Verified pxPortInitialiseStack for new version of stack predicate.

verification/verifast/preprocessed_files/tasks--pp.c

@@ -9975,10 +9975,13 @@ predicate stack_p_2(StackType_t * pxStack,
     // Used stack cells
     integers_(pxTopOfStack + 1, sizeof(StackType_t), false, ulUsedCells, _) &*&
     // Unaligned rest
-    //unalignedRestOfStack_p((char*) pxStack + freeBytes, ulUsedCells, ulUnalignedBytes);
+    //unalignedRestOfStack_p(pxTopOfStack, ulUsedCells, ulUnalignedBytes);
-    true;
+    true; // skip unaligned part for now
-
 
+predicate unalignedRestOfStack_p(StackType_t * pxTopOfStack,
+                                 uint32_t ulUsedCells,
+                                 uint32_t ulUnalignedBytes) =
+    chars((char*) pxTopOfStack + sizeof(StackType_t) * (ulUsedCells + 1), ulUnalignedBytes, _);
 @*/
 
 /*@
@@ -10417,8 +10420,7 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
              ulFreeBytes > 17 * sizeof(StackType_t) &*&
              pxStack > 0;
   @*/
-/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes, 
+/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack - 16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
-                       			    ulUsedCells, ulUnalignedBytes);
 @*/
 {
     //@ StackType_t* gOldTop = pxTopOfStack;
@@ -10486,6 +10488,11 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
 
     pxTopOfStack -= 5; /* R12, R3, R2 and R1. */
 
+    // jump to stack cell #7
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 8));
+    //@ chars_to_integers_(gOldTop-7, sizeof(StackType_t), false, 4);
+    //@ integers__join(gOldTop-7);
+
     // Ensure maintining stack invariant
     //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 8, ulUsedCells + 8, ulUnalignedBytes);
     //@ open stack_p_2(pxStack, _, _, _, _, _);
@@ -10495,28 +10502,32 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
 
     // prevent overflow
     //@ ptr_range<void>(pvParameters);
+
     // make stack cell #8 available
     //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 9));
-    //@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 5);
+    //@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 1);
     //@ integers__join(gOldTop-8);
     *pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */
     //@ close integers_(gOldTop-8, sizeof(StackType_t), false, ulUsedCells+9, _);
 
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack-1, ulFreeBytes - sizeof(StackType_t) * 9, ulUsedCells + 9, ulUnalignedBytes);
+    //@ open stack_p_2(pxStack, _, _, _, _, _);
+
 
     // skip stack cells #9 - #15, leave #16 unused
-    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 17));
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 16));
-    //@ chars_to_integers_(gOldTop-16, sizeof(StackType_t), false, 8);
+    //@ chars_to_integers_(gOldTop-15, sizeof(StackType_t), false, 7);
-    //@ integers__join(gOldTop-16);
+    //@ integers__join(gOldTop-15);
     pxTopOfStack -= 8; /* R11..R4. */
 
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
+    //@ assert( stack_p_2(pxStack, ulStackDepth, gOldTop-16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes) );
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 17) );
     //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 16) == (char*) pxTopOfStack + sizeof(StackType_t) );
 
-    
-    
-    
-    //@close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - (sizeof(StackType_t) * 16),  ulUsedCells, ulUnalignedBytes);
-    
     return pxTopOfStack;
 }
 // # 66 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2

verification/verifast/proof/snippets/rp2040_port_c_snippets.c

@@ -117,8 +117,7 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
              ulFreeBytes > 17 * sizeof(StackType_t) &*&
              pxStack > 0;
   @*/
-/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes, 
+/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack - 16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
-                       			    ulUsedCells, ulUnalignedBytes);
 @*/
 {
     //@ StackType_t* gOldTop = pxTopOfStack;
@@ -186,6 +185,11 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
 
     pxTopOfStack -= 5; /* R12, R3, R2 and R1. */
     
+    // jump to stack cell #7
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 8));
+    //@ chars_to_integers_(gOldTop-7, sizeof(StackType_t), false, 4);
+    //@ integers__join(gOldTop-7);
+    
     // Ensure maintining stack invariant
     //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 8, ulUsedCells + 8, ulUnalignedBytes);
     //@ open stack_p_2(pxStack, _, _, _, _, _);
@@ -195,27 +199,31 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
 
     // prevent overflow
     //@ ptr_range<void>(pvParameters);
+    
     // make stack cell #8 available
     //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 9));
-    //@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 5);
+    //@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 1);
     //@ integers__join(gOldTop-8);
     *pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */
     //@ close integers_(gOldTop-8, sizeof(StackType_t), false, ulUsedCells+9, _);
     
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack-1, ulFreeBytes - sizeof(StackType_t) * 9, ulUsedCells + 9, ulUnalignedBytes);
+    //@ open stack_p_2(pxStack, _, _, _, _, _);
+
 
     // skip stack cells #9 - #15, leave #16 unused
-    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 17));
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 16));
-    //@ chars_to_integers_(gOldTop-16, sizeof(StackType_t), false, 8);
+    //@ chars_to_integers_(gOldTop-15, sizeof(StackType_t), false, 7);
-    //@ integers__join(gOldTop-16);
+    //@ integers__join(gOldTop-15);
     pxTopOfStack -= 8; /* R11..R4. */
     
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
+    //@ assert( stack_p_2(pxStack, ulStackDepth, gOldTop-16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes) );
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 17) );
     //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 16) == (char*) pxTopOfStack + sizeof(StackType_t) );
 
-    
-    
-    
-    //@close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - (sizeof(StackType_t) * 16),  ulUsedCells, ulUnalignedBytes);
-    
     return pxTopOfStack;
 }