--- /dev/null
+#!/bin/bash -
+
+source functions
+
+# Title.
+export title="qemu"
+
+# History.
+remember 'wc -l util/*.c | sort -nr | tail -20'
+remember 'ls -l util/range.c include/qemu/range.h'
+
+pushd ~/d/qemu >/dev/null
+terminal
+popd >/dev/null
--- /dev/null
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+<link rel="stylesheet" href="style.css" type="text/css"/>
+<script src="code.js" type="text/javascript"></script>
+
+<h1>Range type</h1>
+
+<pre class="code">
+<span class="comment">/*
+ * Operations on 64 bit address ranges.
+ * Notes:
+ * - Ranges must not wrap around 0, but can include UINT64_MAX.
+ */</span>
+struct Range {
+ <span class="comment">/*
+ * Do not access members directly, use the functions!
+ * A non-empty range has @lob <= @upb.
+ * An empty range has @lob == @upb + 1.
+ */</span>
+ uint64_t lob; <span class="comment">/* inclusive lower bound */</span>
+ uint64_t upb; <span class="comment">/* inclusive upper bound */</span>
+};
+typedef struct Range Range;
+</pre>
+
+<pre>
+┌─────┬─────────┬──────── ── ── ──
+│ │ │
+└─────┴─────────┴──────── ── ── ──
+ ↑ ↑
+ lob upb
+</pre>
--- /dev/null
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+<link rel="stylesheet" href="style.css" type="text/css"/>
+<script src="code.js" type="text/javascript"></script>
+
+<h1>Range predicates</h1>
+
+<pre class="code">
+ <span class="comment">/*
+ * Do not access members directly, use the functions!
+ * A non-empty range has @lob <= @upb.
+ * An empty range has @lob == @upb + 1.
+ */</span>
+</pre>
+
+<pre class="code">
+ /*@
+ predicate valid_range(struct Range range) =
+ range.lob <= range.upb + 1;
+
+ predicate empty_range(struct Range range) =
+ range.lob == range.upb + 1;
+ */
+</pre>
--- /dev/null
+#!/bin/bash -
+
+source functions
+
+# Title.
+export title="qemu"
+
+# History.
+remember 'cat snippets/range_is_empty.c'
+remember 'frama-c -wp -wp-rte snippets/range_is_empty.c'
+
+terminal
- I'm using structs directly from the C code.
- - The comments in the upstream code translate into predicates.
+ - The upstream comments translate into machine-checkable code.
The first upstream function is:
and using the predicates we can write a specification:
- $ less snippets/range_is_empty.c
+ $ cat snippets/range_is_empty.c
And we can compile and prove that:
# Clean up after previous run.
talkdir=$PWD ./restore
+# Check environment.
+if ! test -d ~/d/qemu ; then
+ echo "\$HOME/d/qemu must exist"
+ exit 1
+fi
+
# Precreate any files necessary.
#(nothing)
# Run techtalk.
-techtalk-pse
-#~/d/techtalk-pse/techtalk-pse
+techtalk-pse "$@"
+#~/d/techtalk-pse/techtalk-pse "$@"
code {
color: rgb(238,0,0);
}
+span.comment {
+ color: rgb(238,0,0);
+}
/* Bullet points */
li {
git.annexia.org / libguestfs-talks.git / commitdiff