Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MCS: merge master into rt #680

Merged
merged 207 commits into from
Oct 13, 2023
Merged

MCS: merge master into rt #680

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
207 commits
Select commit Hold shift + click to select a range
2545aa0
github: add manual triggers for testing
lsf37 Mar 30, 2023
59bf9d9
docs: style: right- vs left-wrapping of operators
Xaphiosis Jan 20, 2023
0794e0a
run_tests: enable BaseRefine for AARCH64
Xaphiosis May 3, 2023
1483554
aarch64 refine: first attempt at Invariants_H
Xaphiosis May 5, 2023
01575f2
aarch64 refine: copy InvariantUpdates_H from RISCV64
Xaphiosis May 5, 2023
1404b9c
aarch64 refine: add StateRelation
Xaphiosis May 8, 2023
96851e8
aarch64 ainvs: fix typo
lsf37 May 8, 2023
44fc3ec
aarch64 refine: copy LevityCatch from RISCV64
lsf37 May 8, 2023
0b0b3b3
aarch64 refine: iteration on Invariants_H
lsf37 May 8, 2023
394f74b
aarch64 aspec: sync vmid bit width with Haskell+C
lsf37 May 10, 2023
9f25a4e
aarch64 haskell: use ppn concept for PageTablePTEs
lsf37 May 10, 2023
55a01f1
aarch64 refine: complete StateRelation
lsf37 May 10, 2023
61bce83
aarch64 refine: copy Corres.thy from RISCV64
lsf37 May 10, 2023
bf3929b
aarch64 refine: adjust Bits_R from RISCV64
lsf37 May 10, 2023
7cdb85f
aarch64 refine: copy EmptyFail from RISCV64
lsf37 May 10, 2023
555bff6
aarch64 refine: copy SubMonad_R from RISCV64
lsf37 May 10, 2023
b882216
aarch64 refine: copy Machine_R from RISCV64
lsf37 May 10, 2023
38a65fd
aarch64 refine: adjust KHeap_R from RISCV64
lsf37 May 10, 2023
b426654
aarch64 refine: use ptTranslationBits for indices
lsf37 May 11, 2023
3b5a983
aarch64 refine: first pass through ArchAcc_R
lsf37 May 11, 2023
e0114ee
aarch64 refine: add CSpace_I and CSpace1_R
Xaphiosis May 15, 2023
a93a626
aarch64 refine: copy RAB_FN from RISCV64
Xaphiosis May 16, 2023
18d76ef
aarch64 refine: add vcpuBits_def to objBits_defs
Xaphiosis May 16, 2023
2b543da
aarch64 refine: add CSpace_R
Xaphiosis May 16, 2023
cb03631
aarch64 refine: add TcbAcc_R and ArchMove_R
Xaphiosis May 16, 2023
059afc8
aarch64 refine: add InterruptAcc_R
Xaphiosis May 16, 2023
97ebd07
aarch64 refine: start on VSpace_R
Xaphiosis May 16, 2023
0f11a7a
aarch64 refine: progress in ArchAcc
lsf37 May 16, 2023
a79e06f
aarch64 refine: first run through VSpace_R
Xaphiosis May 17, 2023
9040568
aarch64 refine: add state_hyp_refs_of' to valid_state'
Xaphiosis May 18, 2023
044a97e
aarch64 refine: first run through Schedule_R
Xaphiosis May 18, 2023
3a77d09
aarch64 refine: first pass through IpcCancel_R
Xaphiosis May 18, 2023
e508693
aarch64 refine: first pass through Retype_R
Xaphiosis May 18, 2023
a4536a1
aarch64 refine: first pass through Detype_R
Xaphiosis May 18, 2023
5601abc
aarch64 refine: fill in VSpaceObject cases in Retype_R
lsf37 May 19, 2023
f4c12a6
aarch64 refine: remove kernel_mappings in Retype/Detype
lsf37 May 19, 2023
0a7eaec
aarch64 refine: copy over Invocations_R from RISCV64
lsf37 May 19, 2023
be22c7b
aarch64 refine: set up Untyped_R from RISCV64, add hyp/vcpu
lsf37 May 19, 2023
4dfb6f8
aarch64 refine: first pass through Finalise_R
Xaphiosis May 19, 2023
865facf
aarch64 refine: first pass through Ipc_R
lsf37 May 19, 2023
835d82c
aarch64 refine: first pass through Interrupt_R
lsf37 May 19, 2023
4834c25
aarch64 refine: first pass through CNodeInv_R
lsf37 May 19, 2023
f3bbd47
aarch64 haskell: prefer fail over error
lsf37 May 19, 2023
a88bf41
aarch64 refine: remove 1 sorry
lsf37 May 19, 2023
20fad5b
aarch64 refine: update vmattributes_map for devices
Xaphiosis May 21, 2023
8de1430
aarch64 refine: first pass through Tcb_R
lsf37 May 22, 2023
7cea1dc
aarch64 aspec: attribs_from_word used wrong bits
Xaphiosis May 22, 2023
7ed8476
aarch64 haskell: update decodeARMASIDPoolInvocation
Xaphiosis May 22, 2023
226c2f6
aarch64 refine: first pass through Arch_R
Xaphiosis May 21, 2023
59d303b
aarch64 refine: first pass through Syscall_R
lsf37 May 22, 2023
ee346ba
aarch64 refine: first pass though Init_R
Xaphiosis May 23, 2023
72dfb53
aarch64 refine: copy IncKernelLemmas+InitLemmas from RISCV64
Xaphiosis May 23, 2023
c58c007
aarch64 refine: copy KernelInit_R from RISCV64
Xaphiosis May 24, 2023
a4f944d
aarch64 refine: copy PageTableDuplicates from RISCV64
lsf37 May 22, 2023
e0ae44a
aarch64 haskell+design: record PT types in ghost state
lsf37 May 24, 2023
064d102
aarch64 ainvs+refine: proof updates for PT type ghost state
lsf37 May 24, 2023
d24d2f8
aarch64 refine: first pass through ADT_H
lsf37 May 24, 2023
aa2eb9a
design: fix ExecSpec for other architectures
lsf37 May 24, 2023
9298456
refine: update other architectures for ghost state change
lsf37 May 25, 2023
c4dee68
aarch64: update Init_R+PageTableDuplicates for PT ghost state
Xaphiosis May 25, 2023
7154cc9
aarch64 refine: remove final mention of vs_valid_duplicates'
Xaphiosis May 25, 2023
81d382e
aarch64 refine: first pass through Refine (sorry-free)
Xaphiosis May 25, 2023
2f3e333
aarch64 refine: first pass through EmptyFail_H (sorry-free)
Xaphiosis May 25, 2023
7b73a18
run_tests: enable Refine (quick_and_dirty) for AARCH64
Xaphiosis May 25, 2023
496f70f
run_tests: fix QUICK_AND_DIRTY handling
Xaphiosis May 25, 2023
7cdd203
aarch64 refine: first run through Orphanage
Xaphiosis May 25, 2023
381ad05
run_tests: enable RefineOrphanage for AARCH64
Xaphiosis May 25, 2023
1e61943
proof/ROOT: RefineOrphanage: add quick and dirty option
Xaphiosis May 25, 2023
971be5f
haskell: constrain run_tests to current L4V_ARCH
lsf37 May 31, 2023
7c422d7
cspec: introduce L4V_PLAT
lsf37 Jun 2, 2023
c4d673b
cspec: Use L4V_PLAT in build export script
mbrcknl Jun 2, 2023
fc44f65
aspec+haskell: add accessor names for scheduler_action datatype
michaelmcinerney Mar 21, 2023
6da2d97
run_tests: echo L4V_FEATURES and L4V_PLAT
lsf37 Jun 6, 2023
290b7c7
run_tests: update outdated comment
lsf37 Jun 6, 2023
9752444
run_tests: REFINE_QUICK_AND_DIRTY already set in Makefile
lsf37 Jun 6, 2023
443706f
github: distinguish proof PR checks from deployment run
lsf37 Jun 6, 2023
9fe1676
github: auto-rebase platform branches
lsf37 Jun 5, 2023
6f2ea86
github: push to -rebased branch first
lsf37 Jun 6, 2023
ea62a6c
lib: docs + 2nd predicate-type guard for wpc
lsf37 Jun 13, 2023
0e30162
lib+proof: proof updates for wpc change
lsf37 Jun 13, 2023
29873da
lib: split out WP_Pre.pre_tac for wp_pre
lsf37 Jun 9, 2023
f75a348
lib+refine+crefine: disambiguate corres_pre
lsf37 Jun 9, 2023
db44def
arm-hyp crefine: use monadic_rewrite_pre
lsf37 Jun 15, 2023
f72702f
lib: monadic rewrite: improve bound name retention
Xaphiosis Jun 13, 2023
ec907bf
lib: add test for monadic rewrite
Xaphiosis Jun 13, 2023
18cbdae
infoflow: update for monadic rewrite changes
Xaphiosis Jun 13, 2023
460d99b
haskell: upgrade to lts-20.25 and ghc 9.2.8
lsf37 Jun 18, 2023
dc093ca
github: use explicit token to enable push triggers
lsf37 Jun 21, 2023
722cd25
github: use correct secret
lsf37 Jun 21, 2023
5abb456
lib: add corres_cases method
lsf37 Jun 22, 2023
168d3aa
crefine: remove obsolete corres wpc setup
lsf37 Jun 22, 2023
59759ed
arm refine: deploy corres_cases in some examples
lsf37 Jun 23, 2023
163b9fe
crefine: remove some duplicated lemmas
corlewis Jun 26, 2023
0edd68f
lib: cong rules for ccorres_underlying
corlewis Jun 19, 2023
1f06802
crefine: update for new ccorres cong rules
corlewis Jun 19, 2023
c1fe4ad
lib+refine: rename Corres_Method to CorresK_Method
lsf37 Jun 26, 2023
865df55
lib: add new corres method
lsf37 Jun 26, 2023
445a8e4
lib: cleanup in Corres_UL and around liftM in Monads
lsf37 Jun 27, 2023
691c9e2
lib: some remarks on corres_mapM*
lsf37 Jun 29, 2023
fad4b70
refine: make corres method available in Refine
lsf37 Jun 26, 2023
01a4216
riscv refine: example corres method use
lsf37 Jun 29, 2023
a0be68c
clib+crefine: add no_name_eta to crefine tactics
corlewis Jun 30, 2023
d87f5e1
crefine: update for no_name_eta
corlewis Jun 30, 2023
fa484da
monads: synchronise with rt branch
corlewis Jul 4, 2023
c9dc6d2
docs/setup: add step for installing cabal
corlewis Jul 18, 2023
26f41e1
lib/monads: rename OptionMonad to Reader_Option_Monad
corlewis Jul 7, 2023
9b90b9e
lib+spec+proof+autocorres: update for renamed Reader_Option_Monad
corlewis Jul 7, 2023
9b9e613
lib/monads: move different monads to subdirectories
corlewis Jul 7, 2023
2c8f9ee
lib+spec+proof+autocorres: consistent Nondet filename prefix
corlewis Jul 18, 2023
67946d4
lib: consistent Trace filename prefix
corlewis Jul 18, 2023
aa8b108
lib/monads: reorder files in ROOT
corlewis Jul 19, 2023
0e0e0ca
lib/monads: add select_wp and alternative_wp to wp set for Nondet monad
corlewis Aug 1, 2023
0211681
proof+autocorres: update for select_wp and alternative_wp
corlewis Aug 1, 2023
f6eaad5
arm abstract+design: reorder object_type enum
lsf37 Aug 11, 2023
f7c3ee5
drefine: adjust for object_type enum reorder
lsf37 Aug 11, 2023
71dc79a
arm crefine: proof updates for object_type enum reorder
lsf37 Aug 11, 2023
540bb64
arm-hyp abstract+design: object_type enum reorder
lsf37 Aug 11, 2023
4d97b26
arm-hyp crefine: proof update for object_type enum reorder
lsf37 Aug 11, 2023
631bc30
lib/monads: move lifting/splitting section earlier in Nondet_VCG
corlewis Aug 9, 2023
fde22d7
lib/monads: minor cleanup and restyle in nondet monad
corlewis Aug 9, 2023
a084de4
refine: update for changes to nondet monad
corlewis Aug 14, 2023
477e8d2
lib/monads: restyle Trace_Monad.thy
corlewis Jul 19, 2023
380520c
lib/monads: refactor trace monad theories
corlewis Jul 19, 2023
6dbcf40
lib/monads: split content out into Trace_RG and Trace_No_Trace
corlewis Aug 14, 2023
4a44874
lib/monads: restyle and reorder trace monad files
corlewis Aug 14, 2023
917fff5
lib: update for trace monad refactor
corlewis Aug 14, 2023
1482841
lib: add a breakpoint for corres_cleanup
lsf37 Jun 30, 2023
51ebfd6
lib: enforce simp (no_asm) in Corres_Method
lsf37 Jun 30, 2023
7595c02
riscv refine: adjust for (no_asm) in Corres_Method
lsf37 Jul 1, 2023
f80d7f8
lib: on the use of corres_liftM_simp rules
lsf37 Aug 30, 2023
0969196
lib: factor out is_safe_wp method
lsf37 Aug 30, 2023
c4369f5
lib: add docs and test for Corres_Method
lsf37 Aug 30, 2023
deade60
crefine: change misleading proof step in CSpace_RAB_C
Xaphiosis Sep 14, 2023
322f4f9
aarch64 refine: remove pspace_canonical'
lsf37 Jun 6, 2023
6e57667
aarch64 refine: invariant update lemmas
lsf37 Sep 27, 2023
7ae4e55
aarch64 refine: ArchAcc_R sorry free
lsf37 Jun 6, 2023
c77d649
aarch64 aspec: sync with Haskell
lsf37 Jun 7, 2023
d16b4fd
aarch64 ainvs: new invariant on vmid_table
lsf37 Jul 3, 2023
345818d
aarch64 aspec: cleanByVA_PoU in perform_pg_inv_map
lsf37 Jul 4, 2023
7713dff
aarch64 ainvs: updates for spec change
lsf37 Jul 4, 2023
438e27a
aarch64 aspec: fix do_flush spec bug
lsf37 Jul 5, 2023
c628181
aarch64 aspec+ainvs: add valid_asid_map invariant
lsf37 Jul 4, 2023
d16d35e
aarch64 refine: VSpace_R sorry-free
lsf37 Jul 3, 2023
f14217e
aarch64 refine: progress in Retype_R
lsf37 Jul 17, 2023
e74d5fe
aarch64 refine: progress in Retype_R
lsf37 Jul 18, 2023
4913aa8
aarch64 haskell: tweak createNewCaps definition
lsf37 Jul 18, 2023
2ec696f
aarch64 refine: Retype_R sorry-free
lsf37 Jul 18, 2023
1ea097a
aarch64 refine: Untyped_R sorry-free
lsf37 Jul 18, 2023
1f60044
aarch64 refine: Schedule_R sorry-free
lsf37 Jul 19, 2023
73ba0ce
aarch64 refine: IpcCancel_R sorry-free
lsf37 Jul 20, 2023
522cef1
aarch64 refine: Finalise_R sorry-free
lsf37 Jul 21, 2023
0e8048b
aarch64 aspec+ainvs: sync user_vtop check with C
lsf37 Jul 23, 2023
d849c0b
aarch64 haskell: fix syscall arg error reporting
lsf37 Jul 23, 2023
e2355c7
aarch64 haskell: check cap type in checkVSpaceRoot
lsf37 Jul 23, 2023
1fb96c7
aarch64 ainvs: mark addrFromPPtr_mask_ipa
lsf37 Jul 23, 2023
c745d4e
aarch64 aspec: fix flush type in decode_vspace_invocation
lsf37 Jul 23, 2023
da76bca
aarch64 refine: Arch_R sorry-free
lsf37 Jul 23, 2023
1f05109
aarch64 refine: Ipc_R sorry-free
lsf37 Jul 26, 2023
a0311bd
aarch64 refine: Interrupt_R sorry-free
lsf37 Jul 26, 2023
ffd038f
aarch64 refine: ADT_H sorry-free
lsf37 Jul 27, 2023
1fde048
aarch64 refine: progress in Detype_R
lsf37 Jul 28, 2023
8f2710d
aarch64 refine: Detype_R sorry-free
lsf37 Aug 9, 2023
2e3c97d
aarch64 refine: Orphanage sorry-free
Xaphiosis Aug 10, 2023
cf0e636
aarch64 refine: resolve trivial FIXMEs
lsf37 Aug 22, 2023
43c0759
aarch64 refine: leave comment instead of FIXME
lsf37 Aug 22, 2023
6bfdecd
aarch64 refine: defer some FIXMEs to CRefine
lsf37 Aug 22, 2023
c263749
aarch64 refine: consolidate dmo_invs_no_cicd' lemmas
lsf37 Aug 23, 2023
62618fc
aarch64 refine: improve decode invariance crunch
lsf37 Aug 23, 2023
4c69a42
lib: fix ML warning
lsf37 Aug 24, 2023
6793a94
lib: move lemmas from refine/AARCH64/ArchAcc
lsf37 Aug 24, 2023
5f74194
aarch64 refine: move lemmas to lib
lsf37 Aug 24, 2023
9f7e8f8
word_lib: anti-monotonicity of shiftr
lsf37 Aug 24, 2023
fe3ebf0
lib: lemmas moved from aarch64 refine
lsf37 Aug 24, 2023
dc4955d
aarch64 refine: lemma moved to Word_Lib
lsf37 Aug 24, 2023
2251bf8
aarch64 refine: lemmas moved to lib
lsf37 Aug 24, 2023
26a3a6e
aarch64 refine: lemmas moved to aarch64 ainvs
lsf37 Aug 24, 2023
a24ddbe
aarch64 refine: move lemmas internally
lsf37 Aug 24, 2023
de50741
lib+aarch64 refine: move lemmas to lib
lsf37 Aug 24, 2023
0369a4b
lib+ainvs+aarch64 refine: move+consolidate vcg_op_lift lemmas
lsf37 Aug 24, 2023
dcf6ee4
aarch64 ainvs+refine: move lemmas from Refine
lsf37 Aug 28, 2023
5497666
aarch64 ainvs+refine: remove unused dom_ucast_eq
lsf37 Aug 28, 2023
df31523
lib/monads: more cleanup and restyle in nondet monad
corlewis Aug 18, 2023
7999632
proof: update for changes to nondet monad
corlewis Aug 18, 2023
d66ac95
lib/monads/trace: copy in definitions and rules from nondet
corlewis Aug 24, 2023
0aac7ac
lib/monads/trace: update definitions and rules taken from nondet
corlewis Aug 24, 2023
293b97c
lib/monads/trace: prove more lemmas connecting valid and validI
corlewis Aug 24, 2023
3333395
lib/monads: improve style of nondet and trace
corlewis Oct 5, 2023
34038fc
lib/monads/nondet: remove uses of _tac methods
corlewis Sep 20, 2023
6680297
lib/monads: add no_fail_ex_lift and no_fail_grab_asm
michaelmcinerney Oct 5, 2023
e7cca6a
lib: improve corres_underlying rules for whileLoop
michaelmcinerney Oct 5, 2023
6721c7a
lib: sync Word_Lib with AFP
lsf37 Sep 1, 2023
3f66cb0
lib/Eisbach_Tools: morphism type changed in Isabelle2023
lsf37 Sep 1, 2023
eeae2af
lib: Isabelle2023 update
lsf37 Sep 1, 2023
286278d
misc: goto-error jEdit macro: update for 2023
Xaphiosis Sep 6, 2023
450234e
aspec: mapsto syntax update for Isabelle2023
lsf37 Sep 13, 2023
83fc513
c-parser: sync Simpl from AFP for Isabelle2023
lsf37 Sep 15, 2023
be44fad
c-parser: update to Isabelle2023 maps-to syntax
lsf37 Sep 15, 2023
26807f7
c-parser: adapt standalone parser to Isabelle2023
lsf37 Sep 18, 2023
f88d2d4
clib: update to Isabelle2023 mapsto syntax
lsf37 Sep 16, 2023
3141584
proof: update to Isabelle2023 mapsto syntax
lsf37 Sep 16, 2023
f7768ee
sep-capDL: update to Isabelle2023 mapsto syntax
lsf37 Sep 16, 2023
4c0b3df
capdDL-api: update to Isabelle2023 mapsto syntax
lsf37 Sep 16, 2023
0f99a75
autocorres: update to Isabelle2023
lsf37 Sep 16, 2023
0d984f3
camkes: update to Isabelle2023 mapsto syntax
lsf37 Sep 16, 2023
ad24d95
word lib: fix broken style introduced from AFP
lsf37 Oct 6, 2023
3036f22
Merge branch 'master' into rt
corlewis Oct 11, 2023
3308a0b
rt proof: update for merge
corlewis Oct 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion proof/invariant-abstract/ARM/ArchDetSchedAux_AI.thy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ lemma perform_asid_control_invocation_bound_sc_obj_tcb_at[wp]:
crunches perform_asid_control_invocation
for idle_thread[wp]: "\<lambda>s. P (idle_thread s)"
and valid_blocked[wp]: "valid_blocked"
(wp: static_imp_wp)
(wp: hoare_weak_lift_imp)

crunches perform_asid_control_invocation
for rqueues[wp]: "\<lambda>s. P (ready_queues s)"
Expand Down
56 changes: 30 additions & 26 deletions proof/invariant-abstract/ARM/ArchKHeap_AI.thy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -800,75 +800,79 @@ crunch device_state_inv: storeWord "\<lambda>ms. P (device_state ms)"

(* some hyp_ref invariants *)

lemma state_hyp_refs_of_ep_update: "\<And>s ep val. typ_at AEndpoint ep s \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(ep \<mapsto> Endpoint val)\<rparr>) = state_hyp_refs_of s"
lemma state_hyp_refs_of_ep_update:
"typ_at AEndpoint ep s \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(ep \<mapsto> Endpoint val)\<rparr>) = state_hyp_refs_of s"
apply (rule all_ext)
apply (clarsimp simp add: ARM.state_hyp_refs_of_def obj_at_def ARM.hyp_refs_of_def)
done

lemma state_hyp_refs_of_ntfn_update: "\<And>s ep val. typ_at ANTFN ep s \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(ep \<mapsto> Notification val)\<rparr>) = state_hyp_refs_of s"
lemma state_hyp_refs_of_ntfn_update:
"typ_at ANTFN ep s \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(ep \<mapsto> Notification val)\<rparr>) = state_hyp_refs_of s"
apply (rule all_ext)
apply (clarsimp simp add: ARM.state_hyp_refs_of_def obj_at_def ARM.hyp_refs_of_def)
done

lemma state_hyp_refs_of_sc_update: "\<And>s sc val n. typ_at (ASchedContext n) sc s \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := kheap s(sc \<mapsto> SchedContext val n)\<rparr>) = state_hyp_refs_of s"
lemma state_hyp_refs_of_sc_update:
"typ_at (ASchedContext n) sc s \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(sc \<mapsto> SchedContext val n)\<rparr>) = state_hyp_refs_of s"
apply (rule all_ext)
apply (clarsimp simp: ARM.state_hyp_refs_of_def obj_at_def ARM.hyp_refs_of_def
split: kernel_object.splits)
done

lemma state_hyp_refs_of_reply_update: "\<And>s r val. typ_at AReply r s \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := kheap s(r \<mapsto> Reply val)\<rparr>) = state_hyp_refs_of s"
lemma state_hyp_refs_of_reply_update:
"typ_at AReply r s \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(r \<mapsto> Reply val)\<rparr>) = state_hyp_refs_of s"
apply (rule all_ext)
apply (clarsimp simp add: ARM.state_hyp_refs_of_def obj_at_def ARM.hyp_refs_of_def)
done

lemma state_hyp_refs_of_tcb_bound_ntfn_update:
"kheap s t = Some (TCB tcb) \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(t \<mapsto> TCB (tcb\<lparr>tcb_bound_notification := ntfn\<rparr>))\<rparr>)
= state_hyp_refs_of s"
"kheap s t = Some (TCB tcb) \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(t \<mapsto> TCB (tcb\<lparr>tcb_bound_notification := ntfn\<rparr>))\<rparr>)
= state_hyp_refs_of s"
apply (rule all_ext)
apply (clarsimp simp add: ARM.state_hyp_refs_of_def obj_at_def split: option.splits)
done

lemma state_hyp_refs_of_tcb_sched_context_update:
"kheap s t = Some (TCB tcb) \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := kheap s(t \<mapsto> TCB (tcb\<lparr>tcb_sched_context := sc\<rparr>))\<rparr>)
= state_hyp_refs_of s"
"kheap s t = Some (TCB tcb) \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(t \<mapsto> TCB (tcb\<lparr>tcb_sched_context := sc\<rparr>))\<rparr>)
= state_hyp_refs_of s"
apply (rule all_ext)
apply (clarsimp simp add: ARM.state_hyp_refs_of_def obj_at_def split: option.splits)
done

lemma state_hyp_refs_of_tcb_yield_to_update:
"kheap s t = Some (TCB tcb) \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := kheap s(t \<mapsto> TCB (tcb\<lparr>tcb_yield_to := sc\<rparr>))\<rparr>)
= state_hyp_refs_of s"
"kheap s t = Some (TCB tcb) \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(t \<mapsto> TCB (tcb\<lparr>tcb_yield_to := sc\<rparr>))\<rparr>)
= state_hyp_refs_of s"
apply (rule all_ext)
apply (clarsimp simp add: ARM.state_hyp_refs_of_def obj_at_def split: option.splits)
done

lemma state_hyp_refs_of_tcb_state_update:
"kheap s t = Some (TCB tcb) \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(t \<mapsto> TCB (tcb\<lparr>tcb_state := ts\<rparr>))\<rparr>)
= state_hyp_refs_of s"
"kheap s t = Some (TCB tcb) \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(t \<mapsto> TCB (tcb\<lparr>tcb_state := ts\<rparr>))\<rparr>)
= state_hyp_refs_of s"
apply (rule all_ext)
apply (clarsimp simp add: ARM.state_hyp_refs_of_def obj_at_def split: option.splits)
done

lemma state_hyp_refs_of_tcb_domain_update:
"kheap s t = Some (TCB tcb) \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := kheap s(t \<mapsto> TCB (tcb\<lparr>tcb_domain := d\<rparr>))\<rparr>)
= state_hyp_refs_of s"
"kheap s t = Some (TCB tcb) \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(t \<mapsto> TCB (tcb\<lparr>tcb_domain := d\<rparr>))\<rparr>)
= state_hyp_refs_of s"
apply (rule all_ext)
apply (clarsimp simp add: state_hyp_refs_of_def obj_at_def split: option.splits)
done

lemma state_hyp_refs_of_tcb_priority_update:
"kheap s t = Some (TCB tcb) \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := kheap s(t \<mapsto> TCB (tcb\<lparr>tcb_priority := d\<rparr>))\<rparr>)
= state_hyp_refs_of s"
"kheap s t = Some (TCB tcb) \<Longrightarrow>
state_hyp_refs_of (s\<lparr>kheap := (kheap s)(t \<mapsto> TCB (tcb\<lparr>tcb_priority := d\<rparr>))\<rparr>)
= state_hyp_refs_of s"
apply (rule all_ext)
apply (clarsimp simp add: state_hyp_refs_of_def obj_at_def split: option.splits)
done
Expand Down
4 changes: 2 additions & 2 deletions proof/invariant-abstract/ARM/ArchTcb_AI.thy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -308,13 +308,13 @@ lemma install_tcb_frame_cap_invs:
\<comment> \<open>non-exception case\<close>
apply wpsimp
apply (wpsimp wp: checked_insert_tcb_invs[where ref="tcb_cnode_index 2"])
apply (wpsimp wp: hoare_vcg_all_lift static_imp_wp
apply (wpsimp wp: hoare_vcg_all_lift hoare_weak_lift_imp
thread_set_tcb_ipc_buffer_cap_cleared_invs
thread_set_cte_wp_at_trivial[where Q="\<lambda>x. x", OF ball_tcb_cap_casesI]
thread_set_ipc_tcb_cap_valid)
apply((wpsimp wp: cap_delete_deletes
hoare_vcg_const_imp_lift_R hoare_vcg_all_lift_R hoare_vcg_all_lift
static_imp_wp static_imp_conj_wp
hoare_weak_lift_imp hoare_weak_lift_imp_conj
| strengthen use_no_cap_to_obj_asid_strg
| wp cap_delete_ep)+)[1]
by (clarsimp simp: is_cap_simps' valid_fault_handler_def)
Expand Down
4 changes: 2 additions & 2 deletions proof/invariant-abstract/ARM/ArchVSpaceEntries_AI.thy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1623,7 +1623,7 @@ crunch valid_pdpt[wp]: schedule_choose_new_thread "valid_pdpt_objs"
crunch valid_pdpt[wp]: activate_thread, switch_to_thread, switch_to_idle_thread,
awaken "valid_pdpt_objs"
(simp: crunch_simps
wp: crunch_wps alternative_valid select_wp OR_choice_weak_wp select_ext_weak_wp)
wp: crunch_wps OR_choice_weak_wp select_ext_weak_wp)

crunch valid_pdpt[wp]: handle_call, handle_recv, handle_send, handle_yield,
handle_interrupt, handle_vm_fault, handle_hypervisor_fault
Expand All @@ -1634,7 +1634,7 @@ crunch valid_pdpt[wp]: handle_call, handle_recv, handle_send, handle_yield,

lemma schedule_valid_pdpt[wp]: "\<lbrace>valid_pdpt_objs\<rbrace> schedule :: (unit,det_ext) s_monad \<lbrace>\<lambda>_. valid_pdpt_objs\<rbrace>"
apply (simp add: schedule_def)
apply (wpsimp wp: alternative_wp select_wp hoare_drop_imps)
apply (wpsimp wp: hoare_drop_imps)
done

crunches check_domain_time
Expand Down
2 changes: 1 addition & 1 deletion proof/invariant-abstract/CSpace_AI.thy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,7 @@ lemma preemption_point_inv:
apply (rule hoare_seq_ext_skipE, wpsimp)
apply (rule valid_validE)
apply (rule OR_choiceE_weak_wp)
apply (rule alternative_valid; (solves wpsimp)?)
apply (rule alternative_wp[where P=P and P'=P for P, simplified]; (solves wpsimp)?)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I forgot to point this out when I made this PR. alternative_valid was removed on master due to not being used, but did have a couple of uses in rt as part of some forward reasoning proofs.

Are we ok with what I've done here, which is basically inlining it in the two places it was used? The obvious to me other options would be to either add alternative_valid back to Nondet_VCG, or to rework these proofs to be backwards.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd be OK with what you've done here, but wouldn't mind if these proofs were reworked to be backwards. I'm pretty sure they'd be my proofs originally, so I'd be happy to do that. I think these were for preemption_point, which is not the nicest function to deal with, so it might not be so straightforward.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd be fine with either. Definitely no problems with it being reworked as backwards proof. Could also be in a separate PR.

apply (rule validE_valid)
apply (rule hoare_seq_ext_skipE, solves \<open>wpsimp wp: update_time_stamp_wp\<close>)+
apply wpsimp
Expand Down
2 changes: 1 addition & 1 deletion proof/invariant-abstract/DetSchedDomainTime_AI.thy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ crunch domain_list[wp]: maybe_donate_sc "\<lambda>s :: det_state. P (domain_list
(wp: crunch_wps)

crunch domain_list_inv[wp]: send_signal "\<lambda>s::det_state. P (domain_list s)"
(wp: hoare_drop_imps mapM_x_wp_inv select_wp maybeM_inv simp: crunch_simps unless_def)
(wp: hoare_drop_imps mapM_x_wp_inv maybeM_inv simp: crunch_simps unless_def)

crunch domain_list_inv[wp]: lookup_reply,lookup_cap "\<lambda>s::det_state. P (domain_list s)"

Expand Down
16 changes: 8 additions & 8 deletions proof/invariant-abstract/DetSchedInvs_AI.thy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3292,17 +3292,17 @@ lemmas tcb_ready_times_of_kh_update_indep'[simp]

lemma tcb_ready_time_ep_update:
"\<lbrakk> ep_at ref s; a_type new = AEndpoint\<rbrakk> \<Longrightarrow>
tcb_ready_times_of_kh (kheap s(ref \<mapsto> new)) = tcb_ready_times_of s"
tcb_ready_times_of_kh ((kheap s)(ref \<mapsto> new)) = tcb_ready_times_of s"
by (clarsimp simp: obj_at_def is_ep)

lemma tcb_ready_time_reply_update:
"\<lbrakk> reply_at ref s; a_type new = AReply\<rbrakk> \<Longrightarrow>
tcb_ready_times_of_kh (kheap s(ref \<mapsto> new)) = tcb_ready_times_of s"
tcb_ready_times_of_kh ((kheap s)(ref \<mapsto> new)) = tcb_ready_times_of s"
by (clarsimp simp: obj_at_def is_reply)

lemma tcb_ready_time_ntfn_update:
"\<lbrakk> ntfn_at ref s; a_type new = ANTFN\<rbrakk> \<Longrightarrow>
tcb_ready_times_of_kh (kheap s(ref \<mapsto> new)) = tcb_ready_times_of s"
tcb_ready_times_of_kh ((kheap s)(ref \<mapsto> new)) = tcb_ready_times_of s"
by (clarsimp simp: obj_at_def is_ntfn)

lemmas tcb_ready_time_update_indeps[simp]
Expand All @@ -3314,7 +3314,7 @@ lemmas tcb_ready_time_update_indeps'[simp]
lemma tcb_ready_time_thread_state_update[simp]:
assumes "kheap s tp = Some (TCB tcb)"
assumes "tcb_sched_context tcb' = tcb_sched_context tcb"
shows "tcb_ready_times_of_kh (kheap s(tp \<mapsto> TCB tcb')) = tcb_ready_times_of s"
shows "tcb_ready_times_of_kh ((kheap s)(tp \<mapsto> TCB tcb')) = tcb_ready_times_of s"
using assms by (simp add: fun_upd_def vs_all_heap_simps)

lemmas tcb_ready_time_thread_state_update'[simp]
Expand All @@ -3326,7 +3326,7 @@ lemma tcb_ready_time_kh_tcb_sc_update:
scopt = Some scp'; kheap s scp' = Some (SchedContext sc' n');
r_time (refill_hd sc) = r_time (refill_hd sc') \<rbrakk> \<Longrightarrow>
tcb_ready_times_of_kh
(kheap s(tp \<mapsto> TCB (tcb\<lparr>tcb_sched_context := scopt\<rparr>)))
((kheap s)(tp \<mapsto> TCB (tcb\<lparr>tcb_sched_context := scopt\<rparr>)))
= tcb_ready_times_of s"
by (auto intro!: map_eqI
simp: fun_upd_def vs_all_heap_simps tcb_ready_times_defs
Expand All @@ -3335,12 +3335,12 @@ lemma tcb_ready_time_kh_tcb_sc_update:

lemma tcb_at_simple_type_update[iff]:
"\<lbrakk>obj_at is_simple_type epptr s; is_simple_type ko\<rbrakk> \<Longrightarrow>
tcbs_of_kh (kheap s(epptr \<mapsto> ko)) = tcbs_of s"
tcbs_of_kh ((kheap s)(epptr \<mapsto> ko)) = tcbs_of s"
by (rule map_eqI, auto simp add: vs_heap_simps obj_at_def)

lemma sc_at_simple_type_update[iff]:
"\<lbrakk>obj_at is_simple_type epptr s; is_simple_type ko\<rbrakk> \<Longrightarrow>
scs_of_kh (kheap s(epptr \<mapsto> ko)) = scs_of s"
scs_of_kh ((kheap s)(epptr \<mapsto> ko)) = scs_of s"
by (rule map_eqI, auto simp add: vs_heap_simps obj_at_def)

(* lifting lemmas *)
Expand Down Expand Up @@ -3507,7 +3507,7 @@ lemma switch_in_cur_domain_lift_pre_conj:
apply wp_pre
apply (rule hoare_lift_Pf_pre_conj[where f=scheduler_action, OF _ b])
apply (rule hoare_lift_Pf_pre_conj[where f=cur_domain, OF _ c])
by (wpsimp simp: switch_in_cur_domain_def in_cur_domain_def wp: hoare_vcg_all_lift static_imp_wp a)+
by (wpsimp simp: switch_in_cur_domain_def in_cur_domain_def wp: hoare_vcg_all_lift hoare_weak_lift_imp a)+

lemmas switch_in_cur_domain_lift = switch_in_cur_domain_lift_pre_conj[where R = \<top>, simplified]

Expand Down
Loading