MCS: merge master into rt #680
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The worklow_dispatch trigger adds a button in the GitHub UI that lets one trigger the workflow manually. Useful for testing the workflows. Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Rafal Kolanski <[email protected]>
Switch exclusion to Refine. Signed-off-by: Rafal Kolanski <[email protected]>
Quite a few issues remain, notably validity of ASID maps and relationship to ASID table is missing from valid_arch_state' Signed-off-by: Rafal Kolanski <[email protected]>
Signed-off-by: Rafal Kolanski <[email protected]>
Only text replacement of RISCV64->AARCH64 for now. Signed-off-by: Rafal Kolanski <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Co-authored-by: Rafal Kolanski <[email protected]> Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Don't store the bottom 12 bits of the base address for page table PTEs, because we know they are zero. This gives us implicit alignment to pageBits in the page table walker. The C code stores only 36 significant bits, whereas this commit still uses a full 64-bit machine word for the ppn in Haskell. To be adjusted in a future change. Signed-off-by: Gerwin Klein <[email protected]>
Co-authored-by: Rafal Kolanski <[email protected]> Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Add VCPU/hyp material from ARM_HYP, fix up broken lemmas. Co-authored-by: Rafal Kolanski <[email protected]> Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Add VCPU/hyp lemmas from ARM_HYP, fix and update failing lemmas. Leave 1 sorry on pspace_canonical, which might not be needed for AARCH64. Co-authored-by: Rafal Kolanski <[email protected]> Signed-off-by: Gerwin Klein <[email protected]>
Co-authored-by: Rafal Kolanski <[email protected]> Signed-off-by: Gerwin Klein <[email protected]>
Co-authored-by: Rafal Kolanski <[email protected]> Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Rafal Kolanski <[email protected]>
Signed-off-by: Rafal Kolanski <[email protected]>
The way we handle vcpuBits on AARCH64 is different to ARM_HYP. This seems the most logical place to put vcpuBits_def to aid automation. Signed-off-by: Rafal Kolanski <[email protected]>
Signed-off-by: Rafal Kolanski <[email protected]>
Signed-off-by: Rafal Kolanski <[email protected]>
Signed-off-by: Rafal Kolanski <[email protected]>
Up to and including handleVMFault_corres which needed a major overhaul. Signed-off-by: Rafal Kolanski <[email protected]>
Co-authored-by: Rafal Kolanski <[email protected]> Signed-off-by: Gerwin Klein <[email protected]>
This required a lot of adaptation from ARM_HYP, rearranging, and fixing. The VCPU lemmas are mostly now constrained to one area, making it theoretically possible to make a VCPU theory in the future. Signed-off-by: Rafal Kolanski <[email protected]>
Somehow we missed this on the first pass. Adjusted existing proofs. Signed-off-by: Rafal Kolanski <[email protected]>
Signed-off-by: Corey Lewis <[email protected]>
In particular, try to remove as many as possible _tac methods that refer to system-generated variable names. Any remaining uses are explicitly protected by a rename_tac. Signed-off-by: Corey Lewis <[email protected]>
Signed-off-by: Michael McInerney <[email protected]>
Signed-off-by: Michael McInerney <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Rafal Kolanski <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
The code draws in table.ML from the Isabelle source, which changed in the 2023 release. This commit adds further library functions from Isabelle library.ML and extracts the parts of unsynchronized.ML that work with mlton. Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Gerwin Klein <[email protected]>
Signed-off-by: Corey Lewis <[email protected]>
Signed-off-by: Corey Lewis <[email protected]>
lsf37
approved these changes
Oct 12, 2023
There was a problem hiding this comment.
Good work. There's a whole lot more mapsto and corresKsimp going on in rt than I thought.
Since the test is still set to Isabelle2022 we should probably do a PR on mcs.xml in the manifest repo first and the re-run the tests here to double-check before we merge.
michaelmcinerney
approved these changes
Oct 12, 2023
corlewis
commented
Oct 12, 2023
| apply (rule alternative_valid; (solves wpsimp)?) | ||
| apply (rule alternative_wp[where P=P and P'=P for P, simplified]; (solves wpsimp)?) |
There was a problem hiding this comment.
I forgot to point this out when I made this PR. alternative_valid was removed on master due to not being used, but did have a couple of uses in rt as part of some forward reasoning proofs.
Are we ok with what I've done here, which is basically inlining it in the two places it was used? The obvious to me other options would be to either add alternative_valid back to Nondet_VCG, or to rework these proofs to be backwards.
There was a problem hiding this comment.
I'd be OK with what you've done here, but wouldn't mind if these proofs were reworked to be backwards. I'm pretty sure they'd be my proofs originally, so I'd be happy to do that. I think these were for preemption_point, which is not the nicest function to deal with, so it might not be so straightforward.
There was a problem hiding this comment.
I'd be fine with either. Definitely no problems with it being reworked as backwards proof. Could also be in a separate PR.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This includes the update to Isabelle2023. As usual with merges, the last commit is probably the only one that it makes sense to review.