Since the creation of these constants the sum type has been updated to
come with its own discriminators and selectors. We use these, but keep
our longer names as abbreviations.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This enables a few more moves of remaining lemmas in
NonDetMonadLemmaBucket into the theories they belong thematically.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- organizes the material
- enables more concurrency
- allows us to pick and choose which parts to import
Currently NonDetMonadLemmaBucket still imports Lib to keep the overall
exports from this theory unchanged, but none of the factored-out
theories depend on Lib.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Factors out definitions and lemmas that are used in monads from Lib.thy
into a separate theory Monad_Lib, which itself does not have further
dependencies.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Fix missing quotes. It looks like this ROOT file worked with `isabelle
build` before, but it did not work interactively.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
pred_conj, pred_disj, and pred_neg only worked for functions with a
single argument and did not have the standard boolean laws available.
This commit factors out these declarations into their own theory, so
they can be used independently. It generalises them to functions of
arbitrarily many arguments, using the existing instance of fun in class
boolean_algebra.
We also factor out top/bottom, but leave them as abbreviations for now,
because the impact of changing them to the type class is too large.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The default (=first) Makefile target for the standalone parser was
`all`, which gains additional dependencies in the included Makefile.
We want `make` in this directory to just build the standalone parser,
so we set `stp_all` as the default.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This also moves ex_abs_underlying from Corres_Method.thy to
ExtraCorres.thy and adds a variant of corres_underlying_split
Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>
At the point we call set_asid_pool, the pool we are writing is out
of date, because invalidate_asid_entry will have changed it. This
commit adds another read operation after invalidate_asid_entry to
perform a write that is similarly atomic as the corresponding C code.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
set_asid_pool_empty and delete_asid_empty_table_pt aren't used on
RISCV64 (despite being proved and declared [wp]). Hopefully these won't
be needed on AARCH64.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
On HYP platforms with projections it's sometimes useful to be able to
grab the `arch_valid_obj` formulation for specific arch types like page
tables before the simplifier breaks them apart for you.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
For AARCH64 showing that valid_vspace_objs is preserved over a retype
operation via the retype_region_proofs_invs locale, it is not sufficient
to only know valid_vspace_objs. Since this locale already assumes invs,
use invs, which implies the other requirements for AARCH64.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Gerwin Klein
Michael McInerney
Corey Lewis
Rafal Kolanski