Skip to content

implement Step for PhysAddr and PhysFrame #567

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Freax13 wants to merge 5 commits into
base: master
Choose a base branch
from
Open

implement Step for PhysAddr and PhysFrame #567

Freax13 wants to merge 5 commits into from

Conversation

@Freax13
Copy link
Member

@Freax13 Freax13 commented Nov 15, 2025
edited
Loading

This PR adds Step implementations for PhysAddr and PhysFrame. This PR also adds kani harnesses to prove the correctness of these new implementations and the unsafe code within them.

Closes #212

@Freax13
implement Step for PhysAddr
8d35282
@Freax13
implement Step for PhysFrame
b5caae9
@Freax13
move existing kani harnessses for VirtAddr into module
347d459 
We'll have very similar harnesses for PhysAddr, so let's use a module
to avoid name conflicts.
@Freax13
add kani harnesses for PhysAddr's Step implementation
e928d47 
The Step implementation uses unsafe. The kani harnesses should give us
some confidence that the unsafe code is correct.
@Freax13
add kani harnesses for PhysFrame's Step implementation
4c11e1e 
These harnesses check that PhysFrame behaves like PhysAddr with the
steps scaled by the page size.
@Freax13 Freax13 requested a review from phil-opp November 15, 2025 08:54
@mkroening mkroening mentioned this pull request Nov 15, 2025
Open
@Freax13 Freax13 requested a review from josephlr November 20, 2025 06:43
josephlr
josephlr reviewed Nov 20, 2025
View reviewed changes
Copy link
Contributor

@josephlr josephlr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did a quick look, while nothing seems wrong, there are two things I want to take a closer look at:

  • How the Physical Address stuff interacts with the memory encryption bit. If the C-bit isn't bit 52 (it's usually bit 47), could a valid physical address underflow into an invalid physical address?
  • how the kani::proof stuff works.

@Freax13
Copy link
Member Author

Freax13 commented Nov 20, 2025

  • How the Physical Address stuff interacts with the memory encryption bit. If the C-bit isn't bit 52 (it's usually bit 47), could a valid physical address underflow into an invalid physical address?

No because PhysAddr and PhysFrame are guaranteed not to contain the C-bit/S-bit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@josephlr josephlr josephlr left review comments

@phil-opp phil-opp Awaiting requested review from phil-opp

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement core::iter::Step for PhysFrame and Page

3 participants

@Freax13 @josephlr