len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-10-26 23:36:32 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add uncrustify github workflow (#659)

Browse source 
* Add uncrustify github workflow

* Fix exclusion pattern

* fix find expression

* exclude uncrustify files

* Uncrustify common demo and test files

* exlude white space checking files

* Fix EOL whitespace checker

* Remove whitespaces from EOL

* Fix space at EOL

* Fix find spaces at EOL

Co-authored-by: Archit Aggarwal <architag@amazon.com>
This commit is contained in:
alfred gedeon 2021-07-22 14:23:48 -07:00 committed by GitHub
parent dd80d615b5
commit ae92d8c6ee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
191 changed files with 17540 additions and 17102 deletions
Download patch file Download diff file Expand all files Collapse all files

7
FreeRTOS/Test/CBMC/proofs/Queue/QueueCreateMutex/QueueCreateMutex_harness.c
View file

@ -31,8 +31,9 @@
#include "cbmc.h"
void harness() {
uint8_t ucQueueType;
void harness()
{
uint8_t ucQueueType;
xQueueCreateMutex(ucQueueType);
xQueueCreateMutex( ucQueueType );
}

186
FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericSend/QueueGenericSend_harness.c
View file

@ -34,94 +34,112 @@
#include "cbmc.h"
#ifndef LOCK_BOUND
#define LOCK_BOUND 4
#define LOCK_BOUND 4
#endif
#ifndef QUEUE_SEND_BOUND
#define QUEUE_SEND_BOUND 4
#define QUEUE_SEND_BOUND 4
#endif
#if( configUSE_QUEUE_SETS == 0 )
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue, const void *pvItemToQueue, const BaseType_t xPosition )
#if ( configUSE_QUEUE_SETS == 0 )
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue,
const void * pvItemToQueue,
const BaseType_t xPosition )
{
if( pxQueue->uxItemSize > ( UBaseType_t ) 0 )
{
__CPROVER_assert( __CPROVER_r_ok( pvItemToQueue, ( size_t ) pxQueue->uxItemSize ), "pvItemToQueue region must be readable" );
if( xPosition == queueSEND_TO_BACK )
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->pcWriteTo, ( size_t ) pxQueue->uxItemSize ), "pxQueue->pcWriteTo region must be writable" );
}
else
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->u.xQueue.pcReadFrom, ( size_t ) pxQueue->uxItemSize ), "pxQueue->u.xQueue.pcReadFrom region must be writable" );
}
return pdFALSE;
}
else
{
return nondet_BaseType_t();
}
}
#else /* if ( configUSE_QUEUE_SETS == 0 ) */
BaseType_t prvNotifyQueueSetContainer( const Queue_t * const pxQueue )
{
Queue_t * pxQueueSetContainer = pxQueue->pxQueueSetContainer;
configASSERT( pxQueueSetContainer );
}
void prvUnlockQueue( Queue_t * const pxQueue )
{
configASSERT( pxQueue );
if( pxQueue->pxQueueSetContainer != NULL )
{
prvNotifyQueueSetContainer( pxQueue );
}
listLIST_IS_EMPTY( &( pxQueue->xTasksWaitingToReceive ) );
pxQueue->cTxLock = queueUNLOCKED;
listLIST_IS_EMPTY( &( pxQueue->xTasksWaitingToSend ) );
pxQueue->cRxLock = queueUNLOCKED;
}
#endif /* if ( configUSE_QUEUE_SETS == 0 ) */
void harness()
{
if(pxQueue->uxItemSize > ( UBaseType_t ) 0)
{
__CPROVER_assert(__CPROVER_r_ok(pvItemToQueue, ( size_t ) pxQueue->uxItemSize), "pvItemToQueue region must be readable");
if(xPosition == queueSEND_TO_BACK){
__CPROVER_assert(__CPROVER_w_ok(( void * ) pxQueue->pcWriteTo, ( size_t ) pxQueue->uxItemSize), "pxQueue->pcWriteTo region must be writable");
}else{
__CPROVER_assert(__CPROVER_w_ok(( void * ) pxQueue->u.xQueue.pcReadFrom, ( size_t ) pxQueue->uxItemSize), "pxQueue->u.xQueue.pcReadFrom region must be writable");
}
return pdFALSE;
}else
{
return nondet_BaseType_t();
}
/*Initialise the tasksStubs */
vInitTaskCheckForTimeOut( 0, QUEUE_SEND_BOUND - 1 );
xState = nondet_basetype();
QueueHandle_t xQueue =
xUnconstrainedQueueBoundedItemSize( 2 );
TickType_t xTicksToWait;
if( xState == taskSCHEDULER_SUSPENDED )
{
xTicksToWait = 0;
}
if( xQueue )
{
void * pvItemToQueue = pvPortMalloc( xQueue->uxItemSize );
BaseType_t xCopyPosition;
if( xCopyPosition == queueOVERWRITE )
{
xQueue->uxLength = 1;
}
if( xQueue->uxItemSize == 0 )
{
/* uxQueue->xQueueType is a pointer to the head of the queue storage area.
* If an item has a sice, this pointer must not be modified after init.
* Otherwise some of the write statements will fail. */
xQueue->uxQueueType = nondet_int8_t();
pvItemToQueue = 0;
}
/* This code checks explicitly for violations of the pxQueue->uxMessagesWaiting < pxQueue->uxLength
* invariant. */
xQueue->uxMessagesWaiting = nondet_UBaseType_t();
/* These values are decremented during a while loop interacting with task.c.
* This interaction is currently abstracted away.*/
xQueue->cTxLock = LOCK_BOUND - 1;
xQueue->cRxLock = LOCK_BOUND - 1;
if( !pvItemToQueue )
{
xQueue->uxItemSize = 0;
}
xQueueGenericSend( xQueue, pvItemToQueue, xTicksToWait, xCopyPosition );
}
}
#else
BaseType_t prvNotifyQueueSetContainer( const Queue_t * const pxQueue )
{
Queue_t *pxQueueSetContainer = pxQueue->pxQueueSetContainer;
configASSERT( pxQueueSetContainer );
}
void prvUnlockQueue( Queue_t * const pxQueue ) {
configASSERT( pxQueue );
if( pxQueue->pxQueueSetContainer != NULL )
{
prvNotifyQueueSetContainer(pxQueue);
}
listLIST_IS_EMPTY( &( pxQueue->xTasksWaitingToReceive ) );
pxQueue->cTxLock = queueUNLOCKED;
listLIST_IS_EMPTY( &( pxQueue->xTasksWaitingToSend ) );
pxQueue->cRxLock = queueUNLOCKED;
}
#endif
void harness(){
//Initialise the tasksStubs
vInitTaskCheckForTimeOut(0, QUEUE_SEND_BOUND - 1);
xState = nondet_basetype();
QueueHandle_t xQueue =
xUnconstrainedQueueBoundedItemSize(2);
TickType_t xTicksToWait;
if(xState == taskSCHEDULER_SUSPENDED){
xTicksToWait = 0;
}
if(xQueue){
void *pvItemToQueue = pvPortMalloc(xQueue->uxItemSize);
BaseType_t xCopyPosition;
if(xCopyPosition == queueOVERWRITE){
xQueue->uxLength = 1;
}
if(xQueue->uxItemSize == 0)
{
/* uxQueue->xQueueType is a pointer to the head of the queue storage area.
If an item has a sice, this pointer must not be modified after init.
Otherwise some of the write statements will fail. */
xQueue->uxQueueType = nondet_int8_t();
pvItemToQueue = 0;
}
/* This code checks explicitly for violations of the pxQueue->uxMessagesWaiting < pxQueue->uxLength
invariant. */
xQueue->uxMessagesWaiting = nondet_UBaseType_t();
/* These values are decremented during a while loop interacting with task.c.
This interaction is currently abstracted away.*/
xQueue->cTxLock = LOCK_BOUND - 1;
xQueue->cRxLock = LOCK_BOUND - 1;
if(!pvItemToQueue){
xQueue->uxItemSize = 0;
}
xQueueGenericSend( xQueue, pvItemToQueue, xTicksToWait, xCopyPosition );
}
}

105
FreeRTOS/Test/CBMC/proofs/Queue/QueueGenericSendFromISR/QueueGenericSendFromISR_harness.c
View file

@ -33,53 +33,70 @@
#include "cbmc.h"
#ifndef ITEM_BOUND
#define ITEM_BOUND 10
#define ITEM_BOUND 10
#endif
#if( configUSE_QUEUE_SETS == 0 )
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue, const void *pvItemToQueue, const BaseType_t xPosition )
{
if(pxQueue->uxItemSize > ( UBaseType_t ) 0)
{
__CPROVER_assert(__CPROVER_r_ok(pvItemToQueue, ( size_t ) pxQueue->uxItemSize), "pvItemToQueue region must be readable");
if(xPosition == queueSEND_TO_BACK){
__CPROVER_assert(__CPROVER_w_ok(( void * ) pxQueue->pcWriteTo, ( size_t ) pxQueue->uxItemSize), "pxQueue->pcWriteTo region must be writable");
}else{
__CPROVER_assert(__CPROVER_w_ok(( void * ) pxQueue->u.xQueue.pcReadFrom, ( size_t ) pxQueue->uxItemSize), "pxQueue->u.xQueue.pcReadFrom region must be writable");
}
return pdFALSE;
}else
{
return nondet_BaseType_t();
}
}
#endif
#if ( configUSE_QUEUE_SETS == 0 )
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue,
const void * pvItemToQueue,
const BaseType_t xPosition )
{
if( pxQueue->uxItemSize > ( UBaseType_t ) 0 )
{
__CPROVER_assert( __CPROVER_r_ok( pvItemToQueue, ( size_t ) pxQueue->uxItemSize ), "pvItemToQueue region must be readable" );
void harness(){
QueueHandle_t xQueue = xUnconstrainedQueueBoundedItemSize(ITEM_BOUND);
if( xPosition == queueSEND_TO_BACK )
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->pcWriteTo, ( size_t ) pxQueue->uxItemSize ), "pxQueue->pcWriteTo region must be writable" );
}
else
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->u.xQueue.pcReadFrom, ( size_t ) pxQueue->uxItemSize ), "pxQueue->u.xQueue.pcReadFrom region must be writable" );
}
return pdFALSE;
}
else
{
return nondet_BaseType_t();
}
}
#endif /* if ( configUSE_QUEUE_SETS == 0 ) */
void harness()
{
QueueHandle_t xQueue = xUnconstrainedQueueBoundedItemSize( ITEM_BOUND );
if( xQueue ){
void *pvItemToQueue = pvPortMalloc(xQueue->uxItemSize);
BaseType_t *xHigherPriorityTaskWoken = pvPortMalloc(sizeof(BaseType_t));
BaseType_t xCopyPosition;
if(xQueue->uxItemSize == 0)
{
/* uxQueue->xQueueType is a pointer to the head of the queue storage area.
If an item has a size, this pointer must not be modified after init.
Otherwise some of the write statements will fail. */
xQueue->uxQueueType = nondet_int8_t();
pvItemToQueue = 0;
}
/* This code checks explicitly for violations of the pxQueue->uxMessagesWaiting < pxQueue->uxLength
invariant. */
xQueue->uxMessagesWaiting = nondet_UBaseType_t();
if(!pvItemToQueue){
xQueue->uxItemSize = 0;
}
if(xCopyPosition == 2 ){
__CPROVER_assume(xQueue->uxLength == 1);
}
xQueueGenericSendFromISR( xQueue, pvItemToQueue, xHigherPriorityTaskWoken, xCopyPosition );
}
if( xQueue )
{
void * pvItemToQueue = pvPortMalloc( xQueue->uxItemSize );
BaseType_t * xHigherPriorityTaskWoken = pvPortMalloc( sizeof( BaseType_t ) );
BaseType_t xCopyPosition;
if( xQueue->uxItemSize == 0 )
{
/* uxQueue->xQueueType is a pointer to the head of the queue storage area.
* If an item has a size, this pointer must not be modified after init.
* Otherwise some of the write statements will fail. */
xQueue->uxQueueType = nondet_int8_t();
pvItemToQueue = 0;
}
/* This code checks explicitly for violations of the pxQueue->uxMessagesWaiting < pxQueue->uxLength
* invariant. */
xQueue->uxMessagesWaiting = nondet_UBaseType_t();
if( !pvItemToQueue )
{
xQueue->uxItemSize = 0;
}
if( xCopyPosition == 2 )
{
__CPROVER_assume( xQueue->uxLength == 1 );
}
xQueueGenericSendFromISR( xQueue, pvItemToQueue, xHigherPriorityTaskWoken, xCopyPosition );
}
}

15
FreeRTOS/Test/CBMC/proofs/Queue/QueueGetMutexHolder/QueueGetMutexHolder_harness.c
View file

@ -32,10 +32,13 @@
#include "cbmc.h"
void harness() {
QueueHandle_t xSemaphore = xUnconstrainedQueue();
if (xSemaphore) {
xSemaphore->uxQueueType = nondet_uint8_t();
xQueueGetMutexHolder(xSemaphore);
}
void harness()
{
QueueHandle_t xSemaphore = xUnconstrainedQueue();
if( xSemaphore )
{
xSemaphore->uxQueueType = nondet_uint8_t();
xQueueGetMutexHolder( xSemaphore );
}
}

14
FreeRTOS/Test/CBMC/proofs/Queue/QueueGetMutexHolderFromISR/QueueGetMutexHolderFromISR_harness.c
View file

@ -32,10 +32,12 @@
#include "cbmc.h"
void harness(){
QueueHandle_t xSemaphore = pvPortMalloc(sizeof(Queue_t));
if (xSemaphore) {
xQueueGetMutexHolderFromISR( xSemaphore );
}
}
void harness()
{
QueueHandle_t xSemaphore = pvPortMalloc( sizeof( Queue_t ) );
if( xSemaphore )
{
xQueueGetMutexHolderFromISR( xSemaphore );
}
}

16
FreeRTOS/Test/CBMC/proofs/Queue/QueueGiveFromISR/QueueGiveFromISR_harness.c
View file

@ -32,12 +32,14 @@
#include "cbmc.h"
void harness(){
QueueHandle_t xQueue = xUnconstrainedMutex();
BaseType_t *xHigherPriorityTaskWoken = pvPortMalloc(sizeof(BaseType_t));
if(xQueue){
xQueue->uxMessagesWaiting = nondet_UBaseType_t();
xQueueGiveFromISR( xQueue, xHigherPriorityTaskWoken );
}
void harness()
{
QueueHandle_t xQueue = xUnconstrainedMutex();
BaseType_t * xHigherPriorityTaskWoken = pvPortMalloc( sizeof( BaseType_t ) );
if( xQueue )
{
xQueue->uxMessagesWaiting = nondet_UBaseType_t();
xQueueGiveFromISR( xQueue, xHigherPriorityTaskWoken );
}
}

30
FreeRTOS/Test/CBMC/proofs/Queue/QueueGiveMutexRecursive/QueueGiveMutexRecursive_harness.c
View file

@ -32,17 +32,21 @@
#include "cbmc.h"
void harness() {
uint8_t ucQueueType;
QueueHandle_t xMutex =
xQueueCreateMutex( ucQueueType);
if (xMutex) {
xMutex->uxQueueType = ucQueueType;
UBaseType_t uxCounter;
/* This assumption is explained in the queue.c file inside the method body
xQueueGiveMutexRecursive and guards against an underflow error. */
__CPROVER_assume(uxCounter > 0);
xMutex->u.xSemaphore.uxRecursiveCallCount = uxCounter;
xQueueGiveMutexRecursive(xMutex);
}
void harness()
{
uint8_t ucQueueType;
QueueHandle_t xMutex =
xQueueCreateMutex( ucQueueType );
if( xMutex )
{
xMutex->uxQueueType = ucQueueType;
UBaseType_t uxCounter;
/* This assumption is explained in the queue.c file inside the method body
* xQueueGiveMutexRecursive and guards against an underflow error. */
__CPROVER_assume( uxCounter > 0 );
xMutex->u.xSemaphore.uxRecursiveCallCount = uxCounter;
xQueueGiveMutexRecursive( xMutex );
}
}

12
FreeRTOS/Test/CBMC/proofs/Queue/QueueMessagesWaiting/QueueMessagesWaiting_harness.c
View file

@ -32,10 +32,12 @@
#include "cbmc.h"
void harness(){
QueueHandle_t xQueue = pvPortMalloc(sizeof(Queue_t));
void harness()
{
QueueHandle_t xQueue = pvPortMalloc( sizeof( Queue_t ) );
if(xQueue){
uxQueueMessagesWaiting( xQueue );
}
if( xQueue )
{
uxQueueMessagesWaiting( xQueue );
}
}

56
FreeRTOS/Test/CBMC/proofs/Queue/QueuePeek/QueuePeek_harness.c
View file

@ -34,46 +34,52 @@
#include "cbmc.h"
#ifndef LOCK_BOUND
#define LOCK_BOUND 4
#define LOCK_BOUND 4
#endif
#ifndef QUEUE_PEEK_BOUND
#define QUEUE_PEEK_BOUND 4
#define QUEUE_PEEK_BOUND 4
#endif
QueueHandle_t xQueue;
/* This method is called to initialize pxTimeOut.
Setting up the data structure is not interesting for the proof,
but the harness uses it to model a release
on the queue after first check. */
void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut ){
xQueue-> uxMessagesWaiting = nondet_BaseType_t();
* Setting up the data structure is not interesting for the proof,
* but the harness uses it to model a release
* on the queue after first check. */
void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut )
{
xQueue->uxMessagesWaiting = nondet_BaseType_t();
}
void harness(){
xQueue = xUnconstrainedQueueBoundedItemSize(10);
void harness()
{
xQueue = xUnconstrainedQueueBoundedItemSize( 10 );
//Initialise the tasksStubs
vInitTaskCheckForTimeOut(0, QUEUE_PEEK_BOUND - 1);
/*Initialise the tasksStubs */
vInitTaskCheckForTimeOut( 0, QUEUE_PEEK_BOUND - 1 );
TickType_t xTicksToWait;
if(xState == taskSCHEDULER_SUSPENDED){
xTicksToWait = 0;
}
TickType_t xTicksToWait;
if(xQueue){
__CPROVER_assume(xQueue->cTxLock < LOCK_BOUND - 1);
__CPROVER_assume(xQueue->cRxLock < LOCK_BOUND - 1);
if( xState == taskSCHEDULER_SUSPENDED )
{
xTicksToWait = 0;
}
void *pvItemToQueue = pvPortMalloc(xQueue->uxItemSize);
if( xQueue )
{
__CPROVER_assume( xQueue->cTxLock < LOCK_BOUND - 1 );
__CPROVER_assume( xQueue->cRxLock < LOCK_BOUND - 1 );
/* In case malloc fails as this is otherwise an invariant violation. */
if(!pvItemToQueue){
xQueue->uxItemSize = 0;
}
void * pvItemToQueue = pvPortMalloc( xQueue->uxItemSize );
xQueuePeek( xQueue, pvItemToQueue, xTicksToWait );
}
/* In case malloc fails as this is otherwise an invariant violation. */
if( !pvItemToQueue )
{
xQueue->uxItemSize = 0;
}
xQueuePeek( xQueue, pvItemToQueue, xTicksToWait );
}
}

67
FreeRTOS/Test/CBMC/proofs/Queue/QueueReceive/QueueReceive_harness.c
View file

@ -33,56 +33,63 @@
#include "cbmc.h"
/* prvUnlockQueue is going to decrement this value to 0 in the loop.
We need a bound for the loop. Using 4 has a reasonable performance resulting
in 3 unwinding iterations of the loop. The loop is mostly modifying a
data structure in task.c that is not in the scope of the proof. */
* We need a bound for the loop. Using 4 has a reasonable performance resulting
* in 3 unwinding iterations of the loop. The loop is mostly modifying a
* data structure in task.c that is not in the scope of the proof. */
#ifndef LOCK_BOUND
#define LOCK_BOUND 4
#define LOCK_BOUND 4
#endif
/* This code checks for time outs. This value is used to bound the time out
wait period. The stub function xTaskCheckForTimeOut used to model
this wait time will be bounded to this define. */
* wait period. The stub function xTaskCheckForTimeOut used to model
* this wait time will be bounded to this define. */
#ifndef QUEUE_RECEIVE_BOUND
#define QUEUE_RECEIVE_BOUND 4
#define QUEUE_RECEIVE_BOUND 4
#endif
/* If the item size is not bounded, the proof does not finish in a reasonable
time due to the involved memcpy commands. */
* time due to the involved memcpy commands. */
#ifndef MAX_ITEM_SIZE
#define MAX_ITEM_SIZE 20
#define MAX_ITEM_SIZE 20
#endif
QueueHandle_t xQueue;
/* This method is used to model side effects of concurrency.
The initialization of pxTimeOut is not relevant for this harness. */
void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut ){
__CPROVER_assert(__CPROVER_w_ok(&(pxTimeOut->xOverflowCount), sizeof(BaseType_t)), "pxTimeOut should be a valid pointer and xOverflowCount writable");
__CPROVER_assert(__CPROVER_w_ok(&(pxTimeOut->xTimeOnEntering), sizeof(TickType_t)), "pxTimeOut should be a valid pointer and xTimeOnEntering writable");
xQueue->uxMessagesWaiting = nondet_BaseType_t();
* The initialization of pxTimeOut is not relevant for this harness. */
void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut )
{
__CPROVER_assert( __CPROVER_w_ok( &( pxTimeOut->xOverflowCount ), sizeof( BaseType_t ) ), "pxTimeOut should be a valid pointer and xOverflowCount writable" );
__CPROVER_assert( __CPROVER_w_ok( &( pxTimeOut->xTimeOnEntering ), sizeof( TickType_t ) ), "pxTimeOut should be a valid pointer and xTimeOnEntering writable" );
xQueue->uxMessagesWaiting = nondet_BaseType_t();
}
void harness(){
vInitTaskCheckForTimeOut(0, QUEUE_RECEIVE_BOUND - 1);
void harness()
{
vInitTaskCheckForTimeOut( 0, QUEUE_RECEIVE_BOUND - 1 );
xQueue = xUnconstrainedQueueBoundedItemSize(MAX_ITEM_SIZE);
xQueue = xUnconstrainedQueueBoundedItemSize( MAX_ITEM_SIZE );
TickType_t xTicksToWait;
if(xState == taskSCHEDULER_SUSPENDED){
xTicksToWait = 0;
}
TickType_t xTicksToWait;
if(xQueue){
xQueue->cTxLock = LOCK_BOUND - 1;
xQueue->cRxLock = LOCK_BOUND - 1;
void *pvBuffer = pvPortMalloc(xQueue->uxItemSize);
if(!pvBuffer){
xQueue->uxItemSize = 0;
}
xQueueReceive( xQueue, pvBuffer, xTicksToWait );
if( xState == taskSCHEDULER_SUSPENDED )
{
xTicksToWait = 0;
}
if( xQueue )
{
xQueue->cTxLock = LOCK_BOUND - 1;
xQueue->cRxLock = LOCK_BOUND - 1;
void * pvBuffer = pvPortMalloc( xQueue->uxItemSize );
if( !pvBuffer )
{
xQueue->uxItemSize = 0;
}
xQueueReceive( xQueue, pvBuffer, xTicksToWait );
}
}

31
FreeRTOS/Test/CBMC/proofs/Queue/QueueReceiveFromISR/QueueReceiveFromISR_harness.c
View file

@ -32,22 +32,27 @@
#include "cbmc.h"
/* If the item size is not bounded, the proof does not finish in a reasonable
time due to the involved memcpy commands. */
* time due to the involved memcpy commands. */
#ifndef MAX_ITEM_SIZE
#define MAX_ITEM_SIZE 10
#define MAX_ITEM_SIZE 10
#endif
void harness(){
QueueHandle_t xQueue =
xUnconstrainedQueueBoundedItemSize(MAX_ITEM_SIZE);
void harness()
{
QueueHandle_t xQueue =
xUnconstrainedQueueBoundedItemSize( MAX_ITEM_SIZE );
BaseType_t *xHigherPriorityTaskWoken = pvPortMalloc(sizeof(BaseType_t));
BaseType_t * xHigherPriorityTaskWoken = pvPortMalloc( sizeof( BaseType_t ) );
if(xQueue){
void *pvBuffer = pvPortMalloc(xQueue->uxItemSize);
if(!pvBuffer){
xQueue->uxItemSize = 0;
}
xQueueReceiveFromISR( xQueue, pvBuffer, xHigherPriorityTaskWoken );
}
if( xQueue )
{
void * pvBuffer = pvPortMalloc( xQueue->uxItemSize );
if( !pvBuffer )
{
xQueue->uxItemSize = 0;
}
xQueueReceiveFromISR( xQueue, pvBuffer, xHigherPriorityTaskWoken );
}
}

78
FreeRTOS/Test/CBMC/proofs/Queue/QueueSemaphoreTake/QueueSemaphoreTake_harness.c
View file

@ -36,53 +36,57 @@ BaseType_t state;
QueueHandle_t xQueue;
BaseType_t counter;
BaseType_t xTaskGetSchedulerState(void)
BaseType_t xTaskGetSchedulerState( void )
{
return state;
return state;
}
void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut )
{
/* QueueSemaphoreTake might be blocked to wait for
another process to release a token to the semaphore.
This is currently not in the CBMC model. Anyhow,
vTaskInternalSetTimeOutState is set a timeout for
QueueSemaphoreTake operation. We use this to model a successful
release during wait time. */
UBaseType_t bound;
__CPROVER_assume((bound >= 0 && xQueue->uxLength >= bound));
xQueue->uxMessagesWaiting = bound;
/* QueueSemaphoreTake might be blocked to wait for
* another process to release a token to the semaphore.
* This is currently not in the CBMC model. Anyhow,
* vTaskInternalSetTimeOutState is set a timeout for
* QueueSemaphoreTake operation. We use this to model a successful
* release during wait time. */
UBaseType_t bound;
__CPROVER_assume( ( bound >= 0 && xQueue->uxLength >= bound ) );
xQueue->uxMessagesWaiting = bound;
}
void harness()
{
/* Init task stub to make sure that the third loop iteration
simulates a time out */
vInitTaskCheckForTimeOut(0, 3);
/* Init task stub to make sure that the third loop iteration
* simulates a time out */
vInitTaskCheckForTimeOut( 0, 3 );
xQueue = xUnconstrainedMutex();
TickType_t xTicksToWait;
xQueue = xUnconstrainedMutex();
TickType_t xTicksToWait;
if(state == taskSCHEDULER_SUSPENDED){
xTicksToWait = 0;
}
if (xQueue) {
/* Bounding the loop in prvUnlockQueue to
PRV_UNLOCK_QUEUE_BOUND. As the loop is not relevant
in this proof the value might be set to any
positive 8-bit integer value. We subtract one,
because the bound must be one greater than the
amount of loop iterations. */
__CPROVER_assert(PRV_UNLOCK_QUEUE_BOUND > 0, "Make sure, a valid macro value is chosen.");
xQueue->cTxLock = PRV_UNLOCK_QUEUE_BOUND - 1;
xQueue->cRxLock = PRV_UNLOCK_QUEUE_BOUND - 1;
((&(xQueue->xTasksWaitingToReceive))->xListEnd).pxNext->xItemValue = nondet_ticktype();
if( state == taskSCHEDULER_SUSPENDED )
{
xTicksToWait = 0;
}
/* This assumptions is required to prevent an overflow in l. 2057 of queue.c
in the prvGetDisinheritPriorityAfterTimeout() function. */
__CPROVER_assume( (
( UBaseType_t ) listGET_ITEM_VALUE_OF_HEAD_ENTRY( &( xQueue->xTasksWaitingToReceive ) )
<= ( ( UBaseType_t ) configMAX_PRIORITIES)));
xQueueSemaphoreTake(xQueue, xTicksToWait);
}
if( xQueue )
{
/* Bounding the loop in prvUnlockQueue to
* PRV_UNLOCK_QUEUE_BOUND. As the loop is not relevant
* in this proof the value might be set to any
* positive 8-bit integer value. We subtract one,
* because the bound must be one greater than the
* amount of loop iterations. */
__CPROVER_assert( PRV_UNLOCK_QUEUE_BOUND > 0, "Make sure, a valid macro value is chosen." );
xQueue->cTxLock = PRV_UNLOCK_QUEUE_BOUND - 1;
xQueue->cRxLock = PRV_UNLOCK_QUEUE_BOUND - 1;
( ( &( xQueue->xTasksWaitingToReceive ) )->xListEnd ).pxNext->xItemValue = nondet_ticktype();
/* This assumptions is required to prevent an overflow in l. 2057 of queue.c
* in the prvGetDisinheritPriorityAfterTimeout() function. */
__CPROVER_assume( (
( UBaseType_t ) listGET_ITEM_VALUE_OF_HEAD_ENTRY( &( xQueue->xTasksWaitingToReceive ) )
<= ( ( UBaseType_t ) configMAX_PRIORITIES ) ) );
xQueueSemaphoreTake( xQueue, xTicksToWait );
}
}

11
FreeRTOS/Test/CBMC/proofs/Queue/QueueSpacesAvailable/QueueSpacesAvailable_harness.c
View file

@ -31,11 +31,12 @@
#include "queue_init.h"
#include "cbmc.h"
void harness(){
QueueHandle_t xQueue = xUnconstrainedQueue();
void harness()
{
QueueHandle_t xQueue = xUnconstrainedQueue();
// QueueSpacesAvailable asserts nonnull pointer
__CPROVER_assume(xQueue);
/* QueueSpacesAvailable asserts nonnull pointer */
__CPROVER_assume( xQueue );
uxQueueSpacesAvailable( xQueue );
uxQueueSpacesAvailable( xQueue );
}

58
FreeRTOS/Test/CBMC/proofs/Queue/QueueTakeMutexRecursive/QueueTakeMutexRecursive_harness.c
View file

@ -36,36 +36,42 @@ QueueHandle_t xMutex;
void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut )
{
/* QueueSemaphoreTake might be blocked to wait for
another process to release a token to the semaphore.
This is currently not in the CBMC model. Anyhow,
vTaskInternalSetTimeOutState is set a timeout for
QueueSemaphoreTake operation. We use this to model a successful
release during wait time. */
UBaseType_t bound;
__CPROVER_assume((bound >= 0 && xMutex->uxLength >= bound));
xMutex->uxMessagesWaiting = bound;
/* QueueSemaphoreTake might be blocked to wait for
* another process to release a token to the semaphore.
* This is currently not in the CBMC model. Anyhow,
* vTaskInternalSetTimeOutState is set a timeout for
* QueueSemaphoreTake operation. We use this to model a successful
* release during wait time. */
UBaseType_t bound;
__CPROVER_assume( ( bound >= 0 && xMutex->uxLength >= bound ) );
xMutex->uxMessagesWaiting = bound;
}
BaseType_t xTaskGetSchedulerState( void ) {
BaseType_t ret;
__CPROVER_assume(ret != taskSCHEDULER_SUSPENDED);
return ret;
BaseType_t xTaskGetSchedulerState( void )
{
BaseType_t ret;
__CPROVER_assume( ret != taskSCHEDULER_SUSPENDED );
return ret;
}
void harness() {
uint8_t ucQueueType;
xMutex = xQueueCreateMutex(ucQueueType);
TickType_t xTicksToWait;
void harness()
{
uint8_t ucQueueType;
/* Init task stub to make sure that the QueueSemaphoreTake_BOUND - 1
loop iteration simulates a time out */
vInitTaskCheckForTimeOut(0, QueueSemaphoreTake_BOUND - 1);
xMutex = xQueueCreateMutex( ucQueueType );
TickType_t xTicksToWait;
if(xMutex){
xMutex->cTxLock = PRV_UNLOCK_UNWINDING_BOUND - 1;
xMutex->cRxLock = PRV_UNLOCK_UNWINDING_BOUND - 1;
xMutex->uxMessagesWaiting = nondet_UBaseType_t();
xQueueTakeMutexRecursive(xMutex, xTicksToWait);
}
/* Init task stub to make sure that the QueueSemaphoreTake_BOUND - 1
* loop iteration simulates a time out */
vInitTaskCheckForTimeOut( 0, QueueSemaphoreTake_BOUND - 1 );
if( xMutex )
{
xMutex->cTxLock = PRV_UNLOCK_UNWINDING_BOUND - 1;
xMutex->cRxLock = PRV_UNLOCK_UNWINDING_BOUND - 1;
xMutex->uxMessagesWaiting = nondet_UBaseType_t();
xQueueTakeMutexRecursive( xMutex, xTicksToWait );
}
}

38
FreeRTOS/Test/CBMC/proofs/Queue/prvCopyDataToQueue/prvCopyDataToQueue_harness.c
View file

@ -31,24 +31,30 @@
#include "queue_init.h"
#include "cbmc.h"
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue, const void *pvItemToQueue, const BaseType_t xPosition );
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue,
const void * pvItemToQueue,
const BaseType_t xPosition );
void harness(){
QueueHandle_t xQueue = xUnconstrainedQueueBoundedItemSize(10);
void harness()
{
QueueHandle_t xQueue = xUnconstrainedQueueBoundedItemSize( 10 );
if( xQueue ){
void *pvItemToQueue = pvPortMalloc(xQueue->uxItemSize);
if( !pvItemToQueue )
{
xQueue->uxItemSize = 0;
}
if(xQueue->uxItemSize == 0)
{
xQueue->uxQueueType = nondet_int8_t();
}
BaseType_t xPosition;
prvCopyDataToQueue( xQueue, pvItemToQueue, xPosition );
}
if( xQueue )
{
void * pvItemToQueue = pvPortMalloc( xQueue->uxItemSize );
if( !pvItemToQueue )
{
xQueue->uxItemSize = 0;
}
if( xQueue->uxItemSize == 0 )
{
xQueue->uxQueueType = nondet_int8_t();
}
BaseType_t xPosition;
prvCopyDataToQueue( xQueue, pvItemToQueue, xPosition );
}
}

116
FreeRTOS/Test/CBMC/proofs/Queue/prvNotifyQueueSetContainer/prvNotifyQueueSetContainer_harness.c
View file

@ -32,63 +32,81 @@
#include "cbmc.h"
#ifndef LOCK_BOUND
#define LOCK_BOUND 4
#define LOCK_BOUND 4
#endif
BaseType_t prvNotifyQueueSetContainer( const Queue_t * const pxQueue, const BaseType_t xCopyPosition );
BaseType_t prvNotifyQueueSetContainer( const Queue_t * const pxQueue,
const BaseType_t xCopyPosition );
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue, const void *pvItemToQueue, const BaseType_t xPosition )
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue,
const void * pvItemToQueue,
const BaseType_t xPosition )
{
if(pxQueue->uxItemSize > ( UBaseType_t ) 0)
{
__CPROVER_assert(__CPROVER_r_ok(pvItemToQueue, ( size_t ) pxQueue->uxItemSize), "pvItemToQueue region must be readable");
if(xPosition == queueSEND_TO_BACK){
__CPROVER_assert(__CPROVER_w_ok(( void * ) pxQueue->pcWriteTo, ( size_t ) pxQueue->uxItemSize), "pxQueue->pcWriteTo region must be writable");
}else{
__CPROVER_assert(__CPROVER_w_ok(( void * ) pxQueue->u.xQueue.pcReadFrom, ( size_t ) pxQueue->uxItemSize), "pxQueue->u.xQueue.pcReadFrom region must be writable");
}
return pdFALSE;
}else
{
return nondet_BaseType_t();
}
if( pxQueue->uxItemSize > ( UBaseType_t ) 0 )
{
__CPROVER_assert( __CPROVER_r_ok( pvItemToQueue, ( size_t ) pxQueue->uxItemSize ), "pvItemToQueue region must be readable" );
if( xPosition == queueSEND_TO_BACK )
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->pcWriteTo, ( size_t ) pxQueue->uxItemSize ), "pxQueue->pcWriteTo region must be writable" );
}
else
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->u.xQueue.pcReadFrom, ( size_t ) pxQueue->uxItemSize ), "pxQueue->u.xQueue.pcReadFrom region must be writable" );
}
return pdFALSE;
}
else
{
return nondet_BaseType_t();
}
}
QueueSetHandle_t xUnconstrainedQueueSet()
{
UBaseType_t uxEventQueueLength = 2;
QueueSetHandle_t xSet = xQueueCreateSet(uxEventQueueLength);
if( xSet )
{
xSet->cTxLock = nondet_int8_t();
__CPROVER_assume(xSet->cTxLock != 127);
xSet->cRxLock = nondet_int8_t();
xSet->uxMessagesWaiting = nondet_UBaseType_t();
xSet->xTasksWaitingToReceive.uxNumberOfItems = nondet_UBaseType_t();
xSet->xTasksWaitingToSend.uxNumberOfItems = nondet_UBaseType_t();
}
return xSet;
UBaseType_t uxEventQueueLength = 2;
QueueSetHandle_t xSet = xQueueCreateSet( uxEventQueueLength );
if( xSet )
{
xSet->cTxLock = nondet_int8_t();
__CPROVER_assume( xSet->cTxLock != 127 );
xSet->cRxLock = nondet_int8_t();
xSet->uxMessagesWaiting = nondet_UBaseType_t();
xSet->xTasksWaitingToReceive.uxNumberOfItems = nondet_UBaseType_t();
xSet->xTasksWaitingToSend.uxNumberOfItems = nondet_UBaseType_t();
}
return xSet;
}
void harness(){
UBaseType_t uxQueueLength;
UBaseType_t uxItemSize;
uint8_t ucQueueType;
__CPROVER_assume(uxQueueLength > 0);
__CPROVER_assume(uxItemSize < 10);
/* The implicit assumption for the QueueGenericCreate method is,
that there are no overflows in the computation and the inputs are safe.
There is no check for this in the code base */
UBaseType_t upper_bound = portMAX_DELAY - sizeof(Queue_t);
__CPROVER_assume(uxItemSize < (upper_bound)/uxQueueLength);
QueueHandle_t xQueue =
xQueueGenericCreate(uxQueueLength, uxItemSize, ucQueueType);
if( xQueue ){
xQueueAddToSet(xQueue, xUnconstrainedQueueSet());
if(xQueue->pxQueueSetContainer) {
__CPROVER_assume(xQueue->pxQueueSetContainer->uxMessagesWaiting < xQueue->pxQueueSetContainer->uxLength);
BaseType_t xCopyPosition = nondet_BaseType_t();
prvNotifyQueueSetContainer(xQueue, xCopyPosition );
}
}
void harness()
{
UBaseType_t uxQueueLength;
UBaseType_t uxItemSize;
uint8_t ucQueueType;
__CPROVER_assume( uxQueueLength > 0 );
__CPROVER_assume( uxItemSize < 10 );
/* The implicit assumption for the QueueGenericCreate method is,
* that there are no overflows in the computation and the inputs are safe.
* There is no check for this in the code base */
UBaseType_t upper_bound = portMAX_DELAY - sizeof( Queue_t );
__CPROVER_assume( uxItemSize < ( upper_bound ) / uxQueueLength );
QueueHandle_t xQueue =
xQueueGenericCreate( uxQueueLength, uxItemSize, ucQueueType );
if( xQueue )
{
xQueueAddToSet( xQueue, xUnconstrainedQueueSet() );
if( xQueue->pxQueueSetContainer )
{
__CPROVER_assume( xQueue->pxQueueSetContainer->uxMessagesWaiting < xQueue->pxQueueSetContainer->uxLength );
BaseType_t xCopyPosition = nondet_BaseType_t();
prvNotifyQueueSetContainer( xQueue, xCopyPosition );
}
}
}

131
FreeRTOS/Test/CBMC/proofs/Queue/prvUnlockQueue/prvUnlockQueue_harness.c
View file

@ -33,72 +33,89 @@
#include "cbmc.h"
#ifndef LOCK_BOUND
#define LOCK_BOUND 4
#define LOCK_BOUND 4
#endif
void prvUnlockQueue( Queue_t * const pxQueue );
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue, const void *pvItemToQueue, const BaseType_t xPosition )
BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue,
const void * pvItemToQueue,
const BaseType_t xPosition )
{
if(pxQueue->uxItemSize > ( UBaseType_t ) 0)
{
__CPROVER_assert(__CPROVER_r_ok(pvItemToQueue, ( size_t ) pxQueue->uxItemSize), "pvItemToQueue region must be readable");
if(xPosition == queueSEND_TO_BACK){
__CPROVER_assert(__CPROVER_w_ok(( void * ) pxQueue->pcWriteTo, ( size_t ) pxQueue->uxItemSize), "pxQueue->pcWriteTo region must be writable");
}else{
__CPROVER_assert(__CPROVER_w_ok(( void * ) pxQueue->u.xQueue.pcReadFrom, ( size_t ) pxQueue->uxItemSize), "pxQueue->u.xQueue.pcReadFrom region must be writable");
}
return pdFALSE;
}else
{
return nondet_BaseType_t();
}
if( pxQueue->uxItemSize > ( UBaseType_t ) 0 )
{
__CPROVER_assert( __CPROVER_r_ok( pvItemToQueue, ( size_t ) pxQueue->uxItemSize ), "pvItemToQueue region must be readable" );
if( xPosition == queueSEND_TO_BACK )
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->pcWriteTo, ( size_t ) pxQueue->uxItemSize ), "pxQueue->pcWriteTo region must be writable" );
}
else
{
__CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->u.xQueue.pcReadFrom, ( size_t ) pxQueue->uxItemSize ), "pxQueue->u.xQueue.pcReadFrom region must be writable" );
}
return pdFALSE;
}
else
{
return nondet_BaseType_t();
}
}
QueueSetHandle_t xUnconstrainedQueueSet()
{
UBaseType_t uxEventQueueLength = 2;
QueueSetHandle_t xSet = xQueueCreateSet(uxEventQueueLength);
if( xSet )
{
xSet->cTxLock = nondet_int8_t();
__CPROVER_assume( xSet->cTxLock != 127 );
xSet->cRxLock = nondet_int8_t();
xSet->uxMessagesWaiting = nondet_UBaseType_t();
xSet->xTasksWaitingToReceive.uxNumberOfItems = nondet_UBaseType_t();
/* This is an invariant checked with a couple of asserts in the code base.
If it is false from the beginning, there is no chance for the proof to succeed*/
__CPROVER_assume(xSet->uxMessagesWaiting < xSet->uxLength);
xSet->xTasksWaitingToSend.uxNumberOfItems = nondet_UBaseType_t();
}
return xSet;
UBaseType_t uxEventQueueLength = 2;
QueueSetHandle_t xSet = xQueueCreateSet( uxEventQueueLength );
if( xSet )
{
xSet->cTxLock = nondet_int8_t();
__CPROVER_assume( xSet->cTxLock != 127 );
xSet->cRxLock = nondet_int8_t();
xSet->uxMessagesWaiting = nondet_UBaseType_t();
xSet->xTasksWaitingToReceive.uxNumberOfItems = nondet_UBaseType_t();
/* This is an invariant checked with a couple of asserts in the code base.
* If it is false from the beginning, there is no chance for the proof to succeed*/
__CPROVER_assume( xSet->uxMessagesWaiting < xSet->uxLength );
xSet->xTasksWaitingToSend.uxNumberOfItems = nondet_UBaseType_t();
}
return xSet;
}
void harness(){
UBaseType_t uxQueueLength;
UBaseType_t uxItemSize;
uint8_t ucQueueType;
__CPROVER_assume(uxQueueLength > 0);
__CPROVER_assume(uxItemSize < 10);
/* The implicit assumption for the QueueGenericCreate method is,
that there are no overflows in the computation and the inputs are safe.
There is no check for this in the code base */
UBaseType_t upper_bound = portMAX_DELAY - sizeof(Queue_t);
__CPROVER_assume(uxItemSize < (upper_bound)/uxQueueLength);
QueueHandle_t xQueue =
xQueueGenericCreate(uxQueueLength, uxItemSize, ucQueueType);
if(xQueue){
xQueue->cTxLock = LOCK_BOUND - 1;
xQueue->cRxLock = LOCK_BOUND - 1;
xQueue->uxMessagesWaiting = nondet_UBaseType_t();
/* This is an invariant checked with a couple of asserts in the code base.
If it is false from the beginning, there is no chance for the proof to succeed*/
__CPROVER_assume(xQueue->uxMessagesWaiting < xQueue->uxLength);
xQueue->xTasksWaitingToReceive.uxNumberOfItems = nondet_UBaseType_t();
xQueue->xTasksWaitingToSend.uxNumberOfItems = nondet_UBaseType_t();
#if( configUSE_QUEUE_SETS == 1)
xQueueAddToSet(xQueue, xUnconstrainedQueueSet());
#endif
prvUnlockQueue(xQueue);
}
void harness()
{
UBaseType_t uxQueueLength;
UBaseType_t uxItemSize;
uint8_t ucQueueType;
__CPROVER_assume( uxQueueLength > 0 );
__CPROVER_assume( uxItemSize < 10 );
/* The implicit assumption for the QueueGenericCreate method is,
* that there are no overflows in the computation and the inputs are safe.
* There is no check for this in the code base */
UBaseType_t upper_bound = portMAX_DELAY - sizeof( Queue_t );
__CPROVER_assume( uxItemSize < ( upper_bound ) / uxQueueLength );
QueueHandle_t xQueue =
xQueueGenericCreate( uxQueueLength, uxItemSize, ucQueueType );
if( xQueue )
{
xQueue->cTxLock = LOCK_BOUND - 1;
xQueue->cRxLock = LOCK_BOUND - 1;
xQueue->uxMessagesWaiting = nondet_UBaseType_t();
/* This is an invariant checked with a couple of asserts in the code base.
* If it is false from the beginning, there is no chance for the proof to succeed*/
__CPROVER_assume( xQueue->uxMessagesWaiting < xQueue->uxLength );
xQueue->xTasksWaitingToReceive.uxNumberOfItems = nondet_UBaseType_t();
xQueue->xTasksWaitingToSend.uxNumberOfItems = nondet_UBaseType_t();
#if ( configUSE_QUEUE_SETS == 1 )
xQueueAddToSet( xQueue, xUnconstrainedQueueSet() );
#endif
prvUnlockQueue( xQueue );
}
}