lh-l4v

Commit Graph

Author	SHA1	Message	Date
Michael McInerney	b94a78c88c	lib: reorder assumptions of no_fail_bind In order to aid wp-style reasoning Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>	2024-01-22 19:09:45 +00:00
Michael McInerney	7493e71298	lib+refine: strengthen corres_assert_assume_l and move to Lib Signed-off-by: Michael McInerney <michael.mcinerney@proofcraft.systems>	2024-01-22 19:09:44 +00:00
Gerwin Klein	314158480a	proof: update to Isabelle2023 mapsto syntax Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-10-06 14:41:41 +11:00
Corey Lewis	7999632872	proof: update for changes to nondet monad Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>	2023-10-05 11:24:05 +11:00
Gerwin Klein	5497666b8b	aarch64 ainvs+refine: remove unused dom_ucast_eq The old version of dom_ucast_eq in AInvs is not useful, because the necessary constants are not available yet in AInvs. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:37 +10:00
Gerwin Klein	dcf6ee4d55	aarch64 ainvs+refine: move lemmas from Refine Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:36 +10:00
Gerwin Klein	0369a4bd91	lib+ainvs+aarch64 refine: move+consolidate vcg_op_lift lemmas Collect all operator lifting lemmas in one place under hoare_vcg_op_lift. (Moved from Refine) Move the lifting lemmas that were still in AInvs up to lib. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:36 +10:00
Gerwin Klein	de50741ec0	lib+aarch64 refine: move lemmas to lib Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:36 +10:00
Gerwin Klein	a24ddbefad	aarch64 refine: move lemmas internally Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:36 +10:00
Gerwin Klein	26a3a6eb07	aarch64 refine: lemmas moved to aarch64 ainvs Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:36 +10:00
Gerwin Klein	2251bf85d1	aarch64 refine: lemmas moved to lib Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:35 +10:00
Gerwin Klein	dc4955de6e	aarch64 refine: lemma moved to Word_Lib Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:35 +10:00
Gerwin Klein	5f741944aa	aarch64 refine: move lemmas to lib Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:35 +10:00
Gerwin Klein	62618fc48f	aarch64 refine: improve decode invariance crunch With adjustment of ARMMMU_improve_cases, the decode functions can all be done in a single crunch invocation. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:34 +10:00
Gerwin Klein	c263749d4f	aarch64 refine: consolidate dmo_invs_no_cicd' lemmas With a slightly better lifting rule, these can all be grouped and proved automatically. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:34 +10:00
Gerwin Klein	6bfdecdbf9	aarch64 refine: defer some FIXMEs to CRefine Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:34 +10:00
Gerwin Klein	43c0759388	aarch64 refine: leave comment instead of FIXME Might be useful for later proofs, but no need to fix now. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:34 +10:00
Gerwin Klein	cf0e636c0e	aarch64 refine: resolve trivial FIXMEs These have either already been resolved, are trivial moves within one theory, or they are questions that the rest of the proof has now answered. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:34 +10:00
Rafal Kolanski	2e3c97d055	aarch64 refine: Orphanage sorry-free Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>	2023-09-27 14:28:33 +10:00
Gerwin Klein	8f2710d54d	aarch64 refine: Detype_R sorry-free Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:33 +10:00
Gerwin Klein	1fde0480c7	aarch64 refine: progress in Detype_R Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:33 +10:00
Gerwin Klein	ffd038f69e	aarch64 refine: ADT_H sorry-free Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:33 +10:00
Gerwin Klein	a0311bd946	aarch64 refine: Interrupt_R sorry-free Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:33 +10:00
Gerwin Klein	1f05109562	aarch64 refine: Ipc_R sorry-free Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:33 +10:00
Gerwin Klein	da76bcaac8	aarch64 refine: Arch_R sorry-free Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:32 +10:00
Gerwin Klein	522cef18c1	aarch64 refine: Finalise_R sorry-free Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:31 +10:00
Gerwin Klein	73ba0cee03	aarch64 refine: IpcCancel_R sorry-free Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:31 +10:00
Gerwin Klein	1f60044d83	aarch64 refine: Schedule_R sorry-free Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:31 +10:00
Gerwin Klein	1ea097a7bf	aarch64 refine: Untyped_R sorry-free Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:31 +10:00
Gerwin Klein	2ec696f224	aarch64 refine: Retype_R sorry-free Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:31 +10:00
Gerwin Klein	e74d5fe4b8	aarch64 refine: progress in Retype_R Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:30 +10:00
Gerwin Klein	f14217e294	aarch64 refine: progress in Retype_R Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:30 +10:00
Gerwin Klein	d16d35ef58	aarch64 refine: VSpace_R sorry-free Main progress is in VSpace_R, with some fallout in ArchAcc_R, ADT_R, and Schedule_R for invariant and spec changes. General obj_at preservation for setVMRoot does not hold and is relegated to something more specific in Schedule_R Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:30 +10:00
Gerwin Klein	7ae4e55594	aarch64 refine: ArchAcc_R sorry free Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:29 +10:00
Gerwin Klein	6e576674eb	aarch64 refine: invariant update lemmas Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:29 +10:00
Gerwin Klein	322f4f91d6	aarch64 refine: remove pspace_canonical' This concept no longer makes sense on AARCH64, we will either need to know that certain addresses are in user_region (which implies canonical_user, which is more strict than canonical), or we will need to know they are in the kernel_window, which is also more strict than canonical. We'll only find out for sure in CRefine. Both cases are liftable from valid_vspace_uses and pspace_in_kernel_window from AInvs, so instead of a new invariant, the plan is to use Haskell assertions to transport the relevant info to CRefine when needed. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-09-27 14:28:26 +10:00
Gerwin Klein	7595c02d49	riscv refine: adjust for (no_asm) in Corres_Method The (no_asm) for corres goals is now properly enforced, which means it is now really necessary to provide terminal corres rules in their proper form. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-08-30 21:59:37 +02:00
Corey Lewis	a084de4993	refine: update for changes to nondet monad Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>	2023-08-23 11:48:13 +10:00
Corey Lewis	02116815be	proof+autocorres: update for select_wp and alternative_wp Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>	2023-08-09 16:42:01 +10:00
Corey Lewis	2c8f9eeff1	lib+spec+proof+autocorres: consistent Nondet filename prefix Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>	2023-08-09 12:07:06 +10:00
Gerwin Klein	01a42167f9	riscv refine: example corres method use Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-06-30 15:58:14 +10:00
Gerwin Klein	fad4b70825	refine: make corres method available in Refine Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-06-30 15:58:14 +10:00
Gerwin Klein	c1fe4ad10f	lib+refine: rename Corres_Method to CorresK_Method This also renames most of the corres* methods to corresK* methods, including corressimp -> corresKsimp. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-06-30 10:56:47 +10:00
Gerwin Klein	59759edc42	arm refine: deploy corres_cases in some examples Demonstrates use of corres_cases and corres_cases_both. Main intended benefit is less thinking about safety of schematics, fewer mentions of goal parameter names, and fewer manual guard instantiations. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-06-26 16:20:33 +10:00
Gerwin Klein	f75a3481ae	lib+refine+crefine: disambiguate corres_pre - rename corres_pre set in CRefine to ccorres_pre - rename internal corres_pre method in Corres_Method to corres_pre' - use corres_pre instead of old wp_pre in refine Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>	2023-06-15 10:46:39 +10:00
Rafal Kolanski	7cdd203136	aarch64 refine: first run through Orphanage Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>	2023-05-26 18:04:49 +10:00
Rafal Kolanski	2f3e333500	aarch64 refine: first pass through EmptyFail_H (sorry-free) Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>	2023-05-26 18:04:48 +10:00
Rafal Kolanski	81d382ec71	aarch64 refine: first pass through Refine (sorry-free) Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>	2023-05-26 18:04:48 +10:00
Rafal Kolanski	7154cc9d31	aarch64 refine: remove final mention of vs_valid_duplicates' Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>	2023-05-26 18:04:48 +10:00
Rafal Kolanski	c4dee689b0	aarch64: update Init_R+PageTableDuplicates for PT ghost state Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>	2023-05-26 18:04:48 +10:00

1 2 3 4 5 ...

749 Commits