espressif/FreeRTOS
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS.git synced 2025-06-21 07:41:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove or rework assumptions in queue proofs (#603)

Browse Source 
This commit is paired with another to queue.c in the kernel.  To
accomodate changes in newer versions of CBMC, the
--pointer-overflow-check is removed.
This commit is contained in:
Dan Good
2021-06-04 15:42:14 -04:00
committed by GitHub
parent d9ddcc0134
commit b6624fa44d
33 changed files with 57 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
FreeRTOS/Test/CBMC/patches/0005-Remove-volatile-qualifier-from-tasks-variables.patch
View File

@ -44,15 +44,6 @@ diff --git a/FreeRTOS/Source/tasks.c b/FreeRTOS/Source/tasks.c
index c7be57cb2..9f76465d5 100644
--- a/FreeRTOS/Source/tasks.c
+++ b/FreeRTOS/Source/tasks.c
@@ -296,7 +296,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to
#if ( configUSE_NEWLIB_REENTRANT == 1 )
/* Allocate a Newlib reent structure that is specific to this task.
- * Note Newlib support has been included by popular demand, but is not
+ Note Newlib support has been included by popular demand, but is not
* used by the FreeRTOS maintainers themselves. FreeRTOS is not
* responsible for resulting newlib operation. User must be familiar with
* newlib and must provide system-wide implementations of the necessary
@@ -343,8 +343,8 @@ PRIVILEGED_DATA TCB_t * volatile pxCurrentTCB = NULL;
PRIVILEGED_DATA static List_t pxReadyTasksLists[ configMAX_PRIORITIES ]; /*< Prioritised ready tasks. */
PRIVILEGED_DATA static List_t xDelayedTaskList1; /*< Delayed tasks. */

13
FreeRTOS/Test/CBMC/patches/0009-Remove-overflow-asserts-from-xQueueGenericCreate.patch
View File

@ -1,13 +0,0 @@
diff --git a/FreeRTOS/Source/queue.c b/FreeRTOS/Source/queue.c
index b01dfd11f..b219b599a 100644
--- a/FreeRTOS/Source/queue.c
+++ b/FreeRTOS/Source/queue.c
@@ -395,7 +395,7 @@ BaseType_t xQueueGenericReset( QueueHandle_t xQueue,
xQueueSizeInBytes = ( size_t ) ( uxQueueLength * uxItemSize ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */
/* Check for multiplication overflow. */
- configASSERT( ( uxItemSize == 0 ) || ( uxQueueLength == ( xQueueSizeInBytes / uxItemSize ) ) );
+ /* configASSERT( ( uxItemSize == 0 ) || ( uxQueueLength == ( xQueueSizeInBytes / uxItemSize ) ) ); */
/* Check for addition overflow. */
configASSERT( ( sizeof( Queue_t ) + xQueueSizeInBytes ) > xQueueSizeInBytes );

7
FreeRTOS/Test/CBMC/proofs/Makefile.template
View File

@ -138,12 +138,11 @@ report: cbmc.txt property.xml coverage.xml
$(VIEWER) \
--goto $(ENTRY).goto \
--srcdir $(FREERTOS) \
--blddir $(FREERTOS) \
--htmldir html \
--srcexclude "(.@FORWARD_SLASH@Demo)" \
--reportdir html \
--exclude "(.@FORWARD_SLASH@Demo)" \
--result cbmc.txt \
--property property.xml \
--block coverage.xml
--coverage coverage.xml
# This rule depends only on cbmc.txt and has no dependents, so it will
# not block the report from being generated if it fails. This rule is

32
FreeRTOS/Test/CBMC/proofs/MakefileCommon.json
View File

@ -3,18 +3,20 @@
"PROOFS": [ "." ],
"DEF ": [
"_DEBUG",
"__free_rtos__",
"_CONSOLE",
"_WIN32_WINNT=0x0500",
"WINVER=0x400",
"_CRT_SECURE_NO_WARNINGS",
"__PRETTY_FUNCTION__=__FUNCTION__",
"_DEBUG",
"__free_rtos__",
"_CONSOLE",
"_WIN32_WINNT=0x0500",
"WINVER=0x400",
"_CRT_SECURE_NO_WARNINGS",
"__PRETTY_FUNCTION__=__FUNCTION__",
"CBMC",
"'configASSERT(X)=__CPROVER_assert(X,\"Assertion Error\")'",
"'configPRECONDITION(X)=__CPROVER_assume(X)'",
"'_static='",
"'_volatile='"
"'configASSERT(X)='",
"'configPRECONDITION(X)=__CPROVER_assume(X)'",
"'_static='",
"'_volatile='",
"QUEUE_LENGTH=15",
"QUEUE_ITEM_SIZE=990"
],
"INC ": [
@ -31,10 +33,10 @@
],
"CBMCFLAGS ": [
"--object-bits 7",
"--32",
"--bounds-check",
"--pointer-check"
"--object-bits 7",
"--32",
"--bounds-check",
"--pointer-check"
],
"FORWARD_SLASH": ["/"],

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateCountingSemaphore/Makefile.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [

7
FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateCountingSemaphore/QueueCreateCountingSemaphore_harness.c
View File

@ -32,13 +32,10 @@
#include "cbmc.h"
void harness(){
void harness()
{
UBaseType_t uxMaxCount;
UBaseType_t uxInitialCount;
__CPROVER_assume(uxMaxCount != 0);
__CPROVER_assume(uxInitialCount <= uxMaxCount);
xQueueCreateCountingSemaphore( uxMaxCount, uxInitialCount );
}

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateCountingSemaphoreStatic/Makefile.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [

11
FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateCountingSemaphoreStatic/QueueCreateCountingSemaphoreStatic_harness.c
View File

@ -31,15 +31,12 @@
#include "cbmc.h"
void harness(){
void harness()
{
UBaseType_t uxMaxCount;
UBaseType_t uxInitialCount;
StaticQueue_t * pxStaticQueue = ( StaticQueue_t * ) pvPortMalloc( sizeof( StaticQueue_t ) );
//xStaticQueue is required to be not null
StaticQueue_t xStaticQueue;
//Checked invariant
__CPROVER_assume(uxMaxCount != 0);
__CPROVER_assume(uxInitialCount <= uxMaxCount);
xQueueCreateCountingSemaphoreStatic( uxMaxCount, uxInitialCount, &xStaticQueue );
xQueueCreateCountingSemaphoreStatic( uxMaxCount, uxInitialCount, pxStaticQueue );
}

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateMutex/Makefile.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateMutexStatic/Makefile.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [

9
FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateMutexStatic/QueueCreateMutexStatic_harness.c
View File

@ -31,11 +31,10 @@
#include "cbmc.h"
void harness(){
void harness()
{
uint8_t ucQueueType;
StaticQueue_t * pxStaticQueue = ( StaticQueue_t * ) pvPortMalloc( sizeof( StaticQueue_t ) );
//The mutex storage is assumed to be not null.
StaticQueue_t xStaticQueue;
xQueueCreateMutexStatic( ucQueueType, &xStaticQueue );
xQueueCreateMutexStatic( ucQueueType, pxStaticQueue );
}

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericCreate/Configurations.json
View File

@ -38,7 +38,6 @@
[
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],

21
FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericCreate/QueueGenericCreate_harness.c
View File

@ -32,19 +32,14 @@
#include "cbmc.h"
void harness(){
UBaseType_t uxQueueLength;
UBaseType_t uxItemSize;
uint8_t ucQueueType;
void harness()
{
UBaseType_t uxQueueLength;
UBaseType_t uxItemSize;
uint8_t ucQueueType;
size_t uxQueueStorageSize;
__CPROVER_assume(uxQueueStorageSize < (UINT32_MAX>>8));
/* Allow CBMC to run in a reasonable amount of time. */
__CPROVER_assume( ( uxQueueLength == QUEUE_LENGTH ) || ( uxItemSize == QUEUE_ITEM_SIZE ) );
// QueueGenericCreate does not check for multiplication overflow
__CPROVER_assume(uxItemSize < uxQueueStorageSize/uxQueueLength);
// QueueGenericCreate asserts positive queue length
__CPROVER_assume(uxQueueLength > ( UBaseType_t ) 0);
xQueueGenericCreate( uxQueueLength, uxItemSize, ucQueueType );
xQueueGenericCreate( uxQueueLength, uxItemSize, ucQueueType );
}

9
FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericCreateStatic/Configurations.json
View File

@ -37,7 +37,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
@ -48,8 +47,8 @@
"DEF": [
{
"QeueuGenericCreateStatic_DynamicAllocation": [
"CBMC_OBJECT_BITS={CBMC_OBJECT_BITS}",
"CBMC_OBJECT_MAX_SIZE={CBMC_OBJECT_MAX_SIZE}",
"CBMC_OBJECT_BITS={CBMC_OBJECT_BITS}",
"CBMC_OBJECT_MAX_SIZE={CBMC_OBJECT_MAX_SIZE}",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configSUPPORT_STATIC_ALLOCATION=1",
@ -58,8 +57,8 @@
},
{
"QeueuGenericCreateStatic_NoDynamicAllocation": [
"CBMC_OBJECT_BITS={CBMC_OBJECT_BITS}",
"CBMC_OBJECT_MAX_SIZE={CBMC_OBJECT_MAX_SIZE}",
"CBMC_OBJECT_BITS={CBMC_OBJECT_BITS}",
"CBMC_OBJECT_MAX_SIZE={CBMC_OBJECT_MAX_SIZE}",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configSUPPORT_STATIC_ALLOCATION=1",

28
FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericCreateStatic/QueueGenericCreateStatic_harness.c
View File

@ -31,32 +31,22 @@
#include "queue_datastructure.h"
#include "cbmc.h"
void harness(){
void harness()
{
UBaseType_t uxQueueLength;
UBaseType_t uxItemSize;
size_t uxQueueStorageSize;
uint8_t *pucQueueStorage = (uint8_t *) pvPortMalloc(uxQueueStorageSize);
StaticQueue_t *pxStaticQueue =
(StaticQueue_t *) pvPortMalloc(sizeof(StaticQueue_t));
uint8_t ucQueueType;
size_t storageSize;
__CPROVER_assume(uxQueueStorageSize < (UINT32_MAX>>8));
/* Allow CBMC to run in a reasonable amount of time. */
__CPROVER_assume( ( uxQueueLength == QUEUE_LENGTH ) || ( uxItemSize == QUEUE_ITEM_SIZE ) );
// QueueGenericReset does not check for multiplication overflow
__CPROVER_assume(uxItemSize < uxQueueStorageSize/uxQueueLength);
/* Prevent overflow in this harness. */
__CPROVER_assume( ( uxQueueLength > 0 ) && ( ( storageSize / uxQueueLength ) == uxItemSize ) );
// QueueGenericCreateStatic asserts positive queue length
__CPROVER_assume(uxQueueLength > ( UBaseType_t ) 0);
uint8_t * pucQueueStorage = ( uint8_t * ) pvPortMalloc( storageSize );
// QueueGenericCreateStatic asserts the following equivalence
__CPROVER_assume( ( pucQueueStorage && uxItemSize ) ||
( !pucQueueStorage && !uxItemSize ) );
// QueueGenericCreateStatic asserts nonnull pointer
__CPROVER_assume(pxStaticQueue);
StaticQueue_t * pxStaticQueue = ( StaticQueue_t * ) pvPortMalloc( sizeof( StaticQueue_t ) );
xQueueGenericCreateStatic( uxQueueLength, uxItemSize, pucQueueStorage, pxStaticQueue, ucQueueType );
}

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericReset/Makefile.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [

13
FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericReset/QueueGenericReset_harness.c
View File

@ -34,12 +34,11 @@
struct QueueDefinition;
void harness() {
BaseType_t xNewQueue;
void harness()
{
BaseType_t xNewQueue;
QueueHandle_t xQueue = xUnconstrainedQueue();
if(xQueue != NULL)
{
xQueueGenericReset(xQueue, xNewQueue);
}
QueueHandle_t xQueue = xUnconstrainedQueue();
xQueueGenericReset( xQueue, xNewQueue );
}

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericSend/Configurations.json
View File

@ -33,7 +33,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check",
"--unwindset xQueueGenericSend.0:{QUEUE_SEND_BOUND},prvUnlockQueue.0:{LOCK_BOUND},prvUnlockQueue.1:{LOCK_BOUND}",
"--nondet-static"

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericSendFromISR/Configurations.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check",
"--nondet-static"
],

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueGetMutexHolder/Makefile.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueGetMutexHolderFromISR/Makefile.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueGiveFromISR/Configurations.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check",
"--nondet-static"
],

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueGiveMutexRecursive/Makefile.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueMessagesWaiting/Makefile.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [

1
FreeRTOS/Test/CBMC/proofs/Queue/QueuePeek/Makefile.json
View File

@ -33,7 +33,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check",
"--unwindset prvUnlockQueue.0:{LOCK_BOUND},prvUnlockQueue.1:{LOCK_BOUND},xQueuePeek.0:{QUEUE_PEEK_BOUND}",
"--nondet-static"

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueReceive/Makefile.json
View File

@ -33,7 +33,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check",
"--unwindset xQueueReceive.0:{QUEUE_RECEIVE_BOUND},prvUnlockQueue.0:{LOCK_BOUND},prvUnlockQueue.1:{LOCK_BOUND}",
"--nondet-static"

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueReceiveFromISR/Makefile.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueSemaphoreTake/Makefile.json
View File

@ -35,7 +35,6 @@
"CBMCFLAGS": [
"--unwind 2",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check",
"--nondet-static",
"--unwindset prvUnlockQueue.0:{QUEUE_BOUND},prvUnlockQueue.1:{QUEUE_BOUND},xQueueSemaphoreTake.0:3"

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueSpacesAvailable/Makefile.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [

1
FreeRTOS/Test/CBMC/proofs/Queue/QueueTakeMutexRecursive/Makefile.json
View File

@ -38,7 +38,6 @@
"--unwind {QueueSemaphoreTake_BOUND}",
"--unwindset prvUnlockQueue.0:{PRV_UNLOCK_UNWINDING_BOUND},prvUnlockQueue.1:{PRV_UNLOCK_UNWINDING_BOUND}",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [

1
FreeRTOS/Test/CBMC/proofs/Queue/prvCopyDataToQueue/Configurations.json
View File

@ -31,7 +31,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [

1
FreeRTOS/Test/CBMC/proofs/Queue/prvNotifyQueueSetContainer/Configurations.json
View File

@ -32,7 +32,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check",
"--unwindset prvUnlockQueue.0:{LOCK_BOUND},prvUnlockQueue.1:{LOCK_BOUND}"
],

1
FreeRTOS/Test/CBMC/proofs/Queue/prvUnlockQueue/Configurations.json
View File

@ -32,7 +32,6 @@
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--pointer-overflow-check",
"--unsigned-overflow-check",
"--unwindset prvUnlockQueue.0:{LOCK_BOUND},prvUnlockQueue.1:{LOCK_BOUND}"
],