Matthew Brecknell
3e90041831
arch_split: access: fixup locale introduction rule
2016-05-31 15:05:24 +10:00
Daniel Matichuk
9f62622532
arch_split: skeleton arch files for AInvs
2016-05-31 15:05:24 +10:00
Japheth Lim
40570bc4fe
regression: add test to check theory import paths
...
This commit also fixes all bad imports reported by the test script.
Jira issue VER-560
2016-05-27 16:17:13 +10:00
Japheth Lim
26a7907c95
Merge pull request #43 in SEL4/l4v from ~JALIM/l4v:autocorres-seL4 to master
...
* commit 'ecbb860532b4c576fc4726a805802f16bcf5302c': (29 commits)
autocorres-crefine: specialise corres_no_failI for compatibility with Refine
Add license tags for autocorres-crefine files
crefine: refactor AutoCorresTest a bit
autocorres-crefine: remove local debugging imports
Fix InfoFlowC to accommodate corres_underlying changes.
Fix DRefine to accommodate corres_underlying changes.
autocorres-crefine: experiment with manually translating a function (clzl).
autocorres-crefine: experiment with translating bitfield_gen specs.
autocorres-crefine: start a test case for function calls.
autocorres-crefine: update example proofs to work with no_c_termination, which does not require proving termination for the C spec.
autocorres: add user option "no_c_termination" for previous patch.
Making termination proof optional for AutoCorres.
WIP: autocorres: hacky proof of concept for incremental translation.
autocorres: add some missing WordAbstract rules.
autocorres-crefine: fix some comments in work theory.
autocorres-crefine: prove modifies and (simple) terminates specs.
autocorres-crefine: experiment with generating modifies proofs
autocorres-crefine: run autocorres in kernel_all_substitute locale
autocorres-crefine: update another corres_UL that snuck in before rebasing.
autocorres-crefine: working ccorres for handleYield (modulo some white lies).
...
2016-05-19 01:19:58 +00:00
Gerwin Klein
91bd8aebb8
inv-abstract: fewer warnings
2016-05-16 21:11:40 +10:00
Gerwin Klein
d162d8d01f
word_lib: normalise negative signed words as well.
2016-05-16 21:11:40 +10:00
Gerwin Klein
0ced46820b
manual levity into Word_Lemmas
2016-05-16 21:11:40 +10:00
Gerwin Klein
322f1023f5
word_lib: adjust theory dependencies
2016-05-16 21:11:40 +10:00
Gerwin Klein
445efb7c29
lib: closure for Word_Lib and own session
2016-05-16 21:11:40 +10:00
Gerwin Klein
f0faa90f8a
lib/spec/proof/tools: fix word change fallout
2016-05-16 21:11:40 +10:00
Japheth Lim
0f0f731ab7
Merge branch 'master' of ssh://bitbucket.keg.ertos.in.nicta.com.au:7999/SEL4/l4v into autocorres-seL4
...
This is to prepare for merging back into master.
Conflicts:
proof/crefine/Refine_C.thy
2016-05-11 15:08:22 +10:00
Matthew Brecknell
60afdc1288
trivial: fixups including some licence headers
2016-05-09 13:27:15 +10:00
Daniel Matichuk
9ceed1eb12
arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy.
2016-05-04 15:14:41 +10:00
Matthew Brecknell
0c3a12771d
arch_split: merge master
2016-04-28 14:36:43 +10:00
Daniel Matichuk
1d20b393c0
arch_split: replaced sublocale with global_naming
2016-04-27 14:32:38 +10:00
Matthew Brecknell
14f7570147
arch_split: Access checking
2016-04-22 11:58:59 +10:00
Daniel Matichuk
3191c485d5
arch_split: added ARM_A and ARM_H locales
2016-04-20 17:31:45 +10:00
Matthew Brecknell
2277e9332f
arch_split: invariants: move KernelInit_AI into ARM context
2016-04-20 13:12:31 +10:00
Matthew Brecknell
d5f7a369ba
arch_split: invariants: slightly more selective interpretation in deterministic scheduler
2016-04-20 13:04:09 +10:00
Matthew Brecknell
fd8926d3a8
arch_split: invariants: slightly more selective interpretation up to AInvs
2016-04-20 08:36:22 +10:00
Daniel Matichuk
3f4c8cb188
arch_split: AInvs checking?
2016-04-19 14:27:21 +10:00
Matthew Brecknell
ee48e33253
arch_split: invariants: tidy up some simplifications using is_derived_def
2016-04-19 11:40:36 +10:00
Matthew Brecknell
21b6c7c386
arch_split: invariants: checking up to Tcb_AI
2016-04-19 10:38:06 +10:00
Matthew Brecknell
515f32e59d
arch_split: invariants: part-way through CNodeInv_AI
2016-04-18 19:18:07 +10:00
Matthew Brecknell
02245004bf
arch_split: invariants: checking up to Ipc_AI
2016-04-18 17:43:37 +10:00
Matthew Brecknell
286c592a8e
arch_split: invariants: checking up to Arch_AI
2016-04-17 16:59:54 +10:00
Matthew Brecknell
4e6369f86d
arch_split: invariants: Finalise_AI checking
2016-04-15 15:11:32 +10:00
Matthew Brecknell
d683425e0d
arch_split: invariants: fixup CSpaceInv_AI, working on Finalise_AI
2016-04-14 19:01:20 +10:00
Matthew Brecknell
aa632d4822
arch_split: invariants: up to Schedule_AI
2016-04-13 13:21:11 +10:00
Matthew Brecknell
2c11f767af
archsplit: invariants: fix sorrys in CSpaceInv_AI
2016-04-13 11:29:03 +10:00
Daniel Matichuk
2de08b7ec1
arch_split: differentiate "context ARM begin" vs "context begin interpretation ARM ."
2016-04-08 15:05:09 +10:00
Daniel Matichuk
04362dba27
arch_split: some quick and dirty arch_splitting by selectively interpreting the ARM locale (with FIXMEs)
2016-04-07 17:05:14 +10:00
Daniel Matichuk
ab09d49b59
arch_split: checkpoint. Checks up to ArchVSpace_AI with two sorries (MattB WIP)
2016-04-06 17:57:47 +10:00
Matthew Brecknell
69d7b50dae
arch_split: CSpaceInv_AI work-in-progress
2016-04-04 10:49:18 +10:00
Matthew Brecknell
6d64ef053e
arch_split: remove unused ArchTypes_AI
2016-03-29 17:21:54 +11:00
Matthew Brecknell
7563c9e2c6
arch_split: repair up to ArchAcc_AI
2016-03-29 14:28:02 +11:00
Japheth Lim
bb83b53b15
Merge branch 'master' into autocorres-seL4
...
This updates autocorres-seL4 to Isabelle2016.
Conflicts:
proof/crefine/Refine_C.thy
2016-03-29 14:07:54 +11:00
Matthew Brecknell
4c2571e215
arch_split: reworking predicates about arch objects and type
2016-03-29 11:50:31 +11:00
Matthew Brecknell
f89279e381
arch_split: reworking predicates about arch objects and types
2016-03-24 17:24:14 +11:00
Matthew Brecknell
674fcbe9d7
arch_split: invariants: fixed KHeap_AI
2016-03-18 16:54:29 +11:00
Matthew Brecknell
600a6fd56d
arch_split: invariants: improved ArchADT_AI
...
Mainly Thomas typing at Matthew's keyboard.
2016-03-18 16:24:01 +11:00
Matthew Brecknell
f2cc8d7c0f
arch_split: invariants: progress in ArchADT_AI
2016-03-18 13:08:26 +11:00
Sophie Taylor
d7fd88727a
SELFOUR-420: Verification of maxIRQ check in handle_interrupt.
2016-03-17 11:20:52 +11:00
Daniel Matichuk
b679b00f97
arch_split: initial attempt at redefining invariants to avoid changing too many proofs
2016-03-04 19:03:45 +11:00
Daniel Matichuk
5e2f9a5e7c
arch_split: change caps_of_state to be explicit projection f caps_of_state
2016-03-04 19:03:45 +11:00
Daniel Matichuk
cdc0a840fe
arch_split: change aobj_at to definition instead of abbreviation
2016-03-02 13:15:15 +11:00
Daniel Matichuk
219603d21e
arch_split: halfway through ArchAcc_AI
2016-02-29 22:33:12 -08:00
Daniel Matichuk
8f8a428ee4
arch_split: moved ArchAcc_AI and made some progress
2016-02-29 21:25:51 -08:00
Daniel Matichuk
958726870e
arch_split: finished KHeap_AI
2016-02-29 21:05:45 -08:00
Matthew Brecknell
8cc95bfb8e
arch_split: merge master into arch_split
2016-03-01 11:30:47 +11:00
Daniel Matichuk
45dbd49c86
arch_split: more lifting lemmas for KHeap_AI
2016-02-29 18:32:44 +11:00
Miki Tanaka
6f6c58168c
SELFOUR-56: Remove diminish rights from IPC
2016-02-24 13:24:10 +11:00
Daniel Matichuk
d107cb6758
arch_split: halfway into KHeap_AI
2016-02-22 17:48:52 +11:00
Matthew Brecknell
4f7ac1a975
trivial: remove some comments and debug trace
2016-02-22 10:55:21 +11:00
Matthew Brecknell
84d2889d45
Isabelle2016: merge master into 2016
2016-02-19 16:17:26 +11:00
Daniel Matichuk
df8261c121
arch_split: split up Invariants_AI
2016-02-17 16:36:29 +11:00
Xin,Gao
1aed16085f
l4v-sabre: move a few word lemmas to WordLemmaBucket and fix styles of some proofs
2016-02-17 11:18:03 +11:00
Gao Xin
0d260252ff
l4v-sabre: rebase and fix proofs to infoflow
2016-02-17 11:18:02 +11:00
Gao Xin
bc73b112bd
l4v-sabre: change type of irq to be 10 word
2016-02-17 11:18:02 +11:00
Gao Xin
50fa257113
rebase and fix problems caused by new machine constants
2016-02-17 11:18:02 +11:00
Gao Xin
bee4ba0052
l4v-sabre: fix refine
2016-02-17 11:18:02 +11:00
Matthew Brecknell
c65e290a8b
Isabelle2016: merge master into 2016
2016-02-16 12:52:24 +11:00
Daniel Matichuk
1018d01b6f
arch_split: More namespacing progress and invariant splitting. Checks halfway into Invariants_AI
2016-02-05 17:00:06 +11:00
Daniel Matichuk
9718f1bda2
arch_split: progress on namespacing abstract spec
2016-02-05 16:59:18 +11:00
Joel Beeren
1d0366ac5e
msi: Restructure IOAPIC, MSI interrupts for x86, fix up ARM proofs for new API
2016-02-02 15:57:28 +11:00
Japheth Lim
1b14082291
autocorres-crefine: add pre-no-fail flag to corres. Updated AI+Refine.
2016-01-22 15:08:14 +11:00
Daniel Matichuk
c282969c54
Merge remote-tracking branch 'verification/master' into arch_split
2016-01-21 10:22:48 +11:00
Miki Tanaka
b7376a56e2
Isabelle 2016 update: minor fixes
2016-01-15 16:03:30 +11:00
Joel Beeren
efb4c61816
archirq: Remove redundant invocation, renamed
...
arch_decode_interrupt_control.
2016-01-14 17:50:33 +11:00
Miki Tanaka
92cde6069f
Isabelle2016: fixed VSpace_AI
2016-01-14 15:17:46 +11:00
Daniel Matichuk
ca808130e6
repair ARM proofs up to Refine after factoring out architecture
2016-01-13 12:02:12 +11:00
Daniel Matichuk
3be2eaa7b0
repairing AInvs: checks up to the middle of VSpace_AI
2016-01-12 18:10:36 +11:00
Daniel Matichuk
d37a344783
cleanup for prod and when keyword
2016-01-12 16:07:28 +11:00
Daniel Matichuk
b7563eb788
fix lib for isabelle 2016
2016-01-12 14:58:16 +11:00
Gerwin Klein
ac632c5aaa
Wait -> Recv: update proofs
2015-11-20 16:02:14 +11:00
Joel Beeren
457a55a831
add arch_tcb object to C, rename aep -> ntfn
2015-11-20 16:02:13 +11:00
Thomas Sewell
bdd8819f50
More minor adjustments.
2015-10-30 12:22:55 +11:00
Thomas Sewell
7c3a06a8d7
Minor adjustments caused by Strengthen changes.
2015-10-29 11:27:54 +11:00
Rafal Kolanski
d51402a5a2
Merge remote-tracking branch 'verification/master' into priority-bitmap
...
(seL4_NBWait)
2015-10-21 16:23:01 +11:00
Joel Beeren
e403eb8f0a
poll: added non blocking sync wait
2015-10-21 14:24:49 +11:00
Joel Beeren
d6f7579be7
poll: Added new syscall for polling async endpoints (non-blocking wait)
2015-10-21 14:24:49 +11:00
Rafal Kolanski
c1eb235105
Merge 'verification/master' into priority-bitmap
...
Green build except for:
CParserTest (WTF Duplicate fact declaration "dc_20081211.dc_20081211.test_modifies")
AutoCorresSEL4 (waiting on result)
There is still a carefully managed sorry in Schedule_R, waiting on the C
parser FNSPEC+DONT_TRANSLATE fix.
2015-10-21 06:19:20 +11:00
Rafal Kolanski
2a9d3022f2
priority-bitmap: Update abstract->Haskell refinement
...
Added word_log2 and word_clz (inline for now, will migrate them out to
lib later).
Proved most important properties of word_log2 and some basic
count leading zeros properties (word_clz). The former were painful.
Thanks to Thomas, we have a nice tactic for dealing with complicated
obj_at' predicates in conclusion: normalise_obj_at'
2015-10-20 23:40:44 +11:00
Joel Beeren
f117c99903
aep-binding: updated AInvs, Access, Refine for new decodeBindAEP
2015-09-15 16:31:14 +10:00
Ramana Kumar
0fb88ea01c
Merge branch 'master' into aep-merge
...
This commit should at least remove merge conflict markers, and the idea
is that at least refine, crefine, drefine, and infoflow (with sorrys)
build. Subsequent commits may be required to fix build issues that I
have not picked up.
2015-09-10 17:06:45 +10:00
Ramana Kumar
d88a931ec7
history squashed patch for aep-binding
2015-09-02 15:43:39 +10:00
Joel Beeren
3372cd32a8
SELFOUR-220: When calling handleWait, only delete the
...
TCB's ReplyCap when actually waiting on a synchronous
endpoint.
2015-07-23 14:45:17 +10:00
Daniel Matichuk
d9bef8965c
Moved wp-specific eisbach methods higher up import chain
2015-07-10 12:51:15 +10:00
Daniel Matichuk
30db9bb7a5
ArchAcc_AI checks with new subgoal command
2015-07-08 15:44:34 +10:00
Daniel Matichuk
2b10a875ca
some usage of subgoal command
2015-07-08 15:44:33 +10:00
Gerwin Klein
cfec9ea0db
Merge branch 'master' into 2015
2015-05-28 11:45:13 +10:00
Joel Beeren
002cf370bb
Updated proof with new fastpath changes removing setCurrentASID and armv_contextSwitch_fp
2015-05-28 11:30:22 +10:00
Gerwin Klein
a6f1ab41f8
ainvs: some more cleanup
2015-05-16 21:48:24 +10:00
Gerwin Klein
12fa86863a
fewer warnings
2015-05-16 19:52:49 +10:00
Gerwin Klein
42e037ea9d
Isabelle2015 update: AInvs
2015-04-19 10:25:21 +01:00
Gerwin Klein
17826f9b49
more Isabelle2015 update; AInvs up to (excluding) Syscall_AI
...
also includes some global replacements
2015-04-18 21:51:26 +01:00
Gerwin Klein
29eb636d31
re-establish InfoFlow; generalising ptable_xn
...
UserOp_IF had its own way of extracting the XN bit from page tables.
This is now unified with the existing functions in ADT_AI, which also
means that the proof for XN bit equality is basically the same as for
pt_rights and pt_lift.
2014-11-28 08:58:57 +11:00
Gerwin Klein
7e7d39c24e
enable XN in abstract spec; update AInvs and Refine
2014-11-28 08:58:57 +11:00
David Greenaway
cf0d1abce6
Merge 'master' into 'isabelle-2014'.
...
Conflicts:
proof/crefine/Fastpath_C.thy
proof/drefine/KHeap_DR.thy
proof/infoflow/Noninterference.thy
spec/design/version
sys-init/DuplicateCaps_SI.thy
sys-init/InitTCB_SI.thy
sys-init/Proof_SI.thy
tools/asmrefine/SimplExport.thy
tools/autocorres/tests/examples/SchorrWaite.thy
2014-09-17 14:21:13 +10:00
Joel Beeren
b3e2eb1f9d
ioapic: finished up to InfoFlowC
2014-08-28 15:56:26 +10:00