зеркало из https://github.com/microsoft/Komodo.git
39 строки
1.2 KiB
Plaintext
39 строки
1.2 KiB
Plaintext
include {:verbatim} "kom_common.i.dfy"
|
|
include {:verbatim} "bitvectors.i.dfy"
|
|
include {:verbatim} "pagedb.i.dfy"
|
|
include "ARMdecls.sdfy"
|
|
|
|
procedure fetch_l1pte(
|
|
operand l1pt_va:addr,
|
|
operand l1index:reg,
|
|
out operand tmp:reg,
|
|
out operand res:reg,
|
|
ghost pagedb:PageDb,
|
|
ghost l1pg:PageNr)
|
|
requires/ensures
|
|
SaneState(this);
|
|
requires
|
|
DistinctRegOperands(set(@l1pt_va, @l1index, @tmp, @res), 4);
|
|
validPageDb(pagedb);
|
|
pageDbCorresponds(this.m, pagedb);
|
|
validPageNr(l1pg) && pagedb[l1pg] is PageDbEntryTyped
|
|
&& pagedb[l1pg].entry is L1PTable;
|
|
l1pt_va == page_monvaddr(l1pg);
|
|
0 <= l1index < NR_L1PTES;
|
|
reads
|
|
mem;
|
|
ensures
|
|
SmcProcedureInvariant(old(this),this);
|
|
res == 0 <==> pagedb[l1pg].entry.l1pt[old(l1index)] == Nothing;
|
|
res == mkL1Pte(pagedb[l1pg].entry.l1pt[old(l1index)], 0);
|
|
{
|
|
reveal pageDbL1PTableCorresponds;
|
|
reveal pageContentsCorresponds;
|
|
lemma_LeftShift4(l1index);
|
|
LSL(tmp, l1index, 4);
|
|
LDR(res, l1pt_va, tmp);
|
|
assert res == MemContents(this.m, l1pteoffset(l1pt_va, l1index, 0));
|
|
assert res == mkL1Pte(pagedb[l1pg].entry.l1pt[l1index], 0);
|
|
reveal BitOr;
|
|
}
|