Prove buffer lemmas (#124)

* Prove buffer lemmas * Update queue proofs to latest kernel source All changes were syntactic due to uncrustify code-formatting * Strengthen prvCopyDataToQueue proof * Add extract script for diff comparison Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
2025-10-17 10:17:45 -04:00 · 2020-07-21 12:51:20 -04:00 · 2020-07-21 12:51:20 -04:00 · 8e36bee30e
commit 8e36bee30e
parent c720c18ada
26 changed files with 2021 additions and 1762 deletions
--- a/FreeRTOS/Test/VeriFast/queue/vQueueDelete.c
+++ b/FreeRTOS/Test/VeriFast/queue/vQueueDelete.c
@ -21,60 +21,60 @@
 */

 #include "proof/queue.h"
-#define configSUPPORT_DYNAMIC_ALLOCATION 1
-#define configSUPPORT_STATIC_ALLOCATION 0
+#define configSUPPORT_DYNAMIC_ALLOCATION    1
+#define configSUPPORT_STATIC_ALLOCATION     0

 void vQueueDelete( QueueHandle_t xQueue )
 /*@requires queue(xQueue, ?Storage, ?N, ?M, ?W, ?R, ?K, ?is_locked, ?abs) &*&
-	queuelists(xQueue) &*&
-	xQueue->irqMask |-> _ &*&
-	xQueue->schedulerSuspend |-> _ &*&
-	xQueue->locked |-> _;@*/
+    queuelists(xQueue) &*&
+    xQueue->irqMask |-> _ &*&
+    xQueue->schedulerSuspend |-> _ &*&
+    xQueue->locked |-> _;@*/
 /*@ensures true;@*/
 {
 #ifdef VERIFAST /*< const pointer declaration */
-Queue_t * pxQueue = xQueue;
+    Queue_t * pxQueue = xQueue;
 #else
-Queue_t * const pxQueue = xQueue;
+    Queue_t * const pxQueue = xQueue;
 #endif

-	configASSERT( pxQueue );
-	traceQUEUE_DELETE( pxQueue );
+    configASSERT( pxQueue );
+    traceQUEUE_DELETE( pxQueue );

-	#if ( configQUEUE_REGISTRY_SIZE > 0 )
-	{
-		vQueueUnregisterQueue( pxQueue );
-	}
-	#endif
+    #if ( configQUEUE_REGISTRY_SIZE > 0 )
+        {
+            vQueueUnregisterQueue( pxQueue );
+        }
+    #endif

-	#if( ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) && ( configSUPPORT_STATIC_ALLOCATION == 0 ) )
-	{
-		/* The queue can only have been allocated dynamically - free it
-		again. */
-		vPortFree( pxQueue );
+    #if ( ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) && ( configSUPPORT_STATIC_ALLOCATION == 0 ) )
+        {
+            /* The queue can only have been allocated dynamically - free it
+             * again. */
+            vPortFree( pxQueue );
 #ifdef VERIFAST /*< leak ghost state on deletion */
-		/*@leak buffer(_, _, _, _);@*/
-		/*@leak malloc_block(_, _);@*/
+            /*@leak buffer(_, _, _, _);@*/
+            /*@leak malloc_block(_, _);@*/
 #endif
-	}
-	#elif( ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) && ( configSUPPORT_STATIC_ALLOCATION == 1 ) )
-	{
-		/* The queue could have been allocated statically or dynamically, so
-		check before attempting to free the memory. */
-		if( pxQueue->ucStaticallyAllocated == ( uint8_t ) pdFALSE )
-		{
-			vPortFree( pxQueue );
-		}
-		else
-		{
-			mtCOVERAGE_TEST_MARKER();
-		}
-	}
-	#else
-	{
-		/* The queue must have been statically allocated, so is not going to be
-		deleted.  Avoid compiler warnings about the unused parameter. */
-		( void ) pxQueue;
-	}
-	#endif /* configSUPPORT_DYNAMIC_ALLOCATION */
+        }
+    #elif ( ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) && ( configSUPPORT_STATIC_ALLOCATION == 1 ) )
+        {
+            /* The queue could have been allocated statically or dynamically, so
+             * check before attempting to free the memory. */
+            if( pxQueue->ucStaticallyAllocated == ( uint8_t ) pdFALSE )
+            {
+                vPortFree( pxQueue );
+            }
+            else
+            {
+                mtCOVERAGE_TEST_MARKER();
+            }
+        }
+    #else /* if ( ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) && ( configSUPPORT_STATIC_ALLOCATION == 0 ) ) */
+        {
+            /* The queue must have been statically allocated, so is not going to be
+             * deleted.  Avoid compiler warnings about the unused parameter. */
+            ( void ) pxQueue;
+        }
+    #endif /* configSUPPORT_DYNAMIC_ALLOCATION */
 }