Skip to content

Commit

Permalink
tool: enforce the protected procedure priorities
Browse files Browse the repository at this point in the history
As per the Microkit manual,

> A protected call is only possible if the callee has strictly higher
> priority than the caller.

Due to the change to specify `pp="true"` in the SDF in the previous
commit, we can now verify that the priority invariant holds true,
instead of it being possible to create a system with this behaviour.

Signed-off-by: julia <[email protected]>
  • Loading branch information
midnightveil authored and Ivan-Velickovic committed Oct 23, 2024
1 parent 17fc1d8 commit bac4efb
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 0 deletions.
12 changes: 12 additions & 0 deletions tool/microkit/src/sdf.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1195,6 +1195,18 @@ pub fn parse(filename: &str, xml: &str, config: &Config) -> Result<SystemDescrip
));
}

let pd_a = &pds[ch.end_a.pd];
let pd_b = &pds[ch.end_b.pd];
if ch.end_a.pp && pd_a.priority >= pd_b.priority {
// a can ppcall => priority(a) < priority(b)
return Err(format!("Error: PPCs must be to protection domains of strictly higher priorities; you did from pd {} (priority: {}) to pd {} (priority: {})",
pd_a.name, pd_a.priority, pd_b.name, pd_b.priority));
} else if ch.end_b.pp && pd_b.priority >= pd_a.priority {
// b can ppcall => priority(b) < priority(a)
return Err(format!("Error: PPCs must be to protection domains of strictly higher priorities; you did from pd {} (priority: {}) to pd {} (priority: {})",
pd_b.name, pd_b.priority, pd_a.name, pd_a.priority));
}

ch_ids[ch.end_a.pd].push(ch.end_a.id);
ch_ids[ch.end_b.pd].push(ch.end_b.id);
}
Expand Down
19 changes: 19 additions & 0 deletions tool/microkit/tests/sdf/ch_ppcall_priority.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2024, UNSW.
SPDX-License-Identifier: BSD-2-Clause
-->
<system>
<protection_domain name="test1" priority="2">
<program_image path="test" />
</protection_domain>
<protection_domain name="test2" priority="1">
<program_image path="test" />
</protection_domain>

<channel>
<end pd="test1" id="0" pp="true" />
<end pd="test2" id="0" />
</channel>
</system>
8 changes: 8 additions & 0 deletions tool/microkit/tests/test.rs
Original file line number Diff line number Diff line change
Expand Up @@ -368,6 +368,14 @@ mod channel {
"Error: cannot ppc bidirectionally on element 'channel': ",
)
}

#[test]
fn test_ppcall_priority() {
check_error(
"ch_ppcall_priority.xml",
"Error: PPCs must be to protection domains of strictly higher priorities; you did from pd test1 (priority: 2) to pd test2 (priority: 1)",
)
}
}

#[cfg(test)]
Expand Down

0 comments on commit bac4efb

Please sign in to comment.