dcd7fd8c17
SELFOUR-444: Refine proof with ghost invariant.
2016-11-02 11:19:09 +11:00
74adb7a283
SELFOUR-444: Avoid unnecessary cache clears.
...
Adjust both specs and propagate the changes.
2016-11-02 11:19:09 +11:00
a96346e308
SELFOUR-444: Finished InfoFlow and DRefine.
2016-11-02 11:19:09 +11:00
411af12ee9
SELFOUR-444: Logic generalised; Access finished.
...
Tweak AInvs proof for Untyped to be more reusable, finish integrity
proofs.
2016-11-02 11:19:08 +11:00
d765a64b81
SELFOUR-444: Haskell implementation, begin refine.
...
First attempt at a haskell implementation of preemptible retyping
and the refinement proof to abstract.
2016-11-02 11:19:08 +11:00
63888fa98d
SELFOUR-444: AInvs proven for preemptible retype.
2016-11-02 11:19:08 +11:00
a3714e8190
SELFOUR-276: Finish proofs for maximum controlled priority (MCP)
...
To finish the proof of refinement to C, the specification for checkPrio
needed strengthening: the checkPrio spec now takes a machine word
argument. In the spec, priorities are still stored as 8-bit quantities,
however. Once the spec was strenthened, it was possible to remove some
redundant checks and mask operations from the C code.
A thread's maximum controlled priority (MCP) determines the maximum
thread priority or MCP it can assign to another thread (or itself).
2016-10-05 02:43:41 +11:00
b352769016
SELFOUR-276: Prove refinement to Haskell for MCP
...
Also includes fixes to specs and invariants, and initial progress
towards C refinement.
A thread's maximum controlled priority (MCP) determines the maximum
thread priority or MCP it can assign to another thread (or itself).
2016-10-05 02:43:41 +11:00
20539620f9
SELFOUR-276: Add MCP to specs and invariants
...
A thread's maximum controlled priority (MCP) determines the maximum
thread priority or MCP it can assign to another thread (or itself).
2016-10-05 02:43:41 +11:00
8d4a8eb238
SELFOUR-421: fix coding style
2016-09-22 19:23:28 +10:00
8f3a4dee31
SELFOUR-421: merge with master, fix wholesystem proofs
2016-09-22 19:23:19 +10:00
113315d9a6
SELFOUR-421: merge and fix up to ArmConfidentiality proof
2016-09-22 19:21:56 +10:00
252ce8df4c
SELFOUR-421: infoflow and infoflow_c builds
2016-09-22 19:11:37 +10:00
328846ee1a
SELFOUR-421: crefine builds
2016-09-22 19:11:37 +10:00
7784e80940
SELFOUR-421: fix refine
2016-09-22 19:11:36 +10:00
c3be923ca0
SELFOUR-421: a defend version before wild changes
2016-09-22 19:11:36 +10:00
9617e22ce6
SELFOUR-421: random uncommitted stuff before merge
2016-09-22 19:11:36 +10:00
df877769fc
SELFOUR-421: refine done
2016-09-22 19:11:36 +10:00
0d787cf1c6
SELFOUR-421: added check to decoding asid control invocations and stole an asid bit from the high bits not the low ones
2016-09-22 19:11:36 +10:00
3c223b42fe
SELFOUR-421: AInvs done, no added invariants yet
2016-09-22 19:11:29 +10:00
9a1ec71a2d
Refactor of crunch.
...
Substantial adjustments to crunch. Main user changes are:
- 'lift' and 'unfold' mechanisms replaced by more general 'rule'.
- some more 'ignores' standardised.
- crunch has a more principled overall design:
+ discover crunch rule
* provided or by definition extraction
+ recurse according to rule
+ prove goal based on rule, recursive discoveries, standard tactic
* wp/simp adjustments tweak tactic
2016-08-24 15:53:53 +10:00
c17fffd526
arch_split invariants: TcbAcc_AI
...
Somehow we missed this on our previous pass.
2016-08-10 18:50:56 +10:00
1013e959c1
arch_split: give some vspace concepts more generic names
...
In particular rename "pd" to "vspace", when the pd represents
an address space.
2016-08-03 14:46:48 +10:00
d7a49c7bbd
x64 invariants: reorder imports so that Include_AI comes before BCorres_AI
...
This makes forM_x and "crunch ignore" rules available to an arch-specific
crunch in BCorres_AI.
2016-08-03 14:46:48 +10:00
6b6b8786e8
arch_split: move kernel_base and idle_thread_ptr to arch-specific theories
2016-08-03 14:46:48 +10:00
f9f160ed14
arch_split: replace some fixed word sizes with type aliases
...
Changed some instances of word32 to machine_word, and "10 word" to irq.
Also introduce a type_synonym for "machine_word_len".
2016-08-03 14:46:23 +10:00
3e3baf7b49
arch_split: invariants: split DetSchedAux_AI [VER-602]
2016-07-17 15:20:02 +10:00
0448444776
arch_split: invariants: split Deterministic_AI [VER-600]
2016-07-16 23:02:14 +10:00
138344f90a
arch_split: invariants: split Syscall_AI [VER-571]
2016-07-12 16:50:32 +10:00
ed2f1e1ca3
arch_split: split PDPTEntries_AI, rename as VSpaceEntries_AI [VER-580]
2016-07-12 16:50:32 +10:00
9b342f5ccf
arch_split: invariants: split KernelInit_AI [VER-620]
2016-07-12 16:50:32 +10:00
6b93e4bc81
arch_split: invariants: split BCorres2_AI [VER-577]
2016-07-12 16:50:32 +10:00
ae3644affc
arch_split: invariants: split EmptyFail_AI [VER-576]
2016-07-10 11:33:02 +10:00
6ef4c2d60f
arch_split: invariants: split InterruptAcc_AI [VER-606]
2016-07-09 11:04:22 +10:00
27c5ae792e
arch_split: invariants: split CSpaceInv_AI [VER-604], CSpace_AI [VER-605]
2016-07-09 11:04:22 +10:00
dced98a45d
arch_split: AInvs.thy [VER-581]
2016-07-07 14:13:40 +10:00
eb7f7b1564
arch-split: Tcb_AI.thy done
2016-07-07 13:57:16 +10:00
3ef9d3221c
arch_split: Interrupt_AI [VER-578]
2016-07-05 17:53:53 +10:00
d50e43d717
arch_split: invariants: split CNodeInv_AI [VER-573]
2016-07-04 11:56:53 +10:00
33a7c4becb
merge master into arch_split
2016-06-27 17:19:39 +10:00
b3c809983b
arch_split: invariants: split Ipc_AI [VER-572]
2016-06-27 17:19:11 +10:00
3d7660613a
arch_split: Finalise_AI [VER-568]
2016-06-26 15:26:50 +10:00
820cf2d366
Arch-split: Untyped.thy done [VER-566]
2016-06-23 12:00:59 +10:00
b9313f6d11
arch_split: invariants: tidied
2016-06-15 10:15:26 +10:00
b172836ff3
ainvs: remove dependency on internal file; mark as unused
2016-06-09 19:27:32 +10:00
1537a8ec4d
arch_split: invariants: split Arch_AI [VER-574]
2016-06-09 14:05:49 +10:00
aceb021f88
arch_split: invariants: split Retype_AI [VER-556]
2016-06-08 10:33:09 +10:00
eb40bef27c
arch_split: IpcCancel_AI [VER-567]
2016-06-02 17:49:05 +10:00
9c608c62dc
arch_split: Schedule_AI [VER-565]
2016-06-02 14:20:06 +10:00
e1ae9e94dd
arch_split: Detype_AI [VER-557]
2016-05-31 15:17:04 +10:00
Thomas Sewell
Matthew Brecknell
Joel Beeren
Sophie Taylor
Xin,Gao
Matthew Brecknell
Alejandro Gomez-Londono
Miki Tanaka
Gerwin Klein