adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refine: remove duplicated lemmas 

Signed-off-by: Corey Lewis <Corey.Lewis@data61.csiro.au>
This commit is contained in:
Corey Lewis 2021-02-26 16:07:36 +11:00 committed by Corey Lewis
parent f6009f8531
commit 5323aad95a
21 changed files with 87 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
proof/crefine/ARM/ArchMove_C.thy
View File

@ -77,7 +77,7 @@ lemma setCTE_asidpool':
apply (simp add: updateObject_cte)
apply (clarsimp simp: updateObject_cte typeError_def magnitudeCheck_def in_monad
split: kernel_object.splits if_splits option.splits)
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1)
apply (clarsimp simp: ps_clear_upd lookupAround2_char1)
done
lemma empty_fail_findPDForASID[iff]:

2
proof/crefine/RISCV64/VSpace_C.thy
View File

@ -1599,7 +1599,7 @@ lemma setCTE_asidpool':
apply (simp add: updateObject_cte)
apply (clarsimp simp: updateObject_cte typeError_def magnitudeCheck_def in_monad
split: kernel_object.splits if_splits option.splits)
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1)
apply (clarsimp simp: ps_clear_upd lookupAround2_char1)
done
lemmas udpateCap_asidpool' = updateCap_ko_at_ap_inv'

2
proof/crefine/X64/VSpace_C.thy
View File

@ -2307,7 +2307,7 @@ lemma setCTE_asidpool':
apply (simp add: updateObject_cte)
apply (clarsimp simp: updateObject_cte typeError_def magnitudeCheck_def in_monad
split: kernel_object.splits if_splits option.splits)
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1)
apply (clarsimp simp: ps_clear_upd lookupAround2_char1)
done
(* FIXME: move *)

2
proof/refine/ARM/Arch_R.thy
View File

@ -1288,7 +1288,7 @@ lemma setTCB_pdpt_bits'[wp]:
setObject a (tcb::tcb)
\<lbrace>\<lambda>rv. ko_wp_at' (\<lambda>ko. P (vs_entry_align ko)) p\<rbrace>"
apply (clarsimp simp: setObject_def split_def valid_def in_monad
projectKOs pspace_aligned'_def ps_clear_upd'
projectKOs pspace_aligned'_def ps_clear_upd
objBits_def[symmetric] lookupAround2_char1
split: if_split_asm)
apply (frule pspace_storable_class.updateObject_type[where v = tcb,simplified])

2
proof/refine/ARM/CSpace1_R.thy
View File

@ -772,7 +772,7 @@ lemma setObject_cte_obj_at_tcb':
\<lbrace>\<lambda>_ s. P' (obj_at' P p s)\<rbrace>"
apply (clarsimp simp: setObject_def in_monad split_def
valid_def lookupAround2_char1
obj_at'_def ps_clear_upd' projectKOs
obj_at'_def ps_clear_upd projectKOs
split del: if_split)
apply (clarsimp elim!: rsubst[where P=P'])
apply (clarsimp simp: updateObject_cte in_monad objBits_simps

8
proof/refine/ARM/CSpace_R.thy
View File

@ -2527,10 +2527,10 @@ lemma setCTE_ko_wp_at_live[wp]:
elim!: rsubst[where P=P])
apply (drule(1) updateObject_cte_is_tcb_or_cte [OF _ refl, rotated])
apply (elim exE conjE disjE)
apply (clarsimp simp: ps_clear_upd' objBits_simps
apply (clarsimp simp: ps_clear_upd objBits_simps
lookupAround2_char1)
apply (simp add: tcb_cte_cases_def split: if_split_asm)
apply (clarsimp simp: ps_clear_upd' objBits_simps)
apply (clarsimp simp: ps_clear_upd objBits_simps)
done
lemma setCTE_iflive':
@ -2588,10 +2588,10 @@ lemma setCTE_ko_wp_at_not_live[wp]:
elim!: rsubst[where P=P])
apply (drule(1) updateObject_cte_is_tcb_or_cte [OF _ refl, rotated])
apply (elim exE conjE disjE)
apply (clarsimp simp: ps_clear_upd' objBits_simps
apply (clarsimp simp: ps_clear_upd objBits_simps
lookupAround2_char1)
apply (simp add: tcb_cte_cases_def split: if_split_asm)
apply (clarsimp simp: ps_clear_upd' objBits_simps)
apply (clarsimp simp: ps_clear_upd objBits_simps)
done
lemma setUntypedCapAsFull_ko_wp_not_at'[wp]:

4
proof/refine/ARM/IpcCancel_R.thy
View File

@ -2376,7 +2376,7 @@ lemma threadSet_not_tcb[wp]:
setObject_def in_monad loadObject_default_def
ko_wp_at'_def projectKOs split_def in_magnitude_check
objBits_simps' updateObject_default_def
ps_clear_upd' projectKO_opt_tcb)
ps_clear_upd projectKO_opt_tcb)
lemma setThreadState_not_tcb[wp]:
"\<lbrace>ko_wp_at' (\<lambda>x. P x \<and> (projectKO_opt x = (None :: tcb option))) p\<rbrace>
@ -2425,7 +2425,7 @@ lemma setObject_ko_wp_at':
by (clarsimp simp: setObject_def valid_def in_monad
ko_wp_at'_def x split_def n
updateObject_default_def
objBits_def[symmetric] ps_clear_upd'
objBits_def[symmetric] ps_clear_upd
in_magnitude_check v projectKOs)
lemma rescheduleRequired_unlive:

33
proof/refine/ARM/KHeap_R.thy
View File

@ -188,13 +188,6 @@ lemma updateObject_default_result:
"(x, s'') \<in> fst (updateObject_default e ko p q n s) \<Longrightarrow> x = injectKO e"
by (clarsimp simp add: updateObject_default_def in_monad)
lemma ps_clear_upd':
"ksPSpace s y = Some v \<Longrightarrow>
ps_clear x n (s' \<lparr> ksPSpace := ksPSpace s(y \<mapsto> v')\<rparr>) = ps_clear x n s"
by (rule iffI | clarsimp elim!: ps_clear_domE | fastforce)+
lemmas ps_clear_updE'[elim] = iffD2[OF ps_clear_upd', rotated]
lemma obj_at_setObject1:
assumes R: "\<And>(v::'a::pspace_storable) p q n ko s x s''.
(x, s'') \<in> fst (updateObject v ko p q n s) \<Longrightarrow> x = injectKO v"
@ -235,7 +228,7 @@ lemma obj_at_setObject2:
apply (clarsimp simp: lookupAround2_char1)
apply (drule iffD1 [OF project_koType, OF exI])
apply simp
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1)
apply (clarsimp simp: ps_clear_upd lookupAround2_char1)
done
lemma updateObject_ep_eta:
@ -261,11 +254,11 @@ lemma setObject_typ_at_inv:
"\<lbrace>typ_at' T p'\<rbrace> setObject p v \<lbrace>\<lambda>r. typ_at' T p'\<rbrace>"
apply (clarsimp simp: setObject_def split_def)
apply (clarsimp simp: valid_def typ_at'_def ko_wp_at'_def in_monad
lookupAround2_char1 ps_clear_upd')
lookupAround2_char1 ps_clear_upd)
apply (drule updateObject_type)
apply clarsimp
apply (drule objBits_type)
apply (simp add: ps_clear_upd')
apply (simp add: ps_clear_upd)
done
lemma setObject_typ_at_not:
@ -300,19 +293,19 @@ lemma setObject_cte_wp_at2':
apply (erule rsubst[where P=P'])
apply (rule iffI)
apply (erule disjEI)
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1 y)
apply (clarsimp simp: ps_clear_upd lookupAround2_char1 y)
apply (erule exEI [where 'a=word32])
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1)
apply (clarsimp simp: ps_clear_upd lookupAround2_char1)
apply (drule(1) x)
apply (clarsimp simp: lookupAround2_char1 prod_eqI)
apply (fastforce dest: bspec [OF _ ranI])
apply (erule disjEI)
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1
apply (clarsimp simp: ps_clear_upd lookupAround2_char1
split: if_split_asm)
apply (frule updateObject_type)
apply (case_tac ba, simp_all add: y)[1]
apply (erule exEI)
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1
apply (clarsimp simp: ps_clear_upd lookupAround2_char1
split: if_split_asm)
apply (frule updateObject_type)
apply (case_tac ba, simp_all)
@ -380,7 +373,7 @@ lemma obj_at_setObject3:
setObject_def split_def projectKOs
project_inject objBits_def[symmetric]
R updateObject_default_def
in_magnitude_check P ps_clear_upd')
in_magnitude_check P ps_clear_upd)
apply fastforce
done
@ -398,7 +391,7 @@ lemma setObject_tcb_strongest:
apply (simp add: setObject_def split_def)
apply (clarsimp simp: valid_def obj_at'_def split_def in_monad
updateObject_default_def projectKOs
ps_clear_upd')
ps_clear_upd)
done
lemma getObject_obj_at':
@ -509,7 +502,7 @@ lemma get_ntfn'_valid_ntfn[wp]:
lemma setObject_distinct[wp]:
shows "\<lbrace>pspace_distinct'\<rbrace> setObject p val \<lbrace>\<lambda>rv. pspace_distinct'\<rbrace>"
apply (clarsimp simp: setObject_def split_def valid_def in_monad
projectKOs pspace_distinct'_def ps_clear_upd'
projectKOs pspace_distinct'_def ps_clear_upd
objBits_def[symmetric] lookupAround2_char1
split: if_split_asm
dest!: updateObject_objBitsKO)
@ -520,7 +513,7 @@ lemma setObject_distinct[wp]:
lemma setObject_aligned[wp]:
shows "\<lbrace>pspace_aligned'\<rbrace> setObject p val \<lbrace>\<lambda>rv. pspace_aligned'\<rbrace>"
apply (clarsimp simp: setObject_def split_def valid_def in_monad
projectKOs pspace_aligned'_def ps_clear_upd'
projectKOs pspace_aligned'_def ps_clear_upd
objBits_def[symmetric] lookupAround2_char1
split: if_split_asm
dest!: updateObject_objBitsKO)
@ -1056,7 +1049,7 @@ lemma setObject_ko_wp_at:
elim!: rsubst[where P=P]
split del: if_split)
apply (rule iffI)
apply (clarsimp simp: n ps_clear_upd' objBits_def[symmetric]
apply (clarsimp simp: n ps_clear_upd objBits_def[symmetric]
split: if_split_asm)
apply (clarsimp simp: n project_inject objBits_def[symmetric]
ps_clear_upd
@ -1212,7 +1205,7 @@ lemma setObject_no_0_obj' [wp]:
"\<lbrace>no_0_obj'\<rbrace> setObject p v \<lbrace>\<lambda>r. no_0_obj'\<rbrace>"
apply (clarsimp simp: setObject_def split_def)
apply (clarsimp simp: valid_def no_0_obj'_def ko_wp_at'_def in_monad
lookupAround2_char1 ps_clear_upd')
lookupAround2_char1 ps_clear_upd)
done
lemma valid_updateCapDataI:

8
proof/refine/ARM/PageTableDuplicates.thy
View File

@ -15,7 +15,7 @@ lemma set_ep_valid_duplicate' [wp]:
setEndpoint ep v \<lbrace>\<lambda>rv s. vs_valid_duplicates' (ksPSpace s)\<rbrace>"
apply (simp add:setEndpoint_def)
apply (clarsimp simp: setObject_def split_def valid_def in_monad
projectKOs pspace_aligned'_def ps_clear_upd'
projectKOs pspace_aligned'_def ps_clear_upd
objBits_def[symmetric] lookupAround2_char1
split: if_split_asm)
apply (frule pspace_storable_class.updateObject_type[where v = v,simplified])
@ -33,7 +33,7 @@ lemma set_ntfn_valid_duplicate' [wp]:
setNotification ep v \<lbrace>\<lambda>rv s. vs_valid_duplicates' (ksPSpace s)\<rbrace>"
apply (simp add:setNotification_def)
apply (clarsimp simp: setObject_def split_def valid_def in_monad
projectKOs pspace_aligned'_def ps_clear_upd'
projectKOs pspace_aligned'_def ps_clear_upd
objBits_def[symmetric] lookupAround2_char1
split: if_split_asm)
apply (frule pspace_storable_class.updateObject_type[where v = v,simplified])
@ -51,7 +51,7 @@ lemma setCTE_valid_duplicates'[wp]:
setCTE p cte \<lbrace>\<lambda>rv s. vs_valid_duplicates' (ksPSpace s)\<rbrace>"
apply (simp add:setCTE_def)
apply (clarsimp simp: setObject_def split_def valid_def in_monad
projectKOs pspace_aligned'_def ps_clear_upd'
projectKOs pspace_aligned'_def ps_clear_upd
objBits_def[symmetric] lookupAround2_char1
split: if_split_asm)
apply (frule pspace_storable_class.updateObject_type[where v = cte,simplified])
@ -1420,7 +1420,7 @@ lemma set_asid_pool_valid_duplicates'[wp]:
setObject a (pool::asidpool)
\<lbrace>\<lambda>r s. vs_valid_duplicates' (ksPSpace s)\<rbrace>"
apply (clarsimp simp: setObject_def split_def valid_def in_monad
projectKOs pspace_aligned'_def ps_clear_upd'
projectKOs pspace_aligned'_def ps_clear_upd
objBits_def[symmetric] lookupAround2_char1
split: if_split_asm)
apply (frule pspace_storable_class.updateObject_type[where v = pool,simplified])

2
proof/refine/ARM/Syscall_R.thy
View File

@ -1178,7 +1178,7 @@ lemma setTCB_valid_duplicates'[wp]:
"\<lbrace>\<lambda>s. vs_valid_duplicates' (ksPSpace s)\<rbrace>
setObject a (tcb::tcb) \<lbrace>\<lambda>rv s. vs_valid_duplicates' (ksPSpace s)\<rbrace>"
apply (clarsimp simp: setObject_def split_def valid_def in_monad
projectKOs pspace_aligned'_def ps_clear_upd'
projectKOs pspace_aligned'_def ps_clear_upd
objBits_def[symmetric] lookupAround2_char1
split: if_split_asm)
apply (frule pspace_storable_class.updateObject_type[where v = tcb,simplified])

12
proof/refine/ARM/VSpace_R.thy
View File

@ -1848,10 +1848,10 @@ lemma setCTE_vs_entry_align[wp]:
elim!: rsubst[where P=P])
apply (drule(1) updateObject_cte_is_tcb_or_cte [OF _ refl, rotated])
apply (elim exE conjE disjE)
apply (clarsimp simp: ps_clear_upd' objBits_simps
apply (clarsimp simp: ps_clear_upd objBits_simps
lookupAround2_char1)
apply (simp add:vs_entry_align_def)
apply (clarsimp simp: ps_clear_upd' objBits_simps vs_entry_align_def)
apply (clarsimp simp: ps_clear_upd objBits_simps vs_entry_align_def)
done
lemma updateCap_vs_entry_align[wp]:
@ -2037,7 +2037,7 @@ lemma setCTE_valid_duplicates'[wp]:
setCTE p cte \<lbrace>\<lambda>rv s. vs_valid_duplicates' (ksPSpace s)\<rbrace>"
apply (simp add:setCTE_def)
apply (clarsimp simp: setObject_def split_def valid_def in_monad
projectKOs pspace_aligned'_def ps_clear_upd'
projectKOs pspace_aligned'_def ps_clear_upd
objBits_def[symmetric] lookupAround2_char1
split: if_split_asm)
apply (frule pspace_storable_class.updateObject_type[where v = cte,simplified])
@ -2801,7 +2801,7 @@ lemma storePDE_state_refs' [wp]:
apply (clarsimp simp: storePDE_def)
apply (clarsimp simp: setObject_def valid_def in_monad split_def
updateObject_default_def projectKOs objBits_simps
in_magnitude_check state_refs_of'_def ps_clear_upd'
in_magnitude_check state_refs_of'_def ps_clear_upd
elim!: rsubst[where P=P] intro!: ext
split del: if_split cong: option.case_cong if_cong)
apply (simp split: option.split)
@ -2988,7 +2988,7 @@ lemma storePTE_state_refs' [wp]:
apply (clarsimp simp: storePTE_def)
apply (clarsimp simp: setObject_def valid_def in_monad split_def
updateObject_default_def projectKOs objBits_simps
in_magnitude_check state_refs_of'_def ps_clear_upd'
in_magnitude_check state_refs_of'_def ps_clear_upd
elim!: rsubst[where P=P] intro!: ext
split del: if_split cong: option.case_cong if_cong)
apply (simp split: option.split)
@ -3179,7 +3179,7 @@ lemma setASIDPool_state_refs' [wp]:
"\<lbrace>\<lambda>s. P (state_refs_of' s)\<rbrace> setObject p (ap::asidpool) \<lbrace>\<lambda>rv s. P (state_refs_of' s)\<rbrace>"
apply (clarsimp simp: setObject_def valid_def in_monad split_def
updateObject_default_def projectKOs objBits_simps
in_magnitude_check state_refs_of'_def ps_clear_upd'
in_magnitude_check state_refs_of'_def ps_clear_upd
elim!: rsubst[where P=P] intro!: ext
split del: if_split cong: option.case_cong if_cong)
apply (simp split: option.split)

2
proof/refine/RISCV64/CSpace1_R.thy
View File

@ -792,7 +792,7 @@ lemma setObject_cte_obj_at_tcb':
\<lbrace>\<lambda>_ s. P' (obj_at' P p s)\<rbrace>"
apply (clarsimp simp: setObject_def in_monad split_def
valid_def lookupAround2_char1
obj_at'_def ps_clear_upd')
obj_at'_def ps_clear_upd)
apply (clarsimp elim!: rsubst[where P=P'])
apply (clarsimp simp: updateObject_cte in_monad objBits_simps
tcbCTableSlot_def tcbVTableSlot_def x

8
proof/refine/RISCV64/CSpace_R.thy
View File

@ -2525,10 +2525,10 @@ lemma setCTE_ko_wp_at_live[wp]:
elim!: rsubst[where P=P])
apply (drule(1) updateObject_cte_is_tcb_or_cte [OF _ refl, rotated])
apply (elim exE conjE disjE)
apply (clarsimp simp: ps_clear_upd' objBits_simps
apply (clarsimp simp: ps_clear_upd objBits_simps
lookupAround2_char1)
apply (simp add: tcb_cte_cases_def split: if_split_asm)
apply (clarsimp simp: ps_clear_upd' objBits_simps)
apply (clarsimp simp: ps_clear_upd objBits_simps)
done
lemma setCTE_iflive':
@ -2586,10 +2586,10 @@ lemma setCTE_ko_wp_at_not_live[wp]:
elim!: rsubst[where P=P])
apply (drule(1) updateObject_cte_is_tcb_or_cte [OF _ refl, rotated])
apply (elim exE conjE disjE)
apply (clarsimp simp: ps_clear_upd' objBits_simps
apply (clarsimp simp: ps_clear_upd objBits_simps
lookupAround2_char1)
apply (simp add: tcb_cte_cases_def split: if_split_asm)
apply (clarsimp simp: ps_clear_upd' objBits_simps)
apply (clarsimp simp: ps_clear_upd objBits_simps)
done
lemma setUntypedCapAsFull_ko_wp_not_at'[wp]:

4
proof/refine/RISCV64/IpcCancel_R.thy
View File

@ -2344,7 +2344,7 @@ lemma threadSet_not_tcb[wp]:
setObject_def in_monad loadObject_default_def
ko_wp_at'_def split_def in_magnitude_check
objBits_simps' updateObject_default_def
ps_clear_upd' projectKO_opt_tcb)
ps_clear_upd projectKO_opt_tcb)
lemma setThreadState_not_tcb[wp]:
"\<lbrace>ko_wp_at' (\<lambda>x. P x \<and> (projectKO_opt x = (None :: tcb option))) p\<rbrace>
@ -2393,7 +2393,7 @@ lemma setObject_ko_wp_at':
by (clarsimp simp: setObject_def valid_def in_monad
ko_wp_at'_def x split_def n
updateObject_default_def
objBits_def[symmetric] ps_clear_upd'
objBits_def[symmetric] ps_clear_upd
in_magnitude_check v)
lemma rescheduleRequired_unlive:

37
proof/refine/RISCV64/KHeap_R.thy
View File

@ -185,13 +185,6 @@ lemma updateObject_default_result:
"(x, s'') \<in> fst (updateObject_default e ko p q n s) \<Longrightarrow> x = injectKO e"
by (clarsimp simp add: updateObject_default_def in_monad)
lemma ps_clear_upd':
"ksPSpace s y = Some v \<Longrightarrow>
ps_clear x n (s' \<lparr> ksPSpace := ksPSpace s(y \<mapsto> v')\<rparr>) = ps_clear x n s"
by (rule iffI | clarsimp elim!: ps_clear_domE | fastforce)+
lemmas ps_clear_updE' = iffD2[OF ps_clear_upd', rotated]
lemma obj_at_setObject1:
assumes R: "\<And>(v::'a::pspace_storable) p q n ko s x s''.
(x, s'') \<in> fst (updateObject v ko p q n s) \<Longrightarrow> x = injectKO v"
@ -230,7 +223,7 @@ lemma obj_at_setObject2:
apply (clarsimp simp: lookupAround2_char1)
apply (drule iffD1 [OF project_koType, OF exI])
apply simp
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1)
apply (clarsimp simp: ps_clear_upd lookupAround2_char1)
done
lemma updateObject_ep_eta:
@ -256,11 +249,11 @@ lemma setObject_typ_at_inv:
"\<lbrace>typ_at' T p'\<rbrace> setObject p v \<lbrace>\<lambda>r. typ_at' T p'\<rbrace>"
apply (clarsimp simp: setObject_def split_def)
apply (clarsimp simp: valid_def typ_at'_def ko_wp_at'_def in_monad
lookupAround2_char1 ps_clear_upd')
lookupAround2_char1 ps_clear_upd)
apply (drule updateObject_type)
apply clarsimp
apply (drule objBits_type)
apply (simp add: ps_clear_upd')
apply (simp add: ps_clear_upd)
done
lemma setObject_typ_at_not:
@ -295,19 +288,19 @@ lemma setObject_cte_wp_at2':
apply (erule rsubst[where P=P'])
apply (rule iffI)
apply (erule disjEI)
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1 y)
apply (clarsimp simp: ps_clear_upd lookupAround2_char1 y)
apply (erule exEI [where 'a=machine_word])
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1)
apply (clarsimp simp: ps_clear_upd lookupAround2_char1)
apply (drule(1) x)
apply (clarsimp simp: lookupAround2_char1 prod_eqI)
apply (fastforce dest: bspec [OF _ ranI])
apply (erule disjEI)
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1
apply (clarsimp simp: ps_clear_upd lookupAround2_char1
split: if_split_asm)
apply (frule updateObject_type)
apply (case_tac ba, simp_all add: y)[1]
apply (erule exEI)
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1
apply (clarsimp simp: ps_clear_upd lookupAround2_char1
split: if_split_asm)
apply (frule updateObject_type)
apply (case_tac ba, simp_all)
@ -379,7 +372,7 @@ lemma obj_at_setObject3:
shows "\<lbrace>(\<lambda>s. P v)\<rbrace> setObject p v \<lbrace>\<lambda>rv. obj_at' P p\<rbrace>"
apply (clarsimp simp add: valid_def in_monad obj_at'_def
setObject_def split_def project_inject objBits_def[symmetric]
R updateObject_default_def in_magnitude_check P ps_clear_upd')
R updateObject_default_def in_magnitude_check P ps_clear_upd)
apply fastforce
done
@ -396,7 +389,7 @@ lemma setObject_tcb_strongest:
apply simp
apply (simp add: setObject_def split_def)
apply (clarsimp simp: valid_def obj_at'_def split_def in_monad
updateObject_default_def ps_clear_upd')
updateObject_default_def ps_clear_upd)
done
lemma getObject_obj_at':
@ -505,7 +498,7 @@ lemma get_ntfn'_valid_ntfn[wp]:
lemma setObject_distinct[wp]:
shows "\<lbrace>pspace_distinct'\<rbrace> setObject p val \<lbrace>\<lambda>rv. pspace_distinct'\<rbrace>"
apply (clarsimp simp: setObject_def split_def valid_def in_monad lookupAround2_char1
pspace_distinct'_def ps_clear_upd' objBits_def[symmetric]
pspace_distinct'_def ps_clear_upd objBits_def[symmetric]
split: if_split_asm
dest!: updateObject_objBitsKO)
apply (fastforce dest: bspec[OF _ domI])
@ -515,7 +508,7 @@ lemma setObject_distinct[wp]:
lemma setObject_aligned[wp]:
shows "\<lbrace>pspace_aligned'\<rbrace> setObject p val \<lbrace>\<lambda>rv. pspace_aligned'\<rbrace>"
apply (clarsimp simp: setObject_def split_def valid_def in_monad lookupAround2_char1
pspace_aligned'_def ps_clear_upd' objBits_def[symmetric]
pspace_aligned'_def ps_clear_upd objBits_def[symmetric]
split: if_split_asm
dest!: updateObject_objBitsKO)
apply (fastforce dest: bspec[OF _ domI])
@ -525,7 +518,7 @@ lemma setObject_aligned[wp]:
lemma setObject_canonical[wp]:
shows "\<lbrace>pspace_canonical'\<rbrace> setObject p val \<lbrace>\<lambda>rv. pspace_canonical'\<rbrace>"
apply (clarsimp simp: setObject_def split_def valid_def in_monad lookupAround2_char1
pspace_canonical'_def ps_clear_upd' objBits_def[symmetric]
pspace_canonical'_def ps_clear_upd objBits_def[symmetric]
split: if_split_asm
dest!: updateObject_objBitsKO)
apply (fastforce dest: bspec[OF _ domI])
@ -535,7 +528,7 @@ lemma setObject_canonical[wp]:
lemma setObject_in_kernel_mappings[wp]:
shows "\<lbrace>pspace_in_kernel_mappings'\<rbrace> setObject p val \<lbrace>\<lambda>rv. pspace_in_kernel_mappings'\<rbrace>"
apply (clarsimp simp: setObject_def split_def valid_def in_monad lookupAround2_char1
pspace_in_kernel_mappings'_def ps_clear_upd' objBits_def[symmetric]
pspace_in_kernel_mappings'_def ps_clear_upd objBits_def[symmetric]
split: if_split_asm
dest!: updateObject_objBitsKO)
apply (fastforce dest: bspec[OF _ domI])
@ -1076,7 +1069,7 @@ lemma setObject_ko_wp_at:
elim!: rsubst[where P=P]
split del: if_split)
apply (rule iffI)
apply (clarsimp simp: n ps_clear_upd' objBits_def[symmetric]
apply (clarsimp simp: n ps_clear_upd objBits_def[symmetric]
split: if_split_asm)
apply (clarsimp simp: n project_inject objBits_def[symmetric]
ps_clear_upd
@ -1229,7 +1222,7 @@ lemma setObject_no_0_obj' [wp]:
"\<lbrace>no_0_obj'\<rbrace> setObject p v \<lbrace>\<lambda>r. no_0_obj'\<rbrace>"
apply (clarsimp simp: setObject_def split_def)
apply (clarsimp simp: valid_def no_0_obj'_def ko_wp_at'_def in_monad
lookupAround2_char1 ps_clear_upd')
lookupAround2_char1 ps_clear_upd)
done
lemma valid_updateCapDataI:

6
proof/refine/RISCV64/VSpace_R.thy
View File

@ -1084,7 +1084,7 @@ lemma setASIDPool_state_refs' [wp]:
"\<lbrace>\<lambda>s. P (state_refs_of' s)\<rbrace> setObject p (ap::asidpool) \<lbrace>\<lambda>rv s. P (state_refs_of' s)\<rbrace>"
apply (clarsimp simp: setObject_def valid_def in_monad split_def
updateObject_default_def objBits_simps
in_magnitude_check state_refs_of'_def ps_clear_upd'
in_magnitude_check state_refs_of'_def ps_clear_upd
elim!: rsubst[where P=P] intro!: ext
split del: if_split cong: option.case_cong if_cong)
apply (simp split: option.split)
@ -1259,7 +1259,7 @@ lemma setObject_cte_obj_at_ap':
\<lbrace>\<lambda>_ s. P' (obj_at' P p s)\<rbrace>"
apply (clarsimp simp: setObject_def in_monad split_def
valid_def lookupAround2_char1
obj_at'_def ps_clear_upd'
obj_at'_def ps_clear_upd
split del: if_split)
apply (clarsimp elim!: rsubst[where P=P'])
apply (clarsimp simp: updateObject_cte in_monad objBits_simps
@ -1278,7 +1278,7 @@ lemma storePTE_asid_pool_obj_at'[wp]:
apply (simp add: storePTE_def)
apply (clarsimp simp: setObject_def in_monad split_def
valid_def lookupAround2_char1
obj_at'_def ps_clear_upd'
obj_at'_def ps_clear_upd
split del: if_split)
apply (clarsimp elim!: rsubst[where P=P])
apply (clarsimp simp: updateObject_default_def in_monad)

2
proof/refine/X64/CSpace1_R.thy
View File

@ -795,7 +795,7 @@ lemma setObject_cte_obj_at_tcb':
\<lbrace>\<lambda>_ s. P' (obj_at' P p s)\<rbrace>"
apply (clarsimp simp: setObject_def in_monad split_def
valid_def lookupAround2_char1
obj_at'_def ps_clear_upd' projectKOs
obj_at'_def ps_clear_upd projectKOs
split del: if_split)
apply (clarsimp elim!: rsubst[where P=P'])
apply (clarsimp simp: updateObject_cte in_monad objBits_simps

8
proof/refine/X64/CSpace_R.thy
View File

@ -2626,10 +2626,10 @@ lemma setCTE_ko_wp_at_live[wp]:
elim!: rsubst[where P=P])
apply (drule(1) updateObject_cte_is_tcb_or_cte [OF _ refl, rotated])
apply (elim exE conjE disjE)
apply (clarsimp simp: ps_clear_upd' objBits_simps
apply (clarsimp simp: ps_clear_upd objBits_simps
lookupAround2_char1)
apply (simp add: tcb_cte_cases_def split: if_split_asm)
apply (clarsimp simp: ps_clear_upd' objBits_simps)
apply (clarsimp simp: ps_clear_upd objBits_simps)
done
lemma setCTE_iflive':
@ -2687,10 +2687,10 @@ lemma setCTE_ko_wp_at_not_live[wp]:
elim!: rsubst[where P=P])
apply (drule(1) updateObject_cte_is_tcb_or_cte [OF _ refl, rotated])
apply (elim exE conjE disjE)
apply (clarsimp simp: ps_clear_upd' objBits_simps
apply (clarsimp simp: ps_clear_upd objBits_simps
lookupAround2_char1)
apply (simp add: tcb_cte_cases_def split: if_split_asm)
apply (clarsimp simp: ps_clear_upd' objBits_simps)
apply (clarsimp simp: ps_clear_upd objBits_simps)
done
lemma setUntypedCapAsFull_ko_wp_not_at'[wp]:

4
proof/refine/X64/IpcCancel_R.thy
View File

@ -2427,7 +2427,7 @@ lemma threadSet_not_tcb[wp]:
setObject_def in_monad loadObject_default_def
ko_wp_at'_def projectKOs split_def in_magnitude_check
objBits_simps' updateObject_default_def
ps_clear_upd' projectKO_opt_tcb)
ps_clear_upd projectKO_opt_tcb)
lemma setThreadState_not_tcb[wp]:
"\<lbrace>ko_wp_at' (\<lambda>x. P x \<and> (projectKO_opt x = (None :: tcb option))) p\<rbrace>
@ -2476,7 +2476,7 @@ lemma setObject_ko_wp_at':
by (clarsimp simp: setObject_def valid_def in_monad
ko_wp_at'_def x split_def n
updateObject_default_def
objBits_def[symmetric] ps_clear_upd'
objBits_def[symmetric] ps_clear_upd
in_magnitude_check v projectKOs)
lemma rescheduleRequired_unlive:

37
proof/refine/X64/KHeap_R.thy
View File

@ -190,13 +190,6 @@ lemma updateObject_default_result:
"(x, s'') \<in> fst (updateObject_default e ko p q n s) \<Longrightarrow> x = injectKO e"
by (clarsimp simp add: updateObject_default_def in_monad)
lemma ps_clear_upd':
"ksPSpace s y = Some v \<Longrightarrow>
ps_clear x n (s' \<lparr> ksPSpace := ksPSpace s(y \<mapsto> v')\<rparr>) = ps_clear x n s"
by (rule iffI | clarsimp elim!: ps_clear_domE | fastforce)+
lemmas ps_clear_updE'[elim] = iffD2[OF ps_clear_upd', rotated]
lemma obj_at_setObject1:
assumes R: "\<And>(v::'a::pspace_storable) p q n ko s x s''.
(x, s'') \<in> fst (updateObject v ko p q n s) \<Longrightarrow> x = injectKO v"
@ -237,7 +230,7 @@ lemma obj_at_setObject2:
apply (clarsimp simp: lookupAround2_char1)
apply (drule iffD1 [OF project_koType, OF exI])
apply simp
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1)
apply (clarsimp simp: ps_clear_upd lookupAround2_char1)
done
lemma updateObject_ep_eta:
@ -263,11 +256,11 @@ lemma setObject_typ_at_inv:
"\<lbrace>typ_at' T p'\<rbrace> setObject p v \<lbrace>\<lambda>r. typ_at' T p'\<rbrace>"
apply (clarsimp simp: setObject_def split_def)
apply (clarsimp simp: valid_def typ_at'_def ko_wp_at'_def in_monad
lookupAround2_char1 ps_clear_upd')
lookupAround2_char1 ps_clear_upd)
apply (drule updateObject_type)
apply clarsimp
apply (drule objBits_type)
apply (simp add: ps_clear_upd')
apply (simp add: ps_clear_upd)
done
lemma setObject_typ_at_not:
@ -302,19 +295,19 @@ lemma setObject_cte_wp_at2':
apply (erule rsubst[where P=P'])
apply (rule iffI)
apply (erule disjEI)
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1 y)
apply (clarsimp simp: ps_clear_upd lookupAround2_char1 y)
apply (erule exEI [where 'a=machine_word])
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1)
apply (clarsimp simp: ps_clear_upd lookupAround2_char1)
apply (drule(1) x)
apply (clarsimp simp: lookupAround2_char1 prod_eqI)
apply (fastforce dest: bspec [OF _ ranI])
apply (erule disjEI)
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1
apply (clarsimp simp: ps_clear_upd lookupAround2_char1
split: if_split_asm)
apply (frule updateObject_type)
apply (case_tac ba, simp_all add: y)[1]
apply (erule exEI)
apply (clarsimp simp: ps_clear_upd' lookupAround2_char1
apply (clarsimp simp: ps_clear_upd lookupAround2_char1
split: if_split_asm)
apply (frule updateObject_type)
apply (case_tac ba, simp_all)
@ -391,7 +384,7 @@ lemma obj_at_setObject3:
setObject_def split_def projectKOs
project_inject objBits_def[symmetric]
R updateObject_default_def
in_magnitude_check P ps_clear_upd')
in_magnitude_check P ps_clear_upd)
apply fastforce
done
@ -409,7 +402,7 @@ lemma setObject_tcb_strongest:
apply (simp add: setObject_def split_def)
apply (clarsimp simp: valid_def obj_at'_def split_def in_monad
updateObject_default_def projectKOs
ps_clear_upd')
ps_clear_upd)
done
lemma getObject_obj_at':
@ -518,7 +511,7 @@ lemma get_ntfn'_valid_ntfn[wp]:
lemma setObject_distinct[wp]:
shows "\<lbrace>pspace_distinct'\<rbrace> setObject p val \<lbrace>\<lambda>rv. pspace_distinct'\<rbrace>"
apply (clarsimp simp: setObject_def split_def valid_def in_monad
projectKOs pspace_distinct'_def ps_clear_upd'
projectKOs pspace_distinct'_def ps_clear_upd
objBits_def[symmetric] lookupAround2_char1
split: if_split_asm
dest!: updateObject_objBitsKO)
@ -529,7 +522,7 @@ lemma setObject_distinct[wp]:
lemma setObject_aligned[wp]:
shows "\<lbrace>pspace_aligned'\<rbrace> setObject p val \<lbrace>\<lambda>rv. pspace_aligned'\<rbrace>"
apply (clarsimp simp: setObject_def split_def valid_def in_monad
projectKOs pspace_aligned'_def ps_clear_upd'
projectKOs pspace_aligned'_def ps_clear_upd
objBits_def[symmetric] lookupAround2_char1
split: if_split_asm
dest!: updateObject_objBitsKO)
@ -540,7 +533,7 @@ lemma setObject_aligned[wp]:
lemma setObject_canonical[wp]:
shows "\<lbrace>pspace_canonical'\<rbrace> setObject p val \<lbrace>\<lambda>rv. pspace_canonical'\<rbrace>"
apply (clarsimp simp: setObject_def split_def valid_def in_monad
projectKOs pspace_canonical'_def ps_clear_upd'
projectKOs pspace_canonical'_def ps_clear_upd
objBits_def[symmetric] lookupAround2_char1
split: if_split_asm
dest!: updateObject_objBitsKO)
@ -551,7 +544,7 @@ lemma setObject_canonical[wp]:
lemma setObject_in_kernel_mappings[wp]:
shows "\<lbrace>pspace_in_kernel_mappings'\<rbrace> setObject p val \<lbrace>\<lambda>rv. pspace_in_kernel_mappings'\<rbrace>"
apply (clarsimp simp: setObject_def split_def valid_def in_monad
projectKOs pspace_in_kernel_mappings'_def ps_clear_upd'
projectKOs pspace_in_kernel_mappings'_def ps_clear_upd
objBits_def[symmetric] lookupAround2_char1
split: if_split_asm
dest!: updateObject_objBitsKO)
@ -1109,7 +1102,7 @@ lemma setObject_ko_wp_at:
elim!: rsubst[where P=P]
split del: if_split)
apply (rule iffI)
apply (clarsimp simp: n ps_clear_upd' objBits_def[symmetric]
apply (clarsimp simp: n ps_clear_upd objBits_def[symmetric]
split: if_split_asm)
apply (clarsimp simp: n project_inject objBits_def[symmetric]
ps_clear_upd
@ -1265,7 +1258,7 @@ lemma setObject_no_0_obj' [wp]:
"\<lbrace>no_0_obj'\<rbrace> setObject p v \<lbrace>\<lambda>r. no_0_obj'\<rbrace>"
apply (clarsimp simp: setObject_def split_def)
apply (clarsimp simp: valid_def no_0_obj'_def ko_wp_at'_def in_monad
lookupAround2_char1 ps_clear_upd')
lookupAround2_char1 ps_clear_upd)
done
lemma valid_updateCapDataI:

10
proof/refine/X64/VSpace_R.thy
View File

@ -1749,7 +1749,7 @@ lemma storePDE_state_refs' [wp]:
apply (clarsimp simp: storePDE_def)
apply (clarsimp simp: setObject_def valid_def in_monad split_def
updateObject_default_def projectKOs objBits_simps
in_magnitude_check state_refs_of'_def ps_clear_upd'
in_magnitude_check state_refs_of'_def ps_clear_upd
elim!: rsubst[where P=P] intro!: ext
split del: if_split cong: option.case_cong if_cong)
apply (simp split: option.split)
@ -1777,7 +1777,7 @@ lemma storePDPTE_state_refs' [wp]:
apply (clarsimp simp: storePDPTE_def)
apply (clarsimp simp: setObject_def valid_def in_monad split_def
updateObject_default_def projectKOs objBits_simps
in_magnitude_check state_refs_of'_def ps_clear_upd'
in_magnitude_check state_refs_of'_def ps_clear_upd
elim!: rsubst[where P=P] intro!: ext
split del: if_split cong: option.case_cong if_cong)
apply (simp split: option.split)
@ -1805,7 +1805,7 @@ lemma storePML4E_state_refs' [wp]:
apply (clarsimp simp: storePML4E_def)
apply (clarsimp simp: setObject_def valid_def in_monad split_def
updateObject_default_def projectKOs objBits_simps
in_magnitude_check state_refs_of'_def ps_clear_upd'
in_magnitude_check state_refs_of'_def ps_clear_upd
elim!: rsubst[where P=P] intro!: ext
split del: if_split cong: option.case_cong if_cong)
apply (simp split: option.split)
@ -2340,7 +2340,7 @@ lemma setASIDPool_state_refs' [wp]:
"\<lbrace>\<lambda>s. P (state_refs_of' s)\<rbrace> setObject p (ap::asidpool) \<lbrace>\<lambda>rv s. P (state_refs_of' s)\<rbrace>"
apply (clarsimp simp: setObject_def valid_def in_monad split_def
updateObject_default_def projectKOs objBits_simps
in_magnitude_check state_refs_of'_def ps_clear_upd'
in_magnitude_check state_refs_of'_def ps_clear_upd
elim!: rsubst[where P=P] intro!: ext
split del: if_split cong: option.case_cong if_cong)
apply (simp split: option.split)
@ -2625,7 +2625,7 @@ lemma setObject_cte_obj_at_ap':
\<lbrace>\<lambda>_ s. P' (obj_at' P p s)\<rbrace>"
apply (clarsimp simp: setObject_def in_monad split_def
valid_def lookupAround2_char1
obj_at'_def ps_clear_upd' projectKOs
obj_at'_def ps_clear_upd projectKOs
split del: if_split)
apply (clarsimp elim!: rsubst[where P=P'])
apply (clarsimp simp: updateObject_cte in_monad objBits_simps