-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathExceptions_A.thy
105 lines (82 loc) · 4.34 KB
/
Exceptions_A.thy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
(*
* Copyright 2014, General Dynamics C4 Systems
*
* SPDX-License-Identifier: GPL-2.0-only
*)
(*
Monad instantiations, handling of faults, errors, and interrupts.
*)
chapter "Basic Kernel and Exception Monads"
theory Exceptions_A
imports Deterministic_A
begin
text \<open>This theory contains abbreviations for the monadic types used
in the specification and a number of lifting functions between them.\<close>
text \<open>The basic kernel monad without faults, interrupts, or errors.\<close>
type_synonym ('a,'z) s_monad = "('z state, 'a) nondet_monad"
text \<open>The fault monad: may throw a @{text fault} exception which
will usually be reported to the current thread's fault handler.\<close>
type_synonym ('a,'z) f_monad = "(fault + 'a,'z) s_monad"
term "a::(unit,'a) s_monad"
text \<open>The error monad: may throw a @{text syscall_error} exception
which will usually be reported to the current thread as system call
result.\<close>
type_synonym ('a,'z) se_monad = "(syscall_error + 'a,'z) s_monad"
text \<open>The lookup failure monad: may throw a @{text lookup_failure}
exception. Depending on context it may either be reported directly to
the current thread or to its fault handler.
\<close>
type_synonym ('a,'z) lf_monad = "(lookup_failure + 'a,'z) s_monad"
text \<open>The preemption monad. May throw an interrupt exception.\<close>
type_synonym ('a,'z) p_monad = "(unit + 'a,'z) s_monad"
text \<open>
Printing abbreviations for the above types.
\<close>
translations
(type) "'a s_monad" <= (type) "state \<Rightarrow> (('a \<times> state) \<Rightarrow> bool) \<times> bool"
(type) "'a f_monad" <= (type) "(fault + 'a) s_monad"
(type) "'a se_monad" <= (type) "(syscall_error + 'a) s_monad"
(type) "'a lf_monad" <= (type) "(lookup_failure + 'a) s_monad"
(type) "'a p_monad" <=(type) "(unit + 'a) s_monad"
text \<open>Perform non-preemptible operations within preemptible blocks.\<close>
definition
without_preemption :: "('a,'z::state_ext) s_monad \<Rightarrow> ('a,'z::state_ext) p_monad"
where without_preemption_def[simp]:
"without_preemption \<equiv> liftE"
text \<open>Allow preemption at this point.\<close>
definition
preemption_point :: "(unit,'z::state_ext) p_monad" where
"preemption_point \<equiv> doE liftE $ do_extended_op update_work_units;
OR_choiceE (work_units_limit_reached)
(doE liftE $ do_extended_op reset_work_units;
irq_opt \<leftarrow> liftE $ do_machine_op (getActiveIRQ True);
case_option (returnOk ()) (K (throwError $ ())) irq_opt
odE) (returnOk ())
odE"
text \<open>Lift one kind of exception monad into another by converting the error
into various other kinds of error or return value.\<close>
definition
cap_fault_on_failure :: "obj_ref \<Rightarrow> bool \<Rightarrow> ('a,'z::state_ext) lf_monad \<Rightarrow> ('a,'z::state_ext) f_monad" where
"cap_fault_on_failure cptr rp m \<equiv> handleE' m (throwError \<circ> CapFault cptr rp)"
definition
lookup_error_on_failure :: "bool \<Rightarrow> ('a,'z::state_ext) lf_monad \<Rightarrow> ('a,'z::state_ext) se_monad" where
"lookup_error_on_failure s m \<equiv> handleE' m (throwError \<circ> FailedLookup s)"
definition
null_cap_on_failure :: "(cap,'z::state_ext) lf_monad \<Rightarrow> (cap,'z::state_ext) s_monad" where
"null_cap_on_failure \<equiv> liftM (case_sum (\<lambda>x. NullCap) id)"
definition
unify_failure :: "('f + 'a,'z::state_ext) s_monad \<Rightarrow> (unit + 'a,'z::state_ext) s_monad" where
"unify_failure m \<equiv> handleE' m (\<lambda>x. throwError ())"
definition
empty_on_failure :: "('f + 'a list,'z::state_ext) s_monad \<Rightarrow> ('a list,'z::state_ext) s_monad" where
"empty_on_failure m \<equiv> m <catch> (\<lambda>x. return [])"
definition
const_on_failure :: "'a \<Rightarrow> ('f + 'a,'z::state_ext) s_monad \<Rightarrow> ('a,'z::state_ext) s_monad" where
"const_on_failure c m \<equiv> m <catch> (\<lambda>x. return c)"
text \<open>Checks whether first argument is between second and third (inclusive).\<close>
definition
range_check :: "machine_word \<Rightarrow> machine_word \<Rightarrow> machine_word \<Rightarrow> (unit,'z::state_ext) se_monad"
where
"range_check v min_v max_v \<equiv>
unlessE (v \<ge> min_v \<and> v \<le> max_v) $ throwError $ RangeError min_v max_v"
end