Session-qualified imports will be required for Isabelle2018 and help clarify
the structure of sessions in the build tree.
This commit mainly adds a new set of sessions for lib/, including a Lib
session that includes most theories in lib/ and a few separate sessions for
parts that have dependencies beyond CParser or are separate AFP sessions.
The group "lib" collects all lib/ sessions.
As a consequence, other theories should use lib/ theories by session name,
not by path, which in turns means spec and proof sessions should also refer
to each other by session name, not path, to avoid duplicate theory errors in
theory merges later.
Colloquially known as "invert-fastpath".
Update verification efforts on ARM for the following seL4 changes:
- scheduling decisions done in possibleSwitchTo are moved to the
scheduler
- possibleSwitchTo only checks whether the candidate is valid for a
fast switch, not its priority, accepting possible candidates
immmediately as a switch-to scheduler action
- the scheduler checks the candidate against the current thread and
against the bitmaps before making a decision
- attemptSwitchTo and switchIfRequiredTo are gone
- scheduler is now more complicated, and numerous proofs related to it
are rewritten from scratch
- fast path now checks ready queues via the scheduler bitmaps
- L2 scheduler bitmap order reversed for better cache locality
Many iterations between the kernel and verification teams were needed
to get this right.
To finish the proof of refinement to C, the specification for checkPrio
needed strengthening: the checkPrio spec now takes a machine word
argument. In the spec, priorities are still stored as 8-bit quantities,
however. Once the spec was strenthened, it was possible to remove some
redundant checks and mask operations from the C code.
A thread's maximum controlled priority (MCP) determines the maximum
thread priority or MCP it can assign to another thread (or itself).
Substantial adjustments to crunch. Main user changes are:
- 'lift' and 'unfold' mechanisms replaced by more general 'rule'.
- some more 'ignores' standardised.
- crunch has a more principled overall design:
+ discover crunch rule
* provided or by definition extraction
+ recurse according to rule
+ prove goal based on rule, recursive discoveries, standard tactic
* wp/simp adjustments tweak tactic
Michael Sproul
Gerwin Klein
Corey Lewis
Rafal Kolanski
Alejandro Gomez-Londono
Matthew Brecknell
Sophie Taylor
Thomas Sewell
Gerwin Klein
Matthew Brecknell
Daniel Matichuk