RTOS/SDK_STM32F302x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[修改] 增加freeRTOS

Browse Source 
1. 版本FreeRTOSv202212.01,命名为kernel;
This commit is contained in:
gaoyang3513
2023-05-06 16:43:01 +00:00
commit a345df017b
20944 changed files with 11094377 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/Makefile.json Normal file
View File

@ -0,0 +1,49 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskCheckForTimeOut",
"DEF":
[
"FREERTOS_MODULE_TEST",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'"
],
"CBMCFLAGS":
[
"--unwind 1"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto"
],
"INC":
[
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskCheckForTimeOut/"
]
}

10
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/README.md Normal file
View File

@ -0,0 +1,10 @@
This proof demonstrates the memory safety of the TaskCheckForTimeOut function.
We assume `pxTimeOut`, `pxTicksToWait` and `pxCurrentTCB` to be non-NULL.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical

54
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/TaskCheckForTimeOut_harness.c Normal file
View File

@ -0,0 +1,54 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
BaseType_t xPrepareCurrentTCB( void );
/*
* The function requires that the function arguments `pxTimeOut` and
* `pxTicksToWait` and the global variable `pxCurrentTCB` are not
* NULL.
*/
void harness()
{
UBaseType_t xTasksPrepared;
TimeOut_t pxTimeOut;
TickType_t pxTicksToWait;
xTasksPrepared = xPrepareCurrentTCB();
if( xTasksPrepared != pdFAIL )
{
xTaskCheckForTimeOut( &pxTimeOut, &pxTicksToWait );
}
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskCheckForTimeOut",
"proof-root": "Test/CBMC/proofs"
}

51
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/tasks_test_access_functions.h Normal file
View File

@ -0,0 +1,51 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "cbmc.h"
/*
* We allocate a TCB and set some members to basic values
*/
TaskHandle_t xUnconstrainedTCB( void )
{
TCB_t * pxTCB = pvPortMalloc( sizeof( TCB_t ) );
return pxTCB;
}
/*
* We just need to allocate a totally unconstrained TCB
*/
BaseType_t xPrepareCurrentTCB( void )
{
__CPROVER_assert_zero_allocation();
pxCurrentTCB = xUnconstrainedTCB();
return pxCurrentTCB == NULL ? pdFAIL : pdPASS;
}

52
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/Makefile.json Normal file
View File

@ -0,0 +1,52 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskCreate",
"DEF":
[
"STACK_DEPTH=10",
"FREERTOS_MODULE_TEST",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'"
],
"CBMCFLAGS":
[
"--unwind 1",
"--unwindset prvInitialiseNewTask.0:16,prvInitialiseNewTask.1:4,prvInitialiseTaskLists.0:8"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto",
"$(FREERTOS)/Source/list.goto"
],
"INC":
[
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskCreate/"
]
}

22
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/README.md Normal file
View File

@ -0,0 +1,22 @@
This proof demonstrates the memory safety of the TaskCreate function.
We initialize task lists, but we set other data structures to
unconstrained (arbitrary) values, including the data structures
`pxCurrentTCB`, `uxCurrentNumberOfTasks`, `pcName` and `pxCreateTask`.
STACK_DEPTH is set to a fixed number (10) since it is not possible to
specify a range.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* prvTraceGetObjectHandle
* prvTraceGetTaskNumber
* prvTraceSetObjectName
* prvTraceSetPriorityProperty
* prvTraceStoreKernelCall
* prvTraceStoreTaskReady
* pxPortInitialiseStack
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt

64
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/TaskCreate_harness.c Normal file
View File

@ -0,0 +1,64 @@
/*
* FreeRTOS V202212.01
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* https://www.FreeRTOS.org
* https://github.com/FreeRTOS
*
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
void vNondetSetCurrentTCB( void );
void vSetGlobalVariables( void );
void vPrepareTaskLists( void );
TaskHandle_t * pxNondetSetTaskHandle( void );
char * pcNondetSetString( size_t xSizeLength );
void harness()
{
TaskFunction_t pxTaskCode;
char * pcName;
configSTACK_DEPTH_TYPE usStackDepth = STACK_DEPTH;
void * pvParameters;
TaskHandle_t * pxCreatedTask;
UBaseType_t uxPriority;
__CPROVER_assume( uxPriority < configMAX_PRIORITIES );
vNondetSetCurrentTCB();
vSetGlobalVariables();
vPrepareTaskLists();
pxCreatedTask = pxNondetSetTaskHandle();
pcName = pcNondetSetString( configMAX_TASK_NAME_LEN );
xTaskCreate( pxTaskCode,
pcName,
usStackDepth,
pvParameters,
uxPriority,
pxCreatedTask );
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskCreate",
"proof-root": "Test/CBMC/proofs"
}

87
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/tasks_test_access_functions.h Normal file
View File

@ -0,0 +1,87 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "cbmc.h"
/*
* Our stub for pvPortMalloc in cbmc.h nondeterministically chooses
* either to return NULL or to allocate the requested memory.
*/
void vNondetSetCurrentTCB( void )
{
pxCurrentTCB = pvPortMalloc( sizeof( TCB_t ) );
}
/*
* We just require task lists to be initialized for this proof
*/
void vPrepareTaskLists( void )
{
__CPROVER_assert_zero_allocation();
prvInitialiseTaskLists();
}
/*
* We set the values of relevant global
* variables to nondeterministic values
*/
void vSetGlobalVariables( void )
{
xSchedulerRunning = nondet_basetype();
uxCurrentNumberOfTasks = nondet_ubasetype();
}
/*
* pvPortMalloc is nondeterministic by definition, thus we do not need
* to check for NULL allocation in this function
*/
TaskHandle_t * pxNondetSetTaskHandle( void )
{
TaskHandle_t * pxNondetTaskHandle = pvPortMalloc( sizeof( TaskHandle_t ) );
return pxNondetTaskHandle;
}
/*
* Tries to allocate a string of size xStringLength and sets the string
* to be terminated using a nondeterministic index if allocation was successful
*/
char * pcNondetSetString( size_t xStringLength )
{
char * pcName = pvPortMalloc( xStringLength );
if( pcName != NULL )
{
size_t uNondetIndex;
__CPROVER_assume( uNondetIndex < xStringLength );
pcName[ uNondetIndex ] = '\0';
}
return pcName;
}

68
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/Configurations.json Normal file
View File

@ -0,0 +1,68 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskDelay",
"DEF":
[
{ "default" :
[
"FREERTOS_MODULE_TEST",
"PENDED_TICKS=1",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
]
},
{ "vTaskSuspend0" :
[
"FREERTOS_MODULE_TEST",
"PENDED_TICKS=1",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"INCLUDE_vTaskSuspend=0"
]
}
],
"CBMCFLAGS":
[
"--unwind 1",
"--unwindset prvInitialiseTaskLists.0:8,vListInsert.0:4"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto",
"$(FREERTOS)/Source/list.goto"
],
"INC":
[
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskDelay/"
]
}

21
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/README.md Normal file
View File

@ -0,0 +1,21 @@
This proof demonstrates the memory safety of the TaskDelay function. We assume
that `pxCurrentTCB` is initialized and inserted in one of the ready tasks lists
(with and without another task in the same list). We abstract function
`xTaskResumeAll` by assuming that `xPendingReadyList` is empty and
`xPendedTicks` is `0`. Finally, we assume nondeterministic values for global
variables `xTickCount` and `xNextTaskUnblockTime`, and `pdFALSE` for
`uxSchedulerSuspended` (to avoid assertion failure).
Configurations available:
* `default`: The default configuration.
* `useTickHook1`: The default configuration with `INCLUDE_vTaskSuspend=0`
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt

64
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/TaskDelay_harness.c Normal file
View File

@ -0,0 +1,64 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
void vSetGlobalVariables( void );
BaseType_t xPrepareTaskLists( void );
BaseType_t xTaskResumeAllStub( void );
/*
* This is a trick to overcome the "redefined twice" error
* when stubbing out the `xTaskResumeAll` function in the header
*/
BaseType_t xTaskResumeAll( void )
{
return xTaskResumeAllStub();
}
/*
* The harness test first calls two functions included in the tasks.c file
* that initialize the task lists and other global variables
*/
void harness()
{
TickType_t xTicksToDelay;
BaseType_t xTasksPrepared;
vSetGlobalVariables();
xTasksPrepared = xPrepareTaskLists();
if( xTasksPrepared != pdFAIL )
{
vTaskDelay( xTicksToDelay );
}
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskDelay",
"proof-root": "Test/CBMC/proofs"
}

151
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/tasks_test_access_functions.h Normal file
View File

@ -0,0 +1,151 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "cbmc.h"
/*
* We allocate a TCB and set some members to basic values
*/
TaskHandle_t xUnconstrainedTCB( void )
{
TCB_t * pxTCB = pvPortMalloc( sizeof( TCB_t ) );
if( pxTCB == NULL )
{
return NULL;
}
__CPROVER_assume( pxTCB->uxPriority < configMAX_PRIORITIES );
vListInitialiseItem( &( pxTCB->xStateListItem ) );
vListInitialiseItem( &( pxTCB->xEventListItem ) );
listSET_LIST_ITEM_OWNER( &( pxTCB->xStateListItem ), pxTCB );
listSET_LIST_ITEM_OWNER( &( pxTCB->xEventListItem ), pxTCB );
if( nondet_bool() )
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), pxTCB->uxPriority );
}
else
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), portMAX_DELAY );
}
if( nondet_bool() )
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxTCB->uxPriority );
}
else
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), portMAX_DELAY );
}
return pxTCB;
}
/*
* We set the values of relevant global variables to
* nondeterministic values, except for `uxSchedulerSuspended`
* which is set to 0 (to pass through the assertion)
*/
void vSetGlobalVariables( void )
{
uxSchedulerSuspended = pdFALSE;
xTickCount = nondet_ticktype();
xNextTaskUnblockTime = nondet_ticktype();
}
/*
* We initialise and fill the task lists so coverage is optimal.
* This initialization is not guaranteed to be minimal, but it
* is quite efficient and it serves the same purpose
*/
BaseType_t xPrepareTaskLists( void )
{
TCB_t * pxTCB = NULL;
__CPROVER_assert_zero_allocation();
prvInitialiseTaskLists();
/* The current task will be moved to the delayed list */
pxCurrentTCB = xUnconstrainedTCB();
if( pxCurrentTCB == NULL )
{
return pdFAIL;
}
vListInsert( &pxReadyTasksLists[ pxCurrentTCB->uxPriority ], &( pxCurrentTCB->xStateListItem ) );
/*
* Nondeterministic insertion of a task in the ready tasks list
* guarantees coverage in line 5104 (tasks.c)
*/
if( nondet_bool() )
{
pxTCB = xUnconstrainedTCB();
if( pxTCB == NULL )
{
return pdFAIL;
}
vListInsert( &pxReadyTasksLists[ pxTCB->uxPriority ], &( pxTCB->xStateListItem ) );
/* Use of this macro ensures coverage on line 185 (list.c) */
listGET_OWNER_OF_NEXT_ENTRY( pxTCB, &pxReadyTasksLists[ pxTCB->uxPriority ] );
}
return pdPASS;
}
/*
* We stub out `xTaskResumeAll` including the assertion and change on
* variables `uxSchedulerSuspended`. We assume that `xPendingReadyList`
* is empty to avoid the first loop, and xPendedTicks to avoid the second
* one. Finally, we return a nondeterministic value (overapproximation)
*/
BaseType_t xTaskResumeAllStub( void )
{
BaseType_t xAlreadyYielded;
configASSERT( uxSchedulerSuspended );
taskENTER_CRITICAL();
{
--uxSchedulerSuspended;
__CPROVER_assert( listLIST_IS_EMPTY( &xPendingReadyList ), "Pending ready tasks list not empty." );
__CPROVER_assert( xPendedTicks == 0, "xPendedTicks is not equal to zero." );
}
taskEXIT_CRITICAL();
return xAlreadyYielded;
}

55
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/Makefile.json Normal file
View File

@ -0,0 +1,55 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskDelete",
"DEF":
[
"FREERTOS_MODULE_TEST",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"STACK_DEPTH=10",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
],
"CBMCFLAGS":
[
"--unwind 1",
"--unwindset prvInitialiseTaskLists.0:8,vListInsert.0:3"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto",
"$(FREERTOS)/Source/list.goto"
],
"INC":
[
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskDelete/"
]
}

19
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/README.md Normal file
View File

@ -0,0 +1,19 @@
This proof demonstrates the memory safety of the TaskDelete function. The
initialization for the task to be delete and `pxCurrentTCB` is quite similar
(since the task handle may be NULL, and in that case `pxCurrentTCB` is used).
The task to be deleted requires the stack in the task control block to be
allocated, and the flag for static allocation to be properly set (i.e., valid
values as defined by the macros) Task lists are initialized with these tasks
and nondet. filled with a few more items. We assume a nondet. value for
`xSchedulerRunning`.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortCloseRunningThread
* vPortDeleteThread
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt

54
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/TaskDelete_harness.c Normal file
View File

@ -0,0 +1,54 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
void vSetGlobalVariables();
BaseType_t xPrepareTaskLists( TaskHandle_t * xTask );
/*
* The harness test first calls two functions included in the tasks.c file
* that initialize the task lists and other global variables
*/
void harness()
{
TaskHandle_t xTaskToDelete;
BaseType_t xTasksPrepared;
vSetGlobalVariables();
xTasksPrepared = xPrepareTaskLists( &xTaskToDelete );
if( xTasksPrepared != pdFAIL )
{
vTaskDelete( xTaskToDelete );
}
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskDelete",
"proof-root": "Test/CBMC/proofs"
}

181
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/tasks_test_access_functions.h Normal file
View File

@ -0,0 +1,181 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "cbmc.h"
/*
* We allocate a TCB and set some members to basic values
*/
TaskHandle_t xUnconstrainedTCB( void )
{
TCB_t * pxTCB = pvPortMalloc( sizeof( TCB_t ) );
uint8_t ucStaticAllocationFlag;
if( pxTCB == NULL )
{
return NULL;
}
__CPROVER_assume( pxTCB->uxPriority < configMAX_PRIORITIES );
vListInitialiseItem( &( pxTCB->xStateListItem ) );
vListInitialiseItem( &( pxTCB->xEventListItem ) );
listSET_LIST_ITEM_OWNER( &( pxTCB->xStateListItem ), pxTCB );
listSET_LIST_ITEM_OWNER( &( pxTCB->xEventListItem ), pxTCB );
if( nondet_bool() )
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), pxTCB->uxPriority );
}
else
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), portMAX_DELAY );
}
if( nondet_bool() )
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxTCB->uxPriority );
}
else
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), portMAX_DELAY );
}
pxTCB->pxStack = ( StackType_t * ) pvPortMalloc( ( ( ( size_t ) STACK_DEPTH ) * sizeof( StackType_t ) ) );
if( pxTCB->pxStack == NULL )
{
vPortFree( pxTCB );
return NULL;
}
__CPROVER_assume( ucStaticAllocationFlag <= tskSTATICALLY_ALLOCATED_STACK_AND_TCB );
__CPROVER_assume( ucStaticAllocationFlag >= tskDYNAMICALLY_ALLOCATED_STACK_AND_TCB );
pxTCB->ucStaticallyAllocated = ucStaticAllocationFlag;
return pxTCB;
}
/*
* We set the values of relevant global
* variables to nondeterministic values
*/
void vSetGlobalVariables()
{
xSchedulerRunning = nondet_basetype();
}
/*
* We initialise and fill the task lists so coverage is optimal.
* This initialization is not guaranteed to be minimal, but it
* is quite efficient and it serves the same purpose
*/
BaseType_t xPrepareTaskLists( TaskHandle_t * xTask )
{
TCB_t * pxTCB = NULL;
__CPROVER_assert_zero_allocation();
prvInitialiseTaskLists();
/*
* The task handle passed to TaskDelete can be NULL. In that case, the
* task to delete is the one in `pxCurrentTCB`, see the macro `prvGetTCBFromHandle`
* in line 1165 (tasks.c) for reference. For that reason, we provide a similar
* initialization for an arbitrary task `pxTCB` and `pxCurrentTCB`.
*/
pxTCB = xUnconstrainedTCB();
if( pxTCB != NULL )
{
if( nondet_bool() )
{
TCB_t * pxOtherTCB;
pxOtherTCB = xUnconstrainedTCB();
/*
* Nondeterministic insertion of another TCB in the same list
* to guarantee coverage in line 1174 (tasks.c)
*/
if( pxOtherTCB != NULL )
{
vListInsert( &xPendingReadyList, &( pxOtherTCB->xStateListItem ) );
}
}
vListInsert( &xPendingReadyList, &( pxTCB->xStateListItem ) );
/*
* Nondeterministic insertion of an event list item to guarantee
* coverage in lines 1180-1184 (tasks.c)
*/
if( nondet_bool() )
{
vListInsert( pxDelayedTaskList, &( pxTCB->xEventListItem ) );
}
}
/* Note that `*xTask = NULL` can happen here, but this is fine -- `pxCurrentTCB` will be used instead */
*xTask = pxTCB;
/*
* `pxCurrentTCB` must be initialized the same way as the previous task, but an
* allocation failure cannot happen in this case (i.e., if the previous task is NULL)
*/
pxCurrentTCB = xUnconstrainedTCB();
if( pxCurrentTCB == NULL )
{
return pdFAIL;
}
if( nondet_bool() )
{
TCB_t * pxOtherTCB;
pxOtherTCB = xUnconstrainedTCB();
if( pxOtherTCB != NULL )
{
vListInsert( &pxReadyTasksLists[ pxOtherTCB->uxPriority ], &( pxOtherTCB->xStateListItem ) );
}
}
vListInsert( &pxReadyTasksLists[ pxCurrentTCB->uxPriority ], &( pxCurrentTCB->xStateListItem ) );
/* Use of this macro ensures coverage on line 185 (list.c) */
listGET_OWNER_OF_NEXT_ENTRY( pxCurrentTCB, &pxReadyTasksLists[ pxCurrentTCB->uxPriority ] );
if( nondet_bool() )
{
vListInsert( pxDelayedTaskList, &( pxCurrentTCB->xEventListItem ) );
}
return pdPASS;
}

51
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/Makefile.json Normal file
View File

@ -0,0 +1,51 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskGetCurrentTaskHandle",
"DEF":
[
"FREERTOS_MODULE_TEST",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'"
],
"CBMCFLAGS":
[
"--unwind 1"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto",
"$(FREERTOS)/Source/list.goto"
],
"INC":
[
"$(FREERTOS)/Source/",
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/"
]
}

6
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/README.md Normal file
View File

@ -0,0 +1,6 @@
This proof demonstrates the memory safety of the TaskGetCurrentTaskHandle
function. We assume that `pxCurrentTCB` is not NULL and we check that the
return value is not NULL.
This proof is a work-in-progress. Proof assumptions are described in
the harness.

54
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/TaskGetCurrentTaskHandle_harness.c Normal file
View File

@ -0,0 +1,54 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
BaseType_t xPrepareCurrentTCB( void );
/*
* We set pxCurrentTCB to an unconstrained TCB. Then we call
* xTaskGetCurrentTaskHandle() and check the return value is not NULL
*/
void harness()
{
TaskHandle_t xTask;
BaseType_t xTasksPrepared;
xTasksPrepared = xPrepareCurrentTCB();
if( xTasksPrepared != pdFAIL )
{
xTask = xTaskGetCurrentTaskHandle();
__CPROVER_assert( xTask != NULL, "Current task handle is NULL!" );
}
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskGetCurrentTaskHandle",
"proof-root": "Test/CBMC/proofs"
}

61
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/tasks_test_access_functions.h Normal file
View File

@ -0,0 +1,61 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "cbmc.h"
/*
* We allocate a TCB and set some members to basic values
*/
TaskHandle_t xUnconstrainedTCB( void )
{
TCB_t * pxTCB = pvPortMalloc( sizeof( TCB_t ) );
if( pxTCB == NULL )
{
return NULL;
}
return pxTCB;
}
/*
* We just need to allocate a totally unconstrained TCB
*/
BaseType_t xPrepareCurrentTCB( void )
{
__CPROVER_assert_zero_allocation();
pxCurrentTCB = xUnconstrainedTCB();
if( pxCurrentTCB == NULL )
{
return pdFAIL;
}
return pdPASS;
}

49
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/Makefile.json Normal file
View File

@ -0,0 +1,49 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskGetSchedulerState",
"DEF":
[
"FREERTOS_MODULE_TEST",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'"
],
"CBMCFLAGS":
[
"--unwind 1"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto"
],
"INC":
[
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskGetSchedulerState/"
]
}

6
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/README.md Normal file
View File

@ -0,0 +1,6 @@
This proof demonstrates the memory safety of the TaskGetSchedulerState function.
We assume `xSchedulerRunning` and `uxSchedulerSuspended` to be nondeterministic values.
This proof is a work-in-progress. Proof assumptions are described in
the harness.

48
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/TaskGetSchedulerState_harness.c Normal file
View File

@ -0,0 +1,48 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
void vSetGlobalVariables( void );
/*
* We just require scheduler flags to be nondeterministic
* values before calling `xTaskGetSchedulerState`
*/
void harness()
{
BaseType_t xResult;
vSetGlobalVariables();
xResult = xTaskGetSchedulerState();
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskGetSchedulerState",
"proof-root": "Test/CBMC/proofs"
}

37
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/tasks_test_access_functions.h Normal file
View File

@ -0,0 +1,37 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
/*
* We set the values of relevant global
* variables to nondeterministic values
*/
void vSetGlobalVariables( void )
{
xSchedulerRunning = nondet_basetype();
uxSchedulerSuspended = nondet_ubasetype();
}

49
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/Makefile.json Normal file
View File

@ -0,0 +1,49 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskGetTaskNumber",
"DEF":
[
"FREERTOS_MODULE_TEST",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'"
],
"CBMCFLAGS":
[
"--unwind 1"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto"
],
"INC":
[
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskGetTaskNumber/"
]
}

5
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/README.md Normal file
View File

@ -0,0 +1,5 @@
This proof demonstrates the memory safety of the TaskGetTaskNumber function.
No assumption is required since the function accepts a NULL value for the task handle.
This proof is a work-in-progress. Proof assumptions are described in
the harness.

49
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/TaskGetTaskNumber_harness.c Normal file
View File

@ -0,0 +1,49 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
void vPrepareTask( TaskHandle_t * xTask );
/*
* We prepare an unconstrained task (possibly NULL)
* and then call `uxTaskGetTaskNumber`
*/
void harness()
{
TaskHandle_t xTask;
UBaseType_t uxTaskNumber;
vPrepareTask( &xTask );
uxTaskNumber = uxTaskGetTaskNumber( xTask );
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskGetTaskNumber",
"proof-root": "Test/CBMC/proofs"
}

55
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/tasks_test_access_functions.h Normal file
View File

@ -0,0 +1,55 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "cbmc.h"
/*
* We allocate a TCB and set some members to basic values
*/
TaskHandle_t xUnconstrainedTCB( void )
{
TCB_t * pxTCB = pvPortMalloc( sizeof( TCB_t ) );
if( pxTCB == NULL )
{
return NULL;
}
return pxTCB;
}
/*
* We try to allocate an unconstrained TCB but do not
* check for NULL errors here (the function does it)
*/
void vPrepareTask( TaskHandle_t * xTask )
{
__CPROVER_assert_zero_allocation();
*xTask = xUnconstrainedTCB();
}

40
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTickCount/Makefile.json Normal file
View File

@ -0,0 +1,40 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskGetTickCount",
"CBMCFLAGS":
[
"--unwind 1"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto"
]
}

5
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTickCount/README.md Normal file
View File

@ -0,0 +1,5 @@
This proof demonstrates the memory safety of the TaskIncrementTick function.
No assumptions nor abstractions are required for single-threaded computation.
This proof is a work-in-progress. Proof assumptions are described in
the harness.

40
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTickCount/TaskGetTickCount_harness.c Normal file
View File

@ -0,0 +1,40 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
void harness()
{
TickType_t xTickCount;
xTickCount = xTaskGetTickCount();
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTickCount/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskGetTickCount",
"proof-root": "Test/CBMC/proofs"
}

63
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/Configurations.json Normal file
View File

@ -0,0 +1,63 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskIncrementTick",
"DEF":
[
{ "default":
[
"FREERTOS_MODULE_TEST",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TICK_HOOK=0"
]
},
{ "useTickHook1":
[
"FREERTOS_MODULE_TEST",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TICK_HOOK=1"
]
}
],
"CBMCFLAGS":
[
"--unwind 1",
"--unwindset prvInitialiseTaskLists.0:8,vListInsert.0:2,xTaskIncrementTick.0:4"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto",
"$(FREERTOS)/Source/list.goto"
],
"INC":
[
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskIncrementTick/"
]
}

18
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/README.md Normal file
View File

@ -0,0 +1,18 @@
This proof demonstrates the memory safety of the TaskIncrementTick function.
We assume that task lists are initialized and filled with a few list items. We
also assign nondeterministic values to some global variables.
Configurations available:
* `default`: The default configuration. `useTickHook1`: The default
* configuration with `configUSE_TICK_HOOK=1`
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* prvTraceGetTaskNumber
* prvTracePortGetTimeStamp
* prvTraceStoreKernelCallWithNumericParamOnly
* prvTraceStoreTaskReady
* vApplicationTickHook

53
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/TaskIncrementTick_harness.c Normal file
View File

@ -0,0 +1,53 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
void vSetGlobalVariables();
BaseType_t xPrepareTaskLists( void );
/*
* The harness test first calls two functions included in the tasks.c file
* that initialize the task lists and other global variables
*/
void harness()
{
BaseType_t xTasksPrepared;
vSetGlobalVariables();
xTasksPrepared = xPrepareTaskLists();
if( xTasksPrepared != pdFAIL )
{
xTaskIncrementTick();
}
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskIncrementTick",
"proof-root": "Test/CBMC/proofs"
}

135
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/tasks_test_access_functions.h Normal file
View File

@ -0,0 +1,135 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "cbmc.h"
/*
* We allocate a TCB and set some members to basic values
*/
TaskHandle_t xUnconstrainedTCB( void )
{
TCB_t * pxTCB = pvPortMalloc( sizeof( TCB_t ) );
if( pxTCB == NULL )
{
return NULL;
}
__CPROVER_assume( pxTCB->uxPriority < configMAX_PRIORITIES );
vListInitialiseItem( &( pxTCB->xStateListItem ) );
vListInitialiseItem( &( pxTCB->xEventListItem ) );
listSET_LIST_ITEM_OWNER( &( pxTCB->xStateListItem ), pxTCB );
listSET_LIST_ITEM_OWNER( &( pxTCB->xEventListItem ), pxTCB );
if( nondet_bool() )
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), pxTCB->uxPriority );
}
else
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), portMAX_DELAY );
}
if( nondet_bool() )
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxTCB->uxPriority );
}
else
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), portMAX_DELAY );
}
return pxTCB;
}
/*
* We set the values of relevant global
* variables to nondeterministic values
*/
void vSetGlobalVariables()
{
xPendedTicks = nondet_ubasetype();
uxSchedulerSuspended = nondet_ubasetype();
xYieldPending = nondet_basetype();
xTickCount = nondet_ticktype();
}
/*
* We initialise and fill the task lists so coverage is optimal.
* This initialization is not guaranteed to be minimal, but it
* is quite efficient and it serves the same purpose
*/
BaseType_t xPrepareTaskLists( void )
{
TCB_t * pxTCB = NULL;
__CPROVER_assert_zero_allocation();
prvInitialiseTaskLists();
/* Needed for coverage: This task will be moved to a ready list */
pxTCB = xUnconstrainedTCB();
if( pxTCB == NULL )
{
return pdFAIL;
}
vListInsert( pxOverflowDelayedTaskList, &( pxTCB->xStateListItem ) );
/* Needed for coverage. */
listGET_OWNER_OF_NEXT_ENTRY( pxTCB, pxOverflowDelayedTaskList );
pxTCB = xUnconstrainedTCB();
if( pxTCB == NULL )
{
return pdFAIL;
}
vListInsert( &xPendingReadyList, &( pxTCB->xStateListItem ) );
/* Needed for coverage: A nondeterministic choice */
if( nondet_bool() )
{
vListInsert( pxOverflowDelayedTaskList, &( pxTCB->xEventListItem ) );
}
pxCurrentTCB = xUnconstrainedTCB();
if( pxCurrentTCB == NULL )
{
return pdFAIL;
}
vListInsert( &pxReadyTasksLists[ pxCurrentTCB->uxPriority ], &( pxCurrentTCB->xStateListItem ) );
return pdPASS;
}

54
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/Makefile.json Normal file
View File

@ -0,0 +1,54 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskPrioritySet",
"DEF":
[
"FREERTOS_MODULE_TEST",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
],
"CBMCFLAGS":
[
"--unwind 1",
"--unwindset prvInitialiseTaskLists.0:8,vListInsert.0:3"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto",
"$(FREERTOS)/Source/list.goto"
],
"INC":
[
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskPrioritySet/"
]
}

14
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/README.md Normal file
View File

@ -0,0 +1,14 @@
This proof demonstrates the memory safety of the TaskPrioritySet function. The
initialization for the task to be set and `pxCurrentTCB` is quite similar
(since the task handle may be NULL, and in that case `pxCurrentTCB` is used).
Task lists are initialized with these tasks and nondet. filled with a few more
items.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt

57
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/TaskPrioritySet_harness.c Normal file
View File

@ -0,0 +1,57 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
BaseType_t xPrepareTaskLists( TaskHandle_t * xTask );
/*
* We assume `uxNewPriority` to be a valid priority (avoids failed assert).
* The harness test first calls two functions included in the tasks.c file
* that initialize the task lists and other global variables
*/
void harness()
{
TaskHandle_t xTask;
UBaseType_t uxNewPriority;
BaseType_t xTasksPrepared;
__CPROVER_assume( uxNewPriority < configMAX_PRIORITIES );
xTasksPrepared = xPrepareTaskLists( &xTask );
/* Check that this second invocation of xPrepareTaskLists is needed. */
if( xPrepareTaskLists( &xTask ) != pdFAIL )
{
vTaskPrioritySet( xTask, uxNewPriority );
}
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskPrioritySet",
"proof-root": "Test/CBMC/proofs"
}

129
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/tasks_test_access_functions.h Normal file
View File

@ -0,0 +1,129 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "cbmc.h"
/*
* We allocate a TCB and set some members to basic values
*/
TaskHandle_t xUnconstrainedTCB( void )
{
TCB_t * pxTCB = pvPortMalloc( sizeof( TCB_t ) );
uint8_t ucStaticAllocationFlag;
if( pxTCB == NULL )
{
return NULL;
}
__CPROVER_assume( pxTCB->uxPriority < configMAX_PRIORITIES );
vListInitialiseItem( &( pxTCB->xStateListItem ) );
vListInitialiseItem( &( pxTCB->xEventListItem ) );
listSET_LIST_ITEM_OWNER( &( pxTCB->xStateListItem ), pxTCB );
listSET_LIST_ITEM_OWNER( &( pxTCB->xEventListItem ), pxTCB );
if( nondet_bool() )
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), pxTCB->uxPriority );
}
else
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), portMAX_DELAY );
}
if( nondet_bool() )
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxTCB->uxPriority );
}
else
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), portMAX_DELAY );
}
return pxTCB;
}
/*
* We initialise and fill the task lists so coverage is optimal.
* This initialization is not guaranteed to be minimal, but it
* is quite efficient and it serves the same purpose
*/
BaseType_t xPrepareTaskLists( TaskHandle_t * xTask )
{
TCB_t * pxTCB = NULL;
__CPROVER_assert_zero_allocation();
prvInitialiseTaskLists();
pxTCB = xUnconstrainedTCB();
/* Needed for coverage: nondet insertion of task. */
if( nondet_bool() )
{
TCB_t * pxOtherTCB;
pxOtherTCB = xUnconstrainedTCB();
if( pxOtherTCB != NULL )
{
vListInsert( &pxReadyTasksLists[ pxOtherTCB->uxPriority ], &( pxOtherTCB->xStateListItem ) );
}
}
if( pxTCB != NULL )
{
/* Needed for coverage: nondeterministic insertion of task */
if( nondet_bool() )
{
vListInsert( &pxReadyTasksLists[ pxTCB->uxPriority ], &( pxTCB->xStateListItem ) );
}
}
/* Note that `*xTask = NULL` can happen here, but this is fine -- `pxCurrentTCB` will be used instead */
*xTask = pxTCB;
pxCurrentTCB = xUnconstrainedTCB();
if( pxCurrentTCB == NULL )
{
return pdFAIL;
}
/* Needed for coverage: nondeterministic insertion of task */
if( nondet_bool() )
{
vListInsert( &pxReadyTasksLists[ pxCurrentTCB->uxPriority ], &( pxCurrentTCB->xStateListItem ) );
/* Needed for coverage. */
listGET_OWNER_OF_NEXT_ENTRY( pxCurrentTCB, &pxReadyTasksLists[ pxCurrentTCB->uxPriority ] );
}
return pdPASS;
}

69
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/Configurations.json Normal file
View File

@ -0,0 +1,69 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskResumeAll",
"DEF":
[
{ "default":
[
"FREERTOS_MODULE_TEST",
"PENDED_TICKS=1",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
]
},
{ "useTickHook1":
[
"FREERTOS_MODULE_TEST",
"PENDED_TICKS=1",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0",
"configUSE_TICK_HOOK=1"
]
}
],
"CBMCFLAGS":
[
"--unwind 1",
"--unwindset prvInitialiseTaskLists.0:8,xTaskResumeAll.0:2,vListInsert.0:5,xTaskIncrementTick.0:4"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto",
"$(FREERTOS)/Source/list.goto"
],
"INC":
[
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskResumeAll/"
]
}

19
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/README.md Normal file
View File

@ -0,0 +1,19 @@
This proof demonstrates the memory safety of the TaskResumeAll function. We
assume that task lists are initialized and filled with a few list items. We
also assume that some global variables are set to a nondeterministic value,
except for `uxSchedulerSuspended` which cannot be 0 and `xPendedTicks` which
is either `1` (to unwind a loop in a reasonable amount of time) or `0`.
Configurations available:
* `default`: The default configuration.
* `useTickHook1`: The default configuration with `configUSE_TICK_HOOK=1`
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vApplicationTickHook
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt

53
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/TaskResumeAll_harness.c Normal file
View File

@ -0,0 +1,53 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
void vSetGlobalVariables( void );
BaseType_t xPrepareTaskLists( void );
/*
* The harness test first calls two functions included in the tasks.c file
* that initialize the task lists and other global variables
*/
void harness()
{
BaseType_t xTasksPrepared;
vSetGlobalVariables();
xTasksPrepared = xPrepareTaskLists();
if( xTasksPrepared != pdFAIL )
{
xTaskResumeAll();
}
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskResumeAll",
"proof-root": "Test/CBMC/proofs"
}

150
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/tasks_test_access_functions.h Normal file
View File

@ -0,0 +1,150 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "cbmc.h"
/*
* We allocate a TCB and set some members to basic values
*/
TaskHandle_t xUnconstrainedTCB( void )
{
TCB_t * pxTCB = pvPortMalloc( sizeof( TCB_t ) );
if( pxTCB == NULL )
{
return NULL;
}
__CPROVER_assume( pxTCB->uxPriority < configMAX_PRIORITIES );
vListInitialiseItem( &( pxTCB->xStateListItem ) );
vListInitialiseItem( &( pxTCB->xEventListItem ) );
listSET_LIST_ITEM_OWNER( &( pxTCB->xStateListItem ), pxTCB );
listSET_LIST_ITEM_OWNER( &( pxTCB->xEventListItem ), pxTCB );
if( nondet_bool() )
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), pxTCB->uxPriority );
}
else
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), portMAX_DELAY );
}
if( nondet_bool() )
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxTCB->uxPriority );
}
else
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), portMAX_DELAY );
}
return pxTCB;
}
/*
* We set xPendedTicks since __CPROVER_assume does not work
* well with statically initialised variables
*/
void vSetGlobalVariables( void )
{
UBaseType_t uxNonZeroValue;
__CPROVER_assume( uxNonZeroValue != 0 );
uxSchedulerSuspended = uxNonZeroValue;
xPendedTicks = nondet_bool() ? PENDED_TICKS : 0;
uxCurrentNumberOfTasks = nondet_ubasetype();
xTickCount = nondet_ticktype();
}
/*
* We initialise and fill the task lists so coverage is optimal.
* This initialization is not guaranteed to be minimal, but it
* is quite efficient and it serves the same purpose
*/
BaseType_t xPrepareTaskLists( void )
{
TCB_t * pxTCB = NULL;
__CPROVER_assert_zero_allocation();
prvInitialiseTaskLists();
/* This task will be moved to a ready list, granting coverage
* on lines 2780-2786 (tasks.c) */
pxTCB = xUnconstrainedTCB();
if( pxTCB == NULL )
{
return pdFAIL;
}
vListInsert( pxOverflowDelayedTaskList, &( pxTCB->xStateListItem ) );
/* Use of this macro ensures coverage on line 185 (list.c) */
listGET_OWNER_OF_NEXT_ENTRY( pxTCB, pxOverflowDelayedTaskList );
pxTCB = xUnconstrainedTCB();
if( pxTCB == NULL )
{
return pdFAIL;
}
vListInsert( &xPendingReadyList, &( pxTCB->xStateListItem ) );
vListInsert( pxOverflowDelayedTaskList, &( pxTCB->xEventListItem ) );
pxTCB = xUnconstrainedTCB();
if( pxTCB == NULL )
{
return pdFAIL;
}
vListInsert( pxOverflowDelayedTaskList, &( pxTCB->xStateListItem ) );
/* This nondeterministic choice ensure coverage in line 2746 (tasks.c) */
if( nondet_bool() )
{
vListInsert( pxOverflowDelayedTaskList, &( pxTCB->xEventListItem ) );
}
pxCurrentTCB = xUnconstrainedTCB();
if( pxCurrentTCB == NULL )
{
return pdFAIL;
}
vListInsert( &pxReadyTasksLists[ pxCurrentTCB->uxPriority ], &( pxCurrentTCB->xStateListItem ) );
return pdPASS;
}

48
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskSetTimeOutState/Makefile.json Normal file
View File

@ -0,0 +1,48 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskSetTimeOutState",
"DEF":
[
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'"
],
"CBMCFLAGS":
[
"--unwind 1"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto"
],
"INC":
[
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskSetTimeOutState/"
]
}

10
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskSetTimeOutState/README.md Normal file
View File

@ -0,0 +1,10 @@
This proof demonstrates the memory safety of the TaskSetTimeOutState function.
No assumption is required other than its single argument being non-NULL.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical

44
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskSetTimeOutState/TaskSetTimeOutState_harness.c Normal file
View File

@ -0,0 +1,44 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
/*
* We assume xTime to allocated since the function includes a configASSERT
* call at the beginning to make sure the pointer to it is not NULL
*/
void harness()
{
TimeOut_t xTime;
vTaskSetTimeOutState( &xTime );
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskSetTimeOutState/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskSetTimeOutState",
"proof-root": "Test/CBMC/proofs"
}

55
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/Makefile.json Normal file
View File

@ -0,0 +1,55 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskStartScheduler",
"DEF":
[
"FREERTOS_MODULE_TEST",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'",
"configUSE_TRACE_FACILITY=0",
"configGENERATE_RUN_TIME_STATS=0"
],
"CBMCFLAGS":
[
"--unwind 1",
"--unwindset prvInitialiseTaskLists.0:8,prvInitialiseNewTask.0:16,prvInitialiseNewTask.1:4"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto",
"$(FREERTOS)/Source/list.goto",
"$(FREERTOS)/Source/timers.goto",
"$(FREERTOS)/Source/queue.goto"
],
"INC":
[
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskStartScheduler/"
]
}

18
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/README.md Normal file
View File

@ -0,0 +1,18 @@
This proof demonstrates the memory safety of the TaskStartScheduler function.
We assume that buffers for `pxIdleTaskTCB` and `pxTimerTaskTCB` (and their
associated stacks `pxIdleTaskStack` and `pxTimerTaskStack`) have been
previously allocated. The arguments passed by reference to
`vApplicationGetIdleTaskMemory` and `vApplicationGetTimerTaskMemory` are
assigned to these pointers since both functions expect statically-allocated
buffers to be passed.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* pxPortInitialiseStack
* vConfigureTimerForRunTimeStats
* vPortEnterCritical
* vPortExitCritical
* xPortStartScheduler

51
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/TaskStartScheduler_harness.c Normal file
View File

@ -0,0 +1,51 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
BaseType_t xPrepareTasks( void );
/*
* We prepare `pxCurrentTCB` and the idle/timer task buffers
* (TCB + stack), then we call the function if allocation was ok
*/
void harness()
{
BaseType_t xTasksPrepared;
xTasksPrepared = xPrepareTasks();
if( xTasksPrepared != pdFAIL )
{
vTaskStartScheduler();
}
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskStartScheduler",
"proof-root": "Test/CBMC/proofs"
}

120
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/tasks_test_access_functions.h Normal file
View File

@ -0,0 +1,120 @@
/*
* FreeRTOS V202212.01
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* https://www.FreeRTOS.org
* https://github.com/FreeRTOS
*
*/
/*
* FreeRTOS memory safety proofs with CBMC.
*/
#include "cbmc.h"
/*
* We allocate an unconstrained TCB or return NULL if it fails
*/
TaskHandle_t xUnconstrainedTCB( void )
{
TCB_t * pxTCB = pvPortMalloc( sizeof( TCB_t ) );
if( pxTCB == NULL )
{
return NULL;
}
return pxTCB;
}
StaticTask_t * pxIdleTaskTCB;
StaticTask_t * pxTimerTaskTCB;
StackType_t * pxIdleTaskStack;
StackType_t * pxTimerTaskStack;
/*
* `pxCurrentTCB` allocation is allowed to fail. The global variables above
* this comment are used in the stubbed functions `vApplicationGetIdleTaskMemory`
* and `vApplicationGetTimerTaskMemory` (at the end of this file) and buffer allocation
* must be successful for the proof to have no errors
*/
BaseType_t xPrepareTasks( void )
{
__CPROVER_assert_zero_allocation();
prvInitialiseTaskLists();
pxCurrentTCB = xUnconstrainedTCB();
pxIdleTaskTCB = pvPortMalloc( sizeof( StaticTask_t ) );
if( pxIdleTaskTCB == NULL )
{
return pdFAIL;
}
pxIdleTaskStack = pvPortMalloc( sizeof( StackType_t ) * configMINIMAL_STACK_SIZE );
if( pxIdleTaskStack == NULL )
{
return pdFAIL;
}
pxTimerTaskTCB = pvPortMalloc( sizeof( StaticTask_t ) );
if( pxTimerTaskTCB == NULL )
{
return pdFAIL;
}
pxTimerTaskStack = pvPortMalloc( sizeof( StackType_t ) * configTIMER_TASK_STACK_DEPTH );
if( pxTimerTaskStack == NULL )
{
return pdFAIL;
}
return pdPASS;
}
/*
* The buffers used here have been successfully allocated before (global variables)
*/
void vApplicationGetIdleTaskMemory( StaticTask_t ** ppxIdleTaskTCBBuffer,
StackType_t ** ppxIdleTaskStackBuffer,
uint32_t * pulIdleTaskStackSize )
{
*ppxIdleTaskTCBBuffer = pxIdleTaskTCB;
*ppxIdleTaskStackBuffer = pxIdleTaskStack;
*pulIdleTaskStackSize = configMINIMAL_STACK_SIZE;
}
/*
* The buffers used here have been successfully allocated before (global variables)
*/
void vApplicationGetTimerTaskMemory( StaticTask_t ** ppxTimerTaskTCBBuffer,
StackType_t ** ppxTimerTaskStackBuffer,
uint32_t * pulTimerTaskStackSize )
{
*ppxTimerTaskTCBBuffer = pxTimerTaskTCB;
*ppxTimerTaskStackBuffer = pxTimerTaskStack;
*pulTimerTaskStackSize = configTIMER_TASK_STACK_DEPTH;
}

49
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskSuspendAll/Makefile.json Normal file
View File

@ -0,0 +1,49 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskSuspendAll",
"DEF":
[
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'"
],
"CBMCFLAGS":
[
"--unwind 1"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto",
"$(FREERTOS)/Source/list.goto"
],
"INC":
[
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskSuspendAll/"
]
}

5
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskSuspendAll/README.md Normal file
View File

@ -0,0 +1,5 @@
This proof demonstrates the memory safety of the TaskSuspendAll function.
No assumption or abstraction is required for this memory-safety proof.
This proof is a work-in-progress. Proof assumptions are described in
the harness.

42
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskSuspendAll/TaskSuspendAll_harness.c Normal file
View File

@ -0,0 +1,42 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
/*
* We just call vTaskSuspendAll(). No assumption
* or abstraction is required for this proof
*/
void harness()
{
vTaskSuspendAll();
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskSuspendAll/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskSuspendAll",
"proof-root": "Test/CBMC/proofs"
}

52
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/Makefile.json Normal file
View File

@ -0,0 +1,52 @@
#
# FreeRTOS memory safety proofs with CBMC.
# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# http://aws.amazon.com/freertos
# http://www.FreeRTOS.org
#
{
"ENTRY": "TaskSwitchContext",
"DEF":
[
"FREERTOS_MODULE_TEST",
"'portGET_HIGHEST_PRIORITY(uxTopPriority, uxReadyPriorities)=__CPROVER_assume( uxTopPriority < configMAX_PRIORITIES )'",
"'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'"
],
"CBMCFLAGS":
[
"--unwind 1",
"--unwindset prvInitialiseTaskLists.0:8,xPrepareTaskLists.0:8,vListInsert.0:2"
],
"OBJS":
[
"$(ENTRY)_harness.goto",
"$(FREERTOS)/Source/tasks.goto",
"$(FREERTOS)/Source/list.goto"
],
"INC":
[
"$(FREERTOS)/Test/CBMC/proofs/Task/TaskSwitchContext/"
]
}

14
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/README.md Normal file
View File

@ -0,0 +1,14 @@
This proof demonstrates the memory safety of the TaskSwitchContext function.
We assume task ready lists to be initialized and filled with one element each,
and `pxCurrentTCB` to be the highest priority task. We also set
`uxSchedulerSuspended` to a nondeterministic value.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* prvTraceGetCurrentTaskHandle
* prvTraceGetTaskNumber
* prvTraceStoreTaskswitch
* ulGetRunTimeCounterValue

54
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/TaskSwitchContext_harness.c Normal file
View File

@ -0,0 +1,54 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include <stdint.h>
/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "task.h"
void vSetGlobalVariables( void );
BaseType_t xPrepareTaskLists( void );
/*
* We prepare task lists by inserting one item in each list,
* and with the macro redefinition we ensure only valid ready
* task lists are checked in `taskSELECT_HIGHEST_PRIORITY_TASK()`
*/
void harness()
{
BaseType_t xTasksPrepared;
vSetGlobalVariables();
xTasksPrepared = xPrepareTaskLists();
if( xTasksPrepared != pdFAIL )
{
vTaskSwitchContext();
}
}

28
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/cbmc-viewer.json Normal file
View File

@ -0,0 +1,28 @@
{ "expected-missing-functions":
[
"vApplicationTickHook",
"pxPortInitialiseStack",
"vPortCloseRunningThread",
"vPortDeleteThread",
"vPortEnterCritical",
"vPortExitCritical",
"vPortGenerateSimulatedInterrupt",
"xPortStartScheduler",
"pvTaskIncrementMutexHeldCount",
"uxTaskGetTaskNumber",
"vTaskInternalSetTimeOutState",
"vTaskMissedYield",
"vTaskPlaceOnEventList",
"vTaskPriorityDisinheritAfterTimeout",
"vTaskSuspendAll",
"xTaskGetCurrentTaskHandle",
"xTaskPriorityDisinherit",
"xTaskPriorityInherit",
"xTaskRemoveFromEventList",
"xTaskResumeAll"
],
"proof-name": "TaskSwitchContext",
"proof-root": "Test/CBMC/proofs"
}

109
kernel/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/tasks_test_access_functions.h Normal file
View File

@ -0,0 +1,109 @@
/*
* FreeRTOS memory safety proofs with CBMC.
* Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* https://aws.amazon.com/freertos
* https://www.FreeRTOS.org
*/
#include "cbmc.h"
/*
* We allocate a TCB and set some members to basic values
*/
TaskHandle_t xUnconstrainedTCB( UBaseType_t uxPriority )
{
TCB_t * pxTCB = pvPortMalloc( sizeof( TCB_t ) );
if( pxTCB == NULL )
{
return NULL;
}
/* uxPriority is set to a specific priority */
pxTCB->uxPriority = uxPriority;
vListInitialiseItem( &( pxTCB->xStateListItem ) );
vListInitialiseItem( &( pxTCB->xEventListItem ) );
listSET_LIST_ITEM_OWNER( &( pxTCB->xStateListItem ), pxTCB );
listSET_LIST_ITEM_OWNER( &( pxTCB->xEventListItem ), pxTCB );
if( nondet_bool() )
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), pxTCB->uxPriority );
}
else
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), portMAX_DELAY );
}
if( nondet_bool() )
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxTCB->uxPriority );
}
else
{
listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), portMAX_DELAY );
}
return pxTCB;
}
/*
* We set the values of relevant global
* variables to nondeterministic values
*/
void vSetGlobalVariables( void )
{
uxSchedulerSuspended = nondet_ubasetype();
}
/*
* We initialize and fill with one item each ready tasks list
* so that the assertion on line 175 (tasks.c) does not fail
*/
BaseType_t xPrepareTaskLists( void )
{
TCB_t * pxTCB = NULL;
__CPROVER_assert_zero_allocation();
prvInitialiseTaskLists();
for( int i = 0; i < configMAX_PRIORITIES; ++i )
{
pxTCB = xUnconstrainedTCB( i );
if( pxTCB == NULL )
{
return pdFAIL;
}
vListInsert( &pxReadyTasksLists[ pxTCB->uxPriority ], &( pxTCB->xStateListItem ) );
}
listGET_OWNER_OF_NEXT_ENTRY( pxCurrentTCB, &pxReadyTasksLists[ configMAX_PRIORITIES - 1 ] );
return pdPASS;
}