adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
652 Commits 7 Branches 0 Tags 86 MiB
Commit Graph

65 Commits

Author SHA1 Message Date
Joel Beeren 457a55a831 add arch_tcb object to C, rename aep -> ntfn 2015-11-20 16:02:13 +11:00
Thomas Sewell 7c3a06a8d7 Minor adjustments caused by Strengthen changes. 2015-10-29 11:27:54 +11:00
Rafal Kolanski d51402a5a2 Merge remote-tracking branch 'verification/master' into priority-bitmap 
(seL4_NBWait)
 2015-10-21 16:23:01 +11:00
Joel Beeren e403eb8f0a poll: added non blocking sync wait 2015-10-21 14:24:49 +11:00
Joel Beeren d6f7579be7 poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
Rafal Kolanski c1eb235105 Merge 'verification/master' into priority-bitmap 
Green build except for:
CParserTest (WTF Duplicate fact declaration "dc_20081211.dc_20081211.test_modifies")
AutoCorresSEL4 (waiting on result)

There is still a carefully managed sorry in Schedule_R, waiting on the C
parser FNSPEC+DONT_TRANSLATE fix.
 2015-10-21 06:19:20 +11:00
Rafal Kolanski 3230d601ae priority-bitmap: Update InfoflowC 2015-10-20 23:52:14 +11:00
Joel Beeren e3704742f0 aep-binding: cleanup 2015-10-07 14:18:09 +11:00
Joel Beeren 21f429fe60 aep-binding: finished InfoFlowC 2015-09-18 13:54:01 +10:00
Joel Beeren 8fa63f07ba aep-binding: finished infoflow 2015-09-16 11:41:01 +10:00
Daniel Matichuk 478ce437fe removed sorry 2015-09-16 11:19:49 +10:00
Daniel Matichuk 90a719dcf4 Merge branch 'aep-merge' of github.inside.nicta.com.au:seL4/l4v into aep-merge 
Conflicts:
	proof/infoflow/PolicySystemSAC.thy
 2015-09-16 11:10:08 +10:00
Daniel Matichuk aa1014d0d0 update SAC for coarser subjectAffects policy 2015-09-16 11:04:29 +10:00
Ramana Kumar ef5f419885 update rm_affects (also now affects more) 2015-09-16 10:43:03 +10:00
Ramana Kumar 1812925265 update r_affects (in SAC example) for aep binding 
r now affects more
 2015-09-16 10:24:29 +10:00
Daniel Matichuk 8109a05468 fixed Example_Valid_State.thy 2015-09-15 18:10:26 +10:00
Ramana Kumar 45629a38cc some progress fixing PolicySystemSAC 
had to change definition of abd_affects_set

work done with Dan
 2015-09-15 18:07:36 +10:00
Daniel Matichuk 8dfb775f34 finished Noninterference.thy 2015-09-15 16:31:40 +10:00
Daniel Matichuk 50adc350d9 Syscall_IF building (1 sorry in decode) 2015-09-15 12:04:46 +10:00
Daniel Matichuk 8451c17837 fixed decode with sorry 2015-09-15 12:02:26 +10:00
Ramana Kumar 53919eda6e handle_wait_globals_equiv 2015-09-15 11:53:40 +10:00
Ramana Kumar 2de96bb5bf handle_wait_reads_respects_f 
most of the hard work done by Dan
 2015-09-14 18:38:49 +10:00
Daniel Matichuk 229f521d3b finished Ipc_IF 2015-09-14 15:54:17 +10:00
Ramana Kumar 1bde303763 receive_ipc_reads_respects 2015-09-14 11:58:09 +10:00
Ramana Kumar cfc5841b38 complete_async_ipc_reads_respects 2015-09-14 09:47:46 +10:00
Daniel Matichuk f956842e93 finished send_async_ipc_reads_respects 2015-09-11 15:54:53 +10:00
Ramana Kumar 0fb88ea01c Merge branch 'master' into aep-merge 
This commit should at least remove merge conflict markers, and the idea
is that at least refine, crefine, drefine, and infoflow (with sorrys)
build. Subsequent commits may be required to fix build issues that I
have not picked up.
 2015-09-10 17:06:45 +10:00
Ramana Kumar d88a931ec7 history squashed patch for aep-binding 2015-09-02 15:43:39 +10:00
Joel Beeren 3372cd32a8 SELFOUR-220: When calling handleWait, only delete the 
TCB's ReplyCap when actually waiting on a synchronous
endpoint.
 2015-07-23 14:45:17 +10:00
Thomas Sewell 440081c0f4 Add a gsMaxObjectSize as needed. 2015-07-17 14:30:08 +10:00
Gerwin Klein f95b9dad9b infoflow: remove unused theory 2015-05-28 14:21:54 +10:00
Gerwin Klein cfec9ea0db Merge branch 'master' into 2015 2015-05-28 11:45:13 +10:00
Joel Beeren 002cf370bb Updated proof with new fastpath changes removing setCurrentASID and armv_contextSwitch_fp 2015-05-28 11:30:22 +10:00
Gerwin Klein c6564cb4cb infoflow: 2015 update for infoflow C refinement 2015-05-20 21:10:59 +10:00
Gerwin Klein cba6a4f59e infoflow: minor cleanup 2015-05-16 21:49:01 +10:00
Gerwin Klein 12fa86863a fewer warnings 2015-05-16 19:52:49 +10:00
Gerwin Klein b46bc4e78d infoflow: 2015 update (apart from C refinement) 2015-05-16 18:14:59 +10:00
Gerwin Klein 29eb636d31 re-establish InfoFlow; generalising ptable_xn 
UserOp_IF had its own way of extracting the XN bit from page tables.
This is now unified with the existing functions in ADT_AI, which also
means that the proof for XN bit equality is basically the same as for
pt_rights and pt_lift.
 2014-11-28 08:58:57 +11:00
deang f9b9f9ba53 infoflow: remove s0_ptrs_distinct from Example_Valid_StateH 
subsumed by distinct command in Example_Valid_State
 2014-11-19 16:01:49 +11:00
deang 77c600038f infoflow: fixed and added Example_Valid_StateH to testing 
Some of the noninterference results depend on executions at the haskell level starting at a valid initial state. This file demonstrates this condition being realised.
 2014-11-18 17:39:17 +11:00
deang f9ea932cfb noninterference: remove duplicate lemmas 
Some redundant duplicate lemmas with duplicate names were proven under locale contexts 'unwinding_system' and 'complete_unwinding_system'.
 2014-11-03 13:14:18 +11:00
David Greenaway 127c7cd63e infoflow: trivial: Add some comments to "do_user_op_if" definition. 2014-10-27 09:31:31 +11:00
David Greenaway 759a7fa8cb infoflow: trivial: Add some minor comments to "Noninterference_Base.thy". 
Added while trying to work out some details. Perhaps more useful than
not?
 2014-10-16 17:09:11 +11:00
deang 77f85b334d trivial: typo in comment 2014-10-14 17:29:47 +11:00
deang 6df2eb6cf9 infoflow: weakened assumptions for c refinement of infoflow adts 
The fact that the C infoflow adt refines the abstract infoflow adt now only requires that given user operation is nonempty and not sane (nonempty and doesn't return an interrupt).
Also added some more general lemmas about fw_sim and refinement to lib/Simulation.thy.
 2014-10-14 17:01:11 +11:00
David Greenaway 6c915fa629 infoflow: Move "EquivValid" out of "infoflow/", into "lib/". 
More importantly, remove seL4 from the dependencies of "EquivValid", so
others can use it.

Also, we fixup the fallout.
 2014-10-13 11:05:31 +11:00
David Greenaway b0832637e6 infoflow: Change definition of "the_nat_to_bl" to avoid undefined outputs. 
...and clean up some fallout.

In particular, we now say that the output of "nat_to_bl sz n" is taken
to be the bitlist of "n mod 2^sz", so the output is always defined.

The idea is to remove the undefinedness of "the_nat_to_bl" so that it is
easier to generate simp rules for it; some of these are developed in the
theory below, and simplify some of the more concrete infoflow proofs.
 2014-10-07 08:59:17 +11:00
David Greenaway bf2d517009 infoflow: Use the "distinct" command in "Example_Valid_State". 
Use the previously-added "distinct" command to simplify the
"Example_Valid_State" proof. This brings quite significant speedups as
it means that raw definitions need not be unfolded, and hence automated
tactics don't get side-tracked with their numerical definitions.
 2014-10-07 08:59:17 +11:00
David Greenaway 22b9118432 infoflow: Fix non-terminating proof for Isabelle 2014. 
Remove useless ROOT.ML file, while I am here.
 2014-09-19 14:33:54 +10:00
David Greenaway cf0d1abce6 Merge 'master' into 'isabelle-2014'. 
Conflicts:
	proof/crefine/Fastpath_C.thy
	proof/drefine/KHeap_DR.thy
	proof/infoflow/Noninterference.thy
	spec/design/version
	sys-init/DuplicateCaps_SI.thy
	sys-init/InitTCB_SI.thy
	sys-init/Proof_SI.thy
	tools/asmrefine/SimplExport.thy
	tools/autocorres/tests/examples/SchorrWaite.thy
 2014-09-17 14:21:13 +10:00