bb4245d23d
riscv haskell: define rest of arch kernel state
...
Included vspace_uses for refinement proof, and added multiple global PTs.
2019-11-12 18:28:39 +11:00
b692a5c81f
riscv refine: set up PageTableDuplicates (0 sorries)
2019-11-12 18:28:39 +11:00
eab8f3e19e
riscv refine: set up Syscall_R (3 sorries)
2019-11-12 18:28:39 +11:00
1d9328dbcd
riscv refine: set up Tcb_R (0 sorries)
2019-11-12 18:28:39 +11:00
d324216454
riscv refine: set up CNodeInv (3 sorries)
2019-11-12 18:28:39 +11:00
0d881171fa
riscv refine: set up Interrupt_R (0 sorries)
2019-11-12 18:28:39 +11:00
42bd55ea3b
riscv refine: simplify assumptions in CSpace_R
2019-11-12 18:28:39 +11:00
b1157aef9e
riscv refine: sorrying Ipc_R (2 sorries)
2019-11-12 18:28:39 +11:00
bdf9e036a8
riscv refine: sorrying Arch_R (7 sorries)
2019-11-12 18:28:39 +11:00
99b7cc7ceb
riscv refine: remove unused assumptions
2019-11-12 18:28:39 +11:00
5ee57f72fc
riscv refine: sorrying Finalise_R (3 sorries)
2019-11-12 18:28:39 +11:00
45172e930f
riscv refine: basic setup for recursive PTLookup*
2019-11-12 18:28:39 +11:00
76a69cda63
riscv refine: close sorry in KHeap_R
2019-11-12 18:28:39 +11:00
96b3754455
riscv refine: set up IpcCancel (0 sorries)
2019-11-12 18:28:39 +11:00
e6da934e7d
riscv refine: simplify setASIDPool_invs
...
Does not require valid_asid_pool in weakened invariant setting.
2019-11-12 18:28:39 +11:00
e46023fe12
riscv refine: set up Untyped_R (0 sorries)
2019-11-12 18:28:39 +11:00
159bf6a50f
riscv refine: add valid_arch_cap' to invariants
...
It turns out that Untyped_R needs the properties of valid_arch_cap' non-locally
for all descendants of the untyped cap it's looking at. This would be a fairly
involved property to assert, and so far only Retype/Detype had any real proof
obligations on valid_cap', i.e. it should be cheap to keep.
2019-11-12 18:28:39 +11:00
854e74a1fd
riscv refine: add Invocations_R
2019-11-12 18:28:39 +11:00
6dd45e2d5f
riscv aspec: sync max_untyped_size with Haskell/C
2019-11-12 18:28:39 +11:00
4422d1ecca
riscv refine: sorried Detype_R
2019-11-12 18:28:39 +11:00
067d1bdcab
riscv haskell: object numbers for LargePage and HugePage
2019-11-12 18:28:39 +11:00
2d9afdf7be
riscv refine: storePTE_valid_objs + remove one sorry
2019-11-12 18:28:39 +11:00
adf7f7bf03
riscv refine: sorry Retype_R (2 sorries)
2019-11-12 18:28:39 +11:00
01c6c9f7b5
riscv refine: weaken precondition of threadSet_invs_trivialT
2019-11-12 18:28:39 +11:00
4fe875e854
riscv refine: set up Schedule_R (0 sorries)
2019-11-12 18:28:39 +11:00
e850ab5ea5
riscv refine: reduce Haskell guards in TcbAcc
2019-11-12 18:28:39 +11:00
c40435c4a8
riscv refine: sorried VSpace_R
2019-11-12 18:28:39 +11:00
e25631e919
riscv refine: more guard cross-over rules
2019-11-12 18:28:39 +11:00
d4932ced42
riscv refine: set up InterruptAcc_R
2019-11-12 18:28:39 +11:00
7fde8b47a0
riscv refine: set up TcbAcc_R (0 sorries)
2019-11-12 18:28:39 +11:00
df28d3bdbc
riscv refine: set up CSpace_R (0 sorries)
2019-11-12 18:28:39 +11:00
3d037d7219
riscv refine: Invariants_H: syntax precedence for parentOf
2019-11-12 18:28:39 +11:00
b122d1945a
riscv refine: fill in RAB_FN.thy
2019-11-12 18:28:39 +11:00
a3dd552343
riscv refine: set up CSpace1_R (0 sorries)
2019-11-12 18:28:39 +11:00
6cd1482169
riscv refine: set up CSpace_I (0 sorries)
2019-11-12 18:28:39 +11:00
1f149e7387
riscv refine: add ArchFrameCap to capSimps and friends
2019-11-12 18:28:39 +11:00
7815e4734a
riscv refine: introduce bit_simps'
2019-11-12 18:28:39 +11:00
e6fe4420ea
riscv refine: sorried ArchAcc_R
2019-11-12 18:28:39 +11:00
318d54a8ca
riscv refine: adjustments for page_table_at' in KHeap_R
2019-11-12 18:28:39 +11:00
8b40b334bd
riscv refine: rephrase page_table_at' in Invariants_H
2019-11-12 18:28:38 +11:00
c4646172b3
riscv refine: set up KHeap_R (1 sorry) and SubMonad_R
2019-11-12 18:28:38 +11:00
6bc51a2562
riscv refine: set up Bits_R, Corres, EmptyFail
2019-11-12 18:28:38 +11:00
db8768234c
riscv refine: initial state relation
2019-11-12 18:28:38 +11:00
244e8fe32f
riscv refine: initial design invariants
...
upd
2019-11-12 18:28:38 +11:00
8be2ab8484
riscv refine: initial skeleton
2019-11-12 18:28:38 +11:00
d72e6b5263
riscv haskell: sync RISCVPageTableUnmap with C and spec
...
now in sync with seL4 change set f612028b180633dc4e404aaceee656da953f877d
2019-11-12 18:28:38 +11:00
ab43338feb
riscv haskell: bring lookupPTFromLevel up to date with C and spec
2019-11-12 18:28:38 +11:00
6b30142018
riscv haskell: maxUntypedSize depends on addressable memory
...
(not on word size)
2019-11-12 18:28:38 +11:00
8e39bbbda9
riscv aspec: provide a constant for ppn word width
2019-11-12 18:28:38 +11:00
430a345aeb
riscv aspec: avoid type variable warning and freeindex increase
2019-11-12 18:28:38 +11:00
Gerwin Klein