These have either already been resolved, are trivial moves within one
theory, or they are questions that the rest of the proof has now
answered.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This concept no longer makes sense on AARCH64, we will either need to
know that certain addresses are in user_region (which implies
canonical_user, which is more strict than canonical), or we will need
to know they are in the kernel_window, which is also more strict than
canonical. We'll only find out for sure in CRefine.
Both cases are liftable from valid_vspace_uses and
pspace_in_kernel_window from AInvs, so instead of a new invariant, the
plan is to use Haskell assertions to transport the relevant info to
CRefine when needed.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Corey Lewis
Gerwin Klein
Rafal Kolanski