Gerwin Klein
ce9f9ffe60
isabelle-2021: update DRefine
...
Signed-off-by: Gerwin Klein <kleing@unsw.edu.au>
2021-09-30 16:53:17 +10:00
Gerwin Klein
cf8e90c2ce
drefine: Isabelle2020 update
...
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
2020-10-27 15:52:31 +10:00
Gerwin Klein
a424d55e3e
licenses: convert license tags to SPDX
2020-03-13 14:38:24 +08:00
Gerwin Klein
0ed60666e3
drefine: invocation label proof updates
2020-02-03 12:56:19 +08:00
Victor Phan
9938dd39da
drefine: update for PageMap replacing PageRemap (SELFOUR-161)
2019-10-10 11:27:28 +11:00
Japheth Lim
3758df05df
dspec, drefine: fix for GrantReply (SELFOUR-6)
...
Nothing too exciting here, just duplicating the new GrantReply logic
from ASpec and repairing the proofs.
2018-12-10 20:01:38 +11:00
Gerwin Klein
15bfcdd98b
reduce DRefine dependencies from Refine to AInvs
...
This needs (and includes) some deduplication and moving of lemmas formerly in
refine.
2018-10-22 13:21:11 +11:00
Mitchell Buckley
8173a37c2d
Updated specs and proofs for SELFOUR-1491: control IRQ triggering on ARM.
2018-09-19 16:18:09 +10:00
Gerwin Klein
6b9d9d24dd
Isabelle2018: new "op x" syntax; now is "(x)"
...
(result of "isabelle update_op -m <dir>")
2018-08-20 09:06:35 +10:00
Gerwin Klein
011e08458e
Isabelle2018: new comment syntax
...
(result of "isabelle update_comments <dirs>")
2018-08-20 09:06:35 +10:00
Corey Lewis
571ef6d0ca
crefine+drefine+access+infoflow: update proofs for SetTLSBase (VER-807)
2018-07-03 13:42:22 +10:00
Michael Sproul
f0795805d1
SELFOUR-1016: fix confused deputy problem when setting priorities
2018-02-26 11:19:43 +11:00
Alejandro Gomez-Londono
796887d9b1
Removes all trailing whitespaces
2017-07-12 15:13:51 +10:00
Matthew Brecknell
511c6b2d3a
Isabelle2016-1: rename free variables to avoid capture
2017-01-05 14:24:36 +11:00
Matthew Brecknell
41d4aa4f1d
Isabelle2016-1: update references to renamed constants and facts
2017-01-05 14:23:05 +11:00
Alejandro Gomez-Londono
1289f7bc6e
Updating remaining proofs for tcb_arch reserved_irq and arch_fault changes
...
* tcb_context rephrasing to (tcb_context o tcb_arch) and respectively
for set operations
* unfolding of reserved_irq for trivially solving most lemmas
* Changes to the inductive definition of integrity_obj to account for
tcb_arch and tcb_context new location
* Changes to the tcb examples in ExampleSystem to include tcb_arch
* Rephrasing of domain_sep_inv to accommodate the ReservedIRQ case
* Mostly rephrasing of tcb_context to (some form of) (tcb_context o tcb_arch)
* Trivial unfolding of handle_reserved_irq for hoare rules
* Examples in Example_Valid_State.thy were updated
* Nothing remarkable, mostly rephrasing of tcb_context and ReservedIRQ
handling
* Fun fact, some proofs are now shorter
tags: [VER-623][SELFOUR-413]
2016-11-25 13:51:07 +11:00
Joel Beeren
2553371a14
SELFOUR-64: Remove general Recycle operation
...
This removes the RecycleCap CNodeInvocation, whilst
retaining recycle behaviour for Endpoints -- now renamed
CNodeCancelBadgedSends.
2016-11-18 14:11:12 +11:00
Matthew Brecknell
a3714e8190
SELFOUR-276: Finish proofs for maximum controlled priority (MCP)
...
To finish the proof of refinement to C, the specification for checkPrio
needed strengthening: the checkPrio spec now takes a machine word
argument. In the spec, priorities are still stored as 8-bit quantities,
however. Once the spec was strenthened, it was possible to remove some
redundant checks and mask operations from the C code.
A thread's maximum controlled priority (MCP) determines the maximum
thread priority or MCP it can assign to another thread (or itself).
2016-10-05 02:43:41 +11:00
Xin,Gao
113315d9a6
SELFOUR-421: merge and fix up to ArmConfidentiality proof
2016-09-22 19:21:56 +10:00
Xin,Gao
e00e4c4e64
SELFOUR-421: add device bit in UntypedCap and FrameCap in capdl
2016-09-22 19:11:37 +10:00
Matthew Brecknell
5fb1660da9
arch_split: DRefine checking
2016-05-01 10:09:19 +10:00
Miki Tanaka
6f6c58168c
SELFOUR-56: Remove diminish rights from IPC
2016-02-24 13:24:10 +11:00
Gao Xin
bc73b112bd
l4v-sabre: change type of irq to be 10 word
2016-02-17 11:18:02 +11:00
Joel Beeren
1d0366ac5e
msi: Restructure IOAPIC, MSI interrupts for x86, fix up ARM proofs for new API
2016-02-02 15:57:28 +11:00
Daniel Matichuk
a1f23e5b28
arch_split: DRefine now builds
2016-01-25 18:42:27 +11:00
Joel Beeren
efb4c61816
archirq: Remove redundant invocation, renamed
...
arch_decode_interrupt_control.
2016-01-14 17:50:33 +11:00
Joel Beeren
457a55a831
add arch_tcb object to C, rename aep -> ntfn
2015-11-20 16:02:13 +11:00
Ramana Kumar
0fb88ea01c
Merge branch 'master' into aep-merge
...
This commit should at least remove merge conflict markers, and the idea
is that at least refine, crefine, drefine, and infoflow (with sorrys)
build. Subsequent commits may be required to fix build issues that I
have not picked up.
2015-09-10 17:06:45 +10:00
Ramana Kumar
d88a931ec7
history squashed patch for aep-binding
2015-09-02 15:43:39 +10:00
Gerwin Klein
f6124669fc
2015 update for DRefine
2015-05-13 09:52:32 +02:00
David Greenaway
0c004d2a93
Merge branch 'master' into 'isabelle-2014'.
...
Conflicts:
proof/drefine/Arch_DR.thy
proof/drefine/Finalise_DR.thy
proof/drefine/StateTranslation_D.thy
sys-init/DuplicateCaps_SI.thy
sys-init/Proof_SI.thy
tools/autocorres/tests/examples/SchorrWaite.thy
2014-09-23 14:31:33 +10:00
Andrew Boyton
ea58753cd7
Merge branch 'cdl_page_map_cancel'
...
Merge in the setting of registers and the starting of threads in the system initialser.
2014-09-18 17:21:17 +10:00
David Greenaway
cc71c3aadf
drefine: More updates for Isabelle 2014.
2014-09-18 11:04:47 +10:00
David Greenaway
cf0d1abce6
Merge 'master' into 'isabelle-2014'.
...
Conflicts:
proof/crefine/Fastpath_C.thy
proof/drefine/KHeap_DR.thy
proof/infoflow/Noninterference.thy
spec/design/version
sys-init/DuplicateCaps_SI.thy
sys-init/InitTCB_SI.thy
sys-init/Proof_SI.thy
tools/asmrefine/SimplExport.thy
tools/autocorres/tests/examples/SchorrWaite.thy
2014-09-17 14:21:13 +10:00
Gao Xin
47662af345
fix DSpecProofs
2014-09-09 15:57:52 +10:00
Andrew Boyton
7167ea42ac
CapDL: Made IRQ Nodes a new object type, not a small CNode.
...
IRQ Nodes are now their own object type in capDL. This makes it much easier
to distinguish between "real" CNodes and IRQ Nodes.
Updated:
* the capDL refinement,
* the access proofs, and
* the system initialiser.
2014-09-09 14:07:50 +10:00
Gao Xin
77dd554227
page_map_unmap_cancel : cdl spec changed and drefine fixed.
2014-09-05 14:48:22 +10:00
Joel Beeren
b3e2eb1f9d
ioapic: finished up to InfoFlowC
2014-08-28 15:56:26 +10:00
Thomas Sewell
71e7dcc319
Fix Access, InfoFlow and DRefine.
2014-08-13 16:45:40 +10:00
Gerwin Klein
1af1d2b67b
some of the global Isabelle2014 renames
...
option_case -> case_option
sum_case -> case_sum
prod_case -> case_prod
Option.set -> set_option
Option.map -> map_option
option_rel -> rel_option
list_all2_def -> list_all2_iff
map.simps -> list.map
tl.simps -> list.sel(2-3)
the.simps -> option.sel
2014-08-09 15:39:20 +10:00
Gerwin Klein
9d9a325032
Updates for getpaddr system call (by Joel Beeren)
2014-07-18 17:21:34 +02:00
Gerwin Klein
84595f4233
release cleanup
2014-07-17 18:22:50 +02:00
Gerwin Klein
2a03e81df4
Import release snapshot.
2014-07-14 21:32:44 +02:00