riscv crefine: add valid_untyped' to ArchMove_C
Opted to use old form of statement and adjust proof, as CRefine proofs are not aware of mask_range and a cleanup of that sort would take too long at this time. Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
This commit is contained in:
parent
533dd333ac
commit
9a86c195ed
|
@ -98,6 +98,54 @@ lemma sign_extend_canonical_address:
|
||||||
"(x = sign_extend 38 x) = canonical_address x"
|
"(x = sign_extend 38 x) = canonical_address x"
|
||||||
by (fastforce simp: sign_extended_iff_sign_extend canonical_address_sign_extended canonical_bit_def)
|
by (fastforce simp: sign_extended_iff_sign_extend canonical_address_sign_extended canonical_bit_def)
|
||||||
|
|
||||||
|
lemma ptr_range_mask_range:
|
||||||
|
"{ptr..ptr + 2 ^ bits - 1} = mask_range ptr bits"
|
||||||
|
unfolding mask_def
|
||||||
|
by simp
|
||||||
|
|
||||||
|
lemma valid_untyped':
|
||||||
|
notes usableUntypedRange.simps[simp del]
|
||||||
|
assumes pspace_distinct': "pspace_distinct' s" and
|
||||||
|
pspace_aligned': "pspace_aligned' s" and
|
||||||
|
al: "is_aligned ptr bits"
|
||||||
|
shows "valid_untyped' d ptr bits idx s =
|
||||||
|
(\<forall>p ko. ksPSpace s p = Some ko \<longrightarrow>
|
||||||
|
obj_range' p ko \<inter> {ptr..ptr + 2 ^ bits - 1} \<noteq> {} \<longrightarrow>
|
||||||
|
obj_range' p ko \<subseteq> {ptr..ptr + 2 ^ bits - 1} \<and>
|
||||||
|
obj_range' p ko \<inter>
|
||||||
|
usableUntypedRange (UntypedCap d ptr bits idx) = {})"
|
||||||
|
apply (simp add: valid_untyped'_def)
|
||||||
|
apply (simp add: ko_wp_at'_def)
|
||||||
|
apply (rule arg_cong[where f=All])
|
||||||
|
apply (rule ext)
|
||||||
|
apply (rule arg_cong[where f=All])
|
||||||
|
apply (rule ext)
|
||||||
|
apply (case_tac "ksPSpace s ptr' = Some ko", simp_all)
|
||||||
|
apply (frule pspace_alignedD'[OF _ pspace_aligned'])
|
||||||
|
apply (frule pspace_distinctD'[OF _ pspace_distinct'])
|
||||||
|
apply (simp add: ptr_range_mask_range)
|
||||||
|
apply (frule aligned_ranges_subset_or_disjoint[OF al])
|
||||||
|
apply (simp only: ptr_range_mask_range)
|
||||||
|
apply (fold obj_range'_def)
|
||||||
|
apply (rule iffI)
|
||||||
|
apply auto[1]
|
||||||
|
apply (rule conjI)
|
||||||
|
apply (rule ccontr, simp)
|
||||||
|
apply (simp add: Set.psubset_eq)
|
||||||
|
apply (erule conjE)
|
||||||
|
apply (case_tac "obj_range' ptr' ko \<inter> mask_range ptr bits \<noteq> {}", simp)
|
||||||
|
apply (cut_tac is_aligned_no_overflow[OF al])
|
||||||
|
apply (clarsimp simp add: obj_range'_def mask_def add_diff_eq)
|
||||||
|
subgoal by auto
|
||||||
|
apply (clarsimp simp add: usableUntypedRange.simps Int_commute)
|
||||||
|
apply (case_tac "obj_range' ptr' ko \<inter> mask_range ptr bits \<noteq> {}", simp+)
|
||||||
|
apply (cut_tac is_aligned_no_overflow[OF al])
|
||||||
|
apply (clarsimp simp add: obj_range'_def mask_def add_diff_eq)
|
||||||
|
apply (frule is_aligned_no_overflow)
|
||||||
|
by (metis al intvl_range_conv' le_m1_iff_lt less_is_non_zero_p1
|
||||||
|
nat_le_linear power_overflow sub_wrap add_0
|
||||||
|
add_0_right word_add_increasing word_less_1 word_less_sub_1)
|
||||||
|
|
||||||
lemma more_pageBits_inner_beauty:
|
lemma more_pageBits_inner_beauty:
|
||||||
fixes x :: "9 word"
|
fixes x :: "9 word"
|
||||||
fixes p :: machine_word
|
fixes p :: machine_word
|
||||||
|
|
Loading…
Reference in New Issue