Joel Beeren
457a55a831
add arch_tcb object to C, rename aep -> ntfn
2015-11-20 16:02:13 +11:00
Thomas Sewell
7c3a06a8d7
Minor adjustments caused by Strengthen changes.
2015-10-29 11:27:54 +11:00
Rafal Kolanski
d51402a5a2
Merge remote-tracking branch 'verification/master' into priority-bitmap
...
(seL4_NBWait)
2015-10-21 16:23:01 +11:00
Joel Beeren
e403eb8f0a
poll: added non blocking sync wait
2015-10-21 14:24:49 +11:00
Joel Beeren
d6f7579be7
poll: Added new syscall for polling async endpoints (non-blocking wait)
2015-10-21 14:24:49 +11:00
Rafal Kolanski
c1eb235105
Merge 'verification/master' into priority-bitmap
...
Green build except for:
CParserTest (WTF Duplicate fact declaration "dc_20081211.dc_20081211.test_modifies")
AutoCorresSEL4 (waiting on result)
There is still a carefully managed sorry in Schedule_R, waiting on the C
parser FNSPEC+DONT_TRANSLATE fix.
2015-10-21 06:19:20 +11:00
Rafal Kolanski
3230d601ae
priority-bitmap: Update InfoflowC
2015-10-20 23:52:14 +11:00
Joel Beeren
e3704742f0
aep-binding: cleanup
2015-10-07 14:18:09 +11:00
Joel Beeren
21f429fe60
aep-binding: finished InfoFlowC
2015-09-18 13:54:01 +10:00
Joel Beeren
8fa63f07ba
aep-binding: finished infoflow
2015-09-16 11:41:01 +10:00
Daniel Matichuk
478ce437fe
removed sorry
2015-09-16 11:19:49 +10:00
Daniel Matichuk
90a719dcf4
Merge branch 'aep-merge' of github.inside.nicta.com.au:seL4/l4v into aep-merge
...
Conflicts:
proof/infoflow/PolicySystemSAC.thy
2015-09-16 11:10:08 +10:00
Daniel Matichuk
aa1014d0d0
update SAC for coarser subjectAffects policy
2015-09-16 11:04:29 +10:00
Ramana Kumar
ef5f419885
update rm_affects (also now affects more)
2015-09-16 10:43:03 +10:00
Ramana Kumar
1812925265
update r_affects (in SAC example) for aep binding
...
r now affects more
2015-09-16 10:24:29 +10:00
Daniel Matichuk
8109a05468
fixed Example_Valid_State.thy
2015-09-15 18:10:26 +10:00
Ramana Kumar
45629a38cc
some progress fixing PolicySystemSAC
...
had to change definition of abd_affects_set
work done with Dan
2015-09-15 18:07:36 +10:00
Daniel Matichuk
8dfb775f34
finished Noninterference.thy
2015-09-15 16:31:40 +10:00
Daniel Matichuk
50adc350d9
Syscall_IF building (1 sorry in decode)
2015-09-15 12:04:46 +10:00
Daniel Matichuk
8451c17837
fixed decode with sorry
2015-09-15 12:02:26 +10:00
Ramana Kumar
53919eda6e
handle_wait_globals_equiv
2015-09-15 11:53:40 +10:00
Ramana Kumar
2de96bb5bf
handle_wait_reads_respects_f
...
most of the hard work done by Dan
2015-09-14 18:38:49 +10:00
Daniel Matichuk
229f521d3b
finished Ipc_IF
2015-09-14 15:54:17 +10:00
Ramana Kumar
1bde303763
receive_ipc_reads_respects
2015-09-14 11:58:09 +10:00
Ramana Kumar
cfc5841b38
complete_async_ipc_reads_respects
2015-09-14 09:47:46 +10:00
Daniel Matichuk
f956842e93
finished send_async_ipc_reads_respects
2015-09-11 15:54:53 +10:00
Ramana Kumar
0fb88ea01c
Merge branch 'master' into aep-merge
...
This commit should at least remove merge conflict markers, and the idea
is that at least refine, crefine, drefine, and infoflow (with sorrys)
build. Subsequent commits may be required to fix build issues that I
have not picked up.
2015-09-10 17:06:45 +10:00
Ramana Kumar
d88a931ec7
history squashed patch for aep-binding
2015-09-02 15:43:39 +10:00
Joel Beeren
3372cd32a8
SELFOUR-220: When calling handleWait, only delete the
...
TCB's ReplyCap when actually waiting on a synchronous
endpoint.
2015-07-23 14:45:17 +10:00
Thomas Sewell
440081c0f4
Add a gsMaxObjectSize as needed.
2015-07-17 14:30:08 +10:00
Gerwin Klein
f95b9dad9b
infoflow: remove unused theory
2015-05-28 14:21:54 +10:00
Gerwin Klein
cfec9ea0db
Merge branch 'master' into 2015
2015-05-28 11:45:13 +10:00
Joel Beeren
002cf370bb
Updated proof with new fastpath changes removing setCurrentASID and armv_contextSwitch_fp
2015-05-28 11:30:22 +10:00
Gerwin Klein
c6564cb4cb
infoflow: 2015 update for infoflow C refinement
2015-05-20 21:10:59 +10:00
Gerwin Klein
cba6a4f59e
infoflow: minor cleanup
2015-05-16 21:49:01 +10:00
Gerwin Klein
12fa86863a
fewer warnings
2015-05-16 19:52:49 +10:00
Gerwin Klein
b46bc4e78d
infoflow: 2015 update (apart from C refinement)
2015-05-16 18:14:59 +10:00
Gerwin Klein
29eb636d31
re-establish InfoFlow; generalising ptable_xn
...
UserOp_IF had its own way of extracting the XN bit from page tables.
This is now unified with the existing functions in ADT_AI, which also
means that the proof for XN bit equality is basically the same as for
pt_rights and pt_lift.
2014-11-28 08:58:57 +11:00
deang
f9b9f9ba53
infoflow: remove s0_ptrs_distinct from Example_Valid_StateH
...
subsumed by distinct command in Example_Valid_State
2014-11-19 16:01:49 +11:00
deang
77c600038f
infoflow: fixed and added Example_Valid_StateH to testing
...
Some of the noninterference results depend on executions at the haskell level starting at a valid initial state. This file demonstrates this condition being realised.
2014-11-18 17:39:17 +11:00
deang
f9ea932cfb
noninterference: remove duplicate lemmas
...
Some redundant duplicate lemmas with duplicate names were proven under locale contexts 'unwinding_system' and 'complete_unwinding_system'.
2014-11-03 13:14:18 +11:00
David Greenaway
127c7cd63e
infoflow: trivial: Add some comments to "do_user_op_if" definition.
2014-10-27 09:31:31 +11:00
David Greenaway
759a7fa8cb
infoflow: trivial: Add some minor comments to "Noninterference_Base.thy".
...
Added while trying to work out some details. Perhaps more useful than
not?
2014-10-16 17:09:11 +11:00
deang
77f85b334d
trivial: typo in comment
2014-10-14 17:29:47 +11:00
deang
6df2eb6cf9
infoflow: weakened assumptions for c refinement of infoflow adts
...
The fact that the C infoflow adt refines the abstract infoflow adt now only requires that given user operation is nonempty and not sane (nonempty and doesn't return an interrupt).
Also added some more general lemmas about fw_sim and refinement to lib/Simulation.thy.
2014-10-14 17:01:11 +11:00
David Greenaway
6c915fa629
infoflow: Move "EquivValid" out of "infoflow/", into "lib/".
...
More importantly, remove seL4 from the dependencies of "EquivValid", so
others can use it.
Also, we fixup the fallout.
2014-10-13 11:05:31 +11:00
David Greenaway
b0832637e6
infoflow: Change definition of "the_nat_to_bl" to avoid undefined outputs.
...
...and clean up some fallout.
In particular, we now say that the output of "nat_to_bl sz n" is taken
to be the bitlist of "n mod 2^sz", so the output is always defined.
The idea is to remove the undefinedness of "the_nat_to_bl" so that it is
easier to generate simp rules for it; some of these are developed in the
theory below, and simplify some of the more concrete infoflow proofs.
2014-10-07 08:59:17 +11:00
David Greenaway
bf2d517009
infoflow: Use the "distinct" command in "Example_Valid_State".
...
Use the previously-added "distinct" command to simplify the
"Example_Valid_State" proof. This brings quite significant speedups as
it means that raw definitions need not be unfolded, and hence automated
tactics don't get side-tracked with their numerical definitions.
2014-10-07 08:59:17 +11:00
David Greenaway
22b9118432
infoflow: Fix non-terminating proof for Isabelle 2014.
...
Remove useless ROOT.ML file, while I am here.
2014-09-19 14:33:54 +10:00
David Greenaway
cf0d1abce6
Merge 'master' into 'isabelle-2014'.
...
Conflicts:
proof/crefine/Fastpath_C.thy
proof/drefine/KHeap_DR.thy
proof/infoflow/Noninterference.thy
spec/design/version
sys-init/DuplicateCaps_SI.thy
sys-init/InitTCB_SI.thy
sys-init/Proof_SI.thy
tools/asmrefine/SimplExport.thy
tools/autocorres/tests/examples/SchorrWaite.thy
2014-09-17 14:21:13 +10:00