Refactored lock predicates to improve readability.

verification/verifast/proof/ready_list_predicates.h

@@ -77,8 +77,8 @@ ensures
 /*@
 // TODO: We know that the list of priority 0 is never empty.
 //       It contains the idle task and nothing else.
-predicate readyLists_p() =
-    List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, ?gCellLists);
+predicate readyLists_p(list<list<struct xLIST_ITEM*> > gCellLists) =
+    List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, gCellLists);
 @*/
 
 

verification/verifast/proof/task_predicates.h

@@ -66,7 +66,7 @@ predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) =
     
     tcb->uxPriority |-> _ &*&
 
-    tcb->xTaskRunState |-> _ &*&
+    tcb->xTaskRunState |-> ?gTaskRunState &*&
     tcb->xIsIdle |-> _ &*&
     
     // Assumes macro `configMAX_TASK_NAME_LEN` evaluates to 16.
@@ -102,13 +102,17 @@ predicate absTCB_p(TCB_t* tcb) =
 //
 // The predicates below will be expanded iteratively.
 
-predicate prvTCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack) =
+predicate prvSeg_TCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack) =
     tcb->pxStack |-> ?stackPtr &*&
     tcb->pxTopOfStack |-> ?topPtr &*&
     stack_p_2(stackPtr, ?ulStackDepth, topPtr, 
               ulFreeBytesOnStack, ?ulUsedCells, ?ulUnalignedBytes);
 
-predicate pubTCB_p(TCB_t* tcb, UBaseType_t uxCriticalNesting) =
+predicate sharedSeg_TCB_p(TCB_t* tcb) =
+    tcb->xTaskRunState |-> ?gTaskRunState &*&
+    true;
+
+predicate coreLocalSeg_TCB_p(TCB_t* tcb, UBaseType_t uxCriticalNesting) =
     tcb->uxCriticalNesting |-> uxCriticalNesting;
 @*/
 

verification/verifast/proof/verifast_lock_predicates.h

@@ -29,8 +29,9 @@ fixpoint bool interruptsDisabled_f(uint32_t);
 
 predicate coreLocalInterruptInv_p() =
     pointer(&pxCurrentTCBs[coreID_f], ?currentTCB) &*&
-    pubTCB_p(currentTCB, 0) &*&
-    integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _);
+    //pubTCB_p(currentTCB, 0) &*&
+    integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*&
+    coreLocalSeg_TCB_p(currentTCB, ?gCriticalNesting);
 
 
 predicate coreLocalLocked(uint32_t coreID);
@@ -94,20 +95,11 @@ predicate taskISRLockInv() =
         integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority) &*&
         0 <= gTopReadyPriority &*& gTopReadyPriority < configMAX_PRIORITIES
     &*&
-    readyLists_p() &*&
-    // Update: The current task on this core is interrupt protected.
-    // TODO: Exclude from `allTasks`.
-    // `allTasks` stores pointers to all currently valid tasks (i.e. TCB_t instances)
-    //foreach(?tasks, absTCB_p) &*&
-    // If a task is scheduled, it must be valid
-    //[0.5]pointer(&pxCurrentTCBs[coreID_f()], ?scheduledTask) &*&
-    //scheduledTask != NULL
-    //    ? mem(scheduledTask, tasks) == true
-    //    : true
-    //&*&
+    readyLists_p(?gCellLists) &*&
     true;
 
 
+
 lemma void produce_taskISRLockInv();
 requires locked(?heldLocks) &*&
          heldLocks == cons(?i, cons(?t, nil)) &*&