The old version of dom_ucast_eq in AInvs is not useful, because the
necessary constants are not available yet in AInvs.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
With adjustment of ARMMMU_improve_cases, the decode functions can all
be done in a single crunch invocation.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
These have either already been resolved, are trivial moves within one
theory, or they are questions that the rest of the proof has now
answered.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This concept no longer makes sense on AARCH64, we will either need to
know that certain addresses are in user_region (which implies
canonical_user, which is more strict than canonical), or we will need
to know they are in the kernel_window, which is also more strict than
canonical. We'll only find out for sure in CRefine.
Both cases are liftable from valid_vspace_uses and
pspace_in_kernel_window from AInvs, so instead of a new invariant, the
plan is to use Haskell assertions to transport the relevant info to
CRefine when needed.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This also renames most of the corres* methods to corresK* methods,
including corressimp -> corresKsimp.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Gerwin Klein
Corey Lewis
Rafal Kolanski