7ad3ef3b3e
wp: update the proofs for the new wp/wpc/wpsimp
2017-03-16 19:39:11 +11:00
a2de84cf3d
ainvs: repair wp_pre fallout
2017-03-16 19:39:11 +11:00
7cd8763cd8
lib/wpsimp: pass more parameters to clarsimp
2017-03-16 19:39:11 +11:00
3dd496f447
wp: separate wp_pre method, used in wp and wpc
2017-03-16 19:39:11 +11:00
3005f25eb9
lib: faster proof
2017-03-16 19:39:11 +11:00
727b7f74e5
arm ainvs: trivial: fix erroneous ARM_HYP qualification
2017-03-14 12:23:14 +11:00
30aa85b0d6
ainvs: strengthen arch assumptions for handle_hypervisor_fault
...
Contains changes to the generic theory, back-ported and arch-split from
ARM_HYP, as well as corresponding changes to the ARM theory.
Also-by: Gerwin Klein <Gerwin.Klein@data61.csiro.au>
2017-03-14 10:22:25 +11:00
cf168b7ee4
arm ainvs: use stronger assumptions for handle_hypervisor_fault
2017-03-14 10:22:17 +11:00
db2d607786
ainvs: fork slow proof
2017-03-13 16:12:52 +11:00
eb880a9a23
ainvs: stronger assumptions for handle_hypervisor_fault
2017-03-13 16:12:52 +11:00
d6ac616294
CParser multi_arch_refactor: Adding support for ARM_HYP
2017-03-10 11:10:24 +11:00
6ce6c97397
arch_split: DetSchedDomainTime_AI, DetSchedSchedule_AI for ARM
2017-03-09 12:10:44 +11:00
c0c52700fb
trivial: rename split_if to if_split following Isabelle2016-1
2017-03-09 11:59:33 +11:00
ea771a8f7c
arm-hyp: configure kernel Makefile for L4V_ARCH=ARM_HYP
...
Set as required for TK1 platform.
2017-03-06 17:16:28 +11:00
5ece85b8d2
crefine: ARM verification support for "Disable active VCPU when switching to the idle thread"
2017-03-06 16:15:27 +11:00
a94f5d0e69
crefine: tcb argument for sanitiseRegister
2017-03-06 14:42:46 +11:00
c3d179cd28
aspec: standard file access rights
2017-03-04 10:32:12 +11:00
941d383594
ainvs: allow valid_arch_state to depend on arch objs
2017-03-03 13:51:35 +11:00
99c7dd8a04
cleanup: remove old wp_cleanup comments
2017-03-03 09:01:28 +11:00
4d11360701
Merge pull request #167 in SEL4/l4v from hv_inv_ex to master
...
* commit '8a7d450f3a1c7b509e01eed107abdf64e7cc4618':
ainvs + refine: remove hv_inv_ex
2017-03-03 09:00:42 +11:00
8a7d450f3a
ainvs + refine: remove hv_inv_ex
...
The lemma was convenient, but is subsumed by others. It is not true on
ARM_HYP.
2017-03-02 10:26:10 +11:00
4e7456dcc8
add forward_solve methods to Eisbach_Methods
2017-03-01 16:54:58 +11:00
81b3e7808b
licenses: Updated licenses added from x64 backport
...
tags: [NO_PROOF]
2017-02-28 12:26:19 +11:00
cbff0aa5ec
apply_debug: avoid hanging in batch mode
2017-02-24 13:32:59 +11:00
a95b9cca7c
InfoFlowC: updates for Hypervisor stub
2017-02-22 15:26:50 +11:00
fec4f5172a
CRefine: updates for Hypervisor stub
2017-02-22 15:26:50 +11:00
5665511d84
capDL spec and DRefine: updates for Hypervisor stub
2017-02-22 15:26:50 +11:00
2699254382
Refine: updates for Hypervisor stub
2017-02-22 15:26:49 +11:00
b2f2034bbc
Bisim / Access / InfoFlow: updates for Hypervisor stub
2017-02-22 15:26:49 +11:00
14aa48bc76
invariant-abstract: updates for Hypervisor stub
2017-02-22 15:26:49 +11:00
75b1680d68
abstract: add Hypervisor fault event to ARM
2017-02-22 15:26:49 +11:00
98832f8ccd
execspec: add hypervisor, HypFaultType in skeletons (ARM), generated files
2017-02-22 15:26:46 +11:00
ce1b60e16e
haskell: add Hypervisor module, add concept of Hypervisor exceptions
...
The kernel gains an entry point for hypervisor exception events, as well
as a way to add arch-specific handlers for these events.
We do this since the hypervisor has its own entry point into the kernel,
and that must be reflected in the top-level kernel entry interface.
For ARM target, which does not have hypervisor support, we add an no-op stub.
2017-02-22 15:26:41 +11:00
1758666208
lib: add definition for word_ctz (count trailing zeros)
...
Nothing proved about this so far. Stated as most obvious formulation.
Needed for CParser to take in spec of __builtin_ctzl wrapper.
2017-02-22 06:54:59 +11:00
9b09efd1f8
CRefine fix for prepareThreadDelete
2017-02-20 09:23:56 +11:00
c957220996
capDL spec and DRefine for prepare_thread_delete
2017-02-20 09:23:56 +11:00
3db5dd778d
Refine fix for prepare_thread_delete
2017-02-20 09:23:55 +11:00
d7026b5bad
Access and InfoFlow fix for prepare_thread_delete
2017-02-20 09:23:55 +11:00
bcabadbcaa
update invariants for prepare_thread_delete
2017-02-20 09:23:55 +11:00
1ac38269b6
abstract: prepare_thread_delete stub for ARM
...
- defined prepare_thread_delete for finalise_cap
2017-02-20 09:23:55 +11:00
b853647a6d
execspec: fix skeleton for prepareThreadDelete, generated files
2017-02-20 09:23:55 +11:00
185876b89f
haskell: add a stub for prepareThreadDelete
...
this is a function called from finailiseCap to prepare a tcb for deletion
(it does nothing for ARM)
2017-02-20 09:23:55 +11:00
cfd2eefe3d
Merge pull request #159 in SEL4/l4v from ~TSEWELL/l4v:length-1-array to master
...
* commit 'dbd226f899c83ae0b44d58446b88d2dd0fb67a83':
SimplExportAndRefine: length 1 arrays.
2017-02-17 15:08:46 +11:00
dbd226f899
SimplExportAndRefine: length 1 arrays.
...
This creates an issue because "unat x < 1" is reduced to "unat x = 0"
by the simplifier, meaning the unat_mono tactic doesn't get to operate on
it. The fix is pretty easy. Also includes some extra investigation material.
2017-02-17 14:58:22 +11:00
b1f9defffa
fix thydeps parser to handle % in keyword syntax
2017-02-17 14:29:39 +11:00
1541641faf
apply_trace: fix autocorres
2017-02-17 14:29:39 +11:00
2b96c9b3a3
CRefine: add trivial lemma for Arch_finaliseInterrupt
2017-02-16 16:25:57 +11:00
1d364c2cb6
apply_trace: remove accidental reference to foo locale
2017-02-16 10:51:59 +11:00
ba62c94331
apply_debug: include apply_debug by default
2017-02-15 15:00:23 +11:00
2ac4fa3509
corres_method: use corres method by default
2017-02-15 15:00:23 +11:00
Miki Tanaka
Gerwin Klein
Matthew Brecknell
Alejandro Gomez-Londono
Rafal Kolanski
Gerwin Klein
Daniel Matichuk
Joel Beeren
Thomas Sewell
Daniel Matichuk