word_less_bit_eq turns `<` into a bitwise expression on abstract word
length to make it easier to reason about the relationship of < and bit
operations (boolean, but also shift etc).
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The Eisbach method command doesn't seem to allow providing a doc
string. Instead at least place a comment right next to the definition
so that people can find that when they discover the method name with
print_methods.
Update doc string of word_bitwise to clarify where it is useful.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Adds generic (ring_bit_operations) relationships between boolean and
arithmetic operations. These automatically hold for word and int.
In particular:
x + y = (x OR y) + (x AND y)
x + y = (x XOR y) + 2 * (x AND y)
x XOR y = (x OR y) - (x AND y)
Similar laws for OR, AND, and -.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Provide sgn (sign, mapping to -1, 0, 1) and abs (absolute value)
functions for 'a word by instantiating the relevant type classes.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Enable use of "eval" and "value" for formulas that quantify over word
values. The code generator will exhaustively run all possible values.
For small word sizes, this works in very reasonable time. E.g. try
lemma "∀(x::8 word) y. x + y = (x AND y) + (x OR y)"
by eval
or
value "∀(x::4 word) y z. y mod z = 0 ⟶
(x * y) div z = x * (y div z)"
Note that as usual for "eval" and "value" terms have to be close, i.e.
you need to use object logic quantifiers.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- make kheap crunch for do_machine_op generic
- make None_Some_strg available generically in LevityCatch
- move word lemmas up into Word_Lib
- move wp lemmas up into lib + minor lib cleanup
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- move proof methods spec and bspec to Eisbach_Methods
- move general lemmas to Lib
- move word lemmas to Word_Lemmas_Internal
- update proof style
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Add a bundle for global word simp set changes -- unfortunately we
can't actually do this globally, because they are mostly simp rule
removals which will be overwritten by theory merges. So this new
l4v_word_lib bundle will have to be activated/unbundled multiple times.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
More controlled simpset setup, so we don't get warnings if we have
bit_simps in the simpset already.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The theory import order is important for name shadowing, including
default rules for induction and cases. This commit makes sure we
get the Word_Lib version by default, not the HOL.Word version.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Terms of the form "of_nat x = 0" get rewritten into
"~x dvd 2^LENGTH('a)", which is almost never what you want for
concrete word sizes. This bundle makes it easy to remove those rules
locally.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Word_32 and Word_64 shouldn't be included at the same time, they
both define default word_size and other notions. This commit refactors
them to be usable independently and also makes the type names available
independently from all of the Word_x theories.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
This includes a tweak to Word_Lib to simplify ucast(-1) which
is now a term that occurs more often.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
`register_t` only needs to be able to index into the TCB user context
array, which has 35 entries on RISC-V. Therefore `uint8_t` is
sufficient.
Using the smallest possible type for `register_t` helps with binary
verification. This shrinks static read-only data, which in turn reduces
the complexity of binary verification proof search.
This commit verifies the corresponding C kernel patch.
Co-authored-by: Zoltan Kocsis <Zoltan.Kocsis@data61.csiro.au>
Signed-off-by: Mitchell Buckley <Mitchell.Buckley@data61.csiro.au>
Signed-off-by: Zoltan Kocsis <Zoltan.Kocsis@data61.csiro.au>
In Isabelle2020, when isabelle jedit is started without a session
context, e.g. `isabelle jedit -l ASpec`, theory imports with path
references cause the isabelle process to hang.
Since sessions now declare directories, Isabelle can find those files
without path reference and we therefore remove all such path references
from import statements. With this, `jedit` and `build` should work with
and without explicit session context as before.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Gerwin Klein
Corey Lewis
Gerwin Klein
Ryan Barry
Mitchell Buckley
Mitchell Buckley
Matthew Brecknell