From: Matias Ezequiel Vara Larsen <mvaralar@redhat.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: qemu-devel <qemu-devel@nongnu.org>, kvm <kvm@vger.kernel.org>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>,
"Pierrick Bouvier" <pierrick.bouvier@linaro.org>,
"Alex Bennee" <alex.bennee@linaro.org>,
"Akihiko Odaki" <akihiko.odaki@gmail.com>,
"Zhao Liu" <zhao1.liu@intel.com>,
"Bibo Mao" <maobibo@loongson.cn>,
"Jamin Lin" <jamin_lin@aspeedtech.com>,
"Cédric Le Goater" <clg@redhat.com>,
"Fabiano Rosas" <farosas@suse.de>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Eugenio Pérez" <eperezma@redhat.com>,
"Hanna Reitz" <hreitz@redhat.com>,
felisous@amazon.com, "Stefano Garzarella" <sgarzare@redhat.com>
Subject: Re: Call for GSoC internship project ideas
Date: Fri, 7 Feb 2025 14:57:42 +0100 [thread overview]
Message-ID: <Z6YRVrkEW87Jh6bV@fedora> (raw)
In-Reply-To: <CAJSP0QXHG8Vj1EomaRRTfQWykR=9mWQ3SDWn0pCG-b_8rJuKcg@mail.gmail.com>
On Thu, Feb 06, 2025 at 10:02:43AM -0500, Stefan Hajnoczi wrote:
> On Thu, Feb 6, 2025 at 4:34 AM Matias Ezequiel Vara Larsen
> <mvaralar@redhat.com> wrote:
> > === Adding Kani proofs for Virtqueues in Rust-vmm ===
> >
> > '''Summary:''' Verify conformance of the virtqueue implementation in
> > rust-vmm to the VirtIO specification.
> >
> > In the rust-vmm project, devices rely on the virtqueue implementation
> > provided by the `vm-virtio` crate. This implementation is based on the
> > VirtIO specification, which defines the behavior and requirements for
> > virtqueues. To ensure that the implementation meets these
> > specifications, we have been relying on unit tests that check the output
> > of the code given specific inputs.
> >
> > However, writing unit tests can be incomplete, as it's challenging to
> > cover all possible scenarios and edge cases. During this internship, we
> > propose a more comprehensive approach: using Kani proofs to verify that
> > the virtqueue implementation conforms to the VirtIO specification.
> >
> > Kani allows us to write exhaustive checks for all possible values, going
> > beyond what unit tests can achieve. By writing Kani proofs, we can
> > confirm that our implementation meets the requirements of the VirtIO
> > specification. If a proof passes, it provides strong evidence that the
> > virtqueue implementation is correct and conformant.
> >
> > During the internship, we propose the following tasks:
> > - Get familiar with Kani proofs written for Firecraker
> > - Finish current PR that adds a proof for the notification suppression
> > mechanism (see [2])
> > - Port add_used() proof (see [5])
> > - Port verify_prepare_kick() proof (see [6])
>
> add_used(), verify_prepare_kick(), and notification suppression are
> explicitly named. Firecracker's queue.rs has proofs for a number of
> other proofs as well. Would it be possible to work on them if there is
> time remaining, or is there a reason why only the proofs you mentioned
> can be ported?
>
I though that those three proofs were the more interesting. I think we
can cover all the proofs in queue.rs during the internship.
Matias
next prev parent reply other threads:[~2025-02-07 13:57 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-28 16:16 Call for GSoC internship project ideas Stefan Hajnoczi
2025-01-29 17:44 ` Stefano Garzarella
2025-02-03 1:42 ` Jamin Lin
2025-02-10 14:55 ` Stefano Garzarella
2025-02-10 15:54 ` Stefan Hajnoczi
2025-02-06 9:34 ` Matias Ezequiel Vara Larsen
2025-02-06 15:02 ` Stefan Hajnoczi
2025-02-07 13:57 ` Matias Ezequiel Vara Larsen [this message]
2025-02-06 15:10 ` Stefan Hajnoczi
2025-02-07 13:58 ` Matias Ezequiel Vara Larsen
2025-02-07 12:35 ` Hanna Czenczek
2025-02-07 13:41 ` Stefan Hajnoczi
2025-02-07 13:48 ` Hanna Czenczek
2025-02-07 13:53 ` Stefan Hajnoczi
2025-02-07 14:39 ` Helge Deller
2025-02-07 14:47 ` Stefan Hajnoczi
2025-02-07 15:34 ` Helge Deller
2025-02-07 16:01 ` Stefan Hajnoczi
-- strict thread matches above, loose matches on Subject: below --
2026-01-05 21:47 Stefan Hajnoczi
2026-01-13 15:29 ` Peter Xu
2026-01-13 16:16 ` Stefan Hajnoczi
2026-01-13 16:30 ` Peter Xu
2026-01-14 10:16 ` Marco Cavenati
2026-01-14 14:48 ` Peter Xu
2026-01-15 17:13 ` Marco Cavenati
2026-03-14 19:47 ` Junjie Cao
2026-03-16 15:17 ` Peter Xu
2026-01-14 18:00 ` Marc-André Lureau
2026-01-14 19:26 ` Stefan Hajnoczi
2026-01-20 21:42 ` Stefan Hajnoczi
2026-01-20 21:50 ` Daniel P. Berrangé
2026-01-22 10:49 ` Thomas Huth
2026-01-22 10:14 ` Daniel P. Berrangé
2026-01-22 10:22 ` Marc-André Lureau
2026-01-22 10:39 ` Daniel P. Berrangé
2026-01-22 10:54 ` Peter Maydell
2026-01-22 10:57 ` Daniel P. Berrangé
2026-01-22 11:28 ` Marc-André Lureau
2026-01-22 11:40 ` Daniel P. Berrangé
2026-01-22 12:02 ` Alex Bennée
2026-01-22 15:46 ` Pierrick Bouvier
2026-01-23 8:44 ` Marc-André Lureau
2026-01-23 15:56 ` Pierrick Bouvier
2026-01-26 22:29 ` Stefan Hajnoczi
2026-01-27 8:06 ` Helge Deller
2026-01-27 14:18 ` Stefan Hajnoczi
2026-02-10 17:45 ` Helge Deller
2026-02-10 18:23 ` Stefan Hajnoczi
2026-02-10 20:43 ` Helge Deller
2026-02-15 18:25 ` Helge Deller
2026-02-15 20:31 ` Stefan Hajnoczi
2026-02-16 2:21 ` Helge Deller
2026-01-27 8:34 ` Stefano Garzarella
2026-01-27 14:19 ` Stefan Hajnoczi
2026-01-22 10:43 ` Thomas Huth
2026-01-22 10:48 ` Daniel P. Berrangé
2026-01-22 11:05 ` Thomas Huth
2026-01-22 11:24 ` Daniel P. Berrangé
2026-01-22 11:58 ` Alex Bennée
2026-01-22 19:14 ` Stefan Hajnoczi
2026-01-22 11:55 ` Alex Bennée
2026-01-20 22:00 ` John Levon
2026-01-20 21:44 ` Stefan Hajnoczi
2026-01-27 9:27 ` Matias Ezequiel Vara Larsen
2026-01-27 14:15 ` Stefan Hajnoczi
2026-02-23 16:18 Arun Krishna K
2026-02-23 19:18 ` Stefan Hajnoczi
2026-02-23 23:26 ` Warner Losh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z6YRVrkEW87Jh6bV@fedora \
--to=mvaralar@redhat.com \
--cc=akihiko.odaki@gmail.com \
--cc=alex.bennee@linaro.org \
--cc=berrange@redhat.com \
--cc=clg@redhat.com \
--cc=eperezma@redhat.com \
--cc=farosas@suse.de \
--cc=felisous@amazon.com \
--cc=hreitz@redhat.com \
--cc=jamin_lin@aspeedtech.com \
--cc=kvm@vger.kernel.org \
--cc=maobibo@loongson.cn \
--cc=palmer@dabbelt.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=sgarzare@redhat.com \
--cc=stefanha@gmail.com \
--cc=thuth@redhat.com \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.