-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lemmas for simplifying masking and thread states #817
base: master
Are you sure you want to change the base?
Conversation
proof/crefine/X64/Wellformed_C.thy
Outdated
(* The magic 4 comes out of the bitfield generator -- this applies to all versions of the kernel. *) | ||
lemma | ||
shows ThreadState_Restart_mask[simp]: | ||
"(scast ThreadState_Restart::machine_word) && mask 4 = scast ThreadState_Restart" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick: I'd much prefer scast ThreadState_Restart :: machine_word
to the version with no spaces; the no-space version visually indicates a cast of ThreadState_Restart as if it were an 'a
, but I assume that what's intended is that machine_word
is the target of the scast
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
by the way: is ThreadSTate_Restart coming from the C or the Haskell? I'm trying to think if there's a nice way to generate these lemmas in one go.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are all from the C, in include/object/structures.h
. The Haskell has similar things, but doesn't use the ThreadState
prefix in the names.
And due to an ifdef
in the C, I forgot to include IdleThreadState
. I'll add a fixup commit for that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, then there's probably no nice way to generate these lemmas. There might be some hack where we go from x : set [ThreadState_Restart, ...] ==> (scast x :: machine_word) && mask 4 = scast x
and explode it, but I'm not sure how much nicer that is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm happy with the manual enumeration for now. The result is better than what we had before and if we can think of a nice way to make this shorter, we can still deploy it later without having to update the rest of the proofs.
This is causing tests to fail. I'll check this out tonight and hopefully push a fixup commit tonight or tomorrow |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are still proof failures in ARM_HYP and another session, but the principle is good. I'd be happy with merging this once the failures are resolved.
Signed-off-by: Michael McInerney <[email protected]>
Signed-off-by: Michael McInerney <[email protected]>
Signed-off-by: Michael McInerney <[email protected]>
2aa94b2
to
1dc7463
Compare
No description provided.