This gets rid of the simplified warning for Collect_const that
ccorres_rewrite produces in many CRefine proofs.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Contexts have the "visible" flag that determine whether warnings such
as duplicate rewrite rules are shown or not. Make setting this flag to
false available in Eisbach methods.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
If we don't provide the additional name fragment, previous artifacts
would be overwritten, which leads to a failure with error message on
GitHub.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This will now test with the following num_domains settings:
- PRs: default as in config file, no matrix
- push to master: with NUM_DOMAINS = 1 and default (= '')
- weekly test: with NUM_DOMAINS = 1, 7, and default
The default in the current config files is 16. 1 leads to structural
code changes is the setting most likely to break. 7 is for checking
that the proofs also work with a value that is not a power of 2.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Setting the environment variable INPUT_NUM_DOMAINS will cause the
build to override the KernelNumDomains setting in the config file with
the provided setting.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This adds information about the return relation to the C guards
and the C preconditions of the assumptions.
The C hoare triples for cond have also been consolidated, to
help simplify applications where the C guards are minimal.
A comment about its intended use is given.
Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>
Length argument for these functions was previously unsigned int, which
was fine for AArch32, but an implicit downcast on AArch64. Changing it
to word_t makes it unsigned long, thus requiring signature update in
ccorres proofs.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
AutoCorres no longer depends on the Lib session. This means:
- remove Lib session ROOT parsing in release.py
- copy over ROOT files of new library sessions
- add new theory NatBitWise to manifest
- update release ROOTS and ROOT files
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- Basics and ML_Utils are their own sessions now; include their
ROOT files
- remove separate obsolete lib/ROOT file
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The script does not expect the tag (e.g. c-parser-1.20), but only the
version number in the tag.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The @License tags are no longer used, and SPDX tags are checked in CI,
and name tags are no longer used in the sources either.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
PR seL4/seL4#1105 moves config generation back to configure time.
This means we can revert eaf735c38f.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This generalises the rule ccorres_call_getter_setter by allowing the return
relation between the "getter" and the C function called to be arbitrary,
rather than just the identity relation.
A variant of this rule, ccorres_call_getter_setter_dc, is provided for
when we do not care about the return relation.
Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>
The SimplExportAndRefine session is only needed for binary verification
and is currently failing. There are no plans yet for binary
verification on AArch64, so the session will remain disabled for now.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Refine for AArch64 is now completed and doesn't need quick_and_dirty
any more. CRefine is now in development mode.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The AFP linter is stricter about this than we are, and it is definitely
bad style to start with "proof (clarsimp ..)"
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Fix document preparation issues in the theory files that have been
added to ROOT in the previous commit.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
As the AFP submission system correctly points out, these theory files
had not been included in any session yet.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Now that we're producing a proof document, theory order and
chapter/section nesting matters more.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Fix remaining unquoted underscore names and similar to make the LaTeX
document preparation pass.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Abstract and author list for upcoming AFP entry. Author list is
determined separate for each session (ML_Utils, Eisbach_Tools, Monads)
by lines added/removed over the repo history. Acknowledgements are from
the repo history.
The latter might be incomplete, because git has trouble following more
than a single file through renames, and these files were renamed a lot.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This wrapper around Apple llvm-gcc has been obsolete and unused for a
few years now. Remove to avoid confusion.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Michael McInerney
Gerwin Klein
Rafal Kolanski
Corey Lewis
Achim D. Brucker