Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move ownership of underlying slice of SerializableBuffer to outside of Mem() #374

Merged
merged 37 commits into from
Aug 29, 2024
Merged

Move ownership of underlying slice of SerializableBuffer to outside of Mem() #374

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
a3232d0
fix missing precondition for packSCMP
mlimbeck Jul 24, 2024
acbb387
progress scmp
mlimbeck Jul 25, 2024
c8fccfe
further progress
mlimbeck Jul 25, 2024
08e5f59
further scmp fixes
mlimbeck Jul 25, 2024
b036341
fix syntax error and strengthen spec of erros.Is function
mlimbeck Jul 26, 2024
6f2322b
fix verification error
mlimbeck Jul 26, 2024
ef9ac86
fix verification errors in process()
mlimbeck Jul 26, 2024
5ea2289
drop last scmp assumption
mlimbeck Jul 26, 2024
c9f43f9
fix verification errors in process()
mlimbeck Jul 26, 2024
b8379ba
add missing postconditions to resolveInbound
mlimbeck Jul 26, 2024
1335655
fix p.d permissions
mlimbeck Jul 26, 2024
9185058
save
jcp19 Jul 26, 2024
d484489
remove wrong precondition from validateEgressUp()
mlimbeck Jul 26, 2024
4a86e4c
clean up
mlimbeck Aug 12, 2024
16d4ed9
Merge remote-tracking branch 'remotescion/joao-new-inv' into markus-p…
mlimbeck Aug 13, 2024
eb6b522
feedback
mlimbeck Aug 14, 2024
cb43617
Merge branch 'markus-packscmp' into markus-packscmp-new-inv
mlimbeck Aug 14, 2024
14d0b62
change dependencies to new buffer approach
mlimbeck Aug 14, 2024
4f6bab4
remove buffWithFullPerm flag from scionPacketProcessor
mlimbeck Aug 14, 2024
66f2726
fix verification errors
mlimbeck Aug 14, 2024
032af16
fix permission mistake
mlimbeck Aug 15, 2024
11dfd0b
Merge branch 'joao-uncomment-packSCMP' into markus-packscmp-new-inv
mlimbeck Aug 15, 2024
83d36ce
Apply suggestions from code review
mlimbeck Aug 15, 2024
66a17d8
pass underlying buffer slice to prepareSCMP
mlimbeck Aug 16, 2024
6afb4f8
remove deep ownership of buffer slice in message
mlimbeck Aug 16, 2024
6ccb661
fix verification error in run
mlimbeck Aug 16, 2024
155909d
fix injectivity issue in run() and verification error in newPacketPro…
mlimbeck Aug 16, 2024
439c0e8
different trigger
mlimbeck Aug 17, 2024
7ee8a80
proves injectivity for message buffer directly without sets
mlimbeck Aug 22, 2024
2233984
test: remove unnecessary invariants in run()
mlimbeck Aug 23, 2024
53944ca
improvements to injectivity lemma for messages
mlimbeck Aug 27, 2024
1795031
introduce new lemma PermsImplyIneq()
mlimbeck Aug 27, 2024
267c125
fixed missing preconditions
mlimbeck Aug 27, 2024
ed2cdcf
minor fixes and feedback
mlimbeck Aug 29, 2024
d5df19d
fix verification error
mlimbeck Aug 29, 2024
fa8c6b1
fmt
mlimbeck Aug 29, 2024
5187f87
Merge branch 'joao-uncomment-packSCMP' into markus-packscmp-new-inv
jcp19 Aug 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions pkg/slayers/scion.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,9 +218,11 @@ func (s *SCION) NetworkFlow() (res gopacket.Flow) {
// @ requires b != nil && b.Mem()
// @ requires acc(s.Mem(ubuf), R0)
// @ requires sl.Bytes(ubuf, 0, len(ubuf))
// @ requires sl.Bytes(b.UBuf(), 0, len(b.UBuf()))
// @ ensures b.Mem()
// @ ensures acc(s.Mem(ubuf), R0)
// @ ensures sl.Bytes(ubuf, 0, len(ubuf))
// @ ensures sl.Bytes(b.UBuf(), 0, len(b.UBuf()))
// TODO: hide internal spec details
// @ ensures e == nil && s.HasOneHopPath(ubuf) ==>
// @ len(b.UBuf()) == old(len(b.UBuf())) + unfolding acc(s.Mem(ubuf), R55) in
Expand Down Expand Up @@ -257,7 +259,6 @@ func (s *SCION) SerializeTo(b gopacket.SerializeBuffer, opts gopacket.SerializeO
}
// @ ghost uSerBufN := b.UBuf()
// @ assert buf === uSerBufN[:scnLen]
// @ b.ExchangePred()

// @ unfold acc(sl.Bytes(uSerBufN, 0, len(uSerBufN)), writePerm)
// Serialize common header.
Expand Down Expand Up @@ -287,7 +288,6 @@ func (s *SCION) SerializeTo(b gopacket.SerializeBuffer, opts gopacket.SerializeO
// @ sl.Unslice_Bytes(uSerBufN, 0, CmnHdrLen, R54)
// @ sl.CombineRange_Bytes(uSerBufN, CmnHdrLen, scnLen, writePerm)
// @ sl.CombineRange_Bytes(ubuf, CmnHdrLen, len(ubuf), R10)
// @ b.RestoreMem(uSerBufN)
return err
}
offset := CmnHdrLen + s.AddrHdrLen( /*@ nil, true @*/ )
Expand Down Expand Up @@ -320,7 +320,6 @@ func (s *SCION) SerializeTo(b gopacket.SerializeBuffer, opts gopacket.SerializeO
// @ sl.CombineRange_Bytes(uSerBufN, offset, scnLen, HalfPerm)
// @ sl.CombineRange_Bytes(ubuf, startP, endP, HalfPerm)
// @ reveal IsSupportedPkt(uSerBufN)
// @ b.RestoreMem(uSerBufN)
// @ reveal IsSupportedRawPkt(b.View())
return tmp
}
Expand Down
32 changes: 1 addition & 31 deletions pkg/slayers/scmp.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ func (s *SCMP) NextLayerType( /*@ ghost ub []byte @*/ ) gopacket.LayerType {
// @ requires b != nil
// @ requires s.Mem(ubufMem)
// @ preserves b.Mem()
// @ preserves sl.Bytes(b.UBuf(), 0, len(b.UBuf()))
// @ ensures err == nil ==> s.Mem(ubufMem)
// @ ensures err != nil ==> err.ErrorMem()
// @ decreases
Expand All @@ -121,15 +122,6 @@ func (s *SCMP) SerializeTo(b gopacket.SerializeBuffer, opts gopacket.SerializeOp
return err
}
// @ unfold s.Mem(ubufMem)

// @ requires len(underlyingBufRes) >= 4
// @ requires bytes === underlyingBufRes[:4]
// @ requires b != nil
// @ preserves acc(&s.TypeCode)
// @ preserves b.Mem() && b.UBuf() === underlyingBufRes
// @ decreases
// @ outline (
// @ b.ExchangePred()
mlimbeck marked this conversation as resolved.
Show resolved Hide resolved
// @ sl.SplitByIndex_Bytes(underlyingBufRes, 0, len(underlyingBufRes), 2, writePerm)
// @ unfold sl.Bytes(underlyingBufRes, 0, 2)
// @ assert forall i int :: { &bytes[i] } 0 <= i && i < 2 ==> &bytes[i] == &underlyingBufRes[i]
Expand All @@ -138,59 +130,37 @@ func (s *SCMP) SerializeTo(b gopacket.SerializeBuffer, opts gopacket.SerializeOp
// @ unfold sl.Bytes(bytes, 0, 2)
// @ fold sl.Bytes(underlyingBufRes, 0, 2)
// @ sl.CombineAtIndex_Bytes(underlyingBufRes, 0, len(underlyingBufRes), 2, writePerm)
// @ b.RestoreMem(underlyingBufRes)
// @ )

if opts.ComputeChecksums {
if s.scn == nil {
// @ fold s.Mem(ubufMem)
return serrors.New("can not calculate checksum without SCION header")
}
// zero out checksum bytes
// @ requires len(underlyingBufRes) >= 4
// @ requires bytes === underlyingBufRes[:4]
// @ requires b != nil
// @ preserves b.Mem() && b.UBuf() === underlyingBufRes
// @ decreases
// @ outline (
// @ b.ExchangePred()
// @ sl.SplitByIndex_Bytes(underlyingBufRes, 0, len(underlyingBufRes), 4, writePerm)
// @ unfold sl.Bytes(underlyingBufRes, 0, 4)
// @ assert forall i int :: { &bytes[i] } 0 <= i && i < 4 ==> &bytes[i] == &underlyingBufRes[i]
bytes[2] = 0
bytes[3] = 0
// @ fold sl.Bytes(underlyingBufRes, 0, 4)
// @ sl.CombineAtIndex_Bytes(underlyingBufRes, 0, len(underlyingBufRes), 4, writePerm)
// @ b.RestoreMem(underlyingBufRes)
// @ )
verScionTmp := b.Bytes()
// @ unfold s.scn.ChecksumMem()
s.Checksum, err = s.scn.computeChecksum(verScionTmp, uint8(L4SCMP))
// @ fold s.scn.ChecksumMem()
// @ b.RestoreMem(verScionTmp)
if err != nil {
// @ fold s.Mem(ubufMem)
return err
}

}
// @ requires len(underlyingBufRes) >= 4
// @ requires bytes === underlyingBufRes[:4]
// @ requires b != nil
// @ preserves acc(&s.Checksum)
// @ preserves b.Mem() && b.UBuf() === underlyingBufRes
// @ decreases
// @ outline (
// @ b.ExchangePred()
// @ sl.SplitByIndex_Bytes(underlyingBufRes, 0, len(underlyingBufRes), 4, writePerm)
// @ unfold sl.Bytes(underlyingBufRes, 0, 4)
// @ assert forall i int :: { &bytes[i] } 0 <= i && i < 4 ==> &bytes[i] == &underlyingBufRes[i]
// @ assert forall i int :: { &bytes[2:][i] } 0 <= i && i < 2 ==> &bytes[2:][i] == &bytes[i + 2]
binary.BigEndian.PutUint16(bytes[2:], s.Checksum)
// @ fold sl.Bytes(underlyingBufRes, 0, 4)
// @ sl.CombineAtIndex_Bytes(underlyingBufRes, 0, len(underlyingBufRes), 4, writePerm)
// @ b.RestoreMem(underlyingBufRes)
// @ )
// @ fold s.Mem(ubufMem)
return nil
}
Expand Down
Loading
Loading