457a55a831
add arch_tcb object to C, rename aep -> ntfn
2015-11-20 16:02:13 +11:00
ac9c3bb1a3
Remove sorry on clz_spec (C parser changes allow it to be proved now).
...
(with some magic from Thomas)
2015-11-20 15:58:15 +11:00
7f664edf13
One more fix for strengthen change.
2015-11-02 16:02:03 +11:00
314a46ee6f
One last fix, hopefully.
2015-11-02 10:52:06 +11:00
bdd8819f50
More minor adjustments.
2015-10-30 12:22:55 +11:00
7c3a06a8d7
Minor adjustments caused by Strengthen changes.
2015-10-29 11:27:54 +11:00
d3f3acb9fc
Fix up CRefine after seL4_NBWait merge.
2015-10-22 07:45:49 +11:00
d51402a5a2
Merge remote-tracking branch 'verification/master' into priority-bitmap
...
(seL4_NBWait)
2015-10-21 16:23:01 +11:00
c94b27b7ae
priority-bitmap: clean up CRefine
...
Cleaned up proof of tcbSchedDequeue_ccorres' (still ugly)
2015-10-21 16:22:11 +11:00
e403eb8f0a
poll: added non blocking sync wait
2015-10-21 14:24:49 +11:00
d6f7579be7
poll: Added new syscall for polling async endpoints (non-blocking wait)
2015-10-21 14:24:49 +11:00
6f8cdae201
priority-bitmap: clean up Refine (i.e. "FIXME RAF")
2015-10-21 13:38:29 +11:00
c1eb235105
Merge 'verification/master' into priority-bitmap
...
Green build except for:
CParserTest (WTF Duplicate fact declaration "dc_20081211.dc_20081211.test_modifies")
AutoCorresSEL4 (waiting on result)
There is still a carefully managed sorry in Schedule_R, waiting on the C
parser FNSPEC+DONT_TRANSLATE fix.
2015-10-21 06:19:20 +11:00
fca34f4a7f
priority-bitmap: TEMPORARY SORRY FOR JIRA VER-464
...
In Schedule_C:
(**** FIXME FIXME FIXME ***)
(* As per JIRA VER-464, the C Parser does not handle
DONT_TRANSLATE+MODIFIES+FNSPEC correctly. This is the spec given in util.h
in seL4 for clz. We do not get that spec back at present.
In order to have a working build until the C parser is fixed, we sorry this
proof. My apologies.
*)
2015-10-20 23:52:14 +11:00
3230d601ae
priority-bitmap: Update InfoflowC
2015-10-20 23:52:14 +11:00
930a2ff179
priority-bitmap: Update Haskell->C refinement
...
(modulo clz_spec locale problem)
2015-10-20 23:52:07 +11:00
7860bd4351
priority-bitmap: move word_log2/clz to WordLemmaBucket
...
Resolves some FIXMEs in Schedule_R.
2015-10-20 23:50:37 +11:00
2a9d3022f2
priority-bitmap: Update abstract->Haskell refinement
...
Added word_log2 and word_clz (inline for now, will migrate them out to
lib later).
Proved most important properties of word_log2 and some basic
count leading zeros properties (word_clz). The former were painful.
Thanks to Thomas, we have a nice tactic for dealing with complicated
obj_at' predicates in conclusion: normalise_obj_at'
2015-10-20 23:40:44 +11:00
d0693fc7d5
fix CRefine after libseL4 NotificationObject terminology update
2015-10-14 14:00:27 +11:00
38fe85e784
aep-binding: cleanup v3
2015-10-07 15:02:26 +11:00
038891ac7b
aep-binding: more cleanup
2015-10-07 14:57:55 +11:00
e3704742f0
aep-binding: cleanup
2015-10-07 14:18:09 +11:00
4525a78c0f
aep-binding: removed quick and dirty from AInvs build options
2015-10-07 13:58:11 +11:00
c8d0692008
sys-init now checks
2015-09-22 12:14:27 +10:00
dab3914e95
change sending on a bound async ipc to avoid revoke_cap
2015-09-21 17:18:37 +10:00
21f429fe60
aep-binding: finished InfoFlowC
2015-09-18 13:54:01 +10:00
e6eb9c837c
aep-binding: finish Bisim
...
with help from Dan
2015-09-18 11:08:32 +10:00
1ae434b9d5
aep-binding: attempted progress on Bisim, 1 sorry remains
...
assumptions include aep_obj aep = IdleAEP and aep_bound_tcb aep = Some
x, which I guess is probably a contradiction, but I don't know how to
prove that.
2015-09-17 17:55:57 +10:00
8fa63f07ba
aep-binding: finished infoflow
2015-09-16 11:41:01 +10:00
478ce437fe
removed sorry
2015-09-16 11:19:49 +10:00
90a719dcf4
Merge branch 'aep-merge' of github.inside.nicta.com.au:seL4/l4v into aep-merge
...
Conflicts:
proof/infoflow/PolicySystemSAC.thy
2015-09-16 11:10:08 +10:00
aa1014d0d0
update SAC for coarser subjectAffects policy
2015-09-16 11:04:29 +10:00
ef5f419885
update rm_affects (also now affects more)
2015-09-16 10:43:03 +10:00
9bcb5cb7b7
aep-binding: fixed crefine, drefine, dpolicy with new decode_bind_aep definition
2015-09-16 10:35:31 +10:00
1812925265
update r_affects (in SAC example) for aep binding
...
r now affects more
2015-09-16 10:24:29 +10:00
8109a05468
fixed Example_Valid_State.thy
2015-09-15 18:10:26 +10:00
45629a38cc
some progress fixing PolicySystemSAC
...
had to change definition of abd_affects_set
work done with Dan
2015-09-15 18:07:36 +10:00
8dfb775f34
finished Noninterference.thy
2015-09-15 16:31:40 +10:00
f117c99903
aep-binding: updated AInvs, Access, Refine for new decodeBindAEP
2015-09-15 16:31:14 +10:00
50adc350d9
Syscall_IF building (1 sorry in decode)
2015-09-15 12:04:46 +10:00
8451c17837
fixed decode with sorry
2015-09-15 12:02:26 +10:00
53919eda6e
handle_wait_globals_equiv
2015-09-15 11:53:40 +10:00
2de96bb5bf
handle_wait_reads_respects_f
...
most of the hard work done by Dan
2015-09-14 18:38:49 +10:00
229f521d3b
finished Ipc_IF
2015-09-14 15:54:17 +10:00
1bde303763
receive_ipc_reads_respects
2015-09-14 11:58:09 +10:00
cfc5841b38
complete_async_ipc_reads_respects
2015-09-14 09:47:46 +10:00
f956842e93
finished send_async_ipc_reads_respects
2015-09-11 15:54:53 +10:00
0fb88ea01c
Merge branch 'master' into aep-merge
...
This commit should at least remove merge conflict markers, and the idea
is that at least refine, crefine, drefine, and infoflow (with sorrys)
build. Subsequent commits may be required to fix build issues that I
have not picked up.
2015-09-10 17:06:45 +10:00
d88a931ec7
history squashed patch for aep-binding
2015-09-02 15:43:39 +10:00
3c85373823
Treat SimplExportOnly specially in proof Makefile.
...
SimplExportOnly builds both a (useless) Isabelle image and a (useful) output
file. We need to adjust the build command to ensure the file actually gets
built if the image already existed.
2015-09-01 18:25:32 +10:00
Joel Beeren
Rafal Kolanski
Thomas Sewell
Daniel Matichuk
Ramana Kumar
Daniel Matichuk