[修改] 增加freeRTOS

1. 版本FreeRTOSv202212.01，命名为kernel；
2023-05-06 16:43:01 +00:00
commit a345df017b
20944 changed files with 11094377 additions and 0 deletions
--- a/kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/ParseDNSReply/Makefile.json
+++ b/kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/ParseDNSReply/Makefile.json
@ -0,0 +1,68 @@
+# The proof depends on one parameter:
+#   NETWORK_BUFFER_SIZE is the size of the network buffer being parsed
+# The buffer size must be bounded because we must bound the number of
+# iterations loops iterating over the buffer.
+
+{
+  "ENTRY": "ParseDNSReply",
+
+################################################################
+# This is the network buffer size.
+# Reasonable values are size > 12 = sizeof(xDNSMessage)
+  "NETWORK_BUFFER_SIZE": 40,
+
+################################################################
+# This is the size of the buffer into which the name is copied.
+# Set to any positive value.
+# In the source, NAME_SIZE=254 and NETWORK_BUFFER_SIZE >> NAME_SIZE
+# In the proof, NAME_SIZE >= 4 required for good coverage.
+  "NAME_SIZE":  "10",
+
+################################################################
+# Loop prvParseDNSReply.0:
+# file lib/FreeRTOS-Plus-TCP/source/FreeRTOS_DNS.c line 915
+  "PARSELOOP0": "prvParseDNSReply.0",
+
+# M = sizeof( DNSMessage_t ) = 12
+# U = sizeof( uint32_t) = 4
+# Loop bound is (NETWORK_BUFFER_SIZE - M) div (U+1) + 1 tight for SIZE >= M
+# Loop bound is 1 for 0 <= SIZE < M
+  "PARSELOOP0_UNWIND":
+    "__eval 1 if {NETWORK_BUFFER_SIZE} < 12 else ({NETWORK_BUFFER_SIZE} - 12) / 5 + 1",
+
+################################################################
+# Loop prvParseDNSReply.1:
+# file lib/FreeRTOS-Plus-TCP/source/FreeRTOS_DNS.c line 989
+  "PARSELOOP1": "prvParseDNSReply.1",
+
+# A = sizeof( DNSAnswerRecord_t ) = 10
+# M = sizeof( DNSMessage_t ) = 12
+# U = sizeof( uint32_t) = 4
+# Loop bound is (NETWORK_BUFFER_SIZE - M - A) div (A+1) + A + 1 tight
+#    for SIZE >= M + A
+# Loop bound is (NETWORK_BUFFER_SIZE - M) + 1 for M <= SIZE < M + A
+# Loop bound is 1 for 0 <= SIZE < M
+  "PARSELOOP1_UNWIND":
+    "__eval 1 if {NETWORK_BUFFER_SIZE} < 12 else ({NETWORK_BUFFER_SIZE} - 11 if {NETWORK_BUFFER_SIZE} < 22 else ({NETWORK_BUFFER_SIZE} - 12 - 10) / 11 + 11)",
+
+################################################################
+
+  "CBMCFLAGS":
+  [
+    "--unwind 1",
+    "--unwindset {PARSELOOP0}:{PARSELOOP0_UNWIND},{PARSELOOP1}:{PARSELOOP1_UNWIND},prvProcessDNSCache.0:5"
+  ],
+
+  "OBJS":
+  [
+    "$(ENTRY)_harness.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_DNS.goto",
+    "$(FREERTOS_PLUS_TCP)/test/FreeRTOS-Kernel/tasks.goto"
+  ],
+
+  "DEF":
+  [
+    "NETWORK_BUFFER_SIZE={NETWORK_BUFFER_SIZE}",
+    "NAME_SIZE={NAME_SIZE}"
+  ]
+}
--- a/kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/ParseDNSReply/ParseDNSReply_harness.c
+++ b/kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/ParseDNSReply/ParseDNSReply_harness.c
@ -0,0 +1,130 @@
+/* Standard includes. */
+#include <stdint.h>
+
+/* FreeRTOS includes. */
+#include "FreeRTOS.h"
+#include "task.h"
+#include "queue.h"
+#include "list.h"
+#include "semphr.h"
+
+/* FreeRTOS+TCP includes. */
+#include "FreeRTOS_IP.h"
+#include "FreeRTOS_Sockets.h"
+#include "FreeRTOS_IP_Private.h"
+#include "FreeRTOS_UDP_IP.h"
+#include "FreeRTOS_DNS.h"
+#include "FreeRTOS_DNS_Parser.h"
+#include "NetworkBufferManagement.h"
+#include "NetworkInterface.h"
+#include "IPTraceMacroDefaults.h"
+
+#include "cbmc.h"
+
+/****************************************************************
+* Signature of function under test
+****************************************************************/
+
+uint32_t prvParseDNSReply( uint8_t * pucUDPPayloadBuffer,
+                           size_t uxBufferLength,
+                           BaseType_t xExpected );
+
+/****************************************************************
+* Abstraction of DNS_ReadNameField proved in ReadNameField
+****************************************************************/
+
+size_t DNS_ReadNameField( const uint8_t * pucByte,
+                          size_t uxRemainingBytes,
+                          char * pcName,
+                          size_t uxDestLen )
+{
+    __CPROVER_assert( NETWORK_BUFFER_SIZE < CBMC_MAX_OBJECT_SIZE,
+                      "NETWORK_BUFFER_SIZE < CBMC_MAX_OBJECT_SIZE" );
+    __CPROVER_assert( NAME_SIZE < CBMC_MAX_OBJECT_SIZE,
+                      "NAME_SIZE < CBMC_MAX_OBJECT_SIZE" );
+    __CPROVER_assert( NAME_SIZE >= 4,
+                      "NAME_SIZE >= 4 required for good coverage." );
+
+
+    /* Preconditions */
+    __CPROVER_assert( uxRemainingBytes < CBMC_MAX_OBJECT_SIZE,
+                      "ReadNameField: uxRemainingBytes < CBMC_MAX_OBJECT_SIZE)" );
+    __CPROVER_assert( uxDestLen < CBMC_MAX_OBJECT_SIZE,
+                      "ReadNameField: uxDestLen < CBMC_MAX_OBJECT_SIZE)" );
+
+    __CPROVER_assert( uxRemainingBytes <= NETWORK_BUFFER_SIZE,
+                      "ReadNameField: uxRemainingBytes <= NETWORK_BUFFER_SIZE)" );
+
+    /* This precondition in the function contract for prvReadNameField
+     * fails because prvCheckOptions called prvReadNameField with the
+     * constant value 254.
+     * __CPROVER_assert(uxDestLen <= NAME_SIZE,
+     *       "ReadNameField: uxDestLen <= NAME_SIZE)");
+     */
+
+    __CPROVER_assert( pucByte != NULL,
+                      "ReadNameField:  pucByte != NULL )" );
+    __CPROVER_assert( pcName != NULL,
+                      "ReadNameField:  pcName != NULL )" );
+
+    __CPROVER_assert( uxDestLen > 0,
+                      "ReadNameField: uxDestLen > 0)" );
+
+    /* Return value */
+    size_t index;
+
+    /* Postconditions */
+    __CPROVER_assume( index <= uxDestLen + 1 && index <= uxRemainingBytes );
+
+    return index;
+}
+
+/****************************************************************
+* Abstraction of DNS_SkipNameField proved in SkipNameField
+****************************************************************/
+
+size_t DNS_SkipNameField( const uint8_t * pucByte,
+                          size_t uxLength )
+{
+    __CPROVER_assert( NETWORK_BUFFER_SIZE < CBMC_MAX_OBJECT_SIZE,
+                      "NETWORK_BUFFER_SIZE < CBMC_MAX_OBJECT_SIZE" );
+
+
+    /* Preconditions */
+    __CPROVER_assert( uxLength < CBMC_MAX_OBJECT_SIZE,
+                      "SkipNameField: uxLength < CBMC_MAX_OBJECT_SIZE)" );
+    __CPROVER_assert( uxLength <= NETWORK_BUFFER_SIZE,
+                      "SkipNameField: uxLength <= NETWORK_BUFFER_SIZE)" );
+    __CPROVER_assert( pucByte != NULL,
+                      "SkipNameField: pucByte != NULL)" );
+
+    /* Return value */
+    size_t index;
+
+    /* Postconditions */
+    __CPROVER_assume( index <= uxLength );
+
+    return index;
+}
+
+/****************************************************************
+* Proof of prvParseDNSReply
+****************************************************************/
+
+void harness()
+{
+    size_t uxBufferLength;
+    BaseType_t xExpected;
+    uint8_t * pucUDPPayloadBuffer = malloc( uxBufferLength );
+
+    __CPROVER_assert( NETWORK_BUFFER_SIZE < CBMC_MAX_OBJECT_SIZE,
+                      "NETWORK_BUFFER_SIZE < CBMC_MAX_OBJECT_SIZE" );
+
+    __CPROVER_assume( uxBufferLength < CBMC_MAX_OBJECT_SIZE );
+    __CPROVER_assume( uxBufferLength <= NETWORK_BUFFER_SIZE );
+    __CPROVER_assume( pucUDPPayloadBuffer != NULL );
+
+    uint32_t index = prvParseDNSReply( pucUDPPayloadBuffer,
+                                       uxBufferLength,
+                                       xExpected );
+}