0d53d6909f
lib+ainvs+access+refine: resolve most of the new fixmes
...
Signed-off-by: Ryan Barry <ryan.barry@unsw.edu.au>
2021-07-22 10:44:43 +10:00
cc5014240d
riscv ainvs+access: add proofs for Retype_AC
...
Signed-off-by: Ryan Barry <ryan.barry@unsw.edu.au>
2021-07-22 10:44:43 +10:00
2cf89e20c8
Cleanup some FIXMEs in AInvs and related sessions
...
Mostly moving lemmas up into various lemma bucket theories. Also:
* replace cte_wp_at_eqD with cte_wp_at_norm (equal lemmas)
* pd_shifting_gen generalise pd_shifting' in 2 architectures
* remove some redundant crunch lemmas
Signed-off-by: Mitchell Buckley <Mitchell.Buckley@data61.csiro.au>
2021-07-16 14:13:07 +10:00
51ac27ad10
Some improvement to rec_del_termination
...
* Add comments into proof.
* Unwind some automation to clarify how each subgoal is resolved.
* Remove some "in monad" lemmas about `premption_point`.
Signed-off-by: Mitchell Buckley <Mitchell.Buckley@data61.csiro.au>
2021-05-13 09:52:43 +10:00
e019b90d8a
ainvs cleanup: requalify some arch lemmas proved in ArchRetype_AI
...
Signed-off-by: Miki Tanaka <miki.tanaka@data61.csiro.au>
2021-01-19 12:53:38 +11:00
752014b466
ainvs: reduce Finalise interface ( #179 )
...
* ainvs: reduce Finalise interface
The lemma finalise_cap_replaceable is only used in arch proofs,
so it doesn't need to be in the interface locale to generic proofs.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
2020-12-23 09:19:53 +11:00
0df39b8ed5
riscv: update for platform constant changes
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
2020-11-16 16:52:40 +11:00
a45adef66a
all: remove theory import path references
...
In Isabelle2020, when isabelle jedit is started without a session
context, e.g. `isabelle jedit -l ASpec`, theory imports with path
references cause the isabelle process to hang.
Since sessions now declare directories, Isabelle can find those files
without path reference and we therefore remove all such path references
from import statements. With this, `jedit` and `build` should work with
and without explicit session context as before.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
2020-11-02 10:16:17 +10:00
41d1473216
riscv ainvs: isabelle2020 update
...
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
2020-10-27 15:52:31 +10:00
b77f83c57b
riscv: rename sbadaddr -> stval
...
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
2020-08-26 15:24:06 +10:00
99d241d031
riscv: clear out most crefine FIXMEs
...
Perform moves, remove lemmas placed in lib, etc.
Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
2020-06-08 20:41:11 +08:00
2fc5c5cc17
riscv ainvs: proof updates for new arch split functions
...
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
2020-06-08 20:41:10 +08:00
a33df75acb
riscv ainvs: update for invokeIRQHandler arch split spec change
...
Add appropriate lemmas for machine op plic_complete_claim.
Signed-off-by: Victor Phan <Victor.Phan@data61.csiro.au>
2020-06-08 20:41:10 +08:00
1b4c6ba987
riscv ainvs: update AInvs for potential InvalidPTE mappings
...
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
2020-06-08 20:41:09 +08:00
cc367d61b2
riscv aspec+ainvs: update tcb bits to 10
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
2020-06-08 20:41:09 +08:00
190d3b402a
riscv spec/ainvs: update IRQs to target hifive platform
...
- Increase IRQ word size from 3 to 6 to match IRQ_CNODE_SLOT_BITS in
sel4 config.
- Bump maxIRQ up to 54.
- Fix broken inequality proof by changing constant that depended on IRQ
word size.
2020-03-27 15:50:46 +11:00
a424d55e3e
licenses: convert license tags to SPDX
2020-03-13 14:38:24 +08:00
73e9503575
ainvs + infoflow: invocation label proof updates
2020-02-03 12:56:19 +08:00
b9c285400d
remove diminished (VER-1158)
...
diminished takes two caps and asserts that one is equal to the other
except that one may have fewer rights. We remove this definition and all
references to it, replacing diminished with equality.
2019-11-16 01:03:36 +11:00
c390ba7404
proofs: adjustments for word_lib changes
2019-11-15 12:08:22 +11:00
b820b13d06
riscv: avoid automatic unfolding of handle_vm_fault
...
(fun -> definition)
2019-11-15 12:04:50 +11:00
1db6ae7cf0
riscv: add kdev_base/kdevBase to handle RISCVVSpaceDeviceWindow and update proofs
...
- Add HiFive.hs to replace Spike.hs, it's the same except for kdevBase
addition.
- Originally called KDEV_PPTR in the C Code, to be changed to KDEV_BASE
across all architectures.
- Add RISCVVSpaceDeviceWindow case for valid_uses_2 definition.
2019-11-13 16:27:30 +11:00
c7fb4dcf2b
riscv aspec/ainvs: redefine kernel_elf_base to point to be kernelELFBase
2019-11-13 16:08:52 +11:00
6f94fff163
riscv aspec/ainvs: rename kernel_base to kernel_elf_base
2019-11-13 16:08:42 +11:00
d1f3afc4f2
riscv ainvs: close sorries for adding IRQ invocations
...
- Add setTrigger lemmas: setIRQTrigger_irq_masks, dmo_setIRQTrigger_invs
and no_irq_setIRQTrigger
- Modify primrec arch_irq_control_inv_valid_real to include similar
conditions to its equivalent in ARM, but with the minor chnage of irq !=
irqInvalid.
2019-11-12 18:28:40 +11:00
0d7c2fff48
riscv ainvs: add support to thread id registers
2019-11-12 18:28:40 +11:00
26b25838d0
riscv ainvs: close sorry for introducing kernelELFBase
2019-11-12 18:28:40 +11:00
a5e27933a5
riscv: cleanup; resolve remaining FIXMEs
2019-11-12 18:28:40 +11:00
d2584a3692
cleanup: collect word lemmas
2019-11-12 18:28:40 +11:00
82bcbdc137
riscv ainvs: prove that example state satisfies invs
2019-11-12 18:28:40 +11:00
090894c990
riscv aspec+ainvs: define a consistent initial page table
...
Simpler than the real kernel layout, but will show that invariants are
consistent.
2019-11-12 18:28:39 +11:00
9d81f85c38
riscv: force vptr alignment in PTMap decode
...
Instead of checking for alignment, mask out the bottom bits to force the
vptr stored in the cap into the correct alignment for the level to be mapped.
See also SELFOUR-2162
2019-11-12 18:28:39 +11:00
b5c47d552e
riscv aspec+ainvs: perform_pg_inv_unmap: update cap in memory
...
The argument cap is the same as the one in memory, but it's less work to not
prove that.
2019-11-12 18:28:39 +11:00
f7bf957c71
riscv ainvs: adjustments for unmap_page change
2019-11-12 18:28:39 +11:00
430a345aeb
riscv aspec: avoid type variable warning and freeindex increase
2019-11-12 18:28:38 +11:00
9846cd42bb
proof: update for crunch changes
2019-10-14 17:23:41 +11:00
dd48e0d899
proof: update for wp changes
...
Updated 'wp_once' to 'wp (once)' and removed several stray uses of 'wp_trace'.
2019-10-14 17:12:18 +11:00
fc06d03f84
riscv ainvs: update for PageMap replacing PageRemap (SELFOUR-161)
2019-10-10 11:27:01 +11:00
d934d25269
proof update for SELFOUR-1187: seL4 setPriority should attempt a direct schedule
...
Prior to this commit the kernel would always trigger a full reschedule
on setPriority. This change allows the kernel to attempt a direct
switch, avoiding invoking the scheduler.
2019-10-06 18:31:19 +11:00
5e2f9bd83b
ainvs: shorten proof of unique_table_refs_upd_eqD
2019-07-31 16:56:29 +10:00
bcfefb359b
riscv ainvs cleanup: remove unused crunches
2019-07-31 16:56:29 +10:00
cf168e2714
riscv ainvs: update cartouches to Isabelle2019 style
2019-07-31 16:56:29 +10:00
f29e73bc58
lib: move more facts on Numeral_Type from invariant proofs into lib
2019-07-31 16:56:29 +10:00
a1dca67543
riscv aspec/ainvs: resolve FIXMEs, reduce warnings
...
Mostly moved lemmas and definitions to more suitable locations.
Removed unused lemmas and commented-out code.
Resolved simple Isabelle warnings.
2019-07-31 16:56:26 +10:00
f8dc660baf
riscv aspec/ainvs: move init_vspace_uses and canonical_user to spec
...
Needed to define an initial state that satisfies invariants.
2019-07-31 16:55:32 +10:00
56bbcb3b41
riscv ainvs: remove unused store_pte_equal_kernel_mappings
2019-07-31 16:55:32 +10:00
cf2a4d2743
riscv ainvs: cleanup in crunch setup and invariant definitions
2019-07-31 16:55:32 +10:00
3369b33431
riscv ainvs cleanup: remove unused lemma
2019-07-31 16:55:32 +10:00
29f5ac319c
riscv ainvs: the sound of the last lemma fitting perfectly
2019-07-31 16:55:32 +10:00
7440b7b7a4
riscv ainvs: close sorry for perform_page_table_invocation
2019-07-31 16:55:32 +10:00
Ryan Barry
Mitchell Buckley
Mitchell Buckley
Miki Tanaka
Gerwin Klein
Rafal Kolanski
Matthew Brecknell
Victor Phan
Corey Lewis
MiladKetabi