The benefit of the wpx method is not worth the maintenance effort.
There are still a few instances of wpx left in AInvs, which will have
to be fixed later.
We are keeping the wps method from the same file (WPEx.thy), because
that is used more widely and does not break with Isabelle2021-1
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The lemma set `exception_set_finite` contained the members
`exception_set_finite_1` and `exception_set_finite_2`. The `_1`/`_2`
suffix clashes with the internal `(1)` suffix for lemma set references,
which in some code paths is internally represented as `_1`, leading to
an error message.
Curiously this error message only occurs when the proof is run
single-threaded, so it has gone unnoticed for quite some time.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Some improved ccorres lemmas, dealing with throw and catch, and usual
assortment of misc list/set/map lemmas.
Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
Sometimes we want to prove a fact, but the fact is painful or
error-prone to type out manually. In these cases, we'd like to construct
the goal fact using ML and then immediately enter a proof block.
Previously, we could achieve something like this through careful use of
`Thm.trivial` and `schematic_goal`, but this would clutter up the ML
namespace and wouln't handle meta conjuncts (`&&&`). The new `ML_goal`
command addresses both of these issues.
Signed-off-by: Edward Pierzchalski <ed.pierzchalski@data61.csiro.au>
Hotfix for a7ed68e75d, which moved some lemmas from X64 Move_C.thy into
Lib. `eq_restrict_map_None` being in the simp set caused several
breakages across other arches.
Signed-off-by: Victor Phan <Victor.Phan@data61.csiro.au>
Create ArchMove_R.thy for transporting arch specific lemmas (and generic
lemmas that are used somewhat specifically by one architecture) to theory
files before Refine.
Create Move_R.thy as an arch generic Refine theory file for transporting
generic lemmas to theory files before Refine.
Also delete some lemmas that have existed earlier already or are not
needed.
Rename Move.thy in CRefine to Move_C.thy for consistency.
Session-qualified imports will be required for Isabelle2018 and help clarify
the structure of sessions in the build tree.
This commit mainly adds a new set of sessions for lib/, including a Lib
session that includes most theories in lib/ and a few separate sessions for
parts that have dependencies beyond CParser or are separate AFP sessions.
The group "lib" collects all lib/ sessions.
As a consequence, other theories should use lib/ theories by session name,
not by path, which in turns means spec and proof sessions should also refer
to each other by session name, not path, to avoid duplicate theory errors in
theory merges later.
The subseq_abbreviation mechanism was a useful way of quoting some of a
definition or term, specialised to the case of left-associated sequences.
Lambda abstractions are now handled better.
The previous subseq mechanism required some generalisations. It is now replaced
by match_abbreviation, which is a more general approach.
The match mechanism picks a term, can select a matching subterm, and can
rewrite the selected term based on pattern matching also. The new mechanism
can cover all the cases of the previous one, as shown in examples.
It's annoying that, given automatic definitions (such as we have
with the Haskell translator and C parser), there's no way to capture
a few lines of them.
This mechanism allows you to add an abbreviation for some subsequence of
elements, found somewhere in a theorem, where a sequence is defined by its
constructor and the start and end points are matched by pattern matching.
This computes a value (like the existing value keyword) and also saves
the result of that computation as an abbreviation.
This will be useful in CRefine etc to give names to magic numbers that
derive from configuration variables/constants.
Show that there is a measure on vs_refs, on which vs_lookup_pages1 is
strictly monotonically increasing.
We also prove various lemmas relating vs_lookup and vs_lookup_pages, and
valid_arch_objs.
There are many things previously proved in ArchRetype_AI and
ArchDetype_AI that are now broken because Xin's work overwrote some
things I also proved in ArchVSpace_AI. I'm not fixing them here.
SUPREMUM changed from a definition to an abbreviation.
A number of proofs that previously used blast, fastforce or auto to
solve goals involving UNION, now either fail or loop. This commit
includes various ad-hoc workarounds.
Gerwin Klein
Gerwin Klein
Ryan Barry
Rafal Kolanski
Edward Pierzchalski
Victor Phan
Japheth Lim
Michael McInerney
Callum Bannister
Thomas Sewell
Matthew Brecknell
Alejandro Gomez-Londono
Gerwin Klein