796887d9b1
Removes all trailing whitespaces
2017-07-12 15:13:51 +10:00
392d055e99
SELFOUR-748: rename tlb invalidation functions
2017-06-20 14:05:45 +10:00
ef6e2dc32c
arm-hyp machine spec: get_gic_vcpu_ctrl_eisr1 shoud call get_gic_vcpu_ctrl_eisr1_val (fix)
2017-06-19 14:32:37 +10:00
8ace5b721d
arm-hyp abstract: (Fix) Correctly defining setCurrentPD
2017-06-19 14:32:32 +10:00
ce02f303ac
arm-hyp machine: update physBase for TK1
2017-06-19 14:32:31 +10:00
6c1715827c
arm-hyp machine: update maxIRQ
2017-06-19 14:32:31 +10:00
75492ee523
arm-hyp machine: update cache lines (32->64)
2017-06-19 14:32:31 +10:00
de745cb2e8
haskell: adopt new getActiveIRQ parameter
2017-06-19 14:32:26 +10:00
4ee422a392
aspec: make getActiveIRQ aware of whether we are at entry or preemption
...
Some interrupts can only occur at kernel entry, but not at kernel preemption
points. In particular interrupts that are caused by user-level code.
2017-06-19 14:32:26 +10:00
f00965b376
arm-hyp haskell/design: tune VGIC lr machine ops to make more sense
...
Forcing the machine ops to depend on the arguments, and switching from
nat to machine_word since there are no nats in C.
2017-06-19 14:32:25 +10:00
53a2826e77
arm-hyp design/abstract: clean up and indent MachineOps
2017-06-19 14:32:24 +10:00
3b12ece77a
arm-hyp abstract/design: add VCPU banked register machine ops
2017-06-19 14:32:24 +10:00
476690e91a
arm-hyp machine ops: get_gic_vcpu_ctrl_eisr*
2017-06-19 14:32:24 +10:00
bb9d8df8e8
arm-hyp execspec/machine: callbacks and variuos vcpu functions
...
- defined callback axiomatisations
2017-06-19 14:32:19 +10:00
c32e6552e5
arm-hyp execspec: add irqVGICMaintenane and initInterruptController
...
with caseconvs, generated files
2017-06-19 14:32:19 +10:00
0741f0d533
arm-hyp execspec/machine: fixing import paths and namespace for multiple architecture
2017-06-19 14:32:19 +10:00
8bfc2ac68c
execspec/machine: remove redundant file (ARM)
2017-06-17 16:26:11 +10:00
1f8127c6cc
arm-hyp (abstract/design/machine): add ARM_HYP directories
2017-06-17 16:26:11 +10:00
6fb8f73535
design: Remove files generated by the haskell-translator
2017-05-11 16:26:18 +10:00
ac0a55496c
x64: Retype_R checking with sorry proofs
2017-04-07 11:38:41 +10:00
1a12926724
x64: use generic VMMapType from haskell rather than redefine in abstract
2017-03-21 15:09:37 +11:00
15f32f4dce
x64: ASpec builds after merge for ARM, X64
2017-03-14 13:16:14 +11:00
95d1671940
Merge remote-tracking branch 'verification/master' into x64-split
...
Conflicts:
lib/LemmaBucket.thy
lib/NonDetMonadLemmaBucket.thy
lib/Word_Lib/Word_Lemmas.thy
lib/X64/WordSetup.thy
proof/invariant-abstract/ARM/ArchDetype_AI.thy
proof/invariant-abstract/ARM/ArchInvariants_AI.thy
proof/invariant-abstract/BCorres_AI.thy
proof/invariant-abstract/CSpace_AI.thy
proof/invariant-abstract/DetSchedSchedule_AI.thy
proof/invariant-abstract/Interrupt_AI.thy
proof/invariant-abstract/IpcCancel_AI.thy
proof/invariant-abstract/Syscall_AI.thy
proof/invariant-abstract/Untyped_AI.thy
proof/refine/ARM/Include.thy
spec/abstract/ARM/ArchTcb_A.thy
spec/abstract/CSpace_A.thy
spec/abstract/Tcb_A.thy
spec/design/ARM/ArchIntermediate_H.thy
spec/design/X64/ArchInterruptDecls_H.thy
spec/haskell/Makefile
spec/machine/MachineExports.thy
tools/c-parser/.gitignore
tools/c-parser/standalone-parser/Makefile
tools/c-parser/testfiles/ARM/imports/MachineWords.thy
tools/c-parser/testfiles/X64/imports/MachineWords.thy
tools/haskell-translator/caseconvs
2017-03-10 19:35:39 +11:00
98832f8ccd
execspec: add hypervisor, HypFaultType in skeletons (ARM), generated files
2017-02-22 15:26:46 +11:00
520921351a
provide TCB argument for sanitiseRegister
...
Other platforms such as arm-hyp will need to look into additional TCB state
such as VCPU in sanitiseRegister. This commit provides the scaffolding for
that.
2017-02-12 12:54:42 +11:00
9ac4d1ba06
x64: progress in Detype_AI
...
May need some additional work to ensure compatibility with vspace lookup
generalisation.
2017-02-01 16:22:41 +11:00
4329c6a6bd
x64: fix endianness of storeWord and loadWord
2017-02-01 16:22:06 +11:00
3dafec7d46
backport changes to ARM proofs from X64 work in progress
...
- replace ARM-specific constants and types with aliases which can be
instantiated separately for each architecture.
- expand lib with lemmas used in X64 proofs.
- simplify some proofs.
Also-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
2017-01-27 08:31:07 +11:00
b35c50c481
x64: spec: update machine functions, invocations, set_vm_root for new
...
kernel version
2017-01-20 16:18:49 +11:00
e543bf5501
merge x64-split into local branch
2017-01-18 13:49:51 +11:00
759a0387ab
merge master into x64-split
...
Primarily concerns wp improvements
2017-01-18 07:49:48 +11:00
77a657004d
x64: Interrupt_AI, ArchInterrupt_AI done
2017-01-17 14:04:55 +11:00
8ac1200329
cleanup: remove accidentally declared const
2017-01-15 17:05:52 +01:00
a1b5f16ed6
merge x64-split into local branch
2017-01-11 17:22:05 +11:00
5bdcbe537e
fix ARM build after merge
...
Also:
- move some ARM-specific things out of Tcb_AI
- port changes from ARM to X64, up to beginning of ArchVSpace_AI
2017-01-10 17:09:31 +11:00
7dce5dd7c4
x64: defined a bunch of machine ops that were previously unspecified
2017-01-05 15:38:06 +11:00
73a08160a1
merge master into x64-split
2016-11-30 12:08:32 +11:00
b07d971a08
x64: machine: move word_size_bits definition to MachineTypes.
...
Furthermore, create generic library of word lemmas that require
the Arch context to prove, but can be proven with the same proof in
all architectures. These lemmas can then be used safely in generic
theory files. This library is in spec/machine/WordExports.thy
2016-11-25 15:30:36 +11:00
ab6b9baebb
ExecSpec: Changes to the haskell to better reflect ASpec
...
* atcbContextGet and atcbContextSet where added (just as in ASpec)
* asUser is now defined in terms of atcbContext{Get,Set}
* arch_tcb is now correctly imported as a datatype not as a type
synonym
tags: [VER-623][SELFOUR-413]
2016-11-25 13:05:55 +11:00
99bcebda87
ASpec: arch-specific faults + VMFault -> ArchFault + ReservedIRQ
...
* fixing name space for arch_tcb and tcb_context
* arch_fault added
* changing name space for arch_tcb
- as_user, set_mrs, get_mrs, copyRegsToArea, and copyRegsToArea are
moved to the ARM_HYP directory. This breaks the proofs in
refinement, etc., mostly in tcb related files.
* removed a duplicate range check definition
* fixes ARM for arch_tcb
* adding arch_thread_get/set
* add ReserveIRQ
- initInterruptController is not added yet.
* add arch_fault
- arch_fault and related functions are added.
* arch-parametrising arch-specific extra registers
- ArchDefaultExtraRegisters is the common interface that refers to the
arch-specific data (ARMNoExtraRegisters for ARM/ARM_HYP)
* Adding accesors for tcb_context
- Despite the fact that tcb_context has an arch-specific definition,
it is reasonable to assume that some form of tcb_context will be
available in any architecture, thus the need for accesors to handle
updates.
* as_user updated to use tcb_context accesors
* set_mrs and get_mrs updated to use tcb_context accesors
- Several function on ArchTcb_A and ArchTcbAcc_A (both theories where
removed) can be defined in a general context by using the
tcb_context accesors
tags: [VER-623][SELFOUR-413]
2016-11-25 13:05:49 +11:00
a2d707d17e
SELFOUR-553: update rpidrurw in TCBConfigure for simpler Infoflow proofs.
2016-11-18 16:27:26 +11:00
f8f88c6952
SELFOUR-553: Change Spec according to C code and fix ASpec and AInvs
2016-11-18 16:19:14 +11:00
f32e2ca0f5
SELFOUR-444: Abstract implementation.
...
Abstract implementation of preemptible retyping.
2016-11-02 11:19:08 +11:00
1a6e362598
x64: added more machine definitions
2016-10-26 16:42:50 +11:00
991dd30173
x64: port device-untyped from ARM
2016-10-10 13:26:40 +11:00
256e241770
merge master into x64
2016-10-06 19:57:55 +11:00
1edc9ced5f
x64: commented out some IOSpace stuff, added machine op definitions.
2016-10-05 12:02:46 +11:00
113315d9a6
SELFOUR-421: merge and fix up to ArmConfidentiality proof
2016-09-22 19:21:56 +10:00
328846ee1a
SELFOUR-421: crefine builds
2016-09-22 19:11:37 +10:00
5b19e2c284
merge master into x64-split
...
This resurrects the ARM architecture on the x64-split branch.
It also brings X64 up-to-date with progress on arch_split.
2016-08-09 18:58:37 +10:00
f9f160ed14
arch_split: replace some fixed word sizes with type aliases
...
Changed some instances of word32 to machine_word, and "10 word" to irq.
Also introduce a type_synonym for "machine_word_len".
2016-08-03 14:46:23 +10:00
bbfc1df601
x64 abstract spec: add some missing cases in ArchVSpace_A unmap operations
...
These had been undefined, causing some crunch commands to fail.
2016-07-27 12:26:53 +10:00
dd73a2c819
run haskell translator
2016-07-21 15:54:49 +10:00
e2c55aa544
run haskell translator
2016-07-20 18:16:23 +10:00
9c608c62dc
arch_split: Schedule_AI [VER-565]
2016-06-02 14:20:06 +10:00
61d0de297b
x64: arch-ified machine word size to allow substitution for type variables
2016-06-01 13:27:24 +10:00
f2cf12c345
x64: updated ASpec for WordSetup arch-split
2016-06-01 11:14:43 +10:00
8baa7c34ed
x64: retranslate haskell after rebase
2016-06-01 11:12:55 +10:00
1bc374fbaa
x64 invs: up to vs_refs_pages
2016-06-01 11:12:55 +10:00
73b731562c
x64: add arch_split'd x64 spec with IOMMU stuff
2016-06-01 11:12:55 +10:00
9ccdbfa21e
arch_split: move locale setup to generic theory
2016-05-31 15:14:40 +10:00
6a2692abc6
lib: fix theory includes for arch-splitted WordSetup
2016-05-20 12:31:10 +10:00
f0faa90f8a
lib/spec/proof/tools: fix word change fallout
2016-05-16 21:11:40 +10:00
7e37215bd2
arch_split: add extend_locale to base import
2016-05-06 18:37:16 +10:00
9ceed1eb12
arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy.
2016-05-04 15:14:41 +10:00
670d1c118d
arch_split: added optional definition override for crunch. Reduced qualification commands to minimal required set.
2016-05-04 15:14:41 +10:00
0c3a12771d
arch_split: merge master
2016-04-28 14:36:43 +10:00
1d20b393c0
arch_split: replaced sublocale with global_naming
2016-04-27 14:32:38 +10:00
3191c485d5
arch_split: added ARM_A and ARM_H locales
2016-04-20 17:31:45 +10:00
72337faa7b
arch_split: added namespacing to ExecSpec
2016-04-01 15:17:17 +11:00
144778e8eb
arch_split: avoid caching file_defs in translator to make CONTEXT environment function as expected
2016-04-01 15:09:34 +11:00
d7fd88727a
SELFOUR-420: Verification of maxIRQ check in handle_interrupt.
2016-03-17 11:20:52 +11:00
8cc95bfb8e
arch_split: merge master into arch_split
2016-03-01 11:30:47 +11:00
d107cb6758
arch_split: halfway into KHeap_AI
2016-02-22 17:48:52 +11:00
84d2889d45
Isabelle2016: merge master into 2016
2016-02-19 16:17:26 +11:00
df8261c121
arch_split: split up Invariants_AI
2016-02-17 16:36:29 +11:00
bc73b112bd
l4v-sabre: change type of irq to be 10 word
2016-02-17 11:18:02 +11:00
50fa257113
rebase and fix problems caused by new machine constants
2016-02-17 11:18:02 +11:00
bee4ba0052
l4v-sabre: fix refine
2016-02-17 11:18:02 +11:00
c65e290a8b
Isabelle2016: merge master into 2016
2016-02-16 12:52:24 +11:00
1018d01b6f
arch_split: More namespacing progress and invariant splitting. Checks halfway into Invariants_AI
2016-02-05 17:00:06 +11:00
9718f1bda2
arch_split: progress on namespacing abstract spec
2016-02-05 16:59:18 +11:00
1d0366ac5e
msi: Restructure IOAPIC, MSI interrupts for x86, fix up ARM proofs for new API
2016-02-02 15:57:28 +11:00
b214ac035f
resurrected "defs" command for Isabelle2016-RC1
2016-01-18 15:10:47 +11:00
fad2c6aae9
paramatrised abstract and haskell specs over L4V_ARCH
...
Haskell translator was modified to support multiple translations
of the haskell, with different build parameters.
2016-01-13 12:01:40 +11:00
cfec9ea0db
Merge branch 'master' into 2015
2015-05-28 11:45:13 +10:00
002cf370bb
Updated proof with new fastpath changes removing setCurrentASID and armv_contextSwitch_fp
2015-05-28 11:30:22 +10:00
12fa86863a
fewer warnings
2015-05-16 19:52:49 +10:00
fe14c7c456
Make toPAddr and fromPAddr input abbreviations (not abbreviations).
...
This stops every instance of "id" becoming "fromPAddr" in goals.
2014-10-24 16:26:19 +11:00
3fb7f99d55
make-spec: Avoid generating unnecessary whitespace in instance proofs.
2014-10-21 21:36:27 +11:00
7521fa080b
spec: Remove excessive strings of newlines.
2014-10-21 10:42:43 +11:00
8d11a22f5b
ioapic: first abstract spec
2014-08-22 16:24:40 +10:00
0fb7a8084d
misc: Proofing and formatting of README.md files.
...
Attempt to improve readability of the files when viewed as plain ASCII;
proof-read and fix minor issues.
2014-07-28 13:15:48 +10:00
4326d30cdc
the other README files for spec/
2014-07-22 19:11:43 -04:00
50dda7708c
comment cleanup
2014-07-22 18:10:20 +02:00
9d9a325032
Updates for getpaddr system call (by Joel Beeren)
2014-07-18 17:21:34 +02:00
2a03e81df4
Import release snapshot.
2014-07-14 21:32:44 +02:00
Alejandro Gomez-Londono
Joel Beeren
Miki Tanaka
Rafal Kolanski
Gerwin Klein
Alejandro Gomez-Londono
Matthew Brecknell
Gerwin Klein
Thomas Sewell
Xin,Gao
Corey Richardson
Matthew Brecknell
Daniel Matichuk
Sophie Taylor
Andrew Boyton
David Greenaway