mirror of
				https://github.com/FreeRTOS/FreeRTOS-Kernel.git
				synced 2025-10-25 06:07:49 -04:00 
			
		
		
		
	* Update History.txt and README.md for December release (#744) * Update History.txt and README.md for release * Bump mbedtls submodule to v2.28.0 (#745) * Patch project files for mbedtls (#751) * Apply group 1 patches * Apply patches for group 2 * Update project files for mbedTLS new version Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com> * Fix warnings in projects Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com> * Fix warnings in HTTP_S3_Download demo Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com> Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com> * Update changelog and history for corePKCS11 update (#752) * Update submodule pointer and manifest.yml for corePKCS11 (#754) * Update readme and history.txt to show that Sigv4 is a newly added library (#756) * Revert update to v143 of VS toolset (#757) * [AUTO][RELEASE]: Bump file header version to "202112.00" * Update file headers to satisfy core checks Co-authored-by: Muneeb Ahmed <54290492+muneebahmed10@users.noreply.github.com> Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com> Co-authored-by: johnrhen <johnrhen@users.noreply.github.com>
		
			
				
	
	
		
			121 lines
		
	
	
	
		
			4.4 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			121 lines
		
	
	
	
		
			4.4 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * FreeRTOS memory safety proofs with CBMC.
 | |
|  * Copyright (C) 2019 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
 | |
|  *
 | |
|  * Permission is hereby granted, free of charge, to any person
 | |
|  * obtaining a copy of this software and associated documentation
 | |
|  * files (the "Software"), to deal in the Software without
 | |
|  * restriction, including without limitation the rights to use, copy,
 | |
|  * modify, merge, publish, distribute, sublicense, and/or sell copies
 | |
|  * of the Software, and to permit persons to whom the Software is
 | |
|  * furnished to do so, subject to the following conditions:
 | |
|  *
 | |
|  * The above copyright notice and this permission notice shall be
 | |
|  * included in all copies or substantial portions of the Software.
 | |
|  *
 | |
|  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 | |
|  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 | |
|  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 | |
|  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
 | |
|  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
 | |
|  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 | |
|  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 | |
|  * SOFTWARE.
 | |
|  *
 | |
|  * https://aws.amazon.com/freertos
 | |
|  * https://www.FreeRTOS.org
 | |
|  */
 | |
| 
 | |
| #include "FreeRTOS.h"
 | |
| #include "queue.h"
 | |
| #include "queue_datastructure.h"
 | |
| 
 | |
| #include "cbmc.h"
 | |
| 
 | |
| #ifndef LOCK_BOUND
 | |
|     #define LOCK_BOUND    4
 | |
| #endif
 | |
| 
 | |
| void prvUnlockQueue( Queue_t * const pxQueue );
 | |
| 
 | |
| BaseType_t prvCopyDataToQueue( Queue_t * const pxQueue,
 | |
|                                const void * pvItemToQueue,
 | |
|                                const BaseType_t xPosition )
 | |
| {
 | |
|     if( pxQueue->uxItemSize > ( UBaseType_t ) 0 )
 | |
|     {
 | |
|         __CPROVER_assert( __CPROVER_r_ok( pvItemToQueue, ( size_t ) pxQueue->uxItemSize ), "pvItemToQueue region must be readable" );
 | |
| 
 | |
|         if( xPosition == queueSEND_TO_BACK )
 | |
|         {
 | |
|             __CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->pcWriteTo, ( size_t ) pxQueue->uxItemSize ), "pxQueue->pcWriteTo region must be writable" );
 | |
|         }
 | |
|         else
 | |
|         {
 | |
|             __CPROVER_assert( __CPROVER_w_ok( ( void * ) pxQueue->u.xQueue.pcReadFrom, ( size_t ) pxQueue->uxItemSize ), "pxQueue->u.xQueue.pcReadFrom region must be writable" );
 | |
|         }
 | |
| 
 | |
|         return pdFALSE;
 | |
|     }
 | |
|     else
 | |
|     {
 | |
|         return nondet_BaseType_t();
 | |
|     }
 | |
| }
 | |
| 
 | |
| QueueSetHandle_t xUnconstrainedQueueSet()
 | |
| {
 | |
|     UBaseType_t uxEventQueueLength = 2;
 | |
|     QueueSetHandle_t xSet = xQueueCreateSet( uxEventQueueLength );
 | |
| 
 | |
|     if( xSet )
 | |
|     {
 | |
|         xSet->cTxLock = nondet_int8_t();
 | |
|         __CPROVER_assume( xSet->cTxLock != 127 );
 | |
|         xSet->cRxLock = nondet_int8_t();
 | |
|         xSet->uxMessagesWaiting = nondet_UBaseType_t();
 | |
|         xSet->xTasksWaitingToReceive.uxNumberOfItems = nondet_UBaseType_t();
 | |
| 
 | |
|         /* This is an invariant checked with a couple of asserts in the code base.
 | |
|          * If it is false from the beginning, there is no chance for the proof to succeed*/
 | |
|         __CPROVER_assume( xSet->uxMessagesWaiting < xSet->uxLength );
 | |
|         xSet->xTasksWaitingToSend.uxNumberOfItems = nondet_UBaseType_t();
 | |
|     }
 | |
| 
 | |
|     return xSet;
 | |
| }
 | |
| 
 | |
| void harness()
 | |
| {
 | |
|     UBaseType_t uxQueueLength;
 | |
|     UBaseType_t uxItemSize;
 | |
|     uint8_t ucQueueType;
 | |
| 
 | |
|     __CPROVER_assume( uxQueueLength > 0 );
 | |
|     __CPROVER_assume( uxItemSize < 10 );
 | |
| 
 | |
|     /* The implicit assumption for the QueueGenericCreate method is,
 | |
|      * that there are no overflows in the computation and the inputs are safe.
 | |
|      * There is no check for this in the code base */
 | |
|     UBaseType_t upper_bound = portMAX_DELAY - sizeof( Queue_t );
 | |
|     __CPROVER_assume( uxItemSize < ( upper_bound ) / uxQueueLength );
 | |
|     QueueHandle_t xQueue =
 | |
|         xQueueGenericCreate( uxQueueLength, uxItemSize, ucQueueType );
 | |
| 
 | |
|     if( xQueue )
 | |
|     {
 | |
|         xQueue->cTxLock = LOCK_BOUND - 1;
 | |
|         xQueue->cRxLock = LOCK_BOUND - 1;
 | |
|         xQueue->uxMessagesWaiting = nondet_UBaseType_t();
 | |
| 
 | |
|         /* This is an invariant checked with a couple of asserts in the code base.
 | |
|          * If it is false from the beginning, there is no chance for the proof to succeed*/
 | |
|         __CPROVER_assume( xQueue->uxMessagesWaiting < xQueue->uxLength );
 | |
|         xQueue->xTasksWaitingToReceive.uxNumberOfItems = nondet_UBaseType_t();
 | |
|         xQueue->xTasksWaitingToSend.uxNumberOfItems = nondet_UBaseType_t();
 | |
|         #if ( configUSE_QUEUE_SETS == 1 )
 | |
|             xQueueAddToSet( xQueue, xUnconstrainedQueueSet() );
 | |
|         #endif
 | |
|         prvUnlockQueue( xQueue );
 | |
|     }
 | |
| }
 |