Proofs for translating memory instructions between different CPU architectures, written in Agda. For the paper "Risotto: A Dynamic Binary Translator for Weak Memory Model Architectures"
- Install Agda (v.2.6.2) with its standard library
- Make sure Agda can find the standard library (see the
~/.agda/librariesand~/.agda/defaultsfiles in the installation instructions)
⚠️ The proofs were developed with standard library version 1.7.1. Other versions may be incompatible.
There are multiple ways of type-checking the proofs; Two are listed below.
The easiest way of checking the proofs is through a terminal.
- Run
agda src/Main.agda --safe.
Once a proof type-checks, it's correct. Also check the "Code Navigation" section below to understand what it is proving.
Another way of checking the proofs is with the agda-mode in Emacs.
- Install Emacs
- Install
agda-modeas described in Agda's install instructions (above). - Load an
.agdafile in Emacs, and pressC-c C-lto type-check the file.
If a proof type-checks, it's correct. Also check the "Code Navigation" section below to understand what it is proving.
The proofs consists of several parts (in src/):
Main.agda- Links to all proofsArch/- Memory model specifications for architecturesGeneral/- A general specification of an execution in the axiomatic model. This is instantiated by the individual architectures (below).Armv8.agda- The "Armed Cats" Armv8 model, with our proposed changeX86.agda- The X86 modelTCG.agda- Our TCG model
Map*to*.agda- The specification of mapping executions between architecturesTransform*.agda- The specificaton of elimination and reordering transformations on TCGProof/- Contains all the proofs (also referenced byMain.agda)Framework.agda- A general framework for memory model proofsMapping/- The mapping proofs between architecturesFramework.agda- A framework for architecture-mapping proofs. Extends the general framework
Elimination/- Elimination proofsReorder/- Reordering proofs