@@ -829,9 +829,26 @@ Module TLB.
829829 Definition singleton (ctxt : Ctxt.t) (entry : Entry.t (Ctxt.lvl ctxt)) : t :=
830830 hset (Ctxt.lvl ctxt) {[(Ctxt.nd ctxt) := {[ entry ]}]} init.
831831
832+ Instance filter : Filter FE.t t :=
833+ λ P P_dec,
834+ hmap
835+ (λ lvl,
836+ iomap
837+ (λ ctxt entry_set,
838+ let new_entry_set :=
839+ filter
840+ (λ ent, P (existT (existT lvl ctxt) (ent : Entry.t lvl)))
841+ entry_set
842+ in
843+ if decide (new_entry_set = ∅) then None else Some new_entry_set)).
844+
845+ Definition setFEs (ctxt : Ctxt.t) (entries : gset (Entry.t (Ctxt.lvl ctxt))) (vatlb : t) : t :=
846+ hset (Ctxt.lvl ctxt) {[(Ctxt.nd ctxt) := entries]} vatlb.
847+
832848 #[global] Instance empty : Empty t := VATLB.init.
833849 #[global] Instance union : Union t := fun x y => hmap2 (fun _ => (∪ₘ)) x y.
834850 End VATLB.
851+ Export (hints) VATLB.
835852
836853 Record t :=
837854 make {
@@ -989,11 +1006,132 @@ Module TLB.
9891006 tlb1 ← va_fill tlb0 ts init mem time 1%fin va ttbr;
9901007 tlb2 ← va_fill tlb1 ts init mem time 2%fin va ttbr;
9911008 va_fill tlb2 ts init mem time 3%fin va ttbr.
1009+
1010+ (** ** TLB invalidation *)
1011+
1012+ (** Decide if a TLB entry is affected by an invalidation by asid at this asid *)
1013+ Definition affects_asid (asid : bv 16)
1014+ (ctxt : Ctxt.t)
1015+ (te : Entry.t (Ctxt.lvl ctxt)) : Prop :=
1016+ match (Ctxt.asid ctxt) with
1017+ | Some te_asid => te_asid = asid
1018+ | None => False
1019+ end .
1020+ Instance Decision_affects_asid (asid : bv 16)
1021+ (ctxt : Ctxt.t)
1022+ (te : Entry.t (Ctxt.lvl ctxt)) :
1023+ Decision (affects_asid asid ctxt te).
1024+ Proof . unfold_decide. Defined .
1025+
1026+ (** Decide if a TLB entry is affected by an invalidation by va at this asid *)
1027+ Definition affects_va (va : bv 36) (last : bool)
1028+ (ctxt : Ctxt.t)
1029+ (te : Entry.t (Ctxt.lvl ctxt)) : Prop :=
1030+ let '(te_lvl, te_va, te_val) :=
1031+ (Ctxt.lvl ctxt, Ctxt.va ctxt, Entry.pte te) in
1032+ (match_prefix_at te_lvl te_va va)
1033+ ∧ (if last then is_final te_lvl te_val else True).
1034+ Instance Decision_affects_va (va : bv 36) (last : bool)
1035+ (ctxt : Ctxt.t)
1036+ (te : Entry.t (Ctxt.lvl ctxt)) :
1037+ Decision (affects_va va last ctxt te).
1038+ Proof . unfold_decide. Defined .
1039+
1040+ (** Decide a TLBI instruction affects a given TLB entry *)
1041+ Definition affects (tlbi : TLBI.t) (ctxt : Ctxt.t)
1042+ (te : Entry.t (Ctxt.lvl ctxt)) : Prop :=
1043+ match tlbi with
1044+ | TLBI.All tid => True
1045+ | TLBI.Va tid asid va last =>
1046+ affects_asid asid ctxt te ∧ affects_va va last ctxt te
1047+ | TLBI.Asid tid asid => affects_asid asid ctxt te
1048+ | TLBI.Vaa tid va last => affects_va va last ctxt te
1049+ end .
1050+ Instance Decision_affects (tlbi : TLBI.t) (ctxt : Ctxt.t)
1051+ (te : Entry.t (Ctxt.lvl ctxt)) :
1052+ Decision (affects tlbi ctxt te).
1053+ Proof . unfold_decide. Defined .
1054+
1055+ Definition tlbi_apply (tlbi : TLBI.t) (tlb : t) : t :=
1056+ set vatlb (filter (λ '(existT ctxt te), affects tlbi ctxt te)) tlb.
1057+
1058+ (** Get the TLB state at a timestamp (time_prev + cnt) *)
1059+ Fixpoint at_timestamp_from (ts : TState.t) (mem_init : Memory.initial) (mem : Memory.t)
1060+ (tlb_prev : t)
1061+ (time_prev cnt : nat)
1062+ (va : bv 64)
1063+ (ttbr : reg)
1064+ {struct cnt} : result string t :=
1065+ match cnt with
1066+ | O => mret tlb_prev
1067+ | S ccnt =>
1068+ let time_cur := time_prev + 1 in
1069+ tlb ←
1070+ match mem !! time_cur with
1071+ | Some ev =>
1072+ let tlb_inv :=
1073+ if ev is Ev.Tlbi tlbi then tlbi_apply tlbi tlb_prev else tlb_prev
1074+ in
1075+ update tlb_prev ts mem_init mem time_cur va ttbr
1076+ | None => mret init
1077+ end ;
1078+ at_timestamp_from ts mem_init mem tlb time_cur ccnt va ttbr
1079+ end .
1080+
1081+
1082+ (** Get the TLB state at a timestamp `time` *)
1083+ Definition at_timestamp (ts : TState.t) (mem_init : Memory.initial) (mem : Memory.t)
1084+ (time : nat)
1085+ (va : bv 64)
1086+ (ttbr : reg) : result string t :=
1087+ tlb ← update init ts mem_init mem 0 va ttbr;
1088+ at_timestamp_from ts mem_init mem tlb 0 time va ttbr.
1089+
1090+ Definition is_te_invalidated_by_tlbi
1091+ (tlbi : TLBI.t)
1092+ (tid : nat)
1093+ (ctxt : Ctxt.t)
1094+ (te : Entry.t (Ctxt.lvl ctxt)) : Prop :=
1095+ TLBI.tid tlbi <> tid ∧ (affects tlbi ctxt te).
1096+ Instance Decision_is_te_invalidated_by_tlbi (tlbi : TLBI.t) (tid : nat)
1097+ (ctxt : Ctxt.t) (te : Entry.t (Ctxt.lvl ctxt)) :
1098+ Decision (is_te_invalidated_by_tlbi tlbi tid ctxt te).
1099+ Proof . unfold_decide. Defined .
1100+
1101+ Fixpoint invalidation_time_from_evs (tid : nat)
1102+ (ctxt : Ctxt.t)
1103+ (te : Entry.t (Ctxt.lvl ctxt))
1104+ (evs : list (Ev.t * nat)) : result string nat :=
1105+ match evs with
1106+ | nil => mret 0
1107+ | (ev, t) :: tl =>
1108+ match ev with
1109+ | Ev.Tlbi tlbi =>
1110+ let va := prefix_to_va (Ctxt.va ctxt) in
1111+ if decide (is_te_invalidated_by_tlbi tlbi tid ctxt te) then
1112+ mret t
1113+ else
1114+ invalidation_time_from_evs tid ctxt te tl
1115+ | _ => invalidation_time_from_evs tid ctxt te tl
1116+ end
1117+ end .
1118+
1119+ (** Calculate the earliest future time at which a translation entry is effectively invalidated
1120+ in the TLB due to an TLBI event *)
1121+ Definition invalidation_time (ts : TState.t) (init : Memory.initial) (mem : Memory.t)
1122+ (tid : nat)
1123+ (tlb_base : t) (time_base : nat)
1124+ (ctxt : Ctxt.t)
1125+ (te : Entry.t (Ctxt.lvl ctxt))
1126+ (ttbr : reg) : result string nat :=
1127+ let evs := PromMemory.cut_after_with_timestamps time_base mem in
1128+ invalidation_time_from_evs tid ctxt te evs.
9921129End TLB.
1130+ Export (hints) TLB.
9931131
9941132Module VATLB := TLB.VATLB.
9951133
996- (*** Instruction semantics ** *)
1134+ (** * Instruction semantics ** *)
9971135
9981136(** Intra instruction state for propagating views inside an instruction *)
9991137Module IIS.
0 commit comments