It has no other lib dependencies and over time should probably be
merged directly into umm theories. For now, move the entire file
and keep dependency structure.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The default (=first) Makefile target for the standalone parser was
`all`, which gains additional dependencies in the included Makefile.
We want `make` in this directory to just build the standalone parser,
so we set `stp_all` as the default.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This target was used in the regression test setup before this repo
switched to `run_tests` and has been unused for some time.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
In order to compare ASTs for appearance/disappearance/modification of
declarations, it is easier to have the annotations obvious to any
external tool for ease of parsing.
Annotations take the form:
"##<decl_type>: <name>", e.g. "##Function: ctzl"
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
The setup for L4V_ARCH=AARCH64 is identical to RISCV64, i.e. same word
length, encoding, and endianness. The setup includes the standalone
parser used for compile and preprocess checks in the seL4 repo.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Makes the release script more portable between BSD (MacOs etc) and
Linux. Assumes a `brew` install on MacOs instead of the older macports.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Standard bash on MacOS is very old; invoking it via /usr/bin/env allows
the user to put a newer version in the PATH.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
typ_name of word types was not simplifying fully, because a shorter
simp rule is taking precedence over the shortcut rules. The added
rules make the system confluent again.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Word_Lib was included multiple times in the graph, leading to name
shadowing. This commit makes Addr_Type the single point of entry.
Includes some cleanup/warning reductions.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
This includes a tweak to Word_Lib to simplify ucast(-1) which
is now a term that occurs more often.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Loading the FunctionaRecordUpdate file in Isabelle is slow.
This change expands the fN family of functions, which fixes the problem.
Signed-off-by: vjackson725 <v.jackson@unsw.edu.au>
Prior to rendering an expression to SIMPL, the C parser extracts
function calls from the expression and reinserts them as new statements
placed just before the statement containing the expression. The result
of each such function call is assigned to a temporary variable which
takes the place of the function call in the original expression.
Prior to this commit, the C parser would not always generate fresh
temporary variable names when multiple temporaries were needed. In
particular, when the left-hand side of an assignment contained a
function call returning the same type as a function call in the
right-hand side expression, the extracted function calls would be
assigned to the *same* temporary variable.
This commit addresses the issue by carrying name generation state across
all expressions in each statement. It implements a state monad as an
abstract data type for this purpose.
Fixes https://sel4.atlassian.net/browse/VER-1389.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
This commit adds support for inline assembly whose `lhs` updates a
global variable (such as the heap).
Prior to this commit, the modifies prover assumed that the `lhs` update
of an `asm_spec` only updated local variables. Specifically, the use of
`asm_store_eq_helper[OF globals.surjective globals.surjective]` as a
rewrite rule assumes that `globals (lhs v s)` simplifies to `globals s`,
exposing the `asm_store` inside `s` to the rewrite rule.
This commit avoids the assumption by using `globals.equality` as an
introduction rule. This produces more subgoals, but the subgoals are
relatively simple, so the perfomance is essentially unchanged.
This also slightly refactors `modifies_tactic` slightly:
- `asm_spec` is handled without the `vcg`, using a new rule
`asm_spec_preserves`. This avoids having to deal with
`asm_spec_enabled` separately in `modifies_tactic`.
- `seq_all_new`, which chains `THEN_ALL_NEW`, avoid the need to
repeatedly use `ALLGOALS`.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
In Isabelle2020, when isabelle jedit is started without a session
context, e.g. `isabelle jedit -l ASpec`, theory imports with path
references cause the isabelle process to hang.
Since sessions now declare directories, Isabelle can find those files
without path reference and we therefore remove all such path references
from import statements. With this, `jedit` and `build` should work with
and without explicit session context as before.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Isabelle2020 requires each session to declare it own set of directories that
may not overlap with other session's directories. This commit reorganises
files to comply with that requirement.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Initially the `Makefile` copied `umm_heap/ARM_HYP` from `umm_heap/ARM`,
and deleted `umm_heap/ARM_HYP` during `make clean`. However, the
contents of `umm_heap/ARM_HYP` have since been committed, so this is no
longer appropriate.
Reported-by: Michael Norrish <Michael.Norrish@data61.csiro.au>
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Changes the mungedb to also indicate whether a given munged name has an
alias.
In the Distant Past, the C parser emitted long and short names, and the
mungedb output recorded those names. When definitions were reordered in
a C file, different C variables might get the short name; this could
break proofs, but the mungedb output would indicate the change ahead of
time.
Now, the C parser emits long names for every C variable, but it also
emits a short abbreviation to replicate the behaviour of the C parser in
the Distant Past. However, the mungedb only displayed *definitions*, not
*abbreviations*, so if the variable abbreviated by a short name changed
then the mungedb wouldn't pick up on the change.
This commit changes the output to include an "alias status", indicating
whether the short C name has been exported as an alias for the indicated
Isabelle name. It also adds a test to confirm that the mungedb output
tracks aliasing correctly.
Signed-off-by: Edward Pierzchalski <ed.pierzchalski@data61.csiro.au>
This gives a significant speedup to the install_C_file command
when it generates field_lookup lemmas for struct types.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Previously AUXUPD did not contribute to modifies proofs, and the only
reason this worked was that there usually is some heap assignment
somewhere else in the function if there is an AUXUPD. This commit adds
a modifies clause for the heap if a function has an AUXUPD.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Python 2 has passed its sunset date, and many distributions are
withdrawing support for Python 2.
PEP 394 recommends distributions always install versioned interpreter
commands (e.g. `python3`), but does not make a recommendation about
whether or not an unversioned command (`python`) should exist, or what
version it should run.
It therefore seems advisable to explicitly run scripts using the
`python3` command, for scripts that are compatible with Python 3.
Here, we do this for Python scripts used by `run_tests`. For this to
work, some scripts have been updated in ways that will break Python 2
compatibility. But for some other scripts which were already compatible
with both Python 2 and 3, we have not yet removed Python 2
compatibility. There are also miscellaneous scripts that are not used by
`run_tests`, and these have not yet been updated to Python 3.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Michael McInerney
Gerwin Klein
Corey Lewis
Rafal Kolanski
Gerwin Klein
Florian Haftmann
Matthew Brecknell
vjackson725
Gerwin Klein
Edward Pierzchalski
Brian Huffman