Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

make hf_valid opaque #372

Merged
merged 7 commits into from
Jul 25, 2024
Merged

make hf_valid opaque #372

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
d61970f
make hf_valid opaque
jcp19 Jul 24, 2024
82b08bc
backup
jcp19 Jul 24, 2024
5bd3b1e
backup
jcp19 Jul 24, 2024
87d14cb
might have to reverse this
jcp19 Jul 25, 2024
7394864
backup
jcp19 Jul 25, 2024
1eda55a
backup
jcp19 Jul 25, 2024
9afb3d8
Update router/io-spec-abstract-transitions.gobra
jcp19 Jul 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions router/io-spec-abstract-transitions.gobra
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,7 @@ func ExternalEnterOrExitEvent(oldPkt io.IO_pkt2, ingressID option[io.IO_ifs], ne
reveal AbsValidateEgressIDConstraint(nextPkt, (ingressID != none[io.IO_ifs]), dp)
reveal AbsProcessEgress(nextPkt)
if(ingressID == none[io.IO_ifs]){
// assert false
jcp19 marked this conversation as resolved.
Show resolved Hide resolved
AtomicExit(oldPkt, ingressID, newPkt, egressID, ioLock, ioSharedArg, dp)
} else {
AtomicEnter(oldPkt, ingressID, newPkt, egressID, ioLock, ioSharedArg, dp)
Expand Down
4 changes: 2 additions & 2 deletions verification/dependencies/github.com/google/gopacket/base.gobra
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,8 @@ ensures len(res) != 0 ==> res === ub[start:end]
decreases
func (p Payload) Payload(ghost ub []byte) (res []byte, ghost start int, ghost end int) {
res = []byte(p)
assert unfolding acc(p.Mem(ub), R20) in true
return res, 0, len(p)
assert unfolding acc(p.Mem(ub), R20) in true
return res, 0, len(p)
}

requires b != nil && b.Mem()
Expand Down
12 changes: 6 additions & 6 deletions verification/io/dataplane_abstract.gobra
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,16 @@ package io
// to the interface y of AS a2.
type DataPlaneSpec adt {
DataPlaneSpec_{
linkTypes dict[IO_ifs]IO_Link
neighborIAs dict[IO_ifs]IO_as
localIA IO_as
links dict[AsIfsPair]AsIfsPair
linkTypes dict[IO_ifs]IO_Link
neighborIAs dict[IO_ifs]IO_as
localIA IO_as
links dict[AsIfsPair]AsIfsPair
}
}

type AsIfsPair struct {
asid IO_as
ifs IO_ifs
asid IO_as
ifs IO_ifs
}

ghost
Expand Down
1 change: 1 addition & 0 deletions verification/io/other_defs.gobra
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,7 @@ type IO_dp2_state adt {
}

ghost
opaque
decreases
pure func (m IO_msgterm) extract_asid() IO_as {
return m.MsgTerm_Hash_.MsgTerm_MPair_1.MsgTerm_Key_.Key_macK_
Expand Down
61 changes: 43 additions & 18 deletions verification/io/router.gobra
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,47 +27,72 @@ pure func if2term(ifs option[IO_ifs]) IO_msgterm {
case none[IO_ifs]:
MsgTerm_Empty{}
default:
IO_msgterm(MsgTerm_AS{IO_as(get(ifs))})
MsgTerm_AS{IO_as(get(ifs))}
}
}

ghost
decreases
pure func (dp DataPlaneSpec) hf_valid(d bool, ts uint, uinfo set[IO_msgterm], hf IO_HF) bool {
return hf_valid_impl(dp.Asid(), ts, uinfo, hf)
}

ghost
decreases
pure func hf_valid_impl(asid IO_as, ts uint, uinfo set[IO_msgterm], hf IO_HF) bool {
return let inif := hf.InIF2 in
let egif := hf.EgIF2 in
let x := hf.HVF in
let l := IO_msgterm(MsgTerm_L{
seq[IO_msgterm]{
IO_msgterm(MsgTerm_Num{ts}),
if2term(inif),
if2term(egif),
IO_msgterm(MsgTerm_FS{uinfo})}}) in
x == mac(macKey(asidToKey(dp.Asid())), l)
let hvf := hf.HVF in
let next := nextMsgtermSpec(asid, inif, egif, ts, uinfo) in
hvf == next
}

ghost
opaque
ensures result.extract_asid() == asid
decreases
pure func nextMsgtermSpec(asid IO_as, inif option[IO_ifs], egif option[IO_ifs], ts uint, uinfo set[IO_msgterm]) (result IO_msgterm) {
return let l := plaintextToMac(inif, egif, ts, uinfo) in
let res := mac(macKey(asidToKey(asid)), l) in
let _ := reveal res.extract_asid() in
res
}

ghost
decreases
pure func plaintextToMac(inif option[IO_ifs], egif option[IO_ifs], ts uint, uinfo set[IO_msgterm]) IO_msgterm {
return MsgTerm_L {
seq[IO_msgterm]{
MsgTerm_Num{ts},
if2term(inif),
if2term(egif),
MsgTerm_FS{uinfo},
},
}
}

ghost
decreases
pure func macKey(key IO_key) IO_msgterm {
return IO_msgterm(MsgTerm_Key{key})
return MsgTerm_Key{key}
}

ghost
decreases
pure func mac(fst IO_msgterm, snd IO_msgterm) IO_msgterm {
return IO_msgterm( MsgTerm_Hash {
MsgTerm_Hash_ : IO_msgterm( MsgTerm_MPair{
MsgTerm_MPair_1 : fst,
MsgTerm_MPair_2 : snd,
}),
})
return MsgTerm_Hash {
MsgTerm_Hash_: MsgTerm_MPair {
MsgTerm_MPair_1: fst,
MsgTerm_MPair_2: snd,
},
}
}

// helper function, not defined in IO spec
ghost
decreases
pure func asidToKey(asid IO_as) IO_key{
return IO_key(Key_macK{asid})
pure func asidToKey(asid IO_as) IO_key {
return Key_macK{asid}
}

ghost
Expand Down
Loading