Move it to ArchMove_C for each architecture except RISCV64. On RISCV64
the definitions of obj_range has changed to use mask_range and hence the
lemma statement would look different.
Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
Update specs and proofs for ARM platforms to contain TPIDRURO in the
TCB user context rather than treating it as a VCPU register, following
change in C.
Signed-off-by: Rafal Kolanski <rafal.kolanski@data61.csiro.au>
This was used to make sure the LaTeX document from literate Haskell builds.
Since this document is retired, we don't need the check any more.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
We keep on forgetting what the parameters to loadObject and storeObject
mean, and why we have pspace_storable in the first place. Hopefully
these comments mean having to re-remember fewer things.
Signed-off-by: Edward Pierzchalski <ed.pierzchalski@data61.csiro.au>
Sometimes we want to prove a fact, but the fact is painful or
error-prone to type out manually. In these cases, we'd like to construct
the goal fact using ML and then immediately enter a proof block.
Previously, we could achieve something like this through careful use of
`Thm.trivial` and `schematic_goal`, but this would clutter up the ML
namespace and wouln't handle meta conjuncts (`&&&`). The new `ML_goal`
command addresses both of these issues.
Signed-off-by: Edward Pierzchalski <ed.pierzchalski@data61.csiro.au>
Adds `unfold` for constructing a list from a generating function, and
adds `range` for constructing a range of numbers.
Signed-off-by: Edward Pierzchalski <ed.pierzchalski@data61.csiro.au>
Changes the mungedb to also indicate whether a given munged name has an
alias.
In the Distant Past, the C parser emitted long and short names, and the
mungedb output recorded those names. When definitions were reordered in
a C file, different C variables might get the short name; this could
break proofs, but the mungedb output would indicate the change ahead of
time.
Now, the C parser emits long names for every C variable, but it also
emits a short abbreviation to replicate the behaviour of the C parser in
the Distant Past. However, the mungedb only displayed *definitions*, not
*abbreviations*, so if the variable abbreviated by a short name changed
then the mungedb wouldn't pick up on the change.
This commit changes the output to include an "alias status", indicating
whether the short C name has been exported as an alias for the indicated
Isabelle name. It also adds a test to confirm that the mungedb output
tracks aliasing correctly.
Signed-off-by: Edward Pierzchalski <ed.pierzchalski@data61.csiro.au>
This gives a significant speedup to the install_C_file command
when it generates field_lookup lemmas for struct types.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
Turns out the reuse tool will get confused by the addition SPDX tag
in the file, even though it is not in a comment. This commit pulls
out the tag such that string matching will not trigger on it.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
This allows some git operations (e.g. fetch) without requiring a
c-kernel rebuild.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Hotfix for a7ed68e75d, which moved some lemmas from X64 Move_C.thy into
Lib. `eq_restrict_map_None` being in the simp set caused several
breakages across other arches.
Signed-off-by: Victor Phan <Victor.Phan@data61.csiro.au>
A rule to generate `%.thy` from `%.c` was previously too general, such
that it could fire for `%.thy` files that were not intended to be
generated, overwriting existing `%.thy` files.
This recently became an intermittent problem, when several `%.c` files
were updated to comply with style checks. Depending on how an `l4v`
checkout was updated, this sometimes made those `%.c` files newer than
the corresponding `%.thy` files.
This commit converts the implicit pattern rule into a static pattern
rule that applies to exactly those `%.thy` files that are intended to be
generated.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
The branch name of the pull request doesn't necessarily exist in the
origin repo if the pull request is from a fork. Using the hash directly
should be more reliable.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
The check runs `git diff --check $base_ref`, which has non-zero
error code if either trailing whitespace or conflict markers are
present.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
When the license check runs, the `l4v` repo is not necessarily
in the full `repo` context, i.e. the `isabelle` link is dangling.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
This commit adds github workflow actions for a few simple checks from
the main regression test suite to give instant automatic feedback on
github pull requests. Specifically, it adds the following checks:
- sel4_tools style
- sel4_tools shell scripts
- gitlint
- `reuse` SPDX license check
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
This file is generated during AutoCorresTest, so we can ignore it for
the Licenses check. This avoids spurious failures of the Licenses check,
when run after AutoCorresTest.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Previously, we would rebuild the kernel if any file in the `seL4`
repository changed since previous `cmake` setup. Since the kernel build
after the `cmake` setup generates `__pycache__` directories in the
`seL4` tree, this would cause some unnecessary rebuilds.
This commit explicitly excludes `__pycache__` directories from the set
of files considered to be dependencies of the kernel build.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Previously AUXUPD did not contribute to modifies proofs, and the only
reason this worked was that there usually is some heap assignment
somewhere else in the function if there is an AUXUPD. This commit adds
a modifies clause for the heap if a function has an AUXUPD.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
The seL4 foundation requires a developer certificate of origin instead of
a contributor license agreement.
Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au>
This effectively reverts commit 2fec23d646, which was a previous attempt
at fixing a race condition in the design spec generation, which turned
out to be ineffective. Since the `design-spec` test had the same effect
as the `haskell-translator` test on which it depended, it was redundant,
and can be removed.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Previously the Makefile rule for generating the design spec depended on
all Haskell source files in `spec/haskell`. This unintentionally
included files generated by the Haskell kernel build in
`spec/haskell/dist`. This meant that for `run_tests` builds in which the
Haskell kernel test completes *after* the initial generation of the
design spec, subsequent Makefile jobs which depend on the design spec
could cause re-runs of the design spec. Furthermore, if `run_tests` runs
several such jobs concurrently, race conditions in concurrent runs of
the design spec could cause errors.
Since the design spec does not make use of the generated Haskell source
in `spec/haskell/dist`, this commit restricts the design spec
dependencies to Haskell source files in `spec/haskell/src`.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Python 2 has passed its sunset date, and many distributions are
withdrawing support for Python 2.
PEP 394 recommends distributions always install versioned interpreter
commands (e.g. `python3`), but does not make a recommendation about
whether or not an unversioned command (`python`) should exist, or what
version it should run.
It therefore seems advisable to explicitly run scripts using the
`python3` command, for scripts that are compatible with Python 3.
Here, we do this for Python scripts used by `run_tests`. For this to
work, some scripts have been updated in ways that will break Python 2
compatibility. But for some other scripts which were already compatible
with both Python 2 and 3, we have not yet removed Python 2
compatibility. There are also miscellaneous scripts that are not used by
`run_tests`, and these have not yet been updated to Python 3.
Signed-off-by: Matthew Brecknell <Matthew.Brecknell@data61.csiro.au>
Rafal Kolanski
Gerwin Klein
Edward Pierzchalski
Brian Huffman
Matthew Brecknell
Victor Phan
Amirreza Zarrabi
Matthew Fernandez