09a02acc7b
arm-hyp proofs/ROOT: make it possible to skip proofs in BaseRefine
2017-06-19 14:32:28 +10:00
a751e4f798
arm-hyp refine: More invariants for vcpuSwitch and alike
2017-06-19 14:32:28 +10:00
d1eef6c026
arm-hyp refine: Detype_R sorry free
2017-06-19 14:32:28 +10:00
511d3f5c40
arm-hyp refine: one sorry left in Detype_R
2017-06-19 14:32:28 +10:00
bdd6f9c896
arm-hyp refine: add armUSGlobalPD to global_refs' in Invariants_H
2017-06-19 14:32:28 +10:00
a6b0559e23
arm-hyp refine: set_vm_root_corres and auxiliary lemmas
2017-06-19 14:32:28 +10:00
e52c985b4b
arm-hyp refine: add valid_arch_tcb' invariant (vcpu_at' for atcbVCPUPtr)
2017-06-19 14:32:28 +10:00
9103207d8a
arm-hyp refine: fix storePDE/storePTE sorries in VSpace_R
2017-06-19 14:32:28 +10:00
abc195f170
arm-hyp ainvs: add valid_arch_tcb invariant (vcpu_at for tcb_vcpu)
2017-06-19 14:32:28 +10:00
4260a2c545
arm-hyp refine: new definition of valid_arch_state', with more sorries for now
...
valid_arch_state' now requires armHSCurVCPU to be a pointer to a live' vcpu
2017-06-19 14:32:28 +10:00
aa82471c17
arm-hyp refine: Invariants_H sorry free
2017-06-19 14:32:28 +10:00
1c85326bac
arm-hyp refine: new definition of valid_vcpu'
...
this introduces a more accessible definition of valid_vcpu'
2017-06-19 14:32:27 +10:00
4e90b0558f
arm-hyp refine: fixing some broken lemmas after the last batch of changes
2017-06-19 14:32:27 +10:00
b7e754bf1b
arm-hyp refine: vcpu{Switch,Save,Enable,etc}_corres + other related lemmas
2017-06-19 14:32:27 +10:00
76b02fe736
arm-hyp ainvs: Fixing StateRelation due to some renaming in abstract/haskell
2017-06-19 14:32:27 +10:00
bf8b1ebdad
arm-hyp ainvs: Fixing some proofs due to renaming
2017-06-19 14:32:27 +10:00
740d606774
refine: closed the Orphanage
...
Not necessary for CRefine and better proved on the abstract spec now.
To be resurrected (on abstract) in the future.
2017-06-19 14:32:27 +10:00
75acdb3823
arm-hyp refine: add IRQReserved to state relation
2017-06-19 14:32:27 +10:00
e2d8a0ae50
arm-hyp refine: Tcb_R sorry free
2017-06-19 14:32:27 +10:00
bc40dc4a46
arm-hyp refine: remove unused ADT_H lemma
2017-06-19 14:32:27 +10:00
e9d3c3eb54
arm-hyp: remove unused ParityEnabled in aspec; solve sorries in ADT_H
...
ParityEnabled isn't used in ARM_HYP and we had to prove its absence as
invariant, which in turn makes the abstraction function from Haskell
to abstract partial (only works when invariants hold).
This commit removes that problem by removing ParityEnabled from the
abstract spec. Updated ainv and refine as necessary.
2017-06-19 14:32:27 +10:00
cbb154f51d
arm-hyp ainvs: no_fail rules for vcpuregs_gets and vcpuregs_sets
2017-06-19 14:32:27 +10:00
61136c29fd
arm-hyp: wp_pre rebase repair
2017-06-19 14:32:27 +10:00
f33d584cac
arm-hyp refine: proof repair for spec updates
2017-06-19 14:32:26 +10:00
7cf0631ac2
arm-hyp ainvs: proof updates for abstract spec changes
...
In particular for:
- new global PD
- disable vcpu on switch to idle
- banked registers
2017-06-19 14:32:26 +10:00
a84e8dd147
ainvs: generalise as_user_cte_wp_at
2017-06-19 14:32:26 +10:00
5a03004e2c
refine: minor cleanup
2017-06-19 14:32:26 +10:00
29abd9a19e
arm-hyp/refine: vgic maintenance updates
2017-06-19 14:32:26 +10:00
e4d8bb1d4f
arm_hyp/refine: 'getActiveIRQ in_kernel' updates
2017-06-19 14:32:26 +10:00
65926a841a
arm-hyp/ainvs: proof repair for vgic_maintenance
...
Includes stronger assumptions for handle_reserved_interrupt and friends,
which should be backported later (see JIRA VER-719 and VER-720)
2017-06-19 14:32:26 +10:00
91b723903e
ainvs (arm_hyp + generic): 'getActiveIRQ in_kernel' proof updates
2017-06-19 14:32:26 +10:00
e6c70be8a5
arm-hyp refine: Adding vcpuSwitch_corres and similar
2017-06-19 14:32:25 +10:00
43c742901b
arm-hyp refine: trivial: remove spurious Eisbach import
2017-06-19 14:32:25 +10:00
edee892ac0
arch_split: refine: remove spurious reference to ARM namespace
2017-06-19 14:32:25 +10:00
4d97cdd6a3
arch_split: refine: update DetSchedSchedule_AI imports
2017-06-19 14:32:25 +10:00
3c1e139a12
arch_split: ARM_HYP: DetSchedDomainTime_AI, DetSchedSchedule_AI
2017-06-19 14:32:25 +10:00
3d22990928
arm-hyp test: setup REFINE_QUICK_AND_DIRTY for Refine (to be squashed)
...
* fix the order of entries in the ROOT file
2017-06-19 14:32:25 +10:00
56c00ab03a
arm-hyp refine: sorrying done
2017-06-19 14:32:25 +10:00
35e5e4162a
arm-hyp/ainvs: use stronger assumptions for handle_hypervisor_fault
2017-06-19 14:32:25 +10:00
18d76773fa
arm-hyp refine: sorrying done upto VSpace_R
2017-06-19 14:32:25 +10:00
db6651b541
arm-hyp invariants: add missing invariant to BCorres2_AI (to be squashed)
2017-06-19 14:32:24 +10:00
fd79501491
arm-hyp refine: ArchAcc_R done
...
tags: [VER-696]
2017-06-19 14:32:24 +10:00
881ce3e8cb
arm-hyp refine: Invariants_H done for now, sorried up to ArchAcc_R
2017-06-19 14:32:24 +10:00
6348446d4b
arm-hyp invariants: some fixes for statements used in refine (to be squashed later)
2017-06-19 14:32:24 +10:00
9060562bfe
arm-hyp refine: update refine for the rebase (includes all the changes)
...
None of these files contain arm-hyp specific changes yet.
2017-06-19 14:32:24 +10:00
b04eb57d99
arm-hyp ainvs: drop removed _impl consts from crunch_ignore
2017-06-19 14:32:24 +10:00
dbbc0d41b5
arm-hyp: AInvs sorry-free
2017-06-19 14:32:23 +10:00
11018317be
ainvs: adjust locale name
2017-06-19 14:32:23 +10:00
00a68d1470
arm-hyp refine: sorrying in progress (now in CSpase_R)
2017-06-19 14:32:23 +10:00
8cf46846b5
arm-hyp refine: Invariants_H and StateRelation updated
2017-06-19 14:32:23 +10:00
Gerwin Klein
Alejandro Gomez-Londono
Miki Tanaka
Gerwin Klein
Matthew Brecknell
Rafal Kolanski