You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Test/VeriFast/tasks/vTaskSwitchContext/README.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -349,7 +349,7 @@ For that, `vTaskSwitchContext` calls `prvSelectHighestPriorityTask` which search
349
349
FreeRTOS maintains a global data structure called the "ready lists".
350
350
It is an array `pxReadyTasksLists` with an entry for every priority level that a task might have.
351
351
For every such priority level `p`, `pxReadyTasksLists[p]` stores a cyclic doubly linked list containing all tasks of priority level `p` that are ready to be scheduled, including currently running ones.
352
-
`prvSelectHighestPriorityTask` searches through the these lists in descending order.
352
+
`prvSelectHighestPriorityTask` searches through these lists in descending order.
353
353
That is, in order to verify `vTaskSwitchContext`, we have to reason about the ready lists.
354
354
355
355
@@ -370,7 +370,7 @@ The latter also contains the API proofs.
370
370
371
371
## Comparing the Original List Proofs and Our Adaptation
372
372
As mentioned, we had to heavily adapt the list formalization and proofs to reuse them for the scheduler verification.
373
-
Therefore, both `scp_list_predicates.h` and `scp_list_predicates.h` contain an updated version of the formalization and proofs used by our context-switch proof and the original version by Aalok Thakkar and Nathan Chong.
373
+
Therefore, both `scp_list_predicates.h` and `list.c` contain an updated version of the formalization and proofs used by our context-switch proof and the original version by Aalok Thakkar and Nathan Chong.
374
374
The latter is guarded by a preprocessor define `VERIFAST_SINGLE_CORE`.
375
375
We can compare both versions by preprocessing both files twice: Once with the define `VERIFAST_SINGLE_CORE`, which yields the original version, and once without which gives us the version used by our proofs.
376
376
Afterwards, a diff will show all the adaptations we had to apply.
@@ -456,7 +456,7 @@ While this change seems simple on a first glance, it forced us to adapt all the
456
456
457
457
## Issue 2: Model-induced Complexity
458
458
459
-
The formalization of doubly linked segments induces heavy complexity.
459
+
The formalization of doubly linked list segments induces heavy complexity.
460
460
The problem lies in the fact that `DLS` cannot express empty list segments.
461
461
This leads to complex case distinctions whenever we access list nodes.
462
462
Consequently, our proof becomes very complex and every list access leads to an exponential blow-up of the proof tree.
0 commit comments