a751e4f798
arm-hyp refine: More invariants for vcpuSwitch and alike
2017-06-19 14:32:28 +10:00
d1eef6c026
arm-hyp refine: Detype_R sorry free
2017-06-19 14:32:28 +10:00
511d3f5c40
arm-hyp refine: one sorry left in Detype_R
2017-06-19 14:32:28 +10:00
bdd6f9c896
arm-hyp refine: add armUSGlobalPD to global_refs' in Invariants_H
2017-06-19 14:32:28 +10:00
a6b0559e23
arm-hyp refine: set_vm_root_corres and auxiliary lemmas
2017-06-19 14:32:28 +10:00
e52c985b4b
arm-hyp refine: add valid_arch_tcb' invariant (vcpu_at' for atcbVCPUPtr)
2017-06-19 14:32:28 +10:00
9103207d8a
arm-hyp refine: fix storePDE/storePTE sorries in VSpace_R
2017-06-19 14:32:28 +10:00
4260a2c545
arm-hyp refine: new definition of valid_arch_state', with more sorries for now
...
valid_arch_state' now requires armHSCurVCPU to be a pointer to a live' vcpu
2017-06-19 14:32:28 +10:00
aa82471c17
arm-hyp refine: Invariants_H sorry free
2017-06-19 14:32:28 +10:00
1c85326bac
arm-hyp refine: new definition of valid_vcpu'
...
this introduces a more accessible definition of valid_vcpu'
2017-06-19 14:32:27 +10:00
4e90b0558f
arm-hyp refine: fixing some broken lemmas after the last batch of changes
2017-06-19 14:32:27 +10:00
b7e754bf1b
arm-hyp refine: vcpu{Switch,Save,Enable,etc}_corres + other related lemmas
2017-06-19 14:32:27 +10:00
76b02fe736
arm-hyp ainvs: Fixing StateRelation due to some renaming in abstract/haskell
2017-06-19 14:32:27 +10:00
740d606774
refine: closed the Orphanage
...
Not necessary for CRefine and better proved on the abstract spec now.
To be resurrected (on abstract) in the future.
2017-06-19 14:32:27 +10:00
75acdb3823
arm-hyp refine: add IRQReserved to state relation
2017-06-19 14:32:27 +10:00
e2d8a0ae50
arm-hyp refine: Tcb_R sorry free
2017-06-19 14:32:27 +10:00
bc40dc4a46
arm-hyp refine: remove unused ADT_H lemma
2017-06-19 14:32:27 +10:00
e9d3c3eb54
arm-hyp: remove unused ParityEnabled in aspec; solve sorries in ADT_H
...
ParityEnabled isn't used in ARM_HYP and we had to prove its absence as
invariant, which in turn makes the abstraction function from Haskell
to abstract partial (only works when invariants hold).
This commit removes that problem by removing ParityEnabled from the
abstract spec. Updated ainv and refine as necessary.
2017-06-19 14:32:27 +10:00
61136c29fd
arm-hyp: wp_pre rebase repair
2017-06-19 14:32:27 +10:00
f33d584cac
arm-hyp refine: proof repair for spec updates
2017-06-19 14:32:26 +10:00
5a03004e2c
refine: minor cleanup
2017-06-19 14:32:26 +10:00
29abd9a19e
arm-hyp/refine: vgic maintenance updates
2017-06-19 14:32:26 +10:00
e4d8bb1d4f
arm_hyp/refine: 'getActiveIRQ in_kernel' updates
2017-06-19 14:32:26 +10:00
e6c70be8a5
arm-hyp refine: Adding vcpuSwitch_corres and similar
2017-06-19 14:32:25 +10:00
43c742901b
arm-hyp refine: trivial: remove spurious Eisbach import
2017-06-19 14:32:25 +10:00
edee892ac0
arch_split: refine: remove spurious reference to ARM namespace
2017-06-19 14:32:25 +10:00
4d97cdd6a3
arch_split: refine: update DetSchedSchedule_AI imports
2017-06-19 14:32:25 +10:00
56c00ab03a
arm-hyp refine: sorrying done
2017-06-19 14:32:25 +10:00
18d76773fa
arm-hyp refine: sorrying done upto VSpace_R
2017-06-19 14:32:25 +10:00
fd79501491
arm-hyp refine: ArchAcc_R done
...
tags: [VER-696]
2017-06-19 14:32:24 +10:00
881ce3e8cb
arm-hyp refine: Invariants_H done for now, sorried up to ArchAcc_R
2017-06-19 14:32:24 +10:00
9060562bfe
arm-hyp refine: update refine for the rebase (includes all the changes)
...
None of these files contain arm-hyp specific changes yet.
2017-06-19 14:32:24 +10:00
00a68d1470
arm-hyp refine: sorrying in progress (now in CSpase_R)
2017-06-19 14:32:23 +10:00
8cf46846b5
arm-hyp refine: Invariants_H and StateRelation updated
2017-06-19 14:32:23 +10:00
e3cb71ef04
arm-hyp refine: copy ARM files to ARM_HYP directory, updating invariants in progress
2017-06-19 14:32:23 +10:00
da28d94974
VER-717: refactor tpidrurwRegister and fix corresponding proof
2017-05-05 15:17:41 +10:00
71e2db88a4
arm: refactor sanitise_register to take a bool instead of a kernel_object
...
This simplified the sanitise_register logic in CRefine for arm-hyp.
2017-05-03 21:51:57 +10:00
df7693b687
refinement refactor: up to resolve_address_bits
...
Proofs have been refactored to use new corres methods, including
marking rules with the [corres] attribute so they are automatically
applied.
VER-737
2017-03-28 22:37:34 +11:00
4620f7622f
refine ARM: minor cleanup
2017-03-17 15:14:41 +11:00
7ad3ef3b3e
wp: update the proofs for the new wp/wpc/wpsimp
2017-03-16 19:39:11 +11:00
6ce6c97397
arch_split: DetSchedDomainTime_AI, DetSchedSchedule_AI for ARM
2017-03-09 12:10:44 +11:00
c0c52700fb
trivial: rename split_if to if_split following Isabelle2016-1
2017-03-09 11:59:33 +11:00
99c7dd8a04
cleanup: remove old wp_cleanup comments
2017-03-03 09:01:28 +11:00
8a7d450f3a
ainvs + refine: remove hv_inv_ex
...
The lemma was convenient, but is subsumed by others. It is not true on
ARM_HYP.
2017-03-02 10:26:10 +11:00
2699254382
Refine: updates for Hypervisor stub
2017-02-22 15:26:49 +11:00
3db5dd778d
Refine fix for prepare_thread_delete
2017-02-20 09:23:55 +11:00
2ac4fa3509
corres_method: use corres method by default
2017-02-15 15:00:23 +11:00
520921351a
provide TCB argument for sanitiseRegister
...
Other platforms such as arm-hyp will need to look into additional TCB state
such as VCPU in sanitiseRegister. This commit provides the scaffolding for
that.
2017-02-12 12:54:42 +11:00
7657681fca
move refine/* to refine/ARM/*, parametrise over $L4V_ARCH
2017-01-30 12:22:22 +11:00
3dafec7d46
backport changes to ARM proofs from X64 work in progress
...
- replace ARM-specific constants and types with aliases which can be
instantiated separately for each architecture.
- expand lib with lemmas used in X64 proofs.
- simplify some proofs.
Also-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
2017-01-27 08:31:07 +11:00
Alejandro Gomez-Londono
Miki Tanaka
Gerwin Klein
Matthew Brecknell
Pang Luo
Joel Beeren
Daniel Matichuk
Daniel Matichuk
Rafal Kolanski