Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify the IO behavior (a.k.a., basis PR) #248

Merged
merged 111 commits into from
Apr 12, 2024
Merged

Verify the IO behavior (a.k.a., basis PR) #248

Changes from 74 commits
Commits
Show all changes
111 commits
Select commit Hold shift + click to select a range
0aa5841
manually trigger workflow
mlimbeck Jun 20, 2023
8525b7c
manually trigger workflow
mlimbeck Jun 20, 2023
2eaf7a4
raw byte to spec for segments and hopfields
mlimbeck Jul 4, 2023
e9d31ae
bugfix
mlimbeck Jul 4, 2023
6b77cb6
import fix
mlimbeck Jul 4, 2023
e9631e0
bugfix after gobra update
mlimbeck Jul 10, 2023
bd062dc
spec to pkt (currSeg)
mlimbeck Jul 10, 2023
3246a2b
spec to pkt (left, mid, right)
mlimbeck Jul 11, 2023
35ff392
spec to pkt (termination)
mlimbeck Jul 11, 2023
f925f10
code clean up
mlimbeck Jul 17, 2023
6a19edf
Merge branch 'viperproject:master' into master
mlimbeck Jul 17, 2023
3d90011
clean up
mlimbeck Jul 17, 2023
6e8f884
improvements
mlimbeck Jul 18, 2023
afe9e52
instantiate abstract functions with bodies
mlimbeck Jul 19, 2023
de241b5
progress io spec
mlimbeck Jul 19, 2023
8a0452e
formatting
mlimbeck Jul 24, 2023
4540095
specification fixes
mlimbeck Jul 24, 2023
bf2c331
improve IO-spec
mlimbeck Jul 24, 2023
53cadc9
IO-spec to pkt rewritten
mlimbeck Jul 24, 2023
790e842
clean up
mlimbeck Jul 24, 2023
ca581db
improve readability
mlimbeck Jul 28, 2023
0d3cc57
Merge branch 'master' into master
jcp19 Sep 28, 2023
01eade7
Merge branch 'master' into master
jcp19 Oct 17, 2023
bfd6c2f
rename of function lengthOfCurrSeg
mlimbeck Nov 1, 2023
8c7b6c1
Merge remote-tracking branch 'remotescion/master'
mlimbeck Nov 14, 2023
89997c6
Merge remote-tracking branch 'remotescion/master'
mlimbeck Nov 15, 2023
f1cf0b1
extract asid-seqence from raw pkt
mlimbeck Nov 16, 2023
4343478
missing trigger
mlimbeck Nov 16, 2023
715fa51
quick fix
mlimbeck Nov 16, 2023
b051f09
Update router/dataplane_spec.gobra
mlimbeck Nov 17, 2023
7cbe9d6
Apply suggestions from code review
mlimbeck Nov 22, 2023
689e9da
readability improvements
mlimbeck Nov 22, 2023
24d19e1
further improvements
mlimbeck Nov 22, 2023
e923c40
replace 4 by its constant InfoLen
mlimbeck Nov 22, 2023
45b432e
readability improvement
mlimbeck Nov 22, 2023
8f15113
constant for metaLen in package path
mlimbeck Nov 22, 2023
503b0e0
Update router/io-spec.gobra
mlimbeck Nov 22, 2023
c292a84
minor improvements
mlimbeck Nov 22, 2023
a68a3e7
move validMetaLenInPath() to test file
mlimbeck Nov 22, 2023
ff00b89
Merge remote-tracking branch 'remotescion/master'
mlimbeck Dec 12, 2023
4e85c1f
io-spec in Run
mlimbeck Dec 12, 2023
cd887c9
Merge branch 'master' into io-spec-in-Run
jcp19 Dec 21, 2023
81b951a
Merge branch 'master' into io-spec-in-Run
jcp19 Jan 16, 2024
8d468b8
Merge remote-tracking branch 'remotescion/master' into io-spec-in-Run
mlimbeck Feb 7, 2024
b92ee32
add body to absIO_val
mlimbeck Feb 7, 2024
2f250fb
Merge branch 'io-spec-in-Run' of https://github.com/mlimbeck/Verified…
mlimbeck Feb 7, 2024
95af227
fix merge mistake
mlimbeck Feb 7, 2024
00d92c5
fix merge mistake
mlimbeck Feb 8, 2024
8c57264
fix typo
mlimbeck Feb 8, 2024
1c1850b
io-spec skeleton for processPkt and processSCION
mlimbeck Feb 8, 2024
4ccdab1
import fix
mlimbeck Feb 8, 2024
3161a68
Update router/io-spec.gobra
mlimbeck Feb 8, 2024
92b4a1a
Merge branch 'io-spec-in-Run' into unsupported
Dspil Feb 13, 2024
9680dd6
unit
Dspil Feb 15, 2024
50beee9
well formdness
Dspil Feb 15, 2024
8300ead
relate dataplane with dataplaneSpec
mlimbeck Feb 15, 2024
468fab7
Merge remote-tracking branch 'remotescion/master' into io-spec-in-Run
mlimbeck Feb 19, 2024
cdd2ce8
various fixes
mlimbeck Feb 19, 2024
7eca4dc
Update verification/io/values.gobra
jcp19 Feb 19, 2024
67a4d5d
permission fix for dpSpecWellConfigured
mlimbeck Feb 19, 2024
de48fa1
permission fix in rc
mlimbeck Feb 19, 2024
f892030
fix verification error
mlimbeck Feb 19, 2024
9258b54
Merge branch 'master' into io-spec-in-Run
jcp19 Feb 19, 2024
7df48b8
dp.Valid() as opaque
mlimbeck Feb 19, 2024
1560668
merge master
jcp19 Feb 20, 2024
1a9daf3
backup
jcp19 Feb 20, 2024
0160b2c
format spacing
jcp19 Feb 20, 2024
465553b
improve perf; drop assumption
jcp19 Feb 20, 2024
71866b2
fix formatting
jcp19 Feb 20, 2024
0a4c77d
Merge branch 'joao-continue-markus-pr-iospec' into io_spec_verification
Dspil Feb 20, 2024
ea7c499
merge master
jcp19 Feb 23, 2024
f07073e
Update router/dataplane.go
jcp19 Feb 23, 2024
d6b8d33
Merge branch 'master' into io_spec_verification
mlimbeck Feb 27, 2024
384661e
formatting postconditions of processPkt, processSCION
mlimbeck Feb 27, 2024
8514223
fix extra permission
Dspil Feb 27, 2024
c27a66a
typo
Dspil Feb 27, 2024
71aadfe
processSCION had the same issue
Dspil Feb 27, 2024
88db3fd
ingressID is preseved intead of sInit
Dspil Feb 27, 2024
8383408
Revert "ingressID is preseved intead of sInit"
Dspil Feb 27, 2024
ab5e91f
Revert "processSCION had the same issue"
Dspil Feb 27, 2024
2c08fb3
Updated IO-Spec-Function to Correlate Bytes with Terms (#262)
mlimbeck Feb 27, 2024
39330b5
made absIO_val opaque
Dspil Feb 28, 2024
99bd1e6
Merge branch 'master' into io_spec_verification
jcp19 Mar 14, 2024
7d13caf
Merge branch 'io_spec_verification' of github.com:viperproject/Verifi…
jcp19 Mar 14, 2024
e733dc8
Merge branch 'master' into io_spec_verification
jcp19 Mar 14, 2024
005fa2a
Merge branch 'master' into io_spec_verification
jcp19 Mar 17, 2024
98a867b
use artificial triggers for quantifiers inside IO resources (#280)
jcp19 Mar 18, 2024
ebf95fb
Merge branch 'master' into io_spec_verification
jcp19 Mar 18, 2024
baa1bb6
Merge branch 'master' into io_spec_verification
jcp19 Mar 18, 2024
72a5aec
AbsPkt improvements (#270)
mlimbeck Mar 18, 2024
c9c16c7
Merge branch 'master' into io_spec_verification
jcp19 Mar 18, 2024
e40741a
Merge branch 'master' into io_spec_verification
jcp19 Mar 25, 2024
2c509cc
Verify send guard in Run (#263)
mlimbeck Mar 25, 2024
bc7494b
Merge branch 'master' into io_spec_verification
jcp19 Mar 25, 2024
431a897
Merge branch 'master' into io_spec_verification
jcp19 Mar 28, 2024
045d57e
Merge branch 'master' into io_spec_verification
jcp19 Apr 2, 2024
e49b959
Merge branch 'master' into io_spec_verification
jcp19 Apr 2, 2024
60bbbf8
Merge branch 'master' into io_spec_verification
jcp19 Apr 3, 2024
1349d7a
IO specification skeleton in process (#284)
mlimbeck Apr 3, 2024
5ae6bfd
Add functional spec to `InfoField.SerializeTo` (#300)
jcp19 Apr 4, 2024
7ea708c
Missing Postcondition in Process (#301)
mlimbeck Apr 4, 2024
003bb51
Drop unnecessary function `hopFieldsNotConsDir` (#303)
Dspil Apr 5, 2024
d512053
Update IO-spec to drop the `xover_core` event (#302)
mlimbeck Apr 5, 2024
f3ff7a0
merge master
jcp19 Apr 5, 2024
5b658be
Fix precondition of `processSCION` (#307)
jcp19 Apr 6, 2024
97e4ac7
streamline msgterm assumptions (#308)
jcp19 Apr 9, 2024
f03cb47
merge with master
jcp19 Apr 10, 2024
24b0577
improve verification time of processPkt
jcp19 Apr 10, 2024
d8fb8f1
IO-spec update for link check logic (#310)
mlimbeck Apr 11, 2024
863bfa3
Pre/Post conditions of processPkt (#312)
mlimbeck Apr 11, 2024
a67c139
fmt
jcp19 Apr 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
98 changes: 61 additions & 37 deletions router/dataplane.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -965,7 +965,7 @@ func (d *DataPlane) Run(ctx context.Context /*@, ghost place io.Place, ghost sta
tmpBuf := p.Buffers[0][:p.N]
// @ assert sl.AbsSlice_Bytes(tmpBuf, 0, p.N)
// @ assert sl.AbsSlice_Bytes(tmpBuf, 0, len(tmpBuf))
result, err /*@ , addrAliasesPkt @*/ := processor.processPkt(tmpBuf, srcAddr)
result, err /*@ , addrAliasesPkt, newAbsPkt @*/ := processor.processPkt(tmpBuf, srcAddr /*@, ioLock, ioSharedArg, dp@*/)
// @ fold scmpErr.Mem()
switch {
case err == nil:
Expand Down Expand Up @@ -1387,12 +1387,25 @@ func (p *scionPacketProcessor) reset() (err error) {
// @ ensures respr.OutPkt !== rawPkt && respr.OutPkt != nil ==>
// @ sl.AbsSlice_Bytes(respr.OutPkt, 0, len(respr.OutPkt))
// @ ensures reserr != nil ==> reserr.ErrorMem()
// contracts for IO-spec
// @ requires dp.Valid()
// @ requires acc(ioLock.LockP(), _) && ioLock.LockInv() == SharedInv!< dp, ioSharedArg !>;
// @ requires acc(&p.ingressID)
// @ requires let absPkt := absIO_val(dp, rawPkt, p.ingressID) in
// @ absPkt.isIO_val_Pkt2 ==> ElemWitness(ioSharedArg.IBufY, ifsToIO_ifs(p.ingressID), absPkt.IO_val_Pkt2_2)
// @ ensures acc(&p.ingressID)
// @ ensures reserr == nil && newAbsPkt.isIO_val_Pkt2 ==>
// @ ElemWitness(ioSharedArg.OBufY, newAbsPkt.IO_val_Pkt2_1, newAbsPkt.IO_val_Pkt2_2)
// @ ensures reserr == nil && newAbsPkt.isIO_val_Pkt2 ==>
// @ newAbsPkt == absIO_val(dp, respr.OutPkt, respr.EgressID)
// TODO: On a first step, we will prove that whenever we have a valid scion packet in processSCION,
// the correct "next packet" is computed
func (p *scionPacketProcessor) processPkt(rawPkt []byte,
srcAddr *net.UDPAddr) (respr processResult, reserr error /*@ , addrAliasesPkt bool @*/) {
srcAddr *net.UDPAddr /*@, ghost ioLock *sync.Mutex, ghost ioSharedArg SharedArg, ghost dp io.DataPlaneSpec @*/) (respr processResult, reserr error /*@ , addrAliasesPkt bool, ghost newAbsPkt io.IO_val @*/) {

if err := p.reset(); err != nil {
// @ fold p.sInitD().validResult(processResult{}, false)
return processResult{}, err /*@, false @*/
return processResult{}, err /*@, false, io.IO_val_Unit{} @*/
}
// @ assert p.sInitD().getValForwardingMetrics() != nil
// @ unfold p.sInit()
Expand All @@ -1409,7 +1422,7 @@ func (p *scionPacketProcessor) processPkt(rawPkt []byte,
if err != nil {
// @ fold p.sInit()
// @ fold p.sInitD().validResult(processResult{}, false)
return processResult{}, err /*@, false @*/
return processResult{}, err /*@, false, io.IO_val_Unit{} @*/
}
/*@
ghost var ub []byte
Expand Down Expand Up @@ -1458,15 +1471,15 @@ func (p *scionPacketProcessor) processPkt(rawPkt []byte,
// @ defer fold p.sInit()
// @ defer fold p.d.validResult(processResult{}, false)
// @ ghost defer sl.CombineRange_Bytes(ub, start, end, writePerm)
return processResult{}, p.processIntraBFD(pld) /*@, false @*/
return processResult{}, p.processIntraBFD(pld) /*@, false, io.IO_val_Unit{} @*/
}
// @ establishMemUnsupportedPathTypeNextHeader()
// @ defer fold p.sInit()
// @ defer fold p.d.validResult(processResult{}, false)
// @ ghost defer ResetDecodingLayers(&p.scionLayer, &p.hbhLayer, &p.e2eLayer, ubScionLayer, ubHbhLayer, ubE2eLayer, true, hasHbhLayer, hasE2eLayer)
// @ ghost defer sl.CombineRange_Bytes(ub, start, end, writePerm)
return processResult{}, serrors.WithCtx(unsupportedPathTypeNextHeader,
"type", pathType, "header", nextHdr(p.lastLayer /*@, ub @*/)) /*@, false @*/
"type", pathType, "header", nextHdr(p.lastLayer /*@, ub @*/)) /*@, false, io.IO_val_Unit{} @*/
case onehop.PathType:
if p.lastLayer.NextLayerType( /*@ ub @*/ ) == layers.LayerTypeBFD {
// @ ghost if mustCombineRanges { ghost defer sl.CombineRange_Bytes(p.rawPkt, o.start, o.end, writePerm) }
Expand All @@ -1479,12 +1492,12 @@ func (p *scionPacketProcessor) processPkt(rawPkt []byte,
// @ defer fold p.sInit()
// @ defer fold p.d.validResult(processResult{}, false)
// @ ghost defer ResetDecodingLayers(&p.scionLayer, &p.hbhLayer, &p.e2eLayer, ubScionLayer, ubHbhLayer, ubE2eLayer, true, hasHbhLayer, hasE2eLayer)
return processResult{}, malformedPath /*@, false @*/
return processResult{}, malformedPath /*@, false, io.IO_val_Unit{} @*/
}
// @ defer fold p.sInit()
// @ defer fold p.d.validResult(processResult{}, false)
// @ ghost defer ResetDecodingLayers(&p.scionLayer, &p.hbhLayer, &p.e2eLayer, ubScionLayer, ubHbhLayer, ubE2eLayer, true, hasHbhLayer, hasE2eLayer)
return processResult{}, p.processInterBFD(ohp, pld) /*@, false @*/
return processResult{}, p.processInterBFD(ohp, pld) /*@, false, io.IO_val_Unit{} @*/
}
// @ sl.CombineRange_Bytes(ub, start, end, writePerm)
// (VerifiedSCION) Nested if because short-circuiting && is not working
Expand All @@ -1499,7 +1512,7 @@ func (p *scionPacketProcessor) processPkt(rawPkt []byte,
v1, v2 /*@, aliasesPkt @*/ := p.processOHP()
// @ ResetDecodingLayers(&p.scionLayer, &p.hbhLayer, &p.e2eLayer, ubScionLayer, ubHbhLayer, ubE2eLayer, true, hasHbhLayer, hasE2eLayer)
// @ fold p.sInit()
return v1, v2 /*@, aliasesPkt @*/
return v1, v2 /*@, aliasesPkt, io.IO_val_Unit{} @*/
case scion.PathType:
// @ sl.CombineRange_Bytes(ub, start, end, writePerm)
// (VerifiedSCION) Nested if because short-circuiting && is not working
Expand All @@ -1510,23 +1523,23 @@ func (p *scionPacketProcessor) processPkt(rawPkt []byte,
// @ }
// @ }
// @ assert sl.AbsSlice_Bytes(p.rawPkt, 0, len(p.rawPkt))
v1, v2 /*@ , addrAliasesPkt @*/ := p.processSCION( /*@ p.rawPkt, ub == nil, llStart, llEnd @*/ )
v1, v2 /*@ , addrAliasesPkt, newAbsPkt @*/ := p.processSCION( /*@ p.rawPkt, ub == nil, llStart, llEnd, ioLock, ioSharedArg, dp @*/ )
// @ ResetDecodingLayers(&p.scionLayer, &p.hbhLayer, &p.e2eLayer, ubScionLayer, ubHbhLayer, ubE2eLayer, v2 == nil, hasHbhLayer, hasE2eLayer)
// @ fold p.sInit()
return v1, v2 /*@, addrAliasesPkt @*/
return v1, v2 /*@, addrAliasesPkt, io.IO_val_Unit{} @*/
case epic.PathType:
// @ TODO()
v1, v2 := p.processEPIC()
// @ fold p.sInit()
return v1, v2 /*@, false @*/
return v1, v2 /*@, false, io.IO_val_Unit{} @*/
default:
// @ ghost if mustCombineRanges { ghost defer sl.CombineRange_Bytes(p.rawPkt, o.start, o.end, writePerm) }
// @ ResetDecodingLayers(&p.scionLayer, &p.hbhLayer, &p.e2eLayer, ubScionLayer, ubHbhLayer, ubE2eLayer, true, hasHbhLayer, hasE2eLayer)
// @ sl.CombineRange_Bytes(ub, start, end, writePerm)
// @ fold p.d.validResult(processResult{}, false)
// @ fold p.sInit()
// @ establishMemUnsupportedPathType()
return processResult{}, serrors.WithCtx(unsupportedPathType, "type", pathType) /*@, false @*/
return processResult{}, serrors.WithCtx(unsupportedPathType, "type", pathType) /*@, false, io.IO_val_Unit{} @*/
}
}

Expand Down Expand Up @@ -1669,7 +1682,18 @@ func (p *scionPacketProcessor) processIntraBFD(data []byte) (res error) {
// @ ensures respr.OutPkt !== ub && respr.OutPkt != nil ==>
// @ sl.AbsSlice_Bytes(respr.OutPkt, 0, len(respr.OutPkt))
// @ ensures reserr != nil ==> reserr.ErrorMem()
func (p *scionPacketProcessor) processSCION( /*@ ghost ub []byte, ghost llIsNil bool, ghost startLL int, ghost endLL int @*/ ) (respr processResult, reserr error /*@ , addrAliasesPkt bool @*/) {
// contracts for IO-spec
// @ requires dp.Valid()
// @ requires acc(ioLock.LockP(), _) && ioLock.LockInv() == SharedInv!< dp, ioSharedArg !>;
// @ requires acc(&p.ingressID)
// @ requires let absPkt := absIO_val(dp, p.rawPkt, p.ingressID) in
// @ absPkt.isIO_val_Pkt2 ==> ElemWitness(ioSharedArg.IBufY, ifsToIO_ifs(p.ingressID), absPkt.IO_val_Pkt2_2)
// @ ensures acc(&p.ingressID)
// @ ensures reserr == nil ==> newAbsPkt.isIO_val_Pkt2 &&
// @ ElemWitness(ioSharedArg.OBufY, newAbsPkt.IO_val_Pkt2_1, newAbsPkt.IO_val_Pkt2_2)
// @ ensures reserr == nil ==> newAbsPkt.isIO_val_Pkt2 &&
// @ newAbsPkt == absIO_val(dp, respr.OutPkt, respr.EgressID)
func (p *scionPacketProcessor) processSCION( /*@ ghost ub []byte, ghost llIsNil bool, ghost startLL int, ghost endLL int, ghost ioLock *sync.Mutex, ghost ioSharedArg SharedArg, ghost dp io.DataPlaneSpec @*/ ) (respr processResult, reserr error /*@ , addrAliasesPkt bool, ghost newAbsPkt io.IO_val @*/) {

var ok bool
// @ unfold acc(p.scionLayer.Mem(ub), R20)
Expand All @@ -1680,7 +1704,7 @@ func (p *scionPacketProcessor) processSCION( /*@ ghost ub []byte, ghost llIsNil
// @ p.scionLayer.DowngradePerm(ub)
// @ establishMemMalformedPath()
// @ fold p.d.validResult(processResult{}, false)
return processResult{}, malformedPath /*@ , false @*/
return processResult{}, malformedPath /*@ , false, io.IO_val_Unit{} @*/
}
return p.process( /*@ ub, llIsNil, startLL, endLL @*/ )
}
Expand Down Expand Up @@ -2755,42 +2779,42 @@ func (p *scionPacketProcessor) validatePktLen( /*@ ghost ubScionL []byte @*/ ) (
// @ ensures reserr == nil ==> p.scionLayer.Mem(ub)
// @ ensures reserr != nil ==> p.scionLayer.NonInitMem()
// @ ensures reserr != nil ==> reserr.ErrorMem()
func (p *scionPacketProcessor) process( /*@ ghost ub []byte, ghost llIsNil bool, ghost startLL int, ghost endLL int @*/ ) (respr processResult, reserr error /*@, addrAliasesPkt bool @*/) {
func (p *scionPacketProcessor) process( /*@ ghost ub []byte, ghost llIsNil bool, ghost startLL int, ghost endLL int @*/ ) (respr processResult, reserr error /*@, addrAliasesPkt bool, ghost newAbsPkt io.IO_val @*/) {
if r, err := p.parsePath( /*@ ub @*/ ); err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return r, err /*@, false @*/
return r, err /*@, false, io.IO_val_Unit{} @*/
}
if r, err := p.validateHopExpiry(); err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return r, err /*@, false @*/
return r, err /*@, false, io.IO_val_Unit{} @*/
}
if r, err := p.validateIngressID(); err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return r, err /*@, false @*/
return r, err /*@, false, io.IO_val_Unit{} @*/
}
if r, err := p.validatePktLen( /*@ ub @*/ ); err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return r, err /*@, false @*/
return r, err /*@, false, io.IO_val_Unit{} @*/
}
if r, err := p.validateTransitUnderlaySrc( /*@ ub @*/ ); err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return r, err /*@, false @*/
return r, err /*@, false, io.IO_val_Unit{} @*/
}
if r, err := p.validateSrcDstIA( /*@ ub @*/ ); err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return r, err /*@, false @*/
return r, err /*@, false, io.IO_val_Unit{} @*/
}
if err := p.updateNonConsDirIngressSegID( /*@ ub @*/ ); err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return processResult{}, err /*@, false @*/
return processResult{}, err /*@, false, io.IO_val_Unit{} @*/
}
if r, err := p.verifyCurrentMAC(); err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return r, err /*@, false @*/
return r, err /*@, false, io.IO_val_Unit{} @*/
}
if r, err := p.handleIngressRouterAlert( /*@ ub, llIsNil, startLL, endLL @*/ ); err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return r, err /*@, false @*/
return r, err /*@, false, io.IO_val_Unit{} @*/
}

// Inbound: pkts destined to the local IA.
Expand All @@ -2799,13 +2823,13 @@ func (p *scionPacketProcessor) process( /*@ ghost ub []byte, ghost llIsNil bool,
a, r, err /*@, aliasesUb @*/ := p.resolveInbound( /*@ ub @*/ )
if err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return r, err /*@, aliasesUb @*/
return r, err /*@, aliasesUb, io.IO_val_Unit{} @*/
}
// @ p.d.getInternal()
// @ unfold p.d.validResult(r, aliasesUb)
// @ fold p.d.validResult(processResult{OutConn: p.d.internal, OutAddr: a, OutPkt: p.rawPkt}, aliasesUb)
// @ assert ub === p.rawPkt
return processResult{OutConn: p.d.internal, OutAddr: a, OutPkt: p.rawPkt}, nil /*@, aliasesUb @*/
return processResult{OutConn: p.d.internal, OutAddr: a, OutPkt: p.rawPkt}, nil /*@, aliasesUb, io.IO_val_Unit{} @*/
}

// Outbound: pkts leaving the local IA.
Expand All @@ -2817,46 +2841,46 @@ func (p *scionPacketProcessor) process( /*@ ghost ub []byte, ghost llIsNil bool,
// @ fold acc(p.scionLayer.Mem(ub), R3)
if r, err := p.doXover( /*@ ub @*/ ); err != nil {
// @ fold p.d.validResult(r, false)
return r, err /*@, false @*/
return r, err /*@, false, io.IO_val_Unit{} @*/
}
if r, err := p.validateHopExpiry(); err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return r, serrors.WithCtx(err, "info", "after xover") /*@, false @*/
return r, serrors.WithCtx(err, "info", "after xover") /*@, false, io.IO_val_Unit{} @*/
}
// verify the new block
if r, err := p.verifyCurrentMAC(); err != nil {
// fold acc(p.scionLayer.Mem(ub), R3)
// @ p.scionLayer.DowngradePerm(ub)
return r, serrors.WithCtx(err, "info", "after xover") /*@, false @*/
return r, serrors.WithCtx(err, "info", "after xover") /*@, false, io.IO_val_Unit{} @*/
}
}
// @ fold acc(p.scionLayer.Mem(ub), R3)
if r, err := p.validateEgressID(); err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return r, err /*@, false @*/
return r, err /*@, false, io.IO_val_Unit{} @*/
}
// handle egress router alert before we check if it's up because we want to
// send the reply anyway, so that trace route can pinpoint the exact link
// that failed.
if r, err := p.handleEgressRouterAlert( /*@ ub, llIsNil, startLL, endLL @*/ ); err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return r, err /*@, false @*/
return r, err /*@, false, io.IO_val_Unit{} @*/
}
if r, err := p.validateEgressUp(); err != nil {
// @ p.scionLayer.DowngradePerm(ub)
return r, err /*@, false @*/
return r, err /*@, false, io.IO_val_Unit{} @*/
}
egressID := p.egressInterface()
// @ p.d.getExternalMem()
// @ if p.d.external != nil { unfold acc(accBatchConn(p.d.external), _) }
if c, ok := p.d.external[egressID]; ok {
if err := p.processEgress( /*@ ub @*/ ); err != nil {
// @ fold p.d.validResult(processResult{}, false)
return processResult{}, err /*@, false @*/
return processResult{}, err /*@, false, io.IO_val_Unit{} @*/
}
// @ p.d.InDomainExternalInForwardingMetrics2(egressID)
// @ fold p.d.validResult(processResult{EgressID: egressID, OutConn: c, OutPkt: p.rawPkt}, false)
return processResult{EgressID: egressID, OutConn: c, OutPkt: p.rawPkt}, nil /*@, false @*/
return processResult{EgressID: egressID, OutConn: c, OutPkt: p.rawPkt}, nil /*@, false, io.IO_val_Unit{} @*/
}

// ASTransit: pkts leaving from another AS BR.
Expand All @@ -2865,7 +2889,7 @@ func (p *scionPacketProcessor) process( /*@ ghost ub []byte, ghost llIsNil bool,
if a, ok := p.d.internalNextHops[egressID]; ok {
// @ p.d.getInternal()
// @ fold p.d.validResult(processResult{OutConn: p.d.internal, OutAddr: a, OutPkt: p.rawPkt}, false)
return processResult{OutConn: p.d.internal, OutAddr: a, OutPkt: p.rawPkt}, nil /*@, false @*/
return processResult{OutConn: p.d.internal, OutAddr: a, OutPkt: p.rawPkt}, nil /*@, false, io.IO_val_Unit{} @*/
}
errCode := slayers.SCMPCodeUnknownHopFieldEgress
if !p.infoField.ConsDir {
Expand All @@ -2879,7 +2903,7 @@ func (p *scionPacketProcessor) process( /*@ ghost ub []byte, ghost llIsNil bool,
&slayers.SCMPParameterProblem{Pointer: p.currentHopPointer( /*@ nil @*/ )},
cannotRoute,
)
return tmp, err /*@, false @*/
return tmp, err /*@, false, io.IO_val_Unit{} @*/
}

// @ requires acc(&p.rawPkt, R15)
Expand Down
Loading