(separate-mapped-mem r-w-x-1 n-1 lin-addr-1 r-w-x-2 n-2 lin-addr-2 x86) → separatep
Two memory regions are truly separate if:
Note that this predicate ignores whether the translation of the memory regions results in an error.
Function:
(defun separate-mapped-mem (r-w-x-1 n-1 lin-addr-1 r-w-x-2 n-2 lin-addr-2 x86) (declare (xargs :stobjs (x86))) (declare (type (member :r :w :x) r-w-x-1) (type (member :r :w :x) r-w-x-2)) (declare (xargs :guard (and (posp n-1) (canonical-address-p lin-addr-1) (posp n-2) (canonical-address-p lin-addr-2)))) (declare (xargs :non-executable t :guard (and (not (app-view x86)) (canonical-address-p (+ -1 n-1 lin-addr-1)) (canonical-address-p (+ -1 n-2 lin-addr-2))))) (prog2$ (acl2::throw-nonexec-error 'separate-mapped-mem (list r-w-x-1 n-1 lin-addr-1 r-w-x-2 n-2 lin-addr-2 x86)) (let ((__function__ 'separate-mapped-mem)) (declare (ignorable __function__)) (and (separate r-w-x-1 n-1 lin-addr-1 r-w-x-2 n-2 lin-addr-2) (b* (((mv ?r-1-err r-1-paddrs) (las-to-pas n-1 lin-addr-1 r-w-x-1 x86)) ((mv ?r-2-err r-2-paddrs) (las-to-pas n-2 lin-addr-2 r-w-x-2 x86))) (and (disjoint-p r-1-paddrs r-2-paddrs)))))))
Theorem:
(defthm booleanp-of-separate-mapped-mem (b* ((separatep (separate-mapped-mem r-w-x-1 n-1 lin-addr-1 r-w-x-2 n-2 lin-addr-2 x86))) (booleanp separatep)) :rule-classes :type-prescription)
Theorem:
(defthm separate-mapped-mem-is-commutative (implies (separate-mapped-mem r-w-x-1 n-1 a-1 r-w-x-2 n-2 a-2 x86) (separate-mapped-mem r-w-x-2 n-2 a-2 r-w-x-1 n-1 a-1 x86)))