#
a424d55e |
|
09-Mar-2020 |
Gerwin Klein <gerwin.klein@data61.csiro.au> |
licenses: convert license tags to SPDX
|
#
5d1525bb |
|
01-Nov-2018 |
Japheth Lim <Japheth.Lim@data61.csiro.au> |
access: proof style cleanup (for GrantReply patch) As the title says, this commit introduces general formatting and style cleanup, but only for the parts touched by the recent GrantReply patch.
|
#
86bbe323 |
|
22-May-2018 |
Thibaut Perami <thibaut.perami@data61.csiro.au> |
access: Fix for GrantReply (SELFOUR-6) Integrity and pasRefined are majorly changed The main repercussions are: - 3 new authorities in the policy: Call, Reply, and DeleteDerived - The cdt and the caps state are linked in pasRefined - CDT parentship no longer implies control in certain cases (is_transferable) - CDT parentship now implies DeleteDerived - Introduction of cdt_change_allowed that specifies which slot your are allowed to modify - Integrity for CDT and CDT list use cdt_changes_allowed - Integrity for objects in now expressed as a transitive closure of atomic transition rules
|
#
8173a37c |
|
13-Aug-2018 |
Mitchell Buckley <mitchell.buckley@data61.csiro.au> |
Updated specs and proofs for SELFOUR-1491: control IRQ triggering on ARM.
|
#
796887d9 |
|
11-Jul-2017 |
Alejandro Gomez-Londono <alejandro.gomez@nicta.com.au> |
Removes all trailing whitespaces
|
#
47119bf4 |
|
13-Jan-2017 |
Gerwin Klein <gerwin.klein@nicta.com.au> |
wp_cleanup: update proofs for new wp behaviour The things that usually go wrong: - wp fall through: add +, e.g. apply (wp select_wp) -> apply (wp select_wp)+ - precondition: you can remove most hoare_pre, but wpc still needs it, and sometimes the wp instance relies on being able to fit a rule to the current non-schematic precondition. In that case, use "including no_pre" to switch off the automatic hoare_pre application. - very rarely there is a schematic postcondition that interferes with the new trivial cleanup rules, because the rest of the script assumes some specific state afterwards (shouldn't happen in a reasonable proof, but not all proofs are reasonable..). In that case, (wp_once ...)+ should emulate the old behaviour precisely.
|
#
41d4aa4f |
|
25-Oct-2016 |
Matthew Brecknell <Matthew.Brecknell@data61.csiro.au> |
Isabelle2016-1: update references to renamed constants and facts
|
#
0e5ffd1e |
|
27-Apr-2016 |
Matthew Brecknell <Matthew.Brecknell@nicta.com.au> |
arch_split: requalify abstract theories
|
#
14f75701 |
|
21-Apr-2016 |
Matthew Brecknell <Matthew.Brecknell@nicta.com.au> |
arch_split: Access checking
|
#
33b5dab6 |
|
08-Feb-2016 |
Gao Xin <xin.gao@nicta.com.au> |
l4v-sabre: proof fix upto InfoFlowC
|
#
1d0366ac |
|
26-Jan-2016 |
Joel Beeren <joel.beeren@nicta.com.au> |
msi: Restructure IOAPIC, MSI interrupts for x86, fix up ARM proofs for new API
|
#
7c3a06a8 |
|
28-Oct-2015 |
Thomas Sewell <Thomas.Sewell@nicta.com.au> |
Minor adjustments caused by Strengthen changes.
|
#
b3e2eb1f |
|
27-Aug-2014 |
Joel Beeren <joel.beeren@nicta.com.au> |
ioapic: finished up to InfoFlowC
|
#
2a03e81d |
|
14-Jul-2014 |
Gerwin Klein <gerwin.klein@nicta.com.au> |
Import release snapshot.
|