Skip to content

Commit

Permalink
Redesign frame allocation for easier formal verification (#1004)
Browse files Browse the repository at this point in the history 
* A single type `Frames` is now used to represent all physical memory frames.
  * Each `Frames` object is globally unique, and ownership of one represents
    the exclusive capability to access those frames, e.g., map pages to them.

* The `Frames` struct is parameterized with a const generic enum that
  determines which state it is in, one of four `memory_structs::MemoryState`s:
  1. Free: the range of frames is free and is owned by the frame allocator.
     * `Frames<{MemoryState::Free}>` is type aliased to `FreeFrames`.
  2. Allocated: the range of frames has been allocated, and is owned by
     another entity outside of the frame allocator.
     * `Frames<{MemoryState::Allocated}>` is type aliased to `AllocatedFrames`,
       which replaces the previous struct of the same name.
  3. Mapped: the range of frames has been mapped by a range of virtual pages.
     * `Frames<{MemoryState::Mapped}>` is type aliased to `MappedFrames`,
       which is not yet used in the Theseus codebase.
  4. Unmapped: the range of frames has just been unmapped by a range
     of virtual pages, but has yet to be returned to the frame allocator.
     * `Frames<{MemoryState::Unmapped}>` is type aliased to `UnmappedFrames`,
       which is used as an intermediary step before transitioning back into
       `AllocatedFrames`.
  * See the documentation of `Frames` for more info on state transitions:
    (Free) <---> (Allocated) --> (Mapped) --> (Unmapped) --> (Allocated) <---> (Free)

* `FreeFrames` is used in favor of `Chunk`. Note that the term "chunk" still
  appears in the code in order to minimize the sheer volume of tiny changes.

* Added a few new APIs to frame-related types, mostly for convenience:
  `split_at`, `split_range`, `contains_range`.

* Combined the `PhysicalMemoryRegion` and `Region` into a single type
  used across the entire frame allocator.

* The core logic of the frame allocator has been changed to accommodate
  the new `Frames` type, which is a verified "true linear" type that cannot be
  cloned or have its inner fields mutated.
  * The entire point of this redesigns is to make the frame allocator
    amenable to formal verification based on typestate analysis combined
    with Prusti-verifiable pre- and post-conditions for key functions.
  * Actual verification code and proofs of frame allocation correctness
    are coming soon in future PRs.

Co-authored-by: Kevin Boos <kevinaboos@gmail.com> 0dd9dc6
  • Loading branch information
@kevinaboos
kevinaboos committed Jul 28, 2023
1 parent b222fcc commit 03507c3
Show file tree
Hide file tree
Showing 122 changed files with 1,370 additions and 762 deletions.
2 changes: 1 addition & 1 deletion doc/frame_allocator/all.html
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="List of all items in this crate"><title>List of all items in this crate</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceSerif4-Regular-46f98efaafac5295.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceSerif4-Bold-a2c9cd1067f8b328.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="../static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="../static.files/rustdoc-f40c346f39d9abc1.css" id="mainThemeStyle"><div id="rustdoc-vars" data-root-path="../" data-static-root-path="../static.files/" data-current-crate="frame_allocator" data-themes="" data-resource-suffix="" data-rustdoc-version="1.72.0-nightly (065a1f5df 2023-06-21)" data-search-js="search-95c92dd01058facf.js" data-settings-js="settings-de11bff964e9d4e5.js" data-settings-css="settings-8c76f75bfb6bd192.css" data-theme-light-css="light-0f8c037637f9eb3e.css" data-theme-dark-css="dark-1097f8e92a01e3cf.css" data-theme-ayu-css="ayu-614652228113ac93.css" ></div><script src="../static.files/storage-62ce34ea385b278a.js"></script><script defer src="../static.files/main-190c35055d2a8300.js"></script><noscript><link rel="stylesheet" media="(prefers-color-scheme:light)" href="../static.files/light-0f8c037637f9eb3e.css"><link rel="stylesheet" media="(prefers-color-scheme:dark)" href="../static.files/dark-1097f8e92a01e3cf.css"><link rel="stylesheet" href="../static.files/noscript-13285aec31fa243e.css"></noscript><link rel="alternate icon" type="image/png" href="../static.files/favicon-16x16-8b506e7a72182f1c.png"><link rel="alternate icon" type="image/png" href="../static.files/favicon-32x32-422f7d1d52889060.png"><link rel="icon" type="image/svg+xml" href="../static.files/favicon-2c020d218678b618.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="logo-container" href="../frame_allocator/index.html"><img class="rust-logo" src="../static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></a><h2></h2></nav><nav class="sidebar"><a class="logo-container" href="../frame_allocator/index.html"><img class="rust-logo" src="../static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></a><h2 class="location"><a href="#">Crate frame_allocator</a></h2><div class="sidebar-elems"><section><ul class="block"><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#functions">Functions</a></li></ul></section></div></nav><main><div class="width-limiter"><nav class="sub"><form class="search-form"><span></span><input class="search-input" name="search" aria-label="Run search in the documentation" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../static.files/wheel-7b819b6101059cd0.svg"></a></div></form></nav><section id="main-content" class="content"><h1>List of all items</h1><h3 id="structs">Structs</h3><ul class="all-items"><li><a href="struct.AllocatedFrame.html">AllocatedFrame</a></li><li><a href="struct.AllocatedFrames.html">AllocatedFrames</a></li><li><a href="struct.AllocatedFramesIter.html">AllocatedFramesIter</a></li><li><a href="struct.DeferredAllocAction.html">DeferredAllocAction</a></li><li><a href="struct.PhysicalMemoryRegion.html">PhysicalMemoryRegion</a></li></ul><h3 id="enums">Enums</h3><ul class="all-items"><li><a href="enum.MemoryRegionType.html">MemoryRegionType</a></li></ul><h3 id="functions">Functions</h3><ul class="all-items"><li><a href="fn.allocate_frames.html">allocate_frames</a></li><li><a href="fn.allocate_frames_at.html">allocate_frames_at</a></li><li><a href="fn.allocate_frames_by_bytes.html">allocate_frames_by_bytes</a></li><li><a href="fn.allocate_frames_by_bytes_at.html">allocate_frames_by_bytes_at</a></li><li><a href="fn.allocate_frames_by_bytes_deferred.html">allocate_frames_by_bytes_deferred</a></li><li><a href="fn.allocate_frames_deferred.html">allocate_frames_deferred</a></li><li><a href="fn.init.html">init</a></li></ul></section></div></main></body></html>
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="List of all items in this crate"><title>List of all items in this crate</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceSerif4-Regular-46f98efaafac5295.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceSerif4-Bold-a2c9cd1067f8b328.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="../static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="../static.files/rustdoc-f40c346f39d9abc1.css" id="mainThemeStyle"><div id="rustdoc-vars" data-root-path="../" data-static-root-path="../static.files/" data-current-crate="frame_allocator" data-themes="" data-resource-suffix="" data-rustdoc-version="1.72.0-nightly (065a1f5df 2023-06-21)" data-search-js="search-95c92dd01058facf.js" data-settings-js="settings-de11bff964e9d4e5.js" data-settings-css="settings-8c76f75bfb6bd192.css" data-theme-light-css="light-0f8c037637f9eb3e.css" data-theme-dark-css="dark-1097f8e92a01e3cf.css" data-theme-ayu-css="ayu-614652228113ac93.css" ></div><script src="../static.files/storage-62ce34ea385b278a.js"></script><script defer src="../static.files/main-190c35055d2a8300.js"></script><noscript><link rel="stylesheet" media="(prefers-color-scheme:light)" href="../static.files/light-0f8c037637f9eb3e.css"><link rel="stylesheet" media="(prefers-color-scheme:dark)" href="../static.files/dark-1097f8e92a01e3cf.css"><link rel="stylesheet" href="../static.files/noscript-13285aec31fa243e.css"></noscript><link rel="alternate icon" type="image/png" href="../static.files/favicon-16x16-8b506e7a72182f1c.png"><link rel="alternate icon" type="image/png" href="../static.files/favicon-32x32-422f7d1d52889060.png"><link rel="icon" type="image/svg+xml" href="../static.files/favicon-2c020d218678b618.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="logo-container" href="../frame_allocator/index.html"><img class="rust-logo" src="../static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></a><h2></h2></nav><nav class="sidebar"><a class="logo-container" href="../frame_allocator/index.html"><img class="rust-logo" src="../static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></a><h2 class="location"><a href="#">Crate frame_allocator</a></h2><div class="sidebar-elems"><section><ul class="block"><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#functions">Functions</a></li><li><a href="#types">Type Definitions</a></li></ul></section></div></nav><main><div class="width-limiter"><nav class="sub"><form class="search-form"><span></span><input class="search-input" name="search" aria-label="Run search in the documentation" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../static.files/wheel-7b819b6101059cd0.svg"></a></div></form></nav><section id="main-content" class="content"><h1>List of all items</h1><h3 id="structs">Structs</h3><ul class="all-items"><li><a href="struct.AllocatedFrame.html">AllocatedFrame</a></li><li><a href="struct.AllocatedFramesIter.html">AllocatedFramesIter</a></li><li><a href="struct.DeferredAllocAction.html">DeferredAllocAction</a></li><li><a href="struct.Frames.html">Frames</a></li><li><a href="struct.PhysicalMemoryRegion.html">PhysicalMemoryRegion</a></li><li><a href="struct.SplitFrames.html">SplitFrames</a></li></ul><h3 id="enums">Enums</h3><ul class="all-items"><li><a href="enum.MemoryRegionType.html">MemoryRegionType</a></li></ul><h3 id="functions">Functions</h3><ul class="all-items"><li><a href="fn.allocate_frames.html">allocate_frames</a></li><li><a href="fn.allocate_frames_at.html">allocate_frames_at</a></li><li><a href="fn.allocate_frames_by_bytes.html">allocate_frames_by_bytes</a></li><li><a href="fn.allocate_frames_by_bytes_at.html">allocate_frames_by_bytes_at</a></li><li><a href="fn.allocate_frames_by_bytes_deferred.html">allocate_frames_by_bytes_deferred</a></li><li><a href="fn.allocate_frames_deferred.html">allocate_frames_deferred</a></li><li><a href="fn.init.html">init</a></li></ul><h3 id="types">Type Definitions</h3><ul class="all-items"><li><a href="type.AllocatedFrames.html">AllocatedFrames</a></li><li><a href="type.FreeFrames.html">FreeFrames</a></li><li><a href="type.MappedFrames.html">MappedFrames</a></li><li><a href="type.UnmappedFrames.html">UnmappedFrames</a></li></ul></section></div></main></body></html>
Loading

0 comments on commit 03507c3

Please sign in to comment.