The action will abort when no clean rebase is possible, and force-push
the rebased branch when the rebase over origin/master was clean.
The push will trigger proof runs on the rebased branches.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
REFINE_QUICK_AND_DIRTY is already set correctly in proofs/Makefile,
so doesn't need to be set here.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The Orphanage session is no longer conditional on L4V_ARCH_IS_ARM
(instead it is empty for those architectures that don't support it).
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This adds sch_act_target/schActTarget accessor names for the
switch_thread/SwitchToThread constructor of the scheduler_action
datatype at the aspec and Haskell level, respectively
Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>
CI is introducing an `L4V_PLAT` variable to support proof runs across
more platform configurations. This commit incorporates `L4V_PLAT` into
the paths generated by `export-kernel-builds.py`, to ensure that
exported builds can be disambiguated.
Signed-off-by: Matthew Brecknell <matt@kry10.com>
L4V_PLAT selects a platform variation within a L4V_ARCH. This mostly
affects which seL4 cmake config file is loaded when building config
data and the kernel C code. This in turn affects (and will rebuild)
ASpec, ExecSpec, and CSpec.
Examples:
L4V_ARCH=ARM L4V_FEATURES="" L4V_PLAT=""
will load `ARM_verified.cmake`
L4V_ARCH=ARM L4V_FEATURES="" L4V_PLAT=imx8mm
will load `ARM_imx8mm_verified.cmake`, and
L4V_ARCH=ARM L4V_FEATURES=MCS L4V_PLAT=imx8mm
will load `ARM_MCS_imx8mm_verified.cmake`
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Provide L4V_ARCH targets in the Haskell Makefile and constrain
run_tests to use only the current L4V_ARCH, to avoid building all
architectures in all tests.
A manual invocation of just `make` will still build all architectures
for easier checking.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Include the new ArchPSpace_H file, which on the other (non-AArch64)
architectures will only contain an empty placeholder function.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
For making the state relation functional in refine/ADH_H we need to
know to which type of page table each PTE belongs. Record this
information in ghost state, similar to what we do for CNode size and
user page size.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Check for mapping was incorrect (attempted to check the ASID cap for
ptIsMapped) and it turns out not necessary.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
`error` is mapped to `undefined` which does not work well with `crunch`.
`fail` is mapped to monadic `fail` in Isabelle, works fine with crunch
and we have to prove that it's not called in `corres`.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This required a lot of adaptation from ARM_HYP, rearranging, and fixing.
The VCPU lemmas are mostly now constrained to one area, making it
theoretically possible to make a VCPU theory in the future.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Gerwin Klein
Michael McInerney
Matthew Brecknell
Rafal Kolanski