doc: Improve documentation in verify

Signed-off-by: Diogo Behrens <[email protected]>

Author: db7

verify/README.md

@@ -1,33 +1,70 @@
 # Builtin Atomics Verification
 
-## Prerequisites
+`vatomic` ships a Boogie-based pipeline that checks each atomic primitive
+against the VSync Memory Model. This directory contains the scripts and
+templates that power the `build_boogie_*` targets exposed by CMake.
 
-To run the verification scripts, one needs to have *Ruby*, *Rust*, *Boogie* and *Z3* installations. To run the verification with parallelism, the `parallel` gem is also needed and can be installed by 
-```
-    gem install parallel
-```
+## Dependencies
 
-## Generating the assembly file
+The verification targets are available when configuring the project with
+`VATOMIC_DEV=ON` (the default for top-level builds). Locally you will need:
 
-The assembly file with the builtin atomics can be generated by: 
+- CMake (>= 3.16) and a build backend (Ninja or Make)
+- A Rust toolchain (`cargo`) to build the assembly parser/generator in
+  `verify/src`
+- Boogie CLI (`boogie`) and its SMT solver dependency (Z3)
+- Cross compilers: `aarch64-linux-gnu-gcc` (ARMv8) and
+  `riscv64-linux-gnu-gcc` (RISC-V)
 
-```
-    aarch64-linux-gnu-gcc -DVATOMIC_BUILTINS -O2 -x c include/vsync/atomic.h -Iinclude -fkeep-inline-functions -S -mno-outline-atomics -o atomics.s
-```
- The `atomics.s` file should be located in the `armv8` subfolder
+> Tip: CI uses the container image `ghcr.io/open-s4c/vatomic/boogie-ci:latest`,
+> which bundles all of the above. You can pull it locally if you prefer a
+> hermetic environment.
 
- ## Running the verification
+## Running the verification suite
 
- To start the verification for the builtin armv8 atomics, you need a list of functions that should be checked. You can find the lists organized by prefixes in the `lists` subfolder. 
+1. Configure the project and enable developer targets:
 
- The verification for a specific `list.txt` can be started by: 
+   ```sh
+   cmake -S . -B build -DVATOMIC_DEV=ON
+   ```
 
- ```
-    ruby verify_all.rb -a armv8 -s list.txt
- ```
+2. Build one (or all) Boogie targets. Available options are `lse`, `llsc`,
+   `lxe`, and `no_polite_await`.
 
-A specific function `func` can be verified by (git specifying that the boogie files should be generated in `output_folder`):
+   ```sh
+   cmake --build build --target build_boogie_lse
+   ```
 
-```
-    ruby verify_all.rb -a armv8 -f func -o output_folder
-```
+   Each target:
+
+   - Preprocesses `vsync/atomic.h` with the chosen compiler flags to obtain
+     `atomic.s` (and optionally sanitises it via `cleaner.sh`).
+   - Runs the Rust generator (`cargo run` via `generate.sh`) to parse the
+     assembly and emit Boogie (`.bpl`) files.
+   - Instantiates the templates under `verify/boogie/templates`.
+   - Executes Boogie to prove each atomic operation (driven by `verify.sh`).
+
+3. Inspect results via CTest or directly in the generated logs:
+
+   ```sh
+   ctest --test-dir build/verify -R lse --output-on-failure
+   # Logs: build/verify/lse/*.log
+   ```
+
+## Customising the toolchain
+
+- Pass `-DARMV8_CMAKE_C_COMPILER=/path/to/aarch64-linux-gnu-gcc` or
+  `-DRISCV_CMAKE_C_COMPILER=/path/to/riscv64-linux-gnu-gcc` to override the
+  default cross compilers.
+- Set `BPL`/`Z3_EXE` or adjust `PATH` so Boogie and Z3 are discoverable.
+- Export `CARGO` to point at a specific `cargo` binary when multiple toolchains
+  coexist on the system.
+
+## Maintaining the function list
+
+The list of verified entry points lives in `atomics_list.txt`. When adding new
+atomic primitives, make sure to update that file so the verification targets
+cover the new functions. See [boogie/templates/README.md][] for details about
+the available templates and how they correspond to atomic behaviour.
+
+[boogie/templates/README.md]: boogie/templates/README.md

verify/boogie/templates/BoogieTemplate.md

@@ -0,0 +1,66 @@
+# Boogie Template
+
+## Overview
+
+Each .bpl of the following is a template describing some aspects of correctness
+of different atomics.  For each atomic, one or more of these templates need
+to be used to fully specify the correctness.  The templates are:
+
+- `read_only` -- describes atomics that never write, eg, `read`, `await`
+  (non-RMW)
+- `read` -- describes atomics that perform a read, eg, `RMW`, `read`, `await`,
+  `await-RMW`
+- `write` -- describes `write` atomics
+- `await` -- describes `await` and `await-RMW` atomics
+- `rmw` -- describes atomics performing a read-modify-write operation, eg, `RMW`
+  and `await-RMW`
+
+## Templating
+
+Each template uses one or more of the following parameters, written as `#NAME`:
+
+- `#registers` -- comma seperated sequence of identifiers specifying all
+  registers used in the function, eg, `a0, a1, a2, x5, x6`.
+- `#address` -- identifier specifiying register that originally holds the
+  address, eg, `a0`.
+- `#input1` -- identifier for register holding first function argument, eg, for
+  `write(a, v)` the value of `v`, or for `cmpxchg(a, e, v)` the value of  `e`.
+  Could be `a1`.
+- `#input2` -- second function argument. Could be `a2`.
+- `#output` -- register holding the output value at the end of the function,
+  eg, `a0`.
+- `#implementation` -- body of the function, including: assumes for all
+  procedure parameters, code, 2 basic loop invariants.
+- `#state` -- comma seperated list of identifiers for all additional state
+  introduced by the architecture, eg, `local_monitor, monitor_exclusive`
+
+## Example
+
+For an example, see `test.bpl` which contains instantiation of two templates
+(`read`, `rmw`) for one RMW atomic (`add_set`).
+
+## Templates
+
+List of templates and their functions:
+
+| template     | write number | return value | store order | load order |
+|--------------|--------------|--------------|-------------|------------|
+| `read_only`  |  0           |   output     |  -          | -          |
+| `read`       |  -           |   ret        |  -          | yes        |
+| `write`      |  <=1         |   -          |  yes        | -          |
+| `await`      |  -           |   await cond |  -          | -          |
+| `must_store` |  1 (+value)  |   -          |  yes        | -          |
+| `rmw`        |  (+op)       |   -          |  yes        | -          |
+
+List of templates used by each atomic:
+
+| template     | read | write | RMW | await | await RMW |
+|--------------|------|-------|-----|-------|-----------|
+| `read_only`  | x    |       |     | x     |           |
+| `read`       | x    |       |  x  | x     | x         |
+| `write`      |      | x     |  x  |       | x         |
+| `await`      |      |       |     | x     | x         |
+| `must_store` |      | x     |     |       |           |
+| `rmw`        |      |       |  x  |       | x         |
+
+