adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,370 Commits 7 Branches 0 Tags 86 MiB
Commit Graph

4370 Commits

Author SHA1 Message Date
Gerwin Klein a27a1da45a misc: script for tracking sorry count stats 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-29 12:26:57 +08:00
Gerwin Klein 1fd4e7fda6 tests: remove artificial dependency CBaseRefine->AInvs 
This dependency made sense on smaller test rigs in the past to avoid building
CRefine when AInvs fails, but removing the dependency opens a faster path
from scratch to CRefine for checking seL4 C code changes.

Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-16 14:18:53 +08:00
Gerwin Klein 4606fbeaed function and property variables 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-09 15:56:43 +10:00
Gerwin Klein aeda15d877 Add an example for function_prop pattern 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-09 15:56:43 +10:00
Gerwin Klein eefaa6db97 docs: an initial guide on naming conventions 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-09 15:56:43 +10:00
Gerwin Klein 30b43f0af1 riscv crefine: defer parameter name FIXMEs 
see also VER-1289

Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:11 +08:00
Gerwin Klein d5f0b452ee riscv crefine: defer FIXME 
See VER-1288. This is an optimisation that should be
added at a later point.

Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:11 +08:00
Gerwin Klein c14b2bb69a riscv crefine: resolve FIXME 
the definition of objBits is in Haskell, so has to use pteBits instead of
pte_bits (not in scope)

Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:11 +08:00
Gerwin Klein 65ae80c5ad riscv crefine: downgrade FIXME to more permanent comment 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:11 +08:00
Rafal Kolanski 4515e1e78e crefine: remove ccorres_from_vcg_throws_nofail 
(now present in lib)

Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
 2020-06-08 20:41:11 +08:00
Rafal Kolanski 99d241d031 riscv: clear out most crefine FIXMEs 
Perform moves, remove lemmas placed in lib, etc.

Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
 2020-06-08 20:41:11 +08:00
Rafal Kolanski c160f4053d riscv machine: add alternative definition for pptrUserTop 
(presents numeral directly without further unfolding)

Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Rafal Kolanski 0cc971f491 lib: add lemmas from RISCV64 theories 
Some improved ccorres lemmas, dealing with throw and catch, and usual
assortment of misc list/set/map lemmas.

Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Rafal Kolanski 58866c624f Word_Lib: add mask/le/unat lemmas from RISCV64 theories 
neq_0_unat
unat_and_mask_le
sign_extend_less_mask_idem
word_and_le
le_smaller_mask

Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 472e65e7ee riscv haskell: FIXMEs now resolved 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 6fd03279df riscv aspec: spec is in sync with C, the returned error is correct 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein e7f6e97c6b cleanup: remove stray diagnostic commands and comments 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 81117dc587 riscv cleanup: remove stray diagnostic commands 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 9a51fc110c riscv crefine: rename isBlocked to isStopped 
This brings the proof in sync with seL4 d5d54a0d5596e7a708

Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein c3ef1c509e arm-hyp refine: fix PageTableDuplicates 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 35d513c0e4 arm crefine: proof updates for new arch split functions 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 232b23e314 x64 crefine: proof updates for new arch split functions 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein d567d52b17 arm_hyp crefine: proof updates for new arch split functions 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 2488eb3703 drefine: make new arch function available 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Victor Phan 34e58376a3 arm refine: update for interrupt functions arch split 
Signed-off-by: Victor Phan <Victor.Phan@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 13b009a238 access: make new arch definition available to access control proofs 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 9bf346481e x64 refine: proof updates for new arch split functions 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 26a49fcbde arm_hyp refine: proof updates for new arch split functions 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 3927f7ec42 x64 ainvs: proof updates for new arch split functions 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 7bc58d2638 bisim: proof updates for new arch split function 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 78d158ec6e arm_hyp ainvs: proof fixes for new arch split 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Victor Phan c297e93154 arm ainvs: update for invoke_irq_handler arch split 
Signed-off-by: Victor Phan <Victor.Phan@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 9ddc7c93c2 riscv crefine: cleared last sorry 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 10457db1b5 riscv orphanage: adapt to new arch split function 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 62e52c84cb riscv refine: adapt to new arch split function 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein f1e8cbab28 design: import new arch function 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 2fc5c5cc17 riscv ainvs: proof updates for new arch split functions 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein bce372b4fb ainvs: proof updates for new arch split functions 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 35e7b9676f haskell: arch split maskIrqSignal 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 9de5bb27e4 aspec: factor out arch_mask_irq_signal 
On RISC-V we do not call mask_irq.

Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 2e2d4c279d riscv crefine: clear last sorry in Interrupt_C 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 0bdec8a194 riscv refine: adjust proofs to new invokeIRQHandler 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein fe566628da haskell+design: factor out arch specific IRQ handling 
RISC-V has a different machine op invocation for acknowledging IRQs.

Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Victor Phan a33df75acb riscv ainvs: update for invokeIRQHandler arch split spec change 
Add appropriate lemmas for machine op plic_complete_claim.

Signed-off-by: Victor Phan <Victor.Phan@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Victor Phan 461a798412 aspec: arch split on invokeIRQHandler 
The RISCV implementation of invokeIRQHandler calls plic_complete_claim
instead of maskInterrupt. plicCompleteClaim is added as a machine op
and invokeIRQHandler has been arch split for the ACKIrq case.

Signed-off-by: Victor Phan <Victor.Phan@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Rafal Kolanski 877c667877 riscv crefine: Arch_C sorry-free 
Completed decodeRISCVFrameInvocation_ccorres, synced with C changes and
cleaned up a little.

Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Rafal Kolanski 06d6620340 riscv haskell: update vmRightsToBits 
This was incorrect, but unused in the proofs. Once used, the numbers
turned out to be unrelated to the C.

Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein b7e9f610d9 riscv crefine: prove decodeRISCVMMUInvocation_ccorres 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein bf753fc564 riscv crefine: clear last sorry in Finalise_C 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00
Gerwin Klein 8e60a9af3e riscv refine: prove new lookupPTFromLevel assertion 
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
 2020-06-08 20:41:10 +08:00