len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-12-11 14:15:12 -05:00
Code Issues Projects Releases Packages Wiki Activity

Verified pxPortInitialiseStack for new version of stack predicate.

Browse source
This commit is contained in:
Tobias Reinhard 2022-11-02 14:02:42 -04:00
parent f793c96031
commit 249d220ed7
2 changed files with 178 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

39
verification/verifast/preprocessed_files/tasks--pp.c
View file

@ -9975,10 +9975,13 @@ predicate stack_p_2(StackType_t * pxStack,
// Used stack cells
integers_(pxTopOfStack + 1, sizeof(StackType_t), false, ulUsedCells, _) &*&
// Unaligned rest
//unalignedRestOfStack_p((char*) pxStack + freeBytes, ulUsedCells, ulUnalignedBytes);
true;
//unalignedRestOfStack_p(pxTopOfStack, ulUsedCells, ulUnalignedBytes);
true; // skip unaligned part for now
predicate unalignedRestOfStack_p(StackType_t * pxTopOfStack,
uint32_t ulUsedCells,
uint32_t ulUnalignedBytes) =
chars((char*) pxTopOfStack + sizeof(StackType_t) * (ulUsedCells + 1), ulUnalignedBytes, _);
@*/
/*@
@ -10417,8 +10420,7 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
ulFreeBytes > 17 * sizeof(StackType_t) &*&
pxStack > 0;
@*/
/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes,
ulUsedCells, ulUnalignedBytes);
/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack - 16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
@*/
{
//@ StackType_t* gOldTop = pxTopOfStack;
@ -10486,6 +10488,11 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
pxTopOfStack -= 5; /* R12, R3, R2 and R1. */
// jump to stack cell #7
//@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 8));
//@ chars_to_integers_(gOldTop-7, sizeof(StackType_t), false, 4);
//@ integers__join(gOldTop-7);
// Ensure maintining stack invariant
//@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 8, ulUsedCells + 8, ulUnalignedBytes);
//@ open stack_p_2(pxStack, _, _, _, _, _);
@ -10495,28 +10502,32 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
// prevent overflow
//@ ptr_range<void>(pvParameters);
// make stack cell #8 available
//@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 9));
//@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 5);
//@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 1);
//@ integers__join(gOldTop-8);
*pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */
//@ close integers_(gOldTop-8, sizeof(StackType_t), false, ulUsedCells+9, _);
// Ensure maintining stack invariant
//@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack-1, ulFreeBytes - sizeof(StackType_t) * 9, ulUsedCells + 9, ulUnalignedBytes);
//@ open stack_p_2(pxStack, _, _, _, _, _);
// skip stack cells #9 - #15, leave #16 unused
//@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 17));
//@ chars_to_integers_(gOldTop-16, sizeof(StackType_t), false, 8);
//@ integers__join(gOldTop-16);
//@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 16));
//@ chars_to_integers_(gOldTop-15, sizeof(StackType_t), false, 7);
//@ integers__join(gOldTop-15);
pxTopOfStack -= 8; /* R11..R4. */
// Ensure maintining stack invariant
//@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
//@ assert( stack_p_2(pxStack, ulStackDepth, gOldTop-16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes) );
//@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 17) );
//@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 16) == (char*) pxTopOfStack + sizeof(StackType_t) );
//@close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - (sizeof(StackType_t) * 16), ulUsedCells, ulUnalignedBytes);
return pxTopOfStack;
}
// # 66 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2

30
verification/verifast/proof/snippets/rp2040_port_c_snippets.c
View file

@ -117,8 +117,7 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
ulFreeBytes > 17 * sizeof(StackType_t) &*&
pxStack > 0;
@*/
/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes,
ulUsedCells, ulUnalignedBytes);
/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack - 16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
@*/
{
//@ StackType_t* gOldTop = pxTopOfStack;
@ -186,6 +185,11 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
pxTopOfStack -= 5; /* R12, R3, R2 and R1. */
// jump to stack cell #7
//@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 8));
//@ chars_to_integers_(gOldTop-7, sizeof(StackType_t), false, 4);
//@ integers__join(gOldTop-7);
// Ensure maintining stack invariant
//@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 8, ulUsedCells + 8, ulUnalignedBytes);
//@ open stack_p_2(pxStack, _, _, _, _, _);
@ -195,27 +199,31 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
// prevent overflow
//@ ptr_range<void>(pvParameters);
// make stack cell #8 available
//@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 9));
//@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 5);
//@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 1);
//@ integers__join(gOldTop-8);
*pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */
//@ close integers_(gOldTop-8, sizeof(StackType_t), false, ulUsedCells+9, _);
// Ensure maintining stack invariant
//@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack-1, ulFreeBytes - sizeof(StackType_t) * 9, ulUsedCells + 9, ulUnalignedBytes);
//@ open stack_p_2(pxStack, _, _, _, _, _);
// skip stack cells #9 - #15, leave #16 unused
//@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 17));
//@ chars_to_integers_(gOldTop-16, sizeof(StackType_t), false, 8);
//@ integers__join(gOldTop-16);
//@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 16));
//@ chars_to_integers_(gOldTop-15, sizeof(StackType_t), false, 7);
//@ integers__join(gOldTop-15);
pxTopOfStack -= 8; /* R11..R4. */
// Ensure maintining stack invariant
//@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
//@ assert( stack_p_2(pxStack, ulStackDepth, gOldTop-16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes) );
//@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 17) );
//@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 16) == (char*) pxTopOfStack + sizeof(StackType_t) );
//@close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - (sizeof(StackType_t) * 16), ulUsedCells, ulUnalignedBytes);
return pxTopOfStack;
}