Currently this just modifies the rule but not any of the proofs that use
it. The old version is kept for now but should be removed once all of
the proofs are updated.
Signed-off-by: Corey Lewis <Corey.Lewis@data61.csiro.au>
Remove resolve_address_bits'.simps from the simp set at the definition
site, instead of in the middle of the proofs.
Signed-off-by: Corey Lewis <Corey.Lewis@data61.csiro.au>
In Isabelle2020, when isabelle jedit is started without a session
context, e.g. `isabelle jedit -l ASpec`, theory imports with path
references cause the isabelle process to hang.
Since sessions now declare directories, Isabelle can find those files
without path reference and we therefore remove all such path references
from import statements. With this, `jedit` and `build` should work with
and without explicit session context as before.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Isabelle2020 requires each session to declare it own set of directories that
may not overlap with other session's directories. This commit reorganises
files to comply with that requirement.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
We already have find_goal, but the interface is a bit too unwieldy to
casually use frequently. This commit introduces (or moves from RISCV)
two methods on top of find_goal:
- `in_case x`: asserts the goal has an assumption `?t = x`
- `find_case x`: finds a goal such that `in_case x`
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
The assertion is provable from the abstract invariants, and used in
CRefine to conclude that the test wether the vspace root cap is mapped
can be left out.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
- Increase IRQ word size from 3 to 6 to match IRQ_CNODE_SLOT_BITS in
sel4 config.
- Bump maxIRQ up to 54.
- Fix broken inequality proof by changing constant that depended on IRQ
word size.
Create ArchMove_R.thy for transporting arch specific lemmas (and generic
lemmas that are used somewhat specifically by one architecture) to theory
files before Refine.
Create Move_R.thy as an arch generic Refine theory file for transporting
generic lemmas to theory files before Refine.
Also delete some lemmas that have existed earlier already or are not
needed.
Rename Move.thy in CRefine to Move_C.thy for consistency.
Several constants are are added to the top level crunch_ignore statement in
Bits_R.thy, then removed from individual crunch statements across Refine and
CRefine.
diminished takes two caps and asserts that one is equal to the other
except that one may have fewer rights. We remove this definition and all
references to it, replacing diminished with equality.
irqInvalid is manually requalified into Interrupt_R. If it's defined for all
architectures, then can be requalified instead in the more suitable
spec/machine/MachineExports.thy
Reimplement the following primrecs:
- arch_irq_control_inv_relation
- arch_irq_control_inv_valid'
- irq_control_inv_valid'
Add the following lemmas:
- arch_check_irq_corres
- crunches arch_check_irq, checkIRQ
- arch_check_irq_valid
- arch_check_irq_valid'
- no_fail_setIRQTrigger
- setIRQTrigger_corres
- dmo_setIRQTrigger_invs'
Instead of checking for alignment, mask out the bottom bits to force the
vptr stored in the cap into the correct alignment for the level to be mapped.
See also SELFOUR-2162
Corey Lewis
Rafal Kolanski
Gerwin Klein
Miki Tanaka
Matthew Brecknell
Victor Phan