- pull base-level empty_fail lemmas from AInvs into Monads.Empty_Fail
- apply consistent naming
- apply consistent [intro!, wp]
- make all non-conditional lemmas [simp]
- re-add context building to empty_fail rules, because the select_*
rules may need context to solve their side condition
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- merge EmptyFailLib into Monads.Empty_Fail
- group Empty_Fail lemmas so it is clear where to add new ones
- add [empty_fail] so not every lemma has to declare multiple attributes
- add instructions
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- apply modern style
- contract some proofs
- this commit includes some lemmas factored out from NonDetMonadVCG in
a previous commit
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- style and some proof contraction
- `in_monad` set remains unchanged for now (could now add additional
lemmas, but they might break things)
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- factor out valid_NF definition and lemmas into NonDetMonad_Total
- apply modern style and (very) occasional proof contraction in both
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- factor out valid_exs definition and properties into NonDetMonad_Sat
- apply modern style to both of these and More_NonDetMonadVCG
- factor out one lemma into Monad_Lib
- better grouping of lemmas in NonDetMonadVCG
- occasional proof contraction
Should contain no real semantic differences, but might have subtle
wp set changes due to reordering (to be fixed up in a later commit).
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This should allow wpfix to automatically fix up projl/projr proofs.
This was previously not possible without drawing in Lib, but will now
be picked up by Lib since theLeft/theRight are now abbreviations.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Split up the material in NonDetMonadVCG into In_Monad, Det, Empty_Fail,
No_Fail, and No_Throw. Most of these can run concurrently and not all
applications need to include all of the material.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
During the work on verifying the MCS kernel, many definitions
and rules were added to lib. This commit collects all of these,
with style improvements and some proof improvements.
In particular, this adds several results to deal with while loops,
such as corres_whileLoop
Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>
The projection operators should be definitions so that they are stable
under simp and case splits. This enables later projection stacks to
use abbreviations that remain stable.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- make kheap crunch for do_machine_op generic
- make None_Some_strg available generically in LevityCatch
- move word lemmas up into Word_Lib
- move wp lemmas up into lib + minor lib cleanup
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- move proof methods spec and bspec to Eisbach_Methods
- move general lemmas to Lib
- move word lemmas to Word_Lemmas_Internal
- update proof style
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
While we do want to break up full OptionMonad terms in assumptions, we
do not usually want to break up projections.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
wp rules for most operators such as return, get, gets are named
return_wp, get_wp, etc. Then when, whenE, unless, unlessE operators had
an additional hoare_.. prefix that this commit removes for more
consistency.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Moving `Monad_Equations.thy` and `More_NonDetMonadVCG.thy` into Monads
session enables us to remove the Lib and CLib session dependencies in
AutoCorres.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This session currently contains only one theory (CLib), which we want
to include both in Lib and later independently in CParser/AutoCorres.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Remove Lib dependency. Introduce a new theory CLib which contains base
lemmas needed in LemmaBucket_C.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Since most bitwise operations are now available by default for nat,
only word abstraction in AutoCorres depends on NatBitwise.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
It has no other lib dependencies and over time should probably be
merged directly into umm theories. For now, move the entire file
and keep dependency structure.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The idea is to collect Eisbach extensions and things like Apply_Trace,
Apply_Debug etc here.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Gerwin Klein
Michael McInerney