Skip to content

Commit 08630ad

Browse files
priyasiddharthstefano-garzarella
priyasiddharth
authored and
stefano-garzarella
committed
virtio-queue: add doc for unit proof verify_2_7_7_2
Signed-off-by: Siddharth Priya <[email protected]>
1 parent b2fbade commit 08630ad

File tree

1 file changed

+14
-11
lines changed

1 file changed

+14
-11
lines changed

virtio-queue/src/queue/verification.rs

Lines changed: 14 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -459,19 +459,22 @@ impl kani::Arbitrary for ProofContext {
459459
}
460460
}
461461

462+
/// # Specification (VirtIO 1.3, Section 2.7.7.2: "Device Requirements: Used Buffer Notification Suppression")
463+
///
464+
/// Section 2.7.7.2 deals with device-to-driver notification suppression. It
465+
/// describes a mechanism by which the driver can tell the device that it does
466+
/// not want notifications (IRQs) about the device finishing processing
467+
/// individual buffers (descriptor chain heads) from the avail ring until a
468+
/// specific number of descriptors has been processed. This is done by the
469+
/// driver defining a "used_event" index, which tells the device "please do not
470+
/// notify me until used.ring[used_event] has been written to by you".
462471
#[kani::proof]
463-
// There are no loops anywhere, but kani really enjoys getting stuck in std::ptr::drop_in_place.
464-
// This is a compiler intrinsic that has a "dummy" implementation in stdlib that just
465-
// recursively calls itself. Kani will generally unwind this recursion infinitely.
472+
// There are no loops anywhere, but kani really enjoys getting stuck in
473+
// std::ptr::drop_in_place. This is a compiler intrinsic that has a "dummy"
474+
// implementation in stdlib that just recursively calls itself. Kani will
475+
// generally unwind this recursion infinitely.
466476
#[kani::unwind(0)]
467-
fn verify_spec_2_7_7_2() {
468-
// Section 2.7.7.2 deals with device-to-driver notification suppression.
469-
// It describes a mechanism by which the driver can tell the device that it does not
470-
// want notifications (IRQs) about the device finishing processing individual buffers
471-
// (descriptor chain heads) from the avail ring until a specific number of descriptors
472-
// has been processed. This is done by the driver
473-
// defining a "used_event" index, which tells the device "please do not notify me until
474-
// used.ring[used_event] has been written to by you".
477+
fn verify_device_notification_suppression() {
475478
let ProofContext {
476479
mut queue,
477480
memory: mem,

0 commit comments

Comments
 (0)