Isabelle2020 doesn't allow sharing session directories between the document
session and non-document session. Instead of duplicating things, this commit
pulls the document build back into the ASpec session, but changes the build
such that the git revision is read directly from LaTeX, removing the
superfluous re-build for every git revision change (even when no relevant spec
file changed).
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Isabelle2020 requires each session to declare it own set of directories that
may not overlap with other session's directories. This commit reorganises
files to comply with that requirement.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
- preemption in C is not associated to an irq
- updating aspec to reflect this so that we can have irq-independent
preemptions (needed in MCS)
- proof fix for the above: remove intr
Signed-off-by: Miki Tanaka <miki.tanaka@data61.csiro.au>
The RISCV implementation of invokeIRQHandler calls plic_complete_claim
instead of maskInterrupt. plicCompleteClaim is added as a machine op
and invokeIRQHandler has been arch split for the ACKIrq case.
Signed-off-by: Victor Phan <Victor.Phan@data61.csiro.au>
The RISC-V ISA spec does not allow PagePTEs with 000 for rwx rights,
because 000 is used to identify PageTablePTEs. Instead we write
InvalidPTEs, which has the same effect for the user.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Update specs and proofs for ARM platforms to contain TPIDRURO in the
TCB user context rather than treating it as a VCPU register, following
change in C.
Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
Highlights:
- new reserved IRQ and associated handler: VPPIEvent
- VPPI events are virtual interrupts we can forward to VMs; currently there is
only one event: virtual timer interrupt
- VGICMaintenance and VPPIEvent can both receive late interrupts from hardware,
which are now discarded instead of being delivered to current thread
- given only one possible VPPI event, simplifier tends to mop up more than it
should, making some proofs fragile w.r.t. adding a new VPPI event
- the order of some lemmas/specs needed shuffling, as now VCPU code needs some
interrupt code, which uses VCPU code
Currently the vcpu_switch function is called in the setVMRoot function
after possible early returns. In order to make sure the vcpu is
always switched, the call is moved into Arch_switchToThread before the
call to setVMRoot.
- Add HiFive.hs to replace Spike.hs, it's the same except for kdevBase
addition.
- Originally called KDEV_PPTR in the C Code, to be changed to KDEV_BASE
across all architectures.
- Add RISCVVSpaceDeviceWindow case for valid_uses_2 definition.
These functions were originally doing throwError IllegalOperation or
returnOk (). Now they have been reimplemented to match the CSpec.
In arch_check_irq, an error is thrown if IRQ is greater than maxIRQ or
is equal to irqInvalid. The error that gets returned to the user however
is a RangeError from 1 to maxIRQ.
Instead of checking for alignment, mask out the bottom bits to force the
vptr stored in the cap into the correct alignment for the level to be mapped.
See also SELFOUR-2162
global_pt needs addrFromKPPtr, because it is an address that lives in the
kernel image, other pt's need addrFromPPtr because they are standard
kernel-virtual addresses.
Prior to this commit the kernel would always trigger a full reschedule
on setPriority. This change allows the kernel to attempt a direct
switch, avoiding invoking the scheduler.
This spec bug was inspired by slightly differently but similarly wrong C code
(SELFOUR-2091). Current change brings it into sync with the (correct, we think)
C. Proof update included.
We previously had asids at machine word representation, but it turns out that
constraining them to actual asid_len is almost no overhead and saves us proving
invariants about asid sizes.
Gerwin Klein
Miki Tanaka
Matthew Brecknell
Victor Phan
Rafal Kolanski
Zoltan Kocsis
MiladKetabi