665a3c15a0
Restore global valid assertions in graph refine.
...
The global-object pointer validity assertion is now created at
export time, and the graph refine mechanism now proves them. It
seems they were forgotten about once again in adjusting the globals
logic.
2014-09-30 16:09:22 +10:00
0288aeb1b8
bisim: Isabelle 2014 changes.
2014-09-24 12:24:00 +10:00
df8237c08a
drefine: Isabelle 2014 changes.
2014-09-24 12:21:10 +10:00
60f06246c7
Commit some of the GraphRefine testing rig.
...
Otherwise I have to fetch this out from history every
time that SEL4GraphRefine breaks.
2014-09-23 16:40:07 +10:00
0c004d2a93
Merge branch 'master' into 'isabelle-2014'.
...
Conflicts:
proof/drefine/Arch_DR.thy
proof/drefine/Finalise_DR.thy
proof/drefine/StateTranslation_D.thy
sys-init/DuplicateCaps_SI.thy
sys-init/Proof_SI.thy
tools/autocorres/tests/examples/SchorrWaite.thy
2014-09-23 14:31:33 +10:00
22b9118432
infoflow: Fix non-terminating proof for Isabelle 2014.
...
Remove useless ROOT.ML file, while I am here.
2014-09-19 14:33:54 +10:00
f59767cdac
Slight fudges for Fastpath use with PIDE.
2014-09-18 20:12:43 +10:00
4a56fb49f9
Fix a triviality in Interrupt_C.
2014-09-18 19:30:32 +10:00
ea58753cd7
Merge branch 'cdl_page_map_cancel'
...
Merge in the setting of registers and the starting of threads in the system initialser.
2014-09-18 17:21:17 +10:00
2b7b258997
sys-init: Prove the starting of threads is done correctly.
...
We no longer assume the starting of threads, but prove it correct
(assuming the behaviour of the scheduler).
2014-09-18 12:30:04 +10:00
cc71c3aadf
drefine: More updates for Isabelle 2014.
2014-09-18 11:04:47 +10:00
cf0d1abce6
Merge 'master' into 'isabelle-2014'.
...
Conflicts:
proof/crefine/Fastpath_C.thy
proof/drefine/KHeap_DR.thy
proof/infoflow/Noninterference.thy
spec/design/version
sys-init/DuplicateCaps_SI.thy
sys-init/InitTCB_SI.thy
sys-init/Proof_SI.thy
tools/asmrefine/SimplExport.thy
tools/autocorres/tests/examples/SchorrWaite.thy
2014-09-17 14:21:13 +10:00
e141eecca8
infoflow: Port to Isabelle 2014.
2014-09-16 10:39:22 +10:00
f014045e52
merge
2014-09-12 16:23:44 +10:00
0199c5c19c
Fix seL4_TCB_Resume
2014-09-12 15:28:47 +10:00
ded25f4067
sys-init: Refactor the writing of register to happen earlier, and prove correctness.
2014-09-12 15:15:43 +10:00
730825abe5
capDL-api: Port to Isabelle 2014.
2014-09-12 11:40:28 +10:00
5af2327de4
crefine: Port fastpath proof and final refine theorem to Isabelle 2014.
2014-09-12 09:56:06 +10:00
452a4ce943
crefine: Remove stray "goals_limit = 1".
2014-09-12 09:04:33 +10:00
03b1952aaa
crefine: Port CRefine to Isabelle 2014.
2014-09-11 16:57:59 +10:00
5015f53d95
fix seL4_TCB_WriteRegisters
2014-09-10 17:30:35 +10:00
47662af345
fix DSpecProofs
2014-09-09 15:57:52 +10:00
2825c9a403
Make regression test more likely to pass.
2014-09-09 14:37:18 +10:00
7167ea42ac
CapDL: Made IRQ Nodes a new object type, not a small CNode.
...
IRQ Nodes are now their own object type in capDL. This makes it much easier
to distinguish between "real" CNodes and IRQ Nodes.
Updated:
* the capDL refinement,
* the access proofs, and
* the system initialiser.
2014-09-09 14:07:50 +10:00
083a4b68d7
Really add binary verification to regression test.
2014-09-08 16:23:10 +10:00
41c0e994ad
Make SIMPL->Graph regression testable.
2014-09-05 19:10:03 +10:00
77dd554227
page_map_unmap_cancel : cdl spec changed and drefine fixed.
2014-09-05 14:48:22 +10:00
4c7ef803d7
SEL4GraphRefine now completed.
...
These final changes complete the SEL4GraphRefine process. Some
cleanup remains to be done, especially in SEL4GlobalsSwap, but the
process is now mature and working, and the testing code
in SEL4GraphRefine can be discarded.
Success depends on seL4 commit 97d6bc96d54f1f0beafb25033b03b57ba54a5113
which is compatible with crefine and will be included in the repo
manifest immediately.
2014-09-03 17:38:45 +10:00
a5f2cab271
Merge branch 'master' into ioapic
2014-09-02 11:13:55 +10:00
caf0529c7f
Move burden of 'halt' proof, use less modifies.
...
In detail:
- add a general user-specified exception to c_exntype
(for use in tools like Substitute)
- wrap calls to 'halt' in Guard {}, making it clearer that
halt is never called, simplifying asmrefine
- repair halt changes in crefine
- avoid use of some suspicious 'modifies' properties in crefine
which were generated by the parser for functions where inline
ASM blocks have been elided, and which may be inaccurate.
2014-08-29 13:57:28 +10:00
463df8e083
Merge branch 'master' into ioapic
2014-08-29 13:14:53 +10:00
b3e2eb1f9d
ioapic: finished up to InfoFlowC
2014-08-28 15:56:26 +10:00
0346fb20b6
SIMPL->Graph proofs largely working.
2014-08-27 15:30:34 +10:00
0c52978dd8
More asmrefine work, global swapping ready.
2014-08-21 14:13:46 +10:00
f1d808c96a
integrate separation kernel config proofs
...
Hooked up into build system and regression test; added READMEs
2014-08-13 22:08:46 +10:00
71e7dcc319
Fix Access, InfoFlow and DRefine.
2014-08-13 16:45:40 +10:00
3556bee2dc
github import of static cap config proofs
2014-08-13 15:31:21 +10:00
9b01fada15
Refine working.
2014-08-11 18:51:04 +10:00
fc6e57716a
Proof updates, working as far as AInvs.
2014-08-11 14:50:56 +10:00
ded3a4a86f
option_map_def -> map_option_case for 2014-RC0
2014-08-09 21:09:37 +10:00
1af1d2b67b
some of the global Isabelle2014 renames
...
option_case -> case_option
sum_case -> case_sum
prod_case -> case_prod
Option.set -> set_option
Option.map -> map_option
option_rel -> rel_option
list_all2_def -> list_all2_iff
map.simps -> list.map
tl.simps -> list.sel(2-3)
the.simps -> option.sel
2014-08-09 15:39:20 +10:00
0fb7a8084d
misc: Proofing and formatting of README.md files.
...
Attempt to improve readability of the files when viewed as plain ASCII;
proof-read and fix minor issues.
2014-07-28 13:15:48 +10:00
63c6ef2785
Updated READMEs for capDL-api and sep-capDL, and added one for sys-init.
2014-07-26 12:28:38 +10:00
35b6099732
remaining README.md for proof/
2014-07-25 11:51:31 +10:00
1421b09366
Even more cleanup of drefine.
2014-07-25 11:23:24 +10:00
c060f715db
Add a top-level file for the capDL API proofs.
2014-07-24 19:56:24 +10:00
283b54b351
comment to explain different do_user_op function in infoflow ADT
2014-07-24 14:53:57 +10:00
93375ba96d
Initial README.md files for proof/
2014-07-24 13:31:57 +10:00
ffb0d165f6
Some more cleanup of drefine.
2014-07-23 15:29:20 +10:00
add3ea9cd5
sys-init: Show the separation algebra for capDL is a cancellative separation algebra.
...
* The separation algebra for capDL is also a cancellative separation algebra.
* The arrows are strictly_exact, meaning they describe only a single heap.
* Since we have a cancellative separation algebra, this means the arrows are also precise.
2014-07-23 15:20:52 +10:00
154da63715
remove old levity and taint-mode comments
2014-07-22 18:10:28 +02:00
50dda7708c
comment cleanup
2014-07-22 18:10:20 +02:00
acf0abe16a
Cleanup of a number of definitions of the separation algebra for capDL.
...
* The definitions of the separation "arrows" is slightly nicer and more consistent.
- We have a nicer correspondence between sep_map_c and sep_map_s.
- sep_map_irq now specifies exactly what the IRQ table contains
(that it *only* has one entry, not that it contains at least that entry).
- Nicer LaTeX output for the arrows.
* A number of minor renaming of constants and types.
- cdl_component => cdl_component_id
- sep_entity => cdl_component
- state_sep_projection => sep_state_projection
- obj_to_sep_state => object_to_sep_state
* Removed a few unused lemmas.
2014-07-22 14:37:37 +10:00
a6d4ed8151
Merge branch 'getpaddr-merge'
2014-07-18 17:31:09 +02:00
9d9a325032
Updates for getpaddr system call (by Joel Beeren)
2014-07-18 17:21:34 +02:00
07b85fe034
Move some more lemmas into lib.
2014-07-18 17:23:07 +10:00
84595f4233
release cleanup
2014-07-17 18:22:50 +02:00
2a03e81df4
Import release snapshot.
2014-07-14 21:32:44 +02:00
Thomas Sewell
David Greenaway
Andrew Boyton
Gao Xin
Joel Beeren
Gerwin Klein
Toby Murray
Corey Lewis