RTOS/SDK_STM32F302x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[修改] 增加freeRTOS

Browse Source 
1. 版本FreeRTOSv202212.01,命名为kernel;
This commit is contained in:
gaoyang3513
2023-05-06 16:43:01 +00:00
commit a345df017b
20944 changed files with 11094377 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
kernel/FreeRTOS/Test/CBMC/proofs/.gitignore vendored Normal file
View File

@ -0,0 +1,10 @@
# These files are generated by make_type_header_files.py
*_datastructure.h
Makefile
Makefile.common
cbmc-batch.yaml
**/*.txt
**/*.goto
!CMakeLists.txt

51
kernel/FreeRTOS/Test/CBMC/proofs/CBMCStubLibrary/tasksStubs.c Normal file
View File

@ -0,0 +1,51 @@
#include "FreeRTOS.h"
#include "task.h"
#include "tasksStubs.h"
#ifndef TASK_STUB_COUNTER
#define TASK_STUB_COUNTER 0;
#endif
/* 5 is a magic number, but we need some number here as a default value.
* This value is used to bound any loop depending on xTaskCheckForTimeOut
* as a loop bound. It should be overwritten in the Makefile.json adapting
* to the performance requirements of the harness. */
#ifndef TASK_STUB_COUNTER_LIMIT
#define TASK_STUB_COUNTER_LIMIT 5;
#endif
static BaseType_t xCounter = TASK_STUB_COUNTER;
static BaseType_t xCounterLimit = TASK_STUB_COUNTER_LIMIT;
BaseType_t xTaskGetSchedulerState( void )
{
return xState;
}
/* This function is another method apart from overwritting the defines to init the max
* loop bound. */
void vInitTaskCheckForTimeOut( BaseType_t maxCounter,
BaseType_t maxCounter_limit )
{
xCounter = maxCounter;
xCounterLimit = maxCounter_limit;
}
/* This is mostly called in a loop. For CBMC, we have to bound the loop
* to a max limits of calls. Therefore this Stub models a nondet timeout in
* max TASK_STUB_COUNTER_LIMIT iterations.*/
BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
TickType_t * const pxTicksToWait )
{
++xCounter;
if( xCounter == xCounterLimit )
{
return pdTRUE;
}
else
{
return nondet_basetype();
}
}

40
kernel/FreeRTOS/Test/CBMC/proofs/CMakeLists.txt Normal file
View File

@ -0,0 +1,40 @@
list(APPEND cbmc_compile_options
-m32
)
list(APPEND cbmc_compile_definitions
CBMC
WINVER=0x400
_CONSOLE
_CRT_SECURE_NO_WARNINGS
_DEBUG
_WIN32_WINNT=0x0500
__PRETTY_FUNCTION__=__FUNCTION__
__free_rtos__
)
list(APPEND cbmc_compile_includes
${CMAKE_SOURCE_DIR}/Source/include
${CMAKE_SOURCE_DIR}/Source/portable/MSVC-MingW
${CMAKE_SOURCE_DIR}/Source/../../FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/portable/BufferManagement
${CMAKE_SOURCE_DIR}/Source/../../FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include
${CMAKE_SOURCE_DIR}/Source/../../FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/portable/Compiler/MSVC
${cbmc_dir}/include
${cbmc_dir}/windows
)
# Remove --flag for a specific proof with list(REMOVE_ITEM cbmc_flags --flag)
list(APPEND cbmc_flags
--32
--bounds-check
--pointer-check
--div-by-zero-check
--float-overflow-check
--nan-check
--nondet-static
--pointer-overflow-check
--signed-overflow-check
--undefined-shift-check
--unsigned-overflow-check
)

173
kernel/FreeRTOS/Test/CBMC/proofs/Makefile.template Normal file
View File

@ -0,0 +1,173 @@
default: report
# ____________________________________________________________________
# CBMC binaries
#
GOTO_CC = @GOTO_CC@
GOTO_INSTRUMENT = goto-instrument
GOTO_ANALYZER = goto-analyzer
VIEWER = cbmc-viewer
# ____________________________________________________________________
# Variables
#
# Naming scheme:
# ``````````````
# FOO is the concatenation of the following:
# FOO2: Set of command line
# C_FOO: Value of $FOO common to all harnesses, set in this file
# O_FOO: Value of $FOO specific to the OS we're running on, set in the
# makefile for the operating system
# H_FOO: Value of $FOO specific to a particular harness, set in the
# makefile for that harness
ENTRY = $(H_ENTRY)
OBJS = $(H_OBJS)
INC = \
$(INC2) \
$(C_INC) $(O_INC) $(H_INC) \
# empty
CFLAGS = \
$(CFLAGS2) \
$(C_DEF) $(O_DEF) $(H_DEF) $(DEF) \
$(C_OPT) $(O_OPT) $(H_OPT) $(OPT) \
-m32 \
# empty
CBMCFLAGS = \
$(CBMCFLAGS2) \
$(C_CBMCFLAGS) $(O_CBMCFLAGS) $(H_CBMCFLAGS) \
# empty
INSTFLAGS = \
$(INSTFLAGS2) \
$(C_INSTFLAGS) $(O_INSTFLAGS) $(H_INSTFLAGS) \
# empty
# ____________________________________________________________________
# Rules
#
# Rules for patching
patch:
cd $(PROOFS)/../patches && ./patch.py
unpatch:
cd $(PROOFS)/../patches && ./unpatch.py
# ____________________________________________________________________
# Rules
#
# Rules for building the CBMC harness
C_SOURCES = $(patsubst %.goto,%.c,$(H_OBJS_EXCEPT_HARNESS))
# Build each goto-binary out-of-source (i.e. in a 'gotos' directory
# underneath each proof directory, to make it safe to build all proofs
# in parallel
OOS_OBJS = $(patsubst %.c,gotos/%.goto,$(C_SOURCES))
CWD=$(abspath .)
gotos/%.goto: %.c
mkdir -p $(dir $@)
$(GOTO_CC) @COMPILE_ONLY@ @RULE_OUTPUT@ $(INC) $(CFLAGS) @RULE_INPUT@
queue_datastructure.h: gotos/$(FREERTOS)/Source/queue.goto
python3 @TYPE_HEADER_SCRIPT@ --binary $(CWD)/gotos$(FREERTOS)/Source/queue.goto --c-file $(FREERTOS)/Source/queue.c
$(ENTRY)_harness.goto: $(ENTRY)_harness.c $(H_GENERATE_HEADER)
$(GOTO_CC) @COMPILE_ONLY@ @RULE_OUTPUT@ $(INC) $(CFLAGS) $(ENTRY)_harness.c
$(ENTRY)1.goto: $(ENTRY)_harness.goto $(OOS_OBJS)
$(GOTO_CC) @COMPILE_LINK@ @RULE_OUTPUT@ --function harness @RULE_INPUT@
$(ENTRY)2.goto: $(ENTRY)1.goto
$(GOTO_INSTRUMENT) --add-library @RULE_INPUT@ @RULE_OUTPUT@ \
> $(ENTRY)2.txt 2>&1
$(ENTRY)3.goto: $(ENTRY)2.goto
$(GOTO_INSTRUMENT) --drop-unused-functions @RULE_INPUT@ @RULE_OUTPUT@ \
> $(ENTRY)3.txt 2>&1
$(ENTRY)4.goto: $(ENTRY)3.goto
$(GOTO_INSTRUMENT) $(INSTFLAGS) --slice-global-inits @RULE_INPUT@ @RULE_OUTPUT@ \
> $(ENTRY)4.txt 2>&1
# ____________________________________________________________________
# After running goto-instrument to remove function bodies the unused
# functions need to be dropped again.
$(ENTRY)5.goto: $(ENTRY)4.goto
$(GOTO_INSTRUMENT) --drop-unused-functions @RULE_INPUT@ @RULE_OUTPUT@ \
> $(ENTRY)5.txt 2>&1
$(ENTRY).goto: $(ENTRY)5.goto
@CP@ @RULE_INPUT@ @RULE_OUTPUT@
# ____________________________________________________________________
# Rules
#
# Rules for running CBMC
goto:
$(MAKE) patch
$(MAKE) -B $(ENTRY).goto
# Ignore the return code for CBMC, so that we can still generate the
# report if the proof failed. If the proof failed, we separately fail
# the entire job using the check-cbmc-result rule.
cbmc.txt: $(ENTRY).goto
-cbmc $(CBMCFLAGS) $(SOLVER) --unwinding-assertions --trace @RULE_INPUT@ > $@ 2>&1
property.xml: $(ENTRY).goto
cbmc $(CBMCFLAGS) --unwinding-assertions --show-properties --xml-ui @RULE_INPUT@ > $@ 2>&1
coverage.xml: $(ENTRY).goto
cbmc $(CBMCFLAGS) --cover location --xml-ui @RULE_INPUT@ > $@ 2>&1
cbmc: cbmc.txt
property: property.xml
coverage: coverage.xml
report: cbmc.txt property.xml coverage.xml
$(VIEWER) \
--goto $(ENTRY).goto \
--srcdir $(FREERTOS) \
--htmldir html \
--srcexclude "(.@FORWARD_SLASH@Demo)" \
--result cbmc.txt \
--property property.xml \
--block coverage.xml
# This rule depends only on cbmc.txt and has no dependents, so it will
# not block the report from being generated if it fails. This rule is
# intended to fail if and only if the CBMC safety check that emits
# cbmc.txt yielded a proof failure.
check-cbmc-result: cbmc.txt
grep -e "^VERIFICATION SUCCESSFUL" $^
# ____________________________________________________________________
# Rules
#
# Rules for cleaning up
clean:
@RM@ $(OBJS) $(ENTRY).goto
@RM@ $(ENTRY)[0-9].goto $(ENTRY)[0-9].txt
@RM@ cbmc.txt property.xml coverage.xml TAGS TAGS-*
@RM@ *~ \#*
@RM@ queue_datastructure.h
veryclean: clean
@RM_RECURSIVE@ html
@RM_RECURSIVE@ gotos
distclean: veryclean
cd $(PROOFS)/../patches && ./unpatch.py
cd $(PROOFS) && ./make-remove-makefiles.py

47
kernel/FreeRTOS/Test/CBMC/proofs/MakefileCommon.json Normal file
View File

@ -0,0 +1,47 @@
{
"FREERTOS": [ " ../../.." ],
"PROOFS": [ "." ],
"DEF ": [
"_DEBUG",
"__free_rtos__",
"_CONSOLE",
"_WIN32_WINNT=0x0500",
"WINVER=0x400",
"_CRT_SECURE_NO_WARNINGS",
"__PRETTY_FUNCTION__=__FUNCTION__",
"CBMC",
"'configASSERT(X)='",
"'configPRECONDITION(X)=__CPROVER_assume(X)'",
"'_static='",
"'_volatile='",
"QUEUE_LENGTH=15",
"QUEUE_ITEM_SIZE=990"
],
"INC ": [
"$(FREERTOS)/Source/include",
"$(FREERTOS)/../FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include",
"$(FREERTOS)/../FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/portable/Compiler/MSVC",
"$(FREERTOS)/../FreeRTOS-Plus/Demo/FreeRTOS_Plus_TCP_Minimal_Windows_Simulator/WinPCap",
"$(FREERTOS)/Demo/Common/include",
"$(FREERTOS)/Test/CBMC/include",
"$(FREERTOS)/Test/CBMC/patches",
"$(FREERTOS)/../FreeRTOS-Plus/Test/CBMC/windows",
"$(FREERTOS)/../FreeRTOS-Plus/Test/CBMC/windows2"
],
"CBMCFLAGS ": [
"--object-bits 7",
"--32",
"--bounds-check",
"--pointer-check"
],
"FORWARD_SLASH": ["/"],
"TYPE_HEADERS": [
"$(FREERTOS)/Source/queue.c"
]
}

36
kernel/FreeRTOS/Test/CBMC/proofs/MakefileLinux.json Normal file
View File

@ -0,0 +1,36 @@
{
"GOTO_CC": [
"goto-cc"
],
"COMPILE_LINK": [
"-o"
],
"COMPILE_ONLY": [
"-c",
"-o"
],
"RULE_INPUT": [
"$^"
],
"RULE_OUTPUT": [
"$@"
],
"RULE_GOTO": [
"%.goto : %.c"
],
"INC": [
"$(PROOFS)/../windows"
],
"RM": [
"$(RM)"
],
"RM_RECURSIVE": [
"$(RM) -r"
],
"CP": [
"cp"
],
"TYPE_HEADER_SCRIPT": [
"$(PROOFS)/make_type_header_files.py"
]
}

44
kernel/FreeRTOS/Test/CBMC/proofs/MakefileWindows.json Normal file
View File

@ -0,0 +1,44 @@
{
"DEF": [
"WIN32"
],
"GOTO_CC": [
"goto-cl"
],
"COMPILE_LINK": [
"/Fe"
],
"COMPILE_ONLY": [
"/c",
"/Fo"
],
"RULE_INPUT": [
"$**"
],
"RULE_OUTPUT": [
"$@"
],
"RULE_GOTO": [
".c.goto:"
],
"OPT": [
"/wd4210",
"/wd4127",
"/wd4214",
"/wd4201",
"/wd4244",
"/wd4310"
],
"RM": [
"del"
],
"RM_RECURSIVE": [
"del /s"
],
"CP": [
"copy"
],
"TYPE_HEADER_SCRIPT": [
"$(PROOFS)\\make_type_header_files.py"
]
}

46
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateCountingSemaphore/Makefile.json Normal file
View File

@ -0,0 +1,46 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueCreateCountingSemaphore",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
]
}

41
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateCountingSemaphore/QueueCreateCountingSemaphore_harness.c Normal file
View File

@ -0,0 +1,41 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "cbmc.h"
void harness()
{
UBaseType_t uxMaxCount;
UBaseType_t uxInitialCount;
xQueueCreateCountingSemaphore( uxMaxCount, uxInitialCount );
}

10
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateCountingSemaphore/README.md Normal file
View File

@ -0,0 +1,10 @@
Assuming uxMaxCount != 0 and uxInitialCount <= uxMaxCount,
this harness proves the memory safety of QueueCreateCountingSemaphore.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateCountingSemaphore/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueCreateCountingSemaphore",
"proof-root": "Test/CBMC/proofs"
}

49
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateCountingSemaphoreStatic/Makefile.json Normal file
View File

@ -0,0 +1,49 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueCreateCountingSemaphoreStatic",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

42
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateCountingSemaphoreStatic/QueueCreateCountingSemaphoreStatic_harness.c Normal file
View File

@ -0,0 +1,42 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "cbmc.h"
void harness()
{
UBaseType_t uxMaxCount;
UBaseType_t uxInitialCount;
StaticQueue_t * pxStaticQueue = ( StaticQueue_t * ) pvPortMalloc( sizeof( StaticQueue_t ) );
xQueueCreateCountingSemaphoreStatic( uxMaxCount, uxInitialCount, pxStaticQueue );
}

11
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateCountingSemaphoreStatic/README.md Normal file
View File

@ -0,0 +1,11 @@
Assuming uxMaxCount > 0, uxInitialCount <= uxMaxCount and the reference
to the storage area is not null,
this harness proves the memory saftey of QueueCreateCountingSemphoreStatic.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateCountingSemaphoreStatic/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueCreateCountingSemaphoreStatic",
"proof-root": "Test/CBMC/proofs"
}

46
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateMutex/Makefile.json Normal file
View File

@ -0,0 +1,46 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueCreateMutex",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
]
}

39
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateMutex/QueueCreateMutex_harness.c Normal file
View File

@ -0,0 +1,39 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "cbmc.h"
void harness()
{
uint8_t ucQueueType;
xQueueCreateMutex( ucQueueType );
}

14
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateMutex/README.md Normal file
View File

@ -0,0 +1,14 @@
This harness proves the memory safety of QueueCreateMutex
for totally unconstrained input.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt
* xTaskGetSchedulerState
* xTaskPriorityDisinherit
* xTaskRemoveFromEventList

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateMutex/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueCreateMutex",
"proof-root": "Test/CBMC/proofs"
}

49
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateMutexStatic/Makefile.json Normal file
View File

@ -0,0 +1,49 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueCreateMutexStatic",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

40
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateMutexStatic/QueueCreateMutexStatic_harness.c Normal file
View File

@ -0,0 +1,40 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "cbmc.h"
void harness()
{
uint8_t ucQueueType;
StaticQueue_t * pxStaticQueue = ( StaticQueue_t * ) pvPortMalloc( sizeof( StaticQueue_t ) );
xQueueCreateMutexStatic( ucQueueType, pxStaticQueue );
}

15
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateMutexStatic/README.md Normal file
View File

@ -0,0 +1,15 @@
Given that the passed mutex storage area is not null, the QueueCreateMutexStatic
function is memory safe.
Otherwise an assertion violation is triggered.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt
* xTaskGetSchedulerState
* xTaskPriorityDisinherit

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateMutexStatic/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueCreateMutexStatic",
"proof-root": "Test/CBMC/proofs"
}

109
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericCreate/Configurations.json Normal file
View File

@ -0,0 +1,109 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueGenericCreate",
# A CBMC pointer is an object id followed by an offset into the object.
# The size of the offset is limited by the size of the object id.
"CBMC_OBJECT_BITS": "7",
"CBMC_OBJECT_MAX_SIZE": "\"((UINT32_MAX>>(CBMC_OBJECT_BITS+1))\"",
"CBMCFLAGS":
[
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/list.goto",
"$(FREERTOS)/Source/queue.goto"
],
"DEF":
[
{
"QueueGenericCreate_default": [
"CBMC_OBJECT_BITS={CBMC_OBJECT_BITS}",
"CBMC_OBJECT_MAX_SIZE={CBMC_OBJECT_MAX_SIZE}",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configUSE_MUTEXES=1",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configSUPPORT_STATIC_ALLOCATION=1",
"configUSE_QUEUE_SETS=0",
"configSUPPORT_DYNAMIC_ALLOCATION=1"
]
},
{
"QueueGenericCreate_noMutex": [
"CBMC_OBJECT_BITS={CBMC_OBJECT_BITS}",
"CBMC_OBJECT_MAX_SIZE={CBMC_OBJECT_MAX_SIZE}",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configUSE_MUTEXES=0",
"configUSE_RECURSIVE_MUTEXES=0",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configSUPPORT_STATIC_ALLOCATION=1",
"configUSE_QUEUE_SETS=0",
"configSUPPORT_DYNAMIC_ALLOCATION=1"
]
},
{
"QueueGenericCreate_noSTATIC_ALLOCATION": [
"CBMC_OBJECT_BITS={CBMC_OBJECT_BITS}",
"CBMC_OBJECT_MAX_SIZE={CBMC_OBJECT_MAX_SIZE}",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configUSE_MUTEXES=1",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configSUPPORT_STATIC_ALLOCATION=0",
"configUSE_QUEUE_SETS=0",
"configSUPPORT_DYNAMIC_ALLOCATION=1"
]
},
{
"QueueGenericCreate_useQueueSets": [
"CBMC_OBJECT_BITS={CBMC_OBJECT_BITS}",
"CBMC_OBJECT_MAX_SIZE={CBMC_OBJECT_MAX_SIZE}",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configUSE_MUTEXES=1",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configSUPPORT_STATIC_ALLOCATION=1",
"configUSE_QUEUE_SETS=1",
"configSUPPORT_DYNAMIC_ALLOCATION=1"
]
}
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

45
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericCreate/QueueGenericCreate_harness.c Normal file
View File

@ -0,0 +1,45 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_datastructure.h"
#include "cbmc.h"
void harness()
{
UBaseType_t uxQueueLength;
UBaseType_t uxItemSize;
uint8_t ucQueueType;
/* Allow CBMC to run in a reasonable amount of time. */
__CPROVER_assume( ( uxQueueLength == QUEUE_LENGTH ) || ( uxItemSize == QUEUE_ITEM_SIZE ) );
xQueueGenericCreate( uxQueueLength, uxItemSize, ucQueueType );
}

13
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericCreate/README.md Normal file
View File

@ -0,0 +1,13 @@
The harness and configurations in this folder show memory safety of
QueueGenericCreate, given the assumption made in the harness.
The principal assumption is that (uxItemSize * uxQueueLength) + sizeof(Queue_t)
does not overflow.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericCreate/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueGenericCreate",
"proof-root": "Test/CBMC/proofs"
}

73
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericCreateStatic/Configurations.json Normal file
View File

@ -0,0 +1,73 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueGenericCreateStatic",
# A CBMC pointer is an object id followed by an offset into the object.
# The size of the offset is limited by the size of the object id.
"CBMC_OBJECT_BITS": "7",
"CBMC_OBJECT_MAX_SIZE": "\"((UINT32_MAX>>(CBMC_OBJECT_BITS+1))\"",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
{
"QeueuGenericCreateStatic_DynamicAllocation": [
"CBMC_OBJECT_BITS={CBMC_OBJECT_BITS}",
"CBMC_OBJECT_MAX_SIZE={CBMC_OBJECT_MAX_SIZE}",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configSUPPORT_STATIC_ALLOCATION=1",
"configSUPPORT_DYNAMIC_ALLOCATION=1"
]
},
{
"QeueuGenericCreateStatic_NoDynamicAllocation": [
"CBMC_OBJECT_BITS={CBMC_OBJECT_BITS}",
"CBMC_OBJECT_MAX_SIZE={CBMC_OBJECT_MAX_SIZE}",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configSUPPORT_STATIC_ALLOCATION=1",
"configSUPPORT_DYNAMIC_ALLOCATION=0"
]
}
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

52
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericCreateStatic/QueueGenericCreateStatic_harness.c Normal file
View File

@ -0,0 +1,52 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_datastructure.h"
#include "cbmc.h"
void harness()
{
UBaseType_t uxQueueLength;
UBaseType_t uxItemSize;
uint8_t ucQueueType;
size_t storageSize;
/* Allow CBMC to run in a reasonable amount of time. */
__CPROVER_assume( ( uxQueueLength == QUEUE_LENGTH ) || ( uxItemSize == QUEUE_ITEM_SIZE ) );
/* Prevent overflow in this harness. */
__CPROVER_assume( ( uxQueueLength > 0 ) && ( ( storageSize / uxQueueLength ) == uxItemSize ) );
uint8_t * pucQueueStorage = ( uint8_t * ) pvPortMalloc( storageSize );
StaticQueue_t * pxStaticQueue = ( StaticQueue_t * ) pvPortMalloc( sizeof( StaticQueue_t ) );
xQueueGenericCreateStatic( uxQueueLength, uxItemSize, pucQueueStorage, pxStaticQueue, ucQueueType );
}

16
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericCreateStatic/README.md Normal file
View File

@ -0,0 +1,16 @@
The harness proves memory safety of
QueueGenericCreateStatic under the assumption made in the harness.
The principal assumption is that (uxItemSize * uxQueueLength) + sizeof(Queue_t)
does not overflow. Further, ucQueueStorage must only be null iff uxItemSize is null.
In addition, the passed queue storage is assumed to be allocated to the right size.
The configurations for configSUPPORT_DYNAMIC_ALLOCATION set to 0 and 1 are checked.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericCreateStatic/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueGenericCreateStatic",
"proof-root": "Test/CBMC/proofs"
}

52
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericReset/Makefile.json Normal file
View File

@ -0,0 +1,52 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueGenericReset",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
],
"INC": [
"."
],
"GENERATE_HEADER":[
"queue_datastructure.h"
]
}

44
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericReset/QueueGenericReset_harness.c Normal file
View File

@ -0,0 +1,44 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_init.h"
#include "cbmc.h"
struct QueueDefinition;
void harness()
{
BaseType_t xNewQueue;
QueueHandle_t xQueue = xUnconstrainedQueue();
xQueueGenericReset( xQueue, xNewQueue );
}

12
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericReset/README.md Normal file
View File

@ -0,0 +1,12 @@
Assuming that the QueueHandel_t is not null and the assumptions made
for QueueGenericCreate hold, this harness proves the memory safety of QueueGenericReset.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt
* xTaskRemoveFromEventList

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericReset/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueGenericReset",
"proof-root": "Test/CBMC/proofs"
}

75
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericSend/Configurations.json Normal file
View File

@ -0,0 +1,75 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueGenericSend",
"LOCK_BOUND": 2,
"QUEUE_SEND_BOUND":3,
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check",
"--unwindset xQueueGenericSend.0:{QUEUE_SEND_BOUND},prvUnlockQueue.0:{LOCK_BOUND},prvUnlockQueue.1:{LOCK_BOUND}",
"--nondet-static"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto",
"$(FREERTOS)/Test/CBMC/proofs/CBMCStubLibrary/tasksStubs.goto"
],
"DEF": [
{
"QueueGenericSend_noQueueSets": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_QUEUE_SETS=0",
"LOCK_BOUND={LOCK_BOUND}",
"QUEUE_SEND_BOUND={QUEUE_SEND_BOUND}"
]
},
{
"QueueGenericSend_QueueSets": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_QUEUE_SETS=1",
"LOCK_BOUND={LOCK_BOUND}",
"QUEUE_SEND_BOUND={QUEUE_SEND_BOUND}"
]
}
],
"INC": [
"."
],
"GENERATE_HEADER":[
"queue_datastructure.h"
]
}

145
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericSend/QueueGenericSend_harness.c Normal file
View File

@ -0,0 +1,145 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_init.h"
#include "tasksStubs.h"
#include "cbmc.h"
#ifndef LOCK_BOUND
#define LOCK_BOUND 4
#endif
#ifndef QUEUE_SEND_BOUND
#define QUEUE_SEND_BOUND 4
#endif
#if ( configUSE_QUEUE_SETS == 0 )
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue,
const void * pvItemToQueue,
const BaseType_t xPosition )
{
if( pxQueue->uxItemSize > ( UBaseType_t ) 0 )
{
__CPROVER_assert( __CPROVER_r_ok( pvItemToQueue, ( size_t ) pxQueue->uxItemSize ), "pvItemToQueue region must be readable" );
if( xPosition == queueSEND_TO_BACK )
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->pcWriteTo, ( size_t ) pxQueue->uxItemSize ), "pxQueue->pcWriteTo region must be writable" );
}
else
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->u.xQueue.pcReadFrom, ( size_t ) pxQueue->uxItemSize ), "pxQueue->u.xQueue.pcReadFrom region must be writable" );
}
return pdFALSE;
}
else
{
return nondet_BaseType_t();
}
}
#else /* if ( configUSE_QUEUE_SETS == 0 ) */
BaseType_t prvNotifyQueueSetContainer( const Queue_t * const pxQueue )
{
Queue_t * pxQueueSetContainer = pxQueue->pxQueueSetContainer;
configASSERT( pxQueueSetContainer );
}
void prvUnlockQueue( Queue_t * const pxQueue )
{
configASSERT( pxQueue );
if( pxQueue->pxQueueSetContainer != NULL )
{
prvNotifyQueueSetContainer( pxQueue );
}
listLIST_IS_EMPTY( &( pxQueue->xTasksWaitingToReceive ) );
pxQueue->cTxLock = queueUNLOCKED;
listLIST_IS_EMPTY( &( pxQueue->xTasksWaitingToSend ) );
pxQueue->cRxLock = queueUNLOCKED;
}
#endif /* if ( configUSE_QUEUE_SETS == 0 ) */
void harness()
{
/*Initialise the tasksStubs */
vInitTaskCheckForTimeOut( 0, QUEUE_SEND_BOUND - 1 );
xState = nondet_basetype();
QueueHandle_t xQueue =
xUnconstrainedQueueBoundedItemSize( 2 );
TickType_t xTicksToWait;
if( xState == taskSCHEDULER_SUSPENDED )
{
xTicksToWait = 0;
}
if( xQueue )
{
void * pvItemToQueue = pvPortMalloc( xQueue->uxItemSize );
BaseType_t xCopyPosition;
if( xCopyPosition == queueOVERWRITE )
{
xQueue->uxLength = 1;
}
if( xQueue->uxItemSize == 0 )
{
/* uxQueue->xQueueType is a pointer to the head of the queue storage area.
* If an item has a sice, this pointer must not be modified after init.
* Otherwise some of the write statements will fail. */
xQueue->uxQueueType = nondet_int8_t();
pvItemToQueue = 0;
}
/* This code checks explicitly for violations of the pxQueue->uxMessagesWaiting < pxQueue->uxLength
* invariant. */
xQueue->uxMessagesWaiting = nondet_UBaseType_t();
/* These values are decremented during a while loop interacting with task.c.
* This interaction is currently abstracted away.*/
xQueue->cTxLock = LOCK_BOUND - 1;
xQueue->cRxLock = LOCK_BOUND - 1;
if( !pvItemToQueue )
{
xQueue->uxItemSize = 0;
}
xQueueGenericSend( xQueue, pvItemToQueue, xTicksToWait, xCopyPosition );
}
}

19
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericSend/README.md Normal file
View File

@ -0,0 +1,19 @@
The harness in this folder proves the memory safety of QueueGenericSend
with and without QueueSets. It is abstracting away the task pool and concurrency
related functions and assumes the parameters to be initialized to valid data structures.
Further, prvCopyDataToQueue, prvUnlockQueue and prvNotifyQueueSetContainer are abstracted away.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt
* vTaskInternalSetTimeOutState
* vTaskMissedYield
* vTaskPlaceOnEventList
* vTaskSuspendAll
* xTaskRemoveFromEventList
* xTaskResumeAll

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericSend/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueGenericSend",
"proof-root": "Test/CBMC/proofs"
}

67
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericSendFromISR/Configurations.json Normal file
View File

@ -0,0 +1,67 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueGenericSendFromISR",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check",
"--nondet-static"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
{
"QueueGenericSendFromISR_noQueueSets": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_QUEUE_SETS=0"
]
},
{
"QueueGenericSendFromISR_QueueSets": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_QUEUE_SETS=1"
]
}
],
"INC": [
"."
],
"GENERATE_HEADER":[
"queue_datastructure.h"
]
}

102
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericSendFromISR/QueueGenericSendFromISR_harness.c Normal file
View File

@ -0,0 +1,102 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_init.h"
#include "cbmc.h"
#ifndef ITEM_BOUND
#define ITEM_BOUND 10
#endif
#if ( configUSE_QUEUE_SETS == 0 )
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue,
const void * pvItemToQueue,
const BaseType_t xPosition )
{
if( pxQueue->uxItemSize > ( UBaseType_t ) 0 )
{
__CPROVER_assert( __CPROVER_r_ok( pvItemToQueue, ( size_t ) pxQueue->uxItemSize ), "pvItemToQueue region must be readable" );
if( xPosition == queueSEND_TO_BACK )
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->pcWriteTo, ( size_t ) pxQueue->uxItemSize ), "pxQueue->pcWriteTo region must be writable" );
}
else
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->u.xQueue.pcReadFrom, ( size_t ) pxQueue->uxItemSize ), "pxQueue->u.xQueue.pcReadFrom region must be writable" );
}
return pdFALSE;
}
else
{
return nondet_BaseType_t();
}
}
#endif /* if ( configUSE_QUEUE_SETS == 0 ) */
void harness()
{
QueueHandle_t xQueue = xUnconstrainedQueueBoundedItemSize( ITEM_BOUND );
if( xQueue )
{
void * pvItemToQueue = pvPortMalloc( xQueue->uxItemSize );
BaseType_t * xHigherPriorityTaskWoken = pvPortMalloc( sizeof( BaseType_t ) );
BaseType_t xCopyPosition;
if( xQueue->uxItemSize == 0 )
{
/* uxQueue->xQueueType is a pointer to the head of the queue storage area.
* If an item has a size, this pointer must not be modified after init.
* Otherwise some of the write statements will fail. */
xQueue->uxQueueType = nondet_int8_t();
pvItemToQueue = 0;
}
/* This code checks explicitly for violations of the pxQueue->uxMessagesWaiting < pxQueue->uxLength
* invariant. */
xQueue->uxMessagesWaiting = nondet_UBaseType_t();
if( !pvItemToQueue )
{
xQueue->uxItemSize = 0;
}
if( xCopyPosition == 2 )
{
__CPROVER_assume( xQueue->uxLength == 1 );
}
xQueueGenericSendFromISR( xQueue, pvItemToQueue, xHigherPriorityTaskWoken, xCopyPosition );
}
}

12
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericSendFromISR/README.md Normal file
View File

@ -0,0 +1,12 @@
The harness in this folder proves the memory safety of QueueGenericSendFromISR
with and without QueueSets. It is abstracting away the task pool and concurrency
related functions. Further, it uses a stub for prvCopyDataToQueue.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* xTaskRemoveFromEventList

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericSendFromISR/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueGenericSendFromISR",
"proof-root": "Test/CBMC/proofs"
}

52
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGetMutexHolder/Makefile.json Normal file
View File

@ -0,0 +1,52 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueGetMutexHolder",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
],
"INC": [
"."
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

44
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGetMutexHolder/QueueGetMutexHolder_harness.c Normal file
View File

@ -0,0 +1,44 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue_init.h"
#include "queue.h"
#include "cbmc.h"
void harness()
{
QueueHandle_t xSemaphore = xUnconstrainedQueue();
if( xSemaphore )
{
xSemaphore->uxQueueType = nondet_uint8_t();
xQueueGetMutexHolder( xSemaphore );
}
}

10
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGetMutexHolder/README.md Normal file
View File

@ -0,0 +1,10 @@
This harness proves the memory safety of QueueGetMutexHolder assuming the passed
semaphore is not null.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGetMutexHolder/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueGetMutexHolder",
"proof-root": "Test/CBMC/proofs"
}

52
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGetMutexHolderFromISR/Makefile.json Normal file
View File

@ -0,0 +1,52 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueGetMutexHolderFromISR",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
],
"INC": [
"."
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

43
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGetMutexHolderFromISR/QueueGetMutexHolderFromISR_harness.c Normal file
View File

@ -0,0 +1,43 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_datastructure.h"
#include "cbmc.h"
void harness()
{
QueueHandle_t xSemaphore = pvPortMalloc( sizeof( Queue_t ) );
if( xSemaphore )
{
xQueueGetMutexHolderFromISR( xSemaphore );
}
}

5
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGetMutexHolderFromISR/README.md Normal file
View File

@ -0,0 +1,5 @@
Assuming that xSemaphore is a pointer to an allocated Queue_t instance,
this harness proves the memory safety of QueueGetMutexHolderFromISR.
This proof is a work-in-progress. Proof assumptions are described in
the harness.

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGetMutexHolderFromISR/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueGetMutexHolderFromISR",
"proof-root": "Test/CBMC/proofs"
}

71
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGiveFromISR/Configurations.json Normal file
View File

@ -0,0 +1,71 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueGiveFromISR",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check",
"--nondet-static"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
{
"QueueGiveFromISR_default": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configSUPPORT_STATIC_ALLOCATION=1",
"configSUPPORT_DYNAMIC_ALLOCATION=1",
"configUSE_QUEUE_SETS=0"
]
},
{
"QueueGiveFromISR_QueueSets": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configSUPPORT_STATIC_ALLOCATION=1",
"configSUPPORT_DYNAMIC_ALLOCATION=1",
"configUSE_QUEUE_SETS=1"
]
}
],
"INC": [
"$(FREERTOS)/Test/CBMC/proofs/CBMCStubLibrary/",
"."
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

45
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGiveFromISR/QueueGiveFromISR_harness.c Normal file
View File

@ -0,0 +1,45 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_init.h"
#include "cbmc.h"
void harness()
{
QueueHandle_t xQueue = xUnconstrainedMutex();
BaseType_t * xHigherPriorityTaskWoken = pvPortMalloc( sizeof( BaseType_t ) );
if( xQueue )
{
xQueue->uxMessagesWaiting = nondet_UBaseType_t();
xQueueGiveFromISR( xQueue, xHigherPriorityTaskWoken );
}
}

15
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGiveFromISR/README.md Normal file
View File

@ -0,0 +1,15 @@
Assuming the xQueue is allocated to a valid memory block and abstracting
away concurrency and task pool related functions, this harness proves the memory
safety of QueueGiveFromISR.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt
* xTaskGetSchedulerState
* xTaskPriorityDisinherit
* xTaskRemoveFromEventList

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGiveFromISR/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueGiveFromISR",
"proof-root": "Test/CBMC/proofs"
}

53
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGiveMutexRecursive/Makefile.json Normal file
View File

@ -0,0 +1,53 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueGiveMutexRecursive",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configUSE_RECURSIVE_MUTEXES=1"
],
"INC": [
"."
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

52
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGiveMutexRecursive/QueueGiveMutexRecursive_harness.c Normal file
View File

@ -0,0 +1,52 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_datastructure.h"
#include "cbmc.h"
void harness()
{
uint8_t ucQueueType;
QueueHandle_t xMutex =
xQueueCreateMutex( ucQueueType );
if( xMutex )
{
xMutex->uxQueueType = ucQueueType;
UBaseType_t uxCounter;
/* This assumption is explained in the queue.c file inside the method body
* xQueueGiveMutexRecursive and guards against an underflow error. */
__CPROVER_assume( uxCounter > 0 );
xMutex->u.xSemaphore.uxRecursiveCallCount = uxCounter;
xQueueGiveMutexRecursive( xMutex );
}
}

16
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGiveMutexRecursive/README.md Normal file
View File

@ -0,0 +1,16 @@
Assuming that the xMutex parameter is initialized to a valid pointer and
abstracting concurrency and task pool related functions, this harness
proves the memory safety of QueueGiveMutexRecursive.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt
* xTaskGetCurrentTaskHandle
* xTaskGetSchedulerState
* xTaskPriorityDisinherit
* xTaskRemoveFromEventList

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueGiveMutexRecursive/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueGiveMutexRecursive",
"proof-root": "Test/CBMC/proofs"
}

51
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueMessagesWaiting/Makefile.json Normal file
View File

@ -0,0 +1,51 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueMessagesWaiting",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
],
"INC": [
"."
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

43
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueMessagesWaiting/QueueMessagesWaiting_harness.c Normal file
View File

@ -0,0 +1,43 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_datastructure.h"
#include "cbmc.h"
void harness()
{
QueueHandle_t xQueue = pvPortMalloc( sizeof( Queue_t ) );
if( xQueue )
{
uxQueueMessagesWaiting( xQueue );
}
}

12
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueMessagesWaiting/README.md Normal file
View File

@ -0,0 +1,12 @@
Assuming the parameter passed to QueueMessagesWaiting is a pointer to a Queue_t
struct, this harness proves the memory safety of QueueMessagesWaiting.
The concurrency related functions vPortEnterCrititcal and vPortExitCritical
are abstracted away.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueMessagesWaiting/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueMessagesWaiting",
"proof-root": "Test/CBMC/proofs"
}

59
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueuePeek/Makefile.json Normal file
View File

@ -0,0 +1,59 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueuePeek",
"LOCK_BOUND":4,
"QUEUE_PEEK_BOUND" :4,
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check",
"--unwindset prvUnlockQueue.0:{LOCK_BOUND},prvUnlockQueue.1:{LOCK_BOUND},xQueuePeek.0:{QUEUE_PEEK_BOUND}",
"--nondet-static"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto",
"$(FREERTOS)/Test/CBMC/proofs/CBMCStubLibrary/tasksStubs.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"LOCK_BOUND={LOCK_BOUND}",
"QUEUE_PEEK_BOUND={QUEUE_PEEK_BOUND}",
"INCLUDE_xTaskGetSchedulerState=1"
],
"INC": [
"."
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

85
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueuePeek/QueuePeek_harness.c Normal file
View File

@ -0,0 +1,85 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_init.h"
#include "tasksStubs.h"
#include "cbmc.h"
#ifndef LOCK_BOUND
#define LOCK_BOUND 4
#endif
#ifndef QUEUE_PEEK_BOUND
#define QUEUE_PEEK_BOUND 4
#endif
QueueHandle_t xQueue;
/* This method is called to initialize pxTimeOut.
* Setting up the data structure is not interesting for the proof,
* but the harness uses it to model a release
* on the queue after first check. */
void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut )
{
xQueue->uxMessagesWaiting = nondet_BaseType_t();
}
void harness()
{
xQueue = xUnconstrainedQueueBoundedItemSize( 10 );
/*Initialise the tasksStubs */
vInitTaskCheckForTimeOut( 0, QUEUE_PEEK_BOUND - 1 );
TickType_t xTicksToWait;
if( xState == taskSCHEDULER_SUSPENDED )
{
xTicksToWait = 0;
}
if( xQueue )
{
__CPROVER_assume( xQueue->cTxLock < LOCK_BOUND - 1 );
__CPROVER_assume( xQueue->cRxLock < LOCK_BOUND - 1 );
void * pvItemToQueue = pvPortMalloc( xQueue->uxItemSize );
/* In case malloc fails as this is otherwise an invariant violation. */
if( !pvItemToQueue )
{
xQueue->uxItemSize = 0;
}
xQueuePeek( xQueue, pvItemToQueue, xTicksToWait );
}
}

18
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueuePeek/README.md Normal file
View File

@ -0,0 +1,18 @@
Assuming xQueue and pvItemToQueue are non-null pointers allocated to the right
size, this harness proves the memory safety of QueueGenericPeek. Some of the
task pool behavior is abstracted away. Nevertheless, some of the concurrent
behavior has been modeled to allow full coverage of QueuePeek.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt
* vTaskMissedYield
* vTaskPlaceOnEventList
* vTaskSuspendAll
* xTaskRemoveFromEventList
* xTaskResumeAll

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueuePeek/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueuePeek",
"proof-root": "Test/CBMC/proofs"
}

60
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueReceive/Makefile.json Normal file
View File

@ -0,0 +1,60 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueReceive",
"LOCK_BOUND": 2,
"QUEUE_RECEIVE_BOUND": 3,
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check",
"--unwindset xQueueReceive.0:{QUEUE_RECEIVE_BOUND},prvUnlockQueue.0:{LOCK_BOUND},prvUnlockQueue.1:{LOCK_BOUND}",
"--nondet-static"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto",
"$(FREERTOS)/Test/CBMC/proofs/CBMCStubLibrary/tasksStubs.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"INCLUDE_xTaskGetSchedulerState=1",
"QUEUE_RECEIVE_BOUND={QUEUE_RECEIVE_BOUND}",
"LOCK_BOUND={LOCK_BOUND}"
],
"INC": [
"."
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

95
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueReceive/QueueReceive_harness.c Normal file
View File

@ -0,0 +1,95 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_init.h"
#include "tasksStubs.h"
#include "cbmc.h"
/* prvUnlockQueue is going to decrement this value to 0 in the loop.
* We need a bound for the loop. Using 4 has a reasonable performance resulting
* in 3 unwinding iterations of the loop. The loop is mostly modifying a
* data structure in task.c that is not in the scope of the proof. */
#ifndef LOCK_BOUND
#define LOCK_BOUND 4
#endif
/* This code checks for time outs. This value is used to bound the time out
* wait period. The stub function xTaskCheckForTimeOut used to model
* this wait time will be bounded to this define. */
#ifndef QUEUE_RECEIVE_BOUND
#define QUEUE_RECEIVE_BOUND 4
#endif
/* If the item size is not bounded, the proof does not finish in a reasonable
* time due to the involved memcpy commands. */
#ifndef MAX_ITEM_SIZE
#define MAX_ITEM_SIZE 20
#endif
QueueHandle_t xQueue;
/* This method is used to model side effects of concurrency.
* The initialization of pxTimeOut is not relevant for this harness. */
void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut )
{
__CPROVER_assert( __CPROVER_w_ok( &( pxTimeOut->xOverflowCount ), sizeof( BaseType_t ) ), "pxTimeOut should be a valid pointer and xOverflowCount writable" );
__CPROVER_assert( __CPROVER_w_ok( &( pxTimeOut->xTimeOnEntering ), sizeof( TickType_t ) ), "pxTimeOut should be a valid pointer and xTimeOnEntering writable" );
xQueue->uxMessagesWaiting = nondet_BaseType_t();
}
void harness()
{
vInitTaskCheckForTimeOut( 0, QUEUE_RECEIVE_BOUND - 1 );
xQueue = xUnconstrainedQueueBoundedItemSize( MAX_ITEM_SIZE );
TickType_t xTicksToWait;
if( xState == taskSCHEDULER_SUSPENDED )
{
xTicksToWait = 0;
}
if( xQueue )
{
xQueue->cTxLock = LOCK_BOUND - 1;
xQueue->cRxLock = LOCK_BOUND - 1;
void * pvBuffer = pvPortMalloc( xQueue->uxItemSize );
if( !pvBuffer )
{
xQueue->uxItemSize = 0;
}
xQueueReceive( xQueue, pvBuffer, xTicksToWait );
}
}

17
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueReceive/README.md Normal file
View File

@ -0,0 +1,17 @@
Assuming the bound described in the harness, this harness proves memory safety
for the QueueReceive function abstracting away
the task pool and concurrency functions.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt
* vTaskMissedYield
* vTaskPlaceOnEventList
* vTaskSuspendAll
* xTaskRemoveFromEventList
* xTaskResumeAll

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueReceive/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueReceive",
"proof-root": "Test/CBMC/proofs"
}

53
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueReceiveFromISR/Makefile.json Normal file
View File

@ -0,0 +1,53 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueReceiveFromISR",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto",
"$(FREERTOS)/Test/CBMC/proofs/CBMCStubLibrary/tasksStubs.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'"
],
"INC": [
"."
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

58
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueReceiveFromISR/QueueReceiveFromISR_harness.c Normal file
View File

@ -0,0 +1,58 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_init.h"
#include "cbmc.h"
/* If the item size is not bounded, the proof does not finish in a reasonable
* time due to the involved memcpy commands. */
#ifndef MAX_ITEM_SIZE
#define MAX_ITEM_SIZE 10
#endif
void harness()
{
QueueHandle_t xQueue =
xUnconstrainedQueueBoundedItemSize( MAX_ITEM_SIZE );
BaseType_t * xHigherPriorityTaskWoken = pvPortMalloc( sizeof( BaseType_t ) );
if( xQueue )
{
void * pvBuffer = pvPortMalloc( xQueue->uxItemSize );
if( !pvBuffer )
{
xQueue->uxItemSize = 0;
}
xQueueReceiveFromISR( xQueue, pvBuffer, xHigherPriorityTaskWoken );
}
}

12
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueReceiveFromISR/README.md Normal file
View File

@ -0,0 +1,12 @@
Assuming the bound declared in the harness, this harness proves the memory
safety the QueueReceiveFromISR abstracting
away the task pool and concurrency related functions.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* xTaskRemoveFromEventList

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueReceiveFromISR/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueReceiveFromISR",
"proof-root": "Test/CBMC/proofs"
}

59
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueSemaphoreTake/Makefile.json Normal file
View File

@ -0,0 +1,59 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueSemaphoreTake",
# This bound on queue size is needed to bound a loop in prvUnlockQueue
"QUEUE_BOUND": 5,
"CBMCFLAGS": [
"--unwind 2",
"--signed-overflow-check",
"--unsigned-overflow-check",
"--nondet-static",
"--unwindset prvUnlockQueue.0:{QUEUE_BOUND},prvUnlockQueue.1:{QUEUE_BOUND},xQueueSemaphoreTake.0:3"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto",
"$(FREERTOS)/Test/CBMC/proofs/CBMCStubLibrary/tasksStubs.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"PRV_UNLOCK_QUEUE_BOUND={QUEUE_BOUND}"
],
"INC": [
"."
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

92
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueSemaphoreTake/QueueSemaphoreTake_harness.c Normal file
View File

@ -0,0 +1,92 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_init.h"
#include "tasksStubs.h"
#include "cbmc.h"
BaseType_t state;
QueueHandle_t xQueue;
BaseType_t counter;
BaseType_t xTaskGetSchedulerState( void )
{
return state;
}
void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut )
{
/* QueueSemaphoreTake might be blocked to wait for
* another process to release a token to the semaphore.
* This is currently not in the CBMC model. Anyhow,
* vTaskInternalSetTimeOutState is set a timeout for
* QueueSemaphoreTake operation. We use this to model a successful
* release during wait time. */
UBaseType_t bound;
__CPROVER_assume( ( bound >= 0 && xQueue->uxLength >= bound ) );
xQueue->uxMessagesWaiting = bound;
}
void harness()
{
/* Init task stub to make sure that the third loop iteration
* simulates a time out */
vInitTaskCheckForTimeOut( 0, 3 );
xQueue = xUnconstrainedMutex();
TickType_t xTicksToWait;
if( state == taskSCHEDULER_SUSPENDED )
{
xTicksToWait = 0;
}
if( xQueue )
{
/* Bounding the loop in prvUnlockQueue to
* PRV_UNLOCK_QUEUE_BOUND. As the loop is not relevant
* in this proof the value might be set to any
* positive 8-bit integer value. We subtract one,
* because the bound must be one greater than the
* amount of loop iterations. */
__CPROVER_assert( PRV_UNLOCK_QUEUE_BOUND > 0, "Make sure, a valid macro value is chosen." );
xQueue->cTxLock = PRV_UNLOCK_QUEUE_BOUND - 1;
xQueue->cRxLock = PRV_UNLOCK_QUEUE_BOUND - 1;
( ( &( xQueue->xTasksWaitingToReceive ) )->xListEnd ).pxNext->xItemValue = nondet_ticktype();
/* This assumptions is required to prevent an overflow in l. 2057 of queue.c
* in the prvGetDisinheritPriorityAfterTimeout() function. */
__CPROVER_assume( (
( UBaseType_t ) listGET_ITEM_VALUE_OF_HEAD_ENTRY( &( xQueue->xTasksWaitingToReceive ) )
<= ( ( UBaseType_t ) configMAX_PRIORITIES ) ) );
xQueueSemaphoreTake( xQueue, xTicksToWait );
}
}

22
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueSemaphoreTake/README.md Normal file
View File

@ -0,0 +1,22 @@
Assuming the bound specified in the harness and abstracting the task pool and
concurrency functions, this harness proves the memory safety of QueueSemaphoreTake.
Some of the task pool functions are used to model concurrent behavior required
to trigger all branches during the model creation.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* pvTaskIncrementMutexHeldCount
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt
* vTaskMissedYield
* vTaskPlaceOnEventList
* vTaskPriorityDisinheritAfterTimeout
* vTaskSuspendAll
* xTaskPriorityDisinherit
* xTaskPriorityInherit
* xTaskRemoveFromEventList
* xTaskResumeAll

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueSemaphoreTake/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueSemaphoreTake",
"proof-root": "Test/CBMC/proofs"
}

51
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueSpacesAvailable/Makefile.json Normal file
View File

@ -0,0 +1,51 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "QueueSpacesAvailable",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
],
"INC": [
"."
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

42
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueSpacesAvailable/QueueSpacesAvailable_harness.c Normal file
View File

@ -0,0 +1,42 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_init.h"
#include "cbmc.h"
void harness()
{
QueueHandle_t xQueue = xUnconstrainedQueue();
/* QueueSpacesAvailable asserts nonnull pointer */
__CPROVER_assume( xQueue );
uxQueueSpacesAvailable( xQueue );
}

9
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueSpacesAvailable/README.md Normal file
View File

@ -0,0 +1,9 @@
This harness proves that QueueSpacesAvailable is memory safe.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueSpacesAvailable/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueSpacesAvailable",
"proof-root": "Test/CBMC/proofs"
}

61
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueTakeMutexRecursive/Makefile.json Normal file
View File

@ -0,0 +1,61 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
# This bound on queue size is needed to bound a loop in prvUnlockQueue
"PRV_UNLOCK_UNWINDING_BOUND": 4,
# This is a bound on the timeout cycles
"QueueSemaphoreTake_BOUND": 4,
"ENTRY": "QueueTakeMutexRecursive",
"CBMCFLAGS": [
"--unwind {QueueSemaphoreTake_BOUND}",
"--unwindset prvUnlockQueue.0:{PRV_UNLOCK_UNWINDING_BOUND},prvUnlockQueue.1:{PRV_UNLOCK_UNWINDING_BOUND}",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto",
"$(FREERTOS)/Test/CBMC/proofs/CBMCStubLibrary/tasksStubs.goto"
],
"DEF": [
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"PRV_UNLOCK_UNWINDING_BOUND={PRV_UNLOCK_UNWINDING_BOUND}",
"QueueSemaphoreTake_BOUND={QueueSemaphoreTake_BOUND}"
],
"INC": [
"."
],
"GENERATE_HEADER": [
"queue_datastructure.h"
]
}

77
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueTakeMutexRecursive/QueueTakeMutexRecursive_harness.c Normal file
View File

@ -0,0 +1,77 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "tasksStubs.h"
#include "queue_datastructure.h"
#include "cbmc.h"
QueueHandle_t xMutex;
void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut )
{
/* QueueSemaphoreTake might be blocked to wait for
* another process to release a token to the semaphore.
* This is currently not in the CBMC model. Anyhow,
* vTaskInternalSetTimeOutState is set a timeout for
* QueueSemaphoreTake operation. We use this to model a successful
* release during wait time. */
UBaseType_t bound;
__CPROVER_assume( ( bound >= 0 && xMutex->uxLength >= bound ) );
xMutex->uxMessagesWaiting = bound;
}
BaseType_t xTaskGetSchedulerState( void )
{
BaseType_t ret;
__CPROVER_assume( ret != taskSCHEDULER_SUSPENDED );
return ret;
}
void harness()
{
uint8_t ucQueueType;
xMutex = xQueueCreateMutex( ucQueueType );
TickType_t xTicksToWait;
/* Init task stub to make sure that the QueueSemaphoreTake_BOUND - 1
* loop iteration simulates a time out */
vInitTaskCheckForTimeOut( 0, QueueSemaphoreTake_BOUND - 1 );
if( xMutex )
{
xMutex->cTxLock = PRV_UNLOCK_UNWINDING_BOUND - 1;
xMutex->cRxLock = PRV_UNLOCK_UNWINDING_BOUND - 1;
xMutex->uxMessagesWaiting = nondet_UBaseType_t();
xQueueTakeMutexRecursive( xMutex, xTicksToWait );
}
}

23
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueTakeMutexRecursive/README.md Normal file
View File

@ -0,0 +1,23 @@
Assuming that the parameter is valid mutex data structure and reasonable
bounded, this harness proves the memory safety of QueueTakeMutexRecursive.
Task pool and concurrency functions are abstracted away and replaced with
required stubs to drive coverage.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* pvTaskIncrementMutexHeldCount
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt
* vTaskMissedYield
* vTaskPlaceOnEventList
* vTaskPriorityDisinheritAfterTimeout
* vTaskSuspendAll
* xTaskGetCurrentTaskHandle
* xTaskPriorityDisinherit
* xTaskPriorityInherit
* xTaskRemoveFromEventList
* xTaskResumeAll

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/QueueTakeMutexRecursive/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "QueueTakeMutexRecursive",
"proof-root": "Test/CBMC/proofs"
}

70
kernel/FreeRTOS/Test/CBMC/proofs/Queue/prvCopyDataToQueue/Configurations.json Normal file
View File

@ -0,0 +1,70 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "prvCopyDataToQueue",
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
{
"prvCopyDataToQueue_default" : [
"'configPRECONDITION(X)=__CPROVER_assume(X)'",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configUSE_MUTEXES=1"
]
},
{
"prvCopyDataToQueue_noMutex" : [
"'configPRECONDITION(X)=__CPROVER_assume(X)'",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configUSE_MUTEXES=0",
"configUSE_RECURSIVE_MUTEXES=0"
]
}
],
"INC": [
"."
],
"GENERATE_HEADER":[
"queue_datastructure.h"
]
}

12
kernel/FreeRTOS/Test/CBMC/proofs/Queue/prvCopyDataToQueue/README.md Normal file
View File

@ -0,0 +1,12 @@
This harness proves the memory safety of the prvNotifyQueuSetContainer method.
It assumes that the queue is initalized to a valid datastructure.
The concurrency functions are abstracted away.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* xTaskPriorityDisinherit

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/prvCopyDataToQueue/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "prvCopyDataToQueue",
"proof-root": "Test/CBMC/proofs"
}

60
kernel/FreeRTOS/Test/CBMC/proofs/Queue/prvCopyDataToQueue/prvCopyDataToQueue_harness.c Normal file
View File

@ -0,0 +1,60 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_init.h"
#include "cbmc.h"
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue,
const void * pvItemToQueue,
const BaseType_t xPosition );
void harness()
{
QueueHandle_t xQueue = xUnconstrainedQueueBoundedItemSize( 10 );
if( xQueue )
{
void * pvItemToQueue = pvPortMalloc( xQueue->uxItemSize );
if( !pvItemToQueue )
{
xQueue->uxItemSize = 0;
}
if( xQueue->uxItemSize == 0 )
{
xQueue->uxQueueType = nondet_int8_t();
}
BaseType_t xPosition;
prvCopyDataToQueue( xQueue, pvItemToQueue, xPosition );
}
}

72
kernel/FreeRTOS/Test/CBMC/proofs/Queue/prvNotifyQueueSetContainer/Configurations.json Normal file
View File

@ -0,0 +1,72 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "prvNotifyQueueSetContainer",
"LOCK_BOUND": 2,
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check",
"--unwindset prvUnlockQueue.0:{LOCK_BOUND},prvUnlockQueue.1:{LOCK_BOUND}"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
{
"prvNotifyQueueSetContainer_Mutex" : [
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configUSE_MUTEXES=1",
"configUSE_RECURSIVE_MUTEXES=1",
"configUSE_QUEUE_SETS=1"
]
},
{
"prvNotifyQueueSetContainer_noMutex" : [
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configUSE_MUTEXES=0",
"configUSE_RECURSIVE_MUTEXES=0",
"configUSE_QUEUE_SETS=1"
]
}
],
"INC": [
"."
],
"GENERATE_HEADER":[
"queue_datastructure.h"
]
}

14
kernel/FreeRTOS/Test/CBMC/proofs/Queue/prvNotifyQueueSetContainer/README.md Normal file
View File

@ -0,0 +1,14 @@
This harness proves the memory safety of the prvNotifyQueuSetContainer method.
It assumes that the queue is initalized to a valid datastructure and added
to a QueueSet. The concurrency functions and task pool functions are abstracted
away. prvCopyDataToQueue is replaced with a stub checking the preconditions
for prvCopyDataToQueue to be sucessful.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* xTaskRemoveFromEventList

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/prvNotifyQueueSetContainer/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "prvNotifyQueueSetContainer",
"proof-root": "Test/CBMC/proofs"
}

112
kernel/FreeRTOS/Test/CBMC/proofs/Queue/prvNotifyQueueSetContainer/prvNotifyQueueSetContainer_harness.c Normal file
View File

@ -0,0 +1,112 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_datastructure.h"
#include "cbmc.h"
#ifndef LOCK_BOUND
#define LOCK_BOUND 4
#endif
BaseType_t prvNotifyQueueSetContainer( const Queue_t * const pxQueue,
const BaseType_t xCopyPosition );
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue,
const void * pvItemToQueue,
const BaseType_t xPosition )
{
if( pxQueue->uxItemSize > ( UBaseType_t ) 0 )
{
__CPROVER_assert( __CPROVER_r_ok( pvItemToQueue, ( size_t ) pxQueue->uxItemSize ), "pvItemToQueue region must be readable" );
if( xPosition == queueSEND_TO_BACK )
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->pcWriteTo, ( size_t ) pxQueue->uxItemSize ), "pxQueue->pcWriteTo region must be writable" );
}
else
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->u.xQueue.pcReadFrom, ( size_t ) pxQueue->uxItemSize ), "pxQueue->u.xQueue.pcReadFrom region must be writable" );
}
return pdFALSE;
}
else
{
return nondet_BaseType_t();
}
}
QueueSetHandle_t xUnconstrainedQueueSet()
{
UBaseType_t uxEventQueueLength = 2;
QueueSetHandle_t xSet = xQueueCreateSet( uxEventQueueLength );
if( xSet )
{
xSet->cTxLock = nondet_int8_t();
__CPROVER_assume( xSet->cTxLock != 127 );
xSet->cRxLock = nondet_int8_t();
xSet->uxMessagesWaiting = nondet_UBaseType_t();
xSet->xTasksWaitingToReceive.uxNumberOfItems = nondet_UBaseType_t();
xSet->xTasksWaitingToSend.uxNumberOfItems = nondet_UBaseType_t();
}
return xSet;
}
void harness()
{
UBaseType_t uxQueueLength;
UBaseType_t uxItemSize;
uint8_t ucQueueType;
__CPROVER_assume( uxQueueLength > 0 );
__CPROVER_assume( uxItemSize < 10 );
/* The implicit assumption for the QueueGenericCreate method is,
* that there are no overflows in the computation and the inputs are safe.
* There is no check for this in the code base */
UBaseType_t upper_bound = portMAX_DELAY - sizeof( Queue_t );
__CPROVER_assume( uxItemSize < ( upper_bound ) / uxQueueLength );
QueueHandle_t xQueue =
xQueueGenericCreate( uxQueueLength, uxItemSize, ucQueueType );
if( xQueue )
{
xQueueAddToSet( xQueue, xUnconstrainedQueueSet() );
if( xQueue->pxQueueSetContainer )
{
__CPROVER_assume( xQueue->pxQueueSetContainer->uxMessagesWaiting < xQueue->pxQueueSetContainer->uxLength );
BaseType_t xCopyPosition = nondet_BaseType_t();
prvNotifyQueueSetContainer( xQueue, xCopyPosition );
}
}
}

73
kernel/FreeRTOS/Test/CBMC/proofs/Queue/prvUnlockQueue/Configurations.json Normal file
View File

@ -0,0 +1,73 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "prvUnlockQueue",
"LOCK_BOUND": 2,
"CBMCFLAGS": [
"--unwind 1",
"--signed-overflow-check",
"--unsigned-overflow-check",
"--unwindset prvUnlockQueue.0:{LOCK_BOUND},prvUnlockQueue.1:{LOCK_BOUND}"
],
"OBJS": [
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/queue.goto",
"$(FREERTOS)/Source/list.goto"
],
"DEF": [
{
"prvUnlockQueue_noQueueSets" : [
"'configPRECONDITION(X)=__CPROVER_assume(X)'",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"LOCK_BOUND={LOCK_BOUND}",
"configUSE_QUEUE_SETS=0"
]
},
{
"prvUnlockQueue_QueueSets" : [
"'configPRECONDITION(X)=__CPROVER_assume(X)'",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"LOCK_BOUND={LOCK_BOUND}",
"configUSE_QUEUE_SETS=1"
]
}
],
"INC": [
"."
],
"GENERATE_HEADER":[
"queue_datastructure.h"
]
}

12
kernel/FreeRTOS/Test/CBMC/proofs/Queue/prvUnlockQueue/README.md Normal file
View File

@ -0,0 +1,12 @@
This harness proves the memory safety of the prvUnlockQueue function.
It is abstracting away the prvCopyDataToQueue function and task pools and concurrency functions.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* vTaskMissedYield
* xTaskRemoveFromEventList

28
kernel/FreeRTOS/Test/CBMC/proofs/Queue/prvUnlockQueue/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "prvUnlockQueue",
"proof-root": "Test/CBMC/proofs"
}

121
kernel/FreeRTOS/Test/CBMC/proofs/Queue/prvUnlockQueue/prvUnlockQueue_harness.c Normal file
View File

@ -0,0 +1,121 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "FreeRTOS.h"
#include "queue.h"
#include "queue_datastructure.h"
#include "cbmc.h"
#ifndef LOCK_BOUND
#define LOCK_BOUND 4
#endif
void prvUnlockQueue( Queue_t * const pxQueue );
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue,
const void * pvItemToQueue,
const BaseType_t xPosition )
{
if( pxQueue->uxItemSize > ( UBaseType_t ) 0 )
{
__CPROVER_assert( __CPROVER_r_ok( pvItemToQueue, ( size_t ) pxQueue->uxItemSize ), "pvItemToQueue region must be readable" );
if( xPosition == queueSEND_TO_BACK )
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->pcWriteTo, ( size_t ) pxQueue->uxItemSize ), "pxQueue->pcWriteTo region must be writable" );
}
else
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->u.xQueue.pcReadFrom, ( size_t ) pxQueue->uxItemSize ), "pxQueue->u.xQueue.pcReadFrom region must be writable" );
}
return pdFALSE;
}
else
{
return nondet_BaseType_t();
}
}
QueueSetHandle_t xUnconstrainedQueueSet()
{
UBaseType_t uxEventQueueLength = 2;
QueueSetHandle_t xSet = xQueueCreateSet( uxEventQueueLength );
if( xSet )
{
xSet->cTxLock = nondet_int8_t();
__CPROVER_assume( xSet->cTxLock != 127 );
xSet->cRxLock = nondet_int8_t();
xSet->uxMessagesWaiting = nondet_UBaseType_t();
xSet->xTasksWaitingToReceive.uxNumberOfItems = nondet_UBaseType_t();
/* This is an invariant checked with a couple of asserts in the code base.
* If it is false from the beginning, there is no chance for the proof to succeed*/
__CPROVER_assume( xSet->uxMessagesWaiting < xSet->uxLength );
xSet->xTasksWaitingToSend.uxNumberOfItems = nondet_UBaseType_t();
}
return xSet;
}
void harness()
{
UBaseType_t uxQueueLength;
UBaseType_t uxItemSize;
uint8_t ucQueueType;
__CPROVER_assume( uxQueueLength > 0 );
__CPROVER_assume( uxItemSize < 10 );
/* The implicit assumption for the QueueGenericCreate method is,
* that there are no overflows in the computation and the inputs are safe.
* There is no check for this in the code base */
UBaseType_t upper_bound = portMAX_DELAY - sizeof( Queue_t );
__CPROVER_assume( uxItemSize < ( upper_bound ) / uxQueueLength );
QueueHandle_t xQueue =
xQueueGenericCreate( uxQueueLength, uxItemSize, ucQueueType );
if( xQueue )
{
xQueue->cTxLock = LOCK_BOUND - 1;
xQueue->cRxLock = LOCK_BOUND - 1;
xQueue->uxMessagesWaiting = nondet_UBaseType_t();
/* This is an invariant checked with a couple of asserts in the code base.
* If it is false from the beginning, there is no chance for the proof to succeed*/
__CPROVER_assume( xQueue->uxMessagesWaiting < xQueue->uxLength );
xQueue->xTasksWaitingToReceive.uxNumberOfItems = nondet_UBaseType_t();
xQueue->xTasksWaitingToSend.uxNumberOfItems = nondet_UBaseType_t();
#if ( configUSE_QUEUE_SETS == 1 )
xQueueAddToSet( xQueue, xUnconstrainedQueueSet() );
#endif
prvUnlockQueue( xQueue );
}
}

1
kernel/FreeRTOS/Test/CBMC/proofs/README.md Normal file
View File

@ -0,0 +1 @@
This directory contains the proofs checked by CBMC. For each entry point of FreeRTOS tested, there is a directory that contains the test harness and cbmc configuration information needed to check the proof.

Some files were not shown because too many files have changed in this diff Show More