diff --git a/proof/crefine/AARCH64/ADT_C.thy b/proof/crefine/AARCH64/ADT_C.thy index 11928fde85..10f06c8a7d 100644 --- a/proof/crefine/AARCH64/ADT_C.thy +++ b/proof/crefine/AARCH64/ADT_C.thy @@ -817,11 +817,7 @@ lemma cthread_state_rel_imp_eq: "cthread_state_relation x z \ cthread_state_relation y z \ x=y" apply (simp add: cthread_state_relation_def split_def) apply (cases x) - apply (cases y, simp_all add: ThreadState_BlockedOnReceive_def - ThreadState_BlockedOnReply_def ThreadState_BlockedOnNotification_def - ThreadState_Running_def ThreadState_Inactive_def - ThreadState_IdleThreadState_def ThreadState_BlockedOnSend_def - ThreadState_Restart_def)+ + apply (cases y, simp_all add: ThreadState_defs)+ done lemma ksPSpace_valid_objs_tcbBoundNotification_nonzero: diff --git a/proof/crefine/AARCH64/Arch_C.thy b/proof/crefine/AARCH64/Arch_C.thy index d5ddefd69e..b18268f950 100644 --- a/proof/crefine/AARCH64/Arch_C.thy +++ b/proof/crefine/AARCH64/Arch_C.thy @@ -1414,7 +1414,7 @@ lemma performPageGetAddress_ccorres: apply clarsimp apply (vcg exspec=setRegister_modifies) apply wpsimp - apply (clarsimp simp: ThreadState_Running_def) + apply clarsimp apply (vcg exspec=lookupIPCBuffer_modifies) apply clarsimp apply vcg @@ -1426,7 +1426,7 @@ lemma performPageGetAddress_ccorres: seL4_MessageInfo_lift_def message_info_to_H_def mask_def) apply (cases isCall) apply (auto simp: AARCH64.badgeRegister_def AARCH64_H.badgeRegister_def Kernel_C.badgeRegister_def - fromPAddr_def ThreadState_Running_def Kernel_C.X0_def Kernel_C.X1_def + fromPAddr_def ThreadState_defs Kernel_C.X0_def Kernel_C.X1_def pred_tcb_at'_def obj_at'_def ct_in_state'_def) done @@ -2940,7 +2940,7 @@ lemma decodeARMMMUInvocation_ccorres: apply (rule_tac Q'=UNIV and A'="{}" in conseqPost) apply (vcg exspec=ensureEmptySlot_modifies) apply (frule length_ineq_not_Nil) - apply (clarsimp simp: null_def ThreadState_Restart_def mask_def hd_conv_nth + apply (clarsimp simp: null_def ThreadState_defs mask_def hd_conv_nth isCap_simps rf_sr_ksCurThread cap_get_tag_UntypedCap word_le_make_less asid_high_bits_def split: list.split) @@ -3290,8 +3290,7 @@ lemma decodeARMMMUInvocation_ccorres: apply clarsimp apply (clarsimp simp: cte_wp_at_ctes_of asidHighBits_handy_convs word_sle_def word_sless_def asidLowBits_handy_convs - rf_sr_ksCurThread "StrictC'_thread_state_defs" - mask_def[where n=4] + rf_sr_ksCurThread ThreadState_defs mask_def[where n=4] cong: if_cong) apply (clarsimp simp: ccap_relation_isDeviceCap2 objBits_simps pageBits_def case_bool_If) apply (rule conjI; clarsimp) @@ -3554,7 +3553,7 @@ lemma invokeVCPUReadReg_ccorres: (* styled after invokeTCB_ReadRegisters_ccorres apply clarsimp apply (vcg exspec=setRegister_modifies) apply wpsimp - apply (clarsimp simp: ThreadState_Running_def) + apply clarsimp apply (vcg exspec=lookupIPCBuffer_modifies) apply clarsimp apply (wpsimp wp: hoare_vcg_const_imp_lift hoare_vcg_all_lift hoare_vcg_imp_lift) @@ -3565,15 +3564,14 @@ lemma invokeVCPUReadReg_ccorres: (* styled after invokeTCB_ReadRegisters_ccorres apply (rule conseqPre, vcg) apply clarsimp apply (clarsimp simp: invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' - rf_sr_ksCurThread msgRegisters_unfold - seL4_MessageInfo_lift_def message_info_to_H_def mask_def) + rf_sr_ksCurThread msgRegisters_unfold ThreadState_defs + seL4_MessageInfo_lift_def message_info_to_H_def mask_def) apply (cases isCall; clarsimp) apply (rule conjI, clarsimp simp: ct_in_state'_def st_tcb_at'_def comp_def) apply (fastforce simp: obj_at'_def projectKOs) apply (clarsimp simp: Kernel_C.badgeRegister_def AARCH64.badgeRegister_def AARCH64_H.badgeRegister_def C_register_defs) apply (simp add: rf_sr_def cstate_relation_def Let_def) - apply (clarsimp simp: ThreadState_Running_def) apply (rule conjI, clarsimp simp: pred_tcb_at'_def obj_at'_def projectKOs ct_in_state'_def) apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def) done @@ -3662,7 +3660,7 @@ lemma decodeVCPUWriteReg_ccorres: apply (clarsimp simp: word_less_nat_alt word_le_nat_alt conj_commute invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' rf_sr_ksCurThread msgRegisters_unfold - valid_tcb_state'_def ThreadState_Restart_def mask_def) + valid_tcb_state'_def ThreadState_defs mask_def) apply (rule conjI; clarsimp) \ \not enough args\ apply (clarsimp simp: isCap_simps cap_get_tag_isCap capVCPUPtr_eq) apply (subst from_to_enum; clarsimp simp: fromEnum_maxBound_vcpureg_def) @@ -3917,7 +3915,7 @@ lemma decodeVCPUInjectIRQ_ccorres: apply (clarsimp simp: word_less_nat_alt word_le_nat_alt conj_commute invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' rf_sr_ksCurThread msgRegisters_unfold - valid_tcb_state'_def ThreadState_Restart_def mask_def) + valid_tcb_state'_def ThreadState_defs mask_def) apply (frule invs_arch_state') apply (clarsimp simp: valid_arch_state'_def max_armKSGICVCPUNumListRegs_def rf_sr_armKSGICVCPUNumListRegs) @@ -4019,7 +4017,7 @@ lemma decodeVCPUReadReg_ccorres: apply (clarsimp simp: word_le_nat_alt conj_commute invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' rf_sr_ksCurThread msgRegisters_unfold - valid_tcb_state'_def ThreadState_Restart_def mask_def) + valid_tcb_state'_def ThreadState_defs mask_def) apply (rule conjI; clarsimp) \ \no args\ subgoal by (clarsimp simp: isCap_simps cap_get_tag_isCap capVCPUPtr_eq) @@ -4123,7 +4121,7 @@ lemma decodeVCPUSetTCB_ccorres: apply (clarsimp simp: word_less_nat_alt word_le_nat_alt conj_commute invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' rf_sr_ksCurThread msgRegisters_unfold - valid_tcb_state'_def ThreadState_Restart_def mask_def) + valid_tcb_state'_def ThreadState_defs mask_def) apply (clarsimp simp: idButNot_def interpret_excaps_test_null excaps_map_def neq_Nil_conv) apply (rule conjI; clarsimp) @@ -4276,7 +4274,7 @@ proof - apply (clarsimp simp: word_le_nat_alt conj_commute invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' rf_sr_ksCurThread msgRegisters_unfold - valid_tcb_state'_def ThreadState_Restart_def mask_def + valid_tcb_state'_def mask_def valid_cap'_def ct_in_state'_def sysargs_rel_to_n st_tcb_at'_def comp_def runnable'_eq) apply (fastforce elim: obj_at'_weakenE) @@ -4284,7 +4282,7 @@ proof - apply (clarsimp simp: word_le_nat_alt conj_commute invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' rf_sr_ksCurThread msgRegisters_unfold - valid_tcb_state'_def ThreadState_Restart_def Kernel_C.maxIRQ_def + valid_tcb_state'_def ThreadState_defs Kernel_C.maxIRQ_def and_mask_eq_iff_le_mask capVCPUPtr_eq) apply (clarsimp simp: mask_def) done diff --git a/proof/crefine/AARCH64/Fastpath_C.thy b/proof/crefine/AARCH64/Fastpath_C.thy index 801f974a2e..132cbee167 100644 --- a/proof/crefine/AARCH64/Fastpath_C.thy +++ b/proof/crefine/AARCH64/Fastpath_C.thy @@ -54,7 +54,7 @@ lemma setCTE_tcbContext: apply (rule setObject_cte_obj_at_tcb', simp_all) done -lemma seThreadState_tcbContext: +lemma setThreadState_tcbContext: "\obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t\ setThreadState a b \\_. obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t\" @@ -73,7 +73,7 @@ lemma setBoundNotification_tcbContext: declare comp_apply [simp del] crunch tcbContext[wp]: deleteCallerCap "obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t" (wp: setEndpoint_obj_at_tcb' setBoundNotification_tcbContext - setNotification_tcb crunch_wps seThreadState_tcbContext + setNotification_tcb crunch_wps setThreadState_tcbContext simp: crunch_simps unless_def) declare comp_apply [simp] @@ -798,7 +798,7 @@ lemma thread_state_ptr_set_tsType_np_spec: apply (clarsimp simp: typ_heap_simps') apply (rule exI, rule conjI[OF _ conjI [OF _ refl]]) apply (simp_all add: thread_state_lift_def) - apply (auto simp: "StrictC'_thread_state_defs" mask_def) + apply (auto simp: ThreadState_defs mask_def) done (* from the bitfield generator: ep_ref and tsType are stored in the same word, tsType is the lowest @@ -3140,7 +3140,7 @@ proof - apply (clarsimp simp: rf_sr_ksCurThread typ_heap_simps' h_t_valid_clift_Some_iff) apply (clarsimp simp: capAligned_def isCap_simps objBits_simps - "StrictC'_thread_state_defs" mask_def) + ThreadState_defs mask_def) apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def typ_heap_simps' objBits_defs) apply (rule conjI) @@ -3151,7 +3151,7 @@ proof - apply (simp add: cep_relations_drop_fun_upd) apply (erule cmap_relation_updI, erule ko_at_projectKO_opt) apply (simp add: ctcb_relation_def cthread_state_relation_def - "StrictC'_thread_state_defs") + ThreadState_defs) apply (clarsimp simp: ccap_relation_ep_helpers) apply simp apply (rule conjI, erule cready_queues_relation_not_queue_ptrs) diff --git a/proof/crefine/AARCH64/Fastpath_Equiv.thy b/proof/crefine/AARCH64/Fastpath_Equiv.thy index 0cb9028902..b005190e93 100644 --- a/proof/crefine/AARCH64/Fastpath_Equiv.thy +++ b/proof/crefine/AARCH64/Fastpath_Equiv.thy @@ -49,7 +49,7 @@ lemma setCTE_tcbContext: context begin interpretation Arch . (*FIXME: arch_split*) -lemma seThreadState_tcbContext: +lemma setThreadState_tcbContext: "\obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t\ setThreadState a b \\_. obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t\" @@ -68,7 +68,7 @@ lemma setBoundNotification_tcbContext: declare comp_apply [simp del] crunch tcbContext[wp]: deleteCallerCap "obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t" (wp: setEndpoint_obj_at_tcb' setBoundNotification_tcbContext - setNotification_tcb crunch_wps seThreadState_tcbContext + setNotification_tcb crunch_wps setThreadState_tcbContext simp: crunch_simps unless_def) declare comp_apply [simp] @@ -1697,7 +1697,7 @@ lemma fastpath_callKernel_SysReplyRecv_corres: fastpathBestSwitchCandidate_lift[where f="threadSet f t" for f t] | wps)+)[3] apply (simp cong: rev_conj_cong) - apply (wpsimp wp: seThreadState_tcbContext[simplified comp_apply] + apply (wpsimp wp: setThreadState_tcbContext[simplified comp_apply] setThreadState_oa_queued user_getreg_rv setThreadState_no_sch_change setThreadState_obj_at_unchanged sts_st_tcb_at'_cases sts_bound_tcb_at' diff --git a/proof/crefine/AARCH64/Finalise_C.thy b/proof/crefine/AARCH64/Finalise_C.thy index b7b077dc41..cf996daaca 100644 --- a/proof/crefine/AARCH64/Finalise_C.thy +++ b/proof/crefine/AARCH64/Finalise_C.thy @@ -241,10 +241,8 @@ next sts_running_valid_queues sts_st_tcb' setThreadState_oa_queued | simp)+ apply (vcg exspec=setThreadState_cslift_spec exspec=tcbSchedEnqueue_cslift_spec) - apply (clarsimp simp: tcb_at_not_NULL - Collect_const_mem valid_tcb_state'_def - ThreadState_Restart_def mask_def - valid_objs'_maxDomain valid_objs'_maxPriority) + apply (clarsimp simp: tcb_at_not_NULL Collect_const_mem valid_tcb_state'_def + ThreadState_defs mask_def valid_objs'_maxDomain valid_objs'_maxPriority) apply (drule(1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (rule conjI) @@ -623,7 +621,7 @@ lemma suspend_ccorres: apply clarsimp apply (rule iffI) apply simp - apply (erule thread_state_to_tsType.elims; simp add: StrictC'_thread_state_defs) + apply (erule thread_state_to_tsType.elims; simp add: ThreadState_defs) apply (ctac (no_vcg) add: updateRestartPC_ccorres) apply (rule ccorres_return_Skip) apply ceqv @@ -658,7 +656,7 @@ lemma suspend_ccorres: apply (rule delete_one_conc_fr.cancelIPC_invs) apply (fastforce simp: invs_valid_queues' invs_queues invs_valid_objs' valid_tcb_state'_def) - apply (auto simp: "StrictC'_thread_state_defs") + apply (auto simp: ThreadState_defs) done lemma cap_to_H_NTFNCap_tag: diff --git a/proof/crefine/AARCH64/Interrupt_C.thy b/proof/crefine/AARCH64/Interrupt_C.thy index 2b456b3af3..ff57a72814 100644 --- a/proof/crefine/AARCH64/Interrupt_C.thy +++ b/proof/crefine/AARCH64/Interrupt_C.thy @@ -232,7 +232,7 @@ supply [[goals_limit=20]] apply (clarsimp simp: Collect_const_mem neq_Nil_conv dest!: interpret_excaps_eq) apply (simp add: rf_sr_ksCurThread mask_def[where n=4] - "StrictC'_thread_state_defs" cap_get_tag_isCap excaps_map_def + ThreadState_defs cap_get_tag_isCap excaps_map_def word_sless_def word_sle_def) apply (simp add: invocationCatch_def throwError_bind interpret_excaps_test_null Collect_True @@ -262,8 +262,7 @@ supply [[goals_limit=20]] apply (clarsimp simp: invs_queues invs_valid_objs' ct_in_state'_def ccap_rights_relation_def - mask_def[where n=4] - "StrictC'_thread_state_defs") + mask_def[where n=4] ThreadState_defs) apply (subst pred_tcb'_weakenE, assumption, fastforce)+ apply (clarsimp simp: rf_sr_ksCurThread word_sle_def word_sless_def sysargs_rel_n_def word_less_nat_alt) @@ -585,7 +584,7 @@ lemma Arch_decodeIRQControlInvocation_ccorres: apply (simp add: and_mask_eq_iff_le_mask) apply (simp add: mask_def word_le_nat_alt) apply (clarsimp simp: numeral_2_eq_2 numeral_3_eq_3 exception_defs - ThreadState_Restart_def mask_def) + ThreadState_defs mask_def) apply (rule conseqPre, vcg) apply (fastforce simp: exception_defs split: if_split) apply (rule subset_refl) @@ -608,7 +607,6 @@ lemma Arch_decodeIRQControlInvocation_ccorres: apply clarsimp apply (clarsimp simp: interpret_excaps_test_null excaps_map_def Collect_const_mem word_sless_def word_sle_def - ThreadState_Restart_def unat_of_nat mask_def sysargs_rel_to_n cong: if_cong) apply (rule conjI) @@ -752,7 +750,7 @@ lemma decodeIRQControlInvocation_ccorres: apply (rule sym) apply (simp add: and_mask_eq_iff_le_mask) apply (simp add: mask_def word_le_nat_alt) - apply (clarsimp simp: numeral_2_eq_2 exception_defs ThreadState_Restart_def mask_def) + apply (clarsimp simp: numeral_2_eq_2 exception_defs ThreadState_defs mask_def) apply (rule conseqPre, vcg) apply (fastforce simp: exception_defs) apply (rule subset_refl) @@ -778,7 +776,6 @@ lemma decodeIRQControlInvocation_ccorres: apply clarsimp apply (clarsimp simp: interpret_excaps_test_null excaps_map_def Collect_const_mem word_sless_def word_sle_def - ThreadState_Restart_def unat_of_nat mask_def sysargs_rel_to_n cong: if_cong) apply (rule conjI) diff --git a/proof/crefine/AARCH64/Invoke_C.thy b/proof/crefine/AARCH64/Invoke_C.thy index 1962b2f42a..8433d438b3 100644 --- a/proof/crefine/AARCH64/Invoke_C.thy +++ b/proof/crefine/AARCH64/Invoke_C.thy @@ -199,7 +199,7 @@ lemma decodeDomainInvocation_ccorres: apply (clarsimp simp: valid_tcb_state'_def invs_valid_queues' invs_valid_objs' invs_queues invs_sch_act_wf' ct_in_state'_def pred_tcb_at' rf_sr_ksCurThread word_sle_def word_sless_def sysargs_rel_to_n - mask_eq_iff_w2p mask_eq_iff_w2p word_size "StrictC'_thread_state_defs") + mask_eq_iff_w2p mask_eq_iff_w2p word_size ThreadState_defs) apply (rule conjI) apply (clarsimp simp: linorder_not_le isCap_simps) apply (rule conjI, clarsimp simp: unat64_eq_of_nat) @@ -1365,7 +1365,7 @@ lemma decodeCNodeInvocation_ccorres: apply (frule interpret_excaps_eq) apply (clarsimp simp: excaps_map_def mask_def[where n=4] ccap_rights_relation_def rightsFromWord_wordFromRights - "StrictC'_thread_state_defs" map_comp_Some_iff + ThreadState_defs map_comp_Some_iff rf_sr_ksCurThread hd_conv_nth hd_drop_conv_nth) apply ((rule conjI | clarsimp simp: rightsFromWord_wordFromRights @@ -3294,8 +3294,7 @@ lemma decodeUntypedInvocation_ccorres_helper: unat_of_nat_APIType_capBits word_size hd_conv_nth length_ineq_not_Nil not_less word_le_nat_alt isCap_simps valid_cap_simps') apply (strengthen word_of_nat_less) - apply (clarsimp simp: StrictC'_thread_state_defs mask_def - ccap_relation_isDeviceCap2 + apply (clarsimp simp: ThreadState_defs mask_def ccap_relation_isDeviceCap2 split: if_split) apply (clarsimp simp: not_less shiftr_overflow maxUntypedSizeBits_def unat_of_nat_APIType_capBits) @@ -3401,8 +3400,7 @@ lemma decodeUntypedInvocation_ccorres_helper: apply (clarsimp simp: hd_drop_conv_nth2 hd_conv_nth neq_Nil_lengthI ct_in_state'_def pred_tcb_at' rf_sr_ksCurThread mask_eq_iff_w2p - "StrictC'_thread_state_defs" numeral_eqs[symmetric] - cap_get_tag_isCap cte_wp_at_ctes_of + numeral_eqs[symmetric] cap_get_tag_isCap cte_wp_at_ctes_of unat_eq_0 ccHoarePost_def) apply (rule conjI) apply (clarsimp simp: linorder_not_less isCap_simps) diff --git a/proof/crefine/AARCH64/IpcCancel_C.thy b/proof/crefine/AARCH64/IpcCancel_C.thy index 776b195c9c..540b3b7737 100644 --- a/proof/crefine/AARCH64/IpcCancel_C.thy +++ b/proof/crefine/AARCH64/IpcCancel_C.thy @@ -431,7 +431,7 @@ lemma isStopped_ccorres [corres]: apply clarsimp apply (clarsimp simp: typ_heap_simps ctcb_relation_thread_state_to_tsType split: thread_state.splits) - apply (simp add: "StrictC'_thread_state_defs")+ + apply (simp add: ThreadState_defs)+ done lemma isRunnable_ccorres [corres]: @@ -459,7 +459,7 @@ lemma isRunnable_ccorres [corres]: apply (clarsimp) apply (clarsimp simp: typ_heap_simps ctcb_relation_thread_state_to_tsType split: thread_state.splits) - apply (simp add: "StrictC'_thread_state_defs")+ + apply (simp add: ThreadState_defs)+ done @@ -2375,7 +2375,7 @@ lemma scheduleTCB_ccorres': apply (clarsimp simp: typ_heap_simps) apply (subgoal_tac "ksSchedulerAction \ = ResumeCurrentThread") apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def cscheduler_action_relation_def tcb_at_not_NULL split: scheduler_action.split_asm) @@ -2429,7 +2429,7 @@ lemma scheduleTCB_ccorres_valid_queues'_pre: apply (drule (1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def weak_sch_act_wf_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (fold_subgoals (prefix))[6] subgoal premises prems using prems by (clarsimp simp: rf_sr_def cstate_relation_def Let_def @@ -2523,7 +2523,7 @@ lemma scheduleTCB_ccorres_valid_queues'_pre_simple: apply (clarsimp simp: typ_heap_simps) apply (subgoal_tac "ksSchedulerAction \ = ResumeCurrentThread") apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def cscheduler_action_relation_def tcb_at_not_NULL @@ -2618,11 +2618,11 @@ lemma cancelSignal_ccorres [corres]: apply (ctac (no_vcg) add: cancelSignal_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply ((wp setNotification_nosch setNotification_ksQ hoare_vcg_all_lift set_ntfn_valid_objs' | simp add: valid_tcb_state'_def split del: if_split)+)[1] - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply (rule conjI, clarsimp, rule conjI, clarsimp) apply (frule (1) ko_at_valid_ntfn'[OF _ invs_valid_objs']) subgoal by ((auto simp: obj_at'_def projectKOs st_tcb_at'_def invs'_def valid_state'_def - isTS_defs cte_wp_at_ctes_of "StrictC'_thread_state_defs" + isTS_defs cte_wp_at_ctes_of cthread_state_relation_def sch_act_wf_weak valid_ntfn'_def dest!: valid_queues_not_runnable'_not_ksQ[where t=thread] | clarsimp simp: eq_commute)+) @@ -2630,7 +2630,7 @@ lemma cancelSignal_ccorres [corres]: apply (frule (1) ko_at_valid_ntfn'[OF _ invs_valid_objs']) apply (frule (2) ntfn_blocked_in_queueD) by (auto simp: obj_at'_def projectKOs st_tcb_at'_def invs'_def valid_state'_def - isTS_defs cte_wp_at_ctes_of "StrictC'_thread_state_defs" valid_ntfn'_def + isTS_defs cte_wp_at_ctes_of valid_ntfn'_def cthread_state_relation_def sch_act_wf_weak isWaitingNtfn_def dest!: valid_queues_not_runnable'_not_ksQ[where t=thread] split: ntfn.splits option.splits @@ -3057,7 +3057,7 @@ lemma cancelIPC_ccorres1: apply (rule_tac P="rv' = thread_state_to_tsType rv" in ccorres_gen_asm2) apply wpc \ \BlockedOnReceive\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs cong: call_ignore_cong) + apply (simp add: word_sle_def ccorres_cond_iffs cong: call_ignore_cong) apply (rule ccorres_rhs_assoc)+ apply csymbr apply csymbr @@ -3073,7 +3073,7 @@ lemma cancelIPC_ccorres1: apply (ctac (no_vcg) add: cancelIPC_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply (wp hoare_vcg_all_lift set_ep_valid_objs' | simp add: valid_tcb_state'_def split del: if_split)+ - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply vcg apply (rule conseqPre, vcg) apply clarsimp @@ -3083,7 +3083,7 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \BlockedOnReply case\ - apply (simp add: "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: ThreadState_defs ccorres_cond_iffs Collect_False Collect_True word_sle_def cong: call_ignore_cong del: Collect_const) apply (rule ccorres_rhs_assoc)+ @@ -3142,7 +3142,7 @@ lemma cancelIPC_ccorres1: apply (clarsimp simp add: guard_is_UNIV_def tcbReplySlot_def Kernel_C.tcbReply_def tcbCNodeEntries_def) \ \BlockedOnNotification\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong) apply (rule ccorres_symb_exec_r) apply (ctac (no_vcg)) @@ -3152,11 +3152,11 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \Running, Inactive, and Idle\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong, rule ccorres_return_Skip)+ \ \BlockedOnSend\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ccorres_cond_iffs cong: call_ignore_cong) \ \clag\ apply (rule ccorres_rhs_assoc)+ @@ -3173,7 +3173,7 @@ lemma cancelIPC_ccorres1: apply (ctac (no_vcg) add: cancelIPC_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply (wp hoare_vcg_all_lift set_ep_valid_objs' | simp add: valid_tcb_state'_def split del:if_split)+ - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply clarsimp apply (rule conseqPre, vcg, rule subset_refl) apply (rule conseqPre, vcg) @@ -3183,7 +3183,7 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \Restart\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong, rule ccorres_return_Skip) \ \Post wp proofs\ diff --git a/proof/crefine/AARCH64/Ipc_C.thy b/proof/crefine/AARCH64/Ipc_C.thy index b7cdfafc73..1293163cbc 100644 --- a/proof/crefine/AARCH64/Ipc_C.thy +++ b/proof/crefine/AARCH64/Ipc_C.thy @@ -4487,9 +4487,7 @@ proof - apply ((wp threadSet_valid_queues threadSet_sch_act threadSet_valid_queues' hoare_weak_lift_imp threadSet_valid_objs' threadSet_weak_sch_act_wf | simp add: valid_tcb_state'_def)+)[1] - apply (clarsimp simp: guard_is_UNIV_def ThreadState_Restart_def - ThreadState_Inactive_def mask_def - option_to_ctcb_ptr_def) + apply (clarsimp simp: guard_is_UNIV_def ThreadState_defs mask_def option_to_ctcb_ptr_def) apply (rule_tac Q="\rv. valid_queues and tcb_at' receiver and valid_queues' and valid_objs' and sch_act_simple and (\s. ksCurDomain s \ maxDomain) and @@ -4511,7 +4509,7 @@ proof - apply (simp(no_asm_use) add: gs_set_assn_Delete_cstate_relation[unfolded o_def] subset_iff rf_sr_def) apply (clarsimp simp: guard_is_UNIV_def option_to_ptr_def option_to_0_def - ThreadState_Running_def mask_def + ThreadState_defs mask_def ghost_assertion_data_get_def ghost_assertion_data_set_def cap_tag_defs option_to_ctcb_ptr_def split: option.splits) @@ -4605,7 +4603,7 @@ lemma setupCallerCap_ccorres [corres]: Kernel_C.tcbCaller_def) apply simp apply wp - apply (clarsimp simp: Kernel_C.ThreadState_BlockedOnReply_def mask_def + apply (clarsimp simp: ThreadState_defs mask_def valid_pspace'_def tcbReplySlot_def valid_tcb_state'_def Collect_const_mem tcb_cnode_index_defs) @@ -4817,7 +4815,7 @@ lemma sendIPC_block_ccorres_helper: apply (erule(1) rf_sr_tcb_update_no_queue_gen, (simp add: typ_heap_simps')+)[1] apply (simp add: tcb_cte_cases_def cteSizeBits_def) apply (simp add: ctcb_relation_def cthread_state_relation_def Suc_canonical_bit_fold - ThreadState_BlockedOnSend_def mask_shiftl_decompose + ThreadState_defs mask_shiftl_decompose canonical_make_canonical_idem) apply (clarsimp simp: mask_def) apply ceqv @@ -5240,9 +5238,8 @@ lemma sendIPC_ccorres [corres]: set_ep_valid_objs' setEndpoint_valid_mdb' | wp (once) hoare_drop_imp | strengthen sch_act_wf_weak)+ - apply (fastforce simp: guard_is_UNIV_def ThreadState_Inactive_def Collect_const_mem - ThreadState_Running_def mask_def - option_to_ptr_def option_to_0_def + apply (fastforce simp: guard_is_UNIV_def ThreadState_defs Collect_const_mem mask_def + option_to_ptr_def option_to_0_def split: bool.split_asm) \ \IdleEP case\ @@ -5399,7 +5396,7 @@ lemma receiveIPC_block_ccorres_helper: apply (erule(1) rf_sr_tcb_update_no_queue_gen, (simp add: typ_heap_simps)+) apply (simp add: tcb_cte_cases_def cteSizeBits_def) apply (simp add: ctcb_relation_def cthread_state_relation_def ccap_relation_ep_helpers - ThreadState_BlockedOnReceive_def cap_get_tag_isCap mask_shiftl_decompose + ThreadState_defs cap_get_tag_isCap mask_shiftl_decompose Suc_canonical_bit_fold canonical_make_canonical_idem) apply (clarsimp simp: mask_def) apply ceqv @@ -6021,9 +6018,8 @@ lemma receiveIPC_ccorres [corres]: apply (ctac add: possibleSwitchTo_ccorres) apply (wpsimp wp: sts_st_tcb' sts_valid_queues) apply (vcg exspec=setThreadState_modifies) - apply (fastforce simp: guard_is_UNIV_def ThreadState_Inactive_def - mask_def ThreadState_Running_def cap_get_tag_isCap - ccap_relation_ep_helpers) + apply (fastforce simp: guard_is_UNIV_def ThreadState_defs mask_def + cap_get_tag_isCap ccap_relation_ep_helpers) apply (clarsimp simp: valid_tcb_state'_def) apply (rule_tac Q="\_. valid_pspace' and valid_queues and st_tcb_at' ((=) sendState) sender and tcb_at' thread @@ -6347,10 +6343,9 @@ lemma sendSignal_ccorres [corres]: apply (clarsimp simp: guard_is_UNIV_def option_to_ctcb_ptr_def AARCH64_H.badgeRegister_def C_register_defs AARCH64.badgeRegister_def AARCH64.capRegister_def - "StrictC'_thread_state_defs"less_mask_eq - Collect_const_mem) + ThreadState_defs less_mask_eq Collect_const_mem) apply (case_tac ts, simp_all add: receiveBlocked_def typ_heap_simps - cthread_state_relation_def "StrictC'_thread_state_defs")[1] + cthread_state_relation_def ThreadState_defs)[1] \ \ActiveNtfn case\ apply (rename_tac old_badge) apply (rule ccorres_cond_false) @@ -6408,7 +6403,7 @@ lemma sendSignal_ccorres [corres]: sts_valid_queues tcb_in_cur_domain'_lift)[1] apply (wp sts_valid_queues sts_runnable) apply (wp setThreadState_st_tcb set_ntfn_valid_objs' | clarsimp)+ - apply (clarsimp simp: guard_is_UNIV_def ThreadState_Running_def mask_def + apply (clarsimp simp: guard_is_UNIV_def ThreadState_defs mask_def badgeRegister_def C_register_defs AARCH64.badgeRegister_def AARCH64.capRegister_def) apply (clarsimp simp: guard_is_UNIV_def NtfnState_Idle_def @@ -6463,7 +6458,7 @@ lemma receiveSignal_block_ccorres_helper: (simp add: typ_heap_simps')+) apply (simp add: tcb_cte_cases_def cteSizeBits_def) apply (simp add: ctcb_relation_def cthread_state_relation_def mask_shiftl_decompose - ThreadState_BlockedOnNotification_def Suc_canonical_bit_fold + ThreadState_defs Suc_canonical_bit_fold canonical_make_canonical_idem flip: canonical_bit_def) apply (simp add: mask_def) diff --git a/proof/crefine/AARCH64/Recycle_C.thy b/proof/crefine/AARCH64/Recycle_C.thy index df0103866a..777bfd491b 100644 --- a/proof/crefine/AARCH64/Recycle_C.thy +++ b/proof/crefine/AARCH64/Recycle_C.thy @@ -732,7 +732,7 @@ lemma ctcb_relation_blocking_ipc_badge: apply (simp add: isBlockedOnSend_def split: Structures_H.thread_state.split_asm) apply (clarsimp simp: cthread_state_relation_def) apply (clarsimp simp add: ctcb_relation_def cthread_state_relation_def) - apply (cases "tcbState tcb", simp_all add: "StrictC'_thread_state_defs") + apply (cases "tcbState tcb", simp_all add: ThreadState_defs) done lemma cendpoint_relation_q_cong: diff --git a/proof/crefine/AARCH64/Refine_C.thy b/proof/crefine/AARCH64/Refine_C.thy index a02f75905c..5650fe6b15 100644 --- a/proof/crefine/AARCH64/Refine_C.thy +++ b/proof/crefine/AARCH64/Refine_C.thy @@ -1013,15 +1013,7 @@ lemma ct_running'_C: apply (frule (1) map_to_ko_atI') apply (erule obj_at'_weakenE) apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: - ThreadState_Running_def - ThreadState_BlockedOnReceive_def - ThreadState_BlockedOnSend_def - ThreadState_BlockedOnReply_def - ThreadState_BlockedOnNotification_def - ThreadState_Inactive_def - ThreadState_IdleThreadState_def - ThreadState_Restart_def) + apply (case_tac "tcbState ko"; simp add: ThreadState_defs) done lemma full_invs_both: diff --git a/proof/crefine/AARCH64/Retype_C.thy b/proof/crefine/AARCH64/Retype_C.thy index 3517b0d809..113b78b271 100644 --- a/proof/crefine/AARCH64/Retype_C.thy +++ b/proof/crefine/AARCH64/Retype_C.thy @@ -3487,7 +3487,7 @@ proof - apply (simp add: fbtcb minBound_word) apply (intro conjI) apply (simp add: cthread_state_relation_def thread_state_lift_def - eval_nat_numeral ThreadState_Inactive_def) + eval_nat_numeral ThreadState_defs) apply (clarsimp simp: ccontext_relation_def newContext_def2 carch_tcb_relation_def newArchTCB_def fpu_relation_def cregs_relation_def atcbContextGet_def index_foldr_update) diff --git a/proof/crefine/AARCH64/SR_lemmas_C.thy b/proof/crefine/AARCH64/SR_lemmas_C.thy index fabcff0a28..98ce847f26 100644 --- a/proof/crefine/AARCH64/SR_lemmas_C.thy +++ b/proof/crefine/AARCH64/SR_lemmas_C.thy @@ -1760,7 +1760,6 @@ where | "thread_state_to_tsType (Structures_H.BlockedOnSend oref badge cg cgr isc) = scast ThreadState_BlockedOnSend" | "thread_state_to_tsType (Structures_H.BlockedOnNotification oref) = scast ThreadState_BlockedOnNotification" - lemma ctcb_relation_thread_state_to_tsType: "ctcb_relation tcb ctcb \ tsType_CL (thread_state_lift (tcbState_C ctcb)) = thread_state_to_tsType (tcbState tcb)" unfolding ctcb_relation_def cthread_state_relation_def diff --git a/proof/crefine/AARCH64/Schedule_C.thy b/proof/crefine/AARCH64/Schedule_C.thy index 1ca5ea76e7..cad3f5a57b 100644 --- a/proof/crefine/AARCH64/Schedule_C.thy +++ b/proof/crefine/AARCH64/Schedule_C.thy @@ -121,24 +121,6 @@ lemma switchToThread_ccorres: apply (clarsimp simp: all_invs_but_ct_idle_or_in_cur_domain'_def valid_state'_def) done -lemma get_tsType_ccorres2: - "ccorres (\r r'. r' = thread_state_to_tsType r) ret__unsigned_longlong_' (tcb_at' thread) - (UNIV \ {s. f s = tcb_ptr_to_ctcb_ptr thread} \ - {s. cslift s (Ptr &(f s\[''tcbState_C''])) = Some (thread_state_' s)}) [] - (getThreadState thread) (Call thread_state_get_tsType_'proc)" - unfolding getThreadState_def - apply (rule ccorres_from_spec_modifies [where P=\, simplified]) - apply (rule thread_state_get_tsType_spec) - apply (rule thread_state_get_tsType_modifies) - apply simp - apply (frule (1) obj_at_cslift_tcb) - apply (clarsimp simp: typ_heap_simps) - apply (rule bexI [rotated, OF threadGet_eq], assumption) - apply simp - apply (drule ctcb_relation_thread_state_to_tsType) - apply simp - done - lemma activateThread_ccorres: "ccorres dc xfdc (ct_in_state' activatable' and (\s. sch_act_wf (ksSchedulerAction s) s) @@ -148,7 +130,7 @@ lemma activateThread_ccorres: (Call activateThread_'proc)" apply (cinit) apply (rule ccorres_pre_getCurThread) - apply (ctac add: get_tsType_ccorres2 [where f="\s. ksCurThread_' (globals s)"]) + apply (ctac add: get_tsType_ccorres [where f="\s. ksCurThread_' (globals s)"]) apply (rule_tac P="activatable' rv" in ccorres_gen_asm) apply (wpc) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) @@ -158,7 +140,7 @@ lemma activateThread_ccorres: apply (rule ccorres_cond_true) apply (rule ccorres_return_Skip) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) - apply (simp add: "StrictC'_thread_state_defs" del: Collect_const) + apply (simp add: ThreadState_defs del: Collect_const) apply (rule ccorres_cond_false) apply (rule ccorres_cond_false) apply (rule ccorres_cond_true) @@ -166,7 +148,7 @@ lemma activateThread_ccorres: apply (rule allI, rule conseqPre, vcg) apply (clarsimp simp: activateIdleThread_def return_def) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) - apply (simp add: "StrictC'_thread_state_defs" del: Collect_const) + apply (simp add: ThreadState_defs del: Collect_const) apply (rule ccorres_cond_false) apply (rule ccorres_cond_true) apply (rule ccorres_rhs_assoc)+ @@ -189,7 +171,7 @@ lemma activateThread_ccorres: apply (subgoal_tac "ksCurThread_' (globals s') = tcb_ptr_to_ctcb_ptr (ksCurThread s)") prefer 2 apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def) - apply (clarsimp simp: typ_heap_simps ThreadState_Running_def mask_def) + apply (clarsimp simp: typ_heap_simps ThreadState_defs mask_def) done lemma ceqv_Guard_UNIV_Skip: @@ -742,10 +724,10 @@ lemma timerTick_ccorres: supply subst_all [simp del] apply (cinit) apply (rule ccorres_pre_getCurThread) - apply (ctac add: get_tsType_ccorres2 [where f="\s. ksCurThread_' (globals s)"]) + apply (ctac add: get_tsType_ccorres [where f="\s. ksCurThread_' (globals s)"]) apply (rule ccorres_split_nothrow_novcg) apply wpc - apply (simp add: "StrictC'_thread_state_defs", rule ccorres_cond_false, rule ccorres_return_Skip)+ + apply (simp add: ThreadState_defs, rule ccorres_cond_false, rule ccorres_return_Skip)+ (* thread_state.Running *) apply simp apply (rule ccorres_cond_true) @@ -777,7 +759,7 @@ lemma timerTick_ccorres: threadSet_pred_tcb_at_state tcbSchedAppend_valid_objs' threadSet_valid_objs' threadSet_tcbDomain_triv | clarsimp simp: st_tcb_at'_def o_def split: if_splits)+ apply (vcg exspec=tcbSchedDequeue_modifies) - apply (simp add: "StrictC'_thread_state_defs", rule ccorres_cond_false, rule ccorres_return_Skip)+ + apply (simp add: ThreadState_defs, rule ccorres_cond_false, rule ccorres_return_Skip)+ apply ceqv apply (clarsimp simp: decDomainTime_def numDomains_sge_1_simp) apply (rule ccorres_when[where R=\]) diff --git a/proof/crefine/AARCH64/SyscallArgs_C.thy b/proof/crefine/AARCH64/SyscallArgs_C.thy index 1fabcfce1e..7a38327aa9 100644 --- a/proof/crefine/AARCH64/SyscallArgs_C.thy +++ b/proof/crefine/AARCH64/SyscallArgs_C.thy @@ -416,11 +416,13 @@ lemma is_syscall_error_codes: by ((rule iffD2[OF is_syscall_error_code_def], intro allI, rule conseqPre, vcg, safe, (simp_all add: o_def)?)+) -lemma syscall_error_throwError_ccorres_direct: +lemma syscall_error_throwError_ccorres_direct_gen: "\ is_syscall_error_code f code; + \x y g. arrel (Inl x) y = (intr_and_se_rel \ g) (Inl x) y; \err' ft'. syscall_error_to_H (f err') ft' = Some err \ \ - ccorres (intr_and_se_rel \ dc) (liftxf errstate id v' ret__unsigned_long_') + ccorres_underlying rf_sr \ rrel xf + arrel (liftxf errstate id v' ret__unsigned_long_') \ (UNIV) (SKIP # hs) (throwError (Inl err)) code" apply (rule ccorres_from_vcg_throws) @@ -430,28 +432,35 @@ lemma syscall_error_throwError_ccorres_direct: apply (simp add: syscall_error_rel_def exception_defs) done -lemma syscall_error_throwError_ccorres_succs: +lemma syscall_error_throwError_ccorres_succs_gen: "\ is_syscall_error_code f code; + \x y g. arrel (Inl x) y = (intr_and_se_rel \ g) (Inl x) y; \err' ft'. syscall_error_to_H (f err') ft' = Some err \ \ - ccorres (intr_and_se_rel \ dc) (liftxf errstate id v' ret__unsigned_long_') + ccorres_underlying rf_sr \ rrel xf + arrel (liftxf errstate id v' ret__unsigned_long_') \ (UNIV) (SKIP # hs) (throwError (Inl err)) (code ;; remainder)" apply (rule ccorres_guard_imp2, rule ccorres_split_throws) - apply (erule syscall_error_throwError_ccorres_direct) - apply simp + apply (erule syscall_error_throwError_ccorres_direct_gen; assumption) apply (rule HoarePartialProps.augment_Faults) apply (erule iffD1[OF is_syscall_error_code_def, THEN spec]) apply simp+ done -lemmas syscall_error_throwError_ccorres_n = - is_syscall_error_codes[THEN syscall_error_throwError_ccorres_direct, +lemmas syscall_error_throwError_ccorres_n_gen = + is_syscall_error_codes[THEN syscall_error_throwError_ccorres_direct_gen, simplified o_apply] - is_syscall_error_codes[THEN syscall_error_throwError_ccorres_succs, + is_syscall_error_codes[THEN syscall_error_throwError_ccorres_succs_gen, simplified o_apply] +lemmas syscall_error_throwError_ccorres_n = + syscall_error_throwError_ccorres_n_gen[where arrel="intr_and_se_rel \ dc", simplified] + +lemmas syscall_error_throwError_ccorres_n_inl_rrel = + syscall_error_throwError_ccorres_n_gen[where arrel="inl_rrel (intr_and_se_rel \ dc)", simplified] + definition idButNot :: "'a \ 'a" where "idButNot x = x" diff --git a/proof/crefine/AARCH64/Syscall_C.thy b/proof/crefine/AARCH64/Syscall_C.thy index b79464ffd9..6e561786b8 100644 --- a/proof/crefine/AARCH64/Syscall_C.thy +++ b/proof/crefine/AARCH64/Syscall_C.thy @@ -317,7 +317,7 @@ lemma decodeInvocation_ccorres: apply fastforce apply (simp add: cap_lift_capEPBadge_mask_eq) apply (clarsimp simp: rf_sr_ksCurThread Collect_const_mem - cap_get_tag_isCap "StrictC'_thread_state_defs") + cap_get_tag_isCap ThreadState_defs) apply (frule word_unat.Rep_inverse') apply (simp add: cap_get_tag_isCap[symmetric] cap_get_tag_ReplyCap) apply (rule conjI) @@ -490,7 +490,7 @@ lemma handleInvocation_def2: lemma thread_state_to_tsType_eq_Restart: "(thread_state_to_tsType ts = scast ThreadState_Restart) = (ts = Restart)" - by (cases ts, simp_all add: "StrictC'_thread_state_defs") + by (cases ts, simp_all add: ThreadState_defs) lemma wordFromMessageInfo_spec: "\s. \\ {s} Call wordFromMessageInfo_'proc @@ -521,7 +521,7 @@ lemma handleDoubleFault_ccorres: apply (simp add: getRestartPC_def) apply wp apply clarsimp - apply (simp add: ThreadState_Inactive_def) + apply (simp add: ThreadState_defs) apply (fastforce simp: valid_tcb_state'_def) done @@ -901,7 +901,7 @@ lemma handleInvocation_ccorres: apply auto[1] apply clarsimp apply (clarsimp simp: guard_is_UNIV_def Collect_const_mem) - apply (simp add: "StrictC'_thread_state_defs" mask_def) + apply (simp add: ThreadState_defs mask_def) apply (simp add: typ_heap_simps) apply (case_tac ts, simp_all add: cthread_state_relation_def)[1] apply (clarsimp simp: guard_is_UNIV_def Collect_const_mem) diff --git a/proof/crefine/AARCH64/TcbAcc_C.thy b/proof/crefine/AARCH64/TcbAcc_C.thy index 7dfeedc197..5e517d69d8 100644 --- a/proof/crefine/AARCH64/TcbAcc_C.thy +++ b/proof/crefine/AARCH64/TcbAcc_C.thy @@ -90,22 +90,22 @@ lemma archThreadGet_eq: apply simp done -lemma get_tsType_ccorres [corres]: +lemma get_tsType_ccorres[corres]: "ccorres (\r r'. r' = thread_state_to_tsType r) ret__unsigned_longlong_' (tcb_at' thread) - (UNIV \ {s. thread_state_ptr_' s = Ptr &(tcb_ptr_to_ctcb_ptr thread\[''tcbState_C''])}) [] - (getThreadState thread) (Call thread_state_ptr_get_tsType_'proc)" + ({s. f s = tcb_ptr_to_ctcb_ptr thread} \ + {s. cslift s (Ptr &(f s\[''tcbState_C''])) = Some (thread_state_' s)}) [] + (getThreadState thread) (Call thread_state_get_tsType_'proc)" unfolding getThreadState_def - apply (rule ccorres_from_spec_modifies) - apply (rule thread_state_ptr_get_tsType_spec) - apply (rule thread_state_ptr_get_tsType_modifies) - apply simp - apply (frule (1) obj_at_cslift_tcb) - apply (clarsimp simp: typ_heap_simps) + apply (rule ccorres_from_spec_modifies [where P=\, simplified]) + apply (rule thread_state_get_tsType_spec) + apply (rule thread_state_get_tsType_modifies) + apply simp apply (frule (1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (rule bexI [rotated, OF threadGet_eq], assumption) apply simp - apply (erule ctcb_relation_thread_state_to_tsType) + apply (drule ctcb_relation_thread_state_to_tsType) + apply simp done lemma threadGet_obj_at2: diff --git a/proof/crefine/AARCH64/Tcb_C.thy b/proof/crefine/AARCH64/Tcb_C.thy index c6458eaa9d..f1406c13ad 100644 --- a/proof/crefine/AARCH64/Tcb_C.thy +++ b/proof/crefine/AARCH64/Tcb_C.thy @@ -1083,7 +1083,7 @@ lemma restart_ccorres: apply fastforce apply (rule ccorres_return_Skip) apply (wp hoare_drop_imps) - apply (auto simp: Collect_const_mem mask_def "StrictC'_thread_state_defs") + apply (auto simp: Collect_const_mem mask_def ThreadState_defs) done lemma setNextPC_ccorres: @@ -2100,7 +2100,7 @@ shows apply (rule allI, rule conseqPre, vcg) apply (clarsimp simp: return_def) apply (wp | simp add: valid_tcb_state'_def)+ - apply (clarsimp simp: ThreadState_Running_def mask_def) + apply (clarsimp simp: ThreadState_defs mask_def) apply (rule mapM_x_wp') apply (rule hoare_pre) apply (wp sch_act_wf_lift valid_queues_lift tcb_in_cur_domain'_lift) @@ -2167,8 +2167,7 @@ shows apply (rule ccorres_inst[where P=\ and P'=UNIV], simp) apply (simp add: performTransfer_def) apply wp - apply (simp add: Collect_const_mem "StrictC'_thread_state_defs" - mask_def) + apply (simp add: Collect_const_mem ThreadState_defs mask_def) apply vcg apply (rule_tac Q="\rv. invs' and st_tcb_at' ((=) Restart) thread and tcb_at' target" in hoare_post_imp) @@ -2288,7 +2287,7 @@ lemma decodeReadRegisters_ccorres: apply wp apply (vcg exspec=getSyscallArg_modifies) apply (clarsimp simp: Collect_const_mem rf_sr_ksCurThread - "StrictC'_thread_state_defs" word_sless_def word_sle_def + ThreadState_defs word_sless_def word_sle_def mask_eq_iff_w2p word_size isCap_simps ReadRegistersFlags_defs tcb_at_invs' cap_get_tag_isCap capTCBPtr_eq) @@ -2397,7 +2396,7 @@ lemma decodeWriteRegisters_ccorres: apply (vcg exspec=getSyscallArg_modifies) apply (clarsimp simp: Collect_const_mem ct_in_state'_def pred_tcb_at') apply (simp add: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) - apply (clarsimp simp: valid_cap'_def "StrictC'_thread_state_defs" + apply (clarsimp simp: valid_cap'_def ThreadState_defs mask_eq_iff_w2p word_size rf_sr_ksCurThread WriteRegisters_resume_def word_sle_def word_sless_def numeral_eqs) @@ -2533,7 +2532,7 @@ lemma decodeCopyRegisters_ccorres: elim!: pred_tcb'_weakenE dest!: st_tcb_at_idle_thread' interpret_excaps_eq)[1] apply (clarsimp simp: word_sle_def CopyRegistersFlags_defs word_sless_def - "StrictC'_thread_state_defs" rf_sr_ksCurThread + ThreadState_defs rf_sr_ksCurThread split: if_split) apply (drule interpret_excaps_eq) apply (clarsimp simp: mask_def excaps_map_def split_def ccap_rights_relation_def @@ -3131,7 +3130,7 @@ lemma decodeTCBConfigure_ccorres: ptr_val_tcb_ptr_mask2[unfolded mask_def objBits_defs, simplified] tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - StrictC'_thread_state_defs mask_eq_iff_w2p word_size + ThreadState_defs mask_eq_iff_w2p word_size from_bool_all_helper all_ex_eq_helper ucast_ucast_mask objBits_defs) apply (subgoal_tac "args \ [] \ extraCaps \ []") @@ -3180,7 +3179,7 @@ lemma decodeTCBConfigure_ccorres: capTCBPtr_eq tcb_ptr_to_ctcb_ptr_mask tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - StrictC'_thread_state_defs mask_eq_iff_w2p word_size + ThreadState_defs mask_eq_iff_w2p word_size from_bool_all_helper) apply (frule(1) tcb_at_h_t_valid [OF tcb_at_invs']) apply (clarsimp simp: typ_heap_simps numeral_eqs isCap_simps valid_cap'_def capAligned_def @@ -3626,7 +3625,7 @@ lemma decodeSetSchedParams_ccorres: elim!: obj_at'_weakenE pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (clarsimp simp: interpret_excaps_eq excaps_map_def) - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size option_to_0_def) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size option_to_0_def) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (clarsimp simp: valid_cap'_def capAligned_def interpret_excaps_eq excaps_map_def) @@ -3772,11 +3771,10 @@ lemma decodeSetIPCBuffer_ccorres: valid_mdb_ctes_def no_0_def excaps_map_def elim: pred_tcb'_weakenE dest!: st_tcb_at_idle_thread' dest!: interpret_excaps_eq)[1] - apply (clarsimp simp: option_to_0_def rf_sr_ksCurThread word_sless_def - word_sle_def ThreadState_Restart_def mask_def) + apply (clarsimp simp: option_to_0_def rf_sr_ksCurThread word_sless_def word_sle_def mask_def) apply (rule conjI[rotated], clarsimp+) apply (drule interpret_excaps_eq[rule_format, where n=0], simp add: excaps_map_Nil) - apply (simp add: mask_def "StrictC'_thread_state_defs" excaps_map_def) + apply (simp add: mask_def ThreadState_defs excaps_map_def) apply (clarsimp simp: ccap_rights_relation_def rightsFromWord_wordFromRights cap_get_tag_isCap) apply (frule cap_get_tag_to_H, subst cap_get_tag_isCap, assumption, assumption) @@ -3933,10 +3931,10 @@ lemma decodeUnbindNotification_ccorres: apply (clarsimp simp: isCap_simps) apply (frule cap_get_tag_isCap_unfolded_H_cap) apply (auto simp: ctcb_relation_def typ_heap_simps cap_get_tag_ThreadCap ct_in_state'_def - option_to_ptr_def option_to_0_def ThreadState_Restart_def - mask_def rf_sr_ksCurThread valid_tcb_state'_def - elim!: pred_tcb'_weakenE - dest!: valid_objs_boundNTFN_NULL) + option_to_ptr_def option_to_0_def ThreadState_defs + mask_def rf_sr_ksCurThread valid_tcb_state'_def + elim!: pred_tcb'_weakenE + dest!: valid_objs_boundNTFN_NULL) done lemma nTFN_case_If_ptr: @@ -4098,7 +4096,7 @@ lemma decodeBindNotification_ccorres: apply (clarsimp simp: throwError_def return_def syscall_error_rel_def syscall_error_to_H_cases exception_defs) apply (clarsimp simp add: guard_is_UNIV_def isWaitingNtfn_def - ThreadState_Restart_def mask_def + ThreadState_defs mask_def rf_sr_ksCurThread capTCBPtr_eq) apply (simp add: hd_conv_nth bindE_bind_linearise nTFN_case_If_ptr throwError_bind invocationCatch_def) apply (rule ccorres_from_vcg_split_throws[where P=\ and P'=UNIV]) @@ -4422,7 +4420,7 @@ lemma decodeSetSpace_ccorres: rightsFromWord_wordFromRights capTCBPtr_eq tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - "StrictC'_thread_state_defs" mask_eq_iff_w2p word_size) + ThreadState_defs mask_eq_iff_w2p word_size) apply (simp add: word_sle_def cap_get_tag_isCap) apply (subgoal_tac "args \ []") apply (clarsimp simp: hd_conv_nth) diff --git a/proof/crefine/ARM/ADT_C.thy b/proof/crefine/ARM/ADT_C.thy index b45a62fcd7..284ef17f60 100644 --- a/proof/crefine/ARM/ADT_C.thy +++ b/proof/crefine/ARM/ADT_C.thy @@ -766,11 +766,7 @@ lemma cthread_state_rel_imp_eq: "cthread_state_relation x z \ cthread_state_relation y z \ x=y" apply (simp add: cthread_state_relation_def split_def) apply (cases x) - apply (cases y, simp_all add: ThreadState_BlockedOnReceive_def - ThreadState_BlockedOnReply_def ThreadState_BlockedOnNotification_def - ThreadState_Running_def ThreadState_Inactive_def - ThreadState_IdleThreadState_def ThreadState_BlockedOnSend_def - ThreadState_Restart_def)+ + apply (cases y, simp_all add: ThreadState_defs)+ done lemma ksPSpace_valid_objs_tcbBoundNotification_nonzero: diff --git a/proof/crefine/ARM/Arch_C.thy b/proof/crefine/ARM/Arch_C.thy index 5caca99996..0833cdfec0 100644 --- a/proof/crefine/ARM/Arch_C.thy +++ b/proof/crefine/ARM/Arch_C.thy @@ -840,7 +840,7 @@ lemma decodeARMPageTableInvocation_ccorres: slotcap_in_mem_def) apply (auto dest: ctes_of_valid')[1] apply (rule conjI) - apply (clarsimp simp: rf_sr_ksCurThread "StrictC'_thread_state_defs" + apply (clarsimp simp: rf_sr_ksCurThread ThreadState_defs mask_eq_iff_w2p word_size ct_in_state'_def st_tcb_at'_def word_sle_def word_sless_def @@ -866,7 +866,7 @@ lemma decodeARMPageTableInvocation_ccorres: apply (subst array_assertion_abs_pd, erule conjI, simp add: unat_eq_0 unat_shiftr_le_bound pdBits_def pageBits_def pdeBits_def) apply (clarsimp simp: rf_sr_ksCurThread mask_def[where n=4] - "StrictC'_thread_state_defs" + ThreadState_defs ccap_relation_def cap_to_H_def cap_lift_page_table_cap word_bw_assocs shiftr_shiftl1 mask_def[where n=18]) @@ -1981,7 +1981,7 @@ lemma performPageGetAddress_ccorres: apply clarsimp apply (vcg exspec=setRegister_modifies) apply wpsimp - apply (clarsimp simp: ThreadState_Running_def) + apply clarsimp apply (vcg exspec=lookupIPCBuffer_modifies) apply clarsimp apply vcg @@ -1993,7 +1993,7 @@ lemma performPageGetAddress_ccorres: seL4_MessageInfo_lift_def message_info_to_H_def mask_def) apply (cases isCall) apply (auto simp: ARM.badgeRegister_def ARM_H.badgeRegister_def Kernel_C.badgeRegister_def - Kernel_C.R0_def fromPAddr_def ThreadState_Running_def + Kernel_C.R0_def fromPAddr_def ThreadState_defs pred_tcb_at'_def obj_at'_def projectKOs ct_in_state'_def) done @@ -2788,7 +2788,7 @@ lemma decodeARMFrameInvocation_ccorres: done (* C side *) - apply (clarsimp simp: rf_sr_ksCurThread "StrictC'_thread_state_defs" mask_eq_iff_w2p + apply (clarsimp simp: rf_sr_ksCurThread ThreadState_defs mask_eq_iff_w2p word_size word_less_nat_alt from_bool_0 excaps_map_def cte_wp_at_ctes_of) apply (frule ctes_of_valid', clarsimp) apply (drule_tac t="cteCap ctea" in sym) @@ -3211,7 +3211,7 @@ lemma decodeARMPageDirectoryInvocation_ccorres: typ_heap_simps' shiftl_t2n[where n=2] field_simps elim!: ccap_relationE) apply (intro conjI impI allI) - apply (clarsimp simp: ThreadState_Restart_def less_mask_eq rf_sr_ksCurThread + apply (clarsimp simp: ThreadState_defs less_mask_eq rf_sr_ksCurThread resolve_ret_rel_def framesize_from_to_H framesize_from_H_mask2 to_option_def rel_option_alt_def to_bool_def typ_heap_simps' split: option.splits if_splits @@ -3226,7 +3226,7 @@ lemma decodeARMPageDirectoryInvocation_ccorres: typ_heap_simps' shiftl_t2n[where n=2] field_simps elim!: ccap_relationE) apply (intro conjI impI allI) - apply (clarsimp simp: ThreadState_Restart_def less_mask_eq rf_sr_ksCurThread + apply (clarsimp simp: less_mask_eq rf_sr_ksCurThread resolve_ret_rel_def framesize_from_to_H framesize_from_H_mask2 to_option_def rel_option_alt_def to_bool_def typ_heap_simps' @@ -3242,7 +3242,7 @@ lemma decodeARMPageDirectoryInvocation_ccorres: typ_heap_simps' shiftl_t2n[where n=2] field_simps elim!: ccap_relationE) apply (intro conjI impI allI) - apply (clarsimp simp: ThreadState_Restart_def less_mask_eq rf_sr_ksCurThread + apply (clarsimp simp: ThreadState_defs less_mask_eq rf_sr_ksCurThread resolve_ret_rel_def framesize_from_to_H framesize_from_H_mask2 to_option_def rel_option_alt_def typ_heap_simps' split: option.splits if_splits @@ -3257,7 +3257,7 @@ lemma decodeARMPageDirectoryInvocation_ccorres: typ_heap_simps' shiftl_t2n[where n=2] field_simps elim!: ccap_relationE) apply (intro conjI impI allI) - by (clarsimp simp: ThreadState_Restart_def less_mask_eq rf_sr_ksCurThread + by (clarsimp simp: less_mask_eq rf_sr_ksCurThread resolve_ret_rel_def framesize_from_to_H framesize_from_H_mask2 to_option_def rel_option_alt_def typ_heap_simps' split: option.splits if_splits @@ -3553,8 +3553,7 @@ lemma Arch_decodeInvocation_ccorres: del: Collect_const) apply (simp add: if_1_0_0 from_bool_0 hd_conv_nth length_ineq_not_Nil del: Collect_const) - apply (clarsimp simp: eq_Nil_null[symmetric] asid_high_bits_word_bits hd_conv_nth - ThreadState_Restart_def mask_def) + apply (clarsimp simp: eq_Nil_null[symmetric] asid_high_bits_word_bits hd_conv_nth mask_def) apply wp+ apply (simp add: cap_get_tag_isCap) apply (rule HoarePartial.SeqSwap) @@ -3903,8 +3902,7 @@ lemma Arch_decodeInvocation_ccorres: elim!: pred_tcb'_weakenE)[1] apply (clarsimp simp: cte_wp_at_ctes_of asidHighBits_handy_convs word_sle_def word_sless_def asidLowBits_handy_convs - rf_sr_ksCurThread "StrictC'_thread_state_defs" - mask_def[where n=4] + rf_sr_ksCurThread ThreadState_defs mask_def[where n=4] cong: if_cong) apply (clarsimp simp: ccap_relation_isDeviceCap2 objBits_simps archObjSize_def pageBits_def) apply (rule conjI) diff --git a/proof/crefine/ARM/Fastpath_C.thy b/proof/crefine/ARM/Fastpath_C.thy index 79948463ae..cd2f746a82 100644 --- a/proof/crefine/ARM/Fastpath_C.thy +++ b/proof/crefine/ARM/Fastpath_C.thy @@ -54,7 +54,7 @@ lemma setCTE_tcbContext: apply (rule setObject_cte_obj_at_tcb', simp_all) done -lemma seThreadState_tcbContext: +lemma setThreadState_tcbContext: "\obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t\ setThreadState a b \\_. obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t\" @@ -73,7 +73,7 @@ lemma setBoundNotification_tcbContext: declare comp_apply [simp del] crunch tcbContext[wp]: deleteCallerCap "obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t" (wp: setEndpoint_obj_at_tcb' setBoundNotification_tcbContext - setNotification_tcb crunch_wps seThreadState_tcbContext + setNotification_tcb crunch_wps setThreadState_tcbContext simp: crunch_simps unless_def) declare comp_apply [simp] @@ -796,7 +796,7 @@ lemma thread_state_ptr_set_tsType_np_spec: apply (clarsimp simp: typ_heap_simps') apply (rule exI, rule conjI[OF _ conjI [OF _ refl]]) apply (simp_all add: thread_state_lift_def) - apply (auto simp: "StrictC'_thread_state_defs" mask_def) + apply (auto simp: ThreadState_defs mask_def) done lemma thread_state_ptr_mset_blockingObject_tsType_spec: @@ -2856,7 +2856,7 @@ lemma fastpath_reply_recv_ccorres: apply (clarsimp simp: rf_sr_ksCurThread typ_heap_simps' h_t_valid_clift_Some_iff) apply (clarsimp simp: capAligned_def isCap_simps objBits_simps - "StrictC'_thread_state_defs" mask_def) + ThreadState_defs mask_def) apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def typ_heap_simps' objBits_defs) apply (rule conjI) @@ -2867,7 +2867,7 @@ lemma fastpath_reply_recv_ccorres: apply (simp add: cep_relations_drop_fun_upd) apply (erule cmap_relation_updI, erule ko_at_projectKO_opt) apply (simp add: ctcb_relation_def cthread_state_relation_def - "StrictC'_thread_state_defs") + ThreadState_defs) apply (clarsimp simp: ccap_relation_ep_helpers) apply simp apply (rule conjI, erule cready_queues_relation_not_queue_ptrs) diff --git a/proof/crefine/ARM/Fastpath_Equiv.thy b/proof/crefine/ARM/Fastpath_Equiv.thy index e39857801f..e4fedded83 100644 --- a/proof/crefine/ARM/Fastpath_Equiv.thy +++ b/proof/crefine/ARM/Fastpath_Equiv.thy @@ -49,7 +49,7 @@ lemma setCTE_tcbContext: context begin interpretation Arch . (*FIXME: arch_split*) -lemma seThreadState_tcbContext: +lemma setThreadState_tcbContext: "\obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t\ setThreadState a b \\_. obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t\" @@ -68,7 +68,7 @@ lemma setBoundNotification_tcbContext: declare comp_apply [simp del] crunch tcbContext[wp]: deleteCallerCap "obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t" (wp: setEndpoint_obj_at_tcb' setBoundNotification_tcbContext - setNotification_tcb crunch_wps seThreadState_tcbContext + setNotification_tcb crunch_wps setThreadState_tcbContext simp: crunch_simps unless_def) declare comp_apply [simp] @@ -1558,7 +1558,7 @@ lemma fastpath_callKernel_SysReplyRecv_corres: fastpathBestSwitchCandidate_lift[where f="threadSet f t" for f t] | wps)+)[3] apply (simp cong: rev_conj_cong) - apply (wpsimp wp: seThreadState_tcbContext[simplified comp_apply] + apply (wpsimp wp: setThreadState_tcbContext[simplified comp_apply] setThreadState_oa_queued user_getreg_rv setThreadState_no_sch_change setThreadState_obj_at_unchanged sts_st_tcb_at'_cases sts_bound_tcb_at' diff --git a/proof/crefine/ARM/Finalise_C.thy b/proof/crefine/ARM/Finalise_C.thy index b72f830bd7..d37db8dded 100644 --- a/proof/crefine/ARM/Finalise_C.thy +++ b/proof/crefine/ARM/Finalise_C.thy @@ -239,10 +239,8 @@ next sts_running_valid_queues sts_st_tcb' setThreadState_oa_queued | simp)+ apply (vcg exspec=setThreadState_cslift_spec exspec=tcbSchedEnqueue_cslift_spec) - apply (clarsimp simp: tcb_at_not_NULL - Collect_const_mem valid_tcb_state'_def - ThreadState_Restart_def mask_def - valid_objs'_maxDomain valid_objs'_maxPriority) + apply (clarsimp simp: tcb_at_not_NULL Collect_const_mem valid_tcb_state'_def + ThreadState_defs mask_def valid_objs'_maxDomain valid_objs'_maxPriority) apply (drule(1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (rule conjI) @@ -584,7 +582,7 @@ lemma suspend_ccorres: apply clarsimp apply (rule iffI) apply simp - apply (erule thread_state_to_tsType.elims; simp add: StrictC'_thread_state_defs) + apply (erule thread_state_to_tsType.elims; simp add: ThreadState_defs) apply (ctac (no_vcg) add: updateRestartPC_ccorres) apply (rule ccorres_return_Skip) apply ceqv @@ -620,7 +618,7 @@ lemma suspend_ccorres: apply (fastforce simp: invs_valid_queues' invs_queues invs_valid_objs' valid_tcb_state'_def) apply clarsimp - apply (auto simp: "StrictC'_thread_state_defs") + apply (auto simp: ThreadState_defs) done lemma cap_to_H_NTFNCap_tag: diff --git a/proof/crefine/ARM/Interrupt_C.thy b/proof/crefine/ARM/Interrupt_C.thy index c5b5d8d1e0..71b31a6b1f 100644 --- a/proof/crefine/ARM/Interrupt_C.thy +++ b/proof/crefine/ARM/Interrupt_C.thy @@ -221,7 +221,7 @@ lemma decodeIRQHandlerInvocation_ccorres: apply (clarsimp simp: Collect_const_mem neq_Nil_conv dest!: interpret_excaps_eq) apply (simp add: rf_sr_ksCurThread if_1_0_0 mask_def[where n=4] - "StrictC'_thread_state_defs" cap_get_tag_isCap excaps_map_def + ThreadState_defs cap_get_tag_isCap excaps_map_def word_sless_def word_sle_def) apply (simp add: invocationCatch_def throwError_bind interpret_excaps_test_null Collect_True @@ -252,8 +252,7 @@ lemma decodeIRQHandlerInvocation_ccorres: apply (clarsimp simp: invs_queues invs_valid_objs' ct_in_state'_def ccap_rights_relation_def - mask_def[where n=4] - "StrictC'_thread_state_defs") + mask_def[where n=4] ThreadState_defs) apply (subst pred_tcb'_weakenE, assumption, fastforce)+ apply (clarsimp simp: rf_sr_ksCurThread word_sle_def word_sless_def sysargs_rel_n_def word_less_nat_alt) @@ -586,8 +585,7 @@ lemma Arch_decodeIRQControlInvocation_ccorres: apply (rule syscall_error_throwError_ccorres_n) apply (simp add: syscall_error_to_H_cases) apply (clarsimp simp: interpret_excaps_test_null excaps_map_def - Collect_const_mem word_sless_def word_sle_def - ThreadState_Restart_def unat_of_nat mask_def) + Collect_const_mem word_sless_def word_sle_def unat_of_nat mask_def) apply (rule conjI) apply (simp add: Kernel_C.maxIRQ_def word_le_nat_alt ucast_nat_def unat_ucast) apply (cut_tac unat_lt2p[where x="args ! 3"]) @@ -602,7 +600,7 @@ lemma Arch_decodeIRQControlInvocation_ccorres: dest!: st_tcb_at_idle_thread' interpret_excaps_eq)[1] apply (clarsimp simp: neq_Nil_conv numeral_eqs[symmetric] word_sle_def word_sless_def) apply (drule interpret_excaps_eq[rule_format, where n=0], simp) - apply (clarsimp simp: mask_def[where n=4] "StrictC'_thread_state_defs" + apply (clarsimp simp: mask_def[where n=4] ThreadState_defs rf_sr_ksCurThread ccap_rights_relation_def rightsFromWord_wordFromRights) apply (simp cong: conj_cong) @@ -759,7 +757,7 @@ lemma decodeIRQControlInvocation_ccorres: apply (simp add: syscall_error_to_H_cases) apply (clarsimp simp: interpret_excaps_test_null excaps_map_def Collect_const_mem word_sless_def word_sle_def - ThreadState_Restart_def unat_of_nat mask_def) + unat_of_nat mask_def) apply (rule conjI) apply (simp add: Kernel_C.maxIRQ_def word_le_nat_alt ucast_nat_def unat_ucast) @@ -776,7 +774,7 @@ lemma decodeIRQControlInvocation_ccorres: apply (clarsimp simp: neq_Nil_conv numeral_eqs[symmetric] word_sle_def word_sless_def) apply (drule interpret_excaps_eq[rule_format, where n=0], simp) - apply (clarsimp simp: mask_def[where n=4] "StrictC'_thread_state_defs" + apply (clarsimp simp: mask_def[where n=4] ThreadState_defs rf_sr_ksCurThread ccap_rights_relation_def rightsFromWord_wordFromRights) diff --git a/proof/crefine/ARM/Invoke_C.thy b/proof/crefine/ARM/Invoke_C.thy index 95d9a658ca..024e10c7b8 100644 --- a/proof/crefine/ARM/Invoke_C.thy +++ b/proof/crefine/ARM/Invoke_C.thy @@ -198,7 +198,7 @@ lemma decodeDomainInvocation_ccorres: apply (clarsimp simp: valid_tcb_state'_def invs_valid_queues' invs_valid_objs' invs_queues invs_sch_act_wf' ct_in_state'_def pred_tcb_at' rf_sr_ksCurThread word_sle_def word_sless_def sysargs_rel_to_n - mask_eq_iff_w2p mask_eq_iff_w2p word_size "StrictC'_thread_state_defs") + mask_eq_iff_w2p mask_eq_iff_w2p word_size ThreadState_defs) apply (rule conjI) apply (clarsimp simp: linorder_not_le isCap_simps) apply (rule conjI, clarsimp simp: unat32_eq_of_nat) @@ -1355,7 +1355,7 @@ lemma decodeCNodeInvocation_ccorres: apply (frule interpret_excaps_eq) apply (clarsimp simp: excaps_map_def mask_def[where n=4] ccap_rights_relation_def rightsFromWord_wordFromRights - "StrictC'_thread_state_defs" map_comp_Some_iff + ThreadState_defs map_comp_Some_iff rf_sr_ksCurThread hd_conv_nth hd_drop_conv_nth) apply ((rule conjI | clarsimp simp: rightsFromWord_wordFromRights @@ -3085,8 +3085,7 @@ lemma decodeUntypedInvocation_ccorres_helper: unat_of_nat_APIType_capBits word_size length_ineq_not_Nil not_less word_le_nat_alt isCap_simps valid_cap_simps') apply (strengthen word_of_nat_less) - apply (clarsimp simp: StrictC'_thread_state_defs mask_def - ccap_relation_isDeviceCap2 + apply (clarsimp simp: ThreadState_defs mask_def ccap_relation_isDeviceCap2 split: if_split) apply (intro conjI impI; clarsimp simp: not_less shiftr_eq_0 unat_of_nat_APIType_capBits @@ -3187,8 +3186,7 @@ lemma decodeUntypedInvocation_ccorres_helper: apply (clarsimp simp: hd_drop_conv_nth2 hd_conv_nth neq_Nil_lengthI ct_in_state'_def pred_tcb_at' rf_sr_ksCurThread mask_eq_iff_w2p - "StrictC'_thread_state_defs" numeral_eqs[symmetric] - cap_get_tag_isCap cte_wp_at_ctes_of + numeral_eqs[symmetric] cap_get_tag_isCap cte_wp_at_ctes_of unat_eq_0 ccHoarePost_def) apply (rule conjI) apply (clarsimp simp: linorder_not_less isCap_simps) diff --git a/proof/crefine/ARM/IpcCancel_C.thy b/proof/crefine/ARM/IpcCancel_C.thy index 0f79e156a5..8d60f75ba6 100644 --- a/proof/crefine/ARM/IpcCancel_C.thy +++ b/proof/crefine/ARM/IpcCancel_C.thy @@ -356,7 +356,7 @@ lemma isStopped_ccorres [corres]: apply clarsimp apply (clarsimp simp: typ_heap_simps ctcb_relation_thread_state_to_tsType split: thread_state.splits) - apply (simp add: "StrictC'_thread_state_defs")+ + apply (simp add: ThreadState_defs)+ done lemma isRunnable_ccorres [corres]: @@ -384,7 +384,7 @@ lemma isRunnable_ccorres [corres]: apply (clarsimp) apply (clarsimp simp: typ_heap_simps ctcb_relation_thread_state_to_tsType split: thread_state.splits) - apply (simp add: "StrictC'_thread_state_defs")+ + apply (simp add: ThreadState_defs)+ done @@ -2227,7 +2227,7 @@ lemma scheduleTCB_ccorres': apply (clarsimp simp: typ_heap_simps) apply (subgoal_tac "ksSchedulerAction \ = ResumeCurrentThread") apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def cscheduler_action_relation_def tcb_at_not_NULL split: scheduler_action.split_asm) @@ -2281,7 +2281,7 @@ lemma scheduleTCB_ccorres_valid_queues'_pre: apply (drule (1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def weak_sch_act_wf_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (fold_subgoals (prefix))[6] subgoal premises prems using prems by (clarsimp simp: rf_sr_def cstate_relation_def Let_def @@ -2375,7 +2375,7 @@ lemma scheduleTCB_ccorres_valid_queues'_pre_simple: apply (clarsimp simp: typ_heap_simps) apply (subgoal_tac "ksSchedulerAction \ = ResumeCurrentThread") apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def cscheduler_action_relation_def tcb_at_not_NULL @@ -2474,7 +2474,7 @@ lemma cancelSignal_ccorres [corres]: apply (rule conjI, clarsimp, rule conjI, clarsimp) apply (frule (1) ko_at_valid_ntfn'[OF _ invs_valid_objs']) subgoal by ((auto simp: obj_at'_def projectKOs st_tcb_at'_def invs'_def valid_state'_def - isTS_defs cte_wp_at_ctes_of "StrictC'_thread_state_defs" + isTS_defs cte_wp_at_ctes_of cthread_state_relation_def sch_act_wf_weak valid_ntfn'_def dest!: valid_queues_not_runnable'_not_ksQ[where t=thread] | clarsimp simp: eq_commute)+) @@ -2482,7 +2482,7 @@ lemma cancelSignal_ccorres [corres]: apply (frule (1) ko_at_valid_ntfn'[OF _ invs_valid_objs']) apply (frule (2) ntfn_blocked_in_queueD) by (auto simp: obj_at'_def projectKOs st_tcb_at'_def invs'_def valid_state'_def - isTS_defs cte_wp_at_ctes_of "StrictC'_thread_state_defs" valid_ntfn'_def + isTS_defs cte_wp_at_ctes_of valid_ntfn'_def cthread_state_relation_def sch_act_wf_weak isWaitingNtfn_def dest!: valid_queues_not_runnable'_not_ksQ[where t=thread] split: ntfn.splits option.splits @@ -2912,7 +2912,7 @@ lemma cancelIPC_ccorres1: apply (rule_tac P="rv' = thread_state_to_tsType rv" in ccorres_gen_asm2) apply wpc \ \BlockedOnReceive\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs cong: call_ignore_cong) + apply (simp add: word_sle_def ccorres_cond_iffs cong: call_ignore_cong) apply (rule ccorres_rhs_assoc)+ apply csymbr apply csymbr @@ -2928,7 +2928,7 @@ lemma cancelIPC_ccorres1: apply (ctac (no_vcg) add: cancelIPC_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply (wp hoare_vcg_all_lift set_ep_valid_objs' | simp add: valid_tcb_state'_def split del: if_split)+ - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply vcg apply (rule conseqPre, vcg) apply clarsimp @@ -2938,7 +2938,7 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \BlockedOnReply case\ - apply (simp add: "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: ThreadState_defs ccorres_cond_iffs Collect_False Collect_True word_sle_def cong: call_ignore_cong del: Collect_const) apply (rule ccorres_rhs_assoc)+ @@ -2998,7 +2998,7 @@ lemma cancelIPC_ccorres1: apply (clarsimp simp add: guard_is_UNIV_def tcbReplySlot_def Kernel_C.tcbReply_def tcbCNodeEntries_def) \ \BlockedOnNotification\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong) apply (rule ccorres_symb_exec_r) apply (ctac (no_vcg)) @@ -3008,11 +3008,11 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \Running, Inactive, and Idle\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong, rule ccorres_return_Skip)+ \ \BlockedOnSend\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ccorres_cond_iffs cong: call_ignore_cong) \ \clag\ apply (rule ccorres_rhs_assoc)+ @@ -3029,7 +3029,7 @@ lemma cancelIPC_ccorres1: apply (ctac (no_vcg) add: cancelIPC_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply (wp hoare_vcg_all_lift set_ep_valid_objs' | simp add: valid_tcb_state'_def split del:if_split)+ - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply clarsimp apply (rule conseqPre, vcg, rule subset_refl) apply (rule conseqPre, vcg) @@ -3039,7 +3039,7 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \Restart\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong, rule ccorres_return_Skip) \ \Post wp proofs\ diff --git a/proof/crefine/ARM/Ipc_C.thy b/proof/crefine/ARM/Ipc_C.thy index 4ec3ea85ef..846ab97da4 100644 --- a/proof/crefine/ARM/Ipc_C.thy +++ b/proof/crefine/ARM/Ipc_C.thy @@ -4020,9 +4020,7 @@ proof - apply ((wp threadSet_valid_queues threadSet_sch_act threadSet_valid_queues' hoare_weak_lift_imp threadSet_valid_objs' threadSet_weak_sch_act_wf | simp add: valid_tcb_state'_def)+)[1] - apply (clarsimp simp: guard_is_UNIV_def ThreadState_Restart_def - ThreadState_Inactive_def mask_def - option_to_ctcb_ptr_def) + apply (clarsimp simp: guard_is_UNIV_def ThreadState_defs mask_def option_to_ctcb_ptr_def) apply (rule_tac Q="\rv. valid_queues and tcb_at' receiver and valid_queues' and valid_objs' and sch_act_simple and (\s. ksCurDomain s \ maxDomain) and @@ -4044,7 +4042,7 @@ proof - apply (simp(no_asm_use) add: gs_set_assn_Delete_cstate_relation[unfolded o_def] subset_iff rf_sr_def) apply (clarsimp simp: guard_is_UNIV_def option_to_ptr_def option_to_0_def - ThreadState_Running_def mask_def + ThreadState_defs mask_def ghost_assertion_data_get_def ghost_assertion_data_set_def cap_tag_defs option_to_ctcb_ptr_def split: option.splits) @@ -4138,7 +4136,7 @@ lemma setupCallerCap_ccorres [corres]: Kernel_C.tcbCaller_def) apply simp apply wp - apply (clarsimp simp: Kernel_C.ThreadState_BlockedOnReply_def mask_def + apply (clarsimp simp: ThreadState_defs mask_def valid_pspace'_def tcbReplySlot_def valid_tcb_state'_def Collect_const_mem tcb_cnode_index_defs) @@ -4346,7 +4344,7 @@ lemma sendIPC_block_ccorres_helper: (simp add: typ_heap_simps')+)[1] apply (simp add: tcb_cte_cases_def) apply (simp add: ctcb_relation_def cthread_state_relation_def - ThreadState_BlockedOnSend_def mask_def) + ThreadState_defs mask_def) apply ceqv apply clarsimp apply ctac @@ -4746,10 +4744,9 @@ lemma sendIPC_ccorres [corres]: set_ep_valid_objs' setEndpoint_valid_mdb' | wp (once) hoare_drop_imp | strengthen sch_act_wf_weak)+ - apply (fastforce simp: guard_is_UNIV_def ThreadState_Inactive_def Collect_const_mem - ThreadState_Running_def mask_def from_bool_def - option_to_ptr_def option_to_0_def - split: bool.split_asm) + apply (fastforce simp: guard_is_UNIV_def ThreadState_defs Collect_const_mem + mask_def option_to_ptr_def option_to_0_def + split: bool.split_asm) \ \IdleEP case\ apply (rule ccorres_cond_true) @@ -4901,7 +4898,7 @@ lemma receiveIPC_block_ccorres_helper: apply (erule(1) rf_sr_tcb_update_no_queue_gen, (simp add: typ_heap_simps)+) apply (simp add: tcb_cte_cases_def) apply (simp add: ctcb_relation_def cthread_state_relation_def ccap_relation_ep_helpers - ThreadState_BlockedOnReceive_def mask_def cap_get_tag_isCap) + ThreadState_defs mask_def cap_get_tag_isCap) apply ceqv apply clarsimp apply ctac @@ -5499,9 +5496,8 @@ lemma receiveIPC_ccorres [corres]: apply (ctac add: possibleSwitchTo_ccorres) apply (wpsimp wp: sts_st_tcb' sts_valid_queues) apply (vcg exspec=setThreadState_modifies) - apply (fastforce simp: guard_is_UNIV_def ThreadState_Inactive_def - mask_def ThreadState_Running_def cap_get_tag_isCap - ccap_relation_ep_helpers) + apply (fastforce simp: guard_is_UNIV_def ThreadState_defs mask_def + cap_get_tag_isCap ccap_relation_ep_helpers) apply (clarsimp simp: valid_tcb_state'_def) apply (rule_tac Q="\_. valid_pspace' and valid_queues and st_tcb_at' ((=) sendState) sender and tcb_at' thread @@ -5817,10 +5813,9 @@ lemma sendSignal_ccorres [corres]: apply (clarsimp simp: guard_is_UNIV_def option_to_ctcb_ptr_def ARM_H.badgeRegister_def Kernel_C.badgeRegister_def ARM.badgeRegister_def Kernel_C.R0_def - "StrictC'_thread_state_defs"less_mask_eq - Collect_const_mem) + ThreadState_defs less_mask_eq Collect_const_mem) apply (case_tac ts, simp_all add: receiveBlocked_def typ_heap_simps - cthread_state_relation_def "StrictC'_thread_state_defs")[1] + cthread_state_relation_def ThreadState_defs)[1] \ \ActiveNtfn case\ apply (rename_tac old_badge) apply (rule ccorres_cond_false) @@ -5878,7 +5873,7 @@ lemma sendSignal_ccorres [corres]: sts_valid_queues tcb_in_cur_domain'_lift)[1] apply (wp sts_valid_queues sts_runnable) apply (wp setThreadState_st_tcb set_ntfn_valid_objs' | clarsimp)+ - apply (clarsimp simp: guard_is_UNIV_def ThreadState_Running_def mask_def + apply (clarsimp simp: guard_is_UNIV_def ThreadState_defs mask_def badgeRegister_def Kernel_C.badgeRegister_def ARM.badgeRegister_def Kernel_C.R0_def) apply (clarsimp simp: guard_is_UNIV_def NtfnState_Idle_def @@ -5933,7 +5928,7 @@ lemma receiveSignal_block_ccorres_helper: (simp add: typ_heap_simps')+) apply (simp add: tcb_cte_cases_def) apply (simp add: ctcb_relation_def cthread_state_relation_def - ThreadState_BlockedOnNotification_def mask_def) + ThreadState_defs mask_def) apply ceqv apply clarsimp apply ctac diff --git a/proof/crefine/ARM/Recycle_C.thy b/proof/crefine/ARM/Recycle_C.thy index b1e5e98d21..1eed49e966 100644 --- a/proof/crefine/ARM/Recycle_C.thy +++ b/proof/crefine/ARM/Recycle_C.thy @@ -528,7 +528,7 @@ lemma ctcb_relation_blocking_ipc_badge: apply (simp add: isBlockedOnSend_def split: Structures_H.thread_state.split_asm) apply (clarsimp simp: cthread_state_relation_def) apply (clarsimp simp add: ctcb_relation_def cthread_state_relation_def) - apply (cases "tcbState tcb", simp_all add: "StrictC'_thread_state_defs") + apply (cases "tcbState tcb", simp_all add: ThreadState_defs) done lemma cendpoint_relation_q_cong: @@ -806,7 +806,7 @@ lemma cancelBadgedSends_ccorres: apply (clarsimp simp: typ_heap_simps st_tcb_at'_def) apply (drule(1) obj_at_cslift_tcb) apply (clarsimp simp: ctcb_relation_blocking_ipc_badge) - apply (rule conjI, simp add: "StrictC'_thread_state_defs" mask_def) + apply (rule conjI, simp add: ThreadState_defs mask_def) apply (rule conjI) apply clarsimp apply (frule rf_sr_cscheduler_relation) diff --git a/proof/crefine/ARM/Refine_C.thy b/proof/crefine/ARM/Refine_C.thy index 45cf87e663..f7cfacf590 100644 --- a/proof/crefine/ARM/Refine_C.thy +++ b/proof/crefine/ARM/Refine_C.thy @@ -755,15 +755,7 @@ lemma ct_running'_C: apply (frule (1) map_to_ko_atI') apply (erule obj_at'_weakenE) apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: - ThreadState_Running_def - ThreadState_BlockedOnReceive_def - ThreadState_BlockedOnSend_def - ThreadState_BlockedOnReply_def - ThreadState_BlockedOnNotification_def - ThreadState_Inactive_def - ThreadState_IdleThreadState_def - ThreadState_Restart_def) + apply (case_tac "tcbState ko"; simp add: ThreadState_defs) done lemma full_invs_both: diff --git a/proof/crefine/ARM/Retype_C.thy b/proof/crefine/ARM/Retype_C.thy index baaeaa0efb..8b52dde04e 100644 --- a/proof/crefine/ARM/Retype_C.thy +++ b/proof/crefine/ARM/Retype_C.thy @@ -2912,7 +2912,7 @@ proof - apply (simp add: fbtcb minBound_word) apply (intro conjI) apply (simp add: cthread_state_relation_def thread_state_lift_def - eval_nat_numeral ThreadState_Inactive_def) + eval_nat_numeral ThreadState_defs) apply (simp add: ccontext_relation_def carch_tcb_relation_def) apply (rule allI) subgoal for r diff --git a/proof/crefine/ARM/SR_lemmas_C.thy b/proof/crefine/ARM/SR_lemmas_C.thy index f37cc9137c..5fa807eab5 100644 --- a/proof/crefine/ARM/SR_lemmas_C.thy +++ b/proof/crefine/ARM/SR_lemmas_C.thy @@ -1609,7 +1609,6 @@ where | "thread_state_to_tsType (Structures_H.BlockedOnSend oref badge cg cgr isc) = scast ThreadState_BlockedOnSend" | "thread_state_to_tsType (Structures_H.BlockedOnNotification oref) = scast ThreadState_BlockedOnNotification" - lemma ctcb_relation_thread_state_to_tsType: "ctcb_relation tcb ctcb \ tsType_CL (thread_state_lift (tcbState_C ctcb)) = thread_state_to_tsType (tcbState tcb)" unfolding ctcb_relation_def cthread_state_relation_def diff --git a/proof/crefine/ARM/Schedule_C.thy b/proof/crefine/ARM/Schedule_C.thy index b7c80e2f54..ad4a8c857c 100644 --- a/proof/crefine/ARM/Schedule_C.thy +++ b/proof/crefine/ARM/Schedule_C.thy @@ -86,24 +86,6 @@ lemma switchToThread_ccorres: apply (clarsimp simp: all_invs_but_ct_idle_or_in_cur_domain'_def valid_state'_def) done -lemma get_tsType_ccorres2: - "ccorres (\r r'. r' = thread_state_to_tsType r) ret__unsigned_' (tcb_at' thread) - (UNIV \ {s. f s = tcb_ptr_to_ctcb_ptr thread} \ - {s. cslift s (Ptr &(f s\[''tcbState_C''])) = Some (thread_state_' s)}) [] - (getThreadState thread) (Call thread_state_get_tsType_'proc)" - unfolding getThreadState_def - apply (rule ccorres_from_spec_modifies [where P=\, simplified]) - apply (rule thread_state_get_tsType_spec) - apply (rule thread_state_get_tsType_modifies) - apply simp - apply (frule (1) obj_at_cslift_tcb) - apply (clarsimp simp: typ_heap_simps) - apply (rule bexI [rotated, OF threadGet_eq], assumption) - apply simp - apply (drule ctcb_relation_thread_state_to_tsType) - apply simp - done - lemma activateThread_ccorres: "ccorres dc xfdc (ct_in_state' activatable' and (\s. sch_act_wf (ksSchedulerAction s) s) @@ -113,7 +95,7 @@ lemma activateThread_ccorres: (Call activateThread_'proc)" apply (cinit) apply (rule ccorres_pre_getCurThread) - apply (ctac add: get_tsType_ccorres2 [where f="\s. ksCurThread_' (globals s)"]) + apply (ctac add: get_tsType_ccorres [where f="\s. ksCurThread_' (globals s)"]) apply (rule_tac P="activatable' rv" in ccorres_gen_asm) apply (wpc) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) @@ -123,7 +105,7 @@ lemma activateThread_ccorres: apply (rule ccorres_cond_true) apply (rule ccorres_return_Skip) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) - apply (simp add: "StrictC'_thread_state_defs" del: Collect_const) + apply (simp add: ThreadState_defs del: Collect_const) apply (rule ccorres_cond_false) apply (rule ccorres_cond_false) apply (rule ccorres_cond_true) @@ -131,7 +113,7 @@ lemma activateThread_ccorres: apply (rule allI, rule conseqPre, vcg) apply (clarsimp simp: activateIdleThread_def return_def) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) - apply (simp add: "StrictC'_thread_state_defs" del: Collect_const) + apply (simp add: ThreadState_defs del: Collect_const) apply (rule ccorres_cond_false) apply (rule ccorres_cond_true) apply (rule ccorres_rhs_assoc)+ @@ -154,7 +136,7 @@ lemma activateThread_ccorres: apply (subgoal_tac "ksCurThread_' (globals s') = tcb_ptr_to_ctcb_ptr (ksCurThread s)") prefer 2 apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def) - apply (clarsimp simp: typ_heap_simps ThreadState_Running_def mask_def) + apply (clarsimp simp: typ_heap_simps ThreadState_defs mask_def) done lemma ceqv_remove_tail_Guard_Skip: @@ -680,10 +662,10 @@ lemma timerTick_ccorres: supply subst_all [simp del] apply (cinit) apply (rule ccorres_pre_getCurThread) - apply (ctac add: get_tsType_ccorres2 [where f="\s. ksCurThread_' (globals s)"]) + apply (ctac add: get_tsType_ccorres [where f="\s. ksCurThread_' (globals s)"]) apply (rule ccorres_split_nothrow_novcg) apply wpc - apply (simp add: "StrictC'_thread_state_defs", rule ccorres_cond_false, rule ccorres_return_Skip)+ + apply (simp add: ThreadState_defs, rule ccorres_cond_false, rule ccorres_return_Skip)+ (* thread_state.Running *) apply simp apply (rule ccorres_cond_true) @@ -715,7 +697,7 @@ lemma timerTick_ccorres: threadSet_pred_tcb_at_state tcbSchedAppend_valid_objs' threadSet_valid_objs' threadSet_tcbDomain_triv | clarsimp simp: st_tcb_at'_def o_def split: if_splits)+ apply (vcg exspec=tcbSchedDequeue_modifies) - apply (simp add: "StrictC'_thread_state_defs", rule ccorres_cond_false, rule ccorres_return_Skip)+ + apply (simp add: ThreadState_defs, rule ccorres_cond_false, rule ccorres_return_Skip)+ apply ceqv apply (clarsimp simp: decDomainTime_def numDomains_sge_1_simp) apply (rule ccorres_when[where R=\]) diff --git a/proof/crefine/ARM/SyscallArgs_C.thy b/proof/crefine/ARM/SyscallArgs_C.thy index ac977cc863..59b471f7a0 100644 --- a/proof/crefine/ARM/SyscallArgs_C.thy +++ b/proof/crefine/ARM/SyscallArgs_C.thy @@ -407,11 +407,13 @@ lemma is_syscall_error_codes: by ((rule iffD2[OF is_syscall_error_code_def], intro allI, rule conseqPre, vcg, safe, (simp_all add: o_def)?)+) -lemma syscall_error_throwError_ccorres_direct: +lemma syscall_error_throwError_ccorres_direct_gen: "\ is_syscall_error_code f code; + \x y g. arrel (Inl x) y = (intr_and_se_rel \ g) (Inl x) y; \err' ft'. syscall_error_to_H (f err') ft' = Some err \ \ - ccorres (intr_and_se_rel \ dc) (liftxf errstate id v' ret__unsigned_long_') + ccorres_underlying rf_sr \ rrel xf + arrel (liftxf errstate id v' ret__unsigned_long_') \ (UNIV) (SKIP # hs) (throwError (Inl err)) code" apply (rule ccorres_from_vcg_throws) @@ -421,28 +423,35 @@ lemma syscall_error_throwError_ccorres_direct: apply (simp add: syscall_error_rel_def exception_defs) done -lemma syscall_error_throwError_ccorres_succs: +lemma syscall_error_throwError_ccorres_succs_gen: "\ is_syscall_error_code f code; + \x y g. arrel (Inl x) y = (intr_and_se_rel \ g) (Inl x) y; \err' ft'. syscall_error_to_H (f err') ft' = Some err \ \ - ccorres (intr_and_se_rel \ dc) (liftxf errstate id v' ret__unsigned_long_') + ccorres_underlying rf_sr \ rrel xf + arrel (liftxf errstate id v' ret__unsigned_long_') \ (UNIV) (SKIP # hs) (throwError (Inl err)) (code ;; remainder)" apply (rule ccorres_guard_imp2, rule ccorres_split_throws) - apply (erule syscall_error_throwError_ccorres_direct) - apply simp + apply (erule syscall_error_throwError_ccorres_direct_gen; assumption) apply (rule HoarePartialProps.augment_Faults) apply (erule iffD1[OF is_syscall_error_code_def, THEN spec]) apply simp+ done -lemmas syscall_error_throwError_ccorres_n = - is_syscall_error_codes[THEN syscall_error_throwError_ccorres_direct, +lemmas syscall_error_throwError_ccorres_n_gen = + is_syscall_error_codes[THEN syscall_error_throwError_ccorres_direct_gen, simplified o_apply] - is_syscall_error_codes[THEN syscall_error_throwError_ccorres_succs, + is_syscall_error_codes[THEN syscall_error_throwError_ccorres_succs_gen, simplified o_apply] +lemmas syscall_error_throwError_ccorres_n = + syscall_error_throwError_ccorres_n_gen[where arrel="intr_and_se_rel \ dc", simplified] + +lemmas syscall_error_throwError_ccorres_n_inl_rrel = + syscall_error_throwError_ccorres_n_gen[where arrel="inl_rrel (intr_and_se_rel \ dc)", simplified] + definition idButNot :: "'a \ 'a" where "idButNot x = x" diff --git a/proof/crefine/ARM/Syscall_C.thy b/proof/crefine/ARM/Syscall_C.thy index cdd7f8c900..94d8afeedb 100644 --- a/proof/crefine/ARM/Syscall_C.thy +++ b/proof/crefine/ARM/Syscall_C.thy @@ -311,7 +311,7 @@ lemma decodeInvocation_ccorres: apply fastforce apply (simp add: cap_lift_capEPBadge_mask_eq) apply (clarsimp simp: rf_sr_ksCurThread Collect_const_mem - cap_get_tag_isCap "StrictC'_thread_state_defs") + cap_get_tag_isCap ThreadState_defs) apply (frule word_unat.Rep_inverse') apply (simp add: cap_get_tag_isCap[symmetric] cap_get_tag_ReplyCap) apply (rule conjI) @@ -443,7 +443,7 @@ lemma handleInvocation_def2: lemma thread_state_to_tsType_eq_Restart: "(thread_state_to_tsType ts = scast ThreadState_Restart) = (ts = Restart)" - by (cases ts, simp_all add: "StrictC'_thread_state_defs") + by (cases ts, simp_all add: ThreadState_defs) lemma wordFromMessageInfo_spec: "\s. \\ {s} Call wordFromMessageInfo_'proc @@ -475,7 +475,7 @@ lemma handleDoubleFault_ccorres: apply (simp add: getRestartPC_def) apply wp apply clarsimp - apply (simp add: ThreadState_Inactive_def) + apply (simp add: ThreadState_defs) apply (fastforce simp: valid_tcb_state'_def) done @@ -888,7 +888,7 @@ lemma handleInvocation_ccorres: apply auto[1] apply clarsimp apply (clarsimp simp: guard_is_UNIV_def Collect_const_mem) - apply (simp add: "StrictC'_thread_state_defs" mask_def) + apply (simp add: ThreadState_defs mask_def) apply (simp add: typ_heap_simps) apply (case_tac ts, simp_all add: cthread_state_relation_def)[1] apply (clarsimp simp: guard_is_UNIV_def Collect_const_mem) diff --git a/proof/crefine/ARM/TcbAcc_C.thy b/proof/crefine/ARM/TcbAcc_C.thy index c9e9e58920..8b5e2a2234 100644 --- a/proof/crefine/ARM/TcbAcc_C.thy +++ b/proof/crefine/ARM/TcbAcc_C.thy @@ -49,6 +49,24 @@ lemma threadGet_eq: apply simp done +lemma get_tsType_ccorres[corres]: + "ccorres (\r r'. r' = thread_state_to_tsType r) ret__unsigned_' (tcb_at' thread) + ({s. f s = tcb_ptr_to_ctcb_ptr thread} \ + {s. cslift s (Ptr &(f s\[''tcbState_C''])) = Some (thread_state_' s)}) [] + (getThreadState thread) (Call thread_state_get_tsType_'proc)" + unfolding getThreadState_def + apply (rule ccorres_from_spec_modifies [where P=\, simplified]) + apply (rule thread_state_get_tsType_spec) + apply (rule thread_state_get_tsType_modifies) + apply simp + apply (frule (1) obj_at_cslift_tcb) + apply (clarsimp simp: typ_heap_simps) + apply (rule bexI [rotated, OF threadGet_eq], assumption) + apply simp + apply (drule ctcb_relation_thread_state_to_tsType) + apply simp + done + lemma threadGet_obj_at2: "\\\ threadGet f thread \\v. obj_at' (\t. f t = v) thread\" apply (rule hoare_post_imp) diff --git a/proof/crefine/ARM/Tcb_C.thy b/proof/crefine/ARM/Tcb_C.thy index 8a515d6123..091e0f0967 100644 --- a/proof/crefine/ARM/Tcb_C.thy +++ b/proof/crefine/ARM/Tcb_C.thy @@ -1009,7 +1009,7 @@ lemma restart_ccorres: apply fastforce apply (rule ccorres_return_Skip) apply (wp hoare_drop_imps) - apply (auto simp: Collect_const_mem mask_def "StrictC'_thread_state_defs") + apply (auto simp: Collect_const_mem mask_def ThreadState_defs) done lemma setNextPC_ccorres: @@ -1999,7 +1999,7 @@ shows apply (rule allI, rule conseqPre, vcg) apply (clarsimp simp: return_def) apply (wp | simp add: valid_tcb_state'_def)+ - apply (clarsimp simp: ThreadState_Running_def mask_def) + apply (clarsimp simp: ThreadState_defs mask_def) apply (rule mapM_x_wp') apply (rule hoare_pre) apply (wp sch_act_wf_lift valid_queues_lift tcb_in_cur_domain'_lift) @@ -2066,8 +2066,7 @@ shows apply (rule ccorres_inst[where P=\ and P'=UNIV], simp) apply (simp add: performTransfer_def) apply wp - apply (simp add: Collect_const_mem "StrictC'_thread_state_defs" - mask_def) + apply (simp add: Collect_const_mem ThreadState_defs mask_def) apply vcg apply (rule_tac Q="\rv. invs' and st_tcb_at' ((=) Restart) thread and tcb_at' target" in hoare_post_imp) @@ -2196,7 +2195,7 @@ lemma decodeReadRegisters_ccorres: apply wp apply (vcg exspec=getSyscallArg_modifies) apply (clarsimp simp: Collect_const_mem rf_sr_ksCurThread - "StrictC'_thread_state_defs" word_sless_def word_sle_def + ThreadState_defs word_sless_def word_sle_def mask_eq_iff_w2p word_size isCap_simps ReadRegistersFlags_defs tcb_at_invs' cap_get_tag_isCap capTCBPtr_eq) @@ -2304,7 +2303,7 @@ lemma decodeWriteRegisters_ccorres: apply (vcg exspec=getSyscallArg_modifies) apply (clarsimp simp: Collect_const_mem ct_in_state'_def pred_tcb_at') apply (simp add: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) - apply (clarsimp simp: valid_cap'_def "StrictC'_thread_state_defs" + apply (clarsimp simp: valid_cap'_def ThreadState_defs mask_eq_iff_w2p word_size rf_sr_ksCurThread WriteRegisters_resume_def word_sle_def word_sless_def numeral_eqs @@ -2442,7 +2441,7 @@ lemma decodeCopyRegisters_ccorres: elim!: pred_tcb'_weakenE dest!: st_tcb_at_idle_thread' interpret_excaps_eq)[1] apply (clarsimp simp: word_sle_def CopyRegistersFlags_defs word_sless_def - "StrictC'_thread_state_defs" rf_sr_ksCurThread + ThreadState_defs rf_sr_ksCurThread split: if_split) apply (drule interpret_excaps_eq) apply (clarsimp simp: mask_def excaps_map_def split_def ccap_rights_relation_def @@ -3063,7 +3062,7 @@ lemma decodeTCBConfigure_ccorres: ptr_val_tcb_ptr_mask2[unfolded mask_def objBits_defs, simplified] tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - StrictC'_thread_state_defs mask_eq_iff_w2p word_size + ThreadState_defs mask_eq_iff_w2p word_size from_bool_all_helper all_ex_eq_helper ucast_ucast_mask objBits_defs) apply (subgoal_tac "args \ [] \ extraCaps \ []") @@ -3112,7 +3111,7 @@ lemma decodeTCBConfigure_ccorres: capTCBPtr_eq tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - StrictC'_thread_state_defs mask_eq_iff_w2p word_size + ThreadState_defs mask_eq_iff_w2p word_size from_bool_all_helper) apply (frule(1) tcb_at_h_t_valid [OF tcb_at_invs']) apply (clarsimp simp: typ_heap_simps numeral_eqs isCap_simps valid_cap'_def capAligned_def @@ -3250,7 +3249,7 @@ lemma decodeSetMCPriority_ccorres: elim!: obj_at'_weakenE pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (clarsimp simp: interpret_excaps_eq excaps_map_def) - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size option_to_0_def) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size option_to_0_def) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (clarsimp simp: valid_cap'_def capAligned_def interpret_excaps_eq excaps_map_def) @@ -3383,7 +3382,7 @@ lemma decodeSetPriority_ccorres: elim!: obj_at'_weakenE pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (clarsimp simp: interpret_excaps_eq excaps_map_def) - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size option_to_0_def) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size option_to_0_def) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (clarsimp simp: valid_cap'_def capAligned_def interpret_excaps_eq excaps_map_def) @@ -3541,7 +3540,7 @@ lemma decodeSetSchedParams_ccorres: elim!: obj_at'_weakenE pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (clarsimp simp: interpret_excaps_eq excaps_map_def) - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size option_to_0_def) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size option_to_0_def) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (clarsimp simp: valid_cap'_def capAligned_def interpret_excaps_eq excaps_map_def) @@ -3687,11 +3686,10 @@ lemma decodeSetIPCBuffer_ccorres: valid_mdb_ctes_def no_0_def excaps_map_def elim: pred_tcb'_weakenE dest!: st_tcb_at_idle_thread' dest!: interpret_excaps_eq)[1] - apply (clarsimp simp: option_to_0_def rf_sr_ksCurThread word_sless_def - word_sle_def ThreadState_Restart_def mask_def) + apply (clarsimp simp: option_to_0_def rf_sr_ksCurThread word_sless_def word_sle_def mask_def) apply (rule conjI[rotated], clarsimp+) apply (drule interpret_excaps_eq[rule_format, where n=0], simp add: excaps_map_Nil) - apply (simp add: mask_def "StrictC'_thread_state_defs" excaps_map_def) + apply (simp add: mask_def ThreadState_defs excaps_map_def) apply (clarsimp simp: ccap_rights_relation_def rightsFromWord_wordFromRights cap_get_tag_isCap) apply (frule cap_get_tag_to_H, subst cap_get_tag_isCap, assumption, assumption) @@ -3846,10 +3844,10 @@ lemma decodeUnbindNotification_ccorres: apply (clarsimp simp: isCap_simps) apply (frule cap_get_tag_isCap_unfolded_H_cap) apply (auto simp: ctcb_relation_def typ_heap_simps cap_get_tag_ThreadCap ct_in_state'_def - option_to_ptr_def option_to_0_def ThreadState_Restart_def - mask_def rf_sr_ksCurThread valid_tcb_state'_def - elim!: pred_tcb'_weakenE - dest!: valid_objs_boundNTFN_NULL) + option_to_ptr_def option_to_0_def ThreadState_defs + mask_def rf_sr_ksCurThread valid_tcb_state'_def + elim!: pred_tcb'_weakenE + dest!: valid_objs_boundNTFN_NULL) done lemma nTFN_case_If_ptr: @@ -4007,7 +4005,7 @@ lemma decodeBindNotification_ccorres: apply (clarsimp simp: throwError_def return_def syscall_error_rel_def syscall_error_to_H_cases exception_defs) apply (clarsimp simp add: guard_is_UNIV_def isWaitingNtfn_def - ThreadState_Restart_def mask_def + ThreadState_defs mask_def rf_sr_ksCurThread capTCBPtr_eq) apply (simp add: hd_conv_nth bindE_bind_linearise nTFN_case_If_ptr throwError_bind invocationCatch_def) apply (rule ccorres_from_vcg_split_throws[where P=\ and P'=UNIV]) @@ -4330,7 +4328,7 @@ lemma decodeSetSpace_ccorres: rightsFromWord_wordFromRights capTCBPtr_eq tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - "StrictC'_thread_state_defs" mask_eq_iff_w2p word_size) + ThreadState_defs mask_eq_iff_w2p word_size) apply (simp add: word_sle_def cap_get_tag_isCap) apply (subgoal_tac "args \ []") apply (fastforce simp: hd_conv_nth objBits_defs) @@ -4411,7 +4409,7 @@ lemma decodeSetTLSBase_ccorres: apply (clarsimp simp: ct_in_state'_def sysargs_rel_n_def n_msgRegisters_def) apply (auto simp: valid_tcb_state'_def elim!: pred_tcb'_weakenE)[1] - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (auto simp: unat_eq_0 le_max_word_ucast_id)+ @@ -4563,8 +4561,7 @@ lemma decodeTCBInvocation_ccorres: dest!: st_tcb_at_idle_thread')[1] apply (simp split: sum.split add: cintr_def intr_and_se_rel_def exception_defs syscall_error_rel_def) - apply (simp add: "StrictC'_thread_state_defs" mask_eq_iff_w2p word_size - cap_get_tag_isCap) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size) apply (simp add: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply clarsimp done diff --git a/proof/crefine/ARM_HYP/ADT_C.thy b/proof/crefine/ARM_HYP/ADT_C.thy index 0ceb18e157..9044dc136f 100644 --- a/proof/crefine/ARM_HYP/ADT_C.thy +++ b/proof/crefine/ARM_HYP/ADT_C.thy @@ -813,11 +813,7 @@ lemma cthread_state_rel_imp_eq: "cthread_state_relation x z \ cthread_state_relation y z \ x=y" apply (simp add: cthread_state_relation_def split_def) apply (cases x) - apply (cases y, simp_all add: ThreadState_BlockedOnReceive_def - ThreadState_BlockedOnReply_def ThreadState_BlockedOnNotification_def - ThreadState_Running_def ThreadState_Inactive_def - ThreadState_IdleThreadState_def ThreadState_BlockedOnSend_def - ThreadState_Restart_def)+ + apply (cases y, simp_all add: ThreadState_defs)+ done lemma ksPSpace_valid_objs_tcbBoundNotification_nonzero: diff --git a/proof/crefine/ARM_HYP/Arch_C.thy b/proof/crefine/ARM_HYP/Arch_C.thy index 5468bae776..c792bc031a 100644 --- a/proof/crefine/ARM_HYP/Arch_C.thy +++ b/proof/crefine/ARM_HYP/Arch_C.thy @@ -873,7 +873,7 @@ lemma decodeARMPageTableInvocation_ccorres: slotcap_in_mem_def) apply (auto dest: ctes_of_valid')[1] apply (rule conjI) - apply (clarsimp simp: rf_sr_ksCurThread "StrictC'_thread_state_defs" + apply (clarsimp simp: rf_sr_ksCurThread ThreadState_defs mask_eq_iff_w2p word_size ct_in_state'_def st_tcb_at'_def word_sle_def word_sless_def @@ -899,7 +899,7 @@ lemma decodeARMPageTableInvocation_ccorres: apply (subst array_assertion_abs_pd, erule conjI, simp add: unat_eq_0 unat_shiftr_le_bound table_bits_defs) apply (clarsimp simp: rf_sr_ksCurThread mask_def[where n=4] - "StrictC'_thread_state_defs" + ThreadState_defs ccap_relation_def cap_to_H_def cap_lift_page_table_cap word_bw_assocs shiftr_shiftl1 mask_def[where n=17]) @@ -2223,7 +2223,7 @@ lemma performPageGetAddress_ccorres: apply clarsimp apply (vcg exspec=setRegister_modifies) apply wpsimp - apply (clarsimp simp: ThreadState_Running_def) + apply clarsimp apply (vcg exspec=lookupIPCBuffer_modifies) apply clarsimp apply vcg @@ -2235,7 +2235,7 @@ lemma performPageGetAddress_ccorres: seL4_MessageInfo_lift_def message_info_to_H_def mask_def) apply (cases isCall) apply (auto simp: ARM_HYP.badgeRegister_def ARM_HYP_H.badgeRegister_def Kernel_C.badgeRegister_def - Kernel_C.R0_def fromPAddr_def ThreadState_Running_def + Kernel_C.R0_def fromPAddr_def ThreadState_defs pred_tcb_at'_def obj_at'_def projectKOs ct_in_state'_def) done @@ -3152,7 +3152,7 @@ lemma decodeARMFrameInvocation_ccorres: done (* C side *) - apply (clarsimp simp: rf_sr_ksCurThread "StrictC'_thread_state_defs" mask_eq_iff_w2p + apply (clarsimp simp: rf_sr_ksCurThread ThreadState_defs mask_eq_iff_w2p word_size word_less_nat_alt from_bool_0 excaps_map_def cte_wp_at_ctes_of) apply (frule ctes_of_valid', clarsimp) apply (drule_tac t="cteCap ctea" in sym) @@ -3590,7 +3590,7 @@ lemma decodeARMPageDirectoryInvocation_ccorres: typ_heap_simps' shiftl_t2n[where n=2] field_simps elim!: ccap_relationE) apply (intro conjI impI allI) - apply (clarsimp simp: ThreadState_Restart_def less_mask_eq rf_sr_ksCurThread + apply (clarsimp simp: ThreadState_defs less_mask_eq rf_sr_ksCurThread resolve_ret_rel_def framesize_from_to_H framesize_from_H_mask2 to_option_def rel_option_alt_def to_bool_def typ_heap_simps' split: option.splits if_splits @@ -3605,7 +3605,7 @@ lemma decodeARMPageDirectoryInvocation_ccorres: typ_heap_simps' shiftl_t2n[where n=2] field_simps elim!: ccap_relationE) apply (intro conjI impI allI) - apply (clarsimp simp: ThreadState_Restart_def less_mask_eq rf_sr_ksCurThread + apply (clarsimp simp: less_mask_eq rf_sr_ksCurThread resolve_ret_rel_def framesize_from_to_H framesize_from_H_mask2 to_option_def rel_option_alt_def to_bool_def typ_heap_simps' split: option.splits if_splits @@ -3620,7 +3620,7 @@ lemma decodeARMPageDirectoryInvocation_ccorres: typ_heap_simps' shiftl_t2n[where n=2] field_simps elim!: ccap_relationE) apply (intro conjI impI allI) - apply (clarsimp simp: ThreadState_Restart_def less_mask_eq rf_sr_ksCurThread + apply (clarsimp simp: ThreadState_defs less_mask_eq rf_sr_ksCurThread resolve_ret_rel_def framesize_from_to_H framesize_from_H_mask2 to_option_def rel_option_alt_def to_bool_def typ_heap_simps' split: option.splits if_splits @@ -3635,7 +3635,7 @@ lemma decodeARMPageDirectoryInvocation_ccorres: typ_heap_simps' shiftl_t2n[where n=2] field_simps elim!: ccap_relationE) apply (intro conjI impI allI) - by (clarsimp simp: ThreadState_Restart_def less_mask_eq rf_sr_ksCurThread + by (clarsimp simp: less_mask_eq rf_sr_ksCurThread resolve_ret_rel_def framesize_from_to_H framesize_from_H_mask2 to_option_def rel_option_alt_def typ_heap_simps' split: option.splits if_splits @@ -3925,8 +3925,7 @@ lemma decodeARMMMUInvocation_ccorres: del: Collect_const) apply (simp add: if_1_0_0 from_bool_0 hd_conv_nth length_ineq_not_Nil del: Collect_const) - apply (clarsimp simp: eq_Nil_null[symmetric] asid_high_bits_word_bits hd_conv_nth - ThreadState_Restart_def mask_def) + apply (clarsimp simp: eq_Nil_null[symmetric] asid_high_bits_word_bits hd_conv_nth mask_def) apply wp+ apply (simp add: cap_get_tag_isCap) apply (rule HoarePartial.SeqSwap) @@ -4275,8 +4274,7 @@ lemma decodeARMMMUInvocation_ccorres: elim!: pred_tcb'_weakenE)[1] apply (clarsimp simp: cte_wp_at_ctes_of asidHighBits_handy_convs word_sle_def word_sless_def asidLowBits_handy_convs - rf_sr_ksCurThread "StrictC'_thread_state_defs" - mask_def[where n=4] + rf_sr_ksCurThread ThreadState_defs mask_def[where n=4] cong: if_cong) apply (clarsimp simp: ccap_relation_isDeviceCap2 objBits_simps archObjSize_def pageBits_def) apply (rule conjI) @@ -4501,7 +4499,7 @@ lemma invokeVCPUReadReg_ccorres: (* styled after invokeTCB_ReadRegisters_ccorres apply clarsimp apply (vcg exspec=setRegister_modifies) apply wpsimp - apply (clarsimp simp: ThreadState_Running_def) + apply clarsimp apply (vcg exspec=lookupIPCBuffer_modifies) apply clarsimp apply (wpsimp wp: hoare_vcg_const_imp_lift hoare_vcg_all_lift hoare_vcg_imp_lift) @@ -4512,14 +4510,13 @@ lemma invokeVCPUReadReg_ccorres: (* styled after invokeTCB_ReadRegisters_ccorres apply (rule conseqPre, vcg) apply clarsimp apply (clarsimp simp: invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' - rf_sr_ksCurThread msgRegisters_unfold - seL4_MessageInfo_lift_def message_info_to_H_def mask_def) + rf_sr_ksCurThread msgRegisters_unfold ThreadState_defs + seL4_MessageInfo_lift_def message_info_to_H_def mask_def) apply (cases isCall; clarsimp) apply (rule conjI, clarsimp simp: ct_in_state'_def st_tcb_at'_def comp_def) apply (fastforce simp: obj_at'_def projectKOs) apply (clarsimp simp: Kernel_C.badgeRegister_def ARM_HYP.badgeRegister_def ARM_HYP_H.badgeRegister_def Kernel_C.R0_def) apply (simp add: rf_sr_def cstate_relation_def Let_def) - apply (clarsimp simp: ThreadState_Running_def) apply (rule conjI, clarsimp simp: pred_tcb_at'_def obj_at'_def projectKOs ct_in_state'_def) apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def) done @@ -4608,7 +4605,7 @@ lemma decodeVCPUWriteReg_ccorres: apply (clarsimp simp: word_less_nat_alt word_le_nat_alt conj_commute invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' rf_sr_ksCurThread msgRegisters_unfold - valid_tcb_state'_def ThreadState_Restart_def mask_def) + valid_tcb_state'_def ThreadState_defs mask_def) apply (rule conjI; clarsimp) \ \not enough args\ apply (clarsimp simp: isCap_simps cap_get_tag_isCap capVCPUPtr_eq) apply (subst from_to_enum; clarsimp simp: fromEnum_maxBound_vcpureg_def) @@ -4851,7 +4848,7 @@ lemma decodeVCPUInjectIRQ_ccorres: apply (clarsimp simp: word_less_nat_alt word_le_nat_alt conj_commute invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' rf_sr_ksCurThread msgRegisters_unfold - valid_tcb_state'_def ThreadState_Restart_def mask_def) + valid_tcb_state'_def ThreadState_defs mask_def) apply (frule invs_arch_state') apply (clarsimp simp: valid_arch_state'_def max_armKSGICVCPUNumListRegs_def rf_sr_armKSGICVCPUNumListRegs) @@ -4958,7 +4955,7 @@ lemma decodeVCPUReadReg_ccorres: apply (clarsimp simp: word_le_nat_alt conj_commute invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' rf_sr_ksCurThread msgRegisters_unfold - valid_tcb_state'_def ThreadState_Restart_def mask_def) + valid_tcb_state'_def ThreadState_defs mask_def) apply (rule conjI; clarsimp) \ \no args\ subgoal by (clarsimp simp: isCap_simps cap_get_tag_isCap capVCPUPtr_eq) @@ -5062,7 +5059,7 @@ lemma decodeVCPUSetTCB_ccorres: apply (clarsimp simp: word_less_nat_alt word_le_nat_alt conj_commute invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' rf_sr_ksCurThread msgRegisters_unfold - valid_tcb_state'_def ThreadState_Restart_def mask_def) + valid_tcb_state'_def ThreadState_defs mask_def) apply (clarsimp simp: idButNot_def interpret_excaps_test_null excaps_map_def neq_Nil_conv) apply (rule conjI; clarsimp) @@ -5213,7 +5210,7 @@ proof - apply (clarsimp simp: word_le_nat_alt conj_commute invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' rf_sr_ksCurThread msgRegisters_unfold - valid_tcb_state'_def ThreadState_Restart_def mask_def + valid_tcb_state'_def mask_def valid_cap'_def ct_in_state'_def sysargs_rel_to_n st_tcb_at'_def comp_def runnable'_eq) apply (fastforce elim: obj_at'_weakenE) @@ -5221,7 +5218,7 @@ proof - apply (clarsimp simp: word_le_nat_alt conj_commute invs_no_0_obj' tcb_at_invs' invs_queues invs_valid_objs' invs_sch_act_wf' rf_sr_ksCurThread msgRegisters_unfold - valid_tcb_state'_def ThreadState_Restart_def Kernel_C.maxIRQ_def + valid_tcb_state'_def ThreadState_defs Kernel_C.maxIRQ_def and_mask_eq_iff_le_mask capVCPUPtr_eq) apply (clarsimp simp: mask_def) done diff --git a/proof/crefine/ARM_HYP/Fastpath_C.thy b/proof/crefine/ARM_HYP/Fastpath_C.thy index b125d3047e..117979ae1a 100644 --- a/proof/crefine/ARM_HYP/Fastpath_C.thy +++ b/proof/crefine/ARM_HYP/Fastpath_C.thy @@ -54,7 +54,7 @@ lemma setCTE_tcbContext: apply (rule setObject_cte_obj_at_tcb', simp_all) done -lemma seThreadState_tcbContext: +lemma setThreadState_tcbContext: "\obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t\ setThreadState a b \\_. obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t\" @@ -73,7 +73,7 @@ lemma setBoundNotification_tcbContext: declare comp_apply [simp del] crunch tcbContext[wp]: deleteCallerCap "obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t" (wp: setEndpoint_obj_at_tcb' setBoundNotification_tcbContext - setNotification_tcb crunch_wps seThreadState_tcbContext + setNotification_tcb crunch_wps setThreadState_tcbContext simp: crunch_simps unless_def) declare comp_apply [simp] @@ -841,7 +841,7 @@ lemma thread_state_ptr_set_tsType_np_spec: apply (clarsimp simp: typ_heap_simps') apply (rule exI, rule conjI[OF _ conjI [OF _ refl]]) apply (simp_all add: thread_state_lift_def) - apply (auto simp: "StrictC'_thread_state_defs" mask_def) + apply (auto simp: ThreadState_defs mask_def) done lemma thread_state_ptr_mset_blockingObject_tsType_spec: @@ -2899,7 +2899,7 @@ lemma fastpath_reply_recv_ccorres: apply (clarsimp simp: rf_sr_ksCurThread typ_heap_simps' h_t_valid_clift_Some_iff) apply (clarsimp simp: capAligned_def isCap_simps objBits_simps - "StrictC'_thread_state_defs" mask_def) + ThreadState_defs mask_def) apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def typ_heap_simps' objBits_defs) apply (rule conjI) @@ -2910,7 +2910,7 @@ lemma fastpath_reply_recv_ccorres: apply (simp add: cep_relations_drop_fun_upd) apply (erule cmap_relation_updI, erule ko_at_projectKO_opt) apply (simp add: ctcb_relation_def cthread_state_relation_def - "StrictC'_thread_state_defs") + ThreadState_defs) apply (clarsimp simp: ccap_relation_ep_helpers) apply simp apply (rule conjI, erule cready_queues_relation_not_queue_ptrs) diff --git a/proof/crefine/ARM_HYP/Fastpath_Equiv.thy b/proof/crefine/ARM_HYP/Fastpath_Equiv.thy index 2ade2f9356..7bfd4520e8 100644 --- a/proof/crefine/ARM_HYP/Fastpath_Equiv.thy +++ b/proof/crefine/ARM_HYP/Fastpath_Equiv.thy @@ -49,7 +49,7 @@ lemma setCTE_tcbContext: context begin interpretation Arch . (*FIXME: arch_split*) -lemma seThreadState_tcbContext: +lemma setThreadState_tcbContext: "\obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t\ setThreadState a b \\_. obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t\" @@ -68,7 +68,7 @@ lemma setBoundNotification_tcbContext: declare comp_apply [simp del] crunch tcbContext[wp]: deleteCallerCap "obj_at' (\tcb. P ((atcbContextGet o tcbArch) tcb)) t" (wp: setEndpoint_obj_at_tcb' setBoundNotification_tcbContext - setNotification_tcb crunch_wps seThreadState_tcbContext + setNotification_tcb crunch_wps setThreadState_tcbContext simp: crunch_simps unless_def) declare comp_apply [simp] @@ -1561,7 +1561,7 @@ lemma fastpath_callKernel_SysReplyRecv_corres: fastpathBestSwitchCandidate_lift[where f="threadSet f t" for f t] | wps)+)[3] apply (simp cong: rev_conj_cong) - apply (wpsimp wp: seThreadState_tcbContext[simplified comp_apply] + apply (wpsimp wp: setThreadState_tcbContext[simplified comp_apply] setThreadState_oa_queued user_getreg_rv setThreadState_no_sch_change setThreadState_obj_at_unchanged sts_st_tcb_at'_cases sts_bound_tcb_at' diff --git a/proof/crefine/ARM_HYP/Finalise_C.thy b/proof/crefine/ARM_HYP/Finalise_C.thy index e3ef55bcc0..8795ff253e 100644 --- a/proof/crefine/ARM_HYP/Finalise_C.thy +++ b/proof/crefine/ARM_HYP/Finalise_C.thy @@ -239,10 +239,8 @@ next sts_running_valid_queues sts_st_tcb' setThreadState_oa_queued | simp)+ apply (vcg exspec=setThreadState_cslift_spec exspec=tcbSchedEnqueue_cslift_spec) - apply (clarsimp simp: tcb_at_not_NULL - Collect_const_mem valid_tcb_state'_def - ThreadState_Restart_def mask_def - valid_objs'_maxDomain valid_objs'_maxPriority) + apply (clarsimp simp: tcb_at_not_NULL Collect_const_mem valid_tcb_state'_def + ThreadState_defs mask_def valid_objs'_maxDomain valid_objs'_maxPriority) apply (drule(1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (rule conjI) @@ -618,7 +616,7 @@ lemma suspend_ccorres: apply clarsimp apply (rule iffI) apply simp - apply (erule thread_state_to_tsType.elims; simp add: StrictC'_thread_state_defs) + apply (erule thread_state_to_tsType.elims; simp add: ThreadState_defs) apply (ctac (no_vcg) add: updateRestartPC_ccorres) apply (rule ccorres_return_Skip) apply ceqv @@ -654,7 +652,7 @@ lemma suspend_ccorres: apply (fastforce simp: invs_valid_queues' invs_queues invs_valid_objs' valid_tcb_state'_def) apply clarsimp - apply (auto simp: "StrictC'_thread_state_defs") + apply (auto simp: ThreadState_defs) done lemma cap_to_H_NTFNCap_tag: diff --git a/proof/crefine/ARM_HYP/Interrupt_C.thy b/proof/crefine/ARM_HYP/Interrupt_C.thy index d02130cd52..5adca7f4ad 100644 --- a/proof/crefine/ARM_HYP/Interrupt_C.thy +++ b/proof/crefine/ARM_HYP/Interrupt_C.thy @@ -229,7 +229,7 @@ lemma decodeIRQHandlerInvocation_ccorres: apply (clarsimp simp: Collect_const_mem neq_Nil_conv dest!: interpret_excaps_eq) apply (simp add: rf_sr_ksCurThread if_1_0_0 mask_def[where n=4] - "StrictC'_thread_state_defs" cap_get_tag_isCap excaps_map_def + ThreadState_defs cap_get_tag_isCap excaps_map_def word_sless_def word_sle_def) apply (simp add: invocationCatch_def throwError_bind interpret_excaps_test_null Collect_True @@ -260,8 +260,7 @@ lemma decodeIRQHandlerInvocation_ccorres: apply (clarsimp simp: invs_queues invs_valid_objs' ct_in_state'_def ccap_rights_relation_def - mask_def[where n=4] - "StrictC'_thread_state_defs") + mask_def[where n=4] ThreadState_defs) apply (subst pred_tcb'_weakenE, assumption, fastforce)+ apply (clarsimp simp: rf_sr_ksCurThread word_sle_def word_sless_def sysargs_rel_n_def word_less_nat_alt) @@ -559,8 +558,7 @@ lemma Arch_decodeIRQControlInvocation_ccorres: apply (rule syscall_error_throwError_ccorres_n) apply (simp add: syscall_error_to_H_cases) apply (clarsimp simp: interpret_excaps_test_null excaps_map_def - Collect_const_mem word_sless_def word_sle_def - ThreadState_Restart_def unat_of_nat mask_def) + Collect_const_mem word_sless_def word_sle_def unat_of_nat mask_def) apply (rule conjI) apply (simp add: Kernel_C.maxIRQ_def word_le_nat_alt ucast_nat_def unat_ucast) apply (cut_tac unat_lt2p[where x="args ! 3"]) @@ -576,7 +574,7 @@ lemma Arch_decodeIRQControlInvocation_ccorres: apply (clarsimp simp: neq_Nil_conv numeral_eqs[symmetric] word_sle_def word_sless_def) apply (drule interpret_excaps_eq[rule_format, where n=0], simp) - apply (clarsimp simp: mask_def[where n=4] "StrictC'_thread_state_defs" + apply (clarsimp simp: mask_def[where n=4] ThreadState_defs rf_sr_ksCurThread ccap_rights_relation_def rightsFromWord_wordFromRights) apply (simp cong: conj_cong) @@ -733,7 +731,7 @@ lemma decodeIRQControlInvocation_ccorres: apply (simp add: syscall_error_to_H_cases) apply (clarsimp simp: interpret_excaps_test_null excaps_map_def Collect_const_mem word_sless_def word_sle_def - ThreadState_Restart_def unat_of_nat mask_def) + unat_of_nat mask_def) apply (rule conjI) apply (simp add: Kernel_C.maxIRQ_def word_le_nat_alt ucast_nat_def unat_ucast) @@ -750,7 +748,7 @@ lemma decodeIRQControlInvocation_ccorres: apply (clarsimp simp: neq_Nil_conv numeral_eqs[symmetric] word_sle_def word_sless_def) apply (drule interpret_excaps_eq[rule_format, where n=0], simp) - apply (clarsimp simp: mask_def[where n=4] "StrictC'_thread_state_defs" + apply (clarsimp simp: mask_def[where n=4] ThreadState_defs rf_sr_ksCurThread ccap_rights_relation_def rightsFromWord_wordFromRights) apply (simp cong: conj_cong) diff --git a/proof/crefine/ARM_HYP/Invoke_C.thy b/proof/crefine/ARM_HYP/Invoke_C.thy index 70da9f3ed4..53a670fcc8 100644 --- a/proof/crefine/ARM_HYP/Invoke_C.thy +++ b/proof/crefine/ARM_HYP/Invoke_C.thy @@ -198,7 +198,7 @@ lemma decodeDomainInvocation_ccorres: apply (clarsimp simp: valid_tcb_state'_def invs_valid_queues' invs_valid_objs' invs_queues invs_sch_act_wf' ct_in_state'_def pred_tcb_at' rf_sr_ksCurThread word_sle_def word_sless_def sysargs_rel_to_n - mask_eq_iff_w2p mask_eq_iff_w2p word_size "StrictC'_thread_state_defs") + mask_eq_iff_w2p mask_eq_iff_w2p word_size ThreadState_defs) apply (rule conjI) apply (clarsimp simp: linorder_not_le isCap_simps) apply (rule conjI, clarsimp simp: unat32_eq_of_nat) @@ -1373,7 +1373,7 @@ lemma decodeCNodeInvocation_ccorres: apply (frule interpret_excaps_eq) apply (clarsimp simp: excaps_map_def mask_def[where n=4] ccap_rights_relation_def rightsFromWord_wordFromRights - "StrictC'_thread_state_defs" map_comp_Some_iff + ThreadState_defs map_comp_Some_iff rf_sr_ksCurThread hd_conv_nth hd_drop_conv_nth) apply ((rule conjI | clarsimp simp: rightsFromWord_wordFromRights @@ -3296,8 +3296,7 @@ lemma decodeUntypedInvocation_ccorres_helper: unat_of_nat_APIType_capBits word_size length_ineq_not_Nil not_less word_le_nat_alt isCap_simps valid_cap_simps') apply (strengthen word_of_nat_less) - apply (clarsimp simp: StrictC'_thread_state_defs mask_def - ccap_relation_isDeviceCap2 + apply (clarsimp simp: ThreadState_defs mask_def ccap_relation_isDeviceCap2 split: if_split) apply (intro conjI impI; clarsimp simp: not_less shiftr_eq_0 unat_of_nat_APIType_capBits @@ -3399,8 +3398,7 @@ lemma decodeUntypedInvocation_ccorres_helper: apply (clarsimp simp: hd_drop_conv_nth2 hd_conv_nth neq_Nil_lengthI ct_in_state'_def pred_tcb_at' rf_sr_ksCurThread mask_eq_iff_w2p - "StrictC'_thread_state_defs" numeral_eqs[symmetric] - cap_get_tag_isCap cte_wp_at_ctes_of + numeral_eqs[symmetric] cap_get_tag_isCap cte_wp_at_ctes_of unat_eq_0 ccHoarePost_def) apply (rule conjI) apply (clarsimp simp: linorder_not_less isCap_simps) diff --git a/proof/crefine/ARM_HYP/IpcCancel_C.thy b/proof/crefine/ARM_HYP/IpcCancel_C.thy index b307286b81..c9b6048513 100644 --- a/proof/crefine/ARM_HYP/IpcCancel_C.thy +++ b/proof/crefine/ARM_HYP/IpcCancel_C.thy @@ -427,7 +427,7 @@ lemma isStopped_ccorres [corres]: apply clarsimp apply (clarsimp simp: typ_heap_simps ctcb_relation_thread_state_to_tsType split: thread_state.splits) - apply (simp add: "StrictC'_thread_state_defs")+ + apply (simp add: ThreadState_defs)+ done lemma isRunnable_ccorres [corres]: @@ -455,7 +455,7 @@ lemma isRunnable_ccorres [corres]: apply (clarsimp) apply (clarsimp simp: typ_heap_simps ctcb_relation_thread_state_to_tsType split: thread_state.splits) - apply (simp add: "StrictC'_thread_state_defs")+ + apply (simp add: ThreadState_defs)+ done @@ -2407,7 +2407,7 @@ lemma scheduleTCB_ccorres': apply (clarsimp simp: typ_heap_simps) apply (subgoal_tac "ksSchedulerAction \ = ResumeCurrentThread") apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def cscheduler_action_relation_def tcb_at_not_NULL split: scheduler_action.split_asm) @@ -2461,7 +2461,7 @@ lemma scheduleTCB_ccorres_valid_queues'_pre: apply (drule (1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def weak_sch_act_wf_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (fold_subgoals (prefix))[6] subgoal premises prems using prems by (clarsimp simp: rf_sr_def cstate_relation_def Let_def @@ -2555,7 +2555,7 @@ lemma scheduleTCB_ccorres_valid_queues'_pre_simple: apply (clarsimp simp: typ_heap_simps) apply (subgoal_tac "ksSchedulerAction \ = ResumeCurrentThread") apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def cscheduler_action_relation_def tcb_at_not_NULL @@ -2650,11 +2650,11 @@ lemma cancelSignal_ccorres [corres]: apply (ctac (no_vcg) add: cancelSignal_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply ((wp setNotification_ksQ hoare_vcg_all_lift set_ntfn_valid_objs' | simp add: valid_tcb_state'_def split del: if_split)+)[1] - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply (rule conjI, clarsimp, rule conjI, clarsimp) apply (frule (1) ko_at_valid_ntfn'[OF _ invs_valid_objs']) subgoal by ((auto simp: obj_at'_def projectKOs st_tcb_at'_def invs'_def valid_state'_def - isTS_defs cte_wp_at_ctes_of "StrictC'_thread_state_defs" + isTS_defs cte_wp_at_ctes_of cthread_state_relation_def sch_act_wf_weak valid_ntfn'_def dest!: valid_queues_not_runnable'_not_ksQ[where t=thread] | clarsimp simp: eq_commute)+) @@ -2662,7 +2662,7 @@ lemma cancelSignal_ccorres [corres]: apply (frule (1) ko_at_valid_ntfn'[OF _ invs_valid_objs']) apply (frule (2) ntfn_blocked_in_queueD) by (auto simp: obj_at'_def projectKOs st_tcb_at'_def invs'_def valid_state'_def - isTS_defs cte_wp_at_ctes_of "StrictC'_thread_state_defs" valid_ntfn'_def + isTS_defs cte_wp_at_ctes_of valid_ntfn'_def cthread_state_relation_def sch_act_wf_weak isWaitingNtfn_def dest!: valid_queues_not_runnable'_not_ksQ[where t=thread] split: ntfn.splits option.splits @@ -3093,7 +3093,7 @@ lemma cancelIPC_ccorres1: apply (rule_tac P="rv' = thread_state_to_tsType rv" in ccorres_gen_asm2) apply wpc \ \BlockedOnReceive\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs cong: call_ignore_cong) + apply (simp add: word_sle_def ccorres_cond_iffs cong: call_ignore_cong) apply (rule ccorres_rhs_assoc)+ apply csymbr apply csymbr @@ -3109,7 +3109,7 @@ lemma cancelIPC_ccorres1: apply (ctac (no_vcg) add: cancelIPC_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply (wp hoare_vcg_all_lift set_ep_valid_objs' | simp add: valid_tcb_state'_def split del: if_split)+ - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply vcg apply (rule conseqPre, vcg) apply clarsimp @@ -3119,7 +3119,7 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \BlockedOnReply case\ - apply (simp add: "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: ThreadState_defs ccorres_cond_iffs Collect_False Collect_True word_sle_def cong: call_ignore_cong del: Collect_const) apply (rule ccorres_rhs_assoc)+ @@ -3179,7 +3179,7 @@ lemma cancelIPC_ccorres1: apply (clarsimp simp add: guard_is_UNIV_def tcbReplySlot_def Kernel_C.tcbReply_def tcbCNodeEntries_def) \ \BlockedOnNotification\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong) apply (rule ccorres_symb_exec_r) apply (ctac (no_vcg)) @@ -3189,11 +3189,11 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \Running, Inactive, and Idle\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong, rule ccorres_return_Skip)+ \ \BlockedOnSend\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ccorres_cond_iffs cong: call_ignore_cong) \ \clag\ apply (rule ccorres_rhs_assoc)+ @@ -3210,7 +3210,7 @@ lemma cancelIPC_ccorres1: apply (ctac (no_vcg) add: cancelIPC_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply (wp hoare_vcg_all_lift set_ep_valid_objs' | simp add: valid_tcb_state'_def split del:if_split)+ - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply clarsimp apply (rule conseqPre, vcg, rule subset_refl) apply (rule conseqPre, vcg) @@ -3220,7 +3220,7 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \Restart\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong, rule ccorres_return_Skip) \ \Post wp proofs\ diff --git a/proof/crefine/ARM_HYP/Ipc_C.thy b/proof/crefine/ARM_HYP/Ipc_C.thy index 1a97373e54..9d661c04c5 100644 --- a/proof/crefine/ARM_HYP/Ipc_C.thy +++ b/proof/crefine/ARM_HYP/Ipc_C.thy @@ -4547,9 +4547,7 @@ proof - apply ((wp threadSet_valid_queues threadSet_sch_act threadSet_valid_queues' hoare_weak_lift_imp threadSet_valid_objs' threadSet_weak_sch_act_wf | simp add: valid_tcb_state'_def)+)[1] - apply (clarsimp simp: guard_is_UNIV_def ThreadState_Restart_def - ThreadState_Inactive_def mask_def - option_to_ctcb_ptr_def) + apply (clarsimp simp: guard_is_UNIV_def ThreadState_defs mask_def option_to_ctcb_ptr_def) apply (rule_tac Q="\rv. valid_queues and tcb_at' receiver and valid_queues' and valid_objs' and sch_act_simple and (\s. ksCurDomain s \ maxDomain) and @@ -4571,7 +4569,7 @@ proof - apply (simp(no_asm_use) add: gs_set_assn_Delete_cstate_relation[unfolded o_def] subset_iff rf_sr_def) apply (clarsimp simp: guard_is_UNIV_def option_to_ptr_def option_to_0_def - ThreadState_Running_def mask_def + ThreadState_defs mask_def ghost_assertion_data_get_def ghost_assertion_data_set_def cap_tag_defs option_to_ctcb_ptr_def split: option.splits) @@ -4664,7 +4662,7 @@ lemma setupCallerCap_ccorres [corres]: Kernel_C.tcbCaller_def) apply simp apply wp - apply (clarsimp simp: Kernel_C.ThreadState_BlockedOnReply_def mask_def + apply (clarsimp simp: ThreadState_defs mask_def valid_pspace'_def tcbReplySlot_def valid_tcb_state'_def Collect_const_mem tcb_cnode_index_defs) @@ -4871,7 +4869,7 @@ lemma sendIPC_block_ccorres_helper: (simp add: typ_heap_simps')+)[1] apply (simp add: tcb_cte_cases_def) apply (simp add: ctcb_relation_def cthread_state_relation_def - ThreadState_BlockedOnSend_def mask_def) + ThreadState_defs mask_def) apply ceqv apply clarsimp apply ctac @@ -5271,9 +5269,8 @@ lemma sendIPC_ccorres [corres]: set_ep_valid_objs' setEndpoint_valid_mdb' | wp (once) hoare_drop_imp | strengthen sch_act_wf_weak)+ - apply (fastforce simp: guard_is_UNIV_def ThreadState_Inactive_def Collect_const_mem - ThreadState_Running_def mask_def - option_to_ptr_def option_to_0_def + apply (fastforce simp: guard_is_UNIV_def ThreadState_defs Collect_const_mem mask_def + option_to_ptr_def option_to_0_def split: bool.split_asm) \ \IdleEP case\ @@ -5425,7 +5422,7 @@ lemma receiveIPC_block_ccorres_helper: apply (erule(1) rf_sr_tcb_update_no_queue_gen, (simp add: typ_heap_simps)+) apply (simp add: tcb_cte_cases_def) apply (simp add: ctcb_relation_def cthread_state_relation_def ccap_relation_ep_helpers - ThreadState_BlockedOnReceive_def mask_def cap_get_tag_isCap) + ThreadState_defs mask_def cap_get_tag_isCap) apply ceqv apply clarsimp apply ctac @@ -6022,9 +6019,8 @@ lemma receiveIPC_ccorres [corres]: apply (ctac add: possibleSwitchTo_ccorres) apply (wpsimp wp: sts_st_tcb' sts_valid_queues) apply (vcg exspec=setThreadState_modifies) - apply (fastforce simp: guard_is_UNIV_def ThreadState_Inactive_def - mask_def ThreadState_Running_def cap_get_tag_isCap - ccap_relation_ep_helpers) + apply (fastforce simp: guard_is_UNIV_def ThreadState_defs mask_def + cap_get_tag_isCap ccap_relation_ep_helpers) apply (clarsimp simp: valid_tcb_state'_def) apply (rule_tac Q="\_. valid_pspace' and valid_queues and st_tcb_at' ((=) sendState) sender and tcb_at' thread @@ -6343,10 +6339,9 @@ lemma sendSignal_ccorres [corres]: apply (clarsimp simp: guard_is_UNIV_def option_to_ctcb_ptr_def ARM_HYP_H.badgeRegister_def Kernel_C.badgeRegister_def ARM_HYP.badgeRegister_def Kernel_C.R0_def - "StrictC'_thread_state_defs"less_mask_eq - Collect_const_mem) + ThreadState_defs less_mask_eq Collect_const_mem) apply (case_tac ts, simp_all add: receiveBlocked_def typ_heap_simps - cthread_state_relation_def "StrictC'_thread_state_defs")[1] + cthread_state_relation_def ThreadState_defs)[1] \ \ActiveNtfn case\ apply (rename_tac old_badge) apply (rule ccorres_cond_false) @@ -6404,7 +6399,7 @@ lemma sendSignal_ccorres [corres]: sts_valid_queues tcb_in_cur_domain'_lift)[1] apply (wp sts_valid_queues sts_runnable) apply (wp setThreadState_st_tcb set_ntfn_valid_objs' | clarsimp)+ - apply (clarsimp simp: guard_is_UNIV_def ThreadState_Running_def mask_def + apply (clarsimp simp: guard_is_UNIV_def ThreadState_defs mask_def badgeRegister_def Kernel_C.badgeRegister_def ARM_HYP.badgeRegister_def Kernel_C.R0_def) apply (clarsimp simp: guard_is_UNIV_def NtfnState_Idle_def @@ -6459,7 +6454,7 @@ lemma receiveSignal_block_ccorres_helper: (simp add: typ_heap_simps')+) apply (simp add: tcb_cte_cases_def) apply (simp add: ctcb_relation_def cthread_state_relation_def - ThreadState_BlockedOnNotification_def mask_def) + ThreadState_defs mask_def) apply ceqv apply clarsimp apply ctac diff --git a/proof/crefine/ARM_HYP/Recycle_C.thy b/proof/crefine/ARM_HYP/Recycle_C.thy index ed2183467f..2c5622949b 100644 --- a/proof/crefine/ARM_HYP/Recycle_C.thy +++ b/proof/crefine/ARM_HYP/Recycle_C.thy @@ -867,7 +867,7 @@ lemma ctcb_relation_blocking_ipc_badge: apply (simp add: isBlockedOnSend_def split: Structures_H.thread_state.split_asm) apply (clarsimp simp: cthread_state_relation_def) apply (clarsimp simp add: ctcb_relation_def cthread_state_relation_def) - apply (cases "tcbState tcb", simp_all add: "StrictC'_thread_state_defs") + apply (cases "tcbState tcb", simp_all add: ThreadState_defs) done lemma cendpoint_relation_q_cong: @@ -1146,7 +1146,7 @@ lemma cancelBadgedSends_ccorres: apply (clarsimp simp: typ_heap_simps st_tcb_at'_def) apply (drule(1) obj_at_cslift_tcb) apply (clarsimp simp: ctcb_relation_blocking_ipc_badge) - apply (rule conjI, simp add: "StrictC'_thread_state_defs" mask_def) + apply (rule conjI, simp add: ThreadState_defs mask_def) apply (rule conjI) apply clarsimp apply (frule rf_sr_cscheduler_relation) diff --git a/proof/crefine/ARM_HYP/Refine_C.thy b/proof/crefine/ARM_HYP/Refine_C.thy index d14d078ac3..2d20a22fa7 100644 --- a/proof/crefine/ARM_HYP/Refine_C.thy +++ b/proof/crefine/ARM_HYP/Refine_C.thy @@ -771,15 +771,7 @@ lemma ct_running'_C: apply (frule (1) map_to_ko_atI') apply (erule obj_at'_weakenE) apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: - ThreadState_Running_def - ThreadState_BlockedOnReceive_def - ThreadState_BlockedOnSend_def - ThreadState_BlockedOnReply_def - ThreadState_BlockedOnNotification_def - ThreadState_Inactive_def - ThreadState_IdleThreadState_def - ThreadState_Restart_def) + apply (case_tac "tcbState ko"; simp add: ThreadState_defs) done lemma full_invs_both: diff --git a/proof/crefine/ARM_HYP/Retype_C.thy b/proof/crefine/ARM_HYP/Retype_C.thy index 9e6de1a1fb..1b2921f73d 100644 --- a/proof/crefine/ARM_HYP/Retype_C.thy +++ b/proof/crefine/ARM_HYP/Retype_C.thy @@ -3421,7 +3421,7 @@ proof - apply (simp add: fbtcb minBound_word) apply (intro conjI) apply (simp add: cthread_state_relation_def thread_state_lift_def - eval_nat_numeral ThreadState_Inactive_def) + eval_nat_numeral ThreadState_defs) apply (clarsimp simp: ccontext_relation_def newContext_def2 carch_tcb_relation_def newArchTCB_def) apply (case_tac r, diff --git a/proof/crefine/ARM_HYP/SR_lemmas_C.thy b/proof/crefine/ARM_HYP/SR_lemmas_C.thy index 0f0ca4caaa..3de04ec5ea 100644 --- a/proof/crefine/ARM_HYP/SR_lemmas_C.thy +++ b/proof/crefine/ARM_HYP/SR_lemmas_C.thy @@ -1735,7 +1735,6 @@ where | "thread_state_to_tsType (Structures_H.BlockedOnSend oref badge cg cgr isc) = scast ThreadState_BlockedOnSend" | "thread_state_to_tsType (Structures_H.BlockedOnNotification oref) = scast ThreadState_BlockedOnNotification" - lemma ctcb_relation_thread_state_to_tsType: "ctcb_relation tcb ctcb \ tsType_CL (thread_state_lift (tcbState_C ctcb)) = thread_state_to_tsType (tcbState tcb)" unfolding ctcb_relation_def cthread_state_relation_def diff --git a/proof/crefine/ARM_HYP/Schedule_C.thy b/proof/crefine/ARM_HYP/Schedule_C.thy index 5e2a90cd7f..8e632b4fb6 100644 --- a/proof/crefine/ARM_HYP/Schedule_C.thy +++ b/proof/crefine/ARM_HYP/Schedule_C.thy @@ -116,24 +116,6 @@ lemma switchToThread_ccorres: apply (clarsimp simp: all_invs_but_ct_idle_or_in_cur_domain'_def valid_state'_def) done -lemma get_tsType_ccorres2: - "ccorres (\r r'. r' = thread_state_to_tsType r) ret__unsigned_' (tcb_at' thread) - (UNIV \ {s. f s = tcb_ptr_to_ctcb_ptr thread} \ - {s. cslift s (Ptr &(f s\[''tcbState_C''])) = Some (thread_state_' s)}) [] - (getThreadState thread) (Call thread_state_get_tsType_'proc)" - unfolding getThreadState_def - apply (rule ccorres_from_spec_modifies [where P=\, simplified]) - apply (rule thread_state_get_tsType_spec) - apply (rule thread_state_get_tsType_modifies) - apply simp - apply (frule (1) obj_at_cslift_tcb) - apply (clarsimp simp: typ_heap_simps) - apply (rule bexI [rotated, OF threadGet_eq], assumption) - apply simp - apply (drule ctcb_relation_thread_state_to_tsType) - apply simp - done - lemma activateThread_ccorres: "ccorres dc xfdc (ct_in_state' activatable' and (\s. sch_act_wf (ksSchedulerAction s) s) @@ -143,7 +125,7 @@ lemma activateThread_ccorres: (Call activateThread_'proc)" apply (cinit) apply (rule ccorres_pre_getCurThread) - apply (ctac add: get_tsType_ccorres2 [where f="\s. ksCurThread_' (globals s)"]) + apply (ctac add: get_tsType_ccorres [where f="\s. ksCurThread_' (globals s)"]) apply (rule_tac P="activatable' rv" in ccorres_gen_asm) apply (wpc) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) @@ -153,7 +135,7 @@ lemma activateThread_ccorres: apply (rule ccorres_cond_true) apply (rule ccorres_return_Skip) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) - apply (simp add: "StrictC'_thread_state_defs" del: Collect_const) + apply (simp add: ThreadState_defs del: Collect_const) apply (rule ccorres_cond_false) apply (rule ccorres_cond_false) apply (rule ccorres_cond_true) @@ -161,7 +143,7 @@ lemma activateThread_ccorres: apply (rule allI, rule conseqPre, vcg) apply (clarsimp simp: activateIdleThread_def return_def) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) - apply (simp add: "StrictC'_thread_state_defs" del: Collect_const) + apply (simp add: ThreadState_defs del: Collect_const) apply (rule ccorres_cond_false) apply (rule ccorres_cond_true) apply (rule ccorres_rhs_assoc)+ @@ -184,7 +166,7 @@ lemma activateThread_ccorres: apply (subgoal_tac "ksCurThread_' (globals s') = tcb_ptr_to_ctcb_ptr (ksCurThread s)") prefer 2 apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def) - apply (clarsimp simp: typ_heap_simps ThreadState_Running_def mask_def) + apply (clarsimp simp: typ_heap_simps ThreadState_defs mask_def) done lemma ceqv_Guard_UNIV_Skip: @@ -734,10 +716,10 @@ lemma timerTick_ccorres: supply subst_all [simp del] apply (cinit) apply (rule ccorres_pre_getCurThread) - apply (ctac add: get_tsType_ccorres2 [where f="\s. ksCurThread_' (globals s)"]) + apply (ctac add: get_tsType_ccorres [where f="\s. ksCurThread_' (globals s)"]) apply (rule ccorres_split_nothrow_novcg) apply wpc - apply (simp add: "StrictC'_thread_state_defs", rule ccorres_cond_false, rule ccorres_return_Skip)+ + apply (simp add: ThreadState_defs, rule ccorres_cond_false, rule ccorres_return_Skip)+ (* thread_state.Running *) apply simp apply (rule ccorres_cond_true) @@ -769,7 +751,7 @@ lemma timerTick_ccorres: threadSet_pred_tcb_at_state tcbSchedAppend_valid_objs' threadSet_valid_objs' threadSet_tcbDomain_triv | clarsimp simp: st_tcb_at'_def o_def split: if_splits)+ apply (vcg exspec=tcbSchedDequeue_modifies) - apply (simp add: "StrictC'_thread_state_defs", rule ccorres_cond_false, rule ccorres_return_Skip)+ + apply (simp add: ThreadState_defs, rule ccorres_cond_false, rule ccorres_return_Skip)+ apply ceqv apply (clarsimp simp: decDomainTime_def numDomains_sge_1_simp) apply (rule ccorres_when[where R=\]) diff --git a/proof/crefine/ARM_HYP/SyscallArgs_C.thy b/proof/crefine/ARM_HYP/SyscallArgs_C.thy index 101cce83fd..9a6af32f0c 100644 --- a/proof/crefine/ARM_HYP/SyscallArgs_C.thy +++ b/proof/crefine/ARM_HYP/SyscallArgs_C.thy @@ -415,11 +415,13 @@ lemma is_syscall_error_codes: by ((rule iffD2[OF is_syscall_error_code_def], intro allI, rule conseqPre, vcg, safe, (simp_all add: o_def)?)+) -lemma syscall_error_throwError_ccorres_direct: +lemma syscall_error_throwError_ccorres_direct_gen: "\ is_syscall_error_code f code; + \x y g. arrel (Inl x) y = (intr_and_se_rel \ g) (Inl x) y; \err' ft'. syscall_error_to_H (f err') ft' = Some err \ \ - ccorres (intr_and_se_rel \ dc) (liftxf errstate id v' ret__unsigned_long_') + ccorres_underlying rf_sr \ rrel xf + arrel (liftxf errstate id v' ret__unsigned_long_') \ (UNIV) (SKIP # hs) (throwError (Inl err)) code" apply (rule ccorres_from_vcg_throws) @@ -429,28 +431,35 @@ lemma syscall_error_throwError_ccorres_direct: apply (simp add: syscall_error_rel_def exception_defs) done -lemma syscall_error_throwError_ccorres_succs: +lemma syscall_error_throwError_ccorres_succs_gen: "\ is_syscall_error_code f code; + \x y g. arrel (Inl x) y = (intr_and_se_rel \ g) (Inl x) y; \err' ft'. syscall_error_to_H (f err') ft' = Some err \ \ - ccorres (intr_and_se_rel \ dc) (liftxf errstate id v' ret__unsigned_long_') + ccorres_underlying rf_sr \ rrel xf + arrel (liftxf errstate id v' ret__unsigned_long_') \ (UNIV) (SKIP # hs) (throwError (Inl err)) (code ;; remainder)" apply (rule ccorres_guard_imp2, rule ccorres_split_throws) - apply (erule syscall_error_throwError_ccorres_direct) - apply simp + apply (erule syscall_error_throwError_ccorres_direct_gen; assumption) apply (rule HoarePartialProps.augment_Faults) apply (erule iffD1[OF is_syscall_error_code_def, THEN spec]) apply simp+ done -lemmas syscall_error_throwError_ccorres_n = - is_syscall_error_codes[THEN syscall_error_throwError_ccorres_direct, +lemmas syscall_error_throwError_ccorres_n_gen = + is_syscall_error_codes[THEN syscall_error_throwError_ccorres_direct_gen, simplified o_apply] - is_syscall_error_codes[THEN syscall_error_throwError_ccorres_succs, + is_syscall_error_codes[THEN syscall_error_throwError_ccorres_succs_gen, simplified o_apply] +lemmas syscall_error_throwError_ccorres_n = + syscall_error_throwError_ccorres_n_gen[where arrel="intr_and_se_rel \ dc", simplified] + +lemmas syscall_error_throwError_ccorres_n_inl_rrel = + syscall_error_throwError_ccorres_n_gen[where arrel="inl_rrel (intr_and_se_rel \ dc)", simplified] + definition idButNot :: "'a \ 'a" where "idButNot x = x" diff --git a/proof/crefine/ARM_HYP/Syscall_C.thy b/proof/crefine/ARM_HYP/Syscall_C.thy index 142feb4946..4fe21b768b 100644 --- a/proof/crefine/ARM_HYP/Syscall_C.thy +++ b/proof/crefine/ARM_HYP/Syscall_C.thy @@ -317,7 +317,7 @@ lemma decodeInvocation_ccorres: apply fastforce apply (simp add: cap_lift_capEPBadge_mask_eq) apply (clarsimp simp: rf_sr_ksCurThread Collect_const_mem - cap_get_tag_isCap "StrictC'_thread_state_defs") + cap_get_tag_isCap ThreadState_defs) apply (frule word_unat.Rep_inverse') apply (simp add: cap_get_tag_isCap[symmetric] cap_get_tag_ReplyCap) apply (rule conjI) @@ -504,7 +504,7 @@ lemma handleInvocation_def2: lemma thread_state_to_tsType_eq_Restart: "(thread_state_to_tsType ts = scast ThreadState_Restart) = (ts = Restart)" - by (cases ts, simp_all add: "StrictC'_thread_state_defs") + by (cases ts, simp_all add: ThreadState_defs) lemma wordFromMessageInfo_spec: "\s. \\ {s} Call wordFromMessageInfo_'proc @@ -536,7 +536,7 @@ lemma handleDoubleFault_ccorres: apply (simp add: getRestartPC_def) apply wp apply clarsimp - apply (simp add: ThreadState_Inactive_def) + apply (simp add: ThreadState_defs) apply (fastforce simp: valid_tcb_state'_def) done @@ -960,7 +960,7 @@ lemma handleInvocation_ccorres: apply auto[1] apply clarsimp apply (clarsimp simp: guard_is_UNIV_def Collect_const_mem) - apply (simp add: "StrictC'_thread_state_defs" mask_def) + apply (simp add: ThreadState_defs mask_def) apply (simp add: typ_heap_simps) apply (case_tac ts, simp_all add: cthread_state_relation_def)[1] apply (clarsimp simp: guard_is_UNIV_def Collect_const_mem) diff --git a/proof/crefine/ARM_HYP/TcbAcc_C.thy b/proof/crefine/ARM_HYP/TcbAcc_C.thy index 1ea50d2157..04e9b2ef33 100644 --- a/proof/crefine/ARM_HYP/TcbAcc_C.thy +++ b/proof/crefine/ARM_HYP/TcbAcc_C.thy @@ -90,22 +90,22 @@ lemma archThreadGet_eq: apply simp done -lemma get_tsType_ccorres [corres]: +lemma get_tsType_ccorres[corres]: "ccorres (\r r'. r' = thread_state_to_tsType r) ret__unsigned_' (tcb_at' thread) - (UNIV \ {s. thread_state_ptr_' s = Ptr &(tcb_ptr_to_ctcb_ptr thread\[''tcbState_C''])}) [] - (getThreadState thread) (Call thread_state_ptr_get_tsType_'proc)" + ({s. f s = tcb_ptr_to_ctcb_ptr thread} \ + {s. cslift s (Ptr &(f s\[''tcbState_C''])) = Some (thread_state_' s)}) [] + (getThreadState thread) (Call thread_state_get_tsType_'proc)" unfolding getThreadState_def - apply (rule ccorres_from_spec_modifies) - apply (rule thread_state_ptr_get_tsType_spec) - apply (rule thread_state_ptr_get_tsType_modifies) - apply simp - apply (frule (1) obj_at_cslift_tcb) - apply (clarsimp simp: typ_heap_simps) + apply (rule ccorres_from_spec_modifies [where P=\, simplified]) + apply (rule thread_state_get_tsType_spec) + apply (rule thread_state_get_tsType_modifies) + apply simp apply (frule (1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (rule bexI [rotated, OF threadGet_eq], assumption) apply simp - apply (erule ctcb_relation_thread_state_to_tsType) + apply (drule ctcb_relation_thread_state_to_tsType) + apply simp done lemma threadGet_obj_at2: diff --git a/proof/crefine/ARM_HYP/Tcb_C.thy b/proof/crefine/ARM_HYP/Tcb_C.thy index b4b2fd819c..661b7aa95d 100644 --- a/proof/crefine/ARM_HYP/Tcb_C.thy +++ b/proof/crefine/ARM_HYP/Tcb_C.thy @@ -1070,7 +1070,7 @@ lemma restart_ccorres: apply fastforce apply (rule ccorres_return_Skip) apply (wp hoare_drop_imps) - apply (auto simp: Collect_const_mem mask_def "StrictC'_thread_state_defs") + apply (auto simp: Collect_const_mem mask_def ThreadState_defs) done lemma setNextPC_ccorres: @@ -2079,7 +2079,7 @@ shows apply (rule allI, rule conseqPre, vcg) apply (clarsimp simp: return_def) apply (wp | simp add: valid_tcb_state'_def)+ - apply (clarsimp simp: ThreadState_Running_def mask_def) + apply (clarsimp simp: ThreadState_defs mask_def) apply (rule mapM_x_wp') apply (rule hoare_pre) apply (wp sch_act_wf_lift valid_queues_lift tcb_in_cur_domain'_lift) @@ -2146,8 +2146,7 @@ shows apply (rule ccorres_inst[where P=\ and P'=UNIV], simp) apply (simp add: performTransfer_def) apply wp - apply (simp add: Collect_const_mem "StrictC'_thread_state_defs" - mask_def) + apply (simp add: Collect_const_mem ThreadState_defs mask_def) apply vcg apply (rule_tac Q="\rv. invs' and st_tcb_at' ((=) Restart) thread and tcb_at' target" in hoare_post_imp) @@ -2267,7 +2266,7 @@ lemma decodeReadRegisters_ccorres: apply wp apply (vcg exspec=getSyscallArg_modifies) apply (clarsimp simp: Collect_const_mem rf_sr_ksCurThread - "StrictC'_thread_state_defs" word_sless_def word_sle_def + ThreadState_defs word_sless_def word_sle_def mask_eq_iff_w2p word_size isCap_simps ReadRegistersFlags_defs tcb_at_invs' cap_get_tag_isCap capTCBPtr_eq) @@ -2375,7 +2374,7 @@ lemma decodeWriteRegisters_ccorres: apply (vcg exspec=getSyscallArg_modifies) apply (clarsimp simp: Collect_const_mem ct_in_state'_def pred_tcb_at') apply (simp add: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) - apply (clarsimp simp: valid_cap'_def "StrictC'_thread_state_defs" + apply (clarsimp simp: valid_cap'_def ThreadState_defs mask_eq_iff_w2p word_size rf_sr_ksCurThread WriteRegisters_resume_def word_sle_def word_sless_def numeral_eqs @@ -2513,7 +2512,7 @@ lemma decodeCopyRegisters_ccorres: elim!: pred_tcb'_weakenE dest!: st_tcb_at_idle_thread' interpret_excaps_eq)[1] apply (clarsimp simp: word_sle_def CopyRegistersFlags_defs word_sless_def - "StrictC'_thread_state_defs" rf_sr_ksCurThread + ThreadState_defs rf_sr_ksCurThread split: if_split) apply (drule interpret_excaps_eq) apply (clarsimp simp: mask_def excaps_map_def split_def ccap_rights_relation_def @@ -3158,7 +3157,7 @@ lemma decodeTCBConfigure_ccorres: ptr_val_tcb_ptr_mask2[unfolded mask_def objBits_defs, simplified] tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - StrictC'_thread_state_defs mask_eq_iff_w2p word_size + ThreadState_defs mask_eq_iff_w2p word_size from_bool_all_helper all_ex_eq_helper ucast_ucast_mask objBits_defs) apply (subgoal_tac "args \ [] \ extraCaps \ []") @@ -3207,7 +3206,7 @@ lemma decodeTCBConfigure_ccorres: capTCBPtr_eq tcb_ptr_to_ctcb_ptr_mask tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - StrictC'_thread_state_defs mask_eq_iff_w2p word_size + ThreadState_defs mask_eq_iff_w2p word_size from_bool_all_helper) apply (frule(1) tcb_at_h_t_valid [OF tcb_at_invs']) apply (clarsimp simp: typ_heap_simps numeral_eqs isCap_simps valid_cap'_def capAligned_def @@ -3344,7 +3343,7 @@ lemma decodeSetMCPriority_ccorres: elim!: obj_at'_weakenE pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (clarsimp simp: interpret_excaps_eq excaps_map_def) - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size option_to_0_def) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size option_to_0_def) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (clarsimp simp: valid_cap'_def capAligned_def interpret_excaps_eq excaps_map_def) @@ -3477,7 +3476,7 @@ lemma decodeSetPriority_ccorres: elim!: obj_at'_weakenE pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (clarsimp simp: interpret_excaps_eq excaps_map_def) - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size option_to_0_def) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size option_to_0_def) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (clarsimp simp: valid_cap'_def capAligned_def interpret_excaps_eq excaps_map_def) @@ -3628,7 +3627,7 @@ lemma decodeSetSchedParams_ccorres: elim!: obj_at'_weakenE pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (clarsimp simp: interpret_excaps_eq excaps_map_def) - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size option_to_0_def) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size option_to_0_def) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (clarsimp simp: valid_cap'_def capAligned_def interpret_excaps_eq excaps_map_def) @@ -3774,11 +3773,10 @@ lemma decodeSetIPCBuffer_ccorres: valid_mdb_ctes_def no_0_def excaps_map_def elim: pred_tcb'_weakenE dest!: st_tcb_at_idle_thread' dest!: interpret_excaps_eq)[1] - apply (clarsimp simp: option_to_0_def rf_sr_ksCurThread word_sless_def - word_sle_def ThreadState_Restart_def mask_def) + apply (clarsimp simp: option_to_0_def rf_sr_ksCurThread word_sless_def word_sle_def mask_def) apply (rule conjI[rotated], clarsimp+) apply (drule interpret_excaps_eq[rule_format, where n=0], simp add: excaps_map_Nil) - apply (simp add: mask_def "StrictC'_thread_state_defs" excaps_map_def) + apply (simp add: mask_def ThreadState_defs excaps_map_def) apply (clarsimp simp: ccap_rights_relation_def rightsFromWord_wordFromRights cap_get_tag_isCap) apply (frule cap_get_tag_to_H, subst cap_get_tag_isCap, assumption, assumption) @@ -3933,10 +3931,10 @@ lemma decodeUnbindNotification_ccorres: apply (clarsimp simp: isCap_simps) apply (frule cap_get_tag_isCap_unfolded_H_cap) apply (auto simp: ctcb_relation_def typ_heap_simps cap_get_tag_ThreadCap ct_in_state'_def - option_to_ptr_def option_to_0_def ThreadState_Restart_def - mask_def rf_sr_ksCurThread valid_tcb_state'_def - elim!: pred_tcb'_weakenE - dest!: valid_objs_boundNTFN_NULL) + option_to_ptr_def option_to_0_def ThreadState_defs + mask_def rf_sr_ksCurThread valid_tcb_state'_def + elim!: pred_tcb'_weakenE + dest!: valid_objs_boundNTFN_NULL) done lemma nTFN_case_If_ptr: @@ -4098,7 +4096,7 @@ lemma decodeBindNotification_ccorres: apply (clarsimp simp: throwError_def return_def syscall_error_rel_def syscall_error_to_H_cases exception_defs) apply (clarsimp simp add: guard_is_UNIV_def isWaitingNtfn_def - ThreadState_Restart_def mask_def + ThreadState_defs mask_def rf_sr_ksCurThread capTCBPtr_eq) apply (simp add: hd_conv_nth bindE_bind_linearise nTFN_case_If_ptr throwError_bind invocationCatch_def) apply (rule ccorres_from_vcg_split_throws[where P=\ and P'=UNIV]) @@ -4421,7 +4419,7 @@ lemma decodeSetSpace_ccorres: rightsFromWord_wordFromRights capTCBPtr_eq tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - "StrictC'_thread_state_defs" mask_eq_iff_w2p word_size) + ThreadState_defs mask_eq_iff_w2p word_size) apply (simp add: word_sle_def cap_get_tag_isCap) apply (subgoal_tac "args \ []") apply (fastforce simp: hd_conv_nth objBits_defs) @@ -4502,7 +4500,7 @@ lemma decodeSetTLSBase_ccorres: apply (clarsimp simp: ct_in_state'_def sysargs_rel_n_def n_msgRegisters_def) apply (auto simp: valid_tcb_state'_def elim!: pred_tcb'_weakenE)[1] - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (auto simp: unat_eq_0 le_max_word_ucast_id)+ @@ -4654,8 +4652,7 @@ lemma decodeTCBInvocation_ccorres: dest!: st_tcb_at_idle_thread')[1] apply (simp split: sum.split add: cintr_def intr_and_se_rel_def exception_defs syscall_error_rel_def) - apply (simp add: "StrictC'_thread_state_defs" mask_eq_iff_w2p word_size - cap_get_tag_isCap) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size) apply (simp add: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply clarsimp done diff --git a/proof/crefine/RISCV64/ADT_C.thy b/proof/crefine/RISCV64/ADT_C.thy index ad14a9ad6a..7b4ddd4efe 100644 --- a/proof/crefine/RISCV64/ADT_C.thy +++ b/proof/crefine/RISCV64/ADT_C.thy @@ -750,11 +750,7 @@ lemma cthread_state_rel_imp_eq: "cthread_state_relation x z \ cthread_state_relation y z \ x=y" apply (simp add: cthread_state_relation_def split_def) apply (cases x) - apply (cases y, simp_all add: ThreadState_BlockedOnReceive_def - ThreadState_BlockedOnReply_def ThreadState_BlockedOnNotification_def - ThreadState_Running_def ThreadState_Inactive_def - ThreadState_IdleThreadState_def ThreadState_BlockedOnSend_def - ThreadState_Restart_def)+ + apply (cases y, simp_all add: ThreadState_defs)+ done lemma ksPSpace_valid_objs_tcbBoundNotification_nonzero: diff --git a/proof/crefine/RISCV64/Arch_C.thy b/proof/crefine/RISCV64/Arch_C.thy index b96179f21a..49083a7bd3 100644 --- a/proof/crefine/RISCV64/Arch_C.thy +++ b/proof/crefine/RISCV64/Arch_C.thy @@ -1104,11 +1104,9 @@ lemma decodeRISCVPageTableInvocation_ccorres: subgoal for _ v1 (* RISCVPageTableUnmap: C preconditions *) apply (drule_tac t="cteCap _" in sym) - apply (clarsimp simp: rf_sr_ksCurThread "StrictC'_thread_state_defs" - mask_eq_iff_w2p word_size - ct_in_state'_def st_tcb_at'_def - word_sle_def word_sless_def - typ_heap_simps' bit_simps) + apply (clarsimp simp: rf_sr_ksCurThread ThreadState_defs mask_eq_iff_w2p word_size + ct_in_state'_def st_tcb_at'_def word_sle_def word_sless_def + typ_heap_simps' bit_simps) apply (frule cap_get_tag_isCap_unfolded_H_cap, simp) apply clarsimp apply (case_tac v1; clarsimp) @@ -1120,7 +1118,7 @@ lemma decodeRISCVPageTableInvocation_ccorres: (* RISCVPageTableMap: C preconditions *) apply (prop_tac "SCAST(32 signed \ 64) ThreadState_Restart && mask 4 = SCAST(32 signed \ 64) ThreadState_Restart") - apply (solves \clarsimp simp: ThreadState_Restart_def mask_def\) + apply (solves \clarsimp simp: ThreadState_defs mask_def\) apply (clarsimp cong: imp_cong conj_cong) apply (clarsimp simp: neq_Nil_conv[where xs=extraCaps] excaps_in_mem_def slotcap_in_mem_def @@ -1386,7 +1384,7 @@ lemma performPageGetAddress_ccorres: apply clarsimp apply (vcg exspec=setRegister_modifies) apply wpsimp - apply (clarsimp simp: ThreadState_Running_def) + apply clarsimp apply (vcg exspec=lookupIPCBuffer_modifies) apply clarsimp apply vcg @@ -1398,7 +1396,7 @@ lemma performPageGetAddress_ccorres: seL4_MessageInfo_lift_def message_info_to_H_def mask_def) apply (cases isCall) apply (auto simp: RISCV64.badgeRegister_def RISCV64_H.badgeRegister_def Kernel_C.badgeRegister_def - Kernel_C.a0_def fromPAddr_def ThreadState_Running_def + Kernel_C.a0_def fromPAddr_def ThreadState_defs pred_tcb_at'_def obj_at'_def ct_in_state'_def) done @@ -2073,7 +2071,7 @@ lemma decodeRISCVFrameInvocation_ccorres: apply (prop_tac "SCAST(32 signed \ 64) ThreadState_Restart && mask 4 = SCAST(32 signed \ 64) ThreadState_Restart") - apply (solves \clarsimp simp: ThreadState_Restart_def mask_def\) + apply (solves \clarsimp simp: ThreadState_defs mask_def\) apply (rule conjI) (* RISCVPageMap, Haskell side *) @@ -2123,7 +2121,7 @@ lemma decodeRISCVFrameInvocation_ccorres: apply (clarsimp simp: not_le rf_sr_ksCurThread isCap_simps) apply (prop_tac "SCAST(32 signed \ 64) ThreadState_Restart && mask 4 = SCAST(32 signed \ 64) ThreadState_Restart") - apply (solves \clarsimp simp: ThreadState_Restart_def mask_def\) + apply (solves \clarsimp\) apply (rule conjI, solves \simp add: word_less_nat_alt\) (* size args < 3 *) (* get a hold of our valid caps and resolve the C heap *) @@ -2515,7 +2513,7 @@ lemma decodeRISCVMMUInvocation_ccorres: apply (rule_tac Q'=UNIV and A'="{}" in conseqPost) apply (vcg exspec=ensureEmptySlot_modifies) apply (frule length_ineq_not_Nil) - apply (clarsimp simp: null_def ThreadState_Restart_def mask_def hd_conv_nth + apply (clarsimp simp: null_def ThreadState_defs mask_def hd_conv_nth isCap_simps rf_sr_ksCurThread cap_get_tag_UntypedCap word_le_make_less asid_high_bits_def split: list.split) @@ -2879,8 +2877,7 @@ lemma decodeRISCVMMUInvocation_ccorres: apply clarsimp apply (clarsimp simp: cte_wp_at_ctes_of asidHighBits_handy_convs word_sle_def word_sless_def asidLowBits_handy_convs - rf_sr_ksCurThread "StrictC'_thread_state_defs" - mask_def[where n=4] + rf_sr_ksCurThread ThreadState_defs mask_def[where n=4] cong: if_cong) apply (clarsimp simp: ccap_relation_isDeviceCap2 objBits_simps pageBits_def case_bool_If) apply (rule conjI; clarsimp) diff --git a/proof/crefine/RISCV64/Finalise_C.thy b/proof/crefine/RISCV64/Finalise_C.thy index a6af450eb3..6a51ca38f4 100644 --- a/proof/crefine/RISCV64/Finalise_C.thy +++ b/proof/crefine/RISCV64/Finalise_C.thy @@ -258,10 +258,8 @@ next sts_running_valid_queues sts_st_tcb' setThreadState_oa_queued | simp)+ apply (vcg exspec=setThreadState_cslift_spec exspec=tcbSchedEnqueue_cslift_spec) - apply (clarsimp simp: tcb_at_not_NULL - Collect_const_mem valid_tcb_state'_def - ThreadState_Restart_def mask_def - valid_objs'_maxDomain valid_objs'_maxPriority) + apply (clarsimp simp: tcb_at_not_NULL Collect_const_mem valid_tcb_state'_def + ThreadState_defs mask_def valid_objs'_maxDomain valid_objs'_maxPriority) apply (drule(1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (rule conjI) @@ -640,7 +638,7 @@ lemma suspend_ccorres: apply clarsimp apply (rule iffI) apply simp - apply (erule thread_state_to_tsType.elims; simp add: StrictC'_thread_state_defs) + apply (erule thread_state_to_tsType.elims; simp add: ThreadState_defs) apply (ctac (no_vcg) add: updateRestartPC_ccorres) apply (rule ccorres_return_Skip) apply ceqv @@ -675,7 +673,7 @@ lemma suspend_ccorres: apply (rule delete_one_conc_fr.cancelIPC_invs) apply (fastforce simp: invs_valid_queues' invs_queues invs_valid_objs' valid_tcb_state'_def) - apply (auto simp: "StrictC'_thread_state_defs") + apply (auto simp: ThreadState_defs) done lemma cap_to_H_NTFNCap_tag: diff --git a/proof/crefine/RISCV64/Interrupt_C.thy b/proof/crefine/RISCV64/Interrupt_C.thy index 4914156927..c23fb74d58 100644 --- a/proof/crefine/RISCV64/Interrupt_C.thy +++ b/proof/crefine/RISCV64/Interrupt_C.thy @@ -230,7 +230,7 @@ lemma decodeIRQHandlerInvocation_ccorres: apply (clarsimp simp: Collect_const_mem neq_Nil_conv dest!: interpret_excaps_eq) apply (simp add: rf_sr_ksCurThread mask_def[where n=4] - "StrictC'_thread_state_defs" cap_get_tag_isCap excaps_map_def + ThreadState_defs cap_get_tag_isCap excaps_map_def word_sless_def word_sle_def) apply (simp add: invocationCatch_def throwError_bind interpret_excaps_test_null Collect_True @@ -260,8 +260,7 @@ lemma decodeIRQHandlerInvocation_ccorres: apply (clarsimp simp: invs_queues invs_valid_objs' ct_in_state'_def ccap_rights_relation_def - mask_def[where n=4] - "StrictC'_thread_state_defs") + mask_def[where n=4] ThreadState_defs) apply (subst pred_tcb'_weakenE, assumption, fastforce)+ apply (clarsimp simp: rf_sr_ksCurThread word_sle_def word_sless_def sysargs_rel_n_def word_less_nat_alt) @@ -607,7 +606,7 @@ lemma Arch_decodeIRQControlInvocation_ccorres: apply (simp add: and_mask_eq_iff_le_mask) apply (simp add: mask_def word_le_nat_alt) apply (clarsimp simp: numeral_2_eq_2 numeral_3_eq_3 exception_defs - ThreadState_Restart_def mask_def) + ThreadState_defs mask_def) apply (rule conseqPre, vcg) apply (fastforce simp: exception_defs split: if_split) apply (rule subset_refl) @@ -630,7 +629,6 @@ lemma Arch_decodeIRQControlInvocation_ccorres: apply clarsimp apply (clarsimp simp: interpret_excaps_test_null excaps_map_def Collect_const_mem word_sless_def word_sle_def - ThreadState_Restart_def unat_of_nat mask_def sysargs_rel_to_n cong: if_cong) apply (rule conjI) @@ -774,7 +772,7 @@ lemma decodeIRQControlInvocation_ccorres: apply (rule sym) apply (simp add: and_mask_eq_iff_le_mask) apply (simp add: mask_def word_le_nat_alt) - apply (clarsimp simp: numeral_2_eq_2 exception_defs ThreadState_Restart_def mask_def) + apply (clarsimp simp: numeral_2_eq_2 exception_defs ThreadState_defs mask_def) apply (rule conseqPre, vcg) apply (fastforce simp: exception_defs) apply (rule subset_refl) @@ -800,7 +798,6 @@ lemma decodeIRQControlInvocation_ccorres: apply clarsimp apply (clarsimp simp: interpret_excaps_test_null excaps_map_def Collect_const_mem word_sless_def word_sle_def - ThreadState_Restart_def unat_of_nat mask_def sysargs_rel_to_n cong: if_cong) apply (rule conjI) diff --git a/proof/crefine/RISCV64/Invoke_C.thy b/proof/crefine/RISCV64/Invoke_C.thy index 91e7c9a063..f650ef4f20 100644 --- a/proof/crefine/RISCV64/Invoke_C.thy +++ b/proof/crefine/RISCV64/Invoke_C.thy @@ -199,7 +199,7 @@ lemma decodeDomainInvocation_ccorres: apply (clarsimp simp: valid_tcb_state'_def invs_valid_queues' invs_valid_objs' invs_queues invs_sch_act_wf' ct_in_state'_def pred_tcb_at' rf_sr_ksCurThread word_sle_def word_sless_def sysargs_rel_to_n - mask_eq_iff_w2p mask_eq_iff_w2p word_size "StrictC'_thread_state_defs") + mask_eq_iff_w2p mask_eq_iff_w2p word_size ThreadState_defs) apply (rule conjI) apply (clarsimp simp: linorder_not_le isCap_simps) apply (rule conjI, clarsimp simp: unat64_eq_of_nat) @@ -1365,7 +1365,7 @@ lemma decodeCNodeInvocation_ccorres: apply (frule interpret_excaps_eq) apply (clarsimp simp: excaps_map_def mask_def[where n=4] ccap_rights_relation_def rightsFromWord_wordFromRights - "StrictC'_thread_state_defs" map_comp_Some_iff + ThreadState_defs map_comp_Some_iff rf_sr_ksCurThread hd_conv_nth hd_drop_conv_nth) apply ((rule conjI | clarsimp simp: rightsFromWord_wordFromRights @@ -3256,8 +3256,7 @@ lemma decodeUntypedInvocation_ccorres_helper: unat_of_nat_APIType_capBits word_size hd_conv_nth length_ineq_not_Nil not_less word_le_nat_alt isCap_simps valid_cap_simps') apply (strengthen word_of_nat_less) - apply (clarsimp simp: StrictC'_thread_state_defs mask_def - ccap_relation_isDeviceCap2 + apply (clarsimp simp: ThreadState_defs mask_def ccap_relation_isDeviceCap2 split: if_split) apply (clarsimp simp: not_less shiftr_overflow maxUntypedSizeBits_def unat_of_nat_APIType_capBits) @@ -3363,8 +3362,7 @@ lemma decodeUntypedInvocation_ccorres_helper: apply (clarsimp simp: hd_drop_conv_nth2 hd_conv_nth neq_Nil_lengthI ct_in_state'_def pred_tcb_at' rf_sr_ksCurThread mask_eq_iff_w2p - "StrictC'_thread_state_defs" numeral_eqs[symmetric] - cap_get_tag_isCap cte_wp_at_ctes_of + numeral_eqs[symmetric] cap_get_tag_isCap cte_wp_at_ctes_of unat_eq_0 ccHoarePost_def) apply (rule conjI) apply (clarsimp simp: linorder_not_less isCap_simps) diff --git a/proof/crefine/RISCV64/IpcCancel_C.thy b/proof/crefine/RISCV64/IpcCancel_C.thy index fc510629a6..716f11e51f 100644 --- a/proof/crefine/RISCV64/IpcCancel_C.thy +++ b/proof/crefine/RISCV64/IpcCancel_C.thy @@ -425,7 +425,7 @@ lemma isStopped_ccorres [corres]: apply clarsimp apply (clarsimp simp: typ_heap_simps ctcb_relation_thread_state_to_tsType split: thread_state.splits) - apply (simp add: "StrictC'_thread_state_defs")+ + apply (simp add: ThreadState_defs)+ done lemma isRunnable_ccorres [corres]: @@ -453,7 +453,7 @@ lemma isRunnable_ccorres [corres]: apply (clarsimp) apply (clarsimp simp: typ_heap_simps ctcb_relation_thread_state_to_tsType split: thread_state.splits) - apply (simp add: "StrictC'_thread_state_defs")+ + apply (simp add: ThreadState_defs)+ done @@ -2365,7 +2365,7 @@ lemma scheduleTCB_ccorres': apply (clarsimp simp: typ_heap_simps) apply (subgoal_tac "ksSchedulerAction \ = ResumeCurrentThread") apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def cscheduler_action_relation_def tcb_at_not_NULL split: scheduler_action.split_asm) @@ -2419,7 +2419,7 @@ lemma scheduleTCB_ccorres_valid_queues'_pre: apply (drule (1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def weak_sch_act_wf_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (fold_subgoals (prefix))[6] subgoal premises prems using prems by (clarsimp simp: rf_sr_def cstate_relation_def Let_def @@ -2513,7 +2513,7 @@ lemma scheduleTCB_ccorres_valid_queues'_pre_simple: apply (clarsimp simp: typ_heap_simps) apply (subgoal_tac "ksSchedulerAction \ = ResumeCurrentThread") apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def cscheduler_action_relation_def tcb_at_not_NULL @@ -2608,11 +2608,11 @@ lemma cancelSignal_ccorres [corres]: apply (ctac (no_vcg) add: cancelSignal_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply ((wp setNotification_nosch setNotification_ksQ hoare_vcg_all_lift set_ntfn_valid_objs' | simp add: valid_tcb_state'_def split del: if_split)+)[1] - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply (rule conjI, clarsimp, rule conjI, clarsimp) apply (frule (1) ko_at_valid_ntfn'[OF _ invs_valid_objs']) subgoal by ((auto simp: obj_at'_def projectKOs st_tcb_at'_def invs'_def valid_state'_def - isTS_defs cte_wp_at_ctes_of "StrictC'_thread_state_defs" + isTS_defs cte_wp_at_ctes_of cthread_state_relation_def sch_act_wf_weak valid_ntfn'_def dest!: valid_queues_not_runnable'_not_ksQ[where t=thread] | clarsimp simp: eq_commute)+) @@ -2620,7 +2620,7 @@ lemma cancelSignal_ccorres [corres]: apply (frule (1) ko_at_valid_ntfn'[OF _ invs_valid_objs']) apply (frule (2) ntfn_blocked_in_queueD) by (auto simp: obj_at'_def projectKOs st_tcb_at'_def invs'_def valid_state'_def - isTS_defs cte_wp_at_ctes_of "StrictC'_thread_state_defs" valid_ntfn'_def + isTS_defs cte_wp_at_ctes_of valid_ntfn'_def cthread_state_relation_def sch_act_wf_weak isWaitingNtfn_def dest!: valid_queues_not_runnable'_not_ksQ[where t=thread] split: ntfn.splits option.splits @@ -3064,7 +3064,7 @@ lemma cancelIPC_ccorres1: apply (rule_tac P="rv' = thread_state_to_tsType rv" in ccorres_gen_asm2) apply wpc \ \BlockedOnReceive\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs cong: call_ignore_cong) + apply (simp add: word_sle_def ccorres_cond_iffs cong: call_ignore_cong) apply (rule ccorres_rhs_assoc)+ apply csymbr apply csymbr @@ -3080,7 +3080,7 @@ lemma cancelIPC_ccorres1: apply (ctac (no_vcg) add: cancelIPC_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply (wp hoare_vcg_all_lift set_ep_valid_objs' | simp add: valid_tcb_state'_def split del: if_split)+ - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply vcg apply (rule conseqPre, vcg) apply clarsimp @@ -3090,7 +3090,7 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \BlockedOnReply case\ - apply (simp add: "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: ThreadState_defs ccorres_cond_iffs Collect_False Collect_True word_sle_def cong: call_ignore_cong del: Collect_const) apply (rule ccorres_rhs_assoc)+ @@ -3149,7 +3149,7 @@ lemma cancelIPC_ccorres1: apply (clarsimp simp add: guard_is_UNIV_def tcbReplySlot_def Kernel_C.tcbReply_def tcbCNodeEntries_def) \ \BlockedOnNotification\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong) apply (rule ccorres_symb_exec_r) apply (ctac (no_vcg)) @@ -3159,11 +3159,11 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \Running, Inactive, and Idle\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong, rule ccorres_return_Skip)+ \ \BlockedOnSend\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ccorres_cond_iffs cong: call_ignore_cong) \ \clag\ apply (rule ccorres_rhs_assoc)+ @@ -3180,7 +3180,7 @@ lemma cancelIPC_ccorres1: apply (ctac (no_vcg) add: cancelIPC_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply (wp hoare_vcg_all_lift set_ep_valid_objs' | simp add: valid_tcb_state'_def split del:if_split)+ - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply clarsimp apply (rule conseqPre, vcg, rule subset_refl) apply (rule conseqPre, vcg) @@ -3190,7 +3190,7 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \Restart\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong, rule ccorres_return_Skip) \ \Post wp proofs\ diff --git a/proof/crefine/RISCV64/Ipc_C.thy b/proof/crefine/RISCV64/Ipc_C.thy index 237167fb84..4c4cf65500 100644 --- a/proof/crefine/RISCV64/Ipc_C.thy +++ b/proof/crefine/RISCV64/Ipc_C.thy @@ -4259,9 +4259,7 @@ proof - apply ((wp threadSet_valid_queues threadSet_sch_act threadSet_valid_queues' hoare_weak_lift_imp threadSet_valid_objs' threadSet_weak_sch_act_wf | simp add: valid_tcb_state'_def)+)[1] - apply (clarsimp simp: guard_is_UNIV_def ThreadState_Restart_def - ThreadState_Inactive_def mask_def - option_to_ctcb_ptr_def) + apply (clarsimp simp: guard_is_UNIV_def ThreadState_defs mask_def option_to_ctcb_ptr_def) apply (rule_tac Q="\rv. valid_queues and tcb_at' receiver and valid_queues' and valid_objs' and sch_act_simple and (\s. ksCurDomain s \ maxDomain) and @@ -4283,7 +4281,7 @@ proof - apply (simp(no_asm_use) add: gs_set_assn_Delete_cstate_relation[unfolded o_def] subset_iff rf_sr_def) apply (clarsimp simp: guard_is_UNIV_def option_to_ptr_def option_to_0_def - ThreadState_Running_def mask_def + ThreadState_defs mask_def ghost_assertion_data_get_def ghost_assertion_data_set_def cap_tag_defs option_to_ctcb_ptr_def split: option.splits) @@ -4377,7 +4375,7 @@ lemma setupCallerCap_ccorres [corres]: Kernel_C.tcbCaller_def) apply simp apply wp - apply (clarsimp simp: Kernel_C.ThreadState_BlockedOnReply_def mask_def + apply (clarsimp simp: ThreadState_defs mask_def valid_pspace'_def tcbReplySlot_def valid_tcb_state'_def Collect_const_mem tcb_cnode_index_defs) @@ -4589,7 +4587,7 @@ lemma sendIPC_block_ccorres_helper: (simp add: typ_heap_simps')+)[1] apply (simp add: tcb_cte_cases_def cteSizeBits_def) apply (simp add: ctcb_relation_def cthread_state_relation_def - ThreadState_BlockedOnSend_def mask_def) + ThreadState_defs mask_def) apply (clarsimp simp: canonical_address_sign_extended sign_extended_iff_sign_extend split: bool.split) apply ceqv @@ -5009,9 +5007,8 @@ lemma sendIPC_ccorres [corres]: set_ep_valid_objs' setEndpoint_valid_mdb' | wp (once) hoare_drop_imp | strengthen sch_act_wf_weak)+ - apply (fastforce simp: guard_is_UNIV_def ThreadState_Inactive_def Collect_const_mem - ThreadState_Running_def mask_def - option_to_ptr_def option_to_0_def + apply (fastforce simp: guard_is_UNIV_def ThreadState_defs Collect_const_mem mask_def + option_to_ptr_def option_to_0_def split: bool.split_asm) \ \IdleEP case\ @@ -5167,7 +5164,7 @@ lemma receiveIPC_block_ccorres_helper: apply (erule(1) rf_sr_tcb_update_no_queue_gen, (simp add: typ_heap_simps)+) apply (simp add: tcb_cte_cases_def cteSizeBits_def) apply (simp add: ctcb_relation_def cthread_state_relation_def ccap_relation_ep_helpers - ThreadState_BlockedOnReceive_def mask_def cap_get_tag_isCap) + ThreadState_defs mask_def cap_get_tag_isCap) apply (clarsimp simp: canonical_address_sign_extended sign_extended_iff_sign_extend) apply ceqv apply clarsimp @@ -5785,9 +5782,8 @@ lemma receiveIPC_ccorres [corres]: apply (ctac add: possibleSwitchTo_ccorres) apply (wpsimp wp: sts_st_tcb' sts_valid_queues) apply (vcg exspec=setThreadState_modifies) - apply (fastforce simp: guard_is_UNIV_def ThreadState_Inactive_def - mask_def ThreadState_Running_def cap_get_tag_isCap - ccap_relation_ep_helpers) + apply (fastforce simp: guard_is_UNIV_def ThreadState_defs mask_def + cap_get_tag_isCap ccap_relation_ep_helpers) apply (clarsimp simp: valid_tcb_state'_def) apply (rule_tac Q="\_. valid_pspace' and valid_queues and st_tcb_at' ((=) sendState) sender and tcb_at' thread @@ -6111,10 +6107,9 @@ lemma sendSignal_ccorres [corres]: apply (clarsimp simp: guard_is_UNIV_def option_to_ctcb_ptr_def RISCV64_H.badgeRegister_def C_register_defs RISCV64.badgeRegister_def RISCV64.capRegister_def - "StrictC'_thread_state_defs"less_mask_eq - Collect_const_mem) + ThreadState_defs less_mask_eq Collect_const_mem) apply (case_tac ts, simp_all add: receiveBlocked_def typ_heap_simps - cthread_state_relation_def "StrictC'_thread_state_defs")[1] + cthread_state_relation_def ThreadState_defs)[1] \ \ActiveNtfn case\ apply (rename_tac old_badge) apply (rule ccorres_cond_false) @@ -6172,7 +6167,7 @@ lemma sendSignal_ccorres [corres]: sts_valid_queues tcb_in_cur_domain'_lift)[1] apply (wp sts_valid_queues sts_runnable) apply (wp setThreadState_st_tcb set_ntfn_valid_objs' | clarsimp)+ - apply (clarsimp simp: guard_is_UNIV_def ThreadState_Running_def mask_def + apply (clarsimp simp: guard_is_UNIV_def ThreadState_defs mask_def badgeRegister_def C_register_defs RISCV64.badgeRegister_def RISCV64.capRegister_def) apply (clarsimp simp: guard_is_UNIV_def NtfnState_Idle_def @@ -6228,7 +6223,7 @@ lemma receiveSignal_block_ccorres_helper: (simp add: typ_heap_simps')+) apply (simp add: tcb_cte_cases_def cteSizeBits_def) apply (simp add: ctcb_relation_def cthread_state_relation_def - ThreadState_BlockedOnNotification_def mask_def + ThreadState_defs mask_def flip: canonical_bit_def) apply (clarsimp simp: canonical_address_sign_extended sign_extended_iff_sign_extend) apply ceqv diff --git a/proof/crefine/RISCV64/Recycle_C.thy b/proof/crefine/RISCV64/Recycle_C.thy index d611410f77..f1564bcc83 100644 --- a/proof/crefine/RISCV64/Recycle_C.thy +++ b/proof/crefine/RISCV64/Recycle_C.thy @@ -752,7 +752,7 @@ lemma ctcb_relation_blocking_ipc_badge: apply (simp add: isBlockedOnSend_def split: Structures_H.thread_state.split_asm) apply (clarsimp simp: cthread_state_relation_def) apply (clarsimp simp add: ctcb_relation_def cthread_state_relation_def) - apply (cases "tcbState tcb", simp_all add: "StrictC'_thread_state_defs") + apply (cases "tcbState tcb", simp_all add: ThreadState_defs) done lemma cendpoint_relation_q_cong: @@ -1030,7 +1030,7 @@ lemma cancelBadgedSends_ccorres: apply (clarsimp simp: typ_heap_simps st_tcb_at'_def) apply (drule(1) obj_at_cslift_tcb) apply (clarsimp simp: ctcb_relation_blocking_ipc_badge) - apply (rule conjI, simp add: "StrictC'_thread_state_defs" mask_def) + apply (rule conjI, simp add: ThreadState_defs mask_def) apply (rule conjI) apply clarsimp apply (frule rf_sr_cscheduler_relation) diff --git a/proof/crefine/RISCV64/Refine_C.thy b/proof/crefine/RISCV64/Refine_C.thy index 5653b9c881..1eeb2d9b3b 100644 --- a/proof/crefine/RISCV64/Refine_C.thy +++ b/proof/crefine/RISCV64/Refine_C.thy @@ -737,15 +737,7 @@ lemma ct_running'_C: apply (frule (1) map_to_ko_atI') apply (erule obj_at'_weakenE) apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: - ThreadState_Running_def - ThreadState_BlockedOnReceive_def - ThreadState_BlockedOnSend_def - ThreadState_BlockedOnReply_def - ThreadState_BlockedOnNotification_def - ThreadState_Inactive_def - ThreadState_IdleThreadState_def - ThreadState_Restart_def) + apply (case_tac "tcbState ko"; simp add: ThreadState_defs) done lemma full_invs_both: diff --git a/proof/crefine/RISCV64/Retype_C.thy b/proof/crefine/RISCV64/Retype_C.thy index 07db6d2d96..9a2bc7f66f 100644 --- a/proof/crefine/RISCV64/Retype_C.thy +++ b/proof/crefine/RISCV64/Retype_C.thy @@ -3309,7 +3309,7 @@ proof - apply (simp add: fbtcb minBound_word) apply (intro conjI) apply (simp add: cthread_state_relation_def thread_state_lift_def - eval_nat_numeral ThreadState_Inactive_def) + eval_nat_numeral ThreadState_defs) apply (clarsimp simp: ccontext_relation_def newContext_def2 carch_tcb_relation_def newArchTCB_def cregs_relation_def atcbContextGet_def) apply (case_tac r; simp add: C_register_defs index_foldr_update diff --git a/proof/crefine/RISCV64/SR_lemmas_C.thy b/proof/crefine/RISCV64/SR_lemmas_C.thy index bd30c0165a..7f1d299552 100644 --- a/proof/crefine/RISCV64/SR_lemmas_C.thy +++ b/proof/crefine/RISCV64/SR_lemmas_C.thy @@ -1600,7 +1600,6 @@ where | "thread_state_to_tsType (Structures_H.BlockedOnSend oref badge cg cgr isc) = scast ThreadState_BlockedOnSend" | "thread_state_to_tsType (Structures_H.BlockedOnNotification oref) = scast ThreadState_BlockedOnNotification" - lemma ctcb_relation_thread_state_to_tsType: "ctcb_relation tcb ctcb \ tsType_CL (thread_state_lift (tcbState_C ctcb)) = thread_state_to_tsType (tcbState tcb)" unfolding ctcb_relation_def cthread_state_relation_def diff --git a/proof/crefine/RISCV64/Schedule_C.thy b/proof/crefine/RISCV64/Schedule_C.thy index 174c280acf..fb02afc6d0 100644 --- a/proof/crefine/RISCV64/Schedule_C.thy +++ b/proof/crefine/RISCV64/Schedule_C.thy @@ -86,24 +86,6 @@ lemma switchToThread_ccorres: apply (clarsimp simp: all_invs_but_ct_idle_or_in_cur_domain'_def valid_state'_def) done -lemma get_tsType_ccorres2: - "ccorres (\r r'. r' = thread_state_to_tsType r) ret__unsigned_longlong_' (tcb_at' thread) - (UNIV \ {s. f s = tcb_ptr_to_ctcb_ptr thread} \ - {s. cslift s (Ptr &(f s\[''tcbState_C''])) = Some (thread_state_' s)}) [] - (getThreadState thread) (Call thread_state_get_tsType_'proc)" - unfolding getThreadState_def - apply (rule ccorres_from_spec_modifies [where P=\, simplified]) - apply (rule thread_state_get_tsType_spec) - apply (rule thread_state_get_tsType_modifies) - apply simp - apply (frule (1) obj_at_cslift_tcb) - apply (clarsimp simp: typ_heap_simps) - apply (rule bexI [rotated, OF threadGet_eq], assumption) - apply simp - apply (drule ctcb_relation_thread_state_to_tsType) - apply simp - done - lemma activateThread_ccorres: "ccorres dc xfdc (ct_in_state' activatable' and (\s. sch_act_wf (ksSchedulerAction s) s) @@ -113,7 +95,7 @@ lemma activateThread_ccorres: (Call activateThread_'proc)" apply (cinit) apply (rule ccorres_pre_getCurThread) - apply (ctac add: get_tsType_ccorres2 [where f="\s. ksCurThread_' (globals s)"]) + apply (ctac add: get_tsType_ccorres [where f="\s. ksCurThread_' (globals s)"]) apply (rule_tac P="activatable' rv" in ccorres_gen_asm) apply (wpc) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) @@ -123,7 +105,7 @@ lemma activateThread_ccorres: apply (rule ccorres_cond_true) apply (rule ccorres_return_Skip) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) - apply (simp add: "StrictC'_thread_state_defs" del: Collect_const) + apply (simp add: ThreadState_defs del: Collect_const) apply (rule ccorres_cond_false) apply (rule ccorres_cond_false) apply (rule ccorres_cond_true) @@ -131,7 +113,7 @@ lemma activateThread_ccorres: apply (rule allI, rule conseqPre, vcg) apply (clarsimp simp: activateIdleThread_def return_def) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) - apply (simp add: "StrictC'_thread_state_defs" del: Collect_const) + apply (simp add: ThreadState_defs del: Collect_const) apply (rule ccorres_cond_false) apply (rule ccorres_cond_true) apply (rule ccorres_rhs_assoc)+ @@ -154,7 +136,7 @@ lemma activateThread_ccorres: apply (subgoal_tac "ksCurThread_' (globals s') = tcb_ptr_to_ctcb_ptr (ksCurThread s)") prefer 2 apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def) - apply (clarsimp simp: typ_heap_simps ThreadState_Running_def mask_def) + apply (clarsimp simp: typ_heap_simps ThreadState_defs mask_def) done lemma ceqv_Guard_UNIV_Skip: @@ -707,10 +689,10 @@ lemma timerTick_ccorres: supply subst_all [simp del] apply (cinit) apply (rule ccorres_pre_getCurThread) - apply (ctac add: get_tsType_ccorres2 [where f="\s. ksCurThread_' (globals s)"]) + apply (ctac add: get_tsType_ccorres [where f="\s. ksCurThread_' (globals s)"]) apply (rule ccorres_split_nothrow_novcg) apply wpc - apply (simp add: "StrictC'_thread_state_defs", rule ccorres_cond_false, rule ccorres_return_Skip)+ + apply (simp add: ThreadState_defs, rule ccorres_cond_false, rule ccorres_return_Skip)+ (* thread_state.Running *) apply simp apply (rule ccorres_cond_true) @@ -742,7 +724,7 @@ lemma timerTick_ccorres: threadSet_pred_tcb_at_state tcbSchedAppend_valid_objs' threadSet_valid_objs' threadSet_tcbDomain_triv | clarsimp simp: st_tcb_at'_def o_def split: if_splits)+ apply (vcg exspec=tcbSchedDequeue_modifies) - apply (simp add: "StrictC'_thread_state_defs", rule ccorres_cond_false, rule ccorres_return_Skip)+ + apply (simp add: ThreadState_defs, rule ccorres_cond_false, rule ccorres_return_Skip)+ apply ceqv apply (clarsimp simp: decDomainTime_def numDomains_sge_1_simp) apply (rule ccorres_when[where R=\]) diff --git a/proof/crefine/RISCV64/SyscallArgs_C.thy b/proof/crefine/RISCV64/SyscallArgs_C.thy index 5882cccc7a..3345ec7b9f 100644 --- a/proof/crefine/RISCV64/SyscallArgs_C.thy +++ b/proof/crefine/RISCV64/SyscallArgs_C.thy @@ -416,11 +416,13 @@ lemma is_syscall_error_codes: by ((rule iffD2[OF is_syscall_error_code_def], intro allI, rule conseqPre, vcg, safe, (simp_all add: o_def)?)+) -lemma syscall_error_throwError_ccorres_direct: +lemma syscall_error_throwError_ccorres_direct_gen: "\ is_syscall_error_code f code; + \x y g. arrel (Inl x) y = (intr_and_se_rel \ g) (Inl x) y; \err' ft'. syscall_error_to_H (f err') ft' = Some err \ \ - ccorres (intr_and_se_rel \ dc) (liftxf errstate id v' ret__unsigned_long_') + ccorres_underlying rf_sr \ rrel xf + arrel (liftxf errstate id v' ret__unsigned_long_') \ (UNIV) (SKIP # hs) (throwError (Inl err)) code" apply (rule ccorres_from_vcg_throws) @@ -430,28 +432,35 @@ lemma syscall_error_throwError_ccorres_direct: apply (simp add: syscall_error_rel_def exception_defs) done -lemma syscall_error_throwError_ccorres_succs: +lemma syscall_error_throwError_ccorres_succs_gen: "\ is_syscall_error_code f code; + \x y g. arrel (Inl x) y = (intr_and_se_rel \ g) (Inl x) y; \err' ft'. syscall_error_to_H (f err') ft' = Some err \ \ - ccorres (intr_and_se_rel \ dc) (liftxf errstate id v' ret__unsigned_long_') + ccorres_underlying rf_sr \ rrel xf + arrel (liftxf errstate id v' ret__unsigned_long_') \ (UNIV) (SKIP # hs) (throwError (Inl err)) (code ;; remainder)" apply (rule ccorres_guard_imp2, rule ccorres_split_throws) - apply (erule syscall_error_throwError_ccorres_direct) - apply simp + apply (erule syscall_error_throwError_ccorres_direct_gen; assumption) apply (rule HoarePartialProps.augment_Faults) apply (erule iffD1[OF is_syscall_error_code_def, THEN spec]) apply simp+ done -lemmas syscall_error_throwError_ccorres_n = - is_syscall_error_codes[THEN syscall_error_throwError_ccorres_direct, +lemmas syscall_error_throwError_ccorres_n_gen = + is_syscall_error_codes[THEN syscall_error_throwError_ccorres_direct_gen, simplified o_apply] - is_syscall_error_codes[THEN syscall_error_throwError_ccorres_succs, + is_syscall_error_codes[THEN syscall_error_throwError_ccorres_succs_gen, simplified o_apply] +lemmas syscall_error_throwError_ccorres_n = + syscall_error_throwError_ccorres_n_gen[where arrel="intr_and_se_rel \ dc", simplified] + +lemmas syscall_error_throwError_ccorres_n_inl_rrel = + syscall_error_throwError_ccorres_n_gen[where arrel="inl_rrel (intr_and_se_rel \ dc)", simplified] + definition idButNot :: "'a \ 'a" where "idButNot x = x" diff --git a/proof/crefine/RISCV64/Syscall_C.thy b/proof/crefine/RISCV64/Syscall_C.thy index f6235180a6..d6bdf0ecdd 100644 --- a/proof/crefine/RISCV64/Syscall_C.thy +++ b/proof/crefine/RISCV64/Syscall_C.thy @@ -317,7 +317,7 @@ lemma decodeInvocation_ccorres: apply fastforce apply (simp add: cap_lift_capEPBadge_mask_eq) apply (clarsimp simp: rf_sr_ksCurThread Collect_const_mem - cap_get_tag_isCap "StrictC'_thread_state_defs") + cap_get_tag_isCap ThreadState_defs) apply (frule word_unat.Rep_inverse') apply (simp add: cap_get_tag_isCap[symmetric] cap_get_tag_ReplyCap) apply (rule conjI) @@ -491,7 +491,7 @@ lemma handleInvocation_def2: lemma thread_state_to_tsType_eq_Restart: "(thread_state_to_tsType ts = scast ThreadState_Restart) = (ts = Restart)" - by (cases ts, simp_all add: "StrictC'_thread_state_defs") + by (cases ts, simp_all add: ThreadState_defs) lemma wordFromMessageInfo_spec: "\s. \\ {s} Call wordFromMessageInfo_'proc @@ -522,7 +522,7 @@ lemma handleDoubleFault_ccorres: apply (simp add: getRestartPC_def) apply wp apply clarsimp - apply (simp add: ThreadState_Inactive_def) + apply (simp add: ThreadState_defs) apply (fastforce simp: valid_tcb_state'_def) done @@ -902,7 +902,7 @@ lemma handleInvocation_ccorres: apply auto[1] apply clarsimp apply (clarsimp simp: guard_is_UNIV_def Collect_const_mem) - apply (simp add: "StrictC'_thread_state_defs" mask_def) + apply (simp add: ThreadState_defs mask_def) apply (simp add: typ_heap_simps) apply (case_tac ts, simp_all add: cthread_state_relation_def)[1] apply (clarsimp simp: guard_is_UNIV_def Collect_const_mem) diff --git a/proof/crefine/RISCV64/TcbAcc_C.thy b/proof/crefine/RISCV64/TcbAcc_C.thy index 87ce07b8a8..ee150308a3 100644 --- a/proof/crefine/RISCV64/TcbAcc_C.thy +++ b/proof/crefine/RISCV64/TcbAcc_C.thy @@ -89,22 +89,22 @@ lemma archThreadGet_eq: apply simp done -lemma get_tsType_ccorres [corres]: +lemma get_tsType_ccorres[corres]: "ccorres (\r r'. r' = thread_state_to_tsType r) ret__unsigned_longlong_' (tcb_at' thread) - (UNIV \ {s. thread_state_ptr_' s = Ptr &(tcb_ptr_to_ctcb_ptr thread\[''tcbState_C''])}) [] - (getThreadState thread) (Call thread_state_ptr_get_tsType_'proc)" + ({s. f s = tcb_ptr_to_ctcb_ptr thread} \ + {s. cslift s (Ptr &(f s\[''tcbState_C''])) = Some (thread_state_' s)}) [] + (getThreadState thread) (Call thread_state_get_tsType_'proc)" unfolding getThreadState_def - apply (rule ccorres_from_spec_modifies) - apply (rule thread_state_ptr_get_tsType_spec) - apply (rule thread_state_ptr_get_tsType_modifies) - apply simp - apply (frule (1) obj_at_cslift_tcb) - apply (clarsimp simp: typ_heap_simps) + apply (rule ccorres_from_spec_modifies [where P=\, simplified]) + apply (rule thread_state_get_tsType_spec) + apply (rule thread_state_get_tsType_modifies) + apply simp apply (frule (1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (rule bexI [rotated, OF threadGet_eq], assumption) apply simp - apply (erule ctcb_relation_thread_state_to_tsType) + apply (drule ctcb_relation_thread_state_to_tsType) + apply simp done lemma threadGet_obj_at2: diff --git a/proof/crefine/RISCV64/Tcb_C.thy b/proof/crefine/RISCV64/Tcb_C.thy index fecb1947de..b1ed7a22b0 100644 --- a/proof/crefine/RISCV64/Tcb_C.thy +++ b/proof/crefine/RISCV64/Tcb_C.thy @@ -1093,7 +1093,7 @@ lemma restart_ccorres: apply fastforce apply (rule ccorres_return_Skip) apply (wp hoare_drop_imps) - apply (auto simp: Collect_const_mem mask_def "StrictC'_thread_state_defs") + apply (auto simp: Collect_const_mem mask_def ThreadState_defs) done lemma setNextPC_ccorres: @@ -2110,7 +2110,7 @@ shows apply (rule allI, rule conseqPre, vcg) apply (clarsimp simp: return_def) apply (wp | simp add: valid_tcb_state'_def)+ - apply (clarsimp simp: ThreadState_Running_def mask_def) + apply (clarsimp simp: ThreadState_defs mask_def) apply (rule mapM_x_wp') apply (rule hoare_pre) apply (wp sch_act_wf_lift valid_queues_lift tcb_in_cur_domain'_lift) @@ -2177,8 +2177,7 @@ shows apply (rule ccorres_inst[where P=\ and P'=UNIV], simp) apply (simp add: performTransfer_def) apply wp - apply (simp add: Collect_const_mem "StrictC'_thread_state_defs" - mask_def) + apply (simp add: Collect_const_mem ThreadState_defs mask_def) apply vcg apply (rule_tac Q="\rv. invs' and st_tcb_at' ((=) Restart) thread and tcb_at' target" in hoare_post_imp) @@ -2298,7 +2297,7 @@ lemma decodeReadRegisters_ccorres: apply wp apply (vcg exspec=getSyscallArg_modifies) apply (clarsimp simp: Collect_const_mem rf_sr_ksCurThread - "StrictC'_thread_state_defs" word_sless_def word_sle_def + ThreadState_defs word_sless_def word_sle_def mask_eq_iff_w2p word_size isCap_simps ReadRegistersFlags_defs tcb_at_invs' cap_get_tag_isCap capTCBPtr_eq) @@ -2407,7 +2406,7 @@ lemma decodeWriteRegisters_ccorres: apply (vcg exspec=getSyscallArg_modifies) apply (clarsimp simp: Collect_const_mem ct_in_state'_def pred_tcb_at') apply (simp add: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) - apply (clarsimp simp: valid_cap'_def "StrictC'_thread_state_defs" + apply (clarsimp simp: valid_cap'_def ThreadState_defs mask_eq_iff_w2p word_size rf_sr_ksCurThread WriteRegisters_resume_def word_sle_def word_sless_def numeral_eqs) @@ -2543,7 +2542,7 @@ lemma decodeCopyRegisters_ccorres: elim!: pred_tcb'_weakenE dest!: st_tcb_at_idle_thread' interpret_excaps_eq)[1] apply (clarsimp simp: word_sle_def CopyRegistersFlags_defs word_sless_def - "StrictC'_thread_state_defs" rf_sr_ksCurThread + ThreadState_defs rf_sr_ksCurThread split: if_split) apply (drule interpret_excaps_eq) apply (clarsimp simp: mask_def excaps_map_def split_def ccap_rights_relation_def @@ -3128,7 +3127,7 @@ lemma decodeTCBConfigure_ccorres: ptr_val_tcb_ptr_mask2[unfolded mask_def objBits_defs, simplified] tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - StrictC'_thread_state_defs mask_eq_iff_w2p word_size + ThreadState_defs mask_eq_iff_w2p word_size from_bool_all_helper all_ex_eq_helper ucast_ucast_mask objBits_defs) apply (subgoal_tac "args \ [] \ extraCaps \ []") @@ -3177,7 +3176,7 @@ lemma decodeTCBConfigure_ccorres: capTCBPtr_eq tcb_ptr_to_ctcb_ptr_mask tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - StrictC'_thread_state_defs mask_eq_iff_w2p word_size + ThreadState_defs mask_eq_iff_w2p word_size from_bool_all_helper) apply (frule(1) tcb_at_h_t_valid [OF tcb_at_invs']) apply (clarsimp simp: typ_heap_simps numeral_eqs isCap_simps valid_cap'_def capAligned_def @@ -3314,7 +3313,7 @@ lemma decodeSetMCPriority_ccorres: elim!: obj_at'_weakenE pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (clarsimp simp: interpret_excaps_eq excaps_map_def) - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size option_to_0_def) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size option_to_0_def) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (clarsimp simp: valid_cap'_def capAligned_def interpret_excaps_eq excaps_map_def) @@ -3447,7 +3446,7 @@ lemma decodeSetPriority_ccorres: elim!: obj_at'_weakenE pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (clarsimp simp: interpret_excaps_eq excaps_map_def) - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size option_to_0_def) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size option_to_0_def) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (clarsimp simp: valid_cap'_def capAligned_def interpret_excaps_eq excaps_map_def) @@ -3625,7 +3624,7 @@ lemma decodeSetSchedParams_ccorres: elim!: obj_at'_weakenE pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (clarsimp simp: interpret_excaps_eq excaps_map_def) - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size option_to_0_def) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size option_to_0_def) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (clarsimp simp: valid_cap'_def capAligned_def interpret_excaps_eq excaps_map_def) @@ -3771,11 +3770,10 @@ lemma decodeSetIPCBuffer_ccorres: valid_mdb_ctes_def no_0_def excaps_map_def elim: pred_tcb'_weakenE dest!: st_tcb_at_idle_thread' dest!: interpret_excaps_eq)[1] - apply (clarsimp simp: option_to_0_def rf_sr_ksCurThread word_sless_def - word_sle_def ThreadState_Restart_def mask_def) + apply (clarsimp simp: option_to_0_def rf_sr_ksCurThread word_sless_def word_sle_def mask_def) apply (rule conjI[rotated], clarsimp+) apply (drule interpret_excaps_eq[rule_format, where n=0], simp add: excaps_map_Nil) - apply (simp add: mask_def "StrictC'_thread_state_defs" excaps_map_def) + apply (simp add: mask_def ThreadState_defs excaps_map_def) apply (clarsimp simp: ccap_rights_relation_def rightsFromWord_wordFromRights cap_get_tag_isCap) apply (frule cap_get_tag_to_H, subst cap_get_tag_isCap, assumption, assumption) @@ -3941,10 +3939,10 @@ lemma decodeUnbindNotification_ccorres: apply (clarsimp simp: isCap_simps) apply (frule cap_get_tag_isCap_unfolded_H_cap) apply (auto simp: ctcb_relation_def typ_heap_simps cap_get_tag_ThreadCap ct_in_state'_def - option_to_ptr_def option_to_0_def ThreadState_Restart_def - mask_def rf_sr_ksCurThread valid_tcb_state'_def - elim!: pred_tcb'_weakenE - dest!: valid_objs_boundNTFN_NULL) + option_to_ptr_def option_to_0_def ThreadState_defs + mask_def rf_sr_ksCurThread valid_tcb_state'_def + elim!: pred_tcb'_weakenE + dest!: valid_objs_boundNTFN_NULL) done lemma nTFN_case_If_ptr: @@ -4106,7 +4104,7 @@ lemma decodeBindNotification_ccorres: apply (clarsimp simp: throwError_def return_def syscall_error_rel_def syscall_error_to_H_cases exception_defs) apply (clarsimp simp add: guard_is_UNIV_def isWaitingNtfn_def - ThreadState_Restart_def mask_def + ThreadState_defs mask_def rf_sr_ksCurThread capTCBPtr_eq) apply (simp add: hd_conv_nth bindE_bind_linearise nTFN_case_If_ptr throwError_bind invocationCatch_def) apply (rule ccorres_from_vcg_split_throws[where P=\ and P'=UNIV]) @@ -4430,7 +4428,7 @@ lemma decodeSetSpace_ccorres: rightsFromWord_wordFromRights capTCBPtr_eq tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - "StrictC'_thread_state_defs" mask_eq_iff_w2p word_size) + ThreadState_defs mask_eq_iff_w2p word_size) apply (simp add: word_sle_def cap_get_tag_isCap) apply (subgoal_tac "args \ []") apply (clarsimp simp: hd_conv_nth) @@ -4513,7 +4511,7 @@ lemma decodeSetTLSBase_ccorres: apply (clarsimp simp: ct_in_state'_def sysargs_rel_n_def n_msgRegisters_def) apply (auto simp: valid_tcb_state'_def elim!: pred_tcb'_weakenE)[1] - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (auto simp: unat_eq_0 le_max_word_ucast_id)+ @@ -4665,8 +4663,7 @@ lemma decodeTCBInvocation_ccorres: dest!: st_tcb_at_idle_thread')[1] apply (simp split: sum.split add: cintr_def intr_and_se_rel_def exception_defs syscall_error_rel_def) - apply (simp add: "StrictC'_thread_state_defs" mask_eq_iff_w2p word_size - cap_get_tag_isCap) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size) apply (simp add: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply clarsimp done diff --git a/proof/crefine/X64/ADT_C.thy b/proof/crefine/X64/ADT_C.thy index 652c5279ef..d113aa6f15 100644 --- a/proof/crefine/X64/ADT_C.thy +++ b/proof/crefine/X64/ADT_C.thy @@ -783,11 +783,7 @@ lemma cthread_state_rel_imp_eq: "cthread_state_relation x z \ cthread_state_relation y z \ x=y" apply (simp add: cthread_state_relation_def split_def) apply (cases x) - apply (cases y, simp_all add: ThreadState_BlockedOnReceive_def - ThreadState_BlockedOnReply_def ThreadState_BlockedOnNotification_def - ThreadState_Running_def ThreadState_Inactive_def - ThreadState_IdleThreadState_def ThreadState_BlockedOnSend_def - ThreadState_Restart_def)+ + apply (cases y, simp_all add: ThreadState_defs)+ done lemma ksPSpace_valid_objs_tcbBoundNotification_nonzero: diff --git a/proof/crefine/X64/Arch_C.thy b/proof/crefine/X64/Arch_C.thy index e8e87ada5a..c0dd0e17ba 100644 --- a/proof/crefine/X64/Arch_C.thy +++ b/proof/crefine/X64/Arch_C.thy @@ -1278,7 +1278,7 @@ lemma decodeX64PageTableInvocation_ccorres: apply (auto dest: ctes_of_valid')[1] (* X64PageTableUnmap *) apply (rule conjI) - apply (fastforce simp: rf_sr_ksCurThread "StrictC'_thread_state_defs" + apply (fastforce simp: rf_sr_ksCurThread ThreadState_defs mask_eq_iff_w2p word_size ct_in_state'_def st_tcb_at'_def word_sle_def word_sless_def @@ -1312,7 +1312,7 @@ lemma decodeX64PageTableInvocation_ccorres: intro!: is_aligned_addrFromPPtr[simplified bit_simps, simplified] simp: vmsz_aligned_def cap_to_H_simps cap_page_table_cap_lift_def bit_simps capAligned_def) apply clarsimp - apply (rule conjI, clarsimp simp: ThreadState_Restart_def mask_def) + apply (rule conjI, clarsimp simp: ThreadState_defs mask_def) apply (rule conjI) (* ccap_relation *) apply (clarsimp simp: ccap_relation_def map_option_Some_eq2 cap_page_table_cap_lift[THEN iffD1] @@ -1338,7 +1338,7 @@ lemma decodeX64PageTableInvocation_ccorres: (* the below proof duplicates some of the sections above *) apply (clarsimp simp: pde_tag_defs pde_get_tag_def word_and_1) apply safe - apply (clarsimp simp: ThreadState_Restart_def mask_def) + apply (clarsimp simp: ThreadState_defs mask_def) (* ccap_relation *) apply (clarsimp simp: ccap_relation_def map_option_Some_eq2 cap_page_table_cap_lift[THEN iffD1] cap_to_H_simps asid_wf_def3[simplified asid_bits_def, simplified]) @@ -1847,7 +1847,7 @@ lemma performPageGetAddress_ccorres: apply clarsimp apply (vcg exspec=setRegister_modifies) apply wpsimp - apply (clarsimp simp: ThreadState_Running_def) + apply clarsimp apply (vcg exspec=lookupIPCBuffer_modifies) apply clarsimp apply vcg @@ -1860,7 +1860,7 @@ lemma performPageGetAddress_ccorres: apply (cases isCall) apply (auto simp: X64.badgeRegister_def X64_H.badgeRegister_def Kernel_C.badgeRegister_def X64.capRegister_def Kernel_C.RDI_def Kernel_C.RSI_def fromPAddr_def - ThreadState_Running_def pred_tcb_at'_def obj_at'_def ct_in_state'_def) + ThreadState_defs pred_tcb_at'_def obj_at'_def ct_in_state'_def) done lemma vmsz_aligned_addrFromPPtr': @@ -2224,7 +2224,7 @@ lemma decodeX86ModeMapPage_ccorres: apply (simp add: all_ex_eq_helper) apply (vcg exspec=createSafeMappingEntries_PDPTE_modifies) by (clarsimp simp: invs_valid_objs' tcb_at_invs' vmsz_aligned_addrFromPPtr' invs_queues - valid_tcb_state'_def invs_sch_act_wf' ThreadState_Restart_def rf_sr_ksCurThread + valid_tcb_state'_def invs_sch_act_wf' ThreadState_defs rf_sr_ksCurThread arch_invocation_label_defs mask_def isCap_simps) lemma valid_cap'_PageCap_kernel_mappings: @@ -2677,7 +2677,7 @@ lemma decodeX64FrameInvocation_ccorres: (Some (y, a)))) cap}" and A' = "{}" in conseqPost) apply (vcg exspec=createSafeMappingEntries_PTE_modifies) - apply (clarsimp simp: ThreadState_Restart_def mask_def rf_sr_ksCurThread + apply (clarsimp simp: ThreadState_defs mask_def rf_sr_ksCurThread isCap_simps cap_pml4_cap_lift get_capPtr_CL_def ccap_relation_PML4Cap_BasePtr) apply clarsimp @@ -2712,7 +2712,7 @@ lemma decodeX64FrameInvocation_ccorres: (Some (y, a)))) cap}" and A' = "{}" in conseqPost) apply (vcg exspec=createSafeMappingEntries_PDE_modifies) - apply (clarsimp simp: ThreadState_Restart_def mask_def rf_sr_ksCurThread + apply (clarsimp simp: ThreadState_defs mask_def rf_sr_ksCurThread isCap_simps cap_pml4_cap_lift get_capPtr_CL_def ccap_relation_PML4Cap_BasePtr) apply clarsimp @@ -2812,7 +2812,7 @@ lemma decodeX64FrameInvocation_ccorres: (* C side *) - apply (clarsimp simp: rf_sr_ksCurThread "StrictC'_thread_state_defs" mask_eq_iff_w2p + apply (clarsimp simp: rf_sr_ksCurThread ThreadState_defs mask_eq_iff_w2p word_size word_less_nat_alt from_bool_0 excaps_map_def cte_wp_at_ctes_of n_msgRegisters_def) apply (frule(1) ctes_of_valid') @@ -3265,7 +3265,7 @@ lemma decodeX64PageDirectoryInvocation_ccorres: slotcap_in_mem_def) apply (auto dest: ctes_of_valid')[1] apply (rule conjI) - apply (clarsimp simp: rf_sr_ksCurThread "StrictC'_thread_state_defs" + apply (clarsimp simp: rf_sr_ksCurThread ThreadState_defs mask_eq_iff_w2p word_size ct_in_state'_def st_tcb_at'_def word_sle_def word_sless_def @@ -3298,7 +3298,7 @@ lemma decodeX64PageDirectoryInvocation_ccorres: intro!: is_aligned_addrFromPPtr[simplified bit_simps, simplified] simp: vmsz_aligned_def cap_to_H_simps cap_page_directory_cap_lift_def bit_simps capAligned_def) apply clarsimp - apply (rule conjI, clarsimp simp: ThreadState_Restart_def mask_def) + apply (rule conjI, clarsimp simp: ThreadState_defs mask_def) (* ccap_relation *) apply (rule conjI) apply (clarsimp simp: ccap_relation_def map_option_Some_eq2 cap_page_directory_cap_lift[THEN iffD1] @@ -3328,7 +3328,7 @@ lemma decodeX64PageDirectoryInvocation_ccorres: context_conjI creates a mess, separate lemmas would be a bit unwieldy *) apply safe - apply (clarsimp simp: ThreadState_Restart_def mask_def) + apply (clarsimp simp: ThreadState_defs mask_def) (* ccap_relation *) apply (clarsimp simp: ccap_relation_def map_option_Some_eq2 cap_page_directory_cap_lift[THEN iffD1] cap_to_H_simps asid_wf_def3[simplified asid_bits_def, simplified]) @@ -3708,7 +3708,7 @@ lemma decodeX64PDPTInvocation_ccorres: elim!: pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (auto simp: neq_Nil_conv excaps_in_mem_def slotcap_in_mem_def)[1] apply (rule conjI) - apply (fastforce simp: rf_sr_ksCurThread "StrictC'_thread_state_defs" + apply (fastforce simp: rf_sr_ksCurThread ThreadState_defs mask_eq_iff_w2p word_size ct_in_state'_def st_tcb_at'_def word_sle_def word_sless_def @@ -3741,7 +3741,7 @@ lemma decodeX64PDPTInvocation_ccorres: apply (clarsimp simp: get_capMappedASID_CL_def) apply (subst cap_lift_PML4Cap_Base[symmetric]; (assumption | rule sym, assumption)) apply (clarsimp simp: rf_sr_ksCurThread) - apply (rule conjI, fastforce simp: ThreadState_Restart_def mask_def) + apply (rule conjI, fastforce simp: ThreadState_defs mask_def) (* ccap_relation *) apply (rule conjI) apply (erule ccap_relationE[where c="ArchObjectCap (PDPointerTableCap _ _)"]) @@ -4060,7 +4060,7 @@ lemma decodeX64MMUInvocation_ccorres: apply (rule_tac Q'=UNIV and A'="{}" in conseqPost) apply (vcg exspec=ensureEmptySlot_modifies) apply (frule length_ineq_not_Nil) - apply (clarsimp simp: null_def ThreadState_Restart_def mask_def hd_conv_nth + apply (clarsimp simp: null_def ThreadState_defs mask_def hd_conv_nth isCap_simps rf_sr_ksCurThread cap_get_tag_UntypedCap word_le_make_less asid_high_bits_def split: list.split) @@ -4430,8 +4430,7 @@ lemma decodeX64MMUInvocation_ccorres: elim!: pred_tcb'_weakenE)[1] apply (clarsimp simp: cte_wp_at_ctes_of asidHighBits_handy_convs word_sle_def word_sless_def asidLowBits_handy_convs - rf_sr_ksCurThread "StrictC'_thread_state_defs" - mask_def[where n=4] + rf_sr_ksCurThread ThreadState_defs mask_def[where n=4] cong: if_cong) apply (clarsimp simp: ccap_relation_isDeviceCap2 objBits_simps archObjSize_def pageBits_def case_bool_If) @@ -4619,7 +4618,7 @@ lemma invokeX86PortIn8_ccorres: apply clarsimp apply (vcg exspec=setRegister_modifies) apply wpsimp - apply (clarsimp simp: ThreadState_Running_def) + apply clarsimp apply (vcg exspec=lookupIPCBuffer_modifies) apply (wpsimp wp: hoare_vcg_imp_lift hoare_vcg_all_lift) apply (vcg exspec=in8_modifies) @@ -4627,11 +4626,11 @@ lemma invokeX86PortIn8_ccorres: apply (rule conseqPre, vcg) apply clarsimp by (auto simp: ct_in_state'_def pred_tcb_at'_def obj_at'_def projectKOs - ThreadState_Running_def mask_def rf_sr_ksCurThread - X64_H.badgeRegister_def X64.badgeRegister_def "StrictC'_register_defs" - X64.capRegister_def msgRegisters_unfold message_info_to_H_def - msgRegisters_ccorres[where n=0, simplified n_msgRegisters_def, - simplified, symmetric]) + ThreadState_defs mask_def rf_sr_ksCurThread + X64_H.badgeRegister_def X64.badgeRegister_def "StrictC'_register_defs" + X64.capRegister_def msgRegisters_unfold message_info_to_H_def + msgRegisters_ccorres[where n=0, simplified n_msgRegisters_def, + simplified, symmetric]) lemma invokeX86PortIn16_ccorres: notes Collect_const[simp del] @@ -4707,7 +4706,7 @@ lemma invokeX86PortIn16_ccorres: apply clarsimp apply (vcg exspec=setRegister_modifies) apply wpsimp - apply (clarsimp simp: ThreadState_Running_def) + apply clarsimp apply (vcg exspec=lookupIPCBuffer_modifies) apply (wpsimp wp: hoare_vcg_imp_lift hoare_vcg_all_lift) apply (vcg exspec=in16_modifies) @@ -4715,11 +4714,11 @@ lemma invokeX86PortIn16_ccorres: apply (rule conseqPre, vcg) apply clarsimp by (auto simp: ct_in_state'_def pred_tcb_at'_def obj_at'_def projectKOs - ThreadState_Running_def mask_def rf_sr_ksCurThread - X64_H.badgeRegister_def X64.badgeRegister_def "StrictC'_register_defs" - X64.capRegister_def msgRegisters_unfold message_info_to_H_def - msgRegisters_ccorres[where n=0, simplified n_msgRegisters_def, - simplified, symmetric]) + ThreadState_defs mask_def rf_sr_ksCurThread + X64_H.badgeRegister_def X64.badgeRegister_def "StrictC'_register_defs" + X64.capRegister_def msgRegisters_unfold message_info_to_H_def + msgRegisters_ccorres[where n=0, simplified n_msgRegisters_def, + simplified, symmetric]) lemma invokeX86PortIn32_ccorres: notes Collect_const[simp del] @@ -4793,7 +4792,7 @@ lemma invokeX86PortIn32_ccorres: apply clarsimp apply (vcg exspec=setRegister_modifies) apply wpsimp - apply (clarsimp simp: ThreadState_Running_def) + apply clarsimp apply (vcg exspec=lookupIPCBuffer_modifies) apply (wpsimp wp: hoare_vcg_imp_lift hoare_vcg_all_lift) apply (vcg exspec=in32_modifies) @@ -4801,11 +4800,11 @@ lemma invokeX86PortIn32_ccorres: apply (rule conseqPre, vcg) apply clarsimp by (auto simp: ct_in_state'_def pred_tcb_at'_def obj_at'_def projectKOs - ThreadState_Running_def mask_def rf_sr_ksCurThread - X64_H.badgeRegister_def X64.badgeRegister_def "StrictC'_register_defs" - X64.capRegister_def msgRegisters_unfold message_info_to_H_def - msgRegisters_ccorres[where n=0, simplified n_msgRegisters_def, - simplified, symmetric]) + ThreadState_defs mask_def rf_sr_ksCurThread + X64_H.badgeRegister_def X64.badgeRegister_def "StrictC'_register_defs" + X64.capRegister_def msgRegisters_unfold message_info_to_H_def + msgRegisters_ccorres[where n=0, simplified n_msgRegisters_def, + simplified, symmetric]) lemma invokeX86PortOut8_ccorres: notes Collect_const[simp del] @@ -5390,7 +5389,7 @@ proof - apply (clarsimp simp: ct_in_state'_def) apply (rule_tac P="UNIV" in conseqPre) apply (simp add: all_ex_eq_helper, vcg exspec=getSyscallArg_modifies) - apply (clarsimp simp: interpret_excaps_eq rf_sr_ksCurThread ThreadState_Restart_def mask_def) + apply (clarsimp simp: interpret_excaps_eq rf_sr_ksCurThread ThreadState_defs mask_def) apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def) apply clarsimp apply (rule conjI, clarsimp simp: sysargs_rel_to_n dest!: unat_length_4_helper) @@ -5729,10 +5728,9 @@ proof - apply (clarsimp simp: syscall_error_to_H_cases) apply (clarsimp simp: arch_invocation_label_defs sysargs_rel_to_n valid_tcb_state'_def tcb_at_invs' invs_queues invs_sch_act_wf' ct_active_st_tcb_at_minor' rf_sr_ksCurThread - ThreadState_Restart_def mask_def ucast_mask_drop[where n=16, simplified mask_def, simplified]) apply (safe, simp_all add: unat_eq_0 unat_eq_1) - apply (clarsimp dest!: unat_length_2_helper simp: ThreadState_Restart_def mask_def syscall_error_rel_def + apply (clarsimp dest!: unat_length_2_helper simp: ThreadState_defs mask_def syscall_error_rel_def | (thin_tac "P" for P)+, word_bitwise)+ done qed diff --git a/proof/crefine/X64/Finalise_C.thy b/proof/crefine/X64/Finalise_C.thy index 2172200432..c9d67ec922 100644 --- a/proof/crefine/X64/Finalise_C.thy +++ b/proof/crefine/X64/Finalise_C.thy @@ -240,10 +240,8 @@ next sts_running_valid_queues sts_st_tcb' setThreadState_oa_queued | simp)+ apply (vcg exspec=setThreadState_cslift_spec exspec=tcbSchedEnqueue_cslift_spec) - apply (clarsimp simp: tcb_at_not_NULL - Collect_const_mem valid_tcb_state'_def - ThreadState_Restart_def mask_def - valid_objs'_maxDomain valid_objs'_maxPriority) + apply (clarsimp simp: tcb_at_not_NULL Collect_const_mem valid_tcb_state'_def + ThreadState_defs mask_def valid_objs'_maxDomain valid_objs'_maxPriority) apply (drule(1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (rule conjI) @@ -625,7 +623,7 @@ lemma suspend_ccorres: apply clarsimp apply (rule iffI) apply simp - apply (erule thread_state_to_tsType.elims; simp add: StrictC'_thread_state_defs) + apply (erule thread_state_to_tsType.elims; simp add: ThreadState_defs) apply (ctac (no_vcg) add: updateRestartPC_ccorres) apply (rule ccorres_return_Skip) apply ceqv @@ -660,7 +658,7 @@ lemma suspend_ccorres: apply (rule delete_one_conc_fr.cancelIPC_invs) apply (fastforce simp: invs_valid_queues' invs_queues invs_valid_objs' valid_tcb_state'_def) - apply (auto simp: "StrictC'_thread_state_defs") + apply (auto simp: ThreadState_defs) done lemma cap_to_H_NTFNCap_tag: diff --git a/proof/crefine/X64/Interrupt_C.thy b/proof/crefine/X64/Interrupt_C.thy index f84f8f8825..f623cebd71 100644 --- a/proof/crefine/X64/Interrupt_C.thy +++ b/proof/crefine/X64/Interrupt_C.thy @@ -230,7 +230,7 @@ lemma decodeIRQHandlerInvocation_ccorres: apply (clarsimp simp: Collect_const_mem neq_Nil_conv dest!: interpret_excaps_eq) apply (simp add: rf_sr_ksCurThread if_1_0_0 mask_def[where n=4] - "StrictC'_thread_state_defs" cap_get_tag_isCap excaps_map_def + ThreadState_defs cap_get_tag_isCap excaps_map_def word_sless_def word_sle_def) apply (simp add: invocationCatch_def throwError_bind interpret_excaps_test_null Collect_True @@ -261,8 +261,7 @@ lemma decodeIRQHandlerInvocation_ccorres: apply (clarsimp simp: invs_queues invs_valid_objs' ct_in_state'_def ccap_rights_relation_def - mask_def[where n=4] - "StrictC'_thread_state_defs") + mask_def[where n=4] ThreadState_defs) apply (subst pred_tcb'_weakenE, assumption, fastforce)+ apply (clarsimp simp: rf_sr_ksCurThread word_sle_def word_sless_def sysargs_rel_n_def word_less_nat_alt) @@ -998,7 +997,7 @@ from assms show ?thesis split: Product_Type.prod.split) apply (auto simp: invs_queues invs_valid_objs' ct_in_state'_def irqIntOffset_def ccap_rights_relation_def mask_def[where n=4] - "StrictC'_thread_state_defs" rf_sr_ksCurThread cte_wp_at_ctes_of + ThreadState_defs rf_sr_ksCurThread cte_wp_at_ctes_of sysargs_rel_def sysargs_rel_n_def excaps_map_def excaps_in_mem_def slotcap_in_mem_def valid_tcb_state'_def word_less_nat_alt @@ -1150,9 +1149,8 @@ lemma decodeIRQControlInvocation_ccorres: apply wp apply (vcg exspec=Arch_decodeIRQControlInvocation_modifies) apply (simp add: syscall_error_to_H_cases) - apply (clarsimp simp: if_1_0_0 interpret_excaps_test_null excaps_map_def + apply (clarsimp simp: interpret_excaps_test_null excaps_map_def Collect_const_mem word_sless_def word_sle_def - ThreadState_Restart_def unat_of_nat mask_def cong: if_cong) apply (rule conjI) apply (cut_tac unat_lt2p[where x="args ! 2"]) @@ -1167,9 +1165,7 @@ lemma decodeIRQControlInvocation_ccorres: apply (clarsimp simp: neq_Nil_conv numeral_eqs[symmetric] word_sle_def word_sless_def) apply (drule interpret_excaps_eq[rule_format, where n=0], simp) - apply (clarsimp simp: "StrictC'_thread_state_defs" - rf_sr_ksCurThread ccap_rights_relation_def - rightsFromWord_wordFromRights) + apply (clarsimp simp: rf_sr_ksCurThread ccap_rights_relation_def rightsFromWord_wordFromRights) done end end diff --git a/proof/crefine/X64/Invoke_C.thy b/proof/crefine/X64/Invoke_C.thy index 7b6418b903..55ed9207d4 100644 --- a/proof/crefine/X64/Invoke_C.thy +++ b/proof/crefine/X64/Invoke_C.thy @@ -198,7 +198,7 @@ lemma decodeDomainInvocation_ccorres: apply (clarsimp simp: valid_tcb_state'_def invs_valid_queues' invs_valid_objs' invs_queues invs_sch_act_wf' ct_in_state'_def pred_tcb_at' rf_sr_ksCurThread word_sle_def word_sless_def sysargs_rel_to_n - mask_eq_iff_w2p mask_eq_iff_w2p word_size "StrictC'_thread_state_defs") + mask_eq_iff_w2p mask_eq_iff_w2p word_size ThreadState_defs) apply (rule conjI) apply (clarsimp simp: linorder_not_le isCap_simps) apply (rule conjI, clarsimp simp: unat64_eq_of_nat) @@ -1363,7 +1363,7 @@ lemma decodeCNodeInvocation_ccorres: apply (frule interpret_excaps_eq) apply (clarsimp simp: excaps_map_def mask_def[where n=4] ccap_rights_relation_def rightsFromWord_wordFromRights - "StrictC'_thread_state_defs" map_comp_Some_iff + ThreadState_defs map_comp_Some_iff rf_sr_ksCurThread hd_conv_nth hd_drop_conv_nth) apply ((rule conjI | clarsimp simp: rightsFromWord_wordFromRights @@ -3282,8 +3282,7 @@ lemma decodeUntypedInvocation_ccorres_helper: unat_of_nat_APIType_capBits word_size hd_conv_nth length_ineq_not_Nil not_less word_le_nat_alt isCap_simps valid_cap_simps') apply (strengthen word_of_nat_less) - apply (clarsimp simp: StrictC'_thread_state_defs mask_def - ccap_relation_isDeviceCap2 + apply (clarsimp simp: ThreadState_defs mask_def ccap_relation_isDeviceCap2 split: if_split) apply (clarsimp simp: not_less shiftr_overflow maxUntypedSizeBits_def unat_of_nat_APIType_capBits) @@ -3389,8 +3388,7 @@ lemma decodeUntypedInvocation_ccorres_helper: apply (clarsimp simp: hd_drop_conv_nth2 hd_conv_nth neq_Nil_lengthI ct_in_state'_def pred_tcb_at' rf_sr_ksCurThread mask_eq_iff_w2p - "StrictC'_thread_state_defs" numeral_eqs[symmetric] - cap_get_tag_isCap cte_wp_at_ctes_of + numeral_eqs[symmetric] cap_get_tag_isCap cte_wp_at_ctes_of unat_eq_0 ccHoarePost_def) apply (rule conjI) apply (clarsimp simp: linorder_not_less isCap_simps) diff --git a/proof/crefine/X64/IpcCancel_C.thy b/proof/crefine/X64/IpcCancel_C.thy index b8a475cf6d..dc119f4023 100644 --- a/proof/crefine/X64/IpcCancel_C.thy +++ b/proof/crefine/X64/IpcCancel_C.thy @@ -439,7 +439,7 @@ lemma isStopped_ccorres [corres]: apply clarsimp apply (clarsimp simp: typ_heap_simps ctcb_relation_thread_state_to_tsType split: thread_state.splits) - apply (simp add: "StrictC'_thread_state_defs")+ + apply (simp add: ThreadState_defs)+ done lemma isRunnable_ccorres [corres]: @@ -467,7 +467,7 @@ lemma isRunnable_ccorres [corres]: apply (clarsimp) apply (clarsimp simp: typ_heap_simps ctcb_relation_thread_state_to_tsType split: thread_state.splits) - apply (simp add: "StrictC'_thread_state_defs")+ + apply (simp add: ThreadState_defs)+ done @@ -2419,7 +2419,7 @@ lemma scheduleTCB_ccorres': apply (clarsimp simp: typ_heap_simps) apply (subgoal_tac "ksSchedulerAction \ = ResumeCurrentThread") apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def cscheduler_action_relation_def tcb_at_not_NULL split: scheduler_action.split_asm) @@ -2473,7 +2473,7 @@ lemma scheduleTCB_ccorres_valid_queues'_pre: apply (drule (1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def weak_sch_act_wf_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (fold_subgoals (prefix))[6] subgoal premises prems using prems by (clarsimp simp: rf_sr_def cstate_relation_def Let_def @@ -2567,7 +2567,7 @@ lemma scheduleTCB_ccorres_valid_queues'_pre_simple: apply (clarsimp simp: typ_heap_simps) apply (subgoal_tac "ksSchedulerAction \ = ResumeCurrentThread") apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: "StrictC'_thread_state_defs")[1] + apply (case_tac "tcbState ko", simp_all add: ThreadState_defs)[1] apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def cscheduler_action_relation_def tcb_at_not_NULL @@ -2662,11 +2662,11 @@ lemma cancelSignal_ccorres [corres]: apply (ctac (no_vcg) add: cancelSignal_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply ((wp setNotification_nosch setNotification_ksQ hoare_vcg_all_lift set_ntfn_valid_objs' | simp add: valid_tcb_state'_def split del: if_split)+)[1] - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply (rule conjI, clarsimp, rule conjI, clarsimp) apply (frule (1) ko_at_valid_ntfn'[OF _ invs_valid_objs']) subgoal by ((auto simp: obj_at'_def projectKOs st_tcb_at'_def invs'_def valid_state'_def - isTS_defs cte_wp_at_ctes_of "StrictC'_thread_state_defs" + isTS_defs cte_wp_at_ctes_of cthread_state_relation_def sch_act_wf_weak valid_ntfn'_def dest!: valid_queues_not_runnable'_not_ksQ[where t=thread] | clarsimp simp: eq_commute)+) @@ -2674,7 +2674,7 @@ lemma cancelSignal_ccorres [corres]: apply (frule (1) ko_at_valid_ntfn'[OF _ invs_valid_objs']) apply (frule (2) ntfn_blocked_in_queueD) by (auto simp: obj_at'_def projectKOs st_tcb_at'_def invs'_def valid_state'_def - isTS_defs cte_wp_at_ctes_of "StrictC'_thread_state_defs" valid_ntfn'_def + isTS_defs cte_wp_at_ctes_of valid_ntfn'_def cthread_state_relation_def sch_act_wf_weak isWaitingNtfn_def dest!: valid_queues_not_runnable'_not_ksQ[where t=thread] split: ntfn.splits option.splits @@ -3120,7 +3120,7 @@ lemma cancelIPC_ccorres1: apply (rule_tac P="rv' = thread_state_to_tsType rv" in ccorres_gen_asm2) apply wpc \ \BlockedOnReceive\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs cong: call_ignore_cong) + apply (simp add: word_sle_def ccorres_cond_iffs cong: call_ignore_cong) apply (rule ccorres_rhs_assoc)+ apply csymbr apply csymbr @@ -3136,7 +3136,7 @@ lemma cancelIPC_ccorres1: apply (ctac (no_vcg) add: cancelIPC_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply (wp hoare_vcg_all_lift set_ep_valid_objs' | simp add: valid_tcb_state'_def split del: if_split)+ - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply vcg apply (rule conseqPre, vcg) apply clarsimp @@ -3146,7 +3146,7 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \BlockedOnReply case\ - apply (simp add: "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: ThreadState_defs ccorres_cond_iffs Collect_False Collect_True word_sle_def cong: call_ignore_cong del: Collect_const) apply (rule ccorres_rhs_assoc)+ @@ -3206,7 +3206,7 @@ lemma cancelIPC_ccorres1: apply (clarsimp simp add: guard_is_UNIV_def tcbReplySlot_def Kernel_C.tcbReply_def tcbCNodeEntries_def) \ \BlockedOnNotification\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong) apply (rule ccorres_symb_exec_r) apply (ctac (no_vcg)) @@ -3216,11 +3216,11 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \Running, Inactive, and Idle\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong, rule ccorres_return_Skip)+ \ \BlockedOnSend\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ccorres_cond_iffs cong: call_ignore_cong) \ \clag\ apply (rule ccorres_rhs_assoc)+ @@ -3237,7 +3237,7 @@ lemma cancelIPC_ccorres1: apply (ctac (no_vcg) add: cancelIPC_ccorres_helper) apply (ctac add: setThreadState_ccorres_valid_queues') apply (wp hoare_vcg_all_lift set_ep_valid_objs' | simp add: valid_tcb_state'_def split del:if_split)+ - apply (simp add: "StrictC'_thread_state_defs") + apply (simp add: ThreadState_defs) apply clarsimp apply (rule conseqPre, vcg, rule subset_refl) apply (rule conseqPre, vcg) @@ -3247,7 +3247,7 @@ lemma cancelIPC_ccorres1: apply (rule conseqPre, vcg) apply clarsimp \ \Restart\ - apply (simp add: word_sle_def "StrictC'_thread_state_defs" ccorres_cond_iffs + apply (simp add: word_sle_def ThreadState_defs ccorres_cond_iffs cong: call_ignore_cong, rule ccorres_return_Skip) \ \Post wp proofs\ diff --git a/proof/crefine/X64/Ipc_C.thy b/proof/crefine/X64/Ipc_C.thy index 4e856790ca..95f28b0a2e 100644 --- a/proof/crefine/X64/Ipc_C.thy +++ b/proof/crefine/X64/Ipc_C.thy @@ -4271,9 +4271,7 @@ proof - apply ((wp threadSet_valid_queues threadSet_sch_act threadSet_valid_queues' hoare_weak_lift_imp threadSet_valid_objs' threadSet_weak_sch_act_wf | simp add: valid_tcb_state'_def)+)[1] - apply (clarsimp simp: guard_is_UNIV_def ThreadState_Restart_def - ThreadState_Inactive_def mask_def - option_to_ctcb_ptr_def) + apply (clarsimp simp: guard_is_UNIV_def ThreadState_defs mask_def option_to_ctcb_ptr_def) apply (rule_tac Q="\rv. valid_queues and tcb_at' receiver and valid_queues' and valid_objs' and sch_act_simple and (\s. ksCurDomain s \ maxDomain) and @@ -4295,7 +4293,7 @@ proof - apply (simp(no_asm_use) add: gs_set_assn_Delete_cstate_relation[unfolded o_def] subset_iff rf_sr_def) apply (clarsimp simp: guard_is_UNIV_def option_to_ptr_def option_to_0_def - ThreadState_Running_def mask_def + ThreadState_defs mask_def ghost_assertion_data_get_def ghost_assertion_data_set_def cap_tag_defs option_to_ctcb_ptr_def split: option.splits) @@ -4389,7 +4387,7 @@ lemma setupCallerCap_ccorres [corres]: Kernel_C.tcbCaller_def) apply simp apply wp - apply (clarsimp simp: Kernel_C.ThreadState_BlockedOnReply_def mask_def + apply (clarsimp simp: ThreadState_defs mask_def valid_pspace'_def tcbReplySlot_def valid_tcb_state'_def Collect_const_mem tcb_cnode_index_defs) @@ -4606,7 +4604,7 @@ lemma sendIPC_block_ccorres_helper: (simp add: typ_heap_simps')+)[1] apply (simp add: tcb_cte_cases_def) apply (simp add: ctcb_relation_def cthread_state_relation_def - ThreadState_BlockedOnSend_def mask_def) + ThreadState_defs mask_def) apply (clarsimp simp: canonical_address_sign_extended sign_extended_iff_sign_extend split: bool.split) apply ceqv @@ -5035,9 +5033,8 @@ lemma sendIPC_ccorres [corres]: set_ep_valid_objs' setEndpoint_valid_mdb' | wp (once) hoare_drop_imp | strengthen sch_act_wf_weak)+ - apply (fastforce simp: guard_is_UNIV_def ThreadState_Inactive_def Collect_const_mem - ThreadState_Running_def mask_def - option_to_ptr_def option_to_0_def + apply (fastforce simp: guard_is_UNIV_def ThreadState_defs Collect_const_mem mask_def + option_to_ptr_def option_to_0_def split: bool.split_asm) \ \IdleEP case\ @@ -5192,7 +5189,7 @@ lemma receiveIPC_block_ccorres_helper: apply (erule(1) rf_sr_tcb_update_no_queue_gen, (simp add: typ_heap_simps)+) apply (simp add: tcb_cte_cases_def) apply (simp add: ctcb_relation_def cthread_state_relation_def ccap_relation_ep_helpers - ThreadState_BlockedOnReceive_def mask_def cap_get_tag_isCap) + ThreadState_defs mask_def cap_get_tag_isCap) apply (clarsimp simp: canonical_address_sign_extended sign_extended_iff_sign_extend) apply ceqv apply clarsimp @@ -5821,9 +5818,8 @@ lemma receiveIPC_ccorres [corres]: apply (ctac add: possibleSwitchTo_ccorres) apply (wpsimp wp: sts_st_tcb' sts_valid_queues) apply (vcg exspec=setThreadState_modifies) - apply (fastforce simp: guard_is_UNIV_def ThreadState_Inactive_def - mask_def ThreadState_Running_def cap_get_tag_isCap - ccap_relation_ep_helpers) + apply (fastforce simp: guard_is_UNIV_def ThreadState_defs mask_def + cap_get_tag_isCap ccap_relation_ep_helpers) apply (clarsimp simp: valid_tcb_state'_def) apply (rule_tac Q="\_. valid_pspace' and valid_queues and st_tcb_at' ((=) sendState) sender and tcb_at' thread @@ -6154,11 +6150,9 @@ lemma sendSignal_ccorres [corres]: apply (clarsimp simp: guard_is_UNIV_def option_to_ctcb_ptr_def X64_H.badgeRegister_def Kernel_C.badgeRegister_def X64.badgeRegister_def X64.capRegister_def - Kernel_C.RDI_def - "StrictC'_thread_state_defs"less_mask_eq - Collect_const_mem) + Kernel_C.RDI_def ThreadState_defs less_mask_eq Collect_const_mem) apply (case_tac ts, simp_all add: receiveBlocked_def typ_heap_simps - cthread_state_relation_def "StrictC'_thread_state_defs")[1] + cthread_state_relation_def ThreadState_defs)[1] \ \ActiveNtfn case\ apply (rename_tac old_badge) apply (rule ccorres_cond_false) @@ -6218,7 +6212,7 @@ lemma sendSignal_ccorres [corres]: sts_valid_queues tcb_in_cur_domain'_lift)[1] apply (wp sts_valid_queues sts_runnable) apply (wp setThreadState_st_tcb set_ntfn_valid_objs' | clarsimp)+ - apply (clarsimp simp: guard_is_UNIV_def ThreadState_Running_def mask_def + apply (clarsimp simp: guard_is_UNIV_def ThreadState_defs mask_def badgeRegister_def Kernel_C.badgeRegister_def X64.badgeRegister_def X64.capRegister_def Kernel_C.RDI_def) apply (clarsimp simp: guard_is_UNIV_def NtfnState_Idle_def @@ -6274,7 +6268,7 @@ lemma receiveSignal_block_ccorres_helper: (simp add: typ_heap_simps')+) apply (simp add: tcb_cte_cases_def) apply (simp add: ctcb_relation_def cthread_state_relation_def - ThreadState_BlockedOnNotification_def mask_def) + ThreadState_defs mask_def) apply (clarsimp simp: canonical_address_sign_extended sign_extended_iff_sign_extend) apply ceqv apply clarsimp diff --git a/proof/crefine/X64/Recycle_C.thy b/proof/crefine/X64/Recycle_C.thy index 1ef25598af..7abc411aca 100644 --- a/proof/crefine/X64/Recycle_C.thy +++ b/proof/crefine/X64/Recycle_C.thy @@ -848,7 +848,7 @@ lemma ctcb_relation_blocking_ipc_badge: apply (simp add: isBlockedOnSend_def split: Structures_H.thread_state.split_asm) apply (clarsimp simp: cthread_state_relation_def) apply (clarsimp simp add: ctcb_relation_def cthread_state_relation_def) - apply (cases "tcbState tcb", simp_all add: "StrictC'_thread_state_defs") + apply (cases "tcbState tcb", simp_all add: ThreadState_defs) done lemma cendpoint_relation_q_cong: @@ -1130,7 +1130,7 @@ lemma cancelBadgedSends_ccorres: apply (clarsimp simp: typ_heap_simps st_tcb_at'_def) apply (drule(1) obj_at_cslift_tcb) apply (clarsimp simp: ctcb_relation_blocking_ipc_badge) - apply (rule conjI, simp add: "StrictC'_thread_state_defs" mask_def) + apply (rule conjI, simp add: ThreadState_defs mask_def) apply (rule conjI) apply clarsimp apply (frule rf_sr_cscheduler_relation) diff --git a/proof/crefine/X64/Refine_C.thy b/proof/crefine/X64/Refine_C.thy index dc9c04e2aa..36701dd201 100644 --- a/proof/crefine/X64/Refine_C.thy +++ b/proof/crefine/X64/Refine_C.thy @@ -737,15 +737,7 @@ lemma ct_running'_C: apply (frule (1) map_to_ko_atI') apply (erule obj_at'_weakenE) apply (clarsimp simp: ctcb_relation_def cthread_state_relation_def) - apply (case_tac "tcbState ko", simp_all add: - ThreadState_Running_def - ThreadState_BlockedOnReceive_def - ThreadState_BlockedOnSend_def - ThreadState_BlockedOnReply_def - ThreadState_BlockedOnNotification_def - ThreadState_Inactive_def - ThreadState_IdleThreadState_def - ThreadState_Restart_def) + apply (case_tac "tcbState ko"; simp add: ThreadState_defs) done lemma full_invs_both: diff --git a/proof/crefine/X64/Retype_C.thy b/proof/crefine/X64/Retype_C.thy index ba09bf95e1..66f30e5948 100644 --- a/proof/crefine/X64/Retype_C.thy +++ b/proof/crefine/X64/Retype_C.thy @@ -3904,7 +3904,7 @@ proof - apply (simp add: fbtcb minBound_word) apply (intro conjI) apply (simp add: cthread_state_relation_def thread_state_lift_def - eval_nat_numeral ThreadState_Inactive_def) + eval_nat_numeral ThreadState_defs) apply (clarsimp simp: ccontext_relation_def newContext_def2 carch_tcb_relation_def newArchTCB_def cregs_relation_def atcbContextGet_def fpu_relation_def) apply (case_tac r; simp add: C_register_defs index_foldr_update diff --git a/proof/crefine/X64/SR_lemmas_C.thy b/proof/crefine/X64/SR_lemmas_C.thy index 8263af60a8..d3041b0640 100644 --- a/proof/crefine/X64/SR_lemmas_C.thy +++ b/proof/crefine/X64/SR_lemmas_C.thy @@ -1754,7 +1754,6 @@ where | "thread_state_to_tsType (Structures_H.BlockedOnSend oref badge cg cgr isc) = scast ThreadState_BlockedOnSend" | "thread_state_to_tsType (Structures_H.BlockedOnNotification oref) = scast ThreadState_BlockedOnNotification" - lemma ctcb_relation_thread_state_to_tsType: "ctcb_relation tcb ctcb \ tsType_CL (thread_state_lift (tcbState_C ctcb)) = thread_state_to_tsType (tcbState tcb)" unfolding ctcb_relation_def cthread_state_relation_def diff --git a/proof/crefine/X64/Schedule_C.thy b/proof/crefine/X64/Schedule_C.thy index ec4adcf619..41ddffb772 100644 --- a/proof/crefine/X64/Schedule_C.thy +++ b/proof/crefine/X64/Schedule_C.thy @@ -82,24 +82,6 @@ lemma switchToThread_ccorres: apply (clarsimp simp: all_invs_but_ct_idle_or_in_cur_domain'_def valid_state'_def) done -lemma get_tsType_ccorres2: - "ccorres (\r r'. r' = thread_state_to_tsType r) ret__unsigned_longlong_' (tcb_at' thread) - (UNIV \ {s. f s = tcb_ptr_to_ctcb_ptr thread} \ - {s. cslift s (Ptr &(f s\[''tcbState_C''])) = Some (thread_state_' s)}) [] - (getThreadState thread) (Call thread_state_get_tsType_'proc)" - unfolding getThreadState_def - apply (rule ccorres_from_spec_modifies [where P=\, simplified]) - apply (rule thread_state_get_tsType_spec) - apply (rule thread_state_get_tsType_modifies) - apply simp - apply (frule (1) obj_at_cslift_tcb) - apply (clarsimp simp: typ_heap_simps) - apply (rule bexI [rotated, OF threadGet_eq], assumption) - apply simp - apply (drule ctcb_relation_thread_state_to_tsType) - apply simp - done - lemma activateThread_ccorres: "ccorres dc xfdc (ct_in_state' activatable' and (\s. sch_act_wf (ksSchedulerAction s) s) @@ -109,7 +91,7 @@ lemma activateThread_ccorres: (Call activateThread_'proc)" apply (cinit) apply (rule ccorres_pre_getCurThread) - apply (ctac add: get_tsType_ccorres2 [where f="\s. ksCurThread_' (globals s)"]) + apply (ctac add: get_tsType_ccorres [where f="\s. ksCurThread_' (globals s)"]) apply (rule_tac P="activatable' rv" in ccorres_gen_asm) apply (wpc) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) @@ -119,7 +101,7 @@ lemma activateThread_ccorres: apply (rule ccorres_cond_true) apply (rule ccorres_return_Skip) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) - apply (simp add: "StrictC'_thread_state_defs" del: Collect_const) + apply (simp add: ThreadState_defs del: Collect_const) apply (rule ccorres_cond_false) apply (rule ccorres_cond_false) apply (rule ccorres_cond_true) @@ -127,7 +109,7 @@ lemma activateThread_ccorres: apply (rule allI, rule conseqPre, vcg) apply (clarsimp simp: activateIdleThread_def return_def) apply (rule_tac P=\ and P'=UNIV in ccorres_inst, simp) - apply (simp add: "StrictC'_thread_state_defs" del: Collect_const) + apply (simp add: ThreadState_defs del: Collect_const) apply (rule ccorres_cond_false) apply (rule ccorres_cond_true) apply (rule ccorres_rhs_assoc)+ @@ -150,7 +132,7 @@ lemma activateThread_ccorres: apply (subgoal_tac "ksCurThread_' (globals s') = tcb_ptr_to_ctcb_ptr (ksCurThread s)") prefer 2 apply (clarsimp simp: rf_sr_def cstate_relation_def Let_def) - apply (clarsimp simp: typ_heap_simps ThreadState_Running_def mask_def) + apply (clarsimp simp: typ_heap_simps ThreadState_defs mask_def) done lemma ceqv_Guard_UNIV_Skip: @@ -703,10 +685,10 @@ lemma timerTick_ccorres: supply subst_all [simp del] apply (cinit) apply (rule ccorres_pre_getCurThread) - apply (ctac add: get_tsType_ccorres2 [where f="\s. ksCurThread_' (globals s)"]) + apply (ctac add: get_tsType_ccorres [where f="\s. ksCurThread_' (globals s)"]) apply (rule ccorres_split_nothrow_novcg) apply wpc - apply (simp add: "StrictC'_thread_state_defs", rule ccorres_cond_false, rule ccorres_return_Skip)+ + apply (simp add: ThreadState_defs, rule ccorres_cond_false, rule ccorres_return_Skip)+ (* thread_state.Running *) apply simp apply (rule ccorres_cond_true) @@ -738,7 +720,7 @@ lemma timerTick_ccorres: threadSet_pred_tcb_at_state tcbSchedAppend_valid_objs' threadSet_valid_objs' threadSet_tcbDomain_triv | clarsimp simp: st_tcb_at'_def o_def split: if_splits)+ apply (vcg exspec=tcbSchedDequeue_modifies) - apply (simp add: "StrictC'_thread_state_defs", rule ccorres_cond_false, rule ccorres_return_Skip)+ + apply (simp add: ThreadState_defs, rule ccorres_cond_false, rule ccorres_return_Skip)+ apply ceqv apply (clarsimp simp: decDomainTime_def numDomains_sge_1_simp) apply (rule ccorres_when[where R=\]) diff --git a/proof/crefine/X64/SyscallArgs_C.thy b/proof/crefine/X64/SyscallArgs_C.thy index 4be2242bd4..64903e2d1f 100644 --- a/proof/crefine/X64/SyscallArgs_C.thy +++ b/proof/crefine/X64/SyscallArgs_C.thy @@ -415,11 +415,13 @@ lemma is_syscall_error_codes: by ((rule iffD2[OF is_syscall_error_code_def], intro allI, rule conseqPre, vcg, safe, (simp_all add: o_def)?)+) -lemma syscall_error_throwError_ccorres_direct: +lemma syscall_error_throwError_ccorres_direct_gen: "\ is_syscall_error_code f code; + \x y g. arrel (Inl x) y = (intr_and_se_rel \ g) (Inl x) y; \err' ft'. syscall_error_to_H (f err') ft' = Some err \ \ - ccorres (intr_and_se_rel \ dc) (liftxf errstate id v' ret__unsigned_long_') + ccorres_underlying rf_sr \ rrel xf + arrel (liftxf errstate id v' ret__unsigned_long_') \ (UNIV) (SKIP # hs) (throwError (Inl err)) code" apply (rule ccorres_from_vcg_throws) @@ -429,28 +431,35 @@ lemma syscall_error_throwError_ccorres_direct: apply (simp add: syscall_error_rel_def exception_defs) done -lemma syscall_error_throwError_ccorres_succs: +lemma syscall_error_throwError_ccorres_succs_gen: "\ is_syscall_error_code f code; + \x y g. arrel (Inl x) y = (intr_and_se_rel \ g) (Inl x) y; \err' ft'. syscall_error_to_H (f err') ft' = Some err \ \ - ccorres (intr_and_se_rel \ dc) (liftxf errstate id v' ret__unsigned_long_') + ccorres_underlying rf_sr \ rrel xf + arrel (liftxf errstate id v' ret__unsigned_long_') \ (UNIV) (SKIP # hs) (throwError (Inl err)) (code ;; remainder)" apply (rule ccorres_guard_imp2, rule ccorres_split_throws) - apply (erule syscall_error_throwError_ccorres_direct) - apply simp + apply (erule syscall_error_throwError_ccorres_direct_gen; assumption) apply (rule HoarePartialProps.augment_Faults) apply (erule iffD1[OF is_syscall_error_code_def, THEN spec]) apply simp+ done -lemmas syscall_error_throwError_ccorres_n = - is_syscall_error_codes[THEN syscall_error_throwError_ccorres_direct, +lemmas syscall_error_throwError_ccorres_n_gen = + is_syscall_error_codes[THEN syscall_error_throwError_ccorres_direct_gen, simplified o_apply] - is_syscall_error_codes[THEN syscall_error_throwError_ccorres_succs, + is_syscall_error_codes[THEN syscall_error_throwError_ccorres_succs_gen, simplified o_apply] +lemmas syscall_error_throwError_ccorres_n = + syscall_error_throwError_ccorres_n_gen[where arrel="intr_and_se_rel \ dc", simplified] + +lemmas syscall_error_throwError_ccorres_n_inl_rrel = + syscall_error_throwError_ccorres_n_gen[where arrel="inl_rrel (intr_and_se_rel \ dc)", simplified] + definition idButNot :: "'a \ 'a" where "idButNot x = x" diff --git a/proof/crefine/X64/Syscall_C.thy b/proof/crefine/X64/Syscall_C.thy index e2ddf59ee8..c476fbd8b5 100644 --- a/proof/crefine/X64/Syscall_C.thy +++ b/proof/crefine/X64/Syscall_C.thy @@ -315,7 +315,7 @@ lemma decodeInvocation_ccorres: apply fastforce apply (simp add: cap_lift_capEPBadge_mask_eq) apply (clarsimp simp: rf_sr_ksCurThread Collect_const_mem - cap_get_tag_isCap "StrictC'_thread_state_defs") + cap_get_tag_isCap ThreadState_defs) apply (frule word_unat.Rep_inverse') apply (simp add: cap_get_tag_isCap[symmetric] cap_get_tag_ReplyCap) apply (rule conjI) @@ -489,7 +489,7 @@ lemma handleInvocation_def2: lemma thread_state_to_tsType_eq_Restart: "(thread_state_to_tsType ts = scast ThreadState_Restart) = (ts = Restart)" - by (cases ts, simp_all add: "StrictC'_thread_state_defs") + by (cases ts, simp_all add: ThreadState_defs) lemma wordFromMessageInfo_spec: "\s. \\ {s} Call wordFromMessageInfo_'proc @@ -520,7 +520,7 @@ lemma handleDoubleFault_ccorres: apply (simp add: getRestartPC_def) apply wp apply clarsimp - apply (simp add: ThreadState_Inactive_def) + apply (simp add: ThreadState_defs) apply (fastforce simp: valid_tcb_state'_def) done @@ -899,7 +899,7 @@ lemma handleInvocation_ccorres: apply auto[1] apply clarsimp apply (clarsimp simp: guard_is_UNIV_def Collect_const_mem) - apply (simp add: "StrictC'_thread_state_defs" mask_def) + apply (simp add: ThreadState_defs mask_def) apply (simp add: typ_heap_simps) apply (case_tac ts, simp_all add: cthread_state_relation_def)[1] apply (clarsimp simp: guard_is_UNIV_def Collect_const_mem) diff --git a/proof/crefine/X64/TcbAcc_C.thy b/proof/crefine/X64/TcbAcc_C.thy index 31ce2674f0..7888ad6521 100644 --- a/proof/crefine/X64/TcbAcc_C.thy +++ b/proof/crefine/X64/TcbAcc_C.thy @@ -89,22 +89,22 @@ lemma archThreadGet_eq: apply simp done -lemma get_tsType_ccorres [corres]: +lemma get_tsType_ccorres[corres]: "ccorres (\r r'. r' = thread_state_to_tsType r) ret__unsigned_longlong_' (tcb_at' thread) - (UNIV \ {s. thread_state_ptr_' s = Ptr &(tcb_ptr_to_ctcb_ptr thread\[''tcbState_C''])}) [] - (getThreadState thread) (Call thread_state_ptr_get_tsType_'proc)" + ({s. f s = tcb_ptr_to_ctcb_ptr thread} \ + {s. cslift s (Ptr &(f s\[''tcbState_C''])) = Some (thread_state_' s)}) [] + (getThreadState thread) (Call thread_state_get_tsType_'proc)" unfolding getThreadState_def - apply (rule ccorres_from_spec_modifies) - apply (rule thread_state_ptr_get_tsType_spec) - apply (rule thread_state_ptr_get_tsType_modifies) - apply simp - apply (frule (1) obj_at_cslift_tcb) - apply (clarsimp simp: typ_heap_simps) + apply (rule ccorres_from_spec_modifies [where P=\, simplified]) + apply (rule thread_state_get_tsType_spec) + apply (rule thread_state_get_tsType_modifies) + apply simp apply (frule (1) obj_at_cslift_tcb) apply (clarsimp simp: typ_heap_simps) apply (rule bexI [rotated, OF threadGet_eq], assumption) apply simp - apply (erule ctcb_relation_thread_state_to_tsType) + apply (drule ctcb_relation_thread_state_to_tsType) + apply simp done lemma threadGet_obj_at2: diff --git a/proof/crefine/X64/Tcb_C.thy b/proof/crefine/X64/Tcb_C.thy index 2625d70415..08558cbc95 100644 --- a/proof/crefine/X64/Tcb_C.thy +++ b/proof/crefine/X64/Tcb_C.thy @@ -1078,7 +1078,7 @@ lemma restart_ccorres: apply fastforce apply (rule ccorres_return_Skip) apply (wp hoare_drop_imps) - apply (auto simp: Collect_const_mem mask_def "StrictC'_thread_state_defs") + apply (auto simp: Collect_const_mem mask_def ThreadState_defs) done lemma setNextPC_ccorres: @@ -2100,7 +2100,7 @@ shows apply (rule allI, rule conseqPre, vcg) apply (clarsimp simp: return_def) apply (wp | simp add: valid_tcb_state'_def)+ - apply (clarsimp simp: ThreadState_Running_def mask_def) + apply (clarsimp simp: ThreadState_defs mask_def) apply (rule mapM_x_wp') apply (rule hoare_pre) apply (wp sch_act_wf_lift valid_queues_lift tcb_in_cur_domain'_lift) @@ -2167,8 +2167,7 @@ shows apply (rule ccorres_inst[where P=\ and P'=UNIV], simp) apply (simp add: performTransfer_def) apply wp - apply (simp add: Collect_const_mem "StrictC'_thread_state_defs" - mask_def) + apply (simp add: Collect_const_mem ThreadState_defs mask_def) apply vcg apply (rule_tac Q="\rv. invs' and st_tcb_at' ((=) Restart) thread and tcb_at' target" in hoare_post_imp) @@ -2288,7 +2287,7 @@ lemma decodeReadRegisters_ccorres: apply wp apply (vcg exspec=getSyscallArg_modifies) apply (clarsimp simp: Collect_const_mem rf_sr_ksCurThread - "StrictC'_thread_state_defs" word_sless_def word_sle_def + ThreadState_defs word_sless_def word_sle_def mask_eq_iff_w2p word_size isCap_simps ReadRegistersFlags_defs tcb_at_invs' cap_get_tag_isCap capTCBPtr_eq) @@ -2397,7 +2396,7 @@ lemma decodeWriteRegisters_ccorres: apply (vcg exspec=getSyscallArg_modifies) apply (clarsimp simp: Collect_const_mem ct_in_state'_def pred_tcb_at') apply (simp add: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) - apply (clarsimp simp: valid_cap'_def "StrictC'_thread_state_defs" + apply (clarsimp simp: valid_cap'_def ThreadState_defs mask_eq_iff_w2p word_size rf_sr_ksCurThread WriteRegisters_resume_def word_sle_def word_sless_def numeral_eqs) @@ -2533,7 +2532,7 @@ lemma decodeCopyRegisters_ccorres: elim!: pred_tcb'_weakenE dest!: st_tcb_at_idle_thread' interpret_excaps_eq)[1] apply (clarsimp simp: word_sle_def CopyRegistersFlags_defs word_sless_def - "StrictC'_thread_state_defs" rf_sr_ksCurThread + ThreadState_defs rf_sr_ksCurThread split: if_split) apply (drule interpret_excaps_eq) apply (clarsimp simp: mask_def excaps_map_def split_def ccap_rights_relation_def @@ -3117,7 +3116,7 @@ lemma decodeTCBConfigure_ccorres: ptr_val_tcb_ptr_mask2[unfolded mask_def objBits_defs, simplified] tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - StrictC'_thread_state_defs mask_eq_iff_w2p word_size + ThreadState_defs mask_eq_iff_w2p word_size from_bool_all_helper all_ex_eq_helper ucast_ucast_mask objBits_defs) apply (subgoal_tac "args \ [] \ extraCaps \ []") @@ -3166,7 +3165,7 @@ lemma decodeTCBConfigure_ccorres: capTCBPtr_eq tcb_ptr_to_ctcb_ptr_mask tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - StrictC'_thread_state_defs mask_eq_iff_w2p word_size + ThreadState_defs mask_eq_iff_w2p word_size from_bool_all_helper) apply (frule(1) tcb_at_h_t_valid [OF tcb_at_invs']) apply (clarsimp simp: typ_heap_simps numeral_eqs isCap_simps valid_cap'_def capAligned_def @@ -3303,7 +3302,7 @@ lemma decodeSetMCPriority_ccorres: elim!: obj_at'_weakenE pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (clarsimp simp: interpret_excaps_eq excaps_map_def) - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size option_to_0_def) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size option_to_0_def) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (clarsimp simp: valid_cap'_def capAligned_def interpret_excaps_eq excaps_map_def) @@ -3436,7 +3435,7 @@ lemma decodeSetPriority_ccorres: elim!: obj_at'_weakenE pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (clarsimp simp: interpret_excaps_eq excaps_map_def) - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size option_to_0_def) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size option_to_0_def) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (clarsimp simp: valid_cap'_def capAligned_def interpret_excaps_eq excaps_map_def) @@ -3614,7 +3613,7 @@ lemma decodeSetSchedParams_ccorres: elim!: obj_at'_weakenE pred_tcb'_weakenE dest!: st_tcb_at_idle_thread')[1] apply (clarsimp simp: interpret_excaps_eq excaps_map_def) - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size option_to_0_def) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size option_to_0_def) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (clarsimp simp: valid_cap'_def capAligned_def interpret_excaps_eq excaps_map_def) @@ -3760,11 +3759,10 @@ lemma decodeSetIPCBuffer_ccorres: valid_mdb_ctes_def no_0_def excaps_map_def elim: pred_tcb'_weakenE dest!: st_tcb_at_idle_thread' dest!: interpret_excaps_eq)[1] - apply (clarsimp simp: option_to_0_def rf_sr_ksCurThread word_sless_def - word_sle_def ThreadState_Restart_def mask_def) + apply (clarsimp simp: option_to_0_def rf_sr_ksCurThread word_sless_def word_sle_def mask_def) apply (rule conjI[rotated], clarsimp+) apply (drule interpret_excaps_eq[rule_format, where n=0], simp add: excaps_map_Nil) - apply (simp add: mask_def "StrictC'_thread_state_defs" excaps_map_def) + apply (simp add: mask_def ThreadState_defs excaps_map_def) apply (clarsimp simp: ccap_rights_relation_def rightsFromWord_wordFromRights cap_get_tag_isCap) apply (frule cap_get_tag_to_H, subst cap_get_tag_isCap, assumption, assumption) @@ -3930,10 +3928,10 @@ lemma decodeUnbindNotification_ccorres: apply (clarsimp simp: isCap_simps) apply (frule cap_get_tag_isCap_unfolded_H_cap) apply (auto simp: ctcb_relation_def typ_heap_simps cap_get_tag_ThreadCap ct_in_state'_def - option_to_ptr_def option_to_0_def ThreadState_Restart_def - mask_def rf_sr_ksCurThread valid_tcb_state'_def - elim!: pred_tcb'_weakenE - dest!: valid_objs_boundNTFN_NULL) + option_to_ptr_def option_to_0_def ThreadState_defs + mask_def rf_sr_ksCurThread valid_tcb_state'_def + elim!: pred_tcb'_weakenE + dest!: valid_objs_boundNTFN_NULL) done lemma nTFN_case_If_ptr: @@ -4095,7 +4093,7 @@ lemma decodeBindNotification_ccorres: apply (clarsimp simp: throwError_def return_def syscall_error_rel_def syscall_error_to_H_cases exception_defs) apply (clarsimp simp add: guard_is_UNIV_def isWaitingNtfn_def - ThreadState_Restart_def mask_def + ThreadState_defs mask_def rf_sr_ksCurThread capTCBPtr_eq) apply (simp add: hd_conv_nth bindE_bind_linearise nTFN_case_If_ptr throwError_bind invocationCatch_def) apply (rule ccorres_from_vcg_split_throws[where P=\ and P'=UNIV]) @@ -4419,7 +4417,7 @@ lemma decodeSetSpace_ccorres: rightsFromWord_wordFromRights capTCBPtr_eq tcb_cnode_index_defs size_of_def option_to_0_def rf_sr_ksCurThread - "StrictC'_thread_state_defs" mask_eq_iff_w2p word_size) + ThreadState_defs mask_eq_iff_w2p word_size) apply (simp add: word_sle_def cap_get_tag_isCap) apply (subgoal_tac "args \ []") apply (clarsimp simp: hd_conv_nth) @@ -4502,7 +4500,7 @@ lemma decodeSetTLSBase_ccorres: apply (clarsimp simp: ct_in_state'_def sysargs_rel_n_def n_msgRegisters_def) apply (auto simp: valid_tcb_state'_def elim!: pred_tcb'_weakenE)[1] - apply (simp add: StrictC'_thread_state_defs mask_eq_iff_w2p word_size) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size) apply (frule rf_sr_ksCurThread) apply (simp only: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply (auto simp: unat_eq_0 le_max_word_ucast_id)+ @@ -4654,8 +4652,7 @@ lemma decodeTCBInvocation_ccorres: dest!: st_tcb_at_idle_thread')[1] apply (simp split: sum.split add: cintr_def intr_and_se_rel_def exception_defs syscall_error_rel_def) - apply (simp add: "StrictC'_thread_state_defs" mask_eq_iff_w2p word_size - cap_get_tag_isCap) + apply (simp add: ThreadState_defs mask_eq_iff_w2p word_size) apply (simp add: cap_get_tag_isCap[symmetric], drule(1) cap_get_tag_to_H) apply clarsimp done diff --git a/spec/cspec/AARCH64/Kernel_C.thy b/spec/cspec/AARCH64/Kernel_C.thy index d5ef766e74..dcac934181 100644 --- a/spec/cspec/AARCH64/Kernel_C.thy +++ b/spec/cspec/AARCH64/Kernel_C.thy @@ -116,6 +116,9 @@ text \Hide unqualified names conflicting with Kernel_Config names. Force u hide_const (open) numDomains +text \Add a more usable name for the collection of ThreadState definitions\ +lemmas ThreadState_defs = StrictC'_thread_state_defs + (* hide vmpage sizes again *) hide_const vmpage_size.ARMSmallPage diff --git a/spec/cspec/ARM/Kernel_C.thy b/spec/cspec/ARM/Kernel_C.thy index 89042169be..cd19383b65 100644 --- a/spec/cspec/ARM/Kernel_C.thy +++ b/spec/cspec/ARM/Kernel_C.thy @@ -98,6 +98,9 @@ text \Hide unqualified names conflicting with Kernel_Config names. Force u hide_const (open) numDomains +text \Add a more usable name for the collection of ThreadState definitions\ +lemmas ThreadState_defs = StrictC'_thread_state_defs + (* hide vmpage sizes again *) hide_const vmpage_size.ARMSmallPage diff --git a/spec/cspec/ARM_HYP/Kernel_C.thy b/spec/cspec/ARM_HYP/Kernel_C.thy index 89042169be..cd19383b65 100644 --- a/spec/cspec/ARM_HYP/Kernel_C.thy +++ b/spec/cspec/ARM_HYP/Kernel_C.thy @@ -98,6 +98,9 @@ text \Hide unqualified names conflicting with Kernel_Config names. Force u hide_const (open) numDomains +text \Add a more usable name for the collection of ThreadState definitions\ +lemmas ThreadState_defs = StrictC'_thread_state_defs + (* hide vmpage sizes again *) hide_const vmpage_size.ARMSmallPage diff --git a/spec/cspec/KernelState_C.thy b/spec/cspec/KernelState_C.thy index 0bd87b4af6..00b082fcee 100644 --- a/spec/cspec/KernelState_C.thy +++ b/spec/cspec/KernelState_C.thy @@ -4,6 +4,8 @@ * SPDX-License-Identifier: GPL-2.0-only *) +(* The base theory for generated bitfield proofs about the kernel *) + theory KernelState_C imports "Word_Lib.WordSetup" diff --git a/spec/cspec/RISCV64/Kernel_C.thy b/spec/cspec/RISCV64/Kernel_C.thy index 9eabe14191..3e7efa727c 100644 --- a/spec/cspec/RISCV64/Kernel_C.thy +++ b/spec/cspec/RISCV64/Kernel_C.thy @@ -95,6 +95,9 @@ text \Hide unqualified names conflicting with Kernel_Config names. Force u hide_const (open) numDomains +text \Add a more usable name for the collection of ThreadState definitions\ +lemmas ThreadState_defs = StrictC'_thread_state_defs + (* hide vmpage sizes again *) hide_const vmpage_size.RISCVSmallPage diff --git a/spec/cspec/X64/Kernel_C.thy b/spec/cspec/X64/Kernel_C.thy index d7dbd22450..5de120a414 100644 --- a/spec/cspec/X64/Kernel_C.thy +++ b/spec/cspec/X64/Kernel_C.thy @@ -98,6 +98,9 @@ text \Hide unqualified names conflicting with Kernel_Config names. Force u hide_const (open) numDomains +text \Add a more usable name for the collection of ThreadState definitions\ +lemmas ThreadState_defs = StrictC'_thread_state_defs + (* hide vmpage sizes again *) hide_const vmpage_size.X64SmallPage