Moving `Monad_Equations.thy` and `More_NonDetMonadVCG.thy` into Monads
session enables us to remove the Lib and CLib session dependencies in
AutoCorres.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Since the creation of these constants the sum type has been updated to
come with its own discriminators and selectors. We use these, but keep
our longer names as abbreviations.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This enables a few more moves of remaining lemmas in
NonDetMonadLemmaBucket into the theories they belong thematically.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- organizes the material
- enables more concurrency
- allows us to pick and choose which parts to import
Currently NonDetMonadLemmaBucket still imports Lib to keep the overall
exports from this theory unchanged, but none of the factored-out
theories depend on Lib.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Factors out definitions and lemmas that are used in monads from Lib.thy
into a separate theory Monad_Lib, which itself does not have further
dependencies.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The benefit of the wpx method is not worth the maintenance effort.
There are still a few instances of wpx left in AInvs, which will have
to be fixed later.
We are keeping the wps method from the same file (WPEx.thy), because
that is used more widely and does not break with Isabelle2021-1
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
In Isabelle2020, when isabelle jedit is started without a session
context, e.g. `isabelle jedit -l ASpec`, theory imports with path
references cause the isabelle process to hang.
Since sessions now declare directories, Isabelle can find those files
without path reference and we therefore remove all such path references
from import statements. With this, `jedit` and `build` should work with
and without explicit session context as before.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Some improved ccorres lemmas, dealing with throw and catch, and usual
assortment of misc list/set/map lemmas.
Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
Session-qualified imports will be required for Isabelle2018 and help clarify
the structure of sessions in the build tree.
This commit mainly adds a new set of sessions for lib/, including a Lib
session that includes most theories in lib/ and a few separate sessions for
parts that have dependencies beyond CParser or are separate AFP sessions.
The group "lib" collects all lib/ sessions.
As a consequence, other theories should use lib/ theories by session name,
not by path, which in turns means spec and proof sessions should also refer
to each other by session name, not path, to avoid duplicate theory errors in
theory merges later.
The rules for these conditional monadic operators have been a bit
ad-hoc until now, with frequent headaches around the whenE/throwError
pattern.
Adding standard split rules ensures these operators are treated uniformly.
These combinator rules do something like what wp_pre does now.
They were helpful in the ancient past, but now that wp_pre exists it is
much better to just use automation.
Notably useful is hoare_vcg_lift_imp' which generates an implication
rather than a disjunction.
Monadic rewrite rules should be modified to preserve bound variable
names, as demonstrated by monadic_rewrite_symb_exec_l'_preserve_names.
Addressing this more comprehensively is left as a TODO item for the
future (see VER-554).
This was previously missed, because Isabelle ignores the import path
when the file is already part of a loaded image.
Reported-by: Daniel Matichuk <Daniel.Matichuk@data61.csiro.au>
- replace ARM-specific constants and types with aliases which can be
instantiated separately for each architecture.
- expand lib with lemmas used in X64 proofs.
- simplify some proofs.
Also-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
The things that usually go wrong:
- wp fall through: add +, e.g.
apply (wp select_wp) -> apply (wp select_wp)+
- precondition: you can remove most hoare_pre, but wpc still needs it, and
sometimes the wp instance relies on being able to fit a rule to the
current non-schematic precondition. In that case, use "including no_pre"
to switch off the automatic hoare_pre application.
- very rarely there is a schematic postcondition that interferes with the
new trivial cleanup rules, because the rest of the script assumes some
specific state afterwards (shouldn't happen in a reasonable proof, but
not all proofs are reasonable..). In that case, (wp_once ...)+ should
emulate the old behaviour precisely.
SUPREMUM changed from a definition to an abbreviation.
A number of proofs that previously used blast, fastforce or auto to
solve goals involving UNION, now either fail or loop. This commit
includes various ad-hoc workarounds.
* Generalized version of bind_inv_inv_comm for easier swapping inside
the nondet monad
* New ccorres_symb_exec_r_known_rv
* New zip_take lemmas for handling `take n (zip x y)` situations
tags: [VER-623][SELFOUR-413]
Michael McInerney
Gerwin Klein
Mitchell Buckley
Gerwin Klein
Rafal Kolanski
Victor Phan
MiladKetabi
Michael McInerney
Thomas Sewell
Rafal Kolanski
Alejandro Gomez-Londono
Joel Beeren
Matthew Brecknell
Gerwin Klein
Daniel Matichuk
Matthew Fernandez
Lars Noschinski
Corey Lewis