72dfb53e91
aarch64 refine: copy IncKernelLemmas+InitLemmas from RISCV64
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:46 +10:00
ee346ba108
aarch64 refine: first pass though Init_R
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:46 +10:00
59d303b020
aarch64 refine: first pass through Syscall_R
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-26 18:04:46 +10:00
226c2f6a95
aarch64 refine: first pass through Arch_R
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:46 +10:00
7ed847638d
aarch64 haskell: update decodeARMASIDPoolInvocation
...
Check for mapping was incorrect (attempted to check the ASID cap for
ptIsMapped) and it turns out not necessary.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:45 +10:00
7cea1dc893
aarch64 aspec: attribs_from_word used wrong bits
...
bit 0 set = cachable = NOT Device
bit 2 set = execute never = NOT execute
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:45 +10:00
8de14306d4
aarch64 refine: first pass through Tcb_R
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-26 18:04:45 +10:00
20fad5b9fc
aarch64 refine: update vmattributes_map for devices
...
Page is cachable if not a device.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:45 +10:00
a88bf412a5
aarch64 refine: remove 1 sorry
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-26 18:04:45 +10:00
f3bbd47537
aarch64 haskell: prefer fail over error
...
`error` is mapped to `undefined` which does not work well with `crunch`.
`fail` is mapped to monadic `fail` in Isabelle, works fine with crunch
and we have to prove that it's not called in `corres`.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-26 18:04:45 +10:00
4834c2589a
aarch64 refine: first pass through CNodeInv_R
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-26 18:04:44 +10:00
835d82c253
aarch64 refine: first pass through Interrupt_R
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-26 18:04:44 +10:00
865facfde9
aarch64 refine: first pass through Ipc_R
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-26 18:04:44 +10:00
4dfb6f8ad3
aarch64 refine: first pass through Finalise_R
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:44 +10:00
be22c7bfcc
aarch64 refine: set up Untyped_R from RISCV64, add hyp/vcpu
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-26 18:04:44 +10:00
0a7eaece00
aarch64 refine: copy over Invocations_R from RISCV64
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-26 18:04:44 +10:00
f4c12a6d85
aarch64 refine: remove kernel_mappings in Retype/Detype
...
These do not exist on AARCH64
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-26 18:04:43 +10:00
5601abc530
aarch64 refine: fill in VSpaceObject cases in Retype_R
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-26 18:04:43 +10:00
a4536a17ce
aarch64 refine: first pass through Detype_R
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:43 +10:00
e508693534
aarch64 refine: first pass through Retype_R
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:43 +10:00
3a77d097c4
aarch64 refine: first pass through IpcCancel_R
...
needed some changes to Schedule_R and VSpace_R
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:43 +10:00
044a97ed1a
aarch64 refine: first run through Schedule_R
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:42 +10:00
904056868d
aarch64 refine: add state_hyp_refs_of' to valid_state'
...
Somehow we missed this on the first pass. Adjusted existing proofs.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:42 +10:00
a79e06f419
aarch64 refine: first run through VSpace_R
...
This required a lot of adaptation from ARM_HYP, rearranging, and fixing.
The VCPU lemmas are mostly now constrained to one area, making it
theoretically possible to make a VCPU theory in the future.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:42 +10:00
0f11a7a52a
aarch64 refine: progress in ArchAcc
...
Co-authored-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-26 18:04:42 +10:00
97ebd07298
aarch64 refine: start on VSpace_R
...
Up to and including handleVMFault_corres which needed a major overhaul.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:42 +10:00
059afc8743
aarch64 refine: add InterruptAcc_R
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:41 +10:00
cb03631312
aarch64 refine: add TcbAcc_R and ArchMove_R
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:41 +10:00
2b543da5f3
aarch64 refine: add CSpace_R
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:41 +10:00
18d76ef54b
aarch64 refine: add vcpuBits_def to objBits_defs
...
The way we handle vcpuBits on AARCH64 is different to ARM_HYP.
This seems the most logical place to put vcpuBits_def to aid automation.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:41 +10:00
a93a62641d
aarch64 refine: copy RAB_FN from RISCV64
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:41 +10:00
e0114eef06
aarch64 refine: add CSpace_I and CSpace1_R
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-26 18:04:41 +10:00
3b5a983362
aarch64 refine: first pass through ArchAcc_R
...
Co-authored-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-26 18:04:40 +10:00
b42665460d
aarch64 refine: use ptTranslationBits for indices
...
Co-authored-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-25 19:34:18 +10:00
38a65fd453
aarch64 refine: adjust KHeap_R from RISCV64
...
Add VCPU/hyp lemmas from ARM_HYP, fix and update failing lemmas. Leave
1 sorry on pspace_canonical, which might not be needed for AARCH64.
Co-authored-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-25 19:34:17 +10:00
b882216086
aarch64 refine: copy Machine_R from RISCV64
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-25 19:34:17 +10:00
555bff6f6c
aarch64 refine: copy SubMonad_R from RISCV64
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-25 19:34:17 +10:00
7cdb85fad1
aarch64 refine: copy EmptyFail from RISCV64
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-25 19:34:17 +10:00
bf3929b9d5
aarch64 refine: adjust Bits_R from RISCV64
...
Add VCPU/hyp material from ARM_HYP, fix up broken lemmas.
Co-authored-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-25 19:34:17 +10:00
61bce83518
aarch64 refine: copy Corres.thy from RISCV64
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-25 19:34:17 +10:00
55a01f1829
aarch64 refine: complete StateRelation
...
Co-authored-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-25 19:34:16 +10:00
9f25a4e8f6
aarch64 haskell: use ppn concept for PageTablePTEs
...
Don't store the bottom 12 bits of the base address for page table PTEs,
because we know they are zero. This gives us implicit alignment to
pageBits in the page table walker.
The C code stores only 36 significant bits, whereas this commit still
uses a full 64-bit machine word for the ppn in Haskell. To be adjusted
in a future change.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-25 19:34:16 +10:00
394f74b615
aarch64 aspec: sync vmid bit width with Haskell+C
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-25 19:34:16 +10:00
0b0b3b32d5
aarch64 refine: iteration on Invariants_H
...
Co-authored-by: Rafal Kolanski <rafal.kolanski@proofcraft.system>
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-25 19:34:16 +10:00
44fc3ec8d5
aarch64 refine: copy LevityCatch from RISCV64
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-25 19:34:16 +10:00
96851e8b34
aarch64 ainvs: fix typo
...
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2023-05-25 19:34:16 +10:00
1404b9c0d0
aarch64 refine: add StateRelation
...
Only text replacement of RISCV64->AARCH64 for now.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-25 19:34:15 +10:00
01575f20d5
aarch64 refine: copy InvariantUpdates_H from RISCV64
...
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-25 19:34:15 +10:00
148355479f
aarch64 refine: first attempt at Invariants_H
...
Quite a few issues remain, notably validity of ASID maps and
relationship to ASID table is missing from valid_arch_state'
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-25 19:34:15 +10:00
0794e0a427
run_tests: enable BaseRefine for AARCH64
...
Switch exclusion to Refine.
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
2023-05-25 19:34:15 +10:00
Rafal Kolanski
Gerwin Klein