mirror of
https://github.com/FreeRTOS/FreeRTOS-Kernel.git
synced 2025-12-11 22:25:14 -05:00
Copied modified source and header files to proof subdirectory.
This commit is contained in:
Tobias Reinhard
parent
2e78ed5884
commit
cc7ed1e3eb
6 changed files with 12500 additions and 0 deletions
208
Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h
Normal file
208
Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h
Normal file
|
|
@ -0,0 +1,208 @@
|
|||
/*
|
||||
* FreeRTOS SMP Kernel V202110.00
|
||||
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
* this software and associated documentation files (the "Software"), to deal in
|
||||
* the Software without restriction, including without limitation the rights to
|
||||
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||
* the Software, and to permit persons to whom the Software is furnished to do so,
|
||||
* subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
*
|
||||
* https://www.FreeRTOS.org
|
||||
* https://github.com/FreeRTOS
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef STACK_MACROS_H
|
||||
#define STACK_MACROS_H
|
||||
|
||||
/*
|
||||
* Call the stack overflow hook function if the stack of the task being swapped
|
||||
* out is currently overflowed, or looks like it might have overflowed in the
|
||||
* past.
|
||||
*
|
||||
* Setting configCHECK_FOR_STACK_OVERFLOW to 1 will cause the macro to check
|
||||
* the current stack state only - comparing the current top of stack value to
|
||||
* the stack limit. Setting configCHECK_FOR_STACK_OVERFLOW to greater than 1
|
||||
* will also cause the last few stack bytes to be checked to ensure the value
|
||||
* to which the bytes were set when the task was created have not been
|
||||
* overwritten. Note this second test does not guarantee that an overflowed
|
||||
* stack will always be recognised.
|
||||
*/
|
||||
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
/*
|
||||
* portSTACK_LIMIT_PADDING is a number of extra words to consider to be in
|
||||
* use on the stack.
|
||||
*/
|
||||
#ifndef portSTACK_LIMIT_PADDING
|
||||
#define portSTACK_LIMIT_PADDING 0
|
||||
#endif
|
||||
|
||||
#if ( ( configCHECK_FOR_STACK_OVERFLOW == 1 ) && ( portSTACK_GROWTH < 0 ) )
|
||||
|
||||
/* Only the current stack state is to be checked. */
|
||||
#define taskCHECK_FOR_STACK_OVERFLOW() \
|
||||
{ \
|
||||
/* Is the currently saved stack pointer within the stack limit? */ \
|
||||
if( pxCurrentTCB->pxTopOfStack <= pxCurrentTCB->pxStack + portSTACK_LIMIT_PADDING ) \
|
||||
{ \
|
||||
vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \
|
||||
} \
|
||||
}
|
||||
|
||||
#endif /* configCHECK_FOR_STACK_OVERFLOW == 1 */
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
#if ( ( configCHECK_FOR_STACK_OVERFLOW == 1 ) && ( portSTACK_GROWTH > 0 ) )
|
||||
|
||||
/* Only the current stack state is to be checked. */
|
||||
#define taskCHECK_FOR_STACK_OVERFLOW() \
|
||||
{ \
|
||||
\
|
||||
/* Is the currently saved stack pointer within the stack limit? */ \
|
||||
if( pxCurrentTCB->pxTopOfStack >= pxCurrentTCB->pxEndOfStack - portSTACK_LIMIT_PADDING ) \
|
||||
{ \
|
||||
vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \
|
||||
} \
|
||||
}
|
||||
|
||||
#endif /* configCHECK_FOR_STACK_OVERFLOW == 1 */
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
#if ( ( configCHECK_FOR_STACK_OVERFLOW > 1 ) && ( portSTACK_GROWTH < 0 ) )
|
||||
|
||||
/* TODO: Convert this macro into a function such that we can insert proof annotations.
|
||||
*/
|
||||
#ifdef VERIFAST
|
||||
/* Reason for rewrite:
|
||||
* VeriFast complains about unspecified evaluation order of
|
||||
* - `pxCurrentTCB->pxStack`
|
||||
* - `vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName );`
|
||||
*
|
||||
*/
|
||||
#define taskCHECK_FOR_STACK_OVERFLOW() VF__taskCHECK_FOR_STACK_OVERFLOW()
|
||||
|
||||
void VF__taskCHECK_FOR_STACK_OVERFLOW()
|
||||
/*@ requires prvSeg_TCB_p(?gCurrentTCB, ?ulFreeBytesOnStack) &*&
|
||||
coreLocalSeg_TCB_p(gCurrentTCB, ?uxCriticalNesting) &*&
|
||||
// chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()`
|
||||
interruptState_p(coreID_f(), ?state) &*&
|
||||
interruptsDisabled_f(state) == true &*&
|
||||
pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB);
|
||||
@*/
|
||||
/*@ ensures prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack) &*&
|
||||
coreLocalSeg_TCB_p(gCurrentTCB, uxCriticalNesting) &*&
|
||||
// chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()`
|
||||
interruptState_p(coreID_f(), state) &*&
|
||||
interruptsDisabled_f(state) == true &*&
|
||||
pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB); \
|
||||
@*/ \
|
||||
{ \
|
||||
/*@ open prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \
|
||||
/*@ assert( stack_p_2(?pxStack, ?ulStackDepth, ?pxTopOfStack, \
|
||||
?ulFreeBytes, ?ulUsedCells, ?ulUnalignedBytes) ); \
|
||||
@*/ \
|
||||
/*@ open stack_p_2(_, _, _, _, _, _); @*/ \
|
||||
/* The detour below allows us to skip proving that `ulFreeBytes` \
|
||||
* is a multiple of `sizeof(StackType_t)`. \
|
||||
*/ \
|
||||
/*@ integers__to_chars(pxTopOfStack+1); @*/ \
|
||||
/*@ chars_join((char*) pxStack); @*/ \
|
||||
/*@ chars_to_integers_(pxStack, sizeof(StackType_t), false, 4); @*/ \
|
||||
TCB_t* tcb0 = pxCurrentTCB; \
|
||||
const uint32_t * const pulStack = ( uint32_t * ) tcb0->pxStack; \
|
||||
const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; \
|
||||
\
|
||||
/*@ bool gOverflow = false; @*/ \
|
||||
if( ( pulStack[ 0 ] != ulCheckValue ) || \
|
||||
( pulStack[ 1 ] != ulCheckValue ) || \
|
||||
( pulStack[ 2 ] != ulCheckValue ) || \
|
||||
( pulStack[ 3 ] != ulCheckValue ) ) \
|
||||
{ \
|
||||
/*@ gOverflow = true; @*/ \
|
||||
/*@ integers__to_chars(pxStack); @*/ \
|
||||
/*@ chars_join((char*) pxStack); @*/ \
|
||||
/*@ chars_split((char*) pxStack, ulFreeBytesOnStack); @*/ \
|
||||
/*@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, \
|
||||
ulFreeBytes, ulUsedCells, ulUnalignedBytes); \
|
||||
@*/ \
|
||||
/*@ close prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \
|
||||
TCB_t* tcb1 = pxCurrentTCB; \
|
||||
TCB_t* tcb2 = pxCurrentTCB; \
|
||||
vApplicationStackOverflowHook( ( TaskHandle_t ) tcb1, tcb2->pcTaskName ); \
|
||||
} \
|
||||
/*@ \
|
||||
if(!gOverflow) { \
|
||||
integers__to_chars(pxStack); \
|
||||
chars_join((char*) pxStack); \
|
||||
chars_split((char*) pxStack, ulFreeBytesOnStack); \
|
||||
close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, \
|
||||
ulFreeBytes, ulUsedCells, ulUnalignedBytes); \
|
||||
close prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); \
|
||||
} \
|
||||
@*/ \
|
||||
}
|
||||
#else
|
||||
#define taskCHECK_FOR_STACK_OVERFLOW() \
|
||||
{ \
|
||||
const uint32_t * const pulStack = ( uint32_t * ) pxCurrentTCB->pxStack; \
|
||||
const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; \
|
||||
\
|
||||
if( ( pulStack[ 0 ] != ulCheckValue ) || \
|
||||
( pulStack[ 1 ] != ulCheckValue ) || \
|
||||
( pulStack[ 2 ] != ulCheckValue ) || \
|
||||
( pulStack[ 3 ] != ulCheckValue ) ) \
|
||||
{ \
|
||||
vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \
|
||||
} \
|
||||
}
|
||||
#endif /* VERIFAST */
|
||||
|
||||
#endif /* #if( configCHECK_FOR_STACK_OVERFLOW > 1 ) */
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
#if ( ( configCHECK_FOR_STACK_OVERFLOW > 1 ) && ( portSTACK_GROWTH > 0 ) )
|
||||
|
||||
#define taskCHECK_FOR_STACK_OVERFLOW() \
|
||||
{ \
|
||||
int8_t * pcEndOfStack = ( int8_t * ) pxCurrentTCB->pxEndOfStack; \
|
||||
static const uint8_t ucExpectedStackBytes[] = { tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \
|
||||
tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \
|
||||
tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \
|
||||
tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \
|
||||
tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE }; \
|
||||
\
|
||||
\
|
||||
pcEndOfStack -= sizeof( ucExpectedStackBytes ); \
|
||||
\
|
||||
/* Has the extremity of the task stack ever been written over? */ \
|
||||
if( memcmp( ( void * ) pcEndOfStack, ( void * ) ucExpectedStackBytes, sizeof( ucExpectedStackBytes ) ) != 0 ) \
|
||||
{ \
|
||||
vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \
|
||||
} \
|
||||
}
|
||||
|
||||
#endif /* #if( configCHECK_FOR_STACK_OVERFLOW > 1 ) */
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
/* Remove stack overflow macro if not being used. */
|
||||
#ifndef taskCHECK_FOR_STACK_OVERFLOW
|
||||
#define taskCHECK_FOR_STACK_OVERFLOW()
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
#endif /* STACK_MACROS_H */
|
||||
Loading…
Add table
Add a link
Reference in a new issue