Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enlarge the trace monad rule set for RG logic #721

Merged
merged 4 commits into from
Mar 26, 2024
Merged

Enlarge the trace monad rule set for RG logic #721

merged 4 commits into from
Mar 26, 2024

Conversation

corlewis
Copy link
Member

This generally follows the structure and naming conventions of the existing rule set for Hoare logic, in Trace_VCG.thy and Trace_More_VCG.thy (and the very similar ruleset and files in the nondet directory).

I took the opportunity to make some changes as I went along. In particular:

  • validIE_R and validIE_L are abbreviations instead of definitions.
  • some lemmas were relocated to better follow the structure of the file and to improve reuse.
  • some lemmas were renamed in an attempt to be more consistent.

It would be good to propagate the last two back to the Hoare versions, to keep things consistent and allow us to update the rest of the proofs now. The first one might not be worth it however, as it would require too many other changes to work.

Lemmas for lifting over combinators in the guarantee have been left out for now as it is unclear if they would be useful. They shouldn't be too hard to add if we come across a use case.

@corlewis corlewis added the multicore anything related to multicore verification label Feb 21, 2024
@corlewis corlewis self-assigned this Feb 21, 2024
lsf37
lsf37 approved these changes Feb 26, 2024
View reviewed changes
Copy link
Member

@lsf37 lsf37 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy with that.

@lsf37
Copy link
Member

lsf37 commented Feb 26, 2024

It would be good to propagate the last two back to the Hoare versions, to keep things consistent and allow us to update the rest of the proofs now.

We probably should do that, at least if the lemma rename is not too intrusive and it doesn't take too long. It's easiest to do when the cache is still hot, but priority would be the refinement rules.

The first one might not be worth it however, as it would require too many other changes to work.

Agreed.

@corlewis corlewis force-pushed the trace_more_rg branch 2 times, most recently from 6d32667 to ee3b75c Compare March 6, 2024 03:18
@corlewis corlewis force-pushed the trace_more_rg branch 2 times, most recently from 5e9fe9e to b459ad3 Compare March 19, 2024 21:55
@corlewis corlewis merged commit 8777671 into seL4:master Mar 26, 2024
13 checks passed
@corlewis corlewis deleted the trace_more_rg branch March 26, 2024 23:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lsf37 lsf37 lsf37 approved these changes

@Xaphiosis Xaphiosis Awaiting requested review from Xaphiosis

@michaelmcinerney michaelmcinerney Awaiting requested review from michaelmcinerney

Assignees

@corlewis corlewis

Labels
multicore anything related to multicore verification
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@corlewis @lsf37