-- 定义与门行为
def and_gate (a b : Bool) : Bool :=
  a && b

-- 验证真值表
example : and_gate false false = false := by simp
example : and_gate true false = false := by simp
example : and_gate true true = true := by simp

structure DFF (α : Type) where
  clk : Bool
  input : α
  output : α

def dff_step (d : DFF α) : DFF α :=
  if d.clk then {d with output := d.input} else d

theorem dff_correct (d : DFF α) (h : d.clk = true) :
  (dff_step d).output = d.input := by
  simp [dff_step, h]

inductive PipelineStage
  | Fetch | Decode | Execute | Memory | WriteBack

structure PipelineHazard where
  stage1 : PipelineStage
  stage2 : PipelineStage
  condition : Prop

def detect_hazard (h : PipelineHazard) : Bool :=
  h.condition

inductive CacheState
  | Modified | Exclusive | Shared | Invalid

def mesi_transition (current : CacheState) (event : String) : CacheState :=
  match current, event with
  | Invalid, "ReadMiss" => Shared
  | Shared, "WriteHit" => Modified
  | Modified, "Evict" => Invalid
  | _, _ => current

theorem no_duplicate_modified :
  ∀ (s1 s2 : CacheState),
  s1 = Modified → s2 = Modified → s1 = s2 := by
  intros s1 s2 h1 h2
  rw [h1, h2]

structure CSR where
  mstatus : Nat
  mie : Nat
  mip : Nat

def handle_trap (csr : CSR) : CSR :=
  { csr with mstatus := csr.mstatus ||| 0x8 }

theorem interrupt_masking :
  (handle_trap csr).mie = 0 →
  ¬interrupt_pending csr :=
  by sorry  -- 实际证明需构建完整的模型

axiom address_stability :
  ∀ (t : AHBTransfer),
  t.hready = true →
  t.hsel = true →
  t.address = t.next_address