adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

proof: change simple corres_split_deprecated cases 

perl -0777 -pi -e 's/corres_split_deprecated *\[ *OF +_ +([^_].*)\)\n\s*prefer 2/corres_split[OF \1\)/g' **/*.thy
perl -0777 -pi -e 's/corres_split_deprecated *\[ *OF +_ +(?!_)/corres_split[OF /g' **/*.thy
perl -0777 -pi -e 's/corres_split_deprecated *\[ *OF +([^_]\w+) +([^_]\w+) +(.*)\)\n\s*prefer +2/corres_split[OF \2 \1 \3\)/g' **/*.thy
perl -0777 -pi -e 's/corres_split_deprecated *\[ *OF +([^_]\w+) +([^_]\w+)/corres_split[OF \2 \1/g' **/*.thy
perl -0777 -pi -e 's/corres_split_deprecated *(.*)\)\n\s*prefer +2/corres_split\1\)/g' **/*.thy

Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
This commit is contained in:
Corey Lewis 2022-08-26 16:13:36 +10:00 committed by Gerwin Klein
parent 6d37587b0b
commit f4e9295424
86 changed files with 1415 additions and 1613 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
proof/crefine/ARM/Refine_C.thy
View File

@ -707,20 +707,16 @@ lemma entry_corres_C:
(kernelEntry e uc) (kernelEntry_C fp e uc)"
apply (simp add: kernelEntry_C_def kernelEntry_def getCurThread_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
prefer 2
apply (rule corres_split[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule setTCBContext_C_corres, rule ccontext_rel_to_C, simp)
apply simp
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule corres_cases[where R=fp], simp_all add: dc_def[symmetric])[1]
apply (rule callKernel_withFastpath_corres_C, simp)
apply (rule callKernel_corres_C[unfolded dc_def], simp)
apply (rule corres_split_deprecated [where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
prefer 2
apply (rule corres_split[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def)
apply (rule getContext_corres[unfolded o_def], simp)
apply (wp threadSet_all_invs_triv' callKernel_cur)+
@ -896,21 +892,17 @@ lemma do_user_op_corres_C:
(doUserOp f tc) (doUserOp_C f tc)"
apply (simp only: doUserOp_C_def doUserOp_def split_def)
apply (rule corres_guard_imp)
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: simpler_gets_def getCurThread_def
corres_underlying_def rf_sr_def cstate_relation_def Let_def)
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: cstate_to_A_def absKState_def
rf_sr_def cstate_to_H_correct ptable_lift_def)
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: cstate_to_A_def absKState_def
rf_sr_def cstate_to_H_correct ptable_rights_def)
apply (rule_tac P=pspace_distinct' and P'=\<top> and r'="(=)"
in corres_split_deprecated)
prefer 2
in corres_split)
apply clarsimp
apply (rule fun_cong[where x=ptrFromPAddr])
apply (rule_tac f=comp in arg_cong)
@ -919,34 +911,29 @@ lemma do_user_op_corres_C:
cpspace_relation_def)
apply assumption
apply (rule_tac P=pspace_distinct' and P'=\<top> and r'="(=)"
in corres_split_deprecated)
prefer 2
in corres_split)
apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def
cpspace_relation_def)
apply (drule(1) device_mem_C_relation[symmetric])
apply (simp add: comp_def)
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: cstate_relation_def rf_sr_def
Let_def cmachine_state_relation_def)
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp add: corres_underlying_def fail_def
assert_def return_def
split:if_splits)
apply simp
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp add: corres_underlying_def fail_def
assert_def return_def
split:if_splits)
apply simp
apply (rule_tac r'="(=)" in corres_split_deprecated[OF _ corres_select])
prefer 2
apply (rule_tac r'="(=)" in corres_split[OF corres_select])
apply clarsimp
apply simp
apply (rule corres_split_deprecated[OF _ user_memory_update_corres_C])
apply (rule corres_split_deprecated[OF _ device_update_corres_C,
apply (rule corres_split[OF user_memory_update_corres_C])
apply (rule corres_split[OF device_update_corres_C,
where R="\<top>\<top>" and R'="\<top>\<top>"])
apply (wp select_wp | simp)+
apply (intro conjI allI ballI impI)

43
proof/crefine/ARM_HYP/Refine_C.thy
View File

@ -721,22 +721,18 @@ lemma entry_corres_C:
(kernelEntry e uc) (kernelEntry_C fp e uc)"
apply (simp add: kernelEntry_C_def kernelEntry_def getCurThread_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
prefer 2
apply (rule corres_split[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply simp
apply (rule setTCBContext_C_corres)
apply (simp add: ccontext_rel_to_C)
apply simp
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule corres_cases[where R=fp], simp_all add: dc_def[symmetric])[1]
apply (rule callKernel_withFastpath_corres_C, simp)
apply (rule callKernel_corres_C[unfolded dc_def], simp)
apply (rule corres_split_deprecated [where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
prefer 2
apply (rule corres_split[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def)
apply (rule getContext_corres, simp)
apply (wp threadSet_all_invs_triv' callKernel_cur)+
@ -912,21 +908,17 @@ lemma do_user_op_corres_C:
(doUserOp f tc) (doUserOp_C f tc)"
apply (simp only: doUserOp_C_def doUserOp_def split_def)
apply (rule corres_guard_imp)
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: simpler_gets_def getCurThread_def
corres_underlying_def rf_sr_def cstate_relation_def Let_def)
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: cstate_to_A_def absKState_def
rf_sr_def cstate_to_H_correct ptable_lift_def)
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: cstate_to_A_def absKState_def
rf_sr_def cstate_to_H_correct ptable_rights_def)
apply (rule_tac P=pspace_distinct' and P'=\<top> and r'="(=)"
in corres_split_deprecated)
prefer 2
in corres_split)
apply clarsimp
apply (rule fun_cong[where x=ptrFromPAddr])
apply (rule_tac f=comp in arg_cong)
@ -935,34 +927,29 @@ lemma do_user_op_corres_C:
cpspace_relation_def)
apply assumption
apply (rule_tac P=pspace_distinct' and P'=\<top> and r'="(=)"
in corres_split_deprecated)
prefer 2
in corres_split)
apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def
cpspace_relation_def)
apply (drule(1) device_mem_C_relation[symmetric])
apply (simp add: comp_def)
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: cstate_relation_def rf_sr_def
Let_def cmachine_state_relation_def)
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp add: corres_underlying_def fail_def
assert_def return_def
split:if_splits)
apply simp
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp add: corres_underlying_def fail_def
assert_def return_def
split:if_splits)
apply simp
apply (rule_tac r'="(=)" in corres_split_deprecated[OF _ corres_select])
prefer 2
apply (rule_tac r'="(=)" in corres_split[OF corres_select])
apply clarsimp
apply simp
apply (rule corres_split_deprecated[OF _ user_memory_update_corres_C])
apply (rule corres_split_deprecated[OF _ device_update_corres_C,
apply (rule corres_split[OF user_memory_update_corres_C])
apply (rule corres_split[OF device_update_corres_C,
where R="\<top>\<top>" and R'="\<top>\<top>"])
apply (wp select_wp | simp)+
apply (intro conjI allI ballI impI)

43
proof/crefine/RISCV64/Refine_C.thy
View File

@ -687,22 +687,18 @@ lemma entry_corres_C:
(kernelEntry e uc) (kernelEntry_C fp e uc)"
apply (simp add: kernelEntry_C_def kernelEntry_def getCurThread_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
prefer 2
apply (rule corres_split[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule setTCBContext_C_corres, rule ccontext_rel_to_C, simp)
apply simp
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
(* FIXME: fastpath
apply (rule corres_cases[where R=fp], simp_all add: dc_def[symmetric])[1]
apply (rule callKernel_withFastpath_corres_C, simp)
*)
apply (rule callKernel_corres_C[unfolded dc_def], simp)
apply (rule corres_split_deprecated [where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
prefer 2
apply (rule corres_split[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def)
apply (rule getContext_corres[unfolded o_def], simp)
apply (wp threadSet_all_invs_triv' callKernel_cur)+
@ -878,21 +874,17 @@ lemma do_user_op_corres_C:
(doUserOp f tc) (doUserOp_C f tc)"
apply (simp only: doUserOp_C_def doUserOp_def split_def)
apply (rule corres_guard_imp)
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: simpler_gets_def getCurThread_def
corres_underlying_def rf_sr_def cstate_relation_def Let_def)
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: cstate_to_A_def absKState_def
rf_sr_def cstate_to_H_correct ptable_lift_def)
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: cstate_to_A_def absKState_def
rf_sr_def cstate_to_H_correct ptable_rights_def)
apply (rule_tac P=pspace_distinct' and P'=\<top> and r'="(=)"
in corres_split_deprecated)
prefer 2
in corres_split)
apply clarsimp
apply (rule fun_cong[where x=ptrFromPAddr])
apply (rule_tac f=comp in arg_cong)
@ -901,34 +893,29 @@ lemma do_user_op_corres_C:
cpspace_relation_def)
apply assumption
apply (rule_tac P=pspace_distinct' and P'=\<top> and r'="(=)"
in corres_split_deprecated)
prefer 2
in corres_split)
apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def
cpspace_relation_def)
apply (drule(1) device_mem_C_relation[symmetric])
apply (simp add: comp_def)
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: cstate_relation_def rf_sr_def
Let_def cmachine_state_relation_def)
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp add: corres_underlying_def fail_def
assert_def return_def
split:if_splits)
apply simp
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp add: corres_underlying_def fail_def
assert_def return_def
split:if_splits)
apply simp
apply (rule_tac r'="(=)" in corres_split_deprecated[OF _ corres_select])
prefer 2
apply (rule_tac r'="(=)" in corres_split[OF corres_select])
apply clarsimp
apply simp
apply (rule corres_split_deprecated[OF _ user_memory_update_corres_C])
apply (rule corres_split_deprecated[OF _ device_update_corres_C,
apply (rule corres_split[OF user_memory_update_corres_C])
apply (rule corres_split[OF device_update_corres_C,
where R="\<top>\<top>" and R'="\<top>\<top>"])
apply (wp select_wp | simp)+
apply (intro conjI allI ballI impI)

2
proof/crefine/RISCV64/VSpace_C.thy
View File

@ -250,7 +250,7 @@ lemma handleVMFault_ccorres:
prefer 3 apply simp
apply (simp add: handleVMFault_def handleVMFault'_def liftE_bindE condition_const
ucast_ucast_mask bind_assoc)
apply (rule corres_split_deprecated[OF _ read_stval_ccorres[ac]], drule sym, clarsimp)
apply (rule corres_split[OF read_stval_ccorres[ac]], drule sym, clarsimp)
apply (wpc; simp add: vm_fault_type_from_H_def vm_fault_defs_C
true_def false_def bind_assoc)
apply (rule returnVMFault_corres;

43
proof/crefine/X64/Refine_C.thy
View File

@ -687,22 +687,18 @@ lemma entry_corres_C:
(kernelEntry e uc) (kernelEntry_C fp e uc)"
apply (simp add: kernelEntry_C_def kernelEntry_def getCurThread_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
prefer 2
apply (rule corres_split[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule setTCBContext_C_corres, rule ccontext_rel_to_C, simp)
apply simp
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
(* FIXME: fastpath
apply (rule corres_cases[where R=fp], simp_all add: dc_def[symmetric])[1]
apply (rule callKernel_withFastpath_corres_C, simp)
*)
apply (rule callKernel_corres_C[unfolded dc_def], simp)
apply (rule corres_split_deprecated [where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
prefer 2
apply (rule corres_split[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def)
apply (rule getContext_corres[unfolded o_def], simp)
apply (wp threadSet_all_invs_triv' callKernel_cur)+
@ -878,21 +874,17 @@ lemma do_user_op_corres_C:
(doUserOp f tc) (doUserOp_C f tc)"
apply (simp only: doUserOp_C_def doUserOp_def split_def)
apply (rule corres_guard_imp)
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: simpler_gets_def getCurThread_def
corres_underlying_def rf_sr_def cstate_relation_def Let_def)
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: cstate_to_A_def absKState_def
rf_sr_def cstate_to_H_correct ptable_lift_def)
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: cstate_to_A_def absKState_def
rf_sr_def cstate_to_H_correct ptable_rights_def)
apply (rule_tac P=pspace_distinct' and P'=\<top> and r'="(=)"
in corres_split_deprecated)
prefer 2
in corres_split)
apply clarsimp
apply (rule fun_cong[where x=ptrFromPAddr])
apply (rule_tac f=comp in arg_cong)
@ -901,34 +893,29 @@ lemma do_user_op_corres_C:
cpspace_relation_def)
apply assumption
apply (rule_tac P=pspace_distinct' and P'=\<top> and r'="(=)"
in corres_split_deprecated)
prefer 2
in corres_split)
apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def
cpspace_relation_def)
apply (drule(1) device_mem_C_relation[symmetric])
apply (simp add: comp_def)
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=valid_state' and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp: cstate_relation_def rf_sr_def
Let_def cmachine_state_relation_def)
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp add: corres_underlying_def fail_def
assert_def return_def
split:if_splits)
apply simp
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp add: corres_underlying_def fail_def
assert_def return_def
split:if_splits)
apply simp
apply (rule_tac r'="(=)" in corres_split_deprecated[OF _ corres_select])
prefer 2
apply (rule_tac r'="(=)" in corres_split[OF corres_select])
apply clarsimp
apply simp
apply (rule corres_split_deprecated[OF _ user_memory_update_corres_C])
apply (rule corres_split_deprecated[OF _ device_update_corres_C,
apply (rule corres_split[OF user_memory_update_corres_C])
apply (rule corres_split[OF device_update_corres_C,
where R="\<top>\<top>" and R'="\<top>\<top>"])
apply (wp select_wp | simp)+
apply (intro conjI allI ballI impI)

4
proof/crefine/X64/VSpace_C.thy
View File

@ -279,8 +279,8 @@ lemma handleVMFault_ccorres:
prefer 3 apply simp
apply (simp add: handleVMFault_def handleVMFault'_def liftE_bindE condition_const
ucast_ucast_mask bind_assoc)
apply (rule corres_split_deprecated[OF _ getFaultAddr_ccorres[ac]], drule sym, clarsimp)
apply (rule corres_split_deprecated[OF _ getRegister_ccorres[ac]], drule sym, clarsimp)
apply (rule corres_split[OF getFaultAddr_ccorres[ac]], drule sym, clarsimp)
apply (rule corres_split[OF getRegister_ccorres[ac]], drule sym, clarsimp)
apply (wpc; simp add: vm_fault_type_from_H_def X86InstructionFault_def X86DataFault_def
true_def false_def bind_assoc)
apply (rule returnVMFault_corres;

6
proof/crefine/autocorres-test/AutoCorresTest.thy
View File

@ -103,8 +103,8 @@ lemma (* handleYield_ccorres: *)
using tcbSchedDequeue'_modifies apply (fastforce simp: NonDetMonad.valid_def)
apply (subst double_gets_drop_regets)
apply (rule corres_pre_getCurThread_wrapper)
apply (rule corres_split_deprecated[OF _ tcbSchedDequeue_ccorres[ac]])
apply (rule corres_split_deprecated[OF _ tcbSchedAppend_ccorres[ac]])
apply (rule corres_split[OF tcbSchedDequeue_ccorres[ac]])
apply (rule corres_split[OF tcbSchedAppend_ccorres[ac]])
apply (rule rescheduleRequired_ccorres[ac])
apply (solves \<open>wp tcbSchedAppend_valid_objs' weak_sch_act_wf_lift
tcbSchedDequeue_valid_queues
@ -204,7 +204,7 @@ lemma (* handleDoubleFault_ccorres: *)
prefer 3 apply simp
apply (unfold handleDoubleFault_def handleDoubleFault'_def K_bind_def)
apply (rule corres_add_noop_rhs2) \<comment> \<open>split out extra haskell code\<close>
apply (rule corres_split_deprecated[OF _ setThreadState_ccorres[ac]])
apply (rule corres_split[OF setThreadState_ccorres[ac]])
apply (rule corres_symb_exec_l_no_exs)
apply simp
apply (rule conjI)

56
proof/drefine/Arch_DR.thy
View File

@ -148,7 +148,7 @@ lemma dcorres_lookup_pt_slot:
apply (clarsimp simp:cdl_lookup_pt_slot_def
lookup_pt_slot_def liftE_bindE dcorres_lookup_pd_slot)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_get_pde])
apply (rule corres_split[OF dcorres_get_pde])
apply (rule_tac F = "case rv' of ARM_A.pde.PageTablePDE ptab x xa \<Rightarrow>
is_aligned (ptrFromPAddr ptab) 10 | _ \<Rightarrow> True"
in corres_gen_asm2)
@ -1139,14 +1139,14 @@ lemma invoke_page_table_corres:
apply (rename_tac word oref attribs)
apply (clarsimp simp: is_pt_cap_def valid_pti_def make_arch_duplicate_def)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated [OF _ set_cap_corres])
apply (rule corres_split[OF set_cap_corres])
apply (rule corres_split_noop_rhs2)
apply (rule dcorres_machine_op_noop)
apply wp
apply simp
apply (simp add:insert_cap_orphan_def)
apply (rule corres_add_noop_rhs)
apply (rule corres_split_deprecated[OF _ gets_the_noop_dcorres])
apply (rule corres_split[OF gets_the_noop_dcorres])
apply (rule corres_assert_lhs)
apply (rule_tac F ="ucast (word && mask pd_bits >> 2) \<notin> kernel_mapping_slots" in corres_gen_asm2)
apply (rule store_pde_set_cap_corres)
@ -1173,7 +1173,7 @@ lemma invoke_page_table_corres:
apply (case_tac asid)
apply (clarsimp simp: liftM_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac P="\<lambda>y s. cte_wp_at ((=) x) (a,b) s \<and> s = s'" in set_cap_corres_stronger)
apply clarsimp
apply (drule cte_wp_at_eqD2, simp)
@ -1186,11 +1186,11 @@ lemma invoke_page_table_corres:
apply (simp add:get_cap_caps_of_state)+
apply (clarsimp simp:bind_assoc liftM_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_unmap_page_table])
apply (rule corres_split[OF dcorres_unmap_page_table])
apply (rule_tac a2 = a and b2 = b and option2 = "Some (aa,ba)" in
corres_split_deprecated[OF _ corres_alternate1[OF dcorres_clear_object_caps_pt]])
corres_split[OF corres_alternate1[OF dcorres_clear_object_caps_pt]])
apply (rule dcorres_symb_exec_r)
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac P="\<lambda>y s. cte_wp_at ((=) xb) (a,b) s \<and>
caps_of_state s' = caps_of_state s" in set_cap_corres_stronger)
apply (clarsimp simp:cte_wp_at_caps_of_state)
@ -1466,15 +1466,15 @@ lemma invoke_page_corres:
apply (clarsimp simp: mapM_x_singleton)
apply (simp add:page_inv_duplicates_valid_def split:if_splits)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ set_cap_corres])
apply (rule corres_split[OF set_cap_corres])
apply (rule corres_bind_return_r, rule corres_rel_imp[rotated], simp)
apply (rule corres_dummy_return_pl[where b ="()"])
apply (rule corres_split_deprecated[OF _ pte_check_if_mapped_corres])
apply (rule corres_split[OF pte_check_if_mapped_corres])
apply (simp split del: if_split)
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF _ store_pte_set_cap_corres])
apply (rule corres_split[OF store_pte_set_cap_corres])
apply (rule corres_dummy_return_l)
apply (rule_tac corres_split_deprecated[OF _ dcorres_store_invalid_pte_tail_large_page])
apply (rule_tac corres_split[OF dcorres_store_invalid_pte_tail_large_page])
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF if_invalidate_equiv_return])
apply (rule wp_to_dcorres[where Q=\<top>])
@ -1486,15 +1486,15 @@ lemma invoke_page_corres:
apply (clarsimp simp:is_arch_update_def is_arch_cap_def cap_master_cap_def split:cap.split_asm)
apply (clarsimp simp:mapM_x_singleton)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ set_cap_corres])
apply (rule corres_split[OF set_cap_corres])
apply (rule corres_bind_return_r, rule corres_rel_imp[rotated], simp)
apply (rule corres_dummy_return_pl[where b="()"])
apply (rule corres_split_deprecated[OF _ pde_check_if_mapped_corres])
apply (rule corres_split[OF pde_check_if_mapped_corres])
apply (simp split del: if_split)
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF _ store_pde_set_cap_corres])
apply (rule corres_split[OF store_pde_set_cap_corres])
apply (rule corres_dummy_return_l)
apply (rule_tac corres_split_deprecated[OF _ dcorres_store_invalid_pde_tail_super_section])
apply (rule_tac corres_split[OF dcorres_store_invalid_pde_tail_super_section])
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF if_invalidate_equiv_return])
apply (rule wp_to_dcorres[where Q=\<top>])
@ -1515,7 +1515,7 @@ lemma invoke_page_corres:
apply (clarsimp simp: valid_page_inv_def transform_mapping_def liftM_def
split:arch_cap.splits option.splits)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_bind_return_r, rule corres_rel_imp[rotated], simp)
apply (rule_tac P="\<lambda>y s. cte_wp_at ((=) x) (a,b) s \<and> s = s'" in set_cap_corres_stronger)
apply clarsimp
@ -1528,8 +1528,8 @@ lemma invoke_page_corres:
apply (rule sym)
apply (simp add:get_cap_caps_of_state)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_unmap_page])
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF dcorres_unmap_page])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_bind_return_r, rule corres_rel_imp[rotated], simp)
apply (rule_tac P="\<lambda>y s. cte_wp_at ((=) x) (a,b) s \<and>
caps_of_state s' = caps_of_state s"
@ -1650,18 +1650,18 @@ proof -
apply (simp add:arch_invocation_relation_def translate_arch_invocation_def)
apply (cases asid_inv, clarsimp)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ delete_objects_dcorres])
apply (rule corres_split[OF delete_objects_dcorres])
apply (rule corres_symb_exec_r)
apply (rule_tac F = "cdl_cap.UntypedCap False {frame..frame + 2 ^ pageBits - 1} {} =
transform_cap (max_free_index_update pcap)" in corres_gen_asm2)
apply (rule corres_split_deprecated[OF _ set_cap_corres])
apply (rule corres_split[OF set_cap_corres])
apply (rule generate_object_ids_exec[where ty = "ArchObject ASIDPoolObj" and
ptr = frame and us = 0 and sz = pageBits,
unfolded translate_object_type_def ,simplified])
apply (rule corres_split_deprecated [OF _ retype_dc[where ptr = frame and sz = pageBits]])
apply (rule corres_split[OF retype_dc[where ptr = frame and sz = pageBits]])
apply (simp add: retype_addrs_def obj_bits_api_def default_arch_object_def
retype_transform_obj_ref_def)
apply (rule corres_split_deprecated[OF _ insert_dc[unfolded fun_app_def], where R="\<lambda>rv. \<top>"])
apply (rule corres_split[OF insert_dc[unfolded fun_app_def], where R="\<lambda>rv. \<top>"])
apply (rule corres_assert_rhs[where P'=\<top>])
apply (simp add: gets_fold_into_modify dc_def[symmetric])
apply (clarsimp simp: simpler_modify_def put_def bind_def corres_underlying_def)
@ -1796,11 +1796,11 @@ lemma invoke_asid_pool_corres:
translate_arch_invocation_def)
apply (clarsimp simp:cte_wp_at_caps_of_state)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (clarsimp split: cap.splits arch_cap.splits simp: corres_free_fail)
apply (rule dcorres_symb_exec_r)
apply (rule_tac F = "rv = pool" in corres_gen_asm2)
apply (rule corres_split_deprecated[OF _ set_cap_corres])
apply (rule corres_split[OF set_cap_corres])
apply (rule dcorres_set_asid_pool[unfolded fun_upd_def])
apply fastforce
apply (clarsimp simp:transform_asid_pool_entry_def transform_cap_def)+
@ -1823,12 +1823,12 @@ lemma invoke_arch_corres:
apply (simp_all add:arch_invocation_relation_def translate_arch_invocation_def)
apply (clarsimp simp:liftE_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ invoke_page_table_corres])
apply (rule corres_split[OF invoke_page_table_corres])
apply (rule corres_trivial, simp)
apply (wp | clarsimp)+
apply (rule corres_dummy_return_l)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ invoke_page_directory_corres])
apply (rule corres_split[OF invoke_page_directory_corres])
apply (rule corres_trivial[OF corres_free_return])
apply (wp | clarsimp)+
apply (rule corres_guard_imp)
@ -1837,14 +1837,14 @@ lemma invoke_arch_corres:
apply (clarsimp split: asid_control_invocation.split)
apply (rule corres_dummy_return_l)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ invoke_asid_control_corres])
apply (rule corres_split[OF invoke_asid_control_corres])
apply (rule corres_trivial, simp)
apply (simp add: arch_invocation_relation_def translate_arch_invocation_def)
apply (wp | simp)+
apply (clarsimp split: asid_pool_invocation.split)
apply (rule corres_dummy_return_l)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ invoke_asid_pool_corres])
apply (rule corres_split[OF invoke_asid_pool_corres])
apply (rule corres_trivial[OF corres_free_return])
apply (wp | clarsimp simp:arch_invocation_relation_def translate_arch_invocation_def)+
done

48
proof/drefine/CNode_DR.thy
View File

@ -183,12 +183,12 @@ lemma insert_cap_sibling_corres:
cap_insert_ext_def update_cdt_list_def set_cdt_list_modify
cong: option.case_cong)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_cap_corres])+
apply (rule corres_split[OF get_cap_corres])+
apply (rule corres_assert_lhs corres_assert_rhs)+
apply (rule_tac F = "src_cap = transform_cap src_capa" in corres_gen_asm)
apply simp
apply (rule corres_split_deprecated[OF _ dcorres_set_untyped_cap_as_full])
apply (rule corres_split_deprecated[OF _ set_cap_corres[OF refl refl]])
apply (rule corres_split[OF dcorres_set_untyped_cap_as_full])
apply (rule corres_split[OF set_cap_corres[OF refl refl]])
apply (rule dcorres_opt_parent_set_parent_helper)
apply (clarsimp simp:gets_fold_into_modify dc_def[symmetric]
option_return_modify_modify modify_modify bind_assoc
@ -275,7 +275,7 @@ lemma insert_cap_child_corres:
cap_insert_ext_def update_cdt_list_def set_cdt_list_modify
cong: option.case_cong)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_cap_corres])+
apply (rule corres_split[OF get_cap_corres])+
apply (rule_tac P="old_cap \<noteq> cdl_cap.NullCap" and P'="rv' \<noteq> cap.NullCap"
in corres_symmetric_bool_cases)
apply (clarsimp simp :transform_cap_def split:cap.splits arch_cap.splits)
@ -283,8 +283,8 @@ lemma insert_cap_child_corres:
apply (rule corres_trivial)
apply (simp add:corres_free_fail)
apply (simp add:assert_def)
apply (rule corres_split_deprecated[OF _ dcorres_set_untyped_cap_as_full])
apply (rule corres_split_deprecated[OF _ set_cap_corres[OF refl refl]])
apply (rule corres_split[OF dcorres_set_untyped_cap_as_full])
apply (rule corres_split[OF set_cap_corres[OF refl refl]])
apply (rule dcorres_set_parent_helper)
apply (rule_tac P=\<top> and P'="(\<lambda>s. should_be_parent_of src_capa (orig s) cap orig')
and cte_at src and cte_at child
@ -1103,7 +1103,7 @@ lemma dcorres_list_all2_mapM_':
apply simp
apply (clarsimp simp add: mapM_x_def sequence_x_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ y])
apply (rule corres_split[OF y])
apply (clarsimp dest!: suffix_ConsD)
apply (erule meta_allE, (drule(1) meta_mp)+)
apply assumption
@ -1262,7 +1262,7 @@ lemma dcorres_set_asid_pool_empty:
apply (rule dcorres_symb_exec_r)
apply (rule corres_dummy_return_pr)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dummy_remove_cdt_asid_pool_slot])
apply (rule corres_split[OF dummy_remove_cdt_asid_pool_slot])
apply (clarsimp)
apply (rule dcorres_set_asid_pool)
apply fastforce
@ -1352,7 +1352,7 @@ proof (induct ls)
apply (clarsimp simp:ef_storeWord)+
apply (subst corrupt_frame_duplicate[symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_store_word_conservative[where sz = sz]])
apply (rule corres_split[OF dcorres_store_word_conservative[where sz = sz]])
apply (clarsimp)
apply (subst do_machine_op_bind)
apply (rule empty_fail_mapM,clarsimp simp:ef_storeWord)
@ -2031,8 +2031,8 @@ lemma invoke_cnode_corres:
apply (clarsimp simp: transform_cslot_ptr_inj [OF cte_wp_at_cte_at real_cte_at_cte])
apply (simp add: cap_null_reply_case_If case_bool_If)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cur_thread_corres])
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cur_thread_corres])
apply (rule corres_split[OF get_cap_corres])
apply (simp split del: if_split)
apply (rule corres_if_rhs2)
apply (rule corres_trivial, simp)
@ -2149,7 +2149,7 @@ lemma dcorres_ensure_empty:
(CSpace_D.ensure_empty (transform_cslot_ptr slot)) (ensure_empty slot)"
apply (clarsimp simp: CSpace_D.ensure_empty_def ensure_empty_def liftE_bindE unlessE_whenE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_whenE)
apply (simp add:transform_cap_def split:cap.splits arch_cap.splits)
apply (rule dcorres_free_throw)
@ -2169,7 +2169,7 @@ lemma derive_cap_dummy:
apply (simp add: bindE_def)
apply (rule corres_dummy_return_l)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ ensure_no_children_dummy, where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply (rule corres_split[OF ensure_no_children_dummy, where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply (clarsimp simp: corres_underlying_def lift_def return_def split: sum.splits)
apply (fastforce simp: in_monad)
apply wp+
@ -2299,8 +2299,7 @@ lemma dcorres_update_cap_data_bind:
(f' (CSpace_A.update_cap_data b data cap'))"
apply (subst return_bind [symmetric, where f=f'])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule dcorres_update_cap_data, simp)
apply simp
apply assumption
@ -2436,8 +2435,7 @@ lemma decode_cnode_corres:
prefer 2
apply (rule lookup_slot_for_cnode_op_corres, simp_all)[1]
apply (simp add:liftE_bindE)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule get_cap_corres, rule refl)
apply (rule_tac R="src_capa = cap.NullCap" in corres_cases [where P=\<top> and P'=\<top>])
apply (simp add: update_cap_rights_def)
@ -2465,7 +2463,7 @@ lemma decode_cnode_corres:
apply (rule corres_splitEE[OF _ dcorres_ensure_empty])
apply (rule corres_splitEE[OF _ lookup_slot_for_cnode_op_corres])
apply (simp add:liftE_bindE)
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac R="src_capa = cap.NullCap" in corres_cases [where P=\<top> and P'=\<top>])
apply (simp add:update_cap_rights_def
CSpace_D.update_cap_data_def)
@ -2509,8 +2507,7 @@ lemma decode_cnode_corres:
prefer 2
apply (rule lookup_slot_for_cnode_op_corres, simp_all)[1]
apply (simp add:liftE_bindE)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule get_cap_corres, rule refl)
apply (rule_tac R="src_capa = cap.NullCap" in corres_cases [where P=\<top> and P'=\<top>])
apply simp
@ -2526,7 +2523,7 @@ lemma decode_cnode_corres:
apply (rule corres_splitEE[OF _ dcorres_ensure_empty])
apply (rule corres_splitEE[OF _ lookup_slot_for_cnode_op_corres])
apply (simp add:liftE_bindE)
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac R="src_capa = cap.NullCap" in corres_cases [where P=\<top> and P'=\<top>])
apply (simp add:update_cap_rights_def
CSpace_D.update_cap_data_def)
@ -2588,8 +2585,7 @@ lemma decode_cnode_corres:
prefer 2
apply (rule lookup_slot_for_cnode_op_corres, simp_all)[1]
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule get_cap_corres, rule refl)
apply (rule corres_splitEE)
prefer 2
@ -2639,16 +2635,14 @@ lemma decode_cnode_corres:
apply simp
apply simp
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule get_cap_corres, rule refl)
apply (rule corres_splitEE)
prefer 2
apply (rule corres_whenE [where r=dc], simp)
apply (rule dcorres_throw)
apply simp
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule get_cap_corres, rule refl)
apply (rule corres_splitEE)
prefer 2

68
proof/drefine/Finalise_DR.thy
View File

@ -390,10 +390,10 @@ lemma finalise_cancel_ipc:
apply (rule corres_symb_exec_r)
apply (rule corres_symb_exec_r)
apply (rule corres_dummy_return_pl)
apply (rule corres_split_deprecated[ OF _ corres_dummy_set_sync_ep])
apply (rule corres_split[OF corres_dummy_set_sync_ep])
apply clarsimp
apply (rule corres_dummy_return_pr)
apply (rule corres_split_deprecated [OF _ dcorres_revoke_cap_unnecessary])
apply (rule corres_split[OF dcorres_revoke_cap_unnecessary])
apply (simp add: when_def dc_def[symmetric])
apply (rule set_thread_state_corres)
apply (wp sts_only_idle sts_st_tcb_at' valid_ep_queue_subset
@ -411,10 +411,10 @@ lemma finalise_cancel_ipc:
apply (rule corres_symb_exec_r)
apply (rule corres_symb_exec_r)
apply (rule corres_dummy_return_pl)
apply (rule corres_split_deprecated[ OF _ corres_dummy_set_sync_ep])
apply (rule corres_split[OF corres_dummy_set_sync_ep])
apply clarsimp
apply (rule corres_dummy_return_pr)
apply (rule corres_split_deprecated [OF _ dcorres_revoke_cap_unnecessary])
apply (rule corres_split[OF dcorres_revoke_cap_unnecessary])
unfolding K_bind_def
apply (rule set_thread_state_corres)
apply (wp sts_only_idle sts_st_tcb_at' valid_ep_queue_subset
@ -428,7 +428,7 @@ lemma finalise_cancel_ipc:
apply (rule tcb_at_cte_at_2,clarsimp simp:tcb_at_def dest!:get_tcb_rev,simp)
apply (simp add:reply_cancel_ipc_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ thread_set_fault_corres])
apply (rule corres_split[OF thread_set_fault_corres])
apply (rule corres_symb_exec_r)
apply (simp add: revoke_cap_simple.simps)
apply (subst transform_tcb_slot_simp[symmetric])
@ -442,10 +442,10 @@ lemma finalise_cancel_ipc:
apply (rule_tac Q'="\<lambda>r. valid_ntfn r and (=) s'" in corres_symb_exec_r)
apply (rule corres_symb_exec_r)
apply (rule corres_dummy_return_pl)
apply (rule corres_split_deprecated[ OF _ corres_dummy_set_notification])
apply (rule corres_split[OF corres_dummy_set_notification])
unfolding K_bind_def
apply (rule corres_dummy_return_pr)
apply (rule corres_split_deprecated[OF _ dcorres_revoke_cap_unnecessary])
apply (rule corres_split[OF dcorres_revoke_cap_unnecessary])
unfolding K_bind_def
apply (rule set_thread_state_corres)
including no_pre
@ -480,7 +480,7 @@ lemma dcorres_deleting_irq_handler:
(CSpace_A.deleting_irq_handler word)"
apply (simp add:CSpace_D.deleting_irq_handler_def CSpace_A.deleting_irq_handler_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_get_irq_slot])
apply (rule corres_split[OF dcorres_get_irq_slot])
apply (simp, rule delete_cap_simple_corres,simp)
apply (rule hoare_vcg_precond_imp [where Q="invs and valid_etcbs"])
including no_pre
@ -825,7 +825,7 @@ lemma flush_table_exec:
"\<lbrakk>dcorres dc R (Q rv) h (g rv); \<lbrace>P\<rbrace> flush_table aa a b word \<lbrace>Q\<rbrace>\<rbrakk>\<Longrightarrow>dcorres dc R P h ((flush_table aa a b word) >>= g)"
apply (rule corres_dummy_return_pl)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_flush_table])
apply (rule corres_split[OF dcorres_flush_table])
apply (simp|wp)+
done
@ -1059,7 +1059,7 @@ lemma remove_cdt_pt_slot_exec:
(remove_parent (a ,aptr) >>= g) f"
apply (rule corres_dummy_return_pr)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dummy_remove_cdt_pt_slot])
apply (rule corres_split[OF dummy_remove_cdt_pt_slot])
apply (rule_tac F="rv = ()" in corres_gen_asm)
unfolding K_bind_def
apply clarsimp
@ -1076,7 +1076,7 @@ lemma remove_cdt_pd_slot_exec:
(remove_parent (a ,aptr) >>= g) f"
apply (rule corres_dummy_return_pr)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dummy_remove_cdt_pd_slot])
apply (rule corres_split[OF dummy_remove_cdt_pd_slot])
unfolding K_bind_def
apply (simp|wp)+
done
@ -1088,7 +1088,7 @@ lemma remove_cdt_asid_pool_slot_exec:
(remove_parent (a ,aptr) >>= g) f"
apply (rule corres_dummy_return_pr)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dummy_remove_cdt_asid_pool_slot])
apply (rule corres_split[OF dummy_remove_cdt_asid_pool_slot])
unfolding K_bind_def
apply (simp|wp)+
done
@ -1618,9 +1618,9 @@ lemma dcorres_store_invalid_pde_tail_super_section:
apply (rule corres_guard_imp)
apply (simp add:mapM_Cons dc_def[symmetric])
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF _ dcorres_store_pde_non_sense])
apply (rule corres_split[OF dcorres_store_pde_non_sense])
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF _ Cons.hyps[unfolded swp_def]])
apply (rule corres_split[OF Cons.hyps[unfolded swp_def]])
apply (rule corres_free_return[where P=\<top> and P'=\<top>])
apply wp+
apply simp
@ -1658,9 +1658,9 @@ lemma dcorres_store_invalid_pte_tail_large_page:
apply (rule corres_guard_imp)
apply (simp add:mapM_Cons dc_def[symmetric])
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF _ dcorres_store_pte_non_sense])
apply (rule corres_split[OF dcorres_store_pte_non_sense])
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF _ Cons.hyps[unfolded swp_def]])
apply (rule corres_split[OF Cons.hyps[unfolded swp_def]])
apply (rule corres_free_return[where P=\<top> and P'=\<top>])
apply wp+
apply simp
@ -1711,7 +1711,7 @@ lemma dcorres_unmap_large_section:
apply (rule corres_guard_imp)
apply (simp add:transform_pd_slot_ref_def)
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF _ dcorres_store_invalid_pde_super_section[where pg_id = pg_id]])
apply (rule corres_split[OF dcorres_store_invalid_pde_super_section[where pg_id = pg_id]])
apply(rule corres_dummy_return_l)
apply (rule_tac r'=dc in corres_split_deprecated[OF corres_free_return[where P=\<top> and P'=\<top>]])
apply (rule dcorres_store_invalid_pde_tail_super_section[where slot = ptr])
@ -1833,7 +1833,7 @@ lemma dcorres_unmap_large_page:
apply (simp add:upto_enum_step_def transform_pt_slot_ref_def upto_enum_def hd_map_simp)+
apply (rule corres_guard_imp)
apply(rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF _ dcorres_store_invalid_pte[where pg_id = pg_id]])
apply (rule corres_split[OF dcorres_store_invalid_pte[where pg_id = pg_id]])
apply(rule corres_dummy_return_l)
apply (rule_tac r'=dc in corres_split_deprecated[OF corres_free_return[where P=\<top> and P'=\<top>]])
apply (rule dcorres_store_invalid_pte_tail_large_page[where slot = ptr])
@ -2144,7 +2144,7 @@ lemma dcorres_page_table_mapped:
apply (rule corres_splitEE[OF _ dcorres_find_pd_for_asid])
apply (rule_tac F =" is_aligned pda 14" in corres_gen_asm2)
apply (clarsimp simp:liftE_bindE dcorres_lookup_pd_slot)
apply (rule corres_split_deprecated[OF _ dcorres_get_pde])
apply (rule corres_split[OF dcorres_get_pde])
apply (case_tac rv')
apply (simp add:transform_pde_def)
apply (rule dcorres_returnOk,simp)
@ -2209,7 +2209,7 @@ lemma dcorres_unmap_page_table:
supply option.case_cong[cong]
apply (simp add: unmap_page_table_def PageTableUnmap_D.unmap_page_table_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_page_table_mapped])
apply (rule corres_split[OF dcorres_page_table_mapped])
apply (rule dcorres_option[where P = \<top>])
apply simp
apply (simp add: dc_def[symmetric])
@ -2577,14 +2577,14 @@ lemma dcorres_finalise_cap:
apply (clarsimp simp:invs_def valid_state_def)+
apply (rule corres_rel_imp)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF dcorres_cancel_all_signals dcorres_unbind_maybe_notification])
apply (rule corres_split[OF dcorres_unbind_maybe_notification dcorres_cancel_all_signals])
apply (wp unbind_maybe_notification_valid_etcbs | simp | wpc)+
apply ((clarsimp simp:invs_def valid_state_def)+)[2]
apply (simp add:IpcCancel_A.suspend_def bind_assoc)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_unbind_notification])
apply (rule corres_split_deprecated[OF _ finalise_cancel_ipc])
apply (rule corres_split[OF dcorres_unbind_notification])
apply (rule corres_split[OF finalise_cancel_ipc])
apply (rule dcorres_symb_exec_r[OF _ gts_inv gts_inv])
apply (rule dcorres_rhs_noop_above)
apply (case_tac "rv = Running"; simp)
@ -2608,7 +2608,7 @@ lemma dcorres_finalise_cap:
apply (simp add:not_idle_thread_def)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_deleting_irq_handler])
apply (rule corres_split[OF dcorres_deleting_irq_handler])
apply (rule iffD2[OF corres_return[where P=\<top> and P'=\<top>]])
apply (clarsimp simp:transform_cap_def)
apply (wp|clarsimp)+
@ -2620,7 +2620,7 @@ lemma dcorres_finalise_cap:
\<comment> \<open>arch_cap.ASIDPoolCap\<close>
apply (rule corres_guard_imp)
apply (simp add:transform_asid_def)
apply (rule corres_split_deprecated[OF _ dcorres_delete_asid_pool])
apply (rule corres_split[OF dcorres_delete_asid_pool])
apply (rule iffD2[OF corres_return[where P=\<top> and P'=\<top>]])
apply (clarsimp simp:transform_cap_def)
apply (wp|clarsimp)+
@ -2629,7 +2629,7 @@ lemma dcorres_finalise_cap:
apply (simp add:transform_mapping_def)
apply (clarsimp simp:transform_mapping_def)
apply (rule corres_guard_imp)
apply (rule_tac corres_split_deprecated[OF _ dcorres_unmap_page])
apply (rule_tac corres_split[OF dcorres_unmap_page])
apply (rule iffD2[OF corres_return[where P=\<top> and P'=\<top>]])
apply (clarsimp simp:transform_cap_def)
apply (wp | clarsimp )+
@ -2638,7 +2638,7 @@ lemma dcorres_finalise_cap:
apply (clarsimp simp:transform_mapping_def split:option.splits)
apply (rule dcorres_expand_pfx)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_unmap_page_table])
apply (rule corres_split[OF dcorres_unmap_page_table])
apply (rule iffD2[OF corres_return[where P=\<top> and P'=\<top>]])
apply (clarsimp simp:transform_cap_def)
apply ((wp|clarsimp )+)[4]
@ -2648,7 +2648,7 @@ lemma dcorres_finalise_cap:
apply (wp|clarsimp)+
apply (rule conjI | clarsimp split:option.splits)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_delete_asid])
apply (rule corres_split[OF dcorres_delete_asid])
apply (rule iffD2[OF corres_return[where P=\<top> and P'=\<top>]])
apply (clarsimp simp:transform_cap_def)
apply (wp|clarsimp split:option.splits)+
@ -2984,7 +2984,7 @@ lemma swap_for_delete_corres:
apply (rule corres_gen_asm2)
apply (simp add: swap_for_delete_def cap_swap_for_delete_def when_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_cap_corres[OF refl]])+
apply (rule corres_split[OF get_cap_corres[OF refl]])+
apply simp
apply (rule swap_cap_corres)
apply (wp get_cap_wp)+
@ -3521,7 +3521,7 @@ next
apply (rule monadic_rewrite_bind_head)
apply (rule finalise_slot_inner1_add_if_Null[unfolded split_def])
apply (simp add: bind_assoc if_to_top_of_bind)
apply (rule corres_split_deprecated[OF _ get_cap_corres[OF refl]])
apply (rule corres_split[OF get_cap_corres[OF refl]])
apply (rename_tac cap)
apply (rule corres_cutMon)
apply (simp add: if_to_top_of_bindE cutMon_walk_if
@ -3539,11 +3539,11 @@ next
apply (rule corres_cutMon)
apply (simp add: cutMon_walk_bind del: fst_conv)
apply (rule corres_drop_cutMon_bind)
apply (rule corres_split_deprecated [OF _ is_final_cap_corres[OF refl]])
apply (rule corres_split[OF is_final_cap_corres[OF refl]])
apply (rule corres_cutMon)
apply (simp add: cutMon_walk_bind del: fst_conv)
apply (rule corres_drop_cutMon_bind)
apply (rule corres_split_deprecated[OF _ dcorres_finalise_cap[where slot=slot]])
apply (rule corres_split[OF dcorres_finalise_cap[where slot=slot]])
apply (rename_tac fin fin')
apply (rule corres_cutMon)
apply (simp(no_asm) add: cutMon_walk_if)
@ -3578,7 +3578,7 @@ next
apply (rule monadic_rewrite_bind_tail)
apply (rule monadic_trancl_preemptible_return)
apply wp+
apply (rule corres_split_deprecated[OF _ set_cap_corres])
apply (rule corres_split[OF set_cap_corres])
apply (rule corres_underlying_gets_pre_lhs)
apply (rule corres_trivial, simp add: returnOk_liftE)
apply (wp | simp)+
@ -3587,7 +3587,7 @@ next
apply (rule monadic_rewrite_pick_alternative_2)
apply (simp add: cutMon_walk_bind)
apply (rule corres_drop_cutMon_bind)
apply (rule corres_split_deprecated[OF _ set_cap_corres])
apply (rule corres_split[OF set_cap_corres])
apply (rule_tac P="dcorres r P P' f" for r P P' f in subst)
apply (rule_tac f="\<lambda>_. ()" in gets_bind_ign)
apply (rule_tac r'="\<lambda>rv rv'. transform_cslot_ptr `

14
proof/drefine/Interrupt_DR.thy
View File

@ -301,7 +301,7 @@ lemma handle_interrupt_corres_branch:
od)"
apply (rule corres_dummy_return_pl)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_machine_op_noop])
apply (rule corres_split[OF dcorres_machine_op_noop])
apply (clarsimp simp:dc_def[symmetric])
apply (rule dcorres_machine_op_noop)
apply (wp|clarsimp)+
@ -362,9 +362,9 @@ lemma handle_interrupt_corres:
apply (clarsimp split:irq_state.splits simp:corres_free_fail | rule conjI)+
apply (simp add:Interrupt_D.handle_interrupt_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule_tac Q'="(=) s'" in corres_split_deprecated[OF _ dcorres_get_irq_slot])
apply (rule_tac Q'="(=) s'" in corres_split[OF dcorres_get_irq_slot])
apply (rule_tac R'="\<lambda>rv. (\<lambda>s. (is_ntfn_cap rv \<longrightarrow> ntfn_at (obj_ref_of rv) s)) and invs and valid_etcbs"
in corres_split_deprecated[OF _ option_get_cap_corres])
in corres_split[OF option_get_cap_corres])
apply (case_tac rv'a)
prefer 4
apply (simp_all add:when_def)
@ -506,7 +506,7 @@ lemma dcorres_arch_invoke_irq_control:
apply (simp add: liftE_bindE)
apply (rule corres_dummy_return_pl)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ dmo_setIRQTrigger_dcorres])
apply (rule corres_split[OF dmo_setIRQTrigger_dcorres])
apply clarsimp
apply (rule dcorres_invoke_irq_control_body)
apply wpsimp+
@ -608,10 +608,10 @@ lemma dcorres_invoke_irq_handler:
apply (rule dcorres_expand_pfx)
apply (clarsimp dest!:is_ntfn_capD simp:valid_cap_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_get_irq_slot])
apply (rule corres_split[OF dcorres_get_irq_slot])
apply (rule_tac F="irq_slot\<noteq> (a,b)" in corres_gen_asm2)
apply simp
apply (rule corres_split_deprecated[OF _ delete_cap_simple_corres])
apply (rule corres_split[OF delete_cap_simple_corres])
apply (subst alternative_com)
apply (rule dcorres_insert_cap_combine,simp)
apply wp
@ -635,7 +635,7 @@ lemma dcorres_invoke_irq_handler:
(* ClearIRQHandler *)
apply (clarsimp simp: Interrupt_D.invoke_irq_handler_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_get_irq_slot])
apply (rule corres_split[OF dcorres_get_irq_slot])
apply (clarsimp)
apply (rule delete_cap_simple_corres)
apply (wp get_irq_slot_not_idle_wp,clarsimp)+

70
proof/drefine/Ipc_DR.thy
View File

@ -489,7 +489,7 @@ lemma corres_update_waiting_ntfn_do_notification_transfer:
apply (simp add:generates_pending_def)
apply (rule corres_guard_imp)
apply (rule dcorres_dc_rhs_noop_below_2_True[OF allI[OF possible_switch_to_dcorres]])
apply (rule corres_split_deprecated[OF _ set_thread_state_corres])
apply (rule corres_split[OF set_thread_state_corres])
apply (rule set_register_corres)
apply (wp)+
apply simp
@ -565,7 +565,7 @@ lemma recv_signal_corres:
apply (rule corres_guard_imp)
apply (rule corres_alternate1)
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF _ set_thread_state_block_on_notification_corres])
apply (rule corres_split[OF set_thread_state_block_on_notification_corres])
apply (rule corres_dummy_set_notification,simp)
apply (wp|simp)+
apply (clarsimp simp:st_tcb_at_def tcb_at_def obj_at_def get_tcb_rev)
@ -582,7 +582,7 @@ lemma recv_signal_corres:
apply (rule corres_guard_imp)
apply (rule corres_alternate1)
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF _ set_thread_state_block_on_notification_corres])
apply (rule corres_split[OF set_thread_state_block_on_notification_corres])
apply (rule corres_dummy_set_notification,simp)
apply (wp|simp)+
apply (clarsimp simp:st_tcb_at_def tcb_at_def obj_at_def get_tcb_rev)
@ -598,7 +598,7 @@ lemma recv_signal_corres:
apply (rule corres_alternate2)
apply (rule corres_guard_imp )
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF corres_dummy_set_notification set_register_corres])
apply (rule corres_split[OF set_register_corres corres_dummy_set_notification])
apply (wp |clarsimp)+
apply (rule_tac Q="\<lambda>r. ko_at (kernel_object.Notification r) word1 and valid_state" in hoare_strengthen_post)
apply (wp get_simple_ko_ko_at | clarsimp)+
@ -671,7 +671,7 @@ lemma dcorres_dat:
apply clarsimp
apply (rule corres_guard_imp)
apply (rule dcorres_dc_rhs_noop_below_2_True[OF allI[OF possible_switch_to_dcorres]])
apply (rule corres_split_deprecated[OF _ set_thread_state_corres])
apply (rule corres_split[OF set_thread_state_corres])
apply (rule set_register_corres)
apply (wp)+
apply simp
@ -887,9 +887,9 @@ lemma send_signal_corres:
apply (rule corres_symb_exec_r)
apply (rule corres_symb_exec_r)
apply (rule corres_dummy_return_pl)
apply (rule corres_split_deprecated[ OF _ corres_dummy_set_sync_ep])
apply (rule corres_split[OF corres_dummy_set_sync_ep])
apply (simp add: when_def dc_def[symmetric])
apply (rule corres_split_deprecated[OF dcorres_dat set_thread_state_corres])
apply (rule corres_split[OF set_thread_state_corres dcorres_dat])
apply (wp cancel_ipc_valid_idle
| simp add: not_idle_thread_def invs_def valid_state_def get_blocking_object_def)+
apply (clarsimp dest!:get_tcb_rev simp:invs_def ep_at_def2[symmetric, simplified])
@ -971,7 +971,7 @@ lemma corres_setup_caller_cap:
apply (rule dcorres_expand_pfx)
apply (rule corres_guard_imp)
apply (simp add: inject_reply_cap_def setup_caller_cap_def split del: if_split)
apply (rule corres_split_deprecated[OF _ set_thread_state_corres])
apply (rule corres_split[OF set_thread_state_corres])
apply (rule reply_cap_insert_corres)
apply (simp add: not_idle_thread_def)+
apply (wp set_thread_state_it|simp )+
@ -1341,8 +1341,7 @@ next
apply (rule dcorres_throw)
apply (rule TrueI)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule dcorres_insert_cap_combine [folded alternative_com])
apply simp
apply simp
@ -1541,7 +1540,7 @@ lemma get_receive_slot_dcorres:
apply (rule corres_splitEE[where r'="\<lambda>cnode cnode'. cnode = transform_cap cnode'"])
apply (rule corres_splitEE[where r'="\<lambda>p p'. p = transform_cslot_ptr p'"])
apply (simp add:liftE_bindE)
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_splitEE[OF _ corres_whenE,where r' = dc])
apply (rule dcorres_returnOk)
apply clarsimp+
@ -1639,8 +1638,7 @@ lemma transfer_caps_dcorres:
apply simp
apply (rule corres_dummy_return_r)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [where r'="\<lambda>r r'. r = None" and P=\<top> and P'=\<top>])
prefer 2
apply (rule corres_split[where r'="\<lambda>r r'. r = None" and P=\<top> and P'=\<top>])
apply (rule corres_alternate2)
apply simp
apply simp
@ -1650,8 +1648,7 @@ lemma transfer_caps_dcorres:
apply simp
apply (simp del: get_receive_slots.simps)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule corres_alternate1)
apply (rule get_receive_slot_dcorres)
apply (unfold dc_def)[1]
@ -1736,7 +1733,7 @@ lemma dcorres_copy_mrs':
apply (rule_tac F = " rvb = None " in corres_gen_asm)
apply (clarsimp simp:copy_mrs_def)
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF _ set_registers_corres])
apply (rule corres_split[OF set_registers_corres])
apply (rule corres_symb_exec_r)+
apply (rule corres_trivial[OF corres_free_return])
apply (wp | clarsimp split:option.splits)+
@ -1933,17 +1930,17 @@ lemma corres_complete_ipc_transfer:
apply (simp add:alternative_bind bind_assoc split del:if_split)
apply (rule corres_alternate1)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_if[OF _ corres_split_catch]])
apply (rule corres_split[OF corres_if[OF _ corres_split_catch]])
prefer 4
apply clarsimp
apply (rule corres_guard_imp[OF dcorres_lookup_extra_caps])
apply (clarsimp simp:not_idle_thread_def)+
apply assumption
apply (rule corres_split_deprecated[OF _ dcorres_copy_mrs'])
apply (rule corres_split[OF dcorres_copy_mrs'])
apply (simp add:get_message_info_def select_f_get_register bind_assoc transform_cap_list_def)
apply (rule corres_split_deprecated[OF _ transfer_caps_dcorres])
apply (rule corres_split[OF transfer_caps_dcorres])
apply (rule corres_corrupt_tcb_intent_dupl)
apply (rule corres_split_deprecated[OF _ set_message_info_corres])
apply (rule corres_split[OF set_message_info_corres])
unfolding K_bind_def
apply (rule corrupt_tcb_intent_as_user_corres)
apply (wp evalMonad_lookup_ipc_buffer_wp' hoare_vcg_ball_lift copy_mrs_valid_irq_node
@ -1997,9 +1994,9 @@ lemma corres_complete_ipc_transfer:
apply (rule corres_symb_exec_r)
apply (rule corres_symb_exec_r)
apply (clarsimp)
apply (rule corres_split_deprecated[OF _ dcorres_set_mrs'])
apply (rule corres_split[OF dcorres_set_mrs'])
apply (rule corres_corrupt_tcb_intent_dupl)
apply (rule corres_split_deprecated[OF _ set_message_info_corres])
apply (rule corres_split[OF set_message_info_corres])
unfolding K_bind_def
apply (rule corrupt_tcb_intent_as_user_corres)
apply (wp|clarsimp simp:not_idle_thread_def)+
@ -2224,8 +2221,8 @@ lemma do_reply_transfer_corres:
apply (clarsimp simp:not_idle_thread_def
opt_object_tcb transform_tcb_def | intro conjI impI)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ corres_complete_ipc_transfer])
apply (rule corres_split_deprecated[OF _ delete_cap_simple_corres])
apply (rule corres_split[OF corres_complete_ipc_transfer])
apply (rule corres_split[OF delete_cap_simple_corres])
apply (rule corres_split_noop_rhs2[OF possible_switch_to_dcorres[THEN corres_trivial]
set_thread_state_corres])
apply (wp | clarsimp simp:not_idle_thread_def)+
@ -2235,12 +2232,12 @@ lemma do_reply_transfer_corres:
apply simp+
apply (clarsimp simp:bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ delete_cap_simple_corres])
apply (rule corres_split[OF delete_cap_simple_corres])
apply (rule corres_symb_exec_r)
apply (rule corres_symb_exec_r)
apply (rule corres_symb_exec_r)
apply (rule corres_split_deprecated[OF _ dcorres_handle_fault_reply])
apply (rule corres_split_deprecated[OF _ thread_set_fault_corres])
apply (rule corres_split[OF dcorres_handle_fault_reply])
apply (rule corres_split[OF thread_set_fault_corres])
apply (simp add: when_return split del: if_split)
apply (simp add: dc_def[symmetric] if_distrib[where f = "set_thread_state recver"]
split del: if_split)
@ -2366,7 +2363,7 @@ lemma dcorres_receive_sync:
apply (rule corres_alternate1)
apply (rule corres_dummy_return_l)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF corres_dummy_set_sync_ep set_thread_state_block_on_receive_corres])
apply (rule corres_split[OF set_thread_state_block_on_receive_corres corres_dummy_set_sync_ep])
apply (wp|simp)+
apply (rule corres_alternate2)
apply (simp add: do_nbrecv_failed_transfer_def)
@ -2407,8 +2404,7 @@ lemma dcorres_receive_sync:
apply (clarsimp dest!: get_tcb_SomeD simp: dc_def[symmetric]
split del: if_split split: if_split_asm)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_complete_ipc_transfer])
prefer 2
apply (rule corres_split[OF corres_complete_ipc_transfer])
apply simp
apply (rule dcorres_if_rhs)
apply (rule dcorres_if_rhs)
@ -2455,7 +2451,7 @@ lemma dcorres_receive_sync:
apply (rule corres_alternate1)
apply (rule corres_dummy_return_l)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF corres_dummy_set_sync_ep set_thread_state_block_on_receive_corres])
apply (rule corres_split[OF set_thread_state_block_on_receive_corres corres_dummy_set_sync_ep])
apply (wp|simp)+
apply (simp add: do_nbrecv_failed_transfer_def)
apply (rule corres_alternate2)
@ -2473,7 +2469,7 @@ lemma dcorres_complete_signal:
split: Structures_A.kernel_object.splits Structures_A.ntfn.splits)
apply (rule corres_guard_imp)
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF corres_dummy_set_notification set_register_corres])
apply (rule corres_split[OF set_register_corres corres_dummy_set_notification])
apply (wp | clarsimp)+
done
@ -2622,7 +2618,7 @@ lemma send_sync_ipc_corres:
apply (clarsimp simp:valid_ep_abstract_def none_is_receiving_ep_def option_select_def)
apply (rule corres_dummy_return_l)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF corres_dummy_set_sync_ep set_thread_state_block_on_send_corres])
apply (rule corres_split[OF set_thread_state_block_on_send_corres corres_dummy_set_sync_ep])
apply wp
apply simp
apply (wp TrueI |clarsimp simp: split del:if_split)+
@ -2633,7 +2629,7 @@ lemma send_sync_ipc_corres:
apply (clarsimp simp:valid_ep_abstract_def none_is_receiving_ep_def option_select_def)
apply (rule corres_dummy_return_l)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF corres_dummy_set_sync_ep set_thread_state_block_on_send_corres])
apply (rule corres_split[OF set_thread_state_block_on_send_corres corres_dummy_set_sync_ep])
apply wp
apply simp
apply (wp TrueI|clarsimp simp: split del:if_split)+
@ -2657,11 +2653,11 @@ lemma send_sync_ipc_corres:
apply (rule corres_guard_imp)
apply (rule dcorres_symb_exec_r)
apply (simp only: liftM_def)
apply (rule corres_split_deprecated[OF _ dcorres_get_thread_state])
apply (rule corres_split[OF dcorres_get_thread_state])
apply (clarsimp, rename_tac recv_state')
apply (case_tac recv_state'; simp add: corres_free_fail split del: if_split)
apply (rule corres_split_deprecated[OF _ corres_complete_ipc_transfer])
apply (rule corres_split_deprecated[OF _ set_thread_state_corres])
apply (rule corres_split[OF corres_complete_ipc_transfer])
apply (rule corres_split[OF set_thread_state_corres])
apply (rule dcorres_rhs_noop_above[OF possible_switch_to_dcorres])
apply (rule dcorres_if_rhs)
apply (rule dcorres_if_rhs)

6
proof/drefine/KHeap_DR.thy
View File

@ -1360,7 +1360,7 @@ lemma empty_slot_corres:
apply (wp empty_slot_ext_valid_etcbs | simp)+
apply (rule corres_guard_imp)
apply (rule corres_dummy_return_pl)
apply (rule corres_split_deprecated [OF _ set_original_dummy_corres])
apply (rule corres_split[OF set_original_dummy_corres])
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[where r'=dc])
apply (case_tac "\<exists>irq. v = cap.IRQHandlerCap irq"; clarsimp)
@ -2555,7 +2555,7 @@ lemma dcorres_do_unbind_notification:
apply (clarsimp)
apply (rule corres_guard_imp)
apply (rule corres_dummy_return_pl[where b="()"])
apply (rule corres_split_deprecated[OF _ corres_dummy_set_notification])
apply (rule corres_split[OF corres_dummy_set_notification])
apply (clarsimp simp: tcb_slots)
apply (rule set_bound_notification_corres[where ntfn_opt=None, unfolded infer_tcb_bound_notification_def
not_idle_thread_def tcb_slots, simplified])
@ -2570,7 +2570,7 @@ lemma dcorres_unbind_maybe_notification:
(unbind_maybe_notification ntfn)"
apply (simp add: PageTableUnmap_D.unbind_maybe_notification_def IpcCancel_A.unbind_maybe_notification_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_ntfn_bound_tcb, unfolded fun_app_def, simplified])
apply (rule corres_split[OF dcorres_ntfn_bound_tcb, unfolded fun_app_def, simplified])
apply (simp add: option_set_option_select)
apply (rule_tac P'="case (ntfn_bound_tcb ntfna) of None \<Rightarrow> R' | Some x \<Rightarrow> R''" for R' R'' in corres_inst)
apply (rule_tac P="case (set_to_option (set_option (ntfn_bound_tcb ntfna))) of None \<Rightarrow> R | Some x \<Rightarrow> R'''" for R R''' in corres_inst)

5
proof/drefine/Refine_D.thy
View File

@ -34,8 +34,7 @@ lemma dcorres_call_kernel:
(Syscall_D.call_kernel e) (Syscall_A.call_kernel e)"
apply (simp_all add: Syscall_D.call_kernel_def Syscall_A.call_kernel_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule corres_split_handle [OF _ handle_event_corres])
prefer 4
apply (subst bind_return[symmetric])
@ -45,7 +44,7 @@ lemma dcorres_call_kernel:
apply (rule schedule_dcorres)
apply (wp schedule_valid_sched | strengthen valid_etcbs_sched)+
apply (simp add: handle_pending_interrupts_def)
apply (rule corres_split_deprecated [OF _ get_active_irq_corres])
apply (rule corres_split[OF get_active_irq_corres])
apply (clarsimp simp: when_def split: option.splits)
apply (rule handle_interrupt_corres[simplified dc_def])
apply ((wp | simp)+)[3]

6
proof/drefine/Schedule_DR.thy
View File

@ -102,7 +102,7 @@ lemma arch_switch_to_thread_dcorres:
apply (clarsimp simp: arch_switch_to_thread_def)
apply (rule corres_dummy_return_pl)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ dcorres_set_vm_root])
apply (rule corres_split[OF dcorres_set_vm_root])
apply simp
apply (rule dcorres_machine_op_noop)
apply (simp add: ARM.clearExMonitor_def, wp)[1]
@ -123,7 +123,7 @@ lemma switch_to_thread_corres:
apply (rule corres_symb_exec_r)
apply (rule corres_symb_exec_r)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ arch_switch_to_thread_dcorres])
apply (rule corres_split[OF arch_switch_to_thread_dcorres])
apply simp
apply (rule dcorres_rhs_noop_above[OF tcb_sched_action_dcorres])
apply (rule corres_modify [where P=\<top> and P'="\<lambda>s. idle_thread s \<noteq> x"])
@ -170,7 +170,7 @@ lemma switch_to_thread_same_corres:
apply (rule corres_symb_exec_r)
apply (rule corres_symb_exec_r)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ arch_switch_to_thread_dcorres])
apply (rule corres_split[OF arch_switch_to_thread_dcorres])
apply simp
apply (rule dcorres_rhs_noop_above[OF tcb_sched_action_dcorres])
apply (rule corres_modify [where P'="\<lambda>s. idle_thread s \<noteq> x"])

36
proof/drefine/Syscall_DR.thy
View File

@ -683,9 +683,9 @@ lemma perform_invocation_corres:
(* send_ipc *)
apply (clarsimp simp:invoke_endpoint_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_cur_thread_corres])
apply (rule corres_split[OF get_cur_thread_corres])
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF _ send_sync_ipc_corres])
apply (rule corres_split[OF send_sync_ipc_corres])
apply (rule corres_trivial[OF corres_free_return])
apply (wp|clarsimp)+
apply (clarsimp simp:ct_in_state_def obj_at_def pred_tcb_at_def not_idle_thread_def
@ -695,7 +695,7 @@ lemma perform_invocation_corres:
apply (clarsimp simp:invoke_notification_def liftE_bindE)
apply (clarsimp simp:liftE_def bind_assoc returnOk_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ send_signal_corres])
apply (rule corres_split[OF send_signal_corres])
apply (rule corres_trivial)
apply (simp add:dc_def corres_free_return)
apply (wp | clarsimp)+
@ -704,7 +704,7 @@ lemma perform_invocation_corres:
apply (rename_tac word a b c)
apply (clarsimp simp:invoke_reply_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_cur_thread_corres])
apply (rule corres_split[OF get_cur_thread_corres])
apply clarsimp
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated)
@ -731,7 +731,7 @@ lemma perform_invocation_corres:
apply (rule corres_guard_imp)
apply (clarsimp simp:bindE_def returnOk_def lift_def bind_assoc)
apply (rule corres_dummy_return_l)
apply (rule corres_split_deprecated[OF _ invoke_cnode_corres])
apply (rule corres_split[OF invoke_cnode_corres])
apply (clarsimp simp:lift_def,case_tac rv',simp add: throwError_def)
apply (simp)
apply (rule hoare_triv[of \<top>], rule hoare_post_taut)+
@ -884,10 +884,10 @@ lemma dcorres_reply_from_kernel:
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_corrupt_tcb_intent_dupl)
apply (rule corres_split_deprecated[OF _ set_register_corres])
apply (rule corres_split[OF set_register_corres])
unfolding K_bind_def
apply (rule corres_corrupt_tcb_intent_dupl)
apply (rule corres_split_deprecated[OF _ set_mrs_corres_no_recv_buffer])
apply (rule corres_split[OF set_mrs_corres_no_recv_buffer])
unfolding K_bind_def
apply (rule set_message_info_corres)
apply (wp | clarsimp simp:not_idle_thread_def)+
@ -904,11 +904,11 @@ lemma dcorres_reply_from_kernel:
apply clarsimp
apply (rule corrupt_frame_include_self[where y = oid])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ set_register_corres])
apply (rule corres_split[OF set_register_corres])
unfolding K_bind_def
apply (rule_tac y = oid in corrupt_frame_include_self')
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_set_mrs])
apply (rule corres_split[OF dcorres_set_mrs])
unfolding K_bind_def
apply (rule set_message_info_corres)
apply (wp| simp add:not_idle_thread_def)+
@ -1133,9 +1133,9 @@ lemma dcorres_reply_from_syscall:
apply (intro conjI impI)
apply (rule dcorres_returnOk',simp)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ dcorres_reply_from_kernel])
apply (rule corres_split[OF dcorres_reply_from_kernel])
apply (rule corres_dummy_return_pr)
apply (rule corres_split_deprecated[OF _ dcorres_set_intent_error])
apply (rule corres_split[OF dcorres_set_intent_error])
apply (simp add:liftE_bindE returnOk_liftE)
apply (rule set_thread_state_corres[unfolded tcb_slots])
apply (wp rfk_invs reply_from_kernel_error)+
@ -1299,12 +1299,12 @@ lemma handle_invocation_corres:
apply (simp add: split_def)+
apply (rule dcorres_when_r)
apply (rule corres_dummy_return_r)
apply (rule corres_guard_imp[OF corres_split_deprecated[OF _ dcorres_reply_from_kernel]])
apply (rule corres_guard_imp[OF corres_split[OF dcorres_reply_from_kernel]])
apply (simp add:when_def)
apply (rule dcorres_set_intent_error)
apply (wp rfk_invs reply_from_kernel_error | simp add:not_idle_thread_def)+
apply (rule dcorres_dummy_corrupt_ipc_buffer)
apply (rule corres_split_deprecated[OF _ dcorres_set_thread_state_Restart2])
apply (rule corres_split[OF dcorres_set_thread_state_Restart2])
apply (rule corres_splitEE[where r' = dc])
apply (simp add: whenE_def bind_assoc)
apply (rule dcorres_reply_from_syscall)
@ -1391,7 +1391,7 @@ lemma handle_recv_corres:
Syscall_D.handle_recv (Syscall_A.handle_recv is_blocking)"
apply (simp add: Syscall_D.handle_recv_def Syscall_A.handle_recv_def delete_caller_cap_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_cur_thread_corres])
apply (rule corres_split[OF get_cur_thread_corres])
apply (simp add:liftM_def select_f_get_register get_thread_def bind_assoc)
apply (rename_tac thread)
apply (rule_tac P=\<top> and P'="invs and valid_etcbs and (\<lambda>s. thread = cur_thread s
@ -1484,14 +1484,14 @@ lemma handle_reply_corres:
Syscall_D.handle_reply Syscall_A.handle_reply"
apply (simp add: Syscall_D.handle_reply_def Syscall_A.handle_reply_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cur_thread_corres])
apply (rule corres_split[OF get_cur_thread_corres])
apply simp
apply (rename_tac thread)
apply (rule_tac R="\<lambda>_. \<top>" and
R'="\<lambda>cap. invs and valid_etcbs and ct_running and tcb_at thread
and not_idle_thread thread
and cte_wp_at ((=) cap) (thread, tcb_cnode_index 3)"
in corres_split_deprecated [OF _ get_cap_corres])
in corres_split[OF get_cap_corres])
apply (simp add: transform_cap_def corres_fail split: cap.split)
apply (clarsimp simp: corres_fail dc_def[symmetric] split: bool.split)
apply (rename_tac word rights)
@ -1589,7 +1589,7 @@ lemma handle_event_corres:
apply (simp_all add:handle_syscall_def handle_send_def handle_call_def)
apply (rule handle_invocation_corres[THEN corres_guard_imp] | simp)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF handle_recv_corres handle_reply_corres])
apply (rule corres_split[OF handle_reply_corres handle_recv_corres])
apply (wp handle_reply_cur_thread_idle_thread)
apply (simp add:not_idle_thread_def)
apply (wp handle_reply_cur_thread_idle_thread handle_reply_valid_etcbs)
@ -1633,7 +1633,7 @@ lemma handle_event_corres:
split: thread_state.splits)+
apply (simp add:handle_pending_interrupts_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_active_irq_corres])
apply (rule corres_split[OF get_active_irq_corres])
apply (clarsimp simp:option.splits)
apply (rule handle_interrupt_corres)
apply (wp | simp)+

34
proof/drefine/Tcb_DR.thy
View File

@ -436,7 +436,7 @@ lemma suspend_corres:
(Tcb_D.suspend obj_id) (IpcCancel_A.suspend obj_id)"
apply (rule corres_guard_imp)
apply (clarsimp simp: IpcCancel_A.suspend_def Tcb_D.suspend_def)
apply (rule corres_split_deprecated[OF _ finalise_cancel_ipc])
apply (rule corres_split[OF finalise_cancel_ipc])
apply (rule dcorres_symb_exec_r[OF _ gts_inv gts_inv])
apply (rule dcorres_rhs_noop_above)
apply (case_tac "rv = Running"; simp)
@ -557,8 +557,8 @@ lemma restart_corres:
tcb_cspace_slot_def tcb_replycap_slot_def)
apply (intro conjI impI)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ finalise_cancel_ipc])
apply (rule corres_split_deprecated[OF _ dcorres_setup_reply_master[unfolded tcb_replycap_slot_def] ])
apply (rule corres_split[OF finalise_cancel_ipc])
apply (rule corres_split[OF dcorres_setup_reply_master[unfolded tcb_replycap_slot_def] ])
apply (rule dcorres_rhs_noop_below_True[OF dcorres_rhs_noop_below_True])
apply (rule possible_switch_to_dcorres)
apply (rule tcb_sched_action_dcorres)
@ -1046,7 +1046,7 @@ lemma dcorres_tcb_update_ipc_buffer:
apply (rule corres_splitEE[OF _ dcorres_tcb_empty_slot])
apply (clarsimp simp:liftE_bindE)
apply (simp add:liftE_def)
apply (rule corres_split_deprecated[OF _ dcorres_corrupt_tcb_intent_ipcbuffer_upd])
apply (rule corres_split[OF dcorres_corrupt_tcb_intent_ipcbuffer_upd])
apply (rule corres_dummy_return_pl)
apply (clarsimp simp:returnOk_def)
apply (rule corres_symb_exec_r)
@ -1076,13 +1076,13 @@ lemma dcorres_tcb_update_ipc_buffer:
apply (rule corres_splitEE[OF _ dcorres_tcb_empty_slot])
apply (clarsimp simp:tcb_update_thread_slot_def whenE_liftE)
apply (clarsimp simp:liftE_bindE)
apply (rule corres_split_deprecated[OF _ dcorres_corrupt_tcb_intent_ipcbuffer_upd])
apply (rule corres_split[OF dcorres_corrupt_tcb_intent_ipcbuffer_upd])
apply (clarsimp simp:bind_assoc)
apply (rule corres_dummy_return_pl)
apply simp
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (clarsimp simp:liftE_def returnOk_def)
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split[OF corres_when])
apply (rule corres_trivial,clarsimp simp:returnOk_def)
apply (rule corres_symb_exec_r)
apply (rule corres_guard_imp)
@ -1095,7 +1095,7 @@ lemma dcorres_tcb_update_ipc_buffer:
apply (simp add:valid_ipc_buffer_cap_def is_arch_cap_def split:cap.splits)
apply (clarsimp simp: valid_cap_def is_arch_cap_def valid_ipc_buffer_cap_def
split: cap.split_asm arch_cap.split_asm)+
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_when)
apply (rule sym)
apply (case_tac cap')
@ -1178,13 +1178,13 @@ lemma dcorres_tcb_update_vspace_root:
apply (clarsimp simp: whenE_liftE bind_assoc)
apply (clarsimp simp: liftE_def bind_assoc)
apply (clarsimp simp: is_valid_vtable_root_def )
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_split[OF corres_when])
apply (rule corres_trivial)
apply clarsimp
apply (rule arch_same_obj_as_lift)
apply (clarsimp simp: valid_cap_def is_arch_cap_def)+
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_when)
apply (rule sym)
apply (case_tac cap')
@ -1255,16 +1255,16 @@ lemma dcorres_tcb_update_cspace_root:
apply (clarsimp simp:no_cap_to_obj_with_diff_ref_def)
apply (clarsimp simp:whenE_liftE bind_assoc same_object_as_def)
apply (clarsimp simp:liftE_def bind_assoc)
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F = "(is_cnode_cap x \<and> obj_refs x = obj_refs aaa) \<longrightarrow> (bits_of x = bits_of aaa)" in corres_gen_asm2)
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split[OF corres_when])
apply (rule corres_trivial)
apply (clarsimp)
apply (rule iffI)
apply (clarsimp simp:is_cap_simps bits_of_def cap_type_def transform_cap_def
split:cap.split_asm arch_cap.split_asm if_split_asm)
apply (clarsimp simp:cap_has_object_def is_cap_simps cap_type_def)
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_when)
apply (rule sym)
apply (simp add:table_cap_ref_def)
@ -1686,7 +1686,7 @@ lemma dcorres_bind_notification:
split: Structures_A.kernel_object.splits)
apply (rule corres_dummy_return_pl)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_dummy_set_notification], simp)
apply (rule corres_split[OF corres_dummy_set_notification], simp)
apply (rule set_bound_notification_corres)
apply (wp |simp add: not_idle_thread_def infer_tcb_bound_notification_def)+
done
@ -1699,7 +1699,7 @@ lemma invoke_tcb_corres_bind:
apply (clarsimp simp: Tcb_D.invoke_tcb_def translate_tcb_invocation_def)
apply (rule corres_dummy_return_l)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF corres_return_trivial dcorres_bind_notification])
apply (rule corres_split[OF dcorres_bind_notification corres_return_trivial])
apply (wp | simp)+
done
@ -1711,7 +1711,7 @@ lemma invoke_tcb_corres_unbind:
apply (clarsimp simp: Tcb_D.invoke_tcb_def translate_tcb_invocation_def)
apply (rule corres_dummy_return_l)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF corres_return_trivial dcorres_unbind_notification])
apply (rule corres_split[OF dcorres_unbind_notification corres_return_trivial])
apply (wp | simp)+
done

12
proof/drefine/Untyped_DR.thy
View File

@ -336,7 +336,7 @@ lemma delete_objects_dcorres:
apply (simp add: valid_cap_def cap_aligned_def untyped_min_bits_def)
apply (rule corres_name_pre, clarify)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ detype_dcorres])
apply (rule corres_split[OF detype_dcorres])
apply (rule freeMemory_dcorres, simp+)
apply wp
apply clarsimp
@ -1269,7 +1269,7 @@ lemma reset_untyped_cap_corres:
apply (simp add: Untyped_D.reset_untyped_cap_def reset_untyped_cap_def
liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="is_untyped_cap capa \<and> cap_aligned capa
\<and> bits_of capa > 2 \<and> free_index_of capa \<le> 2 ^ bits_of capa"
in corres_gen_asm2)
@ -1328,7 +1328,7 @@ lemma reset_untyped_cap_corres:
apply (rule corres_guard_imp)
apply (rule corres_add_noop_lhs)
apply (rule corres_split_nor[OF _ clearMemory_corres_noop[OF refl]])
apply (rule corres_split_deprecated[OF _ set_cap_corres])
apply (rule corres_split[OF set_cap_corres])
apply (subst alternative_com)
apply (rule throw_or_return_preemption_corres[where P=\<top> and P'=\<top>])
apply (clarsimp simp: is_cap_simps bits_of_def)
@ -1473,13 +1473,13 @@ lemma invoke_untyped_corres:
apply (rule reset_untyped_cap_corres[where idx=idx])
apply simp
apply simp
apply (rule corres_split_deprecated[OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply simp
apply (rule generate_object_ids_exec[where ptr = ptr and us = us and sz = sz])
apply simp
apply (rule corres_split_deprecated[OF _ update_available_range_dcorres])
apply (rule corres_split[OF update_available_range_dcorres])
apply simp
apply (rule corres_split_deprecated[OF _ retype_region_dcorres[where sz = sz]])
apply (rule corres_split[OF retype_region_dcorres[where sz = sz]])
apply (rule corres_split_noop_rhs[OF _ init_arch_objects_corres_noop[where sz =sz]])
apply (simp add: liftM_def[symmetric] mapM_x_def[symmetric]
zip_map1 zip_map2 o_def split_beta dc_def[symmetric])

7
proof/infoflow/refine/ADT_IF_Refine.thy
View File

@ -301,16 +301,15 @@ lemma kernel_entry_if_corres:
(kernel_entry_if event tc) (kernelEntry_if event tc)"
apply (simp add: kernel_entry_if_def kernelEntry_if_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split)
apply simp
apply (rule threadset_corresT)
apply (erule arch_tcb_context_set_tcb_relation)
apply (clarsimp simp: tcb_cap_cases_def)
apply (rule allI[OF ball_tcb_cte_casesI]; clarsimp)
apply (simp add: exst_same_def)
apply (rule corres_split_deprecated [OF _ handleEvent_corres_arch_extras])
apply (rule corres_split[OF handleEvent_corres_arch_extras])
apply (rule corres_stateAssert_assume_stronger[where Q=\<top> and
P="\<lambda>s. valid_domain_list s \<and>
(event \<noteq> Interrupt \<longrightarrow> 0 < domain_time s) \<and>

8
proof/infoflow/refine/ADT_IF_Refine_C.thy
View File

@ -391,16 +391,14 @@ lemma kernelEntry_corres_C:
apply (simp only: bind_assoc)
apply (simp add: getCurThread_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
prefer 2
apply (rule corres_split[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t' = tcb_ptr_to_ctcb_ptr t"])
apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (subst archTcbUpdate_aux2[symmetric])
apply (rule setTCBContext_C_corres)
apply (simp add: ccontext_rel_to_C)
apply simp
apply (rule corres_split_deprecated[OF _ ccorres_corres_u_xf, simplified bind_assoc])
apply (rule corres_split[OF ccorres_corres_u_xf, simplified bind_assoc])
prefer 3
apply (rule corres_nofail)
apply (rule handleEvent_corres)

16
proof/infoflow/refine/ARM/ArchADT_IF_Refine.thy
View File

@ -188,15 +188,15 @@ lemma do_user_op_if_corres[ADT_IF_Refine_assms]:
apply (rule corres_assert_imp_r)
apply fastforce
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_machine_op,where r'="(=)"])
apply (rule corres_split[OF corres_machine_op,where r'="(=)"])
apply clarsimp
apply (rule corres_split_deprecated[where r'="(=)"])
apply clarsimp
apply (rule corres_split_deprecated[OF _ corres_machine_op,where r'="(=)"])
apply (rule corres_split[OF corres_machine_op,where r'="(=)"])
apply clarsimp
apply (rule corres_split_deprecated[OF _ corres_machine_op,where r'="(=)"])
apply (rule corres_split[OF corres_machine_op,where r'="(=)"])
apply clarsimp
apply (rule corres_split_deprecated[OF _ corres_machine_op, where r'="(=)"])
apply (rule corres_split[OF corres_machine_op, where r'="(=)"])
apply (rule corres_return_same_trivial)
apply (wp hoare_TrueI[where P = \<top>] | simp | rule corres_underlying_trivial)+
apply (clarsimp simp: user_memory_update_def)
@ -326,17 +326,17 @@ lemma do_user_op_if_corres'[ADT_IF_Refine_assms]:
apply (rule corres_assert_imp_r)
apply fastforce
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_machine_op',where r'="(=)"])
apply (rule corres_split[OF corres_machine_op',where r'="(=)"])
apply simp
apply (rule corres_split_deprecated[where r'="dc"])
apply simp
apply (rule corres_split_deprecated[where r'="(=)"])
apply clarsimp
apply (rule corres_split_deprecated[OF _ corres_machine_op',where r'="(=)"])
apply (rule corres_split[OF corres_machine_op',where r'="(=)"])
apply simp
apply (rule corres_split_deprecated[OF _ corres_machine_op', where r'="(=)"])
apply (rule corres_split[OF corres_machine_op', where r'="(=)"])
apply simp
apply (rule corres_split_deprecated[OF _ corres_machine_op', where r'="(=)"])
apply (rule corres_split[OF corres_machine_op', where r'="(=)"])
apply (rule corres_return_same_trivial)
apply (wp hoare_TrueI[where P = \<top>] | simp | rule corres_underlying_trivial)+
apply (clarsimp simp: select_def corres_underlying_def)

17
proof/infoflow/refine/ARM/ArchADT_IF_Refine_C.thy
View File

@ -228,28 +228,25 @@ lemma do_user_op_if_C_corres[ADT_IF_Refine_assms]:
Let_def cmachine_state_relation_def)
apply simp
apply (rule corres_guard_imp)
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp add: corres_underlying_def fail_def
assert_def return_def
split: if_splits)
apply simp
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp add: corres_underlying_def fail_def
assert_def return_def
split: if_splits)
apply simp
apply (rule corres_split_deprecated[OF _ corres_dmo_getExMonitor_C])
apply (rule corres_split[OF corres_dmo_getExMonitor_C])
apply clarsimp
apply (rule_tac r'="(=)" in corres_split_deprecated[OF _ corres_select])
prefer 2
apply (rule_tac r'="(=)" in corres_split[OF corres_select])
apply clarsimp
apply simp
apply (rule corres_underlying_split5)
apply (rule corres_split_deprecated[OF _ user_memory_update_corres_C])
apply (rule corres_split_deprecated[OF _ device_update_corres_C])
apply (rule corres_split_deprecated[OF _ corres_dmo_setExMonitor_C,
apply (rule corres_split[OF user_memory_update_corres_C])
apply (rule corres_split[OF device_update_corres_C])
apply (rule corres_split[OF corres_dmo_setExMonitor_C,
where R="\<top>\<top>" and R'="\<top>\<top>"])
apply (wp select_wp | simp)+
apply (clarsimp simp: ex_abs_def restrict_map_def invs_pspace_aligned'

8
proof/infoflow/refine/RISCV64/ArchADT_IF_Refine.thy
View File

@ -166,9 +166,9 @@ lemma do_user_op_if_corres[ADT_IF_Refine_assms]:
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[where r'="(=)"])
apply clarsimp
apply (rule corres_split_deprecated[OF _ corres_machine_op,where r'="(=)"])
apply (rule corres_split[OF corres_machine_op,where r'="(=)"])
apply clarsimp
apply (rule corres_split_deprecated[OF _ corres_machine_op,where r'="(=)"])
apply (rule corres_split[OF corres_machine_op,where r'="(=)"])
apply clarsimp
apply (wp hoare_TrueI[where P = \<top>] | simp | rule corres_underlying_trivial)+
apply (clarsimp simp: user_memory_update_def)
@ -268,9 +268,9 @@ lemma do_user_op_if_corres'[ADT_IF_Refine_assms]:
apply simp
apply (rule corres_split_deprecated[where r'="(=)"])
apply clarsimp
apply (rule corres_split_deprecated[OF _ corres_machine_op',where r'="(=)"])
apply (rule corres_split[OF corres_machine_op',where r'="(=)"])
apply simp
apply (rule corres_split_deprecated[OF _ corres_machine_op', where r'="(=)"])
apply (rule corres_split[OF corres_machine_op', where r'="(=)"])
apply simp
apply (wp hoare_TrueI[where P = \<top>] | simp | rule corres_underlying_trivial)+
apply (clarsimp simp: select_def corres_underlying_def)

13
proof/infoflow/refine/RISCV64/ArchADT_IF_Refine_C.thy
View File

@ -153,25 +153,22 @@ lemma do_user_op_if_C_corres[ADT_IF_Refine_assms]:
Let_def cmachine_state_relation_def)
apply simp
apply (rule corres_guard_imp)
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp add: corres_underlying_def fail_def
assert_def return_def
split: if_splits)
apply simp
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac P=\<top> and P'=\<top> and r'="(=)" in corres_split)
apply (clarsimp simp add: corres_underlying_def fail_def
assert_def return_def
split: if_splits)
apply simp
apply (rule_tac r'="(=)" in corres_split_deprecated[OF _ corres_select])
prefer 2
apply (rule_tac r'="(=)" in corres_split[OF corres_select])
apply clarsimp
apply simp
apply (rule corres_underlying_split4)
apply (rule corres_split_deprecated[OF _ user_memory_update_corres_C])
apply (rule corres_split_deprecated[OF _ device_update_corres_C])
apply (rule corres_split[OF user_memory_update_corres_C])
apply (rule corres_split[OF device_update_corres_C])
apply (wp select_wp | simp)+
apply (clarsimp simp: ex_abs_def restrict_map_def invs_pspace_aligned'
invs_pspace_distinct' ptable_lift_s'_def ptable_rights_s'_def

25
proof/refine/ARM/Arch_R.thy
View File

@ -150,15 +150,13 @@ lemma performASIDControlInvocation_corres:
apply (frule valid_capAligned)
apply (clarsimp simp: capAligned_def page_bits_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (erule deleteObjects_corres)
apply (simp add:pageBits_def)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F = " pcap = (cap.UntypedCap False word1 pageBits idxa)" in corres_gen_asm)
apply (rule corres_split_deprecated[OF _ updateFreeIndex_corres])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split[OF updateFreeIndex_corres])
apply (rule corres_split)
apply (simp add: retype_region2_ext_retype_region_ArchObject )
apply (rule corres_retype [where ty="Inl (KOArch (KOASIDPool F))",
unfolded APIType_map2_def makeObjectKO_def,
@ -173,13 +171,11 @@ lemma performASIDControlInvocation_corres:
apply (simp add: makeObject_asidpool const_def inv_def)
apply (rule range_cover_full)
apply (simp add:obj_bits_api_def arch_kobj_size_def default_arch_object_def)+
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule cteInsert_simple_corres, simp, rule refl, rule refl)
apply (rule_tac F="is_aligned word2 asid_low_bits" in corres_gen_asm)
apply (simp add: is_aligned_mask dc_def[symmetric])
apply (rule corres_split_deprecated [where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t = t' o ucast"])
prefer 2
apply (rule corres_split[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t = t' o ucast"])
apply (clarsimp simp: state_relation_def arch_state_relation_def)
apply (rule corres_trivial)
apply (rule corres_modify)
@ -510,11 +506,11 @@ lemma resolveVAddr_corres:
apply (rule_tac R="\<lambda>rv s. valid_pde rv s \<and> pspace_aligned s"
and R'="\<lambda>_ s. pspace_distinct' s \<and> pspace_aligned' s
\<and> vs_valid_duplicates' (ksPSpace s)"
in corres_split_deprecated[OF _ get_master_pde_corres])
in corres_split[OF get_master_pde_corres])
apply (case_tac rv, simp_all add: pde_relation'_def)[1]
apply (rule corres_stateAssert_assume_stronger)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_master_pte_corres[OF refl]])
apply (rule corres_split[OF get_master_pte_corres[OF refl]])
apply (rule corres_trivial)
apply (case_tac rva, simp_all add: pte_relation'_def)[1]
apply (wp get_master_pte_inv)+
@ -1067,7 +1063,7 @@ shows
apply (rule corres_symb_exec_r_conj)
apply (rule_tac F="isArchCap isPageTableCap (cteCap cteVal)"
in corres_gen_asm2)
apply (rule corres_split_deprecated[OF _ isFinalCapability_corres[where ptr=slot]])
apply (rule corres_split[OF isFinalCapability_corres[where ptr=slot]])
apply (drule mp)
apply (clarsimp simp: isCap_simps final_matters'_def)
apply (rule whenE_throwError_corres)
@ -1112,8 +1108,7 @@ shows
apply (rule whenE_throwError_corres, simp)
apply clarsimp
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ _ resolve_vaddr_valid_mapping_size])
prefer 2
apply (rule corres_split[OF _ _ resolve_vaddr_valid_mapping_size])
apply clarsimp
apply (rule resolveVAddr_corres[THEN corres_gen_asm])
apply simp

14
proof/refine/ARM/CNodeInv_R.thy
View File

@ -113,8 +113,7 @@ lemma corres_split_liftM2:
and h1: "\<lbrace>Q\<rbrace> a \<lbrace>R\<rbrace>" and h2: "\<lbrace>Q'\<rbrace> c \<lbrace>\<lambda>x. R' (f x)\<rbrace>"
shows "corres r (P and Q) (P' and Q') (a >>= b) (liftM f c >>= d)"
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ _ h1])
prefer 2
apply (rule corres_split[OF _ _ h1])
apply (simp add: o_def)
apply (rule corr)
apply (erule r1)
@ -177,8 +176,7 @@ lemma decodeCNodeInvocation_corres:
apply (rule corres_splitEE [OF _ ensureEmptySlot_corres])
apply (rule corres_splitEE [OF _ lookupSlotForCNodeOp_corres])
apply (simp(no_asm) add: liftE_bindE del: de_Morgan_conj split del: if_split)
apply (rule corres_split_deprecated [OF _ get_cap_corres'])
prefer 2
apply (rule corres_split[OF get_cap_corres'])
apply (simp add: split_def)
apply (rule whenE_throwError_corres)
apply (simp add: lookup_failure_map_def)
@ -261,7 +259,7 @@ lemma decodeCNodeInvocation_corres:
apply (rule corres_guard_imp)
apply (rule corres_splitEE [OF _ lookupSlotForCNodeOp_corres])
apply (simp(no_asm) add: split_beta liftE_bindE)
apply (rule corres_split_deprecated [OF _ get_cap_corres'])
apply (rule corres_split[OF get_cap_corres'])
apply (rule corres_split_norE)
apply (rule corres_trivial)
apply (clarsimp simp add: returnOk_def)
@ -7195,7 +7193,7 @@ next
apply (simp add: in_monad)
apply (rule drop_spec_corres)
apply (simp add: liftE_bindE del: rec_del.simps)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="cteCap ourCTE = Zombie ptr (zbits_map bits) (Suc n)
\<or> cteCap ourCTE = NullCap
\<or> (\<exists>zb n cp. cteCap ourCTE = Zombie (cte_map slot) zb n
@ -8655,11 +8653,11 @@ lemma invokeCNode_corres:
apply (rename_tac prod)
apply (simp add: getThreadCallerSlot_def locateSlot_conv objBits_simps)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (subgoal_tac "thread + 2^cte_level_bits * tcbCallerSlot = cte_map (thread, tcb_cnode_index 3)")
prefer 2
apply (simp add: cte_map_def tcb_cnode_index_def tcbCallerSlot_def cte_level_bits_def objBits_defs)
apply (rule corres_split_deprecated [OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac P="\<lambda>s. (is_reply_cap cap \<or> cap = cap.NullCap) \<and>
(is_reply_cap cap \<longrightarrow>
(einvs and cte_at (threada, tcb_cnode_index 3) and

8
proof/refine/ARM/CSpace1_R.thy
View File

@ -5011,8 +5011,8 @@ lemma cteInsert_corres:
unfolding cap_insert_def cteInsert_def
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="cteCap rv' = NullCap" in corres_gen_asm2)
apply simp
apply (rule_tac P="?P and cte_at dest and
@ -6948,8 +6948,8 @@ lemma capSwapForDelete_corres:
apply (simp add: caps_of_state_cte_at)+
apply (simp add: when_def liftM_def)
apply (rule corres_guard_imp)
apply (rule_tac P1=wellformed_cap in corres_split_deprecated [OF _ get_cap_corres_P])
apply (rule_tac P1=wellformed_cap in corres_split_deprecated [OF _ get_cap_corres_P])
apply (rule_tac P1=wellformed_cap in corres_split[OF get_cap_corres_P])
apply (rule_tac P1=wellformed_cap in corres_split[OF get_cap_corres_P])
apply (rule cteSwap_corres, rule refl, rule refl, clarsimp+)
apply (wp get_cap_wp getCTE_wp')+
apply (clarsimp simp: cte_wp_at_caps_of_state)

8
proof/refine/ARM/CSpace_R.thy
View File

@ -3417,7 +3417,7 @@ lemma ensureEmptySlot_corres:
(ensure_empty p) (ensureEmptySlot q)"
apply (clarsimp simp add: ensure_empty_def ensureEmptySlot_def unlessE_whenE liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_trivial)
apply (case_tac cap, auto simp add: whenE_def returnOk_def)[1]
apply wp+
@ -3950,7 +3950,7 @@ lemma setupReplyMaster_corres:
apply (clarsimp simp: tcb_cnode_index_def2 cte_map_nat_to_cref word_bits_def cte_level_bits_def)
apply (clarsimp simp: cte_level_bits_def)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_when)
apply fastforce
apply (rule_tac P'="einvs and tcb_at t" in corres_stateAssert_implied)
@ -4713,8 +4713,8 @@ lemma cteInsert_simple_corres:
supply subst_all [simp del]
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="cteCap rv' = NullCap" in corres_gen_asm2)
apply simp
apply (rule_tac P="?P and cte_at dest and

30
proof/refine/ARM/Finalise_R.thy
View File

@ -1515,7 +1515,7 @@ lemma emptySlot_corres:
apply (rule corres_split_noop_rhs[OF _ clearUntypedFreeIndex_noop_corres])
apply (rule_tac R="\<lambda>cap. einvs and cte_wp_at ((=) cap) slot" and
R'="\<lambda>cte. valid_pspace' and cte_wp_at' ((=) cte) (cte_map slot)" in
corres_split_deprecated [OF _ get_cap_corres])
corres_split[OF get_cap_corres])
defer
apply (wp get_cap_wp getCTE_wp')+
apply (simp add: cte_wp_at_ctes_of)
@ -3374,7 +3374,7 @@ lemma (in delete_one) deletingIRQHandler_corres:
(deleting_irq_handler irq) (deletingIRQHandler irq)"
apply (simp add: deleting_irq_handler_def deletingIRQHandler_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule_tac P'="cte_at' (cte_map slot)" in corres_symb_exec_r_conj)
apply (rule_tac F="isNotificationCap rv \<or> rv = capability.NullCap"
@ -3443,13 +3443,13 @@ lemma unbindNotification_corres:
supply option.case_cong_weak[cong]
apply (simp add: unbind_notification_def unbindNotification_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getBoundNotification_corres])
apply (rule corres_split[OF getBoundNotification_corres])
apply (rule corres_option_split)
apply simp
apply (rule corres_return_trivial)
apply (rule corres_split_deprecated[OF _ getNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply clarsimp
apply (rule corres_split_deprecated[OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setBoundNotification_corres)
apply (clarsimp simp: ntfn_relation_def split:Structures_A.ntfn.splits)
apply (wp gbn_wp' gbn_wp)+
@ -3471,11 +3471,11 @@ lemma unbindMaybeNotification_corres:
(unbindMaybeNotification ntfnptr)"
apply (simp add: unbind_maybe_notification_def unbindMaybeNotification_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply (rule corres_option_split)
apply (clarsimp simp: ntfn_relation_def split: Structures_A.ntfn.splits)
apply (rule corres_return_trivial)
apply (rule corres_split_deprecated[OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setBoundNotification_corres)
apply (clarsimp simp: ntfn_relation_def split: Structures_A.ntfn.splits)
apply (wp get_simple_ko_wp getNotification_wp)+
@ -3516,7 +3516,7 @@ lemma fast_finaliseCap_corres:
apply (simp add: valid_cap'_def)
apply (clarsimp simp: final_matters'_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindMaybeNotification_corres])
apply (rule corres_split[OF unbindMaybeNotification_corres])
apply (rule cancelAllSignals_corres)
apply (wp abs_typ_at_lifts unbind_maybe_notification_invs typ_at_lifts hoare_drop_imps getNotification_wp
| wpc)+
@ -3532,13 +3532,13 @@ lemma cap_delete_one_corres:
apply (simp add: cap_delete_one_def cteDeleteOne_def'
unless_def when_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="can_fast_finalise cap" in corres_gen_asm)
apply (rule corres_if)
apply fastforce
apply (rule corres_split_deprecated [OF _ isFinalCapability_corres[where ptr=ptr]])
apply (rule corres_split[OF isFinalCapability_corres[where ptr=ptr]])
apply (simp add: split_def bind_assoc [THEN sym])
apply (rule corres_split_deprecated [OF _ fast_finaliseCap_corres[where sl=ptr]])
apply (rule corres_split[OF fast_finaliseCap_corres[where sl=ptr]])
apply (rule emptySlot_corres)
apply simp+
apply (wp hoare_drop_imps)+
@ -3582,7 +3582,7 @@ lemma finaliseCap_corres:
apply (simp add: valid_cap'_def)
apply (clarsimp simp add: final_matters'_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindMaybeNotification_corres])
apply (rule corres_split[OF unbindMaybeNotification_corres])
apply (rule cancelAllSignals_corres)
apply (wp abs_typ_at_lifts unbind_maybe_notification_invs typ_at_lifts hoare_drop_imps hoare_vcg_all_lift | wpc)+
apply (clarsimp simp: valid_cap_def)
@ -3592,8 +3592,8 @@ lemma finaliseCap_corres:
liftM_def[symmetric] o_def zbits_map_def
dc_def[symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindNotification_corres])
apply (rule corres_split_deprecated[OF _ suspend_corres])
apply (rule corres_split[OF unbindNotification_corres])
apply (rule corres_split[OF suspend_corres])
apply (clarsimp simp: liftM_def[symmetric] o_def dc_def[symmetric] zbits_map_def)
apply (rule prepareThreadDelete_corres)
apply (wp unbind_notification_invs unbind_notification_simple_sched_action)+
@ -3826,7 +3826,7 @@ lemma thread_set_all_corresT:
(thread_set_all f g t) (threadSet f' t)"
apply (simp add: thread_set_all_def threadSet_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ thread_gets_the_all_corres])
apply (rule corres_split[OF thread_gets_the_all_corres])
apply (simp add: split_def)
apply (rule tcb_update_all_corres')
apply (erule x)

26
proof/refine/ARM/Interrupt_R.thy
View File

@ -382,7 +382,7 @@ lemma invokeIRQHandler_corres:
apply (rename_tac word cap prod)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule corres_split_nor [OF _ cap_delete_one_corres])
apply (rule cteInsert_corres, simp+)
@ -400,7 +400,7 @@ lemma invokeIRQHandler_corres:
apply (erule cte_wp_at_weakenE, simp add: is_derived_use_interrupt)
apply fastforce
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule cap_delete_one_corres)
apply wp+
@ -651,15 +651,15 @@ lemma timerTick_corres:
apply (simp add:thread_state_case_if threadState_case_if)
apply (rule_tac Q="\<top> and (cur_tcb and valid_sched)" and Q'="\<top> and invs'" in corres_guard_imp)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rename_tac state state')
apply (rule corres_split_deprecated[where r' = dc ])
apply simp
apply (rule corres_when,simp)
apply (rule corres_split_deprecated[OF _ decDomainTime_corres])
apply (rule corres_split_deprecated[OF _ getDomainTime_corres])
apply (rule corres_split[OF decDomainTime_corres])
apply (rule corres_split[OF getDomainTime_corres])
apply (rule corres_when,simp)
apply (rule rescheduleRequired_corres)
apply (wp hoare_drop_imp)+
@ -670,7 +670,7 @@ lemma timerTick_corres:
apply (rule corres_if[where Q = \<top> and Q' = \<top>])
apply (case_tac state,simp_all)[1]
apply (simp add: Let_def)
apply (rule_tac r'="(=)" in corres_split_deprecated [OF _ ethreadget_corres])
apply (rule_tac r'="(=)" in corres_split[OF ethreadget_corres])
apply (rename_tac ts ts')
apply (rule_tac R="1 < ts" in corres_cases)
apply (simp)
@ -678,8 +678,8 @@ lemma timerTick_corres:
apply (rule ethread_set_corres, simp+)
apply (clarsimp simp: etcb_relation_def)
apply simp
apply (rule corres_split_deprecated [OF _ ethread_set_corres])
apply (rule corres_split_deprecated [OF _ tcbSchedAppend_corres])
apply (rule corres_split[OF ethread_set_corres])
apply (rule corres_split[OF tcbSchedAppend_corres])
apply (rule rescheduleRequired_corres)
apply (wp)[1]
apply (rule hoare_strengthen_post)
@ -730,7 +730,7 @@ lemma handleInterrupt_corres:
apply (rule conjI[rotated]; rule impI)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQState_corres,
apply (rule corres_split[OF getIRQState_corres,
where R="\<lambda>rv. einvs"
and R'="\<lambda>rv. invs' and (\<lambda>s. rv \<noteq> IRQInactive)"])
defer
@ -743,9 +743,9 @@ lemma handleInterrupt_corres:
apply (case_tac st, simp_all add: irq_state_relation_def split: irqstate.split_asm)
apply (simp add: getSlotCap_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule corres_split_deprecated [OF _ get_cap_corres,
apply (rule corres_split[OF get_cap_corres,
where R="\<lambda>rv. einvs and valid_cap rv"
and R'="\<lambda>rv. invs' and valid_cap' (cteCap rv)"])
apply (rule corres_underlying_split[where r'=dc])
@ -763,7 +763,7 @@ lemma handleInterrupt_corres:
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
apply simp
apply (rule corres_split_deprecated [OF corres_machine_op timerTick_corres])
apply (rule corres_split[OF timerTick_corres corres_machine_op])
apply (rule corres_eq_trivial, simp+)
apply (rule corres_machine_op)
apply (rule corres_eq_trivial, (simp add: no_fail_ackInterrupt)+)

30
proof/refine/ARM/IpcCancel_R.thy
View File

@ -185,7 +185,7 @@ lemma blocked_cancelIPC_corres:
od)"
apply (simp add: blocked_cancel_ipc_def gbep_ret)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres])
apply (rule corres_split[OF getEndpoint_corres])
apply (rule_tac F="ep \<noteq> IdleEP" in corres_gen_asm2)
apply (rule corres_assert_assume[rotated])
apply (clarsimp split: endpoint.splits)
@ -198,7 +198,7 @@ lemma blocked_cancelIPC_corres:
apply (case_tac "remove1 t list")
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -221,7 +221,7 @@ lemma blocked_cancelIPC_corres:
valid_tcb_state'_def)[1]
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -246,7 +246,7 @@ lemma blocked_cancelIPC_corres:
apply (case_tac "remove1 t list")
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -269,7 +269,7 @@ lemma blocked_cancelIPC_corres:
valid_tcb_state'_def)[1]
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -316,7 +316,7 @@ lemma cancelSignal_corres:
(cancelSignal t ntfn)"
apply (simp add: cancel_signal_def cancelSignal_def Let_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply (rule_tac F="isWaitingNtfn (ntfnObj ntfnaa)" in corres_gen_asm2)
apply (case_tac "ntfn_obj ntfna")
apply (simp add: ntfn_relation_def isWaitingNtfn_def)
@ -324,13 +324,13 @@ lemma cancelSignal_corres:
apply (rename_tac list)
apply (rule_tac R="remove1 t list = []" in corres_cases)
apply (simp del: dc_simp)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ntfn_relation_def)
apply (wp)+
apply (simp add: list_case_If del: dc_simp)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setThreadState_corres)
apply simp
apply (clarsimp simp add: ntfn_relation_def neq_Nil_conv)
@ -613,7 +613,7 @@ lemma (in delete_one) cancel_ipc_corres:
(cancel_ipc t) (cancelIPC t)"
apply (simp add: cancel_ipc_def cancelIPC_def Let_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac P="einvs and st_tcb_at ((=) state) t" and
P'="invs' and st_tcb_at' ((=) statea) t" in corres_inst)
apply (case_tac state, simp_all add: isTS_defs list_case_If)[1]
@ -1410,7 +1410,7 @@ lemma (in delete_one) suspend_corres:
apply (simp add: IpcCancel_A.suspend_def Thread_H.suspend_def)
apply (rule corres_guard_imp)
apply (rule corres_split_nor [OF _ cancel_ipc_corres])
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule corres_split_nor)
apply (rule corres_split_nor [OF _ setThreadState_corres])
apply (rule tcbSchedDequeue_corres')
@ -2002,7 +2002,7 @@ lemma cancelAllSignals_corres:
apply simp+
apply (case_tac "ntfn_obj ntfna", simp_all add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule corres_split_deprecated [OF rescheduleRequired_corres])
apply (rule ep_cancel_corres_helper)
apply (wp mapM_x_wp'[where 'b="det_ext state"]
@ -2600,7 +2600,7 @@ lemma cancelBadgedSends_corres:
(cancel_badged_sends epptr bdg) (cancelBadgedSends epptr bdg)"
apply (simp add: cancel_badged_sends_def cancelBadgedSends_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres get_simple_ko_sp get_ep_sp',
apply (rule corres_split[OF getEndpoint_corres get_simple_ko_sp get_ep_sp',
where Q="invs and valid_sched" and Q'=invs'])
apply simp_all
apply (case_tac ep, simp_all add: ep_relation_def)
@ -2619,12 +2619,12 @@ lemma cancelBadgedSends_corres:
simp_all add: list_all2_refl)[1]
apply (clarsimp simp: liftM_def[symmetric] o_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac F="\<exists>pl. st = Structures_A.BlockedOnSend epptr pl"
in corres_gen_asm)
apply (clarsimp simp: o_def dc_def[symmetric] liftM_def)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split_deprecated[OF _ tcbSchedEnqueue_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule corres_split[OF tcbSchedEnqueue_corres])
apply (rule corres_trivial)
apply simp
apply wp+

115
proof/refine/ARM/Ipc_R.thy
View File

@ -110,9 +110,9 @@ lemma loadCapTransfer_corres:
msgMaxLength_def msgMaxExtraCaps_def msgLengthBits_def wordSize_def wordBits_def
del: upt.simps)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ load_word_corres])
apply (rule corres_split_deprecated [OF _ load_word_corres])
apply (rule corres_split_deprecated [OF _ load_word_corres])
apply (rule corres_split[OF load_word_corres])
apply (rule corres_split[OF load_word_corres])
apply (rule corres_split[OF load_word_corres])
apply (rule_tac P=\<top> and P'=\<top> in corres_inst)
apply (clarsimp simp: ct_relation_def)
apply (wp no_irq_loadWord)+
@ -134,7 +134,7 @@ lemma getReceiveSlots_corres:
apply (simp add: getReceiveSlots_def)
apply (simp add: getReceiveSlots_def split_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ loadCapTransfer_corres])
apply (rule corres_split[OF loadCapTransfer_corres])
apply (rule corres_empty_on_failure)
apply (rule corres_splitEE)
prefer 2
@ -149,7 +149,7 @@ lemma getReceiveSlots_corres:
apply (erule lookupSlotForCNodeOp_corres [OF _ refl])
apply simp
apply (simp add: split_def liftE_bindE unlessE_whenE)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_split_norE)
apply (rule corres_trivial, simp add: returnOk_def)
apply (rule corres_whenE)
@ -423,7 +423,7 @@ next
apply (rule corres_guard_imp)
apply (rule corres_if2)
apply (case_tac "fst x", auto simp add: isCap_simps)[1]
apply (rule corres_split_deprecated [OF _ corres_set_extra_badge])
apply (rule corres_split[OF corres_set_extra_badge])
apply (drule conjunct1)
apply simp
apply (rule corres_rel_imp, rule Cons.hyps, simp_all)[1]
@ -1030,7 +1030,7 @@ lemma transferCaps_corres:
getThreadCSpaceRoot)
apply (rule corres_assume_pre)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getReceiveSlots_corres])
apply (rule corres_split[OF getReceiveSlots_corres])
apply (rule_tac x=recv_buf in option_corres)
apply (rule_tac P=\<top> and P'=\<top> in corres_inst)
apply (case_tac info, simp)
@ -1284,7 +1284,7 @@ lemma lookupCapAndSlot_corres:
apply (rule corres_guard_imp)
apply (rule_tac r'="\<lambda>rv rv'. rv' = cte_map (fst rv)"
in corres_splitEE)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule corres_returnOkTT, simp)
apply simp
apply wp+
@ -1386,8 +1386,7 @@ lemma doNormalTransfer_corres:
apply (rule corres_split_mapr [OF _ getMessageInfo_corres])
apply (rule_tac F="valid_message_info mi" in corres_gen_asm)
apply (rule_tac r'="list_all2 (\<lambda>x y. cap_relation (fst x) (fst y) \<and> snd y = cte_map (snd x))"
in corres_split_deprecated)
prefer 2
in corres_split)
apply (rule corres_if[OF refl])
apply (rule corres_split_catch)
apply (rule corres_trivial, simp)
@ -1396,7 +1395,7 @@ lemma doNormalTransfer_corres:
apply (rule corres_trivial, simp)
apply simp
apply (rule corres_split_eqr [OF _ copyMRs_corres])
apply (rule corres_split_deprecated [OF _ transferCaps_corres])
apply (rule corres_split[OF transferCaps_corres])
apply (rename_tac mi' mi'')
apply (rule_tac F="mi_label mi' = mi_label mi"
in corres_gen_asm)
@ -2079,11 +2078,11 @@ lemma doReplyTransfer_corres:
apply (rule corres_assert_assume[rotated])
apply (clarsimp simp: cte_wp_at_ctes_of)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ threadget_fault_corres])
apply (rule corres_split[OF threadget_fault_corres])
apply (case_tac rv, simp_all add: fault_rel_optionation_def bind_assoc)[1]
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split_deprecated [OF _ cap_delete_one_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (rule corres_split[OF cap_delete_one_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule possibleSwitchTo_corres)
apply simp
apply (wp set_thread_state_runnable_valid_sched set_thread_state_runnable_weak_valid_sched_action sts_st_tcb_at' sts_st_tcb' sts_valid_queues sts_valid_objs' delete_one_tcbDomain_obj_at'
@ -2114,13 +2113,13 @@ lemma doReplyTransfer_corres:
apply (auto simp: invs'_def valid_state'_def)[1]
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ cap_delete_one_corres])
apply (rule corres_split[OF cap_delete_one_corres])
apply (rule corres_split_mapr [OF _ getMessageInfo_corres])
apply (rule corres_split_eqr [OF _ lookupIPCBuffer_corres'])
apply (rule corres_split_eqr [OF _ getMRs_corres])
apply (simp(no_asm) del: dc_simp)
apply (rule corres_split_eqr [OF _ handleFaultReply_corres])
apply (rule corres_split_deprecated [OF _ threadset_corresT])
apply (rule corres_split[OF threadset_corresT])
apply (rule_tac Q="valid_sched and cur_tcb and tcb_at receiver"
and Q'="tcb_at' receiver and cur_tcb'
and (\<lambda>s. weak_sch_act_wf (ksSchedulerAction s) s)
@ -2128,7 +2127,7 @@ lemma doReplyTransfer_corres:
in corres_guard_imp)
apply (case_tac rvb, simp_all)[1]
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (fold dc_def, rule possibleSwitchTo_corres)
apply simp
apply (wp static_imp_wp static_imp_conj_wp set_thread_state_runnable_weak_valid_sched_action sts_st_tcb_at'
@ -2346,7 +2345,7 @@ proof -
apply (case_tac bl)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres,
apply (rule corres_split[OF getEndpoint_corres,
where
R="\<lambda>rv. einvs and st_tcb_at active t and ep_at ep and
valid_ep rv and obj_at (\<lambda>ob. ob = Endpoint rv) ep
@ -2357,7 +2356,7 @@ proof -
apply (case_tac rv)
apply (simp add: ep_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply (simp add: fault_rel_optionation_def)
@ -2367,7 +2366,7 @@ proof -
\<comment> \<open>concludes IdleEP if bl branch\<close>
apply (simp add: ep_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply (simp add: fault_rel_optionation_def)
@ -2383,17 +2382,17 @@ proof -
apply simp
apply (clarsimp split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (simp add: isReceive_def split del:if_split)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac
F="\<exists>data. recv_state = Structures_A.BlockedOnReceive ep data"
in corres_gen_asm)
apply (clarsimp simp: case_bool_If case_option_If if3_fold
simp del: dc_simp split del: if_split cong: if_cong)
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split_deprecated [OF _ possibleSwitchTo_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule corres_split[OF possibleSwitchTo_corres])
apply (fold when_def)[1]
apply (rule_tac P="call" and P'="call"
@ -2437,7 +2436,7 @@ proof -
apply wp+
apply (clarsimp simp: ep_at_def2)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres,
apply (rule corres_split[OF getEndpoint_corres,
where
R="\<lambda>rv. einvs and st_tcb_at active t and ep_at ep and
valid_ep rv and obj_at (\<lambda>k. k = Endpoint rv) ep"
@ -2464,15 +2463,15 @@ proof -
apply fastforce
apply (clarsimp split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac
F="\<exists>data. recv_state = Structures_A.BlockedOnReceive ep data"
in corres_gen_asm)
apply (clarsimp simp: isReceive_def case_bool_If
split del: if_split cong: if_cong)
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule possibleSwitchTo_corres)
apply (simp add: if_apply_def2)
apply (wp hoare_drop_imps)
@ -2534,7 +2533,7 @@ lemma sendSignal_corres:
(send_signal ep bg) (sendSignal ep bg)"
apply (simp add: send_signal_def sendSignal_def Let_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getNotification_corres,
apply (rule corres_split[OF getNotification_corres,
where
R = "\<lambda>rv. einvs and ntfn_at ep and valid_ntfn rv and
ko_at (Structures_A.Notification rv) ep" and
@ -2551,16 +2550,16 @@ lemma sendSignal_corres:
apply (rule corres_guard_imp[OF setNotification_corres])
apply (clarsimp simp add: ntfn_relation_def)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule corres_if)
apply (fastforce simp: receive_blocked_def receiveBlocked_def
thread_state_relation_def
split: Structures_A.thread_state.splits
Structures_H.thread_state.splits)
apply (rule corres_split_deprecated[OF _ cancel_ipc_corres])
apply (rule corres_split_deprecated[OF _ setThreadState_corres])
apply (rule corres_split[OF cancel_ipc_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated[OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule possibleSwitchTo_corres)
apply wp
apply (clarsimp simp: thread_state_relation_def)
@ -2590,10 +2589,10 @@ lemma sendSignal_corres:
apply (rule corres_guard_imp)
apply (rule_tac F="list \<noteq> []" in corres_gen_asm)
apply (simp add: list_case_helper split del: if_split)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule possibleSwitchTo_corres)
apply ((wp | simp)+)[1]
apply (rule_tac Q="\<lambda>_. Invariants_H.valid_queues and valid_queues' and
@ -2621,10 +2620,10 @@ lemma sendSignal_corres:
apply (rule corres_guard_imp)
apply (rule_tac F="list \<noteq> []" in corres_gen_asm)
apply (simp add: list_case_helper)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule possibleSwitchTo_corres)
apply (wp cur_tcb_lift | simp)+
apply (wp sts_st_tcb_at' set_thread_state_runnable_weak_valid_sched_action
@ -3043,7 +3042,7 @@ lemma replyFromKernel_corres:
badge_register_def badgeRegister_def)
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ lookupIPCBuffer_corres])
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule corres_split_eqr [OF _ setMRs_corres])
apply (rule setMessageInfo_corres)
apply (wp hoare_case_option_wp hoare_valid_ipc_buffer_ptr_typ_at'
@ -3068,14 +3067,14 @@ lemma completeSignal_corres:
apply (rule corres_guard_imp)
apply (rule_tac R'="\<lambda>ntfn. ntfn_at' ntfnptr and tcb_at' tcb and valid_pspace'
and valid_ntfn' ntfn and (\<lambda>_. isActive ntfn)"
in corres_split_deprecated [OF _ getNotification_corres])
in corres_split[OF getNotification_corres])
apply (rule corres_gen_asm2)
apply (case_tac "ntfn_obj rv")
apply (clarsimp simp: ntfn_relation_def isActive_def
split: ntfn.splits Structures_H.notification.splits)+
apply (rule corres_guard2_imp)
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated[OF setNotification_corres asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres setNotification_corres])
apply (clarsimp simp: ntfn_relation_def)
apply (wp set_simple_ko_valid_objs get_simple_ko_wp getNotification_wp | clarsimp simp: valid_ntfn'_def)+
apply (clarsimp simp: valid_pspace'_def)
@ -3106,9 +3105,9 @@ lemma receiveIPC_corres:
apply (rename_tac word1 word2 right)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres])
apply (rule corres_split[OF getEndpoint_corres])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getBoundNotification_corres])
apply (rule corres_split[OF getBoundNotification_corres])
apply (rule_tac r'="ntfn_relation" in corres_split_deprecated)
apply (rule corres_if)
apply (clarsimp simp: ntfn_relation_def Ipc_A.isActive_def Endpoint_H.isActive_def
@ -3128,7 +3127,7 @@ lemma receiveIPC_corres:
apply (simp add: ep_relation_def)
apply (rule corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply simp
@ -3145,8 +3144,8 @@ lemma receiveIPC_corres:
apply (clarsimp simp: valid_ep_def)
apply (case_tac list, simp_all split del: if_split)[1]
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac
F="\<exists>data.
sender_state =
@ -3155,7 +3154,7 @@ lemma receiveIPC_corres:
apply (clarsimp simp: isSend_def case_bool_If
case_option_If if3_fold
split del: if_split cong: if_cong)
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (simp split del: if_split cong: if_cong)
apply (fold dc_def)[1]
apply (rule_tac P="valid_objs and valid_mdb and valid_list
@ -3179,7 +3178,7 @@ lemma receiveIPC_corres:
apply (rule corres_if2 [OF _ setupCallerCap_corres setThreadState_corres])
apply simp
apply simp
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule possibleSwitchTo_corres)
apply simp
apply (wp sts_st_tcb_at' set_thread_state_runnable_weak_valid_sched_action
@ -3209,7 +3208,7 @@ lemma receiveIPC_corres:
apply (simp add: ep_relation_def)
apply (rule_tac corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply simp
@ -3252,14 +3251,14 @@ lemma receiveSignal_corres:
obj_at (\<lambda>k. k = Notification rv) word1" and
R'="\<lambda>rv'. invs' and tcb_at' thread and ntfn_at' word1 and
valid_ntfn' rv'"
in corres_split_deprecated [OF _ getNotification_corres])
in corres_split[OF getNotification_corres])
apply clarsimp
apply (case_tac "ntfn_obj rv")
\<comment> \<open>IdleNtfn\<close>
apply (simp add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setNotification_corres)
apply (simp add: ntfn_relation_def)
apply simp
@ -3269,7 +3268,7 @@ lemma receiveSignal_corres:
apply (simp add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated[OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setNotification_corres)
apply (simp add: ntfn_relation_def)
apply simp
@ -3280,7 +3279,7 @@ lemma receiveSignal_corres:
apply (simp add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule setNotification_corres)
apply (simp add: ntfn_relation_def)
apply wp+
@ -3333,7 +3332,7 @@ lemma sendFaultIPC_corres:
apply (rule corres_guard_imp)
apply (rule corres_if2 [OF refl])
apply (simp add: dc_def[symmetric])
apply (rule corres_split_deprecated [OF sendIPC_corres threadset_corres], simp_all)[1]
apply (rule corres_split[OF threadset_corres sendIPC_corres], simp_all)[1]
apply (simp add: tcb_relation_def fault_rel_optionation_def exst_same_def)+
apply (wp thread_set_invs_trivial thread_set_no_change_tcb_state
thread_set_typ_at ep_at_typ_at ex_nonz_cap_to_pres

36
proof/refine/ARM/Refine.thy
View File

@ -538,12 +538,10 @@ lemma kernel_corres':
unfolding call_kernel_def callKernel_def
apply (simp add: call_kernel_def callKernel_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule corres_split_handle [OF _ handleEvent_corres])
apply simp
apply (rule corres_split_deprecated [OF _ corres_machine_op])
prefer 2
apply (rule corres_split[OF corres_machine_op])
apply (rule corres_underlying_trivial)
apply (rule no_fail_getActiveIRQ)
apply clarsimp
@ -566,7 +564,7 @@ lemma kernel_corres':
apply (rule_tac Q="\<lambda>_. \<top>" and E="\<lambda>_. invs'" in hoare_post_impErr)
apply wpsimp+
apply (simp add: invs'_def valid_state'_def)
apply (rule corres_split_deprecated [OF _ schedule_corres])
apply (rule corres_split[OF schedule_corres])
apply (rule activateThread_corres)
apply (wp handle_interrupt_valid_sched[unfolded non_kernel_IRQs_def, simplified]
schedule_invs' hoare_vcg_if_lift2 hoare_drop_imps |simp)+
@ -627,9 +625,8 @@ lemma entry_corres:
(kernel_entry event tc) (kernelEntry event tc)"
apply (simp add: kernel_entry_def kernelEntry_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split)
apply simp
apply (rule threadset_corresT)
apply (simp add: tcb_relation_def arch_tcb_relation_def
@ -637,7 +634,7 @@ lemma entry_corres:
apply (clarsimp simp: tcb_cap_cases_def)
apply (clarsimp simp: tcb_cte_cases_def)
apply (simp add: exst_same_def)
apply (rule corres_split_deprecated [OF _ kernel_corres])
apply (rule corres_split[OF kernel_corres])
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule threadGet_corres)
apply (simp add: tcb_relation_def arch_tcb_relation_def
@ -667,26 +664,21 @@ lemma do_user_op_corres:
(do_user_op f tc) (doUserOp f tc)"
apply (simp add: do_user_op_def doUserOp_def split_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule corres_split[OF getCurThread_corres])
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split)
apply (fastforce dest: absKState_correct [rotated])
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split)
apply (fastforce dest: absKState_correct [rotated])
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split)
apply (rule user_mem_corres)
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split)
apply (rule device_mem_corres)
apply (rule_tac r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" in corres_split)
apply (rule corres_gets_machine_state)
apply (rule_tac F = "dom (rvb \<circ> addrFromPPtr) \<subseteq> - dom rvd" in corres_gen_asm)
apply (rule_tac F = "dom (rvc \<circ> addrFromPPtr) \<subseteq> dom rvd" in corres_gen_asm)
apply simp
apply (rule_tac r'="(=)" in corres_split_deprecated[OF _ corres_select])
apply (rule_tac r'="(=)" in corres_split[OF corres_select])
apply (rule corres_underlying_split[OF corres_machine_op])
apply simp
apply (rule corres_underlying_trivial)
@ -742,7 +734,7 @@ lemma check_active_irq_corres':
"corres (=) \<top> \<top> (check_active_irq) (checkActiveIRQ)"
apply (simp add: check_active_irq_def checkActiveIRQ_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_machine_op[OF corres_underlying_trivial], where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply (rule corres_split[OF corres_machine_op[OF corres_underlying_trivial], where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply simp
apply (rule no_fail_getActiveIRQ)
apply (wp | simp )+

64
proof/refine/ARM/Schedule_R.thy
View File

@ -48,7 +48,7 @@ proof -
apply (simp only: findM.simps)
apply (subst P)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ x])
apply (rule corres_split[OF x])
apply (rule corres_if2)
apply (case_tac ra, clarsimp+)[1]
apply (rule corres_trivial, clarsimp)
@ -732,8 +732,8 @@ proof -
setCurThread t
od)"
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ arch_switchToThread_corres])
apply (rule corres_split_deprecated[OF setCurThread_corres tcbSchedDequeue_corres])
apply (rule corres_split[OF arch_switchToThread_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres setCurThread_corres])
apply (wp|clarsimp simp: tcb_at_is_etcb_at st_tcb_at_tcb_at)+
done
@ -765,8 +765,8 @@ lemma switchToIdleThread_corres:
"corres dc invs invs_no_cicd' switch_to_idle_thread switchToIdleThread"
apply (simp add: switch_to_idle_thread_def Thread_H.switchToIdleThread_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIdleThread_corres])
apply (rule corres_split_deprecated [OF _ arch_switchToIdleThread_corres])
apply (rule corres_split[OF getIdleThread_corres])
apply (rule corres_split[OF arch_switchToIdleThread_corres])
apply (unfold setCurThread_def)
apply (rule corres_trivial, rule corres_modify)
apply (simp add: state_relation_def cdt_relation_def)
@ -1534,7 +1534,7 @@ lemma guarded_switch_to_chooseThread_fragment_corres:
unfolding guarded_switch_to_def isRunnable_def
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule corres_assert_assume_l)
apply (rule corres_assert_assume_r)
apply (rule switchToThread_corres)
@ -1596,7 +1596,7 @@ proof -
apply (rule corres_guard_imp)
apply (rule corres_split[OF curDomain_corres'])
apply clarsimp
apply (rule corres_split_deprecated[OF _ corres_gets_queues_getReadyQueuesL1Bitmap])
apply (rule corres_split[OF corres_gets_queues_getReadyQueuesL1Bitmap])
apply (erule corres_if2[OF sym])
apply (rule switchToIdleThread_corres)
apply (rule corres_symb_exec_r)
@ -1698,7 +1698,7 @@ lemma scheduleChooseNewThread_fragment_corres:
apply (subst bind_dummy_ret_val)
apply (subst bind_dummy_ret_val)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split[OF corres_when])
apply simp
apply (rule chooseThread_corres)
apply simp
@ -1732,7 +1732,7 @@ lemma isHighestPrio_corres:
apply (clarsimp simp: gets_is_highest_prio_expand isHighestPrio_def)
apply (subst getHighestPrio_def')
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_gets_queues_getReadyQueuesL1Bitmap])
apply (rule corres_split[OF corres_gets_queues_getReadyQueuesL1Bitmap])
apply (rule corres_if_r'[where P'="\<lambda>_. True",rotated])
apply (rule_tac corres_symb_exec_r)
apply (rule_tac
@ -1770,8 +1770,8 @@ lemma scheduleChooseNewThread_corres:
schedule_choose_new_thread scheduleChooseNewThread"
unfolding schedule_choose_new_thread_def scheduleChooseNewThread_def
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getDomainTime_corres], clarsimp)
apply (rule corres_split_deprecated[OF _ scheduleChooseNewThread_fragment_corres, simplified bind_assoc])
apply (rule corres_split[OF getDomainTime_corres], clarsimp)
apply (rule corres_split[OF scheduleChooseNewThread_fragment_corres, simplified bind_assoc])
apply (rule setSchedulerAction_corres)
apply (wp | simp)+
apply (wp | simp add: getDomainTime_def)+
@ -1805,8 +1805,8 @@ lemma schedule_corres:
apply (subst thread_get_comm)
apply (subst schact_bind_inside)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres[THEN corres_rel_imp[where r="\<lambda>x y. y = x"],simplified]])
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF getCurThread_corres[THEN corres_rel_imp[where r="\<lambda>x y. y = x"],simplified]])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (rule corres_split_sched_act,assumption)
apply (rule_tac P="tcb_at ct" in corres_symb_exec_l')
apply (rule_tac corres_symb_exec_l)
@ -1816,29 +1816,29 @@ lemma schedule_corres:
prefer 2
(* choose thread *)
apply clarsimp
apply (rule corres_split_deprecated[OF _ thread_get_isRunnable_corres])
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split[OF thread_get_isRunnable_corres])
apply (rule corres_split[OF corres_when])
apply (rule scheduleChooseNewThread_corres, simp)
apply (rule tcbSchedEnqueue_corres, simp)
apply (wp thread_get_wp' tcbSchedEnqueue_invs' hoare_vcg_conj_lift hoare_drop_imps
| clarsimp)+
(* switch to thread *)
apply (rule corres_split_deprecated[OF _ thread_get_isRunnable_corres],
apply (rule corres_split[OF thread_get_isRunnable_corres],
rename_tac was_running wasRunning)
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split_deprecated[OF _ getIdleThread_corres], rename_tac it it')
apply (rule corres_split[OF corres_when])
apply (rule corres_split[OF getIdleThread_corres], rename_tac it it')
apply (rule_tac F="was_running \<longrightarrow> ct \<noteq> it" in corres_gen_asm)
apply (rule corres_split_deprecated[OF _ ethreadget_corres[where r="(=)"]],
apply (rule corres_split[OF ethreadget_corres[where r="(=)"]],
rename_tac tp tp')
apply (rule corres_split_deprecated[OF _ ethread_get_when_corres[where r="(=)"]],
apply (rule corres_split[OF ethread_get_when_corres[where r="(=)"]],
rename_tac cp cp')
apply (rule corres_split_deprecated[OF _ scheduleSwitchThreadFastfail_corres])
apply (rule corres_split_deprecated[OF _ curDomain_corres])
apply (rule corres_split_deprecated[OF _ isHighestPrio_corres]; simp only:)
apply (rule corres_split[OF scheduleSwitchThreadFastfail_corres])
apply (rule corres_split[OF curDomain_corres])
apply (rule corres_split[OF isHighestPrio_corres]; simp only:)
apply (rule corres_if, simp)
apply (rule corres_split_deprecated[OF _ tcbSchedEnqueue_corres])
apply (rule corres_split[OF tcbSchedEnqueue_corres])
apply (simp, fold dc_def)
apply (rule corres_split_deprecated[OF _ setSchedulerAction_corres])
apply (rule corres_split[OF setSchedulerAction_corres])
apply (rule scheduleChooseNewThread_corres, simp)
apply (wp | simp)+
@ -1852,9 +1852,9 @@ lemma schedule_corres:
apply (rule corres_if, fastforce)
apply (rule corres_split_deprecated[OF _ tcbSchedAppend_corres])
apply (rule corres_split[OF tcbSchedAppend_corres])
apply (simp, fold dc_def)
apply (rule corres_split_deprecated[OF _ setSchedulerAction_corres])
apply (rule corres_split[OF setSchedulerAction_corres])
apply (rule scheduleChooseNewThread_corres, simp)
apply (wp | simp)+
@ -1866,7 +1866,7 @@ lemma schedule_corres:
apply (wp tcb_sched_action_append_valid_blocked hoare_vcg_all_lift append_thread_queued)
apply (wp tcbSchedAppend_invs'_not_ResumeCurrentThread)
apply (rule corres_split_deprecated[OF _ guarded_switch_to_corres], simp)
apply (rule corres_split[OF guarded_switch_to_corres], simp)
apply (rule setSchedulerAction_corres[simplified dc_def])
apply (wp | simp)+
@ -2268,14 +2268,14 @@ lemma possibleSwitchTo_corres:
supply ethread_get_wp[wp del]
apply (simp add: possible_switch_to_def possibleSwitchTo_def cong: if_cong)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ curDomain_corres], simp)
apply (rule corres_split_deprecated[OF _ ethreadget_corres[where r="(=)"]])
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF curDomain_corres], simp)
apply (rule corres_split[OF ethreadget_corres[where r="(=)"]])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (rule corres_if, simp)
apply (rule tcbSchedEnqueue_corres)
apply (rule corres_if, simp)
apply (case_tac action; simp)
apply (rule corres_split_deprecated[OF _ rescheduleRequired_corres])
apply (rule corres_split[OF rescheduleRequired_corres])
apply (rule tcbSchedEnqueue_corres)
apply (wp rescheduleRequired_valid_queues'_weak)+
apply (rule setSchedulerAction_corres, simp)

34
proof/refine/ARM/Syscall_R.thy
View File

@ -266,7 +266,7 @@ lemma hinv_corres_assist:
prefer 2
\<comment> \<open>switched over to argument of corres_cap_fault\<close>
apply (rule lookupCapAndSlot_corres, simp)
apply (rule corres_split_deprecated [OF _ lookupIPCBuffer_corres])
apply (rule corres_split[OF lookupIPCBuffer_corres])
apply (rule corres_splitEE [OF _ lookupExtraCaps_corres])
apply (rule corres_returnOkTT)
apply simp+
@ -349,10 +349,10 @@ lemma setDomain_corres:
apply (rule corres_gen_asm2)
apply (simp add: set_domain_def setDomain_def thread_set_domain_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split_deprecated[OF _ tcbSchedDequeue_corres])
apply (rule corres_split_deprecated[OF _ ethread_set_corres])
apply (rule corres_split_deprecated[OF _ isRunnable_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres])
apply (rule corres_split[OF ethread_set_corres])
apply (rule corres_split[OF isRunnable_corres])
apply simp
apply (rule corres_split_deprecated[OF corres_when[OF refl]])
apply (rule rescheduleRequired_corres)
@ -406,9 +406,9 @@ lemma performInvocation_corres:
apply wp+
apply simp+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule corres_split_deprecated [OF _ sendIPC_corres])
apply (rule corres_split[OF sendIPC_corres])
apply (rule corres_trivial)
apply simp
apply simp
@ -419,7 +419,7 @@ lemma performInvocation_corres:
sch_act_simple_def)
apply (rule corres_guard_imp)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated [OF _ sendSignal_corres])
apply (rule corres_split[OF sendSignal_corres])
apply (rule corres_trivial)
apply (simp add: returnOk_def)
apply wp+
@ -442,7 +442,7 @@ lemma performInvocation_corres:
\<comment> \<open>domain cap\<close>
apply (clarsimp simp: invoke_domain_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setDomain_corres])
apply (rule corres_split[OF setDomain_corres])
apply (rule corres_trivial, simp)
apply (wp)+
apply (clarsimp+)[2]
@ -1211,7 +1211,7 @@ lemma handleInvocation_corres:
apply (simp add: handle_invocation_def handleInvocation_def liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule corres_split_deprecated [OF _ getMessageInfo_corres])
apply (rule corres_split[OF getMessageInfo_corres])
apply clarsimp
apply (simp add: liftM_def cap_register_def capRegister_def)
apply (rule corres_split_eqr [OF _ asUser_getRegister_corres])
@ -1221,7 +1221,7 @@ lemma handleInvocation_corres:
apply (rule handleFault_corres)
apply simp
apply (simp add: split_def)
apply (rule corres_split_deprecated [OF _ getMRs_corres])
apply (rule corres_split[OF getMRs_corres])
apply (rule decodeInvocation_corres, simp_all)[1]
apply (fastforce simp: list_all2_map2 list_all2_map1 elim: list_all2_mono)
apply (fastforce simp: list_all2_map2 list_all2_map1 elim: list_all2_mono)
@ -1231,10 +1231,10 @@ lemma handleInvocation_corres:
apply wp[1]
apply (clarsimp simp: when_def)
apply (rule replyFromKernel_corres)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule corres_splitEE [OF _ performInvocation_corres])
apply simp
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rename_tac state state')
apply (case_tac state, simp_all)[1]
apply (fold dc_def)[1]
@ -1631,10 +1631,10 @@ lemma handleYield_corres:
"corres dc einvs (invs' and ct_active' and (\<lambda>s. ksSchedulerAction s = ResumeCurrentThread)) handle_yield handleYield"
apply (clarsimp simp: handle_yield_def handleYield_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule corres_split_deprecated[OF _ tcbSchedDequeue_corres])
apply (rule corres_split_deprecated[OF _ tcbSchedAppend_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres])
apply (rule corres_split[OF tcbSchedAppend_corres])
apply (rule rescheduleRequired_corres)
apply (wp weak_sch_act_wf_lift_linear tcbSchedDequeue_valid_queues | simp add: )+
apply (simp add: invs_def valid_sched_def valid_sched_action_def
@ -1710,7 +1710,7 @@ lemma handleReply_corres:
getSlotCap_def)
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac P="einvs and cte_wp_at ((=) caller_cap) (thread, tcb_cnode_index 3)
and K (is_reply_cap caller_cap \<or> caller_cap = cap.NullCap)
and tcb_at thread and st_tcb_at active thread

20
proof/refine/ARM/TcbAcc_R.thy
View File

@ -327,7 +327,7 @@ lemma threadset_corresT:
(thread_set f t) (threadSet f' t)"
apply (simp add: thread_set_def threadSet_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getObject_TCB_corres])
apply (rule corres_split[OF getObject_TCB_corres])
apply (rule setObject_update_TCB_corres')
apply (erule x)
apply (rule y)
@ -1346,7 +1346,7 @@ lemma asUser_corres':
apply (simp add: as_user_def asUser_def)
apply (rule corres_guard_imp)
apply (rule_tac r'="\<lambda>tcb con. (arch_tcb_context_get o tcb_arch) tcb = con" in corres_split_deprecated)
apply (rule corres_split_deprecated [OF _ L4])
apply (rule corres_split[OF L4])
apply clarsimp
apply (rule corres_split_nor)
apply (rule corres_trivial, simp)
@ -1841,7 +1841,7 @@ lemma rescheduleRequired_corres:
(reschedule_required) rescheduleRequired"
apply (simp add: rescheduleRequired_def reschedule_required_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (rule_tac P="case action of switch_thread t \<Rightarrow> P t | _ \<Rightarrow> \<top>"
and P'="case actiona of SwitchToThread t \<Rightarrow> P' t | _ \<Rightarrow> \<top>" for P P' in corres_split_deprecated[where r'=dc])
apply (rule setSchedulerAction_corres)
@ -2037,9 +2037,9 @@ lemma setThreadState_corres:
apply (rule corres_split_deprecated[where r'=dc])
apply simp
apply (subst thread_get_test[where test="runnable"])
apply (rule corres_split_deprecated[OF _ thread_get_isRunnable_corres])
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF thread_get_isRunnable_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (simp only: when_def)
apply (rule corres_if[where Q=\<top> and Q'=\<top>])
apply (rule iffI)
@ -3232,7 +3232,7 @@ lemma getMRs_corres:
apply simp
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ T])
apply (rule corres_split[OF T])
apply (simp only: option.simps return_bind fun_app_def
load_word_offs_def doMachineOp_mapM ef_loadWord)
apply (rule corres_split_eqr)
@ -3523,7 +3523,7 @@ lemma lookupIPCBuffer_corres':
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ threadGet_corres])
apply (simp add: getThreadBufferSlot_def locateSlot_conv)
apply (rule corres_split_deprecated [OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F="valid_ipc_buffer_cap rv buffer_ptr"
in corres_gen_asm)
apply (rule_tac P="valid_cap rv" and Q="no_0_obj'"
@ -4384,7 +4384,7 @@ lemma get_cap_corres_all_rights_P:
apply (simp add: getSlotCap_def mask_cap_def)
apply (subst bind_return [symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres_P [where P=P]])
apply (rule corres_split[OF get_cap_corres_P [where P=P]])
defer
apply (wp getCTE_wp')+
apply simp
@ -4508,7 +4508,7 @@ lemma ethread_set_corresT:
(ethread_set f t) (threadSet f' t)"
apply (simp add: ethread_set_def threadSet_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF set_eobject_corres corres_get_etcb])
apply (rule corres_split[OF corres_get_etcb set_eobject_corres])
apply (rule x)
apply (erule e)
apply (simp add: z)+

58
proof/refine/ARM/Tcb_R.thy
View File

@ -35,7 +35,7 @@ lemma activateThread_corres:
\<and> invs s \<and> st_tcb_at ((=) ts) thread s"
and R'="\<lambda>ts s. valid_tcb_state' ts s \<and> (idle' ts \<or> runnable' ts)
\<and> invs' s \<and> st_tcb_at' (\<lambda>ts'. ts' = ts) thread s"
in corres_split_deprecated [OF _ getThreadState_corres])
in corres_split[OF getThreadState_corres])
apply (rule_tac F="idle rv \<or> runnable rv" in corres_req, simp)
apply (rule_tac F="idle' rv' \<or> runnable' rv'" in corres_req, simp)
apply (case_tac rv, simp_all add:
@ -66,8 +66,8 @@ lemma bindNotification_corres:
(bind_notification t a) (bindNotification t a)"
apply (simp add: bind_notification_def bindNotification_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getNotification_corres])
apply (rule corres_split_deprecated[OF _ setNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setBoundNotification_corres)
apply (clarsimp simp: ntfn_relation_def split: Structures_A.ntfn.splits)
apply (wp)+
@ -208,12 +208,12 @@ lemma restart_corres:
apply (simp add: Tcb_A.restart_def Thread_H.restart_def)
apply (simp add: isStopped_def2 liftM_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (clarsimp simp add: runnable_tsr idle_tsr when_def)
apply (rule corres_split_nor [OF _ cancel_ipc_corres])
apply (rule corres_split_nor [OF _ setupReplyMaster_corres])
apply (rule corres_split_nor [OF _ setThreadState_corres])
apply (rule corres_split_deprecated [OF possibleSwitchTo_corres tcbSchedEnqueue_corres])
apply (rule corres_split[OF tcbSchedEnqueue_corres possibleSwitchTo_corres])
apply (wp set_thread_state_runnable_weak_valid_sched_action sts_st_tcb_at' sts_valid_queues sts_st_tcb' | clarsimp simp: valid_tcb_state'_def)+
apply (rule_tac Q="\<lambda>rv. valid_sched and cur_tcb" in hoare_strengthen_post)
apply wp
@ -289,7 +289,7 @@ lemma invokeTCB_ReadRegisters_corres:
frameRegisters_def gpRegisters_def)
apply (rule corres_guard_imp)
apply (rule corres_split_nor)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (simp add: liftM_def[symmetric])
apply (rule asUser_corres)
apply (rule corres_Id)
@ -336,7 +336,7 @@ lemma invokeTCB_WriteRegisters_corres:
frameRegisters_def gpRegisters_def getSanitiseRegisterInfo_def
sanitiseRegister_def sanitise_register_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split_nor)
prefer 2
apply (rule asUser_corres)
@ -441,13 +441,13 @@ proof -
show ?thesis
apply (simp add: invokeTCB_def performTransfer_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ corres_when [OF refl suspend_corres]], simp)
apply (rule corres_split_deprecated [OF _ corres_when [OF refl restart_corres]], simp)
apply (rule corres_split[OF corres_when [OF refl suspend_corres]], simp)
apply (rule corres_split[OF corres_when [OF refl restart_corres]], simp)
apply (rule corres_split_nor)
apply (rule corres_split_nor)
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule corres_split_nor[OF _ asUser_postModifyRegisters_corres[simplified]])
apply (rule corres_split_deprecated [OF _ corres_when[OF refl rescheduleRequired_corres]])
apply (rule corres_split[OF corres_when[OF refl rescheduleRequired_corres]])
apply (rule_tac P=\<top> and P'=\<top> in corres_inst)
apply simp
apply (wp static_imp_wp)+
@ -557,7 +557,7 @@ lemma isRunnable_corres:
apply (simp add: isRunnable_def)
apply (subst bind_return[symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (case_tac rv, clarsimp+)
apply (wp hoare_TrueI)+
apply auto
@ -634,11 +634,11 @@ lemma sp_corres2:
(set_priority t x) (setPriority t x)"
apply (simp add: setPriority_def set_priority_def thread_set_priority_def)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated [OF _ tcbSchedDequeue_corres])
apply (rule corres_split_deprecated [OF _ ethread_set_corres], simp_all)[1]
apply (rule corres_split_deprecated [OF _ isRunnable_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres])
apply (rule corres_split[OF ethread_set_corres], simp_all)[1]
apply (rule corres_split[OF isRunnable_corres])
apply (erule corres_when)
apply(rule corres_split_deprecated [OF _ getCurThread_corres])
apply(rule corres_split[OF getCurThread_corres])
apply (wp corres_if; clarsimp)
apply (rule rescheduleRequired_corres)
apply (rule possibleSwitchTo_corres)
@ -884,7 +884,7 @@ lemma checkCapAt_corres:
(checkCapAt cap' (cte_map slot) f')" using r c
apply (simp add: check_cap_at_def checkCapAt_def liftM_def when_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_if [unfolded if_apply_def2])
apply (erule(1) sameObject_corres2)
apply assumption
@ -1455,7 +1455,7 @@ proof -
apply (rule corres_split_norE)
apply (rule_tac F="is_aligned aa msg_align_bits" in corres_gen_asm2)
apply (rule corres_split_nor)
apply (rule corres_split_deprecated [OF _ getCurThread_corres], clarsimp)
apply (rule corres_split[OF getCurThread_corres], clarsimp)
apply (rule corres_when[OF refl rescheduleRequired_corres])
apply (wpsimp wp: gct_wp)+
apply (rule threadset_corres,
@ -1477,7 +1477,7 @@ proof -
apply (rule_tac F="isArchObjectCap ac" in corres_gen_asm2)
apply (rule corres_split_nor)
apply (rule corres_split_nor)
apply (rule corres_split_deprecated [OF _ getCurThread_corres], clarsimp)
apply (rule corres_split[OF getCurThread_corres], clarsimp)
apply (rule corres_when[OF refl rescheduleRequired_corres])
apply (wp gct_wp)+
apply (erule checkCapAt_cteInsert_corres)
@ -1845,14 +1845,14 @@ lemma invokeTCB_corres:
apply (case_tac option)
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindNotification_corres])
apply (rule corres_split[OF unbindNotification_corres])
apply (rule corres_trivial, simp)
apply wp+
apply (clarsimp)
apply clarsimp
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ bindNotification_corres])
apply (rule corres_split[OF bindNotification_corres])
apply (rule corres_trivial, simp)
apply wp+
apply clarsimp
@ -1860,9 +1860,9 @@ lemma invokeTCB_corres:
apply (clarsimp simp: obj_at'_def projectKOs)
apply (simp add: invokeTCB_def tlsBaseRegister_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ TcbAcc_R.asUser_setRegister_corres])
apply (rule corres_split_deprecated[OF _ Bits_R.getCurThread_corres])
apply (rule corres_split_deprecated[OF _ Corres_UL.corres_when])
apply (rule corres_split[OF TcbAcc_R.asUser_setRegister_corres])
apply (rule corres_split[OF Bits_R.getCurThread_corres])
apply (rule corres_split[OF Corres_UL.corres_when])
apply (rule corres_trivial, simp)
apply simp
apply (rule TcbAcc_R.rescheduleRequired_corres)
@ -1976,7 +1976,7 @@ lemma decodeReadRegisters_corres:
apply (rule corres_trivial)
apply (fastforce simp: returnOk_def)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_trivial)
apply (clarsimp simp: whenE_def)
apply (wp|simp)+
@ -1999,7 +1999,7 @@ lemma decodeWriteRegisters_corres:
apply clarsimp
apply (rule corres_guard_imp)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split_norE)
apply (rule corres_trivial, simp)
apply (rule corres_trivial, simp)
@ -2072,7 +2072,7 @@ lemma checkPrio_corres:
apply (simp add: check_prio_def checkPrio_def)
apply (rule corres_guard_imp)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ threadGet_corres])
apply (rule corres_split[OF threadGet_corres])
apply (rule_tac rvr = dc and
R = \<top> and
R' = \<top> in
@ -2333,7 +2333,7 @@ lemma slotCapLongRunningDelete_corres:
apply (clarsimp simp: slot_cap_long_running_delete_def
slotCapLongRunningDelete_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (auto split: cap_relation_split_asm arch_cap.split_asm
intro!: corres_rel_imp [OF isFinalCapability_corres[where ptr=ptr]]
simp: liftM_def[symmetric] final_matters'_def
@ -2378,8 +2378,8 @@ lemma decodeSetSpace_corres:
getThreadCSpaceRoot getThreadVSpaceRoot
split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ slotCapLongRunningDelete_corres])
apply (rule corres_split_deprecated [OF _ slotCapLongRunningDelete_corres])
apply (rule corres_split[OF slotCapLongRunningDelete_corres])
apply (rule corres_split[OF slotCapLongRunningDelete_corres])
apply (rule corres_split_norE)
apply (simp(no_asm) add: split_def unlessE_throwError_returnOk
bindE_assoc cap_CNode_case_throw

15
proof/refine/ARM/Untyped_R.thy
View File

@ -919,7 +919,7 @@ lemma corres_list_all2_mapM_':
apply simp
apply (clarsimp simp add: mapM_x_def sequence_x_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ y])
apply (rule corres_split[OF y])
apply (clarsimp dest!: suffix_ConsD)
apply (erule meta_allE, (drule(1) meta_mp)+)
apply assumption
@ -1517,10 +1517,9 @@ shows
apply (rule corres_underlying_symb_exec_l [OF set_original_symb_exec_l])
apply (rule corres_cong[OF refl refl _ refl refl, THEN iffD1])
apply (rule bind_return[THEN fun_cong])
apply (rule corres_split_deprecated [OF _ setCTE_corres])
apply (rule corres_split[OF setCTE_corres])
apply (subst bind_return[symmetric],
rule corres_split_deprecated)
prefer 2
rule corres_split)
apply (simp add: dc_def[symmetric])
apply (rule updateMDB_symb_exec_r)
apply (simp add: dc_def[symmetric])
@ -3223,7 +3222,7 @@ lemma createNewCaps_ranges':
declare split_paired_Ex[simp del]
lemmas corres_split_retype_createNewCaps
= corres_split_deprecated [OF _ corres_retype_region_createNewCaps,
= corres_split[OF corres_retype_region_createNewCaps,
simplified bind_assoc, simplified ]
declare split_paired_Ex[simp add]
@ -4183,7 +4182,7 @@ lemma resetUntypedCap_corres:
apply (simp add: reset_untyped_cap_def resetUntypedCap_def
liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F="cap = cap.UntypedCap dev ptr sz idx
\<and> (\<exists>s. s \<turnstile> cap)" in corres_gen_asm)
apply (clarsimp simp: bits_of_def free_index_of_def unlessE_def
@ -4191,7 +4190,7 @@ lemma resetUntypedCap_corres:
apply (rule corres_if[OF refl])
apply (rule corres_returnOk[where P=\<top> and P'=\<top>], simp)
apply (simp add: liftE_bindE bits_of_def split del: if_split)
apply (rule corres_split_deprecated[OF _ deleteObjects_corres])
apply (rule corres_split[OF deleteObjects_corres])
apply (rule corres_if)
apply simp
apply (simp add: bits_of_def shiftL_nat)
@ -4842,7 +4841,7 @@ lemma inv_untyped_corres':
sz (if reset then 0 else idx)" in corres_gen_asm)
apply (rule corres_add_noop_lhs)
apply (rule corres_split_nor[OF _ cNodeNoOverlap return_wp stateAssert_wp])
apply (rule corres_split_deprecated[OF _ updateFreeIndex_corres,rotated])
apply (rule corres_split[OF updateFreeIndex_corres,rotated])
apply (simp add:isCap_simps)+
apply (clarsimp simp:getFreeIndex_def bits_of_def shiftL_nat shiftl_t2n
free_index_of_def)

147
proof/refine/ARM/VSpace_R.thy
View File

@ -257,7 +257,7 @@ lemma findPDForASIDAssert_known_corres:
apply clarsimp
apply (erule(3) find_pd_for_asid_assert_eq[symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ findPDForASIDAssert_corres[where pd=pd]])
apply (rule corres_split[OF findPDForASIDAssert_corres[where pd=pd]])
apply simp
apply wp+
apply clarsimp
@ -307,10 +307,9 @@ lemma storeHWASID_corres:
(store_hw_asid a h) (storeHWASID a h)"
apply (simp add: store_hw_asid_def storeHWASID_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ findPDForASIDAssert_corres[where pd=pd]])
apply (rule corres_split[OF findPDForASIDAssert_corres[where pd=pd]])
apply (rule corres_split_eqr)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule corres_trivial, rule corres_modify)
apply (clarsimp simp: state_relation_def)
apply (simp add: arch_state_relation_def)
@ -398,14 +397,13 @@ lemma findFreeHWASID_corres:
in option.nchotomy[rule_format])
apply (erule corres_disj_division)
apply (clarsimp split del: if_split)
apply (rule corres_split_deprecated [OF _ invalidate_asid_ext_corres])
apply (rule corres_split[OF invalidate_asid_ext_corres])
apply (rule corres_underlying_split [where r'=dc])
apply (rule corres_trivial, rule corres_machine_op)
apply (rule corres_no_failI)
apply (rule no_fail_invalidateLocalTLB_ASID)
apply fastforce
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule invalidateHWASIDEntry_corres)
apply (rule corres_split_deprecated)
apply (rule corres_trivial)
@ -460,7 +458,7 @@ lemma getHWASID_corres:
apply (rule corres_split_eqr [OF _ loadHWASID_corres[where pd=pd]])
apply (case_tac maybe_hw_asid, simp_all)[1]
apply (rule corres_split_eqr [OF _ findFreeHWASID_corres])
apply (rule corres_split_deprecated [OF _ storeHWASID_corres[where pd=pd]])
apply (rule corres_split[OF storeHWASID_corres[where pd=pd]])
apply (rule corres_trivial, simp )
apply (wpsimp wp: load_hw_asid_wp)+
apply (simp add: pd_at_asid_uniq)
@ -547,11 +545,9 @@ lemma flushSpace_corres:
(flush_space asid) (flushSpace asid)"
apply (simp add: flushSpace_def flush_space_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule loadHWASID_corres[where pd=pd])
apply (rule corres_split_deprecated [where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
prefer 2
apply (rule corres_split[where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply (rule corres_machine_op [where r=dc])
apply (rule corres_Id, rule refl, simp)
apply (rule no_fail_cleanCaches_PoU)
@ -579,8 +575,7 @@ lemma invalidateTLBByASID_corres:
(invalidate_tlb_by_asid asid) (invalidateTLBByASID asid)"
apply (simp add: invalidate_tlb_by_asid_def invalidateTLBByASID_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
prefer 2
apply (rule corres_split[where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply (rule loadHWASID_corres[where pd=pd])
apply (case_tac maybe_hw_asid)
apply simp
@ -705,7 +700,7 @@ proof -
pspace_aligned and pspace_distinct and
cte_wp_at ((=) thread_root) thread_root_slot"
and R'="\<lambda>thread_root. pspace_aligned' and pspace_distinct' and no_0_obj'"
in corres_split_deprecated [OF _ getSlotCap_corres])
in corres_split[OF getSlotCap_corres])
apply (insert Q)
apply (case_tac rv, simp_all add: isCap_simps Q[simplified])[1]
apply (rename_tac arch_cap)
@ -799,8 +794,8 @@ lemma invalidateASIDEntry_corres:
(invalidate_asid_entry asid) (invalidateASIDEntry asid)"
apply (simp add: invalidate_asid_entry_def invalidateASIDEntry_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ loadHWASID_corres[where pd=pd]])
apply (rule corres_split_deprecated [OF _ corres_when])
apply (rule corres_split[OF loadHWASID_corres[where pd=pd]])
apply (rule corres_split[OF corres_when])
apply (rule invalidateASID_corres[where pd=pd])
apply simp
apply simp
@ -844,7 +839,7 @@ lemma deleteASID_corres:
(delete_asid asid pd) (deleteASID asid pd)"
apply (simp add: delete_asid_def deleteASID_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ corres_gets_asid])
apply (rule corres_split[OF corres_gets_asid])
apply (case_tac "asid_table (asid_high_bits_of asid)", simp)
apply clarsimp
apply (rule_tac P="\<lambda>s. asid_high_bits_of asid \<in> dom (asidTable o ucast) \<longrightarrow>
@ -852,18 +847,16 @@ lemma deleteASID_corres:
P'="pspace_aligned' and pspace_distinct'" and
Q="invs and valid_etcbs and K (asid \<le> mask asid_bits \<and> asid \<noteq> 0) and
(\<lambda>s. arm_asid_table (arch_state s) = asidTable \<circ> ucast)" in
corres_split_deprecated)
prefer 2
corres_split)
apply (simp add: dom_def)
apply (rule get_asid_pool_corres_inv')
apply (rule corres_when, simp add: mask_asid_low_bits_ucast_ucast)
apply (rule corres_split_deprecated [OF _ flushSpace_corres[where pd=pd]])
apply (rule corres_split_deprecated [OF _ invalidateASIDEntry_corres[where pd=pd]])
apply (rule corres_split[OF flushSpace_corres[where pd=pd]])
apply (rule corres_split[OF invalidateASIDEntry_corres[where pd=pd]])
apply (rule_tac P="asid_pool_at (the (asidTable (ucast (asid_high_bits_of asid))))
and valid_etcbs"
and P'="pspace_aligned' and pspace_distinct'"
in corres_split_deprecated)
prefer 2
in corres_split)
apply (simp del: fun_upd_apply)
apply (rule setObject_ASIDPool_corres')
apply (simp add: inv_def mask_asid_low_bits_ucast_ucast)
@ -871,7 +864,7 @@ lemma deleteASID_corres:
apply (clarsimp simp: o_def)
apply (erule notE)
apply (erule ucast_ucast_eq, simp, simp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule setVMRoot_corres)
apply wp+
@ -939,13 +932,12 @@ lemma deleteASIDPool_corres:
cong: corres_weak_cong)
apply (thin_tac P for P)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ corres_gets_asid])
apply (rule corres_split[OF corres_gets_asid])
apply (rule corres_when)
apply simp
apply (simp add: liftM_def)
apply (rule corres_split_deprecated [OF _ getObject_ASIDPool_corres'])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split[OF getObject_ASIDPool_corres'])
apply (rule corres_split)
apply (rule corres_mapM [where r=dc and r'=dc], simp, simp)
prefer 5
apply (rule order_refl)
@ -961,7 +953,7 @@ lemma deleteASIDPool_corres:
apply (clarsimp simp: ucast_ucast_low_bits)
apply simp
apply (rule_tac pd1="the (pool (ucast xa))"
in corres_split_deprecated [OF _ flushSpace_corres])
in corres_split[OF flushSpace_corres])
apply (rule_tac pd="the (pool (ucast xa))"
in invalidateASIDEntry_corres)
apply wp
@ -1016,8 +1008,7 @@ lemma deleteASIDPool_corres:
apply (simp add: asid_low_bits_word_bits)
apply clarsimp
apply ((wp|clarsimp simp: o_def)+)[3]
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule corres_modify [where P=\<top> and P'=\<top>])
apply (simp add: state_relation_def arch_state_relation_def)
apply (rule ext)
@ -1027,8 +1018,7 @@ lemma deleteASIDPool_corres:
apply (drule_tac x1="ucast xa" in bang_eq [THEN iffD1])
apply (erule_tac x=n in allE)
apply (simp add: word_size nth_ucast)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule getCurThread_corres)
apply (simp only:)
apply (rule setVMRoot_corres)
@ -1093,14 +1083,14 @@ proof -
return True
od)"
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ armv_contextSwitch_corres])
apply (rule corres_split[OF armv_contextSwitch_corres])
apply (rule corres_trivial)
apply (wp | simp)+
done
show ?thesis
apply (simp add: set_vm_root_for_flush_def setVMRootForFlush_def getThreadVSpaceRoot_def locateSlot_conv)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split_deprecated [where R="\<lambda>_. vspace_at_asid asid pd and K (asid \<noteq> 0 \<and> asid \<le> mask asid_bits)
and valid_asid_map and valid_vs_lookup
and valid_vspace_objs and valid_global_objs
@ -1298,13 +1288,13 @@ lemma flushTable_corres:
apply (simp add: ptBits_def pt_bits_def pageBits_def is_aligned_mask cong: corres_weak_cong)
apply (thin_tac "P" for P)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setVMRootForFlush_corres])
apply (rule corres_split_deprecated [OF _ load_hw_asid_corres2[where pd=pd]])
apply (rule corres_split[OF setVMRootForFlush_corres])
apply (rule corres_split[OF load_hw_asid_corres2[where pd=pd]])
apply (clarsimp cong: corres_weak_cong)
apply (rule corres_when, rule refl)
apply (rule corres_split_deprecated[where r' = dc, OF corres_when corres_machine_op])
apply simp
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (simp, rule setVMRoot_corres)
apply ((wp mapM_wp' hoare_vcg_const_imp_lift get_pte_wp getPTE_wp|
wpc|simp|fold cur_tcb_def cur_tcb'_def)+)[4]
@ -1333,13 +1323,13 @@ lemma flushPage_corres:
apply (simp add: is_aligned_mask cong: corres_weak_cong)
apply (thin_tac P for P)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setVMRootForFlush_corres])
apply (rule corres_split_deprecated [OF _ load_hw_asid_corres2[where pd=pd]])
apply (rule corres_split[OF setVMRootForFlush_corres])
apply (rule corres_split[OF load_hw_asid_corres2[where pd=pd]])
apply (clarsimp cong: corres_weak_cong)
apply (rule corres_when, rule refl)
apply (rule corres_split_deprecated [OF _ corres_machine_op [where r=dc]])
apply (rule corres_split[OF corres_machine_op [where r=dc]])
apply (rule corres_when, rule refl)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule setVMRoot_corres)
apply wp+
@ -1378,7 +1368,7 @@ lemma pageTableMapped_corres:
apply (rule corres_trivial, simp)
apply (rule corres_split_eqrE [OF _ find_pd_for_asid_corres])
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated [OF _ getObject_PDE_corres'])
apply (rule corres_split[OF getObject_PDE_corres'])
apply (rule corres_trivial)
apply (case_tac rv,
simp_all add: returnOk_def pde_relation_aligned_def
@ -1409,8 +1399,8 @@ lemma unmapPageTable_corres:
apply (rule corres_split_eqr [OF _ pageTableMapped_corres])
apply (simp add: case_option_If2 split del: if_split)
apply (rule corres_if2[OF refl])
apply (rule corres_split_deprecated [OF _ storePDE_corres'])
apply (rule corres_split_deprecated[OF _ corres_machine_op])
apply (rule corres_split[OF storePDE_corres'])
apply (rule corres_split[OF corres_machine_op])
apply (rule flushTable_corres)
apply (rule corres_Id, rule refl, simp)
apply (wp no_fail_cleanByVA_PoU)+
@ -1473,7 +1463,7 @@ lemma checkMappingPPtr_corres:
checkMappingPPtr_def)
apply (cases slotptr, simp_all add: liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getObject_PTE_corres'])
apply (rule corres_split[OF getObject_PTE_corres'])
apply (rule corres_trivial)
subgoal by (cases sz,
auto simp add: is_aligned_mask[symmetric]
@ -1484,7 +1474,7 @@ lemma checkMappingPPtr_corres:
apply simp
apply (simp add:is_aligned_mask[symmetric] is_aligned_shiftr pg_entry_align_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getObject_PDE_corres'])
apply (rule corres_split[OF getObject_PDE_corres'])
apply (rule corres_trivial)
subgoal by (cases sz,
auto simp add: is_aligned_mask[symmetric]
@ -1538,7 +1528,7 @@ lemma unmapPage_corres:
apply simp
apply (rule corres_splitEE[OF _ checkMappingPPtr_corres])
apply simp
apply (rule corres_split_deprecated [OF _ storePTE_corres'])
apply (rule corres_split[OF storePTE_corres'])
apply (rule corres_machine_op)
apply (rule corres_Id, rule refl, simp)
apply (rule no_fail_cleanByVA_PoU)
@ -1557,7 +1547,7 @@ lemma unmapPage_corres:
apply (simp add: is_aligned_mask[symmetric])
apply (rule corres_split_strengthen_ftE[OF checkMappingPPtr_corres])
apply (simp add: largePagePTEOffsets_def pteBits_def)
apply (rule corres_split_deprecated [OF _ corres_mapM])
apply (rule corres_split[OF corres_mapM])
prefer 8
apply (rule order_refl)
apply (rule corres_machine_op)
@ -1585,7 +1575,7 @@ lemma unmapPage_corres:
apply (rule corres_guard_imp)
apply (rule corres_split_strengthen_ftE[OF checkMappingPPtr_corres])
apply simp
apply (rule corres_split_deprecated[OF _ storePDE_corres'])
apply (rule corres_split[OF storePDE_corres'])
apply (rule corres_machine_op)
apply (rule corres_Id, rule refl, simp)
apply (rule no_fail_cleanByVA_PoU)
@ -1687,12 +1677,11 @@ lemma performPageDirectoryInvocation_corres:
apply (clarsimp simp: page_directory_invocation_map_def)
apply (rule corres_guard_imp)
apply (rule corres_when, simp)
apply (rule corres_split_deprecated [OF _ setVMRootForFlush_corres])
apply (rule corres_split_deprecated [OF _ corres_machine_op])
prefer 2
apply (rule corres_split[OF setVMRootForFlush_corres])
apply (rule corres_split[OF corres_machine_op])
apply (rule doFlush_corres)
apply (rule corres_when, simp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply clarsimp
apply (rule setVMRoot_corres)
apply wp+
@ -1945,7 +1934,7 @@ lemma pteCheckIfMapped_corres:
"corres (=) (pte_at slot) ((\<lambda>s. vs_valid_duplicates' (ksPSpace s)) and pspace_aligned' and pspace_distinct') (pte_check_if_mapped slot) (pteCheckIfMapped slot)"
apply (simp add: pte_check_if_mapped_def pteCheckIfMapped_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_master_pte_corres', simplified])
apply (rule corres_split[OF get_master_pte_corres', simplified])
apply (rule corres_return[where P="pte_at slot" and
P'="pspace_aligned' and pspace_distinct'", THEN iffD2])
apply (clarsimp simp: pte_relation'_def split: )
@ -1959,7 +1948,7 @@ lemma pdeCheckIfMapped_corres:
"corres (=) (pde_at slot) ((\<lambda>s. vs_valid_duplicates' (ksPSpace s)) and pspace_aligned' and pspace_distinct') (pde_check_if_mapped slot) (pdeCheckIfMapped slot)"
apply (simp add: pde_check_if_mapped_def pdeCheckIfMapped_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_master_pde_corres', simplified])
apply (rule corres_split[OF get_master_pde_corres', simplified])
apply (rule corres_return[where P="pde_at slot" and
P'="pspace_aligned' and pspace_distinct'", THEN iffD2])
apply (clarsimp simp: pte_relation'_def split: )
@ -2129,8 +2118,7 @@ proof -
apply (rule_tac R="\<lambda>_. invs and (valid_page_map_inv word cap (a,b) sum)
and valid_etcbs and (\<lambda>s. caps_of_state s (a,b) = Some cap)"
and R'="\<lambda>_. invs' and valid_slots' m' and pspace_aligned' and valid_slots_duplicated' m'
and pspace_distinct' and (\<lambda>s. vs_valid_duplicates' (ksPSpace s))" in corres_split_deprecated)
prefer 2
and pspace_distinct' and (\<lambda>s. vs_valid_duplicates' (ksPSpace s))" in corres_split)
apply (erule updateCap_same_master)
apply (case_tac sum, case_tac aa)
apply (clarsimp simp: mapping_map_def valid_slots'_def valid_slots_def valid_page_inv_def
@ -2138,8 +2126,8 @@ proof -
apply (rule corres_name_pre)
apply (clarsimp simp: mapM_Cons bind_assoc split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ pteCheckIfMapped_corres])
apply (rule corres_split_deprecated[OF _ storePTE_corres'])
apply (rule corres_split[OF pteCheckIfMapped_corres])
apply (rule corres_split[OF storePTE_corres'])
apply (rule corres_split_deprecated[where r' = dc, OF _ corres_store_pte_with_invalid_tail])
apply (rule corres_split_deprecated[where r'=dc, OF _ corres_machine_op[OF corres_Id]])
apply (rule corres_split[where r'=dc, OF _ corres_return_eq_same[OF refl]])
@ -2189,8 +2177,8 @@ proof -
apply (rule corres_name_pre)
apply (clarsimp simp: mapM_Cons bind_assoc split del:if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ pdeCheckIfMapped_corres])
apply (rule corres_split_deprecated[OF _ storePDE_corres'])
apply (rule corres_split[OF pdeCheckIfMapped_corres])
apply (rule corres_split[OF storePDE_corres'])
apply (rule corres_split_deprecated[where r'=dc, OF _ corres_store_pde_with_invalid_tail])
apply (rule corres_split_deprecated[where r'=dc,OF _ corres_machine_op[OF corres_Id]])
apply (rule corres_split[where r'=dc, OF _ corres_return_eq_same[OF refl]])
@ -2266,8 +2254,7 @@ proof -
apply (case_tac m)
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [where r'="acap_relation"])
prefer 2
apply (rule corres_split[where r'="acap_relation"])
apply simp
apply (rule corres_rel_imp)
apply (rule get_cap_corres_all_rights_P[where P=is_arch_cap], rule refl)
@ -2283,11 +2270,9 @@ proof -
apply (auto simp: cte_wp_at_ctes_of)[1]
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule unmapPage_corres)
apply (rule corres_split_deprecated [where r'=acap_relation])
prefer 2
apply (rule corres_split[where r'=acap_relation])
apply simp
apply (rule corres_rel_imp)
apply (rule get_cap_corres_all_rights_P[where P=is_arch_cap], rule refl)
@ -2315,12 +2300,11 @@ proof -
apply (rule corres_guard_imp)
apply (rule corres_split[where r'=dc, OF _ corres_return_eq_same[OF refl]])
apply (rule corres_when, simp)
apply (rule corres_split_deprecated [OF _ setVMRootForFlush_corres])
apply (rule corres_split_deprecated [OF _ corres_machine_op])
prefer 2
apply (rule corres_split[OF setVMRootForFlush_corres])
apply (rule corres_split[OF corres_machine_op])
apply (rule doFlush_corres)
apply (rule corres_when, simp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule setVMRoot_corres)
apply wp+
@ -2404,10 +2388,9 @@ lemma performPageTableInvocation_corres:
apply (cases pti)
apply (clarsimp simp: page_table_invocation_map_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ updateCap_same_master])
prefer 2
apply (rule corres_split[OF updateCap_same_master])
apply assumption
apply (rule corres_split_deprecated [OF _ storePDE_corres'])
apply (rule corres_split[OF storePDE_corres'])
apply (rule corres_machine_op)
apply (rule corres_Id, rule refl, simp)
apply (rule no_fail_cleanByVA_PoU)
@ -2431,13 +2414,13 @@ lemma performPageTableInvocation_corres:
apply (rule corres_guard_imp)
apply (rule corres_split_nor)
apply (simp add: liftM_def)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="is_pt_cap x" in corres_gen_asm)
apply (rule updateCap_same_master)
apply (clarsimp simp: is_pt_cap_def update_map_data_def)
apply (wp get_cap_wp)+
apply (rule corres_if[OF refl])
apply (rule corres_split_deprecated [OF _ unmapPageTable_corres])
apply (rule corres_split[OF unmapPageTable_corres])
apply (rule corres_split_nor)
apply (rule corres_machine_op, rule corres_Id)
apply (simp add: pteBits_def)+
@ -2483,18 +2466,16 @@ lemma performASIDPoolInvocation_corres:
apply (cases ap, simp add: asid_pool_invocation_map_def)
apply (rename_tac word1 word2 prod)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F="\<exists>p asid. rv = Structures_A.ArchObjectCap (ARM_A.PageDirectoryCap p asid)" in corres_gen_asm)
apply clarsimp
apply (rule_tac Q="valid_objs and pspace_aligned and pspace_distinct and asid_pool_at word2 and valid_etcbs and
cte_wp_at (\<lambda>c. cap_master_cap c =
cap_master_cap (cap.ArchObjectCap (arch_cap.PageDirectoryCap p asid))) (a,b)"
in corres_split_deprecated)
prefer 2
in corres_split)
apply simp
apply (rule get_asid_pool_corres_inv')
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule updateCap_same_master)
apply simp
apply (rule corres_rel_imp)

25
proof/refine/ARM_HYP/Arch_R.thy
View File

@ -149,15 +149,13 @@ lemma performASIDControlInvocation_corres:
apply (frule valid_capAligned)
apply (clarsimp simp: capAligned_def page_bits_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (erule deleteObjects_corres)
apply (simp add:pageBits_def)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F = " pcap = (cap.UntypedCap False word1 pageBits idxa)" in corres_gen_asm)
apply (rule corres_split_deprecated[OF _ updateFreeIndex_corres])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split[OF updateFreeIndex_corres])
apply (rule corres_split)
apply (simp add: retype_region2_ext_retype_region_ArchObject )
apply (rule corres_retype [where ty="Inl (KOArch (KOASIDPool F))",
unfolded APIType_map2_def makeObjectKO_def,
@ -172,13 +170,11 @@ lemma performASIDControlInvocation_corres:
apply (simp add: makeObject_asidpool const_def inv_def)
apply (rule range_cover_full)
apply (simp add:obj_bits_api_def arch_kobj_size_def default_arch_object_def)+
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule cteInsert_simple_corres, simp, rule refl, rule refl)
apply (rule_tac F="is_aligned word2 asid_low_bits" in corres_gen_asm)
apply (simp add: is_aligned_mask dc_def[symmetric])
apply (rule corres_split_deprecated [where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t = t' o ucast"])
prefer 2
apply (rule corres_split[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t = t' o ucast"])
apply (clarsimp simp: state_relation_def arch_state_relation_def)
apply (rule corres_trivial)
apply (rule corres_modify)
@ -530,13 +526,13 @@ lemma resolveVAddr_corres:
apply (rule_tac R="\<lambda>rv s. valid_pde rv s \<and> pspace_aligned s"
and R'="\<lambda>_ s. pspace_distinct' s \<and> pspace_aligned' s
\<and> vs_valid_duplicates' (ksPSpace s)"
in corres_split_deprecated[OF _ get_master_pde_corres])
in corres_split[OF get_master_pde_corres])
apply (case_tac rv;
clarsimp simp: master_pde_relation_def pde_relation'_def isSuperSection_def' page_base_def
split: if_split_asm)
apply (rule corres_stateAssert_assume_stronger)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_master_pte_corres])
apply (rule corres_split[OF get_master_pte_corres])
apply (rule corres_trivial)
apply (case_tac rv;
clarsimp simp: master_pte_relation_def pte_relation'_def isLargePage_def' page_base_def
@ -1180,7 +1176,7 @@ shows
apply (rule corres_symb_exec_r_conj)
apply (rule_tac F="isArchCap isPageTableCap (cteCap cteVal)"
in corres_gen_asm2)
apply (rule corres_split_deprecated[OF _ isFinalCapability_corres[where ptr=slot]])
apply (rule corres_split[OF isFinalCapability_corres[where ptr=slot]])
apply (drule mp)
apply (clarsimp simp: isCap_simps final_matters'_def)
apply (rule whenE_throwError_corres)
@ -1223,8 +1219,7 @@ shows
apply (rule whenE_throwError_corres, simp)
apply clarsimp
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ _ resolve_vaddr_valid_mapping_size])
prefer 2
apply (rule corres_split[OF _ _ resolve_vaddr_valid_mapping_size])
apply clarsimp
apply (rule resolveVAddr_corres[THEN corres_gen_asm])
apply simp

14
proof/refine/ARM_HYP/CNodeInv_R.thy
View File

@ -113,8 +113,7 @@ lemma corres_split_liftM2:
and h1: "\<lbrace>Q\<rbrace> a \<lbrace>R\<rbrace>" and h2: "\<lbrace>Q'\<rbrace> c \<lbrace>\<lambda>x. R' (f x)\<rbrace>"
shows "corres r (P and Q) (P' and Q') (a >>= b) (liftM f c >>= d)"
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ _ h1])
prefer 2
apply (rule corres_split[OF _ _ h1])
apply (simp add: o_def)
apply (rule corr)
apply (erule r1)
@ -177,8 +176,7 @@ lemma decodeCNodeInvocation_corres:
apply (rule corres_splitEE [OF _ ensureEmptySlot_corres])
apply (rule corres_splitEE [OF _ lookupSlotForCNodeOp_corres])
apply (simp(no_asm) add: liftE_bindE del: de_Morgan_conj split del: if_split)
apply (rule corres_split_deprecated [OF _ get_cap_corres'])
prefer 2
apply (rule corres_split[OF get_cap_corres'])
apply (simp add: split_def)
apply (rule whenE_throwError_corres)
apply (simp add: lookup_failure_map_def)
@ -261,7 +259,7 @@ lemma decodeCNodeInvocation_corres:
apply (rule corres_guard_imp)
apply (rule corres_splitEE [OF _ lookupSlotForCNodeOp_corres])
apply (simp(no_asm) add: split_beta liftE_bindE)
apply (rule corres_split_deprecated [OF _ get_cap_corres'])
apply (rule corres_split[OF get_cap_corres'])
apply (rule corres_split_norE)
apply (rule corres_trivial)
apply (clarsimp simp add: returnOk_def)
@ -7269,7 +7267,7 @@ next
apply (simp add: in_monad)
apply (rule drop_spec_corres)
apply (simp add: liftE_bindE del: rec_del.simps)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="cteCap ourCTE = Zombie ptr (zbits_map bits) (Suc n)
\<or> cteCap ourCTE = NullCap
\<or> (\<exists>zb n cp. cteCap ourCTE = Zombie (cte_map slot) zb n
@ -8797,11 +8795,11 @@ lemma invokeCNode_corres:
apply (rename_tac prod)
apply (simp add: getThreadCallerSlot_def locateSlot_conv objBits_simps)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (subgoal_tac "thread + 2^cte_level_bits * tcbCallerSlot = cte_map (thread, tcb_cnode_index 3)")
prefer 2
apply (simp add: cte_map_def tcb_cnode_index_def tcbCallerSlot_def)
apply (rule corres_split_deprecated [OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac P="\<lambda>s. (is_reply_cap cap \<or> cap = cap.NullCap) \<and>
(is_reply_cap cap \<longrightarrow>
(einvs and cte_at (threada, tcb_cnode_index 3) and

8
proof/refine/ARM_HYP/CSpace1_R.thy
View File

@ -5179,8 +5179,8 @@ lemma cteInsert_corres:
unfolding cap_insert_def cteInsert_def
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="cteCap rv' = NullCap" in corres_gen_asm2)
apply simp
apply (rule_tac P="?P and cte_at dest and
@ -7130,8 +7130,8 @@ lemma capSwapForDelete_corres:
apply (simp add: caps_of_state_cte_at)+
apply (simp add: when_def liftM_def)
apply (rule corres_guard_imp)
apply (rule_tac P1=wellformed_cap in corres_split_deprecated [OF _ get_cap_corres_P])
apply (rule_tac P1=wellformed_cap in corres_split_deprecated [OF _ get_cap_corres_P])
apply (rule_tac P1=wellformed_cap in corres_split[OF get_cap_corres_P])
apply (rule_tac P1=wellformed_cap in corres_split[OF get_cap_corres_P])
apply (rule cteSwap_corres, rule refl, rule refl, clarsimp+)
apply (wp get_cap_wp getCTE_wp')+
apply (clarsimp simp: cte_wp_at_caps_of_state)

8
proof/refine/ARM_HYP/CSpace_R.thy
View File

@ -3469,7 +3469,7 @@ lemma ensureEmptySlot_corres:
(ensure_empty p) (ensureEmptySlot q)"
apply (clarsimp simp add: ensure_empty_def ensureEmptySlot_def unlessE_whenE liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_trivial)
apply (case_tac cap, auto simp add: whenE_def returnOk_def)[1]
apply wp+
@ -4002,7 +4002,7 @@ lemma setupReplyMaster_corres:
apply (clarsimp simp: tcb_cnode_index_def2 cte_map_nat_to_cref word_bits_def cte_level_bits_def)
apply (clarsimp simp: cte_level_bits_def)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_when)
apply fastforce
apply (rule_tac P'="einvs and tcb_at t" in corres_stateAssert_implied)
@ -4770,8 +4770,8 @@ lemma cteInsert_simple_corres:
supply subst_all [simp del]
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="cteCap rv' = NullCap" in corres_gen_asm2)
apply simp
apply (rule_tac P="?P and cte_at dest and

30
proof/refine/ARM_HYP/Finalise_R.thy
View File

@ -1521,7 +1521,7 @@ lemma emptySlot_corres:
apply (rule corres_split_noop_rhs[OF _ clearUntypedFreeIndex_noop_corres])
apply (rule_tac R="\<lambda>cap. einvs and cte_wp_at ((=) cap) slot" and
R'="\<lambda>cte. valid_pspace' and cte_wp_at' ((=) cte) (cte_map slot)" in
corres_split_deprecated [OF _ get_cap_corres])
corres_split[OF get_cap_corres])
defer
apply (wp get_cap_wp getCTE_wp')+
apply (simp add: cte_wp_at_ctes_of)
@ -3804,7 +3804,7 @@ lemma (in delete_one) deletingIRQHandler_corres:
(deleting_irq_handler irq) (deletingIRQHandler irq)"
apply (simp add: deleting_irq_handler_def deletingIRQHandler_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule_tac P'="cte_at' (cte_map slot)" in corres_symb_exec_r_conj)
apply (rule_tac F="isNotificationCap rv \<or> rv = capability.NullCap"
@ -3900,13 +3900,13 @@ lemma unbindNotification_corres:
supply option.case_cong_weak[cong]
apply (simp add: unbind_notification_def unbindNotification_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getBoundNotification_corres])
apply (rule corres_split[OF getBoundNotification_corres])
apply (rule corres_option_split)
apply simp
apply (rule corres_return_trivial)
apply (rule corres_split_deprecated[OF _ getNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply clarsimp
apply (rule corres_split_deprecated[OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setBoundNotification_corres)
apply (clarsimp simp: ntfn_relation_def split:Structures_A.ntfn.splits)
apply (wp gbn_wp' gbn_wp)+
@ -3928,11 +3928,11 @@ lemma unbindMaybeNotification_corres:
(unbindMaybeNotification ntfnptr)"
apply (simp add: unbind_maybe_notification_def unbindMaybeNotification_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply (rule corres_option_split)
apply (clarsimp simp: ntfn_relation_def split: Structures_A.ntfn.splits)
apply (rule corres_return_trivial)
apply (rule corres_split_deprecated[OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setBoundNotification_corres)
apply (clarsimp simp: ntfn_relation_def split: Structures_A.ntfn.splits)
apply (wp get_simple_ko_wp getNotification_wp)+
@ -3973,7 +3973,7 @@ lemma fast_finaliseCap_corres:
apply (simp add: valid_cap'_def)
apply (clarsimp simp: final_matters'_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindMaybeNotification_corres])
apply (rule corres_split[OF unbindMaybeNotification_corres])
apply (rule cancelAllSignals_corres)
apply (wp abs_typ_at_lifts unbind_maybe_notification_invs typ_at_lifts hoare_drop_imps getNotification_wp
| wpc)+
@ -3989,13 +3989,13 @@ lemma cap_delete_one_corres:
apply (simp add: cap_delete_one_def cteDeleteOne_def'
unless_def when_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="can_fast_finalise cap" in corres_gen_asm)
apply (rule corres_if)
apply fastforce
apply (rule corres_split_deprecated [OF _ isFinalCapability_corres[where ptr=ptr]])
apply (rule corres_split[OF isFinalCapability_corres[where ptr=ptr]])
apply (simp add: split_def bind_assoc [THEN sym])
apply (rule corres_split_deprecated [OF _ fast_finaliseCap_corres[where sl=ptr]])
apply (rule corres_split[OF fast_finaliseCap_corres[where sl=ptr]])
apply (rule emptySlot_corres)
apply simp+
apply (wp hoare_drop_imps)+
@ -4062,7 +4062,7 @@ lemma finaliseCap_corres:
apply (simp add: valid_cap'_def)
apply (clarsimp simp add: final_matters'_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindMaybeNotification_corres])
apply (rule corres_split[OF unbindMaybeNotification_corres])
apply (rule cancelAllSignals_corres)
apply (wp abs_typ_at_lifts unbind_maybe_notification_invs typ_at_lifts hoare_drop_imps hoare_vcg_all_lift | wpc)+
apply (clarsimp simp: valid_cap_def)
@ -4078,8 +4078,8 @@ lemma finaliseCap_corres:
apply (clarsimp dest!: no_idle_thread_cap)
apply (clarsimp simp: state_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindNotification_corres])
apply (rule corres_split_deprecated[OF _ suspend_corres])
apply (rule corres_split[OF unbindNotification_corres])
apply (rule corres_split[OF suspend_corres])
apply (clarsimp simp: liftM_def[symmetric] o_def dc_def[symmetric] zbits_map_def)
apply (rule prepareThreadDelete_corres)
apply (wp unbind_notification_invs unbind_notification_simple_sched_action
@ -4364,7 +4364,7 @@ lemma thread_set_all_corresT:
(thread_set_all f g t) (threadSet f' t)"
apply (simp add: thread_set_all_def threadSet_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ thread_gets_the_all_corres])
apply (rule corres_split[OF thread_gets_the_all_corres])
apply (simp add: split_def)
apply (rule tcb_update_all_corres')
apply (erule x)

36
proof/refine/ARM_HYP/Interrupt_R.thy
View File

@ -373,7 +373,7 @@ lemma invokeIRQHandler_corres:
apply (rename_tac word cap prod)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule corres_split_nor [OF _ cap_delete_one_corres])
apply (rule cteInsert_corres, simp+)
@ -391,7 +391,7 @@ lemma invokeIRQHandler_corres:
apply (erule cte_wp_at_weakenE, simp add: is_derived_use_interrupt)
apply fastforce
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule cap_delete_one_corres)
apply wp+
@ -638,15 +638,15 @@ lemma timerTick_corres:
apply (simp add:thread_state_case_if threadState_case_if)
apply (rule_tac Q="\<top> and (cur_tcb and valid_sched)" and Q'="\<top> and invs'" in corres_guard_imp)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rename_tac state state')
apply (rule corres_split_deprecated[where r' = dc ])
apply simp
apply (rule corres_when,simp)
apply (rule corres_split_deprecated[OF _ decDomainTime_corres])
apply (rule corres_split_deprecated[OF _ getDomainTime_corres])
apply (rule corres_split[OF decDomainTime_corres])
apply (rule corres_split[OF getDomainTime_corres])
apply (rule corres_when,simp)
apply (rule rescheduleRequired_corres)
apply (wp hoare_drop_imp)+
@ -657,7 +657,7 @@ lemma timerTick_corres:
apply (rule corres_if[where Q = \<top> and Q' = \<top>])
apply (case_tac state,simp_all)[1]
apply (simp add: Let_def)
apply (rule_tac r'="(=)" in corres_split_deprecated [OF _ ethreadget_corres])
apply (rule_tac r'="(=)" in corres_split[OF ethreadget_corres])
apply (rename_tac ts ts')
apply (rule_tac R="1 < ts" in corres_cases)
apply (simp)
@ -665,8 +665,8 @@ lemma timerTick_corres:
apply (rule ethread_set_corres, simp+)
apply (clarsimp simp: etcb_relation_def)
apply simp
apply (rule corres_split_deprecated [OF _ ethread_set_corres])
apply (rule corres_split_deprecated [OF _ tcbSchedAppend_corres])
apply (rule corres_split[OF ethread_set_corres])
apply (rule corres_split[OF tcbSchedAppend_corres])
apply (rule rescheduleRequired_corres)
apply (wp)[1]
apply (rule hoare_strengthen_post)
@ -813,7 +813,7 @@ proof -
show ?thesis
unfolding vgic_maintenance_def vgicMaintenance_def isRunnable_def Let_def
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_gets_current_vcpu], simp, rename_tac hsCurVCPU)
apply (rule corres_split[OF corres_gets_current_vcpu], simp, rename_tac hsCurVCPU)
(* we only care about the one case we do something: active current vcpu *)
apply (rule_tac R="hsCurVCPU = None" in corres_cases')
apply (rule corres_trivial, simp)
@ -825,10 +825,10 @@ proof -
apply (rule corres_split_eqr[OF _ corres_machine_op])+
apply (rename_tac eisr0 eisr1 flags)
apply (rule corres_split_deprecated[OF _ corres_gets_numlistregs])
apply (rule corres_split[OF corres_gets_numlistregs])
apply (rule corres_split_deprecated[where r'="\<lambda>rv rv'. rv' = arch_fault_map rv"])
apply (rule corres_split_eqr[OF _ getCurThread_corres])
apply (rule corres_split_deprecated[OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (fold dc_def)
apply (rule corres_when)
apply clarsimp
@ -899,7 +899,7 @@ lemma vppiEvent_corres:
unfolding vppi_event_def vppiEvent_def isRunnable_def
supply [[simproc del: defined_all]]
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_gets_current_vcpu])
apply (rule corres_split[OF corres_gets_current_vcpu])
apply (clarsimp simp del: subst_all (* avoid destroying useful name of rv *))
(* we only care about the one case we do something: active current vcpu *)
apply (rule_tac R="hsCurVCPU = None" in corres_cases')
@ -913,7 +913,7 @@ lemma vppiEvent_corres:
apply (rule corres_split_dc[OF _ corres_machine_op])
apply (rule corres_split_dc[OF _ vcpuUpdate_corres])
apply (rule corres_split_eqr[OF _ getCurThread_corres])
apply (rule corres_split_deprecated[OF _ getThreadState_corres], rename_tac gts gts')
apply (rule corres_split[OF getThreadState_corres], rename_tac gts gts')
apply (fold dc_def)
apply (rule corres_when)
apply (case_tac gts; fastforce)
@ -990,7 +990,7 @@ lemma handleInterrupt_corres:
apply (simp add: handle_interrupt_def handleInterrupt_def)
apply (rule conjI[rotated]; rule impI)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQState_corres,
apply (rule corres_split[OF getIRQState_corres,
where R="\<lambda>rv. einvs"
and R'="\<lambda>rv. invs' and ?P' and (\<lambda>s. rv \<noteq> IRQInactive)"])
defer
@ -1004,9 +1004,9 @@ lemma handleInterrupt_corres:
apply (case_tac st, simp_all add: irq_state_relation_def split: irqstate.split_asm)
apply (simp add: getSlotCap_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule corres_split_deprecated [OF _ get_cap_corres,
apply (rule corres_split[OF get_cap_corres,
where R="\<lambda>rv. einvs and valid_cap rv"
and R'="\<lambda>rv. invs' and valid_cap' (cteCap rv)"])
apply (rule corres_underlying_split[where r'=dc])
@ -1028,7 +1028,7 @@ lemma handleInterrupt_corres:
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
apply simp
apply (rule corres_split_deprecated [OF corres_machine_op timerTick_corres])
apply (rule corres_split[OF timerTick_corres corres_machine_op])
apply (rule corres_eq_trivial, simp+)
apply (rule corres_machine_op)
apply (rule corres_eq_trivial, (simp add: no_fail_ackInterrupt)+)

30
proof/refine/ARM_HYP/IpcCancel_R.thy
View File

@ -185,7 +185,7 @@ lemma blocked_cancelIPC_corres:
od)"
apply (simp add: blocked_cancel_ipc_def gbep_ret)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres])
apply (rule corres_split[OF getEndpoint_corres])
apply (rule_tac F="ep \<noteq> IdleEP" in corres_gen_asm2)
apply (rule corres_assert_assume[rotated])
apply (clarsimp split: endpoint.splits)
@ -198,7 +198,7 @@ lemma blocked_cancelIPC_corres:
apply (case_tac "remove1 t list")
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -221,7 +221,7 @@ lemma blocked_cancelIPC_corres:
valid_tcb_state'_def)[1]
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -246,7 +246,7 @@ lemma blocked_cancelIPC_corres:
apply (case_tac "remove1 t list")
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -269,7 +269,7 @@ lemma blocked_cancelIPC_corres:
valid_tcb_state'_def)[1]
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -316,7 +316,7 @@ lemma cancelSignal_corres:
(cancelSignal t ntfn)"
apply (simp add: cancel_signal_def cancelSignal_def Let_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply (rule_tac F="isWaitingNtfn (ntfnObj ntfnaa)" in corres_gen_asm2)
apply (case_tac "ntfn_obj ntfna")
apply (simp add: ntfn_relation_def isWaitingNtfn_def)
@ -324,13 +324,13 @@ lemma cancelSignal_corres:
apply (rename_tac list)
apply (rule_tac R="remove1 t list = []" in corres_cases)
apply (simp del: dc_simp)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ntfn_relation_def)
apply (wp)+
apply (simp add: list_case_If del: dc_simp)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setThreadState_corres)
apply simp
apply (clarsimp simp add: ntfn_relation_def neq_Nil_conv)
@ -613,7 +613,7 @@ lemma (in delete_one) cancel_ipc_corres:
(cancel_ipc t) (cancelIPC t)"
apply (simp add: cancel_ipc_def cancelIPC_def Let_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac P="einvs and st_tcb_at ((=) state) t" and
P'="invs' and st_tcb_at' ((=) statea) t" in corres_inst)
apply (case_tac state, simp_all add: isTS_defs list_case_If)[1]
@ -1422,7 +1422,7 @@ lemma (in delete_one) suspend_corres:
apply (simp add: IpcCancel_A.suspend_def Thread_H.suspend_def)
apply (rule corres_guard_imp)
apply (rule corres_split_nor [OF _ cancel_ipc_corres])
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule corres_split_nor)
apply (rule corres_split_nor [OF _ setThreadState_corres])
apply (rule tcbSchedDequeue_corres')
@ -2180,7 +2180,7 @@ lemma cancelAllSignals_corres:
apply simp+
apply (case_tac "ntfn_obj ntfna", simp_all add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule corres_split_deprecated [OF rescheduleRequired_corres])
apply (rule ep_cancel_corres_helper)
apply (wp mapM_x_wp'[where 'b="det_ext state"]
@ -2778,7 +2778,7 @@ lemma cancelBadgedSends_corres:
(cancel_badged_sends epptr bdg) (cancelBadgedSends epptr bdg)"
apply (simp add: cancel_badged_sends_def cancelBadgedSends_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres get_simple_ko_sp get_ep_sp',
apply (rule corres_split[OF getEndpoint_corres get_simple_ko_sp get_ep_sp',
where Q="invs and valid_sched" and Q'=invs'])
apply simp_all
apply (case_tac ep, simp_all add: ep_relation_def)
@ -2797,12 +2797,12 @@ lemma cancelBadgedSends_corres:
simp_all add: list_all2_refl)[1]
apply (clarsimp simp: liftM_def[symmetric] o_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac F="\<exists>pl. st = Structures_A.BlockedOnSend epptr pl"
in corres_gen_asm)
apply (clarsimp simp: o_def dc_def[symmetric] liftM_def)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split_deprecated[OF _ tcbSchedEnqueue_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule corres_split[OF tcbSchedEnqueue_corres])
apply (rule corres_trivial)
apply simp
apply wp+

117
proof/refine/ARM_HYP/Ipc_R.thy
View File

@ -111,9 +111,9 @@ lemma loadCapTransfer_corres:
wordSize_def wordBits_def word_bits_size word_bits_def[simplified]
del: upt.simps)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ load_word_corres])
apply (rule corres_split_deprecated [OF _ load_word_corres])
apply (rule corres_split_deprecated [OF _ load_word_corres])
apply (rule corres_split[OF load_word_corres])
apply (rule corres_split[OF load_word_corres])
apply (rule corres_split[OF load_word_corres])
apply (rule_tac P=\<top> and P'=\<top> in corres_inst)
apply (clarsimp simp: ct_relation_def)
apply (wp no_irq_loadWord)+
@ -135,7 +135,7 @@ lemma getReceiveSlots_corres:
apply (simp add: getReceiveSlots_def)
apply (simp add: getReceiveSlots_def split_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ loadCapTransfer_corres])
apply (rule corres_split[OF loadCapTransfer_corres])
apply (rule corres_empty_on_failure)
apply (rule corres_splitEE)
prefer 2
@ -150,7 +150,7 @@ lemma getReceiveSlots_corres:
apply (erule lookupSlotForCNodeOp_corres [OF _ refl])
apply simp
apply (simp add: split_def liftE_bindE unlessE_whenE)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_split_norE)
apply (rule corres_trivial, simp add: returnOk_def)
apply (rule corres_whenE)
@ -434,7 +434,7 @@ next
apply (rule corres_guard_imp)
apply (rule corres_if2)
apply (case_tac "fst x", auto simp add: isCap_simps)[1]
apply (rule corres_split_deprecated [OF _ corres_set_extra_badge])
apply (rule corres_split[OF corres_set_extra_badge])
apply (drule conjunct1)
apply simp
apply (rule corres_rel_imp, rule Cons.hyps, simp_all)[1]
@ -1049,7 +1049,7 @@ lemma transferCaps_corres:
getThreadCSpaceRoot)
apply (rule corres_assume_pre)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getReceiveSlots_corres])
apply (rule corres_split[OF getReceiveSlots_corres])
apply (rule_tac x=recv_buf in option_corres)
apply (rule_tac P=\<top> and P'=\<top> in corres_inst)
apply (case_tac info, simp)
@ -1346,7 +1346,7 @@ lemma lookupCapAndSlot_corres:
apply (rule corres_guard_imp)
apply (rule_tac r'="\<lambda>rv rv'. rv' = cte_map (fst rv)"
in corres_splitEE)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule corres_returnOkTT, simp)
apply simp
apply wp+
@ -1450,8 +1450,7 @@ lemma doNormalTransfer_corres:
apply (rule corres_split_mapr [OF _ getMessageInfo_corres])
apply (rule_tac F="valid_message_info mi" in corres_gen_asm)
apply (rule_tac r'="list_all2 (\<lambda>x y. cap_relation (fst x) (fst y) \<and> snd y = cte_map (snd x))"
in corres_split_deprecated)
prefer 2
in corres_split)
apply (rule corres_if[OF refl])
apply (rule corres_split_catch)
apply (rule corres_trivial, simp)
@ -1460,7 +1459,7 @@ lemma doNormalTransfer_corres:
apply (rule corres_trivial, simp)
apply simp
apply (rule corres_split_eqr [OF _ copyMRs_corres])
apply (rule corres_split_deprecated [OF _ transferCaps_corres])
apply (rule corres_split[OF transferCaps_corres])
apply (rename_tac mi' mi'')
apply (rule_tac F="mi_label mi' = mi_label mi"
in corres_gen_asm)
@ -1894,7 +1893,7 @@ lemma handle_fault_reply_registers_corres:
od)"
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ arch_getSanitiseRegisterInfo_corres])
apply (rule corres_split[OF arch_getSanitiseRegisterInfo_corres])
apply (rule corres_split_deprecated)
apply (rule corres_trivial, simp)
apply (rule asUser_corres')
@ -2205,11 +2204,11 @@ lemma doReplyTransfer_corres:
apply (rule corres_assert_assume[rotated])
apply (clarsimp simp: cte_wp_at_ctes_of)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ threadget_fault_corres])
apply (rule corres_split[OF threadget_fault_corres])
apply (case_tac rv, simp_all add: fault_rel_optionation_def bind_assoc)[1]
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split_deprecated [OF _ cap_delete_one_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (rule corres_split[OF cap_delete_one_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule possibleSwitchTo_corres)
apply simp
apply (wp set_thread_state_runnable_valid_sched set_thread_state_runnable_weak_valid_sched_action sts_st_tcb_at' sts_st_tcb' sts_valid_queues sts_valid_objs' delete_one_tcbDomain_obj_at'
@ -2240,13 +2239,13 @@ lemma doReplyTransfer_corres:
apply (auto simp: invs'_def valid_state'_def)[1]
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ cap_delete_one_corres])
apply (rule corres_split[OF cap_delete_one_corres])
apply (rule corres_split_mapr [OF _ getMessageInfo_corres])
apply (rule corres_split_eqr [OF _ lookupIPCBuffer_corres'])
apply (rule corres_split_eqr [OF _ getMRs_corres])
apply (simp(no_asm) del: dc_simp)
apply (rule corres_split_eqr [OF _ handleFaultReply_corres])
apply (rule corres_split_deprecated [OF _ threadset_corresT])
apply (rule corres_split[OF threadset_corresT])
apply (rule_tac Q="valid_sched and cur_tcb and tcb_at receiver"
and Q'="tcb_at' receiver and cur_tcb'
and (\<lambda>s. weak_sch_act_wf (ksSchedulerAction s) s)
@ -2254,7 +2253,7 @@ lemma doReplyTransfer_corres:
in corres_guard_imp)
apply (case_tac rvb, simp_all)[1]
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (fold dc_def, rule possibleSwitchTo_corres)
apply simp
apply (wp static_imp_wp static_imp_conj_wp set_thread_state_runnable_weak_valid_sched_action sts_st_tcb_at'
@ -2473,7 +2472,7 @@ proof -
apply (case_tac bl)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres,
apply (rule corres_split[OF getEndpoint_corres,
where
R="\<lambda>rv. einvs and st_tcb_at active t and ep_at ep and
valid_ep rv and obj_at (\<lambda>ob. ob = Endpoint rv) ep
@ -2484,7 +2483,7 @@ proof -
apply (case_tac rv)
apply (simp add: ep_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply (simp add: fault_rel_optionation_def)
@ -2494,7 +2493,7 @@ proof -
\<comment> \<open>concludes IdleEP if bl branch\<close>
apply (simp add: ep_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply (simp add: fault_rel_optionation_def)
@ -2510,17 +2509,17 @@ proof -
apply simp
apply (clarsimp split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (simp add: isReceive_def split del:if_split)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac
F="\<exists>data. recv_state = Structures_A.BlockedOnReceive ep data"
in corres_gen_asm)
apply (clarsimp simp: case_bool_If case_option_If if3_fold
simp del: dc_simp split del: if_split cong: if_cong)
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split_deprecated [OF _ possibleSwitchTo_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule corres_split[OF possibleSwitchTo_corres])
apply (fold when_def)[1]
apply (rule_tac P="call" and P'="call"
@ -2564,7 +2563,7 @@ proof -
apply wp+
apply (clarsimp simp: ep_at_def2)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres,
apply (rule corres_split[OF getEndpoint_corres,
where
R="\<lambda>rv. einvs and st_tcb_at active t and ep_at ep and
valid_ep rv and obj_at (\<lambda>k. k = Endpoint rv) ep"
@ -2591,15 +2590,15 @@ proof -
apply fastforce
apply (clarsimp split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac
F="\<exists>data. recv_state = Structures_A.BlockedOnReceive ep data"
in corres_gen_asm)
apply (clarsimp simp: isReceive_def case_bool_If
split del: if_split cong: if_cong)
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule possibleSwitchTo_corres)
apply (simp add: if_apply_def2)
apply (wp hoare_drop_imps)
@ -2661,7 +2660,7 @@ lemma sendSignal_corres:
(send_signal ep bg) (sendSignal ep bg)"
apply (simp add: send_signal_def sendSignal_def Let_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getNotification_corres,
apply (rule corres_split[OF getNotification_corres,
where
R = "\<lambda>rv. einvs and ntfn_at ep and valid_ntfn rv and
ko_at (Structures_A.Notification rv) ep" and
@ -2678,16 +2677,16 @@ lemma sendSignal_corres:
apply (rule corres_guard_imp[OF setNotification_corres])
apply (clarsimp simp add: ntfn_relation_def)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule corres_if)
apply (fastforce simp: receive_blocked_def receiveBlocked_def
thread_state_relation_def
split: Structures_A.thread_state.splits
Structures_H.thread_state.splits)
apply (rule corres_split_deprecated[OF _ cancel_ipc_corres])
apply (rule corres_split_deprecated[OF _ setThreadState_corres])
apply (rule corres_split[OF cancel_ipc_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated[OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule possibleSwitchTo_corres)
apply wp
apply (clarsimp simp: thread_state_relation_def)
@ -2717,10 +2716,10 @@ lemma sendSignal_corres:
apply (rule corres_guard_imp)
apply (rule_tac F="list \<noteq> []" in corres_gen_asm)
apply (simp add: list_case_helper split del: if_split)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule possibleSwitchTo_corres)
apply ((wp | simp)+)[1]
apply (rule_tac Q="\<lambda>_. Invariants_H.valid_queues and valid_queues' and
@ -2748,10 +2747,10 @@ lemma sendSignal_corres:
apply (rule corres_guard_imp)
apply (rule_tac F="list \<noteq> []" in corres_gen_asm)
apply (simp add: list_case_helper)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule possibleSwitchTo_corres)
apply (wp cur_tcb_lift | simp)+
apply (wp sts_st_tcb_at' set_thread_state_runnable_weak_valid_sched_action
@ -3180,7 +3179,7 @@ lemma replyFromKernel_corres:
badge_register_def badgeRegister_def)
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ lookupIPCBuffer_corres])
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule corres_split_eqr [OF _ setMRs_corres])
apply (rule setMessageInfo_corres)
apply (wp hoare_case_option_wp hoare_valid_ipc_buffer_ptr_typ_at'
@ -3205,14 +3204,14 @@ lemma completeSignal_corres:
apply (rule corres_guard_imp)
apply (rule_tac R'="\<lambda>ntfn. ntfn_at' ntfnptr and tcb_at' tcb and valid_pspace'
and valid_ntfn' ntfn and (\<lambda>_. isActive ntfn)"
in corres_split_deprecated [OF _ getNotification_corres])
in corres_split[OF getNotification_corres])
apply (rule corres_gen_asm2)
apply (case_tac "ntfn_obj rv")
apply (clarsimp simp: ntfn_relation_def isActive_def
split: ntfn.splits Structures_H.notification.splits)+
apply (rule corres_guard2_imp)
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated[OF setNotification_corres asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres setNotification_corres])
apply (clarsimp simp: ntfn_relation_def)
apply (wp set_simple_ko_valid_objs get_simple_ko_wp getNotification_wp | clarsimp simp: valid_ntfn'_def)+
apply (clarsimp simp: valid_pspace'_def)
@ -3243,9 +3242,9 @@ lemma receiveIPC_corres:
apply (rename_tac word1 word2 right)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres])
apply (rule corres_split[OF getEndpoint_corres])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getBoundNotification_corres])
apply (rule corres_split[OF getBoundNotification_corres])
apply (rule_tac r'="ntfn_relation" in corres_split_deprecated)
apply (rule corres_if)
apply (clarsimp simp: ntfn_relation_def Ipc_A.isActive_def Endpoint_H.isActive_def
@ -3265,7 +3264,7 @@ lemma receiveIPC_corres:
apply (simp add: ep_relation_def)
apply (rule corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply simp
@ -3282,8 +3281,8 @@ lemma receiveIPC_corres:
apply (clarsimp simp: valid_ep_def)
apply (case_tac list, simp_all split del: if_split)[1]
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac
F="\<exists>data.
sender_state =
@ -3292,7 +3291,7 @@ lemma receiveIPC_corres:
apply (clarsimp simp: isSend_def case_bool_If
case_option_If if3_fold
split del: if_split cong: if_cong)
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (simp split del: if_split cong: if_cong)
apply (fold dc_def)[1]
apply (rule_tac P="valid_objs and valid_mdb and valid_list
@ -3316,7 +3315,7 @@ lemma receiveIPC_corres:
apply (rule corres_if2 [OF _ setupCallerCap_corres setThreadState_corres])
apply simp
apply simp
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule possibleSwitchTo_corres)
apply simp
apply (wp sts_st_tcb_at' set_thread_state_runnable_weak_valid_sched_action
@ -3346,7 +3345,7 @@ lemma receiveIPC_corres:
apply (simp add: ep_relation_def)
apply (rule_tac corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply simp
@ -3389,14 +3388,14 @@ lemma receiveSignal_corres:
obj_at (\<lambda>k. k = Notification rv) word1" and
R'="\<lambda>rv'. invs' and tcb_at' thread and ntfn_at' word1 and
valid_ntfn' rv'"
in corres_split_deprecated [OF _ getNotification_corres])
in corres_split[OF getNotification_corres])
apply clarsimp
apply (case_tac "ntfn_obj rv")
\<comment> \<open>IdleNtfn\<close>
apply (simp add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setNotification_corres)
apply (simp add: ntfn_relation_def)
apply simp
@ -3406,7 +3405,7 @@ lemma receiveSignal_corres:
apply (simp add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated[OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setNotification_corres)
apply (simp add: ntfn_relation_def)
apply simp
@ -3417,7 +3416,7 @@ lemma receiveSignal_corres:
apply (simp add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule setNotification_corres)
apply (simp add: ntfn_relation_def)
apply wp+
@ -3470,7 +3469,7 @@ lemma sendFaultIPC_corres:
apply (rule corres_guard_imp)
apply (rule corres_if2 [OF refl])
apply (simp add: dc_def[symmetric])
apply (rule corres_split_deprecated [OF sendIPC_corres threadset_corres], simp_all)[1]
apply (rule corres_split[OF threadset_corres sendIPC_corres], simp_all)[1]
apply (simp add: tcb_relation_def fault_rel_optionation_def exst_same_def)+
apply (wp thread_set_invs_trivial thread_set_no_change_tcb_state
thread_set_typ_at ep_at_typ_at ex_nonz_cap_to_pres

36
proof/refine/ARM_HYP/Refine.thy
View File

@ -551,12 +551,10 @@ lemma kernel_corres':
unfolding call_kernel_def callKernel_def
apply (simp add: call_kernel_def callKernel_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule corres_split_handle [OF _ handleEvent_corres])
apply simp
apply (rule corres_split_deprecated [OF _ corres_machine_op])
prefer 2
apply (rule corres_split[OF corres_machine_op])
apply (rule corres_underlying_trivial)
apply (rule no_fail_getActiveIRQ)
apply clarsimp
@ -578,7 +576,7 @@ lemma kernel_corres':
apply (rule_tac Q="\<lambda>_. \<top>" and E="\<lambda>_. invs'" in hoare_post_impErr)
apply wpsimp+
apply (simp add: invs'_def valid_state'_def)
apply (rule corres_split_deprecated [OF _ schedule_corres])
apply (rule corres_split[OF schedule_corres])
apply (rule activateThread_corres)
apply (wp schedule_invs' hoare_vcg_if_lift2 dmo_getActiveIRQ_non_kernel
| simp cong: rev_conj_cong | strengthen None_drop | subst Ex_Some_conv)+
@ -640,9 +638,8 @@ lemma entry_corres:
(kernel_entry event tc) (kernelEntry event tc)"
apply (simp add: kernel_entry_def kernelEntry_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split)
apply simp
apply (rule threadset_corresT)
apply (simp add: tcb_relation_def arch_tcb_relation_def
@ -650,7 +647,7 @@ lemma entry_corres:
apply (clarsimp simp: tcb_cap_cases_def)
apply (clarsimp simp: tcb_cte_cases_def)
apply (simp add: exst_same_def)
apply (rule corres_split_deprecated [OF _ kernel_corres])
apply (rule corres_split[OF kernel_corres])
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule threadGet_corres)
apply (simp add: tcb_relation_def arch_tcb_relation_def
@ -683,26 +680,21 @@ lemma do_user_op_corres:
(do_user_op f tc) (doUserOp f tc)"
apply (simp add: do_user_op_def doUserOp_def split_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule corres_split[OF getCurThread_corres])
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split)
apply (fastforce dest: absKState_correct [rotated])
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split)
apply (fastforce dest: absKState_correct [rotated])
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split)
apply (rule user_mem_corres)
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split)
apply (rule device_mem_corres)
apply (rule_tac r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" in corres_split)
apply (rule corres_gets_machine_state)
apply (rule_tac F = "dom (rvb \<circ> addrFromPPtr) \<subseteq> - dom rvd" in corres_gen_asm)
apply (rule_tac F = "dom (rvc \<circ> addrFromPPtr) \<subseteq> dom rvd" in corres_gen_asm)
apply simp
apply (rule_tac r'="(=)" in corres_split_deprecated[OF _ corres_select])
apply (rule_tac r'="(=)" in corres_split[OF corres_select])
apply (rule corres_underlying_split[OF corres_machine_op])
apply simp
apply (rule corres_underlying_trivial)
@ -758,7 +750,7 @@ lemma check_active_irq_corres':
"corres (=) \<top> \<top> (check_active_irq) (checkActiveIRQ)"
apply (simp add: check_active_irq_def checkActiveIRQ_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_machine_op[OF corres_underlying_trivial], where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply (rule corres_split[OF corres_machine_op[OF corres_underlying_trivial], where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply simp
apply (rule no_fail_getActiveIRQ)
apply (wp | simp )+

70
proof/refine/ARM_HYP/Schedule_R.thy
View File

@ -48,7 +48,7 @@ proof -
apply (simp only: findM.simps)
apply (subst P)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ x])
apply (rule corres_split[OF x])
apply (rule corres_if2)
apply (case_tac ra, clarsimp+)[1]
apply (rule corres_trivial, clarsimp)
@ -138,10 +138,10 @@ lemma arch_switchToThread_corres:
(arch_switch_to_thread t) (Arch.switchToThread t)"
apply (simp add: arch_switch_to_thread_def ARM_HYP_H.switchToThread_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_tcb_corres])
apply (rule corres_split_deprecated[OF _ vcpuSwitch_corres'])
apply (rule corres_split[OF get_tcb_corres])
apply (rule corres_split[OF vcpuSwitch_corres'])
apply (simp add: tcb_relation_def arch_tcb_relation_def)
apply (rule corres_split_deprecated[OF _ setVMRoot_corres])
apply (rule corres_split[OF setVMRoot_corres])
apply (rule corres_machine_op[OF corres_rel_imp])
apply (rule corres_underlying_trivial)
apply wpsimp
@ -727,8 +727,8 @@ proof -
setCurThread t
od)"
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ arch_switchToThread_corres])
apply (rule corres_split_deprecated[OF setCurThread_corres tcbSchedDequeue_corres])
apply (rule corres_split[OF arch_switchToThread_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres setCurThread_corres])
apply (wpsimp simp: tcb_at_is_etcb_at st_tcb_at_tcb_at)+
done
@ -798,8 +798,8 @@ lemma switchToIdleThread_corres:
"corres dc invs invs_no_cicd' switch_to_idle_thread switchToIdleThread"
apply (simp add: switch_to_idle_thread_def Thread_H.switchToIdleThread_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIdleThread_corres])
apply (rule corres_split_deprecated [OF _ arch_switchToIdleThread_corres])
apply (rule corres_split[OF getIdleThread_corres])
apply (rule corres_split[OF arch_switchToIdleThread_corres])
apply (unfold setCurThread_def)
apply (rule corres_trivial, rule corres_modify)
apply (simp add: state_relation_def cdt_relation_def)
@ -1657,7 +1657,7 @@ lemma guarded_switch_to_chooseThread_fragment_corres:
unfolding guarded_switch_to_def isRunnable_def
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule corres_assert_assume_l)
apply (rule corres_assert_assume_r)
apply (rule switchToThread_corres)
@ -1719,7 +1719,7 @@ proof -
apply (rule corres_guard_imp)
apply (rule corres_split[OF curDomain_corres'])
apply clarsimp
apply (rule corres_split_deprecated[OF _ corres_gets_queues_getReadyQueuesL1Bitmap])
apply (rule corres_split[OF corres_gets_queues_getReadyQueuesL1Bitmap])
apply (erule corres_if2[OF sym])
apply (rule switchToIdleThread_corres)
apply (rule corres_symb_exec_r)
@ -1821,7 +1821,7 @@ lemma scheduleChooseNewThread_fragment_corres:
apply (subst bind_dummy_ret_val)
apply (subst bind_dummy_ret_val)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split[OF corres_when])
apply simp
apply (rule chooseThread_corres)
apply simp
@ -1855,7 +1855,7 @@ lemma isHighestPrio_corres:
apply (clarsimp simp: gets_is_highest_prio_expand isHighestPrio_def)
apply (subst getHighestPrio_def')
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_gets_queues_getReadyQueuesL1Bitmap])
apply (rule corres_split[OF corres_gets_queues_getReadyQueuesL1Bitmap])
apply (rule corres_if_r'[where P'="\<lambda>_. True",rotated])
apply (rule_tac corres_symb_exec_r)
apply (rule_tac
@ -1893,8 +1893,8 @@ lemma scheduleChooseNewThread_corres:
schedule_choose_new_thread scheduleChooseNewThread"
unfolding schedule_choose_new_thread_def scheduleChooseNewThread_def
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getDomainTime_corres], clarsimp)
apply (rule corres_split_deprecated[OF _ scheduleChooseNewThread_fragment_corres, simplified bind_assoc])
apply (rule corres_split[OF getDomainTime_corres], clarsimp)
apply (rule corres_split[OF scheduleChooseNewThread_fragment_corres, simplified bind_assoc])
apply (rule setSchedulerAction_corres)
apply (wp | simp)+
apply (wp | simp add: getDomainTime_def)+
@ -1932,8 +1932,8 @@ lemma schedule_corres:
apply (subst thread_get_comm)
apply (subst schact_bind_inside)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres[THEN corres_rel_imp[where r="\<lambda>x y. y = x"],simplified]])
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF getCurThread_corres[THEN corres_rel_imp[where r="\<lambda>x y. y = x"],simplified]])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (rule corres_split_sched_act,assumption)
apply (rule_tac P="tcb_at ct" in corres_symb_exec_l')
apply (rule_tac corres_symb_exec_l)
@ -1943,29 +1943,29 @@ lemma schedule_corres:
prefer 2
(* choose thread *)
apply clarsimp
apply (rule corres_split_deprecated[OF _ thread_get_isRunnable_corres])
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split[OF thread_get_isRunnable_corres])
apply (rule corres_split[OF corres_when])
apply (rule scheduleChooseNewThread_corres, simp)
apply (rule tcbSchedEnqueue_corres, simp)
apply (wp thread_get_wp' tcbSchedEnqueue_invs' hoare_vcg_conj_lift hoare_drop_imps
| clarsimp)+
(* switch to thread *)
apply (rule corres_split_deprecated[OF _ thread_get_isRunnable_corres],
apply (rule corres_split[OF thread_get_isRunnable_corres],
rename_tac was_running wasRunning)
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split_deprecated[OF _ getIdleThread_corres], rename_tac it it')
apply (rule corres_split[OF corres_when])
apply (rule corres_split[OF getIdleThread_corres], rename_tac it it')
apply (rule_tac F="was_running \<longrightarrow> ct \<noteq> it" in corres_gen_asm)
apply (rule corres_split_deprecated[OF _ ethreadget_corres[where r="(=)"]],
apply (rule corres_split[OF ethreadget_corres[where r="(=)"]],
rename_tac tp tp')
apply (rule corres_split_deprecated[OF _ ethread_get_when_corres[where r="(=)"]],
apply (rule corres_split[OF ethread_get_when_corres[where r="(=)"]],
rename_tac cp cp')
apply (rule corres_split_deprecated[OF _ scheduleSwitchThreadFastfail_corres])
apply (rule corres_split_deprecated[OF _ curDomain_corres])
apply (rule corres_split_deprecated[OF _ isHighestPrio_corres]; simp only:)
apply (rule corres_split[OF scheduleSwitchThreadFastfail_corres])
apply (rule corres_split[OF curDomain_corres])
apply (rule corres_split[OF isHighestPrio_corres]; simp only:)
apply (rule corres_if, simp)
apply (rule corres_split_deprecated[OF _ tcbSchedEnqueue_corres])
apply (rule corres_split[OF tcbSchedEnqueue_corres])
apply (simp, fold dc_def)
apply (rule corres_split_deprecated[OF _ setSchedulerAction_corres])
apply (rule corres_split[OF setSchedulerAction_corres])
apply (rule scheduleChooseNewThread_corres, simp)
apply (wp | simp)+
@ -1979,9 +1979,9 @@ lemma schedule_corres:
apply (rule corres_if, fastforce)
apply (rule corres_split_deprecated[OF _ tcbSchedAppend_corres])
apply (rule corres_split[OF tcbSchedAppend_corres])
apply (simp, fold dc_def)
apply (rule corres_split_deprecated[OF _ setSchedulerAction_corres])
apply (rule corres_split[OF setSchedulerAction_corres])
apply (rule scheduleChooseNewThread_corres, simp)
apply (wp | simp)+
@ -1993,7 +1993,7 @@ lemma schedule_corres:
apply (wp tcb_sched_action_append_valid_blocked hoare_vcg_all_lift append_thread_queued)
apply (wp tcbSchedAppend_invs'_not_ResumeCurrentThread)
apply (rule corres_split_deprecated[OF _ guarded_switch_to_corres], simp)
apply (rule corres_split[OF guarded_switch_to_corres], simp)
apply (rule setSchedulerAction_corres[simplified dc_def])
apply (wp | simp)+
@ -2394,14 +2394,14 @@ lemma possibleSwitchTo_corres:
supply ethread_get_wp[wp del]
apply (simp add: possible_switch_to_def possibleSwitchTo_def cong: if_cong)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ curDomain_corres], simp)
apply (rule corres_split_deprecated[OF _ ethreadget_corres[where r="(=)"]])
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF curDomain_corres], simp)
apply (rule corres_split[OF ethreadget_corres[where r="(=)"]])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (rule corres_if, simp)
apply (rule tcbSchedEnqueue_corres)
apply (rule corres_if, simp)
apply (case_tac action; simp)
apply (rule corres_split_deprecated[OF _ rescheduleRequired_corres])
apply (rule corres_split[OF rescheduleRequired_corres])
apply (rule tcbSchedEnqueue_corres)
apply (wp rescheduleRequired_valid_queues'_weak)+
apply (rule setSchedulerAction_corres, simp)

34
proof/refine/ARM_HYP/Syscall_R.thy
View File

@ -266,7 +266,7 @@ lemma hinv_corres_assist:
prefer 2
\<comment> \<open>switched over to argument of corres_cap_fault\<close>
apply (rule lookupCapAndSlot_corres, simp)
apply (rule corres_split_deprecated [OF _ lookupIPCBuffer_corres])
apply (rule corres_split[OF lookupIPCBuffer_corres])
apply (rule corres_splitEE [OF _ lookupExtraCaps_corres])
apply (rule corres_returnOkTT)
apply simp+
@ -359,10 +359,10 @@ lemma setDomain_corres:
apply (rule corres_gen_asm2)
apply (simp add: set_domain_def setDomain_def thread_set_domain_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split_deprecated[OF _ tcbSchedDequeue_corres])
apply (rule corres_split_deprecated[OF _ ethread_set_corres])
apply (rule corres_split_deprecated[OF _ isRunnable_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres])
apply (rule corres_split[OF ethread_set_corres])
apply (rule corres_split[OF isRunnable_corres])
apply simp
apply (rule corres_split_deprecated[OF corres_when[OF refl]])
apply (rule rescheduleRequired_corres)
@ -416,9 +416,9 @@ lemma performInvocation_corres:
apply wp+
apply simp+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule corres_split_deprecated [OF _ sendIPC_corres])
apply (rule corres_split[OF sendIPC_corres])
apply (rule corres_trivial)
apply simp
apply simp
@ -429,7 +429,7 @@ lemma performInvocation_corres:
sch_act_simple_def)
apply (rule corres_guard_imp)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated [OF _ sendSignal_corres])
apply (rule corres_split[OF sendSignal_corres])
apply (rule corres_trivial)
apply (simp add: returnOk_def)
apply wp+
@ -452,7 +452,7 @@ lemma performInvocation_corres:
\<comment> \<open>domain cap\<close>
apply (clarsimp simp: invoke_domain_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setDomain_corres])
apply (rule corres_split[OF setDomain_corres])
apply (rule corres_trivial, simp)
apply (wp)+
apply (clarsimp+)[2]
@ -1228,7 +1228,7 @@ lemma handleInvocation_corres:
apply (simp add: handle_invocation_def handleInvocation_def liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule corres_split_deprecated [OF _ getMessageInfo_corres])
apply (rule corres_split[OF getMessageInfo_corres])
apply clarsimp
apply (simp add: liftM_def cap_register_def capRegister_def)
apply (rule corres_split_eqr [OF _ asUser_getRegister_corres])
@ -1238,7 +1238,7 @@ lemma handleInvocation_corres:
apply (rule handleFault_corres)
apply simp
apply (simp add: split_def)
apply (rule corres_split_deprecated [OF _ getMRs_corres])
apply (rule corres_split[OF getMRs_corres])
apply (rule decodeInvocation_corres, simp_all)[1]
apply (fastforce simp: list_all2_map2 list_all2_map1 elim: list_all2_mono)
apply (fastforce simp: list_all2_map2 list_all2_map1 elim: list_all2_mono)
@ -1248,10 +1248,10 @@ lemma handleInvocation_corres:
apply wp[1]
apply (clarsimp simp: when_def)
apply (rule replyFromKernel_corres)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule corres_splitEE [OF _ performInvocation_corres])
apply simp
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rename_tac state state')
apply (case_tac state, simp_all)[1]
apply (fold dc_def)[1]
@ -1646,10 +1646,10 @@ lemma handleYield_corres:
"corres dc einvs (invs' and ct_active' and (\<lambda>s. ksSchedulerAction s = ResumeCurrentThread)) handle_yield handleYield"
apply (clarsimp simp: handle_yield_def handleYield_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule corres_split_deprecated[OF _ tcbSchedDequeue_corres])
apply (rule corres_split_deprecated[OF _ tcbSchedAppend_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres])
apply (rule corres_split[OF tcbSchedAppend_corres])
apply (rule rescheduleRequired_corres)
apply (wp weak_sch_act_wf_lift_linear tcbSchedDequeue_valid_queues | simp add: )+
apply (simp add: invs_def valid_sched_def valid_sched_action_def
@ -1710,7 +1710,7 @@ lemma handleReply_corres:
getSlotCap_def)
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac P="einvs and cte_wp_at ((=) caller_cap) (thread, tcb_cnode_index 3)
and K (is_reply_cap caller_cap \<or> caller_cap = cap.NullCap)
and tcb_at thread and st_tcb_at active thread

20
proof/refine/ARM_HYP/TcbAcc_R.thy
View File

@ -341,7 +341,7 @@ lemma threadset_corresT:
(thread_set f t) (threadSet f' t)"
apply (simp add: thread_set_def threadSet_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getObject_TCB_corres])
apply (rule corres_split[OF getObject_TCB_corres])
apply (rule setObject_update_TCB_corres')
apply (erule x)
apply (rule y)
@ -1382,7 +1382,7 @@ lemma asUser_corres':
apply (simp add: as_user_def asUser_def)
apply (rule corres_guard_imp)
apply (rule_tac r'="\<lambda>tcb con. (arch_tcb_context_get o tcb_arch) tcb = con" in corres_split_deprecated)
apply (rule corres_split_deprecated [OF _ L4])
apply (rule corres_split[OF L4])
apply clarsimp
apply (rule corres_split_nor)
apply (rule corres_trivial, simp)
@ -1920,7 +1920,7 @@ lemma rescheduleRequired_corres:
(reschedule_required) rescheduleRequired"
apply (simp add: rescheduleRequired_def reschedule_required_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (rule_tac P="case action of switch_thread t \<Rightarrow> P t | _ \<Rightarrow> \<top>"
and P'="case actiona of SwitchToThread t \<Rightarrow> P' t | _ \<Rightarrow> \<top>" for P P' in corres_split_deprecated[where r'=dc])
apply (rule setSchedulerAction_corres)
@ -2116,9 +2116,9 @@ lemma setThreadState_corres:
apply (rule corres_split_deprecated[where r'=dc])
apply simp
apply (subst thread_get_test[where test="runnable"])
apply (rule corres_split_deprecated[OF _ thread_get_isRunnable_corres])
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF thread_get_isRunnable_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (simp only: when_def)
apply (rule corres_if[where Q=\<top> and Q'=\<top>])
apply (rule iffI)
@ -3316,7 +3316,7 @@ lemma getMRs_corres:
apply simp
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ T])
apply (rule corres_split[OF T])
apply (simp only: option.simps return_bind fun_app_def
load_word_offs_def doMachineOp_mapM ef_loadWord)
apply (rule corres_split_eqr)
@ -3607,7 +3607,7 @@ lemma lookupIPCBuffer_corres':
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ threadGet_corres])
apply (simp add: getThreadBufferSlot_def locateSlot_conv)
apply (rule corres_split_deprecated [OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F="valid_ipc_buffer_cap rv buffer_ptr"
in corres_gen_asm)
apply (rule_tac P="valid_cap rv" and Q="no_0_obj'"
@ -4535,7 +4535,7 @@ lemma get_cap_corres_all_rights_P:
apply (simp add: getSlotCap_def mask_cap_def)
apply (subst bind_return [symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres_P [where P=P]])
apply (rule corres_split[OF get_cap_corres_P [where P=P]])
defer
apply (wp getCTE_wp')+
apply simp
@ -4659,7 +4659,7 @@ lemma ethread_set_corresT:
(ethread_set f t) (threadSet f' t)"
apply (simp add: ethread_set_def threadSet_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF set_eobject_corres corres_get_etcb])
apply (rule corres_split[OF corres_get_etcb set_eobject_corres])
apply (rule x)
apply (erule e)
apply (simp add: z)+

60
proof/refine/ARM_HYP/Tcb_R.thy
View File

@ -35,7 +35,7 @@ lemma activateThread_corres:
\<and> invs s \<and> st_tcb_at ((=) ts) thread s"
and R'="\<lambda>ts s. valid_tcb_state' ts s \<and> (idle' ts \<or> runnable' ts)
\<and> invs' s \<and> st_tcb_at' (\<lambda>ts'. ts' = ts) thread s"
in corres_split_deprecated [OF _ getThreadState_corres])
in corres_split[OF getThreadState_corres])
apply (rule_tac F="idle rv \<or> runnable rv" in corres_req, simp)
apply (rule_tac F="idle' rv' \<or> runnable' rv'" in corres_req, simp)
apply (case_tac rv, simp_all add:
@ -66,8 +66,8 @@ lemma bindNotification_corres:
(bind_notification t a) (bindNotification t a)"
apply (simp add: bind_notification_def bindNotification_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getNotification_corres])
apply (rule corres_split_deprecated[OF _ setNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setBoundNotification_corres)
apply (clarsimp simp: ntfn_relation_def split: Structures_A.ntfn.splits)
apply (wp)+
@ -208,12 +208,12 @@ lemma restart_corres:
apply (simp add: Tcb_A.restart_def Thread_H.restart_def)
apply (simp add: isStopped_def2 liftM_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (clarsimp simp add: runnable_tsr idle_tsr when_def)
apply (rule corres_split_nor [OF _ cancel_ipc_corres])
apply (rule corres_split_nor [OF _ setupReplyMaster_corres])
apply (rule corres_split_nor [OF _ setThreadState_corres])
apply (rule corres_split_deprecated [OF possibleSwitchTo_corres tcbSchedEnqueue_corres])
apply (rule corres_split[OF tcbSchedEnqueue_corres possibleSwitchTo_corres])
apply (wp set_thread_state_runnable_weak_valid_sched_action sts_st_tcb_at' sts_valid_queues sts_st_tcb' | clarsimp simp: valid_tcb_state'_def)+
apply (rule_tac Q="\<lambda>rv. valid_sched and cur_tcb" in hoare_strengthen_post)
apply wp
@ -282,7 +282,7 @@ lemma invokeTCB_ReadRegisters_corres:
frameRegisters_def gpRegisters_def)
apply (rule corres_guard_imp)
apply (rule corres_split_nor)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (simp add: liftM_def[symmetric])
apply (rule asUser_corres)
apply (rule corres_Id)
@ -331,8 +331,8 @@ lemma invokeTCB_WriteRegisters_corres:
frameRegisters_def gpRegisters_def
sanitiseRegister_def sanitise_register_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split_deprecated [OF _ arch_getSanitiseRegisterInfo_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split[OF arch_getSanitiseRegisterInfo_corres])
apply (rule corres_split_nor)
prefer 2
apply (rule asUser_corres)
@ -438,13 +438,13 @@ proof -
show ?thesis
apply (simp add: invokeTCB_def performTransfer_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ corres_when [OF refl suspend_corres]], simp)
apply (rule corres_split_deprecated [OF _ corres_when [OF refl restart_corres]], simp)
apply (rule corres_split[OF corres_when [OF refl suspend_corres]], simp)
apply (rule corres_split[OF corres_when [OF refl restart_corres]], simp)
apply (rule corres_split_nor)
apply (rule corres_split_nor)
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule corres_split_nor[OF _ asUser_postModifyRegisters_corres[simplified]])
apply (rule corres_split_deprecated [OF _ corres_when[OF refl rescheduleRequired_corres]])
apply (rule corres_split[OF corres_when[OF refl rescheduleRequired_corres]])
apply (rule_tac P=\<top> and P'=\<top> in corres_inst)
apply simp
apply (wp static_imp_wp)+
@ -548,7 +548,7 @@ lemma isRunnable_corres:
apply (simp add: isRunnable_def)
apply (subst bind_return[symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (case_tac rv, clarsimp+)
apply (wp hoare_TrueI)+
apply auto
@ -625,11 +625,11 @@ lemma sp_corres2:
(set_priority t x) (setPriority t x)"
apply (simp add: setPriority_def set_priority_def thread_set_priority_def)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated [OF _ tcbSchedDequeue_corres])
apply (rule corres_split_deprecated [OF _ ethread_set_corres], simp_all)[1]
apply (rule corres_split_deprecated [OF _ isRunnable_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres])
apply (rule corres_split[OF ethread_set_corres], simp_all)[1]
apply (rule corres_split[OF isRunnable_corres])
apply (erule corres_when)
apply(rule corres_split_deprecated [OF _ getCurThread_corres])
apply(rule corres_split[OF getCurThread_corres])
apply (wp corres_if; clarsimp)
apply (rule rescheduleRequired_corres)
apply (rule possibleSwitchTo_corres)
@ -888,7 +888,7 @@ lemma checkCapAt_corres:
(checkCapAt cap' (cte_map slot) f')" using r c
apply (simp add: check_cap_at_def checkCapAt_def liftM_def when_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_if [unfolded if_apply_def2])
apply (erule(1) sameObject_corres2)
apply assumption
@ -1431,7 +1431,7 @@ proof -
apply (rule corres_split_norE)
apply (rule_tac F="is_aligned aa msg_align_bits" in corres_gen_asm2)
apply (rule corres_split_nor)
apply (rule corres_split_deprecated [OF _ getCurThread_corres], clarsimp)
apply (rule corres_split[OF getCurThread_corres], clarsimp)
apply (rule corres_when[OF refl rescheduleRequired_corres])
apply (wpsimp wp: gct_wp)+
apply (rule threadset_corres,
@ -1452,7 +1452,7 @@ proof -
apply (rule_tac F="isArchObjectCap ac" in corres_gen_asm2)
apply (rule corres_split_nor)
apply (rule corres_split_nor)
apply (rule corres_split_deprecated [OF _ getCurThread_corres], clarsimp)
apply (rule corres_split[OF getCurThread_corres], clarsimp)
apply (rule corres_when[OF refl rescheduleRequired_corres])
apply (wp gct_wp)+
apply (erule checkCapAt_cteInsert_corres)
@ -1825,14 +1825,14 @@ lemma invokeTCB_corres:
apply (case_tac option)
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindNotification_corres])
apply (rule corres_split[OF unbindNotification_corres])
apply (rule corres_trivial, simp)
apply wp+
apply clarsimp
apply clarsimp
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ bindNotification_corres])
apply (rule corres_split[OF bindNotification_corres])
apply (rule corres_trivial, simp)
apply wp+
apply clarsimp
@ -1840,9 +1840,9 @@ lemma invokeTCB_corres:
apply (clarsimp simp: obj_at'_def projectKOs)
apply (simp add: invokeTCB_def tlsBaseRegister_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ TcbAcc_R.asUser_setRegister_corres])
apply (rule corres_split_deprecated[OF _ Bits_R.getCurThread_corres])
apply (rule corres_split_deprecated[OF _ Corres_UL.corres_when])
apply (rule corres_split[OF TcbAcc_R.asUser_setRegister_corres])
apply (rule corres_split[OF Bits_R.getCurThread_corres])
apply (rule corres_split[OF Corres_UL.corres_when])
apply (rule corres_trivial, simp)
apply simp
apply (rule TcbAcc_R.rescheduleRequired_corres)
@ -1956,7 +1956,7 @@ lemma decodeReadRegisters_corres:
apply (rule corres_trivial)
apply (fastforce simp: returnOk_def)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_trivial)
apply (clarsimp simp: whenE_def)
apply (wp|simp)+
@ -1979,7 +1979,7 @@ lemma decodeWriteRegisters_corres:
apply clarsimp
apply (rule corres_guard_imp)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split_norE)
apply (rule corres_trivial, simp)
apply (rule corres_trivial, simp)
@ -2052,7 +2052,7 @@ lemma checkPrio_corres:
apply (simp add: check_prio_def checkPrio_def)
apply (rule corres_guard_imp)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ threadGet_corres])
apply (rule corres_split[OF threadGet_corres])
apply (rule_tac rvr = dc and
R = \<top> and
R' = \<top> in
@ -2333,7 +2333,7 @@ lemma slotCapLongRunningDelete_corres:
apply (clarsimp simp: slot_cap_long_running_delete_def
slotCapLongRunningDelete_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (auto split: cap_relation_split_asm arch_cap.split_asm
intro!: corres_rel_imp [OF isFinalCapability_corres[where ptr=ptr]]
simp: liftM_def[symmetric] final_matters'_def
@ -2378,8 +2378,8 @@ lemma decodeSetSpace_corres:
getThreadCSpaceRoot getThreadVSpaceRoot
split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ slotCapLongRunningDelete_corres])
apply (rule corres_split_deprecated [OF _ slotCapLongRunningDelete_corres])
apply (rule corres_split[OF slotCapLongRunningDelete_corres])
apply (rule corres_split[OF slotCapLongRunningDelete_corres])
apply (rule corres_split_norE)
apply (simp(no_asm) add: split_def unlessE_throwError_returnOk
bindE_assoc cap_CNode_case_throw

15
proof/refine/ARM_HYP/Untyped_R.thy
View File

@ -932,7 +932,7 @@ lemma corres_list_all2_mapM_':
apply simp
apply (clarsimp simp add: mapM_x_def sequence_x_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ y])
apply (rule corres_split[OF y])
apply (clarsimp dest!: suffix_ConsD)
apply (erule meta_allE, (drule(1) meta_mp)+)
apply assumption
@ -1534,10 +1534,9 @@ shows
apply (rule corres_underlying_symb_exec_l [OF set_original_symb_exec_l])
apply (rule corres_cong[OF refl refl _ refl refl, THEN iffD1])
apply (rule bind_return[THEN fun_cong])
apply (rule corres_split_deprecated [OF _ setCTE_corres])
apply (rule corres_split[OF setCTE_corres])
apply (subst bind_return[symmetric],
rule corres_split_deprecated)
prefer 2
rule corres_split)
apply (simp add: dc_def[symmetric])
apply (rule updateMDB_symb_exec_r)
apply (simp add: dc_def[symmetric])
@ -3276,7 +3275,7 @@ lemma createNewCaps_ranges':
declare split_paired_Ex[simp del]
lemmas corres_split_retype_createNewCaps
= corres_split_deprecated [OF _ corres_retype_region_createNewCaps,
= corres_split[OF corres_retype_region_createNewCaps,
simplified bind_assoc, simplified ]
declare split_paired_Ex[simp add]
@ -4234,7 +4233,7 @@ lemma resetUntypedCap_corres:
apply (simp add: reset_untyped_cap_def resetUntypedCap_def
liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F="cap = cap.UntypedCap dev ptr sz idx
\<and> (\<exists>s. s \<turnstile> cap)" in corres_gen_asm)
apply (clarsimp simp: bits_of_def free_index_of_def unlessE_def
@ -4242,7 +4241,7 @@ lemma resetUntypedCap_corres:
apply (rule corres_if[OF refl])
apply (rule corres_returnOk[where P=\<top> and P'=\<top>], simp)
apply (simp add: liftE_bindE bits_of_def split del: if_split)
apply (rule corres_split_deprecated[OF _ deleteObjects_corres])
apply (rule corres_split[OF deleteObjects_corres])
apply (rule corres_if)
apply simp
apply (simp add: bits_of_def shiftL_nat)
@ -4895,7 +4894,7 @@ lemma inv_untyped_corres':
sz (if reset then 0 else idx)" in corres_gen_asm)
apply (rule corres_add_noop_lhs)
apply (rule corres_split_nor[OF _ cNodeNoOverlap return_wp stateAssert_wp])
apply (rule corres_split_deprecated[OF _ updateFreeIndex_corres,rotated])
apply (rule corres_split[OF updateFreeIndex_corres,rotated])
apply (simp add:isCap_simps)+
apply (clarsimp simp:getFreeIndex_def bits_of_def shiftL_nat shiftl_t2n
free_index_of_def)

171
proof/refine/ARM_HYP/VSpace_R.thy
View File

@ -270,7 +270,7 @@ lemma findPDForASIDAssert_known_corres:
apply clarsimp
apply (erule(3) find_pd_for_asid_assert_eq[symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ findPDForASIDAssert_corres[where pd=pd]])
apply (rule corres_split[OF findPDForASIDAssert_corres[where pd=pd]])
apply simp
apply wp+
apply clarsimp
@ -320,10 +320,9 @@ lemma storeHWASID_corres:
(store_hw_asid a h) (storeHWASID a h)"
apply (simp add: store_hw_asid_def storeHWASID_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ findPDForASIDAssert_corres[where pd=pd]])
apply (rule corres_split[OF findPDForASIDAssert_corres[where pd=pd]])
apply (rule corres_split_eqr)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule corres_trivial, rule corres_modify)
apply (clarsimp simp: state_relation_def)
apply (simp add: arch_state_relation_def)
@ -411,14 +410,13 @@ lemma findFreeHWASID_corres:
in option.nchotomy[rule_format])
apply (erule corres_disj_division)
apply (clarsimp split del: if_split)
apply (rule corres_split_deprecated [OF _ invalidate_asid_ext_corres])
apply (rule corres_split[OF invalidate_asid_ext_corres])
apply (rule corres_underlying_split [where r'=dc])
apply (rule corres_trivial, rule corres_machine_op)
apply (rule corres_no_failI)
apply (rule no_fail_invalidateLocalTLB_ASID)
apply fastforce
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule invalidateHWASIDEntry_corres)
apply (rule corres_split_deprecated)
apply (rule corres_trivial)
@ -471,7 +469,7 @@ lemma getHWASID_corres:
apply (rule corres_split_eqr [OF _ loadHWASID_corres[where pd=pd]])
apply (case_tac maybe_hw_asid, simp_all)[1]
apply (rule corres_split_eqr [OF _ findFreeHWASID_corres])
apply (rule corres_split_deprecated [OF _ storeHWASID_corres[where pd=pd]])
apply (rule corres_split[OF storeHWASID_corres[where pd=pd]])
apply (rule corres_trivial, simp)
apply (wp load_hw_asid_wp | simp)+
apply (simp add: pd_at_asid_uniq valid_global_objs_def)
@ -667,11 +665,9 @@ lemma flushSpace_corres:
(flush_space asid) (flushSpace asid)"
apply (simp add: flushSpace_def flush_space_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule loadHWASID_corres[where pd=pd])
apply (rule corres_split_deprecated [where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
prefer 2
apply (rule corres_split[where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply (rule corres_machine_op [where r=dc])
apply (rule corres_Id, rule refl, simp)
apply (rule no_fail_cleanCaches_PoU)
@ -699,8 +695,7 @@ lemma invalidateTLBByASID_corres:
(invalidate_tlb_by_asid asid) (invalidateTLBByASID asid)"
apply (simp add: invalidate_tlb_by_asid_def invalidateTLBByASID_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
prefer 2
apply (rule corres_split[where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply (rule loadHWASID_corres[where pd=pd])
apply (case_tac maybe_hw_asid)
apply simp
@ -847,7 +842,7 @@ lemma vcpuSaveReg_corres[corres]:
apply (clarsimp simp: vcpu_save_reg_def vcpuSaveReg_def)
apply (rule corres_guard_imp)
apply (rule corres_assert_gen_asm2)
apply (rule corres_split_deprecated[OF _ corres_machine_op[where r="(=)"]])
apply (rule corres_split[OF corres_machine_op[where r="(=)"]])
apply (rule vcpuUpdate_corres, fastforce simp: vcpu_relation_def vgic_map_def)
apply (wpsimp wp: corres_Id)+
done
@ -866,7 +861,7 @@ lemma vcpuRestoreReg_corres[corres]:
apply (clarsimp simp: vcpu_restore_reg_def vcpuRestoreReg_def)
apply (rule corres_guard_imp)
apply (rule corres_assert_gen_asm2)
apply (rule corres_split_deprecated[OF _ getObject_vcpu_corres])
apply (rule corres_split[OF getObject_vcpu_corres])
apply (rule corres_machine_op)
apply (rule corres_Id)
apply (fastforce simp: vcpu_relation_def)
@ -915,7 +910,7 @@ lemma restoreVirtTimer_corres[corres]:
apply (rule corres_split_eqr[OF _ vcpuReadReg_corres], simp)
apply (rule corres_split_eqr[OF _ vcpuReadReg_corres])
apply (rule corres_split_eqr[OF _ corres_machine_op], simp)+
apply (rule corres_split_deprecated[OF _ getObject_vcpu_corres])
apply (rule corres_split[OF getObject_vcpu_corres])
apply (rule corres_split_eqr[OF _ vcpuReadReg_corres])
apply (rule corres_split_eqr[OF _ vcpuReadReg_corres])
apply (clarsimp simp: vcpu_relation_def)
@ -941,13 +936,13 @@ lemma vcpuSave_corres:
apply (rule corres_split_dc[OF _ corres_machine_op])
apply (rule corres_split_deprecated[where r'=dc])
apply (rule corres_split_eqr[OF _ corres_machine_op], simp)
apply (rule corres_split_deprecated[OF _ vgicUpdate_corres])
apply (rule corres_split[OF vgicUpdate_corres])
apply (rule corres_split_eqr[OF _ corres_machine_op], simp)
apply (rule corres_split_deprecated[OF _ vgicUpdate_corres])
apply (rule corres_split[OF vgicUpdate_corres])
apply (rule corres_split_eqr, simp)
apply (simp add: mapM_discarded)
apply (rule corres_split_deprecated[OF _ corres_mapM_x[OF _ _ _ _ subset_refl]])
apply (rule corres_split_deprecated[OF _ vcpuSaveRegRange_corres])
apply (rule corres_split[OF corres_mapM_x[OF _ _ _ _ subset_refl]])
apply (rule corres_split[OF vcpuSaveRegRange_corres])
apply (rule corres_machine_op)
apply (wpsimp wp: corres_Id simp: vcpu_relation_def vgic_map_def)+
apply (rule corres_split_eqr[OF _ corres_machine_op]
@ -958,9 +953,9 @@ lemma vcpuSave_corres:
apply (fastforce simp add: state_relation_def arch_state_relation_def)
apply (wpsimp wp: corres_Id no_fail_isb simp: vcpu_relation_def vgic_map_def)+
apply (rule corres_when, simp)
apply (rule corres_split_deprecated[OF _ vcpuSaveReg_corres])
apply (rule corres_split[OF vcpuSaveReg_corres])
apply (rule corres_split_eqr[OF _ corres_machine_op], simp, fold dc_def)
apply (rule corres_split_deprecated[OF _ vgicUpdate_corres])
apply (rule corres_split[OF vgicUpdate_corres])
apply (rule saveVirtTimer_corres)
apply (wpsimp wp: corres_Id no_fail_isb hoare_vcg_imp_lift' no_fail_dsb
simp: vcpu_relation_def vgic_map_def if_apply_def2)+
@ -1004,7 +999,7 @@ lemma vcpuEnable_corres:
apply (simp add: vcpu_enable_def vcpuEnable_def doMachineOp_bind do_machine_op_bind bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_dc[OF _ vcpuRestoreReg_corres])+
apply (rule corres_split_deprecated[OF _ getObject_vcpu_corres], rename_tac vcpu')
apply (rule corres_split[OF getObject_vcpu_corres], rename_tac vcpu')
apply (case_tac vcpu')
apply (rule corres_split_dc[OF _ corres_machine_op]
| rule corres_machine_op corres_Id restoreVirtTimer_corres
@ -1022,8 +1017,8 @@ lemma vcpuRestore_corres:
apply (rule corres_guard_imp)
apply (rule corres_split_dc[OF _ corres_machine_op]
| rule corres_machine_op corres_Id)+
apply (rule corres_split_deprecated[OF _ getObject_vcpu_corres], rename_tac vcpu')
apply (rule corres_split_deprecated[OF _ corres_gets_gicvcpu_numlistregs])
apply (rule corres_split[OF getObject_vcpu_corres], rename_tac vcpu')
apply (rule corres_split[OF corres_gets_gicvcpu_numlistregs])
apply (case_tac vcpu'
, clarsimp simp: comp_def vcpu_relation_def vgic_map_def mapM_x_mapM
uncurry_def split_def mapM_map_simp)
@ -1202,7 +1197,7 @@ proof -
pspace_aligned and pspace_distinct and
cte_wp_at ((=) thread_root) thread_root_slot"
and R'="\<lambda>thread_root. pspace_aligned' and pspace_distinct' and no_0_obj' and tcb_at' t"
in corres_split_deprecated [OF _ getSlotCap_corres])
in corres_split[OF getSlotCap_corres])
apply (case_tac rv, simp_all add: isCap_simps Q[simplified])[1]
apply (rename_tac arch_cap)
apply (case_tac arch_cap, simp_all add: isCap_simps Q[simplified])[1]
@ -1301,8 +1296,8 @@ lemma invalidateASIDEntry_corres:
(invalidate_asid_entry asid) (invalidateASIDEntry asid)"
apply (simp add: invalidate_asid_entry_def invalidateASIDEntry_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ loadHWASID_corres[where pd=pd]])
apply (rule corres_split_deprecated [OF _ corres_when])
apply (rule corres_split[OF loadHWASID_corres[where pd=pd]])
apply (rule corres_split[OF corres_when])
apply (rule invalidateASID_corres[where pd=pd])
apply simp
apply simp
@ -1356,7 +1351,7 @@ lemma deleteASID_corres:
(delete_asid asid pd) (deleteASID asid pd)"
apply (simp add: delete_asid_def deleteASID_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ corres_gets_asid])
apply (rule corres_split[OF corres_gets_asid])
apply (case_tac "asid_table (asid_high_bits_of asid)", simp)
apply clarsimp
apply (rule_tac P="\<lambda>s. asid_high_bits_of asid \<in> dom (asidTable o ucast) \<longrightarrow>
@ -1364,18 +1359,16 @@ lemma deleteASID_corres:
P'="pspace_aligned' and pspace_distinct'" and
Q="invs and valid_etcbs and K (asid \<le> mask asid_bits \<and> asid \<noteq> 0) and
(\<lambda>s. arm_asid_table (arch_state s) = asidTable \<circ> ucast)" in
corres_split_deprecated)
prefer 2
corres_split)
apply (simp add: dom_def)
apply (rule get_asid_pool_corres_inv')
apply (rule corres_when, simp add: mask_asid_low_bits_ucast_ucast)
apply (rule corres_split_deprecated [OF _ flushSpace_corres[where pd=pd]])
apply (rule corres_split_deprecated [OF _ invalidateASIDEntry_corres[where pd=pd]])
apply (rule corres_split[OF flushSpace_corres[where pd=pd]])
apply (rule corres_split[OF invalidateASIDEntry_corres[where pd=pd]])
apply (rule_tac P="asid_pool_at (the (asidTable (ucast (asid_high_bits_of asid))))
and valid_etcbs"
and P'="pspace_aligned' and pspace_distinct'"
in corres_split_deprecated)
prefer 2
in corres_split)
apply (simp del: fun_upd_apply)
apply (rule setObject_ASIDPool_corres')
apply (simp add: inv_def mask_asid_low_bits_ucast_ucast)
@ -1383,7 +1376,7 @@ lemma deleteASID_corres:
apply (clarsimp simp: o_def)
apply (erule notE)
apply (erule ucast_ucast_eq, simp, simp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule setVMRoot_corres)
apply wp+
@ -1450,13 +1443,12 @@ lemma deleteASIDPool_corres:
cong: corres_weak_cong)
apply (thin_tac P for P)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ corres_gets_asid])
apply (rule corres_split[OF corres_gets_asid])
apply (rule corres_when)
apply simp
apply (simp add: liftM_def)
apply (rule corres_split_deprecated [OF _ getObject_ASIDPool_corres'])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split[OF getObject_ASIDPool_corres'])
apply (rule corres_split)
apply (rule corres_mapM [where r=dc and r'=dc], simp, simp)
prefer 5
apply (rule order_refl)
@ -1472,7 +1464,7 @@ lemma deleteASIDPool_corres:
apply (clarsimp simp: ucast_ucast_low_bits)
apply simp
apply (rule_tac pd1="the (pool (ucast xa))"
in corres_split_deprecated [OF _ flushSpace_corres])
in corres_split[OF flushSpace_corres])
apply (rule_tac pd="the (pool (ucast xa))"
in invalidateASIDEntry_corres)
apply wp
@ -1527,8 +1519,7 @@ lemma deleteASIDPool_corres:
apply (simp add: asid_low_bits_word_bits)
apply clarsimp
apply ((wp|clarsimp simp: o_def)+)[3]
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule corres_modify [where P=\<top> and P'=\<top>])
apply (simp add: state_relation_def arch_state_relation_def)
apply (rule ext)
@ -1538,8 +1529,7 @@ lemma deleteASIDPool_corres:
apply (drule_tac x1="ucast xa" in bang_eq [THEN iffD1])
apply (erule_tac x=n in allE)
apply (simp add: word_size nth_ucast)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule getCurThread_corres)
apply (simp only:)
apply (rule setVMRoot_corres)
@ -1602,14 +1592,14 @@ proof -
return True
od)"
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ armv_contextSwitch_corres])
apply (rule corres_split[OF armv_contextSwitch_corres])
apply (rule corres_trivial)
apply (wp | simp)+
done
show ?thesis
apply (simp add: set_vm_root_for_flush_def setVMRootForFlush_def getThreadVSpaceRoot_def locateSlot_conv)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split_deprecated [where R="\<lambda>_. vspace_at_asid asid pd and K (asid \<noteq> 0 \<and> asid \<le> mask asid_bits)
and valid_asid_map and valid_vs_lookup
and valid_vspace_objs
@ -1822,13 +1812,13 @@ lemma flushTable_corres:
apply (simp add: ptBits_def pt_bits_def pageBits_def is_aligned_mask cong: corres_weak_cong)
apply (thin_tac "P" for P)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setVMRootForFlush_corres])
apply (rule corres_split_deprecated [OF _ load_hw_asid_corres2[where pd=pd]])
apply (rule corres_split[OF setVMRootForFlush_corres])
apply (rule corres_split[OF load_hw_asid_corres2[where pd=pd]])
apply (clarsimp cong: corres_weak_cong)
apply (rule corres_when, rule refl)
apply (rule corres_split_deprecated[where r' = dc, OF corres_when corres_machine_op])
apply simp
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (simp, rule setVMRoot_corres)
apply ((wp mapM_wp' hoare_vcg_const_imp_lift get_pte_wp getPTE_wp|
wpc|simp|fold cur_tcb_def cur_tcb'_def)+)[4]
@ -1857,13 +1847,13 @@ lemma flushPage_corres:
apply (simp add: is_aligned_mask cong: corres_weak_cong)
apply (thin_tac P for P)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setVMRootForFlush_corres])
apply (rule corres_split_deprecated [OF _ load_hw_asid_corres2[where pd=pd]])
apply (rule corres_split[OF setVMRootForFlush_corres])
apply (rule corres_split[OF load_hw_asid_corres2[where pd=pd]])
apply (clarsimp cong: corres_weak_cong)
apply (rule corres_when, rule refl)
apply (rule corres_split_deprecated [OF _ corres_machine_op [where r=dc]])
apply (rule corres_split[OF corres_machine_op [where r=dc]])
apply (rule corres_when, rule refl)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule setVMRoot_corres)
apply wp+
@ -1920,7 +1910,7 @@ lemma pageTableMapped_corres:
apply (rule corres_trivial, simp)
apply (rule corres_split_eqrE [OF _ find_pd_for_asid_corres])
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated [OF _ getObject_PDE_corres'])
apply (rule corres_split[OF getObject_PDE_corres'])
apply (rule corres_trivial)
apply (case_tac rv,
simp_all add: returnOk_def pde_relation_aligned_def
@ -1984,8 +1974,8 @@ lemma unmapPageTable_corres:
apply (rule corres_split_eqr [OF _ pageTableMapped_corres])
apply (simp add: case_option_If2 split del: if_split)
apply (rule corres_if2[OF refl])
apply (rule corres_split_deprecated [OF _ storePDE_corres'])
apply (rule corres_split_deprecated[OF _ corres_machine_op])
apply (rule corres_split[OF storePDE_corres'])
apply (rule corres_split[OF corres_machine_op])
apply (rule flushTable_corres)
apply (rule corres_Id, rule refl, simp)
apply (wp no_fail_cleanByVA_PoU)+
@ -2080,7 +2070,7 @@ lemma checkMappingPPtr_corres:
checkMappingPPtr_def)
apply (cases slotptr, simp_all add: liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getObject_PTE_corres'])
apply (rule corres_split[OF getObject_PTE_corres'])
apply (rule corres_trivial)
subgoal by (cases sz,
auto simp add: is_aligned_mask[symmetric]
@ -2091,7 +2081,7 @@ lemma checkMappingPPtr_corres:
apply simp
apply (simp add:is_aligned_mask[symmetric] is_aligned_shiftr pg_entry_align_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getObject_PDE_corres'])
apply (rule corres_split[OF getObject_PDE_corres'])
apply (rule corres_trivial)
subgoal by (cases sz,
auto simp add: is_aligned_mask[symmetric]
@ -2152,7 +2142,7 @@ lemma unmapPage_corres:
apply simp
apply (rule corres_splitEE[OF _ checkMappingPPtr_corres])
apply simp
apply (rule corres_split_deprecated [OF _ storePTE_corres'])
apply (rule corres_split[OF storePTE_corres'])
apply (rule corres_machine_op)
apply (rule corres_Id, rule refl, simp)
apply (rule no_fail_cleanByVA_PoU)
@ -2168,7 +2158,7 @@ lemma unmapPage_corres:
apply (simp add: is_aligned_mask[symmetric])
apply (rule corres_split_strengthen_ftE[OF checkMappingPPtr_corres])
apply simp
apply (rule corres_split_deprecated [OF _ corres_mapM])
apply (rule corres_split[OF corres_mapM])
prefer 8
apply (rule order_refl)
apply (rule corres_machine_op)
@ -2197,7 +2187,7 @@ lemma unmapPage_corres:
apply (rule corres_guard_imp)
apply (rule corres_split_strengthen_ftE[OF checkMappingPPtr_corres])
apply simp
apply (rule corres_split_deprecated[OF _ storePDE_corres'])
apply (rule corres_split[OF storePDE_corres'])
apply (rule corres_machine_op)
apply (rule corres_Id, rule refl, simp)
apply (rule no_fail_cleanByVA_PoU)
@ -2309,12 +2299,11 @@ lemma performPageDirectoryInvocation_corres:
apply (clarsimp simp: page_directory_invocation_map_def)
apply (rule corres_guard_imp)
apply (rule corres_when, simp)
apply (rule corres_split_deprecated [OF _ setVMRootForFlush_corres])
apply (rule corres_split_deprecated [OF _ corres_machine_op])
prefer 2
apply (rule corres_split[OF setVMRootForFlush_corres])
apply (rule corres_split[OF corres_machine_op])
apply (rule doFlush_corres)
apply (rule corres_when, simp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply clarsimp
apply (rule setVMRoot_corres)
apply wp+
@ -2598,7 +2587,7 @@ lemma pteCheckIfMapped_corres:
"corres (=) (pte_at slot) ((\<lambda>s. vs_valid_duplicates' (ksPSpace s)) and pspace_aligned' and pspace_distinct') (pte_check_if_mapped slot) (pteCheckIfMapped slot)"
apply (simp add: pte_check_if_mapped_def pteCheckIfMapped_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_master_pte_corres', simplified])
apply (rule corres_split[OF get_master_pte_corres', simplified])
apply (rule corres_return[where P="pte_at slot" and
P'="pspace_aligned' and pspace_distinct'", THEN iffD2])
apply (clarsimp simp: master_pte_relation_def isLargePage_def' split: if_split_asm)
@ -2612,7 +2601,7 @@ lemma pdeCheckIfMapped_corres:
"corres (=) (pde_at slot) ((\<lambda>s. vs_valid_duplicates' (ksPSpace s)) and pspace_aligned' and pspace_distinct') (pde_check_if_mapped slot) (pdeCheckIfMapped slot)"
apply (simp add: pde_check_if_mapped_def pdeCheckIfMapped_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ get_master_pde_corres', simplified])
apply (rule corres_split[OF get_master_pde_corres', simplified])
apply (rule corres_return[where P="pde_at slot" and
P'="pspace_aligned' and pspace_distinct'", THEN iffD2])
apply (clarsimp simp: master_pde_relation_def isSuperSection_def' split: if_split_asm)
@ -2788,8 +2777,7 @@ proof -
apply (rule_tac R="\<lambda>_. invs and (valid_page_map_inv word cap (a,b) sum) and valid_etcbs
and (\<lambda>s. caps_of_state s (a,b) = Some cap)"
and R'="\<lambda>_. invs' and valid_slots' m' and pspace_aligned' and valid_slots_duplicated' m'
and pspace_distinct' and (\<lambda>s. vs_valid_duplicates' (ksPSpace s))" in corres_split_deprecated)
prefer 2
and pspace_distinct' and (\<lambda>s. vs_valid_duplicates' (ksPSpace s))" in corres_split)
apply (erule updateCap_same_master)
apply (case_tac sum, case_tac aa)
apply (rename_tac slots)
@ -2803,8 +2791,8 @@ proof -
apply (fastforce split: pte.splits)
apply (clarsimp simp: mapM_Cons bind_assoc split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ pteCheckIfMapped_corres])
apply (rule corres_split_deprecated[OF _ storePTE_corres'])
apply (rule corres_split[OF pteCheckIfMapped_corres])
apply (rule corres_split[OF storePTE_corres'])
apply (rule corres_split_deprecated[where r' = dc, OF _ corres_store_pte_with_invalid_tail])
apply (rule corres_split_deprecated[where r'=dc, OF _ corres_machine_op[OF corres_Id]])
apply (rule corres_split[where r'=dc, OF _ corres_return_eq_same[OF refl]])
@ -2863,8 +2851,8 @@ proof -
apply (fastforce split: pde.splits)
apply (clarsimp simp:mapM_Cons bind_assoc split del:if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ pdeCheckIfMapped_corres])
apply (rule corres_split_deprecated[OF _ storePDE_corres'])
apply (rule corres_split[OF pdeCheckIfMapped_corres])
apply (rule corres_split[OF storePDE_corres'])
apply (rule corres_split_deprecated[where r'=dc, OF _ corres_store_pde_with_invalid_tail])
apply (rule corres_split_deprecated[where r'=dc,OF _ corres_machine_op[OF corres_Id]])
apply (rule corres_split[where r'=dc, OF _ corres_return_eq_same[OF refl]])
@ -2942,8 +2930,7 @@ proof -
apply (case_tac m)
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [where r'="acap_relation"])
prefer 2
apply (rule corres_split[where r'="acap_relation"])
apply simp
apply (rule corres_rel_imp)
apply (rule get_cap_corres_all_rights_P[where P=is_arch_cap], rule refl)
@ -2959,11 +2946,9 @@ proof -
apply (auto simp: cte_wp_at_ctes_of)[1]
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule unmapPage_corres)
apply (rule corres_split_deprecated [where r'=acap_relation])
prefer 2
apply (rule corres_split[where r'=acap_relation])
apply simp
apply (rule corres_rel_imp)
apply (rule get_cap_corres_all_rights_P[where P=is_arch_cap], rule refl)
@ -2990,12 +2975,11 @@ proof -
apply (rule corres_guard_imp)
apply (rule corres_split[where r'=dc, OF _ corres_return_eq_same[OF refl]])
apply (rule corres_when, simp)
apply (rule corres_split_deprecated [OF _ setVMRootForFlush_corres])
apply (rule corres_split_deprecated [OF _ corres_machine_op])
prefer 2
apply (rule corres_split[OF setVMRootForFlush_corres])
apply (rule corres_split[OF corres_machine_op])
apply (rule doFlush_corres)
apply (rule corres_when, simp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule setVMRoot_corres)
apply wp+
@ -3078,10 +3062,9 @@ lemma performPageTableInvocation_corres:
apply (cases pti)
apply (clarsimp simp: page_table_invocation_map_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ updateCap_same_master])
prefer 2
apply (rule corres_split[OF updateCap_same_master])
apply assumption
apply (rule corres_split_deprecated [OF _ storePDE_corres'])
apply (rule corres_split[OF storePDE_corres'])
apply (rule corres_machine_op)
apply (rule corres_Id, rule refl, simp)
apply (rule no_fail_cleanByVA_PoU)
@ -3105,13 +3088,13 @@ lemma performPageTableInvocation_corres:
apply (rule corres_guard_imp)
apply (rule corres_split_nor)
apply (simp add: liftM_def)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="is_pt_cap x" in corres_gen_asm)
apply (rule updateCap_same_master)
apply (clarsimp simp: is_pt_cap_def update_map_data_def)
apply (wp get_cap_wp)+
apply (rule corres_if[OF refl])
apply (rule corres_split_deprecated [OF _ unmapPageTable_corres])
apply (rule corres_split[OF unmapPageTable_corres])
apply (rule corres_split_nor)
apply (rule corres_machine_op, rule corres_Id)
apply simp+
@ -3165,18 +3148,16 @@ lemma performASIDPoolInvocation_corres:
apply (cases ap, simp add: asid_pool_invocation_map_def)
apply (rename_tac word1 word2 prod)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F="\<exists>p asid. rv = Structures_A.ArchObjectCap (ARM_A.PageDirectoryCap p asid)" in corres_gen_asm)
apply clarsimp
apply (rule_tac Q="valid_objs and pspace_aligned and pspace_distinct and asid_pool_at word2 and valid_etcbs and
cte_wp_at (\<lambda>c. cap_master_cap c =
cap_master_cap (cap.ArchObjectCap (arch_cap.PageDirectoryCap p asid))) (a,b)"
in corres_split_deprecated)
prefer 2
in corres_split)
apply simp
apply (rule get_asid_pool_corres_inv')
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule updateCap_same_master)
apply simp
apply (rule corres_rel_imp)

2
proof/refine/RISCV64/ArchAcc_R.thy
View File

@ -980,7 +980,7 @@ lemma findVSpaceForASID_corres:
apply (simp add: liftME_def bindE_assoc)
apply (simp add: liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getObject_ASIDPool_corres[OF refl]])
apply (rule corres_split[OF getObject_ASIDPool_corres[OF refl]])
apply (rule_tac P="case_option \<top> pt_at (pool (ucast asid)) and pspace_aligned and pspace_distinct"
and P'="no_0_obj'" in corres_inst)
apply (rule_tac F="pool (ucast asid) \<noteq> Some 0" in corres_req)

23
proof/refine/RISCV64/Arch_R.thy
View File

@ -155,15 +155,13 @@ lemma performASIDControlInvocation_corres:
apply (frule valid_capAligned)
apply (clarsimp simp: capAligned_def page_bits_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (erule deleteObjects_corres)
apply (simp add:pageBits_def)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F = " pcap = (cap.UntypedCap False word1 pageBits idxa)" in corres_gen_asm)
apply (rule corres_split_deprecated[OF _ updateFreeIndex_corres])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split[OF updateFreeIndex_corres])
apply (rule corres_split)
apply (simp add: retype_region2_ext_retype_region_ArchObject )
apply (rule corres_retype [where ty="Inl (KOArch (KOASIDPool F))" for F,
unfolded APIType_map2_def makeObjectKO_def,
@ -178,13 +176,11 @@ lemma performASIDControlInvocation_corres:
apply (simp add: makeObject_asidpool const_def inv_def)
apply (rule range_cover_full)
apply (simp add:obj_bits_api_def arch_kobj_size_def default_arch_object_def)+
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule cteInsert_simple_corres, simp, rule refl, rule refl)
apply (rule_tac F="asid_low_bits_of word2 = 0" in corres_gen_asm)
apply (simp add: is_aligned_mask dc_def[symmetric])
apply (rule corres_split_deprecated [where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t = t' o ucast"])
prefer 2
apply (rule corres_split[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t = t' o ucast"])
apply (clarsimp simp: state_relation_def arch_state_relation_def)
apply (rule corres_trivial)
apply (rule corres_modify)
@ -459,7 +455,7 @@ lemma checkSlot_corres:
(checkSlot p test')"
apply (simp add: check_slot_def checkSlot_def unlessE_whenE liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getObject_PTE_corres])
apply (rule corres_split[OF getObject_PTE_corres])
apply (rule corres_whenE, simp)
apply (rule corres_trivial, simp)
apply simp
@ -720,7 +716,7 @@ lemma decodeX64PageTableInvocation_corres:
apply (rule corres_symb_exec_r_conj)
apply (rule_tac F="isArchCap isPageTableCap (cteCap cteVal)"
in corres_gen_asm2)
apply (rule corres_split_deprecated[OF _ isFinalCapability_corres[where ptr=slot]])
apply (rule corres_split[OF isFinalCapability_corres[where ptr=slot]])
apply (drule mp)
apply (clarsimp simp: isCap_simps final_matters'_def)
apply (rule whenE_throwError_corres; simp)
@ -730,8 +726,7 @@ lemma decodeX64PageTableInvocation_corres:
page_table_invocation_map_def)
apply (cases opt, clarsimp simp: mdata_map_def)
apply (clarsimp simp: bind_bindE_assoc)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply datatype_schem
apply (rule maybeVSpaceForASID_corres, simp)
apply (rule whenE_throwError_corres; simp)

14
proof/refine/RISCV64/CNodeInv_R.thy
View File

@ -114,8 +114,7 @@ lemma corres_split_liftM2:
and h1: "\<lbrace>Q\<rbrace> a \<lbrace>R\<rbrace>" and h2: "\<lbrace>Q'\<rbrace> c \<lbrace>\<lambda>x. R' (f x)\<rbrace>"
shows "corres r (P and Q) (P' and Q') (a >>= b) (liftM f c >>= d)"
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ _ h1])
prefer 2
apply (rule corres_split[OF _ _ h1])
apply (simp add: o_def)
apply (rule corr)
apply (erule r1)
@ -178,8 +177,7 @@ lemma decodeCNodeInvocation_corres:
apply (rule corres_splitEE [OF _ ensureEmptySlot_corres])
apply (rule corres_splitEE [OF _ lookupSlotForCNodeOp_corres])
apply (simp(no_asm) add: liftE_bindE del: de_Morgan_conj split del: if_split)
apply (rule corres_split_deprecated [OF _ get_cap_corres'])
prefer 2
apply (rule corres_split[OF get_cap_corres'])
apply (simp add: split_def)
apply (rule whenE_throwError_corres)
apply (simp add: lookup_failure_map_def)
@ -262,7 +260,7 @@ lemma decodeCNodeInvocation_corres:
apply (rule corres_guard_imp)
apply (rule corres_splitEE [OF _ lookupSlotForCNodeOp_corres])
apply (simp(no_asm) add: split_beta liftE_bindE)
apply (rule corres_split_deprecated [OF _ get_cap_corres'])
apply (rule corres_split[OF get_cap_corres'])
apply (rule corres_split_norE)
apply (rule corres_trivial)
apply (clarsimp simp add: returnOk_def)
@ -7200,7 +7198,7 @@ next
apply (simp add: in_monad)
apply (rule drop_spec_corres)
apply (simp add: liftE_bindE del: rec_del.simps)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="cteCap ourCTE = Zombie ptr (zbits_map bits) (Suc n)
\<or> cteCap ourCTE = NullCap
\<or> (\<exists>zb n cp. cteCap ourCTE = Zombie (cte_map slot) zb n
@ -8735,11 +8733,11 @@ lemma invokeCNode_corres:
apply (rename_tac prod)
apply (simp add: getThreadCallerSlot_def locateSlot_conv objBits_simps)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (subgoal_tac "thread + 2^cte_level_bits * tcbCallerSlot = cte_map (thread, tcb_cnode_index 3)")
prefer 2
apply (simp add: cte_map_def tcb_cnode_index_def tcbCallerSlot_def cte_level_bits_def)
apply (rule corres_split_deprecated [OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac P="\<lambda>s. (is_reply_cap cap \<or> cap = cap.NullCap) \<and>
(is_reply_cap cap \<longrightarrow>
(einvs and cte_at (threada, tcb_cnode_index 3) and

10
proof/refine/RISCV64/CSpace1_R.thy
View File

@ -323,7 +323,7 @@ lemma getSlotCap_corres:
apply (simp add: getSlotCap_def)
apply (subst bind_return [symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_trivial, simp)
apply (wp | simp)+
done
@ -5140,8 +5140,8 @@ lemma cteInsert_corres:
unfolding cap_insert_def cteInsert_def
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="cteCap rv' = NullCap" in corres_gen_asm2)
apply simp
apply (rule_tac P="?P and cte_at dest and
@ -7077,8 +7077,8 @@ lemma capSwapForDelete_corres:
apply (simp add: caps_of_state_cte_at)+
apply (simp add: when_def liftM_def)
apply (rule corres_guard_imp)
apply (rule_tac P1=wellformed_cap in corres_split_deprecated [OF _ get_cap_corres_P])
apply (rule_tac P1=wellformed_cap in corres_split_deprecated [OF _ get_cap_corres_P])
apply (rule_tac P1=wellformed_cap in corres_split[OF get_cap_corres_P])
apply (rule_tac P1=wellformed_cap in corres_split[OF get_cap_corres_P])
apply (rule cteSwap_corres, rule refl, rule refl, clarsimp+)
apply (wp get_cap_wp getCTE_wp')+
apply (clarsimp simp: cte_wp_at_caps_of_state)

8
proof/refine/RISCV64/CSpace_R.thy
View File

@ -3426,7 +3426,7 @@ lemma ensureEmptySlot_corres:
(ensure_empty p) (ensureEmptySlot q)"
apply (clarsimp simp add: ensure_empty_def ensureEmptySlot_def unlessE_whenE liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_trivial)
apply (case_tac cap, auto simp add: whenE_def returnOk_def)[1]
apply wp+
@ -3951,7 +3951,7 @@ lemma setupReplyMaster_corres:
apply (clarsimp simp: tcb_cnode_index_def2 cte_map_nat_to_cref word_bits_def cte_level_bits_def)
apply (clarsimp simp: cte_level_bits_def)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_when)
apply fastforce
apply (rule_tac P'="einvs and tcb_at t" in corres_stateAssert_implied)
@ -4729,8 +4729,8 @@ lemma cteInsert_simple_corres:
supply subst_all [simp del]
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="cteCap rv' = NullCap" in corres_gen_asm2)
apply simp
apply (rule_tac P="?P and cte_at dest and

30
proof/refine/RISCV64/Finalise_R.thy
View File

@ -1570,7 +1570,7 @@ lemma emptySlot_corres:
apply (rule corres_split_noop_rhs[OF _ clearUntypedFreeIndex_noop_corres])
apply (rule_tac R="\<lambda>cap. einvs and cte_wp_at ((=) cap) slot" and
R'="\<lambda>cte. valid_pspace' and cte_wp_at' ((=) cte) (cte_map slot)" in
corres_split_deprecated [OF _ get_cap_corres])
corres_split[OF get_cap_corres])
defer
apply (wp get_cap_wp getCTE_wp')+
apply (simp add: cte_wp_at_ctes_of)
@ -3390,7 +3390,7 @@ lemma (in delete_one) deletingIRQHandler_corres:
(deleting_irq_handler irq) (deletingIRQHandler irq)"
apply (simp add: deleting_irq_handler_def deletingIRQHandler_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule_tac P'="cte_at' (cte_map slot)" in corres_symb_exec_r_conj)
apply (rule_tac F="isNotificationCap rv \<or> rv = capability.NullCap"
@ -3471,13 +3471,13 @@ lemma unbindNotification_corres:
(unbindNotification t)"
apply (simp add: unbind_notification_def unbindNotification_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getBoundNotification_corres])
apply (rule corres_split[OF getBoundNotification_corres])
apply (rule corres_option_split)
apply simp
apply (rule corres_return_trivial)
apply (rule corres_split_deprecated[OF _ getNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply clarsimp
apply (rule corres_split_deprecated[OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setBoundNotification_corres)
apply (clarsimp simp: ntfn_relation_def split:Structures_A.ntfn.splits)
apply (wp gbn_wp' gbn_wp)+
@ -3498,12 +3498,12 @@ lemma unbindMaybeNotification_corres:
(unbindMaybeNotification ntfnptr)"
apply (simp add: unbind_maybe_notification_def unbindMaybeNotification_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply (rule corres_option_split)
apply (clarsimp simp: ntfn_relation_def split: Structures_A.ntfn.splits)
apply (rule corres_return_trivial)
apply simp
apply (rule corres_split_deprecated[OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setBoundNotification_corres)
apply (clarsimp simp: ntfn_relation_def split: Structures_A.ntfn.splits)
apply (wp get_simple_ko_wp getNotification_wp)+
@ -3544,7 +3544,7 @@ lemma fast_finaliseCap_corres:
apply (simp add: valid_cap'_def)
apply (clarsimp simp: final_matters'_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindMaybeNotification_corres])
apply (rule corres_split[OF unbindMaybeNotification_corres])
apply (rule cancelAllSignals_corres)
apply (wp abs_typ_at_lifts unbind_maybe_notification_invs typ_at_lifts hoare_drop_imps getNotification_wp
| wpc)+
@ -3560,13 +3560,13 @@ lemma cap_delete_one_corres:
apply (simp add: cap_delete_one_def cteDeleteOne_def'
unless_def when_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="can_fast_finalise cap" in corres_gen_asm)
apply (rule corres_if)
apply fastforce
apply (rule corres_split_deprecated [OF _ isFinalCapability_corres[where ptr=ptr]])
apply (rule corres_split[OF isFinalCapability_corres[where ptr=ptr]])
apply (simp add: split_def bind_assoc [THEN sym])
apply (rule corres_split_deprecated [OF _ fast_finaliseCap_corres[where sl=ptr]])
apply (rule corres_split[OF fast_finaliseCap_corres[where sl=ptr]])
apply (rule emptySlot_corres)
apply simp+
apply (wp hoare_drop_imps)+
@ -3610,7 +3610,7 @@ lemma finaliseCap_corres:
apply (simp add: valid_cap'_def)
apply (clarsimp simp add: final_matters'_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindMaybeNotification_corres])
apply (rule corres_split[OF unbindMaybeNotification_corres])
apply (rule cancelAllSignals_corres)
apply (wp abs_typ_at_lifts unbind_maybe_notification_invs typ_at_lifts hoare_drop_imps hoare_vcg_all_lift | wpc)+
apply (clarsimp simp: valid_cap_def)
@ -3620,8 +3620,8 @@ lemma finaliseCap_corres:
liftM_def[symmetric] o_def zbits_map_def
dc_def[symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindNotification_corres])
apply (rule corres_split_deprecated[OF _ suspend_corres])
apply (rule corres_split[OF unbindNotification_corres])
apply (rule corres_split[OF suspend_corres])
apply (clarsimp simp: liftM_def[symmetric] o_def dc_def[symmetric] zbits_map_def)
apply (rule prepareThreadDelete_corres)
apply (wp unbind_notification_invs unbind_notification_simple_sched_action)+
@ -3855,7 +3855,7 @@ lemma thread_set_all_corresT:
(thread_set_all f g t) (threadSet f' t)"
apply (simp add: thread_set_all_def threadSet_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ thread_gets_the_all_corres])
apply (rule corres_split[OF thread_gets_the_all_corres])
apply (simp add: split_def)
apply (rule tcb_update_all_corres')
apply (erule x)

26
proof/refine/RISCV64/Interrupt_R.thy
View File

@ -371,7 +371,7 @@ lemma invokeIRQHandler_corres:
apply (rename_tac word cap prod)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule corres_split_nor [OF _ cap_delete_one_corres])
apply (rule cteInsert_corres, simp+)
@ -389,7 +389,7 @@ lemma invokeIRQHandler_corres:
apply (erule cte_wp_at_weakenE, simp add: is_derived_use_interrupt)
apply fastforce
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule cap_delete_one_corres)
apply wp+
@ -646,15 +646,15 @@ lemma timerTick_corres:
apply (rule_tac Q="\<top> and (cur_tcb and valid_sched and pspace_aligned and pspace_distinct)"
and Q'="\<top> and invs'" in corres_guard_imp)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rename_tac state state')
apply (rule corres_split_deprecated[where r' = dc ])
apply simp
apply (rule corres_when,simp)
apply (rule corres_split_deprecated[OF _ decDomainTime_corres])
apply (rule corres_split_deprecated[OF _ getDomainTime_corres])
apply (rule corres_split[OF decDomainTime_corres])
apply (rule corres_split[OF getDomainTime_corres])
apply (rule corres_when,simp)
apply (rule rescheduleRequired_corres)
apply (wp hoare_drop_imp)+
@ -664,7 +664,7 @@ lemma timerTick_corres:
apply wp
apply (rule corres_if[where Q = \<top> and Q' = \<top>])
apply (case_tac state,simp_all)[1]
apply (rule_tac r'="(=)" in corres_split_deprecated [OF _ ethreadget_corres])
apply (rule_tac r'="(=)" in corres_split[OF ethreadget_corres])
apply (rename_tac ts ts')
apply (rule_tac R="1 < ts" in corres_cases)
apply (simp)
@ -672,8 +672,8 @@ lemma timerTick_corres:
apply (rule ethread_set_corres, simp+)
apply (clarsimp simp: etcb_relation_def)
apply simp
apply (rule corres_split_deprecated [OF _ ethread_set_corres])
apply (rule corres_split_deprecated [OF _ tcbSchedAppend_corres])
apply (rule corres_split[OF ethread_set_corres])
apply (rule corres_split[OF tcbSchedAppend_corres])
apply (rule rescheduleRequired_corres)
apply (wp)[1]
apply (rule hoare_strengthen_post)
@ -712,7 +712,7 @@ lemma handleInterrupt_corres:
apply (rule conjI[rotated]; rule impI)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQState_corres,
apply (rule corres_split[OF getIRQState_corres,
where R="\<lambda>rv. einvs"
and R'="\<lambda>rv. invs' and (\<lambda>s. rv \<noteq> IRQInactive)"])
defer
@ -726,9 +726,9 @@ apply (rule corres_split_deprecated)
apply (case_tac st, simp_all add: irq_state_relation_def split: irqstate.split_asm)
apply (simp add: getSlotCap_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule corres_split_deprecated [OF _ get_cap_corres,
apply (rule corres_split[OF get_cap_corres,
where R="\<lambda>rv. einvs and valid_cap rv"
and R'="\<lambda>rv. invs' and valid_cap' (cteCap rv)"])
apply (rule corres_underlying_split[where r'=dc])
@ -745,7 +745,7 @@ apply (rule corres_split_deprecated)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
apply simp
apply (rule corres_split_deprecated [OF corres_machine_op timerTick_corres])
apply (rule corres_split[OF timerTick_corres corres_machine_op])
apply (rule corres_eq_trivial, simp+)
apply (rule corres_machine_op)
apply (rule corres_eq_trivial, (simp add: no_fail_ackInterrupt)+)

30
proof/refine/RISCV64/IpcCancel_R.thy
View File

@ -173,7 +173,7 @@ lemma blocked_cancelIPC_corres:
od)"
apply (simp add: blocked_cancel_ipc_def gbep_ret)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres])
apply (rule corres_split[OF getEndpoint_corres])
apply (rule_tac F="ep \<noteq> IdleEP" in corres_gen_asm2)
apply (rule corres_assert_assume[rotated])
apply (clarsimp split: endpoint.splits)
@ -186,7 +186,7 @@ lemma blocked_cancelIPC_corres:
apply (case_tac "remove1 t list")
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -209,7 +209,7 @@ lemma blocked_cancelIPC_corres:
valid_tcb_state'_def)[1]
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -234,7 +234,7 @@ lemma blocked_cancelIPC_corres:
apply (case_tac "remove1 t list")
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -257,7 +257,7 @@ lemma blocked_cancelIPC_corres:
valid_tcb_state'_def)[1]
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -304,7 +304,7 @@ lemma cancelSignal_corres:
(cancelSignal t ntfn)"
apply (simp add: cancel_signal_def cancelSignal_def Let_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply (rule_tac F="isWaitingNtfn (ntfnObj ntfnaa)" in corres_gen_asm2)
apply (case_tac "ntfn_obj ntfna")
apply (simp add: ntfn_relation_def isWaitingNtfn_def)
@ -312,13 +312,13 @@ lemma cancelSignal_corres:
apply (rename_tac list)
apply (rule_tac R="remove1 t list = []" in corres_cases)
apply (simp del: dc_simp)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ntfn_relation_def)
apply (wp)+
apply (simp add: list_case_If del: dc_simp)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setThreadState_corres)
apply simp
apply (clarsimp simp add: ntfn_relation_def neq_Nil_conv)
@ -603,7 +603,7 @@ lemma (in delete_one) cancel_ipc_corres:
(cancel_ipc t) (cancelIPC t)"
apply (simp add: cancel_ipc_def cancelIPC_def Let_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac P="einvs and st_tcb_at ((=) state) t" and
P'="invs' and st_tcb_at' ((=) statea) t" in corres_inst)
apply (case_tac state, simp_all add: isTS_defs list_case_If)[1]
@ -1377,7 +1377,7 @@ lemma (in delete_one) suspend_corres:
apply (simp add: IpcCancel_A.suspend_def Thread_H.suspend_def)
apply (rule corres_guard_imp)
apply (rule corres_split_nor [OF _ cancel_ipc_corres])
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule corres_split_nor)
apply (rule corres_split_nor [OF _ setThreadState_corres])
apply (rule tcbSchedDequeue_corres')
@ -1981,7 +1981,7 @@ lemma cancelAllSignals_corres:
apply simp+
apply (case_tac "ntfn_obj ntfna", simp_all add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule corres_split_deprecated [OF rescheduleRequired_corres])
apply (rule ep_cancel_corres_helper)
apply (wp mapM_x_wp'[where 'b="det_ext state"]
@ -2566,7 +2566,7 @@ lemma cancelBadgedSends_corres:
(cancel_badged_sends epptr bdg) (cancelBadgedSends epptr bdg)"
apply (simp add: cancel_badged_sends_def cancelBadgedSends_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres get_simple_ko_sp get_ep_sp',
apply (rule corres_split[OF getEndpoint_corres get_simple_ko_sp get_ep_sp',
where Q="invs and valid_sched" and Q'=invs'])
apply simp_all
apply (case_tac ep, simp_all add: ep_relation_def)
@ -2586,12 +2586,12 @@ lemma cancelBadgedSends_corres:
simp_all add: list_all2_refl)[1]
apply (clarsimp simp: liftM_def[symmetric] o_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac F="\<exists>pl. st = Structures_A.BlockedOnSend epptr pl"
in corres_gen_asm)
apply (clarsimp simp: o_def dc_def[symmetric] liftM_def)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split_deprecated[OF _ tcbSchedEnqueue_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule corres_split[OF tcbSchedEnqueue_corres])
apply (rule corres_trivial)
apply simp
apply wp+

117
proof/refine/RISCV64/Ipc_R.thy
View File

@ -113,9 +113,9 @@ lemma loadCapTransfer_corres:
msgMaxLength_def msgMaxExtraCaps_def msgLengthBits_def wordSize_def wordBits_def
del: upt.simps)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ load_word_corres])
apply (rule corres_split_deprecated [OF _ load_word_corres])
apply (rule corres_split_deprecated [OF _ load_word_corres])
apply (rule corres_split[OF load_word_corres])
apply (rule corres_split[OF load_word_corres])
apply (rule corres_split[OF load_word_corres])
apply (rule_tac P=\<top> and P'=\<top> in corres_inst)
apply (clarsimp simp: ct_relation_def)
apply (wp no_irq_loadWord)+
@ -139,7 +139,7 @@ lemma getReceiveSlots_corres:
apply (simp add: getReceiveSlots_def)
apply (simp add: getReceiveSlots_def split_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ loadCapTransfer_corres])
apply (rule corres_split[OF loadCapTransfer_corres])
apply (rule corres_empty_on_failure)
apply (rule corres_splitEE)
prefer 2
@ -154,7 +154,7 @@ lemma getReceiveSlots_corres:
apply (erule lookupSlotForCNodeOp_corres [OF _ refl])
apply simp
apply (simp add: split_def liftE_bindE unlessE_whenE)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_split_norE)
apply (rule corres_trivial, simp add: returnOk_def)
apply (rule corres_whenE)
@ -437,7 +437,7 @@ next
apply (rule corres_guard_imp)
apply (rule corres_if2)
apply (case_tac "fst x", auto simp add: isCap_simps)[1]
apply (rule corres_split_deprecated [OF _ corres_set_extra_badge])
apply (rule corres_split[OF corres_set_extra_badge])
apply (drule conjunct1)
apply simp
apply (rule corres_rel_imp, rule Cons.hyps, simp_all)[1]
@ -1034,7 +1034,7 @@ lemma transferCaps_corres:
getThreadCSpaceRoot)
apply (rule corres_assume_pre)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getReceiveSlots_corres])
apply (rule corres_split[OF getReceiveSlots_corres])
apply (rule_tac x=recv_buf in option_corres)
apply (rule_tac P=\<top> and P'=\<top> in corres_inst)
apply (case_tac info, simp)
@ -1329,7 +1329,7 @@ lemma lookupCapAndSlot_corres:
apply (rule corres_guard_imp)
apply (rule_tac r'="\<lambda>rv rv'. rv' = cte_map (fst rv)"
in corres_splitEE)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule corres_returnOkTT, simp)
apply simp
apply wp+
@ -1432,8 +1432,7 @@ lemma doNormalTransfer_corres:
apply (rule corres_split_mapr [OF _ getMessageInfo_corres])
apply (rule_tac F="valid_message_info mi" in corres_gen_asm)
apply (rule_tac r'="list_all2 (\<lambda>x y. cap_relation (fst x) (fst y) \<and> snd y = cte_map (snd x))"
in corres_split_deprecated)
prefer 2
in corres_split)
apply (rule corres_if[OF refl])
apply (rule corres_split_catch)
apply (rule corres_trivial, simp)
@ -1442,7 +1441,7 @@ lemma doNormalTransfer_corres:
apply (rule corres_trivial, simp)
apply simp
apply (rule corres_split_eqr [OF _ copyMRs_corres])
apply (rule corres_split_deprecated [OF _ transferCaps_corres])
apply (rule corres_split[OF transferCaps_corres])
apply (rename_tac mi' mi'')
apply (rule_tac F="mi_label mi' = mi_label mi"
in corres_gen_asm)
@ -2144,11 +2143,11 @@ lemma doReplyTransfer_corres:
apply (rule corres_assert_assume[rotated])
apply (clarsimp simp: cte_wp_at_ctes_of)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ threadget_fault_corres])
apply (rule corres_split[OF threadget_fault_corres])
apply (case_tac rv, simp_all add: fault_rel_optionation_def bind_assoc)[1]
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split_deprecated [OF _ cap_delete_one_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (rule corres_split[OF cap_delete_one_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule possibleSwitchTo_corres)
apply simp
apply (wp set_thread_state_runnable_valid_sched set_thread_state_runnable_weak_valid_sched_action sts_st_tcb_at' sts_st_tcb' sts_valid_queues sts_valid_objs' delete_one_tcbDomain_obj_at'
@ -2179,13 +2178,13 @@ lemma doReplyTransfer_corres:
apply (auto simp: invs'_def valid_state'_def)[1]
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ cap_delete_one_corres])
apply (rule corres_split[OF cap_delete_one_corres])
apply (rule corres_split_mapr [OF _ getMessageInfo_corres])
apply (rule corres_split_eqr [OF _ lookupIPCBuffer_corres'])
apply (rule corres_split_eqr [OF _ getMRs_corres])
apply (simp(no_asm) del: dc_simp)
apply (rule corres_split_eqr [OF _ handleFaultReply_corres])
apply (rule corres_split_deprecated [OF _ threadset_corresT])
apply (rule corres_split[OF threadset_corresT])
apply (rule_tac Q="valid_sched and cur_tcb and tcb_at receiver and pspace_aligned and pspace_distinct"
and Q'="tcb_at' receiver and cur_tcb'
and (\<lambda>s. weak_sch_act_wf (ksSchedulerAction s) s)
@ -2193,7 +2192,7 @@ lemma doReplyTransfer_corres:
in corres_guard_imp)
apply (case_tac rvb, simp_all)[1]
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (fold dc_def, rule possibleSwitchTo_corres)
apply simp
apply (wp static_imp_wp static_imp_conj_wp set_thread_state_runnable_weak_valid_sched_action sts_st_tcb_at'
@ -2414,7 +2413,7 @@ proof -
apply (case_tac bl)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres,
apply (rule corres_split[OF getEndpoint_corres,
where
R="\<lambda>rv. einvs and st_tcb_at active t and ep_at ep and
valid_ep rv and obj_at (\<lambda>ob. ob = Endpoint rv) ep
@ -2425,7 +2424,7 @@ proof -
apply (case_tac rv)
apply (simp add: ep_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply (simp add: fault_rel_optionation_def)
@ -2435,7 +2434,7 @@ proof -
\<comment> \<open>concludes IdleEP if bl branch\<close>
apply (simp add: ep_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply (simp add: fault_rel_optionation_def)
@ -2451,17 +2450,17 @@ proof -
apply simp
apply (clarsimp split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (simp add: isReceive_def split del:if_split)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac
F="\<exists>data. recv_state = Structures_A.BlockedOnReceive ep data"
in corres_gen_asm)
apply (clarsimp simp: case_bool_If case_option_If if3_fold
simp del: dc_simp split del: if_split cong: if_cong)
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split_deprecated [OF _ possibleSwitchTo_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule corres_split[OF possibleSwitchTo_corres])
apply (fold when_def)[1]
apply (rule_tac P="call" and P'="call"
@ -2505,7 +2504,7 @@ proof -
apply wp+
apply (clarsimp simp: ep_at_def2)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres,
apply (rule corres_split[OF getEndpoint_corres,
where
R="\<lambda>rv. einvs and st_tcb_at active t and ep_at ep and
valid_ep rv and obj_at (\<lambda>k. k = Endpoint rv) ep"
@ -2532,15 +2531,15 @@ proof -
apply fastforce
apply (clarsimp split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac
F="\<exists>data. recv_state = Structures_A.BlockedOnReceive ep data"
in corres_gen_asm)
apply (clarsimp simp: isReceive_def case_bool_If
split del: if_split cong: if_cong)
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule possibleSwitchTo_corres)
apply (simp add: if_apply_def2)
apply (wp hoare_drop_imps)
@ -2595,7 +2594,7 @@ lemma sendSignal_corres:
(send_signal ep bg) (sendSignal ep bg)"
apply (simp add: send_signal_def sendSignal_def Let_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getNotification_corres,
apply (rule corres_split[OF getNotification_corres,
where
R = "\<lambda>rv. einvs and ntfn_at ep and valid_ntfn rv and
ko_at (Structures_A.Notification rv) ep" and
@ -2612,16 +2611,16 @@ lemma sendSignal_corres:
apply (rule corres_guard_imp[OF setNotification_corres])
apply (clarsimp simp add: ntfn_relation_def)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule corres_if)
apply (fastforce simp: receive_blocked_def receiveBlocked_def
thread_state_relation_def
split: Structures_A.thread_state.splits
Structures_H.thread_state.splits)
apply (rule corres_split_deprecated[OF _ cancel_ipc_corres])
apply (rule corres_split_deprecated[OF _ setThreadState_corres])
apply (rule corres_split[OF cancel_ipc_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated[OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule possibleSwitchTo_corres)
apply wp
apply (clarsimp simp: thread_state_relation_def)
@ -2651,10 +2650,10 @@ lemma sendSignal_corres:
apply (rule corres_guard_imp)
apply (rule_tac F="list \<noteq> []" in corres_gen_asm)
apply (simp add: list_case_helper split del: if_split)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule possibleSwitchTo_corres)
apply ((wp | simp)+)[1]
apply (rule_tac Q="\<lambda>_. Invariants_H.valid_queues and valid_queues' and
@ -2682,10 +2681,10 @@ lemma sendSignal_corres:
apply (rule corres_guard_imp)
apply (rule_tac F="list \<noteq> []" in corres_gen_asm)
apply (simp add: list_case_helper)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule possibleSwitchTo_corres)
apply (wp cur_tcb_lift | simp)+
apply (wp sts_st_tcb_at' set_thread_state_runnable_weak_valid_sched_action
@ -3103,7 +3102,7 @@ lemma replyFromKernel_corres:
badge_register_def badgeRegister_def)
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ lookupIPCBuffer_corres])
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule corres_split_eqr [OF _ setMRs_corres])
apply (rule setMessageInfo_corres)
apply (wp hoare_case_option_wp hoare_valid_ipc_buffer_ptr_typ_at'
@ -3128,14 +3127,14 @@ lemma completeSignal_corres:
apply (rule corres_guard_imp)
apply (rule_tac R'="\<lambda>ntfn. ntfn_at' ntfnptr and tcb_at' tcb and valid_pspace'
and valid_ntfn' ntfn and (\<lambda>_. isActive ntfn)"
in corres_split_deprecated [OF _ getNotification_corres])
in corres_split[OF getNotification_corres])
apply (rule corres_gen_asm2)
apply (case_tac "ntfn_obj rv")
apply (clarsimp simp: ntfn_relation_def isActive_def
split: ntfn.splits Structures_H.notification.splits)+
apply (rule corres_guard2_imp)
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated[OF setNotification_corres asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres setNotification_corres])
apply (clarsimp simp: ntfn_relation_def)
apply (wp set_simple_ko_valid_objs get_simple_ko_wp getNotification_wp | clarsimp simp: valid_ntfn'_def)+
apply (clarsimp simp: valid_pspace'_def)
@ -3165,9 +3164,9 @@ lemma receiveIPC_corres:
apply (rename_tac word1 word2 right)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres])
apply (rule corres_split[OF getEndpoint_corres])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getBoundNotification_corres])
apply (rule corres_split[OF getBoundNotification_corres])
apply (rule_tac r'="ntfn_relation" in corres_split_deprecated)
apply (rule corres_if)
apply (clarsimp simp: ntfn_relation_def Ipc_A.isActive_def Endpoint_H.isActive_def
@ -3187,7 +3186,7 @@ lemma receiveIPC_corres:
apply (simp add: ep_relation_def)
apply (rule corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply simp
@ -3204,8 +3203,8 @@ lemma receiveIPC_corres:
apply (clarsimp simp: valid_ep_def)
apply (case_tac list, simp_all split del: if_split)[1]
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac
F="\<exists>data.
sender_state =
@ -3214,7 +3213,7 @@ lemma receiveIPC_corres:
apply (clarsimp simp: isSend_def case_bool_If
case_option_If if3_fold
split del: if_split cong: if_cong)
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (simp split del: if_split cong: if_cong)
apply (fold dc_def)[1]
apply (rule_tac P="valid_objs and valid_mdb and valid_list
@ -3238,7 +3237,7 @@ lemma receiveIPC_corres:
apply (rule corres_if2 [OF _ setupCallerCap_corres setThreadState_corres])
apply simp
apply simp
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule possibleSwitchTo_corres)
apply simp
apply (wp sts_st_tcb_at' set_thread_state_runnable_weak_valid_sched_action
@ -3268,7 +3267,7 @@ lemma receiveIPC_corres:
apply (simp add: ep_relation_def)
apply (rule_tac corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply simp
@ -3312,14 +3311,14 @@ lemma receiveSignal_corres:
obj_at (\<lambda>k. k = Notification rv) word1" and
R'="\<lambda>rv'. invs' and tcb_at' thread and ntfn_at' word1 and
valid_ntfn' rv'"
in corres_split_deprecated [OF _ getNotification_corres])
in corres_split[OF getNotification_corres])
apply clarsimp
apply (case_tac "ntfn_obj rv")
\<comment> \<open>IdleNtfn\<close>
apply (simp add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setNotification_corres)
apply (simp add: ntfn_relation_def)
apply simp
@ -3331,7 +3330,7 @@ lemma receiveSignal_corres:
apply (simp add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated[OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setNotification_corres)
apply (simp add: ntfn_relation_def)
apply simp
@ -3343,7 +3342,7 @@ lemma receiveSignal_corres:
apply (simp add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule setNotification_corres)
apply (simp add: ntfn_relation_def)
apply wp+
@ -3396,7 +3395,7 @@ lemma sendFaultIPC_corres:
apply (rule corres_guard_imp)
apply (rule corres_if2 [OF refl])
apply (simp add: dc_def[symmetric])
apply (rule corres_split_deprecated [OF sendIPC_corres threadset_corres], simp_all)[1]
apply (rule corres_split[OF threadset_corres sendIPC_corres], simp_all)[1]
apply (simp add: tcb_relation_def fault_rel_optionation_def exst_same_def)+
apply (wp thread_set_invs_trivial thread_set_no_change_tcb_state
thread_set_typ_at ep_at_typ_at ex_nonz_cap_to_pres
@ -3437,7 +3436,7 @@ lemma handleDoubleFault_corres:
apply (simp add: handle_double_fault_def handleDoubleFault_def)
apply (rule corres_guard_imp)
apply (subst bind_return [symmetric],
rule corres_split_deprecated[OF _ setThreadState_corres])
rule corres_split[OF setThreadState_corres])
apply (rule corres_noop2)
apply (simp add: exs_valid_def return_def)
apply (rule hoare_eq_P)

36
proof/refine/RISCV64/Refine.thy
View File

@ -528,12 +528,10 @@ lemma kernel_corres':
unfolding call_kernel_def callKernel_def
apply (simp add: call_kernel_def callKernel_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule corres_split_handle [OF _ handleEvent_corres])
apply simp
apply (rule corres_split_deprecated [OF _ corres_machine_op])
prefer 2
apply (rule corres_split[OF corres_machine_op])
apply (rule corres_underlying_trivial)
apply (rule no_fail_getActiveIRQ)
apply clarsimp
@ -556,7 +554,7 @@ lemma kernel_corres':
apply (rule_tac Q="\<lambda>_. \<top>" and E="\<lambda>_. invs'" in hoare_post_impErr)
apply wpsimp+
apply (simp add: invs'_def valid_state'_def)
apply (rule corres_split_deprecated [OF _ schedule_corres])
apply (rule corres_split[OF schedule_corres])
apply (rule activateThread_corres)
apply (wp handle_interrupt_valid_sched[unfolded non_kernel_IRQs_def, simplified]
schedule_invs' hoare_vcg_if_lift2 hoare_drop_imps |simp)+
@ -615,9 +613,8 @@ lemma entry_corres:
(kernel_entry event tc) (kernelEntry event tc)"
apply (simp add: kernel_entry_def kernelEntry_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split)
apply simp
apply (rule threadset_corresT)
apply (simp add: tcb_relation_def arch_tcb_relation_def
@ -625,7 +622,7 @@ lemma entry_corres:
apply (clarsimp simp: tcb_cap_cases_def cteSizeBits_def)
apply (clarsimp simp: tcb_cte_cases_def cteSizeBits_def)
apply (simp add: exst_same_def)
apply (rule corres_split_deprecated [OF _ kernel_corres])
apply (rule corres_split[OF kernel_corres])
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule threadGet_corres)
apply (simp add: tcb_relation_def arch_tcb_relation_def
@ -656,26 +653,21 @@ lemma do_user_op_corres:
(do_user_op f tc) (doUserOp f tc)"
apply (simp add: do_user_op_def doUserOp_def split_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule corres_split[OF getCurThread_corres])
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split)
apply (fastforce dest: absKState_correct [rotated])
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split)
apply (fastforce dest: absKState_correct [rotated])
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split)
apply (rule user_mem_corres)
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split)
apply (rule device_mem_corres)
apply (rule_tac r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" in corres_split)
apply (rule corres_gets_machine_state)
apply (rule_tac F = "dom (rvb \<circ> addrFromPPtr) \<subseteq> - dom rvd" in corres_gen_asm)
apply (rule_tac F = "dom (rvc \<circ> addrFromPPtr) \<subseteq> dom rvd" in corres_gen_asm)
apply simp
apply (rule_tac r'="(=)" in corres_split_deprecated[OF _ corres_select])
apply (rule_tac r'="(=)" in corres_split[OF corres_select])
apply (rule corres_underlying_split[OF corres_machine_op])
apply simp
apply (rule corres_underlying_trivial)
@ -723,7 +715,7 @@ lemma check_active_irq_corres':
"corres (=) \<top> \<top> (check_active_irq) (checkActiveIRQ)"
apply (simp add: check_active_irq_def checkActiveIRQ_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_machine_op[OF corres_underlying_trivial], where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply (rule corres_split[OF corres_machine_op[OF corres_underlying_trivial], where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply simp
apply (rule no_fail_getActiveIRQ)
apply (wp | simp )+

64
proof/refine/RISCV64/Schedule_R.thy
View File

@ -48,7 +48,7 @@ proof -
apply (simp only: findM.simps)
apply (subst P)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ x])
apply (rule corres_split[OF x])
apply (rule corres_if2)
apply (case_tac ra, clarsimp+)[1]
apply (rule corres_trivial, clarsimp)
@ -624,8 +624,8 @@ proof -
setCurThread t
od)"
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ arch_switchToThread_corres])
apply (rule corres_split_deprecated[OF setCurThread_corres tcbSchedDequeue_corres])
apply (rule corres_split[OF arch_switchToThread_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres setCurThread_corres])
apply (wp|clarsimp simp: tcb_at_is_etcb_at st_tcb_at_tcb_at)+
done
@ -658,8 +658,8 @@ lemma switchToIdleThread_corres:
"corres dc invs invs_no_cicd' switch_to_idle_thread switchToIdleThread"
apply (simp add: switch_to_idle_thread_def Thread_H.switchToIdleThread_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIdleThread_corres])
apply (rule corres_split_deprecated [OF _ arch_switchToIdleThread_corres])
apply (rule corres_split[OF getIdleThread_corres])
apply (rule corres_split[OF arch_switchToIdleThread_corres])
apply (unfold setCurThread_def)
apply (rule corres_trivial, rule corres_modify)
apply (simp add: state_relation_def cdt_relation_def)
@ -1524,7 +1524,7 @@ lemma guarded_switch_to_chooseThread_fragment_corres:
unfolding guarded_switch_to_def isRunnable_def
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule corres_assert_assume_l)
apply (rule corres_assert_assume_r)
apply (rule switchToThread_corres)
@ -1586,7 +1586,7 @@ proof -
apply (rule corres_guard_imp)
apply (rule corres_split[OF curDomain_corres'])
apply clarsimp
apply (rule corres_split_deprecated[OF _ corres_gets_queues_getReadyQueuesL1Bitmap])
apply (rule corres_split[OF corres_gets_queues_getReadyQueuesL1Bitmap])
apply (erule corres_if2[OF sym])
apply (rule switchToIdleThread_corres)
apply (rule corres_symb_exec_r)
@ -1688,7 +1688,7 @@ lemma scheduleChooseNewThread_fragment_corres:
apply (subst bind_dummy_ret_val)
apply (subst bind_dummy_ret_val)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split[OF corres_when])
apply simp
apply (rule chooseThread_corres)
apply simp
@ -1722,7 +1722,7 @@ lemma isHighestPrio_corres:
apply (clarsimp simp: gets_is_highest_prio_expand isHighestPrio_def)
apply (subst getHighestPrio_def')
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_gets_queues_getReadyQueuesL1Bitmap])
apply (rule corres_split[OF corres_gets_queues_getReadyQueuesL1Bitmap])
apply (rule corres_if_r'[where P'="\<lambda>_. True",rotated])
apply (rule_tac corres_symb_exec_r)
apply (rule_tac
@ -1759,8 +1759,8 @@ lemma scheduleChooseNewThread_corres:
schedule_choose_new_thread scheduleChooseNewThread"
unfolding schedule_choose_new_thread_def scheduleChooseNewThread_def
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getDomainTime_corres], clarsimp)
apply (rule corres_split_deprecated[OF _ scheduleChooseNewThread_fragment_corres, simplified bind_assoc])
apply (rule corres_split[OF getDomainTime_corres], clarsimp)
apply (rule corres_split[OF scheduleChooseNewThread_fragment_corres, simplified bind_assoc])
apply (rule setSchedulerAction_corres)
apply (wp | simp)+
apply (wp | simp add: getDomainTime_def)+
@ -1793,8 +1793,8 @@ lemma schedule_corres:
apply (subst thread_get_comm)
apply (subst schact_bind_inside)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres[THEN corres_rel_imp[where r="\<lambda>x y. y = x"],simplified]])
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF getCurThread_corres[THEN corres_rel_imp[where r="\<lambda>x y. y = x"],simplified]])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (rule corres_split_sched_act,assumption)
apply (rule_tac P="tcb_at ct" in corres_symb_exec_l')
apply (rule_tac corres_symb_exec_l)
@ -1804,29 +1804,29 @@ lemma schedule_corres:
prefer 2
(* choose thread *)
apply clarsimp
apply (rule corres_split_deprecated[OF _ thread_get_isRunnable_corres])
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split[OF thread_get_isRunnable_corres])
apply (rule corres_split[OF corres_when])
apply (rule scheduleChooseNewThread_corres, simp)
apply (rule tcbSchedEnqueue_corres, simp)
apply (wp thread_get_wp' tcbSchedEnqueue_invs' hoare_vcg_conj_lift hoare_drop_imps
| clarsimp)+
(* switch to thread *)
apply (rule corres_split_deprecated[OF _ thread_get_isRunnable_corres],
apply (rule corres_split[OF thread_get_isRunnable_corres],
rename_tac was_running wasRunning)
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split_deprecated[OF _ getIdleThread_corres], rename_tac it it')
apply (rule corres_split[OF corres_when])
apply (rule corres_split[OF getIdleThread_corres], rename_tac it it')
apply (rule_tac F="was_running \<longrightarrow> ct \<noteq> it" in corres_gen_asm)
apply (rule corres_split_deprecated[OF _ ethreadget_corres[where r="(=)"]],
apply (rule corres_split[OF ethreadget_corres[where r="(=)"]],
rename_tac tp tp')
apply (rule corres_split_deprecated[OF _ ethread_get_when_corres[where r="(=)"]],
apply (rule corres_split[OF ethread_get_when_corres[where r="(=)"]],
rename_tac cp cp')
apply (rule corres_split_deprecated[OF _ scheduleSwitchThreadFastfail_corres])
apply (rule corres_split_deprecated[OF _ curDomain_corres])
apply (rule corres_split_deprecated[OF _ isHighestPrio_corres]; simp only:)
apply (rule corres_split[OF scheduleSwitchThreadFastfail_corres])
apply (rule corres_split[OF curDomain_corres])
apply (rule corres_split[OF isHighestPrio_corres]; simp only:)
apply (rule corres_if, simp)
apply (rule corres_split_deprecated[OF _ tcbSchedEnqueue_corres])
apply (rule corres_split[OF tcbSchedEnqueue_corres])
apply (simp, fold dc_def)
apply (rule corres_split_deprecated[OF _ setSchedulerAction_corres])
apply (rule corres_split[OF setSchedulerAction_corres])
apply (rule scheduleChooseNewThread_corres, simp)
apply (wp | simp)+
@ -1840,9 +1840,9 @@ lemma schedule_corres:
apply (rule corres_if, fastforce)
apply (rule corres_split_deprecated[OF _ tcbSchedAppend_corres])
apply (rule corres_split[OF tcbSchedAppend_corres])
apply (simp, fold dc_def)
apply (rule corres_split_deprecated[OF _ setSchedulerAction_corres])
apply (rule corres_split[OF setSchedulerAction_corres])
apply (rule scheduleChooseNewThread_corres, simp)
apply (wp | simp)+
@ -1854,7 +1854,7 @@ lemma schedule_corres:
apply (wp tcb_sched_action_append_valid_blocked hoare_vcg_all_lift append_thread_queued)
apply (wp tcbSchedAppend_invs'_not_ResumeCurrentThread)
apply (rule corres_split_deprecated[OF _ guarded_switch_to_corres], simp)
apply (rule corres_split[OF guarded_switch_to_corres], simp)
apply (rule setSchedulerAction_corres[simplified dc_def])
apply (wp | simp)+
@ -2260,14 +2260,14 @@ lemma possibleSwitchTo_corres:
apply (rule tcb_at_cross, erule st_tcb_at_tcb_at; assumption)
apply (simp add: possible_switch_to_def possibleSwitchTo_def cong: if_cong)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ curDomain_corres], simp)
apply (rule corres_split_deprecated[OF _ ethreadget_corres[where r="(=)"]])
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF curDomain_corres], simp)
apply (rule corres_split[OF ethreadget_corres[where r="(=)"]])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (rule corres_if, simp)
apply (rule tcbSchedEnqueue_corres)
apply (rule corres_if, simp)
apply (case_tac action; simp)
apply (rule corres_split_deprecated[OF _ rescheduleRequired_corres])
apply (rule corres_split[OF rescheduleRequired_corres])
apply (rule tcbSchedEnqueue_corres)
apply (wp rescheduleRequired_valid_queues'_weak)+
apply (rule setSchedulerAction_corres, simp)

34
proof/refine/RISCV64/Syscall_R.thy
View File

@ -265,7 +265,7 @@ lemma hinv_corres_assist:
prefer 2
\<comment> \<open>switched over to argument of corres_cap_fault\<close>
apply (rule lookupCapAndSlot_corres, simp)
apply (rule corres_split_deprecated [OF _ lookupIPCBuffer_corres])
apply (rule corres_split[OF lookupIPCBuffer_corres])
apply (rule corres_splitEE [OF _ lookupExtraCaps_corres])
apply (rule corres_returnOkTT)
apply simp+
@ -358,10 +358,10 @@ lemma setDomain_corres:
apply (rule corres_gen_asm2)
apply (simp add: set_domain_def setDomain_def thread_set_domain_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split_deprecated[OF _ tcbSchedDequeue_corres])
apply (rule corres_split_deprecated[OF _ ethread_set_corres])
apply (rule corres_split_deprecated[OF _ isRunnable_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres])
apply (rule corres_split[OF ethread_set_corres])
apply (rule corres_split[OF isRunnable_corres])
apply simp
apply (rule corres_split_deprecated[OF corres_when[OF refl]])
apply (rule rescheduleRequired_corres)
@ -416,9 +416,9 @@ lemma performInvocation_corres:
apply wp+
apply simp+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule corres_split_deprecated [OF _ sendIPC_corres])
apply (rule corres_split[OF sendIPC_corres])
apply (rule corres_trivial)
apply simp
apply simp
@ -429,7 +429,7 @@ lemma performInvocation_corres:
sch_act_simple_def)
apply (rule corres_guard_imp)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated [OF _ sendSignal_corres])
apply (rule corres_split[OF sendSignal_corres])
apply (rule corres_trivial)
apply (simp add: returnOk_def)
apply wp+
@ -452,7 +452,7 @@ lemma performInvocation_corres:
\<comment> \<open>domain cap\<close>
apply (clarsimp simp: invoke_domain_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setDomain_corres])
apply (rule corres_split[OF setDomain_corres])
apply (rule corres_trivial, simp)
apply (wp)+
apply ((clarsimp simp: invs_psp_aligned invs_distinct)+)[2]
@ -1189,7 +1189,7 @@ lemma handleInvocation_corres:
apply (simp add: handle_invocation_def handleInvocation_def liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule corres_split_deprecated [OF _ getMessageInfo_corres])
apply (rule corres_split[OF getMessageInfo_corres])
apply clarsimp
apply (simp add: liftM_def cap_register_def capRegister_def)
apply (rule corres_split_eqr [OF _ asUser_getRegister_corres])
@ -1199,7 +1199,7 @@ lemma handleInvocation_corres:
apply (rule handleFault_corres)
apply simp
apply (simp add: split_def)
apply (rule corres_split_deprecated [OF _ getMRs_corres])
apply (rule corres_split[OF getMRs_corres])
apply (rule decodeInvocation_corres, simp_all)[1]
apply (fastforce simp: list_all2_map2 list_all2_map1 elim: list_all2_mono)
apply (fastforce simp: list_all2_map2 list_all2_map1 elim: list_all2_mono)
@ -1209,10 +1209,10 @@ lemma handleInvocation_corres:
apply wp[1]
apply (clarsimp simp: when_def)
apply (rule replyFromKernel_corres)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule corres_splitEE [OF _ performInvocation_corres])
apply simp
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rename_tac state state')
apply (case_tac state, simp_all)[1]
apply (fold dc_def)[1]
@ -1603,10 +1603,10 @@ lemma handleYield_corres:
"corres dc einvs (invs' and ct_active' and (\<lambda>s. ksSchedulerAction s = ResumeCurrentThread)) handle_yield handleYield"
apply (clarsimp simp: handle_yield_def handleYield_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule corres_split_deprecated[OF _ tcbSchedDequeue_corres])
apply (rule corres_split_deprecated[OF _ tcbSchedAppend_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres])
apply (rule corres_split[OF tcbSchedAppend_corres])
apply (rule rescheduleRequired_corres)
apply (wp weak_sch_act_wf_lift_linear tcbSchedDequeue_valid_queues | simp add: )+
apply (simp add: invs_def valid_sched_def valid_sched_action_def cur_tcb_def
@ -1675,7 +1675,7 @@ lemma handleReply_corres:
getSlotCap_def)
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac P="einvs and cte_wp_at ((=) caller_cap) (thread, tcb_cnode_index 3)
and K (is_reply_cap caller_cap \<or> caller_cap = cap.NullCap)
and tcb_at thread and st_tcb_at active thread

20
proof/refine/RISCV64/TcbAcc_R.thy
View File

@ -380,7 +380,7 @@ lemma threadset_corresT:
(thread_set f t) (threadSet f' t)"
apply (simp add: thread_set_def threadSet_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getObject_TCB_corres])
apply (rule corres_split[OF getObject_TCB_corres])
apply (rule setObject_update_TCB_corres')
apply (erule x)
apply (rule y)
@ -1380,7 +1380,7 @@ proof -
apply (simp add: as_user_def asUser_def)
apply (rule corres_guard_imp)
apply (rule_tac r'="\<lambda>tcb con. (arch_tcb_context_get o tcb_arch) tcb = con" in corres_split_deprecated)
apply (rule corres_split_deprecated [OF _ L4])
apply (rule corres_split[OF L4])
apply clarsimp
apply (rule corres_split_nor)
apply (rule corres_trivial, simp)
@ -1884,7 +1884,7 @@ lemma rescheduleRequired_corres:
(reschedule_required) rescheduleRequired"
apply (simp add: rescheduleRequired_def reschedule_required_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (rule_tac P="case action of switch_thread t \<Rightarrow> P t | _ \<Rightarrow> \<top>"
and P'="case actiona of SwitchToThread t \<Rightarrow> P' t | _ \<Rightarrow> \<top>" for P P' in corres_split_deprecated[where r'=dc])
apply (rule setSchedulerAction_corres)
@ -2084,9 +2084,9 @@ lemma setThreadState_corres:
apply (rule corres_split_deprecated[where r'=dc])
apply simp
apply (subst thread_get_test[where test="runnable"])
apply (rule corres_split_deprecated[OF _ thread_get_isRunnable_corres])
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF thread_get_isRunnable_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (simp only: when_def)
apply (rule corres_if[where Q=\<top> and Q'=\<top>])
apply (rule iffI)
@ -3297,7 +3297,7 @@ lemma getMRs_corres:
apply simp
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ T])
apply (rule corres_split[OF T])
apply (simp only: option.simps return_bind fun_app_def
load_word_offs_def doMachineOp_mapM ef_loadWord)
apply (rule corres_split_eqr)
@ -3609,7 +3609,7 @@ lemma lookupIPCBuffer_corres':
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ threadGet_corres])
apply (simp add: getThreadBufferSlot_def locateSlot_conv)
apply (rule corres_split_deprecated [OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F="valid_ipc_buffer_cap rv buffer_ptr"
in corres_gen_asm)
apply (rule_tac P="valid_cap rv" and Q="no_0_obj'"
@ -4520,7 +4520,7 @@ lemma get_cap_corres_all_rights_P:
apply (simp add: getSlotCap_def mask_cap_def)
apply (subst bind_return [symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres_P [where P=P]])
apply (rule corres_split[OF get_cap_corres_P [where P=P]])
defer
apply (wp getCTE_wp')+
apply simp
@ -4645,7 +4645,7 @@ lemma ethread_set_corresT:
(ethread_set f t) (threadSet f' t)"
apply (simp add: ethread_set_def threadSet_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF set_eobject_corres corres_get_etcb])
apply (rule corres_split[OF corres_get_etcb set_eobject_corres])
apply (rule x)
apply (erule e)
apply (simp add: z)+

61
proof/refine/RISCV64/Tcb_R.thy
View File

@ -35,7 +35,7 @@ lemma activateThread_corres:
\<and> invs s \<and> st_tcb_at ((=) ts) thread s"
and R'="\<lambda>ts s. valid_tcb_state' ts s \<and> (idle' ts \<or> runnable' ts)
\<and> invs' s \<and> st_tcb_at' (\<lambda>ts'. ts' = ts) thread s"
in corres_split_deprecated [OF _ getThreadState_corres])
in corres_split[OF getThreadState_corres])
apply (rule_tac F="idle rv \<or> runnable rv" in corres_req, simp)
apply (rule_tac F="idle' rv' \<or> runnable' rv'" in corres_req, simp)
apply (case_tac rv, simp_all add:
@ -66,8 +66,8 @@ lemma bindNotification_corres:
(bind_notification t a) (bindNotification t a)"
apply (simp add: bind_notification_def bindNotification_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getNotification_corres])
apply (rule corres_split_deprecated[OF _ setNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setBoundNotification_corres)
apply (clarsimp simp: ntfn_relation_def split: Structures_A.ntfn.splits)
apply (wp)+
@ -207,12 +207,12 @@ lemma restart_corres:
apply (simp add: Tcb_A.restart_def Thread_H.restart_def)
apply (simp add: isStopped_def2 liftM_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (clarsimp simp add: runnable_tsr idle_tsr when_def)
apply (rule corres_split_nor [OF _ cancel_ipc_corres])
apply (rule corres_split_nor [OF _ setupReplyMaster_corres])
apply (rule corres_split_nor [OF _ setThreadState_corres])
apply (rule corres_split_deprecated [OF possibleSwitchTo_corres tcbSchedEnqueue_corres])
apply (rule corres_split[OF tcbSchedEnqueue_corres possibleSwitchTo_corres])
apply (wp set_thread_state_runnable_weak_valid_sched_action sts_st_tcb_at'
sts_valid_queues sts_st_tcb'
| clarsimp simp: valid_tcb_state'_def)+
@ -286,7 +286,7 @@ lemma invokeTCB_ReadRegisters_corres:
frameRegisters_def gpRegisters_def)
apply (rule corres_guard_imp)
apply (rule corres_split_nor)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (simp add: liftM_def[symmetric])
apply (rule asUser_corres)
apply (rule corres_Id)
@ -323,7 +323,7 @@ lemma invokeTCB_WriteRegisters_corres:
sanitiseRegister_def sanitise_register_def getSanitiseRegisterInfo_def
frameRegisters_def gpRegisters_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split_nor)
prefer 2
apply (rule asUser_corres)
@ -428,13 +428,13 @@ proof -
show ?thesis
apply (simp add: invokeTCB_def performTransfer_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ corres_when [OF refl suspend_corres]], simp)
apply (rule corres_split_deprecated [OF _ corres_when [OF refl restart_corres]], simp)
apply (rule corres_split[OF corres_when [OF refl suspend_corres]], simp)
apply (rule corres_split[OF corres_when [OF refl restart_corres]], simp)
apply (rule corres_split_nor)
apply (rule corres_split_nor)
apply (rule corres_split_eqr[OF _ getCurThread_corres])
apply (rule corres_split_nor[OF _ asUser_postModifyRegisters_corres[simplified]])
apply (rule corres_split_deprecated[OF _ corres_when[OF refl rescheduleRequired_corres]])
apply (rule corres_split[OF corres_when[OF refl rescheduleRequired_corres]])
apply (rule_tac P=\<top> and P'=\<top> in corres_inst)
apply simp
apply (wp static_imp_wp)+
@ -541,7 +541,7 @@ lemma isRunnable_corres:
apply (simp add: isRunnable_def)
apply (subst bind_return[symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (case_tac rv, clarsimp+)
apply (wp hoare_TrueI)+
apply auto
@ -620,11 +620,11 @@ lemma sp_corres2:
(set_priority t x) (setPriority t x)"
apply (simp add: setPriority_def set_priority_def thread_set_priority_def)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated [OF _ tcbSchedDequeue_corres])
apply (rule corres_split_deprecated [OF _ ethread_set_corres], simp_all)[1]
apply (rule corres_split_deprecated [OF _ isRunnable_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres])
apply (rule corres_split[OF ethread_set_corres], simp_all)[1]
apply (rule corres_split[OF isRunnable_corres])
apply (erule corres_when)
apply(rule corres_split_deprecated [OF _ getCurThread_corres])
apply(rule corres_split[OF getCurThread_corres])
apply (wp corres_if; clarsimp)
apply (rule rescheduleRequired_corres)
apply (rule possibleSwitchTo_corres)
@ -794,7 +794,7 @@ lemma checkCapAt_corres:
(checkCapAt cap' (cte_map slot) f')" using r c
apply (simp add: check_cap_at_def checkCapAt_def liftM_def when_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_if [unfolded if_apply_def2])
apply (erule(1) sameObject_corres2)
apply assumption
@ -1366,7 +1366,7 @@ proof -
apply (rule corres_split_norE)
apply (rule_tac F="is_aligned aa msg_align_bits" in corres_gen_asm2)
apply (rule corres_split_nor)
apply (rule corres_split_deprecated [OF _ getCurThread_corres], clarsimp)
apply (rule corres_split[OF getCurThread_corres], clarsimp)
apply (rule corres_when[OF refl rescheduleRequired_corres])
apply (wpsimp wp: gct_wp)+
apply (rule threadset_corres,
@ -1389,10 +1389,9 @@ proof -
prefer 2
apply (rule threadset_corres,
simp add: tcb_relation_def, (simp add: exst_same_def)+)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (erule checkCapAt_cteInsert_corres)
apply (rule corres_split_deprecated[OF _ getCurThread_corres], clarsimp)
apply (rule corres_split[OF getCurThread_corres], clarsimp)
apply (rule corres_when[OF refl rescheduleRequired_corres])
apply (wp gct_wp)+
apply (wp hoare_drop_imp threadcontrol_corres_helper3)[1]
@ -1761,14 +1760,14 @@ lemma invokeTCB_corres:
apply (case_tac option)
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindNotification_corres])
apply (rule corres_split[OF unbindNotification_corres])
apply (rule corres_trivial, simp)
apply wp+
apply (clarsimp)
apply clarsimp
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ bindNotification_corres])
apply (rule corres_split[OF bindNotification_corres])
apply (rule corres_trivial, simp)
apply wp+
apply clarsimp
@ -1776,9 +1775,9 @@ lemma invokeTCB_corres:
apply (clarsimp simp: obj_at'_def)
apply (simp add: invokeTCB_def tlsBaseRegister_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ TcbAcc_R.asUser_setRegister_corres])
apply (rule corres_split_deprecated[OF _ Bits_R.getCurThread_corres])
apply (rule corres_split_deprecated[OF _ Corres_UL.corres_when])
apply (rule corres_split[OF TcbAcc_R.asUser_setRegister_corres])
apply (rule corres_split[OF Bits_R.getCurThread_corres])
apply (rule corres_split[OF Corres_UL.corres_when])
apply (rule corres_trivial, simp)
apply simp
apply (rule TcbAcc_R.rescheduleRequired_corres)
@ -1892,7 +1891,7 @@ lemma decodeReadRegisters_corres:
apply (rule corres_trivial)
apply (fastforce simp: returnOk_def)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_trivial)
apply (clarsimp simp: whenE_def)
apply (wp|simp)+
@ -1915,7 +1914,7 @@ lemma decodeWriteRegisters_corres:
apply clarsimp
apply (rule corres_guard_imp)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split_norE)
apply (rule corres_trivial, simp)
apply (rule corres_trivial, simp)
@ -1988,7 +1987,7 @@ lemma checkPrio_corres:
apply (simp add: check_prio_def checkPrio_def)
apply (rule corres_guard_imp)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ threadGet_corres])
apply (rule corres_split[OF threadGet_corres])
apply (rule_tac rvr = dc and
R = \<top> and
R' = \<top> in
@ -2264,7 +2263,7 @@ lemma slotCapLongRunningDelete_corres:
apply (clarsimp simp: slot_cap_long_running_delete_def
slotCapLongRunningDelete_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (auto split: cap_relation_split_asm arch_cap.split_asm
intro!: corres_rel_imp [OF isFinalCapability_corres[where ptr=ptr]]
simp: liftM_def[symmetric] final_matters'_def
@ -2309,8 +2308,8 @@ lemma decodeSetSpace_corres:
getThreadCSpaceRoot getThreadVSpaceRoot
split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ slotCapLongRunningDelete_corres])
apply (rule corres_split_deprecated [OF _ slotCapLongRunningDelete_corres])
apply (rule corres_split[OF slotCapLongRunningDelete_corres])
apply (rule corres_split[OF slotCapLongRunningDelete_corres])
apply (rule corres_split_norE)
apply (simp(no_asm) add: split_def unlessE_throwError_returnOk
bindE_assoc cap_CNode_case_throw

15
proof/refine/RISCV64/Untyped_R.thy
View File

@ -903,7 +903,7 @@ lemma corres_list_all2_mapM_':
apply simp
apply (clarsimp simp add: mapM_x_def sequence_x_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ y]; assumption?)
apply (rule corres_split[OF y]; assumption?)
apply (clarsimp dest!: suffix_ConsD)
apply (erule meta_allE, (drule(1) meta_mp)+)
apply assumption
@ -1499,10 +1499,9 @@ shows
apply (rule corres_underlying_symb_exec_l [OF set_original_symb_exec_l])
apply (rule corres_cong[OF refl refl _ refl refl, THEN iffD1])
apply (rule bind_return[THEN fun_cong])
apply (rule corres_split_deprecated [OF _ setCTE_corres])
apply (rule corres_split[OF setCTE_corres])
apply (subst bind_return[symmetric],
rule corres_split_deprecated)
prefer 2
rule corres_split)
apply (simp add: dc_def[symmetric])
apply (rule updateMDB_symb_exec_r)
apply (simp add: dc_def[symmetric])
@ -3246,7 +3245,7 @@ lemma createNewCaps_ranges':
declare split_paired_Ex[simp del]
lemmas corres_split_retype_createNewCaps
= corres_split_deprecated [OF _ corres_retype_region_createNewCaps,
= corres_split[OF corres_retype_region_createNewCaps,
simplified bind_assoc, simplified ]
declare split_paired_Ex[simp add]
@ -4216,13 +4215,13 @@ lemma resetUntypedCap_corres:
apply (rule corres_gen_asm, clarsimp)
apply (simp add: reset_untyped_cap_def resetUntypedCap_def liftE_bindE cong: if_cong)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F="cap = cap.UntypedCap dev ptr sz idx \<and> (\<exists>s. s \<turnstile> cap)" in corres_gen_asm)
apply (clarsimp simp: bits_of_def free_index_of_def unlessE_def
split del: if_split cong: if_cong)
apply (rule corres_if[OF refl])
apply (rule corres_returnOk[where P=\<top> and P'=\<top>], simp)
apply (rule corres_split_deprecated[OF _ deleteObjects_corres])
apply (rule corres_split[OF deleteObjects_corres])
apply (rule corres_if)
apply simp
apply (simp add: bits_of_def shiftL_nat)
@ -4893,7 +4892,7 @@ lemma inv_untyped_corres':
apply (rule corres_add_noop_lhs)
apply (rule corres_split_nor[OF _ cNodeNoOverlap return_wp stateAssert_wp])
apply (clarsimp simp: canonicalAddressAssert_def)
apply (rule corres_split_deprecated[OF _ updateFreeIndex_corres,rotated])
apply (rule corres_split[OF updateFreeIndex_corres,rotated])
apply (simp add:isCap_simps)+
apply (clarsimp simp:getFreeIndex_def bits_of_def shiftL_nat shiftl_t2n
free_index_of_def)

56
proof/refine/RISCV64/VSpace_R.thy
View File

@ -95,8 +95,7 @@ proof -
apply (rule corres_cross_over_guard[where Q="no_0_obj' and pspace_distinct' and pspace_aligned'"])
apply (clarsimp simp add: pspace_distinct_cross pspace_aligned_cross state_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[where r'="(=) \<circ> cte_map" and P=\<top> and P'=\<top>])
prefer 2
apply (rule corres_split[where r'="(=) \<circ> cte_map" and P=\<top> and P'=\<top>])
apply (simp add: getThreadVSpaceRoot_def locateSlotTCB_def locateSlotBasic_def
tcbVTableSlot_def cte_map_def objBits_def cte_level_bits_def
objBitsKO_def tcb_cnode_index_def to_bl_1 assms cteSizeBits_def)
@ -107,8 +106,7 @@ proof -
tcb_at (fst thread_root_slot) and
K (snd thread_root_slot = tcb_cnode_index 1)"
and R'="\<lambda>thread_root. no_0_obj'"
in corres_split_deprecated[OF _ getSlotCap_corres])
prefer 2
in corres_split[OF getSlotCap_corres])
apply simp
apply simp
apply (rename_tac cap cap')
@ -202,7 +200,7 @@ lemma deleteASID_corres [corres]:
unfolding delete_asid_def deleteASID_def using assms
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_gets_asid])
apply (rule corres_split[OF corres_gets_asid])
apply (case_tac "asid_table (asid_high_bits_of asid)", simp)
apply clarsimp
apply (rule_tac P="\<lambda>s. asid_high_bits_of asid \<in> dom (asidTable o ucast) \<longrightarrow>
@ -211,25 +209,23 @@ lemma deleteASID_corres [corres]:
P'="\<top>" and
Q="invs and
(\<lambda>s. asid_table s = asidTable \<circ> ucast)" in
corres_split_deprecated)
prefer 2
corres_split)
apply (simp add: dom_def)
apply (rule get_asid_pool_corres_inv'[OF refl, unfolded pred_conj_def, simplified])
apply (rule corres_when)
apply (simp add: mask_asid_low_bits_ucast_ucast asid_low_bits_of_def ucast_ucast_a is_down)
apply (rule corres_split_deprecated [OF _ hwASIDFlush_corres])
apply (rule corres_split[OF hwASIDFlush_corres])
apply (rule_tac P="asid_pool_at (the (asidTable (ucast (asid_high_bits_of asid))))
and pspace_aligned and pspace_distinct"
and P'="\<top>"
in corres_split_deprecated)
prefer 2
in corres_split)
apply (simp del: fun_upd_apply)
apply (rule setObject_ASIDPool_corres)
apply (simp add: inv_def mask_asid_low_bits_ucast_ucast)
apply (rule ext)
apply (clarsimp simp: o_def ucast_ucast_a is_down asid_low_bits_of_def)
apply (word_bitwise, clarsimp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule setVMRoot_corres[OF refl])
apply wp+
@ -282,13 +278,12 @@ lemma deleteASIDPool_corres:
apply (simp add: is_aligned_asid_low_bits_of_zero cong: corres_weak_cong)
apply (thin_tac P for P)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ corres_gets_asid])
apply (rule corres_split[OF corres_gets_asid])
apply (rule corres_when)
apply simp
apply (simp add: liftM_def)
apply (rule corres_split_deprecated [OF _ getObject_ASIDPool_corres[OF refl]])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split[OF getObject_ASIDPool_corres[OF refl]])
apply (rule corres_split)
apply (rule corres_modify [where P=\<top> and P'=\<top>])
apply (simp add: state_relation_def arch_state_relation_def)
apply (rule ext)
@ -299,7 +294,7 @@ lemma deleteASIDPool_corres:
apply (drule_tac x1="ucast x" in bang_eq [THEN iffD1])
apply (erule_tac x=n in allE)
apply (simp add: word_size nth_ucast)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule setVMRoot_corres, simp)
apply (wp getASID_wp)+
apply (clarsimp simp: invs_psp_aligned invs_distinct invs_arch_state
@ -356,7 +351,7 @@ lemma unmapPageTable_corres:
apply (rule corres_split_eqrE[OF _ findVSpaceForASID_corres[OF refl]])
apply (rule corres_split_eqrE[OF _ lookupPTFromLevel_corres[OF _ refl]])
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ storePTE_corres])
apply (rule corres_split[OF storePTE_corres])
apply simp
apply (rule corres_machine_op)
apply (rule corres_Id; simp)
@ -421,7 +416,7 @@ lemma unmapPage_corres:
apply fastforce
apply (rule corres_splitEE[OF _ checkMappingPPtr_corres]; assumption?)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ storePTE_corres])
apply (rule corres_split[OF storePTE_corres])
apply simp
apply (rule corres_machine_op, rule corres_Id, rule refl; simp)
apply simp
@ -530,8 +525,8 @@ lemma performPageInvocation_corres:
apply (simp add: bind_assoc)
apply (rule corres_guard_imp)
apply (simp add: perform_pg_inv_map_def)
apply (rule corres_split_deprecated[OF _ updateCap_same_master])
apply (rule corres_split_deprecated[OF _ storePTE_corres])
apply (rule corres_split[OF updateCap_same_master])
apply (rule corres_split[OF storePTE_corres])
apply (rule corres_machine_op, rule corres_Id; simp)
apply assumption
apply wpsimp+
@ -550,7 +545,7 @@ lemma performPageInvocation_corres:
apply (clarsimp simp: RISCV64_A.is_FrameCap_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[where r'=dc])
apply (rule corres_split_deprecated[OF _ getSlotCap_corres[OF refl]])
apply (rule corres_split[OF getSlotCap_corres[OF refl]])
apply (rule_tac F="is_frame_cap old_cap" in corres_gen_asm)
apply (rule updateCap_same_master)
apply (clarsimp simp: update_map_data_def is_cap_simps)
@ -645,10 +640,9 @@ lemma performPageTableInvocation_corres:
apply (clarsimp simp: valid_pti_def valid_pti'_def
split: arch_cap.splits capability.split_asm arch_capability.split_asm)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ updateCap_same_master])
prefer 2
apply (rule corres_split[OF updateCap_same_master])
apply simp
apply (rule corres_split_deprecated [OF _ storePTE_corres])
apply (rule corres_split[OF storePTE_corres])
apply (rule corres_machine_op, rule corres_Id; simp)
apply assumption
apply wpsimp+
@ -665,14 +659,14 @@ lemma performPageTableInvocation_corres:
apply (rule corres_guard_imp)
apply (rule corres_split_nor)
apply (simp add: liftM_def)
apply (rule corres_split_deprecated [OF _ getSlotCap_corres[OF refl]])
apply (rule corres_split[OF getSlotCap_corres[OF refl]])
apply (rule_tac F="is_pt_cap x" in corres_gen_asm)
apply (rule updateCap_same_master)
apply (clarsimp simp: is_cap_simps update_map_data_def)
apply (wp get_cap_wp)+
apply (rule corres_if3)
apply (fastforce simp: acap_map_data_def mdata_map_def is_PageTableCap_def)
apply (rule corres_split_deprecated [OF _ unmapPageTable_corres])
apply (rule corres_split[OF unmapPageTable_corres])
apply (rule clear_page_table_corres)
apply (clarsimp simp: mdata_map_def)
apply (clarsimp simp: mdata_map_def)
@ -715,16 +709,14 @@ lemma performASIDPoolInvocation_corres:
apply (clarsimp simp: perform_asid_pool_invocation_def performASIDPoolInvocation_def)
apply (cases ap, simp add: asid_pool_invocation_map_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres[OF refl] get_cap_wp getSlotCap_wp])
apply (rule corres_split[OF getSlotCap_corres[OF refl] get_cap_wp getSlotCap_wp])
apply (rule corres_assert_gen_asm_l, rule corres_assert_gen_asm_l)
apply (rule_tac F="is_pt_cap pt_cap" in corres_gen_asm)
apply (rule corres_split_deprecated[OF _ updateCap_same_master])
prefer 2
apply (rule corres_split[OF updateCap_same_master])
apply (clarsimp simp: is_cap_simps update_map_data_def)
apply (rule corres_split_deprecated[OF _ copy_global_mappings_corres])
apply (rule corres_split[OF copy_global_mappings_corres])
apply (unfold store_asid_pool_entry_def)[1]
apply (rule corres_split_deprecated[where r'="\<lambda>pool pool'. pool = pool' \<circ> ucast"])
prefer 2
apply (rule corres_split[where r'="\<lambda>pool pool'. pool = pool' \<circ> ucast"])
apply (simp cong: corres_weak_cong)
apply (rule corres_rel_imp)
apply (rule getObject_ASIDPool_corres[OF refl])

2
proof/refine/X64/ArchAcc_R.thy
View File

@ -1664,7 +1664,7 @@ lemma findVSpaceForASID_corres:
apply (simp add: liftME_def bindE_assoc)
apply (simp add: liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getObject_ASIDPool_corres'[OF refl]])
apply (rule corres_split[OF getObject_ASIDPool_corres'[OF refl]])
apply (rule_tac P="case_option \<top> page_map_l4_at (pool (ucast asid)) and pspace_aligned"
and P'="no_0_obj' and pspace_distinct'" in corres_inst)
apply (rule_tac F="pool (ucast asid) \<noteq> Some 0" in corres_req)

22
proof/refine/X64/Arch_R.thy
View File

@ -152,15 +152,13 @@ lemma performASIDControlInvocation_corres:
apply (frule valid_capAligned)
apply (clarsimp simp: capAligned_def page_bits_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (erule deleteObjects_corres)
apply (simp add:pageBits_def)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F = " pcap = (cap.UntypedCap False word1 pageBits idxa)" in corres_gen_asm)
apply (rule corres_split_deprecated[OF _ updateFreeIndex_corres])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split[OF updateFreeIndex_corres])
apply (rule corres_split)
apply (simp add: retype_region2_ext_retype_region_ArchObject )
apply (rule corres_retype [where ty="Inl (KOArch (KOASIDPool F))" for F,
unfolded APIType_map2_def makeObjectKO_def,
@ -175,13 +173,11 @@ lemma performASIDControlInvocation_corres:
apply (simp add: makeObject_asidpool const_def inv_def)
apply (rule range_cover_full)
apply (simp add:obj_bits_api_def arch_kobj_size_def default_arch_object_def)+
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule cteInsert_simple_corres, simp, rule refl, rule refl)
apply (rule_tac F="asid_low_bits_of word2 = 0" in corres_gen_asm)
apply (simp add: is_aligned_mask dc_def[symmetric])
apply (rule corres_split_deprecated [where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t = t' o ucast"])
prefer 2
apply (rule corres_split[where P=\<top> and P'=\<top> and r'="\<lambda>t t'. t = t' o ucast"])
apply (clarsimp simp: state_relation_def arch_state_relation_def)
apply (rule corres_trivial)
apply (rule corres_modify)
@ -731,7 +727,7 @@ lemma decodeX64PageTableInvocation_corres:
apply (rule corres_symb_exec_r_conj)
apply (rule_tac F="isArchCap isPageTableCap (cteCap cteVal)"
in corres_gen_asm2)
apply (rule corres_split_deprecated[OF _ isFinalCapability_corres[where ptr=slot]])
apply (rule corres_split[OF isFinalCapability_corres[where ptr=slot]])
apply (drule mp)
apply (clarsimp simp: isCap_simps final_matters'_def)
apply (rule whenE_throwError_corres)
@ -826,7 +822,7 @@ lemma decodeX64PageDirectoryInvocation_corres:
apply (rule corres_symb_exec_r_conj)
apply (rule_tac F="isArchCap isPageDirectoryCap (cteCap cteVal)"
in corres_gen_asm2)
apply (rule corres_split_deprecated[OF _ isFinalCapability_corres[where ptr=slot]])
apply (rule corres_split[OF isFinalCapability_corres[where ptr=slot]])
apply (drule mp)
apply (clarsimp simp: isCap_simps final_matters'_def)
apply (rule whenE_throwError_corres)
@ -909,7 +905,7 @@ lemma decodeX64PDPointerTableInvocation_corres:
apply (rule corres_symb_exec_r_conj)
apply (rule_tac F="isArchCap isPDPointerTableCap (cteCap cteVal)"
in corres_gen_asm2)
apply (rule corres_split_deprecated[OF _ isFinalCapability_corres[where ptr=slot]])
apply (rule corres_split[OF isFinalCapability_corres[where ptr=slot]])
apply (drule mp)
apply (clarsimp simp: isCap_simps final_matters'_def)
apply (rule whenE_throwError_corres)

14
proof/refine/X64/CNodeInv_R.thy
View File

@ -114,8 +114,7 @@ lemma corres_split_liftM2:
and h1: "\<lbrace>Q\<rbrace> a \<lbrace>R\<rbrace>" and h2: "\<lbrace>Q'\<rbrace> c \<lbrace>\<lambda>x. R' (f x)\<rbrace>"
shows "corres r (P and Q) (P' and Q') (a >>= b) (liftM f c >>= d)"
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ _ h1])
prefer 2
apply (rule corres_split[OF _ _ h1])
apply (simp add: o_def)
apply (rule corr)
apply (erule r1)
@ -178,8 +177,7 @@ lemma decodeCNodeInvocation_corres:
apply (rule corres_splitEE [OF _ ensureEmptySlot_corres])
apply (rule corres_splitEE [OF _ lookupSlotForCNodeOp_corres])
apply (simp(no_asm) add: liftE_bindE del: de_Morgan_conj split del: if_split)
apply (rule corres_split_deprecated [OF _ get_cap_corres'])
prefer 2
apply (rule corres_split[OF get_cap_corres'])
apply (simp add: split_def)
apply (rule whenE_throwError_corres)
apply (simp add: lookup_failure_map_def)
@ -262,7 +260,7 @@ lemma decodeCNodeInvocation_corres:
apply (rule corres_guard_imp)
apply (rule corres_splitEE [OF _ lookupSlotForCNodeOp_corres])
apply (simp(no_asm) add: split_beta liftE_bindE)
apply (rule corres_split_deprecated [OF _ get_cap_corres'])
apply (rule corres_split[OF get_cap_corres'])
apply (rule corres_split_norE)
apply (rule corres_trivial)
apply (clarsimp simp add: returnOk_def)
@ -7342,7 +7340,7 @@ next
apply (simp add: in_monad)
apply (rule drop_spec_corres)
apply (simp add: liftE_bindE del: rec_del.simps)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="cteCap ourCTE = Zombie ptr (zbits_map bits) (Suc n)
\<or> cteCap ourCTE = NullCap
\<or> (\<exists>zb n cp. cteCap ourCTE = Zombie (cte_map slot) zb n
@ -8924,11 +8922,11 @@ lemma invokeCNode_corres:
apply (rename_tac prod)
apply (simp add: getThreadCallerSlot_def locateSlot_conv objBits_simps)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (subgoal_tac "thread + 2^cte_level_bits * tcbCallerSlot = cte_map (thread, tcb_cnode_index 3)")
prefer 2
apply (simp add: cte_map_def tcb_cnode_index_def tcbCallerSlot_def)
apply (rule corres_split_deprecated [OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac P="\<lambda>s. (is_reply_cap cap \<or> cap = cap.NullCap) \<and>
(is_reply_cap cap \<longrightarrow>
(einvs and cte_at (threada, tcb_cnode_index 3) and

10
proof/refine/X64/CSpace1_R.thy
View File

@ -324,7 +324,7 @@ lemma getSlotCap_corres:
apply (simp add: getSlotCap_def)
apply (subst bind_return [symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_trivial, simp)
apply (wp | simp)+
done
@ -5249,8 +5249,8 @@ lemma cteInsert_corres:
unfolding cap_insert_def cteInsert_def
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="cteCap rv' = NullCap" in corres_gen_asm2)
apply simp
apply (rule_tac P="?P and cte_at dest and
@ -7183,8 +7183,8 @@ lemma capSwapForDelete_corres:
apply (simp add: caps_of_state_cte_at)+
apply (simp add: when_def liftM_def)
apply (rule corres_guard_imp)
apply (rule_tac P1=wellformed_cap in corres_split_deprecated [OF _ get_cap_corres_P])
apply (rule_tac P1=wellformed_cap in corres_split_deprecated [OF _ get_cap_corres_P])
apply (rule_tac P1=wellformed_cap in corres_split[OF get_cap_corres_P])
apply (rule_tac P1=wellformed_cap in corres_split[OF get_cap_corres_P])
apply (rule cteSwap_corres, rule refl, rule refl, clarsimp+)
apply (wp get_cap_wp getCTE_wp')+
apply (clarsimp simp: cte_wp_at_caps_of_state)

8
proof/refine/X64/CSpace_R.thy
View File

@ -3614,7 +3614,7 @@ lemma ensureEmptySlot_corres:
(ensure_empty p) (ensureEmptySlot q)"
apply (clarsimp simp add: ensure_empty_def ensureEmptySlot_def unlessE_whenE liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_trivial)
apply (case_tac cap, auto simp add: whenE_def returnOk_def)[1]
apply wp+
@ -4147,7 +4147,7 @@ lemma setupReplyMaster_corres:
apply (clarsimp simp: tcb_cnode_index_def2 cte_map_nat_to_cref word_bits_def cte_level_bits_def)
apply (clarsimp simp: cte_level_bits_def)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_when)
apply fastforce
apply (rule_tac P'="einvs and tcb_at t" in corres_stateAssert_implied)
@ -4962,8 +4962,8 @@ lemma cteInsert_simple_corres:
supply subst_all [simp del]
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="cteCap rv' = NullCap" in corres_gen_asm2)
apply simp
apply (rule_tac P="?P and cte_at dest and

30
proof/refine/X64/Finalise_R.thy
View File

@ -1689,7 +1689,7 @@ lemma emptySlot_corres:
apply (rule corres_split_noop_rhs[OF _ clearUntypedFreeIndex_noop_corres])
apply (rule_tac R="\<lambda>cap. einvs and cte_wp_at ((=) cap) slot" and
R'="\<lambda>cte. valid_pspace' and cte_wp_at' ((=) cte) (cte_map slot)" in
corres_split_deprecated [OF _ get_cap_corres])
corres_split[OF get_cap_corres])
defer
apply (wp get_cap_wp getCTE_wp')+
apply (simp add: cte_wp_at_ctes_of)
@ -3568,7 +3568,7 @@ lemma (in delete_one) deletingIRQHandler_corres:
(deleting_irq_handler irq) (deletingIRQHandler irq)"
apply (simp add: deleting_irq_handler_def deletingIRQHandler_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule_tac P'="cte_at' (cte_map slot)" in corres_symb_exec_r_conj)
apply (rule_tac F="isNotificationCap rv \<or> rv = capability.NullCap"
@ -3645,13 +3645,13 @@ lemma unbindNotification_corres:
supply option.case_cong_weak[cong]
apply (simp add: unbind_notification_def unbindNotification_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getBoundNotification_corres])
apply (rule corres_split[OF getBoundNotification_corres])
apply (rule corres_option_split)
apply simp
apply (rule corres_return_trivial)
apply (rule corres_split_deprecated[OF _ getNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply clarsimp
apply (rule corres_split_deprecated[OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setBoundNotification_corres)
apply (clarsimp simp: ntfn_relation_def split:Structures_A.ntfn.splits)
apply (wp gbn_wp' gbn_wp)+
@ -3673,11 +3673,11 @@ lemma unbindMaybeNotification_corres:
(unbindMaybeNotification ntfnptr)"
apply (simp add: unbind_maybe_notification_def unbindMaybeNotification_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply (rule corres_option_split)
apply (clarsimp simp: ntfn_relation_def split: Structures_A.ntfn.splits)
apply (rule corres_return_trivial)
apply (rule corres_split_deprecated[OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setBoundNotification_corres)
apply (clarsimp simp: ntfn_relation_def split: Structures_A.ntfn.splits)
apply (wp get_simple_ko_wp getNotification_wp)+
@ -3718,7 +3718,7 @@ lemma fast_finaliseCap_corres:
apply (simp add: valid_cap'_def)
apply (clarsimp simp: final_matters'_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindMaybeNotification_corres])
apply (rule corres_split[OF unbindMaybeNotification_corres])
apply (rule cancelAllSignals_corres)
apply (wp abs_typ_at_lifts unbind_maybe_notification_invs typ_at_lifts hoare_drop_imps getNotification_wp
| wpc)+
@ -3734,13 +3734,13 @@ lemma cap_delete_one_corres:
apply (simp add: cap_delete_one_def cteDeleteOne_def'
unless_def when_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="can_fast_finalise cap" in corres_gen_asm)
apply (rule corres_if)
apply fastforce
apply (rule corres_split_deprecated [OF _ isFinalCapability_corres[where ptr=ptr]])
apply (rule corres_split[OF isFinalCapability_corres[where ptr=ptr]])
apply (simp add: split_def bind_assoc [THEN sym])
apply (rule corres_split_deprecated [OF _ fast_finaliseCap_corres[where sl=ptr]])
apply (rule corres_split[OF fast_finaliseCap_corres[where sl=ptr]])
apply (rule emptySlot_corres)
apply simp+
apply (wp hoare_drop_imps)+
@ -3784,7 +3784,7 @@ lemma finaliseCap_corres:
apply (simp add: valid_cap'_def)
apply (clarsimp simp add: final_matters'_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindMaybeNotification_corres])
apply (rule corres_split[OF unbindMaybeNotification_corres])
apply (rule cancelAllSignals_corres)
apply (wp abs_typ_at_lifts unbind_maybe_notification_invs typ_at_lifts hoare_drop_imps hoare_vcg_all_lift | wpc)+
apply (clarsimp simp: valid_cap_def)
@ -3794,8 +3794,8 @@ lemma finaliseCap_corres:
liftM_def[symmetric] o_def zbits_map_def
dc_def[symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindNotification_corres])
apply (rule corres_split_deprecated[OF _ suspend_corres])
apply (rule corres_split[OF unbindNotification_corres])
apply (rule corres_split[OF suspend_corres])
apply (clarsimp simp: liftM_def[symmetric] o_def dc_def[symmetric] zbits_map_def)
apply (rule prepareThreadDelete_corres)
apply (wp unbind_notification_invs unbind_notification_simple_sched_action)+
@ -4070,7 +4070,7 @@ lemma thread_set_all_corresT:
(thread_set_all f g t) (threadSet f' t)"
apply (simp add: thread_set_all_def threadSet_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ thread_gets_the_all_corres])
apply (rule corres_split[OF thread_gets_the_all_corres])
apply (simp add: split_def)
apply (rule tcb_update_all_corres')
apply (erule x)

30
proof/refine/X64/Interrupt_R.thy
View File

@ -251,7 +251,7 @@ lemma arch_decodeIRQControlInvocation_corres:
apply (rule whenE_throwError_corres, simp, simp)
apply (rule corres_splitEE[OF _ lookupSlotForCNodeOp_corres])
apply (rule corres_splitEE[OF _ ensureEmptySlot_corres])
apply (rule corres_split_deprecated[OF _ corres_gets_num_ioapics])
apply (rule corres_split[OF corres_gets_num_ioapics])
apply (rule whenE_throwError_corres, ((simp add: ucast_id ioapicIRQLines_def)+)[2])+
apply (rule corres_returnOkTT)
apply (clarsimp simp: arch_irq_control_inv_relation_def )
@ -372,7 +372,7 @@ lemma invokeIRQHandler_corres:
apply (rename_tac word cap prod)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule corres_split_nor [OF _ cap_delete_one_corres])
apply (rule cteInsert_corres, simp+)
@ -390,7 +390,7 @@ lemma invokeIRQHandler_corres:
apply (erule cte_wp_at_weakenE, simp add: is_derived_use_interrupt)
apply fastforce
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule cap_delete_one_corres)
apply wp+
@ -469,7 +469,7 @@ lemma updateIRQState_corres[wp]:
(X64_H.updateIRQState irq state')"
apply (clarsimp simp: X64_A.updateIRQState_def X64_H.updateIRQState_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_gets_x64_irq_state])
apply (rule corres_split[OF corres_gets_x64_irq_state])
apply (rule corres_modify[where P=\<top> and P'=\<top>])
apply (auto simp: state_relation_def arch_state_relation_def x64_irq_relation_def)
done
@ -695,15 +695,15 @@ lemma timerTick_corres:
apply (simp add:thread_state_case_if threadState_case_if)
apply (rule_tac Q="\<top> and (cur_tcb and valid_sched)" and Q'="\<top> and invs'" in corres_guard_imp)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rename_tac state state')
apply (rule corres_split_deprecated[where r' = dc ])
apply simp
apply (rule corres_when,simp)
apply (rule corres_split_deprecated[OF _ decDomainTime_corres])
apply (rule corres_split_deprecated[OF _ getDomainTime_corres])
apply (rule corres_split[OF decDomainTime_corres])
apply (rule corres_split[OF getDomainTime_corres])
apply (rule corres_when,simp)
apply (rule rescheduleRequired_corres)
apply (wp hoare_drop_imp)+
@ -714,7 +714,7 @@ lemma timerTick_corres:
apply (rule corres_if[where Q = \<top> and Q' = \<top>])
apply (case_tac state,simp_all)[1]
apply (simp add: Let_def)
apply (rule_tac r'="(=)" in corres_split_deprecated [OF _ ethreadget_corres])
apply (rule_tac r'="(=)" in corres_split[OF ethreadget_corres])
apply (rename_tac ts ts')
apply (rule_tac R="1 < ts" in corres_cases)
apply (simp)
@ -722,8 +722,8 @@ lemma timerTick_corres:
apply (rule ethread_set_corres, simp+)
apply (clarsimp simp: etcb_relation_def)
apply simp
apply (rule corres_split_deprecated [OF _ ethread_set_corres])
apply (rule corres_split_deprecated [OF _ tcbSchedAppend_corres])
apply (rule corres_split[OF ethread_set_corres])
apply (rule corres_split[OF tcbSchedAppend_corres])
apply (rule rescheduleRequired_corres)
apply (wp)[1]
apply (rule hoare_strengthen_post)
@ -774,7 +774,7 @@ lemma handleInterrupt_corres:
apply (rule conjI[rotated]; rule impI)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQState_corres,
apply (rule corres_split[OF getIRQState_corres,
where R="\<lambda>rv. einvs"
and R'="\<lambda>rv. invs' and (\<lambda>s. rv \<noteq> IRQInactive)"])
defer
@ -787,9 +787,9 @@ lemma handleInterrupt_corres:
apply (case_tac st, simp_all add: irq_state_relation_def split: irqstate.split_asm)
apply (simp add: getSlotCap_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIRQSlot_corres])
apply (rule corres_split[OF getIRQSlot_corres])
apply simp
apply (rule corres_split_deprecated [OF _ get_cap_corres,
apply (rule corres_split[OF get_cap_corres,
where R="\<lambda>rv. einvs and valid_cap rv"
and R'="\<lambda>rv. invs' and valid_cap' (cteCap rv)"])
apply (rule corres_underlying_split[where r'=dc])
@ -806,7 +806,7 @@ lemma handleInterrupt_corres:
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
apply simp
apply (rule corres_split_deprecated [OF corres_machine_op timerTick_corres])
apply (rule corres_split[OF timerTick_corres corres_machine_op])
apply (rule corres_eq_trivial, simp+)
apply (rule corres_machine_op)
apply (rule corres_eq_trivial, (simp add: no_fail_ackInterrupt)+)

30
proof/refine/X64/IpcCancel_R.thy
View File

@ -185,7 +185,7 @@ lemma blocked_cancelIPC_corres:
od)"
apply (simp add: blocked_cancel_ipc_def gbep_ret)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres])
apply (rule corres_split[OF getEndpoint_corres])
apply (rule_tac F="ep \<noteq> IdleEP" in corres_gen_asm2)
apply (rule corres_assert_assume[rotated])
apply (clarsimp split: endpoint.splits)
@ -198,7 +198,7 @@ lemma blocked_cancelIPC_corres:
apply (case_tac "remove1 t list")
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -221,7 +221,7 @@ lemma blocked_cancelIPC_corres:
valid_tcb_state'_def)[1]
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -246,7 +246,7 @@ lemma blocked_cancelIPC_corres:
apply (case_tac "remove1 t list")
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -269,7 +269,7 @@ lemma blocked_cancelIPC_corres:
valid_tcb_state'_def)[1]
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ep_relation_def)
@ -316,7 +316,7 @@ lemma cancelSignal_corres:
(cancelSignal t ntfn)"
apply (simp add: cancel_signal_def cancelSignal_def Let_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply (rule_tac F="isWaitingNtfn (ntfnObj ntfnaa)" in corres_gen_asm2)
apply (case_tac "ntfn_obj ntfna")
apply (simp add: ntfn_relation_def isWaitingNtfn_def)
@ -324,13 +324,13 @@ lemma cancelSignal_corres:
apply (rename_tac list)
apply (rule_tac R="remove1 t list = []" in corres_cases)
apply (simp del: dc_simp)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setThreadState_corres)
apply simp
apply (simp add: ntfn_relation_def)
apply (wp)+
apply (simp add: list_case_If del: dc_simp)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setThreadState_corres)
apply simp
apply (clarsimp simp add: ntfn_relation_def neq_Nil_conv)
@ -613,7 +613,7 @@ lemma (in delete_one) cancel_ipc_corres:
(cancel_ipc t) (cancelIPC t)"
apply (simp add: cancel_ipc_def cancelIPC_def Let_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac P="einvs and st_tcb_at ((=) state) t" and
P'="invs' and st_tcb_at' ((=) statea) t" in corres_inst)
apply (case_tac state, simp_all add: isTS_defs list_case_If)[1]
@ -1408,7 +1408,7 @@ lemma (in delete_one) suspend_corres:
apply (simp add: IpcCancel_A.suspend_def Thread_H.suspend_def)
apply (rule corres_guard_imp)
apply (rule corres_split_nor [OF _ cancel_ipc_corres])
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule corres_split_nor)
apply (rule corres_split_nor [OF _ setThreadState_corres])
apply (rule tcbSchedDequeue_corres')
@ -2053,7 +2053,7 @@ lemma cancelAllSignals_corres:
apply simp+
apply (case_tac "ntfn_obj ntfna", simp_all add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule corres_split_deprecated [OF rescheduleRequired_corres])
apply (rule ep_cancel_corres_helper)
apply (wp mapM_x_wp'[where 'b="det_ext state"]
@ -2651,7 +2651,7 @@ lemma cancelBadgedSends_corres:
(cancel_badged_sends epptr bdg) (cancelBadgedSends epptr bdg)"
apply (simp add: cancel_badged_sends_def cancelBadgedSends_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres get_simple_ko_sp get_ep_sp',
apply (rule corres_split[OF getEndpoint_corres get_simple_ko_sp get_ep_sp',
where Q="invs and valid_sched" and Q'=invs'])
apply simp_all
apply (case_tac ep, simp_all add: ep_relation_def)
@ -2670,12 +2670,12 @@ lemma cancelBadgedSends_corres:
simp_all add: list_all2_refl)[1]
apply (clarsimp simp: liftM_def[symmetric] o_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac F="\<exists>pl. st = Structures_A.BlockedOnSend epptr pl"
in corres_gen_asm)
apply (clarsimp simp: o_def dc_def[symmetric] liftM_def)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split_deprecated[OF _ tcbSchedEnqueue_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule corres_split[OF tcbSchedEnqueue_corres])
apply (rule corres_trivial)
apply simp
apply wp+

115
proof/refine/X64/Ipc_R.thy
View File

@ -113,9 +113,9 @@ lemma loadCapTransfer_corres:
msgMaxLength_def msgMaxExtraCaps_def msgLengthBits_def wordSize_def wordBits_def
del: upt.simps)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ load_word_corres])
apply (rule corres_split_deprecated [OF _ load_word_corres])
apply (rule corres_split_deprecated [OF _ load_word_corres])
apply (rule corres_split[OF load_word_corres])
apply (rule corres_split[OF load_word_corres])
apply (rule corres_split[OF load_word_corres])
apply (rule_tac P=\<top> and P'=\<top> in corres_inst)
apply (clarsimp simp: ct_relation_def)
apply (wp no_irq_loadWord)+
@ -139,7 +139,7 @@ lemma getReceiveSlots_corres:
apply (simp add: getReceiveSlots_def)
apply (simp add: getReceiveSlots_def split_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ loadCapTransfer_corres])
apply (rule corres_split[OF loadCapTransfer_corres])
apply (rule corres_empty_on_failure)
apply (rule corres_splitEE)
prefer 2
@ -154,7 +154,7 @@ lemma getReceiveSlots_corres:
apply (erule lookupSlotForCNodeOp_corres [OF _ refl])
apply simp
apply (simp add: split_def liftE_bindE unlessE_whenE)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_split_norE)
apply (rule corres_trivial, simp add: returnOk_def)
apply (rule corres_whenE)
@ -437,7 +437,7 @@ next
apply (rule corres_guard_imp)
apply (rule corres_if2)
apply (case_tac "fst x", auto simp add: isCap_simps)[1]
apply (rule corres_split_deprecated [OF _ corres_set_extra_badge])
apply (rule corres_split[OF corres_set_extra_badge])
apply (drule conjunct1)
apply simp
apply (rule corres_rel_imp, rule Cons.hyps, simp_all)[1]
@ -1065,7 +1065,7 @@ lemma transferCaps_corres:
getThreadCSpaceRoot)
apply (rule corres_assume_pre)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getReceiveSlots_corres])
apply (rule corres_split[OF getReceiveSlots_corres])
apply (rule_tac x=recv_buf in option_corres)
apply (rule_tac P=\<top> and P'=\<top> in corres_inst)
apply (case_tac info, simp)
@ -1378,7 +1378,7 @@ lemma lookupCapAndSlot_corres:
apply (rule corres_guard_imp)
apply (rule_tac r'="\<lambda>rv rv'. rv' = cte_map (fst rv)"
in corres_splitEE)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule corres_returnOkTT, simp)
apply simp
apply wp+
@ -1481,8 +1481,7 @@ lemma doNormalTransfer_corres:
apply (rule corres_split_mapr [OF _ getMessageInfo_corres])
apply (rule_tac F="valid_message_info mi" in corres_gen_asm)
apply (rule_tac r'="list_all2 (\<lambda>x y. cap_relation (fst x) (fst y) \<and> snd y = cte_map (snd x))"
in corres_split_deprecated)
prefer 2
in corres_split)
apply (rule corres_if[OF refl])
apply (rule corres_split_catch)
apply (rule corres_trivial, simp)
@ -1491,7 +1490,7 @@ lemma doNormalTransfer_corres:
apply (rule corres_trivial, simp)
apply simp
apply (rule corres_split_eqr [OF _ copyMRs_corres])
apply (rule corres_split_deprecated [OF _ transferCaps_corres])
apply (rule corres_split[OF transferCaps_corres])
apply (rename_tac mi' mi'')
apply (rule_tac F="mi_label mi' = mi_label mi"
in corres_gen_asm)
@ -2193,11 +2192,11 @@ lemma doReplyTransfer_corres:
apply (rule corres_assert_assume[rotated])
apply (clarsimp simp: cte_wp_at_ctes_of)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ threadget_fault_corres])
apply (rule corres_split[OF threadget_fault_corres])
apply (case_tac rv, simp_all add: fault_rel_optionation_def bind_assoc)[1]
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split_deprecated [OF _ cap_delete_one_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (rule corres_split[OF cap_delete_one_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule possibleSwitchTo_corres)
apply simp
apply (wp set_thread_state_runnable_valid_sched set_thread_state_runnable_weak_valid_sched_action sts_st_tcb_at' sts_st_tcb' sts_valid_queues sts_valid_objs' delete_one_tcbDomain_obj_at'
@ -2228,13 +2227,13 @@ lemma doReplyTransfer_corres:
apply (auto simp: invs'_def valid_state'_def)[1]
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ cap_delete_one_corres])
apply (rule corres_split[OF cap_delete_one_corres])
apply (rule corres_split_mapr [OF _ getMessageInfo_corres])
apply (rule corres_split_eqr [OF _ lookupIPCBuffer_corres'])
apply (rule corres_split_eqr [OF _ getMRs_corres])
apply (simp(no_asm) del: dc_simp)
apply (rule corres_split_eqr [OF _ handleFaultReply_corres])
apply (rule corres_split_deprecated [OF _ threadset_corresT])
apply (rule corres_split[OF threadset_corresT])
apply (rule_tac Q="valid_sched and cur_tcb and tcb_at receiver"
and Q'="tcb_at' receiver and cur_tcb'
and (\<lambda>s. weak_sch_act_wf (ksSchedulerAction s) s)
@ -2242,7 +2241,7 @@ lemma doReplyTransfer_corres:
in corres_guard_imp)
apply (case_tac rvb, simp_all)[1]
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (fold dc_def, rule possibleSwitchTo_corres)
apply simp
apply (wp static_imp_wp static_imp_conj_wp set_thread_state_runnable_weak_valid_sched_action sts_st_tcb_at'
@ -2460,7 +2459,7 @@ proof -
apply (case_tac bl)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres,
apply (rule corres_split[OF getEndpoint_corres,
where
R="\<lambda>rv. einvs and st_tcb_at active t and ep_at ep and
valid_ep rv and obj_at (\<lambda>ob. ob = Endpoint rv) ep
@ -2471,7 +2470,7 @@ proof -
apply (case_tac rv)
apply (simp add: ep_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply (simp add: fault_rel_optionation_def)
@ -2481,7 +2480,7 @@ proof -
\<comment> \<open>concludes IdleEP if bl branch\<close>
apply (simp add: ep_relation_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply (simp add: fault_rel_optionation_def)
@ -2497,17 +2496,17 @@ proof -
apply simp
apply (clarsimp split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (simp add: isReceive_def split del:if_split)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac
F="\<exists>data. recv_state = Structures_A.BlockedOnReceive ep data"
in corres_gen_asm)
apply (clarsimp simp: case_bool_If case_option_If if3_fold
simp del: dc_simp split del: if_split cong: if_cong)
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split_deprecated [OF _ possibleSwitchTo_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule corres_split[OF possibleSwitchTo_corres])
apply (fold when_def)[1]
apply (rule_tac P="call" and P'="call"
@ -2551,7 +2550,7 @@ proof -
apply wp+
apply (clarsimp simp: ep_at_def2)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres,
apply (rule corres_split[OF getEndpoint_corres,
where
R="\<lambda>rv. einvs and st_tcb_at active t and ep_at ep and
valid_ep rv and obj_at (\<lambda>k. k = Endpoint rv) ep"
@ -2578,15 +2577,15 @@ proof -
apply fastforce
apply (clarsimp split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac
F="\<exists>data. recv_state = Structures_A.BlockedOnReceive ep data"
in corres_gen_asm)
apply (clarsimp simp: isReceive_def case_bool_If
split del: if_split cong: if_cong)
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule possibleSwitchTo_corres)
apply (simp add: if_apply_def2)
apply (wp hoare_drop_imps)
@ -2648,7 +2647,7 @@ lemma sendSignal_corres:
(send_signal ep bg) (sendSignal ep bg)"
apply (simp add: send_signal_def sendSignal_def Let_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getNotification_corres,
apply (rule corres_split[OF getNotification_corres,
where
R = "\<lambda>rv. einvs and ntfn_at ep and valid_ntfn rv and
ko_at (Structures_A.Notification rv) ep" and
@ -2665,16 +2664,16 @@ lemma sendSignal_corres:
apply (rule corres_guard_imp[OF setNotification_corres])
apply (clarsimp simp add: ntfn_relation_def)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule corres_if)
apply (fastforce simp: receive_blocked_def receiveBlocked_def
thread_state_relation_def
split: Structures_A.thread_state.splits
Structures_H.thread_state.splits)
apply (rule corres_split_deprecated[OF _ cancel_ipc_corres])
apply (rule corres_split_deprecated[OF _ setThreadState_corres])
apply (rule corres_split[OF cancel_ipc_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated[OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule possibleSwitchTo_corres)
apply wp
apply (clarsimp simp: thread_state_relation_def)
@ -2704,10 +2703,10 @@ lemma sendSignal_corres:
apply (rule corres_guard_imp)
apply (rule_tac F="list \<noteq> []" in corres_gen_asm)
apply (simp add: list_case_helper split del: if_split)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule possibleSwitchTo_corres)
apply ((wp | simp)+)[1]
apply (rule_tac Q="\<lambda>_. Invariants_H.valid_queues and valid_queues' and
@ -2735,10 +2734,10 @@ lemma sendSignal_corres:
apply (rule corres_guard_imp)
apply (rule_tac F="list \<noteq> []" in corres_gen_asm)
apply (simp add: list_case_helper)
apply (rule corres_split_deprecated [OF _ setNotification_corres])
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule possibleSwitchTo_corres)
apply (wp cur_tcb_lift | simp)+
apply (wp sts_st_tcb_at' set_thread_state_runnable_weak_valid_sched_action
@ -3149,7 +3148,7 @@ lemma replyFromKernel_corres:
badge_register_def badgeRegister_def)
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ lookupIPCBuffer_corres])
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule corres_split_eqr [OF _ setMRs_corres])
apply (rule setMessageInfo_corres)
apply (wp hoare_case_option_wp hoare_valid_ipc_buffer_ptr_typ_at'
@ -3174,14 +3173,14 @@ lemma completeSignal_corres:
apply (rule corres_guard_imp)
apply (rule_tac R'="\<lambda>ntfn. ntfn_at' ntfnptr and tcb_at' tcb and valid_pspace'
and valid_ntfn' ntfn and (\<lambda>_. isActive ntfn)"
in corres_split_deprecated [OF _ getNotification_corres])
in corres_split[OF getNotification_corres])
apply (rule corres_gen_asm2)
apply (case_tac "ntfn_obj rv")
apply (clarsimp simp: ntfn_relation_def isActive_def
split: ntfn.splits Structures_H.notification.splits)+
apply (rule corres_guard2_imp)
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated[OF setNotification_corres asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres setNotification_corres])
apply (clarsimp simp: ntfn_relation_def)
apply (wp set_simple_ko_valid_objs get_simple_ko_wp getNotification_wp | clarsimp simp: valid_ntfn'_def)+
apply (clarsimp simp: valid_pspace'_def)
@ -3212,9 +3211,9 @@ lemma receiveIPC_corres:
apply (rename_tac word1 word2 right)
apply clarsimp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getEndpoint_corres])
apply (rule corres_split[OF getEndpoint_corres])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getBoundNotification_corres])
apply (rule corres_split[OF getBoundNotification_corres])
apply (rule_tac r'="ntfn_relation" in corres_split_deprecated)
apply (rule corres_if)
apply (clarsimp simp: ntfn_relation_def Ipc_A.isActive_def Endpoint_H.isActive_def
@ -3234,7 +3233,7 @@ lemma receiveIPC_corres:
apply (simp add: ep_relation_def)
apply (rule corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply simp
@ -3251,8 +3250,8 @@ lemma receiveIPC_corres:
apply (clarsimp simp: valid_ep_def)
apply (case_tac list, simp_all split del: if_split)[1]
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setEndpoint_corres])
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF setEndpoint_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule_tac
F="\<exists>data.
sender_state =
@ -3261,7 +3260,7 @@ lemma receiveIPC_corres:
apply (clarsimp simp: isSend_def case_bool_If
case_option_If if3_fold
split del: if_split cong: if_cong)
apply (rule corres_split_deprecated [OF _ doIPCTransfer_corres])
apply (rule corres_split[OF doIPCTransfer_corres])
apply (simp split del: if_split cong: if_cong)
apply (fold dc_def)[1]
apply (rule_tac P="valid_objs and valid_mdb and valid_list
@ -3285,7 +3284,7 @@ lemma receiveIPC_corres:
apply (rule corres_if2 [OF _ setupCallerCap_corres setThreadState_corres])
apply simp
apply simp
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule possibleSwitchTo_corres)
apply simp
apply (wp sts_st_tcb_at' set_thread_state_runnable_weak_valid_sched_action
@ -3315,7 +3314,7 @@ lemma receiveIPC_corres:
apply (simp add: ep_relation_def)
apply (rule_tac corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setEndpoint_corres)
apply (simp add: ep_relation_def)
apply simp
@ -3358,14 +3357,14 @@ lemma receiveSignal_corres:
obj_at (\<lambda>k. k = Notification rv) word1" and
R'="\<lambda>rv'. invs' and tcb_at' thread and ntfn_at' word1 and
valid_ntfn' rv'"
in corres_split_deprecated [OF _ getNotification_corres])
in corres_split[OF getNotification_corres])
apply clarsimp
apply (case_tac "ntfn_obj rv")
\<comment> \<open>IdleNtfn\<close>
apply (simp add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setNotification_corres)
apply (simp add: ntfn_relation_def)
apply simp
@ -3375,7 +3374,7 @@ lemma receiveSignal_corres:
apply (simp add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (case_tac isBlocking; simp)
apply (rule corres_split_deprecated[OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule setNotification_corres)
apply (simp add: ntfn_relation_def)
apply simp
@ -3386,7 +3385,7 @@ lemma receiveSignal_corres:
apply (simp add: ntfn_relation_def)
apply (rule corres_guard_imp)
apply (simp add: badgeRegister_def badge_register_def)
apply (rule corres_split_deprecated [OF _ asUser_setRegister_corres])
apply (rule corres_split[OF asUser_setRegister_corres])
apply (rule setNotification_corres)
apply (simp add: ntfn_relation_def)
apply wp+
@ -3439,7 +3438,7 @@ lemma sendFaultIPC_corres:
apply (rule corres_guard_imp)
apply (rule corres_if2 [OF refl])
apply (simp add: dc_def[symmetric])
apply (rule corres_split_deprecated [OF sendIPC_corres threadset_corres], simp_all)[1]
apply (rule corres_split[OF threadset_corres sendIPC_corres], simp_all)[1]
apply (simp add: tcb_relation_def fault_rel_optionation_def exst_same_def)+
apply (wp thread_set_invs_trivial thread_set_no_change_tcb_state
thread_set_typ_at ep_at_typ_at ex_nonz_cap_to_pres

36
proof/refine/X64/Refine.thy
View File

@ -527,12 +527,10 @@ lemma kernel_corres':
od)"
apply (simp add: call_kernel_def callKernel_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule corres_split_handle [OF _ handleEvent_corres])
apply simp
apply (rule corres_split_deprecated [OF _ corres_machine_op])
prefer 2
apply (rule corres_split[OF corres_machine_op])
apply (rule corres_underlying_trivial)
apply (rule no_fail_getActiveIRQ)
apply clarsimp
@ -555,7 +553,7 @@ lemma kernel_corres':
apply (rule_tac Q="\<lambda>_. \<top>" and E="\<lambda>_. invs'" in hoare_post_impErr)
apply wpsimp+
apply (simp add: invs'_def valid_state'_def)
apply (rule corres_split_deprecated [OF _ schedule_corres])
apply (rule corres_split[OF schedule_corres])
apply (rule activateThread_corres)
apply (wp schedule_invs' hoare_vcg_if_lift2 hoare_drop_imps
handle_interrupt_valid_sched[unfolded non_kernel_IRQs_def, simplified] |simp)+
@ -615,9 +613,8 @@ lemma entry_corres:
(kernel_entry event tc) (kernelEntry event tc)"
apply (simp add: kernel_entry_def kernelEntry_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split)
apply simp
apply (rule threadset_corresT)
apply (simp add: tcb_relation_def arch_tcb_relation_def
@ -625,7 +622,7 @@ lemma entry_corres:
apply (clarsimp simp: tcb_cap_cases_def)
apply (clarsimp simp: tcb_cte_cases_def)
apply (simp add: exst_same_def)
apply (rule corres_split_deprecated [OF _ kernel_corres])
apply (rule corres_split[OF kernel_corres])
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule threadGet_corres)
apply (simp add: tcb_relation_def arch_tcb_relation_def
@ -655,26 +652,21 @@ lemma do_user_op_corres:
(do_user_op f tc) (doUserOp f tc)"
apply (simp add: do_user_op_def doUserOp_def split_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule corres_split[OF getCurThread_corres])
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split)
apply (fastforce dest: absKState_correct [rotated])
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" and P=einvs and P'=invs' in corres_split)
apply (fastforce dest: absKState_correct [rotated])
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split)
apply (rule user_mem_corres)
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" and P=invs and P'=invs' in corres_split)
apply (rule device_mem_corres)
apply (rule_tac r'="(=)" in corres_split_deprecated)
prefer 2
apply (rule_tac r'="(=)" in corres_split)
apply (rule corres_gets_machine_state)
apply (rule_tac F = "dom (rvb \<circ> addrFromPPtr) \<subseteq> - dom rvd" in corres_gen_asm)
apply (rule_tac F = "dom (rvc \<circ> addrFromPPtr) \<subseteq> dom rvd" in corres_gen_asm)
apply simp
apply (rule_tac r'="(=)" in corres_split_deprecated[OF _ corres_select])
apply (rule_tac r'="(=)" in corres_split[OF corres_select])
apply (rule corres_underlying_split[OF corres_machine_op])
apply simp
apply (rule corres_underlying_trivial)
@ -722,7 +714,7 @@ lemma check_active_irq_corres':
"corres (=) \<top> \<top> (check_active_irq) (checkActiveIRQ)"
apply (simp add: check_active_irq_def checkActiveIRQ_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_machine_op[OF corres_underlying_trivial], where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply (rule corres_split[OF corres_machine_op[OF corres_underlying_trivial], where R="\<lambda>_. \<top>" and R'="\<lambda>_. \<top>"])
apply simp
apply (rule no_fail_getActiveIRQ)
apply (wp | simp )+

64
proof/refine/X64/Schedule_R.thy
View File

@ -48,7 +48,7 @@ proof -
apply (simp only: findM.simps)
apply (subst P)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ x])
apply (rule corres_split[OF x])
apply (rule corres_if2)
apply (case_tac ra, clarsimp+)[1]
apply (rule corres_trivial, clarsimp)
@ -680,8 +680,8 @@ proof -
setCurThread t
od)"
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ arch_switchToThread_corres])
apply (rule corres_split_deprecated[OF setCurThread_corres tcbSchedDequeue_corres])
apply (rule corres_split[OF arch_switchToThread_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres setCurThread_corres])
apply (wp|clarsimp simp: tcb_at_is_etcb_at st_tcb_at_tcb_at)+
done
@ -714,8 +714,8 @@ lemma switchToIdleThread_corres:
"corres dc invs invs_no_cicd' switch_to_idle_thread switchToIdleThread"
apply (simp add: switch_to_idle_thread_def Thread_H.switchToIdleThread_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getIdleThread_corres])
apply (rule corres_split_deprecated [OF _ arch_switchToIdleThread_corres])
apply (rule corres_split[OF getIdleThread_corres])
apply (rule corres_split[OF arch_switchToIdleThread_corres])
apply (unfold setCurThread_def)
apply (rule corres_trivial, rule corres_modify)
apply (simp add: state_relation_def cdt_relation_def)
@ -1524,7 +1524,7 @@ lemma guarded_switch_to_chooseThread_fragment_corres:
unfolding guarded_switch_to_def isRunnable_def
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rule corres_assert_assume_l)
apply (rule corres_assert_assume_r)
apply (rule switchToThread_corres)
@ -1586,7 +1586,7 @@ proof -
apply (rule corres_guard_imp)
apply (rule corres_split[OF curDomain_corres'])
apply clarsimp
apply (rule corres_split_deprecated[OF _ corres_gets_queues_getReadyQueuesL1Bitmap])
apply (rule corres_split[OF corres_gets_queues_getReadyQueuesL1Bitmap])
apply (erule corres_if2[OF sym])
apply (rule switchToIdleThread_corres)
apply (rule corres_symb_exec_r)
@ -1688,7 +1688,7 @@ lemma scheduleChooseNewThread_fragment_corres:
apply (subst bind_dummy_ret_val)
apply (subst bind_dummy_ret_val)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split[OF corres_when])
apply simp
apply (rule chooseThread_corres)
apply simp
@ -1722,7 +1722,7 @@ lemma isHighestPrio_corres:
apply (clarsimp simp: gets_is_highest_prio_expand isHighestPrio_def)
apply (subst getHighestPrio_def')
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ corres_gets_queues_getReadyQueuesL1Bitmap])
apply (rule corres_split[OF corres_gets_queues_getReadyQueuesL1Bitmap])
apply (rule corres_if_r'[where P'="\<lambda>_. True",rotated])
apply (rule_tac corres_symb_exec_r)
apply (rule_tac
@ -1760,8 +1760,8 @@ lemma scheduleChooseNewThread_corres:
schedule_choose_new_thread scheduleChooseNewThread"
unfolding schedule_choose_new_thread_def scheduleChooseNewThread_def
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getDomainTime_corres], clarsimp)
apply (rule corres_split_deprecated[OF _ scheduleChooseNewThread_fragment_corres, simplified bind_assoc])
apply (rule corres_split[OF getDomainTime_corres], clarsimp)
apply (rule corres_split[OF scheduleChooseNewThread_fragment_corres, simplified bind_assoc])
apply (rule setSchedulerAction_corres)
apply (wp | simp)+
apply (wp | simp add: getDomainTime_def)+
@ -1796,8 +1796,8 @@ lemma schedule_corres:
apply (subst thread_get_comm)
apply (subst schact_bind_inside)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres[THEN corres_rel_imp[where r="\<lambda>x y. y = x"],simplified]])
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF getCurThread_corres[THEN corres_rel_imp[where r="\<lambda>x y. y = x"],simplified]])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (rule corres_split_sched_act,assumption)
apply (rule_tac P="tcb_at ct" in corres_symb_exec_l')
apply (rule_tac corres_symb_exec_l)
@ -1807,29 +1807,29 @@ lemma schedule_corres:
prefer 2
(* choose thread *)
apply clarsimp
apply (rule corres_split_deprecated[OF _ thread_get_isRunnable_corres])
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split[OF thread_get_isRunnable_corres])
apply (rule corres_split[OF corres_when])
apply (rule scheduleChooseNewThread_corres, simp)
apply (rule tcbSchedEnqueue_corres, simp)
apply (wp thread_get_wp' tcbSchedEnqueue_invs' hoare_vcg_conj_lift hoare_drop_imps
| clarsimp)+
(* switch to thread *)
apply (rule corres_split_deprecated[OF _ thread_get_isRunnable_corres],
apply (rule corres_split[OF thread_get_isRunnable_corres],
rename_tac was_running wasRunning)
apply (rule corres_split_deprecated[OF _ corres_when])
apply (rule corres_split_deprecated[OF _ getIdleThread_corres], rename_tac it it')
apply (rule corres_split[OF corres_when])
apply (rule corres_split[OF getIdleThread_corres], rename_tac it it')
apply (rule_tac F="was_running \<longrightarrow> ct \<noteq> it" in corres_gen_asm)
apply (rule corres_split_deprecated[OF _ ethreadget_corres[where r="(=)"]],
apply (rule corres_split[OF ethreadget_corres[where r="(=)"]],
rename_tac tp tp')
apply (rule corres_split_deprecated[OF _ ethread_get_when_corres[where r="(=)"]],
apply (rule corres_split[OF ethread_get_when_corres[where r="(=)"]],
rename_tac cp cp')
apply (rule corres_split_deprecated[OF _ scheduleSwitchThreadFastfail_corres])
apply (rule corres_split_deprecated[OF _ curDomain_corres])
apply (rule corres_split_deprecated[OF _ isHighestPrio_corres]; simp only:)
apply (rule corres_split[OF scheduleSwitchThreadFastfail_corres])
apply (rule corres_split[OF curDomain_corres])
apply (rule corres_split[OF isHighestPrio_corres]; simp only:)
apply (rule corres_if, simp)
apply (rule corres_split_deprecated[OF _ tcbSchedEnqueue_corres])
apply (rule corres_split[OF tcbSchedEnqueue_corres])
apply (simp, fold dc_def)
apply (rule corres_split_deprecated[OF _ setSchedulerAction_corres])
apply (rule corres_split[OF setSchedulerAction_corres])
apply (rule scheduleChooseNewThread_corres, simp)
apply (wp | simp)+
@ -1843,9 +1843,9 @@ lemma schedule_corres:
apply (rule corres_if, fastforce)
apply (rule corres_split_deprecated[OF _ tcbSchedAppend_corres])
apply (rule corres_split[OF tcbSchedAppend_corres])
apply (simp, fold dc_def)
apply (rule corres_split_deprecated[OF _ setSchedulerAction_corres])
apply (rule corres_split[OF setSchedulerAction_corres])
apply (rule scheduleChooseNewThread_corres, simp)
apply (wp | simp)+
@ -1857,7 +1857,7 @@ lemma schedule_corres:
apply (wp tcb_sched_action_append_valid_blocked hoare_vcg_all_lift append_thread_queued)
apply (wp tcbSchedAppend_invs'_not_ResumeCurrentThread)
apply (rule corres_split_deprecated[OF _ guarded_switch_to_corres], simp)
apply (rule corres_split[OF guarded_switch_to_corres], simp)
apply (rule setSchedulerAction_corres[simplified dc_def])
apply (wp | simp)+
@ -2258,14 +2258,14 @@ lemma possibleSwitchTo_corres:
supply ethread_get_wp[wp del]
apply (simp add: possible_switch_to_def possibleSwitchTo_def cong: if_cong)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ curDomain_corres], simp)
apply (rule corres_split_deprecated[OF _ ethreadget_corres[where r="(=)"]])
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF curDomain_corres], simp)
apply (rule corres_split[OF ethreadget_corres[where r="(=)"]])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (rule corres_if, simp)
apply (rule tcbSchedEnqueue_corres)
apply (rule corres_if, simp)
apply (case_tac action; simp)
apply (rule corres_split_deprecated[OF _ rescheduleRequired_corres])
apply (rule corres_split[OF rescheduleRequired_corres])
apply (rule tcbSchedEnqueue_corres)
apply (wp rescheduleRequired_valid_queues'_weak)+
apply (rule setSchedulerAction_corres, simp)

34
proof/refine/X64/Syscall_R.thy
View File

@ -265,7 +265,7 @@ lemma hinv_corres_assist:
prefer 2
\<comment> \<open>switched over to argument of corres_cap_fault\<close>
apply (rule lookupCapAndSlot_corres, simp)
apply (rule corres_split_deprecated [OF _ lookupIPCBuffer_corres])
apply (rule corres_split[OF lookupIPCBuffer_corres])
apply (rule corres_splitEE [OF _ lookupExtraCaps_corres])
apply (rule corres_returnOkTT)
apply simp+
@ -358,10 +358,10 @@ lemma setDomain_corres:
apply (rule corres_gen_asm2)
apply (simp add: set_domain_def setDomain_def thread_set_domain_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split_deprecated[OF _ tcbSchedDequeue_corres])
apply (rule corres_split_deprecated[OF _ ethread_set_corres])
apply (rule corres_split_deprecated[OF _ isRunnable_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres])
apply (rule corres_split[OF ethread_set_corres])
apply (rule corres_split[OF isRunnable_corres])
apply simp
apply (rule corres_split_deprecated[OF corres_when[OF refl]])
apply (rule rescheduleRequired_corres)
@ -416,9 +416,9 @@ lemma performInvocation_corres:
apply wp+
apply simp+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule corres_split_deprecated [OF _ sendIPC_corres])
apply (rule corres_split[OF sendIPC_corres])
apply (rule corres_trivial)
apply simp
apply simp
@ -429,7 +429,7 @@ lemma performInvocation_corres:
sch_act_simple_def)
apply (rule corres_guard_imp)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated [OF _ sendSignal_corres])
apply (rule corres_split[OF sendSignal_corres])
apply (rule corres_trivial)
apply (simp add: returnOk_def)
apply wp+
@ -452,7 +452,7 @@ lemma performInvocation_corres:
\<comment> \<open>domain cap\<close>
apply (clarsimp simp: invoke_domain_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ setDomain_corres])
apply (rule corres_split[OF setDomain_corres])
apply (rule corres_trivial, simp)
apply (wp)+
apply (clarsimp+)[2]
@ -1192,7 +1192,7 @@ lemma handleInvocation_corres:
apply (simp add: handle_invocation_def handleInvocation_def liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule corres_split_deprecated [OF _ getMessageInfo_corres])
apply (rule corres_split[OF getMessageInfo_corres])
apply clarsimp
apply (simp add: liftM_def cap_register_def capRegister_def)
apply (rule corres_split_eqr [OF _ asUser_getRegister_corres])
@ -1202,7 +1202,7 @@ lemma handleInvocation_corres:
apply (rule handleFault_corres)
apply simp
apply (simp add: split_def)
apply (rule corres_split_deprecated [OF _ getMRs_corres])
apply (rule corres_split[OF getMRs_corres])
apply (rule decodeInvocation_corres, simp_all)[1]
apply (fastforce simp: list_all2_map2 list_all2_map1 elim: list_all2_mono)
apply (fastforce simp: list_all2_map2 list_all2_map1 elim: list_all2_mono)
@ -1212,10 +1212,10 @@ lemma handleInvocation_corres:
apply wp[1]
apply (clarsimp simp: when_def)
apply (rule replyFromKernel_corres)
apply (rule corres_split_deprecated [OF _ setThreadState_corres])
apply (rule corres_split[OF setThreadState_corres])
apply (rule corres_splitEE [OF _ performInvocation_corres])
apply simp
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (rename_tac state state')
apply (case_tac state, simp_all)[1]
apply (fold dc_def)[1]
@ -1609,10 +1609,10 @@ lemma handleYield_corres:
"corres dc einvs (invs' and ct_active' and (\<lambda>s. ksSchedulerAction s = ResumeCurrentThread)) handle_yield handleYield"
apply (clarsimp simp: handle_yield_def handleYield_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule corres_split_deprecated[OF _ tcbSchedDequeue_corres])
apply (rule corres_split_deprecated[OF _ tcbSchedAppend_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres])
apply (rule corres_split[OF tcbSchedAppend_corres])
apply (rule rescheduleRequired_corres)
apply (wp weak_sch_act_wf_lift_linear tcbSchedDequeue_valid_queues | simp add: )+
apply (simp add: invs_def valid_sched_def valid_sched_action_def
@ -1680,7 +1680,7 @@ lemma handleReply_corres:
getSlotCap_def)
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ getCurThread_corres])
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac P="einvs and cte_wp_at ((=) caller_cap) (thread, tcb_cnode_index 3)
and K (is_reply_cap caller_cap \<or> caller_cap = cap.NullCap)
and tcb_at thread and st_tcb_at active thread

20
proof/refine/X64/TcbAcc_R.thy
View File

@ -356,7 +356,7 @@ lemma threadset_corresT:
(thread_set f t) (threadSet f' t)"
apply (simp add: thread_set_def threadSet_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getObject_TCB_corres])
apply (rule corres_split[OF getObject_TCB_corres])
apply (rule setObject_update_TCB_corres')
apply (erule x)
apply (rule y)
@ -1371,7 +1371,7 @@ lemma asUser_corres':
apply (simp add: as_user_def asUser_def)
apply (rule corres_guard_imp)
apply (rule_tac r'="\<lambda>tcb con. (arch_tcb_context_get o tcb_arch) tcb = con" in corres_split_deprecated)
apply (rule corres_split_deprecated [OF _ L4])
apply (rule corres_split[OF L4])
apply clarsimp
apply (rule corres_split_nor)
apply (rule corres_trivial, simp)
@ -1872,7 +1872,7 @@ lemma rescheduleRequired_corres:
(reschedule_required) rescheduleRequired"
apply (simp add: rescheduleRequired_def reschedule_required_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (rule_tac P="case action of switch_thread t \<Rightarrow> P t | _ \<Rightarrow> \<top>"
and P'="case actiona of SwitchToThread t \<Rightarrow> P' t | _ \<Rightarrow> \<top>" for P P' in corres_split_deprecated[where r'=dc])
apply (rule setSchedulerAction_corres)
@ -2068,9 +2068,9 @@ lemma setThreadState_corres:
apply (rule corres_split_deprecated[where r'=dc])
apply simp
apply (subst thread_get_test[where test="runnable"])
apply (rule corres_split_deprecated[OF _ thread_get_isRunnable_corres])
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split_deprecated[OF _ getSchedulerAction_corres])
apply (rule corres_split[OF thread_get_isRunnable_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split[OF getSchedulerAction_corres])
apply (simp only: when_def)
apply (rule corres_if[where Q=\<top> and Q'=\<top>])
apply (rule iffI)
@ -3279,7 +3279,7 @@ lemma getMRs_corres:
apply simp
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ T])
apply (rule corres_split[OF T])
apply (simp only: option.simps return_bind fun_app_def
load_word_offs_def doMachineOp_mapM ef_loadWord)
apply (rule corres_split_eqr)
@ -3588,7 +3588,7 @@ lemma lookupIPCBuffer_corres':
apply (rule corres_guard_imp)
apply (rule corres_split_eqr [OF _ threadGet_corres])
apply (simp add: getThreadBufferSlot_def locateSlot_conv)
apply (rule corres_split_deprecated [OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F="valid_ipc_buffer_cap rv buffer_ptr"
in corres_gen_asm)
apply (rule_tac P="valid_cap rv" and Q="no_0_obj'"
@ -4505,7 +4505,7 @@ lemma get_cap_corres_all_rights_P:
apply (simp add: getSlotCap_def mask_cap_def)
apply (subst bind_return [symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres_P [where P=P]])
apply (rule corres_split[OF get_cap_corres_P [where P=P]])
defer
apply (wp getCTE_wp')+
apply simp
@ -4630,7 +4630,7 @@ lemma ethread_set_corresT:
(ethread_set f t) (threadSet f' t)"
apply (simp add: ethread_set_def threadSet_def bind_assoc)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF set_eobject_corres corres_get_etcb])
apply (rule corres_split[OF corres_get_etcb set_eobject_corres])
apply (rule x)
apply (erule e)
apply (simp add: z)+

58
proof/refine/X64/Tcb_R.thy
View File

@ -35,7 +35,7 @@ lemma activateThread_corres:
\<and> invs s \<and> st_tcb_at ((=) ts) thread s"
and R'="\<lambda>ts s. valid_tcb_state' ts s \<and> (idle' ts \<or> runnable' ts)
\<and> invs' s \<and> st_tcb_at' (\<lambda>ts'. ts' = ts) thread s"
in corres_split_deprecated [OF _ getThreadState_corres])
in corres_split[OF getThreadState_corres])
apply (rule_tac F="idle rv \<or> runnable rv" in corres_req, simp)
apply (rule_tac F="idle' rv' \<or> runnable' rv'" in corres_req, simp)
apply (case_tac rv, simp_all add:
@ -66,8 +66,8 @@ lemma bindNotification_corres:
(bind_notification t a) (bindNotification t a)"
apply (simp add: bind_notification_def bindNotification_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getNotification_corres])
apply (rule corres_split_deprecated[OF _ setNotification_corres])
apply (rule corres_split[OF getNotification_corres])
apply (rule corres_split[OF setNotification_corres])
apply (rule setBoundNotification_corres)
apply (clarsimp simp: ntfn_relation_def split: Structures_A.ntfn.splits)
apply (wp)+
@ -208,12 +208,12 @@ lemma restart_corres:
apply (simp add: Tcb_A.restart_def Thread_H.restart_def)
apply (simp add: isStopped_def2 liftM_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (clarsimp simp add: runnable_tsr idle_tsr when_def)
apply (rule corres_split_nor [OF _ cancel_ipc_corres])
apply (rule corres_split_nor [OF _ setupReplyMaster_corres])
apply (rule corres_split_nor [OF _ setThreadState_corres])
apply (rule corres_split_deprecated [OF possibleSwitchTo_corres tcbSchedEnqueue_corres])
apply (rule corres_split[OF tcbSchedEnqueue_corres possibleSwitchTo_corres])
apply (wp set_thread_state_runnable_weak_valid_sched_action sts_st_tcb_at' sts_valid_queues sts_st_tcb' | clarsimp simp: valid_tcb_state'_def)+
apply (rule_tac Q="\<lambda>rv. valid_sched and cur_tcb" in hoare_strengthen_post)
apply wp
@ -284,7 +284,7 @@ lemma invokeTCB_ReadRegisters_corres:
frameRegisters_def gpRegisters_def)
apply (rule corres_guard_imp)
apply (rule corres_split_nor)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (simp add: liftM_def[symmetric])
apply (rule asUser_corres)
apply (rule corres_Id)
@ -334,7 +334,7 @@ lemma invokeTCB_WriteRegisters_corres:
sanitiseRegister_def sanitise_register_def getSanitiseRegisterInfo_def
frameRegisters_def gpRegisters_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split_nor)
prefer 2
apply (rule asUser_corres)
@ -444,13 +444,13 @@ proof -
show ?thesis
apply (simp add: invokeTCB_def performTransfer_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ corres_when [OF refl suspend_corres]], simp)
apply (rule corres_split_deprecated [OF _ corres_when [OF refl restart_corres]], simp)
apply (rule corres_split[OF corres_when [OF refl suspend_corres]], simp)
apply (rule corres_split[OF corres_when [OF refl restart_corres]], simp)
apply (rule corres_split_nor)
apply (rule corres_split_nor)
apply (rule corres_split_eqr[OF _ getCurThread_corres])
apply (rule corres_split_nor[OF _ asUser_postModifyRegisters_corres[simplified]])
apply (rule corres_split_deprecated[OF _ corres_when[OF refl rescheduleRequired_corres]])
apply (rule corres_split[OF corres_when[OF refl rescheduleRequired_corres]])
apply (rule_tac P=\<top> and P'=\<top> in corres_inst)
apply simp
apply (wp static_imp_wp)+
@ -554,7 +554,7 @@ lemma isRunnable_corres:
apply (simp add: isRunnable_def)
apply (subst bind_return[symmetric])
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getThreadState_corres])
apply (rule corres_split[OF getThreadState_corres])
apply (case_tac rv, clarsimp+)
apply (wp hoare_TrueI)+
apply auto
@ -631,11 +631,11 @@ lemma sp_corres2:
(set_priority t x) (setPriority t x)"
apply (simp add: setPriority_def set_priority_def thread_set_priority_def)
apply (rule stronger_corres_guard_imp)
apply (rule corres_split_deprecated [OF _ tcbSchedDequeue_corres])
apply (rule corres_split_deprecated [OF _ ethread_set_corres], simp_all)[1]
apply (rule corres_split_deprecated [OF _ isRunnable_corres])
apply (rule corres_split[OF tcbSchedDequeue_corres])
apply (rule corres_split[OF ethread_set_corres], simp_all)[1]
apply (rule corres_split[OF isRunnable_corres])
apply (erule corres_when)
apply(rule corres_split_deprecated [OF _ getCurThread_corres])
apply(rule corres_split[OF getCurThread_corres])
apply (wp corres_if; clarsimp)
apply (rule rescheduleRequired_corres)
apply (rule possibleSwitchTo_corres)
@ -813,7 +813,7 @@ lemma checkCapAt_corres:
(checkCapAt cap' (cte_map slot) f')" using r c
apply (simp add: check_cap_at_def checkCapAt_def liftM_def when_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule corres_if [unfolded if_apply_def2])
apply (erule(1) sameObject_corres2)
apply assumption
@ -1389,7 +1389,7 @@ proof -
apply (rule corres_split_norE)
apply (rule_tac F="is_aligned aa msg_align_bits" in corres_gen_asm2)
apply (rule corres_split_nor)
apply (rule corres_split_deprecated [OF _ getCurThread_corres], clarsimp)
apply (rule corres_split[OF getCurThread_corres], clarsimp)
apply (rule corres_when[OF refl rescheduleRequired_corres])
apply (wpsimp wp: gct_wp)+
apply (rule threadset_corres,
@ -1411,7 +1411,7 @@ proof -
apply (rule_tac F="isArchObjectCap ac" in corres_gen_asm2)
apply (rule corres_split_nor)
apply (rule corres_split_nor)
apply (rule corres_split_deprecated [OF _ getCurThread_corres], clarsimp)
apply (rule corres_split[OF getCurThread_corres], clarsimp)
apply (rule corres_when[OF refl rescheduleRequired_corres])
apply (wp gct_wp)+
apply (erule checkCapAt_cteInsert_corres)
@ -1784,14 +1784,14 @@ lemma invokeTCB_corres:
apply (case_tac option)
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ unbindNotification_corres])
apply (rule corres_split[OF unbindNotification_corres])
apply (rule corres_trivial, simp)
apply wp+
apply (clarsimp)
apply clarsimp
apply simp
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ bindNotification_corres])
apply (rule corres_split[OF bindNotification_corres])
apply (rule corres_trivial, simp)
apply wp+
apply clarsimp
@ -1799,9 +1799,9 @@ lemma invokeTCB_corres:
apply (clarsimp simp: obj_at'_def projectKOs)
apply (simp add: invokeTCB_def tlsBaseRegister_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ TcbAcc_R.asUser_setRegister_corres])
apply (rule corres_split_deprecated[OF _ Bits_R.getCurThread_corres])
apply (rule corres_split_deprecated[OF _ Corres_UL.corres_when])
apply (rule corres_split[OF TcbAcc_R.asUser_setRegister_corres])
apply (rule corres_split[OF Bits_R.getCurThread_corres])
apply (rule corres_split[OF Corres_UL.corres_when])
apply (rule corres_trivial, simp)
apply simp
apply (rule TcbAcc_R.rescheduleRequired_corres)
@ -1915,7 +1915,7 @@ lemma decodeReadRegisters_corres:
apply (rule corres_trivial)
apply (fastforce simp: returnOk_def)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_trivial)
apply (clarsimp simp: whenE_def)
apply (wp|simp)+
@ -1938,7 +1938,7 @@ lemma decodeWriteRegisters_corres:
apply clarsimp
apply (rule corres_guard_imp)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply (rule corres_split_norE)
apply (rule corres_trivial, simp)
apply (rule corres_trivial, simp)
@ -2011,7 +2011,7 @@ lemma checkPrio_corres:
apply (simp add: check_prio_def checkPrio_def)
apply (rule corres_guard_imp)
apply (simp add: liftE_bindE)
apply (rule corres_split_deprecated[OF _ threadGet_corres])
apply (rule corres_split[OF threadGet_corres])
apply (rule_tac rvr = dc and
R = \<top> and
R' = \<top> in
@ -2292,7 +2292,7 @@ lemma slotCapLongRunningDelete_corres:
apply (clarsimp simp: slot_cap_long_running_delete_def
slotCapLongRunningDelete_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (auto split: cap_relation_split_asm arch_cap.split_asm
intro!: corres_rel_imp [OF isFinalCapability_corres[where ptr=ptr]]
simp: liftM_def[symmetric] final_matters'_def
@ -2337,8 +2337,8 @@ lemma decodeSetSpace_corres:
getThreadCSpaceRoot getThreadVSpaceRoot
split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ slotCapLongRunningDelete_corres])
apply (rule corres_split_deprecated [OF _ slotCapLongRunningDelete_corres])
apply (rule corres_split[OF slotCapLongRunningDelete_corres])
apply (rule corres_split[OF slotCapLongRunningDelete_corres])
apply (rule corres_split_norE)
apply (simp(no_asm) add: split_def unlessE_throwError_returnOk
bindE_assoc cap_CNode_case_throw

15
proof/refine/X64/Untyped_R.thy
View File

@ -961,7 +961,7 @@ lemma corres_list_all2_mapM_':
apply simp
apply (clarsimp simp add: mapM_x_def sequence_x_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ y])
apply (rule corres_split[OF y])
apply (clarsimp dest!: suffix_ConsD)
apply (erule meta_allE, (drule(1) meta_mp)+)
apply assumption
@ -1563,10 +1563,9 @@ shows
apply (rule corres_underlying_symb_exec_l [OF set_original_symb_exec_l])
apply (rule corres_cong[OF refl refl _ refl refl, THEN iffD1])
apply (rule bind_return[THEN fun_cong])
apply (rule corres_split_deprecated [OF _ setCTE_corres])
apply (rule corres_split[OF setCTE_corres])
apply (subst bind_return[symmetric],
rule corres_split_deprecated)
prefer 2
rule corres_split)
apply (simp add: dc_def[symmetric])
apply (rule updateMDB_symb_exec_r)
apply (simp add: dc_def[symmetric])
@ -3337,7 +3336,7 @@ lemma createNewCaps_ranges':
declare split_paired_Ex[simp del]
lemmas corres_split_retype_createNewCaps
= corres_split_deprecated [OF _ corres_retype_region_createNewCaps,
= corres_split[OF corres_retype_region_createNewCaps,
simplified bind_assoc, simplified ]
declare split_paired_Ex[simp add]
@ -4318,7 +4317,7 @@ lemma resetUntypedCap_corres:
apply (simp add: reset_untyped_cap_def resetUntypedCap_def
liftE_bindE)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres])
apply (rule corres_split[OF getSlotCap_corres])
apply (rule_tac F="cap = cap.UntypedCap dev ptr sz idx
\<and> (\<exists>s. s \<turnstile> cap)" in corres_gen_asm)
apply (clarsimp simp: bits_of_def free_index_of_def unlessE_def
@ -4326,7 +4325,7 @@ lemma resetUntypedCap_corres:
apply (rule corres_if[OF refl])
apply (rule corres_returnOk[where P=\<top> and P'=\<top>], simp)
apply (simp add: liftE_bindE bits_of_def split del: if_split)
apply (rule corres_split_deprecated[OF _ deleteObjects_corres])
apply (rule corres_split[OF deleteObjects_corres])
apply (rule corres_if)
apply simp
apply (simp add: bits_of_def shiftL_nat)
@ -4989,7 +4988,7 @@ lemma inv_untyped_corres':
sz (if reset then 0 else idx)" in corres_gen_asm)
apply (rule corres_add_noop_lhs)
apply (rule corres_split_nor[OF _ cNodeNoOverlap return_wp stateAssert_wp])
apply (rule corres_split_deprecated[OF _ updateFreeIndex_corres,rotated])
apply (rule corres_split[OF updateFreeIndex_corres,rotated])
apply (simp add:isCap_simps)+
apply (clarsimp simp:getFreeIndex_def bits_of_def shiftL_nat shiftl_t2n
free_index_of_def)

82
proof/refine/X64/VSpace_R.thy
View File

@ -201,7 +201,7 @@ proof -
pspace_aligned and pspace_distinct and
cte_wp_at ((=) thread_root) thread_root_slot"
and R'="\<lambda>thread_root. pspace_aligned' and pspace_distinct' and no_0_obj'"
in corres_split_deprecated [OF _ getSlotCap_corres])
in corres_split[OF getSlotCap_corres])
apply (case_tac rv; simp add: isCap_simps Q[simplified])
apply (rename_tac arch_cap)
apply (case_tac arch_cap; simp add: isCap_simps Q[simplified])
@ -300,7 +300,7 @@ lemma deleteASID_corres [corres]:
using assms
apply (simp add: delete_asid_def deleteASID_def)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ corres_gets_asid])
apply (rule corres_split[OF corres_gets_asid])
apply (case_tac "asid_table (asid_high_bits_of asid)", simp)
apply clarsimp
apply (rule_tac P="\<lambda>s. asid_high_bits_of asid \<in> dom (asidTable o ucast) \<longrightarrow>
@ -308,23 +308,21 @@ lemma deleteASID_corres [corres]:
P'="pspace_aligned' and pspace_distinct'" and
Q="invs and valid_etcbs and K (asid_wf asid \<and> asid \<noteq> 0) and
(\<lambda>s. x64_asid_table (arch_state s) = asidTable \<circ> ucast)" in
corres_split_deprecated)
prefer 2
corres_split)
apply (simp add: dom_def)
apply (rule get_asid_pool_corres_inv'[OF refl])
apply (rule corres_when, simp add: mask_asid_low_bits_ucast_ucast asid_low_bits_of_def)
apply (rule corres_split_deprecated [OF _ hwASIDInvalidate_corres[where pm=pm]])
apply (rule corres_split[OF hwASIDInvalidate_corres[where pm=pm]])
apply (rule_tac P="asid_pool_at (the (asidTable (ucast (asid_high_bits_of asid))))
and valid_etcbs"
and P'="pspace_aligned' and pspace_distinct'"
in corres_split_deprecated)
prefer 2
in corres_split)
apply (simp del: fun_upd_apply)
apply (rule setObject_ASIDPool_corres')
apply (simp add: inv_def mask_asid_low_bits_ucast_ucast)
apply (rule ext)
apply (clarsimp simp: o_def)
apply (rule corres_split_deprecated [OF _ getCurThread_corres])
apply (rule corres_split[OF getCurThread_corres])
apply simp
apply (rule setVMRoot_corres[OF refl])
apply wp+
@ -387,13 +385,12 @@ lemma deleteASIDPool_corres:
apply (rule corres_assume_pre, simp add: is_aligned_asid_low_bits_of_zero cong: corres_weak_cong)
apply (thin_tac P for P)+
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ corres_gets_asid])
apply (rule corres_split[OF corres_gets_asid])
apply (rule corres_when)
apply simp
apply (simp add: liftM_def)
apply (rule corres_split_deprecated [OF _ getObject_ASIDPool_corres'[OF refl]])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split[OF getObject_ASIDPool_corres'[OF refl]])
apply (rule corres_split)
apply (rule corres_mapM [where r=dc and r'=dc], simp, simp)
prefer 5
apply (rule order_refl)
@ -411,8 +408,7 @@ lemma deleteASIDPool_corres:
apply simp
apply clarsimp
apply ((wp|clarsimp simp: o_def)+)[3]
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule corres_modify [where P=\<top> and P'=\<top>])
apply (simp add: state_relation_def arch_state_relation_def)
apply (rule ext)
@ -422,8 +418,7 @@ lemma deleteASIDPool_corres:
apply (drule_tac x1="ucast xa" in bang_eq [THEN iffD1])
apply (erule_tac x=n in allE)
apply (simp add: word_size nth_ucast)
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule getCurThread_corres)
apply (simp only:)
apply (rule setVMRoot_corres[OF refl])
@ -504,7 +499,7 @@ lemma flushTable_corres:
apply (frule zip_map_rel[where f=ucast and g=id, simplified])
apply (simp add: upto_enum_def bit_simps take_bit_nat_eq_self unsigned_of_nat)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getObject_PTE_corres''])
apply (rule corres_split[OF getObject_PTE_corres''])
apply (case_tac rv; case_tac rv'; simp)
apply (rule corres_machine_op)
apply (subgoal_tac "ucast x = y"; simp)
@ -588,8 +583,8 @@ lemma unmapPageTable_corres:
simp: lookup_failure_map_def pde_relation_def
split: X64_A.pde.splits)
apply simp
apply (rule corres_split_deprecated[OF _ flushTable_corres[OF refl refl refl refl]])
apply (rule corres_split_deprecated[OF _ storePDE_corres'])
apply (rule corres_split[OF flushTable_corres[OF refl refl refl refl]])
apply (rule corres_split[OF storePDE_corres'])
apply (rule invalidatePageStructureCacheASID_corres)
apply simp
apply ((wpsimp wp: hoare_if get_pde_wp getPDE_wp)+)[8]
@ -877,8 +872,7 @@ proof -
apply (rule_tac R="\<lambda>_. invs and (valid_page_map_inv cap (a,b) (aa,ba) vspace) and valid_etcbs
and (\<lambda>s. caps_of_state s (a,b) = Some cap)"
and R'="\<lambda>_. invs' and valid_slots' (ab,bb) and pspace_aligned'
and pspace_distinct' and K (page_entry_map_corres (ab,bb))" in corres_split_deprecated)
prefer 2
and pspace_distinct' and K (page_entry_map_corres (ab,bb))" in corres_split)
apply (erule updateCap_same_master)
apply (simp, rule corres_gen_asm2)
apply (case_tac aa)
@ -889,7 +883,7 @@ proof -
apply (rule corres_name_pre)
apply (clarsimp simp: mapM_Cons bind_assoc split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ storePTE_corres'])
apply (rule corres_split[OF storePTE_corres'])
apply (rule corres_split_deprecated[where r'="(=)"])
apply (rule corres_underlying_split[where r'=dc, OF _ corres_return_eq_same[OF refl]
hoare_post_taut hoare_post_taut])
@ -906,7 +900,7 @@ proof -
apply (rule corres_name_pre)
apply (clarsimp simp: mapM_Cons bind_assoc split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ storePDE_corres'])
apply (rule corres_split[OF storePDE_corres'])
apply (rule corres_split_deprecated[where r'="(=)"])
apply simp
apply (rule corres_underlying_split[where r'=dc, OF _ corres_return_eq_same[OF refl]
@ -923,7 +917,7 @@ proof -
apply (rule corres_name_pre)
apply (clarsimp simp: mapM_Cons bind_assoc split del: if_split)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ storePDPTE_corres'])
apply (rule corres_split[OF storePDPTE_corres'])
apply (rule corres_split_deprecated[where r'="(=)"])
apply simp
apply (rule corres_underlying_split[where r'=dc, OF _ corres_return_eq_same[OF refl]
@ -957,11 +951,9 @@ proof -
apply (rule corres_guard_imp)
apply (rule corres_underlying_split[where r'=dc, OF _ corres_return_eq_same[OF refl]
hoare_post_taut hoare_post_taut])
apply (rule corres_split_deprecated)
prefer 2
apply (rule corres_split)
apply (rule unmapPage_corres[OF refl refl refl refl])
apply (rule corres_split_deprecated [where r'=acap_relation])
prefer 2
apply (rule corres_split[where r'=acap_relation])
apply simp
apply (rule corres_rel_imp)
apply (rule get_cap_corres_all_rights_P[where P=is_arch_cap], rule refl)
@ -1128,10 +1120,9 @@ lemma performPageTableInvocation_corres:
apply (rule corres_name_pre)
apply (clarsimp simp: valid_pti_def valid_pti'_def split: capability.split_asm arch_capability.split_asm)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ updateCap_same_master])
prefer 2
apply (rule corres_split[OF updateCap_same_master])
apply assumption
apply (rule corres_split_deprecated [OF _ storePDE_corres'])
apply (rule corres_split[OF storePDE_corres'])
apply (rule corres_split_deprecated[where r'="(=)" and P="\<top>" and P'="\<top>"])
apply simp
apply (rule invalidatePageStructureCacheASID_corres)
@ -1156,13 +1147,13 @@ lemma performPageTableInvocation_corres:
apply (rule corres_guard_imp)
apply (rule corres_split_nor)
apply (simp add: liftM_def)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="is_pt_cap x" in corres_gen_asm)
apply (rule updateCap_same_master)
apply (clarsimp simp: is_pt_cap_def update_map_data_def)
apply (wp get_cap_wp)+
apply (rule corres_if[OF refl])
apply (rule corres_split_deprecated [OF _ unmapPageTable_corres[OF refl refl refl]])
apply (rule corres_split[OF unmapPageTable_corres[OF refl refl refl]])
apply (rule clear_page_table_corres[simplified bit_simps bitSimps, simplified])
apply wp+
apply (rule corres_trivial, simp)
@ -1259,10 +1250,9 @@ lemma performPageDirectoryInvocation_corres:
apply (rule corres_name_pre)
apply (clarsimp simp: valid_pdi_def valid_pdi'_def split: capability.split_asm arch_capability.split_asm)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ updateCap_same_master])
prefer 2
apply (rule corres_split[OF updateCap_same_master])
apply assumption
apply (rule corres_split_deprecated [OF _ storePDPTE_corres'])
apply (rule corres_split[OF storePDPTE_corres'])
apply (rule corres_split_deprecated[where r'="(=)" and P="\<top>" and P'="\<top>"])
apply simp
apply (rule invalidatePageStructureCacheASID_corres)
@ -1287,13 +1277,13 @@ lemma performPageDirectoryInvocation_corres:
apply (rule corres_guard_imp)
apply (rule corres_split_nor)
apply (simp add: liftM_def)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="is_pd_cap x" in corres_gen_asm)
apply (rule updateCap_same_master)
apply (clarsimp simp: is_pd_cap_def update_map_data_def)
apply (wp get_cap_wp)+
apply (rule corres_if[OF refl])
apply (rule corres_split_deprecated [OF _ unmapPageDirectory_corres[OF refl refl refl]])
apply (rule corres_split[OF unmapPageDirectory_corres[OF refl refl refl]])
apply (rule clear_page_directory_corres[simplified bit_simps bitSimps, simplified])
apply wp+
apply (rule corres_trivial, simp)
@ -1386,10 +1376,9 @@ lemma performPDPTInvocation_corres:
apply (rule corres_name_pre)
apply (clarsimp simp: valid_pdpti_def valid_pdpti'_def split: capability.split_asm arch_capability.split_asm)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated [OF _ updateCap_same_master])
prefer 2
apply (rule corres_split[OF updateCap_same_master])
apply assumption
apply (rule corres_split_deprecated [OF _ store_pml4e_corres'])
apply (rule corres_split[OF store_pml4e_corres'])
apply (rule corres_split_deprecated[where r'="(=)" and P="\<top>" and P'="\<top>"])
apply simp
apply (rule invalidatePageStructureCacheASID_corres)
@ -1414,13 +1403,13 @@ lemma performPDPTInvocation_corres:
apply (rule corres_guard_imp)
apply (rule corres_split_nor)
apply (simp add: liftM_def)
apply (rule corres_split_deprecated [OF _ get_cap_corres])
apply (rule corres_split[OF get_cap_corres])
apply (rule_tac F="is_pdpt_cap x" in corres_gen_asm)
apply (rule updateCap_same_master)
apply (clarsimp simp: is_pdpt_cap_def update_map_data_def)
apply (wp get_cap_wp)+
apply (rule corres_if[OF refl])
apply (rule corres_split_deprecated [OF _ unmapPDPT_corres[OF refl refl refl]])
apply (rule corres_split[OF unmapPDPT_corres[OF refl refl refl]])
apply (rule clear_pdpt_corres[simplified bit_simps bitSimps, simplified])
apply wp+
apply (rule corres_trivial, simp)
@ -1473,15 +1462,14 @@ lemma performASIDPoolInvocation_corres:
apply (cases ap, simp add: asid_pool_invocation_map_def)
apply (rename_tac word1 word2 prod)
apply (rule corres_guard_imp)
apply (rule corres_split_deprecated[OF _ getSlotCap_corres[OF refl] get_cap_wp getSlotCap_wp])
apply (rule corres_split[OF getSlotCap_corres[OF refl] get_cap_wp getSlotCap_wp])
apply (rule_tac F="\<exists>p asid. rv = Structures_A.ArchObjectCap (X64_A.PML4Cap p asid)"
in corres_gen_asm; elim exE)
apply (simp cong: corres_weak_cong)
apply (rule subst[OF helper], assumption)
apply (rule corres_split_deprecated[OF _ updateCap_same_master])
apply (rule corres_split[OF updateCap_same_master])
unfolding store_asid_pool_entry_def
apply (rule corres_split_deprecated[where r'="\<lambda>pool pool'. pool = pool' \<circ> ucast"])
prefer 2
apply (rule corres_split[where r'="\<lambda>pool pool'. pool = pool' \<circ> ucast"])
apply (simp cong: corres_weak_cong)
apply (rule corres_rel_imp)
apply (rule getObject_ASIDPool_corres'[OF refl])