Skip to content

Prove decodeSchedControl_configureFlags_ccorres and decodeInvocation_ccorres#902

Merged
lsf37 merged 6 commits intortfrom
michaelm-decodeSchedControl
Feb 11, 2026
Merged

Prove decodeSchedControl_configureFlags_ccorres and decodeInvocation_ccorres#902
lsf37 merged 6 commits intortfrom
michaelm-decodeSchedControl

Conversation

@michaelmcinerney
Copy link
Contributor

@michaelmcinerney michaelmcinerney commented Jun 19, 2025
edited
Loading

Test with seL4/seL4#1472

@michaelmcinerney michaelmcinerney self-assigned this Jun 19, 2025
@michaelmcinerney michaelmcinerney added the MCS related to `rt` branch and mixed-criticality systems label Jun 19, 2025
Xaphiosis
Xaphiosis reviewed Jun 24, 2025
View reviewed changes
Xaphiosis
Xaphiosis reviewed Jun 24, 2025
View reviewed changes
Xaphiosis
Xaphiosis reviewed Jun 24, 2025
View reviewed changes
Xaphiosis
Xaphiosis reviewed Jun 24, 2025
View reviewed changes
Xaphiosis
Xaphiosis reviewed Jun 24, 2025
View reviewed changes
Xaphiosis
Xaphiosis reviewed Jun 24, 2025
View reviewed changes
Xaphiosis
Xaphiosis reviewed Jun 24, 2025
View reviewed changes
Xaphiosis
Xaphiosis approved these changes Jun 24, 2025
View reviewed changes
Copy link
Member

@Xaphiosis Xaphiosis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good progress. Minor comments on content.

Have an issue with the commit "rt spec+crefine: prove decodeSchedControl_ConfigureFlags_ccorres": it's doing too much. Doing a multi-arch restructure like that and making something arch-specific should be in its own commit. This will be particularly important when dealing with arch-split in future.

The decode_sched_control_configure_flags update can indeed go in with the proof commit.

lsf37
lsf37 reviewed Jun 24, 2025
View reviewed changes
lsf37
lsf37 approved these changes Jun 24, 2025
View reviewed changes
Copy link
Member

@lsf37 lsf37 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. Only some arch split and lemma moving comments, content is good.

@michaelmcinerney michaelmcinerney force-pushed the michaelm-decodeSchedControl branch from 6493044 to 1eec353 Compare July 28, 2025 12:17
@michaelmcinerney
Copy link
Contributor Author

michaelmcinerney commented Jul 28, 2025

I've updated the PR, hopefully addressing all the comments. There's a new commit for TIME_ARG_SIZE, making it arch generic, and all the changes to the ccorres proof are in a new commit that I'll squash.

lsf37
lsf37 reviewed Jul 30, 2025
View reviewed changes
lsf37
lsf37 reviewed Jul 30, 2025
View reviewed changes
lsf37
lsf37 approved these changes Jul 30, 2025
View reviewed changes
Copy link
Member

@lsf37 lsf37 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good from my side, only request is to put the word_bits lemma higher up in the theory tree.

@michaelmcinerney michaelmcinerney force-pushed the michaelm-decodeSchedControl branch from eb9d9ee to 85bc1fd Compare July 31, 2025 04:31
@michaelmcinerney
rt machine+spec+haskell: correct value of TIME_ARG_SIZE
c4db830 
This corrects the value of TIME_ARG_SIZE/timeArgSize for
RISCV, and furthermore gives an architecture independent
definition of this constant.

Signed-off-by: Michael McInerney <[email protected]>
@michaelmcinerney
lib: add mult_le_mono3 to LemmaBucket
e2033d4 
Signed-off-by: Michael McInerney <[email protected]>
@michaelmcinerney
word_lib: add word_of_nat_div to More_Word
a0e2e4b 
Signed-off-by: Michael McInerney <[email protected]>
@michaelmcinerney michaelmcinerney force-pushed the michaelm-decodeSchedControl branch from 85bc1fd to cbf743c Compare February 9, 2026 10:08
@michaelmcinerney
Copy link
Contributor Author

michaelmcinerney commented Feb 9, 2026

Force pushed after rebasing over rt (including the merges from master)

@michaelmcinerney
refine: add wordBits_word_bits to Bits_R
2f3dd83 
Signed-off-by: Michael McInerney <[email protected]>
@michaelmcinerney
rt spec+crefine: prove decodeSchedControl_ConfigureFlags_ccorres
9fb19ad 
The definition of decode_sched_control_configure_flags is updated
to align with the C.

Signed-off-by: Michael McInerney <[email protected]>
@michaelmcinerney michaelmcinerney force-pushed the michaelm-decodeSchedControl branch from cbf743c to 5be5ba3 Compare February 11, 2026 08:31
@lsf37 lsf37 merged commit 03b49d7 into rt Feb 11, 2026
10 of 14 checks passed
@lsf37 lsf37 deleted the michaelm-decodeSchedControl branch February 11, 2026 23:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lsf37 lsf37 lsf37 approved these changes

@corlewis corlewis Awaiting requested review from corlewis

@Xaphiosis Xaphiosis Awaiting requested review from Xaphiosis

Assignees

@michaelmcinerney michaelmcinerney

Labels

MCS related to `rt` branch and mixed-criticality systems

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@michaelmcinerney @Xaphiosis @lsf37