This verifies a C kernel patch (seL4/seL4#409) which consolidates
translation between virtual and physical addresses, and makes it
consistent across architectures. In particular, we always use
`addrFromKPPtr`, even on architectures that don't use a distinct region
to map the kernel ELF. This will facilitate future improvements which
move the ELF mapping into a distinct virtual address region.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
This brings the naming convention closer to the other architectures,
closer to the Haskell, and closer to the constant renames that happened
in C. It is, however, quite an invasive change.
kernelBase_addr -> pptrBase
kernelBase -> pptrBase
physMappingOffset -> ptrBaseOffset
Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
Update specs and proofs for ARM platforms to contain TPIDRURO in the
TCB user context rather than treating it as a VCPU register, following
change in C.
Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
diminished takes two caps and asserts that one is equal to the other
except that one may have fewer rights. We remove this definition and all
references to it, replacing diminished with equality.
When the bitfield generator switches to python 3, the dicts we use to
track data won't be iterated deterministically. These changes
disambiguate (some) record literals and accessors so that they aren't
sensitive to the definition order.
Changes in the C boot code mean that `tcb_C` and `asid_pool_C` are now
overloaded in the Isabelle C specification: They are constructors for
the respective C structs, and also accessors for fields of an unrelated
struct (`root_server_mem_t`). Consequently, we need to be more explicit
when naming the constructors.
Previously, the C kernel maintained a global pointer to the IRQ node.
This pointer was only initialised during boot, when the actual IRQ node
was dynamically allocated from untyped memory.
The C kernel now includes a statically allocated IRQ node, which is just
a suitably sized array of CTEs. This commit updates the proofs to verify
this change to the C kernel.
Gerwin Klein
Matthew Brecknell
Rafal Kolanski
Gerwin Klein
Victor Phan
Edward Pierzchalski
Amirreza Zarrabi
Corey Lewis
Thibaut Perami
Thomas Sewell
Japheth Lim
Alejandro Gomez-Londono
Alejandro Gomez-Londono
Joel Beeren
Rafal Kolanski