680c12992e
lib/corres_method: better lift_corres_args
...
Handles multiple arguments and fails if no arguments are lifted
2017-07-17 13:08:19 -06:00
07c54b5276
lib/corres_method: repair Corres_Test after changes
2017-07-17 13:06:56 -06:00
26ec1733fd
lib/corres_method: misc tuning
2017-07-17 13:06:55 -06:00
d8e0bd1d22
lib/corres_method: remove simp step from corres
...
Instead of doing rewriting corres should only rely on
rule application to ensure it only manipulates the
head function (and only if such manipulation causes
corres progress to be made).
2017-07-17 13:06:55 -06:00
07ed0a42d8
lib/corres_method: generalize assumption protection
...
Generated goal premises (i.e. from bind or if split rules)
should in most cases be redundant, as necessary conditions can
simply be propagated. By aggressively protecting them, we afford
ourselves greater control over how function bodies are rewritten.
2017-07-17 13:06:55 -06:00
e8ce56f5d2
lib/corres_method: ex_abs -> ex_abs_underlying
...
ex_abs appears later in Refine so it can just be
rephrased as an abbreviation
2017-07-17 12:55:48 -06:00
57086fd782
lib/corres_method: make theory for corresK lemmas
...
Includes mapME_x rule
2017-07-17 12:55:48 -06:00
63f68eb6c1
lib/corres_method: unfold protect_r in corressimp
...
Allow corressimp to use the return-value relation in its clarsimp step
if doing so allows it to solve the subgoal.
This addresses some occasions where wp generates in-place goals that can
be easily solved (rather than pushing them into preconditions).
2017-07-17 12:55:48 -06:00
f9fde43783
lib/corres_method: misc cleanup
2017-07-17 12:55:48 -06:00
46d5278f23
lib/corres_method: speed up corresc
...
This avoids any backtracking when solving the contradictions
emerging from left/right case splitting. Should result in 2-3x
speedup in some cases.
2017-07-17 12:55:47 -06:00
64d4a29e08
lib/corres_method: add const for instantiation
...
Some schematic instantiations require knowledge from return-value
relations. The special const "corres_eq_inst" indicates to corres
that a schematic instantiation should be possible/obvious by
unfolding the protected assumptions and applying fastforce.
2017-07-17 12:55:47 -06:00
e07af805af
lib/corres_method: add better corres_rv rules
2017-07-17 12:55:47 -06:00
fac5b22095
lib/corres_method: hide return relation
...
Protect the return value relation by default so we can control
the simplifier.
2017-07-17 12:51:58 -06:00
b7b25d89fa
lib/corres_method: add corres to wp lifting rules
2017-07-17 12:51:58 -06:00
796887d9b1
Removes all trailing whitespaces
2017-07-12 15:13:51 +10:00
81064fdb55
idle-thread-pd: run idle thread with the global PD all the time.
...
This avoids the multicore scenario of the idle thread running in the
address space that has been deleted by a thread running on another core.
2017-07-11 11:29:34 +10:00
08940d5612
Fix bug in apply_trace when used with grouped lemmas.
...
This commit fixes a typo in apply_trace which
prevented correct printing of the index of
the lemma used in a grouped lemma.
An example is given in Apply_Trace_Cmd.thy
2017-07-04 11:51:45 +10:00
18a7a76715
wordlib: show type for ucast/scast/revcast
...
Idea and initial code by Simon Winwood.
2017-06-19 14:32:44 +10:00
a5c9384df5
clib: ccorres_grab_asm
...
like ccorres_gen_asm, but when your last conjunct is K (...)
2017-06-19 14:32:40 +10:00
0abead8f71
clib: add ccorres_rewrite_cond_sr_Seq
...
analogous to non-Seq version
2017-06-19 14:32:40 +10:00
9ea2232d11
Word_Lib: miscellaneous conditional injectivity rules
2017-06-19 14:32:39 +10:00
0bbfb85d85
Word_Lib: add le_mask_shiftl_le_mask
2017-06-19 14:32:39 +10:00
088cdf8cc6
clib: add ccorres_rewrite_cond_sr
...
When faced with a stateful IF conditional on the C side, when you know
exactly what that conditional is evaluating w.r.t. to Haskell side, you
can now say what it is and prove it in an eager manner, in a spirit
similar to ccorres_symb_exec_r_known_rv* lemmas.
2017-06-19 14:32:34 +10:00
9dbb5e4e2e
clib: remove seL4-related lemmas from Ctac.thy
2017-06-19 14:32:33 +10:00
776408a2e9
lib/corres_method: add better corres_rv rules
2017-06-19 14:32:31 +10:00
e99bd4d5f2
lib: properly defining arrayListUpdate (Fix)
2017-06-19 14:32:27 +10:00
c850a8270a
lib: Adding some lemmas about init
...
* init_Snoc: init (xs @ [x]) = xs
* init_upto_enum_upt: init [0.e.n] = [0..<n]
2017-06-19 14:32:27 +10:00
7e79b1b7b2
changes after rebasing (for isabelle2016-1 and the new wp)
2017-06-19 14:32:21 +10:00
059e67bc77
arm-hyp invariants: Changes to non_vspace_obj and valid_vso_at
...
tags: [VER-670]
2017-06-19 14:32:21 +10:00
1f8127c6cc
arm-hyp (abstract/design/machine): add ARM_HYP directories
2017-06-17 16:26:11 +10:00
cccb7033b8
lib/apply_debug: show protected subgoals
...
This overrides the default proof state printing function to also
show any subgoals which have been hidden (protected).
This makes proof states shown during apply_debug more
comprehensible.
2017-04-06 12:11:54 +10:00
e263d4e7cd
c-parser: improve support for 64-bit platforms
...
* Correct 64-bit pointer alignment.
* Consistently use 'addr' type alias for pointer values.
2017-04-03 14:44:17 +10:00
c41c7a97ca
update references from/to moved crefine, parametrise over L4V_ARCH
2017-03-31 16:13:41 +11:00
1b7aa4b7c7
corres_method: add some documentation
...
Fixup proofs for test theory
2017-03-28 22:30:02 +11:00
6697068695
corres_method: remove corres_concrete_P, reorder preconditions
...
Prefer to solve corres_rv/stateless preconditions first. This
lets them easily be introduced as assumptions with context_conjI.
2017-03-28 22:30:01 +11:00
336d99f450
corres_method: update Corres_Test for new corresK
...
apply_debug steps now slightly different, different
verification condition.
2017-03-28 22:30:00 +11:00
d1193f3080
corres_method: don't add F to goal prems
...
This causes too much unintentional simplification.
2017-03-28 22:30:00 +11:00
4e3bcc38da
corres_method: major overhaul to use corres_underlyingK
...
This gives the corres method its own calculus where it has better
control over additional rule assumptions.
2017-03-28 22:29:59 +11:00
2c61894459
corres_method: add right-hand variant of normal_corres
...
This allows stateless preconditions to propagate from the
right (concrete) side rather than the left side as usual.
2017-03-28 22:29:58 +11:00
c20a112a0c
corres_method: more careful treatment of schematics
...
This adds new classes of corres rules which require different
goal parameters to be instantiated. corressimp avoids applying
wp or simp rules which would expose schematics.
2017-03-28 22:29:58 +11:00
3880048eb1
corres_method: invoke corresc from corres
...
This is done so that "corres_once" will consider it a successful
application if it manages to perform a case split.
2017-03-28 22:29:57 +11:00
e21059823f
corres_method: better symbolic execution support
...
- Abstract symbolic execution theorems into named_theorems
- More rules for error monad
2017-03-28 22:28:07 +11:00
e2ad6f76a3
lib/rule_by_method: add "atomized" attribute
...
This recovers the original behaviour of the "atomize" attribute,
which converts a Pure rule into a HOL one.
2017-03-28 21:53:11 +11:00
24ee520350
lib/eisbach_methods: make print_headgoal a primitive tactic
...
This avoids administrative operations that SIMPLE_METHOD performs
2017-03-28 21:51:57 +11:00
a381e4fc2f
crefine: fix proofs after adding ccorres_rewrite to cinit
2017-03-26 07:41:46 +11:00
e35a74f86b
clib: add ccorres_rewrite to cinit
...
During cinit, by default, perform ccorres_rewrite after unfolding
definitions and performing standard simplifications, but before variable
lifting.
Includes a cinit option 'no_corres_rewrite' to disable ccorres_rewrite,
and 'C_simp' modifiers for adjusting the ccorres_rewrite rule set.
2017-03-25 11:13:58 +11:00
00c38c8062
clib: remove C_simp_final from ccorres_rewrite
...
Revert to a single C_simp attribute, and do not apply ceqv_trans within
ccorres_rewrite. Modify existing C_simp rules to account for this.
2017-03-25 11:04:07 +11:00
f49fa48a4f
rule-by-method: more robust handling of dummy thms
...
More struggling due to no proper check for whether or not
a closure is being formed
2017-03-21 11:15:04 +11:00
e0a0edff55
make strengthen method Eisbach-compatible
2017-03-21 11:15:04 +11:00
6a4730962c
include some rule_by_method examples in Eisbach_Methods
2017-03-21 11:15:04 +11:00
Daniel Matichuk
Alejandro Gomez-Londono
Joel Beeren
Sidney Amani
Gerwin Klein
Rafal Kolanski
Matthew Brecknell
Miki Tanaka