[修改] 增加freeRTOS

1. 版本FreeRTOSv202212.01，命名为kernel；

kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/DHCP/DHCPProcess/DHCPProcess_harness.c

@@ -0,0 +1,104 @@
+/*
+ * FreeRTOS memory safety proofs with CBMC.
+ * Copyright (C) 2022 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ * http://aws.amazon.com/freertos
+ * http://www.FreeRTOS.org
+ */
+
+/* Standard includes. */
+#include <stdint.h>
+
+/* FreeRTOS includes. */
+#include "FreeRTOS.h"
+#include "task.h"
+#include "semphr.h"
+
+/* FreeRTOS+TCP includes. */
+#include "FreeRTOS_IP.h"
+#include "FreeRTOS_Sockets.h"
+#include "FreeRTOS_IP_Private.h"
+#include "FreeRTOS_UDP_IP.h"
+#include "FreeRTOS_DHCP.h"
+#include "FreeRTOS_ARP.h"
+
+/* Static members defined in FreeRTOS_DHCP.c */
+extern DHCPData_t xDHCPData;
+extern Socket_t xDHCPSocket;
+void prvCreateDHCPSocket();
+
+/* Static member defined in freertos_api.c */
+#ifdef CBMC_GETNETWORKBUFFER_FAILURE_BOUND
+    extern uint32_t GetNetworkBuffer_failure_count;
+#endif
+
+/****************************************************************
+* The signature of the function under test.
+****************************************************************/
+
+void vDHCPProcess( BaseType_t xReset,
+                   eDHCPState_t eExpectedState );
+
+/****************************************************************
+* Abstract prvProcessDHCPReplies proved memory safe in ProcessDHCPReplies.
+****************************************************************/
+
+BaseType_t prvProcessDHCPReplies( BaseType_t xExpectedMessageType )
+{
+    return nondet_BaseType();
+}
+
+/****************************************************************
+* The proof of vDHCPProcess
+****************************************************************/
+
+void harness()
+{
+    BaseType_t xReset;
+    eDHCPState_t eExpectedState;
+
+    /****************************************************************
+    * Initialize the counter used to bound the number of times
+    * GetNetworkBufferWithDescriptor can fail.
+    ****************************************************************/
+
+    #ifdef CBMC_GETNETWORKBUFFER_FAILURE_BOUND
+        GetNetworkBuffer_failure_count = 0;
+    #endif
+
+    /****************************************************************
+    * Assume a valid socket in most states of the DHCP state machine.
+    *
+    * The socket is created in the eWaitingSendFirstDiscover state.
+    * xReset==True resets the state to eWaitingSendFirstDiscover.
+    ****************************************************************/
+
+    if( !( ( xDHCPData.eDHCPState == eInitialWait ) ||
+           ( xReset != pdFALSE ) ) )
+    {
+        prvCreateDHCPSocket();
+        __CPROVER_assume( xDHCPSocket != NULL );
+    }
+
+    vDHCPProcess( xReset, eExpectedState );
+}

kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/DHCP/DHCPProcess/Makefile.json

@@ -0,0 +1,56 @@
+#
+# FreeRTOS memory safety proofs with CBMC.
+# Copyright (C) 2022 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+#
+# Permission is hereby granted, free of charge, to any person
+# obtaining a copy of this software and associated documentation
+# files (the "Software"), to deal in the Software without
+# restriction, including without limitation the rights to use, copy,
+# modify, merge, publish, distribute, sublicense, and/or sell copies
+# of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#
+# http://aws.amazon.com/freertos
+# http://www.FreeRTOS.org
+#
+
+{
+  "ENTRY": "DHCPProcess",
+
+  # Minimal buffer size for maximum coverage, see harness for details.
+  "BUFFER_SIZE": 299,
+
+  # The number of times GetNetworkBufferWithDescriptor can be allowed to fail
+  # (plus 1).
+  "FAILURE_BOUND": 2,
+
+  "CBMCFLAGS": "--unwind 4 --unwindset strlen.0:11,memcmp.0:7,prvProcessDHCPReplies.0:8,prvCreatePartDHCPMessage.0:{FAILURE_BOUND} --nondet-static --flush",
+  "OBJS":
+  [
+    "$(ENTRY)_harness.goto",
+    "$(FREERTOS_PLUS_TCP)/test/cbmc/stubs/cbmc.goto",
+    "$(FREERTOS_PLUS_TCP)/test/cbmc/stubs/freertos_api.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_DHCP.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_IP.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_ARP.goto"
+  ],
+
+  "DEF":
+  [
+    "BUFFER_SIZE={BUFFER_SIZE}",
+    "CBMC_REQUIRE_NETWORKBUFFER_ETHERNETBUFFER_NONNULL=1",
+    "CBMC_GETNETWORKBUFFER_FAILURE_BOUND={FAILURE_BOUND}"
+  ]
+}

kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/DHCP/DHCPProcess/README.md

@@ -0,0 +1,28 @@
+This is the memory safety proof for DHCPProcess function, which is the
+function that triggers the DHCP protocol.
+
+The main stubs in this proof deal with buffer management, which assume
+that the buffer is large enough to accomodate a DHCP message plus a
+few additional bytes for options (which is the last, variable-sized
+field in a DHCP message). We have abstracted away sockets, concurrency
+and third-party code. For more details, please check the comments on
+the harness file.
+
+This proof is a work-in-progress.  Proof assumptions are described in
+the harness.  The proof also assumes the following functions are
+memory safe and have no side effects relevant to the memory safety of
+this function:
+
+* FreeRTOS_sendto
+* FreeRTOS_setsockopt
+* FreeRTOS_socket
+* ulRand
+* vARPSendGratuitous
+* vApplicationIPNetworkEventHook
+* vLoggingPrintf
+* vPortEnterCritical
+* vPortExitCritical
+* vReleaseNetworkBufferAndDescriptor
+* vSocketBind
+* vSocketClose
+

kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/DHCP/DHCPProcess/cbmc-viewer.json

@@ -0,0 +1,16 @@
+{ "expected-missing-functions":
+  [
+    "vPortEnterCritical",
+    "vPortExitCritical",
+    "vSocketBind",
+    "vSocketClose",
+    "vTaskSetTimeOutState",
+    "xTaskGetTickCount",
+    "xTaskGetCurrentTaskHandle",
+    "xQueueGenericSend",
+    "xApplicationGetRandomNumber",
+    "vLoggingPrintf"
+  ],
+  "proof-name": "DHCPProcess",
+  "proof-root": "tools/cbmc/proofs"
+}

kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/DHCP/IsDHCPSocket/IsDHCPSocket_harness.c

@@ -0,0 +1,49 @@
+/*
+ * FreeRTOS memory safety proofs with CBMC.
+ * Copyright (C) 2022 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ * http://aws.amazon.com/freertos
+ * http://www.FreeRTOS.org
+ */
+
+#include <stdint.h>
+
+/* FreeRTOS includes. */
+#include "FreeRTOS.h"
+#include "task.h"
+
+/* FreeRTOS+TCP includes. */
+#include "FreeRTOS_IP.h"
+#include "FreeRTOS_IP_Private.h"
+#include "FreeRTOS_DHCP.h"
+
+/*
+ * The harness test proceeds to call IsDHCPSocket with an unconstrained value
+ */
+void harness()
+{
+    Socket_t xSocket;
+    BaseType_t xResult;
+
+    xResult = xIsDHCPSocket( xSocket );
+}

kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/DHCP/IsDHCPSocket/Makefile.json

@@ -0,0 +1,40 @@
+#
+# FreeRTOS memory safety proofs with CBMC.
+# Copyright (C) 2022 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+#
+# Permission is hereby granted, free of charge, to any person
+# obtaining a copy of this software and associated documentation
+# files (the "Software"), to deal in the Software without
+# restriction, including without limitation the rights to use, copy,
+# modify, merge, publish, distribute, sublicense, and/or sell copies
+# of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#
+# http://aws.amazon.com/freertos
+# http://www.FreeRTOS.org
+#
+
+{
+  "ENTRY": "IsDHCPSocket",
+  "CBMCFLAGS":
+  [
+      "--unwind 1"
+  ],
+  "OBJS":
+  [
+    "$(ENTRY)_harness.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_DHCP.goto"
+  ]
+}

kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/DHCP/IsDHCPSocket/README.md

@@ -0,0 +1 @@
+This is the memory safety proof for IsDCHPSocket.