Proofs now don't care about numDomains, except for a small interface in
Invariants_H. The interface is currently by convention only, and has no
enforcement capabilities.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Ideally all corres lemmas of the form
`corres rrel P P' my_abstract_function myHaskellFunction`
should be named `myHaskellFunction_corres`.
This commit renames over 200 lemmas to match this style.
Signed-off-by: Mitchell Buckley <mitchell.alan.buckley@gmail.com>
Co-authored-by: Victor Phan <Victor.Phan@data61.csiro.au>
Currently this just modifies the rule but not any of the proofs that use
it. The old version is kept for now but should be removed once all of
the proofs are updated.
Signed-off-by: Corey Lewis <Corey.Lewis@data61.csiro.au>
- Increase IRQ word size from 3 to 6 to match IRQ_CNODE_SLOT_BITS in
sel4 config.
- Bump maxIRQ up to 54.
- Fix broken inequality proof by changing constant that depended on IRQ
word size.
irqInvalid is manually requalified into Interrupt_R. If it's defined for all
architectures, then can be requalified instead in the more suitable
spec/machine/MachineExports.thy
Reimplement the following primrecs:
- arch_irq_control_inv_relation
- arch_irq_control_inv_valid'
- irq_control_inv_valid'
Add the following lemmas:
- arch_check_irq_corres
- crunches arch_check_irq, checkIRQ
- arch_check_irq_valid
- arch_check_irq_valid'
- no_fail_setIRQTrigger
- setIRQTrigger_corres
- dmo_setIRQTrigger_invs'
Rafal Kolanski
Gerwin Klein
Mitchell Buckley
Corey Lewis
Miki Tanaka
Gerwin Klein
Victor Phan