Several constants are are added to the top level crunch_ignore statement in
Bits_R.thy, then removed from individual crunch statements across Refine and
CRefine.
diminished takes two caps and asserts that one is equal to the other
except that one may have fewer rights. We remove this definition and all
references to it, replacing diminished with equality.
Prior to this commit the kernel would always trigger a full reschedule
on setPriority. This change allows the kernel to attempt a direct
switch, avoiding invoking the scheduler.
When the bitfield generator switches to python 3, the dicts we use to
track data won't be iterated deterministically. These changes
disambiguate (some) record literals and accessors so that they aren't
sensitive to the definition order.
Changes in the C boot code mean that `tcb_C` and `asid_pool_C` are now
overloaded in the Isabelle C specification: They are constructors for
the respective C structs, and also accessors for fields of an unrelated
struct (`root_server_mem_t`). Consequently, we need to be more explicit
when naming the constructors.
Fixes a case where a thread can go from Running->Inactive->Restart and
use a restart PC that is out of date. An out of date restart PC occurs
when a thread was transitioned to running after being in a blocked
state, but was never scheduled and so did not execute the traps code
that updates the restart PC.
This also renames relevant register names for consistency across
architectures (FaultIP and NextIP).
The ARM C kernels have renamed the LR_svc and FaultInstruction registers
to NextIP and FaultIP respectively, for consistency with x86 kernels. A
patch for a similar renaming in the abstract and Haskell specifications
is forthcoming.
Previously, the C kernel maintained a global pointer to the IRQ node.
This pointer was only initialised during boot, when the actual IRQ node
was dynamically allocated from untyped memory.
The C kernel now includes a statically allocated IRQ node, which is just
a suitably sized array of CTEs. This commit updates the proofs to verify
this change to the C kernel.
Session-qualified imports will be required for Isabelle2018 and help clarify
the structure of sessions in the build tree.
This commit mainly adds a new set of sessions for lib/, including a Lib
session that includes most theories in lib/ and a few separate sessions for
parts that have dependencies beyond CParser or are separate AFP sessions.
The group "lib" collects all lib/ sessions.
As a consequence, other theories should use lib/ theories by session name,
not by path, which in turns means spec and proof sessions should also refer
to each other by session name, not path, to avoid duplicate theory errors in
theory merges later.
While the numerical value is arch dependent, the definition and symbolic value
are not. This commit factors out the symbolic computation and only unfolds the
numeric value in the architecture dependent spec.
ARM setCurrentPD was recently refactored as part of multi-VM support for
ARM_HYP. The Haskell was updated correctly, and the C was not.
Unfortunately, setCurrentPD was manually redefined in MachineOps.thy for
ARM hiding the change, making the C look correct when it wasn't.
We scrap the second definition of setCurrentPD, load it from the Haskell,
and have an abstract set_current_pd that's a bit simpler to refine down
from.
The proofs are updated for the above change and the update to the C
setCurrentPD that was breaking on KZM.
Victor Phan
Gerwin Klein
Corey Lewis
MiladKetabi
Japheth Lim
Edward Pierzchalski
Amirreza Zarrabi
Matthew Brecknell
Michael McInerney
Rafal Kolanski
Mitchell Buckley
Ilya Yanok
Michael Sproul
Rafal Kolanski
Joel Beeren
Thibaut Perami