arm-hyp ainvs: prove that the vcpu of the idle thread is always None

* Context :

We would like to prove that, for ARM_HYP architecture,
the current vcpu is always the vcpu associated to the current thread.
See issue https://jira.csiro.au/browse/VER-770
and PR 291 http://bitbucket.keg.ertos.in.nicta.com.au/projects/SEL4/repos/l4v/pull-requests/291

* Intermediate step : the vcpu of the idle thread is always None

In this commit we update the proofs of abstract invariants for
the arm_hyp architecture, so that the new version of `valid_idle`,
stating that the vcpu of the idle thread is always None, holds.

Fix up proofs after word lemma moves

Remove pure word lemmas from proof/*

Removes redundant lemmas after moving them up to Word_Lib.

Isabelle2018 arm: AInvs

Isabelle2018: new "op x" syntax; now is "(x)"

(result of "isabelle update_op -m <dir>")

globally use session-qualified imports; add Lib session

Session-qualified imports will be required for Isabelle2018 and help clarify
the structure of sessions in the build tree.

This commit mainly adds a new set of sessions for lib/, including a Lib
session that includes most theories in lib/ and a few separate sessions for
parts that have dependencies beyond CParser or are separate AFP sessions.
The group "lib" collects all lib/ sessions.

As a consequence, other theories should use lib/ theories by session name,
not by path, which in turns means spec and proof sessions should also refer
to each other by session name, not path, to avoid duplicate theory errors in
theory merges later.

lib: Refactor crunch so that it can be used for both the nondet monad and the trace monad

arm-hyp: ioportcontrol: fixes after adding IOPortControlCaps to x64

arm-hyp ainvs: proof update for user_context refactor

Genericise deletion actions that occur after empty_slot

This patch adds a generic "post_cap_deletion" step that is called by
finalise_slot. Previous to this, the only caps which had actions
required at this stage were IRQHandlerCaps -- it was required that the
IRQ bitmap be updated after the cap itself was removed (as the
invariants state that for any existing IRQHandlerCap, the corresponding
bit in the IRQ bitmap must be set).

By genericising this, we add the capacity for new, arch-specific post
cap deletion actions to occur in the future.

arm-hyp: simple_ko setter/getter

Isabelle2017: update AInvs for RC0

* word_eqI is no longer rule_format.

* Updated Isabelle/ML Thm.join_proofs to Thm.consolidate.

* Updated suffix_refl to suffix_order.order.refl.

* Removed some lines of proofs, thanks to improved simplifier.

Remove valid_arch_objs

now that we have valid_vspace_objs to express validiy of
vspace objects, we do not need valid_arch_objs: we have
valid_objs to state the validity of non-vspace arch objects.

ainvs: integrate all architectures

SELFOUR-748: rename tlb invalidation functions

arm-hyp AInvs: reintroduce valid_global_objs and valid_global_vspace_mappings

arm-hyp invariants: make valid_arch_obj depend on valid_vspace_obj

arm-hyp ainvs: (Fix) Correctly defining setCurrentPD

arm-hyp: AInvs sorry-free

arm-hyp invariants: fix pde_shifting in ArchAcc_AI

arm-hyp: changes after rebase (on top of d08ee04e2f8)

arm-hyp invariants: new liveness definition

* the definition of liveness is extended for tcb/vcpu reference
* proved liveness related properties for dissociate_vcpu_tcb, prepare_thread_delete, etc.

changes after rebasing (for isabelle2016-1 and the new wp)

arm-hyp invariants: fix arch_splitting/locales

* tcb_arch_ref: definition and invariants (to access obj_refs in tcb_arch in generic contexts)
* fixes related hyp_refs

arm-hyp invariants: incremental progress (sorrying, fixing crunches/alignments, etc.)

* sorry perform_vcpu_invocation invariant statements
* fix pg_entry_align and related statements
* some crunches in ArchFinalise_AI

arm-hyp invariants: changes from rebase for ARM_HYP invariants

arm-hyp invariants: updates for vcpu, alignments, valid_vspace_obj, wellformed_arch_obj, etc.

arm-hyp invariants: symrefs for hypervisor

introducing hyp_sym_refs (vcpu/tcb symref) related definitions + proof updates

arm-hyp invariants: copy arch-splitted invariant files from ARM

earlier updates in ArchInvariants are kept

arm-hyp invariants: add ARM_HYP directory, updating ArchInvariants_AI and Invariants_AI