Notably useful is hoare_vcg_lift_imp' which generates an implication
rather than a disjunction.
Monadic rewrite rules should be modified to preserve bound variable
names, as demonstrated by monadic_rewrite_symb_exec_l'_preserve_names.
Addressing this more comprehensively is left as a TODO item for the
future (see VER-554).
This was previously missed, because Isabelle ignores the import path
when the file is already part of a loaded image.
Reported-by: Daniel Matichuk <Daniel.Matichuk@data61.csiro.au>
- replace ARM-specific constants and types with aliases which can be
instantiated separately for each architecture.
- expand lib with lemmas used in X64 proofs.
- simplify some proofs.
Also-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
The things that usually go wrong:
- wp fall through: add +, e.g.
apply (wp select_wp) -> apply (wp select_wp)+
- precondition: you can remove most hoare_pre, but wpc still needs it, and
sometimes the wp instance relies on being able to fit a rule to the
current non-schematic precondition. In that case, use "including no_pre"
to switch off the automatic hoare_pre application.
- very rarely there is a schematic postcondition that interferes with the
new trivial cleanup rules, because the rest of the script assumes some
specific state afterwards (shouldn't happen in a reasonable proof, but
not all proofs are reasonable..). In that case, (wp_once ...)+ should
emulate the old behaviour precisely.
SUPREMUM changed from a definition to an abbreviation.
A number of proofs that previously used blast, fastforce or auto to
solve goals involving UNION, now either fail or loop. This commit
includes various ad-hoc workarounds.
* Generalized version of bind_inv_inv_comm for easier swapping inside
the nondet monad
* New ccorres_symb_exec_r_known_rv
* New zip_take lemmas for handling `take n (zip x y)` situations
tags: [VER-623][SELFOUR-413]
Rafal Kolanski
Alejandro Gomez-Londono
Joel Beeren
Matthew Brecknell
Gerwin Klein
Daniel Matichuk
Matthew Fernandez
Lars Noschinski
Corey Lewis