adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,142 Commits 7 Branches 0 Tags 86 MiB
Commit Graph

2142 Commits

Author SHA1 Message Date
Rafal Kolanski 5db67853cf arm-hyp crefine: drop armParityEnabled from vm_attribs_relation 
Attribute does not exist in abstract spec, is nailed to False in
Haskell. In C it naturally gets mapped across in vmAttributesFromWord,
passed around everywhere, at which point the attribute is ignored
anyway.
 2017-06-19 14:32:36 +10:00
Alejandro Gomez-Londono d32b359fb9 arm-hyp crefine: Progress in Finalise_C 
* dissociateVCPUTCB_ccorres is almost done
 2017-06-19 14:32:36 +10:00
Gerwin Klein d39c2fdacc arm_hyp crefine: Refine_C sorry-free 2017-06-19 14:32:36 +10:00
Rafal Kolanski 8b8a185e44 arm-hyp crefine: sorry Arch_C again due to mapPTE/PDE bug in C 
Remap for large pages was correct in C, but hard to verify. Map however was
wrong (i.e. unchanged from ARM).
Abstract/haskell are same as ARM for both, hence they are being fixed.
 2017-06-19 14:32:36 +10:00
Miki Tanaka 2000a66309 arm-hyp crefine: assume vcpu_switch_ccorres 2017-06-19 14:32:36 +10:00
Miki Tanaka 54159d54d1 arm-hyp crefine: add ccorres_gen_asm2_state and vcpu_at_c_guard, etc. 2017-06-19 14:32:36 +10:00
Gerwin Klein caf223fd1f arm-hyp crefine: remove vcpu_relation sorries in Ipc 2017-06-19 14:32:36 +10:00
Gerwin Klein 72fd725558 arm-hyp crefine: IpcCancel sorry-free 2017-06-19 14:32:36 +10:00
Gerwin Klein 2e7bda77fa arm-hyp crefine: Recycle_C sorry-free 2017-06-19 14:32:36 +10:00
Gerwin Klein 91e253d7a5 arm-hyp crefine: remove vcpu_relation sorries in IpcCancel 2017-06-19 14:32:36 +10:00
Rafal Kolanski ab068c3573 arm-hyp crefine: Arch_C: decodeARMPageTableInvocation_ccorres 2017-06-19 14:32:36 +10:00
Gerwin Klein 239aed5e8c arm-hyp crefine: IsolatedThreadAction sorry-free 2017-06-19 14:32:36 +10:00
Rafal Kolanski ff6d019f42 arm-hyp crefine: reduce sorries in Arch_C 
Several non-trivial problems remain.
 2017-06-19 14:32:36 +10:00
Alejandro Gomez-Londono 466620755d arm-hyp crefine: Adding setObject_ccorres rules for updating vcpuTCB and tcbVCPU 
* New archThreadSet_tcbVCPU_Basic_ccorres for updating the
    associated vcpu inside a tcb

  * New setObject_vcpuTCB_Basic_ccorres for updating the
    associated tcb inside a vcpu
 2017-06-19 14:32:36 +10:00
Miki Tanaka a08bfb1afc arm-hyp crefine: add move_c_guard_vcpu and vcpu_at_rf_sr 2017-06-19 14:32:35 +10:00
Miki Tanaka b4b290de04 arm-hyp crefine: add ccorres lemmas for armHSCurVCPU_update (curv, active, and both) 2017-06-19 14:32:35 +10:00
Miki Tanaka d4f698f260 arm-hyp crefine: fix return type in get_gic_vcpu_ctrl_hcr_ccorres 2017-06-19 14:32:35 +10:00
Gerwin Klein 51d8fa0073 arm-hyp crefine: one sorry left in IsolatedThreadAction 2017-06-19 14:32:35 +10:00
Gerwin Klein 544d46ccbd arm-hyp crefine: ADT_C sorry-free 2017-06-19 14:32:35 +10:00
Gerwin Klein 1e195355d7 arm-hyp refine: invariant: num vgic LR registers has a known maximum 2017-06-19 14:32:35 +10:00
Alejandro Gomez-Londono 766f32320a arm-hyp refine: update for dissociate_vcpu_tcb 
* Swapping set_vcpu and arch_thread_set in dissociate_vcpu_tcb to
    match the order in C
 2017-06-19 14:32:35 +10:00
Alejandro Gomez-Londono f9b008bcee arm-hyp ainvs: update for dissociate_vcpu_tcb 
* Swapping set_vcpu and arch_thread_set in dissociate_vcpu_tcb to
    match the order in C
 2017-06-19 14:32:35 +10:00
Alejandro Gomez-Londono 657a2caa25 arm-hyp haskell: Rearranging dissociateVCPUTCB to match C 
* Swapping setObject (vcpu) and archThreadSet in dissociateVCPUTCB
    to match the order in C
 2017-06-19 14:32:35 +10:00
Alejandro Gomez-Londono aa70f61c4e arm-hyp aspec: Rearranging dissociate_vcpu_tcb to match C 
* Swapping set_vcpu and arch_thread_set in dissociate_vcpu_tcb to
    match the order in C
 2017-06-19 14:32:35 +10:00
Gerwin Klein 46269c73c5 arm-hyp crefine: reduce ADT_C sorries; vmRights/HAP injectivity solved 2017-06-19 14:32:35 +10:00
Gerwin Klein 9ebaa2c3ea arm-hyp refine: new invariant: VMNoAccess is unused 2017-06-19 14:32:35 +10:00
Gerwin Klein d286fdaaf8 arm-hyp crefine: more concurrency 2017-06-19 14:32:35 +10:00
Gerwin Klein 71ed9aee39 arm-hyp crefine: closed unmapPage sorry in VSpace_C 2017-06-19 14:32:35 +10:00
Gerwin Klein 5b92b63e98 arm-hyp: add missing license header 2017-06-19 14:32:35 +10:00
Gerwin Klein 9f32001c78 arm-hyp: enable quick_and_dirty for snd CBaseRefine image 2017-06-19 14:32:35 +10:00
Gerwin Klein 8a1fae268f arm-hyp: skip Refine proofs in CBaseRefine image for faster test 2017-06-19 14:32:35 +10:00
Gerwin Klein 3269d608a3 arm-hyp: enable CRefine + License tests; REFINE_QUICK_AND_DIRTY off 2017-06-19 14:32:35 +10:00
Alejandro Gomez-Londono 9d8f5326f5 arm-hyp crefine: add ccorres_pre rules for vcpu/tcb 
getObject for vcpu and tcb, getCurVCPU
 2017-06-19 14:32:35 +10:00
Rafal Kolanski 96c13859e0 proof/ROOT: add CREFINE_QUICK_AND_DIRTY flag 
Use to build CRefine in quick_and_dirty mode.
 2017-06-19 14:32:35 +10:00
Rafal Kolanski 84f63763e0 arm-hyp crefine: sorry Refine_C 
This is the top level file of crefine and last file of this sorrying run.

The new handleInterrupt (due to the new getActiveIRQ flag) has more specific
requirements about the current thread's state and queued status, which
are sorried, but probably true.

Some interesting questions about ctac/cinit/csymbr resulted in sorries
that look obviously true, but any attempt at touching them results in
exeception TERM despite many attempts.
 2017-06-19 14:32:35 +10:00
Rafal Kolanski ffb76f063c arm-hyp crefine: update and sorry ADT_C 
There is a non-trivial issue with the pde/pte state relations no longer
being injective, due to HAPFromVMRights not being injective.

handleHypervisorEvent_C updated in both locations (no idea why two),
generating some interesting questions about cinit/ctac usage.

setArchTCB_C becomes setTCBContext_C because we only set the context on
entry into the kernel, not the VCPU pointer.
 2017-06-19 14:32:35 +10:00
Alejandro Gomez-Londono 402f824950 arm-hyp crefine: use option_to_ctcb_ptr in cvcpu_relation 
* cvcpu_relation now uses option_to_ctcb_ptr instead of
    option_to_ptr since tcb pointers are special.
 2017-06-19 14:32:35 +10:00
Rafal Kolanski 3b0d72a5df arm-hyp crefine: update and sorry Fastpath_C 
Don't have vcpuSwitch ccorres yet, plus one likely trivial refine-related
sorry.
 2017-06-19 14:32:34 +10:00
Rafal Kolanski b1269759d8 arm-hyp crefine: strengthen cur_vcpu_relation in state relation 
Require that having Some vcpuptr on the haskell side implies that ptr is
not NULL on the C side. Required for injectivity.
 2017-06-19 14:32:34 +10:00
Rafal Kolanski c7b11988d4 arm-hyp crefine: update Syscall_C 2017-06-19 14:32:34 +10:00
Rafal Kolanski 2906a7dfec arm-hyp crefine: trivial: rename after refine changes 2017-06-19 14:32:34 +10:00
Rafal Kolanski cca9619dd6 arm-hyp crefine: Interrupt_C maxIRQ adjustment 2017-06-19 14:32:34 +10:00
Alejandro Gomez-Londono 0ee00e6d5f arm-hyp crefine: Move.thy fixes 2017-06-19 14:32:34 +10:00
Alejandro Gomez-Londono a488e8dd44 arm-hyp refine: various fixes and renames for obj_at' related rules 2017-06-19 14:32:34 +10:00
Rafal Kolanski 4628d6e8d6 arm-hyp crefine: sorry Schedule_C (missing vcpuSwitch ccorres) 2017-06-19 14:32:34 +10:00
Rafal Kolanski 3b447a9635 arm-hyp crefine: add refine wp sorries to Move.thy 
For someone else to prove.
 2017-06-19 14:32:34 +10:00
Rafal Kolanski ff76eebb0f arm-hyp crefine: naively sorried Tcb_C 2017-06-19 14:32:34 +10:00
Rafal Kolanski 7263d28c0d arm-hyp crefine: clean up and sorry Ipc_C 
4 interesting sorries
12 easy sorried cases for handling a vcpu case relation
 2017-06-19 14:32:34 +10:00
Rafal Kolanski a4ae2ad87b arm-hyp crefine: add VCPUFault/VGICMaint. to state relation 2017-06-19 14:32:34 +10:00
Rafal Kolanski b0466d15f1 arm-hyp crefine: sorry Invoke_C and IsolatedThreadAction 2017-06-19 14:32:34 +10:00