* The information in the dep5 files covers all files in this repository that
for some reason don't or can't have inline SPDX license tags.
* Missing license texts mentioned here added to LICENSES/
Crunch would print spurious warning messages when using a rule with multiple
premises. By default, crunch generates a rule like that when applied to
functions with multiple non-trivial patterns.
- Add Makefile targets for building ELF binaries and various dumps that
are used in binary verification.
- Add support for extra CMake command-line arguments. For binary
verification, this is used to set the optimisation level for the ELF
targets.
- Add support for the Debian RISC-V toolchain packages, without breaking
existing users with a manually built RISC-V toolchain.
- Move reusable parts of the C kernel Makefile out to a separate include
file, with support for configuring the build directory. For binary
verification, this is used to allow multiple builds at different
optimisation levels.
Create ArchMove_R.thy for transporting arch specific lemmas (and generic
lemmas that are used somewhat specifically by one architecture) to theory
files before Refine.
Create Move_R.thy as an arch generic Refine theory file for transporting
generic lemmas to theory files before Refine.
Also delete some lemmas that have existed earlier already or are not
needed.
Rename Move.thy in CRefine to Move_C.thy for consistency.
Highlights:
- new reserved IRQ and associated handler: VPPIEvent
- VPPI events are virtual interrupts we can forward to VMs; currently there is
only one event: virtual timer interrupt
- VGICMaintenance and VPPIEvent can both receive late interrupts from hardware,
which are now discarded instead of being delivered to current thread
- given only one possible VPPI event, simplifier tends to mop up more than it
should, making some proofs fragile w.r.t. adding a new VPPI event
- the order of some lemmas/specs needed shuffling, as now VCPU code needs some
interrupt code, which uses VCPU code
There is a special case for deriving Enum for datatypes with a single
constructor, but it should only fire when that constructor has exactly
one argument. Previously, one constructor with any other argument count
that one resulted in assertion failed.
Several constants are are added to the top level crunch_ignore statement in
Bits_R.thy, then removed from individual crunch statements across Refine and
CRefine.
We listed the invocation labels 3 times -- this commit removes the duplication
and instead derives the enum from the order the constructors are listed in.
This allows us to explicitly record the bound variables from the subgoal so that
they can be more easily handled. We also now drop binders when constructing typ
instantiations.
`ASpec`, `ExecSpec`, and `DSpec` were identical tests which built the
`design-spec` make target. This means that when `./run_tests` runs tests
concurrently, multiple instances of the `design-spec` make target were
also run concurrently.
We address the issue by making a new "test" called `design-spec` which
builds the `design-spec` make target, and making `{A,Exec,D}Spec`
dependees on `design-spec`.
Currently the vcpu_switch function is called in the setVMRoot function
after possible early returns. In order to make sure the vcpu is
always switched, the call is moved into Arch_switchToThread before the
call to setVMRoot.
Splits parts of step 4 of the SimplExport proof process, in order to
expose them to the test theory. Add some instructions on how to use
them.
Tags subgoals so that the user can identify which ones caused the
failure.
Consolidates ML setup code, and demarcates it to let uses ignore it.
Now that asmrefine targets several arches, it's useful to separate out
any intermediate artefacts by L4V_ARCH. For instance, this lets us use
the same directory to test two arches at once.
Using a shared ref for configuration reduces the understandability of
code. It turns out the contents of the `globals_swap` ref:
1. Was always the same.
2. Was only used in one spot.
3. Could be recreated at that one spot.
So we do that instead.
Gerwin Klein
Corey Lewis
Matthew Brecknell
Victor Phan
Rafal Kolanski
Zoltan Kocsis
Edward Pierzchalski