63888fa98d
SELFOUR-444: AInvs proven for preemptible retype.
2016-11-02 11:19:08 +11:00
8d4a8eb238
SELFOUR-421: fix coding style
2016-09-22 19:23:28 +10:00
113315d9a6
SELFOUR-421: merge and fix up to ArmConfidentiality proof
2016-09-22 19:21:56 +10:00
252ce8df4c
SELFOUR-421: infoflow and infoflow_c builds
2016-09-22 19:11:37 +10:00
328846ee1a
SELFOUR-421: crefine builds
2016-09-22 19:11:37 +10:00
3c223b42fe
SELFOUR-421: AInvs done, no added invariants yet
2016-09-22 19:11:29 +10:00
1013e959c1
arch_split: give some vspace concepts more generic names
...
In particular rename "pd" to "vspace", when the pd represents
an address space.
2016-08-03 14:46:48 +10:00
322f1023f5
word_lib: adjust theory dependencies
2016-05-16 21:11:40 +10:00
9ceed1eb12
arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy.
2016-05-04 15:14:41 +10:00
4e6369f86d
arch_split: invariants: Finalise_AI checking
2016-04-15 15:11:32 +10:00
aa632d4822
arch_split: invariants: up to Schedule_AI
2016-04-13 13:21:11 +10:00
04362dba27
arch_split: some quick and dirty arch_splitting by selectively interpreting the ARM locale (with FIXMEs)
2016-04-07 17:05:14 +10:00
ab09d49b59
arch_split: checkpoint. Checks up to ArchVSpace_AI with two sorries (MattB WIP)
2016-04-06 17:57:47 +10:00
69d7b50dae
arch_split: CSpaceInv_AI work-in-progress
2016-04-04 10:49:18 +10:00
4c2571e215
arch_split: reworking predicates about arch objects and type
2016-03-29 11:50:31 +11:00
f89279e381
arch_split: reworking predicates about arch objects and types
2016-03-24 17:24:14 +11:00
b679b00f97
arch_split: initial attempt at redefining invariants to avoid changing too many proofs
2016-03-04 19:03:45 +11:00
5e2f9a5e7c
arch_split: change caps_of_state to be explicit projection f caps_of_state
2016-03-04 19:03:45 +11:00
cdc0a840fe
arch_split: change aobj_at to definition instead of abbreviation
2016-03-02 13:15:15 +11:00
958726870e
arch_split: finished KHeap_AI
2016-02-29 21:05:45 -08:00
45dbd49c86
arch_split: more lifting lemmas for KHeap_AI
2016-02-29 18:32:44 +11:00
d107cb6758
arch_split: halfway into KHeap_AI
2016-02-22 17:48:52 +11:00
ca808130e6
repair ARM proofs up to Refine after factoring out architecture
2016-01-13 12:02:12 +11:00
457a55a831
add arch_tcb object to C, rename aep -> ntfn
2015-11-20 16:02:13 +11:00
c1eb235105
Merge 'verification/master' into priority-bitmap
...
Green build except for:
CParserTest (WTF Duplicate fact declaration "dc_20081211.dc_20081211.test_modifies")
AutoCorresSEL4 (waiting on result)
There is still a carefully managed sorry in Schedule_R, waiting on the C
parser FNSPEC+DONT_TRANSLATE fix.
2015-10-21 06:19:20 +11:00
2a9d3022f2
priority-bitmap: Update abstract->Haskell refinement
...
Added word_log2 and word_clz (inline for now, will migrate them out to
lib later).
Proved most important properties of word_log2 and some basic
count leading zeros properties (word_clz). The former were painful.
Thanks to Thomas, we have a nice tactic for dealing with complicated
obj_at' predicates in conclusion: normalise_obj_at'
2015-10-20 23:40:44 +11:00
0fb88ea01c
Merge branch 'master' into aep-merge
...
This commit should at least remove merge conflict markers, and the idea
is that at least refine, crefine, drefine, and infoflow (with sorrys)
build. Subsequent commits may be required to fix build issues that I
have not picked up.
2015-09-10 17:06:45 +10:00
d88a931ec7
history squashed patch for aep-binding
2015-09-02 15:43:39 +10:00
a6f1ab41f8
ainvs: some more cleanup
2015-05-16 21:48:24 +10:00
17826f9b49
more Isabelle2015 update; AInvs up to (excluding) Syscall_AI
...
also includes some global replacements
2015-04-18 21:51:26 +01:00
7e7d39c24e
enable XN in abstract spec; update AInvs and Refine
2014-11-28 08:58:57 +11:00
fc6e57716a
Proof updates, working as far as AInvs.
2014-08-11 14:50:56 +10:00
84595f4233
release cleanup
2014-07-17 18:22:50 +02:00
2a03e81df4
Import release snapshot.
2014-07-14 21:32:44 +02:00
Thomas Sewell
Xin,Gao
Joel Beeren
Matthew Brecknell
Gerwin Klein
Daniel Matichuk
Matthew Brecknell
Rafal Kolanski
Ramana Kumar