a3714e8190
SELFOUR-276: Finish proofs for maximum controlled priority (MCP)
...
To finish the proof of refinement to C, the specification for checkPrio
needed strengthening: the checkPrio spec now takes a machine word
argument. In the spec, priorities are still stored as 8-bit quantities,
however. Once the spec was strenthened, it was possible to remove some
redundant checks and mask operations from the C code.
A thread's maximum controlled priority (MCP) determines the maximum
thread priority or MCP it can assign to another thread (or itself).
2016-10-05 02:43:41 +11:00
20539620f9
SELFOUR-276: Add MCP to specs and invariants
...
A thread's maximum controlled priority (MCP) determines the maximum
thread priority or MCP it can assign to another thread (or itself).
2016-10-05 02:43:41 +11:00
d7a49c7bbd
x64 invariants: reorder imports so that Include_AI comes before BCorres_AI
...
This makes forM_x and "crunch ignore" rules available to an arch-specific
crunch in BCorres_AI.
2016-08-03 14:46:48 +10:00
9ceed1eb12
arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy.
2016-05-04 15:14:41 +10:00
8cc95bfb8e
arch_split: merge master into arch_split
2016-03-01 11:30:47 +11:00
df8261c121
arch_split: split up Invariants_AI
2016-02-17 16:36:29 +11:00
1018d01b6f
arch_split: More namespacing progress and invariant splitting. Checks halfway into Invariants_AI
2016-02-05 17:00:06 +11:00
d37a344783
cleanup for prod and when keyword
2016-01-12 16:07:28 +11:00
457a55a831
add arch_tcb object to C, rename aep -> ntfn
2015-11-20 16:02:13 +11:00
d88a931ec7
history squashed patch for aep-binding
2015-09-02 15:43:39 +10:00
2a03e81df4
Import release snapshot.
2014-07-14 21:32:44 +02:00
Matthew Brecknell
Sophie Taylor
Daniel Matichuk
Matthew Brecknell
Joel Beeren
Ramana Kumar
Gerwin Klein