Library mcertikos.ipc.IPCGen
Require Import Coqlib.
Require Import Errors.
Require Import AST.
Require Import Integers.
Require Import Floats.
Require Import Op.
Require Import Asm.
Require Import Events.
Require Import Globalenvs.
Require Import Smallstep.
Require Import Values.
Require Import Memory.
Require Import Maps.
Require Import CommonTactic.
Require Import AuxLemma.
Require Import FlatMemory.
Require Import AuxStateDataType.
Require Import Constant.
Require Import GlobIdent.
Require Import RealParams.
Require Import LoadStoreSem3high.
Require Import AsmImplLemma.
Require Import GenSem.
Require Import RefinementTactic.
Require Import PrimSemantics.
Require Import XOmega.
Require Import liblayers.logic.PTreeModules.
Require Import liblayers.logic.LayerLogicImpl.
Require Import liblayers.compcertx.Stencil.
Require Import liblayers.compcertx.MakeProgram.
Require Import liblayers.compat.CompatLayers.
Require Import liblayers.compat.CompatGenSem.
Require Import compcert.cfrontend.Ctypes.
Require Import LayerCalculusLemma.
Require Import AbstractDataType.
Require Import PIPCIntro.
Require Import PIPC.
Require Import IPCGenSpec.
Require Import ObjTMSCHED.
Require Import ObjTMINTELVIRT.
Require Import ObjTMVMM.
Require Import ObjTMIPCDEVPRIM.
Require Import ObjTMVMXINIT.
Require Import GlobalOracleProp.
Require Import SingleOracle.
Require Import Errors.
Require Import AST.
Require Import Integers.
Require Import Floats.
Require Import Op.
Require Import Asm.
Require Import Events.
Require Import Globalenvs.
Require Import Smallstep.
Require Import Values.
Require Import Memory.
Require Import Maps.
Require Import CommonTactic.
Require Import AuxLemma.
Require Import FlatMemory.
Require Import AuxStateDataType.
Require Import Constant.
Require Import GlobIdent.
Require Import RealParams.
Require Import LoadStoreSem3high.
Require Import AsmImplLemma.
Require Import GenSem.
Require Import RefinementTactic.
Require Import PrimSemantics.
Require Import XOmega.
Require Import liblayers.logic.PTreeModules.
Require Import liblayers.logic.LayerLogicImpl.
Require Import liblayers.compcertx.Stencil.
Require Import liblayers.compcertx.MakeProgram.
Require Import liblayers.compat.CompatLayers.
Require Import liblayers.compat.CompatGenSem.
Require Import compcert.cfrontend.Ctypes.
Require Import LayerCalculusLemma.
Require Import AbstractDataType.
Require Import PIPCIntro.
Require Import PIPC.
Require Import IPCGenSpec.
Require Import ObjTMSCHED.
Require Import ObjTMINTELVIRT.
Require Import ObjTMVMM.
Require Import ObjTMIPCDEVPRIM.
Require Import ObjTMVMXINIT.
Require Import GlobalOracleProp.
Require Import SingleOracle.
Section Refinement.
Local Open Scope string_scope.
Local Open Scope error_monad_scope.
Local Open Scope Z_scope.
Context `{single_oracle_prop: SingleOracleProp}.
Context `{real_params : RealParams}.
Context `{multi_oracle_prop: MultiOracleProp}.
Notation HDATA := RData.
Notation LDATA := RData.
Notation HDATAOps := (cdata (cdata_ops := pipcintro_data_ops) HDATA).
Notation LDATAOps := (cdata (cdata_ops := pipcintro_data_ops) LDATA).
Section WITHMEM.
Context `{Hstencil: Stencil}.
Context `{Hmem: Mem.MemoryModelX}.
Context `{Hmwd: UseMemWithData mem}.
Local Open Scope string_scope.
Local Open Scope error_monad_scope.
Local Open Scope Z_scope.
Context `{single_oracle_prop: SingleOracleProp}.
Context `{real_params : RealParams}.
Context `{multi_oracle_prop: MultiOracleProp}.
Notation HDATA := RData.
Notation LDATA := RData.
Notation HDATAOps := (cdata (cdata_ops := pipcintro_data_ops) HDATA).
Notation LDATAOps := (cdata (cdata_ops := pipcintro_data_ops) LDATA).
Section WITHMEM.
Context `{Hstencil: Stencil}.
Context `{Hmem: Mem.MemoryModelX}.
Context `{Hmwd: UseMemWithData mem}.
Relation between raw data at two layers
Record relate_RData (f: meminj) (hadt: HDATA) (ladt: LDATA) :=
mkrelate_RData {
flatmem_re: FlatMem.flatmem_inj (HP hadt) (HP ladt);
vmxinfo_re: vmxinfo hadt = vmxinfo ladt;
CR3_re: CR3 hadt = CR3 ladt;
ikern_re: ikern hadt = ikern ladt;
pg_re: pg hadt = pg ladt;
ihost_re: ihost hadt = ihost ladt;
AC_re: AC hadt = AC ladt;
ti_fst_re: (fst (ti hadt)) = (fst (ti ladt));
ti_snd_re: val_inject f (snd (ti hadt)) (snd (ti ladt));
nps_re: nps hadt = nps ladt;
init_re: init hadt = init ladt;
pperm_re: pperm hadt = pperm ladt;
PT_re: PT hadt = PT ladt;
ptp_re: ptpool hadt = ptpool ladt;
idpde_re: idpde hadt = idpde ladt;
ipt_re: ipt hadt = ipt ladt;
CPU_ID_re: CPU_ID hadt = CPU_ID ladt;
cid_re: cid hadt = cid ladt;
big_log_re: big_log hadt = big_log ladt;
big_oracle_re: big_oracle hadt = big_oracle ladt;
lock_re: lock hadt = lock ladt;
com1_re: com1 hadt = com1 ladt;
console_re: console hadt = console ladt;
console_concrete_re: console_concrete hadt = console_concrete ladt;
ioapic_re: ioapic ladt = ioapic hadt;
lapic_re: lapic ladt = lapic hadt;
intr_flag_re: intr_flag ladt = intr_flag hadt;
curr_intr_num_re: curr_intr_num ladt = curr_intr_num hadt;
in_intr_re: in_intr ladt = in_intr hadt;
drv_serial_re: drv_serial hadt = drv_serial ladt;
kctxt_re: kctxt_inj f num_proc (kctxt hadt) (kctxt ladt);
uctxt_re: uctxt_inj f (uctxt hadt) (uctxt ladt);
syncchpool_re: syncchpool hadt = syncchpool ladt;
ept_re: ept hadt = ept ladt;
vmcs_re: VMCSPool_inj f (vmcs hadt) (vmcs ladt);
vmx_re: VMXPool_inj f (vmx hadt) (vmx ladt)
}.
Inductive match_RData: stencil → HDATA → mem → meminj → Prop :=
| MATCH_RDATA: ∀ habd m f s, match_RData s habd m f.
Local Hint Resolve MATCH_RDATA.
Global Instance rel_ops: CompatRelOps HDATAOps LDATAOps :=
{
relate_AbData s f d1 d2 := relate_RData f d1 d2;
match_AbData s d1 m f := match_RData s d1 m f;
new_glbl := nil
}.
mkrelate_RData {
flatmem_re: FlatMem.flatmem_inj (HP hadt) (HP ladt);
vmxinfo_re: vmxinfo hadt = vmxinfo ladt;
CR3_re: CR3 hadt = CR3 ladt;
ikern_re: ikern hadt = ikern ladt;
pg_re: pg hadt = pg ladt;
ihost_re: ihost hadt = ihost ladt;
AC_re: AC hadt = AC ladt;
ti_fst_re: (fst (ti hadt)) = (fst (ti ladt));
ti_snd_re: val_inject f (snd (ti hadt)) (snd (ti ladt));
nps_re: nps hadt = nps ladt;
init_re: init hadt = init ladt;
pperm_re: pperm hadt = pperm ladt;
PT_re: PT hadt = PT ladt;
ptp_re: ptpool hadt = ptpool ladt;
idpde_re: idpde hadt = idpde ladt;
ipt_re: ipt hadt = ipt ladt;
CPU_ID_re: CPU_ID hadt = CPU_ID ladt;
cid_re: cid hadt = cid ladt;
big_log_re: big_log hadt = big_log ladt;
big_oracle_re: big_oracle hadt = big_oracle ladt;
lock_re: lock hadt = lock ladt;
com1_re: com1 hadt = com1 ladt;
console_re: console hadt = console ladt;
console_concrete_re: console_concrete hadt = console_concrete ladt;
ioapic_re: ioapic ladt = ioapic hadt;
lapic_re: lapic ladt = lapic hadt;
intr_flag_re: intr_flag ladt = intr_flag hadt;
curr_intr_num_re: curr_intr_num ladt = curr_intr_num hadt;
in_intr_re: in_intr ladt = in_intr hadt;
drv_serial_re: drv_serial hadt = drv_serial ladt;
kctxt_re: kctxt_inj f num_proc (kctxt hadt) (kctxt ladt);
uctxt_re: uctxt_inj f (uctxt hadt) (uctxt ladt);
syncchpool_re: syncchpool hadt = syncchpool ladt;
ept_re: ept hadt = ept ladt;
vmcs_re: VMCSPool_inj f (vmcs hadt) (vmcs ladt);
vmx_re: VMXPool_inj f (vmx hadt) (vmx ladt)
}.
Inductive match_RData: stencil → HDATA → mem → meminj → Prop :=
| MATCH_RDATA: ∀ habd m f s, match_RData s habd m f.
Local Hint Resolve MATCH_RDATA.
Global Instance rel_ops: CompatRelOps HDATAOps LDATAOps :=
{
relate_AbData s f d1 d2 := relate_RData f d1 d2;
match_AbData s d1 m f := match_RData s d1 m f;
new_glbl := nil
}.
Prove that after taking one step, the refinement relation still holds
Lemma relate_incr:
∀ abd abd´ f f´,
relate_RData f abd abd´
→ inject_incr f f´
→ relate_RData f´ abd abd´.
Proof.
inversion 1; subst; intros; inv H; constructor; eauto.
- eapply kctxt_inj_incr; eauto.
- eapply uctxt_inj_incr; eauto.
- unfold VMCSPool_inj.
intros.
eapply VMCS_inj_incr; eauto.
- unfold VMXPool_inj.
intros.
eapply VMX_inj_incr; eauto.
Qed.
End Rel_Property.
Global Instance rel_prf: CompatRel HDATAOps LDATAOps.
Proof.
constructor; intros; simpl; trivial.
eapply relate_incr; eauto.
Qed.
∀ abd abd´ f f´,
relate_RData f abd abd´
→ inject_incr f f´
→ relate_RData f´ abd abd´.
Proof.
inversion 1; subst; intros; inv H; constructor; eauto.
- eapply kctxt_inj_incr; eauto.
- eapply uctxt_inj_incr; eauto.
- unfold VMCSPool_inj.
intros.
eapply VMCS_inj_incr; eauto.
- unfold VMXPool_inj.
intros.
eapply VMX_inj_incr; eauto.
Qed.
End Rel_Property.
Global Instance rel_prf: CompatRel HDATAOps LDATAOps.
Proof.
constructor; intros; simpl; trivial.
eapply relate_incr; eauto.
Qed.
Section OneStep_Forward_Relation.
Section FRESH_PRIM.
Require Import CommonTactic.
Lemma syncreceive_chan_kern_mode:
∀ v d d´ i0 i1 i2,
thread_syncreceive_chan_spec i0 i1 i2 d = Some (d´, v)
→ kernel_mode d.
Proof.
unfold thread_syncreceive_chan_spec. simpl; intros.
subdestruct; auto.
Qed.
Lemma syncreceive_chan_spec_ref:
compatsim (crel HDATA LDATA) (gensem thread_syncreceive_chan_spec)
thread_syncreceive_chan_spec_low.
Proof.
compatsim_simpl (@match_AbData).
exploit thread_syncreceive_chan_exist; eauto 1. intros (labd´ & HP & HM).
exploit syncreceive_chan_kern_mode; eauto. intros (Hkern & Hrange).
refine_split; eauto.
- econstructor; eauto. now constructor.
- econstructor; eauto. eapply thread_syncreceive_chan_match; eauto.
Qed.
Lemma syncsendto_chan_kern_mode:
∀ v d d´ i1 i2 i3,
thread_syncsendto_chan_spec i1 i2 i3 d = Some (d´, v)
→ kernel_mode d.
Proof.
unfold thread_syncsendto_chan_spec, thread_syncsendto_chan_pre_spec. simpl; intros.
subdestruct; auto.
Qed.
Lemma syncsendto_chan_spec_ref:
compatsim (crel HDATA LDATA) (gensem thread_syncsendto_chan_spec)
thread_syncsendto_chan_spec_low.
Proof.
compatsim_simpl (@match_AbData).
exploit thread_syncsendto_chan_exist; eauto 1. intros (labd´ & HP & HM).
exploit syncsendto_chan_kern_mode; eauto. intros (Hkern & Hrange).
refine_split; eauto.
- econstructor; eauto. now constructor.
- econstructor; eauto. eapply thread_syncsendto_chan_match; eauto.
Qed.
End FRESH_PRIM.
Section PASSTHROUGH_PRIM.
Global Instance: (LoadStoreProp (hflatmem_store:= flatmem_store) (lflatmem_store:= flatmem_store)).
Proof.
accessor_prop_tac.
- eapply flatmem_store_exists; eauto.
Qed.
Lemma passthrough_correct:
sim (crel HDATA LDATA) pipc_passthrough pipcintro.
Proof.
sim_oplus.
- apply thread_vmxinfo_get_sim.
- apply big2_palloc_sim.
- apply thread_setPT_sim.
- apply thread_ptRead_sim.
- apply big2_ptResv_sim.
- apply big2_thread_yield_sim.
- apply big2_sched_init_sim.
- apply thread_uctx_get_sim.
- apply thread_uctx_set_sim.
- apply big2_proc_create_sim.
- apply thread_container_get_nchildren_sim.
- apply thread_container_get_quota_sim.
- apply thread_container_get_usage_sim.
- apply thread_container_can_consume_sim.
- apply thread_get_CPU_ID_sim.
- apply thread_get_curid_sim.
- apply thread_rdmsr_sim.
- apply thread_wrmsr_sim.
- apply thread_vmx_set_intercept_intwin_sim.
- apply thread_vmx_set_desc1_sim.
- apply thread_vmx_set_desc2_sim.
- apply thread_vmx_inject_event_sim.
- apply thread_vmx_set_tsc_offset_sim.
- apply thread_vmx_get_tsc_offset_sim.
- apply thread_vmx_get_exit_reason_sim.
- apply thread_vmx_get_exit_fault_addr_sim.
- apply thread_vmx_get_exit_qualification_sim.
- apply thread_vmx_check_pending_event_sim.
- apply thread_vmx_check_int_shadow_sim.
- apply thread_vmx_get_reg_sim.
- apply thread_vmx_set_reg_sim.
- apply thread_vmx_get_next_eip_sim.
- apply thread_vmx_get_io_width_sim.
- apply thread_vmx_get_io_write_sim.
- apply thread_vmx_get_exit_io_rep_sim.
- apply thread_vmx_get_exit_io_str_sim.
- apply thread_vmx_get_exit_io_port_sim.
- apply thread_vmx_set_mmap_sim.
- apply thread_vm_run_sim, VMX_INJECT.
- apply thread_vmx_return_from_guest_sim.
- apply thread_vmx_init_sim.
- apply thread_cli_sim.
- apply thread_sti_sim.
- apply thread_serial_intr_disable_sim.
- apply thread_serial_intr_enable_sim.
- apply thread_serial_putc_sim.
- apply thread_cons_buf_read_sim.
- apply thread_hostin_sim.
- apply thread_hostout_sim.
- apply thread_proc_create_postinit_sim.
- apply thread_trap_info_get_sim.
- apply thread_trap_info_ret_sim.
- apply thread_proc_start_user_sim.
intros; inv H; auto.
- apply thread_proc_exit_user_sim.
- apply thread_proc_start_user_sim2.
intros; inv H; auto.
- apply thread_proc_exit_user_sim2.
- layer_sim_simpl.
+ eapply load_correct3high.
+ eapply store_correct3high.
Qed.
End PASSTHROUGH_PRIM.
End OneStep_Forward_Relation.
End WITHMEM.
End Refinement.
Section FRESH_PRIM.
Require Import CommonTactic.
Lemma syncreceive_chan_kern_mode:
∀ v d d´ i0 i1 i2,
thread_syncreceive_chan_spec i0 i1 i2 d = Some (d´, v)
→ kernel_mode d.
Proof.
unfold thread_syncreceive_chan_spec. simpl; intros.
subdestruct; auto.
Qed.
Lemma syncreceive_chan_spec_ref:
compatsim (crel HDATA LDATA) (gensem thread_syncreceive_chan_spec)
thread_syncreceive_chan_spec_low.
Proof.
compatsim_simpl (@match_AbData).
exploit thread_syncreceive_chan_exist; eauto 1. intros (labd´ & HP & HM).
exploit syncreceive_chan_kern_mode; eauto. intros (Hkern & Hrange).
refine_split; eauto.
- econstructor; eauto. now constructor.
- econstructor; eauto. eapply thread_syncreceive_chan_match; eauto.
Qed.
Lemma syncsendto_chan_kern_mode:
∀ v d d´ i1 i2 i3,
thread_syncsendto_chan_spec i1 i2 i3 d = Some (d´, v)
→ kernel_mode d.
Proof.
unfold thread_syncsendto_chan_spec, thread_syncsendto_chan_pre_spec. simpl; intros.
subdestruct; auto.
Qed.
Lemma syncsendto_chan_spec_ref:
compatsim (crel HDATA LDATA) (gensem thread_syncsendto_chan_spec)
thread_syncsendto_chan_spec_low.
Proof.
compatsim_simpl (@match_AbData).
exploit thread_syncsendto_chan_exist; eauto 1. intros (labd´ & HP & HM).
exploit syncsendto_chan_kern_mode; eauto. intros (Hkern & Hrange).
refine_split; eauto.
- econstructor; eauto. now constructor.
- econstructor; eauto. eapply thread_syncsendto_chan_match; eauto.
Qed.
End FRESH_PRIM.
Section PASSTHROUGH_PRIM.
Global Instance: (LoadStoreProp (hflatmem_store:= flatmem_store) (lflatmem_store:= flatmem_store)).
Proof.
accessor_prop_tac.
- eapply flatmem_store_exists; eauto.
Qed.
Lemma passthrough_correct:
sim (crel HDATA LDATA) pipc_passthrough pipcintro.
Proof.
sim_oplus.
- apply thread_vmxinfo_get_sim.
- apply big2_palloc_sim.
- apply thread_setPT_sim.
- apply thread_ptRead_sim.
- apply big2_ptResv_sim.
- apply big2_thread_yield_sim.
- apply big2_sched_init_sim.
- apply thread_uctx_get_sim.
- apply thread_uctx_set_sim.
- apply big2_proc_create_sim.
- apply thread_container_get_nchildren_sim.
- apply thread_container_get_quota_sim.
- apply thread_container_get_usage_sim.
- apply thread_container_can_consume_sim.
- apply thread_get_CPU_ID_sim.
- apply thread_get_curid_sim.
- apply thread_rdmsr_sim.
- apply thread_wrmsr_sim.
- apply thread_vmx_set_intercept_intwin_sim.
- apply thread_vmx_set_desc1_sim.
- apply thread_vmx_set_desc2_sim.
- apply thread_vmx_inject_event_sim.
- apply thread_vmx_set_tsc_offset_sim.
- apply thread_vmx_get_tsc_offset_sim.
- apply thread_vmx_get_exit_reason_sim.
- apply thread_vmx_get_exit_fault_addr_sim.
- apply thread_vmx_get_exit_qualification_sim.
- apply thread_vmx_check_pending_event_sim.
- apply thread_vmx_check_int_shadow_sim.
- apply thread_vmx_get_reg_sim.
- apply thread_vmx_set_reg_sim.
- apply thread_vmx_get_next_eip_sim.
- apply thread_vmx_get_io_width_sim.
- apply thread_vmx_get_io_write_sim.
- apply thread_vmx_get_exit_io_rep_sim.
- apply thread_vmx_get_exit_io_str_sim.
- apply thread_vmx_get_exit_io_port_sim.
- apply thread_vmx_set_mmap_sim.
- apply thread_vm_run_sim, VMX_INJECT.
- apply thread_vmx_return_from_guest_sim.
- apply thread_vmx_init_sim.
- apply thread_cli_sim.
- apply thread_sti_sim.
- apply thread_serial_intr_disable_sim.
- apply thread_serial_intr_enable_sim.
- apply thread_serial_putc_sim.
- apply thread_cons_buf_read_sim.
- apply thread_hostin_sim.
- apply thread_hostout_sim.
- apply thread_proc_create_postinit_sim.
- apply thread_trap_info_get_sim.
- apply thread_trap_info_ret_sim.
- apply thread_proc_start_user_sim.
intros; inv H; auto.
- apply thread_proc_exit_user_sim.
- apply thread_proc_start_user_sim2.
intros; inv H; auto.
- apply thread_proc_exit_user_sim2.
- layer_sim_simpl.
+ eapply load_correct3high.
+ eapply store_correct3high.
Qed.
End PASSTHROUGH_PRIM.
End OneStep_Forward_Relation.
End WITHMEM.
End Refinement.