[修改] 增加freeRTOS

1. 版本FreeRTOSv202212.01，命名为kernel；

kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/parsing/ProcessIPPacket/Configurations.json

@@ -0,0 +1,35 @@
+{
+  "ENTRY": "ProcessIPPacket",
+  "CBMCFLAGS":
+  [
+    "--unwind 1",
+    "--unwindset memcmp.0:7",
+    "--nondet-static"
+  ],
+  "OBJS":
+  [
+    "$(ENTRY)_harness.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_IP.goto"
+  ],
+  "DEF":
+  [
+    {
+      "ChecksumIncluded":
+      [
+        "ipconfigDRIVER_INCLUDED_TX_IP_CHECKSUM=1",
+        "FREERTOS_TCP_ENABLE_VERIFICATION"
+      ]
+    },
+    {
+      "ChecksumNotIncluded":
+      [
+        "ipconfigDRIVER_INCLUDED_TX_IP_CHECKSUM=0",
+        "FREERTOS_TCP_ENABLE_VERIFICATION"
+      ]
+    }
+  ],
+  "INC":
+  [
+    "$(FREERTOS_PLUS_TCP)/test/cbmc/include"
+  ]
+}

kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/parsing/ProcessIPPacket/ProcessIPPacket_harness.c

@@ -0,0 +1,76 @@
+/* FreeRTOS includes. */
+#include "FreeRTOS.h"
+#include "queue.h"
+
+/* FreeRTOS+TCP includes. */
+#include "FreeRTOS_IP.h"
+#include "FreeRTOS_IP_Private.h"
+
+/* proof is done separately */
+BaseType_t xProcessReceivedTCPPacket( NetworkBufferDescriptor_t * pxNetworkBuffer )
+{
+}
+
+/* proof is done separately */
+BaseType_t xProcessReceivedUDPPacket( NetworkBufferDescriptor_t * pxNetworkBuffer,
+                                      uint16_t usPort )
+{
+}
+
+/* This proof was done before. Hence we assume it to be correct here. */
+void vARPRefreshCacheEntry( const MACAddress_t * pxMACAddress,
+                            const uint32_t ulIPAddress )
+{
+}
+
+eFrameProcessingResult_t publicProcessIPPacket( IPPacket_t * const pxIPPacket,
+                                                NetworkBufferDescriptor_t * const pxNetworkBuffer );
+
+#if ( ipconfigDRIVER_INCLUDED_TX_IP_CHECKSUM == 0 )
+
+/* The checksum generation is stubbed out since the actual checksum
+ * does not matter. The stub will return an indeterminate value each time. */
+    uint16_t usGenerateChecksum( uint16_t usSum,
+                                 const uint8_t * pucNextData,
+                                 size_t uxByteCount )
+    {
+        uint16_t usReturn;
+
+        __CPROVER_assert( pucNextData != NULL, "Next data cannot be NULL" );
+
+        /* Return an indeterminate value. */
+        return usReturn;
+    }
+
+/* The checksum generation is stubbed out since the actual checksum
+ * does not matter. The stub will return an indeterminate value each time. */
+    uint16_t usGenerateProtocolChecksum( const uint8_t * const pucEthernetBuffer,
+                                         size_t uxBufferLength,
+                                         BaseType_t xOutgoingPacket )
+    {
+        uint16_t usReturn;
+
+        __CPROVER_assert( pucEthernetBuffer != NULL, "Ethernet buffer cannot be NULL" );
+
+        /* Return an indeterminate value. */
+        return usReturn;
+    }
+#endif /* if ( ipconfigDRIVER_INCLUDED_TX_IP_CHECKSUM == 0 ) */
+
+void harness()
+{
+    NetworkBufferDescriptor_t * const pxNetworkBuffer = malloc( sizeof( NetworkBufferDescriptor_t ) );
+
+    __CPROVER_assume( pxNetworkBuffer != NULL );
+
+    /* Pointer to the start of the Ethernet frame. It should be able to access the whole Ethernet frame.*/
+    pxNetworkBuffer->pucEthernetBuffer = malloc( ipTOTAL_ETHERNET_FRAME_SIZE );
+    __CPROVER_assume( pxNetworkBuffer->pucEthernetBuffer != NULL );
+
+    /* Minimum length of the pxNetworkBuffer->xDataLength is at least the size of the IPPacket_t. */
+    __CPROVER_assume( pxNetworkBuffer->xDataLength >= sizeof( IPPacket_t ) && pxNetworkBuffer->xDataLength <= ipTOTAL_ETHERNET_FRAME_SIZE );
+
+    IPPacket_t * const pxIPPacket = ( IPPacket_t * ) pxNetworkBuffer->pucEthernetBuffer;
+
+    publicProcessIPPacket( pxIPPacket, pxNetworkBuffer );
+}

kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/parsing/ProcessReceivedTCPPacket/Makefile.json

@@ -0,0 +1,38 @@
+{
+  "ENTRY": "ProcessReceivedTCPPacket",
+  "CBMCFLAGS":
+  [
+    "--unwind 1",
+    "--unwindset prvTCPSendRepeated.0:13",
+    "--nondet-static"
+  ],
+  "OBJS":
+  [
+    "$(ENTRY)_harness.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_IP.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_IP_Utils.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_IP_Timers.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_TCP_IP.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_TCP_Transmission.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_TCP_State_Handling.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_TCP_Utils.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_TCP_Reception.goto"
+  ],
+  "INSTFLAGS":
+  [
+    "--remove-function-body prvSingleStepTCPHeaderOptions",
+    "--remove-function-body prvCheckOptions",
+    "--remove-function-body prvTCPPrepareSend",
+    "--remove-function-body prvTCPReturnPacket",
+    "--remove-function-body prvTCPHandleState"
+  ],
+  "DEF":
+  [
+    "FREERTOS_TCP_ENABLE_VERIFICATION"
+  ],
+  "INC":
+  [
+    "$(FREERTOS_PLUS_TCP)/test/cbmc/include"
+  ]
+}
+

kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/parsing/ProcessReceivedTCPPacket/ProcessReceivedTCPPacket_harness.c

@@ -0,0 +1,116 @@
+/* FreeRTOS includes. */
+#include "FreeRTOS.h"
+#include "queue.h"
+
+/* FreeRTOS+TCP includes. */
+#include "FreeRTOS_IP.h"
+#include "FreeRTOS_IP_Private.h"
+#include "FreeRTOS_TCP_IP.h"
+#include "FreeRTOS_Stream_Buffer.h"
+
+/* This proof assumes FreeRTOS_socket, pxTCPSocketLookup and
+ * pxGetNetworkBufferWithDescriptor are implemented correctly.
+ *
+ * It also assumes prvSingleStepTCPHeaderOptions, prvCheckOptions, prvTCPPrepareSend,
+ * prvTCPHandleState and prvTCPReturnPacket are correct. These functions are
+ * proved to be correct separately. */
+
+/* Implementation of safe malloc */
+void * safeMalloc( size_t xWantedSize )
+{
+    if( xWantedSize == 0 )
+    {
+        return NULL;
+    }
+
+    uint8_t byte;
+
+    return byte ? malloc( xWantedSize ) : NULL;
+}
+
+/* Abstraction of FreeRTOS_socket */
+Socket_t FreeRTOS_socket( BaseType_t xDomain,
+                          BaseType_t xType,
+                          BaseType_t xProtocol )
+{
+    return safeMalloc( sizeof( FreeRTOS_Socket_t ) );
+}
+
+/* Abstraction of xTaskGetCurrentTaskHandle */
+TaskHandle_t xTaskGetCurrentTaskHandle( void )
+{
+    static int xIsInit = 0;
+    static TaskHandle_t pxCurrentTCB;
+    TaskHandle_t xRandomTaskHandle; /* not initialized on purpose */
+
+    if( xIsInit == 0 )
+    {
+        pxCurrentTCB = xRandomTaskHandle;
+        xIsInit = 1;
+    }
+
+    return pxCurrentTCB;
+}
+
+/* Abstraction of pxTCPSocketLookup */
+FreeRTOS_Socket_t * pxTCPSocketLookup( uint32_t ulLocalIP,
+                                       UBaseType_t uxLocalPort,
+                                       uint32_t ulRemoteIP,
+                                       UBaseType_t uxRemotePort )
+{
+    FreeRTOS_Socket_t * xRetSocket = safeMalloc( sizeof( FreeRTOS_Socket_t ) );
+
+    if( xRetSocket )
+    {
+        xRetSocket->u.xTCP.txStream = safeMalloc( sizeof( StreamBuffer_t ) );
+        xRetSocket->u.xTCP.pxPeerSocket = safeMalloc( sizeof( StreamBuffer_t ) );
+
+        /* This bit depicts whether the socket was supposed to be reused or not. */
+        if( xRetSocket->u.xTCP.pxPeerSocket == NULL )
+        {
+            xRetSocket->u.xTCP.bits.bReuseSocket = pdTRUE_UNSIGNED;
+        }
+        else
+        {
+            xRetSocket->u.xTCP.bits.bReuseSocket = pdFALSE_UNSIGNED;
+        }
+
+        if( xIsCallingFromIPTask() == pdFALSE )
+        {
+            xRetSocket->u.xTCP.bits.bPassQueued = pdFALSE_UNSIGNED;
+            xRetSocket->u.xTCP.bits.bPassAccept = pdFALSE_UNSIGNED;
+        }
+    }
+
+    return xRetSocket;
+}
+
+/* Abstraction of pxGetNetworkBufferWithDescriptor */
+NetworkBufferDescriptor_t * pxGetNetworkBufferWithDescriptor( size_t xRequestedSizeBytes,
+                                                              TickType_t xBlockTimeTicks )
+{
+    NetworkBufferDescriptor_t * pxNetworkBuffer = safeMalloc( sizeof( NetworkBufferDescriptor_t ) );
+
+    if( pxNetworkBuffer )
+    {
+        pxNetworkBuffer->pucEthernetBuffer = safeMalloc( xRequestedSizeBytes );
+        __CPROVER_assume( pxNetworkBuffer->xDataLength == ipSIZE_OF_ETH_HEADER + sizeof( int32_t ) );
+    }
+
+    return pxNetworkBuffer;
+}
+
+void harness()
+{
+    NetworkBufferDescriptor_t * pxNetworkBuffer = safeMalloc( sizeof( NetworkBufferDescriptor_t ) );
+
+    /* To avoid asserting on the network buffer being NULL. */
+    __CPROVER_assume( pxNetworkBuffer != NULL );
+
+    pxNetworkBuffer->pucEthernetBuffer = safeMalloc( sizeof( TCPPacket_t ) );
+
+    /* To avoid asserting on the ethernet buffer being NULL. */
+    __CPROVER_assume( pxNetworkBuffer->pucEthernetBuffer != NULL );
+
+    xProcessReceivedTCPPacket( pxNetworkBuffer );
+}

kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/parsing/ProcessReceivedUDPPacket/Makefile.json

@@ -0,0 +1,23 @@
+{
+  "ENTRY": "ProcessReceivedUDPPacket",
+  "MAX_RX_PACKETS":1,
+  "USE_LLMNR":1,
+  "USE_NBNS":1,
+  "CBMCFLAGS":
+  [
+    "--unwind 1",
+    "--nondet-static"
+  ],
+  "OBJS":
+  [
+    "$(ENTRY)_harness.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_UDP_IP.goto",
+    "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_IP.goto"
+  ],
+  "DEF":
+  [
+    "ipconfigUDP_MAX_RX_PACKETS={MAX_RX_PACKETS}",
+    "ipconfigUSE_LLMNR={USE_LLMNR}",
+    "ipconfigUSE_NBNS={USE_NBNS}"
+  ]
+}

kernel/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/test/cbmc/proofs/parsing/ProcessReceivedUDPPacket/ProcessReceivedUDPPacket_harness.c

@@ -0,0 +1,72 @@
+/* FreeRTOS includes. */
+#include "FreeRTOS.h"
+#include "queue.h"
+
+/* FreeRTOS+TCP includes. */
+#include "FreeRTOS_IP.h"
+#include "FreeRTOS_IP_Private.h"
+#include "FreeRTOS_ARP.h"
+#include "FreeRTOS_UDP_IP.h"
+#include "FreeRTOS_TCP_IP.h"
+
+/*This proof assumes that pxUDPSocketLookup is implemented correctly. */
+
+/* This proof was done before. Hence we assume it to be correct here. */
+void vARPRefreshCacheEntry( const MACAddress_t * pxMACAddress,
+                            const uint32_t ulIPAddress )
+{
+}
+
+/* This proof was done before. Hence we assume it to be correct here. */
+BaseType_t xIsDHCPSocket( Socket_t xSocket )
+{
+}
+
+/* This proof was done before. Hence we assume it to be correct here. */
+uint32_t ulDNSHandlePacket( NetworkBufferDescriptor_t * pxNetworkBuffer )
+{
+}
+
+/* Implementation of safe malloc */
+void * safeMalloc( size_t xWantedSize )
+{
+    if( xWantedSize == 0 )
+    {
+        return NULL;
+    }
+
+    uint8_t byte;
+
+    return byte ? malloc( xWantedSize ) : NULL;
+}
+
+/* Abstraction of pxUDPSocketLookup */
+FreeRTOS_Socket_t * pxUDPSocketLookup( UBaseType_t uxLocalPort )
+{
+    return safeMalloc( sizeof( FreeRTOS_Socket_t ) );
+}
+
+void harness()
+{
+    NetworkBufferDescriptor_t * pxNetworkBuffer = safeMalloc( sizeof( NetworkBufferDescriptor_t ) );
+    BaseType_t * pxIsWaitingForARPResolution;
+
+    pxIsWaitingForARPResolution = safeMalloc( sizeof( BaseType_t ) );
+
+    /* The function under test is only called by the IP-task. The below pointer is an
+     * address of a local variable which is being passed to the function under test.
+     * Thus, it cannot ever be NULL. */
+    __CPROVER_assume( pxIsWaitingForARPResolution != NULL );
+
+    if( pxNetworkBuffer )
+    {
+        pxNetworkBuffer->pucEthernetBuffer = safeMalloc( sizeof( UDPPacket_t ) );
+    }
+
+    uint16_t usPort;
+
+    if( pxNetworkBuffer && pxNetworkBuffer->pucEthernetBuffer )
+    {
+        xProcessReceivedUDPPacket( pxNetworkBuffer, usPort, pxIsWaitingForARPResolution );
+    }
+}