Isabelle2020 doesn't allow sharing session directories between the document
session and non-document session. Instead of duplicating things, this commit
pulls the document build back into the ASpec session, but changes the build
such that the git revision is read directly from LaTeX, removing the
superfluous re-build for every git revision change (even when no relevant spec
file changed).
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Isabelle2020 requires each session to declare it own set of directories that
may not overlap with other session's directories. This commit reorganises
files to comply with that requirement.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
- preemption in C is not associated to an irq
- updating aspec to reflect this so that we can have irq-independent
preemptions (needed in MCS)
- proof fix for the above: remove intr
Signed-off-by: Miki Tanaka <miki.tanaka@data61.csiro.au>
The reason `CKernel` depends on `design-spec` is quite obscure, so we
add a comment to relevant `Makefile`s to help us avoid wasting time
trying to remove the dependency.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
I previously updated the `#!` in `mk_umm_types.py` to use `python3`, but
forgot to remove the explicit `python` call from `kernel.mk`.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
The RISCV implementation of invokeIRQHandler calls plic_complete_claim
instead of maskInterrupt. plicCompleteClaim is added as a machine op
and invokeIRQHandler has been arch split for the ACKIrq case.
Signed-off-by: Victor Phan <Victor.Phan@data61.csiro.au>
This was incorrect, but unused in the proofs. Once used, the numbers
turned out to be unrelated to the C.
Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
The proof needs to know that there is a page table at the entry
point in the induction for lookupPTSlot. Moving the assertion just
before the recursive call establishes this directly.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
The RISC-V ISA spec does not allow PagePTEs with 000 for rwx rights,
because 000 is used to identify PageTablePTEs. Instead we write
InvalidPTEs, which has the same effect for the user.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
The assertion is provable from the abstract invariants, and used in
CRefine to conclude that the test wether the vspace root cap is mapped
can be left out.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
`tcbBlockSizeBits` was previously defined to be `wordSizeCase 9 11`
universally, but this claim does not hold anymore since it takes the
value 10 on RISCV64. Therefore an arch split for `tcbBlockSizeBits` and
affected definitions are made. The constant and its definition needs to
be requalified so that proofs in Refine can access it through the
constant objBits_defs.
Signed-off-by: Victor Phan <Victor.Phan@data61.csiro.au>
Update specs and proofs for ARM platforms to contain TPIDRURO in the
TCB user context rather than treating it as a VCPU register, following
change in C.
Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
This was used to make sure the LaTeX document from literate Haskell builds.
Since this document is retired, we don't need the check any more.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
We keep on forgetting what the parameters to loadObject and storeObject
mean, and why we have pspace_storable in the first place. Hopefully
these comments mean having to re-remember fewer things.
Signed-off-by: Edward Pierzchalski <ed.pierzchalski@data61.csiro.au>
This allows some git operations (e.g. fetch) without requiring a
c-kernel rebuild.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Previously, we would rebuild the kernel if any file in the `seL4`
repository changed since previous `cmake` setup. Since the kernel build
after the `cmake` setup generates `__pycache__` directories in the
`seL4` tree, this would cause some unnecessary rebuilds.
This commit explicitly excludes `__pycache__` directories from the set
of files considered to be dependencies of the kernel build.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
This effectively reverts commit 2fec23d646, which was a previous attempt
at fixing a race condition in the design spec generation, which turned
out to be ineffective. Since the `design-spec` test had the same effect
as the `haskell-translator` test on which it depended, it was redundant,
and can be removed.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Previously the Makefile rule for generating the design spec depended on
all Haskell source files in `spec/haskell`. This unintentionally
included files generated by the Haskell kernel build in
`spec/haskell/dist`. This meant that for `run_tests` builds in which the
Haskell kernel test completes *after* the initial generation of the
design spec, subsequent Makefile jobs which depend on the design spec
could cause re-runs of the design spec. Furthermore, if `run_tests` runs
several such jobs concurrently, race conditions in concurrent runs of
the design spec could cause errors.
Since the design spec does not make use of the generated Haskell source
in `spec/haskell/dist`, this commit restricts the design spec
dependencies to Haskell source files in `spec/haskell/src`.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Python 2 has passed its sunset date, and many distributions are
withdrawing support for Python 2.
PEP 394 recommends distributions always install versioned interpreter
commands (e.g. `python3`), but does not make a recommendation about
whether or not an unversioned command (`python`) should exist, or what
version it should run.
It therefore seems advisable to explicitly run scripts using the
`python3` command, for scripts that are compatible with Python 3.
Here, we do this for Python scripts used by `run_tests`. For this to
work, some scripts have been updated in ways that will break Python 2
compatibility. But for some other scripts which were already compatible
with both Python 2 and 3, we have not yet removed Python 2
compatibility. There are also miscellaneous scripts that are not used by
`run_tests`, and these have not yet been updated to Python 3.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
- Increase IRQ word size from 3 to 6 to match IRQ_CNODE_SLOT_BITS in
sel4 config.
- Bump maxIRQ up to 54.
- Fix broken inequality proof by changing constant that depended on IRQ
word size.
- Add Makefile targets for building ELF binaries and various dumps that
are used in binary verification.
- Add support for extra CMake command-line arguments. For binary
verification, this is used to set the optimisation level for the ELF
targets.
- Add support for the Debian RISC-V toolchain packages, without breaking
existing users with a manually built RISC-V toolchain.
- Move reusable parts of the C kernel Makefile out to a separate include
file, with support for configuring the build directory. For binary
verification, this is used to allow multiple builds at different
optimisation levels.
Gerwin Klein
Miki Tanaka
Matthew Brecknell
Rafal Kolanski
Victor Phan
Edward Pierzchalski