lh-l4v

Author	SHA1	Message	Date
Gerwin Klein	cbc31e31e1	ainvs+refine: provide def of mask_range in InvariantsPre (used to be ptr_range in riscv, which is too overloaded)	2019-11-12 18:28:40 +11:00
Gerwin Klein	4bd67d3c4e	riscv refine: clean up theory imports + fix fallout	2019-11-12 18:28:39 +11:00
Gerwin Klein	66d43a5e91	riscv refine: cleanup in Retype_R	2019-11-12 18:28:39 +11:00
Gerwin Klein	eb8370e18e	riscv refine: cleanup pass through Invariants_H	2019-11-12 18:28:39 +11:00
Gerwin Klein	a612a0e54e	riscv refine: reduce ArchAcc_R sorries to 1	2019-11-12 18:28:39 +11:00
Gerwin Klein	45172e930f	riscv refine: basic setup for recursive PTLookup*	2019-11-12 18:28:39 +11:00
Gerwin Klein	159bf6a50f	riscv refine: add valid_arch_cap' to invariants It turns out that Untyped_R needs the properties of valid_arch_cap' non-locally for all descendants of the untyped cap it's looking at. This would be a fairly involved property to assert, and so far only Retype/Detype had any real proof obligations on valid_cap', i.e. it should be cheap to keep.	2019-11-12 18:28:39 +11:00
Gerwin Klein	3d037d7219	riscv refine: Invariants_H: syntax precedence for parentOf	2019-11-12 18:28:39 +11:00
Gerwin Klein	7815e4734a	riscv refine: introduce bit_simps'	2019-11-12 18:28:39 +11:00
Gerwin Klein	8b40b334bd	riscv refine: rephrase page_table_at' in Invariants_H	2019-11-12 18:28:38 +11:00
Gerwin Klein	244e8fe32f	riscv refine: initial design invariants upd	2019-11-12 18:28:38 +11:00
Gerwin Klein	8be2ab8484	riscv refine: initial skeleton	2019-11-12 18:28:38 +11:00