31 lines
855 B
Plaintext
31 lines
855 B
Plaintext
(*
|
|
* Copyright 2021, Proofcraft Pty Ltd
|
|
*
|
|
* SPDX-License-Identifier: GPL-2.0-only
|
|
*)
|
|
|
|
(* Architecture-independent lemmas constraining Kernel_Config definitions *)
|
|
|
|
theory Kernel_Config_Lemmas
|
|
imports "$L4V_ARCH/Kernel_Config"
|
|
begin
|
|
|
|
text \<open>
|
|
seL4's build system allows configuration of some architecture-independent constants, such as the
|
|
number of domains.
|
|
|
|
The long-term goal is to make the proofs resilient in the face of changes of these configuration
|
|
options. To this end this theory contains properties of these constants, to avoid unfolding
|
|
their values later in the proofs.\<close>
|
|
|
|
lemma numDomains_not_zero:
|
|
"numDomains > 0"
|
|
unfolding Kernel_Config.numDomains_def
|
|
by simp
|
|
|
|
lemma numDomains_machine_word_safe:
|
|
"unat (of_nat numDomains :: machine_word) = numDomains"
|
|
unfolding Kernel_Config.numDomains_def by simp
|
|
|
|
end
|