This adds the options `--l4v-arches` and `--l4v-arch-all` to the
`run_tests` wrapper script, which can be used to specify multiple
(or all) L4V_ARCHs to test.
Previously, the method `datatype_schem` used a specific list of
hard-coded rules to "fix" datatypes in schematics. This adds an
attribute so users can add new datatype "lenses"/"accessors" as needed.
The ARM C kernels have renamed the LR_svc and FaultInstruction registers
to NextIP and FaultIP respectively, for consistency with x86 kernels. A
patch for a similar renaming in the abstract and Haskell specifications
is forthcoming.
FP_Eval is an Isabelle/ML tool for functional program rewriting.
It has similarities with the Isabelle simplifier, but is simpler and
more scalable for performing computations in the logic.
See FP_Eval_Tests for basic tests and examples.
- Add instructions for installing the `goto-error` macro in a place
where we might be able to find them.
- Mention the improved auto-indenter, in the hope that we will use it
when writing proofs.
Previously, the C kernel maintained a global pointer to the IRQ node.
This pointer was only initialised during boot, when the actual IRQ node
was dynamically allocated from untyped memory.
The C kernel now includes a statically allocated IRQ node, which is just
a suitably sized array of CTEs. This commit updates the proofs to verify
this change to the C kernel.
This is an explicit walkthrough about how one goes about doing a proof
in Isabelle/ML. The goal is that someone can run into such a proof, look
at this tutorial, and then at least be equipped to ask the right
questions about fixing the proof.
A common frustration is seeing a term `Ptr x :: foo ptr` and not being
able to inspect the inferred type `foo` (this is especially true when
`Ptr` occurs within another expression).
Copying the style of `UCAST`, this adds syntax rules for displaying `Ptr
x :: foo ptr` as `PTR(foo) x` and `ptr_coerce (bar :: a ptr) :: b ptr`
as `PTR_COERCE(a -> b) bar`.
Figuring out that you need to install an extra package _after_ waiting
three hours for CRefine to build isn't fun. Changes the installation
instructions to be like most other projects, i.e. "here is everything
you'll need for anything you'll want to do".
arm ainvs: cleanup
Abbreviate Hoare triples that do not care about the return value and
whose pre and post conditions are the same.
x64 ainvs: cleanup
ainvs: cleanup
x64 ainvs: cleanup
drefine: cleanup
Michael McInerney
Japheth Lim
Edward Pierzchalski
Matthew Brecknell
Victor Phan