In order to compare ASTs for appearance/disappearance/modification of
declarations, it is easier to have the annotations obvious to any
external tool for ease of parsing.
Annotations take the form:
"##<decl_type>: <name>", e.g. "##Function: ctzl"
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
The setup for L4V_ARCH=AARCH64 is identical to RISCV64, i.e. same word
length, encoding, and endianness. The setup includes the standalone
parser used for compile and preprocess checks in the seL4 repo.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Initially the `Makefile` copied `umm_heap/ARM_HYP` from `umm_heap/ARM`,
and deleted `umm_heap/ARM_HYP` during `make clean`. However, the
contents of `umm_heap/ARM_HYP` have since been committed, so this is no
longer appropriate.
Reported-by: Michael Norrish <Michael.Norrish@data61.csiro.au>
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Two kinds of function calls were escaping the analysis. The first is simple,
the ReturnFnCall statement type, which was a silly omission from before.
Function calls inside initialiser statements are a more difficult problem.
The simplest solution was to move the VER-881 calculation into a
post-processing phase once those function calls have been moved to statement
positions.
This scans for statement-level function calls which will have complex
lvalue translations, either because their lvalues are compound
expressions or because their function return type will be promoted to
be stored. It treats them like expression-level function calls, with
an additional call statement added (saving to a ret_ variable) and
the complex lvalue step treated like an assignment.
The C kernel build in cspec was changed to have a different directory structure and
build targets. This updates the make_munge.sh script to reflect those changes
tags: [NO_PROOF]
- replace ARM-specific constants and types with aliases which can be
instantiated separately for each architecture.
- expand lib with lemmas used in X64 proofs.
- simplify some proofs.
Also-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Adds an additional analysis option to the external C parser. This
will report about any asm statements that were encountered and could
not be properly handled.
[NO_PROOF]
Architecture names follow L4V_ARCH-style naming conventions ('ARM', 'FAKE64').
However, the standalone parser does not make use of the L4V_ARCH environment
variable.
The standalone-parser Makefile builds all architectures at once, producing
binaries at 'ARM/c-parser', 'FAKE64/c-parser', and similarly for the tokenizer.
There are also wrapper scripts 'c-parser' and 'tokenizer' in the
standalone-parser directory, which take an architecture on the command line.
The make_munge.sh script calls the appropriate binary parser directly.
Give the standalone c-parser the facility to dump out its internal AST. Only
half finished, I got bored writing serialisers for the many syntax datatypes.
There has been some discussion about how to check whether an seL4 change
impacts verification. My thought was that the obvious thing to check is the
C-parser's AST. If this is unchanged, then further analyses must be unchanged.
Specification of file to emit to is via command-line switch. Take the
opportunity to make comand-line processing be done via GetOpt library.
JIRA VER-473
Japheth's recent change (6f7c660cb) to error-reporting for the latter
broke the former. Refactor code so that old and new code can coexist.
Would just use Japheth's code in the purely SML version too, but it uses
Isabelle/ML libraries that I can't be bothered to recreate in SML.
The handling of local static variables is now part of a general
improvement in the handling of all the "munging" that the parser does.
*Munging* is the process of renaming variables so that Isabelle can cope
with them. There are at least three different forms of munging at the
moment:
- static locals get munged so that multiple static locals (which have to
be treated as globals) can co-exist with the same source name.
- local variables of the same source name but different types have to be
able to co-exist
- variables with legitimate C names but illegal Isabelle names have to
be allowed
The new structure MString implements an opaque version of string
designed to make it clear to the typechecker that certain strings are
"munged".
As per example, syntax is
declare [[cpp_path="path to file"]]
If the empty string is used as the value, then no preprocessor will be
called.
The standalone parser has also been adjusted so that you can it with
--cpp=path
or
--nocpp
options.
Closes JIRA issue VER-337
Rafal Kolanski
Gerwin Klein
Gerwin Klein
Matthew Brecknell
Rafal Kolanski
Thomas Sewell
Pang Luo
Adrian Danis
Alejandro Gomez-Londono
Joel Beeren
Thomas Sewell
Michael Norrish
David Greenaway
Gerwin Klein