This project is mirrored from https://github.com/seL4/seL4.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner.
Last successful update .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner.
Last successful update .
- Jan 06, 2015
-
-
akroh authored
-
- Dec 23, 2014
-
-
Anna Lyons authored
-
- Dec 18, 2014
- Dec 11, 2014
-
-
Gerwin Klein authored
Consolidating to one simulator to get simulator builds running again. The source setup is still for multiple potential targets so it remains reasonably easy to add different architectures like x86 to the Haskell model if needed.
-
- Dec 04, 2014
-
-
Gerwin Klein authored
HaskellCPU and Alpha implementations have fallen far behind the current kernel structure, haven't been used for years, and are not included in the build. Removing them to avoid confusion.
-
- Nov 27, 2014
-
-
Gerwin Klein authored
-
Gerwin Klein authored
-
Gerwin Klein authored
-
Gerwin Klein authored
-
Adrian Danis authored
-
- Nov 26, 2014
-
-
Gerwin Klein authored
-
Matthew Fernandez authored
-
- Nov 23, 2014
-
-
Gerwin Klein authored
-
Gerwin Klein authored
-
- Nov 19, 2014
-
-
Anna Lyons authored
-
Anna Lyons authored
separate benchmark output by tabs instead of spaces such that it is easier to paste into spreadsheet programs
-
- Nov 17, 2014
-
-
Matthew Fernandez authored
Comparing a pointer against a literal without an explicit cast is not supported by the C parser. JIRA: VER-429
-
Matthew Fernandez authored
-
- Nov 12, 2014
-
-
Matthew Fernandez authored
This has no effect on the code, but makes this value visible as a named constant in Isabelle when importing C sources. It avoids us having to reference 120 as a magic number in numerous proofs.
-
- Nov 11, 2014
-
-
Matthew Fernandez authored
-
- Nov 06, 2014
-
-
Matthew Fernandez authored
This commit adds a two new output targets for the bitfield generator, --autocorres-defs and --autocorres-proofs. These produce, respectively, abstract definitions of the generated C functions suitable for use in AutoCorres proofs and WP/simp lemmas suitable for use within AutoCorres proofs of functions that call the generated C functions. Existing behaviour and functionality should be unaffected.
-
Matthew Fernandez authored
-
Matthew Fernandez authored
Stdout is not suitable as an output target for these things.
-
- Nov 05, 2014
-
-
Gerwin Klein authored
-
- Oct 31, 2014
-
-
Adrian Danis authored
Having the padding types as INT_MAX + 1 means C++ compilers will end up using a signed 64 bit integer, as that is the only type that can have a value that large, as well as the negative values our enums typically contain
-
- Oct 28, 2014
-
-
Matthew Fernandez authored
The bitfield generator constructs tags as enums. The compiler is free to back these by any type big enough to cover the enum. The generator emits code that uses these tag values in mask and shift operations where the target type is typically a uint32_t. As a result, it can produce code involving undefined shifts like: (seL4_CapData_Badge & 0x1) << 31 This commit casts the tag value to the unsigned target type before masking to ensure everything is done on an appropriate sized unsigned type. JIRA: SELFOUR-193
-
Matthew Fernandez authored
The bitfield generator uses the macros CONST and PURE which, for libsel4, are defined in macros.h.
-
- Oct 27, 2014
-
-
Matthew Fernandez authored
-
- Oct 22, 2014
-
-
Gerwin Klein authored
trivial: Print domain values as unsigned integers in user errors.
-
Adrian Danis authored
-
Adrian Danis authored
-
- Oct 21, 2014
-
-
Matthew Fernandez authored
Domains are unnecessarily treated explicitly as 8-bit values within boot info. Though there are existing proof constraints that limit the maximum domain value to 8 bits, most of the code would permit domain values up to 32 bits. The maximum value is unnecessarily constrained in boot info, a restriction which this commit removes. Closes VER-341
-
Matthew Fernandez authored
With the comparison preceding this being done on unsigned integers, this avoids confusing error messages like '-2147482648 >= 1'.
-
Matthew Fernandez authored
-
- Oct 20, 2014
-
-
Matthew Fernandez authored
Implements two trivial functions that were present for IA32, but not included in the corresponding ARM header. Closes SELFOUR-226
-
Matthew Fernandez authored
Does not affect verification.
-
- Oct 17, 2014
-
-
Adrian Danis authored
Derive a new IPC buffer cap when inserting into the initial threads TCB to remove mapping information For any other thread setting the IPC buffer via TCB_Configure will result in a derived capability being installed that does not have mapping information. This leads to a expected behaviour that setting a new IPC buffer (even if it is the same as the current one), will not perform an unmapping.
-
- Oct 16, 2014
-
-
Peter Chubb authored
Remove trailing whitespace, and align comments.
-