Package m0-prog: M0 evaluator
Information
| name | m0-prog |
| version | 1.0 |
| description | M0 evaluator |
| author | HOL OpenTheory Packager <opentheory-packager@hol-theorem-prover.org> |
| license | MIT |
| checksum | c8343f0e5c93469a37e4d35f1619958d547ca43a |
| requires | base hol-base hol-words machine-code-hoare-logic machine-code-hoare-logic-state m0-model m0-step |
| show | Data.Bool Data.List Data.Option Data.Pair Data.Unit Function HOL4 Number.Natural |
Files
- Package tarball m0-prog-1.0.tgz
- Theory source file m0-prog.thy (included in the package tarball)
Defined Type Operators
- HOL4
- m0_prog
- m0_prog.m0_component
- m0_prog.m0_data
- m0_prog
Defined Constants
- HOL4
- m0_prog
- m0_prog.data_to_thumb2
- m0_prog.m0_AIRCR_ENDIANNESS
- m0_prog.m0_AIRCR_SYSRESETREQ
- m0_prog.m0_AIRCR_VECTCLRACTIVE
- m0_prog.m0_AIRCR_VECTKEY
- m0_prog.m0_AIRCR_aircr'rst
- m0_prog.m0_BE_WORD
- m0_prog.m0_CCR
- m0_prog.m0_CONFIG
- m0_prog.m0_CONTROL_SPSEL
- m0_prog.m0_CONTROL_control'rst
- m0_prog.m0_CONTROL_nPRIV
- m0_prog.m0_CurrentMode
- m0_prog.m0_ExceptionActive
- m0_prog.m0_MEM
- m0_prog.m0_MEMORY
- m0_prog.m0_NVIC_IPR
- m0_prog.m0_NZCV
- m0_prog.m0_PC
- m0_prog.m0_PRIMASK
- m0_prog.m0_PSR_C
- m0_prog.m0_PSR_ExceptionNumber
- m0_prog.m0_PSR_N
- m0_prog.m0_PSR_T
- m0_prog.m0_PSR_V
- m0_prog.m0_PSR_Z
- m0_prog.m0_PSR_psr'rst
- m0_prog.m0_REG
- m0_prog.m0_REGISTERS
- m0_prog.m0_SHPR2
- m0_prog.m0_SHPR3
- m0_prog.m0_VTOR
- m0_prog.m0_WORD
- m0_prog.m0_c_AIRCR_ENDIANNESS
- m0_prog.m0_c_AIRCR_SYSRESETREQ
- m0_prog.m0_c_AIRCR_VECTCLRACTIVE
- m0_prog.m0_c_AIRCR_VECTKEY
- m0_prog.m0_c_AIRCR_aircr'rst
- m0_prog.m0_c_CCR
- m0_prog.m0_c_CONTROL_SPSEL
- m0_prog.m0_c_CONTROL_control'rst
- m0_prog.m0_c_CONTROL_nPRIV
- m0_prog.m0_c_CurrentMode
- m0_prog.m0_c_ExceptionActive
- m0_prog.m0_c_MEM
- m0_prog.m0_c_NVIC_IPR
- m0_prog.m0_c_PRIMASK
- m0_prog.m0_c_PSR_C
- m0_prog.m0_c_PSR_ExceptionNumber
- m0_prog.m0_c_PSR_N
- m0_prog.m0_c_PSR_T
- m0_prog.m0_c_PSR_V
- m0_prog.m0_c_PSR_Z
- m0_prog.m0_c_PSR_psr'rst
- m0_prog.m0_c_REG
- m0_prog.m0_c_SHPR2
- m0_prog.m0_c_SHPR3
- m0_prog.m0_c_VTOR
- m0_prog.m0_c_count
- m0_prog.m0_c_exception
- m0_prog.m0_c_pending
- m0_prog.m0_component_CASE
- m0_prog.m0_component_size
- m0_prog.m0_count
- m0_prog.m0_d_ARM_Exception_option
- m0_prog.m0_d_CCR
- m0_prog.m0_d_IPR
- m0_prog.m0_d_Mode
- m0_prog.m0_d_PRIMASK
- m0_prog.m0_d_SHPR2
- m0_prog.m0_d_SHPR3
- m0_prog.m0_d_bool
- m0_prog.m0_d_exception
- m0_prog.m0_d_num
- m0_prog.m0_d_word13
- m0_prog.m0_d_word16
- m0_prog.m0_d_word21
- m0_prog.m0_d_word32
- m0_prog.m0_d_word6
- m0_prog.m0_d_word8
- m0_prog.m0_data_CASE
- m0_prog.m0_data_size
- m0_prog.m0_exception
- m0_prog.m0_instr
- m0_prog.m0_pending
- m0_prog.m0_proj
- m0_prog.M0_MODEL
- m0_prog
Theorems
⊦ ∀d.
m0_prog.m0_AIRCR_ENDIANNESS d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_AIRCR_ENDIANNESS, m0_prog.m0_d_bool d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_AIRCR_SYSRESETREQ d =
pred_set.INSERT
(pred_set.INSERT
(m0_prog.m0_c_AIRCR_SYSRESETREQ, m0_prog.m0_d_bool d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_AIRCR_VECTCLRACTIVE d =
pred_set.INSERT
(pred_set.INSERT
(m0_prog.m0_c_AIRCR_VECTCLRACTIVE, m0_prog.m0_d_bool d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_CONTROL_SPSEL d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_CONTROL_SPSEL, m0_prog.m0_d_bool d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_CONTROL_control'rst d =
pred_set.INSERT
(pred_set.INSERT
(m0_prog.m0_c_CONTROL_control'rst, m0_prog.m0_d_bool d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_CONTROL_nPRIV d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_CONTROL_nPRIV, m0_prog.m0_d_bool d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_PSR_C d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_PSR_C, m0_prog.m0_d_bool d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_PSR_N d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_PSR_N, m0_prog.m0_d_bool d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_PSR_T d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_PSR_T, m0_prog.m0_d_bool d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_PSR_V d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_PSR_V, m0_prog.m0_d_bool d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_PSR_Z d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_PSR_Z, m0_prog.m0_d_bool d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_exception d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_exception, m0_prog.m0_d_exception d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_CCR d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_CCR, m0_prog.m0_d_CCR d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_CurrentMode d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_CurrentMode, m0_prog.m0_d_Mode d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_PRIMASK d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_PRIMASK, m0_prog.m0_d_PRIMASK d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_SHPR2 d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_SHPR2, m0_prog.m0_d_SHPR2 d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_SHPR3 d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_SHPR3, m0_prog.m0_d_SHPR3 d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_count d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_count, m0_prog.m0_d_num d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_pending d =
pred_set.INSERT
(pred_set.INSERT
(m0_prog.m0_c_pending, m0_prog.m0_d_ARM_Exception_option d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_PSR_ExceptionNumber d =
pred_set.INSERT
(pred_set.INSERT
(m0_prog.m0_c_PSR_ExceptionNumber, m0_prog.m0_d_word6 d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_AIRCR_aircr'rst d =
pred_set.INSERT
(pred_set.INSERT
(m0_prog.m0_c_AIRCR_aircr'rst, m0_prog.m0_d_word13 d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_AIRCR_VECTKEY d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_AIRCR_VECTKEY, m0_prog.m0_d_word16 d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_PSR_psr'rst d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_PSR_psr'rst, m0_prog.m0_d_word21 d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀d.
m0_prog.m0_VTOR d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_VTOR, m0_prog.m0_d_word32 d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀pc.
m0_prog.m0_PC pc =
set_sep.STAR (m0_prog.m0_REG m0.RName_PC pc)
(set_sep.cond (alignment.aligned 1 pc))
⊦ set_sep.SEP_HIDE m0_prog.m0_NZCV =
set_sep.STAR
(set_sep.STAR
(set_sep.STAR (set_sep.SEP_HIDE m0_prog.m0_PSR_N)
(set_sep.SEP_HIDE m0_prog.m0_PSR_Z))
(set_sep.SEP_HIDE m0_prog.m0_PSR_C))
(set_sep.SEP_HIDE m0_prog.m0_PSR_V)
⊦ m0_prog.M0_MODEL =
(state.STATE m0_prog.m0_proj, state.NEXT_REL (=) m0_step.NextStateM0,
m0_prog.m0_instr, (=), const ⊥)
⊦ ∀bigend spsel.
m0_prog.m0_CONFIG (bigend, spsel) =
set_sep.STAR
(set_sep.STAR (m0_prog.m0_exception m0.NoException)
(m0_prog.m0_AIRCR_ENDIANNESS bigend))
(m0_prog.m0_CONTROL_SPSEL spsel)
⊦ ∀c d.
m0_prog.m0_REG c d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_REG c, m0_prog.m0_d_word32 d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀c d.
m0_prog.m0_NVIC_IPR c d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_NVIC_IPR c, m0_prog.m0_d_IPR d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀c d.
m0_prog.m0_ExceptionActive c d =
pred_set.INSERT
(pred_set.INSERT
(m0_prog.m0_c_ExceptionActive c, m0_prog.m0_d_bool d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀c d.
m0_prog.m0_MEM c d =
pred_set.INSERT
(pred_set.INSERT (m0_prog.m0_c_MEM c, m0_prog.m0_d_word8 d)
pred_set.EMPTY) pred_set.EMPTY
⊦ ∀dreg reg.
m0_prog.m0_REGISTERS dreg reg =
pred_set.INSERT
(pred_set.BIGUNION
(pred_set.GSPEC
(λc.
(pred_set.BIGUNION (m0_prog.m0_REG c (reg c)),
bool.IN c dreg)))) pred_set.EMPTY
⊦ ∀dmem mem.
m0_prog.m0_MEMORY dmem mem =
pred_set.INSERT
(pred_set.BIGUNION
(pred_set.GSPEC
(λc.
(pred_set.BIGUNION (m0_prog.m0_MEM c (mem c)),
bool.IN c dmem)))) pred_set.EMPTY
⊦ words.word_add a (words.word_add (words.word_2comp b) c) =
words.word_add (words.word_sub a b) c ∧
words.word_add a (words.word_2comp b) = words.word_sub a b
⊦ ∀c d.
bool.IN c dreg ⇒
set_sep.STAR (m0_prog.m0_REG c d)
(m0_prog.m0_REGISTERS (pred_set.DELETE dreg c) reg) =
m0_prog.m0_REGISTERS dreg (combin.UPDATE c d reg)
⊦ ∀c d.
bool.IN c dmem ⇒
set_sep.STAR (m0_prog.m0_MEM c d)
(m0_prog.m0_MEMORY (pred_set.DELETE dmem c) mem) =
m0_prog.m0_MEMORY dmem (combin.UPDATE c d mem)
⊦ ∀y x w pc.
pred_set.DISJOINT
(m0_prog.m0_instr
(words.word_add pc
(words.word_add (words.w2w w) (words.n2w (arithmetic.BIT2 1))),
m0_prog.data_to_thumb2 x))
(m0_prog.m0_instr (pc, Data.Sum.left y))
⊦ ∀n z c v.
m0_prog.m0_NZCV (n, z, c, v) =
set_sep.STAR
(set_sep.STAR
(set_sep.STAR (m0_prog.m0_PSR_N n) (m0_prog.m0_PSR_Z z))
(m0_prog.m0_PSR_C c)) (m0_prog.m0_PSR_V v)
⊦ ∀P.
(∀a opc16. P (a, Data.Sum.left opc16)) ∧
(∀a opc32. P (a, Data.Sum.right opc32)) ⇒ ∀v v1. P (v, v1)
⊦ prog.SPEC m (set_sep.STAR p1 (m0_prog.m0_PC pc)) code
(set_sep.STAR p2 (m0_prog.m0_REG m0.RName_PC pc')) ⇒
(alignment.aligned 1 pc ⇒ alignment.aligned 1 pc') ⇒
prog.SPEC m (set_sep.STAR p1 (m0_prog.m0_PC pc)) code
(set_sep.STAR p2 (m0_prog.m0_PC pc'))
⊦ temporal_state.TEMPORAL_NEXT m (set_sep.STAR p1 (m0_prog.m0_PC pc)) code
(set_sep.STAR p2 (m0_prog.m0_REG m0.RName_PC pc')) ⇒
(alignment.aligned 1 pc ⇒ alignment.aligned 1 pc') ⇒
temporal_state.TEMPORAL_NEXT m (set_sep.STAR p1 (m0_prog.m0_PC pc)) code
(set_sep.STAR p2 (m0_prog.m0_PC pc'))
⊦ ∀c p q.
(∀y s.
set_sep.STAR p (prog.CODE_POOL m0_prog.m0_instr c)
(state.SELECT_STATE m0_prog.m0_proj y s) ⇒
∃v.
m0_step.NextStateM0 s = some v ∧
set_sep.STAR q (prog.CODE_POOL m0_prog.m0_instr c)
(state.SELECT_STATE m0_prog.m0_proj y v) ∧
state.FRAME_STATE m0_prog.m0_proj y s =
state.FRAME_STATE m0_prog.m0_proj y v) ⇒
prog.SPEC m0_prog.M0_MODEL p c q
⊦ ∀c p q.
(∀y s.
set_sep.STAR p (prog.CODE_POOL m0_prog.m0_instr c)
(state.SELECT_STATE m0_prog.m0_proj y s) ⇒
∃v.
m0_step.NextStateM0 s = some v ∧
set_sep.STAR q (prog.CODE_POOL m0_prog.m0_instr c)
(state.SELECT_STATE m0_prog.m0_proj y v) ∧
state.FRAME_STATE m0_prog.m0_proj y s =
state.FRAME_STATE m0_prog.m0_proj y v) ⇒
temporal_state.TEMPORAL_NEXT m0_prog.M0_MODEL p c q
⊦ (∀a a'. m0_prog.m0_c_REG a = m0_prog.m0_c_REG a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_NVIC_IPR a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_c_MEM a = m0_prog.m0_c_MEM a' ⇔ a = a') ∧
∀a a'.
m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_ExceptionActive a' ⇔
a = a'
⊦ ∀w.
m0_prog.data_to_thumb2 w =
Data.Sum.right
(words.word_concat (words.word_extract 15 (arithmetic.BIT2 3) w)
(words.word_concat (words.word_extract 7 0 w)
(words.word_concat
(words.word_extract 31
(arithmetic.BIT2 (bit1 (bit1 (arithmetic.BIT2 0)))) w)
(words.word_extract (bit1 (bit1 (bit1 (arithmetic.BIT2 0))))
(arithmetic.BIT2 7) w))))
⊦ ∀a pc x y.
words.word_lo (words.n2w 3) a ∧
words.word_lo a
(words.n2w
(bit1
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
(arithmetic.BIT2
0)))))))))))))))))))))))))))))))) ⇒
pred_set.DISJOINT
(m0_prog.m0_instr (words.word_add pc a, m0_prog.data_to_thumb2 x))
(m0_prog.m0_instr (pc, Data.Sum.left y))
⊦ (n ⇒ m0_prog.m0_PSR_N ⊤ = m0_prog.m0_PSR_N n) ∧
(¬n ⇒ m0_prog.m0_PSR_N ⊥ = m0_prog.m0_PSR_N n) ∧
(z ⇒ m0_prog.m0_PSR_Z ⊤ = m0_prog.m0_PSR_Z z) ∧
(¬z ⇒ m0_prog.m0_PSR_Z ⊥ = m0_prog.m0_PSR_Z z) ∧
(c ⇒ m0_prog.m0_PSR_C ⊤ = m0_prog.m0_PSR_C c) ∧
(¬c ⇒ m0_prog.m0_PSR_C ⊥ = m0_prog.m0_PSR_C c) ∧
(v ⇒ m0_prog.m0_PSR_V ⊤ = m0_prog.m0_PSR_V v) ∧
(¬v ⇒ m0_prog.m0_PSR_V ⊥ = m0_prog.m0_PSR_V v)
⊦ ∀a i.
m0_prog.m0_BE_WORD a i =
set_sep.STAR
(set_sep.STAR
(set_sep.STAR
(m0_prog.m0_MEM a
(words.word_extract 31
(arithmetic.BIT2 (bit1 (bit1 (arithmetic.BIT2 0)))) i))
(m0_prog.m0_MEM (words.word_add a (words.n2w 1))
(words.word_extract (bit1 (bit1 (bit1 (arithmetic.BIT2 0))))
(arithmetic.BIT2 7) i)))
(m0_prog.m0_MEM (words.word_add a (words.n2w (arithmetic.BIT2 0)))
(words.word_extract 15 (arithmetic.BIT2 3) i)))
(m0_prog.m0_MEM (words.word_add a (words.n2w 3))
(words.word_extract 7 0 i))
⊦ ∀a i.
m0_prog.m0_WORD a i =
set_sep.STAR
(set_sep.STAR
(set_sep.STAR (m0_prog.m0_MEM a (words.word_extract 7 0 i))
(m0_prog.m0_MEM (words.word_add a (words.n2w 1))
(words.word_extract 15 (arithmetic.BIT2 3) i)))
(m0_prog.m0_MEM (words.word_add a (words.n2w (arithmetic.BIT2 0)))
(words.word_extract (bit1 (bit1 (bit1 (arithmetic.BIT2 0))))
(arithmetic.BIT2 7) i)))
(m0_prog.m0_MEM (words.word_add a (words.n2w 3))
(words.word_extract 31
(arithmetic.BIT2 (bit1 (bit1 (arithmetic.BIT2 0)))) i))
⊦ ∀P.
(∀a. P (m0_prog.m0_d_ARM_Exception_option a)) ∧
(∀a. P (m0_prog.m0_d_exception a)) ∧ (∀a. P (m0_prog.m0_d_num a)) ∧
(∀a. P (m0_prog.m0_d_SHPR3 a)) ∧ (∀a. P (m0_prog.m0_d_SHPR2 a)) ∧
(∀a. P (m0_prog.m0_d_word32 a)) ∧ (∀a. P (m0_prog.m0_d_PRIMASK a)) ∧
(∀a. P (m0_prog.m0_d_IPR a)) ∧ (∀a. P (m0_prog.m0_d_word8 a)) ∧
(∀a. P (m0_prog.m0_d_Mode a)) ∧ (∀a. P (m0_prog.m0_d_CCR a)) ∧
(∀a. P (m0_prog.m0_d_word21 a)) ∧ (∀a. P (m0_prog.m0_d_word6 a)) ∧
(∀a. P (m0_prog.m0_d_word13 a)) ∧ (∀a. P (m0_prog.m0_d_word16 a)) ∧
(∀a. P (m0_prog.m0_d_bool a)) ⇒ ∀x. P x
⊦ ∀P.
P m0_prog.m0_c_pending ∧ P m0_prog.m0_c_exception ∧
P m0_prog.m0_c_count ∧ P m0_prog.m0_c_VTOR ∧ P m0_prog.m0_c_SHPR3 ∧
P m0_prog.m0_c_SHPR2 ∧ (∀a. P (m0_prog.m0_c_REG a)) ∧
P m0_prog.m0_c_PRIMASK ∧ (∀a. P (m0_prog.m0_c_NVIC_IPR a)) ∧
(∀a. P (m0_prog.m0_c_MEM a)) ∧
(∀a. P (m0_prog.m0_c_ExceptionActive a)) ∧ P m0_prog.m0_c_CurrentMode ∧
P m0_prog.m0_c_CCR ∧ P m0_prog.m0_c_PSR_psr'rst ∧
P m0_prog.m0_c_PSR_Z ∧ P m0_prog.m0_c_PSR_V ∧ P m0_prog.m0_c_PSR_T ∧
P m0_prog.m0_c_PSR_N ∧ P m0_prog.m0_c_PSR_ExceptionNumber ∧
P m0_prog.m0_c_PSR_C ∧ P m0_prog.m0_c_CONTROL_nPRIV ∧
P m0_prog.m0_c_CONTROL_control'rst ∧ P m0_prog.m0_c_CONTROL_SPSEL ∧
P m0_prog.m0_c_AIRCR_aircr'rst ∧ P m0_prog.m0_c_AIRCR_VECTKEY ∧
P m0_prog.m0_c_AIRCR_VECTCLRACTIVE ∧ P m0_prog.m0_c_AIRCR_SYSRESETREQ ∧
P m0_prog.m0_c_AIRCR_ENDIANNESS ⇒ ∀x. P x
⊦ ∀x.
(∃o'. x = m0_prog.m0_d_ARM_Exception_option o') ∨
(∃e. x = m0_prog.m0_d_exception e) ∨ (∃n. x = m0_prog.m0_d_num n) ∨
(∃S'. x = m0_prog.m0_d_SHPR3 S') ∨ (∃S'. x = m0_prog.m0_d_SHPR2 S') ∨
(∃c. x = m0_prog.m0_d_word32 c) ∨ (∃P0. x = m0_prog.m0_d_PRIMASK P0) ∨
(∃I'. x = m0_prog.m0_d_IPR I') ∨ (∃c. x = m0_prog.m0_d_word8 c) ∨
(∃M. x = m0_prog.m0_d_Mode M) ∨ (∃C'. x = m0_prog.m0_d_CCR C') ∨
(∃c. x = m0_prog.m0_d_word21 c) ∨ (∃c. x = m0_prog.m0_d_word6 c) ∨
(∃c. x = m0_prog.m0_d_word13 c) ∨ (∃c. x = m0_prog.m0_d_word16 c) ∨
∃b. x = m0_prog.m0_d_bool b
⊦ ∀s.
m0_prog.m0_proj s =
λa.
m0_prog.m0_component_CASE a
(m0_prog.m0_d_ARM_Exception_option (m0.m0_state_pending s))
(m0_prog.m0_d_exception (m0.m0_state_exception s))
(m0_prog.m0_d_num (m0.m0_state_count s))
(m0_prog.m0_d_word32 (m0.m0_state_VTOR s))
(m0_prog.m0_d_SHPR3 (m0.m0_state_SHPR3 s))
(m0_prog.m0_d_SHPR2 (m0.m0_state_SHPR2 s))
(λv0. m0_prog.m0_d_word32 (m0.m0_state_REG s v0))
(m0_prog.m0_d_PRIMASK (m0.m0_state_PRIMASK s))
(λv1. m0_prog.m0_d_IPR (m0.m0_state_NVIC_IPR s v1))
(λv2. m0_prog.m0_d_word8 (m0.m0_state_MEM s v2))
(λv3. m0_prog.m0_d_bool (m0.m0_state_ExceptionActive s v3))
(m0_prog.m0_d_Mode (m0.m0_state_CurrentMode s))
(m0_prog.m0_d_CCR (m0.m0_state_CCR s))
(m0_prog.m0_d_word21 (m0.PSR_psr'rst (m0.m0_state_PSR s)))
(m0_prog.m0_d_bool (m0.PSR_Z (m0.m0_state_PSR s)))
(m0_prog.m0_d_bool (m0.PSR_V (m0.m0_state_PSR s)))
(m0_prog.m0_d_bool (m0.PSR_T (m0.m0_state_PSR s)))
(m0_prog.m0_d_bool (m0.PSR_N (m0.m0_state_PSR s)))
(m0_prog.m0_d_word6 (m0.PSR_ExceptionNumber (m0.m0_state_PSR s)))
(m0_prog.m0_d_bool (m0.PSR_C (m0.m0_state_PSR s)))
(m0_prog.m0_d_bool (m0.CONTROL_nPRIV (m0.m0_state_CONTROL s)))
(m0_prog.m0_d_bool
(m0.CONTROL_control'rst (m0.m0_state_CONTROL s)))
(m0_prog.m0_d_bool (m0.CONTROL_SPSEL (m0.m0_state_CONTROL s)))
(m0_prog.m0_d_word13 (m0.AIRCR_aircr'rst (m0.m0_state_AIRCR s)))
(m0_prog.m0_d_word16 (m0.AIRCR_VECTKEY (m0.m0_state_AIRCR s)))
(m0_prog.m0_d_bool (m0.AIRCR_VECTCLRACTIVE (m0.m0_state_AIRCR s)))
(m0_prog.m0_d_bool (m0.AIRCR_SYSRESETREQ (m0.m0_state_AIRCR s)))
(m0_prog.m0_d_bool (m0.AIRCR_ENDIANNESS (m0.m0_state_AIRCR s)))
⊦ ∀x.
x = m0_prog.m0_c_pending ∨ x = m0_prog.m0_c_exception ∨
x = m0_prog.m0_c_count ∨ x = m0_prog.m0_c_VTOR ∨
x = m0_prog.m0_c_SHPR3 ∨ x = m0_prog.m0_c_SHPR2 ∨
(∃R'. x = m0_prog.m0_c_REG R') ∨ x = m0_prog.m0_c_PRIMASK ∨
(∃c. x = m0_prog.m0_c_NVIC_IPR c) ∨ (∃c. x = m0_prog.m0_c_MEM c) ∨
(∃c. x = m0_prog.m0_c_ExceptionActive c) ∨
x = m0_prog.m0_c_CurrentMode ∨ x = m0_prog.m0_c_CCR ∨
x = m0_prog.m0_c_PSR_psr'rst ∨ x = m0_prog.m0_c_PSR_Z ∨
x = m0_prog.m0_c_PSR_V ∨ x = m0_prog.m0_c_PSR_T ∨
x = m0_prog.m0_c_PSR_N ∨ x = m0_prog.m0_c_PSR_ExceptionNumber ∨
x = m0_prog.m0_c_PSR_C ∨ x = m0_prog.m0_c_CONTROL_nPRIV ∨
x = m0_prog.m0_c_CONTROL_control'rst ∨ x = m0_prog.m0_c_CONTROL_SPSEL ∨
x = m0_prog.m0_c_AIRCR_aircr'rst ∨ x = m0_prog.m0_c_AIRCR_VECTKEY ∨
x = m0_prog.m0_c_AIRCR_VECTCLRACTIVE ∨
x = m0_prog.m0_c_AIRCR_SYSRESETREQ ∨ x = m0_prog.m0_c_AIRCR_ENDIANNESS
⊦ m0_prog.m0_instr (a, Data.Sum.left opc16) =
pred_set.INSERT
(m0_prog.m0_c_MEM a, m0_prog.m0_d_word8 (words.word_extract 7 0 opc16))
(pred_set.INSERT
(m0_prog.m0_c_MEM (words.word_add a (words.n2w 1)),
m0_prog.m0_d_word8
(words.word_extract 15 (arithmetic.BIT2 3) opc16))
pred_set.EMPTY) ∧
m0_prog.m0_instr (a, Data.Sum.right opc32) =
pred_set.INSERT
(m0_prog.m0_c_MEM a,
m0_prog.m0_d_word8
(words.word_extract (bit1 (bit1 (bit1 (arithmetic.BIT2 0))))
(arithmetic.BIT2 7) opc32))
(pred_set.INSERT
(m0_prog.m0_c_MEM (words.word_add a (words.n2w 1)),
m0_prog.m0_d_word8
(words.word_extract 31
(arithmetic.BIT2 (bit1 (bit1 (arithmetic.BIT2 0)))) opc32))
(pred_set.INSERT
(m0_prog.m0_c_MEM
(words.word_add a (words.n2w (arithmetic.BIT2 0))),
m0_prog.m0_d_word8 (words.word_extract 7 0 opc32))
(pred_set.INSERT
(m0_prog.m0_c_MEM (words.word_add a (words.n2w 3)),
m0_prog.m0_d_word8
(words.word_extract 15 (arithmetic.BIT2 3) opc32))
pred_set.EMPTY)))
⊦ m0_prog.m0_instr =
relation.WFREC (select R'. Relation.wellFounded R')
(λm0_instr a'.
pair.pair_CASE a'
(λa v1.
sum.sum_CASE v1
(λopc16.
id
(pred_set.INSERT
(m0_prog.m0_c_MEM a,
m0_prog.m0_d_word8 (words.word_extract 7 0 opc16))
(pred_set.INSERT
(m0_prog.m0_c_MEM
(words.word_add a (words.n2w 1)),
m0_prog.m0_d_word8
(words.word_extract 15 (arithmetic.BIT2 3)
opc16)) pred_set.EMPTY)))
(λopc32.
id
(pred_set.INSERT
(m0_prog.m0_c_MEM a,
m0_prog.m0_d_word8
(words.word_extract
(bit1 (bit1 (bit1 (arithmetic.BIT2 0))))
(arithmetic.BIT2 7) opc32))
(pred_set.INSERT
(m0_prog.m0_c_MEM
(words.word_add a (words.n2w 1)),
m0_prog.m0_d_word8
(words.word_extract 31
(arithmetic.BIT2
(bit1 (bit1 (arithmetic.BIT2 0))))
opc32))
(pred_set.INSERT
(m0_prog.m0_c_MEM
(words.word_add a
(words.n2w (arithmetic.BIT2 0))),
m0_prog.m0_d_word8
(words.word_extract 7 0 opc32))
(pred_set.INSERT
(m0_prog.m0_c_MEM
(words.word_add a (words.n2w 3)),
m0_prog.m0_d_word8
(words.word_extract 15
(arithmetic.BIT2 3) opc32))
pred_set.EMPTY)))))))
⊦ m0_prog.m0_component_size m0_prog.m0_c_pending = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_exception = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_count = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_VTOR = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_SHPR3 = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_SHPR2 = 0 ∧
(∀a.
m0_prog.m0_component_size (m0_prog.m0_c_REG a) =
1 + m0.RName_size a) ∧
m0_prog.m0_component_size m0_prog.m0_c_PRIMASK = 0 ∧
(∀a. m0_prog.m0_component_size (m0_prog.m0_c_NVIC_IPR a) = 1) ∧
(∀a. m0_prog.m0_component_size (m0_prog.m0_c_MEM a) = 1) ∧
(∀a. m0_prog.m0_component_size (m0_prog.m0_c_ExceptionActive a) = 1) ∧
m0_prog.m0_component_size m0_prog.m0_c_CurrentMode = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_CCR = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_PSR_psr'rst = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_PSR_Z = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_PSR_V = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_PSR_T = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_PSR_N = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_PSR_ExceptionNumber = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_PSR_C = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_CONTROL_nPRIV = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_CONTROL_control'rst = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_CONTROL_SPSEL = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_AIRCR_aircr'rst = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_AIRCR_VECTKEY = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_AIRCR_VECTCLRACTIVE = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_AIRCR_SYSRESETREQ = 0 ∧
m0_prog.m0_component_size m0_prog.m0_c_AIRCR_ENDIANNESS = 0
⊦ ∀f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
∃fn.
(∀a. fn (m0_prog.m0_d_ARM_Exception_option a) = f0 a) ∧
(∀a. fn (m0_prog.m0_d_exception a) = f1 a) ∧
(∀a. fn (m0_prog.m0_d_num a) = f2 a) ∧
(∀a. fn (m0_prog.m0_d_SHPR3 a) = f3 a) ∧
(∀a. fn (m0_prog.m0_d_SHPR2 a) = f4 a) ∧
(∀a. fn (m0_prog.m0_d_word32 a) = f5 a) ∧
(∀a. fn (m0_prog.m0_d_PRIMASK a) = f6 a) ∧
(∀a. fn (m0_prog.m0_d_IPR a) = f7 a) ∧
(∀a. fn (m0_prog.m0_d_word8 a) = f8 a) ∧
(∀a. fn (m0_prog.m0_d_Mode a) = f9 a) ∧
(∀a. fn (m0_prog.m0_d_CCR a) = f10 a) ∧
(∀a. fn (m0_prog.m0_d_word21 a) = f11 a) ∧
(∀a. fn (m0_prog.m0_d_word6 a) = f12 a) ∧
(∀a. fn (m0_prog.m0_d_word13 a) = f13 a) ∧
(∀a. fn (m0_prog.m0_d_word16 a) = f14 a) ∧
∀a. fn (m0_prog.m0_d_bool a) = f15 a
⊦ (∀a.
m0_prog.m0_data_size (m0_prog.m0_d_ARM_Exception_option a) =
1 + basicSize.option_size m0.ARM_Exception_size a) ∧
(∀a.
m0_prog.m0_data_size (m0_prog.m0_d_exception a) =
1 + m0.exception_size a) ∧
(∀a. m0_prog.m0_data_size (m0_prog.m0_d_num a) = 1 + a) ∧
(∀a. m0_prog.m0_data_size (m0_prog.m0_d_SHPR3 a) = 1 + m0.SHPR3_size a) ∧
(∀a. m0_prog.m0_data_size (m0_prog.m0_d_SHPR2 a) = 1 + m0.SHPR2_size a) ∧
(∀a. m0_prog.m0_data_size (m0_prog.m0_d_word32 a) = 1) ∧
(∀a.
m0_prog.m0_data_size (m0_prog.m0_d_PRIMASK a) =
1 + m0.PRIMASK_size a) ∧
(∀a. m0_prog.m0_data_size (m0_prog.m0_d_IPR a) = 1 + m0.IPR_size a) ∧
(∀a. m0_prog.m0_data_size (m0_prog.m0_d_word8 a) = 1) ∧
(∀a. m0_prog.m0_data_size (m0_prog.m0_d_Mode a) = 1 + m0.Mode_size a) ∧
(∀a. m0_prog.m0_data_size (m0_prog.m0_d_CCR a) = 1 + m0.CCR_size a) ∧
(∀a. m0_prog.m0_data_size (m0_prog.m0_d_word21 a) = 1) ∧
(∀a. m0_prog.m0_data_size (m0_prog.m0_d_word6 a) = 1) ∧
(∀a. m0_prog.m0_data_size (m0_prog.m0_d_word13 a) = 1) ∧
(∀a. m0_prog.m0_data_size (m0_prog.m0_d_word16 a) = 1) ∧
∀a.
m0_prog.m0_data_size (m0_prog.m0_d_bool a) = 1 + basicSize.bool_size a
⊦ ∀a w c p q.
prog.SPEC m0_prog.M0_MODEL
(set_sep.STAR
(set_sep.STAR
(set_sep.STAR
(set_sep.STAR p
(m0_prog.m0_MEM a (words.word_extract 7 0 w)))
(m0_prog.m0_MEM (words.word_add a (words.n2w 1))
(words.word_extract 15 (arithmetic.BIT2 3) w)))
(m0_prog.m0_MEM
(words.word_add a (words.n2w (arithmetic.BIT2 0)))
(words.word_extract (bit1 (bit1 (bit1 (arithmetic.BIT2 0))))
(arithmetic.BIT2 7) w)))
(m0_prog.m0_MEM (words.word_add a (words.n2w 3))
(words.word_extract 31
(arithmetic.BIT2 (bit1 (bit1 (arithmetic.BIT2 0)))) w))) c
(set_sep.STAR
(set_sep.STAR
(set_sep.STAR
(set_sep.STAR q
(m0_prog.m0_MEM a (words.word_extract 7 0 w)))
(m0_prog.m0_MEM (words.word_add a (words.n2w 1))
(words.word_extract 15 (arithmetic.BIT2 3) w)))
(m0_prog.m0_MEM
(words.word_add a (words.n2w (arithmetic.BIT2 0)))
(words.word_extract (bit1 (bit1 (bit1 (arithmetic.BIT2 0))))
(arithmetic.BIT2 7) w)))
(m0_prog.m0_MEM (words.word_add a (words.n2w 3))
(words.word_extract 31
(arithmetic.BIT2 (bit1 (bit1 (arithmetic.BIT2 0)))) w))) ⇔
prog.SPEC m0_prog.M0_MODEL
(set_sep.STAR
(set_sep.cond
(pred_set.DISJOINT
(m0_prog.m0_instr (a, m0_prog.data_to_thumb2 w))
(pred_set.BIGUNION (pred_set.IMAGE m0_prog.m0_instr c)))) p)
(pred_set.INSERT (a, m0_prog.data_to_thumb2 w) c) q
⊦ ∀a w c p q.
temporal_state.TEMPORAL_NEXT m0_prog.M0_MODEL
(set_sep.STAR
(set_sep.STAR
(set_sep.STAR
(set_sep.STAR p
(m0_prog.m0_MEM a (words.word_extract 7 0 w)))
(m0_prog.m0_MEM (words.word_add a (words.n2w 1))
(words.word_extract 15 (arithmetic.BIT2 3) w)))
(m0_prog.m0_MEM
(words.word_add a (words.n2w (arithmetic.BIT2 0)))
(words.word_extract (bit1 (bit1 (bit1 (arithmetic.BIT2 0))))
(arithmetic.BIT2 7) w)))
(m0_prog.m0_MEM (words.word_add a (words.n2w 3))
(words.word_extract 31
(arithmetic.BIT2 (bit1 (bit1 (arithmetic.BIT2 0)))) w))) c
(set_sep.STAR
(set_sep.STAR
(set_sep.STAR
(set_sep.STAR q
(m0_prog.m0_MEM a (words.word_extract 7 0 w)))
(m0_prog.m0_MEM (words.word_add a (words.n2w 1))
(words.word_extract 15 (arithmetic.BIT2 3) w)))
(m0_prog.m0_MEM
(words.word_add a (words.n2w (arithmetic.BIT2 0)))
(words.word_extract (bit1 (bit1 (bit1 (arithmetic.BIT2 0))))
(arithmetic.BIT2 7) w)))
(m0_prog.m0_MEM (words.word_add a (words.n2w 3))
(words.word_extract 31
(arithmetic.BIT2 (bit1 (bit1 (arithmetic.BIT2 0)))) w))) ⇔
temporal_state.TEMPORAL_NEXT m0_prog.M0_MODEL
(set_sep.STAR
(set_sep.cond
(pred_set.DISJOINT
(m0_prog.m0_instr (a, m0_prog.data_to_thumb2 w))
(pred_set.BIGUNION (pred_set.IMAGE m0_prog.m0_instr c)))) p)
(pred_set.INSERT (a, m0_prog.data_to_thumb2 w) c) q
⊦ ∀f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19
f20 f21 f22 f23 f24 f25 f26 f27.
∃fn.
fn m0_prog.m0_c_pending = f0 ∧ fn m0_prog.m0_c_exception = f1 ∧
fn m0_prog.m0_c_count = f2 ∧ fn m0_prog.m0_c_VTOR = f3 ∧
fn m0_prog.m0_c_SHPR3 = f4 ∧ fn m0_prog.m0_c_SHPR2 = f5 ∧
(∀a. fn (m0_prog.m0_c_REG a) = f6 a) ∧ fn m0_prog.m0_c_PRIMASK = f7 ∧
(∀a. fn (m0_prog.m0_c_NVIC_IPR a) = f8 a) ∧
(∀a. fn (m0_prog.m0_c_MEM a) = f9 a) ∧
(∀a. fn (m0_prog.m0_c_ExceptionActive a) = f10 a) ∧
fn m0_prog.m0_c_CurrentMode = f11 ∧ fn m0_prog.m0_c_CCR = f12 ∧
fn m0_prog.m0_c_PSR_psr'rst = f13 ∧ fn m0_prog.m0_c_PSR_Z = f14 ∧
fn m0_prog.m0_c_PSR_V = f15 ∧ fn m0_prog.m0_c_PSR_T = f16 ∧
fn m0_prog.m0_c_PSR_N = f17 ∧
fn m0_prog.m0_c_PSR_ExceptionNumber = f18 ∧
fn m0_prog.m0_c_PSR_C = f19 ∧ fn m0_prog.m0_c_CONTROL_nPRIV = f20 ∧
fn m0_prog.m0_c_CONTROL_control'rst = f21 ∧
fn m0_prog.m0_c_CONTROL_SPSEL = f22 ∧
fn m0_prog.m0_c_AIRCR_aircr'rst = f23 ∧
fn m0_prog.m0_c_AIRCR_VECTKEY = f24 ∧
fn m0_prog.m0_c_AIRCR_VECTCLRACTIVE = f25 ∧
fn m0_prog.m0_c_AIRCR_SYSRESETREQ = f26 ∧
fn m0_prog.m0_c_AIRCR_ENDIANNESS = f27
⊦ (∀a a'.
m0_prog.m0_d_ARM_Exception_option a =
m0_prog.m0_d_ARM_Exception_option a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_exception a = m0_prog.m0_d_exception a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_num a = m0_prog.m0_d_num a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_SHPR3 a = m0_prog.m0_d_SHPR3 a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_SHPR2 a = m0_prog.m0_d_SHPR2 a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_word32 a = m0_prog.m0_d_word32 a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_PRIMASK a = m0_prog.m0_d_PRIMASK a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_IPR a = m0_prog.m0_d_IPR a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_word8 a = m0_prog.m0_d_word8 a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_Mode a = m0_prog.m0_d_Mode a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_CCR a = m0_prog.m0_d_CCR a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_word21 a = m0_prog.m0_d_word21 a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_word6 a = m0_prog.m0_d_word6 a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_word13 a = m0_prog.m0_d_word13 a' ⇔ a = a') ∧
(∀a a'. m0_prog.m0_d_word16 a = m0_prog.m0_d_word16 a' ⇔ a = a') ∧
∀a a'. m0_prog.m0_d_bool a = m0_prog.m0_d_bool a' ⇔ a ⇔ a'
⊦ ∀M M' f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
M = M' ∧ (∀a. M' = m0_prog.m0_d_ARM_Exception_option a ⇒ f a = f' a) ∧
(∀a. M' = m0_prog.m0_d_exception a ⇒ f1 a = f1' a) ∧
(∀a. M' = m0_prog.m0_d_num a ⇒ f2 a = f2' a) ∧
(∀a. M' = m0_prog.m0_d_SHPR3 a ⇒ f3 a = f3' a) ∧
(∀a. M' = m0_prog.m0_d_SHPR2 a ⇒ f4 a = f4' a) ∧
(∀a. M' = m0_prog.m0_d_word32 a ⇒ f5 a = f5' a) ∧
(∀a. M' = m0_prog.m0_d_PRIMASK a ⇒ f6 a = f6' a) ∧
(∀a. M' = m0_prog.m0_d_IPR a ⇒ f7 a = f7' a) ∧
(∀a. M' = m0_prog.m0_d_word8 a ⇒ f8 a = f8' a) ∧
(∀a. M' = m0_prog.m0_d_Mode a ⇒ f9 a = f9' a) ∧
(∀a. M' = m0_prog.m0_d_CCR a ⇒ f10 a = f10' a) ∧
(∀a. M' = m0_prog.m0_d_word21 a ⇒ f11 a = f11' a) ∧
(∀a. M' = m0_prog.m0_d_word6 a ⇒ f12 a = f12' a) ∧
(∀a. M' = m0_prog.m0_d_word13 a ⇒ f13 a = f13' a) ∧
(∀a. M' = m0_prog.m0_d_word16 a ⇒ f14 a = f14' a) ∧
(∀a. M' = m0_prog.m0_d_bool a ⇒ f15 a = f15' a) ⇒
m0_prog.m0_data_CASE M f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14
f15 =
m0_prog.m0_data_CASE M' f' f1' f2' f3' f4' f5' f6' f7' f8' f9' f10'
f11' f12' f13' f14' f15'
⊦ ∀M M' v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16
v17 v18 v19 v20 v21 v22 v23.
M = M' ∧ (M' = m0_prog.m0_c_pending ⇒ v = v') ∧
(M' = m0_prog.m0_c_exception ⇒ v1 = v1') ∧
(M' = m0_prog.m0_c_count ⇒ v2 = v2') ∧
(M' = m0_prog.m0_c_VTOR ⇒ v3 = v3') ∧
(M' = m0_prog.m0_c_SHPR3 ⇒ v4 = v4') ∧
(M' = m0_prog.m0_c_SHPR2 ⇒ v5 = v5') ∧
(∀a. M' = m0_prog.m0_c_REG a ⇒ f a = f' a) ∧
(M' = m0_prog.m0_c_PRIMASK ⇒ v6 = v6') ∧
(∀a. M' = m0_prog.m0_c_NVIC_IPR a ⇒ f1 a = f1' a) ∧
(∀a. M' = m0_prog.m0_c_MEM a ⇒ f2 a = f2' a) ∧
(∀a. M' = m0_prog.m0_c_ExceptionActive a ⇒ f3 a = f3' a) ∧
(M' = m0_prog.m0_c_CurrentMode ⇒ v7 = v7') ∧
(M' = m0_prog.m0_c_CCR ⇒ v8 = v8') ∧
(M' = m0_prog.m0_c_PSR_psr'rst ⇒ v9 = v9') ∧
(M' = m0_prog.m0_c_PSR_Z ⇒ v10 = v10') ∧
(M' = m0_prog.m0_c_PSR_V ⇒ v11 = v11') ∧
(M' = m0_prog.m0_c_PSR_T ⇒ v12 = v12') ∧
(M' = m0_prog.m0_c_PSR_N ⇒ v13 = v13') ∧
(M' = m0_prog.m0_c_PSR_ExceptionNumber ⇒ v14 = v14') ∧
(M' = m0_prog.m0_c_PSR_C ⇒ v15 = v15') ∧
(M' = m0_prog.m0_c_CONTROL_nPRIV ⇒ v16 = v16') ∧
(M' = m0_prog.m0_c_CONTROL_control'rst ⇒ v17 = v17') ∧
(M' = m0_prog.m0_c_CONTROL_SPSEL ⇒ v18 = v18') ∧
(M' = m0_prog.m0_c_AIRCR_aircr'rst ⇒ v19 = v19') ∧
(M' = m0_prog.m0_c_AIRCR_VECTKEY ⇒ v20 = v20') ∧
(M' = m0_prog.m0_c_AIRCR_VECTCLRACTIVE ⇒ v21 = v21') ∧
(M' = m0_prog.m0_c_AIRCR_SYSRESETREQ ⇒ v22 = v22') ∧
(M' = m0_prog.m0_c_AIRCR_ENDIANNESS ⇒ v23 = v23') ⇒
m0_prog.m0_component_CASE M v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10
v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21 v22 v23 =
m0_prog.m0_component_CASE M' v' v1' v2' v3' v4' v5' f' v6' f1' f2' f3'
v7' v8' v9' v10' v11' v12' v13' v14' v15' v16' v17' v18' v19' v20'
v21' v22' v23'
⊦ (∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_ARM_Exception_option a) f f1 f2 f3
f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 = f a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_exception a) f f1 f2 f3 f4 f5 f6 f7
f8 f9 f10 f11 f12 f13 f14 f15 = f1 a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_num a) f f1 f2 f3 f4 f5 f6 f7 f8 f9
f10 f11 f12 f13 f14 f15 = f2 a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_SHPR3 a) f f1 f2 f3 f4 f5 f6 f7 f8
f9 f10 f11 f12 f13 f14 f15 = f3 a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_SHPR2 a) f f1 f2 f3 f4 f5 f6 f7 f8
f9 f10 f11 f12 f13 f14 f15 = f4 a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_word32 a) f f1 f2 f3 f4 f5 f6 f7 f8
f9 f10 f11 f12 f13 f14 f15 = f5 a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_PRIMASK a) f f1 f2 f3 f4 f5 f6 f7
f8 f9 f10 f11 f12 f13 f14 f15 = f6 a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_IPR a) f f1 f2 f3 f4 f5 f6 f7 f8 f9
f10 f11 f12 f13 f14 f15 = f7 a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_word8 a) f f1 f2 f3 f4 f5 f6 f7 f8
f9 f10 f11 f12 f13 f14 f15 = f8 a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_Mode a) f f1 f2 f3 f4 f5 f6 f7 f8
f9 f10 f11 f12 f13 f14 f15 = f9 a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_CCR a) f f1 f2 f3 f4 f5 f6 f7 f8 f9
f10 f11 f12 f13 f14 f15 = f10 a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_word21 a) f f1 f2 f3 f4 f5 f6 f7 f8
f9 f10 f11 f12 f13 f14 f15 = f11 a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_word6 a) f f1 f2 f3 f4 f5 f6 f7 f8
f9 f10 f11 f12 f13 f14 f15 = f12 a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_word13 a) f f1 f2 f3 f4 f5 f6 f7 f8
f9 f10 f11 f12 f13 f14 f15 = f13 a) ∧
(∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_word16 a) f f1 f2 f3 f4 f5 f6 f7 f8
f9 f10 f11 f12 f13 f14 f15 = f14 a) ∧
∀a f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15.
m0_prog.m0_data_CASE (m0_prog.m0_d_bool a) f f1 f2 f3 f4 f5 f6 f7 f8 f9
f10 f11 f12 f13 f14 f15 = f15 a
⊦ (∀a' a.
¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_exception a')) ∧
(∀a' a. ¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_num a')) ∧
(∀a' a. ¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_SHPR3 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_SHPR2 a')) ∧
(∀a' a.
¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_word32 a')) ∧
(∀a' a.
¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_PRIMASK a')) ∧
(∀a' a. ¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_IPR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_word8 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_Mode a')) ∧
(∀a' a. ¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_CCR a')) ∧
(∀a' a.
¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_word21 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_word6 a')) ∧
(∀a' a.
¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_word13 a')) ∧
(∀a' a.
¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_ARM_Exception_option a = m0_prog.m0_d_bool a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_num a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_SHPR3 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_SHPR2 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_word32 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_PRIMASK a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_IPR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_word8 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_Mode a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_CCR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_word21 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_word6 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_word13 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_exception a = m0_prog.m0_d_bool a')) ∧
(∀a' a. ¬(m0_prog.m0_d_num a = m0_prog.m0_d_SHPR3 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_num a = m0_prog.m0_d_SHPR2 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_num a = m0_prog.m0_d_word32 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_num a = m0_prog.m0_d_PRIMASK a')) ∧
(∀a' a. ¬(m0_prog.m0_d_num a = m0_prog.m0_d_IPR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_num a = m0_prog.m0_d_word8 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_num a = m0_prog.m0_d_Mode a')) ∧
(∀a' a. ¬(m0_prog.m0_d_num a = m0_prog.m0_d_CCR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_num a = m0_prog.m0_d_word21 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_num a = m0_prog.m0_d_word6 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_num a = m0_prog.m0_d_word13 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_num a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_num a = m0_prog.m0_d_bool a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR3 a = m0_prog.m0_d_SHPR2 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR3 a = m0_prog.m0_d_word32 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR3 a = m0_prog.m0_d_PRIMASK a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR3 a = m0_prog.m0_d_IPR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR3 a = m0_prog.m0_d_word8 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR3 a = m0_prog.m0_d_Mode a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR3 a = m0_prog.m0_d_CCR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR3 a = m0_prog.m0_d_word21 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR3 a = m0_prog.m0_d_word6 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR3 a = m0_prog.m0_d_word13 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR3 a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR3 a = m0_prog.m0_d_bool a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR2 a = m0_prog.m0_d_word32 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR2 a = m0_prog.m0_d_PRIMASK a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR2 a = m0_prog.m0_d_IPR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR2 a = m0_prog.m0_d_word8 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR2 a = m0_prog.m0_d_Mode a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR2 a = m0_prog.m0_d_CCR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR2 a = m0_prog.m0_d_word21 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR2 a = m0_prog.m0_d_word6 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR2 a = m0_prog.m0_d_word13 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR2 a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_SHPR2 a = m0_prog.m0_d_bool a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word32 a = m0_prog.m0_d_PRIMASK a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word32 a = m0_prog.m0_d_IPR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word32 a = m0_prog.m0_d_word8 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word32 a = m0_prog.m0_d_Mode a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word32 a = m0_prog.m0_d_CCR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word32 a = m0_prog.m0_d_word21 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word32 a = m0_prog.m0_d_word6 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word32 a = m0_prog.m0_d_word13 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word32 a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word32 a = m0_prog.m0_d_bool a')) ∧
(∀a' a. ¬(m0_prog.m0_d_PRIMASK a = m0_prog.m0_d_IPR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_PRIMASK a = m0_prog.m0_d_word8 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_PRIMASK a = m0_prog.m0_d_Mode a')) ∧
(∀a' a. ¬(m0_prog.m0_d_PRIMASK a = m0_prog.m0_d_CCR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_PRIMASK a = m0_prog.m0_d_word21 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_PRIMASK a = m0_prog.m0_d_word6 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_PRIMASK a = m0_prog.m0_d_word13 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_PRIMASK a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_PRIMASK a = m0_prog.m0_d_bool a')) ∧
(∀a' a. ¬(m0_prog.m0_d_IPR a = m0_prog.m0_d_word8 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_IPR a = m0_prog.m0_d_Mode a')) ∧
(∀a' a. ¬(m0_prog.m0_d_IPR a = m0_prog.m0_d_CCR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_IPR a = m0_prog.m0_d_word21 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_IPR a = m0_prog.m0_d_word6 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_IPR a = m0_prog.m0_d_word13 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_IPR a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_IPR a = m0_prog.m0_d_bool a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word8 a = m0_prog.m0_d_Mode a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word8 a = m0_prog.m0_d_CCR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word8 a = m0_prog.m0_d_word21 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word8 a = m0_prog.m0_d_word6 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word8 a = m0_prog.m0_d_word13 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word8 a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word8 a = m0_prog.m0_d_bool a')) ∧
(∀a' a. ¬(m0_prog.m0_d_Mode a = m0_prog.m0_d_CCR a')) ∧
(∀a' a. ¬(m0_prog.m0_d_Mode a = m0_prog.m0_d_word21 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_Mode a = m0_prog.m0_d_word6 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_Mode a = m0_prog.m0_d_word13 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_Mode a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_Mode a = m0_prog.m0_d_bool a')) ∧
(∀a' a. ¬(m0_prog.m0_d_CCR a = m0_prog.m0_d_word21 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_CCR a = m0_prog.m0_d_word6 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_CCR a = m0_prog.m0_d_word13 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_CCR a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_CCR a = m0_prog.m0_d_bool a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word21 a = m0_prog.m0_d_word6 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word21 a = m0_prog.m0_d_word13 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word21 a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word21 a = m0_prog.m0_d_bool a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word6 a = m0_prog.m0_d_word13 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word6 a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word6 a = m0_prog.m0_d_bool a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word13 a = m0_prog.m0_d_word16 a')) ∧
(∀a' a. ¬(m0_prog.m0_d_word13 a = m0_prog.m0_d_bool a')) ∧
∀a' a. ¬(m0_prog.m0_d_word16 a = m0_prog.m0_d_bool a')
⊦ (∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_pending v v1 v2 v3 v4 v5 f v6
f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21
v22 v23 = v) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_exception v v1 v2 v3 v4 v5 f v6
f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21
v22 v23 = v1) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_count v v1 v2 v3 v4 v5 f v6 f1
f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21 v22
v23 = v2) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_VTOR v v1 v2 v3 v4 v5 f v6 f1
f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21 v22
v23 = v3) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_SHPR3 v v1 v2 v3 v4 v5 f v6 f1
f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21 v22
v23 = v4) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_SHPR2 v v1 v2 v3 v4 v5 f v6 f1
f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21 v22
v23 = v5) ∧
(∀a v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16
v17 v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE (m0_prog.m0_c_REG a) v v1 v2 v3 v4 v5 f v6
f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21
v22 v23 = f a) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_PRIMASK v v1 v2 v3 v4 v5 f v6
f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21
v22 v23 = v6) ∧
(∀a v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16
v17 v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE (m0_prog.m0_c_NVIC_IPR a) v v1 v2 v3 v4 v5 f
v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21
v22 v23 = f1 a) ∧
(∀a v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16
v17 v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE (m0_prog.m0_c_MEM a) v v1 v2 v3 v4 v5 f v6
f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21
v22 v23 = f2 a) ∧
(∀a v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16
v17 v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE (m0_prog.m0_c_ExceptionActive a) v v1 v2 v3
v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19
v20 v21 v22 v23 = f3 a) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_CurrentMode v v1 v2 v3 v4 v5 f
v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21
v22 v23 = v7) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_CCR v v1 v2 v3 v4 v5 f v6 f1 f2
f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21 v22
v23 = v8) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_PSR_psr'rst v v1 v2 v3 v4 v5 f
v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21
v22 v23 = v9) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_PSR_Z v v1 v2 v3 v4 v5 f v6 f1
f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21 v22
v23 = v10) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_PSR_V v v1 v2 v3 v4 v5 f v6 f1
f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21 v22
v23 = v11) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_PSR_T v v1 v2 v3 v4 v5 f v6 f1
f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21 v22
v23 = v12) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_PSR_N v v1 v2 v3 v4 v5 f v6 f1
f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21 v22
v23 = v13) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_PSR_ExceptionNumber v v1 v2 v3
v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19
v20 v21 v22 v23 = v14) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_PSR_C v v1 v2 v3 v4 v5 f v6 f1
f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20 v21 v22
v23 = v15) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_CONTROL_nPRIV v v1 v2 v3 v4 v5
f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20
v21 v22 v23 = v16) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_CONTROL_control'rst v v1 v2 v3
v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19
v20 v21 v22 v23 = v17) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_CONTROL_SPSEL v v1 v2 v3 v4 v5
f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20
v21 v22 v23 = v18) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_AIRCR_aircr'rst v v1 v2 v3 v4
v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19
v20 v21 v22 v23 = v19) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_AIRCR_VECTKEY v v1 v2 v3 v4 v5
f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20
v21 v22 v23 = v20) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_AIRCR_VECTCLRACTIVE v v1 v2 v3
v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19
v20 v21 v22 v23 = v21) ∧
(∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_AIRCR_SYSRESETREQ v v1 v2 v3 v4
v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19
v20 v21 v22 v23 = v22) ∧
∀v v1 v2 v3 v4 v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17
v18 v19 v20 v21 v22 v23.
m0_prog.m0_component_CASE m0_prog.m0_c_AIRCR_ENDIANNESS v v1 v2 v3 v4
v5 f v6 f1 f2 f3 v7 v8 v9 v10 v11 v12 v13 v14 v15 v16 v17 v18 v19 v20
v21 v22 v23 = v23
⊦ ¬(m0_prog.m0_c_pending = m0_prog.m0_c_exception) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_count) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_VTOR) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_SHPR3) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_SHPR2) ∧
(∀a. ¬(m0_prog.m0_c_pending = m0_prog.m0_c_REG a)) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_PRIMASK) ∧
(∀a. ¬(m0_prog.m0_c_pending = m0_prog.m0_c_NVIC_IPR a)) ∧
(∀a. ¬(m0_prog.m0_c_pending = m0_prog.m0_c_MEM a)) ∧
(∀a. ¬(m0_prog.m0_c_pending = m0_prog.m0_c_ExceptionActive a)) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_CurrentMode) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_CCR) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_PSR_psr'rst) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_PSR_Z) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_PSR_V) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_PSR_T) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_PSR_N) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_pending = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_count) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_VTOR) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_SHPR3) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_SHPR2) ∧
(∀a. ¬(m0_prog.m0_c_exception = m0_prog.m0_c_REG a)) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_PRIMASK) ∧
(∀a. ¬(m0_prog.m0_c_exception = m0_prog.m0_c_NVIC_IPR a)) ∧
(∀a. ¬(m0_prog.m0_c_exception = m0_prog.m0_c_MEM a)) ∧
(∀a. ¬(m0_prog.m0_c_exception = m0_prog.m0_c_ExceptionActive a)) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_CurrentMode) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_CCR) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_PSR_psr'rst) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_PSR_Z) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_PSR_V) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_PSR_T) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_PSR_N) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_exception = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_VTOR) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_SHPR3) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_SHPR2) ∧
(∀a. ¬(m0_prog.m0_c_count = m0_prog.m0_c_REG a)) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_PRIMASK) ∧
(∀a. ¬(m0_prog.m0_c_count = m0_prog.m0_c_NVIC_IPR a)) ∧
(∀a. ¬(m0_prog.m0_c_count = m0_prog.m0_c_MEM a)) ∧
(∀a. ¬(m0_prog.m0_c_count = m0_prog.m0_c_ExceptionActive a)) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_CurrentMode) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_CCR) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_PSR_psr'rst) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_PSR_Z) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_PSR_V) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_PSR_T) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_PSR_N) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_count = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_SHPR3) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_SHPR2) ∧
(∀a. ¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_REG a)) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_PRIMASK) ∧
(∀a. ¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_NVIC_IPR a)) ∧
(∀a. ¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_MEM a)) ∧
(∀a. ¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_ExceptionActive a)) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_CurrentMode) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_CCR) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_PSR_psr'rst) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_PSR_Z) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_PSR_V) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_PSR_T) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_PSR_N) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_VTOR = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_SHPR2) ∧
(∀a. ¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_REG a)) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_PRIMASK) ∧
(∀a. ¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_NVIC_IPR a)) ∧
(∀a. ¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_MEM a)) ∧
(∀a. ¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_ExceptionActive a)) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_CurrentMode) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_CCR) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_PSR_psr'rst) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_PSR_Z) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_PSR_V) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_PSR_T) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_PSR_N) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_SHPR3 = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
(∀a. ¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_REG a)) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_PRIMASK) ∧
(∀a. ¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_NVIC_IPR a)) ∧
(∀a. ¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_MEM a)) ∧
(∀a. ¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_ExceptionActive a)) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_CurrentMode) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_CCR) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_PSR_psr'rst) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_PSR_Z) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_PSR_V) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_PSR_T) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_PSR_N) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_SHPR2 = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_PRIMASK)) ∧
(∀a' a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_NVIC_IPR a')) ∧
(∀a' a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_MEM a')) ∧
(∀a' a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_ExceptionActive a')) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_CurrentMode)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_CCR)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_PSR_psr'rst)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_PSR_Z)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_PSR_V)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_PSR_T)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_PSR_N)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_PSR_ExceptionNumber)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_PSR_C)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_CONTROL_nPRIV)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_CONTROL_control'rst)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_CONTROL_SPSEL)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_AIRCR_aircr'rst)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_AIRCR_VECTKEY)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_AIRCR_VECTCLRACTIVE)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_AIRCR_SYSRESETREQ)) ∧
(∀a. ¬(m0_prog.m0_c_REG a = m0_prog.m0_c_AIRCR_ENDIANNESS)) ∧
(∀a. ¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_NVIC_IPR a)) ∧
(∀a. ¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_MEM a)) ∧
(∀a. ¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_ExceptionActive a)) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_CurrentMode) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_CCR) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_PSR_psr'rst) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_PSR_Z) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_PSR_V) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_PSR_T) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_PSR_N) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_PRIMASK = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
(∀a' a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_MEM a')) ∧
(∀a' a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_ExceptionActive a')) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_CurrentMode)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_CCR)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_PSR_psr'rst)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_PSR_Z)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_PSR_V)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_PSR_T)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_PSR_N)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_PSR_ExceptionNumber)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_PSR_C)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_CONTROL_nPRIV)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_CONTROL_control'rst)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_CONTROL_SPSEL)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_AIRCR_aircr'rst)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_AIRCR_VECTKEY)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_AIRCR_VECTCLRACTIVE)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_AIRCR_SYSRESETREQ)) ∧
(∀a. ¬(m0_prog.m0_c_NVIC_IPR a = m0_prog.m0_c_AIRCR_ENDIANNESS)) ∧
(∀a' a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_ExceptionActive a')) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_CurrentMode)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_CCR)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_PSR_psr'rst)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_PSR_Z)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_PSR_V)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_PSR_T)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_PSR_N)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_PSR_ExceptionNumber)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_PSR_C)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_CONTROL_nPRIV)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_CONTROL_control'rst)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_CONTROL_SPSEL)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_AIRCR_aircr'rst)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_AIRCR_VECTKEY)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_AIRCR_VECTCLRACTIVE)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_AIRCR_SYSRESETREQ)) ∧
(∀a. ¬(m0_prog.m0_c_MEM a = m0_prog.m0_c_AIRCR_ENDIANNESS)) ∧
(∀a. ¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_CurrentMode)) ∧
(∀a. ¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_CCR)) ∧
(∀a. ¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_PSR_psr'rst)) ∧
(∀a. ¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_PSR_Z)) ∧
(∀a. ¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_PSR_V)) ∧
(∀a. ¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_PSR_T)) ∧
(∀a. ¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_PSR_N)) ∧
(∀a.
¬(m0_prog.m0_c_ExceptionActive a =
m0_prog.m0_c_PSR_ExceptionNumber)) ∧
(∀a. ¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_PSR_C)) ∧
(∀a. ¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_CONTROL_nPRIV)) ∧
(∀a.
¬(m0_prog.m0_c_ExceptionActive a =
m0_prog.m0_c_CONTROL_control'rst)) ∧
(∀a. ¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_CONTROL_SPSEL)) ∧
(∀a. ¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_AIRCR_aircr'rst)) ∧
(∀a. ¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_AIRCR_VECTKEY)) ∧
(∀a.
¬(m0_prog.m0_c_ExceptionActive a =
m0_prog.m0_c_AIRCR_VECTCLRACTIVE)) ∧
(∀a.
¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_AIRCR_SYSRESETREQ)) ∧
(∀a. ¬(m0_prog.m0_c_ExceptionActive a = m0_prog.m0_c_AIRCR_ENDIANNESS)) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_CCR) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_PSR_psr'rst) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_PSR_Z) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_PSR_V) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_PSR_T) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_PSR_N) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_CurrentMode = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_PSR_psr'rst) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_PSR_Z) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_PSR_V) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_PSR_T) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_PSR_N) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_CCR = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_PSR_Z) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_PSR_V) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_PSR_T) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_PSR_N) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_PSR_psr'rst = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_PSR_Z = m0_prog.m0_c_PSR_V) ∧
¬(m0_prog.m0_c_PSR_Z = m0_prog.m0_c_PSR_T) ∧
¬(m0_prog.m0_c_PSR_Z = m0_prog.m0_c_PSR_N) ∧
¬(m0_prog.m0_c_PSR_Z = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_PSR_Z = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_PSR_Z = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_PSR_Z = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_PSR_Z = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_PSR_Z = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_PSR_Z = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_PSR_Z = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_PSR_Z = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_PSR_Z = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_PSR_V = m0_prog.m0_c_PSR_T) ∧
¬(m0_prog.m0_c_PSR_V = m0_prog.m0_c_PSR_N) ∧
¬(m0_prog.m0_c_PSR_V = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_PSR_V = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_PSR_V = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_PSR_V = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_PSR_V = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_PSR_V = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_PSR_V = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_PSR_V = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_PSR_V = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_PSR_V = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_PSR_T = m0_prog.m0_c_PSR_N) ∧
¬(m0_prog.m0_c_PSR_T = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_PSR_T = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_PSR_T = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_PSR_T = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_PSR_T = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_PSR_T = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_PSR_T = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_PSR_T = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_PSR_T = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_PSR_T = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_PSR_N = m0_prog.m0_c_PSR_ExceptionNumber) ∧
¬(m0_prog.m0_c_PSR_N = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_PSR_N = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_PSR_N = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_PSR_N = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_PSR_N = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_PSR_N = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_PSR_N = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_PSR_N = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_PSR_N = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_PSR_ExceptionNumber = m0_prog.m0_c_PSR_C) ∧
¬(m0_prog.m0_c_PSR_ExceptionNumber = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_PSR_ExceptionNumber = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_PSR_ExceptionNumber = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_PSR_ExceptionNumber = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_PSR_ExceptionNumber = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_PSR_ExceptionNumber = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_PSR_ExceptionNumber = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_PSR_ExceptionNumber = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_PSR_C = m0_prog.m0_c_CONTROL_nPRIV) ∧
¬(m0_prog.m0_c_PSR_C = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_PSR_C = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_PSR_C = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_PSR_C = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_PSR_C = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_PSR_C = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_PSR_C = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_CONTROL_nPRIV = m0_prog.m0_c_CONTROL_control'rst) ∧
¬(m0_prog.m0_c_CONTROL_nPRIV = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_CONTROL_nPRIV = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_CONTROL_nPRIV = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_CONTROL_nPRIV = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_CONTROL_nPRIV = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_CONTROL_nPRIV = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_CONTROL_control'rst = m0_prog.m0_c_CONTROL_SPSEL) ∧
¬(m0_prog.m0_c_CONTROL_control'rst = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_CONTROL_control'rst = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_CONTROL_control'rst = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_CONTROL_control'rst = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_CONTROL_control'rst = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_CONTROL_SPSEL = m0_prog.m0_c_AIRCR_aircr'rst) ∧
¬(m0_prog.m0_c_CONTROL_SPSEL = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_CONTROL_SPSEL = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_CONTROL_SPSEL = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_CONTROL_SPSEL = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_AIRCR_aircr'rst = m0_prog.m0_c_AIRCR_VECTKEY) ∧
¬(m0_prog.m0_c_AIRCR_aircr'rst = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_AIRCR_aircr'rst = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_AIRCR_aircr'rst = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_AIRCR_VECTKEY = m0_prog.m0_c_AIRCR_VECTCLRACTIVE) ∧
¬(m0_prog.m0_c_AIRCR_VECTKEY = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_AIRCR_VECTKEY = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_AIRCR_VECTCLRACTIVE = m0_prog.m0_c_AIRCR_SYSRESETREQ) ∧
¬(m0_prog.m0_c_AIRCR_VECTCLRACTIVE = m0_prog.m0_c_AIRCR_ENDIANNESS) ∧
¬(m0_prog.m0_c_AIRCR_SYSRESETREQ = m0_prog.m0_c_AIRCR_ENDIANNESS)
External Type Operators
- →
- bool
- Data
- List
- list
- Option
- option
- Pair
- ×
- Sum
- Data.Sum.+
- Unit
- unit
- List
- HOL4
- bool
- bool.itself
- fcp
- fcp.bit0
- fcp.bit1
- fcp.cart
- ind_type
- ind_type.recspace
- m0
- m0.exception
- m0.m0_state
- m0.AIRCR
- m0.ARM_Exception
- m0.CCR
- m0.CONTROL
- m0.IPR
- m0.Mode
- m0.PRIMASK
- m0.PSR
- m0.RName
- m0.SHPR2
- m0.SHPR3
- bool
- Number
- Natural
- natural
- Natural
External Constants
- =
- select
- Data
- Bool
- ∀
- ∧
- ⇒
- ∃
- ∨
- ¬
- cond
- ⊥
- ⊤
- List
- ::
- []
- all
- Option
- some
- Pair
- ,
- fst
- snd
- Sum
- Data.Sum.left
- Data.Sum.right
- Bool
- Function
- const
- id
- ∘
- HOL4
- alignment
- alignment.aligned
- arithmetic
- arithmetic.-
- arithmetic.BIT2
- arithmetic.DIV2
- basicSize
- basicSize.bool_size
- basicSize.option_size
- bit
- bit.BIT
- blast
- blast.bcarry
- blast.bsum
- blast.BCARRY
- blast.BSUM
- bool
- bool.the_value
- bool.IN
- bool.LET
- bool.TYPE_DEFINITION
- combin
- combin.UPDATE
- fcp
- fcp.dimindex
- fcp.fcp_index
- fcp.FCP
- ind_type
- ind_type.CONSTR
- ind_type.FCONS
- list
- list.GENLIST
- m0
- m0.exception_size
- m0.m0_state_AIRCR
- m0.m0_state_CCR
- m0.m0_state_CONTROL
- m0.m0_state_CurrentMode
- m0.m0_state_ExceptionActive
- m0.m0_state_MEM
- m0.m0_state_NVIC_IPR
- m0.m0_state_PRIMASK
- m0.m0_state_PSR
- m0.m0_state_REG
- m0.m0_state_SHPR2
- m0.m0_state_SHPR3
- m0.m0_state_VTOR
- m0.m0_state_count
- m0.m0_state_exception
- m0.m0_state_pending
- m0.AIRCR_ENDIANNESS
- m0.AIRCR_SYSRESETREQ
- m0.AIRCR_VECTCLRACTIVE
- m0.AIRCR_VECTKEY
- m0.AIRCR_aircr'rst
- m0.ARM_Exception_size
- m0.CCR_size
- m0.CONTROL_SPSEL
- m0.CONTROL_control'rst
- m0.CONTROL_nPRIV
- m0.IPR_size
- m0.Mode_size
- m0.NoException
- m0.PRIMASK_size
- m0.PSR_C
- m0.PSR_ExceptionNumber
- m0.PSR_N
- m0.PSR_T
- m0.PSR_V
- m0.PSR_Z
- m0.PSR_psr'rst
- m0.RName_PC
- m0.RName_size
- m0.SHPR2_size
- m0.SHPR3_size
- m0_step
- m0_step.NextStateM0
- numeral
- numeral.iDUB
- numeral.iSUB
- numeral.iZ
- numeral.iiSUC
- pair
- pair.pair_CASE
- pair.UNCURRY
- pred_set
- pred_set.BIGUNION
- pred_set.DELETE
- pred_set.DISJOINT
- pred_set.EMPTY
- pred_set.FINITE
- pred_set.GSPEC
- pred_set.IMAGE
- pred_set.INSERT
- pred_set.INTER
- pred_set.UNION
- pred_set.UNIV
- prim_rec
- prim_rec.PRE
- prog
- prog.CODE_POOL
- prog.SPEC
- relation
- relation.RESTRICT
- relation.WFREC
- rich_list
- rich_list.COUNT_LIST
- rich_list.COUNT_LIST_AUX
- set_sep
- set_sep.cond
- set_sep.emp
- set_sep.SEP_DISJ
- set_sep.SEP_EXISTS
- set_sep.SEP_F
- set_sep.SEP_HIDE
- set_sep.SPLIT
- set_sep.STAR
- state
- state.FRAME_STATE
- state.NEXT_REL
- state.SELECT_STATE
- state.STATE
- sum
- sum.sum_CASE
- temporal_state
- temporal_state.TEMPORAL_NEXT
- words
- words.dimword
- words.n2w
- words.w2w
- words.word_2comp
- words.word_add
- words.word_bits
- words.word_concat
- words.word_extract
- words.word_join
- words.word_lo
- words.word_lsl
- words.word_mul
- words.word_or
- words.word_sub
- words.BIT_SET
- alignment
- Number
- Natural
- *
- +
- <
- ≤
- >
- ≥
- ↑
- bit1
- div
- even
- min
- mod
- odd
- suc
- zero
- Natural
- Relation
- Relation.empty
- Relation.wellFounded
Assumptions
⊦ ⊤
⊦ pred_set.FINITE pred_set.UNIV
⊦ Relation.wellFounded Relation.empty
⊦ 0 = 0
⊦ 0 < words.dimword bool.the_value
⊦ pred_set.EMPTY x ⇔ ⊥
⊦ ∀x. x = x
⊦ ∀t. ⊥ ⇒ t
⊦ pred_set.FINITE pred_set.UNIV ⇔ pred_set.FINITE pred_set.UNIV
⊦ pred_set.FINITE pred_set.UNIV ⇔ pred_set.FINITE pred_set.UNIV
⊦ 1 < words.dimword bool.the_value
⊦ ¬¬p ⇒ p
⊦ ∀x. ¬bool.IN x pred_set.EMPTY
⊦ ∀x. id x = x
⊦ ∀s. set_sep.SEP_F s ⇔ ⊥
⊦ ∀t. t ∨ ¬t
⊦ (¬) = λt. t ⇒ ⊥
⊦ (∃) = λP. P ((select) P)
⊦ ∀t. (∀x. t) ⇔ t
⊦ ∀t. (λx. t x) = t
⊦ (∀) = λP. P = λx. ⊤
⊦ ¬(p ⇒ q) ⇒ p
⊦ ∀x. x = x ⇔ ⊤
⊦ ∀t. ¬¬t ⇔ t
⊦ fcp.dimindex bool.the_value = arithmetic.BIT2 3
⊦ fcp.dimindex bool.the_value = arithmetic.BIT2 (arithmetic.BIT2 1)
⊦ ¬(p ⇒ q) ⇒ ¬q
⊦ ¬(p ∨ q) ⇒ ¬p
⊦ ¬(p ∨ q) ⇒ ¬q
⊦ ∀A. A ⇒ ¬A ⇒ ⊥
⊦ ∀t. (t ⇒ ⊥) ⇒ ¬t
⊦ ∀n. rich_list.COUNT_LIST n = list.GENLIST id n
⊦ ∀n. rich_list.COUNT_LIST n = rich_list.COUNT_LIST_AUX n []
⊦ set_sep.SEP_EXISTS = λf s. ∃y. f y s
⊦ ∀p. set_sep.SEP_HIDE p = set_sep.SEP_EXISTS (λx. p x)
⊦ (⇒) = λp q. p ∧ q ⇔ p
⊦ fcp.dimindex bool.the_value = arithmetic.BIT2 7
⊦ fcp.dimindex bool.the_value =
arithmetic.BIT2 (bit1 (bit1 (arithmetic.BIT2 0)))
⊦ ∀t. (t ⇔ ⊤) ∨ (t ⇔ ⊥)
⊦ ∀n. arithmetic.DIV2 n = n div arithmetic.BIT2 0
⊦ ∀s.
pred_set.DISJOINT pred_set.EMPTY s ∧ pred_set.DISJOINT s pred_set.EMPTY
⊦ ∀x. (fst x, snd x) = x
⊦ ∀x y. fst (x, y) = x
⊦ ∀x y. snd (x, y) = y
⊦ ∀n. words.n2w n = fcp.FCP (λi. bit.BIT i n)
⊦ ∀f x. bool.LET f x = f x
⊦ ∀P x. P x ⇒ P ((select) P)
⊦ fcp.dimindex bool.the_value = arithmetic.BIT2 15
⊦ pair.pair_CASE (x, y) f = f x y
⊦ ∀n. words.n2w (n mod words.dimword bool.the_value) = words.n2w n
⊦ ∀x. ∃q r. x = (q, r)
⊦ ∀x c q. prog.SPEC x set_sep.SEP_F c q
⊦ ∀x c q. temporal_state.TEMPORAL_NEXT x set_sep.SEP_F c q
⊦ ∀x y. x = y ⇔ y = x
⊦ ∀A B. A ∨ B ⇔ B ∨ A
⊦ ∀v w. words.word_add v w = words.word_add w v
⊦ ∀p q. set_sep.STAR p q = set_sep.STAR q p
⊦ (¬A ⇒ ⊥) ⇒ (A ⇒ ⊥) ⇒ ⊥
⊦ ∀n. 0 < n ⇒ 0 mod n = 0
⊦ ∀w.
words.word_2comp w = words.word_mul (words.word_2comp (words.n2w 1)) w
⊦ ∀x y. pred_set.INSERT y pred_set.EMPTY x ⇔ x = y
⊦ ∀A B. A ⇒ B ⇔ ¬A ∨ B
⊦ ∀v w. words.word_sub v w = words.word_add v (words.word_2comp w)
⊦ ∀v w. words.word_concat v w = words.w2w (words.word_join v w)
⊦ (∧) = λp q. (λf. f p q) = λf. f ⊤ ⊤
⊦ ∀P. ¬(∀x. P x) ⇔ ∃x. ¬P x
⊦ (∃) = λP. ∀q. (∀x. P x ⇒ q) ⇒ q
⊦ ∀A B. ¬(A ⇒ B) ⇔ A ∧ ¬B
⊦ ∀i n. bit.BIT i n ⇔ bool.IN i (words.BIT_SET 0 n)
⊦ ∀h l. words.word_extract h l = words.w2w ∘ words.word_bits h l
⊦ ∀n k. k < n ⇒ k mod n = k
⊦ ∀s t. pred_set.DISJOINT s t ⇔ pred_set.INTER s t = pred_set.EMPTY
⊦ ∀s P.
pred_set.BIGUNION (pred_set.INSERT s P) =
pred_set.UNION s (pred_set.BIGUNION P)
⊦ ∀f g x. (f ∘ g) x = f (g x)
⊦ ∀m n. words.word_add (words.n2w m) (words.n2w n) = words.n2w (m + n)
⊦ ∀w v. words.word_sub v w = words.n2w 0 ⇔ v = w
⊦ ∀instr c.
prog.CODE_POOL instr c =
pred_set.INSERT (pred_set.BIGUNION (pred_set.IMAGE instr c))
pred_set.EMPTY
⊦ ∀i. i < fcp.dimindex bool.the_value ⇒ fcp.fcp_index (fcp.FCP g) i = g i
⊦ ∀f g. f = g ⇔ ∀x. f x = g x
⊦ ∀f v. (∀x. x = v ⇒ f x) ⇔ f v
⊦ ∀P a. (∃x. x = a ∧ P x) ⇔ P a
⊦ ∀P t. (∀x. x = t ⇒ P x) ⇒ (∃) P
⊦ ∀ss. (∃x. ss = Data.Sum.left x) ∨ ∃y. ss = Data.Sum.right y
⊦ ∀f x y. pair.UNCURRY f (x, y) = f x y
⊦ (∨) = λt1 t2. ∀t. (t1 ⇒ t) ⇒ (t2 ⇒ t) ⇒ t
⊦ ∀t1 t2. (t1 ⇒ t2) ⇒ (t2 ⇒ t1) ⇒ (t1 ⇔ t2)
⊦ (p ⇔ ¬q) ⇔ (p ∨ q) ∧ (¬q ∨ ¬p)
⊦ (∀s. pred_set.INTER pred_set.EMPTY s = pred_set.EMPTY) ∧
∀s. pred_set.INTER s pred_set.EMPTY = pred_set.EMPTY
⊦ (∀s. pred_set.UNION pred_set.EMPTY s = s) ∧
∀s. pred_set.UNION s pred_set.EMPTY = s
⊦ ¬(¬A ∨ B) ⇒ ⊥ ⇔ A ⇒ ¬B ⇒ ⊥
⊦ ¬(A ∨ B) ⇒ ⊥ ⇔ (A ⇒ ⊥) ⇒ ¬B ⇒ ⊥
⊦ ∀x s t.
pred_set.UNION (pred_set.INSERT x s) t =
pred_set.INSERT x (pred_set.UNION s t)
⊦ ∀t1 t2 t3. t1 ⇒ t2 ⇒ t3 ⇔ t1 ∧ t2 ⇒ t3
⊦ ∀v w x.
words.word_add v (words.word_add w x) =
words.word_add (words.word_add v w) x
⊦ ∀v w x. words.word_add v w = words.word_add v x ⇔ w = x
⊦ ∀v w x. words.word_add v w = words.word_add x w ⇔ v = x
⊦ ∀v w x. words.word_sub v w = words.word_sub x w ⇔ v = x
⊦ ∀x y.
words.word_add x y =
fcp.FCP (λi. blast.BSUM i (fcp.fcp_index x) (fcp.fcp_index y) ⊥)
⊦ ∀v w.
words.word_or v w = fcp.FCP (λi. fcp.fcp_index v i ∨ fcp.fcp_index w i)
⊦ ∀p q r.
set_sep.STAR p (set_sep.STAR q r) = set_sep.STAR (set_sep.STAR p q) r
⊦ ∀t1 t2. (if ⊤ then t1 else t2) = t1 ∧ (if ⊥ then t1 else t2) = t2
⊦ ∀n m. arithmetic.- n m = if m < n then numeral.iSUB ⊤ n m else 0
⊦ ∀n. all P (list.GENLIST f n) ⇔ ∀i. i < n ⇒ P (f i)
⊦ fcp.dimindex bool.the_value =
if pred_set.FINITE pred_set.UNIV ∧ pred_set.FINITE pred_set.UNIV then
fcp.dimindex bool.the_value + fcp.dimindex bool.the_value
else 1
⊦ (∀w. words.word_add w (words.n2w 0) = w) ∧
∀w. words.word_add (words.n2w 0) w = w
⊦ ∀x y s. pred_set.INSERT y s x ⇔ x = y ∨ bool.IN x s
⊦ ∀x y c. blast.bsum x y c ⇔ (x ⇔ ¬y) ⇔ ¬c
⊦ ∀f x s.
pred_set.IMAGE f (pred_set.INSERT x s) =
pred_set.INSERT (f x) (pred_set.IMAGE f s)
⊦ ∀s t x. pred_set.INTER s t x ⇔ bool.IN x s ∧ bool.IN x t
⊦ ∀s t x. pred_set.UNION s t x ⇔ bool.IN x s ∨ bool.IN x t
⊦ (∀t. ¬¬t ⇔ t) ∧ (¬⊤ ⇔ ⊥) ∧ (¬⊥ ⇔ ⊤)
⊦ ∀x y s. bool.IN x (pred_set.INSERT y s) ⇔ x = y ∨ bool.IN x s
⊦ ∀A B C. A ∨ B ∧ C ⇔ (A ∨ B) ∧ (A ∨ C)
⊦ ∀A B C. B ∧ C ∨ A ⇔ (B ∨ A) ∧ (C ∨ A)
⊦ ∀s t x. bool.IN x (pred_set.UNION s t) ⇔ bool.IN x s ∨ bool.IN x t
⊦ ∀v w x.
words.word_mul (words.word_add v w) x =
words.word_add (words.word_mul v x) (words.word_mul w x)
⊦ ∀m n.
words.n2w m = words.n2w n ⇔
m mod words.dimword bool.the_value = n mod words.dimword bool.the_value
⊦ ∀x y.
words.word_lo x y ⇔
¬blast.BCARRY (fcp.dimindex bool.the_value) (fcp.fcp_index x)
((¬) ∘ fcp.fcp_index y) ⊤
⊦ ∀x s t.
pred_set.DISJOINT t (pred_set.INSERT x s) ⇔
pred_set.DISJOINT t s ∧ ¬bool.IN x t
⊦ ∀x y c. blast.bcarry x y c ⇔ x ∧ y ∨ (x ∨ y) ∧ c
⊦ ∀s u v.
set_sep.SPLIT s (u, v) ⇔ pred_set.UNION u v = s ∧ pred_set.DISJOINT u v
⊦ ∀y s f. bool.IN y (pred_set.IMAGE f s) ⇔ ∃x. y = f x ∧ bool.IN x s
⊦ ∀v w.
words.word_join v w =
bool.LET
(bool.LET
(λcv cw.
words.word_or (words.word_lsl cv (fcp.dimindex bool.the_value))
cw) (words.w2w v)) (words.w2w w)
⊦ arithmetic.DIV2 0 = 0 ∧ (∀n. arithmetic.DIV2 (bit1 n) = n) ∧
∀n. arithmetic.DIV2 (arithmetic.BIT2 n) = suc n
⊦ ∀x y.
x = y ⇔
∀i.
i < fcp.dimindex bool.the_value ⇒
fcp.fcp_index x i = fcp.fcp_index y i
⊦ (∀l. rich_list.COUNT_LIST_AUX 0 l = l) ∧
∀n l.
rich_list.COUNT_LIST_AUX (suc n) l =
rich_list.COUNT_LIST_AUX n (n :: l)
⊦ ∀x y a b. (x, y) = (a, b) ⇔ x = a ∧ y = b
⊦ ∀w i.
i < fcp.dimindex bool.the_value ⇒
(fcp.fcp_index (words.w2w w) i ⇔
i < fcp.dimindex bool.the_value ∧ fcp.fcp_index w i)
⊦ ∀Fn. ∃f. ∀c i r. f (ind_type.CONSTR c i r) = Fn c i r (λn. f (r n))
⊦ ∀n.
numeral.iDUB (bit1 n) = arithmetic.BIT2 (numeral.iDUB n) ∧
numeral.iDUB (arithmetic.BIT2 n) = arithmetic.BIT2 (bit1 n) ∧
numeral.iDUB 0 = 0
⊦ ∀p q. set_sep.STAR p q = λs. ∃u v. set_sep.SPLIT s (u, v) ∧ p u ∧ q v
⊦ ∀i x y c.
blast.BSUM i x y c ⇔ blast.bsum (x i) (y i) (blast.BCARRY i x y c)
⊦ (p ⇔ q ⇒ r) ⇔ (p ∨ q) ∧ (p ∨ ¬r) ∧ (¬q ∨ r ∨ ¬p)
⊦ (p ⇔ q ∨ r) ⇔ (p ∨ ¬q) ∧ (p ∨ ¬r) ∧ (q ∨ r ∨ ¬p)
⊦ min 0 x = 0 ∧ min x 0 = 0 ∧ min x y = if x < y then x else y
⊦ ∀x s t.
pred_set.INTER (pred_set.INSERT x s) t =
if bool.IN x t then pred_set.INSERT x (pred_set.INTER s t)
else pred_set.INTER s t
⊦ ∀w n.
words.word_lsl w n =
fcp.FCP
(λi.
i < fcp.dimindex bool.the_value ∧ n ≤ i ∧
fcp.fcp_index w (arithmetic.- i n))
⊦ ∀R. Relation.wellFounded R ⇒ ∀P. (∀x. (∀y. R y x ⇒ P y) ⇒ P x) ⇒ ∀x. P x
⊦ (∀a f. ind_type.FCONS a f 0 = a) ∧
∀a f n. ind_type.FCONS a f (suc n) = f n
⊦ ∀x x' y y'. (x ⇔ x') ∧ (x' ⇒ (y ⇔ y')) ⇒ (x ⇒ y ⇔ x' ⇒ y')
⊦ ∀n k r. (∃q. k = q * n + r ∧ r < n) ⇒ k mod n = r
⊦ (p ⇔ q ∧ r) ⇔ (p ∨ ¬q ∨ ¬r) ∧ (q ∨ ¬p) ∧ (r ∨ ¬p)
⊦ suc 0 = 1 ∧ (∀n. suc (bit1 n) = arithmetic.BIT2 n) ∧
∀n. suc (arithmetic.BIT2 n) = bit1 (suc n)
⊦ ∀x p c q g.
prog.SPEC x (set_sep.STAR p (set_sep.cond g)) c q ⇔
g ⇒ prog.SPEC x p c q
⊦ ∀x p c q g.
temporal_state.TEMPORAL_NEXT x (set_sep.STAR p (set_sep.cond g)) c q ⇔
g ⇒ temporal_state.TEMPORAL_NEXT x p c q
⊦ ∀A B. (¬(A ∧ B) ⇔ ¬A ∨ ¬B) ∧ (¬(A ∨ B) ⇔ ¬A ∧ ¬B)
⊦ ∀M R f.
f = relation.WFREC R M ⇒ Relation.wellFounded R ⇒
∀x. f x = M (relation.RESTRICT f R x) x
⊦ (∀P. all P [] ⇔ ⊤) ∧ ∀P h t. all P (h :: t) ⇔ P h ∧ all P t
⊦ ∀n.
even 0 ∧ even (arithmetic.BIT2 n) ∧ ¬even (bit1 n) ∧ ¬odd 0 ∧
¬odd (arithmetic.BIT2 n) ∧ odd (bit1 n)
⊦ ∀a b c.
pred_set.DISJOINT a b ⇒
set_sep.STAR (pred_set.INSERT (pred_set.UNION a b) pred_set.EMPTY) c =
set_sep.STAR
(set_sep.STAR (pred_set.INSERT a pred_set.EMPTY)
(pred_set.INSERT b pred_set.EMPTY)) c
⊦ ∀h l.
words.word_bits h l =
λw.
fcp.FCP
(λi.
i + l ≤ min h (arithmetic.- (fcp.dimindex bool.the_value) 1) ∧
fcp.fcp_index w (i + l))
⊦ bool.TYPE_DEFINITION =
λP rep.
(∀x' x''. rep x' = rep x'' ⇒ x' = x'') ∧ ∀x. P x ⇔ ∃x'. x = rep x'
⊦ (∀x f f1. sum.sum_CASE (Data.Sum.left x) f f1 = f x) ∧
∀y f f1. sum.sum_CASE (Data.Sum.right y) f f1 = f1 y
⊦ ∀t. ((⊤ ⇔ t) ⇔ t) ∧ ((t ⇔ ⊤) ⇔ t) ∧ ((⊥ ⇔ t) ⇔ ¬t) ∧ ((t ⇔ ⊥) ⇔ ¬t)
⊦ ∀P.
(∃rep. bool.TYPE_DEFINITION P rep) ⇒
∃rep abs. (∀a. abs (rep a) = a) ∧ ∀r. P r ⇔ rep (abs r) = r
⊦ ∀t. (⊤ ∧ t ⇔ t) ∧ (t ∧ ⊤ ⇔ t) ∧ (⊥ ∧ t ⇔ ⊥) ∧ (t ∧ ⊥ ⇔ ⊥) ∧ (t ∧ t ⇔ t)
⊦ ∀t. (⊤ ∨ t ⇔ ⊤) ∧ (t ∨ ⊤ ⇔ ⊤) ∧ (⊥ ∨ t ⇔ t) ∧ (t ∨ ⊥ ⇔ t) ∧ (t ∨ t ⇔ t)
⊦ ∀n i.
words.BIT_SET i n =
if n = 0 then pred_set.EMPTY
else if odd n then
pred_set.INSERT i (words.BIT_SET (suc i) (n div arithmetic.BIT2 0))
else words.BIT_SET (suc i) (n div arithmetic.BIT2 0)
⊦ ∀x p c q.
prog.SPEC x (set_sep.STAR (prog.CODE_POOL (fst (snd (snd x))) c) p)
pred_set.EMPTY
(set_sep.STAR (prog.CODE_POOL (fst (snd (snd x))) c) q) ⇔
prog.SPEC x p c q
⊦ ∀x p c q.
temporal_state.TEMPORAL_NEXT x
(set_sep.STAR (prog.CODE_POOL (fst (snd (snd x))) c) p)
pred_set.EMPTY
(set_sep.STAR (prog.CODE_POOL (fst (snd (snd x))) c) q) ⇔
temporal_state.TEMPORAL_NEXT x p c q
⊦ ∀t. (⊤ ⇒ t ⇔ t) ∧ (t ⇒ ⊤ ⇔ ⊤) ∧ (⊥ ⇒ t ⇔ ⊤) ∧ (t ⇒ t ⇔ ⊤) ∧ (t ⇒ ⊥ ⇔ ¬t)
⊦ (∀s t.
pred_set.DISJOINT (pred_set.BIGUNION s) t ⇔
∀s'. bool.IN s' s ⇒ pred_set.DISJOINT s' t) ∧
∀s t.
pred_set.DISJOINT t (pred_set.BIGUNION s) ⇔
∀s'. bool.IN s' s ⇒ pred_set.DISJOINT t s'
⊦ ∀P Q x x' y y'.
(P ⇔ Q) ∧ (Q ⇒ x = x') ∧ (¬Q ⇒ y = y') ⇒
(if P then x else y) = if Q then x' else y'
⊦ (p ⇔ q ⇔ r) ⇔ (p ∨ q ∨ r) ∧ (p ∨ ¬r ∨ ¬q) ∧ (q ∨ ¬r ∨ ¬p) ∧ (r ∨ ¬q ∨ ¬p)
⊦ (∀x y c. blast.BCARRY 0 x y c ⇔ c) ∧
∀i x y c.
blast.BCARRY (suc i) x y c ⇔
blast.bcarry (x i) (y i) (blast.BCARRY i x y c)
⊦ words.dimword bool.the_value = arithmetic.BIT2 2147483647
⊦ ∀f g.
(∀n. g (suc n) = f n (suc n)) ⇔
(∀n. g (bit1 n) = f (arithmetic.- (bit1 n) 1) (bit1 n)) ∧
∀n. g (arithmetic.BIT2 n) = f (bit1 n) (arithmetic.BIT2 n)
⊦ (∀m n.
words.word_add (words.word_2comp (words.n2w m))
(words.word_2comp (words.n2w n)) =
words.word_2comp (words.n2w (m + n))) ∧
∀m n.
words.word_add (words.n2w m) (words.word_2comp (words.n2w n)) =
if n ≤ m then words.n2w (arithmetic.- m n)
else words.word_2comp (words.n2w (arithmetic.- n m))
⊦ ∀f.
(∀x y z. f x (f y z) = f (f x y) z) ⇒ (∀x y. f x y = f y x) ⇒
∀x y z. f x (f y z) = f y (f x z)
⊦ ∀v w.
words.word_mul (words.n2w 0) v = words.n2w 0 ∧
words.word_mul v (words.n2w 0) = words.n2w 0 ∧
words.word_mul (words.n2w 1) v = v ∧
words.word_mul v (words.n2w 1) = v ∧
words.word_mul (words.word_add v (words.n2w 1)) w =
words.word_add (words.word_mul v w) w ∧
words.word_mul v (words.word_add w (words.n2w 1)) =
words.word_add v (words.word_mul v w)
⊦ ∀n m.
(0 ≤ n ⇔ ⊤) ∧ (bit1 n ≤ 0 ⇔ ⊥) ∧ (arithmetic.BIT2 n ≤ 0 ⇔ ⊥) ∧
(bit1 n ≤ bit1 m ⇔ n ≤ m) ∧ (bit1 n ≤ arithmetic.BIT2 m ⇔ n ≤ m) ∧
(arithmetic.BIT2 n ≤ bit1 m ⇔ ¬(m ≤ n)) ∧
(arithmetic.BIT2 n ≤ arithmetic.BIT2 m ⇔ n ≤ m)
⊦ ∀n m.
(0 < bit1 n ⇔ ⊤) ∧ (0 < arithmetic.BIT2 n ⇔ ⊤) ∧ (n < 0 ⇔ ⊥) ∧
(bit1 n < bit1 m ⇔ n < m) ∧
(arithmetic.BIT2 n < arithmetic.BIT2 m ⇔ n < m) ∧
(bit1 n < arithmetic.BIT2 m ⇔ ¬(m < n)) ∧
(arithmetic.BIT2 n < bit1 m ⇔ n < m)
⊦ ∀n m.
(0 = bit1 n ⇔ ⊥) ∧ (bit1 n = 0 ⇔ ⊥) ∧ (0 = arithmetic.BIT2 n ⇔ ⊥) ∧
(arithmetic.BIT2 n = 0 ⇔ ⊥) ∧ (bit1 n = arithmetic.BIT2 m ⇔ ⊥) ∧
(arithmetic.BIT2 n = bit1 m ⇔ ⊥) ∧ (bit1 n = bit1 m ⇔ n = m) ∧
(arithmetic.BIT2 n = arithmetic.BIT2 m ⇔ n = m)
⊦ ∀m next instr c p q.
(∀y s.
set_sep.STAR p (prog.CODE_POOL instr c) (state.SELECT_STATE m y s) ⇒
∃v.
next s = some v ∧
set_sep.STAR q (prog.CODE_POOL instr c)
(state.SELECT_STATE m y v) ∧
state.FRAME_STATE m y s = state.FRAME_STATE m y v) ⇒
prog.SPEC (state.STATE m, state.NEXT_REL (=) next, instr, (=), const ⊥)
p c q
⊦ ∀m next instr less avoid c p q.
(∀y s.
set_sep.STAR p (prog.CODE_POOL instr c) (state.SELECT_STATE m y s) ⇒
∃v.
next s = some v ∧
set_sep.STAR q (prog.CODE_POOL instr c)
(state.SELECT_STATE m y v) ∧
state.FRAME_STATE m y s = state.FRAME_STATE m y v) ⇒
temporal_state.TEMPORAL_NEXT
(state.STATE m, state.NEXT_REL (=) next, instr, less, avoid) p c q
⊦ ∀y x single_c map_c.
(∀c d.
single_c c d =
pred_set.INSERT (pred_set.INSERT (x c, y d) pred_set.EMPTY)
pred_set.EMPTY) ⇒
(∀a b. x a = x b ⇔ a = b) ∧
(∀df f.
map_c df f =
pred_set.INSERT
(pred_set.BIGUNION
(pred_set.GSPEC
(λc. (pred_set.BIGUNION (single_c c (f c)), bool.IN c df))))
pred_set.EMPTY) ⇒
∀f df c d.
bool.IN c df ⇒
set_sep.STAR (single_c c d) (map_c (pred_set.DELETE df c) f) =
map_c df (combin.UPDATE c d f)
⊦ ∀b n m.
numeral.iSUB b 0 x = 0 ∧ numeral.iSUB ⊤ n 0 = n ∧
numeral.iSUB ⊥ (bit1 n) 0 = numeral.iDUB n ∧
numeral.iSUB ⊤ (bit1 n) (bit1 m) = numeral.iDUB (numeral.iSUB ⊤ n m) ∧
numeral.iSUB ⊥ (bit1 n) (bit1 m) = bit1 (numeral.iSUB ⊥ n m) ∧
numeral.iSUB ⊤ (bit1 n) (arithmetic.BIT2 m) =
bit1 (numeral.iSUB ⊥ n m) ∧
numeral.iSUB ⊥ (bit1 n) (arithmetic.BIT2 m) =
numeral.iDUB (numeral.iSUB ⊥ n m) ∧
numeral.iSUB ⊥ (arithmetic.BIT2 n) 0 = bit1 n ∧
numeral.iSUB ⊤ (arithmetic.BIT2 n) (bit1 m) =
bit1 (numeral.iSUB ⊤ n m) ∧
numeral.iSUB ⊥ (arithmetic.BIT2 n) (bit1 m) =
numeral.iDUB (numeral.iSUB ⊤ n m) ∧
numeral.iSUB ⊤ (arithmetic.BIT2 n) (arithmetic.BIT2 m) =
numeral.iDUB (numeral.iSUB ⊤ n m) ∧
numeral.iSUB ⊥ (arithmetic.BIT2 n) (arithmetic.BIT2 m) =
bit1 (numeral.iSUB ⊥ n m)
⊦ ∀p q t c c'.
set_sep.STAR (set_sep.SEP_EXISTS (λv. p v)) q =
set_sep.SEP_EXISTS (λv. set_sep.STAR (p v) q) ∧
set_sep.STAR q (set_sep.SEP_EXISTS (λv. p v)) =
set_sep.SEP_EXISTS (λv. set_sep.STAR q (p v)) ∧
set_sep.SEP_DISJ (set_sep.SEP_EXISTS (λv. p v)) q =
set_sep.SEP_EXISTS (λv. set_sep.SEP_DISJ (p v) q) ∧
set_sep.SEP_DISJ q (set_sep.SEP_EXISTS (λv. p v)) =
set_sep.SEP_EXISTS (λv. set_sep.SEP_DISJ q (p v)) ∧
set_sep.SEP_EXISTS (λv. q) = q ∧
set_sep.SEP_EXISTS (λv. set_sep.STAR (p v) (set_sep.cond (v = x))) =
p x ∧ set_sep.SEP_DISJ q set_sep.SEP_F = q ∧
set_sep.SEP_DISJ set_sep.SEP_F q = q ∧
set_sep.STAR set_sep.SEP_F q = set_sep.SEP_F ∧
set_sep.STAR q set_sep.SEP_F = set_sep.SEP_F ∧
set_sep.SEP_DISJ r r = r ∧
set_sep.STAR q (set_sep.SEP_DISJ r t) =
set_sep.SEP_DISJ (set_sep.STAR q r) (set_sep.STAR q t) ∧
set_sep.STAR (set_sep.SEP_DISJ r t) q =
set_sep.SEP_DISJ (set_sep.STAR r q) (set_sep.STAR t q) ∧
set_sep.SEP_DISJ (set_sep.cond c) (set_sep.cond c') =
set_sep.cond (c ∨ c') ∧
set_sep.STAR (set_sep.cond c) (set_sep.cond c') =
set_sep.cond (c ∧ c') ∧ set_sep.cond ⊤ = set_sep.emp ∧
set_sep.cond ⊥ = set_sep.SEP_F ∧ set_sep.STAR set_sep.emp q = q ∧
set_sep.STAR q set_sep.emp = q
⊦ ∀n m.
numeral.iZ (0 + n) = n ∧ numeral.iZ (n + 0) = n ∧
numeral.iZ (bit1 n + bit1 m) = arithmetic.BIT2 (numeral.iZ (n + m)) ∧
numeral.iZ (bit1 n + arithmetic.BIT2 m) = bit1 (suc (n + m)) ∧
numeral.iZ (arithmetic.BIT2 n + bit1 m) = bit1 (suc (n + m)) ∧
numeral.iZ (arithmetic.BIT2 n + arithmetic.BIT2 m) =
arithmetic.BIT2 (suc (n + m)) ∧ suc (0 + n) = suc n ∧
suc (n + 0) = suc n ∧ suc (bit1 n + bit1 m) = bit1 (suc (n + m)) ∧
suc (bit1 n + arithmetic.BIT2 m) = arithmetic.BIT2 (suc (n + m)) ∧
suc (arithmetic.BIT2 n + bit1 m) = arithmetic.BIT2 (suc (n + m)) ∧
suc (arithmetic.BIT2 n + arithmetic.BIT2 m) =
bit1 (numeral.iiSUC (n + m)) ∧
numeral.iiSUC (0 + n) = numeral.iiSUC n ∧
numeral.iiSUC (n + 0) = numeral.iiSUC n ∧
numeral.iiSUC (bit1 n + bit1 m) = arithmetic.BIT2 (suc (n + m)) ∧
numeral.iiSUC (bit1 n + arithmetic.BIT2 m) =
bit1 (numeral.iiSUC (n + m)) ∧
numeral.iiSUC (arithmetic.BIT2 n + bit1 m) =
bit1 (numeral.iiSUC (n + m)) ∧
numeral.iiSUC (arithmetic.BIT2 n + arithmetic.BIT2 m) =
arithmetic.BIT2 (numeral.iiSUC (n + m))
⊦ (∀n. 0 + n = n) ∧ (∀n. n + 0 = n) ∧ (∀n m. n + m = numeral.iZ (n + m)) ∧
(∀n. 0 * n = 0) ∧ (∀n. n * 0 = 0) ∧ (∀n m. n * m = n * m) ∧
(∀n. arithmetic.- 0 n = 0) ∧ (∀n. arithmetic.- n 0 = n) ∧
(∀n m. arithmetic.- n m = arithmetic.- n m) ∧ (∀n. 0 ↑ bit1 n = 0) ∧
(∀n. 0 ↑ arithmetic.BIT2 n = 0) ∧ (∀n. n ↑ 0 = 1) ∧
(∀n m. n ↑ m = n ↑ m) ∧ suc 0 = 1 ∧ (∀n. suc n = suc n) ∧
prim_rec.PRE 0 = 0 ∧ (∀n. prim_rec.PRE n = prim_rec.PRE n) ∧
(∀n. n = 0 ⇔ n = 0) ∧ (∀n. 0 = n ⇔ n = 0) ∧ (∀n m. n = m ⇔ n = m) ∧
(∀n. n < 0 ⇔ ⊥) ∧ (∀n. 0 < n ⇔ 0 < n) ∧ (∀n m. n < m ⇔ n < m) ∧
(∀n. 0 > n ⇔ ⊥) ∧ (∀n. n > 0 ⇔ 0 < n) ∧ (∀n m. n > m ⇔ m < n) ∧
(∀n. 0 ≤ n ⇔ ⊤) ∧ (∀n. n ≤ 0 ⇔ n ≤ 0) ∧ (∀n m. n ≤ m ⇔ n ≤ m) ∧
(∀n. n ≥ 0 ⇔ ⊤) ∧ (∀n. 0 ≥ n ⇔ n = 0) ∧ (∀n m. n ≥ m ⇔ m ≤ n) ∧
(∀n. odd n ⇔ odd n) ∧ (∀n. even n ⇔ even n) ∧ ¬odd 0 ∧ even 0