- align init_irq_node_ptr to its size (which is larger than in RISCV)
- remove ArmVSpaceUserRegion, because kernel has its own page table
- define global_pt_obj, add to initial heap
Co-authored-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Sync both values with what the C code does. The corresponding comment
in C is wrong and would not produce a safe value for pptrTop (the
comment says 2^48 - 2^30), but the actual definition in C (the
equivalent of 2^40 - 2^30) is safe.
Co-authored-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Previously the wrong cap argument was checked against being the vspace
root (cap vs vspace_cap).
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Ensure in valid_pti that page table operations, in particular
unmap_page_table, are only called on NormalPTs. This means we can
remove the vspace_for_asid precondition in the associated lemmas.
Co-authored-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
While we do want to break up full OptionMonad terms in assumptions, we
do not usually want to break up projections.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
wp rules for most operators such as return, get, gets are named
return_wp, get_wp, etc. Then when, whenE, unless, unlessE operators had
an additional hoare_.. prefix that this commit removes for more
consistency.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Moving `Monad_Equations.thy` and `More_NonDetMonadVCG.thy` into Monads
session enables us to remove the Lib and CLib session dependencies in
AutoCorres.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This session currently contains only one theory (CLib), which we want
to include both in Lib and later independently in CParser/AutoCorres.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Remove dependency on Lib.thy. Theory imports of AutoCorres are now
reduced to theories that can be moved out of the Lib session.
The proof context changes a bit, but impact on test cases is minimal.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Remove Lib dependency. Introduce a new theory CLib which contains base
lemmas needed in LemmaBucket_C.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Since most bitwise operations are now available by default for nat,
only word abstraction in AutoCorres depends on NatBitwise.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
It has no other lib dependencies and over time should probably be
merged directly into umm theories. For now, move the entire file
and keep dependency structure.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The idea is to collect Eisbach extensions and things like Apply_Trace,
Apply_Debug etc here.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
So that it is available together with the other empty_fail lemmas.
Eventually, these should go into their own theory.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Since the creation of these constants the sum type has been updated to
come with its own discriminators and selectors. We use these, but keep
our longer names as abbreviations.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>