adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,919 Commits 7 Branches 0 Tags 86 MiB
Commit Graph

3919 Commits

Author SHA1 Message Date
Gerwin Klein 41b4824bf7 riscv refine: cleanup in CSpace1_R 2019-11-12 18:28:39 +11:00
Gerwin Klein 4debd4a44c riscv refine: cleanup in VSpace_R 2019-11-12 18:28:39 +11:00
Gerwin Klein 6cb6814420 riscv refine: cleanup Detype_R 2019-11-12 18:28:39 +11:00
Gerwin Klein eb3f90a815 riscv refine: strengthen word lemmas around mask 2019-11-12 18:28:39 +11:00
Gerwin Klein 66d43a5e91 riscv refine: cleanup in Retype_R 2019-11-12 18:28:39 +11:00
Gerwin Klein eb8370e18e riscv refine: cleanup pass through Invariants_H 2019-11-12 18:28:39 +11:00
Gerwin Klein ec38460345 riscv refine: cleanup pass through ArchAcc_R 2019-11-12 18:28:39 +11:00
Gerwin Klein 7cbe59e67a riscv refine: 0 sorries 2019-11-12 18:28:39 +11:00
Gerwin Klein 04cac93bbe riscv refine: style cleanup in ADT_H 
more consistent indentation and definition style;
removed warnings;
removed (most) magic numbers
 2019-11-12 18:28:39 +11:00
Gerwin Klein 3d6b5970f7 riscv refine: remove trivial sorry in ADT_H 2019-11-12 18:28:39 +11:00
Gerwin Klein 0ac198fab5 riscv refine: Arch_R sorry-free 2019-11-12 18:28:39 +11:00
Gerwin Klein 4a49681bf5 riscv haskell: look up ASID of PT cap, not vspace cap. 
It is the user-provided cap that needs to be checked for correct ASID and
vspace.
 2019-11-12 18:28:39 +11:00
Gerwin Klein f55200b9d9 riscv refine: reduced Arch_R to 1 sorry 2019-11-12 18:28:39 +11:00
Gerwin Klein 7ce1c0fb21 riscv haskell: force vptr alignment in decodeRISCVPageTableInvocationMap 
see also JIRA SELFOUR-2162
 2019-11-12 18:28:39 +11:00
Gerwin Klein 41d525d1b6 riscv refine: reduce sorries in Arch_R 2019-11-12 18:28:39 +11:00
Gerwin Klein 53198e4fce riscv refine: VSpace_R sorry-free 2019-11-12 18:28:39 +11:00
Gerwin Klein b5c47d552e riscv aspec+ainvs: perform_pg_inv_unmap: update cap in memory 
The argument cap is the same as the one in memory, but it's less work to not
prove that.
 2019-11-12 18:28:39 +11:00
Gerwin Klein b051b9437d riscv refine: reduce sorries in VSpace_R 2019-11-12 18:28:39 +11:00
Gerwin Klein 3f5aaa6c48 riscv refine: Finalise_R sorry-free 2019-11-12 18:28:39 +11:00
Gerwin Klein be62cf1cfd riscv refine: reduce sorries in VSpace_R and Arch_R 2019-11-12 18:28:39 +11:00
Gerwin Klein a26c57a825 riscv haskell: needs to unmap, not ignore in finalise 2019-11-12 18:28:39 +11:00
Gerwin Klein f7bf957c71 riscv ainvs: adjustments for unmap_page change 2019-11-12 18:28:39 +11:00
Gerwin Klein 750746296f riscv aspec: unmap_page may be called with unmapped ASID 
This means we can't use gets_the, which asserts, but need find_vspace_for_asid,
which can throw.
 2019-11-12 18:28:39 +11:00
Gerwin Klein ed3d2e1ec2 riscv refine: reduce sorries in VSpace_R 2019-11-12 18:28:39 +11:00
Gerwin Klein d4f3d7122c riscv aspec: fix addr conversions in set_vm_root 
global_pt needs addrFromKPPtr, because it is an address that lives in the
kernel image, other pt's need addrFromPPtr because they are standard
kernel-virtual addresses.
 2019-11-12 18:28:39 +11:00
Gerwin Klein e44423d6bb riscv refine: ArchAcc_R sorry-free 2019-11-12 18:28:39 +11:00
Gerwin Klein 11bcbc1675 riscv refine: fix ppn handling in checkMappingPPtr 2019-11-12 18:28:39 +11:00
Gerwin Klein 09dbc34a0c riscv haskell/design: fix lookupPTSlotFromLevel and lookupPTFromLevel 2019-11-12 18:28:39 +11:00
Gerwin Klein a612a0e54e riscv refine: reduce ArchAcc_R sorries to 1 2019-11-12 18:28:39 +11:00
Gerwin Klein c46a641f7f riscv haskell: globalPT is at maxPTLevel 2019-11-12 18:28:39 +11:00
Gerwin Klein 939201f782 riscv refine: Retype_R and Detype_R sorry-free 2019-11-12 18:28:39 +11:00
Gerwin Klein c77b2126e0 riscv aspec: initialise SSTATUS register correctly 2019-11-12 18:28:39 +11:00
Gerwin Klein 46398221c9 runtests: enable RISCV64 Refine test 2019-11-12 18:28:39 +11:00
Gerwin Klein cd70459771 riscv refine: reduce sorries in Finalise_R 2019-11-12 18:28:39 +11:00
Gerwin Klein 5ac27afad0 riscv refine: close all sorries in CNodeInv_R 2019-11-12 18:28:39 +11:00
Gerwin Klein 98a3efe16a riscv refine: close all sorries in Ipc_R 2019-11-12 18:28:39 +11:00
Gerwin Klein fe895506cc riscv refine: 0 sorries in Syscall_R 2019-11-12 18:28:39 +11:00
Gerwin Klein 1f539c062c riscv refine: 0 sorries in Refine_R 2019-11-12 18:28:39 +11:00
Gerwin Klein 5a7c2ef850 riscv aspec: correct comment for kernel_base; adjust idle_thread_ptr 2019-11-12 18:28:39 +11:00
Gerwin Klein 960636f744 riscv aspec: pick aligned addresses for pptr_base in initial example state. 2019-11-12 18:28:39 +11:00
Gerwin Klein 8ab9888cf4 riscv aspec: set irq type to lowest word length that fits maxIRQ 
The irq type determines the size of the IRQ CNode in the abstract spec, which
(in C) is the smallest power of two that fits maxIRQ.
 2019-11-12 18:28:39 +11:00
Gerwin Klein bf83335d78 riscv refine: reduce sorries in Refine 2019-11-12 18:28:39 +11:00
Gerwin Klein 2d9ec1736f riscv refine: set up DomainTime_R (0 sorries) 2019-11-12 18:28:39 +11:00
Gerwin Klein c764565b51 riscv haskell: fail ArchInv.IRQControlInvocation 
Use fail instead of error so we don't have to prove unreachability for all
properties.
 2019-11-12 18:28:39 +11:00
Gerwin Klein d224325b43 riscv refine: add Orphanage (dummy file) 
This file is needed to prevent error messages in ROOT. No-orphans proof is
currently still ARM-only.
 2019-11-12 18:28:39 +11:00
Gerwin Klein bd8e032504 riscv refine: sorrying Refine_R 2019-11-12 18:28:39 +11:00
Gerwin Klein 6b2009ac45 riscv refine: set up IncKernelInit, InitLemmas, KernelInit_R (0 sorries) 2019-11-12 18:28:39 +11:00
Gerwin Klein cbe29f527f riscv refine: sorrying ADT_H (3 sorries) 2019-11-12 18:28:39 +11:00
Gerwin Klein 4a5084b46b riscv refine: encode absence of Execute in PTablePTEs in state relation 2019-11-12 18:28:39 +11:00
Gerwin Klein 688f8b193d riscv design: make machine op definition available 
setVSpaceRoot was being shadowed, because setVMRoot was wrongly excluded instead.
 2019-11-12 18:28:39 +11:00