Previously, the method `datatype_schem` used a specific list of
hard-coded rules to "fix" datatypes in schematics. This adds an
attribute so users can add new datatype "lenses"/"accessors" as needed.
FP_Eval is an Isabelle/ML tool for functional program rewriting.
It has similarities with the Isabelle simplifier, but is simpler and
more scalable for performing computations in the logic.
See FP_Eval_Tests for basic tests and examples.
This is an explicit walkthrough about how one goes about doing a proof
in Isabelle/ML. The goal is that someone can run into such a proof, look
at this tutorial, and then at least be equipped to ask the right
questions about fixing the proof.
Added set_object_wp_strong, which infers from a given hoare triple with
command set_object that the object of same type already exists in the
heap, and hoare_set_object_weaken_pre which does the same thing, but can
be applied on top of existing lemmas about set_object.
ainvs: improve proof of set_thread_state_runnable_valid_blocked
ainvs: change return value to a more general one
in_set_object has a return value that is empty '()', but the theorem
still holds true when replaced with a generic parameter 'rv' making it
easier to use this lemma.
ainvs: trivial - updated style of proof
ainvs: strengthen set_object_idle lemma
Add conditions imposed by valid_idle into precondition.
Thank you to Matt Brecknell for the help.
ainvs: abbreviated Hoare triples and proof fix
ainvs: restated set_object_wp_strong with auxiliary lemmas
ainvs: update for new definition of set_object
ainvs: update for new definition of set_object
Move in a few set_object and set_aobject theorems from x64 theory files
as these theorems were architecture generic.
ainvs: update for new definition of set_object
ainvs: update for new definition of set_object
The main benefit of this is that everything in crunch is now ctrl clickable.
As an added benefit, supplied rules can now be modified by attributes when
needed.
A pattern that occurs occasionally (for some proofs, by some authors) is
something like:
```
apply (subgoal_tac "my_cool_fact x y z")
prefer 2
subgoal by magic
apply method_that_uses_my_cool_fact
```
The command `prefer 2` is noisy, and proving the introduced fact subgoal
later is disorienting, so we provide the method `prop_tac` to introduce
a fact and make proving that fact the current subgoal.
Just because we *can* extend the core SML `List` signature, that doesn't
mean we *should*. It's a neat trick, but it makes it harder to find uses
of the new modules, and obfuscates definitions for very little gain.
The SML standard library is pretty bare-bones compared to that of other
functional languages, so in a large enough SML project you end up with a
bunch of reimplementations of basic combinators scattered all over the
place. We'd be able to collect them if we had somewhere to collect them,
so here it is.
Uses proof body terms to disambiguate the names encoutered in
dependency extraction, rather than using (for example)
Thm.full_prop_of.
The result is that this catches a few more missing dependencies,
enough to correctly identify unused lemmas large sessions
like CRefine.
Normal abbreviations are not contracted on pretty printing when defined
inside a locale. This commit provide the command locale_abbrev which does
contract on pretty print even when defined inside a locale. It cannot be
used with abbreviations that mention fixed locale variables (whereas the
standard abbreviations can).
Co-authored-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
- Previously printed `~` for negative numbers, which is invalid
JSON. Now prints `-`.
- Previously the outpout would unconditionally trim
'underscore-number' suffixes. Now uses theory context to determine
if it's likely to be an index into a theory list or an existing
fact name.
- Changed JSON structure to avoid using dynamic names for keys, i.e.
from this:
{
"my_theory_name": {...}
}
to this:
{
"theory": "my_theory_name",
"content": {...}
}
This should make processing the output slightly nicer by matching
what other tools expect.
- Changed JSON structure to consolidate dependencies. Lemmas are no
longer special-cased.
Complex conversions have been refactored to the new utility conv_at,
which is easier to use and has better error detection.
Name changes: “*_to_map” naming scheme changed to more descriptive
“*_to_lookup_list”.
Key transformer argument is now the first argument to tree_lookup and
friends, which matches functional programming conventions.
Michael McInerney
Gerwin Klein
Edward Pierzchalski
Japheth Lim
Victor Phan
Corey Lewis
IlmariReissumies
Callum Bannister