Added new stack predicate that reflects the forced alignment of the stack pointer.

2025-12-12 14:45:09 -05:00 · 2022-11-01 15:24:42 -04:00 · 2022-11-01 15:24:42 -04:00 · af090b252d
commit af090b252d
parent ead381f413
5 changed files with 221 additions and 48 deletions
--- a/verification/verifast/proof/stack_predicates.h
+++ b/verification/verifast/proof/stack_predicates.h
@ -2,6 +2,29 @@
 #define STACK_PREDICATES


+/*@
+// Represents a stack that grows down (cf. RP2040 stack)
+predicate stack_p_2(StackType_t * pxStack, 
+                    uint32_t ulStackDepth, 
+                    StackType_t * pxTopOfStack, 
+                    uint32_t ulFreeBytes,
+                    uint32_t ulUsedCells,
+                    uint32_t ulUnalignedBytes) =
+    // Free stack cells. The size of this memory block is not necessarily a 
+    // multiple of sizeof(StackType_t), due to bitvector arithmetic.
+    // At least, we cannot prove it.
+    chars((char*) pxStack, ulFreeBytes, _) &*&
+    //integer_(pxTopOfStack + sizeof(StackType_t), sizeof(StackType_t), false, _) &*&;
+
+    // If there is any free memory left in this stack,
+    // pxTopOfStack points to the last sizeof(StackType_t) number of bytes.
+    (char*) pxStack + ulFreeBytes == (char*) pxTopOfStack + sizeof(StackType_t) &*&
+    // Used stack cells
+    integers_(pxTopOfStack + sizeof(StackType_t), sizeof(StackType_t), false, ulUsedCells, _) &*&
+    // Unaligned rest
+    chars((char*) pxTopOfStack + sizeof(StackType_t) * (ulUsedCells + 1), ulUnalignedBytes, _);
+@*/
+
 /*@
 // Represents a stack that grows down (cf. RP2040 stack)
 predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t freeCells) =