Skip to content

Commit

Permalink
aarch64 refine: minimal fixups for arch-split tcb_cte_cases machinery
Browse files Browse the repository at this point in the history
Signed-off-by: Rafal Kolanski <[email protected]>
  • Loading branch information
Xaphiosis committed Dec 9, 2024
1 parent 6705b0d commit 375d6a5
Show file tree
Hide file tree
Showing 8 changed files with 12 additions and 1 deletion.
1 change: 1 addition & 0 deletions proof/refine/AARCH64/CNodeInv_R.thy
Original file line number Diff line number Diff line change
Expand Up @@ -5729,6 +5729,7 @@ lemma cte_wp_at_disj_eq':

lemma valid_Zombie_cte_at':
"\<lbrakk> s \<turnstile>' Zombie p zt m; n < zombieCTEs zt \<rbrakk> \<Longrightarrow> cte_at' (p + (of_nat n * 2^cteSizeBits)) s"
supply raw_tcb_cte_cases_simps[simp] (* FIXME arch-split: legacy, try use tcb_cte_cases_neqs *)
apply (clarsimp simp: valid_cap'_def split: zombie_type.split_asm)
apply (clarsimp simp: obj_at'_def objBits_simps)
apply (subgoal_tac "tcb_cte_cases (of_nat n * 2^cteSizeBits) \<noteq> None")
Expand Down
1 change: 1 addition & 0 deletions proof/refine/AARCH64/CSpace1_R.thy
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,7 @@ lemma tcb_cases_related:
"tcb_cap_cases ref = Some (getF, setF, restr) \<Longrightarrow>
\<exists>getF' setF'. (\<forall>x. tcb_cte_cases (cte_map (x, ref) - x) = Some (getF', setF'))
\<and> (\<forall>tcb tcb'. tcb_relation tcb tcb' \<longrightarrow> cap_relation (getF tcb) (cteCap (getF' tcb')))"
supply raw_tcb_cte_cases_simps[simp] (* FIXME arch-split: legacy, try use tcb_cte_cases_neqs *)
by (simp add: tcb_cap_cases_def tcb_cnode_index_def to_bl_1
cte_map_def' tcb_relation_def
split: if_split_asm)
Expand Down
1 change: 1 addition & 0 deletions proof/refine/AARCH64/CSpace_R.thy
Original file line number Diff line number Diff line change
Expand Up @@ -4204,6 +4204,7 @@ lemma setupReplyMaster_invs'[wp]:
"\<lbrace>invs' and tcb_at' t and ex_nonz_cap_to' t\<rbrace>
setupReplyMaster t
\<lbrace>\<lambda>rv. invs'\<rbrace>"
supply raw_tcb_cte_cases_simps[simp] (* FIXME arch-split: legacy, try use tcb_cte_cases_neqs *)
apply (simp add: invs'_def valid_state'_def)
apply (rule hoare_pre)
apply (wp setupReplyMaster_valid_pspace' sch_act_wf_lift tcb_in_cur_domain'_lift ct_idle_or_in_cur_domain'_lift
Expand Down
2 changes: 2 additions & 0 deletions proof/refine/AARCH64/Ipc_R.thy
Original file line number Diff line number Diff line change
Expand Up @@ -1649,6 +1649,7 @@ lemma doFaultTransfer_invs[wp]:
lemma lookupIPCBuffer_valid_ipc_buffer [wp]:
"\<lbrace>valid_objs'\<rbrace> VSpace_H.lookupIPCBuffer b s \<lbrace>case_option \<top> valid_ipc_buffer_ptr'\<rbrace>"
unfolding lookupIPCBuffer_def AARCH64_H.lookupIPCBuffer_def
supply raw_tcb_cte_cases_simps[simp] (* FIXME arch-split: legacy, try use tcb_cte_cases_neqs *)
apply (simp add: Let_def getSlotCap_def getThreadBufferSlot_def
locateSlot_conv threadGet_def comp_def)
apply (wp getCTE_wp getObject_tcb_wp | wpc)+
Expand Down Expand Up @@ -3534,6 +3535,7 @@ lemma setupCallerCap_ifunsafe[wp]:
\<lbrace>\<lambda>rv. if_unsafe_then_cap'\<rbrace>"
unfolding setupCallerCap_def getThreadCallerSlot_def
getThreadReplySlot_def locateSlot_conv
supply raw_tcb_cte_cases_simps[simp] (* FIXME arch-split: legacy, try use tcb_cte_cases_neqs *)
apply (wp getSlotCap_cte_wp_at
| simp add: unique_master_reply_cap' | strengthen eq_imp_strg
| wp (once) hoare_drop_imp[where f="getCTE rs" for rs])+
Expand Down
4 changes: 3 additions & 1 deletion proof/refine/AARCH64/KHeap_R.thy
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,7 @@ lemma updateObject_cte_is_tcb_or_cte:
\<and> ko' = KOTCB (setF (\<lambda>x. cte) tcb) \<and> is_aligned q tcbBlockSizeBits \<and> ps_clear q tcbBlockSizeBits s) \<or>
(\<exists>cte'. ko = KOCTE cte' \<and> ko' = KOCTE cte \<and> s' = s
\<and> p = q \<and> is_aligned p cte_level_bits \<and> ps_clear p cte_level_bits s)"
supply raw_tcb_cte_cases_simps[simp] (* FIXME arch-split: legacy, try use tcb_cte_cases_neqs *)
apply (clarsimp simp: updateObject_cte typeError_def alignError_def
tcbVTableSlot_def tcbCTableSlot_def to_bl_1 rev_take objBits_simps'
in_monad map_bits_to_bl cte_level_bits_def in_magnitude_check
Expand Down Expand Up @@ -1199,6 +1200,7 @@ lemma typ_at'_valid_obj'_lift:
assumes P: "\<And>P T p. \<lbrace>\<lambda>s. P (typ_at' T p s)\<rbrace> f \<lbrace>\<lambda>rv s. P (typ_at' T p s)\<rbrace>"
notes [wp] = hoare_vcg_all_lift hoare_vcg_imp_lift hoare_vcg_const_Ball_lift typ_at_lifts [OF P]
shows "\<lbrace>\<lambda>s. valid_obj' obj s\<rbrace> f \<lbrace>\<lambda>rv s. valid_obj' obj s\<rbrace>"
supply raw_tcb_cte_cases_simps[simp] (* FIXME arch-split: legacy, try use tcb_cte_cases_neqs *)
apply (cases obj; simp add: valid_obj'_def hoare_TrueI)
apply (rename_tac endpoint)
apply (case_tac endpoint; simp add: valid_ep'_def, wp)
Expand All @@ -1210,7 +1212,7 @@ lemma typ_at'_valid_obj'_lift:
apply (case_tac "tcbState tcb";
simp add: valid_tcb'_def valid_tcb_state'_def split_def opt_tcb_at'_def
valid_bound_ntfn'_def;
wpsimp wp: hoare_case_option_wp hoare_case_option_wp2;
wpsimp wp: hoare_case_option_wp hoare_case_option_wp2 valid_arch_tcb_lift' P;
(clarsimp split: option.splits)?)
apply (wpsimp simp: valid_cte'_def)
apply wp
Expand Down
1 change: 1 addition & 0 deletions proof/refine/AARCH64/TcbAcc_R.thy
Original file line number Diff line number Diff line change
Expand Up @@ -4437,6 +4437,7 @@ qed

lemma cte_at_tcb_at_32':
"tcb_at' t s \<Longrightarrow> cte_at' (t + 32) s"
supply raw_tcb_cte_cases_simps[simp] (* FIXME arch-split: legacy, try use tcb_cte_cases_neqs *)
apply (simp add: cte_at'_obj_at')
apply (rule disjI2, rule bexI[where x=32])
apply simp
Expand Down
2 changes: 2 additions & 0 deletions proof/refine/AARCH64/Tcb_R.thy
Original file line number Diff line number Diff line change
Expand Up @@ -1014,6 +1014,7 @@ lemma threadcontrol_corres_helper4:
(checkCapAt (capability.ThreadCap a) (cte_map slot)
(assertDerived (cte_map (ab, ba)) ac (cteInsert ac (cte_map (ab, ba)) (cte_map (a, tcb_cnode_index 4)))))
\<lbrace>\<lambda>_ s. sym_heap_sched_pointers s \<and> valid_sched_pointers s \<and> valid_tcbs' s\<rbrace>"
supply raw_tcb_cte_cases_simps[simp] (* FIXME arch-split: legacy, try use tcb_cte_cases_neqs *)
apply (wpsimp wp:
| strengthen invs_sym_heap_sched_pointers invs_valid_sched_pointers
invs_valid_objs' valid_objs'_valid_tcbs')+
Expand Down Expand Up @@ -1303,6 +1304,7 @@ proof -
od odE od)
g')" (is "corres _ ?T2_pre ?T2_pre' _ _")
using z u
supply raw_tcb_cte_cases_simps[simp] (* FIXME arch-split: legacy, try use tcb_cte_cases_neqs *)
apply -
apply (rule corres_guard_imp[where P=P and P'=P'
and Q="P and cte_at (a, tcb_cnode_index 4)"
Expand Down
1 change: 1 addition & 0 deletions proof/refine/AARCH64/orphanage/Orphanage.thy
Original file line number Diff line number Diff line change
Expand Up @@ -1669,6 +1669,7 @@ lemma tc_no_orphans:
K (valid_option_prio d \<and> valid_option_prio mcp) \<rbrace>
invokeTCB (tcbinvocation.ThreadControl a sl b' mcp d e' f' g)
\<lbrace> \<lambda>rv s. no_orphans s \<rbrace>"
supply raw_tcb_cte_cases_simps[simp] (* FIXME arch-split: legacy, try use tcb_cte_cases_neqs *)
apply (rule hoare_gen_asm)
apply (rule hoare_gen_asm)
apply (rule hoare_gen_asm)
Expand Down

0 comments on commit 375d6a5

Please sign in to comment.