adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
423 Commits 7 Branches 0 Tags 86 MiB
Commit Graph

54 Commits

Author SHA1 Message Date
Gerwin Klein cfec9ea0db Merge branch 'master' into 2015 2015-05-28 11:45:13 +10:00
Gao Xin bd0f0c29d1 small fixes on haskell translator and haskell spec templates 2015-05-28 11:30:22 +10:00
Joel Beeren 7b6ddc5212 updated translated haskell spec 2015-05-28 11:30:22 +10:00
Joel Beeren 002cf370bb Updated proof with new fastpath changes removing setCurrentASID and armv_contextSwitch_fp 2015-05-28 11:30:22 +10:00
Gerwin Klein ca88de6611 Merge from master. 2015-05-26 07:47:54 +10:00
Matthew Fernandez 221cb74dd5 Fix: Description of `SORRY_BITFIELD_PROOFS` in cspec README. 
The kernel's Makefile expects this value to be `1` and will incorrectly detect
`yes` as a directive *not* to sorry these proofs.
 2015-05-19 12:27:37 +10:00
Gerwin Klein e09f88d2e7 2015 update for CBaseRefine 2015-05-17 10:42:15 +10:00
Gerwin Klein 12fa86863a fewer warnings 2015-05-16 19:52:49 +10:00
Gerwin Klein e4b54fea78 capDL spec: fewer warnings 2015-05-09 13:05:01 +02:00
Gerwin Klein 277ecdf2bb remove syntax ambiguity 2015-05-09 13:04:11 +02:00
Gerwin Klein 17826f9b49 more Isabelle2015 update; AInvs up to (excluding) Syscall_AI 
also includes some global replacements
 2015-04-18 21:51:26 +01:00
Gerwin Klein 190e7c38d6 start work on Isabelle 2015 update 2015-04-17 16:19:32 +01:00
Gerwin Klein 22af66555c remove even arch calls from separation kernel setup 
(patch by Simon Winwood)
 2015-04-10 17:39:24 +10:00
Daniel Matichuk a221a52350 Added new proofcount tool to "tools" and removed old one from "lib". 
Removed reference to old proof_counting from proof/ROOT and spec/ROOT
 2015-02-11 17:46:34 +11:00
Matthew Fernandez 2b23652b5e cspec: Check CPP exists and fallback on native CPP if possible. 2015-01-22 13:36:53 +11:00
Gerwin Klein 7e7d39c24e enable XN in abstract spec; update AInvs and Refine 2014-11-28 08:58:57 +11:00
Gerwin Klein 21e7e33878 import Haskell version of XN patch 2014-11-28 08:58:57 +11:00
Gerwin Klein e4d8fb5dba GHC 7.8 update (bitSize -> finiteBitSize) 2014-11-28 08:58:57 +11:00
Andrew Boyton fe14c7c456 Make toPAddr and fromPAddr input abbreviations (not abbreviations). 
This stops every instance of "id" becoming "fromPAddr" in goals.
 2014-10-24 16:26:19 +11:00
David Greenaway 3fb7f99d55 make-spec: Avoid generating unnecessary whitespace in instance proofs. 2014-10-21 21:36:27 +11:00
David Greenaway 7521fa080b spec: Remove excessive strings of newlines. 2014-10-21 10:42:43 +11:00
Thomas Sewell 8e427dcb3b Renovate StaticFun a bit. 
The functor is gone, and instead StaticFun exports two more general
operators, one for defining a partial map by a tree, and one for
extracting the theorems from an existing partial map definition.

The extraction process uses simplification in a more conservative
manner than before, and is guaranteed to produce exactly the
expected theorems.
 2014-09-23 14:40:31 +10:00
David Greenaway 0c004d2a93 Merge branch 'master' into 'isabelle-2014'. 
Conflicts:
	proof/drefine/Arch_DR.thy
	proof/drefine/Finalise_DR.thy
	proof/drefine/StateTranslation_D.thy
	sys-init/DuplicateCaps_SI.thy
	sys-init/Proof_SI.thy
	tools/autocorres/tests/examples/SchorrWaite.thy
 2014-09-23 14:31:33 +10:00
Andrew Boyton ea58753cd7 Merge branch 'cdl_page_map_cancel' 
Merge in the setting of registers and the starting of threads in the system initialser.
 2014-09-18 17:21:17 +10:00
Andrew Boyton 2b7b258997 sys-init: Prove the starting of threads is done correctly. 
We no longer assume the starting of threads, but prove it correct
(assuming the behaviour of the scheduler).
 2014-09-18 12:30:04 +10:00
David Greenaway cf0d1abce6 Merge 'master' into 'isabelle-2014'. 
Conflicts:
	proof/crefine/Fastpath_C.thy
	proof/drefine/KHeap_DR.thy
	proof/infoflow/Noninterference.thy
	spec/design/version
	sys-init/DuplicateCaps_SI.thy
	sys-init/InitTCB_SI.thy
	sys-init/Proof_SI.thy
	tools/asmrefine/SimplExport.thy
	tools/autocorres/tests/examples/SchorrWaite.thy
 2014-09-17 14:21:13 +10:00
Gao Xin 0199c5c19c Fix seL4_TCB_Resume 2014-09-12 15:28:47 +10:00
Gao Xin 5015f53d95 fix seL4_TCB_WriteRegisters 2014-09-10 17:30:35 +10:00
Gao Xin 47662af345 fix DSpecProofs 2014-09-09 15:57:52 +10:00
Andrew Boyton 7167ea42ac CapDL: Made IRQ Nodes a new object type, not a small CNode. 
IRQ Nodes are now their own object type in capDL. This makes it much easier
to distinguish between "real" CNodes and IRQ Nodes.

Updated:
 * the capDL refinement,
 * the access proofs, and
 * the system initialiser.
 2014-09-09 14:07:50 +10:00
Gao Xin 77dd554227 page_map_unmap_cancel : cdl spec changed and drefine fixed. 2014-09-05 14:48:22 +10:00
Andrew Boyton 7693e1fadc TakeGrant: Rename a couple of constants to make things clearer. 
has_at_least => cap_in_caps
has_at_most => caps_dominated_by
 2014-09-04 14:13:46 +10:00
Joel Beeren a5f2cab271 Merge branch 'master' into ioapic 2014-09-02 11:13:55 +10:00
Joel Beeren 8fa6226ecc ioapic: fixed specs for change to 14 bit FSR 2014-09-01 16:41:33 +10:00
Thomas Sewell caf0529c7f Move burden of 'halt' proof, use less modifies. 
In detail:
  - add a general user-specified exception to c_exntype
    (for use in tools like Substitute)
  - wrap calls to 'halt' in Guard {}, making it clearer that
    halt is never called, simplifying asmrefine
  - repair halt changes in crefine
  - avoid use of some suspicious 'modifies' properties in crefine
    which were generated by the parser for functions where inline
    ASM blocks have been elided, and which may be inaccurate.
 2014-08-29 13:57:28 +10:00
Joel Beeren b3e2eb1f9d ioapic: finished up to InfoFlowC 2014-08-28 15:56:26 +10:00
Joel Beeren 8d11a22f5b ioapic: first abstract spec 2014-08-22 16:24:40 +10:00
Gerwin Klein f1d808c96a integrate separation kernel config proofs 
Hooked up into build system and regression test; added READMEs
 2014-08-13 22:08:46 +10:00
Gerwin Klein 3556bee2dc github import of static cap config proofs 2014-08-13 15:31:21 +10:00
Gerwin Klein 12b1b0d16f move isAligned to HaskellLib 
Isabelle2014 doesn't like defs to be less general than the consts declaration.
 2014-08-09 15:59:24 +10:00
Gerwin Klein 1af1d2b67b some of the global Isabelle2014 renames 
option_case -> case_option
sum_case -> case_sum
prod_case -> case_prod
Option.set -> set_option
Option.map -> map_option
option_rel -> rel_option
list_all2_def -> list_all2_iff
map.simps -> list.map
tl.simps -> list.sel(2-3)
the.simps -> option.sel
 2014-08-09 15:39:20 +10:00
Gerwin Klein 954492534c ported ASpec to Isabelle2014-RC0 2014-08-09 15:00:18 +10:00
Gerwin Klein ef7ba847c0 bump API version 2014-07-28 11:10:47 +02:00
Corey Lewis 71ad3eed07 Update a comment in the capDL spec. 2014-07-28 17:45:50 +10:00
David Greenaway 0fb7a8084d misc: Proofing and formatting of README.md files. 
Attempt to improve readability of the files when viewed as plain ASCII;
proof-read and fix minor issues.
 2014-07-28 13:15:48 +10:00
Gerwin Klein 4326d30cdc the other README files for spec/ 2014-07-22 19:11:43 -04:00
Gerwin Klein fc4200f845 README files for spec/ 2014-07-22 19:10:10 -04:00
Gerwin Klein 50dda7708c comment cleanup 2014-07-22 18:10:20 +02:00
Andrew Boyton acf0abe16a Cleanup of a number of definitions of the separation algebra for capDL. 
* The definitions of the separation "arrows" is slightly nicer and more consistent.
  - We have a nicer correspondence between sep_map_c and sep_map_s.
  - sep_map_irq now specifies exactly what the IRQ table contains
    (that it *only* has one entry, not that it contains at least that entry).
  - Nicer LaTeX output for the arrows.

* A number of minor renaming of constants and types.
  - cdl_component => cdl_component_id
  - sep_entity => cdl_component
  - state_sep_projection => sep_state_projection
  - obj_to_sep_state => object_to_sep_state

* Removed a few unused lemmas.
 2014-07-22 14:37:37 +10:00
Andrew Boyton 36588c4359 Minor cleanup of proofs in the Take/Grant security model. 2014-07-22 14:36:53 +10:00