Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lemmas for simplifying masking and thread states #817

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

michaelmcinerney
Copy link
Contributor

No description provided.

(* The magic 4 comes out of the bitfield generator -- this applies to all versions of the kernel. *)
lemma
shows ThreadState_Restart_mask[simp]:
"(scast ThreadState_Restart::machine_word) && mask 4 = scast ThreadState_Restart"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: I'd much prefer scast ThreadState_Restart :: machine_word to the version with no spaces; the no-space version visually indicates a cast of ThreadState_Restart as if it were an 'a, but I assume that what's intended is that machine_word is the target of the scast

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

by the way: is ThreadSTate_Restart coming from the C or the Haskell? I'm trying to think if there's a nice way to generate these lemmas in one go.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are all from the C, in include/object/structures.h. The Haskell has similar things, but doesn't use the ThreadState prefix in the names.

And due to an ifdef in the C, I forgot to include IdleThreadState. I'll add a fixup commit for that

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, then there's probably no nice way to generate these lemmas. There might be some hack where we go from x : set [ThreadState_Restart, ...] ==> (scast x :: machine_word) && mask 4 = scast x and explode it, but I'm not sure how much nicer that is.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm happy with the manual enumeration for now. The result is better than what we had before and if we can think of a nice way to make this shorter, we can still deploy it later without having to update the rest of the proofs.

@michaelmcinerney
Copy link
Contributor Author

This is causing tests to fail. I'll check this out tonight and hopefully push a fixup commit tonight or tomorrow

Copy link
Member

@lsf37 lsf37 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are still proof failures in ARM_HYP and another session, but the principle is good. I'd be happy with merging this once the failures are resolved.

@michaelmcinerney michaelmcinerney force-pushed the michaelm-mask_thread_state branch from 2aa94b2 to 1dc7463 Compare December 19, 2024 23:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants