proof: update for crunch changes

proof/access-control/Syscall_AC.thy

@@ -1159,7 +1159,7 @@ crunch cur_thread[wp]: handle_event "\<lambda>s. P (cur_thread s)"
 
 crunches ethread_set, timer_tick, possible_switch_to, handle_interrupt
   for pas_cur_domain[wp]: "pas_cur_domain pas"
-  (wp: crunch_wps simp: crunch_simps)
+  (wp: crunch_wps simp: crunch_simps ignore_del: ethread_set timer_tick possible_switch_to)
 
 lemma dxo_idle_thread[wp]:
   "\<lbrace>\<lambda>s. P (idle_thread s) \<rbrace> do_extended_op f \<lbrace>\<lambda>_ s. P (idle_thread s)\<rbrace>"
@@ -1194,8 +1194,8 @@ crunch cur_domain[wp]:
   set_domain, invoke_domain, cap_move_ext, timer_tick,
   cap_move, cancel_badged_sends, possible_switch_to
   "\<lambda>s. P (cur_domain s)"
-  (wp: crunch_wps simp: crunch_simps filterM_mapM
-   rule: transfer_caps_loop_pres)
+  (wp: crunch_wps simp: crunch_simps filterM_mapM rule: transfer_caps_loop_pres
+   ignore_del: ethread_set set_priority set_domain cap_move_ext timer_tick possible_switch_to)
 
 lemma invoke_cnode_cur_domain[wp]: "\<lbrace>\<lambda>s. P (cur_domain s)\<rbrace> invoke_cnode a \<lbrace>\<lambda>r s. P (cur_domain s)\<rbrace>"
   apply (simp add: invoke_cnode_def)

proof/crefine/ARM/Invoke_C.thy

@@ -1428,7 +1428,7 @@ lemma deleteObjects_gsCNodes_at_pt:
 
 crunch gsCNodes[wp]: setThreadState, updateFreeIndex,
     preemptionPoint "\<lambda>s. P (gsCNodes s)"
-  (simp: unless_def whenE_def)
+  (simp: unless_def whenE_def ignore_del: preemptionPoint)
 
 lemma resetUntypedCap_gsCNodes_at_pt:
   "\<lbrace>(\<lambda>s. P (gsCNodes s ptr))

proof/crefine/ARM_HYP/Invoke_C.thy

@@ -1454,7 +1454,7 @@ lemma deleteObjects_gsCNodes_at_pt:
 
 crunch gsCNodes[wp]: setThreadState, updateFreeIndex,
     preemptionPoint "\<lambda>s. P (gsCNodes s)"
-  (simp: unless_def whenE_def)
+  (simp: unless_def whenE_def ignore_del: preemptionPoint)
 
 lemma resetUntypedCap_gsCNodes_at_pt:
   "\<lbrace>(\<lambda>s. P (gsCNodes s ptr))

proof/crefine/X64/Invoke_C.thy

@@ -1444,7 +1444,7 @@ lemma deleteObjects_gsCNodes_at_pt:
 
 crunch gsCNodes[wp]: setThreadState, updateFreeIndex,
     preemptionPoint "\<lambda>s. P (gsCNodes s)"
-  (simp: unless_def whenE_def)
+  (simp: unless_def whenE_def ignore_del: preemptionPoint)
 
 lemma resetUntypedCap_gsCNodes_at_pt:
   "\<lbrace>(\<lambda>s. P (gsCNodes s ptr))

proof/drefine/Ipc_DR.thy

@@ -471,8 +471,9 @@ lemma block_thread_on_ntfn_recv_corres:
 lemma corres_ignore_ret_lhs: "dcorres rv P P' (do f;g od) f' \<Longrightarrow> dcorres rv P P' (do a\<leftarrow>f;g od) f'"
  by (clarsimp simp:corres_underlying_def)
 
-crunch not_idle[wp]: set_thread_state "not_idle_thread y :: 'a::state_ext state \<Rightarrow> bool"
-(simp: not_idle_thread_def get_object_def wp: dxo_wp_weak)
+crunches set_thread_state, set_object
+  for not_idle[wp]: "not_idle_thread y :: 'a::state_ext state \<Rightarrow> bool"
+  (simp: not_idle_thread_def get_object_def wp: dxo_wp_weak)
 
 lemma set_scheduler_action_dcorres:
   "dcorres dc P P' (return ()) (set_scheduler_action sa)"

proof/drefine/Tcb_DR.thy

@@ -589,8 +589,9 @@ lemma restart_corres:
   apply (fastforce simp:opt_cap_tcb not_idle_thread_def)
   done
 
-crunch no_effect [wp]: get_thread P
-crunch no_effect [wp]: getRegister P
+crunches get_thread, getRegister
+  for inv [wp]: P
+  (ignore_del: getRegister)
 
 (* Read the registers of another thread. *)
 lemma invoke_tcb_corres_read_regs:

proof/infoflow/FinalCaps.thy

@@ -1902,12 +1902,12 @@ lemma cap_delete_silc_inv_not_transferable:
   done
 
 crunch_ignore (valid) (add: getActiveIRQ)
-crunch silc_inv[wp]: preemption_point "silc_inv aag st"
-  (ignore: wrap_ext_bool OR_choiceE simp: OR_choiceE_def crunch_simps wp: crunch_wps)
 crunch tcb_domain_map_wellformed[wp]: update_work_units, reset_work_units
                                       "tcb_domain_map_wellformed aag"
-crunch pas_refined[wp]: preemption_point "pas_refined aag"
-  (ignore: wrap_ext_bool OR_choiceE simp: OR_choiceE_def crunch_simps wp: crunch_wps)
+crunches preemption_point
+  for silc_inv[wp]: "silc_inv aag st"
+  and pas_refined[wp]: "pas_refined aag"
+  (wp: crunch_wps OR_choiceE_weak_wp ignore_del: preemption_point)
 
 lemma cap_revoke_silc_inv':
   notes drop_spec_valid[wp_split del] drop_spec_validE[wp_split del]

proof/infoflow/Finalise_IF.thy

@@ -98,6 +98,7 @@ lemma scheduler_action_states_equiv[simp]:
   done
 
 crunch states_equiv[wp]: set_thread_state_ext "states_equiv_for P Q R S st"
+  (ignore_del: set_thread_state_ext)
 
 lemma set_scheduler_action_reads_respects[wp]:
   "reads_respects aag l \<top> (set_scheduler_action action)"
@@ -1681,6 +1682,7 @@ lemma set_irq_state_valid_global_objs:
   done
 
 crunch device_state_invs[wp]: maskInterrupt "\<lambda> ms. P (device_state ms)"
+  (ignore_del: maskInterrupt)
 
 lemma set_irq_state_globals_equiv:
   "invariant (set_irq_state state irq) (globals_equiv st)"

proof/infoflow/Ipc_IF.thy

@@ -2351,7 +2351,7 @@ lemma cancel_ipc_blocked_globals_equiv:
 
 crunch globals_equiv[wp]: possible_switch_to "globals_equiv (st :: det_ext state)"
   (wp: tcb_sched_action_extended.globals_equiv reschedule_required_ext_extended.globals_equiv
-       crunch_wps)
+   ignore_del: possible_switch_to)
 
 lemma send_signal_globals_equiv:
   "\<lbrace>globals_equiv (s :: det_ext state) and valid_objs and valid_arch_state

proof/infoflow/PasUpdates.thy

@@ -42,9 +42,11 @@ crunch domain_fields[wp]: retype_region_ext,create_cap_ext,cap_insert_ext,ethrea
                           finalise_cap,cap_move,cap_swap,cap_delete,cancel_badged_sends,
                           cap_insert
                           "domain_fields P"
-  (   wp: syscall_valid select_wp crunch_wps rec_del_preservation cap_revoke_preservation modify_wp
-    simp: crunch_simps check_cap_at_def filterM_mapM unless_def
-  ignore: without_preemption filterM rec_del check_cap_at cap_revoke)
+  (    wp: syscall_valid select_wp crunch_wps rec_del_preservation cap_revoke_preservation modify_wp
+     simp: crunch_simps check_cap_at_def filterM_mapM unless_def
+   ignore: without_preemption filterM rec_del check_cap_at cap_revoke
+   ignore_del: retype_region_ext create_cap_ext cap_insert_ext ethread_set cap_move_ext
+               empty_slot_ext cap_swap_ext set_thread_state_ext tcb_sched_action reschedule_required)
 
 lemma cap_revoke_domain_fields[wp]:"\<lbrace>domain_fields P\<rbrace> cap_revoke a \<lbrace>\<lambda>_. domain_fields P\<rbrace>"
   by (rule cap_revoke_preservation2; wp)
@@ -61,6 +63,7 @@ crunch domain_fields[wp]:
   (wp: syscall_valid crunch_wps mapME_x_inv_wp
    simp: crunch_simps check_cap_at_def detype_def detype_ext_def mapM_x_defsym
    ignore: check_cap_at syscall
+   ignore_del: set_domain set_priority possible_switch_to
    rule: transfer_caps_loop_pres)
 
 section \<open>PAS wellformedness property for non-interference\<close>

proof/infoflow/Retype_IF.thy

@@ -204,7 +204,8 @@ lemma dmo_cleanCacheRange_PoU_reads_respects:
   by(wp dmo_cacheRangeOp_reads_respects dmo_mol_reads_respects | simp add: cleanByVA_PoU_def)+
 
 crunch irq_state[wp]: clearMemory "\<lambda>s. P (irq_state s)"
-  (wp: crunch_wps simp: crunch_simps storeWord_def cleanByVA_PoU_def ignore: cacheRangeOp)
+  (wp: crunch_wps simp: crunch_simps storeWord_def cleanByVA_PoU_def
+   ignore_del: clearMemory)
 
 lemma dmo_clearMemory_reads_respects:
   "reads_respects aag l \<top> (do_machine_op (clearMemory ptr bits))"

proof/infoflow/Scheduler_IF.thy

@@ -290,6 +290,7 @@ lemma silc_dom_equiv_scheduler_action_update[simp]:
   by (simp add: silc_dom_equiv_def equiv_for_def)
 
 crunch silc_dom_equiv[wp]: set_scheduler_action "silc_dom_equiv aag st"
+  (ignore_del: set_scheduler_action)
 
 lemma schedule_globals_frame_trans_state_upd[simp]:
   "scheduler_globals_frame_equiv st (trans_state f s) = scheduler_globals_frame_equiv st s"

proof/invariant-abstract/ARM/ArchAcc_AI.thy

@@ -3276,16 +3276,12 @@ lemma machine_op_lift_device_state[wp]:
                      select_def ignore_failure_def select_f_def
               split: if_splits)
 
-crunch device_state_inv[wp]: invalidateLocalTLB_ASID "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: invalidateLocalTLB_VAASID "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: setHardwareASID "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: isb "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: dsb "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: set_current_pd "\<lambda>ms. P (device_state ms)"
-  (simp: writeTTBR0_def)
-crunch device_state_inv[wp]: storeWord "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: cleanByVA_PoU "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: cleanL2Range "\<lambda>ms. P (device_state ms)"
+crunches invalidateLocalTLB_ASID, invalidateLocalTLB_VAASID, setHardwareASID, isb, dsb,
+         set_current_pd, storeWord, cleanByVA_PoU, cleanL2Range
+  for device_state_inv[wp]: "\<lambda>ms. P (device_state ms)"
+  (simp: writeTTBR0_def
+   ignore_del: invalidateLocalTLB_ASID invalidateLocalTLB_VAASID setHardwareASID isb
+               dsb storeWord cleanByVA_PoU cleanL2Range)
 
 lemma as_user_inv:
   assumes x: "\<And>P. \<lbrace>P\<rbrace> f \<lbrace>\<lambda>x. P\<rbrace>"

proof/invariant-abstract/ARM/ArchEmptyFail_AI.thy

@@ -165,7 +165,7 @@ crunch (empty_fail) empty_fail[wp, EmptyFail_AI_assms]: possible_switch_to, hand
          page_table_invocation.splits page_invocation.splits asid_control_invocation.splits
          asid_pool_invocation.splits arch_invocation.splits irq_state.splits syscall.splits
          flush_type.splits page_directory_invocation.splits
-   ignore: resetTimer_impl ackInterrupt_impl)
+   ignore: resetTimer_impl ackInterrupt_impl ignore_del: possible_switch_to)
 end
 
 global_interpretation EmptyFail_AI_call_kernel_unit?: EmptyFail_AI_call_kernel_unit

proof/invariant-abstract/ARM/ArchKHeap_AI.thy

@@ -797,6 +797,7 @@ lemma cap_is_device_obj_is_device[simp]:
          split: apiobject_type.splits aobject_type.splits)
 
 crunch device_state_inv: storeWord "\<lambda>ms. P (device_state ms)"
+  (ignore_del: storeWord)
 
 (* some hyp_ref invariants *)
 

proof/invariant-abstract/ARM/ArchRetype_AI.thy

@@ -144,7 +144,7 @@ lemmas init_arch_objects_valid_cap[wp] = valid_cap_typ [OF init_arch_objects_typ
 lemmas init_arch_objects_cap_table[wp] = cap_table_at_lift_valid [OF init_arch_objects_typ_at]
 
 crunch device_state_inv[wp]: clearMemory "\<lambda>ms. P (device_state ms)"
-  (wp: mapM_x_wp)
+  (wp: mapM_x_wp ignore_del: clearMemory)
 
 crunch pspace_respects_device_region[wp]: reserve_region pspace_respects_device_region
 crunch cap_refs_respects_device_region[wp]: reserve_region cap_refs_respects_device_region
@@ -1313,11 +1313,11 @@ lemma invs_irq_state_independent:
       swp_def valid_irq_states_def)
 
 crunch irq_masks_inv[wp]: cleanByVA_PoU, storeWord, clearMemory "\<lambda>s. P (irq_masks s)"
-  (ignore: cacheRangeOp wp: crunch_wps)
+  (wp: crunch_wps ignore_del: cleanByVA_PoU storeWord clearMemory)
 
-crunch underlying_mem_0[wp]: cleanByVA_PoU, clearMemory
+crunch underlying_mem_0[wp]: clearMemory
     "\<lambda>s. underlying_memory s p = 0"
-  (ignore: cacheRangeOp wp: crunch_wps storeWord_um_eq_0)
+  (wp: crunch_wps storeWord_um_eq_0 ignore_del: clearMemory)
 
 lemma clearMemory_invs:
   "\<lbrace>invs\<rbrace> do_machine_op (clearMemory w sz) \<lbrace>\<lambda>_. invs\<rbrace>"

proof/invariant-abstract/ARM/ArchVSpace_AI.thy

@@ -578,6 +578,7 @@ lemma clean_D_PoU_underlying_memory[wp]:
 crunches dsb, invalidate_I_PoU, clean_D_PoU, cleanCaches_PoU
   for device_state_inv[wp]: "\<lambda>ms. P (device_state ms)"
   and underlying_memory_inv[wp]: "\<lambda>ms. P (underlying_memory ms)"
+  (ignore_del: dsb invalidate_I_PoU clean_D_PoU cleanCaches_PoU)
 
 lemma dmo_cleanCaches_PoU_invs[wp]: "\<lbrace>invs\<rbrace> do_machine_op cleanCaches_PoU \<lbrace>\<lambda>y. invs\<rbrace>"
   apply (wp dmo_invs)
@@ -3509,7 +3510,9 @@ crunches cleanByVA, cleanCacheRange_PoC, cleanCacheRange_RAM,
   invalidateCacheRange_RAM, branchFlush, branchFlushRange,
   invalidateByVA_I, cleanInvalidateL2Range, do_flush, storeWord
   for device_state_inv[wp]: "\<lambda>ms. P (device_state ms)"
-  (wp: cacheRangeOp_respects_device_region simp: crunch_simps)
+  (wp: cacheRangeOp_respects_device_region simp: crunch_simps
+   ignore_del: cleanByVA cleanInvalByVA invalidateByVA invalidateL2Range
+               branchFlush invalidateByVA_I cleanInvalidateL2Range storeWord)
 
 crunch pspace_in_kernel_window[wp]: perform_page_invocation "pspace_in_kernel_window"
   (simp: crunch_simps wp: crunch_wps)

proof/invariant-abstract/ARM/Machine_AI.thy

@@ -45,6 +45,7 @@ struct
   fun put_precond _ _ = error "crunch no_irq should not be calling put_precond";
   val pre_thms = [];
   val wpc_tactic = wp_cases_tactic_weak;
+  fun wps_tactic _ _ _ = no_tac;
   val magic = Syntax.parse_term @{context}
     "\<lambda>mapp_lambda_ignore. no_irq mapp_lambda_ignore";
   val get_monad_state_type = get_nondet_monad_state_type;

proof/invariant-abstract/ARM_HYP/ArchAcc_AI.thy

@@ -3192,16 +3192,12 @@ lemma machine_op_lift_device_state[wp]:
                      select_def ignore_failure_def select_f_def
               split: if_splits)
 
-crunch device_state_inv[wp]: invalidateLocalTLB_ASID "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: invalidateLocalTLB_VAASID "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: setHardwareASID "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: isb "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: dsb "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: set_current_pd "\<lambda>ms. P (device_state ms)"
-  (simp: setCurrentPDPL2_def)
-crunch device_state_inv[wp]: storeWord "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: cleanByVA_PoU "\<lambda>ms. P (device_state ms)"
-crunch device_state_inv[wp]: cleanL2Range "\<lambda>ms. P (device_state ms)"
+crunches invalidateLocalTLB_ASID, invalidateLocalTLB_VAASID, setHardwareASID, isb, dsb,
+         set_current_pd, storeWord, cleanByVA_PoU, cleanL2Range
+  for device_state_inv[wp]: "\<lambda>ms. P (device_state ms)"
+  (simp: setCurrentPDPL2_def
+   ignore_del: invalidateLocalTLB_ASID invalidateLocalTLB_VAASID setHardwareASID isb
+               dsb storeWord cleanByVA_PoU cleanL2Range)
 
 lemma as_user_inv:
   assumes x: "\<And>P. \<lbrace>P\<rbrace> f \<lbrace>\<lambda>x. P\<rbrace>"

proof/invariant-abstract/ARM_HYP/ArchEmptyFail_AI.thy

@@ -182,6 +182,7 @@ lemma vgic_maintenance_empty_fail[wp]: "empty_fail vgic_maintenance"
                    vgic_maintenance_def)
 
 crunch (empty_fail) empty_fail[wp, EmptyFail_AI_assms]: possible_switch_to
+  (ignore_del: possible_switch_to)
 
 crunch (empty_fail) empty_fail[wp, EmptyFail_AI_assms]: handle_event, activate_thread
   (simp: cap.splits arch_cap.splits split_def invocation_label.splits Let_def

proof/invariant-abstract/ARM_HYP/ArchKHeap_AI.thy

@@ -670,6 +670,7 @@ lemma cap_is_device_obj_is_device[simp]:
          split: apiobject_type.splits aobject_type.splits)
 
 crunch device_state_inv: storeWord "\<lambda>ms. P (device_state ms)"
+  (ignore_del: storeWord)
 
 
 (* some hyp_ref invariants *)

proof/invariant-abstract/ARM_HYP/ArchRetype_AI.thy

@@ -138,7 +138,7 @@ lemmas init_arch_objects_valid_cap[wp] = valid_cap_typ [OF init_arch_objects_typ
 lemmas init_arch_objects_cap_table[wp] = cap_table_at_lift_valid [OF init_arch_objects_typ_at]
 
 crunch device_state_inv[wp]: clearMemory "\<lambda>ms. P (device_state ms)"
-  (wp: mapM_x_wp)
+  (wp: mapM_x_wp ignore_del: clearMemory)
 
 crunch pspace_respects_device_region[wp]: reserve_region pspace_respects_device_region
 crunch cap_refs_respects_device_region[wp]: reserve_region cap_refs_respects_device_region
@@ -1165,11 +1165,11 @@ lemma invs_irq_state_independent:
   done
 
 crunch irq_masks_inv[wp]: cleanByVA_PoU, storeWord, clearMemory "\<lambda>s. P (irq_masks s)"
-  (ignore: cacheRangeOp wp: crunch_wps)
+  (wp: crunch_wps ignore_del: cleanByVA_PoU storeWord clearMemory)
 
-crunch underlying_mem_0[wp]: cleanByVA_PoU, clearMemory
+crunch underlying_mem_0[wp]: clearMemory
     "\<lambda>s. underlying_memory s p = 0"
-  (ignore: cacheRangeOp wp: crunch_wps storeWord_um_eq_0)
+  (wp: crunch_wps storeWord_um_eq_0 ignore_del: clearMemory)
 
 lemma clearMemory_invs:
   "\<lbrace>invs\<rbrace> do_machine_op (clearMemory w sz) \<lbrace>\<lambda>_. invs\<rbrace>"

proof/invariant-abstract/ARM_HYP/ArchVSpace_AI.thy

@@ -677,6 +677,7 @@ lemma clean_D_PoU_underlying_memory[wp]:
 crunches dsb, invalidate_I_PoU, clean_D_PoU, cleanCaches_PoU
   for device_state_inv[wp]: "\<lambda>ms. P (device_state ms)"
   and underlying_memory_inv[wp]: "\<lambda>ms. P (underlying_memory ms)"
+  (ignore_del: dsb invalidate_I_PoU clean_D_PoU cleanCaches_PoU)
 
 lemma dmo_cleanCaches_PoU_invs[wp]: "\<lbrace>invs\<rbrace> do_machine_op cleanCaches_PoU \<lbrace>\<lambda>y. invs\<rbrace>"
   apply (wp dmo_invs)
@@ -4550,38 +4551,14 @@ lemma cacheRangeOp_respects_device_region[wp]:
   shows "\<lbrace>\<lambda>ms. P (device_state ms)\<rbrace> cacheRangeOp f a b c\<lbrace>\<lambda>_ ms. P (device_state ms)\<rbrace>"
   by (wpsimp simp: do_flush_def cacheRangeOp_def wp: mapM_x_wp valid_f)+
 
-
-lemma pspace_respects_device_region_dmo:
-  assumes valid_f: "\<And>P. \<lbrace>\<lambda>ms. P (device_state ms)\<rbrace> f \<lbrace>\<lambda>r ms. P (device_state ms)\<rbrace>"
-  shows "\<lbrace>pspace_respects_device_region\<rbrace>do_machine_op f\<lbrace>\<lambda>r. pspace_respects_device_region\<rbrace>"
-  apply (clarsimp simp: do_machine_op_def gets_def select_f_def simpler_modify_def bind_def valid_def
-                        get_def return_def)
-  apply (drule_tac P1 = "(=) (device_state (machine_state s))" in use_valid[OF _ valid_f])
-  apply auto
-  done
-
-lemma cap_refs_respects_device_region_dmo:
-  assumes valid_f: "\<And>P. \<lbrace>\<lambda>ms. P (device_state ms)\<rbrace> f \<lbrace>\<lambda>r ms. P (device_state ms)\<rbrace>"
-  shows "\<lbrace>cap_refs_respects_device_region\<rbrace>do_machine_op f\<lbrace>\<lambda>r. cap_refs_respects_device_region\<rbrace>"
-  apply (clarsimp simp: do_machine_op_def gets_def select_f_def simpler_modify_def bind_def valid_def
-                        get_def return_def)
-  apply (drule_tac P1 = "(=) (device_state (machine_state s))" in use_valid[OF _ valid_f])
-  apply auto
-  done
-
-lemma machine_op_lift_device_state[wp]:
-  "\<lbrace>\<lambda>ms. P (device_state ms)\<rbrace> machine_op_lift f \<lbrace>\<lambda>_ ms. P (device_state ms)\<rbrace>"
-  by (clarsimp simp: machine_op_lift_def NonDetMonad.valid_def bind_def
-                     machine_rest_lift_def gets_def simpler_modify_def get_def
-                     return_def select_def ignore_failure_def select_f_def
-              split: if_splits)
-
 crunches cleanByVA, cleanCacheRange_PoC, cleanCacheRange_RAM,
   cleanInvalByVA, invalidateByVA, invalidateL2Range,
   invalidateCacheRange_RAM, branchFlush, branchFlushRange,
   invalidateByVA_I, cleanInvalidateL2Range, do_flush, storeWord
   for device_state_inv[wp]: "\<lambda>ms. P (device_state ms)"
-  (simp: crunch_simps)
+  (simp: crunch_simps
+   ignore_del: cleanByVA cleanInvalByVA invalidateByVA invalidateL2Range
+               branchFlush invalidateByVA_I cleanInvalidateL2Range storeWord)
 
 crunch pspace_in_kernel_window[wp]: perform_page_invocation "pspace_in_kernel_window"
   (simp: crunch_simps wp: crunch_wps)

proof/invariant-abstract/ARM_HYP/Machine_AI.thy

@@ -45,6 +45,7 @@ struct
   fun put_precond _ _ = error "crunch no_irq should not be calling put_precond";
   val pre_thms = [];
   val wpc_tactic = wp_cases_tactic_weak;
+  fun wps_tactic _ _ _ = no_tac;
   val magic = Syntax.parse_term @{context}
     "\<lambda>mapp_lambda_ignore. no_irq mapp_lambda_ignore";
   val get_monad_state_type = get_nondet_monad_state_type;

proof/invariant-abstract/BCorres2_AI.thy

@@ -257,9 +257,10 @@ lemma all_but_exst_update[simp]:
 
 crunch all_but_exst[wp]: set_scheduler_action,tcb_sched_action,next_domain,
                          cap_move_ext "all_but_exst P"
-  (simp: Let_def)
+  (simp: Let_def ignore_del: tcb_sched_action cap_move_ext)
 
 crunch (empty_fail) empty_fail[wp]: cap_move_ext
+  (ignore_del: cap_move_ext)
 
 global_interpretation set_scheduler_action_extended: is_extended "set_scheduler_action a"
   by (unfold_locales; wp)

proof/invariant-abstract/DetSchedDomainTime_AI.thy

@@ -166,7 +166,7 @@ crunch domain_list_inv[wp]: delete_objects "\<lambda>s :: det_ext state. P (doma
 crunch domain_list_inv[wp]: update_work_units "\<lambda>s. P (domain_list s)"
 
 crunch domain_list_inv[wp]: preemption_point "\<lambda>s. P (domain_list s)"
-  (wp: select_inv OR_choiceE_weak_wp ignore: OR_choiceE)
+  (wp: OR_choiceE_weak_wp ignore_del: preemption_point)
 
 crunch domain_list_inv[wp]: reset_untyped_cap "\<lambda>s. P (domain_list s)"
   (wp: crunch_wps hoare_unless_wp mapME_x_inv_wp select_inv
@@ -315,7 +315,7 @@ crunch domain_time_inv[wp]: delete_objects "\<lambda>s :: det_ext state. P (doma
 crunch domain_time_inv[wp]: update_work_units "\<lambda>s. P (domain_time s)"
 
 crunch domain_time_inv[wp]: preemption_point "\<lambda>s. P (domain_time s)"
-  (wp: select_inv OR_choiceE_weak_wp ignore: OR_choiceE)
+  (wp: OR_choiceE_weak_wp ignore_del: preemption_point)
 
 crunch domain_time_inv[wp]: reset_untyped_cap "\<lambda>s. P (domain_time s)"
   (wp: crunch_wps hoare_unless_wp mapME_x_inv_wp select_inv

proof/invariant-abstract/DetSchedSchedule_AI.thy

@@ -1940,7 +1940,8 @@ crunch idle_thread[wp]:
   preemption_point "\<lambda>(s:: det_state). P (idle_thread s)"
   (ignore: OR_choiceE
    simp: OR_choiceE_def wrap_ext_bool_det_ext_ext_def crunch_simps
-   wp: crunch_wps)
+   wp: crunch_wps
+   ignore_del: preemption_point)
 
 lemma rec_del_idle_thread[wp]:
   "\<lbrace>\<lambda>(s:: det_ext state). P (idle_thread s)\<rbrace> rec_del call \<lbrace>\<lambda>rv s. P (idle_thread s)\<rbrace>"

proof/invariant-abstract/Deterministic_AI.thy

@@ -1510,9 +1510,12 @@ lemma set_cap_match: "(\<And>s x. P s = P (s\<lparr>kheap := x\<rparr>)) \<Longr
   apply wpsimp
   done
 
-crunch all_but_exst[wp]: cap_insert_ext "all_but_exst P"
-
-crunch (empty_fail) empty_fail[wp]: cap_insert_ext
+crunches cap_insert_ext, empty_slot_ext, cap_swap_ext, create_cap_ext, set_thread_state_ext,
+         retype_region_ext
+  for all_but_exst[wp]:  "all_but_exst P"
+  and (empty_fail) empty_fail[wp]
+  (ignore_del: cap_insert_ext empty_slot_ext cap_swap_ext create_cap_ext set_thread_state_ext
+               retype_region_ext)
 
 interpretation cap_insert_ext_extended: is_extended "cap_insert_ext a b c d e"
   by (unfold_locales; wp)
@@ -3115,10 +3118,6 @@ lemma (in mdb_empty_abs') next_slot:
 crunch valid_list[wp]: post_cap_deletion,set_cap valid_list
   (wp: crunch_wps)
 
-crunch all_but_exst[wp]: empty_slot_ext "all_but_exst P"
-
-crunch (empty_fail) empty_fail[wp]: empty_slot_ext
-
 interpretation empty_slot_extended: is_extended "empty_slot_ext a b"
   by (unfold_locales; wp)
 
@@ -3774,10 +3773,6 @@ lemma next_slot:
 end
 
 
-crunch all_but_exst[wp]: cap_swap_ext "all_but_exst P"
-
-crunch (empty_fail) empty_fail[wp]: cap_swap_ext
-
 interpretation cap_swap_ext_extended: is_extended "cap_swap_ext a b c d"
   by (unfold_locales; wp cap_swap_ext_all_but_exst)
 
@@ -3806,10 +3801,6 @@ lemma exst_set_cap:
   "(x,s') \<in> fst (set_cap p c s) \<Longrightarrow> exst s' = exst s"
   by (erule use_valid[OF _ set_cap_exst],simp)
 
-crunch all_but_exst[wp]: create_cap_ext "all_but_exst P"
-
-crunch (empty_fail) empty_fail[wp]: create_cap_ext
-
 interpretation create_cap_extended: is_extended "create_cap_ext a b c"
   by (unfold_locales; wp)
 
@@ -3837,7 +3828,7 @@ lemmas transfer_caps_loop_ext_valid[wp] =
   transfer_caps_loop_pres[OF cap_insert_valid_list set_extra_badge_valid_list]
 
 crunch valid_list[wp]: tcb_sched_action,reschedule_required,set_thread_state_ext "valid_list"
-  (simp: unless_def)
+  (simp: unless_def ignore_del: tcb_sched_action reschedule_required set_thread_state_ext)
 
 crunch all_but_exst[wp]: set_thread_state_ext "all_but_exst P"
 
@@ -3847,6 +3838,7 @@ interpretation set_thread_state_ext_extended: is_extended "set_thread_state_ext
   by (unfold_locales; wp)
 
 crunch all_but_exst[wp]: reschedule_required "all_but_exst P"
+  (ignore_del: reschedule_required)
 
 interpretation reschedule_required_ext_extended: is_extended "reschedule_required"
   by (unfold_locales; wp)
@@ -3941,20 +3933,20 @@ lemma invoke_cnode_valid_list[wp]:
 
 end
 
-crunch all_but_exst[wp,intro!,simp]: possible_switch_to "all_but_exst P" (simp: ethread_get_def)
-
-crunch valid_list[wp]: possible_switch_to "valid_list"
-  (simp: ethread_get_def)
+crunches possible_switch_to
+  for all_but_exst[wp]: "all_but_exst P"
+  and valid_list[wp]: "valid_list"
+  and (empty_fail) empty_fail[wp]
+  (simp: ethread_get_def ignore_del: possible_switch_to)
 
 crunch valid_list[wp]: set_priority,set_mcpriority "valid_list"
-  (wp: crunch_wps)
-
-crunch (empty_fail)empty_fail[wp]: possible_switch_to
+  (wp: crunch_wps ignore_del: set_priority)
 
 global_interpretation possible_switch_to_extended: is_extended "possible_switch_to a"
   by (unfold_locales; wp)
 
-crunch all_but_exst[wp]: set_priority "all_but_exst P" (simp: ethread_get_def)
+crunch all_but_exst[wp]: set_priority "all_but_exst P"
+  (simp: ethread_get_def ignore_del: set_priority)
 
 crunch (empty_fail)empty_fail[wp]: set_priority,set_mcpriority
 
@@ -3993,21 +3985,16 @@ lemmas mapM_x_def_bak = mapM_x_def[symmetric]
 lemma retype_region_ext_valid_list_ext[wp]: "\<lbrace>valid_list\<rbrace> retype_region_ext a b \<lbrace>\<lambda>_.valid_list\<rbrace>"
   by (wpsimp simp: retype_region_ext_def)
 
-crunch all_but_exst[wp]: retype_region_ext "all_but_exst P" (simp: ethread_get_def)
-
-crunch (empty_fail)empty_fail[wp]: retype_region_ext
-
 global_interpretation retype_region_ext_extended: is_extended "retype_region_ext a b"
   by (unfold_locales; wp)
 
 crunch valid_list[wp]: invoke_irq_handler valid_list
 
-crunch valid_list[wp]: thread_set_time_slice,timer_tick "valid_list" (simp: Let_def)
-
-crunch all_but_exst[wp]: timer_tick "all_but_exst P" (simp: ethread_get_def crunch_simps)
-
-crunch (empty_fail)empty_fail[wp]: timer_tick
-  (simp: thread_state.splits)
+crunches timer_tick
+  for valid_list[wp]: "valid_list"
+  and all_but_exst[wp]: "all_but_exst P"
+  and (empty_fail) empty_fail[wp]
+  (ignore_del: timer_tick)
 
 global_interpretation timer_tick_extended: is_extended "timer_tick"
   by (unfold_locales; wp)

proof/invariant-abstract/EmptyFail_AI.thy

@@ -428,7 +428,7 @@ lemma schedule_empty_fail[wp]:
 end
 
 crunch (empty_fail) empty_fail[wp]: set_scheduler_action, next_domain, reschedule_required
-  (simp: scheduler_action.split)
+  (simp: scheduler_action.split ignore_del: reschedule_required)
 
 crunch (empty_fail) empty_fail[wp, intro!, simp]: ethread_get_when
 

proof/invariant-abstract/RISCV64/ArchEmptyFail_AI.thy

@@ -170,6 +170,7 @@ global_interpretation EmptyFail_AI_schedule?: EmptyFail_AI_schedule
 context Arch begin global_naming RISCV64
 
 crunch (empty_fail) empty_fail[wp]: read_sbadaddr
+  (ignore_del: read_sbadaddr)
 
 crunch (empty_fail) empty_fail[wp, EmptyFail_AI_assms]: possible_switch_to, handle_event, activate_thread
   (simp: cap.splits arch_cap.splits split_def invocation_label.splits Let_def
@@ -177,7 +178,8 @@ crunch (empty_fail) empty_fail[wp, EmptyFail_AI_assms]: possible_switch_to, hand
          bool.splits apiobject_type.splits aobject_type.splits notification.splits
          thread_state.splits endpoint.splits catch_def sum.splits cnode_invocation.splits
          page_table_invocation.splits page_invocation.splits asid_control_invocation.splits
-         asid_pool_invocation.splits arch_invocation.splits irq_state.splits syscall.splits)
+         asid_pool_invocation.splits arch_invocation.splits irq_state.splits syscall.splits
+   ignore_del: possible_switch_to)
 
 end
 

proof/invariant-abstract/RISCV64/ArchKHeap_AI.thy

@@ -724,6 +724,7 @@ lemma cap_is_device_obj_is_device[simp]:
          split: apiobject_type.splits aobject_type.splits)
 
 crunch device_state_inv: storeWord "\<lambda>ms. P (device_state ms)"
+  (ignore_del: storeWord)
 
 (* some hyp_ref invariants *)
 

proof/invariant-abstract/RISCV64/ArchRetype_AI.thy

@@ -100,7 +100,7 @@ lemmas init_arch_objects_valid_cap[wp] = valid_cap_typ [OF init_arch_objects_typ
 lemmas init_arch_objects_cap_table[wp] = cap_table_at_lift_valid [OF init_arch_objects_typ_at]
 
 crunch device_state_inv[wp]: clearMemory "\<lambda>ms. P (device_state ms)"
-  (wp: mapM_x_wp)
+  (wp: mapM_x_wp ignore_del: clearMemory)
 
 crunch pspace_respects_device_region[wp]: reserve_region pspace_respects_device_region
 crunch cap_refs_respects_device_region[wp]: reserve_region cap_refs_respects_device_region
@@ -999,10 +999,10 @@ lemma invs_irq_state_independent:
               split: option.split)
 
 crunch irq_masks_inv[wp]: storeWord, clearMemory "\<lambda>s. P (irq_masks s)"
-  (wp: crunch_wps)
+  (wp: crunch_wps ignore_del: storeWord clearMemory)
 
 crunch underlying_mem_0[wp]: clearMemory "\<lambda>s. underlying_memory s p = 0"
-  (wp: crunch_wps storeWord_um_eq_0)
+  (wp: crunch_wps storeWord_um_eq_0 ignore_del: clearMemory)
 
 lemma clearMemory_invs:
   "\<lbrace>invs\<rbrace> do_machine_op (clearMemory w sz) \<lbrace>\<lambda>_. invs\<rbrace>"

proof/invariant-abstract/RISCV64/ArchSyscall_AI.thy

@@ -57,6 +57,7 @@ lemma hv_invs[wp, Syscall_AI_assms]: "\<lbrace>invs\<rbrace> handle_vm_fault t'
   by (cases flt; wpsimp)
 
 crunch inv[wp]: getRegister, read_sbadaddr "P"
+  (ignore_del: getRegister)
 
 lemma hv_inv_ex [Syscall_AI_assms]:
   "\<lbrace>P\<rbrace> handle_vm_fault t vp \<lbrace>\<lambda>_ _. True\<rbrace>, \<lbrace>\<lambda>_. P\<rbrace>"

proof/invariant-abstract/RISCV64/Machine_AI.thy

@@ -45,6 +45,7 @@ struct
   fun put_precond _ _ = error "crunch no_irq should not be calling put_precond";
   val pre_thms = [];
   val wpc_tactic = wp_cases_tactic_weak;
+  fun wps_tactic _ _ _ = no_tac;
   val magic = Syntax.parse_term @{context}
     "\<lambda>mapp_lambda_ignore. no_irq mapp_lambda_ignore";
   val get_monad_state_type = get_nondet_monad_state_type;

proof/invariant-abstract/X64/ArchEmptyFail_AI.thy

@@ -194,6 +194,7 @@ global_interpretation EmptyFail_AI_schedule?: EmptyFail_AI_schedule
 context Arch begin global_naming X64
 
 crunch (empty_fail) empty_fail[wp,EmptyFail_AI_assms]: possible_switch_to
+  (ignore_del: possible_switch_to)
 
 crunch (empty_fail) empty_fail[wp, EmptyFail_AI_assms]: handle_event, activate_thread
   (simp: cap.splits arch_cap.splits split_def invocation_label.splits Let_def

proof/invariant-abstract/X64/ArchKHeap_AI.thy

@@ -832,6 +832,7 @@ lemma cap_is_device_obj_is_device[simp]:
          split: apiobject_type.splits aobject_type.splits)
 
 crunch device_state_inv: storeWord "\<lambda>ms. P (device_state ms)"
+  (ignore_del: storeWord)
 
 (* some hyp_ref invariants *)
 

proof/invariant-abstract/X64/ArchRetype_AI.thy

@@ -126,7 +126,7 @@ lemmas init_arch_objects_valid_cap[wp] = valid_cap_typ [OF init_arch_objects_typ
 lemmas init_arch_objects_cap_table[wp] = cap_table_at_lift_valid [OF init_arch_objects_typ_at]
 
 crunch device_state_inv[wp]: clearMemory "\<lambda>ms. P (device_state ms)"
-  (wp: mapM_x_wp)
+  (wp: mapM_x_wp ignore_del: clearMemory)
 
 crunch pspace_respects_device_region[wp]: reserve_region pspace_respects_device_region
 crunch cap_refs_respects_device_region[wp]: reserve_region cap_refs_respects_device_region
@@ -1240,11 +1240,11 @@ lemma invs_irq_state_independent:
       swp_def valid_irq_states_def)
 
 crunch irq_masks_inv[wp]: storeWord, clearMemory "\<lambda>s. P (irq_masks s)"
-  (ignore:  wp: crunch_wps)
+  (wp: crunch_wps ignore_del: storeWord clearMemory)
 
 crunch underlying_mem_0[wp]: clearMemory
     "\<lambda>s. underlying_memory s p = 0"
-  (ignore: wp: crunch_wps storeWord_um_eq_0)
+  (wp: crunch_wps storeWord_um_eq_0 ignore_del: clearMemory)
 
 lemma clearMemory_invs[wp]:
   "\<lbrace>invs\<rbrace> do_machine_op (clearMemory w sz) \<lbrace>\<lambda>_. invs\<rbrace>"

proof/invariant-abstract/X64/ArchSyscall_AI.thy

@@ -63,6 +63,7 @@ lemma hv_invs[wp, Syscall_AI_assms]: "\<lbrace>invs\<rbrace> handle_vm_fault t'
   done
 
 crunch inv[wp]: getFaultAddress, getRegister "P"
+  (ignore_del: getRegister)
 
 lemma hv_inv_ex [Syscall_AI_assms]:
   "\<lbrace>P\<rbrace> handle_vm_fault t vp \<lbrace>\<lambda>_ _. True\<rbrace>, \<lbrace>\<lambda>_. P\<rbrace>"

proof/invariant-abstract/X64/Machine_AI.thy

@@ -45,6 +45,7 @@ struct
   fun put_precond _ _ = error "crunch no_irq should not be calling put_precond";
   val pre_thms = [];
   val wpc_tactic = wp_cases_tactic_weak;
+  fun wps_tactic _ _ _ = no_tac;
   val magic = Syntax.parse_term @{context}
     "\<lambda>mapp_lambda_ignore. no_irq mapp_lambda_ignore";
   val get_monad_state_type = get_nondet_monad_state_type;

proof/refine/ARM/DomainTime_R.thy

@@ -78,7 +78,7 @@ crunch ksDomSchedule_inv[wp]: createNewObjects "\<lambda>s. P (ksDomSchedule s)"
   (simp: crunch_simps zipWithM_x_mapM wp: crunch_wps hoare_unless_wp)
 
 crunch ksDomSchedule_inv[wp]: preemptionPoint "\<lambda>s. P (ksDomSchedule s)"
-  (simp: whenE_def)
+  (simp: whenE_def ignore_del: preemptionPoint)
 
 crunch ksDomSchedule_inv[wp]: performARMMMUInvocation "\<lambda>s. P (ksDomSchedule s)"
   (ignore: getObject setObject
@@ -194,7 +194,7 @@ crunch ksDomainTime_inv[wp]: performARMMMUInvocation "\<lambda>s. P (ksDomainTim
    simp: unless_def)
 
 crunch ksDomainTime_inv[wp]: preemptionPoint "\<lambda>s. P (ksDomainTime s)"
-  (simp: whenE_def)
+  (simp: whenE_def ignore_del: preemptionPoint)
 
 crunch ksDomainTime_inv[wp]: performInvocation "\<lambda>s. P (ksDomainTime s)"
   (wp: crunch_wps zipWithM_x_inv cteRevoke_preservation mapME_x_inv_wp

proof/refine/ARM/EmptyFail_H.thy

@@ -170,6 +170,7 @@ crunch (empty_fail) empty_fail[intro!, wp, simp]: cancelIPC, setThreadState, tcb
 (simp: Let_def)
 
 crunch (empty_fail) "_H_empty_fail"[intro!, wp, simp]: "ThreadDecls_H.suspend"
+  (ignore_del: ThreadDecls_H.suspend)
 
 lemma ThreadDecls_H_restart_empty_fail[intro!, wp, simp]:
   "empty_fail (ThreadDecls_H.restart target)"

proof/refine/ARM/IpcCancel_R.thy

@@ -2601,7 +2601,7 @@ lemma cancelBadgedSends_invs[wp]:
   done
 
 crunch state_refs_of[wp]: tcb_sched_action "\<lambda>s. P (state_refs_of s)"
-
+  (ignore_del: tcb_sched_action)
 
 lemma cancel_badged_sends_corres:
   "corres dc (invs and valid_sched and ep_at epptr) (invs' and ep_at' epptr)

proof/refine/ARM/PageTableDuplicates.thy

@@ -72,9 +72,6 @@ crunch valid_duplicates' [wp]: cteInsert "(\<lambda>s. vs_valid_duplicates' (ksP
 crunch valid_duplicates'[wp]: setupReplyMaster "(\<lambda>s. vs_valid_duplicates' (ksPSpace s))"
   (wp: crunch_wps simp: crunch_simps)
 
-(* we need the following lemma in Syscall_R *)
-crunch inv[wp]: getRegister "P"
-
 lemma doMachineOp_ksPSpace_inv[wp]:
   "\<lbrace>\<lambda>s. P (ksPSpace s)\<rbrace> doMachineOp f \<lbrace>\<lambda>ya s. P (ksPSpace s)\<rbrace>"
   by (simp add:doMachineOp_def split_def | wp)+

proof/refine/ARM/TcbAcc_R.thy

@@ -1479,11 +1479,12 @@ lemma user_getreg_corres:
   apply (clarsimp simp: getRegister_def)
   done
 
+crunch inv[wp]: getRegister "P"
+  (ignore_del: getRegister)
+
 lemma user_getreg_inv'[wp]:
   "\<lbrace>P\<rbrace> asUser t (getRegister r) \<lbrace>\<lambda>x. P\<rbrace>"
-  apply (rule asUser_inv)
-   apply (simp_all add: getRegister_def)
-  done
+  by (wp asUser_inv)
 
 lemma asUser_typ_at' [wp]:
   "\<lbrace>\<lambda>s. P (typ_at' T p s)\<rbrace> asUser t' f \<lbrace>\<lambda>rv s. P (typ_at' T p s)\<rbrace>"

proof/refine/ARM/Untyped_R.thy

@@ -1393,10 +1393,12 @@ lemma set_cdt_symb_exec_l:
   "corres_underlying {(s, s'). f (kheap s) (exst s) s'} nf nf' dc P P' (set_cdt g) (return x)"
   by (simp add: corres_underlying_def return_def set_cdt_def in_monad Bex_def)
 
-crunch domain_index[wp]: create_cap_ext "\<lambda>s. P (domain_index s)"
-crunch domain_list[wp]: create_cap_ext "\<lambda>s. P (domain_list s)"
-crunch domain_time[wp]: create_cap_ext "\<lambda>s. P (domain_time s)"
-crunch work_units_completed[wp]: create_cap_ext "\<lambda>s. P (work_units_completed s)"
+crunches create_cap_ext
+  for domain_index[wp]: "\<lambda>s. P (domain_index s)"
+  and domain_list[wp]: "\<lambda>s. P (domain_list s)"
+  and domain_time[wp]: "\<lambda>s. P (domain_time s)"
+  and work_units_completed[wp]: "\<lambda>s. P (work_units_completed s)"
+  (ignore_del: create_cap_ext)
 
 context begin interpretation Arch . (*FIXME: arch_split*)
 

proof/refine/ARM_HYP/DomainTime_R.thy

@@ -83,7 +83,7 @@ crunch ksDomSchedule_inv[wp]: createNewObjects "\<lambda>s. P (ksDomSchedule s)"
   (simp: crunch_simps zipWithM_x_mapM wp: crunch_wps hoare_unless_wp)
 
 crunch ksDomSchedule_inv[wp]: preemptionPoint "\<lambda>s. P (ksDomSchedule s)"
-  (simp: whenE_def)
+  (simp: whenE_def ignore_del: preemptionPoint)
 
 crunch ksDomSchedule_inv[wp]: performARMMMUInvocation "\<lambda>s. P (ksDomSchedule s)"
   (ignore: getObject setObject
@@ -198,7 +198,7 @@ crunch ksDomainTime_inv[wp]: performARMMMUInvocation "\<lambda>s. P (ksDomainTim
    simp: unless_def)
 
 crunch ksDomainTime_inv[wp]: preemptionPoint "\<lambda>s. P (ksDomainTime s)"
-  (simp: whenE_def)
+  (simp: whenE_def ignore_del: preemptionPoint)
 
 lemma setObjectVCPU_ksDomainTime_inv[wp]:
   "setObject p (v::vcpu) \<lbrace>\<lambda>s. P (ksDomainTime s)\<rbrace>"

proof/refine/ARM_HYP/EmptyFail_H.thy

@@ -174,6 +174,7 @@ crunch (empty_fail) empty_fail[intro!, wp, simp]: cancelIPC, setThreadState, tcb
 (simp: Let_def)
 
 crunch (empty_fail) "_H_empty_fail"[intro!, wp, simp]: "ThreadDecls_H.suspend"
+  (ignore_del: ThreadDecls_H.suspend)
 
 lemma ThreadDecls_H_restart_empty_fail[intro!, wp, simp]:
   "empty_fail (ThreadDecls_H.restart target)"

proof/refine/ARM_HYP/IpcCancel_R.thy

@@ -2775,10 +2775,10 @@ lemma cancelBadgedSends_invs[wp]:
   apply (drule (1) bspec, drule st_tcb_at_state_refs_ofD', clarsimp)
   by (fastforce simp: set_eq_subset tcb_bound_refs'_def)
 
-
-crunch state_refs_of[wp]: tcb_sched_action "\<lambda>s. P (state_refs_of s)"
-crunch state_hyp_refs_of[wp]: tcb_sched_action "\<lambda>s. P (state_hyp_refs_of s)"
-
+crunches tcb_sched_action
+  for state_refs_of[wp]: "\<lambda>s. P (state_refs_of s)"
+  and state_hyp_refs_of[wp]: "\<lambda>s. P (state_hyp_refs_of s)"
+  (ignore_del: tcb_sched_action)
 
 lemma cancel_badged_sends_corres:
   "corres dc (invs and valid_sched and ep_at epptr) (invs' and ep_at' epptr)

proof/refine/ARM_HYP/TcbAcc_R.thy

@@ -1519,11 +1519,12 @@ lemma user_getreg_corres:
   apply (clarsimp simp: getRegister_def)
   done
 
+crunch inv[wp]: getRegister "P"
+  (ignore_del: getRegister)
+
 lemma user_getreg_inv'[wp]:
   "\<lbrace>P\<rbrace> asUser t (getRegister r) \<lbrace>\<lambda>x. P\<rbrace>"
-  apply (rule asUser_inv)
-   apply (simp_all add: getRegister_def)
-  done
+  by (wp asUser_inv)
 
 lemma asUser_typ_at' [wp]:
   "\<lbrace>\<lambda>s. P (typ_at' T p s)\<rbrace> asUser t' f \<lbrace>\<lambda>rv s. P (typ_at' T p s)\<rbrace>"

proof/refine/ARM_HYP/Untyped_R.thy

@@ -1409,10 +1409,12 @@ lemma set_cdt_symb_exec_l:
   "corres_underlying {(s, s'). f (kheap s) (exst s) s'} nf nf' dc P P' (set_cdt g) (return x)"
   by (simp add: corres_underlying_def return_def set_cdt_def in_monad Bex_def)
 
-crunch domain_index[wp]: create_cap_ext "\<lambda>s. P (domain_index s)"
-crunch domain_list[wp]: create_cap_ext "\<lambda>s. P (domain_list s)"
-crunch domain_time[wp]: create_cap_ext "\<lambda>s. P (domain_time s)"
-crunch work_units_completed[wp]: create_cap_ext "\<lambda>s. P (work_units_completed s)"
+crunches create_cap_ext
+  for domain_index[wp]: "\<lambda>s. P (domain_index s)"
+  and domain_list[wp]: "\<lambda>s. P (domain_list s)"
+  and domain_time[wp]: "\<lambda>s. P (domain_time s)"
+  and work_units_completed[wp]: "\<lambda>s. P (work_units_completed s)"
+  (ignore_del: create_cap_ext)
 
 context begin interpretation Arch . (*FIXME: arch_split*)
 

proof/refine/X64/DomainTime_R.thy

@@ -78,7 +78,7 @@ crunch ksDomSchedule_inv[wp]: createNewObjects "\<lambda>s. P (ksDomSchedule s)"
   (simp: crunch_simps zipWithM_x_mapM wp: crunch_wps hoare_unless_wp)
 
 crunch ksDomSchedule_inv[wp]: preemptionPoint "\<lambda>s. P (ksDomSchedule s)"
-  (simp: whenE_def)
+  (simp: whenE_def ignore_del: preemptionPoint)
 
 crunch ksDomSchedule_inv[wp]: performX64MMUInvocation, performX64PortInvocation "\<lambda>s. P (ksDomSchedule s)"
   (ignore: getObject setObject
@@ -194,7 +194,7 @@ crunch ksDomainTime_inv[wp]: performX64MMUInvocation, performX64PortInvocation "
    simp: unless_def crunch_simps)
 
 crunch ksDomainTime_inv[wp]: preemptionPoint "\<lambda>s. P (ksDomainTime s)"
-  (simp: whenE_def)
+  (simp: whenE_def ignore_del: preemptionPoint)
 
 crunch ksDomainTime_inv[wp]: performInvocation "\<lambda>s. P (ksDomainTime s)"
   (wp: crunch_wps zipWithM_x_inv cteRevoke_preservation mapME_x_inv_wp

proof/refine/X64/EmptyFail_H.thy

@@ -177,6 +177,7 @@ crunch (empty_fail) empty_fail[intro!, wp, simp]: cancelIPC, setThreadState, tcb
 (simp: Let_def)
 
 crunch (empty_fail) "_H_empty_fail"[intro!, wp, simp]: "ThreadDecls_H.suspend"
+  (ignore_del: ThreadDecls_H.suspend)
 
 lemma ThreadDecls_H_restart_empty_fail[intro!, wp, simp]:
   "empty_fail (ThreadDecls_H.restart target)"

proof/refine/X64/Finalise_R.thy

@@ -1195,7 +1195,6 @@ lemma not_Final_removeable:
 context begin interpretation Arch .
 crunch ko_wp_at'[wp]: postCapDeletion "\<lambda>s. P (ko_wp_at' P' p s)"
 crunch cteCaps_of[wp]: postCapDeletion "\<lambda>s. P (cteCaps_of s)"
-  (simp: cteCaps_of_def o_def)
 end
 
 crunch ko_at_live[wp]: clearUntypedFreeIndex "\<lambda>s. P (ko_wp_at' live' ptr s)"

proof/refine/X64/IpcCancel_R.thy

@@ -2652,7 +2652,7 @@ lemma cancelBadgedSends_invs[wp]:
   done
 
 crunch state_refs_of[wp]: tcb_sched_action "\<lambda>s. P (state_refs_of s)"
-
+  (ignore_del: tcb_sched_action)
 
 lemma cancel_badged_sends_corres:
   "corres dc (invs and valid_sched and ep_at epptr) (invs' and ep_at' epptr)

proof/refine/X64/Untyped_R.thy

@@ -1437,10 +1437,12 @@ lemma set_cdt_symb_exec_l:
   "corres_underlying {(s, s'). f (kheap s) (exst s) s'} nf nf' dc P P' (set_cdt g) (return x)"
   by (simp add: corres_underlying_def return_def set_cdt_def in_monad Bex_def)
 
-crunch domain_index[wp]: create_cap_ext "\<lambda>s. P (domain_index s)"
-crunch domain_list[wp]: create_cap_ext "\<lambda>s. P (domain_list s)"
-crunch domain_time[wp]: create_cap_ext "\<lambda>s. P (domain_time s)"
-crunch work_units_completed[wp]: create_cap_ext "\<lambda>s. P (work_units_completed s)"
+crunches create_cap_ext
+  for domain_index[wp]: "\<lambda>s. P (domain_index s)"
+  and domain_list[wp]: "\<lambda>s. P (domain_list s)"
+  and domain_time[wp]: "\<lambda>s. P (domain_time s)"
+  and work_units_completed[wp]: "\<lambda>s. P (work_units_completed s)"
+  (ignore_del: create_cap_ext)
 
 context begin interpretation Arch . (*FIXME: arch_split*)