len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-12-12 06:35:19 -05:00
Code Issues Projects Releases Packages Wiki Activity

Refined stack predicate, validated it and verified pxPortInitialiseStack impl from RP2040 port.

Browse source
This commit is contained in:
Tobias Reinhard 2022-10-27 12:43:10 -04:00
parent b185c29a7b
commit 2b82220cec
5 changed files with 377 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

4
include/portable.h
View file

@ -128,8 +128,8 @@
StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
TaskFunction_t pxCode,
void * pvParameters ) PRIVILEGED_FUNCTION;
//@ requires true;
//@ ensures true;
///@ requires true;
///@ ensures true;
#endif
#endif /* if ( portUSING_MPU_WRAPPERS == 1 ) */

1
tasks.c
View file

@ -1371,6 +1371,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
//@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
//@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
//@ close TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t));
//@ assert(false);
}
else
{

337
verification/verifast/preprocessed_files/tasks--pp.c
View file

@ -4449,8 +4449,8 @@ bool spin_lock_is_claimed(uint lock_num);
StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
TaskFunction_t pxCode,
void * pvParameters ) ;
//@ requires true;
//@ ensures true;
///@ requires true;
///@ ensures true;
@ -10032,7 +10032,12 @@ predicate TCB_p(TCB_t * tcb, int stackSize) =
/*@
// Axiomatizes that: 0 <= ptr <= 2^32 - 1
lemma void uint32_t_ptr_range(uint32_t* ptr);
//lemma void uint32_t_ptr_range(uint32_t* ptr);
//requires true;
//ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
// Axiomatizes that: 0 <= ptr <= 2^32 - 1
lemma void ptr_range<t>(t* ptr);
requires true;
ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
@*/
@ -10153,6 +10158,112 @@ bool assert_fct(bool b)
/*
* Setup the timer to generate the tick interrupts. The implementation in this
* file is weak to allow application writers to change the timer used to
* generate the tick interrupt.
*/
void vPortSetupTimerInterrupt( void );
/*
* Exception handlers.
*/
void xPortPendSVHandler( void ) ;
void xPortSysTickHandler( void );
void vPortSVCHandler( void );
/*
* Start first task is a separate function so it can be tested in isolation.
*/
static void vPortStartFirstTask( void ) ;
/*
* Used to catch tasks that attempt to return from their implementing function.
*/
static void prvTaskExitError( void );
/*@
// Represents a stack that grows down.
predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t freeCells) =
integers_(pxStack, sizeof(StackType_t), false, ulStackDepth, _) &*&
ulStackDepth > 0 &*&
freeCells >= 0 &*&
pxTopOfStack == pxStack + freeCells -1 &*&
0 <= freeCells &*& freeCells <= ulStackDepth;
// usedMem == pxStack - pxTopOfStack
// freeMem == ulStackDepth - usedMem
//freeCells * sizeof(StackType_t) == ulStackDepth * sizeof(StackType_t) - ((char*) pxStack - (char*) pxTopOfStack) &*&
// usedCells * sizeof(StackType_t) == ((char*) pxStack - (char*) pxTopOfStack);
@*/
/*/@
lemma void split_stack(StackType_t * pxStack, int offset)
requires stack_p(pxStack,?ulStackDepth, ?pxTopOfStack, ?freeMem, _) &*& 0 <= offset &*&
offset * sizeof(StackType_t) < ulStackDepth;
ensures integers_(pxStack, sizeof(StackType_t), true, offset * sizeof(StackType_t), _) &*&
integers_(pxStack + offset * sizeof(StackType_t), sizeof(StackType_t), true, ulStackDepth - offset * sizeof(StackType_t), _) ;
{
open stack_p(_, _, _, _);
integers__split(pxStack, offset * sizeof(StackType_t) );
}
@*/
/*@
lemma void getTopOfStack(StackType_t* pxStack, StackType_t* pxTopOfStack)
requires stack_p(pxStack,?ulStackDepth, pxTopOfStack, ?freeCells) &*&
freeCells > 0;
ensures // free cells minus top cell
integers_(pxStack, sizeof(StackType_t), false, freeCells-1, _) &*&
// top stack cell
integer_(pxStack + freeCells-1, sizeof(StackType_t), false, _) &*&
// used stack cells
integers_(pxStack + freeCells, sizeof(StackType_t), false,
ulStackDepth - freeCells, _) &*&
// stack contraints necessary to close `stack_p` again
ulStackDepth > 0 &*&
freeCells >= 0 &*&
pxTopOfStack == pxStack + freeCells -1 &*&
0 <= freeCells &*& freeCells <= ulStackDepth;
{
open stack_p(_, _, _, _);
integers__split(pxStack, freeCells-1);
open integers_(pxStack + (freeCells-1), _, _, _, _);
}
@*/
// -------------------------------------------------
// Validate stack predicate
/* Simulates creation and initialisation of a stack that grows down as on RP2040.
*/
StackType_t* test_stack_pred(uint32_t depth)
/*@ requires depth * sizeof(StackType_t) <= UINTPTR_MAX &*&
depth <= UINT_MAX &*&
depth > 0;
@*/
/*@ ensures result == 0 ? true : stack_p(result, depth, ?top, depth) &*&
malloc_block_chars((char*) result, depth * sizeof(StackType_t));
@*/
{
StackType_t * stack;
/* Allocate space for the stack used by the task being created. */
stack = (StackType_t*) malloc( ( ( ( size_t ) depth ) * sizeof( StackType_t ) ) );
if(stack == 0) return 0;
memset(stack, 0, (unsigned int ) depth * sizeof(StackType_t));
StackType_t* top = stack + depth -1;
//@ chars_to_integers_(stack, sizeof(StackType_t), false, depth);
//@ close stack_p(stack, depth, top, depth);
// integers_(stack0, 4, false, depth, _)
return stack;
}
// -------------------------------------------------
/*
* See header file for description.
@ -10160,21 +10271,44 @@ bool assert_fct(bool b)
StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
TaskFunction_t pxCode,
void * pvParameters )
//@ requires true;
//@ ensures true;
/*@ requires pxTopOfStack > 0 &*&
stack_p(?pxStack, ?ulStackDepth, pxTopOfStack, ulStackDepth) &*&
ulStackDepth > 16;
@*/
//@ ensures stack_p(pxStack, ulStackDepth, pxTopOfStack-16, ulStackDepth-16);
{
//@ StackType_t* oldTop = pxTopOfStack;
//@ open stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth);
///@ close stack_p(pxStack, ulStackDepth, pxTopOfStack-1, ulStackDepth-1);
///@ getTopOfStack(pxStack, pxTopOfStack-1);
//@ integers__split(pxStack, ulStackDepth-2);
/* Simulate the stack frame as it would be created by a context switch
* interrupt. */
pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */
*pxTopOfStack = ( 0x01000000 ); /* xPSR */
pxTopOfStack--;
//@ close integers_(oldTop-1, sizeof(StackType_t), false, 2, _);
//@ integers__join(pxStack);
//@ ptr_range<void>(pxCode);
//@ integers__split(pxStack, ulStackDepth-3);
*pxTopOfStack = ( StackType_t ) pxCode; /* PC */
//@ close integers_(oldTop-2, sizeof(StackType_t), false, 3, _);
pxTopOfStack--;
//@ ptr_range<void>(prvTaskExitError);
//@ integers__join(pxStack);
//@ integers__split(pxStack, ulStackDepth-4);
*pxTopOfStack = ( StackType_t ) prvTaskExitError; /* LR */
//@ close integers_(oldTop-3, sizeof(StackType_t), false, 4, _);
//@ integers__join(pxStack);
pxTopOfStack -= 5; /* R12, R3, R2 and R1. */
//@ ptr_range<void>(pvParameters);
//@ integers__split(pxStack, ulStackDepth-9);
*pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */
//@ close integers_(oldTop-8, sizeof(StackType_t), false, 9, _);
//@ integers__join(pxStack);
pxTopOfStack -= 8; /* R11..R4. */
//@ close stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth-16);
return pxTopOfStack;
}
// # 56 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
@ -10887,6 +11021,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
//@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
//@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
//@ close TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t));
//@ assert(false);
}
else
{
@ -10904,9 +11039,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
if( pxNewTCB != 0 )
{
// # 1399 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 1400 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
// # 1408 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 1409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
prvAddNewTaskToReadyList( pxNewTCB );
xReturn = ( ( ( char ) 1 ) );
}
@ -10944,7 +11079,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
{
StackType_t * pxTopOfStack;
UBaseType_t x;
// # 1462 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 1463 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
//@ open TCB_p(_,_);
/* Avoid dependency on memset() if it is not required. */
@ -10986,14 +11121,14 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
//@ assume( 0 <= (( (uint32_t) pxTopOfStack) & ~(7)) );
// TODO: How can we prove this?
// Assume that now overflow occurs.
// Assume that no overflow occurs.
//@ assume( (((uint32_t) pxTopOfStack) & ~7) <= UINTPTR_MAX);
pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception. Avoiding casts between pointers and integers is not practical. Size differences accounted for using portPOINTER_SIZE_TYPE type. Checked by assert(). */
/* Check the alignment of the calculated top of stack is correct. */
// # 1522 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 1523 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
}
// # 1536 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 1537 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
//@ close TCB_p(pxNewTCB, stackSize);
/* Store the task name in the TCB. */
@ -11083,7 +11218,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
{
pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
}
// # 1644 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 1645 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
{
/* Avoid compiler warning about unreferenced parameter. */
( void ) xRegions;
@ -11110,7 +11245,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
//@ uchars__to_chars_(pxNewTCB->ucNotifyState);
memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
}
// # 1682 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 1683 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
{
/* Reason for rewrite: Assignment not type safe. */
@ -11119,17 +11254,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
}
// # 1705 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 1706 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/* Initialize the TCB stack to look as if the task was already running,
* but had been interrupted by the scheduler. The return address is set
* to the start of the task function. Once the stack has been initialised
* the top of stack variable is updated. */
// # 1733 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 1734 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
{
/* If the port has capability to detect stack overflow,
* pass the stack end address to the stack initialization
* function as well. */
// # 1750 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 1751 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
{
pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
}
@ -11340,7 +11475,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
if( xTaskRunningOnCore == xCoreID )
{
(__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1960, "uxSchedulerSuspended == 0") : (void)0);
(__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1961, "uxSchedulerSuspended == 0") : (void)0);
vTaskYieldWithinAPI();
}
else
@ -11363,12 +11498,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
TickType_t xTimeToWake;
BaseType_t xAlreadyYielded, xShouldDelay = ( ( char ) 0 );
(__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1983, "pxPreviousWakeTime") : (void)0);
(__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1984, "( xTimeIncrement > 0U )") : (void)0);
(__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1984, "pxPreviousWakeTime") : (void)0);
(__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1985, "( xTimeIncrement > 0U )") : (void)0);
vTaskSuspendAll();
{
(__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1988, "uxSchedulerSuspended == 1") : (void)0);
(__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1989, "uxSchedulerSuspended == 1") : (void)0);
/* Minor optimisation. The tick count cannot change in this
* block. */
@ -11454,7 +11589,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
{
vTaskSuspendAll();
{
(__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2074, "uxSchedulerSuspended == 1") : (void)0);
(__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2075, "uxSchedulerSuspended == 1") : (void)0);
;
/* A task that is removed from the event list while the
@ -11508,7 +11643,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
const TCB_t * const pxTCB = xTask;
(__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2128, "pxTCB") : (void)0);
(__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2129, "pxTCB") : (void)0);
vTaskEnterCritical();
{
@ -11684,7 +11819,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
BaseType_t xYieldForTask = ( ( char ) 0 );
BaseType_t xCoreID;
(__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2304, "( uxNewPriority < 32 )") : (void)0);
(__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2305, "( uxNewPriority < 32 )") : (void)0);
/* Ensure the new priority is valid. */
if( uxNewPriority >= ( UBaseType_t ) 32 )
@ -11838,13 +11973,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
/*-----------------------------------------------------------*/
// # 2492 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 2493 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
// # 2515 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 2516 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
// # 2533 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 2534 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
// # 2561 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 2562 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
@ -11921,7 +12056,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
if( xTaskRunningOnCore == 0 )
{
/* The current task has just been suspended. */
(__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2637, "uxSchedulerSuspended == 0") : (void)0);
(__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2638, "uxSchedulerSuspended == 0") : (void)0);
vTaskYieldWithinAPI();
}
else
@ -11935,7 +12070,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
{
vTaskExitCritical();
(__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2651, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
(__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2652, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
/* The scheduler is not running, but the task that was pointed
* to by pxCurrentTCB has just been suspended and pxCurrentTCB
@ -11982,7 +12117,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
/* Accesses xPendingReadyList so must be called from a critical section. */
/* It does not make sense to check if the calling task is suspended. */
(__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2698, "xTask") : (void)0);
(__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2699, "xTask") : (void)0);
/* Is the task being resumed actually in the suspended list? */
if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) )
@ -12031,7 +12166,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
/* It does not make sense to resume the calling task. */
(__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2747, "xTaskToResume") : (void)0);
(__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2748, "xTaskToResume") : (void)0);
/* The parameter cannot be NULL as it is impossible to resume the
* currently executing task. It is also impossible to resume a task
@ -12090,7 +12225,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
UBaseType_t uxSavedInterruptStatus;
(__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2806, "xTaskToResume") : (void)0);
(__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2807, "xTaskToResume") : (void)0);
/* RTOS ports that support interrupt nesting have the concept of a
* maximum system call (or maximum API call) interrupt priority.
@ -12211,7 +12346,7 @@ static BaseType_t prvCreateIdleTasks( void )
{
;
}
// # 2974 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 2975 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
{
if( xCoreID == 0 )
{
@ -12223,7 +12358,7 @@ static BaseType_t prvCreateIdleTasks( void )
( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
&xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
}
// # 2997 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 2998 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
}
}
@ -12260,7 +12395,7 @@ void vTaskStartScheduler( void )
* so interrupts will automatically get re-enabled when the first task
* starts to run. */
assert_fct(false);
// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 3048 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
xSchedulerRunning = ( ( char ) 1 );
xTickCount = ( TickType_t ) 0;
@ -12292,7 +12427,7 @@ void vTaskStartScheduler( void )
/* This line will only be reached if the kernel could not be started,
* because there was not enough FreeRTOS heap to create the idle task
* or the timer task. */
(__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3078, "xReturn != ( -1 )") : (void)0);
(__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3079, "xReturn != ( -1 )") : (void)0);
}
/* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@ -12357,7 +12492,7 @@ void vTaskSuspendAll( void )
}
}
/*----------------------------------------------------------*/
// # 3205 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 3206 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*----------------------------------------------------------*/
BaseType_t xTaskResumeAll( void )
@ -12380,7 +12515,7 @@ BaseType_t xTaskResumeAll( void )
/* If uxSchedulerSuspended is zero then this function does not match a
* previous call to vTaskSuspendAll(). */
(__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3227, "uxSchedulerSuspended") : (void)0);
(__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3228, "uxSchedulerSuspended") : (void)0);
--uxSchedulerSuspended;
vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 ));
@ -12538,7 +12673,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
/* If null is passed in here then the name of the calling task is being
* queried. */
pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
(__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3385, "pxTCB") : (void)0);
(__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3386, "pxTCB") : (void)0);
return &( pxTCB->pcTaskName[ 0 ] );
}
/*-----------------------------------------------------------*/
@ -12631,7 +12766,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
TCB_t * pxTCB;
/* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
(__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3478, "strlen( pcNameToQuery ) < 16") : (void)0);
(__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3479, "strlen( pcNameToQuery ) < 16") : (void)0);
vTaskSuspendAll();
{
@ -12727,7 +12862,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
* each task in the Suspended state. */
uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
}
// # 3588 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 3589 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
{
if( pulTotalRunTime != 0 )
{
@ -12755,7 +12890,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
{
/* If xTaskGetIdleTaskHandle() is called before the scheduler has been
* started, then xIdleTaskHandle will be NULL. */
(__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3615, "( xIdleTaskHandle != 0 )") : (void)0);
(__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3616, "( xIdleTaskHandle != 0 )") : (void)0);
return &( xIdleTaskHandle[ 0 ] );
}
@ -12766,7 +12901,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
* This is to ensure vTaskStepTick() is available when user defined low power mode
* implementations require configUSE_TICKLESS_IDLE to be set to a value other than
* 1. */
// # 3639 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 3640 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*----------------------------------------------------------*/
BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@ -12775,7 +12910,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
/* Must not be called with the scheduler suspended as the implementation
* relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
(__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3647, "uxSchedulerSuspended == 0") : (void)0);
(__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3648, "uxSchedulerSuspended == 0") : (void)0);
/* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
* the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@ -12794,7 +12929,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
TCB_t * pxTCB = xTask;
BaseType_t xReturn;
(__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3666, "pxTCB") : (void)0);
(__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3667, "pxTCB") : (void)0);
vTaskSuspendAll();
{
@ -12893,7 +13028,7 @@ BaseType_t xTaskIncrementTick( void )
if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
{
{ List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3765, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
{ List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3766, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
}
else
{
@ -13076,13 +13211,13 @@ BaseType_t xTaskIncrementTick( void )
return xSwitchRequired;
}
/*-----------------------------------------------------------*/
// # 3977 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 3978 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
// # 4001 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4002 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
// # 4026 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4027 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
// # 4059 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4060 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
void vTaskSwitchContext( BaseType_t xCoreID )
@ -13100,7 +13235,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
{
/* vTaskSwitchContext() must never be called from within a critical section.
* This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
(__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4076, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
(__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4077, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
if( uxSchedulerSuspended != ( UBaseType_t ) ( ( char ) 0 ) )
{
@ -13112,7 +13247,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
{
xYieldPendings[ xCoreID ] = ( ( char ) 0 );
;
// # 4117 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4118 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/* Check for stack overflow, if configured. */
{ const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
@ -13129,7 +13264,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
;
/* After the new task is switched in, update the global errno. */
// # 4151 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4152 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
}
}
vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
@ -13140,7 +13275,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
void vTaskPlaceOnEventList( List_t * const pxEventList,
const TickType_t xTicksToWait )
{
(__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4161, "pxEventList") : (void)0);
(__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4162, "pxEventList") : (void)0);
/* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
* SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@ -13159,11 +13294,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
const TickType_t xItemValue,
const TickType_t xTicksToWait )
{
(__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4180, "pxEventList") : (void)0);
(__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4181, "pxEventList") : (void)0);
/* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED. It is used by
* the event groups implementation. */
(__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4184, "uxSchedulerSuspended != 0") : (void)0);
(__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4185, "uxSchedulerSuspended != 0") : (void)0);
/* Store the item value in the event list item. It is safe to access the
* event list item here as interrupts won't access the event list item of a
@ -13187,7 +13322,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
TickType_t xTicksToWait,
const BaseType_t xWaitIndefinitely )
{
(__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4208, "pxEventList") : (void)0);
(__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4209, "pxEventList") : (void)0);
/* This function should not be called by application code hence the
* 'Restricted' in its name. It is not part of the public API. It is
@ -13235,14 +13370,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
* This function assumes that a check has already been made to ensure that
* pxEventList is not empty. */
pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
(__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4256, "pxUnblockedTCB") : (void)0);
(__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4257, "pxUnblockedTCB") : (void)0);
( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
{
( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
// # 4277 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
}
else
{
@ -13272,7 +13407,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
/* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED. It is used by
* the event flags implementation. */
(__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4306, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
(__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4307, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
/* Store the new item value in the event list. */
( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@ -13280,9 +13415,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
/* Remove the event list form the event flag. Interrupts do not access
* event flags. */
pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
(__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4314, "pxUnblockedTCB") : (void)0);
(__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4315, "pxUnblockedTCB") : (void)0);
( void ) uxListRemove( pxEventListItem );
// # 4331 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4332 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/* Remove the task from the delayed list and add it to the ready list. The
* scheduler is suspended so interrupts will not be accessing the ready
* lists. */
@ -13301,7 +13436,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
{
(__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4349, "pxTimeOut") : (void)0);
(__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4350, "pxTimeOut") : (void)0);
vTaskEnterCritical();
{
pxTimeOut->xOverflowCount = xNumOfOverflows;
@ -13324,8 +13459,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
{
BaseType_t xReturn;
(__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4372, "pxTimeOut") : (void)0);
(__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4373, "pxTicksToWait") : (void)0);
(__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4373, "pxTimeOut") : (void)0);
(__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4374, "pxTicksToWait") : (void)0);
vTaskEnterCritical();
{
@ -13447,7 +13582,7 @@ void vTaskMissedYield( void )
*
* @todo additional conditional compiles to remove this function.
*/
// # 4555 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4556 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*
* -----------------------------------------------------------
* The Idle task.
@ -13477,7 +13612,7 @@ static void prvIdleTask( void * pvParameters )
/* See if any tasks have deleted themselves - if so then the idle task
* is responsible for freeing the deleted task's TCB and stack. */
prvCheckTasksWaitingTermination();
// # 4596 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4597 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
{
/* When using preemption tasks of equal priority will be
* timesliced. If a task that is sharing the idle priority is ready
@ -13498,16 +13633,16 @@ static void prvIdleTask( void * pvParameters )
;
}
}
// # 4632 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4633 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/* This conditional compilation should use inequality to 0, not equality
* to 1. This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
* user defined low power mode implementations require
* configUSE_TICKLESS_IDLE to be set to a value other than 1. */
// # 4697 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4698 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
}
}
/*-----------------------------------------------------------*/
// # 4747 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4748 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
@ -13521,7 +13656,7 @@ static void prvIdleTask( void * pvParameters )
if( xIndex < 5 )
{
pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
(__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4760, "pxTCB != 0") : (void)0);
(__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4761, "pxTCB != 0") : (void)0);
pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
}
}
@ -13552,7 +13687,7 @@ static void prvIdleTask( void * pvParameters )
/*-----------------------------------------------------------*/
// # 4807 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4808 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
static void prvInitialiseTaskLists( void )
@ -13654,7 +13789,7 @@ static void prvCheckTasksWaitingTermination( void )
{
pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
}
// # 4919 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 4920 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
{
pxTaskStatus->ulRunTimeCounter = 0;
}
@ -13785,7 +13920,7 @@ static void prvCheckTasksWaitingTermination( void )
/*-----------------------------------------------------------*/
// # 5088 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 5089 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
@ -13842,7 +13977,7 @@ static void prvCheckTasksWaitingTermination( void )
free( (void*) pxTCB->pxStack);
free( (void*) pxTCB);
}
// # 5171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 5172 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
}
@ -14047,8 +14182,8 @@ static void prvResetNextTaskUnblockTime( void )
* If the mutex is held by a task then it cannot be given from an
* interrupt, and if a mutex is given by the holding task then it must
* be the running state task. */
(__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5375, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
(__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5376, "pxTCB->uxMutexesHeld") : (void)0);
(__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5376, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
(__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5377, "pxTCB->uxMutexesHeld") : (void)0);
( pxTCB->uxMutexesHeld )--;
/* Has the holder of the mutex inherited the priority of another
@ -14134,7 +14269,7 @@ static void prvResetNextTaskUnblockTime( void )
{
/* If pxMutexHolder is not NULL then the holder must hold at least
* one mutex. */
(__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5462, "pxTCB->uxMutexesHeld") : (void)0);
(__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5463, "pxTCB->uxMutexesHeld") : (void)0);
/* Determine the priority to which the priority of the task that
* holds the mutex should be set. This will be the greater of the
@ -14161,7 +14296,7 @@ static void prvResetNextTaskUnblockTime( void )
/* If a task has timed out because it already holds the
* mutex it was trying to obtain then it cannot of inherited
* its own priority. */
(__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5489, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
(__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5490, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
/* Disinherit the priority, remembering the previous
* priority to facilitate determining the subject task's
@ -14292,7 +14427,7 @@ void vTaskYieldWithinAPI( void )
{
/* If pxCurrentTCB->uxCriticalNesting is zero then this function
* does not match a previous call to vTaskEnterCritical(). */
(__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5620, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
(__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5621, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
{
@ -14342,11 +14477,11 @@ void vTaskYieldWithinAPI( void )
/*-----------------------------------------------------------*/
// # 5696 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 5697 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
// # 5802 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 5803 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*----------------------------------------------------------*/
// # 5929 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 5930 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
TickType_t uxTaskResetEventItemValue( void )
@ -14388,7 +14523,7 @@ TickType_t uxTaskResetEventItemValue( void )
{
uint32_t ulReturn;
(__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5970, "uxIndexToWait < 1") : (void)0);
(__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5971, "uxIndexToWait < 1") : (void)0);
vTaskEnterCritical();
{
@ -14462,7 +14597,7 @@ TickType_t uxTaskResetEventItemValue( void )
{
BaseType_t xReturn;
(__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6044, "uxIndexToWait < 1") : (void)0);
(__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6045, "uxIndexToWait < 1") : (void)0);
vTaskEnterCritical();
{
@ -14550,8 +14685,8 @@ TickType_t uxTaskResetEventItemValue( void )
BaseType_t xReturn = ( ( ( char ) 1 ) );
uint8_t ucOriginalNotifyState;
(__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6132, "uxIndexToNotify < 1") : (void)0);
(__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6133, "xTaskToNotify") : (void)0);
(__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6133, "uxIndexToNotify < 1") : (void)0);
(__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6134, "xTaskToNotify") : (void)0);
pxTCB = xTaskToNotify;
vTaskEnterCritical();
@ -14604,7 +14739,7 @@ TickType_t uxTaskResetEventItemValue( void )
/* Should not get here if all enums are handled.
* Artificially force an assert by testing a value the
* compiler can't assume is const. */
(__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6186, "xTickCount == ( TickType_t ) 0") : (void)0);
(__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6187, "xTickCount == ( TickType_t ) 0") : (void)0);
break;
}
@ -14619,8 +14754,8 @@ TickType_t uxTaskResetEventItemValue( void )
; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
/* The task should not have been on an event list. */
(__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6201, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
// # 6220 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
(__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6202, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
// # 6221 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
{
prvYieldForTask( pxTCB, ( ( char ) 0 ) );
}
@ -14653,8 +14788,8 @@ TickType_t uxTaskResetEventItemValue( void )
BaseType_t xReturn = ( ( ( char ) 1 ) );
UBaseType_t uxSavedInterruptStatus;
(__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6252, "xTaskToNotify") : (void)0);
(__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "uxIndexToNotify < 1") : (void)0);
(__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "xTaskToNotify") : (void)0);
(__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6254, "uxIndexToNotify < 1") : (void)0);
/* RTOS ports that support interrupt nesting have the concept of a
* maximum system call (or maximum API call) interrupt priority.
@ -14725,7 +14860,7 @@ TickType_t uxTaskResetEventItemValue( void )
/* Should not get here if all enums are handled.
* Artificially force an assert by testing a value the
* compiler can't assume is const. */
(__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6324, "xTickCount == ( TickType_t ) 0") : (void)0);
(__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6325, "xTickCount == ( TickType_t ) 0") : (void)0);
break;
}
@ -14736,7 +14871,7 @@ TickType_t uxTaskResetEventItemValue( void )
if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
{
/* The task should not have been on an event list. */
(__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6335, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
(__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6336, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
{
@ -14781,8 +14916,8 @@ TickType_t uxTaskResetEventItemValue( void )
uint8_t ucOriginalNotifyState;
UBaseType_t uxSavedInterruptStatus;
(__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6380, "xTaskToNotify") : (void)0);
(__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "uxIndexToNotify < 1") : (void)0);
(__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "xTaskToNotify") : (void)0);
(__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6382, "uxIndexToNotify < 1") : (void)0);
/* RTOS ports that support interrupt nesting have the concept of a
* maximum system call (or maximum API call) interrupt priority.
@ -14820,7 +14955,7 @@ TickType_t uxTaskResetEventItemValue( void )
if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
{
/* The task should not have been on an event list. */
(__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6419, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
(__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6420, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
{
@ -14861,7 +14996,7 @@ TickType_t uxTaskResetEventItemValue( void )
TCB_t * pxTCB;
BaseType_t xReturn;
(__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6460, "uxIndexToClear < 1") : (void)0);
(__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6461, "uxIndexToClear < 1") : (void)0);
/* If null is passed in here then it is the calling task that is having
* its notification state cleared. */
@ -14914,7 +15049,7 @@ TickType_t uxTaskResetEventItemValue( void )
/*-----------------------------------------------------------*/
// # 6529 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 6530 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
/*-----------------------------------------------------------*/
static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@ -14990,7 +15125,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
}
}
}
// # 6641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
// # 6642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
}
/* Code below here allows additional code to be inserted into this source file,

135
verification/verifast/proof/snippets/rp2040_port_c_snippets.c
View file

@ -46,6 +46,112 @@
#define portTASK_RETURN_ADDRESS prvTaskExitError
#endif
/*
* Setup the timer to generate the tick interrupts. The implementation in this
* file is weak to allow application writers to change the timer used to
* generate the tick interrupt.
*/
void vPortSetupTimerInterrupt( void );
/*
* Exception handlers.
*/
void xPortPendSVHandler( void ) __attribute__( ( naked ) );
void xPortSysTickHandler( void );
void vPortSVCHandler( void );
/*
* Start first task is a separate function so it can be tested in isolation.
*/
static void vPortStartFirstTask( void ) __attribute__( ( naked ) );
/*
* Used to catch tasks that attempt to return from their implementing function.
*/
static void prvTaskExitError( void );
/*@
// Represents a stack that grows down.
predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t freeCells) =
integers_(pxStack, sizeof(StackType_t), false, ulStackDepth, _) &*&
ulStackDepth > 0 &*&
freeCells >= 0 &*&
pxTopOfStack == pxStack + freeCells -1 &*&
0 <= freeCells &*& freeCells <= ulStackDepth;
// usedMem == pxStack - pxTopOfStack
// freeMem == ulStackDepth - usedMem
//freeCells * sizeof(StackType_t) == ulStackDepth * sizeof(StackType_t) - ((char*) pxStack - (char*) pxTopOfStack) &*&
// usedCells * sizeof(StackType_t) == ((char*) pxStack - (char*) pxTopOfStack);
@*/
/*/@
lemma void split_stack(StackType_t * pxStack, int offset)
requires stack_p(pxStack,?ulStackDepth, ?pxTopOfStack, ?freeMem, _) &*& 0 <= offset &*&
offset * sizeof(StackType_t) < ulStackDepth;
ensures integers_(pxStack, sizeof(StackType_t), true, offset * sizeof(StackType_t), _) &*&
integers_(pxStack + offset * sizeof(StackType_t), sizeof(StackType_t), true, ulStackDepth - offset * sizeof(StackType_t), _) ;
{
open stack_p(_, _, _, _);
integers__split(pxStack, offset * sizeof(StackType_t) );
}
@*/
/*@
lemma void getTopOfStack(StackType_t* pxStack, StackType_t* pxTopOfStack)
requires stack_p(pxStack,?ulStackDepth, pxTopOfStack, ?freeCells) &*&
freeCells > 0;
ensures // free cells minus top cell
integers_(pxStack, sizeof(StackType_t), false, freeCells-1, _) &*&
// top stack cell
integer_(pxStack + freeCells-1, sizeof(StackType_t), false, _) &*&
// used stack cells
integers_(pxStack + freeCells, sizeof(StackType_t), false,
ulStackDepth - freeCells, _) &*&
// stack contraints necessary to close `stack_p` again
ulStackDepth > 0 &*&
freeCells >= 0 &*&
pxTopOfStack == pxStack + freeCells -1 &*&
0 <= freeCells &*& freeCells <= ulStackDepth;
{
open stack_p(_, _, _, _);
integers__split(pxStack, freeCells-1);
open integers_(pxStack + (freeCells-1), _, _, _, _);
}
@*/
// -------------------------------------------------
// Validate stack predicate
/* Simulates creation and initialisation of a stack that grows down as on RP2040.
*/
StackType_t* test_stack_pred(uint32_t depth)
/*@ requires depth * sizeof(StackType_t) <= UINTPTR_MAX &*&
depth <= UINT_MAX &*&
depth > 0;
@*/
/*@ ensures result == 0 ? true : stack_p(result, depth, ?top, depth) &*&
malloc_block_chars((char*) result, depth * sizeof(StackType_t));
@*/
{
StackType_t * stack;
/* Allocate space for the stack used by the task being created. */
stack = (StackType_t*) malloc( ( ( ( size_t ) depth ) * sizeof( StackType_t ) ) );
if(stack == 0) return 0;
memset(stack, 0, (unsigned int ) depth * sizeof(StackType_t));
StackType_t* top = stack + depth -1;
//@ chars_to_integers_(stack, sizeof(StackType_t), false, depth);
//@ close stack_p(stack, depth, top, depth);
// integers_(stack0, 4, false, depth, _)
return stack;
}
// -------------------------------------------------
/*
* See header file for description.
@ -53,20 +159,43 @@
StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
TaskFunction_t pxCode,
void * pvParameters )
//@ requires true;
//@ ensures true;
/*@ requires pxTopOfStack > 0 &*&
stack_p(?pxStack, ?ulStackDepth, pxTopOfStack, ulStackDepth) &*&
ulStackDepth > 16;
@*/
//@ ensures stack_p(pxStack, ulStackDepth, pxTopOfStack-16, ulStackDepth-16);
{
//@ StackType_t* oldTop = pxTopOfStack;
//@ open stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth);
///@ close stack_p(pxStack, ulStackDepth, pxTopOfStack-1, ulStackDepth-1);
///@ getTopOfStack(pxStack, pxTopOfStack-1);
//@ integers__split(pxStack, ulStackDepth-2);
/* Simulate the stack frame as it would be created by a context switch
* interrupt. */
pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */
*pxTopOfStack = portINITIAL_XPSR; /* xPSR */
pxTopOfStack--;
//@ close integers_(oldTop-1, sizeof(StackType_t), false, 2, _);
//@ integers__join(pxStack);
//@ ptr_range<void>(pxCode);
//@ integers__split(pxStack, ulStackDepth-3);
*pxTopOfStack = ( StackType_t ) pxCode; /* PC */
//@ close integers_(oldTop-2, sizeof(StackType_t), false, 3, _);
pxTopOfStack--;
//@ ptr_range<void>(prvTaskExitError);
//@ integers__join(pxStack);
//@ integers__split(pxStack, ulStackDepth-4);
*pxTopOfStack = ( StackType_t ) portTASK_RETURN_ADDRESS; /* LR */
//@ close integers_(oldTop-3, sizeof(StackType_t), false, 4, _);
//@ integers__join(pxStack);
pxTopOfStack -= 5; /* R12, R3, R2 and R1. */
//@ ptr_range<void>(pvParameters);
//@ integers__split(pxStack, ulStackDepth-9);
*pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */
//@ close integers_(oldTop-8, sizeof(StackType_t), false, 9, _);
//@ integers__join(pxStack);
pxTopOfStack -= 8; /* R11..R4. */
//@ close stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth-16);
return pxTopOfStack;
}

7
verification/verifast/proof_setup/verifast_RP2040_axioms.h
View file

@ -10,7 +10,12 @@
/*@
// Axiomatizes that: 0 <= ptr <= 2^32 - 1
lemma void uint32_t_ptr_range(uint32_t* ptr);
//lemma void uint32_t_ptr_range(uint32_t* ptr);
//requires true;
//ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
// Axiomatizes that: 0 <= ptr <= 2^32 - 1
lemma void ptr_range<t>(t* ptr);
requires true;
ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
@*/