34a7c911e2
arm-hyp refine: VSpace_R, 2 sorries left, 1 sorry elsewhere
2017-06-19 14:32:31 +10:00
37ef712322
arm-hyp refine: zobj_refs adjustments; Arch_R sorry-free
2017-06-19 14:32:31 +10:00
0bf8d784b5
arm-hyp refine: zobj_refs' for VCPU (needed for liveness)
2017-06-19 14:32:31 +10:00
8c803f5056
arm-hyp abstract: adjust irq injection bit fiddling
2017-06-19 14:32:31 +10:00
e48643f785
arm-hyp refine: reduce sorries in Arch_R
2017-06-19 14:32:30 +10:00
19b519ba29
arm-hyp refine: VSpace_R, 4 sorries left
2017-06-19 14:32:30 +10:00
3edf057812
arm-hyp refine: tidying up Schedule_R
2017-06-19 14:32:30 +10:00
bee7435458
arm-hyp refine: reduce sorries in Arch_R
2017-06-19 14:32:30 +10:00
3349303b14
cparser: add support for ARM_HYP platform: umm_heap specs
...
These are copied verbatim from ARM as the word and pointer sizes are
identical.
These could be auto-generated by a Makefile, but a Makefile is not
invoked when building CKernel.
2017-06-19 14:32:30 +10:00
c293aa20c1
cspec: build config for ARM_HYP (TK1)
2017-06-19 14:32:30 +10:00
5e9080c77b
arm-hyp refine: Syscall_R sorry-free
2017-06-19 14:32:30 +10:00
04fae5af32
arm-hyp abstract: hypervisor fault not itself allowed to fault
2017-06-19 14:32:30 +10:00
115078328b
abstract: hypervisor_fault not itself allowed to fault
2017-06-19 14:32:30 +10:00
501e71adbe
arm-hyp refine: CNodeInvs_R sorry-free
2017-06-19 14:32:30 +10:00
8118968a05
arm-hyp refine: remove sorry in Syscall_R
2017-06-19 14:32:30 +10:00
c34aef1ee3
arm-hyp refine: DomainTime_R sorry-free
2017-06-19 14:32:30 +10:00
14b0f600ab
arm-hyp refine: Finalise_R sorry-free
2017-06-19 14:32:30 +10:00
187611825c
arm-hyp refine: dissociateVCPUTCB_invs'
2017-06-19 14:32:30 +10:00
31575f1065
arm-hyp refine: reduce sorries in Arch_R
2017-06-19 14:32:30 +10:00
8533613172
arm-hyp haskell: Various fixes to the spec
...
* Removed `return []` after performARMVCPUInvocation in Arc.performInvocation
* Disabled ParityEnable atribute in attribsFromWord
2017-06-19 14:32:30 +10:00
ff6da2f76c
arm-hyp refine: Retype_R sorry free
2017-06-19 14:32:30 +10:00
96bcd85299
arm-hyp execspec: change skeleton to manually define makeVCPUObject
...
to allow vgicLR to be initialised as a total function
2017-06-19 14:32:30 +10:00
6f32ddc7e9
arm-hyp refine: remove setVCPU_invs from wp set.
...
(The rule will need more preconditions, so we don't want it used
automatically yet.)
2017-06-19 14:32:30 +10:00
f727cc983c
arm-hyp refine: remove crunch sorries in DomainTime_R
...
Still two sorries left that depend on vgicMaintenance.
2017-06-19 14:32:30 +10:00
23d80dd261
arm-hyp refine: Ipc_R sorry free
2017-06-19 14:32:30 +10:00
5aefad5ccf
arm-hyp ainvs: fix invariants for make_arch_fault_msg changes
2017-06-19 14:32:29 +10:00
d7c2d22eb2
arm-hyp aspec: adding addressTranslateS1CPR to make_arch_fault_msg
2017-06-19 14:32:29 +10:00
fa5448625b
arm-hyp refine: reduce sorries in Arch_R
2017-06-19 14:32:29 +10:00
cb5e0bcd7e
arm-hyp refine: VSpace_R incremental progress (vcpuSwitch invariants)
2017-06-19 14:32:29 +10:00
b74e8c59a2
arm-hyp refine: Schedule_R sorry free
...
- last few sorries are moved to VSpace_R
2017-06-19 14:32:29 +10:00
774448a7de
arm-hyp refine: Untyped_R sorry free
2017-06-19 14:32:29 +10:00
6e23fa008c
arm-hyp invariants: empty_fail and no_irq rules for vcpuregs_gets and vcpuregs_sets
2017-06-19 14:32:29 +10:00
35e751f005
arm-hyp refine: PageTableDuplicates sorry-free
2017-06-19 14:32:29 +10:00
10e8973abb
arm-hyp refine: reduce sorries in Ipc_R
2017-06-19 14:32:29 +10:00
8ccba110a1
arm-hyp refine: reduce (more) sorries in VSpace_R
2017-06-19 14:32:29 +10:00
36146506ee
arm-hyp refine: reduce sorries in VSpace_R
2017-06-19 14:32:29 +10:00
4067704e99
arm-hyp refine: reduce sorries in PageTableDuplicates
2017-06-19 14:32:29 +10:00
8ae1d84e94
arm-hyp refine: reduce sorries in Finalise_R
2017-06-19 14:32:29 +10:00
682dde4155
refine: add intermediate BaseRefine2 session for small machines
2017-06-19 14:32:29 +10:00
96958113ef
arm-hyp refine: IPCCancel sorry-free
...
inlcuding simplification to ep and ntftn state_hyp_refs_of lemmas
2017-06-19 14:32:29 +10:00
1e9d0dc006
arm-hyp refine: completed remaining instances of no_vcpu class
2017-06-19 14:32:29 +10:00
2f972cfffd
arm-hyp refine: more vcpuSwitch hoare triples
2017-06-19 14:32:29 +10:00
69d16699ee
arm-hyp refine: Introducing no_vcpu typeclass to avoid duplicated lemmas
...
* Then idea with this class is to be able to genericaly constrain
predicates over pspace_storable values to are not of type VCPU,
this is useful for invariants such as obj_at' that are trivialy
true (sort of) if the predicate and the function (in the hoare
triple)
2017-06-19 14:32:29 +10:00
89496b3d90
arm-hyp: valid_arch_state'
2017-06-19 14:32:28 +10:00
09a02acc7b
arm-hyp proofs/ROOT: make it possible to skip proofs in BaseRefine
2017-06-19 14:32:28 +10:00
a751e4f798
arm-hyp refine: More invariants for vcpuSwitch and alike
2017-06-19 14:32:28 +10:00
d1eef6c026
arm-hyp refine: Detype_R sorry free
2017-06-19 14:32:28 +10:00
511d3f5c40
arm-hyp refine: one sorry left in Detype_R
2017-06-19 14:32:28 +10:00
bdd6f9c896
arm-hyp refine: add armUSGlobalPD to global_refs' in Invariants_H
2017-06-19 14:32:28 +10:00
a6b0559e23
arm-hyp refine: set_vm_root_corres and auxiliary lemmas
2017-06-19 14:32:28 +10:00
Alejandro Gomez-Londono
Gerwin Klein
Miki Tanaka
Rafal Kolanski
Gerwin Klein