xD ⇒ array_8T bool false true true false true true false true
+ | xE ⇒ array_8T bool false true true false true true true false
+ | xF ⇒ array_8T bool false true true false true true true true ]
+ | x7 ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool false true true true false false false false
+ | x1 ⇒ array_8T bool false true true true false false false true
+ | x2 ⇒ array_8T bool false true true true false false true false
+ | x3 ⇒ array_8T bool false true true true false false true true
+ | x4 ⇒ array_8T bool false true true true false true false false
+ | x5 ⇒ array_8T bool false true true true false true false true
+ | x6 ⇒ array_8T bool false true true true false true true false
+ | x7 ⇒ array_8T bool false true true true false true true true
+ | x8 ⇒ array_8T bool false true true true true false false false
+ | x9 ⇒ array_8T bool false true true true true false false true
+ | xA ⇒ array_8T bool false true true true true false true false
+ | xB ⇒ array_8T bool false true true true true false true true
+ | xC ⇒ array_8T bool false true true true true true false false
+ | xD ⇒ array_8T bool false true true true true true false true
+ | xE ⇒ array_8T bool false true true true true true true false
+ | xF ⇒ array_8T bool false true true true true true true true ]
+ | x8 ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool true false false false false false false false
+ | x1 ⇒ array_8T bool true false false false false false false true
+ | x2 ⇒ array_8T bool true false false false false false true false
+ | x3 ⇒ array_8T bool true false false false false false true true
+ | x4 ⇒ array_8T bool true false false false false true false false
+ | x5 ⇒ array_8T bool true false false false false true false true
+ | x6 ⇒ array_8T bool true false false false false true true false
+ | x7 ⇒ array_8T bool true false false false false true true true
+ | x8 ⇒ array_8T bool true false false false true false false false
+ | x9 ⇒ array_8T bool true false false false true false false true
+ | xA ⇒ array_8T bool true false false false true false true false
+ | xB ⇒ array_8T bool true false false false true false true true
+ | xC ⇒ array_8T bool true false false false true true false false
+ | xD ⇒ array_8T bool true false false false true true false true
+ | xE ⇒ array_8T bool true false false false true true true false
+ | xF ⇒ array_8T bool true false false false true true true true ]
+ | x9 ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool true false false true false false false false
+ | x1 ⇒ array_8T bool true false false true false false false true
+ | x2 ⇒ array_8T bool true false false true false false true false
+ | x3 ⇒ array_8T bool true false false true false false true true
+ | x4 ⇒ array_8T bool true false false true false true false false
+ | x5 ⇒ array_8T bool true false false true false true false true
+ | x6 ⇒ array_8T bool true false false true false true true false
+ | x7 ⇒ array_8T bool true false false true false true true true
+ | x8 ⇒ array_8T bool true false false true true false false false
+ | x9 ⇒ array_8T bool true false false true true false false true
+ | xA ⇒ array_8T bool true false false true true false true false
+ | xB ⇒ array_8T bool true false false true true false true true
+ | xC ⇒ array_8T bool true false false true true true false false
+ | xD ⇒ array_8T bool true false false true true true false true
+ | xE ⇒ array_8T bool true false false true true true true false
+ | xF ⇒ array_8T bool true false false true true true true true ]
+ | xA ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool true false true false false false false false
+ | x1 ⇒ array_8T bool true false true false false false false true
+ | x2 ⇒ array_8T bool true false true false false false true false
+ | x3 ⇒ array_8T bool true false true false false false true true
+ | x4 ⇒ array_8T bool true false true false false true false false
+ | x5 ⇒ array_8T bool true false true false false true false true
+ | x6 ⇒ array_8T bool true false true false false true true false
+ | x7 ⇒ array_8T bool true false true false false true true true
+ | x8 ⇒ array_8T bool true false true false true false false false
+ | x9 ⇒ array_8T bool true false true false true false false true
+ | xA ⇒ array_8T bool true false true false true false true false
+ | xB ⇒ array_8T bool true false true false true false true true
+ | xC ⇒ array_8T bool true false true false true true false false
+ | xD ⇒ array_8T bool true false true false true true false true
+ | xE ⇒ array_8T bool true false true false true true true false
+ | xF ⇒ array_8T bool true false true false true true true true ]
+ | xB ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool true false true true false false false false
+ | x1 ⇒ array_8T bool true false true true false false false true
+ | x2 ⇒ array_8T bool true false true true false false true false
+ | x3 ⇒ array_8T bool true false true true false false true true
+ | x4 ⇒ array_8T bool true false true true false true false false
+ | x5 ⇒ array_8T bool true false true true false true false true
+ | x6 ⇒ array_8T bool true false true true false true true false
+ | x7 ⇒ array_8T bool true false true true false true true true
+ | x8 ⇒ array_8T bool true false true true true false false false
+ | x9 ⇒ array_8T bool true false true true true false false true
+ | xA ⇒ array_8T bool true false true true true false true false
+ | xB ⇒ array_8T bool true false true true true false true true
+ | xC ⇒ array_8T bool true false true true true true false false
+ | xD ⇒ array_8T bool true false true true true true false true
+ | xE ⇒ array_8T bool true false true true true true true false
+ | xF ⇒ array_8T bool true false true true true true true true ]
+ | xC ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool true true false false false false false false
+ | x1 ⇒ array_8T bool true true false false false false false true
+ | x2 ⇒ array_8T bool true true false false false false true false
+ | x3 ⇒ array_8T bool true true false false false false true true
+ | x4 ⇒ array_8T bool true true false false false true false false
+ | x5 ⇒ array_8T bool true true false false false true false true
+ | x6 ⇒ array_8T bool true true false false false true true false
+ | x7 ⇒ array_8T bool true true false false false true true true
+ | x8 ⇒ array_8T bool true true false false true false false false
+ | x9 ⇒ array_8T bool true true false false true false false true
+ | xA ⇒ array_8T bool true true false false true false true false
+ | xB ⇒ array_8T bool true true false false true false true true
+ | xC ⇒ array_8T bool true true false false true true false false
+ | xD ⇒ array_8T bool true true false false true true false true
+ | xE ⇒ array_8T bool true true false false true true true false
+ | xF ⇒ array_8T bool true true false false true true true true ]
+ | xD ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool true true false true false false false false
+ | x1 ⇒ array_8T bool true true false true false false false true
+ | x2 ⇒ array_8T bool true true false true false false true false
+ | x3 ⇒ array_8T bool true true false true false false true true
+ | x4 ⇒ array_8T bool true true false true false true false false
+ | x5 ⇒ array_8T bool true true false true false true false true
+ | x6 ⇒ array_8T bool true true false true false true true false
+ | x7 ⇒ array_8T bool true true false true false true true true
+ | x8 ⇒ array_8T bool true true false true true false false false
+ | x9 ⇒ array_8T bool true true false true true false false true
+ | xA ⇒ array_8T bool true true false true true false true false
+ | xB ⇒ array_8T bool true true false true true false true true
+ | xC ⇒ array_8T bool true true false true true true false false
+ | xD ⇒ array_8T bool true true false true true true false true
+ | xE ⇒ array_8T bool true true false true true true true false
+ | xF ⇒ array_8T bool true true false true true true true true ]
+ | xE ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool true true true false false false false false
+ | x1 ⇒ array_8T bool true true true false false false false true
+ | x2 ⇒ array_8T bool true true true false false false true false
+ | x3 ⇒ array_8T bool true true true false false false true true
+ | x4 ⇒ array_8T bool true true true false false true false false
+ | x5 ⇒ array_8T bool true true true false false true false true
+ | x6 ⇒ array_8T bool true true true false false true true false
+ | x7 ⇒ array_8T bool true true true false false true true true
+ | x8 ⇒ array_8T bool true true true false true false false false
+ | x9 ⇒ array_8T bool true true true false true false false true
+ | xA ⇒ array_8T bool true true true false true false true false
+ | xB ⇒ array_8T bool true true true false true false true true
+ | xC ⇒ array_8T bool true true true false true true false false
+ | xD ⇒ array_8T bool true true true false true true false true
+ | xE ⇒ array_8T bool true true true false true true true false
+ | xF ⇒ array_8T bool true true true false true true true true ]
+ | xF ⇒ match b8l p with
+ [ x0 ⇒ array_8T bool true true true true false false false false
+ | x1 ⇒ array_8T bool true true true true false false false true
+ | x2 ⇒ array_8T bool true true true true false false true false
+ | x3 ⇒ array_8T bool true true true true false false true true
+ | x4 ⇒ array_8T bool true true true true false true false false
+ | x5 ⇒ array_8T bool true true true true false true false true
+ | x6 ⇒ array_8T bool true true true true false true true false
+ | x7 ⇒ array_8T bool true true true true false true true true
+ | x8 ⇒ array_8T bool true true true true true false false false
+ | x9 ⇒ array_8T bool true true true true true false false true
+ | xA ⇒ array_8T bool true true true true true false true false
+ | xB ⇒ array_8T bool true true true true true false true true
+ | xC ⇒ array_8T bool true true true true true true false false
+ | xD ⇒ array_8T bool true true true true true true false true
+ | xE ⇒ array_8T bool true true true true true true true false
+ | xF ⇒ array_8T bool true true true true true true true true ]
+ ].
--- /dev/null
+(**************************************************************************)
+(* ___ *)
+(* ||M|| *)
+(* ||A|| A project by Andrea Asperti *)
+(* ||T|| *)
+(* ||I|| Developers: *)
+(* ||T|| The HELM team. *)
+(* ||A|| http://helm.cs.unibo.it *)
+(* \ / *)
+(* \ / This file is distributed under the terms of the *)
+(* v GNU General Public License Version 2 *)
+(* *)
+(**************************************************************************)
+
+(* ********************************************************************** *)
+(* Progetto FreeScale *)
+(* *)
+(* Sviluppato da: *)
+(* Cosimo Oliboni, oliboni@cs.unibo.it *)
+(* *)
+(* Questo materiale fa parte della tesi: *)
+(* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *)
+(* *)
+(* data ultima modifica 15/11/2007 *)
+(* ********************************************************************** *)
+
+include "freescale/memory_struct.ma".
+include "freescale/word16.ma".
+include "freescale/option.ma".
+include "freescale/theory.ma".
+
+(* ********************* *)
+(* MEMORIA E DESCRITTORE *)
+(* ********************* *)
+
+(* tutta la memoria non installata *)
+ndefinition mt_out_of_bound_memory ≝
+let lev4 ≝ array_16T ?
+ MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND
+ MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND
+ MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND
+ MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND
+ in
+let lev3 ≝ array_16T ?
+ lev4 lev4 lev4 lev4 lev4 lev4 lev4 lev4
+ lev4 lev4 lev4 lev4 lev4 lev4 lev4 lev4
+ in
+let lev2 ≝ array_16T ?
+ lev3 lev3 lev3 lev3 lev3 lev3 lev3 lev3
+ lev3 lev3 lev3 lev3 lev3 lev3 lev3 lev3
+ in
+let lev1 ≝ array_16T ?
+ lev2 lev2 lev2 lev2 lev2 lev2 lev2 lev2
+ lev2 lev2 lev2 lev2 lev2 lev2 lev2 lev2
+ in
+lev1.
+
+(* tutta la memoria a 0 *)
+ndefinition mt_zero_memory ≝
+let lev4 ≝ array_16T ?
+ (mk_byte8 x0 x0) (mk_byte8 x0 x0) (mk_byte8 x0 x0) (mk_byte8 x0 x0)
+ (mk_byte8 x0 x0) (mk_byte8 x0 x0) (mk_byte8 x0 x0) (mk_byte8 x0 x0)
+ (mk_byte8 x0 x0) (mk_byte8 x0 x0) (mk_byte8 x0 x0) (mk_byte8 x0 x0)
+ (mk_byte8 x0 x0) (mk_byte8 x0 x0) (mk_byte8 x0 x0) (mk_byte8 x0 x0)
+ in
+let lev3 ≝ array_16T ?
+ lev4 lev4 lev4 lev4 lev4 lev4 lev4 lev4
+ lev4 lev4 lev4 lev4 lev4 lev4 lev4 lev4
+ in
+let lev2 ≝ array_16T ?
+ lev3 lev3 lev3 lev3 lev3 lev3 lev3 lev3
+ lev3 lev3 lev3 lev3 lev3 lev3 lev3 lev3
+ in
+let lev1 ≝ array_16T ?
+ lev2 lev2 lev2 lev2 lev2 lev2 lev2 lev2
+ lev2 lev2 lev2 lev2 lev2 lev2 lev2 lev2
+ in
+lev1.
+
+(* visita di un albero da 64KB di elementi: ln16(65536)=4 passaggi *)
+ndefinition mt_visit ≝
+λT:Type.λdata:Array16T (Array16T (Array16T (Array16T T))).λaddr:word16.
+ match addr with
+ [ mk_word16 wh wl ⇒
+ getn_array16T (b8l wl) ?
+ (getn_array16T (b8h wl) ?
+ (getn_array16T (b8l wh) ?
+ (getn_array16T (b8h wh) ? data))) ].
+
+(* scrittura di un elemento in un albero da 64KB *)
+ndefinition mt_update ≝
+λT:Type.λdata:Array16T (Array16T (Array16T (Array16T T))).λaddr:word16.λv:T.
+ match addr with
+ [ mk_word16 wh wl ⇒
+ let lev2 ≝ getn_array16T (b8h wh) ? data in
+ let lev3 ≝ getn_array16T (b8l wh) ? lev2 in
+ let lev4 ≝ getn_array16T (b8h wl) ? lev3 in
+ setn_array16T (b8h wh) ? data
+ (setn_array16T (b8l wh) ? lev2
+ (setn_array16T (b8h wl) ? lev3
+ (setn_array16T (b8l wl) T lev4 v))) ].
+
+(* scrittura di un range in un albero da 64KB *)
+ndefinition mt_update_ranged ≝
+λT:Type.λdata:Array16T (Array16T (Array16T (Array16T T))).λi,s:word16.λv:T.
+ (* ok i≤s *)
+ match le_w16 i s with
+ [ true ⇒
+ match i with
+ [ mk_word16 ih il ⇒
+ match s with
+ [ mk_word16 sh sl ⇒
+ let aux_4 ≝ Array16T T in
+ let aux_3 ≝ Array16T (Array16T T) in
+ let aux_2 ≝ Array16T (Array16T (Array16T T)) in
+
+ let ilev2 ≝ getn_array16T (b8h ih) aux_2 data in
+ let ilev3 ≝ getn_array16T (b8l ih) aux_3 ilev2 in
+ let ilev4 ≝ getn_array16T (b8h il) aux_4 ilev3 in
+
+ let slev2 ≝ getn_array16T (b8h sh) aux_2 data in
+ let slev3 ≝ getn_array16T (b8l sh) aux_3 slev2 in
+ let slev4 ≝ getn_array16T (b8h sl) aux_4 slev3 in
+
+ let vlev4 ≝ array_16T T v v v v v v v v v v v v v v v v in
+ let vlev3 ≝ array_16T aux_4 vlev4 vlev4 vlev4 vlev4 vlev4 vlev4 vlev4 vlev4
+ vlev4 vlev4 vlev4 vlev4 vlev4 vlev4 vlev4 vlev4 in
+ let vlev2 ≝ array_16T aux_3 vlev3 vlev3 vlev3 vlev3 vlev3 vlev3 vlev3 vlev3
+ vlev3 vlev3 vlev3 vlev3 vlev3 vlev3 vlev3 vlev3 in
+
+ match eq_ex (b8h ih) (b8h sh) with
+ [ true ⇒ match eq_ex (b8l ih) (b8l sh) with
+ [ true ⇒ match eq_ex (b8h il) (b8h sl) with
+ (* caso 0x...(X) a 0x...(Y) *)
+ [ true ⇒ setn_array16T (b8h ih) aux_2 data
+ (setn_array16T (b8l ih) aux_3 ilev2
+ (setn_array16T (b8h il) aux_4 ilev3
+ (* cambio a partire da livello 4 *)
+ (setmn_array16T (b8l il) (b8l sl) T ilev4 v))) (* ...X,...Y *)
+ (* caso 0x..(X1)(X2) a 0x..(Y1)(Y2) *)
+ | false ⇒ setn_array16T (b8h ih) aux_2 data
+ (setn_array16T (b8l ih) aux_3 ilev2
+ (* cambio a partire da livello 3 *)
+ (setn_array16T (b8h sl) aux_4 (* ..(Y1)0,..(Y1)(Y2) *)
+ (setmn_array16T_succ_pred (b8h il) (b8h sl) aux_4 (* ..(X1+1).,..(Y1-1). *)
+ (setn_array16T (b8h il) aux_4 ilev3
+ (setmn_array16T (b8l il) xF T ilev4 v)) (* ..(X1)(X2),..(X1)F *)
+ vlev4)
+ (setmn_array16T x0 (b8l sl) T slev4 v))) ]
+ (* caso 0x.(X1)(X2)(X3) a 0x..(Y1)(Y2)(Y3) *)
+ | false ⇒ setn_array16T (b8h ih) aux_2 data
+ (* cambio a partire da livello 2 *)
+ (setn_array16T (b8l sh) aux_3
+ (setmn_array16T_succ_pred (b8l ih) (b8l sh) aux_3 (* .(X1+1)..,.(Y1-1).. *)
+ (setn_array16T (b8l ih) aux_3 ilev2
+ (setmn_array16T_succ (b8h il) aux_4 (* .(X1)(X2+1).,.(X1)F. *)
+ (setn_array16T (b8h il) aux_4 ilev3
+ (setmn_array16T (b8l il) xF T ilev4 v)) (* .(X1)(X2)(X3),.(X1)(X2)F *)
+ vlev4))
+ vlev3)
+ (setmn_array16T_pred (b8h sl) aux_4 (* .(Y1)0.,.(Y1)(Y2-1). *)
+ (setn_array16T (b8h sl) aux_4 slev3
+ (setmn_array16T x0 (b8l sl) T slev4 v)) (* .(Y1)(Y2)0,.(Y1)(Y2)(Y3) *)
+ vlev4))
+ ]
+ (* caso 0x(X1)(X2)(X3)(X4) a 0x(Y1)(Y2)(Y3)(Y4) *)
+ | false ⇒ setn_array16T (b8h sh) aux_2
+ (setmn_array16T_succ_pred (b8h ih) (b8h sh) aux_2 (* (X+1)...,(Y-1)... *)
+ (setn_array16T (b8h ih) aux_2 data
+ (setmn_array16T_succ (b8l ih) aux_3 (* (X1)(X2+1)..,(X1)F.. *)
+ (setn_array16T (b8l ih) aux_3 ilev2
+ (setmn_array16T_succ (b8h il) aux_4 (* (X1)(X2)(X3+1).,(X1)(X2)F. *)
+ (setn_array16T (b8h il) aux_4 ilev3
+ (setmn_array16T (b8l il) xF T ilev4 v)) (* (X1)(X2)(X3)(X4),(X1)(X2)(X3)F *)
+ vlev4))
+ vlev3))
+ vlev2)
+ (setmn_array16T_pred (b8l sh) aux_3 (* (Y1)0..,(Y1)(Y2-1).. *)
+ (setn_array16T (b8l sh) aux_3 slev2
+ (setmn_array16T_pred (b8h sl) aux_4 (* (Y1)(Y2)0.,(Y1)(Y2)(Y3-1). *)
+ (setn_array16T (b8h sl) aux_4 slev3
+ (setmn_array16T x0 (b8l sl) T slev4 v)) (* (Y1)(Y2)(Y3)0,(Y1)(Y2)(Y3)(Y4) *)
+ vlev4))
+ vlev3) ]]]
+ (* no i>s *)
+ | false ⇒ data
+ ].
+
+ndefinition mt_chk_get ≝
+λchk:Array16T (Array16T (Array16T (Array16T memory_type))).λaddr:word16.
+ match mt_visit ? chk addr with
+ [ MEM_READ_ONLY ⇒ array_8T ? MEM_READ_ONLY MEM_READ_ONLY MEM_READ_ONLY MEM_READ_ONLY MEM_READ_ONLY MEM_READ_ONLY MEM_READ_ONLY MEM_READ_ONLY
+ | MEM_READ_WRITE ⇒ array_8T ? MEM_READ_WRITE MEM_READ_WRITE MEM_READ_WRITE MEM_READ_WRITE MEM_READ_WRITE MEM_READ_WRITE MEM_READ_WRITE MEM_READ_WRITE
+ | MEM_OUT_OF_BOUND ⇒ array_8T ? MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND MEM_OUT_OF_BOUND
+ ].
+
+(* scrivi controllando il tipo di memoria *)
+ndefinition mt_mem_update ≝
+λmem:Array16T (Array16T (Array16T (Array16T byte8))).
+λchk:Array8T memory_type.
+λaddr:word16.λv:byte8.
+ match getn_array8T o0 ? chk with
+ (* ROM? ok, ma il valore viene perso *)
+ [ MEM_READ_ONLY ⇒ Some ? mem
+ (* RAM? ok *)
+ | MEM_READ_WRITE ⇒ Some ? (mt_update ? mem addr v)
+ (* NON INSTALLATA? no *)
+ | MEM_OUT_OF_BOUND ⇒ None ? ].
+
+(* leggi controllando il tipo di memoria *)
+ndefinition mt_mem_read ≝
+λmem:Array16T (Array16T (Array16T (Array16T byte8))).
+λchk:Array16T (Array16T (Array16T (Array16T memory_type))).
+λaddr:word16.
+ match mt_visit ? chk addr with
+ [ MEM_READ_ONLY ⇒ Some ? (mt_visit ? mem addr)
+ | MEM_READ_WRITE ⇒ Some ? (mt_visit ? mem addr)
+ | MEM_OUT_OF_BOUND ⇒ None ? ].
+
+(* ************************** *)
+(* CARICAMENTO PROGRAMMA/DATI *)
+(* ************************** *)
+
+(* carica a paratire da addr, scartando source (pescando da old_mem) se si supera 0xFFFF... *)
+nlet rec mt_load_from_source_at (old_mem:Array16T (Array16T (Array16T (Array16T byte8))))
+ (source:list byte8) (addr:word16) on source ≝
+match source with
+ (* fine di source: carica da old_mem *)
+ [ nil ⇒ old_mem
+ | cons hd tl ⇒ match lt_w16 addr 〈〈xF,xF〉:〈xF,xF〉〉 with
+ (* non supera 0xFFFF, ricorsione *)
+ [ true ⇒ mt_load_from_source_at (mt_update ? old_mem addr hd) tl (plus_w16_d_d addr 〈〈x0,x0〉:〈x0,x1〉〉)
+ (* supera 0xFFFF, niente ricorsione *)
+ | false ⇒ mt_update ? old_mem addr hd
+ ]].
--- /dev/null
+(**************************************************************************)
+(* ___ *)
+(* ||M|| *)
+(* ||A|| A project by Andrea Asperti *)
+(* ||T|| *)
+(* ||I|| Developers: *)
+(* ||T|| The HELM team. *)
+(* ||A|| http://helm.cs.unibo.it *)
+(* \ / *)
+(* \ / This file is distributed under the terms of the *)
+(* v GNU General Public License Version 2 *)
+(* *)
+(**************************************************************************)
+
+(* ********************************************************************** *)
+(* Progetto FreeScale *)
+(* *)
+(* Sviluppato da: *)
+(* Cosimo Oliboni, oliboni@cs.unibo.it *)
+(* *)
+(* Questo materiale fa parte della tesi: *)
+(* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *)
+(* *)
+(* data ultima modifica 15/11/2007 *)
+(* ********************************************************************** *)
+
+include "freescale/status.ma".
+
+(* *********************************** *)
+(* IMPOSTAZIONI SPECIFICHE DEI MODELLI *)
+(* *********************************** *)
+
+(* modelli di HC05 *)
+ninductive HC05_mcu_model : Type ≝
+ MC68HC05J5A: HC05_mcu_model
+ (*..*).
+
+ndefinition HC05_mcu_model_ind : ΠP:HC05_mcu_model → Prop.P MC68HC05J5A → Πh:HC05_mcu_model.P h ≝
+λP:HC05_mcu_model → Prop.λp:P MC68HC05J5A.λh:HC05_mcu_model.
+ match h with [ MC68HC05J5A ⇒ p ].
+
+ndefinition HC05_mcu_model_rec : ΠP:HC05_mcu_model → Set.P MC68HC05J5A → Πh:HC05_mcu_model.P h ≝
+λP:HC05_mcu_model → Set.λp:P MC68HC05J5A.λh:HC05_mcu_model.
+ match h with [ MC68HC05J5A ⇒ p ].
+
+ndefinition HC05_mcu_model_rect : ΠP:HC05_mcu_model → Type.P MC68HC05J5A → Πh:HC05_mcu_model.P h ≝
+λP:HC05_mcu_model → Type.λp:P MC68HC05J5A.λh:HC05_mcu_model.
+ match h with [ MC68HC05J5A ⇒ p ].
+
+(* modelli di HC08 *)
+ninductive HC08_mcu_model : Type ≝
+ MC68HC08AB16A: HC08_mcu_model
+ (*..*).
+
+ndefinition HC08_mcu_model_ind : ΠP:HC08_mcu_model → Prop.P MC68HC08AB16A → Πh:HC08_mcu_model.P h ≝
+λP:HC08_mcu_model → Prop.λp:P MC68HC08AB16A.λh:HC08_mcu_model.
+ match h with [ MC68HC08AB16A ⇒ p ].
+
+ndefinition HC08_mcu_model_rec : ΠP:HC08_mcu_model → Set.P MC68HC08AB16A → Πh:HC08_mcu_model.P h ≝
+λP:HC08_mcu_model → Set.λp:P MC68HC08AB16A.λh:HC08_mcu_model.
+ match h with [ MC68HC08AB16A ⇒ p ].
+
+ndefinition HC08_mcu_model_rect : ΠP:HC08_mcu_model → Type.P MC68HC08AB16A → Πh:HC08_mcu_model.P h ≝
+λP:HC08_mcu_model → Type.λp:P MC68HC08AB16A.λh:HC08_mcu_model.
+ match h with [ MC68HC08AB16A ⇒ p ].
+
+(* modelli di HCS08 *)
+ninductive HCS08_mcu_model : Type ≝
+ MC9S08AW60 : HCS08_mcu_model
+ (*..*).
+
+ndefinition HCS08_mcu_model_ind : ΠP:HCS08_mcu_model → Prop.P MC9S08AW60 → Πh:HCS08_mcu_model.P h ≝
+λP:HCS08_mcu_model → Prop.λp:P MC9S08AW60.λh:HCS08_mcu_model.
+ match h with [ MC9S08AW60 ⇒ p ].
+
+ndefinition HCS08_mcu_model_rec : ΠP:HCS08_mcu_model → Set.P MC9S08AW60 → Πh:HCS08_mcu_model.P h ≝
+λP:HCS08_mcu_model → Set.λp:P MC9S08AW60.λh:HCS08_mcu_model.
+ match h with [ MC9S08AW60 ⇒ p ].
+
+ndefinition HCS08_mcu_model_rect : ΠP:HCS08_mcu_model → Type.P MC9S08AW60 → Πh:HCS08_mcu_model.P h ≝
+λP:HCS08_mcu_model → Type.λp:P MC9S08AW60.λh:HCS08_mcu_model.
+ match h with [ MC9S08AW60 ⇒ p ].
+
+(* modelli di RS08 *)
+ninductive RS08_mcu_model : Type ≝
+ MC9RS08KA1 : RS08_mcu_model
+| MC9RS08KA2 : RS08_mcu_model.
+
+ndefinition RS08_mcu_model_ind : ΠP:RS08_mcu_model → Prop.P MC9RS08KA1 → P MC9RS08KA2 → Πr:RS08_mcu_model.P r ≝
+λP:RS08_mcu_model → Prop.λp:P MC9RS08KA1.λp1:P MC9RS08KA2.λr:RS08_mcu_model.
+ match r with [ MC9RS08KA1 ⇒ p | MC9RS08KA2 ⇒ p1 ].
+
+ndefinition RS08_mcu_model_rec : ΠP:RS08_mcu_model → Set.P MC9RS08KA1 → P MC9RS08KA2 → Πr:RS08_mcu_model.P r ≝
+λP:RS08_mcu_model → Set.λp:P MC9RS08KA1.λp1:P MC9RS08KA2.λr:RS08_mcu_model.
+ match r with [ MC9RS08KA1 ⇒ p | MC9RS08KA2 ⇒ p1 ].
+
+ndefinition RS08_mcu_model_rect : ΠP:RS08_mcu_model → Type.P MC9RS08KA1 → P MC9RS08KA2 → Πr:RS08_mcu_model.P r ≝
+λP:RS08_mcu_model → Type.λp:P MC9RS08KA1.λp1:P MC9RS08KA2.λr:RS08_mcu_model.
+ match r with [ MC9RS08KA1 ⇒ p | MC9RS08KA2 ⇒ p1 ].
+
+(* raggruppamento dei modelli *)
+ninductive any_mcu_model : Type ≝
+ FamilyHC05 : HC05_mcu_model → any_mcu_model
+| FamilyHC08 : HC08_mcu_model → any_mcu_model
+| FamilyHCS08 : HCS08_mcu_model → any_mcu_model
+| FamilyRS08 : RS08_mcu_model → any_mcu_model.
+
+ndefinition any_mcu_model_ind
+ : ΠP:any_mcu_model → Prop.(Πn:HC05_mcu_model.P (FamilyHC05 n)) → (Πn:HC08_mcu_model.P (FamilyHC08 n)) →
+ (Πn:HCS08_mcu_model.P (FamilyHCS08 n)) → (Πn:RS08_mcu_model.P (FamilyRS08 n))→Πa:any_mcu_model.P a ≝
+λP:any_mcu_model → Prop.λf:Πn:HC05_mcu_model.P (FamilyHC05 n).λf1:Πn:HC08_mcu_model.P (FamilyHC08 n).
+λf2:Πn:HCS08_mcu_model.P (FamilyHCS08 n).λf3:Πn:RS08_mcu_model.P (FamilyRS08 n).λa:any_mcu_model.
+ match a with [ FamilyHC05 n ⇒ f n | FamilyHC08 n ⇒ f1 n
+ | FamilyHCS08 n ⇒ f2 n | FamilyRS08 n ⇒ f3 n ].
+
+ndefinition any_mcu_model_rec
+ : ΠP:any_mcu_model → Set.(Πn:HC05_mcu_model.P (FamilyHC05 n)) → (Πn:HC08_mcu_model.P (FamilyHC08 n)) →
+ (Πn:HCS08_mcu_model.P (FamilyHCS08 n)) → (Πn:RS08_mcu_model.P (FamilyRS08 n))→Πa:any_mcu_model.P a ≝
+λP:any_mcu_model → Set.λf:Πn:HC05_mcu_model.P (FamilyHC05 n).λf1:Πn:HC08_mcu_model.P (FamilyHC08 n).
+λf2:Πn:HCS08_mcu_model.P (FamilyHCS08 n).λf3:Πn:RS08_mcu_model.P (FamilyRS08 n).λa:any_mcu_model.
+ match a with [ FamilyHC05 n ⇒ f n | FamilyHC08 n ⇒ f1 n
+ | FamilyHCS08 n ⇒ f2 n | FamilyRS08 n ⇒ f3 n ].
+
+ndefinition any_mcu_model_rect
+ : ΠP:any_mcu_model → Type.(Πn:HC05_mcu_model.P (FamilyHC05 n)) → (Πn:HC08_mcu_model.P (FamilyHC08 n)) →
+ (Πn:HCS08_mcu_model.P (FamilyHCS08 n)) → (Πn:RS08_mcu_model.P (FamilyRS08 n))→Πa:any_mcu_model.P a ≝
+λP:any_mcu_model → Type.λf:Πn:HC05_mcu_model.P (FamilyHC05 n).λf1:Πn:HC08_mcu_model.P (FamilyHC08 n).
+λf2:Πn:HCS08_mcu_model.P (FamilyHCS08 n).λf3:Πn:RS08_mcu_model.P (FamilyRS08 n).λa:any_mcu_model.
+ match a with [ FamilyHC05 n ⇒ f n | FamilyHC08 n ⇒ f1 n
+ | FamilyHCS08 n ⇒ f2 n | FamilyRS08 n ⇒ f3 n ].
+
+(*
+condizioni errore interne alla MCU
+(Il programma viene caricato dal produttore in ROM o impostato in EEPROM)
+HC05: +illegal address during opcode fetch
+HC08: +illegal address duting opcode fetch (ILAD mascherabile)
+ +illegal opcode (ILOP mascherabile)
+
+(Il programma viene programmato nella FLASH)
+HCS08: +illegal address during opcode fetch (ILAD mascherabile)
+ +illegal opcode (ILOP mascherabile)
+ +security = accesso a RAM e zone FLASH dichiarate sicure da zone sicure
+ da' 0 in lettura e ignore in scrittura, [FLASH]SEC00:SEC01 (1,0)
+ corrisponde a OFF, altre ON, disattivabile solo da modalita' sicura se
+ opzione [FLASH]KEYEN e' 1 passando chiave a 8byte da modalita' sicura.
+ Altrimenti disattivabile solo con FLASH mass erase. Obbiettivo
+ e' impedire duplicazione di software di controllo, dato che esiste
+ modalita' debugging. A restart viene ricaricata da FLASH impostazione
+ sicurezza!
+RS08: +illegal address durting opcode fetch (ILAD) mascherabile
+ +illegal opcode (ILOP mascherabile)
+ +security = solo la FLASH e' considerata sicura. Stesso meccanismo di HCS08
+ ma governato solo da [FLASH]SECD (0) OFF.Una volta attivato l'unica
+ disattivazione e' la cancellazione della FLASH.
+*)
+
+(* memoria degli HC05 *)
+ndefinition memory_type_of_FamilyHC05 ≝
+λm:HC05_mcu_model.match m with
+ [ MC68HC05J5A ⇒
+ [
+ (* astraggo molto *)
+ (* 0x0000-0x001F,0x0FF0: sarebbe memory mapped IO *)
+
+ triple ??? 〈〈x0,x0〉:〈x8,x0〉〉 〈〈x0,x0〉:〈xF,xF〉〉 MEM_READ_WRITE (* 128B RAM+STACK *)
+ ; triple ??? 〈〈x0,x3〉:〈x0,x0〉〉 〈〈x0,xC〉:〈xF,xF〉〉 MEM_READ_ONLY (* 2560B USER ROM *)
+ ; triple ??? 〈〈x0,xE〉:〈x0,x0〉〉 〈〈x0,xF〉:〈xF,xF〉〉 MEM_READ_ONLY (* 512B INTERNAL ROM *)
+ ]
+ (*..*)
+ ].
+
+(* memoria degli HC08 *)
+ndefinition memory_type_of_FamilyHC08 ≝
+λm:HC08_mcu_model.match m with
+ [ MC68HC08AB16A ⇒
+ [
+ (* astraggo molto *)
+ (* 0x0000-0x004F,0xFE00-0xFE01,0xFE03,
+ 0xFE0C-0xFE11,0xFE1A-0xFE1D,0xFE1F: sarebbe memory mapped IO *)
+ (* 0x0500-0x057F,0xFE02,0xFE04-0xFE07,
+ 0xFE09-0xFE0B,0xFE12-0xFE19,0xFE1E,0xFFC0-0xFFCF : sarebbe reserved *)
+
+ triple ??? 〈〈x0,x0〉:〈x5,x0〉〉 〈〈x0,x2〉:〈x4,xF〉〉 MEM_READ_WRITE (* 512B RAM *)
+ ; triple ??? 〈〈x0,x8〉:〈x0,x0〉〉 〈〈x0,x9〉:〈xF,xF〉〉 MEM_READ_ONLY (* 512B EEPROM *)
+ ; triple ??? 〈〈xB,xE〉:〈x0,x0〉〉 〈〈xF,xD〉:〈xF,xF〉〉 MEM_READ_ONLY (* 16384B ROM *)
+ ; triple ??? 〈〈xF,xE〉:〈x2,x0〉〉 〈〈xF,xF〉:〈x5,x2〉〉 MEM_READ_ONLY (* 307B ROM *)
+ ; triple ??? 〈〈xF,xF〉:〈xD,x0〉〉 〈〈xF,xF〉:〈xF,xF〉〉 MEM_READ_ONLY (* 48B ROM *) ]
+ (*..*)
+ ].
+
+(* memoria degli HCS08 *)
+ndefinition memory_type_of_FamilyHCS08 ≝
+λm:HCS08_mcu_model.match m with
+ [ MC9S08AW60 ⇒
+ [
+ (* astraggo molto *)
+ (* 0x0000-0x006F,0x1800-0x185F: sarebbe memory mapped IO *)
+
+ triple ??? 〈〈x0,x0〉:〈x7,x0〉〉 〈〈x0,x8〉:〈x6,xF〉〉 MEM_READ_WRITE (* 2048B RAM *)
+ ; triple ??? 〈〈x0,x8〉:〈x7,x0〉〉 〈〈x1,x7〉:〈xF,xF〉〉 MEM_READ_ONLY (* 3984B FLASH *)
+ ; triple ??? 〈〈x1,x8〉:〈x6,x0〉〉 〈〈xF,xF〉:〈xF,xF〉〉 MEM_READ_ONLY (* 59296B FLASH *) ]
+ ].
+
+(* memoria dei RS08 *)
+ndefinition memory_type_of_FamilyRS08 ≝
+λm:RS08_mcu_model.match m with
+ [ MC9RS08KA1 ⇒
+ [
+ triple ??? 〈〈x0,x0〉:〈x0,x0〉〉 〈〈x0,x0〉:〈x0,xE〉〉 MEM_READ_WRITE (* 15B RAM *)
+ (* [000F] e' il registro X *)
+ (* 0x0010-0x001E sarebbe memory mapped IO, proviamo per completezza con RAM *)
+ ; triple ??? 〈〈x0,x0〉:〈x1,x0〉〉 〈〈x0,x0〉:〈x1,xE〉〉 MEM_READ_WRITE (* 15B MEMORY MAPPED IO *)
+ (* [001F] e' il registro PAGESEL *)
+ ; triple ??? 〈〈x0,x0〉:〈x2,x0〉〉 〈〈x0,x0〉:〈x4,xF〉〉 MEM_READ_WRITE (* 48B RAM *)
+ (* [00C0-00FF] mappato da PAGESEL su [00pp pppp ppxx xxxx] *)
+ ; triple ??? 〈〈x0,x0〉:〈xC,x0〉〉 〈〈x0,x0〉:〈xF,xF〉〉 MEM_READ_WRITE (* 64B RAM PAGING *)
+ (* 0x0200-0x023F sarebbe memory mapped IO, proviamo per completezza con RAM *)
+ ; triple ??? 〈〈x0,x2〉:〈x0,x0〉〉 〈〈x0,x2〉:〈x3,xF〉〉 MEM_READ_WRITE (* 64B MEMORY MAPPED IO *)
+ ; triple ??? 〈〈x3,xC〉:〈x0,x0〉〉 〈〈x3,xF〉:〈xF,xF〉〉 MEM_READ_ONLY (* 1024B FLASH *) ]
+ | MC9RS08KA2 ⇒
+ [
+ triple ??? 〈〈x0,x0〉:〈x0,x0〉〉 〈〈x0,x0〉:〈x0,xE〉〉 MEM_READ_WRITE (* 15B RAM *)
+ (* [000F] e' il registro X *)
+ (* 0x0010-0x001E sarebbe memory mapped IO, proviamo per completezza con RAM *)
+ ; triple ??? 〈〈x0,x0〉:〈x1,x0〉〉 〈〈x0,x0〉:〈x1,xE〉〉 MEM_READ_WRITE (* 15B MEMORY MAPPED IO *)
+ (* [001F] e' il registro PAGESEL *)
+ ; triple ??? 〈〈x0,x0〉:〈x2,x0〉〉 〈〈x0,x0〉:〈x4,xF〉〉 MEM_READ_WRITE (* 48B RAM *)
+ (* [00C0-00FF] mappato da PAGESEL su [00pp pppp ppxx xxxx] *)
+ ; triple ??? 〈〈x0,x0〉:〈xC,x0〉〉 〈〈x0,x0〉:〈xF,xF〉〉 MEM_READ_WRITE (* 64B RAM PAGING *)
+ (* 0x0200-0x023F sarebbe memory mapped IO, proviamo per completezza con RAM *)
+ ; triple ??? 〈〈x0,x2〉:〈x0,x0〉〉 〈〈x0,x2〉:〈x3,xF〉〉 MEM_READ_WRITE (* 64B MEMORY MAPPED IO *)
+ ; triple ??? 〈〈x3,x8〉:〈x0,x0〉〉 〈〈x3,xF〉:〈xF,xF〉〉 MEM_READ_ONLY (* 2048B FLASH *) ]
+ ].
+
+(* ∀modello.descrizione della memoria installata *)
+ndefinition memory_type_of_mcu_version ≝
+λmcu:any_mcu_model.match mcu with
+ [ FamilyHC05 m ⇒ memory_type_of_FamilyHC05 m
+ | FamilyHC08 m ⇒ memory_type_of_FamilyHC08 m
+ | FamilyHCS08 m ⇒ memory_type_of_FamilyHCS08 m
+ | FamilyRS08 m ⇒ memory_type_of_FamilyRS08 m
+ ].
+
+(* dato un modello costruisce un descrittore a partire dalla lista precedente *)
+nlet rec build_memory_type_of_mcu_version_aux t param (result:aux_chk_type t) on param ≝
+ match param with
+ [ nil ⇒ result
+ | cons hd tl ⇒
+ build_memory_type_of_mcu_version_aux t tl
+ (check_update_ranged t result (fst3T ??? hd) (snd3T ??? hd) (thd3T ??? hd)) ].
+
+ndefinition build_memory_type_of_mcu_version ≝
+λmcu:any_mcu_model.λt:memory_impl.
+ build_memory_type_of_mcu_version_aux t (memory_type_of_mcu_version mcu) (out_of_bound_memory t).
+
+(* sarebbe programma da caricare/zero_memory, ora test *)
+ndefinition memory_of_mcu_version ≝
+λmcu:any_mcu_model.λt:memory_impl.match mcu with
+ [ FamilyHC05 m ⇒ match m with
+ [ MC68HC05J5A ⇒ zero_memory t
+ (*..*)
+ ]
+ | FamilyHC08 m ⇒ match m with
+ [ MC68HC08AB16A ⇒ zero_memory t
+ (*..*)
+ ]
+ (* tralascio l'enumerazione dei casi, per ora e' tutto 0 *)
+ | FamilyHCS08 _ ⇒ zero_memory t
+ | FamilyRS08 _ ⇒ zero_memory t
+ ].
+
+(*
+ parametrizzati i non deterministici rispetto a tutti i valori casuali
+ che verranno dati dall'esterno di tipo byte8 (ndby1-2) e bool (ndbo1-5).
+ l'ACCENSIONE e' totalmente equivalente ad un reset causato da calo di tensione
+ (reset V-low), la memoria ed il check puo' essere passata, per esempio da
+ - (memory_of_mcu_version MC68HC05J5A)
+ - (build_memory_type_of_mcu_version MC68HC05J5A)
+*)
+ndefinition start_of_mcu_version_HC05 ≝
+λmcu:HC05_mcu_model.λt:memory_impl.
+λmem:aux_mem_type t.λchk:aux_chk_type t.
+λndby1,ndby2:byte8.λirqfl,ndbo1,ndbo2,ndbo3,ndbo4,ndbo5:bool.
+ let build ≝ λspm,spf,pcm:word16.
+ let fetched_pc ≝ mk_word16 (mem_read_abs t mem (and_w16 〈〈xF,xF〉:〈xF,xE〉〉 pcm))
+ (mem_read_abs t mem (and_w16 〈〈xF,xF〉:〈xF,xF〉〉 pcm)) in
+ mk_any_status HC05 t
+ (mk_alu_HC05
+ (* acc_low: ? *) ndby1 (* indx_low: ? *) ndby2
+ (* sp: reset *) (or_w16 (and_w16 〈〈x0,x0〉:〈xF,xF〉〉 spm) spf) spm spf
+ (* pc: reset+fetch *) (and_w16 fetched_pc pcm) pcm
+ (* H: ? *) ndbo1 (* I: reset *) true (* N: ? *) ndbo2
+ (* Z: ? *) ndbo3 (* C: ? *) ndbo4 (* IRQ: ? *) irqfl)
+ (* mem *) mem
+ (* chk *) chk
+ (* clk: reset *) (None ?) in
+ match mcu with
+ [ MC68HC05J5A ⇒ build 〈〈x0,x0〉:〈x3,xF〉〉 〈〈x0,x0〉:〈xC,x0〉〉 〈〈x0,xF〉:〈xF,xF〉〉
+ (*..*)
+ ].
+
+ndefinition start_of_mcu_version_HC08 ≝
+λmcu:HC08_mcu_model.λt:memory_impl.
+λmem:aux_mem_type t.λchk:aux_chk_type t.
+λndby1,ndby2:byte8.λirqfl,ndbo1,ndbo2,ndbo3,ndbo4,ndbo5:bool.
+ let fetched_pc ≝ mk_word16 (mem_read_abs t mem 〈〈xF,xF〉:〈xF,xE〉〉)
+ (mem_read_abs t mem 〈〈xF,xF〉:〈xF,xF〉〉) in
+ mk_any_status HC08 t
+ (mk_alu_HC08
+ (* acc_low: ? *) ndby1 (* indw_low: ? *) ndby2 (* indx_high: reset *) 〈x0,x0〉
+ (* sp: reset *) 〈〈x0,x0〉:〈xF,xF〉〉 (* pc: reset+fetch *) fetched_pc
+ (* V: ? *) ndbo1 (* H: ? *) ndbo2 (* I: reset *) true
+ (* N: ? *) ndbo3 (* Z: ? *) ndbo4 (* C: ? *) ndbo5 (* IRQ: ? *) irqfl)
+ (* mem *) mem
+ (* chk *) chk
+ (* clk: reset *) (None ?).
+
+ndefinition start_of_mcu_version_HCS08 ≝
+λmcu:HCS08_mcu_model.λt:memory_impl.
+λmem:aux_mem_type t.λchk:aux_chk_type t.
+λndby1,ndby2:byte8.λirqfl,ndbo1,ndbo2,ndbo3,ndbo4,ndbo5:bool.
+ let fetched_pc ≝ mk_word16 (mem_read_abs t mem 〈〈xF,xF〉:〈xF,xE〉〉)
+ (mem_read_abs t mem 〈〈xF,xF〉:〈xF,xF〉〉) in
+ mk_any_status HCS08 t
+ (mk_alu_HC08
+ (* acc_low: ? *) ndby1 (* indw_low: ? *) ndby2 (* indx_high: reset *) 〈x0,x0〉
+ (* sp: reset *) 〈〈x0,x0〉:〈xF,xF〉〉 (* pc: reset+fetch *) fetched_pc
+ (* V: ? *) ndbo1 (* H: ? *) ndbo2 (* I: reset *) true
+ (* N: ? *) ndbo3 (* Z: ? *) ndbo4 (* C: ? *) ndbo5 (* IRQ: ? *) irqfl)
+ (* mem *) mem
+ (* chk *) chk
+ (* clk: reset *) (None ?).
+
+ndefinition start_of_mcu_version_RS08 ≝
+λmcu:RS08_mcu_model.λt:memory_impl.
+λmem:aux_mem_type t.λchk:aux_chk_type t.
+λndby1,ndby2:byte8.λirqfl,ndbo1,ndbo2,ndbo3,ndbo4,ndbo5:bool.
+ let build ≝ λpcm.
+ mk_any_status RS08 t
+ (mk_alu_RS08
+ (* acc_low: reset *) 〈x0,x0〉
+ (* pc: reset *) (and_w16 〈〈xF,xF〉:〈xF,xD〉〉 pcm) pcm
+ (* spc: reset *) (and_w16 〈〈xF,xF〉:〈xF,xD〉〉 pcm)
+ (* xm: reset *) 〈x0,x0〉 (* psm: *) 〈x8,x0〉
+ (* Z: reset *) false (* C: reset *) false)
+ (* mem *) mem
+ (* chk *) chk
+ (* clk: reset *) (None ?) in
+ (* tralascio l'enumerazione dei casi, tanto i valori sono uguali *)
+ build 〈〈x3,xF〉:〈xF,xF〉〉.
+
+(*
+ cio' che non viene resettato mantiene il valore precedente: nella documentazione
+ viene riportato come "unaffected"/"indeterminate"/"unpredictable"
+ il soft RESET e' diverso da un calo di tensione e la ram non variera'
+*)
+ndefinition reset_of_mcu ≝
+λm:mcu_type.λt:memory_impl.
+let pc_reset_h ≝ 〈〈xF,xF〉:〈xF,xE〉〉 in
+let pc_reset_l ≝ 〈〈xF,xF〉:〈xF,xF〉〉 in
+let pc_RS08_reset ≝ 〈〈xF,xF〉:〈xF,xD〉〉 in
+let sp_reset ≝ 〈〈x0,x0〉:〈xF,xF〉〉 in
+ match m return λm:mcu_type.(any_status m t) → (any_status m t) with
+(* HC05: parzialmente non deterministico *)
+ [ HC05 ⇒ λs:any_status HC05 t.match s with
+ [ mk_any_status alu mem chk clk ⇒ match alu with
+ [ mk_alu_HC05 acclow indxlow _ spm spf _ pcm hfl _ nfl zfl cfl irqfl ⇒
+ let fetched_pc ≝ mk_word16 (mem_read_abs t mem (and_w16 pc_reset_h pcm))
+ (mem_read_abs t mem (and_w16 pc_reset_l pcm)) in
+ mk_any_status HC05 t
+ (mk_alu_HC05
+ (* acc_low: inv. *) acclow (* indx_low: inv. *) indxlow
+ (* sp: reset *) (or_w16 (and_w16 sp_reset spm) spf) spm spf
+ (* pc: reset+fetch *) (and_w16 fetched_pc pcm) pcm
+ (* H: inv. *) hfl (* I: reset *) true (* N: inv. *) nfl
+ (* Z: inv. *) zfl (* C: inv. *) cfl (* IRQ: inv *) irqfl)
+ (* mem: inv. *) mem
+ (* chk: inv. *) chk
+ (* clk: reset *) (None ?) ]]
+(* HC08: parzialmente non deterministico *)
+ | HC08 ⇒ λs:any_status HC08 t.match s with
+ [ mk_any_status alu mem chk clk ⇒ match alu with
+ [ mk_alu_HC08 acclow indxlow _ _ _ vfl hfl _ nfl zfl cfl irqfl ⇒
+ let fetched_pc ≝ mk_word16 (mem_read_abs t mem pc_reset_h)
+ (mem_read_abs t mem pc_reset_l) in
+ mk_any_status HC08 t
+ (mk_alu_HC08
+ (* acc_low: inv. *) acclow (* indx_low: inv. *) indxlow (* indx_high: reset *) 〈x0,x0〉
+ (* sp: reset *) sp_reset (* pc: reset+fetch *) fetched_pc
+ (* V: inv. *) vfl (* H: inv. *) hfl (* I: reset *) true
+ (* N: inv. *) nfl (* Z: inv. *) zfl (* C: inv. *) cfl (* IRQ: inv *) irqfl)
+ (* mem: inv. *) mem
+ (* chk: inv. *) chk
+ (* clk: reset *) (None ?) ]]
+(* HCS08: parzialmente non deterministico *)
+ | HCS08 ⇒ λs:any_status HCS08 t.match s with
+ [ mk_any_status alu mem chk clk ⇒ match alu with
+ [ mk_alu_HC08 acclow indxlow _ _ _ vfl hfl _ nfl zfl cfl irqfl ⇒
+ let fetched_pc ≝ mk_word16 (mem_read_abs t mem pc_reset_h)
+ (mem_read_abs t mem pc_reset_l) in
+ mk_any_status HCS08 t
+ (mk_alu_HC08
+ (* acc_low: inv. *) acclow (* indx_low: inv. *) indxlow (* indx_high: reset *) 〈x0,x0〉
+ (* sp: reset *) sp_reset (* pc: reset+fetch *) fetched_pc
+ (* V: inv. *) vfl (* H: inv. *) hfl (* I: reset *) true
+ (* N: inv. *) nfl (* Z: inv. *) zfl (* C: inv. *) cfl (* IRQ: inv *) irqfl)
+ (* mem: inv. *) mem
+ (* chk: inv. *) chk
+ (* clk: reset *) (None ?) ]]
+(* RS08: deterministico *)
+ | RS08 ⇒ λs:any_status RS08 t.match s with
+ [ mk_any_status alu mem chk clk ⇒ match alu with
+ [ mk_alu_RS08 _ _ pcm _ _ _ _ _ ⇒
+ mk_any_status RS08 t
+ (mk_alu_RS08
+ (* acc_low: reset *) 〈x0,x0〉
+ (* pc: reset *) (and_w16 pc_RS08_reset pcm) pcm
+ (* spc: reset *) (and_w16 pc_RS08_reset pcm)
+ (* xm: reset *) 〈x0,x0〉 (* psm: reset *) 〈x8,x0〉
+ (* Z: reset *) false (* C: reset *) false)
+ (* mem: inv. *) mem
+ (* chk: inv. *) chk
+ (* clk: reset *) (None ?) ]]
+ ].
--- /dev/null
+(**************************************************************************)
+(* ___ *)
+(* ||M|| *)
+(* ||A|| A project by Andrea Asperti *)
+(* ||T|| *)
+(* ||I|| Developers: *)
+(* ||T|| The HELM team. *)
+(* ||A|| http://helm.cs.unibo.it *)
+(* \ / *)
+(* \ / This file is distributed under the terms of the *)
+(* v GNU General Public License Version 2 *)
+(* *)
+(**************************************************************************)
+
+(* ********************************************************************** *)
+(* Progetto FreeScale *)
+(* *)
+(* Sviluppato da: *)
+(* Cosimo Oliboni, oliboni@cs.unibo.it *)
+(* *)
+(* Questo materiale fa parte della tesi: *)
+(* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *)
+(* *)
+(* data ultima modifica 15/11/2007 *)
+(* ********************************************************************** *)
+
+include "freescale/load_write.ma".
+include "freescale/nat_lemmas.ma".
+
+(* ************************************************ *)
+(* LOGICHE AUSILIARE CHE ACCOMUNANO PIU' OPERAZIONI *)
+(* ************************************************ *)
+
+(* NB: dentro il codice i commenti cercano di spiegare la logica
+ secondo quanto riportato dalle specifiche delle mcu *)
+
+(* NB: notare che tranne nei casi in cui PC viene modificato esplicitamente
+ il suo avanzamento viene delegato totalmente agli strati inferiori
+ I) avanzamento dovuto al decode degli op (fetch)
+ II) avanzamento dovuto al caricamento degli argomenti (multi_mode_load/write)
+ la modifica effettiva avviene poi centralizzata in tick *)
+
+(* A = [true] fAMC(A,M,C), [false] A *)
+(* cioe' in caso di false l'operazione viene eseguita ma modifica solo i flag *)
+(* fAMC e' la logica da applicare: somma con/senza carry *)
+ndefinition execute_ADC_ADD_aux ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.λsetflag:bool.
+λfAMC:byte8 → byte8 → bool → ProdT byte8 bool.
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ let A_op ≝ get_acc_8_low_reg m t s_tmp1 in
+ match fAMC A_op M_op (get_c_flag m t s_tmp1) with
+ [ pair R_op carry ⇒
+ let A7 ≝ MSB_b8 A_op in let M7 ≝ MSB_b8 M_op in let R7 ≝ MSB_b8 R_op in
+ let A3 ≝ MSB_ex (b8l A_op) in let M3 ≝ MSB_ex (b8l M_op) in let R3 ≝ MSB_ex (b8l R_op) in
+ (* A = [true] fAMC(A,M,C), [false] A *)
+ let s_tmp2 ≝ match setflag with [ true ⇒ set_acc_8_low_reg m t s_tmp1 R_op | false ⇒ s_tmp1 ] in
+ (* Z = nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp3 ≝ set_z_flag m t s_tmp2 (eq_b8 R_op 〈x0,x0〉) in
+ (* C = A7&M7 | M7&nR7 | nR7&A7 *)
+ let s_tmp4 ≝ set_c_flag m t s_tmp3 ((A7⊗M7) ⊕ (M7⊗(⊖R7)) ⊕ ((⊖R7)⊗A7)) in
+ (* N = R7 *)
+ let s_tmp5 ≝ setweak_n_flag m t s_tmp4 R7 in
+ (* H = A3&M3 | M3&nR3 | nR3&A3 *)
+ let s_tmp6 ≝ setweak_h_flag m t s_tmp5 ((A3⊗M3) ⊕ (M3⊗(⊖R3)) ⊕ ((⊖R3)⊗A3)) in
+ (* V = A7&M7&nR7 | nA7&nM7&R7 *)
+ let s_tmp7 ≝ setweak_v_flag m t s_tmp6 ((A7⊗M7⊗(⊖R7)) ⊕ ((⊖A7)⊗(⊖M7)⊗R7)) in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp7 new_pc) ]]).
+
+(* A = [true] fAM(A,M), [false] A *)
+(* cioe' in caso di false l'operazione viene eseguita ma modifica solo i flag *)
+(* fAM e' la logica da applicare: and/xor/or *)
+ndefinition execute_AND_BIT_EOR_ORA_aux ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.λsetflag:bool.
+λfAM:byte8 → byte8 → byte8.
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ let R_op ≝ fAM (get_acc_8_low_reg m t s_tmp1) M_op in
+ (* A = [true] fAM(A,M), [false] A *)
+ let s_tmp2 ≝ match setflag with [ true ⇒ set_acc_8_low_reg m t s_tmp1 R_op | false ⇒ s_tmp1 ] in
+ (* Z = nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp3 ≝ set_z_flag m t s_tmp2 (eq_b8 R_op 〈x0,x0〉) in
+ (* N = R7 *)
+ let s_tmp4 ≝ setweak_n_flag m t s_tmp3 (MSB_b8 R_op) in
+ (* V = 0 *)
+ let s_tmp5 ≝ setweak_v_flag m t s_tmp4 false in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp5 new_pc) ]).
+
+(* M = fMC(M,C) *)
+(* fMC e' la logica da applicare: rc_/ro_/sh_ *)
+ndefinition execute_ASL_ASR_LSR_ROL_ROR_aux ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+λfMC:byte8 → bool → ProdT byte8 bool.
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op _ ⇒
+ match fMC M_op (get_c_flag m t s_tmp1) with [ pair R_op carry ⇒
+ (* M = fMC(M,C) *)
+ opt_map ?? (multi_mode_write true m t s_tmp1 cur_pc i R_op)
+ (λS_PC.match S_PC with
+ [ pair s_tmp2 new_pc ⇒
+ (* C = carry *)
+ let s_tmp3 ≝ set_c_flag m t s_tmp2 carry in
+ (* Z = nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp4 ≝ set_z_flag m t s_tmp3 (eq_b8 R_op 〈x0,x0〉) in
+ (* N = R7 *)
+ let s_tmp5 ≝ setweak_n_flag m t s_tmp4 (MSB_b8 R_op) in
+ (* V = R7 ⊙ carry *)
+ let s_tmp6 ≝ setweak_v_flag m t s_tmp5 ((MSB_b8 R_op) ⊙ carry) in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp6 new_pc) ])]]).
+
+(* estensione del segno byte → word *)
+ndefinition byte_extension ≝
+λb:byte8.〈match MSB_b8 b with [ true ⇒ 〈xF,xF〉 | false ⇒ 〈x0,x0〉 ]:b〉.
+
+(* branch con byte+estensione segno *)
+ndefinition branched_pc ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λcur_pc:word16.λb:byte8.
+ get_pc_reg m t (set_pc_reg m t s (plus_w16_d_d cur_pc (byte_extension b))).
+
+(* if COND=1 branch *)
+(* tutti i branch calcoleranno la condizione e la passeranno qui *)
+ndefinition execute_any_BRANCH ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.λfCOND:bool.
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ (* if true, branch *)
+ match fCOND with
+ (* newpc = nextpc + rel *)
+ [ true ⇒ Some ? (pair ?? s_tmp1 (branched_pc m t s_tmp1 new_pc M_op))
+ (* newpc = nextpc *)
+ | false ⇒ Some ? (pair ?? s_tmp1 new_pc) ]]).
+
+(* Mn = filtered optval *)
+(* il chiamante passa 0x00 per azzerare, 0xFF per impostare il bit di M *)
+ndefinition execute_BCLRn_BSETn_aux ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.λoptval:byte8.
+ (* Mn = filtered optval *)
+ opt_map ?? (multi_mode_write true m t s cur_pc i optval)
+ (λS_PC.match S_PC with
+ (* newpc = nextpc *)
+ [ pair s_tmp1 new_pc ⇒ Some ? (pair ?? s_tmp1 new_pc) ]).
+
+(* if COND(Mn) branch *)
+(* il chiamante passa la logica da testare (0x00,¬0x00) e poi si salta *)
+ndefinition execute_BRCLRn_BRSETn_aux ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.λfCOND:byte8 → bool.
+ opt_map ?? (multi_mode_load false m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒ match M_op with
+ [ mk_word16 MH_op ML_op ⇒
+ (* if COND(Mn) branch *)
+ match fCOND MH_op with
+ (* newpc = nextpc + rel *)
+ [ true ⇒ Some ? (pair ?? s_tmp1 (branched_pc m t s_tmp1 new_pc ML_op))
+ (* newpc = nextpc *)
+ | false ⇒ Some ? (pair ?? s_tmp1 new_pc) ]]]).
+
+(* M = fM(M) *)
+(* fM e' la logica da applicare: not/neg/++/-- *)
+ndefinition execute_COM_DEC_INC_NEG_aux ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+λfM:byte8 → byte8.λfV:bool → bool → bool.λfC:bool → byte8 → bool.
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op _ ⇒
+ let R_op ≝ fM M_op in
+ (* M = fM(M) *)
+ opt_map ?? (multi_mode_write true m t s_tmp1 cur_pc i R_op)
+ (λS_PC.match S_PC with
+ [ pair s_tmp2 new_pc ⇒
+ (* C = fCR (C,R) *)
+ let s_tmp3 ≝ set_c_flag m t s_tmp2 (fC (get_c_flag m t s_tmp2) R_op) in
+ (* Z = nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp4 ≝ set_z_flag m t s_tmp3 (eq_b8 R_op 〈x0,x0〉) in
+ (* N = R7 *)
+ let s_tmp5 ≝ setweak_n_flag m t s_tmp4 (MSB_b8 R_op) in
+ (* V = fV (M7,R7) *)
+ let s_tmp6 ≝ setweak_v_flag m t s_tmp5 (fV (MSB_b8 M_op) (MSB_b8 R_op)) in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp6 new_pc) ])]).
+
+(* A = [true] fAMC(A,M,C), [false] A *)
+(* cioe' in caso di false l'operazione viene eseguita ma modifica solo i flag *)
+(* fAMC e' la logica da applicare: sottrazione con/senza carry *)
+ndefinition execute_SBC_SUB_aux ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.λsetflag:bool.
+λfAMC:byte8 → byte8 → bool → ProdT byte8 bool.
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ let A_op ≝ get_acc_8_low_reg m t s_tmp1 in
+ match fAMC A_op M_op (get_c_flag m t s_tmp1) with
+ [ pair R_op carry ⇒
+ let A7 ≝ MSB_b8 A_op in let M7 ≝ MSB_b8 M_op in let R7 ≝ MSB_b8 R_op in
+ (* A = [true] fAMC(A,M,C), [false] A *)
+ let s_tmp2 ≝ match setflag with [ true ⇒ set_acc_8_low_reg m t s_tmp1 R_op | false ⇒ s_tmp1 ] in
+ (* Z = nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp3 ≝ set_z_flag m t s_tmp2 (eq_b8 R_op 〈x0,x0〉) in
+ (* C = nA7&M7 | M7&R7 | R7&nA7 *)
+ let s_tmp4 ≝ set_c_flag m t s_tmp3 (((⊖A7)⊗M7) ⊕ (M7⊗R7) ⊕ (R7⊗(⊖A7))) in
+ (* N = R7 *)
+ let s_tmp5 ≝ setweak_n_flag m t s_tmp4 R7 in
+ (* V = A7&nM7&nR7 | nA7&M7&R7 *)
+ let s_tmp6 ≝ setweak_v_flag m t s_tmp5 ((A7⊗(⊖M7)⊗(⊖R7)) ⊕ ((⊖A7)⊗M7⊗R7)) in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp6 new_pc) ]]).
+
+(* il classico push *)
+ndefinition aux_push ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λval:byte8.
+ opt_map ?? (get_sp_reg m t s)
+ (* [SP] = val *)
+ (λSP_op.opt_map ?? (memory_filter_write m t s SP_op val)
+ (* SP -- *)
+ (λs_tmp1.opt_map ?? (set_sp_reg m t s_tmp1 (pred_w16 SP_op))
+ (λs_tmp2.Some ? s_tmp2))).
+
+(* il classico pop *)
+(* NB: l'incremento di SP deve essere filtrato dalla ALU, quindi get(set(SP)) *)
+ndefinition aux_pop ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ opt_map ?? (get_sp_reg m t s)
+ (* SP ++ *)
+ (λSP_op.opt_map ?? (set_sp_reg m t s (succ_w16 SP_op))
+ (λs_tmp1.opt_map ?? (get_sp_reg m t s_tmp1)
+ (* val = [SP] *)
+ (λSP_op'.opt_map ?? (memory_filter_read m t s_tmp1 SP_op')
+ (λval.Some ? (pair ?? s_tmp1 val))))).
+
+(* CCR corrisponde a V11HINZC e cmq 1 se un flag non esiste *)
+(* i flag mantengono posizione costante nelle varie ALU, e se non sono
+ implementati corrispondono a 1 *)
+ndefinition aux_get_CCR ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+let V_comp ≝ match get_v_flag m t s with
+ [ None ⇒ 〈x8,x0〉 | Some V_val ⇒ match V_val with [ true ⇒ 〈x8,x0〉 | false ⇒ 〈x0,x0〉 ]] in
+let H_comp ≝ match get_h_flag m t s with
+ [ None ⇒ 〈x1,x0〉 | Some H_val ⇒ match H_val with [ true ⇒ 〈x1,x0〉 | false ⇒ 〈x0,x0〉 ]] in
+let I_comp ≝ match get_i_flag m t s with
+ [ None ⇒ 〈x0,x8〉 | Some I_val ⇒ match I_val with [ true ⇒ 〈x0,x8〉 | false ⇒ 〈x0,x0〉 ]] in
+let N_comp ≝ match get_n_flag m t s with
+ [ None ⇒ 〈x0,x4〉 | Some N_val ⇒ match N_val with [ true ⇒ 〈x0,x4〉 | false ⇒ 〈x0,x0〉 ]] in
+let Z_comp ≝ match get_z_flag m t s with
+ [ true ⇒ 〈x0,x2〉 | false ⇒ 〈x0,x0〉 ] in
+let C_comp ≝ match get_c_flag m t s with
+ [ true ⇒ 〈x0,x1〉 | false ⇒ 〈x0,x0〉 ] in
+or_b8 〈x6,x0〉 (or_b8 V_comp (or_b8 H_comp (or_b8 I_comp (or_b8 N_comp (or_b8 Z_comp C_comp))))).
+
+(* CCR corrisponde a V11HINZC *)
+(* i flag mantengono posizione costante nelle varie ALU, e se non sono
+ implementati si puo' usare tranquillamente setweak *)
+ndefinition aux_set_CCR ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λCCR:byte8.
+ let s_tmp1 ≝ set_c_flag m t s (eq_b8 〈x0,x1〉 (and_b8 〈x0,x1〉 CCR)) in
+ let s_tmp2 ≝ set_z_flag m t s_tmp1 (eq_b8 〈x0,x2〉 (and_b8 〈x0,x2〉 CCR)) in
+ let s_tmp3 ≝ setweak_n_flag m t s_tmp2 (eq_b8 〈x0,x4〉 (and_b8 〈x0,x4〉 CCR)) in
+ let s_tmp4 ≝ setweak_i_flag m t s_tmp3 (eq_b8 〈x0,x8〉 (and_b8 〈x0,x8〉 CCR)) in
+ let s_tmp5 ≝ setweak_h_flag m t s_tmp4 (eq_b8 〈x1,x0〉 (and_b8 〈x1,x0〉 CCR)) in
+ let s_tmp6 ≝ setweak_v_flag m t s_tmp5 (eq_b8 〈x8,x0〉 (and_b8 〈x8,x0〉 CCR)) in
+ s_tmp6.
+
+(* **************** *)
+(* LOGICA DELLA ALU *)
+(* **************** *)
+
+(* A = A + M + C *)
+ndefinition execute_ADC ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_ADC_ADD_aux m t s i cur_pc true (λA_op.λM_op.λC_op.plus_b8_dc_dc A_op M_op C_op).
+
+(* A = A + M *)
+ndefinition execute_ADD ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_ADC_ADD_aux m t s i cur_pc true (λA_op.λM_op.λC_op.plus_b8_dc_dc A_op M_op false).
+
+(* SP += extended M *)
+ndefinition execute_AIS ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ opt_map ?? (get_sp_reg m t s_tmp1)
+ (* SP += extended M *)
+ (λSP_op.opt_map ?? (set_sp_reg m t s_tmp1 (plus_w16_d_d SP_op (byte_extension M_op)))
+ (λs_tmp2.Some ? (pair ?? s_tmp2 new_pc))) ]).
+
+(* H:X += extended M *)
+ndefinition execute_AIX ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ opt_map ?? (get_indX_16_reg m t s_tmp1)
+ (* H:X += extended M *)
+ (λHX_op.opt_map ?? (set_indX_16_reg m t s_tmp1 (plus_w16_d_d HX_op (byte_extension M_op)))
+ (λs_tmp2.Some ? (pair ?? s_tmp2 new_pc))) ]).
+
+(* A = A & M *)
+ndefinition execute_AND ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_AND_BIT_EOR_ORA_aux m t s i cur_pc true and_b8.
+
+(* M = C' <- rcl M <- 0 *)
+ndefinition execute_ASL ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_ASL_ASR_LSR_ROL_ROR_aux m t s i cur_pc (λM_op.λC_op.rcl_b8 M_op false).
+
+(* M = M7 -> rcr M -> C' *)
+ndefinition execute_ASR ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_ASL_ASR_LSR_ROL_ROR_aux m t s i cur_pc (λM_op.λC_op.rcr_b8 M_op (MSB_b8 M_op)).
+
+(* if C=0, branch *)
+ndefinition execute_BCC ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_any_BRANCH m t s i cur_pc (⊖(get_c_flag m t s)).
+
+(* Mn = 0 *)
+ndefinition execute_BCLRn ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_BCLRn_BSETn_aux m t s i cur_pc 〈x0,x0〉.
+
+(* if C=1, branch *)
+ndefinition execute_BCS ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_any_BRANCH m t s i cur_pc (get_c_flag m t s).
+
+(* if Z=1, branch *)
+ndefinition execute_BEQ ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_any_BRANCH m t s i cur_pc (get_z_flag m t s).
+
+(* if N⊙V=0, branch *)
+ndefinition execute_BGE ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_n_flag m t s)
+ (λN_op.opt_map ?? (get_v_flag m t s)
+ (λV_op.execute_any_BRANCH m t s i cur_pc (⊖(N_op ⊙ V_op)))).
+
+(* BGND mode *)
+ndefinition execute_BGND ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ Some ? (pair ?? s cur_pc).
+
+(* if Z|N⊙V=0, branch *)
+ndefinition execute_BGT ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_n_flag m t s)
+ (λN_op.opt_map ?? (get_v_flag m t s)
+ (λV_op.execute_any_BRANCH m t s i cur_pc (⊖((get_z_flag m t s) ⊕ (N_op ⊙ V_op))))).
+
+(* if H=0, branch *)
+ndefinition execute_BHCC ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_h_flag m t s)
+ (λH_op.execute_any_BRANCH m t s i cur_pc (⊖H_op)).
+
+(* if H=1, branch *)
+ndefinition execute_BHCS ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_h_flag m t s)
+ (λH_op.execute_any_BRANCH m t s i cur_pc H_op).
+
+(* if C|Z=0, branch *)
+ndefinition execute_BHI ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_any_BRANCH m t s i cur_pc (⊖((get_c_flag m t s) ⊕ (get_z_flag m t s))).
+
+(* if nIRQ=1, branch NB: irqflag e' un negato del pin *)
+ndefinition execute_BIH ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_irq_flag m t s)
+ (λIRQ_op.execute_any_BRANCH m t s i cur_pc (⊖IRQ_op)).
+
+(* if nIRQ=0, branch NB: irqflag e' un negato del pin *)
+ndefinition execute_BIL ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_irq_flag m t s)
+ (λIRQ_op.execute_any_BRANCH m t s i cur_pc IRQ_op).
+
+(* flags = A & M *)
+ndefinition execute_BIT ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_AND_BIT_EOR_ORA_aux m t s i cur_pc false and_b8.
+
+(* if Z|N⊙V=1, branch *)
+ndefinition execute_BLE ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_n_flag m t s)
+ (λN_op.opt_map ?? (get_v_flag m t s)
+ (λV_op.execute_any_BRANCH m t s i cur_pc ((get_z_flag m t s) ⊕ (N_op ⊙ V_op)))).
+
+(* if C|Z=1, branch *)
+ndefinition execute_BLS ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_any_BRANCH m t s i cur_pc ((get_c_flag m t s) ⊕ (get_z_flag m t s)).
+
+(* if N⊙V=1, branch *)
+ndefinition execute_BLT ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_n_flag m t s)
+ (λN_op.opt_map ?? (get_v_flag m t s)
+ (λV_op.execute_any_BRANCH m t s i cur_pc (N_op ⊙ V_op))).
+
+(* if I=0, branch *)
+ndefinition execute_BMC ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_i_flag m t s)
+ (λI_op.execute_any_BRANCH m t s i cur_pc (⊖I_op)).
+
+(* if N=1, branch *)
+ndefinition execute_BMI ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_n_flag m t s)
+ (λN_op.execute_any_BRANCH m t s i cur_pc N_op).
+
+(* if I=1, branch *)
+ndefinition execute_BMS ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_i_flag m t s)
+ (λI_op.execute_any_BRANCH m t s i cur_pc I_op).
+
+(* if Z=0, branch *)
+ndefinition execute_BNE ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_any_BRANCH m t s i cur_pc (⊖(get_z_flag m t s)).
+
+(* if N=0, branch *)
+ndefinition execute_BPL ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_n_flag m t s)
+ (λN_op.execute_any_BRANCH m t s i cur_pc (⊖N_op)).
+
+(* branch always *)
+ndefinition execute_BRA ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_any_BRANCH m t s i cur_pc true.
+
+(* if Mn=0 branch *)
+ndefinition execute_BRCLRn ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_BRCLRn_BRSETn_aux m t s i cur_pc
+ (λMn_op.eq_b8 Mn_op 〈x0,x0〉).
+
+(* branch never... come se fosse un nop da 2 byte *)
+ndefinition execute_BRN ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_any_BRANCH m t s i cur_pc false.
+
+(* if Mn=1 branch *)
+ndefinition execute_BRSETn ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_BRCLRn_BRSETn_aux m t s i cur_pc
+ (λMn_op.⊖(eq_b8 Mn_op 〈x0,x0〉)).
+
+(* Mn = 1 *)
+ndefinition execute_BSETn ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_BCLRn_BSETn_aux m t s i cur_pc 〈xF,xF〉.
+
+(* branch to subroutine *)
+(* HC05/HC08/HCS08 si appoggiano allo stack, RS08 a SPC *)
+ndefinition execute_BSR ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t .λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒ let aux ≝
+ (* push (new_pc low) *)
+ opt_map ?? (aux_push m t s_tmp1 (w16l new_pc))
+ (* push (new_pc high) *)
+ (λs_tmp2.opt_map ?? (aux_push m t s_tmp2 (w16h new_pc))
+ (* new_pc = new_pc + rel *)
+ (λs_tmp3.Some ? (pair ?? s_tmp3 (branched_pc m t s_tmp3 new_pc M_op))))
+ in match m with
+ [ HC05 ⇒ aux | HC08 ⇒ aux | HCS08 ⇒ aux
+ | RS08 ⇒
+ (* SPC = new_pc *)
+ opt_map ?? (set_spc_reg m t s_tmp1 new_pc)
+ (* new_pc = new_pc + rel *)
+ (λs_tmp2.Some ? (pair ?? s_tmp2 (branched_pc m t s_tmp2 new_pc M_op)))
+ ]]).
+
+(* if A=M, branch *)
+ndefinition execute_CBEQA ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load false m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ match M_op with
+ [ mk_word16 MH_op ML_op ⇒
+ (* if A=M, branch *)
+ match eq_b8 (get_acc_8_low_reg m t s_tmp1) MH_op with
+ (* new_pc = new_pc + rel *)
+ [ true ⇒ Some ? (pair ?? s_tmp1 (branched_pc m t s_tmp1 new_pc ML_op))
+ (* new_pc = new_pc *)
+ | false ⇒ Some ? (pair ?? s_tmp1 new_pc)
+ ]]]).
+
+(* if X=M, branch *)
+ndefinition execute_CBEQX ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load false m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ match M_op with
+ [ mk_word16 MH_op ML_op ⇒
+ opt_map ?? (get_indX_8_low_reg m t s_tmp1)
+ (* if X=M, branch *)
+ (λX_op.match eq_b8 X_op MH_op with
+ (* new_pc = new_pc + rel *)
+ [ true ⇒ Some ? (pair ?? s_tmp1 (branched_pc m t s_tmp1 new_pc ML_op))
+ (* new_pc = new_pc *)
+ | false ⇒ Some ? (pair ?? s_tmp1 new_pc)
+ ])]]).
+
+(* C = 0 *)
+ndefinition execute_CLC ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ Some ? (pair ?? (set_c_flag m t s false) cur_pc).
+
+(* I = 0 *)
+ndefinition execute_CLI ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (set_i_flag m t s false)
+ (λs_tmp.Some ? (pair ?? s_tmp cur_pc)).
+
+(* M = 0 *)
+ndefinition execute_CLR ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ (* M = 0 *)
+ opt_map ?? (multi_mode_write true m t s cur_pc i 〈x0,x0〉)
+ (λS_PC.match S_PC with
+ [ pair s_tmp1 new_pc ⇒
+ (* Z = 1 *)
+ let s_tmp2 ≝ set_z_flag m t s_tmp1 true in
+ (* N = 0 *)
+ let s_tmp3 ≝ setweak_n_flag m t s_tmp2 false in
+ (* V = 0 *)
+ let s_tmp4 ≝ setweak_v_flag m t s_tmp3 false in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp4 new_pc) ]).
+
+(* flags = A - M *)
+ndefinition execute_CMP ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_SBC_SUB_aux m t s i cur_pc false (λA_op.λM_op.λC_op.plus_b8_dc_dc A_op (compl_b8 M_op) false).
+
+(* M = not M *)
+ndefinition execute_COM ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_COM_DEC_INC_NEG_aux m t s i cur_pc not_b8
+ (* fV = 0 *)
+ (λM7.λR7.false)
+ (* fC = 1 *)
+ (λC_op.λR_op.true).
+
+(* flags = H:X - M *)
+ndefinition execute_CPHX ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load false m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ opt_map ?? (get_indX_16_reg m t s_tmp1)
+ (λX_op.
+ match plus_w16_dc_dc X_op (compl_w16 M_op) false with
+ [ pair R_op carry ⇒
+ let X15 ≝ MSB_w16 X_op in let M15 ≝ MSB_w16 M_op in let R15 ≝ MSB_w16 R_op in
+ (* Z = nR15&nR14&nR13&nR12&nR11&nR10&nR9&nR8&nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp2 ≝ set_z_flag m t s_tmp1 (eq_w16 R_op 〈〈x0,x0〉:〈x0,x0〉〉) in
+ (* C = nX15&M15 | M15&R15 | R15&nX15 *)
+ let s_tmp3 ≝ set_c_flag m t s_tmp2 (((⊖X15)⊗M15) ⊕ (M15⊗R15) ⊕ (R15⊗(⊖X15))) in
+ (* N = R15 *)
+ let s_tmp4 ≝ setweak_n_flag m t s_tmp3 R15 in
+ (* V = X15&nM15&nR15 | nX15&M15&R15 *)
+ let s_tmp5 ≝ setweak_v_flag m t s_tmp4 ((X15⊗(⊖M15)⊗(⊖R15)) ⊕ ((⊖X15)⊗M15⊗R15)) in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp5 new_pc) ] ) ]).
+
+(* flags = X - M *)
+ndefinition execute_CPX ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ opt_map ?? (get_indX_8_low_reg m t s_tmp1)
+ (λX_op.
+ match plus_b8_dc_dc X_op (compl_b8 M_op) false with
+ [ pair R_op carry ⇒
+ let X7 ≝ MSB_b8 X_op in let M7 ≝ MSB_b8 M_op in let R7 ≝ MSB_b8 R_op in
+ (* Z = nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp2 ≝ set_z_flag m t s_tmp1 (eq_b8 R_op 〈x0,x0〉) in
+ (* C = nX7&M7 | M7&R7 | R7&nX7 *)
+ let s_tmp3 ≝ set_c_flag m t s_tmp2 (((⊖X7)⊗M7) ⊕ (M7⊗R7) ⊕ (R7⊗(⊖X7))) in
+ (* N = R7 *)
+ let s_tmp4 ≝ setweak_n_flag m t s_tmp3 R7 in
+ (* V = X7&nM7&nR7 | nX7&M7&R7 *)
+ let s_tmp5 ≝ setweak_v_flag m t s_tmp4 ((X7⊗(⊖M7)⊗(⊖R7)) ⊕ ((⊖X7)⊗M7⊗R7)) in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp5 new_pc) ] ) ]).
+
+(* decimal adjiust A *)
+(* per i dettagli vedere daa_b8 (modulo byte8) *)
+ndefinition execute_DAA ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_h_flag m t s)
+ (λH.
+ let M_op ≝ get_acc_8_low_reg m t s in
+ match daa_b8 H (get_c_flag m t s) M_op with
+ [ pair R_op carry ⇒
+ (* A = R *)
+ let s_tmp1 ≝ set_acc_8_low_reg m t s R_op in
+ (* Z = nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp2 ≝ set_z_flag m t s_tmp1 (eq_b8 R_op 〈x0,x0〉) in
+ (* C = carry *)
+ let s_tmp3 ≝ set_c_flag m t s_tmp2 carry in
+ (* N = R7 *)
+ let s_tmp4 ≝ setweak_n_flag m t s_tmp3 (MSB_b8 R_op) in
+ (* V = M7 ⊙ R7 *)
+ let s_tmp5 ≝ setweak_v_flag m t s_tmp4 ((MSB_b8 M_op) ⊙ (MSB_b8 R_op)) in
+ (* newpc = curpc *)
+ Some ? (pair ?? s_tmp5 cur_pc) ]).
+
+(* if (--M)≠0, branch *)
+ndefinition execute_DBNZ ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load false m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ match M_op with
+ [ mk_word16 MH_op ML_op ⇒
+ (* --M *)
+ let MH_op' ≝ pred_b8 MH_op in
+ opt_map ?? (multi_mode_write true m t s_tmp1 cur_pc i MH_op')
+ (λS_PC.match S_PC with
+ [ pair s_tmp2 _ ⇒
+ (* if (--M)≠0, branch *)
+ match eq_b8 MH_op' 〈x0,x0〉 with
+ (* new_pc = new_pc *)
+ [ true ⇒ Some ? (pair ?? s_tmp2 new_pc)
+ (* new_pc = new_pc + rel *)
+ | false ⇒ Some ? (pair ?? s_tmp2 (branched_pc m t s_tmp2 new_pc ML_op)) ]])]]).
+
+(* M = M - 1 *)
+ndefinition execute_DEC ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_COM_DEC_INC_NEG_aux m t s i cur_pc pred_b8
+ (* fV = M7&nR7 *)
+ (λM7.λR7.M7⊗(⊖R7))
+ (* fC = C *)
+ (λC_op.λR_op.C_op).
+
+(* A = H:A/X, H = H:AmodX se non c'e' overflow, altrimenti invariati *)
+(* per i dettagli vedere div_b8 (modulo word16) *)
+ndefinition execute_DIV ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_indX_8_high_reg m t s)
+ (λH_op.opt_map ?? (get_indX_8_low_reg m t s)
+ (λX_op.match div_b8 〈H_op:(get_acc_8_low_reg m t s)〉 X_op with
+ [ triple quoz rest overflow ⇒
+ (* C = overflow *)
+ let s_tmp1 ≝ set_c_flag m t s overflow in
+ (* A = A o H:A/X *)
+ let s_tmp2 ≝ match overflow with
+ [ true ⇒ s_tmp1
+ | false ⇒ set_acc_8_low_reg m t s_tmp1 quoz ] in
+ (* Z = nA7&nA6&nA5&nA4&nA3&nA2&nA1&nA0 *)
+ (* NB: che A sia cambiato o no, lo testa *)
+ let s_tmp3 ≝ set_z_flag m t s_tmp2 (eq_b8 (get_acc_8_low_reg m t s_tmp2) 〈x0,x0〉) in
+ (* H = H o H:AmodX *)
+ opt_map ?? (match overflow with
+ [ true ⇒ Some ? s_tmp3
+ | false ⇒ set_indX_8_high_reg m t s_tmp3 rest])
+ (λs_tmp4.Some ? (pair ?? s_tmp4 cur_pc)) ])).
+
+(* A = A ⊙ M *)
+ndefinition execute_EOR ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_AND_BIT_EOR_ORA_aux m t s i cur_pc true xor_b8.
+
+(* M = M + 1 *)
+ndefinition execute_INC ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_COM_DEC_INC_NEG_aux m t s i cur_pc succ_b8
+ (* fV = nM7&R7 *)
+ (λM7.λR7.(⊖M7)⊗R7)
+ (* fC = C *)
+ (λC_op.λR_op.C_op).
+
+(* jmp, il nuovo indirizzo e' una WORD *)
+ndefinition execute_JMP ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load false m t s cur_pc i)
+ (λS_M_PC.
+ (* newpc = M_op *)
+ Some ? (pair ?? (fst3T ??? S_M_PC) (snd3T ??? S_M_PC))).
+
+(* jump to subroutine *)
+(* HC05/HC08/HCS08 si appoggiano allo stack, RS08 a SPC *)
+ndefinition execute_JSR ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load false m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒ let aux ≝
+ (* push (new_pc low) *)
+ opt_map ?? (aux_push m t s_tmp1 (w16l new_pc))
+ (* push (new_pc high) *)
+ (λs_tmp2.opt_map ?? (aux_push m t s_tmp2 (w16h new_pc))
+ (* newpc = M_op *)
+ (λs_tmp3.Some ? (pair ?? s_tmp3 M_op)))
+ in match m with
+ [ HC05 ⇒ aux | HC08 ⇒ aux | HCS08 ⇒ aux
+ | RS08 ⇒
+ (* SPC = new_pc *)
+ opt_map ?? (set_spc_reg m t s_tmp1 new_pc)
+ (* newpc = M_op *)
+ (λs_tmp2.Some ? (pair ?? s_tmp2 M_op))
+ ]]).
+
+(* A = M *)
+ndefinition execute_LDA ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ (* A = M *)
+ let s_tmp2 ≝ set_acc_8_low_reg m t s_tmp1 M_op in
+ (* Z = nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp3 ≝ set_z_flag m t s_tmp2 (eq_b8 M_op 〈x0,x0〉) in
+ (* N = R7 *)
+ let s_tmp4 ≝ setweak_n_flag m t s_tmp3 (MSB_b8 M_op) in
+ (* V = 0 *)
+ let s_tmp5 ≝ setweak_v_flag m t s_tmp4 false in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp5 new_pc) ]).
+
+(* H:X = M *)
+ndefinition execute_LDHX ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load false m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ opt_map ?? (set_indX_16_reg m t s_tmp1 M_op)
+ (λs_tmp2.
+ (* Z = nR15&nR14&nR13nR12&nR11&nR10&nR9&nR8nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp3 ≝ set_z_flag m t s_tmp2 (eq_w16 M_op 〈〈x0,x0〉:〈x0,x0〉〉) in
+ (* N = R15 *)
+ let s_tmp4 ≝ setweak_n_flag m t s_tmp3 (MSB_w16 M_op) in
+ (* V = 0 *)
+ let s_tmp5 ≝ setweak_v_flag m t s_tmp4 false in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp5 new_pc)) ]).
+
+(* X = M *)
+ndefinition execute_LDX ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ opt_map ?? (set_indX_8_low_reg m t s_tmp1 M_op)
+ (λs_tmp2.
+ (* Z = nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp3 ≝ set_z_flag m t s_tmp2 (eq_b8 M_op 〈x0,x0〉) in
+ (* N = R7 *)
+ let s_tmp4 ≝ setweak_n_flag m t s_tmp3 (MSB_b8 M_op) in
+ (* V = 0 *)
+ let s_tmp5 ≝ setweak_v_flag m t s_tmp4 false in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp5 new_pc)) ]).
+
+(* M = 0 -> rcr M -> C' *)
+ndefinition execute_LSR ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_ASL_ASR_LSR_ROL_ROR_aux m t s i cur_pc (λM_op.λC_op.rcr_b8 M_op false).
+
+(* M2 = M1 *)
+ndefinition execute_MOV ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ (* R_op = M1 *)
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_R_PC.match S_R_PC with
+ [ triple s_tmp1 R_op tmp_pc ⇒
+ (* M2 = R_op *)
+ opt_map ?? (multi_mode_write true m t s_tmp1 tmp_pc i R_op)
+ (λS_PC.match S_PC with
+ [ pair s_tmp2 new_pc ⇒
+ (* Z = nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp3 ≝ set_z_flag m t s_tmp2 (eq_b8 R_op 〈x0,x0〉) in
+ (* N = R7 *)
+ let s_tmp4 ≝ setweak_n_flag m t s_tmp3 (MSB_b8 R_op) in
+ (* V = 0 *)
+ let s_tmp5 ≝ setweak_v_flag m t s_tmp4 false in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp5 new_pc)])]).
+
+(* X:A = X * A *)
+ndefinition execute_MUL ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_indX_8_low_reg m t s)
+ (λX_op.let R_op ≝ mul_b8 X_op (get_acc_8_low_reg m t s) in
+ opt_map ?? (set_indX_8_low_reg m t s (w16h R_op))
+ (λs_tmp.Some ? (pair ?? (set_acc_8_low_reg m t s_tmp (w16l R_op)) cur_pc))).
+
+(* M = compl M *)
+ndefinition execute_NEG ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_COM_DEC_INC_NEG_aux m t s i cur_pc compl_b8
+ (* fV = M7&R7 *)
+ (λM7.λR7.M7⊗R7)
+ (* fC = R7|R6|R5|R4|R3|R2|R1|R0 *)
+ (λC_op.λR_op.⊖(eq_b8 R_op 〈x0,x0〉)).
+
+(* nulla *)
+ndefinition execute_NOP ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ Some ? (pair ?? s cur_pc).
+
+(* A = (mk_byte8 (b8l A) (b8h A)) *)
+(* cioe' swap del nibble alto/nibble basso di A *)
+ndefinition execute_NSA ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ match get_acc_8_low_reg m t s with [ mk_byte8 ah al ⇒
+ (* A = (mk_byte8 (b8l A) (b8h A)) *)
+ Some ? (pair ?? (set_acc_8_low_reg m t s 〈al,ah〉) cur_pc) ].
+
+(* A = A | M *)
+ndefinition execute_ORA ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_AND_BIT_EOR_ORA_aux m t s i cur_pc true or_b8.
+
+(* push A *)
+ndefinition execute_PSHA ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (aux_push m t s (get_acc_8_low_reg m t s))
+ (λs_tmp1.Some ? (pair ?? s_tmp1 cur_pc)).
+
+(* push H *)
+ndefinition execute_PSHH ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_indX_8_high_reg m t s)
+ (λH_op.opt_map ?? (aux_push m t s H_op)
+ (λs_tmp1.Some ? (pair ?? s_tmp1 cur_pc))).
+
+(* push X *)
+ndefinition execute_PSHX ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_indX_8_low_reg m t s)
+ (λH_op.opt_map ?? (aux_push m t s H_op)
+ (λs_tmp1.Some ? (pair ?? s_tmp1 cur_pc))).
+
+(* pop A *)
+ndefinition execute_PULA ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (aux_pop m t s)
+ (λS_and_A.match S_and_A with [ pair s_tmp1 A_op ⇒
+ Some ? (pair ?? (set_acc_8_low_reg m t s_tmp1 A_op) cur_pc) ]).
+
+(* pop H *)
+ndefinition execute_PULH ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (aux_pop m t s)
+ (λS_and_H.match S_and_H with [ pair s_tmp1 H_op ⇒
+ opt_map ?? (set_indX_8_high_reg m t s_tmp1 H_op)
+ (λs_tmp2.Some ? (pair ?? s_tmp2 cur_pc))]).
+
+(* pop X *)
+ndefinition execute_PULX ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (aux_pop m t s)
+ (λS_and_X.match S_and_X with [ pair s_tmp1 X_op ⇒
+ opt_map ?? (set_indX_8_low_reg m t s_tmp1 X_op)
+ (λs_tmp2.Some ? (pair ?? s_tmp2 cur_pc))]).
+
+(* M = C' <- rcl M <- C *)
+ndefinition execute_ROL ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_ASL_ASR_LSR_ROL_ROR_aux m t s i cur_pc (λM_op.λC_op.rcl_b8 M_op C_op).
+
+(* M = C -> rcr M -> C' *)
+ndefinition execute_ROR ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_ASL_ASR_LSR_ROL_ROR_aux m t s i cur_pc (λM_op.λC_op.rcr_b8 M_op C_op).
+
+(* SP = 0xuuFF *)
+(* lascia inalterato il byte superiore di SP *)
+ndefinition execute_RSP ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_sp_reg m t s)
+ (λSP_op.match SP_op with [ mk_word16 sph spl ⇒
+ opt_map ?? (set_sp_reg m t s 〈sph:〈xF,xF〉〉)
+ (λs_tmp.Some ? (pair ?? s_tmp cur_pc))]).
+
+(* return from interrupt *)
+ndefinition execute_RTI ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ (* pop (CCR) *)
+ opt_map ?? (aux_pop m t s)
+ (λS_and_CCR.match S_and_CCR with [ pair s_tmp1 CCR_op ⇒
+ let s_tmp2 ≝ aux_set_CCR m t s_tmp1 CCR_op in
+ (* pop (A) *)
+ opt_map ?? (aux_pop m t s_tmp2)
+ (λS_and_A.match S_and_A with [ pair s_tmp3 A_op ⇒
+ let s_tmp4 ≝ set_acc_8_low_reg m t s_tmp3 A_op in
+ (* pop (X) *)
+ opt_map ?? (aux_pop m t s_tmp4)
+ (λS_and_X.match S_and_X with [ pair s_tmp5 X_op ⇒
+ opt_map ?? (set_indX_8_low_reg m t s_tmp5 X_op)
+ (* pop (PC high) *)
+ (λs_tmp6.opt_map ?? (aux_pop m t s_tmp6)
+ (λS_and_PCH.match S_and_PCH with [ pair s_tmp7 PCH_op ⇒
+ (* pop (PC low) *)
+ opt_map ?? (aux_pop m t s_tmp7)
+ (λS_and_PCL.match S_and_PCL with [ pair s_tmp8 PCL_op ⇒
+ Some ? (pair ?? s_tmp8 〈PCH_op:PCL_op〉)])]))])])]).
+
+(* return from subroutine *)
+(* HC05/HC08/HCS08 si appoggia allo stack, RS08 si appoggia a SPC *)
+ndefinition execute_RTS ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ let aux ≝
+ (* pop (PC high) *)
+ opt_map ?? (aux_pop m t s)
+ (λS_and_PCH.match S_and_PCH with [ pair s_tmp1 PCH_op ⇒
+ (* pop (PC low) *)
+ opt_map ?? (aux_pop m t s_tmp1)
+ (λS_and_PCL.match S_and_PCL with [ pair s_tmp2 PCL_op ⇒
+ Some ? (pair ?? s_tmp2 〈PCH_op:PCL_op〉)])])
+ in match m with
+ [ HC05 ⇒ aux | HC08 ⇒ aux | HCS08 ⇒ aux
+ | RS08 ⇒
+ (* new_pc = SPC *)
+ opt_map ?? (get_spc_reg m t s)
+ (λSPC_op.Some ? (pair ?? s SPC_op))
+ ].
+
+(* A = A - M - C *)
+ndefinition execute_SBC ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_SBC_SUB_aux m t s i cur_pc true
+ (λA_op.λM_op.λC_op.match plus_b8_dc_dc A_op (compl_b8 M_op) false with
+ [ pair resb resc ⇒ match C_op with
+ [ true ⇒ plus_b8_dc_dc resb 〈xF,xF〉 false
+ | false ⇒ pair ?? resb resc ]]).
+
+(* C = 1 *)
+ndefinition execute_SEC ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ Some ? (pair ?? (set_c_flag m t s true) cur_pc).
+
+(* I = 1 *)
+ndefinition execute_SEI ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (set_i_flag m t s true)
+ (λs_tmp.Some ? (pair ?? s_tmp cur_pc)).
+
+(* swap SPCh,A *)
+(* senso: nell'RS08 SPC non e' accessibile direttamente e come si possono
+ fare subroutine annidate se RA (return address) e' salvato sempre in SPC?
+ occore accedere a SPC e salvarne il contenuto *)
+ndefinition execute_SHA ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_spc_reg m t s)
+ (λSPC_op.opt_map ?? (set_spc_reg m t s 〈(get_acc_8_low_reg m t s):(w16l SPC_op)〉)
+ (λs_tmp1.Some ? (pair ?? (set_acc_8_low_reg m t s_tmp1 (w16h SPC_op)) cur_pc))).
+
+(* swap SPCl,A *)
+(* senso: nell'RS08 SPC non e' accessibile direttamente e come si possono
+ fare subroutine annidate se RA (return address) e' salvato sempre in SPC?
+ occore accedere a SPC e salvarne il contenuto *)
+ndefinition execute_SLA ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_spc_reg m t s)
+ (λSPC_op.opt_map ?? (set_spc_reg m t s 〈(w16h SPC_op):(get_acc_8_low_reg m t s)〉)
+ (λs_tmp1.Some ? (pair ?? (set_acc_8_low_reg m t s_tmp1 (w16l SPC_op)) cur_pc))).
+
+(* M = A *)
+ndefinition execute_STA ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ (* M = A *)
+ let A_op ≝ (get_acc_8_low_reg m t s) in
+ opt_map ?? (multi_mode_write true m t s cur_pc i A_op)
+ (λS_op_and_PC.match S_op_and_PC with
+ [ pair s_tmp1 new_pc ⇒
+ (* Z = nA7&nA6&nA5&nA4&nA3&nA2&nA1&nA0 *)
+ let s_tmp2 ≝ set_z_flag m t s_tmp1 (eq_b8 A_op 〈x0,x0〉) in
+ (* N = A7 *)
+ let s_tmp3 ≝ setweak_n_flag m t s_tmp2 (MSB_b8 A_op) in
+ (* V = 0 *)
+ let s_tmp4 ≝ setweak_v_flag m t s_tmp3 false in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp4 new_pc) ]).
+
+(* M = H:X *)
+ndefinition execute_STHX ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ (* M = H:X *)
+ opt_map ?? (get_indX_16_reg m t s)
+ (λX_op.opt_map ?? (multi_mode_write false m t s cur_pc i X_op)
+ (λS_op_and_PC.match S_op_and_PC with
+ [ pair s_tmp1 new_pc ⇒
+ (* Z = nR15&nR14&nR13nR12&nR11&nR10&nR9&nR8nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp2 ≝ set_z_flag m t s_tmp1 (eq_w16 X_op 〈〈x0,x0〉:〈x0,x0〉〉) in
+ (* N = R15 *)
+ let s_tmp3 ≝ setweak_n_flag m t s_tmp2 (MSB_w16 X_op) in
+ (* V = 0 *)
+ let s_tmp4 ≝ setweak_v_flag m t s_tmp3 false in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp4 new_pc) ])).
+
+(* I = 0 *)
+ndefinition execute_STOP ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ Some ? (pair ?? (setweak_i_flag m t s false) cur_pc).
+
+(* M = X *)
+ndefinition execute_STX ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ (* M = X *)
+ opt_map ?? (get_indX_8_low_reg m t s)
+ (λX_op.opt_map ?? (multi_mode_write true m t s cur_pc i X_op)
+ (λS_op_and_PC.match S_op_and_PC with
+ [ pair s_tmp1 new_pc ⇒
+ (* Z = nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp2 ≝ set_z_flag m t s_tmp1 (eq_b8 X_op 〈x0,x0〉) in
+ (* N = R7 *)
+ let s_tmp3 ≝ setweak_n_flag m t s_tmp2 (MSB_b8 X_op) in
+ (* V = 0 *)
+ let s_tmp4 ≝ setweak_v_flag m t s_tmp3 false in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp4 new_pc) ])).
+
+(* A = A - M *)
+ndefinition execute_SUB ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ execute_SBC_SUB_aux m t s i cur_pc true (λA_op.λM_op.λC_op.plus_b8_dc_dc A_op (compl_b8 M_op) false).
+
+(* software interrupt *)
+ndefinition execute_SWI ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ (* indirizzo da cui caricare il nuovo pc *)
+ let vector ≝ get_pc_reg m t (set_pc_reg m t s 〈〈xF,xF〉:〈xF,xC〉〉) in
+ (* push (cur_pc low) *)
+ opt_map ?? (aux_push m t s (w16l cur_pc))
+ (* push (cur_pc high *)
+ (λs_tmp1.opt_map ?? (aux_push m t s_tmp1 (w16h cur_pc))
+ (λs_tmp2.opt_map ?? (get_indX_8_low_reg m t s_tmp2)
+ (* push (X) *)
+ (λX_op.opt_map ?? (aux_push m t s_tmp2 X_op)
+ (* push (A) *)
+ (λs_tmp3.opt_map ?? (aux_push m t s_tmp3 (get_acc_8_low_reg m t s_tmp3))
+ (* push (CCR) *)
+ (λs_tmp4.opt_map ?? (aux_push m t s_tmp4 (aux_get_CCR m t s_tmp4))
+ (* I = 1 *)
+ (λs_tmp5.opt_map ?? (set_i_flag m t s_tmp5 true)
+ (* load from vector high *)
+ (λs_tmp6.opt_map ?? (memory_filter_read m t s_tmp6 vector)
+ (* load from vector low *)
+ (λaddrh.opt_map ?? (memory_filter_read m t s_tmp6 (succ_w16 vector))
+ (* newpc = [vector] *)
+ (λaddrl.Some ? (pair ?? s_tmp6 〈addrh:addrl〉)))))))))).
+
+(* flags = A *)
+ndefinition execute_TAP ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ Some ? (pair ?? (aux_set_CCR m t s (get_acc_8_low_reg m t s)) cur_pc).
+
+(* X = A *)
+ndefinition execute_TAX ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (set_indX_8_low_reg m t s (get_acc_8_low_reg m t s))
+ (λs_tmp.Some ? (pair ?? s_tmp cur_pc)).
+
+(* A = flags *)
+ndefinition execute_TPA ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ Some ? (pair ?? (set_acc_8_low_reg m t s (aux_get_CCR m t s)) cur_pc).
+
+(* flags = M - 0 *)
+(* implementata senza richiamare la sottrazione, la modifica dei flag
+ e' immediata *)
+ndefinition execute_TST ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (multi_mode_load true m t s cur_pc i)
+ (λS_M_PC.match S_M_PC with
+ [ triple s_tmp1 M_op new_pc ⇒
+ (* Z = nR7&nR6&nR5&nR4&nR3&nR2&nR1&nR0 *)
+ let s_tmp2 ≝ set_z_flag m t s_tmp1 (eq_b8 M_op 〈x0,x0〉) in
+ (* N = R7 *)
+ let s_tmp3 ≝ setweak_n_flag m t s_tmp2 (MSB_b8 M_op) in
+ (* V = 0 *)
+ let s_tmp4 ≝ setweak_v_flag m t s_tmp3 false in
+ (* newpc = nextpc *)
+ Some ? (pair ?? s_tmp4 new_pc) ]).
+
+(* H:X = SP + 1 *)
+ndefinition execute_TSX ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_sp_reg m t s )
+ (λSP_op.opt_map ?? (set_indX_16_reg m t s (succ_w16 SP_op))
+ (* H:X = SP + 1 *)
+ (λs_tmp.Some ? (pair ?? s_tmp cur_pc))).
+
+(* A = X *)
+ndefinition execute_TXA ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_indX_8_low_reg m t s)
+ (λX_op.Some ? (pair ?? (set_acc_8_low_reg m t s X_op) cur_pc)).
+
+(* SP = H:X - 1 *)
+ndefinition execute_TXS ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ opt_map ?? (get_indX_16_reg m t s )
+ (λX_op.opt_map ?? (set_sp_reg m t s (pred_w16 X_op))
+ (* SP = H:X - 1 *)
+ (λs_tmp.Some ? (pair ?? s_tmp cur_pc))).
+
+(* I = 0 *)
+ndefinition execute_WAIT ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λi:instr_mode.λcur_pc:word16.
+ Some ? (pair ?? (setweak_i_flag m t s false) cur_pc).
+
+(* **** *)
+(* TICK *)
+(* **** *)
+
+(* enumerazione delle possibili modalita' di sospensione *)
+ninductive susp_type : Type ≝
+ BGND_MODE: susp_type
+| STOP_MODE: susp_type
+| WAIT_MODE: susp_type.
+
+ndefinition susp_type_ind : ΠP:susp_type → Prop.P BGND_MODE → P STOP_MODE → P WAIT_MODE → Πs:susp_type.P s ≝
+λP:susp_type → Prop.λp:P BGND_MODE.λp1:P STOP_MODE.λp2:P WAIT_MODE.λs:susp_type.
+ match s with [ BGND_MODE ⇒ p | STOP_MODE ⇒ p1 | WAIT_MODE ⇒ p2 ].
+
+ndefinition susp_type_rec : ΠP:susp_type → Set.P BGND_MODE → P STOP_MODE → P WAIT_MODE → Πs:susp_type.P s ≝
+λP:susp_type → Set.λp:P BGND_MODE.λp1:P STOP_MODE.λp2:P WAIT_MODE.λs:susp_type.
+ match s with [ BGND_MODE ⇒ p | STOP_MODE ⇒ p1 | WAIT_MODE ⇒ p2 ].
+
+ndefinition susp_type_rect : ΠP:susp_type → Type.P BGND_MODE → P STOP_MODE → P WAIT_MODE → Πs:susp_type.P s ≝
+λP:susp_type → Type.λp:P BGND_MODE.λp1:P STOP_MODE.λp2:P WAIT_MODE.λs:susp_type.
+ match s with [ BGND_MODE ⇒ p | STOP_MODE ⇒ p1 | WAIT_MODE ⇒ p2 ].
+
+(* un tipo opzione ad hoc
+ - errore: errore+stato (seguira' reset o ??, cmq lo stato non va buttato)
+ - sospensione: sospensione+stato (seguira' resume o ??)
+ - ok: stato
+*)
+ninductive tick_result (A:Type) : Type ≝
+ TickERR : A → error_type → tick_result A
+| TickSUSP : A → susp_type → tick_result A
+| TickOK : A → tick_result A.
+
+ndefinition tick_result_ind
+ : ΠA:Type.ΠP:tick_result A → Prop.(Πa:A.Πn:error_type.P (TickERR A a n)) →
+ (Πa:A.Πn:susp_type.P (TickSUSP A a n)) → (Πa:A.P (TickOK A a))→Πt:tick_result A.P t ≝
+λA:Type.λP:tick_result A → Prop.λf:Πa:A.Πn:error_type.P (TickERR A a n).
+λf1:Πa:A.Πn:susp_type.P (TickSUSP A a n).λf2:Πa:A.P (TickOK A a).λt:tick_result A.
+ match t with [ TickERR a n ⇒ f a n | TickSUSP a n ⇒ f1 a n | TickOK a ⇒ f2 a ].
+
+ndefinition tick_result_rec
+ : ΠA:Type.ΠP:tick_result A → Set.(Πa:A.Πn:error_type.P (TickERR A a n)) →
+ (Πa:A.Πn:susp_type.P (TickSUSP A a n)) → (Πa:A.P (TickOK A a))→Πt:tick_result A.P t ≝
+λA:Type.λP:tick_result A → Set.λf:Πa:A.Πn:error_type.P (TickERR A a n).
+λf1:Πa:A.Πn:susp_type.P (TickSUSP A a n).λf2:Πa:A.P (TickOK A a).λt:tick_result A.
+ match t with [ TickERR a n ⇒ f a n | TickSUSP a n ⇒ f1 a n | TickOK a ⇒ f2 a ].
+
+ndefinition tick_result_rect
+ : ΠA:Type.ΠP:tick_result A → Type.(Πa:A.Πn:error_type.P (TickERR A a n)) →
+ (Πa:A.Πn:susp_type.P (TickSUSP A a n)) → (Πa:A.P (TickOK A a))→Πt:tick_result A.P t ≝
+λA:Type.λP:tick_result A → Type.λf:Πa:A.Πn:error_type.P (TickERR A a n).
+λf1:Πa:A.Πn:susp_type.P (TickSUSP A a n).λf2:Πa:A.P (TickOK A a).λt:tick_result A.
+ match t with [ TickERR a n ⇒ f a n | TickSUSP a n ⇒ f1 a n | TickOK a ⇒ f2 a ].
+
+(* sostanazialmente simula
+ - fetch/decode/execute
+ - l'esecuzione e' considerata atomica quindi nel caso di un'instruzione
+ da 3 cicli la successione sara'
+ ([fetch/decode] s,clk:None) →
+ ( s,clk:Some 1,pseudo,mode,3,cur_pc) →
+ ( s,clk:Some 2,pseudo,mode,3,cur_pc) →
+ ([execute] s',clk:None) *)
+
+ndefinition tick_execute ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+λpseudo:any_opcode m.λmode:instr_mode.λcur_pc:word16.
+ let abs_pseudo ≝ match pseudo with [ anyOP pseudo' ⇒ pseudo' ] in
+ let a_status_and_fetch ≝ match abs_pseudo with
+ [ ADC ⇒ execute_ADC m t s mode cur_pc (* add with carry *)
+ | ADD ⇒ execute_ADD m t s mode cur_pc (* add *)
+ | AIS ⇒ execute_AIS m t s mode cur_pc (* add immediate to SP *)
+ | AIX ⇒ execute_AIX m t s mode cur_pc (* add immediate to X *)
+ | AND ⇒ execute_AND m t s mode cur_pc (* and *)
+ | ASL ⇒ execute_ASL m t s mode cur_pc (* aritmetic shift left *)
+ | ASR ⇒ execute_ASR m t s mode cur_pc (* aritmetic shift right *)
+ | BCC ⇒ execute_BCC m t s mode cur_pc (* branch if C=0 *)
+ | BCLRn ⇒ execute_BCLRn m t s mode cur_pc (* clear bit n *)
+ | BCS ⇒ execute_BCS m t s mode cur_pc (* branch if C=1 *)
+ | BEQ ⇒ execute_BEQ m t s mode cur_pc (* branch if Z=1 *)
+ | BGE ⇒ execute_BGE m t s mode cur_pc (* branch if N⊙V=0 (great or equal) *)
+ | BGND ⇒ execute_BGND m t s mode cur_pc (* !!background mode!!*)
+ | BGT ⇒ execute_BGT m t s mode cur_pc (* branch if Z|N⊙V=0 clear (great) *)
+ | BHCC ⇒ execute_BHCC m t s mode cur_pc (* branch if H=0 *)
+ | BHCS ⇒ execute_BHCS m t s mode cur_pc (* branch if H=1 *)
+ | BHI ⇒ execute_BHI m t s mode cur_pc (* branch if C|Z=0, (higher) *)
+ | BIH ⇒ execute_BIH m t s mode cur_pc (* branch if nIRQ=1 *)
+ | BIL ⇒ execute_BIL m t s mode cur_pc (* branch if nIRQ=0 *)
+ | BIT ⇒ execute_BIT m t s mode cur_pc (* flag = and (bit test) *)
+ | BLE ⇒ execute_BLE m t s mode cur_pc (* branch if Z|N⊙V=1 (less or equal) *)
+ | BLS ⇒ execute_BLS m t s mode cur_pc (* branch if C|Z=1 (lower or same) *)
+ | BLT ⇒ execute_BLT m t s mode cur_pc (* branch if N⊙1=1 (less) *)
+ | BMC ⇒ execute_BMC m t s mode cur_pc (* branch if I=0 (interrupt mask clear) *)
+ | BMI ⇒ execute_BMI m t s mode cur_pc (* branch if N=1 (minus) *)
+ | BMS ⇒ execute_BMS m t s mode cur_pc (* branch if I=1 (interrupt mask set) *)
+ | BNE ⇒ execute_BNE m t s mode cur_pc (* branch if Z=0 *)
+ | BPL ⇒ execute_BPL m t s mode cur_pc (* branch if N=0 (plus) *)
+ | BRA ⇒ execute_BRA m t s mode cur_pc (* branch always *)
+ | BRCLRn ⇒ execute_BRCLRn m t s mode cur_pc (* branch if bit n clear *)
+ | BRN ⇒ execute_BRN m t s mode cur_pc (* branch never (nop) *)
+ | BRSETn ⇒ execute_BRSETn m t s mode cur_pc (* branch if bit n set *)
+ | BSETn ⇒ execute_BSETn m t s mode cur_pc (* set bit n *)
+ | BSR ⇒ execute_BSR m t s mode cur_pc (* branch to subroutine *)
+ | CBEQA ⇒ execute_CBEQA m t s mode cur_pc (* compare (A) and BEQ *)
+ | CBEQX ⇒ execute_CBEQX m t s mode cur_pc (* compare (X) and BEQ *)
+ | CLC ⇒ execute_CLC m t s mode cur_pc (* C=0 *)
+ | CLI ⇒ execute_CLI m t s mode cur_pc (* I=0 *)
+ | CLR ⇒ execute_CLR m t s mode cur_pc (* operand=0 *)
+ | CMP ⇒ execute_CMP m t s mode cur_pc (* flag = sub (compare A) *)
+ | COM ⇒ execute_COM m t s mode cur_pc (* not (1 complement) *)
+ | CPHX ⇒ execute_CPHX m t s mode cur_pc (* flag = sub (compare H:X) *)
+ | CPX ⇒ execute_CPX m t s mode cur_pc (* flag = sub (compare X) *)
+ | DAA ⇒ execute_DAA m t s mode cur_pc (* decimal adjust A *)
+ | DBNZ ⇒ execute_DBNZ m t s mode cur_pc (* dec and BNE *)
+ | DEC ⇒ execute_DEC m t s mode cur_pc (* operand=operand-1 (decrement) *)
+ | DIV ⇒ execute_DIV m t s mode cur_pc (* div *)
+ | EOR ⇒ execute_EOR m t s mode cur_pc (* xor *)
+ | INC ⇒ execute_INC m t s mode cur_pc (* operand=operand+1 (increment) *)
+ | JMP ⇒ execute_JMP m t s mode cur_pc (* jmp word [operand] *)
+ | JSR ⇒ execute_JSR m t s mode cur_pc (* jmp to subroutine *)
+ | LDA ⇒ execute_LDA m t s mode cur_pc (* load in A *)
+ | LDHX ⇒ execute_LDHX m t s mode cur_pc (* load in H:X *)
+ | LDX ⇒ execute_LDX m t s mode cur_pc (* load in X *)
+ | LSR ⇒ execute_LSR m t s mode cur_pc (* logical shift right *)
+ | MOV ⇒ execute_MOV m t s mode cur_pc (* move *)
+ | MUL ⇒ execute_MUL m t s mode cur_pc (* mul *)
+ | NEG ⇒ execute_NEG m t s mode cur_pc (* neg (2 complement) *)
+ | NOP ⇒ execute_NOP m t s mode cur_pc (* nop *)
+ | NSA ⇒ execute_NSA m t s mode cur_pc (* nibble swap A (al:ah <- ah:al) *)
+ | ORA ⇒ execute_ORA m t s mode cur_pc (* or *)
+ | PSHA ⇒ execute_PSHA m t s mode cur_pc (* push A *)
+ | PSHH ⇒ execute_PSHH m t s mode cur_pc (* push H *)
+ | PSHX ⇒ execute_PSHX m t s mode cur_pc (* push X *)
+ | PULA ⇒ execute_PULA m t s mode cur_pc (* pop A *)
+ | PULH ⇒ execute_PULH m t s mode cur_pc (* pop H *)
+ | PULX ⇒ execute_PULX m t s mode cur_pc (* pop X *)
+ | ROL ⇒ execute_ROL m t s mode cur_pc (* rotate left *)
+ | ROR ⇒ execute_ROR m t s mode cur_pc (* rotate right *)
+ | RSP ⇒ execute_RSP m t s mode cur_pc (* reset SP (0x00FF) *)
+ | RTI ⇒ execute_RTI m t s mode cur_pc (* return from interrupt *)
+ | RTS ⇒ execute_RTS m t s mode cur_pc (* return from subroutine *)
+ | SBC ⇒ execute_SBC m t s mode cur_pc (* sub with carry*)
+ | SEC ⇒ execute_SEC m t s mode cur_pc (* C=1 *)
+ | SEI ⇒ execute_SEI m t s mode cur_pc (* I=1 *)
+ | SHA ⇒ execute_SHA m t s mode cur_pc (* swap spc_high,A *)
+ | SLA ⇒ execute_SLA m t s mode cur_pc (* swap spc_low,A *)
+ | STA ⇒ execute_STA m t s mode cur_pc (* store from A *)
+ | STHX ⇒ execute_STHX m t s mode cur_pc (* store from H:X *)
+ | STOP ⇒ execute_STOP m t s mode cur_pc (* !!stop mode!! *)
+ | STX ⇒ execute_STX m t s mode cur_pc (* store from X *)
+ | SUB ⇒ execute_SUB m t s mode cur_pc (* sub *)
+ | SWI ⇒ execute_SWI m t s mode cur_pc (* software interrupt *)
+ | TAP ⇒ execute_TAP m t s mode cur_pc (* flag=A (transfer A to process status byte *)
+ | TAX ⇒ execute_TAX m t s mode cur_pc (* X=A (transfer A to X) *)
+ | TPA ⇒ execute_TPA m t s mode cur_pc (* A=flag (transfer process status byte to A) *)
+ | TST ⇒ execute_TST m t s mode cur_pc (* flag = sub (test) *)
+ | TSX ⇒ execute_TSX m t s mode cur_pc (* X:H=SP (transfer SP to H:X) *)
+ | TXA ⇒ execute_TXA m t s mode cur_pc (* A=X (transfer X to A) *)
+ | TXS ⇒ execute_TXS m t s mode cur_pc (* SP=X:H (transfer H:X to SP) *)
+ | WAIT ⇒ execute_WAIT m t s mode cur_pc (* !!wait mode!!*)
+ ] in match a_status_and_fetch with
+(* errore nell'execute (=caricamento argomenti)? riportato in output *)
+(* nessun avanzamento e clk a None *)
+ [ None ⇒ TickERR ? (set_clk_desc m t s (None ?)) ILL_EX_AD
+ | Some status_and_newpc ⇒
+(* aggiornamento centralizzato di pc e clk *)
+ match status_and_newpc with
+ [ pair s_tmp1 new_pc ⇒
+ let s_tmp2 ≝ set_pc_reg m t s_tmp1 new_pc in
+ let s_tmp3 ≝ set_clk_desc m t s_tmp2 (None ?) in
+(* distinzione fra le 4 modalita' possibili, normale/BGND/STOP/WAIT *)
+ match eq_op abs_pseudo BGND with
+ [ true ⇒ TickSUSP ? s_tmp3 BGND_MODE
+ | false ⇒ match eq_op abs_pseudo STOP with
+ [ true ⇒ TickSUSP ? s_tmp3 STOP_MODE
+ | false ⇒ match eq_op abs_pseudo WAIT with
+ [ true ⇒ TickSUSP ? s_tmp3 WAIT_MODE
+ | false ⇒ TickOK ? s_tmp3
+ ]]]]].
+
+ndefinition tick ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ let opt_info ≝ get_clk_desc m t s in
+ match opt_info with
+ (* e' il momento del fetch *)
+ [ None ⇒ match fetch m t s with
+ (* errore nel fetch/decode? riportato in output, nessun avanzamento *)
+ [ FetchERR err ⇒ TickERR ? s err
+ (* nessun errore nel fetch *)
+ | FetchOK fetch_info cur_pc ⇒ match fetch_info with
+ [ quadruple pseudo mode _ tot_clk ⇒
+ match eq_b8 〈x0,x1〉 tot_clk with
+ (* un solo clk, execute subito *)
+ [ true ⇒ tick_execute m t s pseudo mode cur_pc
+ (* piu' clk, execute rimandata *)
+ | false ⇒ TickOK ? (set_clk_desc m t s (Some ? (quintuple ????? 〈x0,x1〉 pseudo mode tot_clk cur_pc)))
+ ]
+ ]
+ ]
+ (* il fetch e' gia' stato eseguito, e' il turno di execute? *)
+ | Some info ⇒ match info with [ quintuple cur_clk pseudo mode tot_clk cur_pc ⇒
+ match eq_b8 (succ_b8 cur_clk) tot_clk with
+ (* si *)
+ [ true ⇒ tick_execute m t s pseudo mode cur_pc
+ (* no, avanzamento cur_clk *)
+ | false ⇒ TickOK ? (set_clk_desc m t s (Some ? (quintuple ????? (succ_b8 cur_clk) pseudo mode tot_clk cur_pc)))
+ ]
+ ]
+ ].
+
+(* ********** *)
+(* ESECUZIONE *)
+(* ********** *)
+
+nlet rec execute (m:mcu_type) (t:memory_impl) (s:tick_result (any_status m t)) (n:nat) on n ≝
+ match s with
+ [ TickERR s' error ⇒ TickERR ? s' error
+ | TickSUSP s' susp ⇒ TickSUSP ? s' susp
+ | TickOK s' ⇒ match n with [ O ⇒ TickOK ? s' | S n' ⇒ execute m t (tick m t s') n' ]
+ ].
+
+nlemma breakpoint_err : ∀m,t,s,err,n.execute m t (TickERR ? s err) n = TickERR ? s err.
+ #m; #t; #s; #err; #n;
+ ncases n;
+ ##[ ##2: #n1 ##]
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma breakpoint_susp : ∀m,t,s,susp,n.execute m t (TickSUSP ? s susp) n = TickSUSP ? s susp.
+ #m; #t; #s; #susp; #n;
+ ncases n;
+ ##[ ##2: #n1 ##]
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma breakpoint :
+ ∀m,t,n1,n2,s. execute m t s (n1 + n2) = execute m t (execute m t s n1) n2.
+ #m; #t; #n1;
+ nelim n1;
+ ##[ ##1: nnormalize; #n2; #s; ncases s; nnormalize; ##[ ##1,2: #x ##] #y; napply (refl_eq ??)
+ ##| ##2: #n3; #H; #n2; #s; ncases s;
+ ##[ ##1: #x; #y; nnormalize; nrewrite > (breakpoint_err m t x y n2); napply (refl_eq ??)
+ ##| ##2: #x; #y; nnormalize; nrewrite > (breakpoint_susp m t x y n2); napply (refl_eq ??)
+ ##| ##3: #x; nrewrite > (Sn_p_n_to_S_npn n3 n2);
+ nchange with ((execute m t (tick m t x) (n3+n2)) =
+ (execute m t (execute m t (tick m t x) n3) n2));
+ nrewrite > (H n2 (tick m t x));
+ napply (refl_eq ??)
+ ##]
+ ##]
+nqed.
##]
##]
nqed.
+
+nlemma Sn_p_n_to_S_npn : ∀n1,n2.(S n1) + n2 = S (n1 + n2).
+ #n1;
+ nelim n1;
+ ##[ ##1: nnormalize; #n2; napply (refl_eq ??)
+ ##| ##2: #n; #H; #n2; nrewrite > (H n2);
+ ncases n in H:(%) ⊢ %;
+ ##[ ##1: nnormalize; #H; napply (refl_eq ??)
+ ##| ##2: #n3; nnormalize; #H; napply (refl_eq ??)
+ ##]
+ ##]
+nqed.
+
+nlemma n_p_Sn_to_S_npn : ∀n1,n2.n1 + (S n2) = S (n1 + n2).
+ #n1;
+ nelim n1;
+ ##[ ##1: nnormalize; #n2; napply (refl_eq ??)
+ ##| ##2: #n; #H; #n2;
+ nrewrite > (Sn_p_n_to_S_npn n (S n2));
+ nrewrite > (H n2);
+ napply (refl_eq ??)
+ ##]
+nqed.
+
+nlemma Opn_to_n : ∀n.O + n = n.
+ #n; nnormalize; napply (refl_eq ??).
+nqed.
+
+nlemma npO_to_n : ∀n.n + O = n.
+ #n;
+ nelim n;
+ ##[ ##1: nnormalize; napply (refl_eq ??)
+ ##| ##2: #n1; #H;
+ nrewrite > (Sn_p_n_to_S_npn n1 O);
+ nrewrite > H;
+ napply (refl_eq ??)
+ ##]
+nqed.
+
+nlemma symmetric_plusnat : symmetricT nat nat plus.
+ #n1;
+ nelim n1;
+ ##[ ##1: #n2; nrewrite > (npO_to_n n2); nnormalize; napply (refl_eq ??)
+ ##| ##2: #n2; #H; #n3;
+ nrewrite > (Sn_p_n_to_S_npn n2 n3);
+ nrewrite > (n_p_Sn_to_S_npn n3 n2);
+ nrewrite > (H n3);
+ napply (refl_eq ??)
+ ##]
+nqed.
--- /dev/null
+(**************************************************************************)
+(* ___ *)
+(* ||M|| *)
+(* ||A|| A project by Andrea Asperti *)
+(* ||T|| *)
+(* ||I|| Developers: *)
+(* ||T|| The HELM team. *)
+(* ||A|| http://helm.cs.unibo.it *)
+(* \ / *)
+(* \ / This file is distributed under the terms of the *)
+(* v GNU General Public License Version 2 *)
+(* *)
+(**************************************************************************)
+
+(* ********************************************************************** *)
+(* Progetto FreeScale *)
+(* *)
+(* Sviluppato da: *)
+(* Cosimo Oliboni, oliboni@cs.unibo.it *)
+(* *)
+(* Questo materiale fa parte della tesi: *)
+(* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *)
+(* *)
+(* data ultima modifica 15/11/2007 *)
+(* ********************************************************************** *)
+
+include "freescale/memory_abs.ma".
+include "freescale/opcode_base.ma".
+include "freescale/prod.ma".
+
+(* *********************************** *)
+(* STATUS INTERNO DEL PROCESSORE (ALU) *)
+(* *********************************** *)
+
+(* ALU dell'HC05 *)
+nrecord alu_HC05: Type ≝
+ {
+ (* A: registo accumulatore *)
+ acc_low_reg_HC05 : byte8;
+ (* X: registro indice *)
+ indX_low_reg_HC05 : byte8;
+ (* SP: registo stack pointer *)
+ sp_reg_HC05 : word16;
+ (* modificatori di SP: per esempio e' definito come 0000000011xxxxxxb *)
+ (* la logica della sua costruzione e' quindi (SP∧mask)∨fix *)
+ (* totalmente racchiusa nella ALU, bastera' fare get(set(SP)) *)
+ sp_mask_HC05 : word16;
+ sp_fix_HC05 : word16;
+ (* PC: registro program counter *)
+ pc_reg_HC05 : word16;
+ (* modificatore di PC: per esempio e' definito come 00xxxxxxxxxxxxxxb *)
+ (* la logica della sua costruzione e' quindi (PC∧mask) *)
+ (* totalmente racchiusa nella ALU, bastera' fare get(set(PC)) *)
+ pc_mask_HC05 : word16;
+
+ (* H: flag semi-carry (somma nibble basso) *)
+ h_flag_HC05 : bool;
+ (* I: flag mascheramento degli interrupt mascherabili: 1=mascherati *)
+ i_flag_HC05 : bool;
+ (* N: flag segno/negativita' *)
+ n_flag_HC05 : bool;
+ (* Z: flag zero *)
+ z_flag_HC05 : bool;
+ (* C: flag carry *)
+ c_flag_HC05 : bool;
+
+ (* IRQ: flag che simula il pin esterno IRQ *)
+ irq_flag_HC05 : bool
+ }.
+
+ndefinition alu_HC05_ind :
+ ΠP:alu_HC05 → Prop.(Πb,b1,w,w1,w2,w3,w4,b2,b3,b4,b5,b6,b7.P (mk_alu_HC05 b b1 w w1 w2 w3 w4 b2 b3 b4 b5 b6 b7)) → Πa:alu_HC05.P a ≝
+λP:alu_HC05 → Prop.λf:Πb,b1,w,w1,w2,w3,w4,b2,b3,b4,b5,b6,b7.P (mk_alu_HC05 b b1 w w1 w2 w3 w4 b2 b3 b4 b5 b6 b7).λa:alu_HC05.
+ match a with [ mk_alu_HC05 b b1 w w1 w2 w3 w4 b2 b3 b4 b5 b6 b7 ⇒ f b b1 w w1 w2 w3 w4 b2 b3 b4 b5 b6 b7 ].
+
+ndefinition alu_HC05_rec :
+ ΠP:alu_HC05 → Set.(Πb,b1,w,w1,w2,w3,w4,b2,b3,b4,b5,b6,b7.P (mk_alu_HC05 b b1 w w1 w2 w3 w4 b2 b3 b4 b5 b6 b7)) → Πa:alu_HC05.P a ≝
+λP:alu_HC05 → Set.λf:Πb,b1,w,w1,w2,w3,w4,b2,b3,b4,b5,b6,b7.P (mk_alu_HC05 b b1 w w1 w2 w3 w4 b2 b3 b4 b5 b6 b7).λa:alu_HC05.
+ match a with [ mk_alu_HC05 b b1 w w1 w2 w3 w4 b2 b3 b4 b5 b6 b7 ⇒ f b b1 w w1 w2 w3 w4 b2 b3 b4 b5 b6 b7 ].
+
+ndefinition alu_HC05_rect :
+ ΠP:alu_HC05 → Type.(Πb,b1,w,w1,w2,w3,w4,b2,b3,b4,b5,b6,b7.P (mk_alu_HC05 b b1 w w1 w2 w3 w4 b2 b3 b4 b5 b6 b7)) → Πa:alu_HC05.P a ≝
+λP:alu_HC05 → Type.λf:Πb,b1,w,w1,w2,w3,w4,b2,b3,b4,b5,b6,b7.P (mk_alu_HC05 b b1 w w1 w2 w3 w4 b2 b3 b4 b5 b6 b7).λa:alu_HC05.
+ match a with [ mk_alu_HC05 b b1 w w1 w2 w3 w4 b2 b3 b4 b5 b6 b7 ⇒ f b b1 w w1 w2 w3 w4 b2 b3 b4 b5 b6 b7 ].
+
+ndefinition acc_low_reg_HC05 ≝ λalu.match alu with [ mk_alu_HC05 x _ _ _ _ _ _ _ _ _ _ _ _ ⇒ x ].
+ndefinition indX_low_reg_HC05 ≝ λalu.match alu with [ mk_alu_HC05 _ x _ _ _ _ _ _ _ _ _ _ _ ⇒ x ].
+ndefinition sp_reg_HC05 ≝ λalu.match alu with [ mk_alu_HC05 _ _ x _ _ _ _ _ _ _ _ _ _ ⇒ x ].
+ndefinition sp_mask_HC05 ≝ λalu.match alu with [ mk_alu_HC05 _ _ _ x _ _ _ _ _ _ _ _ _ ⇒ x ].
+ndefinition sp_fix_HC05 ≝ λalu.match alu with [ mk_alu_HC05 _ _ _ _ x _ _ _ _ _ _ _ _ ⇒ x ].
+ndefinition pc_reg_HC05 ≝ λalu.match alu with [ mk_alu_HC05 _ _ _ _ _ x _ _ _ _ _ _ _ ⇒ x ].
+ndefinition pc_mask_HC05 ≝ λalu.match alu with [ mk_alu_HC05 _ _ _ _ _ _ x _ _ _ _ _ _ ⇒ x ].
+ndefinition h_flag_HC05 ≝ λalu.match alu with [ mk_alu_HC05 _ _ _ _ _ _ _ x _ _ _ _ _ ⇒ x ].
+ndefinition i_flag_HC05 ≝ λalu.match alu with [ mk_alu_HC05 _ _ _ _ _ _ _ _ x _ _ _ _ ⇒ x ].
+ndefinition n_flag_HC05 ≝ λalu.match alu with [ mk_alu_HC05 _ _ _ _ _ _ _ _ _ x _ _ _ ⇒ x ].
+ndefinition z_flag_HC05 ≝ λalu.match alu with [ mk_alu_HC05 _ _ _ _ _ _ _ _ _ _ x _ _ ⇒ x ].
+ndefinition c_flag_HC05 ≝ λalu.match alu with [ mk_alu_HC05 _ _ _ _ _ _ _ _ _ _ _ x _ ⇒ x ].
+ndefinition irq_flag_HC05 ≝ λalu.match alu with [ mk_alu_HC05 _ _ _ _ _ _ _ _ _ _ _ _ x ⇒ x ].
+
+notation "{hvbox('A_Reg' ≝ acclow ; break 'X_Reg' ≝ indxlow ; break 'Sp_Reg' ≝ sp ; break 'Sp_Mask' ≝ spm ; break 'Sp_Fix' ≝ spf ; break 'Pc_Reg' ≝ pc ; break 'Pc_Mask' ≝ pcm ; break 'H_Flag' ≝ hfl ; break 'I_Flag' ≝ ifl ; break 'N_Flag' ≝ nfl ; break 'Z_Flag' ≝ zfl ; break 'C_Flag' ≝ cfl ; break 'IRQ_Flag' ≝ irqfl)}"
+ non associative with precedence 80 for
+ @{ 'mk_alu_HC05 $acclow $indxlow $sp $spm $spf $pc $pcm $hfl $ifl $nfl $zfl $cfl $irqfl }.
+interpretation "mk_alu_HC05" 'mk_alu_HC05 acclow indxlow sp spm spf pc pcm hfl ifl nfl zfl cfl irqfl =
+ (mk_alu_HC05 acclow indxlow sp spm spf pc pcm hfl ifl nfl zfl cfl irqfl).
+
+(* ALU dell'HC08/HCS08 *)
+nrecord alu_HC08: Type ≝
+ {
+ (* A: registo accumulatore *)
+ acc_low_reg_HC08 : byte8;
+ (* X: registro indice parte bassa *)
+ indX_low_reg_HC08 : byte8;
+ (* H: registro indice parte alta *)
+ indX_high_reg_HC08 : byte8;
+ (* SP: registo stack pointer *)
+ sp_reg_HC08 : word16;
+ (* PC: registro program counter *)
+ pc_reg_HC08 : word16;
+
+ (* V: flag overflow *)
+ v_flag_HC08 : bool;
+ (* H: flag semi-carry (somma nibble basso) *)
+ h_flag_HC08 : bool;
+ (* I: flag mascheramento degli interrupt mascherabili: 1=mascherati *)
+ i_flag_HC08 : bool;
+ (* N: flag segno/negativita' *)
+ n_flag_HC08 : bool;
+ (* Z: flag zero *)
+ z_flag_HC08 : bool;
+ (* C: flag carry *)
+ c_flag_HC08 : bool;
+
+ (* IRQ: flag che simula il pin esterno IRQ *)
+ irq_flag_HC08 : bool
+ }.
+
+ndefinition alu_HC08_ind :
+ ΠP:alu_HC08 → Prop.(Πb,b1,b2,w,w1,b3,b4,b5,b6,b7,b8,b9.P (mk_alu_HC08 b b1 b2 w w1 b3 b4 b5 b6 b7 b8 b9)) → Πa:alu_HC08.P a ≝
+λP:alu_HC08 → Prop.λf:Πb,b1,b2,w,w1,b3,b4,b5,b6,b7,b8,b9.P (mk_alu_HC08 b b1 b2 w w1 b3 b4 b5 b6 b7 b8 b9).λa:alu_HC08.
+ match a with [ mk_alu_HC08 b b1 b2 w w1 b3 b4 b5 b6 b7 b8 b9 ⇒ f b b1 b2 w w1 b3 b4 b5 b6 b7 b8 b9 ].
+
+ndefinition alu_HC08_rec :
+ ΠP:alu_HC08 → Set.(Πb,b1,b2,w,w1,b3,b4,b5,b6,b7,b8,b9.P (mk_alu_HC08 b b1 b2 w w1 b3 b4 b5 b6 b7 b8 b9)) → Πa:alu_HC08.P a ≝
+λP:alu_HC08 → Set.λf:Πb,b1,b2,w,w1,b3,b4,b5,b6,b7,b8,b9.P (mk_alu_HC08 b b1 b2 w w1 b3 b4 b5 b6 b7 b8 b9).λa:alu_HC08.
+ match a with [ mk_alu_HC08 b b1 b2 w w1 b3 b4 b5 b6 b7 b8 b9 ⇒ f b b1 b2 w w1 b3 b4 b5 b6 b7 b8 b9 ].
+
+ndefinition alu_HC08_rect :
+ ΠP:alu_HC08 → Type.(Πb,b1,b2,w,w1,b3,b4,b5,b6,b7,b8,b9.P (mk_alu_HC08 b b1 b2 w w1 b3 b4 b5 b6 b7 b8 b9)) → Πa:alu_HC08.P a ≝
+λP:alu_HC08 → Type.λf:Πb,b1,b2,w,w1,b3,b4,b5,b6,b7,b8,b9.P (mk_alu_HC08 b b1 b2 w w1 b3 b4 b5 b6 b7 b8 b9).λa:alu_HC08.
+ match a with [ mk_alu_HC08 b b1 b2 w w1 b3 b4 b5 b6 b7 b8 b9 ⇒ f b b1 b2 w w1 b3 b4 b5 b6 b7 b8 b9 ].
+
+ndefinition acc_low_reg_HC08 ≝ λalu.match alu with [ mk_alu_HC08 x _ _ _ _ _ _ _ _ _ _ _ ⇒ x ].
+ndefinition indX_low_reg_HC08 ≝ λalu.match alu with [ mk_alu_HC08 _ x _ _ _ _ _ _ _ _ _ _ ⇒ x ].
+ndefinition indX_high_reg_HC08 ≝ λalu.match alu with [ mk_alu_HC08 _ _ x _ _ _ _ _ _ _ _ _ ⇒ x ].
+ndefinition sp_reg_HC08 ≝ λalu.match alu with [ mk_alu_HC08 _ _ _ x _ _ _ _ _ _ _ _ ⇒ x ].
+ndefinition pc_reg_HC08 ≝ λalu.match alu with [ mk_alu_HC08 _ _ _ _ x _ _ _ _ _ _ _ ⇒ x ].
+ndefinition v_flag_HC08 ≝ λalu.match alu with [ mk_alu_HC08 _ _ _ _ _ x _ _ _ _ _ _ ⇒ x ].
+ndefinition h_flag_HC08 ≝ λalu.match alu with [ mk_alu_HC08 _ _ _ _ _ _ x _ _ _ _ _ ⇒ x ].
+ndefinition i_flag_HC08 ≝ λalu.match alu with [ mk_alu_HC08 _ _ _ _ _ _ _ x _ _ _ _ ⇒ x ].
+ndefinition n_flag_HC08 ≝ λalu.match alu with [ mk_alu_HC08 _ _ _ _ _ _ _ _ x _ _ _ ⇒ x ].
+ndefinition z_flag_HC08 ≝ λalu.match alu with [ mk_alu_HC08 _ _ _ _ _ _ _ _ _ x _ _ ⇒ x ].
+ndefinition c_flag_HC08 ≝ λalu.match alu with [ mk_alu_HC08 _ _ _ _ _ _ _ _ _ _ x _ ⇒ x ].
+ndefinition irq_flag_HC08 ≝ λalu.match alu with [ mk_alu_HC08 _ _ _ _ _ _ _ _ _ _ _ x ⇒ x ].
+
+notation "{hvbox('A_Reg' ≝ acclow ; break 'X_Reg' ≝ indxlow ; break 'H_Reg' ≝ indxhigh ; break 'Sp_Reg' ≝ sp ; break 'Pc_Reg' ≝ pc ; break 'V_Flag' ≝ vfl ; break 'H_Flag' ≝ hfl ; break 'I_Flag' ≝ ifl ; break 'N_Flag' ≝ nfl ; break 'Z_Flag' ≝ zfl ; break 'C_Flag' ≝ cfl ; break 'IRQ_Flag' ≝ irqfl)}"
+ non associative with precedence 80 for
+ @{ 'mk_alu_HC08 $acclow $indxlow $indxhigh $sp $pc $vfl $hfl $ifl $nfl $zfl $cfl $irqfl }.
+interpretation "mk_alu_HC08" 'mk_alu_HC08 acclow indxlow indxhigh sp pc vfl hfl ifl nfl zfl cfl irqfl =
+ (mk_alu_HC08 acclow indxlow indxhigh sp pc vfl hfl ifl nfl zfl cfl irqfl).
+
+(* ALU dell'RS08 *)
+nrecord alu_RS08: Type ≝
+ {
+ (* A: registo accumulatore *)
+ acc_low_reg_RS08 : byte8;
+ (* PC: registro program counter *)
+ pc_reg_RS08 : word16;
+ (* modificatore di PC: per esempio e' definito come 00xxxxxxxxxxxxxxb *)
+ (* la logica della sua costruzione e' quindi (PC∧mask) *)
+ (* totalmente racchiusa nella ALU, bastera' fare get(set(PC)) *)
+ pc_mask_RS08 : word16;
+ (* SPC: registro shadow program counter *)
+ (* NB: il suo modificatore e' lo stesso di PC *)
+ spc_reg_RS08 : word16;
+
+ (* X: registro indice parte bassa *)
+ (* NB: in realta' e' mappato in memoria e non risiede nella ALU *)
+ (* la lettura/scrittura avviene tramite la locazione [0x000F] *)
+ (* la funzione memory_filter_read/write si occupera' di intercettare *)
+ (* e deviare sul registro le letture/scritture (modulo load_write) *)
+ x_map_RS08 : byte8;
+ (* PS: registro selezione di pagina *)
+ (* serve a indirizzare la finestra RAM di 64b [0x00C0-0x00FF] *)
+ (* su tutta la memoria installata [0x0000-0x3FFF]: [00pp pppp ppxx xxxx] *)
+ (* NB: in realta' e' mappato in memoria e non risiede nella ALU *)
+ (* la lettura/scrittura avviene tramite la locazione [0x001F] *)
+ (* la funzione memory_filter_read/write si occupera' di intercettare *)
+ (* e deviare sul registro le letture/scritture (modulo load_write) *)
+ ps_map_RS08 : byte8;
+
+ (* Z: flag zero *)
+ z_flag_RS08 : bool;
+ (* C: flag carry *)
+ c_flag_RS08 : bool
+ }.
+
+ndefinition alu_RS08_ind :
+ ΠP:alu_RS08 → Prop.(Πb,w,w1,w2,b1,b2,b3,b4.P (mk_alu_RS08 b w w1 w2 b1 b2 b3 b4)) → Πa:alu_RS08.P a ≝
+λP:alu_RS08 → Prop.λf:Πb,w,w1,w2,b1,b2,b3,b4.P (mk_alu_RS08 b w w1 w2 b1 b2 b3 b4).λa:alu_RS08.
+ match a with [ mk_alu_RS08 b w w1 w2 b1 b2 b3 b4 ⇒ f b w w1 w2 b1 b2 b3 b4 ].
+
+ndefinition alu_RS08_rec :
+ ΠP:alu_RS08 → Set.(Πb,w,w1,w2,b1,b2,b3,b4.P (mk_alu_RS08 b w w1 w2 b1 b2 b3 b4)) → Πa:alu_RS08.P a ≝
+λP:alu_RS08 → Set.λf:Πb,w,w1,w2,b1,b2,b3,b4.P (mk_alu_RS08 b w w1 w2 b1 b2 b3 b4).λa:alu_RS08.
+ match a with [ mk_alu_RS08 b w w1 w2 b1 b2 b3 b4 ⇒ f b w w1 w2 b1 b2 b3 b4 ].
+
+ndefinition alu_RS08_rect :
+ ΠP:alu_RS08 → Type.(Πb,w,w1,w2,b1,b2,b3,b4.P (mk_alu_RS08 b w w1 w2 b1 b2 b3 b4)) → Πa:alu_RS08.P a ≝
+λP:alu_RS08 → Type.λf:Πb,w,w1,w2,b1,b2,b3,b4.P (mk_alu_RS08 b w w1 w2 b1 b2 b3 b4).λa:alu_RS08.
+ match a with [ mk_alu_RS08 b w w1 w2 b1 b2 b3 b4 ⇒ f b w w1 w2 b1 b2 b3 b4 ].
+
+ndefinition acc_low_reg_RS08 ≝ λalu.match alu with [ mk_alu_RS08 x _ _ _ _ _ _ _ ⇒ x ].
+ndefinition pc_reg_RS08 ≝ λalu.match alu with [ mk_alu_RS08 _ x _ _ _ _ _ _ ⇒ x ].
+ndefinition pc_mask_RS08 ≝ λalu.match alu with [ mk_alu_RS08 _ _ x _ _ _ _ _ ⇒ x ].
+ndefinition spc_reg_RS08 ≝ λalu.match alu with [ mk_alu_RS08 _ _ _ x _ _ _ _ ⇒ x ].
+ndefinition x_map_RS08 ≝ λalu.match alu with [ mk_alu_RS08 _ _ _ _ x _ _ _ ⇒ x ].
+ndefinition ps_map_RS08 ≝ λalu.match alu with [ mk_alu_RS08 _ _ _ _ _ x _ _ ⇒ x ].
+ndefinition z_flag_RS08 ≝ λalu.match alu with [ mk_alu_RS08 _ _ _ _ _ _ x _ ⇒ x ].
+ndefinition c_flag_RS08 ≝ λalu.match alu with [ mk_alu_RS08 _ _ _ _ _ _ _ x ⇒ x ].
+
+notation "{hvbox('A_Reg' ≝ acclow ; break 'Pc_Reg' ≝ pc ; break 'Pc_Mask' ≝ pcm ; break 'Spc_Reg' ≝ spc ; break 'X_Map' ≝ xm ; break 'Ps_Map' ≝ psm ; break 'Z_Flag' ≝ zfl ; break 'C_Flag' ≝ cfl)}"
+ non associative with precedence 80 for
+ @{ 'mk_alu_RS08 $acclow $pc $pcm $spc $xm $psm $zfl $cfl }.
+interpretation "mk_alu_RS08" 'mk_alu_RS08 acclow pc pcm spc xm psm zfl cfl =
+ (mk_alu_RS08 acclow pc pcm spc xm psm zfl cfl).
+
+(* tipo processore dipendente dalla mcu, varia solo la ALU *)
+nrecord any_status (mcu:mcu_type) (t:memory_impl): Type ≝
+ {
+ alu : match mcu with
+ [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ];
+
+ (* descritore della memoria *)
+ mem_desc : aux_mem_type t;
+ (* descrittore del tipo di memoria installata *)
+ chk_desc : aux_chk_type t;
+ (* descrittore del click = stato di avanzamento dell'esecuzione+cur_pc conseguente a fetch *)
+ (* 1) None = istruzione eseguita, attesa del fetch *)
+ (* 2) Some cur_clk,pseudo,mode,clks,cur_pc = fetch eseguito, countup a esecuzione *)
+ clk_desc : option (Prod5T byte8 (any_opcode mcu) (instr_mode) byte8 word16)
+ }.
+
+ndefinition any_status_ind :
+ Πmcu.Πt.ΠP:any_status mcu t → Prop.
+ (Πx:match mcu with [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ].
+ Πn,n1,n2.P (mk_any_status mcu t x n n1 n2)) → Πa:any_status mcu t.P a ≝
+λmcu.λt.λP:any_status mcu t → Prop.
+λf:Πx:match mcu with [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ].
+ Πn,n1,n2.P (mk_any_status mcu t x n n1 n2).λa:any_status mcu t.
+ match a with [ mk_any_status x n n1 n2 ⇒ f x n n1 n2 ].
+
+ndefinition any_status_rec :
+ Πmcu.Πt.ΠP:any_status mcu t → Set.
+ (Πx:match mcu with [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ].
+ Πn,n1,n2.P (mk_any_status mcu t x n n1 n2)) → Πa:any_status mcu t.P a ≝
+λmcu.λt.λP:any_status mcu t → Set.
+λf:Πx:match mcu with [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ].
+ Πn,n1,n2.P (mk_any_status mcu t x n n1 n2).λa:any_status mcu t.
+ match a with [ mk_any_status x n n1 n2 ⇒ f x n n1 n2 ].
+
+ndefinition any_status_rect :
+ Πmcu.Πt.ΠP:any_status mcu t → Type.
+ (Πx:match mcu with [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ].
+ Πn,n1,n2.P (mk_any_status mcu t x n n1 n2)) → Πa:any_status mcu t.P a ≝
+λmcu.λt.λP:any_status mcu t → Type.
+λf:Πx:match mcu with [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ].
+ Πn,n1,n2.P (mk_any_status mcu t x n n1 n2).λa:any_status mcu t.
+ match a with [ mk_any_status x n n1 n2 ⇒ f x n n1 n2 ].
+
+ndefinition alu ≝ λmcu.λt.λw:any_status mcu t.match w with [ mk_any_status (x:match mcu with [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ]) _ _ _ ⇒ x ].
+ndefinition mem_desc ≝ λmcu.λt.λw:any_status mcu t.match w with [ mk_any_status _ x _ _ ⇒ x ].
+ndefinition chk_desc ≝ λmcu.λt.λw:any_status mcu t.match w with [ mk_any_status _ _ x _ ⇒ x ].
+ndefinition clk_desc ≝ λmcu.λt.λw:any_status mcu t.match w with [ mk_any_status _ _ _ x ⇒ x ].
+
+(* evitare di mostrare la memoria/descrittore che impalla il visualizzatore *)
+notation > "{hvbox('Alu' ≝ alu ; break 'Clk' ≝ clk)}" non associative with precedence 80
+ for @{ 'mk_any_status $alu $mem $chk $clk }.
+interpretation "mk_any_status" 'mk_any_status alu mem chk clk =
+ (mk_any_status alu mem chk clk).
+
+(* **************** *)
+(* GETTER SPECIFICI *)
+(* **************** *)
+
+(* funzione ausiliaria per il tipaggio dei getter *)
+ndefinition aux_get_typing ≝ λx:Type.λm:mcu_type.match m with
+ [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ] → x.
+
+(* REGISTRI *)
+
+(* getter di A, esiste sempre *)
+ndefinition get_acc_8_low_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing byte8 with
+ [ HC05 ⇒ acc_low_reg_HC05
+ | HC08 ⇒ acc_low_reg_HC08
+ | HCS08 ⇒ acc_low_reg_HC08
+ | RS08 ⇒ acc_low_reg_RS08 ]
+ (alu m t s).
+
+(* getter di X, non esiste sempre *)
+ndefinition get_indX_8_low_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing (option byte8) with
+ [ HC05 ⇒ λalu.Some ? (indX_low_reg_HC05 alu)
+ | HC08 ⇒ λalu.Some ? (indX_low_reg_HC08 alu)
+ | HCS08 ⇒ λalu.Some ? (indX_low_reg_HC08 alu)
+ | RS08 ⇒ λalu.None ? ]
+ (alu m t s).
+
+(* getter di H, non esiste sempre *)
+ndefinition get_indX_8_high_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing (option byte8) with
+ [ HC05 ⇒ λalu.None ?
+ | HC08 ⇒ λalu.Some ? (indX_high_reg_HC08 alu)
+ | HCS08 ⇒ λalu.Some ? (indX_high_reg_HC08 alu)
+ | RS08 ⇒ λalu.None ? ]
+ (alu m t s).
+
+(* getter di H:X, non esiste sempre *)
+ndefinition get_indX_16_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing (option word16) with
+ [ HC05 ⇒ λalu.None ?
+ | HC08 ⇒ λalu.Some ? (mk_word16 (indX_high_reg_HC08 alu) (indX_low_reg_HC08 alu))
+ | HCS08 ⇒ λalu.Some ? (mk_word16 (indX_high_reg_HC08 alu) (indX_low_reg_HC08 alu))
+ | RS08 ⇒ λalu.None ? ]
+ (alu m t s).
+
+(* getter di SP, non esiste sempre *)
+ndefinition get_sp_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing (option word16) with
+ [ HC05 ⇒ λalu.Some ? (sp_reg_HC05 alu)
+ | HC08 ⇒ λalu.Some ? (sp_reg_HC08 alu)
+ | HCS08 ⇒ λalu.Some ? (sp_reg_HC08 alu)
+ | RS08 ⇒ λalu.None ? ]
+ (alu m t s).
+
+(* getter di PC, esiste sempre *)
+ndefinition get_pc_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing word16 with
+ [ HC05 ⇒ pc_reg_HC05
+ | HC08 ⇒ pc_reg_HC08
+ | HCS08 ⇒ pc_reg_HC08
+ | RS08 ⇒ pc_reg_RS08 ]
+ (alu m t s).
+
+(* getter di SPC, non esiste sempre *)
+ndefinition get_spc_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing (option word16) with
+ [ HC05 ⇒ λalu.None ?
+ | HC08 ⇒ λalu.None ?
+ | HCS08 ⇒ λalu.None ?
+ | RS08 ⇒ λalu.Some ? (spc_reg_RS08 alu) ]
+ (alu m t s).
+
+(* REGISTRI MEMORY MAPPED *)
+
+(* getter di memory mapped X, non esiste sempre *)
+ndefinition get_x_map ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing (option byte8) with
+ [ HC05 ⇒ λalu.None ?
+ | HC08 ⇒ λalu.None ?
+ | HCS08 ⇒ λalu.None ?
+ | RS08 ⇒ λalu.Some ? (x_map_RS08 alu) ]
+ (alu m t s).
+
+(* getter di memory mapped PS, non esiste sempre *)
+ndefinition get_ps_map ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing (option byte8) with
+ [ HC05 ⇒ λalu.None ?
+ | HC08 ⇒ λalu.None ?
+ | HCS08 ⇒ λalu.None ?
+ | RS08 ⇒ λalu.Some ? (ps_map_RS08 alu) ]
+ (alu m t s).
+
+(* FLAG *)
+
+(* getter di V, non esiste sempre *)
+ndefinition get_v_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing (option bool) with
+ [ HC05 ⇒ λalu.None ?
+ | HC08 ⇒ λalu.Some ? (v_flag_HC08 alu)
+ | HCS08 ⇒ λalu.Some ? (v_flag_HC08 alu)
+ | RS08 ⇒ λalu.None ? ]
+ (alu m t s).
+
+(* getter di H, non esiste sempre *)
+ndefinition get_h_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing (option bool) with
+ [ HC05 ⇒ λalu.Some ? (h_flag_HC05 alu)
+ | HC08 ⇒ λalu.Some ? (h_flag_HC08 alu)
+ | HCS08 ⇒ λalu.Some ? (h_flag_HC08 alu)
+ | RS08 ⇒ λalu.None ? ]
+ (alu m t s).
+
+(* getter di I, non esiste sempre *)
+ndefinition get_i_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing (option bool) with
+ [ HC05 ⇒ λalu.Some ? (i_flag_HC05 alu)
+ | HC08 ⇒ λalu.Some ? (i_flag_HC08 alu)
+ | HCS08 ⇒ λalu.Some ? (i_flag_HC08 alu)
+ | RS08 ⇒ λalu.None ? ]
+ (alu m t s).
+
+(* getter di N, non esiste sempre *)
+ndefinition get_n_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing (option bool) with
+ [ HC05 ⇒ λalu.Some ? (n_flag_HC05 alu)
+ | HC08 ⇒ λalu.Some ? (n_flag_HC08 alu)
+ | HCS08 ⇒ λalu.Some ? (n_flag_HC08 alu)
+ | RS08 ⇒ λalu.None ? ]
+ (alu m t s).
+
+(* getter di Z, esiste sempre *)
+ndefinition get_z_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing bool with
+ [ HC05 ⇒ z_flag_HC05
+ | HC08 ⇒ z_flag_HC08
+ | HCS08 ⇒ z_flag_HC08
+ | RS08 ⇒ z_flag_RS08 ]
+ (alu m t s).
+
+(* getter di C, esiste sempre *)
+ndefinition get_c_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing bool with
+ [ HC05 ⇒ c_flag_HC05
+ | HC08 ⇒ c_flag_HC08
+ | HCS08 ⇒ c_flag_HC08
+ | RS08 ⇒ c_flag_RS08 ]
+ (alu m t s).
+
+(* getter di IRQ, non esiste sempre *)
+ndefinition get_irq_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+ match m
+ return aux_get_typing (option bool) with
+ [ HC05 ⇒ λalu.Some ? (irq_flag_HC05 alu)
+ | HC08 ⇒ λalu.Some ? (irq_flag_HC08 alu)
+ | HCS08 ⇒ λalu.Some ? (irq_flag_HC08 alu)
+ | RS08 ⇒ λalu.None ? ]
+ (alu m t s).
+
+(* DESCRITTORI ESTERNI ALLA ALU *)
+
+(* getter della ALU, esiste sempre *)
+ndefinition get_alu ≝ λm:mcu_type.λt:memory_impl.λs:any_status m t.alu m t s.
+
+(* getter della memoria, esiste sempre *)
+ndefinition get_mem_desc ≝ λm:mcu_type.λt:memory_impl.λs:any_status m t.mem_desc m t s.
+
+(* getter del descrittore, esiste sempre *)
+ndefinition get_chk_desc ≝ λm:mcu_type.λt:memory_impl.λs:any_status m t.chk_desc m t s.
+
+(* getter del clik, esiste sempre *)
+ndefinition get_clk_desc ≝ λm:mcu_type.λt:memory_impl.λs:any_status m t.clk_desc m t s.
+
+(* ***************************** *)
+(* SETTER SPECIFICI FORTI/DEBOLI *)
+(* ***************************** *)
+
+(* funzione ausiliaria per il tipaggio dei setter forti *)
+ndefinition aux_set_typing ≝ λx:Type.λm:mcu_type.
+ match m with [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ]
+ → x →
+ match m with [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ].
+
+(* funzione ausiliaria per il tipaggio dei setter deboli *)
+ndefinition aux_set_typing_opt ≝ λx:Type.λm:mcu_type.option
+ (match m with [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ]
+ → x →
+ match m with [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ]).
+
+(* DESCRITTORI ESTERNI ALLA ALU *)
+
+(* setter forte della ALU *)
+ndefinition set_alu ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λalu'.
+ mk_any_status m t alu' (get_mem_desc m t s) (get_chk_desc m t s) (get_clk_desc m t s).
+
+(* setter forte della memoria *)
+ndefinition set_mem_desc ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λmem':aux_mem_type t.
+ mk_any_status m t (get_alu m t s) mem' (get_chk_desc m t s) (get_clk_desc m t s).
+
+(* setter forte del descrittore *)
+ndefinition set_chk_desc ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λchk':aux_chk_type t.
+ mk_any_status m t (get_alu m t s) (get_mem_desc m t s) chk' (get_clk_desc m t s).
+
+(* setter forte del clik *)
+ndefinition set_clk_desc ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.
+λclk':option (Prod5T byte8 (any_opcode m) (instr_mode) byte8 word16).
+ mk_any_status m t (get_alu m t s) (get_mem_desc m t s) (get_chk_desc m t s) clk'.
+
+(* REGISTRO A *)
+
+(* setter specifico HC05 di A *)
+ndefinition set_acc_8_low_reg_HC05 ≝
+λalu.λacclow':byte8.
+ mk_alu_HC05
+ acclow'
+ (indX_low_reg_HC05 alu)
+ (sp_reg_HC05 alu)
+ (sp_mask_HC05 alu)
+ (sp_fix_HC05 alu)
+ (pc_reg_HC05 alu)
+ (pc_mask_HC05 alu)
+ (h_flag_HC05 alu)
+ (i_flag_HC05 alu)
+ (n_flag_HC05 alu)
+ (z_flag_HC05 alu)
+ (c_flag_HC05 alu)
+ (irq_flag_HC05 alu).
+
+(* setter specifico HC08/HCS08 di A *)
+ndefinition set_acc_8_low_reg_HC08 ≝
+λalu.λacclow':byte8.
+ mk_alu_HC08
+ acclow'
+ (indX_low_reg_HC08 alu)
+ (indX_high_reg_HC08 alu)
+ (sp_reg_HC08 alu)
+ (pc_reg_HC08 alu)
+ (v_flag_HC08 alu)
+ (h_flag_HC08 alu)
+ (i_flag_HC08 alu)
+ (n_flag_HC08 alu)
+ (z_flag_HC08 alu)
+ (c_flag_HC08 alu)
+ (irq_flag_HC08 alu).
+
+(* setter specifico RS08 di A *)
+ndefinition set_acc_8_low_reg_RS08 ≝
+λalu.λacclow':byte8.
+ mk_alu_RS08
+ acclow'
+ (pc_reg_RS08 alu)
+ (pc_mask_RS08 alu)
+ (spc_reg_RS08 alu)
+ (x_map_RS08 alu)
+ (ps_map_RS08 alu)
+ (z_flag_RS08 alu)
+ (c_flag_RS08 alu).
+
+(* setter forte di A *)
+ndefinition set_acc_8_low_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λacclow':byte8.
+ set_alu m t s
+ (match m return aux_set_typing byte8 with
+ [ HC05 ⇒ set_acc_8_low_reg_HC05
+ | HC08 ⇒ set_acc_8_low_reg_HC08
+ | HCS08 ⇒ set_acc_8_low_reg_HC08
+ | RS08 ⇒ set_acc_8_low_reg_RS08
+ ] (alu m t s) acclow').
+
+(* REGISTRO X *)
+
+(* setter specifico HC05 di X *)
+ndefinition set_indX_8_low_reg_HC05 ≝
+λalu.λindxlow':byte8.
+ mk_alu_HC05
+ (acc_low_reg_HC05 alu)
+ indxlow'
+ (sp_reg_HC05 alu)
+ (sp_mask_HC05 alu)
+ (sp_fix_HC05 alu)
+ (pc_reg_HC05 alu)
+ (pc_mask_HC05 alu)
+ (h_flag_HC05 alu)
+ (i_flag_HC05 alu)
+ (n_flag_HC05 alu)
+ (z_flag_HC05 alu)
+ (c_flag_HC05 alu)
+ (irq_flag_HC05 alu).
+
+(* setter specifico HC08/HCS08 di X *)
+ndefinition set_indX_8_low_reg_HC08 ≝
+λalu.λindxlow':byte8.
+ mk_alu_HC08
+ (acc_low_reg_HC08 alu)
+ indxlow'
+ (indX_high_reg_HC08 alu)
+ (sp_reg_HC08 alu)
+ (pc_reg_HC08 alu)
+ (v_flag_HC08 alu)
+ (h_flag_HC08 alu)
+ (i_flag_HC08 alu)
+ (n_flag_HC08 alu)
+ (z_flag_HC08 alu)
+ (c_flag_HC08 alu)
+ (irq_flag_HC08 alu).
+
+(* setter forte di X *)
+ndefinition set_indX_8_low_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λindxlow':byte8.
+ opt_map ?? (match m return aux_set_typing_opt byte8 with
+ [ HC05 ⇒ Some ? set_indX_8_low_reg_HC05
+ | HC08 ⇒ Some ? set_indX_8_low_reg_HC08
+ | HCS08 ⇒ Some ? set_indX_8_low_reg_HC08
+ | RS08 ⇒ None ? ])
+ (λf.Some ? (set_alu m t s (f (alu m t s) indxlow'))).
+
+(* setter debole di X *)
+ndefinition setweak_indX_8_low_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λindxlow':byte8.
+ match set_indX_8_low_reg m t s indxlow' with
+ [ None ⇒ s | Some s' ⇒ s' ].
+
+(* REGISTRO H *)
+
+(* setter specifico HC08/HCS08 di H *)
+ndefinition set_indX_8_high_reg_HC08 ≝
+λalu.λindxhigh':byte8.
+ mk_alu_HC08
+ (acc_low_reg_HC08 alu)
+ (indX_low_reg_HC08 alu)
+ indxhigh'
+ (sp_reg_HC08 alu)
+ (pc_reg_HC08 alu)
+ (v_flag_HC08 alu)
+ (h_flag_HC08 alu)
+ (i_flag_HC08 alu)
+ (n_flag_HC08 alu)
+ (z_flag_HC08 alu)
+ (c_flag_HC08 alu)
+ (irq_flag_HC08 alu).
+
+(* setter forte di H *)
+ndefinition set_indX_8_high_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λindxhigh':byte8.
+ opt_map ?? (match m return aux_set_typing_opt byte8 with
+ [ HC05 ⇒ None ?
+ | HC08 ⇒ Some ? set_indX_8_high_reg_HC08
+ | HCS08 ⇒ Some ? set_indX_8_high_reg_HC08
+ | RS08 ⇒ None ? ])
+ (λf.Some ? (set_alu m t s (f (alu m t s) indxhigh'))).
+
+(* setter debole di H *)
+ndefinition setweak_indX_8_high_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λindxhigh':byte8.
+ match set_indX_8_high_reg m t s indxhigh' with
+ [ None ⇒ s | Some s' ⇒ s' ].
+
+(* REGISTRO H:X *)
+
+(* setter specifico HC08/HCS08 di H:X *)
+ndefinition set_indX_16_reg_HC08 ≝
+λalu.λindx16:word16.
+ mk_alu_HC08
+ (acc_low_reg_HC08 alu)
+ (w16l indx16)
+ (w16h indx16)
+ (sp_reg_HC08 alu)
+ (pc_reg_HC08 alu)
+ (v_flag_HC08 alu)
+ (h_flag_HC08 alu)
+ (i_flag_HC08 alu)
+ (n_flag_HC08 alu)
+ (z_flag_HC08 alu)
+ (c_flag_HC08 alu)
+ (irq_flag_HC08 alu).
+
+(* setter forte di H:X *)
+ndefinition set_indX_16_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λindx16:word16.
+ opt_map ?? (match m return aux_set_typing_opt word16 with
+ [ HC05 ⇒ None ?
+ | HC08 ⇒ Some ? set_indX_16_reg_HC08
+ | HCS08 ⇒ Some ? set_indX_16_reg_HC08
+ | RS08 ⇒ None ? ])
+ (λf.Some ? (set_alu m t s (f (alu m t s) indx16))).
+
+(* setter debole di H:X *)
+ndefinition setweak_indX_16_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λindx16:word16.
+ match set_indX_16_reg m t s indx16 with
+ [ None ⇒ s | Some s' ⇒ s' ].
+
+(* REGISTRO SP *)
+
+(* setter specifico HC05 di SP, effettua (SP∧mask)∨fix *)
+ndefinition set_sp_reg_HC05 ≝
+λalu.λsp':word16.
+ mk_alu_HC05
+ (acc_low_reg_HC05 alu)
+ (indX_low_reg_HC05 alu)
+ (or_w16 (and_w16 sp' (sp_mask_HC05 alu)) (sp_fix_HC05 alu))
+ (sp_mask_HC05 alu)
+ (sp_fix_HC05 alu)
+ (pc_reg_HC05 alu)
+ (pc_mask_HC05 alu)
+ (h_flag_HC05 alu)
+ (i_flag_HC05 alu)
+ (n_flag_HC05 alu)
+ (z_flag_HC05 alu)
+ (c_flag_HC05 alu)
+ (irq_flag_HC05 alu).
+
+(* setter specifico HC08/HCS08 di SP *)
+ndefinition set_sp_reg_HC08 ≝
+λalu.λsp':word16.
+ mk_alu_HC08
+ (acc_low_reg_HC08 alu)
+ (indX_low_reg_HC08 alu)
+ (indX_high_reg_HC08 alu)
+ sp'
+ (pc_reg_HC08 alu)
+ (v_flag_HC08 alu)
+ (h_flag_HC08 alu)
+ (i_flag_HC08 alu)
+ (n_flag_HC08 alu)
+ (z_flag_HC08 alu)
+ (c_flag_HC08 alu)
+ (irq_flag_HC08 alu).
+
+(* setter forte di SP *)
+ndefinition set_sp_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λsp':word16.
+ opt_map ?? (match m return aux_set_typing_opt word16 with
+ [ HC05 ⇒ Some ? set_sp_reg_HC05
+ | HC08 ⇒ Some ? set_sp_reg_HC08
+ | HCS08 ⇒ Some ? set_sp_reg_HC08
+ | RS08 ⇒ None ? ])
+ (λf.Some ? (set_alu m t s (f (alu m t s) sp'))).
+
+(* setter debole di SP *)
+ndefinition setweak_sp_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λsp':word16.
+ match set_sp_reg m t s sp' with
+ [ None ⇒ s | Some s' ⇒ s' ].
+
+(* REGISTRO PC *)
+
+(* setter specifico HC05 di PC, effettua PC∧mask *)
+ndefinition set_pc_reg_HC05 ≝
+λalu.λpc':word16.
+ mk_alu_HC05
+ (acc_low_reg_HC05 alu)
+ (indX_low_reg_HC05 alu)
+ (sp_reg_HC05 alu)
+ (sp_mask_HC05 alu)
+ (sp_fix_HC05 alu)
+ (and_w16 pc' (pc_mask_HC05 alu))
+ (pc_mask_HC05 alu)
+ (h_flag_HC05 alu)
+ (i_flag_HC05 alu)
+ (n_flag_HC05 alu)
+ (z_flag_HC05 alu)
+ (c_flag_HC05 alu)
+ (irq_flag_HC05 alu).
+
+(* setter specifico HC08/HCS08 di PC *)
+ndefinition set_pc_reg_HC08 ≝
+λalu.λpc':word16.
+ mk_alu_HC08
+ (acc_low_reg_HC08 alu)
+ (indX_low_reg_HC08 alu)
+ (indX_high_reg_HC08 alu)
+ (sp_reg_HC08 alu)
+ pc'
+ (v_flag_HC08 alu)
+ (h_flag_HC08 alu)
+ (i_flag_HC08 alu)
+ (n_flag_HC08 alu)
+ (z_flag_HC08 alu)
+ (c_flag_HC08 alu)
+ (irq_flag_HC08 alu).
+
+(* setter specifico RS08 di PC, effettua PC∧mask *)
+ndefinition set_pc_reg_RS08 ≝
+λalu.λpc':word16.
+ mk_alu_RS08
+ (acc_low_reg_RS08 alu)
+ (and_w16 pc' (pc_mask_RS08 alu))
+ (pc_mask_RS08 alu)
+ (spc_reg_RS08 alu)
+ (x_map_RS08 alu)
+ (ps_map_RS08 alu)
+ (z_flag_RS08 alu)
+ (c_flag_RS08 alu).
+
+(* setter forte di PC *)
+ndefinition set_pc_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λpc':word16.
+ set_alu m t s
+ (match m return aux_set_typing word16 with
+ [ HC05 ⇒ set_pc_reg_HC05
+ | HC08 ⇒ set_pc_reg_HC08
+ | HCS08 ⇒ set_pc_reg_HC08
+ | RS08 ⇒ set_pc_reg_RS08
+ ] (alu m t s) pc').
+
+(* REGISTRO SPC *)
+
+(* setter specifico RS08 di SPC, effettua SPC∧mask *)
+ndefinition set_spc_reg_RS08 ≝
+λalu.λspc':word16.
+ mk_alu_RS08
+ (acc_low_reg_RS08 alu)
+ (pc_reg_RS08 alu)
+ (pc_mask_RS08 alu)
+ (and_w16 spc' (pc_mask_RS08 alu))
+ (x_map_RS08 alu)
+ (ps_map_RS08 alu)
+ (z_flag_RS08 alu)
+ (c_flag_RS08 alu).
+
+(* setter forte di SPC *)
+ndefinition set_spc_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λspc':word16.
+ opt_map ?? (match m return aux_set_typing_opt word16 with
+ [ HC05 ⇒ None ?
+ | HC08 ⇒ None ?
+ | HCS08 ⇒ None ?
+ | RS08 ⇒ Some ? set_spc_reg_RS08 ])
+ (λf.Some ? (set_alu m t s (f (alu m t s) spc'))).
+
+(* setter debole di SPC *)
+ndefinition setweak_spc_reg ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λspc':word16.
+ match set_spc_reg m t s spc' with
+ [ None ⇒ s | Some s' ⇒ s' ].
+
+(* REGISTRO MEMORY MAPPED X *)
+
+(* setter specifico RS08 di memory mapped X *)
+ndefinition set_x_map_RS08 ≝
+λalu.λxm':byte8.
+ mk_alu_RS08
+ (acc_low_reg_RS08 alu)
+ (pc_reg_RS08 alu)
+ (pc_mask_RS08 alu)
+ (spc_reg_RS08 alu)
+ xm'
+ (ps_map_RS08 alu)
+ (z_flag_RS08 alu)
+ (c_flag_RS08 alu).
+
+(* setter forte di memory mapped X *)
+ndefinition set_x_map ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λxm':byte8.
+ opt_map ?? (match m return aux_set_typing_opt byte8 with
+ [ HC05 ⇒ None ?
+ | HC08 ⇒ None ?
+ | HCS08 ⇒ None ?
+ | RS08 ⇒ Some ? set_x_map_RS08 ])
+ (λf.Some ? (set_alu m t s (f (alu m t s) xm'))).
+
+(* setter debole di memory mapped X *)
+ndefinition setweak_x_map ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λxm':byte8.
+ match set_x_map m t s xm' with
+ [ None ⇒ s | Some s' ⇒ s' ].
+
+(* REGISTRO MEMORY MAPPED PS *)
+
+(* setter specifico RS08 di memory mapped PS *)
+ndefinition set_ps_map_RS08 ≝
+λalu.λpsm':byte8.
+ mk_alu_RS08
+ (acc_low_reg_RS08 alu)
+ (pc_reg_RS08 alu)
+ (pc_mask_RS08 alu)
+ (spc_reg_RS08 alu)
+ (x_map_RS08 alu)
+ psm'
+ (z_flag_RS08 alu)
+ (c_flag_RS08 alu).
+
+(* setter forte di memory mapped PS *)
+ndefinition set_ps_map ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λpsm':byte8.
+ opt_map ?? (match m return aux_set_typing_opt byte8 with
+ [ HC05 ⇒ None ?
+ | HC08 ⇒ None ?
+ | HCS08 ⇒ None ?
+ | RS08 ⇒ Some ? set_ps_map_RS08 ])
+ (λf.Some ? (set_alu m t s (f (alu m t s) psm'))).
+
+(* setter debole di memory mapped PS *)
+ndefinition setweak_ps_map ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λpsm':byte8.
+ match set_ps_map m t s psm' with
+ [ None ⇒ s | Some s' ⇒ s' ].
+
+(* FLAG V *)
+
+(* setter specifico HC08/HCS08 di V *)
+ndefinition set_v_flag_HC08 ≝
+λalu.λvfl':bool.
+ mk_alu_HC08
+ (acc_low_reg_HC08 alu)
+ (indX_low_reg_HC08 alu)
+ (indX_high_reg_HC08 alu)
+ (sp_reg_HC08 alu)
+ (pc_reg_HC08 alu)
+ vfl'
+ (h_flag_HC08 alu)
+ (i_flag_HC08 alu)
+ (n_flag_HC08 alu)
+ (z_flag_HC08 alu)
+ (c_flag_HC08 alu)
+ (irq_flag_HC08 alu).
+
+(* setter forte di V *)
+ndefinition set_v_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λvfl':bool.
+ opt_map ?? (match m return aux_set_typing_opt bool with
+ [ HC05 ⇒ None ?
+ | HC08 ⇒ Some ? set_v_flag_HC08
+ | HCS08 ⇒ Some ? set_v_flag_HC08
+ | RS08 ⇒ None ? ])
+ (λf.Some ? (set_alu m t s (f (alu m t s) vfl'))).
+
+(* setter debole di V *)
+ndefinition setweak_v_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λvfl':bool.
+ match set_v_flag m t s vfl' with
+ [ None ⇒ s | Some s' ⇒ s' ].
+
+(* FLAG H *)
+
+(* setter specifico HC05 di H *)
+ndefinition set_h_flag_HC05 ≝
+λalu.λhfl':bool.
+ mk_alu_HC05
+ (acc_low_reg_HC05 alu)
+ (indX_low_reg_HC05 alu)
+ (sp_reg_HC05 alu)
+ (sp_mask_HC05 alu)
+ (sp_fix_HC05 alu)
+ (pc_reg_HC05 alu)
+ (pc_mask_HC05 alu)
+ hfl'
+ (i_flag_HC05 alu)
+ (n_flag_HC05 alu)
+ (z_flag_HC05 alu)
+ (c_flag_HC05 alu)
+ (irq_flag_HC05 alu).
+
+(* setter specifico HC08/HCS08 di H *)
+ndefinition set_h_flag_HC08 ≝
+λalu.λhfl':bool.
+ mk_alu_HC08
+ (acc_low_reg_HC08 alu)
+ (indX_low_reg_HC08 alu)
+ (indX_high_reg_HC08 alu)
+ (sp_reg_HC08 alu)
+ (pc_reg_HC08 alu)
+ (v_flag_HC08 alu)
+ hfl'
+ (i_flag_HC08 alu)
+ (n_flag_HC08 alu)
+ (z_flag_HC08 alu)
+ (c_flag_HC08 alu)
+ (irq_flag_HC08 alu).
+
+(* setter forte di H *)
+ndefinition set_h_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λhfl':bool.
+ opt_map ?? (match m return aux_set_typing_opt bool with
+ [ HC05 ⇒ Some ? set_h_flag_HC05
+ | HC08 ⇒ Some ? set_h_flag_HC08
+ | HCS08 ⇒ Some ? set_h_flag_HC08
+ | RS08 ⇒ None ? ])
+ (λf.Some ? (set_alu m t s (f (alu m t s) hfl'))).
+
+(* setter debole di H *)
+ndefinition setweak_h_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λhfl':bool.
+ match set_h_flag m t s hfl' with
+ [ None ⇒ s | Some s' ⇒ s' ].
+
+(* FLAG I *)
+
+(* setter specifico HC05 di I *)
+ndefinition set_i_flag_HC05 ≝
+λalu.λifl':bool.
+ mk_alu_HC05
+ (acc_low_reg_HC05 alu)
+ (indX_low_reg_HC05 alu)
+ (sp_reg_HC05 alu)
+ (sp_mask_HC05 alu)
+ (sp_fix_HC05 alu)
+ (pc_reg_HC05 alu)
+ (pc_mask_HC05 alu)
+ (h_flag_HC05 alu)
+ ifl'
+ (n_flag_HC05 alu)
+ (z_flag_HC05 alu)
+ (c_flag_HC05 alu)
+ (irq_flag_HC05 alu).
+
+(* setter specifico HC08/HCS08 di I *)
+ndefinition set_i_flag_HC08 ≝
+λalu.λifl':bool.
+ mk_alu_HC08
+ (acc_low_reg_HC08 alu)
+ (indX_low_reg_HC08 alu)
+ (indX_high_reg_HC08 alu)
+ (sp_reg_HC08 alu)
+ (pc_reg_HC08 alu)
+ (v_flag_HC08 alu)
+ (h_flag_HC08 alu)
+ ifl'
+ (n_flag_HC08 alu)
+ (z_flag_HC08 alu)
+ (c_flag_HC08 alu)
+ (irq_flag_HC08 alu).
+
+(* setter forte di I *)
+ndefinition set_i_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λifl':bool.
+ opt_map ?? (match m return aux_set_typing_opt bool with
+ [ HC05 ⇒ Some ? set_i_flag_HC05
+ | HC08 ⇒ Some ? set_i_flag_HC08
+ | HCS08 ⇒ Some ? set_i_flag_HC08
+ | RS08 ⇒ None ? ])
+ (λf.Some ? (set_alu m t s (f (alu m t s) ifl'))).
+
+(* setter debole di I *)
+ndefinition setweak_i_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λifl':bool.
+ match set_i_flag m t s ifl' with
+ [ None ⇒ s | Some s' ⇒ s' ].
+
+(* FLAG N *)
+
+(* setter specifico HC05 di N *)
+ndefinition set_n_flag_HC05 ≝
+λalu.λnfl':bool.
+ mk_alu_HC05
+ (acc_low_reg_HC05 alu)
+ (indX_low_reg_HC05 alu)
+ (sp_reg_HC05 alu)
+ (sp_mask_HC05 alu)
+ (sp_fix_HC05 alu)
+ (pc_reg_HC05 alu)
+ (pc_mask_HC05 alu)
+ (h_flag_HC05 alu)
+ (i_flag_HC05 alu)
+ nfl'
+ (z_flag_HC05 alu)
+ (c_flag_HC05 alu)
+ (irq_flag_HC05 alu).
+
+(* setter specifico HC08/HCS08 di N *)
+ndefinition set_n_flag_HC08 ≝
+λalu.λnfl':bool.
+ mk_alu_HC08
+ (acc_low_reg_HC08 alu)
+ (indX_low_reg_HC08 alu)
+ (indX_high_reg_HC08 alu)
+ (sp_reg_HC08 alu)
+ (pc_reg_HC08 alu)
+ (v_flag_HC08 alu)
+ (h_flag_HC08 alu)
+ (i_flag_HC08 alu)
+ nfl'
+ (z_flag_HC08 alu)
+ (c_flag_HC08 alu)
+ (irq_flag_HC08 alu).
+
+(* setter forte di N *)
+ndefinition set_n_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λnfl':bool.
+ opt_map ?? (match m return aux_set_typing_opt bool with
+ [ HC05 ⇒ Some ? set_n_flag_HC05
+ | HC08 ⇒ Some ? set_n_flag_HC08
+ | HCS08 ⇒ Some ? set_n_flag_HC08
+ | RS08 ⇒ None ? ])
+ (λf.Some ? (set_alu m t s (f (alu m t s) nfl'))).
+
+(* setter debole di N *)
+ndefinition setweak_n_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λnfl':bool.
+ match set_n_flag m t s nfl' with
+ [ None ⇒ s | Some s' ⇒ s' ].
+
+(* FLAG Z *)
+
+(* setter specifico HC05 di Z *)
+ndefinition set_z_flag_HC05 ≝
+λalu.λzfl':bool.
+ mk_alu_HC05
+ (acc_low_reg_HC05 alu)
+ (indX_low_reg_HC05 alu)
+ (sp_reg_HC05 alu)
+ (sp_mask_HC05 alu)
+ (sp_fix_HC05 alu)
+ (pc_reg_HC05 alu)
+ (pc_mask_HC05 alu)
+ (h_flag_HC05 alu)
+ (i_flag_HC05 alu)
+ (n_flag_HC05 alu)
+ zfl'
+ (c_flag_HC05 alu)
+ (irq_flag_HC05 alu).
+
+(* setter specifico HC08/HCS08 di Z *)
+ndefinition set_z_flag_HC08 ≝
+λalu.λzfl':bool.
+ mk_alu_HC08
+ (acc_low_reg_HC08 alu)
+ (indX_low_reg_HC08 alu)
+ (indX_high_reg_HC08 alu)
+ (sp_reg_HC08 alu)
+ (pc_reg_HC08 alu)
+ (v_flag_HC08 alu)
+ (h_flag_HC08 alu)
+ (i_flag_HC08 alu)
+ (n_flag_HC08 alu)
+ zfl'
+ (c_flag_HC08 alu)
+ (irq_flag_HC08 alu).
+
+(* setter sprcifico RS08 di Z *)
+ndefinition set_z_flag_RS08 ≝
+λalu.λzfl':bool.
+ mk_alu_RS08
+ (acc_low_reg_RS08 alu)
+ (pc_reg_RS08 alu)
+ (pc_mask_RS08 alu)
+ (spc_reg_RS08 alu)
+ (x_map_RS08 alu)
+ (ps_map_RS08 alu)
+ zfl'
+ (c_flag_RS08 alu).
+
+(* setter forte di Z *)
+ndefinition set_z_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λzfl':bool.
+ set_alu m t s
+ (match m return aux_set_typing bool with
+ [ HC05 ⇒ set_z_flag_HC05
+ | HC08 ⇒ set_z_flag_HC08
+ | HCS08 ⇒ set_z_flag_HC08
+ | RS08 ⇒ set_z_flag_RS08
+ ] (alu m t s) zfl').
+
+(* FLAG C *)
+
+(* setter specifico HC05 di C *)
+ndefinition set_c_flag_HC05 ≝
+λalu.λcfl':bool.
+ mk_alu_HC05
+ (acc_low_reg_HC05 alu)
+ (indX_low_reg_HC05 alu)
+ (sp_reg_HC05 alu)
+ (sp_mask_HC05 alu)
+ (sp_fix_HC05 alu)
+ (pc_reg_HC05 alu)
+ (pc_mask_HC05 alu)
+ (h_flag_HC05 alu)
+ (i_flag_HC05 alu)
+ (n_flag_HC05 alu)
+ (z_flag_HC05 alu)
+ cfl'
+ (irq_flag_HC05 alu).
+
+(* setter specifico HC08/HCS08 di C *)
+ndefinition set_c_flag_HC08 ≝
+λalu.λcfl':bool.
+ mk_alu_HC08
+ (acc_low_reg_HC08 alu)
+ (indX_low_reg_HC08 alu)
+ (indX_high_reg_HC08 alu)
+ (sp_reg_HC08 alu)
+ (pc_reg_HC08 alu)
+ (v_flag_HC08 alu)
+ (h_flag_HC08 alu)
+ (i_flag_HC08 alu)
+ (n_flag_HC08 alu)
+ (z_flag_HC08 alu)
+ cfl'
+ (irq_flag_HC08 alu).
+
+(* setter specifico RS08 di C *)
+ndefinition set_c_flag_RS08 ≝
+λalu.λcfl':bool.
+ mk_alu_RS08
+ (acc_low_reg_RS08 alu)
+ (pc_reg_RS08 alu)
+ (pc_mask_RS08 alu)
+ (spc_reg_RS08 alu)
+ (x_map_RS08 alu)
+ (ps_map_RS08 alu)
+ (z_flag_RS08 alu)
+ cfl'.
+
+(* setter forte di C *)
+ndefinition set_c_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λcfl':bool.
+ set_alu m t s
+ (match m return aux_set_typing bool with
+ [ HC05 ⇒ set_c_flag_HC05
+ | HC08 ⇒ set_c_flag_HC08
+ | HCS08 ⇒ set_c_flag_HC08
+ | RS08 ⇒ set_c_flag_RS08
+ ] (alu m t s) cfl').
+
+(* FLAG IRQ *)
+
+(* setter specifico HC05 di IRQ *)
+ndefinition set_irq_flag_HC05 ≝
+λalu.λirqfl':bool.
+ mk_alu_HC05
+ (acc_low_reg_HC05 alu)
+ (indX_low_reg_HC05 alu)
+ (sp_reg_HC05 alu)
+ (sp_mask_HC05 alu)
+ (sp_fix_HC05 alu)
+ (pc_reg_HC05 alu)
+ (pc_mask_HC05 alu)
+ (h_flag_HC05 alu)
+ (i_flag_HC05 alu)
+ (n_flag_HC05 alu)
+ (z_flag_HC05 alu)
+ (c_flag_HC05 alu)
+ irqfl'.
+
+(* setter specifico HC08/HCS08 di IRQ *)
+ndefinition set_irq_flag_HC08 ≝
+λalu.λirqfl':bool.
+ mk_alu_HC08
+ (acc_low_reg_HC08 alu)
+ (indX_low_reg_HC08 alu)
+ (indX_high_reg_HC08 alu)
+ (sp_reg_HC08 alu)
+ (pc_reg_HC08 alu)
+ (v_flag_HC08 alu)
+ (h_flag_HC08 alu)
+ (i_flag_HC08 alu)
+ (n_flag_HC08 alu)
+ (z_flag_HC08 alu)
+ (c_flag_HC08 alu)
+ irqfl'.
+
+(* setter forte di IRQ *)
+ndefinition set_irq_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λirqfl':bool.
+ opt_map ?? (match m return aux_set_typing_opt bool with
+ [ HC05 ⇒ Some ? set_irq_flag_HC05
+ | HC08 ⇒ Some ? set_irq_flag_HC08
+ | HCS08 ⇒ Some ? set_irq_flag_HC08
+ | RS08 ⇒ None ? ])
+ (λf.Some ? (set_alu m t s (f (alu m t s) irqfl'))).
+
+(* setter debole di IRQ *)
+ndefinition setweak_irq_flag ≝
+λm:mcu_type.λt:memory_impl.λs:any_status m t.λirqfl':bool.
+ match set_irq_flag m t s irqfl' with
+ [ None ⇒ s | Some s' ⇒ s' ].
+
+(* ***************** *)
+(* CONFRONTO FRA ALU *)
+(* ***************** *)
+
+(* confronto registro per registro dell'HC05 *)
+ndefinition eq_alu_HC05 ≝
+λalu1,alu2:alu_HC05.
+ match alu1 with
+ [ mk_alu_HC05 acclow1 indxlow1 sp1 spm1 spf1 pc1 pcm1 hfl1 ifl1 nfl1 zfl1 cfl1 irqfl1 ⇒
+ match alu2 with
+ [ mk_alu_HC05 acclow2 indxlow2 sp2 spm2 spf2 pc2 pcm2 hfl2 ifl2 nfl2 zfl2 cfl2 irqfl2 ⇒
+ (eq_b8 acclow1 acclow2) ⊗
+ (eq_b8 indxlow1 indxlow2) ⊗
+ (eq_w16 sp1 sp2) ⊗
+ (eq_w16 spm1 spm2) ⊗
+ (eq_w16 spf1 spf2) ⊗
+ (eq_w16 pc1 pc2) ⊗
+ (eq_w16 pcm1 pcm2) ⊗
+ (eq_bool hfl1 hfl2) ⊗
+ (eq_bool ifl1 ifl2) ⊗
+ (eq_bool nfl1 nfl2) ⊗
+ (eq_bool zfl1 zfl2) ⊗
+ (eq_bool cfl1 cfl2) ⊗
+ (eq_bool irqfl1 irqfl2) ]].
+
+(* confronto registro per registro dell'HC08 *)
+ndefinition eq_alu_HC08 ≝
+λalu1,alu2:alu_HC08.
+ match alu1 with
+ [ mk_alu_HC08 acclow1 indxlow1 indxhigh1 sp1 pc1 vfl1 hfl1 ifl1 nfl1 zfl1 cfl1 irqfl1 ⇒
+ match alu2 with
+ [ mk_alu_HC08 acclow2 indxlow2 indxhigh2 sp2 pc2 vfl2 hfl2 ifl2 nfl2 zfl2 cfl2 irqfl2 ⇒
+ (eq_b8 acclow1 acclow2) ⊗
+ (eq_b8 indxlow1 indxlow2) ⊗
+ (eq_b8 indxhigh1 indxhigh2) ⊗
+ (eq_w16 sp1 sp2) ⊗
+ (eq_w16 pc1 pc2) ⊗
+ (eq_bool vfl1 vfl2) ⊗
+ (eq_bool hfl1 hfl2) ⊗
+ (eq_bool ifl1 ifl2) ⊗
+ (eq_bool nfl1 nfl2) ⊗
+ (eq_bool zfl1 zfl2) ⊗
+ (eq_bool cfl1 cfl2) ⊗
+ (eq_bool irqfl1 irqfl2) ]].
+
+(* confronto registro per registro dell'RS08 *)
+ndefinition eq_alu_RS08 ≝
+λalu1,alu2:alu_RS08.
+ match alu1 with
+ [ mk_alu_RS08 acclow1 pc1 pcm1 spc1 xm1 psm1 zfl1 cfl1 ⇒
+ match alu2 with
+ [ mk_alu_RS08 acclow2 pc2 pcm2 spc2 xm2 psm2 zfl2 cfl2 ⇒
+ (eq_b8 acclow1 acclow2) ⊗
+ (eq_w16 pc1 pc2) ⊗
+ (eq_w16 pcm1 pcm2) ⊗
+ (eq_w16 spc1 spc2) ⊗
+ (eq_b8 xm1 xm2) ⊗
+ (eq_b8 psm1 psm2) ⊗
+ (eq_bool zfl1 zfl2) ⊗
+ (eq_bool cfl1 cfl2) ]].
+
+(* ******************** *)
+(* CONFRONTO FRA STATUS *)
+(* ******************** *)
+
+(* confronto di una regione di memoria [addr1 ; ... ; addrn] *)
+nlet rec forall_memory_ranged
+ (t:memory_impl)
+ (chk1:aux_chk_type t) (chk2:aux_chk_type t)
+ (mem1:aux_mem_type t) (mem2:aux_mem_type t)
+ (addrl:list word16) on addrl ≝
+ match addrl return λ_.bool with
+ [ nil ⇒ true
+ | cons hd tl ⇒ (eq_option byte8 (mem_read t mem1 chk1 hd)
+ (mem_read t mem2 chk2 hd) eq_b8) ⊗
+ (forall_memory_ranged t chk1 chk2 mem1 mem2 tl)
+ ].
+
+(* il clk e' option (Prod5T byte8 (any_opcode m) (instr_mode) byte8 word16) *)
+ndefinition eq_clk ≝
+λm:mcu_type.λc1,c2:option (Prod5T byte8 (any_opcode m) (instr_mode) byte8 word16).
+ match c1 with
+ [ None ⇒ match c2 with
+ [ None ⇒ true | Some _ ⇒ false ]
+ | Some c1' ⇒ match c2 with
+ [ None ⇒ false | Some c2' ⇒ (eq_b8 (fst5T ????? c1') (fst5T ????? c2')) ⊗
+ (eq_anyop m (snd5T ????? c1') (snd5T ????? c2')) ⊗
+ (eq_instrmode (thd5T ????? c1') (thd5T ????? c2')) ⊗
+ (eq_b8 (frth5T ????? c1') (frth5T ????? c2')) ⊗
+ (eq_w16 (ffth5T ????? c1') (ffth5T ????? c2')) ]
+ ].
+
+(* generalizzazione del confronto fra stati *)
+ndefinition eq_status ≝
+λm:mcu_type.λt:memory_impl.λs1,s2:any_status m t.λaddrl:list word16.
+ match s1 with [ mk_any_status alu1 mem1 chk1 clk1 ⇒
+ match s2 with [ mk_any_status alu2 mem2 chk2 clk2 ⇒
+
+ (* 1) confronto della ALU *)
+ (match m return λm:mcu_type.
+ match m with
+ [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ] →
+ match m with
+ [ HC05 ⇒ alu_HC05 | HC08 ⇒ alu_HC08 | HCS08 ⇒ alu_HC08 | RS08 ⇒ alu_RS08 ] →
+ bool with
+ [ HC05 ⇒ eq_alu_HC05 | HC08 ⇒ eq_alu_HC08 | HCS08 ⇒ eq_alu_HC08 | RS08 ⇒ eq_alu_RS08 ]
+ alu1 alu2) ⊗
+
+ (* 2) confronto della memoria in [inf,inf+n] *)
+ (forall_memory_ranged t chk1 chk2 mem1 mem2 addrl) ⊗
+
+ (* 3) confronto del clik *)
+ (eq_clk m clk1 clk2)
+ ]].
--- /dev/null
+(**************************************************************************)
+(* ___ *)
+(* ||M|| *)
+(* ||A|| A project by Andrea Asperti *)
+(* ||T|| *)
+(* ||I|| Developers: *)
+(* ||T|| The HELM team. *)
+(* ||A|| http://helm.cs.unibo.it *)
+(* \ / *)
+(* \ / This file is distributed under the terms of the *)
+(* v GNU General Public License Version 2 *)
+(* *)
+(**************************************************************************)
+
+(* ********************************************************************** *)
+(* Progetto FreeScale *)
+(* *)
+(* Sviluppato da: *)
+(* Cosimo Oliboni, oliboni@cs.unibo.it *)
+(* *)
+(* Questo materiale fa parte della tesi: *)
+(* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *)
+(* *)
+(* data ultima modifica 15/11/2007 *)
+(* ********************************************************************** *)
+
+include "freescale/word16_lemmas.ma".
+include "freescale/opcode_base_lemmas1.ma".
+include "freescale/status.ma".
+include "freescale/option_lemmas.ma".
+include "freescale/prod_lemmas.ma".
+
+(* *********************************** *)
+(* STATUS INTERNO DEL PROCESSORE (ALU) *)
+(* *********************************** *)
+
+nlemma aluHC05_destruct_1 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13.
+ mk_alu_HC05 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 = mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 →
+ x1 = y1.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange with (match mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13
+ with [ mk_alu_HC05 a _ _ _ _ _ _ _ _ _ _ _ _ ⇒ x1 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC05_destruct_2 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13.
+ mk_alu_HC05 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 = mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 →
+ x2 = y2.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange with (match mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13
+ with [ mk_alu_HC05 _ a _ _ _ _ _ _ _ _ _ _ _ ⇒ x2 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC05_destruct_3 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13.
+ mk_alu_HC05 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 = mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 →
+ x3 = y3.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange with (match mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13
+ with [ mk_alu_HC05 _ _ a _ _ _ _ _ _ _ _ _ _ ⇒ x3 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC05_destruct_4 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13.
+ mk_alu_HC05 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 = mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 →
+ x4 = y4.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange with (match mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13
+ with [ mk_alu_HC05 _ _ _ a _ _ _ _ _ _ _ _ _ ⇒ x4 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC05_destruct_5 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13.
+ mk_alu_HC05 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 = mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 →
+ x5 = y5.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange with (match mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13
+ with [ mk_alu_HC05 _ _ _ _ a _ _ _ _ _ _ _ _ ⇒ x5 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC05_destruct_6 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13.
+ mk_alu_HC05 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 = mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 →
+ x6 = y6.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange with (match mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13
+ with [ mk_alu_HC05 _ _ _ _ _ a _ _ _ _ _ _ _ ⇒ x6 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC05_destruct_7 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13.
+ mk_alu_HC05 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 = mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 →
+ x7 = y7.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange with (match mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13
+ with [ mk_alu_HC05 _ _ _ _ _ _ a _ _ _ _ _ _ ⇒ x7 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC05_destruct_8 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13.
+ mk_alu_HC05 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 = mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 →
+ x8 = y8.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange with (match mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13
+ with [ mk_alu_HC05 _ _ _ _ _ _ _ a _ _ _ _ _ ⇒ x8 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC05_destruct_9 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13.
+ mk_alu_HC05 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 = mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 →
+ x9 = y9.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange with (match mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13
+ with [ mk_alu_HC05 _ _ _ _ _ _ _ _ a _ _ _ _ ⇒ x9 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC05_destruct_10 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13.
+ mk_alu_HC05 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 = mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 →
+ x10 = y10.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange with (match mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13
+ with [ mk_alu_HC05 _ _ _ _ _ _ _ _ _ a _ _ _ ⇒ x10 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC05_destruct_11 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13.
+ mk_alu_HC05 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 = mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 →
+ x11 = y11.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange with (match mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13
+ with [ mk_alu_HC05 _ _ _ _ _ _ _ _ _ _ a _ _ ⇒ x11 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC05_destruct_12 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13.
+ mk_alu_HC05 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 = mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 →
+ x12 = y12.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange with (match mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13
+ with [ mk_alu_HC05 _ _ _ _ _ _ _ _ _ _ _ a _ ⇒ x12 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC05_destruct_13 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13.
+ mk_alu_HC05 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 = mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 →
+ x13 = y13.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange with (match mk_alu_HC05 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13
+ with [ mk_alu_HC05 _ _ _ _ _ _ _ _ _ _ _ _ a ⇒ x13 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma symmetric_eqaluHC05 : symmetricT alu_HC05 bool eq_alu_HC05.
+ #alu1; #alu2;
+ ncases alu1;
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ ncases alu2;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13;
+ nchange with (
+ ((eq_b8 x1 y1) ⊗ (eq_b8 x2 y2) ⊗ (eq_w16 x3 y3) ⊗ (eq_w16 x4 y4) ⊗
+ (eq_w16 x5 y5) ⊗ (eq_w16 x6 y6) ⊗ (eq_w16 x7 y7) ⊗ (eq_bool x8 y8) ⊗
+ (eq_bool x9 y9) ⊗ (eq_bool x10 y10) ⊗ (eq_bool x11 y11) ⊗ (eq_bool x12 y12) ⊗
+ (eq_bool x13 y13)) = ((eq_b8 y1 x1) ⊗ (eq_b8 y2 x2) ⊗ (eq_w16 y3 x3) ⊗
+ (eq_w16 y4 x4) ⊗ (eq_w16 y5 x5) ⊗ (eq_w16 y6 x6) ⊗ (eq_w16 y7 x7) ⊗
+ (eq_bool y8 x8) ⊗ (eq_bool y9 x9) ⊗ (eq_bool y10 x10) ⊗ (eq_bool y11 x11) ⊗
+ (eq_bool y12 x12) ⊗ (eq_bool y13 x13)));
+ nrewrite > (symmetric_eqb8 x1 y1);
+ nrewrite > (symmetric_eqb8 x2 y2);
+ nrewrite > (symmetric_eqw16 x3 y3);
+ nrewrite > (symmetric_eqw16 x4 y4);
+ nrewrite > (symmetric_eqw16 x5 y5);
+ nrewrite > (symmetric_eqw16 x6 y6);
+ nrewrite > (symmetric_eqw16 x7 y7);
+ nrewrite > (symmetric_eqbool x8 y8);
+ nrewrite > (symmetric_eqbool x9 y9);
+ nrewrite > (symmetric_eqbool x10 y10);
+ nrewrite > (symmetric_eqbool x11 y11);
+ nrewrite > (symmetric_eqbool x12 y12);
+ nrewrite > (symmetric_eqbool x13 y13);
+ napply (refl_eq ??).
+nqed.
+
+nlemma eqaluHC05_to_eq : ∀alu1,alu2.eq_alu_HC05 alu1 alu2 = true → alu1 = alu2.
+ #alu1; #alu2;
+ ncases alu1;
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ ncases alu2;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nchange in H:(%) with (
+ ((eq_b8 x1 y1) ⊗ (eq_b8 x2 y2) ⊗
+ (eq_w16 x3 y3) ⊗ (eq_w16 x4 y4) ⊗
+ (eq_w16 x5 y5) ⊗ (eq_w16 x6 y6) ⊗
+ (eq_w16 x7 y7) ⊗ (eq_bool x8 y8) ⊗
+ (eq_bool x9 y9) ⊗ (eq_bool x10 y10) ⊗
+ (eq_bool x11 y11) ⊗ (eq_bool x12 y12) ⊗
+ (eq_bool x13 y13)) = true);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H));
+ nletin H1 ≝ (andb_true_true_l ?? H);
+ nrewrite > (eqbool_to_eq x12 y12 (andb_true_true_r ?? (andb_true_true_l ?? H)));
+ nletin H2 ≝ (andb_true_true_l ?? H1);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H2));
+ nletin H3 ≝ (andb_true_true_l ?? H2);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H3));
+ nletin H4 ≝ (andb_true_true_l ?? H3);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H4));
+ nletin H5 ≝ (andb_true_true_l ?? H4);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H5));
+ nletin H6 ≝ (andb_true_true_l ?? H5);
+ nrewrite > (eqw16_to_eq ?? (andb_true_true_r ?? H6));
+ nletin H7 ≝ (andb_true_true_l ?? H6);
+ nrewrite > (eqw16_to_eq ?? (andb_true_true_r ?? H7));
+ nletin H8 ≝ (andb_true_true_l ?? H7);
+ nrewrite > (eqw16_to_eq ?? (andb_true_true_r ?? H8));
+ nletin H9 ≝ (andb_true_true_l ?? H8);
+ nrewrite > (eqw16_to_eq ?? (andb_true_true_r ?? H9));
+ nletin H10 ≝ (andb_true_true_l ?? H9);
+ nrewrite > (eqw16_to_eq ?? (andb_true_true_r ?? H10));
+ nletin H11 ≝ (andb_true_true_l ?? H10);
+ nrewrite > (eqb8_to_eq ?? (andb_true_true_r ?? H11));
+ nrewrite > (eqb8_to_eq ?? (andb_true_true_l ?? H11));
+ napply (refl_eq ??).
+nqed.
+
+nlemma eq_to_eqaluHC05 : ∀alu1,alu2.alu1 = alu2 → eq_alu_HC05 alu1 alu2 = true.
+ #alu1; #alu2;
+ ncases alu1;
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12; #x13;
+ ncases alu2;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #y13; #H;
+ nrewrite > (aluHC05_destruct_1 ?????????????????????????? H);
+ nrewrite > (aluHC05_destruct_2 ?????????????????????????? H);
+ nrewrite > (aluHC05_destruct_3 ?????????????????????????? H);
+ nrewrite > (aluHC05_destruct_4 ?????????????????????????? H);
+ nrewrite > (aluHC05_destruct_5 ?????????????????????????? H);
+ nrewrite > (aluHC05_destruct_6 ?????????????????????????? H);
+ nrewrite > (aluHC05_destruct_7 ?????????????????????????? H);
+ nrewrite > (aluHC05_destruct_8 ?????????????????????????? H);
+ nrewrite > (aluHC05_destruct_9 ?????????????????????????? H);
+ nrewrite > (aluHC05_destruct_10 ?????????????????????????? H);
+ nrewrite > (aluHC05_destruct_11 ?????????????????????????? H);
+ nrewrite > (aluHC05_destruct_12 ?????????????????????????? H);
+ nrewrite > (aluHC05_destruct_13 ?????????????????????????? H);
+ nchange with (
+ ((eq_b8 y1 y1) ⊗ (eq_b8 y2 y2) ⊗
+ (eq_w16 y3 y3) ⊗ (eq_w16 y4 y4) ⊗
+ (eq_w16 y5 y5) ⊗ (eq_w16 y6 y6) ⊗
+ (eq_w16 y7 y7) ⊗ (eq_bool y8 y8) ⊗
+ (eq_bool y9 y9) ⊗ (eq_bool y10 y10) ⊗
+ (eq_bool y11 y11) ⊗ (eq_bool y12 y12) ⊗
+ (eq_bool y13 y13)) = true);
+ nrewrite > (eq_to_eqb8 y1 y1 (refl_eq ??));
+ nrewrite > (eq_to_eqb8 y2 y2 (refl_eq ??));
+ nrewrite > (eq_to_eqw16 y3 y3 (refl_eq ??));
+ nrewrite > (eq_to_eqw16 y4 y4 (refl_eq ??));
+ nrewrite > (eq_to_eqw16 y5 y5 (refl_eq ??));
+ nrewrite > (eq_to_eqw16 y6 y6 (refl_eq ??));
+ nrewrite > (eq_to_eqw16 y7 y7 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y8 y8 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y9 y9 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y10 y10 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y11 y11 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y12 y12 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y13 y13 (refl_eq ??));
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC08_destruct_1 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12.
+ mk_alu_HC08 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 = mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 →
+ x1 = y1.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nchange with (match mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12
+ with [ mk_alu_HC08 a _ _ _ _ _ _ _ _ _ _ _ ⇒ x1 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC08_destruct_2 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12.
+ mk_alu_HC08 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 = mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 →
+ x2 = y2.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nchange with (match mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12
+ with [ mk_alu_HC08 _ a _ _ _ _ _ _ _ _ _ _ ⇒ x2 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC08_destruct_3 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12.
+ mk_alu_HC08 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 = mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 →
+ x3 = y3.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nchange with (match mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12
+ with [ mk_alu_HC08 _ _ a _ _ _ _ _ _ _ _ _ ⇒ x3 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC08_destruct_4 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12.
+ mk_alu_HC08 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 = mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 →
+ x4 = y4.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nchange with (match mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12
+ with [ mk_alu_HC08 _ _ _ a _ _ _ _ _ _ _ _ ⇒ x4 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC08_destruct_5 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12.
+ mk_alu_HC08 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 = mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 →
+ x5 = y5.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nchange with (match mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12
+ with [ mk_alu_HC08 _ _ _ _ a _ _ _ _ _ _ _ ⇒ x5 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC08_destruct_6 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12.
+ mk_alu_HC08 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 = mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 →
+ x6 = y6.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nchange with (match mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12
+ with [ mk_alu_HC08 _ _ _ _ _ a _ _ _ _ _ _ ⇒ x6 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC08_destruct_7 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12.
+ mk_alu_HC08 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 = mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 →
+ x7 = y7.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nchange with (match mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12
+ with [ mk_alu_HC08 _ _ _ _ _ _ a _ _ _ _ _ ⇒ x7 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC08_destruct_8 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12.
+ mk_alu_HC08 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 = mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 →
+ x8 = y8.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nchange with (match mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12
+ with [ mk_alu_HC08 _ _ _ _ _ _ _ a _ _ _ _ ⇒ x8 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC08_destruct_9 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12.
+ mk_alu_HC08 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 = mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 →
+ x9 = y9.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nchange with (match mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12
+ with [ mk_alu_HC08 _ _ _ _ _ _ _ _ a _ _ _ ⇒ x9 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC08_destruct_10 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12.
+ mk_alu_HC08 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 = mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 →
+ x10 = y10.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nchange with (match mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12
+ with [ mk_alu_HC08 _ _ _ _ _ _ _ _ _ a _ _ ⇒ x10 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC08_destruct_11 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12.
+ mk_alu_HC08 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 = mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 →
+ x11 = y11.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nchange with (match mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12
+ with [ mk_alu_HC08 _ _ _ _ _ _ _ _ _ _ a _ ⇒ x11 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluHC08_destruct_12 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12.
+ mk_alu_HC08 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 = mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 →
+ x12 = y12.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nchange with (match mk_alu_HC08 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12
+ with [ mk_alu_HC08 _ _ _ _ _ _ _ _ _ _ _ a ⇒ x12 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma symmetric_eqaluHC08 : symmetricT alu_HC08 bool eq_alu_HC08.
+ #alu1; #alu2;
+ ncases alu1;
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ ncases alu2;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12;
+ nchange with (
+ ((eq_b8 x1 y1) ⊗ (eq_b8 x2 y2) ⊗ (eq_b8 x3 y3) ⊗ (eq_w16 x4 y4) ⊗
+ (eq_w16 x5 y5) ⊗ (eq_bool x6 y6) ⊗ (eq_bool x7 y7) ⊗ (eq_bool x8 y8) ⊗
+ (eq_bool x9 y9) ⊗ (eq_bool x10 y10) ⊗ (eq_bool x11 y11) ⊗ (eq_bool x12 y12)) =
+ ((eq_b8 y1 x1) ⊗ (eq_b8 y2 x2) ⊗ (eq_b8 y3 x3) ⊗ (eq_w16 y4 x4) ⊗
+ (eq_w16 y5 x5) ⊗ (eq_bool y6 x6) ⊗ (eq_bool y7 x7) ⊗ (eq_bool y8 x8) ⊗
+ (eq_bool y9 x9) ⊗ (eq_bool y10 x10) ⊗ (eq_bool y11 x11) ⊗ (eq_bool y12 x12)));
+ nrewrite > (symmetric_eqb8 x1 y1);
+ nrewrite > (symmetric_eqb8 x2 y2);
+ nrewrite > (symmetric_eqb8 x3 y3);
+ nrewrite > (symmetric_eqw16 x4 y4);
+ nrewrite > (symmetric_eqw16 x5 y5);
+ nrewrite > (symmetric_eqbool x6 y6);
+ nrewrite > (symmetric_eqbool x7 y7);
+ nrewrite > (symmetric_eqbool x8 y8);
+ nrewrite > (symmetric_eqbool x9 y9);
+ nrewrite > (symmetric_eqbool x10 y10);
+ nrewrite > (symmetric_eqbool x11 y11);
+ nrewrite > (symmetric_eqbool x12 y12);
+ napply (refl_eq ??).
+nqed.
+
+nlemma eqaluHC08_to_eq : ∀alu1,alu2.eq_alu_HC08 alu1 alu2 = true → alu1 = alu2.
+ #alu1; #alu2;
+ ncases alu1;
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ ncases alu2;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nchange in H:(%) with (
+ ((eq_b8 x1 y1) ⊗ (eq_b8 x2 y2) ⊗ (eq_b8 x3 y3) ⊗ (eq_w16 x4 y4) ⊗
+ (eq_w16 x5 y5) ⊗ (eq_bool x6 y6) ⊗ (eq_bool x7 y7) ⊗ (eq_bool x8 y8) ⊗
+ (eq_bool x9 y9) ⊗ (eq_bool x10 y10) ⊗ (eq_bool x11 y11) ⊗ (eq_bool x12 y12)) = true);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H));
+ nletin H1 ≝ (andb_true_true_l ?? H);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H1));
+ nletin H2 ≝ (andb_true_true_l ?? H1);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H2));
+ nletin H3 ≝ (andb_true_true_l ?? H2);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H3));
+ nletin H4 ≝ (andb_true_true_l ?? H3);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H4));
+ nletin H5 ≝ (andb_true_true_l ?? H4);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H5));
+ nletin H6 ≝ (andb_true_true_l ?? H5);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H6));
+ nletin H7 ≝ (andb_true_true_l ?? H6);
+ nrewrite > (eqw16_to_eq ?? (andb_true_true_r ?? H7));
+ nletin H8 ≝ (andb_true_true_l ?? H7);
+ nrewrite > (eqw16_to_eq ?? (andb_true_true_r ?? H8));
+ nletin H9 ≝ (andb_true_true_l ?? H8);
+ nrewrite > (eqb8_to_eq ?? (andb_true_true_r ?? H9));
+ nletin H10 ≝ (andb_true_true_l ?? H9);
+ nrewrite > (eqb8_to_eq ?? (andb_true_true_r ?? H10));
+ nrewrite > (eqb8_to_eq ?? (andb_true_true_l ?? H10));
+ napply (refl_eq ??).
+nqed.
+
+nlemma eq_to_eqaluHC08 : ∀alu1,alu2.alu1 = alu2 → eq_alu_HC08 alu1 alu2 = true.
+ #alu1; #alu2;
+ ncases alu1;
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8; #x9; #x10; #x11; #x12;
+ ncases alu2;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #y9; #y10; #y11; #y12; #H;
+ nrewrite > (aluHC08_destruct_1 ???????????????????????? H);
+ nrewrite > (aluHC08_destruct_2 ???????????????????????? H);
+ nrewrite > (aluHC08_destruct_3 ???????????????????????? H);
+ nrewrite > (aluHC08_destruct_4 ???????????????????????? H);
+ nrewrite > (aluHC08_destruct_5 ???????????????????????? H);
+ nrewrite > (aluHC08_destruct_6 ???????????????????????? H);
+ nrewrite > (aluHC08_destruct_7 ???????????????????????? H);
+ nrewrite > (aluHC08_destruct_8 ???????????????????????? H);
+ nrewrite > (aluHC08_destruct_9 ???????????????????????? H);
+ nrewrite > (aluHC08_destruct_10 ???????????????????????? H);
+ nrewrite > (aluHC08_destruct_11 ???????????????????????? H);
+ nrewrite > (aluHC08_destruct_12 ???????????????????????? H);
+ nchange with (
+ ((eq_b8 y1 y1) ⊗ (eq_b8 y2 y2) ⊗ (eq_b8 y3 y3) ⊗ (eq_w16 y4 y4) ⊗
+ (eq_w16 y5 y5) ⊗ (eq_bool y6 y6) ⊗ (eq_bool y7 y7) ⊗ (eq_bool y8 y8) ⊗
+ (eq_bool y9 y9) ⊗ (eq_bool y10 y10) ⊗ (eq_bool y11 y11) ⊗ (eq_bool y12 y12)) = true);
+ nrewrite > (eq_to_eqb8 y1 y1 (refl_eq ??));
+ nrewrite > (eq_to_eqb8 y2 y2 (refl_eq ??));
+ nrewrite > (eq_to_eqb8 y3 y3 (refl_eq ??));
+ nrewrite > (eq_to_eqw16 y4 y4 (refl_eq ??));
+ nrewrite > (eq_to_eqw16 y5 y5 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y6 y6 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y7 y7 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y8 y8 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y9 y9 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y10 y10 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y11 y11 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y12 y12 (refl_eq ??));
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluRS08_destruct_1 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,y1,y2,y3,y4,y5,y6,y7,y8.
+ mk_alu_RS08 x1 x2 x3 x4 x5 x6 x7 x8 = mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8 →
+ x1 = y1.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #H;
+ nchange with (match mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8
+ with [ mk_alu_RS08 a _ _ _ _ _ _ _ ⇒ x1 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluRS08_destruct_2 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,y1,y2,y3,y4,y5,y6,y7,y8.
+ mk_alu_RS08 x1 x2 x3 x4 x5 x6 x7 x8 = mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8 →
+ x2 = y2.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #H;
+ nchange with (match mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8
+ with [ mk_alu_RS08 _ a _ _ _ _ _ _ ⇒ x2 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluRS08_destruct_3 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,y1,y2,y3,y4,y5,y6,y7,y8.
+ mk_alu_RS08 x1 x2 x3 x4 x5 x6 x7 x8 = mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8 →
+ x3 = y3.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #H;
+ nchange with (match mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8
+ with [ mk_alu_RS08 _ _ a _ _ _ _ _ ⇒ x3 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluRS08_destruct_4 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,y1,y2,y3,y4,y5,y6,y7,y8.
+ mk_alu_RS08 x1 x2 x3 x4 x5 x6 x7 x8 = mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8 →
+ x4 = y4.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #H;
+ nchange with (match mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8
+ with [ mk_alu_RS08 _ _ _ a _ _ _ _ ⇒ x4 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluRS08_destruct_5 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,y1,y2,y3,y4,y5,y6,y7,y8.
+ mk_alu_RS08 x1 x2 x3 x4 x5 x6 x7 x8 = mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8 →
+ x5 = y5.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #H;
+ nchange with (match mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8
+ with [ mk_alu_RS08 _ _ _ _ a _ _ _ ⇒ x5 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluRS08_destruct_6 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,y1,y2,y3,y4,y5,y6,y7,y8.
+ mk_alu_RS08 x1 x2 x3 x4 x5 x6 x7 x8 = mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8 →
+ x6 = y6.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #H;
+ nchange with (match mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8
+ with [ mk_alu_RS08 _ _ _ _ _ a _ _ ⇒ x6 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluRS08_destruct_7 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,y1,y2,y3,y4,y5,y6,y7,y8.
+ mk_alu_RS08 x1 x2 x3 x4 x5 x6 x7 x8 = mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8 →
+ x7 = y7.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #H;
+ nchange with (match mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8
+ with [ mk_alu_RS08 _ _ _ _ _ _ a _ ⇒ x7 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma aluRS08_destruct_8 :
+∀x1,x2,x3,x4,x5,x6,x7,x8,y1,y2,y3,y4,y5,y6,y7,y8.
+ mk_alu_RS08 x1 x2 x3 x4 x5 x6 x7 x8 = mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8 →
+ x8 = y8.
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #H;
+ nchange with (match mk_alu_RS08 y1 y2 y3 y4 y5 y6 y7 y8
+ with [ mk_alu_RS08 _ _ _ _ _ _ _ a ⇒ x8 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma symmetric_eqaluRS08 : symmetricT alu_RS08 bool eq_alu_RS08.
+ #alu1; #alu2;
+ ncases alu1;
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8;
+ ncases alu2;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8;
+ nchange with (
+ ((eq_b8 x1 y1) ⊗ (eq_w16 x2 y2) ⊗
+ (eq_w16 x3 y3) ⊗ (eq_w16 x4 y4) ⊗
+ (eq_b8 x5 y5) ⊗ (eq_b8 x6 y6) ⊗
+ (eq_bool x7 y7) ⊗ (eq_bool x8 y8)) =
+ ((eq_b8 y1 x1) ⊗ (eq_w16 y2 x2) ⊗
+ (eq_w16 y3 x3) ⊗ (eq_w16 y4 x4) ⊗
+ (eq_b8 y5 x5) ⊗ (eq_b8 y6 x6) ⊗
+ (eq_bool y7 x7) ⊗ (eq_bool y8 x8)));
+ nrewrite > (symmetric_eqb8 x1 y1);
+ nrewrite > (symmetric_eqw16 x2 y2);
+ nrewrite > (symmetric_eqw16 x3 y3);
+ nrewrite > (symmetric_eqw16 x4 y4);
+ nrewrite > (symmetric_eqb8 x5 y5);
+ nrewrite > (symmetric_eqb8 x6 y6);
+ nrewrite > (symmetric_eqbool x7 y7);
+ nrewrite > (symmetric_eqbool x8 y8);
+ napply (refl_eq ??).
+nqed.
+
+nlemma eqaluRS08_to_eq : ∀alu1,alu2.eq_alu_RS08 alu1 alu2 = true → alu1 = alu2.
+ #alu1; #alu2;
+ ncases alu1;
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8;
+ ncases alu2;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #H;
+ nchange in H:(%) with (
+ ((eq_b8 x1 y1) ⊗ (eq_w16 x2 y2) ⊗
+ (eq_w16 x3 y3) ⊗ (eq_w16 x4 y4) ⊗
+ (eq_b8 x5 y5) ⊗ (eq_b8 x6 y6) ⊗
+ (eq_bool x7 y7) ⊗ (eq_bool x8 y8)) = true);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H));
+ nletin H1 ≝ (andb_true_true_l ?? H);
+ nrewrite > (eqbool_to_eq ?? (andb_true_true_r ?? H1));
+ nletin H2 ≝ (andb_true_true_l ?? H1);
+ nrewrite > (eqb8_to_eq ?? (andb_true_true_r ?? H2));
+ nletin H3 ≝ (andb_true_true_l ?? H2);
+ nrewrite > (eqb8_to_eq ?? (andb_true_true_r ?? H3));
+ nletin H4 ≝ (andb_true_true_l ?? H3);
+ nrewrite > (eqw16_to_eq ?? (andb_true_true_r ?? H4));
+ nletin H5 ≝ (andb_true_true_l ?? H4);
+ nrewrite > (eqw16_to_eq ?? (andb_true_true_r ?? H5));
+ nletin H6 ≝ (andb_true_true_l ?? H5);
+ nrewrite > (eqw16_to_eq ?? (andb_true_true_r ?? H6));
+ nrewrite > (eqb8_to_eq ?? (andb_true_true_l ?? H6));
+ napply (refl_eq ??).
+nqed.
+
+nlemma eq_to_eqaluRS08 : ∀alu1,alu2.alu1 = alu2 → eq_alu_RS08 alu1 alu2 = true.
+ #alu1; #alu2;
+ ncases alu1;
+ #x1; #x2; #x3; #x4; #x5; #x6; #x7; #x8;
+ ncases alu2;
+ #y1; #y2; #y3; #y4; #y5; #y6; #y7; #y8; #H;
+ nrewrite > (aluRS08_destruct_1 ???????????????? H);
+ nrewrite > (aluRS08_destruct_2 ???????????????? H);
+ nrewrite > (aluRS08_destruct_3 ???????????????? H);
+ nrewrite > (aluRS08_destruct_4 ???????????????? H);
+ nrewrite > (aluRS08_destruct_5 ???????????????? H);
+ nrewrite > (aluRS08_destruct_6 ???????????????? H);
+ nrewrite > (aluRS08_destruct_7 ???????????????? H);
+ nrewrite > (aluRS08_destruct_8 ???????????????? H);
+ nchange with (
+ ((eq_b8 y1 y1) ⊗ (eq_w16 y2 y2) ⊗
+ (eq_w16 y3 y3) ⊗ (eq_w16 y4 y4) ⊗
+ (eq_b8 y5 y5) ⊗ (eq_b8 y6 y6) ⊗
+ (eq_bool y7 y7) ⊗ (eq_bool y8 y8)) = true);
+ nrewrite > (eq_to_eqb8 y1 y1 (refl_eq ??));
+ nrewrite > (eq_to_eqw16 y2 y2 (refl_eq ??));
+ nrewrite > (eq_to_eqw16 y3 y3 (refl_eq ??));
+ nrewrite > (eq_to_eqw16 y4 y4 (refl_eq ??));
+ nrewrite > (eq_to_eqb8 y5 y5 (refl_eq ??));
+ nrewrite > (eq_to_eqb8 y6 y6 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y7 y7 (refl_eq ??));
+ nrewrite > (eq_to_eqbool y8 y8 (refl_eq ??));
+ napply (refl_eq ??).
+nqed.
+
+nlemma symmetric_eqclk : ∀mcu,clk1,clk2.eq_clk mcu clk1 clk2 = eq_clk mcu clk2 clk1.
+ #mcu; #clk1; #clk2;
+ ncases clk1;
+ ncases clk2;
+ ##[ ##1: napply (refl_eq ??)
+ ##| ##2,3: nnormalize; #H; napply (refl_eq ??)
+ ##| ##4: #p1; ncases p1; #x1; #x2; #x3; #x4; #x5;
+ #p2; ncases p2; #y1; #y2; #y3; #y4; #y5;
+ nchange with (
+ ((eq_b8 y1 x1) ⊗ (eq_anyop ? y2 x2) ⊗ (eq_instrmode y3 x3) ⊗ (eq_b8 y4 x4) ⊗ (eq_w16 y5 x5)) =
+ ((eq_b8 x1 y1) ⊗ (eq_anyop ? x2 y2) ⊗ (eq_instrmode x3 y3) ⊗ (eq_b8 x4 y4) ⊗ (eq_w16 x5 y5)));
+ nrewrite > (symmetric_eqb8 x1 y1);
+ nrewrite > (symmetric_eqanyop ? x2 y2);
+ nrewrite > (symmetric_eqinstrmode x3 y3);
+ nrewrite > (symmetric_eqb8 x4 y4);
+ nrewrite > (symmetric_eqw16 x5 y5);
+ napply (refl_eq ??)
+ ##]
+nqed.
+
+nlemma eqclk_to_eq : ∀mcu,clk1,clk2.eq_clk mcu clk1 clk2 = true → clk1 = clk2.
+ #mcu; #clk1; #clk2;
+ ncases clk1;
+ ncases clk2;
+ ##[ ##1: nnormalize; #H; napply (refl_eq ??)
+ ##| ##2,3: nnormalize; #H; #H1; napply (bool_destruct ??? H1)
+ ##| ##4: #p1; ncases p1; #x1; #x2; #x3; #x4; #x5;
+ #p2; ncases p2; #y1; #y2; #y3; #y4; #y5; #H;
+ nchange in H:(%) with (
+ ((eq_b8 y1 x1) ⊗ (eq_anyop ? y2 x2) ⊗ (eq_instrmode y3 x3) ⊗ (eq_b8 y4 x4) ⊗ (eq_w16 y5 x5)) = true);
+ nrewrite > (eqw16_to_eq ?? (andb_true_true_r ?? H));
+ nletin H1 ≝ (andb_true_true_l ?? H);
+ nrewrite > (eqb8_to_eq ?? (andb_true_true_r ?? H1));
+ nletin H2 ≝ (andb_true_true_l ?? H1);
+ nrewrite > (eqinstrmode_to_eq ?? (andb_true_true_r ?? H2));
+ nletin H3 ≝ (andb_true_true_l ?? H2);
+ nrewrite > (eqanyop_to_eq ??? (andb_true_true_r ?? H3));
+ nrewrite > (eqb8_to_eq ?? (andb_true_true_l ?? H3));
+ napply (refl_eq ??)
+ ##]
+nqed.
+
+nlemma eq_to_eqclk : ∀mcu,clk1,clk2.clk1 = clk2 → eq_clk mcu clk1 clk2 = true.
+ #mcu; #clk1; #clk2;
+ ncases clk1;
+ ncases clk2;
+ ##[ ##1: nnormalize; #H; napply (refl_eq ??)
+ ##| ##2: nnormalize; #p; #H1; nelim (option_destruct_none_some ?? H1)
+ ##| ##3: nnormalize; #p; #H1; nelim (option_destruct_some_none ?? H1)
+ ##| ##4: #p1; ncases p1; #x1; #x2; #x3; #x4; #x5;
+ #p2; ncases p2; #y1; #y2; #y3; #y4; #y5; #H;
+ nrewrite > (quintuple_destruct_1 ??????????????? (option_destruct_some_some ??? H));
+ nrewrite > (quintuple_destruct_2 ??????????????? (option_destruct_some_some ??? H));
+ nrewrite > (quintuple_destruct_3 ??????????????? (option_destruct_some_some ??? H));
+ nrewrite > (quintuple_destruct_4 ??????????????? (option_destruct_some_some ??? H));
+ nrewrite > (quintuple_destruct_5 ??????????????? (option_destruct_some_some ??? H));
+ nchange with (
+ ((eq_b8 x1 x1) ⊗ (eq_anyop ? x2 x2) ⊗ (eq_instrmode x3 x3) ⊗ (eq_b8 x4 x4) ⊗ (eq_w16 x5 x5)) = true);
+ nrewrite > (eq_to_eqb8 x1 x1 (refl_eq ??));
+ nrewrite > (eq_to_eqanyop mcu x2 x2 (refl_eq ? x2));
+ nrewrite > (eq_to_eqinstrmode x3 x3 (refl_eq ??));
+ nrewrite > (eq_to_eqb8 x4 x4 (refl_eq ??));
+ nrewrite > (eq_to_eqw16 x5 x5 (refl_eq ??));
+ nnormalize;
+ napply (refl_eq ??)
+ ##]
+nqed.
+
+nlemma symmetric_forallmemoryranged :
+∀t.∀chk1,chk2:aux_chk_type t.∀mem1,mem2:aux_mem_type t.∀addrl.
+ forall_memory_ranged t chk1 chk2 mem1 mem2 addrl =
+ forall_memory_ranged t chk2 chk1 mem2 mem1 addrl.
+ #t; #chk1; #chk2; #mem1; #mem2; #addrl;
+ napply (list_ind word16 ??? addrl);
+ ##[ ##1: nnormalize; napply (refl_eq ??)
+ ##| ##2: #a; #l; #H;
+ nchange with (
+ ((eq_option byte8 (mem_read t mem1 chk1 a)
+ (mem_read t mem2 chk2 a) eq_b8) ⊗
+ (forall_memory_ranged t chk1 chk2 mem1 mem2 l)) =
+ ((eq_option byte8 (mem_read t mem2 chk2 a)
+ (mem_read t mem1 chk1 a) eq_b8) ⊗
+ (forall_memory_ranged t chk2 chk1 mem2 mem1 l)));
+ nrewrite > H;
+ nrewrite > (symmetric_eqoption ? (mem_read t mem1 chk1 a) (mem_read t mem2 chk2 a) eq_b8 symmetric_eqb8);
+ napply (refl_eq ??)
+ ##]
+nqed.
+
+nlemma anystatus_destruct_1 :
+∀m,t.∀x1,x2,x3,x4,y1,y2,y3,y4.
+ mk_any_status m t x1 x2 x3 x4 = mk_any_status m t y1 y2 y3 y4 →
+ x1 = y1.
+ #m; #t;
+ #x1; #x2; #x3; #x4;
+ #y1; #y2; #y3; #y4; #H;
+ nchange with (match mk_any_status m t y1 y2 y3 y4
+ with [ mk_any_status a _ _ _ ⇒ x1 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma anystatus_destruct_2 :
+∀m,t.∀x1,x2,x3,x4,y1,y2,y3,y4.
+ mk_any_status m t x1 x2 x3 x4 = mk_any_status m t y1 y2 y3 y4 →
+ x2 = y2.
+ #m; #t;
+ #x1; #x2; #x3; #x4;
+ #y1; #y2; #y3; #y4; #H;
+ nchange with (match mk_any_status m t y1 y2 y3 y4
+ with [ mk_any_status _ a _ _ ⇒ x2 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma anystatus_destruct_3 :
+∀m,t.∀x1,x2,x3,x4,y1,y2,y3,y4.
+ mk_any_status m t x1 x2 x3 x4 = mk_any_status m t y1 y2 y3 y4 →
+ x3 = y3.
+ #m; #t;
+ #x1; #x2; #x3; #x4;
+ #y1; #y2; #y3; #y4; #H;
+ nchange with (match mk_any_status m t y1 y2 y3 y4
+ with [ mk_any_status _ _ a _ ⇒ x3 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma anystatus_destruct_4 :
+∀m,t.∀x1,x2,x3,x4,y1,y2,y3,y4.
+ mk_any_status m t x1 x2 x3 x4 = mk_any_status m t y1 y2 y3 y4 →
+ x4 = y4.
+ #m; #t;
+ #x1; #x2; #x3; #x4;
+ #y1; #y2; #y3; #y4; #H;
+ nchange with (match mk_any_status m t y1 y2 y3 y4
+ with [ mk_any_status _ _ _ a ⇒ x4 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+nlemma symmetric_eqstatus :
+∀addrl:list word16.∀m:mcu_type.∀t:memory_impl.∀s1,s2:any_status m t.
+ eq_status m t s1 s2 addrl = eq_status m t s2 s1 addrl.
+ #addrl; #m;
+ ncases m; #t; #s1;
+ ##[ ##1: ncases s1; #x1; #x2; #x3; #x4;
+ #s2; ncases s2; #y1; #y2; #y3; #y4;
+ nchange with (
+ ((eq_alu_HC05 x1 y1) ⊗ (forall_memory_ranged t x3 y3 x2 y2 addrl) ⊗ (eq_clk HC05 x4 y4)) =
+ ((eq_alu_HC05 y1 x1) ⊗ (forall_memory_ranged t y3 x3 y2 x2 addrl) ⊗ (eq_clk HC05 y4 x4)));
+ nrewrite > (symmetric_eqaluHC05 x1 y1)
+ ##| ##2,3: ncases s1; #x1; #x2; #x3; #x4;
+ #s2; ncases s2; #y1; #y2; #y3; #y4;
+ nchange with (
+ ((eq_alu_HC08 x1 y1) ⊗ (forall_memory_ranged t x3 y3 x2 y2 addrl) ⊗ (eq_clk ? x4 y4)) =
+ ((eq_alu_HC08 y1 x1) ⊗ (forall_memory_ranged t y3 x3 y2 x2 addrl) ⊗ (eq_clk ? y4 x4)));
+ nrewrite > (symmetric_eqaluHC08 x1 y1)
+ ##| ##4: ncases s1; #x1; #x2; #x3; #x4;
+ #s2; ncases s2; #y1; #y2; #y3; #y4;
+ nchange with (
+ ((eq_alu_RS08 x1 y1) ⊗ (forall_memory_ranged t x3 y3 x2 y2 addrl) ⊗ (eq_clk RS08 x4 y4)) =
+ ((eq_alu_RS08 y1 x1) ⊗ (forall_memory_ranged t y3 x3 y2 x2 addrl) ⊗ (eq_clk RS08 y4 x4)));
+ nrewrite > (symmetric_eqaluRS08 x1 y1)
+ ##]
+ nrewrite > (symmetric_forallmemoryranged t x3 y3 x2 y2 addrl);
+ nrewrite > (symmetric_eqclk ? x4 y4);
+ napply (refl_eq ??).
+nqed.
+
+nlemma eqstatus_to_eq :
+∀addrl:list word16.∀m:mcu_type.∀t:memory_impl.∀s1,s2:any_status m t.
+ (eq_status m t s1 s2 addrl = true) →
+ ((alu m t s1 = alu m t s2) ∧
+ (clk_desc m t s1 = clk_desc m t s2) ∧
+ ((forall_memory_ranged t (chk_desc m t s1) (chk_desc m t s2)
+ (mem_desc m t s1) (mem_desc m t s2) addrl) = true)).
+ #addrl; #m; #t;
+ ncases m; #s1;
+ ##[ ##1: ncases s1; #x1; #x2; #x3; #x4;
+ #s2; ncases s2; #y1; #y2; #y3; #y4; #H;
+ nchange in H:(%) with (
+ ((eq_alu_HC05 x1 y1) ⊗ (forall_memory_ranged t x3 y3 x2 y2 addrl) ⊗ (eq_clk ? x4 y4)) = true);
+ nrewrite > (eqaluHC05_to_eq ?? (andb_true_true_l ?? (andb_true_true_l ?? H)))
+ ##| ##2,3: ncases s1; #x1; #x2; #x3; #x4;
+ #s2; ncases s2; #y1; #y2; #y3; #y4; #H;
+ nchange in H:(%) with (
+ ((eq_alu_HC08 x1 y1) ⊗ (forall_memory_ranged t x3 y3 x2 y2 addrl) ⊗ (eq_clk ? x4 y4)) = true);
+ nrewrite > (eqaluHC08_to_eq ?? (andb_true_true_l ?? (andb_true_true_l ?? H)))
+ ##| ##4: ncases s1; #x1; #x2; #x3; #x4;
+ #s2; ncases s2; #y1; #y2; #y3; #y4; #H;
+ nchange in H:(%) with (
+ ((eq_alu_RS08 x1 y1) ⊗ (forall_memory_ranged t x3 y3 x2 y2 addrl) ⊗ (eq_clk ? x4 y4)) = true);
+ nrewrite > (eqaluRS08_to_eq ?? (andb_true_true_l ?? (andb_true_true_l ?? H)))
+ ##]
+ nchange with ((y1 = y1) ∧ (x4 = y4) ∧ (forall_memory_ranged t x3 y3 x2 y2 addrl = true));
+ nrewrite > (andb_true_true_r ?? (andb_true_true_l ?? H));
+ nrewrite > (eqclk_to_eq ??? (andb_true_true_r ?? H));
+ napply (conj ?? (conj ?? (refl_eq ??) (refl_eq ??)) (refl_eq ??)).
+nqed.
+
+nlemma eq_to_eqstatus_strong :
+∀addrl:list word16.∀m:mcu_type.∀t:memory_impl.∀s1,s2:any_status m t.
+ s1 = s2 → (eq_status m t s1 s2 addrl = true).
+ #addrl; #m; #t;
+ ncases m;
+ ##[ ##1: #s1; ncases s1; #x1; #x2; #x3; #x4;
+ #s2; ncases s2; #y1; #y2; #y3; #y4; #H;
+ nchange with (
+ ((eq_alu_HC05 x1 y1) ⊗ (forall_memory_ranged t x3 y3 x2 y2 addrl) ⊗ (eq_clk ? x4 y4)) = true);
+ nrewrite > (anystatus_destruct_1 ?????????? H);
+ nrewrite > (eq_to_eqaluHC05 y1 y1 (refl_eq ??))
+ ##| ##2,3: #s1; ncases s1; #x1; #x2; #x3; #x4;
+ #s2; ncases s2; #y1; #y2; #y3; #y4; #H;
+ nchange with (
+ ((eq_alu_HC08 x1 y1) ⊗ (forall_memory_ranged t x3 y3 x2 y2 addrl) ⊗ (eq_clk ? x4 y4)) = true);
+ nrewrite > (anystatus_destruct_1 ?????????? H);
+ nrewrite > (eq_to_eqaluHC08 y1 y1 (refl_eq ??))
+ ##| ##4: #s1; ncases s1; #x1; #x2; #x3; #x4;
+ #s2; ncases s2; #y1; #y2; #y3; #y4; #H;
+ nchange with (
+ ((eq_alu_RS08 x1 y1) ⊗ (forall_memory_ranged t x3 y3 x2 y2 addrl) ⊗ (eq_clk ? x4 y4)) = true);
+ nrewrite > (anystatus_destruct_1 ?????????? H);
+ nrewrite > (eq_to_eqaluRS08 y1 y1 (refl_eq ??))
+ ##]
+ nrewrite > (anystatus_destruct_2 ?????????? H);
+ nrewrite > (anystatus_destruct_3 ?????????? H);
+ nrewrite > (anystatus_destruct_4 ?????????? H);
+ nrewrite > (eq_to_eqclk ? y4 y4 (refl_eq ??));
+ nchange with ((forall_memory_ranged ?????? ⊗ true) =true);
+ nrewrite > (symmetric_andbool (forall_memory_ranged t y3 y3 y2 y2 addrl) true);
+ nchange with (forall_memory_ranged ?????? = true);
+ napply (list_ind word16 ??? addrl);
+ ##[ ##1,3,5,7: nnormalize; napply (refl_eq ??)
+ ##| ##2,4,6,8: #a; #l'; #H;
+ nchange with (
+ ((eq_option byte8 (mem_read t y2 y3 a)
+ (mem_read t y2 y3 a) eq_b8) ⊗
+ (forall_memory_ranged t y3 y3 y2 y2 l')) = true);
+ nrewrite > H;
+ nrewrite > (eq_to_eqoption ? (mem_read t y2 y3 a) (mem_read t y2 y3 a) eq_b8 eq_to_eqb8 (refl_eq ??));
+ nnormalize;
+ napply (refl_eq ??)
+ ##]
+nqed.
+
+nlemma eq_to_eqstatus_weak :
+∀addrl:list word16.∀m:mcu_type.∀t:memory_impl.∀s1,s2:any_status m t.
+ (alu m t s1 = alu m t s2) →
+ (clk_desc m t s1 = clk_desc m t s2) →
+ ((forall_memory_ranged t (chk_desc m t s1) (chk_desc m t s2)
+ (mem_desc m t s1) (mem_desc m t s2) addrl) = true) →
+ (eq_status m t s1 s2 addrl = true).
+ #addrl; #m; #t;
+ ncases m;
+ ##[ ##1: #s1; ncases s1; #x1; #x2; #x3; #x4;
+ #s2; ncases s2; #y1; #y2; #y3; #y4; #H; #H1; #H2;
+ nchange with (((eq_alu_HC05 x1 y1) ⊗ (forall_memory_ranged t x3 y3 x2 y2 addrl) ⊗ (eq_clk ? x4 y4)) = true);
+ nchange in H:(%) with (x1 = y1);
+ nrewrite > H;
+ nrewrite > (eq_to_eqaluHC05 y1 y1 (refl_eq ??))
+ ##| ##2,3: #s1; ncases s1; #x1; #x2; #x3; #x4;
+ #s2; ncases s2; #y1; #y2; #y3; #y4; #H; #H1; #H2;
+ nchange with (((eq_alu_HC08 x1 y1) ⊗ (forall_memory_ranged t x3 y3 x2 y2 addrl) ⊗ (eq_clk ? x4 y4)) = true);
+ nchange in H:(%) with (x1 = y1);
+ nrewrite > H;
+ nrewrite > (eq_to_eqaluHC08 y1 y1 (refl_eq ??))
+ ##| ##4: #s1; ncases s1; #x1; #x2; #x3; #x4;
+ #s2; ncases s2; #y1; #y2; #y3; #y4; #H; #H1; #H2;
+ nchange with (((eq_alu_RS08 x1 y1) ⊗ (forall_memory_ranged t x3 y3 x2 y2 addrl) ⊗ (eq_clk ? x4 y4)) = true);
+ nchange in H:(%) with (x1 = y1);
+ nrewrite > H;
+ nrewrite > (eq_to_eqaluRS08 y1 y1 (refl_eq ??))
+ ##]
+ nchange in H2:(%) with (forall_memory_ranged t x3 y3 x2 y2 addrl = true);
+ nrewrite > H2;
+ nchange in H1:(%) with (x4 = y4);
+ nrewrite > H1;
+ nrewrite > (eq_to_eqclk ? y4 y4 (refl_eq ??));
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
(⊖ (test_not_impl_byte b HCS08_not_impl_byte) ⊙ eq_nat (get_byte_count HCS08 b 0 opcode_table_HCS08) 0))
= true.
napply (refl_eq ??).
-qed.
+nqed.
(* HCS08: opcode non implementati come da manuale (0x9E+byte) *)
ndefinition HCS08_not_impl_word ≝
--- /dev/null
+(**************************************************************************)
+(* ___ *)
+(* ||M|| *)
+(* ||A|| A project by Andrea Asperti *)
+(* ||T|| *)
+(* ||I|| Developers: *)
+(* ||T|| The HELM team. *)
+(* ||A|| http://helm.cs.unibo.it *)
+(* \ / *)
+(* \ / This file is distributed under the terms of the *)
+(* v GNU General Public License Version 2 *)
+(* *)
+(**************************************************************************)
+
+(* ********************************************************************** *)
+(* Progetto FreeScale *)
+(* *)
+(* Sviluppato da: *)
+(* Cosimo Oliboni, oliboni@cs.unibo.it *)
+(* *)
+(* Questo materiale fa parte della tesi: *)
+(* "Formalizzazione Interattiva dei Microcontroller a 8bit FreeScale" *)
+(* *)
+(* data ultima modifica 15/11/2007 *)
+(* ********************************************************************** *)
+
+include "freescale/table_HC05.ma".
+include "freescale/table_HC08.ma".
+include "freescale/table_HCS08.ma".
+include "freescale/table_RS08.ma".
+include "freescale/option.ma".
+
+(* ***************************** *)
+(* TRADUZIONE ESADECIMALE → INFO *)
+(* ***************************** *)
+
+(* accesso alla tabella della ALU prescelta *)
+ndefinition opcode_table ≝
+λm:mcu_type.
+ match m
+ return λm:mcu_type.list (Prod4T (any_opcode m) instr_mode byte8_or_word16 byte8)
+ with
+ [ HC05 ⇒ opcode_table_HC05
+ | HC08 ⇒ opcode_table_HC08
+ | HCS08 ⇒ opcode_table_HCS08
+ | RS08 ⇒ opcode_table_RS08
+ ].
+
+(* traduzione mcu+esadecimale → info *)
+(* NB: la ricerca per byte non matcha con una word con lo stesso byte superiore uguale *)
+(* NB: per matchare una word (precode+code) bisogna passare una word *)
+(* NB: il risultato e' sempre un'opzione, NON esiste un dummy opcode tipo UNKNOWN/ILLEGAL *)
+nlet rec full_info_of_word16_aux (m:mcu_type) (borw:byte8_or_word16)
+ (param:list (Prod4T (any_opcode m) instr_mode byte8_or_word16 byte8)) on param ≝
+ match param with
+ [ nil ⇒ None ?
+ | cons hd tl ⇒
+ match thd4T ???? hd with
+ [ Byte b ⇒ match borw with
+ [ Byte borw' ⇒ match eq_b8 borw' b with
+ [ true ⇒ Some ? hd
+ | false ⇒ full_info_of_word16_aux m borw tl ]
+ | Word _ ⇒ full_info_of_word16_aux m borw tl ]
+ | Word w ⇒ match borw with
+ [ Byte _ ⇒ full_info_of_word16_aux m borw tl
+ | Word borw' ⇒ match eq_w16 borw' w with
+ [ true ⇒ Some ? hd
+ | false ⇒ full_info_of_word16_aux m borw tl ]
+ ]]].
+
+ndefinition full_info_of_word16 ≝
+λm:mcu_type.λborw:byte8_or_word16.
+full_info_of_word16_aux m borw (opcode_table m).
+
+(* ******************************************************* *)
+(* TRADUZIONE MCU+OPCODE+MODALITA'+ARGOMENTI → ESADECIMALE *)
+(* ******************************************************* *)
+
+(* introduzione di un tipo byte8 dipendente dall'mcu_type (phantom type) *)
+ninductive t_byte8 (m:mcu_type) : Type ≝
+ TByte : byte8 → t_byte8 m.
+
+ndefinition t_byte8_ind
+ : Πm:mcu_type.ΠP:t_byte8 m → Prop.(Πb:byte8.P (TByte m b)) → Πt:t_byte8 m.P t ≝
+λm:mcu_type.λP:t_byte8 m → Prop.λf:Πb:byte8.P (TByte m b).λt:t_byte8 m.
+ match t with [ TByte (b:byte8) ⇒ f b ].
+
+ndefinition t_byte8_rec
+ : Πm:mcu_type.ΠP:t_byte8 m → Set.(Πb:byte8.P (TByte m b)) → Πt:t_byte8 m.P t ≝
+λm:mcu_type.λP:t_byte8 m → Set.λf:Πb:byte8.P (TByte m b).λt:t_byte8 m.
+ match t with [ TByte (b:byte8) ⇒ f b ].
+
+ndefinition t_byte8_rect
+ : Πm:mcu_type.ΠP:t_byte8 m → Type.(Πb:byte8.P (TByte m b)) → Πt:t_byte8 m.P t ≝
+λm:mcu_type.λP:t_byte8 m → Type.λf:Πb:byte8.P (TByte m b).λt:t_byte8 m.
+ match t with [ TByte (b:byte8) ⇒ f b ].
+
+nlemma tbyte8_destruct : ∀m,b1,b2.TByte m b1 = TByte m b2 → b1 = b2.
+ #m; #b1; #b2; #H;
+ nchange with (match TByte m b2 with [ TByte a ⇒ b1 = a ]);
+ nrewrite < H;
+ nnormalize;
+ napply (refl_eq ??).
+nqed.
+
+(* introduzione di un tipo dipendente (dalla modalita') per gli argomenti *)
+ninductive MA_check : instr_mode → Type ≝
+ maINH : MA_check MODE_INH
+| maINHA : MA_check MODE_INHA
+| maINHX : MA_check MODE_INHX
+| maINHH : MA_check MODE_INHH
+| maINHX0ADD : MA_check MODE_INHX0ADD
+| maINHX1ADD : byte8 → MA_check MODE_INHX1ADD
+| maINHX2ADD : word16 → MA_check MODE_INHX2ADD
+| maIMM1 : byte8 → MA_check MODE_IMM1
+| maIMM1EXT : byte8 → MA_check MODE_IMM1EXT
+| maIMM2 : word16 → MA_check MODE_IMM2
+| maDIR1 : byte8 → MA_check MODE_DIR1
+| maDIR2 : word16 → MA_check MODE_DIR2
+| maIX0 : MA_check MODE_IX0
+| maIX1 : byte8 → MA_check MODE_IX1
+| maIX2 : word16 → MA_check MODE_IX2
+| maSP1 : byte8 → MA_check MODE_SP1
+| maSP2 : word16 → MA_check MODE_SP2
+| maDIR1_to_DIR1 : byte8 → byte8 → MA_check MODE_DIR1_to_DIR1
+| maIMM1_to_DIR1 : byte8 → byte8 → MA_check MODE_IMM1_to_DIR1
+| maIX0p_to_DIR1 : byte8 → MA_check MODE_IX0p_to_DIR1
+| maDIR1_to_IX0p : byte8 → MA_check MODE_DIR1_to_IX0p
+| maINHA_and_IMM1 : byte8 → MA_check MODE_INHA_and_IMM1
+| maINHX_and_IMM1 : byte8 → MA_check MODE_INHX_and_IMM1
+| maIMM1_and_IMM1 : byte8 → byte8 → MA_check MODE_IMM1_and_IMM1
+| maDIR1_and_IMM1 : byte8 → byte8 → MA_check MODE_DIR1_and_IMM1
+| maIX0_and_IMM1 : byte8 → MA_check MODE_IX0_and_IMM1
+| maIX0p_and_IMM1 : byte8 → MA_check MODE_IX0p_and_IMM1
+| maIX1_and_IMM1 : byte8 → byte8 → MA_check MODE_IX1_and_IMM1
+| maIX1p_and_IMM1 : byte8 → byte8 → MA_check MODE_IX1p_and_IMM1
+| maSP1_and_IMM1 : byte8 → byte8 → MA_check MODE_SP1_and_IMM1
+| maDIRn : ∀n.byte8 → MA_check (MODE_DIRn n)
+| maDIRn_and_IMM1 : ∀n.byte8 → byte8 → MA_check (MODE_DIRn_and_IMM1 n)
+| maTNY : ∀e.MA_check (MODE_TNY e)
+| maSRT : ∀t.MA_check (MODE_SRT t)
+.
+
+ndefinition instr_mode_ind
+ : Πi:instr_mode.ΠP:Πj.MA_check j → Prop.
+ P ? maINH → P ? maINHA → P ? maINHX → P ? maINHH → P ? maINHX0ADD → (Πb.P ? (maINHX1ADD b)) →
+ (Πw.P ? (maINHX2ADD w)) → (Πb.P ? (maIMM1 b)) → (Πb.P ? (maIMM1EXT b)) → (Πw.P ? (maIMM2 w)) →
+ (Πb.P ? (maDIR1 b)) → (Πw.P ? (maDIR2 w)) → P ? maIX0 → (Πb.P ? (maIX1 b)) → (Πw.P ? (maIX2 w)) →
+ (Πb.P ? (maSP1 b)) → (Πw.P ? (maSP2 w)) → (Πb1,b2.P ? (maDIR1_to_DIR1 b1 b2)) →
+ (Πb1,b2.P ? (maIMM1_to_DIR1 b1 b2)) → (Πb.P ? (maIX0p_to_DIR1 b)) → (Πb.P ? (maDIR1_to_IX0p b)) →
+ (Πb.P ? (maINHA_and_IMM1 b)) → (Πb.P ? (maINHX_and_IMM1 b)) → (Πb1,b2.P ? (maIMM1_and_IMM1 b1 b2)) →
+ (Πb1,b2.P ? (maDIR1_and_IMM1 b1 b2)) → (Πb.P ? (maIX0_and_IMM1 b)) → (Πb.P ? (maIX0p_and_IMM1 b)) →
+ (Πb1,b2.P ? (maIX1_and_IMM1 b1 b2)) → (Πb1,b2.P ? (maIX1p_and_IMM1 b1 b2)) → (Πb1,b2.P ? (maSP1_and_IMM1 b1 b2)) →
+ (Πn,b.P ? ((maDIRn n) b)) → (Πn,b1,b2.P ? ((maDIRn_and_IMM1 n) b1 b2)) → (Πe.P ? (maTNY e)) → (Πt.P ? (maSRT t)) →
+ Πma:MA_check i.P i ma ≝
+λi:instr_mode.λP:Πj.MA_check j → Prop.
+λp:P ? maINH.λp1:P ? maINHA.λp2:P ? maINHX.λp3:P ? maINHH.λp4:P ? maINHX0ADD.
+λf:Πb.P ? (maINHX1ADD b).λf1:Πw.P ? (maINHX2ADD w).λf2:Πb.P ? (maIMM1 b).λf3:Πb.P ? (maIMM1EXT b).
+λf4:Πw.P ? (maIMM2 w).λf5:Πb.P ? (maDIR1 b).λf6:Πw.P ? (maDIR2 w).λp5:P ? maIX0.
+λf7:Πb.P ? (maIX1 b).λf8:Πw.P ? (maIX2 w).λf9:Πb.P ? (maSP1 b).λf10:Πw.P ? (maSP2 w).
+λf11:Πb1,b2.P ? (maDIR1_to_DIR1 b1 b2).λf12:Πb1,b2.P ? (maIMM1_to_DIR1 b1 b2).
+λf13:Πb.P ? (maIX0p_to_DIR1 b).λf14:Πb.P ? (maDIR1_to_IX0p b).λf15:Πb.P ? (maINHA_and_IMM1 b).
+λf16:Πb.P ? (maINHX_and_IMM1 b).λf17:Πb1,b2.P ? (maIMM1_and_IMM1 b1 b2).
+λf18:Πb1,b2.P ? (maDIR1_and_IMM1 b1 b2).λf19:Πb.P ? (maIX0_and_IMM1 b).
+λf20:Πb.P ? (maIX0p_and_IMM1 b).λf21:Πb1,b2.P ? (maIX1_and_IMM1 b1 b2).
+λf22:Πb1,b2.P ? (maIX1p_and_IMM1 b1 b2).λf23:Πb1,b2.P ? (maSP1_and_IMM1 b1 b2).
+λf24:Πn,b.P ? ((maDIRn n) b).λf25:Πn,b1,b2.P ? ((maDIRn_and_IMM1 n) b1 b2).
+λf26:Πe.P ? (maTNY e).λf27:Πt.P ? (maSRT t).λma:MA_check i.
+ match ma with
+ [ maINH ⇒ p | maINHA ⇒ p1 | maINHX ⇒ p2 | maINHH ⇒ p3 | maINHX0ADD ⇒ p4
+ | maINHX1ADD b ⇒ f b | maINHX2ADD w ⇒ f1 w | maIMM1 b ⇒ f2 b | maIMM1EXT b ⇒ f3 b
+ | maIMM2 w ⇒ f4 w | maDIR1 b ⇒ f5 b | maDIR2 w ⇒ f6 w | maIX0 ⇒ p5 | maIX1 b ⇒ f7 b
+ | maIX2 w ⇒ f8 w | maSP1 b ⇒ f9 b | maSP2 w ⇒ f10 w | maDIR1_to_DIR1 b1 b2 ⇒ f11 b1 b2
+ | maIMM1_to_DIR1 b1 b2 ⇒ f12 b1 b2 | maIX0p_to_DIR1 b ⇒ f13 b | maDIR1_to_IX0p b ⇒ f14 b
+ | maINHA_and_IMM1 b ⇒ f15 b | maINHX_and_IMM1 b ⇒ f16 b | maIMM1_and_IMM1 b1 b2 ⇒ f17 b1 b2
+ | maDIR1_and_IMM1 b1 b2 ⇒ f18 b1 b2 | maIX0_and_IMM1 b ⇒ f19 b | maIX0p_and_IMM1 b ⇒ f20 b
+ | maIX1_and_IMM1 b1 b2 ⇒ f21 b1 b2 | maIX1p_and_IMM1 b1 b2 ⇒ f22 b1 b2 | maSP1_and_IMM1 b1 b2 ⇒ f23 b1 b2
+ | maDIRn n b ⇒ f24 n b | maDIRn_and_IMM1 n b1 b2 ⇒ f25 n b1 b2 | maTNY e ⇒ f26 e | maSRT t ⇒ f27 t ].
+
+ndefinition instr_mode_rec
+ : Πi:instr_mode.ΠP:Πj.MA_check j → Set.
+ P ? maINH → P ? maINHA → P ? maINHX → P ? maINHH → P ? maINHX0ADD → (Πb.P ? (maINHX1ADD b)) →
+ (Πw.P ? (maINHX2ADD w)) → (Πb.P ? (maIMM1 b)) → (Πb.P ? (maIMM1EXT b)) → (Πw.P ? (maIMM2 w)) →
+ (Πb.P ? (maDIR1 b)) → (Πw.P ? (maDIR2 w)) → P ? maIX0 → (Πb.P ? (maIX1 b)) → (Πw.P ? (maIX2 w)) →
+ (Πb.P ? (maSP1 b)) → (Πw.P ? (maSP2 w)) → (Πb1,b2.P ? (maDIR1_to_DIR1 b1 b2)) →
+ (Πb1,b2.P ? (maIMM1_to_DIR1 b1 b2)) → (Πb.P ? (maIX0p_to_DIR1 b)) → (Πb.P ? (maDIR1_to_IX0p b)) →
+ (Πb.P ? (maINHA_and_IMM1 b)) → (Πb.P ? (maINHX_and_IMM1 b)) → (Πb1,b2.P ? (maIMM1_and_IMM1 b1 b2)) →
+ (Πb1,b2.P ? (maDIR1_and_IMM1 b1 b2)) → (Πb.P ? (maIX0_and_IMM1 b)) → (Πb.P ? (maIX0p_and_IMM1 b)) →
+ (Πb1,b2.P ? (maIX1_and_IMM1 b1 b2)) → (Πb1,b2.P ? (maIX1p_and_IMM1 b1 b2)) → (Πb1,b2.P ? (maSP1_and_IMM1 b1 b2)) →
+ (Πn,b.P ? ((maDIRn n) b)) → (Πn,b1,b2.P ? ((maDIRn_and_IMM1 n) b1 b2)) → (Πe.P ? (maTNY e)) → (Πt.P ? (maSRT t)) →
+ Πma:MA_check i.P i ma ≝
+λi:instr_mode.λP:Πj.MA_check j → Set.
+λp:P ? maINH.λp1:P ? maINHA.λp2:P ? maINHX.λp3:P ? maINHH.λp4:P ? maINHX0ADD.
+λf:Πb.P ? (maINHX1ADD b).λf1:Πw.P ? (maINHX2ADD w).λf2:Πb.P ? (maIMM1 b).λf3:Πb.P ? (maIMM1EXT b).
+λf4:Πw.P ? (maIMM2 w).λf5:Πb.P ? (maDIR1 b).λf6:Πw.P ? (maDIR2 w).λp5:P ? maIX0.
+λf7:Πb.P ? (maIX1 b).λf8:Πw.P ? (maIX2 w).λf9:Πb.P ? (maSP1 b).λf10:Πw.P ? (maSP2 w).
+λf11:Πb1,b2.P ? (maDIR1_to_DIR1 b1 b2).λf12:Πb1,b2.P ? (maIMM1_to_DIR1 b1 b2).
+λf13:Πb.P ? (maIX0p_to_DIR1 b).λf14:Πb.P ? (maDIR1_to_IX0p b).λf15:Πb.P ? (maINHA_and_IMM1 b).
+λf16:Πb.P ? (maINHX_and_IMM1 b).λf17:Πb1,b2.P ? (maIMM1_and_IMM1 b1 b2).
+λf18:Πb1,b2.P ? (maDIR1_and_IMM1 b1 b2).λf19:Πb.P ? (maIX0_and_IMM1 b).
+λf20:Πb.P ? (maIX0p_and_IMM1 b).λf21:Πb1,b2.P ? (maIX1_and_IMM1 b1 b2).
+λf22:Πb1,b2.P ? (maIX1p_and_IMM1 b1 b2).λf23:Πb1,b2.P ? (maSP1_and_IMM1 b1 b2).
+λf24:Πn,b.P ? ((maDIRn n) b).λf25:Πn,b1,b2.P ? ((maDIRn_and_IMM1 n) b1 b2).
+λf26:Πe.P ? (maTNY e).λf27:Πt.P ? (maSRT t).λma:MA_check i.
+ match ma with
+ [ maINH ⇒ p | maINHA ⇒ p1 | maINHX ⇒ p2 | maINHH ⇒ p3 | maINHX0ADD ⇒ p4
+ | maINHX1ADD b ⇒ f b | maINHX2ADD w ⇒ f1 w | maIMM1 b ⇒ f2 b | maIMM1EXT b ⇒ f3 b
+ | maIMM2 w ⇒ f4 w | maDIR1 b ⇒ f5 b | maDIR2 w ⇒ f6 w | maIX0 ⇒ p5 | maIX1 b ⇒ f7 b
+ | maIX2 w ⇒ f8 w | maSP1 b ⇒ f9 b | maSP2 w ⇒ f10 w | maDIR1_to_DIR1 b1 b2 ⇒ f11 b1 b2
+ | maIMM1_to_DIR1 b1 b2 ⇒ f12 b1 b2 | maIX0p_to_DIR1 b ⇒ f13 b | maDIR1_to_IX0p b ⇒ f14 b
+ | maINHA_and_IMM1 b ⇒ f15 b | maINHX_and_IMM1 b ⇒ f16 b | maIMM1_and_IMM1 b1 b2 ⇒ f17 b1 b2
+ | maDIR1_and_IMM1 b1 b2 ⇒ f18 b1 b2 | maIX0_and_IMM1 b ⇒ f19 b | maIX0p_and_IMM1 b ⇒ f20 b
+ | maIX1_and_IMM1 b1 b2 ⇒ f21 b1 b2 | maIX1p_and_IMM1 b1 b2 ⇒ f22 b1 b2 | maSP1_and_IMM1 b1 b2 ⇒ f23 b1 b2
+ | maDIRn n b ⇒ f24 n b | maDIRn_and_IMM1 n b1 b2 ⇒ f25 n b1 b2 | maTNY e ⇒ f26 e | maSRT t ⇒ f27 t ].
+
+ndefinition instr_mode_rect
+ : Πi:instr_mode.ΠP:Πj.MA_check j → Type.
+ P ? maINH → P ? maINHA → P ? maINHX → P ? maINHH → P ? maINHX0ADD → (Πb.P ? (maINHX1ADD b)) →
+ (Πw.P ? (maINHX2ADD w)) → (Πb.P ? (maIMM1 b)) → (Πb.P ? (maIMM1EXT b)) → (Πw.P ? (maIMM2 w)) →
+ (Πb.P ? (maDIR1 b)) → (Πw.P ? (maDIR2 w)) → P ? maIX0 → (Πb.P ? (maIX1 b)) → (Πw.P ? (maIX2 w)) →
+ (Πb.P ? (maSP1 b)) → (Πw.P ? (maSP2 w)) → (Πb1,b2.P ? (maDIR1_to_DIR1 b1 b2)) →
+ (Πb1,b2.P ? (maIMM1_to_DIR1 b1 b2)) → (Πb.P ? (maIX0p_to_DIR1 b)) → (Πb.P ? (maDIR1_to_IX0p b)) →
+ (Πb.P ? (maINHA_and_IMM1 b)) → (Πb.P ? (maINHX_and_IMM1 b)) → (Πb1,b2.P ? (maIMM1_and_IMM1 b1 b2)) →
+ (Πb1,b2.P ? (maDIR1_and_IMM1 b1 b2)) → (Πb.P ? (maIX0_and_IMM1 b)) → (Πb.P ? (maIX0p_and_IMM1 b)) →
+ (Πb1,b2.P ? (maIX1_and_IMM1 b1 b2)) → (Πb1,b2.P ? (maIX1p_and_IMM1 b1 b2)) → (Πb1,b2.P ? (maSP1_and_IMM1 b1 b2)) →
+ (Πn,b.P ? ((maDIRn n) b)) → (Πn,b1,b2.P ? ((maDIRn_and_IMM1 n) b1 b2)) → (Πe.P ? (maTNY e)) → (Πt.P ? (maSRT t)) →
+ Πma:MA_check i.P i ma ≝
+λi:instr_mode.λP:Πj.MA_check j → Type.
+λp:P ? maINH.λp1:P ? maINHA.λp2:P ? maINHX.λp3:P ? maINHH.λp4:P ? maINHX0ADD.
+λf:Πb.P ? (maINHX1ADD b).λf1:Πw.P ? (maINHX2ADD w).λf2:Πb.P ? (maIMM1 b).λf3:Πb.P ? (maIMM1EXT b).
+λf4:Πw.P ? (maIMM2 w).λf5:Πb.P ? (maDIR1 b).λf6:Πw.P ? (maDIR2 w).λp5:P ? maIX0.
+λf7:Πb.P ? (maIX1 b).λf8:Πw.P ? (maIX2 w).λf9:Πb.P ? (maSP1 b).λf10:Πw.P ? (maSP2 w).
+λf11:Πb1,b2.P ? (maDIR1_to_DIR1 b1 b2).λf12:Πb1,b2.P ? (maIMM1_to_DIR1 b1 b2).
+λf13:Πb.P ? (maIX0p_to_DIR1 b).λf14:Πb.P ? (maDIR1_to_IX0p b).λf15:Πb.P ? (maINHA_and_IMM1 b).
+λf16:Πb.P ? (maINHX_and_IMM1 b).λf17:Πb1,b2.P ? (maIMM1_and_IMM1 b1 b2).
+λf18:Πb1,b2.P ? (maDIR1_and_IMM1 b1 b2).λf19:Πb.P ? (maIX0_and_IMM1 b).
+λf20:Πb.P ? (maIX0p_and_IMM1 b).λf21:Πb1,b2.P ? (maIX1_and_IMM1 b1 b2).
+λf22:Πb1,b2.P ? (maIX1p_and_IMM1 b1 b2).λf23:Πb1,b2.P ? (maSP1_and_IMM1 b1 b2).
+λf24:Πn,b.P ? ((maDIRn n) b).λf25:Πn,b1,b2.P ? ((maDIRn_and_IMM1 n) b1 b2).
+λf26:Πe.P ? (maTNY e).λf27:Πt.P ? (maSRT t).λma:MA_check i.
+ match ma with
+ [ maINH ⇒ p | maINHA ⇒ p1 | maINHX ⇒ p2 | maINHH ⇒ p3 | maINHX0ADD ⇒ p4
+ | maINHX1ADD b ⇒ f b | maINHX2ADD w ⇒ f1 w | maIMM1 b ⇒ f2 b | maIMM1EXT b ⇒ f3 b
+ | maIMM2 w ⇒ f4 w | maDIR1 b ⇒ f5 b | maDIR2 w ⇒ f6 w | maIX0 ⇒ p5 | maIX1 b ⇒ f7 b
+ | maIX2 w ⇒ f8 w | maSP1 b ⇒ f9 b | maSP2 w ⇒ f10 w | maDIR1_to_DIR1 b1 b2 ⇒ f11 b1 b2
+ | maIMM1_to_DIR1 b1 b2 ⇒ f12 b1 b2 | maIX0p_to_DIR1 b ⇒ f13 b | maDIR1_to_IX0p b ⇒ f14 b
+ | maINHA_and_IMM1 b ⇒ f15 b | maINHX_and_IMM1 b ⇒ f16 b | maIMM1_and_IMM1 b1 b2 ⇒ f17 b1 b2
+ | maDIR1_and_IMM1 b1 b2 ⇒ f18 b1 b2 | maIX0_and_IMM1 b ⇒ f19 b | maIX0p_and_IMM1 b ⇒ f20 b
+ | maIX1_and_IMM1 b1 b2 ⇒ f21 b1 b2 | maIX1p_and_IMM1 b1 b2 ⇒ f22 b1 b2 | maSP1_and_IMM1 b1 b2 ⇒ f23 b1 b2
+ | maDIRn n b ⇒ f24 n b | maDIRn_and_IMM1 n b1 b2 ⇒ f25 n b1 b2 | maTNY e ⇒ f26 e | maSRT t ⇒ f27 t ].
+
+(* picker: trasforma l'argomento necessario in input a bytes_of_pseudo_instr_mode_param:
+ MA_check i → list (t_byte8 m) *)
+ndefinition args_picker ≝
+λm:mcu_type.λi:instr_mode.λargs:MA_check i.
+ match args with
+ (* inherent: legale se nessun operando *)
+ [ maINH ⇒ nil ?
+ | maINHA ⇒ nil ?
+ | maINHX ⇒ nil ?
+ | maINHH ⇒ nil ?
+ (* inherent address: legale se nessun operando/1 byte/1 word *)
+ | maINHX0ADD ⇒ nil ?
+ | maINHX1ADD b ⇒ [ TByte m b ]
+ | maINHX2ADD w ⇒ [ TByte m (w16h w); TByte m (w16l w) ]
+ (* _0/1/2: legale se nessun operando/1 byte/1 word *)
+ | maIMM1 b ⇒ [ TByte m b ]
+ | maIMM1EXT b ⇒ [ TByte m b ]
+ | maIMM2 w ⇒ [ TByte m (w16h w); TByte m (w16l w) ]
+ | maDIR1 b ⇒ [ TByte m b ]
+ | maDIR2 w ⇒ [ TByte m (w16h w); TByte m (w16l w) ]
+ | maIX0 ⇒ nil ?
+ | maIX1 b ⇒ [ TByte m b ]
+ | maIX2 w ⇒ [ TByte m (w16h w); TByte m (w16l w) ]
+ | maSP1 b ⇒ [ TByte m b ]
+ | maSP2 w ⇒ [ TByte m (w16h w); TByte m (w16l w) ]
+ (* movimento: legale se 2 operandi byte *)
+ | maDIR1_to_DIR1 b1 b2 ⇒ [ TByte m b1 ; TByte m b2 ]
+ | maIMM1_to_DIR1 b1 b2 ⇒ [ TByte m b1 ; TByte m b2 ]
+ | maIX0p_to_DIR1 b ⇒ [ TByte m b]
+ | maDIR1_to_IX0p b ⇒ [ TByte m b]
+ (* cbeq/dbnz: legale se 1/2 operandi byte *)
+ | maINHA_and_IMM1 b ⇒ [ TByte m b]
+ | maINHX_and_IMM1 b ⇒ [ TByte m b]
+ | maIMM1_and_IMM1 b1 b2 ⇒ [ TByte m b1 ; TByte m b2 ]
+ | maDIR1_and_IMM1 b1 b2 ⇒ [ TByte m b1 ; TByte m b2 ]
+ | maIX0_and_IMM1 b ⇒ [ TByte m b]
+ | maIX0p_and_IMM1 b ⇒ [ TByte m b]
+ | maIX1_and_IMM1 b1 b2 ⇒ [ TByte m b1 ; TByte m b2 ]
+ | maIX1p_and_IMM1 b1 b2 ⇒ [ TByte m b1 ; TByte m b2 ]
+ | maSP1_and_IMM1 b1 b2 ⇒ [ TByte m b1 ; TByte m b2 ]
+ (* DIRn: legale se 1 operando byte *)
+ | maDIRn _ b ⇒ [ TByte m b]
+ (* DIRn_and_IMM1: legale se 2 operandi byte *)
+ | maDIRn_and_IMM1 _ b1 b2 ⇒ [ TByte m b1 ; TByte m b2 ]
+ (* TNY: legale se nessun operando *)
+ | maTNY _ ⇒ nil ?
+ (* SRT: legale se nessun operando *)
+ | maSRT _ ⇒ nil ?
+ ].
+
+(* trasformatore finale: mcu+opcode+instr_mode+args → list (t_byte8 m) *)
+nlet rec bytes_of_pseudo_instr_mode_param_aux (m:mcu_type) (o:any_opcode m) (i:instr_mode) (p:MA_check i)
+ (param:list (Prod4T (any_opcode m) instr_mode byte8_or_word16 byte8)) on param ≝
+ match param with
+ [ nil ⇒ None ? | cons hd tl ⇒
+ match (eq_anyop m o (fst4T ???? hd)) ⊗ (eq_instrmode i (snd4T ???? hd)) with
+ [ true ⇒ match thd4T ???? hd with
+ [ Byte isab ⇒
+ Some ? ([ (TByte m isab) ]@(args_picker m i p))
+ | Word isaw ⇒
+ Some ? ([ (TByte m (w16h isaw)) ; (TByte m (w16l isaw)) ]@(args_picker m i p))
+ ]
+ | false ⇒ bytes_of_pseudo_instr_mode_param_aux m o i p tl ]].
+
+ndefinition bytes_of_pseudo_instr_mode_param ≝
+λm:mcu_type.λo:any_opcode m.λi:instr_mode.λp:MA_check i.
+bytes_of_pseudo_instr_mode_param_aux m o i p (opcode_table m).
+
+(* ****************************** *)
+(* APPROCCIO COMPILAZIONE AL VOLO *)
+(* ****************************** *)
+
+(* ausiliario di compile *)
+ndefinition defined_option ≝
+ λT:Type.λo:option T.
+ match o with
+ [ None ⇒ False
+ | Some _ ⇒ True
+ ].
+
+(* compila solo se l'intera istruzione+modalita'+argomenti ha riscontro nelle tabelle *)
+ndefinition compile ≝
+λmcu:mcu_type.λi:instr_mode.λop:opcode.λarg:MA_check i.
+ match bytes_of_pseudo_instr_mode_param mcu (anyOP mcu op) i arg
+ return λres:option (list (t_byte8 mcu)).defined_option (list (t_byte8 mcu)) res → (list (t_byte8 mcu))
+ with
+ [ None ⇒ λp:defined_option (list (t_byte8 mcu)) (None ?).False_rect ? p
+ | Some x ⇒ λp:defined_option (list (t_byte8 mcu)) (Some ? x).x
+ ].
+
+(* detipatore del compilato: (t_byte8 m) → byte8 *)
+nlet rec source_to_byte8_HC05_aux (p1:list (t_byte8 HC05)) (p2:list byte8) ≝
+ match p1 with
+ [ nil ⇒ p2
+ | cons hd tl ⇒ match hd with [ TByte b ⇒ source_to_byte8_HC05_aux tl (p2@[b]) ]
+ ].
+
+nlet rec source_to_byte8_HC08_aux (p1:list (t_byte8 HC08)) (p2:list byte8) ≝
+ match p1 with
+ [ nil ⇒ p2
+ | cons hd tl ⇒ match hd with [ TByte b ⇒ source_to_byte8_HC08_aux tl (p2@[b]) ]
+ ].
+
+nlet rec source_to_byte8_HCS08_aux (p1:list (t_byte8 HCS08)) (p2:list byte8) ≝
+ match p1 with
+ [ nil ⇒ p2
+ | cons hd tl ⇒ match hd with [ TByte b ⇒ source_to_byte8_HCS08_aux tl (p2@[b]) ]
+ ].
+
+nlet rec source_to_byte8_RS08_aux (p1:list (t_byte8 RS08)) (p2:list byte8) ≝
+ match p1 with
+ [ nil ⇒ p2
+ | cons hd tl ⇒ match hd with [ TByte b ⇒ source_to_byte8_RS08_aux tl (p2@[b]) ]
+ ].
+
+ndefinition source_to_byte8 ≝
+λm:mcu_type.
+ match m
+ return λm:mcu_type.list (t_byte8 m) → list byte8
+ with
+ [ HC05 ⇒ λl:list (t_byte8 HC05).source_to_byte8_HC05_aux l []
+ | HC08 ⇒ λl:list (t_byte8 HC08).source_to_byte8_HC08_aux l []
+ | HCS08 ⇒ λl:list (t_byte8 HCS08).source_to_byte8_HCS08_aux l []
+ | RS08 ⇒ λl:list (t_byte8 RS08).source_to_byte8_RS08_aux l []
+ ].