2014-07-14 19:32:44 +00:00
|
|
|
(*
|
|
|
|
* Copyright 2014, General Dynamics C4 Systems
|
|
|
|
*
|
2020-03-09 06:18:30 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-only
|
2014-07-14 19:32:44 +00:00
|
|
|
*)
|
|
|
|
|
2015-09-02 05:43:39 +00:00
|
|
|
|
2014-07-14 19:32:44 +00:00
|
|
|
theory InterruptAcc_AI
|
2020-10-31 06:30:58 +00:00
|
|
|
imports ArchTcbAcc_AI
|
2014-07-14 19:32:44 +00:00
|
|
|
begin
|
|
|
|
|
|
|
|
lemma get_irq_slot_real_cte[wp]:
|
|
|
|
"\<lbrace>invs\<rbrace> get_irq_slot irq \<lbrace>real_cte_at\<rbrace>"
|
|
|
|
apply (simp add: get_irq_slot_def)
|
|
|
|
apply wp
|
|
|
|
apply (clarsimp simp: invs_def valid_state_def valid_irq_node_def)
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
|
|
lemma get_irq_slot_cte_at[wp]:
|
|
|
|
"\<lbrace>invs\<rbrace> get_irq_slot irq \<lbrace>cte_at\<rbrace>"
|
|
|
|
apply (rule hoare_strengthen_post [OF get_irq_slot_real_cte])
|
|
|
|
apply (clarsimp simp: real_cte_at_cte)
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
|
|
crunch valid_ioc[wp]: set_irq_state valid_ioc
|
|
|
|
|
|
|
|
definition valid_irq_masks_but where
|
|
|
|
"valid_irq_masks_but irq table masked \<equiv> \<forall> irq'. irq' \<noteq> irq \<longrightarrow> table irq' = IRQInactive \<longrightarrow> masked irq'"
|
|
|
|
|
|
|
|
definition valid_irq_states_but where
|
|
|
|
"valid_irq_states_but irq s \<equiv> valid_irq_masks_but irq (interrupt_states s) (irq_masks (machine_state s))"
|
|
|
|
|
|
|
|
definition all_invs_but_valid_irq_states_for where
|
2017-07-12 05:13:51 +00:00
|
|
|
"all_invs_but_valid_irq_states_for irq \<equiv> valid_pspace and valid_mdb and
|
2014-07-14 19:32:44 +00:00
|
|
|
valid_ioc and valid_idle and only_idle and
|
|
|
|
if_unsafe_then_cap and
|
|
|
|
valid_reply_caps and
|
|
|
|
valid_reply_masters and
|
|
|
|
valid_global_refs and
|
|
|
|
valid_arch_state and
|
|
|
|
valid_irq_node and
|
|
|
|
valid_irq_handlers and
|
|
|
|
valid_irq_states_but irq and
|
|
|
|
valid_machine_state and
|
2019-05-24 08:34:24 +00:00
|
|
|
valid_vspace_objs and \<comment> \<open> ARMHYP \<close>
|
2014-07-14 19:32:44 +00:00
|
|
|
valid_arch_caps and
|
|
|
|
valid_kernel_mappings and
|
|
|
|
equal_kernel_mappings and
|
|
|
|
valid_asid_map and
|
2017-05-16 11:27:26 +00:00
|
|
|
valid_global_objs and
|
2018-03-18 08:33:36 +00:00
|
|
|
valid_ioports and
|
2017-05-16 11:27:26 +00:00
|
|
|
valid_global_vspace_mappings and
|
2014-07-14 19:32:44 +00:00
|
|
|
pspace_in_kernel_window and
|
2016-08-10 02:13:35 +00:00
|
|
|
cap_refs_in_kernel_window and
|
|
|
|
pspace_respects_device_region and
|
|
|
|
cap_refs_respects_device_region and cur_tcb"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
2016-07-07 03:09:51 +00:00
|
|
|
|
|
|
|
locale InterruptAcc_AI =
|
|
|
|
fixes state_ext_t :: "'state_ext::state_ext itself"
|
|
|
|
assumes dmo_maskInterrupt_invs:
|
|
|
|
"\<And>irq state.
|
2017-07-12 05:13:51 +00:00
|
|
|
\<lbrace>all_invs_but_valid_irq_states_for irq and (\<lambda>s. state = interrupt_states s irq)\<rbrace>
|
|
|
|
do_machine_op (maskInterrupt (state = IRQInactive) irq)
|
2016-07-07 03:09:51 +00:00
|
|
|
\<lbrace>\<lambda>rv. invs :: 'state_ext state \<Rightarrow> bool\<rbrace>"
|
|
|
|
|
|
|
|
context InterruptAcc_AI begin
|
2014-07-14 19:32:44 +00:00
|
|
|
|
|
|
|
lemma set_irq_state_invs[wp]:
|
2016-07-07 03:09:51 +00:00
|
|
|
"\<And>state irq.
|
|
|
|
\<lbrace>\<lambda>s::'state_ext state. invs s
|
|
|
|
\<and> (state \<noteq> irq_state.IRQSignal \<longrightarrow> cap.IRQHandlerCap irq \<notin> ran (caps_of_state s))\<rbrace>
|
2014-07-14 19:32:44 +00:00
|
|
|
set_irq_state state irq
|
2016-07-07 03:09:51 +00:00
|
|
|
\<lbrace>\<lambda>rv. invs\<rbrace>"
|
2014-07-14 19:32:44 +00:00
|
|
|
apply (simp add: set_irq_state_def)
|
|
|
|
apply (wp dmo_maskInterrupt_invs)
|
|
|
|
apply (clarsimp simp: invs_def valid_state_def cur_tcb_def valid_mdb_def all_invs_but_valid_irq_states_for_def)
|
|
|
|
apply (simp add: mdb_cte_at_def valid_irq_node_def
|
|
|
|
valid_irq_handlers_def irq_issued_def)
|
|
|
|
apply (rule conjI)
|
2017-07-12 05:13:51 +00:00
|
|
|
apply (clarsimp simp: cap_irqs_def cap_irq_opt_def
|
2014-08-11 04:50:56 +00:00
|
|
|
split: cap.split_asm)
|
2014-07-14 19:32:44 +00:00
|
|
|
apply(clarsimp simp: valid_machine_state_def valid_irq_states_but_def valid_irq_masks_but_def, blast elim: valid_irq_statesE)
|
|
|
|
done
|
|
|
|
|
2016-07-07 03:09:51 +00:00
|
|
|
end
|
|
|
|
|
2014-07-14 19:32:44 +00:00
|
|
|
lemmas ucast_ucast_mask8 = ucast_ucast_mask[where 'a=8, simplified, symmetric]
|
|
|
|
|
|
|
|
end
|