Introduced new type-safe macro for unsigned pdFALSE and pdTRUE.

tasks.c

@@ -24,13 +24,6 @@
  *
  */
 
-/* Verifast proof setup */
-#ifdef VERIFAST
-    #include "verifast_proof_defs.h"
-    #include "task_predicates.h"
-    #include "verifast_RP2040_axioms.h"
-    #include "verifast_prelude_extended.h"
-#endif
 
 /* Standard includes. */
 #include <stdlib.h>
@@ -47,7 +40,16 @@
 #include "timers.h"
 #include "stack_macros.h"
 
+/* Verifast proof setup 
+ * 
+ * Note that redefinitions of macros must be included after
+ * original ones have been included.
+ */
 #ifdef VERIFAST
+    #include "verifast_proof_defs.h"
+    #include "task_predicates.h"
+    #include "verifast_RP2040_axioms.h"
+    #include "verifast_prelude_extended.h"
     #include "verifast_asm.h"
 #endif
 
@@ -1676,7 +1678,12 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
     #if ( INCLUDE_xTaskAbortDelay == 1 )
         {
+            #ifdef VERIFAST
+                /* Reason for rewrite: Assignment not type safe. */
+                pxNewTCB->ucDelayAborted = pd_U_FALSE;
+            #else
                 pxNewTCB->ucDelayAborted = pdFALSE;
+            #endif
         }
     #endif
 

verification/verifast/proof_setup/verifast_proof_defs.h

@@ -9,6 +9,15 @@
     #define inline
     #define __always_inline
 
-    #undef assert
-    #define assert(x) BLUB(x)
+    /* `projdefs.h` defines `pdFALSE` and `pdTRUE` as 0 and 1 of type
+     * `BaseType_t`. Both are assigned to variables smaller or
+     * unsigned types. While that's safe in practice, it is not
+     * type safe. Hence we define 
+     */
+    #undef pdFALSE
+    #undef pdTRUE
+    #define pdFALSE             ( ( char ) 0 )
+    #define pdTRUE              ( ( char ) 1 )
+    #define pd_U_FALSE          ( ( unsigned char ) pdFALSE )
+    #define pd_U_TRUE           ( ( unsigned char ) pdTRUE )
 #endif /* VERIFAST_DEFS_H */