crefine: update for PR seL4/seL4#321
The aim of the PR was readability, but it actually also brings the C more in line with the spec. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This commit is contained in:
parent
614e24ee10
commit
46a1d2509a
|
@ -324,8 +324,8 @@ next
|
||||||
unat guardBits = capCNodeGuardSize cap;
|
unat guardBits = capCNodeGuardSize cap;
|
||||||
\<not> guard < capCNodeBits cap + capCNodeGuardSize cap \<rbrakk> \<Longrightarrow>
|
\<not> guard < capCNodeBits cap + capCNodeGuardSize cap \<rbrakk> \<Longrightarrow>
|
||||||
\<forall>s s'. (s, s') \<in> rf_sr \<and> True \<and> True \<longrightarrow>
|
\<forall>s s'. (s, s') \<in> rf_sr \<and> True \<and> True \<longrightarrow>
|
||||||
(guard = capCNodeBits cap + capCNodeGuardSize cap) = (s' \<in> \<lbrace>nb \<le> radixBits + guardBits\<rbrace>)"
|
(guard = capCNodeBits cap + capCNodeGuardSize cap) = (s' \<in> \<lbrace>nb = radixBits + guardBits\<rbrace>)"
|
||||||
by (simp add: Collect_const_mem word_le_nat_alt unat_word_ariths)
|
by clarsimp unat_arith
|
||||||
|
|
||||||
have cond4:
|
have cond4:
|
||||||
"\<And>rva nodeCapb ret__unsigned_long.
|
"\<And>rva nodeCapb ret__unsigned_long.
|
||||||
|
|
|
@ -360,8 +360,8 @@ next
|
||||||
unat guardBits = capCNodeGuardSize cap;
|
unat guardBits = capCNodeGuardSize cap;
|
||||||
\<not> guard < capCNodeBits cap + capCNodeGuardSize cap \<rbrakk> \<Longrightarrow>
|
\<not> guard < capCNodeBits cap + capCNodeGuardSize cap \<rbrakk> \<Longrightarrow>
|
||||||
\<forall>s s'. (s, s') \<in> rf_sr \<and> True \<and> True \<longrightarrow>
|
\<forall>s s'. (s, s') \<in> rf_sr \<and> True \<and> True \<longrightarrow>
|
||||||
(guard = capCNodeBits cap + capCNodeGuardSize cap) = (s' \<in> \<lbrace>nb \<le> radixBits + guardBits\<rbrace>)"
|
(guard = capCNodeBits cap + capCNodeGuardSize cap) = (s' \<in> \<lbrace>nb = radixBits + guardBits\<rbrace>)"
|
||||||
by (simp add: Collect_const_mem word_le_nat_alt unat_word_ariths)
|
by clarsimp unat_arith
|
||||||
|
|
||||||
have cond4:
|
have cond4:
|
||||||
"\<And>rva nodeCapb ret__unsigned_long.
|
"\<And>rva nodeCapb ret__unsigned_long.
|
||||||
|
|
|
@ -362,8 +362,8 @@ next
|
||||||
unat guardBits = capCNodeGuardSize cap;
|
unat guardBits = capCNodeGuardSize cap;
|
||||||
\<not> guard < capCNodeBits cap + capCNodeGuardSize cap \<rbrakk> \<Longrightarrow>
|
\<not> guard < capCNodeBits cap + capCNodeGuardSize cap \<rbrakk> \<Longrightarrow>
|
||||||
\<forall>s s'. (s, s') \<in> rf_sr \<and> True \<and> True \<longrightarrow>
|
\<forall>s s'. (s, s') \<in> rf_sr \<and> True \<and> True \<longrightarrow>
|
||||||
(guard = capCNodeBits cap + capCNodeGuardSize cap) = (s' \<in> \<lbrace>nb \<le> radixBits + guardBits\<rbrace>)"
|
(guard = capCNodeBits cap + capCNodeGuardSize cap) = (s' \<in> \<lbrace>nb = radixBits + guardBits\<rbrace>)"
|
||||||
by (simp add: Collect_const_mem word_le_nat_alt unat_word_ariths)
|
by clarsimp unat_arith
|
||||||
|
|
||||||
have cond4:
|
have cond4:
|
||||||
"\<And>rva nodeCapb ret__unsigned_long.
|
"\<And>rva nodeCapb ret__unsigned_long.
|
||||||
|
|
|
@ -362,8 +362,8 @@ next
|
||||||
unat guardBits = capCNodeGuardSize cap;
|
unat guardBits = capCNodeGuardSize cap;
|
||||||
\<not> guard < capCNodeBits cap + capCNodeGuardSize cap \<rbrakk> \<Longrightarrow>
|
\<not> guard < capCNodeBits cap + capCNodeGuardSize cap \<rbrakk> \<Longrightarrow>
|
||||||
\<forall>s s'. (s, s') \<in> rf_sr \<and> True \<and> True \<longrightarrow>
|
\<forall>s s'. (s, s') \<in> rf_sr \<and> True \<and> True \<longrightarrow>
|
||||||
(guard = capCNodeBits cap + capCNodeGuardSize cap) = (s' \<in> \<lbrace>nb \<le> radixBits + guardBits\<rbrace>)"
|
(guard = capCNodeBits cap + capCNodeGuardSize cap) = (s' \<in> \<lbrace>nb = radixBits + guardBits\<rbrace>)"
|
||||||
by (simp add: Collect_const_mem word_le_nat_alt unat_word_ariths)
|
by clarsimp unat_arith
|
||||||
|
|
||||||
have cond4:
|
have cond4:
|
||||||
"\<And>rva nodeCapb ret__unsigned_long.
|
"\<And>rva nodeCapb ret__unsigned_long.
|
||||||
|
|
Loading…
Reference in New Issue