adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,287 Commits 7 Branches 0 Tags 86 MiB
Commit Graph

2505 Commits

Author SHA1 Message Date
Corey Lewis 02116815be proof+autocorres: update for select_wp and alternative_wp 
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
 2023-08-09 16:42:01 +10:00
Corey Lewis 2c8f9eeff1 lib+spec+proof+autocorres: consistent Nondet filename prefix 
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
 2023-08-09 12:07:06 +10:00
Corey Lewis 9b90b9e34a lib+spec+proof+autocorres: update for renamed Reader_Option_Monad 
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
 2023-08-09 12:07:06 +10:00
Corey Lewis d87f5e13b5 crefine: update for no_name_eta 
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
 2023-07-05 17:04:50 +10:00
Corey Lewis a0be68c211 clib+crefine: add no_name_eta to crefine tactics 
This leads to improved consistency and better names for bound variables.

Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
 2023-07-05 17:04:50 +10:00
Gerwin Klein 01a42167f9
riscv refine: example corres method use 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-06-30 15:58:14 +10:00
Gerwin Klein fad4b70825
refine: make corres method available in Refine 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-06-30 15:58:14 +10:00
Gerwin Klein c1fe4ad10f
lib+refine: rename Corres_Method to CorresK_Method 
This also renames most of the corres* methods to corresK* methods,
including corressimp -> corresKsimp.

Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-06-30 10:56:47 +10:00
Corey Lewis 1f06802350 crefine: update for new ccorres cong rules 
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
 2023-06-30 10:14:57 +10:00
Corey Lewis 163b9fe58a crefine: remove some duplicated lemmas 
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
 2023-06-30 10:14:57 +10:00
Gerwin Klein 59759edc42
arm refine: deploy corres_cases in some examples 
Demonstrates use of corres_cases and corres_cases_both. Main intended
benefit is less thinking about safety of schematics, fewer mentions
of goal parameter names, and fewer manual guard instantiations.

Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-06-26 16:20:33 +10:00
Gerwin Klein 168d3aae3c
crefine: remove obsolete corres wpc setup 
This setup didn't actually work. Replaced by corres_cases.

Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-06-26 16:20:33 +10:00
Rafal Kolanski 18cbdaeb7e infoflow: update for monadic rewrite changes 
The `tcb` that previously became an `x` now remains a `tcb`.

Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-06-16 13:51:36 +10:00
Gerwin Klein db44def660
arm-hyp crefine: use monadic_rewrite_pre 
Replace wp_pre with monadic_rewrite_pre in one manual proof instance.

Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-06-15 16:00:28 +10:00
Gerwin Klein f75a3481ae
lib+refine+crefine: disambiguate corres_pre 
- rename corres_pre set in CRefine to ccorres_pre
- rename internal corres_pre method in Corres_Method to corres_pre'
- use corres_pre instead of old wp_pre in refine

Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-06-15 10:46:39 +10:00
Gerwin Klein 0e3016251f
lib+proof: proof updates for wpc change 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-06-15 09:52:15 +10:00
Rafal Kolanski 1e619439d2
proof/ROOT: RefineOrphanage: add quick and dirty option 
Piggybacking off of REFINE_QUICK_AND_DIRTY as they are usually linked.

Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:49 +10:00
Rafal Kolanski 7cdd203136
aarch64 refine: first run through Orphanage 
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:49 +10:00
Rafal Kolanski 2f3e333500
aarch64 refine: first pass through EmptyFail_H (sorry-free) 
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:48 +10:00
Rafal Kolanski 81d382ec71
aarch64 refine: first pass through Refine (sorry-free) 
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:48 +10:00
Rafal Kolanski 7154cc9d31
aarch64 refine: remove final mention of vs_valid_duplicates' 
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:48 +10:00
Rafal Kolanski c4dee689b0
aarch64: update Init_R+PageTableDuplicates for PT ghost state 
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:48 +10:00
Gerwin Klein 9298456475
refine: update other architectures for ghost state change 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:48 +10:00
Gerwin Klein d24d2f8397
aarch64 refine: first pass through ADT_H 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:47 +10:00
Gerwin Klein 064d102047
aarch64 ainvs+refine: proof updates for PT type ghost state 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:47 +10:00
Gerwin Klein a4f944d094
aarch64 refine: copy PageTableDuplicates from RISCV64 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:47 +10:00
Rafal Kolanski c58c007f94
aarch64 refine: copy KernelInit_R from RISCV64 
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:47 +10:00
Rafal Kolanski 72dfb53e91
aarch64 refine: copy IncKernelLemmas+InitLemmas from RISCV64 
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:46 +10:00
Rafal Kolanski ee346ba108
aarch64 refine: first pass though Init_R 
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:46 +10:00
Gerwin Klein 59d303b020
aarch64 refine: first pass through Syscall_R 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:46 +10:00
Rafal Kolanski 226c2f6a95
aarch64 refine: first pass through Arch_R 
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:46 +10:00
Gerwin Klein 8de14306d4
aarch64 refine: first pass through Tcb_R 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:45 +10:00
Rafal Kolanski 20fad5b9fc
aarch64 refine: update vmattributes_map for devices 
Page is cachable if not a device.

Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:45 +10:00
Gerwin Klein a88bf412a5
aarch64 refine: remove 1 sorry 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:45 +10:00
Gerwin Klein 4834c2589a
aarch64 refine: first pass through CNodeInv_R 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:44 +10:00
Gerwin Klein 835d82c253
aarch64 refine: first pass through Interrupt_R 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:44 +10:00
Gerwin Klein 865facfde9
aarch64 refine: first pass through Ipc_R 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:44 +10:00
Rafal Kolanski 4dfb6f8ad3
aarch64 refine: first pass through Finalise_R 
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:44 +10:00
Gerwin Klein be22c7bfcc
aarch64 refine: set up Untyped_R from RISCV64, add hyp/vcpu 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:44 +10:00
Gerwin Klein 0a7eaece00
aarch64 refine: copy over Invocations_R from RISCV64 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:44 +10:00
Gerwin Klein f4c12a6d85
aarch64 refine: remove kernel_mappings in Retype/Detype 
These do not exist on AARCH64

Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:43 +10:00
Gerwin Klein 5601abc530
aarch64 refine: fill in VSpaceObject cases in Retype_R 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:43 +10:00
Rafal Kolanski a4536a17ce
aarch64 refine: first pass through Detype_R 
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:43 +10:00
Rafal Kolanski e508693534
aarch64 refine: first pass through Retype_R 
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:43 +10:00
Rafal Kolanski 3a77d097c4
aarch64 refine: first pass through IpcCancel_R 
needed some changes to Schedule_R and VSpace_R

Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:43 +10:00
Rafal Kolanski 044a97ed1a
aarch64 refine: first run through Schedule_R 
Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:42 +10:00
Rafal Kolanski 904056868d
aarch64 refine: add state_hyp_refs_of' to valid_state' 
Somehow we missed this on the first pass. Adjusted existing proofs.

Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:42 +10:00
Rafal Kolanski a79e06f419
aarch64 refine: first run through VSpace_R 
This required a lot of adaptation from ARM_HYP, rearranging, and fixing.
The VCPU lemmas are mostly now constrained to one area, making it
theoretically possible to make a VCPU theory in the future.

Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:42 +10:00
Gerwin Klein 0f11a7a52a
aarch64 refine: progress in ArchAcc 
Co-authored-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 2023-05-26 18:04:42 +10:00
Rafal Kolanski 97ebd07298
aarch64 refine: start on VSpace_R 
Up to and including handleVMFault_corres which needed a major overhaul.

Signed-off-by: Rafal Kolanski <rafal.kolanski@proofcraft.systems>
 2023-05-26 18:04:42 +10:00