Library mcertikos.proc.VMXIntroGenLink
Require Import LinkTemplate.
Require Import VVMXIntro.
Require Import VMXIntroGen.
Require Import VMXIntroGenLinkSource.
Require Import VVMCSInit.
Require Import VVMCSInitCSource.
Require Import VVMCSInitCode.
Require Import VMXIntroGenAsm.
Section WITHCOMPCERTIKOS.
Context `{compcertikos_prf: CompCertiKOS} `{real_params_prf: RealParams}.
Context `{multi_oracle_prop: MultiOracleProp}.
Context `{multi_oracle_link: !MultiOracleLink}.
Lemma make_program_find_symbol (CTXT md : module)(m : mem) s :
(p <- make_program s (CTXT ⊕ (md ⊕ VMX_LOC ↦ v_VMX_LOC) ⊕ ∅) (vmcsinit ⊕ L64);
ret (Genv.init_mem p) = OK (Some m))
→ ∃ b, find_symbol s VMX_LOC = Some b ∧
∀ i : Z, 0 ≤ i < VMX_Size´ →
Mem.valid_access m Mint32 b (VMX_Size´ × 4 × GlobalOracle.current_CPU_ID + i × 4) Writable.
Proof.
intros mkprog; inv_monad´ mkprog.
assert (mkgenv := make_program_make_globalenv _ _ _ _ mkprog0).
pose proof mkgenv as mkgenv´.
eapply make_globalenv_stencil_matches in mkgenv´.
inv_make_globalenv mkgenv. subst.
rewrite (stencil_matches_symbols _ _ mkgenv´) in ×. inv mkgenv´.
eexists; split; try eassumption.
specialize (Genv.init_mem_characterization _ _ Hbvi H0); eauto.
Opaque Z.mul.
unfold Genv.perm_globvar; simpl; intros [ Hperm _ ].
change (Z.max (VMX_Size´ × 4 × 8) 0) with (VMX_Size´ × 4 × 8) in Hperm.
intros; split.
- unfold Mem.range_perm; intros. apply Hperm.
simpl in H1.
generalize current_CPU_ID_range; intro.
omega.
- simpl. ∃ (VMX_Size´ × GlobalOracle.current_CPU_ID + i); omega.
Qed.
Lemma init_correct:
init_correct_type VVMXIntro_module vmcsinit vmxintro.
Proof.
init_correct.
exploit make_program_find_symbol; eauto.
intros (b´ & find_symbol_VMX_LOC & access).
unfold VMCSPool_inj.
intros.
rewrite ZMap.gi in H1, H2.
rewrite <- H1, <- H2.
econstructor; try eassumption; intros.
rewrite ZMap.gi.
econstructor.
exploit make_program_find_symbol; eauto.
intros (b´ & find_symbol_VMX_LOC & access).
econstructor; eauto.
intros.
rewrite Hb1fs in find_symbol_VMX_LOC; inv find_symbol_VMX_LOC.
assert (readable : Mem.valid_access m2 Mint32 b´ (VMX_Size´ × 4 × GlobalOracle.current_CPU_ID + i × 4) Readable).
{ eapply Mem.valid_access_implies; eauto; constructor. }
exploit Mem.valid_access_load; eauto.
intros [ v load ].
∃ v; split; [| split ]; eauto.
rewrite ZMap.gi.
rewrite ZMap.gi.
simpl.
econstructor.
Qed.
Lemma link_correct_aux:
link_correct_aux_type VVMXIntro_module vmcsinit vmxintro.
Proof.
link_correct_aux.
- link_cfunction
vmx_readz_spec_ref
VVMCSInitCode.VMX_readz_code_correct.
- link_cfunction
vmx_writez_spec_ref
VVMCSInitCode.VMX_writez_code_correct.
- link_cfunction
vmx_enter_pre_spec_ref
VVMCSInitCode.VMX_enter_pre_code_correct.
- link_cfunction
vmx_exit_post_spec_ref
VVMCSInitCode.VMX_exit_post_code_correct.
- link_asmfunction vmx_enter_spec_ref vmx_enter_code_correct.
- link_asmfunction vmx_exit_spec_ref vmx_exit_code_correct.
- apply passthrough_correct.
Qed.
Theorem cl_backward_simulation:
cl_backward_simulation_type VVMXIntro_module vmcsinit vmxintro.
Proof.
cl_backward_simulation init_correct link_correct_aux.
Qed.
Theorem make_program_exists:
make_program_exist_type VVMXIntro_module vmcsinit vmxintro.
Proof.
make_program_exists link_correct_aux.
Qed.
End WITHCOMPCERTIKOS.
Require Import VVMXIntro.
Require Import VMXIntroGen.
Require Import VMXIntroGenLinkSource.
Require Import VVMCSInit.
Require Import VVMCSInitCSource.
Require Import VVMCSInitCode.
Require Import VMXIntroGenAsm.
Section WITHCOMPCERTIKOS.
Context `{compcertikos_prf: CompCertiKOS} `{real_params_prf: RealParams}.
Context `{multi_oracle_prop: MultiOracleProp}.
Context `{multi_oracle_link: !MultiOracleLink}.
Lemma make_program_find_symbol (CTXT md : module)(m : mem) s :
(p <- make_program s (CTXT ⊕ (md ⊕ VMX_LOC ↦ v_VMX_LOC) ⊕ ∅) (vmcsinit ⊕ L64);
ret (Genv.init_mem p) = OK (Some m))
→ ∃ b, find_symbol s VMX_LOC = Some b ∧
∀ i : Z, 0 ≤ i < VMX_Size´ →
Mem.valid_access m Mint32 b (VMX_Size´ × 4 × GlobalOracle.current_CPU_ID + i × 4) Writable.
Proof.
intros mkprog; inv_monad´ mkprog.
assert (mkgenv := make_program_make_globalenv _ _ _ _ mkprog0).
pose proof mkgenv as mkgenv´.
eapply make_globalenv_stencil_matches in mkgenv´.
inv_make_globalenv mkgenv. subst.
rewrite (stencil_matches_symbols _ _ mkgenv´) in ×. inv mkgenv´.
eexists; split; try eassumption.
specialize (Genv.init_mem_characterization _ _ Hbvi H0); eauto.
Opaque Z.mul.
unfold Genv.perm_globvar; simpl; intros [ Hperm _ ].
change (Z.max (VMX_Size´ × 4 × 8) 0) with (VMX_Size´ × 4 × 8) in Hperm.
intros; split.
- unfold Mem.range_perm; intros. apply Hperm.
simpl in H1.
generalize current_CPU_ID_range; intro.
omega.
- simpl. ∃ (VMX_Size´ × GlobalOracle.current_CPU_ID + i); omega.
Qed.
Lemma init_correct:
init_correct_type VVMXIntro_module vmcsinit vmxintro.
Proof.
init_correct.
exploit make_program_find_symbol; eauto.
intros (b´ & find_symbol_VMX_LOC & access).
unfold VMCSPool_inj.
intros.
rewrite ZMap.gi in H1, H2.
rewrite <- H1, <- H2.
econstructor; try eassumption; intros.
rewrite ZMap.gi.
econstructor.
exploit make_program_find_symbol; eauto.
intros (b´ & find_symbol_VMX_LOC & access).
econstructor; eauto.
intros.
rewrite Hb1fs in find_symbol_VMX_LOC; inv find_symbol_VMX_LOC.
assert (readable : Mem.valid_access m2 Mint32 b´ (VMX_Size´ × 4 × GlobalOracle.current_CPU_ID + i × 4) Readable).
{ eapply Mem.valid_access_implies; eauto; constructor. }
exploit Mem.valid_access_load; eauto.
intros [ v load ].
∃ v; split; [| split ]; eauto.
rewrite ZMap.gi.
rewrite ZMap.gi.
simpl.
econstructor.
Qed.
Lemma link_correct_aux:
link_correct_aux_type VVMXIntro_module vmcsinit vmxintro.
Proof.
link_correct_aux.
- link_cfunction
vmx_readz_spec_ref
VVMCSInitCode.VMX_readz_code_correct.
- link_cfunction
vmx_writez_spec_ref
VVMCSInitCode.VMX_writez_code_correct.
- link_cfunction
vmx_enter_pre_spec_ref
VVMCSInitCode.VMX_enter_pre_code_correct.
- link_cfunction
vmx_exit_post_spec_ref
VVMCSInitCode.VMX_exit_post_code_correct.
- link_asmfunction vmx_enter_spec_ref vmx_enter_code_correct.
- link_asmfunction vmx_exit_spec_ref vmx_exit_code_correct.
- apply passthrough_correct.
Qed.
Theorem cl_backward_simulation:
cl_backward_simulation_type VVMXIntro_module vmcsinit vmxintro.
Proof.
cl_backward_simulation init_correct link_correct_aux.
Qed.
Theorem make_program_exists:
make_program_exist_type VVMXIntro_module vmcsinit vmxintro.
Proof.
make_program_exists link_correct_aux.
Qed.
End WITHCOMPCERTIKOS.