ea7b95d4dd
arm-hyp refine: vcpuSave_corres for the new vcpuSave
2017-06-19 14:32:41 +10:00
ce4d7ba056
arm-hyp haskell: fix wrong register name in new vcpuSave
2017-06-19 14:32:41 +10:00
a36043fec1
arm-hyp crefine: update IsolatedThreadActions for vcpuSave change
2017-06-19 14:32:41 +10:00
f6f4d724fe
arm-hyp refine: more sorries in CNodeInv_R and Schedule_R for spec updates
2017-06-19 14:32:41 +10:00
c32ae000fc
arm-hyp ainvs: Clear sorries in ArchEmptyFail_AI
2017-06-19 14:32:41 +10:00
131972d498
arm-hyp refine: VSpace_R sorried for spec change fixes
2017-06-19 14:32:41 +10:00
3d859cdad7
arm-hyp invariants: more sorries and fixes
2017-06-19 14:32:41 +10:00
d037bb83f8
arm-hyp ainvs: proof fixes for new new vcpu_save definition
2017-06-19 14:32:41 +10:00
de42edf6c5
arm-hyp invariants: add invariants for new vcpu_save definition (wip)
2017-06-19 14:32:41 +10:00
e54339e9ab
arm-hyp abstract: rephrase vcpu_save for easier match with C
2017-06-19 14:32:41 +10:00
9720d48455
arm-hyp haskell: [squash this] fix Haskell vcpuUpdate
2017-06-19 14:32:41 +10:00
da1aaa5014
arm-hyp design: update skeleton to include new Haskell functions
2017-06-19 14:32:41 +10:00
bb12917ba1
arm-hyp haskell: rephrase vcpuSave for easier match with C
2017-06-19 14:32:41 +10:00
08bd86042a
arm-hyp crefine: reflect spec changes for makeVIRQ and decodeVCPUInjectIRQ
2017-06-19 14:32:41 +10:00
3e65a59f1c
arm-hyp refine: fix for makeVIRQ spec change
2017-06-19 14:32:41 +10:00
c06b58f369
arm-hyp abstract: correct make_virq
2017-06-19 14:32:41 +10:00
100ac2cee1
arm-hyp haskell: correct makeVIRQ
2017-06-19 14:32:41 +10:00
953a42a923
arm-hyp abstract: correct range_check fix for decode_vcpu_inject_irq
2017-06-19 14:32:41 +10:00
8ca5198a7e
arm-hyp haskell: correct range_check fix for decodeVCPUInjectIRQ
2017-06-19 14:32:41 +10:00
2ed26c2c00
arm-hyp crefine: finish proof of invokeVCPUInjectIRQ_ccorres
...
Possible now that virq_t is storable.
2017-06-19 14:32:41 +10:00
1d72a3e389
arm-hyp crefine: put virq_C in twoToSix_packed class
...
Somewhere automation has failed, resulting in virq_C not being in a size
class, hence arrays not being in packed_type. Therefore typ_heap_simps
would not work since strictly speaking there was no indication the
object could be stored in memory.
This caused hours of suffering for all concerned.
2017-06-19 14:32:40 +10:00
6266d327f8
arm-hyp: isolate evil vgicLR update cmap_relation lemma
...
see: vcpu_vgic_lr_update_cmap_relation
This is hard, might take a while.
2017-06-19 14:32:40 +10:00
a4b8684232
arm-hyp crefine: virq_virq_pending_EN_new_spec (incl 1 sorry)
...
makeVIRQ is sadly wrong, new spec is sorried, waiting for upstream
update to conform
2017-06-19 14:32:40 +10:00
db2e052295
arm-hyp crefine: (invoke|decode)VCPUInjectIRQ_ccorres (incl. 3 sorries)
...
Sorried:
- definition waiting on upstream change (decodeVCPUInjectIRQ_def)
- hard word proof in progress
- stuckage on typ_heap_simps not firing
2017-06-19 14:32:40 +10:00
d4edba3e07
arm-hyp crefine: setMR_as_setRegister_ccorres
...
usually when we call setMR directly, we mean to only set one,
which will fit in actual registers
2017-06-19 14:32:40 +10:00
ef93982d2f
arm-hyp crefine: convenience lemmas and augmentations
...
- add proper ccorres_pre_gets_armKSGICVCPUNumListRegs_ksArchState
- many of the other ccorres_pre_gets* lemmas are TOO WEAK to use safely!
- shiftr_and_eq_shiftl (proof by Matthew Brecknell)
2017-06-19 14:32:40 +10:00
a5c9384df5
clib: ccorres_grab_asm
...
like ccorres_gen_asm, but when your last conjunct is K (...)
2017-06-19 14:32:40 +10:00
0abead8f71
clib: add ccorres_rewrite_cond_sr_Seq
...
analogous to non-Seq version
2017-06-19 14:32:40 +10:00
28c47bf706
arm-hyp: temporarily remove ASpec_ARM ExecSpec_ARM tests
2017-06-19 14:32:40 +10:00
7969414919
arm-hyp crefine: fix some sorries in Ipc_C, fixed proofs broken by sanitiseRegister change
2017-06-19 14:32:40 +10:00
8ae57e7a81
arm-hyp refine: fix breakages from sanitiseRegister_refactor
2017-06-19 14:32:40 +10:00
61353891dd
arm-hyp haskell: refactor sanitiseRegister
2017-06-19 14:32:40 +10:00
083e65a4b2
arm-hyp ainvs: fix ainvs after sanitise_register refactor
2017-06-19 14:32:40 +10:00
cd7820e026
arm-hyp abstract: refactor sanitise_register to not take kernel_object
2017-06-19 14:32:40 +10:00
e33d4d3145
arm-hyp crefine: widen VSpace_C sorry for spec changes
2017-06-19 14:32:40 +10:00
3a7d75e554
arm-hyp crefine: adapt to spec changes
2017-06-19 14:32:40 +10:00
d531dc9dc5
arm-hyp refine: fixed invokeVCPUInjectIRQ_corres
2017-06-19 14:32:40 +10:00
6b3528b24d
arm-hyp refine: sorry fallouts from invoke_vcpu_inject_irq change
2017-06-19 14:32:40 +10:00
3ef274ecf1
arm-hyp invariants: fix fallouts from invoke_vcpu_inject_irq changey
2017-06-19 14:32:39 +10:00
7067365560
arm-hyp abtract: change invoke_vcpu_inject_irq definition for better matchin
2017-06-19 14:32:39 +10:00
4e98e6e2a5
arm-hyp haskell: change invokeVCPUInjectIRQ definition for better matching
2017-06-19 14:32:39 +10:00
a07c41a43b
arm-hyp refine: fix fallouts from the spec changes (excluding those in vcpu_save), with 1 sorry in Arch_R
2017-06-19 14:32:39 +10:00
dbbd74d9cf
arm-hyp abstract: fix range_check off-by-one error in decode_vcpu_inject_irq
2017-06-19 14:32:39 +10:00
f47a157172
arm-hyp haskell: fix range_check off-by-one error in decodeVCPUInjectIRQ
2017-06-19 14:32:39 +10:00
1c6124b578
arm-hyp abstract: make the loop range in vcpuRestore depend on arm_gicvcpu_numlistregs
2017-06-19 14:32:39 +10:00
8326c5619f
arm-hyp haskell: make the loop range in vcpuRestore depend on armKSGICVCPUNumListRegs
2017-06-19 14:32:39 +10:00
35a24ecf4e
arm-hyp crefine: repair setVMRoot lemma
...
Only the 2 loop sorries now left in VSpace_C
2017-06-19 14:32:39 +10:00
1cb83b6351
arm-hyp crefine: close 1 sorry in VSpace_C
2017-06-19 14:32:39 +10:00
85efb9d922
arm-hyp crefine: update state relation for new vgic fault message
2017-06-19 14:32:39 +10:00
fd660775ee
arm-hyp abstract: correct makeArchFaultMessage for VGICMaintenance faults
2017-06-19 14:32:39 +10:00
Miki Tanaka
Gerwin Klein
Alejandro Gomez-Londono
Rafal Kolanski
Joel Beeren