This concept no longer makes sense on AARCH64, we will either need to
know that certain addresses are in user_region (which implies
canonical_user, which is more strict than canonical), or we will need
to know they are in the kernel_window, which is also more strict than
canonical. We'll only find out for sure in CRefine.
Both cases are liftable from valid_vspace_uses and
pspace_in_kernel_window from AInvs, so instead of a new invariant, the
plan is to use Haskell assertions to transport the relevant info to
CRefine when needed.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This also renames most of the corres* methods to corresK* methods,
including corressimp -> corresKsimp.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Gerwin Klein
Corey Lewis
Rafal Kolanski