e11abb6011
x64: crefine: prove isIOPortRangeFree_spec
2018-07-05 17:07:58 +10:00
80693df8e2
x64 crefine: add mask_eq_ucast_shiftl
2018-07-05 17:07:58 +10:00
3231ee17bf
x64 crefine: prove 'return false' case of isIOPortRangeFree_spec postcondition
2018-07-05 17:07:58 +10:00
aabf8ded2e
x64 crefine: progress on isIOPortRangeFree_spec postcondition
2018-07-05 17:07:58 +10:00
7eb8e01443
x64: crefine: proved word_highbits_bounded_highbits_eq
...
Contributed by: Michael Sproul <michael.sproul@data61.csiro.au>
2018-07-05 17:07:57 +10:00
da05f4f72e
x64: crefine: cleared vcg precondition sorry in isIOPortRangeFree_spec, modulo small word lemma
2018-07-05 17:07:57 +10:00
b9c3279779
x64 crefine: prove mask_le_mono
...
Contributed by: Thomas Sewell <Thomas.Sewell@data61.csiro.au>
2018-07-05 17:07:57 +10:00
7a951cad95
x64 crefine: prove invariant preservation for isIOPortRangeFree_spec
2018-07-05 17:07:49 +10:00
7af93e5bc1
x64: crefine: prove word_minus_1_shiftr
2018-07-05 16:23:15 +10:00
07b60ec185
x64: crefine: progress on sorries in isIOPortRangeFree_spec
2018-07-05 16:23:15 +10:00
f0a8621434
x64 crefine: prove isIOPortRangeFree_ccorres in Arch_C (WIP)
2018-07-05 16:23:15 +10:00
91b55bc74b
x64 crefine: progress on spec and inv for isIOPortRangeFree
2018-07-05 16:23:15 +10:00
74e74571ca
x64 crefine: prove setIOPortMask_ccorres in CSpace_C
2018-07-05 16:23:15 +10:00
72e3dcc8e2
x64: crefine: prove decodeX64MMUInvocation_ccorres
...
Required adding a case to cl_valid_cap to encode the relationship between a
PML4Cap's IsMapped bit and its MappedASID.
2018-07-05 16:23:15 +10:00
0f0f46b2b0
x64: refine: fix fallout from decodeX64PageInvocation change
2018-07-05 16:23:15 +10:00
5ce7ed478f
x64: crefine: add SetTLSBase invocation to x64 CRefine
2018-07-05 16:23:15 +10:00
2558a7c6e5
x64: crefine: update decodeX64FrameInvocation to not mask with PPTR_USER_TOP
2018-07-05 16:23:15 +10:00
89df98ec14
x64: fix inadvertently broken lemma in CSpace_C
2018-07-05 16:23:15 +10:00
417e6b8bc1
arm-hyp: crefine: fix up eisr_calc proof for strengthened ccorres_rewrite
2018-07-05 16:23:15 +10:00
584c6e9d26
x64: crefine: prove decodeX64FrameInvocation_ccorres
2018-07-05 16:23:15 +10:00
7f52da6571
x64: ainvs+refine: fix up proofs for decodeX64FrameInvocation changes
2018-07-05 16:23:15 +10:00
e6ca6883ad
x64: spec: fix up definition of decodeX64FrameInvocation to match C
2018-07-05 16:23:15 +10:00
5ed7bb16be
x64: fix up definition of performPageInvocation for unmapping pages
2018-07-05 16:23:15 +10:00
700060b642
x64 crefine: prove Arch_decodeInvocation_ccorres in Arch_C
2018-07-05 16:23:15 +10:00
047f96c711
x64 crefine: prove kernel_mappings conditions in Retype_C
2018-07-05 16:23:15 +10:00
3686d79677
x64 crefine: prove createObjects_asidpool_ccorres in Arch_C
...
In x64, asid_map_C is now a bitfield union type, whereas in ARM,
the ASID pool contains plain pointers. This means that proving
ccorres for the x64 ASID pool placeNewObject operation requires
some additional unfolding of C type information.
2018-07-05 16:23:15 +10:00
c390013909
x64 crefine: prove several lemmas in Retype_C
...
To prove that retyping a TCB establishes the state relation for TCBs,
it is necessary to prove that the C FPU null state is always equal to
the Haskell FPU null state. This commit therefore includes some
machinery for maintaining the state relation for the FPU null state,
and repairs many proofs.
2018-07-05 16:23:15 +10:00
19d9085b15
lib: word lemma about mask and shiftl
2018-07-05 16:23:15 +10:00
26b218e4bd
x64: crefine: clear sorries for decode PT/PD/PDPT
2018-07-05 16:23:15 +10:00
151ca60b9f
x64: refine: add new invariant "pspace_in_kernel_mappings'"
...
This invariant shows that all pointers in ksPSpace are above pptr_base -
that is, in the kernel window. This was never formally proven before, as
had never truly been required (although it is true).
2018-07-05 16:23:15 +10:00
02ed965d79
x64: aspec+haskell: reorder attribsFromWord to match C
2018-07-05 16:23:15 +10:00
0bad7af88b
x64: crefine: actually clear last ioport_table_C sorry
2018-07-05 16:23:15 +10:00
1dea36ed6f
x64: crefine: add some tag disjunctions for ioport_table_C to SR_Lemmas_C
2018-07-05 16:23:15 +10:00
bcd21f27bf
x64: crefine: clear final two sorries from ioport_bitmap_relation fallout
2018-07-05 16:23:15 +10:00
d6a620ec5d
x64: crefine: move setIOPortMask_ccorres to CSpace_C, finish freeIOPortRange_ccorres
2018-07-05 16:23:15 +10:00
3c65b91512
x64: crefine: finished invokeX86PortControl_ccorres and decodeIOPortControlInvocation_ccorres
2018-07-05 16:23:15 +10:00
d487d1fc6a
x64: crefine: added ioport bitmap to StateRelation_C
2018-07-05 16:23:15 +10:00
95cdaa8ad7
x64: crefine: cleared sorry in decodeIOPortInvocation_ccorres
2018-07-05 16:23:15 +10:00
cf1052e303
x64: crefine: prove prepareThreadDelete_ccorres (VER-837)
2018-07-05 16:23:15 +10:00
b91ee8e4d0
x64: spec+ainvs+refine: add machine ops for nativeThreadUsingFPU and switchFpuOwner
2018-07-05 16:23:15 +10:00
f68aa38531
x64: crefine: almost finished decodeX86PortInvocation_ccorres
2018-07-05 16:23:15 +10:00
68456a1979
x64: crefine: decodeIOPortInvocation progress
2018-07-05 16:23:15 +10:00
f21096d987
x64: crefine: progress in Arch_C, added performPDPTInvocationMap_ccorres, makeUserPML4E_spec
2018-07-05 16:23:15 +10:00
df1c4b1e45
x64: spec+refine: plumb call through perform_ioport_invocation
2018-07-05 16:23:15 +10:00
648938513f
x64: crefine: prove Arch_finaliseCap_ccorres
2018-07-05 16:23:15 +10:00
e9940dee83
x64: spec+refine: remove VMIOSpaceMap, tighten valid_cap' map type guarantees
2018-07-05 16:23:15 +10:00
b48f530591
x64: crefine: assorted progress in Arch_C
2018-07-05 16:23:15 +10:00
278e0fcbb9
x64: crefine: finished ensurePortOperationAllowed_ccorres, progress in decodeIOPortInvocation_ccorres
2018-07-05 16:23:15 +10:00
a4a9a9f721
x64: spec: update ensurePortOperationAllowed to better match C
2018-07-05 16:23:15 +10:00
9bef874088
x64: crefine: finished performPageInvocation[Map|Remap]PDPTE_ccorres
2018-07-05 16:23:15 +10:00
Michael Sproul
Matthew Brecknell
Joel Beeren
Gerwin Klein