This includes replacing previous ASpec names for such constants with
the names used in Haskell/ExecSpec to avoid duplication. This also
makes some of the proofs slightly more generic.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Proofs now don't care about numDomains, except for a small interface in
Invariants_H. The interface is currently by convention only, and has no
enforcement capabilities.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
- this introduces idle_tcb' which is defined directly using tcb fields
- backport from MCS ARM Refine
Signed-off-by: Miki Tanaka <miki.tanaka@data61.csiro.au>
Currently this just modifies the rule but not any of the proofs that use
it. The old version is kept for now but should be removed once all of
the proofs are updated.
Signed-off-by: Corey Lewis <Corey.Lewis@data61.csiro.au>
We already have find_goal, but the interface is a bit too unwieldy to
casually use frequently. This commit introduces (or moves from RISCV)
two methods on top of find_goal:
- `in_case x`: asserts the goal has an assumption `?t = x`
- `find_case x`: finds a goal such that `in_case x`
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Create ArchMove_R.thy for transporting arch specific lemmas (and generic
lemmas that are used somewhat specifically by one architecture) to theory
files before Refine.
Create Move_R.thy as an arch generic Refine theory file for transporting
generic lemmas to theory files before Refine.
Also delete some lemmas that have existed earlier already or are not
needed.
Rename Move.thy in CRefine to Move_C.thy for consistency.
Several constants are are added to the top level crunch_ignore statement in
Bits_R.thy, then removed from individual crunch statements across Refine and
CRefine.
It turns out that Untyped_R needs the properties of valid_arch_cap' non-locally
for all descendants of the untyped cap it's looking at. This would be a fairly
involved property to assert, and so far only Retype/Detype had any real proof
obligations on valid_cap', i.e. it should be cheap to keep.
Corey Lewis
Gerwin Klein
Rafal Kolanski
Miki Tanaka
Corey Lewis
Gerwin Klein
Victor Phan