Word_Lib was included multiple times in the graph, leading to name
shadowing. This commit makes Addr_Type the single point of entry.
Includes some cleanup/warning reductions.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Word_32 and Word_64 shouldn't be included at the same time, they
both define default word_size and other notions. This commit refactors
them to be usable independently and also makes the type names available
independently from all of the Word_x theories.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
This includes a tweak to Word_Lib to simplify ucast(-1) which
is now a term that occurs more often.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
The AWS test runner does not have a GitHub ssh key, so can only
access repositories via https.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The repository_dispatch event will be generated in the
verification-manifest repo when devel.xml is updated by anyone other
than the seL4-ci user.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This fixes up some atrocious indentation and removes some warnings for
duplicate rules etc.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Some of the assumptions in Machine_C were about C functions that do not
exist (any more, presumably after some change in C). This means these
names were free variables and the rules could in theory be applied to
any function, potentially causing unsoundness. Luckily, we were
disciplined enough in the proofs not to have done that. The proofs with
the names fixed go through unchanged.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This commit updates the proofs for seL4/seL4#485, which fixes
the security and correctness bug seL4/seL4#481. The bug was that
caches are not sufficiently flushed in retype for frames that can
be mapped uncached later.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Useful for copy/paste into PR comments to link to the testboard
results, or just to see them manually.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Mostly for testing, to inspect what manifest is being constructed
without triggering tests.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Use '> ' instead of '[log] ', since this is not a log file but
usually read interactively.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The test runner does not have ssh access to GitHub, so can't use
ssh:// URLs. This means the tested revisions need to be public, but
since this is meant for foundation use, that should be fine.
(The testboard itself is public anway)
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This refactors the proof runs into a separate run for the master branch
(which has deployment) and development branches (currently RT and PRs).
For the test on the master branch, we need to make sure that all tests
and the deployment action see the same revisions of all participating
repos.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
External means default.xml and vanilla Isabelle instead of internal TS
Isabelle and devel.xml.
The weekly clean test runs without reading the proof image cache,
writing back a fresh cache state.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- in VSpace_R
- the same method added to each arch; would be good to unify via
arch split in the future
- also includes some style cleanup
Signed-off-by: Miki Tanaka <miki.tanaka@data61.csiro.au>
- this introduces idle_tcb' which is defined directly using tcb fields
- backport from MCS ARM Refine
Signed-off-by: Miki Tanaka <miki.tanaka@data61.csiro.au>
- this introduces idle_tcb' which is defined directly using tcb fields
- backport from MCS ARM Refine
Signed-off-by: Miki Tanaka <miki.tanaka@data61.csiro.au>
Gerwin Klein
Gerwin Klein
Florian Haftmann
Zoltan A. Kocsis
Miki Tanaka
Mitchell Buckley
Ryan Barry