Closed zpzigi754 closed 4 months ago
jinbpark
commented
4 months ago How about putting $ RMI_TARGET=rmi_granule_(un)delegate make verify into README.md (in root dir). It would be nice to show people what we're doing for verification in the first place, especially given that only one month left to CC summit. (+ updating our github pages later?)
zpzigi754
commented
4 months ago How about putting
$ RMI_TARGET=rmi_granule_(un)delegate make verifyinto README.md (in root dir). It would be nice to show people what we're doing for verification in the first place, especially given that only one month left to CC summit. (+ updating our github pages later?)
Thank you for the suggestion! I've slightly updated README.md and added a page about verification.
This PR adds two verification harnesses for model checking: RMI_GRANULE_DELEGATE and RMI_GRANULE_UNDELEGATE.
It found one correctness bug (https://github.com/islet-project/islet/pull/307).
How to use?
Summary of changes
is_validpredicate for ensuring Granule Status Table (GST)'s valid statuscommonmodule (pre_/post_granule_state(),pre_/post_granule_gpt(), etc)About host memory modeling
This models the Host memory as a pre-allocated memory region which can avoid a false positive related to invalid memory accesses in model checking. Also, instead of using the same starting address (e.g., 0x8000_0000), it uses a mock region filled with non-deterministic contents. This approach helps to address an issue related to the backend CBMC's pointer encoding, as 0x8000_0000 cannot be distinguished from null pointer in CBMC.
Invariants with
is_valid()predicateThe added
is_valid()predicate can be used to ensure that all granule entries in GST are in valid status conforminig to the spec A2.2.1.