18640b8db6
arm-hyp crefine: update length to word_t for VCPU functions
...
Length argument for these functions was previously unsigned int, which
was fine for AArch32, but an implicit downcast on AArch64. Changing it
to word_t makes it unsigned long, thus requiring signature update in
ccorres proofs.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2024-01-22 19:09:44 +00:00
5568eb56a1
clib+crefine: improve and consolidate variants of ccorres_to_vcg
...
Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>
2024-01-22 19:09:44 +00:00
314158480a
proof: update to Isabelle2023 mapsto syntax
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-10-06 14:41:41 +11:00
7999632872
proof: update for changes to nondet monad
...
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
2023-10-05 11:24:05 +11:00
deade608ac
crefine: change misleading proof step in CSpace_RAB_C
...
Trying to figure this out was very educational, since ccorres_abstract
was used without intending to abstract a variable, the xf' and lambda
name were both red herrings (in fact, this proof only worked if xf' was
instantiated with an *irrelevant* C local var name), and the body was
not transformed.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-09-15 06:10:04 +10:00
4d97b26dbf
arm-hyp crefine: proof update for object_type enum reorder
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-08-14 15:51:34 +02:00
71dc79a879
arm crefine: proof updates for object_type enum reorder
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-08-14 15:51:34 +02:00
02116815be
proof+autocorres: update for select_wp and alternative_wp
...
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
2023-08-09 16:42:01 +10:00
2c8f9eeff1
lib+spec+proof+autocorres: consistent Nondet filename prefix
...
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
2023-08-09 12:07:06 +10:00
d87f5e13b5
crefine: update for no_name_eta
...
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
2023-07-05 17:04:50 +10:00
a0be68c211
clib+crefine: add no_name_eta to crefine tactics
...
This leads to improved consistency and better names for bound variables.
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
2023-07-05 17:04:50 +10:00
1f06802350
crefine: update for new ccorres cong rules
...
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
2023-06-30 10:14:57 +10:00
163b9fe58a
crefine: remove some duplicated lemmas
...
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
2023-06-30 10:14:57 +10:00
168d3aae3c
crefine: remove obsolete corres wpc setup
...
This setup didn't actually work. Replaced by corres_cases.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-06-26 16:20:33 +10:00
db44def660
arm-hyp crefine: use monadic_rewrite_pre
...
Replace wp_pre with monadic_rewrite_pre in one manual proof instance.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-06-15 16:00:28 +10:00
f75a3481ae
lib+refine+crefine: disambiguate corres_pre
...
- rename corres_pre set in CRefine to ccorres_pre
- rename internal corres_pre method in Corres_Method to corres_pre'
- use corres_pre instead of old wp_pre in refine
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-06-15 10:46:39 +10:00
0e3016251f
lib+proof: proof updates for wpc change
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-06-15 09:52:15 +10:00
ca589b635c
c-parser: add dom_lift_t_heap_update and lemmas for proj_d
...
Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>
2023-05-01 15:16:22 +09:30
ac5fe5bd59
refine: add obj_range'_disjoint
...
This also moves several lemmas required for obj_range'_disjoint
to Invariants_H
Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>
2023-05-01 10:52:50 +09:30
b8714328cb
word_lib+crefine: add and_one_neq_simps and adjust proofs
...
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
2023-04-18 13:23:42 +10:00
68e33858e2
crefine: simp rules for true and false
...
These rules allow the simplifier to solve almost all existing goals that
involve the C constants true and false, without unfolding their
definitions.
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
2023-04-18 13:23:42 +10:00
ba241aac64
riscv+x64 crefine: remove unused lemma
...
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
2023-04-18 13:23:42 +10:00
0cf64b5498
READMEs: use run_tests consistently in READMEs ( #622 )
...
Avoid mixing `isabelle`, `make`, and `run_tests` invocations.
Standardise on `run_tests` and mention `L4V_ARCH` each time to
indicate that you can and should set `L4V_ARCH`.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-03-30 13:59:18 +11:00
662245c8cb
riscv machine+design+crefine: explicitly set pptrTop
...
Factor out pptrTop from the definition in kernelELFBase and define it
as a constant as on other platforms. Shadows the equivalent definition
in Haskell.
Also remove incorrect comment -- the term was not PADDR_TOP, but
PPTR_TOP in C.
Co-authored-by: Corey Lewis <corey.lewis@proofcraft.systems>
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-03-29 11:05:26 +11:00
0fc9a0542c
arm+arm-hyp machine+ainvs+refine+crefine: physBase abstraction
...
physBase is reduced to be unfolded only in Arch_Kernel_Config_Lemmas.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-03-29 11:05:25 +11:00
d5fa6043cb
proof: update (non-x64) for physBase-dependent defs
...
Co-authored-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-03-20 09:34:42 +11:00
c2a9ec60a8
arm-hyp crefine: update for physBase-as-function
...
In order to parametrise the kernel's physical address in verification,
physBase becomes a function in C.
This updates the functional correctness proofs so that they work again.
Proper abstraction of physBase in the proof is forthcoming.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-03-07 00:04:38 +11:00
e89813ecf2
proofs: updates for monad refactor
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-02-09 11:46:55 +11:00
8c1d67945d
crefine: NonDetMonad.valid -> NonDetMonadVCG.valid
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-02-09 11:46:51 +11:00
8791c1be22
proofs: hoare_pre_cont variable renamed
...
s/hoare_pre_cont[where a=/hoare_pre_cont[where f=/
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-02-09 11:46:51 +11:00
7b1e140912
proofs: valid_def moved to NonDetMonadVCG
...
NonDetMonad.valid_def -> NonDetMonadVCG.valid_def
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-02-09 11:46:51 +11:00
3c322eab1d
cparser+crefine: move h_t_array_valid_array_assertion to cparser session
...
Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>
2023-01-30 18:00:42 +10:30
e3c2e878b9
lib+proof+autocorres: consolidate when[E]/unless[E]_wp naming
...
wp rules for most operators such as return, get, gets are named
return_wp, get_wp, etc. Then when, whenE, unless, unlessE operators had
an additional hoare_.. prefix that this commit removes for more
consistency.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-01-25 11:48:39 +11:00
49c93e64ee
lib: eliminate hoare_gets_post
...
duplicate of hoare_gets_sp
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-01-25 11:48:39 +11:00
b1daf38dda
lib+crefine: eliminate list_case_return2
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-01-25 11:48:38 +11:00
6bf7c92d22
lib+crefine: zipWith lemma [simp] consolidation
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-01-25 10:19:41 +11:00
2d2cadb86b
lib+proof+tools: move LemmaBucket_C into CParser
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-01-25 10:18:11 +11:00
a9fd0142be
all: adjust theory imports for TypHeapLib change
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-01-25 10:13:45 +11:00
2e608b5a5c
crefine+capDL: proof updates for theLeft/theRight
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-01-19 17:41:11 +11:00
9c3a7faefd
lib+proofs: s/non_fail_/no_fail/
...
Some of the no_fail lemmas had he wrong name (non_fail instead of
no_fail).
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-01-19 17:02:10 +11:00
619e941631
c-parser+crefine+clib: move is_aligned_c_guard to c-parser session
...
Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>
2023-01-12 11:48:59 +10:30
640d352148
c-parser+crefine: move h_t_array_valid_field to c-parser session
...
Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>
2023-01-11 14:39:57 +10:30
3960115459
lib+proofs+sys-init+tools: proof updates for Fun_Pred_Syntax
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-01-09 14:54:11 +11:00
9b33cfad36
update copyright
...
Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>
2022-11-09 15:52:50 +11:00
db6b3b839e
isabelle2022 crefine: update CRefine for all architectures
...
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
2022-11-09 11:45:46 +11:00
2909c56924
arm+arm-hyp crefine: indent pass over Fastpath_Equiv
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2022-11-02 05:05:44 +11:00
536eec39e4
proof: update copyrights for monadic_rewrite improvements
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2022-11-02 05:05:44 +11:00
60b3573d46
proof: improve monadic_rewrite usage based on new tactics
...
Deploy monadic_rewrite tactics, misc improvements.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2022-11-02 05:05:44 +11:00
7c127a65cd
proof: apply monadic_rewrite updates (except Fastpath_Equiv in CRefine)
...
Adapt to changes from previous commit, mostly renames.
Fastpath_Equiv needs more work, pending tactical improvements.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2022-11-02 05:05:44 +11:00
94f21c8d09
crefine: minor improvements to IsolatedThreadAction
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2022-11-02 05:05:44 +11:00
Rafal Kolanski
Michael McInerney
Gerwin Klein
Corey Lewis