40f4818d40
arm-hyp haskell: correct makeArchFaultMessage for VGICMaintenance faults
2017-06-19 14:32:39 +10:00
c63ba94746
arm-hyp crefine: close 1 sorry in VSpace_C
2017-06-19 14:32:39 +10:00
11d7a7ab62
arm-hyp crefine: change names of vcpu ccorres rules, vpcuDisable_ccorres -> vcpu_disable_ccorres, etc.
...
similarly for vcpu_save, vcpu_enable, and vcpu_restore
2017-06-19 14:32:39 +10:00
082295491e
arm-hyp crefine: vcpu_disable_ccorres done
2017-06-19 14:32:39 +10:00
57c20b69b4
arm-hyp crefine: Finalise_C sorry free
2017-06-19 14:32:39 +10:00
e1c3e764f8
arm-hyp crefine: narrowed down sorries in Ipc_C to specific subgoals
2017-06-19 14:32:39 +10:00
35df51dd8f
arm-hyp refine: prove word lemmas relating to duplicate page table entries
2017-06-19 14:32:39 +10:00
9ea2232d11
Word_Lib: miscellaneous conditional injectivity rules
2017-06-19 14:32:39 +10:00
0bbfb85d85
Word_Lib: add le_mask_shiftl_le_mask
2017-06-19 14:32:39 +10:00
220fa70586
arm-hyp crefine: cleared sorries in Tcb_C
2017-06-19 14:32:38 +10:00
0c40f5bbb6
arm-hyp crefine: cleared 3 sorries in Tcb_C
2017-06-19 14:32:38 +10:00
87ac6d5508
arm-hyp crefine: decodeVCPUSetTCB_ccorres
...
+ perform
2017-06-19 14:32:38 +10:00
2d4f1158cd
arm-hyp crefine: reduce Retype_C to 1 sorry
2017-06-19 14:32:38 +10:00
f27921bccb
arm-hyp crefine: Schedule_C sorry-free
2017-06-19 14:32:38 +10:00
c81c652f00
arm-hyp crefine: (minor) reduce Syscall to vgicMaintenance sorry
2017-06-19 14:32:38 +10:00
7769026872
arm-hyp crefine: decodeVCPUWriteReg_ccorres
...
+ perform
2017-06-19 14:32:38 +10:00
b82014766a
arm-hyp refine: fix resolveVAddr breakage
2017-06-19 14:32:38 +10:00
0afd65ea55
arm-hyp crefine: close resolveVAddr sorry
2017-06-19 14:32:38 +10:00
31984563d5
arm-hyp: switch quick_and_dirty back on for Refine
...
(until those sorries are done)
2017-06-19 14:32:38 +10:00
85053b2580
arm-hyp refine: new vs_valid_duplicates
...
The Haskell invariant now describes the page mappings necessary for LargePage
and SuperSection. Updates to refine/* to repair the corresponding fallout.
This commit moves some of the largePagePTEOffset et al lemmas from CRefine up
into Refine.
A small number of small but fiddly word lemmas are currently still sorried.
2017-06-19 14:32:38 +10:00
7bb68406d6
arm-hyp design/skel: define pageBase manually
...
pageBase is now generic in Haskell, but since PAddr, VPtr etc all map to word
in Isabelle, the generic type declaration would lead to an error.
Only necessary in ARM_HYP, but could be done in ARM as well if necessary.
2017-06-19 14:32:38 +10:00
424df79856
arm-hyp haskell: resolveVAddr needs to mask
...
LargePages and SuperSections are not duplicated as in normal ARM, so we need
to mask to get to the base address.
2017-06-19 14:32:38 +10:00
cbc528beba
arm-hyp haskell: make LargePage and SuperSection contiguous
...
In HYP mode, large pages and super sections are encoded by a set of small
pages and section entries that have the contiguous bit set. The hardware must
be able to ignore that bit and still make the correct translation, so they
most point to the correct base address in each entry, instead of being
duplicates as in normal (non-HYP) mode.
2017-06-19 14:32:38 +10:00
f09ba20de5
arm-hyp crefine: decodeVCPUReadReg_ccorres
...
Integrated into decodeVCPUInvocation.
2017-06-19 14:32:38 +10:00
29b20dc71a
arm-hyp crefine: add extended wp rules for readVCPUReg to Move
2017-06-19 14:32:37 +10:00
daea169e14
arm-hyp crefine: invokeVCPUReadReg_ccorres
...
Significantly complicated, needing multiple updates from kernel team to get
the reply mechanism right.
2017-06-19 14:32:37 +10:00
11a709caa4
arm-hyp crefine: associateVCPUTCB_ccorres + dissociateVCPUTCB_ccorres + others
...
* sanitiseSetRegister_ccorres
* vcpuInvalidateActive_ccorres
* armHSCurVCPU_update_active_false_ccorres
* + Other auxiliary lemmas
2017-06-19 14:32:37 +10:00
daa4e579e4
arm-hyp crefine: writeVCPUReg_ccorres
2017-06-19 14:32:37 +10:00
2ef0ba91db
arm-hyp crefine: fix arg name for vcpu reg machine ops
...
Was value_', should have been val_'.
2017-06-19 14:32:37 +10:00
25b178e4bd
arm-hyp crefine: solve_rf_sr_vcpu_update method
...
Solves goals of the following shape (rf_sr on fields of VCPUs):
⟦ (σ, σ') ∈ rf_sr; ko_at' vcpu vcpuptr σ ⟧
⟹ (σ⦇ksPSpace := ksPSpace σ(vcpuptr ↦ KOArch (KOVCPU (f vcpu)))⦈,
globals_update
(t_hrs_'_update (hrs_mem_update (heap_update (Ptr &(vcpu_Ptr vcpuptr→[''some_field''])) val)))
σ')
∈ rf_sr
I was not able to generalise this more. A rule would be better, but I don't
know how to bind one to the textual field lookup.
It's also slow, 10s per invocation, but at least it works.
2017-06-19 14:32:37 +10:00
d0eedd118b
arm-hyp crefine: sorry resolveVAddr_ccorres due to C changes
2017-06-19 14:32:37 +10:00
cb06acba7b
arm-hyp crefine: readVCPUReg_ccorres
2017-06-19 14:32:37 +10:00
57c3c70437
arm-hyp crefine: add cvcpu_relation_regs_def
...
expands cvcpu_relation into relations of VCPU registers
2017-06-19 14:32:37 +10:00
cce2e0805e
arm-hyp crefine: add rewrites for C versions of vcpureg comparisons
...
see: vcpureg_eq_use_types
Transforms (of_nat (fromEnum reg) = scast seL4_VCPUReg_SCTLR)
into (reg = VCPURegSCTLR)
letting you do cases on reg. There are no cases for seL4_VCPUReg*.
Inspired by invocation_eq_use_types
2017-06-19 14:32:37 +10:00
40057dff26
arm-hyp crefine: trivial generalisation in IpcCancel_C
...
[] -> hs in setThreadState_ccorres
2017-06-19 14:32:37 +10:00
903417e288
arm-hyp crefine: some progress in VSpace_C
2017-06-19 14:32:37 +10:00
e35dcc6b97
arm-hyp crefine: fix return types (get_gic_vcpu_ctrl_vmcr, get_gic_vcpu_ctrl_apr)
2017-06-19 14:32:37 +10:00
0af76b3242
arm-hyp crefine: update VSpace_R for new vcpu_disable (still with sorries)
2017-06-19 14:32:37 +10:00
c132fb331c
arm-hyo Refine: fix vcouDisable_corres for spec updates
2017-06-19 14:32:37 +10:00
69adb29a89
arm-hyp abstract: add missing isb machine op in vcpu_disable
2017-06-19 14:32:37 +10:00
16b6f26483
arm-hyp haskell: add missing isb in vcpuDisable
2017-06-19 14:32:37 +10:00
ef6e2dc32c
arm-hyp machine spec: get_gic_vcpu_ctrl_eisr1 shoud call get_gic_vcpu_ctrl_eisr1_val (fix)
2017-06-19 14:32:37 +10:00
188e0ddfc0
arm-hyp crefine: skeleton for decodeARMVCPUInvocation_ccorres
...
Needs 4 VCPU-related ccorres rules and final precondition proof.
2017-06-19 14:32:37 +10:00
b46dbe8001
arm-hyp crefine: Arch_decodeInvocation_ccorres + decodeARMMMUInvocation_ccorres
...
Repurposed nearly all of old Arch_decodeInvocation_ccorres into
decodeARMMMUInvocation_ccorres.
Educated guess at a stub for decodeARMVCPUInvocation_ccorres.
2017-06-19 14:32:37 +10:00
16946993c6
arm-hyp crefine: resolveVAddr_ccorres
...
Added valid_objs' to preconditions due to weakness of cpte_relation
w.r.t. large page base pointer alignment.
2017-06-19 14:32:36 +10:00
fa5bb8e4f4
arm-hyp crefine: createSafeMappingEntries_PTE_ccorres, some cleanup
2017-06-19 14:32:36 +10:00
cff16ccf1e
arm-hyp crefine: decodeARMPageDirectoryInvocation_ccorres
2017-06-19 14:32:36 +10:00
56f411c85d
arm-hyp crefine: widen sorry in Arch_C
...
Some accidental intermediate work got in at some point. Oops.
2017-06-19 14:32:36 +10:00
e7ce103775
arm-hyp crefine: widen sorry in VSpace_C due to C changes
2017-06-19 14:32:36 +10:00
c172938247
arm-hyp crefine: finish decodeARMFrameInvocation_ccorres
2017-06-19 14:32:36 +10:00
Joel Beeren
Gerwin Klein
Miki Tanaka
Alejandro Gomez-Londono
Matthew Brecknell
Rafal Kolanski