pub struct TlbModel {
pub pending: Seq<TlbFlushOp>,
pub mappings: Set<Mapping>,
}Fields§
§pending: Seq<TlbFlushOp>§mappings: Set<Mapping>Implementations§
Source§impl TlbModel
impl TlbModel
Sourcepub open spec fn update_spec(self, pt: PageTableView, va: Vaddr) -> Self
pub open spec fn update_spec(self, pt: PageTableView, va: Vaddr) -> Self
{
let m = pt
.mappings
.filter(|m: Mapping| m.va_range.start <= va < m.va_range.end)
.choose();
TlbModel {
pending: self.pending,
mappings: self.mappings.insert(m),
}
}Sourcepub proof fn update(&mut self, pt: PageTableView, va: Vaddr)
pub proof fn update(&mut self, pt: PageTableView, va: Vaddr)
requires
old(self).inv(),forall |m: Mapping| (
old(self).mappings has m ==> !(m.va_range.start <= va < m.va_range.end)
),exists |m: Mapping| pt.mappings has m ==> m.va_range.start <= va < m.va_range.end,*final(self) == old(self).update_spec(pt, va),Sourcepub open spec fn flush_spec(self, va: Vaddr) -> Self
pub open spec fn flush_spec(self, va: Vaddr) -> Self
{
let m = self.mappings.filter(|m: Mapping| m.va_range.start <= va < m.va_range.end);
TlbModel {
pending: self.pending,
mappings: self.mappings - m,
}
}Sourcepub proof fn flush(&mut self, va: Vaddr)
pub proof fn flush(&mut self, va: Vaddr)
requires
old(self).inv(),*final(self) == old(self).flush_spec(va),Sourcepub open spec fn consistent_with_pt(self, pt: PageTableView) -> bool
pub open spec fn consistent_with_pt(self, pt: PageTableView) -> bool
{ self.mappings <= pt.mappings }Sourcepub proof fn lemma_flush_preserves_inv(self, va: Vaddr)
pub proof fn lemma_flush_preserves_inv(self, va: Vaddr)
requires
self.inv(),self.flush_spec(va).inv(),Sourcepub proof fn lemma_update_preserves_consistent(self, pt: PageTableView, va: Vaddr)
pub proof fn lemma_update_preserves_consistent(self, pt: PageTableView, va: Vaddr)
requires
pt.inv(),self.inv(),self.consistent_with_pt(pt),exists |m: Mapping| pt.mappings has m && m.va_range.start <= va < m.va_range.end,self.update_spec(pt, va).consistent_with_pt(pt),Sourcepub proof fn lemma_consistent_with_pt_implies_inv(self, pt: PageTableView)
pub proof fn lemma_consistent_with_pt_implies_inv(self, pt: PageTableView)
requires
self.inv(),self.consistent_with_pt(pt),pt.inv(),self.inv(),Sourcepub open spec fn issue_tlb_flush_spec(self, op: TlbFlushOp) -> Self
pub open spec fn issue_tlb_flush_spec(self, op: TlbFlushOp) -> Self
{
TlbModel {
pending: self.pending.push(op),
mappings: self.mappings,
}
}Sourcepub proof fn issue_tlb_flush(tracked &mut self, tracked op: TlbFlushOp)
pub proof fn issue_tlb_flush(tracked &mut self, tracked op: TlbFlushOp)
requires
old(self).inv(),*final(self) == old(self).issue_tlb_flush_spec(op),final(self).inv(),Sourcepub open spec fn dispatch_tlb_flush_spec(self) -> Self
pub open spec fn dispatch_tlb_flush_spec(self) -> Self
{
let op = self.pending.last();
let popped = TlbModel {
pending: self.pending.take(self.pending.len() - 1),
mappings: self.mappings,
};
match op {
TlbFlushOp::All => popped,
TlbFlushOp::Address(va) => popped.flush_spec(va),
TlbFlushOp::Range(range) => popped.flush_spec(range.start),
}
}Trait Implementations§
Source§impl Inv for TlbModel
impl Inv for TlbModel
Source§open spec fn inv(self) -> bool
open spec fn inv(self) -> bool
{
&&& forall |m: Mapping| self.mappings has m ==> m.inv()
&&& forall |m: Mapping, n: Mapping| (
self.mappings has m
==> (self.mappings has n ==> (m != n ==> Mapping::disjoint_vaddrs(m, n)))
)
&&& forall |m: Mapping, n: Mapping| (
self.mappings has m
==> (self.mappings has n ==> (m != n ==> Mapping::disjoint_paddrs(m, n)))
)
}Auto Trait Implementations§
impl Freeze for TlbModel
impl RefUnwindSafe for TlbModel
impl Send for TlbModel
impl Sync for TlbModel
impl Unpin for TlbModel
impl UnsafeUnpin for TlbModel
impl UnwindSafe for TlbModel
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more